[SCM] Samba Shared Repository - branch master updated
Andrew Tridgell
tridge at samba.org
Mon Dec 14 04:30:31 MST 2009
The branch, master has been updated
via 9260396... s4-dsdb: added REVEAL_INTERNALS flag to dsdb_module_search_handle_flags()
via 7f6b524... s4-devel: support vampire_ad.sh with no initial smb.conf
via b11b227... s4-loadparm: call reload_charcnv() also for a missing smb.conf
via 7f16da7... s4-dsdb: return a zero guid on error in samdb_result_guid()
via bb00941... heimdal: work around differences between GNU and XSI strerror_r()
via 665e57f... s4-dsdb: use the reveal control to hide/show extended DN components
via e3c2309... s4-ldb: added new ldb_dn extended components for linked attributes
via 0d76df9... s4-ldb: added a function to filter extended components of a ldb_dn
via 725e25a... s4-ldb: added a new "reveal" control
via 56b90ac... s4-ldb: sort the linearized extended DN by component name
from a3b7e84... librpc/ndr: avoid comparison_fn_t to fix the openchange build on solaris
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 9260396bbc9651ca44c6348c5fe1e6ccc464ab13
Author: Andrew Tridgell <tridge at samba.org>
Date: Mon Dec 14 21:53:40 2009 +1100
s4-dsdb: added REVEAL_INTERNALS flag to dsdb_module_search_handle_flags()
commit 7f6b524bf6e1a5eeed3df48b791db43cf4052608
Author: Andrew Tridgell <tridge at samba.org>
Date: Mon Dec 14 18:02:15 2009 +1100
s4-devel: support vampire_ad.sh with no initial smb.conf
commit b11b22752a9a0d2e88e4857c0e211298d2a7b8a3
Author: Andrew Tridgell <tridge at samba.org>
Date: Mon Dec 14 17:54:04 2009 +1100
s4-loadparm: call reload_charcnv() also for a missing smb.conf
bin/net vampire with a missing smb.conf would segfault as the iconv
convenience pointer had not been setup.
commit 7f16da7473c5daa37f07ea20491f0a96debff03a
Author: Andrew Tridgell <tridge at samba.org>
Date: Fri Dec 11 17:33:32 2009 +1100
s4-dsdb: return a zero guid on error in samdb_result_guid()
commit bb009412d31aaae01575814791ec806ee2117e2f
Author: Andrew Tridgell <tridge at samba.org>
Date: Fri Dec 11 14:39:33 2009 +1100
heimdal: work around differences between GNU and XSI strerror_r()
This is a fairly ugly workaround, but then again, strerror_r() is a
very ugly mess.
commit 665e57f956b23501fc73ac0b099dc3cdcfc1740b
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Dec 10 23:46:34 2009 +1100
s4-dsdb: use the reveal control to hide/show extended DN components
When reveal is set, then we show deleted linked attributes and all
linkked attribute components. When not set we show a normal extended
DN.
commit e3c2309dcd59e157e9642736182e71fcebc86b38
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Dec 10 23:45:16 2009 +1100
s4-ldb: added new ldb_dn extended components for linked attributes
These will store linked attribute replication meta data
commit 0d76df995332b468b26dbb5807ad0317e55ad288
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Dec 10 23:44:44 2009 +1100
s4-ldb: added a function to filter extended components of a ldb_dn
We need to be able to filter out components that should not be exposed
to users
commit 725e25a20604c7032a14bcc8e3c33625e802757a
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Dec 10 23:44:05 2009 +1100
s4-ldb: added a new "reveal" control
This control will allow inspection of internal ldb values, which would
normally be stripped before being presented to users. The first use
will be stripping linked attribute meta data extended components.
