[SCM] Samba Shared Repository - branch master updated
Andrew Tridgell
tridge at samba.org
Mon Oct 18 19:28:02 MDT 2010
The branch, master has been updated
via f6a9708 s4-ldb: increase minor version for 2 new functions
via 423365d s4-ldap: mark all ldap:// requests as untrusted
via 80a4adc s4-dsdb: filter unregistered controls in the rootdse module
via d16fe72 s4-ldb: cope with NULL oid in controls
via 5f6c004 s4-ldb: added --relax cmdline option
via ff456cd s4-ldb: added ldb_req_mark_untrusted() and ldb_req_is_untrusted()
via 968381a waf: put -Wl,-no-undefined only in the linker flags, not when compiling C
via 1b83558 waf: don't save deps on install
via d485701 waf: automap shared library names from .so to the right extension
via 7197bcc readline: fixed the test for history_list()
via ec90b24 replace: cope with systems that have fdatasync(), but don't have the prototype
from 1ac19c1 s4:ldap_server - use error code constant
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit f6a9708b546ac54a74c8718aedd9e5ac976fc72b
Author: Andrew Tridgell <tridge at samba.org>
Date: Tue Oct 19 11:47:22 2010 +1100
s4-ldb: increase minor version for 2 new functions
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
Autobuild-User: Andrew Tridgell <tridge at samba.org>
Autobuild-Date: Tue Oct 19 01:27:44 UTC 2010 on sn-devel-104
commit 423365d5fa6b66f8be370accedfc6ed04d6df6b3
Author: Andrew Tridgell <tridge at samba.org>
Date: Tue Oct 19 11:22:12 2010 +1100
s4-ldap: mark all ldap:// requests as untrusted
this allows the rootdse module to filter unregistered controls
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
commit 80a4adc062a64e25a9ba0986e426c21599d1a366
Author: Andrew Tridgell <tridge at samba.org>
Date: Tue Oct 19 11:21:45 2010 +1100
s4-dsdb: filter unregistered controls in the rootdse module
if we get an unregistered control in the rootdse module, and the
request comes from an untrusted source (eg. ldap://) then we need to:
1) filter the control out if it is marked non-critical
2) give an error if it is marked critical
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
commit d16fe72585445e7fd3724a7413ca7e03ee633fc9
Author: Andrew Tridgell <tridge at samba.org>
Date: Tue Oct 19 11:20:14 2010 +1100
s4-ldb: cope with NULL oid in controls
the ldap server will mark a control with a NULL oid in order to remove
it. This prevents a O(n^2) cost in control handling.
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
commit 5f6c004dec2140755ddfe5f801775e19a03a7ec8
Author: Andrew Tridgell <tridge at samba.org>
Date: Tue Oct 19 11:19:20 2010 +1100
s4-ldb: added --relax cmdline option
this adds the relax control
commit ff456cd1007dc06a51c5e60394964bcf898b24d2
Author: Andrew Tridgell <tridge at samba.org>
Date: Tue Oct 19 11:17:53 2010 +1100
s4-ldb: added ldb_req_mark_untrusted() and ldb_req_is_untrusted()
these will be used to determine if a ldb request comes from an
untrusted source. We want requests over ldap:// to be marked untrusted
so we can reject unregistered controls
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
commit 968381a4e2e7c8350b89104c17568259d35787a5
Author: Andrew Tridgell <tridge at samba.org>
Date: Mon Oct 18 15:17:56 2010 +1100
waf: put -Wl,-no-undefined only in the linker flags, not when compiling C
commit 1b8355897d1db0a127b6357ff5a3b2eb1c1e3b71
Author: Andrew Tridgell <tridge at samba.org>
Date: Sun Oct 17 22:34:17 2010 +1100
waf: don't save deps on install
this prevents an install triggering a new check of the project rules
on the next build
commit d48570143656d1c570c282f8e21e058508910f3c
Author: Andrew Tridgell <tridge at samba.org>
