[SCM] Samba Shared Repository - branch v4-15-test updated
Jule Anger
janger at samba.org
Wed Jul 27 10:47:33 UTC 2022
The branch, v4-15-test has been updated
via c38d9d6fe9b VERSION: Bump version up to Samba 4.15.10...
via fca89646410 Merge tag 'samba-4.15.9' into v4-15-test
via c8fc01ca364 VERSION: Disable GIT_SNAPSHOT for the 4.15.9 release.
via ed0c58449ec WHATSNEW: Add release notes for Samba 4.15.9.
via a4707e4a955 CVE-2022-32742: s3: smbd: Harden the smbreq_bufrem() macro.
via d6aef6838a6 CVE-2022-32742: s4: torture: Add raw.write.bad-write test.
via 185a6d12935 CVE-2022-2031 testprogs: Add test for short-lived ticket across an incoming trust
via 63d353e7b5e CVE-2022-2031 s4:kpasswd: Do not accept TGTs as kpasswd tickets
via b7e3cb83005 CVE-2022-2031 s4:auth: Use PAC to determine whether ticket is a TGT
via be9945a4d8e CVE-2022-2031 auth: Add ticket type field to auth_user_info_dc and auth_session_info
via 22bd1bc2d73 CVE-2022-2031 tests/krb5: Add test that we cannot provide a TGT to kpasswd
via b64e1b4a510 CVE-2022-32744 s4:kpasswd: Ensure we pass the kpasswd server principal into krb5_rd_req_ctx()
via e21efbabccb CVE-2022-32744 s4:kdc: Modify HDB plugin to only look up kpasswd principal
via faa0a83813d s4:kdc: Remove kadmin mode from HDB plugin
via 4b0304ab670 CVE-2022-32744 s4:kdc: Rename keytab_name -> kpasswd_keytab_name
via 959ed604ee1 CVE-2022-2031 s4:kdc: Don't use strncmp to compare principal components
via 389a5523485 CVE-2022-2031 tests/krb5: Test truncated forms of server principals
via c7408dd944e CVE-2022-2031 s4:kdc: Reject tickets during the last two minutes of their life
via a46d0ac59f0 CVE-2022-2031 s4:kdc: Limit kpasswd ticket lifetime to two minutes or less
via 04e452890ad CVE-2022-2031 s4:kdc: Fix canonicalisation of kadmin/changepw principal
via 8b9fe095b91 CVE-2022-2031 s4:kdc: Refactor samba_kdc_get_entry_principal()
via 5e7d75d8754 CVE-2022-2031 s4:kdc: Split out a samba_kdc_get_entry_principal() function
via 3fd067c7d63 CVE-2022-2031 s4:kdc: Implement is_kadmin_changepw() helper function
via 5dd0ef19919 CVE-2022-2031 testprogs: Add kadmin/changepw canonicalization test with MIT kpasswd
via 981948677c8 CVE-2022-2031 testprogs: Fix auth with smbclient and krb5 ccache
via a1df5b86e96 s4:kpasswd: Restructure code for clarity
via 298884abb35 CVE-2022-2031 s4:kpasswd: Require an initial ticket
via 9da789c73dd CVE-2022-2031 gensec_krb5: Add helper function to check if client sent an initial ticket
via 481a70c3746 CVE-2022-2031 s4:kpasswd: Return a kpasswd error code in KRB-ERROR
via 38c83abffd3 CVE-2022-2031 lib:krb5_wrap: Generate valid error codes in smb_krb5_mk_error()
via b1003099c20 CVE-2022-2031 s4:kpasswd: Don't return AP-REP on failure
via 2ee46c16d2a CVE-2022-2031 s4:kpasswd: Correctly generate error strings
via 6fc3d93b4fe CVE-2022-2031 tests/krb5: Add tests for kpasswd service
via b2c3b060bae CVE-2022-32744 selftest: Specify Administrator kvno for Python krb5 tests
via e56d66f729b CVE-2022-2031 tests/krb5: Add kpasswd_exchange() method
via 2815de0510e CVE-2022-2031 tests/krb5: Allow requesting a TGT to a different sname and realm
via e44b70b862e tests/krb5: Add option for creating accounts with expired passwords
via 57edd8e2e04 tests/krb5: Fix enum typo
via b9e880b3d9c CVE-2022-2031 tests/krb5: Add methods to send and receive generic messages
via 3852adddff6 CVE-2022-2031 tests/krb5: Add 'port' parameter to connect()
via 39db18962f5 CVE-2022-2031 tests/krb5: Add methods to create ASN1 kpasswd structures
via 3bbb7bc57f0 CVE-2022-2031 tests/krb5: Add new definitions for kpasswd
