From 567848498f7cbb9977dc3ad723be809a4cc3c03e Mon Sep 17 00:00:00 2001
From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Wed, 31 May 2017 15:22:45 +1200
Subject: [PATCH] replmd: check duplicate linked attributes

This is simple enough because we already have the sorted list.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 selftest/knownfail.d/ldap-linked-attributes     | 5 -----
 source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 9 +++++++++
 2 files changed, 9 insertions(+), 5 deletions(-)
 delete mode 100644 selftest/knownfail.d/ldap-linked-attributes

diff --git a/selftest/knownfail.d/ldap-linked-attributes b/selftest/knownfail.d/ldap-linked-attributes
deleted file mode 100644
index 90230a2868c..00000000000
--- a/selftest/knownfail.d/ldap-linked-attributes
+++ /dev/null
@@ -1,5 +0,0 @@
-#
-# These fail because we don't handle multi-/single- constraints very well.
-#
-samba4.ldap.linked_attributes.python.*LATests.test_add_all_at_once
-samba4.ldap.python.*single_valued_linked_attributes
diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
index d295a85f0fd..288c6689973 100644
--- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
+++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
@@ -886,6 +886,8 @@ static int replmd_build_la_val(TALLOC_CTX *mem_ctx, struct ldb_val *v, struct ds
 			       const struct GUID *invocation_id, uint64_t seq_num,
 			       uint64_t local_usn, NTTIME nttime, uint32_t version, bool deleted);
 
+static int parsed_dn_compare(struct parsed_dn *pdn1, struct parsed_dn *pdn2);
+
 static int get_parsed_dns(struct ldb_module *module, TALLOC_CTX *mem_ctx,
 			  struct ldb_message_element *el, struct parsed_dn **pdn,
 			  const char *ldap_oid, struct ldb_request *parent);
@@ -940,6 +942,13 @@ static int replmd_add_fix_la(struct ldb_module *module, TALLOC_CTX *mem_ctx,
 
 	for (i = 0; i < el->num_values; i++) {
 		struct parsed_dn *p = &pdn[i];
+		if (i > 0 && parsed_dn_compare(p, &pdn[i - 1]) == 0) {
+			ldb_asprintf_errstring(ldb,
+					"Linked attribute %s has "
+					"multiple identical values", el->name);
+			talloc_free(tmp_ctx);
+			return LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
+		}
 		ret = replmd_build_la_val(el->values, p->v, p->dsdb_dn,
 					  &ac->our_invocation_id,
 					  ac->seq_num, ac->seq_num, now, 0, false);
-- 
2.34.1