[SCM] Samba Shared Repository - branch master updated
Nadezhda Ivanova
nivanova at samba.org
Wed Nov 3 07:59:02 MDT 2010
The branch, master has been updated
via 3f43809 s4-tests: Tests for the dSHeuristics attribute value restrictions
via b6fe5cd s4-dsdb: Implemented value restrictions for the dSHeuristics attribute
from 80c3364 s3: Fix a getgrent crash with many groups
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 3f4380993e75774c0c5d30171097f701b4227db7
Author: Nadezhda Ivanova <nivanova at samba.org>
Date: Wed Nov 3 15:15:02 2010 +0200
s4-tests: Tests for the dSHeuristics attribute value restrictions
Autobuild-User: Nadezhda Ivanova <nivanova at samba.org>
Autobuild-Date: Wed Nov 3 13:58:42 UTC 2010 on sn-devel-104
commit b6fe5cdfdd83319b894eeeecbc2abf40c56c33ba
Author: Nadezhda Ivanova <nivanova at samba.org>
Date: Wed Nov 3 15:14:06 2010 +0200
s4-dsdb: Implemented value restrictions for the dSHeuristics attribute
-----------------------------------------------------------------------
Summary of changes:
source4/dsdb/samdb/ldb_modules/objectclass_attrs.c | 28 +++++++++++++-
source4/dsdb/tests/python/ldap.py | 41 ++++++++++++++++++++
2 files changed, 68 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c b/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c
index cb4f7d9..120357c 100644
--- a/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c
+++ b/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c
@@ -70,6 +70,25 @@ static struct oc_context *oc_init_context(struct ldb_module *module,
static int oc_op_callback(struct ldb_request *req, struct ldb_reply *ares);
+/* checks correctness of dSHeuristics attribute
+ * as described in MS-ADTS 7.1.1.2.4.1.2 dSHeuristics */
+
+static int oc_validate_dsheuristics(struct ldb_message_element *el)
+{
+ if (LDB_FLAG_MOD_TYPE(el->flags) == LDB_FLAG_MOD_DELETE ||
+ el->num_values < 1) {
+ return LDB_SUCCESS;
+ }
+ if (el->values[0].length > DS_HR_LDAP_BYPASS_UPPER_LIMIT_BOUNDS) {
+ return LDB_ERR_CONSTRAINT_VIOLATION;
+ } else if (el->values[0].length >= DS_HR_TENTH_CHAR
+ && el->values[0].data[DS_HR_TENTH_CHAR-1] != '1') {
+ return LDB_ERR_CONSTRAINT_VIOLATION;
+ } else {
+ return LDB_SUCCESS;
+ }
+}
+
static int attr_handler(struct oc_context *ac)
{
struct ldb_context *ldb;
@@ -181,7 +200,14 @@ static int attr_handler(struct oc_context *ac)
talloc_free(res);
}
}
-
+/* dSHeuristics syntax check */
+ if ((ac->req->operation == LDB_ADD || ac->req->operation == LDB_MODIFY) &&
+ (ldb_attr_cmp(attr->lDAPDisplayName, "dSHeuristics") == 0)) {
+ ret = oc_validate_dsheuristics(&(msg->elements[i]));
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+ }
/* Substitute the attribute name to match in case */
msg->elements[i].name = attr->lDAPDisplayName;
}
diff --git a/source4/dsdb/tests/python/ldap.py b/source4/dsdb/tests/python/ldap.py
index d698243..e8bc625 100755
--- a/source4/dsdb/tests/python/ldap.py
+++ b/source4/dsdb/tests/python/ldap.py
@@ -89,6 +89,17 @@ class BasicTests(unittest.TestCase):
res = self.ldb.search(base=self.base_dn, expression="(objectClass=*)", scope=SCOPE_BASE)
return ndr_unpack( security.dom_sid,res[0]["objectSid"][0])
+ def set_dsheuristics(self, dsheuristics):
+ m = Message()
+ m.dn = Dn(self.ldb, "CN=Directory Service, CN=Windows NT, CN=Services, "
+ + self.configuration_dn)
+ if dsheuristics is not None:
+ m["dSHeuristics"] = MessageElement(dsheuristics, FLAG_MOD_REPLACE,
+ "dSHeuristics")
+ else:
+ m["dSHeuristics"] = MessageElement([], FLAG_MOD_DELETE, "dsHeuristics")
+ self.ldb.modify(m)
+
def setUp(self):
super(BasicTests, self).setUp()
self.ldb = ldb
@@ -2471,6 +2482,36 @@ nTSecurityDescriptor:: """ + desc_base64
finally:
self.delete_force(self.ldb, user_dn)
+ def test_dsheuristics(self):
+ """Tests the 'dSHeuristics' attribute"""
+ print "Tests the 'dSHeuristics' attribute"""
+
+ # Get the current value to restore it later
+ res = self.ldb.search("CN=Directory Service, CN=Windows NT, CN=Services, "
+ + self.configuration_dn, scope=SCOPE_BASE, attrs=["dSHeuristics"])
+ if "dSHeuristics" in res[0]:
+ dsheuristics = res[0]["dSHeuristics"][0]
+ else:
+ dsheuristics = None
+ # Should not be longer than 18 chars?
+ try:
+ self.set_dsheuristics("123ABC-+!1asdfg@#^12")
+ except LdbError, (num, _):
+ self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
+ # If it is >= 10 chars, tenthChar should be 1
+ try:
+ self.set_dsheuristics("00020000000002")
+ except LdbError, (num, _):
+ self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
+ # apart from the above, all char values are accepted
+ self.set_dsheuristics("123ABC-+!1asdfg@#^")
+ res = self.ldb.search("CN=Directory Service, CN=Windows NT, CN=Services, "
+ + self.configuration_dn, scope=SCOPE_BASE, attrs=["dSHeuristics"])
+ self.assertTrue("dSHeuristics" in res[0])
+ self.assertEquals(res[0]["dSHeuristics"][0], "123ABC-+!1asdfg@#^")
+ # restore old value
+ self.set_dsheuristics(dsheuristics)
+
class BaseDnTests(unittest.TestCase):
--
Samba Shared Repository
More information about the samba-cvs
mailing list