[SCM] Samba Shared Repository - branch master updated
Matthias Dieter Wallnöfer
mdw at samba.org
Sun Oct 3 11:31:01 MDT 2010
The branch, master has been updated
via 7d0d6d4 s4:kdc/db-glue.c - remove unused variable
via 24282ad s4:ldap.py - test allowed system flags restriction
via ca08cde s4:objectclass LDB module - introduce allowed system flags restriction
via 4e8206e s4:urgent_replication.py - fix up the system flags handling
from 79a4be4 s3: Remove smbd_server_conn from msg_force_tdis
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 7d0d6d4d23fd010cf78736d33bd710710758b167
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Sun Oct 3 18:49:56 2010 +0200
s4:kdc/db-glue.c - remove unused variable
Autobuild-User: Matthias Dieter Wallnöfer <mdw at samba.org>
Autobuild-Date: Sun Oct 3 17:30:34 UTC 2010 on sn-devel-104
commit 24282adb9a0db872ba45e878fdbe019c6bc2602e
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Wed Sep 29 19:49:57 2010 +0200
s4:ldap.py - test allowed system flags restriction
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
commit ca08cde15029b6d8efdc562daf35d49f4fdbd4de
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Wed Sep 29 18:18:55 2010 +0200
s4:objectclass LDB module - introduce allowed system flags restriction
Let us do the distinction by real use and provision by the RELAX flag
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
commit 4e8206eb4c74de05aa0657fc36ad1569b96a8900
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Sun Oct 3 18:40:05 2010 +0200
s4:urgent_replication.py - fix up the system flags handling
And relax some more object creations due to the enforced system flags rules.
-----------------------------------------------------------------------
Summary of changes:
source4/dsdb/samdb/ldb_modules/objectclass.c | 17 +++++++++++------
source4/dsdb/tests/python/ldap.py | 17 ++++++++++++++++-
source4/dsdb/tests/python/urgent_replication.py | 7 +++----
source4/kdc/db-glue.c | 1 -
4 files changed, 30 insertions(+), 12 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c
index 82c4144..fa95626 100644
--- a/source4/dsdb/samdb/ldb_modules/objectclass.c
+++ b/source4/dsdb/samdb/ldb_modules/objectclass.c
@@ -696,13 +696,18 @@ static int objectclass_do_add(struct oc_context *ac)
ldb_msg_remove_attr(msg, "systemFlags");
- /* Only these flags may be set by a client, but we can't tell
- * between a client and our provision at this point
- * systemFlags &= ( SYSTEM_FLAG_CONFIG_ALLOW_RENAME | SYSTEM_FLAG_CONFIG_ALLOW_MOVE | SYSTEM_FLAG_CONFIG_LIMITED_MOVE);
- */
+ /* Only the following flags may be set by a client */
+ if (ldb_request_get_control(ac->req,
+ LDB_CONTROL_RELAX_OID) == NULL) {
+ systemFlags &= ( SYSTEM_FLAG_CONFIG_ALLOW_RENAME
+ | SYSTEM_FLAG_CONFIG_ALLOW_MOVE
+ | SYSTEM_FLAG_CONFIG_ALLOW_LIMITED_MOVE
+ | SYSTEM_FLAG_ATTR_IS_RDN );
+ }
- /* This flag is only allowed on attributeSchema objects */
- if (ldb_attr_cmp(objectclass->lDAPDisplayName, "attributeSchema") == 0) {
+ /* But the last one ("ATTR_IS_RDN") is only allowed on
+ * "attributeSchema" objects. So truncate if it does not fit. */
+ if (ldb_attr_cmp(objectclass->lDAPDisplayName, "attributeSchema") != 0) {
systemFlags &= ~SYSTEM_FLAG_ATTR_IS_RDN;
}
diff --git a/source4/dsdb/tests/python/ldap.py b/source4/dsdb/tests/python/ldap.py
