CVE-2020-25722 s4/dsdb/samldb: add samldb_get_single_valued_attr() helper

This takes a string of logic out of samldb_unique_attr_check() that we
are going to need in other places, and that would be very tedious to
repeat.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14564

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c
index 6db7840b0c1f00a4baf6959706e32d063cfb0aee..40dfab6390b072995d76e9dc0ad3ec533a45fd3e 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -161,6 +161,55 @@ static int samldb_next_step(struct samldb_ctx *ac)
        }
 }
 
+static int samldb_get_single_valued_attr(struct ldb_context *ldb,
+                                        struct samldb_ctx *ac,
+                                        const char *attr,
+                                        const char **value)
+{
+       /*
+        * The steps we end up going through to get and check a single valued
+        * attribute.
+        */
+       struct ldb_message_element *el = NULL;
+
+       *value = NULL;
+
+       el = dsdb_get_single_valued_attr(ac->msg, attr,
+                                        ac->req->operation);
+       if (el == NULL) {
+               /* we are not affected */
+               return LDB_SUCCESS;
+       }
+
+       if (el->num_values > 1) {
+               ldb_asprintf_errstring(
+                       ldb,
+                       "samldb: %s has %u values, should be single-valued!",
+                       attr, el->num_values);
+               return LDB_ERR_CONSTRAINT_VIOLATION;
+       } else if (el->num_values == 0) {
+               ldb_asprintf_errstring(
+                       ldb,
+                       "samldb: new value for %s "
+                       "not provided for mandatory, single-valued attribute!",
+                       attr);
+               return LDB_ERR_OBJECT_CLASS_VIOLATION;
+       }
+
+
+       if (el->values[0].length == 0) {
+               ldb_asprintf_errstring(
+                       ldb,
+                       "samldb: %s is of zero length, should have a value!",
+                       attr);
+               return LDB_ERR_OBJECT_CLASS_VIOLATION;
+       }
+
+       *value = (char *)el->values[0].data;
+
+       return LDB_SUCCESS;
+}
+
 static int samldb_unique_attr_check(struct samldb_ctx *ac, const char *attr,
                                    const char *attr_conflict,
                                    struct ldb_dn *base_dn)