[SCM] Samba Shared Repository - branch master updated
Stefan Metzmacher
metze at samba.org
Thu Jun 13 10:20:03 MDT 2013
The branch, master has been updated
via f1781ad dsdb: remove a wrong comment in dsdb_check_access_on_dn_internal()
via 122214b dsdb: don't allow a missing nTSecurityDescriptor in dsdb_get_sd_from_ldb_message()
via 5959aff dsdb: use AS_SYSTEM | SHOW_RECYCLED for access check searches
via afb2bcc s4:smb_server: call irpc_add_name() at startup (bug #9905)
via 12d9728 s4:rpc_server: call irpc_add_name() at startup (bug #9905)
via a1aeeee s4:ldap_server: call irpc_add_name() at startup (bug #9905)
from 6c8cccc dsdb repl_meta_data: Use dsdb_request_add_controls()
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit f1781adb051bb5a166d619ed9db6bdb252b1acb5
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Jun 13 14:16:43 2013 +0200
dsdb: remove a wrong comment in dsdb_check_access_on_dn_internal()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Thu Jun 13 18:19:24 CEST 2013 on sn-devel-104
commit 122214b16bb2d247c8040728a6b0964531596ea9
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Jun 13 14:13:26 2013 +0200
dsdb: don't allow a missing nTSecurityDescriptor in dsdb_get_sd_from_ldb_message()
Every object has a nTSecurityDescriptor attribute.
This also avoids potential segfaults in the callers.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 5959affa031843d741513000fb382efe54ff147b
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Jun 10 13:31:59 2013 +0200
dsdb: use AS_SYSTEM | SHOW_RECYCLED for access check searches
We need AS_SYSTEM in order to get the nTSecurityDescriptor attribute.
Also the result of this search not controlled by the client
nor is the result exposed to the client.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit afb2bcc08489dbece732fc8f842cbd83862320be
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon May 27 12:10:57 2013 +0200
s4:smb_server: call irpc_add_name() at startup (bug #9905)
We should call irpc_add_name() when we start the smb_server task.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 12d9728131afab7fa093a9cd7ccaff076a74f271
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon May 27 12:10:57 2013 +0200
s4:rpc_server: call irpc_add_name() at startup (bug #9905)
We should call irpc_add_name() when we start the rpc_server task.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit a1aeeee4302a4eaf7e210e8084416cd2a0d14384
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon May 27 12:10:57 2013 +0200
s4:ldap_server: call irpc_add_name() at startup (bug #9905)
We should call irpc_add_name() when we start the ldap_server task.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
source4/dsdb/common/dsdb_access.c | 19 +++++++++++--------
source4/ldap_server/ldap_server.c | 3 +++
source4/rpc_server/service_rpc.c | 1 +
source4/smb_server/service_smb.c | 1 +
4 files changed, 16 insertions(+), 8 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/dsdb/common/dsdb_access.c b/source4/dsdb/common/dsdb_access.c
index 6af5c3a..5c02daa 100644
--- a/source4/dsdb/common/dsdb_access.c
+++ b/source4/dsdb/common/dsdb_access.c
@@ -64,9 +64,9 @@ int dsdb_get_sd_from_ldb_message(struct ldb_context *ldb,
enum ndr_err_code ndr_err;
sd_element = ldb_msg_find_element(acl_res, "nTSecurityDescriptor");
- if (!sd_element) {
- *sd = NULL;
- return LDB_SUCCESS;
+ if (sd_element == NULL) {
+ return ldb_error(ldb, LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS,
+ "nTSecurityDescriptor is missing");
}
*sd = talloc(mem_ctx, struct security_descriptor);
if(!*sd) {
@@ -101,10 +101,7 @@ int dsdb_check_access_on_dn_internal(struct ldb_context *ldb,
if (ret != LDB_SUCCESS) {
return ldb_operr(ldb);
}
- /* Theoretically we pass the check if the object has no sd */
- if (!sd) {
- return LDB_SUCCESS;
- }
+
sid = samdb_result_dom_sid(mem_ctx, acl_res->msgs[0], "objectSid");
if (guid) {
if (!insert_in_object_tree(mem_ctx, guid, access_mask, NULL,
@@ -159,7 +156,13 @@ int dsdb_check_access_on_dn(struct ldb_context *ldb,
}
}
- ret = dsdb_search_dn(ldb, mem_ctx, &acl_res, dn, acl_attrs, DSDB_SEARCH_SHOW_DELETED);
+ /*
+ * We need AS_SYSTEM in order to get the nTSecurityDescriptor attribute.
+ * Also the result of this search not controlled by the client
+ * nor is the result exposed to the client.
+ */
+ ret = dsdb_search_dn(ldb, mem_ctx, &acl_res, dn, acl_attrs,
+ DSDB_FLAG_AS_SYSTEM | DSDB_SEARCH_SHOW_RECYCLED);
if (ret != LDB_SUCCESS) {
DEBUG(10,("access_check: failed to find object %s\n", ldb_dn_get_linearized(dn)));
return ret;
diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c
index a06feb0..0c0beca 100644
--- a/source4/ldap_server/ldap_server.c
+++ b/source4/ldap_server/ldap_server.c
@@ -1024,6 +1024,9 @@ static void ldapsrv_task_init(struct task_server *task)
}
#endif
+
+ /* register the server */
+ irpc_add_name(task->msg_ctx, "ldap_server");
return;
failed:
diff --git a/source4/rpc_server/service_rpc.c b/source4/rpc_server/service_rpc.c
index 299ee48..9ecfd6f 100644
--- a/source4/rpc_server/service_rpc.c
+++ b/source4/rpc_server/service_rpc.c
@@ -76,6 +76,7 @@ static void dcesrv_task_init(struct task_server *task)
if (!NT_STATUS_IS_OK(status)) goto failed;
}
+ irpc_add_name(task->msg_ctx, "rpc_server");
return;
failed:
task_server_terminate(task, "Failed to startup dcerpc server task", true);
diff --git a/source4/smb_server/service_smb.c b/source4/smb_server/service_smb.c
index c910b0f..958792e 100644
--- a/source4/smb_server/service_smb.c
+++ b/source4/smb_server/service_smb.c
@@ -77,6 +77,7 @@ static void smbsrv_task_init(struct task_server *task)
talloc_free(wcard);
}
+ irpc_add_name(task->msg_ctx, "smb_server");
return;
failed:
task_server_terminate(task, "Failed to startup smb server task", true);
--
Samba Shared Repository
More information about the samba-cvs
mailing list