[SCM] Samba Shared Repository - branch master updated
Stefan Metzmacher
metze at samba.org
Fri Jan 29 06:10:56 MST 2010
The branch, master has been updated
via 2dc56d6... s4/ldap: Test to expoit ldb_ildap bug in case of nested search requests
via a4d0ed5... s4/ldap: Fix nested searches SEGFAULT bug
via e3d50e8... s4: Ignore few more auto-generated files
via f450d1f... librpc: rerun 'make idl'
via 34a5d56... security.idl: add wellknown TrustedInstaller SID
from 118725c... s3: by default don't use pthread pool support
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 2dc56d68faabea23d1a2677f404220339180ab1a
Author: Kamen Mazdrashki <kamen.mazdrashki at postpath.com>
Date: Mon Jan 25 03:17:29 2010 +0200
s4/ldap: Test to expoit ldb_ildap bug in case of nested search requests
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit a4d0ed5a1027f4cb58732c78cb63464dbf9cc287
Author: Kamen Mazdrashki <kamen.mazdrashki at postpath.com>
Date: Mon Jan 25 12:22:39 2010 +0200
s4/ldap: Fix nested searches SEGFAULT bug
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit e3d50e89ab5081ae858017f83f3258283baaf978
Author: Kamen Mazdrashki <kamen.mazdrashki at postpath.com>
Date: Fri Jan 22 15:23:17 2010 +0200
s4: Ignore few more auto-generated files
commit f450d1f43a4d4968428a882166ce28231cb67949
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jan 29 13:07:39 2010 +0100
librpc: rerun 'make idl'
metze
commit 34a5d56d5568ed2d50cc618469df1de9e602beba
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jan 29 13:07:00 2010 +0100
security.idl: add wellknown TrustedInstaller SID
metze
-----------------------------------------------------------------------
Summary of changes:
.gitignore | 2 +
librpc/gen_ndr/security.h | 3 +
librpc/idl/security.idl | 7 +
source4/lib/ldb/ldb_ildap/ldb_ildap.c | 11 ++
source4/libcli/ldap/ldap_client.h | 4 +
source4/torture/config.mk | 3 +-
source4/torture/ldap/common.c | 1 +
source4/torture/ldap/nested_search.c | 202 +++++++++++++++++++++++++++++++++
8 files changed, 232 insertions(+), 1 deletions(-)
create mode 100644 source4/torture/ldap/nested_search.c
Changeset truncated at 500 lines:
diff --git a/.gitignore b/.gitignore
index 4f93726..4ffeb20 100644
--- a/.gitignore
+++ b/.gitignore
@@ -120,6 +120,7 @@ source3/samba4-config.mk
source3/torture.tdb
source4/apidocs
source4/auth/ntlm/auth_proto.h
+source4/auth/auth_proto.h
source4/auth/auth_sam.h
source4/auth/auth_sam_reply.h
source4/auth/credentials/credentials_krb5_proto.h
@@ -292,6 +293,7 @@ source4/torture/ldap/proto.h
source4/torture/ldb/proto.h
source4/torture/libnet/proto.h
source4/torture/libnetapi/proto.h
+source4/torture/libsmbclient/proto.h
source4/torture/local/proto.h
source4/torture/nbench/proto.h
source4/torture/nbt/proto.h
diff --git a/librpc/gen_ndr/security.h b/librpc/gen_ndr/security.h
index 0dc50c3..23439be 100644
--- a/librpc/gen_ndr/security.h
+++ b/librpc/gen_ndr/security.h
@@ -133,6 +133,9 @@
#define SID_BUILTIN_REMOTE_DESKTOP_USERS ( "S-1-5-32-555" )
#define SID_BUILTIN_NETWORK_CONF_OPERATORS ( "S-1-5-32-556" )
#define SID_BUILTIN_INCOMING_FOREST_TRUST ( "S-1-5-32-557" )
