The branch, master has been updated
via dd60dcf test-chgdcpass: test the ldap case for server password
change
via 0e6c5c0 s4-ldapclient: cope with logon failure retry in LDAP
via b0cc0d5 s4-librpc: set error code to LOGON_FAILURE on RPC fault
with access denied
via 538dd04 samba-tool: "drs options" does not need a samdb connection
via 5d6ae34 s4-librpc: try a 2nd logon for more error cases
via 30ffdda ldb: fixed callers for ldb_pack_data() and ldb_unpack_data()
via fc47b0d ldb: move ldb_pack.c into common
via e480995 test_chgdpass: use drs bind to test password change on RPC
via ed2e69f s4-librpc: use cli_credentials_failed_kerberos_login to
cope with stale tickets
via fce66b2 test_chgdpass: added test for kerberos retry
via d4ea637 libcli: use cli_credentials_failed_kerberos_login() to cope
with server changes
via 994696c auth: added cli_credentials_failed_kerberos_login()
from ffb608b util: remove accidently committed hunk
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit dd60dcf343bfb8286951d3109055693634574d8b
Author: Andrew Tridgell <[email protected]>
Date: Thu Nov 1 14:11:02 2012 +1100
test-chgdcpass: test the ldap case for server password change
use samba-tool drs options which does both RPC and LDAP connections
Pair-Programmed-With: Andrew Bartlett <[email protected]>
Autobuild-User(master): Andrew Tridgell <[email protected]>
Autobuild-Date(master): Thu Nov 1 07:21:17 CET 2012 on sn-devel-104
commit 0e6c5c036f8faddcc6ca65c26453ffaf248ed2b5
Author: Andrew Tridgell <[email protected]>
Date: Thu Nov 1 14:10:14 2012 +1100
s4-ldapclient: cope with logon failure retry in LDAP
similar to what was done for rpc and cifs, we now retry once on logon
failure for ldap, allowing for a new ticket to be fetched when a
server password changes while we have a valid ticket for the old
password
Pair-Programmed-With: Andrew Bartlett <[email protected]>
commit b0cc0d5698d34aa7956b22faa8b79bd9b338286d
Author: Andrew Tridgell <[email protected]>
Date: Thu Nov 1 13:42:52 2012 +1100
s4-librpc: set error code to LOGON_FAILURE on RPC fault with access denied
this allows the client code to trigger a retry with a new password
callback for NTLM connections
Pair-Programmed-With: Andrew Bartlett <[email protected]>
commit 538dd046f1efefbeb8660ef1ff5afd594a003341
Author: Andrew Tridgell <[email protected]>
Date: Thu Nov 1 13:31:47 2012 +1100
samba-tool: "drs options" does not need a samdb connection
this gives us a handy pure RPC client test for use in blackbox testing
Pair-Programmed-With: Andrew Bartlett <[email protected]>
commit 5d6ae3498ad77ccdb7a8b3a316d7aa86c2f0c56a
Author: Andrew Tridgell <[email protected]>
Date: Thu Nov 1 13:30:47 2012 +1100
s4-librpc: try a 2nd logon for more error cases
not all servers give LOGON_FAILURE on authentication failures, so we
need to do the retry with a new ticket on a wider range of error types
Pair-Programmed-With: Andrew Bartlett <[email protected]>
commit 30ffdda45bd3ae602b453c9c1bbdb77ea3de8a8d
Author: Andrew Tridgell <[email protected]>
Date: Wed Oct 31 16:06:03 2012 +1100
ldb: fixed callers for ldb_pack_data() and ldb_unpack_data()
with ltdb_pack_data() and ltdb_unpack_data() now moved into common, we
need to increase the minor version and fixup callers of the API
Note that this relies on struct ldb_val being the same shape as
TDB_DATA, in much the same way as we rely on ldb_val and DATA_BLOB
being the same shape.
