[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Thu Sep 7 08:44:02 UTC 2017
The branch, master has been updated
via c938f61 python: Allow debug classes to be specified on the command line for python tools
via cbb3dcf librpc/dceprc_util.c: Move debug message to DBG_DEBUG()
via 544084d libcli/security: Move debug message to DBG_DEBUG()
via 8d8d31e dsdb: Add missing
to debug
via dc48fa9 drs repl: Only print raw DRS replication traffic at level 9
via 51289a6 debug: Add new debug class "drs_repl" for DRS replication processing
via 4a5c2bf Use the rpc_parse debug class for PIDL genrated code
via e3988f8 repl_meta_data: Re-work printing of replicated entries
via 7cfaf70 linked_attributes: Use ldb_ldif_message_redacted_string() for consistency
via cc78de5 repl_meta_data: Use ldb_ldif_message_redacted_string() to avoid printing secrets in logs
via ba54816 ldb: version 1.2.2
via 37bb629 ldb: Add new ldb_ldif_message_redacted_string() with tests
via 01c49b1 ldb_tdb: Refuse to re-index very old database with no DN in the record
via 5463601 ldb_tdb: Use braces in ltdb_dn_list_find_val()
via 6246c32 ldb_tdb: Check for talloc_strdup() failure in ltdb_index_add1()
via ffc8023 ldb_tdb: Check for errors during tdb operations in ltdb_reindex()
via 3ce80cf ldb_tdb: Use memcmp rather than strncmp() in ltdb_key_is_record(), re_key() and re_index()
via fec666b ldb_tdb: Create a common ltdb_key_is_record() allowing multiple key forms
via 2d0007e ldb_tdb: Do not trigger the unique index check during a re-index, use another pass
via da1e234 ldb_tdb: Use memcmp() to compare TDB keys in re_index()
via 070f24b selftest: Avoid a build started just before midnight failing
from 1e4c32e cli_credentials: Fix a typo
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit c938f61d332de0323cb135b201367f90f08d76a8
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Sep 7 11:26:04 2017 +1200
python: Allow debug classes to be specified on the command line for python tools
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Sep 7 10:43:33 CEST 2017 on sn-devel-144
commit cbb3dcf2c67dd6ddbb419fff04112e3c345c2108
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Sep 7 11:20:27 2017 +1200
librpc/dceprc_util.c: Move debug message to DBG_DEBUG()
This message shows up a lot (every packet) at level 6 for the succesful case
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 544084d4a2e19958982e6003b1b1290315099b34
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Sep 7 11:19:01 2017 +1200
libcli/security: Move debug message to DBG_DEBUG()
This message shows up a lot at level 6 for no particularly good reason
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 8d8d31eb2bce6fa25485c4e989e6df372fb0e66e
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Sep 7 11:13:17 2017 +1200
dsdb: Add missing \n to debug
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit dc48fa982251292a0d46d701c6e912620caf7c72
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Sep 6 16:40:05 2017 +1200
drs repl: Only print raw DRS replication traffic at level 9
This can be sensitive even with the passwords still encrypted.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13017
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 51289a6f9bf25189386dd3f66b5b547f02348508
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Sep 6 16:37:34 2017 +1200
debug: Add new debug class "drs_repl" for DRS replication processing
This is used in the client and in the server
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 4a5c2bfec1e4f3aefa4b89cf9f1e16106116b2fd
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Sep 6 16:27:07 2017 +1200
Use the rpc_parse debug class for PIDL genrated code
This means that the default print binding string qualifier will now go via this debug class
as will explicit calls to ndr_print_debug() and ndr_print_union_debug().
Calls to ndr_print_debugc() are not changed.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit e3988f8f74f4a11e8f26a548e0a33d20f4e863f7
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Sep 6 16:24:35 2017 +1200
repl_meta_data: Re-work printing of replicated entries
This re-work of our LDIF printing avoids some of the privacy issue from
printing the full LDIF at level 4, while showing the entry that actually fails.
Instead, we print the DN only at level 4, then the full message at 8.
