The branch, master has been updated
via 9e766f0 samba-tool: added missing GUID component checks to dbcheck
via 505dce2 pyldb: added methods to get/set extended components on DNs
via 202f0a4 pydsdb: added get_syntax_oid_from_lDAPDisplayName()
via 341884c ldb: added extended_str() method to pyldb
via dd5350b ldb: expose syntax oids to python
via c4a7908 samba-tool: try to keep dbcheck.py in a logical ordering
via c46f808 s4-dsdb: don't add zero GUID to BINARY_DN
from c173e6e s3-spoolss: Fix some valgrind warnings.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 9e766f019bff74ec9c1d5df326cdea2c7fe05e2a
Author: Andrew Tridgell <tri...@samba.org>
Date: Wed Jun 22 14:44:36 2011 +1000
samba-tool: added missing GUID component checks to dbcheck
Pair-Programmed-With: Andrew Bartlett <abart...@samba.org>
Autobuild-User: Andrew Tridgell <tri...@samba.org>
Autobuild-Date: Wed Jun 22 07:59:30 CEST 2011 on sn-devel-104
commit 505dce2d3aa95d475e12c4e5e4e2b3f1907bdd84
Author: Andrew Tridgell <tri...@samba.org>
Date: Wed Jun 22 14:44:12 2011 +1000
pyldb: added methods to get/set extended components on DNs
this will be used by the dbcheck code
Pair-Programmed-With: Andrew Bartlett <abart...@samba.org>
commit 202f0a4b576d78928a403b68f3e057d3a425bddf
Author: Andrew Tridgell <tri...@samba.org>
Date: Wed Jun 22 14:41:50 2011 +1000
pydsdb: added get_syntax_oid_from_lDAPDisplayName()
this gives you access to the syntax oid of an attribute
Pair-Programmed-With: Andrew Bartlett <abart...@samba.org>
commit 341884c835b9c5785794cba562c2a21939eb4bce
Author: Andrew Tridgell <tri...@samba.org>
Date: Wed Jun 22 13:49:37 2011 +1000
ldb: added extended_str() method to pyldb
this gives access to ldb_dn_get_extended_linearized() from python
Pair-Programmed-With: Andrew Bartlett <abart...@samba.org>
commit dd5350b0a87c82be7d0b0d124885ecfd73bb1b5b
Author: Andrew Tridgell <tri...@samba.org>
Date: Wed Jun 22 12:34:32 2011 +1000
ldb: expose syntax oids to python
Pair-Programmed-With: Andrew Bartlett <abart...@samba.org>
commit c4a7908f46e7005f323eeca5fd38ec9e88a54aa9
Author: Andrew Tridgell <tri...@samba.org>
Date: Wed Jun 22 12:23:05 2011 +1000
samba-tool: try to keep dbcheck.py in a logical ordering
keep individual error handlers together and separate from driver code
commit c46f80824b649647b5a61364a1b8fe26267bbdd9
Author: Andrew Tridgell <tri...@samba.org>
Date: Wed Jun 22 11:56:40 2011 +1000
s4-dsdb: don't add zero GUID to BINARY_DN
When converting from DRS to ldb format for a BINARY_DN, don't add the
GUID extended DN element if the GUID is all zeros.
