diff options
| author | Nadezhda Ivanova <nivanova@symas.com> | 2013-10-29 18:17:27 +0200 |
|---|---|---|
| committer | Nadezhda Ivanova <nivanova@samba.org> | 2013-11-03 16:17:30 +0100 |
| commit | 8a505090215501324f83dda86d146708b687abcc (patch) | |
| tree | 77a5fce2ff0ddd24495277463e568667f5447a20 | |
| parent | 22945de4300cff49db663c5d7c69bd76ac889c9d (diff) | |
| download | samba-8a505090215501324f83dda86d146708b687abcc.tar.gz samba-8a505090215501324f83dda86d146708b687abcc.tar.xz samba-8a505090215501324f83dda86d146708b687abcc.zip | |
s4-dsdb: instanceType NC_HEAD is only allowed combined with WRITE for an originating add operation
As described in MS-ATDS 3.1.1.5.2.8.
Signed-off-by: Nadezhda Ivanova <nivanova@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date(master): Sun Nov 3 16:17:30 CET 2013 on sn-devel-104
| -rw-r--r-- | source4/dsdb/samdb/ldb_modules/instancetype.c | 3 | ||||
| -rwxr-xr-x | source4/dsdb/tests/python/ldap.py | 17 |
2 files changed, 15 insertions, 5 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/instancetype.c b/source4/dsdb/samdb/ldb_modules/instancetype.c index 7bf95f3180..c35f4b6a26 100644 --- a/source4/dsdb/samdb/ldb_modules/instancetype.c +++ b/source4/dsdb/samdb/ldb_modules/instancetype.c @@ -80,8 +80,7 @@ static int instancetype_add(struct ldb_module *module, struct ldb_request *req) * "TYPE_WRITE" flag in order to succeed, * unless this NC is not instantiated */ - if (!(instanceType & INSTANCE_TYPE_UNINSTANT) && - !(instanceType & INSTANCE_TYPE_WRITE)) { + if (!(instanceType & INSTANCE_TYPE_WRITE)) { ldb_set_errstring(ldb, "instancetype: if TYPE_IS_NC_HEAD was set, then also TYPE_WRITE is requested!"); return LDB_ERR_UNWILLING_TO_PERFORM; } diff --git a/source4/dsdb/tests/python/ldap.py b/source4/dsdb/tests/python/ldap.py index 643830fed7..f6b08e4cf3 100755 --- a/source4/dsdb/tests/python/ldap.py +++ b/source4/dsdb/tests/python/ldap.py @@ -667,7 +667,7 @@ class BasicTests(samba.tests.TestCase): def test_single_valued_attributes(self): """Test single-valued attributes""" - print "Test single-valued attributes""" + print "Test single-valued attributes" try: self.ldb.add({ @@ -767,7 +767,7 @@ class BasicTests(samba.tests.TestCase): def test_empty_messages(self): """Test empty messages""" - print "Test empty messages""" + print "Test empty messages" m = Message() m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) @@ -788,7 +788,7 @@ class BasicTests(samba.tests.TestCase): def test_empty_attributes(self): """Test empty attributes""" - print "Test empty attributes""" + print "Test empty attributes" m = Message() m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) @@ -900,6 +900,17 @@ class BasicTests(samba.tests.TestCase): delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + #only write is allowed with NC_HEAD for originating updates + try: + self.ldb.add({ + "dn": "cn=ldaptestuser2,cn=users," + self.base_dn, + "objectclass": "user", + "instanceType": "3" }) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_UNWILLING_TO_PERFORM) + delete_force(self.ldb, "cn=ldaptestuser2,cn=users," + self.base_dn) + def test_distinguished_name(self): """Tests the 'distinguishedName' attribute""" print "Tests the 'distinguishedName' attribute" |