sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-13 13:18:06 +03:00
Code

s4:rootdse LDB module - protect add and delete operations on the rootdse entry

Browse Source
This commit is contained in:
Matthias Dieter Wallnöfer 2010-06-18 21:10:19 +02:00
parent 72e14ea8bd
commit 7f46a91e77
1 changed files with 34 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
source4/dsdb/samdb/ldb_modules/rootdse.c
View File

@ -960,9 +960,24 @@ static int rootdse_schemaupdatenow(struct ldb_module *module, struct ldb_request
return ldb_module_done(req, NULL, NULL, ret); return ldb_module_done(req, NULL, NULL, ret);
} }
static int rootdse_add(struct ldb_module *module, struct ldb_request *req)
{
struct ldb_context *ldb = ldb_module_get_ctx(module);
/*
If dn is not "" we should let it pass through
*/
if (!ldb_dn_is_null(req->op.add.message->dn)) {
return ldb_next_request(module, req);
}
ldb_set_errstring(ldb, "rootdse_add: you cannot add a new rootdse entry!");
return LDB_ERR_NAMING_VIOLATION;
}
static int rootdse_modify(struct ldb_module *module, struct ldb_request *req) static int rootdse_modify(struct ldb_module *module, struct ldb_request *req)
{ {
struct ldb_context *ldb; struct ldb_context *ldb = ldb_module_get_ctx(module);
/* /*
If dn is not "" we should let it pass through If dn is not "" we should let it pass through
@ -971,8 +986,6 @@ static int rootdse_modify(struct ldb_module *module, struct ldb_request *req)
return ldb_next_request(module, req); return ldb_next_request(module, req);
} }
ldb = ldb_module_get_ctx(module);
/* /*
dn is empty so check for schemaUpdateNow attribute dn is empty so check for schemaUpdateNow attribute
"The type of modification and values specified in the LDAP modify operation do not matter." MSDN "The type of modification and values specified in the LDAP modify operation do not matter." MSDN
@ -989,10 +1002,27 @@ static int rootdse_modify(struct ldb_module *module, struct ldb_request *req)
return LDB_ERR_UNWILLING_TO_PERFORM; return LDB_ERR_UNWILLING_TO_PERFORM;
} }
static int rootdse_delete(struct ldb_module *module, struct ldb_request *req)
{
struct ldb_context *ldb = ldb_module_get_ctx(module);
/*
If dn is not "" we should let it pass through
*/
if (!ldb_dn_is_null(req->op.del.dn)) {
return ldb_next_request(module, req);
}
ldb_set_errstring(ldb, "rootdse_remove: you cannot delete the rootdse entry!");
return LDB_ERR_NO_SUCH_OBJECT;
}
_PUBLIC_ const struct ldb_module_ops ldb_rootdse_module_ops = { _PUBLIC_ const struct ldb_module_ops ldb_rootdse_module_ops = {
.name = "rootdse", .name = "rootdse",
.init_context = rootdse_init, .init_context = rootdse_init,
.search = rootdse_search, .search = rootdse_search,
.request = rootdse_request, .request = rootdse_request,
.modify = rootdse_modify .add = rootdse_add,
.modify = rootdse_modify,
.del = rootdse_delete
}; };