via 326aac0... s4:schema_load LDB module - fix a segfault condition on
schema refresh
via 02eab66... s4:schema_set.c - Fix a comment
via d1ee7ab... s4:dsdb_schema_set_attributes - remove unneeded filter
criterias
via 368aa25... s4:dsdb_module_load_partition_usn - check for
"res->count" equal/unequal to 1
via 4df9757... s4:schema_set.c - fix typo
via de81160... s4:schema_load.c - jump to "failed" on an error
condition
from 43b0c31... s4:setup/provision_basedn_modify.ldif - set "minPwdAge"
to the right value
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 518232d4578d700f5f5ea1609275a6cd1de3a1e7
Author: Matthias Dieter Wallnöfer<[email protected]>
Date: Sat Jul 3 15:52:00 2010 +0200
s4:kinit blackbox test - set/reset also here the "minPwdAge"
commit f41d9eb8dc5cf63625260ce577548b0471fc84c8
Author: Matthias Dieter Wallnöfer<[email protected]>
Date: Sat Jul 3 15:37:45 2010 +0200
s4:dsdb/tests/python/ldap_schema.py - remove a now useless
"schemaUpdateNow" request
"schemaUpdateNow" on s4 is now a non-op and therefore not strictly needed
anymore.
commit 465c601071df9de9f15f65bdad3355a77cdc1d59
Author: Matthias Dieter Wallnöfer<[email protected]>
Date: Sat Jul 3 14:52:18 2010 +0200
s4:urgent_replication.py test - remove unneeded "relax" control parameters
commit 326aac06f52a1e4d37449622e02d561ee12608cf
Author: Matthias Dieter Wallnöfer<[email protected]>
Date: Sat Jul 3 14:33:23 2010 +0200
s4:schema_load LDB module - fix a segfault condition on schema refresh
The schema refresh operation itself starts requests from the top of the LDB
modules stack (see call "dsdb_schema_set_attributes" - search operations).
This doesn't work well when these do perform "dsdb_get_schema" calls.
Since the
new schema isn't marked as "refreshed" atm (but in fact it still is - we
didn't
terminate the reload/refresh yet) we could perform other calls to
"dsdb_schema_refresh" and run into serious trouble (segfault).
commit 02eab6602640e73f295a37019c0989dbd799229b
Author: Matthias Dieter Wallnöfer<[email protected]>
Date: Sat Jul 3 14:07:44 2010 +0200
s4:schema_set.c - Fix a comment
commit d1ee7ab16ee2993e12dad2a3eed2f1719fae11d7
Author: Matthias Dieter Wallnöfer<[email protected]>
Date: Sat Jul 3 14:05:04 2010 +0200
s4:dsdb_schema_set_attributes - remove unneeded filter criterias
We already choose the right entry by specifying the right basedn with scope
"LDB_SCOPE_BASE".
commit 368aa25f7c1a2b8c05780479b1e03a2632c42d11
Author: Matthias Dieter Wallnöfer<[email protected]>
Date: Sat Jul 3 12:47:46 2010 +0200
s4:dsdb_module_load_partition_usn - check for "res->count" equal/unequal
to 1
commit 4df9757b48d72f0fd33ef6b7b4e359d6baa9b44f
Author: Matthias Dieter Wallnöfer<[email protected]>
Date: Sat Jul 3 12:36:34 2010 +0200
s4:schema_set.c - fix typo
commit de81160e754cfb65a471f29e03b6e1f1c1461eb2
Author: Matthias Dieter Wallnöfer<[email protected]>
Date: Sat Jul 3 12:35:16 2010 +0200
s4:schema_load.c - jump to "failed" on an error condition
-----------------------------------------------------------------------
Summary of changes:
source4/dsdb/samdb/ldb_modules/schema_load.c | 10 +++++++---
source4/dsdb/samdb/ldb_modules/util.c | 2 +-
source4/dsdb/schema/schema_set.c | 13 +++++++++----
source4/dsdb/tests/python/ldap_schema.py | 10 ----------
source4/dsdb/tests/python/urgent_replication.py | 4 ++--
testprogs/blackbox/test_kinit.sh | 7 +++++++
6 files changed, 26 insertions(+), 20 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/dsdb/samdb/ldb_modules/schema_load.c
b/source4/dsdb/samdb/ldb_modules/schema_load.c
index cffe529..30aafdb 100644
--- a/source4/dsdb/samdb/ldb_modules/schema_load.c
+++ b/source4/dsdb/samdb/ldb_modules/schema_load.c
