[PATCH] s4: Added support for 389 DS 1.2.3
Endi S. Dewata
edewata at redhat.com
Thu Oct 8 21:16:53 MDT 2009
This patch resolves the following issues:
* Reading bind DN from secrets database.
* Workaround for null pointer error in ldb_msg.c.
* Configuring attribute linking, indexing, and referential integrity.
* Removing unused PAM Pass Through Auth plugin.
---
source4/auth/credentials/credentials.c | 5 ++
source4/auth/credentials/credentials_files.c | 3 +
source4/lib/ldb/common/ldb_msg.c | 3 +-
source4/scripting/python/samba/provision.py | 57 +++++++++++++++++++++++-
source4/setup/fedorads-index.ldif | 7 +++
source4/setup/fedorads-linked-attributes.ldif | 7 +++
source4/setup/fedorads-pam.ldif | 2 +
source4/setup/fedorads-refint-add.ldif | 6 +++
source4/setup/fedorads-refint-delete.ldif | 20 +++++++++
source4/setup/fedorads.inf | 4 ++
10 files changed, 110 insertions(+), 4 deletions(-)
create mode 100644 source4/setup/fedorads-index.ldif
create mode 100644 source4/setup/fedorads-linked-attributes.ldif
create mode 100644 source4/setup/fedorads-pam.ldif
create mode 100644 source4/setup/fedorads-refint-add.ldif
create mode 100644 source4/setup/fedorads-refint-delete.ldif
diff --git a/source4/auth/credentials/credentials.c b/source4/auth/credentials/credentials.c
index 83901db..5d02163 100644
--- a/source4/auth/credentials/credentials.c
+++ b/source4/auth/credentials/credentials.c
@@ -722,6 +722,11 @@ _PUBLIC_ bool cli_credentials_is_anonymous(struct cli_credentials *cred)
{
const char *username;
+ // if bind dn is set it's not anonymous
+ if (cred->bind_dn) {
+ return false;
+ }
+
if (cred->machine_account_pending) {
cli_credentials_set_machine_account(cred,
cred->machine_account_pending_lp_ctx);
diff --git a/source4/auth/credentials/credentials_files.c b/source4/auth/credentials/credentials_files.c
index 3fe38d5..4fcf704 100644
--- a/source4/auth/credentials/credentials_files.c
+++ b/source4/auth/credentials/credentials_files.c
@@ -266,6 +266,9 @@ _PUBLIC_ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred,
cli_credentials_set_anonymous(cred);
talloc_free(mem_ctx);
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+ } else {
+ // store bind dn in credentials
+ cli_credentials_set_bind_dn(cred, ldap_bind_dn);
}
}
}
diff --git a/source4/lib/ldb/common/ldb_msg.c b/source4/lib/ldb/common/ldb_msg.c
index 702978a..b52f5c6 100644
--- a/source4/lib/ldb/common/ldb_msg.c
+++ b/source4/lib/ldb/common/ldb_msg.c
@@ -48,7 +48,8 @@ struct ldb_message_element *ldb_msg_find_element(const struct ldb_message *msg,
const char *attr_name)
{
unsigned int i;
- for (i=0;i<msg->num_elements;i++) {
+ // unknown bug: sometimes msg->elements could be null
+ for (i=0;msg->elements && i<msg->num_elements;i++) {
if (ldb_attr_cmp(msg->elements[i].name, attr_name) == 0) {
return &msg->elements[i];
}
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index e21a3cb..73655e4 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -108,6 +108,11 @@ class ProvisionPaths(object):
self.fedoradsinf = None
self.fedoradspartitions = None
self.fedoradssasl = None
+ self.fedoradspam = None
+ self.fedoradsrefint = None
+ self.fedoradslinkedattributes = None
+ self.fedoradsindex = None
+ self.fedoradssamba = None
self.olmmron = None
self.olmmrserveridsconf = None
self.olmmrsyncreplconf = None
@@ -293,7 +298,7 @@ def setup_ldb(ldb, ldif_path, subst_vars):
ldb.transaction_commit()
-def setup_file(template, fname, subst_vars):
+def setup_file(template, fname, subst_vars=None):
"""Setup a file in the private dir.
