summaryrefslogtreecommitdiff
path: root/source4/lib/ldb
diff options
context:
space:
mode:
authorMatthias Dieter Wallnöfer <mdw@samba.org>2011-03-04 11:11:08 +0100
committerMatthias Dieter Wallnöfer <mdw@samba.org>2011-03-04 22:07:24 +0100
commit736a462c3e61500b9e53b76c6e5d743efa5a9e0a (patch)
tree8248d847cee30f9f20b883f13004a030b6206913 /source4/lib/ldb
parentea12adf544ffaf86a7b323c60c7f9dfbede87808 (diff)
downloadsamba-736a462c3e61500b9e53b76c6e5d743efa5a9e0a.tar.gz
samba-736a462c3e61500b9e53b76c6e5d743efa5a9e0a.tar.bz2
samba-736a462c3e61500b9e53b76c6e5d743efa5a9e0a.zip
ldb:rdn_name LDB module - more RDN constraint checks (from AD)
Reviewed by: Tridge
Diffstat (limited to 'source4/lib/ldb')
-rw-r--r--source4/lib/ldb/modules/rdn_name.c41
1 files changed, 40 insertions, 1 deletions
diff --git a/source4/lib/ldb/modules/rdn_name.c b/source4/lib/ldb/modules/rdn_name.c
index 313d9998e3..50b63aee13 100644
--- a/source4/lib/ldb/modules/rdn_name.c
+++ b/source4/lib/ldb/modules/rdn_name.c
@@ -370,6 +370,7 @@ static int rdn_name_rename(struct ldb_module *module, struct ldb_request *req)
static int rdn_name_modify(struct ldb_module *module, struct ldb_request *req)
{
struct ldb_context *ldb;
+ const struct ldb_val *rdn_val_p;
ldb = ldb_module_get_ctx(module);
@@ -378,6 +379,16 @@ static int rdn_name_modify(struct ldb_module *module, struct ldb_request *req)
return ldb_next_request(module, req);
}
+ rdn_val_p = ldb_dn_get_rdn_val(req->op.mod.message->dn);
+ if (rdn_val_p == NULL) {
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+ if (rdn_val_p->length == 0) {
+ ldb_asprintf_errstring(ldb, "Empty RDN value on %s not permitted!",
+ ldb_dn_get_linearized(req->op.mod.message->dn));
+ return LDB_ERR_INVALID_DN_SYNTAX;
+ }
+
if (ldb_msg_find_element(req->op.mod.message, "distinguishedName")) {
ldb_asprintf_errstring(ldb, "Modify of 'distinguishedName' on %s not permitted, must use 'rename' operation instead",
ldb_dn_get_linearized(req->op.mod.message->dn));
@@ -400,11 +411,39 @@ static int rdn_name_modify(struct ldb_module *module, struct ldb_request *req)
return ldb_next_request(module, req);
}
+static int rdn_name_search(struct ldb_module *module, struct ldb_request *req)
+{
+ struct ldb_context *ldb;
+ const char *rdn_name;
+ const struct ldb_val *rdn_val_p;
+
+ ldb = ldb_module_get_ctx(module);
+
+ /* do not manipulate our control entries */
+ if (ldb_dn_is_special(req->op.search.base)) {
+ return ldb_next_request(module, req);
+ }
+
+ rdn_name = ldb_dn_get_rdn_name(req->op.search.base);
+ rdn_val_p = ldb_dn_get_rdn_val(req->op.search.base);
+ if ((rdn_name != NULL) && (rdn_val_p == NULL)) {
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+ if ((rdn_val_p != NULL) && (rdn_val_p->length == 0)) {
+ ldb_asprintf_errstring(ldb, "Empty RDN value on %s not permitted!",
+ ldb_dn_get_linearized(req->op.search.base));
+ return LDB_ERR_INVALID_DN_SYNTAX;
+ }
+
+ return ldb_next_request(module, req);
+}
+
static const struct ldb_module_ops ldb_rdn_name_module_ops = {
.name = "rdn_name",
.add = rdn_name_add,
.modify = rdn_name_modify,
- .rename = rdn_name_rename
+ .rename = rdn_name_rename,
+ .search = rdn_name_search
};
int ldb_rdn_name_init(const char *version)