[SCM] Samba Shared Repository - branch master updated

Andrew Bartlett abartlet at samba.org
Fri Feb 28 04:43:04 UTC 2020


The branch, master has been updated
       via  a3fc18f679e dsdb: Rewrite comment to remove refernece to LDAP backends
       via  dc308d1c293 dsdb: Remove dead code in partition_prep_request()
       via  01a3cf8e1e2 dsdb: Do not use ldb_save_controls() in partitions module for domain_scope
       via  47b6c4b8f59 dsdb: Improve clarity by adding a comment in replmd_delete_internals()
       via  7ad56d41740 dsdb: Simplifiy VANISH_LINKS handling: The variable "parent" is always non-NULL
       via  f2a2b469b4d selftest: Confirm we can delete a user with a dangling backlink
       via  3b95125187c prevent NULL reference from being used as '%s' argument.
       via  535debb312b ldb: Add mem_ctx argument to ldb_kv_index_key()
       via  48cfb8458b0 ldb: Improve coding style in ldb_kv_index_dn_simple()
       via  0a87f59ac25 ldb: Fix memory leak in ldb_kv_index_dn_ordered()
       via  b29e6480dc3 Rename macro argument s_addr due to it already being defined
       via  534809a0f09 selftest: test samba-tool group commands with groupnames with brackets and spaces
       via  f3e7ea0405d samba-tool group edit: use binary encoded group name
       via  104582b73ca samba-tool group delete: use binary encoded group name
       via  626209beab2 samba-tool group move: use binary encoded group name
       via  d0f8e833653 samba-tool group listmembers: use binary encoded group names
       via  1d2e9f27fa9 samba-tool group listmembers: find group members by groups SID
       via  40e498e743e samba-tool group listmembers: handle group-does-not-exist error
       via  789d84c0a9a samba-tool group listmembers: hide python backtracke on command error
      from  7678032272b Undef ARRAY_SIZE, if defined, before define to avoid compilation warnings

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit a3fc18f679e65aadcb3f7c5f4cdb64905383ea5d
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Mon Feb 24 16:57:35 2020 +1300

    dsdb: Rewrite comment to remove refernece to LDAP backends
    
    This is required despire the demise of the LDAP backend.
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
    
    Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
    Autobuild-Date(master): Fri Feb 28 04:42:23 UTC 2020 on sn-devel-184

commit dc308d1c2937313813b628d7fb94463542a0dd81
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Mon Feb 24 16:43:44 2020 +1300

    dsdb: Remove dead code in partition_prep_request()
    
    The partition variable is never NULL.
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

commit 01a3cf8e1e2562a77635ecf2a9a79e28af43fe7c
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Mon Feb 24 16:22:24 2020 +1300

    dsdb: Do not use ldb_save_controls() in partitions module for domain_scope
    
    The LDAP backend is long-removed so we do not need this workaround
    for a confused server any longer.
    
    This avoids references to old (but valid) memory after a new ldb_control array is
    allocated in ldb_save_controls() and keeps the controls pointer as
    constant as possible given the multiple ldb_request structures it
    will appear in.
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

commit 47b6c4b8f5987adda861bf8440949df4aaacef6c
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Mon Feb 24 10:30:26 2020 +1300

    dsdb: Improve clarity by adding a comment in replmd_delete_internals()
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

commit 7ad56d41740d6794a85889f268654564c48c8a74
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Mon Feb 24 13:28:56 2020 +1300

    dsdb: Simplifiy VANISH_LINKS handling: The variable "parent" is always non-NULL
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

commit f2a2b469b4d3378102d6011e80b0c6532d802953
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Mon Feb 24 11:58:48 2020 +1300

    selftest: Confirm we can delete a user with a dangling backlink
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

commit 3b95125187c76945210a679b7ea2dc3b8ae7f778
Author: Swen Schillig <swen at linux.ibm.com>
Date:   Wed Jan 22 11:28:28 2020 +0100

    prevent NULL reference from being used as '%s' argument.
    
    The two string arguments to torture_comment() can be NULL
    as the succeeding checks suggest. This is not wanted because a compile
    with --enable-developer throws an error of [-Werror=format-overflow=]
    in those situations.
    