Date: Sun Oct 17 21:58:22 2010 +1100
waf: automap shared library names from .so to the right extension
this should help with MacOSX .dylib libraries
commit 7197bcc513e707676f10734cffd6f2f494a360c1
Author: Andrew Tridgell <tridge at samba.org>
Date: Sat Oct 16 19:54:05 2010 +1100
readline: fixed the test for history_list()
commit ec90b249ecbd415c931630070b0831c6cf86d2d4
Author: Andrew Tridgell <tridge at samba.org>
Date: Sat Oct 16 19:53:17 2010 +1100
replace: cope with systems that have fdatasync(), but don't have the prototype
this is needed for MacOSX 10.4.1
-----------------------------------------------------------------------
Summary of changes:
buildtools/wafsamba/samba_autoconf.py | 27 +++++-
buildtools/wafsamba/samba_deps.py | 3 +-
buildtools/wafsamba/samba_install.py | 18 ++--
buildtools/wafsamba/samba_utils.py | 39 ++++++++
buildtools/wafsamba/wafsamba.py | 9 +-
buildtools/wafsamba/wscript | 7 +-
lib/replace/libreplace.m4 | 1 +
lib/replace/replace.h | 2 +
lib/replace/wscript | 5 +-
libcli/smbreadline/wscript_configure | 2 +-
source4/dsdb/samdb/ldb_modules/rootdse.c | 103 ++++++++++++++++----
source4/heimdal_build/wscript_build | 6 +-
source4/ldap_server/ldap_backend.c | 21 ++++
.../ldb/ABI/{ldb-0.9.15.sigs => ldb-0.9.16.sigs} | 2 +
source4/lib/ldb/common/ldb.c | 27 +++++-
source4/lib/ldb/common/ldb_controls.c | 10 +-
source4/lib/ldb/include/ldb_module.h | 11 ++
source4/lib/ldb/include/ldb_private.h | 2 +
source4/lib/ldb/tools/cmdline.c | 9 ++
source4/lib/ldb/wscript | 2 +-
20 files changed, 257 insertions(+), 49 deletions(-)
copy source4/lib/ldb/ABI/{ldb-0.9.15.sigs => ldb-0.9.16.sigs} (99%)
Changeset truncated at 500 lines:
diff --git a/buildtools/wafsamba/samba_autoconf.py b/buildtools/wafsamba/samba_autoconf.py
index 9835204..dffc5f0 100644
--- a/buildtools/wafsamba/samba_autoconf.py
+++ b/buildtools/wafsamba/samba_autoconf.py
@@ -562,8 +562,10 @@ def SAMBA_CONFIG_H(conf, path=None):
if Options.options.developer:
# we add these here to ensure that -Wstrict-prototypes is not set during configure
- conf.ADD_CFLAGS('-Wall -g -Wshadow -Wstrict-prototypes -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -Werror-implicit-function-declaration -Wformat=2 -Wno-format-y2k -Wl,-no-undefined',
+ conf.ADD_CFLAGS('-Wall -g -Wshadow -Wstrict-prototypes -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -Werror-implicit-function-declaration -Wformat=2 -Wno-format-y2k',
testflags=True)
+ conf.ADD_LDFLAGS('-Wl,-no-undefined', testflags=True)
+
if Options.options.picky_developer:
conf.ADD_CFLAGS('-Werror', testflags=True)
@@ -605,6 +607,21 @@ def ADD_CFLAGS(conf, flags, testflags=False):
conf.env['EXTRA_CFLAGS'] = []
conf.env['EXTRA_CFLAGS'].extend(TO_LIST(flags))
+ at conf
+def ADD_LDFLAGS(conf, flags, testflags=False):
+ '''add some LDFLAGS to the command line
+ optionally set testflags to ensure all the flags work
+ '''
+ if testflags:
+ ok_flags=[]
+ for f in flags.split():
+ if CHECK_CFLAGS(conf, f):
+ ok_flags.append(f)
+ flags = ok_flags
+ if not 'EXTRA_LDFLAGS' in conf.env:
+ conf.env['EXTRA_LDFLAGS'] = []
+ conf.env['EXTRA_LDFLAGS'].extend(TO_LIST(flags))
+
@conf
@@ -629,6 +646,14 @@ def CURRENT_CFLAGS(bld, target, cflags, hide_symbols=False):
return ret
+def CURRENT_LDFLAGS(bld, target, cflags, hide_symbols=False):
+ '''work out the current loader flags. local flags are added first'''
+ flags = CURRENT_CFLAGS(bld, target, cflags, hide_symbols=hide_symbols)
+ if 'EXTRA_LDFLAGS' in bld.env:
+ flags.extend(bld.env['EXTRA_LDFLAGS'])
+ return flags
+
+
@conf
def CHECK_CC_ENV(conf):
"""trim whitespaces from 'CC'.
