[SCM] Samba Shared Repository - branch master updated

Fri Jan 29 06:10:56 MST 2010

The branch, master has been updated
       via  2dc56d6... s4/ldap: Test to expoit ldb_ildap bug in case of nested search requests
       via  a4d0ed5... s4/ldap: Fix nested searches SEGFAULT bug
       via  e3d50e8... s4: Ignore few more auto-generated files
       via  f450d1f... librpc: rerun 'make idl'
       via  34a5d56... security.idl: add wellknown TrustedInstaller SID
      from  118725c... s3: by default don't use pthread pool support

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 2dc56d68faabea23d1a2677f404220339180ab1a
Author: Kamen Mazdrashki <kamen.mazdrashki at postpath.com>
Date:   Mon Jan 25 03:17:29 2010 +0200

    s4/ldap: Test to expoit ldb_ildap bug in case of nested search requests
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>

commit a4d0ed5a1027f4cb58732c78cb63464dbf9cc287
Author: Kamen Mazdrashki <kamen.mazdrashki at postpath.com>
Date:   Mon Jan 25 12:22:39 2010 +0200

    s4/ldap: Fix nested searches SEGFAULT bug
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>

commit e3d50e89ab5081ae858017f83f3258283baaf978
Author: Kamen Mazdrashki <kamen.mazdrashki at postpath.com>
Date:   Fri Jan 22 15:23:17 2010 +0200

    s4: Ignore few more auto-generated files

commit f450d1f43a4d4968428a882166ce28231cb67949
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri Jan 29 13:07:39 2010 +0100

    librpc: rerun 'make idl'
    
    metze

commit 34a5d56d5568ed2d50cc618469df1de9e602beba
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri Jan 29 13:07:00 2010 +0100

    security.idl: add wellknown TrustedInstaller SID
    
    metze

-----------------------------------------------------------------------

Summary of changes:
 .gitignore                            |    2 +
 librpc/gen_ndr/security.h             |    3 +
 librpc/idl/security.idl               |    7 +
 source4/lib/ldb/ldb_ildap/ldb_ildap.c |   11 ++
 source4/libcli/ldap/ldap_client.h     |    4 +
 source4/torture/config.mk             |    3 +-
 source4/torture/ldap/common.c         |    1 +
 source4/torture/ldap/nested_search.c  |  202 +++++++++++++++++++++++++++++++++
 8 files changed, 232 insertions(+), 1 deletions(-)
 create mode 100644 source4/torture/ldap/nested_search.c


Changeset truncated at 500 lines:

diff --git a/.gitignore b/.gitignore
index 4f93726..4ffeb20 100644
--- a/.gitignore
+++ b/.gitignore
@@ -120,6 +120,7 @@ source3/samba4-config.mk
 source3/torture.tdb
 source4/apidocs
 source4/auth/ntlm/auth_proto.h
+source4/auth/auth_proto.h
 source4/auth/auth_sam.h
 source4/auth/auth_sam_reply.h
 source4/auth/credentials/credentials_krb5_proto.h
@@ -292,6 +293,7 @@ source4/torture/ldap/proto.h
 source4/torture/ldb/proto.h
 source4/torture/libnet/proto.h
 source4/torture/libnetapi/proto.h
+source4/torture/libsmbclient/proto.h
 source4/torture/local/proto.h
 source4/torture/nbench/proto.h
 source4/torture/nbt/proto.h
diff --git a/librpc/gen_ndr/security.h b/librpc/gen_ndr/security.h
index 0dc50c3..23439be 100644
--- a/librpc/gen_ndr/security.h
+++ b/librpc/gen_ndr/security.h
@@ -133,6 +133,9 @@
 #define SID_BUILTIN_REMOTE_DESKTOP_USERS	( "S-1-5-32-555" )
 #define SID_BUILTIN_NETWORK_CONF_OPERATORS	( "S-1-5-32-556" )
 #define SID_BUILTIN_INCOMING_FOREST_TRUST	( "S-1-5-32-557" )
+#define NAME_NT_SERVICE	( "NT SERVICE" )
+#define SID_NT_NT_SERVICE	( "S-1-5-80" )
+#define SID_NT_TRUSTED_INSTALLER	( "S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464" )
 #define DOMAIN_RID_LOGON	( 9 )
 #define DOMAIN_RID_ENTERPRISE_READONLY_DCS	( 498 )
 #define DOMAIN_RID_ADMINISTRATOR	( 500 )
diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl
index b191414..3e0ae47 100644
--- a/librpc/idl/security.idl
+++ b/librpc/idl/security.idl
@@ -264,6 +264,13 @@ interface security
 	const string SID_BUILTIN_NETWORK_CONF_OPERATORS = "S-1-5-32-556";
 	const string SID_BUILTIN_INCOMING_FOREST_TRUST  = "S-1-5-32-557";
 
