[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Fri Feb 28 04:43:04 UTC 2020
The branch, master has been updated
via a3fc18f679e dsdb: Rewrite comment to remove refernece to LDAP backends
via dc308d1c293 dsdb: Remove dead code in partition_prep_request()
via 01a3cf8e1e2 dsdb: Do not use ldb_save_controls() in partitions module for domain_scope
via 47b6c4b8f59 dsdb: Improve clarity by adding a comment in replmd_delete_internals()
via 7ad56d41740 dsdb: Simplifiy VANISH_LINKS handling: The variable "parent" is always non-NULL
via f2a2b469b4d selftest: Confirm we can delete a user with a dangling backlink
via 3b95125187c prevent NULL reference from being used as '%s' argument.
via 535debb312b ldb: Add mem_ctx argument to ldb_kv_index_key()
via 48cfb8458b0 ldb: Improve coding style in ldb_kv_index_dn_simple()
via 0a87f59ac25 ldb: Fix memory leak in ldb_kv_index_dn_ordered()
via b29e6480dc3 Rename macro argument s_addr due to it already being defined
via 534809a0f09 selftest: test samba-tool group commands with groupnames with brackets and spaces
via f3e7ea0405d samba-tool group edit: use binary encoded group name
via 104582b73ca samba-tool group delete: use binary encoded group name
via 626209beab2 samba-tool group move: use binary encoded group name
via d0f8e833653 samba-tool group listmembers: use binary encoded group names
via 1d2e9f27fa9 samba-tool group listmembers: find group members by groups SID
via 40e498e743e samba-tool group listmembers: handle group-does-not-exist error
via 789d84c0a9a samba-tool group listmembers: hide python backtracke on command error
from 7678032272b Undef ARRAY_SIZE, if defined, before define to avoid compilation warnings
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit a3fc18f679e65aadcb3f7c5f4cdb64905383ea5d
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Feb 24 16:57:35 2020 +1300
dsdb: Rewrite comment to remove refernece to LDAP backends
This is required despire the demise of the LDAP backend.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Feb 28 04:42:23 UTC 2020 on sn-devel-184
commit dc308d1c2937313813b628d7fb94463542a0dd81
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Feb 24 16:43:44 2020 +1300
dsdb: Remove dead code in partition_prep_request()
The partition variable is never NULL.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
commit 01a3cf8e1e2562a77635ecf2a9a79e28af43fe7c
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Feb 24 16:22:24 2020 +1300
dsdb: Do not use ldb_save_controls() in partitions module for domain_scope
The LDAP backend is long-removed so we do not need this workaround
for a confused server any longer.
This avoids references to old (but valid) memory after a new ldb_control array is
allocated in ldb_save_controls() and keeps the controls pointer as
constant as possible given the multiple ldb_request structures it
will appear in.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
commit 47b6c4b8f5987adda861bf8440949df4aaacef6c
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Feb 24 10:30:26 2020 +1300
dsdb: Improve clarity by adding a comment in replmd_delete_internals()
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
commit 7ad56d41740d6794a85889f268654564c48c8a74
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Feb 24 13:28:56 2020 +1300
dsdb: Simplifiy VANISH_LINKS handling: The variable "parent" is always non-NULL
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
commit f2a2b469b4d3378102d6011e80b0c6532d802953
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Feb 24 11:58:48 2020 +1300
selftest: Confirm we can delete a user with a dangling backlink
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
commit 3b95125187c76945210a679b7ea2dc3b8ae7f778
Author: Swen Schillig <swen at linux.ibm.com>
Date: Wed Jan 22 11:28:28 2020 +0100
prevent NULL reference from being used as '%s' argument.
The two string arguments to torture_comment() can be NULL
as the succeeding checks suggest. This is not wanted because a compile
with --enable-developer throws an error of [-Werror=format-overflow=]
in those situations.
Signed-off-by: Swen Schillig <swen at linux.ibm.com>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 535debb312b8dc5a9de6b6fe2543af84e9534a23
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Feb 27 11:30:00 2020 +1300
ldb: Add mem_ctx argument to ldb_kv_index_key()
This avoids using "ldb" as the memory context in most cases, and may avoid
a long-term memory leak if future changes cause dn_key not to be freed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14299
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
commit 48cfb8458b0ff86e3a431240933caa02d64af82f
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Feb 27 11:27:17 2020 +1300
ldb: Improve coding style in ldb_kv_index_dn_simple()
We avoid bare if conditions in Samba.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14299
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
commit 0a87f59ac2580bdb7f93efa075323c73fc1ec83e
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Feb 27 11:12:55 2020 +1300
ldb: Fix memory leak in ldb_kv_index_dn_ordered()
We need to ensure we TALLOC_FREE(tmp_ctx) in every error exit.
