svn commit: samba r25754 - in branches/SAMBA_4_0:
source/dsdb/samdb/ldb_modules testprogs/ejs
abartlet at samba.org
abartlet at samba.org
Tue Oct 30 21:03:55 GMT 2007
Author: abartlet
Date: 2007-10-30 21:03:54 +0000 (Tue, 30 Oct 2007)
New Revision: 25754
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=25754
Log:
More work on normal forms for ldb input.
This patch is to ensure that all attributes are in the same case as
the schema specifies. In the process, I ensure that all attributes
are indeed in the schema.
This ensures we use the schema case, not the user supplied case for
future responses, which assists any (incorrect, but possible) case
sensitive processing on a client.
I've also removed more of the subtle 'schema &&' that metze objected
to in the for loops, moving to a much more explicit 'if (schema)'.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/objectclass.c
branches/SAMBA_4_0/testprogs/ejs/ldap.js
Changeset:
Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/objectclass.c
===================================================================
--- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/objectclass.c 2007-10-30 21:01:07 UTC (rev 25753)
+++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/objectclass.c 2007-10-30 21:03:54 UTC (rev 25754)
@@ -23,7 +23,11 @@
*
* Component: objectClass sorting module
*
- * Description: sort the objectClass attribute into the class hierarchy
+ * Description:
+ * - sort the objectClass attribute into the class
+ * hierarchy,
+ * - fix DNs and attributes into 'standard' case
+ * - Add objectCategory and ntSecurityDescriptor defaults
*
* Author: Andrew Bartlett
*/
@@ -61,7 +65,7 @@
struct class_list {
struct class_list *prev, *next;
- const char *objectclass;
+ const struct dsdb_class *objectclass;
};
static struct ldb_handle *oc_init_handle(struct ldb_request *req, struct ldb_module *module)
@@ -95,7 +99,12 @@
return h;
}
+/* Sort objectClasses into correct order, and validate that all
+ * objectClasses specified actually exist in the schema
+ */
+
static int objectclass_sort(struct ldb_module *module,
+ const struct dsdb_schema *schema,
struct ldb_message *msg, /* so that when we create new elements, we put it on the right parent */
TALLOC_CTX *mem_ctx,
struct ldb_message_element *objectclass_element,
@@ -103,7 +112,6 @@
{
int i;
int layer;
- const struct dsdb_schema *schema = dsdb_get_schema(module->ldb);
struct class_list *sorted = NULL, *parent_class = NULL,
*subclass = NULL, *unsorted = NULL, *current, *poss_subclass, *poss_parent, *new_parent;
/* DESIGN:
@@ -143,11 +151,15 @@
talloc_free(mem_ctx);
return LDB_ERR_OPERATIONS_ERROR;
}
- current->objectclass = (const char *)objectclass_element->values[i].data;
+ current->objectclass = dsdb_class_by_lDAPDisplayName(schema, (const char *)objectclass_element->values[i].data);
+ if (!current->objectclass) {
+ ldb_asprintf_errstring(module->ldb, "objectclass %s is not a valid objectClass in schema", (const char *)objectclass_element->values[i].data);
+ return LDB_ERR_OBJECT_CLASS_VIOLATION;
+ }
/* this is the root of the tree. We will start
* looking for subclasses from here */
- if (ldb_attr_cmp("top", current->objectclass) == 0) {
+ if (ldb_attr_cmp("top", current->objectclass->lDAPDisplayName) == 0) {
DLIST_ADD_END(parent_class, current, struct class_list *);
} else {
DLIST_ADD_END(unsorted, current, struct class_list *);
@@ -156,29 +168,24 @@
if (parent_class == NULL) {
current = talloc(mem_ctx, struct class_list);
- current->objectclass = talloc_strdup(msg, "top");
+ current->objectclass = dsdb_class_by_lDAPDisplayName(schema, "top");
DLIST_ADD_END(parent_class, current, struct class_list *);
}
/* For each object: find parent chain */
for (current = unsorted; schema && current; current = current->next) {
- const struct dsdb_class *class = dsdb_class_by_lDAPDisplayName(schema, current->objectclass);
- if (!class) {
- ldb_asprintf_errstring(module->ldb, "objectclass %s is not a valid objectClass in schema", current->objectclass);
