svn commit: samba r17423 - in branches/SOC/mkhl/ldb-map: common include samba tools

mkhl at samba.org mkhl at samba.org
Sat Aug 5 17:16:11 GMT 2006 

Author: mkhl
Date: 2006-08-05 17:16:10 +0000 (Sat, 05 Aug 2006)
New Revision: 17423

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=17423

Log:
Merge from mainline, r17422
Modified:
   branches/SOC/mkhl/ldb-map/common/ldb_modules.c
   branches/SOC/mkhl/ldb-map/include/ldb.h
   branches/SOC/mkhl/ldb-map/samba/ldif_handlers.c
   branches/SOC/mkhl/ldb-map/tools/cmdline.c


Changeset:
Modified: branches/SOC/mkhl/ldb-map/common/ldb_modules.c
===================================================================
--- branches/SOC/mkhl/ldb-map/common/ldb_modules.c	2006-08-05 12:50:41 UTC (rev 17422)
+++ branches/SOC/mkhl/ldb-map/common/ldb_modules.c	2006-08-05 17:16:10 UTC (rev 17423)
@@ -73,19 +73,20 @@
 /* modules are called in inverse order on the stack.
    Lets place them as an admin would think the right order is.
    Modules order is important */
-static char **ldb_modules_list_from_string(struct ldb_context *ldb, const char *string)
+static const char **ldb_modules_list_from_string(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, const char *string)
 {
 	char **modules = NULL;
+	const char **m;
 	char *modstr, *p;
 	int i;
 
 	/* spaces not admitted */
-	modstr = talloc_strdup_no_spaces(ldb, string);
+	modstr = talloc_strdup_no_spaces(mem_ctx, string);
 	if ( ! modstr) {
 		return NULL;
 	}
 
-	modules = talloc_realloc(ldb, modules, char *, 2);
+	modules = talloc_realloc(mem_ctx, modules, char *, 2);
 	if ( ! modules ) {
 		ldb_debug(ldb, LDB_DEBUG_FATAL, "Out of Memory in ldb_modules_list_from_string()\n");
 		talloc_free(modstr);
@@ -100,7 +101,7 @@
 		modules[i] = p;
 
 		i++;
-		modules = talloc_realloc(ldb, modules, char *, i + 2);
+		modules = talloc_realloc(mem_ctx, modules, char *, i + 2);
 		if ( ! modules ) {
 			ldb_debug(ldb, LDB_DEBUG_FATAL, "Out of Memory in ldb_modules_list_from_string()\n");
 			return NULL;
@@ -111,7 +112,9 @@
 
 	modules[i + 1] = NULL;
 
-	return modules;
+	m = (const char **)modules;
+
+	return m;
 }
 
 static struct ops_list_entry {
@@ -235,16 +238,21 @@
 
 int ldb_load_modules(struct ldb_context *ldb, const char *options[])
 {
-	char **modules = NULL;
+	const char **modules = NULL;
 	struct ldb_module *module;
 	int i;
+	TALLOC_CTX *mem_ctx = talloc_new(ldb);
+	if (!mem_ctx) {
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
 	/* find out which modules we are requested to activate */
 
 	/* check if we have a custom module list passd as ldb option */
 	if (options) {
 		for (i = 0; options[i] != NULL; i++) {
 			if (strncmp(options[i], LDB_MODULE_PREFIX, LDB_MODULE_PREFIX_LEN) == 0) {
-				modules = ldb_modules_list_from_string(ldb, &options[i][LDB_MODULE_PREFIX_LEN]);
+				modules = ldb_modules_list_from_string(ldb, mem_ctx, &options[i][LDB_MODULE_PREFIX_LEN]);
 			}
 		}
 	}
@@ -254,34 +262,36 @@
 		int ret;
 		const char * const attrs[] = { "@LIST" , NULL};
 		struct ldb_result *res = NULL;
-		struct ldb_dn *mods;
+		struct ldb_dn *mods_dn;
 
-		mods = ldb_dn_explode(ldb, "@MODULES");
-		if (mods == NULL) {
+		mods_dn = ldb_dn_explode(mem_ctx, "@MODULES");
+		if (mods_dn == NULL) {
+			talloc_free(mem_ctx);
 			return -1;
 		}
 
-		ret = ldb_search(ldb, mods, LDB_SCOPE_BASE, "", attrs, &res);
-		talloc_free(mods);
+		ret = ldb_search(ldb, mods_dn, LDB_SCOPE_BASE, "", attrs, &res);
+		if (res) talloc_steal(mods_dn, res);
 		if (ret == LDB_SUCCESS && (res->count == 0 || res->msgs[0]->num_elements == 0)) {
 			ldb_debug(ldb, LDB_DEBUG_TRACE, "no modules required by the db\n");
 		} else {
 			if (ret != LDB_SUCCESS) {
 				ldb_debug(ldb, LDB_DEBUG_FATAL, "ldb error (%s) occurred searching for modules, bailing out\n", ldb_errstring(ldb));
+				talloc_free(mem_ctx);
 				return -1;
 			}
 			if (res->count > 1) {
 				ldb_debug(ldb, LDB_DEBUG_FATAL, "Too many records found (%d), bailing out\n", res->count);
-				talloc_free(res);
+				talloc_free(mem_ctx);
 				return -1;
 			}
 
