[SCM] Samba Shared Repository - branch v4-7-test updated
Karolin Seeger
kseeger at samba.org
Tue Aug 8 10:50:03 UTC 2017
The branch, v4-7-test has been updated
via ee55090 WHATSNEW: Update doc for Samba AD with MIT Kerberos
via 9461ede dsdb: Do not force a re-index of sam.ldb on upgrade to 4.7
via c13e416 dsdb: Fix dsdb_next_callback to correctly use ldb_module_done() etc
from d77de9a s4-cldap/netlogon: Match Windows 2012R2 and return NETLOGON_NT_VERSION_5 when version unspecified
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test
- Log -----------------------------------------------------------------
commit ee55090a72af7186b6d98d72da38ddb668879580
Author: Andreas Schneider <asn at samba.org>
Date: Mon Aug 7 14:55:34 2017 +0200
WHATSNEW: Update doc for Samba AD with MIT Kerberos
This has been changed, the file is created in the private samba
directory. The path is printed by 'samba-tool' after it has been
created.
Signed-off-by: Andreas Schneider <asn at samba.org>
Autobuild-User(v4-7-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-7-test): Tue Aug 8 12:49:24 CEST 2017 on sn-devel-144
commit 9461ede6adc4c9ec4d6754914b79d1d902127580
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Aug 1 10:26:34 2017 +1200
dsdb: Do not force a re-index of sam.ldb on upgrade to 4.7
This means that no compatibleFeatures or incompatibleFeatures will be honoured
until a re-index, but that can be triggered when these features are set.
New databases will still get this support.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12855
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
(cherry picked from commit 39c6274084e5d72d6fdfae1fb9fede439f6ad60d)
commit c13e41642aa2e6b8aa7d0298d4a517d88281a5fd
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Aug 1 13:18:33 2017 +1200
dsdb: Fix dsdb_next_callback to correctly use ldb_module_done() etc
If we do not call ldb_module_done() then we do not know that up_req->callback()
has been called, and ldb_next_request() will call the callback again.
If called twice, the new ldb_lock_backend_callback() in ldb 1.2.0 will segfault.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12904
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Aug 1 07:52:38 CEST 2017 on sn-devel-144
(cherry picked from commit d5750f016362ce55a1c905509c419756b523dde6)
-----------------------------------------------------------------------
Summary of changes:
WHATSNEW.txt | 5 +----
python/samba/tests/dsdb.py | 23 +++++++++++++++++++++++
source4/dsdb/pydsdb.c | 1 +
source4/dsdb/samdb/ldb_modules/util.c | 25 +++++++++++++++++++++++--
source4/dsdb/samdb/samdb.h | 2 ++
source4/dsdb/schema/schema_set.c | 22 +++++++++++++++++++++-
6 files changed, 71 insertions(+), 7 deletions(-)
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 8302e5f..aa0730b 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -100,10 +100,7 @@ Missing features, compared to Heimdal, are:
The Samba AD process will take care of starting the MIT KDC and it will load a
KDB (Kerberos Database) driver to access the Samba AD database. When
provisioning an AD DC using 'samba-tool' it will take care of creating a correct
-kdc.conf file for the MIT KDC. Note that 'samba-tool' will overwrite the system
-kdc.conf by default. It is possible to use a different location during
-provision. You should consult the 'samba-tool' help and smb.conf manpage for
-details.
+kdc.conf file for the MIT KDC.
Dynamic RPC port range
----------------------
diff --git a/python/samba/tests/dsdb.py b/python/samba/tests/dsdb.py
index ce5f599..a9f569b 100644
--- a/python/samba/tests/dsdb.py
+++ b/python/samba/tests/dsdb.py
@@ -23,6 +23,7 @@ from samba.auth import system_session
from samba.tests import TestCase
from samba.ndr import ndr_unpack, ndr_pack
from samba.dcerpc import drsblobs
+from samba import dsdb
import ldb
import os
import samba
@@ -505,3 +506,25 @@ class DsdbTests(TestCase):
backend_filename)
backend_path = self.lp.private_path(backend_subpath)
