[SCM] Samba Shared Repository - branch v4-16-test updated
Jule Anger
janger at samba.org
Wed Jul 27 10:50:07 UTC 2022
The branch, v4-16-test has been updated
via ae0977177bd VERSION: Bump version up to Samba 4.16.5...
via 9618af1b66a VERSION: Disable GIT_SNAPSHOT for the 4.16.4 release.
via b0ad1276b5e WHATSNEW: Add release notes for Samba 4.16.4.
via 74946420dd5 CVE-2022-32742: s3: smbd: Harden the smbreq_bufrem() macro.
via ed3f82f4d70 CVE-2022-32742: s4: torture: Add raw.write.bad-write test.
via e650b41ff90 CVE-2022-2031 testprogs: Add test for short-lived ticket across an incoming trust
via a46dd2846f3 CVE-2022-2031 s4:kpasswd: Do not accept TGTs as kpasswd tickets
via 8c0f421852d CVE-2022-2031 s4:auth: Use PAC to determine whether ticket is a TGT
via 9895018b64c CVE-2022-2031 auth: Add ticket type field to auth_user_info_dc and auth_session_info
via ff66f68a11c CVE-2022-2031 tests/krb5: Add test that we cannot provide a TGT to kpasswd
via 7ee246ef9ca CVE-2022-32744 s4:kpasswd: Ensure we pass the kpasswd server principal into krb5_rd_req_ctx()
via c9e1949fa8e CVE-2022-32744 s4:kdc: Modify HDB plugin to only look up kpasswd principal
via fa198ce28f8 s4:kdc: Remove kadmin mode from HDB plugin
via d03021791b8 CVE-2022-32744 s4:kdc: Rename keytab_name -> kpasswd_keytab_name
via 0cb4100d16d CVE-2022-2031 s4:kdc: Don't use strncmp to compare principal components
via 1f54e16cf1d CVE-2022-2031 tests/krb5: Test truncated forms of server principals
via 8d8ffbfc7b5 CVE-2022-32744 s4:kdc: Don't allow HDB keytab iteration
via 90e53b8eae9 CVE-2022-2031 s4:kdc: Reject tickets during the last two minutes of their life
via b77fb6e636c CVE-2022-2031 third_party/heimdal: Add function to get current KDC time
via f70ada5eb45 CVE-2022-2031 s4:kdc: Limit kpasswd ticket lifetime to two minutes or less
via fb7391ca60e CVE-2022-2031 s4:kdc: Fix canonicalisation of kadmin/changepw principal
via 2b63f021e59 CVE-2022-2031 s4:kdc: Refactor samba_kdc_get_entry_principal()
via 9022a69aebf CVE-2022-2031 s4:kdc: Split out a samba_kdc_get_entry_principal() function
via ada799129eb CVE-2022-2031 s4:kdc: Implement is_kadmin_changepw() helper function
via 4aafa72991c CVE-2022-2031 testprogs: Add kadmin/changepw canonicalization test with MIT kpasswd
via 3761a6e8713 CVE-2022-2031 testprogs: Fix auth with smbclient and krb5 ccache
via 59d656406f5 s4:kpasswd: Restructure code for clarity
via b8d97f5bd55 CVE-2022-2031 s4:kpasswd: Require an initial ticket
via eade23880ec CVE-2022-2031 gensec_krb5: Add helper function to check if client sent an initial ticket
via 393c18b53ec CVE-2022-2031 s4:kpasswd: Return a kpasswd error code in KRB-ERROR
via 99bbd95a1d6 CVE-2022-2031 lib:krb5_wrap: Generate valid error codes in smb_krb5_mk_error()
via 63d6af6ed70 CVE-2022-2031 s4:kpasswd: Don't return AP-REP on failure
via 705e7ff46d6 CVE-2022-2031 s4:kpasswd: Correctly generate error strings
via 8a4f07c2ca2 CVE-2022-2031 tests/krb5: Add tests for kpasswd service
via 4af92867274 CVE-2022-32744 selftest: Specify Administrator kvno for Python krb5 tests
