svn commit: samba r22797 - in branches: SAMBA_3_0/source/include
SAMBA_3_0/source/libads SAMBA_3_0/source/libgpo
SAMBA_3_0_26/source/include SAMBA_3_0_26/source/libads
SAMBA_3_0_26/source/libgpo
gd at samba.org
gd at samba.org
Fri May 11 12:52:49 GMT 2007
Author: gd
Date: 2007-05-11 12:52:48 +0000 (Fri, 11 May 2007)
New Revision: 22797
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=22797
Log:
We are only interested in the DACL of the security descriptor, so search with
the SD_FLAGS control.
Guenther
Modified:
branches/SAMBA_3_0/source/include/ads.h
branches/SAMBA_3_0/source/include/ads_protos.h
branches/SAMBA_3_0/source/libads/ldap.c
branches/SAMBA_3_0/source/libads/ldap_utils.c
branches/SAMBA_3_0/source/libgpo/gpo_ldap.c
branches/SAMBA_3_0_26/source/include/ads.h
branches/SAMBA_3_0_26/source/include/ads_protos.h
branches/SAMBA_3_0_26/source/libads/ldap.c
branches/SAMBA_3_0_26/source/libads/ldap_utils.c
branches/SAMBA_3_0_26/source/libgpo/gpo_ldap.c
Changeset:
Modified: branches/SAMBA_3_0/source/include/ads.h
===================================================================
--- branches/SAMBA_3_0/source/include/ads.h 2007-05-11 12:41:11 UTC (rev 22796)
+++ branches/SAMBA_3_0/source/include/ads.h 2007-05-11 12:52:48 UTC (rev 22797)
@@ -121,6 +121,7 @@
#define ADS_PERMIT_MODIFY_OID "1.2.840.113556.1.4.1413"
#define ADS_ASQ_OID "1.2.840.113556.1.4.1504"
#define ADS_EXTENDED_DN_OID "1.2.840.113556.1.4.529"
+#define ADS_SD_FLAGS_OID "1.2.840.113556.1.4.801"
/* ldap attribute oids (Services for Unix) */
#define ADS_ATTR_SFU_UIDNUMBER_OID "1.2.840.113556.1.6.18.1.310"
Modified: branches/SAMBA_3_0/source/include/ads_protos.h
===================================================================
--- branches/SAMBA_3_0/source/include/ads_protos.h 2007-05-11 12:41:11 UTC (rev 22796)
+++ branches/SAMBA_3_0/source/include/ads_protos.h 2007-05-11 12:52:48 UTC (rev 22797)
@@ -102,3 +102,13 @@
LDAPMessage *res,
const char *gpo_dn,
struct GROUP_POLICY_OBJECT *gpo);
+ADS_STATUS ads_search_retry_dn_sd_flags(ADS_STRUCT *ads, LDAPMessage **res,
+ uint32 sd_flags,
+ const char *dn,
+ const char **attrs);
+ADS_STATUS ads_do_search_all_sd_flags(ADS_STRUCT *ads, const char *bind_path,
+ int scope, const char *expr,
+ const char **attrs, uint32 sd_flags,
+ LDAPMessage **res);
+
+
Modified: branches/SAMBA_3_0/source/libads/ldap.c
===================================================================
--- branches/SAMBA_3_0/source/libads/ldap.c 2007-05-11 12:41:11 UTC (rev 22796)
+++ branches/SAMBA_3_0/source/libads/ldap.c 2007-05-11 12:52:48 UTC (rev 22797)
@@ -570,11 +570,11 @@
{
int rc, i, version;
char *utf8_expr, *utf8_path, **search_attrs;
- LDAPControl PagedResults, NoReferrals, ExtendedDn, *controls[4], **rcontrols;
+ LDAPControl PagedResults, NoReferrals, ExternalCtrl, *controls[4], **rcontrols;
BerElement *cookie_be = NULL;
struct berval *cookie_bv= NULL;
- BerElement *extdn_be = NULL;
- struct berval *extdn_bv= NULL;
+ BerElement *ext_be = NULL;
+ struct berval *ext_bv= NULL;