Pair-Programmed-With: Andrew Bartlett <[email protected]>
commit fc47b0d03c577730ce0ef9e09092f80c0712d5d0
Author: Andrew Tridgell <[email protected]>
Date: Wed Oct 31 15:39:09 2012 +1100
ldb: move ldb_pack.c into common
this code should not be tied to the ldb_tdb backend, both because it
could be used for any record oriented backend, and because it should
be exposed for use by diagnosis/repair tools such as the recently
added ldbdump tool
Pair-Programmed-With: Andrew Bartlett <[email protected]>
commit e48099516e4975cb69c7e2850d3b13b25bab7c44
Author: Andrew Tridgell <[email protected]>
Date: Wed Oct 31 18:45:25 2012 +1100
test_chgdpass: use drs bind to test password change on RPC
Pair-Programmed-With: Andrew Bartlett <[email protected]>
commit ed2e69fe91fee642392803a17d42d64adc36e41d
Author: Andrew Tridgell <[email protected]>
Date: Wed Oct 31 18:44:23 2012 +1100
s4-librpc: use cli_credentials_failed_kerberos_login to cope with stale
tickets
This allows our RPC client code to cope with a kerberos server
changing password while we have a valid service ticket
Pair-Programmed-With: Andrew Bartlett <[email protected]>
commit fce66b22ea312abb252fb9dc748b3adc6fbab49f
Author: Andrew Tridgell <[email protected]>
Date: Wed Oct 31 18:00:43 2012 +1100
test_chgdpass: added test for kerberos retry
this tests that we correctly retry with a new ccache entry when a
server changes its password while we have a valid ticket
Pair-Programmed-With: Andrew Bartlett <[email protected]>
commit d4ea637eb869e0c3540140b7ae04c2b483f7693c
Author: Andrew Tridgell <[email protected]>
Date: Wed Oct 31 17:59:54 2012 +1100
libcli: use cli_credentials_failed_kerberos_login() to cope with server
changes
if a server changes while we have a valid ticket we want to retry
after removing the ccache entry.
Pair-Programmed-With: Andrew Bartlett <[email protected]>
commit 994696c5c4638b0665021eac1c55b4c6ea9fd55f
Author: Andrew Tridgell <[email protected]>
Date: Wed Oct 31 17:58:20 2012 +1100
auth: added cli_credentials_failed_kerberos_login()
this is used to support retrying kerberos connections after removing a
ccache entry, to cope with a server being re-built while our client
still has a valid service ticket
Pair-Programmed-With: Andrew Bartlett <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
auth/credentials/credentials.h | 3 +
auth/credentials/credentials_krb5.c | 61 ++++++++++
lib/ldb/ABI/{ldb-1.1.12.sigs => ldb-1.1.14.sigs} | 2 +
...ldb-util-1.1.10.sigs => pyldb-util-1.1.14.sigs} | 0
lib/ldb/{ldb_tdb => common}/ldb_pack.c | 69 ++++++------
lib/ldb/include/ldb_private.h | 11 ++
lib/ldb/ldb_tdb/ldb_index.c | 3 +-
lib/ldb/ldb_tdb/ldb_search.c | 5 +-
lib/ldb/ldb_tdb/ldb_tdb.c | 5 +-
lib/ldb/ldb_tdb/ldb_tdb.h | 9 --
lib/ldb/tools/ldbdump.c | 15 ++-
lib/ldb/wscript | 8 +-
source4/libcli/ldap/ldap_bind.c | 116 +++++++++++++------
source4/libcli/smb_composite/sesssetup.c | 17 +++-
source4/librpc/rpc/dcerpc.c | 9 +-
source4/librpc/rpc/dcerpc_util.c | 25 ++++-
source4/scripting/python/samba/netcmd/drs.py | 1 -
testprogs/blackbox/test_chgdcpass.sh | 41 +++++++
18 files changed, 298 insertions(+), 102 deletions(-)
copy lib/ldb/ABI/{ldb-1.1.12.sigs => ldb-1.1.14.sigs} (99%)
copy lib/ldb/ABI/{pyldb-util-1.1.10.sigs => pyldb-util-1.1.14.sigs} (100%)
rename lib/ldb/{ldb_tdb => common}/ldb_pack.c (84%)
Changeset truncated at 500 lines:
diff --git a/auth/credentials/credentials.h b/auth/credentials/credentials.h
index 0bcfd61..dbc014f 100644
--- a/auth/credentials/credentials.h
+++ b/auth/credentials/credentials.h
@@ -182,6 +182,9 @@ int cli_credentials_get_named_ccache(struct cli_credentials
*cred,
struct loadparm_context *lp_ctx,
char *ccache_name,
struct ccache_container **ccc, const char
**error_string);
+bool cli_credentials_failed_kerberos_login(struct cli_credentials *cred,
+ const char *principal,
+ unsigned int *count);
int cli_credentials_get_keytab(struct cli_credentials *cred,
struct loadparm_context *lp_ctx,
struct keytab_container **_ktc);
diff --git a/auth/credentials/credentials_krb5.c
b/auth/credentials/credentials_krb5.c
index 459e948..cc51f56 100644
--- a/auth/credentials/credentials_krb5.c
+++ b/auth/credentials/credentials_krb5.c
@@ -212,6 +212,67 @@ _PUBLIC_ int cli_credentials_set_ccache(struct
cli_credentials *cred,
return 0;
}
+/*
+ * Indicate the we failed to log in to this service/host with these
+ * credentials. The caller passes an unsigned int which they
+ * initialise to the number of times they would like to retry.