    Signed-off-by: Swen Schillig <swen at linux.ibm.com>
    Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>

commit 535debb312b8dc5a9de6b6fe2543af84e9534a23
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Thu Feb 27 11:30:00 2020 +1300

    ldb: Add mem_ctx argument to ldb_kv_index_key()
    
    This avoids using "ldb" as the memory context in most cases, and may avoid
    a long-term memory leak if future changes cause dn_key not to be freed.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14299
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

commit 48cfb8458b0ff86e3a431240933caa02d64af82f
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Thu Feb 27 11:27:17 2020 +1300

    ldb: Improve coding style in ldb_kv_index_dn_simple()
    
    We avoid bare if conditions in Samba.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14299
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

commit 0a87f59ac2580bdb7f93efa075323c73fc1ec83e
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Thu Feb 27 11:12:55 2020 +1300

    ldb: Fix memory leak in ldb_kv_index_dn_ordered()
    
    We need to ensure we TALLOC_FREE(tmp_ctx) in every error exit.
    
    Reported by Alex Kolesnik, ABISoft Ltd., www.abisoft.biz.  Thanks!
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14299
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

commit b29e6480dc3b266ca1f311f675f67670f5635a21
Author: Peter Eriksson <pen at lysator.liu.se>
Date:   Thu Feb 27 09:59:32 2020 +0100

    Rename macro argument s_addr due to it already being defined
    
    Signed-off-by: Peter Eriksson <pen at lysator.liu.se>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>

commit 534809a0f09775390e89fa1cbfae3a1d0fafecb8
Author: Björn Baumbach <bb at sernet.de>
Date:   Thu Feb 27 11:06:34 2020 +0100

    selftest: test samba-tool group commands with groupnames with brackets and spaces
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14296
    
    Signed-off-by: Björn Baumbach <bb at sernet.de>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>

commit f3e7ea0405d46ddfbeba9b3a84c13b7878464180
Author: Björn Baumbach <bb at sernet.de>
Date:   Wed Feb 26 13:56:14 2020 +0100

    samba-tool group edit: use binary encoded group name
    
    Allows to edit groups with names like e.g. 'group1 (xy)'.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14296
    
    Signed-off-by: Björn Baumbach <bb at sernet.de>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>

commit 104582b73caf008600e15d76d57424263a0f28d4
Author: Björn Baumbach <bb at sernet.de>
Date:   Wed Feb 26 13:55:01 2020 +0100

    samba-tool group delete: use binary encoded group name
    
    Allows to delete groups with names like e.g. 'group1 (xy)'.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14296
    
    Signed-off-by: Björn Baumbach <bb at sernet.de>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>

commit 626209beab2fc9b0fdb7e90338cdfec5cfa48dd7
Author: Björn Baumbach <bb at sernet.de>
Date:   Wed Feb 26 13:40:50 2020 +0100

    samba-tool group move: use binary encoded group name
    
    Allows to move groups with names like e.g. 'group1 (xy)'.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14296
    
    Signed-off-by: Björn Baumbach <bb at sernet.de>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>

commit d0f8e833653df652df01a472c4bbfd256f10f810
Author: Björn Baumbach <bb at sernet.de>
Date:   Wed Feb 26 13:38:50 2020 +0100

    samba-tool group listmembers: use binary encoded group names
    
    Allows to find groups with names like e.g. 'group1 (xy)'.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14296
    
    Signed-off-by: Björn Baumbach <bb at sernet.de>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>

commit 1d2e9f27fa9cff55245e45a194f696fc9ca4376d
Author: Björn Baumbach <bb at sernet.de>
Date:   Wed Feb 26 13:39:44 2020 +0100

    samba-tool group listmembers: find group members by groups SID
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14296
    
    Signed-off-by: Björn Baumbach <bb at sernet.de>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>

commit 40e498e743e4677a42030373e8d97f6f9763080a
Author: Björn Baumbach <bb at sernet.de>
Date:   Wed Feb 26 13:08:43 2020 +0100

    samba-tool group listmembers: handle group-does-not-exist error
    
    Return a error with a proper message instead of just do nothing when
    the target group does not exist.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14296
    