Pair-Programmed-With: Andrew Bartlett <abart...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
source4/dsdb/pydsdb.c | 40 ++++++
source4/dsdb/schema/schema_syntax.c | 20 ++--
source4/lib/ldb/pyldb.c | 77 +++++++++++
source4/scripting/python/samba/netcmd/dbcheck.py | 160 +++++++++++++++++----
source4/scripting/python/samba/samdb.py | 5 +
5 files changed, 262 insertions(+), 40 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/dsdb/pydsdb.c b/source4/dsdb/pydsdb.c
index 62f33bb..5ca6b02 100644
--- a/source4/dsdb/pydsdb.c
+++ b/source4/dsdb/pydsdb.c
@@ -331,6 +331,38 @@ static PyObject
*py_dsdb_get_attid_from_lDAPDisplayName(PyObject *self, PyObject
}
/*
+ return the attribute syntax oid as a string from the attribute name
+ */
+static PyObject *py_dsdb_get_syntax_oid_from_lDAPDisplayName(PyObject *self,
PyObject *args)
+{
+ PyObject *py_ldb;
+ struct ldb_context *ldb;
+ struct dsdb_schema *schema;
+ const char *ldap_display_name;
+ const struct dsdb_attribute *attribute;
+
+ if (!PyArg_ParseTuple(args, "Os", &py_ldb, &ldap_display_name))
+ return NULL;
+
+ PyErr_LDB_OR_RAISE(py_ldb, ldb);
+
+ schema = dsdb_get_schema(ldb, NULL);
+
+ if (!schema) {
+ PyErr_SetString(PyExc_RuntimeError, "Failed to find a schema
from ldb");
+ return NULL;
+ }
+
+ attribute = dsdb_attribute_by_lDAPDisplayName(schema,
ldap_display_name);
+ if (attribute == NULL) {
+ PyErr_Format(PyExc_RuntimeError, "Failed to find attribute
'%s'", ldap_display_name);
+ return NULL;
+ }
+
+ return PyString_FromString(attribute->syntax->ldap_oid);
+}
+
+/*
convert a python string to a DRSUAPI drsuapi_DsReplicaAttribute attribute
*/
static PyObject *py_dsdb_DsReplicaAttribute(PyObject *self, PyObject *args)
@@ -802,6 +834,8 @@ static PyMethodDef py_dsdb_methods[] = {
METH_VARARGS, NULL },
{ "_dsdb_get_attid_from_lDAPDisplayName",
(PyCFunction)py_dsdb_get_attid_from_lDAPDisplayName,
METH_VARARGS, NULL },
+ { "_dsdb_get_syntax_oid_from_lDAPDisplayName",
(PyCFunction)py_dsdb_get_syntax_oid_from_lDAPDisplayName,
+ METH_VARARGS, NULL },
{ "_dsdb_set_ntds_invocation_id",
(PyCFunction)py_dsdb_set_ntds_invocation_id, METH_VARARGS,
NULL },
@@ -966,4 +1000,10 @@ void initdsdb(void)
ADD_DSDB_FLAG(GPO_FLAG_MACHINE_DISABLE);
ADD_DSDB_FLAG(GPO_INHERIT);
ADD_DSDB_FLAG(GPO_BLOCK_INHERITANCE);
+
+#define ADD_DSDB_STRING(val) PyModule_AddObject(m, #val,
PyString_FromString(val))
+
+ ADD_DSDB_STRING(DSDB_SYNTAX_BINARY_DN);
+ ADD_DSDB_STRING(DSDB_SYNTAX_STRING_DN);
+ ADD_DSDB_STRING(DSDB_SYNTAX_OR_NAME);
}
diff --git a/source4/dsdb/schema/schema_syntax.c
b/source4/dsdb/schema/schema_syntax.c
index 75dc162..f542f67 100644
--- a/source4/dsdb/schema/schema_syntax.c
+++ b/source4/dsdb/schema/schema_syntax.c
@@ -1983,16 +1983,18 @@ static WERROR
dsdb_syntax_DN_BINARY_drsuapi_to_ldb(const struct dsdb_syntax_ctx
W_ERROR_HAVE_NO_MEMORY(dn);
}
- status = GUID_to_ndr_blob(&id3.guid, tmp_ctx, &guid_blob);
- if (!NT_STATUS_IS_OK(status)) {
- talloc_free(tmp_ctx);
- return ntstatus_to_werror(status);
- }
+ if (!GUID_all_zero(&id3.guid)) {
+ status = GUID_to_ndr_blob(&id3.guid, tmp_ctx,
