[SCM] Samba Shared Repository - branch master updated

Stefan Metzmacher metze at samba.org
Fri Oct 7 07:29:03 MDT 2011 

The branch, master has been updated
       via  bcb0212 s4:dsdb/password_hash: add DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID
       via  94899cd Revert "ldb: support raw OIDs in control string parsing"
       via  c180feb s4:dbchecker: make use of local_oid controls for dsdb.DSDB_CONTROL_DBCHECK
       via  ec910d9 ldb/ldb_controls: allow oid up to 255 chars
       via  ff1ce65 s4:dsdb: fix the order of DSDB_CONTROL_* defines in samdb.h
      from  4493c57 uid_wrapper: Add uwrap_setresuid().

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit bcb02129c3eaa3e22b74f65a44c7059a298831a3
Author: Stefan Metzmacher <metze at samba.org>
Date:   Wed Oct 5 14:59:59 2011 +0200

    s4:dsdb/password_hash: add DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID
    
    Which allows the caller to pass a given 'pwdLastSet' value
    (every useful for migrations).
    
    metze
    
    Autobuild-User: Stefan Metzmacher <metze at samba.org>
    Autobuild-Date: Fri Oct  7 15:28:13 CEST 2011 on sn-devel-104

commit 94899cd83ce2270d7760e0f9bb472b80de89f80b
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri Oct 7 09:58:29 2011 +0200

    Revert "ldb: support raw OIDs in control string parsing"
    
    This reverts commit ea41860d32d38448e08cefd79d30ee1150317a9e.
    
    This is not needed, because we already have the 'local_oid' magic.
    
    metze

commit c180feb16cd6933fc81e949b440707c4982a8295
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri Oct 7 09:57:34 2011 +0200

    s4:dbchecker: make use of local_oid controls for dsdb.DSDB_CONTROL_DBCHECK
    
    metze

commit ec910d94d3f4515c1cb4528e5e07be2296734f9a
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri Oct 7 09:56:17 2011 +0200

    ldb/ldb_controls: allow oid up to 255 chars
    
    We have char oid[256], so allow sscanf() to consume 255 chars.
    
    metze

commit ff1ce6521b0b38fa3d2e09d79a8145a52c63b926
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri Oct 7 09:49:48 2011 +0200

    s4:dsdb: fix the order of DSDB_CONTROL_* defines in samdb.h
    
    This makes clear that struct dsdb_control_password_change
    belongs to DSDB_CONTROL_PASSWORD_CHANGE_OID.
    
    metze

-----------------------------------------------------------------------

Summary of changes:
 lib/ldb/common/ldb_controls.c                  |   20 +------------
 lib/ldb/include/ldb_private.h                  |    1 -
 source4/dsdb/samdb/ldb_modules/password_hash.c |   38 ++++++++++++++++++++++++
 source4/dsdb/samdb/samdb.h                     |   22 +++++++------
 source4/scripting/python/samba/dbchecker.py    |    2 +-
 source4/setup/schema_samba4.ldif               |    1 +
 6 files changed, 53 insertions(+), 31 deletions(-)


Changeset truncated at 500 lines:

diff --git a/lib/ldb/common/ldb_controls.c b/lib/ldb/common/ldb_controls.c
index 42fabfc..5b5f357 100644
--- a/lib/ldb/common/ldb_controls.c
+++ b/lib/ldb/common/ldb_controls.c
@@ -949,7 +949,7 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO
 
 		oid[0] = '\0';
 		p = &(control_strings[10]);
-		ret = sscanf(p, "%64[^:]:%d", oid, &crit);
+		ret = sscanf(p, "%255[^:]:%d", oid, &crit);
 
 		if ((ret != 2) || strlen(oid) == 0 || (crit < 0) || (crit > 1)) {
 			error_string = talloc_asprintf(mem_ctx, "invalid local_oid control syntax\n");
@@ -1018,27 +1018,9 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO
 