    Signed-off-by: Björn Baumbach <bb at sernet.de>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>

commit 789d84c0a9a406f7e0c9ab48cf2f31afdc4d3829
Author: Björn Baumbach <bb at sernet.de>
Date:   Wed Feb 26 13:05:16 2020 +0100

    samba-tool group listmembers: hide python backtracke on command error
    
    Signed-off-by: Björn Baumbach <bb at sernet.de>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 lib/ldb/ldb_key_value/ldb_kv_index.c            | 78 +++++++++++++++++++------
 lib/tsocket/tsocket.h                           |  8 +--
 lib/tsocket/tsocket_bsd.c                       |  6 +-
 python/samba/netcmd/group.py                    | 41 +++++++------
 python/samba/tests/samba_tool/group.py          |  3 +
 source4/dsdb/samdb/ldb_modules/partition.c      | 63 +++++++++-----------
 source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 39 +++++++------
 source4/torture/rpc/drsuapi_cracknames.c        |  7 ++-
 testprogs/blackbox/dbcheck-links.sh             | 46 +++++++++++++++
 9 files changed, 189 insertions(+), 102 deletions(-)


Changeset truncated at 500 lines:

diff --git a/lib/ldb/ldb_key_value/ldb_kv_index.c b/lib/ldb/ldb_key_value/ldb_kv_index.c
index a7e341552ea..5a24b074e1c 100644
--- a/lib/ldb/ldb_key_value/ldb_kv_index.c
+++ b/lib/ldb/ldb_key_value/ldb_kv_index.c
@@ -975,6 +975,7 @@ int ldb_kv_index_transaction_cancel(struct ldb_module *module)
   the caller is responsible for freeing
 */
 static struct ldb_dn *ldb_kv_index_key(struct ldb_context *ldb,
+				       TALLOC_CTX *mem_ctx,
 				       struct ldb_kv_private *ldb_kv,
 				       const char *attr,
 				       const struct ldb_val *value,
@@ -1110,7 +1111,7 @@ static struct ldb_dn *ldb_kv_index_key(struct ldb_context *ldb,
 
 	if (should_b64_encode) {
 		size_t vstr_len = 0;
-		char *vstr = ldb_base64_encode(ldb, (char *)v.data, v.length);
+		char *vstr = ldb_base64_encode(mem_ctx, (char *)v.data, v.length);
 		if (!vstr) {
 			talloc_free(attr_folded);
 			return NULL;
@@ -1131,7 +1132,7 @@ static struct ldb_dn *ldb_kv_index_key(struct ldb_context *ldb,
 			* Note: the double hash "##" is not a typo and
 			* indicates that the following value is base64 encoded
 			*/
-			ret = ldb_dn_new_fmt(ldb, ldb, "%s#%s##%.*s",
+			ret = ldb_dn_new_fmt(mem_ctx, ldb, "%s#%s##%.*s",
 					     LDB_KV_INDEX, attr_for_dn,
 					     frmt_len, vstr);
 		} else {
@@ -1141,7 +1142,7 @@ static struct ldb_dn *ldb_kv_index_key(struct ldb_context *ldb,
 			 * Note: the double colon "::" is not a typo and
 			 * indicates that the following value is base64 encoded
 			 */
-			ret = ldb_dn_new_fmt(ldb, ldb, "%s:%s::%.*s",
+			ret = ldb_dn_new_fmt(mem_ctx, ldb, "%s:%s::%.*s",
 					     LDB_KV_INDEX, attr_for_dn,
 					     frmt_len, vstr);
 		}
@@ -1163,13 +1164,13 @@ static struct ldb_dn *ldb_kv_index_key(struct ldb_context *ldb,
 			 * Truncated keys are placed in a separate key space
 			 * from the non truncated keys
 			 */
-			ret = ldb_dn_new_fmt(ldb, ldb, "%s#%s#%.*s",
+			ret = ldb_dn_new_fmt(mem_ctx, ldb, "%s#%s#%.*s",
 					     LDB_KV_INDEX, attr_for_dn,
 					     frmt_len, (char *)v.data);
 		} else {
 			frmt_len = v.length;
 			*truncation = KEY_NOT_TRUNCATED;
-			ret = ldb_dn_new_fmt(ldb, ldb, "%s:%s:%.*s",
+			ret = ldb_dn_new_fmt(mem_ctx, ldb, "%s:%s:%.*s",
 					     LDB_KV_INDEX, attr_for_dn,
 					     frmt_len, (char *)v.data);
 		}
@@ -1269,9 +1270,15 @@ static int ldb_kv_index_dn_simple(struct ldb_module *module,
 		return LDB_ERR_OPERATIONS_ERROR;
 	}
 
