[SCM] Samba Shared Repository - branch master updated -
fc7e41d6ff838be7780161265a0b486b6937139b
Andrew Bartlett
abartlet at samba.org
Wed Dec 17 01:30:15 GMT 2008
The branch, master has been updated
via fc7e41d6ff838be7780161265a0b486b6937139b (commit)
via eb3714acfad21be9de0a2424f1f4943e7ff5f0b7 (commit)
via 12a7eeeaf4a21329a124d467e2d6616467fa17d1 (commit)
via ebe1e923c862798602b563211ec8c625fc4032ea (commit)
via 1f28541a241d2dc4c5460344f817d56182a672ce (commit)
via 911cf5d62569e77e9f490f28e776b5b47c81e05b (commit)
via d68ad8218ff104da35c2ed5b389c18926484c3af (commit)
via 596fe759e1fed835173146a74ac9986066acc48e (commit)
via 18ef32f4ce6e1fe240aa042a81fb493eaae421af (commit)
via 74f304ec30d2c6e1d6693beb69da3e98852d62ed (commit)
via f0418a160000df9b79e67fd9bf468831889d3e41 (commit)
via 3ef91c9b02c283f118dac0a04c08aebe95692360 (commit)
via e4ccd69d496cca1f85fcb6fb3ca3509435914ad0 (commit)
via 408a752a63ae83dcd32008295ee2a5bfe9a96085 (commit)
via 1107021f3aa4ad1a3995a018d11aed485aa39c38 (commit)
via b65f1a097754d32dd8b156e719d4a4f328bf4fbc (commit)
via ced158d25066a236fba36c0e8391de1eab301a17 (commit)
via f7c53e0addb13dd085ed102b8afaec2122e078ea (commit)
via 30ae74d39957b56f7ad893275fc7704b5b923332 (commit)
via fc61ef2afceb6e0f89e0ede406cadca4989a2464 (commit)
via 7a7573d57016b466eef7a48bc189289744ca4c7c (commit)
via aa3eab70d5f9415dca7ccc37d87e9a0ca82855c7 (commit)
via 8ce5640fbfd48debc3e6b3f27e07d1a0d79bd2b4 (commit)
via 56d39e1711854f4e82f8370955a34539be22c483 (commit)
via d2ec925c63fdcfd102f7adcc345ce9f1fe886fd3 (commit)
from 99f7f737356a83348aeda1723d7e1b846a4693c1 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit fc7e41d6ff838be7780161265a0b486b6937139b
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Dec 16 09:12:06 2008 +0100
s4:testprogs: improve extended dn testing of the ldb blackbox tests
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit eb3714acfad21be9de0a2424f1f4943e7ff5f0b7
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Dec 16 09:11:11 2008 +0100
s4:ldb: add some python tests for extended dns
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 12a7eeeaf4a21329a124d467e2d6616467fa17d1
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Dec 16 09:23:07 2008 +0100
s4:dsdb: remove normalise module
The extended_dn_out module provides the functionality now.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit ebe1e923c862798602b563211ec8c625fc4032ea
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Dec 16 09:18:21 2008 +0100
s4:provision: use extended_dn_out_ldb or extended_dn_out_dereference depending on the backend
This just changes the existing stratagy of loading different modules
for the OpenLDAP backend to also include extended_dn_out_*
When we provision the OpenLDAP backend, we make sure to include the
'deref' overlay (which must be made available by the OpenLDAP build)
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 1f28541a241d2dc4c5460344f817d56182a672ce
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Dec 16 09:21:55 2008 +0100
s4:dsdb: split extended_dn into extended_dn_in, extended_dn_out and extended_dn_store.
By splitting the module, the extended_dn_in and extended_dn_store
moudles can use extended_dn_out to actually get the extended DN. This
avoids code duplication.
The extended_dn_out module also contains a client implementation of
the OpenLDAP dereference control (draft-masarati-ldap-deref-00).
This also introduces a new control
'DSDB_CONTROL_DN_STORAGE_FORMAT_OID' to ask the extended_dn_out module
to return whatever the 'storage format' is. This allows us to work
with both OpenLDAP (which performs a dereference at run time) and LDB
(which stores the GUID and SID on disk).