via efb69ab420f CVE-2022-32744 tests/krb5: Correctly calculate salt for pre-existing accounts
via 440aa37cc46 CVE-2022-2031 tests/krb5: Split out _make_tgs_request()
via f4ea2a80d84 CVE-2022-32744 tests/krb5: Correctly handle specifying account kvno
via e21702d20b6 CVE-2022-2031 s4:kpasswd: Add MIT fallback for decoding setpw structure
via b0d3fd37a88 CVE-2022-2031 s4:kpasswd: Account for missing target principal
via 6199a076350 heimdal:kdc: Accommodate NULL data parameter in krb5_pac_get_buffer()
via 8f4b78907bb CVE-2022-2031 s4:kdc: Add MIT support for ATTRIBUTES_INFO and REQUESTER_SID PAC buffers
via 19d76f10310 selftest: Simplify krb5 test environments
via 9a1bee7c95d tests/krb5: Add helper function to modify ticket flags
via 3ac74c8b94d tests/krb5: Correctly determine whether tickets are service tickets
via d34d201773a kdc: Canonicalize realm for enterprise principals
via 2eef0f950bc kdc: Require that PAC_REQUESTER_SID buffer is present for TGTs
via 0426d20aeab heimdal:kdc: Do not generate extra PAC buffers for S4U2Self service ticket
via 612c769ab70 selftest: Properly check extra PAC buffers with Heimdal
via 5e6c25f1ed0 heimdal:kdc: Always generate a PAC for S4U2Self
via 992a924dfa4 tests/krb5: Add a test for S4U2Self with no authorization data required
via 081d6b571a8 kdc: Remove PAC_TYPE_ATTRIBUTES_INFO from RODC-issued tickets
via 88b71db4bb8 kdc: Don't include extra PAC buffers in service tickets
via 81a6fa876fd Revert "CVE-2020-25719 s4/torture: Expect additional PAC buffers"
via 2903a913bf3 tests/krb5: Add tests for renewal and validation of RODC TGTs with PAC requests
via 0368939b7d6 kdc: Always add the PAC if the header TGT is from an RODC
via daef3c8a360 kdc: Match Windows error code for mismatching sname
via 99a11ec7e78 tests/krb5: Add test for S4U2Self with wrong sname
via 1bd26a254f2 kdc: Adjust SID mismatch error code to match Windows
via 37f9d30cbda heimdal:kdc: Adjust no-PAC error code to match Windows
via 9b5612a88c0 s4:torture: Fix typo
via 78a82907caa heimdal:kdc: Fix error message for user-to-user
via 79ba192a73f tests/krb5: Add comments for tests that fail against Windows
via 17e724b5bbf tests/krb5: Add tests for validation with requester SID PAC buffer
via 42f09fdbdbd tests/krb5: Align PAC buffer checking to more closely match Windows with PacRequestorEnforcement=2
via e24898c41c5 tests/krb5: Add TGS-REQ tests with FAST
via 7197641eda7 tests/krb5: Add tests for TGS requests with a non-TGT
via a696ddc90a9 tests/krb5: Add tests for invalid TGTs
via 011a468c786 tests/krb5: Remove unnecessary expect_pac arguments
via 9d8786faa9f tests/krb5: Adjust error codes to better match Windows with PacRequestorEnforcement=2
via 9fbb213304e tests/krb5: Split out methods to create renewable or invalid tickets
via b797f398711 tests/krb5: Allow PasswordKey_create() to use s2kparams
via 083a777e3d2 tests/krb5: Run test_rpc against member server
via 3059417db81 tests/krb5: Deduplicate AS-REQ tests
via bc1e71396ad tests/krb5: Remove unused variable
via 8373345853a selftest: Check received LDB error code when STRICT_CHECKING=0
via f40a974045a s4:kdc: Also cannoicalize krbtgt principals when enforcing canonicalization
via c8ef1ef980a s4:mit-kdb: Force canonicalization for looking up principals
via 6af497232e4 CVE-2022-32745 s4/dsdb/util: Correctly copy values into message element
via d85bb9f5edc CVE-2022-32745 s4/dsdb/util: Don't call memcpy() with a NULL pointer
via d2dbb3b6818 CVE-2022-32745 s4/dsdb/util: Use correct value for loop count limit
via c231d424b89 CVE-2022-32745 s4/dsdb/samldb: Check for empty values array