commit 56b90acbf6ada4c9e2565770918673419b708479
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Dec 10 22:45:36 2009 +1100
s4-ldb: sort the linearized extended DN by component name
This will make life easier when handling deleted linked attributes
-----------------------------------------------------------------------
Summary of changes:
source4/dsdb/common/util.c | 2 +-
source4/dsdb/samdb/ldb_modules/extended_dn_out.c | 45 +++++++++++++++++++++-
source4/dsdb/samdb/ldb_modules/util.c | 7 +++
source4/dsdb/samdb/ldb_modules/util.h | 1 +
source4/heimdal/lib/krb5/fcache.c | 12 +++++-
source4/lib/ldb-samba/ldif_handlers.c | 30 ++++++++++++++
source4/lib/ldb/common/ldb_controls.c | 27 +++++++++++++
source4/lib/ldb/common/ldb_dn.c | 30 ++++++++++++++
source4/lib/ldb/include/ldb.h | 10 ++++-
source4/lib/ldb/tools/cmdline.c | 7 +++
source4/param/loadparm.c | 4 ++
source4/scripting/devel/drs/vampire_ad.sh | 5 ++-
12 files changed, 174 insertions(+), 6 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index 3aa415e..5b8365a 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -400,7 +400,7 @@ struct GUID samdb_result_guid(const struct ldb_message *msg, const char *attr)
NTSTATUS status;
v = ldb_msg_find_ldb_val(msg, attr);
- if (!v) return guid;
+ if (!v) return GUID_zero();
status = GUID_from_ndr_blob(v, &guid);
if (!NT_STATUS_IS_OK(status)) {
diff --git a/source4/dsdb/samdb/ldb_modules/extended_dn_out.c b/source4/dsdb/samdb/ldb_modules/extended_dn_out.c
index 55dd693..987a3b3 100644
--- a/source4/dsdb/samdb/ldb_modules/extended_dn_out.c
+++ b/source4/dsdb/samdb/ldb_modules/extended_dn_out.c
@@ -322,6 +322,8 @@ static int extended_callback(struct ldb_request *req, struct ldb_reply *ares,
struct ldb_message *msg = ares->message;
struct extended_dn_out_private *p;
struct ldb_context *ldb;
+ bool have_reveal_control, checked_reveal_control=false;
+
ac = talloc_get_type(req->context, struct extended_search_context);
p = talloc_get_type(ldb_module_get_private(ac->module), struct extended_dn_out_private);
ldb = ldb_module_get_ctx(ac->module);
@@ -433,7 +435,7 @@ static int extended_callback(struct ldb_request *req, struct ldb_reply *ares,
struct dsdb_dn *dsdb_dn = NULL;
struct ldb_val *plain_dn = &msg->elements[i].values[j];
dsdb_dn = dsdb_dn_parse(msg, ldb, plain_dn, attribute->syntax->ldap_oid);
-
+
if (!dsdb_dn || !ldb_dn_validate(dsdb_dn->dn)) {
ldb_asprintf_errstring(ldb,
"could not parse %.*s in %s on %s as a %s DN",
@@ -445,6 +447,38 @@ static int extended_callback(struct ldb_request *req, struct ldb_reply *ares,
}
dn = dsdb_dn->dn;
+ if (!checked_reveal_control) {
+ have_reveal_control =
+ ldb_request_get_control(req, LDB_CONTROL_REVEAL_INTERNALS) != NULL;
+ checked_reveal_control = true;
+ }
+
+ /* this is a fast method for detecting deleted
+ linked attributes. It relies on the
+ linearization of extended DNs sorting by name,
+ and "DELETED" being the first name */
+ if (plain_dn->length >= 12 &&
+ strncmp((const char *)plain_dn->data, "<DELETED=1>;", 12) == 0) {
+ if (!have_reveal_control) {
+ /* it's a deleted linked
+ * attribute, and we don't
+ * have the reveal control */
+ memmove(&msg->elements[i].values[j],
+ &msg->elements[i].values[j+1],
+ (msg->elements[i].num_values-(j+1))*sizeof(struct ldb_val));
+ msg->elements[i].num_values--;
+ j--;
+ continue;
+ }
+ }
+
+ /* don't let users see the internal extended
+ GUID components */
+ if (!have_reveal_control) {