+#define NAME_NT_SERVICE ( "NT SERVICE" )
+#define SID_NT_NT_SERVICE ( "S-1-5-80" )
+#define SID_NT_TRUSTED_INSTALLER ( "S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464" )
#define DOMAIN_RID_LOGON ( 9 )
#define DOMAIN_RID_ENTERPRISE_READONLY_DCS ( 498 )
#define DOMAIN_RID_ADMINISTRATOR ( 500 )
diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl
index b191414..3e0ae47 100644
--- a/librpc/idl/security.idl
+++ b/librpc/idl/security.idl
@@ -264,6 +264,13 @@ interface security
const string SID_BUILTIN_NETWORK_CONF_OPERATORS = "S-1-5-32-556";
const string SID_BUILTIN_INCOMING_FOREST_TRUST = "S-1-5-32-557";
+ /* SECURITY_NT_SERVICE */
+ const string NAME_NT_SERVICE = "NT SERVICE";
+
+ const string SID_NT_NT_SERVICE = "S-1-5-80";
+ const string SID_NT_TRUSTED_INSTALLER =
+ "S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464";
+
/* well-known domain RIDs */
const int DOMAIN_RID_LOGON = 9;
const int DOMAIN_RID_ENTERPRISE_READONLY_DCS = 498;
diff --git a/source4/lib/ldb/ldb_ildap/ldb_ildap.c b/source4/lib/ldb/ldb_ildap/ldb_ildap.c
index 53257a1..6eb2e17 100644
--- a/source4/lib/ldb/ldb_ildap/ldb_ildap.c
+++ b/source4/lib/ldb/ldb_ildap/ldb_ildap.c
@@ -278,6 +278,13 @@ static void ildb_callback(struct ldap_request *req)
break;
case LDAP_TAG_SearchRequest:
+ /* check if we are already processing this request */
+ if (req->in_dispatch_replies) {
+ return;
+ }
+
+ req->in_dispatch_replies = true;
+
/* loop over all messages */
for (i = 0; i < req->num_replies; i++) {
@@ -327,6 +334,7 @@ static void ildb_callback(struct ldap_request *req)
if (ret != LDB_SUCCESS) {
callback_failed = true;
}
+
break;
case LDAP_TAG_SearchResultReference:
@@ -337,6 +345,7 @@ static void ildb_callback(struct ldap_request *req)
if (ret != LDB_SUCCESS) {
callback_failed = true;
}
+
break;
default:
@@ -350,6 +359,8 @@ static void ildb_callback(struct ldap_request *req)
}
}
+ req->in_dispatch_replies = false;
+
talloc_free(req->replies);
req->replies = NULL;
req->num_replies = 0;
diff --git a/source4/libcli/ldap/ldap_client.h b/source4/libcli/ldap/ldap_client.h
index 084de2e..d6ca29f 100644
--- a/source4/libcli/ldap/ldap_client.h
+++ b/source4/libcli/ldap/ldap_client.h
@@ -37,6 +37,10 @@ struct ldap_request {
int num_replies;
struct ldap_message **replies;
+ /* mark while we are processing replies
+ * in request of type LDAP_TAG_SearchRequest */
+ bool in_dispatch_replies;
+
NTSTATUS status;
DATA_BLOB data;
struct {
diff --git a/source4/torture/config.mk b/source4/torture/config.mk
index f7762db..34df547 100644
--- a/source4/torture/config.mk
+++ b/source4/torture/config.mk
@@ -200,7 +200,8 @@ PRIVATE_DEPENDENCIES = \
# End SUBSYSTEM TORTURE_LDAP
#################################
-TORTURE_LDAP_OBJ_FILES = $(addprefix $(torturesrcdir)/ldap/, common.o basic.o schema.o uptodatevector.o cldap.o cldapbench.o ldap_sort.o)
+TORTURE_LDAP_OBJ_FILES = $(addprefix $(torturesrcdir)/ldap/, common.o basic.o schema.o uptodatevector.o \
+ cldap.o cldapbench.o ldap_sort.o nested_search.o)
$(eval $(call proto_header_template,$(torturesrcdir)/ldap/proto.h,$(TORTURE_LDAP_OBJ_FILES:.o=.c)))
diff --git a/source4/torture/ldap/common.c b/source4/torture/ldap/common.c