+	/* SECURITY_NT_SERVICE */
+	const string NAME_NT_SERVICE            = "NT SERVICE";
+
+	const string SID_NT_NT_SERVICE          = "S-1-5-80";
+	const string SID_NT_TRUSTED_INSTALLER =
+		"S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464";
+
 	/* well-known domain RIDs */
 	const int DOMAIN_RID_LOGON                   = 9;
 	const int DOMAIN_RID_ENTERPRISE_READONLY_DCS = 498;
diff --git a/source4/lib/ldb/ldb_ildap/ldb_ildap.c b/source4/lib/ldb/ldb_ildap/ldb_ildap.c
index 53257a1..6eb2e17 100644
--- a/source4/lib/ldb/ldb_ildap/ldb_ildap.c
+++ b/source4/lib/ldb/ldb_ildap/ldb_ildap.c
@@ -278,6 +278,13 @@ static void ildb_callback(struct ldap_request *req)
 		break;
 
 	case LDAP_TAG_SearchRequest:
+		/* check if we are already processing this request */
+		if (req->in_dispatch_replies) {
+			return;
+		}
+
+		req->in_dispatch_replies = true;
+
 		/* loop over all messages */
 		for (i = 0; i < req->num_replies; i++) {
 
@@ -327,6 +334,7 @@ static void ildb_callback(struct ldap_request *req)
 				if (ret != LDB_SUCCESS) {
 					callback_failed = true;
 				}
+
 				break;
 
 			case LDAP_TAG_SearchResultReference:
@@ -337,6 +345,7 @@ static void ildb_callback(struct ldap_request *req)
 				if (ret != LDB_SUCCESS) {
 					callback_failed = true;
 				}
+
 				break;
 
 			default:
@@ -350,6 +359,8 @@ static void ildb_callback(struct ldap_request *req)
 			}
 		}
 
+		req->in_dispatch_replies = false;
+
 		talloc_free(req->replies);
 		req->replies = NULL;
 		req->num_replies = 0;
diff --git a/source4/libcli/ldap/ldap_client.h b/source4/libcli/ldap/ldap_client.h
index 084de2e..d6ca29f 100644
--- a/source4/libcli/ldap/ldap_client.h
+++ b/source4/libcli/ldap/ldap_client.h
@@ -37,6 +37,10 @@ struct ldap_request {
 	int num_replies;
 	struct ldap_message **replies;
 
+	/* mark while we are processing replies
+	 * in request of type LDAP_TAG_SearchRequest */
+	bool in_dispatch_replies;
+
 	NTSTATUS status;
 	DATA_BLOB data;
 	struct {
diff --git a/source4/torture/config.mk b/source4/torture/config.mk
index f7762db..34df547 100644
--- a/source4/torture/config.mk
+++ b/source4/torture/config.mk
@@ -200,7 +200,8 @@ PRIVATE_DEPENDENCIES = \
 # End SUBSYSTEM TORTURE_LDAP
 #################################
 
-TORTURE_LDAP_OBJ_FILES = $(addprefix $(torturesrcdir)/ldap/, common.o basic.o schema.o uptodatevector.o cldap.o cldapbench.o ldap_sort.o)
+TORTURE_LDAP_OBJ_FILES = $(addprefix $(torturesrcdir)/ldap/, common.o basic.o schema.o uptodatevector.o \
+	cldap.o cldapbench.o ldap_sort.o nested_search.o)
 
