[SCM] Samba Shared Repository - branch master updated
Andrew Tridgell
tridge at samba.org
Thu Aug 4 01:35:02 MDT 2011
The branch, master has been updated
via fff3f29 s4-ldb: two DNs only match if they have the same deletion status
via 7367787 talloc: check block count aftter references test
via 2331610 s4-samdb: save the url in the samdb class
via 37799b0 s4-dsdb: extend the extended_dn_in module to handle DN links
via 23598d5 ldb: rule_id in ldb_parse_tree should be const
via 849d042 ldb: added a new always-fail ldap extended match OID
via e07ca09 ldb: changed DN matching rules to obey GUID/SID/string ordering
via 7b5f0a7 s4-dsdb: handle search expressions containing extended DNs
via d4a1f6a s4-dsdb: added dn_format attribute of a dsdb_attribute
via d669e83 s4-dsdb: fixed outgoing one way link DNs
via a74f467 s4-dsdb: setup a one_way_link attribute on schema attributes
via fc40769 s4-dsdb: fixed a warning on dsdb_delete()
via d10553a s4-dsdb: make requests for STORAGE_FORMAT control non-critical
via a8293a5 ldb: added signatures for 1.1.2
via 39576e9 ldb: raise minor version
via 841d17f ldb: added ldb_parse_tree_walk()
via 4ba8069 ldb: added ldb_dn_replace_components()
from ed59f21 s3-ntlmssp void function cannot return value
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit fff3f290736f0b75903bfefeb961ee935930303b
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Aug 4 14:59:47 2011 +1000
s4-ldb: two DNs only match if they have the same deletion status
Autobuild-User: Andrew Tridgell <tridge at samba.org>
Autobuild-Date: Thu Aug 4 09:34:08 CEST 2011 on sn-devel-104
commit 73677875b46251f59b66c9713f1decc89bd2ea3e
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Aug 4 12:07:19 2011 +1000
talloc: check block count aftter references test
Pair-Programmed-With: Amitay Isaacs <amitay at gmail.com>
commit 2331610a2e33498527070c45debfea418a97717d
Author: Andrew Tridgell <tridge at samba.org>
Date: Wed Aug 3 11:31:45 2011 +1000
s4-samdb: save the url in the samdb class
this is useful for debugging, so we know which database we are dealing
with
Pair-Programmed-With: Amitay Isaacs <amitay at gmail.com>
commit 37799b0644af6d0135af52f07414efd52bbe697e
Author: Andrew Tridgell <tridge at samba.org>
Date: Tue Aug 2 17:19:16 2011 +1000
s4-dsdb: extend the extended_dn_in module to handle DN links
this replaces DN components in incoming filter expressions with the
full extended DN of the target, which allows search expressions based
on <GUID=> and <SID=> DNs, as well as fixing the problem with one-way
links in search expressions
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
commit 23598d56ff7a0bf9cb55606da0ede234e12dbc57
Author: Andrew Tridgell <tridge at samba.org>
Date: Tue Aug 2 17:17:13 2011 +1000
ldb: rule_id in ldb_parse_tree should be const
this allows assignment to a constant string without allocation
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
commit 849d042dd88e8e7de2748524b054b350af06a859
Author: Andrew Tridgell <tridge at samba.org>
Date: Tue Aug 2 17:16:44 2011 +1000
ldb: added a new always-fail ldap extended match OID
this is used when rewriting filter rules to replace a filter rule with
one that is guaranteed not to match
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
commit e07ca09a7bac30b99b0033a59746ba166e429aec
Author: Andrew Tridgell <tridge at samba.org>
Date: Tue Aug 2 17:15:28 2011 +1000
ldb: changed DN matching rules to obey GUID/SID/string ordering
when matching two DNs, the GUID takes priority, then the SID, then the
