[SCM] Samba Shared Repository - branch master updated

Andrew Tridgell tridge at samba.org
Thu Jul 1 20:49:54 MDT 2010 

The branch, master has been updated
       via  84c5dd1... s4-ldb: fixed error handling in openldap backend
       via  277a9b4... s4-ldb: fixed the parsing of references in the openldap backend
       via  f9022a1... s4-dsdb: fixed use after free of sasl mechanisms opaque
       via  2671b5a... s4-dsdb: fixed spelling of supportedSASLMechanisms
      from  c482798... s4:dsdb Ensure we free old schema copies

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 84c5dd1e4bb1b4c45d7b5ac68ab432cfc399835c
Author: Andrew Tridgell <tridge at samba.org>
Date:   Fri Jul 2 11:39:28 2010 +1000

    s4-ldb: fixed error handling in openldap backend
    
    fixed several bugs in error handling. the ldb context was used without
    being initialised in the error paths, and several error paths did not
    set an ldb error string.

commit 277a9b4aaca60745acfa3f82bd021390de337a26
Author: Andrew Tridgell <tridge at samba.org>
Date:   Fri Jul 2 11:37:50 2010 +1000

    s4-ldb: fixed the parsing of references in the openldap backend
    
    We need to use ldap_parse_reference() not ldap_parse_result()

commit f9022a1a30dbe57c6b6226c1f3d749b0ba87ce66
Author: Andrew Tridgell <tridge at samba.org>
Date:   Wed Jun 30 13:49:05 2010 +1000

    s4-dsdb: fixed use after free of sasl mechanisms opaque
    
    the supportedSASLMechanisms opaque must live for at least as long as
    the ldb, or we can crash when the first connection is torn down
    
    Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>

commit 2671b5aeb0442b1c2a67ba9c43113ba3eec6bc15
Author: Andrew Tridgell <tridge at samba.org>
Date:   Wed Jun 30 13:47:29 2010 +1000

    s4-dsdb: fixed spelling of supportedSASLMechanisms
    
    Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 source4/dsdb/samdb/ldb_modules/rootdse.c |    2 +-
 source4/ldap_server/ldap_backend.c       |    8 ++++++-
 source4/lib/ldb/ldb_ldap/ldb_ldap.c      |   31 ++++++++++++++++++++---------
 3 files changed, 29 insertions(+), 12 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c
index 0cb0f3f..2219f59 100644
--- a/source4/dsdb/samdb/ldb_modules/rootdse.c
+++ b/source4/dsdb/samdb/ldb_modules/rootdse.c
@@ -220,7 +220,7 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms
  		}
 	}
 
-	server_sasl = talloc_get_type(ldb_get_opaque(ldb, "supportedSASLMechanims"),
+	server_sasl = talloc_get_type(ldb_get_opaque(ldb, "supportedSASLMechanisms"),
 				       char *);
 	if (server_sasl && do_attribute(attrs, "supportedSASLMechanisms")) {
 		unsigned int i;
diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index c1bd630..23210fa 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -219,7 +219,13 @@ NTSTATUS ldapsrv_backend_Init(struct ldapsrv_connection *conn)
 			}
 		}
 		talloc_unlink(conn, ops);
-		ldb_set_opaque(conn->ldb, "supportedSASLMechanims", sasl_mechs);
+
+		/* ldb can have a different lifetime to conn, so we
+		   need to ensure that sasl_mechs lives as long as the
+		   ldb does */
+		talloc_steal(conn->ldb, sasl_mechs);
+
+		ldb_set_opaque(conn->ldb, "supportedSASLMechanisms", sasl_mechs);
 	}
 
 	return NT_STATUS_OK;
diff --git a/source4/lib/ldb/ldb_ldap/ldb_ldap.c b/source4/lib/ldb/ldb_ldap/ldb_ldap.c
index 11edd34..292da7a 100644
--- a/source4/lib/ldb/ldb_ldap/ldb_ldap.c
+++ b/source4/lib/ldb/ldb_ldap/ldb_ldap.c
@@ -282,7 +282,7 @@ static int lldb_add(struct lldb_context *lldb_ac)
 	char *dn;
 	int ret;
 
-	ldb_module_get_ctx(module);
+	ldb = ldb_module_get_ctx(module);
 
 	ldb_request_set_state(req, LDB_ASYNC_PENDING);
 
@@ -321,7 +321,7 @@ static int lldb_modify(struct lldb_context *lldb_ac)
 	char *dn;
 	int ret;
 
-	ldb_module_get_ctx(module);
+	ldb = ldb_module_get_ctx(module);
 
 	ldb_request_set_state(req, LDB_ASYNC_PENDING);
 
