[SCM] Samba Shared Repository - branch master updated

Andrew Tridgell tridge at samba.org
Thu Oct 22 23:24:39 MDT 2009


The branch, master has been updated
       via  3050f83... s4-python: we need to include Python.h first
       via  e34106c... s4:dsdb 'attrs' must be static (otherwise segv with async)
       via  b6200e3... s4:dsdb Fix samba3sam test again.
       via  7d975bb... s4:dsdb Add error string in 'no such object' because of 0 replies case
       via  26b61ac... s4:dsdb Remove unused variables
       via  b0eb8a1... s4:dsdb Do less allocation when searching for partitions modules
       via  a84abe7... s4:setup Mark 'cn' in secrets as case insensitive
       via  b392116... s4:secrets Look for LDAP secret with a name that is indexed
       via  b7f71c9... s4:gensec Use an index on computerName in schannel.ldb
       via  44a7274... util:ldb Allow multiple entries to be added in one LDIF snippit
       via  e5b86d2... s4:dsdb Split schema loading and schema data management
       via  bd9aa4d... s4:dsdb Set partitions metadata as soon as it is set up.
       via  0fca2b0... s4-selftest: lower some of the timeouts during make test
       via  0b624d9... s4-samdb: make sure the static credentials are never freed
       via  890e771... s4-ldb: move the tdb_reopen_all() calls to ldb_wrap.c
       via  906961c... s4-ldb: use ldb_wrap_fork_hook() to cancel child transactions
       via  a32b338... s4-ldb: added ldb_transaction_cancel_noerr()
       via  a7cc448... s4-server: call the ldb_wrap_fork_hook() after a fork()
       via  33756d6... s4-server: pre-open the main ldb databases in the server
       via  4ad0397... s4-ldbwrap: added re-use of ldb contexts in ldb_wrap_connect()
       via  05f93c3... s4-dsdb: add a static samdb_credentials
       via  98e4393... s4-dsdb: create a static system_session context
      from  4a1a9f5... Simplify the logic. Jeremy.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 3050f8328862c7c77d3d692453bd9cc0885824e5
Author: Andrew Tridgell <tridge at samba.org>
Date:   Fri Oct 23 16:23:01 2009 +1100

    s4-python: we need to include Python.h first
    
    If we don't include Python.h first then we get a pile of warnings due
    to broken redefines of XOPEN_SOURCE in the Python includes.

commit e34106ca8b001d75182975a89145ded75dc6619d
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Fri Oct 23 14:58:09 2009 +1100

    s4:dsdb 'attrs' must be static (otherwise segv with async)
    
    The async code makes this really easy to mess up...
    
    Andrew Bartlett

commit b6200e3047b6ad0cc67922c9b3958af930c7aaeb
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Fri Oct 23 13:37:53 2009 +1100

    s4:dsdb Fix samba3sam test again.
    
    We again need to be careful not to call 'ldb_next_request' based functions in the partitions module.
    
    Or, we need to instead go back to having that work, and ditch the
    partition_request stuff...
    
    Andrew Bartlett

commit 7d975bb848948d740fc81fb3e8c3cc372c76031c
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Fri Oct 23 12:34:41 2009 +1100

    s4:dsdb Add error string in 'no such object' because of 0 replies case

commit 26b61aca2f064e0b657eb9f4b09283ad00b13d87
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Fri Oct 23 11:36:23 2009 +1100

    s4:dsdb Remove unused variables

commit b0eb8a1bbb5dc5ea51a82a730f71562d89572a21
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Fri Oct 23 10:08:27 2009 +1100

    s4:dsdb Do less allocation when searching for partitions modules
    
    (it didn't help that the previous allocation was on the wrong long-term context)
    
    Andrew Bartlett

commit a84abe7053b92de23612ded9c459ba8c76bcc567
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Thu Oct 22 18:22:26 2009 +1100

    s4:setup Mark 'cn' in secrets as case insensitive
    
    While this does not matter very much, others may later expect 'cn' to be case
    insensitive.
    
    Andrew Bartlett

commit b392116c1f85faa365e714bc442447513557d768
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Thu Oct 22 18:21:50 2009 +1100

    s4:secrets Look for LDAP secret with a name that is indexed
    
    This avoids a very common unindexed lookup

commit b7f71c9407b736c4ec233aa8d4c4271a833fb88b
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Thu Oct 22 18:21:02 2009 +1100

    s4:gensec Use an index on computerName in schannel.ldb

commit 44a727479e54c7d12191d6752c62b12cc2f8081e
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Thu Oct 22 18:20:07 2009 +1100

    util:ldb Allow multiple entries to be added in one LDIF snippit

commit e5b86d267465dba57b26a74f75ddc1e778359b23
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Thu Oct 22 15:54:57 2009 +1100

    s4:dsdb Split schema loading and schema data management
    
    By splitting the module this way, we can load the schema at startup, after
    the partitions module is operational, but we leave the 'mess with details of
    entries in the partitions' module to operate only on the partitions module.
    
