ldb_tdb: Refuse to store a value in a unique index that is too long

Rather than add many special cases, over-long unique values are simply banned.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/lib/ldb/ldb_tdb/ldb_index.c b/lib/ldb/ldb_tdb/ldb_index.c
index 343d95a7c9f12a90ef3cc4a485c56c0a2a29ff3e..17cb267be78cd75a3c81a9e663a37e169d52a5a0 100644 (file)
--- a/lib/ldb/ldb_tdb/ldb_index.c
+++ b/lib/ldb/ldb_tdb/ldb_index.c
@@ -2004,6 +2004,25 @@ static int ltdb_index_add1(struct ldb_module *module,
                talloc_free(list);
                return LDB_ERR_OPERATIONS_ERROR;
        }
+       /*
+        * Samba only maintains unique indexes on the objectSID and objectGUID
+        * so if a unique index key exceeds the maximum length there is a
+        * problem.
+        */
+       if ((truncation == KEY_TRUNCATED) && (a != NULL &&
+               (a->flags & LDB_ATTR_FLAG_UNIQUE_INDEX ||
+               (el->flags & LDB_FLAG_INTERNAL_FORCE_UNIQUE_INDEX)))) {
+
+               ldb_asprintf_errstring(
+                       ldb,
+                       __location__ ": unique index key on %s in %s, "
+                       "exceeds maximum key length of %u (encoded).",
+                       el->name,
+                       ldb_dn_get_linearized(msg->dn),
+                       ltdb->max_key_length);
+               talloc_free(list);
+               return LDB_ERR_CONSTRAINT_VIOLATION;
+       }
        talloc_steal(list, dn_key);
 
        ret = ltdb_dn_list_load(module, ltdb, dn_key, list);