git.samba.org / kai / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1df1003)
s4-ldap-server: disallow all modifies on global catalog port
authorAndrew Tridgell <tridge@samba.org>
Fri, 23 Sep 2011 06:15:24 +0000 (16:15 +1000)
committerAndrew Tridgell <tridge@samba.org>
Tue, 4 Oct 2011 04:08:55 +0000 (15:08 +1100)
source4/ldap_server/ldap_backend.c patch | blob | history

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index 94f9ad3ace57bc91e3f42a5e2b0b367063279c06..57f81eaaaf04c8020e2a4b896815fe29cfe35dc6 100644 (file)
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -305,6 +305,11 @@ static int ldapsrv_add_with_controls(struct ldapsrv_call *call,
 
        if (ret != LDB_SUCCESS) return ret;
 
+       if (call->conn->global_catalog) {
+               return ldb_error(ldb, LDB_ERR_UNWILLING_TO_PERFORM, "modify forbidden on global catalog port");
+       }
+       ldb_request_add_control(req, DSDB_CONTROL_NO_GLOBAL_CATALOG, false, NULL);
+
        ret = ldb_transaction_start(ldb);
        if (ret != LDB_SUCCESS) {
                return ret;
@@ -358,6 +363,11 @@ static int ldapsrv_mod_with_controls(struct ldapsrv_call *call,
                return ret;
        }
 
+       if (call->conn->global_catalog) {
+               return ldb_error(ldb, LDB_ERR_UNWILLING_TO_PERFORM, "modify forbidden on global catalog port");
+       }
+       ldb_request_add_control(req, DSDB_CONTROL_NO_GLOBAL_CATALOG, false, NULL);
+
        ret = ldb_transaction_start(ldb);
        if (ret != LDB_SUCCESS) {
                return ret;
@@ -404,6 +414,11 @@ static int ldapsrv_del_with_controls(struct ldapsrv_call *call,
 
        if (ret != LDB_SUCCESS) return ret;
 
+       if (call->conn->global_catalog) {
+               return ldb_error(ldb, LDB_ERR_UNWILLING_TO_PERFORM, "modify forbidden on global catalog port");
+       }
+       ldb_request_add_control(req, DSDB_CONTROL_NO_GLOBAL_CATALOG, false, NULL);
+
        ret = ldb_transaction_start(ldb);
        if (ret != LDB_SUCCESS) {
                return ret;
@@ -451,6 +466,11 @@ static int ldapsrv_rename_with_controls(struct ldapsrv_call *call,
 
        if (ret != LDB_SUCCESS) return ret;
 
+       if (call->conn->global_catalog) {
+               return ldb_error(ldb, LDB_ERR_UNWILLING_TO_PERFORM, "modify forbidden on global catalog port");
+       }
+       ldb_request_add_control(req, DSDB_CONTROL_NO_GLOBAL_CATALOG, false, NULL);
+
        ret = ldb_transaction_start(ldb);
        if (ret != LDB_SUCCESS) {
                return ret;
Kai's WIP code