    Loading the schema later allows us to set the @ATTRIBUTES correctly on all
    the databases.
    
    Andrew Bartlett

commit bd9aa4d561df738331b65ad05abcbd7672cd0493
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Thu Oct 22 15:54:12 2009 +1100

    s4:dsdb Set partitions metadata as soon as it is set up.

commit 0fca2b078ceb314e429e24e3318b50451ccf423b
Author: Andrew Tridgell <tridge at samba.org>
Date:   Fri Oct 23 15:38:54 2009 +1100

    s4-selftest: lower some of the timeouts during make test
    
    This speeds up some of the delay based tests by a lot. There is no
    need to have long delays during testing.

commit 0b624d9effa950e1e7ba95866a37b84bb74be772
Author: Andrew Tridgell <tridge at samba.org>
Date:   Fri Oct 23 14:54:07 2009 +1100

    s4-samdb: make sure the static credentials are never freed

commit 890e7719cf679108e7a74a660f20a40a32d7d552
Author: Andrew Tridgell <tridge at samba.org>
Date:   Fri Oct 23 14:50:56 2009 +1100

    s4-ldb: move the tdb_reopen_all() calls to ldb_wrap.c

commit 906961cd8ce4a68117fbb5dc96bfb4f5379daa5b
Author: Andrew Tridgell <tridge at samba.org>
Date:   Fri Oct 23 14:46:34 2009 +1100

    s4-ldb: use ldb_wrap_fork_hook() to cancel child transactions

commit a32b3386473e40ec8b94703f66f731a29dba68f7
Author: Andrew Tridgell <tridge at samba.org>
Date:   Fri Oct 23 14:46:08 2009 +1100

    s4-ldb: added ldb_transaction_cancel_noerr()
    
    This will be used to allow cancelling of transactions in a child after
    a fork()

commit a7cc448dc232ac08bda0eef1bbc8e22b52eea5b5
Author: Andrew Tridgell <tridge at samba.org>
Date:   Fri Oct 23 14:31:07 2009 +1100

    s4-server: call the ldb_wrap_fork_hook() after a fork()
    
    This will be used to allow us to cancel any pending transactions
    after a fork.

commit 33756d6374fbeff15c2824c540f433ad6870e5c9
Author: Andrew Tridgell <tridge at samba.org>
Date:   Fri Oct 23 14:30:00 2009 +1100

    s4-server: pre-open the main ldb databases in the server
    
    By pre-opening these databases and leaving them open, we allow the new
    ldb_wrap_connect() code to share the ldb context between users.

commit 4ad0397d8afdd6bec609506f3736f8567afe7564
Author: Andrew Tridgell <tridge at samba.org>
Date:   Fri Oct 23 14:27:00 2009 +1100

    s4-ldbwrap: added re-use of ldb contexts in ldb_wrap_connect()
    
    This allows us to reuse a ldb context if it is open twice, instead
    of going through the expensive process of a full ldb open. We can
    reuse it if all of the parameters are the same.
    
    The change relies on callers using talloc_unlink() or free of a parent
    to close a ldb context.

commit 05f93c3e8fe2b0f6e520686742c48c78c96605ab
Author: Andrew Tridgell <tridge at samba.org>
Date:   Fri Oct 23 14:23:40 2009 +1100

    s4-dsdb: add a static samdb_credentials
    
    Similarly to system_session(), this creates a static
    samdb_credentials()

commit 98e4393df926b600354ef16eb4eb19b5e11bf5c3
Author: Andrew Tridgell <tridge at samba.org>
Date:   Fri Oct 23 14:19:28 2009 +1100

    s4-dsdb: create a static system_session context
    
    This patch adds a system_session cache, preventing us from having to
    recreate it on every ldb open, and allowing us to detect when the same
    session is being used in ldb_wrap

