s4-ldb: added LDB_FLAG_INTERNAL_MASK

This ensures that internal bits for the element flags in add/modify
requests are not set via the ldb API

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

diff --git a/source4/lib/ldb/common/ldb.c b/source4/lib/ldb/common/ldb.c
index 2642b33f008c9fbefa8196cba17ddb043cdea558..03622ce5a19955c4317c0d3bd986f8f36dc22480 100644 (file)
--- a/source4/lib/ldb/common/ldb.c
+++ b/source4/lib/ldb/common/ldb.c
@@ -766,6 +766,24 @@ static void ldb_trace_request(struct ldb_context *ldb, struct ldb_request *req)
        talloc_free(tmp_ctx);
 }
 
+/*
+  check that the element flags don't have any internal bits set
+ */
+static int ldb_msg_check_element_flags(struct ldb_context *ldb,
+                                      const struct ldb_message *message)
+{
+       unsigned i;
+       for (i=0; i<message->num_elements; i++) {
+               if (message->elements[i].flags & LDB_FLAG_INTERNAL_MASK) {
+                       ldb_asprintf_errstring(ldb, "Invalid element flags 0x%08x on element %s in %s\n",
+                                              message->elements[i].flags, message->elements[i].name,
+                                              ldb_dn_get_linearized(message->dn));
+                       return LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION;
+               }
+       }
+       return LDB_SUCCESS;
+}
+
 
 /*
   start an ldb request
@@ -806,11 +824,19 @@ int ldb_request(struct ldb_context *ldb, struct ldb_request *req)
                        ldb_oom(ldb);
                        return LDB_ERR_OPERATIONS_ERROR;
                }
+               ret = ldb_msg_check_element_flags(ldb, req->op.add.message);
+               if (ret != LDB_SUCCESS) {
+                       return ret;
+               }
                FIRST_OP(ldb, add);
                ret = module->ops->add(module, req);
                break;
        case LDB_MODIFY:
                FIRST_OP(ldb, modify);
+               ret = ldb_msg_check_element_flags(ldb, req->op.mod.message);
+               if (ret != LDB_SUCCESS) {
+                       return ret;
+               }
                ret = module->ops->modify(module, req);
                break;
        case LDB_DELETE:

diff --git a/source4/lib/ldb/include/ldb.h b/source4/lib/ldb/include/ldb.h
index 6625d94dbd5df13d34ea8ef703717258ff5ad162..55a6fd1c37f70bec3bdeeb3e95cd58ed6293b631 100644 (file)
--- a/source4/lib/ldb/include/ldb.h
+++ b/source4/lib/ldb/include/ldb.h
@@ -138,6 +138,11 @@ struct ldb_dn;
 */
 #define LDB_FLAG_MOD_DELETE  3
 
+/**
+    flag bits on an element usable only by the internal implementation
+*/
+#define LDB_FLAG_INTERNAL_MASK 0xFFFFFFF0
+
 /**
   OID for logic AND comaprison.