From 9d4eeaeb194d071f02b19aaca3ad1b89d81d3637 Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Mon, 1 Nov 2010 15:23:48 +0100 Subject: s4:objectclass LDB module - the structural objectclass has always to be specified MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Autobuild-User: Matthias Dieter Wallnöfer Autobuild-Date: Wed Nov 3 16:20:55 UTC 2010 on sn-devel-104 --- source4/dsdb/samdb/ldb_modules/objectclass.c | 6 ++++++ source4/dsdb/tests/python/ldap.py | 19 +++++++++++++++++++ 2 files changed, 25 insertions(+) (limited to 'source4/dsdb') diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c index 474e848c60..9483d3e019 100644 --- a/source4/dsdb/samdb/ldb_modules/objectclass.c +++ b/source4/dsdb/samdb/ldb_modules/objectclass.c @@ -518,6 +518,12 @@ static int objectclass_do_add(struct oc_context *ac) talloc_free(mem_ctx); return LDB_ERR_OBJECT_CLASS_VIOLATION; } + if (objectclass_element->num_values == 0) { + ldb_asprintf_errstring(ldb, "objectclass: Cannot add %s, at least one (structural) objectclass has to be specified!", + ldb_dn_get_linearized(msg->dn)); + talloc_free(mem_ctx); + return LDB_ERR_CONSTRAINT_VIOLATION; + } /* Here we do now get the "objectClass" list from the * database. */ diff --git a/source4/dsdb/tests/python/ldap.py b/source4/dsdb/tests/python/ldap.py index e8bc625807..36c12a2930 100755 --- a/source4/dsdb/tests/python/ldap.py +++ b/source4/dsdb/tests/python/ldap.py @@ -148,6 +148,15 @@ class BasicTests(unittest.TestCase): except LdbError, (num, _): self.assertEquals(num, ERR_UNWILLING_TO_PERFORM) + # Invalid objectclass specified + try: + self.ldb.add({ + "dn": "cn=ldaptestuser,cn=users," + self.base_dn, + "objectClass": [] }) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_CONSTRAINT_VIOLATION) + # Invalid objectclass specified try: self.ldb.add({ @@ -304,6 +313,16 @@ class BasicTests(unittest.TestCase): except LdbError, (num, _): self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION) + # We cannot remove all object classes by an empty replace + m = Message() + m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn) + m["objectClass"] = MessageElement([], FLAG_MOD_REPLACE, "objectClass") + try: + ldb.modify(m) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION) + m = Message() m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn) m["objectClass"] = MessageElement(["top", "computer"], FLAG_MOD_REPLACE, -- cgit