[PATCH]

Gary Lockyer gary at catalyst.net.nz
Mon Sep 18 21:02:37 UTC 2017


Revised patch set attached.


Gary
On 15/09/17 14:17, Douglas Bagnall via samba-technical wrote:
> On 14/09/17 17:15, Gary Lockyer via samba-technical wrote:
>> Fixes for
>> Bug #13033 LDB open with LDB_FLG_RDONLY can cause the database
>>            to fail to open
>>
>> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13033
>>
>>
>> Review appreciated
>>
>> Thanks Gary.
>>
> 
> Mostly good, but...
> 
>>
>> 0006-ldb_tdb-Map-TDB-error-codes-into-LDB-error-codes-in-.patch
>>
>>
>> From 09097d009e18f295b2561db7007793d9d1c160c4 Mon Sep 17 00:00:00 2001
>> From: Andrew Bartlett <abartlet at samba.org>
>> Date: Thu, 14 Sep 2017 14:04:51 +1200
>> Subject: [PATCH 06/26] ldb_tdb: Map TDB error codes into LDB error codes in
>>  ltdb_lock_read()
>>
>> The ltdb_lock_read() routine did not return an LDB error code, but -1.
>>
>> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13033
>>
>> Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
>> Signed-off-by: Andrew Bartlett <abartlet at samba.org>
>> ---
>>  lib/ldb/ldb_tdb/ldb_tdb.c | 19 +++++++++++++++----
>>  1 file changed, 15 insertions(+), 4 deletions(-)
>>
>> diff --git a/lib/ldb/ldb_tdb/ldb_tdb.c b/lib/ldb/ldb_tdb/ldb_tdb.c
>> index ccad816..14e915e 100644
>> --- a/lib/ldb/ldb_tdb/ldb_tdb.c
>> +++ b/lib/ldb/ldb_tdb/ldb_tdb.c
>> @@ -98,15 +98,26 @@ int ltdb_lock_read(struct ldb_module *module)
>>  {
>>  	void *data = ldb_module_get_private(module);
>>  	struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
>> -	int ret = 0;
>> -
>> +	int tdb_ret = 0;
>> +	int ret;
>> +	
>>  	if (ltdb->in_transaction == 0 &&
>>  	    ltdb->read_lock_count == 0) {
>> -		ret = tdb_lockall_read(ltdb->tdb);
>> +		tdb_ret = tdb_lockall_read(ltdb->tdb);
>>  	}
>> -	if (ret == 0) {
>> +	if (tdb_ret == 0) {
>>  		ltdb->read_lock_count++;
>> +		return LDB_SUCCESS;
>> +	}
>> +	ret = ltdb_err_map(tdb_error(ltdb->tdb));
>> +	if (ret == LDB_SUCCESS) {
>> +		ret = LDB_ERR_OPERATIONS_ERROR;
>>  	}
>> +	ldb_debug_set(ldb_module_get_ctx(module),
>> +		      LDB_DEBUG_FATAL,
>> +		      "Failure during ltdb_lock_read(): %s -> %s",
>> +		      tdb_errorstr(ltdb->tdb),
>> +		      ldb_strerror(ret));
>>  	return ret;
>>  }
>>  
>> -- 2.7.4
>>
>>
>> 0007-ldb_tdb-Give-a-debug-message-as-well-as-setting-the-.patch
>>
>>
>> From 719f23994c31a1ba878fd16f31a415152dc52d22 Mon Sep 17 00:00:00 2001
>> From: Andrew Bartlett <abartlet at samba.org>
>> Date: Thu, 14 Sep 2017 15:01:39 +1200
>> Subject: [PATCH 07/26] ldb_tdb: Give a debug message as well as setting the
>>  error string if prepare_commit() fails
>>
>> This is a serious condition, and should be logged.
>>
>> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13033
>>
>> Signed-off-by: Andrew Bartlett <abartlet at samba.org>
>> ---
>>  lib/ldb/ldb_tdb/ldb_tdb.c | 9 +++++----
>>  1 file changed, 5 insertions(+), 4 deletions(-)
>>
>> diff --git a/lib/ldb/ldb_tdb/ldb_tdb.c b/lib/ldb/ldb_tdb/ldb_tdb.c
>> index 14e915e..6325022 100644
>> --- a/lib/ldb/ldb_tdb/ldb_tdb.c
>> +++ b/lib/ldb/ldb_tdb/ldb_tdb.c
>> @@ -1196,10 +1196,11 @@ static int ltdb_prepare_commit(struct ldb_module *module)
>>  	if (tdb_transaction_prepare_commit(ltdb->tdb) != 0) {
>>  		ret = ltdb_err_map(tdb_error(ltdb->tdb));
>>  		ltdb->in_transaction--;
>> -		ldb_asprintf_errstring(ldb_module_get_ctx(module),
>> -				       "Failure during tdb_transaction_prepare_commit(): %s -> %s",
>> -				       tdb_errorstr(ltdb->tdb),
>> -				       ldb_strerror(ret));
>> +		ldb_debug_set(ldb_module_get_ctx(module),
>> +			      LDB_DEBUG_FATAL,
>> +			      "Failure during tdb_transaction_prepare_commit(): %s -> %s",
>> +			      tdb_errorstr(ltdb->tdb),
>> +			      ldb_strerror(ret));
>>  		return ret;
>>  	}
>>  
>> -- 2.7.4
>>
>>
>> 0008-ldb_tdb-Change-ltdb_connect-NOT-to-request-a-kernel-.patch
>>
>>
>> From 3e30d1e96a35f08f98da5080f3c9a500ca0646a3 Mon Sep 17 00:00:00 2001
>> From: Gary Lockyer <gary at catalyst.net.nz>
>> Date: Thu, 14 Sep 2017 11:37:01 +1200
>> Subject: [PATCH 08/26] ldb_tdb: Change ltdb_connect() NOT to request a
>>  kernel-level read only TDB
>>
>> We support opening and LDB multiple times in a process, but do not support this in tdb.
>>
>> As we can open the ldb with different flags, we must ensure a later read-write
>> open is possible.
>>
>> Additionally, a read-only TDB will refuse the all-record lock, preventing
>> the ldb from even loading.
>>
>> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13033
>>
>> Signed-off-by: Andrew Bartlett <abartlet at samba.org>
>> ---
>>  lib/ldb/ldb_tdb/ldb_tdb.c | 37 ++++++++++++++++++++++++++++++-------
>>  lib/ldb/ldb_tdb/ldb_tdb.h |  2 ++
>>  2 files changed, 32 insertions(+), 7 deletions(-)
>>
>> diff --git a/lib/ldb/ldb_tdb/ldb_tdb.c b/lib/ldb/ldb_tdb/ldb_tdb.c
>> index 6325022..8ddaaa3 100644
>> --- a/lib/ldb/ldb_tdb/ldb_tdb.c
>> +++ b/lib/ldb/ldb_tdb/ldb_tdb.c
>> @@ -308,6 +308,10 @@ int ltdb_store(struct ldb_module *module, const struct ldb_message *msg, int flg
>>  	struct ldb_val ldb_data;
>>  	int ret = LDB_SUCCESS;
>>  
>> +	if (ltdb->read_only) {
>> +		return LDB_ERR_UNWILLING_TO_PERFORM;
>> +	}
>> +	
>>  	tdb_key = ltdb_key(module, msg->dn);
>>  	if (tdb_key.dptr == NULL) {
>>  		return LDB_ERR_OTHER;
>> @@ -476,6 +480,10 @@ int ltdb_delete_noindex(struct ldb_module *module, struct ldb_dn *dn)
>>  	TDB_DATA tdb_key;
>>  	int ret;
>>  
>> +	if (ltdb->read_only) {
>> +		return LDB_ERR_UNWILLING_TO_PERFORM;
>> +	}
>> +	
>>  	tdb_key = ltdb_key(module, dn);
>>  	if (!tdb_key.dptr) {
>>  		return LDB_ERR_OTHER;
>> @@ -1647,20 +1655,35 @@ static int ltdb_connect(struct ldb_context *ldb, const char *url,
>>  		tdb_flags |= TDB_NOMMAP;
>>  	}
>>  
>> +	ltdb = talloc_zero(ldb, struct ltdb_private);
>> +	if (!ltdb) {
>> +		ldb_oom(ldb);
>> +		return LDB_ERR_OPERATIONS_ERROR;
>> +	}
>> +
>>  	if (flags & LDB_FLG_RDONLY) {
>> -		open_flags = O_RDONLY;
>> +		/* 
>> +		 * This is weird, but because we can only have one tdb
>> +		 * in this process, and the other one could be
>> +		 * read-write, we can't use the tdb readonly.  Plus a
>> +		 * read only tdb prohibits the all-record lock.
>> +		 */
>> +		open_flags = O_RDWR;
>> +		
>> +		ltdb->read_only = true;
>> +
>>  	} else if (flags & LDB_FLG_DONT_CREATE_DB) {
>> +		/* 
>> +		 * This is weird, but because we can only have one tdb
>> +		 * in this process, and the other one could be
>> +		 * read-write, we can't use the tdb readonly.  Plus a
>> +		 * read only tdb prohibits the all-record lock.
>> +		 */
>>  		open_flags = O_RDWR;
> 
> This is weird, because the same comment seems to repeat for multiple
> cases but only seems to apply to LDB_FLG_RDONLY.
> 
> I am also not sure why the tdb modifications in ldb_index.c don't need
> the `if (ltdb->read_only)` guard. Is it that you can't cause a reindex
> without an add or delete?
> 
> And there is trailing whitespace in nearly every commit.
> 
> cheers,
> Douglas
> 
>>  	} else {
>>  		open_flags = O_CREAT | O_RDWR;
>>  	}
>>  
>> -	ltdb = talloc_zero(ldb, struct ltdb_private);
>> -	if (!ltdb) {
>> -		ldb_oom(ldb);
>> -		return LDB_ERR_OPERATIONS_ERROR;
>> -	}
>> -
>>  	/* note that we use quite a large default hash size */
>>  	ltdb->tdb = ltdb_wrap_open(ltdb, path, 10000,
>>  				   tdb_flags, open_flags,
>> diff --git a/lib/ldb/ldb_tdb/ldb_tdb.h b/lib/ldb/ldb_tdb/ldb_tdb.h
>> index a391606..88cec3e 100644
>> --- a/lib/ldb/ldb_tdb/ldb_tdb.h
>> +++ b/lib/ldb/ldb_tdb/ldb_tdb.h
>> @@ -32,6 +32,8 @@ struct ltdb_private {
>>  
>>  	bool warn_unindexed;
>>  	bool warn_reindex;
>> +
>> +	bool read_only;
>>  };
>>  
>>  struct ltdb_context {
>> -- 2.7.4
>>
>>
>> 0009-ldb-Add-tests-for-read-only-behaviour.patch
>>
>>
>> From 92b5ca6c7b59e1af597ac2086c8c3ce57a71c414 Mon Sep 17 00:00:00 2001
>> From: Gary Lockyer <gary at catalyst.net.nz>
>> Date: Thu, 14 Sep 2017 11:37:41 +1200
>> Subject: [PATCH 09/26] ldb: Add tests for read only behaviour
>>
>> As the kernel is no longer enforcing the read-only DB
>> add some tests.
>>
>> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13033
>>
>> Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
>> ---
>>  lib/ldb/tests/ldb_mod_op_test.c | 152 ++++++++++++++++++++++++++++++++++++++++
>>  1 file changed, 152 insertions(+)
>>
>> diff --git a/lib/ldb/tests/ldb_mod_op_test.c b/lib/ldb/tests/ldb_mod_op_test.c
>> index 5e439f8..48ad20c 100644
>> --- a/lib/ldb/tests/ldb_mod_op_test.c
>> +++ b/lib/ldb/tests/ldb_mod_op_test.c
>> @@ -2861,6 +2861,155 @@ static void test_ldb_rename_dn_case_change(void **state)
>>  	/* FIXME - test the values didn't change */
>>  }
>>  
>> +static int ldb_read_only_setup(void **state)
>> +{
>> +	struct ldbtest_ctx *test_ctx;
>> +
>> +	ldbtest_setup((void **) &test_ctx);
>> +
>> +	*state = test_ctx;
>> +	return 0;
>> +}
>> +
>> +static int ldb_read_only_teardown(void **state)
>> +{
>> +	struct ldbtest_ctx *test_ctx = talloc_get_type_abort(*state,
>> +							struct ldbtest_ctx);
>> +	ldbtest_teardown((void **) &test_ctx);
>> +	return 0;
>> +}
>> +
>> +static void test_read_only(void **state)
>> +{
>> +	struct ldb_context *ro_ldb = NULL;
>> +	struct ldb_context *rw_ldb = NULL;
>> +	int ret;
>> +	TALLOC_CTX *tmp_ctx = NULL;
>> +
>> +	struct ldbtest_ctx *test_ctx = talloc_get_type_abort(*state,
>> +							struct ldbtest_ctx);
>> +	/*
>> +	 * Close the ldb context freeing it this will ensure it exists on
>> +	 * disk and can be opened in read only mode
>> +	 */
>> +	TALLOC_FREE(test_ctx->ldb);
>> +
>> +	/*
>> +	 * Open the database in read only and read write mode,
>> +	 * ensure it's opend in read only mode first
>> +	 */
>> +	ro_ldb = ldb_init(test_ctx, test_ctx->ev);
>> +	ret = ldb_connect(ro_ldb, test_ctx->dbpath, LDB_FLG_RDONLY, NULL);
>> +	assert_int_equal(ret, 0);
>> +
>> +	rw_ldb = ldb_init(test_ctx, test_ctx->ev);
>> +	ret = ldb_connect(rw_ldb, test_ctx->dbpath, 0, NULL);
>> +	assert_int_equal(ret, 0);
>> +
>> +
>> +	/*
>> +	 * Set up a context for the temporary variables
>> +	 */
>> +	tmp_ctx = talloc_new(test_ctx);
>> +	assert_non_null(tmp_ctx);
>> +
>> +	/*
>> +	 * Ensure that we can search the read write database
>> +	 */
>> +	{
>> +		struct ldb_result *result = NULL;
>> +		struct ldb_dn *dn = ldb_dn_new_fmt(tmp_ctx, rw_ldb,
>> +						       "dc=test");
>> +		assert_non_null(dn);
>> +
>> +		ret = ldb_search(rw_ldb, tmp_ctx, &result, dn,
>> +				 LDB_SCOPE_BASE, NULL, NULL);
>> +		assert_int_equal(ret, LDB_SUCCESS);
>> +		TALLOC_FREE(result);
>> +		TALLOC_FREE(dn);
>> +	}
>> +
>> +	/*
>> +	 * Ensure that we can search the read only database
>> +	 */
>> +	{
>> +		struct ldb_result *result = NULL;
>> +		struct ldb_dn *dn = ldb_dn_new_fmt(tmp_ctx, ro_ldb,
>> +						       "dc=test");
>> +		assert_non_null(dn);
>> +
>> +		ret = ldb_search(ro_ldb, tmp_ctx, &result, dn,
>> +				 LDB_SCOPE_BASE, NULL, NULL);
>> +		assert_int_equal(ret, LDB_SUCCESS);
>> +		TALLOC_FREE(result);
>> +		TALLOC_FREE(dn);
>> +	}
>> +	/*
>> +	 * Ensure that a write to the read only database fails
>> +	 */
>> +	{
>> +		struct ldb_message *msg = NULL;
>> +		msg = ldb_msg_new(tmp_ctx);
>> +		assert_non_null(msg);
>> +
>> +		msg->dn = ldb_dn_new_fmt(msg, ro_ldb, "dc=test");
>> +		assert_non_null(msg->dn);
>> +
>> +		ret = ldb_msg_add_string(msg, "cn", "test_cn_val");
>> +		assert_int_equal(ret, 0);
>> +
>> +		ret = ldb_add(ro_ldb, msg);
>> +		assert_int_equal(ret, LDB_ERR_UNWILLING_TO_PERFORM);
>> +		TALLOC_FREE(msg);
>> +	}
>> +
>> +	/*
