diff options
| author | Simo Sorce <idra@samba.org> | 2005-05-17 21:43:47 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:16:52 -0500 |
| commit | ca4e0c8539e5b0e01ca9d68eba8692c544d7a4d6 (patch) | |
| tree | 018e9cc324cb33f16408d960368f2e79c08d638e /source4/lib/ldb/ldb_tdb/ldb_tdb.c | |
| parent | f9ad3029ae97f5d5beed3f85ad912830fa8d7930 (diff) | |
| download | samba-ca4e0c8539e5b0e01ca9d68eba8692c544d7a4d6.tar.gz samba-ca4e0c8539e5b0e01ca9d68eba8692c544d7a4d6.tar.bz2 samba-ca4e0c8539e5b0e01ca9d68eba8692c544d7a4d6.zip | |
r6867: this code will change the way the @ATTRIBUTES object is handled
this object properties are now used as multivalue attributes
now all values inserted are checked against a "valid values table"
eg:
this form is now accepted:
dn: @ATTRIBUTES
uid: CASE_INSENSITIVE
uid: WILDCARD
this form is now rejected:
dn: @ATTRIBUTES
uid: CASE_INSENSITIVE WILDCARD
please update your .ldb files if you make use of @ATTRIBUTES
(sam.ldb heavily uses it)
the code passes all make test tests for both tdb and ldap, it also
passes the new test to check for wrong @ATTRIBUTES attribute values
Simo.
(This used to be commit 1295b891a26c2cb2c34540f90ded83390cf87da2)
Diffstat (limited to 'source4/lib/ldb/ldb_tdb/ldb_tdb.c')
| -rw-r--r-- | source4/lib/ldb/ldb_tdb/ldb_tdb.c | 39 |
1 files changed, 38 insertions, 1 deletions
diff --git a/source4/lib/ldb/ldb_tdb/ldb_tdb.c b/source4/lib/ldb/ldb_tdb/ldb_tdb.c index b47d79de52..f6a23d7433 100644 --- a/source4/lib/ldb/ldb_tdb/ldb_tdb.c +++ b/source4/lib/ldb/ldb_tdb/ldb_tdb.c @@ -281,6 +281,33 @@ int ltdb_unlock_read(struct ldb_module *module) return 0; } +/* + check special dn's have valid attributes + currently only @ATTRIBUTES is checked +*/ +int ltdb_check_special_dn(struct ldb_module *module, const struct ldb_message *msg) +{ + struct ltdb_private *ltdb = module->private_data; + int i, j; + + if (strcmp(msg->dn, LTDB_ATTRIBUTES) != 0) { + return 0; + } + + /* we have @ATTRIBUTES, let's check attributes are fine */ + /* should we check that we deny multivalued attributes ? */ + for (i = 0; i < msg->num_elements; i++) { + for (j = 0; j < msg->elements[i].num_values; j++) { + if (ltdb_check_at_attributes_values(&msg->elements[i].values[j]) != 0) { + ltdb->last_err_string = "Invalid attribute value in an @ATTRIBUTES entry"; + return -1; + } + } + } + + return 0; +} + /* we've made a modification to a dn - possibly reindex and @@ -351,6 +378,11 @@ static int ltdb_add(struct ldb_module *module, const struct ldb_message *msg) ltdb->last_err_string = NULL; + ret = ltdb_check_special_dn(module, msg); + if (ret != 0) { + return ret; + } + if (ltdb_lock(module, LDBLOCK) != 0) { return -1; } @@ -359,7 +391,7 @@ static int ltdb_add(struct ldb_module *module, const struct ldb_message *msg) ltdb_unlock(module, LDBLOCK); return -1; } - + ret = ltdb_store(module, msg, TDB_INSERT); if (ret == 0) { @@ -736,6 +768,11 @@ static int ltdb_modify(struct ldb_module *module, const struct ldb_message *msg) ltdb->last_err_string = NULL; + ret = ltdb_check_special_dn(module, msg); + if (ret != 0) { + return ret; + } + if (ltdb_lock(module, LDBLOCK) != 0) { return -1; } |