[SCM] Samba Shared Repository - branch master updated
Matthias Dieter Wallnöfer
mdw at samba.org
Sun Aug 1 06:01:44 MDT 2010
The branch, master has been updated
via 542396c... s4:ldap.py - add a test for "CN=System" object rename behaviour
via 7ea1796... s4:subtree_rename LDB module - rename "check_system_flags" into "check_constraints" and perform more checks
via 2e66033... s4:subtree_rename LDB module - introduce out of memory checks
from f997fd2... s4:dsdb/samdb/ldb_modules/util.c - remove unused variables
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 542396ccd9a8b06a769300c5952477e13e3db8ae
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Sun Aug 1 11:26:08 2010 +0200
s4:ldap.py - add a test for "CN=System" object rename behaviour
commit 7ea1796fa44335858360031b778c5867b1c4c3fe
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Sun Aug 1 11:06:18 2010 +0200
s4:subtree_rename LDB module - rename "check_system_flags" into "check_constraints" and perform more checks
Always considering MS-ADTS 3.1.1.5.4.1.2.
commit 2e66033ab93ed036289892bd3718839472b3f27f
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Sun Aug 1 11:05:26 2010 +0200
s4:subtree_rename LDB module - introduce out of memory checks
-----------------------------------------------------------------------
Summary of changes:
source4/dsdb/samdb/ldb_modules/subtree_rename.c | 56 +++++++++++++++++++----
source4/dsdb/tests/python/ldap.py | 8 +++
2 files changed, 55 insertions(+), 9 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/dsdb/samdb/ldb_modules/subtree_rename.c b/source4/dsdb/samdb/ldb_modules/subtree_rename.c
index 590f6f7..ef27eca 100644
--- a/source4/dsdb/samdb/ldb_modules/subtree_rename.c
+++ b/source4/dsdb/samdb/ldb_modules/subtree_rename.c
@@ -141,9 +141,9 @@ static int subtree_rename_next_request(struct subtree_rename_context *ac)
return ldb_next_request(ac->module, req);
}
-static int check_system_flags(struct ldb_message *msg,
- struct subtree_rename_context *ac,
- struct ldb_dn *olddn, struct ldb_dn *newdn)
+static int check_constraints(struct ldb_message *msg,
+ struct subtree_rename_context *ac,
+ struct ldb_dn *olddn, struct ldb_dn *newdn)
{
struct ldb_context *ldb = ldb_module_get_ctx(ac->module);
struct ldb_dn *dn1, *dn2;
@@ -155,8 +155,43 @@ static int check_system_flags(struct ldb_message *msg,
return LDB_SUCCESS;
}
+ /* Objects under CN=System */
+
+ dn1 = ldb_dn_copy(ac, ldb_get_default_basedn(ldb));
+ if (dn1 == NULL) return ldb_oom(ldb);
+
+ if ( ! ldb_dn_add_child_fmt(dn1, "CN=System")) {
+ talloc_free(dn1);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ if ((ldb_dn_compare_base(dn1, olddn) == 0) &&
+ (ldb_dn_compare_base(dn1, newdn) != 0)) {
+ talloc_free(dn1);
+ ldb_asprintf_errstring(ldb,
+ "subtree_rename: Cannot move/rename %s. Objects under CN=System have to stay under it!",
+ ldb_dn_get_linearized(olddn));
+ return LDB_ERR_OTHER;
+ }
+
+ talloc_free(dn1);
+
+ /* LSA objects */
+
+ if ((samdb_find_attribute(ldb, msg, "objectClass", "secret") != NULL) ||
+ (samdb_find_attribute(ldb, msg, "objectClass", "trustedDomain") != NULL)) {
+ ldb_asprintf_errstring(ldb,
+ "subtree_rename: Cannot move/rename %s. It's an LSA-specific object!",
+ ldb_dn_get_linearized(olddn));
+ return LDB_ERR_UNWILLING_TO_PERFORM;
+ }
+
+ /* systemFlags */
+
dn1 = ldb_dn_get_parent(ac, olddn);
+ if (dn1 == NULL) return ldb_oom(ldb);
dn2 = ldb_dn_get_parent(ac, newdn);
+ if (dn2 == NULL) return ldb_oom(ldb);
if (ldb_dn_compare(dn1, dn2) == 0) {
rename_op = true;
@@ -184,7 +219,9 @@ static int check_system_flags(struct ldb_message *msg,
if (limited_move) {
dn1 = ldb_dn_copy(ac, olddn);
+ if (dn1 == NULL) return ldb_oom(ldb);
dn2 = ldb_dn_copy(ac, newdn);
+ if (dn2 == NULL) return ldb_oom(ldb);
limited_move &= ldb_dn_remove_child_components(dn1, 3);
limited_move &= ldb_dn_remove_child_components(dn2, 3);
@@ -269,9 +306,9 @@ static int subtree_rename_search_callback(struct ldb_request *req,
/* this was already stored by the
* subtree_rename_search() */
- ret = check_system_flags(ares->message, ac,
- ac->list->olddn,
- ac->list->newdn);
+ ret = check_constraints(ares->message, ac,
+ ac->list->olddn,
+ ac->list->newdn);
if (ret != LDB_SUCCESS) {
return ldb_module_done(ac->req, NULL, NULL,
ret);
@@ -304,8 +341,8 @@ static int subtree_rename_search_callback(struct ldb_request *req,
LDB_ERR_OPERATIONS_ERROR);
}
- ret = check_system_flags(ares->message, ac,
- store->olddn, store->newdn);
+ ret = check_constraints(ares->message, ac,
+ store->olddn, store->newdn);
if (ret != LDB_SUCCESS) {
return ldb_module_done(ac->req, NULL, NULL, ret);
}
@@ -338,7 +375,8 @@ static int subtree_rename_search_callback(struct ldb_request *req,
static int subtree_rename(struct ldb_module *module, struct ldb_request *req)
{
struct ldb_context *ldb;
- static const char * const attrs[] = { "systemFlags", NULL };
+ static const char * const attrs[] = { "objectClass", "systemFlags",
+ NULL };
struct ldb_request *search_req;
struct subtree_rename_context *ac;
int ret;
diff --git a/source4/dsdb/tests/python/ldap.py b/source4/dsdb/tests/python/ldap.py
index 9911d5d..b48ee26 100755
--- a/source4/dsdb/tests/python/ldap.py
+++ b/source4/dsdb/tests/python/ldap.py
@@ -937,6 +937,14 @@ objectClass: container
except LdbError, (num, _):
self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
+ # Performs some other constraints testing
+
+ try:
+ ldb.rename("CN=Policies,CN=System," + self.base_dn, "CN=Users2," + self.base_dn)
+ self.fail()
+ except LdbError, (num, _):
+ self.assertEquals(num, ERR_OTHER)
+
def test_rename_twice(self):
"""Tests the rename operation twice - this corresponds to a past bug"""
print "Tests the rename twice operation"""
--
Samba Shared Repository
More information about the samba-cvs
mailing list