From 5150f8597a2211414ddbd588e8bd64e0ef3c29a7 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 15 Jun 2010 22:26:22 +1000
Subject: s4:dsdb Assert that we can't get backlinks as input in
 linked_attributes

The objectclass_attr module should prevent users creating such links,
and the mrepl_meta_data module should only create them in functional
level 2003 or above.

Andrew Bartlett
---
 source4/dsdb/samdb/ldb_modules/linked_attributes.c | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

(limited to 'source4/dsdb')

diff --git a/source4/dsdb/samdb/ldb_modules/linked_attributes.c b/source4/dsdb/samdb/ldb_modules/linked_attributes.c
index 82fe27ef7f..4f36509a85 100644
--- a/source4/dsdb/samdb/ldb_modules/linked_attributes.c
+++ b/source4/dsdb/samdb/ldb_modules/linked_attributes.c
@@ -229,9 +229,16 @@ static int linked_attributes_add(struct ldb_module *module, struct ldb_request *
 			return LDB_ERR_OBJECT_CLASS_VIOLATION;			
 		}
 		/* We have a valid attribute, now find out if it is a forward link */
-		if ((schema_attr->linkID == 0) || ((schema_attr->linkID & 1) == 1)) {
+		if ((schema_attr->linkID == 0)) {
 			continue;
 		}
+
+		if ((schema_attr->linkID & 1) == 1) {
+			unsigned int functional_level;
+			
+			functional_level = dsdb_functional_level(ldb);
+			SMB_ASSERT(functional_level > DS_DOMAIN_FUNCTION_2000);
+		}
 		
 		/* Even link IDs are for the originating attribute */
 		target_attr = dsdb_attribute_by_linkID(ac->schema, schema_attr->linkID + 1);
@@ -456,10 +463,16 @@ static int linked_attributes_modify(struct ldb_module *module, struct ldb_reques
 		}
 		/* We have a valid attribute, now find out if it is a forward link
 		   (Even link IDs are for the originating attribute) */
-		if ((schema_attr->linkID == 0) || ((schema_attr->linkID & 1) == 1)) {
+		if (schema_attr->linkID == 0) {
 			continue;
 		}
 
+		if ((schema_attr->linkID & 1) == 1) {
+			unsigned int functional_level;
+			
+			functional_level = dsdb_functional_level(ldb);
+			SMB_ASSERT(functional_level > DS_DOMAIN_FUNCTION_2000);
+		}
 		/* Now find the target attribute */
 		target_attr = dsdb_attribute_by_linkID(ac->schema, schema_attr->linkID + 1);
 		if (!target_attr) {
-- 
cgit