[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Wed Aug 15 08:20:02 UTC 2018
The branch, master has been updated
via f249bea netcmd: Fix --kerberos=yes and --no-secrets domain backups
via d2d0395 netcmd: Delete unnecessary function
via 8fb706c netcmd: Fix kerberos option for domain backups
via 14077b6 netcmd: domain backup didn't support prompting for password
via 1da4ff2 third_party:build: Test for the flags, recognized by Clang.
via 371c5c7 emulate/traffic: add sAMAccountName in create_group
via ceed07f traffic-replay: add extra check
via 68c64c6 traffic: uniform stats output
via 8084f18 emulate/traffic: fix next usage
via badd7a2 samba-tool/drs: set dns_backend to SAMBA_INTERNAL in cmd_drs_clone_dc_database
via 28e2a51 dns_server: Avoid ldb_dn_add_child_fmt() on untrusted input
via aa01203 dns_server: Be strict when constructing a LDB DN from an untrusted DNS name
via bdbb942 ldb: Release LDB 1.5.1
via 9d46795 ldb: extend API tests
via 2dafbd3 ldb: Add new function ldb_dn_add_child_val()
via 542e7c1 ldb_tdb: Remove pointless check of ldb_dn_is_valid()
via d71c655 fix mem leak in ldbsearch
via d645546 fix mem leak in ltdb_index_dn_base_dn and ltdb_search_indexed
via b9e2a2d ldb: no need to call del_transaction in ldb_transaction_commit
from 9eccf6a s3:libads: Free addr before we free the context
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit f249bea1e0538300288e7cf1dcb6037c45f92276
Author: Tim Beale <timbeale at catalyst.net.nz>
Date: Thu Aug 9 16:20:10 2018 +1200
netcmd: Fix --kerberos=yes and --no-secrets domain backups
The --kerberos=yes and --no-secrets options didn't work in combination
for domain backups. The problem was creds.get_username() might not
necessarily match the kerberos user (such as in the selftest
environment). If this was the case, then trying to reset the admin
password failed (because the creds.get_username() didn't exist in
the DB).
Because the admin user always has a fixed RID, we can work out the
administrator based on its object SID, instead of relying on the
username in the creds.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13566
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Aug 15 10:19:09 CEST 2018 on sn-devel-144
commit d2d039515119523192676b311d5997afd34f4c90
Author: Tim Beale <timbeale at catalyst.net.nz>
Date: Thu Aug 9 15:35:59 2018 +1200
netcmd: Delete unnecessary function
Minor code cleanup. The last 2 patches gutted this function, to the
point where there's no longer any value in keeping it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13566
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 8fb706c34682bf6dc6033963518c7eccffc3944f
Author: Tim Beale <timbeale at catalyst.net.nz>
Date: Thu Aug 9 15:34:51 2018 +1200
netcmd: Fix kerberos option for domain backups
The previous fix still didn't work if you specified --kerberos=yes (in
which case the creds still doesn't have a password).
credopts.get_credentials(lp) should be enough to ensure a user/password
is set (it's all that the other commands seem to do).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13566
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 14077b6682d7dc1b16e1ccb42ef61e9f4c0a1715
Author: Tim Beale <timbeale at catalyst.net.nz>
Date: Thu Aug 9 15:30:55 2018 +1200
netcmd: domain backup didn't support prompting for password
The online/rename backups only worked if you specified both the username
and password in the actual command itself. If you just entered the
username (expecting to be prompted for the password later), then the
command was rejected.
The problem was the order the code was doing things in. We were checking
credopts.creds.get_password() *before* we'd called
credopts.get_credentials(lp), whereas it should be the other way
around.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13566
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 1da4ff2e64469dc8494ba895453d60206f030db4
Author: Timur I. Bakeyev <timur at iXsystems.com>
Date: Sun Jul 8 18:45:59 2018 +0200
third_party:build: Test for the flags, recognized by Clang.
Make amd64 SYSTEM_UNAME_MACHINE an alias for x86_64.
