From ad35153ef40ade858302dab2877353682604265b Mon Sep 17 00:00:00 2001
From: Kamen Mazdrashki <kamen.mazdrashki@postpath.com>
Date: Sat, 19 Dec 2009 01:49:31 +0200
Subject: [PATCH] s4-drs: Implement constraints on ATTID values in prefixMap

Ref: MS-ADTS, 3.1.1.2.6 ATTRTYP

Signed-off-by: Andrew Tridgell <tridge@samba.org>
---
 source4/dsdb/schema/prefixmap.h        | 11 +++++++++++
 source4/dsdb/schema/schema_prefixmap.c | 24 ++++++++++++++++++++++++
 2 files changed, 35 insertions(+)

diff --git a/source4/dsdb/schema/prefixmap.h b/source4/dsdb/schema/prefixmap.h
index 816ddcfbb39..74acecb4ffb 100644
--- a/source4/dsdb/schema/prefixmap.h
+++ b/source4/dsdb/schema/prefixmap.h
@@ -23,6 +23,17 @@
 #define _DSDB_PREFIXMAP_H
 
 /**
+ * ATTRTYP ranges
+ * Ref: MS-ADTS, 3.1.1.2.6 ATTRTYP
+ */
+enum dsdb_attid_type {
+	dsdb_attid_type_pfm = 1,	/* attid in [0x00000000..0x7FFFFFFF] */
+	dsdb_attid_type_intid = 2,	/* attid in [0x80000000..0xBFFFFFFF] */
+	dsdb_attid_type_reserved = 3,	/* attid in [0xC0000000..0xFFFEFFFF] */
+	dsdb_attid_type_internal = 4,	/* attid in [0xFFFF0000..0xFFFFFFFF] */
+};
+
+/**
  * oid-prefix in prefixmap
  */
 struct dsdb_schema_prefixmap_oid {
diff --git a/source4/dsdb/schema/schema_prefixmap.c b/source4/dsdb/schema/schema_prefixmap.c
index 969b357a399..89d33779e4b 100644
--- a/source4/dsdb/schema/schema_prefixmap.c
+++ b/source4/dsdb/schema/schema_prefixmap.c
@@ -27,6 +27,25 @@
 
 
 /**
+ * Determine range type for supplied ATTID
+ */
+enum dsdb_attid_type dsdb_pfm_get_attid_type(uint32_t attid)
+{
+	if (attid <= 0x7FFFFFFF) {
+		return dsdb_attid_type_pfm;
+	}
+	else if (attid <= 0xBFFFFFFF) {
+		return dsdb_attid_type_intid;
+	}
+	else if (attid <= 0xFFFEFFFF) {
+		return dsdb_attid_type_reserved;
+	}
+	else {
+		return dsdb_attid_type_internal;
+	}
+}
+
+/**
  * Allocates schema_prefixMap object in supplied memory context
  */
 static struct dsdb_schema_prefixmap *_dsdb_schema_prefixmap_talloc(TALLOC_CTX *mem_ctx,
@@ -303,6 +322,11 @@ WERROR dsdb_schema_pfm_oid_from_attid(struct dsdb_schema_prefixmap *pfm, uint32_
 	struct dsdb_schema_prefixmap_oid *pfm_entry;
 	WERROR werr = WERR_OK;
 
+	/* sanity check for attid requested */
+	if (dsdb_pfm_get_attid_type(attid) != dsdb_attid_type_pfm) {
+		return WERR_INVALID_PARAMETER;
+	}
+
 	/* crack attid value */
 	hi_word = attid >> 16;
 	lo_word = attid & 0xFFFF;
-- 
2.11.4.GIT