summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthias Dieter Wallnöfer <mdw@samba.org>2012-05-10 16:18:37 +0200
committerAndrew Bartlett <abartlet@samba.org>2012-08-22 01:31:57 +0200
commit32cd618e6c0d44e0f64409ceda8451cc4665e625 (patch)
tree2029a5fdf30cef2f38441f453037d3fd029e952e
parentcb63b34b053119fcab093e95f555840afa9cfdcf (diff)
downloadsamba-32cd618e6c0d44e0f64409ceda8451cc4665e625.tar.gz
LDB:ldb_tdb.c - deny multi-valued attributes manipulation with doublets
This refers to LDB add operations as well, we have only to be careful on "@ATTRIBUTES" entries. E.g. dn: cn=testperson,cn=users,dc=...,dc=... objectClass: person url: www.example.com url: www.example.com should not work. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
-rw-r--r--lib/ldb/ldb_tdb/ldb_tdb.c19
1 files changed, 18 insertions, 1 deletions
diff --git a/lib/ldb/ldb_tdb/ldb_tdb.c b/lib/ldb/ldb_tdb/ldb_tdb.c
index cc1586dc5ca..3c181509c37 100644
--- a/lib/ldb/ldb_tdb/ldb_tdb.c
+++ b/lib/ldb/ldb_tdb/ldb_tdb.c
@@ -318,7 +318,7 @@ static int ltdb_add_internal(struct ldb_module *module,
{
struct ldb_context *ldb = ldb_module_get_ctx(module);
int ret = LDB_SUCCESS;
- unsigned int i;
+ unsigned int i, j;
for (i=0;i<msg->num_elements;i++) {
struct ldb_message_element *el = &msg->elements[i];
@@ -336,6 +336,22 @@ static int ltdb_add_internal(struct ldb_module *module,
el->name, ldb_dn_get_linearized(msg->dn));
return LDB_ERR_CONSTRAINT_VIOLATION;
}
+
+ /* Do not check "@ATTRIBUTES" for duplicated values */
+ if (ldb_dn_is_special(msg->dn) &&
+ ldb_dn_check_special(msg->dn, LTDB_ATTRIBUTES)) {
+ continue;
+ }
+
+ /* TODO: This is O(n^2) - replace with more efficient check */
+ for (j=0; j<el->num_values; j++) {
+ if (ldb_msg_find_val(el, &el->values[j]) != &el->values[j]) {
+ ldb_asprintf_errstring(ldb,
+ "attribute '%s': value #%u on '%s' provided more than once",
+ el->name, j, ldb_dn_get_linearized(msg->dn));
+ return LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
+ }
+ }
}
ret = ltdb_store(module, msg, TDB_INSERT);
@@ -761,6 +777,7 @@ int ltdb_modify_internal(struct ldb_module *module,
/* Check that values don't exist yet on multi-
valued attributes or aren't provided twice */
+ /* TODO: This is O(n^2) - replace with more efficient check */
for (j = 0; j < el->num_values; j++) {
if (ldb_msg_find_val(el2, &el->values[j]) != NULL) {
if (control_permissive) {