Reported by Alex Kolesnik, ABISoft Ltd., www.abisoft.biz. Thanks!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14299
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
commit b29e6480dc3b266ca1f311f675f67670f5635a21
Author: Peter Eriksson <pen at lysator.liu.se>
Date: Thu Feb 27 09:59:32 2020 +0100
Rename macro argument s_addr due to it already being defined
Signed-off-by: Peter Eriksson <pen at lysator.liu.se>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 534809a0f09775390e89fa1cbfae3a1d0fafecb8
Author: Björn Baumbach <bb at sernet.de>
Date: Thu Feb 27 11:06:34 2020 +0100
selftest: test samba-tool group commands with groupnames with brackets and spaces
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14296
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit f3e7ea0405d46ddfbeba9b3a84c13b7878464180
Author: Björn Baumbach <bb at sernet.de>
Date: Wed Feb 26 13:56:14 2020 +0100
samba-tool group edit: use binary encoded group name
Allows to edit groups with names like e.g. 'group1 (xy)'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14296
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 104582b73caf008600e15d76d57424263a0f28d4
Author: Björn Baumbach <bb at sernet.de>
Date: Wed Feb 26 13:55:01 2020 +0100
samba-tool group delete: use binary encoded group name
Allows to delete groups with names like e.g. 'group1 (xy)'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14296
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 626209beab2fc9b0fdb7e90338cdfec5cfa48dd7
Author: Björn Baumbach <bb at sernet.de>
Date: Wed Feb 26 13:40:50 2020 +0100
samba-tool group move: use binary encoded group name
Allows to move groups with names like e.g. 'group1 (xy)'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14296
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit d0f8e833653df652df01a472c4bbfd256f10f810
Author: Björn Baumbach <bb at sernet.de>
Date: Wed Feb 26 13:38:50 2020 +0100
samba-tool group listmembers: use binary encoded group names
Allows to find groups with names like e.g. 'group1 (xy)'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14296
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 1d2e9f27fa9cff55245e45a194f696fc9ca4376d
Author: Björn Baumbach <bb at sernet.de>
Date: Wed Feb 26 13:39:44 2020 +0100
samba-tool group listmembers: find group members by groups SID
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14296
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 40e498e743e4677a42030373e8d97f6f9763080a
Author: Björn Baumbach <bb at sernet.de>
Date: Wed Feb 26 13:08:43 2020 +0100
samba-tool group listmembers: handle group-does-not-exist error
Return a error with a proper message instead of just do nothing when
the target group does not exist.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14296
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 789d84c0a9a406f7e0c9ab48cf2f31afdc4d3829
Author: Björn Baumbach <bb at sernet.de>
Date: Wed Feb 26 13:05:16 2020 +0100
samba-tool group listmembers: hide python backtracke on command error
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
lib/ldb/ldb_key_value/ldb_kv_index.c | 78 +++++++++++++++++++------
lib/tsocket/tsocket.h | 8 +--