While all of the DRS replication data is potentially sensitive
the passwords are most sensitive, and are now not printed unencrypted.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 7cfaf706942308c3682d9a37ac778cfbbdf49919
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Sep 6 15:56:59 2017 +1200
linked_attributes: Use ldb_ldif_message_redacted_string() for consistency
This avoids printing un-encrypted secret values in logs, and while links are not likely
secret, this avoids a future copy and paste using ldb_ldif_message_string() again.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit cc78de55810ac20858066a25159ad390e7644f07
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Sep 6 15:38:14 2017 +1200
repl_meta_data: Use ldb_ldif_message_redacted_string() to avoid printing secrets in logs
This avoids printing un-encrypted secret values in logs
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit ba54816875d43be66000977c6dd068e3165d7a46
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Sep 6 14:26:25 2017 +1200
ldb: version 1.2.2
* Bug #13017: Add ldb_ldif_message_redacted_string() to allow debug
of redacted log messages, avoiding showing secret values
* Bug #13015: Allow re-index of newer databases with binary GUID TDB keys
(this officially removes support for re-index of the original
pack format 0, rather than simply segfaulting).
* Avoid memory allocation and so make modify of records in ldb_tdb faster
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 37bb62990b96b266ba4a3e90cadd414e6fee5ddf
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Sep 5 14:05:43 2017 +1200
ldb: Add new ldb_ldif_message_redacted_string() with tests
This is designed to be a drop in replacement for
ldb_ldif_message_string() while better protecting privacy.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13017
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 01c49b1a3561decdb10b5273d96d68d8e3d2b178
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Aug 10 17:08:54 2017 +1200
ldb_tdb: Refuse to re-index very old database with no DN in the record
These are not found on any AD DC, and would segfault previous LDB
versions.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13015
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 54636011223ff350e172d52de302bcfcc5a0114a
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Aug 10 16:09:31 2017 +1200
ldb_tdb: Use braces in ltdb_dn_list_find_val()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13015
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 6246c326a747382c728288ce7d3a8faa0b741ede
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Aug 10 14:44:27 2017 +1200
ldb_tdb: Check for talloc_strdup() failure in ltdb_index_add1()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13015
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit ffc8023a0e66cf9693665565b1692ea7c882d437
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Aug 23 15:38:01 2017 +1200
ldb_tdb: Check for errors during tdb operations in ltdb_reindex()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13015
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 3ce80cfb60d86a80efb6b66205f6d8d683791f6c
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Sep 7 16:23:43 2017 +1200
ldb_tdb: Use memcmp rather than strncmp() in ltdb_key_is_record(), re_key() and re_index()
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit fec666b334ad90408843d8fbfd4c2f62434831e2
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Sep 1 14:35:08 2017 +1200
ldb_tdb: Create a common ltdb_key_is_record() allowing multiple key forms
If backported, this allows old ldb versions to full-search and re-index newer databases
and in current code allows the transition to and from a GUID or incrementing ID based index
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13016
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 2d0007ee5a658d199029f7e81200e206ba0d89e0
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Aug 18 17:01:07 2017 +1200
ldb_tdb: Do not trigger the unique index check during a re-index, use another pass
We want to rename the objects, then scan looking for the index values.
This avoids a DB modify during the index scan traverse (the index values
are actually added to an in-memory TDB, written in prepare_commit()).
This allows us to remove the "this might already exist" case in the
index handling, we now know that the entry did not exist in the index
before we add it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13015
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit da1e23418a1d0e6b77dcf24bf6cbbc18b0fe020b
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Aug 15 14:25:59 2017 +1200
ldb_tdb: Use memcmp() to compare TDB keys in re_index()
The keys may not always be a null terminated string, they could well
be a binary GUID in a future revision, for efficiency..