-----------------------------------------------------------------------

Summary of changes:
 lib/util/util_ldb.c                             |   11 +-
 libcli/nbt/pynbt.c                              |    2 +-
 selftest/target/Samba4.pm                       |   10 +-
 source4/auth/auth.h                             |    2 +-
 source4/auth/credentials/pycredentials.c        |    2 +-
 source4/auth/gensec/pygensec.c                  |    2 +-
 source4/auth/gensec/schannel.c                  |    2 +-
 source4/auth/gensec/schannel_state.c            |    9 +-
 source4/auth/ntlm/auth_sam.c                    |    4 +-
 source4/auth/pyauth.c                           |    2 +-
 source4/auth/session.h                          |    2 +-
 source4/auth/system_session.c                   |   25 +-
 source4/cldap_server/cldap_server.c             |    2 +-
 source4/dsdb/samdb/cracknames.c                 |    2 +-
 source4/dsdb/samdb/ldb_modules/config.mk        |   24 +-
 source4/dsdb/samdb/ldb_modules/new_partition.c  |    3 +-
 source4/dsdb/samdb/ldb_modules/partition_init.c |   39 +-
 source4/dsdb/samdb/ldb_modules/schema_data.c    |  464 ++++++++++++++++
 source4/dsdb/samdb/ldb_modules/schema_fsmo.c    |  654 -----------------------
 source4/dsdb/samdb/ldb_modules/schema_load.c    |  258 +++++++++
 source4/dsdb/samdb/ldb_modules/util.c           |    3 +
 source4/dsdb/samdb/samdb.c                      |   31 +-
 source4/dsdb/samdb/samdb_privilege.c            |    2 +-
 source4/kdc/kpasswdd.c                          |    2 +-
 source4/ldap_server/ldap_backend.c              |    4 +-
 source4/ldap_server/ldap_server.c               |    4 +-
 source4/lib/com/pycom.c                         |    2 +-
 source4/lib/ldb/common/ldb.c                    |   13 +
 source4/lib/ldb/configure.ac                    |    2 +-
 source4/lib/ldb/include/ldb.h                   |    6 +
 source4/lib/ldb/pyldb.c                         |    2 +-
 source4/lib/ldb/tools/cmdline.c                 |    2 +-
 source4/lib/ldb_wrap.c                          |  134 ++++-
 source4/lib/ldb_wrap.h                          |    4 +-
 source4/lib/messaging/pymessaging.c             |    2 +-
 source4/lib/registry/ldb.c                      |    2 +-
 source4/lib/registry/pyregistry.c               |    2 +-
 source4/libgpo/ads_convenience.c                |    2 +-
 source4/libnet/libnet_become_dc.c               |    2 +-
 source4/libnet/libnet_join.c                    |    2 +-
 source4/libnet/libnet_samsync_ldb.c             |    2 +-
 source4/libnet/libnet_unbecome_dc.c             |    2 +-
 source4/libnet/py_net.c                         |    2 +-
 source4/librpc/rpc/pyrpc.c                      |    2 +-
 source4/min_versions.m4                         |    2 +-
 source4/nbt_server/nbt_server.c                 |    2 +-
 source4/nbt_server/wins/winsdb.c                |    4 +-
 source4/ntp_signd/ntp_signd.c                   |    2 +-
 source4/ntptr/simple_ldb/ntptr_simple_ldb.c     |    4 +-
 source4/param/provision.c                       |    2 +-
 source4/param/pyparam.c                         |    5 +-
 source4/param/pyparam_util.c                    |    5 +-
 source4/param/secrets.h                         |    2 +-
 source4/param/share_ldb.c                       |    4 +-
 source4/rpc_server/drsuapi/dcesrv_drsuapi.c     |    2 +-
 source4/rpc_server/lsa/dcesrv_lsa.c             |    4 +-
 source4/rpc_server/netlogon/dcerpc_netlogon.c   |   12 +-
 source4/rpc_server/samr/dcesrv_samr.c           |    2 +-
 source4/rpc_server/samr/samr_password.c         |    6 +-
 source4/scripting/python/modules.c              |    2 +-
 source4/scripting/python/pyglue.c               |    2 +-
 source4/scripting/python/samba/provision.py     |    5 +-
 source4/scripting/python/uuidmodule.c           |    2 +-
 source4/selftest/tests.sh                       |    4 +-
 source4/setup/secrets_init.ldif                 |    1 +
 source4/smbd/process_prefork.c                  |    7 +-
 source4/smbd/process_standard.c                 |   12 +-
 source4/smbd/server.c                           |   22 +-
 source4/torture/ldap/ldap_sort.c                |    2 +-
 source4/torture/ldap/schema.c                   |    2 +-
 source4/torture/ldap/uptodatevector.c           |    2 +-
 source4/torture/libnet/libnet_BecomeDC.c        |    8 +-
 source4/torture/local/dbspeed.c                 |    2 +-
 source4/torture/rpc/netlogon.c                  |    2 +-
 source4/utils/net/net_vampire.c                 |    2 +-
 source4/web_server/wsgi.c                       |    2 +-
 source4/winbind/idmap.c                         |    4 +-
 source4/wrepl_server/wrepl_server.c             |    2 +-
 78 files changed, 1059 insertions(+), 834 deletions(-)
 create mode 100644 source4/dsdb/samdb/ldb_modules/schema_data.c
 delete mode 100644 source4/dsdb/samdb/ldb_modules/schema_fsmo.c
 create mode 100644 source4/dsdb/samdb/ldb_modules/schema_load.c


