[SCM] Samba Shared Repository - branch master updated
Garming Sam
garming at samba.org
Wed May 11 05:18:03 UTC 2016
The branch, master has been updated
via 15f191a ldb-samba: Add "secret" as a value to hide in LDIF files
via ac1ed18 classicupgrade: Avoid needing to quote CN values in an DN, use dn.set_component()
via e0acee0 samr4: Remove talloc_asprintf leak onto mem_ctx
via 37ef959 samr4: Use <SID=%s> in GetAliasMembership
from e3fdb0a ctdb-tests: rename tests from stubby.* to ctdb.*
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 15f191a2329d08b92111f71e22f8a28c8a39c193
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sat Jan 2 20:58:39 2016 +1300
ldb-samba: Add "secret" as a value to hide in LDIF files
This is not secret or encrypted in LDAP, but is sensitive in secrets.ldb
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Autobuild-User(master): Garming Sam <garming at samba.org>
Autobuild-Date(master): Wed May 11 07:17:38 CEST 2016 on sn-devel-144
commit ac1ed18f8d396c431d381f511a21d6fd4f008c24
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Sep 24 07:41:22 2015 +1200
classicupgrade: Avoid needing to quote CN values in an DN, use dn.set_component()
While invalid for samAccountName values, when also used for
samAccountName we should be dealing with this at the samldb layer, not
here.
This comes from unvalidated Samba3 data that can contain a , or =
without a problem in that codebase.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
commit e0acee02233d56392b99607bbd6afae6ff3da71f
Author: Garming Sam <garming at catalyst.net.nz>
Date: Wed May 11 13:02:03 2016 +1200
samr4: Remove talloc_asprintf leak onto mem_ctx
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11751
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 37ef959f37dc57302ff5824ff3223617863aad3e
Author: Mantas Mikulėnas <grawity at gmail.com>
Date: Wed Feb 24 19:40:47 2016 +0200
samr4: Use <SID=%s> in GetAliasMembership
As in commit 841845dea35089a187fd1626c9752d708989ac7b, this avoids
quoting problems in user DN's.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11751
Signed-off-by: Mantas Mikulėnas <grawity at gmail.com>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
lib/ldb-samba/ldif_handlers.c | 2 +-
python/samba/upgrade.py | 6 ++++--
source4/rpc_server/samr/dcesrv_samr.c | 19 ++++++-------------
3 files changed, 11 insertions(+), 16 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/ldb-samba/ldif_handlers.c b/lib/ldb-samba/ldif_handlers.c
index d1b5bd7..87c171e 100644
--- a/lib/ldb-samba/ldif_handlers.c
+++ b/lib/ldb-samba/ldif_handlers.c
@@ -1693,7 +1693,7 @@ const struct ldb_schema_syntax *ldb_samba_syntax_by_lDAPDisplayName(struct ldb_c
return s;
}
-static const char *secret_attributes[] = {DSDB_SECRET_ATTRIBUTES, NULL};
+static const char *secret_attributes[] = {DSDB_SECRET_ATTRIBUTES, "secret", NULL};
/*
register the samba ldif handlers
diff --git a/python/samba/upgrade.py b/python/samba/upgrade.py
index 215ccd3..3856323 100644
--- a/python/samba/upgrade.py
+++ b/python/samba/upgrade.py
@@ -272,8 +272,10 @@ def add_group_from_mapping_entry(samdb, groupmap, logger):
return
m = ldb.Message()
- m.dn = ldb.Dn(samdb, "CN=%s,CN=Users,%s" % (groupmap.nt_name, samdb.get_default_basedn()))
- m['cn'] = ldb.MessageElement(groupmap.nt_name, ldb.FLAG_MOD_ADD, 'cn')
+ # We avoid using the format string to avoid needing to escape the CN values
+ m.dn = ldb.Dn(samdb, "CN=X,CN=Users")
+ m.dn.set_component(0, "CN", groupmap.nt_name)
+ m.dn.add_base(samdb.get_default_basedn())
m['objectClass'] = ldb.MessageElement('group', ldb.FLAG_MOD_ADD, 'objectClass')
m['objectSid'] = ldb.MessageElement(ndr_pack(groupmap.sid), ldb.FLAG_MOD_ADD,
'objectSid')
diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c
index 423fcf0..25255d3 100644
--- a/source4/rpc_server/samr/dcesrv_samr.c
+++ b/source4/rpc_server/samr/dcesrv_samr.c
@@ -1525,11 +1525,12 @@ static NTSTATUS dcesrv_samr_GetAliasMembership(struct dcesrv_call_state *dce_cal
{
struct dcesrv_handle *h;
struct samr_domain_state *d_state;
- const char *filter;
+ char *filter;
const char * const attrs[] = { "objectSid", NULL };
struct ldb_message **res;
uint32_t i;
int count = 0;
+ char membersidstr[DOM_SID_STR_BUFLEN];
DCESRV_PULL_HANDLE(h, r->in.domain_handle, SAMR_HANDLE_DOMAIN);
@@ -1545,19 +1546,11 @@ static NTSTATUS dcesrv_samr_GetAliasMembership(struct dcesrv_call_state *dce_cal
}
for (i=0; i<r->in.sids->num_sids; i++) {
- const char *memberdn;
-
- memberdn = samdb_search_string(d_state->sam_ctx, mem_ctx, NULL,
- "distinguishedName",
- "(objectSid=%s)",
- ldap_encode_ndr_dom_sid(mem_ctx,
- r->in.sids->sids[i].sid));
- if (memberdn == NULL) {
- continue;
- }
+ dom_sid_string_buf(r->in.sids->sids[i].sid,
+ membersidstr, sizeof(membersidstr));
- filter = talloc_asprintf(mem_ctx, "%s(member=%s)", filter,
- memberdn);
+ filter = talloc_asprintf_append(filter, "(member=<SID=%s>)",
+ membersidstr);
if (filter == NULL) {
return NT_STATUS_NO_MEMORY;
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list