summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthias Dieter Wallnöfer <mwallnoefer@yahoo.de>2010-01-03 20:36:09 +0100
committerMatthias Dieter Wallnöfer <mwallnoefer@yahoo.de>2010-01-05 20:55:47 +0100
commit77ce33c419dc000362a2c532e5c7afc1a013c731 (patch)
tree9237b84def5dde2cc4f33dbe2e54b4e95626ccf2
parentc051008540dd381bb79e39a0c9b6db6aa99a3a6e (diff)
downloadsamba-77ce33c419dc000362a2c532e5c7afc1a013c731.tar.gz
samba-77ce33c419dc000362a2c532e5c7afc1a013c731.tar.bz2
samba-77ce33c419dc000362a2c532e5c7afc1a013c731.zip
s4:SAMLDB LDB module - Rework to allow checks for wrong "defaultObjectCategory" attributes
This allows a stricter check for "defaultObjectCategory" attributes which is performed when the "relax" control isn't specified. Additional note: As the added comment points out this isn't complete. And I personally think that moving this at some point to the "objectclass" module is a better idea to make this fully work (since there we have direct access to the schema). If someone has a good idea how to do this please inform me. Anyway, the SAMLDB module does require some restructure since at the moment it's very overloaded and therefore a bit a mess. In the meantime I started to work on a new approach to realise it in a better way.
-rw-r--r--source4/dsdb/samdb/ldb_modules/samldb.c146
1 files changed, 96 insertions, 50 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c
index fc286c4d83..0235c2bb7b 100644
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -918,36 +918,33 @@ done:
static int samldb_set_defaultObjectCategory(struct samldb_ctx *ac)
{
+ struct ldb_context *ldb;
+ struct ldb_message *msg;
+ struct ldb_request *req;
int ret;
- if (ac->dn) {
- struct ldb_request *req;
- struct ldb_context *ldb;
- struct ldb_message *msg = ldb_msg_new(ac);
-
- msg->dn = ac->dn;
- ldb_msg_add_empty(msg, "defaultObjectCategory", LDB_FLAG_MOD_REPLACE, NULL);
-
- ldb_msg_add_steal_string(msg, "defaultObjectCategory", ldb_dn_alloc_linearized(msg, ac->dn));
-
- ldb = ldb_module_get_ctx(ac->module);
-
- ret = ldb_build_mod_req(&req, ldb, ac,
- msg, NULL,
- ac, samldb_set_defaultObjectCategory_callback,
- ac->req);
- if (ret != LDB_SUCCESS) {
- return ret;
- }
+ ldb = ldb_module_get_ctx(ac->module);
- return ldb_next_request(ac->module, req);
- }
+ /* (Re)set the default object category to have it set to the DN in the
+ * storage format */
+ msg = ldb_msg_new(ac);
+ msg->dn = ac->msg->dn;
+ ldb_msg_add_empty(msg, "defaultObjectCategory",
+ LDB_FLAG_MOD_REPLACE, NULL);
+ ldb_msg_add_steal_string(msg, "defaultObjectCategory",
+ ldb_dn_alloc_linearized(msg, ac->dn));
- ret = samldb_next_step(ac);
+ ret = ldb_build_mod_req(&req, ldb, ac,
+ msg, NULL,
+ ac,
+ samldb_set_defaultObjectCategory_callback,
+ ac->req);
if (ret != LDB_SUCCESS) {
- return ldb_module_done(ac->req, NULL, NULL, ret);
+ talloc_free(msg);
+ return ret;
}
- return ret;
+
+ return ldb_next_request(ac->module, req);
}
/*
@@ -955,14 +952,35 @@ static int samldb_set_defaultObjectCategory(struct samldb_ctx *ac)
*/
static int samldb_find_for_defaultObjectCategory_callback(struct ldb_request *req,
- struct ldb_reply *ares)
+ struct ldb_reply *ares)
{
+ struct ldb_context *ldb;
struct samldb_ctx *ac;
int ret;
ac = talloc_get_type(req->context, struct samldb_ctx);
+ ldb = ldb_module_get_ctx(ac->module);
+ if (!ares) {
+ ret = LDB_ERR_OPERATIONS_ERROR;
+ goto done;
+ }
if (ares->error != LDB_SUCCESS) {
+ if (ares->error == LDB_ERR_NO_SUCH_OBJECT) {
