[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Tue Oct 19 06:17:01 MDT 2010
The branch, master has been updated
via 4b4dcaf s4-dsdb Reset the error string after 'expected' errors.
via 439a1fe s4-dsdb Add module to send only 'simple' DNs to OpenLDAP backends
via 5650e85 s4-dsdb Allow LDB_ERR_INVALID_DN_SYNTAX in dsdb_load_partition_usn
via 8975834 s4-auth Add DEBUG() for invalid DNs and errors expanding user groups.
from d652803 ldb:"ldb_schema_attribute_by_name_internal" - support the whole unsigned int range
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 4b4dcaf4b300c3d66833e9b0eff91c8365275d9d
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Oct 19 22:30:26 2010 +1100
s4-dsdb Reset the error string after 'expected' errors.
This helps ensure that we don't get confusing error strings in the
logs on other error cases.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet at samba.org>
Autobuild-Date: Tue Oct 19 12:16:07 UTC 2010 on sn-devel-104
commit 439a1fe2d0db8a784431a4dbc070faef6e4f788e
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Oct 19 22:29:04 2010 +1100
s4-dsdb Add module to send only 'simple' DNs to OpenLDAP backends
If we send the full extended DN, then we risk standards-complient LDAP
servers rejecting it as invalid. Only the DN portion is needed to
resolve the record in any case, and any SID or GUID componenets have
already been evaluated into the DN.
Andrew Bartlett
commit 5650e8558eb703a5660cb3cef79bec89dc6ac5fc
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Oct 19 22:27:54 2010 +1100
s4-dsdb Allow LDB_ERR_INVALID_DN_SYNTAX in dsdb_load_partition_usn
This will happen on an OpenLDAP backend, because @ records are invalid in LDAP.
We don't have these sequence numbers in this case.
Andrew Bartlett
commit 897583476c49d4c037c1d8579fd6841728b871ba
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Oct 19 20:20:43 2010 +1100
s4-auth Add DEBUG() for invalid DNs and errors expanding user groups.
Against the OpenLDAP backend, I currently get failures. This makes it
possible to debug those failures.
Andrew Bartlett
-----------------------------------------------------------------------
Summary of changes:
source4/auth/sam.c | 5 ++
source4/dsdb/common/util.c | 2 +-
source4/dsdb/samdb/ldb_modules/samba_dsdb.c | 4 +-
source4/dsdb/samdb/ldb_modules/simple_dn.c | 73 ++++++++++++++++++++++++++
source4/dsdb/samdb/ldb_modules/util.c | 1 +
source4/dsdb/samdb/ldb_modules/wscript_build | 8 +++
6 files changed, 90 insertions(+), 3 deletions(-)
create mode 100644 source4/dsdb/samdb/ldb_modules/simple_dn.c
Changeset truncated at 500 lines:
diff --git a/source4/auth/sam.c b/source4/auth/sam.c
index c83a7d4..b98830a 100644
--- a/source4/auth/sam.c
+++ b/source4/auth/sam.c
@@ -319,6 +319,8 @@ NTSTATUS authsam_expand_nested_groups(struct ldb_context *sam_ctx,
dn = ldb_dn_from_ldb_val(tmp_ctx, sam_ctx, dn_val);
if (dn == NULL) {
talloc_free(tmp_ctx);
+ DEBUG(0, (__location__ ": we failed parsing DN %*.*s, so we cannot calculate the group token\n",
+ (int)dn_val->length, (int)dn_val->length, dn_val->data));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
@@ -359,6 +361,9 @@ NTSTATUS authsam_expand_nested_groups(struct ldb_context *sam_ctx,
}
if (ret != LDB_SUCCESS) {
+ DEBUG(1, (__location__ ": dsdb_search for %s failed: %s\n",
+ ldb_dn_get_extended_linearized(tmp_ctx, dn, 1),
+ ldb_errstring(sam_ctx)));
talloc_free(tmp_ctx);
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index 9e6ccbc..f56cd07 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -2828,7 +2828,7 @@ int dsdb_load_partition_usn(struct ldb_context *ldb, struct ldb_dn *dn,