Signed-off-by: Timur I. Bakeyev <timur at iXsystems.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 371c5c70f78a65af6fcc4d124eae8c10b26bdc48
Author: Joe Guo <joeg at catalyst.net.nz>
Date: Tue Aug 7 16:04:48 2018 +1200
emulate/traffic: add sAMAccountName in create_group
While using script/traffic_replay to generate users and groups, we get
autogenerated group name like:
$2A6F42B2-39FAF4556E2BE379
This patch specify sAMAccountName to overwriten the name.
Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit ceed07fe89d6bf80440b9951549c7247cb952388
Author: Joe Guo <joeg at catalyst.net.nz>
Date: Tue Aug 7 14:09:03 2018 +1200
traffic-replay: add extra check
Make sure --average-groups-per-user is not more than --number-of-users
Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 68c64c634ad7576b2ab5ef838c203320afd90f44
Author: Joe Guo <joeg at catalyst.net.nz>
Date: Fri May 11 11:50:38 2018 +1200
traffic: uniform stats output
The original code is trying to output different data format for tty or file.
This is unnecessary and cause confusion while writing script to parse result.
The human-readable one is also easy for code to parse.
Remove if check for isatty(), just make output the same.
Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 8084f1838cee774fc79a4c7ff2d1182388105fcb
Author: Joe Guo <joeg at catalyst.net.nz>
Date: Wed Jun 20 16:34:44 2018 +1200
emulate/traffic: fix next usage
In commit b0c9de820c07d77c03b80505cb811ac1dac0808f, line 343:
self.next_conversation_id = itertools.count().next
was changed to:
self.next_conversation_id = next(itertools.count())
which is not correct, the first one is a function, the second one is a
int. This patch fixed it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13573
Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit badd7a23ed968dbf9f05c518f8c65a81ab796609
Author: Joe Guo <joeg at catalyst.net.nz>
Date: Fri Aug 3 16:29:26 2018 +1200
samba-tool/drs: set dns_backend to SAMBA_INTERNAL in cmd_drs_clone_dc_database
The default value is "NONE", need to specify it to use SAMBA_INTERNAL so
that the DNS partitions are replicated.
Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 28e2a518ff3233f49f1b61210754d044c670087b
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Aug 15 10:44:03 2018 +1200
dns_server: Avoid ldb_dn_add_child_fmt() on untrusted input
By using the new ldb_dn_add_child_val() we ensure that the user-controlled values are
not parsed as DN seperators.
Additionally, the casefold DN is obtained before the search to trigger
a full parse of the DN before being handled to the LDB search.
This is not normally required but is done here due to the nature
of the untrusted input.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13466
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit aa01203ff51ec49dfdfeed6ab02bbe0cb3198d70
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Jul 2 16:49:37 2018 +1200
dns_server: Be strict when constructing a LDB DN from an untrusted DNS name
This changes our DNS server to be much more careful when constructing DNS names
into LDB DN values.
This avoids a segfault deep in the LDB code if the ldb_dn_get_casefold() fails there.
A seperate patch will address that part of the issue, and a later patch
will re-work this code to use single API: ldb_dn_add_child_val(). This
is not squahed with this work because this patch does not rely on a new
LDB release, and so may be helpful for a backport.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13466
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit bdbb9422c0430d74c3173822257e23a9dfb2713e
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Jul 3 15:21:07 2018 +1200
ldb: Release LDB 1.5.1
* New API ldb_dn_add_child_val() avoids passing untrusted input to
ldb_dn_add_child_fmt() (bug 13466)
* Free memory nearer to the allocation in calls made by ldbsearch
* Do not overwrite ldb_transaction_commit failure error messages
with a pointless del_transaction()
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 9d46795b208487028ce4cce6ed893de7b665b347
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Jul 4 13:26:16 2018 +1200
ldb: extend API tests
These additional API tests just check that an invalid base DN
is never accepted.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 2dafbd32136b7d4253bcadde4c038272350f7bb2
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Jul 3 15:16:56 2018 +1200
ldb: Add new function ldb_dn_add_child_val()
This is safer for untrusted input than ldb_dn_add_child_fmt()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13466
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 542e7c179112933f82ea68ce6c04c2a596522617
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon May 21 15:25:33 2018 +1200
ldb_tdb: Remove pointless check of ldb_dn_is_valid()
If the DN is not valid the ltdb_search_dn1() will catch it with ldb_dn_validate() which
is the only safe way to check this. ldb_dn_is_valid() does not actually check, but instead
returns only the result of the previous checks, if there was one.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit d71c655eecc7bc7963a8858dd3a631ac1e580046
Author: Andrej Gessel <Andrej.Gessel at janztec.com>
Date: Mon Jul 16 11:43:22 2018 +0200
fix mem leak in ldbsearch
Signed-off-by: Andrej Gessel <Andrej.Gessel at janztec.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit d645546aef452fc372b7cc7e1602562f0e88943c
Author: Andrej Gessel <Andrej.Gessel at janztec.com>
Date: Mon Jul 16 11:39:05 2018 +0200
fix mem leak in ltdb_index_dn_base_dn and ltdb_search_indexed
Signed-off-by: Andrej Gessel <Andrej.Gessel at janztec.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit b9e2a2de247add415b4681c93849a9c9ba6f3c4a
Author: Joe Guo <joeg at catalyst.net.nz>
Date: Tue Aug 7 16:45:16 2018 +1200
ldb: no need to call del_transaction in ldb_transaction_commit
No matter commit succeeded or failed, transation will be delete afterwards.