Changeset truncated at 500 lines:

diff --git a/lib/util/util_ldb.c b/lib/util/util_ldb.c
index ac1e115..e92e3a2 100644
--- a/lib/util/util_ldb.c
+++ b/lib/util/util_ldb.c
@@ -116,11 +116,14 @@ int gendb_search_dn(struct ldb_context *ldb,
 int gendb_add_ldif(struct ldb_context *ldb, const char *ldif_string)
 {
 	struct ldb_ldif *ldif;
+	const char *s = ldif_string;
 	int ret;
-	ldif = ldb_ldif_read_string(ldb, &ldif_string);
-	if (ldif == NULL) return -1;
-	ret = ldb_add(ldb, ldif->msg);
-	talloc_free(ldif);
+	while (s && *s != '\0') {
+		ldif = ldb_ldif_read_string(ldb, &s);
+		if (ldif == NULL) return -1;
+		ret = ldb_add(ldb, ldif->msg);
+		talloc_free(ldif);
+	}
 	return ret;
 }
 
diff --git a/libcli/nbt/pynbt.c b/libcli/nbt/pynbt.c
index 9be6c79..425ad13 100644
--- a/libcli/nbt/pynbt.c
+++ b/libcli/nbt/pynbt.c
@@ -17,8 +17,8 @@
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
-#include "includes.h"
 #include <Python.h>
+#include "includes.h"
 #include "libcli/util/pyerrors.h"
 #include "scripting/python/modules.h"
 #include "../libcli/nbt/libnbt.h"
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index 3c0c4f5..db2793e 100644
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -723,7 +723,7 @@ sub provision($$$$$$$)
 [tmp]
 	path = $ctx->{tmpdir}
 	read only = no
-	posix:sharedelay = 100000
+	posix:sharedelay = 10000
 	posix:eadb = $ctx->{lockdir}/eadb.tdb
 	posix:oplocktimeout = 3
 	posix:writetimeupdatedelay = 500000
@@ -731,18 +731,18 @@ sub provision($$$$$$$)
 [test1]
 	path = $ctx->{tmpdir}/test1
 	read only = no
-	posix:sharedelay = 100000
+	posix:sharedelay = 10000
 	posix:eadb = $ctx->{lockdir}/eadb.tdb
 	posix:oplocktimeout = 3
-	posix:writetimeupdatedelay = 500000
+	posix:writetimeupdatedelay = 50000
 
 [test2]
 	path = $ctx->{tmpdir}/test2
 	read only = no
-	posix:sharedelay = 100000
+	posix:sharedelay = 10000
 	posix:eadb = $ctx->{lockdir}/eadb.tdb
 	posix:oplocktimeout = 3
-	posix:writetimeupdatedelay = 500000
+	posix:writetimeupdatedelay = 50000
 