>> +	 * Ensure that a write to the read write database succeeds
>> +	 */
>> +	{
>> +		struct ldb_message *msg = NULL;
>> +		msg = ldb_msg_new(tmp_ctx);
>> +		assert_non_null(msg);
>> +
>> +		msg->dn = ldb_dn_new_fmt(msg, ro_ldb, "dc=test");
>> +		assert_non_null(msg->dn);
>> +
>> +		ret = ldb_msg_add_string(msg, "cn", "test_cn_val");
>> +		assert_int_equal(ret, 0);
>> +
>> +		ret = ldb_add(rw_ldb, msg);
>> +		assert_int_equal(ret, LDB_SUCCESS);
>> +		TALLOC_FREE(msg);
>> +	}
>> +
>> +	/*
>> +	 * Ensure that a delete from a read only database fails
>> +	 */
>> +	{
>> +		struct ldb_dn *dn = ldb_dn_new_fmt(tmp_ctx, ro_ldb, "dc=test");
>> +		assert_non_null(dn);
>> +
>> +		ret = ldb_delete(ro_ldb, dn);
>> +		assert_int_equal(ret, LDB_ERR_UNWILLING_TO_PERFORM);
>> +		TALLOC_FREE(dn);
>> +	}
>> +
>> +
>> +	/*
>> +	 * Ensure that a delete from a read write succeeds
>> +	 */
>> +	{
>> +		struct ldb_dn *dn = ldb_dn_new_fmt(tmp_ctx, rw_ldb, "dc=test");
>> +		assert_non_null(dn);
>> +
>> +		ret = ldb_delete(rw_ldb, dn);
>> +		assert_int_equal(ret, LDB_SUCCESS);
>> +		TALLOC_FREE(dn);
>> +	}
>> +	TALLOC_FREE(tmp_ctx);
>> +}
>> +
>> +
>>  int main(int argc, const char **argv)
>>  {
>>  	const struct CMUnitTest tests[] = {
>> @@ -2981,6 +3130,9 @@ int main(int argc, const char **argv)
>>  		cmocka_unit_test_setup_teardown(test_ldb_rename_dn_case_change,
>>  						ldb_rename_test_setup,
>>  						ldb_rename_test_teardown),
>> +		cmocka_unit_test_setup_teardown(test_read_only,
>> +						ldb_read_only_setup,
>> +						ldb_read_only_teardown),
>>  	};
>>  
>>  	return cmocka_run_group_tests(tests, NULL, NULL);
>> -- 2.7.4
>>
>>
>> 0010-ldb-Release-1.2.3.patch
>>
>>
>> From a6d7f70178297c7b4d98f6092a9cce78e1eb3209 Mon Sep 17 00:00:00 2001
>> From: Andrew Bartlett <abartlet at samba.org>
>> Date: Thu, 14 Sep 2017 14:44:39 +1200
>> Subject: [PATCH 10/26] ldb: Release 1.2.3
>>
>>  * Bug #13033 LDB open with LDB_FLG_RDONLY can cause the database
>>    to fail to open
>>
>> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13033
>>
>> Signed-off-by: Andrew Bartlett <abartlet at samba.org>
>> ---
>>  lib/ldb/ABI/ldb-1.2.3.sigs            | 277 ++++++++++++++++++++++++++++++++++
>>  lib/ldb/ABI/pyldb-util-1.2.3.sigs     |   2 +
>>  lib/ldb/ABI/pyldb-util.py3-1.2.3.sigs |   2 +
>>  lib/ldb/wscript                       |   2 +-
>>  4 files changed, 282 insertions(+), 1 deletion(-)
>>  create mode 100644 lib/ldb/ABI/ldb-1.2.3.sigs
>>  create mode 100644 lib/ldb/ABI/pyldb-util-1.2.3.sigs
>>  create mode 100644 lib/ldb/ABI/pyldb-util.py3-1.2.3.sigs
>>
>> diff --git a/lib/ldb/ABI/ldb-1.2.3.sigs b/lib/ldb/ABI/ldb-1.2.3.sigs
>> new file mode 100644
>> index 0000000..9dc61cd
>> --- /dev/null
>> +++ b/lib/ldb/ABI/ldb-1.2.3.sigs
>> @@ -0,0 +1,277 @@
>> +ldb_add: int (struct ldb_context *, const struct ldb_message *)
>> +ldb_any_comparison: int (struct ldb_context *, void *, ldb_attr_handler_t, const struct ldb_val *, const struct ldb_val *)
>> +ldb_asprintf_errstring: void (struct ldb_context *, const char *, ...)
>> +ldb_attr_casefold: char *(TALLOC_CTX *, const char *)
>> +ldb_attr_dn: int (const char *)
>> +ldb_attr_in_list: int (const char * const *, const char *)
>> +ldb_attr_list_copy: const char **(TALLOC_CTX *, const char * const *)
>> +ldb_attr_list_copy_add: const char **(TALLOC_CTX *, const char * const *, const char *)
>> +ldb_base64_decode: int (char *)
>> +ldb_base64_encode: char *(TALLOC_CTX *, const char *, int)
>> +ldb_binary_decode: struct ldb_val (TALLOC_CTX *, const char *)
>> +ldb_binary_encode: char *(TALLOC_CTX *, struct ldb_val)
>> +ldb_binary_encode_string: char *(TALLOC_CTX *, const char *)
>> +ldb_build_add_req: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, const struct ldb_message *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *)
>> +ldb_build_del_req: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, struct ldb_dn *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *)
>> +ldb_build_extended_req: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, const char *, void *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *)
>> +ldb_build_mod_req: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, const struct ldb_message *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *)
>> +ldb_build_rename_req: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, struct ldb_dn *, struct ldb_dn *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *)
>> +ldb_build_search_req: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, struct ldb_dn *, enum ldb_scope, const char *, const char * const *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *)
>> +ldb_build_search_req_ex: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, struct ldb_dn *, enum ldb_scope, struct ldb_parse_tree *, const char * const *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *)
>> +ldb_casefold: char *(struct ldb_context *, TALLOC_CTX *, const char *, size_t)
>> +ldb_casefold_default: char *(void *, TALLOC_CTX *, const char *, size_t)
>> +ldb_check_critical_controls: int (struct ldb_control **)
>> +ldb_comparison_binary: int (struct ldb_context *, void *, const struct ldb_val *, const struct ldb_val *)
>> +ldb_comparison_fold: int (struct ldb_context *, void *, const struct ldb_val *, const struct ldb_val *)
>> +ldb_connect: int (struct ldb_context *, const char *, unsigned int, const char **)
>> +ldb_control_to_string: char *(TALLOC_CTX *, const struct ldb_control *)
>> +ldb_controls_except_specified: struct ldb_control **(struct ldb_control **, TALLOC_CTX *, struct ldb_control *)
>> +ldb_debug: void (struct ldb_context *, enum ldb_debug_level, const char *, ...)
>> +ldb_debug_add: void (struct ldb_context *, const char *, ...)
>> +ldb_debug_end: void (struct ldb_context *, enum ldb_debug_level)
>> +ldb_debug_set: void (struct ldb_context *, enum ldb_debug_level, const char *, ...)
>> +ldb_delete: int (struct ldb_context *, struct ldb_dn *)
>> +ldb_dn_add_base: bool (struct ldb_dn *, struct ldb_dn *)
>> +ldb_dn_add_base_fmt: bool (struct ldb_dn *, const char *, ...)
>> +ldb_dn_add_child: bool (struct ldb_dn *, struct ldb_dn *)
>> +ldb_dn_add_child_fmt: bool (struct ldb_dn *, const char *, ...)
>> +ldb_dn_alloc_casefold: char *(TALLOC_CTX *, struct ldb_dn *)
>> +ldb_dn_alloc_linearized: char *(TALLOC_CTX *, struct ldb_dn *)
>> +ldb_dn_canonical_ex_string: char *(TALLOC_CTX *, struct ldb_dn *)
>> +ldb_dn_canonical_string: char *(TALLOC_CTX *, struct ldb_dn *)
>> +ldb_dn_check_local: bool (struct ldb_module *, struct ldb_dn *)
>> +ldb_dn_check_special: bool (struct ldb_dn *, const char *)
>> +ldb_dn_compare: int (struct ldb_dn *, struct ldb_dn *)
>> +ldb_dn_compare_base: int (struct ldb_dn *, struct ldb_dn *)
>> +ldb_dn_copy: struct ldb_dn *(TALLOC_CTX *, struct ldb_dn *)
>> +ldb_dn_escape_value: char *(TALLOC_CTX *, struct ldb_val)
>> +ldb_dn_extended_add_syntax: int (struct ldb_context *, unsigned int, const struct ldb_dn_extended_syntax *)
>> +ldb_dn_extended_filter: void (struct ldb_dn *, const char * const *)
>> +ldb_dn_extended_syntax_by_name: const struct ldb_dn_extended_syntax *(struct ldb_context *, const char *)
>> +ldb_dn_from_ldb_val: struct ldb_dn *(TALLOC_CTX *, struct ldb_context *, const struct ldb_val *)
>> +ldb_dn_get_casefold: const char *(struct ldb_dn *)
>> +ldb_dn_get_comp_num: int (struct ldb_dn *)
>> +ldb_dn_get_component_name: const char *(struct ldb_dn *, unsigned int)
>> +ldb_dn_get_component_val: const struct ldb_val *(struct ldb_dn *, unsigned int)
>> +ldb_dn_get_extended_comp_num: int (struct ldb_dn *)
>> +ldb_dn_get_extended_component: const struct ldb_val *(struct ldb_dn *, const char *)
>> +ldb_dn_get_extended_linearized: char *(TALLOC_CTX *, struct ldb_dn *, int)
>> +ldb_dn_get_ldb_context: struct ldb_context *(struct ldb_dn *)
>> +ldb_dn_get_linearized: const char *(struct ldb_dn *)
>> +ldb_dn_get_parent: struct ldb_dn *(TALLOC_CTX *, struct ldb_dn *)
>> +ldb_dn_get_rdn_name: const char *(struct ldb_dn *)
>> +ldb_dn_get_rdn_val: const struct ldb_val *(struct ldb_dn *)
>> +ldb_dn_has_extended: bool (struct ldb_dn *)
>> +ldb_dn_is_null: bool (struct ldb_dn *)
>> +ldb_dn_is_special: bool (struct ldb_dn *)
>> +ldb_dn_is_valid: bool (struct ldb_dn *)
>> +ldb_dn_map_local: struct ldb_dn *(struct ldb_module *, void *, struct ldb_dn *)
>> +ldb_dn_map_rebase_remote: struct ldb_dn *(struct ldb_module *, void *, struct ldb_dn *)
>> +ldb_dn_map_remote: struct ldb_dn *(struct ldb_module *, void *, struct ldb_dn *)
>> +ldb_dn_minimise: bool (struct ldb_dn *)
>> +ldb_dn_new: struct ldb_dn *(TALLOC_CTX *, struct ldb_context *, const char *)
>> +ldb_dn_new_fmt: struct ldb_dn *(TALLOC_CTX *, struct ldb_context *, const char *, ...)
>> +ldb_dn_remove_base_components: bool (struct ldb_dn *, unsigned int)
>> +ldb_dn_remove_child_components: bool (struct ldb_dn *, unsigned int)
>> +ldb_dn_remove_extended_components: void (struct ldb_dn *)
>> +ldb_dn_replace_components: bool (struct ldb_dn *, struct ldb_dn *)
>> +ldb_dn_set_component: int (struct ldb_dn *, int, const char *, const struct ldb_val)
>> +ldb_dn_set_extended_component: int (struct ldb_dn *, const char *, const struct ldb_val *)
>> +ldb_dn_update_components: int (struct ldb_dn *, const struct ldb_dn *)
>> +ldb_dn_validate: bool (struct ldb_dn *)
>> +ldb_dump_results: void (struct ldb_context *, struct ldb_result *, FILE *)
>> +ldb_error_at: int (struct ldb_context *, int, const char *, const char *, int)
>> +ldb_errstring: const char *(struct ldb_context *)
>> +ldb_extended: int (struct ldb_context *, const char *, void *, struct ldb_result **)
>> +ldb_extended_default_callback: int (struct ldb_request *, struct ldb_reply *)
>> +ldb_filter_from_tree: char *(TALLOC_CTX *, const struct ldb_parse_tree *)
>> +ldb_get_config_basedn: struct ldb_dn *(struct ldb_context *)
>> +ldb_get_create_perms: unsigned int (struct ldb_context *)
>> +ldb_get_default_basedn: struct ldb_dn *(struct ldb_context *)
>> +ldb_get_event_context: struct tevent_context *(struct ldb_context *)
>> +ldb_get_flags: unsigned int (struct ldb_context *)
>> +ldb_get_opaque: void *(struct ldb_context *, const char *)
>> +ldb_get_root_basedn: struct ldb_dn *(struct ldb_context *)
>> +ldb_get_schema_basedn: struct ldb_dn *(struct ldb_context *)
>> +ldb_global_init: int (void)
>> +ldb_handle_get_event_context: struct tevent_context *(struct ldb_handle *)
>> +ldb_handle_new: struct ldb_handle *(TALLOC_CTX *, struct ldb_context *)
>> +ldb_handle_use_global_event_context: void (struct ldb_handle *)
>> +ldb_handler_copy: int (struct ldb_context *, void *, const struct ldb_val *, struct ldb_val *)
>> +ldb_handler_fold: int (struct ldb_context *, void *, const struct ldb_val *, struct ldb_val *)
>> +ldb_init: struct ldb_context *(TALLOC_CTX *, struct tevent_context *)
>> +ldb_ldif_message_redacted_string: char *(struct ldb_context *, TALLOC_CTX *, enum ldb_changetype, const struct ldb_message *)
>> +ldb_ldif_message_string: char *(struct ldb_context *, TALLOC_CTX *, enum ldb_changetype, const struct ldb_message *)
>> +ldb_ldif_parse_modrdn: int (struct ldb_context *, const struct ldb_ldif *, TALLOC_CTX *, struct ldb_dn **, struct ldb_dn **, bool *, struct ldb_dn **, struct ldb_dn **)
>> +ldb_ldif_read: struct ldb_ldif *(struct ldb_context *, int (*)(void *), void *)
>> +ldb_ldif_read_file: struct ldb_ldif *(struct ldb_context *, FILE *)
>> +ldb_ldif_read_file_state: struct ldb_ldif *(struct ldb_context *, struct ldif_read_file_state *)
