[SCM] Samba Shared Repository - branch v4-7-test updated
Karolin Seeger
kseeger at samba.org
Thu Sep 14 20:02:05 UTC 2017
The branch, v4-7-test has been updated
via adfca55 WHATSNEW: Prepare changes since 4.7.0rc5.
via 81f31fd libcli: SMB2: NetApps negotiate SMB3_11 but also set the SMB2_CAP_ENCRYPTION flag.
via 668cc39 python: Allow debug classes to be specified on the command line for python tools
via c7f3f20 librpc/dceprc_util.c: Move debug message to DBG_DEBUG()
via 2f2edad libcli/security: Move debug message to DBG_DEBUG()
via f6cadd5 dsdb: Add missing
to debug
via 66de4c1 drs repl: Only print raw DRS replication traffic at level 9
via 5977227 debug: Add new debug class "drs_repl" for DRS replication processing
via 8fbaf15 repl_meta_data: Re-work printing of replicated entries
via 2ea6beb linked_attributes: Use ldb_ldif_message_redacted_string() for consistency
via 11568c8 repl_meta_data: Use ldb_ldif_message_redacted_string() to avoid printing secrets in logs
via dab3dea ldb: version 1.2.2
via 256f485 ldb: Add new ldb_ldif_message_redacted_string() with tests
via 0806c9c ldb_tdb: Refuse to re-index very old database with no DN in the record
via 8f603e7 ldb_tdb: Use braces in ltdb_dn_list_find_val()
via 504d3df ldb_tdb: Check for talloc_strdup() failure in ltdb_index_add1()
via 285efde ldb_tdb: Check for errors during tdb operations in ltdb_reindex()
via 5311eb4 ldb_tdb: Use memcmp rather than strncmp() in ltdb_key_is_record(), re_key() and re_index()
via 0c87159 ldb_tdb: Create a common ltdb_key_is_record() allowing multiple key forms
via e703680 ldb_tdb: Do not trigger the unique index check during a re-index, use another pass
via 7db6c56 ldb_tdb: Use memcmp() to compare TDB keys in re_index()
via 1a2d909 ldb: Add tests for indexed and unindexed search expressions
via e517bc4 ldb: Fix tests to call the parent tearDown(), not setUp in tearDown
via b6fd54b ldb_tdb: Rework ltdb_modify_internal() to use ltdb_search_dn1() internally
via 98a803f ldb: Add LDB_UNPACK_DATA_FLAG_NO_ATTRS
from eabed4d ctdb-daemon: GET_DB_SEQNUM should read database conditionally
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test
- Log -----------------------------------------------------------------
commit adfca554850ca2078dce79f26699308db799c85a
Author: Karolin Seeger <kseeger at samba.org>
Date: Thu Sep 14 06:45:45 2017 -0700
WHATSNEW: Prepare changes since 4.7.0rc5.
Signed-off-by: Karolin Seeger <kseeger at samba.org>
Autobuild-User(v4-7-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-7-test): Thu Sep 14 22:01:27 CEST 2017 on sn-devel-144
commit 81f31fd50901a91fcce2024f3616f3543d4e4504
Author: Jeremy Allison <jra at samba.org>
Date: Mon Sep 11 16:36:47 2017 -0700
libcli: SMB2: NetApps negotiate SMB3_11 but also set the SMB2_CAP_ENCRYPTION flag.
This is a SHOULD not, not a MUST not.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13009
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Steve French <sfrench at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Sep 14 14:48:20 CEST 2017 on sn-devel-144
(cherry picked from commit f0a90a1287a8f4c4114919a32afaff52e3c69a9b)
commit 668cc39e320aeb30641580a1fcab39c108bd9c26
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Sep 7 11:26:04 2017 +1200
python: Allow debug classes to be specified on the command line for python tools
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13017
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Sep 7 10:43:33 CEST 2017 on sn-devel-144
(cherry picked from commit c938f61d332de0323cb135b201367f90f08d76a8)
commit c7f3f20590971d2777b81302484e32b595d109d5
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Sep 7 11:20:27 2017 +1200
librpc/dceprc_util.c: Move debug message to DBG_DEBUG()
This message shows up a lot (every packet) at level 6 for the succesful case
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13017
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit cbb3dcf2c67dd6ddbb419fff04112e3c345c2108)
commit 2f2edada445e32a41c8f3c861261dff114f3f2d3
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Sep 7 11:19:01 2017 +1200
libcli/security: Move debug message to DBG_DEBUG()
This message shows up a lot at level 6 for no particularly good reason
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13017
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 544084d4a2e19958982e6003b1b1290315099b34)
commit f6cadd503c76507458c74548c013192a3f2ddbdf
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Sep 7 11:13:17 2017 +1200
dsdb: Add missing \n to debug
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13017
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 8d8d31eb2bce6fa25485c4e989e6df372fb0e66e)
commit 66de4c1947aa2f4a20c02c65a4b9d0635f947467
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Sep 6 16:40:05 2017 +1200
drs repl: Only print raw DRS replication traffic at level 9
This can be sensitive even with the passwords still encrypted.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13017
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit dc48fa982251292a0d46d701c6e912620caf7c72)
commit 5977227b29ff96e514a4941f8bbd0d703ff6a474
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Sep 6 16:37:34 2017 +1200
debug: Add new debug class "drs_repl" for DRS replication processing
This is used in the client and in the server
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13017
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 51289a6f9bf25189386dd3f66b5b547f02348508)
commit 8fbaf1567b20cc7b3eca66198ce2457247926237
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Sep 6 16:24:35 2017 +1200
repl_meta_data: Re-work printing of replicated entries
This re-work of our LDIF printing avoids some of the privacy issue from
printing the full LDIF at level 4, while showing the entry that actually fails.