string component
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
Pair-Programmed-With: Amitay Isaacs <amitay at gmail.com>
commit 7b5f0a7120c91989976d2f946ad1af9d6dc934c7
Author: Andrew Tridgell <tridge at samba.org>
Date: Mon Aug 1 17:48:53 2011 +1000
s4-dsdb: handle search expressions containing extended DNs
this allows for searches like member=<SID=S-1-2-3>
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
Pair-Programmed-With: Amitay Isaacs <amitay at gmail.com>
commit d4a1f6a42b06a5d63a789cad438cfde693df24a7
Author: Andrew Tridgell <tridge at samba.org>
Date: Mon Aug 1 17:47:34 2011 +1000
s4-dsdb: added dn_format attribute of a dsdb_attribute
this is faster than string comparisons during searches at runtime
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
Pair-Programmed-With: Amitay Isaacs <amitay at gmail.com>
commit d669e83857600ec59afc5b11c0286f28fceb0d0a
Author: Andrew Tridgell <tridge at samba.org>
Date: Mon Aug 1 13:55:58 2011 +1000
s4-dsdb: fixed outgoing one way link DNs
when we return a DN which is a one way link, fix the string DN
component by searching for the GUID and replacing the DN components
Pair-Programmed-With: Amitay Isaacs <amitay at gmail.com>
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
commit a74f4673eda682bbca4adfed8a924b16114a0dcd
Author: Andrew Tridgell <tridge at samba.org>
Date: Mon Aug 1 13:54:58 2011 +1000
s4-dsdb: setup a one_way_link attribute on schema attributes
this allows us to quickly determine if a DN is a one way link
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
Pair-Programmed-With: Amitay Isaacs <amitay at gmail.com>
commit fc40769b64188adedf273913fa94d30b307970d3
Author: Andrew Tridgell <tridge at samba.org>
Date: Mon Aug 1 12:40:24 2011 +1000
s4-dsdb: fixed a warning on dsdb_delete()
struct ldb_dn is never const
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
Pair-Programmed-With: Amitay Isaacs <amitay at gmail.com>
commit d10553a51c518407c48529dcfd3e7a5e6f6207c7
Author: Andrew Tridgell <tridge at samba.org>
Date: Mon Aug 1 12:25:11 2011 +1000
s4-dsdb: make requests for STORAGE_FORMAT control non-critical
this allows us to use dsdb_module_dn_by_guid() from levels below the
extended_dn_out module
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
Pair-Programmed-With: Amitay Isaacs <amitay at gmail.com>
commit a8293a5baac4a1869b81a739c4dab750c50de840
Author: Andrew Tridgell <tridge at samba.org>
Date: Wed Aug 3 16:44:28 2011 +1000
ldb: added signatures for 1.1.2
commit 39576e9d65ad71fd2f980275a51837695404de2c
Author: Andrew Tridgell <tridge at samba.org>
Date: Mon Aug 1 12:24:38 2011 +1000
ldb: raise minor version
needed for new module function ldb_dn_replace_components()
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
Pair-Programmed-With: Amitay Isaacs <amitay at gmail.com>
commit 841d17ff83ff3737070117a32199164b0b006402
Author: Andrew Tridgell <tridge at samba.org>
Date: Mon Aug 1 17:46:39 2011 +1000
ldb: added ldb_parse_tree_walk()
this walks a ldb parse tree, calling a callback on each node
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
Pair-Programmed-With: Amitay Isaacs <amitay at gmail.com>
commit 4ba8069e3d33dca53780521026c972425c1d66c5
Author: Andrew Tridgell <tridge at samba.org>
Date: Mon Aug 1 12:24:13 2011 +1000
ldb: added ldb_dn_replace_components()
this allows you to replace the string part of a DN with the string
part from another DN. This is useful when you want to fix a DN that
has the right GUID but the wrong string part, because the target
object has moved.