 $(eval $(call proto_header_template,$(torturesrcdir)/ldap/proto.h,$(TORTURE_LDAP_OBJ_FILES:.o=.c)))
 
diff --git a/source4/torture/ldap/common.c b/source4/torture/ldap/common.c
index 4a2bc2e..3891175 100644
--- a/source4/torture/ldap/common.c
+++ b/source4/torture/ldap/common.c
@@ -109,6 +109,7 @@ NTSTATUS torture_ldap_init(void)
 	torture_suite_add_simple_test(suite, "CLDAP", torture_cldap);
 	torture_suite_add_simple_test(suite, "SCHEMA", torture_ldap_schema);
 	torture_suite_add_simple_test(suite, "UPTODATEVECTOR", torture_ldap_uptodatevector);
+	torture_suite_add_simple_test(suite, "NESTED-SEARCH", test_ldap_nested_search);
 
 	suite->description = talloc_strdup(suite, "LDAP and CLDAP tests");
 
diff --git a/source4/torture/ldap/nested_search.c b/source4/torture/ldap/nested_search.c
new file mode 100644
index 0000000..978c880
--- /dev/null
+++ b/source4/torture/ldap/nested_search.c
@@ -0,0 +1,202 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   BRIEF FILE DESCRIPTION
+
+   Copyright (C) Kamen Mazdrashki <kamen.mazdrashki at postpath.com> 2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "ldb.h"
+#include "ldb_wrap.h"
+#include "lib/cmdline/popt_common.h"
+#include "torture/torture.h"
+
+#define torture_assert_res(torture_ctx,expr,cmt,_res) \
+	if (!(expr)) { \
+		torture_result(torture_ctx, TORTURE_FAIL, __location__": Expression `%s' failed: %s", __STRING(expr), cmt); \
+		return _res; \
+	}
+
+
+struct nested_search_context {
+	struct torture_context *tctx;
+	struct ldb_dn *root_dn;
+	struct ldb_context *ldb;
+	struct ldb_result *ldb_res;
+};
+
+/*
+ * ldb_search handler - used to executed a nested
+ * ldap search request during LDB_REPLY_ENTRY handling
+ */
+static int nested_search_callback(struct ldb_request *req,
+				  struct ldb_reply *ares)
+{
+	int i;
+	int res;
+	struct nested_search_context *sctx;
+	struct ldb_result *ldb_res;
+	struct ldb_message *ldb_msg;
+	static const char *attrs[] = {
+		"rootDomainNamingContext",
+		"configurationNamingContext",
+		"schemaNamingContext",
+		"defaultNamingContext",
+		NULL
+	};
+
+	sctx = talloc_get_type(req->context, struct nested_search_context);
+
+	/* sanity check */
+	switch (ares->type) {
+	case LDB_REPLY_ENTRY:
+		torture_comment(sctx->tctx, "nested_search_callback: LDB_REPLY_ENTRY\n");
+		ldb_msg = ares->message;
+		torture_assert_res(sctx->tctx, ldb_msg, "ares->message is NULL!", LDB_ERR_OPERATIONS_ERROR);
+		torture_assert_res(sctx->tctx, ldb_msg->num_elements, "No elements returned!", LDB_ERR_OPERATIONS_ERROR);
+		torture_assert_res(sctx->tctx, ldb_msg->elements, "elements member is NULL!", LDB_ERR_OPERATIONS_ERROR);
+		break;
+	case LDB_REPLY_DONE:
+		torture_comment(sctx->tctx, "nested_search_callback: LDB_REPLY_DONE\n");
+		break;
+	case LDB_REPLY_REFERRAL:
+		torture_comment(sctx->tctx, "nested_search_callback: LDB_REPLY_REFERRAL\n");
+		break;
+	}
+
+	/* switch context and let default handler do its job */
+	req->context = sctx->ldb_res;
+	res = ldb_search_default_callback(req, ares);
+	req->context = sctx;
+	if (res != LDB_SUCCESS) {
+		return res;
+	}
+
+	/* not a search reply, then get out */
+	if (ares->type != LDB_REPLY_ENTRY) {
+		return res;
+	}
+
+
+	res = ldb_search(sctx->ldb, sctx, &ldb_res, sctx->root_dn, LDB_SCOPE_BASE, attrs, "(objectClass=*)");
+	if (res != LDB_SUCCESS) {
+		torture_warning(sctx->tctx,