Instead, we print the DN only at level 4, then the full message at 8.
While all of the DRS replication data is potentially sensitive
the passwords are most sensitive, and are now not printed unencrypted.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13017
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit e3988f8f74f4a11e8f26a548e0a33d20f4e863f7)
commit 2ea6bebf73c05b8ca9a9e006f73cdd4c231427e9
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Sep 6 15:56:59 2017 +1200
linked_attributes: Use ldb_ldif_message_redacted_string() for consistency
This avoids printing un-encrypted secret values in logs, and while links are not likely
secret, this avoids a future copy and paste using ldb_ldif_message_string() again.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13017
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 7cfaf706942308c3682d9a37ac778cfbbdf49919)
commit 11568c8ceb197dff23cd4fe3ff0dde820c714fac
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Sep 6 15:38:14 2017 +1200
repl_meta_data: Use ldb_ldif_message_redacted_string() to avoid printing secrets in logs
This avoids printing un-encrypted secret values in logs
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13017
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit cc78de55810ac20858066a25159ad390e7644f07)
commit dab3deae7e860a857873608e1d8c1532ac7d30cd
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Sep 6 14:26:25 2017 +1200
ldb: version 1.2.2
* Bug #13017: Add ldb_ldif_message_redacted_string() to allow debug
of redacted log messages, avoiding showing secret values
* Bug #13015: Allow re-index of newer databases with binary GUID TDB keys
(this officially removes support for re-index of the original
pack format 0, rather than simply segfaulting).
* Avoid memory allocation and so make modify of records in ldb_tdb faster
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13023
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit ba54816875d43be66000977c6dd068e3165d7a46)
commit 256f485a9c396a703fbf1b38e9065dc34c0d1d0c
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Sep 5 14:05:43 2017 +1200
ldb: Add new ldb_ldif_message_redacted_string() with tests
This is designed to be a drop in replacement for
ldb_ldif_message_string() while better protecting privacy.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13017
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 37bb62990b96b266ba4a3e90cadd414e6fee5ddf)
commit 0806c9c956ba55751d98e67cca0046d5f9c54693
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Aug 10 17:08:54 2017 +1200
ldb_tdb: Refuse to re-index very old database with no DN in the record
These are not found on any AD DC, and would segfault previous LDB
versions.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13015
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 01c49b1a3561decdb10b5273d96d68d8e3d2b178)
commit 8f603e73a546402793e3f48beee0f7b8b12765b9
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Aug 10 16:09:31 2017 +1200
ldb_tdb: Use braces in ltdb_dn_list_find_val()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13015
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 54636011223ff350e172d52de302bcfcc5a0114a)
commit 504d3df997afe3156100476eafa3dc003b29e3f7
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Aug 10 14:44:27 2017 +1200
ldb_tdb: Check for talloc_strdup() failure in ltdb_index_add1()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13015
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 6246c326a747382c728288ce7d3a8faa0b741ede)
commit 285efdedfcb711df4923d78cbecc73a0d5e6a13d
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Aug 23 15:38:01 2017 +1200
ldb_tdb: Check for errors during tdb operations in ltdb_reindex()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13015
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit ffc8023a0e66cf9693665565b1692ea7c882d437)
commit 5311eb4c369bb566a87ad3e95dd58cf7f4014b21
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Sep 7 16:23:43 2017 +1200
ldb_tdb: Use memcmp rather than strncmp() in ltdb_key_is_record(), re_key() and re_index()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13016
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 3ce80cfb60d86a80efb6b66205f6d8d683791f6c)
commit 0c87159b0e97824a9722fe87bc1adc2905eb1b96
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Sep 1 14:35:08 2017 +1200
ldb_tdb: Create a common ltdb_key_is_record() allowing multiple key forms
If backported, this allows old ldb versions to full-search and re-index newer databases
and in current code allows the transition to and from a GUID or incrementing ID based index
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13016
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit fec666b334ad90408843d8fbfd4c2f62434831e2)
commit e703680f533d3f2ff5ac5402c9b715fc85cdf34d
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Aug 18 17:01:07 2017 +1200
ldb_tdb: Do not trigger the unique index check during a re-index, use another pass
We want to rename the objects, then scan looking for the index values.
