[SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-929-ge218a52
Matthias Dieter Wallnöfer
mdw at samba.org
Fri Oct 2 13:30:04 MDT 2009
The branch, master has been updated
via e218a529e0affd22118ab8f541474e600be5769a (commit)
via b45f56d4ba103f5ef04084285466f7e52d3de959 (commit)
via 767fce6fccf484b547219abd5e6abc941eacaf92 (commit)
from 1cebf2dad1ddd42be9284aa38888c99847fec3b5 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit e218a529e0affd22118ab8f541474e600be5769a
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date: Fri Oct 2 21:26:35 2009 +0200
s4:ldap.py - add a very special rename test (with invalid - empty RDN)
commit b45f56d4ba103f5ef04084285466f7e52d3de959
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date: Fri Oct 2 21:26:12 2009 +0200
s4:ldb_ildap - Don't segfault on a empty RDN
commit 767fce6fccf484b547219abd5e6abc941eacaf92
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date: Fri Oct 2 21:23:23 2009 +0200
s4:LDB/LDAP - Re-allow renames
The main problem is that the "rdn_name" module launches on a rename request also
a modification one with the "special attributes" which can't be changed directly.
An introduced flag helps to bypass the restriction.
-----------------------------------------------------------------------
Summary of changes:
source4/ldap_server/ldap_backend.c | 2 +-
source4/lib/ldb/ldb_ildap/ldb_ildap.c | 16 +++++++--
source4/lib/ldb/modules/rdn_name.c | 52 +++++++++++++++++++++++++++++----
source4/lib/ldb/tests/python/ldap.py | 32 ++++++++++++++------
4 files changed, 82 insertions(+), 20 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index 7bbc679..5f9b822 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -750,7 +750,7 @@ static NTSTATUS ldapsrv_ModifyDNRequest(struct ldapsrv_call *call)
DEBUG(10, ("ModifyDNRequest: olddn: [%s]\n", req->dn));
DEBUG(10, ("ModifyDNRequest: newrdn: [%s]\n", req->newrdn));
- if (ldb_dn_get_comp_num(req->newrdn) != 1) {
+ if (ldb_dn_get_comp_num(newrdn) != 1) {
result = LDAP_INVALID_DN_SYNTAX;
map_ldb_error(local_ctx, LDB_ERR_INVALID_DN_SYNTAX, &errstr);
goto reply;
diff --git a/source4/lib/ldb/ldb_ildap/ldb_ildap.c b/source4/lib/ldb/ldb_ildap/ldb_ildap.c
index ffde048..352b769 100644
--- a/source4/lib/ldb/ldb_ildap/ldb_ildap.c
+++ b/source4/lib/ldb/ldb_ildap/ldb_ildap.c
@@ -591,6 +591,8 @@ static int ildb_rename(struct ildb_context *ac)
{
struct ldb_request *req = ac->req;
struct ldap_message *msg;
+ const char *rdn_name;
+ const struct ldb_val *rdn_val;
msg = new_ldap_message(req);
if (msg == NULL) {
@@ -604,10 +606,16 @@ static int ildb_rename(struct ildb_context *ac)
return LDB_ERR_INVALID_DN_SYNTAX;
}
- msg->r.ModifyDNRequest.newrdn =
- talloc_asprintf(msg, "%s=%s",
- ldb_dn_get_rdn_name(req->op.rename.newdn),
- ldb_dn_escape_value(msg, *ldb_dn_get_rdn_val(req->op.rename.newdn)));
+ rdn_name = ldb_dn_get_rdn_name(req->op.rename.newdn);
+ rdn_val = ldb_dn_get_rdn_val(req->op.rename.newdn);
+
+ if ((rdn_name != NULL) && (rdn_val != NULL)) {
+ msg->r.ModifyDNRequest.newrdn =
+ talloc_asprintf(msg, "%s=%s", rdn_name,
+ ldb_dn_escape_value(msg, *rdn_val));
+ } else {
+ msg->r.ModifyDNRequest.newrdn = talloc_strdup(msg, "");
+ }
if (msg->r.ModifyDNRequest.newrdn == NULL) {
talloc_free(msg);
return LDB_ERR_OPERATIONS_ERROR;
diff --git a/source4/lib/ldb/modules/rdn_name.c b/source4/lib/ldb/modules/rdn_name.c
index 5269a6a..888f355 100644
--- a/source4/lib/ldb/modules/rdn_name.c
+++ b/source4/lib/ldb/modules/rdn_name.c
@@ -3,6 +3,7 @@
Copyright (C) Andrew Bartlett 2005-2009
Copyright (C) Simo Sorce 2006-2008
+ Copyright (C) Matthias Dieter Wallnöfer 2009
** NOTE! The following LGPL license applies to the ldb
** library. This does NOT imply that all of Samba is released
@@ -39,14 +40,33 @@