&guid_blob);
+ if (!NT_STATUS_IS_OK(status)) {
+ talloc_free(tmp_ctx);
+ return ntstatus_to_werror(status);
+ }
- ret = ldb_dn_set_extended_component(dn, "GUID", &guid_blob);
- if (ret != LDB_SUCCESS) {
- talloc_free(tmp_ctx);
- return WERR_FOOBAR;
+ ret = ldb_dn_set_extended_component(dn, "GUID",
&guid_blob);
+ if (ret != LDB_SUCCESS) {
+ talloc_free(tmp_ctx);
+ return WERR_FOOBAR;
+ }
}
talloc_free(guid_blob.data);
diff --git a/source4/lib/ldb/pyldb.c b/source4/lib/ldb/pyldb.c
index b568bc2..e2a2e71 100644
--- a/source4/lib/ldb/pyldb.c
+++ b/source4/lib/ldb/pyldb.c
@@ -7,6 +7,8 @@
Copyright (C) 2006 Simo Sorce <i...@samba.org>
Copyright (C) 2007-2010 Jelmer Vernooij <jel...@samba.org>
Copyright (C) 2009-2010 Matthias Dieter Wallnöfer
+ Copyright (C) 2009-2011 Andrew Tridgell
+ Copyright (C) 2009-2011 Andrew Bartlett
** NOTE! The following LGPL license applies to the ldb
** library. This does NOT imply that all of Samba is released
@@ -384,6 +386,62 @@ static PyObject *py_ldb_dn_canonical_ex_str(PyLdbDnObject
*self)
return PyString_FromString(ldb_dn_canonical_ex_string(self->dn,
self->dn));
}
+static PyObject *py_ldb_dn_extended_str(PyLdbDnObject *self, PyObject *args,
PyObject *kwargs)
+{
+ const char * const kwnames[] = { "mode", NULL };
+ int mode = 1;
+ if (!PyArg_ParseTupleAndKeywords(args, kwargs, "|i",
+ discard_const_p(char *, kwnames),
+ &mode))
+ return NULL;
+ return PyString_FromString(ldb_dn_get_extended_linearized(self->dn,
self->dn, mode));
+}
+
+static PyObject *py_ldb_dn_get_extended_component(PyLdbDnObject *self,
PyObject *args)
+{
+ char *name;
+ const struct ldb_val *val;
+
+ if (!PyArg_ParseTuple(args, "s", &name))
+ return NULL;
+ val = ldb_dn_get_extended_component(self->dn, name);
+ if (val == NULL) {
+ Py_RETURN_NONE;
+ }
+
+ return PyString_FromStringAndSize((const char *)val->data, val->length);
+}
+
+static PyObject *py_ldb_dn_set_extended_component(PyLdbDnObject *self,
PyObject *args)
+{
+ char *name;
+ PyObject *value;
+ int err;
+
+ if (!PyArg_ParseTuple(args, "sO", &name, &value))
+ return NULL;
+
+ if (value == Py_None) {
+ err = ldb_dn_set_extended_component(self->dn, name, NULL);
+ } else {
+ struct ldb_val val;
+ if (!PyString_Check(value)) {
+ PyErr_SetString(PyExc_TypeError, "Expected a string
argument");
+ return NULL;
+ }
+ val.data = (uint8_t *)PyString_AsString(value);
+ val.length = PyString_Size(value);
+ err = ldb_dn_set_extended_component(self->dn, name, &val);
+ }
+
+ if (err != LDB_SUCCESS) {
+ PyErr_SetString(PyExc_TypeError, "Failed to set extended
component");
+ return NULL;
+ }
+
+ Py_RETURN_NONE;
+}
+
static PyObject *py_ldb_dn_repr(PyLdbDnObject *self)
{
return PyString_FromFormat("Dn(%s)",
PyObject_REPR(PyString_FromString(ldb_dn_get_linearized(self->dn))));
@@ -485,6 +543,9 @@ static PyMethodDef py_ldb_dn_methods[] = {
{ "canonical_ex_str", (PyCFunction)py_ldb_dn_canonical_ex_str,
METH_NOARGS,
"S.canonical_ex_str() -> string\n"
"Canonical version of this DN (like a posix path, with
terminating newline)." },