-	/* the attribute is indexed. Pull the list of DNs that match the
-	   search criterion */
+	/*
+	 * the attribute is indexed. Pull the list of DNs that match the
+	 * search criterion
+	 *
+	 * list is used as a memory context as it has a shorter life
+	 * than 'ldb'.  Regardless we talloc_free() 'dn' below.
+	 */
 	dn = ldb_kv_index_key(ldb,
+			      list,
 			      ldb_kv,
 			      tree->u.equality.attr,
 			      &tree->u.equality.value,
@@ -1282,7 +1289,9 @@ static int ldb_kv_index_dn_simple(struct ldb_module *module,
 	 * as ltdb_search_indexed will filter out the wrong one in
 	 * ltdb_index_filter() which calls ldb_match_message().
 	 */
-	if (!dn) return LDB_ERR_OPERATIONS_ERROR;
+	if (!dn) {
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
 
 	ret = ldb_kv_dn_list_load(module, ldb_kv, dn, list,
 				  DN_LIST_WILL_BE_READ_ONLY);
@@ -1910,7 +1919,7 @@ static int ldb_kv_index_dn_ordered(struct ldb_module *module,
 	struct ldb_kv_ordered_index_context ctx;
 	int ret;
 
-	TALLOC_CTX *tmp_ctx = talloc_new(NULL);
+	TALLOC_CTX *tmp_ctx = NULL;
 
 	if (!ldb_kv_is_indexed(module, ldb_kv, tree->u.comparison.attr)) {
 		return LDB_ERR_OPERATIONS_ERROR;
@@ -1950,39 +1959,51 @@ static int ldb_kv_index_dn_ordered(struct ldb_module *module,
 		return LDB_ERR_OPERATIONS_ERROR;
 	}
 
-	key_dn = ldb_kv_index_key(ldb, ldb_kv, tree->u.comparison.attr,
+	tmp_ctx = talloc_new(NULL);
+	if (tmp_ctx == NULL) {
+		return ldb_module_oom(module);
+	}
+
+	key_dn = ldb_kv_index_key(ldb, tmp_ctx, ldb_kv, tree->u.comparison.attr,
 				  &tree->u.comparison.value,
 				  NULL, &truncation);
 	if (!key_dn) {
+		TALLOC_FREE(tmp_ctx);
 		return LDB_ERR_OPERATIONS_ERROR;
 	} else if (truncation == KEY_TRUNCATED) {
 		ldb_debug(ldb, LDB_DEBUG_WARNING,
 			  __location__
 			  ": ordered index violation: key dn truncated: %s\n",
 			  ldb_dn_get_linearized(key_dn));
+		TALLOC_FREE(tmp_ctx);
 		return LDB_ERR_OPERATIONS_ERROR;
 	}
 	ldb_key = ldb_kv_key_dn(tmp_ctx, key_dn);
 	talloc_free(key_dn);
 	if (ldb_key.data == NULL) {
+		TALLOC_FREE(tmp_ctx);
 		return LDB_ERR_OPERATIONS_ERROR;
 	}
 
-	key_dn = ldb_kv_index_key(ldb, ldb_kv, tree->u.comparison.attr,
+	key_dn = ldb_kv_index_key(ldb, tmp_ctx,
+				  ldb_kv, tree->u.comparison.attr,
 				  NULL, NULL, &truncation);
 	if (!key_dn) {
+		TALLOC_FREE(tmp_ctx);
 		return LDB_ERR_OPERATIONS_ERROR;
 	} else if (truncation == KEY_TRUNCATED) {
 		ldb_debug(ldb, LDB_DEBUG_WARNING,
 			  __location__
 			  ": ordered index violation: key dn truncated: %s\n",
 			  ldb_dn_get_linearized(key_dn));
+		TALLOC_FREE(tmp_ctx);
 		return LDB_ERR_OPERATIONS_ERROR;
 	}
 
 	ldb_key2 = ldb_kv_key_dn(tmp_ctx, key_dn);
 	talloc_free(key_dn);
 	if (ldb_key2.data == NULL) {
+		TALLOC_FREE(tmp_ctx);
 		return LDB_ERR_OPERATIONS_ERROR;
 	}
 