-			modules = ldb_modules_list_from_string(ldb, 
+			modules = ldb_modules_list_from_string(ldb, mem_ctx,
 							       (const char *)res->msgs[0]->elements[0].values[0].data);
 
 		}
 
-		talloc_free(res);
+		talloc_free(mods_dn);
 	}
 
 	if (modules != NULL) {

Modified: branches/SOC/mkhl/ldb-map/include/ldb.h
===================================================================
--- branches/SOC/mkhl/ldb-map/include/ldb.h	2006-08-05 12:50:41 UTC (rev 17422)
+++ branches/SOC/mkhl/ldb-map/include/ldb.h	2006-08-05 17:16:10 UTC (rev 17423)
@@ -423,6 +423,27 @@
 #define LDB_CONTROL_PAGED_RESULTS_OID	"1.2.840.113556.1.4.319"
 
 /**
+   OID for specifying the returned elements of the ntSecurityDescriptor
+
+   \sa <a href="http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ldap/ldap/ldap_server_sd_flags_oid.asp">Microsoft documentation of this OID</a>
+*/
+#define LDB_CONTROL_SD_FLAGS_OID	"1.2.840.113556.1.4.801"
+
+/**
+   OID for specifying an advanced scope for the search (one partition)
+
+   \sa <a href="http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ldap/ldap/ldap_server_domain_scope_oid.asp">Microsoft documentation of this OID</a>
+*/
+#define LDB_CONTROL_DOMAIN_SCOPE_OID	"1.2.840.113556.1.4.1339"
+
+/**
+   OID for specifying an advanced scope for a search
+
+   \sa <a href="http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ldap/ldap/ldap_server_search_options_oid.asp">Microsoft documentation of this OID</a>
+*/
+#define LDB_CONTROL_SEARCH_OPTIONS_OID	"1.2.840.113556.1.4.1340"
+
+/**
    OID for notification
 
    \sa <a href="http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ldap/ldap/ldap_server_notification_oid.asp">Microsoft documentation of this OID</a>
@@ -518,6 +539,33 @@
 */
 #define LDB_EXTENDED_FAST_BIND_OID	"1.2.840.113556.1.4.1781"
 
+struct ldb_sd_flags_control {
+	/*
+	 * request the owner	0x00000001
+	 * request the group	0x00000002
+	 * request the DACL	0x00000004
+	 * request the SACL	0x00000008
+	 */
+	unsigned secinfo_flags;
+};
+
+struct ldb_search_options_control {
+	/*
+	 * DOMAIN_SCOPE		0x00000001
+	 * this limits the search to one partition,
+	 * and no referrals will be returned.
+	 * (Note this doesn't limit the entries by there
+	 *  objectSid belonging to a domain! Builtin and Foreign Sids
+	 *  are still returned)
+	 *
+	 * PHANTOM_ROOT		0x00000002
+	 * this search on the whole tree on a domain controller
+	 * over multiple partitions without referrals.
+	 * (This is the default behavior on the Global Catalog Port)
+	 */
+	unsigned search_options;
+};
+
 struct ldb_paged_control {
 	int size;
 	int cookie_len;

Modified: branches/SOC/mkhl/ldb-map/samba/ldif_handlers.c
===================================================================
--- branches/SOC/mkhl/ldb-map/samba/ldif_handlers.c	2006-08-05 12:50:41 UTC (rev 17422)
+++ branches/SOC/mkhl/ldb-map/samba/ldif_handlers.c	2006-08-05 17:16:10 UTC (rev 17423)
@@ -245,11 +245,8 @@
 {
 	struct security_descriptor *sd;
 	NTSTATUS status;
-	const struct dom_sid *domain_sid = samdb_domain_sid(ldb);
-	if (domain_sid == NULL) {
-		return ldb_handler_copy(ldb, mem_ctx, in, out);
-	}
-	sd = sddl_decode(mem_ctx, (const char *)in->data, domain_sid);
+
+	sd = sddl_decode(mem_ctx, (const char *)in->data, NULL);
 	if (sd == NULL) {
 		return -1;
 	}
@@ -270,12 +267,7 @@
 {
 	struct security_descriptor *sd;
 	NTSTATUS status;
-	const struct dom_sid *domain_sid = samdb_domain_sid(ldb);
 
