The branch, master has been updated via dd60dcf test-chgdcpass: test the ldap case for server password change via 0e6c5c0 s4-ldapclient: cope with logon failure retry in LDAP via b0cc0d5 s4-librpc: set error code to LOGON_FAILURE on RPC fault with access denied via 538dd04 samba-tool: "drs options" does not need a samdb connection via 5d6ae34 s4-librpc: try a 2nd logon for more error cases via 30ffdda ldb: fixed callers for ldb_pack_data() and ldb_unpack_data() via fc47b0d ldb: move ldb_pack.c into common via e480995 test_chgdpass: use drs bind to test password change on RPC via ed2e69f s4-librpc: use cli_credentials_failed_kerberos_login to cope with stale tickets via fce66b2 test_chgdpass: added test for kerberos retry via d4ea637 libcli: use cli_credentials_failed_kerberos_login() to cope with server changes via 994696c auth: added cli_credentials_failed_kerberos_login() from ffb608b util: remove accidently committed hunk
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit dd60dcf343bfb8286951d3109055693634574d8b Author: Andrew Tridgell <tri...@samba.org> Date: Thu Nov 1 14:11:02 2012 +1100 test-chgdcpass: test the ldap case for server password change use samba-tool drs options which does both RPC and LDAP connections Pair-Programmed-With: Andrew Bartlett <abart...@samba.org> Autobuild-User(master): Andrew Tridgell <tri...@samba.org> Autobuild-Date(master): Thu Nov 1 07:21:17 CET 2012 on sn-devel-104 commit 0e6c5c036f8faddcc6ca65c26453ffaf248ed2b5 Author: Andrew Tridgell <tri...@samba.org> Date: Thu Nov 1 14:10:14 2012 +1100 s4-ldapclient: cope with logon failure retry in LDAP similar to what was done for rpc and cifs, we now retry once on logon failure for ldap, allowing for a new ticket to be fetched when a server password changes while we have a valid ticket for the old password Pair-Programmed-With: Andrew Bartlett <abart...@samba.org> commit b0cc0d5698d34aa7956b22faa8b79bd9b338286d Author: Andrew Tridgell <tri...@samba.org> Date: Thu Nov 1 13:42:52 2012 +1100 s4-librpc: set error code to LOGON_FAILURE on RPC fault with access denied this allows the client code to trigger a retry with a new password callback for NTLM connections Pair-Programmed-With: Andrew Bartlett <abart...@samba.org> commit 538dd046f1efefbeb8660ef1ff5afd594a003341 Author: Andrew Tridgell <tri...@samba.org> Date: Thu Nov 1 13:31:47 2012 +1100 samba-tool: "drs options" does not need a samdb connection this gives us a handy pure RPC client test for use in blackbox testing Pair-Programmed-With: Andrew Bartlett <abart...@samba.org> commit 5d6ae3498ad77ccdb7a8b3a316d7aa86c2f0c56a Author: Andrew Tridgell <tri...@samba.org> Date: Thu Nov 1 13:30:47 2012 +1100 s4-librpc: try a 2nd logon for more error cases not all servers give LOGON_FAILURE on authentication failures, so we need to do the retry with a new ticket on a wider range of error types Pair-Programmed-With: Andrew Bartlett <abart...@samba.org> commit 30ffdda45bd3ae602b453c9c1bbdb77ea3de8a8d Author: Andrew Tridgell <tri...@samba.org> Date: Wed Oct 31 16:06:03 2012 +1100 ldb: fixed callers for ldb_pack_data() and ldb_unpack_data() with ltdb_pack_data() and ltdb_unpack_data() now moved into common, we need to increase the minor version and fixup callers of the API Note that this relies on struct ldb_val being the same shape as TDB_DATA, in much the same way as we rely on ldb_val and DATA_BLOB being the same shape. Pair-Programmed-With: Andrew Bartlett <abart...