diff options
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/objectclass_attrs.c | 14 | ||||
-rw-r--r-- | source4/lib/ldb/ldb_tdb/ldb_tdb.c | 44 |
2 files changed, 13 insertions, 45 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c b/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c index 042d26b981..5b76a0b946 100644 --- a/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c +++ b/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c @@ -180,7 +180,7 @@ static int attr_handler2(struct oc_context *ac) } /* Check if all specified attributes are valid in the given - * objectclasses. */ + * objectclasses and if they meet additional schema restrictions. */ msg = ac->search_res->message; for (i = 0; i < msg->num_elements; i++) { attr = dsdb_attribute_by_lDAPDisplayName(ac->schema, @@ -189,6 +189,18 @@ static int attr_handler2(struct oc_context *ac) return LDB_ERR_OPERATIONS_ERROR; } + /* Check if they're single-valued if this is requested */ + if ((msg->elements[i].num_values > 1) && (attr->isSingleValued)) { + ldb_asprintf_errstring(ldb, "objectclass_attrs: attribute '%s' on entry '%s' is single-valued!", + msg->elements[i].name, + ldb_dn_get_linearized(msg->dn)); + if (ac->req->operation == LDB_ADD) { + return LDB_ERR_CONSTRAINT_VIOLATION; + } else { + return LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS; + } + } + /* We can use "str_list_check" with "strcmp" here since the * attribute informations from the schema are always equal * up-down-cased. */ diff --git a/source4/lib/ldb/ldb_tdb/ldb_tdb.c b/source4/lib/ldb/ldb_tdb/ldb_tdb.c index c80ecd0b43..c421dda791 100644 --- a/source4/lib/ldb/ldb_tdb/ldb_tdb.c +++ b/source4/lib/ldb/ldb_tdb/ldb_tdb.c @@ -294,20 +294,12 @@ static int ltdb_add_internal(struct ldb_module *module, for (i=0;i<msg->num_elements;i++) { struct ldb_message_element *el = &msg->elements[i]; - const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(ldb, el->name); if (el->num_values == 0) { ldb_asprintf_errstring(ldb, "attribute %s on %s specified, but with 0 values (illegal)", el->name, ldb_dn_get_linearized(msg->dn)); return LDB_ERR_CONSTRAINT_VIOLATION; } - if (a && a->flags & LDB_ATTR_FLAG_SINGLE_VALUE) { - if (el->num_values > 1) { - ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once", - el->name, ldb_dn_get_linearized(msg->dn)); - return LDB_ERR_CONSTRAINT_VIOLATION; - } - } } ret = ltdb_store(module, msg, TDB_INSERT); @@ -649,7 +641,6 @@ int ltdb_modify_internal(struct ldb_module *module, for (i=0; i<msg->num_elements; i++) { struct ldb_message_element *el = &msg->elements[i], *el2; struct ldb_val *vals; - const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(ldb, el->name); const char *dn; switch (msg->elements[i].flags & LDB_FLAG_MOD_MASK) { @@ -685,15 +676,6 @@ int ltdb_modify_internal(struct ldb_module *module, } } - if (a && a->flags & LDB_ATTR_FLAG_SINGLE_VALUE) { - if (el->num_values > 1) { - ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once", - el->name, ldb_dn_get_linearized(msg2->dn)); - ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS; - goto done; - } - } - /* Checks if element already exists */ idx = find_element(msg2, el->name); if (idx == -1) { @@ -706,15 +688,6 @@ int ltdb_modify_internal(struct ldb_module *module, goto done; } } else { - /* We cannot add another value on a existing one - if the attribute is single-valued */ - if (a && a->flags & LDB_ATTR_FLAG_SINGLE_VALUE) { - ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once", - el->name, ldb_dn_get_linearized(msg2->dn)); - ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS; - goto done; - } - el2 = &(msg2->elements[idx]); /* Check that values don't exist yet on multi- @@ -772,23 +745,6 @@ int ltdb_modify_internal(struct ldb_module *module, case LDB_FLAG_MOD_REPLACE: - if (a && a->flags & LDB_ATTR_FLAG_SINGLE_VALUE) { - /* the RELAX control overrides this - check for replace. This is needed as - DRS replication can produce multiple - values here for a single valued - attribute when the values are deleted - links - */ - if (el->num_values > 1 && - (!req || !ldb_request_get_control(req, LDB_CONTROL_RELAX_OID))) { - ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once", - el->name, ldb_dn_get_linearized(msg2->dn)); - ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS; - goto done; - } - } - /* TODO: This is O(n^2) - replace with more efficient check */ for (j=0; j<el->num_values; j++) { if (ldb_msg_find_val(el, &el->values[j]) != &el->values[j]) { |