The branch, master has been updated
via 6d1e00c s4:repl_meta_data LDB module - fix a counter type
via f46b761 s4:repl_meta_data LDB module - move the "objectGUID" checks
a bit higher
via d9f97cd s4:objectclass_attrs LDB module - add more delete protected
attributes
via 87ddd5a s4:samldb LDB module - objectclass trigger - reorder
template attributes
from bd7647f pyrpc: Build the samba.dcerpc.srvsvc module.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 6d1e00cd249b44ae234b0d378ec4f67fb7bb3ab3
Author: Matthias Dieter Wallnöfer <m...@samba.org>
Date: Sat Nov 20 21:45:53 2010 +0100
s4:repl_meta_data LDB module - fix a counter type
Autobuild-User: Matthias Dieter Wallnöfer <m...@samba.org>
Autobuild-Date: Sat Nov 20 22:32:06 CET 2010 on sn-devel-104
commit f46b76105458772d953d96921523dc02a7a8358f
Author: Matthias Dieter Wallnöfer <m...@samba.org>
Date: Sat Nov 20 21:37:31 2010 +0100
s4:repl_meta_data LDB module - move the "objectGUID" checks a bit higher
- they don't need the allocated "ac" context
- some small code cleanups
commit d9f97cd57f9f797c25212f2fc2d9791733a24ca0
Author: Matthias Dieter Wallnöfer <m...@samba.org>
Date: Sat Nov 20 21:15:57 2010 +0100
s4:objectclass_attrs LDB module - add more delete protected attributes
And enhance the testsuite
commit 87ddd5a807298348c95ce5cb720fd9cd87618953
Author: Matthias Dieter Wallnöfer <m...@samba.org>
Date: Sat Nov 20 21:01:27 2010 +0100
s4:samldb LDB module - objectclass trigger - reorder template attributes
-----------------------------------------------------------------------
Summary of changes:
source4/dsdb/samdb/ldb_modules/objectclass_attrs.c | 5 +-
source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 64 +++++-----
source4/dsdb/samdb/ldb_modules/samldb.c | 19 ++--
source4/dsdb/tests/python/sam.py | 133 +++++++-------------
4 files changed, 94 insertions(+), 127 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c
b/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c
index 67d11b3..ba1f7ab 100644
--- a/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c
+++ b/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c
@@ -203,7 +203,10 @@ static int attr_handler2(struct oc_context *ac)
/* There exists a hardcoded delete-protected attributes list in AD */
const char *del_prot_attributes[] = { "nTSecurityDescriptor",
"objectSid", "sAMAccountType", "sAMAccountName", "groupType",
- "primaryGroupID", "userAccountControl", NULL }, **l;
+ "primaryGroupID", "userAccountControl", "accountExpires",
+ "badPasswordTime", "badPwdCount", "codePage", "countryCode",
+ "lastLogoff", "lastLogon", "logonCount", "pwdLastSet", NULL },
+ **l;
const struct dsdb_attribute *attr;
unsigned int i;
bool found;
diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
index f05d83e..3a27e7b 100644
--- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
+++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
@@ -758,32 +758,24 @@ static int replmd_add(struct ldb_module *module, struct
ldb_request *req)
ldb = ldb_module_get_ctx(module);
- functional_level = dsdb_functional_level(ldb);
-
ldb_debug(ldb, LDB_DEBUG_TRACE, "replmd_add\n");
- ac = replmd_ctx_init(module, req);
- if (!ac) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- guid_blob = ldb_msg_find_ldb_val(req->op.add.message, "objectGUID");
- if ( guid_blob != NULL ) {
- if( !allow_add_guid ) {
+ guid_blob = ldb_msg_find_ldb_val(req->op.add.message, "objectGUID");
+ if (guid_blob != NULL) {
+ if (!allow_add_guid) {
