From 0a41b7e95b394e410cc0d8d02e9ff5ea1f64cd9c Mon Sep 17 00:00:00 2001
From: Matthias Dieter Wallnöfer <mdw@samba.org>
Date: Thu, 10 Jun 2010 10:39:52 +0200
Subject: s4:instancetype LDB module - prevent all types of "instanceType"
 manipulation

Also on Windows Server you aren't able to change it.
---
 source4/dsdb/samdb/ldb_modules/instancetype.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

(limited to 'source4')

diff --git a/source4/dsdb/samdb/ldb_modules/instancetype.c b/source4/dsdb/samdb/ldb_modules/instancetype.c
index 7828ce1d26..4ed906f362 100644
--- a/source4/dsdb/samdb/ldb_modules/instancetype.c
+++ b/source4/dsdb/samdb/ldb_modules/instancetype.c
@@ -158,7 +158,23 @@ static int instancetype_add(struct ldb_module *module, struct ldb_request *req)
 	return ldb_next_request(module, down_req);
 }
 
+/* deny instancetype modification */
+static int instancetype_mod(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct ldb_message_element *el;
+
+	el = ldb_msg_find_element(req->op.mod.message, "instanceType");
+	if (el != NULL) {
+		ldb_set_errstring(ldb, "instancetype: the 'instanceType' attribute can never be changed!");
+		return LDB_ERR_CONSTRAINT_VIOLATION;
+	}
+
+	return ldb_next_request(module, req);
+}
+
 _PUBLIC_ const struct ldb_module_ops ldb_instancetype_module_ops = {
 	.name          = "instancetype",
 	.add           = instancetype_add,
+	.modify        = instancetype_mod
 };
-- 
cgit