s4-schema: Validate more class attribute when adding a new class in the schema

author Matthieu Patou <mat@matws.net>

Sun, 6 May 2012 00:03:37 +0000 (17:03 -0700)

committer Matthieu Patou <mat@samba.org>

Sun, 6 May 2012 02:17:56 +0000 (04:17 +0200)
author Matthieu Patou <mat@matws.net>
Sun, 6 May 2012 00:03:37 +0000 (17:03 -0700)
committer Matthieu Patou <mat@samba.org>
Sun, 6 May 2012 02:17:56 +0000 (04:17 +0200)
diff --git a/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c b/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c

index 1fc2752016641eb2ecd9f0342ba46c8139e6f0e9..e50c8e23690a15a690c0e059c2078317c78c11e8 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c
+++ b/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c
@@ -299,6 +299,7 @@ static int attr_handler2(struct oc_context *ac)
         const struct dsdb_attribute *attr;
         unsigned int i;
         bool found;
+       bool isSchemaAttr = false;
  
         ldb = ldb_module_get_ctx(ac->module);
  
@@ -339,6 +340,9 @@ static int attr_handler2(struct oc_context *ac)
                                 return LDB_ERR_UNWILLING_TO_PERFORM;
                         }
                 }
+               if (strcmp(attname, "attributeSchema") == 0) {
+                       isSchemaAttr = true;
+               }
         }
  
         must_contain = dsdb_full_attribute_list(ac, ac->schema, oc_element,
@@ -419,6 +423,31 @@ static int attr_handler2(struct oc_context *ac)
                 return LDB_ERR_OBJECT_CLASS_VIOLATION;
         }
  
+       if (isSchemaAttr) {
+               /* Before really adding an attribute in the database,
+                       * let's check that we can translate it into a dbsd_attribute and
+                       * that we can find a valid syntax object.
+                       * If not it's better to reject this attribute than not be able
+                       * to start samba next time due to schema being unloadable.
+                       */
+               struct dsdb_attribute *att = talloc(ac, struct dsdb_attribute);
+               const struct dsdb_syntax *attrSyntax;
+               WERROR status;
+
+               status= dsdb_attribute_from_ldb(ac->schema, msg, att);
+               if (!W_ERROR_IS_OK(status)) {
+                       ldb_set_errstring(ldb,
+                                               "objectclass: failed to translate the schemaAttribute to a dsdb_attribute");
+                       return LDB_ERR_UNWILLING_TO_PERFORM;
+               }
+
+               attrSyntax = dsdb_syntax_for_attribute(att);
+               if (!attrSyntax) {
+                       ldb_set_errstring(ldb,
+                                               "objectclass: unknown attribute syntax");
+                       return LDB_ERR_UNWILLING_TO_PERFORM;
+               }
+       }
         return ldb_module_done(ac->req, ac->mod_ares->controls,
                                ac->mod_ares->response, LDB_SUCCESS);
  }
author	Matthieu Patou <mat@matws.net>
	Sun, 6 May 2012 00:03:37 +0000 (17:03 -0700)
committer	Matthieu Patou <mat@samba.org>
	Sun, 6 May 2012 02:17:56 +0000 (04:17 +0200)