>> +ldb_ldif_read_free: void (struct ldb_context *, struct ldb_ldif *)
>> +ldb_ldif_read_string: struct ldb_ldif *(struct ldb_context *, const char **)
>> +ldb_ldif_write: int (struct ldb_context *, int (*)(void *, const char *, ...), void *, const struct ldb_ldif *)
>> +ldb_ldif_write_file: int (struct ldb_context *, FILE *, const struct ldb_ldif *)
>> +ldb_ldif_write_redacted_trace_string: char *(struct ldb_context *, TALLOC_CTX *, const struct ldb_ldif *)
>> +ldb_ldif_write_string: char *(struct ldb_context *, TALLOC_CTX *, const struct ldb_ldif *)
>> +ldb_load_modules: int (struct ldb_context *, const char **)
>> +ldb_map_add: int (struct ldb_module *, struct ldb_request *)
>> +ldb_map_delete: int (struct ldb_module *, struct ldb_request *)
>> +ldb_map_init: int (struct ldb_module *, const struct ldb_map_attribute *, const struct ldb_map_objectclass *, const char * const *, const char *, const char *)
>> +ldb_map_modify: int (struct ldb_module *, struct ldb_request *)
>> +ldb_map_rename: int (struct ldb_module *, struct ldb_request *)
>> +ldb_map_search: int (struct ldb_module *, struct ldb_request *)
>> +ldb_match_msg: int (struct ldb_context *, const struct ldb_message *, const struct ldb_parse_tree *, struct ldb_dn *, enum ldb_scope)
>> +ldb_match_msg_error: int (struct ldb_context *, const struct ldb_message *, const struct ldb_parse_tree *, struct ldb_dn *, enum ldb_scope, bool *)
>> +ldb_match_msg_objectclass: int (const struct ldb_message *, const char *)
>> +ldb_mod_register_control: int (struct ldb_module *, const char *)
>> +ldb_modify: int (struct ldb_context *, const struct ldb_message *)
>> +ldb_modify_default_callback: int (struct ldb_request *, struct ldb_reply *)
>> +ldb_module_call_chain: char *(struct ldb_request *, TALLOC_CTX *)
>> +ldb_module_connect_backend: int (struct ldb_context *, const char *, const char **, struct ldb_module **)
>> +ldb_module_done: int (struct ldb_request *, struct ldb_control **, struct ldb_extended *, int)
>> +ldb_module_flags: uint32_t (struct ldb_context *)
>> +ldb_module_get_ctx: struct ldb_context *(struct ldb_module *)
>> +ldb_module_get_name: const char *(struct ldb_module *)
>> +ldb_module_get_ops: const struct ldb_module_ops *(struct ldb_module *)
>> +ldb_module_get_private: void *(struct ldb_module *)
>> +ldb_module_init_chain: int (struct ldb_context *, struct ldb_module *)
>> +ldb_module_load_list: int (struct ldb_context *, const char **, struct ldb_module *, struct ldb_module **)
>> +ldb_module_new: struct ldb_module *(TALLOC_CTX *, struct ldb_context *, const char *, const struct ldb_module_ops *)
>> +ldb_module_next: struct ldb_module *(struct ldb_module *)
>> +ldb_module_popt_options: struct poptOption **(struct ldb_context *)
>> +ldb_module_send_entry: int (struct ldb_request *, struct ldb_message *, struct ldb_control **)
>> +ldb_module_send_referral: int (struct ldb_request *, char *)
>> +ldb_module_set_next: void (struct ldb_module *, struct ldb_module *)
>> +ldb_module_set_private: void (struct ldb_module *, void *)
>> +ldb_modules_hook: int (struct ldb_context *, enum ldb_module_hook_type)
>> +ldb_modules_list_from_string: const char **(struct ldb_context *, TALLOC_CTX *, const char *)
>> +ldb_modules_load: int (const char *, const char *)
>> +ldb_msg_add: int (struct ldb_message *, const struct ldb_message_element *, int)
>> +ldb_msg_add_empty: int (struct ldb_message *, const char *, int, struct ldb_message_element **)
>> +ldb_msg_add_fmt: int (struct ldb_message *, const char *, const char *, ...)
>> +ldb_msg_add_linearized_dn: int (struct ldb_message *, const char *, struct ldb_dn *)
>> +ldb_msg_add_steal_string: int (struct ldb_message *, const char *, char *)
>> +ldb_msg_add_steal_value: int (struct ldb_message *, const char *, struct ldb_val *)
>> +ldb_msg_add_string: int (struct ldb_message *, const char *, const char *)
>> +ldb_msg_add_value: int (struct ldb_message *, const char *, const struct ldb_val *, struct ldb_message_element **)
>> +ldb_msg_canonicalize: struct ldb_message *(struct ldb_context *, const struct ldb_message *)
>> +ldb_msg_check_string_attribute: int (const struct ldb_message *, const char *, const char *)
>> +ldb_msg_copy: struct ldb_message *(TALLOC_CTX *, const struct ldb_message *)
>> +ldb_msg_copy_attr: int (struct ldb_message *, const char *, const char *)
>> +ldb_msg_copy_shallow: struct ldb_message *(TALLOC_CTX *, const struct ldb_message *)
>> +ldb_msg_diff: struct ldb_message *(struct ldb_context *, struct ldb_message *, struct ldb_message *)
>> +ldb_msg_difference: int (struct ldb_context *, TALLOC_CTX *, struct ldb_message *, struct ldb_message *, struct ldb_message **)
>> +ldb_msg_element_compare: int (struct ldb_message_element *, struct ldb_message_element *)
>> +ldb_msg_element_compare_name: int (struct ldb_message_element *, struct ldb_message_element *)
>> +ldb_msg_element_equal_ordered: bool (const struct ldb_message_element *, const struct ldb_message_element *)
>> +ldb_msg_find_attr_as_bool: int (const struct ldb_message *, const char *, int)
>> +ldb_msg_find_attr_as_dn: struct ldb_dn *(struct ldb_context *, TALLOC_CTX *, const struct ldb_message *, const char *)
>> +ldb_msg_find_attr_as_double: double (const struct ldb_message *, const char *, double)
>> +ldb_msg_find_attr_as_int: int (const struct ldb_message *, const char *, int)
>> +ldb_msg_find_attr_as_int64: int64_t (const struct ldb_message *, const char *, int64_t)
>> +ldb_msg_find_attr_as_string: const char *(const struct ldb_message *, const char *, const char *)
>> +ldb_msg_find_attr_as_uint: unsigned int (const struct ldb_message *, const char *, unsigned int)
>> +ldb_msg_find_attr_as_uint64: uint64_t (const struct ldb_message *, const char *, uint64_t)
>> +ldb_msg_find_common_values: int (struct ldb_context *, TALLOC_CTX *, struct ldb_message_element *, struct ldb_message_element *, uint32_t)
>> +ldb_msg_find_duplicate_val: int (struct ldb_context *, TALLOC_CTX *, const struct ldb_message_element *, struct ldb_val **, uint32_t)
>> +ldb_msg_find_element: struct ldb_message_element *(const struct ldb_message *, const char *)
>> +ldb_msg_find_ldb_val: const struct ldb_val *(const struct ldb_message *, const char *)
>> +ldb_msg_find_val: struct ldb_val *(const struct ldb_message_element *, struct ldb_val *)
>> +ldb_msg_new: struct ldb_message *(TALLOC_CTX *)
>> +ldb_msg_normalize: int (struct ldb_context *, TALLOC_CTX *, const struct ldb_message *, struct ldb_message **)
>> +ldb_msg_remove_attr: void (struct ldb_message *, const char *)
>> +ldb_msg_remove_element: void (struct ldb_message *, struct ldb_message_element *)
>> +ldb_msg_rename_attr: int (struct ldb_message *, const char *, const char *)
>> +ldb_msg_sanity_check: int (struct ldb_context *, const struct ldb_message *)
>> +ldb_msg_sort_elements: void (struct ldb_message *)
>> +ldb_next_del_trans: int (struct ldb_module *)
>> +ldb_next_end_trans: int (struct ldb_module *)
>> +ldb_next_init: int (struct ldb_module *)
>> +ldb_next_prepare_commit: int (struct ldb_module *)
>> +ldb_next_read_lock: int (struct ldb_module *)
>> +ldb_next_read_unlock: int (struct ldb_module *)
>> +ldb_next_remote_request: int (struct ldb_module *, struct ldb_request *)
>> +ldb_next_request: int (struct ldb_module *, struct ldb_request *)
>> +ldb_next_start_trans: int (struct ldb_module *)
>> +ldb_op_default_callback: int (struct ldb_request *, struct ldb_reply *)
>> +ldb_options_find: const char *(struct ldb_context *, const char **, const char *)
>> +ldb_pack_data: int (struct ldb_context *, const struct ldb_message *, struct ldb_val *)
>> +ldb_parse_control_from_string: struct ldb_control *(struct ldb_context *, TALLOC_CTX *, const char *)
>> +ldb_parse_control_strings: struct ldb_control **(struct ldb_context *, TALLOC_CTX *, const char **)
>> +ldb_parse_tree: struct ldb_parse_tree *(TALLOC_CTX *, const char *)
>> +ldb_parse_tree_attr_replace: void (struct ldb_parse_tree *, const char *, const char *)
>> +ldb_parse_tree_copy_shallow: struct ldb_parse_tree *(TALLOC_CTX *, const struct ldb_parse_tree *)
>> +ldb_parse_tree_walk: int (struct ldb_parse_tree *, int (*)(struct ldb_parse_tree *, void *), void *)
>> +ldb_qsort: void (void * const, size_t, size_t, void *, ldb_qsort_cmp_fn_t)
>> +ldb_register_backend: int (const char *, ldb_connect_fn, bool)
>> +ldb_register_extended_match_rule: int (struct ldb_context *, const struct ldb_extended_match_rule *)
>> +ldb_register_hook: int (ldb_hook_fn)
>> +ldb_register_module: int (const struct ldb_module_ops *)
>> +ldb_rename: int (struct ldb_context *, struct ldb_dn *, struct ldb_dn *)
>> +ldb_reply_add_control: int (struct ldb_reply *, const char *, bool, void *)
>> +ldb_reply_get_control: struct ldb_control *(struct ldb_reply *, const char *)
>> +ldb_req_get_custom_flags: uint32_t (struct ldb_request *)
>> +ldb_req_is_untrusted: bool (struct ldb_request *)
>> +ldb_req_location: const char *(struct ldb_request *)
>> +ldb_req_mark_trusted: void (struct ldb_request *)
>> +ldb_req_mark_untrusted: void (struct ldb_request *)
>> +ldb_req_set_custom_flags: void (struct ldb_request *, uint32_t)
>> +ldb_req_set_location: void (struct ldb_request *, const char *)
>> +ldb_request: int (struct ldb_context *, struct ldb_request *)
>> +ldb_request_add_control: int (struct ldb_request *, const char *, bool, void *)
>> +ldb_request_done: int (struct ldb_request *, int)
>> +ldb_request_get_control: struct ldb_control *(struct ldb_request *, const char *)
>> +ldb_request_get_status: int (struct ldb_request *)
>> +ldb_request_replace_control: int (struct ldb_request *, const char *, bool, void *)
>> +ldb_request_set_state: void (struct ldb_request *, int)
>> +ldb_reset_err_string: void (struct ldb_context *)
>> +ldb_save_controls: int (struct ldb_control *, struct ldb_request *, struct ldb_control ***)
>> +ldb_schema_attribute_add: int (struct ldb_context *, const char *, unsigned int, const char *)
>> +ldb_schema_attribute_add_with_syntax: int (struct ldb_context *, const char *, unsigned int, const struct ldb_schema_syntax *)
>> +ldb_schema_attribute_by_name: const struct ldb_schema_attribute *(struct ldb_context *, const char *)
>> +ldb_schema_attribute_fill_with_syntax: int (struct ldb_context *, TALLOC_CTX *, const char *, unsigned int, const struct ldb_schema_syntax *, struct ldb_schema_attribute *)
>> +ldb_schema_attribute_remove: void (struct ldb_context *, const char *)
>> +ldb_schema_attribute_remove_flagged: void (struct ldb_context *, unsigned int)
>> +ldb_schema_attribute_set_override_handler: void (struct ldb_context *, ldb_attribute_handler_override_fn_t, void *)
>> +ldb_schema_set_override_indexlist: void (struct ldb_context *, bool)
>> +ldb_search: int (struct ldb_context *, TALLOC_CTX *, struct ldb_result **, struct ldb_dn *, enum ldb_scope, const char * const *, const char *, ...)
>> +ldb_search_default_callback: int (struct ldb_request *, struct ldb_reply *)
>> +ldb_sequence_number: int (struct ldb_context *, enum ldb_sequence_type, uint64_t *)
>> +ldb_set_create_perms: void (struct ldb_context *, unsigned int)
>> +ldb_set_debug: int (struct ldb_context *, void (*)(void *, enum ldb_debug_level, const char *, va_list), void *)
>> +ldb_set_debug_stderr: int (struct ldb_context *)
>> +ldb_set_default_dns: void (struct ldb_context *)
>> +ldb_set_errstring: void (struct ldb_context *, const char *)
>> +ldb_set_event_context: void (struct ldb_context *, struct tevent_context *)