@@ -224,19 +224,23 @@ static int dsdb_schema_from_db(struct ldb_module *module,
struct ldb_dn *schema_
goto failed;
}
+ (*schema)->refresh_in_progress = true;
(*schema)->refresh_fn = dsdb_schema_refresh;
(*schema)->loaded_from_module = module;
(*schema)->loaded_usn = current_usn;
- /* dsdb_set_schema() steal schema into the ldb_context */
+ /* "dsdb_set_schema()" steals schema into the ldb_context */
ret = dsdb_set_schema(ldb, (*schema));
+ if (*schema != NULL) {
+ (*schema)->refresh_in_progress = false;
+ }
+
if (ret != LDB_SUCCESS) {
ldb_debug_set(ldb, LDB_DEBUG_FATAL,
"schema_load_init: dsdb_set_schema() failed: %d:%s:
%s",
ret, ldb_strerror(ret), ldb_errstring(ldb));
- talloc_free(tmp_ctx);
- return ret;
+ goto failed;
}
/* Ensure this module won't go away before the callback */
diff --git a/source4/dsdb/samdb/ldb_modules/util.c
b/source4/dsdb/samdb/ldb_modules/util.c
index ae08c00..48e195b 100644
--- a/source4/dsdb/samdb/ldb_modules/util.c
+++ b/source4/dsdb/samdb/ldb_modules/util.c
@@ -779,7 +779,7 @@ int dsdb_module_load_partition_usn(struct ldb_module
*module, struct ldb_dn *dn,
return ret;
}
- if (res->count< 1) {
+ if (res->count != 1) {
*uSN = 0;
if (urgent_uSN) {
*urgent_uSN = 0;
diff --git a/source4/dsdb/schema/schema_set.c b/source4/dsdb/schema/schema_set.c
index e09d207..1dcb4f8 100644
--- a/source4/dsdb/schema/schema_set.c
+++ b/source4/dsdb/schema/schema_set.c
@@ -125,7 +125,8 @@ static int dsdb_schema_set_attributes(struct ldb_context
*ldb, struct dsdb_schem
}
/* Try to avoid churning the attributes too much - we only want to do
this if they have changed */
- ret = ldb_search(ldb, mem_ctx,&res, msg->dn, LDB_SCOPE_BASE, NULL,
"dn=%s", ldb_dn_get_linearized(msg->dn));
+ ret = ldb_search(ldb, mem_ctx,&res, msg->dn, LDB_SCOPE_BASE, NULL,
+ NULL);
if (ret == LDB_ERR_NO_SUCH_OBJECT) {
ret = ldb_add(ldb, msg);
} else if (ret != LDB_SUCCESS) {
@@ -154,7 +155,8 @@ static int dsdb_schema_set_attributes(struct ldb_context
*ldb, struct dsdb_schem
/* Now write out the indexs, as found in the schema (if they have
changed) */
- ret = ldb_search(ldb, mem_ctx,&res_idx, msg_idx->dn, LDB_SCOPE_BASE, NULL,
"dn=%s", ldb_dn_get_linearized(msg_idx->dn));
+ ret = ldb_search(ldb, mem_ctx,&res_idx, msg_idx->dn, LDB_SCOPE_BASE,
+ NULL, NULL);
if (ret == LDB_ERR_NO_SUCH_OBJECT) {
ret = ldb_add(ldb, msg_idx);
} else if (ret != LDB_SUCCESS) {
@@ -385,7 +387,9 @@ int dsdb_set_schema(struct ldb_context *ldb, struct
dsdb_schema *schema)
if (ret != LDB_SUCCESS) {
return ret;
}
- /* Remove the refernece to the schema we just overwrote - if there was
none, NULL is harmless here */
+
+ /* Remove the reference to the schema we just overwrote - if there was
+ * none, NULL is harmless here */
if (old_schema != schema) {
talloc_unlink(ldb, old_schema);
talloc_steal(ldb, schema);
@@ -424,7 +428,8 @@ int dsdb_reference_schema(struct ldb_context *ldb, struct
dsdb_schema *schema,
return ret;
}
- /* Remove the refernece to the schema we just overwrote - if there was
none, NULL is harmless here */
+ /* Remove the reference to the schema we just overwrote - if there was
+ * none, NULL is harmless here */
talloc_unlink(ldb, old_schema);
if (talloc_reference(ldb, schema) == NULL) {
diff --git a/source4/dsdb/tests/python/ldap_schema.py
b/source4/dsdb/tests/python/ldap_schema.py
index 270e22a..4f17dd8 100755
--- a/source4/dsdb/tests/python/ldap_schema.py
+++ b/source4/dsdb/tests/python/ldap_schema.py
@@ -118,16 +118,6 @@ systemOnly: FALSE
self.assertEquals(res[0]["lDAPDisplayName"][0],
attr_ldap_display_name)
self.assertTrue("schemaIDGUID" in res[0])
- # Samba requires a "schemaUpdateNow" here.
