diff options
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/samldb.c | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 2394bd9851e..479f89ad9a4 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -683,6 +683,7 @@ static int samldb_fill_object(struct samldb_ctx *ac) } case SAMLDB_TYPE_CLASS: { + const char *lDAPDisplayName = NULL; const struct ldb_val *rdn_value, *def_obj_cat_val; unsigned int v = ldb_msg_find_attr_as_uint(ac->msg, "objectClassCategory", -2); @@ -719,6 +720,20 @@ static int samldb_fill_object(struct samldb_ctx *ac) } } + lDAPDisplayName = ldb_msg_find_attr_as_string(ac->msg, + "lDAPDisplayName", + NULL); + ret = ldb_valid_attr_name(lDAPDisplayName); + if (ret != 1 || + lDAPDisplayName[0] == '*' || + lDAPDisplayName[0] == '@') + { + return dsdb_module_werror(ac->module, + LDB_ERR_UNWILLING_TO_PERFORM, + WERR_DS_INVALID_LDAP_DISPLAY_NAME, + "lDAPDisplayName is invalid"); + } + if (!ldb_msg_find_element(ac->msg, "schemaIDGUID")) { struct GUID guid; /* a new GUID */ @@ -780,6 +795,7 @@ static int samldb_fill_object(struct samldb_ctx *ac) } case SAMLDB_TYPE_ATTRIBUTE: { + const char *lDAPDisplayName = NULL; const struct ldb_val *rdn_value; struct ldb_message_element *el; rdn_value = ldb_dn_get_rdn_val(ac->msg->dn); @@ -797,6 +813,20 @@ static int samldb_fill_object(struct samldb_ctx *ac) } } + lDAPDisplayName = ldb_msg_find_attr_as_string(ac->msg, + "lDAPDisplayName", + NULL); + ret = ldb_valid_attr_name(lDAPDisplayName); + if (ret != 1 || + lDAPDisplayName[0] == '*' || + lDAPDisplayName[0] == '@') + { + return dsdb_module_werror(ac->module, + LDB_ERR_UNWILLING_TO_PERFORM, + WERR_DS_INVALID_LDAP_DISPLAY_NAME, + "lDAPDisplayName is invalid"); + } + /* do not allow one to mark an attributeSchema as RODC filtered if it * is system-critical */ if (check_rodc_critical_attribute(ac->msg)) { |