[SCM] Samba Shared Repository - branch master updated
Douglas Bagnall
dbagnall at samba.org
Wed Jul 29 04:44:02 UTC 2020
The branch, master has been updated
via 2aace18f170 ldb_controls: control_to_string avoids crash
via 05228c4e070 dbcheck: Allow a dangling forward link outside our known NCs
from 4baa7cc8e47 kdc:db-glue: ignore KRB5_PROG_ETYPE_NOSUPP also for Primary:Kerberos
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 2aace18f170644da9c293342a6df5e5b2ae8da25
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Jul 24 12:41:29 2020 +1200
ldb_controls: control_to_string avoids crash
Otherwise a malformed control with unexpected NULL data will segfault
ldb_control_to_string(), though this is not very likely to affect
anyone in practice as converting controls to strings is rarely
necessary. If it happens at all in Samba it is in Python code.
Found by Honggfuzz using fuzz_ldb_parse_control.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Wed Jul 29 04:43:23 UTC 2020 on sn-devel-184
commit 05228c4e07013c0e6f78f1330b3b787271282ca8
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Jul 27 11:37:29 2020 +1200
dbcheck: Allow a dangling forward link outside our known NCs
If we do not have the NC of the target object we can not be really sure
that the object is redundent and so we want to keep it for now
and not (as happened until now) break the dbcheck run made during the
replication stage of a "samba-tool domain backup rename".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14450
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
-----------------------------------------------------------------------
Summary of changes:
lib/ldb/common/ldb_controls.c | 22 ++++++++++++++++++++++
python/samba/dbchecker.py | 24 +++++++++++++++++++++++-
selftest/target/Samba4.pm | 39 +++++++++++++++++++++++++++++++++++++++
3 files changed, 84 insertions(+), 1 deletion(-)
Changeset truncated at 500 lines:
diff --git a/lib/ldb/common/ldb_controls.c b/lib/ldb/common/ldb_controls.c
index d67c0afd845..266aa90b224 100644
--- a/lib/ldb/common/ldb_controls.c
+++ b/lib/ldb/common/ldb_controls.c
@@ -286,6 +286,9 @@ char *ldb_control_to_string(TALLOC_CTX *mem_ctx, const struct ldb_control *contr
if (strcmp(control->oid, LDB_CONTROL_PAGED_RESULTS_OID) == 0) {
struct ldb_paged_control *rep_control = talloc_get_type(control->data, struct ldb_paged_control);
char *cookie;
+ if (rep_control == NULL) {
+ return NULL;
+ }
cookie = ldb_base64_encode(mem_ctx, rep_control->cookie, rep_control->cookie_len);
if (cookie == NULL) {
@@ -312,6 +315,10 @@ char *ldb_control_to_string(TALLOC_CTX *mem_ctx, const struct ldb_control *contr
char *cookie;
+ if (rep_control == NULL) {
+ return NULL;
+ }
+
cookie = ldb_base64_encode(mem_ctx,
(char *)rep_control->contextId,
rep_control->ctxid_len);
@@ -334,6 +341,9 @@ char *ldb_control_to_string(TALLOC_CTX *mem_ctx, const struct ldb_control *contr
struct ldb_sort_resp_control *rep_control = talloc_get_type(control->data,
struct ldb_sort_resp_control);
+ if (rep_control == NULL) {
+ return NULL;
+ }
res = talloc_asprintf(mem_ctx, "%s:%d:%d:%s",
LDB_CONTROL_SORT_RESP_NAME,
control->critical,
@@ -347,6 +357,9 @@ char *ldb_control_to_string(TALLOC_CTX *mem_ctx, const struct ldb_control *contr
struct ldb_asq_control *rep_control = talloc_get_type(control->data,
struct ldb_asq_control);
+ if (rep_control == NULL) {
+ return NULL;
+ }
res = talloc_asprintf(mem_ctx, "%s:%d:%d",
LDB_CONTROL_SORT_RESP_NAME,
control->critical,
@@ -360,6 +373,9 @@ char *ldb_control_to_string(TALLOC_CTX *mem_ctx, const struct ldb_control *contr
struct ldb_dirsync_control *rep_control = talloc_get_type(control->data,
struct ldb_dirsync_control);
+ if (rep_control == NULL) {
+ return NULL;
+ }