 [cifs]
 	read only = no
diff --git a/source4/auth/auth.h b/source4/auth/auth.h
index 8a0f12e..49cf161 100644
--- a/source4/auth/auth.h
+++ b/source4/auth/auth.h
@@ -236,7 +236,7 @@ NTSTATUS authsam_account_ok(TALLOC_CTX *mem_ctx,
 			    const char *name_for_logs,
 			    bool allow_domain_trust,
 			    bool password_change);
-struct auth_session_info *system_session(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx);
+struct auth_session_info *system_session(struct loadparm_context *lp_ctx);
 NTSTATUS authsam_make_server_info(TALLOC_CTX *mem_ctx, struct ldb_context *sam_ctx,
 					   const char *netbios_name,
 					   const char *domain_name,
diff --git a/source4/auth/credentials/pycredentials.c b/source4/auth/credentials/pycredentials.c
index b0433ab..59a200b 100644
--- a/source4/auth/credentials/pycredentials.c
+++ b/source4/auth/credentials/pycredentials.c
@@ -16,8 +16,8 @@
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
-#include "includes.h"
 #include <Python.h>
+#include "includes.h"
 #include "pycredentials.h"
 #include "param/param.h"
 #include "lib/cmdline/credentials.h"
diff --git a/source4/auth/gensec/pygensec.c b/source4/auth/gensec/pygensec.c
index c799ffd..87c3805 100644
--- a/source4/auth/gensec/pygensec.c
+++ b/source4/auth/gensec/pygensec.c
@@ -16,8 +16,8 @@
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
-#include "includes.h"
 #include <Python.h>
+#include "includes.h"
 #include "param/pyparam.h"
 #include "auth/gensec/gensec.h"
 #include "libcli/util/pyerrors.h"
diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/schannel.c
index 2fe97fe..58cbb6a 100644
--- a/source4/auth/gensec/schannel.c
+++ b/source4/auth/gensec/schannel.c
@@ -146,7 +146,7 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_
 		/* pull the session key for this client */
 		status = schannel_fetch_session_key_ldb(schannel_ldb,
 							out_mem_ctx, workstation, &creds);
-		talloc_free(schannel_ldb);
+		talloc_unlink(out_mem_ctx, schannel_ldb);
 		if (!NT_STATUS_IS_OK(status)) {
 			DEBUG(3, ("Could not find session key for attempted schannel connection from %s: %s\n",
 				  workstation, nt_errstr(status)));
diff --git a/source4/auth/gensec/schannel_state.c b/source4/auth/gensec/schannel_state.c
index 7aa0ba3..e90b73b 100644
--- a/source4/auth/gensec/schannel_state.c
+++ b/source4/auth/gensec/schannel_state.c
@@ -38,7 +38,10 @@ struct ldb_context *schannel_db_connect(TALLOC_CTX *mem_ctx, struct tevent_conte
 	const char *init_ldif = 
 		"dn: @ATTRIBUTES\n" \
 		"computerName: CASE_INSENSITIVE\n" \
-		"flatname: CASE_INSENSITIVE\n";
+		"flatname: CASE_INSENSITIVE\n" \
+		"\n" \
+		"dn: @INDEXLIST\n" \
+		"@IDXATTR: computerName\n\n";
 
 	path = private_path(mem_ctx, lp_ctx, "schannel.ldb");
 	if (!path) {
@@ -48,8 +51,8 @@ struct ldb_context *schannel_db_connect(TALLOC_CTX *mem_ctx, struct tevent_conte
 	existed = file_exist(path);
 	
 	ldb = ldb_wrap_connect(mem_ctx, ev_ctx, lp_ctx, path, 
-			       system_session(mem_ctx, lp_ctx), 
-			       NULL, LDB_FLG_NOSYNC, NULL);
+			       system_session(lp_ctx), 
+			       NULL, LDB_FLG_NOSYNC);
 	talloc_free(path);
 	if (!ldb) {
 		return NULL;
diff --git a/source4/auth/ntlm/auth_sam.c b/source4/auth/ntlm/auth_sam.c
index 46cdd8d..baa95f7 100644
--- a/source4/auth/ntlm/auth_sam.c
+++ b/source4/auth/ntlm/auth_sam.c
@@ -202,7 +202,7 @@ static NTSTATUS authsam_check_password_internals(struct auth_method_context *ctx
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	sam_ctx = samdb_connect(tmp_ctx, ctx->auth_ctx->event_ctx, ctx->auth_ctx->lp_ctx, system_session(mem_ctx, ctx->auth_ctx->lp_ctx));
+	sam_ctx = samdb_connect(tmp_ctx, ctx->auth_ctx->event_ctx, ctx->auth_ctx->lp_ctx, system_session(ctx->auth_ctx->lp_ctx));
 	if (sam_ctx == NULL) {
 		talloc_free(tmp_ctx);
 		return NT_STATUS_INVALID_SYSTEM_SERVICE;
@@ -320,7 +320,7 @@ NTSTATUS authsam_get_server_info_principal(TALLOC_CTX *mem_ctx,
 	}
 
 	sam_ctx = samdb_connect(tmp_ctx, auth_context->event_ctx, auth_context->lp_ctx, 
-				system_session(tmp_ctx, auth_context->lp_ctx));
+				system_session(auth_context->lp_ctx));
 	if (sam_ctx == NULL) {
 		talloc_free(tmp_ctx);
 		return NT_STATUS_INVALID_SYSTEM_SERVICE;
diff --git a/source4/auth/pyauth.c b/source4/auth/pyauth.c
index 5bb775a..7ec7f3e 100644
--- a/source4/auth/pyauth.c
+++ b/source4/auth/pyauth.c
@@ -49,7 +49,7 @@ static PyObject *py_system_session(PyObject *module, PyObject *args)
 	if (lp_ctx == NULL)
 		return NULL;
 
