diff options
author | Matthias Dieter Wallnöfer <mdw@samba.org> | 2010-11-12 19:49:47 +0100 |
---|---|---|
committer | Matthias Dieter Wallnöfer <mdw@samba.org> | 2010-11-12 19:39:06 +0000 |
commit | 37bd3133049eba7ad26aeb74864e732c6efe70e5 (patch) | |
tree | 342f6757dcc980e724ff68f16cea04e849d23659 /source4 | |
parent | 584a2d125ec564ffaa019aba53a2d3b29d4c09c3 (diff) | |
download | samba-37bd3133049eba7ad26aeb74864e732c6efe70e5.tar.gz samba-37bd3133049eba7ad26aeb74864e732c6efe70e5.tar.bz2 samba-37bd3133049eba7ad26aeb74864e732c6efe70e5.zip |
s4:objectclass LDB module - we should not simply ignore additional "objectClass" attribute changes
There first one we perform all other tentatives are terminated with
ERR_ATTRIBUTE_OR_VALUE_EXISTS (tested against Windows).
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Fri Nov 12 19:39:07 UTC 2010 on sn-devel-104
Diffstat (limited to 'source4')
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/objectclass.c | 18 | ||||
-rwxr-xr-x | source4/dsdb/tests/python/ldap.py | 13 |
2 files changed, 29 insertions, 2 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c index 2e95eb5e91..d2b4f10838 100644 --- a/source4/dsdb/samdb/ldb_modules/objectclass.c +++ b/source4/dsdb/samdb/ldb_modules/objectclass.c @@ -1082,12 +1082,26 @@ static int objectclass_do_mod(struct oc_context *ac) break; } + /* Only one "objectclass" attribute change element per modify request + * allowed! */ + for (i = 0; i < ac->req->op.mod.message->num_elements; i++) { + if (ldb_attr_cmp(ac->req->op.mod.message->elements[i].name, + "objectClass") != 0) continue; + + if (ldb_msg_element_compare(&ac->req->op.mod.message->elements[i], + oc_el_change) != 0) { + ldb_set_errstring(ldb, + "objectclass: only one 'objectClass' attribute change per modify request allowed!"); + talloc_free(mem_ctx); + return LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS; + } + } + ret = ldb_msg_add_empty(msg, "objectClass", LDB_FLAG_MOD_REPLACE, &oc_el_change); if (ret != LDB_SUCCESS) { - ldb_oom(ldb); talloc_free(mem_ctx); - return ret; + return ldb_oom(ldb); } /* Move from the linked list back into an ldb msg */ diff --git a/source4/dsdb/tests/python/ldap.py b/source4/dsdb/tests/python/ldap.py index 26a0d720c5..0ac57d5247 100755 --- a/source4/dsdb/tests/python/ldap.py +++ b/source4/dsdb/tests/python/ldap.py @@ -310,6 +310,19 @@ class BasicTests(unittest.TestCase): except LdbError, (num, _): self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION) + # More than one change operation is not allowed + m = Message() + m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn) + m["objectClass"] = MessageElement("bootableDevice", FLAG_MOD_DELETE, + "objectClass") + m["objectClass"] = MessageElement("bootableDevice", FLAG_MOD_ADD, + "objectClass") + try: + ldb.modify(m) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS) + # We cannot remove all object classes by an empty replace m = Message() m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn) |