via c84eb0e6736 CVE-2022-2031 tests/krb5: Add kpasswd_exchange() method
via 06c7f3d3f67 CVE-2022-2031 tests/krb5: Allow requesting a TGT to a different sname and realm
via 3e52255fd16 tests/krb5: Add option for creating accounts with expired passwords
via a907564b698 tests/krb5: Fix enum typo
via 5f32710d678 CVE-2022-2031 tests/krb5: Add methods to send and receive generic messages
via 82bfffcdc3c CVE-2022-2031 tests/krb5: Add 'port' parameter to connect()
via 7cc2b1ac553 CVE-2022-2031 tests/krb5: Add methods to create ASN1 kpasswd structures
via a0efc5bc0ae CVE-2022-2031 tests/krb5: Add new definitions for kpasswd
via 7c9faf1aacc CVE-2022-32744 tests/krb5: Correctly calculate salt for pre-existing accounts
via 3034c1933c2 CVE-2022-2031 tests/krb5: Split out _make_tgs_request()
via af53dbec65c CVE-2022-32744 tests/krb5: Correctly handle specifying account kvno
via 3bd5df466cb CVE-2022-2031 s4:kpasswd: Add MIT fallback for decoding setpw structure
via f706dcd5ddc CVE-2022-2031 s4:kpasswd: Account for missing target principal
via 52b953bfc18 CVE-2022-2031 third_party/heimdal: Check generate_pac() return code
via 628534b4dcf CVE-2022-2031 s4:kdc: Add MIT support for ATTRIBUTES_INFO and REQUESTER_SID PAC buffers
via 06444c0d4ea selftest: Simplify krb5 test environments
via 191adf2cf38 tests/krb5: Add helper function to modify ticket flags
via 23f770ed910 s4:kdc: Also cannoicalize krbtgt principals when enforcing canonicalization
via e0d25e172c4 CVE-2022-32745 s4/dsdb/util: Correctly copy values into message element
via 701aef133fd CVE-2022-32745 s4/dsdb/util: Don't call memcpy() with a NULL pointer
via f2ded77168d CVE-2022-32745 s4/dsdb/util: Use correct value for loop count limit
via 1d7690b000f CVE-2022-32745 s4/dsdb/samldb: Check for empty values array
via 90ef792d904 CVE-2022-32746 ldb: Release LDB 2.5.2
via 18b73e01ca4 CVE-2022-32746 ldb: Make use of functions for appending to an ldb_message
via c0127af98b2 CVE-2022-32746 ldb: Add functions for appending to an ldb_message
via a7a59c540ba CVE-2022-32746 ldb: Ensure shallow copy modifications do not affect original message
via 513574283d9 CVE-2022-32746 ldb: Add flag to mark message element values as shared
via 77d87117744 CVE-2022-32746 s4/registry: Use LDB_FLAG_MOD_TYPE() for flags equality check
via 738955d0e14 CVE-2022-32746 s4/dsdb/tombstone_reanimate: Use LDB_FLAG_MOD_TYPE() for flags equality check
via f2ee4c78d95 CVE-2022-32746 s4/dsdb/repl_meta_data: Use LDB_FLAG_MOD_TYPE() for flags equality check
via ef8e25cf53f CVE-2022-32746 ldb:rdn_name: Use LDB_FLAG_MOD_TYPE() for flags equality check
via b436fa43f29 CVE-2022-32746 s4/dsdb/acl: Fix LDB flags comparison
via e46e43f76e7 CVE-2022-32746 s4:torture: Fix LDB flags comparison
via 59cd645b395 CVE-2022-32746 s4/dsdb/partition: Fix LDB flags comparison
via c83967ad71a CVE-2022-32746 s4:dsdb:tests: Add test for deleting a disallowed SPN
via 16f3112687e CVE-2022-32746 s4/dsdb/objectclass_attrs: Fix typo
from f44ba288796 VERSION: Bump version up to Samba 4.16.4...
