[SCM] Samba Shared Repository - branch master updated

Andrew Bartlett abartlet at samba.org
Tue Mar 16 02:26:44 MDT 2010


The branch, master has been updated
       via  e3cb626... s4:dsdb Show more detail in failure to compute the aggregate DN.
       via  2de0776... s4:dsdb Change dsdb_get_schema() callers to use new talloc argument
       via  bf0b4d7... s4:dsdb Fix warnings in DEBUG() by casting to unsigned long int
       via  a7ec946... s4:dsdb/acl Reduce calls to dsdb_get_schema() and add memory context
       via  1e6fee4... s4:dsdb Add a memory context for dsdb_get_schema()
       via  c874b9f... s4:dsdb Don't error out if we can't get the Aggregate schema DN yet
      from  19aa075... s4:registry - check also for other registry value types in the generic test

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit e3cb626c61515a9c372352843fafc368ffc6e871
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Tue Mar 16 14:56:32 2010 +1100

    s4:dsdb Show more detail in failure to compute the aggregate DN.
    
    Andrew Bartlett

commit 2de07761e071ccf09c0ea9e0fdc6a61303356549
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Tue Mar 16 14:52:39 2010 +1100

    s4:dsdb Change dsdb_get_schema() callers to use new talloc argument
    
    This choses an appropriate talloc context to attach the schema too,
    long enough lived to ensure it does not go away before the operation
    compleates.
    
    Andrew Bartlett

commit bf0b4d7ee3f52f77d706ccea12abb2f033b4abd9
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Tue Mar 16 14:46:31 2010 +1100

    s4:dsdb Fix warnings in DEBUG() by casting to unsigned long int

commit a7ec946cedf29ad8a88fcd0b253468b61f369d86
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Tue Mar 16 14:43:33 2010 +1100

    s4:dsdb/acl Reduce calls to dsdb_get_schema() and add memory context
    
    dsdb_get_schema() isn't a very cheap call, due to the use of LDB
    opaque pointers.  We need to call it less, and instead pass it as a
    parameter where possible.
    
    This also changes to the new API with a talloc context.
    
    Andrew Bartlett

commit 1e6fee4185b726e532c98e0feec1121d59f734c5
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Tue Mar 16 14:41:51 2010 +1100

    s4:dsdb Add a memory context for dsdb_get_schema()
    
    When specified, we talloc_reference onto this context to ensure that
    pointers found in it are valid for the life of the objects they are
    placed into.  (Such as the string form of LDAP attributes).
    
    Andrew Bartlett

commit c874b9f42eebacd9ad6baa90309635db8b8ec3fb
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Tue Mar 16 14:40:15 2010 +1100

    s4:dsdb Don't error out if we can't get the Aggregate schema DN yet
    
    It's easier to just set it up when we can, then to deal with the
    ordering issues in ldb startup.  As long as we have it ready if a real
    client ever asks for it, then we should be happy.
    