TALLOC_CTX *ctx;
ads_control *external_control = (ads_control *) args;
@@ -604,7 +604,6 @@
}
}
-
/* Paged results only available on ldap v3 or later */
ldap_get_option(ads->ld, LDAP_OPT_PROTOCOL_VERSION, &version);
if (version < LDAP_VERSION3) {
@@ -631,40 +630,42 @@
NoReferrals.ldctl_value.bv_len = 0;
NoReferrals.ldctl_value.bv_val = CONST_DISCARD(char *, "");
- if (external_control && strequal(external_control->control, ADS_EXTENDED_DN_OID)) {
+ if (external_control &&
+ (strequal(external_control->control, ADS_EXTENDED_DN_OID) ||
+ strequal(external_control->control, ADS_SD_FLAGS_OID))) {
- ExtendedDn.ldctl_oid = CONST_DISCARD(char *, external_control->control);
- ExtendedDn.ldctl_iscritical = (char) external_control->critical;
+ ExternalCtrl.ldctl_oid = CONST_DISCARD(char *, external_control->control);
+ ExternalCtrl.ldctl_iscritical = (char) external_control->critical;
/* win2k does not accept a ldctl_value beeing passed in */
if (external_control->val != 0) {
- if ((extdn_be = ber_alloc_t(LBER_USE_DER)) == NULL ) {
+ if ((ext_be = ber_alloc_t(LBER_USE_DER)) == NULL ) {
rc = LDAP_NO_MEMORY;
goto done;
}
- if ((ber_printf(extdn_be, "{i}", (ber_int_t) external_control->val)) == -1) {
+ if ((ber_printf(ext_be, "{i}", (ber_int_t) external_control->val)) == -1) {
rc = LDAP_NO_MEMORY;
goto done;
}
- if ((ber_flatten(extdn_be, &extdn_bv)) == -1) {
+ if ((ber_flatten(ext_be, &extdn_bv)) == -1) {
rc = LDAP_NO_MEMORY;
goto done;
}
- ExtendedDn.ldctl_value.bv_len = extdn_bv->bv_len;
- ExtendedDn.ldctl_value.bv_val = extdn_bv->bv_val;
+ ExternalCtrl.ldctl_value.bv_len = ext_bv->bv_len;
+ ExternalCtrl.ldctl_value.bv_val = ext_bv->bv_val;
} else {
- ExtendedDn.ldctl_value.bv_len = 0;
- ExtendedDn.ldctl_value.bv_val = NULL;
+ ExternalCtrl.ldctl_value.bv_len = 0;
+ ExternalCtrl.ldctl_value.bv_val = NULL;
}
controls[0] = &NoReferrals;
controls[1] = &PagedResults;
- controls[2] = &ExtendedDn;
+ controls[2] = &ExternalCtrl;
controls[3] = NULL;
} else {
@@ -725,12 +726,12 @@
done:
talloc_destroy(ctx);
- if (extdn_be) {
- ber_free(extdn_be, 1);
+ if (ext_be) {
+ ber_free(ext_be, 1);
}
- if (extdn_bv) {
- ber_bvfree(extdn_bv);
+ if (ext_bv) {
+ ber_bvfree(ext_bv);
}
/* if/when we decide to utf8-encode attrs, take out this next line */
@@ -810,6 +811,21 @@
return ads_do_search_all_args(ads, bind_path, scope, expr, attrs, NULL, res);
}
+ ADS_STATUS ads_do_search_all_sd_flags(ADS_STRUCT *ads, const char *bind_path,
+ int scope, const char *expr,
+ const char **attrs, uint32 sd_flags,
+ LDAPMessage **res)
+{
+ ads_control args;
+
+ args.control = ADS_SD_FLAGS_OID;
+ args.val = sd_flags;
+ args.critical = True;
+
+ return ads_do_search_all_args(ads, bind_path, scope, expr, attrs, &args, res);
+}
+
+
/**
* Run a function on all results for a search. Uses ads_do_paged_search() and
* runs the function as each page is returned, using ads_process_results()
Modified: branches/SAMBA_3_0/source/libads/ldap_utils.c
===================================================================
