sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-07 17:18:11 +03:00
Code

s4:dsdb Use possibleInferiors to restrict creation of child objects

Browse Source 
This also uses systemPossibleInferiors when the 'relax' control is
specified, which is done by the provision.

Andrew Bartlett
This commit is contained in:
Andrew Bartlett 2009-09-24 15:14:49 -07:00 committed by Matthias Dieter Wallnöfer
parent 0e028fcb7d
commit 4bc9a39eed
1 changed files with 15 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
source4/dsdb/samdb/ldb_modules/objectclass.c
View File

@ -42,6 +42,7 @@
#include "libcli/security/security.h"
#include "auth/auth.h"
#include "param/param.h"
#include "../libds/common/flags.h"
struct oc_context {
@ -566,7 +567,7 @@ static int objectclass_do_add(struct oc_context *ac)
bool allowed_class = false;
int i, j;
for (i=0; !allowed_class && oc_el && i < oc_el->num_values; i++) {
for (i=0; allowed_class == false && oc_el && i < oc_el->num_values; i++) {
const struct dsdb_class *sclass;
sclass = dsdb_class_by_lDAPDisplayName_ldb_val(schema, &oc_el->values[i]);
@ -574,9 +575,19 @@ static int objectclass_do_add(struct oc_context *ac)
/* We don't know this class? what is going on? */
continue;
}
for (j=0; !allowed_class && sclass->possibleInferiors && sclass->possibleInferiors[j]; j++) {
if (ldb_attr_cmp(current->objectclass->lDAPDisplayName, sclass->possibleInferiors[j]) == 0) {
allowed_class = true;
if (ldb_request_get_control(ac->req, LDB_CONTROL_RELAX_OID)) {
for (j=0; sclass->systemPossibleInferiors && sclass->systemPossibleInferiors[j]; j++) {
if (ldb_attr_cmp(current->objectclass->lDAPDisplayName, sclass->systemPossibleInferiors[j]) == 0) {
allowed_class = true;
break;
}
}
} else {
for (j=0; sclass->systemPossibleInferiors && sclass->systemPossibleInferiors[j]; j++) {
if (ldb_attr_cmp(current->objectclass->lDAPDisplayName, sclass->systemPossibleInferiors[j]) == 0) {
allowed_class = true;
break;
}
}
}
}