diff --git a/buildtools/wafsamba/samba_deps.py b/buildtools/wafsamba/samba_deps.py
index dee9f5d..933a18b 100644
--- a/buildtools/wafsamba/samba_deps.py
+++ b/buildtools/wafsamba/samba_deps.py
@@ -978,7 +978,8 @@ def check_project_rules(bld):
debug('deps: project rules checking completed - %u targets checked',
len(tgt_list))
- save_samba_deps(bld, tgt_list)
+ if not bld.is_install:
+ save_samba_deps(bld, tgt_list)
Logs.info("Project rules pass")
diff --git a/buildtools/wafsamba/samba_install.py b/buildtools/wafsamba/samba_install.py
index dda44cd..eaeaff3 100644
--- a/buildtools/wafsamba/samba_install.py
+++ b/buildtools/wafsamba/samba_install.py
@@ -87,21 +87,21 @@ def install_library(self):
install_name = self.samba_realname
install_link = None
if getattr(self, 'samba_type', None) == 'PYTHON':
- inst_name = '%s.so' % t.target
+ inst_name = bld.make_libname(t.target, nolibprefix=True, python=True)
else:
- inst_name = 'lib%s.so' % t.target
+ inst_name = bld.make_libname(t.target)
elif self.vnum:
vnum_base = self.vnum.split('.')[0]
- install_name = 'lib%s.so.%s' % (self.target, self.vnum)
- install_link = 'lib%s.so.%s' % (self.target, vnum_base)
- inst_name = 'lib%s.so' % t.target
+ install_name = bld.make_libname(self.target, version=self.vnum)
+ install_link = bld.make_libname(self.target, version=vnum_base)
+ inst_name = bld.make_libname(t.target)
if not self.is_bundled:
# only generate the dev link for non-bundled libs
- dev_link = 'lib%s.so' % self.target
+ dev_link = bld.make_libname(self.target)
else:
- install_name = 'lib%s.so' % self.target
+ install_name = bld.make_libname(self.target)
install_link = None
- inst_name = 'lib%s.so' % t.target
+ inst_name = bld.make_libname(t.target)
if t.env.SONAME_ST and install_link:
t.env.append_value('LINKFLAGS', t.env.SONAME_ST % install_link)
@@ -142,7 +142,7 @@ def symlink_lib(self):
link_target = getattr(self, 'link_name', '')
if link_target == '':
- link_target = '%s/lib%s.so%s' % (LIB_PATH, self.target, soext)
+ link_target = '%s/%s' % (LIB_PATH, self.bld.make_libname(self.target, version=soext))
link_target = os.path.join(blddir, link_target)
diff --git a/buildtools/wafsamba/samba_utils.py b/buildtools/wafsamba/samba_utils.py
index 7ce9f75..e86056e 100644
--- a/buildtools/wafsamba/samba_utils.py
+++ b/buildtools/wafsamba/samba_utils.py
@@ -527,3 +527,42 @@ def reconfigure(ctx):
bld = samba_wildcard.fake_build_environment()
Configure.autoconfig = True
Scripting.check_configured(bld)
+
+
+def map_shlib_extension(ctx, name, python=False):
+ '''map a filename with a shared library extension of .so to the real shlib name'''
+ if name is None:
+ return None
+ (root1, ext1) = os.path.splitext(name)
+ if python:
+ (root2, ext2) = os.path.splitext(ctx.env.pyext_PATTERN)
+ else:
+ (root2, ext2) = os.path.splitext(ctx.env.shlib_PATTERN)
+ return root1+ext2
