}
/* Fix all attribute names to be in the correct case, and check they are all valid per the schema */
-static int fix_attributes(struct ldb_context *ldb, const struct dsdb_schema *schema, struct ldb_message *msg)
+static int fix_check_attributes(struct ldb_context *ldb,
+ const struct dsdb_schema *schema,
+ struct ldb_message *msg,
+ enum ldb_request_type op)
{
- int i;
+ unsigned int i;
for (i=0; i < msg->num_elements; i++) {
const struct dsdb_attribute *attribute = dsdb_attribute_by_lDAPDisplayName(schema, msg->elements[i].name);
/* Add in a very special case for 'clearTextPassword',
}
} else {
msg->elements[i].name = attribute->lDAPDisplayName;
+
+ /* We have to deny write operations on constructed attributes */
+ if ((attribute->systemFlags & DS_FLAG_ATTR_IS_CONSTRUCTED) != 0) {
+ if (op == LDB_ADD) {
+ return LDB_ERR_UNDEFINED_ATTRIBUTE_TYPE;
+ } else {
+ return LDB_ERR_CONSTRAINT_VIOLATION;
+ }
+ }
+
}
}
}
if (schema) {
- ret = fix_attributes(ldb, schema, msg);
+ ret = fix_check_attributes(ldb, schema, msg, ac->req->operation);
if (ret != LDB_SUCCESS) {
talloc_free(mem_ctx);
return ret;
return LDB_ERR_OPERATIONS_ERROR;
}
- ret = fix_attributes(ldb, schema, msg);
+ ret = fix_check_attributes(ldb, schema, msg, req->operation);
if (ret != LDB_SUCCESS) {
return ret;
}
return LDB_ERR_OPERATIONS_ERROR;
}
- ret = fix_attributes(ldb, schema, msg);
+ ret = fix_check_attributes(ldb, schema, msg, req->operation);
if (ret != LDB_SUCCESS) {
talloc_free(mem_ctx);
return ret;
return LDB_ERR_OPERATIONS_ERROR;
}
- ret = fix_attributes(ldb, schema, msg);
+ ret = fix_check_attributes(ldb, schema, msg, req->operation);
if (ret != LDB_SUCCESS) {
ldb_oom(ldb);
return ret;
projects / thirdparty / samba.git / commitdiff
