s4-ldb: don't allow modifies outside a transaction.

author Andrew Tridgell <tridge@samba.org>

Fri, 23 Oct 2009 11:43:24 +0000 (22:43 +1100)

committer Andrew Tridgell <tridge@samba.org>

Sun, 25 Oct 2009 02:15:18 +0000 (13:15 +1100)
author Andrew Tridgell <tridge@samba.org>
Fri, 23 Oct 2009 11:43:24 +0000 (22:43 +1100)
committer Andrew Tridgell <tridge@samba.org>
Sun, 25 Oct 2009 02:15:18 +0000 (13:15 +1100)
diff --git a/source4/lib/ldb/ldb_tdb/ldb_tdb.c b/source4/lib/ldb/ldb_tdb/ldb_tdb.c

index 01153fe2035c4be6eb0bb9c784a31191237acf50..d6175863dae7446675e752100a59c87f8da0ea44 100644 (file)
--- a/source4/lib/ldb/ldb_tdb/ldb_tdb.c
+++ b/source4/lib/ldb/ldb_tdb/ldb_tdb.c
@@ -200,6 +200,14 @@ static int ltdb_check_special_dn(struct ldb_module *module,
  static int ltdb_modified(struct ldb_module *module, struct ldb_dn *dn)
  {
         int ret = LDB_SUCCESS;
+       struct ltdb_private *ltdb = talloc_get_type(ldb_module_get_private(module), struct ltdb_private);
+
+       /* only allow modifies inside a transaction, otherwise the
+        * ldb is unsafe */
+       if (ltdb->in_transaction == 0) {
+               ldb_set_errstring(ldb_module_get_ctx(module), "ltdb modify without transaction");
+               return LDB_ERR_OPERATIONS_ERROR;
+       }
  
         if (ldb_dn_is_special(dn) &&
             (ldb_dn_check_special(dn, LTDB_INDEXLIST) ||
author	Andrew Tridgell <tridge@samba.org>
	Fri, 23 Oct 2009 11:43:24 +0000 (22:43 +1100)
committer	Andrew Tridgell <tridge@samba.org>
	Sun, 25 Oct 2009 02:15:18 +0000 (13:15 +1100)