- return LDB_ERR_OBJECT_CLASS_VIOLATION;
- }
for (poss_parent = unsorted; poss_parent; poss_parent = poss_parent->next) {
- if (ldb_attr_cmp(poss_parent->objectclass, class->subClassOf) == 0) {
+ if (ldb_attr_cmp(poss_parent->objectclass->lDAPDisplayName, current->objectclass->subClassOf) == 0) {
break;
}
}
/* If we didn't get to the end of the list, we need to add this parent */
- if (poss_parent || (ldb_attr_cmp("top", class->subClassOf) == 0)) {
+ if (poss_parent || (ldb_attr_cmp("top", current->objectclass->subClassOf) == 0)) {
continue;
}
new_parent = talloc(mem_ctx, struct class_list);
- new_parent->objectclass = talloc_strdup(msg, class->subClassOf);
+ new_parent->objectclass = dsdb_class_by_lDAPDisplayName(schema, current->objectclass->subClassOf);
DLIST_ADD_END(unsorted, new_parent, struct class_list *);
}
@@ -193,13 +200,12 @@
for (current = parent_class; schema && unsorted && current; current = current->next) {
/* Walk the list of possible subclasses in unsorted */
for (poss_subclass = unsorted; poss_subclass; ) {
- const struct dsdb_class *class = dsdb_class_by_lDAPDisplayName(schema, poss_subclass->objectclass);
struct class_list *next;
/* Save the next pointer, as the DLIST_ macros will change poss_subclass->next */
next = poss_subclass->next;
- if (class && ldb_attr_cmp(class->subClassOf, current->objectclass) == 0) {
+ if (ldb_attr_cmp(poss_subclass->objectclass->subClassOf, current->objectclass->lDAPDisplayName) == 0) {
DLIST_REMOVE(unsorted, poss_subclass);
DLIST_ADD(subclass, poss_subclass);
@@ -237,7 +243,7 @@
* was no 'top', a conflict in the objectClasses or some other
* schema error?
*/
- ldb_asprintf_errstring(module->ldb, "objectclass %s is not a valid objectClass in objectClass chain", unsorted->objectclass);
+ ldb_asprintf_errstring(module->ldb, "objectclass %s is not a valid objectClass in objectClass chain", unsorted->objectclass->lDAPDisplayName);
return LDB_ERR_OBJECT_CLASS_VIOLATION;
}
@@ -335,6 +341,22 @@
*ldb_dn_get_rdn_val(newdn));
}
+/* Fix all attribute names to be in the correct case, and check they are all valid per the schema */
+static int fix_attributes(struct ldb_context *ldb, const struct dsdb_schema *schema, struct ldb_message *msg)
+{
+ int i;
+ for (i=0; i < msg->num_elements; i++) {
+ const struct dsdb_attribute *attribute = dsdb_attribute_by_lDAPDisplayName(schema, msg->elements[i].name);
+ if (!attribute) {
+ ldb_asprintf_errstring(ldb, "objectclass %s is not a valid objectClass in schema", msg->elements[i].name);
+ return LDB_ERR_UNDEFINED_ATTRIBUTE_TYPE;
+ }
+ msg->elements[i].name = attribute->lDAPDisplayName;
+ }
+
+ return LDB_SUCCESS;
+}
+
static int objectclass_add(struct ldb_module *module, struct ldb_request *req)
{
@@ -447,53 +469,56 @@
}
- /* This is now the objectClass list from the database */
- objectclass_element = ldb_msg_find_element(msg, "objectClass");
+ if (schema) {
+ ret = fix_attributes(ac->module->ldb, schema, msg);
+ if (ret != LDB_SUCCESS) {
+ talloc_free(mem_ctx);
+ return ret;
+ }
- if (!objectclass_element) {
- /* Where did it go? bail now... */
- talloc_free(mem_ctx);
- return LDB_ERR_OPERATIONS_ERROR;
- }
- ret = objectclass_sort(ac->module, msg, mem_ctx, objectclass_element, &sorted);
- if (ret != LDB_SUCCESS) {
- talloc_free(mem_ctx);
- return ret;
- }
-
- ldb_msg_remove_attr(msg, "objectClass");
- ret = ldb_msg_add_empty(msg, "objectClass", 0, NULL);
-
- if (ret != LDB_SUCCESS) {
- talloc_free(mem_ctx);
- return ret;
- }
-
- /* We must completely replace the existing objectClass entry,
- * because we need it sorted */
-
- /* Move from the linked list back into an ldb msg */
- for (current = sorted; current; current = current->next) {
- ret = ldb_msg_add_string(msg, "objectClass", current->objectclass);
+ /* This is now the objectClass list from the database */
+ objectclass_element = ldb_msg_find_element(msg, "objectClass");
+
+ if (!objectclass_element) {
+ /* Where did it go? bail now... */
+ talloc_free(mem_ctx);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+ ret = objectclass_sort(ac->module, schema, msg, mem_ctx, objectclass_element, &sorted);