So there is no need to delete it here.
Aganst Samba this causes an `LDAP error 51 LDAP_BUSY` error when the transaction
fails, say while we try to add users to groups in large amount and
the original error is lost.
In Samba, the rootdse module fails early in the del part of the
start/end/del pattern, and in ldb_tdb and ldb_mdb a failed commit
always ends the transaction, even on failure.
Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
-----------------------------------------------------------------------
Summary of changes:
lib/ldb/ABI/{ldb-1.3.0.sigs => ldb-1.5.1.sigs} | 1 +
...b-util.py3-1.5.0.sigs => pyldb-util-1.5.1.sigs} | 0
...il.py3-1.5.0.sigs => pyldb-util.py3-1.5.1.sigs} | 0
lib/ldb/common/ldb.c | 3 -
lib/ldb/common/ldb_dn.c | 35 +++++
lib/ldb/include/ldb.h | 3 +
lib/ldb/ldb_key_value/ldb_kv_index.c | 2 +
lib/ldb/ldb_key_value/ldb_kv_search.c | 8 --
lib/ldb/tests/python/api.py | 47 ++++++-
lib/ldb/tests/test_ldb_dn.c | 117 ++++++++++++++++
lib/ldb/tools/ldbsearch.c | 5 +
lib/ldb/wscript | 8 +-
python/samba/emulate/traffic.py | 32 ++---
python/samba/netcmd/domain_backup.py | 55 ++++----
python/samba/netcmd/drs.py | 4 +-
script/traffic_replay | 6 +
source4/dns_server/dlz_bind9.c | 156 +++++++++++++++++++--
source4/dns_server/dnsserver_common.c | 52 ++++++-
source4/rpc_server/dnsserver/dnsdb.c | 11 +-
source4/rpc_server/dnsserver/dnsutils.c | 14 +-
third_party/aesni-intel/wscript | 13 +-
21 files changed, 491 insertions(+), 81 deletions(-)
copy lib/ldb/ABI/{ldb-1.3.0.sigs => ldb-1.5.1.sigs} (99%)
copy lib/ldb/ABI/{pyldb-util.py3-1.5.0.sigs => pyldb-util-1.5.1.sigs} (100%)
copy lib/ldb/ABI/{pyldb-util.py3-1.5.0.sigs => pyldb-util.py3-1.5.1.sigs} (100%)
create mode 100644 lib/ldb/tests/test_ldb_dn.c
Changeset truncated at 500 lines:
diff --git a/lib/ldb/ABI/ldb-1.3.0.sigs b/lib/ldb/ABI/ldb-1.5.1.sigs
similarity index 99%
copy from lib/ldb/ABI/ldb-1.3.0.sigs
copy to lib/ldb/ABI/ldb-1.5.1.sigs
index a31b84e..0c1234f 100644
--- a/lib/ldb/ABI/ldb-1.3.0.sigs
+++ b/lib/ldb/ABI/ldb-1.5.1.sigs
@@ -35,6 +35,7 @@ ldb_dn_add_base: bool (struct ldb_dn *, struct ldb_dn *)
ldb_dn_add_base_fmt: bool (struct ldb_dn *, const char *, ...)
ldb_dn_add_child: bool (struct ldb_dn *, struct ldb_dn *)
ldb_dn_add_child_fmt: bool (struct ldb_dn *, const char *, ...)