+ const char *accept[] = { "GUID", "SID", "WKGUID", NULL };
+ ldb_dn_extended_filter(dn, accept);
+ }
+
if (p->normalise) {
ret = fix_dn(dn);
if (ret != LDB_SUCCESS) {
@@ -488,6 +522,15 @@ static int extended_callback(struct ldb_request *req, struct ldb_reply *ares,
msg->elements[i].values[j] = data_blob_string_const(dn_str);
talloc_free(dsdb_dn);
}
+ if (msg->elements[i].num_values == 0) {
+ /* we've deleted all of the values from this
+ * element - remove the element */
+ memmove(&msg->elements[i],
+ &msg->elements[i+1],
+ (msg->num_elements-(i+1))*sizeof(struct ldb_message_element));
+ msg->num_elements--;
+ i--;
+ }
}
return ldb_module_send_entry(ac->req, msg, ares->controls);
}
diff --git a/source4/dsdb/samdb/ldb_modules/util.c b/source4/dsdb/samdb/ldb_modules/util.c
index b0f22de..fe6ddfa 100644
--- a/source4/dsdb/samdb/ldb_modules/util.c
+++ b/source4/dsdb/samdb/ldb_modules/util.c
@@ -74,6 +74,13 @@ int dsdb_module_search_handle_flags(struct ldb_module *module, struct ldb_reques
}
}
+ if (dsdb_flags & DSDB_SEARCH_REVEAL_INTERNALS) {
+ ret = ldb_request_add_control(req, LDB_CONTROL_REVEAL_INTERNALS, false, NULL);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+ }
+
return LDB_SUCCESS;
}
diff --git a/source4/dsdb/samdb/ldb_modules/util.h b/source4/dsdb/samdb/ldb_modules/util.h
index b612c64..56db27d 100644
--- a/source4/dsdb/samdb/ldb_modules/util.h
+++ b/source4/dsdb/samdb/ldb_modules/util.h
@@ -24,4 +24,5 @@
#define DSDB_SEARCH_SEARCH_ALL_PARTITIONS 0x0001
#define DSDB_SEARCH_SHOW_DELETED 0x0002
#define DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT 0x0004
+#define DSDB_SEARCH_REVEAL_INTERNALS 0x0008
#define DSDB_SEARCH_SHOW_EXTENDED_DN 0x0010
diff --git a/source4/heimdal/lib/krb5/fcache.c b/source4/heimdal/lib/krb5/fcache.c
index cda15e4..bec37b2 100644
--- a/source4/heimdal/lib/krb5/fcache.c
+++ b/source4/heimdal/lib/krb5/fcache.c
@@ -374,10 +374,18 @@ fcc_open(krb5_context context,
fd = open(filename, flags, mode);
if(fd < 0) {
char buf[128];
+ char *estr;
ret = errno;
- strerror_r(ret, buf, sizeof(buf));
+ buf[0] = 0;
+ estr = (char *)strerror_r(ret, buf, sizeof(buf));
+ if (buf[0] != 0) {
+ /* we've got the BSD/XSI strerror_r, and it use the
+ * buffer. Otherwise we have the GNU strerror_r, and
+ * it used a static string. Ain't standards great? */
+ estr = buf;
+ }
krb5_set_error_message(context, ret, N_("open(%s): %s", "file, error"),
- filename, buf);
+ filename, estr);
return ret;
}
rk_cloexec(fd);
diff --git a/source4/lib/ldb-samba/ldif_handlers.c b/source4/lib/ldb-samba/ldif_handlers.c
index 27aa749..6d54d1e 100644
--- a/source4/lib/ldb-samba/ldif_handlers.c
+++ b/source4/lib/ldb-samba/ldif_handlers.c
@@ -840,6 +840,36 @@ static const struct ldb_dn_extended_syntax samba_dn_syntax[] = {
.read_fn = ldb_handler_copy,
.write_clear_fn = ldb_handler_copy,
.write_hex_fn = ldb_handler_copy
+ },{
+ .name = "RMD_INVOCID",
+ .read_fn = extended_dn_read_GUID,
+ .write_clear_fn = ldif_write_objectGUID,
+ .write_hex_fn = extended_dn_write_hex
+ },{
+ .name = "DELETED",
+ .read_fn = ldb_handler_copy,
+ .write_clear_fn = ldb_handler_copy,
+ .write_hex_fn = ldb_handler_copy
+ },{
+ .name = "RMD_ADDTIME",
+ .read_fn = ldb_handler_copy,
+ .write_clear_fn = ldb_handler_copy,
+ .write_hex_fn = ldb_handler_copy
+ },{
+ .name = "RMD_CHANGETIME",
+ .read_fn = ldb_handler_copy,
+ .write_clear_fn = ldb_handler_copy,
+ .write_hex_fn = ldb_handler_copy
+ },{
+ .name = "RMD_USN",
+ .read_fn = ldb_handler_copy,
