The Samba-Bugzilla – Attachment 2840 Details for
Bug 4806
The right "allowedChildClassesEffective"s for schema
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Attempt to prive allowedChildClasses
allowedChildClasses.patch (text/plain), 6.46 KB, created by
Andrew Bartlett
on 2007-07-24 08:05:39 UTC
(
hide
)
Description:
Attempt to prive allowedChildClasses
Filename:
MIME Type:
Creator:
Andrew Bartlett
Created:
2007-07-24 08:05:39 UTC
Size:
6.46 KB
patch
obsolete
>Index: dsdb/schema/schema_init.c >=================================================================== >--- dsdb/schema/schema_init.c (revision 24009) >+++ dsdb/schema/schema_init.c (working copy) >@@ -492,16 +492,18 @@ > GET_STRING_LDB(msg, "subClassOf", mem_ctx, obj, subClassOf, True); > > obj->systemAuxiliaryClass = NULL; >- obj->systemPossSuperiors = NULL; > > obj->auxiliaryClass = NULL; >- obj->possSuperiors = NULL; > > GET_STRING_LIST_LDB(msg, "systemMustContain", mem_ctx, obj, systemMustContain, False); > GET_STRING_LIST_LDB(msg, "systemMayContain", mem_ctx, obj, systemMayContain, False); > GET_STRING_LIST_LDB(msg, "mustContain", mem_ctx, obj, mustContain, False); > GET_STRING_LIST_LDB(msg, "mayContain", mem_ctx, obj, mayContain, False); > >+ GET_STRING_LIST_LDB(msg, "systemPossSuperiors", mem_ctx, obj, systemPossSuperiors, False); >+ GET_STRING_LIST_LDB(msg, "possSuperiors", mem_ctx, obj, possSuperiors, False); >+ GET_STRING_LIST_LDB(msg, "possibleInferiors", mem_ctx, obj, possibleInferiors, False); >+ > GET_STRING_LDB(msg, "defaultSecurityDescriptor", mem_ctx, obj, defaultSecurityDescriptor, False); > > GET_UINT32_LDB(msg, "schemaFlagsEx", obj, schemaFlagsEx); >@@ -832,6 +834,8 @@ > obj->mustContain = NULL; > obj->mayContain = NULL; > >+ obj->possibleInferiors = NULL; >+ > GET_STRING_DS(schema, r, "defaultSecurityDescriptor", mem_ctx, obj, defaultSecurityDescriptor, False); > > GET_UINT32_DS(schema, r, "schemaFlagsEx", obj, schemaFlagsEx); >Index: dsdb/schema/schema.h >=================================================================== >--- dsdb/schema/schema.h (revision 24009) >+++ dsdb/schema/schema.h (working copy) >@@ -111,6 +111,7 @@ > const char **possSuperiors; > const char **mustContain; > const char **mayContain; >+ const char **possibleInferiors; > > const char *defaultSecurityDescriptor; > >Index: dsdb/samdb/ldb_modules/kludge_acl.c >=================================================================== >--- dsdb/samdb/ldb_modules/kludge_acl.c (revision 24010) >+++ dsdb/samdb/ldb_modules/kludge_acl.c (working copy) >@@ -107,13 +107,15 @@ > enum user_is user_type; > bool allowedAttributes; > bool allowedAttributesEffective; >+ bool allowedChildClasses; >+ bool allowedChildClassesEffective; > const char **attrs; > }; > > /* read all objectClasses */ > > static int kludge_acl_allowedAttributes(struct ldb_context *ldb, struct ldb_message *msg, >- const char *attrName) >+ const char *attrName) > { > struct ldb_message_element *oc_el; > struct ldb_message_element *allowedAttributes; >@@ -129,12 +131,13 @@ > we alter the element array in ldb_msg_add_empty() */ > oc_el = ldb_msg_find_element(msg, "objectClass"); > >- for (i=0; i < oc_el->num_values; i++) { >+ for (i=0; oc_el && i < oc_el->num_values; i++) { > class = dsdb_class_by_lDAPDisplayName(schema, (const char *)oc_el->values[i].data); > if (!class) { > /* We don't know this class? what is going on? */ > continue; > } >+ > for (j=0; class->mayContain && class->mayContain[j]; j++) { > ldb_msg_add_string(msg, attrName, class->mayContain[j]); > } >@@ -169,7 +172,58 @@ > return 0; > > } >+/* read all objectClasses */ > >+static int kludge_acl_childClasses(struct ldb_context *ldb, struct ldb_message *msg, >+ const char *attrName) >+{ >+ struct ldb_message_element *oc_el; >+ struct ldb_message_element *allowedClasses; >+ const struct dsdb_schema *schema = dsdb_get_schema(ldb); >+ const struct dsdb_class *class; >+ int i, j, ret; >+ ret = ldb_msg_add_empty(msg, attrName, 0, &allowedClasses); >+ if (ret != LDB_SUCCESS) { >+ return ret; >+ } >+ >+ /* To ensure that oc_el is valid, we must look for it after >+ we alter the element array in ldb_msg_add_empty() */ >+ oc_el = ldb_msg_find_element(msg, "objectClass"); >+ >+ for (i=0; oc_el && i < oc_el->num_values; i++) { >+ class = dsdb_class_by_lDAPDisplayName(schema, (const char *)oc_el->values[i].data); >+ if (!class) { >+ /* We don't know this class? what is going on? */ >+ continue; >+ } >+ >+ for (j=0; class->possibleInferiors && class->possibleInferiors[j]; j++) { >+ ldb_msg_add_string(msg, attrName, class->possibleInferiors[j]); >+ } >+ } >+ >+ if (allowedClasses->num_values > 1) { >+ qsort(allowedClasses->values, >+ allowedClasses->num_values, >+ sizeof(*allowedClasses->values), >+ (comparison_fn_t)data_blob_cmp); >+ >+ for (i=1 ; i < allowedClasses->num_values; i++) { >+ struct ldb_val *val1 = &allowedClasses->values[i-1]; >+ struct ldb_val *val2 = &allowedClasses->values[i]; >+ if (data_blob_cmp(val1, val2) == 0) { >+ memmove(val1, val2, (allowedClasses->num_values - i) * sizeof( struct ldb_val)); >+ allowedClasses->num_values--; >+ i--; >+ } >+ } >+ } >+ >+ return 0; >+ >+} >+ > /* find all attributes allowed by all these objectClasses */ > > static int kludge_acl_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) >@@ -194,8 +248,15 @@ > ret = kludge_acl_allowedAttributes(ldb, ares->message, "allowedAttributes"); > if (ret != LDB_SUCCESS) { > return ret; >+ > } > } >+ if (ac->allowedChildClasses) { >+ ret = kludge_acl_childClasses(ldb, ares->message, "allowedChildClasses"); >+ if (ret != LDB_SUCCESS) { >+ return ret; >+ } >+ } > > if (data && data->password_attrs) /* if we are not initialized just get through */ > { >@@ -208,6 +269,12 @@ > return ret; > } > } >+ if (ac->allowedChildClassesEffective) { >+ ret = kludge_acl_childClasses(ldb, ares->message, "allowedChildClassesEffective"); >+ if (ret != LDB_SUCCESS) { >+ return ret; >+ } >+ } > break; > default: > /* remove password attributes */ >@@ -217,7 +284,8 @@ > } > } > >- if ((ac->allowedAttributes || ac->allowedAttributesEffective) && >+ if ((ac->allowedAttributes || ac->allowedAttributesEffective >+ || ac->allowedChildClasses || ac->allowedChildClassesEffective) && > (!ldb_attr_in_list(ac->attrs, "objectClass") && > !ldb_attr_in_list(ac->attrs, "*"))) { > ldb_msg_remove_attr(ares->message, "objectClass"); >@@ -267,7 +335,11 @@ > > ac->allowedAttributesEffective = ldb_attr_in_list(req->op.search.attrs, "allowedAttributesEffective"); > >- if (ac->allowedAttributes || ac->allowedAttributesEffective) { >+ ac->allowedChildClasses = ldb_attr_in_list(req->op.search.attrs, "allowedChildClasses"); >+ >+ ac->allowedChildClassesEffective = ldb_attr_in_list(req->op.search.attrs, "allowedChildClassesEffective"); >+ >+ if (ac->allowedAttributes || ac->allowedAttributesEffective || ac->allowedChildClasses || ac->allowedChildClassesEffective) { > down_req->op.search.attrs > = ldb_attr_list_copy_add(down_req, down_req->op.search.attrs, "objectClass"); > }
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 4806
: 2840