:param template: Path of the template file.
@@ -348,8 +353,16 @@ def provision_paths_from_lp(lp, dnsdomain):
"fedorads-partitions.ldif")
paths.fedoradssasl = os.path.join(paths.ldapdir,
"fedorads-sasl.ldif")
+ paths.fedoradspam = os.path.join(paths.ldapdir,
+ "fedorads-pam.ldif")
+ paths.fedoradsrefint = os.path.join(paths.ldapdir,
+ "fedorads-refint.ldif")
+ paths.fedoradslinkedattributes = os.path.join(paths.ldapdir,
+ "fedorads-linked-attributes.ldif")
+ paths.fedoradsindex = os.path.join(paths.ldapdir,
+ "fedorads-index.ldif")
paths.fedoradssamba = os.path.join(paths.ldapdir,
- "fedorads-samba.ldif")
+ "fedorads-samba.ldif")
paths.olmmrserveridsconf = os.path.join(paths.ldapdir,
"mmr_serverids.conf")
paths.olmmrsyncreplconf = os.path.join(paths.ldapdir,
@@ -598,7 +611,7 @@ def setup_samdb_partitions(samdb_path, setup_path, message, lp, session_info,
if ldap_backend.ldap_backend_type == "fedora-ds":
backend_modules = ["nsuniqueid", "paged_searches"]
# We can handle linked attributes here, as we don't have directory-side subtree operations
- tdb_modules_list = ["linked_attributes", "extended_dn_out_dereference"]
+ tdb_modules_list = ["extended_dn_out_dereference"]
elif ldap_backend.ldap_backend_type == "openldap":
backend_modules = ["entryuuid", "paged_searches"]
# OpenLDAP handles subtree renames, so we don't want to do any of these things
@@ -1777,6 +1790,44 @@ def provision_fds_backend(result, paths=None, setup_path=None, names=None,
{"SAMBADN": names.sambadn,
})
+ setup_file(setup_path("fedorads-pam.ldif"), paths.fedoradspam)
+
+ lnkattr = get_linked_attributes(names.schemadn,schema.ldb)
+
+ refint_config = data = open(setup_path("fedorads-refint-delete.ldif"), 'r').read()
+ memberof_config = ""
+ index_config = ""
+ argnum = 3
+
+ for attr in lnkattr.keys():
+ if lnkattr[attr] is not None:
+ refint_config += read_and_sub_file(setup_path("fedorads-refint-add.ldif"),
+ { "ARG_NUMBER" : str(argnum) ,
+ "LINK_ATTR" : attr })
+ memberof_config += read_and_sub_file(setup_path("fedorads-linked-attributes.ldif"),
+ { "MEMBER_ATTR" : attr ,
+ "MEMBEROF_ATTR" : lnkattr[attr] })
+ index_config += read_and_sub_file(setup_path("fedorads-index.ldif"),
+ { "ATTR" : attr })
+ argnum += 1
+
+ open(paths.fedoradsrefint, 'w').write(refint_config)
+ open(paths.fedoradslinkedattributes, 'w').write(memberof_config)
+
+ attrs = ["lDAPDisplayName"]
+ res = schema.ldb.search(expression="(&(objectclass=attributeSchema)(searchFlags:1.2.840.113556.1.4.803:=1))", base=names.schemadn, scope=SCOPE_ONELEVEL, attrs=attrs)
+
+ for i in range (0, len(res)):
+ attr = res[i]["lDAPDisplayName"][0]
+
+ if attr == "objectGUID":
+ attr = "nsUniqueId"
+
+ index_config += read_and_sub_file(setup_path("fedorads-index.ldif"),
+ { "ATTR" : attr })
+
+ open(paths.fedoradsindex, 'w').write(index_config)
+
setup_file(setup_path("fedorads-samba.ldif"), paths.fedoradssamba,