lib/tsocket/tsocket_bsd.c | 6 +-
python/samba/netcmd/group.py | 41 +++++++------
python/samba/tests/samba_tool/group.py | 3 +
source4/dsdb/samdb/ldb_modules/partition.c | 63 +++++++++-----------
source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 39 +++++++------
source4/torture/rpc/drsuapi_cracknames.c | 7 ++-
testprogs/blackbox/dbcheck-links.sh | 46 +++++++++++++++
9 files changed, 189 insertions(+), 102 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/ldb/ldb_key_value/ldb_kv_index.c b/lib/ldb/ldb_key_value/ldb_kv_index.c
index a7e341552ea..5a24b074e1c 100644
--- a/lib/ldb/ldb_key_value/ldb_kv_index.c
+++ b/lib/ldb/ldb_key_value/ldb_kv_index.c
@@ -975,6 +975,7 @@ int ldb_kv_index_transaction_cancel(struct ldb_module *module)
the caller is responsible for freeing
*/
static struct ldb_dn *ldb_kv_index_key(struct ldb_context *ldb,
+ TALLOC_CTX *mem_ctx,
struct ldb_kv_private *ldb_kv,
const char *attr,
const struct ldb_val *value,
@@ -1110,7 +1111,7 @@ static struct ldb_dn *ldb_kv_index_key(struct ldb_context *ldb,
if (should_b64_encode) {
size_t vstr_len = 0;
- char *vstr = ldb_base64_encode(ldb, (char *)v.data, v.length);
+ char *vstr = ldb_base64_encode(mem_ctx, (char *)v.data, v.length);
if (!vstr) {
talloc_free(attr_folded);
return NULL;
@@ -1131,7 +1132,7 @@ static struct ldb_dn *ldb_kv_index_key(struct ldb_context *ldb,
* Note: the double hash "##" is not a typo and
* indicates that the following value is base64 encoded
*/
- ret = ldb_dn_new_fmt(ldb, ldb, "%s#%s##%.*s",
+ ret = ldb_dn_new_fmt(mem_ctx, ldb, "%s#%s##%.*s",
LDB_KV_INDEX, attr_for_dn,
frmt_len, vstr);
} else {
@@ -1141,7 +1142,7 @@ static struct ldb_dn *ldb_kv_index_key(struct ldb_context *ldb,
* Note: the double colon "::" is not a typo and
* indicates that the following value is base64 encoded
*/
- ret = ldb_dn_new_fmt(ldb, ldb, "%s:%s::%.*s",
+ ret = ldb_dn_new_fmt(mem_ctx, ldb, "%s:%s::%.*s",
LDB_KV_INDEX, attr_for_dn,
frmt_len, vstr);
}
@@ -1163,13 +1164,13 @@ static struct ldb_dn *ldb_kv_index_key(struct ldb_context *ldb,
* Truncated keys are placed in a separate key space
* from the non truncated keys
*/
- ret = ldb_dn_new_fmt(ldb, ldb, "%s#%s#%.*s",
+ ret = ldb_dn_new_fmt(mem_ctx, ldb, "%s#%s#%.*s",
LDB_KV_INDEX, attr_for_dn,
frmt_len, (char *)v.data);
} else {
frmt_len = v.length;
*truncation = KEY_NOT_TRUNCATED;
- ret = ldb_dn_new_fmt(ldb, ldb, "%s:%s:%.*s",
+ ret = ldb_dn_new_fmt(mem_ctx, ldb, "%s:%s:%.*s",
LDB_KV_INDEX, attr_for_dn,
frmt_len, (char *)v.data);
}
@@ -1269,9 +1270,15 @@ static int ldb_kv_index_dn_simple(struct ldb_module *module,
return LDB_ERR_OPERATIONS_ERROR;
}
- /* the attribute is indexed. Pull the list of DNs that match the
- search criterion */
+ /*
+ * the attribute is indexed. Pull the list of DNs that match the
+ * search criterion
+ *
+ * list is used as a memory context as it has a shorter life
+ * than 'ldb'. Regardless we talloc_free() 'dn' below.
+ */
dn = ldb_kv_index_key(ldb,
+ list,
ldb_kv,
tree->u.equality.attr,
&tree->u.equality.value,
@@ -1282,7 +1289,9 @@ static int ldb_kv_index_dn_simple(struct ldb_module *module,
* as ltdb_search_indexed will filter out the wrong one in
* ltdb_index_filter() which calls ldb_match_message().
