From dd7f94a9e2bcab626b6c0d8eb498259ed132cc9b Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 20 Sep 2009 15:45:53 -0700 Subject: s4-dsdb: fixed a printf format warning --- source4/dsdb/common/util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c index 1fe5979c69..126f9fa829 100644 --- a/source4/dsdb/common/util.c +++ b/source4/dsdb/common/util.c @@ -1454,7 +1454,7 @@ bool samdb_is_capable_dc(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, samdb_base_dn(ldb), "nTMixedDomain", NULL); if (errmsg != NULL) - *errmsg = talloc_asprintf(mem_ctx, ""); + *errmsg = talloc_strdup(mem_ctx, ""); if (level_forest == -1 || level_domain == -1 || level_domain_mixed == -1) { ret = false; -- cgit From 2fda203230b2bdeee61c23def0f4ac1eba807596 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 20 Sep 2009 18:24:23 -0700 Subject: s4-ldb: add support for extended DNs in the rootDSE W2K8 join as a DC relies on being able to ask for the sid component of extended DNs from the rootDSE DNs --- source4/dsdb/samdb/ldb_modules/rootdse.c | 137 ++++++++++++++++++++++++++++++- 1 file changed, 135 insertions(+), 2 deletions(-) (limited to 'source4') diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index 59ea51dbce..171f5d862b 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -50,16 +50,129 @@ static int do_attribute_explicit(const char * const *attrs, const char *name) } +/* + expand a DN attribute to include extended DN information if requested + */ +static int expand_dn_in_message(struct ldb_module *module, struct ldb_message *msg, + const char *attrname, struct ldb_control *edn_control, + struct ldb_request *req) +{ + struct ldb_dn *dn, *dn2; + struct ldb_val *v; + int ret; + struct ldb_request *req2; + char *dn_string; + const char *no_attrs[] = { NULL }; + struct ldb_result *res; + struct ldb_extended_dn_control *edn; + TALLOC_CTX *tmp_ctx = talloc_new(req); + struct ldb_context *ldb; + int edn_type = 1; + + ldb = ldb_module_get_ctx(module); + + edn = talloc_get_type(edn_control->data, struct ldb_extended_dn_control); + if (edn) { + edn_type = edn->type; + } + + v = discard_const_p(struct ldb_val, ldb_msg_find_ldb_val(msg, attrname)); + if (v == NULL) { + talloc_free(tmp_ctx); + return 0; + } + + dn_string = talloc_strndup(tmp_ctx, (const char *)v->data, v->length); + if (dn_string == NULL) { + talloc_free(tmp_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + + res = talloc_zero(tmp_ctx, struct ldb_result); + if (res == NULL) { + talloc_free(tmp_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + + dn = ldb_dn_new(tmp_ctx, ldb, dn_string); + if (!ldb_dn_validate(dn)) { + talloc_free(tmp_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + + ret = ldb_build_search_req(&req2, ldb, tmp_ctx, + dn, + LDB_SCOPE_BASE, + NULL, + no_attrs, + NULL, + res, ldb_search_default_callback, + req); + if (ret != LDB_SUCCESS) { + talloc_free(tmp_ctx); + return ret; + } + + + ret = ldb_request_add_control(req2, + LDB_CONTROL_EXTENDED_DN_OID, + edn_control->critical, edn); + if (ret != LDB_SUCCESS) { + talloc_free(tmp_ctx); + return ret; + } + + ret = ldb_next_request(module, req2); + if (ret == LDB_SUCCESS) { + ret = ldb_wait(req2->handle, LDB_WAIT_ALL); + } + if (ret != LDB_SUCCESS) { + talloc_free(tmp_ctx); + return ret; + } + + if (!res || res->count != 1) { + talloc_free(tmp_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + + dn2 = res->msgs[0]->dn; + + v->data = (uint8_t *)ldb_dn_get_extended_linearized(msg->elements, dn2, edn_type); + v->length = strlen((char *)v->data); + + if (v->data == NULL) { + talloc_free(tmp_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + + talloc_free(tmp_ctx); + + return 0; +} + + /* add dynamically generated attributes to rootDSE result */ -static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *msg, const char * const *attrs) +static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *msg, + const char * const *attrs, struct ldb_request *req) { struct ldb_context *ldb; struct private_data *priv = talloc_get_type(ldb_module_get_private(module), struct private_data); char **server_sasl; const struct dsdb_schema *schema; int *val; + struct ldb_control *edn_control; + const char *dn_attrs[] = { + "configurationNamingContext", + "defaultNamingContext", + "dsServiceName", + "rootDomainNamingContext", + "schemaNamingContext", + "serverName", + NULL + }; ldb = ldb_module_get_ctx(module); schema = dsdb_get_schema(ldb); @@ -233,6 +346,26 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms } } + edn_control = ldb_request_get_control(req, LDB_CONTROL_EXTENDED_DN_OID); + + /* if the client sent us the EXTENDED_DN control then we need + to expand the DNs to have GUID and SID. W2K8 join relies on + this */ + if (edn_control) { + int i, ret; + for (i=0; dn_attrs[i]; i++) { + if (!do_attribute(attrs, dn_attrs[i])) continue; + ret = expand_dn_in_message(module, msg, dn_attrs[i], + edn_control, req); + if (ret != LDB_SUCCESS) { + DEBUG(0,(__location__ ": Failed to expand DN in rootDSE for %s\n", + dn_attrs[i])); + goto failed; + } + } + } + + /* TODO: lots more dynamic attributes should be added here */ return LDB_SUCCESS; @@ -301,7 +434,7 @@ static int rootdse_callback(struct ldb_request *req, struct ldb_reply *ares) /* for each record returned post-process to add any dynamic attributes that have been asked for */ ret = rootdse_add_dynamic(ac->module, ares->message, - ac->req->op.search.attrs); + ac->req->op.search.attrs, ac->req); if (ret != LDB_SUCCESS) { talloc_free(ares); return ldb_module_done(ac->req, NULL, NULL, ret); -- cgit From 5b684bbfd761924360c08a32d657a33bc92b8f9c Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 20 Sep 2009 18:58:18 -0700 Subject: s4-ldap: default edn type is 0 --- source4/dsdb/samdb/ldb_modules/rootdse.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index 171f5d862b..a8e08ec3ad 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -67,7 +67,7 @@ static int expand_dn_in_message(struct ldb_module *module, struct ldb_message *m struct ldb_extended_dn_control *edn; TALLOC_CTX *tmp_ctx = talloc_new(req); struct ldb_context *ldb; - int edn_type = 1; + int edn_type = 0; ldb = ldb_module_get_ctx(module); -- cgit From 97ffb912c164e94728e5d3f82d602bb086bf65a4 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 21 Sep 2009 15:24:14 -0700 Subject: s4-ldb: add a LDB_FLG_ENABLE_TRACING for full ldb tracing When LDB_FLG_ENABLE_TRACING is set ldb will send full traces of all operations and results --- source4/lib/ldb/common/ldb.c | 90 ++++++++++++++++++++++++++++++++++++ source4/lib/ldb/common/ldb_debug.c | 15 +++++- source4/lib/ldb/common/ldb_modules.c | 22 +++++++++ source4/lib/ldb/include/ldb.h | 9 ++++ 4 files changed, 135 insertions(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/lib/ldb/common/ldb.c b/source4/lib/ldb/common/ldb.c