--- branches/SAMBA_3_0/source/libads/ldap_utils.c 2007-05-11 12:41:11 UTC (rev 22796)
+++ branches/SAMBA_3_0/source/libads/ldap_utils.c 2007-05-11 12:52:48 UTC (rev 22797)
@@ -4,6 +4,7 @@
Some Helpful wrappers on LDAP
Copyright (C) Andrew Tridgell 2001
+ Copyright (C) Guenther Deschner 2006,2007
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -187,6 +188,21 @@
}
+ ADS_STATUS ads_search_retry_dn_sd_flags(ADS_STRUCT *ads, LDAPMessage **res,
+ uint32 sd_flags,
+ const char *dn,
+ const char **attrs)
+{
+ ads_control args;
+
+ args.control = ADS_SD_FLAGS_OID;
+ args.val = sd_flags;
+ args.critical = True;
+
+ return ads_do_search_retry_args(ads, dn, LDAP_SCOPE_BASE,
+ "(objectclass=*)", attrs, &args, res);
+}
+
ADS_STATUS ads_search_retry_sid(ADS_STRUCT *ads, LDAPMessage **res,
const DOM_SID *sid,
const char **attrs)
Modified: branches/SAMBA_3_0/source/libgpo/gpo_ldap.c
===================================================================
--- branches/SAMBA_3_0/source/libgpo/gpo_ldap.c 2007-05-11 12:41:11 UTC (rev 22796)
+++ branches/SAMBA_3_0/source/libgpo/gpo_ldap.c 2007-05-11 12:52:48 UTC (rev 22797)
@@ -459,6 +459,7 @@
"gPCFunctionalityVersion", "gPCMachineExtensionNames",
"gPCUserExtensionNames", "gPCWQLFilter", "name",
"versionNumber", "ntSecurityDescriptor", NULL};
+ uint32 sd_flags = DACL_SECURITY_INFORMATION;
ZERO_STRUCTP(gpo);
@@ -472,7 +473,9 @@
gpo_dn = gpo_dn + strlen("LDAP://");
}
- status = ads_search_dn(ads, &res, gpo_dn, attrs);
+ status = ads_search_retry_dn_sd_flags(ads, &res,
+ sd_flags,
+ gpo_dn, attrs);
} else if (display_name || guid_name) {
@@ -482,9 +485,9 @@
display_name ? display_name : guid_name);
ADS_ERROR_HAVE_NO_MEMORY(filter);
- status = ads_do_search_all(ads, ads->config.bind_path,
- LDAP_SCOPE_SUBTREE, filter,
- attrs, &res);
+ status = ads_do_search_all_sd_flags(ads, ads->config.bind_path,
+ LDAP_SCOPE_SUBTREE, filter,
+ attrs, sd_flags, &res);
}
if (!ADS_ERR_OK(status)) {
Modified: branches/SAMBA_3_0_26/source/include/ads.h
===================================================================
--- branches/SAMBA_3_0_26/source/include/ads.h 2007-05-11 12:41:11 UTC (rev 22796)
+++ branches/SAMBA_3_0_26/source/include/ads.h 2007-05-11 12:52:48 UTC (rev 22797)
@@ -121,6 +121,7 @@
#define ADS_PERMIT_MODIFY_OID "1.2.840.113556.1.4.1413"
#define ADS_ASQ_OID "1.2.840.113556.1.4.1504"
#define ADS_EXTENDED_DN_OID "1.2.840.113556.1.4.529"
+#define ADS_SD_FLAGS_OID "1.2.840.113556.1.4.801"
/* ldap attribute oids (Services for Unix) */
#define ADS_ATTR_SFU_UIDNUMBER_OID "1.2.840.113556.1.6.18.1.310"
Modified: branches/SAMBA_3_0_26/source/include/ads_protos.h
===================================================================
--- branches/SAMBA_3_0_26/source/include/ads_protos.h 2007-05-11 12:41:11 UTC (rev 22796)
+++ branches/SAMBA_3_0_26/source/include/ads_protos.h 2007-05-11 12:52:48 UTC (rev 22797)
@@ -93,3 +93,13 @@
LDAPMessage *res,
const char *gpo_dn,
struct GROUP_POLICY_OBJECT *gpo);
+ADS_STATUS ads_search_retry_dn_sd_flags(ADS_STRUCT *ads, LDAPMessage **res,