*/
- if (!dn) return LDB_ERR_OPERATIONS_ERROR;
+ if (!dn) {
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
ret = ldb_kv_dn_list_load(module, ldb_kv, dn, list,
DN_LIST_WILL_BE_READ_ONLY);
@@ -1910,7 +1919,7 @@ static int ldb_kv_index_dn_ordered(struct ldb_module *module,
struct ldb_kv_ordered_index_context ctx;
int ret;
- TALLOC_CTX *tmp_ctx = talloc_new(NULL);
+ TALLOC_CTX *tmp_ctx = NULL;
if (!ldb_kv_is_indexed(module, ldb_kv, tree->u.comparison.attr)) {
return LDB_ERR_OPERATIONS_ERROR;
@@ -1950,39 +1959,51 @@ static int ldb_kv_index_dn_ordered(struct ldb_module *module,
return LDB_ERR_OPERATIONS_ERROR;
}
- key_dn = ldb_kv_index_key(ldb, ldb_kv, tree->u.comparison.attr,
+ tmp_ctx = talloc_new(NULL);
+ if (tmp_ctx == NULL) {
+ return ldb_module_oom(module);
+ }
+
+ key_dn = ldb_kv_index_key(ldb, tmp_ctx, ldb_kv, tree->u.comparison.attr,
&tree->u.comparison.value,
NULL, &truncation);
if (!key_dn) {
+ TALLOC_FREE(tmp_ctx);
return LDB_ERR_OPERATIONS_ERROR;
} else if (truncation == KEY_TRUNCATED) {
ldb_debug(ldb, LDB_DEBUG_WARNING,
__location__
": ordered index violation: key dn truncated: %s\n",
ldb_dn_get_linearized(key_dn));
+ TALLOC_FREE(tmp_ctx);
return LDB_ERR_OPERATIONS_ERROR;
}
ldb_key = ldb_kv_key_dn(tmp_ctx, key_dn);
talloc_free(key_dn);
if (ldb_key.data == NULL) {
+ TALLOC_FREE(tmp_ctx);
return LDB_ERR_OPERATIONS_ERROR;
}
- key_dn = ldb_kv_index_key(ldb, ldb_kv, tree->u.comparison.attr,
+ key_dn = ldb_kv_index_key(ldb, tmp_ctx,
+ ldb_kv, tree->u.comparison.attr,
NULL, NULL, &truncation);
if (!key_dn) {
+ TALLOC_FREE(tmp_ctx);
return LDB_ERR_OPERATIONS_ERROR;
} else if (truncation == KEY_TRUNCATED) {
ldb_debug(ldb, LDB_DEBUG_WARNING,
__location__
": ordered index violation: key dn truncated: %s\n",
ldb_dn_get_linearized(key_dn));
+ TALLOC_FREE(tmp_ctx);
return LDB_ERR_OPERATIONS_ERROR;
}
ldb_key2 = ldb_kv_key_dn(tmp_ctx, key_dn);
talloc_free(key_dn);
if (ldb_key2.data == NULL) {
+ TALLOC_FREE(tmp_ctx);
return LDB_ERR_OPERATIONS_ERROR;
}
@@ -2022,13 +2043,14 @@ static int ldb_kv_index_dn_ordered(struct ldb_module *module,
traverse_range_index, &ctx);
if (ret != LDB_SUCCESS || ctx.error != LDB_SUCCESS) {
+ TALLOC_FREE(tmp_ctx);
return LDB_ERR_OPERATIONS_ERROR;
}
TYPESAFE_QSORT(ctx.dn_list->dn, ctx.dn_list->count,
ldb_val_equal_exact_for_qsort);
- talloc_free(tmp_ctx);
+ TALLOC_FREE(tmp_ctx);
return LDB_SUCCESS;
}
@@ -2084,7 +2106,13 @@ static int ldb_kv_index_dn_attr(struct ldb_module *module,
return LDB_ERR_OPERATIONS_ERROR;
}
val.length = strlen((char *)val.data);
- key = ldb_kv_index_key(ldb, ldb_kv, attr, &val, NULL, truncation);
+
+ /*
+ * We use list as a TALLOC_CTX to provide a shorter-lived
+ * memory context than ldb, even as the result is freed with
+ * the talloc_free(key) below.
+ */
+ key = ldb_kv_index_key(ldb, list, ldb_kv, attr, &val, NULL, truncation);
if (!key) {
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
@@ -2656,8 +2684,13 @@ static int ldb_kv_index_add1(struct ldb_module *module,
return LDB_ERR_OPERATIONS_ERROR;
}
- dn_key = ldb_kv_index_key(
- ldb, ldb_kv, el->name, &el->values[v_idx], &a, &truncation);
+ dn_key = ldb_kv_index_key(ldb,
+ list,
+ ldb_kv,
+ el->name,
+ &el->values[v_idx],
+ &a,
+ &truncation);
if (!dn_key) {
talloc_free(list);
return LDB_ERR_OPERATIONS_ERROR;
@@ -2681,7 +2714,6 @@ static int ldb_kv_index_add1(struct ldb_module *module,
talloc_free(list);
return LDB_ERR_CONSTRAINT_VIOLATION;
}
- talloc_steal(list, dn_key);
ret = ldb_kv_dn_list_load(module, ldb_kv, dn_key, list,
DN_LIST_MUTABLE);
@@ -3181,8 +3213,18 @@ int ldb_kv_index_del_value(struct ldb_module *module,
return LDB_SUCCESS;
}
- dn_key = ldb_kv_index_key(
- ldb, ldb_kv, el->name, &el->values[v_idx], NULL, &truncation);
+ /*
+ * ldb is being used as the memory context to ldb_kv_index_key
+ * as dn_key itself is also used as the TALLOC_CTX for the
+ * rest of this function.