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-16-test
- Log -----------------------------------------------------------------
commit ae0977177bd0b5316f8dc0a600fc23d46ccae7df
Author: Jule Anger <janger at samba.org>
Date: Wed Jul 27 12:49:29 2022 +0200
VERSION: Bump version up to Samba 4.16.5...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 71 +-
auth/auth_sam_reply.c | 2 +-
auth/auth_util.c | 2 +-
lib/krb5_wrap/krb5_samba.c | 2 +-
lib/ldb/ABI/{ldb-2.0.5.sigs => ldb-2.5.2.sigs} | 8 +
...pyldb-util-2.1.0.sigs => pyldb-util-2.5.2.sigs} | 0
lib/ldb/common/ldb_msg.c | 260 ++++-
lib/ldb/include/ldb.h | 30 +
lib/ldb/include/ldb_module.h | 6 +
lib/ldb/ldb_map/ldb_map.c | 5 +-
lib/ldb/ldb_map/ldb_map_inbound.c | 9 +-
lib/ldb/modules/rdn_name.c | 24 +-
lib/ldb/wscript | 2 +-
librpc/idl/auth.idl | 23 +
python/samba/tests/krb5/as_req_tests.py | 30 +-
python/samba/tests/krb5/kdc_base_test.py | 135 ++-
python/samba/tests/krb5/kdc_tgs_tests.py | 102 +-
python/samba/tests/krb5/kpasswd_tests.py | 1049 ++++++++++++++++++++
python/samba/tests/krb5/raw_testcase.py | 425 +++++++-
python/samba/tests/krb5/rfc4120.asn1 | 6 +
python/samba/tests/krb5/rfc4120_constants.py | 13 +
python/samba/tests/krb5/rfc4120_pyasn1.py | 13 +-
python/samba/tests/krb5/s4u_tests.py | 17 +-
python/samba/tests/usage.py | 1 +
selftest/knownfail_mit_kdc | 11 +-
source3/include/smb_macros.h | 2 +-
source3/passdb/pdb_samba_dsdb.c | 14 +-
source3/smbd/reply.c | 4 +-
source4/auth/gensec/gensec_krb5.c | 20 +-
source4/auth/gensec/gensec_krb5_helpers.c | 72 ++
.../auth/gensec/gensec_krb5_helpers.h | 25 +-
.../auth/gensec/gensec_krb5_internal.h | 37 +-
source4/auth/gensec/wscript_build | 4 +
source4/auth/kerberos/kerberos_pac.c | 44 +
source4/auth/ntlm/auth_developer.c | 2 +-
source4/auth/sam.c | 2 +-
source4/auth/session.c | 2 +
source4/auth/system_session.c | 6 +-
source4/dns_server/dnsserver_common.c | 12 +-
source4/dsdb/common/util.c | 134 ++-
source4/dsdb/samdb/ldb_modules/acl.c | 5 +-
source4/dsdb/samdb/ldb_modules/descriptor.c | 10 +-
source4/dsdb/samdb/ldb_modules/objectclass_attrs.c | 2 +-
source4/dsdb/samdb/ldb_modules/objectguid.c | 20 +-
source4/dsdb/samdb/ldb_modules/partition.c | 4 +-
source4/dsdb/samdb/ldb_modules/partition_init.c | 14 +-
source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 32 +-
source4/dsdb/samdb/ldb_modules/samldb.c | 82 +-
.../dsdb/samdb/ldb_modules/tombstone_reanimate.c | 16 +-
source4/dsdb/samdb/ldb_modules/util.c | 14 +-
source4/dsdb/tests/python/acl.py | 26 +
source4/kdc/db-glue.c | 242 +++--
source4/kdc/hdb-samba4-plugin.c | 37 +-
source4/kdc/hdb-samba4.c | 66 ++
source4/kdc/kdc-glue.h | 3 +
source4/kdc/kdc-heimdal.c | 6 +-
source4/kdc/kdc-server.h | 2 +-
source4/kdc/kdc-service-mit.c | 4 +-
source4/kdc/kpasswd-helper.c | 33 +-
source4/kdc/kpasswd-helper.h | 2 +
source4/kdc/kpasswd-service-heimdal.c | 76 +-