    Andrew Bartlett

-----------------------------------------------------------------------

Summary of changes:
 source4/dsdb/kcc/kcc_drs_replica_info.c            |   10 +++-
 source4/dsdb/repl/replicated_objects.c             |   30 +++++---
 source4/dsdb/samdb/ldb_modules/acl.c               |   70 +++++++++++++-------
 source4/dsdb/samdb/ldb_modules/anr.c               |    2 +-
 source4/dsdb/samdb/ldb_modules/descriptor.c        |    4 +-
 source4/dsdb/samdb/ldb_modules/extended_dn_out.c   |    4 +-
 source4/dsdb/samdb/ldb_modules/extended_dn_store.c |    2 +-
 source4/dsdb/samdb/ldb_modules/kludge_acl.c        |    7 ++-
 source4/dsdb/samdb/ldb_modules/linked_attributes.c |    9 ++-
 source4/dsdb/samdb/ldb_modules/objectclass.c       |   13 +++-
 source4/dsdb/samdb/ldb_modules/operational.c       |   25 +++++---
 source4/dsdb/samdb/ldb_modules/repl_meta_data.c    |   36 ++++++++--
 source4/dsdb/samdb/ldb_modules/resolve_oids.c      |   20 +++++-
 source4/dsdb/samdb/ldb_modules/rootdse.c           |    2 +-
 source4/dsdb/samdb/ldb_modules/schema_data.c       |   14 +++--
 source4/dsdb/samdb/ldb_modules/schema_load.c       |    2 +-
 source4/dsdb/samdb/ldb_modules/validate_update.c   |    8 +-
 source4/dsdb/schema/schema_convert_to_ol.c         |    2 +-
 source4/dsdb/schema/schema_set.c                   |   12 +++-
 source4/dsdb/schema/tests/schema_syntax.c          |    2 +-
 source4/lib/ldb-samba/ldif_handlers.c              |    2 +-
 source4/libnet/libnet_vampire.c                    |    2 +-
 source4/rpc_server/drsuapi/getncchanges.c          |    4 +-
 source4/scripting/python/pyglue.c                  |    4 +-
 source4/torture/libnet/libnet_BecomeDC.c           |    6 +-
 source4/torture/rpc/dssync.c                       |    2 +-
 26 files changed, 201 insertions(+), 93 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/dsdb/kcc/kcc_drs_replica_info.c b/source4/dsdb/kcc/kcc_drs_replica_info.c
index c64753b..322ccc9 100644
--- a/source4/dsdb/kcc/kcc_drs_replica_info.c
+++ b/source4/dsdb/kcc/kcc_drs_replica_info.c
@@ -181,6 +181,8 @@ static WERROR kccdrs_replica_get_info_obj_metadata2(TALLOC_CTX *mem_ctx,
 	struct replPropertyMetaDataBlob omd_ctr;
 	struct replPropertyMetaData1 *attr;
 	struct drsuapi_DsReplicaObjMetaData2Ctr *metadata2;
+	const struct dsdb_schema *schema;
+
 	uint32_t i, j;
 
 	DEBUG(0, ("kccdrs_replica_get_info_obj_metadata2() called\n"));
@@ -196,6 +198,12 @@ static WERROR kccdrs_replica_get_info_obj_metadata2(TALLOC_CTX *mem_ctx,
 	status = get_repl_prop_metadata_ctr(mem_ctx, samdb, dn, &omd_ctr);
 	W_ERROR_NOT_OK_RETURN(status);
 
+	schema = dsdb_get_schema(samdb, reply);
+	if (!schema) {
+		DEBUG(0,(__location__": Failed to get the schema\n"));
+		return WERR_INTERNAL_ERROR;
+	}
+
 	reply->objmetadata2 = talloc_zero(mem_ctx, struct drsuapi_DsReplicaObjMetaData2Ctr);
 	W_ERROR_HAVE_NO_MEMORY(reply->objmetadata2);
 	metadata2 = reply->objmetadata2;
@@ -215,7 +223,7 @@ static WERROR kccdrs_replica_get_info_obj_metadata2(TALLOC_CTX *mem_ctx,
 		/* get a reference to the attribute on 'omd_ctr' */
 		attr = &omd_ctr.ctr.ctr1.array[j];
 
-		schema_attr = dsdb_attribute_by_attributeID_id(dsdb_get_schema(samdb), attr->attid);
+		schema_attr = dsdb_attribute_by_attributeID_id(schema, attr->attid);
 
 		DEBUG(0, ("attribute_id = %d, attribute_name: %s\n", attr->attid, schema_attr->lDAPDisplayName));
 
diff --git a/source4/dsdb/repl/replicated_objects.c b/source4/dsdb/repl/replicated_objects.c
index 4d500e9..5e69236 100644
--- a/source4/dsdb/repl/replicated_objects.c
+++ b/source4/dsdb/repl/replicated_objects.c
@@ -215,17 +215,22 @@ WERROR dsdb_extended_replicated_objects_convert(struct ldb_context *ldb,
 	const struct drsuapi_DsReplicaObjectListItemEx *cur;
 	uint32_t i;
 
-	schema = dsdb_get_schema(ldb);
+	out = talloc_zero(mem_ctx, struct dsdb_extended_replicated_objects);
+	W_ERROR_HAVE_NO_MEMORY(out);
+	out->version		= DSDB_EXTENDED_REPLICATED_OBJECTS_VERSION;
+
+	/* Get the schema, and ensure it's kept valid for as long as 'out' which may contain pointers to it */
+	schema = dsdb_get_schema(ldb, out);
 	if (!schema) {
+		talloc_free(out);
 		return WERR_DS_SCHEMA_NOT_LOADED;
 	}
 
