diff options
author | Matthias Dieter Wallnöfer <mdw@samba.org> | 2012-05-10 16:18:37 +0200 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2012-08-22 01:31:57 +0200 |
commit | 32cd618e6c0d44e0f64409ceda8451cc4665e625 (patch) | |
tree | 2029a5fdf30cef2f38441f453037d3fd029e952e | |
parent | cb63b34b053119fcab093e95f555840afa9cfdcf (diff) | |
download | samba-32cd618e6c0d44e0f64409ceda8451cc4665e625.tar.gz |
LDB:ldb_tdb.c - deny multi-valued attributes manipulation with doublets
This refers to LDB add operations as well, we have only to be careful on
"@ATTRIBUTES" entries.
E.g.
dn: cn=testperson,cn=users,dc=...,dc=...
objectClass: person
url: www.example.com
url: www.example.com
should not work.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
-rw-r--r-- | lib/ldb/ldb_tdb/ldb_tdb.c | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/lib/ldb/ldb_tdb/ldb_tdb.c b/lib/ldb/ldb_tdb/ldb_tdb.c index cc1586dc5ca..3c181509c37 100644 --- a/lib/ldb/ldb_tdb/ldb_tdb.c +++ b/lib/ldb/ldb_tdb/ldb_tdb.c @@ -318,7 +318,7 @@ static int ltdb_add_internal(struct ldb_module *module, { struct ldb_context *ldb = ldb_module_get_ctx(module); int ret = LDB_SUCCESS; - unsigned int i; + unsigned int i, j; for (i=0;i<msg->num_elements;i++) { struct ldb_message_element *el = &msg->elements[i]; @@ -336,6 +336,22 @@ static int ltdb_add_internal(struct ldb_module *module, el->name, ldb_dn_get_linearized(msg->dn)); return LDB_ERR_CONSTRAINT_VIOLATION; } + + /* Do not check "@ATTRIBUTES" for duplicated values */ + if (ldb_dn_is_special(msg->dn) && + ldb_dn_check_special(msg->dn, LTDB_ATTRIBUTES)) { + continue; + } + + /* TODO: This is O(n^2) - replace with more efficient check */ + for (j=0; j<el->num_values; j++) { + if (ldb_msg_find_val(el, &el->values[j]) != &el->values[j]) { + ldb_asprintf_errstring(ldb, + "attribute '%s': value #%u on '%s' provided more than once", + el->name, j, ldb_dn_get_linearized(msg->dn)); + return LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS; + } + } } ret = ltdb_store(module, msg, TDB_INSERT); @@ -761,6 +777,7 @@ int ltdb_modify_internal(struct ldb_module *module, /* Check that values don't exist yet on multi- valued attributes or aren't provided twice */ + /* TODO: This is O(n^2) - replace with more efficient check */ for (j = 0; j < el->num_values; j++) { if (ldb_msg_find_val(el2, &el->values[j]) != NULL) { if (control_permissive) { |