index 4a2bc2e..3891175 100644
--- a/source4/torture/ldap/common.c
+++ b/source4/torture/ldap/common.c
@@ -109,6 +109,7 @@ NTSTATUS torture_ldap_init(void)
torture_suite_add_simple_test(suite, "CLDAP", torture_cldap);
torture_suite_add_simple_test(suite, "SCHEMA", torture_ldap_schema);
torture_suite_add_simple_test(suite, "UPTODATEVECTOR", torture_ldap_uptodatevector);
+ torture_suite_add_simple_test(suite, "NESTED-SEARCH", test_ldap_nested_search);
suite->description = talloc_strdup(suite, "LDAP and CLDAP tests");
diff --git a/source4/torture/ldap/nested_search.c b/source4/torture/ldap/nested_search.c
new file mode 100644
index 0000000..978c880
--- /dev/null
+++ b/source4/torture/ldap/nested_search.c
@@ -0,0 +1,202 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ BRIEF FILE DESCRIPTION
+
+ Copyright (C) Kamen Mazdrashki <kamen.mazdrashki at postpath.com> 2010
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "ldb.h"
+#include "ldb_wrap.h"
+#include "lib/cmdline/popt_common.h"
+#include "torture/torture.h"
+
+#define torture_assert_res(torture_ctx,expr,cmt,_res) \
+ if (!(expr)) { \
+ torture_result(torture_ctx, TORTURE_FAIL, __location__": Expression `%s' failed: %s", __STRING(expr), cmt); \
+ return _res; \
+ }
+
+
+struct nested_search_context {
+ struct torture_context *tctx;
+ struct ldb_dn *root_dn;
+ struct ldb_context *ldb;
+ struct ldb_result *ldb_res;
+};
+
+/*
+ * ldb_search handler - used to executed a nested
+ * ldap search request during LDB_REPLY_ENTRY handling
+ */
+static int nested_search_callback(struct ldb_request *req,
+ struct ldb_reply *ares)
+{
+ int i;
+ int res;
+ struct nested_search_context *sctx;
+ struct ldb_result *ldb_res;
+ struct ldb_message *ldb_msg;
+ static const char *attrs[] = {
+ "rootDomainNamingContext",
+ "configurationNamingContext",
+ "schemaNamingContext",
+ "defaultNamingContext",
+ NULL
+ };
+
+ sctx = talloc_get_type(req->context, struct nested_search_context);
+
+ /* sanity check */
+ switch (ares->type) {
+ case LDB_REPLY_ENTRY:
+ torture_comment(sctx->tctx, "nested_search_callback: LDB_REPLY_ENTRY\n");
+ ldb_msg = ares->message;
+ torture_assert_res(sctx->tctx, ldb_msg, "ares->message is NULL!", LDB_ERR_OPERATIONS_ERROR);
+ torture_assert_res(sctx->tctx, ldb_msg->num_elements, "No elements returned!", LDB_ERR_OPERATIONS_ERROR);
+ torture_assert_res(sctx->tctx, ldb_msg->elements, "elements member is NULL!", LDB_ERR_OPERATIONS_ERROR);
+ break;
+ case LDB_REPLY_DONE:
+ torture_comment(sctx->tctx, "nested_search_callback: LDB_REPLY_DONE\n");
+ break;
+ case LDB_REPLY_REFERRAL:
+ torture_comment(sctx->tctx, "nested_search_callback: LDB_REPLY_REFERRAL\n");
+ break;
+ }
+
+ /* switch context and let default handler do its job */
+ req->context = sctx->ldb_res;
+ res = ldb_search_default_callback(req, ares);
+ req->context = sctx;
+ if (res != LDB_SUCCESS) {
+ return res;
+ }
+
+ /* not a search reply, then get out */
+ if (ares->type != LDB_REPLY_ENTRY) {
+ return res;
+ }
+
+
+ res = ldb_search(sctx->ldb, sctx, &ldb_res, sctx->root_dn, LDB_SCOPE_BASE, attrs, "(objectClass=*)");
+ if (res != LDB_SUCCESS) {