if (ret != LDB_SUCCESS) {
- ldb_set_errstring(ac->module->ldb,
- "objectclass: could not re-add sorted "
- "objectclass to modify msg");
talloc_free(mem_ctx);
return ret;
}
- /* Last one is the critical one */
- if (schema && !current->next) {
- const struct dsdb_class *objectclass
- = dsdb_class_by_lDAPDisplayName(schema,
- current->objectclass);
- if (objectclass) {
+
+ ldb_msg_remove_attr(msg, "objectClass");
+ ret = ldb_msg_add_empty(msg, "objectClass", 0, NULL);
+
+ if (ret != LDB_SUCCESS) {
+ talloc_free(mem_ctx);
+ return ret;
+ }
+
+ /* We must completely replace the existing objectClass entry,
+ * because we need it sorted */
+
+ /* Move from the linked list back into an ldb msg */
+ for (current = sorted; current; current = current->next) {
+ ret = ldb_msg_add_string(msg, "objectClass", current->objectclass->lDAPDisplayName);
+ if (ret != LDB_SUCCESS) {
+ ldb_set_errstring(ac->module->ldb,
+ "objectclass: could not re-add sorted "
+ "objectclass to modify msg");
+ talloc_free(mem_ctx);
+ return ret;
+ }
+ /* Last one is the critical one */
+ if (!current->next) {
if (!ldb_msg_find_element(msg, "objectCategory")) {
ldb_msg_add_string(msg, "objectCategory",
- objectclass->defaultObjectCategory);
+ current->objectclass->defaultObjectCategory);
}
if (!ldb_msg_find_element(msg, "nTSecurityDescriptor")) {
- DATA_BLOB *sd = get_sd(ac->module, mem_ctx, objectclass);
+ DATA_BLOB *sd = get_sd(ac->module, mem_ctx, current->objectclass);
ldb_msg_add_steal_value(msg, "nTSecurityDescriptor", sd);
}
}
@@ -503,6 +528,7 @@
talloc_free(mem_ctx);
ret = ldb_msg_sanity_check(ac->module->ldb, msg);
+
if (ret != LDB_SUCCESS) {
return ret;
}
@@ -520,6 +546,9 @@
{
struct ldb_message_element *objectclass_element;
struct ldb_message *msg;
+ const struct dsdb_schema *schema = dsdb_get_schema(module->ldb);
+ int ret;
+
ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectclass_modify\n");
/* do not manipulate our control entries */
@@ -527,29 +556,57 @@
return ldb_next_request(module, req);
}
+ /* Without schema, there isn't much to do here */
+ if (!schema) {
+ return ldb_next_request(module, req);
+ }
objectclass_element = ldb_msg_find_element(req->op.mod.message, "objectClass");
/* If no part of this touches the objectClass, then we don't
* need to make any changes. */
- /* If the only operation is the deletion of the objectClass then go on */
+
+ /* If the only operation is the deletion of the objectClass
+ * then go on with just fixing the attribute case */
if (!objectclass_element) {
- return ldb_next_request(module, req);
+ struct ldb_request *down_req = talloc(req, struct ldb_request);
+ if (down_req == NULL) {
+ ldb_set_errstring(module->ldb, "Out of memory!");
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ *down_req = *req; /* copy the request */
+
+ down_req->op.mod.message = msg = ldb_msg_copy_shallow(down_req, req->op.mod.message);
+
+ if (down_req->op.mod.message == NULL) {
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ ret = fix_attributes(module->ldb, schema, msg);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+
+ /* go on with the call chain */
+ ret = ldb_next_request(module, down_req);
+
+ /* do not free down_req as the call results may be linked to it,
+ * it will be freed when the upper level request get freed */
+ if (ret == LDB_SUCCESS) {
+ req->handle = down_req->handle;
+ }
+ return ret;
}
switch (objectclass_element->flags & LDB_FLAG_MOD_MASK) {
case LDB_FLAG_MOD_DELETE:
- /* Delete everything? Probably totally illigal, but hey! */
- if (objectclass_element->num_values == 0) {
-
- return ldb_next_request(module, req);
- }
+ return LDB_ERR_OBJECT_CLASS_MODS_PROHIBITED;
break;
case LDB_FLAG_MOD_REPLACE:
{
struct ldb_request *down_req;
struct class_list *sorted, *current;
TALLOC_CTX *mem_ctx;
- int ret;
mem_ctx = talloc_new(req);
if (mem_ctx == NULL) {
return LDB_ERR_OPERATIONS_ERROR;
@@ -567,16 +624,22 @@
down_req->op.mod.message = msg = ldb_msg_copy_shallow(down_req, req->op.mod.message);
