1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00

s4:rootdse LDB module - protect add and delete operations on the rootdse entry

This commit is contained in:
Matthias Dieter Wallnöfer 2010-06-18 21:10:19 +02:00
parent 72e14ea8bd
commit 7f46a91e77

View File

@ -960,9 +960,24 @@ static int rootdse_schemaupdatenow(struct ldb_module *module, struct ldb_request
return ldb_module_done(req, NULL, NULL, ret);
}
static int rootdse_add(struct ldb_module *module, struct ldb_request *req)
{
struct ldb_context *ldb = ldb_module_get_ctx(module);
/*
If dn is not "" we should let it pass through
*/
if (!ldb_dn_is_null(req->op.add.message->dn)) {
return ldb_next_request(module, req);
}
ldb_set_errstring(ldb, "rootdse_add: you cannot add a new rootdse entry!");
return LDB_ERR_NAMING_VIOLATION;
}
static int rootdse_modify(struct ldb_module *module, struct ldb_request *req)
{
struct ldb_context *ldb;
struct ldb_context *ldb = ldb_module_get_ctx(module);
/*
If dn is not "" we should let it pass through
@ -971,8 +986,6 @@ static int rootdse_modify(struct ldb_module *module, struct ldb_request *req)
return ldb_next_request(module, req);
}
ldb = ldb_module_get_ctx(module);
/*
dn is empty so check for schemaUpdateNow attribute
"The type of modification and values specified in the LDAP modify operation do not matter." MSDN
@ -989,10 +1002,27 @@ static int rootdse_modify(struct ldb_module *module, struct ldb_request *req)
return LDB_ERR_UNWILLING_TO_PERFORM;
}
static int rootdse_delete(struct ldb_module *module, struct ldb_request *req)
{
struct ldb_context *ldb = ldb_module_get_ctx(module);
/*
If dn is not "" we should let it pass through
*/
if (!ldb_dn_is_null(req->op.del.dn)) {
return ldb_next_request(module, req);
}
ldb_set_errstring(ldb, "rootdse_remove: you cannot delete the rootdse entry!");
return LDB_ERR_NO_SUCH_OBJECT;
}
_PUBLIC_ const struct ldb_module_ops ldb_rootdse_module_ops = {
.name = "rootdse",
.init_context = rootdse_init,
.search = rootdse_search,
.request = rootdse_request,
.modify = rootdse_modify
.add = rootdse_add,
.modify = rootdse_modify,
.del = rootdse_delete
};