From 508527890adc7bedd47522a7dae0c96d2b2e4bae Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Tue, 23 Sep 2008 14:30:06 -0400 Subject: Merge ldb_search() and ldb_search_exp_fmt() into a simgle function. The previous ldb_search() interface made it way too easy to leak results, and being able to use a printf-like expression turns to be really useful. --- source4/dsdb/schema/schema_init.c | 33 ++++++++++++++++----------------- source4/dsdb/schema/schema_set.c | 4 ++-- 2 files changed, 18 insertions(+), 19 deletions(-) (limited to 'source4/dsdb/schema') diff --git a/source4/dsdb/schema/schema_init.c b/source4/dsdb/schema/schema_init.c index 3ed7daee59..d983e3c272 100644 --- a/source4/dsdb/schema/schema_init.c +++ b/source4/dsdb/schema/schema_init.c @@ -525,18 +525,21 @@ WERROR dsdb_read_prefixes_from_ldb(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, return WERR_FOOBAR; } - ret = ldb_search(ldb, schema_dn, LDB_SCOPE_BASE,NULL, schema_attrs,&schema_res); + ret = ldb_search(ldb, mem_ctx, &schema_res, schema_dn, LDB_SCOPE_BASE, schema_attrs, NULL); if (ret == LDB_ERR_NO_SUCH_OBJECT) { DEBUG(0,("dsdb_read_prefixes_from_ldb: no prefix map present\n")); + talloc_free(schema_res); return WERR_FOOBAR; } else if (ret != LDB_SUCCESS) { DEBUG(0,("dsdb_read_prefixes_from_ldb: failed to search the schema head\n")); + talloc_free(schema_res); return WERR_FOOBAR; } prefix_val = ldb_msg_find_ldb_val(schema_res->msgs[0], "prefixMap"); if (!prefix_val) { DEBUG(0,("dsdb_read_prefixes_from_ldb: no prefixMap attribute found\n")); + talloc_free(schema_res); return WERR_FOOBAR; } @@ -550,9 +553,12 @@ WERROR dsdb_read_prefixes_from_ldb(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { DEBUG(0,("dsdb_read_prefixes_from_ldb: ndr_pull_struct_blob failed\n")); talloc_free(blob); + talloc_free(schema_res); return WERR_FOOBAR; } + talloc_free(schema_res); + if (blob->version != PREFIX_MAP_VERSION_DSDB) { DEBUG(0,("dsdb_read_prefixes_from_ldb: blob->version incorect\n")); talloc_free(blob); @@ -905,7 +911,7 @@ static int fetch_oc_recursive(struct ldb_context *ldb, struct ldb_dn *schemadn, const char *name = ldb_msg_find_attr_as_string(search_from->msgs[i], "lDAPDisplayname", NULL); - ret = ldb_search_exp_fmt(ldb, mem_ctx, &res, + ret = ldb_search(ldb, mem_ctx, &res, schemadn, LDB_SCOPE_SUBTREE, NULL, "(&(&(objectClass=classSchema)(subClassOf=%s))(!(lDAPDisplayName=%s)))", name, name); @@ -946,9 +952,9 @@ static int fetch_objectclass_schema(struct ldb_context *ldb, struct ldb_dn *sche } /* Download 'top' */ - ret = ldb_search(ldb, schemadn, LDB_SCOPE_SUBTREE, - "(&(objectClass=classSchema)(lDAPDisplayName=top))", - NULL, &top_res); + ret = ldb_search(ldb, local_ctx, &top_res, + schemadn, LDB_SCOPE_SUBTREE, NULL, + "(&(objectClass=classSchema)(lDAPDisplayName=top))"); if (ret != LDB_SUCCESS) { *error_string = talloc_asprintf(mem_ctx, "dsdb_schema: failed to search for top classSchema object: %s", @@ -956,8 +962,6 @@ static int fetch_objectclass_schema(struct ldb_context *ldb, struct ldb_dn *sche return ret; } - talloc_steal(local_ctx, top_res); - if (top_res->count != 1) { *error_string = talloc_asprintf(mem_ctx, "dsdb_schema: failed to find top classSchema object"); @@ -1008,10 +1012,8 @@ int dsdb_schema_from_schema_dn(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, /* * setup