{"SAMBADN": names.sambadn,
"LDAPADMINPASS": ldapadminpass
diff --git a/source4/setup/fedorads-index.ldif b/source4/setup/fedorads-index.ldif
new file mode 100644
index 0000000..4b4eb23
--- /dev/null
+++ b/source4/setup/fedorads-index.ldif
@@ -0,0 +1,7 @@
+dn: cn=${ATTR},cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config
+objectClass: top
+objectClass: nsIndex
+cn: ${ATTR}
+nsSystemIndex: false
+nsIndexType: eq
+
diff --git a/source4/setup/fedorads-linked-attributes.ldif b/source4/setup/fedorads-linked-attributes.ldif
new file mode 100644
index 0000000..05abcf9
--- /dev/null
+++ b/source4/setup/fedorads-linked-attributes.ldif
@@ -0,0 +1,7 @@
+# Link ${MEMBER_ATTR} to ${MEMBEROF_ATTR}
+dn: cn=${MEMBER_ATTR} to ${MEMBEROF_ATTR},cn=Linked Attributes,cn=plugins,cn=config
+objectClass: extensibleObject
+cn: ${MEMBER_ATTR} to ${MEMBEROF_ATTR}
+linkType: ${MEMBER_ATTR}
+managedType: ${MEMBEROF_ATTR}
+
diff --git a/source4/setup/fedorads-pam.ldif b/source4/setup/fedorads-pam.ldif
new file mode 100644
index 0000000..5ffd5cf
--- /dev/null
+++ b/source4/setup/fedorads-pam.ldif
@@ -0,0 +1,2 @@
+dn: cn=PAM Pass Through Auth,cn=plugins,cn=config
+changetype: delete
diff --git a/source4/setup/fedorads-refint-add.ldif b/source4/setup/fedorads-refint-add.ldif
new file mode 100644
index 0000000..2deb07d
--- /dev/null
+++ b/source4/setup/fedorads-refint-add.ldif
@@ -0,0 +1,6 @@
+dn: cn=referential integrity postoperation,cn=plugins,cn=config
+changetype: modify
+add: nsslapd-pluginArg${ARG_NUMBER}
+nsslapd-pluginArg${ARG_NUMBER}: ${LINK_ATTR}
+-
+
diff --git a/source4/setup/fedorads-refint-delete.ldif b/source4/setup/fedorads-refint-delete.ldif
new file mode 100644
index 0000000..cd20b83
--- /dev/null
+++ b/source4/setup/fedorads-refint-delete.ldif
@@ -0,0 +1,20 @@
+dn: cn=referential integrity postoperation,cn=plugins,cn=config
+changetype: modify
+delete: nsslapd-pluginArg3
+-
+
+dn: cn=referential integrity postoperation,cn=plugins,cn=config
+changetype: modify
+delete: nsslapd-pluginArg4
+-
+
+dn: cn=referential integrity postoperation,cn=plugins,cn=config
+changetype: modify
+delete: nsslapd-pluginArg5
+-
+
+dn: cn=referential integrity postoperation,cn=plugins,cn=config
+changetype: modify
+delete: nsslapd-pluginArg6
+-
+
diff --git a/source4/setup/fedorads.inf b/source4/setup/fedorads.inf
index 90ebe6a..e0676c4 100644
--- a/source4/setup/fedorads.inf
+++ b/source4/setup/fedorads.inf
@@ -28,3 +28,7 @@ install_full_schema= 0
SchemaFile=${LDAPDIR}/99_ad.ldif
ConfigFile = ${LDAPDIR}/fedorads-partitions.ldif
ConfigFile = ${LDAPDIR}/fedorads-sasl.ldif
+ConfigFile = ${LDAPDIR}/fedorads-pam.ldif
+ConfigFile = ${LDAPDIR}/fedorads-refint.ldif
+ConfigFile = ${LDAPDIR}/fedorads-linked-attributes.ldif
+ConfigFile = ${LDAPDIR}/fedorads-index.ldif
--
1.6.0.6
------=_Part_81308_1258393476.1255064252733--
More information about the samba-technical
mailing list