This avoids a DB modify during the index scan traverse (the index values
are actually added to an in-memory TDB, written in prepare_commit()).
This allows us to remove the "this might already exist" case in the
index handling, we now know that the entry did not exist in the index
before we add it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13015
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 2d0007ee5a658d199029f7e81200e206ba0d89e0)
commit 7db6c56e1f82c57a4db1a4c9ec03f2daf9e3a58b
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Aug 15 14:25:59 2017 +1200
ldb_tdb: Use memcmp() to compare TDB keys in re_index()
The keys may not always be a null terminated string, they could well
be a binary GUID in a future revision, for efficiency..
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13016
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit da1e23418a1d0e6b77dcf24bf6cbbc18b0fe020b)
commit 1a2d909de8261abd90086aa6147fc35d8ffeca5b
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Aug 24 17:01:14 2017 +1200
ldb: Add tests for indexed and unindexed search expressions
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Aug 30 14:58:32 CEST 2017 on sn-devel-144
(cherry picked from commit a5a2243f073f00bbfd7692fb2fe68ea79830ae0d)
commit e517bc46c86d13ae6f83554acfb1c2743d3bf4e3
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Aug 24 16:29:58 2017 +1200
ldb: Fix tests to call the parent tearDown(), not setUp in tearDown
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 841e763a2b1dba1c0557d4f47a3674d6a555cab0)
commit b6fd54bd84d44bd74d7ced0710d4d60c05023017
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Aug 16 12:51:09 2017 +1200
ldb_tdb: Rework ltdb_modify_internal() to use ltdb_search_dn1() internally
This avoids duplicate code and allows us to use the allocation-avoiding
LDB_UNPACK_DATA_FLAG_NO_DATA_ALLOC flag.
We can not use LDB_UNPACK_DATA_FLAG_NO_VALUES_ALLOC as el2->values
is talloc_realloc()ed in the routine.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Aug 29 11:13:50 CEST 2017 on sn-devel-144
(cherry picked from commit 3164c0ac54685d6ae430e2cb3bb50a9ad7f3e7fc)
commit 98a803f02498767c8efa802b4b6cedd4b81d78ce
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Aug 11 11:31:05 2017 +1200
ldb: Add LDB_UNPACK_DATA_FLAG_NO_ATTRS
This will allow us to avoid a full unpack in situations where we just want to confirm
if the DN exists
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
(cherry picked from commit bff81a2c9cc43a2cfec822dde94944d0295dd87f)
-----------------------------------------------------------------------
Summary of changes:
WHATSNEW.txt | 30 ++
lib/ldb/ABI/{ldb-1.2.1.sigs => ldb-1.2.2.sigs} | 1 +
...yldb-util-1.1.10.sigs => pyldb-util-1.2.2.sigs} | 0
...-util-1.1.10.sigs => pyldb-util.py3-1.2.2.sigs} | 0
lib/ldb/common/ldb_ldif.c | 21 ++
lib/ldb/common/ldb_pack.c | 5 +
lib/ldb/include/ldb.h | 40 ++-
lib/ldb/include/ldb_module.h | 5 +
lib/ldb/ldb_tdb/ldb_index.c | 193 ++++++++++---
lib/ldb/ldb_tdb/ldb_search.c | 3 +-
lib/ldb/ldb_tdb/ldb_tdb.c | 69 +++--
lib/ldb/ldb_tdb/ldb_tdb.h | 5 +
lib/ldb/tests/ldb_mod_op_test.c | 91 +++++++
lib/ldb/tests/python/api.py | 303 ++++++++++++++++++++-
lib/ldb/wscript | 2 +-
lib/util/debug.c | 1 +
lib/util/debug.h | 1 +
libcli/security/create_descriptor.c | 2 +-
libcli/smb/smbXcli_base.c | 15 +-
librpc/rpc/dcerpc_util.c | 4 +-
python/samba/drs_utils.py | 2 +-
python/samba/getopt.py | 6 +-
python/samba/join.py | 4 +-
python/samba/netcmd/rodc.py | 6 +-
source4/dsdb/common/util.c | 2 +-
source4/dsdb/repl/drepl_extended.c | 3 +
source4/dsdb/repl/drepl_fsmo.c | 3 +
source4/dsdb/repl/drepl_notify.c | 3 +
source4/dsdb/repl/drepl_out_helpers.c | 3 +
source4/dsdb/repl/drepl_out_pull.c | 3 +
source4/dsdb/repl/drepl_partitions.c | 3 +
source4/dsdb/repl/drepl_periodic.c | 3 +
source4/dsdb/repl/drepl_replica.c | 3 +
source4/dsdb/repl/drepl_ridalloc.c | 3 +
source4/dsdb/repl/drepl_secret.c | 3 +
source4/dsdb/repl/drepl_service.c | 3 +
source4/dsdb/repl/replicated_objects.c | 3 +
