svn commit: samba r17423 - in branches/SOC/mkhl/ldb-map: common
include samba tools
mkhl at samba.org
mkhl at samba.org
Sat Aug 5 17:16:11 GMT 2006
Author: mkhl
Date: 2006-08-05 17:16:10 +0000 (Sat, 05 Aug 2006)
New Revision: 17423
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=17423
Log:
Merge from mainline, r17422
Modified:
branches/SOC/mkhl/ldb-map/common/ldb_modules.c
branches/SOC/mkhl/ldb-map/include/ldb.h
branches/SOC/mkhl/ldb-map/samba/ldif_handlers.c
branches/SOC/mkhl/ldb-map/tools/cmdline.c
Changeset:
Modified: branches/SOC/mkhl/ldb-map/common/ldb_modules.c
===================================================================
--- branches/SOC/mkhl/ldb-map/common/ldb_modules.c 2006-08-05 12:50:41 UTC (rev 17422)
+++ branches/SOC/mkhl/ldb-map/common/ldb_modules.c 2006-08-05 17:16:10 UTC (rev 17423)
@@ -73,19 +73,20 @@
/* modules are called in inverse order on the stack.
Lets place them as an admin would think the right order is.
Modules order is important */
-static char **ldb_modules_list_from_string(struct ldb_context *ldb, const char *string)
+static const char **ldb_modules_list_from_string(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, const char *string)
{
char **modules = NULL;
+ const char **m;
char *modstr, *p;
int i;
/* spaces not admitted */
- modstr = talloc_strdup_no_spaces(ldb, string);
+ modstr = talloc_strdup_no_spaces(mem_ctx, string);
if ( ! modstr) {
return NULL;
}
- modules = talloc_realloc(ldb, modules, char *, 2);
+ modules = talloc_realloc(mem_ctx, modules, char *, 2);
if ( ! modules ) {
ldb_debug(ldb, LDB_DEBUG_FATAL, "Out of Memory in ldb_modules_list_from_string()\n");
talloc_free(modstr);
@@ -100,7 +101,7 @@
modules[i] = p;
i++;
- modules = talloc_realloc(ldb, modules, char *, i + 2);
+ modules = talloc_realloc(mem_ctx, modules, char *, i + 2);
if ( ! modules ) {
ldb_debug(ldb, LDB_DEBUG_FATAL, "Out of Memory in ldb_modules_list_from_string()\n");
return NULL;
@@ -111,7 +112,9 @@
modules[i + 1] = NULL;
- return modules;
+ m = (const char **)modules;
+
+ return m;
}
static struct ops_list_entry {
@@ -235,16 +238,21 @@
int ldb_load_modules(struct ldb_context *ldb, const char *options[])
{
- char **modules = NULL;
+ const char **modules = NULL;
struct ldb_module *module;
int i;
+ TALLOC_CTX *mem_ctx = talloc_new(ldb);
+ if (!mem_ctx) {
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
/* find out which modules we are requested to activate */
/* check if we have a custom module list passd as ldb option */
if (options) {
for (i = 0; options[i] != NULL; i++) {
if (strncmp(options[i], LDB_MODULE_PREFIX, LDB_MODULE_PREFIX_LEN) == 0) {
- modules = ldb_modules_list_from_string(ldb, &options[i][LDB_MODULE_PREFIX_LEN]);
+ modules = ldb_modules_list_from_string(ldb, mem_ctx, &options[i][LDB_MODULE_PREFIX_LEN]);
}
}
}
@@ -254,34 +262,36 @@
int ret;
const char * const attrs[] = { "@LIST" , NULL};
struct ldb_result *res = NULL;
- struct ldb_dn *mods;
+ struct ldb_dn *mods_dn;
- mods = ldb_dn_explode(ldb, "@MODULES");
- if (mods == NULL) {
+ mods_dn = ldb_dn_explode(mem_ctx, "@MODULES");
+ if (mods_dn == NULL) {
+ talloc_free(mem_ctx);
return -1;
}
- ret = ldb_search(ldb, mods, LDB_SCOPE_BASE, "", attrs, &res);
- talloc_free(mods);
+ ret = ldb_search(ldb, mods_dn, LDB_SCOPE_BASE, "", attrs, &res);
+ if (res) talloc_steal(mods_dn, res);
if (ret == LDB_SUCCESS && (res->count == 0 || res->msgs[0]->num_elements == 0)) {
ldb_debug(ldb, LDB_DEBUG_TRACE, "no modules required by the db\n");
} else {
if (ret != LDB_SUCCESS) {
ldb_debug(ldb, LDB_DEBUG_FATAL, "ldb error (%s) occurred searching for modules, bailing out\n", ldb_errstring(ldb));