ldb_set_errstring(ldb,
"replmd_add: it's not allowed to add
an object with objectGUID!");
- talloc_free(ac);
return LDB_ERR_UNWILLING_TO_PERFORM;
} else {
NTSTATUS status = GUID_from_data_blob(guid_blob,&guid);
- if ( !NT_STATUS_IS_OK(status)) {
- ldb_debug_set(ldb, LDB_DEBUG_ERROR,
- "replmd_add: Unable to parse as a GUID
the attribute objectGUID\n");
- talloc_free(ac);
+ if (!NT_STATUS_IS_OK(status)) {
+ ldb_set_errstring(ldb,
+ "replmd_add: Unable to parse
the 'objectGUID' as a GUID!");
return LDB_ERR_UNWILLING_TO_PERFORM;
}
- /* we remove this attribute as it can be a string and
will not be treated
- correctly and then we will readd it latter on in the
good format*/
+ /* we remove this attribute as it can be a string and
+ * will not be treated correctly and then we will re-add
+ * it later on in the good format */
remove_current_guid = true;
}
} else {
@@ -791,6 +783,13 @@ static int replmd_add(struct ldb_module *module, struct
ldb_request *req)
guid = GUID_random();
}
+ ac = replmd_ctx_init(module, req);
+ if (ac == NULL) {
+ return ldb_module_oom(module);
+ }
+
+ functional_level = dsdb_functional_level(ldb);
+
/* Get a sequence number from the backend */
ret = ldb_sequence_number(ldb, LDB_SEQ_NEXT, &ac->seq_num);
if (ret != LDB_SUCCESS) {
@@ -1330,13 +1329,15 @@ static int parsed_dn_compare(struct parsed_dn *pdn1,
struct parsed_dn *pdn2)
return GUID_compare(pdn1->guid, pdn2->guid);
}
-static struct parsed_dn *parsed_dn_find(struct parsed_dn *pdn, int count,
struct GUID *guid, struct ldb_dn *dn)
+static struct parsed_dn *parsed_dn_find(struct parsed_dn *pdn,
+ unsigned int count, struct GUID *guid,
+ struct ldb_dn *dn)
{
struct parsed_dn *ret;
+ unsigned int i;
if (dn && GUID_all_zero(guid)) {
/* when updating a link using DRS, we sometimes get a
NULL GUID. We then need to try and match by DN */
- int i;
for (i=0; i<count; i++) {
if (ldb_dn_compare(pdn[i].dsdb_dn->dn, dn) == 0) {
dsdb_get_extended_dn_guid(pdn[i].dsdb_dn->dn,
guid, "GUID");
@@ -2155,26 +2156,26 @@ static int replmd_modify(struct ldb_module *module,
struct ldb_request *req)
}
ldb = ldb_module_get_ctx(module);
- functional_level = dsdb_functional_level(ldb);
-
- lp_ctx = talloc_get_type(ldb_get_opaque(ldb, "loadparm"),
- struct loadparm_context);
ldb_debug(ldb, LDB_DEBUG_TRACE, "replmd_modify\n");
- ac = replmd_ctx_init(module, req);
- if (!ac) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
guid_blob = ldb_msg_find_ldb_val(req->op.mod.message, "objectGUID");
if ( guid_blob != NULL ) {
ldb_set_errstring(ldb,
"replmd_modify: it's not allowed to change
the objectGUID!");
- talloc_free(ac);
return LDB_ERR_CONSTRAINT_VIOLATION;
}
+ ac = replmd_ctx_init(module, req);
+ if (ac == NULL) {
+ return ldb_module_oom(module);
+ }
+
+ functional_level = dsdb_functional_level(ldb);
+
+ lp_ctx = talloc_get_type(ldb_get_opaque(ldb, "loadparm"),
+ struct loadparm_context);
+
/* we have to copy the message as the caller might have it as a const */
msg = ldb_msg_copy_shallow(ac, req->op.mod.message);
if (msg == NULL) {
@@ -2283,9 +2284,10 @@ static int replmd_rename(struct ldb_module *module,
struct ldb_request *req)
ldb_debug(ldb, LDB_DEBUG_TRACE, "replmd_rename\n");
ac = replmd_ctx_init(module, req);
- if (!ac) {
- return LDB_ERR_OPERATIONS_ERROR;
+ if (ac == NULL) {
+ return ldb_module_oom(module);
}
+
ret = ldb_build_rename_req(&down_req, ldb, ac,
ac->req->op.rename.olddn,
ac->req->op.rename.newdn,
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c