>> +ldb_set_flags: void (struct ldb_context *, unsigned int)
>> +ldb_set_modules_dir: void (struct ldb_context *, const char *)
>> +ldb_set_opaque: int (struct ldb_context *, const char *, void *)
>> +ldb_set_require_private_event_context: void (struct ldb_context *)
>> +ldb_set_timeout: int (struct ldb_context *, struct ldb_request *, int)
>> +ldb_set_timeout_from_prev_req: int (struct ldb_context *, struct ldb_request *, struct ldb_request *)
>> +ldb_set_utf8_default: void (struct ldb_context *)
>> +ldb_set_utf8_fns: void (struct ldb_context *, void *, char *(*)(void *, void *, const char *, size_t))
>> +ldb_setup_wellknown_attributes: int (struct ldb_context *)
>> +ldb_should_b64_encode: int (struct ldb_context *, const struct ldb_val *)
>> +ldb_standard_syntax_by_name: const struct ldb_schema_syntax *(struct ldb_context *, const char *)
>> +ldb_strerror: const char *(int)
>> +ldb_string_to_time: time_t (const char *)
>> +ldb_string_utc_to_time: time_t (const char *)
>> +ldb_timestring: char *(TALLOC_CTX *, time_t)
>> +ldb_timestring_utc: char *(TALLOC_CTX *, time_t)
>> +ldb_transaction_cancel: int (struct ldb_context *)
>> +ldb_transaction_cancel_noerr: int (struct ldb_context *)
>> +ldb_transaction_commit: int (struct ldb_context *)
>> +ldb_transaction_prepare_commit: int (struct ldb_context *)
>> +ldb_transaction_start: int (struct ldb_context *)
>> +ldb_unpack_data: int (struct ldb_context *, const struct ldb_val *, struct ldb_message *)
>> +ldb_unpack_data_only_attr_list: int (struct ldb_context *, const struct ldb_val *, struct ldb_message *, const char * const *, unsigned int, unsigned int *)
>> +ldb_unpack_data_only_attr_list_flags: int (struct ldb_context *, const struct ldb_val *, struct ldb_message *, const char * const *, unsigned int, unsigned int, unsigned int *)
>> +ldb_val_dup: struct ldb_val (TALLOC_CTX *, const struct ldb_val *)
>> +ldb_val_equal_exact: int (const struct ldb_val *, const struct ldb_val *)
>> +ldb_val_map_local: struct ldb_val (struct ldb_module *, void *, const struct ldb_map_attribute *, const struct ldb_val *)
>> +ldb_val_map_remote: struct ldb_val (struct ldb_module *, void *, const struct ldb_map_attribute *, const struct ldb_val *)
>> +ldb_val_string_cmp: int (const struct ldb_val *, const char *)
>> +ldb_val_to_time: int (const struct ldb_val *, time_t *)
>> +ldb_valid_attr_name: int (const char *)
>> +ldb_vdebug: void (struct ldb_context *, enum ldb_debug_level, const char *, va_list)
>> +ldb_wait: int (struct ldb_handle *, enum ldb_wait_type)
>> diff --git a/lib/ldb/ABI/pyldb-util-1.2.3.sigs b/lib/ldb/ABI/pyldb-util-1.2.3.sigs
>> new file mode 100644
>> index 0000000..74d6719
>> --- /dev/null
>> +++ b/lib/ldb/ABI/pyldb-util-1.2.3.sigs
>> @@ -0,0 +1,2 @@
>> +pyldb_Dn_FromDn: PyObject *(struct ldb_dn *)
>> +pyldb_Object_AsDn: bool (TALLOC_CTX *, PyObject *, struct ldb_context *, struct ldb_dn **)
>> diff --git a/lib/ldb/ABI/pyldb-util.py3-1.2.3.sigs b/lib/ldb/ABI/pyldb-util.py3-1.2.3.sigs
>> new file mode 100644
>> index 0000000..74d6719
>> --- /dev/null
>> +++ b/lib/ldb/ABI/pyldb-util.py3-1.2.3.sigs
>> @@ -0,0 +1,2 @@
>> +pyldb_Dn_FromDn: PyObject *(struct ldb_dn *)
>> +pyldb_Object_AsDn: bool (TALLOC_CTX *, PyObject *, struct ldb_context *, struct ldb_dn **)
>> diff --git a/lib/ldb/wscript b/lib/ldb/wscript
>> index bd17b7b..5ea5231 100644
>> --- a/lib/ldb/wscript
>> +++ b/lib/ldb/wscript
>> @@ -1,7 +1,7 @@
>>  #!/usr/bin/env python
>>  
>>  APPNAME = 'ldb'
>> -VERSION = '1.2.2'
>> +VERSION = '1.2.3'
>>  
>>  blddir = 'bin'
>>  
>> -- 2.7.4
>>
>>
>> 0011-samdb-Rework-samdb_connect_url-to-return-LDB-error-c.patch
>>
>>
>> From 5f5ab4d189822596dc51450ebc05be715c4a6f1c Mon Sep 17 00:00:00 2001
>> From: Andrew Bartlett <abartlet at samba.org>
>> Date: Thu, 14 Sep 2017 15:02:36 +1200
>> Subject: [PATCH 11/26] samdb: Rework samdb_connect_url() to return LDB error
>>  code and an error string
>>
>> This allows debugging of why the LDB failed to start up.
>>
>> Signed-off-by: Andrew Bartlett <abartlet at samba.org>
>> ---
>>  source3/passdb/pdb_samba_dsdb.c | 27 ++++++++++----------
>>  source4/dns_server/dlz_bind9.c  | 15 ++++++-----
>>  source4/dsdb/samdb/samdb.c      | 56 ++++++++++++++++++++++++++++++-----------
>>  source4/torture/dns/dlz_bind9.c | 14 ++++++-----
>>  4 files changed, 72 insertions(+), 40 deletions(-)
>>
>> diff --git a/source3/passdb/pdb_samba_dsdb.c b/source3/passdb/pdb_samba_dsdb.c
>> index cfa492b..6983f93 100644
>> --- a/source3/passdb/pdb_samba_dsdb.c
>> +++ b/source3/passdb/pdb_samba_dsdb.c
>> @@ -3023,7 +3023,9 @@ static NTSTATUS pdb_init_samba_dsdb(struct pdb_methods **pdb_method,
>>  	struct pdb_methods *m;
>>  	struct pdb_samba_dsdb_state *state;
>>  	NTSTATUS status;
>> -
>> +	char *errstring = NULL;
>> +	int ret;
>> +	
>>  	if ( !NT_STATUS_IS_OK(status = make_pdb_method( &m )) ) {
>>  		return status;
>>  	}
>> @@ -3048,21 +3050,20 @@ static NTSTATUS pdb_init_samba_dsdb(struct pdb_methods **pdb_method,
>>  		goto nomem;
>>  	}
>>  
>> -	if (location) {
>> -		state->ldb = samdb_connect_url(state,
>> -				   state->ev,
>> -				   state->lp_ctx,
>> -				   system_session(state->lp_ctx),
>> -				   0, location);
>> -	} else {
>> -		state->ldb = samdb_connect(state,
>> -				   state->ev,
>> -				   state->lp_ctx,
>> -				   system_session(state->lp_ctx), 0);
>> +	if (location == NULL) {
>> +		location = "sam.ldb";
>>  	}
>> +	
>> +	ret = samdb_connect_url(state,
>> +				state->ev,
>> +				state->lp_ctx,
>> +				system_session(state->lp_ctx),
>> +				0, location,
>> +				&state->ldb, &errstring);
>>  
>>  	if (!state->ldb) {
>> -		DEBUG(0, ("samdb_connect failed\n"));
>> +		DEBUG(0, ("samdb_connect failed: %s: %s\n",
>> +			  errstring, ldb_strerror(ret)));
>>  		status = NT_STATUS_INTERNAL_ERROR;
>>  		goto fail;
>>  	}
>> diff --git a/source4/dns_server/dlz_bind9.c b/source4/dns_server/dlz_bind9.c
>> index 8e0820d..c1f9a27 100644
>> --- a/source4/dns_server/dlz_bind9.c
>> +++ b/source4/dns_server/dlz_bind9.c
>> @@ -614,7 +614,9 @@ _PUBLIC_ isc_result_t dlz_create(const char *dlzname,
>>  	isc_result_t result;
>>  	struct ldb_dn *dn;
>>  	NTSTATUS nt_status;
>> -
>> +	int ret;
>> +	char *errstring = NULL;
>> +	
>>  	if (dlz_bind9_state != NULL) {
>>  		*dbdata = dlz_bind9_state;
>>  		dlz_bind9_state_ref_count++;
>> @@ -701,11 +703,12 @@ _PUBLIC_ isc_result_t dlz_create(const char *dlzname,
>>  		}
>>  	}
>>  
>> -	state->samdb = samdb_connect_url(state, state->ev_ctx, state->lp,
>> -					system_session(state->lp), 0, state->options.url);
>> -	if (state->samdb == NULL) {
>> -		state->log(ISC_LOG_ERROR, "samba_dlz: Failed to connect to %s",
>> -			state->options.url);
>> +	ret = samdb_connect_url(state, state->ev_ctx, state->lp,
>> +				system_session(state->lp), 0, state->options.url,
>> +				&state->samdb, &errstring);
>> +	if (ret != LDB_SUCCESS) {
>> +		state->log(ISC_LOG_ERROR, "samba_dlz: Failed to connect to %s: %s",
>> +			   errstring, ldb_strerror(ret));
>>  		result = ISC_R_FAILURE;
>>  		goto failed;
>>  	}
>> diff --git a/source4/dsdb/samdb/samdb.c b/source4/dsdb/samdb/samdb.c
>> index 4584a61..5d29497 100644
>> --- a/source4/dsdb/samdb/samdb.c
>> +++ b/source4/dsdb/samdb/samdb.c
>> @@ -47,38 +47,57 @@
>>    connect to the SAM database specified by URL
>>    return an opaque context pointer on success, or NULL on failure
>>   */
>> -struct ldb_context *samdb_connect_url(TALLOC_CTX *mem_ctx,
>> -				  struct tevent_context *ev_ctx,
>> -				  struct loadparm_context *lp_ctx,
>> -				  struct auth_session_info *session_info,
>> -				  unsigned int flags, const char *url)
>> +int samdb_connect_url(TALLOC_CTX *mem_ctx,
>> +		      struct tevent_context *ev_ctx,
>> +		      struct loadparm_context *lp_ctx,
>> +		      struct auth_session_info *session_info,
>> +		      unsigned int flags, const char *url,
>> +		      struct ldb_context **ldb_ret,
>> +		      char **errstring)
>>  {
>> -	struct ldb_context *ldb;
>> +	struct ldb_context *ldb = NULL;
>>  	int ret;
>> -
>> +	*ldb_ret = NULL;
>> +	*errstring = NULL;
>>  	ldb = ldb_wrap_find(url, ev_ctx, lp_ctx, session_info, NULL, flags);
>> -	if (ldb != NULL)
>> -		return talloc_reference(mem_ctx, ldb);
>> +	if (ldb != NULL) {
>> +		*ldb_ret = talloc_reference(mem_ctx, ldb);
>> +		if (*ldb_ret == NULL) {
>> +			return LDB_ERR_OPERATIONS_ERROR;
>> +		}
>> +		return LDB_SUCCESS;
>> +	}
>>  
>>  	ldb = samba_ldb_init(mem_ctx, ev_ctx, lp_ctx, session_info, NULL);
>>  
>> -	if (ldb == NULL)
>> -		return NULL;
>> +	if (ldb == NULL) {
>> +		*errstring = talloc_asprintf(mem_ctx,
>> +					     "Failed to set up Samba ldb wrappers "
>> +					     "with samba_ldb_init() to connect to %s",
>> +					     url);
>> +		return LDB_ERR_OPERATIONS_ERROR;
>> +	}
>>  
>>  	dsdb_set_global_schema(ldb);
>>  
>>  	ret = samba_ldb_connect(ldb, lp_ctx, url, flags);
>>  	if (ret != LDB_SUCCESS) {
>> +		*errstring = talloc_asprintf(mem_ctx, "Failed to connect to %s: %s",
>> +					     url,
>> +					     ldb_errstring(ldb));
>>  		talloc_free(ldb);
>> -		return NULL;
>> +		return LDB_ERR_OPERATIONS_ERROR;
>>  	}
>>  
>>  	if (!ldb_wrap_add(url, ev_ctx, lp_ctx, session_info, NULL, flags, ldb)) {
>> +		*errstring = talloc_asprintf(mem_ctx, "Failed to add cached DB reference to %s",
>> +					     url);
>>  		talloc_free(ldb);
>> -		return NULL;
>> +		return LDB_ERR_OPERATIONS_ERROR;
>>  	}
>>  
>> -	return ldb;
>> +	*ldb_ret = ldb;
>> +	return LDB_SUCCESS;
>>  }
>>  
>>  
>> @@ -92,7 +111,14 @@ struct ldb_context *samdb_connect(TALLOC_CTX *mem_ctx,
>>  				  struct auth_session_info *session_info,
>>  				  unsigned int flags)
>>  {
>> -	return samdb_connect_url(mem_ctx, ev_ctx, lp_ctx, session_info, flags, "sam.ldb");
>> +	char *errstring;
>> +	struct ldb_context *ldb;
>> +	int ret = samdb_connect_url(mem_ctx, ev_ctx, lp_ctx, session_info, flags,
>> +				    "sam.ldb", &ldb, &errstring);
>> +	if (ret == LDB_SUCCESS) {
>> +		return ldb;
>> +	}
>> +	return NULL;
>>  }
>>  
>>  /****************************************************************************
>> diff --git a/source4/torture/dns/dlz_bind9.c b/source4/torture/dns/dlz_bind9.c
>> index 893158f..2234e7a 100644
>> --- a/source4/torture/dns/dlz_bind9.c
>> +++ b/source4/torture/dns/dlz_bind9.c
>> @@ -86,16 +86,18 @@ static isc_result_t dlz_bind9_writeable_zone_hook(dns_view_t *view,
>>  					   const char *zone_name)
>>  {
>>  	struct torture_context *tctx = talloc_get_type((void *)view, struct torture_context);
>> -	struct ldb_context *samdb = samdb_connect_url(tctx, NULL, tctx->lp_ctx,
>> -						      system_session(tctx->lp_ctx),
>> -						      0,
>> -						      test_dlz_bind9_binddns_dir(tctx, "dns/sam.ldb"));
>> +	struct ldb_context *samdb = NULL;
>> +	char *errstring = NULL;
>> +	int ret = samdb_connect_url(tctx, NULL, tctx->lp_ctx,
>> +				    system_session(tctx->lp_ctx),
>> +				    0,
>> +				    test_dlz_bind9_binddns_dir(tctx, "dns/sam.ldb"),
>> +				    &samdb, &errstring);
>>  	struct ldb_message *msg;
>> -	int ret;
>>  	const char *attrs[] = {
>>  		NULL
>>  	};
>> -	if (!samdb) {
>> +	if (ret != LDB_SUCCESS) {
>>  		torture_fail(tctx, "Failed to connect to samdb");
>>  		return ISC_R_FAILURE;
>>  	}
>> -- 2.7.4
>>
> 
> 
> 
> 
-------------- next part --------------
From e0eb9a32a12d8b485778fa3b869407410bcf9f98 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet at samba.org>
Date: Thu, 14 Sep 2017 14:04:51 +1200
Subject: [PATCH 1/7] ldb_tdb: Map TDB error codes into LDB error codes in
 ltdb_lock_read()