the prefix mappings and schema info */ - ret = ldb_search(ldb, schema_dn, - LDB_SCOPE_BASE, - NULL, schema_attrs, - &schema_res); + ret = ldb_search(ldb, tmp_ctx, &schema_res, + schema_dn, LDB_SCOPE_BASE, schema_attrs, NULL); if (ret == LDB_ERR_NO_SUCH_OBJECT) { talloc_free(tmp_ctx); return ret; @@ -1022,7 +1024,6 @@ int dsdb_schema_from_schema_dn(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, talloc_free(tmp_ctx); return ret; } - talloc_steal(tmp_ctx, schema_res); if (schema_res->count != 1) { *error_string_out = talloc_asprintf(mem_ctx, "dsdb_schema: [%u] schema heads found on a base search", @@ -1034,10 +1035,9 @@ int dsdb_schema_from_schema_dn(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, /* * load the attribute definitions */ - ret = ldb_search(ldb, schema_dn, - LDB_SCOPE_ONELEVEL, - "(objectClass=attributeSchema)", NULL, - &a_res); + ret = ldb_search(ldb, tmp_ctx, &a_res, + schema_dn, LDB_SCOPE_ONELEVEL, NULL, + "(objectClass=attributeSchema)"); if (ret != LDB_SUCCESS) { *error_string_out = talloc_asprintf(mem_ctx, "dsdb_schema: failed to search attributeSchema objects: %s", @@ -1045,7 +1045,6 @@ int dsdb_schema_from_schema_dn(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, talloc_free(tmp_ctx); return ret; } - talloc_steal(tmp_ctx, a_res); /* * load the objectClass definitions diff --git a/source4/dsdb/schema/schema_set.c b/source4/dsdb/schema/schema_set.c index 2303b88a05..b6e8ed46c2 100644 --- a/source4/dsdb/schema/schema_set.c +++ b/source4/dsdb/schema/schema_set.c @@ -116,7 +116,7 @@ static int dsdb_schema_set_attributes(struct ldb_context *ldb, struct dsdb_schem /* Try to avoid churning the attributes too much - we only want to do this if they have changed */ - ret = ldb_search_exp_fmt(ldb, mem_ctx, &res, msg->dn, LDB_SCOPE_BASE, NULL, "dn=%s", ldb_dn_get_linearized(msg->dn)); + ret = ldb_search(ldb, mem_ctx, &res, msg->dn, LDB_SCOPE_BASE, NULL, "dn=%s", ldb_dn_get_linearized(msg->dn)); if (ret == LDB_ERR_NO_SUCH_OBJECT) { ret = ldb_add(ldb, msg); } else if (ret != LDB_SUCCESS) { @@ -144,7 +144,7 @@ static int dsdb_schema_set_attributes(struct ldb_context *ldb, struct dsdb_schem /* Now write out the indexs, as found in the schema (if they have changed) */ - ret = ldb_search_exp_fmt(ldb, mem_ctx, &res_idx, msg_idx->dn, LDB_SCOPE_BASE, NULL, "dn=%s", ldb_dn_get_linearized(msg_idx->dn)); + ret = ldb_search(ldb, mem_ctx, &res_idx, msg_idx->dn, LDB_SCOPE_BASE, NULL, "dn=%s", ldb_dn_get_linearized(msg_idx->dn)); if (ret == LDB_ERR_NO_SUCH_OBJECT) { ret = ldb_add(ldb, msg_idx); } else if (ret != LDB_SUCCESS) { -- cgit From c412a930ad19da866503e6d8ccb71fb3191fc6d2 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 3 Oct 2008 16:25:59 -0700 Subject: Fix Domain Trust creation with Windows 2008 (and many other tools) A dITConentRules attribute (unlike objectClasses) must not contain a 'SUP'. The ADSI layer in Windows would download the whole schema, and validate it. Thanks to the team at Microsoft for very long debugging session to find this. Andrew Bartlett --- source4/dsdb/schema/schema_description.