r20863: check that there's a current partition control attached to the request

metze
(This used to be commit b1377a2e240dbe36277816452d33d6abaa486b9e)

diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
index c91fcb2f4024df5412dd523d0a3a7ea7bc17deb5..b91d5e3db2f391d89eefa85bf970865a102e9408 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
+++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
@@ -170,7 +170,8 @@ static int add_uint64_element(struct ldb_message *msg, const char *attr, uint64_
 
 static int replmd_add_originating(struct ldb_module *module,
                                  struct ldb_request *req,
-                                 const struct dsdb_schema *schema)
+                                 const struct dsdb_schema *schema,
+                                 const struct dsdb_control_current_partition *partition)
 {
        struct ldb_request *down_req;
        struct ldb_message_element *attribute;
@@ -251,6 +252,8 @@ static int replmd_add_originating(struct ldb_module *module,
 static int replmd_add(struct ldb_module *module, struct ldb_request *req)
 {
        const struct dsdb_schema *schema;
+       const struct ldb_control *partition_ctrl;
+       const struct dsdb_control_current_partition *partition;
 
        /* do not manipulate our control entries */
        if (ldb_dn_is_special(req->op.add.message->dn)) {
@@ -259,16 +262,40 @@ static int replmd_add(struct ldb_module *module, struct ldb_request *req)
 
        schema = dsdb_get_schema(module->ldb);
        if (!schema) {
-               ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, "replmd_add: no dsdb_schema loaded");
+               ldb_debug_set(module->ldb, LDB_DEBUG_FATAL,
+                             "replmd_add: no dsdb_schema loaded");
                return LDB_ERR_CONSTRAINT_VIOLATION;
        }
 
-       return replmd_add_originating(module, req, schema);
+       partition_ctrl = get_control_from_list(req->controls, DSDB_CONTROL_CURRENT_PARTITION_OID);
+       if (!partition_ctrl) {
+               ldb_debug_set(module->ldb, LDB_DEBUG_FATAL,
+                             "replmd_add: no current partition control found");
+               return LDB_ERR_CONSTRAINT_VIOLATION;
+       }
+
+       partition = talloc_get_type(partition_ctrl->data,
+                                   struct dsdb_control_current_partition);
+       if (!partition) {
+               ldb_debug_set(module->ldb, LDB_DEBUG_FATAL,
+                             "replmd_add: current partition control contains invalid data");
+               return LDB_ERR_CONSTRAINT_VIOLATION;
+       }
+
+       if (partition->version != DSDB_CONTROL_CURRENT_PARTITION_VERSION) {
+               ldb_debug_set(module->ldb, LDB_DEBUG_FATAL,
+                             "replmd_add: current partition control contains invalid version [%u != %u]\n",
+                             partition->version, DSDB_CONTROL_CURRENT_PARTITION_VERSION);
+               return LDB_ERR_CONSTRAINT_VIOLATION;
+       }
+
+       return replmd_add_originating(module, req, schema, partition);
 }
 
 static int replmd_modify_originating(struct ldb_module *module,
                                     struct ldb_request *req,
-                                    const struct dsdb_schema *schema)
+                                    const struct dsdb_schema *schema,
+                                    const struct dsdb_control_current_partition *partition)
 {
        struct ldb_request *down_req;
        struct ldb_message *msg;
@@ -323,6 +350,8 @@ static int replmd_modify_originating(struct ldb_module *module,
 static int replmd_modify(struct ldb_module *module, struct ldb_request *req)
 {
        const struct dsdb_schema *schema;
+       const struct ldb_control *partition_ctrl;
+       const struct dsdb_control_current_partition *partition;
  
        /* do not manipulate our control entries */
        if (ldb_dn_is_special(req->op.mod.message->dn)) {
@@ -331,11 +360,41 @@ static int replmd_modify(struct ldb_module *module, struct ldb_request *req)
 
        schema = dsdb_get_schema(module->ldb);
        if (!schema) {
-               ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, "replmd_modify: no dsdb_schema loaded");
+               ldb_debug_set(module->ldb, LDB_DEBUG_FATAL,
+                             "replmd_modify: no dsdb_schema loaded");
+               return LDB_ERR_CONSTRAINT_VIOLATION;
+       }
+
+       schema = dsdb_get_schema(module->ldb);
+       if (!schema) {
+               ldb_debug_set(module->ldb, LDB_DEBUG_FATAL,
+                             "replmd_modify: no dsdb_schema loaded");
+               return LDB_ERR_CONSTRAINT_VIOLATION;
+       }
+
+       partition_ctrl = get_control_from_list(req->controls, DSDB_CONTROL_CURRENT_PARTITION_OID);
+       if (!partition_ctrl) {
+               ldb_debug_set(module->ldb, LDB_DEBUG_FATAL,
+                             "replmd_modify: no current partition control found");
+               return LDB_ERR_CONSTRAINT_VIOLATION;
+       }
+
+       partition = talloc_get_type(partition_ctrl->data,
+                                   struct dsdb_control_current_partition);
+       if (!partition) {
+               ldb_debug_set(module->ldb, LDB_DEBUG_FATAL,
+                             "replmd_modify: current partition control contains invalid data");
+               return LDB_ERR_CONSTRAINT_VIOLATION;
+       }
+
+       if (partition->version != DSDB_CONTROL_CURRENT_PARTITION_VERSION) {
+               ldb_debug_set(module->ldb, LDB_DEBUG_FATAL,
+                             "replmd_modify: current partition control contains invalid version [%u != %u]\n",
+                             partition->version, DSDB_CONTROL_CURRENT_PARTITION_VERSION);
                return LDB_ERR_CONSTRAINT_VIOLATION;
        }
 
-       return replmd_modify_originating(module, req, schema);
+       return replmd_modify_originating(module, req, schema, partition);
 }
 
 static int replmd_replicated_request_reply_helper(struct replmd_replicated_request *ar, int ret)