@samba.org> commit fc47b0d03c577730ce0ef9e09092f80c0712d5d0 Author: Andrew Tridgell <tri...@samba.org> Date: Wed Oct 31 15:39:09 2012 +1100 ldb: move ldb_pack.c into common this code should not be tied to the ldb_tdb backend, both because it could be used for any record oriented backend, and because it should be exposed for use by diagnosis/repair tools such as the recently added ldbdump tool Pair-Programmed-With: Andrew Bartlett <abart...@samba.org> commit e48099516e4975cb69c7e2850d3b13b25bab7c44 Author: Andrew Tridgell <tri...@samba.org> Date: Wed Oct 31 18:45:25 2012 +1100 test_chgdpass: use drs bind to test password change on RPC Pair-Programmed-With: Andrew Bartlett <abart...@samba.org> commit ed2e69fe91fee642392803a17d42d64adc36e41d Author: Andrew Tridgell <tri...@samba.org> Date: Wed Oct 31 18:44:23 2012 +1100 s4-librpc: use cli_credentials_failed_kerberos_login to cope with stale tickets This allows our RPC client code to cope with a kerberos server changing password while we have a valid service ticket Pair-Programmed-With: Andrew Bartlett <abart...@samba.org> commit fce66b22ea312abb252fb9dc748b3adc6fbab49f Author: Andrew Tridgell <tri...@samba.org> Date: Wed Oct 31 18:00:43 2012 +1100 test_chgdpass: added test for kerberos retry this tests that we correctly retry with a new ccache entry when a server changes its password while we have a valid ticket Pair-Programmed-With: Andrew Bartlett <abart...@samba.org> commit d4ea637eb869e0c3540140b7ae04c2b483f7693c Author: Andrew Tridgell <tri...@samba.org> Date: Wed Oct 31 17:59:54 2012 +1100 libcli: use cli_credentials_failed_kerberos_login() to cope with server changes if a server changes while we have a valid ticket we want to retry after removing the ccache entry. Pair-Programmed-With: Andrew Bartlett <abart...@samba.org> commit 994696c5c4638b0665021eac1c55b4c6ea9fd55f Author: Andrew Tridgell <tri...@samba.org> Date: Wed Oct 31 17:58:20 2012 +1100 auth: added cli_credentials_failed_kerberos_login() this is used to support retrying kerberos connections after removing a ccache entry, to cope with a server being re-built while our client still has a valid service ticket Pair-Programmed-With: Andrew Bartlett <abart...@samba.org> ----------------------------------------------------------------------- Summary of changes: auth/credentials/credentials.h | 3 + auth/credentials/credentials_krb5.c | 61 ++++++++++ lib/ldb/ABI/{ldb-1.1.12.sigs => ldb-1.1.14.sigs} | 2 + ...ldb-util-1.1.10.sigs => pyldb-util-1.1.14.sigs} | 0 lib/ldb/{ldb_tdb => common}/ldb_pack.c | 69 ++++++------ lib/ldb/include/ldb_private.h | 11 ++ lib/ldb/ldb_tdb/ldb_index.c | 3 +- lib/ldb/ldb_tdb/ldb_search.c | 5 +- lib/ldb/ldb_tdb/ldb_tdb.c | 5 +- lib/ldb/ldb_tdb/ldb_tdb.h | 9 -- lib/ldb/tools/ldbdump.c | 15 ++- lib/ldb/wscript | 8 +- source4/libcli/ldap/ldap_bind.c | 116 +++++++++++++------ source4/libcli/smb_composite/sesssetup.c | 17 +++- source4/librpc/rpc/dcerpc.c | 9 +- source4/librpc/rpc/dcerpc_util.c | 25 ++++- source4/scripting/python/samba/netcmd/drs.py | 1 - testprogs/blackbox/test_chgdcpass.sh | 41 +++++++ 18 files changed, 298 insertions(+), 102 deletions(-) copy lib/ldb/ABI/{ldb-1.1.12.sigs => ldb-1.1.14.sigs} (99%) copy lib/ldb/ABI/{pyldb-util-1.1.10.sigs => pyldb-util-1.1.14.sigs} (100%) rename lib/ldb/{ldb_tdb => common}/ldb_pack.c (84%) Changeset truncated at 500 lines: diff --git a/auth/credentials/credentials.h b/auth/credentials/credentials.h index 0bcfd61..dbc014f 100644 --- a/auth/credentials/credentials.h +++ b/auth/credentials/credentials.h @@ -182,6 +182,9 @@ int cli_credentials_get_named_ccache(struct cli_credentials *cred, struct loadparm_context *lp_ctx, char *ccache_name, struct ccache_container **ccc, const char **error_string); +bool cli_credentials_failed_kerberos_login(struct cli_credentials *cred, + const char *principal, + unsigned int *count); int cli_credentials_get_keytab(struct cli_credentials *cred, struct loadparm_context *lp_ctx, struct keytab_container **_ktc); diff --git a/auth/credentials/credentials_krb5.c b/auth/credentials/credentials_krb5.c index 459e948..cc51f56 100644 --- a/auth/credentials/credentials_krb5.c +++ b/auth/credentials/credentials_krb5.c @@ -212,6 +212,67 @@ _PUBLIC_ int cli_credentials_set_ccache(struct cli_credentials *cred, return 0; } +/* + * Indicate the we failed to log in to this service/host with these + * credentials. The caller passes an unsigned int which they + * initialise to the number of times they would like to retry. + * + * This method is used to support re-trying with freshly fetched + * credentials in case a server is rebuilt while clients have + * non-expired tickets. When the client code gets a logon failure they + * throw away the existing credentials for the server and retry. + */ +_PUBLIC_ bool cli_credentials_failed_kerberos_login(struct cli_credentials *cred, + const char *principal, + unsigned int *count) +{ + struct ccache_container *ccc; + krb5_creds creds, creds2; + int ret; + + if (principal == NULL) { + /* no way to delete if we don't know the principal */ + return false; + } + + ccc = cred->ccache; + if (ccc == NULL) { + /* not a kerberos connection */ + return false; + } + + if (*count > 0) { + /* We have already tried discarding the credentials */ + return false; + } + (*count)++; + + ZERO_STRUCT(creds); + ret = krb5_parse_name(ccc->smb_krb5_context->krb5_context, principal, &creds.server); + if (ret != 0) { + return false; + } + + ret = krb5_cc_retrieve_cred(ccc->smb_krb5_context->krb5_context, ccc->ccache, KRB5_TC_MATCH_SRV_NAMEONLY, &creds, &creds2); + if (ret != 0) { + /* don't retry - we didn't find these credentials to remove */ + return false; + } + + ret = krb5_cc_remove_cred(ccc->smb_krb5_context->krb5_context, ccc->ccache, KRB5_TC_MATCH_SRV_NAMEONLY, &creds); + krb5_free_cred_contents(ccc->smb_krb5_context->krb5_context, &creds2); + if (ret != 0) { + /* don't retry - we didn't find these credentials to + * remove. Note that with the current backend this + * never happens, as it always returns 0 even if the + * creds don't exist, which is why we do a separate + * krb5_cc_retrieve_cred() above. + */ + return false; + } + return true; +} + static int cli_credentials_new_ccache(struct cli_credentials *cred, struct loadparm_context *lp_ctx, diff --git