source4/kdc/kpasswd-service-mit.c | 146 ++-
source4/kdc/kpasswd-service.c | 36 +-
source4/kdc/mit-kdb/kdb_samba_principals.c | 2 +-
source4/kdc/mit_samba.c | 79 +-
source4/kdc/samba_kdc.h | 2 +
source4/kdc/wdc-samba4.c | 26 +
source4/kdc/wscript_build | 1 +
source4/lib/registry/ldb.c | 2 +-
source4/nbt_server/wins/winsdb.c | 13 +-
source4/rpc_server/lsa/dcesrv_lsa.c | 55 +-
source4/selftest/tests.py | 244 +----
source4/torture/drs/rpc/dssync.c | 4 +-
source4/torture/raw/write.c | 89 ++
source4/winbind/idmap.c | 10 +-
testprogs/blackbox/test_kinit_trusts_heimdal.sh | 6 +-
testprogs/blackbox/test_kpasswd_heimdal.sh | 39 +-
third_party/heimdal/kdc/kerberos5.c | 4 +-
third_party/heimdal/kdc/libkdc-exports.def | 1 +
third_party/heimdal/kdc/process.c | 6 +
third_party/heimdal/kdc/version-script.map | 1 +
82 files changed, 3193 insertions(+), 897 deletions(-)
copy lib/ldb/ABI/{ldb-2.0.5.sigs => ldb-2.5.2.sigs} (96%)
copy lib/ldb/ABI/{pyldb-util-2.1.0.sigs => pyldb-util-2.5.2.sigs} (100%)
create mode 100755 python/samba/tests/krb5/kpasswd_tests.py
create mode 100644 source4/auth/gensec/gensec_krb5_helpers.c
copy source3/include/srvstr.h => source4/auth/gensec/gensec_krb5_helpers.h (65%)
copy libcli/smbreadline/smbreadline.h => source4/auth/gensec/gensec_krb5_internal.h (51%)
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index 43f48a178f9..cbb30ab0699 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=16
-SAMBA_VERSION_RELEASE=4
+SAMBA_VERSION_RELEASE=5
########################################################
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index f6d5cc5331e..c9146b8ef29 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,71 @@
+ ==============================
+ Release Notes for Samba 4.16.4
+ July 27, 2022
+ ==============================
+
+
+This is a security release in order to address the following defects:
+
+o CVE-2022-2031: Samba AD users can bypass certain restrictions associated with
+ changing passwords.
+ https://www.samba.org/samba/security/CVE-2022-2031.html
+
+o CVE-2022-32744: Samba AD users can forge password change requests for any user.
+ https://www.samba.org/samba/security/CVE-2022-32744.html
+
+o CVE-2022-32745: Samba AD users can crash the server process with an LDAP add
+ or modify request.
+ https://www.samba.org/samba/security/CVE-2022-32745.html
+
+o CVE-2022-32746: Samba AD users can induce a use-after-free in the server
+ process with an LDAP add or modify request.
+ https://www.samba.org/samba/security/CVE-2022-32746.html
+
+o CVE-2022-32742: Server memory information leak via SMB1.
+ https://www.samba.org/samba/security/CVE-2022-32742.html
+
+Changes since 4.16.3
+--------------------
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 15085: CVE-2022-32742.
+
+o Andrew Bartlett <abartlet at samba.org>
+ * BUG 15009: CVE-2022-32746.