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13016
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 070f24bc9d2201a5bfef64988dd7b2afcaec6040
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sat Sep 2 14:07:11 2017 +1200
selftest: Avoid a build started just before midnight failing
By allowing 41 or 42 days, we still test the expiry but are less sensitive to the
current time.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
-----------------------------------------------------------------------
Summary of changes:
lib/ldb/ABI/{ldb-1.2.1.sigs => ldb-1.2.2.sigs} | 1 +
...yldb-util-1.1.10.sigs => pyldb-util-1.2.2.sigs} | 0
...-util-1.1.10.sigs => pyldb-util.py3-1.2.2.sigs} | 0
lib/ldb/common/ldb_ldif.c | 21 +++
lib/ldb/include/ldb.h | 40 ++++-
lib/ldb/ldb_tdb/ldb_index.c | 193 +++++++++++++++++----
lib/ldb/ldb_tdb/ldb_search.c | 3 +-
lib/ldb/ldb_tdb/ldb_tdb.c | 29 ++++
lib/ldb/ldb_tdb/ldb_tdb.h | 5 +
lib/ldb/tests/ldb_mod_op_test.c | 91 ++++++++++
lib/ldb/wscript | 2 +-
lib/util/debug.c | 1 +
lib/util/debug.h | 1 +
libcli/security/create_descriptor.c | 2 +-
librpc/ndr/ndr.c | 3 +
librpc/rpc/dcerpc_util.c | 4 +-
python/samba/drs_utils.py | 2 +-
python/samba/getopt.py | 6 +-
python/samba/join.py | 4 +-
python/samba/netcmd/rodc.py | 6 +-
python/samba/tests/pam_winbind_warn_pwd_expire.py | 5 +-
source4/dsdb/common/util.c | 2 +-
source4/dsdb/repl/drepl_extended.c | 3 +
source4/dsdb/repl/drepl_fsmo.c | 3 +
source4/dsdb/repl/drepl_notify.c | 3 +
source4/dsdb/repl/drepl_out_helpers.c | 3 +
source4/dsdb/repl/drepl_out_pull.c | 3 +
source4/dsdb/repl/drepl_partitions.c | 3 +
source4/dsdb/repl/drepl_periodic.c | 3 +
source4/dsdb/repl/drepl_replica.c | 3 +
source4/dsdb/repl/drepl_ridalloc.c | 3 +
source4/dsdb/repl/drepl_secret.c | 3 +
source4/dsdb/repl/drepl_service.c | 3 +
source4/dsdb/repl/replicated_objects.c | 3 +
source4/dsdb/samdb/ldb_modules/linked_attributes.c | 8 +-
source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 60 +++++--
source4/libnet/libnet_vampire.c | 3 +
source4/rpc_server/drsuapi/addentry.c | 3 +
source4/rpc_server/drsuapi/dcesrv_drsuapi.c | 3 +
source4/rpc_server/drsuapi/drsutil.c | 3 +
source4/rpc_server/drsuapi/getncchanges.c | 3 +
source4/rpc_server/drsuapi/updaterefs.c | 3 +
source4/rpc_server/drsuapi/writespn.c | 3 +
43 files changed, 472 insertions(+), 74 deletions(-)
copy lib/ldb/ABI/{ldb-1.2.1.sigs => ldb-1.2.2.sigs} (99%)
copy lib/ldb/ABI/{pyldb-util-1.1.10.sigs => pyldb-util-1.2.2.sigs} (100%)
copy lib/ldb/ABI/{pyldb-util-1.1.10.sigs => pyldb-util.py3-1.2.2.sigs} (100%)
Changeset truncated at 500 lines:
diff --git a/lib/ldb/ABI/ldb-1.2.1.sigs b/lib/ldb/ABI/ldb-1.2.2.sigs
similarity index 99%
copy from lib/ldb/ABI/ldb-1.2.1.sigs
copy to lib/ldb/ABI/ldb-1.2.2.sigs
index 1be2ae7..9dc61cd 100644
--- a/lib/ldb/ABI/ldb-1.2.1.sigs
+++ b/lib/ldb/ABI/ldb-1.2.2.sigs
@@ -100,6 +100,7 @@ ldb_handle_use_global_event_context: void (struct ldb_handle *)
ldb_handler_copy: int (struct ldb_context *, void *, const struct ldb_val *, struct ldb_val *)
