[SCM] Samba Shared Repository - branch v4-12-test updated

Karolin Seeger kseeger at samba.org
Wed Jun 24 11:23:03 UTC 2020


The branch, v4-12-test has been updated
       via  3db89a6c880 ldb_ldap: fix off-by-one increment in lldb_add_msg_attr
       via  1049c5776f8 lib/ldb: add unit test for ldb_ldap internal code
       via  0ac77960440 Fix usage of ldap_get_values_len for msDS-AdditionalDnsHostName
       via  0e668997c83 Properly handle msDS-AdditionalDnsHostName returned from Windows DC
       via  60e73282191 selftest: add tests for binary msDS-AdditionalDnsHostName
       via  63c70acd4f4 Fix a typo in recent net man page changes
       via  f50cb3a0fbf libcli ldap tests: remove use of zero length array
      from  7b1bac7d084 Add net-ads-join dnshostname=fqdn option

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-12-test


- Log -----------------------------------------------------------------
commit 3db89a6c8809fd7ff733ab1b7d401ea202f29ab0
Author: Alexander Bokovoy <ab at samba.org>
Date:   Thu Jun 18 10:45:41 2020 +0300

    ldb_ldap: fix off-by-one increment in lldb_add_msg_attr
    
    Fix regression introduced by commit ce2bf5c72b6423fff680b3d6a9042103a6cdda55
    
    lldb_add_msg_attr() calls ldb_msg_add_empty() which, in turn, calls
    calls _ldb_msg_add_el() which already increments msg->num_elements by one.
    
    As a result, msg->num_elements is bigger than the actual number of
    elements and any iteration over elements would step over elements array
    boundary.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14413
    Signed-off-by: Alexander Bokovoy <ab at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    
    Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
    Autobuild-Date(master): Fri Jun 19 08:35:33 UTC 2020 on sn-devel-184
    
    (cherry picked from commit 990a0fc4a0481aed817fad7575d8df453fbe7af9)
    
    Autobuild-User(v4-12-test): Karolin Seeger <kseeger at samba.org>
    Autobuild-Date(v4-12-test): Wed Jun 24 11:22:16 UTC 2020 on sn-devel-184

commit 1049c5776f8b28ac15c3752eb2becee75e15cd45
Author: Alexander Bokovoy <ab at samba.org>
Date:   Thu Jun 18 11:49:08 2020 +0300

    lib/ldb: add unit test for ldb_ldap internal code
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14413
    Signed-off-by: Alexander Bokovoy <ab at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    (cherry picked from commit 36bd6edd8a603f3aa34aff81c43ef26efd3ad4cf)

commit 0ac77960440f69e47ad52f134ecc95133c3c2353
Author: Isaac Boukris <iboukris at gmail.com>
Date:   Sat Jun 20 17:17:33 2020 +0200

    Fix usage of ldap_get_values_len for msDS-AdditionalDnsHostName
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14406
    
    Signed-off-by: Isaac Boukris <iboukris at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    
    Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
    Autobuild-Date(master): Mon Jun 22 09:59:04 UTC 2020 on sn-devel-184

commit 0e668997c83bcd4c736a86bd78803992225fd4dd
Author: Isaac Boukris <iboukris at gmail.com>
Date:   Thu Jun 11 16:51:27 2020 +0300

    Properly handle msDS-AdditionalDnsHostName returned from Windows DC
    
    Windows DC adds short names for each specified msDS-AdditionalDnsHostName
    attribute, but these have a suffix of "\0$" and thus fail with
    ldap_get_values(), use ldap_get_values_len() instead.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14406
    
    Signed-off-by: Isaac Boukris <iboukris at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit 60e7328219169d949e5a864e322fb2de57c4ffd3
Author: Isaac Boukris <iboukris at gmail.com>
Date:   Tue Jun 16 22:01:49 2020 +0300

    selftest: add tests for binary msDS-AdditionalDnsHostName
    
    Like the short names added implicitly by Windows DC.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14406
    
    Signed-off-by: Isaac Boukris <iboukris at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit 63c70acd4f473d709c25a7c35398db98d4504981
Author: Isaac Boukris <iboukris at gmail.com>
Date:   Thu Jun 11 21:05:07 2020 +0300

    Fix a typo in recent net man page changes
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14406
    
