[SCM] Samba Shared Repository - branch master updated
Matthieu Patou
mat at samba.org
Sat May 5 20:18:02 MDT 2012
The branch, master has been updated
via db11c1b s4-schema: Validate more class attribute when adding a new class in the schema
via 191dd54 s4: use intermediate var, increase lisibility
via aae8085 olschema2ldif: be more strict where checking for open/closed braces
from 16a24dc s3:registry: implement values_need_update and subkeys_need_update in the smbconf backend
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit db11c1b12018b0f92672d07fcf15c3b404f923d3
Author: Matthieu Patou <mat at matws.net>
Date: Sat May 5 17:03:37 2012 -0700
s4-schema: Validate more class attribute when adding a new class in the schema
Autobuild-User: Matthieu Patou <mat at samba.org>
Autobuild-Date: Sun May 6 04:17:56 CEST 2012 on sn-devel-104
commit 191dd54cbc42fc4816f249742d3488d091d96a26
Author: Matthieu Patou <mat at matws.net>
Date: Sun Apr 15 21:58:49 2012 -0700
s4: use intermediate var, increase lisibility
commit aae8085c618e3b4a994a5316596f031701b0529f
Author: Matthieu Patou <mat at matws.net>
Date: Sun Apr 15 14:02:41 2012 -0700
olschema2ldif: be more strict where checking for open/closed braces
-----------------------------------------------------------------------
Summary of changes:
source4/dsdb/samdb/ldb_modules/objectclass_attrs.c | 40 +++++++++++++++++---
source4/utils/oLschema2ldif.c | 18 +++++++-
2 files changed, 49 insertions(+), 9 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c b/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c
index 1fd850a..e50c8e2 100644
--- a/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c
+++ b/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c
@@ -299,6 +299,7 @@ static int attr_handler2(struct oc_context *ac)
const struct dsdb_attribute *attr;
unsigned int i;
bool found;
+ bool isSchemaAttr = false;
ldb = ldb_module_get_ctx(ac->module);
@@ -329,17 +330,19 @@ static int attr_handler2(struct oc_context *ac)
* 3.1.1.5. Unlike other objects in the DS, TDOs may not be created or
* manipulated by client machines over the LDAPv3 transport."
*/
- if (ldb_req_is_untrusted(ac->req)) {
- for (i = 0; i < oc_element->num_values; i++) {
- if ((strcmp((char *)oc_element->values[i].data,
- "secret") == 0) ||
- (strcmp((char *)oc_element->values[i].data,
- "trustedDomain") == 0)) {
+ for (i = 0; i < oc_element->num_values; i++) {
+ char * attname = (char *)oc_element->values[i].data;
+ if (ldb_req_is_untrusted(ac->req)) {
+ if (strcmp(attname, "secret") == 0 ||
+ strcmp(attname, "trustedDomain") == 0) {
ldb_asprintf_errstring(ldb, "objectclass_attrs: LSA objectclasses (entry '%s') cannot be created or changed over LDAP!",
ldb_dn_get_linearized(ac->search_res->message->dn));
return LDB_ERR_UNWILLING_TO_PERFORM;
}
}
+ if (strcmp(attname, "attributeSchema") == 0) {
+ isSchemaAttr = true;
+ }
}
must_contain = dsdb_full_attribute_list(ac, ac->schema, oc_element,
@@ -420,6 +423,31 @@ static int attr_handler2(struct oc_context *ac)
return LDB_ERR_OBJECT_CLASS_VIOLATION;
}
+ if (isSchemaAttr) {
+ /* Before really adding an attribute in the database,
+ * let's check that we can translate it into a dbsd_attribute and
+ * that we can find a valid syntax object.
+ * If not it's better to reject this attribute than not be able
+ * to start samba next time due to schema being unloadable.
+ */
+ struct dsdb_attribute *att = talloc(ac, struct dsdb_attribute);
+ const struct dsdb_syntax *attrSyntax;
+ WERROR status;
+
+ status= dsdb_attribute_from_ldb(ac->schema, msg, att);
+ if (!W_ERROR_IS_OK(status)) {
+ ldb_set_errstring(ldb,
+ "objectclass: failed to translate the schemaAttribute to a dsdb_attribute");
+ return LDB_ERR_UNWILLING_TO_PERFORM;
+ }
+
+ attrSyntax = dsdb_syntax_for_attribute(att);
+ if (!attrSyntax) {
+ ldb_set_errstring(ldb,
+ "objectclass: unknown attribute syntax");
+ return LDB_ERR_UNWILLING_TO_PERFORM;
+ }
+ }
return ldb_module_done(ac->req, ac->mod_ares->controls,
ac->mod_ares->response, LDB_SUCCESS);
}
diff --git a/source4/utils/oLschema2ldif.c b/source4/utils/oLschema2ldif.c
index ae69db1..be86daa 100644
--- a/source4/utils/oLschema2ldif.c
+++ b/source4/utils/oLschema2ldif.c
@@ -82,7 +82,12 @@ static int check_braces(const char *string)
c = strpbrk(c, "()");
if (c == NULL) return 1;
if (*c == '(') b++;
- if (*c == ')') b--;
+ if (*c == ')') {
+ b--;
+ if (*(c - 1) != ' ' && c && (*(c + 1) == '\0')) {
+ return 2;
+ }
+ }
c++;
}
return 0;
@@ -538,8 +543,10 @@ static struct schema_conv process_file(FILE *in, FILE *out)
do {
if (c == '\n') {
- entry[t] = '\0';
- if (check_braces(entry) == 0) {
+ int ret2 = 0;
+ entry[t] = '\0';
+ ret2 = check_braces(entry);
+ if (ret2 == 0) {
ret.count++;
ldif.msg = process_entry(ctx, entry);
if (ldif.msg == NULL) {
@@ -550,6 +557,11 @@ static struct schema_conv process_file(FILE *in, FILE *out)
ldb_ldif_write_file(ldb_ctx, out, &ldif);
break;
}
+ if (ret2 == 2) {
+ fprintf(stderr, "Invalid entry %s, closing braces needs to be preceeded by a space\n", entry);
+ ret.failures++;
+ break;
+ }
line++;
} else {
entry[t] = c;
--
Samba Shared Repository
More information about the samba-cvs
mailing list