+ uint32 sd_flags,
+ const char *dn,
+ const char **attrs);
+ADS_STATUS ads_do_search_all_sd_flags(ADS_STRUCT *ads, const char *bind_path,
+ int scope, const char *expr,
+ const char **attrs, uint32 sd_flags,
+ LDAPMessage **res);
+
+
Modified: branches/SAMBA_3_0_26/source/libads/ldap.c
===================================================================
--- branches/SAMBA_3_0_26/source/libads/ldap.c 2007-05-11 12:41:11 UTC (rev 22796)
+++ branches/SAMBA_3_0_26/source/libads/ldap.c 2007-05-11 12:52:48 UTC (rev 22797)
@@ -570,11 +570,11 @@
{
int rc, i, version;
char *utf8_expr, *utf8_path, **search_attrs;
- LDAPControl PagedResults, NoReferrals, ExtendedDn, *controls[4], **rcontrols;
+ LDAPControl PagedResults, NoReferrals, ExternalCtrl, *controls[4], **rcontrols;
BerElement *cookie_be = NULL;
struct berval *cookie_bv= NULL;
- BerElement *extdn_be = NULL;
- struct berval *extdn_bv= NULL;
+ BerElement *ext_be = NULL;
+ struct berval *ext_bv= NULL;
TALLOC_CTX *ctx;
ads_control *external_control = (ads_control *) args;
@@ -604,7 +604,6 @@
}
}
-
/* Paged results only available on ldap v3 or later */
ldap_get_option(ads->ld, LDAP_OPT_PROTOCOL_VERSION, &version);
if (version < LDAP_VERSION3) {
@@ -631,40 +630,42 @@
NoReferrals.ldctl_value.bv_len = 0;
NoReferrals.ldctl_value.bv_val = CONST_DISCARD(char *, "");
- if (external_control && strequal(external_control->control, ADS_EXTENDED_DN_OID)) {
+ if (external_control &&
+ (strequal(external_control->control, ADS_EXTENDED_DN_OID) ||
+ strequal(external_control->control, ADS_SD_FLAGS_OID))) {
- ExtendedDn.ldctl_oid = CONST_DISCARD(char *, external_control->control);
- ExtendedDn.ldctl_iscritical = (char) external_control->critical;
+ ExternalCtrl.ldctl_oid = CONST_DISCARD(char *, external_control->control);
+ ExternalCtrl.ldctl_iscritical = (char) external_control->critical;
/* win2k does not accept a ldctl_value beeing passed in */
if (external_control->val != 0) {
- if ((extdn_be = ber_alloc_t(LBER_USE_DER)) == NULL ) {
+ if ((ext_be = ber_alloc_t(LBER_USE_DER)) == NULL ) {
rc = LDAP_NO_MEMORY;
goto done;
}
- if ((ber_printf(extdn_be, "{i}", (ber_int_t) external_control->val)) == -1) {
+ if ((ber_printf(ext_be, "{i}", (ber_int_t) external_control->val)) == -1) {
rc = LDAP_NO_MEMORY;
goto done;
}
- if ((ber_flatten(extdn_be, &extdn_bv)) == -1) {
+ if ((ber_flatten(ext_be, &extdn_bv)) == -1) {
rc = LDAP_NO_MEMORY;
goto done;
}
- ExtendedDn.ldctl_value.bv_len = extdn_bv->bv_len;
- ExtendedDn.ldctl_value.bv_val = extdn_bv->bv_val;
+ ExternalCtrl.ldctl_value.bv_len = ext_bv->bv_len;
+ ExternalCtrl.ldctl_value.bv_val = ext_bv->bv_val;
} else {
- ExtendedDn.ldctl_value.bv_len = 0;
- ExtendedDn.ldctl_value.bv_val = NULL;
+ ExternalCtrl.ldctl_value.bv_len = 0;
+ ExternalCtrl.ldctl_value.bv_val = NULL;
}
controls[0] = &NoReferrals;
controls[1] = &PagedResults;
- controls[2] = &ExtendedDn;
+ controls[2] = &ExternalCtrl;
controls[3] = NULL;
} else {
@@ -725,12 +726,12 @@
done:
talloc_destroy(ctx);
- if (extdn_be) {