+
+o Andreas Schneider <asn at samba.org>
+ * BUG 15047: CVE-2022-2031.
+
+o Joseph Sutton <josephsutton at catalyst.net.nz>
+ * BUG 15008: CVE-2022-32745.
+ * BUG 15009: CVE-2022-32746.
+ * BUG 15047: CVE-2022-2031.
+ * BUG 15074: CVE-2022-32744.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical:matrix.org matrix room, or
+#samba-technical IRC channel on irc.libera.chat.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
==============================
Release Notes for Samba 4.16.3
July 18, 2022
@@ -65,8 +133,7 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
==============================
Release Notes for Samba 4.16.2
June 13, 2022
diff --git a/auth/auth_sam_reply.c b/auth/auth_sam_reply.c
index fda014c87d5..173a5132964 100644
--- a/auth/auth_sam_reply.c
+++ b/auth/auth_sam_reply.c
@@ -416,7 +416,7 @@ NTSTATUS make_user_info_dc_netlogon_validation(TALLOC_CTX *mem_ctx,
return NT_STATUS_INVALID_LEVEL;
}
- user_info_dc = talloc(mem_ctx, struct auth_user_info_dc);
+ user_info_dc = talloc_zero(mem_ctx, struct auth_user_info_dc);
NT_STATUS_HAVE_NO_MEMORY(user_info_dc);
/*
diff --git a/auth/auth_util.c b/auth/auth_util.c
index fe01babd107..ec9094d0f15 100644
--- a/auth/auth_util.c
+++ b/auth/auth_util.c
@@ -44,7 +44,7 @@ struct auth_session_info *copy_session_info(TALLOC_CTX *mem_ctx,
return NULL;
}
- dst = talloc(mem_ctx, struct auth_session_info);
+ dst = talloc_zero(mem_ctx, struct auth_session_info);
if (dst == NULL) {
DBG_ERR("talloc failed\n");
TALLOC_FREE(frame);
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index 99809ffea27..4321f07ca09 100644
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -237,7 +237,7 @@ krb5_error_code smb_krb5_mk_error(krb5_context context,
return code;
}
- errpkt.error = error_code;
+ errpkt.error = error_code - ERROR_TABLE_BASE_krb5;
errpkt.text.length = 0;
if (e_text != NULL) {
diff --git a/lib/ldb/ABI/ldb-2.0.5.sigs b/lib/ldb/ABI/ldb-2.5.2.sigs
similarity index 96%
copy from lib/ldb/ABI/ldb-2.0.5.sigs
copy to lib/ldb/ABI/ldb-2.5.2.sigs
index 5049dc64ce1..40388d9e330 100644
--- a/lib/ldb/ABI/ldb-2.0.5.sigs
+++ b/lib/ldb/ABI/ldb-2.5.2.sigs
@@ -155,7 +155,14 @@ ldb_msg_add_linearized_dn: int (struct ldb_message *, const char *, struct ldb_d
ldb_msg_add_steal_string: int (struct ldb_message *, const char *, char *)
ldb_msg_add_steal_value: int (struct ldb_message *, const char *, struct ldb_val *)
ldb_msg_add_string: int (struct ldb_message *, const char *, const char *)
+ldb_msg_add_string_flags: int (struct ldb_message *, const char *, const char *, int)
ldb_msg_add_value: int (struct ldb_message *, const char *, const struct ldb_val *, struct ldb_message_element **)
+ldb_msg_append_fmt: int (struct ldb_message *, int, const char *, const char *, ...)