@@ -2022,13 +2043,14 @@ static int ldb_kv_index_dn_ordered(struct ldb_module *module,
 					    traverse_range_index, &ctx);
 
 	if (ret != LDB_SUCCESS || ctx.error != LDB_SUCCESS) {
+		TALLOC_FREE(tmp_ctx);
 		return LDB_ERR_OPERATIONS_ERROR;
 	}
 
 	TYPESAFE_QSORT(ctx.dn_list->dn, ctx.dn_list->count,
 		       ldb_val_equal_exact_for_qsort);
 
-	talloc_free(tmp_ctx);
+	TALLOC_FREE(tmp_ctx);
 
 	return LDB_SUCCESS;
 }
@@ -2084,7 +2106,13 @@ static int ldb_kv_index_dn_attr(struct ldb_module *module,
 		return LDB_ERR_OPERATIONS_ERROR;
 	}
 	val.length = strlen((char *)val.data);
-	key = ldb_kv_index_key(ldb, ldb_kv, attr, &val, NULL, truncation);
+
+	/*
+	 * We use list as a TALLOC_CTX to provide a shorter-lived
+	 * memory context than ldb, even as the result is freed with
+	 * the talloc_free(key) below.
+	 */
+	key = ldb_kv_index_key(ldb, list, ldb_kv, attr, &val, NULL, truncation);
 	if (!key) {
 		ldb_oom(ldb);
 		return LDB_ERR_OPERATIONS_ERROR;
@@ -2656,8 +2684,13 @@ static int ldb_kv_index_add1(struct ldb_module *module,
 		return LDB_ERR_OPERATIONS_ERROR;
 	}
 
-	dn_key = ldb_kv_index_key(
-	    ldb, ldb_kv, el->name, &el->values[v_idx], &a, &truncation);
+	dn_key = ldb_kv_index_key(ldb,
+				  list,
+				  ldb_kv,
+				  el->name,
+				  &el->values[v_idx],
+				  &a,
+				  &truncation);
 	if (!dn_key) {
 		talloc_free(list);
 		return LDB_ERR_OPERATIONS_ERROR;
@@ -2681,7 +2714,6 @@ static int ldb_kv_index_add1(struct ldb_module *module,
 		talloc_free(list);
 		return LDB_ERR_CONSTRAINT_VIOLATION;
 	}
-	talloc_steal(list, dn_key);
 
 	ret = ldb_kv_dn_list_load(module, ldb_kv, dn_key, list,
 				  DN_LIST_MUTABLE);
@@ -3181,8 +3213,18 @@ int ldb_kv_index_del_value(struct ldb_module *module,
 		return LDB_SUCCESS;
 	}
 
-	dn_key = ldb_kv_index_key(
-	    ldb, ldb_kv, el->name, &el->values[v_idx], NULL, &truncation);
+	/*
+	 * ldb is being used as the memory context to ldb_kv_index_key
+	 * as dn_key itself is also used as the TALLOC_CTX for the
+	 * rest of this function.
+	 */
+	dn_key = ldb_kv_index_key(ldb,
+				  ldb,
+				  ldb_kv,
+				  el->name,
+				  &el->values[v_idx],
+				  NULL,
+				  &truncation);
 	/*
 	 * We ignore key truncation in ltdb_index_add1() so
 	 * match that by ignoring it here as well
diff --git a/lib/tsocket/tsocket.h b/lib/tsocket/tsocket.h
index aad82795691..2f1c7981346 100644
--- a/lib/tsocket/tsocket.h
+++ b/lib/tsocket/tsocket.h
@@ -996,16 +996,16 @@ int _tsocket_address_bsd_from_sockaddr(TALLOC_CTX *mem_ctx,
  * @return              0 on success, -1 on error with errno set.
  */
 int tsocket_address_bsd_from_samba_sockaddr(TALLOC_CTX *mem_ctx,
-					const struct samba_sockaddr *s_addr,
+					const struct samba_sockaddr *xs_addr,
 					struct tsocket_address **t_addr);
 #else
 int _tsocket_address_bsd_from_samba_sockaddr(TALLOC_CTX *mem_ctx,
-					 const struct samba_sockaddr *s_addr,
+					 const struct samba_sockaddr *xs_addr,
 					 struct tsocket_address **t_addr,
 					 const char *location);
 
