[SCM] Samba Shared Repository - branch master updated -
23ec448f83ab00105b214388df287f0a934cdb7a
Andrew Tridgell
tridge at samba.org
Fri Oct 3 19:23:23 GMT 2008
The branch, master has been updated
via 23ec448f83ab00105b214388df287f0a934cdb7a (commit)
via 163fa1d25ae2104b634ba37ed97d51fe033cbc1f (commit)
via c5fdb82d3280a0c94c9b15be0090c08675338159 (commit)
via bfb3bf6eb0ac1790c79e5b57cda099503f6084d5 (commit)
via 89a67bb60c3b88d5054a81085fb400930cfd5c55 (commit)
via 14378d7c4cfff171e7c005c210abe253a2d7dea3 (commit)
via 2c978bbfa92b7fe29c17e40ad6d8059814b78399 (commit)
via 69fe3a5ddd6af872bc686ff2161b9b6a5e5c62a2 (commit)
from c7625979ceb350d90d87d2add6ed7156440072c3 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 23ec448f83ab00105b214388df287f0a934cdb7a
Merge: 163fa1d25ae2104b634ba37ed97d51fe033cbc1f c7625979ceb350d90d87d2add6ed7156440072c3
Author: Andrew Tridgell <tridge at samba.org>
Date: Fri Oct 3 12:23:00 2008 -0700
Merge commit 'master/master'
commit 163fa1d25ae2104b634ba37ed97d51fe033cbc1f
Author: Andrew Tridgell <tridge at samba.org>
Date: Fri Oct 3 12:21:53 2008 -0700
fixed the partition module and the GC handling
- when multiple partitions are searched, consider the search a
success if any of the partitions return success
- only search the right subset of partitions, looking at the scope
and basedn of the search
This fixes several errors with GC searches
commit c5fdb82d3280a0c94c9b15be0090c08675338159
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Oct 2 21:58:46 2008 -0700
fixed the sense of ldb base dn comparisons in two places, and use a
direct comparison instead of a sub-tree comparison in another
this fixes basedn searches on the global catalog port
commit bfb3bf6eb0ac1790c79e5b57cda099503f6084d5
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Oct 2 21:57:27 2008 -0700
fixed a talloc error in the rpc handle desctructor - destructors
should not try to free the ptr they are given
commit 89a67bb60c3b88d5054a81085fb400930cfd5c55
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Oct 2 21:55:26 2008 -0700
we need to listen on all interfaces in the CLDAP server as the windows
CDLAP client ignores replies from the wrong IP
commit 14378d7c4cfff171e7c005c210abe253a2d7dea3
Author: Andrew Tridgell <tridge at samba.org>
Date: Tue Sep 30 14:03:01 2008 -0700
add a test for a LSA lookupnames with a NULL string
commit 2c978bbfa92b7fe29c17e40ad6d8059814b78399
Author: Andrew Tridgell <tridge at samba.org>
Date: Tue Sep 30 13:57:23 2008 -0700
handle NULL strings in strchr_m() and strrchr_m()
This is needed for the LSA server code which needs to cope with a NULL
names passed to lsa_LookupNames3()
commit 69fe3a5ddd6af872bc686ff2161b9b6a5e5c62a2
Author: Andrew Tridgell <tridge at samba.org>
Date: Tue Sep 30 13:42:30 2008 -0700
fixed a number of places in our LSA server where we should return the
sid/name array even when all are unmapped. If we don't fill in the
array then the windows client runtime crashes
-----------------------------------------------------------------------
Summary of changes:
source4/cldap_server/cldap_server.c | 17 ++++++-----
source4/cldap_server/netlogon.c | 2 +-
source4/dsdb/samdb/ldb_modules/partition.c | 44 ++++++++++++++++++++++++---
source4/dsdb/samdb/ldb_modules/proxy.c | 4 +-
source4/lib/charset/util_unistr.c | 7 ++++
source4/librpc/idl/lsa.idl | 2 +-
source4/rpc_server/handles.c | 1 -
source4/rpc_server/lsa/lsa_lookup.c | 24 ++++++++-------
source4/torture/rpc/lsa.c | 9 +++--
9 files changed, 77 insertions(+), 33 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/cldap_server/cldap_server.c b/source4/cldap_server/cldap_server.c
index 310fb56..240f2b1 100644
