[SCM] Samba Shared Repository - branch master updated

Andrew Tridgell tridge at samba.org
Thu Nov 4 04:19:01 MDT 2010


The branch, master has been updated
       via  81e5321 s4-dsdb: use LDB_FLAG_MOD_REPLACE for isDeleted
       via  c5f07d3 s4-dsdb: use LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK in dsdb
       via  e606298 s4-ldb: implement LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK
       via  1ab7bd1 s4-ldb: don't load modules from the same directory twice
       via  6a22d89 s4-ldb: honor controls on search in ldbedit
       via  cf37c29 Move the checking of single valued attributes back into the tdb backend.
       via  f3ad867 s4-test: fixed quoting in deletetest.py
       via  003a36e s4-auth: unconditionally set previous_ev
      from  cb9fba1 debug: fixed default debug settings

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 81e5321f5e6bd2c60a6c6ce3850f98bc18458d44
Author: Andrew Tridgell <tridge at samba.org>
Date:   Thu Nov 4 20:34:37 2010 +1100

    s4-dsdb: use LDB_FLAG_MOD_REPLACE for isDeleted
    
    isDeleted could have been set to FALSE previously
    
    Autobuild-User: Andrew Tridgell <tridge at samba.org>
    Autobuild-Date: Thu Nov  4 10:18:10 UTC 2010 on sn-devel-104

commit c5f07d33ae72785877b4675aaaa1b446bed14ea4
Author: Andrew Tridgell <tridge at samba.org>
Date:   Thu Nov 4 20:33:31 2010 +1100

    s4-dsdb: use LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK in dsdb
    
    when we are creating linked attributes with multiple values (some
    deleted), use LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK to disable
    that checking.

commit e606298631d9e4659e677041095511c1c353a4b5
Author: Andrew Tridgell <tridge at samba.org>
Date:   Thu Nov 4 20:27:43 2010 +1100

    s4-ldb: implement LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK
    
    this disables the single value checking for one attribute. It is much
    more specific than a general RELAX control, and also more efficient. I
    think we should try to have more precise overrides like this, rather
    than using RELAX as a general purpose override

commit 1ab7bd1bfbfe5a27c91315d98c4e4949608d83e9
Author: Andrew Tridgell <tridge at samba.org>
Date:   Thu Nov 4 20:13:17 2010 +1100

    s4-ldb: don't load modules from the same directory twice
    
    this prevents samba dying if you do a 'make install' while it is
    running. Otherwise the make install changes the inode numbers of the
    modules in the modules directory, causing them to reload, which causes
    multiple modules of the same name to try and load

commit 6a22d8938c36de8e8a6e99eadca896bdb9802b1d
Author: Andrew Tridgell <tridge at samba.org>
Date:   Thu Nov 4 20:05:59 2010 +1100

    s4-ldb: honor controls on search in ldbedit

commit cf37c29cd009f9378ffa4d3ee54b38aef9fa066b
Author: Andrew Tridgell <tridge at samba.org>
Date:   Thu Nov 4 20:02:16 2010 +1100

    Move the checking of single valued attributes back into the tdb backend.
    
    The backend is the only place that can do this properly. It makes no
    sense to do it anywhere else. As a result of it moving out of the
    backend we ended up with some bugs causing multiple values in single
    valued attributes (eg. isDeleted), which can really damage the
    inregrity of the database.
    
    For the override of single valued values needed for deleted linked
    attributes we should use attribute flags.
    
    This reverts commit 1949864417f3d10fb8996df7db259649eb777271.

commit f3ad867ab57bfedada5e11cfaa15707f6a455d63
Author: Andrew Tridgell <tridge at samba.org>
Date:   Thu Nov 4 13:23:47 2010 +1100

    s4-test: fixed quoting in deletetest.py

commit 003a36eb5e677406c9f634c3fd66519b73dac487
Author: Andrew Tridgell <tridge at samba.org>
Date:   Thu Nov 4 12:52:08 2010 +1100