 	status = dsdb_schema_pfm_contains_drsuapi_pfm(schema->prefixmap, mapping_ctr);
-	W_ERROR_NOT_OK_RETURN(status);
-
-	out = talloc_zero(mem_ctx, struct dsdb_extended_replicated_objects);
-	W_ERROR_HAVE_NO_MEMORY(out);
-	out->version		= DSDB_EXTENDED_REPLICATED_OBJECTS_VERSION;
+	if (!W_ERROR_IS_OK(status)) {
+		talloc_free(out);
+		return status;
+	}
 
 	out->partition_dn	= ldb_dn_new(out, ldb, partition_dn);
 	W_ERROR_HAVE_NO_MEMORY(out->partition_dn);
@@ -246,6 +251,7 @@ WERROR dsdb_extended_replicated_objects_convert(struct ldb_context *ldb,
 
 	for (i=0, cur = first_object; cur; cur = cur->next_object, i++) {
 		if (i == out->num_objects) {
+			talloc_free(out);
 			return WERR_FOOBAR;
 		}
 
@@ -253,11 +259,13 @@ WERROR dsdb_extended_replicated_objects_convert(struct ldb_context *ldb,
 						cur, gensec_skey,
 						out->objects, &out->objects[i]);
 		if (!W_ERROR_IS_OK(status)) {
+			talloc_free(out);
 			DEBUG(0,("Failed to convert object %s\n", cur->object.identifier->dn));
 			return status;
 		}
 	}
 	if (i != out->num_objects) {
+		talloc_free(out);
 		return WERR_FOOBAR;
 	}
 
@@ -402,11 +410,6 @@ WERROR dsdb_origin_objects_commit(struct ldb_context *ldb,
 	struct ldb_result *res;
 	int ret;
 
-	schema = dsdb_get_schema(ldb);
-	if (!schema) {
-		return WERR_DS_SCHEMA_NOT_LOADED;
-	}
-
 	for (cur = first_object; cur; cur = cur->next_object) {
 		num_objects++;
 	}
@@ -427,6 +430,11 @@ WERROR dsdb_origin_objects_commit(struct ldb_context *ldb,
 		goto cancel;
 	}
 
+	schema = dsdb_get_schema(ldb, objects);
+	if (!schema) {
+		return WERR_DS_SCHEMA_NOT_LOADED;
+	}
+
 	for (i=0, cur = first_object; cur; cur = cur->next_object, i++) {
 		status = dsdb_convert_object(ldb, schema,
 					     cur, objects, &objects[i]);
diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c
index b0c1e2f..e022706 100644
--- a/source4/dsdb/samdb/ldb_modules/acl.c
+++ b/source4/dsdb/samdb/ldb_modules/acl.c
@@ -61,6 +61,7 @@ struct acl_context {
 	bool allowedChildClassesEffective;
 	bool sDRightsEffective;
 	const char * const *attrs;
+	struct dsdb_schema *schema;
 };
 
 bool is_root_base_dn(struct ldb_context *ldb, struct ldb_dn *dn_to_check)
@@ -196,17 +197,17 @@ done:
 }
 
 static const struct GUID *get_oc_guid_from_message(struct ldb_module *module,
+						   const struct dsdb_schema *schema,
 						   struct ldb_message *msg)
 {
 	struct ldb_message_element *oc_el;
-	struct ldb_context *ldb = ldb_module_get_ctx(module);
 
 	oc_el = ldb_msg_find_element(msg, "objectClass");
 	if (!oc_el) {
 		return NULL;
 	}
 
-	return class_schemaid_guid_by_lDAPDisplayName(dsdb_get_schema(ldb),
+	return class_schemaid_guid_by_lDAPDisplayName(schema,
 						      (char *)oc_el->values[oc_el->num_values-1].data);
 }
 
@@ -264,6 +265,7 @@ fail:
 }
 
 static int acl_check_access_on_class(struct ldb_module *module,
+				     const struct dsdb_schema *schema,
 				     TALLOC_CTX *mem_ctx,
 				     struct security_descriptor *sd,
 				     struct dom_sid *rp_sid,
@@ -271,13 +273,11 @@ static int acl_check_access_on_class(struct ldb_module *module,
 				     const char *class_name)
 {
 	int ret;
-	struct ldb_context *ldb = ldb_module_get_ctx(module);
 	NTSTATUS status;
 	uint32_t access_granted;
 	struct object_tree *root = NULL;
 	struct object_tree *new_node = NULL;
 	const struct GUID *guid;
-	const struct dsdb_schema *schema = dsdb_get_schema(ldb);
 	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
 	struct security_token *token = acl_user_token(module);
 	if (class_name) {
@@ -311,20 +311,21 @@ fail:
 }
 