+ldb_msg_append_linearized_dn: int (struct ldb_message *, const char *, struct ldb_dn *, int)
+ldb_msg_append_steal_string: int (struct ldb_message *, const char *, char *, int)
+ldb_msg_append_steal_value: int (struct ldb_message *, const char *, struct ldb_val *, int)
+ldb_msg_append_string: int (struct ldb_message *, const char *, const char *, int)
+ldb_msg_append_value: int (struct ldb_message *, const char *, const struct ldb_val *, int)
ldb_msg_canonicalize: struct ldb_message *(struct ldb_context *, const struct ldb_message *)
ldb_msg_check_string_attribute: int (const struct ldb_message *, const char *, const char *)
ldb_msg_copy: struct ldb_message *(TALLOC_CTX *, const struct ldb_message *)
@@ -163,6 +170,7 @@ ldb_msg_copy_attr: int (struct ldb_message *, const char *, const char *)
ldb_msg_copy_shallow: struct ldb_message *(TALLOC_CTX *, const struct ldb_message *)
ldb_msg_diff: struct ldb_message *(struct ldb_context *, struct ldb_message *, struct ldb_message *)
ldb_msg_difference: int (struct ldb_context *, TALLOC_CTX *, struct ldb_message *, struct ldb_message *, struct ldb_message **)
+ldb_msg_element_add_value: int (TALLOC_CTX *, struct ldb_message_element *, const struct ldb_val *)
ldb_msg_element_compare: int (struct ldb_message_element *, struct ldb_message_element *)
ldb_msg_element_compare_name: int (struct ldb_message_element *, struct ldb_message_element *)
ldb_msg_element_equal_ordered: bool (const struct ldb_message_element *, const struct ldb_message_element *)
diff --git a/lib/ldb/ABI/pyldb-util-2.1.0.sigs b/lib/ldb/ABI/pyldb-util-2.5.2.sigs
similarity index 100%
copy from lib/ldb/ABI/pyldb-util-2.1.0.sigs
copy to lib/ldb/ABI/pyldb-util-2.5.2.sigs
diff --git a/lib/ldb/common/ldb_msg.c b/lib/ldb/common/ldb_msg.c
index 57dfc5a04c2..9cd7998e21c 100644
--- a/lib/ldb/common/ldb_msg.c
+++ b/lib/ldb/common/ldb_msg.c
@@ -417,6 +417,47 @@ int ldb_msg_add(struct ldb_message *msg,
return LDB_SUCCESS;
}
+/*
+ * add a value to a message element
+ */
+int ldb_msg_element_add_value(TALLOC_CTX *mem_ctx,
+ struct ldb_message_element *el,
+ const struct ldb_val *val)
+{
+ struct ldb_val *vals;
+
+ if (el->flags & LDB_FLAG_INTERNAL_SHARED_VALUES) {
+ /*
+ * Another message is using this message element's values array,
+ * so we don't want to make any modifications to the original
+ * message, or potentially invalidate its own values by calling
+ * talloc_realloc(). Make a copy instead.
+ */
+ el->flags &= ~LDB_FLAG_INTERNAL_SHARED_VALUES;
+
+ vals = talloc_array(mem_ctx, struct ldb_val,
+ el->num_values + 1);
+ if (vals == NULL) {
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ if (el->values != NULL) {
+ memcpy(vals, el->values, el->num_values * sizeof(struct ldb_val));
+ }
+ } else {
+ vals = talloc_realloc(mem_ctx, el->values, struct ldb_val,
+ el->num_values + 1);
+ if (vals == NULL) {
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+ }
+ el->values = vals;
+ el->values[el->num_values] = *val;
+ el->num_values++;
+
+ return LDB_SUCCESS;
+}
+
/*
add a value to a message
*/
@@ -426,7 +467,6 @@ int ldb_msg_add_value(struct ldb_message *msg,
struct ldb_message_element **return_el)
{
struct ldb_message_element *el;
- struct ldb_val *vals;
int ret;
el = ldb_msg_find_element(msg, attr_name);
@@ -437,14 +477,10 @@ int ldb_msg_add_value(struct ldb_message *msg,
}
}
- vals = talloc_realloc(msg->elements, el->values, struct ldb_val,
- el->num_values+1);
- if (!vals) {
- return LDB_ERR_OPERATIONS_ERROR;
+ ret = ldb_msg_element_add_value(msg->elements, el, val);