 		return ctrl;
 	}
-
-	/* support a raw OID */
-	if (isdigit(control_strings[0])) {
-		const char *p = strchr(control_strings, ':');
-		if (p == NULL) {
-			goto failed;
-		}
-		if (strspn(control_strings, "0123456789.") != (p-control_strings)) {
-			goto failed;
-		}
-		ctrl->oid = talloc_strndup(ctrl, control_strings, p-control_strings);
-		ctrl->critical = (p[1]=='1'?1:0);
-		ctrl->data = NULL;
-		return ctrl;
-	}
-
 	/*
 	 * When no matching control has been found.
 	 */
-failed:
-	talloc_free(ctrl);
 	return NULL;
 }
 
diff --git a/lib/ldb/include/ldb_private.h b/lib/ldb/include/ldb_private.h
index db2457d..cafc020 100644
--- a/lib/ldb/include/ldb_private.h
+++ b/lib/ldb/include/ldb_private.h
@@ -40,7 +40,6 @@
 #include "replace.h"
 #include "system/filesys.h"
 #include "system/time.h"
-#include "system/locale.h"
 #include "ldb.h"
 #include "ldb_module.h"
 
diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c
index 02e68cd..9fcdcf7 100644
--- a/source4/dsdb/samdb/ldb_modules/password_hash.c
+++ b/source4/dsdb/samdb/ldb_modules/password_hash.c
@@ -95,6 +95,7 @@ struct ph_context {
 	bool change_status;
 	bool hash_values;
 	bool userPassword;
+	bool pwd_last_set_bypass;
 };
 
 
@@ -1663,6 +1664,33 @@ static int setup_supplemental_field(struct setup_password_fields_io *io)
 
 static int setup_last_set_field(struct setup_password_fields_io *io)
 {
+	const struct ldb_message *msg = NULL;
+
+	switch (io->ac->req->operation) {
+	case LDB_ADD:
+		msg = io->ac->req->op.add.message;
+		break;
+	case LDB_MODIFY:
+		msg = io->ac->req->op.mod.message;
+		break;
+	}
+
+	if (io->ac->pwd_last_set_bypass) {
+		struct ldb_message_element *el;
+
+		if (msg == NULL) {
+			return LDB_ERR_CONSTRAINT_VIOLATION;
+		}
+
+		el = ldb_msg_find_element(msg, "pwdLastSet");
+		if (el == NULL) {
+			return LDB_ERR_CONSTRAINT_VIOLATION;
+		}
+
+		io->g.last_set = samdb_result_nttime(msg, "pwdLastSet", 0);
+		return LDB_SUCCESS;
+	}
+
 	/* set it as now */
 	unix_to_nt_time(&io->g.last_set, time(NULL));
 
@@ -2484,6 +2512,16 @@ static void ph_apply_controls(struct ph_context *ac)
 		/* Mark the "change" control as uncritical (done) */
 		ctrl->critical = false;
 	}
+
+	ac->pwd_last_set_bypass = false;
+	ctrl = ldb_request_get_control(ac->req,
+				DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID);
+	if (ctrl != NULL) {
+		ac->pwd_last_set_bypass = true;
+
+		/* Mark the "bypass pwdLastSet" control as uncritical (done) */
+		ctrl->critical = false;
+	}
 }
 
 static int ph_op_callback(struct ldb_request *req, struct ldb_reply *ares)
diff --git a/source4/dsdb/samdb/samdb.h b/source4/dsdb/samdb/samdb.h
index aedd3db..ae6042c 100644
--- a/source4/dsdb/samdb/samdb.h
+++ b/source4/dsdb/samdb/samdb.h
@@ -92,16 +92,6 @@ struct dsdb_control_password_change_status {
 #define DSDB_CONTROL_PASSWORD_HASH_VALUES_OID "1.3.6.1.4.1.7165.4.3.9"
 