-	session = system_session(NULL, lp_ctx);
+	session = system_session(lp_ctx);
 
 	return PyAuthSession_FromSession(session);
 }
diff --git a/source4/auth/session.h b/source4/auth/session.h
index ca47af3..2a5a8f1 100644
--- a/source4/auth/session.h
+++ b/source4/auth/session.h
@@ -35,7 +35,7 @@ struct tevent_context;
 /* Create a security token for a session SYSTEM (the most
  * trusted/prvilaged account), including the local machine account as
  * the off-host credentials */
-struct auth_session_info *system_session(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx) ;
+struct auth_session_info *system_session(struct loadparm_context *lp_ctx) ;
 
 /*
  * Create a system session, but with anonymous credentials (so we do
diff --git a/source4/auth/system_session.c b/source4/auth/system_session.c
index 8e22bd8..765f53a 100644
--- a/source4/auth/system_session.c
+++ b/source4/auth/system_session.c
@@ -146,22 +146,37 @@ static NTSTATUS generate_session_info(TALLOC_CTX *mem_ctx,
 }
 
 
+/*
+  prevent the static system session being freed
+ */
+static int system_session_destructor(struct auth_session_info *info)
+{
+	return -1;
+}
 
 /* Create a security token for a session SYSTEM (the most
  * trusted/prvilaged account), including the local machine account as
  * the off-host credentials
  */ 
-_PUBLIC_ struct auth_session_info *system_session(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx) 
+_PUBLIC_ struct auth_session_info *system_session(struct loadparm_context *lp_ctx) 
 {
+	static struct auth_session_info *static_session;
 	NTSTATUS nt_status;
-	struct auth_session_info *session_info = NULL;
-	nt_status = auth_system_session_info(mem_ctx,
+
+	if (static_session) {
+		return static_session;
+	}
+
+	nt_status = auth_system_session_info(talloc_autofree_context(),
 					     lp_ctx,
-					     &session_info);
+					     &static_session);
 	if (!NT_STATUS_IS_OK(nt_status)) {
+		talloc_free(static_session);
+		static_session = NULL;
 		return NULL;
 	}
-	return session_info;
+	talloc_set_destructor(static_session, system_session_destructor);
+	return static_session;
 }
 
 static NTSTATUS _auth_system_session_info(TALLOC_CTX *parent_ctx, 
diff --git a/source4/cldap_server/cldap_server.c b/source4/cldap_server/cldap_server.c
index ee8c76e..25c5c9a 100644
--- a/source4/cldap_server/cldap_server.c
+++ b/source4/cldap_server/cldap_server.c
@@ -214,7 +214,7 @@ static void cldapd_task_init(struct task_server *task)
 	}
 
 	cldapd->task = task;
-	cldapd->samctx = samdb_connect(cldapd, task->event_ctx, task->lp_ctx, system_session(cldapd, task->lp_ctx));
+	cldapd->samctx = samdb_connect(cldapd, task->event_ctx, task->lp_ctx, system_session(task->lp_ctx));
 	if (cldapd->samctx == NULL) {
 		task_server_terminate(task, "cldapd failed to open samdb", true);
 		return;
diff --git a/source4/dsdb/samdb/cracknames.c b/source4/dsdb/samdb/cracknames.c
index 23811d3..f0bd5d2 100644
--- a/source4/dsdb/samdb/cracknames.c
+++ b/source4/dsdb/samdb/cracknames.c
@@ -1251,7 +1251,7 @@ NTSTATUS crack_name_to_nt4_name(TALLOC_CTX *mem_ctx,
 		return NT_STATUS_OK;
 	}
 
-	ldb = samdb_connect(mem_ctx, ev_ctx, lp_ctx, system_session(mem_ctx, lp_ctx));
+	ldb = samdb_connect(mem_ctx, ev_ctx, lp_ctx, system_session(lp_ctx));
 	if (ldb == NULL) {
 		return NT_STATUS_INTERNAL_DB_CORRUPTION;
 	}
diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk
index 40e37a4..c75e4a6 100644
--- a/source4/dsdb/samdb/ldb_modules/config.mk
+++ b/source4/dsdb/samdb/ldb_modules/config.mk
@@ -46,16 +46,28 @@ ldb_dsdb_cache_OBJ_FILES = \
 		$(dsdbsrcdir)/samdb/ldb_modules/dsdb_cache.o
 
 ################################################
-# Start MODULE ldb_schema_fsmo
-[MODULE::ldb_schema_fsmo]
+# Start MODULE ldb_schema_load
+[MODULE::ldb_schema_load]
 SUBSYSTEM = LIBLDB
 PRIVATE_DEPENDENCIES = SAMDB LIBTALLOC LIBEVENTS DSDB_MODULE_HELPERS
-INIT_FUNCTION = LDB_MODULE(schema_fsmo)
-# End MODULE ldb_schema_fsmo
+INIT_FUNCTION = LDB_MODULE(schema_load)
+# End MODULE ldb_schema_load
 ################################################
 