 static int acl_allowedAttributes(struct ldb_module *module,
+				 const struct dsdb_schema *schema,
 				 struct ldb_message *sd_msg,
 				 struct ldb_message *msg,
 				 struct acl_context *ac)
 {
 	struct ldb_message_element *oc_el;
 	struct ldb_context *ldb = ldb_module_get_ctx(module);
-	const struct dsdb_schema *schema = dsdb_get_schema(ldb);
 	TALLOC_CTX *mem_ctx;
 	const char **attr_list;
 	int i, ret;
 
 	/* If we don't have a schema yet, we can't do anything... */
 	if (schema == NULL) {
-		return LDB_SUCCESS;
+		ldb_asprintf_errstring(ldb, "cannot add allowedAttributes to %s because no schema is loaded", ldb_dn_get_linearized(msg->dn));
+		return LDB_ERR_OPERATIONS_ERROR;
 	}
 
 	/* Must remove any existing attribute */
@@ -405,20 +406,20 @@ static int acl_allowedAttributes(struct ldb_module *module,
 }
 
 static int acl_childClasses(struct ldb_module *module,
+			    const struct dsdb_schema *schema,
 			    struct ldb_message *sd_msg,
 			    struct ldb_message *msg,
 			    const char *attrName)
 {
 	struct ldb_message_element *oc_el;
 	struct ldb_message_element *allowedClasses;
-	struct ldb_context *ldb = ldb_module_get_ctx(module);
-	const struct dsdb_schema *schema = dsdb_get_schema(ldb);
 	const struct dsdb_class *sclass;
 	int i, j, ret;
 
 	/* If we don't have a schema yet, we can't do anything... */
 	if (schema == NULL) {
-		return LDB_SUCCESS;
+		ldb_asprintf_errstring(ldb_module_get_ctx(module), "cannot add childClassesEffective to %s because no schema is loaded", ldb_dn_get_linearized(msg->dn));
+		return LDB_ERR_OPERATIONS_ERROR;
 	}
 
 	/* Must remove any existing attribute, or else confusion reins */
@@ -458,14 +459,13 @@ static int acl_childClasses(struct ldb_module *module,
 }
 
 static int acl_childClassesEffective(struct ldb_module *module,
+				     const struct dsdb_schema *schema,
 				     struct ldb_message *sd_msg,
 				     struct ldb_message *msg,
 				     struct acl_context *ac)
 {
 	struct ldb_message_element *oc_el;
 	struct ldb_message_element *allowedClasses = NULL;
-	struct ldb_context *ldb = ldb_module_get_ctx(module);
-	const struct dsdb_schema *schema = dsdb_get_schema(ldb);
 	const struct dsdb_class *sclass;
 	struct security_descriptor *sd;
 	struct ldb_control *as_system = ldb_request_get_control(ac->req,
@@ -478,12 +478,13 @@ static int acl_childClassesEffective(struct ldb_module *module,
 	}
 
 	if (ac->am_system || as_system) {
-		return acl_childClasses(module, sd_msg, msg, "allowedChildClassesEffective");
+		return acl_childClasses(module, schema, sd_msg, msg, "allowedChildClassesEffective");
 	}
 
 	/* If we don't have a schema yet, we can't do anything... */
 	if (schema == NULL) {
-		return LDB_SUCCESS;
+		ldb_asprintf_errstring(ldb_module_get_ctx(module), "cannot add allowedChildClassesEffective to %s because no schema is loaded", ldb_dn_get_linearized(msg->dn));
+		return LDB_ERR_OPERATIONS_ERROR;
 	}
 
 	/* Must remove any existing attribute, or else confusion reins */
@@ -508,6 +509,7 @@ static int acl_childClassesEffective(struct ldb_module *module,
 
 		for (j=0; sclass->possibleInferiors && sclass->possibleInferiors[j]; j++) {
 			ret = acl_check_access_on_class(module,
+							schema,
 							msg,
 							sd,
 							sid,
@@ -613,6 +615,7 @@ static int acl_add(struct ldb_module *module, struct ldb_request *req)
 	int ret;
 	struct ldb_dn *parent = ldb_dn_get_parent(req, req->op.add.message->dn);
 	struct ldb_context *ldb;
+	const struct dsdb_schema *schema;
 	struct ldb_message_element *oc_el;
 	const struct GUID *guid;
 	struct ldb_control *as_system = ldb_request_get_control(req, LDB_CONTROL_AS_SYSTEM_OID);
@@ -637,13 +640,18 @@ static int acl_add(struct ldb_module *module, struct ldb_request *req)
 		return ldb_next_request(module, req);
 	}
 
