[SCM] Samba Shared Repository - branch master updated
Matthias Dieter Wallnöfer
mdw at samba.org
Wed Nov 3 10:21:01 MDT 2010
The branch, master has been updated
via 9d4eeae s4:objectclass LDB module - the structural objectclass has always to be specified
via d873fb7 s4:objectclass_attrs LDB module - refactor the "dSHeuristics" checker
via b841d12 s4:objectclass_attrs LDB module - simplify the invoke of the "dSHeuristics" checker
from 3f43809 s4-tests: Tests for the dSHeuristics attribute value restrictions
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 9d4eeaeb194d071f02b19aaca3ad1b89d81d3637
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Mon Nov 1 15:23:48 2010 +0100
s4:objectclass LDB module - the structural objectclass has always to be specified
Autobuild-User: Matthias Dieter Wallnöfer <mdw at samba.org>
Autobuild-Date: Wed Nov 3 16:20:55 UTC 2010 on sn-devel-104
commit d873fb72bc3f7b410a66f98b5045101292718717
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Wed Nov 3 16:25:17 2010 +0100
s4:objectclass_attrs LDB module - refactor the "dSHeuristics" checker
The checks are done when there are more than 0 values. The other checks should
be performed by the other parts of the module.
commit b841d12a138a4b9a73f159a7056b0efd64de1289
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Wed Nov 3 16:21:37 2010 +0100
s4:objectclass_attrs LDB module - simplify the invoke of the "dSHeuristics" checker
It's always invoked on add and modify operations.
-----------------------------------------------------------------------
Summary of changes:
source4/dsdb/samdb/ldb_modules/objectclass.c | 6 ++++
source4/dsdb/samdb/ldb_modules/objectclass_attrs.c | 28 +++++++++----------
source4/dsdb/tests/python/ldap.py | 19 +++++++++++++
3 files changed, 38 insertions(+), 15 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c
index 474e848..9483d3e 100644
--- a/source4/dsdb/samdb/ldb_modules/objectclass.c
+++ b/source4/dsdb/samdb/ldb_modules/objectclass.c
@@ -518,6 +518,12 @@ static int objectclass_do_add(struct oc_context *ac)
talloc_free(mem_ctx);
return LDB_ERR_OBJECT_CLASS_VIOLATION;
}
+ if (objectclass_element->num_values == 0) {
+ ldb_asprintf_errstring(ldb, "objectclass: Cannot add %s, at least one (structural) objectclass has to be specified!",
+ ldb_dn_get_linearized(msg->dn));
+ talloc_free(mem_ctx);
+ return LDB_ERR_CONSTRAINT_VIOLATION;
+ }
/* Here we do now get the "objectClass" list from the
* database. */
diff --git a/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c b/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c
index 120357c..bd4e0be 100644
--- a/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c
+++ b/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c
@@ -72,21 +72,18 @@ static int oc_op_callback(struct ldb_request *req, struct ldb_reply *ares);
/* checks correctness of dSHeuristics attribute
* as described in MS-ADTS 7.1.1.2.4.1.2 dSHeuristics */
-
static int oc_validate_dsheuristics(struct ldb_message_element *el)
{
- if (LDB_FLAG_MOD_TYPE(el->flags) == LDB_FLAG_MOD_DELETE ||
- el->num_values < 1) {
- return LDB_SUCCESS;
- }
- if (el->values[0].length > DS_HR_LDAP_BYPASS_UPPER_LIMIT_BOUNDS) {
- return LDB_ERR_CONSTRAINT_VIOLATION;
- } else if (el->values[0].length >= DS_HR_TENTH_CHAR
- && el->values[0].data[DS_HR_TENTH_CHAR-1] != '1') {
- return LDB_ERR_CONSTRAINT_VIOLATION;
- } else {
- return LDB_SUCCESS;
+ if (el->num_values > 0) {
+ if (el->values[0].length > DS_HR_LDAP_BYPASS_UPPER_LIMIT_BOUNDS) {
+ return LDB_ERR_CONSTRAINT_VIOLATION;
+ } else if (el->values[0].length >= DS_HR_TENTH_CHAR
+ && el->values[0].data[DS_HR_TENTH_CHAR-1] != '1') {
+ return LDB_ERR_CONSTRAINT_VIOLATION;
+ }
}
+
+ return LDB_SUCCESS;
}
static int attr_handler(struct oc_context *ac)
@@ -200,14 +197,15 @@ static int attr_handler(struct oc_context *ac)
talloc_free(res);
}
}
-/* dSHeuristics syntax check */
- if ((ac->req->operation == LDB_ADD || ac->req->operation == LDB_MODIFY) &&
- (ldb_attr_cmp(attr->lDAPDisplayName, "dSHeuristics") == 0)) {
+
+ /* "dSHeuristics" syntax check */
+ if (ldb_attr_cmp(attr->lDAPDisplayName, "dSHeuristics") == 0) {
ret = oc_validate_dsheuristics(&(msg->elements[i]));
if (ret != LDB_SUCCESS) {
return ret;
}
}
+
/* Substitute the attribute name to match in case */
msg->elements[i].name = attr->lDAPDisplayName;
}
diff --git a/source4/dsdb/tests/python/ldap.py b/source4/dsdb/tests/python/ldap.py
index e8bc625..36c12a2 100755
--- a/source4/dsdb/tests/python/ldap.py
+++ b/source4/dsdb/tests/python/ldap.py
@@ -152,6 +152,15 @@ class BasicTests(unittest.TestCase):
try:
self.ldb.add({
"dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+ "objectClass": [] })
+ self.fail()
+ except LdbError, (num, _):
+ self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
+
+ # Invalid objectclass specified
+ try:
+ self.ldb.add({
+ "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
"objectClass": "X" })
self.fail()
except LdbError, (num, _):
@@ -304,6 +313,16 @@ class BasicTests(unittest.TestCase):
except LdbError, (num, _):
self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION)
+ # We cannot remove all object classes by an empty replace
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+ m["objectClass"] = MessageElement([], FLAG_MOD_REPLACE, "objectClass")
+ try:
+ ldb.modify(m)
+ self.fail()
+ except LdbError, (num, _):
+ self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION)
+
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement(["top", "computer"], FLAG_MOD_REPLACE,
--
Samba Shared Repository
More information about the samba-cvs
mailing list