From 38157a093bc782ea2f1493229727ff1ecae753dd Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 20 Mar 2014 15:22:40 +0100 Subject: autorid: when storing a new range, always check it does not exist. Also check for existence when the range is >= the HWM, typically the "acquire" case where we bump the HWM. In case of external modification, we would previously simply overwrite an an existing range mapping. Now we check and throw INTERNAL_DB_CORRUPTION in this case. Signed-off-by: Michael Adam Reviewed-by: Jeremy Allison --- source3/winbindd/idmap_autorid_tdb.c | 37 +++++++++++++++++++++--------------- 1 file changed, 22 insertions(+), 15 deletions(-) (limited to 'source3/winbindd') diff --git a/source3/winbindd/idmap_autorid_tdb.c b/source3/winbindd/idmap_autorid_tdb.c index e01c31bc7c..4f7861de65 100644 --- a/source3/winbindd/idmap_autorid_tdb.c +++ b/source3/winbindd/idmap_autorid_tdb.c @@ -175,26 +175,33 @@ static NTSTATUS idmap_autorid_addrange_action(struct db_context *db, goto error; } - if (requested_rangenum < hwm) { - /* - * Set a specified range below the HWM: - * We need to check that it is not yet taken. - */ + /* + * Check that it is not yet taken. + * If the range is requested and < HWM, we need + * to check anyways, and otherwise, we also better + * check in order to prevent further corruption + * in case the db has been externally modified. + */ - numstr = talloc_asprintf(mem_ctx, "%u", requested_rangenum); - if (!numstr) { - ret = NT_STATUS_NO_MEMORY; - goto error; - } + numstr = talloc_asprintf(mem_ctx, "%u", requested_rangenum); + if (!numstr) { + ret = NT_STATUS_NO_MEMORY; + goto error; + } - if (dbwrap_exists(db, string_term_tdb_data(numstr))) { - DEBUG(1, ("Requested range already in use.\n")); + if (dbwrap_exists(db, string_term_tdb_data(numstr))) { + DEBUG(1, ("Requested range '%s' is already in use.\n", numstr)); + + if (requested_rangenum < hwm) { ret = NT_STATUS_INVALID_PARAMETER; - goto error; + } else { + ret = NT_STATUS_INTERNAL_DB_CORRUPTION; } - TALLOC_FREE(numstr); - } else { + goto error; + } + + if (requested_rangenum >= hwm) { /* * requested or automatic range >= HWM: * increment the HWM. -- cgit