The ltdb_lock_read() routine did not return an LDB error code, but -1.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13033

Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
---
 lib/ldb/ldb_tdb/ldb_tdb.c | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/lib/ldb/ldb_tdb/ldb_tdb.c b/lib/ldb/ldb_tdb/ldb_tdb.c
index ccad816..055d835 100644
--- a/lib/ldb/ldb_tdb/ldb_tdb.c
+++ b/lib/ldb/ldb_tdb/ldb_tdb.c
@@ -98,15 +98,26 @@ int ltdb_lock_read(struct ldb_module *module)
 {
 	void *data = ldb_module_get_private(module);
 	struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
-	int ret = 0;
+	int tdb_ret = 0;
+	int ret;
 
 	if (ltdb->in_transaction == 0 &&
 	    ltdb->read_lock_count == 0) {
-		ret = tdb_lockall_read(ltdb->tdb);
+		tdb_ret = tdb_lockall_read(ltdb->tdb);
 	}
-	if (ret == 0) {
+	if (tdb_ret == 0) {
 		ltdb->read_lock_count++;
+		return LDB_SUCCESS;
+	}
+	ret = ltdb_err_map(tdb_error(ltdb->tdb));
+	if (ret == LDB_SUCCESS) {
+		ret = LDB_ERR_OPERATIONS_ERROR;
 	}
+	ldb_debug_set(ldb_module_get_ctx(module),
+		      LDB_DEBUG_FATAL,
+		      "Failure during ltdb_lock_read(): %s -> %s",
+		      tdb_errorstr(ltdb->tdb),
+		      ldb_strerror(ret));
 	return ret;
 }
 
-- 
2.7.4


From aa9a94377ec9e0e5c58e178bcbfb4e753084f180 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet at samba.org>
Date: Thu, 14 Sep 2017 15:01:39 +1200
Subject: [PATCH 2/7] ldb_tdb: Give a debug message as well as setting the
 error string if prepare_commit() fails

This is a serious condition, and should be logged.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13033

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
---
 lib/ldb/ldb_tdb/ldb_tdb.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/lib/ldb/ldb_tdb/ldb_tdb.c b/lib/ldb/ldb_tdb/ldb_tdb.c
index 055d835..eba0d0e 100644
--- a/lib/ldb/ldb_tdb/ldb_tdb.c
+++ b/lib/ldb/ldb_tdb/ldb_tdb.c
@@ -1196,10 +1196,11 @@ static int ltdb_prepare_commit(struct ldb_module *module)
 	if (tdb_transaction_prepare_commit(ltdb->tdb) != 0) {
 		ret = ltdb_err_map(tdb_error(ltdb->tdb));
 		ltdb->in_transaction--;
-		ldb_asprintf_errstring(ldb_module_get_ctx(module),
-				       "Failure during tdb_transaction_prepare_commit(): %s -> %s",
-				       tdb_errorstr(ltdb->tdb),
-				       ldb_strerror(ret));
+		ldb_debug_set(ldb_module_get_ctx(module),
+			      LDB_DEBUG_FATAL,
+			      "Failure during tdb_transaction_prepare_commit(): %s -> %s",
+			      tdb_errorstr(ltdb->tdb),
+			      ldb_strerror(ret));
 		return ret;
 	}
 
-- 
2.7.4


From fad30e6649c7b88f1cf5138a779fd12147826301 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet at samba.org>
Date: Mon, 18 Sep 2017 10:43:32 +1200
Subject: [PATCH 3/7] ldb_tdb: Change ltdb_connect() NOT to request a
 kernel-level read only TDB

We support opening and LDB multiple times in a process, but do not support this in tdb.

As we can open the ldb with different flags, we must ensure a later read-write
open is possible.

Additionally, a read-only TDB will refuse the all-record lock, preventing
the ldb from even loading.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13033

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
---
 lib/ldb/ldb_tdb/ldb_index.c | 13 +++++++++++++
 lib/ldb/ldb_tdb/ldb_tdb.c   | 42 +++++++++++++++++++++++++++++++++++-------
 lib/ldb/ldb_tdb/ldb_tdb.h   |  2 ++
 3 files changed, 50 insertions(+), 7 deletions(-)

diff --git a/lib/ldb/ldb_tdb/ldb_index.c b/lib/ldb/ldb_tdb/ldb_index.c
index 3510dd9..7b36ac4 100644
--- a/lib/ldb/ldb_tdb/ldb_index.c
+++ b/lib/ldb/ldb_tdb/ldb_index.c
@@ -310,6 +310,11 @@ static int ltdb_dn_list_store(struct ldb_module *module, struct ldb_dn *dn,
 	rec.dptr = (uint8_t *)&list2;
 	rec.dsize = sizeof(void *);
 
+
+	/*
+	 * This is not a store into the main DB, but into an in-memory
+	 * TDB, so we don't need a guard on ltdb->read_only
+	 */
 	ret = tdb_store(ltdb->idxptr->itdb, key, rec, TDB_INSERT);
 	if (ret != 0) {
 		return ltdb_err_map(tdb_error(ltdb->idxptr->itdb));
@@ -1760,6 +1765,14 @@ int ltdb_reindex(struct ldb_module *module)
 	int ret;
 	struct ltdb_reindex_context ctx;
 
+	/*
+	 * Only triggered after a modification, but make clear we do
+	 * not re-index a read-only DB
+	 */
+	if (ltdb->read_only) {
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
 	if (ltdb_cache_reload(module) != 0) {
 		return LDB_ERR_OPERATIONS_ERROR;
 	}
diff --git a/lib/ldb/ldb_tdb/ldb_tdb.c b/lib/ldb/ldb_tdb/ldb_tdb.c
index eba0d0e..6582586 100644
--- a/lib/ldb/ldb_tdb/ldb_tdb.c
+++ b/lib/ldb/ldb_tdb/ldb_tdb.c
@@ -308,6 +308,10 @@ int ltdb_store(struct ldb_module *module, const struct ldb_message *msg, int flg
 	struct ldb_val ldb_data;
 	int ret = LDB_SUCCESS;
 
+	if (ltdb->read_only) {
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
 	tdb_key = ltdb_key(module, msg->dn);
 	if (tdb_key.dptr == NULL) {
 		return LDB_ERR_OTHER;
@@ -476,6 +480,10 @@ int ltdb_delete_noindex(struct ldb_module *module, struct ldb_dn *dn)
 	TDB_DATA tdb_key;
 	int ret;
 
+	if (ltdb->read_only) {
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
 	tdb_key = ltdb_key(module, dn);
 	if (!tdb_key.dptr) {
 		return LDB_ERR_OTHER;
@@ -1165,6 +1173,11 @@ static int ltdb_start_trans(struct ldb_module *module)
 	void *data = ldb_module_get_private(module);
 	struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
 
+	/* Do not take out the transaction lock on a read-only DB */
+	if (ltdb->read_only) {
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
 	if (tdb_transaction_start(ltdb->tdb) != 0) {
 		return ltdb_err_map(tdb_error(ltdb->tdb));
 	}
@@ -1647,20 +1660,35 @@ static int ltdb_connect(struct ldb_context *ldb, const char *url,
 		tdb_flags |= TDB_NOMMAP;
 	}
 
+	ltdb = talloc_zero(ldb, struct ltdb_private);
+	if (!ltdb) {
+		ldb_oom(ldb);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
 	if (flags & LDB_FLG_RDONLY) {
-		open_flags = O_RDONLY;
+		/*
+		 * This is weird, but because we can only have one tdb
+		 * in this process, and the other one could be
+		 * read-write, we can't use the tdb readonly.  Plus a
+		 * read only tdb prohibits the all-record lock.
+		 */
+		open_flags = O_RDWR;
+
+		ltdb->read_only = true;
+
 	} else if (flags & LDB_FLG_DONT_CREATE_DB) {
+		/*
+		 * This is weird, but because we can only have one tdb
+		 * in this process, and the other one could be
+		 * read-write, we can't use the tdb readonly.  Plus a
+		 * read only tdb prohibits the all-record lock.
+		 */
 		open_flags = O_RDWR;
 	} else {
 		open_flags = O_CREAT | O_RDWR;
 	}
 
-	ltdb = talloc_zero(ldb, struct ltdb_private);
-	if (!ltdb) {
-		ldb_oom(ldb);
-		return LDB_ERR_OPERATIONS_ERROR;
-	}
-
 	/* note that we use quite a large default hash size */
 	ltdb->tdb = ltdb_wrap_open(ltdb, path, 10000,
 				   tdb_flags, open_flags,
diff --git a/lib/ldb/ldb_tdb/ldb_tdb.h b/lib/ldb/ldb_tdb/ldb_tdb.h
index a391606..88cec3e 100644
--- a/lib/ldb/ldb_tdb/ldb_tdb.h
+++ b/lib/ldb/ldb_tdb/ldb_tdb.h
@@ -32,6 +32,8 @@ struct ltdb_private {
 
 	bool warn_unindexed;
 	bool warn_reindex;
+
+	bool read_only;
 };
 
 struct ltdb_context {
-- 
2.7.4


From 6125ce70220318812635a0e77f6b4986052ec2f5 Mon Sep 17 00:00:00 2001
From: Gary Lockyer <gary at catalyst.net.nz>
Date: Thu, 14 Sep 2017 11:37:41 +1200
Subject: [PATCH 4/7] ldb: Add tests for read only behaviour

As the kernel is no longer enforcing the read-only DB
add some tests.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13033

Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
---
 lib/ldb/tests/ldb_mod_op_test.c | 152 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 152 insertions(+)

diff --git a/lib/ldb/tests/ldb_mod_op_test.c b/lib/ldb/tests/ldb_mod_op_test.c
index 5e439f8..48ad20c 100644
--- a/lib/ldb/tests/ldb_mod_op_test.c
+++ b/lib/ldb/tests/ldb_mod_op_test.c
@@ -2861,6 +2861,155 @@ static void test_ldb_rename_dn_case_change(void **state)
 	/* FIXME - test the values didn't change */
 }
 