via b686ef00da4 CVE-2022-32746 ldb: Release LDB 2.4.4
via 0446581bcce CVE-2022-32746 ldb: Make use of functions for appending to an ldb_message
via a25b97d0540 CVE-2022-32746 ldb: Add functions for appending to an ldb_message
via 3a68efe1bbb CVE-2022-32746 ldb: Ensure shallow copy modifications do not affect original message
via 1294192b821 CVE-2022-32746 ldb: Add flag to mark message element values as shared
via ba27d18c2e8 CVE-2022-32746 s4/registry: Use LDB_FLAG_MOD_TYPE() for flags equality check
via f2b821f24e9 CVE-2022-32746 s4/dsdb/tombstone_reanimate: Use LDB_FLAG_MOD_TYPE() for flags equality check
via 47e2b1080e6 CVE-2022-32746 s4/dsdb/repl_meta_data: Use LDB_FLAG_MOD_TYPE() for flags equality check
via 7c4439c7b7f CVE-2022-32746 ldb:rdn_name: Use LDB_FLAG_MOD_TYPE() for flags equality check
via 27efd19085d CVE-2022-32746 s4/dsdb/acl: Fix LDB flags comparison
via 39371352d8f CVE-2022-32746 s4:torture: Fix LDB flags comparison
via 6bc5e73000a CVE-2022-32746 s4/dsdb/partition: Fix LDB flags comparison
via e2ef0f299ae CVE-2022-32746 s4:dsdb:tests: Add test for deleting a disallowed SPN
via a258b3c0636 CVE-2022-32746 s4/dsdb/objectclass_attrs: Fix typo
from ca5abc39c1d s3:winbind: Use the canonical realm name to renew the credentials
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-15-test
- Log -----------------------------------------------------------------
commit c38d9d6fe9b20e551a038af47f9b21d7a6d2c3fd
Author: Jule Anger <janger at samba.org>
Date: Wed Jul 27 12:45:47 2022 +0200
VERSION: Bump version up to Samba 4.15.10...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit fca89646410e4a40dd5716a5f4586cd9c4755fc9
Merge: ca5abc39c1d c8fc01ca364
Author: Jule Anger <janger at samba.org>
Date: Wed Jul 27 12:43:19 2022 +0200
Merge tag 'samba-4.15.9' into v4-15-test
samba: tag release samba-4.15.9
Signed-off-by: Jule Anger <janger at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 74 +-
auth/auth_sam_reply.c | 2 +-
auth/auth_util.c | 2 +-
lib/krb5_wrap/krb5_samba.c | 2 +-
lib/ldb/ABI/{ldb-2.0.5.sigs => ldb-2.4.4.sigs} | 8 +
...pyldb-util-2.1.0.sigs => pyldb-util-2.4.4.sigs} | 0
lib/ldb/common/ldb_msg.c | 260 ++++-
lib/ldb/include/ldb.h | 30 +
lib/ldb/include/ldb_module.h | 6 +
lib/ldb/ldb_map/ldb_map.c | 5 +-
lib/ldb/ldb_map/ldb_map_inbound.c | 9 +-
lib/ldb/modules/rdn_name.c | 24 +-
lib/ldb/wscript | 2 +-
librpc/idl/auth.idl | 23 +
python/samba/tests/krb5/alias_tests.py | 7 +-
python/samba/tests/krb5/as_req_tests.py | 199 ++--
python/samba/tests/krb5/compatability_tests.py | 10 +-
python/samba/tests/krb5/kdc_base_test.py | 129 ++-
python/samba/tests/krb5/kdc_tgs_tests.py | 795 +++++++++++----
python/samba/tests/krb5/kpasswd_tests.py | 1049 ++++++++++++++++++++
.../krb5/ms_kile_client_principal_lookup_tests.py | 39 +-
python/samba/tests/krb5/raw_testcase.py | 491 +++++++--
python/samba/tests/krb5/rfc4120.asn1 | 6 +
python/samba/tests/krb5/rfc4120_constants.py | 14 +
python/samba/tests/krb5/rfc4120_pyasn1.py | 13 +-
python/samba/tests/krb5/rodc_tests.py | 4 +-
python/samba/tests/krb5/s4u_tests.py | 140 ++-
python/samba/tests/krb5/salt_tests.py | 4 +-
python/samba/tests/krb5/test_rpc.py | 17 +-
python/samba/tests/usage.py | 1 +
selftest/knownfail.d/kdc-enterprise | 63 --
selftest/knownfail_heimdal_kdc | 20 +-
selftest/knownfail_mit_kdc | 100 +-
source3/include/smb_macros.h | 2 +-
source3/passdb/pdb_samba_dsdb.c | 14 +-
source3/smbd/reply.c | 4 +-
source4/auth/gensec/gensec_krb5.c | 20 +-
source4/auth/gensec/gensec_krb5_helpers.c | 72 ++
.../auth/gensec/gensec_krb5_helpers.h | 25 +-
.../auth/gensec/gensec_krb5_internal.h | 37 +-
