summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb
diff options
context:
space:
mode:
authorKamen Mazdrashki <kamen.mazdrashki@postpath.com>2009-12-17 23:26:47 +0200
committerAndrew Tridgell <tridge@samba.org>2009-12-21 23:44:36 +1100
commita409c0f0372e5a1d81b4acda5c0fc24ccbe68a7e (patch)
tree1dadbe524aa10cce22d1fe78298a52b463cd8350 /source4/dsdb/samdb
parent4e8ad284f5813413fdec8426f11e24570d22549b (diff)
downloadsamba-a409c0f0372e5a1d81b4acda5c0fc24ccbe68a7e.tar.gz
samba-a409c0f0372e5a1d81b4acda5c0fc24ccbe68a7e.tar.bz2
samba-a409c0f0372e5a1d81b4acda5c0fc24ccbe68a7e.zip
s4-schema: Constraints on msDS-IntId attribute
This attribute can not be modified on existing schema object. msDS-IntId is not allowed during attribute creation also. Signed-off-by: Andrew Tridgell <tridge@samba.org>
Diffstat (limited to 'source4/dsdb/samdb')
-rw-r--r--source4/dsdb/samdb/ldb_modules/schema_data.c27
1 files changed, 27 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/schema_data.c b/source4/dsdb/samdb/ldb_modules/schema_data.c
index dfb322225a..cc609581e4 100644
--- a/source4/dsdb/samdb/ldb_modules/schema_data.c
+++ b/source4/dsdb/samdb/ldb_modules/schema_data.c
@@ -169,6 +169,11 @@ static int schema_data_add(struct ldb_module *module, struct ldb_request *req)
governsID = ldb_msg_find_ldb_val(req->op.add.message, "governsID");
if (attributeID) {
+ /* Sanity check for not allowed attributes */
+ if (ldb_msg_find_ldb_val(req->op.add.message, "msDS-IntId")) {
+ return LDB_ERR_UNWILLING_TO_PERFORM;
+ }
+
oid_attr = "attributeID";
oid = talloc_strndup(req, (const char *)attributeID->data, attributeID->length);
} else if (governsID) {
@@ -204,6 +209,27 @@ static int schema_data_add(struct ldb_module *module, struct ldb_request *req)
return ldb_next_request(module, req);
}
+static int schema_data_modify(struct ldb_module *module, struct ldb_request *req)
+{
+ /* special objects should always go through */
+ if (ldb_dn_is_special(req->op.mod.message->dn)) {
+ return ldb_next_request(module, req);
+ }
+
+ /* replicated update should always go through */
+ if (ldb_request_get_control(req, DSDB_CONTROL_REPLICATED_UPDATE_OID)) {
+ return ldb_next_request(module, req);
+ }
+
+ /* msDS-IntId is not allowed to be modified */
+ if (ldb_msg_find_ldb_val(req->op.mod.message, "msDS-IntId")) {
+ return LDB_ERR_CONSTRAINT_VIOLATION;
+ }
+
+ /* go on with the call chain */
+ return ldb_next_request(module, req);
+}
+
static int generate_objectClasses(struct ldb_context *ldb, struct ldb_message *msg,
const struct dsdb_schema *schema)
{
@@ -459,5 +485,6 @@ _PUBLIC_ const struct ldb_module_ops ldb_schema_data_module_ops = {
.name = "schema_data",
.init_context = schema_data_init,
.add = schema_data_add,
+ .modify = schema_data_modify,
.search = schema_data_search
};