+Build.BuildContext.map_shlib_extension = map_shlib_extension
+
+
+def make_libname(ctx, name, nolibprefix=False, version=None, python=False):
+ """make a library filename
+ Options:
+ nolibprefix: don't include the lib prefix
+ version : add a version number
+ python : if we should use python module name conventions"""
+
+ if python:
+ libname = ctx.env.pyext_PATTERN % name
+ else:
+ libname = ctx.env.shlib_PATTERN % name
+ if nolibprefix and libname[0:3] == 'lib':
+ libname = libname[3:]
+ if version:
+ if version[0] == '.':
+ version = version[1:]
+ (root, ext) = os.path.splitext(libname)
+ if ext == ".dylib":
+ # special case - version goes before the prefix
+ libname = "%s.%s%s" % (root, version, ext)
+ else:
+ libname = "%s%s.%s" % (root, ext, version)
+ return libname
+Build.BuildContext.make_libname = make_libname
diff --git a/buildtools/wafsamba/wafsamba.py b/buildtools/wafsamba/wafsamba.py
index 2f5d786..e848d39 100644
--- a/buildtools/wafsamba/wafsamba.py
+++ b/buildtools/wafsamba/wafsamba.py
@@ -164,6 +164,9 @@ def SAMBA_LIBRARY(bld, libname, source,
deps = TO_LIST(deps)
deps.append(obj_target)
+ realname = bld.map_shlib_extension(realname, python=(target_type=='PYTHON'))
+ link_name = bld.map_shlib_extension(link_name, python=(target_type=='PYTHON'))
+
if target_type == 'PYTHON' or realname or not is_bundled:
# Sanitize the library name
bundled_name = libname.lower().replace('_', '-')
@@ -188,7 +191,7 @@ def SAMBA_LIBRARY(bld, libname, source,
features = features,
source = [],
target = bundled_name,
- samba_cflags = CURRENT_CFLAGS(bld, libname, cflags),
+ samba_cflags = CURRENT_LDFLAGS(bld, libname, cflags),
depends_on = depends_on,
samba_deps = deps,
samba_includes = includes,
@@ -286,7 +289,7 @@ def SAMBA_BINARY(bld, binname, source,
features = features,
source = [],
target = binname,
- samba_cflags = CURRENT_CFLAGS(bld, binname, cflags),
+ samba_cflags = CURRENT_LDFLAGS(bld, binname, cflags),
samba_deps = deps,
samba_includes = includes,
local_include = local_include,
@@ -363,7 +366,7 @@ def SAMBA_MODULE(bld, modname, source,
while realname.startswith(subsystem+"_"):
realname = realname[len(subsystem+"_"):]
- realname = bld.env.shlib_PATTERN % realname
+ realname = bld.make_libname(realname)
while realname.startswith("lib"):
realname = realname[len("lib"):]
diff --git a/buildtools/wafsamba/wscript b/buildtools/wafsamba/wscript
index e2b1a27..c46c486 100644
--- a/buildtools/wafsamba/wscript
+++ b/buildtools/wafsamba/wscript
@@ -280,7 +280,12 @@ def configure(conf):
if 'HAVE_SYS_TIME_H' in conf.env and 'HAVE_TIME_H' in conf.env:
conf.DEFINE('TIME_WITH_SYS_TIME', 1)
- conf.define('SHLIBEXT', "so", quote=True)
+ # cope with different extensions for libraries
+ (root, ext) = os.path.splitext(conf.env.shlib_PATTERN)
+ if ext[0] == '.':
+ conf.define('SHLIBEXT', ext[1:], quote=True)
+ else:
+ conf.define('SHLIBEXT', "so", quote=True)
