[SCM] Samba Shared Repository - branch master updated

Matthias Dieter Wallnöfer mdw at samba.org
Wed Nov 3 10:21:01 MDT 2010


The branch, master has been updated
       via  9d4eeae s4:objectclass LDB module - the structural objectclass has always to be specified
       via  d873fb7 s4:objectclass_attrs LDB module - refactor the "dSHeuristics" checker
       via  b841d12 s4:objectclass_attrs LDB module - simplify the invoke of the "dSHeuristics" checker
      from  3f43809 s4-tests: Tests for the dSHeuristics attribute value restrictions

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 9d4eeaeb194d071f02b19aaca3ad1b89d81d3637
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date:   Mon Nov 1 15:23:48 2010 +0100

    s4:objectclass LDB module - the structural objectclass has always to be specified
    
    Autobuild-User: Matthias Dieter Wallnöfer <mdw at samba.org>
    Autobuild-Date: Wed Nov  3 16:20:55 UTC 2010 on sn-devel-104

commit d873fb72bc3f7b410a66f98b5045101292718717
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date:   Wed Nov 3 16:25:17 2010 +0100

    s4:objectclass_attrs LDB module - refactor the "dSHeuristics" checker
    
    The checks are done when there are more than 0 values. The other checks should
    be performed by the other parts of the module.

commit b841d12a138a4b9a73f159a7056b0efd64de1289
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date:   Wed Nov 3 16:21:37 2010 +0100

    s4:objectclass_attrs LDB module - simplify the invoke of the "dSHeuristics" checker
    
    It's always invoked on add and modify operations.

-----------------------------------------------------------------------

Summary of changes:
 source4/dsdb/samdb/ldb_modules/objectclass.c       |    6 ++++
 source4/dsdb/samdb/ldb_modules/objectclass_attrs.c |   28 +++++++++----------
 source4/dsdb/tests/python/ldap.py                  |   19 +++++++++++++
 3 files changed, 38 insertions(+), 15 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c
index 474e848..9483d3e 100644
--- a/source4/dsdb/samdb/ldb_modules/objectclass.c
+++ b/source4/dsdb/samdb/ldb_modules/objectclass.c
@@ -518,6 +518,12 @@ static int objectclass_do_add(struct oc_context *ac)
 			talloc_free(mem_ctx);
 			return LDB_ERR_OBJECT_CLASS_VIOLATION;
 		}
+		if (objectclass_element->num_values == 0) {
+			ldb_asprintf_errstring(ldb, "objectclass: Cannot add %s, at least one (structural) objectclass has to be specified!",
+					       ldb_dn_get_linearized(msg->dn));
+			talloc_free(mem_ctx);
+			return LDB_ERR_CONSTRAINT_VIOLATION;
+		}
 
 		/* Here we do now get the "objectClass" list from the
 		 * database. */
diff --git a/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c b/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c
index 120357c..bd4e0be 100644
--- a/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c
+++ b/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c
@@ -72,21 +72,18 @@ static int oc_op_callback(struct ldb_request *req, struct ldb_reply *ares);
 
 /* checks correctness of dSHeuristics attribute
  * as described in MS-ADTS 7.1.1.2.4.1.2 dSHeuristics */
-
 static int oc_validate_dsheuristics(struct ldb_message_element *el)
 {
-	if (LDB_FLAG_MOD_TYPE(el->flags) == LDB_FLAG_MOD_DELETE ||
-	    el->num_values < 1) {
-		return LDB_SUCCESS;
-	}
-	if (el->values[0].length > DS_HR_LDAP_BYPASS_UPPER_LIMIT_BOUNDS) {
-		return LDB_ERR_CONSTRAINT_VIOLATION;
-	} else if (el->values[0].length >= DS_HR_TENTH_CHAR
-		   && el->values[0].data[DS_HR_TENTH_CHAR-1] != '1') {
-		return LDB_ERR_CONSTRAINT_VIOLATION;
-	} else {
-		return LDB_SUCCESS;
+	if (el->num_values > 0) {
+		if (el->values[0].length > DS_HR_LDAP_BYPASS_UPPER_LIMIT_BOUNDS) {
+			return LDB_ERR_CONSTRAINT_VIOLATION;
+		} else if (el->values[0].length >= DS_HR_TENTH_CHAR
+			   && el->values[0].data[DS_HR_TENTH_CHAR-1] != '1') {
+			return LDB_ERR_CONSTRAINT_VIOLATION;
+		}
 	}
+
+	return LDB_SUCCESS;
 }
 
 static int attr_handler(struct oc_context *ac)
@@ -200,14 +197,15 @@ static int attr_handler(struct oc_context *ac)
 				talloc_free(res);
 			}
 		}
-/* dSHeuristics syntax check */
-		if ((ac->req->operation == LDB_ADD || ac->req->operation == LDB_MODIFY) &&
-		    (ldb_attr_cmp(attr->lDAPDisplayName, "dSHeuristics") == 0)) {
+
+		/* "dSHeuristics" syntax check */
+		if (ldb_attr_cmp(attr->lDAPDisplayName, "dSHeuristics") == 0) {
 			ret = oc_validate_dsheuristics(&(msg->elements[i]));
 			if (ret != LDB_SUCCESS) {
 				return ret;
 			}
 		}
+
 		/* Substitute the attribute name to match in case */
 		msg->elements[i].name = attr->lDAPDisplayName;
 	}
diff --git a/source4/dsdb/tests/python/ldap.py b/source4/dsdb/tests/python/ldap.py
index e8bc625..36c12a2 100755
--- a/source4/dsdb/tests/python/ldap.py
+++ b/source4/dsdb/tests/python/ldap.py
@@ -152,6 +152,15 @@ class BasicTests(unittest.TestCase):
         try:
             self.ldb.add({
                 "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+                "objectClass": [] })
+            self.fail()
+        except LdbError, (num, _):
+            self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
+
+        # Invalid objectclass specified
+        try:
+            self.ldb.add({
+                "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
                 "objectClass": "X" })
             self.fail()
         except LdbError, (num, _):
@@ -304,6 +313,16 @@ class BasicTests(unittest.TestCase):
         except LdbError, (num, _):
             self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION)
 
+        # We cannot remove all object classes by an empty replace
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["objectClass"] = MessageElement([], FLAG_MOD_REPLACE, "objectClass")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError, (num, _):
+            self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION)
+
         m = Message()
         m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
         m["objectClass"] = MessageElement(["top", "computer"], FLAG_MOD_REPLACE,


-- 
Samba Shared Repository


More information about the samba-cvs mailing list