-	if (domain_sid == NULL) {
-		return ldb_handler_copy(ldb, mem_ctx, in, out);
-	}
-
 	sd = talloc(mem_ctx, struct security_descriptor);
 	if (sd == NULL) {
 		return -1;
@@ -286,7 +278,7 @@
 		talloc_free(sd);
 		return -1;
 	}
-	out->data = (uint8_t *)sddl_encode(mem_ctx, sd, domain_sid);
+	out->data = (uint8_t *)sddl_encode(mem_ctx, sd, NULL);
 	talloc_free(sd);
 	if (out->data == NULL) {
 		return -1;
@@ -414,6 +406,14 @@
 		.comparison_fn   = ldb_comparison_objectGUID
 	},
 	{ 
+		.attr            = "attributeSecurityGUID",
+		.flags           = 0,
+		.ldif_read_fn    = ldif_read_objectGUID,
+		.ldif_write_fn   = ldif_write_objectGUID,
+		.canonicalise_fn = ldb_canonicalise_objectGUID,
+		.comparison_fn   = ldb_comparison_objectGUID
+	},
+	{ 
 		.attr            = "objectCategory",
 		.flags           = 0,
 		.ldif_read_fn    = ldb_handler_copy,

Modified: branches/SOC/mkhl/ldb-map/tools/cmdline.c
===================================================================
--- branches/SOC/mkhl/ldb-map/tools/cmdline.c	2006-08-05 12:50:41 UTC (rev 17422)
+++ branches/SOC/mkhl/ldb-map/tools/cmdline.c	2006-08-05 17:16:10 UTC (rev 17423)
@@ -381,6 +381,77 @@
 			continue;
 		}
 
+		if (strncmp(control_strings[i], "sd_flags:", 9) == 0) {
+			struct ldb_sd_flags_control *control;
+			const char *p;
+			int crit, ret;
+			unsigned secinfo_flags;
+
+			p = &(control_strings[i][9]);
+			ret = sscanf(p, "%d:%u", &crit, &secinfo_flags);
+			if ((ret != 2) || (crit < 0) || (crit > 1) || (secinfo_flags < 0) || (secinfo_flags > 0xF)) {
+				fprintf(stderr, "invalid sd_flags control syntax\n");
+				fprintf(stderr, " syntax: crit(b):secinfo_flags(n)\n");
+				fprintf(stderr, "   note: b = boolean, n = number\n");
+				return NULL;
+			}
+
+			ctrl[i] = talloc(ctrl, struct ldb_control);
+			ctrl[i]->oid = LDB_CONTROL_SD_FLAGS_OID;
+			ctrl[i]->critical = crit;
+			control = talloc(ctrl[i], struct ldb_sd_flags_control);
+			control->secinfo_flags = secinfo_flags;
+			ctrl[i]->data = control;
+
+			continue;
+		}
+
+		if (strncmp(control_strings[i], "search_options:", 15) == 0) {
+			struct ldb_search_options_control *control;
+			const char *p;
+			int crit, ret;
+			unsigned search_options;
+
+			p = &(control_strings[i][15]);
+			ret = sscanf(p, "%d:%u", &crit, &search_options);
+			if ((ret != 2) || (crit < 0) || (crit > 1) || (search_options < 0) || (search_options > 0xF)) {
+				fprintf(stderr, "invalid search_options control syntax\n");
+				fprintf(stderr, " syntax: crit(b):search_options(n)\n");
+				fprintf(stderr, "   note: b = boolean, n = number\n");
+				return NULL;
+			}
+
+			ctrl[i] = talloc(ctrl, struct ldb_control);
+			ctrl[i]->oid = LDB_CONTROL_SEARCH_OPTIONS_OID;
+			ctrl[i]->critical = crit;
+			control = talloc(ctrl[i], struct ldb_search_options_control);
+			control->search_options = search_options;
+			ctrl[i]->data = control;
+
+			continue;
+		}
+
+		if (strncmp(control_strings[i], "domain_scope:", 13) == 0) {
+			const char *p;
+			int crit, ret;
+
+			p = &(control_strings[i][13]);
+			ret = sscanf(p, "%d", &crit);
+			if ((ret != 1) || (crit < 0) || (crit > 1)) {
+				fprintf(stderr, "invalid domain_scope control syntax\n");
+				fprintf(stderr, " syntax: crit(b)\n");
+				fprintf(stderr, "   note: b = boolean\n");
+				return NULL;
+			}
+
+			ctrl[i] = talloc(ctrl, struct ldb_control);
+			ctrl[i]->oid = LDB_CONTROL_DOMAIN_SCOPE_OID;
+			ctrl[i]->critical = crit;
+			ctrl[i]->data = NULL;
+
+			continue;
+		}
+
 		if (strncmp(control_strings[i], "paged_results:", 14) == 0) {
 			struct ldb_paged_control *control;
 			const char *p;
@@ -464,7 +535,7 @@
 		}
 
 		/* no controls matched, throw an error */
-		fprintf(stderr, "Invalid control name\n");
+		fprintf(stderr, "Invalid control name: '%s'\n", control_strings[i]);
 		return NULL;
 	}

More information about the samba-cvs mailing list