+ldb_dn_add_child_val: bool (struct ldb_dn *, const char *, struct ldb_val)
ldb_dn_alloc_casefold: char *(TALLOC_CTX *, struct ldb_dn *)
ldb_dn_alloc_linearized: char *(TALLOC_CTX *, struct ldb_dn *)
ldb_dn_canonical_ex_string: char *(TALLOC_CTX *, struct ldb_dn *)
diff --git a/lib/ldb/ABI/pyldb-util.py3-1.5.0.sigs b/lib/ldb/ABI/pyldb-util-1.5.1.sigs
similarity index 100%
copy from lib/ldb/ABI/pyldb-util.py3-1.5.0.sigs
copy to lib/ldb/ABI/pyldb-util-1.5.1.sigs
diff --git a/lib/ldb/ABI/pyldb-util.py3-1.5.0.sigs b/lib/ldb/ABI/pyldb-util.py3-1.5.1.sigs
similarity index 100%
copy from lib/ldb/ABI/pyldb-util.py3-1.5.0.sigs
copy to lib/ldb/ABI/pyldb-util.py3-1.5.1.sigs
diff --git a/lib/ldb/common/ldb.c b/lib/ldb/common/ldb.c
index 5525e70..44a487b 100644
--- a/lib/ldb/common/ldb.c
+++ b/lib/ldb/common/ldb.c
@@ -498,9 +498,6 @@ int ldb_transaction_commit(struct ldb_context *ldb)
ldb_debug(next_module->ldb, LDB_DEBUG_TRACE, "commit ldb transaction error: %s",
ldb_errstring(next_module->ldb));
}
- /* cancel the transaction */
- FIRST_OP(ldb, del_transaction);
- next_module->ops->del_transaction(next_module);
}
return status;
}
diff --git a/lib/ldb/common/ldb_dn.c b/lib/ldb/common/ldb_dn.c
index dfeb600..3bd655a 100644
--- a/lib/ldb/common/ldb_dn.c
+++ b/lib/ldb/common/ldb_dn.c
@@ -1605,6 +1605,41 @@ bool ldb_dn_add_child_fmt(struct ldb_dn *dn, const char *child_fmt, ...)
return ret;
}
+/* modify the given dn by adding a single child element.
+ *
+ * return true if successful and false if not
+ * if false is returned the dn may be marked invalid
+ */
+bool ldb_dn_add_child_val(struct ldb_dn *dn,
+ const char *rdn,
+ struct ldb_val value)
+{
+ bool ret;
+ int ldb_ret;
+ struct ldb_dn *child = NULL;
+
+ if ( !dn || dn->invalid) {
+ return false;
+ }
+
+ child = ldb_dn_new(dn, dn->ldb, "X=Y");
+ ret = ldb_dn_add_child(dn, child);
+
+ if (ret == false) {
+ return false;
+ }
+
+ ldb_ret = ldb_dn_set_component(dn,
+ 0,
+ rdn,
+ value);
+ if (ldb_ret != LDB_SUCCESS) {
+ return false;
+ }
+
+ return true;
+}
+
bool ldb_dn_remove_base_components(struct ldb_dn *dn, unsigned int num)
{
unsigned int i;
diff --git a/lib/ldb/include/ldb.h b/lib/ldb/include/ldb.h
index 9918b4e..81bee93 100644
--- a/lib/ldb/include/ldb.h
+++ b/lib/ldb/include/ldb.h
@@ -1882,6 +1882,9 @@ bool ldb_dn_add_child(struct ldb_dn *dn, struct ldb_dn *child);
bool ldb_dn_add_child_fmt(struct ldb_dn *dn, const char *child_fmt, ...) PRINTF_ATTRIBUTE(2,3);
bool ldb_dn_remove_base_components(struct ldb_dn *dn, unsigned int num);
bool ldb_dn_remove_child_components(struct ldb_dn *dn, unsigned int num);
+bool ldb_dn_add_child_val(struct ldb_dn *dn,
+ const char *rdn,
+ struct ldb_val value);
struct ldb_dn *ldb_dn_copy(TALLOC_CTX *mem_ctx, struct ldb_dn *dn);
struct ldb_dn *ldb_dn_get_parent(TALLOC_CTX *mem_ctx, struct ldb_dn *dn);
diff --git a/lib/ldb/ldb_key_value/ldb_kv_index.c b/lib/ldb/ldb_key_value/ldb_kv_index.c