source4/auth/gensec/wscript_build | 4 +
source4/auth/kerberos/kerberos_pac.c | 44 +
source4/auth/ntlm/auth_developer.c | 2 +-
source4/auth/sam.c | 2 +-
source4/auth/session.c | 2 +
source4/auth/system_session.c | 6 +-
source4/dns_server/dnsserver_common.c | 12 +-
source4/dsdb/common/util.c | 134 ++-
source4/dsdb/samdb/ldb_modules/acl.c | 5 +-
source4/dsdb/samdb/ldb_modules/descriptor.c | 10 +-
source4/dsdb/samdb/ldb_modules/objectclass_attrs.c | 2 +-
source4/dsdb/samdb/ldb_modules/objectguid.c | 20 +-
source4/dsdb/samdb/ldb_modules/partition.c | 4 +-
source4/dsdb/samdb/ldb_modules/partition_init.c | 14 +-
source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 32 +-
source4/dsdb/samdb/ldb_modules/samldb.c | 82 +-
.../dsdb/samdb/ldb_modules/tombstone_reanimate.c | 16 +-
source4/dsdb/samdb/ldb_modules/util.c | 14 +-
source4/dsdb/tests/python/acl.py | 26 +
source4/dsdb/tests/python/priv_attrs.py | 2 +-
source4/heimdal/kdc/kerberos5.c | 2 +-
source4/heimdal/kdc/krb5tgs.c | 37 +-
source4/heimdal/kdc/windc.c | 5 +-
source4/heimdal/kdc/windc_plugin.h | 2 +
source4/heimdal/lib/hdb/hdb.h | 1 +
source4/heimdal/lib/krb5/pac.c | 10 +-
source4/kdc/db-glue.c | 241 +++--
source4/kdc/hdb-samba4-plugin.c | 37 +-
source4/kdc/hdb-samba4.c | 66 ++
source4/kdc/kdc-glue.h | 3 +
source4/kdc/kdc-heimdal.c | 4 +-
source4/kdc/kdc-server.h | 2 +-
source4/kdc/kdc-service-mit.c | 4 +-
source4/kdc/kpasswd-helper.c | 33 +-
source4/kdc/kpasswd-helper.h | 2 +
source4/kdc/kpasswd-service-heimdal.c | 76 +-
source4/kdc/kpasswd-service-mit.c | 146 ++-
source4/kdc/kpasswd-service.c | 36 +-
source4/kdc/mit-kdb/kdb_samba_policies.c | 5 +-
source4/kdc/mit-kdb/kdb_samba_principals.c | 2 +-
source4/kdc/mit_samba.c | 101 +-
source4/kdc/mit_samba.h | 1 +
source4/kdc/pac-glue.c | 6 +-
source4/kdc/samba_kdc.h | 2 +
source4/kdc/sdb.h | 1 +
source4/kdc/wdc-samba4.c | 48 +-
source4/kdc/wscript_build | 1 +
source4/lib/registry/ldb.c | 2 +-
source4/nbt_server/wins/winsdb.c | 13 +-
source4/rpc_server/lsa/dcesrv_lsa.c | 55 +-
source4/selftest/tests.py | 178 +---
source4/torture/drs/rpc/dssync.c | 4 +-
source4/torture/krb5/kdc-canon-heimdal.c | 2 +-
source4/torture/raw/write.c | 89 ++
source4/torture/rpc/remote_pac.c | 24 +-
source4/winbind/idmap.c | 10 +-
testprogs/blackbox/test_kinit_trusts_heimdal.sh | 6 +-
testprogs/blackbox/test_kpasswd_heimdal.sh | 39 +-
99 files changed, 4180 insertions(+), 1273 deletions(-)
copy lib/ldb/ABI/{ldb-2.0.5.sigs => ldb-2.4.4.sigs} (96%)
copy lib/ldb/ABI/{pyldb-util-2.1.0.sigs => pyldb-util-2.4.4.sigs} (100%)
create mode 100755 python/samba/tests/krb5/kpasswd_tests.py
delete mode 100644 selftest/knownfail.d/kdc-enterprise
create mode 100644 source4/auth/gensec/gensec_krb5_helpers.c
copy source3/include/srvstr.h => source4/auth/gensec/gensec_krb5_helpers.h (65%)
copy libcli/smbreadline/smbreadline.h => source4/auth/gensec/gensec_krb5_internal.h (51%)
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index 442cb206981..f02e3815451 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=15
-SAMBA_VERSION_RELEASE=9
+SAMBA_VERSION_RELEASE=10
########################################################
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 4061131cd79..c663534b63e 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,74 @@
+ ==============================
+ Release Notes for Samba 4.15.9
+ July 27, 2022
+ ==============================
+
+
+This is a security release in order to address the following defects:
+
+o CVE-2022-2031: Samba AD users can bypass certain restrictions associated with
+ changing passwords.
