[SCM] Samba Shared Repository - branch master updated

Garming Sam garming at samba.org
Wed May 11 05:18:03 UTC 2016


The branch, master has been updated
       via  15f191a ldb-samba: Add "secret" as a value to hide in LDIF files
       via  ac1ed18 classicupgrade: Avoid needing to quote CN values in an DN, use dn.set_component()
       via  e0acee0 samr4: Remove talloc_asprintf leak onto mem_ctx
       via  37ef959 samr4: Use <SID=%s> in GetAliasMembership
      from  e3fdb0a ctdb-tests: rename tests from stubby.* to ctdb.*

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 15f191a2329d08b92111f71e22f8a28c8a39c193
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Sat Jan 2 20:58:39 2016 +1300

    ldb-samba: Add "secret" as a value to hide in LDIF files
    
    This is not secret or encrypted in LDAP, but is sensitive in secrets.ldb
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Garming Sam <garming at catalyst.net.nz>
    
    Autobuild-User(master): Garming Sam <garming at samba.org>
    Autobuild-Date(master): Wed May 11 07:17:38 CEST 2016 on sn-devel-144

commit ac1ed18f8d396c431d381f511a21d6fd4f008c24
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Thu Sep 24 07:41:22 2015 +1200

    classicupgrade: Avoid needing to quote CN values in an DN, use dn.set_component()
    
    While invalid for samAccountName values, when also used for
    samAccountName we should be dealing with this at the samldb layer, not
    here.
    
    This comes from unvalidated Samba3 data that can contain a , or =
    without a problem in that codebase.
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Garming Sam <garming at catalyst.net.nz>

commit e0acee02233d56392b99607bbd6afae6ff3da71f
Author: Garming Sam <garming at catalyst.net.nz>
Date:   Wed May 11 13:02:03 2016 +1200

    samr4: Remove talloc_asprintf leak onto mem_ctx
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=11751
    
    Signed-off-by: Garming Sam <garming at catalyst.net.nz>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>

commit 37ef959f37dc57302ff5824ff3223617863aad3e
Author: Mantas Mikul─Śnas <grawity at gmail.com>
Date:   Wed Feb 24 19:40:47 2016 +0200

    samr4: Use <SID=%s> in GetAliasMembership
    
    As in commit 841845dea35089a187fd1626c9752d708989ac7b, this avoids
    quoting problems in user DN's.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=11751
    
    Signed-off-by: Mantas Mikul─Śnas <grawity at gmail.com>
    Reviewed-by: Garming Sam <garming at catalyst.net.nz>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 lib/ldb-samba/ldif_handlers.c         |  2 +-
 python/samba/upgrade.py               |  6 ++++--
 source4/rpc_server/samr/dcesrv_samr.c | 19 ++++++-------------
 3 files changed, 11 insertions(+), 16 deletions(-)


Changeset truncated at 500 lines:

diff --git a/lib/ldb-samba/ldif_handlers.c b/lib/ldb-samba/ldif_handlers.c
index d1b5bd7..87c171e 100644
--- a/lib/ldb-samba/ldif_handlers.c
+++ b/lib/ldb-samba/ldif_handlers.c
@@ -1693,7 +1693,7 @@ const struct ldb_schema_syntax *ldb_samba_syntax_by_lDAPDisplayName(struct ldb_c
 	return s;
 }
 
-static const char *secret_attributes[] = {DSDB_SECRET_ATTRIBUTES, NULL};
+static const char *secret_attributes[] = {DSDB_SECRET_ATTRIBUTES, "secret", NULL};
 
 /*
   register the samba ldif handlers
diff --git a/python/samba/upgrade.py b/python/samba/upgrade.py
index 215ccd3..3856323 100644
--- a/python/samba/upgrade.py
+++ b/python/samba/upgrade.py
@@ -272,8 +272,10 @@ def add_group_from_mapping_entry(samdb, groupmap, logger):
                 return
 
         m = ldb.Message()
-        m.dn = ldb.Dn(samdb, "CN=%s,CN=Users,%s" % (groupmap.nt_name, samdb.get_default_basedn()))
-        m['cn'] = ldb.MessageElement(groupmap.nt_name, ldb.FLAG_MOD_ADD, 'cn')
+        # We avoid using the format string to avoid needing to escape the CN values
+        m.dn = ldb.Dn(samdb, "CN=X,CN=Users")
+        m.dn.set_component(0, "CN", groupmap.nt_name)
+        m.dn.add_base(samdb.get_default_basedn())
         m['objectClass'] = ldb.MessageElement('group', ldb.FLAG_MOD_ADD, 'objectClass')
         m['objectSid'] = ldb.MessageElement(ndr_pack(groupmap.sid), ldb.FLAG_MOD_ADD,
             'objectSid')
diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c
index 423fcf0..25255d3 100644
--- a/source4/rpc_server/samr/dcesrv_samr.c
+++ b/source4/rpc_server/samr/dcesrv_samr.c
@@ -1525,11 +1525,12 @@ static NTSTATUS dcesrv_samr_GetAliasMembership(struct dcesrv_call_state *dce_cal
 {
 	struct dcesrv_handle *h;
 	struct samr_domain_state *d_state;
-	const char *filter;
+	char *filter;
 	const char * const attrs[] = { "objectSid", NULL };
 	struct ldb_message **res;
 	uint32_t i;
 	int count = 0;
+	char membersidstr[DOM_SID_STR_BUFLEN];
 
 	DCESRV_PULL_HANDLE(h, r->in.domain_handle, SAMR_HANDLE_DOMAIN);
 
@@ -1545,19 +1546,11 @@ static NTSTATUS dcesrv_samr_GetAliasMembership(struct dcesrv_call_state *dce_cal
 	}
 
 	for (i=0; i<r->in.sids->num_sids; i++) {
-		const char *memberdn;
-
-		memberdn = samdb_search_string(d_state->sam_ctx, mem_ctx, NULL,
-					       "distinguishedName",
-					       "(objectSid=%s)",
-					       ldap_encode_ndr_dom_sid(mem_ctx,
-								       r->in.sids->sids[i].sid));
-		if (memberdn == NULL) {
-			continue;
-		}
+		dom_sid_string_buf(r->in.sids->sids[i].sid,
+				   membersidstr, sizeof(membersidstr));
 
-		filter = talloc_asprintf(mem_ctx, "%s(member=%s)", filter,
-					 memberdn);
+		filter = talloc_asprintf_append(filter, "(member=<SID=%s>)",
+						membersidstr);
 		if (filter == NULL) {
 			return NT_STATUS_NO_MEMORY;
 		}


-- 
Samba Shared Repository



More information about the samba-cvs mailing list