The branch, master has been updated
via af5308e s4:samldb LDB module - simplify/unify the message handling
on add and modify operations
via ca035b3 s4:samldb LDB module - assign better memory contexts on two
places
via 0e5b77b s4:kdc - use "userAccountControl" always unsigned
via 933aef0 s4:ldb_modules.c - fix a typo
from a9ee39c s4-test: changed the gentest test to use a fixed seed.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit af5308ef9c30be759985a37f29c958eec0dc28cd
Author: Matthias Dieter Wallnöfer <[email protected]>
Date: Wed Sep 15 12:40:07 2010 +0200
s4:samldb LDB module - simplify/unify the message handling on add and
modify operations
- Perform only shallow copies (should be enough)
- Perform only one copy per operation (also on modifications)
- Build a new request on modify operations if needed ("modified" flag) -
this
makes it look cleaner
- Fix an important bug: the "el" pointers could have changed after
modifications. Therefore we have to refresh them on the FLAG_DELETE checks
Autobuild-User: Matthias Dieter Wallnöfer <[email protected]>
Autobuild-Date: Tue Oct 5 09:24:57 UTC 2010 on sn-devel-104
commit ca035b35fe646afc1222ce6b16c818b6629a3039
Author: Matthias Dieter Wallnöfer <[email protected]>
Date: Tue Oct 5 09:59:30 2010 +0200
s4:samldb LDB module - assign better memory contexts on two places
commit 0e5b77bec44863b1ad440e45fd0933f07e797261
Author: Matthias Dieter Wallnöfer <[email protected]>
Date: Tue Oct 5 09:27:36 2010 +0200
s4:kdc - use "userAccountControl" always unsigned
It doesn't change much but it's nicer to have it consistent.
commit 933aef0bf4aa52c5b4a584858f635833eb0243bd
Author: Matthias Dieter Wallnöfer <[email protected]>
Date: Mon Oct 4 18:57:00 2010 +0200
s4:ldb_modules.c - fix a typo
-----------------------------------------------------------------------
Summary of changes:
source4/dsdb/samdb/ldb_modules/samldb.c | 86 ++++++++++++++++++++-----------
source4/kdc/db-glue.c | 6 +-
source4/kdc/pac-glue.c | 2 +-
source4/lib/ldb/common/ldb_modules.c | 2 +-
source4/rpc_server/lsa/dcesrv_lsa.c | 2 +-
5 files changed, 62 insertions(+), 36 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c
b/source4/dsdb/samdb/ldb_modules/samldb.c
index 06f70a5..f3a9e08 100644
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -721,7 +721,7 @@ static int samldb_fill_object(struct samldb_ctx *ac, const
char *type)
* caller. Use the entry DN for it. */
ac->dn = ac->msg->dn;
- ret = samdb_msg_add_string(ldb, ac, ac->msg,
+ ret = samdb_msg_add_string(ldb, ac->msg, ac->msg,
"defaultObjectCategory",
ldb_dn_get_linearized(ac->dn));
if (ret != LDB_SUCCESS) {
@@ -745,7 +745,7 @@ static int samldb_fill_object(struct samldb_ctx *ac, const
char *type)
if (!ldb_msg_find_element(ac->msg, "lDAPDisplayName")) {
/* the RDN has prefix "CN" */
ret = ldb_msg_add_string(ac->msg, "lDAPDisplayName",
- samdb_cn_to_lDAPDisplayName(ac,
+ samdb_cn_to_lDAPDisplayName(ac->msg,
(const char *) rdn_value->data));
if (ret != LDB_SUCCESS) {
ldb_oom(ldb);
@@ -1093,11 +1093,11 @@ static int samldb_add(struct ldb_module *module, struct
ldb_request *req)
}
/* build the new msg */
- ac->msg = ldb_msg_copy(ac, ac->req->op.add.message);
- if (!ac->msg) {
+ ac->msg = ldb_msg_copy_shallow(ac, req->op.add.message);
+ if (ac->msg == NULL) {
talloc_free(ac);
ldb_debug(ldb, LDB_DEBUG_FATAL,
- "samldb_add: ldb_msg_copy failed!\n");
+ "samldb_add: ldb_msg_copy_shallow failed!\n");
return ldb_operr(ldb);
}
@@ -1151,8 +1151,8 @@ static int samldb_modify(struct ldb_module *module,
struct ldb_request *req)
{
struct ldb_context *ldb;
struct samldb_ctx *ac;
- struct ldb_message *msg;
struct ldb_message_element *el, *el2;
+ bool modified = false;
int ret;
uint32_t account_type;