-#define tsocket_address_bsd_from_samba_sockaddr(mem_ctx, s_addr, t_addr) \
-	_tsocket_address_bsd_from_samba_sockaddr(mem_ctx, s_addr, t_addr, \
+#define tsocket_address_bsd_from_samba_sockaddr(mem_ctx, xs_addr, t_addr) \
+	_tsocket_address_bsd_from_samba_sockaddr(mem_ctx, xs_addr, t_addr, \
 						 __location__)
 #endif
 
diff --git a/lib/tsocket/tsocket_bsd.c b/lib/tsocket/tsocket_bsd.c
index 6ad40bd0ada..10ea1347149 100644
--- a/lib/tsocket/tsocket_bsd.c
+++ b/lib/tsocket/tsocket_bsd.c
@@ -282,13 +282,13 @@ int _tsocket_address_bsd_from_sockaddr(TALLOC_CTX *mem_ctx,
 }
 
 int _tsocket_address_bsd_from_samba_sockaddr(TALLOC_CTX *mem_ctx,
-					 const struct samba_sockaddr *s_addr,
+					 const struct samba_sockaddr *xs_addr,
 					 struct tsocket_address **t_addr,
 					 const char *location)
 {
 	return _tsocket_address_bsd_from_sockaddr(mem_ctx,
-						  &s_addr->u.sa,
-						  s_addr->sa_socklen,
+						  &xs_addr->u.sa,
+						  xs_addr->sa_socklen,
 						  t_addr,
 						  location);
 }
diff --git a/python/samba/netcmd/group.py b/python/samba/netcmd/group.py
index 6e5ed1def28..76705100960 100644
--- a/python/samba/netcmd/group.py
+++ b/python/samba/netcmd/group.py
@@ -179,7 +179,7 @@ Example2 deletes group Group2 from the local server.  The command is run under r
                       credentials=creds, lp=lp)
 
         filter = ("(&(sAMAccountName=%s)(objectClass=group))" %
-                  groupname)
+                  ldb.binary_encode(groupname))
 
         try:
             res = samdb.search(base=samdb.domain_dn(),
@@ -516,21 +516,22 @@ samba-tool group listmembers \"Domain Users\" -H ldap://samba.samdom.example.com
             samdb = SamDB(url=H, session_info=system_session(),
                           credentials=creds, lp=lp)
 
-            search_filter = "(&(objectClass=group)(samaccountname=%s))" % groupname
-            res = samdb.search(samdb.domain_dn(), scope=ldb.SCOPE_SUBTREE,
-                               expression=(search_filter),
-                               attrs=["objectSid"])
-
-            if (len(res) != 1):
-                return
-
-            group_dn = res[0].get('dn', idx=0)
-            object_sid = res[0].get('objectSid', idx=0)
-
-            object_sid = ndr_unpack(security.dom_sid, object_sid)
-            (group_dom_sid, rid) = object_sid.split()
-
-            search_filter = "(|(primaryGroupID=%s)(memberOf=%s))" % (rid, group_dn)
+            search_filter = ("(&(objectClass=group)(sAMAccountName=%s))" %
+                             ldb.binary_encode(groupname))
+            try:
+                res = samdb.search(samdb.domain_dn(), scope=ldb.SCOPE_SUBTREE,
+                                   expression=(search_filter),
+                                   attrs=["objectSid"])
+                group_sid_binary = res[0].get('objectSid', idx=0)
+            except IndexError:
+                raise CommandError('Unable to find group "%s"' % (groupname))
+
+            group_sid = ndr_unpack(security.dom_sid, group_sid_binary)
+            (group_dom_sid, rid) = group_sid.split()
+            group_sid_dn = "<SID=%s>" % (group_sid)
+
+            search_filter = ("(|(primaryGroupID=%s)(memberOf=%s))" %
+                             (rid, group_sid_dn))
             res = samdb.search(samdb.domain_dn(), scope=ldb.SCOPE_SUBTREE,
                                expression=(search_filter),
                                attrs=["samAccountName", "cn"])
@@ -549,7 +550,8 @@ samba-tool group listmembers \"Domain Users\" -H ldap://samba.samdom.example.com
                 self.outf.write("%s\n" % member_name)
 