source4/dsdb/samdb/ldb_modules/linked_attributes.c | 8 +-
source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 60 +++-
source4/libnet/libnet_vampire.c | 3 +
source4/rpc_server/drsuapi/addentry.c | 3 +
source4/rpc_server/drsuapi/dcesrv_drsuapi.c | 3 +
source4/rpc_server/drsuapi/drsutil.c | 3 +
source4/rpc_server/drsuapi/getncchanges.c | 3 +
source4/rpc_server/drsuapi/updaterefs.c | 3 +
source4/rpc_server/drsuapi/writespn.c | 3 +
46 files changed, 829 insertions(+), 107 deletions(-)
copy lib/ldb/ABI/{ldb-1.2.1.sigs => ldb-1.2.2.sigs} (99%)
copy lib/ldb/ABI/{pyldb-util-1.1.10.sigs => pyldb-util-1.2.2.sigs} (100%)
copy lib/ldb/ABI/{pyldb-util-1.1.10.sigs => pyldb-util.py3-1.2.2.sigs} (100%)
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index f692e84..46a786c 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -370,6 +370,36 @@ KNOWN ISSUES
https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.7#Release_blocking_bugs
+CHANGES SINCE 4.7.0rc5
+======================
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 13008: lib: crypto: Make smbd use the Intel AES instruction set for signing
+ and encryption.
+
+o Andrew Bartlett <abartlet at samba.org>
+ * BUG 12946: s4-drsuapi: Avoid segfault when replicating as a non-admin with
+ GUID_DRS_GET_CHANGES.
+ * BUG 13015: Allow re-index of newer databases with binary GUID TDB keys
+ (this officially removes support for re-index of the original pack format 0,
+ rather than simply segfaulting).
+ * BUG 13017: Add ldb_ldif_message_redacted_string() to allow debug of redacted
+ log messages, avoiding showing secret values.
+ * BUG 13023: ldb: version 1.2.2.
+
+o Ralph Boehme <slow at samba.org>
+ * BUG 13024: s3/smbd: Sticky write time offset miscalculation causes broken
+ timestamps
+
+o Volker Lendecke <vl at samba.org>
+ * BUG 13006: messaging: Avoid a socket leak after fork.
+
+o Amitay Isaacs <amitay at gmail.com>
+ * BUG 13012: ctdb-daemon: Fix implementation of process_exists control.
+ * BUG 13021: GET_DB_SEQNUM control can cause ctdb to deadlock when databases
+ are frozen.
+
+
CHANGES SINCE 4.7.0rc4
======================
diff --git a/lib/ldb/ABI/ldb-1.2.1.sigs b/lib/ldb/ABI/ldb-1.2.2.sigs
similarity index 99%
copy from lib/ldb/ABI/ldb-1.2.1.sigs
copy to lib/ldb/ABI/ldb-1.2.2.sigs
index 1be2ae7..9dc61cd 100644
--- a/lib/ldb/ABI/ldb-1.2.1.sigs
+++ b/lib/ldb/ABI/ldb-1.2.2.sigs
@@ -100,6 +100,7 @@ ldb_handle_use_global_event_context: void (struct ldb_handle *)
ldb_handler_copy: int (struct ldb_context *, void *, const struct ldb_val *, struct ldb_val *)
ldb_handler_fold: int (struct ldb_context *, void *, const struct ldb_val *, struct ldb_val *)
ldb_init: struct ldb_context *(TALLOC_CTX *, struct tevent_context *)
+ldb_ldif_message_redacted_string: char *(struct ldb_context *, TALLOC_CTX *, enum ldb_changetype, const struct ldb_message *)
ldb_ldif_message_string: char *(struct ldb_context *, TALLOC_CTX *, enum ldb_changetype, const struct ldb_message *)
ldb_ldif_parse_modrdn: int (struct ldb_context *, const struct ldb_ldif *, TALLOC_CTX *, struct ldb_dn **, struct ldb_dn **, bool *, struct ldb_dn **, struct ldb_dn **)
ldb_ldif_read: struct ldb_ldif *(struct ldb_context *, int (*)(void *), void *)
diff --git a/lib/ldb/ABI/pyldb-util-1.1.10.sigs b/lib/ldb/ABI/pyldb-util-1.2.2.sigs
similarity index 100%
copy from lib/ldb/ABI/pyldb-util-1.1.10.sigs
copy to lib/ldb/ABI/pyldb-util-1.2.2.sigs
diff --git a/lib/ldb/ABI/pyldb-util-1.1.10.sigs b/lib/ldb/ABI/pyldb-util.py3-1.2.2.sigs
similarity index 100%
copy from lib/ldb/ABI/pyldb-util-1.1.10.sigs
copy to lib/ldb/ABI/pyldb-util.py3-1.2.2.sigs
diff --git a/lib/ldb/common/ldb_ldif.c b/lib/ldb/common/ldb_ldif.c
index 0aeda94b..b90d27e 100644
--- a/lib/ldb/common/ldb_ldif.c
+++ b/lib/ldb/common/ldb_ldif.c
@@ -1080,3 +1080,24 @@ char *ldb_ldif_message_string(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
return ldb_ldif_write_string(ldb, mem_ctx, &ldif);
}
+
+/*
+ * convenient function to turn a ldb_message into a string. Useful for
+ * debugging but also safer if some of the LDIF could be sensitive.
