[SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-948-g2904f33
Matthias Dieter Wallnöfer
mdw at samba.org
Sat Oct 3 02:58:39 MDT 2009
The branch, master has been updated
via 2904f3378d95c194fd7286ad5f321c6726819b8b (commit)
via 90828cc7022807a6036700d0edc8061c408ef8a7 (commit)
from deb268f7facd05a10607c5290138b5c0ec33ff49 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 2904f3378d95c194fd7286ad5f321c6726819b8b
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date: Sat Oct 3 10:57:14 2009 +0200
s4:ldap.py - add a test for the "systemOnly" classes
commit 90828cc7022807a6036700d0edc8061c408ef8a7
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date: Sat Oct 3 10:52:53 2009 +0200
s4:dsdb Don't allow creation of systemOnly objectclasses
(except as part of the provision, which specifies the 'relax' control)
Andrew Bartlett
-----------------------------------------------------------------------
Summary of changes:
source4/dsdb/samdb/ldb_modules/objectclass.c | 6 ++++++
source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 8 ++++----
source4/lib/ldb/tests/python/ldap.py | 17 ++++++++++++++++-
3 files changed, 26 insertions(+), 5 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c
index 6d22141..b3d5461 100644
--- a/source4/dsdb/samdb/ldb_modules/objectclass.c
+++ b/source4/dsdb/samdb/ldb_modules/objectclass.c
@@ -561,6 +561,12 @@ static int objectclass_do_add(struct oc_context *ac)
return LDB_ERR_NAMING_VIOLATION;
}
+ if (current->objectclass->systemOnly && !ldb_request_get_control(ac->req, LDB_CONTROL_RELAX_OID)) {
+ ldb_asprintf_errstring(ldb, "objectClass %s is systemOnly, rejecting creation of %s",
+ current->objectclass->lDAPDisplayName, ldb_dn_get_linearized(msg->dn));
+ return LDB_ERR_UNWILLING_TO_PERFORM;
+ }
+
if (!ldb_msg_find_element(msg, "objectCategory")) {
value = talloc_strdup(msg, current->objectclass->defaultObjectCategory);
if (value == NULL) {
diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
index 489985a..74dd7e5 100644
--- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
+++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
@@ -476,10 +476,10 @@ static int replmd_add(struct ldb_module *module, struct ldb_request *req)
char *time_str;
int ret;
uint32_t i, ni=0;
- int allow_add_guid=0;
- int remove_current_guid=0;
+ bool allow_add_guid = false;
+ bool remove_current_guid = false;
- /* check if there's a show deleted control */
+ /* check if there's a show relax control (used by provision to say 'I know what I'm doing') */
control = ldb_request_get_control(req, LDB_CONTROL_RELAX_OID);
if (control) {
allow_add_guid = 1;
@@ -526,7 +526,7 @@ static int replmd_add(struct ldb_module *module, struct ldb_request *req)
}
/* we remove this attribute as it can be a string and will not be treated
correctly and then we will readd it latter on in the good format*/
- remove_current_guid = 1;
+ remove_current_guid = true;
}
} else {
/* a new GUID */
diff --git a/source4/lib/ldb/tests/python/ldap.py b/source4/lib/ldb/tests/python/ldap.py
index c4ebb7e..7fa25fb 100755
--- a/source4/lib/ldb/tests/python/ldap.py
+++ b/source4/lib/ldb/tests/python/ldap.py
@@ -117,6 +117,21 @@ class BasicTests(unittest.TestCase):
self.delete_force(self.ldb, "cn=parentguidtest,cn=users," + self.base_dn)
self.delete_force(self.ldb, "cn=parentguidtest,cn=testotherusers," + self.base_dn)
self.delete_force(self.ldb, "cn=testotherusers," + self.base_dn)
+ self.delete_force(self.ldb, "cn=ldaptestobject," + self.base_dn)
+
+ def test_system_only(self):
+ """Test systemOnly objects"""
+ print "Test systemOnly objects"""
+
+ try:
+ self.ldb.add({
+ "dn": "cn=ldaptestobject," + self.base_dn,
+ "objectclass": "configuration"})
+ self.fail()
+ except LdbError, (num, _):
+ self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
+
+ self.delete_force(self.ldb, "cn=ldaptestobject," + self.base_dn)
def test_invalid_attribute(self):
"""Test adding invalid attributes (not in schema)"""
@@ -136,7 +151,7 @@ class BasicTests(unittest.TestCase):
"objectclass": "group"})
m = Message()
- m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+ m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
m["thisdoesnotexist"] = MessageElement("x", FLAG_MOD_REPLACE,
"thisdoesnotexist")
try:
--
Samba Shared Repository
More information about the samba-cvs
mailing list