[SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-948-g2904f33

Matthias Dieter Wallnöfer Sat, 03 Oct 2009 01:58:41 -0700

The branch, master has been updated
       via  2904f3378d95c194fd7286ad5f321c6726819b8b (commit)
       via  90828cc7022807a6036700d0edc8061c408ef8a7 (commit)
      from  deb268f7facd05a10607c5290138b5c0ec33ff49 (commit)


http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 2904f3378d95c194fd7286ad5f321c6726819b8b
Author: Matthias Dieter WallnÃ¶fer <[email protected]>
Date:   Sat Oct 3 10:57:14 2009 +0200

    s4:ldap.py - add a test for the "systemOnly" classes

commit 90828cc7022807a6036700d0edc8061c408ef8a7
Author: Matthias Dieter WallnÃ¶fer <[email protected]>
Date:   Sat Oct 3 10:52:53 2009 +0200

    s4:dsdb Don't allow creation of systemOnly objectclasses
    
    (except as part of the provision, which specifies the 'relax' control)
    
    Andrew Bartlett

-----------------------------------------------------------------------

Summary of changes:
 source4/dsdb/samdb/ldb_modules/objectclass.c    |    6 ++++++
 source4/dsdb/samdb/ldb_modules/repl_meta_data.c |    8 ++++----
 source4/lib/ldb/tests/python/ldap.py            |   17 ++++++++++++++++-
 3 files changed, 26 insertions(+), 5 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c 
b/source4/dsdb/samdb/ldb_modules/objectclass.c
index 6d22141..b3d5461 100644
--- a/source4/dsdb/samdb/ldb_modules/objectclass.c
+++ b/source4/dsdb/samdb/ldb_modules/objectclass.c
@@ -561,6 +561,12 @@ static int objectclass_do_add(struct oc_context *ac)
                                        return LDB_ERR_NAMING_VIOLATION;
                                }
 
+                               if (current->objectclass->systemOnly && 
!ldb_request_get_control(ac->req, LDB_CONTROL_RELAX_OID)) {
+                                       ldb_asprintf_errstring(ldb, 
"objectClass %s is systemOnly, rejecting creation of %s",
+                                                              
current->objectclass->lDAPDisplayName, ldb_dn_get_linearized(msg->dn));
+                                       return LDB_ERR_UNWILLING_TO_PERFORM;
+                               }
+
                                if (!ldb_msg_find_element(msg, 
"objectCategory")) {
                                        value = talloc_strdup(msg, 
current->objectclass->defaultObjectCategory);
                                        if (value == NULL) {
diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c 
b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
index 489985a..74dd7e5 100644
--- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
+++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
@@ -476,10 +476,10 @@ static int replmd_add(struct ldb_module *module, struct 
ldb_request *req)
        char *time_str;
        int ret;
        uint32_t i, ni=0;
-       int allow_add_guid=0;
-       int remove_current_guid=0;
+       bool allow_add_guid = false;
+       bool remove_current_guid = false;
 
-        /* check if there's a show deleted control */
+        /* check if there's a show relax control (used by provision to say 'I 
know what I'm doing') */
         control = ldb_request_get_control(req, LDB_CONTROL_RELAX_OID);
        if (control) {
                allow_add_guid = 1;
@@ -526,7 +526,7 @@ static int replmd_add(struct ldb_module *module, struct 
ldb_request *req)
                        }
                        /* we remove this attribute as it can be a string and 
will not be treated 
                        correctly and then we will readd it latter on in the 
good format*/
-                       remove_current_guid = 1;
+                       remove_current_guid = true;
                }
        } else {
                /* a new GUID */
diff --git a/source4/lib/ldb/tests/python/ldap.py 
b/source4/lib/ldb/tests/python/ldap.py
index c4ebb7e..7fa25fb 100755
--- a/source4/lib/ldb/tests/python/ldap.py
+++ b/source4/lib/ldb/tests/python/ldap.py
@@ -117,6 +117,21 @@ class BasicTests(unittest.TestCase):
         self.delete_force(self.ldb, "cn=parentguidtest,cn=users," + 
self.base_dn)
         self.delete_force(self.ldb, "cn=parentguidtest,cn=testotherusers," + 
self.base_dn)
         self.delete_force(self.ldb, "cn=testotherusers," + self.base_dn)
+        self.delete_force(self.ldb, "cn=ldaptestobject," + self.base_dn)
+
+    def test_system_only(self):
+        """Test systemOnly objects"""
+        print "Test systemOnly objects"""
+
+        try:
+            self.ldb.add({
+                "dn": "cn=ldaptestobject," + self.base_dn,
+                "objectclass": "configuration"})
+            self.fail()
+        except LdbError, (num, _):
+            self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
+
+        self.delete_force(self.ldb, "cn=ldaptestobject," + self.base_dn)
 
     def test_invalid_attribute(self):
         """Test adding invalid attributes (not in schema)"""
@@ -136,7 +151,7 @@ class BasicTests(unittest.TestCase):
              "objectclass": "group"})
 
         m = Message()
-        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
         m["thisdoesnotexist"] = MessageElement("x", FLAG_MOD_REPLACE,
           "thisdoesnotexist")
         try:


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-948-g2904f33

Reply via email to