+ */
+ dn_key = ldb_kv_index_key(ldb,
+ ldb,
+ ldb_kv,
+ el->name,
+ &el->values[v_idx],
+ NULL,
+ &truncation);
/*
* We ignore key truncation in ltdb_index_add1() so
* match that by ignoring it here as well
diff --git a/lib/tsocket/tsocket.h b/lib/tsocket/tsocket.h
index aad82795691..2f1c7981346 100644
--- a/lib/tsocket/tsocket.h
+++ b/lib/tsocket/tsocket.h
@@ -996,16 +996,16 @@ int _tsocket_address_bsd_from_sockaddr(TALLOC_CTX *mem_ctx,
* @return 0 on success, -1 on error with errno set.
*/
int tsocket_address_bsd_from_samba_sockaddr(TALLOC_CTX *mem_ctx,
- const struct samba_sockaddr *s_addr,
+ const struct samba_sockaddr *xs_addr,
struct tsocket_address **t_addr);
#else
int _tsocket_address_bsd_from_samba_sockaddr(TALLOC_CTX *mem_ctx,
- const struct samba_sockaddr *s_addr,
+ const struct samba_sockaddr *xs_addr,
struct tsocket_address **t_addr,
const char *location);
-#define tsocket_address_bsd_from_samba_sockaddr(mem_ctx, s_addr, t_addr) \
- _tsocket_address_bsd_from_samba_sockaddr(mem_ctx, s_addr, t_addr, \
+#define tsocket_address_bsd_from_samba_sockaddr(mem_ctx, xs_addr, t_addr) \
+ _tsocket_address_bsd_from_samba_sockaddr(mem_ctx, xs_addr, t_addr, \
__location__)
#endif
diff --git a/lib/tsocket/tsocket_bsd.c b/lib/tsocket/tsocket_bsd.c
index 6ad40bd0ada..10ea1347149 100644
--- a/lib/tsocket/tsocket_bsd.c
+++ b/lib/tsocket/tsocket_bsd.c
@@ -282,13 +282,13 @@ int _tsocket_address_bsd_from_sockaddr(TALLOC_CTX *mem_ctx,
}
int _tsocket_address_bsd_from_samba_sockaddr(TALLOC_CTX *mem_ctx,
- const struct samba_sockaddr *s_addr,
+ const struct samba_sockaddr *xs_addr,
struct tsocket_address **t_addr,
const char *location)
{
return _tsocket_address_bsd_from_sockaddr(mem_ctx,
- &s_addr->u.sa,
- s_addr->sa_socklen,
+ &xs_addr->u.sa,
+ xs_addr->sa_socklen,
t_addr,
location);
}
diff --git a/python/samba/netcmd/group.py b/python/samba/netcmd/group.py
index 6e5ed1def28..76705100960 100644
--- a/python/samba/netcmd/group.py
+++ b/python/samba/netcmd/group.py
@@ -179,7 +179,7 @@ Example2 deletes group Group2 from the local server. The command is run under r
credentials=creds, lp=lp)
filter = ("(&(sAMAccountName=%s)(objectClass=group))" %
- groupname)
+ ldb.binary_encode(groupname))
try:
res = samdb.search(base=samdb.domain_dn(),
@@ -516,21 +516,22 @@ samba-tool group listmembers \"Domain Users\" -H ldap://samba.samdom.example.com
samdb = SamDB(url=H, session_info=system_session(),
credentials=creds, lp=lp)
- search_filter = "(&(objectClass=group)(samaccountname=%s))" % groupname
- res = samdb.search(samdb.domain_dn(), scope=ldb.SCOPE_SUBTREE,
- expression=(search_filter),
- attrs=["objectSid"])
-
- if (len(res) != 1):
- return
-
- group_dn = res[0].get('dn', idx=0)
- object_sid = res[0].get('objectSid', idx=0)
-
- object_sid = ndr_unpack(security.dom_sid, object_sid)
- (group_dom_sid, rid) = object_sid.split()
-
- search_filter = "(|(primaryGroupID=%s)(memberOf=%s))" % (rid, group_dn)
+ search_filter = ("(&(objectClass=group)(sAMAccountName=%s))" %
+ ldb.binary_encode(groupname))
+ try:
+ res = samdb.search(samdb.domain_dn(), scope=ldb.SCOPE_SUBTREE,
+ expression=(search_filter),
+ attrs=["objectSid"])
+ group_sid_binary = res[0].get('objectSid', idx=0)
+ except IndexError:
+ raise CommandError('Unable to find group "%s"' % (groupname))
+
+ group_sid = ndr_unpack(security.dom_sid, group_sid_binary)
+ (group_dom_sid, rid) = group_sid.split()
+ group_sid_dn = "<SID=%s>" % (group_sid)
