From b16e602660e9fcfe7a0e46633e81c898b2053238 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 14 Jun 2010 13:19:43 +1000
Subject: s4:dsdb Move linked attribute restrictions to objectclass_attrs

This puts more of the schema restrictions in one place.

Andrew Bartlett
---
 source4/dsdb/samdb/ldb_modules/objectclass_attrs.c | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'source4/dsdb/samdb/ldb_modules')

diff --git a/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c b/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c
index 5b76a0b946..36bd86072d 100644
--- a/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c
+++ b/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c
@@ -105,6 +105,15 @@ static int attr_handler(struct oc_context *ac)
 			return LDB_ERR_NO_SUCH_ATTRIBUTE;
 		}
 
+		if ((attr->linkID & 1) == 1) {
+			/* Odd is for the target.  Illegal to modify */
+			ldb_asprintf_errstring(ldb, 
+					       "objectclass_attrs: attribute '%s' on entry '%s' must not be modified directly, it is a linked attribute", 
+					       msg->elements[i].name,
+					       ldb_dn_get_linearized(msg->dn));
+			return LDB_ERR_UNWILLING_TO_PERFORM;
+		}
+		
 		werr = attr->syntax->validate_ldb(ldb, ac->schema, attr,
 						  &msg->elements[i]);
 		if (!W_ERROR_IS_OK(werr)) {
-- 
cgit