index b75d837674..2ad5905318 100644 --- a/source4/lib/ldb/common/ldb.c +++ b/source4/lib/ldb/common/ldb.c @@ -622,6 +622,86 @@ int ldb_request_get_status(struct ldb_request *req) return req->handle->status; } + +/* + trace a ldb request +*/ +static void ldb_trace_request(struct ldb_context *ldb, struct ldb_request *req) +{ + TALLOC_CTX *tmp_ctx = talloc_new(req); + int i; + + switch (req->operation) { + case LDB_SEARCH: + ldb_debug(ldb, LDB_DEBUG_TRACE, "ldb_trace_request: SEARCH"); + ldb_debug(ldb, LDB_DEBUG_TRACE, " dn: %s", + ldb_dn_get_linearized(req->op.search.base)); + ldb_debug(ldb, LDB_DEBUG_TRACE, " scope: %s", + req->op.search.scope==LDB_SCOPE_BASE?"base": + req->op.search.scope==LDB_SCOPE_ONELEVEL?"one": + req->op.search.scope==LDB_SCOPE_SUBTREE?"sub":"UNKNOWN"); + ldb_debug(ldb, LDB_DEBUG_TRACE, " expr: %s", + ldb_filter_from_tree(tmp_ctx, req->op.search.tree)); + for (i=0; req->op.search.attrs && req->op.search.attrs[i]; i++) { + ldb_debug(ldb, LDB_DEBUG_TRACE, " attr: %s", req->op.search.attrs[i]); + } + break; + case LDB_DELETE: + ldb_debug(ldb, LDB_DEBUG_TRACE, "ldb_trace_request: DELETE"); + ldb_debug(ldb, LDB_DEBUG_TRACE, " dn: %s", + ldb_dn_get_linearized(req->op.del.dn)); + break; + case LDB_RENAME: + ldb_debug(ldb, LDB_DEBUG_TRACE, "ldb_trace_request: RENAME"); + ldb_debug(ldb, LDB_DEBUG_TRACE, " olddn: %s", + ldb_dn_get_linearized(req->op.rename.olddn)); + ldb_debug(ldb, LDB_DEBUG_TRACE, " newdn: %s", + ldb_dn_get_linearized(req->op.rename.newdn)); + break; + case LDB_EXTENDED: + ldb_debug(ldb, LDB_DEBUG_TRACE, "ldb_trace_request: EXTENDED"); + ldb_debug(ldb, LDB_DEBUG_TRACE, " oid: %s", req->op.extended.oid); + ldb_debug(ldb, LDB_DEBUG_TRACE, " data: %s", req->op.extended.data?"yes":"no"); + break; + case LDB_ADD: + ldb_debug(ldb, LDB_DEBUG_TRACE, "ldb_trace_request: ADD"); + ldb_debug(req->handle->ldb, LDB_DEBUG_TRACE, "%s", + ldb_ldif_message_string(req->handle->ldb, tmp_ctx, + LDB_CHANGETYPE_ADD, req->op.add.message)); + break; + case LDB_MODIFY: + ldb_debug(ldb, LDB_DEBUG_TRACE, "ldb_trace_request: MODIFY"); + ldb_debug(req->handle->ldb, LDB_DEBUG_TRACE, "%s", + ldb_ldif_message_string(req->handle->ldb, tmp_ctx, + LDB_CHANGETYPE_ADD, req->op.mod.message)); + break; + case LDB_REQ_REGISTER_CONTROL: + ldb_debug(ldb, LDB_DEBUG_TRACE, "ldb_trace_request: REGISTER_CONTROL"); + ldb_debug(req->handle->ldb, LDB_DEBUG_TRACE, "%s", + req->op.reg_control.oid); + break; + case LDB_REQ_REGISTER_PARTITION: + ldb_debug(ldb, LDB_DEBUG_TRACE, "ldb_trace_request: REGISTER_PARTITION"); + ldb_debug(req->handle->ldb, LDB_DEBUG_TRACE, "%s", + ldb_dn_get_linearized(req->op.reg_partition.dn)); + break; + default: + ldb_debug(ldb, LDB_DEBUG_TRACE, "ldb_trace_request: UNKNOWN(%u)", + req->operation); + break; + } + + for (i=0; req->controls && req->controls[i]; i++) { + ldb_debug(ldb, LDB_DEBUG_TRACE, " control: %s crit:%u data:%s", + req->controls[i]->oid, + req->controls[i]->critical, + req->controls[i]->data?"yes":"no"); + } + + talloc_free(tmp_ctx); +} + + /* start an ldb request NOTE: the request must be a talloc context. @@ -639,6 +719,10 @@ int ldb_request(struct ldb_context *ldb, struct ldb_request *req) ldb_reset_err_string(ldb); + if (ldb->flags & LDB_FLG_ENABLE_TRACING) { + ldb_trace_request(ldb, req); + } + /* call the first module in the chain */ switch (req->operation) { case LDB_SEARCH: @@ -1509,3 +1593,9 @@ unsigned int