diff options
author | Matthias Dieter Wallnöfer <mdw@samba.org> | 2011-10-26 09:47:35 +0200 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2012-03-26 00:57:29 +0200 |
commit | d6fde2d4c24d7fb5e040ccb00476f689a4472eff (patch) | |
tree | 1759615aec29394b70909be9b2378a7747168e75 /lib/ldb/ldb_tdb/ldb_index.c | |
parent | 438971e214e6f55f19148ed2afc03ec1c7066f65 (diff) | |
download | samba-d6fde2d4c24d7fb5e040ccb00476f689a4472eff.tar.gz samba-d6fde2d4c24d7fb5e040ccb00476f689a4472eff.tar.bz2 samba-d6fde2d4c24d7fb5e040ccb00476f689a4472eff.zip |
LDB/s4 - deny the "(dn=...)" syntax on search filters when in AD mode
Achieve this by introducing a "disallowDNFilter" flag.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'lib/ldb/ldb_tdb/ldb_index.c')
-rw-r--r-- | lib/ldb/ldb_tdb/ldb_index.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/lib/ldb/ldb_tdb/ldb_index.c b/lib/ldb/ldb_tdb/ldb_index.c index 24cc93feb9..a3848eddb2 100644 --- a/lib/ldb/ldb_tdb/ldb_index.c +++ b/lib/ldb/ldb_tdb/ldb_index.c @@ -510,6 +510,15 @@ static int ltdb_index_dn_leaf(struct ldb_module *module, const struct ldb_message *index_list, struct dn_list *list) { + struct ltdb_private *ltdb = talloc_get_type(ldb_module_get_private(module), + struct ltdb_private); + if (ltdb->disallow_dn_filter && + (ldb_attr_cmp(tree->u.equality.attr, "dn") == 0)) { + /* in AD mode we do not support "(dn=...)" search filters */ + list->dn = NULL; + list->count = 0; + return LDB_SUCCESS; + } if (ldb_attr_dn(tree->u.equality.attr) == 0) { list->dn = talloc_array(list, struct ldb_val, 1); if (list->dn == NULL) { |