diff options
author | Matthias Dieter Wallnöfer <mdw@samba.org> | 2010-06-18 21:10:19 +0200 |
---|---|---|
committer | Matthias Dieter Wallnöfer <mdw@samba.org> | 2010-06-19 17:53:18 +0200 |
commit | 7f46a91e7764766460cb374b5cc65e769184d91f (patch) | |
tree | e9af299b16bc71d76185a70b3762754a4e9a470e | |
parent | 72e14ea8bd47695dcdf1a3c8ee3a017c6d2e4d5c (diff) | |
download | samba-7f46a91e7764766460cb374b5cc65e769184d91f.tar.gz samba-7f46a91e7764766460cb374b5cc65e769184d91f.tar.bz2 samba-7f46a91e7764766460cb374b5cc65e769184d91f.zip |
s4:rootdse LDB module - protect add and delete operations on the rootdse entry
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/rootdse.c | 38 |
1 files changed, 34 insertions, 4 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index d24ed42a38..7c1a4f4b8f 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -960,9 +960,24 @@ static int rootdse_schemaupdatenow(struct ldb_module *module, struct ldb_request return ldb_module_done(req, NULL, NULL, ret); } +static int rootdse_add(struct ldb_module *module, struct ldb_request *req) +{ + struct ldb_context *ldb = ldb_module_get_ctx(module); + + /* + If dn is not "" we should let it pass through + */ + if (!ldb_dn_is_null(req->op.add.message->dn)) { + return ldb_next_request(module, req); + } + + ldb_set_errstring(ldb, "rootdse_add: you cannot add a new rootdse entry!"); + return LDB_ERR_NAMING_VIOLATION; +} + static int rootdse_modify(struct ldb_module *module, struct ldb_request *req) { - struct ldb_context *ldb; + struct ldb_context *ldb = ldb_module_get_ctx(module); /* If dn is not "" we should let it pass through @@ -971,8 +986,6 @@ static int rootdse_modify(struct ldb_module *module, struct ldb_request *req) return ldb_next_request(module, req); } - ldb = ldb_module_get_ctx(module); - /* dn is empty so check for schemaUpdateNow attribute "The type of modification and values specified in the LDAP modify operation do not matter." MSDN @@ -989,10 +1002,27 @@ static int rootdse_modify(struct ldb_module *module, struct ldb_request *req) return LDB_ERR_UNWILLING_TO_PERFORM; } +static int rootdse_delete(struct ldb_module *module, struct ldb_request *req) +{ + struct ldb_context *ldb = ldb_module_get_ctx(module); + + /* + If dn is not "" we should let it pass through + */ + if (!ldb_dn_is_null(req->op.del.dn)) { + return ldb_next_request(module, req); + } + + ldb_set_errstring(ldb, "rootdse_remove: you cannot delete the rootdse entry!"); + return LDB_ERR_NO_SUCH_OBJECT; +} + _PUBLIC_ const struct ldb_module_ops ldb_rootdse_module_ops = { .name = "rootdse", .init_context = rootdse_init, .search = rootdse_search, .request = rootdse_request, - .modify = rootdse_modify + .add = rootdse_add, + .modify = rootdse_modify, + .del = rootdse_delete }; |