    Signed-off-by: Isaac Boukris <iboukris at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit f50cb3a0fbf403a8c40329a446d15648a04a3c79
Author: Gary Lockyer <gary at catalyst.net.nz>
Date:   Mon Jun 22 13:42:56 2020 +1200

    libcli ldap tests: remove use of zero length array
    
    libcli/ldap/tests/ldap_message_test.c defines a zero length array
    (uint8_t buf[0]), which is a GCC extension and breaks the build with
    some strict compilers like xlc.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14387
    
    Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    
    Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
    Autobuild-Date(master): Tue Jun 23 02:15:35 UTC 2020 on sn-devel-184
    
    (cherry picked from commit d701bc1518766f36b1c7a3a00a82485098a8ee3d)

-----------------------------------------------------------------------

Summary of changes:
 docs-xml/manpages/net.8.xml           |   2 +-
 lib/ldb/ldb_ldap/ldb_ldap.c           |   2 -
 lib/ldb/tests/lldb_ldap.c             | 105 ++++++++++++++++++++++++++++++++++
 lib/ldb/wscript                       |  14 +++++
 libcli/ldap/tests/ldap_message_test.c |   2 +-
 source3/libads/ldap.c                 |  42 +++++++++++++-
 testprogs/blackbox/test_net_ads.sh    |  22 +++++++
 7 files changed, 182 insertions(+), 7 deletions(-)
 create mode 100644 lib/ldb/tests/lldb_ldap.c


Changeset truncated at 500 lines:

diff --git a/docs-xml/manpages/net.8.xml b/docs-xml/manpages/net.8.xml
index cbab9c63a5e..951ddcd7c3a 100644
--- a/docs-xml/manpages/net.8.xml
+++ b/docs-xml/manpages/net.8.xml
@@ -497,7 +497,7 @@ joining the domain.
 </para>
 
 <para>
-[FQDN] (ADS only) set the dnsHosName attribute during the join.
+[FQDN] (ADS only) set the dnsHostName attribute during the join.
 The default format is netbiosname.dnsdomain.
 </para>
 
diff --git a/lib/ldb/ldb_ldap/ldb_ldap.c b/lib/ldb/ldb_ldap/ldb_ldap.c
index d7222997732..0531f8a62ae 100644
--- a/lib/ldb/ldb_ldap/ldb_ldap.c
+++ b/lib/ldb/ldb_ldap/ldb_ldap.c
@@ -176,8 +176,6 @@ static int lldb_add_msg_attr(struct ldb_context *ldb,
 		el->num_values++;
 	}
 
-	msg->num_elements++;
-
 	return 0;
 }
 
diff --git a/lib/ldb/tests/lldb_ldap.c b/lib/ldb/tests/lldb_ldap.c
new file mode 100644
index 00000000000..eea9f22f6b9
--- /dev/null
+++ b/lib/ldb/tests/lldb_ldap.c
@@ -0,0 +1,105 @@
+/*
+ * from cmocka.c:
+ * These headers or their equivalents should be included prior to
+ * including
+ * this header file.
+ *
+ * #include <stdarg.h>
+ * #include <stddef.h>
+ * #include <setjmp.h>
+ *
+ * This allows test applications to use custom definitions of C standard
+ * library functions and types.
+ */
+#include <stdarg.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <setjmp.h>
+#include <cmocka.h>
+
+#include <errno.h>
+#include <unistd.h>
+#include <talloc.h>
+
+#include <ldb.h>
+#include <ldb_private.h>
+#include <string.h>
+#include <ctype.h>
+
+int ldb_ldap_init(const char *version);
+
+#include "ldb_ldap/ldb_ldap.c"
+
+struct test_ctx {
+	struct tevent_context *ev;
+	struct ldb_context *ldb;
+	struct ldb_message *msg;
+};
+
+static int lldb_msg_setup(void **state)
+{
+	struct test_ctx *test_ctx;
+
+	test_ctx = talloc_zero(NULL, struct test_ctx);
+	assert_non_null(test_ctx);
+
+	test_ctx->ev = tevent_context_init(test_ctx);
+	assert_non_null(test_ctx->ev);
+
+	test_ctx->ldb = ldb_init(test_ctx, test_ctx->ev);
+	assert_non_null(test_ctx->ldb);
+
+	test_ctx->msg = ldb_msg_new(test_ctx);
+	assert_non_null(test_ctx->msg);
+
+	*state = test_ctx;
+	return 0;
+}
+
+static int lldb_msg_teardown(void **state)
+{
+	struct test_ctx *test_ctx = talloc_get_type_abort(*state,
+							  struct test_ctx);
+
+	talloc_free(test_ctx);
+	return 0;
+}
+
+static void test_lldb_add_msg_attr(void **state)
+{
+	struct test_ctx *test_ctx = talloc_get_type_abort(*state,
+							  struct test_ctx);
+	struct ldb_message *msg = test_ctx->msg;
+	int ret;
+	unsigned int num_elements = 0;
+	struct berval **v = NULL;
+
+	v = talloc_zero_array(test_ctx, struct berval *, 2);
+	assert_non_null(v);
+
+	v[0] = talloc_zero(v, struct berval);
+	assert_non_null(v[0]);
+
+	v[0]->bv_val = talloc_strdup(msg, "dc=example,dc=test");
+	assert_non_null(v[0]->bv_val);
+
+	v[0]->bv_len = strlen(v[0]->bv_val);
+
+	num_elements = msg->num_elements;
+
+	ret = lldb_add_msg_attr(test_ctx->ldb, msg, "defaultNamingContext", v);
+	assert_int_equal(ret, LDB_SUCCESS);
+	assert_int_equal(msg->num_elements, num_elements + 1);
+}
+
+
+int main(int argc, const char **argv)
+{
+	const struct CMUnitTest tests[] = {
+		cmocka_unit_test_setup_teardown(test_lldb_add_msg_attr,
+						lldb_msg_setup,
+						lldb_msg_teardown),
+	};
+
+	return cmocka_run_group_tests(tests, NULL, NULL);
+}
diff --git a/lib/ldb/wscript b/lib/ldb/wscript
index 86b83c1b5cc..526fe497c13 100644
--- a/lib/ldb/wscript
+++ b/lib/ldb/wscript
@@ -527,6 +527,15 @@ def build(bld):
                          deps='cmocka ldb ldb_tdb_err_map',
                          install=False)
 
