[SCM] Samba Shared Repository - branch master updated

Sun, 03 Oct 2010 10:32:03 -0700 

The branch, master has been updated
       via  7d0d6d4 s4:kdc/db-glue.c - remove unused variable
       via  24282ad s4:ldap.py - test allowed system flags restriction
       via  ca08cde s4:objectclass LDB module - introduce allowed system flags 
restriction
       via  4e8206e s4:urgent_replication.py - fix up the system flags handling
      from  79a4be4 s3: Remove smbd_server_conn from msg_force_tdis

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 7d0d6d4d23fd010cf78736d33bd710710758b167
Author: Matthias Dieter Wallnöfer <[email protected]>
Date:   Sun Oct 3 18:49:56 2010 +0200

    s4:kdc/db-glue.c - remove unused variable
    
    Autobuild-User: Matthias Dieter Wallnöfer <[email protected]>
    Autobuild-Date: Sun Oct  3 17:30:34 UTC 2010 on sn-devel-104

commit 24282adb9a0db872ba45e878fdbe019c6bc2602e
Author: Matthias Dieter Wallnöfer <[email protected]>
Date:   Wed Sep 29 19:49:57 2010 +0200

    s4:ldap.py - test allowed system flags restriction
    
    Signed-off-by: Andrew Bartlett <[email protected]>

commit ca08cde15029b6d8efdc562daf35d49f4fdbd4de
Author: Matthias Dieter Wallnöfer <[email protected]>
Date:   Wed Sep 29 18:18:55 2010 +0200

    s4:objectclass LDB module - introduce allowed system flags restriction
    
    Let us do the distinction by real use and provision by the RELAX flag
    
    Signed-off-by: Andrew Bartlett <[email protected]>

commit 4e8206eb4c74de05aa0657fc36ad1569b96a8900
Author: Matthias Dieter Wallnöfer <[email protected]>
Date:   Sun Oct 3 18:40:05 2010 +0200

    s4:urgent_replication.py - fix up the system flags handling
    
    And relax some more object creations due to the enforced system flags rules.

-----------------------------------------------------------------------

Summary of changes:
 source4/dsdb/samdb/ldb_modules/objectclass.c    |   17 +++++++++++------
 source4/dsdb/tests/python/ldap.py               |   17 ++++++++++++++++-
 source4/dsdb/tests/python/urgent_replication.py |    7 +++----
 source4/kdc/db-glue.c                           |    1 -
 4 files changed, 30 insertions(+), 12 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c 
b/source4/dsdb/samdb/ldb_modules/objectclass.c
index 82c4144..fa95626 100644
--- a/source4/dsdb/samdb/ldb_modules/objectclass.c
+++ b/source4/dsdb/samdb/ldb_modules/objectclass.c
@@ -696,13 +696,18 @@ static int objectclass_do_add(struct oc_context *ac)
 
                ldb_msg_remove_attr(msg, "systemFlags");
 
-               /* Only these flags may be set by a client, but we can't tell
-                * between a client and our provision at this point
-                * systemFlags &= ( SYSTEM_FLAG_CONFIG_ALLOW_RENAME | 
SYSTEM_FLAG_CONFIG_ALLOW_MOVE | SYSTEM_FLAG_CONFIG_LIMITED_MOVE);
-                */
+               /* Only the following flags may be set by a client */
+               if (ldb_request_get_control(ac->req,
+                                           LDB_CONTROL_RELAX_OID) == NULL) {
+                       systemFlags &= ( SYSTEM_FLAG_CONFIG_ALLOW_RENAME
+                                      | SYSTEM_FLAG_CONFIG_ALLOW_MOVE
+                                      | SYSTEM_FLAG_CONFIG_ALLOW_LIMITED_MOVE
+                                      | SYSTEM_FLAG_ATTR_IS_RDN );
+               }
 
-               /* This flag is only allowed on attributeSchema objects */
-               if (ldb_attr_cmp(objectclass->lDAPDisplayName, 
"attributeSchema") == 0) {
+               /* But the last one ("ATTR_IS_RDN") is only allowed on
+                * "attributeSchema" objects. So truncate if it does not fit. */
+               if (ldb_attr_cmp(objectclass->lDAPDisplayName, 
"attributeSchema") != 0) {
                        systemFlags &= ~SYSTEM_FLAG_ATTR_IS_RDN;
                }
 