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 911cf5d62569e77e9f490f28e776b5b47c81e05b
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Nov 20 20:06:16 2008 +1100
s4:dsdb: Make the linked_attributes module set an extended dn
This means that linked attributes will always have the same case form
as the actaul entry, as we search for that entry. We then also use
the GUID and SID found on that entry to fill in the extended DN on disk.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit d68ad8218ff104da35c2ed5b389c18926484c3af
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Dec 16 09:01:35 2008 +0100
s4:rootdse: fix the logic to indentify a rootdse search
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 596fe759e1fed835173146a74ac9986066acc48e
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Dec 16 08:59:05 2008 +0100
s4:ldb: make it possible to return per entry controls
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 18ef32f4ce6e1fe240aa042a81fb493eaae421af
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Dec 16 08:51:41 2008 +0100
s4:selftest: lower debug level for slapd
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 74f304ec30d2c6e1d6693beb69da3e98852d62ed
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Dec 16 08:48:44 2008 +0100
s4:setup: fix cut-n-paste error Builtin-Domain => Samba4-Local-Domain
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit f0418a160000df9b79e67fd9bf468831889d3e41
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Dec 16 08:48:01 2008 +0100
s4:setup: don't set objectCategory: CN=Domain-DNS,${SCHEMADN}
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 3ef91c9b02c283f118dac0a04c08aebe95692360
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Dec 16 08:45:43 2008 +0100
s4:torture: add ldb tests
These tests are for both the new extended DN functionality (and were
vital in finding bugs during implementation) and for the normal DN
parsing and comparison routines.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit e4ccd69d496cca1f85fcb6fb3ca3509435914ad0
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Dec 16 08:44:11 2008 +0100
s4:ldap_server: return the extended dn to the LDAP client if available
This uses an early peek at the extended_dn_control (in the request) to see what output
format to use.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 408a752a63ae83dcd32008295ee2a5bfe9a96085
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Dec 16 08:43:12 2008 +0100
s4:ldb-samba: register samba specific extended dn handlers
This provides the two extended DN handlers for the GUID and SID types,
and makes the parsing more strict (where possible, it uses
ndr_pull_struct_blob_all(), to cause an error if trailing data is
found).
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 1107021f3aa4ad1a3995a018d11aed485aa39c38
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Dec 16 08:41:22 2008 +0100
s4:samldb: make use of dom_sid_split_rid()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit b65f1a097754d32dd8b156e719d4a4f328bf4fbc
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Dec 16 08:40:49 2008 +0100
s4:samldb: improve error strings
When things go wrong with LDB, this routine seems to be particularly
sensitive to it. This extra debugging should help the next poor soul who
breaks LDB.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit ced158d25066a236fba36c0e8391de1eab301a17
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Dec 16 08:34:48 2008 +0100
s4:ldb.i: hang the dn on the NULL context as the python destructor will free it
This fixes a bug in the ldb.i python wrapper, that showed up under valgrind.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit f7c53e0addb13dd085ed102b8afaec2122e078ea
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Dec 16 08:33:32 2008 +0100
s4:ldb: use try to print the extended dn in the ldif output
This allows searches with the extended DN control to still print the
extended DN in ldif output (it would otherwise be parsed and hidden in
the structure).
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 30ae74d39957b56f7ad893275fc7704b5b923332
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Dec 16 08:28:55 2008 +0100
s4:dsdb: add support for DSDB_OPENLDAP_DEREFERENCE_CONTROL
Encode and decode the OpenLDAP dereference control (draft-masarati-ldap-deref-00)
At this time, the ldb_controls infrustructure does not handle request
and reply controls having different formats, so this is purely the
client implementation (ie, there is no decode of the client->server
packet, and no encode of the server->client packet).
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit fc61ef2afceb6e0f89e0ede406cadca4989a2464
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Dec 16 08:27:51 2008 +0100
s4:libcli/ldap: split out a ldap_decode_attribs_bare() function
The OpenLDAP dereference control (draft-masarati-ldap-deref-00) uses
an attribute list, as found in the search reply, but without one
enclosing ASN1_SEQUENCE(0)
This allows the dereference control parsing code to use this as a
helper function.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 7a7573d57016b466eef7a48bc189289744ca4c7c
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Dec 16 08:25:44 2008 +0100
s4:ldb_ildap: try to pass extended DNs to the server
Whenever we pass a DN to the LDAP server, we now use
ldb_dn_get_extended_linearized(). This allows us to send the extended
DN if set, and therefore allows searches of the form
'<GUID=aaa45ea0-94cd-45e9-8753-abe455d9a8f1>'.