ldb_handler_fold: int (struct ldb_context *, void *, const struct ldb_val *, struct ldb_val *)
ldb_init: struct ldb_context *(TALLOC_CTX *, struct tevent_context *)
+ldb_ldif_message_redacted_string: char *(struct ldb_context *, TALLOC_CTX *, enum ldb_changetype, const struct ldb_message *)
ldb_ldif_message_string: char *(struct ldb_context *, TALLOC_CTX *, enum ldb_changetype, const struct ldb_message *)
ldb_ldif_parse_modrdn: int (struct ldb_context *, const struct ldb_ldif *, TALLOC_CTX *, struct ldb_dn **, struct ldb_dn **, bool *, struct ldb_dn **, struct ldb_dn **)
ldb_ldif_read: struct ldb_ldif *(struct ldb_context *, int (*)(void *), void *)
diff --git a/lib/ldb/ABI/pyldb-util-1.1.10.sigs b/lib/ldb/ABI/pyldb-util-1.2.2.sigs
similarity index 100%
copy from lib/ldb/ABI/pyldb-util-1.1.10.sigs
copy to lib/ldb/ABI/pyldb-util-1.2.2.sigs
diff --git a/lib/ldb/ABI/pyldb-util-1.1.10.sigs b/lib/ldb/ABI/pyldb-util.py3-1.2.2.sigs
similarity index 100%
copy from lib/ldb/ABI/pyldb-util-1.1.10.sigs
copy to lib/ldb/ABI/pyldb-util.py3-1.2.2.sigs
diff --git a/lib/ldb/common/ldb_ldif.c b/lib/ldb/common/ldb_ldif.c
index 0aeda94b..b90d27e 100644
--- a/lib/ldb/common/ldb_ldif.c
+++ b/lib/ldb/common/ldb_ldif.c
@@ -1080,3 +1080,24 @@ char *ldb_ldif_message_string(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
return ldb_ldif_write_string(ldb, mem_ctx, &ldif);
}
+
+/*
+ * convenient function to turn a ldb_message into a string. Useful for
+ * debugging but also safer if some of the LDIF could be sensitive.
+ *
+ * The secret attributes are specified in a 'const char * const *' within
+ * the LDB_SECRET_ATTRIBUTE_LIST opaque set on the ldb
+ *
+ */
+char *ldb_ldif_message_redacted_string(struct ldb_context *ldb,
+ TALLOC_CTX *mem_ctx,
+ enum ldb_changetype changetype,
+ const struct ldb_message *msg)
+{
+ struct ldb_ldif ldif;
+
+ ldif.changetype = changetype;
+ ldif.msg = discard_const_p(struct ldb_message, msg);
+
+ return ldb_ldif_write_redacted_trace_string(ldb, mem_ctx, &ldif);
+}
diff --git a/lib/ldb/include/ldb.h b/lib/ldb/include/ldb.h
index 14cec0e..9918b4e 100644
--- a/lib/ldb/include/ldb.h
+++ b/lib/ldb/include/ldb.h
@@ -1724,16 +1724,46 @@ char * ldb_ldif_write_string(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
const struct ldb_ldif *msg);
-/*
- Produce a string form of an ldb message
+/**
+ Write an LDB message to a string
- convenient function to turn a ldb_message into a string. Useful for
- debugging
- */
+ \param ldb the ldb context (from ldb_init())
+ \param mem_ctx the talloc context on which to attach the string)
+ \param changetype LDB_CHANGETYPE_ADD or LDB_CHANGETYPE_MODIFY
+ \param msg the message to write out
+
+ \return the string containing the LDIF, or NULL on error
+
+ \sa ldb_ldif_message_redacted_string for a safer version of this
+ function
+*/
char *ldb_ldif_message_string(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
enum ldb_changetype changetype,
const struct ldb_message *msg);
+/**
+ Write an LDB message to a string
+
+ \param ldb the ldb context (from ldb_init())