+
+ search_filter = ("(|(primaryGroupID=%s)(memberOf=%s))" %
+ (rid, group_sid_dn))
res = samdb.search(samdb.domain_dn(), scope=ldb.SCOPE_SUBTREE,
expression=(search_filter),
attrs=["samAccountName", "cn"])
@@ -549,7 +550,8 @@ samba-tool group listmembers \"Domain Users\" -H ldap://samba.samdom.example.com
self.outf.write("%s\n" % member_name)
except Exception as e:
- raise CommandError('Failed to list members of "%s" group ' % groupname, e)
+ raise CommandError('Failed to list members of "%s" group - %s' %
+ (groupname, e))
class cmd_group_move(Command):
@@ -605,7 +607,7 @@ class cmd_group_move(Command):
domain_dn = ldb.Dn(samdb, samdb.domain_dn())
filter = ("(&(sAMAccountName=%s)(objectClass=group))" %
- groupname)
+ ldb.binary_encode(groupname))
try:
res = samdb.search(base=domain_dn,
expression=filter,
@@ -871,7 +873,8 @@ class cmd_group_edit(Command):
samdb = SamDB(url=H, session_info=system_session(),
credentials=creds, lp=lp)
- filter = ("(&(sAMAccountName=%s)(objectClass=group))" % groupname)
+ filter = ("(&(sAMAccountName=%s)(objectClass=group))" %
+ ldb.binary_encode(groupname))
domaindn = samdb.domain_dn()
diff --git a/python/samba/tests/samba_tool/group.py b/python/samba/tests/samba_tool/group.py
index f85c945d32c..47fd14b2d33 100644
--- a/python/samba/tests/samba_tool/group.py
+++ b/python/samba/tests/samba_tool/group.py
@@ -39,14 +39,17 @@ class GroupCmdTestCase(SambaToolCmdTest):
self.groups.append(self._randomGroup({"name": "testgroup2"}))
self.groups.append(self._randomGroup({"name": "testgroup3"}))
self.groups.append(self._randomGroup({"name": "testgroup4"}))
+ self.groups.append(self._randomGroup({"name": "testgroup5 (with brackets)"}))
self.groups.append(self._randomPosixGroup({"name": "posixgroup1"}))
self.groups.append(self._randomPosixGroup({"name": "posixgroup2"}))
self.groups.append(self._randomPosixGroup({"name": "posixgroup3"}))
self.groups.append(self._randomPosixGroup({"name": "posixgroup4"}))
+ self.groups.append(self._randomPosixGroup({"name": "posixgroup5 (with brackets)"}))
self.groups.append(self._randomUnixGroup({"name": "unixgroup1"}))
self.groups.append(self._randomUnixGroup({"name": "unixgroup2"}))
self.groups.append(self._randomUnixGroup({"name": "unixgroup3"}))
self.groups.append(self._randomUnixGroup({"name": "unixgroup4"}))
+ self.groups.append(self._randomUnixGroup({"name": "unixgroup5 (with brackets)"}))
# setup the 12 groups and ensure they are correct
for group in self.groups:
diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c
index 6b0fbe728bc..2544a106d13 100644
--- a/source4/dsdb/samdb/ldb_modules/partition.c
+++ b/source4/dsdb/samdb/ldb_modules/partition.c
@@ -238,6 +238,7 @@ static int partition_prep_request(struct partition_context *ac,
int ret;
struct ldb_request *req;
struct ldb_control *partition_ctrl = NULL;
+ void *part_data = NULL;
ac->part_req = talloc_realloc(ac, ac->part_req,
struct part_request,
@@ -323,42 +324,37 @@ static int partition_prep_request(struct partition_context *ac,
}
}
- if (partition) {
- void *part_data = partition->ctrl;
+ part_data = partition->ctrl;
- ac->part_req[ac->num_requests].module = partition->module;
+ ac->part_req[ac->num_requests].module = partition->module;
- if (partition_ctrl != NULL) {
- if (partition_ctrl->data != NULL) {
- part_data = partition_ctrl->data;
- }
-
- /*
- * If the provided current partition control is without
- * data then use the calculated one.