+ { "extended_str", (PyCFunction)py_ldb_dn_extended_str, METH_VARARGS |
METH_KEYWORDS,
+ "S.extended_str(mode=1) -> string\n"
+ "Extended version of this DN" },
{ "parent", (PyCFunction)py_ldb_dn_get_parent, METH_NOARGS,
"S.parent() -> dn\n"
"Get the parent for this DN." },
@@ -497,6 +558,12 @@ static PyMethodDef py_ldb_dn_methods[] = {
{ "check_special", (PyCFunction)py_ldb_dn_check_special, METH_VARARGS,
"S.check_special(name) -> bool\n\n"
"Check if name is a special DN name"},
+ { "get_extended_component",
(PyCFunction)py_ldb_dn_get_extended_component, METH_VARARGS,
+ "S.get_extended_component(name) -> string\n\n"
+ "returns a DN extended component as a binary string"},
+ { "set_extended_component",
(PyCFunction)py_ldb_dn_set_extended_component, METH_VARARGS,
+ "S.set_extended_component(name, value) -> string\n\n"
+ "set a DN extended component as a binary string"},
{ NULL }
};
@@ -3222,4 +3289,14 @@ void initldb(void)
PyModule_AddObject(m, "Control", (PyObject *)&PyLdbControl);
PyModule_AddObject(m, "__version__",
PyString_FromString(PACKAGE_VERSION));
+
+#define ADD_LDB_STRING(val) PyModule_AddObject(m, #val,
PyString_FromString(val))
+
+ ADD_LDB_STRING(LDB_SYNTAX_DN);
+ ADD_LDB_STRING(LDB_SYNTAX_DN);
+ ADD_LDB_STRING(LDB_SYNTAX_DIRECTORY_STRING);
+ ADD_LDB_STRING(LDB_SYNTAX_INTEGER);
+ ADD_LDB_STRING(LDB_SYNTAX_BOOLEAN);
+ ADD_LDB_STRING(LDB_SYNTAX_OCTET_STRING);
+ ADD_LDB_STRING(LDB_SYNTAX_UTC_TIME);
}
diff --git a/source4/scripting/python/samba/netcmd/dbcheck.py
b/source4/scripting/python/samba/netcmd/dbcheck.py
index f28f9c6..4c9e0a1 100644
--- a/source4/scripting/python/samba/netcmd/dbcheck.py
+++ b/source4/scripting/python/samba/netcmd/dbcheck.py
@@ -20,15 +20,42 @@
import ldb, sys
import samba.getopt as options
+from samba import dsdb
from samba.common import confirm
from samba.auth import system_session
from samba.samdb import SamDB
+from samba.dcerpc import misc
from samba.netcmd import (
Command,
CommandError,
Option
)
+
+class dsdb_DN(object):
+ '''a class to manipulate DN components'''
+
+ def __init__(self, samdb, dnstring, syntax_oid):
+ if syntax_oid in [ dsdb.DSDB_SYNTAX_BINARY_DN,
dsdb.DSDB_SYNTAX_STRING_DN ]:
+ colons = dnstring.split(':')
+ if len(colons) < 4:
+ raise Exception("invalid DN prefix")
+ prefix_len = 4 + len(colons[1]) + int(colons[1])
+ self.prefix = dnstring[0:prefix_len]
+ self.dnstring = dnstring[prefix_len:]
+ else:
+ self.dnstring = dnstring
+ self.prefix = ''
+ try:
+ self.dn = ldb.Dn(samdb, self.dnstring)
+ except Exception, msg:
+ print("ERROR: bad DN string '%s'" % self.dnstring)
+ raise
+
+ def __str__(self):
+ return self.prefix + str(self.dn.extended_str(mode=1))
+
+
class cmd_dbcheck(Command):
"""check local AD database for errors"""
synopsis = "dbcheck <DN> [options]"
@@ -86,7 +113,10 @@ class cmd_dbcheck(Command):
if error_count != 0:
sys.exit(1)
- def empty_attribute(self, dn, attrname):
+
+ ################################################################
+ # handle empty attributes
+ def err_empty_attribute(self, dn, attrname):
'''fix empty attributes'''
