diff options
author | Andrew Tridgell <tridge@samba.org> | 2011-09-23 16:15:24 +1000 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 2011-10-04 15:08:55 +1100 |
commit | 0d2d6c94d2da09b01d91c31cbf099248fac90802 (patch) | |
tree | 9a28b75782fca52e6eac6e2bac40cf16822e8a2b /source4/ldap_server | |
parent | 1df100393b6788e7f94876b957f6110bd91f958e (diff) | |
download | samba-0d2d6c94d2da09b01d91c31cbf099248fac90802.tar.gz |
s4-ldap-server: disallow all modifies on global catalog port
Diffstat (limited to 'source4/ldap_server')
-rw-r--r-- | source4/ldap_server/ldap_backend.c | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c index 94f9ad3ace5..57f81eaaaf0 100644 --- a/source4/ldap_server/ldap_backend.c +++ b/source4/ldap_server/ldap_backend.c @@ -305,6 +305,11 @@ static int ldapsrv_add_with_controls(struct ldapsrv_call *call, if (ret != LDB_SUCCESS) return ret; + if (call->conn->global_catalog) { + return ldb_error(ldb, LDB_ERR_UNWILLING_TO_PERFORM, "modify forbidden on global catalog port"); + } + ldb_request_add_control(req, DSDB_CONTROL_NO_GLOBAL_CATALOG, false, NULL); + ret = ldb_transaction_start(ldb); if (ret != LDB_SUCCESS) { return ret; @@ -358,6 +363,11 @@ static int ldapsrv_mod_with_controls(struct ldapsrv_call *call, return ret; } + if (call->conn->global_catalog) { + return ldb_error(ldb, LDB_ERR_UNWILLING_TO_PERFORM, "modify forbidden on global catalog port"); + } + ldb_request_add_control(req, DSDB_CONTROL_NO_GLOBAL_CATALOG, false, NULL); + ret = ldb_transaction_start(ldb); if (ret != LDB_SUCCESS) { return ret; @@ -404,6 +414,11 @@ static int ldapsrv_del_with_controls(struct ldapsrv_call *call, if (ret != LDB_SUCCESS) return ret; + if (call->conn->global_catalog) { + return ldb_error(ldb, LDB_ERR_UNWILLING_TO_PERFORM, "modify forbidden on global catalog port"); + } + ldb_request_add_control(req, DSDB_CONTROL_NO_GLOBAL_CATALOG, false, NULL); + ret = ldb_transaction_start(ldb); if (ret != LDB_SUCCESS) { return ret; @@ -451,6 +466,11 @@ static int ldapsrv_rename_with_controls(struct ldapsrv_call *call, if (ret != LDB_SUCCESS) return ret; + if (call->conn->global_catalog) { + return ldb_error(ldb, LDB_ERR_UNWILLING_TO_PERFORM, "modify forbidden on global catalog port"); + } + ldb_request_add_control(req, DSDB_CONTROL_NO_GLOBAL_CATALOG, false, NULL); + ret = ldb_transaction_start(ldb); if (ret != LDB_SUCCESS) { return ret; |