 #define DSDB_CONTROL_PASSWORD_CHANGE_OID "1.3.6.1.4.1.7165.4.3.10"
-
-/* passed when we want to get the behaviour of the non-global catalog port */
-#define DSDB_CONTROL_NO_GLOBAL_CATALOG "1.3.6.1.4.1.7165.4.3.17"
-
-/* passed when we want special behaviour for partial replicas */
-#define DSDB_CONTROL_PARTIAL_REPLICA "1.3.6.1.4.1.7165.4.3.18"
-
-/* passed when we want special behaviour for dbcheck */
-#define DSDB_CONTROL_DBCHECK "1.3.6.1.4.1.7165.4.3.19"
-
 struct dsdb_control_password_change {
 	const struct samr_Password *old_nt_pwd_hash;
 	const struct samr_Password *old_lm_pwd_hash;
@@ -123,6 +113,18 @@ struct dsdb_control_password_change {
 */
 #define DSDB_CONTROL_CHANGEREPLMETADATA_OID "1.3.6.1.4.1.7165.4.3.14"
 
+/* passed when we want to get the behaviour of the non-global catalog port */
+#define DSDB_CONTROL_NO_GLOBAL_CATALOG "1.3.6.1.4.1.7165.4.3.17"
+
+/* passed when we want special behaviour for partial replicas */
+#define DSDB_CONTROL_PARTIAL_REPLICA "1.3.6.1.4.1.7165.4.3.18"
+
+/* passed when we want special behaviour for dbcheck */
+#define DSDB_CONTROL_DBCHECK "1.3.6.1.4.1.7165.4.3.19"
+
+/* passed when importing plain text password on upgrades */
+#define DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID "1.3.6.1.4.1.7165.4.3.20"
+
 #define DSDB_EXTENDED_REPLICATED_OBJECTS_OID "1.3.6.1.4.1.7165.4.4.1"
 struct dsdb_extended_replicated_object {
 	struct ldb_message *msg;
diff --git a/source4/scripting/python/samba/dbchecker.py b/source4/scripting/python/samba/dbchecker.py
index f19891a..8120307 100644
--- a/source4/scripting/python/samba/dbchecker.py
+++ b/source4/scripting/python/samba/dbchecker.py
@@ -211,7 +211,7 @@ class dbcheck(object):
         m = ldb.Message()
         m.dn = dn
         m['old_value'] = ldb.MessageElement(val, ldb.FLAG_MOD_DELETE, attrname)
-        if self.do_modify(m, ["show_recycled:1", "%s:0" % dsdb.DSDB_CONTROL_DBCHECK],
+        if self.do_modify(m, ["show_recycled:1", "local_oid:%s:0" % dsdb.DSDB_CONTROL_DBCHECK],
                           "Failed to remove deleted DN attribute %s" % attrname):
             self.report("Removed deleted DN on attribute %s" % attrname)
 
diff --git a/source4/setup/schema_samba4.ldif b/source4/setup/schema_samba4.ldif
index bfa6dd0..5f4a20a 100644
--- a/source4/setup/schema_samba4.ldif
+++ b/source4/setup/schema_samba4.ldif
@@ -194,6 +194,7 @@
 #Allocated: DSDB_CONTROL_NO_GLOBAL_CATALOG 1.3.6.1.4.1.7165.4.3.17
 #Allocated: DSDB_CONTROL_PARTIAL_REPLICA 1.3.6.1.4.1.7165.4.3.18
 #Allocated: DSDB_CONTROL_DBCHECK 1.3.6.1.4.1.7165.4.3.19
+#Allocated: DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID 1.3.6.1.4.1.7165.4.3.20
 
 # Extended 1.3.6.1.4.1.7165.4.4.x
 #Allocated: DSDB_EXTENDED_REPLICATED_OBJECTS_OID 1.3.6.1.4.1.7165.4.4.1


-- 
Samba Shared Repository

More information about the samba-cvs mailing list