From 9e27201b24106babc7ac2400f7f063f438b0ddcd Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Tue, 17 Aug 2010 12:03:47 +1000
Subject: s4-ldb: added LDB_FLAG_INTERNAL_MASK

This ensures that internal bits for the element flags in add/modify
requests are not set via the ldb API

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
---
 source4/lib/ldb/common/ldb.c  | 26 ++++++++++++++++++++++++++
 source4/lib/ldb/include/ldb.h |  5 +++++
 2 files changed, 31 insertions(+)

(limited to 'source4/lib')

diff --git a/source4/lib/ldb/common/ldb.c b/source4/lib/ldb/common/ldb.c
index 2642b33f00..03622ce5a1 100644
--- a/source4/lib/ldb/common/ldb.c
+++ b/source4/lib/ldb/common/ldb.c
@@ -766,6 +766,24 @@ static void ldb_trace_request(struct ldb_context *ldb, struct ldb_request *req)
 	talloc_free(tmp_ctx);
 }
 
+/*
+  check that the element flags don't have any internal bits set
+ */
+static int ldb_msg_check_element_flags(struct ldb_context *ldb,
+				       const struct ldb_message *message)
+{
+	unsigned i;
+	for (i=0; i<message->num_elements; i++) {
+		if (message->elements[i].flags & LDB_FLAG_INTERNAL_MASK) {
+			ldb_asprintf_errstring(ldb, "Invalid element flags 0x%08x on element %s in %s\n",
+					       message->elements[i].flags, message->elements[i].name,
+					       ldb_dn_get_linearized(message->dn));
+			return LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION;
+		}
+	}
+	return LDB_SUCCESS;
+}
+
 
 /*
   start an ldb request
@@ -806,11 +824,19 @@ int ldb_request(struct ldb_context *ldb, struct ldb_request *req)
 			ldb_oom(ldb);
 			return LDB_ERR_OPERATIONS_ERROR;
 		}
+		ret = ldb_msg_check_element_flags(ldb, req->op.add.message);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
 		FIRST_OP(ldb, add);
 		ret = module->ops->add(module, req);
 		break;
 	case LDB_MODIFY:
 		FIRST_OP(ldb, modify);
+		ret = ldb_msg_check_element_flags(ldb, req->op.mod.message);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
 		ret = module->ops->modify(module, req);
 		break;
 	case LDB_DELETE:
diff --git a/source4/lib/ldb/include/ldb.h b/source4/lib/ldb/include/ldb.h
index 6625d94dbd..55a6fd1c37 100644
--- a/source4/lib/ldb/include/ldb.h
+++ b/source4/lib/ldb/include/ldb.h
@@ -138,6 +138,11 @@ struct ldb_dn;
 */
 #define LDB_FLAG_MOD_DELETE  3
 
+/**
+    flag bits on an element usable only by the internal implementation
+*/
+#define LDB_FLAG_INTERNAL_MASK 0xFFFFFFF0
+
 /**
   OID for logic AND comaprison.
 
-- 
cgit