+ *
+ * The secret attributes are specified in a 'const char * const *' within
+ * the LDB_SECRET_ATTRIBUTE_LIST opaque set on the ldb
+ *
+ */
+char *ldb_ldif_message_redacted_string(struct ldb_context *ldb,
+ TALLOC_CTX *mem_ctx,
+ enum ldb_changetype changetype,
+ const struct ldb_message *msg)
+{
+ struct ldb_ldif ldif;
+
+ ldif.changetype = changetype;
+ ldif.msg = discard_const_p(struct ldb_message, msg);
+
+ return ldb_ldif_write_redacted_trace_string(ldb, mem_ctx, &ldif);
+}
diff --git a/lib/ldb/common/ldb_pack.c b/lib/ldb/common/ldb_pack.c
index 1f1688a..448c577 100644
--- a/lib/ldb/common/ldb_pack.c
+++ b/lib/ldb/common/ldb_pack.c
@@ -301,6 +301,11 @@ int ldb_unpack_data_only_attr_list_flags(struct ldb_context *ldb,
goto failed;
}
+
+ if (flags & LDB_UNPACK_DATA_FLAG_NO_ATTRS) {
+ return 0;
+ }
+
if (message->num_elements == 0) {
return 0;
}
diff --git a/lib/ldb/include/ldb.h b/lib/ldb/include/ldb.h
index 14cec0e..9918b4e 100644
--- a/lib/ldb/include/ldb.h
+++ b/lib/ldb/include/ldb.h
@@ -1724,16 +1724,46 @@ char * ldb_ldif_write_string(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
const struct ldb_ldif *msg);
-/*
- Produce a string form of an ldb message
+/**
+ Write an LDB message to a string
- convenient function to turn a ldb_message into a string. Useful for
- debugging
- */
+ \param ldb the ldb context (from ldb_init())
+ \param mem_ctx the talloc context on which to attach the string)
+ \param changetype LDB_CHANGETYPE_ADD or LDB_CHANGETYPE_MODIFY
+ \param msg the message to write out
+
+ \return the string containing the LDIF, or NULL on error
+
+ \sa ldb_ldif_message_redacted_string for a safer version of this
+ function
+*/
char *ldb_ldif_message_string(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
enum ldb_changetype changetype,
const struct ldb_message *msg);
+/**
+ Write an LDB message to a string
+
+ \param ldb the ldb context (from ldb_init())
+ \param mem_ctx the talloc context on which to attach the string)
+ \param changetype LDB_CHANGETYPE_ADD or LDB_CHANGETYPE_MODIFY
+ \param msg the message to write out
+
+ \return the string containing the LDIF, or NULL on error, but
+ with secret attributes redacted
+
+ \note The secret attributes are specified in a
+ 'const char * const *' within the LDB_SECRET_ATTRIBUTE_LIST
+ opaque set on the ldb
+
+ \sa ldb_ldif_message_string for an exact representiation of the
+ message as LDIF
+*/
+char *ldb_ldif_message_redacted_string(struct ldb_context *ldb,
+ TALLOC_CTX *mem_ctx,
+ enum ldb_changetype changetype,
+ const struct ldb_message *msg);
+
/**
Base64 encode a buffer
diff --git a/lib/ldb/include/ldb_module.h b/lib/ldb/include/ldb_module.h
index 8ad212a..71b4074 100644
--- a/lib/ldb/include/ldb_module.h
+++ b/lib/ldb/include/ldb_module.h
@@ -518,6 +518,10 @@ int ldb_unpack_data(struct ldb_context *ldb,
* LDB_UNPACK_DATA_FLAG_NO_DATA_ALLOC is also specified.