- # TODO: remove this when Samba is fixed
- ldif = """
-dn:
-changetype: modify
-add: schemaUpdateNow
-schemaUpdateNow: 1
-"""
- self.ldb.modify_ldif(ldif)
-
class_name = "test-Class" + time.strftime("%s", time.gmtime())
class_ldap_display_name = class_name.replace("-", "")
diff --git a/source4/dsdb/tests/python/urgent_replication.py
b/source4/dsdb/tests/python/urgent_replication.py
index 5e9f4ad..092466d 100755
--- a/source4/dsdb/tests/python/urgent_replication.py
+++ b/source4/dsdb/tests/python/urgent_replication.py
@@ -183,7 +183,7 @@ systemOnly: FALSE
searchFlags: 8
lDAPDisplayName: test attributeSchema
name: test attributeSchema
-systemFlags: 0""", ["relax:0"]);
+systemFlags: 0""");
# urgent replication should be enabled when creating
res = self.ldb.load_partition_usn("cn=Schema,cn=Configuration," +
self.base_dn)
@@ -226,7 +226,7 @@ systemMustContain: msDFS-SchemaMajorVersion
defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCD
CLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
systemFlags: 16
-defaultHidingValue: TRUE""", ["relax:0"]);
+defaultHidingValue: TRUE""");
# urgent replication should be enabled when creating
res = self.ldb.load_partition_usn("cn=Schema,cn=Configuration," +
self.base_dn)
diff --git a/testprogs/blackbox/test_kinit.sh b/testprogs/blackbox/test_kinit.sh
index 0373452..a32d167 100755
--- a/testprogs/blackbox/test_kinit.sh
+++ b/testprogs/blackbox/test_kinit.sh
@@ -51,9 +51,14 @@ test_smbclient() {
enctype="-e $ENCTYPE"
+PWSETCONFIG="-H ldap://$SERVER -U$USERNAME%$PASSWORD"
+export PWSETCONFIG
+
KRB5CCNAME="$PREFIX/tmpccache"
export KRB5CCNAME
+testit "reset password policies beside of minimum password age of 0 days"
$VALGRIND $net pwsettings $PWSETCONFIG set --complexity=default --history-length=default
--min-pwd-length=default --min-pwd-age=0 --max-pwd-age=default || failed=`expr $failed +
1`
+
echo $PASSWORD> ./tmppassfile
#testit "kinit with keytab" $samba4kinit $enctype
--keytab=$PREFIX/dc/private/secrets.keytab $serve...@$realm || failed=`expr $failed + 1`
testit "kinit with password" $samba4kinit $enctype
--password-file=./tmppassfile --request-pac $usern...@$realm || failed=`expr $failed +
1`
@@ -165,5 +170,7 @@ rm -f $KRB5CCNAME
testit "kinit with machineaccountccache script" $machineaccountccache
$CONFIGURATTION $KRB5CCNAME || failed=`expr $failed + 1`
test_smbclient "Test machine account login with kerberos ccache" 'ls' -k yes
|| failed=`expr $failed + 1`
+testit "reset password policies" $VALGRIND $net pwsettings $PWSETCONFIG set
--complexity=default --history-length=default --min-pwd-length=default
--min-pwd-age=default --max-pwd-age=default || failed=`expr $failed + 1`
+
rm -f $PREFIX/tmpccache tmpccfile tmppassfile tmpuserpassfile tmpuserccache
tmpkpasswdscript
exit $failed