    s4-auth: unconditionally set previous_ev
    
    we need the caller to know when the previous_ev was NULL
    
    Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 source4/auth/kerberos/krb5_init_context.c          |    4 +-
 source4/dsdb/samdb/ldb_modules/linked_attributes.c |    6 ++-
 source4/dsdb/samdb/ldb_modules/objectclass_attrs.c |   12 ----
 source4/dsdb/samdb/ldb_modules/repl_meta_data.c    |    6 +-
 source4/lib/ldb/common/ldb_modules.c               |    8 +-
 source4/lib/ldb/include/ldb_module.h               |    3 +
 source4/lib/ldb/ldb_tdb/ldb_tdb.c                  |   40 ++++++++++++
 source4/lib/ldb/tools/ldbedit.c                    |    9 ++-
 source4/lib/ldb/tools/ldbutil.c                    |   68 ++++++++++++++++++++
 source4/lib/ldb/tools/ldbutil.h                    |    5 ++
 source4/selftest/tests.py                          |    2 +-
 11 files changed, 139 insertions(+), 24 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/auth/kerberos/krb5_init_context.c b/source4/auth/kerberos/krb5_init_context.c
index 54f27b0..2f1416d 100644
--- a/source4/auth/kerberos/krb5_init_context.c
+++ b/source4/auth/kerberos/krb5_init_context.c
@@ -527,9 +527,7 @@ krb5_error_code smb_krb5_context_set_event_ctx(struct smb_krb5_context *smb_krb5
 		return EINVAL;
 	}
 
-	if (smb_krb5_context->current_ev) {
-		*previous_ev = smb_krb5_context->current_ev;
-	}
+	*previous_ev = smb_krb5_context->current_ev;
 
 	smb_krb5_context->current_ev = talloc_reference(smb_krb5_context, ev);
 	if (!smb_krb5_context->current_ev) {
diff --git a/source4/dsdb/samdb/ldb_modules/linked_attributes.c b/source4/dsdb/samdb/ldb_modules/linked_attributes.c
index d54060b..6045525 100644
--- a/source4/dsdb/samdb/ldb_modules/linked_attributes.c
+++ b/source4/dsdb/samdb/ldb_modules/linked_attributes.c
@@ -681,7 +681,11 @@ static int linked_attributes_fix_links(struct ldb_module *module,
 			return ret;
 		}
 
-		ret = dsdb_module_modify(module, msg, DSDB_FLAG_NEXT_MODULE | DSDB_MODIFY_RELAX);
+		/* we may be putting multiple values in an attribute -
+		   disable checking for this attribute */
+		el2->flags |= LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK;
+
+		ret = dsdb_module_modify(module, msg, DSDB_FLAG_NEXT_MODULE);
 		if (ret != LDB_SUCCESS) {
 			ldb_asprintf_errstring(ldb, "Linked attribute %s->%s between %s and %s - update failed - %s",
 					       el->name, target->lDAPDisplayName,
diff --git a/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c b/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c
index 62bc9ae..ed19349 100644
--- a/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c
+++ b/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c
@@ -296,18 +296,6 @@ static int attr_handler2(struct oc_context *ac)
 			return ldb_operr(ldb);
 		}
 
-		/* Check if they're single-valued if this is requested */
-		if ((msg->elements[i].num_values > 1) && (attr->isSingleValued)) {
-			ldb_asprintf_errstring(ldb, "objectclass_attrs: attribute '%s' on entry '%s' is single-valued!",
-					       msg->elements[i].name,
-					       ldb_dn_get_linearized(msg->dn));
-			if (ac->req->operation == LDB_ADD) {
-				return LDB_ERR_CONSTRAINT_VIOLATION;
-			} else {
-				return LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
-			}
-		}
-
 		/* We can use "str_list_check" with "strcmp" here since the
 		 * attribute informations from the schema are always equal
 		 * up-down-cased. */
diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
index d7ad46f..95cd069 100644
--- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
+++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
@@ -2612,7 +2612,7 @@ static int replmd_delete(struct ldb_module *module, struct ldb_request *req)
 			talloc_free(tmp_ctx);
 			return ret;
 		}
-		msg->elements[el_count++].flags = LDB_FLAG_MOD_ADD;
+		msg->elements[el_count++].flags = LDB_FLAG_MOD_REPLACE;
 	}
 