--- a/source4/cldap_server/cldap_server.c
+++ b/source4/cldap_server/cldap_server.c
@@ -127,6 +127,7 @@ static NTSTATUS cldapd_startup_interfaces(struct cldapd_server *cldapd, struct l
int num_interfaces;
TALLOC_CTX *tmp_ctx = talloc_new(cldapd);
NTSTATUS status;
+ int i;
num_interfaces = iface_count(ifaces);
@@ -135,14 +136,14 @@ static NTSTATUS cldapd_startup_interfaces(struct cldapd_server *cldapd, struct l
if (!lp_bind_interfaces_only(lp_ctx)) {
status = cldapd_add_socket(cldapd, lp_ctx, "0.0.0.0");
NT_STATUS_NOT_OK_RETURN(status);
- } else {
- int i;
-
- for (i=0; i<num_interfaces; i++) {
- const char *address = talloc_strdup(tmp_ctx, iface_n_ip(ifaces, i));
- status = cldapd_add_socket(cldapd, lp_ctx, address);
- NT_STATUS_NOT_OK_RETURN(status);
- }
+ }
+
+ /* now we have to also listen on the specific interfaces,
+ so that replies always come from the right IP */
+ for (i=0; i<num_interfaces; i++) {
+ const char *address = talloc_strdup(tmp_ctx, iface_n_ip(ifaces, i));
+ status = cldapd_add_socket(cldapd, lp_ctx, address);
+ NT_STATUS_NOT_OK_RETURN(status);
}
talloc_free(tmp_ctx);
diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c
index aac74f5..1cb0d50 100644
--- a/source4/cldap_server/netlogon.c
+++ b/source4/cldap_server/netlogon.c
@@ -301,7 +301,7 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx,
server_type |= NBT_SERVER_KDC;
}
- if (!ldb_dn_compare_base(ldb_get_root_basedn(sam_ctx), ldb_get_default_basedn(sam_ctx))) {
+ if (ldb_dn_compare(ldb_get_root_basedn(sam_ctx), ldb_get_default_basedn(sam_ctx)) == 0) {
server_type |= NBT_SERVER_DS_DNS_FOREST;
}
diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c
index f600c72..8e4483a 100644
--- a/source4/dsdb/samdb/ldb_modules/partition.c
+++ b/source4/dsdb/samdb/ldb_modules/partition.c
@@ -50,6 +50,7 @@ struct part_request {
struct partition_context {
struct ldb_module *module;
struct ldb_request *req;
+ bool got_success;
struct part_request *part_req;
int num_requests;
@@ -170,7 +171,8 @@ static int partition_req_callback(struct ldb_request *req,
return ldb_module_done(ac->req, NULL, NULL,
LDB_ERR_OPERATIONS_ERROR);
}
- if (ares->error != LDB_SUCCESS) {
+
+ if (ares->error != LDB_SUCCESS && !ac->got_success) {
return ldb_module_done(ac->req, ares->controls,
ares->response, ares->error);
}
@@ -191,6 +193,9 @@ static int partition_req_callback(struct ldb_request *req,
return ldb_module_send_entry(ac->req, ares->message);
case LDB_REPLY_DONE:
+ if (ares->error == LDB_SUCCESS) {
+ ac->got_success = true;
+ }
if (ac->req->operation == LDB_EXTENDED) {
/* FIXME: check for ares->response, replmd does not fill it ! */
if (ares->response) {
@@ -210,7 +215,8 @@ static int partition_req_callback(struct ldb_request *req,
if (ac->finished_requests == ac->num_requests) {
/* this was the last one, call callback */
return ldb_module_done(ac->req, ares->controls,
- ares->response, ares->error);
+ ares->response,
+ ac->got_success?LDB_SUCCESS:ares->error);
}
/* not the last, now call the next one */
@@ -500,13 +506,41 @@ static int partition_search(struct ldb_module *module, struct ldb_request *req)
return partition_send_all(module, ac, req);
}
for (i=0; data && data->partitions && data->partitions[i]; i++) {
- /* Find all partitions under the search base */
- if (ldb_dn_compare_base(req->op.search.base, data->partitions[i]->dn) == 0) {
+ bool match = false, stop = false;
+ /* Find all partitions under the search base
+
+ we match if:
+
+ 1) the DN we are looking for exactly matches the partition
+ or
+ 2) the DN we are looking for is a parent of the partition and it isn't
+ a scope base search
+ or
+ 3) the DN we are looking for is a child of the partition
+ */
