summaryrefslogtreecommitdiff
path: root/source4/lib
diff options
context:
space:
mode:
authorSimo Sorce <idra@samba.org>2005-01-15 17:24:42 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:08:51 -0500
commita7bbb190d9845a74c21369ca32eb8446982477db (patch)
tree76083ae679f6ceee7154452e167ff3c22726cc02 /source4/lib
parent61a3d370b98ca4b75cd61e22f0d6b0f3fb7561b3 (diff)
downloadsamba-a7bbb190d9845a74c21369ca32eb8446982477db.tar.gz
samba-a7bbb190d9845a74c21369ca32eb8446982477db.tar.bz2
samba-a7bbb190d9845a74c21369ca32eb8446982477db.zip
r4759: use ldb_attr_cmp() to compare attribute names
check required attributes are not deleted on modify operation if the objectclass is deleted then deny the operation if orphan atributes are left behind (This used to be commit 8c11038d67c495f8d5f06cf1fdfe976088864b45)
Diffstat (limited to 'source4/lib')
-rw-r--r--source4/lib/ldb/modules/schema.c85
-rw-r--r--source4/lib/ldb/modules/timestamps.c2
2 files changed, 53 insertions, 34 deletions
diff --git a/source4/lib/ldb/modules/schema.c b/source4/lib/ldb/modules/schema.c
index 63d94eed81..85f57fc2eb 100644
--- a/source4/lib/ldb/modules/schema.c
+++ b/source4/lib/ldb/modules/schema.c
@@ -63,9 +63,14 @@ static struct attribute_syntax attrsyn[] = {
#define SCHEMA_TALLOC_CHECK(root, mem, ret) do { if (!mem) { talloc_free(root); return ret;} } while(0);
-#define SA_FLAG_RESET 0
-#define SA_FLAG_AUXCLASS 1
-#define SA_FLAG_CHECKED 2
+#define SCHEMA_FLAG_RESET 0
+#define SCHEMA_FLAG_MOD_MASK 0x03
+#define SCHEMA_FLAG_MOD_ADD 0x01
+#define SCHEMA_FLAG_MOD_REPLACE 0x02
+#define SCHEMA_FLAG_MOD_DELETE 0x03
+#define SCHEMA_FLAG_AUXCLASS 0x10
+#define SCHEMA_FLAG_CHECKED 0x20
+
struct private_data {
struct ldb_context *schema_db;
@@ -136,7 +141,7 @@ static int get_object_objectclasses(struct ldb_context *ldb, const char *dn, str
ldb_search_free(ldb, srch);
return -1;
}
- schema_struct->objectclass_list[j].flags = SA_FLAG_RESET;
+ schema_struct->objectclass_list[j].flags = SCHEMA_FLAG_RESET;
}
}
ldb_search_free(ldb, srch);
@@ -162,7 +167,7 @@ static int get_check_list(struct ldb_module *module, struct schema_structures *s
return -1;
}
for (i = 0, j = 0; i < msg->num_elements; i++) {
- if (strcasecmp(msg->elements[i].name, "objectclass") == 0) {
+ if (ldb_attr_cmp(msg->elements[i].name, "objectclass") == 0) {
schema_struct->objectclass_list_num = msg->elements[i].num_values;
schema_struct->objectclass_list = talloc_array(schema_struct,
struct attribute_list,
@@ -177,11 +182,11 @@ static int get_check_list(struct ldb_module *module, struct schema_structures *s
if (schema_struct->objectclass_list[k].name == 0) {
return -1;
}
- schema_struct->objectclass_list[k].flags = SA_FLAG_RESET;
+ schema_struct->objectclass_list[k].flags = msg->elements[i].flags;
}
}
- schema_struct->check_list[j].flags = SA_FLAG_RESET;
+ schema_struct->check_list[j].flags = msg->elements[i].flags;
schema_struct->check_list[j].name = talloc_strdup(schema_struct->check_list,
msg->elements[i].name);
if (schema_struct->check_list[j].name == 0) {
@@ -243,6 +248,9 @@ static int get_attr_list_recursive(struct ldb_module *module, struct ldb_context
for (i = 0; i < schema_struct->objectclass_list_num; i++) {
char *filter;
+ if ((schema_struct->objectclass_list[i].flags & SCHEMA_FLAG_MOD_MASK) == SCHEMA_FLAG_MOD_DELETE) {