+        # If both libldap and liblber are available, test ldb_ldap
+        # code for a regression of bz#14413 -- even if we don't build
+        # it ourselves and simply using the system version
+        if bld.env.LIB_LDAP and bld.env.LIB_LBER:
+            bld.SAMBA_BINARY('lldb_ldap_test',
+                             source='tests/lldb_ldap.c',
+                             deps='cmocka talloc lber ldap ldb',
+                             install=False)
+
         if bld.CONFIG_SET('HAVE_LMDB'):
             bld.SAMBA_BINARY('ldb_mdb_mod_op_test',
                              source='tests/ldb_mod_op_test.c',
@@ -628,6 +637,11 @@ def test(ctx):
                  # 'ldb_key_value_sub_txn_tdb_test'
                  'ldb_parse_test']
 
+    # if LIB_LDAP and LIB_LBER defined, then we can test ldb_ldap backend
+    # behavior regression for bz#14413
+    if env.LIB_LDAP and env.LIB_LBER:
+        test_exes += ["lldb_ldap_test"]
+
     if env.HAVE_LMDB:
         test_exes += ['ldb_mdb_mod_op_test',
                      'ldb_lmdb_test',
diff --git a/libcli/ldap/tests/ldap_message_test.c b/libcli/ldap/tests/ldap_message_test.c
index c5aacd4bc6b..f4b49bc47bc 100644
--- a/libcli/ldap/tests/ldap_message_test.c
+++ b/libcli/ldap/tests/ldap_message_test.c
@@ -115,7 +115,7 @@ static void test_empty_input(void **state)
 	struct asn1_data *asn1;
 	struct ldap_message *ldap_msg;
 	NTSTATUS status;
-	uint8_t buf[0];
+	uint8_t *buf = NULL;
 	size_t len = 0;
 	struct ldap_request_limits limits = {
 		.max_search_size = 256000,
diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index f6fde5e19e1..7ef7e7e8420 100755
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -3669,6 +3669,44 @@ out:
 /********************************************************************
 ********************************************************************/
 
+static char **get_addl_hosts(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx,
+			      LDAPMessage *msg, size_t *num_values)
+{
+	const char *field = "msDS-AdditionalDnsHostName";
+	struct berval **values = NULL;
+	char **ret = NULL;
+	size_t i, converted_size;
+
+	values = ldap_get_values_len(ads->ldap.ld, msg, field);
+	if (values == NULL) {
+		return NULL;
+	}
+
+	*num_values = ldap_count_values_len(values);
+
+	ret = talloc_array(mem_ctx, char *, *num_values + 1);
+	if (ret == NULL) {
+		ldap_value_free_len(values);
+		return NULL;
+	}
+
+	for (i = 0; i < *num_values; i++) {
+		ret[i] = NULL;
+		if (!convert_string_talloc(mem_ctx, CH_UTF8, CH_UNIX,
+					   values[i]->bv_val,
+					   strnlen(values[i]->bv_val,
+						   values[i]->bv_len),
+					   &ret[i], &converted_size)) {
+			ldap_value_free_len(values);
+			return NULL;
+		}
+	}
+	ret[i] = NULL;
+
+	ldap_value_free_len(values);
+	return ret;
+}
+
 ADS_STATUS ads_get_additional_dns_hostnames(TALLOC_CTX *mem_ctx,
 					    ADS_STRUCT *ads,
 					    const char *machine_name,
@@ -3694,9 +3732,7 @@ ADS_STATUS ads_get_additional_dns_hostnames(TALLOC_CTX *mem_ctx,
 		goto done;
 	}
 