We actually use the '0' format (GUID=aaa45ea094cd45e98753abe455d9a8f1)
because it is more widely supported (by Win2k in particular).
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit aa3eab70d5f9415dca7ccc37d87e9a0ca82855c7
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Dec 16 08:19:07 2008 +0100
s4:ldb: add infrastructure for extended dn handlers
This introduces a new set of pluggable syntax, for use on the
extended DN, and uses them when parsing the DN.
If the DN appears to be in the extended form, we no longer return the
full DN 'as is', but only return the normal part from
ldb_dn_get_linearized().
When validating/parsing the DN we validate not only the format of the
DN, but also the contents of the GUID or SID (to ensure they are
plausable).
We also have functions to set and get the extended components on the DN.
For now, extended_dn_get_linearized() returns a newly constructed and
allocated string each time.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 8ce5640fbfd48debc3e6b3f27e07d1a0d79bd2b4
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Dec 8 22:22:21 2008 +1100
Add hint to use passwordAttributes in @KLUDGE_ACL in future
This module is not used at the moment, but if we do use it again, we
should try to avoid duplicate lists.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 56d39e1711854f4e82f8370955a34539be22c483
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Dec 4 10:38:07 2008 +1100
Make greater use of 'GUID_from_data_blob'
This avoids accidentily running off the end of a string, and uses a
single 'guess which type of GUID I have' algorithm.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit d2ec925c63fdcfd102f7adcc345ce9f1fe886fd3
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Dec 10 17:23:44 2008 +1100
Fix sequence number generation against OpenLDAP
It seems that in 2deeb99fff1a90c79ba1927e1a069362e250a63c adding the
partition control to this request was missed out.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze at samba.org>
-----------------------------------------------------------------------
Summary of changes:
selftest/target/Samba4.pm | 2 +-
source4/dsdb/samdb/ldb_modules/anr.c | 2 +-
source4/dsdb/samdb/ldb_modules/config.mk | 48 +-
source4/dsdb/samdb/ldb_modules/extended_dn.c | 666 ------------------
source4/dsdb/samdb/ldb_modules/extended_dn_in.c | 394 +++++++++++
source4/dsdb/samdb/ldb_modules/extended_dn_out.c | 655 +++++++++++++++++
source4/dsdb/samdb/ldb_modules/extended_dn_store.c | 431 ++++++++++++
source4/dsdb/samdb/ldb_modules/kludge_acl.c | 2 +-
source4/dsdb/samdb/ldb_modules/linked_attributes.c | 517 +++++++++-----
source4/dsdb/samdb/ldb_modules/local_password.c | 9 +-
source4/dsdb/samdb/ldb_modules/normalise.c | 194 -----
source4/dsdb/samdb/ldb_modules/partition.c | 10 +-
source4/dsdb/samdb/ldb_modules/proxy.c | 2 +-
source4/dsdb/samdb/ldb_modules/ranged_results.c | 2 +-
source4/dsdb/samdb/ldb_modules/rootdse.c | 5 +-
source4/dsdb/samdb/ldb_modules/samldb.c | 21 +-
source4/dsdb/samdb/ldb_modules/schema_fsmo.c | 4 +-
source4/dsdb/samdb/ldb_modules/show_deleted.c | 2 +-
source4/dsdb/samdb/ldb_modules/simple_ldap_map.c | 51 +--
source4/dsdb/samdb/samdb.h | 27 +
source4/ldap_server/ldap_backend.c | 17 +-
source4/lib/ldb-samba/ldif_handlers.c | 189 ++++--
source4/lib/ldb/common/ldb_attributes.c | 47 ++
source4/lib/ldb/common/ldb_controls.c | 20 +
source4/lib/ldb/common/ldb_dn.c | 453 +++++++++++--
source4/lib/ldb/common/ldb_ldif.c | 6 +-
source4/lib/ldb/common/ldb_modules.c | 6 +-
source4/lib/ldb/include/ldb.h | 91 +++-
source4/lib/ldb/include/ldb_private.h | 6 +-
source4/lib/ldb/ldb.i | 2 +