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'source4/dsdb/schema') diff --git a/source4/dsdb/schema/schema_description.c b/source4/dsdb/schema/schema_description.c index 6884c5284e..e152f44b97 100644 --- a/source4/dsdb/schema/schema_description.c +++ b/source4/dsdb/schema/schema_description.c @@ -309,7 +309,11 @@ char *schema_class_to_dITContentRule(TALLOC_CTX *mem_ctx, const struct dsdb_clas class->lDAPDisplayName, (const char **)aux_class_list, NULL, - class->subClassOf, + NULL, /* Must not specify a + * SUP (subclass) in + * ditContentRules + * per MS-ADTS + * 3.1.1.3.1.1.1 */ -1, must_attr_list, may_attr_list); talloc_free(tmp_ctx); return schema_description; -- cgit From 7d9f18609b25463d306c0c150fe0da7f065860fd Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 3 Oct 2008 16:36:04 -0700 Subject: Remove DESCRIPTION from generated schema lines. This is not permitted in the AD aggregate schema, and more trouble than it is worth in the OpenLDAP schema due to escaping issues. Andrew Bartlett --- source4/dsdb/schema/schema_description.c | 21 +-------------------- 1 file changed, 1 insertion(+), 20 deletions(-) (limited to 'source4/dsdb/schema') diff --git a/source4/dsdb/schema/schema_description.c b/source4/dsdb/schema/schema_description.c index e152f44b97..c3c37b4653 100644 --- a/source4/dsdb/schema/schema_description.c +++ b/source4/dsdb/schema/schema_description.c @@ -33,7 +33,6 @@ char *schema_attribute_description(TALLOC_CTX *mem_ctx, const char *seperator, const char *oid, const char *name, - const char *description, const char *equality, const char *substring, const char *syntax, @@ -46,15 +45,6 @@ char *schema_attribute_description(TALLOC_CTX *mem_ctx, "NAME '%s'%s", name, seperator); IF_NULL_FAIL_RET(schema_entry); - if (description) { -#if 0 - /* Need a way to escape ' characters from the description */ - schema_entry = talloc_asprintf_append(schema_entry, - "DESC '%s'%s", description, seperator); - IF_NULL_FAIL_RET(schema_entry); -#endif - } - if (equality) { schema_entry = talloc_asprintf_append(schema_entry, "EQUALITY %s%s", equality, seperator); @@ -104,7 +94,7 @@ char *schema_attribute_to_description(TALLOC_CTX *mem_ctx, const struct dsdb_att " ", attribute->attributeID_oid, attribute->lDAPDisplayName, - NULL, NULL, NULL, talloc_asprintf(tmp_ctx, "'%s'", syntax), + NULL, NULL, talloc_asprintf(tmp_ctx, "'%s'", syntax), attribute->isSingleValued, attribute->systemOnly); talloc_free(tmp_ctx); @@ -149,7 +139,6 @@ char *schema_class_description(TALLOC_CTX *mem_ctx, const char *oid, const char *name, const char **auxillary_classes, - const char *description, const char *subClassOf, int objectClassCategory, char **must, @@ -164,12 +153,6 @@ char *schema_class_description(TALLOC_CTX *mem_ctx, "NAME '%s'%s", name, seperator); IF_NULL_FAIL_RET(schema_entry); - if (description) { - schema_entry = talloc_asprintf_append(schema_entry, - "DESC '%s'%s", description, seperator); - IF_NULL_FAIL_RET(schema_entry); - } - if (auxillary_classes) { schema_entry = talloc_asprintf_append(schema_entry, "AUX ( "); @@ -262,7 +245,6 @@ char *schema_class_to_description(TALLOC_CTX *mem_ctx, const struct dsdb_class * " ", class->governsID_oid, class->lDAPDisplayName, - NULL, NULL, class->subClassOf, class->objectClassCategory, @@ -308,7 +290,6 @@ char *schema_class_to_dITContentRule(TALLOC_CTX *mem_ctx, const struct dsdb_clas class->governsID_oid, class->lDAPDisplayName, (const char **)aux_class_list, - NULL, NULL, /* Must not specify a * SUP (subclass) in * ditContentRules -- cgit