 	/*
@@ -4090,7 +4090,9 @@ linked_attributes[0]:
 		return ret;
 	}
 
-	ret = dsdb_module_modify(module, msg, DSDB_FLAG_NEXT_MODULE | DSDB_MODIFY_RELAX);
+	old_el->flags |= LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK;
+
+	ret = dsdb_module_modify(module, msg, DSDB_FLAG_NEXT_MODULE);
 	if (ret != LDB_SUCCESS) {
 		ldb_debug(ldb, LDB_DEBUG_WARNING, "Failed to apply linked attribute change '%s'\n%s\n",
 			  ldb_errstring(ldb),
diff --git a/source4/lib/ldb/common/ldb_modules.c b/source4/lib/ldb/common/ldb_modules.c
index 1457298..96e3fed 100644
--- a/source4/lib/ldb/common/ldb_modules.c
+++ b/source4/lib/ldb/common/ldb_modules.c
@@ -844,7 +844,7 @@ static int ldb_modules_load_dir(const char *modules_dir, const char *version);
   from the first ldb_init() is just a convenient way to ensure it is
   called early enough.
  */
-static int ldb_modules_load_one(const char *path, const char *version)
+static int ldb_modules_load_path(const char *path, const char *version)
 {
 	void *handle;
 	int (*init_fn)(const char *);
@@ -969,7 +969,7 @@ static int ldb_modules_load_dir(const char *modules_dir, const char *version)
 	TYPESAFE_QSORT(modlist, num_modules, qsort_string);
 
 	for (i=0; i<num_modules; i++) {
-		int ret = ldb_modules_load_one(modlist[i], version);
+		int ret = ldb_modules_load_path(modlist[i], version);
 		if (ret != LDB_SUCCESS) {
 			fprintf(stderr, "ldb: failed to initialise module %s : %s\n",
 				modlist[i], ldb_strerror(ret));
@@ -988,7 +988,7 @@ static int ldb_modules_load_dir(const char *modules_dir, const char *version)
 */
 void ldb_set_modules_dir(struct ldb_context *ldb, const char *path)
 {
-	int ret = ldb_modules_load_dir(path, LDB_VERSION);
+	int ret = ldb_modules_load_path(path, LDB_VERSION);
 	if (ret != LDB_SUCCESS) {
 		ldb_asprintf_errstring(ldb, "Failed to load modules from: %s\n", path);
 	}
@@ -1045,7 +1045,7 @@ int ldb_modules_load(const char *modules_path, const char *version)
 	for (tok=strtok_r(path, ":", &tok_ptr);
 	     tok;
 	     tok=strtok_r(NULL, ":", &tok_ptr)) {
-		ret = ldb_modules_load_dir(tok, version);
+		ret = ldb_modules_load_path(tok, version);
 		if (ret != LDB_SUCCESS) {
 			talloc_free(path);
 			return ret;
diff --git a/source4/lib/ldb/include/ldb_module.h b/source4/lib/ldb/include/ldb_module.h
index f10e584..e88c887 100644
--- a/source4/lib/ldb/include/ldb_module.h
+++ b/source4/lib/ldb/include/ldb_module.h
@@ -43,6 +43,9 @@ struct ldb_module;
  */
 #define LDB_FLAG_INTERNAL_DISABLE_VALIDATION 0x10
 
+/* disable any single value checking on this attribute */
+#define LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK 0x20
+
 
 /*
    these function pointers define the operations that a ldb module can intercept
diff --git a/source4/lib/ldb/ldb_tdb/ldb_tdb.c b/source4/lib/ldb/ldb_tdb/ldb_tdb.c
index d9547c9..a498d54 100644
--- a/source4/lib/ldb/ldb_tdb/ldb_tdb.c
+++ b/source4/lib/ldb/ldb_tdb/ldb_tdb.c
@@ -294,12 +294,21 @@ static int ltdb_add_internal(struct ldb_module *module,
 
 	for (i=0;i<msg->num_elements;i++) {
 		struct ldb_message_element *el = &msg->elements[i];
+		const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(ldb, el->name);
 
 		if (el->num_values == 0) {
 			ldb_asprintf_errstring(ldb, "attribute '%s' on '%s' specified, but with 0 values (illegal)",
 					       el->name, ldb_dn_get_linearized(msg->dn));
 			return LDB_ERR_CONSTRAINT_VIOLATION;
 		}
+		if (a && (a->flags & LDB_ATTR_FLAG_SINGLE_VALUE) &&
+		    !(el->flags & LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK)) {
+			if (el->num_values > 1) {
+				ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once",
+						       el->name, ldb_dn_get_linearized(msg->dn));
+				return LDB_ERR_CONSTRAINT_VIOLATION;
+			}
+		}
 	}
 
 	ret = ltdb_store(module, msg, TDB_INSERT);
@@ -650,6 +659,7 @@ int ltdb_modify_internal(struct ldb_module *module,
 	for (i=0; i<msg->num_elements; i++) {
 		struct ldb_message_element *el = &msg->elements[i], *el2;
 		struct ldb_val *vals;
+		const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(ldb, el->name);
 		const char *dn;
 
 		switch (msg->elements[i].flags & LDB_FLAG_MOD_MASK) {
@@ -686,6 +696,16 @@ int ltdb_modify_internal(struct ldb_module *module,
 				}
 			}
 