+static int ldb_read_only_setup(void **state)
+{
+	struct ldbtest_ctx *test_ctx;
+
+	ldbtest_setup((void **) &test_ctx);
+
+	*state = test_ctx;
+	return 0;
+}
+
+static int ldb_read_only_teardown(void **state)
+{
+	struct ldbtest_ctx *test_ctx = talloc_get_type_abort(*state,
+							struct ldbtest_ctx);
+	ldbtest_teardown((void **) &test_ctx);
+	return 0;
+}
+
+static void test_read_only(void **state)
+{
+	struct ldb_context *ro_ldb = NULL;
+	struct ldb_context *rw_ldb = NULL;
+	int ret;
+	TALLOC_CTX *tmp_ctx = NULL;
+
+	struct ldbtest_ctx *test_ctx = talloc_get_type_abort(*state,
+							struct ldbtest_ctx);
+	/*
+	 * Close the ldb context freeing it this will ensure it exists on
+	 * disk and can be opened in read only mode
+	 */
+	TALLOC_FREE(test_ctx->ldb);
+
+	/*
+	 * Open the database in read only and read write mode,
+	 * ensure it's opend in read only mode first
+	 */
+	ro_ldb = ldb_init(test_ctx, test_ctx->ev);
+	ret = ldb_connect(ro_ldb, test_ctx->dbpath, LDB_FLG_RDONLY, NULL);
+	assert_int_equal(ret, 0);
+
+	rw_ldb = ldb_init(test_ctx, test_ctx->ev);
+	ret = ldb_connect(rw_ldb, test_ctx->dbpath, 0, NULL);
+	assert_int_equal(ret, 0);
+
+
+	/*
+	 * Set up a context for the temporary variables
+	 */
+	tmp_ctx = talloc_new(test_ctx);
+	assert_non_null(tmp_ctx);
+
+	/*
+	 * Ensure that we can search the read write database
+	 */
+	{
+		struct ldb_result *result = NULL;
+		struct ldb_dn *dn = ldb_dn_new_fmt(tmp_ctx, rw_ldb,
+						       "dc=test");
+		assert_non_null(dn);
+
+		ret = ldb_search(rw_ldb, tmp_ctx, &result, dn,
+				 LDB_SCOPE_BASE, NULL, NULL);
+		assert_int_equal(ret, LDB_SUCCESS);
+		TALLOC_FREE(result);
+		TALLOC_FREE(dn);
+	}
+
+	/*
+	 * Ensure that we can search the read only database
+	 */
+	{
+		struct ldb_result *result = NULL;
+		struct ldb_dn *dn = ldb_dn_new_fmt(tmp_ctx, ro_ldb,
+						       "dc=test");
+		assert_non_null(dn);
+
+		ret = ldb_search(ro_ldb, tmp_ctx, &result, dn,
+				 LDB_SCOPE_BASE, NULL, NULL);
+		assert_int_equal(ret, LDB_SUCCESS);
+		TALLOC_FREE(result);
+		TALLOC_FREE(dn);
+	}
+	/*
+	 * Ensure that a write to the read only database fails
+	 */
+	{
+		struct ldb_message *msg = NULL;
+		msg = ldb_msg_new(tmp_ctx);
+		assert_non_null(msg);
+
+		msg->dn = ldb_dn_new_fmt(msg, ro_ldb, "dc=test");
+		assert_non_null(msg->dn);
+
+		ret = ldb_msg_add_string(msg, "cn", "test_cn_val");
+		assert_int_equal(ret, 0);
+
+		ret = ldb_add(ro_ldb, msg);
+		assert_int_equal(ret, LDB_ERR_UNWILLING_TO_PERFORM);
+		TALLOC_FREE(msg);
+	}
+
+	/*
+	 * Ensure that a write to the read write database succeeds
+	 */
+	{
+		struct ldb_message *msg = NULL;
+		msg = ldb_msg_new(tmp_ctx);
+		assert_non_null(msg);
+
+		msg->dn = ldb_dn_new_fmt(msg, ro_ldb, "dc=test");
+		assert_non_null(msg->dn);
+
+		ret = ldb_msg_add_string(msg, "cn", "test_cn_val");
+		assert_int_equal(ret, 0);
+
+		ret = ldb_add(rw_ldb, msg);
+		assert_int_equal(ret, LDB_SUCCESS);
+		TALLOC_FREE(msg);
+	}
+
+	/*
+	 * Ensure that a delete from a read only database fails
+	 */
+	{
+		struct ldb_dn *dn = ldb_dn_new_fmt(tmp_ctx, ro_ldb, "dc=test");
+		assert_non_null(dn);
+
+		ret = ldb_delete(ro_ldb, dn);
+		assert_int_equal(ret, LDB_ERR_UNWILLING_TO_PERFORM);
+		TALLOC_FREE(dn);
+	}
+
+
+	/*
+	 * Ensure that a delete from a read write succeeds
+	 */
+	{
+		struct ldb_dn *dn = ldb_dn_new_fmt(tmp_ctx, rw_ldb, "dc=test");
+		assert_non_null(dn);
+
+		ret = ldb_delete(rw_ldb, dn);
+		assert_int_equal(ret, LDB_SUCCESS);
+		TALLOC_FREE(dn);
+	}
+	TALLOC_FREE(tmp_ctx);
+}
+
+
 int main(int argc, const char **argv)
 {
 	const struct CMUnitTest tests[] = {
@@ -2981,6 +3130,9 @@ int main(int argc, const char **argv)
 		cmocka_unit_test_setup_teardown(test_ldb_rename_dn_case_change,
 						ldb_rename_test_setup,
 						ldb_rename_test_teardown),
+		cmocka_unit_test_setup_teardown(test_read_only,
+						ldb_read_only_setup,
+						ldb_read_only_teardown),
 	};
 
 	return cmocka_run_group_tests(tests, NULL, NULL);
-- 
2.7.4


From a2f490c605cb388e732cce4eca5680df32f5f331 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet at samba.org>
Date: Thu, 14 Sep 2017 14:44:39 +1200
Subject: [PATCH 5/7] ldb: Release 1.2.3

 * Bug #13033 LDB open with LDB_FLG_RDONLY can cause the database
   to fail to open

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13033

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
---
 lib/ldb/ABI/ldb-1.2.3.sigs            | 277 ++++++++++++++++++++++++++++++++++
 lib/ldb/ABI/pyldb-util-1.2.3.sigs     |   2 +
 lib/ldb/ABI/pyldb-util.py3-1.2.3.sigs |   2 +
 lib/ldb/wscript                       |   2 +-
 4 files changed, 282 insertions(+), 1 deletion(-)
 create mode 100644 lib/ldb/ABI/ldb-1.2.3.sigs
 create mode 100644 lib/ldb/ABI/pyldb-util-1.2.3.sigs
 create mode 100644 lib/ldb/ABI/pyldb-util.py3-1.2.3.sigs