*
* Likewise if LDB_UNPACK_DATA_FLAG_NO_DN is specified, the DN is omitted.
+ *
+ * If LDB_UNPACK_DATA_FLAG_NO_ATTRS is specified, then no attributes
+ * are unpacked or returned.
+ *
*/
int ldb_unpack_data_only_attr_list_flags(struct ldb_context *ldb,
const struct ldb_val *data,
@@ -530,6 +534,7 @@ int ldb_unpack_data_only_attr_list_flags(struct ldb_context *ldb,
#define LDB_UNPACK_DATA_FLAG_NO_DATA_ALLOC 0x0001
#define LDB_UNPACK_DATA_FLAG_NO_DN 0x0002
#define LDB_UNPACK_DATA_FLAG_NO_VALUES_ALLOC 0x0004
+#define LDB_UNPACK_DATA_FLAG_NO_ATTRS 0x0008
/**
Forces a specific ldb handle to use the global event context.
diff --git a/lib/ldb/ldb_tdb/ldb_index.c b/lib/ldb/ldb_tdb/ldb_index.c
index 232bb4c..3510dd9 100644
--- a/lib/ldb/ldb_tdb/ldb_index.c
+++ b/lib/ldb/ldb_tdb/ldb_index.c
@@ -83,7 +83,9 @@ static int ltdb_dn_list_find_val(const struct dn_list *list, const struct ldb_va
{
unsigned int i;
for (i=0; i<list->count; i++) {
- if (dn_list_cmp(&list->dn[i], v) == 0) return i;
+ if (dn_list_cmp(&list->dn[i], v) == 0) {
+ return i;
+ }
}
return -1;
}
@@ -1147,8 +1149,7 @@ int ltdb_search_indexed(struct ltdb_context *ac, uint32_t *match_count)
* @return An ldb error code
*/
static int ltdb_index_add1(struct ldb_module *module, const char *dn,
- struct ldb_message_element *el, int v_idx,
- bool is_new)
+ struct ldb_message_element *el, int v_idx)
{
struct ldb_context *ldb;
struct ldb_dn *dn_key;
@@ -1198,16 +1199,6 @@ static int ltdb_index_add1(struct ldb_module *module, const char *dn,
return LDB_ERR_ENTRY_ALREADY_EXISTS;
}
- /* If we are doing an ADD, then this can not already be in the index,
- as it was not already in the database, and this has already been
- checked because the store succeeded */
- if (! is_new) {
- if (ltdb_dn_list_find_str(list, dn) != -1) {
- talloc_free(list);
- return LDB_SUCCESS;
- }
- }
-
/* overallocate the list a bit, to reduce the number of
* realloc trigered copies */
alloc_len = ((list->count+1)+7) & ~7;
@@ -1216,7 +1207,13 @@ static int ltdb_index_add1(struct ldb_module *module, const char *dn,
talloc_free(list);
return LDB_ERR_OPERATIONS_ERROR;
}
- list->dn[list->count].data = (uint8_t *)talloc_strdup(list->dn, dn);
+
+ list->dn[list->count].data
+ = (uint8_t *)talloc_strdup(list->dn, dn);
+ if (list->dn[list->count].data == NULL) {
+ talloc_free(list);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
list->dn[list->count].length = strlen(dn);
list->count++;
@@ -1231,11 +1228,11 @@ static int ltdb_index_add1(struct ldb_module *module, const char *dn,
add index entries for one elements in a message
*/
static int ltdb_index_add_el(struct ldb_module *module, const char *dn,
- struct ldb_message_element *el, bool is_new)
+ struct ldb_message_element *el)
{
unsigned int i;
for (i = 0; i < el->num_values; i++) {
- int ret = ltdb_index_add1(module, dn, el, i, is_new);
+ int ret = ltdb_index_add1(module, dn, el, i);
if (ret != LDB_SUCCESS) {
return ret;
}
@@ -1249,8 +1246,7 @@ static int ltdb_index_add_el(struct ldb_module *module, const char *dn,
*/
static int ltdb_index_add_all(struct ldb_module *module, const char *dn,
struct ldb_message_element *elements,
- unsigned int num_el,
- bool is_new)
+ unsigned int num_el)
{
struct ltdb_private *ltdb = talloc_get_type(ldb_module_get_private(module), struct ltdb_private);
unsigned int i;