#include "ldb_includes.h"
#include "ldb_module.h"
-struct rename_context {
+struct rdn_name_private {
+ /* rename operation? */
+ bool rename;
+};
+struct rename_context {
struct ldb_module *module;
struct ldb_request *req;
struct ldb_reply *ares;
};
+static int rdn_name_init(struct ldb_module *module)
+{
+ struct rdn_name_private *rdn_name_private;
+ struct ldb_context *ldb = ldb_module_get_ctx(module);
+
+ rdn_name_private = talloc_zero(module, struct rdn_name_private);
+ if (rdn_name_private == NULL) {
+ ldb_oom(ldb);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+ ldb_module_set_private(module, rdn_name_private);
+
+ return ldb_next_init(module);
+}
+
static struct ldb_message_element *rdn_name_find_attribute(const struct ldb_message *msg, const char *name)
{
int i;
@@ -115,6 +135,7 @@ static int rdn_name_add(struct ldb_module *module, struct ldb_request *req)
msg = ldb_msg_copy_shallow(req, req->op.add.message);
if (msg == NULL) {
+ talloc_free(ac);
return LDB_ERR_OPERATIONS_ERROR;
}
@@ -179,6 +200,7 @@ static int rdn_name_add(struct ldb_module *module, struct ldb_request *req)
ac, rdn_name_add_callback,
req);
if (ret != LDB_SUCCESS) {
+ talloc_free(ac);
return ret;
}
@@ -190,9 +212,15 @@ static int rdn_name_add(struct ldb_module *module, struct ldb_request *req)
static int rdn_modify_callback(struct ldb_request *req, struct ldb_reply *ares)
{
+ struct rdn_name_private *rdn_name_private;
struct rename_context *ac;
ac = talloc_get_type(req->context, struct rename_context);
+ rdn_name_private = talloc_get_type(ldb_module_get_private(ac->module),
+ struct rdn_name_private);
+
+ /* our rename is finished */
+ rdn_name_private->rename = false;
if (!ares) {
return ldb_module_done(ac->req, NULL, NULL,
@@ -216,8 +244,9 @@ static int rdn_modify_callback(struct ldb_request *req, struct ldb_reply *ares)
static int rdn_rename_callback(struct ldb_request *req, struct ldb_reply *ares)
{
- struct ldb_context *ldb;
+ struct rdn_name_private *rdn_name_private;
struct rename_context *ac;
+ struct ldb_context *ldb;
struct ldb_request *mod_req;
const char *rdn_name;
struct ldb_val rdn_val;
@@ -226,6 +255,8 @@ static int rdn_rename_callback(struct ldb_request *req, struct ldb_reply *ares)
ac = talloc_get_type(req->context, struct rename_context);
ldb = ldb_module_get_ctx(ac->module);
+ rdn_name_private = talloc_get_type(ldb_module_get_private(ac->module),
+ struct rdn_name_private);
if (!ares) {
goto error;
@@ -271,6 +302,9 @@ static int rdn_rename_callback(struct ldb_request *req, struct ldb_reply *ares)
goto error;
}
+ /* we do a rename */
+ rdn_name_private->rename = true;
+
ret = ldb_build_mod_req(&mod_req, ldb,
ac, msg, NULL,
ac, rdn_modify_callback,
@@ -322,7 +356,8 @@ static int rdn_name_rename(struct ldb_module *module, struct ldb_request *req)
req);
if (ret != LDB_SUCCESS) {
- return LDB_ERR_OPERATIONS_ERROR;
+ talloc_free(ac);
+ return ret;
}
/* rename first, modify "name" if rename is ok */
@@ -331,6 +366,8 @@ static int rdn_name_rename(struct ldb_module *module, struct ldb_request *req)
static int rdn_name_modify(struct ldb_module *module, struct ldb_request *req)
{
+ struct rdn_name_private *rdn_name_private =
+ talloc_get_type(ldb_module_get_private(module), struct rdn_name_private);
struct ldb_context *ldb;
ldb = ldb_module_get_ctx(module);
@@ -341,13 +378,15 @@ static int rdn_name_modify(struct ldb_module *module, struct ldb_request *req)
return ldb_next_request(module, req);
}
- if (ldb_msg_find_element(req->op.mod.message, "name")) {
+ if ((!rdn_name_private->rename)
+ && ldb_msg_find_element(req->op.mod.message, "name")) {
ldb_asprintf_errstring(ldb, "Modify of 'name' on %s not permitted, must use 'rename' operation instead",
ldb_dn_get_linearized(req->op.mod.message->dn));
return LDB_ERR_NOT_ALLOWED_ON_RDN;