source4/lib/ldb/ldb_ildap/ldb_ildap.c | 14 +-
source4/lib/ldb/ldb_ldap/ldb_ldap.c | 2 +-
source4/lib/ldb/ldb_map/ldb_map_outbound.c | 2 +-
source4/lib/ldb/ldb_tdb/ldb_index.c | 2 +-
source4/lib/ldb/ldb_tdb/ldb_search.c | 2 +-
source4/lib/ldb/modules/asq.c | 2 +-
source4/lib/ldb/modules/operational.c | 2 +-
source4/lib/ldb/modules/paged_results.c | 2 +-
source4/lib/ldb/modules/paged_searches.c | 2 +-
source4/lib/ldb/modules/sort.c | 2 +-
source4/lib/ldb/tests/python/ldap.py | 87 ++-
source4/libcli/ldap/ldap.c | 26 +-
source4/libcli/ldap/ldap_controls.c | 115 +++
source4/scripting/python/samba/provision.py | 12 +-
source4/setup/provision_basedn_modify.ldif | 3 -
source4/setup/schema_samba4.ldif | 2 +-
source4/setup/slapd.conf | 2 +
source4/torture/config.mk | 16 +-
source4/torture/ldb/ldb.c | 735 ++++++++++++++++++++
source4/torture/torture.c | 1 +
testprogs/blackbox/test_ldb.sh | 14 +-
51 files changed, 3607 insertions(+), 1319 deletions(-)
delete mode 100644 source4/dsdb/samdb/ldb_modules/extended_dn.c
create mode 100644 source4/dsdb/samdb/ldb_modules/extended_dn_in.c
create mode 100644 source4/dsdb/samdb/ldb_modules/extended_dn_out.c
create mode 100644 source4/dsdb/samdb/ldb_modules/extended_dn_store.c
delete mode 100644 source4/dsdb/samdb/ldb_modules/normalise.c
create mode 100644 source4/torture/ldb/ldb.c
Changeset truncated at 500 lines:
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index 5cc34c7..1dfb67e 100644
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -32,7 +32,7 @@ sub openldap_start($$$) {
$olpath = "$olroot/libexec:$olroot/sbin:";
}
$ENV{PATH} = "$olpath/usr/local/sbin:/usr/sbin:/sbin:$ENV{PATH}";
- system("slapd -d63 -f $slapd_conf -h $uri > $logs 2>&1 &");
+ system("slapd -d0 -f $slapd_conf -h $uri > $logs 2>&1 &");
$ENV{PATH} = $oldpath;
}
diff --git a/source4/dsdb/samdb/ldb_modules/anr.c b/source4/dsdb/samdb/ldb_modules/anr.c
index da23030..49e453f 100644
--- a/source4/dsdb/samdb/ldb_modules/anr.c
+++ b/source4/dsdb/samdb/ldb_modules/anr.c
@@ -289,7 +289,7 @@ static int anr_search_callback(struct ldb_request *req, struct ldb_reply *ares)
switch (ares->type) {
case LDB_REPLY_ENTRY:
- return ldb_module_send_entry(ac->req, ares->message);
+ return ldb_module_send_entry(ac->req, ares->message, ares->controls);
case LDB_REPLY_REFERRAL:
return ldb_module_send_referral(ac->req, ares->referral);
diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk
index 1387066..1c50923 100644
--- a/source4/dsdb/samdb/ldb_modules/config.mk
+++ b/source4/dsdb/samdb/ldb_modules/config.mk
@@ -171,15 +171,39 @@ INIT_FUNCTION = LDB_MODULE(kludge_acl)
ldb_kludge_acl_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/kludge_acl.o
################################################
-# Start MODULE ldb_extended_dn
-[MODULE::ldb_extended_dn]
+# Start MODULE ldb_extended_dn_in
+[MODULE::ldb_extended_dn_in]
SUBSYSTEM = LIBLDB
-PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS LIBNDR LIBSECURITY SAMDB
-INIT_FUNCTION = LDB_MODULE(extended_dn)
-# End MODULE ldb_extended_dn
+PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS
+INIT_FUNCTION = LDB_MODULE(extended_dn_in)
+# End MODULE ldb_extended_dn_in
################################################
-ldb_extended_dn_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/extended_dn.o
+ldb_extended_dn_in_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/extended_dn_in.o
+
+################################################
+# Start MODULE ldb_extended_dn_out
+[MODULE::ldb_extended_dn_out]
+SUBSYSTEM = LIBLDB
+PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS
+INIT_FUNCTION = LDB_MODULE(extended_dn_out_ldb),LDB_MODULE(extended_dn_out_dereference)