diff --git a/source4/dsdb/tests/python/ldap.py 
b/source4/dsdb/tests/python/ldap.py
index 8af9b11..2b75bd6 100755
--- a/source4/dsdb/tests/python/ldap.py
+++ b/source4/dsdb/tests/python/ldap.py
@@ -31,7 +31,9 @@ from samba.dsdb import (UF_NORMAL_ACCOUNT, 
UF_INTERDOMAIN_TRUST_ACCOUNT,
     UF_WORKSTATION_TRUST_ACCOUNT, UF_SERVER_TRUST_ACCOUNT,
     UF_PARTIAL_SECRETS_ACCOUNT,
     UF_PASSWD_NOTREQD, UF_ACCOUNTDISABLE, ATYPE_NORMAL_ACCOUNT,
-    ATYPE_WORKSTATION_TRUST, SYSTEM_FLAG_DOMAIN_DISALLOW_MOVE)
+    ATYPE_WORKSTATION_TRUST, SYSTEM_FLAG_DOMAIN_DISALLOW_MOVE,
+    SYSTEM_FLAG_CONFIG_ALLOW_RENAME, SYSTEM_FLAG_CONFIG_ALLOW_MOVE,
+    SYSTEM_FLAG_CONFIG_ALLOW_LIMITED_MOVE)
 from samba.dcerpc.security import (DOMAIN_RID_USERS, DOMAIN_RID_DOMAIN_MEMBERS,
     DOMAIN_RID_DCS, DOMAIN_RID_READONLY_DCS)
 
@@ -173,6 +175,19 @@ class BasicTests(unittest.TestCase):
         except LdbError, (num, _):
             self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
 
+        # Test allowed system flags
+        self.ldb.add({
+             "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+             "objectClass": "person",
+             "systemFlags": str(~(SYSTEM_FLAG_CONFIG_ALLOW_RENAME | 
SYSTEM_FLAG_CONFIG_ALLOW_MOVE | SYSTEM_FLAG_CONFIG_ALLOW_LIMITED_MOVE)) })
+
+        res = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+                         scope=SCOPE_BASE, attrs=["systemFlags"])
+        self.assertTrue(len(res) == 1)
+        self.assertEquals(res[0]["systemFlags"][0], "0")
+
+        self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+
         self.ldb.add({
              "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
              "objectClass": "person" })
diff --git a/source4/dsdb/tests/python/urgent_replication.py 
b/source4/dsdb/tests/python/urgent_replication.py
index 3c35af6..47d43dd 100755
--- a/source4/dsdb/tests/python/urgent_replication.py
+++ b/source4/dsdb/tests/python/urgent_replication.py
@@ -96,7 +96,7 @@ class UrgentReplicationTests(samba.tests.TestCase):
             "objectclass":"server",
             "cn":"test server",
             "name":"test server",
-            "systemFlags":"50000000"});
+            "systemFlags":"50000000", ["relax:0"]});
 
         self.ldb.add_ldif(
             """dn: cn=NTDS Settings test,cn=test 
server,cn=Servers,cn=Default-First-Site-Name,cn=Sites,cn=Configuration,%s""" % 
(self.base_dn) + """
@@ -139,7 +139,7 @@ systemFlags: 33554432""", ["relax:0"]);
                       "nCName": self.base_dn,
                       "showInAdvancedViewOnly": "TRUE",
                       "name": "test crossRef",
-                      "systemFlags": "1"});
+                      "systemFlags": "1", ["relax:0"]});
 
         # urgent replication should be enabled when creating
         res = self.ldb.load_partition_usn("cn=Configuration," + self.base_dn)
@@ -182,8 +182,7 @@ oMSyntax: 64
 systemOnly: FALSE
 searchFlags: 8
 lDAPDisplayName: test attributeSchema
-name: test attributeSchema
-systemFlags: 0""");
+name: test attributeSchema""");
 
             # urgent replication should be enabled when creating
             res = self.ldb.load_partition_usn("cn=Schema,cn=Configuration," + 
self.base_dn)
diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c
index 0451634..3e918cf 100644
--- a/source4/kdc/db-glue.c
+++ b/source4/kdc/db-glue.c
@@ -1634,7 +1634,6 @@ samba_kdc_check_pkinit_ms_upn_match(krb5_context context,
 NTSTATUS samba_kdc_setup_db_ctx(TALLOC_CTX *mem_ctx, struct 
samba_kdc_base_context *base_ctx,
                                struct samba_kdc_db_context **kdc_db_ctx_out)
 {
-       NTSTATUS nt_status;
        int ldb_ret;
        struct ldb_message *msg;
        struct auth_session_info *session_info;


-- 
Samba Shared Repository

Reply via email to