diff options
| -rw-r--r-- | source4/dsdb/samdb/ldb_modules/samldb.c | 10 | ||||
| -rwxr-xr-x | source4/dsdb/tests/python/sam.py | 21 |
2 files changed, 29 insertions, 2 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 0a7ab22c40..13b173a6bc 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -177,7 +177,10 @@ static int samldb_check_sAMAccountName(struct samldb_ctx *ac) name = ldb_msg_find_attr_as_string(ac->msg, "sAMAccountName", NULL); if (name == NULL) { - return ldb_operr(ldb); + /* The "sAMAccountName" cannot be nothing */ + ldb_set_errstring(ldb, + "samldb: Empty account names aren't allowed!"); + return LDB_ERR_CONSTRAINT_VIOLATION; } ret = samdb_search_count(ldb, ac, NULL, "(sAMAccountName=%s)", @@ -1389,7 +1392,10 @@ static int samldb_sam_accountname_check(struct samldb_ctx *ac) talloc_free(tmp_msg); if (sam_accountname == NULL) { - return ldb_operr(ldb); + /* The "sAMAccountName" cannot be nothing */ + ldb_set_errstring(ldb, + "samldb: Empty account names aren't allowed!"); + return LDB_ERR_UNWILLING_TO_PERFORM; } enc_str = ldb_binary_encode_string(ac, sam_accountname); diff --git a/source4/dsdb/tests/python/sam.py b/source4/dsdb/tests/python/sam.py index 43dfcb6b77..6d5b1a2d6a 100755 --- a/source4/dsdb/tests/python/sam.py +++ b/source4/dsdb/tests/python/sam.py @@ -136,6 +136,17 @@ class SamTests(unittest.TestCase): self.assertEquals(num, ERR_ENTRY_ALREADY_EXISTS) self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn) + # Try to create a user with an invalid account name + try: + ldb.add({ + "dn": "cn=ldaptestuser,cn=users," + self.base_dn, + "objectclass": "user", + "sAMAccountName": []}) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_CONSTRAINT_VIOLATION) + self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn) + # Try to create a user with an invalid primary group try: ldb.add({ @@ -714,6 +725,16 @@ class SamTests(unittest.TestCase): m = Message() m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn) + m["sAMAccountName"] = MessageElement([], FLAG_MOD_REPLACE, + "sAMAccountName") + try: + ldb.modify(m) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_UNWILLING_TO_PERFORM) + + m = Message() + m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn) m["sAMAccountName"] = MessageElement([], FLAG_MOD_DELETE, "sAMAccountName") try: |