a/lib/ldb/ABI/ldb-1.1.12.sigs b/lib/ldb/ABI/ldb-1.1.14.sigs similarity index 99% copy from lib/ldb/ABI/ldb-1.1.12.sigs copy to lib/ldb/ABI/ldb-1.1.14.sigs index c8ccd25..eac5194 100644 --- a/lib/ldb/ABI/ldb-1.1.12.sigs +++ b/lib/ldb/ABI/ldb-1.1.14.sigs @@ -186,6 +186,7 @@ ldb_next_request: int (struct ldb_module *, struct ldb_request *) ldb_next_start_trans: int (struct ldb_module *) ldb_op_default_callback: int (struct ldb_request *, struct ldb_reply *) ldb_options_find: const char *(struct ldb_context *, const char **, const char *) +ldb_pack_data: int (struct ldb_context *, const struct ldb_message *, struct ldb_val *) ldb_parse_control_from_string: struct ldb_control *(struct ldb_context *, TALLOC_CTX *, const char *) ldb_parse_control_strings: struct ldb_control **(struct ldb_context *, TALLOC_CTX *, const char **) ldb_parse_tree: struct ldb_parse_tree *(TALLOC_CTX *, const char *) @@ -249,6 +250,7 @@ ldb_transaction_cancel_noerr: int (struct ldb_context *) ldb_transaction_commit: int (struct ldb_context *) ldb_transaction_prepare_commit: int (struct ldb_context *) ldb_transaction_start: int (struct ldb_context *) +ldb_unpack_data: int (struct ldb_context *, const struct ldb_val *, struct ldb_message *) ldb_val_dup: struct ldb_val (TALLOC_CTX *, const struct ldb_val *) ldb_val_equal_exact: int (const struct ldb_val *, const struct ldb_val *) ldb_val_map_local: struct ldb_val (struct ldb_module *, void *, const struct ldb_map_attribute *, const struct ldb_val *) diff --git a/lib/ldb/ABI/pyldb-util-1.1.10.sigs b/lib/ldb/ABI/pyldb-util-1.1.14.sigs similarity index 100% copy from lib/ldb/ABI/pyldb-util-1.1.10.sigs copy to lib/ldb/ABI/pyldb-util-1.1.14.sigs diff --git a/lib/ldb/ldb_tdb/ldb_pack.c b/lib/ldb/common/ldb_pack.c similarity index 84% rename from lib/ldb/ldb_tdb/ldb_pack.c rename to lib/ldb/common/ldb_pack.c index 003be15..4382d5b 100644 --- a/lib/ldb/ldb_tdb/ldb_pack.c +++ b/lib/ldb/common/ldb_pack.c @@ -1,4 +1,4 @@ -/* +/* ldb database library Copyright (C) Andrew Tridgell 2004 @@ -6,7 +6,7 @@ ** NOTE! The following LGPL license applies to the ldb ** library. This does NOT imply that all of Samba is released ** under the LGPL - + This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either @@ -31,13 +31,13 @@ * Author: Andrew Tridgell */ -#include "ldb_tdb.h" +#include "ldb_private.h" /* change this if the data format ever changes */ -#define LTDB_PACKING_FORMAT 0x26011967 +#define LDB_PACKING_FORMAT 0x26011967 /* old packing formats */ -#define LTDB_PACKING_FORMAT_NODN 0x26011966 +#define LDB_PACKING_FORMAT_NODN 0x26011966 /* use a portable integer format */ static void put_uint32(uint8_t *p, int ofs, unsigned int val) @@ -65,26 +65,23 @@ static int attribute_storable_values(const struct ldb_message_element *el) } /* - pack a ldb message into a linear buffer in a TDB_DATA + pack a ldb message into a linear buffer in a ldb_val note that this routine avoids saving elements with zero values, as these are equivalent to having no element caller frees the data buffer after use */ -int ltdb_pack_data(struct ldb_module *module, - const struct ldb_message *message, - TDB_DATA *data) +int ldb_pack_data(struct ldb_context *ldb, + const struct ldb_message *message, + struct ldb_val *data) { - struct ldb_context *ldb; unsigned int i, j, real_elements=0; size_t size; const char *dn; uint8_t *p; size_t len; - ldb = ldb_module_get_ctx(module); - dn = ldb_dn_get_linearized(message->dn); if (dn == NULL) { errno = ENOMEM; @@ -110,16 +107,16 @@ int ltdb_pack_data(struct ldb_module *module, } /* allocate it */ - data->dptr = talloc_array(ldb, uint8_t, size); - if (!data->dptr) { + data->data = talloc_array(ldb, uint8_t, size); + if (!data->data) { errno = ENOMEM; return -1; } - data->dsize = size; + data->length = size; - p = data->dptr; - put_uint32(p, 0, LTDB_PACKING_FORMAT); - put_uint32(p, 4, real_elements); + p = data->data; + put_uint32(p, 0, LDB_PACKING_FORMAT); + put_uint32(p, 4, real_elements); p += 8; /* the dn needs to be packed so we can be case preserving @@ -127,7 +124,7 @@ int ltdb_pack_data(struct ldb_module *module, len = strlen(dn); memcpy(p, dn, len+1); p += len + 1; - + for (i=0;i<message->num_elements;i++) { if (attribute_storable_values(&message->elements[i]) == 0) { continue; @@ -139,7 +136,7 @@ int ltdb_pack_data(struct ldb_module *module, p += 4; for (j=0;j<message->elements[i].num_values;j++) { put_uint32(p, 0, message->elements[i].values[j].length); - memcpy(p+4, message->elements[i].values[j].data, + memcpy(p+4, message->elements[i].values[j].data, message->elements[i].values[j].length); p[4+message->elements[i].values[j].length] = 0; p += 4 + message->elements[i].values[j].length + 1; @@ -150,13 +147,13 @@ int ltdb_pack_data(struct ldb_module *module, } /* - unpack a ldb message from a linear buffer in TDB_DATA + unpack a ldb message from a linear buffer in ldb_val - Free with ltdb_unpack_data_free() + Free with ldb_unpack_data_free() */ -int ltdb_unpack_data(struct ldb_context *ldb, - const TDB_DATA *data, - struct ldb_message *message) +int ldb_unpack_data(struct ldb_context *ldb, + const struct ldb_val *data, + struct ldb_message *message) { uint8_t *p; unsigned int remaining; @@ -166,8 +163,8 @@ int ltdb_unpack_data(struct ldb_context *ldb, message->elements = NULL; - p = data->dptr; - if (data->dsize < 8) { + p = data->data; + if (data->length < 8) { errno = EIO; goto failed; } @@ -176,14 +173,14 @@ int ltdb_unpack_data(struct ldb_context *ldb, message->num_elements = pull_uint32(p, 4); p += 8; - remaining = data->dsize - 8; + remaining = data->length - 8; switch (format) { - case LTDB_PACKING_FORMAT_NODN: + case LDB_PACKING_FORMAT_NODN: message->dn = NULL; break; - case LTDB_PACKING_FORMAT: + case LDB_PACKING_FORMAT: len = strnlen((char *)p, remaining); if (len == remaining) { errno = EIO; @@ -206,7 +203,7 @@ int ltdb_unpack_data(struct ldb_context *ldb, if (message->num_elements == 0) { return 0; } - + if (message->num_elements > remaining / 6) { errno = EIO; goto failed; @@ -218,7 +215,7 @@ int ltdb_unpack_data(struct ldb_context *ldb, goto failed; } - memset(message->elements, 0, + memset(message->elements, 0, message->num_elements * sizeof(struct ldb_message_element)); for (i=0;i<message->num_elements;i++) { @@ -247,7 +244,7 @@ int ltdb_unpack_data(struct ldb_context *ldb, message->elements[i].values = NULL; if (message->elements[i].num_values != 0) { message->elements[i].values = talloc_array(message->elements, - struct ldb_val, + struct