[SCM] Samba Shared Repository - branch master updated

Nadezhda Ivanova nivanova at samba.org
Wed Nov 3 07:59:02 MDT 2010


The branch, master has been updated
       via  3f43809 s4-tests: Tests for the dSHeuristics attribute value restrictions
       via  b6fe5cd s4-dsdb: Implemented value restrictions for the dSHeuristics attribute
      from  80c3364 s3: Fix a getgrent crash with many groups

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 3f4380993e75774c0c5d30171097f701b4227db7
Author: Nadezhda Ivanova <nivanova at samba.org>
Date:   Wed Nov 3 15:15:02 2010 +0200

    s4-tests: Tests for the dSHeuristics attribute value restrictions
    
    Autobuild-User: Nadezhda Ivanova <nivanova at samba.org>
    Autobuild-Date: Wed Nov  3 13:58:42 UTC 2010 on sn-devel-104

commit b6fe5cdfdd83319b894eeeecbc2abf40c56c33ba
Author: Nadezhda Ivanova <nivanova at samba.org>
Date:   Wed Nov 3 15:14:06 2010 +0200

    s4-dsdb: Implemented value restrictions for the dSHeuristics attribute

-----------------------------------------------------------------------

Summary of changes:
 source4/dsdb/samdb/ldb_modules/objectclass_attrs.c |   28 +++++++++++++-
 source4/dsdb/tests/python/ldap.py                  |   41 ++++++++++++++++++++
 2 files changed, 68 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c b/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c
index cb4f7d9..120357c 100644
--- a/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c
+++ b/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c
@@ -70,6 +70,25 @@ static struct oc_context *oc_init_context(struct ldb_module *module,
 
 static int oc_op_callback(struct ldb_request *req, struct ldb_reply *ares);
 
+/* checks correctness of dSHeuristics attribute
+ * as described in MS-ADTS 7.1.1.2.4.1.2 dSHeuristics */
+
+static int oc_validate_dsheuristics(struct ldb_message_element *el)
+{
+	if (LDB_FLAG_MOD_TYPE(el->flags) == LDB_FLAG_MOD_DELETE ||
+	    el->num_values < 1) {
+		return LDB_SUCCESS;
+	}
+	if (el->values[0].length > DS_HR_LDAP_BYPASS_UPPER_LIMIT_BOUNDS) {
+		return LDB_ERR_CONSTRAINT_VIOLATION;
+	} else if (el->values[0].length >= DS_HR_TENTH_CHAR
+		   && el->values[0].data[DS_HR_TENTH_CHAR-1] != '1') {
+		return LDB_ERR_CONSTRAINT_VIOLATION;
+	} else {
+		return LDB_SUCCESS;
+	}
+}
+
 static int attr_handler(struct oc_context *ac)
 {
 	struct ldb_context *ldb;
@@ -181,7 +200,14 @@ static int attr_handler(struct oc_context *ac)
 				talloc_free(res);
 			}
 		}
-
+/* dSHeuristics syntax check */
+		if ((ac->req->operation == LDB_ADD || ac->req->operation == LDB_MODIFY) &&
+		    (ldb_attr_cmp(attr->lDAPDisplayName, "dSHeuristics") == 0)) {
+			ret = oc_validate_dsheuristics(&(msg->elements[i]));
+			if (ret != LDB_SUCCESS) {
+				return ret;
+			}
+		}
 		/* Substitute the attribute name to match in case */
 		msg->elements[i].name = attr->lDAPDisplayName;
 	}
diff --git a/source4/dsdb/tests/python/ldap.py b/source4/dsdb/tests/python/ldap.py
index d698243..e8bc625 100755
--- a/source4/dsdb/tests/python/ldap.py
+++ b/source4/dsdb/tests/python/ldap.py
@@ -89,6 +89,17 @@ class BasicTests(unittest.TestCase):
         res = self.ldb.search(base=self.base_dn, expression="(objectClass=*)", scope=SCOPE_BASE)
         return ndr_unpack( security.dom_sid,res[0]["objectSid"][0])
 
+    def set_dsheuristics(self, dsheuristics):
+        m = Message()
+        m.dn = Dn(self.ldb, "CN=Directory Service, CN=Windows NT, CN=Services, "
+                  + self.configuration_dn)
+        if dsheuristics is not None:
+            m["dSHeuristics"] = MessageElement(dsheuristics, FLAG_MOD_REPLACE,
+                                               "dSHeuristics")
+        else:
+            m["dSHeuristics"] = MessageElement([], FLAG_MOD_DELETE, "dsHeuristics")
+        self.ldb.modify(m)
+
     def setUp(self):
         super(BasicTests, self).setUp()
         self.ldb = ldb
@@ -2471,6 +2482,36 @@ nTSecurityDescriptor:: """ + desc_base64
         finally:
             self.delete_force(self.ldb, user_dn)
 
+    def test_dsheuristics(self):
+        """Tests the 'dSHeuristics' attribute"""
+        print "Tests the 'dSHeuristics' attribute"""
+
+        # Get the current value to restore it later
+        res = self.ldb.search("CN=Directory Service, CN=Windows NT, CN=Services, "
+                              + self.configuration_dn, scope=SCOPE_BASE, attrs=["dSHeuristics"])
+        if "dSHeuristics" in res[0]:
+            dsheuristics = res[0]["dSHeuristics"][0]
+        else:
+            dsheuristics = None
+        # Should not be longer than 18 chars?
+        try:
+            self.set_dsheuristics("123ABC-+!1asdfg@#^12")
+        except LdbError, (num, _):
+            self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
+        # If it is >= 10 chars, tenthChar should be 1
+        try:
+            self.set_dsheuristics("00020000000002")
+        except LdbError, (num, _):
+            self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
+        # apart from the above, all char values are accepted
+        self.set_dsheuristics("123ABC-+!1asdfg@#^")
+        res = self.ldb.search("CN=Directory Service, CN=Windows NT, CN=Services, "
+                              + self.configuration_dn, scope=SCOPE_BASE, attrs=["dSHeuristics"])
+        self.assertTrue("dSHeuristics" in res[0])
+        self.assertEquals(res[0]["dSHeuristics"][0], "123ABC-+!1asdfg@#^")
+        # restore old value
+        self.set_dsheuristics(dsheuristics)
+
 
 class BaseDnTests(unittest.TestCase):
 


-- 
Samba Shared Repository


More information about the samba-cvs mailing list