+ if (ldb_request_get_control(ac->req,
+ LDB_CONTROL_RELAX_OID) != NULL) {
+ /* Don't be pricky when the DN doesn't exist */
+ /* if we have the RELAX control specified */
+ ac->dn = req->op.search.base;
+ return samldb_next_step(ac);
+ } else {
+ ldb_set_errstring(ldb,
+ "samldb_find_defaultObjectCategory: "
+ "Invalid DN for 'defaultObjectCategory'!");
+ ares->error = LDB_ERR_CONSTRAINT_VIOLATION;
+ }
+ }
+
return ldb_module_done(ac->req, ares->controls,
ares->response, ares->error);
}
@@ -970,22 +988,33 @@ static int samldb_find_for_defaultObjectCategory_callback(struct ldb_request *re
switch (ares->type) {
case LDB_REPLY_ENTRY:
ac->dn = talloc_steal(ac, ares->message->dn);
+
+ ret = LDB_SUCCESS;
break;
+
case LDB_REPLY_REFERRAL:
/* this should not happen */
- return ldb_module_done(ac->req, NULL, NULL,
- LDB_ERR_OPERATIONS_ERROR);
+ talloc_free(ares);
+ ret = LDB_ERR_OPERATIONS_ERROR;
+ break;
case LDB_REPLY_DONE:
- /* found or not found, go on */
talloc_free(ares);
- ret = samldb_next_step(ac);
- if (ret != LDB_SUCCESS) {
- return ldb_module_done(ac->req, NULL, NULL, ret);
+
+ if (ac->dn != NULL) {
+ /* when found go on */
+ ret = samldb_next_step(ac);
+ } else {
+ ret = LDB_ERR_OPERATIONS_ERROR;
}
break;
}
+done:
+ if (ret != LDB_SUCCESS) {
+ return ldb_module_done(ac->req, NULL, NULL, ret);
+ }
+
return LDB_SUCCESS;
}
@@ -993,38 +1022,55 @@ static int samldb_find_for_defaultObjectCategory(struct samldb_ctx *ac)
{
struct ldb_context *ldb;
struct ldb_request *req;
- int ret;
static const char *no_attrs[] = { NULL };
+ int ret;
+ const struct ldb_val *val;
+ struct ldb_dn *def_obj_cat_dn;
ldb = ldb_module_get_ctx(ac->module);
ac->dn = NULL;
- if (ldb_msg_find_element(ac->msg, "defaultObjectCategory") == NULL) {
- ret = ldb_build_search_req(&req, ldb, ac,
- ac->msg->dn, LDB_SCOPE_BASE,
- "objectClass=classSchema", no_attrs,
- NULL,
- ac, samldb_find_for_defaultObjectCategory_callback,
- ac->req);
- if (ret != LDB_SUCCESS) {
- return ret;
- }
- ret = dsdb_request_add_controls(ac->module, req, DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT);
- if (ret != LDB_SUCCESS) {
- return ret;
+ val = ldb_msg_find_ldb_val(ac->msg, "defaultObjectCategory");
+ if (val != NULL) {
+ /* "defaultObjectCategory" has been set by the caller. Do some
+ * checks for consistency.
+ * NOTE: The real constraint check (that 'defaultObjectCategory'
+ * is the DN of the new objectclass or any parent of it) is
+ * still incomplete.
+ * For now we say that 'defaultObjectCategory' is valid if it
+ * exists and it is of objectclass "classSchema". */
+ def_obj_cat_dn = ldb_dn_from_ldb_val(ac, ldb, val);
+ if (def_obj_cat_dn == NULL) {
+ ldb_set_errstring(ldb,
+ "samldb_find_defaultObjectCategory: Invalid DN "
+ "for 'defaultObjectCategory'!");
+ return LDB_ERR_CONSTRAINT_VIOLATION;
}
- return ldb_next_request(ac->module, req);
+ } else {
+ /* "defaultObjectCategory" has not been set by the caller. Use
+ * the entry DN for it. */
+ def_obj_cat_dn = ac->msg->dn;
}
- ret = samldb_next_step(ac);
+ ret = ldb_build_search_req(&req, ldb, ac,
+ def_obj_cat_dn, LDB_SCOPE_BASE,
+ "objectClass=classSchema", no_attrs,
+ NULL,
+ ac, samldb_find_for_defaultObjectCategory_callback,
+ ac->req);
if (ret != LDB_SUCCESS) {
- return ldb_module_done(ac->req, NULL, NULL, ret);
+ return ret;
}
- return ret;
-}
+ ret = dsdb_request_add_controls(ac->module, req,
+ DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+ return ldb_next_request(ac->module, req);
+}
/*