+ continue;
+ }
filter = talloc_asprintf(schema_struct, "lDAPDisplayName=%s", schema_struct->objectclass_list[i].name);
SCHEMA_TALLOC_CHECK(schema_struct, filter, -1);
ret = ldb_search(ldb, NULL, LDB_SCOPE_SUBTREE, filter, NULL, &srch);
@@ -251,7 +259,7 @@ static int get_attr_list_recursive(struct ldb_module *module, struct ldb_context
ok = 0;
/* suppose auxiliary classeschema_struct are not required */
- if (schema_struct->objectclass_list[i].flags & SA_FLAG_AUXCLASS) {
+ if (schema_struct->objectclass_list[i].flags & SCHEMA_FLAG_AUXCLASS) {
int d;
ok = 1;
schema_struct->objectclass_list_num -= 1;
@@ -286,11 +294,11 @@ static int get_attr_list_recursive(struct ldb_module *module, struct ldb_context
is_aux = 0;
is_class = 0;
- if (strcasecmp((*srch)->elements[j].name, "systemAuxiliaryclass") == 0) {
- is_aux = SA_FLAG_AUXCLASS;
+ if (ldb_attr_cmp((*srch)->elements[j].name, "systemAuxiliaryclass") == 0) {
+ is_aux = SCHEMA_FLAG_AUXCLASS;
is_class = 1;
}
- if (strcasecmp((*srch)->elements[j].name, "subClassOf") == 0) {
+ if (ldb_attr_cmp((*srch)->elements[j].name, "subClassOf") == 0) {
is_class = 1;
}
@@ -304,23 +312,23 @@ static int get_attr_list_recursive(struct ldb_module *module, struct ldb_context
}
} else {
- if (strcasecmp((*srch)->elements[j].name, "mustContain") == 0 ||
- strcasecmp((*srch)->elements[j].name, "SystemMustContain") == 0) {
+ if (ldb_attr_cmp((*srch)->elements[j].name, "mustContain") == 0 ||
+ ldb_attr_cmp((*srch)->elements[j].name, "SystemMustContain") == 0) {
if (add_attribute_uniq(&schema_struct->must,
&schema_struct->must_num,
- SA_FLAG_RESET,
+ SCHEMA_FLAG_RESET,
&(*srch)->elements[j],
schema_struct) != 0) {
return -1;
}
}
- if (strcasecmp((*srch)->elements[j].name, "mayContain") == 0 ||
- strcasecmp((*srch)->elements[j].name, "SystemMayContain") == 0) {
+ if (ldb_attr_cmp((*srch)->elements[j].name, "mayContain") == 0 ||
+ ldb_attr_cmp((*srch)->elements[j].name, "SystemMayContain") == 0) {
if (add_attribute_uniq(&schema_struct->may,
&schema_struct->may_num,
- SA_FLAG_RESET,
+ SCHEMA_FLAG_RESET,
&(*srch)->elements[j],
schema_struct) != 0) {
return -1;
@@ -374,8 +382,8 @@ static int schema_add_record(struct ldb_module *module, const struct ldb_message
found = 0;
for (j = 0; j < entry_structs->check_list_num; j++) {
- if (strcasecmp(entry_structs->must[i].name, entry_structs->check_list[j].name) == 0) {
- entry_structs->check_list[j].flags = SA_FLAG_CHECKED;
+ if (ldb_attr_cmp(entry_structs->must[i].name, entry_structs->check_list[j].name) == 0) {
+ entry_structs->check_list[j].flags = SCHEMA_FLAG_CHECKED;
found = 1;
break;
}
@@ -392,13 +400,13 @@ static int schema_add_record(struct ldb_module *module, const struct ldb_message
/* now check all others atribs are found in mays */
for (i = 0; i < entry_structs->check_list_num; i++) {
- if (entry_structs->check_list[i].flags != SA_FLAG_CHECKED) {
+ if (entry_structs->check_list[i].flags != SCHEMA_FLAG_CHECKED) {
int found;
found = 0;
for (j = 0; j < entry_structs->may_num; j++) {
- if (strcasecmp(entry_structs->may[j].name, entry_structs->check_list[i].name) == 0) {
- entry_structs->check_list[i].flags = SA_FLAG_CHECKED;
+ if (ldb_attr_cmp(entry_structs->may[j].name, entry_structs->check_list[i].name) == 0) {
+ entry_structs->check_list[i].flags = SCHEMA_FLAG_CHECKED;