+ *
+ * This method is used to support re-trying with freshly fetched
+ * credentials in case a server is rebuilt while clients have
+ * non-expired tickets. When the client code gets a logon failure they
+ * throw away the existing credentials for the server and retry.
+ */
+_PUBLIC_ bool cli_credentials_failed_kerberos_login(struct cli_credentials
*cred,
+ const char *principal,
+ unsigned int *count)
+{
+ struct ccache_container *ccc;
+ krb5_creds creds, creds2;
+ int ret;
+
+ if (principal == NULL) {
+ /* no way to delete if we don't know the principal */
+ return false;
+ }
+
+ ccc = cred->ccache;
+ if (ccc == NULL) {
+ /* not a kerberos connection */
+ return false;
+ }
+
+ if (*count > 0) {
+ /* We have already tried discarding the credentials */
+ return false;
+ }
+ (*count)++;
+
+ ZERO_STRUCT(creds);
+ ret = krb5_parse_name(ccc->smb_krb5_context->krb5_context, principal,
&creds.server);
+ if (ret != 0) {
+ return false;
+ }
+
+ ret = krb5_cc_retrieve_cred(ccc->smb_krb5_context->krb5_context,
ccc->ccache, KRB5_TC_MATCH_SRV_NAMEONLY, &creds, &creds2);
+ if (ret != 0) {
+ /* don't retry - we didn't find these credentials to remove */
+ return false;
+ }
+
+ ret = krb5_cc_remove_cred(ccc->smb_krb5_context->krb5_context,
ccc->ccache, KRB5_TC_MATCH_SRV_NAMEONLY, &creds);
+ krb5_free_cred_contents(ccc->smb_krb5_context->krb5_context, &creds2);
+ if (ret != 0) {
+ /* don't retry - we didn't find these credentials to
+ * remove. Note that with the current backend this
+ * never happens, as it always returns 0 even if the
+ * creds don't exist, which is why we do a separate
+ * krb5_cc_retrieve_cred() above.
+ */
+ return false;
+ }
+ return true;
+}
+
static int cli_credentials_new_ccache(struct cli_credentials *cred,
struct loadparm_context *lp_ctx,
diff --git a/lib/ldb/ABI/ldb-1.1.12.sigs b/lib/ldb/ABI/ldb-1.1.14.sigs
similarity index 99%
copy from lib/ldb/ABI/ldb-1.1.12.sigs
copy to lib/ldb/ABI/ldb-1.1.14.sigs
index c8ccd25..eac5194 100644
--- a/lib/ldb/ABI/ldb-1.1.12.sigs
+++ b/lib/ldb/ABI/ldb-1.1.14.sigs
@@ -186,6 +186,7 @@ ldb_next_request: int (struct ldb_module *, struct
ldb_request *)
ldb_next_start_trans: int (struct ldb_module *)
ldb_op_default_callback: int (struct ldb_request *, struct ldb_reply *)
ldb_options_find: const char *(struct ldb_context *, const char **, const char
*)
+ldb_pack_data: int (struct ldb_context *, const struct ldb_message *, struct
ldb_val *)
ldb_parse_control_from_string: struct ldb_control *(struct ldb_context *,
TALLOC_CTX *, const char *)
ldb_parse_control_strings: struct ldb_control **(struct ldb_context *,
TALLOC_CTX *, const char **)
ldb_parse_tree: struct ldb_parse_tree *(TALLOC_CTX *, const char *)
@@ -249,6 +250,7 @@ ldb_transaction_cancel_noerr: int (struct ldb_context *)
ldb_transaction_commit: int (struct ldb_context *)
ldb_transaction_prepare_commit: int (struct ldb_context *)
ldb_transaction_start: int (struct ldb_context *)