+			if (a && (a->flags & LDB_ATTR_FLAG_SINGLE_VALUE) &&
+			    !(el->flags & LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK)) {
+				if (el->num_values > 1) {
+					ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once",
+						               el->name, ldb_dn_get_linearized(msg2->dn));
+					ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
+					goto done;
+				}
+			}
+
 			/* Checks if element already exists */
 			idx = find_element(msg2, el->name);
 			if (idx == -1) {
@@ -702,6 +722,16 @@ int ltdb_modify_internal(struct ldb_module *module,
 				j = (unsigned int) idx;
 				el2 = &(msg2->elements[j]);
 
+				/* We cannot add another value on a existing one
+				   if the attribute is single-valued */
+				if (a && (a->flags & LDB_ATTR_FLAG_SINGLE_VALUE) &&
+				    !(el->flags & LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK)) {
+					ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once",
+						               el->name, ldb_dn_get_linearized(msg2->dn));
+					ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
+					goto done;
+				}
+
 				/* Check that values don't exist yet on multi-
 				   valued attributes or aren't provided twice */
 				for (j = 0; j < el->num_values; j++) {
@@ -761,6 +791,16 @@ int ltdb_modify_internal(struct ldb_module *module,
 
 		case LDB_FLAG_MOD_REPLACE:
 
+			if (a && (a->flags & LDB_ATTR_FLAG_SINGLE_VALUE) &&
+			    !(el->flags & LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK)) {
+				if (el->num_values > 1) {
+					ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once",
+						               el->name, ldb_dn_get_linearized(msg2->dn));
+					ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
+					goto done;
+				}
+			}
+
 			/* TODO: This is O(n^2) - replace with more efficient check */
 			for (j=0; j<el->num_values; j++) {
 				if (ldb_msg_find_val(el, &el->values[j]) != &el->values[j]) {
diff --git a/source4/lib/ldb/tools/ldbedit.c b/source4/lib/ldb/tools/ldbedit.c
index d26f4d1..74e3037 100644
--- a/source4/lib/ldb/tools/ldbedit.c
+++ b/source4/lib/ldb/tools/ldbedit.c
@@ -300,6 +300,7 @@ int main(int argc, const char **argv)
 	const char *expression = "(|(objectClass=*)(distinguishedName=*))";
 	const char * const * attrs = NULL;
 	TALLOC_CTX *mem_ctx = talloc_new(NULL);
+	struct ldb_control **req_ctrls;
 
 	ldb = ldb_init(mem_ctx, NULL);
 
