diff options
author | Simo Sorce <idra@samba.org> | 2005-01-15 17:24:42 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:08:51 -0500 |
commit | a7bbb190d9845a74c21369ca32eb8446982477db (patch) | |
tree | 76083ae679f6ceee7154452e167ff3c22726cc02 | |
parent | 61a3d370b98ca4b75cd61e22f0d6b0f3fb7561b3 (diff) | |
download | samba-a7bbb190d9845a74c21369ca32eb8446982477db.tar.gz samba-a7bbb190d9845a74c21369ca32eb8446982477db.tar.bz2 samba-a7bbb190d9845a74c21369ca32eb8446982477db.zip |
r4759: use ldb_attr_cmp() to compare attribute names
check required attributes are not deleted on modify operation
if the objectclass is deleted then deny the operation if
orphan atributes are left behind
(This used to be commit 8c11038d67c495f8d5f06cf1fdfe976088864b45)
-rw-r--r-- | source4/lib/ldb/modules/schema.c | 85 | ||||
-rw-r--r-- | source4/lib/ldb/modules/timestamps.c | 2 |
2 files changed, 53 insertions, 34 deletions
diff --git a/source4/lib/ldb/modules/schema.c b/source4/lib/ldb/modules/schema.c index 63d94eed81..85f57fc2eb 100644 --- a/source4/lib/ldb/modules/schema.c +++ b/source4/lib/ldb/modules/schema.c @@ -63,9 +63,14 @@ static struct attribute_syntax attrsyn[] = { #define SCHEMA_TALLOC_CHECK(root, mem, ret) do { if (!mem) { talloc_free(root); return ret;} } while(0); -#define SA_FLAG_RESET 0 -#define SA_FLAG_AUXCLASS 1 -#define SA_FLAG_CHECKED 2 +#define SCHEMA_FLAG_RESET 0 +#define SCHEMA_FLAG_MOD_MASK 0x03 +#define SCHEMA_FLAG_MOD_ADD 0x01 +#define SCHEMA_FLAG_MOD_REPLACE 0x02 +#define SCHEMA_FLAG_MOD_DELETE 0x03 +#define SCHEMA_FLAG_AUXCLASS 0x10 +#define SCHEMA_FLAG_CHECKED 0x20 + struct private_data { struct ldb_context *schema_db; @@ -136,7 +141,7 @@ static int get_object_objectclasses(struct ldb_context *ldb, const char *dn, str ldb_search_free(ldb, srch); return -1; } - schema_struct->objectclass_list[j].flags = SA_FLAG_RESET; + schema_struct->objectclass_list[j].flags = SCHEMA_FLAG_RESET; } } ldb_search_free(ldb, srch); @@ -162,7 +167,7 @@ static int get_check_list(struct ldb_module *module, struct schema_structures *s return -1; } for (i = 0, j = 0; i < msg->num_elements; i++) { - if (strcasecmp(msg->elements[i].name, "objectclass") == 0) { + if (ldb_attr_cmp(msg->elements[i].name, "objectclass") == 0) { schema_struct->objectclass_list_num = msg->elements[i].num_values; schema_struct->objectclass_list = talloc_array(schema_struct, struct attribute_list, @@ -177,11 +182,11 @@ static int get_check_list(struct ldb_module *module, struct schema_structures *s if (schema_struct->objectclass_list[k].name == 0) { return -1; } - schema_struct->objectclass_list[k].flags = SA_FLAG_RESET; + schema_struct->objectclass_list[k].flags = msg->elements[i].flags; } } - schema_struct->check_list[j].flags = SA_FLAG_RESET; + schema_struct->check_list[j].flags = msg->elements[i].flags; schema_struct->check_list[j].name = talloc_strdup(schema_struct->check_list, msg->elements[i].name); if (schema_struct->check_list[j].name == 0) { @@ -243,6 +248,9 @@ static int get_attr_list_recursive(struct ldb_module *module, struct ldb_context for (i = 0; i < schema_struct->objectclass_list_num; i++) { char *filter; + if ((schema_struct->objectclass_list[i].flags & SCHEMA_FLAG_MOD_MASK) == SCHEMA_FLAG_MOD_DELETE) { + continue; + } filter = talloc_asprintf(schema_struct, "lDAPDisplayName=%s", schema_struct->objectclass_list[i].name); SCHEMA_TALLOC_CHECK(schema_struct, filter, -1); ret = ldb_search(ldb, NULL, LDB_SCOPE_SUBTREE, filter, NULL, &srch); @@ -251,7 +259,7 @@ static int get_attr_list_recursive(struct ldb_module *module, struct ldb_context ok = 0; /* suppose auxiliary classeschema_struct are not required */ - if (schema_struct->objectclass_list[i].flags & SA_FLAG_AUXCLASS) { + if (schema_struct->objectclass_list[i].flags & SCHEMA_FLAG_AUXCLASS) { int d; ok = 1; schema_struct->objectclass_list_num -= 1; @@ -286,11 +294,11 @@ static int get_attr_list_recursive(struct ldb_module *module, struct ldb_context is_aux = 0; is_class = 0; - if (strcasecmp((*srch)->elements[j].name, "systemAuxiliaryclass") == 0) { - is_aux = SA_FLAG_AUXCLASS; + if (ldb_attr_cmp((*srch)->elements[j].name, "systemAuxiliaryclass") == 0) { + is_aux = SCHEMA_FLAG_AUXCLASS; is_class = 1; } - if (strcasecmp((*srch)->elements[j].name, "subClassOf") == 0) { + if (ldb_attr_cmp((*srch)->elements[j].name, "subClassOf") == 0) { is_class = 1; } @@ -304,23 +312,23 @@ static int get_attr_list_recursive(struct ldb_module *module, struct ldb_context } } else { - if (strcasecmp((*srch)->elements[j].name, "mustContain") == 0 || - strcasecmp((*srch)->elements[j].name, "SystemMustContain") == 0) { + if (ldb_attr_cmp((*srch)->elements[j].name, "mustContain") == 0 || + ldb_attr_cmp((*srch)->elements[j].name, "SystemMustContain") == 0) { if (add_attribute_uniq(&schema_struct->must, &schema_struct->must_num, - SA_FLAG_RESET, + SCHEMA_FLAG_RESET, &(*srch)->elements[j], schema_struct) != 0) { return -1; } } - if (strcasecmp((*srch)->elements[j].name, "mayContain") == 0 || - strcasecmp((*srch)->elements[j].name, "SystemMayContain") == 0) { + if (ldb_attr_cmp((*srch)->elements[j].name, "mayContain") == 0 || + ldb_attr_cmp((*srch)->elements[j].name, "SystemMayContain") == 0) { if (add_attribute_uniq(&schema_struct->may, &schema_struct->may_num, - SA_FLAG_RESET, + SCHEMA_FLAG_RESET, &(*srch)->elements[j], schema_struct) != 0) { return -1; @@ -374,8 +382,8 @@ static int schema_add_record(struct ldb_module *module, const struct ldb_message found = 0; for (j = 0; j < entry_structs->check_list_num; j++) { - if (strcasecmp(entry_structs->must[i].name, entry_structs->check_list[j].name) == 0) { - entry_structs->check_list[j].flags = SA_FLAG_CHECKED; + if (ldb_attr_cmp(entry_structs->must[i].name, entry_structs->check_list[j].name) == 0) { + entry_structs->check_list[j].flags = SCHEMA_FLAG_CHECKED; found = 1; break; } @@ -392,13 +400,13 @@ static int schema_add_record(struct ldb_module *module, const struct ldb_message /* now check all others atribs are found in mays */ for (i = 0; i < entry_structs->check_list_num; i++) { - if (entry_structs->check_list[i].flags != SA_FLAG_CHECKED) { + if (entry_structs->check_list[i].flags != SCHEMA_FLAG_CHECKED) { int found; found = 0; for (j = 0; j < entry_structs->may_num; j++) { - if (strcasecmp(entry_structs->may[j].name, entry_structs->check_list[i].name) == 0) { - entry_structs->check_list[i].flags = SA_FLAG_CHECKED; + if (ldb_attr_cmp(entry_structs->may[j].name, entry_structs->check_list[i].name) == 0) { + entry_structs->check_list[i].flags = SCHEMA_FLAG_CHECKED; found = 1; break; } @@ -484,17 +492,22 @@ static int schema_modify_record(struct ldb_module *module, const struct ldb_mess int found; found = 0; - for (j = 0; j < entry_structs->may_num; j++) { - if (strcasecmp(entry_structs->may[j].name, modify_structs->check_list[i].name) == 0) { - modify_structs->check_list[i].flags = SA_FLAG_CHECKED; + for (j = 0; j < entry_structs->must_num; j++) { + if (ldb_attr_cmp(entry_structs->must[j].name, modify_structs->check_list[i].name) == 0) { + if ((modify_structs->check_list[i].flags & SCHEMA_FLAG_MOD_MASK) == SCHEMA_FLAG_MOD_DELETE) { + data->error_string = "Objectclass violation: trying to delete a required attribute"; + talloc_free(entry_structs); + return -1; + } + modify_structs->check_list[i].flags |= SCHEMA_FLAG_CHECKED; found = 1; break; } } if ( ! found) { - for (j = 0; j < entry_structs->must_num; j++) { - if (strcasecmp(entry_structs->must[j].name, modify_structs->check_list[i].name) == 0) { - modify_structs->check_list[i].flags = SA_FLAG_CHECKED; + for (j = 0; j < entry_structs->may_num; j++) { + if (ldb_attr_cmp(entry_structs->may[j].name, modify_structs->check_list[i].name) == 0) { + modify_structs->check_list[i].flags |= SCHEMA_FLAG_CHECKED; break; } } @@ -507,8 +520,13 @@ static int schema_modify_record(struct ldb_module *module, const struct ldb_mess found = 0; for (j = 0; j < modify_structs->check_list_num; j++) { - if (strcasecmp(modify_structs->must[i].name, modify_structs->check_list[j].name) == 0) { - modify_structs->check_list[j].flags = SA_FLAG_CHECKED; + if (ldb_attr_cmp(modify_structs->must[i].name, modify_structs->check_list[j].name) == 0) { + if ((modify_structs->check_list[i].flags & SCHEMA_FLAG_MOD_MASK) == SCHEMA_FLAG_MOD_DELETE) { + data->error_string = "Objectclass violation: trying to delete a required attribute"; + talloc_free(entry_structs); + return -1; + } + modify_structs->check_list[j].flags |= SCHEMA_FLAG_CHECKED; found = 1; break; } @@ -525,13 +543,14 @@ static int schema_modify_record(struct ldb_module *module, const struct ldb_mess /* now check all others atribs are found in mays */ for (i = 0; i < modify_structs->check_list_num; i++) { - if (modify_structs->check_list[i].flags != SA_FLAG_CHECKED) { + if ((modify_structs->check_list[i].flags & SCHEMA_FLAG_CHECKED) == 0 && + (modify_structs->check_list[i].flags & SCHEMA_FLAG_MOD_MASK) != SCHEMA_FLAG_MOD_DELETE) { int found; found = 0; for (j = 0; j < modify_structs->may_num; j++) { - if (strcasecmp(modify_structs->may[j].name, modify_structs->check_list[i].name) == 0) { - modify_structs->check_list[i].flags = SA_FLAG_CHECKED; + if (ldb_attr_cmp(modify_structs->may[j].name, modify_structs->check_list[i].name) == 0) { + modify_structs->check_list[i].flags |= SCHEMA_FLAG_CHECKED; found = 1; break; } diff --git a/source4/lib/ldb/modules/timestamps.c b/source4/lib/ldb/modules/timestamps.c index 4066d231cd..1deeeb218b 100644 --- a/source4/lib/ldb/modules/timestamps.c +++ b/source4/lib/ldb/modules/timestamps.c @@ -69,7 +69,7 @@ static int add_time_element(struct ldb_module *module, struct ldb_message *msg, int i; for (i = 0; i < msg->num_elements; i++) { - if (strcasecmp(msg->elements[i].name, attr_name) == 0) { + if (ldb_attr_cmp(msg->elements[i].name, attr_name) == 0) { return 0; } } |