ldb_get_flags(struct ldb_context *ldb) { return ldb->flags; } + +/* set the ldb flags */ +void ldb_set_flags(struct ldb_context *ldb, unsigned flags) +{ + ldb->flags = flags; +} diff --git a/source4/lib/ldb/common/ldb_debug.c b/source4/lib/ldb/common/ldb_debug.c index 7680862c2c..4612b016f6 100644 --- a/source4/lib/ldb/common/ldb_debug.c +++ b/source4/lib/ldb/common/ldb_debug.c @@ -60,6 +60,15 @@ static void ldb_debug_stderr(void *context, enum ldb_debug_level level, } } +static void ldb_debug_stderr_all(void *context, enum ldb_debug_level level, + const char *fmt, va_list ap) PRINTF_ATTRIBUTE(3,0); +static void ldb_debug_stderr_all(void *context, enum ldb_debug_level level, + const char *fmt, va_list ap) +{ + vfprintf(stderr, fmt, ap); + fprintf(stderr, "\n"); +} + /* convenience function to setup debug messages on stderr messages of level LDB_DEBUG_WARNING and higher are printed @@ -76,7 +85,11 @@ void ldb_debug(struct ldb_context *ldb, enum ldb_debug_level level, const char * { va_list ap; if (ldb->debug_ops.debug == NULL) { - ldb_set_debug_stderr(ldb); + if (ldb->flags & LDB_FLG_ENABLE_TRACING) { + ldb_set_debug(ldb, ldb_debug_stderr_all, ldb); + } else { + ldb_set_debug_stderr(ldb); + } } va_start(ap, fmt); ldb->debug_ops.debug(ldb->debug_ops.context, level, fmt, ap); diff --git a/source4/lib/ldb/common/ldb_modules.c b/source4/lib/ldb/common/ldb_modules.c index 206b225ca8..c57d0e407d 100644 --- a/source4/lib/ldb/common/ldb_modules.c +++ b/source4/lib/ldb/common/ldb_modules.c @@ -672,6 +672,14 @@ int ldb_module_send_entry(struct ldb_request *req, ares->controls = talloc_steal(ares, ctrls); ares->error = LDB_SUCCESS; + if (req->handle->ldb->flags & LDB_FLG_ENABLE_TRACING) { + char *s; + ldb_debug(req->handle->ldb, LDB_DEBUG_TRACE, "ldb_trace_response: ENTRY"); + s = ldb_ldif_message_string(req->handle->ldb, msg, LDB_CHANGETYPE_NONE, msg); + ldb_debug(req->handle->ldb, LDB_DEBUG_TRACE, "%s", s); + talloc_free(s); + } + return req->callback(req, ares); } @@ -697,6 +705,11 @@ int ldb_module_send_referral(struct ldb_request *req, ares->referral = talloc_steal(ares, ref); ares->error = LDB_SUCCESS; + if (req->handle->ldb->flags & LDB_FLG_ENABLE_TRACING) { + ldb_debug(req->handle->ldb, LDB_DEBUG_TRACE, "ldb_trace_response: REFERRAL"); + ldb_debug(req->handle->ldb, LDB_DEBUG_TRACE, "ref: %s", ref); + } + return req->callback(req, ares); } @@ -729,6 +742,15 @@ int ldb_module_done(struct ldb_request *req, req->handle->flags |= LDB_HANDLE_FLAG_DONE_CALLED; + if (req->handle->ldb->flags & LDB_FLG_ENABLE_TRACING) { + ldb_debug(req->handle->ldb, LDB_DEBUG_TRACE, "ldb_trace_response: DONE"); + ldb_debug(req->handle->ldb, LDB_DEBUG_TRACE, "error: %u", error); + if (ldb_errstring(req->handle->ldb)) { + ldb_debug(req->handle->ldb, LDB_DEBUG_TRACE, "msg: %s", + ldb_errstring(req->handle->ldb)); + } + } + req->callback(req, ares); return error; } diff --git a/source4/lib/ldb/include/ldb.h b/source4/lib/ldb/include/ldb.h index 047e66c8b7..0378697f4b 100644 --- a/source4/lib/ldb/include/ldb.h +++ b/source4/lib/ldb/include/ldb.h @@ -246,6 +246,11 @@ struct ldb_utf8_fns { */ #define LDB_FLG_SHOW_BINARY 16 +/** + Flags to enable ldb tracing +*/ +#define LDB_FLG_ENABLE_TRACING 32 + /* structures for ldb_parse_tree handling code */ @@ -1914,4 +1919,8 @@ struct ldb_control **ldb_parse_control_strings(struct ldb_context *ldb, TALLOC_C */ unsigned int ldb_get_flags(struct ldb_context *ldb); +/* set the ldb flags */ +void ldb_set_flags(struct ldb_context *ldb, unsigned flags); + + #endif -- cgit From b23294e4071543db4628253222c893931a16b91c Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 21 Sep 2009 15:24:39 -0700 Subject: s4-ldb: add --trace command line option to ldb tools This enabled LDB_FLG_ENABLE_TRACING --- source4/lib/ldb/tools/cmdline.c | 5 +++++ source4/lib/ldb/tools/cmdline.h | 1 + 2 files changed, 6 insertions(+) (limited to 'source4') diff --git a/source4/lib/ldb/tools/cmdline.c b/source4/lib/ldb/tools/cmdline.c index 8541106060..73bf2a93a7 100644 --- a/source4/lib/ldb/tools/cmdline.c +++ b/source4/lib/ldb/tools/cmdline.c @@ -44,6 +44,7 @@ static struct poptOption popt_options[] = { { "editor", 'e', POPT_ARG_STRING, &options.editor, 0, "external editor", "PROGRAM" }, { "scope", 's', POPT_ARG_STRING, NULL, 's', "search scope", "SCOPE" }, { "verbose", 'v', POPT_ARG_NONE, NULL, 'v', "increase verbosity", NULL }, + { "trace", 0, POPT_ARG_NONE, &options.tracing, 0, "enable tracing", NULL }, { "interactive", 'i', POPT_ARG_NONE, &options.interactive, 0, "input from stdin", NULL }, { "recursive", 'r', POPT_ARG_NONE, &options.recursive, 0, "recursive delete", NULL }, { "modules-path", 0, POPT_ARG_STRING, &options.modules_path, 0, "modules path", "PATH" }, @@ -220,6 +221,10 @@ struct ldb_cmdline *ldb_cmdline_process(struct ldb_context *ldb, flags |= LDB_FLG_SHOW_BINARY; } + if (options.tracing) { + flags |= LDB_FLG_ENABLE_TRACING; + } + #if (_SAMBA_BUILD_ >= 4) /* Must be after we have processed command line options */ gensec_init(cmdline_lp_ctx); diff --git a/source4/lib/ldb/tools/cmdline.h b/source4/lib/ldb/tools/cmdline.h index 9f728fba0b..28061a5a7d 100644 --- a/source4/lib/ldb/tools/cmdline.h +++ b/source4/lib/ldb/tools/cmdline.h @@ -45,6 +45,7 @@ struct ldb_cmdline { const char *output; char **controls; int show_binary; + int tracing; }; struct ldb_cmdline *ldb_cmdline_process(struct ldb_context *ldb, int argc, const char **argv, -- cgit From ac56fed2f44f6847ad99fbf13c877cb52322087b Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 21 Sep 2009 15:24:55 -0700 Subject: s4-schema: don't trace the schema load (too verbose) --- source4/dsdb/schema/schema_init.c | 36 ++++++++++++++++++++++++------------ 1 file changed, 24 insertions(+), 12 deletions(-) (limited to 'source4') diff --git a/source4/dsdb/schema/schema_init.c b/source4/dsdb/schema/schema_init.c index 9f7d967158..fa1953a14f 100644 --- a/source4/dsdb/schema/schema_init.c +++ b/source4/dsdb/schema/schema_init.c @@ -1028,6 +1028,7 @@ int dsdb_schema_from_schema_dn(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, "fSMORoleOwner", NULL }; + unsigned flags; tmp_ctx = talloc_new(mem_ctx); if (!tmp_ctx) { @@ -1035,27 +1036,28 @@ int dsdb_schema_from_schema_dn(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, return LDB_ERR_OPERATIONS_ERROR; } + /* we don't want to trace the schema load */ + flags = ldb_get_flags(ldb); + ldb_set_flags(ldb, flags & ~LDB_FLG_ENABLE_TRACING); + /* * setup the prefix mappings and schema info */ ret = ldb_search(ldb, tmp_ctx, &schema_res, schema_dn, LDB_SCOPE_BASE, schema_attrs, NULL); if (ret == LDB_ERR_NO_SUCH_OBJECT) { - talloc_free(tmp_ctx); - return ret; + goto failed; } else if (ret != LDB_SUCCESS) { *error_string_out = talloc_asprintf(mem_ctx, "dsdb_schema: failed to search the schema head: %s", ldb_errstring(ldb)); - talloc_free(tmp_ctx); - return ret; + goto failed; } if (schema_res->count != 1) { *error_string_out = talloc_asprintf(mem_ctx, "dsdb_schema: [%u] schema heads found on a base search", schema_res->count); - talloc_free(tmp_ctx); - return LDB_ERR_CONSTRAINT_VIOLATION; + goto failed; } /* @@ -1068,8 +1070,7 @@ int dsdb_schema_from_schema_dn(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, *error_string_out = talloc_asprintf(mem_ctx, "dsdb_schema: failed to search attributeSchema objects: %s", ldb_errstring(ldb)); - talloc_free(tmp_ctx); - return ret; + goto failed; } /* @@ -1082,8 +1083,7 @@ int dsdb_schema_from_schema_dn(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, *error_string_out = talloc_asprintf(mem_ctx, "dsdb_schema: failed to search attributeSchema objects: %s", ldb_errstring(ldb)); - talloc_free(tmp_ctx); - return ret; + goto failed; } ret = dsdb_schema_from_ldb_results(tmp_ctx, ldb, @@ -1093,13 +1093,25 @@ int dsdb_schema_from_schema_dn(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, *error_string_out = talloc_asprintf(mem_ctx, "dsdb_schema load failed: %s", error_string); - talloc_free(tmp_ctx); - return ret; + goto failed; } talloc_steal(mem_ctx, *schema); talloc_free(tmp_ctx); + if (flags & LDB_FLG_ENABLE_TRACING) { + flags = ldb_get_flags(ldb); + ldb_set_flags(ldb, flags | LDB_FLG_ENABLE_TRACING); + } + return LDB_SUCCESS; + +failed: + if (flags & LDB_FLG_ENABLE_TRACING) { + flags = ldb_get_flags(ldb); + ldb_set_flags(ldb, flags | LDB_FLG_ENABLE_TRACING); + } + talloc_free(tmp_ctx); + return ret; } -- cgit From a5cdf36c3f8e4bf0aadba1add1ca1f212a8189b0 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 21 Sep 2009 15:25:10 -0700 Subject: s4-samdb: enable ldb tracing when log level >= 10 --- source4/lib/ldb_wrap.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source4') diff --git a/source4/lib/ldb_wrap.c b/source4/lib/ldb_wrap.c index 15cf11f942..74502afde2 100644 --- a/source4/lib/ldb_wrap.c +++ b/source4/lib/ldb_wrap.c @@ -169,6 +169,10 @@ struct ldb_context *ldb_wrap_connect(TALLOC_CTX *mem_ctx, flags |= LDB_FLG_NOSYNC; } + if (DEBUGLVL(10)) { + flags |= LDB_FLG_ENABLE_TRACING; + } + /* we usually want Samba databases to be private. If we later find we need one public, we will need to add a parameter to ldb_wrap_connect() */ -- cgit From 4d984d0c05c8517aafa1aefcb73e46c63375ef51 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 21 Sep 2009 16:29:22 -0700 Subject: s4-ldb: fixed O(n^2) string handling in ldif debug print --- source4/lib/ldb/common/ldb_ldif.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source4') diff --git a/source4/lib/ldb/common/ldb_ldif.c b/source4/lib/ldb/common/ldb_ldif.c index cde21320a2..b7ab7300b2 100644 --- a/source4/lib/ldb/common/ldb_ldif.c +++ b/source4/lib/ldb/common/ldb_ldif.c @@ -783,7 +783,7 @@ static int ldif_printf_string(void *private_data, const char *fmt, ...) struct ldif_write_string_state *state = (struct ldif_write_string_state *)private_data; va_list ap; - size_t oldlen = strlen(state->string); + size_t oldlen = talloc_get_size(state->string); va_start(ap, fmt); state->string = talloc_vasprintf_append(state->string, fmt, ap); @@ -791,8 +791,8 @@ static int ldif_printf_string(void *private_data, const char *fmt, ...) if (!state->string) { return -1; } - - return strlen(state->string) - oldlen; + + return talloc_get_size(state->string) - oldlen; } char *ldb_ldif_write_string(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, -- cgit From 1fa643bdd731ffa6bc746bce0be5fa0f117b48d2 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 21 Sep 2009 16:29:44 -0700 Subject: s4-ldb: bit prettier output --- source4/lib/ldb/common/ldb.c | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) (limited to 'source4') diff --git a/source4/lib/ldb/common/ldb.c b/source4/lib/ldb/common/ldb.c index 2ad5905318..02298c1dff 100644 --- a/source4/lib/ldb/common/ldb.c +++ b/source4/lib/ldb/common/ldb.c @@ -642,8 +642,12 @@ static void ldb_trace_request(struct ldb_context *ldb, struct ldb_request *req) req->op.search.scope==LDB_SCOPE_SUBTREE?"sub":"UNKNOWN"); ldb_debug(ldb, LDB_DEBUG_TRACE, " expr: %s", ldb_filter_from_tree(tmp_ctx, req->op.search.tree)); - for (i=0; req->op.search.attrs && req->op.search.attrs[i]; i++) { - ldb_debug(ldb, LDB_DEBUG_TRACE, " attr: %s", req->op.search.attrs[i]); + if (req->op.search.attrs == NULL) { + ldb_debug(ldb, LDB_DEBUG_TRACE, " attr: "); + } else { + for (i=0; req->op.search.attrs[i]; i++) { + ldb_debug(ldb, LDB_DEBUG_TRACE, " attr: %s", req->op.search.attrs[i]); + } } break; case LDB_DELETE: @@ -691,11 +695,15 @@ static void ldb_trace_request(struct ldb_context *ldb, struct ldb_request *req) break; } - for (i=0; req->controls && req->controls[i]; i++) { - ldb_debug(ldb, LDB_DEBUG_TRACE, " control: %s crit:%u data:%s", - req->controls[i]->oid, - req->controls[i]->critical, - req->controls[i]->data?"yes":"no"); + if (req->controls == NULL) { + ldb_debug(ldb, LDB_DEBUG_TRACE, " control: "); + } else { + for (i=0; req->controls && req->controls[i]; i++) { + ldb_debug(ldb, LDB_DEBUG_TRACE, " control: %s crit:%u data:%s", + req->controls[i]->oid, + req->controls[i]->critical, + req->controls[i]->data?"yes":"no"); + } } talloc_free(tmp_ctx); -- cgit From bc53052d38092d32f08fb794d7ea90f89367c229 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 21 Sep 2009 16:31:08 -0700 Subject: s4:dsdb Run the new 'descriptor' module by default. This code was derived from the objectclass module, and we need the new code in the default provision, or else no ACL is set on each object. Andrew Bartlett --- source4/dsdb/samdb/ldb_modules/descriptor.c | 6 ------ 1 file changed, 6 deletions(-) (limited to 'source4') diff --git a/source4/dsdb/samdb/ldb_modules/descriptor.c b/source4/dsdb/samdb/ldb_modules/descriptor.c index 7b5b700916..b0a5467bb7 100644 --- a/source4/dsdb/samdb/ldb_modules/descriptor.c +++ b/source4/dsdb/samdb/ldb_modules/descriptor.c @@ -43,7 +43,6 @@ #include "param/param.h" struct descriptor_data { - bool inherit; }; struct descriptor_context { @@ -405,9 +404,6 @@ static int descriptor_add(struct ldb_module *module, struct ldb_request *req) data = talloc_get_type(ldb_module_get_private(module), struct descriptor_data); ldb = ldb_module_get_ctx(module); - if (!data->inherit) - return ldb_next_request(module, req); - ldb_debug(ldb, LDB_DEBUG_TRACE, "descriptor_add\n"); if (ldb_dn_is_special(req->op.add.message->dn)) { @@ -473,8 +469,6 @@ static int descriptor_init(struct ldb_module *module) return LDB_ERR_OPERATIONS_ERROR; } - data->inherit = lp_parm_bool(ldb_get_opaque(ldb, "loadparm"), - NULL, "acl", "inheritance", false); ldb_module_set_private(module, data); return ldb_next_init(module); } -- cgit From 6033ce24038dfa467e7bf56b04dc6b45f6bff815 Mon Sep 17 00:00:00 2001 From: Anatoliy Atanasov