From 97ffb912c164e94728e5d3f82d602bb086bf65a4 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 21 Sep 2009 15:24:14 -0700 Subject: s4-ldb: add a LDB_FLG_ENABLE_TRACING for full ldb tracing When LDB_FLG_ENABLE_TRACING is set ldb will send full traces of all operations and results --- source4/lib/ldb/common/ldb.c | 90 ++++++++++++++++++++++++++++++++++++ source4/lib/ldb/common/ldb_debug.c | 15 +++++- source4/lib/ldb/common/ldb_modules.c | 22 +++++++++ source4/lib/ldb/include/ldb.h | 9 ++++ 4 files changed, 135 insertions(+), 1 deletion(-) (limited to 'source4/lib') diff --git a/source4/lib/ldb/common/ldb.c b/source4/lib/ldb/common/ldb.c index b75d837674..2ad5905318 100644 --- a/source4/lib/ldb/common/ldb.c +++ b/source4/lib/ldb/common/ldb.c @@ -622,6 +622,86 @@ int ldb_request_get_status(struct ldb_request *req) return req->handle->status; } + +/* + trace a ldb request +*/ +static void ldb_trace_request(struct ldb_context *ldb, struct ldb_request *req) +{ + TALLOC_CTX *tmp_ctx = talloc_new(req); + int i; + + switch (req->operation) { + case LDB_SEARCH: + ldb_debug(ldb, LDB_DEBUG_TRACE, "ldb_trace_request: SEARCH"); + ldb_debug(ldb, LDB_DEBUG_TRACE, " dn: %s", + ldb_dn_get_linearized(req->op.search.base)); + ldb_debug(ldb, LDB_DEBUG_TRACE, " scope: %s", + req->op.search.scope==LDB_SCOPE_BASE?"base": + req->op.search.scope==LDB_SCOPE_ONELEVEL?"one": + req->op.search.scope==LDB_SCOPE_SUBTREE?"sub":"UNKNOWN"); + ldb_debug(ldb, LDB_DEBUG_TRACE, " expr: %s", + ldb_filter_from_tree(tmp_ctx, req->op.search.tree)); + for (i=0; req->op.search.attrs && req->op.search.attrs[i]; i++) { + ldb_debug(ldb, LDB_DEBUG_TRACE, " attr: %s", req->op.search.attrs[i]); + } + break; + case LDB_DELETE: + ldb_debug(ldb, LDB_DEBUG_TRACE, "ldb_trace_request: DELETE"); + ldb_debug(ldb, LDB_DEBUG_TRACE, " dn: %s", + ldb_dn_get_linearized(req->op.del.dn)); + break; + case LDB_RENAME: + ldb_debug(ldb, LDB_DEBUG_TRACE, "ldb_trace_request: RENAME"); + ldb_debug(ldb, LDB_DEBUG_TRACE, " olddn: %s", + ldb_dn_get_linearized(req->op.rename.olddn)); + ldb_debug(ldb, LDB_DEBUG_TRACE, " newdn: %s", + ldb_dn_get_linearized(req->op.rename.newdn)); + break; + case LDB_EXTENDED: + ldb_debug(ldb, LDB_DEBUG_TRACE, "ldb_trace_request: EXTENDED"); + ldb_debug(ldb, LDB_DEBUG_TRACE, " oid: %s", req->op.extended.oid); + ldb_debug(ldb, LDB_DEBUG_TRACE, " data: %s", req->op.extended.data?"yes":"no"); + break; + case LDB_ADD: + ldb_debug(ldb, LDB_DEBUG_TRACE, "ldb_trace_request: ADD"); + ldb_debug(req->handle->ldb, LDB_DEBUG_TRACE, "%s", + ldb_ldif_message_string(req->handle->ldb, tmp_ctx, + LDB_CHANGETYPE_ADD, req->op.add.message)); + break; + case LDB_MODIFY: + ldb_debug(ldb, LDB_DEBUG_TRACE, "ldb_trace_request: MODIFY"); + ldb_debug(req->handle->ldb, LDB_DEBUG_TRACE, "%s", + ldb_ldif_message_string(req->handle->ldb, tmp_ctx, + LDB_CHANGETYPE_ADD, req->op.mod.message)); + break; + case LDB_REQ_REGISTER_CONTROL: + ldb_debug(ldb, LDB_DEBUG_TRACE, "ldb_trace_request: REGISTER_CONTROL"); + ldb_debug(req->handle->ldb, LDB_DEBUG_TRACE, "%s", + req->op.reg_control.oid); + break; + case LDB_REQ_REGISTER_PARTITION: + ldb_debug(ldb, LDB_DEBUG_TRACE, "ldb_trace_request: REGISTER_PARTITION"); + ldb_debug(req->handle->ldb, LDB_DEBUG_TRACE, "%s", + ldb_dn_get_linearized(req->op.reg_partition.dn)); + break; + default: + ldb_debug(ldb, LDB_DEBUG_TRACE, "ldb_trace_request: UNKNOWN(%u)", + req->operation); + break; + } + + for (i=0; req->controls && req->controls[i]; i++) { + ldb_debug(ldb, LDB_DEBUG_TRACE, " control: %s crit:%u data:%s", + req->controls[i]->oid, + req->controls[i]->critical, + req->controls[i]->data?"yes":"no"); + } + + talloc_free(tmp_ctx); +} + + /* start an ldb request NOTE: the request must be a talloc context. @@ -639,6 +719,10 @@ int ldb_request(struct ldb_context *ldb, struct ldb_request *req) ldb_reset_err_string(ldb); + if (ldb->flags & LDB_FLG_ENABLE_TRACING) { + ldb_trace_request(ldb, req); + } + /* call the first module in the chain */ switch (req->operation) { case LDB_SEARCH: @@ -1509,3 +1593,9 @@ unsigned int ldb_get_flags(struct ldb_context *ldb) { return ldb->flags; } + +/* set the ldb flags */ +void ldb_set_flags(struct ldb_context *ldb, unsigned flags) +{ + ldb->flags = flags; +} diff --git a/source4/lib/ldb/common/ldb_debug.c b/source4/lib/ldb/common/ldb_debug.c index 7680862c2c..4612b016f6 100644 --- a/source4/lib/ldb/common/ldb_debug.c +++ b/source4/lib/ldb/common/ldb_debug.c @@ -60,6 +60,15 @@ static void ldb_debug_stderr(void *context, enum ldb_debug_level level, } } +static void ldb_debug_stderr_all(void *context, enum ldb_debug_level level, + const char *fmt, va_list ap) PRINTF_ATTRIBUTE(3,0); +static void ldb_debug_stderr_all(void *context, enum ldb_debug_level level, + const char *fmt, va_list ap) +{ + vfprintf(stderr, fmt, ap); + fprintf(stderr, "\n"); +} + /* convenience function to setup debug messages on stderr messages of level LDB_DEBUG_WARNING and higher are printed @@ -76,7 +85,11 @@ void ldb_debug(struct ldb_context *ldb, enum ldb_debug_level level, const char * { va_list ap; if (ldb->debug_ops.debug == NULL) { - ldb_set_debug_stderr(ldb); + if (ldb->flags & LDB_FLG_ENABLE_TRACING) { + ldb_set_debug(ldb, ldb_debug_stderr_all, ldb); + } else { + ldb_set_debug_stderr(ldb); + } } va_start(ap, fmt); ldb->debug_ops.debug(ldb->debug_ops.context, level, fmt, ap); diff --git a/source4/lib/ldb/common/ldb_modules.c b/source4/lib/ldb/common/ldb_modules.c index 206b225ca8..c57d0e407d 100644 --- a/source4/lib/ldb/common/ldb_modules.c +++ b/source4/lib/ldb/common/ldb_modules.c @@ -672,6 +672,14 @@ int ldb_module_send_entry(struct ldb_request *req, ares->controls = talloc_steal(ares, ctrls); ares->error = LDB_SUCCESS; + if (req->handle->ldb->flags & LDB_FLG_ENABLE_TRACING) { + char *s; + ldb_debug(req->handle->ldb, LDB_DEBUG_TRACE, "ldb_trace_response: ENTRY"); + s = ldb_ldif_message_string(req->handle->ldb, msg, LDB_CHANGETYPE_NONE, msg); + ldb_debug(req->handle->ldb, LDB_DEBUG_TRACE, "%s", s); + talloc_free(s); + } + return req->callback(req, ares); } @@ -697,6 +705,11 @@ int ldb_module_send_referral(struct ldb_request *req, ares->referral = talloc_steal(ares, ref); ares->error = LDB_SUCCESS; + if (req->handle->ldb->flags & LDB_FLG_ENABLE_TRACING) { + ldb_debug(req->handle->ldb, LDB_DEBUG_TRACE, "ldb_trace_response: REFERRAL"); + ldb_debug(req->handle->ldb, LDB_DEBUG_TRACE, "ref: %s", ref); + } + return req->callback(req, ares); } @@ -729,6 +742,15 @@ int ldb_module_done(struct ldb_request *req, req->handle->flags |= LDB_HANDLE_FLAG_DONE_CALLED; + if (req->handle->ldb->flags & LDB_FLG_ENABLE_TRACING) { + ldb_debug(req->handle->ldb, LDB_DEBUG_TRACE, "ldb_trace_response: DONE"); + ldb_debug(req->handle->ldb, LDB_DEBUG_TRACE, "error: %u", error); + if (ldb_errstring(req->handle->ldb)) { + ldb_debug(req->handle->ldb, LDB_DEBUG_TRACE, "msg: %s", + ldb_errstring(req->handle->ldb)); + } + } + req->callback(req, ares); return error; } diff --git a/source4/lib/ldb/include/ldb.h b/source4/lib/ldb/include/ldb.h index 047e66c8b7..0378697f4b 100644 --- a/source4/lib/ldb/include/ldb.h +++ b/source4/lib/ldb/include/ldb.h @@ -246,6 +246,11 @@ struct ldb_utf8_fns { */ #define LDB_FLG_SHOW_BINARY 16 +/** + Flags to enable ldb tracing +*/ +#define LDB_FLG_ENABLE_TRACING 32 + /* structures for ldb_parse_tree handling code */ @@ -1914,4 +1919,8 @@ struct ldb_control **ldb_parse_control_strings(struct ldb_context *ldb, TALLOC_C */ unsigned int ldb_get_flags(struct ldb_context *ldb); +/* set the ldb flags */ +void ldb_set_flags(struct ldb_context *ldb, unsigned flags); + + #endif -- cgit From b23294e4071543db4628253222c893931a16b91c Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 21 Sep 2009 15:24:39 -0700 Subject: s4-ldb: add --trace command line option to ldb tools This enabled LDB_FLG_ENABLE_TRACING --- source4/lib/ldb/tools/cmdline.c | 5 +++++ source4/lib/ldb/tools/cmdline.h | 1 + 2 files changed, 6 insertions(+) (limited to 'source4/lib') diff --git a/source4/lib/ldb/tools/cmdline.c b/source4/lib/ldb/tools/cmdline.c index 8541106060..73bf2a93a7 100644 --- a/source4/lib/ldb/tools/cmdline.c +++ b/source4/lib/ldb/tools/cmdline.c @@ -44,6 +44,7 @@ static struct poptOption popt_options[] = { { "editor", 'e', POPT_ARG_STRING, &options.editor, 0, "external editor", "PROGRAM" }, { "scope", 's', POPT_ARG_STRING, NULL, 's', "search scope", "SCOPE" }, { "verbose", 'v', POPT_ARG_NONE, NULL, 'v', "increase verbosity", NULL }, + { "trace", 0, POPT_ARG_NONE, &options.tracing, 0, "enable tracing", NULL }, { "interactive", 'i', POPT_ARG_NONE, &options.interactive, 0, "input from stdin", NULL }, { "recursive", 'r', POPT_ARG_NONE, &options.recursive, 0, "recursive delete", NULL }, { "modules-path", 0, POPT_ARG_STRING, &options.modules_path, 0, "modules path", "PATH" }, @@ -220,6 +221,10 @@ struct ldb_cmdline *ldb_cmdline_process(struct ldb_context *ldb, flags |= LDB_FLG_SHOW_BINARY; } + if (options.tracing) { + flags |= LDB_FLG_ENABLE_TRACING; + } + #if (_SAMBA_BUILD_ >= 4) /* Must be after we have processed command line options */ gensec_init(cmdline_lp_ctx); diff --git a/source4/lib/ldb/tools/cmdline.h b/source4/lib/ldb/tools/cmdline.h index 9f728fba0b..28061a5a7d 100644 --- a/source4/lib/ldb/tools/cmdline.h +++ b/source4/lib/ldb/tools/cmdline.h @@ -45,6 +45,7 @@ struct ldb_cmdline { const char *output; char **controls; int show_binary; + int tracing; }; struct ldb_cmdline *ldb_cmdline_process(struct ldb_context *ldb, int argc, const char **argv, -- cgit From a5cdf36c3f8e4bf0aadba1add1ca1f212a8189b0 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 21 Sep 2009 15:25:10 -0700 Subject: s4-samdb: enable ldb tracing when log level >= 10 --- source4/lib/ldb_wrap.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source4/lib') diff --git a/source4/lib/ldb_wrap.c b/source4/lib/ldb_wrap.c index 15cf11f942..74502afde2 100644 --- a/source4/lib/ldb_wrap.c +++ b/source4/lib/ldb_wrap.c @@ -169,6 +169,10 @@ struct ldb_context *ldb_wrap_connect(TALLOC_CTX *mem_ctx, flags |= LDB_FLG_NOSYNC; } + if (DEBUGLVL(10)) { + flags |= LDB_FLG_ENABLE_TRACING; + } + /* we usually want Samba databases to be private. If we later find we need one public, we will need to add a parameter to ldb_wrap_connect() */ -- cgit From 4d984d0c05c8517aafa1aefcb73e46c63375ef51 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 21 Sep 2009 16:29:22 -0700 Subject: s4-ldb: fixed O(n^2) string handling in ldif debug print --- source4/lib/ldb/common/ldb_ldif.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source4/lib') diff --git a/source4/lib/ldb/common/ldb_ldif.c b/source4/lib/ldb/common/ldb_ldif.c index cde21320a2..b7ab7300b2 100644 --- a/source4/lib/ldb/common/ldb_ldif.c +++ b/source4/lib/ldb/common/ldb_ldif.c @@ -783,7 +783,7 @@ static int ldif_printf_string(void *private_data, const char *fmt, ...) struct ldif_write_string_state *state = (struct ldif_write_string_state *)private_data; va_list ap; - size_t oldlen = strlen(state->string); + size_t oldlen = talloc_get_size(state->string); va_start(ap, fmt); state->string = talloc_vasprintf_append(state->string, fmt, ap); @@ -791,8 +791,8 @@ static int ldif_printf_string(void *private_data, const char *fmt, ...) if (!state->string) { return -1; } - - return strlen(state->string) - oldlen; + + return talloc_get_size(state->string) - oldlen; } char *ldb_ldif_write_string(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, -- cgit From 1fa643bdd731ffa6bc746bce0be5fa0f117b48d2 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 21 Sep 2009 16:29:44 -0700 Subject: s4-ldb: bit prettier output --- source4/lib/ldb/common/ldb.c | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) (limited to 'source4/lib') diff --git