+ https://www.samba.org/samba/security/CVE-2022-2031.html
+
+o CVE-2022-32744: Samba AD users can forge password change requests for any user.
+ https://www.samba.org/samba/security/CVE-2022-32744.html
+
+o CVE-2022-32745: Samba AD users can crash the server process with an LDAP add
+ or modify request.
+ https://www.samba.org/samba/security/CVE-2022-32745.html
+
+o CVE-2022-32746: Samba AD users can induce a use-after-free in the server
+ process with an LDAP add or modify request.
+ https://www.samba.org/samba/security/CVE-2022-32746.html
+
+o CVE-2022-32742: Server memory information leak via SMB1.
+ https://www.samba.org/samba/security/CVE-2022-32742.html
+
+Changes since 4.15.8
+--------------------
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 15085: CVE-2022-32742.
+
+o Andrew Bartlett <abartlet at samba.org>
+ * BUG 15009: CVE-2022-32746.
+
+o Isaac Boukris <iboukris at gmail.com>
+ * BUG 15047: CVE-2022-2031.
+
+o Andreas Schneider <asn at samba.org>
+ * BUG 15047: CVE-2022-2031.
+
+o Joseph Sutton <josephsutton at catalyst.net.nz>
+ * BUG 15008: CVE-2022-32745.
+ * BUG 15009: CVE-2022-32746.
+ * BUG 15047: CVE-2022-2031.
+ * BUG 15074: CVE-2022-32744.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical:matrix.org matrix room, or
+#samba-technical IRC channel on irc.libera.chat.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
==============================
Release Notes for Samba 4.15.8
June 28, 2022
@@ -74,8 +145,7 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
==============================
Release Notes for Samba 4.15.7
April 26, 2022
diff --git a/auth/auth_sam_reply.c b/auth/auth_sam_reply.c
index b5b6362dc93..2e27e5715d1 100644
--- a/auth/auth_sam_reply.c
+++ b/auth/auth_sam_reply.c
@@ -416,7 +416,7 @@ NTSTATUS make_user_info_dc_netlogon_validation(TALLOC_CTX *mem_ctx,
return NT_STATUS_INVALID_LEVEL;
}
- user_info_dc = talloc(mem_ctx, struct auth_user_info_dc);
+ user_info_dc = talloc_zero(mem_ctx, struct auth_user_info_dc);
NT_STATUS_HAVE_NO_MEMORY(user_info_dc);
/*
diff --git a/auth/auth_util.c b/auth/auth_util.c
index fe01babd107..ec9094d0f15 100644
--- a/auth/auth_util.c
+++ b/auth/auth_util.c
@@ -44,7 +44,7 @@ struct auth_session_info *copy_session_info(TALLOC_CTX *mem_ctx,
return NULL;
}
- dst = talloc(mem_ctx, struct auth_session_info);
+ dst = talloc_zero(mem_ctx, struct auth_session_info);
if (dst == NULL) {
DBG_ERR("talloc failed\n");
TALLOC_FREE(frame);
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index 76c2dcd2126..610efcc9b87 100644
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -237,7 +237,7 @@ krb5_error_code smb_krb5_mk_error(krb5_context context,
return code;
}
- errpkt.error = error_code;
+ errpkt.error = error_code - ERROR_TABLE_BASE_krb5;
errpkt.text.length = 0;
if (e_text != NULL) {
diff --git a/lib/ldb/ABI/ldb-2.0.5.sigs b/lib/ldb/ABI/ldb-2.4.4.sigs
similarity index 96%
copy from lib/ldb/ABI/ldb-2.0.5.sigs
copy to lib/ldb/ABI/ldb-2.4.4.sigs
index 5049dc64ce1..40388d9e330 100644
--- a/lib/ldb/ABI/ldb-2.0.5.sigs
+++ b/lib/ldb/ABI/ldb-2.4.4.sigs
