From 57678c70c4c210b6e275dd234a1c631e83607f76 Mon Sep 17 00:00:00 2001 From: Garming Sam Date: Mon, 30 Jan 2017 11:08:07 +1300 Subject: [PATCH] ldbedit: Prevent the use of the reveal internals control This is almost certainly not what you want to do. Providing the output of reveal as the input of modify will necessarily revivify all dead linked attributes (regardless of --extended-dn or not). This is extremely unexpected behaviour, so we prevent this from happening. Signed-off-by: Garming Sam Reviewed-by: Andrew Bartlett BUG: https://bugzilla.samba.org/show_bug.cgi?id=12596 Autobuild-User(master): Garming Sam Autobuild-Date(master): Wed Feb 22 04:23:05 CET 2017 on sn-devel-144 (cherry picked from commit bed19f3744a4193bed1ea99debfb6263feb78b6c) --- lib/ldb/tools/ldbedit.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/lib/ldb/tools/ldbedit.c b/lib/ldb/tools/ldbedit.c index cf4ab3f..5b83783 100644 --- a/lib/ldb/tools/ldbedit.c +++ b/lib/ldb/tools/ldbedit.c @@ -320,6 +320,7 @@ int main(int argc, const char **argv) const char * const * attrs = NULL; TALLOC_CTX *mem_ctx = talloc_new(NULL); struct ldb_control **req_ctrls; + unsigned int i; ldb = ldb_init(mem_ctx, NULL); if (ldb == NULL) { @@ -347,6 +348,15 @@ int main(int argc, const char **argv) } } + for (i = 0; options->controls != NULL && options->controls[i] != NULL; i++) { + if (strncmp(options->controls[i], "reveal_internals:", 17) == 0) { + printf("Using reveal internals has unintended consequences.\n"); + printf("If this is your intent, manually perform the search," + " and use ldbmodify directly.\n"); + return LDB_ERR_OPERATIONS_ERROR; + } + } + req_ctrls = ldb_parse_control_strings(ldb, ldb, (const char **)options->controls); if (options->controls != NULL && req_ctrls== NULL) { printf("parsing controls failed: %s\n", ldb_errstring(ldb)); -- 1.9.1