summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthias Dieter Wallnöfer <mdw@samba.org>2010-06-18 21:10:19 +0200
committerMatthias Dieter Wallnöfer <mdw@samba.org>2010-06-19 17:53:18 +0200
commit7f46a91e7764766460cb374b5cc65e769184d91f (patch)
treee9af299b16bc71d76185a70b3762754a4e9a470e
parent72e14ea8bd47695dcdf1a3c8ee3a017c6d2e4d5c (diff)
downloadsamba-7f46a91e7764766460cb374b5cc65e769184d91f.tar.gz
samba-7f46a91e7764766460cb374b5cc65e769184d91f.tar.bz2
samba-7f46a91e7764766460cb374b5cc65e769184d91f.zip
s4:rootdse LDB module - protect add and delete operations on the rootdse entry
-rw-r--r--source4/dsdb/samdb/ldb_modules/rootdse.c38
1 files changed, 34 insertions, 4 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c
index d24ed42a38..7c1a4f4b8f 100644
--- a/source4/dsdb/samdb/ldb_modules/rootdse.c
+++ b/source4/dsdb/samdb/ldb_modules/rootdse.c
@@ -960,9 +960,24 @@ static int rootdse_schemaupdatenow(struct ldb_module *module, struct ldb_request
return ldb_module_done(req, NULL, NULL, ret);
}
+static int rootdse_add(struct ldb_module *module, struct ldb_request *req)
+{
+ struct ldb_context *ldb = ldb_module_get_ctx(module);
+
+ /*
+ If dn is not "" we should let it pass through
+ */
+ if (!ldb_dn_is_null(req->op.add.message->dn)) {
+ return ldb_next_request(module, req);
+ }
+
+ ldb_set_errstring(ldb, "rootdse_add: you cannot add a new rootdse entry!");
+ return LDB_ERR_NAMING_VIOLATION;
+}
+
static int rootdse_modify(struct ldb_module *module, struct ldb_request *req)
{
- struct ldb_context *ldb;
+ struct ldb_context *ldb = ldb_module_get_ctx(module);
/*
If dn is not "" we should let it pass through
@@ -971,8 +986,6 @@ static int rootdse_modify(struct ldb_module *module, struct ldb_request *req)
return ldb_next_request(module, req);
}
- ldb = ldb_module_get_ctx(module);
-
/*
dn is empty so check for schemaUpdateNow attribute
"The type of modification and values specified in the LDAP modify operation do not matter." MSDN
@@ -989,10 +1002,27 @@ static int rootdse_modify(struct ldb_module *module, struct ldb_request *req)
return LDB_ERR_UNWILLING_TO_PERFORM;
}
+static int rootdse_delete(struct ldb_module *module, struct ldb_request *req)
+{
+ struct ldb_context *ldb = ldb_module_get_ctx(module);
+
+ /*
+ If dn is not "" we should let it pass through
+ */
+ if (!ldb_dn_is_null(req->op.del.dn)) {
+ return ldb_next_request(module, req);
+ }
+
+ ldb_set_errstring(ldb, "rootdse_remove: you cannot delete the rootdse entry!");
+ return LDB_ERR_NO_SUCH_OBJECT;
+}
+
_PUBLIC_ const struct ldb_module_ops ldb_rootdse_module_ops = {
.name = "rootdse",
.init_context = rootdse_init,
.search = rootdse_search,
.request = rootdse_request,
- .modify = rootdse_modify
+ .add = rootdse_add,
+ .modify = rootdse_modify,
+ .del = rootdse_delete
};