+ talloc_free(mem_ctx);
return -1;
}
if (res->count > 1) {
ldb_debug(ldb, LDB_DEBUG_FATAL, "Too many records found (%d), bailing out\n", res->count);
- talloc_free(res);
+ talloc_free(mem_ctx);
return -1;
}
- modules = ldb_modules_list_from_string(ldb,
+ modules = ldb_modules_list_from_string(ldb, mem_ctx,
(const char *)res->msgs[0]->elements[0].values[0].data);
}
- talloc_free(res);
+ talloc_free(mods_dn);
}
if (modules != NULL) {
Modified: branches/SOC/mkhl/ldb-map/include/ldb.h
===================================================================
--- branches/SOC/mkhl/ldb-map/include/ldb.h 2006-08-05 12:50:41 UTC (rev 17422)
+++ branches/SOC/mkhl/ldb-map/include/ldb.h 2006-08-05 17:16:10 UTC (rev 17423)
@@ -423,6 +423,27 @@
#define LDB_CONTROL_PAGED_RESULTS_OID "1.2.840.113556.1.4.319"
/**
+ OID for specifying the returned elements of the ntSecurityDescriptor
+
+ \sa <a href="http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ldap/ldap/ldap_server_sd_flags_oid.asp">Microsoft documentation of this OID</a>
+*/
+#define LDB_CONTROL_SD_FLAGS_OID "1.2.840.113556.1.4.801"
+
+/**
+ OID for specifying an advanced scope for the search (one partition)
+
+ \sa <a href="http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ldap/ldap/ldap_server_domain_scope_oid.asp">Microsoft documentation of this OID</a>
+*/
+#define LDB_CONTROL_DOMAIN_SCOPE_OID "1.2.840.113556.1.4.1339"
+
+/**
+ OID for specifying an advanced scope for a search
+
+ \sa <a href="http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ldap/ldap/ldap_server_search_options_oid.asp">Microsoft documentation of this OID</a>
+*/
+#define LDB_CONTROL_SEARCH_OPTIONS_OID "1.2.840.113556.1.4.1340"
+
+/**
OID for notification
\sa <a href="http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ldap/ldap/ldap_server_notification_oid.asp">Microsoft documentation of this OID</a>
@@ -518,6 +539,33 @@
*/
#define LDB_EXTENDED_FAST_BIND_OID "1.2.840.113556.1.4.1781"
+struct ldb_sd_flags_control {
+ /*
+ * request the owner 0x00000001
+ * request the group 0x00000002
+ * request the DACL 0x00000004
+ * request the SACL 0x00000008
+ */
+ unsigned secinfo_flags;
+};
+
+struct ldb_search_options_control {
+ /*
+ * DOMAIN_SCOPE 0x00000001
+ * this limits the search to one partition,
+ * and no referrals will be returned.
+ * (Note this doesn't limit the entries by there
+ * objectSid belonging to a domain! Builtin and Foreign Sids
+ * are still returned)
+ *
+ * PHANTOM_ROOT 0x00000002
+ * this search on the whole tree on a domain controller
+ * over multiple partitions without referrals.
+ * (This is the default behavior on the Global Catalog Port)
+ */
+ unsigned search_options;
+};
+
struct ldb_paged_control {
int size;
int cookie_len;
Modified: branches/SOC/mkhl/ldb-map/samba/ldif_handlers.c
===================================================================
--- branches/SOC/mkhl/ldb-map/samba/ldif_handlers.c 2006-08-05 12:50:41 UTC (rev 17422)
+++ branches/SOC/mkhl/ldb-map/samba/ldif_handlers.c 2006-08-05 17:16:10 UTC (rev 17423)
@@ -245,11 +245,8 @@
{
struct security_descriptor *sd;
NTSTATUS status;
- const struct dom_sid *domain_sid = samdb_domain_sid(ldb);
- if (domain_sid == NULL) {
- return ldb_handler_copy(ldb, mem_ctx, in, out);
- }
- sd = sddl_decode(mem_ctx, (const char *)in->data, domain_sid);
+
+ sd = sddl_decode(mem_ctx, (const char *)in->data, NULL);
if (sd == NULL) {
return -1;
}
@@ -270,12 +267,7 @@
{
struct security_descriptor *sd;
NTSTATUS status;
- const struct dom_sid *domain_sid = samdb_domain_sid(ldb);