@@ -359,7 +359,7 @@ static int lldb_delete(struct lldb_context *lldb_ac)
 	char *dnstr;
 	int ret;
 
-	ldb_module_get_ctx(module);
+	ldb = ldb_module_get_ctx(module);
 
 	ldb_request_set_state(req, LDB_ASYNC_PENDING);
 
@@ -391,7 +391,7 @@ static int lldb_rename(struct lldb_context *lldb_ac)
 	char *parentdn;
 	int ret;
 
-	ldb_module_get_ctx(module);
+	ldb = ldb_module_get_ctx(module);
 
 	ldb_request_set_state(req, LDB_ASYNC_PENDING);
 
@@ -502,20 +502,24 @@ static bool lldb_parse_result(struct lldb_context *ac, LDAPMessage *result)
 
 			ldbmsg = ldb_msg_new(ac);
 			if (!ldbmsg) {
+				ldb_oom(ldb);
 				ret = LDB_ERR_OPERATIONS_ERROR;
 				break;
 			}
 
 			dn = ldap_get_dn(lldb->ldap, msg);
 			if (!dn) {
+				ldb_oom(ldb);
 				talloc_free(ldbmsg);
 				ret = LDB_ERR_OPERATIONS_ERROR;
 				break;
 			}
 			ldbmsg->dn = ldb_dn_new(ldbmsg, ldb, dn);
 			if ( ! ldb_dn_validate(ldbmsg->dn)) {
+				ldb_asprintf_errstring(ldb, "Invalid DN '%s' in reply", dn);
 				talloc_free(ldbmsg);
 				ret = LDB_ERR_OPERATIONS_ERROR;
+				ldap_memfree(dn);
 				break;
 			}
 			ldap_memfree(dn);
@@ -539,7 +543,8 @@ static bool lldb_parse_result(struct lldb_context *ac, LDAPMessage *result)
 
 			ret = ldb_module_send_entry(ac->req, ldbmsg, NULL /* controls not yet supported */);
 			if (ret != LDB_SUCCESS) {
-
+				ldb_asprintf_errstring(ldb, "entry send failed: %s",
+						       ldb_errstring(ldb));
 				callback_failed = true;
 			}
 		} else {
@@ -549,15 +554,16 @@ static bool lldb_parse_result(struct lldb_context *ac, LDAPMessage *result)
 
 	case LDAP_RES_SEARCH_REFERENCE:
 
-		if (ldap_parse_result(lldb->ldap, result, &ret,
-					&matcheddnp, &errmsgp,
-					&referralsp, &serverctrlsp, 0) != LDAP_SUCCESS) {
+		ret = ldap_parse_reference(lldb->ldap, result,
+					   &referralsp, &serverctrlsp, 0);
+		if (ret != LDAP_SUCCESS) {
+			ldb_asprintf_errstring(ldb, "ldap reference parse error: %s : %s",
+					       ldap_err2string(ret), errmsgp);
 			ret = LDB_ERR_OPERATIONS_ERROR;
-		}
-		if (ret != LDB_SUCCESS) {
 			break;
 		}
 		if (referralsp == NULL) {
+			ldb_asprintf_errstring(ldb, "empty ldap referrals list");
 			ret = LDB_ERR_PROTOCOL_ERROR;
 			break;
 		}
@@ -567,6 +573,8 @@ static bool lldb_parse_result(struct lldb_context *ac, LDAPMessage *result)
 
 			ret = ldb_module_send_referral(ac->req, referral);
 			if (ret != LDB_SUCCESS) {
+				ldb_asprintf_errstring(ldb, "referral send failed: %s",
+						       ldb_errstring(ldb));
 				callback_failed = true;
 				break;
 			}
@@ -585,6 +593,8 @@ static bool lldb_parse_result(struct lldb_context *ac, LDAPMessage *result)
 			ret = LDB_ERR_OPERATIONS_ERROR;
 		}
 		if (ret != LDB_SUCCESS) {
+			ldb_asprintf_errstring(ldb, "ldap parse error for type %d: %s : %s",
+					       type, ldap_err2string(ret), errmsgp);
 			break;
 		}
 
@@ -597,6 +607,7 @@ static bool lldb_parse_result(struct lldb_context *ac, LDAPMessage *result)
 		break;
 
 	default:
+		ldb_asprintf_errstring(ldb, "unknown ldap return type: %d", type);
 		ret = LDB_ERR_PROTOCOL_ERROR;
 		break;
 	}


-- 
Samba Shared Repository

More information about the samba-cvs mailing list