[SCM] Samba Shared Repository - branch master updated

Andrew Tridgell tridge at samba.org
Wed Oct 14 23:03:05 MDT 2009 

The branch, master has been updated
       via  818d98a... s4-ldap: test the rDN size limit
       via  fdeeafb... s4-dsdb: implement limit on rDN length
       via  144686a... s4-ldb: removed incorrect rDN length test
      from  4185e37... s4-ldb: removed bugus RDN length check

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 818d98acf1c1c80bd6d22868674f750ee704c0fc
Author: Andrew Tridgell <tridge at samba.org>
Date:   Thu Oct 15 15:54:40 2009 +1100

    s4-ldap: test the rDN size limit

commit fdeeafb481778ee9ef7e87f8afa046d5f311a769
Author: Andrew Tridgell <tridge at samba.org>
Date:   Thu Oct 15 15:54:20 2009 +1100

    s4-dsdb: implement limit on rDN length
    
    w2k8 imposes a limit of 64 characters on the rDN

commit 144686a838ca33ce5ccfed0f559e3165563946cc
Author: Andrew Tridgell <tridge at samba.org>
Date:   Thu Oct 15 15:53:40 2009 +1100

    s4-ldb: removed incorrect rDN length test
    
    This is a property of AD, not ldb, so should be in our ldb
    modules.

-----------------------------------------------------------------------

Summary of changes:
 source4/dsdb/samdb/ldb_modules/objectclass.c |   14 +++++++++++---
 source4/lib/ldb/tests/python/ldap.py         |   25 +++++++++++++++++++++++++
 source4/torture/ldb/ldb.c                    |   13 -------------
 3 files changed, 36 insertions(+), 16 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c
index b5e058d..003d673 100644
--- a/source4/dsdb/samdb/ldb_modules/objectclass.c
+++ b/source4/dsdb/samdb/ldb_modules/objectclass.c
@@ -330,6 +330,8 @@ static int fix_dn(TALLOC_CTX *mem_ctx,
 		  struct ldb_dn **fixed_dn) 
 {
 	char *upper_rdn_attr;
+	const struct ldb_val *rdn_val;
+
 	/* Fix up the DN to be in the standard form, taking particular care to match the parent DN */
 	*fixed_dn = ldb_dn_copy(mem_ctx, parent_dn);
 
@@ -339,15 +341,21 @@ static int fix_dn(TALLOC_CTX *mem_ctx,
 	if (!upper_rdn_attr) {
 		return LDB_ERR_OPERATIONS_ERROR;
 	}
-					       
+
 	/* Create a new child */
 	if (ldb_dn_add_child_fmt(*fixed_dn, "X=X") == false) {
 		return LDB_ERR_OPERATIONS_ERROR;
 	}
 
+	/* AD doesn't allow the rDN to be longer than 64 characters */
+	rdn_val = ldb_dn_get_rdn_val(newdn);
+	if (!rdn_val || rdn_val->length > 64) {
+		DEBUG(2,(__location__ ": rDN longer than 64 limit for '%s'\n", ldb_dn_get_linearized(newdn)));
+		return LDB_ERR_CONSTRAINT_VIOLATION;
+	}
+
 	/* And replace it with CN=foo (we need the attribute in upper case */
-	return ldb_dn_set_component(*fixed_dn, 0, upper_rdn_attr,
-				    *ldb_dn_get_rdn_val(newdn));
+	return ldb_dn_set_component(*fixed_dn, 0, upper_rdn_attr, *rdn_val);
 }
 
 /* Fix all attribute names to be in the correct case, and check they are all valid per the schema */
diff --git a/source4/lib/ldb/tests/python/ldap.py b/source4/lib/ldb/tests/python/ldap.py
index 49aea28..3011b7e 100755
--- a/source4/lib/ldb/tests/python/ldap.py
+++ b/source4/lib/ldb/tests/python/ldap.py
@@ -484,6 +484,30 @@ class BasicTests(unittest.TestCase):
 
         self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
 
+    def test_largeRDN(self):
+        """Testing large rDN (limit 64 characters)"""
+        rdn = "CN=a012345678901234567890123456789012345678901234567890123456789012";
+        self.delete_force(self.ldb, "%s,%s" % (rdn, self.base_dn))
+        ldif = """
+dn: %s,%s""" % (rdn,self.base_dn) + """
+objectClass: container
+"""
+        self.ldb.add_ldif(ldif)
+        self.delete_force(self.ldb, "%s,%s" % (rdn, self.base_dn))
+
+        rdn = "CN=a0123456789012345678901234567890123456789012345678901234567890120";
+        self.delete_force(self.ldb, "%s,%s" % (rdn, self.base_dn))
+        try:
+            ldif = """
+dn: %s,%s""" % (rdn,self.base_dn) + """
+objectClass: container
+"""
+            self.ldb.add_ldif(ldif)
+            self.fail()
+        except LdbError, (num, _):
+            self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
+        self.delete_force(self.ldb, "%s,%s" % (rdn, self.base_dn))
+
     def test_rename(self):
         """Tests the rename operation"""
         print "Tests the rename operations"""
@@ -1848,6 +1872,7 @@ class SchemaTests(unittest.TestCase):
         self.assertFalse("objectClasses" in res[0])
         self.assertFalse("attributeTypes" in res[0])
 
+
     def test_schemaUpdateNow(self):
         """Testing schemaUpdateNow"""
         class_name = "test-class" + time.strftime("%s", time.gmtime())
diff --git a/source4/torture/ldb/ldb.c b/source4/torture/ldb/ldb.c
index c702194..23c9bb2 100644
--- a/source4/torture/ldb/ldb.c
+++ b/source4/torture/ldb/ldb.c
@@ -671,19 +671,6 @@ static bool torture_ldb_dn(struct torture_context *torture)
 		       NULL == ldb_dn_from_ldb_val(mem_ctx, ldb, &val),
 		       "should fail to create a DN with 0x0 in it");
 
-	torture_assert(torture,
-		       dn = ldb_dn_new(mem_ctx, ldb, "CN=loooooooooooooooooooooooooooo"
-"ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo"
-"ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo"
-"ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo"
-"ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo"
-"ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooongdn,DC=SAMBA,DC=org"),
-		       "Failed to create a DN with size more than 255 characters");
-
-	torture_assert(torture,
-		       ldb_dn_validate(dn) == false,
-		       "should have failed to validate DN with size more than 255 characters");
-
 	talloc_free(mem_ctx);
 	return true;
 }


-- 
Samba Shared Repository

More information about the samba-cvs mailing list