@@ -325,7 +326,13 @@ int main(int argc, const char **argv)
 		}
 	}
 
-	ret = ldb_search(ldb, ldb, &result, basedn, options->scope, attrs, "%s", expression);
+	req_ctrls = ldb_parse_control_strings(ldb, ldb, (const char **)options->controls);
+	if (options->controls != NULL &&  req_ctrls== NULL) {
+		printf("parsing controls failed: %s\n", ldb_errstring(ldb));
+		return -1;
+	}
+
+	ret = ldb_search_ctrl(ldb, ldb, &result, basedn, options->scope, attrs, req_ctrls, "%s", expression);
 	if (ret != LDB_SUCCESS) {
 		printf("search failed - %s\n", ldb_errstring(ldb));
 		exit(1);
diff --git a/source4/lib/ldb/tools/ldbutil.c b/source4/lib/ldb/tools/ldbutil.c
index 5f7ea89..c9130b1 100644
--- a/source4/lib/ldb/tools/ldbutil.c
+++ b/source4/lib/ldb/tools/ldbutil.c
@@ -147,3 +147,71 @@ int ldb_modify_ctrl(struct ldb_context *ldb,
         talloc_free(req);
         return ret;
 }
+
+
+/*
+  ldb_search with controls
+*/
+int ldb_search_ctrl(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
+		    struct ldb_result **result, struct ldb_dn *base,
+		    enum ldb_scope scope, const char * const *attrs,
+		    struct ldb_control **controls,
+		    const char *exp_fmt, ...)
+{
+	struct ldb_request *req;
+	struct ldb_result *res;
+	char *expression;
+	va_list ap;
+	int ret;
+
+	expression = NULL;
+	*result = NULL;
+	req = NULL;
+
+	res = talloc_zero(mem_ctx, struct ldb_result);
+	if (!res) {
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	if (exp_fmt) {
+		va_start(ap, exp_fmt);
+		expression = talloc_vasprintf(mem_ctx, exp_fmt, ap);
+		va_end(ap);
+
+		if (!expression) {
+			talloc_free(res);
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+	}
+
+	ret = ldb_build_search_req(&req, ldb, mem_ctx,
+				   base?base:ldb_get_default_basedn(ldb),
+				   scope,
+				   expression,
+				   attrs,
+				   controls,
+				   res,
+				   ldb_search_default_callback,
+				   NULL);
+	ldb_req_set_location(req, "ldb_search_ctrl");
+
+	if (ret != LDB_SUCCESS) goto done;
+
+	ret = ldb_request(ldb, req);
+
+	if (ret == LDB_SUCCESS) {
+		ret = ldb_wait(req->handle, LDB_WAIT_ALL);
+	}
+
+done:
+	if (ret != LDB_SUCCESS) {
+		talloc_free(res);
+		res = NULL;
+	}
+
+	talloc_free(expression);
+	talloc_free(req);
+
+	*result = res;
+	return ret;
+}
diff --git a/source4/lib/ldb/tools/ldbutil.h b/source4/lib/ldb/tools/ldbutil.h
index 7747dbe..f8d3f3a 100644
--- a/source4/lib/ldb/tools/ldbutil.h
+++ b/source4/lib/ldb/tools/ldbutil.h
@@ -39,3 +39,8 @@ int ldb_delete_ctrl(struct ldb_context *ldb, struct ldb_dn *dn,
 int ldb_modify_ctrl(struct ldb_context *ldb,
                 const struct ldb_message *message,
                 struct ldb_control **controls);
+int ldb_search_ctrl(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
+		    struct ldb_result **result, struct ldb_dn *base,
+		    enum ldb_scope scope, const char * const *attrs,
+		    struct ldb_control **controls,
+		    const char *exp_fmt, ...);
diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
index 4bb3d90..16a1059 100755
--- a/source4/selftest/tests.py
+++ b/source4/selftest/tests.py
@@ -485,7 +485,7 @@ planpythontestsuite("dc:local", "samba.tests.upgradeprovisionneeddc")
 planpythontestsuite("none", "samba.tests.upgradeprovision")
 planpythontestsuite("none", "samba.tests.xattr")
 planpythontestsuite("none", "samba.tests.ntacls")
-plantestsuite("samba4.deletetest.python(dc)", "dc", ['PYTHONPATH="$PYTHONPATH:../lib/subunit/python:../lib/testtools', python, os.path.join(samba4srcdir, "dsdb/tests/python/deletetest.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '-W', '$DOMAIN'])
+plantestsuite("samba4.deletetest.python(dc)", "dc", ['PYTHONPATH="$PYTHONPATH:../lib/subunit/python:../lib/testtools"', python, os.path.join(samba4srcdir, "dsdb/tests/python/deletetest.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '-W', '$DOMAIN'])
 plantestsuite("samba4.policy.python", "none", ['PYTHONPATH="$PYTHONPATH:lib/policy/tests/python"', subunitrun, 'bindings'])
 plantestsuite("samba4.blackbox.samba3dump", "none", [python, os.path.join(samba4srcdir, "scripting/bin/samba3dump"), os.path.join(samba4srcdir, "../testdata/samba3")])
 plantestsuite("samba4.blackbox.upgrade", "none", ["rm -rf $PREFIX/upgrade;", python, os.path.join(samba4srcdir, "setup/upgrade_from_s3"), "--targetdir=$PREFIX/upgrade", os.path.normpath(os.path.join(samba4srcdir, "../testdata/samba3")), os.path.normpath(os.path.join(samba4srcdir, "../testdata/samba3/smb.conf"))])


-- 
Samba Shared Repository


More information about the samba-cvs mailing list