diff options
author | Matthias Dieter Wallnöfer <mdw@samba.org> | 2010-08-01 17:34:43 +0200 |
---|---|---|
committer | Matthias Dieter Wallnöfer <mdw@samba.org> | 2010-08-01 21:30:29 +0200 |
commit | c38219adfc12828d436bd46b17107feba619aa55 (patch) | |
tree | 9464b1ebe7b94e582b0967af55c7789d269746d6 /source4/dsdb/samdb | |
parent | ba4578f98b411f175803160a9a1f81c1c3786f1f (diff) | |
download | samba-c38219adfc12828d436bd46b17107feba619aa55.tar.gz samba-c38219adfc12828d436bd46b17107feba619aa55.tar.bz2 samba-c38219adfc12828d436bd46b17107feba619aa55.zip |
s4:instancetype LDB module - add checks requested by MS-ADTS 3.1.1.5.2.2
We've to test for the WRITE flag if we are performing an NC add. And if it
isn't an NC add then only the WRITE or no flag is allowed.
Diffstat (limited to 'source4/dsdb/samdb')
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/instancetype.c | 26 |
1 files changed, 20 insertions, 6 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/instancetype.c b/source4/dsdb/samdb/ldb_modules/instancetype.c index 7360c7c993..0a11bccbca 100644 --- a/source4/dsdb/samdb/ldb_modules/instancetype.c +++ b/source4/dsdb/samdb/ldb_modules/instancetype.c @@ -86,7 +86,7 @@ static int instancetype_add(struct ldb_module *module, struct ldb_request *req) struct ldb_message *msg; struct ldb_message_element *el; struct it_context *ac; - uint32_t instance_type; + uint32_t instanceType; int ret; ldb = ldb_module_get_ctx(module); @@ -100,8 +100,6 @@ static int instancetype_add(struct ldb_module *module, struct ldb_request *req) el = ldb_msg_find_element(req->op.add.message, "instanceType"); if (el != NULL) { - unsigned int instanceType; - if (el->num_values != 1) { ldb_set_errstring(ldb, "instancetype: the 'instanceType' attribute is single-valued!"); return LDB_ERR_UNWILLING_TO_PERFORM; @@ -110,9 +108,25 @@ static int instancetype_add(struct ldb_module *module, struct ldb_request *req) instanceType = ldb_msg_find_attr_as_uint(req->op.add.message, "instanceType", 0); if (!(instanceType & INSTANCE_TYPE_IS_NC_HEAD)) { + /* if we have no NC add operation (no TYPE_IS_NC_HEAD) + * then "instanceType" can only be "0" or "TYPE_WRITE". + */ + if ((instanceType != 0) && + ((instanceType & INSTANCE_TYPE_WRITE) == 0)) { + ldb_set_errstring(ldb, "instancetype: if TYPE_IS_NC_HEAD wasn't set, then only TYPE_WRITE or 0 are allowed!"); + return LDB_ERR_UNWILLING_TO_PERFORM; + } + return ldb_next_request(module, req); } + /* if we have a NC add operation then we need also the + * "TYPE_WRITE" flag in order to succeed. */ + if (!(instanceType & INSTANCE_TYPE_WRITE)) { + ldb_set_errstring(ldb, "instancetype: if TYPE_IS_NC_HEAD was set, then also TYPE_WRITE is requested!"); + return LDB_ERR_UNWILLING_TO_PERFORM; + } + /* Forward the 'add' to the modules below, but if it * succeeds, then we might need to add the boilerplate * entries (lost+found, deleted objects) */ @@ -146,11 +160,11 @@ static int instancetype_add(struct ldb_module *module, struct ldb_request *req) /* * TODO: calculate correct instance type */ - instance_type = INSTANCE_TYPE_WRITE; + instanceType = INSTANCE_TYPE_WRITE; - ret = ldb_msg_add_fmt(msg, "instanceType", "%u", instance_type); + ret = ldb_msg_add_fmt(msg, "instanceType", "%u", instanceType); if (ret != LDB_SUCCESS) { - return ldb_oom(ldb); + return ret; } ret = ldb_build_add_req(&down_req, ldb, req, |