sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-10 01:18:15 +03:00
Code

s4:objectclass LDB module - deny the creation of "isCriticalSystemObject" entries

Browse Source 
They're only allowed to be created with the RELAX control specified.
This commit is contained in:
Matthias Dieter Wallnöfer 2010-10-11 18:41:05 +02:00
parent 8806008024
commit 4638bd11b5
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
source4/dsdb/samdb/ldb_modules/objectclass.c
View File

@ -734,6 +734,15 @@ static int objectclass_do_add(struct oc_context *ac)
return ret;
}
}
/* make sure that "isCriticalSystemObject" is not specified! */
el = ldb_msg_find_element(msg, "isCriticalSystemObject");
if ((el != NULL) &&
!ldb_request_get_control(ac->req, LDB_CONTROL_RELAX_OID)) {
ldb_set_errstring(ldb,
"objectclass: 'isCriticalSystemObject' must not be specified!");
return LDB_ERR_UNWILLING_TO_PERFORM;
}
}
ret = ldb_msg_sanity_check(ldb, msg);