ldb_val, message->elements[i].num_values); if (!message->elements[i].values) { errno = ENOMEM; @@ -271,15 +268,15 @@ int ltdb_unpack_data(struct ldb_context *ldb, } memcpy(message->elements[i].values[j].data, p+4, len); message->elements[i].values[j].data[len] = 0; - + remaining -= len+4+1; p += len+4+1; } } if (remaining != 0) { - ldb_debug(ldb, LDB_DEBUG_ERROR, - "Error: %d bytes unread in ltdb_unpack_data", remaining); + ldb_debug(ldb, LDB_DEBUG_ERROR, + "Error: %d bytes unread in ldb_unpack_data", remaining); } return 0; diff --git a/lib/ldb/include/ldb_private.h b/lib/ldb/include/ldb_private.h index 7de5ab7..526bf5e 100644 --- a/lib/ldb/include/ldb_private.h +++ b/lib/ldb/include/ldb_private.h @@ -194,4 +194,15 @@ struct ldb_ldif *ldb_ldif_read_file_state(struct ldb_context *ldb, char *ldb_ldif_write_redacted_trace_string(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, const struct ldb_ldif *ldif); +/* + * these pack/unpack functions are exposed in the library for use by + * ldb tools like ldbdump, but are not part of the public API + */ +int ldb_pack_data(struct ldb_context *ldb, + const struct ldb_message *message, + struct ldb_val *data); +int ldb_unpack_data(struct ldb_context *ldb, + const struct ldb_val *data, + struct ldb_message *message); + #endif diff --git a/lib/ldb/ldb_tdb/ldb_index.c b/lib/ldb/ldb_tdb/ldb_index.c index 50c6ded..d79417f 100644 --- a/lib/ldb/ldb_tdb/ldb_index.c +++ b/lib/ldb/ldb_tdb/ldb_index.c @@ -32,6 +32,7 @@ */ #include "ldb_tdb.h" +#include "ldb_private.h" struct dn_list { unsigned int count; @@ -1509,7 +1510,7 @@ static int re_index(struct tdb_context *tdb, TDB_DATA key, TDB_DATA data, void * return -1; } - ret = ltdb_unpack_data(ldb, &data, msg); + ret = ldb_unpack_data(ldb, (struct ldb_val *)&data, msg); if (ret != 0) { ldb_debug(ldb, LDB_DEBUG_ERROR, "Invalid data for index %s\n", ldb_dn_get_linearized(msg->dn)); diff --git a/lib/ldb/ldb_tdb/ldb_search.c b/lib/ldb/ldb_tdb/ldb_search.c index 4fb8510..26296c7 100644 --- a/lib/ldb/ldb_tdb/ldb_search.c +++ b/lib/ldb/ldb_tdb/ldb_search.c @@ -32,6 +32,7 @@ */ #include "ldb_tdb.h" +#include "ldb_private.h" #include <tdb.h> /* @@ -245,7 +246,7 @@ static int ltdb_parse_data_unpack(TDB_DATA key, TDB_DATA data, struct ltdb_parse_data_unpack_ctx *ctx = private_data; struct ldb_context *ldb = ldb_module_get_ctx(ctx->module); - int ret = ltdb_unpack_data(ldb, &data, ctx->msg); + int ret = ldb_unpack_data(ldb, (struct ldb_val *)&data, ctx->msg); if (ret == -1) { ldb_debug(ldb, LDB_DEBUG_ERROR, "Invalid data for index %*.*s\n", (int)key.dsize, (int)key.dsize, key.dptr); @@ -440,7 +441,7 @@ static int search_func(struct tdb_context *tdb, TDB_DATA key, TDB_DATA data, voi } /* unpack the record */ - ret = ltdb_unpack_data(ldb, &data, msg); + ret = ldb_unpack_data(ldb, (struct ldb_val *)&data, msg); if (ret == -1) { talloc_free(msg); return -1; diff --git a/lib/ldb/ldb_tdb/ldb_tdb.c b/lib/ldb/ldb_tdb/ldb_tdb.c index 0e7c74c..860ee14 100644 --- a/lib/ldb/ldb_tdb/ldb_tdb.c +++ b/lib/ldb/ldb_tdb/ldb_tdb.c @@ -50,6 +50,7 @@ */ #include "ldb_tdb.h" +#include "ldb_private.h" #include <tdb.h> /* @@ -264,7 +265,7 @@ int ltdb_store(struct ldb_module *module, const struct ldb_message *msg, int flg return