[SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-948-g2904f33

Matthias Dieter Wallnöfer mdw at samba.org
Sat Oct 3 02:58:39 MDT 2009 

The branch, master has been updated
       via  2904f3378d95c194fd7286ad5f321c6726819b8b (commit)
       via  90828cc7022807a6036700d0edc8061c408ef8a7 (commit)
      from  deb268f7facd05a10607c5290138b5c0ec33ff49 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 2904f3378d95c194fd7286ad5f321c6726819b8b
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date:   Sat Oct 3 10:57:14 2009 +0200

    s4:ldap.py - add a test for the "systemOnly" classes

commit 90828cc7022807a6036700d0edc8061c408ef8a7
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date:   Sat Oct 3 10:52:53 2009 +0200

    s4:dsdb Don't allow creation of systemOnly objectclasses
    
    (except as part of the provision, which specifies the 'relax' control)
    
    Andrew Bartlett

-----------------------------------------------------------------------

Summary of changes:
 source4/dsdb/samdb/ldb_modules/objectclass.c    |    6 ++++++
 source4/dsdb/samdb/ldb_modules/repl_meta_data.c |    8 ++++----
 source4/lib/ldb/tests/python/ldap.py            |   17 ++++++++++++++++-
 3 files changed, 26 insertions(+), 5 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c
index 6d22141..b3d5461 100644
--- a/source4/dsdb/samdb/ldb_modules/objectclass.c
+++ b/source4/dsdb/samdb/ldb_modules/objectclass.c
@@ -561,6 +561,12 @@ static int objectclass_do_add(struct oc_context *ac)
 					return LDB_ERR_NAMING_VIOLATION;
 				}
 
+				if (current->objectclass->systemOnly && !ldb_request_get_control(ac->req, LDB_CONTROL_RELAX_OID)) {
+					ldb_asprintf_errstring(ldb, "objectClass %s is systemOnly, rejecting creation of %s",
+							       current->objectclass->lDAPDisplayName, ldb_dn_get_linearized(msg->dn));
+					return LDB_ERR_UNWILLING_TO_PERFORM;
+				}
+
 				if (!ldb_msg_find_element(msg, "objectCategory")) {
 					value = talloc_strdup(msg, current->objectclass->defaultObjectCategory);
 					if (value == NULL) {
diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
index 489985a..74dd7e5 100644
--- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
+++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
@@ -476,10 +476,10 @@ static int replmd_add(struct ldb_module *module, struct ldb_request *req)
 	char *time_str;
 	int ret;
 	uint32_t i, ni=0;
-	int allow_add_guid=0;
-	int remove_current_guid=0;
+	bool allow_add_guid = false;
+	bool remove_current_guid = false;
 
-        /* check if there's a show deleted control */
+        /* check if there's a show relax control (used by provision to say 'I know what I'm doing') */
         control = ldb_request_get_control(req, LDB_CONTROL_RELAX_OID);
 	if (control) {
 		allow_add_guid = 1;
@@ -526,7 +526,7 @@ static int replmd_add(struct ldb_module *module, struct ldb_request *req)
 			}
 			/* we remove this attribute as it can be a string and will not be treated 
 			correctly and then we will readd it latter on in the good format*/
-			remove_current_guid = 1;
+			remove_current_guid = true;
 		}
 	} else {
 		/* a new GUID */
diff --git a/source4/lib/ldb/tests/python/ldap.py b/source4/lib/ldb/tests/python/ldap.py
index c4ebb7e..7fa25fb 100755
--- a/source4/lib/ldb/tests/python/ldap.py
+++ b/source4/lib/ldb/tests/python/ldap.py
@@ -117,6 +117,21 @@ class BasicTests(unittest.TestCase):
         self.delete_force(self.ldb, "cn=parentguidtest,cn=users," + self.base_dn)
         self.delete_force(self.ldb, "cn=parentguidtest,cn=testotherusers," + self.base_dn)
         self.delete_force(self.ldb, "cn=testotherusers," + self.base_dn)
+        self.delete_force(self.ldb, "cn=ldaptestobject," + self.base_dn)
+
+    def test_system_only(self):
+        """Test systemOnly objects"""
+        print "Test systemOnly objects"""
+
+        try:
+            self.ldb.add({
+                "dn": "cn=ldaptestobject," + self.base_dn,
+                "objectclass": "configuration"})
+            self.fail()
+        except LdbError, (num, _):
+            self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
+
+        self.delete_force(self.ldb, "cn=ldaptestobject," + self.base_dn)
 
     def test_invalid_attribute(self):
         """Test adding invalid attributes (not in schema)"""
@@ -136,7 +151,7 @@ class BasicTests(unittest.TestCase):
              "objectclass": "group"})
 
         m = Message()
-        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
         m["thisdoesnotexist"] = MessageElement("x", FLAG_MOD_REPLACE,
           "thisdoesnotexist")
         try:


-- 
Samba Shared Repository

More information about the samba-cvs mailing list