+ if (ldb_dn_compare(data->partitions[i]->dn, req->op.search.base) == 0) {
+ match = true;
+ if (req->op.search.scope == LDB_SCOPE_BASE) {
+ stop = true;
+ }
+ }
+ if (!match &&
+ (ldb_dn_compare_base(req->op.search.base, data->partitions[i]->dn) == 0 &&
+ req->op.search.scope != LDB_SCOPE_BASE)) {
+ match = true;
+ }
+ if (!match &&
+ ldb_dn_compare_base(data->partitions[i]->dn, req->op.search.base) == 0) {
+ match = true;
+ stop = true; /* note that this relies on partition ordering */
+ }
+ if (match) {
ret = partition_prep_request(ac, data->partitions[i]);
if (ret != LDB_SUCCESS) {
return ret;
}
}
+ if (stop) break;
}
/* Perhaps we didn't match any partitions. Try the main partition, only */
@@ -586,7 +620,7 @@ static int partition_rename(struct ldb_module *module, struct ldb_request *req)
}
for (i=0; data && data->partitions && data->partitions[i]; i++) {
- if (ldb_dn_compare_base(req->op.rename.olddn, data->partitions[i]->dn) == 0) {
+ if (ldb_dn_compare_base(data->partitions[i]->dn, req->op.rename.olddn) == 0) {
matched = i;
}
}
diff --git a/source4/dsdb/samdb/ldb_modules/proxy.c b/source4/dsdb/samdb/ldb_modules/proxy.c
index 171832b..18b0649 100644
--- a/source4/dsdb/samdb/ldb_modules/proxy.c
+++ b/source4/dsdb/samdb/ldb_modules/proxy.c
@@ -233,7 +233,7 @@ static void proxy_convert_record(struct ldb_context *ldb,
int attr, v;
/* fix the message DN */
- if (ldb_dn_compare_base(ldb, proxy->olddn, msg->dn) == 0) {
+ if (ldb_dn_compare_base(proxy->olddn, msg->dn) == 0) {
ldb_dn_remove_base_components(msg->dn, ldb_dn_get_comp_num(proxy->olddn));
ldb_dn_add_base(msg->dn, proxy->newdn);
}
@@ -322,7 +322,7 @@ static int proxy_search_bytree(struct ldb_module *module, struct ldb_request *re
}
/* see if the dn is within olddn */
- if (ldb_dn_compare_base(module->ldb, proxy->newdn, req->op.search.base) != 0) {
+ if (ldb_dn_compare_base(proxy->newdn, req->op.search.base) != 0) {
goto passthru;
}
diff --git a/source4/lib/charset/util_unistr.c b/source4/lib/charset/util_unistr.c
index a8ff884..5f3b2c5 100644
--- a/source4/lib/charset/util_unistr.c
+++ b/source4/lib/charset/util_unistr.c
@@ -386,6 +386,9 @@ _PUBLIC_ size_t strlen_m_term(const char *s)
**/
_PUBLIC_ char *strchr_m(const char *s, char c)
{
+ if (s == NULL) {
+ return NULL;
+ }
/* characters below 0x3F are guaranteed to not appear in
non-initial position in multi-byte charsets */
if ((c & 0xC0) == 0) {
@@ -411,6 +414,10 @@ _PUBLIC_ char *strrchr_m(const char *s, char c)
{
char *ret = NULL;
+ if (s == NULL) {
+ return NULL;
+ }
+
/* characters below 0x3F are guaranteed to not appear in
non-initial position in multi-byte charsets */
if ((c & 0xC0) == 0) {
diff --git a/source4/librpc/idl/lsa.idl b/source4/librpc/idl/lsa.idl
index eed713f..e1c4499 100644
--- a/source4/librpc/idl/lsa.idl
+++ b/source4/librpc/idl/lsa.idl
@@ -1052,7 +1052,7 @@ import "misc.idl", "security.idl";
lsa_SidType sid_type;
dom_sid2 *sid;
uint32 sid_index;
- uint32 unknown;
+ uint32 flags;
} lsa_TranslatedSid3;
typedef struct {
diff --git a/source4/rpc_server/handles.c b/source4/rpc_server/handles.c
index 47174b6..4831fb0 100644
--- a/source4/rpc_server/handles.c
+++ b/source4/rpc_server/handles.c
@@ -29,7 +29,6 @@
static int dcesrv_handle_destructor(struct dcesrv_handle *h)
{
DLIST_REMOVE(h->context->handles, h);
- talloc_free(h);
return 0;
}
diff --git a/source4/rpc_server/lsa/lsa_lookup.c b/source4/rpc_server/lsa/lsa_lookup.c
index a71bd57..0ffb057 100644
--- a/source4/rpc_server/lsa/lsa_lookup.c
+++ b/source4/rpc_server/lsa/lsa_lookup.c
@@ -620,6 +620,8 @@ NTSTATUS dcesrv_lsa_LookupSids3(struct dcesrv_call_state *dce_call,
NTSTATUS status;
struct dcesrv_handle *h;
+ ZERO_STRUCT(r2);
+