+ .write_clear_fn = ldb_handler_copy,
+ .write_hex_fn = ldb_handler_copy
+ },{
+ .name = "RMD_VERSION",
+ .read_fn = ldb_handler_copy,
+ .write_clear_fn = ldb_handler_copy,
+ .write_hex_fn = ldb_handler_copy
}
};
diff --git a/source4/lib/ldb/common/ldb_controls.c b/source4/lib/ldb/common/ldb_controls.c
index f2ab61b..8da43ab 100644
--- a/source4/lib/ldb/common/ldb_controls.c
+++ b/source4/lib/ldb/common/ldb_controls.c
@@ -775,6 +775,33 @@ struct ldb_control **ldb_parse_control_strings(struct ldb_context *ldb, void *me
continue;
}
+ if (strncmp(control_strings[i], "reveal_internals:", 17) == 0) {
+ const char *p;
+ int crit, ret;
+
+ p = &(control_strings[i][17]);
+ ret = sscanf(p, "%d", &crit);
+ if ((ret != 1) || (crit < 0) || (crit > 1)) {
+ error_string = talloc_asprintf(mem_ctx, "invalid reveal_internals control syntax\n");
+ error_string = talloc_asprintf_append(error_string, " syntax: crit(b)\n");
+ error_string = talloc_asprintf_append(error_string, " note: b = boolean");
+ ldb_set_errstring(ldb, error_string);
+ talloc_free(error_string);
+ return NULL;
+ }
+
+ ctrl[i] = talloc(ctrl, struct ldb_control);
+ if (!ctrl[i]) {
+ ldb_oom(ldb);
+ return NULL;
+ }
+ ctrl[i]->oid = LDB_CONTROL_REVEAL_INTERNALS;
+ ctrl[i]->critical = crit;
+ ctrl[i]->data = NULL;
+
+ continue;
+ }
+
/* no controls matched, throw an error */
ldb_asprintf_errstring(ldb, "Invalid control name: '%s'", control_strings[i]);
return NULL;
diff --git a/source4/lib/ldb/common/ldb_dn.c b/source4/lib/ldb/common/ldb_dn.c
index 59a6dc0..f11ccf3 100644
--- a/source4/lib/ldb/common/ldb_dn.c
+++ b/source4/lib/ldb/common/ldb_dn.c
@@ -789,6 +789,13 @@ const char *ldb_dn_get_linearized(struct ldb_dn *dn)
return dn->linearized;
}
+static int ldb_dn_extended_component_compare(const void *p1, const void *p2)
+{
+ const struct ldb_dn_ext_component *ec1 = (const struct ldb_dn_ext_component *)p1;
+ const struct ldb_dn_ext_component *ec2 = (const struct ldb_dn_ext_component *)p2;
+ return strcmp(ec1->name, ec2->name);
+}
+
char *ldb_dn_get_extended_linearized(void *mem_ctx, struct ldb_dn *dn, int mode)
{
const char *linearized = ldb_dn_get_linearized(dn);
@@ -807,6 +814,13 @@ char *ldb_dn_get_extended_linearized(void *mem_ctx, struct ldb_dn *dn, int mode)
return NULL;
}
+ /* sort the extended components by name. The idea is to make
+ * the resulting DNs consistent, plus to ensure that we put
+ * 'DELETED' first, so it can be very quickly recognised
+ */
+ qsort(dn->ext_components, dn->ext_comp_num, sizeof(dn->ext_components[0]),
+ ldb_dn_extended_component_compare);
+
for (i = 0; i < dn->ext_comp_num; i++) {
const struct ldb_dn_extended_syntax *ext_syntax;
const char *name = dn->ext_components[i].name;
@@ -859,6 +873,22 @@ char *ldb_dn_get_extended_linearized(void *mem_ctx, struct ldb_dn *dn, int mode)
return p;
}
+/*
+ filter out all but an acceptable list of extended DN components
+ */
+void ldb_dn_extended_filter(struct ldb_dn *dn, const char * const *accept)
+{
+ int i;
+ for (i=0; i<dn->ext_comp_num; i++) {
+ if (!ldb_attr_in_list(accept, dn->ext_components[i].name)) {
+ memmove(&dn->ext_components[i],
+ &dn->ext_components[i+1],
+ (dn->ext_comp_num-(i+1))*sizeof(dn->ext_components[0]));
+ dn->ext_comp_num--;
+ i--;
+ }
+ }
+}
char *ldb_dn_alloc_linearized(void *mem_ctx, struct ldb_dn *dn)
diff --git a/source4/lib/ldb/include/ldb.h b/source4/lib/ldb/include/ldb.h
index 88ac29d..2b80e42 100644
--- a/source4/lib/ldb/include/ldb.h