index 4e9d904..6c21c19 100644
--- a/lib/ldb/ldb_key_value/ldb_kv_index.c
+++ b/lib/ldb/ldb_key_value/ldb_kv_index.c
@@ -1684,6 +1684,7 @@ static int ldb_kv_index_dn_base_dn(struct ldb_module *module,
dn_list->dn[0].data = discard_const_p(unsigned char,
ldb_dn_get_linearized(base_dn));
if (dn_list->dn[0].data == NULL) {
+ talloc_free(dn_list->dn);
return ldb_module_oom(module);
}
dn_list->dn[0].length = strlen((char *)dn_list->dn[0].data);
@@ -2039,6 +2040,7 @@ int ldb_kv_search_indexed(struct ldb_kv_context *ac, uint32_t *match_count)
struct dn_list *idx_one_tree_list
= talloc_zero(ac, struct dn_list);
if (idx_one_tree_list == NULL) {
+ talloc_free(dn_list);
return ldb_module_oom(ac->module);
}
diff --git a/lib/ldb/ldb_key_value/ldb_kv_search.c b/lib/ldb/ldb_key_value/ldb_kv_search.c
index e9964c2..a384ee9 100644
--- a/lib/ldb/ldb_key_value/ldb_kv_search.c
+++ b/lib/ldb/ldb_key_value/ldb_kv_search.c
@@ -758,14 +758,6 @@ int ldb_kv_search(struct ldb_kv_context *ctx)
/* We accept subtree searches from a NULL base DN, ie over the whole DB */
ret = LDB_SUCCESS;
}
- } else if (ldb_dn_is_valid(req->op.search.base) == false) {
-
- /* We don't want invalid base DNs here */
- ldb_asprintf_errstring(ldb,
- "Invalid Base DN: %s",
- ldb_dn_get_linearized(req->op.search.base));
- ret = LDB_ERR_INVALID_DN_SYNTAX;
-
} else if (req->op.search.scope == LDB_SCOPE_BASE) {
/*
diff --git a/lib/ldb/tests/python/api.py b/lib/ldb/tests/python/api.py
index e401096..471d70f 100755
--- a/lib/ldb/tests/python/api.py
+++ b/lib/ldb/tests/python/api.py
@@ -1309,6 +1309,41 @@ class SearchTests(LdbBaseTest):
expression="(distinguishedName=OU=OU1,DC=SAMBA,DCXXXX)")
self.assertEqual(len(res11), 0)
+ def test_bad_dn_search_base(self):
+ """Testing with a bad base DN (SCOPE_BASE)"""
+
+ try:
+ res11 = self.l.search(base="OU=OU1,DC=SAMBA,DCXXX",
+ scope=ldb.SCOPE_BASE)
+ self.fail("Should have failed with ERR_INVALID_DN_SYNTAX")
+ except ldb.LdbError as err:
+ enum = err.args[0]
+ self.assertEqual(enum, ldb.ERR_INVALID_DN_SYNTAX)
+
+
+ def test_bad_dn_search_one(self):
+ """Testing with a bad base DN (SCOPE_ONELEVEL)"""
+
+ try:
+ res11 = self.l.search(base="DC=SAMBA,DCXXXX",
+ scope=ldb.SCOPE_ONELEVEL)
+ self.fail("Should have failed with ERR_INVALID_DN_SYNTAX")
+ except ldb.LdbError as err:
+ enum = err.args[0]
+ self.assertEqual(enum, ldb.ERR_INVALID_DN_SYNTAX)
+
+ def test_bad_dn_search_subtree(self):
+ """Testing with a bad base DN (SCOPE_SUBTREE)"""
+
+ try:
+ res11 = self.l.search(base="DC=SAMBA,DCXXXX",
+ scope=ldb.SCOPE_SUBTREE)
+ self.fail("Should have failed with ERR_INVALID_DN_SYNTAX")
+ except ldb.LdbError as err:
+ enum = err.args[0]
+ self.assertEqual(enum, ldb.ERR_INVALID_DN_SYNTAX)
+
+
# Run the search tests against an lmdb backend
class SearchTestsLmdb(SearchTests):
@@ -1375,8 +1410,10 @@ class IndexedAndOneLevelDNFilterSearchTests(SearchTests):
