summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKamen Mazdrashki <kamenim@samba.org>2010-10-20 13:49:46 +0300
committerKamen Mazdrashki <kamenim@samba.org>2010-10-21 23:32:26 +0000
commit2a001381e88b18b8612cdc2a40d9ea3c825548ea (patch)
treeaf37b00bcfbc16fce7cdeb0cf20f043bc859fb02
parent14cb61da8fe4fb24c3e066e5731d0be00ddb893b (diff)
downloadsamba-2a001381e88b18b8612cdc2a40d9ea3c825548ea.tar.gz
samba-2a001381e88b18b8612cdc2a40d9ea3c825548ea.tar.xz
samba-2a001381e88b18b8612cdc2a40d9ea3c825548ea.zip
s4-dsdb/schema_syntax: Separate validation for numericoid OID values
This implementation doesn't use prefixMap/Schema to validate numericoid OIDs. We may not have this OID yet, so I see no point checking schema for if we have it. Side effect of using prefixMap/Schema for validating numericoids is that we mistakenly add the OID to the prefixMap. This led to a corrupted prefixMap in LDB. Autobuild-User: Kamen Mazdrashki <kamenim@samba.org> Autobuild-Date: Thu Oct 21 23:32:26 UTC 2010 on sn-devel-104
-rw-r--r--source4/dsdb/schema/schema_syntax.c50
1 files changed, 47 insertions, 3 deletions
diff --git a/source4/dsdb/schema/schema_syntax.c b/source4/dsdb/schema/schema_syntax.c
index db53aea612..d6e45273af 100644
--- a/source4/dsdb/schema/schema_syntax.c
+++ b/source4/dsdb/schema/schema_syntax.c
@@ -30,6 +30,7 @@
#include "system/time.h"
#include "../lib/util/charset/charset.h"
#include "librpc/ndr/libndr.h"
+#include "../lib/util/asn1.h"
/**
* Initialize dsdb_syntax_ctx with default values
@@ -1303,6 +1304,44 @@ static WERROR dsdb_syntax_OID_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
return _dsdb_syntax_auto_OID_ldb_to_drsuapi(ctx, attr, in, mem_ctx, out);
}
+static WERROR _dsdb_syntax_OID_validate_numericoid(const struct dsdb_syntax_ctx *ctx,
+ const struct dsdb_attribute *attr,
+ const struct ldb_message_element *in)
+{
+ unsigned int i;
+ TALLOC_CTX *tmp_ctx;
+
+ tmp_ctx = talloc_new(ctx->ldb);
+ W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
+
+ for (i=0; i < in->num_values; i++) {
+ DATA_BLOB blob;
+ const char *oid_out;
+ const char *oid = (const char*)in->values[i].data;
+
+ if (!ber_write_OID_String(tmp_ctx, &blob, oid)) {
+ DEBUG(0,("ber_write_OID_String() failed for %s\n", oid));
+ talloc_free(tmp_ctx);
+ return WERR_INVALID_PARAMETER;
+ }
+
+ if (!ber_read_OID_String(tmp_ctx, blob, &oid_out)) {
+ DEBUG(0,("ber_read_OID_String() failed for %s\n",
+ hex_encode_talloc(tmp_ctx, blob.data, blob.length)));
+ talloc_free(tmp_ctx);
+ return WERR_INVALID_PARAMETER;
+ }
+
+ if (strcmp(oid, oid_out) != 0) {
+ talloc_free(tmp_ctx);
+ return WERR_INVALID_PARAMETER;
+ }
+ }
+
+ talloc_free(tmp_ctx);
+ return WERR_OK;
+}
+
static WERROR dsdb_syntax_OID_validate_ldb(const struct dsdb_syntax_ctx *ctx,
const struct dsdb_attribute *attr,
const struct ldb_message_element *in)
@@ -1316,14 +1355,19 @@ static WERROR dsdb_syntax_OID_validate_ldb(const struct dsdb_syntax_ctx *ctx,
return WERR_FOOBAR;
}
+ switch (attr->attributeID_id) {
+ case DRSUAPI_ATTRIBUTE_governsID:
+ case DRSUAPI_ATTRIBUTE_attributeID:
+ case DRSUAPI_ATTRIBUTE_attributeSyntax:
+ return _dsdb_syntax_OID_validate_numericoid(ctx, attr, in);
+ }
+
/*
* TODO: optimize and verify this code
*/
tmp_ctx = talloc_new(ctx->ldb);
- if (tmp_ctx == NULL) {
- return WERR_NOMEM;
- }
+ W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
status = dsdb_syntax_OID_ldb_to_drsuapi(ctx,
attr,