+++ b/source4/lib/ldb/include/ldb.h
@@ -470,6 +470,14 @@ typedef int (*ldb_qsort_cmp_fn_t) (void *v1, void *v2, void *opaque);
*/
#define LDB_CONTROL_RECALCULATE_SD_OID "1.3.6.1.4.1.7165.4.3.5"
+
+/**
+ REVEAL_INTERNALS is used to reveal internal attributes and DN
+ components which are not normally shown to the user
+*/
+#define LDB_CONTROL_REVEAL_INTERNALS "1.3.6.1.4.1.7165.4.3.6"
+
+
/**
OID for the paged results control. This control is included in the
searchRequest and searchResultDone messages as part of the controls
@@ -1617,7 +1625,7 @@ char *ldb_dn_alloc_linearized(TALLOC_CTX *mem_ctx, struct ldb_dn *dn);
char *ldb_dn_get_extended_linearized(void *mem_ctx, struct ldb_dn *dn, int mode);
const struct ldb_val *ldb_dn_get_extended_component(struct ldb_dn *dn, const char *name);
int ldb_dn_set_extended_component(struct ldb_dn *dn, const char *name, const struct ldb_val *val);
-
+void ldb_dn_extended_filter(struct ldb_dn *dn, const char * const *accept);
void ldb_dn_remove_extended_components(struct ldb_dn *dn);
bool ldb_dn_has_extended(struct ldb_dn *dn);
diff --git a/source4/lib/ldb/tools/cmdline.c b/source4/lib/ldb/tools/cmdline.c
index e27ca5b..5204215 100644
--- a/source4/lib/ldb/tools/cmdline.c
+++ b/source4/lib/ldb/tools/cmdline.c
@@ -61,6 +61,7 @@ static struct poptOption popt_options[] = {
{ "paged", 0, POPT_ARG_NONE, NULL, 'P', "use a paged search", NULL },
{ "show-deleted", 0, POPT_ARG_NONE, NULL, 'D', "show deleted objects", NULL },
{ "show-recycled", 0, POPT_ARG_NONE, NULL, 'R', "show recycled objects", NULL },
+ { "reveal", 0, POPT_ARG_NONE, NULL, 'r', "reveal ldb internals", NULL },
{ "cross-ncs", 0, POPT_ARG_NONE, NULL, 'N', "search across NC boundaries", NULL },
{ "extended-dn", 0, POPT_ARG_NONE, NULL, 'E', "show extended DNs", NULL },
#if (_SAMBA_BUILD_ >= 4)
@@ -225,6 +226,12 @@ struct ldb_cmdline *ldb_cmdline_process(struct ldb_context *ldb,
goto failed;
}
break;
+ case 'r':
+ if (!add_control(ret, "reveal_internals:0")) {
+ fprintf(stderr, __location__ ": out of memory\n");
+ goto failed;
+ }
+ break;
case 'N':
if (!add_control(ret, "search_options:1:2")) {
fprintf(stderr, __location__ ": out of memory\n");
diff --git a/source4/param/loadparm.c b/source4/param/loadparm.c
index d65c3f9..f31d216 100644
--- a/source4/param/loadparm.c
+++ b/source4/param/loadparm.c
@@ -2552,6 +2552,10 @@ bool lp_load(struct loadparm_context *lp_ctx, const char *filename)
bRetval = bRetval && lp_update(lp_ctx);
+ /* we do this unconditionally, so that it happens even
+ for a missing smb.conf */
+ reload_charcnv(lp_ctx);
+
return bRetval;
}
diff --git a/source4/scripting/devel/drs/vampire_ad.sh b/source4/scripting/devel/drs/vampire_ad.sh
index baba02d..c40ca64 100755
--- a/source4/scripting/devel/drs/vampire_ad.sh
+++ b/source4/scripting/devel/drs/vampire_ad.sh
@@ -12,6 +12,9 @@ chmod a+r $namedtmp
mv -f $namedtmp $PREFIX/private/named.conf
sudo rndc reconfig
`dirname $0`/unvampire_ad.sh
-sudo bin/net vampire $DNSDOMAIN -Uadministrator%$pass -s $PREFIX/etc/smb.conf -d2 || exit 1
+
+REALM="$(echo $DNSDOMAIN | tr '[a-z]' '[A-Z]')"
+
+sudo bin/net vampire $DNSDOMAIN -Uadministrator%$pass -s $PREFIX/etc/smb.conf --option=realm=$REALM --option="ads:dc function level=4" --option="ads:min function level=0" -d2 || exit 1
PRIVATEDIR=$PREFIX/private sudo -E scripting/bin/setup_dns.sh $machine $DNSDOMAIN $machine_ip || exit 1
sudo rndc flush
--
Samba Shared Repository
More information about the samba-cvs
mailing list