@@ -155,7 +155,14 @@ ldb_msg_add_linearized_dn: int (struct ldb_message *, const char *, struct ldb_d
ldb_msg_add_steal_string: int (struct ldb_message *, const char *, char *)
ldb_msg_add_steal_value: int (struct ldb_message *, const char *, struct ldb_val *)
ldb_msg_add_string: int (struct ldb_message *, const char *, const char *)
+ldb_msg_add_string_flags: int (struct ldb_message *, const char *, const char *, int)
ldb_msg_add_value: int (struct ldb_message *, const char *, const struct ldb_val *, struct ldb_message_element **)
+ldb_msg_append_fmt: int (struct ldb_message *, int, const char *, const char *, ...)
+ldb_msg_append_linearized_dn: int (struct ldb_message *, const char *, struct ldb_dn *, int)
+ldb_msg_append_steal_string: int (struct ldb_message *, const char *, char *, int)
+ldb_msg_append_steal_value: int (struct ldb_message *, const char *, struct ldb_val *, int)
+ldb_msg_append_string: int (struct ldb_message *, const char *, const char *, int)
+ldb_msg_append_value: int (struct ldb_message *, const char *, const struct ldb_val *, int)
ldb_msg_canonicalize: struct ldb_message *(struct ldb_context *, const struct ldb_message *)
ldb_msg_check_string_attribute: int (const struct ldb_message *, const char *, const char *)
ldb_msg_copy: struct ldb_message *(TALLOC_CTX *, const struct ldb_message *)
@@ -163,6 +170,7 @@ ldb_msg_copy_attr: int (struct ldb_message *, const char *, const char *)
ldb_msg_copy_shallow: struct ldb_message *(TALLOC_CTX *, const struct ldb_message *)
ldb_msg_diff: struct ldb_message *(struct ldb_context *, struct ldb_message *, struct ldb_message *)
ldb_msg_difference: int (struct ldb_context *, TALLOC_CTX *, struct ldb_message *, struct ldb_message *, struct ldb_message **)
+ldb_msg_element_add_value: int (TALLOC_CTX *, struct ldb_message_element *, const struct ldb_val *)
ldb_msg_element_compare: int (struct ldb_message_element *, struct ldb_message_element *)
ldb_msg_element_compare_name: int (struct ldb_message_element *, struct ldb_message_element *)
ldb_msg_element_equal_ordered: bool (const struct ldb_message_element *, const struct ldb_message_element *)
diff --git a/lib/ldb/ABI/pyldb-util-2.1.0.sigs b/lib/ldb/ABI/pyldb-util-2.4.4.sigs
similarity index 100%
copy from lib/ldb/ABI/pyldb-util-2.1.0.sigs
copy to lib/ldb/ABI/pyldb-util-2.4.4.sigs
diff --git a/lib/ldb/common/ldb_msg.c b/lib/ldb/common/ldb_msg.c
index 57dfc5a04c2..9cd7998e21c 100644
--- a/lib/ldb/common/ldb_msg.c
+++ b/lib/ldb/common/ldb_msg.c
@@ -417,6 +417,47 @@ int ldb_msg_add(struct ldb_message *msg,
return LDB_SUCCESS;
}
+/*
+ * add a value to a message element
+ */
+int ldb_msg_element_add_value(TALLOC_CTX *mem_ctx,
+ struct ldb_message_element *el,
+ const struct ldb_val *val)
+{
+ struct ldb_val *vals;
+
+ if (el->flags & LDB_FLAG_INTERNAL_SHARED_VALUES) {
+ /*
+ * Another message is using this message element's values array,
+ * so we don't want to make any modifications to the original
+ * message, or potentially invalidate its own values by calling
+ * talloc_realloc(). Make a copy instead.