+ldb_unpack_data: int (struct ldb_context *, const struct ldb_val *, struct
ldb_message *)
ldb_val_dup: struct ldb_val (TALLOC_CTX *, const struct ldb_val *)
ldb_val_equal_exact: int (const struct ldb_val *, const struct ldb_val *)
ldb_val_map_local: struct ldb_val (struct ldb_module *, void *, const struct
ldb_map_attribute *, const struct ldb_val *)
diff --git a/lib/ldb/ABI/pyldb-util-1.1.10.sigs
b/lib/ldb/ABI/pyldb-util-1.1.14.sigs
similarity index 100%
copy from lib/ldb/ABI/pyldb-util-1.1.10.sigs
copy to lib/ldb/ABI/pyldb-util-1.1.14.sigs
diff --git a/lib/ldb/ldb_tdb/ldb_pack.c b/lib/ldb/common/ldb_pack.c
similarity index 84%
rename from lib/ldb/ldb_tdb/ldb_pack.c
rename to lib/ldb/common/ldb_pack.c
index 003be15..4382d5b 100644
--- a/lib/ldb/ldb_tdb/ldb_pack.c
+++ b/lib/ldb/common/ldb_pack.c
@@ -1,4 +1,4 @@
-/*
+/*
ldb database library
Copyright (C) Andrew Tridgell 2004
@@ -6,7 +6,7 @@
** NOTE! The following LGPL license applies to the ldb
** library. This does NOT imply that all of Samba is released
** under the LGPL
-
+
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
@@ -31,13 +31,13 @@
* Author: Andrew Tridgell
*/
-#include "ldb_tdb.h"
+#include "ldb_private.h"
/* change this if the data format ever changes */
-#define LTDB_PACKING_FORMAT 0x26011967
+#define LDB_PACKING_FORMAT 0x26011967
/* old packing formats */
-#define LTDB_PACKING_FORMAT_NODN 0x26011966
+#define LDB_PACKING_FORMAT_NODN 0x26011966
/* use a portable integer format */
static void put_uint32(uint8_t *p, int ofs, unsigned int val)
@@ -65,26 +65,23 @@ static int attribute_storable_values(const struct
ldb_message_element *el)
}
/*
- pack a ldb message into a linear buffer in a TDB_DATA
+ pack a ldb message into a linear buffer in a ldb_val
note that this routine avoids saving elements with zero values,
as these are equivalent to having no element
caller frees the data buffer after use
*/
-int ltdb_pack_data(struct ldb_module *module,
- const struct ldb_message *message,
- TDB_DATA *data)
+int ldb_pack_data(struct ldb_context *ldb,
+ const struct ldb_message *message,
+ struct ldb_val *data)
{
- struct ldb_context *ldb;
unsigned int i, j, real_elements=0;
size_t size;
const char *dn;
uint8_t *p;
size_t len;
- ldb = ldb_module_get_ctx(module);
-
dn = ldb_dn_get_linearized(message->dn);
if (dn == NULL) {
errno = ENOMEM;
@@ -110,16 +107,16 @@ int ltdb_pack_data(struct ldb_module *module,
}
/* allocate it */
- data->dptr = talloc_array(ldb, uint8_t, size);
- if (!data->dptr) {
+ data->data = talloc_array(ldb, uint8_t, size);
+ if (!data->data) {
errno = ENOMEM;
return -1;
}
- data->dsize = size;
+ data->length = size;
- p = data->dptr;
- put_uint32(p, 0, LTDB_PACKING_FORMAT);
- put_uint32(p, 4, real_elements);
+ p = data->data;
+ put_uint32(p, 0, LDB_PACKING_FORMAT);
+ put_uint32(p, 4, real_elements);
p += 8;
/* the dn needs to be packed so we can be case preserving
@@ -127,7 +124,7 @@ int ltdb_pack_data(struct ldb_module *module,
len = strlen(dn);
