diff options
author | Stefan Metzmacher <metze@samba.org> | 2014-07-08 16:19:09 +0200 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2014-07-15 12:46:16 +0200 |
commit | 82f4748509d8e5949f230b8039d1ed474c18008d (patch) | |
tree | 21db2728d3095910aa7a01c62ab962fb29de6a46 /source4 | |
parent | a29068fea97dc7d7e0469dad27b855ba62a47005 (diff) | |
download | samba-82f4748509d8e5949f230b8039d1ed474c18008d.tar.gz |
s4:dsdb/samldb: don't allow 'userParameters' to be modified over LDAP for now
For now it's safer to reject setting 'userParameters' via LDAP,
as we'll not provide the same behavior as a Windows Server.
If someone requires that feature please report this in the following
bug reports!
Bug: https://bugzilla.samba.org/show_bug.cgi?id=8077
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10130
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jul 9 11:07:51 CEST 2014 on sn-devel-104
(cherry picked from commit 04e9d020c97c2dcd360b1845907f4c396d5671dc)
Diffstat (limited to 'source4')
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/samldb.c | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index ca553e615ce..2f8c5728fe4 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -2268,6 +2268,15 @@ static int samldb_add(struct ldb_module *module, struct ldb_request *req) return ldb_next_request(module, req); } + el = ldb_msg_find_element(req->op.add.message, "userParameters"); + if (el != NULL && ldb_req_is_untrusted(req)) { + const char *reason = "samldb_add: " + "setting userParameters is not supported over LDAP, " + "see https://bugzilla.samba.org/show_bug.cgi?id=8077"; + ldb_debug(ldb, LDB_DEBUG_WARNING, "%s", reason); + return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION, reason); + } + ac = samldb_ctx_init(module, req); if (ac == NULL) { return ldb_operr(ldb); @@ -2407,6 +2416,15 @@ static int samldb_modify(struct ldb_module *module, struct ldb_request *req) } } + el = ldb_msg_find_element(req->op.mod.message, "userParameters"); + if (el != NULL && ldb_req_is_untrusted(req)) { + const char *reason = "samldb: " + "setting userParameters is not supported over LDAP, " + "see https://bugzilla.samba.org/show_bug.cgi?id=8077"; + ldb_debug(ldb, LDB_DEBUG_WARNING, "%s", reason); + return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION, reason); + } + ac = samldb_ctx_init(module, req); if (ac == NULL) { return ldb_operr(ldb); |