         except Exception as e:
-            raise CommandError('Failed to list members of "%s" group ' % groupname, e)
+            raise CommandError('Failed to list members of "%s" group - %s' %
+                               (groupname, e))
 
 
 class cmd_group_move(Command):
@@ -605,7 +607,7 @@ class cmd_group_move(Command):
         domain_dn = ldb.Dn(samdb, samdb.domain_dn())
 
         filter = ("(&(sAMAccountName=%s)(objectClass=group))" %
-                  groupname)
+                  ldb.binary_encode(groupname))
         try:
             res = samdb.search(base=domain_dn,
                                expression=filter,
@@ -871,7 +873,8 @@ class cmd_group_edit(Command):
         samdb = SamDB(url=H, session_info=system_session(),
                       credentials=creds, lp=lp)
 
-        filter = ("(&(sAMAccountName=%s)(objectClass=group))" % groupname)
+        filter = ("(&(sAMAccountName=%s)(objectClass=group))" %
+                  ldb.binary_encode(groupname))
 
         domaindn = samdb.domain_dn()
 
diff --git a/python/samba/tests/samba_tool/group.py b/python/samba/tests/samba_tool/group.py
index f85c945d32c..47fd14b2d33 100644
--- a/python/samba/tests/samba_tool/group.py
+++ b/python/samba/tests/samba_tool/group.py
@@ -39,14 +39,17 @@ class GroupCmdTestCase(SambaToolCmdTest):
         self.groups.append(self._randomGroup({"name": "testgroup2"}))
         self.groups.append(self._randomGroup({"name": "testgroup3"}))
         self.groups.append(self._randomGroup({"name": "testgroup4"}))
+        self.groups.append(self._randomGroup({"name": "testgroup5 (with brackets)"}))
         self.groups.append(self._randomPosixGroup({"name": "posixgroup1"}))
         self.groups.append(self._randomPosixGroup({"name": "posixgroup2"}))
         self.groups.append(self._randomPosixGroup({"name": "posixgroup3"}))
         self.groups.append(self._randomPosixGroup({"name": "posixgroup4"}))
+        self.groups.append(self._randomPosixGroup({"name": "posixgroup5 (with brackets)"}))
         self.groups.append(self._randomUnixGroup({"name": "unixgroup1"}))
         self.groups.append(self._randomUnixGroup({"name": "unixgroup2"}))
         self.groups.append(self._randomUnixGroup({"name": "unixgroup3"}))
         self.groups.append(self._randomUnixGroup({"name": "unixgroup4"}))
+        self.groups.append(self._randomUnixGroup({"name": "unixgroup5 (with brackets)"}))
 
         # setup the 12 groups and ensure they are correct
         for group in self.groups:
diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c
index 6b0fbe728bc..2544a106d13 100644
--- a/source4/dsdb/samdb/ldb_modules/partition.c
+++ b/source4/dsdb/samdb/ldb_modules/partition.c
@@ -238,6 +238,7 @@ static int partition_prep_request(struct partition_context *ac,
 	int ret;
 	struct ldb_request *req;
 	struct ldb_control *partition_ctrl = NULL;
+	void *part_data = NULL;
 
 	ac->part_req = talloc_realloc(ac, ac->part_req,
 					struct part_request,
@@ -323,42 +324,37 @@ static int partition_prep_request(struct partition_context *ac,
 		}
 	}
 
-	if (partition) {
-		void *part_data = partition->ctrl;
+	part_data = partition->ctrl;
 