memcpy(p, dn, len+1);
p += len + 1;
-
+
for (i=0;i<message->num_elements;i++) {
if (attribute_storable_values(&message->elements[i]) == 0) {
continue;
@@ -139,7 +136,7 @@ int ltdb_pack_data(struct ldb_module *module,
p += 4;
for (j=0;j<message->elements[i].num_values;j++) {
put_uint32(p, 0, message->elements[i].values[j].length);
- memcpy(p+4, message->elements[i].values[j].data,
+ memcpy(p+4, message->elements[i].values[j].data,
message->elements[i].values[j].length);
p[4+message->elements[i].values[j].length] = 0;
p += 4 + message->elements[i].values[j].length + 1;
@@ -150,13 +147,13 @@ int ltdb_pack_data(struct ldb_module *module,
}
/*
- unpack a ldb message from a linear buffer in TDB_DATA
+ unpack a ldb message from a linear buffer in ldb_val
- Free with ltdb_unpack_data_free()
+ Free with ldb_unpack_data_free()
*/
-int ltdb_unpack_data(struct ldb_context *ldb,
- const TDB_DATA *data,
- struct ldb_message *message)
+int ldb_unpack_data(struct ldb_context *ldb,
+ const struct ldb_val *data,
+ struct ldb_message *message)
{
uint8_t *p;
unsigned int remaining;
@@ -166,8 +163,8 @@ int ltdb_unpack_data(struct ldb_context *ldb,
message->elements = NULL;
- p = data->dptr;
- if (data->dsize < 8) {
+ p = data->data;
+ if (data->length < 8) {
errno = EIO;
goto failed;
}
@@ -176,14 +173,14 @@ int ltdb_unpack_data(struct ldb_context *ldb,
message->num_elements = pull_uint32(p, 4);
p += 8;
- remaining = data->dsize - 8;
+ remaining = data->length - 8;
switch (format) {
- case LTDB_PACKING_FORMAT_NODN:
+ case LDB_PACKING_FORMAT_NODN:
message->dn = NULL;
break;
- case LTDB_PACKING_FORMAT:
+ case LDB_PACKING_FORMAT:
len = strnlen((char *)p, remaining);
if (len == remaining) {
errno = EIO;
@@ -206,7 +203,7 @@ int ltdb_unpack_data(struct ldb_context *ldb,
if (message->num_elements == 0) {
return 0;
}
-
+
if (message->num_elements > remaining / 6) {
errno = EIO;
goto failed;
@@ -218,7 +215,7 @@ int ltdb_unpack_data(struct ldb_context *ldb,
goto failed;
}
- memset(message->elements, 0,
+ memset(message->elements, 0,
message->num_elements * sizeof(struct ldb_message_element));
for (i=0;i<message->num_elements;i++) {
@@ -247,7 +244,7 @@ int ltdb_unpack_data(struct ldb_context *ldb,
message->elements[i].values = NULL;
if (message->elements[i].num_values != 0) {
message->elements[i].values =
talloc_array(message->elements,
- struct
ldb_val,
+ struct
ldb_val,
message->elements[i].num_values);
if (!message->elements[i].values) {
errno = ENOMEM;
@@ -271,15 +268,15 @@ int ltdb_unpack_data(struct ldb_context *ldb,
}
memcpy(message->elements[i].values[j].data, p+4, len);
message->elements[i].values[j].data[len] = 0;
-
+
remaining -= len+4+1;
p += len+4+1;
}
}
if (remaining != 0) {
- ldb_debug(ldb, LDB_DEBUG_ERROR,
- "Error: %d bytes unread in ltdb_unpack_data",
remaining);
+ ldb_debug(ldb, LDB_DEBUG_ERROR,
+ "Error: %d bytes unread in ldb_unpack_data",
remaining);
}
return 0;
diff --git a/lib/ldb/include/ldb_private.h b/lib/ldb/include/ldb_private.h