+	schema = dsdb_get_schema(ldb, req);
+	if (!schema) {
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
 	oc_el = ldb_msg_find_element(req->op.add.message, "objectClass");
 	if (!oc_el || oc_el->num_values == 0) {
 		DEBUG(10,("acl:operation error %s\n", ldb_dn_get_linearized(req->op.add.message->dn)));
 		return ldb_module_done(req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR);
 	}
 
-	guid = class_schemaid_guid_by_lDAPDisplayName(dsdb_get_schema(ldb),
+	guid = class_schemaid_guid_by_lDAPDisplayName(schema,
 						      (char *)oc_el->values[oc_el->num_values-1].data);
 	ret = dsdb_module_check_access_on_dn(module, req, parent, SEC_ADS_CREATE_CHILD, guid);
 	if (ret != LDB_SUCCESS) {
@@ -656,7 +664,7 @@ static int acl_modify(struct ldb_module *module, struct ldb_request *req)
 {
 	int ret;
 	struct ldb_context *ldb = ldb_module_get_ctx(module);
-	const struct dsdb_schema *schema = dsdb_get_schema(ldb);
+	const struct dsdb_schema *schema;
 	unsigned int i;
 	bool modify_sd = false;
 	const struct GUID *guid;
@@ -698,6 +706,12 @@ static int acl_modify(struct ldb_module *module, struct ldb_request *req)
 		return ret;
 	}
 
+	schema = dsdb_get_schema(ldb, acl_res);
+	if (!schema) {
+		talloc_free(acl_res);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
 	ret = dsdb_get_sd_from_ldb_message(req, acl_res->msgs[0], &sd);
 	if (ret != LDB_SUCCESS) {
 		DEBUG(10, ("acl_modify: cannot get descriptor\n"));
@@ -708,7 +722,7 @@ static int acl_modify(struct ldb_module *module, struct ldb_request *req)
 		return LDB_SUCCESS;
 	}
 
-	guid = get_oc_guid_from_message(module,acl_res->msgs[0]);
+	guid = get_oc_guid_from_message(module, schema, acl_res->msgs[0]);
 	if (!guid) {
 		DEBUG(10, ("acl_modify: cannot get guid\n"));
 		goto fail;
@@ -852,6 +866,7 @@ static int acl_rename(struct ldb_module *module, struct ldb_request *req)
 	int ret;
 	struct ldb_dn *oldparent = ldb_dn_get_parent(req, req->op.rename.olddn);
 	struct ldb_dn *newparent = ldb_dn_get_parent(req, req->op.rename.newdn);
+	const struct dsdb_schema *schema;
 	struct ldb_context *ldb;
 	struct security_descriptor *sd = NULL;
 	struct dom_sid *sid = NULL;
@@ -893,13 +908,19 @@ static int acl_rename(struct ldb_module *module, struct ldb_request *req)
 		return ret;
 	}
 
-	guid = get_oc_guid_from_message(module,acl_res->msgs[0]);
+	schema = dsdb_get_schema(ldb, acl_res);
+	if (!schema) {
+		talloc_free(acl_res);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	guid = get_oc_guid_from_message(module, schema, acl_res->msgs[0]);
 	if (!insert_in_object_tree(tmp_ctx, guid, SEC_ADS_WRITE_PROP,
 				   &root, &new_node)) {
 		return LDB_ERR_OPERATIONS_ERROR;
 	};
 