-		ac->part_req[ac->num_requests].module = partition->module;
+	ac->part_req[ac->num_requests].module = partition->module;
 
-		if (partition_ctrl != NULL) {
-			if (partition_ctrl->data != NULL) {
-				part_data = partition_ctrl->data;
-			}
-
-			/*
-			 * If the provided current partition control is without
-			 * data then use the calculated one.
-			 */
-			ret = ldb_request_add_control(req,
-						      DSDB_CONTROL_CURRENT_PARTITION_OID,
-						      false, part_data);
-			if (ret != LDB_SUCCESS) {
-				return ret;
-			}
+	if (partition_ctrl != NULL) {
+		if (partition_ctrl->data != NULL) {
+			part_data = partition_ctrl->data;
 		}
 
-		if (req->operation == LDB_SEARCH) {
-			/* If the search is for 'more' than this partition,
-			 * then change the basedn, so a remote LDAP server
-			 * doesn't object */
-			if (ldb_dn_compare_base(partition->ctrl->dn,
-						req->op.search.base) != 0) {
-				req->op.search.base = partition->ctrl->dn;
-			}
+		/*
+		 * If the provided current partition control is without
+		 * data then use the calculated one.
+		 */
+		ret = ldb_request_add_control(req,
+					      DSDB_CONTROL_CURRENT_PARTITION_OID,
+					      false, part_data);
+		if (ret != LDB_SUCCESS) {
+			return ret;
 		}
+	}
 
-	} else {
-		/* make sure you put the module here, or
-		 * or ldb_next_request() will skip a module */
-		ac->part_req[ac->num_requests].module = ac->module;
+	if (req->operation == LDB_SEARCH) {
+		/*
+		 * If the search is for 'more' than this partition,
+		 * then change the basedn, so the check of the BASE DN
+		 * still passes in the ldb_key_value layer
+		 */
+		if (ldb_dn_compare_base(partition->ctrl->dn,
+					req->op.search.base) != 0) {
+			req->op.search.base = partition->ctrl->dn;
+		}
 	}
 
 	ac->num_requests++;
@@ -752,7 +748,6 @@ static int partition_replicate(struct ldb_module *module, struct ldb_request *re
 /* search */
 static int partition_search(struct ldb_module *module, struct ldb_request *req)
 {
-	struct ldb_control **saved_controls;
 	/* Find backend */
 	struct partition_private_data *data = talloc_get_type(ldb_module_get_private(module),
 							      struct partition_private_data);
@@ -787,12 +782,6 @@ static int partition_search(struct ldb_module *module, struct ldb_request *req)
 
 	}
 
-	/* Remove the "domain_scope" control, so we don't confuse a backend
-	 * server */
-	if (domain_scope_control && !ldb_save_controls(domain_scope_control, req, &saved_controls)) {
-		return ldb_oom(ldb_module_get_ctx(module));
-	}
-
 	/* if we aren't initialised yet go further */
 	if (!data || !data->partitions) {
 		return ldb_next_request(module, req);
diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
index a8a61d5df7c..824a4612f5a 100644
--- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
+++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
@@ -2829,12 +2829,10 @@ static int replmd_modify_la_delete(struct ldb_module *module,
 		return ret;
 	}
 
-	if (parent) {
-		vanish_links_ctrl = ldb_request_get_control(parent, DSDB_CONTROL_REPLMD_VANISH_LINKS);
-		if (vanish_links_ctrl) {
-			vanish_links = true;
-			vanish_links_ctrl->critical = false;
-		}
+	vanish_links_ctrl = ldb_request_get_control(parent, DSDB_CONTROL_REPLMD_VANISH_LINKS);
+	if (vanish_links_ctrl) {
+		vanish_links = true;
+		vanish_links_ctrl->critical = false;
 	}
 
 	/* we empty out el->values here to avoid damage if we return early. */
@@ -3344,20 +3342,18 @@ static int replmd_modify_handle_linked_attribs(struct ldb_module *module,
 			continue;
 		}
 		if ((schema_attr->linkID & 1) == 1) {
-			if (parent) {
-				struct ldb_control *ctrl;
+			struct ldb_control *ctrl;


-- 
Samba Shared Repository



More information about the samba-cvs mailing list