+ENABLE = YES
+ALIASES = extended_dn_out_ldb extended_dn_out_dereference
+# End MODULE ldb_extended_dn_out
+################################################
+
+ldb_extended_dn_out_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/extended_dn_out.o
+
+################################################
+# Start MODULE ldb_extended_dn_store
+[MODULE::ldb_extended_dn_store]
+SUBSYSTEM = LIBLDB
+PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS
+INIT_FUNCTION = LDB_MODULE(extended_dn_store)
+# End MODULE ldb_extended_dn_store
+################################################
+
+ldb_extended_dn_store_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/extended_dn_store.o
################################################
# Start MODULE ldb_show_deleted
@@ -288,18 +312,6 @@ SUBSYSTEM = LIBLDB
ldb_anr_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/anr.o
################################################
-# Start MODULE ldb_normalise
-[MODULE::ldb_normalise]
-INIT_FUNCTION = LDB_MODULE(normalise)
-CFLAGS = -Ilib/ldb/include
-PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS LIBSAMBA-UTIL SAMDB
-SUBSYSTEM = LIBLDB
-# End MODULE ldb_normalise
-################################################
-
-ldb_normalise_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/normalise.o
-
-################################################
# Start MODULE ldb_instancetype
[MODULE::ldb_instancetype]
INIT_FUNCTION = LDB_MODULE(instancetype)
diff --git a/source4/dsdb/samdb/ldb_modules/extended_dn.c b/source4/dsdb/samdb/ldb_modules/extended_dn.c
deleted file mode 100644
index a0602d9..0000000
--- a/source4/dsdb/samdb/ldb_modules/extended_dn.c
+++ /dev/null
@@ -1,666 +0,0 @@
-/*
- ldb database library
-
- Copyright (C) Simo Sorce 2005-2008
-
- ** NOTE! The following LGPL license applies to the ldb
- ** library. This does NOT imply that all of Samba is released
- ** under the LGPL
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 3 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this library; if not, see <http://www.gnu.org/licenses/>.
-*/
-
-/*
- * Name: ldb
- *
- * Component: ldb extended dn control module
- *
- * Description: this module builds a special dn
- *
- * Author: Simo Sorce
- */
-
-#include "includes.h"
-#include "ldb/include/ldb.h"
-#include "ldb/include/ldb_errors.h"
-#include "ldb/include/ldb_private.h"
-#include "librpc/gen_ndr/ndr_misc.h"
-#include "dsdb/samdb/samdb.h"
-#include "libcli/security/security.h"
-
-#include <time.h>
-
-static bool is_attr_in_list(const char * const * attrs, const char *attr)
-{
- int i;
-
- for (i = 0; attrs[i]; i++) {
- if (strcasecmp(attrs[i], attr) == 0)
- return true;
- }
-
- return false;
-}
-
-static char **copy_attrs(void *mem_ctx, const char * const * attrs)
-{
- char **new;
- int i, num;
-
- for (num = 0; attrs[num]; num++);
-
- new = talloc_array(mem_ctx, char *, num + 1);
- if (!new) return NULL;
-
- for(i = 0; i < num; i++) {
- new[i] = talloc_strdup(new, attrs[i]);
- if (!new[i]) {
- talloc_free(new);
- return NULL;
- }
- }
- new[i] = NULL;
-
- return new;
-}
-
-static bool add_attrs(void *mem_ctx, char ***attrs, const char *attr)
-{
- char **new;
- int num;
-
- for (num = 0; (*attrs)[num]; num++);
-
- new = talloc_realloc(mem_ctx, *attrs, char *, num + 2);
- if (!new) return false;
-
- *attrs = new;
-
- new[num] = talloc_strdup(new, attr);
- if (!new[num]) return false;
-
- new[num + 1] = NULL;
-
- return true;
-}
-
-static int inject_extended_dn(struct ldb_message *msg,
- struct ldb_context *ldb,
- int type,
- bool remove_guid,
- bool remove_sid)
-{
- const struct ldb_val *val;
- struct GUID guid;