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
Pair-Programmed-With: Amitay Isaacs <amitay at gmail.com>
-----------------------------------------------------------------------
Summary of changes:
lib/ldb-samba/ldif_handlers.c | 67 ++++++
lib/ldb/ABI/{ldb-1.1.1.sigs => ldb-1.1.2.sigs} | 2 +
lib/ldb/common/ldb_dn.c | 56 +++++
lib/ldb/common/ldb_match.c | 13 +-
lib/ldb/common/ldb_parse.c | 86 ++++++--
lib/ldb/include/ldb.h | 2 +-
lib/ldb/include/ldb_module.h | 16 ++
lib/ldb/wscript | 2 +-
lib/talloc/testsuite.c | 1 +
source4/dsdb/common/dsdb_dn.h | 7 -
source4/dsdb/common/util.c | 4 +-
source4/dsdb/samdb/ldb_modules/extended_dn_in.c | 268 ++++++++++++++++++++--
source4/dsdb/samdb/ldb_modules/extended_dn_out.c | 64 +++++-
source4/dsdb/samdb/ldb_modules/wscript_build | 4 +-
source4/dsdb/schema/schema.h | 11 +
source4/dsdb/schema/schema_inferiors.c | 31 +++
source4/scripting/python/samba/samdb.py | 3 +
source4/setup/schema_samba4.ldif | 8 +
18 files changed, 592 insertions(+), 53 deletions(-)
copy lib/ldb/ABI/{ldb-1.1.1.sigs => ldb-1.1.2.sigs} (99%)
Changeset truncated at 500 lines:
diff --git a/lib/ldb-samba/ldif_handlers.c b/lib/ldb-samba/ldif_handlers.c
index ca6fa74..6ca419b 100644
--- a/lib/ldb-samba/ldif_handlers.c
+++ b/lib/ldb-samba/ldif_handlers.c
@@ -1119,6 +1119,65 @@ static int samba_syntax_operator_fn(struct ldb_context *ldb, enum ldb_parse_op o
}
/*
+ see if two DNs match, comparing first by GUID, then by SID, and
+ finally by string components
+ */
+static int samba_dn_extended_match(struct ldb_context *ldb,
+ const struct ldb_val *v1,
+ const struct ldb_val *v2,
+ bool *matched)
+{
+ TALLOC_CTX *tmp_ctx;
+ struct ldb_dn *dn1, *dn2;
+ const struct ldb_val *guid1, *guid2, *sid1, *sid2;
+ uint32_t rmd_flags1, rmd_flags2;
+
+ tmp_ctx = talloc_new(ldb);
+
+ dn1 = ldb_dn_from_ldb_val(tmp_ctx, ldb, v1);
+ dn2 = ldb_dn_from_ldb_val(tmp_ctx, ldb, v2);
+ if (!dn1 || !dn2) {
+ /* couldn't parse as DN's */
+ talloc_free(tmp_ctx);
+ (*matched) = false;
+ return LDB_SUCCESS;
+ }
+
+ rmd_flags1 = dsdb_dn_rmd_flags(dn1);
+ rmd_flags2 = dsdb_dn_rmd_flags(dn2);
+
+ if ((rmd_flags1 & DSDB_RMD_FLAG_DELETED) !=
+ (rmd_flags2 & DSDB_RMD_FLAG_DELETED)) {
+ /* only match if they have the same deletion status */
+ talloc_free(tmp_ctx);
+ (*matched) = false;
+ return LDB_SUCCESS;
+ }
+
+
+ guid1 = ldb_dn_get_extended_component(dn1, "GUID");
+ guid2 = ldb_dn_get_extended_component(dn2, "GUID");
+ if (guid1 && guid2) {
+ (*matched) = (data_blob_cmp(guid1, guid2) == 0);
+ talloc_free(tmp_ctx);
+ return LDB_SUCCESS;
+ }
+
+ sid1 = ldb_dn_get_extended_component(dn1, "SID");
+ sid2 = ldb_dn_get_extended_component(dn2, "SID");
+ if (sid1 && sid2) {
+ (*matched) = (data_blob_cmp(sid1, sid2) == 0);
+ talloc_free(tmp_ctx);
+ return LDB_SUCCESS;
+ }
+
+ (*matched) = (ldb_dn_compare(dn1, dn2) == 0);
+
+ talloc_free(tmp_ctx);
+ return LDB_SUCCESS;
+}
+
+/*
special operation for DNs, to take account of the RMD_FLAGS deleted bit
*/
static int samba_syntax_operator_dn(struct ldb_context *ldb, enum ldb_parse_op operation,
@@ -1127,9 +1186,17 @@ static int samba_syntax_operator_dn(struct ldb_context *ldb, enum ldb_parse_op o
{
if (operation == LDB_OP_PRESENT && dsdb_dn_is_deleted_val(v1)) {
