diff options
-rw-r--r-- | source4/lib/ldb/modules/schema.c | 16 | ||||
-rw-r--r-- | source4/lib/ldb/tests/schema-mod-test.ldif | 25 | ||||
-rw-r--r-- | source4/lib/ldb/tests/schema-tests/schema-add-test.ldif (renamed from source4/lib/ldb/tests/schema-add-test.ldif) | 0 | ||||
-rw-r--r-- | source4/lib/ldb/tests/schema-tests/schema-mod-test-1.ldif | 5 | ||||
-rw-r--r-- | source4/lib/ldb/tests/schema-tests/schema-mod-test-2.ldif | 5 | ||||
-rw-r--r-- | source4/lib/ldb/tests/schema-tests/schema-mod-test-3.ldif | 5 | ||||
-rw-r--r-- | source4/lib/ldb/tests/schema-tests/schema-mod-test-4.ldif | 5 | ||||
-rw-r--r-- | source4/lib/ldb/tests/schema-tests/schema-mod-test-5.ldif | 5 | ||||
-rw-r--r-- | source4/lib/ldb/tests/schema-tests/schema.ldif (renamed from source4/lib/ldb/tests/schema.ldif) | 0 | ||||
-rwxr-xr-x | source4/lib/ldb/tests/test-schema.sh | 19 |
10 files changed, 54 insertions, 31 deletions
diff --git a/source4/lib/ldb/modules/schema.c b/source4/lib/ldb/modules/schema.c index b16849c2fe..86dc617d99 100644 --- a/source4/lib/ldb/modules/schema.c +++ b/source4/lib/ldb/modules/schema.c @@ -371,6 +371,18 @@ static int schema_add_record(struct ldb_module *module, const struct ldb_message return -1; } + /* check we are not trying to delete a required attribute */ + /* TODO: consider multivalued attrs */ + if ((attr->flags & SCHEMA_FLAG_MOD_DELETE) != 0) { + ldb_debug(module->ldb, LDB_DEBUG_ERROR, + "Trying to delete the required attribute %s.\n", + attr->name); + + data->error_string = "Objectclass violation, a required attribute cannot be removed"; + talloc_free(entry_structs); + return -1; + } + /* mark the attribute as checked */ attr->flags = SCHEMA_FLAG_CHECKED; } @@ -413,9 +425,7 @@ static int schema_modify_record(struct ldb_module *module, const struct ldb_mess Retrieve the ldap entry and get the objectclasses, add msg contained objectclasses if any. Build up a list of required_attrs and optional_attrs attributes from each objectclass - Check all required_attrs one for the defined objectclass and all its parent - objectclasses. - Check all other the attributes are optional_attrs or required_attrs. + Check all the attributes are optional_attrs or required_attrs. Throw an error in case a check fail. Free all structures and commit the change. */ diff --git a/source4/lib/ldb/tests/schema-mod-test.ldif b/source4/lib/ldb/tests/schema-mod-test.ldif deleted file mode 100644 index 8e36de7bf5..0000000000 --- a/source4/lib/ldb/tests/schema-mod-test.ldif +++ /dev/null @@ -1,25 +0,0 @@ -dn: CN=Test,CN=Users,DC=schema,DC=test -changetype: modify -replace: description -description: this test must not fail - -dn: CN=Test,CN=Users,DC=schema,DC=test -changetype: modify -delete: description -# this test must not fail - -dn: CN=Test,CN=Users,DC=schema,DC=test -changetype: modify -add: description -description: this test must not fail - -dn: CN=Test,CN=Users,DC=schema,DC=test -changetype: modify -add: foo -foo: this test must fail - -dn: CN=Test,CN=Users,DC=schema,DC=test -changetype: modify -delete: nTSecurityDescriptor -# this test must fail - diff --git a/source4/lib/ldb/tests/schema-add-test.ldif b/source4/lib/ldb/tests/schema-tests/schema-add-test.ldif index 997b801d84..997b801d84 100644 --- a/source4/lib/ldb/tests/schema-add-test.ldif +++ b/source4/lib/ldb/tests/schema-tests/schema-add-test.ldif diff --git