/* No policy handle on the wire, so make one up here */
r2.in.handle = talloc(mem_ctx, struct policy_handle);
if (!r2.in.handle) {
@@ -649,9 +651,6 @@ NTSTATUS dcesrv_lsa_LookupSids3(struct dcesrv_call_state *dce_call,
r2.out.names = r->out.names;
status = dcesrv_lsa_LookupSids2(dce_call, mem_ctx, &r2);
- if (NT_STATUS_IS_ERR(status)) {
- return status;
- }
r->out.domains = r2.out.domains;
r->out.names = r2.out.names;
@@ -671,6 +670,8 @@ NTSTATUS dcesrv_lsa_LookupSids(struct dcesrv_call_state *dce_call, TALLOC_CTX *m
NTSTATUS status;
int i;
+ ZERO_STRUCT(r2);
+
r2.in.handle = r->in.handle;
r2.in.sids = r->in.sids;
r2.in.names = NULL;
@@ -761,7 +762,7 @@ NTSTATUS dcesrv_lsa_LookupNames3(struct dcesrv_call_state *dce_call,
r->out.sids->sids[i].sid_type = SID_NAME_UNKNOWN;
r->out.sids->sids[i].sid = NULL;
r->out.sids->sids[i].sid_index = 0xFFFFFFFF;
- r->out.sids->sids[i].unknown = 0;
+ r->out.sids->sids[i].flags = 0;
status2 = dcesrv_lsa_lookup_name(dce_call->event_ctx, lp_ctx, policy_state, mem_ctx, name, &authority_name, &sid, &rtype);
if (!NT_STATUS_IS_OK(status2) || sid->num_auths == 0) {
@@ -771,13 +772,13 @@ NTSTATUS dcesrv_lsa_LookupNames3(struct dcesrv_call_state *dce_call,
status2 = dcesrv_lsa_authority_list(policy_state, mem_ctx, rtype, authority_name,
sid, r->out.domains, &sid_index);
if (!NT_STATUS_IS_OK(status2)) {
- return status2;
+ continue;
}
r->out.sids->sids[i].sid_type = rtype;
r->out.sids->sids[i].sid = sid;
r->out.sids->sids[i].sid_index = sid_index;
- r->out.sids->sids[i].unknown = 0;
+ r->out.sids->sids[i].flags = 0;
(*r->out.count)++;
}
@@ -806,6 +807,8 @@ NTSTATUS dcesrv_lsa_LookupNames4(struct dcesrv_call_state *dce_call, TALLOC_CTX
NTSTATUS status;
struct dcesrv_handle *h;
+ ZERO_STRUCT(r2);
+
/* No policy handle on the wire, so make one up here */
r2.in.handle = talloc(mem_ctx, struct policy_handle);
if (!r2.in.handle) {
@@ -836,9 +839,6 @@ NTSTATUS dcesrv_lsa_LookupNames4(struct dcesrv_call_state *dce_call, TALLOC_CTX
r2.out.count = r->out.count;
status = dcesrv_lsa_LookupNames3(dce_call, mem_ctx, &r2);
- if (NT_STATUS_IS_ERR(status)) {
- return status;
- }
r->out.domains = r2.out.domains;
r->out.sids = r2.out.sids;
@@ -913,7 +913,7 @@ NTSTATUS dcesrv_lsa_LookupNames2(struct dcesrv_call_state *dce_call,
status2 = dcesrv_lsa_authority_list(state, mem_ctx, rtype, authority_name,
sid, r->out.domains, &sid_index);
if (!NT_STATUS_IS_OK(status2)) {
- return status2;
+ continue;
}
r->out.sids->sids[i].sid_type = rtype;
@@ -944,6 +944,8 @@ NTSTATUS dcesrv_lsa_LookupNames(struct dcesrv_call_state *dce_call, TALLOC_CTX *
NTSTATUS status;
int i;
+ ZERO_STRUCT(r2);
+
r2.in.handle = r->in.handle;
r2.in.num_names = r->in.num_names;
r2.in.names = r->in.names;
@@ -955,7 +957,7 @@ NTSTATUS dcesrv_lsa_LookupNames(struct dcesrv_call_state *dce_call, TALLOC_CTX *
r2.out.count = r->out.count;
status = dcesrv_lsa_LookupNames2(dce_call, mem_ctx, &r2);
- if (NT_STATUS_IS_ERR(status)) {
+ if (r2.out.sids == NULL) {
return status;
}
diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c
index af5ee4f..45f67af 100644
--- a/source4/torture/rpc/lsa.c
+++ b/source4/torture/rpc/lsa.c
@@ -222,12 +222,13 @@ static bool test_LookupNames_bogus(struct dcerpc_pipe *p,
NTSTATUS status;
int i;
- struct lsa_TranslatedName name;
+ struct lsa_TranslatedName name[2];
struct lsa_TransNameArray tnames;
- tnames.names = &name;
- tnames.count = 1;
- name.name.string = "NT AUTHORITY\\BOGUS";
+ tnames.names = name;
+ tnames.count = 2;
+ name[0].name.string = "NT AUTHORITY\\BOGUS";
+ name[1].name.string = NULL;
printf("\nTesting LookupNames with bogus names\n");
--
Samba Shared Repository
More information about the samba-cvs
mailing list