- if (down_req->op.add.message == NULL) {
+ if (down_req->op.mod.message == NULL) {
talloc_free(mem_ctx);
return LDB_ERR_OPERATIONS_ERROR;
}
- ret = objectclass_sort(module, msg, mem_ctx, objectclass_element, &sorted);
+ ret = fix_attributes(module->ldb, schema, msg);
if (ret != LDB_SUCCESS) {
+ talloc_free(mem_ctx);
return ret;
}
+ ret = objectclass_sort(module, schema, msg, mem_ctx, objectclass_element, &sorted);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+
/* We must completely replace the existing objectClass entry,
* because we need it sorted */
@@ -590,7 +653,7 @@
/* Move from the linked list back into an ldb msg */
for (current = sorted; current; current = current->next) {
- ret = ldb_msg_add_string(msg, "objectClass", current->objectclass);
+ ret = ldb_msg_add_string(msg, "objectClass", current->objectclass->lDAPDisplayName);
if (ret != LDB_SUCCESS) {
ldb_set_errstring(module->ldb, "objectclass: could not re-add sorted objectclass to modify msg");
talloc_free(mem_ctx);
@@ -638,12 +701,25 @@
/* prepare the first operation */
ac->down_req = talloc(ac, struct ldb_request);
if (ac->down_req == NULL) {
- ldb_set_errstring(module->ldb, "Out of memory!");
+ ldb_oom(ac->module->ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
*(ac->down_req) = *req; /* copy the request */
+ ac->down_req->op.mod.message = msg = ldb_msg_copy_shallow(ac->down_req, req->op.mod.message);
+
+ if (ac->down_req->op.mod.message == NULL) {
+ ldb_oom(ac->module->ldb);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ ret = fix_attributes(ac->module->ldb, schema, msg);
+ if (ret != LDB_SUCCESS) {
+ ldb_oom(ac->module->ldb);
+ return ret;
+ }
+
ac->down_req->context = NULL;
ac->down_req->callback = NULL;
ldb_set_timeout_from_prev_req(module->ldb, req, ac->down_req);
@@ -681,6 +757,7 @@
static int objectclass_do_mod(struct ldb_handle *h) {
+ const struct dsdb_schema *schema;
struct oc_context *ac;
struct ldb_message_element *objectclass_element;
struct ldb_message *msg;
@@ -689,6 +766,7 @@
int ret;
ac = talloc_get_type(h->private_data, struct oc_context);
+ schema = dsdb_get_schema(ac->module->ldb);
mem_ctx = talloc_new(ac);
if (mem_ctx == NULL) {
@@ -727,7 +805,7 @@
/* modify dn */
msg->dn = ac->orig_req->op.mod.message->dn;
- ret = objectclass_sort(ac->module, msg, mem_ctx, objectclass_element, &sorted);
+ ret = objectclass_sort(ac->module, schema, msg, mem_ctx, objectclass_element, &sorted);
if (ret != LDB_SUCCESS) {
return ret;
}
@@ -745,7 +823,7 @@
/* Move from the linked list back into an ldb msg */
for (current = sorted; current; current = current->next) {
- ret = ldb_msg_add_string(msg, "objectClass", current->objectclass);
+ ret = ldb_msg_add_string(msg, "objectClass", current->objectclass->lDAPDisplayName);
if (ret != LDB_SUCCESS) {
ldb_set_errstring(ac->module->ldb, "objectclass: could not re-add sorted objectclass to modify msg");
talloc_free(mem_ctx);
Modified: branches/SAMBA_4_0/testprogs/ejs/ldap.js
===================================================================
--- branches/SAMBA_4_0/testprogs/ejs/ldap.js 2007-10-30 21:01:07 UTC (rev 25753)
+++ branches/SAMBA_4_0/testprogs/ejs/ldap.js 2007-10-30 21:03:54 UTC (rev 25754)
@@ -33,9 +33,9 @@
var ok = ldb.add("
dn: cn=ldaptestuser,cn=uSers," + base_dn + "
-objectClass: user
-objectClass: person
-cn: LDAPtestUSER
+objectclass: user
+objectclass: person
+cN: LDAPtestUSER
");
if (ok.error != 0) {
ok = ldb.del("cn=ldaptestuser,cn=users," + base_dn);
@@ -45,9 +45,9 @@
}
ok = ldb.add("
dn: cn=ldaptestuser,cn=uSers," + base_dn + "
-objectClass: user
-objectClass: person
-cn: LDAPtestUSER
+objectclass: user
+objectclass: person
+cN: LDAPtestUSER
");
if (ok.error != 0) {
println(ok.errstr);
@@ -57,8 +57,8 @@
var ok = ldb.add("
dn: cn=ldaptestcomputer,cn=computers," + base_dn + "
-objectClass: computer
-cn: LDAPtestCOMPUTER
+objectclass: computer
+cN: LDAPtestCOMPUTER
");
if (ok.error != 0) {
ok = ldb.del("cn=ldaptestcomputer,cn=computers," + base_dn);
More information about the samba-cvs
mailing list