+ torture_warning(sctx->tctx,
+ "Search on RootDSE failed in search_entry handler: %s",
+ ldb_errstring(sctx->ldb));
+ return LDB_SUCCESS;
+ }
+
+ torture_assert_res(sctx->tctx, ldb_res->count == 1, "One message expected here", LDB_ERR_OPERATIONS_ERROR);
+
+ ldb_msg = ldb_res->msgs[0];
+ torture_assert_res(sctx->tctx, ldb_msg->num_elements == (ARRAY_SIZE(attrs)-1),
+ "Search returned different number of elts than requested", LDB_ERR_OPERATIONS_ERROR);
+ for (i = 0; i < ldb_msg->num_elements; i++) {
+ const char *msg;
+ struct ldb_message_element *elt1;
+ struct ldb_message_element *elt2;
+
+ elt2 = &ldb_msg->elements[i];
+ msg = talloc_asprintf(sctx, "Processing element: %s", elt2->name);
+ elt1 = ldb_msg_find_element(sctx->ldb_res->msgs[0], elt2->name);
+ torture_assert_res(sctx->tctx, elt1, msg, LDB_ERR_OPERATIONS_ERROR);
+
+ /* compare elements */
+ torture_assert_res(sctx->tctx, elt2->flags == elt1->flags, "", LDB_ERR_OPERATIONS_ERROR);
+ torture_assert_res(sctx->tctx, elt2->num_values == elt1->num_values, "", LDB_ERR_OPERATIONS_ERROR);
+ }
+ /* TODO: check returned result */
+
+ return LDB_SUCCESS;
+}
+
+/**
+ * Test nested search execution against RootDSE
+ * on remote LDAP server.
+ */
+bool test_ldap_nested_search(struct torture_context *tctx)
+{
+ int ret;
+ char *url;
+ const char *host = torture_setting_string(tctx, "host", NULL);
+ struct ldb_request *req;
+ struct nested_search_context *sctx;
+ static const char *attrs[] = {
+/*
+ "rootDomainNamingContext",
+ "configurationNamingContext",
+ "schemaNamingContext",
+ "defaultNamingContext",
+*/
+ "*",
+ NULL
+ };
+
+ sctx = talloc_zero(tctx, struct nested_search_context);
+ torture_assert(tctx, sctx, "Not enough memory");
+ sctx->tctx = tctx;
+
+ url = talloc_asprintf(sctx, "ldap://%s/", host);
+ if (!url) {
+ torture_assert(tctx, url, "Not enough memory");
+ }
+
+ torture_comment(tctx, "Connecting to: %s\n", url);
+ sctx->ldb = ldb_wrap_connect(sctx, tctx->ev, tctx->lp_ctx, url,
+ NULL,
+ cmdline_credentials,
+ 0);
+ torture_assert(tctx, sctx->ldb, "Failed to create ldb connection");
+
+ /* prepare context for searching */
+ sctx->root_dn = ldb_dn_new(sctx, sctx->ldb, NULL);
+ sctx->ldb_res = talloc_zero(sctx, struct ldb_result);
+
+ /* build search request */
+ ret = ldb_build_search_req(&req,
+ sctx->ldb,
+ sctx,
+ sctx->root_dn, LDB_SCOPE_BASE,
+ "(objectClass=*)", attrs, NULL,
+ sctx, nested_search_callback,
+ NULL);
+ if (ret != LDB_SUCCESS) {
+ torture_result(tctx, TORTURE_FAIL,
+ __location__ ": Allocating request failed: %s", ldb_errstring(sctx->ldb));
+ return false;
+ }
+
+ ret = ldb_request(sctx->ldb, req);
+ if (ret != LDB_SUCCESS) {
+ torture_result(tctx, TORTURE_FAIL,
+ __location__ ": Search failed: %s", ldb_errstring(sctx->ldb));
+ return false;
+ }
+
+ ret = ldb_wait(req->handle, LDB_WAIT_ALL);
+ if (ret != LDB_SUCCESS) {
+ torture_result(tctx, TORTURE_FAIL,
+ __location__ ": Search error: %s", ldb_errstring(sctx->ldb));
+ return false;
+ }
+
+ /* TODO: check returned result */
+
+ talloc_free(sctx);
+ return true;
+}
+
--
Samba Shared Repository
More information about the samba-cvs
mailing list