diff options
| author | Kamen Mazdrashki <kamenim@samba.org> | 2010-10-20 13:49:46 +0300 |
|---|---|---|
| committer | Kamen Mazdrashki <kamenim@samba.org> | 2010-10-21 23:32:26 +0000 |
| commit | 2a001381e88b18b8612cdc2a40d9ea3c825548ea (patch) | |
| tree | af37b00bcfbc16fce7cdeb0cf20f043bc859fb02 | |
| parent | 14cb61da8fe4fb24c3e066e5731d0be00ddb893b (diff) | |
| download | samba-2a001381e88b18b8612cdc2a40d9ea3c825548ea.tar.gz samba-2a001381e88b18b8612cdc2a40d9ea3c825548ea.tar.bz2 samba-2a001381e88b18b8612cdc2a40d9ea3c825548ea.zip | |
s4-dsdb/schema_syntax: Separate validation for numericoid OID values
This implementation doesn't use prefixMap/Schema to validate
numericoid OIDs. We may not have this OID yet, so I see no point
checking schema for if we have it.
Side effect of using prefixMap/Schema for validating numericoids
is that we mistakenly add the OID to the prefixMap.
This led to a corrupted prefixMap in LDB.
Autobuild-User: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date: Thu Oct 21 23:32:26 UTC 2010 on sn-devel-104
| -rw-r--r-- | source4/dsdb/schema/schema_syntax.c | 50 |
1 files changed, 47 insertions, 3 deletions
diff --git a/source4/dsdb/schema/schema_syntax.c b/source4/dsdb/schema/schema_syntax.c index db53aea612..d6e45273af 100644 --- a/source4/dsdb/schema/schema_syntax.c +++ b/source4/dsdb/schema/schema_syntax.c @@ -30,6 +30,7 @@ #include "system/time.h" #include "../lib/util/charset/charset.h" #include "librpc/ndr/libndr.h" +#include "../lib/util/asn1.h" /** * Initialize dsdb_syntax_ctx with default values @@ -1303,6 +1304,44 @@ static WERROR dsdb_syntax_OID_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx, return _dsdb_syntax_auto_OID_ldb_to_drsuapi(ctx, attr, in, mem_ctx, out); } +static WERROR _dsdb_syntax_OID_validate_numericoid(const struct dsdb_syntax_ctx *ctx, + const struct dsdb_attribute *attr, + const struct ldb_message_element *in) +{ + unsigned int i; + TALLOC_CTX *tmp_ctx; + + tmp_ctx = talloc_new(ctx->ldb); + W_ERROR_HAVE_NO_MEMORY(tmp_ctx); + + for (i=0; i < in->num_values; i++) { + DATA_BLOB blob; + const char *oid_out; + const char *oid = (const char*)in->values[i].data; + + if (!ber_write_OID_String(tmp_ctx, &blob, oid)) { + DEBUG(0,("ber_write_OID_String() failed for %s\n", oid)); + talloc_free(tmp_ctx); + return WERR_INVALID_PARAMETER; + } + + if (!ber_read_OID_String(tmp_ctx, blob, &oid_out)) { + DEBUG(0,("ber_read_OID_String() failed for %s\n", + hex_encode_talloc(tmp_ctx, blob.data, blob.length))); + talloc_free(tmp_ctx); + return WERR_INVALID_PARAMETER; + } + + if (strcmp(oid, oid_out) != 0) { + talloc_free(tmp_ctx); + return WERR_INVALID_PARAMETER; + } + } + + talloc_free(tmp_ctx); + return WERR_OK; +} + static WERROR dsdb_syntax_OID_validate_ldb(const struct dsdb_syntax_ctx *ctx, const struct dsdb_attribute *attr, const struct ldb_message_element *in) @@ -1316,14 +1355,19 @@ static WERROR dsdb_syntax_OID_validate_ldb(const struct dsdb_syntax_ctx *ctx, return WERR_FOOBAR; } + switch (attr->attributeID_id) { + case DRSUAPI_ATTRIBUTE_governsID: + case DRSUAPI_ATTRIBUTE_attributeID: + case DRSUAPI_ATTRIBUTE_attributeSyntax: + return _dsdb_syntax_OID_validate_numericoid(ctx, attr, in); + } + /* * TODO: optimize and verify this code */ tmp_ctx = talloc_new(ctx->ldb); - if (tmp_ctx == NULL) { - return WERR_NOMEM; - } + W_ERROR_HAVE_NO_MEMORY(tmp_ctx); status = dsdb_syntax_OID_ldb_to_drsuapi(ctx, attr, |