- ber_free(extdn_be, 1);
+ if (ext_be) {
+ ber_free(ext_be, 1);
}
- if (extdn_bv) {
- ber_bvfree(extdn_bv);
+ if (ext_bv) {
+ ber_bvfree(ext_bv);
}
/* if/when we decide to utf8-encode attrs, take out this next line */
@@ -810,6 +811,21 @@
return ads_do_search_all_args(ads, bind_path, scope, expr, attrs, NULL, res);
}
+ ADS_STATUS ads_do_search_all_sd_flags(ADS_STRUCT *ads, const char *bind_path,
+ int scope, const char *expr,
+ const char **attrs, uint32 sd_flags,
+ LDAPMessage **res)
+{
+ ads_control args;
+
+ args.control = ADS_SD_FLAGS_OID;
+ args.val = sd_flags;
+ args.critical = True;
+
+ return ads_do_search_all_args(ads, bind_path, scope, expr, attrs, &args, res);
+}
+
+
/**
* Run a function on all results for a search. Uses ads_do_paged_search() and
* runs the function as each page is returned, using ads_process_results()
Modified: branches/SAMBA_3_0_26/source/libads/ldap_utils.c
===================================================================
--- branches/SAMBA_3_0_26/source/libads/ldap_utils.c 2007-05-11 12:41:11 UTC (rev 22796)
+++ branches/SAMBA_3_0_26/source/libads/ldap_utils.c 2007-05-11 12:52:48 UTC (rev 22797)
@@ -4,6 +4,7 @@
Some Helpful wrappers on LDAP
Copyright (C) Andrew Tridgell 2001
+ Copyright (C) Guenther Deschner 2006,2007
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -163,6 +164,21 @@
"(objectclass=*)", attrs, &args, res);
}
+ ADS_STATUS ads_search_retry_dn_sd_flags(ADS_STRUCT *ads, LDAPMessage **res,
+ uint32 sd_flags,
+ const char *dn,
+ const char **attrs)
+{
+ ads_control args;
+
+ args.control = ADS_SD_FLAGS_OID;
+ args.val = sd_flags;
+ args.critical = True;
+
+ return ads_do_search_retry_args(ads, dn, LDAP_SCOPE_BASE,
+ "(objectclass=*)", attrs, &args, res);
+}
+
ADS_STATUS ads_search_retry_sid(ADS_STRUCT *ads, LDAPMessage **res,
const DOM_SID *sid,
const char **attrs)
Modified: branches/SAMBA_3_0_26/source/libgpo/gpo_ldap.c
===================================================================
--- branches/SAMBA_3_0_26/source/libgpo/gpo_ldap.c 2007-05-11 12:41:11 UTC (rev 22796)
+++ branches/SAMBA_3_0_26/source/libgpo/gpo_ldap.c 2007-05-11 12:52:48 UTC (rev 22797)
@@ -459,6 +459,7 @@
"gPCFunctionalityVersion", "gPCMachineExtensionNames",
"gPCUserExtensionNames", "gPCWQLFilter", "name",
"versionNumber", "ntSecurityDescriptor", NULL};
+ uint32 sd_flags = DACL_SECURITY_INFORMATION;
ZERO_STRUCTP(gpo);
@@ -472,7 +473,9 @@
gpo_dn = gpo_dn + strlen("LDAP://");
}
- status = ads_search_dn(ads, &res, gpo_dn, attrs);
+ status = ads_search_retry_dn_sd_flags(ads, &res,
+ sd_flags,
+ gpo_dn, attrs);
} else if (display_name || guid_name) {
@@ -482,9 +485,9 @@
display_name ? display_name : guid_name);
ADS_ERROR_HAVE_NO_MEMORY(filter);
- status = ads_do_search_all(ads, ads->config.bind_path,
- LDAP_SCOPE_SUBTREE, filter,
- attrs, &res);
+ status = ads_do_search_all_sd_flags(ads, ads->config.bind_path,
+ LDAP_SCOPE_SUBTREE, filter,
+ attrs, sd_flags, &res);
}
if (!ADS_ERR_OK(status)) {
More information about the samba-cvs
mailing list