print("ERROR: Empty attribute %s in %s" % (attrname, dn))
if not self.fix:
@@ -98,6 +128,8 @@ class cmd_dbcheck(Command):
m = ldb.Message()
m.dn = dn
m[attrname] = ldb.MessageElement('', ldb.FLAG_MOD_DELETE, attrname)
+ if self.verbose:
+ print(self.samdb.write_ldif(m, ldb.CHANGETYPE_MODIFY))
try:
self.samdb.modify(m, controls=["relax:0"], validate=False)
except Exception, msg:
@@ -105,37 +137,10 @@ class cmd_dbcheck(Command):
return
print("Removed empty attribute %s" % attrname)
- def check_object(self, dn):
- '''check one object'''
- if self.verbose:
- print("Checking object %s" % dn)
- res = self.samdb.search(base=dn, scope=ldb.SCOPE_BASE,
controls=["extended_dn:1:1"], attrs=['*', 'ntSecurityDescriptor'])
- if len(res) != 1:
- print("Object %s disappeared during check" % dn)
- return 1
- obj = res[0]
- error_count = 0
- for attrname in obj:
- if attrname == 'dn':
- continue
-
- # check for empty attributes
- for val in obj[attrname]:
- if val == '':
- self.empty_attribute(dn, attrname)
- error_count += 1
- continue
-
- # check for incorrectly normalised attributes
- for val in obj[attrname]:
- normalised = self.samdb.dsdb_normalise_attributes(self.samdb,
attrname, [val])
- if len(normalised) != 1 or normalised[0] != val:
- self.normalise_mismatch(dn, attrname, obj[attrname])
- error_count += 1
- break
- return error_count
- def normalise_mismatch(self, dn, attrname, values):
+ ################################################################
+ # handle normalisation mismatches
+ def err_normalise_mismatch(self, dn, attrname, values):
'''fix attribute normalisation errors'''
print("ERROR: Normalisation error for attribute %s in %s" % (attrname,
dn))
mod_list = []
@@ -161,9 +166,102 @@ class cmd_dbcheck(Command):
if nval != '':
m['normv_%u' % i] = ldb.MessageElement(nval, ldb.FLAG_MOD_ADD,
attrname)
+ if self.verbose:
+ print(self.samdb.write_ldif(m, ldb.CHANGETYPE_MODIFY))
try:
self.samdb.modify(m, controls=["relax:0"], validate=False)
except Exception, msg:
print("Failed to normalise attribute %s : %s" % (attrname, msg))
return
print("Normalised attribute %s" % attrname)
+
+
+ ################################################################
+ # handle a missing GUID extended DN component
+ def err_missing_dn_GUID(self, dn, attrname, val, dsdb_dn):
+ print("ERROR: missing GUID component for %s in object %s - %s" %
(attrname, dn, val))
+ try:
+ res = self.samdb.search(base=dsdb_dn.dn, scope=ldb.SCOPE_BASE,
attrs=['objectGUID'])
+ except LdbError, (enum, estr):
+ print("unable to find object for DN %s - cannot fix (%s)" %
(dsdb_dn.dn, estr))
+ return
+ guid = res[0]['objectGUID'][0]
+ guidstr = str(misc.GUID(guid))
+ dsdb_dn.dn.set_extended_component("GUID", guid)
+
+ if not confirm('Add GUID %s giving DN %s?' % (guidstr, str(dsdb_dn))):
+ print("Not fixing missing GUID")
+ return
+ m = ldb.Message()
+ m.dn = dn
+ m['old_value'] = ldb.MessageElement(val, ldb.FLAG_MOD_DELETE, attrname)
+ m['new_value'] = ldb.MessageElement(str(dsdb_dn), ldb.FLAG_MOD_ADD,
attrname)
+ if self.verbose:
+ print(self.samdb.write_ldif(m, ldb.CHANGETYPE_MODIFY))