def setUp(self):
super(IndexedAndOneLevelDNFilterSearchTests, self).setUp()
self.l.add({"dn": "@OPTIONS",
- "disallowDNFilter": "TRUE"})
+ "disallowDNFilter": "TRUE",
+ "checkBaseOnSearch": "TRUE"})
self.disallowDNFilter = True
+ self.checkBaseOnSearch = True
self.l.add({"dn": "@INDEXLIST",
"@IDXATTR": [b"x", b"y", b"ou"],
@@ -1408,8 +1445,10 @@ class GUIDIndexedDNFilterSearchTests(SearchTests):
"@IDX_DN_GUID": [b"GUID"]}
super(GUIDIndexedDNFilterSearchTests, self).setUp()
self.l.add({"dn": "@OPTIONS",
- "disallowDNFilter": "TRUE"})
+ "disallowDNFilter": "TRUE",
+ "checkBaseOnSearch": "TRUE"})
self.disallowDNFilter = True
+ self.checkBaseOnSearch = True
self.IDX = True
self.IDXGUID = True
@@ -1423,8 +1462,10 @@ class GUIDAndOneLevelIndexedSearchTests(SearchTests):
"@IDX_DN_GUID": [b"GUID"]}
super(GUIDAndOneLevelIndexedSearchTests, self).setUp()
self.l.add({"dn": "@OPTIONS",
- "disallowDNFilter": "TRUE"})
+ "disallowDNFilter": "TRUE",
+ "checkBaseOnSearch": "TRUE"})
self.disallowDNFilter = True
+ self.checkBaseOnSearch = True
self.IDX = True
self.IDXGUID = True
self.IDXONE = True
diff --git a/lib/ldb/tests/test_ldb_dn.c b/lib/ldb/tests/test_ldb_dn.c
new file mode 100644
index 0000000..4965dce
--- /dev/null
+++ b/lib/ldb/tests/test_ldb_dn.c
@@ -0,0 +1,117 @@
+/*
+ * Unix SMB/CIFS implementation.
+ *
+ * Copyright (C) 2018 Andreas Schneider <asn at samba.org>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <stdarg.h>
+#include <stddef.h>
+#include <setjmp.h>
+#include <cmocka.h>
+
+#include <ldb.h>
+
+static void test_ldb_dn_add_child_fmt(void **state)
+{
+ struct ldb_context *ldb = ldb_init(NULL, NULL);
+
+ struct ldb_dn *dn = ldb_dn_new(ldb, ldb, "dc=samba,dc=org");
+
+ assert_true(ldb_dn_add_child_fmt(dn,
+ "DC=X"));
+
+ assert_string_equal("DC=X,dc=samba,dc=org",
+ ldb_dn_get_linearized(dn));
+
+ assert_string_equal("DC=X,DC=SAMBA,DC=ORG",
+ ldb_dn_get_casefold(dn));
+
+}
+
+static void test_ldb_dn_add_child_fmt2(void **state)
+{
+ struct ldb_context *ldb = ldb_init(NULL, NULL);
+
+ struct ldb_dn *dn = ldb_dn_new(ldb, ldb, "dc=samba,dc=org");
+
+ assert_true(ldb_dn_add_child_fmt(dn,
+ "DC=X,DC=Y"));
+
+ assert_string_equal("DC=X,DC=Y,dc=samba,dc=org",
+ ldb_dn_get_linearized(dn));
+
+ assert_string_equal("DC=X,DC=Y,DC=SAMBA,DC=ORG",
+ ldb_dn_get_casefold(dn));
+
+ assert_int_equal(4,
+ ldb_dn_get_comp_num(dn));
+
+}
+
+static void test_ldb_dn_add_child_val(void **state)
+{
+ struct ldb_context *ldb = ldb_init(NULL, NULL);
+
+ struct ldb_dn *dn = ldb_dn_new(ldb, ldb, "dc=samba,dc=org");
+ struct ldb_val name = {.data = discard_const("X"),
+ .length = 1
+ };
+
+ assert_true(ldb_dn_add_child_val(dn,
+ "DC", name));
+
+ assert_string_equal("DC=X,dc=samba,dc=org",
+ ldb_dn_get_linearized(dn));
+
+ assert_string_equal("DC=X,DC=SAMBA,DC=ORG",
+ ldb_dn_get_casefold(dn));
+
+}
+
+static void test_ldb_dn_add_child_val2(void **state)