/* If the DN is deleted, then we can't search for it */
+
+ /* should this be for equality too? */
*matched = false;
return LDB_SUCCESS;
}
+
+ if (operation == LDB_OP_EQUALITY &&
+ samba_dn_extended_match(ldb, v1, v2, matched) == LDB_SUCCESS) {
+ return LDB_SUCCESS;
+ }
+
return samba_syntax_operator_fn(ldb, operation, a, v1, v2, matched);
}
diff --git a/lib/ldb/ABI/ldb-1.1.1.sigs b/lib/ldb/ABI/ldb-1.1.2.sigs
similarity index 99%
copy from lib/ldb/ABI/ldb-1.1.1.sigs
copy to lib/ldb/ABI/ldb-1.1.2.sigs
index 2fe215c..d0df756 100644
--- a/lib/ldb/ABI/ldb-1.1.1.sigs
+++ b/lib/ldb/ABI/ldb-1.1.2.sigs
@@ -73,6 +73,7 @@ ldb_dn_new_fmt: struct ldb_dn *(TALLOC_CTX *, struct ldb_context *, const char *
ldb_dn_remove_base_components: bool (struct ldb_dn *, unsigned int)
ldb_dn_remove_child_components: bool (struct ldb_dn *, unsigned int)
ldb_dn_remove_extended_components: void (struct ldb_dn *)
+ldb_dn_replace_components: bool (struct ldb_dn *, struct ldb_dn *)
ldb_dn_set_component: int (struct ldb_dn *, int, const char *, const struct ldb_val)
ldb_dn_set_extended_component: int (struct ldb_dn *, const char *, const struct ldb_val *)
ldb_dn_update_components: int (struct ldb_dn *, const struct ldb_dn *)
@@ -187,6 +188,7 @@ ldb_parse_control_strings: struct ldb_control **(struct ldb_context *, TALLOC_CT
ldb_parse_tree: struct ldb_parse_tree *(TALLOC_CTX *, const char *)
ldb_parse_tree_attr_replace: void (struct ldb_parse_tree *, const char *, const char *)
ldb_parse_tree_copy_shallow: struct ldb_parse_tree *(TALLOC_CTX *, const struct ldb_parse_tree *)
+ldb_parse_tree_walk: int (struct ldb_parse_tree *, int (*)(struct ldb_parse_tree *, void *), void *)
ldb_qsort: void (void * const, size_t, size_t, void *, ldb_qsort_cmp_fn_t)
ldb_register_backend: int (const char *, ldb_connect_fn, bool)
ldb_register_hook: int (ldb_hook_fn)
diff --git a/lib/ldb/common/ldb_dn.c b/lib/ldb/common/ldb_dn.c
index 6b1ef03..b910489 100644
--- a/lib/ldb/common/ldb_dn.c
+++ b/lib/ldb/common/ldb_dn.c
@@ -1684,6 +1684,62 @@ bool ldb_dn_remove_child_components(struct ldb_dn *dn, unsigned int num)
return true;
}
+
+/* replace the components of a DN with those from another DN, without
+ * touching the extended components
+ *
+ * return true if successful and false if not
+ * if false is returned the dn may be marked invalid
+ */
+bool ldb_dn_replace_components(struct ldb_dn *dn, struct ldb_dn *new_dn)
+{
+ int i;
+
+ if ( ! ldb_dn_validate(dn) || ! ldb_dn_validate(new_dn)) {
+ return false;
+ }
+
+ /* free components */
+ for (i = 0; i < dn->comp_num; i++) {
+ LDB_FREE(dn->components[i].name);
+ LDB_FREE(dn->components[i].value.data);
+ LDB_FREE(dn->components[i].cf_name);
+ LDB_FREE(dn->components[i].cf_value.data);
+ }
+
+ dn->components = talloc_realloc(dn,
+ dn->components,
+ struct ldb_dn_component,
+ new_dn->comp_num);
+ if (dn->components == NULL) {
+ ldb_dn_mark_invalid(dn);
+ return false;
+ }
+
+ dn->comp_num = new_dn->comp_num;
+ dn->valid_case = new_dn->valid_case;
+
+ for (i = 0; i < dn->comp_num; i++) {
+ dn->components[i] = ldb_dn_copy_component(dn->components, &new_dn->components[i]);
+ if (dn->components[i].name == NULL) {
+ ldb_dn_mark_invalid(dn);
+ return false;