Date: Mon, 21 Sep 2009 17:01:20 -0700 Subject: Add tests for MS-ADTS:3.1.1.5.1.2 Naming Constraints --- source4/torture/ldb/ldb.c | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) (limited to 'source4') diff --git a/source4/torture/ldb/ldb.c b/source4/torture/ldb/ldb.c index d9036dd672..64ed669fc1 100644 --- a/source4/torture/ldb/ldb.c +++ b/source4/torture/ldb/ldb.c @@ -587,6 +587,7 @@ static bool torture_ldb_dn(struct torture_context *torture) struct ldb_dn *dn; struct ldb_dn *child_dn; struct ldb_dn *typo_dn; + struct ldb_val val; torture_assert(torture, ldb = ldb_init(mem_ctx, torture->ev), @@ -655,6 +656,34 @@ static bool torture_ldb_dn(struct torture_context *torture) ldb_dn_compare_base(dn, typo_dn) != 0, "Base Comparison on dc=samba,dc=org and c=samba,dc=org should != 0"); + /* Check DN based on MS-ADTS:3.1.1.5.1.2 Naming Constraints*/ + torture_assert(torture, + dn = ldb_dn_new(mem_ctx, ldb, "CN=New\nLine,DC=SAMBA,DC=org"), + "Failed to create a DN with 0xA in it"); + + torture_assert(torture, + ldb_dn_validate(dn) == false, + "should have failed to validate a DN with 0xA in it"); + + val.data = "CN=Zer\0,DC=SAMBA,DC=org"; + val.length = 23; + torture_assert(torture, + NULL == ldb_dn_from_ldb_val(mem_ctx, ldb, &val), + "should fail to create a DN with 0x0 in it"); + + torture_assert(torture, + dn = ldb_dn_new(mem_ctx, ldb, "CN=loooooooooooooooooooooooooooo" +"ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo" +"ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo" +"ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo" +"ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo" +"ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooongdn,DC=SAMBA,DC=org"), + "Failed to create a DN with size more than 255 characters"); + + torture_assert(torture, + ldb_dn_validate(dn) == false, + "should have failed to validate DN with size more than 255 characters"); + talloc_free(mem_ctx); return true; } -- cgit From b850d7fb08b97fff8ce5ec2cbff2256aa390e440 Mon Sep 17 00:00:00 2001 From: Anatoliy Atanasov Date: Mon, 21 Sep 2009 17:14:06 -0700 Subject: Add support in the ldb_dn.c code for MS-ADTS:3.1.1.5.1.2 Naming Constraints --- source4/lib/ldb/common/ldb_dn.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'source4') diff --git a/source4/lib/ldb/common/ldb_dn.c b/source4/lib/ldb/common/ldb_dn.c index d905f47040..af00ef96f3 100644 --- a/source4/lib/ldb/common/ldb_dn.c +++ b/source4/lib/ldb/common/ldb_dn.c @@ -103,6 +103,11 @@ struct ldb_dn *ldb_dn_from_ldb_val(void *mem_ctx, dn->ext_linearized = talloc_strndup(dn, data, length); LDB_DN_NULL_FAILED(dn->ext_linearized); + if (strlen(data) != length) { + /* The RDN must not contain a character with value 0x0 */ + return NULL; + } + if (data[0] == '<') { const char *p_save, *p = dn->ext_linearized; do { @@ -231,6 +236,9 @@ char *ldb_dn_escape_value(void *mem_ctx, struct ldb_val value) /* explode a DN string into a ldb_dn structure based on RFC4514 except that we don't support multiple valued RDNs + + TODO: according to MS-ADTS:3.1.1.5.2 Naming Constraints + DN must be compliant with RFC2253 */ static bool ldb_dn_explode(struct ldb_dn *dn) { @@ -264,6 +272,11 @@ static bool ldb_dn_explode(struct ldb_dn *dn) return false; } + /* The RDN size must be less than 255 characters */ + if (strlen(parse_dn) > 255) { + return false; + } + /* Empty DNs */ if (parse_dn[0] == '\0') { return true; -- cgit