diff options
author | Matthias Dieter Wallnöfer <mdw@samba.org> | 2011-03-04 11:11:08 +0100 |
---|---|---|
committer | Matthias Dieter Wallnöfer <mdw@samba.org> | 2011-03-04 22:07:24 +0100 |
commit | 736a462c3e61500b9e53b76c6e5d743efa5a9e0a (patch) | |
tree | 8248d847cee30f9f20b883f13004a030b6206913 /source4/lib/ldb | |
parent | ea12adf544ffaf86a7b323c60c7f9dfbede87808 (diff) | |
download | samba-736a462c3e61500b9e53b76c6e5d743efa5a9e0a.tar.gz samba-736a462c3e61500b9e53b76c6e5d743efa5a9e0a.tar.bz2 samba-736a462c3e61500b9e53b76c6e5d743efa5a9e0a.zip |
ldb:rdn_name LDB module - more RDN constraint checks (from AD)
Reviewed by: Tridge
Diffstat (limited to 'source4/lib/ldb')
-rw-r--r-- | source4/lib/ldb/modules/rdn_name.c | 41 |
1 files changed, 40 insertions, 1 deletions
diff --git a/source4/lib/ldb/modules/rdn_name.c b/source4/lib/ldb/modules/rdn_name.c index 313d9998e3..50b63aee13 100644 --- a/source4/lib/ldb/modules/rdn_name.c +++ b/source4/lib/ldb/modules/rdn_name.c @@ -370,6 +370,7 @@ static int rdn_name_rename(struct ldb_module *module, struct ldb_request *req) static int rdn_name_modify(struct ldb_module *module, struct ldb_request *req) { struct ldb_context *ldb; + const struct ldb_val *rdn_val_p; ldb = ldb_module_get_ctx(module); @@ -378,6 +379,16 @@ static int rdn_name_modify(struct ldb_module *module, struct ldb_request *req) return ldb_next_request(module, req); } + rdn_val_p = ldb_dn_get_rdn_val(req->op.mod.message->dn); + if (rdn_val_p == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + if (rdn_val_p->length == 0) { + ldb_asprintf_errstring(ldb, "Empty RDN value on %s not permitted!", + ldb_dn_get_linearized(req->op.mod.message->dn)); + return LDB_ERR_INVALID_DN_SYNTAX; + } + if (ldb_msg_find_element(req->op.mod.message, "distinguishedName")) { ldb_asprintf_errstring(ldb, "Modify of 'distinguishedName' on %s not permitted, must use 'rename' operation instead", ldb_dn_get_linearized(req->op.mod.message->dn)); @@ -400,11 +411,39 @@ static int rdn_name_modify(struct ldb_module *module, struct ldb_request *req) return ldb_next_request(module, req); } +static int rdn_name_search(struct ldb_module *module, struct ldb_request *req) +{ + struct ldb_context *ldb; + const char *rdn_name; + const struct ldb_val *rdn_val_p; + + ldb = ldb_module_get_ctx(module); + + /* do not manipulate our control entries */ + if (ldb_dn_is_special(req->op.search.base)) { + return ldb_next_request(module, req); + } + + rdn_name = ldb_dn_get_rdn_name(req->op.search.base); + rdn_val_p = ldb_dn_get_rdn_val(req->op.search.base); + if ((rdn_name != NULL) && (rdn_val_p == NULL)) { + return LDB_ERR_OPERATIONS_ERROR; + } + if ((rdn_val_p != NULL) && (rdn_val_p->length == 0)) { + ldb_asprintf_errstring(ldb, "Empty RDN value on %s not permitted!", + ldb_dn_get_linearized(req->op.search.base)); + return LDB_ERR_INVALID_DN_SYNTAX; + } + + return ldb_next_request(module, req); +} + static const struct ldb_module_ops ldb_rdn_name_module_ops = { .name = "rdn_name", .add = rdn_name_add, .modify = rdn_name_modify, - .rename = rdn_name_rename + .rename = rdn_name_rename, + .search = rdn_name_search }; int ldb_rdn_name_init(const char *version) |