+ if (ret != LDB_SUCCESS) {
+ return ret;
}
- el->values = vals;
- el->values[el->num_values] = *val;
- el->num_values++;
if (return_el) {
*return_el = el;
@@ -473,12 +509,15 @@ int ldb_msg_add_steal_value(struct ldb_message *msg,
/*
- add a string element to a message
+ add a string element to a message, specifying flags
*/
-int ldb_msg_add_string(struct ldb_message *msg,
- const char *attr_name, const char *str)
+int ldb_msg_add_string_flags(struct ldb_message *msg,
+ const char *attr_name, const char *str,
+ int flags)
{
struct ldb_val val;
+ int ret;
+ struct ldb_message_element *el = NULL;
val.data = discard_const_p(uint8_t, str);
val.length = strlen(str);
@@ -488,7 +527,25 @@ int ldb_msg_add_string(struct ldb_message *msg,
return LDB_SUCCESS;
}
- return ldb_msg_add_value(msg, attr_name, &val, NULL);
+ ret = ldb_msg_add_value(msg, attr_name, &val, &el);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+
+ if (flags != 0) {
+ el->flags = flags;
+ }
+
+ return LDB_SUCCESS;
+}
+
+/*
+ add a string element to a message
+*/
+int ldb_msg_add_string(struct ldb_message *msg,
+ const char *attr_name, const char *str)
+{
+ return ldb_msg_add_string_flags(msg, attr_name, str, 0);
}
/*
@@ -550,6 +607,142 @@ int ldb_msg_add_fmt(struct ldb_message *msg,
return ldb_msg_add_steal_value(msg, attr_name, &val);
}
+static int ldb_msg_append_value_impl(struct ldb_message *msg,
+ const char *attr_name,
+ const struct ldb_val *val,
+ int flags,
+ struct ldb_message_element **return_el)
+{
+ struct ldb_message_element *el = NULL;
+ int ret;
+
+ ret = ldb_msg_add_empty(msg, attr_name, flags, &el);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+
+ ret = ldb_msg_element_add_value(msg->elements, el, val);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+
+ if (return_el != NULL) {
+ *return_el = el;
+ }
+
+ return LDB_SUCCESS;
+}
+
+/*
+ append a value to a message
+*/
+int ldb_msg_append_value(struct ldb_message *msg,
+ const char *attr_name,
+ const struct ldb_val *val,
+ int flags)
+{
+ return ldb_msg_append_value_impl(msg, attr_name, val, flags, NULL);
+}
+
+/*
+ append a value to a message, stealing it into the 'right' place
+*/
+int ldb_msg_append_steal_value(struct ldb_message *msg,
+ const char *attr_name,
+ struct ldb_val *val,
+ int flags)
+{
+ int ret;
+ struct ldb_message_element *el = NULL;
+
+ ret = ldb_msg_append_value_impl(msg, attr_name, val, flags, &el);
+ if (ret == LDB_SUCCESS) {
+ talloc_steal(el->values, val->data);
+ }
+ return ret;
+}
+
+/*
+ append a string element to a message, stealing it into the 'right' place
+*/
+int ldb_msg_append_steal_string(struct ldb_message *msg,
+ const char *attr_name, char *str,
+ int flags)
+{
+ struct ldb_val val;
+
+ val.data = (uint8_t *)str;
+ val.length = strlen(str);
+
+ if (val.length == 0) {
+ /* allow empty strings as non-existent attributes */
+ return LDB_SUCCESS;
+ }
+
+ return ldb_msg_append_steal_value(msg, attr_name, &val, flags);
+}
+
+/*
+ append a string element to a message
+*/
+int ldb_msg_append_string(struct ldb_message *msg,
+ const char *attr_name, const char *str, int flags)
+{
+ struct ldb_val val;
+
+ val.data = discard_const_p(uint8_t, str);
+ val.length = strlen(str);
+
+ if (val.length == 0) {
+ /* allow empty strings as non-existent attributes */
+ return LDB_SUCCESS;
+ }
+
+ return ldb_msg_append_value(msg, attr_name, &val, flags);
+}
+
+/*
+ append a DN element to a message
+ WARNING: this uses the linearized string from the dn, and does not
+ copy the string.