@@ -1182,101 +1182,127 @@ static int samldb_modify(struct ldb_module *module,
struct ldb_request *req)
return ldb_operr(ldb);
}
- /* TODO: do not modify original request, create a new one */
+ /* build the new msg */
+ ac->msg = ldb_msg_copy_shallow(ac, req->op.mod.message);
+ if (ac->msg == NULL) {
+ talloc_free(ac);
+ ldb_debug(ldb, LDB_DEBUG_FATAL,
+ "samldb_modify: ldb_msg_copy_shallow failed!\n");
+ return ldb_operr(ldb);
+ }
- el = ldb_msg_find_element(req->op.mod.message, "groupType");
+ el = ldb_msg_find_element(ac->msg, "groupType");
if (el && (LDB_FLAG_MOD_TYPE(el->flags) == LDB_FLAG_MOD_REPLACE) &&
el->num_values == 1) {
uint32_t group_type;
- req->op.mod.message = msg = ldb_msg_copy_shallow(req,
- req->op.mod.message);
+ modified = true;
group_type = strtoul((const char *)el->values[0].data, NULL, 0);
account_type = ds_gtype2atype(group_type);
- ret = samdb_msg_add_uint(ldb, msg, msg,
+ ret = samdb_msg_add_uint(ldb, ac->msg, ac->msg,
"sAMAccountType",
account_type);
if (ret != LDB_SUCCESS) {
return ret;
}
- el2 = ldb_msg_find_element(msg, "sAMAccountType");
+ el2 = ldb_msg_find_element(ac->msg, "sAMAccountType");
el2->flags = LDB_FLAG_MOD_REPLACE;
}
+ el = ldb_msg_find_element(ac->msg, "groupType");
if (el && (LDB_FLAG_MOD_TYPE(el->flags) == LDB_FLAG_MOD_DELETE)) {
return LDB_ERR_UNWILLING_TO_PERFORM;
}
- el = ldb_msg_find_element(req->op.mod.message, "primaryGroupID");
+ el = ldb_msg_find_element(ac->msg, "primaryGroupID");
if (el && (LDB_FLAG_MOD_TYPE(el->flags) == LDB_FLAG_MOD_REPLACE) &&
el->num_values == 1) {
- req->op.mod.message = ac->msg = ldb_msg_copy_shallow(req,
- req->op.mod.message);
+ modified = true;
ret = samldb_prim_group_change(ac);
if (ret != LDB_SUCCESS) {
return ret;
}
}
+ el = ldb_msg_find_element(ac->msg, "primaryGroupID");
if (el && (LDB_FLAG_MOD_TYPE(el->flags) == LDB_FLAG_MOD_DELETE)) {
return LDB_ERR_UNWILLING_TO_PERFORM;
}
- el = ldb_msg_find_element(req->op.mod.message, "userAccountControl");
+ el = ldb_msg_find_element(ac->msg, "userAccountControl");
if (el && (LDB_FLAG_MOD_TYPE(el->flags) == LDB_FLAG_MOD_REPLACE) &&
el->num_values == 1) {
uint32_t user_account_control;
- req->op.mod.message = msg = ldb_msg_copy_shallow(req,
- req->op.mod.message);
+ modified = true;
user_account_control = strtoul((const char *)el->values[0].data,
NULL, 0);
account_type = ds_uf2atype(user_account_control);
- ret = samdb_msg_add_uint(ldb, msg, msg,
+ ret = samdb_msg_add_uint(ldb, ac->msg, ac->msg,
"sAMAccountType",
account_type);
if (ret != LDB_SUCCESS) {
return ret;
}
- el2 = ldb_msg_find_element(msg, "sAMAccountType");
+ el2 = ldb_msg_find_element(ac->msg, "sAMAccountType");
el2->flags = LDB_FLAG_MOD_REPLACE;
if (user_account_control & (UF_SERVER_TRUST_ACCOUNT |
UF_PARTIAL_SECRETS_ACCOUNT)) {
- ret = samdb_msg_add_string(ldb, msg, msg,
- "isCriticalSystemObject",
"TRUE");
+ ret = samdb_msg_add_string(ldb, ac->msg, ac->msg,
+ "isCriticalSystemObject",
+ "TRUE");
if (ret != LDB_SUCCESS) {
return ret;
}
- el2 = ldb_msg_find_element(msg,
"isCriticalSystemObject");
+ el2 = ldb_msg_find_element(ac->msg,
+ "isCriticalSystemObject");
el2->flags = LDB_FLAG_MOD_REPLACE;
}
- if (!ldb_msg_find_element(msg, "primaryGroupID")) {
+ if (!ldb_msg_find_element(ac->msg, "primaryGroupID")) {
uint32_t rid =
ds_uf2prim_group_rid(user_account_control);
- ret = samdb_msg_add_uint(ldb, msg, msg,
+ ret = samdb_msg_add_uint(ldb, ac->msg, ac->msg,
"primaryGroupID", rid);
if (ret != LDB_SUCCESS) {
return ret;
}
- el2 = ldb_msg_find_element(msg,
+ el2 = ldb_msg_find_element(ac->msg,
"primaryGroupID");
el2->flags = LDB_FLAG_MOD_REPLACE;
}
}
+ el = ldb_msg_find_element(ac->msg, "userAccountControl");
if (el && (LDB_FLAG_MOD_TYPE(el->flags) == LDB_FLAG_MOD_DELETE)) {
return LDB_ERR_UNWILLING_TO_PERFORM;