LDB_ERR_OTHER; } - ret = ltdb_pack_data(module, msg, &tdb_data); + ret = ldb_pack_data(module, msg, (struct ldb_val *)&tdb_data); if (ret == -1) { talloc_free(tdb_key.dptr); return LDB_ERR_OTHER; @@ -693,7 +694,7 @@ int ltdb_modify_internal(struct ldb_module *module, goto done; } - ret = ltdb_unpack_data(ldb_module_get_ctx(module), &tdb_data, msg2); + ret = ldb_unpack_data(ldb_module_get_ctx(module), (struct ldb_val *)&tdb_data, msg2); free(tdb_data.dptr); if (ret == -1) { ret = LDB_ERR_OTHER; diff --git a/lib/ldb/ldb_tdb/ldb_tdb.h b/lib/ldb/ldb_tdb/ldb_tdb.h index dd71626..b9aa36c 100644 --- a/lib/ldb/ldb_tdb/ldb_tdb.h +++ b/lib/ldb/ldb_tdb/ldb_tdb.h @@ -92,15 +92,6 @@ int ltdb_index_transaction_start(struct ldb_module *module); int ltdb_index_transaction_commit(struct ldb_module *module); int ltdb_index_transaction_cancel(struct ldb_module *module); -/* The following definitions come from lib/ldb/ldb_tdb/ldb_pack.c */ - -int ltdb_pack_data(struct ldb_module *module, - const struct ldb_message *message, - TDB_DATA *data); -int ltdb_unpack_data(struct ldb_context *ldb, - const TDB_DATA *data, - struct ldb_message *message); - /* The following definitions come from lib/ldb/ldb_tdb/ldb_search.c */ int ltdb_has_wildcard(struct ldb_module *module, const char *attr_name, diff --git a/lib/ldb/tools/ldbdump.c b/lib/ldb/tools/ldbdump.c index 7a2ba3d..edf7b5e 100644 --- a/lib/ldb/tools/ldbdump.c +++ b/lib/ldb/tools/ldbdump.c @@ -25,7 +25,7 @@ #include "system/wait.h" #include <tdb.h> #include <ldb.h> -#include "../ldb_tdb/ldb_tdb.h" +#include <ldb_private.h> static struct ldb_context *ldb; bool show_index = false; @@ -43,7 +43,8 @@ static int traverse_fn(TDB_CONTEXT *tdb, TDB_DATA key, TDB_DATA dbuf, void *stat if (!msg) { return -1; } - ret = ltdb_unpack_data(ldb, &dbuf, msg); + + ret = ldb_unpack_data(ldb, &dbuf, msg); if (ret != 0) { fprintf(stderr, "Failed to parse record %*.*s as an LDB record\n", (int)key.dsize, (int)key.dsize, (char *)key.dptr); TALLOC_FREE(msg); @@ -57,7 +58,13 @@ static int traverse_fn(TDB_CONTEXT *tdb, TDB_DATA key, TDB_DATA dbuf, void *stat if (!show_index && ldb_dn_is_special(msg->dn)) { const char *dn_lin = ldb_dn_get_linearized(msg->dn); - if ((strcmp(dn_lin, LTDB_BASEINFO) == 0) || (strncmp(dn_lin, LTDB_INDEX ":", strlen( LTDB_INDEX ":")) == 0)) { + if ((strcmp(dn_lin, "@BASEINFO") == 0) || (strncmp(dn_lin, "@INDEX:", strlen("@INDEX:")) == 0)) { + /* + the user has asked not to show index + records. Also exclude BASEINFO as it + contains meta-data which will be re-created + if this database is restored + */ TALLOC_FREE(msg); return 0; } @@ -154,7 +161,7 @@ static int dump_tdb(const char *fname, struct ldb_dn *dn, bool emergency) static void usage( void) { - printf( "Usage: tdbdump [options] <filename>\n\n"); + printf( "Usage: ldbdump [options] <filename>\n\n"); printf( " -h this help message\n"); printf( " -d DN dumps DN only\n"); printf( " -e emergency dump, for corrupt databases\n"); diff --git a/lib/ldb/wscript b/lib/ldb/wscript index 66fa24b..8a36b5d 100755 --- a/lib/ldb/wscript +++ b/lib/ldb/wscript @@ -1,7 +1,7 @@ #!/usr/bin/env python APPNAME = 'ldb' -VERSION = '1.1.13' +VERSION = '1.1.14' blddir = 'bin' @@ -89,7 +89,7 @@ def build(bld): -- Samba Shared Repository