+ try:
+ self.samdb.modify(m)
+ except Exception, msg:
+ print("Failed to fix missing GUID on attribute %s : %s" %
(attrname, msg))
+ return
+ print("Fixed missing GUID on attribute %s" % attrname)
+
+
+
+ ################################################################
+ # specialised checking for a dn attribute
+ def check_dn(self, obj, attrname, syntax_oid):
+ '''check a DN attribute for correctness'''
+ error_count = 0
+ for val in obj[attrname]:
+ dsdb_dn = dsdb_DN(self.samdb, val, syntax_oid)
+
+ # all DNs should have a GUID component
+ guid = dsdb_dn.dn.get_extended_component("GUID")
+ if guid is None:
+ error_count += 1
+ self.err_missing_dn_GUID(obj.dn, attrname, val, dsdb_dn)
+
+ return 0
+
+
+
+ ################################################################
+ # check one object - calls to individual error handlers above
+ def check_object(self, dn):
+ '''check one object'''
+ if self.verbose:
+ print("Checking object %s" % dn)
+ res = self.samdb.search(base=dn, scope=ldb.SCOPE_BASE,
controls=["extended_dn:1:1"], attrs=['*', 'ntSecurityDescriptor'])
+ if len(res) != 1:
+ print("Object %s disappeared during check" % dn)
+ return 1
+ obj = res[0]
+ error_count = 0
+ for attrname in obj:
+ if attrname == 'dn':
+ continue
+
+ # check for empty attributes
+ for val in obj[attrname]:
+ if val == '':
+ self.err_empty_attribute(dn, attrname)
+ error_count += 1
+ continue
+
+ # get the syntax oid for the attribute, so we can can have
+ # special handling for some specific attribute types
+ syntax_oid =
self.samdb.get_syntax_oid_from_lDAPDisplayName(attrname)
+
+ if syntax_oid in [ dsdb.DSDB_SYNTAX_BINARY_DN,
dsdb.DSDB_SYNTAX_OR_NAME,
+ dsdb.DSDB_SYNTAX_STRING_DN, ldb.LDB_SYNTAX_DN ]:
+ # it's some form of DN, do specialised checking on those
+ error_count += self.check_dn(obj, attrname, syntax_oid)
+
+ # check for incorrectly normalised attributes
+ for val in obj[attrname]:
+ normalised = self.samdb.dsdb_normalise_attributes(self.samdb,
attrname, [val])
+ if len(normalised) != 1 or normalised[0] != val:
+ self.err_normalise_mismatch(dn, attrname, obj[attrname])
+ error_count += 1
+ break
+ return error_count
diff --git a/source4/scripting/python/samba/samdb.py
b/source4/scripting/python/samba/samdb.py
index 53346e8..72ee472 100644
--- a/source4/scripting/python/samba/samdb.py
+++ b/source4/scripting/python/samba/samdb.py
@@ -476,9 +476,14 @@ accountExpires: %u
def get_attid_from_lDAPDisplayName(self, ldap_display_name,
is_schema_nc=False):
+ '''return the attribute ID for a LDAP attribute as an integer as found
in DRSUAPI'''
return dsdb._dsdb_get_attid_from_lDAPDisplayName(self,
ldap_display_name, is_schema_nc)
+ def get_syntax_oid_from_lDAPDisplayName(self, ldap_display_name):
+ '''return the syntax OID for a LDAP attribute as a string'''
+ return dsdb._dsdb_get_syntax_oid_from_lDAPDisplayName(self,
ldap_display_name)
+
def set_ntds_settings_dn(self, ntds_settings_dn):
"""Set the NTDS Settings DN, as would be returned on the dsServiceName
rootDSE attribute.
--
Samba Shared Repository