}
- el = ldb_msg_find_element(req->op.mod.message, "member");
+ el = ldb_msg_find_element(ac->msg, "member");
if (el && el->flags & (LDB_FLAG_MOD_ADD|LDB_FLAG_MOD_REPLACE) &&
el->num_values == 1) {
- req->op.mod.message = ac->msg = ldb_msg_copy_shallow(req,
- req->op.mod.message);
-
ret = samldb_member_check(ac);
if (ret != LDB_SUCCESS) {
return ret;
}
}
+ if (modified) {
+ struct ldb_request *child_req;
+
+ /* Now perform the real modifications as a child request */
+ ret = ldb_build_mod_req(&child_req, ldb, ac,
+ ac->msg,
+ req->controls,
+ req, dsdb_next_callback,
+ req);
+ LDB_REQ_SET_LOCATION(child_req);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+
+ return ldb_next_request(module, child_req);
+ }
+
+ talloc_free(ac);
+
+ /* no change which interests us, go on */
return ldb_next_request(module, req);
}
diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c
index 3e918cf..10d25ee 100644
--- a/source4/kdc/db-glue.c
+++ b/source4/kdc/db-glue.c
@@ -85,7 +85,7 @@ static KerberosTime ldb_msg_find_krb5time_ldap_time(struct
ldb_message *msg, con
return timegm(&tm);
}
-static HDBFlags uf2HDBFlags(krb5_context context, int userAccountControl, enum
samba_kdc_ent_type ent_type)
+static HDBFlags uf2HDBFlags(krb5_context context, uint32_t userAccountControl,
enum samba_kdc_ent_type ent_type)
{
HDBFlags flags = int2HDBFlags(0);
@@ -197,7 +197,7 @@ static krb5_error_code
samba_kdc_message2entry_keys(krb5_context context,
struct ldb_message *msg,
uint32_t rid,
bool is_rodc,
- unsigned int
userAccountControl,
+ uint32_t userAccountControl,
enum samba_kdc_ent_type
ent_type,
hdb_entry_ex *entry_ex)
{
@@ -544,7 +544,7 @@ static krb5_error_code samba_kdc_message2entry(krb5_context
context,
hdb_entry_ex *entry_ex)
{
struct loadparm_context *lp_ctx = kdc_db_ctx->lp_ctx;
- unsigned int userAccountControl;
+ uint32_t userAccountControl;
unsigned int i;
krb5_error_code ret = 0;
krb5_boolean is_computer = FALSE;
diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c
index b9a686c..c7e3876 100644
--- a/source4/kdc/pac-glue.c
+++ b/source4/kdc/pac-glue.c
@@ -107,7 +107,7 @@ bool samba_princ_needs_pac(struct hdb_entry_ex *princ)
{
struct samba_kdc_entry *p = talloc_get_type(princ->ctx, struct
samba_kdc_entry);
- unsigned int userAccountControl;
+ uint32_t userAccountControl;
/* The service account may be set not to want the PAC */
diff --git a/source4/lib/ldb/common/ldb_modules.c
b/source4/lib/ldb/common/ldb_modules.c
index dc0ce91..ec71c8d 100644
--- a/source4/lib/ldb/common/ldb_modules.c
+++ b/source4/lib/ldb/common/ldb_modules.c
@@ -833,7 +833,7 @@ int ldb_module_done(struct ldb_request *req,
}
/* to be used *only* in modules init functions.
- * this function i synchronous and will register
+ * this function is synchronous and will register
* the requested OID in the rootdse module if present
* otherwise it will return an error */
int ldb_mod_register_control(struct ldb_module *module, const char *oid)
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c
b/source4/rpc_server/lsa/dcesrv_lsa.c
index 74c2859..7acf036 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -1230,7 +1230,7 @@ static NTSTATUS dcesrv_lsa_OpenTrustedDomain(struct
dcesrv_call_state *dce_call,
/* search for the trusted_domain record */
ret = gendb_search(trusted_domain_state->policy->sam_ldb,
mem_ctx, policy_state->domain_dn, &msgs,
attrs,
-
"(&(samaccountname=%s$)(objectclass=user)(userAccountControl:1.2.840.113556.1.4.803:=%d))",
+
"(&(samaccountname=%s$)(objectclass=user)(userAccountControl:1.2.840.113556.1.4.803:=%u))",
flatname, UF_INTERDOMAIN_TRUST_ACCOUNT);
if (ret == 1) {
trusted_domain_state->trusted_domain_user_dn =
talloc_steal(trusted_domain_state, msgs[0]->dn);
--
Samba Shared Repository