diff --git a/lib/ldb/ABI/ldb-1.2.3.sigs b/lib/ldb/ABI/ldb-1.2.3.sigs
new file mode 100644
index 0000000..9dc61cd
--- /dev/null
+++ b/lib/ldb/ABI/ldb-1.2.3.sigs
@@ -0,0 +1,277 @@
+ldb_add: int (struct ldb_context *, const struct ldb_message *)
+ldb_any_comparison: int (struct ldb_context *, void *, ldb_attr_handler_t, const struct ldb_val *, const struct ldb_val *)
+ldb_asprintf_errstring: void (struct ldb_context *, const char *, ...)
+ldb_attr_casefold: char *(TALLOC_CTX *, const char *)
+ldb_attr_dn: int (const char *)
+ldb_attr_in_list: int (const char * const *, const char *)
+ldb_attr_list_copy: const char **(TALLOC_CTX *, const char * const *)
+ldb_attr_list_copy_add: const char **(TALLOC_CTX *, const char * const *, const char *)
+ldb_base64_decode: int (char *)
+ldb_base64_encode: char *(TALLOC_CTX *, const char *, int)
+ldb_binary_decode: struct ldb_val (TALLOC_CTX *, const char *)
+ldb_binary_encode: char *(TALLOC_CTX *, struct ldb_val)
+ldb_binary_encode_string: char *(TALLOC_CTX *, const char *)
+ldb_build_add_req: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, const struct ldb_message *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *)
+ldb_build_del_req: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, struct ldb_dn *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *)
+ldb_build_extended_req: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, const char *, void *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *)
+ldb_build_mod_req: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, const struct ldb_message *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *)
+ldb_build_rename_req: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, struct ldb_dn *, struct ldb_dn *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *)
+ldb_build_search_req: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, struct ldb_dn *, enum ldb_scope, const char *, const char * const *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *)
+ldb_build_search_req_ex: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, struct ldb_dn *, enum ldb_scope, struct ldb_parse_tree *, const char * const *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *)
+ldb_casefold: char *(struct ldb_context *, TALLOC_CTX *, const char *, size_t)
+ldb_casefold_default: char *(void *, TALLOC_CTX *, const char *, size_t)
+ldb_check_critical_controls: int (struct ldb_control **)
+ldb_comparison_binary: int (struct ldb_context *, void *, const struct ldb_val *, const struct ldb_val *)
+ldb_comparison_fold: int (struct ldb_context *, void *, const struct ldb_val *, const struct ldb_val *)
+ldb_connect: int (struct ldb_context *, const char *, unsigned int, const char **)
+ldb_control_to_string: char *(TALLOC_CTX *, const struct ldb_control *)
+ldb_controls_except_specified: struct ldb_control **(struct ldb_control **, TALLOC_CTX *, struct ldb_control *)
+ldb_debug: void (struct ldb_context *, enum ldb_debug_level, const char *, ...)
+ldb_debug_add: void (struct ldb_context *, const char *, ...)
+ldb_debug_end: void (struct ldb_context *, enum ldb_debug_level)
+ldb_debug_set: void (struct ldb_context *, enum ldb_debug_level, const char *, ...)
+ldb_delete: int (struct ldb_context *, struct ldb_dn *)
+ldb_dn_add_base: bool (struct ldb_dn *, struct ldb_dn *)
+ldb_dn_add_base_fmt: bool (struct ldb_dn *, const char *, ...)
+ldb_dn_add_child: bool (struct ldb_dn *, struct ldb_dn *)
+ldb_dn_add_child_fmt: bool (struct ldb_dn *, const char *, ...)
+ldb_dn_alloc_casefold: char *(TALLOC_CTX *, struct ldb_dn *)
+ldb_dn_alloc_linearized: char *(TALLOC_CTX *, struct ldb_dn *)
+ldb_dn_canonical_ex_string: char *(TALLOC_CTX *, struct ldb_dn *)
+ldb_dn_canonical_string: char *(TALLOC_CTX *, struct ldb_dn *)
+ldb_dn_check_local: bool (struct ldb_module *, struct ldb_dn *)
+ldb_dn_check_special: bool (struct ldb_dn *, const char *)
+ldb_dn_compare: int (struct ldb_dn *, struct ldb_dn *)
+ldb_dn_compare_base: int (struct ldb_dn *, struct ldb_dn *)
+ldb_dn_copy: struct ldb_dn *(TALLOC_CTX *, struct ldb_dn *)
+ldb_dn_escape_value: char *(TALLOC_CTX *, struct ldb_val)
+ldb_dn_extended_add_syntax: int (struct ldb_context *, unsigned int, const struct ldb_dn_extended_syntax *)
+ldb_dn_extended_filter: void (struct ldb_dn *, const char * const *)
+ldb_dn_extended_syntax_by_name: const struct ldb_dn_extended_syntax *(struct ldb_context *, const char *)
+ldb_dn_from_ldb_val: struct ldb_dn *(TALLOC_CTX *, struct ldb_context *, const struct ldb_val *)
+ldb_dn_get_casefold: const char *(struct ldb_dn *)
+ldb_dn_get_comp_num: int (struct ldb_dn *)
+ldb_dn_get_component_name: const char *(struct ldb_dn *, unsigned int)
+ldb_dn_get_component_val: const struct ldb_val *(struct ldb_dn *, unsigned int)
+ldb_dn_get_extended_comp_num: int (struct ldb_dn *)
+ldb_dn_get_extended_component: const struct ldb_val *(struct ldb_dn *, const char *)
+ldb_dn_get_extended_linearized: char *(TALLOC_CTX *, struct ldb_dn *, int)
+ldb_dn_get_ldb_context: struct ldb_context *(struct ldb_dn *)
+ldb_dn_get_linearized: const char *(struct ldb_dn *)
+ldb_dn_get_parent: struct ldb_dn *(TALLOC_CTX *, struct ldb_dn *)
+ldb_dn_get_rdn_name: const char *(struct ldb_dn *)
+ldb_dn_get_rdn_val: const struct ldb_val *(struct ldb_dn *)
+ldb_dn_has_extended: bool (struct ldb_dn *)
+ldb_dn_is_null: bool (struct ldb_dn *)
+ldb_dn_is_special: bool (struct ldb_dn *)
+ldb_dn_is_valid: bool (struct ldb_dn *)
+ldb_dn_map_local: struct ldb_dn *(struct ldb_module *, void *, struct ldb_dn *)
+ldb_dn_map_rebase_remote: struct ldb_dn *(struct ldb_module *, void *, struct ldb_dn *)
+ldb_dn_map_remote: struct ldb_dn *(struct ldb_module *, void *, struct ldb_dn *)
+ldb_dn_minimise: bool (struct ldb_dn *)
+ldb_dn_new: struct ldb_dn *(TALLOC_CTX *, struct ldb_context *, const char *)
+ldb_dn_new_fmt: struct ldb_dn *(TALLOC_CTX *, struct ldb_context *, const char *, ...)
+ldb_dn_remove_base_components: bool (struct ldb_dn *, unsigned int)
+ldb_dn_remove_child_components: bool (struct ldb_dn *, unsigned int)
+ldb_dn_remove_extended_components: void (struct ldb_dn *)
+ldb_dn_replace_components: bool (struct ldb_dn *, struct ldb_dn *)
+ldb_dn_set_component: int (struct ldb_dn *, int, const char *, const struct ldb_val)
+ldb_dn_set_extended_component: int (struct ldb_dn *, const char *, const struct ldb_val *)
+ldb_dn_update_components: int (struct ldb_dn *, const struct ldb_dn *)
+ldb_dn_validate: bool (struct ldb_dn *)
+ldb_dump_results: void (struct ldb_context *, struct ldb_result *, FILE *)
+ldb_error_at: int (struct ldb_context *, int, const char *, const char *, int)
+ldb_errstring: const char *(struct ldb_context *)
+ldb_extended: int (struct ldb_context *, const char *, void *, struct ldb_result **)
+ldb_extended_default_callback: int (struct ldb_request *, struct ldb_reply *)
+ldb_filter_from_tree: char *(TALLOC_CTX *, const struct ldb_parse_tree *)
+ldb_get_config_basedn: struct ldb_dn *(struct ldb_context *)
+ldb_get_create_perms: unsigned int (struct ldb_context *)
+ldb_get_default_basedn: struct ldb_dn *(struct ldb_context *)
+ldb_get_event_context: struct tevent_context *(struct ldb_context *)
+ldb_get_flags: unsigned int (struct ldb_context *)
+ldb_get_opaque: void *(struct ldb_context *, const char *)
+ldb_get_root_basedn: struct ldb_dn *(struct ldb_context *)
+ldb_get_schema_basedn: struct ldb_dn *(struct ldb_context *)
+ldb_global_init: int (void)
+ldb_handle_get_event_context: struct tevent_context *(struct ldb_handle *)
+ldb_handle_new: struct ldb_handle *(TALLOC_CTX *, struct ldb_context *)
+ldb_handle_use_global_event_context: void (struct ldb_handle *)
+ldb_handler_copy: int (struct ldb_context *, void *, const struct ldb_val *, struct ldb_val *)
+ldb_handler_fold: int (struct ldb_context *, void *, const struct ldb_val *, struct ldb_val *)
+ldb_init: struct ldb_context *(TALLOC_CTX *, struct tevent_context *)
+ldb_ldif_message_redacted_string: char *(struct ldb_context *, TALLOC_CTX *, enum ldb_changetype, const struct ldb_message *)
+ldb_ldif_message_string: char *(struct ldb_context *, TALLOC_CTX *, enum ldb_changetype, const struct ldb_message *)
+ldb_ldif_parse_modrdn: int (struct ldb_context *, const struct ldb_ldif *, TALLOC_CTX *, struct ldb_dn **, struct ldb_dn **, bool *, struct ldb_dn **, struct ldb_dn **)
+ldb_ldif_read: struct ldb_ldif *(struct ldb_context *, int (*)(void *), void *)
+ldb_ldif_read_file: struct ldb_ldif *(struct ldb_context *, FILE *)
+ldb_ldif_read_file_state: struct ldb_ldif *(struct ldb_context *, struct ldif_read_file_state *)
+ldb_ldif_read_free: void (struct ldb_context *, struct ldb_ldif *)
+ldb_ldif_read_string: struct ldb_ldif *(struct ldb_context *, const char **)
+ldb_ldif_write: int (struct ldb_context *, int (*)(void *, const char *, ...), void *, const struct ldb_ldif *)
+ldb_ldif_write_file: int (struct ldb_context *, FILE *, const struct ldb_ldif *)
+ldb_ldif_write_redacted_trace_string: char *(struct ldb_context *, TALLOC_CTX *, const struct ldb_ldif *)
+ldb_ldif_write_string: char *(struct ldb_context *, TALLOC_CTX *, const struct ldb_ldif *)
+ldb_load_modules: int (struct ldb_context *, const char **)
+ldb_map_add: int (struct ldb_module *, struct ldb_request *)
+ldb_map_delete: int (struct ldb_module *, struct ldb_request *)
+ldb_map_init: int (struct ldb_module *, const struct ldb_map_attribute *, const struct ldb_map_objectclass *, const char * const *, const char *, const char *)
+ldb_map_modify: int (struct ldb_module *, struct ldb_request *)
+ldb_map_rename: int (struct ldb_module *, struct ldb_request *)
+ldb_map_search: int (struct ldb_module *, struct ldb_request *)
+ldb_match_msg: int (struct ldb_context *, const struct ldb_message *, const struct ldb_parse_tree *, struct ldb_dn *, enum ldb_scope)
+ldb_match_msg_error: int (struct ldb_context *, const struct ldb_message *, const struct ldb_parse_tree *, struct ldb_dn *, enum ldb_scope, bool *)
+ldb_match_msg_objectclass: int (const struct ldb_message *, const char *)
+ldb_mod_register_control: int (struct ldb_module *, const char *)
+ldb_modify: int (struct ldb_context *, const struct ldb_message *)
+ldb_modify_default_callback: int (struct ldb_request *, struct ldb_reply *)
+ldb_module_call_chain: char *(struct ldb_request *, TALLOC_CTX *)
+ldb_module_connect_backend: int (struct ldb_context *, const char *, const char **, struct ldb_module **)
+ldb_module_done: int (struct ldb_request *, struct ldb_control **, struct ldb_extended *, int)
+ldb_module_flags: uint32_t (struct ldb_context *)
+ldb_module_get_ctx: struct ldb_context *(struct ldb_module *)
+ldb_module_get_name: const char *(struct ldb_module *)
+ldb_module_get_ops: const struct ldb_module_ops *(struct ldb_module *)
+ldb_module_get_private: void *(struct ldb_module *)
+ldb_module_init_chain: int (struct ldb_context *, struct ldb_module *)
+ldb_module_load_list: int (struct ldb_context *, const char **, struct ldb_module *, struct ldb_module **)
+ldb_module_new: struct ldb_module *(TALLOC_CTX *, struct ldb_context *, const char *, const struct ldb_module_ops *)
+ldb_module_next: struct ldb_module *(struct ldb_module *)
+ldb_module_popt_options: struct poptOption **(struct ldb_context *)
+ldb_module_send_entry: int (struct ldb_request *, struct ldb_message *, struct ldb_control **)
+ldb_module_send_referral: int (struct ldb_request *, char *)
+ldb_module_set_next: void (struct ldb_module *, struct ldb_module *)
+ldb_module_set_private: void (struct ldb_module *, void *)
+ldb_modules_hook: int (struct ldb_context *, enum ldb_module_hook_type)
+ldb_modules_list_from_string: const char **(struct ldb_context *, TALLOC_CTX *, const char *)
+ldb_modules_load: int (const char *, const char *)
+ldb_msg_add: int (struct ldb_message *, const struct ldb_message_element *, int)
+ldb_msg_add_empty: int (struct ldb_message *, const char *, int, struct ldb_message_element **)
+ldb_msg_add_fmt: int (struct ldb_message *, const char *, const char *, ...)
+ldb_msg_add_linearized_dn: int (struct ldb_message *, const char *, struct ldb_dn *)
+ldb_msg_add_steal_string: int (struct ldb_message *, const char *, char *)
+ldb_msg_add_steal_value: int (struct ldb_message *, const char *, struct ldb_val *)
+ldb_msg_add_string: int (struct ldb_message *, const char *, const char *)
+ldb_msg_add_value: int (struct ldb_message *, const char *, const struct ldb_val *, struct ldb_message_element **)
+ldb_msg_canonicalize: struct ldb_message *(struct ldb_context *, const struct ldb_message *)
+ldb_msg_check_string_attribute: int (const struct ldb_message *, const char *, const char *)
+ldb_msg_copy: struct ldb_message *(TALLOC_CTX *, const struct ldb_message *)
+ldb_msg_copy_attr: int (struct ldb_message *, const char *, const char *)
+ldb_msg_copy_shallow: struct ldb_message *(TALLOC_CTX *, const struct ldb_message *)
+ldb_msg_diff: struct ldb_message *(struct ldb_context *, struct ldb_message *, struct ldb_message *)
+ldb_msg_difference: int (struct ldb_context *, TALLOC_CTX *, struct ldb_message *, struct ldb_message *, struct ldb_message **)
+ldb_msg_element_compare: int (struct ldb_message_element *, struct ldb_message_element *)
+ldb_msg_element_compare_name: int (struct ldb_message_element *, struct ldb_message_element *)
+ldb_msg_element_equal_ordered: bool (const struct ldb_message_element *, const struct ldb_message_element *)
+ldb_msg_find_attr_as_bool: int (const struct ldb_message *, const char *, int)
+ldb_msg_find_attr_as_dn: struct ldb_dn *(struct ldb_context *, TALLOC_CTX *, const struct ldb_message *, const char *)
+ldb_msg_find_attr_as_double: double (const struct ldb_message *, const char *, double)
+ldb_msg_find_attr_as_int: int (const struct ldb_message *, const char *, int)
+ldb_msg_find_attr_as_int64: int64_t (const struct ldb_message *, const char *, int64_t)
+ldb_msg_find_attr_as_string: const char *(const struct ldb_message *, const char *, const char *)
+ldb_msg_find_attr_as_uint: unsigned int (const struct ldb_message *, const char *, unsigned int)
+ldb_msg_find_attr_as_uint64: uint64_t (const struct ldb_message *, const char *, uint64_t)
+ldb_msg_find_common_values: int (struct ldb_context *, TALLOC_CTX *, struct ldb_message_element *, struct ldb_message_element *, uint32_t)
+ldb_msg_find_duplicate_val: int (struct ldb_context *, TALLOC_CTX *, const struct ldb_message_element *, struct ldb_val **, uint32_t)
+ldb_msg_find_element: struct ldb_message_element *(const struct ldb_message *, const char *)
+ldb_msg_find_ldb_val: const struct ldb_val *(const struct ldb_message *, const char *)
+ldb_msg_find_val: struct ldb_val *(const struct ldb_message_element *, struct ldb_val *)
+ldb_msg_new: struct ldb_message *(TALLOC_CTX *)
+ldb_msg_normalize: int (struct ldb_context *, TALLOC_CTX *, const struct ldb_message *, struct ldb_message **)
+ldb_msg_remove_attr: void (struct ldb_message *, const char *)
+ldb_msg_remove_element: void (struct ldb_message *, struct ldb_message_element *)
+ldb_msg_rename_attr: int (struct ldb_message *, const char *, const char *)
+ldb_msg_sanity_check: int (struct ldb_context *, const struct ldb_message *)
+ldb_msg_sort_elements: void (struct ldb_message *)
+ldb_next_del_trans: int (struct ldb_module *)
+ldb_next_end_trans: int (struct ldb_module *)
+ldb_next_init: int (struct ldb_module *)
+ldb_next_prepare_commit: int (struct ldb_module *)
+ldb_next_read_lock: int (struct ldb_module *)
+ldb_next_read_unlock: int (struct ldb_module *)
+ldb_next_remote_request: int (struct ldb_module *, struct ldb_request *)
+ldb_next_request: int (struct ldb_module *, struct ldb_request *)
+ldb_next_start_trans: int (struct ldb_module *)
+ldb_op_default_callback: int (struct ldb_request *, struct ldb_reply *)
+ldb_options_find: const char *(struct ldb_context *, const char **, const char *)
+ldb_pack_data: int (struct ldb_context *, const struct ldb_message *, struct ldb_val *)
+ldb_parse_control_from_string: struct ldb_control *(struct ldb_context *, TALLOC_CTX *, const char *)
+ldb_parse_control_strings: struct ldb_control **(struct ldb_context *, TALLOC_CTX *, const char **)
+ldb_parse_tree: struct ldb_parse_tree *(TALLOC_CTX *, const char *)
+ldb_parse_tree_attr_replace: void (struct ldb_parse_tree *, const char *, const char *)
+ldb_parse_tree_copy_shallow: struct ldb_parse_tree *(TALLOC_CTX *, const struct ldb_parse_tree *)
+ldb_parse_tree_walk: int (struct ldb_parse_tree *, int (*)(struct ldb_parse_tree *, void *), void *)
+ldb_qsort: void (void * const, size_t, size_t, void *, ldb_qsort_cmp_fn_t)
+ldb_register_backend: int (const char *, ldb_connect_fn, bool)
+ldb_register_extended_match_rule: int (struct ldb_context *, const struct ldb_extended_match_rule *)
+ldb_register_hook: int (ldb_hook_fn)
+ldb_register_module: int (const struct ldb_module_ops *)
+ldb_rename: int (struct ldb_context *, struct ldb_dn *, struct ldb_dn *)
+ldb_reply_add_control: int (struct ldb_reply *, const char *, bool, void *)
+ldb_reply_get_control: struct ldb_control *(struct ldb_reply *, const char *)
+ldb_req_get_custom_flags: uint32_t (struct ldb_request *)
+ldb_req_is_untrusted: bool (struct ldb_request *)
+ldb_req_location: const char *(struct ldb_request *)
+ldb_req_mark_trusted: void (struct ldb_request *)
+ldb_req_mark_untrusted: void (struct ldb_request *)
+ldb_req_set_custom_flags: void (struct ldb_request *, uint32_t)
+ldb_req_set_location: void (struct ldb_request *, const char *)
+ldb_request: int (struct ldb_context *, struct ldb_request *)
+ldb_request_add_control: int (struct ldb_request *, const char *, bool, void *)
+ldb_request_done: int (struct ldb_request *, int)
+ldb_request_get_control: struct ldb_control *(struct ldb_request *, const char *)
+ldb_request_get_status: int (struct ldb_request *)
+ldb_request_replace_control: int (struct ldb_request *, const char *, bool, void *)
+ldb_request_set_state: void (struct ldb_request *, int)
+ldb_reset_err_string: void (struct ldb_context *)
+ldb_save_controls: int (struct ldb_control *, struct ldb_request *, struct ldb_control ***)
+ldb_schema_attribute_add: int (struct ldb_context *, const char *, unsigned int, const char *)
+ldb_schema_attribute_add_with_syntax: int (struct ldb_context *, const char *, unsigned int, const struct ldb_schema_syntax *)
+ldb_schema_attribute_by_name: const struct ldb_schema_attribute *(struct ldb_context *, const char *)
+ldb_schema_attribute_fill_with_syntax: int (struct ldb_context *, TALLOC_CTX *, const char *, unsigned int, const struct ldb_schema_syntax *, struct ldb_schema_attribute *)
+ldb_schema_attribute_remove: void (struct ldb_context *, const char *)
+ldb_schema_attribute_remove_flagged: void (struct ldb_context *, unsigned int)
+ldb_schema_attribute_set_override_handler: void (struct ldb_context *, ldb_attribute_handler_override_fn_t, void *)
+ldb_schema_set_override_indexlist: void (struct ldb_context *, bool)
+ldb_search: int (struct ldb_context *, TALLOC_CTX *, struct ldb_result **, struct ldb_dn *, enum ldb_scope, const char * const *, const char *, ...)
+ldb_search_default_callback: int (struct ldb_request *, struct ldb_reply *)
+ldb_sequence_number: int (struct ldb_context *, enum ldb_sequence_type, uint64_t *)
+ldb_set_create_perms: void (struct ldb_context *, unsigned int)
+ldb_set_debug: int (struct ldb_context *, void (*)(void *, enum ldb_debug_level, const char *, va_list), void *)
+ldb_set_debug_stderr: int (struct ldb_context *)
+ldb_set_default_dns: void (struct ldb_context *)
+ldb_set_errstring: void (struct ldb_context *, const char *)
+ldb_set_event_context: void (struct ldb_context *, struct tevent_context *)
+ldb_set_flags: void (struct ldb_context *, unsigned int)
+ldb_set_modules_dir: void (struct ldb_context *, const char *)
+ldb_set_opaque: int (struct ldb_context *, const char *, void *)
+ldb_set_require_private_event_context: void (struct ldb_context *)
+ldb_set_timeout: int (struct ldb_context *, struct ldb_request *, int)
+ldb_set_timeout_from_prev_req: int (struct ldb_context *, struct ldb_request *, struct ldb_request *)
+ldb_set_utf8_default: void (struct ldb_context *)
+ldb_set_utf8_fns: void (struct ldb_context *, void *, char *(*)(void *, void *, const char *, size_t))
+ldb_setup_wellknown_attributes: int (struct ldb_context *)
+ldb_should_b64_encode: int (struct ldb_context *, const struct ldb_val *)
+ldb_standard_syntax_by_name: const struct ldb_schema_syntax *(struct ldb_context *, const char *)
+ldb_strerror: const char *(int)
+ldb_string_to_time: time_t (const char *)
+ldb_string_utc_to_time: time_t (const char *)
+ldb_timestring: char *(TALLOC_CTX *, time_t)
+ldb_timestring_utc: char *(TALLOC_CTX *, time_t)
+ldb_transaction_cancel: int (struct ldb_context *)
+ldb_transaction_cancel_noerr: int (struct ldb_context *)
+ldb_transaction_commit: int (struct ldb_context *)
+ldb_transaction_prepare_commit: int (struct ldb_context *)
+ldb_transaction_start: int (struct ldb_context *)
+ldb_unpack_data: int (struct ldb_context *, const struct ldb_val *, struct ldb_message *)
+ldb_unpack_data_only_attr_list: int (struct ldb_context *, const struct ldb_val *, struct ldb_message *, const char * const *, unsigned int, unsigned int *)
+ldb_unpack_data_only_attr_list_flags: int (struct ldb_context *, const struct ldb_val *, struct ldb_message *, const char * const *, unsigned int, unsigned int, unsigned int *)
+ldb_val_dup: struct ldb_val (TALLOC_CTX *, const struct ldb_val *)
+ldb_val_equal_exact: int (const struct ldb_val *, const struct ldb_val *)
+ldb_val_map_local: struct ldb_val (struct ldb_module *, void *, const struct ldb_map_attribute *, const struct ldb_val *)
+ldb_val_map_remote: struct ldb_val (struct ldb_module *, void *, const struct ldb_map_attribute *, const struct ldb_val *)
+ldb_val_string_cmp: int (const struct ldb_val *, const char *)
+ldb_val_to_time: int (const struct ldb_val *, time_t *)
+ldb_valid_attr_name: int (const char *)
+ldb_vdebug: void (struct ldb_context *, enum ldb_debug_level, const char *, va_list)
+ldb_wait: int (struct ldb_handle *, enum ldb_wait_type)
diff --git a/lib/ldb/ABI/pyldb-util-1.2.3.sigs b/lib/ldb/ABI/pyldb-util-1.2.3.sigs
new file mode 100644
index 0000000..74d6719
--- /dev/null
+++ b/lib/ldb/ABI/pyldb-util-1.2.3.sigs
@@ -0,0 +1,2 @@
+pyldb_Dn_FromDn: PyObject *(struct ldb_dn *)
+pyldb_Object_AsDn: bool (TALLOC_CTX *, PyObject *, struct ldb_context *, struct ldb_dn **)
diff --git a/lib/ldb/ABI/pyldb-util.py3-1.2.3.sigs b/lib/ldb/ABI/pyldb-util.py3-1.2.3.sigs
new file mode 100644
index 0000000..74d6719
--- /dev/null
+++ b/lib/ldb/ABI/pyldb-util.py3-1.2.3.sigs
@@ -0,0 +1,2 @@
+pyldb_Dn_FromDn: PyObject *(struct ldb_dn *)
+pyldb_Object_AsDn: bool (TALLOC_CTX *, PyObject *, struct ldb_context *, struct ldb_dn **)
diff --git a/lib/ldb/wscript b/lib/ldb/wscript
index bd17b7b..5ea5231 100644
--- a/lib/ldb/wscript
+++ b/lib/ldb/wscript
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 APPNAME = 'ldb'
-VERSION = '1.2.2'
+VERSION = '1.2.3'
 