+ }
+ }
+ if (new_dn->linearized == NULL) {
+ dn->linearized = NULL;
+ } else {
+ dn->linearized = talloc_strdup(dn, new_dn->linearized);
+ if (dn->linearized == NULL) {
+ ldb_dn_mark_invalid(dn);
+ return false;
+ }
+ }
+
+ return true;
+}
+
+
struct ldb_dn *ldb_dn_get_parent(TALLOC_CTX *mem_ctx, struct ldb_dn *dn)
{
struct ldb_dn *new_dn;
diff --git a/lib/ldb/common/ldb_match.c b/lib/ldb/common/ldb_match.c
index c23e804..5eee02d 100644
--- a/lib/ldb/common/ldb_match.c
+++ b/lib/ldb/common/ldb_match.c
@@ -380,6 +380,16 @@ static int ldb_comparator_bitmask(const char *oid, const struct ldb_val *v1, con
return LDB_SUCCESS;
}
+/*
+ always return false
+*/
+static int ldb_comparator_false(const char *oid, const struct ldb_val *v1, const struct ldb_val *v2,
+ bool *matched)
+{
+ *matched = false;
+ return LDB_SUCCESS;
+}
+
/*
extended match, handles things like bitops
@@ -395,7 +405,8 @@ static int ldb_match_extended(struct ldb_context *ldb,
int (*comparator)(const char *, const struct ldb_val *, const struct ldb_val *, bool *);
} rules[] = {
{ LDB_OID_COMPARATOR_AND, ldb_comparator_bitmask},
- { LDB_OID_COMPARATOR_OR, ldb_comparator_bitmask}
+ { LDB_OID_COMPARATOR_OR, ldb_comparator_bitmask},
+ { SAMBA_LDAP_MATCH_ALWAYS_FALSE, ldb_comparator_false}
};
int (*comp)(const char *,const struct ldb_val *, const struct ldb_val *, bool *) = NULL;
struct ldb_message_element *el;
diff --git a/lib/ldb/common/ldb_parse.c b/lib/ldb/common/ldb_parse.c
index 8c6c2d9..407af9f 100644
--- a/lib/ldb/common/ldb_parse.c
+++ b/lib/ldb/common/ldb_parse.c
@@ -808,50 +808,104 @@ char *ldb_filter_from_tree(TALLOC_CTX *mem_ctx, const struct ldb_parse_tree *tre
/*
- replace any occurrences of an attribute name in the parse tree with a
- new name
+ walk a parse tree, calling the provided callback on each node
*/
-void ldb_parse_tree_attr_replace(struct ldb_parse_tree *tree,
- const char *attr,
- const char *replace)
+int ldb_parse_tree_walk(struct ldb_parse_tree *tree,
+ int (*callback)(struct ldb_parse_tree *tree, void *),
+ void *private_context)
{
unsigned int i;
+ int ret;
+
+ ret = callback(tree, private_context);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+
switch (tree->operation) {
case LDB_OP_AND:
case LDB_OP_OR:
for (i=0;i<tree->u.list.num_elements;i++) {
- ldb_parse_tree_attr_replace(tree->u.list.elements[i],
- attr, replace);
+ ret = ldb_parse_tree_walk(tree->u.list.elements[i], callback, private_context);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
}
break;
case LDB_OP_NOT:
- ldb_parse_tree_attr_replace(tree->u.isnot.child, attr, replace);
+ ret = ldb_parse_tree_walk(tree->u.isnot.child, callback, private_context);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
break;
case LDB_OP_EQUALITY:
case LDB_OP_GREATER:
case LDB_OP_LESS:
case LDB_OP_APPROX:
- if (ldb_attr_cmp(tree->u.equality.attr, attr) == 0) {
- tree->u.equality.attr = replace;
+ case LDB_OP_SUBSTRING:
+ case LDB_OP_PRESENT:
+ case LDB_OP_EXTENDED:
+ break;
+ }
+ return LDB_SUCCESS;
+}
+
+struct parse_tree_attr_replace_ctx {
+ const char *attr;
+ const char *replace;
+};
+
+/*
+ callback for ldb_parse_tree_attr_replace()
+ */
+static int parse_tree_attr_replace(struct ldb_parse_tree *tree, void *private_context)