+ \param mem_ctx the talloc context on which to attach the string)
+ \param changetype LDB_CHANGETYPE_ADD or LDB_CHANGETYPE_MODIFY
+ \param msg the message to write out
+
+ \return the string containing the LDIF, or NULL on error, but
+ with secret attributes redacted
+
+ \note The secret attributes are specified in a
+ 'const char * const *' within the LDB_SECRET_ATTRIBUTE_LIST
+ opaque set on the ldb
+
+ \sa ldb_ldif_message_string for an exact representiation of the
+ message as LDIF
+*/
+char *ldb_ldif_message_redacted_string(struct ldb_context *ldb,
+ TALLOC_CTX *mem_ctx,
+ enum ldb_changetype changetype,
+ const struct ldb_message *msg);
+
/**
Base64 encode a buffer
diff --git a/lib/ldb/ldb_tdb/ldb_index.c b/lib/ldb/ldb_tdb/ldb_index.c
index 232bb4c..3510dd9 100644
--- a/lib/ldb/ldb_tdb/ldb_index.c
+++ b/lib/ldb/ldb_tdb/ldb_index.c
@@ -83,7 +83,9 @@ static int ltdb_dn_list_find_val(const struct dn_list *list, const struct ldb_va
{
unsigned int i;
for (i=0; i<list->count; i++) {
- if (dn_list_cmp(&list->dn[i], v) == 0) return i;
+ if (dn_list_cmp(&list->dn[i], v) == 0) {
+ return i;
+ }
}
return -1;
}
@@ -1147,8 +1149,7 @@ int ltdb_search_indexed(struct ltdb_context *ac, uint32_t *match_count)
* @return An ldb error code
*/
static int ltdb_index_add1(struct ldb_module *module, const char *dn,
- struct ldb_message_element *el, int v_idx,
- bool is_new)
+ struct ldb_message_element *el, int v_idx)
{
struct ldb_context *ldb;
struct ldb_dn *dn_key;
@@ -1198,16 +1199,6 @@ static int ltdb_index_add1(struct ldb_module *module, const char *dn,
return LDB_ERR_ENTRY_ALREADY_EXISTS;
}
- /* If we are doing an ADD, then this can not already be in the index,
- as it was not already in the database, and this has already been
- checked because the store succeeded */
- if (! is_new) {
- if (ltdb_dn_list_find_str(list, dn) != -1) {
- talloc_free(list);
- return LDB_SUCCESS;
- }
- }
-
/* overallocate the list a bit, to reduce the number of
* realloc trigered copies */
alloc_len = ((list->count+1)+7) & ~7;
@@ -1216,7 +1207,13 @@ static int ltdb_index_add1(struct ldb_module *module, const char *dn,
talloc_free(list);
return LDB_ERR_OPERATIONS_ERROR;
}
- list->dn[list->count].data = (uint8_t *)talloc_strdup(list->dn, dn);
+
+ list->dn[list->count].data
+ = (uint8_t *)talloc_strdup(list->dn, dn);
+ if (list->dn[list->count].data == NULL) {
+ talloc_free(list);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
list->dn[list->count].length = strlen(dn);
list->count++;
@@ -1231,11 +1228,11 @@ static int ltdb_index_add1(struct ldb_module *module, const char *dn,
add index entries for one elements in a message
*/
static int ltdb_index_add_el(struct ldb_module *module, const char *dn,
- struct ldb_message_element *el, bool is_new)
+ struct ldb_message_element *el)
{
unsigned int i;
for (i = 0; i < el->num_values; i++) {
- int ret = ltdb_index_add1(module, dn, el, i, is_new);
+ int ret = ltdb_index_add1(module, dn, el, i);
if (ret != LDB_SUCCESS) {
return ret;
}
@@ -1249,8 +1246,7 @@ static int ltdb_index_add_el(struct ldb_module *module, const char *dn,
*/