+{
+ struct ldb_context *ldb = ldb_init(NULL, NULL);
+
+ struct ldb_dn *dn = ldb_dn_new(ldb, ldb, "dc=samba,dc=org");
+
+ struct ldb_val name = {.data = discard_const("X,DC=Y"),
+ .length = 6
+ };
+
+ assert_true(ldb_dn_add_child_val(dn,
+ "DC", name));
+
+ assert_string_equal("DC=X\\,DC\\3DY,dc=samba,dc=org",
+ ldb_dn_get_linearized(dn));
+
+ assert_string_equal("DC=X\\,DC\\3DY,DC=SAMBA,DC=ORG",
+ ldb_dn_get_casefold(dn));
+
+ assert_int_equal(3,
+ ldb_dn_get_comp_num(dn));
+
+}
+
+int main(void) {
+ const struct CMUnitTest tests[] = {
+ cmocka_unit_test(test_ldb_dn_add_child_fmt),
+ cmocka_unit_test(test_ldb_dn_add_child_fmt2),
+ cmocka_unit_test(test_ldb_dn_add_child_val),
+ cmocka_unit_test(test_ldb_dn_add_child_val2),
+ };
+
+ return cmocka_run_group_tests(tests, NULL, NULL);
+}
diff --git a/lib/ldb/tools/ldbsearch.c b/lib/ldb/tools/ldbsearch.c
index 5eae624..374f240 100644
--- a/lib/ldb/tools/ldbsearch.c
+++ b/lib/ldb/tools/ldbsearch.c
@@ -248,12 +248,16 @@ again:
ret = ldb_request(ldb, req);
if (ret != LDB_SUCCESS) {
+ talloc_free(sctx);
+ talloc_free(req);
printf("search failed - %s\n", ldb_errstring(ldb));
return ret;
}
ret = ldb_wait(req->handle, LDB_WAIT_ALL);
if (ret != LDB_SUCCESS) {
+ talloc_free(sctx);
+ talloc_free(req);
printf("search error - %s\n", ldb_errstring(ldb));
return ret;
}
@@ -318,6 +322,7 @@ int main(int argc, const char **argv)
if (options->basedn != NULL) {
basedn = ldb_dn_new(ldb, ldb, options->basedn);
if (basedn == NULL) {
+ talloc_free(mem_ctx);
return LDB_ERR_OPERATIONS_ERROR;
}
}
diff --git a/lib/ldb/wscript b/lib/ldb/wscript
index ac6aa8b..a3ec8db 100644
--- a/lib/ldb/wscript
+++ b/lib/ldb/wscript
@@ -1,7 +1,7 @@
#!/usr/bin/env python
APPNAME = 'ldb'
-VERSION = '1.5.0'
+VERSION = '1.5.1'
blddir = 'bin'
@@ -512,6 +512,11 @@ def build(bld):
deps='cmocka ldb',
install=False)
+ bld.SAMBA_BINARY('test_ldb_dn',
+ source='tests/test_ldb_dn.c',
+ deps='cmocka ldb',
+ install=False)
+
if bld.CONFIG_SET('HAVE_LMDB'):
bld.SAMBA_BINARY('ldb_mdb_mod_op_test',
source='tests/ldb_mod_op_test.c',
@@ -568,6 +573,7 @@ def test(ctx):
cmocka_ret = 0
test_exes = ['test_ldb_qsort',
+ 'test_ldb_dn',
'ldb_msg_test',
'ldb_tdb_mod_op_test',
'ldb_tdb_guid_mod_op_test',
diff --git a/python/samba/emulate/traffic.py b/python/samba/emulate/traffic.py
index c96530b..49ad49a 100644
--- a/python/samba/emulate/traffic.py
+++ b/python/samba/emulate/traffic.py
@@ -340,7 +340,7 @@ class ReplayContext(object):
self.last_netlogon_bad = False
self.last_samlogon_bad = False
self.generate_ldap_search_tables()
- self.next_conversation_id = next(itertools.count())
+ self.next_conversation_id = itertools.count()
def generate_ldap_search_tables(self):
session = system_session()
@@ -882,7 +882,7 @@ class Conversation(object):
gap = t - now
print("gap is now %f" % gap, file=sys.stderr)
- self.conversation_id = context.next_conversation_id()