found = 1;
break;
}
@@ -484,17 +492,22 @@ static int schema_modify_record(struct ldb_module *module, const struct ldb_mess
int found;
found = 0;
- for (j = 0; j < entry_structs->may_num; j++) {
- if (strcasecmp(entry_structs->may[j].name, modify_structs->check_list[i].name) == 0) {
- modify_structs->check_list[i].flags = SA_FLAG_CHECKED;
+ for (j = 0; j < entry_structs->must_num; j++) {
+ if (ldb_attr_cmp(entry_structs->must[j].name, modify_structs->check_list[i].name) == 0) {
+ if ((modify_structs->check_list[i].flags & SCHEMA_FLAG_MOD_MASK) == SCHEMA_FLAG_MOD_DELETE) {
+ data->error_string = "Objectclass violation: trying to delete a required attribute";
+ talloc_free(entry_structs);
+ return -1;
+ }
+ modify_structs->check_list[i].flags |= SCHEMA_FLAG_CHECKED;
found = 1;
break;
}
}
if ( ! found) {
- for (j = 0; j < entry_structs->must_num; j++) {
- if (strcasecmp(entry_structs->must[j].name, modify_structs->check_list[i].name) == 0) {
- modify_structs->check_list[i].flags = SA_FLAG_CHECKED;
+ for (j = 0; j < entry_structs->may_num; j++) {
+ if (ldb_attr_cmp(entry_structs->may[j].name, modify_structs->check_list[i].name) == 0) {
+ modify_structs->check_list[i].flags |= SCHEMA_FLAG_CHECKED;
break;
}
}
@@ -507,8 +520,13 @@ static int schema_modify_record(struct ldb_module *module, const struct ldb_mess
found = 0;
for (j = 0; j < modify_structs->check_list_num; j++) {
- if (strcasecmp(modify_structs->must[i].name, modify_structs->check_list[j].name) == 0) {
- modify_structs->check_list[j].flags = SA_FLAG_CHECKED;
+ if (ldb_attr_cmp(modify_structs->must[i].name, modify_structs->check_list[j].name) == 0) {
+ if ((modify_structs->check_list[i].flags & SCHEMA_FLAG_MOD_MASK) == SCHEMA_FLAG_MOD_DELETE) {
+ data->error_string = "Objectclass violation: trying to delete a required attribute";
+ talloc_free(entry_structs);
+ return -1;
+ }
+ modify_structs->check_list[j].flags |= SCHEMA_FLAG_CHECKED;
found = 1;
break;
}
@@ -525,13 +543,14 @@ static int schema_modify_record(struct ldb_module *module, const struct ldb_mess
/* now check all others atribs are found in mays */
for (i = 0; i < modify_structs->check_list_num; i++) {
- if (modify_structs->check_list[i].flags != SA_FLAG_CHECKED) {
+ if ((modify_structs->check_list[i].flags & SCHEMA_FLAG_CHECKED) == 0 &&
+ (modify_structs->check_list[i].flags & SCHEMA_FLAG_MOD_MASK) != SCHEMA_FLAG_MOD_DELETE) {
int found;
found = 0;
for (j = 0; j < modify_structs->may_num; j++) {
- if (strcasecmp(modify_structs->may[j].name, modify_structs->check_list[i].name) == 0) {
- modify_structs->check_list[i].flags = SA_FLAG_CHECKED;
+ if (ldb_attr_cmp(modify_structs->may[j].name, modify_structs->check_list[i].name) == 0) {
+ modify_structs->check_list[i].flags |= SCHEMA_FLAG_CHECKED;
found = 1;
break;
}
diff --git a/source4/lib/ldb/modules/timestamps.c b/source4/lib/ldb/modules/timestamps.c
index 4066d231cd..1deeeb218b 100644
--- a/source4/lib/ldb/modules/timestamps.c
+++ b/source4/lib/ldb/modules/timestamps.c
@@ -69,7 +69,7 @@ static int add_time_element(struct ldb_module *module, struct ldb_message *msg,
int i;
for (i = 0; i < msg->num_elements; i++) {
- if (strcasecmp(msg->elements[i].name, attr_name) == 0) {
+ if (ldb_attr_cmp(msg->elements[i].name, attr_name) == 0) {
return 0;
}
}