diff options
author | Matthias Dieter Wallnöfer <mdw@samba.org> | 2010-11-08 10:16:45 +0100 |
---|---|---|
committer | Matthias Dieter Wallnöfer <mdw@samba.org> | 2010-11-08 10:36:49 +0000 |
commit | 4b97e7c8f20b125015417bcf440128f843ac648f (patch) | |
tree | a376e4e269a49820aa333dbf4e2b63165642ed8c /source4/dsdb/samdb/ldb_modules/repl_meta_data.c | |
parent | 8caf0ed90980d4118878f0cda10eba8004a8dd4d (diff) | |
download | samba-4b97e7c8f20b125015417bcf440128f843ac648f.tar.gz samba-4b97e7c8f20b125015417bcf440128f843ac648f.tar.bz2 samba-4b97e7c8f20b125015417bcf440128f843ac648f.zip |
s4:objectguid/repl_meta_data LDB module - deny "objectGUID" updates
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Mon Nov 8 10:36:50 UTC 2010 on sn-devel-104
Diffstat (limited to 'source4/dsdb/samdb/ldb_modules/repl_meta_data.c')
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index 95cd0694fc..7838b65fdf 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -2147,6 +2147,7 @@ static int replmd_modify(struct ldb_module *module, struct ldb_request *req) struct loadparm_context *lp_ctx; char *referral; unsigned int functional_level; + const DATA_BLOB *guid_blob; /* do not manipulate our control entries */ if (ldb_dn_is_special(req->op.mod.message->dn)) { @@ -2166,6 +2167,14 @@ static int replmd_modify(struct ldb_module *module, struct ldb_request *req) return LDB_ERR_OPERATIONS_ERROR; } + guid_blob = ldb_msg_find_ldb_val(req->op.mod.message, "objectGUID"); + if ( guid_blob != NULL ) { + ldb_debug_set(ldb, LDB_DEBUG_ERROR, + "replmd_modify: it's not allowed to change the objectGUID\n"); + talloc_free(ac); + return LDB_ERR_CONSTRAINT_VIOLATION; + } + /* we have to copy the message as the caller might have it as a const */ msg = ldb_msg_copy_shallow(ac, req->op.mod.message); if (msg == NULL) { |