+ self.conversation_id = next(context.next_conversation_id)
pid = os.fork()
if pid != 0:
return pid
@@ -1708,6 +1708,7 @@ def create_group(ldb, instance_id, name):
ldb.add({
"dn": dn,
"objectclass": "group",
+ "sAMAccountName": name,
})
end = time.time()
duration = end - start
@@ -1963,25 +1964,16 @@ def generate_stats(statsdir, timing_file):
else:
failure_rate = failed / duration
- # print the stats in more human-readable format when stdout is going to the
- # console (as opposed to being redirected to a file)
- if sys.stdout.isatty():
- print("Total conversations: %10d" % conversations)
- print("Successful operations: %10d (%.3f per second)"
- % (successful, success_rate))
- print("Failed operations: %10d (%.3f per second)"
- % (failed, failure_rate))
- else:
- print("(%d, %d, %d, %.3f, %.3f)" %
- (conversations, successful, failed, success_rate, failure_rate))
+ print("Total conversations: %10d" % conversations)
+ print("Successful operations: %10d (%.3f per second)"
+ % (successful, success_rate))
+ print("Failed operations: %10d (%.3f per second)"
+ % (failed, failure_rate))
+
+ print("Protocol Op Code Description "
+ " Count Failed Mean Median "
+ "95% Range Max")
- if sys.stdout.isatty():
- print("Protocol Op Code Description "
- " Count Failed Mean Median "
- "95% Range Max")
- else:
- print("proto\top_code\tdesc\tcount\tfailed\tmean\tmedian\t95%\trange"
- "\tmax")
protocols = sorted(latencies.keys())
for protocol in protocols:
packet_types = sorted(latencies[protocol], key=opcode_key)
diff --git a/python/samba/netcmd/domain_backup.py b/python/samba/netcmd/domain_backup.py
index 05146c0..ae04ec1 100644
--- a/python/samba/netcmd/domain_backup.py
+++ b/python/samba/netcmd/domain_backup.py
@@ -33,7 +33,7 @@ from samba.auth import system_session
from samba.join import DCJoinContext, join_clone, DCCloneAndRenameContext
from samba.dcerpc.security import dom_sid
from samba.netcmd import Option, CommandError
-from samba.dcerpc import misc
+from samba.dcerpc import misc, security
from samba import Ldb
from fsmo import cmd_fsmo_seize
from samba.provision import make_smbconf
@@ -156,30 +156,27 @@ def check_targetdir(logger, targetdir):
raise CommandError("%s is not a directory" % targetdir)
-def check_online_backup_args(logger, credopts, server, targetdir):
- # Make sure we have all the required args.
- u_p = {'user': credopts.creds.get_username(),
- 'pass': credopts.creds.get_password()}
- if None in u_p.values():
- raise CommandError("Creds required.")
- if server is None:
- raise CommandError('Server required')
-
- check_targetdir(logger, targetdir)
-
-
# For '--no-secrets' backups, this sets the Administrator user's password to a
# randomly-generated value. This is similar to the provision behaviour
-def set_admin_password(logger, samdb, username):
--
Samba Shared Repository
More information about the samba-cvs
mailing list