[SCM] Samba Shared Repository - branch master updated

Matthieu Patou mat at samba.org
Sat May 5 20:18:02 MDT 2012 

The branch, master has been updated
       via  db11c1b s4-schema: Validate more class attribute when adding a new class in the schema
       via  191dd54 s4: use intermediate var, increase lisibility
       via  aae8085 olschema2ldif: be more strict where checking for open/closed braces
      from  16a24dc s3:registry: implement values_need_update and subkeys_need_update in the smbconf backend

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit db11c1b12018b0f92672d07fcf15c3b404f923d3
Author: Matthieu Patou <mat at matws.net>
Date:   Sat May 5 17:03:37 2012 -0700

    s4-schema: Validate more class attribute when adding a new class in the schema
    
    Autobuild-User: Matthieu Patou <mat at samba.org>
    Autobuild-Date: Sun May  6 04:17:56 CEST 2012 on sn-devel-104

commit 191dd54cbc42fc4816f249742d3488d091d96a26
Author: Matthieu Patou <mat at matws.net>
Date:   Sun Apr 15 21:58:49 2012 -0700

    s4: use intermediate var, increase lisibility

commit aae8085c618e3b4a994a5316596f031701b0529f
Author: Matthieu Patou <mat at matws.net>
Date:   Sun Apr 15 14:02:41 2012 -0700

    olschema2ldif: be more strict where checking for open/closed braces

-----------------------------------------------------------------------

Summary of changes:
 source4/dsdb/samdb/ldb_modules/objectclass_attrs.c |   40 +++++++++++++++++---
 source4/utils/oLschema2ldif.c                      |   18 +++++++-
 2 files changed, 49 insertions(+), 9 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c b/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c
index 1fd850a..e50c8e2 100644
--- a/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c
+++ b/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c
@@ -299,6 +299,7 @@ static int attr_handler2(struct oc_context *ac)
 	const struct dsdb_attribute *attr;
 	unsigned int i;
 	bool found;
+	bool isSchemaAttr = false;
 
 	ldb = ldb_module_get_ctx(ac->module);
 
@@ -329,17 +330,19 @@ static int attr_handler2(struct oc_context *ac)
 	 * 3.1.1.5. Unlike other objects in the DS, TDOs may not be created or
 	 *  manipulated by client machines over the LDAPv3 transport."
 	 */
-	if (ldb_req_is_untrusted(ac->req)) {
-		for (i = 0; i < oc_element->num_values; i++) {
-			if ((strcmp((char *)oc_element->values[i].data,
-				    "secret") == 0) ||
-			    (strcmp((char *)oc_element->values[i].data,
-				    "trustedDomain") == 0)) {
+	for (i = 0; i < oc_element->num_values; i++) {
+		char * attname = (char *)oc_element->values[i].data;
+		if (ldb_req_is_untrusted(ac->req)) {
+			if (strcmp(attname, "secret") == 0 ||
+			    strcmp(attname, "trustedDomain") == 0) {
 				ldb_asprintf_errstring(ldb, "objectclass_attrs: LSA objectclasses (entry '%s') cannot be created or changed over LDAP!",
 						       ldb_dn_get_linearized(ac->search_res->message->dn));
 				return LDB_ERR_UNWILLING_TO_PERFORM;
 			}
 		}
+		if (strcmp(attname, "attributeSchema") == 0) {
+			isSchemaAttr = true;
+		}
 	}
 
 	must_contain = dsdb_full_attribute_list(ac, ac->schema, oc_element,
@@ -420,6 +423,31 @@ static int attr_handler2(struct oc_context *ac)
 		return LDB_ERR_OBJECT_CLASS_VIOLATION;
 	}
 
+	if (isSchemaAttr) {
+		/* Before really adding an attribute in the database,
+			* let's check that we can translate it into a dbsd_attribute and
+			* that we can find a valid syntax object.
+			* If not it's better to reject this attribute than not be able
+			* to start samba next time due to schema being unloadable.
+			*/
+		struct dsdb_attribute *att = talloc(ac, struct dsdb_attribute);
+		const struct dsdb_syntax *attrSyntax;
+		WERROR status;
+
+		status= dsdb_attribute_from_ldb(ac->schema, msg, att);
+		if (!W_ERROR_IS_OK(status)) {
+			ldb_set_errstring(ldb,
+						"objectclass: failed to translate the schemaAttribute to a dsdb_attribute");
+			return LDB_ERR_UNWILLING_TO_PERFORM;
+		}
+
+		attrSyntax = dsdb_syntax_for_attribute(att);
+		if (!attrSyntax) {
+			ldb_set_errstring(ldb,
+						"objectclass: unknown attribute syntax");
+			return LDB_ERR_UNWILLING_TO_PERFORM;
+		}
+	}
 	return ldb_module_done(ac->req, ac->mod_ares->controls,
 			       ac->mod_ares->response, LDB_SUCCESS);
 }
diff --git a/source4/utils/oLschema2ldif.c b/source4/utils/oLschema2ldif.c
index ae69db1..be86daa 100644
--- a/source4/utils/oLschema2ldif.c
+++ b/source4/utils/oLschema2ldif.c
@@ -82,7 +82,12 @@ static int check_braces(const char *string)
 		c = strpbrk(c, "()");
 		if (c == NULL) return 1;
 		if (*c == '(') b++;
-		if (*c == ')') b--;
+		if (*c == ')') {
+			b--;
+			if (*(c - 1) != ' ' && c && (*(c + 1) == '\0')) {
+				return 2;
+			}
+		}
 		c++;
 	}
 	return 0;
@@ -538,8 +543,10 @@ static struct schema_conv process_file(FILE *in, FILE *out)
 
 		do { 
 			if (c == '\n') {
-				entry[t] = '\0';	
-				if (check_braces(entry) == 0) {
+				int ret2 = 0;
+				entry[t] = '\0';
+				ret2 = check_braces(entry);
+				if (ret2 == 0) {
 					ret.count++;
 					ldif.msg = process_entry(ctx, entry);
 					if (ldif.msg == NULL) {
@@ -550,6 +557,11 @@ static struct schema_conv process_file(FILE *in, FILE *out)
 					ldb_ldif_write_file(ldb_ctx, out, &ldif);
 					break;
 				}
+				if (ret2 == 2) {
+					fprintf(stderr, "Invalid entry %s, closing braces needs to be preceeded by a space\n", entry);
+					ret.failures++;
+					break;
+				}
 				line++;
 			} else {
 				entry[t] = c;


-- 
Samba Shared Repository

More information about the samba-cvs mailing list