static int ltdb_index_add_all(struct ldb_module *module, const char *dn,
struct ldb_message_element *elements,
- unsigned int num_el,
- bool is_new)
+ unsigned int num_el)
{
struct ltdb_private *ltdb = talloc_get_type(ldb_module_get_private(module), struct ltdb_private);
unsigned int i;
@@ -1269,7 +1265,7 @@ static int ltdb_index_add_all(struct ldb_module *module, const char *dn,
if (!ltdb_is_indexed(module, ltdb, elements[i].name)) {
continue;
}
- ret = ltdb_index_add_el(module, dn, &elements[i], is_new);
+ ret = ltdb_index_add_el(module, dn, &elements[i]);
if (ret != LDB_SUCCESS) {
struct ldb_context *ldb = ldb_module_get_ctx(module);
ldb_asprintf_errstring(ldb,
@@ -1286,9 +1282,11 @@ static int ltdb_index_add_all(struct ldb_module *module, const char *dn,
/*
insert a one level index for a message
*/
-static int ltdb_index_onelevel(struct ldb_module *module, const struct ldb_message *msg, int add)
-{
- struct ltdb_private *ltdb = talloc_get_type(ldb_module_get_private(module), struct ltdb_private);
+static int ltdb_index_onelevel(struct ldb_module *module,
+ const struct ldb_message *msg, int add)
+{
+ struct ltdb_private *ltdb = talloc_get_type(ldb_module_get_private(module),
+ struct ltdb_private);
struct ldb_message_element el;
struct ldb_val val;
struct ldb_dn *pdn;
@@ -1323,7 +1321,7 @@ static int ltdb_index_onelevel(struct ldb_module *module, const struct ldb_messa
el.num_values = 1;
if (add) {
- ret = ltdb_index_add1(module, dn, &el, 0, add);
+ ret = ltdb_index_add1(module, dn, &el, 0);
} else { /* delete */
ret = ltdb_index_del_value(module, msg->dn, &el, 0);
}
@@ -1347,7 +1345,7 @@ int ltdb_index_add_element(struct ldb_module *module, struct ldb_dn *dn,
if (!ltdb_is_indexed(module, ltdb, el->name)) {
return LDB_SUCCESS;
}
- return ltdb_index_add_el(module, ldb_dn_get_linearized(dn), el, true);
+ return ltdb_index_add_el(module, ldb_dn_get_linearized(dn), el);
}
/*
@@ -1367,8 +1365,7 @@ int ltdb_index_add_new(struct ldb_module *module, const struct ldb_message *msg)
return LDB_ERR_OPERATIONS_ERROR;
}
- ret = ltdb_index_add_all(module, dn, msg->elements, msg->num_elements,
- true);
+ ret = ltdb_index_add_all(module, dn, msg->elements, msg->num_elements);
if (ret != LDB_SUCCESS) {
return ret;
}
@@ -1571,7 +1568,7 @@ struct ltdb_reindex_context {
/*
traversal function that adds @INDEX records during a re index
*/
-static int re_index(struct tdb_context *tdb, TDB_DATA key, TDB_DATA data, void *state)
+static int re_key(struct tdb_context *tdb, TDB_DATA key, TDB_DATA data, void *state)
{
struct ldb_context *ldb;
struct ltdb_reindex_context *ctx = (struct ltdb_reindex_context *)state;
@@ -1582,17 +1579,22 @@ static int re_index(struct tdb_context *tdb, TDB_DATA key, TDB_DATA data, void *
.data = data.dptr,
.length = data.dsize,
};
- const char *dn = NULL;
int ret;
TDB_DATA key2;
-
+ bool is_record;
+
ldb = ldb_module_get_ctx(module);
- if (strncmp((char *)key.dptr, "DN=@", 4) == 0 ||
- strncmp((char *)key.dptr, "DN=", 3) != 0) {
+ if (key.dsize > 4 &&
+ memcmp(key.dptr, "DN=@", 4) == 0) {
return 0;
}