+ */
+ el->flags &= ~LDB_FLAG_INTERNAL_SHARED_VALUES;
+
+ vals = talloc_array(mem_ctx, struct ldb_val,
+ el->num_values + 1);
+ if (vals == NULL) {
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ if (el->values != NULL) {
+ memcpy(vals, el->values, el->num_values * sizeof(struct ldb_val));
+ }
+ } else {
+ vals = talloc_realloc(mem_ctx, el->values, struct ldb_val,
+ el->num_values + 1);
+ if (vals == NULL) {
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+ }
+ el->values = vals;
+ el->values[el->num_values] = *val;
+ el->num_values++;
+
+ return LDB_SUCCESS;
+}
+
/*
add a value to a message
*/
@@ -426,7 +467,6 @@ int ldb_msg_add_value(struct ldb_message *msg,
struct ldb_message_element **return_el)
{
struct ldb_message_element *el;
- struct ldb_val *vals;
int ret;
el = ldb_msg_find_element(msg, attr_name);
@@ -437,14 +477,10 @@ int ldb_msg_add_value(struct ldb_message *msg,
}
}
- vals = talloc_realloc(msg->elements, el->values, struct ldb_val,
- el->num_values+1);
- if (!vals) {
- return LDB_ERR_OPERATIONS_ERROR;
+ ret = ldb_msg_element_add_value(msg->elements, el, val);
+ if (ret != LDB_SUCCESS) {
+ return ret;
}
- el->values = vals;
- el->values[el->num_values] = *val;
- el->num_values++;
if (return_el) {
*return_el = el;
@@ -473,12 +509,15 @@ int ldb_msg_add_steal_value(struct ldb_message *msg,
/*
- add a string element to a message
+ add a string element to a message, specifying flags
*/
-int ldb_msg_add_string(struct ldb_message *msg,
- const char *attr_name, const char *str)
+int ldb_msg_add_string_flags(struct ldb_message *msg,
+ const char *attr_name, const char *str,
+ int flags)
{
struct ldb_val val;
+ int ret;
+ struct ldb_message_element *el = NULL;
val.data = discard_const_p(uint8_t, str);
val.length = strlen(str);
@@ -488,7 +527,25 @@ int ldb_msg_add_string(struct ldb_message *msg,
return LDB_SUCCESS;
}
- return ldb_msg_add_value(msg, attr_name, &val, NULL);
+ ret = ldb_msg_add_value(msg, attr_name, &val, &el);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+
+ if (flags != 0) {
+ el->flags = flags;
+ }
+
+ return LDB_SUCCESS;
+}
+
+/*
+ add a string element to a message
+*/
+int ldb_msg_add_string(struct ldb_message *msg,
+ const char *attr_name, const char *str)
+{
+ return ldb_msg_add_string_flags(msg, attr_name, str, 0);
}
/*
@@ -550,6 +607,142 @@ int ldb_msg_add_fmt(struct ldb_message *msg,
return ldb_msg_add_steal_value(msg, attr_name, &val);
}
+static int ldb_msg_append_value_impl(struct ldb_message *msg,
+ const char *attr_name,
+ const struct ldb_val *val,
+ int flags,
+ struct ldb_message_element **return_el)
+{
+ struct ldb_message_element *el = NULL;
+ int ret;
+
+ ret = ldb_msg_add_empty(msg, attr_name, flags, &el);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+
+ ret = ldb_msg_element_add_value(msg->elements, el, val);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+
+ if (return_el != NULL) {
+ *return_el = el;
+ }
+
+ return LDB_SUCCESS;
+}
+
+/*
+ append a value to a message
+*/
+int ldb_msg_append_value(struct ldb_message *msg,
+ const char *attr_name,
+ const struct ldb_val *val,
+ int flags)
+{
+ return ldb_msg_append_value_impl(msg, attr_name, val, flags, NULL);
+}
+
+/*
+ append a value to a message, stealing it into the 'right' place
+*/
+int ldb_msg_append_steal_value(struct ldb_message *msg,
+ const char *attr_name,
+ struct ldb_val *val,
+ int flags)
+{
+ int ret;
+ struct ldb_message_element *el = NULL;
+
+ ret = ldb_msg_append_value_impl(msg, attr_name, val, flags, &el);
+ if (ret == LDB_SUCCESS) {
+ talloc_steal(el->values, val->data);
+ }
+ return ret;
+}
+
+/*
+ append a string element to a message, stealing it into the 'right' place
+*/
+int ldb_msg_append_steal_string(struct ldb_message *msg,
+ const char *attr_name, char *str,
+ int flags)
+{
+ struct ldb_val val;
+
+ val.data = (uint8_t *)str;
+ val.length = strlen(str);
+
+ if (val.length == 0) {
+ /* allow empty strings as non-existent attributes */
+ return LDB_SUCCESS;
+ }
+
+ return ldb_msg_append_steal_value(msg, attr_name, &val, flags);
+}
+
+/*
+ append a string element to a message
+*/
+int ldb_msg_append_string(struct ldb_message *msg,
+ const char *attr_name, const char *str, int flags)
+{
+ struct ldb_val val;
+
+ val.data = discard_const_p(uint8_t, str);
+ val.length = strlen(str);
+
+ if (val.length == 0) {
+ /* allow empty strings as non-existent attributes */
+ return LDB_SUCCESS;
+ }
+
+ return ldb_msg_append_value(msg, attr_name, &val, flags);
+}
+
+/*
+ append a DN element to a message
+ WARNING: this uses the linearized string from the dn, and does not
+ copy the string.
