[SCM] Samba Shared Repository - branch master updated

Jeremy Allison jra at samba.org
Wed Jan 12 03:10:02 UTC 2022 

The branch, master has been updated
       via  8c0391d38e5 dsdb/schema: let dsdb_syntax_DN_BINARY_drsuapi_to_ldb return WERR_DS_INVALID_ATTRIBUTE_SYNTAX
       via  8026efd6479 dsdb/schema: add no memory checks for {ldb,dsdb}_dn_get_extended_linearized()
       via  15f332a1c03 dsdb/common: dsdb_dn_construct_internal() more strict checking
       via  8115fb03b6a dsdb/schema: fix Object(OR-Name) syntax definition
       via  e16d29f719f dsdb/schema/tests: let samba4.local.dsdb.syntax call the validate_dn() hook
      from  1243f52f7ae s4:rpc_server/netlogon: let CSDVersion="" wipe operatingSystemServicePack

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 8c0391d38e53a356aabc6e2c9fdf747a1f1f16d5
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Dec 20 17:48:44 2021 +0100

    dsdb/schema: let dsdb_syntax_DN_BINARY_drsuapi_to_ldb return WERR_DS_INVALID_ATTRIBUTE_SYNTAX
    
    When Object(OR-Name) uses dsdb_syntax_DN_BINARY_drsuapi_to_ldb() it
    should genrate WERR_DS_INVALID_ATTRIBUTE_SYNTAX if the binary part
    is not empty.
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    
    Autobuild-User(master): Jeremy Allison <jra at samba.org>
    Autobuild-Date(master): Wed Jan 12 03:09:52 UTC 2022 on sn-devel-184

commit 8026efd647957bdb63e2ba98ea736ccaf3a71f4c
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Dec 20 17:46:47 2021 +0100

    dsdb/schema: add no memory checks for {ldb,dsdb}_dn_get_extended_linearized()
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit 15f332a1c0340b808730427e482e374c96e2cd20
Author: Stefan Metzmacher <metze at samba.org>
Date:   Sat Jun 5 23:12:50 2021 +0200

    dsdb/common: dsdb_dn_construct_internal() more strict checking
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit 8115fb03b6ade8d99c8acd459fc94dab5413a211
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Dec 20 17:50:07 2021 +0100

    dsdb/schema: fix Object(OR-Name) syntax definition
    
    This is a strange one, it uses DN_BINARY in the drsuapi
    representation, while the binary part must be 0 bytes.
    and the LDAP/ldb representation is a plain DN (without 'B:').
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit e16d29f719f8268b244cf7c6b20ade5d829669aa
Author: Stefan Metzmacher <metze at samba.org>
Date:   Sat Jun 5 23:12:20 2021 +0200

    dsdb/schema/tests: let samba4.local.dsdb.syntax call the validate_dn() hook
    
    This demonstrates that our OR-Name syntax is wrong,
    which wasn't noticed yet as it's not used in the AD-Schema.
    
    I noticed it by installing the Exchange-Schema on a Samba DC.
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 source4/dsdb/common/dsdb_dn.c             | 26 ++++++++++++++++++++------
 source4/dsdb/schema/schema_syntax.c       | 16 +++++++++++++---
 source4/dsdb/schema/tests/schema_syntax.c |  2 ++
 3 files changed, 35 insertions(+), 9 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/dsdb/common/dsdb_dn.c b/source4/dsdb/common/dsdb_dn.c
index 856b3048771..e348ab6aa94 100644
--- a/source4/dsdb/common/dsdb_dn.c
+++ b/source4/dsdb/common/dsdb_dn.c
@@ -47,18 +47,32 @@ static struct dsdb_dn *dsdb_dn_construct_internal(TALLOC_CTX *mem_ctx,
 						  enum dsdb_dn_format dn_format, 
 						  const char *oid) 
 {
-	struct dsdb_dn *dsdb_dn = talloc(mem_ctx, struct dsdb_dn);
+	struct dsdb_dn *dsdb_dn = NULL;
+
+	switch (dn_format) {
+	case DSDB_BINARY_DN:
+	case DSDB_STRING_DN:
+		break;
+	case DSDB_NORMAL_DN:
+		if (extra_part.length != 0) {
+			errno = EINVAL;
+			return NULL;
+		}
+		break;
+	case DSDB_INVALID_DN:
+	default:
+		errno = EINVAL;
+		return NULL;
+	}
+
+	dsdb_dn = talloc(mem_ctx, struct dsdb_dn);
 	if (!dsdb_dn) {
+		errno = ENOMEM;
 		return NULL;
 	}
 	dsdb_dn->dn = talloc_steal(dsdb_dn, dn);
 	dsdb_dn->extra_part = extra_part;
 	dsdb_dn->dn_format = dn_format;
-	/* Look to see if this attributeSyntax is a DN */
-	if (dsdb_dn->dn_format == DSDB_INVALID_DN) {
-		talloc_free(dsdb_dn);
-		return NULL;
-	}
 