-	guid = attribute_schemaid_guid_by_lDAPDisplayName(dsdb_get_schema(ldb),
+	guid = attribute_schemaid_guid_by_lDAPDisplayName(schema,
 							  "name");
 	if (!insert_in_object_tree(tmp_ctx, guid, SEC_ADS_WRITE_PROP,
 				   &new_node, &new_node)) {
@@ -910,7 +931,7 @@ static int acl_rename(struct ldb_module *module, struct ldb_request *req)
 	if (rdn_name == NULL) {
 		return LDB_ERR_OPERATIONS_ERROR;
 	}
-	guid = attribute_schemaid_guid_by_lDAPDisplayName(dsdb_get_schema(ldb),
+	guid = attribute_schemaid_guid_by_lDAPDisplayName(schema,
 							  rdn_name);
 	if (!insert_in_object_tree(tmp_ctx, guid, SEC_ADS_WRITE_PROP,
 				   &new_node, &new_node)) {
@@ -965,7 +986,7 @@ static int acl_rename(struct ldb_module *module, struct ldb_request *req)
 	tmp_ctx = talloc_new(req);
 	root = NULL;
 	new_node = NULL;
-	guid = get_oc_guid_from_message(module,acl_res->msgs[0]);
+	guid = get_oc_guid_from_message(module, schema, acl_res->msgs[0]);
 	if (!guid) {
 		DEBUG(10,("acl:renamed object has no object class\n"));
 		return ldb_module_done(req, NULL, NULL,  LDB_ERR_OPERATIONS_ERROR);
@@ -1036,27 +1057,27 @@ static int acl_search_callback(struct ldb_request *req, struct ldb_reply *ares)
 				return ldb_module_done(ac->req, NULL, NULL, ret);
 			}
 			if (ac->allowedAttributes || ac->allowedAttributesEffective) {
-				ret = acl_allowedAttributes(ac->module, acl_res->msgs[0], ares->message, ac);
+				ret = acl_allowedAttributes(ac->module, ac->schema, acl_res->msgs[0], ares->message, ac);
 				if (ret != LDB_SUCCESS) {
 					return ldb_module_done(ac->req, NULL, NULL, ret);
 				}
 			}
 			if (ac->allowedChildClasses) {
-				ret = acl_childClasses(ac->module, acl_res->msgs[0],
+				ret = acl_childClasses(ac->module, ac->schema, acl_res->msgs[0],
 						       ares->message, "allowedChildClasses");
 				if (ret != LDB_SUCCESS) {
 					return ldb_module_done(ac->req, NULL, NULL, ret);
 				}
 			}
 			if (ac->allowedChildClassesEffective) {
-				ret = acl_childClassesEffective(ac->module,
+				ret = acl_childClassesEffective(ac->module, ac->schema,
 								acl_res->msgs[0], ares->message, ac);
 				if (ret != LDB_SUCCESS) {
 					return ldb_module_done(ac->req, NULL, NULL, ret);
 				}
 			}
 			if (ac->sDRightsEffective) {
-				ret = acl_sDRightsEffective(ac->module,
+				ret = acl_sDRightsEffective(ac->module, 
 							    acl_res->msgs[0], ares->message, ac);
 				if (ret != LDB_SUCCESS) {
 					return ldb_module_done(ac->req, NULL, NULL, ret);
@@ -1108,6 +1129,7 @@ static int acl_search(struct ldb_module *module, struct ldb_request *req)
 	ac->allowedChildClasses = ldb_attr_in_list(req->op.search.attrs, "allowedChildClasses");
 	ac->allowedChildClassesEffective = ldb_attr_in_list(req->op.search.attrs, "allowedChildClassesEffective");
 	ac->sDRightsEffective = ldb_attr_in_list(req->op.search.attrs, "sDRightsEffective");
+	ac->schema = dsdb_get_schema(ldb, ac);
 
 	/* replace any attributes in the parse tree that are private,
 	   so we don't allow a search for 'userPassword=penguin',
diff --git a/source4/dsdb/samdb/ldb_modules/anr.c b/source4/dsdb/samdb/ldb_modules/anr.c
index dbd0838..8411d98 100644
--- a/source4/dsdb/samdb/ldb_modules/anr.c
+++ b/source4/dsdb/samdb/ldb_modules/anr.c
@@ -139,7 +139,7 @@ static int anr_replace_value(struct anr_context *ac,
 
 	ldb = ldb_module_get_ctx(module);
 
