[SCM] Samba Shared Repository - branch v4-14-test updated

Jule Anger janger at samba.org
Mon Oct 4 10:44:01 UTC 2021


The branch, v4-14-test has been updated
       via  b66b172bb57 samldb: Address birthday paradox adding an RODC
      from  5a90b3e832c pyldb: Avoid use-after-free in msg_diff()

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-14-test


- Log -----------------------------------------------------------------
commit b66b172bb57d0ad0693daac0ec86c49295526de2
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Mon Jul 5 15:57:09 2021 +1200

    samldb: Address birthday paradox adding an RODC
    
    It is possible that the randomly chosen RODC number will be one
    that is already in use.  The samldb_krbtgtnumber_available()
    function was meant to prevent that, but due to a typo did not.
    
    There is no other race here as the whole thing is inside a transaction,
    and we have duplicate protection on samAccountName, so the failure
    looked like this:
    
    ...
    Adding CN=krbtgt_TESTRODCDRS5320202,CN=Users,DC=samba,DC=example,DC=com
    UNEXPECTED(error): samba4.drs.repl_rodc.python(ad_dc_ntvfs).repl_rodc.DrsRodcTestCase.test_msDSRevealedUsers_admin(ad_dc_ntvfs)
    REASON: Exception: Exception: Traceback (most recent call last):
      File "/m/abartlet/aMASTER/b1635147/samba-def-build/source4/torture/drs/python/repl_rodc.py", line 111, in setUp
        self._create_rodc(self.rodc_ctx)
      File "/m/abartlet/aMASTER/b1635147/samba-def-build/source4/torture/drs/python/repl_rodc.py", line 693, in _create_rodc
        ctx.join_add_objects()
      File "bin/python/samba/join.py", line 641, in join_add_objects
        ctx.add_krbtgt_account()
      File "bin/python/samba/join.py", line 429, in add_krbtgt_account
        ctx.samdb.add(rec, ["rodc_join:1:1"])
    _ldb.LdbError: (68, "LDAP error 68 LDAP_ENTRY_ALREADY_EXISTS -  <00002071: samldb: samAccountName krbtgt_4405 already in use!> <>")
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14854
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    
    Autobuild-User(master): Jeremy Allison <jra at samba.org>
    Autobuild-Date(master): Fri Oct  1 20:50:37 UTC 2021 on sn-devel-184
    
    (cherry picked from commit b6d60e8f4d06ca9733a4cc3094312a3dc456a656)
    
    Autobuild-User(v4-14-test): Jule Anger <janger at samba.org>
    Autobuild-Date(v4-14-test): Mon Oct  4 10:43:15 UTC 2021 on sn-devel-184

-----------------------------------------------------------------------

Summary of changes:
 source4/dsdb/samdb/ldb_modules/samldb.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c
index f1e0b5cf650..f7d65e1bb4f 100644
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -652,7 +652,7 @@ static bool samldb_krbtgtnumber_available(struct samldb_ctx *ac,
 				 LDB_SCOPE_SUBTREE, no_attrs,
 				 DSDB_FLAG_NEXT_MODULE,
 				 ac->req,
-				 "(msDC-SecondaryKrbTgtNumber=%u)",
+				 "(msDS-SecondaryKrbTgtNumber=%u)",
 				 krbtgt_number);
 	if (ret == LDB_SUCCESS && res->count == 0) {
 		talloc_free(tmp_ctx);
@@ -670,7 +670,7 @@ static int samldb_rodc_add(struct samldb_ctx *ac)
 	int ret;
 	struct ldb_val newpass_utf16;
 
-	/* find a unused msDC-SecondaryKrbTgtNumber */
+	/* find a unused msDS-SecondaryKrbTgtNumber */
 	i_start = generate_random() & 0xFFFF;
 	if (i_start == 0) {
 		i_start = 1;


-- 
Samba Shared Repository



More information about the samba-cvs mailing list