[SCM] Samba Shared Repository - branch master updated

Stefan Metzmacher metze at samba.org
Sun Mar 13 22:30:03 UTC 2016 

The branch, master has been updated
       via  6ecfc4c dsdb/repl: Ensure we use the LOCAL attid value, not the remote one
       via  4335371 s4:torture/lsa: improve debug message
       via  bb387c5 s3:winbindd: don't unclude two '
      from  0a9acd4 build: fix disk-free quota support on Solaris 10

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 6ecfc4cb254f9b2524ec5619ed8cee9db5d959b2
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Thu Mar 10 13:43:15 2016 +1300

    dsdb/repl: Ensure we use the LOCAL attid value, not the remote one
    
    The key here is that while this never was an issue for builtin schema,
    nor for objects with an msDS-IntID used outside the schema partition,
    additional attributes added and used in the schema partition were
    incorrectly using the wrong attributeID value in the replPropertyMetaData.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=11783
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Garming Sam <garming at catalyst.net.nz>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>
    
    Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
    Autobuild-Date(master): Sun Mar 13 23:29:14 CET 2016 on sn-devel-144

commit 43353713231d3f0fb588378c69472b0b845b262f
Author: Stefan Metzmacher <metze at samba.org>
Date:   Thu Mar 10 12:16:25 2016 +0100

    s4:torture/lsa: improve debug message
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Günther Deschner <gd at samba.org>

commit bb387c5b90e19b5a2f7d65fb8db816e9da51d090
Author: Stefan Metzmacher <metze at samba.org>
Date:   Thu Mar 10 12:17:43 2016 +0100

    s3:winbindd: don't unclude two '\0' at the end of the domain list
    
    This avoids a scary "trustdom_list_done: Got invalid trustdom response" message.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=11782
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Günther Deschner <gd at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 source3/winbindd/winbindd_misc.c       |  2 +-
 source4/dsdb/repl/replicated_objects.c | 18 ++++++++++++++----
 source4/dsdb/schema/schema_syntax.c    | 12 +++++++++++-
 source4/torture/rpc/lsa.c              |  3 ++-
 4 files changed, 28 insertions(+), 7 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/winbindd/winbindd_misc.c b/source3/winbindd/winbindd_misc.c
index 560f197..fab41a1 100644
--- a/source3/winbindd/winbindd_misc.c
+++ b/source3/winbindd/winbindd_misc.c
@@ -214,7 +214,7 @@ enum winbindd_result winbindd_dual_list_trusted_domains(struct winbindd_domain *
 		extra_data[extra_data_len-1] = '\0';
 
 		state->response->extra_data.data = extra_data;
-		state->response->length += extra_data_len+1;
+		state->response->length += extra_data_len;
 	}
 
 	return WINBINDD_OK;
diff --git a/source4/dsdb/repl/replicated_objects.c b/source4/dsdb/repl/replicated_objects.c
index e9225f5..a112e18 100644
--- a/source4/dsdb/repl/replicated_objects.c
+++ b/source4/dsdb/repl/replicated_objects.c
@@ -455,7 +455,7 @@ WERROR dsdb_convert_object_ex(struct ldb_context *ldb,
 		}
 		if (W_ERROR_EQUAL(status, WERR_TOO_MANY_SECRETS)) {
 			WERROR get_name_status = dsdb_attribute_drsuapi_to_ldb(ldb, schema, pfm_remote,
-									       a, msg->elements, e);
+									       a, msg->elements, e, NULL);
 			if (W_ERROR_IS_OK(get_name_status)) {
 				DEBUG(0, ("Unxpectedly got secret value %s on %s from DRS server\n",
 					  e->name, ldb_dn_get_linearized(msg->dn)));
@@ -467,11 +467,21 @@ WERROR dsdb_convert_object_ex(struct ldb_context *ldb,
 			return status;
 		}
 
+		/*
+		 * This function also fills in the local attid value,
+		 * based on comparing the remote and local prefixMap
+		 * tables.  If we don't convert the value, then we can
+		 * have invalid values in the replPropertyMetaData we
+		 * store on disk, as the prefixMap is per host, not
+		 * per-domain.  This may be why Microsoft added the
+		 * msDS-IntID feature, however this is not used for
+		 * extra attributes in the schema partition itself.
+		 */
 		status = dsdb_attribute_drsuapi_to_ldb(ldb, schema, pfm_remote,
-						       a, msg->elements, e);
+						       a, msg->elements, e,
+						       &m->attid);
 		W_ERROR_NOT_OK_RETURN(status);
 
-		m->attid			= a->attid;
 		m->version			= d->version;
 		m->originating_change_time	= d->originating_change_time;
 		m->originating_invocation_id	= d->originating_invocation_id;
@@ -1038,7 +1048,7 @@ static WERROR dsdb_origin_object_convert(struct ldb_context *ldb,
 		e = &msg->elements[i];
 
 		status = dsdb_attribute_drsuapi_to_ldb(ldb, schema, schema->prefixmap,
-						       a, msg->elements, e);
+						       a, msg->elements, e, NULL);
 		W_ERROR_NOT_OK_RETURN(status);
 	}
 
diff --git a/source4/dsdb/schema/schema_syntax.c b/source4/dsdb/schema/schema_syntax.c
index 94e319c..5b7c8b1 100644
--- a/source4/dsdb/schema/schema_syntax.c
+++ b/source4/dsdb/schema/schema_syntax.c
@@ -2702,7 +2702,8 @@ WERROR dsdb_attribute_drsuapi_to_ldb(struct ldb_context *ldb,
 				     const struct dsdb_schema_prefixmap *pfm_remote,
 				     const struct drsuapi_DsReplicaAttribute *in,
 				     TALLOC_CTX *mem_ctx,
-				     struct ldb_message_element *out)
+				     struct ldb_message_element *out,
+				     enum drsuapi_DsAttributeId *local_attid_as_enum)
 {
 	const struct dsdb_attribute *sa;
 	struct dsdb_syntax_ctx syntax_ctx;
@@ -2738,6 +2739,15 @@ WERROR dsdb_attribute_drsuapi_to_ldb(struct ldb_context *ldb,
 		return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
 	}
 
+	/*
+	 * We return the same class of attid as we were given.  That
+	 * is, we trust the remote server not to use an
+	 * msDS-IntId value in the schema partition
+	 */
+	if (local_attid_as_enum != NULL) {
+		*local_attid_as_enum = (enum drsuapi_DsAttributeId)attid_local;
+	}
+
 	return sa->syntax->drsuapi_to_ldb(&syntax_ctx, sa, in, mem_ctx, out);
 }
 
diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c
index d2180db..432d9ef 100644
--- a/source4/torture/rpc/lsa.c
+++ b/source4/torture/rpc/lsa.c
@@ -3347,7 +3347,8 @@ static bool check_pw_with_krb5(struct torture_context *tctx,
 	torture_assert(tctx, ctx->error.cname == NULL, assertion_message);
 	torture_assert_str_equal(tctx, ctx->error.realm, realm, assertion_message);
 
-	torture_comment(tctx, "password[%s] old_password[%s]\n",
+	torture_comment(tctx, "(%s:%s) password[%s] old_password[%s]\n",
+			__location__, __FUNCTION__,
 			password, old_password);
 	if (old_password != NULL) {
 		k5ret = krb5_get_init_creds_password(ctx->smb_krb5_context->krb5_context,


-- 
Samba Shared Repository

More information about the samba-cvs mailing list