- struct dom_sid *sid;
- const DATA_BLOB *guid_blob;
- const DATA_BLOB *sid_blob;
- char *object_guid;
- char *object_sid;
- char *new_dn;
-
- guid_blob = ldb_msg_find_ldb_val(msg, "objectGUID");
- sid_blob = ldb_msg_find_ldb_val(msg, "objectSID");
-
- if (!guid_blob) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- switch (type) {
- case 0:
- /* return things in hexadecimal format */
- if (sid_blob) {
- const char *lower_guid_hex = strlower_talloc(msg, data_blob_hex_string(msg, guid_blob));
- const char *lower_sid_hex = strlower_talloc(msg, data_blob_hex_string(msg, sid_blob));
- if (!lower_guid_hex || !lower_sid_hex) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
- new_dn = talloc_asprintf(msg, "<GUID=%s>;<SID=%s>;%s",
- lower_guid_hex,
- lower_sid_hex,
- ldb_dn_get_linearized(msg->dn));
- } else {
- const char *lower_guid_hex = strlower_talloc(msg, data_blob_hex_string(msg, guid_blob));
- if (!lower_guid_hex) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
- new_dn = talloc_asprintf(msg, "<GUID=%s>;%s",
- lower_guid_hex,
- ldb_dn_get_linearized(msg->dn));
- }
-
- break;
- case 1:
- /* retrieve object_guid */
- guid = samdb_result_guid(msg, "objectGUID");
- object_guid = GUID_string(msg, &guid);
-
- /* retrieve object_sid */
- object_sid = NULL;
- sid = samdb_result_dom_sid(msg, msg, "objectSID");
- if (sid) {
- object_sid = dom_sid_string(msg, sid);
- if (!object_sid)
- return LDB_ERR_OPERATIONS_ERROR;
-
- }
-
- /* Normal, sane format */
- if (object_sid) {
- new_dn = talloc_asprintf(msg, "<GUID=%s>;<SID=%s>;%s",
- object_guid, object_sid,
- ldb_dn_get_linearized(msg->dn));
- } else {
- new_dn = talloc_asprintf(msg, "<GUID=%s>;%s",
- object_guid,
- ldb_dn_get_linearized(msg->dn));
- }
- break;
- default:
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- if (!new_dn) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- if (remove_guid) {
- ldb_msg_remove_attr(msg, "objectGUID");
- }
-
- if (sid_blob && remove_sid) {
- ldb_msg_remove_attr(msg, "objectSID");
- }
-
- msg->dn = ldb_dn_new(msg, ldb, new_dn);
- if (! ldb_dn_validate(msg->dn))
- return LDB_ERR_OPERATIONS_ERROR;
-
- val = ldb_msg_find_ldb_val(msg, "distinguishedName");
- if (val) {
- ldb_msg_remove_attr(msg, "distinguishedName");
- if (ldb_msg_add_steal_string(msg, "distinguishedName", new_dn))
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- return LDB_SUCCESS;
-}
-
-/* search */
-struct extended_context {
-
- struct ldb_module *module;
- struct ldb_request *req;
- struct ldb_control *control;
- struct ldb_dn *basedn;
- char *wellknown_object;
- bool inject;
- bool remove_guid;
- bool remove_sid;
- int extended_type;
- const char * const *cast_attrs;
-};
-
-static int extended_callback(struct ldb_request *req, struct ldb_reply *ares)
-{
- struct extended_context *ac;
- int ret;
-
- ac = talloc_get_type(req->context, struct extended_context);
-
- if (!ares) {
- return ldb_module_done(ac->req, NULL, NULL,
- LDB_ERR_OPERATIONS_ERROR);
- }
- if (ares->error != LDB_SUCCESS) {
- return ldb_module_done(ac->req, ares->controls,
- ares->response, ares->error);
- }
-
- switch (ares->type) {
- case LDB_REPLY_ENTRY:
- if (ac->inject) {
- /* for each record returned post-process to add any derived
- attributes that have been asked for */
- ret = inject_extended_dn(ares->message, ac->module->ldb,
- ac->extended_type, ac->remove_guid,
- ac->remove_sid);
- if (ret != LDB_SUCCESS) {
- return ldb_module_done(ac->req, NULL, NULL, ret);
- }
- }
-
- return ldb_module_send_entry(ac->req, ares->message);
-
- case LDB_REPLY_REFERRAL:
- return ldb_module_send_referral(ac->req, ares->referral);
-
- case LDB_REPLY_DONE:
