summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2010-08-17 12:03:47 +1000
committerAndrew Tridgell <tridge@samba.org>2010-08-17 21:21:50 +1000
commit9e27201b24106babc7ac2400f7f063f438b0ddcd (patch)
treec87f13f19ec6b08c2b6ce46215c24b34b222faf5
parent6baa834ebe710d73cfd54e465479a2b2de9d2476 (diff)
downloadsamba-9e27201b24106babc7ac2400f7f063f438b0ddcd.tar.gz
samba-9e27201b24106babc7ac2400f7f063f438b0ddcd.tar.bz2
samba-9e27201b24106babc7ac2400f7f063f438b0ddcd.zip
s4-ldb: added LDB_FLAG_INTERNAL_MASK
This ensures that internal bits for the element flags in add/modify requests are not set via the ldb API Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
-rw-r--r--source4/lib/ldb/common/ldb.c26
-rw-r--r--source4/lib/ldb/include/ldb.h5
2 files changed, 31 insertions, 0 deletions
diff --git a/source4/lib/ldb/common/ldb.c b/source4/lib/ldb/common/ldb.c
index 2642b33f00..03622ce5a1 100644
--- a/source4/lib/ldb/common/ldb.c
+++ b/source4/lib/ldb/common/ldb.c
@@ -766,6 +766,24 @@ static void ldb_trace_request(struct ldb_context *ldb, struct ldb_request *req)
talloc_free(tmp_ctx);
}
+/*
+ check that the element flags don't have any internal bits set
+ */
+static int ldb_msg_check_element_flags(struct ldb_context *ldb,
+ const struct ldb_message *message)
+{
+ unsigned i;
+ for (i=0; i<message->num_elements; i++) {
+ if (message->elements[i].flags & LDB_FLAG_INTERNAL_MASK) {
+ ldb_asprintf_errstring(ldb, "Invalid element flags 0x%08x on element %s in %s\n",
+ message->elements[i].flags, message->elements[i].name,
+ ldb_dn_get_linearized(message->dn));
+ return LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION;
+ }
+ }
+ return LDB_SUCCESS;
+}
+
/*
start an ldb request
@@ -806,11 +824,19 @@ int ldb_request(struct ldb_context *ldb, struct ldb_request *req)
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
+ ret = ldb_msg_check_element_flags(ldb, req->op.add.message);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
FIRST_OP(ldb, add);
ret = module->ops->add(module, req);
break;
case LDB_MODIFY:
FIRST_OP(ldb, modify);
+ ret = ldb_msg_check_element_flags(ldb, req->op.mod.message);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
ret = module->ops->modify(module, req);
break;
case LDB_DELETE:
diff --git a/source4/lib/ldb/include/ldb.h b/source4/lib/ldb/include/ldb.h
index 6625d94dbd..55a6fd1c37 100644
--- a/source4/lib/ldb/include/ldb.h
+++ b/source4/lib/ldb/include/ldb.h
@@ -139,6 +139,11 @@ struct ldb_dn;
#define LDB_FLAG_MOD_DELETE 3
/**
+ flag bits on an element usable only by the internal implementation
+*/
+#define LDB_FLAG_INTERNAL_MASK 0xFFFFFFF0
+
+/**
OID for logic AND comaprison.
This is the well known object ID for a logical AND comparitor.