-ldb_schema_fsmo_OBJ_FILES = \
-		$(dsdbsrcdir)/samdb/ldb_modules/schema_fsmo.o
+ldb_schema_load_OBJ_FILES = \
+		$(dsdbsrcdir)/samdb/ldb_modules/schema_load.o
+
+################################################
+# Start MODULE ldb_schema_data
+[MODULE::ldb_schema_data]
+SUBSYSTEM = LIBLDB
+PRIVATE_DEPENDENCIES = SAMDB LIBTALLOC LIBEVENTS DSDB_MODULE_HELPERS
+INIT_FUNCTION = LDB_MODULE(schema_data)
+# End MODULE ldb_schema_data
+################################################
+
+ldb_schema_data_OBJ_FILES = \
+		$(dsdbsrcdir)/samdb/ldb_modules/schema_data.o
 
 ################################################
 # Start MODULE ldb_naming_fsmo
diff --git a/source4/dsdb/samdb/ldb_modules/new_partition.c b/source4/dsdb/samdb/ldb_modules/new_partition.c
index c497d97..47394f4 100644
--- a/source4/dsdb/samdb/ldb_modules/new_partition.c
+++ b/source4/dsdb/samdb/ldb_modules/new_partition.c
@@ -151,7 +151,8 @@ static int new_partition_add(struct ldb_module *module, struct ldb_request *req)
 	if (!ldb_msg_find_element(req->op.add.message, "instanceType")) {
 		return ldb_next_request(module, req);		
 	} else {
-		const char *no_attrs[] = { NULL };
+		/* This needs to be 'static' to ensure it does not move, and is not on the stack */
+		static const char *no_attrs[] = { NULL };
 		unsigned int instanceType = ldb_msg_find_attr_as_uint(req->op.add.message, "instanceType", 0);
 		if (!(instanceType & INSTANCE_TYPE_IS_NC_HEAD)) {
 			return ldb_next_request(module, req);		
diff --git a/source4/dsdb/samdb/ldb_modules/partition_init.c b/source4/dsdb/samdb/ldb_modules/partition_init.c
index f4163da..cc778d6 100644
--- a/source4/dsdb/samdb/ldb_modules/partition_init.c
+++ b/source4/dsdb/samdb/ldb_modules/partition_init.c
@@ -89,32 +89,34 @@ static int partition_load_modules(struct ldb_context *ldb,
 	}
 	
 	for (i=0; i < modules_attributes->num_values; i++) {
-		char *base;
 		char *p;
-
+		DATA_BLOB dn_blob;
 		data->modules[i] = talloc(data->modules, struct partition_module);
 		if (!data->modules[i]) {
 			ldb_oom(ldb);
 			return LDB_ERR_OPERATIONS_ERROR;
 		}
 
-		base = talloc_strdup(data->partitions, (char *)modules_attributes->values[i].data);
-		p = strchr(base, ':');
+		dn_blob = modules_attributes->values[i];
+
+		p = strchr((const char *)dn_blob.data, ':');
 		if (!p) {
 			ldb_asprintf_errstring(ldb, 
 					       "partition_load_modules: "
-					       "invalid form for partition module record (missing ':'): %s", base);
+					       "invalid form for partition module record (missing ':'): %s", (const char *)dn_blob.data);
 			return LDB_ERR_CONSTRAINT_VIOLATION;
 		}
-		p[0] = '\0';
+		/* Now trim off the filename */
+		dn_blob.length = ((uint8_t *)p - dn_blob.data);
+
 		p++;
 		data->modules[i]->modules = ldb_modules_list_from_string(ldb, data->modules[i],
 									 p);
 		
-		if (strcmp(base, "*") == 0) {
+		if (dn_blob.length == 1 && dn_blob.data[0] == '*') {
 			data->modules[i]->dn = NULL;
 		} else {
-			data->modules[i]->dn = ldb_dn_new(data->modules[i], ldb, base);
+			data->modules[i]->dn = ldb_dn_from_ldb_val(data->modules[i], ldb, &dn_blob);
 			if (!data->modules[i]->dn || !ldb_dn_validate(data->modules[i]->dn)) {
 				return LDB_ERR_OPERATIONS_ERROR;
 			}
@@ -394,6 +396,7 @@ int partition_reload_if_required(struct ldb_module *module,
 		DATA_BLOB dn_blob;
 		struct ldb_dn *dn;
 		struct dsdb_partition *partition;
+		struct ldb_module tmp_module;
 		struct ldb_result *dn_res;
 		const char *no_attrs[] = { NULL };
 
