[SCM] Samba Shared Repository - branch master updated

Stefan Metzmacher metze at samba.org
Thu Jun 13 10:20:03 MDT 2013 

The branch, master has been updated
       via  f1781ad dsdb: remove a wrong comment in dsdb_check_access_on_dn_internal()
       via  122214b dsdb: don't allow a missing nTSecurityDescriptor in dsdb_get_sd_from_ldb_message()
       via  5959aff dsdb: use AS_SYSTEM | SHOW_RECYCLED for access check searches
       via  afb2bcc s4:smb_server: call irpc_add_name() at startup (bug #9905)
       via  12d9728 s4:rpc_server: call irpc_add_name() at startup (bug #9905)
       via  a1aeeee s4:ldap_server: call irpc_add_name() at startup (bug #9905)
      from  6c8cccc dsdb repl_meta_data: Use dsdb_request_add_controls()

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit f1781adb051bb5a166d619ed9db6bdb252b1acb5
Author: Stefan Metzmacher <metze at samba.org>
Date:   Thu Jun 13 14:16:43 2013 +0200

    dsdb: remove a wrong comment in dsdb_check_access_on_dn_internal()
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    
    Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
    Autobuild-Date(master): Thu Jun 13 18:19:24 CEST 2013 on sn-devel-104

commit 122214b16bb2d247c8040728a6b0964531596ea9
Author: Stefan Metzmacher <metze at samba.org>
Date:   Thu Jun 13 14:13:26 2013 +0200

    dsdb: don't allow a missing nTSecurityDescriptor in dsdb_get_sd_from_ldb_message()
    
    Every object has a nTSecurityDescriptor attribute.
    
    This also avoids potential segfaults in the callers.
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>

commit 5959affa031843d741513000fb382efe54ff147b
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Jun 10 13:31:59 2013 +0200

    dsdb: use AS_SYSTEM | SHOW_RECYCLED for access check searches
    
    We need AS_SYSTEM in order to get the nTSecurityDescriptor attribute.
    Also the result of this search not controlled by the client
    nor is the result exposed to the client.
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>

commit afb2bcc08489dbece732fc8f842cbd83862320be
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon May 27 12:10:57 2013 +0200

    s4:smb_server: call irpc_add_name() at startup (bug #9905)
    
    We should call irpc_add_name() when we start the smb_server task.
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>

commit 12d9728131afab7fa093a9cd7ccaff076a74f271
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon May 27 12:10:57 2013 +0200

    s4:rpc_server: call irpc_add_name() at startup (bug #9905)
    
    We should call irpc_add_name() when we start the rpc_server task.
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>

commit a1aeeee4302a4eaf7e210e8084416cd2a0d14384
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon May 27 12:10:57 2013 +0200

    s4:ldap_server: call irpc_add_name() at startup (bug #9905)
    
    We should call irpc_add_name() when we start the ldap_server task.
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 source4/dsdb/common/dsdb_access.c |   19 +++++++++++--------
 source4/ldap_server/ldap_server.c |    3 +++
 source4/rpc_server/service_rpc.c  |    1 +
 source4/smb_server/service_smb.c  |    1 +
 4 files changed, 16 insertions(+), 8 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/dsdb/common/dsdb_access.c b/source4/dsdb/common/dsdb_access.c
index 6af5c3a..5c02daa 100644
--- a/source4/dsdb/common/dsdb_access.c
+++ b/source4/dsdb/common/dsdb_access.c
@@ -64,9 +64,9 @@ int dsdb_get_sd_from_ldb_message(struct ldb_context *ldb,
 	enum ndr_err_code ndr_err;
 
 	sd_element = ldb_msg_find_element(acl_res, "nTSecurityDescriptor");
-	if (!sd_element) {
-		*sd = NULL;
-		return LDB_SUCCESS;
+	if (sd_element == NULL) {
+		return ldb_error(ldb, LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS,
+				 "nTSecurityDescriptor is missing");
 	}
 	*sd = talloc(mem_ctx, struct security_descriptor);
 	if(!*sd) {
@@ -101,10 +101,7 @@ int dsdb_check_access_on_dn_internal(struct ldb_context *ldb,
 	if (ret != LDB_SUCCESS) {
 		return ldb_operr(ldb);
 	}
-	/* Theoretically we pass the check if the object has no sd */
-	if (!sd) {
-		return LDB_SUCCESS;
-	}
+
 	sid = samdb_result_dom_sid(mem_ctx, acl_res->msgs[0], "objectSid");
 	if (guid) {
 		if (!insert_in_object_tree(mem_ctx, guid, access_mask, NULL,
@@ -159,7 +156,13 @@ int dsdb_check_access_on_dn(struct ldb_context *ldb,
 		}
 	}
 
-	ret = dsdb_search_dn(ldb, mem_ctx, &acl_res, dn, acl_attrs, DSDB_SEARCH_SHOW_DELETED);
+	/*
+	 * We need AS_SYSTEM in order to get the nTSecurityDescriptor attribute.
+	 * Also the result of this search not controlled by the client
+	 * nor is the result exposed to the client.
+	 */
+	ret = dsdb_search_dn(ldb, mem_ctx, &acl_res, dn, acl_attrs,
+			     DSDB_FLAG_AS_SYSTEM | DSDB_SEARCH_SHOW_RECYCLED);
 	if (ret != LDB_SUCCESS) {
 		DEBUG(10,("access_check: failed to find object %s\n", ldb_dn_get_linearized(dn)));
 		return ret;
diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c
index a06feb0..0c0beca 100644
--- a/source4/ldap_server/ldap_server.c
+++ b/source4/ldap_server/ldap_server.c
@@ -1024,6 +1024,9 @@ static void ldapsrv_task_init(struct task_server *task)
 	}
 
 #endif
+
+	/* register the server */
+	irpc_add_name(task->msg_ctx, "ldap_server");
 	return;
 
 failed:
diff --git a/source4/rpc_server/service_rpc.c b/source4/rpc_server/service_rpc.c
index 299ee48..9ecfd6f 100644
--- a/source4/rpc_server/service_rpc.c
+++ b/source4/rpc_server/service_rpc.c
@@ -76,6 +76,7 @@ static void dcesrv_task_init(struct task_server *task)
 		if (!NT_STATUS_IS_OK(status)) goto failed;
 	}
 
+	irpc_add_name(task->msg_ctx, "rpc_server");
 	return;
 failed:
 	task_server_terminate(task, "Failed to startup dcerpc server task", true);	
diff --git a/source4/smb_server/service_smb.c b/source4/smb_server/service_smb.c
index c910b0f..958792e 100644
--- a/source4/smb_server/service_smb.c
+++ b/source4/smb_server/service_smb.c
@@ -77,6 +77,7 @@ static void smbsrv_task_init(struct task_server *task)
 		talloc_free(wcard);
 	}
 
+	irpc_add_name(task->msg_ctx, "smb_server");
 	return;
 failed:
 	task_server_terminate(task, "Failed to startup smb server task", true);	


-- 
Samba Shared Repository

More information about the samba-cvs mailing list