}
- if (ldb_msg_find_element(req->op.mod.message, ldb_dn_get_rdn_name(req->op.mod.message->dn))) {
+ if ((!rdn_name_private->rename)
+ && ldb_msg_find_element(req->op.mod.message, ldb_dn_get_rdn_name(req->op.mod.message->dn))) {
ldb_asprintf_errstring(ldb, "Modify of RDN '%s' on %s not permitted, must use 'rename' operation instead",
ldb_dn_get_rdn_name(req->op.mod.message->dn), ldb_dn_get_linearized(req->op.mod.message->dn));
return LDB_ERR_NOT_ALLOWED_ON_RDN;
@@ -359,7 +398,8 @@ static int rdn_name_modify(struct ldb_module *module, struct ldb_request *req)
const struct ldb_module_ops ldb_rdn_name_module_ops = {
.name = "rdn_name",
+ .init_context = rdn_name_init,
.add = rdn_name_add,
.modify = rdn_name_modify,
- .rename = rdn_name_rename,
+ .rename = rdn_name_rename
};
diff --git a/source4/lib/ldb/tests/python/ldap.py b/source4/lib/ldb/tests/python/ldap.py
index bc90d3d..c4ebb7e 100755
--- a/source4/lib/ldb/tests/python/ldap.py
+++ b/source4/lib/ldb/tests/python/ldap.py
@@ -145,7 +145,7 @@ class BasicTests(unittest.TestCase):
except LdbError, (num, _):
self.assertEquals(num, ERR_NO_SUCH_ATTRIBUTE)
- ldb.delete("cn=ldaptestgroup,cn=users," + self.base_dn)
+ self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
def test_distinguished_name(self):
"""Tests the 'distinguishedName' attribute"""
@@ -167,7 +167,7 @@ class BasicTests(unittest.TestCase):
except LdbError, (num, _):
self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
- ldb.delete("cn=ldaptestgroup,cn=users," + self.base_dn)
+ self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
def test_rdn_name(self):
"""Tests the RDN"""
@@ -199,7 +199,26 @@ class BasicTests(unittest.TestCase):
except LdbError, (num, _):
self.assertEquals(num, ERR_NOT_ALLOWED_ON_RDN)
- ldb.delete("cn=ldaptestgroup,cn=users," + self.base_dn)
+ self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+
+ def test_rename(self):
+ """Tests the rename operation"""
+ print "Tests the rename operations"""
+
+ self.ldb.add({
+ "dn": "cn=ldaptestuser2,cn=users," + self.base_dn,
+ "objectclass": ["user", "person"] })
+
+ ldb.rename("cn=ldaptestuser2,cn=users," + self.base_dn, "cn=ldaptestuser2,cn=users," + self.base_dn)
+ ldb.rename("cn=ldaptestuser2,cn=users," + self.base_dn, "cn=ldaptestuser3,cn=users," + self.base_dn)
+ ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, "cn=ldaptestUSER3,cn=users," + self.base_dn)
+ try:
+ ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, ",cn=users," + self.base_dn)
+ self.fail()
+ except LdbError, (num, _):
+ self.assertEquals(num, ERR_INVALID_DN_SYNTAX)
+
+ self.delete_force(self.ldb, "cn=ldaptestuser3,cn=users," + self.base_dn)
def test_parentGUID(self):
"""Test parentGUID behaviour"""
@@ -744,12 +763,7 @@ servicePrincipalName: host/ldaptest2computer29
self.assertEquals(len(res_user), 1, "Could not find (&(cn=ldaptestUSer2)(objectClass=user))")
# Check rename works with extended/alternate DN forms
- ldb.rename("<SID=" + ldb.schema_format_value("objectSID", res_user[0]["objectSID"][0]) + ">" , "cn=ldaptestuser3,cn=users," + self.base_dn)
- ldb.rename("cn=ldaptestuser2,cn=users," + self.base_dn, "cn=ldaptestuser2,cn=users," + self.base_dn)
-
- ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, "cn=ldaptestuser3,cn=users," + self.base_dn)
-
- ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, "cn=ldaptestUSER3,cn=users," + self.base_dn)
+ ldb.rename("<SID=" + ldb.schema_format_value("objectSID", res_user[0]["objectSID"][0]) + ">" , "cn=ldaptestUSER3,cn=users," + self.base_dn)
print "Testing ldb.search for (&(cn=ldaptestuser3)(objectClass=user))"
res = ldb.search(expression="(&(cn=ldaptestuser3)(objectClass=user))")
--
Samba Shared Repository
More information about the samba-cvs
mailing list