index 7de5ab7..526bf5e 100644
--- a/lib/ldb/include/ldb_private.h
+++ b/lib/ldb/include/ldb_private.h
@@ -194,4 +194,15 @@ struct ldb_ldif *ldb_ldif_read_file_state(struct
ldb_context *ldb,
char *ldb_ldif_write_redacted_trace_string(struct ldb_context *ldb, TALLOC_CTX
*mem_ctx,
const struct ldb_ldif *ldif);
+/*
+ * these pack/unpack functions are exposed in the library for use by
+ * ldb tools like ldbdump, but are not part of the public API
+ */
+int ldb_pack_data(struct ldb_context *ldb,
+ const struct ldb_message *message,
+ struct ldb_val *data);
+int ldb_unpack_data(struct ldb_context *ldb,
+ const struct ldb_val *data,
+ struct ldb_message *message);
+
#endif
diff --git a/lib/ldb/ldb_tdb/ldb_index.c b/lib/ldb/ldb_tdb/ldb_index.c
index 50c6ded..d79417f 100644
--- a/lib/ldb/ldb_tdb/ldb_index.c
+++ b/lib/ldb/ldb_tdb/ldb_index.c
@@ -32,6 +32,7 @@
*/
#include "ldb_tdb.h"
+#include "ldb_private.h"
struct dn_list {
unsigned int count;
@@ -1509,7 +1510,7 @@ static int re_index(struct tdb_context *tdb, TDB_DATA
key, TDB_DATA data, void *
return -1;
}
- ret = ltdb_unpack_data(ldb, &data, msg);
+ ret = ldb_unpack_data(ldb, (struct ldb_val *)&data, msg);
if (ret != 0) {
ldb_debug(ldb, LDB_DEBUG_ERROR, "Invalid data for index %s\n",
ldb_dn_get_linearized(msg->dn));
diff --git a/lib/ldb/ldb_tdb/ldb_search.c b/lib/ldb/ldb_tdb/ldb_search.c
index 4fb8510..26296c7 100644
--- a/lib/ldb/ldb_tdb/ldb_search.c
+++ b/lib/ldb/ldb_tdb/ldb_search.c
@@ -32,6 +32,7 @@
*/
#include "ldb_tdb.h"
+#include "ldb_private.h"
#include <tdb.h>
/*
@@ -245,7 +246,7 @@ static int ltdb_parse_data_unpack(TDB_DATA key, TDB_DATA
data,
struct ltdb_parse_data_unpack_ctx *ctx = private_data;
struct ldb_context *ldb = ldb_module_get_ctx(ctx->module);
- int ret = ltdb_unpack_data(ldb, &data, ctx->msg);
+ int ret = ldb_unpack_data(ldb, (struct ldb_val *)&data, ctx->msg);
if (ret == -1) {
ldb_debug(ldb, LDB_DEBUG_ERROR, "Invalid data for index
%*.*s\n",
(int)key.dsize, (int)key.dsize, key.dptr);
@@ -440,7 +441,7 @@ static int search_func(struct tdb_context *tdb, TDB_DATA
key, TDB_DATA data, voi
}
/* unpack the record */
- ret = ltdb_unpack_data(ldb, &data, msg);
+ ret = ldb_unpack_data(ldb, (struct ldb_val *)&data, msg);
if (ret == -1) {
talloc_free(msg);
return -1;
diff --git a/lib/ldb/ldb_tdb/ldb_tdb.c b/lib/ldb/ldb_tdb/ldb_tdb.c
index 0e7c74c..860ee14 100644
--- a/lib/ldb/ldb_tdb/ldb_tdb.c
+++ b/lib/ldb/ldb_tdb/ldb_tdb.c
@@ -50,6 +50,7 @@
*/
#include "ldb_tdb.h"
+#include "ldb_private.h"
#include <tdb.h>
/*
@@ -264,7 +265,7 @@ int ltdb_store(struct ldb_module *module, const struct
ldb_message *msg, int flg
return LDB_ERR_OTHER;
}
- ret = ltdb_pack_data(module, msg, &tdb_data);
+ ret = ldb_pack_data(module, msg, (struct ldb_val *)&tdb_data);
if (ret == -1) {
talloc_free(tdb_key.dptr);
return LDB_ERR_OTHER;
@@ -693,7 +694,7 @@ int ltdb_modify_internal(struct ldb_module *module,
goto done;
}