+		                "Search on RootDSE failed in search_entry handler: %s",
+		                ldb_errstring(sctx->ldb));
+		return LDB_SUCCESS;
+	}
+
+	torture_assert_res(sctx->tctx, ldb_res->count == 1, "One message expected here", LDB_ERR_OPERATIONS_ERROR);
+
+	ldb_msg = ldb_res->msgs[0];
+	torture_assert_res(sctx->tctx, ldb_msg->num_elements == (ARRAY_SIZE(attrs)-1),
+			   "Search returned different number of elts than requested", LDB_ERR_OPERATIONS_ERROR);
+	for (i = 0; i < ldb_msg->num_elements; i++) {
+		const char *msg;
+		struct ldb_message_element *elt1;
+		struct ldb_message_element *elt2;
+
+		elt2 = &ldb_msg->elements[i];
+		msg = talloc_asprintf(sctx, "Processing element: %s", elt2->name);
+		elt1 = ldb_msg_find_element(sctx->ldb_res->msgs[0], elt2->name);
+		torture_assert_res(sctx->tctx, elt1, msg, LDB_ERR_OPERATIONS_ERROR);
+
+		/* compare elements */
+		torture_assert_res(sctx->tctx, elt2->flags == elt1->flags, "", LDB_ERR_OPERATIONS_ERROR);
+		torture_assert_res(sctx->tctx, elt2->num_values == elt1->num_values, "", LDB_ERR_OPERATIONS_ERROR);
+	}
+	/* TODO: check returned result */
+
+	return LDB_SUCCESS;
+}
+
+/**
+ * Test nested search execution against RootDSE
+ * on remote LDAP server.
+ */
+bool test_ldap_nested_search(struct torture_context *tctx)
+{
+	int ret;
+	char *url;
+	const char *host = torture_setting_string(tctx, "host", NULL);
+	struct ldb_request *req;
+	struct nested_search_context *sctx;
+	static const char *attrs[] = {
+/*
+		"rootDomainNamingContext",
+		"configurationNamingContext",
+		"schemaNamingContext",
+		"defaultNamingContext",
+*/
+		"*",
+		NULL
+	};
+
+	sctx = talloc_zero(tctx, struct nested_search_context);
+	torture_assert(tctx, sctx, "Not enough memory");
+	sctx->tctx = tctx;
+
+	url = talloc_asprintf(sctx, "ldap://%s/", host);
+	if (!url) {
+		torture_assert(tctx, url, "Not enough memory");
+	}
+
+	torture_comment(tctx, "Connecting to: %s\n", url);
+	sctx->ldb = ldb_wrap_connect(sctx, tctx->ev, tctx->lp_ctx, url,
+	                             NULL,
+	                             cmdline_credentials,
+	                             0);
+	torture_assert(tctx, sctx->ldb, "Failed to create ldb connection");
+
+	/* prepare context for searching */
+	sctx->root_dn = ldb_dn_new(sctx, sctx->ldb, NULL);
+	sctx->ldb_res = talloc_zero(sctx, struct ldb_result);
+
+	/* build search request */
+	ret = ldb_build_search_req(&req,
+	                           sctx->ldb,
+	                           sctx,
+	                           sctx->root_dn, LDB_SCOPE_BASE,
+	                           "(objectClass=*)", attrs, NULL,
+	                           sctx, nested_search_callback,
+	                           NULL);
+	if (ret != LDB_SUCCESS) {
+		torture_result(tctx, TORTURE_FAIL,
+		               __location__ ": Allocating request failed: %s", ldb_errstring(sctx->ldb));
+		return false;
+	}
+
+	ret = ldb_request(sctx->ldb, req);
+	if (ret != LDB_SUCCESS) {
+		torture_result(tctx, TORTURE_FAIL,
+		               __location__ ": Search failed: %s", ldb_errstring(sctx->ldb));
+		return false;
+	}
+
+	ret = ldb_wait(req->handle, LDB_WAIT_ALL);
+	if (ret != LDB_SUCCESS) {
+		torture_result(tctx, TORTURE_FAIL,
+		               __location__ ": Search error: %s", ldb_errstring(sctx->ldb));
+		return false;
+	}
+
+	/* TODO: check returned result */
+
+	talloc_free(sctx);
+	return true;
+}
+


-- 
Samba Shared Repository