+{
+ struct parse_tree_attr_replace_ctx *ctx = private_context;
+ switch (tree->operation) {
+ case LDB_OP_EQUALITY:
+ case LDB_OP_GREATER:
+ case LDB_OP_LESS:
+ case LDB_OP_APPROX:
+ if (ldb_attr_cmp(tree->u.equality.attr, ctx->attr) == 0) {
+ tree->u.equality.attr = ctx->replace;
}
break;
case LDB_OP_SUBSTRING:
- if (ldb_attr_cmp(tree->u.substring.attr, attr) == 0) {
- tree->u.substring.attr = replace;
+ if (ldb_attr_cmp(tree->u.substring.attr, ctx->attr) == 0) {
+ tree->u.substring.attr = ctx->replace;
}
break;
case LDB_OP_PRESENT:
- if (ldb_attr_cmp(tree->u.present.attr, attr) == 0) {
- tree->u.present.attr = replace;
+ if (ldb_attr_cmp(tree->u.present.attr, ctx->attr) == 0) {
+ tree->u.present.attr = ctx->replace;
}
break;
case LDB_OP_EXTENDED:
if (tree->u.extended.attr &&
- ldb_attr_cmp(tree->u.extended.attr, attr) == 0) {
- tree->u.extended.attr = replace;
+ ldb_attr_cmp(tree->u.extended.attr, ctx->attr) == 0) {
+ tree->u.extended.attr = ctx->replace;
}
break;
+ default:
+ break;
}
+ return LDB_SUCCESS;
+}
+
+/*
+ replace any occurrences of an attribute name in the parse tree with a
+ new name
+*/
+void ldb_parse_tree_attr_replace(struct ldb_parse_tree *tree,
+ const char *attr,
+ const char *replace)
+{
+ struct parse_tree_attr_replace_ctx ctx;
+
+ ctx.attr = attr;
+ ctx.replace = replace;
+
+ ldb_parse_tree_walk(tree, parse_tree_attr_replace, &ctx);
}
/*
diff --git a/lib/ldb/include/ldb.h b/lib/ldb/include/ldb.h
index 1305d8e..4220ed0 100644
--- a/lib/ldb/include/ldb.h
+++ b/lib/ldb/include/ldb.h
@@ -305,7 +305,7 @@ struct ldb_parse_tree {
struct {
const char *attr;
int dnAttributes;
- char *rule_id;
+ const char *rule_id;
struct ldb_val value;
} extended;
struct {
diff --git a/lib/ldb/include/ldb_module.h b/lib/ldb/include/ldb_module.h
index 6d6fff2..2acd8f3 100644
--- a/lib/ldb/include/ldb_module.h
+++ b/lib/ldb/include/ldb_module.h
@@ -52,6 +52,8 @@ struct ldb_module;
/* force single value checking on this attribute */
#define LDB_FLAG_INTERNAL_FORCE_SINGLE_VALUE_CHECK 0x80
+/* an extended match rule that always fails to match */
+#define SAMBA_LDAP_MATCH_ALWAYS_FALSE "1.3.6.1.4.1.7165.4.5.1"
/*
these function pointers define the operations that a ldb module can intercept
@@ -340,5 +342,19 @@ int ldb_module_init_chain(struct ldb_context *ldb, struct ldb_module *module);
*/
int ldb_init_module(const char *version);
+/* replace the components of a DN with those from another DN, without
+ * touching the extended components
+ *
+ * return true if successful and false if not
+ * if false is returned the dn may be marked invalid
+ */
+bool ldb_dn_replace_components(struct ldb_dn *dn, struct ldb_dn *new_dn);
+
+/*
+ walk a parse tree, calling the provided callback on each node
+*/
+int ldb_parse_tree_walk(struct ldb_parse_tree *tree,
+ int (*callback)(struct ldb_parse_tree *tree, void *),
+ void *private_context);
#endif
diff --git a/lib/ldb/wscript b/lib/ldb/wscript
index d05453e..c4b9973 100755
--- a/lib/ldb/wscript
+++ b/lib/ldb/wscript
@@ -1,7 +1,7 @@
#!/usr/bin/env python
APPNAME = 'ldb'
-VERSION = '1.1.1'
+VERSION = '1.1.2'
blddir = 'bin'
diff --git a/lib/talloc/testsuite.c b/lib/talloc/testsuite.c