- ret = ltdb_unpack_data(ldb_module_get_ctx(module), &tdb_data, msg2);
+ ret = ldb_unpack_data(ldb_module_get_ctx(module), (struct ldb_val
*)&tdb_data, msg2);
free(tdb_data.dptr);
if (ret == -1) {
ret = LDB_ERR_OTHER;
diff --git a/lib/ldb/ldb_tdb/ldb_tdb.h b/lib/ldb/ldb_tdb/ldb_tdb.h
index dd71626..b9aa36c 100644
--- a/lib/ldb/ldb_tdb/ldb_tdb.h
+++ b/lib/ldb/ldb_tdb/ldb_tdb.h
@@ -92,15 +92,6 @@ int ltdb_index_transaction_start(struct ldb_module *module);
int ltdb_index_transaction_commit(struct ldb_module *module);
int ltdb_index_transaction_cancel(struct ldb_module *module);
-/* The following definitions come from lib/ldb/ldb_tdb/ldb_pack.c */
-
-int ltdb_pack_data(struct ldb_module *module,
- const struct ldb_message *message,
- TDB_DATA *data);
-int ltdb_unpack_data(struct ldb_context *ldb,
- const TDB_DATA *data,
- struct ldb_message *message);
-
/* The following definitions come from lib/ldb/ldb_tdb/ldb_search.c */
int ltdb_has_wildcard(struct ldb_module *module, const char *attr_name,
diff --git a/lib/ldb/tools/ldbdump.c b/lib/ldb/tools/ldbdump.c
index 7a2ba3d..edf7b5e 100644
--- a/lib/ldb/tools/ldbdump.c
+++ b/lib/ldb/tools/ldbdump.c
@@ -25,7 +25,7 @@
#include "system/wait.h"
#include <tdb.h>
#include <ldb.h>
-#include "../ldb_tdb/ldb_tdb.h"
+#include <ldb_private.h>
static struct ldb_context *ldb;
bool show_index = false;
@@ -43,7 +43,8 @@ static int traverse_fn(TDB_CONTEXT *tdb, TDB_DATA key,
TDB_DATA dbuf, void *stat
if (!msg) {
return -1;
}
- ret = ltdb_unpack_data(ldb, &dbuf, msg);
+
+ ret = ldb_unpack_data(ldb, &dbuf, msg);
if (ret != 0) {
fprintf(stderr, "Failed to parse record %*.*s as an LDB
record\n", (int)key.dsize, (int)key.dsize, (char *)key.dptr);
TALLOC_FREE(msg);
@@ -57,7 +58,13 @@ static int traverse_fn(TDB_CONTEXT *tdb, TDB_DATA key,
TDB_DATA dbuf, void *stat
if (!show_index && ldb_dn_is_special(msg->dn)) {
const char *dn_lin = ldb_dn_get_linearized(msg->dn);
- if ((strcmp(dn_lin, LTDB_BASEINFO) == 0) || (strncmp(dn_lin,
LTDB_INDEX ":", strlen( LTDB_INDEX ":")) == 0)) {
+ if ((strcmp(dn_lin, "@BASEINFO") == 0) || (strncmp(dn_lin,
"@INDEX:", strlen("@INDEX:")) == 0)) {
+ /*
+ the user has asked not to show index
+ records. Also exclude BASEINFO as it
+ contains meta-data which will be re-created
+ if this database is restored
+ */
TALLOC_FREE(msg);
return 0;
}
@@ -154,7 +161,7 @@ static int dump_tdb(const char *fname, struct ldb_dn *dn,
bool emergency)
static void usage( void)
{
- printf( "Usage: tdbdump [options] <filename>\n\n");
+ printf( "Usage: ldbdump [options] <filename>\n\n");
printf( " -h this help message\n");
printf( " -d DN dumps DN only\n");
printf( " -e emergency dump, for corrupt databases\n");
diff --git a/lib/ldb/wscript b/lib/ldb/wscript
index 66fa24b..8a36b5d 100755
--- a/lib/ldb/wscript
+++ b/lib/ldb/wscript
@@ -1,7 +1,7 @@
#!/usr/bin/env python
APPNAME = 'ldb'
-VERSION = '1.1.13'
+VERSION = '1.1.14'
blddir = 'bin'
@@ -89,7 +89,7 @@ def build(bld):
--
Samba Shared Repository