+ is_record = ltdb_key_is_record(key);
+ if (is_record == false) {
+ return 0;
+ }
+
msg = ldb_msg_new(module);
if (msg == NULL) {
return -1;
@@ -1606,10 +1608,21 @@ static int re_index(struct tdb_context *tdb, TDB_DATA key, TDB_DATA data, void *
if (ret != 0) {
ldb_debug(ldb, LDB_DEBUG_ERROR, "Invalid data for index %s\n",
ldb_dn_get_linearized(msg->dn));
+ ctx->error = ret;
talloc_free(msg);
return -1;
}
+ if (msg->dn == NULL) {
+ ldb_debug(ldb, LDB_DEBUG_ERROR,
+ "Refusing to re-index as GUID "
+ "key %*.*s with no DN\n",
+ (int)key.dsize, (int)key.dsize,
+ (char *)key.dptr);
+ talloc_free(msg);
+ return -1;
+ }
+
/* check if the DN key has changed, perhaps due to the
case insensitivity of an element changing */
key2 = ltdb_key(module, msg->dn);
@@ -1620,14 +1633,98 @@ static int re_index(struct tdb_context *tdb, TDB_DATA key, TDB_DATA data, void *
talloc_free(msg);
return 0;
}
- if (strcmp((char *)key2.dptr, (char *)key.dptr) != 0) {
- tdb_delete(tdb, key);
- tdb_store(tdb, key2, data, 0);
+ if (key.dsize != key2.dsize ||
+ (memcmp(key.dptr, key2.dptr, key.dsize) != 0)) {
+ int tdb_ret;
+ tdb_ret = tdb_delete(tdb, key);
+ if (tdb_ret != 0) {
+ ldb_debug(ldb, LDB_DEBUG_ERROR,
+ "Failed to delete %*.*s "
+ "for rekey as %*.*s: %s",
+ (int)key.dsize, (int)key.dsize,
+ (const char *)key.dptr,
+ (int)key2.dsize, (int)key2.dsize,
+ (const char *)key.dptr,
+ tdb_errorstr(tdb));
+ ctx->error = ltdb_err_map(tdb_error(tdb));
+ return -1;
+ }
+ tdb_ret = tdb_store(tdb, key2, data, 0);
+ if (tdb_ret != 0) {
+ ldb_debug(ldb, LDB_DEBUG_ERROR,
+ "Failed to rekey %*.*s as %*.*s: %s",
+ (int)key.dsize, (int)key.dsize,
+ (const char *)key.dptr,
+ (int)key2.dsize, (int)key2.dsize,
+ (const char *)key.dptr,
+ tdb_errorstr(tdb));
+ ctx->error = ltdb_err_map(tdb_error(tdb));
+ return -1;
+ }
}
talloc_free(key2.dptr);
+ talloc_free(msg);
+
+ return 0;
+}
+
+/*
+ traversal function that adds @INDEX records during a re index
+*/
+static int re_index(struct tdb_context *tdb, TDB_DATA key, TDB_DATA data, void *state)
+{
+ struct ldb_context *ldb;
+ struct ltdb_reindex_context *ctx = (struct ltdb_reindex_context *)state;
+ struct ldb_module *module = ctx->module;
+ struct ldb_message *msg;
+ const char *dn = NULL;
+ unsigned int nb_elements_in_db;
+ const struct ldb_val val = {
+ .data = data.dptr,
+ .length = data.dsize,
+ };
+ int ret;
+ bool is_record;
+
+ ldb = ldb_module_get_ctx(module);
+
+ if (key.dsize > 4 &&
+ memcmp(key.dptr, "DN=@", 4) == 0) {
+ return 0;
+ }
+
+ is_record = ltdb_key_is_record(key);
+ if (is_record == false) {
+ return 0;
+ }
+
+ msg = ldb_msg_new(module);
+ if (msg == NULL) {
+ return -1;
+ }
+
+ ret = ldb_unpack_data_only_attr_list_flags(ldb, &val,
+ msg,
+ NULL, 0,
+ LDB_UNPACK_DATA_FLAG_NO_DATA_ALLOC,
+ &nb_elements_in_db);
+ if (ret != 0) {
+ ldb_debug(ldb, LDB_DEBUG_ERROR, "Invalid data for index %s\n",
+ ldb_dn_get_linearized(msg->dn));
+ ctx->error = ret;
+ talloc_free(msg);
+ return -1;
+ }
+
if (msg->dn == NULL) {
- dn = (char *)key.dptr + 3;
+ ldb_debug(ldb, LDB_DEBUG_ERROR,
+ "Refusing to re-index as GUID "