@@ -1269,7 +1265,7 @@ static int ltdb_index_add_all(struct ldb_module *module, const char *dn,
if (!ltdb_is_indexed(module, ltdb, elements[i].name)) {
continue;
}
- ret = ltdb_index_add_el(module, dn, &elements[i], is_new);
+ ret = ltdb_index_add_el(module, dn, &elements[i]);
if (ret != LDB_SUCCESS) {
struct ldb_context *ldb = ldb_module_get_ctx(module);
ldb_asprintf_errstring(ldb,
@@ -1286,9 +1282,11 @@ static int ltdb_index_add_all(struct ldb_module *module, const char *dn,
/*
insert a one level index for a message
*/
-static int ltdb_index_onelevel(struct ldb_module *module, const struct ldb_message *msg, int add)
-{
- struct ltdb_private *ltdb = talloc_get_type(ldb_module_get_private(module), struct ltdb_private);
+static int ltdb_index_onelevel(struct ldb_module *module,
+ const struct ldb_message *msg, int add)
+{
+ struct ltdb_private *ltdb = talloc_get_type(ldb_module_get_private(module),
+ struct ltdb_private);
struct ldb_message_element el;
struct ldb_val val;
struct ldb_dn *pdn;
@@ -1323,7 +1321,7 @@ static int ltdb_index_onelevel(struct ldb_module *module, const struct ldb_messa
el.num_values = 1;
if (add) {
- ret = ltdb_index_add1(module, dn, &el, 0, add);
+ ret = ltdb_index_add1(module, dn, &el, 0);
} else { /* delete */
ret = ltdb_index_del_value(module, msg->dn, &el, 0);
}
@@ -1347,7 +1345,7 @@ int ltdb_index_add_element(struct ldb_module *module, struct ldb_dn *dn,
if (!ltdb_is_indexed(module, ltdb, el->name)) {
return LDB_SUCCESS;
}
- return ltdb_index_add_el(module, ldb_dn_get_linearized(dn), el, true);
+ return ltdb_index_add_el(module, ldb_dn_get_linearized(dn), el);
}
/*
@@ -1367,8 +1365,7 @@ int ltdb_index_add_new(struct ldb_module *module, const struct ldb_message *msg)
return LDB_ERR_OPERATIONS_ERROR;
}
- ret = ltdb_index_add_all(module, dn, msg->elements, msg->num_elements,
- true);
+ ret = ltdb_index_add_all(module, dn, msg->elements, msg->num_elements);
if (ret != LDB_SUCCESS) {
return ret;
}
@@ -1571,7 +1568,7 @@ struct ltdb_reindex_context {
/*
traversal function that adds @INDEX records during a re index
*/
-static int re_index(struct tdb_context *tdb, TDB_DATA key, TDB_DATA data, void *state)
+static int re_key(struct tdb_context *tdb, TDB_DATA key, TDB_DATA data, void *state)
{
struct ldb_context *ldb;
struct ltdb_reindex_context *ctx = (struct ltdb_reindex_context *)state;
@@ -1582,17 +1579,22 @@ static int re_index(struct tdb_context *tdb, TDB_DATA key, TDB_DATA data, void *
.data = data.dptr,
.length = data.dsize,
};
- const char *dn = NULL;
int ret;
TDB_DATA key2;
-
+ bool is_record;
+
ldb = ldb_module_get_ctx(module);
- if (strncmp((char *)key.dptr, "DN=@", 4) == 0 ||
- strncmp((char *)key.dptr, "DN=", 3) != 0) {
+ if (key.dsize > 4 &&
+ memcmp(key.dptr, "DN=@", 4) == 0) {
return 0;
}
+ is_record = ltdb_key_is_record(key);
+ if (is_record == false) {
+ return 0;
+ }
+
msg = ldb_msg_new(module);
if (msg == NULL) {
return -1;
@@ -1606,10 +1608,21 @@ static int re_index(struct tdb_context *tdb, TDB_DATA key, TDB_DATA data, void *
if (ret != 0) {
ldb_debug(ldb, LDB_DEBUG_ERROR, "Invalid data for index %s\n",
ldb_dn_get_linearized(msg->dn));
+ ctx->error = ret;
talloc_free(msg);
return -1;
}
+ if (msg->dn == NULL) {
+ ldb_debug(ldb, LDB_DEBUG_ERROR,
+ "Refusing to re-index as GUID "
+ "key %*.*s with no DN\n",
+ (int)key.dsize, (int)key.dsize,
+ (char *)key.dptr);
+ talloc_free(msg);