@@ -454,8 +457,12 @@ int partition_reload_if_required(struct ldb_module *module,
 			return ret;
 		}
 
+		/* Hack to be able to re-use dsdb_module_search_dn, which calls ldb_next_request(), which needs ->next filled out */
+		tmp_module = *partition->module;
+		tmp_module.next = partition->module;
+		
 		/* Get the 'correct' case of the partition DNs from the database */
-		ret = dsdb_module_search_dn(partition->module, data, &dn_res, 
+		ret = dsdb_module_search_dn(&tmp_module, data, &dn_res, 
 					    dn, no_attrs);
 		if (ret == LDB_SUCCESS) {
 			talloc_free(partition->ctrl->dn);
@@ -463,11 +470,9 @@ int partition_reload_if_required(struct ldb_module *module,
 			talloc_free(dn_res);
 		} else if (ret != LDB_ERR_NO_SUCH_OBJECT) {
 			ldb_asprintf_errstring(ldb,
-					       "Failed to search for %s from " DSDB_PARTITION_DN 
-					       " replicateEntries for new partition at %s on %s: %s", 
-					       ldb_dn_get_linearized(data->replicate[i]), 
-					       partition->backend_url,
-					       ldb_dn_get_linearized(partition->ctrl->dn), 
+					       "Failed to search for partition base %s in new partition at %s: %s", 
+					       ldb_dn_get_linearized(dn), 
+					       partition->backend_url, 
 					       ldb_errstring(ldb));
 			talloc_free(mem_ctx);
 			return ret;
@@ -742,6 +747,9 @@ int partition_init(struct ldb_module *module)
 		return ret;
 	}
 
+	module->private_data = talloc_steal(module, data);
+	talloc_free(mem_ctx);
+
 	ret = ldb_mod_register_control(module, LDB_CONTROL_DOMAIN_SCOPE_OID);
 	if (ret != LDB_SUCCESS) {
 		ldb_debug(ldb_module_get_ctx(module), LDB_DEBUG_ERROR,
@@ -756,8 +764,5 @@ int partition_init(struct ldb_module *module)
 		return LDB_ERR_OPERATIONS_ERROR;
 	}
 
-	module->private_data = talloc_steal(module, data);
-
-	talloc_free(mem_ctx);
 	return ldb_next_init(module);
 }
diff --git a/source4/dsdb/samdb/ldb_modules/schema_data.c b/source4/dsdb/samdb/ldb_modules/schema_data.c
new file mode 100644
index 0000000..bf80c01
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/schema_data.c
@@ -0,0 +1,464 @@
+/* 
+   Unix SMB/CIFS mplementation.
+
+   The module that handles the Schema checkings and dynamic attributes
+   
+   Copyright (C) Stefan Metzmacher <metze at samba.org> 2007
+   Copyright (C) Andrew Bartlett <abartlet at samba.org> 2009
+    
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+   
+*/
+
+#include "includes.h"
+#include "ldb_module.h"
+#include "dsdb/samdb/samdb.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+#include "librpc/gen_ndr/ndr_drsuapi.h"
+#include "librpc/gen_ndr/ndr_drsblobs.h"
+#include "param/param.h"
+#include "dsdb/samdb/ldb_modules/util.h"
+
+static int generate_objectClasses(struct ldb_context *ldb, struct ldb_message *msg,
+				  const struct dsdb_schema *schema);
+static int generate_attributeTypes(struct ldb_context *ldb, struct ldb_message *msg,
+				   const struct dsdb_schema *schema);
+static int generate_dITContentRules(struct ldb_context *ldb, struct ldb_message *msg,
+				    const struct dsdb_schema *schema);
+static int generate_extendedAttributeInfo(struct ldb_context *ldb, struct ldb_message *msg,
+					  const struct dsdb_schema *schema);
+static int generate_extendedClassInfo(struct ldb_context *ldb, struct ldb_message *msg,
+				      const struct dsdb_schema *schema);
+static int generate_possibleInferiors(struct ldb_context *ldb, struct ldb_message *msg,
+				      const struct dsdb_schema *schema);
+
+static const struct {
+	const char *attr;
+	int (*fn)(struct ldb_context *, struct ldb_message *, const struct dsdb_schema *);
+	bool aggregate;
+} generated_attrs[] = {
+	{
+		.attr = "objectClasses",
+		.fn = generate_objectClasses,
+		.aggregate = true,
+	},
+	{
+		.attr = "attributeTypes",
+		.fn = generate_attributeTypes,
+		.aggregate = true,
+	},
+	{
+		.attr = "dITContentRules",
+		.fn = generate_dITContentRules,


-- 
Samba Shared Repository


More information about the samba-cvs mailing list