+*/
+int ldb_msg_append_linearized_dn(struct ldb_message *msg, const char *attr_name,
+ struct ldb_dn *dn, int flags)
+{
+ char *str = ldb_dn_alloc_linearized(msg, dn);
+
+ if (str == NULL) {
+ /* we don't want to have unknown DNs added */
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ return ldb_msg_append_steal_string(msg, attr_name, str, flags);
+}
+
+/*
+ append a printf formatted element to a message
+*/
+int ldb_msg_append_fmt(struct ldb_message *msg, int flags,
+ const char *attr_name, const char *fmt, ...)
+{
+ struct ldb_val val;
+ va_list ap;
+ char *str = NULL;
+
+ va_start(ap, fmt);
+ str = talloc_vasprintf(msg, fmt, ap);
+ va_end(ap);
+
+ if (str == NULL) {
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ val.data = (uint8_t *)str;
+ val.length = strlen(str);
+
+ return ldb_msg_append_steal_value(msg, attr_name, &val, flags);
+}
+
/*
compare two ldb_message_element structures
assumes case sensitive comparison
@@ -833,11 +1026,7 @@ void ldb_msg_sort_elements(struct ldb_message *msg)
ldb_msg_element_compare_name);
}
-/*
- shallow copy a message - copying only the elements array so that the caller
- can safely add new elements without changing the message
-*/
-struct ldb_message *ldb_msg_copy_shallow(TALLOC_CTX *mem_ctx,
+static struct ldb_message *ldb_msg_copy_shallow_impl(TALLOC_CTX *mem_ctx,
const struct ldb_message *msg)
{
struct ldb_message *msg2;
@@ -863,6 +1052,35 @@ failed:
return NULL;
}
+/*
+ shallow copy a message - copying only the elements array so that the caller
+ can safely add new elements without changing the message
+*/
+struct ldb_message *ldb_msg_copy_shallow(TALLOC_CTX *mem_ctx,
+ const struct ldb_message *msg)
+{
+ struct ldb_message *msg2;
+ unsigned int i;
+
+ msg2 = ldb_msg_copy_shallow_impl(mem_ctx, msg);
+ if (msg2 == NULL) {
+ return NULL;
+ }
+
+ for (i = 0; i < msg2->num_elements; ++i) {
+ /*
+ * Mark this message's elements as sharing their values with the
+ * original message, so that we don't inadvertently modify or
+ * free them. We don't mark the original message element as
+ * shared, so the original message element should not be
+ * modified or freed while the shallow copy lives.
+ */
+ struct ldb_message_element *el = &msg2->elements[i];
+ el->flags |= LDB_FLAG_INTERNAL_SHARED_VALUES;
+ }
+
+ return msg2;
+}
/*
copy a message, allocating new memory for all parts
@@ -873,7 +1091,7 @@ struct ldb_message *ldb_msg_copy(TALLOC_CTX *mem_ctx,
struct ldb_message *msg2;
unsigned int i, j;
- msg2 = ldb_msg_copy_shallow(mem_ctx, msg);
+ msg2 = ldb_msg_copy_shallow_impl(mem_ctx, msg);
if (msg2 == NULL) return NULL;
if (msg2->dn != NULL) {
@@ -894,6 +1112,12 @@ struct ldb_message *ldb_msg_copy(TALLOC_CTX *mem_ctx,
goto failed;
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list