a/source4/lib/ldb/tests/schema-tests/schema-mod-test-1.ldif b/source4/lib/ldb/tests/schema-tests/schema-mod-test-1.ldif new file mode 100644 index 0000000000..b976724485 --- /dev/null +++ b/source4/lib/ldb/tests/schema-tests/schema-mod-test-1.ldif @@ -0,0 +1,5 @@ +dn: CN=Test,CN=Users,DC=schema,DC=test +changetype: modify +replace: description +description: this test must not fail + diff --git a/source4/lib/ldb/tests/schema-tests/schema-mod-test-2.ldif b/source4/lib/ldb/tests/schema-tests/schema-mod-test-2.ldif new file mode 100644 index 0000000000..fa193af683 --- /dev/null +++ b/source4/lib/ldb/tests/schema-tests/schema-mod-test-2.ldif @@ -0,0 +1,5 @@ +dn: CN=Test,CN=Users,DC=schema,DC=test +changetype: modify +delete: description +# this test must not fail + diff --git a/source4/lib/ldb/tests/schema-tests/schema-mod-test-3.ldif b/source4/lib/ldb/tests/schema-tests/schema-mod-test-3.ldif new file mode 100644 index 0000000000..8ab7798f9c --- /dev/null +++ b/source4/lib/ldb/tests/schema-tests/schema-mod-test-3.ldif @@ -0,0 +1,5 @@ +dn: CN=Test,CN=Users,DC=schema,DC=test +changetype: modify +add: description +description: this test must not fail + diff --git a/source4/lib/ldb/tests/schema-tests/schema-mod-test-4.ldif b/source4/lib/ldb/tests/schema-tests/schema-mod-test-4.ldif new file mode 100644 index 0000000000..cbf0e60bbe --- /dev/null +++ b/source4/lib/ldb/tests/schema-tests/schema-mod-test-4.ldif @@ -0,0 +1,5 @@ +dn: CN=Test,CN=Users,DC=schema,DC=test +changetype: modify +add: foo +foo: this test must fail + diff --git a/source4/lib/ldb/tests/schema-tests/schema-mod-test-5.ldif b/source4/lib/ldb/tests/schema-tests/schema-mod-test-5.ldif new file mode 100644 index 0000000000..bc64e9edb6 --- /dev/null +++ b/source4/lib/ldb/tests/schema-tests/schema-mod-test-5.ldif @@ -0,0 +1,5 @@ +dn: CN=Test,CN=Users,DC=schema,DC=test +changetype: modify +delete: nTSecurityDescriptor +# this test must fail + diff --git a/source4/lib/ldb/tests/schema.ldif b/source4/lib/ldb/tests/schema-tests/schema.ldif index 2661ae30c5..2661ae30c5 100644 --- a/source4/lib/ldb/tests/schema.ldif +++ b/source4/lib/ldb/tests/schema-tests/schema.ldif diff --git a/source4/lib/ldb/tests/test-schema.sh b/source4/lib/ldb/tests/test-schema.sh index 5423c7eff9..08595a0a9c 100755 --- a/source4/lib/ldb/tests/test-schema.sh +++ b/source4/lib/ldb/tests/test-schema.sh @@ -7,13 +7,26 @@ rm -f schema.ldb echo "LDB_URL: $LDB_URL" echo "Adding schema" -$VALGRIND bin/ldbadd tests/schema.ldif || exit 1 +$VALGRIND bin/ldbadd tests/schema-tests/schema.ldif || exit 1 echo "Adding few test elements (no failure expected here)" -$VALGRIND bin/ldbadd tests/schema-add-test.ldif || exit 1 +$VALGRIND bin/ldbadd tests/schema-tests/schema-add-test.ldif || exit 1 echo "Modifying elements (2 failures expected here)" -$VALGRIND bin/ldbmodify tests/schema-mod-test.ldif + +$VALGRIND bin/ldbmodify tests/schema-tests/schema-mod-test-1.ldif || exit 1 +$VALGRIND bin/ldbmodify tests/schema-tests/schema-mod-test-2.ldif || exit 1 +$VALGRIND bin/ldbmodify tests/schema-tests/schema-mod-test-3.ldif || exit 1 +$VALGRIND bin/ldbmodify tests/schema-tests/schema-mod-test-4.ldif +if [ "$?" == "0" ]; then + echo "test failed!" + exit 1 +fi +$VALGRIND bin/ldbmodify tests/schema-tests/schema-mod-test-5.ldif +if [ "$?" == "0" ]; then + echo "test failed!" + exit 1 +fi echo "Showing modified record" $VALGRIND bin/ldbsearch '(cn=Test)' || exit 1 |