b/source4/dsdb/samdb/ldb_modules/samldb.c
index 338b131..0bf7247 100644
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -829,10 +829,11 @@ static int samldb_objectclass_trigger(struct samldb_ctx
*ac)
if (strcmp(ac->type, "user") == 0) {
/* Step 1.2: Default values */
- tempstr = talloc_asprintf(ac->msg, "%d", UF_NORMAL_ACCOUNT);
- if (tempstr == NULL) return ldb_operr(ldb);
ret = samdb_find_or_add_attribute(ldb, ac->msg,
- "userAccountControl", tempstr);
+ "accountExpires", "9223372036854775807");
+ if (ret != LDB_SUCCESS) return ret;
+ ret = samdb_find_or_add_attribute(ldb, ac->msg,
+ "badPasswordTime", "0");
if (ret != LDB_SUCCESS) return ret;
ret = samdb_find_or_add_attribute(ldb, ac->msg,
"badPwdCount", "0");
@@ -844,22 +845,22 @@ static int samldb_objectclass_trigger(struct samldb_ctx
*ac)
"countryCode", "0");
if (ret != LDB_SUCCESS) return ret;
ret = samdb_find_or_add_attribute(ldb, ac->msg,
- "badPasswordTime", "0");
- if (ret != LDB_SUCCESS) return ret;
- ret = samdb_find_or_add_attribute(ldb, ac->msg,
"lastLogoff", "0");
if (ret != LDB_SUCCESS) return ret;
ret = samdb_find_or_add_attribute(ldb, ac->msg,
"lastLogon", "0");
if (ret != LDB_SUCCESS) return ret;
ret = samdb_find_or_add_attribute(ldb, ac->msg,
- "pwdLastSet", "0");
+ "logonCount", "0");
if (ret != LDB_SUCCESS) return ret;
ret = samdb_find_or_add_attribute(ldb, ac->msg,
- "accountExpires", "9223372036854775807");
+ "pwdLastSet", "0");
if (ret != LDB_SUCCESS) return ret;
+
+ tempstr = talloc_asprintf(ac->msg, "%d", UF_NORMAL_ACCOUNT);
+ if (tempstr == NULL) return ldb_operr(ldb);
ret = samdb_find_or_add_attribute(ldb, ac->msg,
- "logonCount", "0");
+ "userAccountControl", tempstr);
if (ret != LDB_SUCCESS) return ret;
el = ldb_msg_find_element(ac->msg, "userAccountControl");
diff --git a/source4/dsdb/tests/python/sam.py b/source4/dsdb/tests/python/sam.py
index f8871b7..e00e23e 100755
--- a/source4/dsdb/tests/python/sam.py
+++ b/source4/dsdb/tests/python/sam.py
@@ -616,15 +616,28 @@ class SamTests(unittest.TestCase):
except LdbError, (num, _):
self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
- m = Message()
- m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
- m["groupType"] = MessageElement([], FLAG_MOD_DELETE,
- "groupType")
- try:
- ldb.modify(m)
- self.fail()
- except LdbError, (num, _):
- self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
+ # Delete protection tests
+
+ for attr in ["nTSecurityDescriptor", "objectSid", "sAMAccountType",
+ "sAMAccountName", "groupType"]:
+
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+ m[attr] = MessageElement([], FLAG_MOD_REPLACE, attr)
+ try:
+ ldb.modify(m)
+ self.fail()
+ except LdbError, (num, _):
+ self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
+
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+ m[attr] = MessageElement([], FLAG_MOD_DELETE, attr)
+ try:
+ ldb.modify(m)
+ self.fail()
+ except LdbError, (num, _):
+ self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
@@ -638,16 +651,6 @@ class SamTests(unittest.TestCase):
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
- m["primaryGroupID"] = MessageElement([], FLAG_MOD_DELETE,
- "primaryGroupID")
- try:
- ldb.modify(m)
- self.fail()
- except LdbError, (num, _):
- self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
-
- m = Message()
- m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["userAccountControl"] = MessageElement(str(UF_NORMAL_ACCOUNT |
UF_PASSWD_NOTREQD), FLAG_MOD_ADD,
"userAccountControl")