- */
- ret = ldb_request_add_control(req,
- DSDB_CONTROL_CURRENT_PARTITION_OID,
- false, part_data);
- if (ret != LDB_SUCCESS) {
- return ret;
- }
+ if (partition_ctrl != NULL) {
+ if (partition_ctrl->data != NULL) {
+ part_data = partition_ctrl->data;
}
- if (req->operation == LDB_SEARCH) {
- /* If the search is for 'more' than this partition,
- * then change the basedn, so a remote LDAP server
- * doesn't object */
- if (ldb_dn_compare_base(partition->ctrl->dn,
- req->op.search.base) != 0) {
- req->op.search.base = partition->ctrl->dn;
- }
+ /*
+ * If the provided current partition control is without
+ * data then use the calculated one.
+ */
+ ret = ldb_request_add_control(req,
+ DSDB_CONTROL_CURRENT_PARTITION_OID,
+ false, part_data);
+ if (ret != LDB_SUCCESS) {
+ return ret;
}
+ }
- } else {
- /* make sure you put the module here, or
- * or ldb_next_request() will skip a module */
- ac->part_req[ac->num_requests].module = ac->module;
+ if (req->operation == LDB_SEARCH) {
+ /*
+ * If the search is for 'more' than this partition,
+ * then change the basedn, so the check of the BASE DN
+ * still passes in the ldb_key_value layer
+ */
+ if (ldb_dn_compare_base(partition->ctrl->dn,
+ req->op.search.base) != 0) {
+ req->op.search.base = partition->ctrl->dn;
+ }
}
ac->num_requests++;
@@ -752,7 +748,6 @@ static int partition_replicate(struct ldb_module *module, struct ldb_request *re
/* search */
static int partition_search(struct ldb_module *module, struct ldb_request *req)
{
- struct ldb_control **saved_controls;
/* Find backend */
struct partition_private_data *data = talloc_get_type(ldb_module_get_private(module),
struct partition_private_data);
@@ -787,12 +782,6 @@ static int partition_search(struct ldb_module *module, struct ldb_request *req)
}
- /* Remove the "domain_scope" control, so we don't confuse a backend
- * server */
- if (domain_scope_control && !ldb_save_controls(domain_scope_control, req, &saved_controls)) {
- return ldb_oom(ldb_module_get_ctx(module));
- }
-
/* if we aren't initialised yet go further */
if (!data || !data->partitions) {
return ldb_next_request(module, req);
diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
index a8a61d5df7c..824a4612f5a 100644
--- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
+++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
@@ -2829,12 +2829,10 @@ static int replmd_modify_la_delete(struct ldb_module *module,
return ret;
}
- if (parent) {
- vanish_links_ctrl = ldb_request_get_control(parent, DSDB_CONTROL_REPLMD_VANISH_LINKS);
- if (vanish_links_ctrl) {
- vanish_links = true;
- vanish_links_ctrl->critical = false;
- }
+ vanish_links_ctrl = ldb_request_get_control(parent, DSDB_CONTROL_REPLMD_VANISH_LINKS);
+ if (vanish_links_ctrl) {
+ vanish_links = true;
+ vanish_links_ctrl->critical = false;
}
/* we empty out el->values here to avoid damage if we return early. */
@@ -3344,20 +3342,18 @@ static int replmd_modify_handle_linked_attribs(struct ldb_module *module,
continue;
}
if ((schema_attr->linkID & 1) == 1) {
- if (parent) {
- struct ldb_control *ctrl;
+ struct ldb_control *ctrl;
--
Samba Shared Repository
More information about the samba-cvs
mailing list