- return ldb_module_done(ac->req, ares->controls,
- ares->response, LDB_SUCCESS);
-
- }
- return LDB_SUCCESS;
-}
-
-static int extended_base_callback(struct ldb_request *req, struct ldb_reply *ares)
-{
- struct extended_context *ac;
- struct ldb_request *down_req;
- struct ldb_control **saved_controls;
- struct ldb_message_element *el;
- int ret;
- size_t i;
- size_t wkn_len = 0;
- char *valstr = NULL;
- const char *found = NULL;
-
- ac = talloc_get_type(req->context, struct extended_context);
-
- if (!ares) {
- return ldb_module_done(ac->req, NULL, NULL,
- LDB_ERR_OPERATIONS_ERROR);
- }
- if (ares->error != LDB_SUCCESS) {
- return ldb_module_done(ac->req, ares->controls,
- ares->response, ares->error);
- }
-
- switch (ares->type) {
- case LDB_REPLY_ENTRY:
- if (!ac->wellknown_object) {
- ac->basedn = ares->message->dn;
- break;
- }
-
- wkn_len = strlen(ac->wellknown_object);
-
- el = ldb_msg_find_element(ares->message, "wellKnownObjects");
- if (!el) {
- ac->basedn = NULL;
- break;
- }
-
- for (i=0; i < el->num_values; i++) {
- valstr = talloc_strndup(ac,
- (const char *)el->values[i].data,
- el->values[i].length);
- if (!valstr) {
- ldb_oom(ac->module->ldb);
- return ldb_module_done(ac->req, NULL, NULL,
- LDB_ERR_OPERATIONS_ERROR);
- }
-
- if (strncasecmp(valstr, ac->wellknown_object, wkn_len) != 0) {
- talloc_free(valstr);
- continue;
- }
-
- found = &valstr[wkn_len];
- break;
- }
-
- if (!found) {
- break;
- }
-
- ac->basedn = ldb_dn_new(ac, ac->module->ldb, found);
- talloc_free(valstr);
- if (!ac->basedn) {
- ldb_oom(ac->module->ldb);
- return ldb_module_done(ac->req, NULL, NULL,
- LDB_ERR_OPERATIONS_ERROR);
- }
-
- break;
-
- case LDB_REPLY_REFERRAL:
- break;
-
- case LDB_REPLY_DONE:
-
- if (!ac->basedn) {
- const char *str = talloc_asprintf(req, "Base-DN '%s' not found",
- ldb_dn_get_linearized(ac->req->op.search.base));
- ldb_set_errstring(ac->module->ldb, str);
- return ldb_module_done(ac->req, NULL, NULL,
- LDB_ERR_NO_SUCH_OBJECT);
- }
-
- ret = ldb_build_search_req_ex(&down_req,
- ac->module->ldb, ac,
- ac->basedn,
- ac->req->op.search.scope,
- ac->req->op.search.tree,
- ac->cast_attrs,
- ac->req->controls,
- ac, extended_callback,
- ac->req);
- if (ret != LDB_SUCCESS) {
- return ldb_module_done(ac->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR);
- }
-
- if (ac->control) {
- /* save it locally and remove it from the list */
- /* we do not need to replace them later as we
- * are keeping the original req intact */
- if (!save_controls(ac->control, down_req, &saved_controls)) {
- return ldb_module_done(ac->req, NULL, NULL,
- LDB_ERR_OPERATIONS_ERROR);
- }
- }
-
- /* perform the search */
- return ldb_next_request(ac->module, down_req);
- }
- return LDB_SUCCESS;
-}
-
-static int extended_search(struct ldb_module *module, struct ldb_request *req)
-{
- struct ldb_control *control;
- struct ldb_extended_dn_control *extended_ctrl = NULL;
- struct ldb_control **saved_controls;
- struct extended_context *ac;
- struct ldb_request *down_req;
- char **new_attrs;
- int ret;
- struct ldb_dn *base_dn = NULL;
- enum ldb_scope base_dn_scope = LDB_SCOPE_BASE;
- const char *base_dn_filter = NULL;
- const char * const *base_dn_attrs = NULL;
- char *wellknown_object = NULL;
- static const char *dnattr[] = {
- "distinguishedName",
- NULL
- };
- static const char *wkattr[] = {
- "wellKnownObjects",
- NULL
- };
-
- if (ldb_dn_is_special(req->op.search.base)) {
- char *dn;
-
- dn = ldb_dn_alloc_linearized(req, req->op.search.base);
- if (!dn) {
- ldb_oom(module->ldb);
- return LDB_ERR_OPERATIONS_ERROR;
--
Samba Shared Repository
More information about the samba-cvs
mailing list