-	*hostnames_array = ads_pull_strings(ads, mem_ctx, res,
-					    "msDS-AdditionalDnsHostName",
-					    num_hostnames);
+	*hostnames_array = get_addl_hosts(ads, mem_ctx, res, num_hostnames);
 	if (*hostnames_array == NULL) {
 		DEBUG(1, ("Host account for %s does not have msDS-AdditionalDnsHostName.\n",
 			  machine_name));
diff --git a/testprogs/blackbox/test_net_ads.sh b/testprogs/blackbox/test_net_ads.sh
index 85257f445d8..eef4a31a6a7 100755
--- a/testprogs/blackbox/test_net_ads.sh
+++ b/testprogs/blackbox/test_net_ads.sh
@@ -41,6 +41,11 @@ if [ -x "$BINDIR/ldbdel" ]; then
 	ldbdel="$BINDIR/ldbdel"
 fi
 
+ldbmodify="ldbmodify"
+if [ -x "$BINDIR/ldbmodify" ]; then
+	ldbmodify="$BINDIR/ldbmodify"
+fi
+
 # Load test functions
 . `dirname $0`/subunit.sh
 
@@ -217,12 +222,29 @@ testit_grep "dns alias SPN" $dns_alias2 $VALGRIND $net_tool ads search -P samacc
 testit_grep "dns alias addl" $dns_alias1 $VALGRIND $net_tool ads search -P samaccountname=$netbios\$ msDS-AdditionalDnsHostName || failed=`expr $failed + 1`
 testit_grep "dns alias addl" $dns_alias2 $VALGRIND $net_tool ads search -P samaccountname=$netbios\$ msDS-AdditionalDnsHostName || failed=`expr $failed + 1`
 
+# Test binary msDS-AdditionalDnsHostName like ones added by Windows DC
+short_alias_file="$PREFIX_ABS/short_alias_file"
+printf 'short_alias\0$' > $short_alias_file
+cat > $PREFIX_ABS/tmpldbmodify <<EOF
+dn: CN=$HOSTNAME,$computers_dn
+changetype: modify
+add: msDS-AdditionalDnsHostName
+msDS-AdditionalDnsHostName:< file://$short_alias_file
+EOF
+
+testit "add binary msDS-AdditionalDnsHostName" $VALGRIND $ldbmodify -k yes -U$DC_USERNAME%$DC_PASSWORD -H ldap://$SERVER.$REALM $PREFIX_ABS/tmpldbmodify || failed=`expr $failed + 1`
+
+testit_grep "addl short alias" short_alias $ldbsearch --show-binary -U$DC_USERNAME%$DC_PASSWORD -H ldap://$SERVER.$REALM -s base -b "CN=$HOSTNAME,CN=Computers,$base_dn" msDS-AdditionalDnsHostName || failed=`expr $failed + 1`
+
+rm -f $PREFIX_ABS/tmpldbmodify $short_alias_file
+
 dedicated_keytab_file="$PREFIX_ABS/test_dns_aliases_dedicated_krb5.keytab"
 
 testit "dns alias create_keytab" $VALGRIND $net_tool ads keytab create --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" || failed=`expr $failed + 1`
 
 testit_grep "dns alias1 check keytab" "host/${dns_alias1}@$REALM" $net_tool ads keytab list --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" || failed=`expr $failed + 1`
 testit_grep "dns alias2 check keytab" "host/${dns_alias2}@$REALM" $net_tool ads keytab list --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" || failed=`expr $failed + 1`
+testit_grep "addl short check keytab" "host/short_alias@$REALM" $net_tool ads keytab list --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" || failed=`expr $failed + 1`
 
 rm -f $dedicated_keytab_file
 


-- 
Samba Shared Repository



More information about the samba-cvs mailing list