From 0d2d6c94d2da09b01d91c31cbf099248fac90802 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 23 Sep 2011 16:15:24 +1000 Subject: s4-ldap-server: disallow all modifies on global catalog port --- source4/ldap_server/ldap_backend.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) (limited to 'source4/ldap_server') diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c index 94f9ad3ace..57f81eaaaf 100644 --- a/source4/ldap_server/ldap_backend.c +++ b/source4/ldap_server/ldap_backend.c @@ -305,6 +305,11 @@ static int ldapsrv_add_with_controls(struct ldapsrv_call *call, if (ret != LDB_SUCCESS) return ret; + if (call->conn->global_catalog) { + return ldb_error(ldb, LDB_ERR_UNWILLING_TO_PERFORM, "modify forbidden on global catalog port"); + } + ldb_request_add_control(req, DSDB_CONTROL_NO_GLOBAL_CATALOG, false, NULL); + ret = ldb_transaction_start(ldb); if (ret != LDB_SUCCESS) { return ret; @@ -358,6 +363,11 @@ static int ldapsrv_mod_with_controls(struct ldapsrv_call *call, return ret; } + if (call->conn->global_catalog) { + return ldb_error(ldb, LDB_ERR_UNWILLING_TO_PERFORM, "modify forbidden on global catalog port"); + } + ldb_request_add_control(req, DSDB_CONTROL_NO_GLOBAL_CATALOG, false, NULL); + ret = ldb_transaction_start(ldb); if (ret != LDB_SUCCESS) { return ret; @@ -404,6 +414,11 @@ static int ldapsrv_del_with_controls(struct ldapsrv_call *call, if (ret != LDB_SUCCESS) return ret; + if (call->conn->global_catalog) { + return ldb_error(ldb, LDB_ERR_UNWILLING_TO_PERFORM, "modify forbidden on global catalog port"); + } + ldb_request_add_control(req, DSDB_CONTROL_NO_GLOBAL_CATALOG, false, NULL); + ret = ldb_transaction_start(ldb); if (ret != LDB_SUCCESS) { return ret; @@ -451,6 +466,11 @@ static int ldapsrv_rename_with_controls(struct ldapsrv_call *call, if (ret != LDB_SUCCESS) return ret; + if (call->conn->global_catalog) { + return ldb_error(ldb, LDB_ERR_UNWILLING_TO_PERFORM, "modify forbidden on global catalog port"); + } + ldb_request_add_control(req, DSDB_CONTROL_NO_GLOBAL_CATALOG, false, NULL); + ret = ldb_transaction_start(ldb); if (ret != LDB_SUCCESS) { return ret; -- cgit