cookie = ldb_base64_encode(mem_ctx, rep_control->cookie,
rep_control->cookie_len);
if (cookie == NULL) {
@@ -380,6 +396,9 @@ char *ldb_control_to_string(TALLOC_CTX *mem_ctx, const struct ldb_control *contr
struct ldb_dirsync_control *rep_control = talloc_get_type(control->data,
struct ldb_dirsync_control);
+ if (rep_control == NULL) {
+ return NULL;
+ }
cookie = ldb_base64_encode(mem_ctx, rep_control->cookie,
rep_control->cookie_len);
if (cookie == NULL) {
@@ -399,6 +418,9 @@ char *ldb_control_to_string(TALLOC_CTX *mem_ctx, const struct ldb_control *contr
if (strcmp(control->oid, LDB_CONTROL_VERIFY_NAME_OID) == 0) {
struct ldb_verify_name_control *rep_control = talloc_get_type(control->data, struct ldb_verify_name_control);
+ if (rep_control == NULL) {
+ return NULL;
+ }
if (rep_control->gc != NULL) {
res = talloc_asprintf(mem_ctx, "%s:%d:%d:%s",
LDB_CONTROL_VERIFY_NAME_NAME,
diff --git a/python/samba/dbchecker.py b/python/samba/dbchecker.py
index 45dda945d21..5b4645ebb45 100644
--- a/python/samba/dbchecker.py
+++ b/python/samba/dbchecker.py
@@ -621,7 +621,29 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base)))
return 0
nc_root = self.samdb.get_nc_root(dn)
- target_nc_root = self.samdb.get_nc_root(dsdb_dn.dn)
+ try:
+ target_nc_root = self.samdb.get_nc_root(dsdb_dn.dn)
+ except ldb.LdbError as e:
+ (enum, estr) = e.args
+ if enum != ldb.ERR_NO_SUCH_OBJECT:
+ raise
+ target_nc_root = None
+
+ if target_nc_root is None:
+ # We don't bump the error count as Samba produces
+ # these in normal operation creating a lab domain (due
+ # to the way the rename is handled, links to
+ # now-expunged objects will never be fixed to stay
+ # inside the NC
+ self.report("WARNING: no target object found for GUID "
+ "component for link "
+ "%s in object to %s outside our NCs"
+ "%s - %s" % (attrname, dsdb_dn.dn, dn, val))
+ self.report("Not removing dangling one-way "
+ "left-over link outside our NCs "
+ "(we might be building a renamed/lab domain)")
+ return 0
+
if nc_root != target_nc_root:
# We don't bump the error count as Samba produces these
# in normal operation
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index 1466cbd8d48..88c95c3a078 100755
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -2942,6 +2942,45 @@ sub setup_backupfromdc
$self->setup_namespaces($env, $upn_array, $spn_array);
+ # Set up a dangling forward link to an expunged object
+ #
+ # We need this to ensure that the "samba-tool domain backup rename"
+ # that is part of the creation of the labdc environment can
+ # cope with this situation on the source DC.
+
+ if (not $self->write_ldb_file("$env->{PRIVATEDIR}/sam.ldb", "
+dn: ou=linktest,dc=backupdom,dc=samba,dc=example,dc=com
+objectclass: organizationalUnit
+-
+
+dn: cn=linkto,ou=linktest,dc=backupdom,dc=samba,dc=example,dc=com
+objectclass: msExchConfigurationContainer
+-
+
+dn: cn=linkfrom,ou=linktest,dc=backupdom,dc=samba,dc=example,dc=com
+objectclass: msExchConfigurationContainer
+addressBookRoots: cn=linkto,ou=linktest,dc=backupdom,dc=samba,dc=example,dc=com
+-
+
+")) {
+ return undef;
+ }
+ my $ldbdel = Samba::bindir_path($self, "ldbdel");
+ my $cmd = "$ldbdel -H $env->{PRIVATEDIR}/sam.ldb cn=linkto,ou=linktest,dc=backupdom,dc=samba,dc=example,dc=com";
+
+ unless(system($cmd) == 0) {
+ warn("Failed to delete link target: \n$cmd");
+ return undef;
+ }
+
+ # Expunge will ensure that linkto is totally wiped from the DB
+ my $samba_tool = Samba::bindir_path($self, "samba-tool");
+ $cmd = "$samba_tool domain tombstones expunge --tombstone-lifetime=0 $env->{CONFIGURATION}";
+
+ unless(system($cmd) == 0) {
+ warn("Failed to expunge link target: \n$cmd");
+ return undef;
+ }
return $env;
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list