conf.CHECK_CODE('long one = 1; return ((char *)(&one))[0]',
execute=True,
diff --git a/lib/replace/libreplace.m4 b/lib/replace/libreplace.m4
index 0d716e0..3dd64ef 100644
--- a/lib/replace/libreplace.m4
+++ b/lib/replace/libreplace.m4
@@ -115,6 +115,7 @@ AC_CHECK_FUNCS(fdatasync,,[
[libreplace_cv_HAVE_FDATASYNC_IN_LIBRT=yes
AC_DEFINE(HAVE_FDATASYNC, 1, Define to 1 if there is support for fdatasync)])
])
+AC_HAVE_DECL(fdatasync, [#include <unistd.h>])
AC_CHECK_FUNCS(clock_gettime,libreplace_cv_have_clock_gettime=yes,[
AC_CHECK_LIB(rt, clock_gettime,
[libreplace_cv_HAVE_CLOCK_GETTIME_IN_LIBRT=yes
diff --git a/lib/replace/replace.h b/lib/replace/replace.h
index 8fde16c..10c7ee7 100644
--- a/lib/replace/replace.h
+++ b/lib/replace/replace.h
@@ -756,6 +756,8 @@ char *ufc_crypt(const char *key, const char *salt);
#ifndef HAVE_FDATASYNC
#define fdatasync(fd) fsync(fd)
+#elif !defined(HAVE_DECL_FDATASYNC)
+int fdatasync(int );
#endif
/* these are used to mark symbols as local to a shared lib, or
diff --git a/lib/replace/wscript b/lib/replace/wscript
index fef3663..a3cde2b 100644
--- a/lib/replace/wscript
+++ b/lib/replace/wscript
@@ -173,7 +173,10 @@ def configure(conf):
conf.CHECK_C_PROTOTYPE('dlopen', 'void *dlopen(const char* filename, unsigned int flags)',
define='DLOPEN_TAKES_UNSIGNED_FLAGS', headers='dlfcn.h dl.h')
- conf.CHECK_FUNCS_IN('fdatasync', 'rt', checklibc=True)
+ if conf.CHECK_FUNCS_IN('fdatasync', 'rt', checklibc=True):
+ # some systems are missing the declaration
+ conf.CHECK_DECLS('fdatasync')
+
conf.CHECK_FUNCS_IN('clock_gettime', 'rt', checklibc=True)
# these headers need to be tested as a group on freebsd
diff --git a/libcli/smbreadline/wscript_configure b/libcli/smbreadline/wscript_configure
index cec6526..b4d1be2 100644
--- a/libcli/smbreadline/wscript_configure
+++ b/libcli/smbreadline/wscript_configure
@@ -48,5 +48,5 @@ msg='Checking for CPPFunction')
if conf.CHECK_FUNCS_IN('rl_completion_matches', 'readline'):
conf.DEFINE('HAVE_NEW_LIBREADLINE', 1)
-if conf.CHECK_FUNCS_IN('rl_event_hook', 'readline'):
+if conf.CHECK_FUNCS_IN('history_list', 'readline'):
conf.DEFINE('HAVE_HISTORY_LIST', 1)
diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c
index a51785e..5c6090f 100644
--- a/source4/dsdb/samdb/ldb_modules/rootdse.c
+++ b/source4/dsdb/samdb/ldb_modules/rootdse.c
@@ -535,34 +535,84 @@ static int rootdse_callback(struct ldb_request *req, struct ldb_reply *ares)
}
/*
- mark our registered controls as non-critical in the request
-
- This is needed as clients may mark controls as critical even if they
- are not needed at all in a request. For example, the centrify client
- sets the SD_FLAGS control as critical on ldap modify requests which
- are setting the dNSHostName attribute on the machine account. That
- request doesn't need SD_FLAGS at all, but centrify adds it on all
- ldap requests.