+*/
+int ldb_msg_append_linearized_dn(struct ldb_message *msg, const char *attr_name,
+ struct ldb_dn *dn, int flags)
+{
+ char *str = ldb_dn_alloc_linearized(msg, dn);
+
+ if (str == NULL) {
+ /* we don't want to have unknown DNs added */
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ return ldb_msg_append_steal_string(msg, attr_name, str, flags);
+}
+
+/*
+ append a printf formatted element to a message
+*/
+int ldb_msg_append_fmt(struct ldb_message *msg, int flags,
+ const char *attr_name, const char *fmt, ...)
+{
+ struct ldb_val val;
+ va_list ap;
+ char *str = NULL;
+
+ va_start(ap, fmt);
+ str = talloc_vasprintf(msg, fmt, ap);
+ va_end(ap);
+
+ if (str == NULL) {
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ val.data = (uint8_t *)str;
+ val.length = strlen(str);
+
+ return ldb_msg_append_steal_value(msg, attr_name, &val, flags);
+}
+
/*
compare two ldb_message_element structures
assumes case sensitive comparison
@@ -833,11 +1026,7 @@ void ldb_msg_sort_elements(struct ldb_message *msg)
ldb_msg_element_compare_name);
}
-/*
- shallow copy a message - copying only the elements array so that the caller
- can safely add new elements without changing the message
-*/
-struct ldb_message *ldb_msg_copy_shallow(TALLOC_CTX *mem_ctx,
+static struct ldb_message *ldb_msg_copy_shallow_impl(TALLOC_CTX *mem_ctx,
const struct ldb_message *msg)
{
struct ldb_message *msg2;
@@ -863,6 +1052,35 @@ failed:
return NULL;
}
+/*
+ shallow copy a message - copying only the elements array so that the caller
+ can safely add new elements without changing the message
+*/
+struct ldb_message *ldb_msg_copy_shallow(TALLOC_CTX *mem_ctx,
+ const struct ldb_message *msg)
+{
+ struct ldb_message *msg2;
+ unsigned int i;
+
+ msg2 = ldb_msg_copy_shallow_impl(mem_ctx, msg);
+ if (msg2 == NULL) {
+ return NULL;
+ }
+
+ for (i = 0; i < msg2->num_elements; ++i) {
+ /*
+ * Mark this message's elements as sharing their values with the
+ * original message, so that we don't inadvertently modify or
+ * free them. We don't mark the original message element as
+ * shared, so the original message element should not be
+ * modified or freed while the shallow copy lives.
+ */
+ struct ldb_message_element *el = &msg2->elements[i];
+ el->flags |= LDB_FLAG_INTERNAL_SHARED_VALUES;
+ }
+
+ return msg2;
+}
/*
copy a message, allocating new memory for all parts
@@ -873,7 +1091,7 @@ struct ldb_message *ldb_msg_copy(TALLOC_CTX *mem_ctx,
struct ldb_message *msg2;
unsigned int i, j;
- msg2 = ldb_msg_copy_shallow(mem_ctx, msg);
+ msg2 = ldb_msg_copy_shallow_impl(mem_ctx, msg);
if (msg2 == NULL) return NULL;
if (msg2->dn != NULL) {
--
Samba Shared Repository
More information about the samba-cvs
mailing list