index b038d34..003d74b 100644
--- a/lib/talloc/testsuite.c
+++ b/lib/talloc/testsuite.c
@@ -1317,6 +1317,7 @@ static bool test_rusty(void)
talloc_increase_ref_count(p1);
talloc_report_full(root, stdout);
talloc_free(root);
+ CHECK_BLOCKS("null_context", NULL, 2);
return true;
}
diff --git a/source4/dsdb/common/dsdb_dn.h b/source4/dsdb/common/dsdb_dn.h
index b713bdd..b455c7f 100644
--- a/source4/dsdb/common/dsdb_dn.h
+++ b/source4/dsdb/common/dsdb_dn.h
@@ -1,10 +1,3 @@
-enum dsdb_dn_format {
- DSDB_NORMAL_DN,
- DSDB_BINARY_DN,
- DSDB_STRING_DN,
- DSDB_INVALID_DN
-};
-
struct dsdb_dn {
struct ldb_dn *dn;
DATA_BLOB extra_part;
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index ae2ca74..f306748 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -3598,7 +3598,7 @@ int dsdb_request_add_controls(struct ldb_request *req, uint32_t dsdb_flags)
}
if (dsdb_flags & DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT) {
- ret = ldb_request_add_control(req, DSDB_CONTROL_DN_STORAGE_FORMAT_OID, true, NULL);
+ ret = ldb_request_add_control(req, DSDB_CONTROL_DN_STORAGE_FORMAT_OID, false, NULL);
if (ret != LDB_SUCCESS) {
return ret;
}
@@ -3725,7 +3725,7 @@ int dsdb_modify(struct ldb_context *ldb, const struct ldb_message *message,
/*
a delete with a set of flags
*/
-int dsdb_delete(struct ldb_context *ldb, const struct ldb_dn *dn,
+int dsdb_delete(struct ldb_context *ldb, struct ldb_dn *dn,
uint32_t dsdb_flags)
{
struct ldb_request *req;
diff --git a/source4/dsdb/samdb/ldb_modules/extended_dn_in.c b/source4/dsdb/samdb/ldb_modules/extended_dn_in.c
index 4944137..76a9518 100644
--- a/source4/dsdb/samdb/ldb_modules/extended_dn_in.c
+++ b/source4/dsdb/samdb/ldb_modules/extended_dn_in.c
@@ -33,6 +33,8 @@
#include <ldb.h>
#include <ldb_errors.h>
#include <ldb_module.h>
+#include "dsdb/samdb/samdb.h"
+#include "util.h"
/*
TODO: if relax is not set then we need to reject the fancy RMD_* and
@@ -261,6 +263,243 @@ static int extended_base_callback(struct ldb_request *req, struct ldb_reply *are
return LDB_SUCCESS;
}
+
+/*
+ windows ldap searchs don't allow a baseDN with more
+ than one extended component, or an extended
+ component and a string DN
+
+ We only enforce this over ldap, not for internal
+ use, as there are just too many places where we
+ internally want to use a DN that has come from a
+ search with extended DN enabled, or comes from a DRS
+ naming context.
+
+ Enforcing this would also make debugging samba much
+ harder, as we'd need to use ldb_dn_minimise() in a
+ lot of places, and that would lose the DN string
+ which is so useful for working out what a request is
+ for
+*/
+static bool ldb_dn_match_allowed(struct ldb_dn *dn, struct ldb_request *req)
+{
+ int num_components = ldb_dn_get_comp_num(dn);
+ int num_ex_components = ldb_dn_get_extended_comp_num(dn);
+
+ if (num_ex_components == 0) {
+ return true;
+ }
+
+ if ((num_components != 0 || num_ex_components != 1) &&
+ ldb_req_is_untrusted(req)) {
+ return false;
+ }
+ return true;
+}
+
+
+struct extended_dn_filter_ctx {
+ bool test_only;
+ bool matched;
+ struct ldb_module *module;
+ struct ldb_request *req;
+ struct dsdb_schema *schema;
--
Samba Shared Repository
More information about the samba-cvs
mailing list