s4:samldb LDB module - the "sAMAccountName" cannot be substituted by nothing

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Mon Nov  1 14:36:24 UTC 2010 on sn-devel-104

diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c
index 0a7ab22c40d86425d34ad0d5a8a7df664677c3c6..13b173a6bcdc75edb191f3e8148143bf415e92c1 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -177,7 +177,10 @@ static int samldb_check_sAMAccountName(struct samldb_ctx *ac)
 
        name = ldb_msg_find_attr_as_string(ac->msg, "sAMAccountName", NULL);
        if (name == NULL) {
-               return ldb_operr(ldb);
+               /* The "sAMAccountName" cannot be nothing */
+               ldb_set_errstring(ldb,
+                                 "samldb: Empty account names aren't allowed!");
+               return LDB_ERR_CONSTRAINT_VIOLATION;
        }
 
        ret = samdb_search_count(ldb, ac, NULL, "(sAMAccountName=%s)",
@@ -1389,7 +1392,10 @@ static int samldb_sam_accountname_check(struct samldb_ctx *ac)
        talloc_free(tmp_msg);
 
        if (sam_accountname == NULL) {
-               return ldb_operr(ldb);
+               /* The "sAMAccountName" cannot be nothing */
+               ldb_set_errstring(ldb,
+                                 "samldb: Empty account names aren't allowed!");
+               return LDB_ERR_UNWILLING_TO_PERFORM;
        }
 
        enc_str = ldb_binary_encode_string(ac, sam_accountname);

diff --git a/source4/dsdb/tests/python/sam.py b/source4/dsdb/tests/python/sam.py
index 43dfcb6b7729830df97d3f5eac182d8fc0a8f37d..6d5b1a2d6a7e28458cc2b562cb5f89b31500f788 100755 (executable)
--- a/source4/dsdb/tests/python/sam.py
+++ b/source4/dsdb/tests/python/sam.py
@@ -136,6 +136,17 @@ class SamTests(unittest.TestCase):
             self.assertEquals(num, ERR_ENTRY_ALREADY_EXISTS)
         self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
 
+        # Try to create a user with an invalid account name
+        try:
+            ldb.add({
+                "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+                "objectclass": "user",
+                "sAMAccountName": []})
+            self.fail()
+        except LdbError, (num, _):
+            self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
+        self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+
         # Try to create a user with an invalid primary group
         try:
             ldb.add({
@@ -712,6 +723,16 @@ class SamTests(unittest.TestCase):
         except LdbError, (num, _):
             self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
 
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["sAMAccountName"] = MessageElement([], FLAG_MOD_REPLACE,
+          "sAMAccountName")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError, (num, _):
+            self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
+
         m = Message()
         m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
         m["sAMAccountName"] = MessageElement([], FLAG_MOD_DELETE,