From 8770c8fe2fa1dbb5ecb1c2575187aed319356670 Mon Sep 17 00:00:00 2001
From: Matthias Dieter Wallnöfer <mdw@samba.org>
Date: Mon, 1 Nov 2010 14:36:06 +0100
Subject: s4:samldb LDB module - the "sAMAccountName" cannot be substituted by
 nothing
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Mon Nov  1 14:36:24 UTC 2010 on sn-devel-104
---
 source4/dsdb/samdb/ldb_modules/samldb.c | 10 ++++++++--
 source4/dsdb/tests/python/sam.py        | 21 +++++++++++++++++++++
 2 files changed, 29 insertions(+), 2 deletions(-)

(limited to 'source4')

diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c
index 0a7ab22c40..13b173a6bc 100644
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -177,7 +177,10 @@ static int samldb_check_sAMAccountName(struct samldb_ctx *ac)
 
 	name = ldb_msg_find_attr_as_string(ac->msg, "sAMAccountName", NULL);
 	if (name == NULL) {
-		return ldb_operr(ldb);
+		/* The "sAMAccountName" cannot be nothing */
+		ldb_set_errstring(ldb,
+				  "samldb: Empty account names aren't allowed!");
+		return LDB_ERR_CONSTRAINT_VIOLATION;
 	}
 
 	ret = samdb_search_count(ldb, ac, NULL, "(sAMAccountName=%s)",
@@ -1389,7 +1392,10 @@ static int samldb_sam_accountname_check(struct samldb_ctx *ac)
 	talloc_free(tmp_msg);
 
 	if (sam_accountname == NULL) {
-		return ldb_operr(ldb);
+		/* The "sAMAccountName" cannot be nothing */
+		ldb_set_errstring(ldb,
+				  "samldb: Empty account names aren't allowed!");
+		return LDB_ERR_UNWILLING_TO_PERFORM;
 	}
 
 	enc_str = ldb_binary_encode_string(ac, sam_accountname);
diff --git a/source4/dsdb/tests/python/sam.py b/source4/dsdb/tests/python/sam.py
index 43dfcb6b77..6d5b1a2d6a 100755
--- a/source4/dsdb/tests/python/sam.py
+++ b/source4/dsdb/tests/python/sam.py
@@ -136,6 +136,17 @@ class SamTests(unittest.TestCase):
             self.assertEquals(num, ERR_ENTRY_ALREADY_EXISTS)
         self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
 
+        # Try to create a user with an invalid account name
+        try:
+            ldb.add({
+                "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+                "objectclass": "user",
+                "sAMAccountName": []})
+            self.fail()
+        except LdbError, (num, _):
+            self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
+        self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+
         # Try to create a user with an invalid primary group
         try:
             ldb.add({
@@ -712,6 +723,16 @@ class SamTests(unittest.TestCase):
         except LdbError, (num, _):
             self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
 
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["sAMAccountName"] = MessageElement([], FLAG_MOD_REPLACE,
+          "sAMAccountName")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError, (num, _):
+            self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
+
         m = Message()
         m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
         m["sAMAccountName"] = MessageElement([], FLAG_MOD_DELETE,
-- 
cgit