+ return -1;
+ }
+
/* check if the DN key has changed, perhaps due to the
case insensitivity of an element changing */
key2 = ltdb_key(module, msg->dn);
@@ -1620,14 +1633,98 @@ static int re_index(struct tdb_context *tdb, TDB_DATA key, TDB_DATA data, void *
talloc_free(msg);
return 0;
}
- if (strcmp((char *)key2.dptr, (char *)key.dptr) != 0) {
- tdb_delete(tdb, key);
- tdb_store(tdb, key2, data, 0);
+ if (key.dsize != key2.dsize ||
+ (memcmp(key.dptr, key2.dptr, key.dsize) != 0)) {
+ int tdb_ret;
+ tdb_ret = tdb_delete(tdb, key);
+ if (tdb_ret != 0) {
+ ldb_debug(ldb, LDB_DEBUG_ERROR,
+ "Failed to delete %*.*s "
+ "for rekey as %*.*s: %s",
+ (int)key.dsize, (int)key.dsize,
+ (const char *)key.dptr,
+ (int)key2.dsize, (int)key2.dsize,
+ (const char *)key.dptr,
+ tdb_errorstr(tdb));
+ ctx->error = ltdb_err_map(tdb_error(tdb));
+ return -1;
+ }
+ tdb_ret = tdb_store(tdb, key2, data, 0);
+ if (tdb_ret != 0) {
+ ldb_debug(ldb, LDB_DEBUG_ERROR,
+ "Failed to rekey %*.*s as %*.*s: %s",
+ (int)key.dsize, (int)key.dsize,
+ (const char *)key.dptr,
+ (int)key2.dsize, (int)key2.dsize,
+ (const char *)key.dptr,
+ tdb_errorstr(tdb));
+ ctx->error = ltdb_err_map(tdb_error(tdb));
+ return -1;
+ }
}
talloc_free(key2.dptr);
+ talloc_free(msg);
+
+ return 0;
+}
+
+/*
+ traversal function that adds @INDEX records during a re index
+*/
+static int re_index(struct tdb_context *tdb, TDB_DATA key, TDB_DATA data, void *state)
+{
+ struct ldb_context *ldb;
+ struct ltdb_reindex_context *ctx = (struct ltdb_reindex_context *)state;
+ struct ldb_module *module = ctx->module;
+ struct ldb_message *msg;
+ const char *dn = NULL;
+ unsigned int nb_elements_in_db;
+ const struct ldb_val val = {
+ .data = data.dptr,
+ .length = data.dsize,
+ };
+ int ret;
+ bool is_record;
+
+ ldb = ldb_module_get_ctx(module);
+
+ if (key.dsize > 4 &&
+ memcmp(key.dptr, "DN=@", 4) == 0) {
+ return 0;
+ }
+
+ is_record = ltdb_key_is_record(key);
+ if (is_record == false) {
+ return 0;
+ }
+
+ msg = ldb_msg_new(module);
+ if (msg == NULL) {
+ return -1;
+ }
+
+ ret = ldb_unpack_data_only_attr_list_flags(ldb, &val,
+ msg,
+ NULL, 0,
+ LDB_UNPACK_DATA_FLAG_NO_DATA_ALLOC,
+ &nb_elements_in_db);
+ if (ret != 0) {
+ ldb_debug(ldb, LDB_DEBUG_ERROR, "Invalid data for index %s\n",
+ ldb_dn_get_linearized(msg->dn));
+ ctx->error = ret;
+ talloc_free(msg);
+ return -1;
+ }
+
if (msg->dn == NULL) {
- dn = (char *)key.dptr + 3;
+ ldb_debug(ldb, LDB_DEBUG_ERROR,
+ "Refusing to re-index as GUID "
+ "key %*.*s with no DN\n",
+ (int)key.dsize, (int)key.dsize,
+ (char *)key.dptr);
+ talloc_free(msg);
+ return -1;
} else {
dn = ldb_dn_get_linearized(msg->dn);
}
@@ -1641,8 +1738,7 @@ static int re_index(struct tdb_context *tdb, TDB_DATA key, TDB_DATA data, void *
return -1;
}
- ret = ltdb_index_add_all(module, dn, msg->elements, msg->num_elements,
- false);
+ ret = ltdb_index_add_all(module, dn, msg->elements, msg->num_elements);
if (ret != LDB_SUCCESS) {
ctx->error = ret;
@@ -1685,6 +1781,9 @@ int ltdb_reindex(struct ldb_module *module)
*/
ret = tdb_traverse(ltdb->tdb, delete_index, module);
if (ret < 0) {
+ struct ldb_context *ldb = ldb_module_get_ctx(module);
+ ldb_asprintf_errstring(ldb, "index deletion traverse failed: %s",
+ ldb_errstring(ldb));
return LDB_ERR_OPERATIONS_ERROR;
--
Samba Shared Repository
More information about the samba-cvs
mailing list