+ filter from controls from clients in several ways
+
+ 1) mark our registered controls as non-critical in the request
+
+ This is needed as clients may mark controls as critical even if
+ they are not needed at all in a request. For example, the centrify
+ client sets the SD_FLAGS control as critical on ldap modify
+ requests which are setting the dNSHostName attribute on the
+ machine account. That request doesn't need SD_FLAGS at all, but
+ centrify adds it on all ldap requests.
+
+ 2) if this request is untrusted then remove any non-registered
+ controls that are non-critical
+
+ This is used on ldap:// connections to prevent remote users from
+ setting an internal control that may be dangerous
+
+ 3) if this request is untrusted then fail any request that includes
+ a critical non-registered control
*/
-static void rootdse_mark_noncritical(struct ldb_module *module, struct ldb_control **controls)
+static int rootdse_filter_controls(struct ldb_module *module, struct ldb_request *req)
{
unsigned int i, j;
struct private_data *priv = talloc_get_type(ldb_module_get_private(module), struct private_data);
+ bool is_untrusted;
- if (!controls) return;
+ if (!req->controls) {
+ return LDB_SUCCESS;
+ }
+
+ is_untrusted = ldb_req_is_untrusted(req);
- for (i=0; controls[i]; i++) {
- if (controls[i]->critical == 0) {
+ for (i=0; req->controls[i]; i++) {
+ bool is_registered = false;
+ bool is_critical = (req->controls[i]->critical != 0);
+
+ if (req->controls[i]->oid == NULL) {
continue;
}
- for (j=0; j<priv->num_controls; j++) {
- if (strcasecmp(priv->controls[j], controls[i]->oid) == 0) {
- controls[i]->critical = 0;
+
+ if (is_untrusted || is_critical) {
+ for (j=0; j<priv->num_controls; j++) {
+ if (strcasecmp(priv->controls[j], req->controls[i]->oid) == 0) {
+ is_registered = true;
+ break;
+ }
}
}
+
+ if (is_untrusted && !is_registered) {
+ if (!is_critical) {
+ /* remove it by marking the oid NULL */
+ req->controls[i]->oid = NULL;
+ req->controls[i]->data = NULL;
+ req->controls[i]->critical = 0;
+ continue;
+ }
+ /* its a critical unregistered control - give
+ an error */
+ ldb_asprintf_errstring(ldb_module_get_ctx(module),
+ "Attempt to use critical non-registered control '%s'",
+ req->controls[i]->oid);
+ return LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION;
+ }
+
+ if (!is_critical) {
+ continue;
+ }
+
+ if (is_registered) {
+ req->controls[i]->critical = 0;
+ }
}
+
+ return LDB_SUCCESS;
}
+
static int rootdse_search(struct ldb_module *module, struct ldb_request *req)
{
struct ldb_context *ldb;
@@ -570,7 +620,10 @@ static int rootdse_search(struct ldb_module *module, struct ldb_request *req)
struct ldb_request *down_req;
int ret;
- rootdse_mark_noncritical(module, req->controls);
+ ret = rootdse_filter_controls(module, req);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
ldb = ldb_module_get_ctx(module);
@@ -1036,8 +1089,12 @@ static int rootdse_schemaupdatenow(struct ldb_module *module, struct ldb_request
static int rootdse_add(struct ldb_module *module, struct ldb_request *req)
{
struct ldb_context *ldb = ldb_module_get_ctx(module);
+ int ret;
- rootdse_mark_noncritical(module, req->controls);