index 8af9b11..2b75bd6 100755
--- a/source4/dsdb/tests/python/ldap.py
+++ b/source4/dsdb/tests/python/ldap.py
@@ -31,7 +31,9 @@ from samba.dsdb import (UF_NORMAL_ACCOUNT, UF_INTERDOMAIN_TRUST_ACCOUNT,
UF_WORKSTATION_TRUST_ACCOUNT, UF_SERVER_TRUST_ACCOUNT,
UF_PARTIAL_SECRETS_ACCOUNT,
UF_PASSWD_NOTREQD, UF_ACCOUNTDISABLE, ATYPE_NORMAL_ACCOUNT,
- ATYPE_WORKSTATION_TRUST, SYSTEM_FLAG_DOMAIN_DISALLOW_MOVE)
+ ATYPE_WORKSTATION_TRUST, SYSTEM_FLAG_DOMAIN_DISALLOW_MOVE,
+ SYSTEM_FLAG_CONFIG_ALLOW_RENAME, SYSTEM_FLAG_CONFIG_ALLOW_MOVE,
+ SYSTEM_FLAG_CONFIG_ALLOW_LIMITED_MOVE)
from samba.dcerpc.security import (DOMAIN_RID_USERS, DOMAIN_RID_DOMAIN_MEMBERS,
DOMAIN_RID_DCS, DOMAIN_RID_READONLY_DCS)
@@ -173,6 +175,19 @@ class BasicTests(unittest.TestCase):
except LdbError, (num, _):
self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
+ # Test allowed system flags
+ self.ldb.add({
+ "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+ "objectClass": "person",
+ "systemFlags": str(~(SYSTEM_FLAG_CONFIG_ALLOW_RENAME | SYSTEM_FLAG_CONFIG_ALLOW_MOVE | SYSTEM_FLAG_CONFIG_ALLOW_LIMITED_MOVE)) })
+
+ res = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+ scope=SCOPE_BASE, attrs=["systemFlags"])
+ self.assertTrue(len(res) == 1)
+ self.assertEquals(res[0]["systemFlags"][0], "0")
+
+ self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+
self.ldb.add({
"dn": "cn=ldaptestuser,cn=users," + self.base_dn,
"objectClass": "person" })
diff --git a/source4/dsdb/tests/python/urgent_replication.py b/source4/dsdb/tests/python/urgent_replication.py
index 3c35af6..47d43dd 100755
--- a/source4/dsdb/tests/python/urgent_replication.py
+++ b/source4/dsdb/tests/python/urgent_replication.py
@@ -96,7 +96,7 @@ class UrgentReplicationTests(samba.tests.TestCase):
"objectclass":"server",
"cn":"test server",
"name":"test server",
- "systemFlags":"50000000"});
+ "systemFlags":"50000000", ["relax:0"]});
self.ldb.add_ldif(
"""dn: cn=NTDS Settings test,cn=test server,cn=Servers,cn=Default-First-Site-Name,cn=Sites,cn=Configuration,%s""" % (self.base_dn) + """
@@ -139,7 +139,7 @@ systemFlags: 33554432""", ["relax:0"]);
"nCName": self.base_dn,
"showInAdvancedViewOnly": "TRUE",
"name": "test crossRef",
- "systemFlags": "1"});
+ "systemFlags": "1", ["relax:0"]});
# urgent replication should be enabled when creating
res = self.ldb.load_partition_usn("cn=Configuration," + self.base_dn)
@@ -182,8 +182,7 @@ oMSyntax: 64
systemOnly: FALSE
searchFlags: 8
lDAPDisplayName: test attributeSchema
-name: test attributeSchema
-systemFlags: 0""");
+name: test attributeSchema""");
# urgent replication should be enabled when creating
res = self.ldb.load_partition_usn("cn=Schema,cn=Configuration," + self.base_dn)
diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c
index 0451634..3e918cf 100644
--- a/source4/kdc/db-glue.c
+++ b/source4/kdc/db-glue.c
@@ -1634,7 +1634,6 @@ samba_kdc_check_pkinit_ms_upn_match(krb5_context context,
NTSTATUS samba_kdc_setup_db_ctx(TALLOC_CTX *mem_ctx, struct samba_kdc_base_context *base_ctx,
struct samba_kdc_db_context **kdc_db_ctx_out)
{
- NTSTATUS nt_status;
int ldb_ret;
struct ldb_message *msg;
struct auth_session_info *session_info;
--
Samba Shared Repository
More information about the samba-cvs
mailing list