+ "key %*.*s with no DN\n",
+ (int)key.dsize, (int)key.dsize,
+ (char *)key.dptr);
+ talloc_free(msg);
+ return -1;
} else {
dn = ldb_dn_get_linearized(msg->dn);
}
@@ -1641,8 +1738,7 @@ static int re_index(struct tdb_context *tdb, TDB_DATA key, TDB_DATA data, void *
return -1;
}
- ret = ltdb_index_add_all(module, dn, msg->elements, msg->num_elements,
- false);
+ ret = ltdb_index_add_all(module, dn, msg->elements, msg->num_elements);
if (ret != LDB_SUCCESS) {
ctx->error = ret;
@@ -1685,6 +1781,9 @@ int ltdb_reindex(struct ldb_module *module)
*/
ret = tdb_traverse(ltdb->tdb, delete_index, module);
if (ret < 0) {
+ struct ldb_context *ldb = ldb_module_get_ctx(module);
+ ldb_asprintf_errstring(ldb, "index deletion traverse failed: %s",
+ ldb_errstring(ldb));
return LDB_ERR_OPERATIONS_ERROR;
}
@@ -1697,10 +1796,28 @@ int ltdb_reindex(struct ldb_module *module)
ctx.error = 0;
/* now traverse adding any indexes for normal LDB records */
+ ret = tdb_traverse(ltdb->tdb, re_key, &ctx);
+ if (ret < 0) {
+ struct ldb_context *ldb = ldb_module_get_ctx(module);
+ ldb_asprintf_errstring(ldb, "key correction traverse failed: %s",
+ ldb_errstring(ldb));
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ if (ctx.error != LDB_SUCCESS) {
+ struct ldb_context *ldb = ldb_module_get_ctx(module);
+ ldb_asprintf_errstring(ldb, "reindexing failed: %s", ldb_errstring(ldb));
+ return ctx.error;
+ }
+
+ ctx.error = 0;
+
+ /* now traverse adding any indexes for normal LDB records */
ret = tdb_traverse(ltdb->tdb, re_index, &ctx);
if (ret < 0) {
struct ldb_context *ldb = ldb_module_get_ctx(module);
- ldb_asprintf_errstring(ldb, "reindexing traverse failed: %s", ldb_errstring(ldb));
+ ldb_asprintf_errstring(ldb, "reindexing traverse failed: %s",
+ ldb_errstring(ldb));
return LDB_ERR_OPERATIONS_ERROR;
}
diff --git a/lib/ldb/ldb_tdb/ldb_search.c b/lib/ldb/ldb_tdb/ldb_search.c
index 53355e0..a6c408a 100644
--- a/lib/ldb/ldb_tdb/ldb_search.c
+++ b/lib/ldb/ldb_tdb/ldb_search.c
@@ -410,8 +410,7 @@ static int search_func(struct tdb_context *tdb, TDB_DATA key, TDB_DATA data, voi
ac = talloc_get_type(state, struct ltdb_context);
ldb = ldb_module_get_ctx(ac->module);
- if (key.dsize < 4 ||
- strncmp((char *)key.dptr, "DN=", 3) != 0) {
+ if (ltdb_key_is_record(key) == false) {
return 0;
}
diff --git a/lib/ldb/ldb_tdb/ldb_tdb.c b/lib/ldb/ldb_tdb/ldb_tdb.c
index bc8780a..ccad816 100644
--- a/lib/ldb/ldb_tdb/ldb_tdb.c
+++ b/lib/ldb/ldb_tdb/ldb_tdb.c
@@ -127,6 +127,35 @@ int ltdb_unlock_read(struct ldb_module *module)
}
+/*
+ * Determine if this key could hold a record. We allow the new GUID
+ * index, the old DN index and a possible future ID=
+ */
+bool ltdb_key_is_record(TDB_DATA key)
+{
+ if (key.dsize < 4) {
+ return false;
+ }
+
+ if (memcmp(key.dptr, "DN=", 3) == 0) {
+ return true;
+ }
+
+ if (memcmp(key.dptr, "ID=", 3) == 0) {
+ return true;
+ }
+
+ if (key.dsize < 6) {
+ return false;
+ }
+
+ if (memcmp(key.dptr, "GUID=", 5) == 0) {
+ return true;
+ }
+
--
Samba Shared Repository
More information about the samba-cvs
mailing list