-	schema = dsdb_get_schema(ldb);
+	schema = dsdb_get_schema(ldb, ac);
 	if (!schema) {
 		ldb_asprintf_errstring(ldb, "no schema with which to construct anr filter");
 		return LDB_ERR_OPERATIONS_ERROR;
diff --git a/source4/dsdb/samdb/ldb_modules/descriptor.c b/source4/dsdb/samdb/ldb_modules/descriptor.c
index f07743c..efd331b 100644
--- a/source4/dsdb/samdb/ldb_modules/descriptor.c
+++ b/source4/dsdb/samdb/ldb_modules/descriptor.c
@@ -591,7 +591,7 @@ static int descriptor_do_mod(struct descriptor_context *ac)
 	uint32_t sd_flags = 0;
 
 	ldb = ldb_module_get_ctx(ac->module);
-	schema = dsdb_get_schema(ldb);
+	schema = dsdb_get_schema(ldb, ac);
 	msg = ldb_msg_copy_shallow(ac, ac->req->op.mod.message);
 	objectclass_element = ldb_msg_find_element(ac->search_oc_res->message, "objectClass");
 	objectclass = get_last_structural_class(schema, objectclass_element);
@@ -667,7 +667,7 @@ static int descriptor_do_add(struct descriptor_context *ac)
 	struct ldb_request *search_req;
 
 	ldb = ldb_module_get_ctx(ac->module);
-	schema = dsdb_get_schema(ldb);
+	schema = dsdb_get_schema(ldb, ac);
 	mem_ctx = talloc_new(ac);
 	if (mem_ctx == NULL) {
 		return LDB_ERR_OPERATIONS_ERROR;
diff --git a/source4/dsdb/samdb/ldb_modules/extended_dn_out.c b/source4/dsdb/samdb/ldb_modules/extended_dn_out.c
index c986f8f..b5f4567 100644
--- a/source4/dsdb/samdb/ldb_modules/extended_dn_out.c
+++ b/source4/dsdb/samdb/ldb_modules/extended_dn_out.c
@@ -592,7 +592,7 @@ static int extended_dn_out_search(struct ldb_module *module, struct ldb_request
 	}
 
 	ac->module = module;
-	ac->schema = dsdb_get_schema(ldb);
+	ac->schema = dsdb_get_schema(ldb, ac);
 	ac->req = req;
 	ac->inject = false;
 	ac->remove_guid = false;
@@ -786,7 +786,7 @@ static int extended_dn_out_dereference_init(struct ldb_module *module, const cha
 		return ret;
 	}
 
-	schema = dsdb_get_schema(ldb);
+	schema = dsdb_get_schema(ldb, p);
 	if (!schema) {
 		/* No schema on this DB (yet) */
 		return LDB_SUCCESS;
diff --git a/source4/dsdb/samdb/ldb_modules/extended_dn_store.c b/source4/dsdb/samdb/ldb_modules/extended_dn_store.c
index 3c4c171..731e4c3 100644
--- a/source4/dsdb/samdb/ldb_modules/extended_dn_store.c
+++ b/source4/dsdb/samdb/ldb_modules/extended_dn_store.c
@@ -78,7 +78,7 @@ static struct extended_dn_context *extended_dn_context_init(struct ldb_module *m
 		return NULL;
 	}
 
-	ac->schema = dsdb_get_schema(ldb_module_get_ctx(module));
+	ac->schema = dsdb_get_schema(ldb_module_get_ctx(module), ac);
 	ac->module = module;
 	ac->ldb = ldb;
 	ac->req = req;
diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c
index 3bdcaff..72863ad 100644
--- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c
+++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c
@@ -94,7 +94,8 @@ static int kludge_acl_allowedAttributes(struct ldb_context *ldb, struct ldb_mess
 {
 	struct ldb_message_element *oc_el;
 	struct ldb_message_element *allowedAttributes;
-	const struct dsdb_schema *schema = dsdb_get_schema(ldb);
+	/* We need to ensure that the strings returned are valid for as long as the msg is valid */
+	const struct dsdb_schema *schema = dsdb_get_schema(ldb, msg);
 	TALLOC_CTX *mem_ctx;
 	const char **attr_list;
 	unsigned int i;
@@ -143,7 +144,9 @@ static int kludge_acl_childClasses(struct ldb_context *ldb, struct ldb_message *
 {
 	struct ldb_message_element *oc_el;
 	struct ldb_message_element *allowedClasses;
-	const struct dsdb_schema *schema = dsdb_get_schema(ldb);
+
+	/* We need to ensure that the strings returned are valid for as long as the msg is valid */
+	const struct dsdb_schema *schema = dsdb_get_schema(ldb, msg);
 	const struct dsdb_class *sclass;
 	unsigned int i, j;
 	int ret;
diff --git a/source4/dsdb/samdb/ldb_modules/linked_attributes.c b/source4/dsdb/samdb/ldb_modules/linked_attributes.c
index 9bea7db..1e0a2b0 100644


-- 
Samba Shared Repository


More information about the samba-cvs mailing list