 	dsdb_dn->oid = oid;
 	talloc_steal(dsdb_dn, extra_part.data);
diff --git a/source4/dsdb/schema/schema_syntax.c b/source4/dsdb/schema/schema_syntax.c
index fcf9ca4ce3c..b3df10a0217 100644
--- a/source4/dsdb/schema/schema_syntax.c
+++ b/source4/dsdb/schema/schema_syntax.c
@@ -1726,6 +1726,7 @@ static WERROR dsdb_syntax_one_DN_drsuapi_to_ldb(TALLOC_CTX *mem_ctx, struct ldb_
 
 	*out = data_blob_string_const(ldb_dn_get_extended_linearized(mem_ctx, dn, 1));
 	talloc_free(tmp_ctx);
+	W_ERROR_HAVE_NO_MEMORY(out->data);
 	return WERR_OK;
 }
 
@@ -2054,12 +2055,21 @@ static WERROR dsdb_syntax_DN_BINARY_drsuapi_to_ldb(const struct dsdb_syntax_ctx
 		/* set binary stuff */
 		dsdb_dn = dsdb_dn_construct(tmp_ctx, dn, id3.binary, attr->syntax->ldap_oid);
 		if (!dsdb_dn) {
-			/* If this fails, it must be out of memory, we know the ldap_oid is valid */
+			if (errno == EINVAL) {
+				/*
+				 * This might be Object(OR-Name)
+				 * failing because of a non empty
+				 * binary part.
+				 */
+				talloc_free(tmp_ctx);
+				return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
+			}
 			talloc_free(tmp_ctx);
 			W_ERROR_HAVE_NO_MEMORY(dsdb_dn);
 		}
 		out->values[i] = data_blob_string_const(dsdb_dn_get_extended_linearized(out->values, dsdb_dn, 1));
 		talloc_free(tmp_ctx);
+		W_ERROR_HAVE_NO_MEMORY(out->values[i].data);
 	}
 
 	return WERR_OK;
@@ -2584,8 +2594,8 @@ static const struct dsdb_syntax dsdb_syntaxes[] = {
 		.attributeSyntax_oid	= "2.5.5.7",
 		.drsuapi_to_ldb		= dsdb_syntax_DN_BINARY_drsuapi_to_ldb,
 		.ldb_to_drsuapi		= dsdb_syntax_DN_BINARY_ldb_to_drsuapi,
-		.validate_ldb		= dsdb_syntax_DN_BINARY_validate_ldb,
-		.equality		= "caseIgnoreMatch",
+		.validate_ldb		= dsdb_syntax_DN_validate_ldb,
+		.equality               = "distinguishedNameMatch",
 		.ldb_syntax		= LDB_SYNTAX_DN,
 	},{
 	/*
diff --git a/source4/dsdb/schema/tests/schema_syntax.c b/source4/dsdb/schema/tests/schema_syntax.c
index b22e110db52..7eba1029164 100644
--- a/source4/dsdb/schema/tests/schema_syntax.c
+++ b/source4/dsdb/schema/tests/schema_syntax.c
@@ -119,6 +119,8 @@ static bool torture_test_syntax(struct torture_context *torture,
 
 	torture_assert_data_blob_equal(torture, el.values[0], ldb_blob, "Incorrect conversion from DRS to ldb format");
 
+	torture_assert_werr_ok(torture, syntax->validate_ldb(&syntax_ctx, attr, &el), "Failed to validate ldb format");
+
 	torture_assert_werr_ok(torture, syntax->ldb_to_drsuapi(&syntax_ctx, attr, &el, tmp_ctx, &drs2), "Failed to convert from ldb to DRS format");
 	
 	torture_assert(torture, drs2.value_ctr.values[0].blob, "No blob returned from conversion");


-- 
Samba Shared Repository

More information about the samba-cvs mailing list