a/source4/lib/ldb/common/ldb.c b/source4/lib/ldb/common/ldb.c index 2ad5905318..02298c1dff 100644 --- a/source4/lib/ldb/common/ldb.c +++ b/source4/lib/ldb/common/ldb.c @@ -642,8 +642,12 @@ static void ldb_trace_request(struct ldb_context *ldb, struct ldb_request *req) req->op.search.scope==LDB_SCOPE_SUBTREE?"sub":"UNKNOWN"); ldb_debug(ldb, LDB_DEBUG_TRACE, " expr: %s", ldb_filter_from_tree(tmp_ctx, req->op.search.tree)); - for (i=0; req->op.search.attrs && req->op.search.attrs[i]; i++) { - ldb_debug(ldb, LDB_DEBUG_TRACE, " attr: %s", req->op.search.attrs[i]); + if (req->op.search.attrs == NULL) { + ldb_debug(ldb, LDB_DEBUG_TRACE, " attr: "); + } else { + for (i=0; req->op.search.attrs[i]; i++) { + ldb_debug(ldb, LDB_DEBUG_TRACE, " attr: %s", req->op.search.attrs[i]); + } } break; case LDB_DELETE: @@ -691,11 +695,15 @@ static void ldb_trace_request(struct ldb_context *ldb, struct ldb_request *req) break; } - for (i=0; req->controls && req->controls[i]; i++) { - ldb_debug(ldb, LDB_DEBUG_TRACE, " control: %s crit:%u data:%s", - req->controls[i]->oid, - req->controls[i]->critical, - req->controls[i]->data?"yes":"no"); + if (req->controls == NULL) { + ldb_debug(ldb, LDB_DEBUG_TRACE, " control: "); + } else { + for (i=0; req->controls && req->controls[i]; i++) { + ldb_debug(ldb, LDB_DEBUG_TRACE, " control: %s crit:%u data:%s", + req->controls[i]->oid, + req->controls[i]->critical, + req->controls[i]->data?"yes":"no"); + } } talloc_free(tmp_ctx); -- cgit From b850d7fb08b97fff8ce5ec2cbff2256aa390e440 Mon Sep 17 00:00:00 2001 From: Anatoliy Atanasov Date: Mon, 21 Sep 2009 17:14:06 -0700 Subject: Add support in the ldb_dn.c code for MS-ADTS:3.1.1.5.1.2 Naming Constraints --- source4/lib/ldb/common/ldb_dn.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'source4/lib') diff --git a/source4/lib/ldb/common/ldb_dn.c b/source4/lib/ldb/common/ldb_dn.c index d905f47040..af00ef96f3 100644 --- a/source4/lib/ldb/common/ldb_dn.c +++ b/source4/lib/ldb/common/ldb_dn.c @@ -103,6 +103,11 @@ struct ldb_dn *ldb_dn_from_ldb_val(void *mem_ctx, dn->ext_linearized = talloc_strndup(dn, data, length); LDB_DN_NULL_FAILED(dn->ext_linearized); + if (strlen(data) != length) { + /* The RDN must not contain a character with value 0x0 */ + return NULL; + } + if (data[0] == '<') { const char *p_save, *p = dn->ext_linearized; do { @@ -231,6 +236,9 @@ char *ldb_dn_escape_value(void *mem_ctx, struct ldb_val value) /* explode a DN string into a ldb_dn structure based on RFC4514 except that we don't support multiple valued RDNs + + TODO: according to MS-ADTS:3.1.1.5.2 Naming Constraints + DN must be compliant with RFC2253 */ static bool ldb_dn_explode(struct ldb_dn *dn) { @@ -264,6 +272,11 @@ static bool ldb_dn_explode(struct ldb_dn *dn) return false; } + /* The RDN size must be less than 255 characters */ + if (strlen(parse_dn) > 255) { + return false; + } + /* Empty DNs */ if (parse_dn[0] == '\0') { return true; -- cgit