ret = ldb_wait(req->handle, LDB_WAIT_ALL);
}
- if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+ if (ret == LDB_ERR_NO_SUCH_OBJECT || ret == LDB_ERR_INVALID_DN_SYNTAX) {
/* it hasn't been created yet, which means
an implicit value of zero */
*uSN = 0;
diff --git a/source4/dsdb/samdb/ldb_modules/samba_dsdb.c b/source4/dsdb/samdb/ldb_modules/samba_dsdb.c
index 4d0f946..9536981 100644
--- a/source4/dsdb/samdb/ldb_modules/samba_dsdb.c
+++ b/source4/dsdb/samdb/ldb_modules/samba_dsdb.c
@@ -209,9 +209,9 @@ static int samba_dsdb_init(struct ldb_module *module)
const char **backend_modules;
static const char *fedora_ds_backend_modules[] = {
- "nsuniqueid", "paged_searches", NULL };
+ "nsuniqueid", "paged_searches", "simple_dn", NULL };
static const char *openldap_backend_modules[] = {
- "entryuuid", "paged_searches", NULL };
+ "entryuuid", "paged_searches", "simple_dn", NULL };
static const char *samba_dsdb_attrs[] = { "backendType", "serverRole", NULL };
const char *backendType, *serverRole;
diff --git a/source4/dsdb/samdb/ldb_modules/simple_dn.c b/source4/dsdb/samdb/ldb_modules/simple_dn.c
new file mode 100644
index 0000000..d863290
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/simple_dn.c
@@ -0,0 +1,73 @@
+/*
+ ldb database library
+
+ Copyright (C) Andrew Bartlett 2010
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/*
+ * Name: ldb
+ *
+ * Component: ldb dn simplification module
+ *
+ * Description: Module to strip off extended componenets from search DNs (not accepted by OpenLDAP backends)
+ *
+ * Author: Andrew Bartlett
+ */
+
+
+
+#include "includes.h"
+#include "ldb_module.h"
+#include "dsdb/samdb/ldb_modules/util.h"
+
+/* search */
+static int simple_dn_search(struct ldb_module *module, struct ldb_request *req)
+{
+ struct ldb_context *ldb;
+ struct ldb_request *down_req;
+ struct ldb_dn *new_base;
+ int ret;
+
+ ldb = ldb_module_get_ctx(module);
+
+ new_base = ldb_dn_copy(req, req->op.search.base);
+ if (!new_base) {
+ ldb_module_oom(module);
+ }
+
+ ldb_dn_remove_extended_components(new_base);
+
+ ret = ldb_build_search_req_ex(&down_req,
+ ldb, req,
+ new_base,
+ req->op.search.scope,
+ req->op.search.tree,
+ req->op.search.attrs,
+ req->controls,
+ req, dsdb_next_callback,
+ req);
+ LDB_REQ_SET_LOCATION(down_req);
+ if (ret != LDB_SUCCESS) {
+ return ldb_operr(ldb);
+ }
+ talloc_steal(down_req, new_base);
+
+ return ldb_next_request(module, down_req);
+}
+
+_PUBLIC_ const struct ldb_module_ops ldb_simple_dn_module_ops = {
+ .name = "simple_dn",
+ .search = simple_dn_search
+};
diff --git a/source4/dsdb/samdb/ldb_modules/util.c b/source4/dsdb/samdb/ldb_modules/util.c
index e550630..57066d9 100644
--- a/source4/dsdb/samdb/ldb_modules/util.c
+++ b/source4/dsdb/samdb/ldb_modules/util.c
@@ -689,6 +689,7 @@ int dsdb_module_load_partition_usn(struct ldb_module *module, struct ldb_dn *dn,
an implicit value of zero */
*uSN = 0;
talloc_free(tmp_ctx);
+ ldb_reset_err_string(ldb);
return LDB_SUCCESS;
}
diff --git a/source4/dsdb/samdb/ldb_modules/wscript_build b/source4/dsdb/samdb/ldb_modules/wscript_build
index f6b1e9c..e6f6956 100644
--- a/source4/dsdb/samdb/ldb_modules/wscript_build
+++ b/source4/dsdb/samdb/ldb_modules/wscript_build
@@ -350,3 +350,11 @@ bld.SAMBA_MODULE('ldb_aclread',
internal_module=False,
deps='talloc LIBEVENTS LIBSECURITY SAMDB',
)
+
+bld.SAMBA_MODULE('ldb_simple_dn',
+ source='simple_dn.c',
+ subsystem='ldb',
+ init_function='LDB_MODULE(simple_dn)',
+ internal_module=False,
+ deps='talloc DSDB_MODULE_HELPERS'
+ )
--
Samba Shared Repository
More information about the samba-cvs
mailing list