self._test_full_db_lock2(backend_path)
+
+ def test_no_error_on_invalid_control(self):
+ try:
+ res = self.samdb.search(expression="cn=Administrator",
+ scope=ldb.SCOPE_SUBTREE,
+ attrs=["replPropertyMetaData"],
+ controls=["local_oid:%s:0"
+ % dsdb.DSDB_CONTROL_INVALID_NOT_IMPLEMENTED])
+ except ldb.LdbError as e:
+ self.fail("Should have not raised an exception")
+
+ def test_error_on_invalid_critical_control(self):
+ try:
+ res = self.samdb.search(expression="cn=Administrator",
+ scope=ldb.SCOPE_SUBTREE,
+ attrs=["replPropertyMetaData"],
+ controls=["local_oid:%s:1"
+ % dsdb.DSDB_CONTROL_INVALID_NOT_IMPLEMENTED])
+ except ldb.LdbError as e:
+ if e[0] != ldb.ERR_UNSUPPORTED_CRITICAL_EXTENSION:
+ self.fail("Got %s should have got ERR_UNSUPPORTED_CRITICAL_EXTENSION"
+ % e[1])
diff --git a/source4/dsdb/pydsdb.c b/source4/dsdb/pydsdb.c
index 47dc9ad..09623a6 100644
--- a/source4/dsdb/pydsdb.c
+++ b/source4/dsdb/pydsdb.c
@@ -1572,6 +1572,7 @@ void initdsdb(void)
ADD_DSDB_STRING(DSDB_CONTROL_PERMIT_INTERDOMAIN_TRUST_UAC_OID);
ADD_DSDB_STRING(DSDB_CONTROL_SKIP_DUPLICATES_CHECK_OID);
ADD_DSDB_STRING(DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID);
+ ADD_DSDB_STRING(DSDB_CONTROL_INVALID_NOT_IMPLEMENTED);
ADD_DSDB_STRING(DS_GUID_COMPUTERS_CONTAINER);
ADD_DSDB_STRING(DS_GUID_DELETED_OBJECTS_CONTAINER);
diff --git a/source4/dsdb/samdb/ldb_modules/util.c b/source4/dsdb/samdb/ldb_modules/util.c
index 36d35b7..9e37c08 100644
--- a/source4/dsdb/samdb/ldb_modules/util.c
+++ b/source4/dsdb/samdb/ldb_modules/util.c
@@ -832,8 +832,29 @@ int dsdb_next_callback(struct ldb_request *req, struct ldb_reply *ares)
{
struct ldb_request *up_req = talloc_get_type(req->context, struct ldb_request);
- talloc_steal(up_req, req);
- return up_req->callback(up_req, ares);
+ if (!ares) {
+ return ldb_module_done(up_req, NULL, NULL,
+ LDB_ERR_OPERATIONS_ERROR);
+ }
+
+ if (ares->error != LDB_SUCCESS || ares->type == LDB_REPLY_DONE) {
+ return ldb_module_done(up_req, ares->controls,
+ ares->response, ares->error);
+ }
+
+ /* Otherwise pass on the callback */
+ switch (ares->type) {
+ case LDB_REPLY_ENTRY:
+ return ldb_module_send_entry(up_req, ares->message,
+ ares->controls);
+
+ case LDB_REPLY_REFERRAL:
+ return ldb_module_send_referral(up_req,
+ ares->referral);
+ default:
+ /* Can't happen */
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
}
/*
diff --git a/source4/dsdb/samdb/samdb.h b/source4/dsdb/samdb/samdb.h
index 5dce37e..c8658dc 100644
--- a/source4/dsdb/samdb/samdb.h
+++ b/source4/dsdb/samdb/samdb.h
@@ -189,6 +189,8 @@ struct dsdb_control_password_user_account_control {
*/
#define DSDB_CONTROL_FORCE_RODC_LOCAL_CHANGE "1.3.6.1.4.1.7165.4.3.31"
+#define DSDB_CONTROL_INVALID_NOT_IMPLEMENTED "1.3.6.1.4.1.7165.4.3.32"
+
#define DSDB_EXTENDED_REPLICATED_OBJECTS_OID "1.3.6.1.4.1.7165.4.4.1"
struct dsdb_extended_replicated_object {
struct ldb_message *msg;
diff --git a/source4/dsdb/schema/schema_set.c b/source4/dsdb/schema/schema_set.c
index df27e19..12a3cab 100644
--- a/source4/dsdb/schema/schema_set.c
+++ b/source4/dsdb/schema/schema_set.c
@@ -214,7 +214,27 @@ int dsdb_schema_set_indices_and_attributes(struct ldb_context *ldb,
if (ret != LDB_SUCCESS) {
goto op_error;
}
- if (mod_msg->num_elements > 0) {
+
+ /*
+ * We don't want to re-index just because we didn't
+ * see this flag
+ *
+ * DO NOT backport this logic earlier than 4.7, it
+ * isn't needed and would be dangerous before 4.6,
+ * where we add logic to samba_dsdb to manage
+ * @SAMBA_FEATURES_SUPPORTED and need to know if the
+ * DB has been re-opened by an earlier version.
+ *
+ */
+
+ if (mod_msg->num_elements == 1
+ && ldb_attr_cmp(mod_msg->elements[0].name,
+ SAMBA_FEATURES_SUPPORTED_FLAG) == 0) {
+ /*
+ * Ignore only adding
+ * @SAMBA_FEATURES_SUPPORTED
+ */
+ } else if (mod_msg->num_elements > 0) {
/*
* Do the replace with the constructed message,
* to avoid needing a lock between this search
--
Samba Shared Repository
More information about the samba-cvs
mailing list