- if (domain_sid == NULL) {
- return ldb_handler_copy(ldb, mem_ctx, in, out);
- }
-
sd = talloc(mem_ctx, struct security_descriptor);
if (sd == NULL) {
return -1;
@@ -286,7 +278,7 @@
talloc_free(sd);
return -1;
}
- out->data = (uint8_t *)sddl_encode(mem_ctx, sd, domain_sid);
+ out->data = (uint8_t *)sddl_encode(mem_ctx, sd, NULL);
talloc_free(sd);
if (out->data == NULL) {
return -1;
@@ -414,6 +406,14 @@
.comparison_fn = ldb_comparison_objectGUID
},
{
+ .attr = "attributeSecurityGUID",
+ .flags = 0,
+ .ldif_read_fn = ldif_read_objectGUID,
+ .ldif_write_fn = ldif_write_objectGUID,
+ .canonicalise_fn = ldb_canonicalise_objectGUID,
+ .comparison_fn = ldb_comparison_objectGUID
+ },
+ {
.attr = "objectCategory",
.flags = 0,
.ldif_read_fn = ldb_handler_copy,
Modified: branches/SOC/mkhl/ldb-map/tools/cmdline.c
===================================================================
--- branches/SOC/mkhl/ldb-map/tools/cmdline.c 2006-08-05 12:50:41 UTC (rev 17422)
+++ branches/SOC/mkhl/ldb-map/tools/cmdline.c 2006-08-05 17:16:10 UTC (rev 17423)
@@ -381,6 +381,77 @@
continue;
}
+ if (strncmp(control_strings[i], "sd_flags:", 9) == 0) {
+ struct ldb_sd_flags_control *control;
+ const char *p;
+ int crit, ret;
+ unsigned secinfo_flags;
+
+ p = &(control_strings[i][9]);
+ ret = sscanf(p, "%d:%u", &crit, &secinfo_flags);
+ if ((ret != 2) || (crit < 0) || (crit > 1) || (secinfo_flags < 0) || (secinfo_flags > 0xF)) {
+ fprintf(stderr, "invalid sd_flags control syntax\n");
+ fprintf(stderr, " syntax: crit(b):secinfo_flags(n)\n");
+ fprintf(stderr, " note: b = boolean, n = number\n");
+ return NULL;
+ }
+
+ ctrl[i] = talloc(ctrl, struct ldb_control);
+ ctrl[i]->oid = LDB_CONTROL_SD_FLAGS_OID;
+ ctrl[i]->critical = crit;
+ control = talloc(ctrl[i], struct ldb_sd_flags_control);
+ control->secinfo_flags = secinfo_flags;
+ ctrl[i]->data = control;
+
+ continue;
+ }
+
+ if (strncmp(control_strings[i], "search_options:", 15) == 0) {
+ struct ldb_search_options_control *control;
+ const char *p;
+ int crit, ret;
+ unsigned search_options;
+
+ p = &(control_strings[i][15]);
+ ret = sscanf(p, "%d:%u", &crit, &search_options);
+ if ((ret != 2) || (crit < 0) || (crit > 1) || (search_options < 0) || (search_options > 0xF)) {
+ fprintf(stderr, "invalid search_options control syntax\n");
+ fprintf(stderr, " syntax: crit(b):search_options(n)\n");
+ fprintf(stderr, " note: b = boolean, n = number\n");
+ return NULL;
+ }
+
+ ctrl[i] = talloc(ctrl, struct ldb_control);
+ ctrl[i]->oid = LDB_CONTROL_SEARCH_OPTIONS_OID;
+ ctrl[i]->critical = crit;
+ control = talloc(ctrl[i], struct ldb_search_options_control);
+ control->search_options = search_options;
+ ctrl[i]->data = control;
+
+ continue;
+ }
+
+ if (strncmp(control_strings[i], "domain_scope:", 13) == 0) {
+ const char *p;
+ int crit, ret;
+
+ p = &(control_strings[i][13]);
+ ret = sscanf(p, "%d", &crit);
+ if ((ret != 1) || (crit < 0) || (crit > 1)) {
+ fprintf(stderr, "invalid domain_scope control syntax\n");
+ fprintf(stderr, " syntax: crit(b)\n");
+ fprintf(stderr, " note: b = boolean\n");
+ return NULL;
+ }
+
+ ctrl[i] = talloc(ctrl, struct ldb_control);
+ ctrl[i]->oid = LDB_CONTROL_DOMAIN_SCOPE_OID;
+ ctrl[i]->critical = crit;
+ ctrl[i]->data = NULL;
+
+ continue;
+ }
+
if (strncmp(control_strings[i], "paged_results:", 14) == 0) {
struct ldb_paged_control *control;
const char *p;
@@ -464,7 +535,7 @@
}
/* no controls matched, throw an error */
- fprintf(stderr, "Invalid control name\n");
+ fprintf(stderr, "Invalid control name: '%s'\n", control_strings[i]);
return NULL;
}
More information about the samba-cvs
mailing list