try:
@@ -658,16 +661,6 @@ class SamTests(unittest.TestCase):
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
- m["userAccountControl"] = MessageElement([], FLAG_MOD_DELETE,
- "userAccountControl")
- try:
- ldb.modify(m)
- self.fail()
- except LdbError, (num, _):
- self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
-
- m = Message()
- m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectSid"] = MessageElement("xxxxxxxxxxxxxxxx", FLAG_MOD_ADD,
"objectSid")
try:
@@ -678,24 +671,6 @@ class SamTests(unittest.TestCase):
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
- m["objectSid"] = MessageElement([], FLAG_MOD_REPLACE, "objectSid")
- try:
- ldb.modify(m)
- self.fail()
- except LdbError, (num, _):
- self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
-
- m = Message()
- m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
- m["objectSid"] = MessageElement([], FLAG_MOD_DELETE, "objectSid")
- try:
- ldb.modify(m)
- self.fail()
- except LdbError, (num, _):
- self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
-
- m = Message()
- m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["sAMAccountType"] = MessageElement("0", FLAG_MOD_ADD,
"sAMAccountType")
try:
@@ -706,26 +681,6 @@ class SamTests(unittest.TestCase):
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
- m["sAMAccountType"] = MessageElement([], FLAG_MOD_REPLACE,
- "sAMAccountType")
- try:
- ldb.modify(m)
- self.fail()
- except LdbError, (num, _):
- self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
-
- m = Message()
- m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
- m["sAMAccountType"] = MessageElement([], FLAG_MOD_DELETE,
- "sAMAccountType")
- try:
- ldb.modify(m)
- self.fail()
- except LdbError, (num, _):
- self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
-
- m = Message()
- m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["sAMAccountName"] = MessageElement("test", FLAG_MOD_ADD,
"sAMAccountName")
try:
@@ -734,25 +689,31 @@ class SamTests(unittest.TestCase):
except LdbError, (num, _):
self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
- m = Message()
- m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
- m["sAMAccountName"] = MessageElement([], FLAG_MOD_REPLACE,
- "sAMAccountName")
- try:
- ldb.modify(m)
- self.fail()
- except LdbError, (num, _):
- self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
+ # Delete protection tests
- m = Message()
- m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
- m["sAMAccountName"] = MessageElement([], FLAG_MOD_DELETE,
- "sAMAccountName")
- try:
- ldb.modify(m)
- self.fail()
- except LdbError, (num, _):
- self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
+ for attr in ["nTSecurityDescriptor", "objectSid", "sAMAccountType",
+ "sAMAccountName", "primaryGroupID", "userAccountControl",
+ "accountExpires", "badPasswordTime", "badPwdCount",
+ "codePage", "countryCode", "lastLogoff", "lastLogon",
+ "logonCount", "pwdLastSet"]:
+
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+ m[attr] = MessageElement([], FLAG_MOD_REPLACE, attr)
+ try:
+ ldb.modify(m)
+ self.fail()
+ except LdbError, (num, _):
+ self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
+
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+ m[attr] = MessageElement([], FLAG_MOD_DELETE, attr)
+ try:
+ ldb.modify(m)
+ self.fail()
+ except LdbError, (num, _):
+ self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," +
self.base_dn)
--
Samba Shared Repository
