diff options
author | Kamen Mazdrashki <kamen.mazdrashki@postpath.com> | 2009-12-17 23:26:47 +0200 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 2009-12-21 23:44:36 +1100 |
commit | a409c0f0372e5a1d81b4acda5c0fc24ccbe68a7e (patch) | |
tree | 1dadbe524aa10cce22d1fe78298a52b463cd8350 /source4/dsdb/samdb/ldb_modules | |
parent | 4e8ad284f5813413fdec8426f11e24570d22549b (diff) | |
download | samba-a409c0f0372e5a1d81b4acda5c0fc24ccbe68a7e.tar.gz samba-a409c0f0372e5a1d81b4acda5c0fc24ccbe68a7e.tar.bz2 samba-a409c0f0372e5a1d81b4acda5c0fc24ccbe68a7e.zip |
s4-schema: Constraints on msDS-IntId attribute
This attribute can not be modified on existing schema object.
msDS-IntId is not allowed during attribute creation also.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Diffstat (limited to 'source4/dsdb/samdb/ldb_modules')
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/schema_data.c | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/schema_data.c b/source4/dsdb/samdb/ldb_modules/schema_data.c index dfb322225a..cc609581e4 100644 --- a/source4/dsdb/samdb/ldb_modules/schema_data.c +++ b/source4/dsdb/samdb/ldb_modules/schema_data.c @@ -169,6 +169,11 @@ static int schema_data_add(struct ldb_module *module, struct ldb_request *req) governsID = ldb_msg_find_ldb_val(req->op.add.message, "governsID"); if (attributeID) { + /* Sanity check for not allowed attributes */ + if (ldb_msg_find_ldb_val(req->op.add.message, "msDS-IntId")) { + return LDB_ERR_UNWILLING_TO_PERFORM; + } + oid_attr = "attributeID"; oid = talloc_strndup(req, (const char *)attributeID->data, attributeID->length); } else if (governsID) { @@ -204,6 +209,27 @@ static int schema_data_add(struct ldb_module *module, struct ldb_request *req) return ldb_next_request(module, req); } +static int schema_data_modify(struct ldb_module *module, struct ldb_request *req) +{ + /* special objects should always go through */ + if (ldb_dn_is_special(req->op.mod.message->dn)) { + return ldb_next_request(module, req); + } + + /* replicated update should always go through */ + if (ldb_request_get_control(req, DSDB_CONTROL_REPLICATED_UPDATE_OID)) { + return ldb_next_request(module, req); + } + + /* msDS-IntId is not allowed to be modified */ + if (ldb_msg_find_ldb_val(req->op.mod.message, "msDS-IntId")) { + return LDB_ERR_CONSTRAINT_VIOLATION; + } + + /* go on with the call chain */ + return ldb_next_request(module, req); +} + static int generate_objectClasses(struct ldb_context *ldb, struct ldb_message *msg, const struct dsdb_schema *schema) { @@ -459,5 +485,6 @@ _PUBLIC_ const struct ldb_module_ops ldb_schema_data_module_ops = { .name = "schema_data", .init_context = schema_data_init, .add = schema_data_add, + .modify = schema_data_modify, .search = schema_data_search }; |