+ ret = rootdse_filter_controls(module, req);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
/*
If dn is not "" we should let it pass through
@@ -1103,8 +1160,12 @@ static int rootdse_become_master(struct ldb_module *module,
static int rootdse_modify(struct ldb_module *module, struct ldb_request *req)
{
struct ldb_context *ldb = ldb_module_get_ctx(module);
+ int ret;
- rootdse_mark_noncritical(module, req->controls);
+ ret = rootdse_filter_controls(module, req);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
/*
If dn is not "" we should let it pass through
@@ -1146,8 +1207,12 @@ static int rootdse_modify(struct ldb_module *module, struct ldb_request *req)
static int rootdse_delete(struct ldb_module *module, struct ldb_request *req)
{
struct ldb_context *ldb = ldb_module_get_ctx(module);
+ int ret;
- rootdse_mark_noncritical(module, req->controls);
+ ret = rootdse_filter_controls(module, req);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
/*
If dn is not "" we should let it pass through
diff --git a/source4/heimdal_build/wscript_build b/source4/heimdal_build/wscript_build
index 1a00bd5..cc5dcdc 100644
--- a/source4/heimdal_build/wscript_build
+++ b/source4/heimdal_build/wscript_build
@@ -2,7 +2,7 @@
import os
from samba_utils import SET_TARGET_TYPE
-from samba_autoconf import CURRENT_CFLAGS
+from samba_autoconf import CURRENT_CFLAGS, CURRENT_LDFLAGS
def to_list(str):
'''Split a list, preserving quoted strings and existing lists'''
@@ -219,7 +219,7 @@ def HEIMDAL_LIBRARY(libname, source, deps, vnum,
features = features,
source = [],
target = bundled_name,
- samba_cflags = CURRENT_CFLAGS(bld, libname, cflags),
+ samba_cflags = CURRENT_LDFLAGS(bld, libname, cflags),
samba_deps = deps,
samba_includes = includes,
vnum = vnum,
@@ -320,7 +320,7 @@ def HEIMDAL_BINARY(binname, source,
features = features,
source = [],
target = binname,
- samba_cflags = CURRENT_CFLAGS(bld, binname, cflags),
+ samba_cflags = CURRENT_LDFLAGS(bld, binname, cflags),
samba_deps = deps,
samba_includes = includes,
local_include = True,
diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index bab5923..671e94a 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -27,6 +27,7 @@
#include "smbd/service_stream.h"
#include "dsdb/samdb/samdb.h"
#include "lib/ldb/include/ldb_errors.h"
+#include "lib/ldb/include/ldb_module.h"
#include "ldb_wrap.h"
#define VALID_DN_SYNTAX(dn) do {\
@@ -319,6 +320,10 @@ static int ldb_add_with_controls(struct ldb_context *ldb,
return ret;
}
+ ldb_req_mark_untrusted(req);
+
+ LDB_REQ_SET_LOCATION(req);
+
ret = ldb_request(ldb, req);
if (ret == LDB_SUCCESS) {
ret = ldb_wait(req->handle, LDB_WAIT_ALL);
@@ -365,6 +370,10 @@ static int ldb_mod_req_with_controls(struct ldb_context *ldb,
return ret;
}
+ ldb_req_mark_untrusted(req);
+
+ LDB_REQ_SET_LOCATION(req);
+
ret = ldb_request(ldb, req);
if (ret == LDB_SUCCESS) {
ret = ldb_wait(req->handle, LDB_WAIT_ALL);
@@ -404,6 +413,10 @@ static int ldb_del_req_with_controls(struct ldb_context *ldb,
return ret;
}
+ ldb_req_mark_untrusted(req);
+
+ LDB_REQ_SET_LOCATION(req);
+
ret = ldb_request(ldb, req);
--
Samba Shared Repository
More information about the samba-cvs
mailing list