 blddir = 'bin'
 
-- 
2.7.4


From dd02caa083baa72c7e01366522ceb340bb920981 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet at samba.org>
Date: Thu, 14 Sep 2017 15:02:36 +1200
Subject: [PATCH 6/7] samdb: Rework samdb_connect_url() to return LDB error
 code and an error string

This allows debugging of why the LDB failed to start up.

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
---
 source3/passdb/pdb_samba_dsdb.c | 25 +++++++++---------
 source4/dns_server/dlz_bind9.c  | 13 ++++++----
 source4/dsdb/samdb/samdb.c      | 56 ++++++++++++++++++++++++++++++-----------
 source4/torture/dns/dlz_bind9.c | 14 ++++++-----
 4 files changed, 70 insertions(+), 38 deletions(-)

diff --git a/source3/passdb/pdb_samba_dsdb.c b/source3/passdb/pdb_samba_dsdb.c
index cfa492b..58168d8 100644
--- a/source3/passdb/pdb_samba_dsdb.c
+++ b/source3/passdb/pdb_samba_dsdb.c
@@ -3023,6 +3023,8 @@ static NTSTATUS pdb_init_samba_dsdb(struct pdb_methods **pdb_method,
 	struct pdb_methods *m;
 	struct pdb_samba_dsdb_state *state;
 	NTSTATUS status;
+	char *errstring = NULL;
+	int ret;
 
 	if ( !NT_STATUS_IS_OK(status = make_pdb_method( &m )) ) {
 		return status;
@@ -3048,21 +3050,20 @@ static NTSTATUS pdb_init_samba_dsdb(struct pdb_methods **pdb_method,
 		goto nomem;
 	}
 
-	if (location) {
-		state->ldb = samdb_connect_url(state,
-				   state->ev,
-				   state->lp_ctx,
-				   system_session(state->lp_ctx),
-				   0, location);
-	} else {
-		state->ldb = samdb_connect(state,
-				   state->ev,
-				   state->lp_ctx,
-				   system_session(state->lp_ctx), 0);
+	if (location == NULL) {
+		location = "sam.ldb";
 	}
 
+	ret = samdb_connect_url(state,
+				state->ev,
+				state->lp_ctx,
+				system_session(state->lp_ctx),
+				0, location,
+				&state->ldb, &errstring);
+
 	if (!state->ldb) {
-		DEBUG(0, ("samdb_connect failed\n"));
+		DEBUG(0, ("samdb_connect failed: %s: %s\n",
+			  errstring, ldb_strerror(ret)));
 		status = NT_STATUS_INTERNAL_ERROR;
 		goto fail;
 	}
diff --git a/source4/dns_server/dlz_bind9.c b/source4/dns_server/dlz_bind9.c
index 9bf1b61..1f9772f 100644
--- a/source4/dns_server/dlz_bind9.c
+++ b/source4/dns_server/dlz_bind9.c
@@ -614,6 +614,8 @@ _PUBLIC_ isc_result_t dlz_create(const char *dlzname,
 	isc_result_t result;
 	struct ldb_dn *dn;
 	NTSTATUS nt_status;
+	int ret;
+	char *errstring = NULL;
 
 	if (dlz_bind9_state != NULL) {
 		*dbdata = dlz_bind9_state;
@@ -701,11 +703,12 @@ _PUBLIC_ isc_result_t dlz_create(const char *dlzname,
 		}
 	}
 
-	state->samdb = samdb_connect_url(state, state->ev_ctx, state->lp,
-					system_session(state->lp), 0, state->options.url);
-	if (state->samdb == NULL) {
-		state->log(ISC_LOG_ERROR, "samba_dlz: Failed to connect to %s",
-			state->options.url);
+	ret = samdb_connect_url(state, state->ev_ctx, state->lp,
+				system_session(state->lp), 0, state->options.url,
+				&state->samdb, &errstring);
+	if (ret != LDB_SUCCESS) {
+		state->log(ISC_LOG_ERROR, "samba_dlz: Failed to connect to %s: %s",
+			   errstring, ldb_strerror(ret));
 		result = ISC_R_FAILURE;
 		goto failed;
 	}
diff --git a/source4/dsdb/samdb/samdb.c b/source4/dsdb/samdb/samdb.c
index 4584a61..5d29497 100644
--- a/source4/dsdb/samdb/samdb.c
+++ b/source4/dsdb/samdb/samdb.c
@@ -47,38 +47,57 @@
   connect to the SAM database specified by URL
   return an opaque context pointer on success, or NULL on failure
  */
-struct ldb_context *samdb_connect_url(TALLOC_CTX *mem_ctx,
-				  struct tevent_context *ev_ctx,
-				  struct loadparm_context *lp_ctx,
-				  struct auth_session_info *session_info,
-				  unsigned int flags, const char *url)
+int samdb_connect_url(TALLOC_CTX *mem_ctx,
+		      struct tevent_context *ev_ctx,
+		      struct loadparm_context *lp_ctx,
+		      struct auth_session_info *session_info,
+		      unsigned int flags, const char *url,
+		      struct ldb_context **ldb_ret,
+		      char **errstring)
 {
-	struct ldb_context *ldb;
+	struct ldb_context *ldb = NULL;
 	int ret;
-
+	*ldb_ret = NULL;
+	*errstring = NULL;
 	ldb = ldb_wrap_find(url, ev_ctx, lp_ctx, session_info, NULL, flags);
-	if (ldb != NULL)
-		return talloc_reference(mem_ctx, ldb);
+	if (ldb != NULL) {
+		*ldb_ret = talloc_reference(mem_ctx, ldb);
+		if (*ldb_ret == NULL) {
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+		return LDB_SUCCESS;
+	}
 
 	ldb = samba_ldb_init(mem_ctx, ev_ctx, lp_ctx, session_info, NULL);
 
-	if (ldb == NULL)
-		return NULL;
+	if (ldb == NULL) {
+		*errstring = talloc_asprintf(mem_ctx,
+					     "Failed to set up Samba ldb wrappers "
+					     "with samba_ldb_init() to connect to %s",
+					     url);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
 
 	dsdb_set_global_schema(ldb);
 
 	ret = samba_ldb_connect(ldb, lp_ctx, url, flags);
 	if (ret != LDB_SUCCESS) {
+		*errstring = talloc_asprintf(mem_ctx, "Failed to connect to %s: %s",
+					     url,
+					     ldb_errstring(ldb));
 		talloc_free(ldb);
-		return NULL;
+		return LDB_ERR_OPERATIONS_ERROR;
 	}
 
 	if (!ldb_wrap_add(url, ev_ctx, lp_ctx, session_info, NULL, flags, ldb)) {
+		*errstring = talloc_asprintf(mem_ctx, "Failed to add cached DB reference to %s",
+					     url);
 		talloc_free(ldb);
-		return NULL;
+		return LDB_ERR_OPERATIONS_ERROR;
 	}
 
-	return ldb;
+	*ldb_ret = ldb;
+	return LDB_SUCCESS;
 }
 
 
@@ -92,7 +111,14 @@ struct ldb_context *samdb_connect(TALLOC_CTX *mem_ctx,
 				  struct auth_session_info *session_info,
 				  unsigned int flags)
 {
-	return samdb_connect_url(mem_ctx, ev_ctx, lp_ctx, session_info, flags, "sam.ldb");
+	char *errstring;
+	struct ldb_context *ldb;
+	int ret = samdb_connect_url(mem_ctx, ev_ctx, lp_ctx, session_info, flags,
+				    "sam.ldb", &ldb, &errstring);
+	if (ret == LDB_SUCCESS) {
+		return ldb;
+	}
+	return NULL;
 }
 
 /****************************************************************************
diff --git a/source4/torture/dns/dlz_bind9.c b/source4/torture/dns/dlz_bind9.c
index 893158f..2234e7a 100644
--- a/source4/torture/dns/dlz_bind9.c
+++ b/source4/torture/dns/dlz_bind9.c
@@ -86,16 +86,18 @@ static isc_result_t dlz_bind9_writeable_zone_hook(dns_view_t *view,
 					   const char *zone_name)
 {
 	struct torture_context *tctx = talloc_get_type((void *)view, struct torture_context);
-	struct ldb_context *samdb = samdb_connect_url(tctx, NULL, tctx->lp_ctx,
-						      system_session(tctx->lp_ctx),
-						      0,
-						      test_dlz_bind9_binddns_dir(tctx, "dns/sam.ldb"));
+	struct ldb_context *samdb = NULL;
+	char *errstring = NULL;
+	int ret = samdb_connect_url(tctx, NULL, tctx->lp_ctx,
+				    system_session(tctx->lp_ctx),
+				    0,
+				    test_dlz_bind9_binddns_dir(tctx, "dns/sam.ldb"),
+				    &samdb, &errstring);
 	struct ldb_message *msg;
-	int ret;
 	const char *attrs[] = {
 		NULL
 	};
-	if (!samdb) {
+	if (ret != LDB_SUCCESS) {
 		torture_fail(tctx, "Failed to connect to samdb");
 		return ISC_R_FAILURE;
 	}
-- 
2.7.4


From 45e537e00377d2359862b9617d4c33f804d73d2d Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet at samba.org>
Date: Thu, 14 Sep 2017 15:07:10 +1200
Subject: [PATCH 7/7] ldap_server: Plumb ldb error string from a failed connect
 to ldapsrv_terminate_connection()

However, do not plumb it to the client-seen error string, as it could contain server paths.

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
---
 source4/ldap_server/ldap_backend.c | 24 +++++++++++++-----------
 source4/ldap_server/ldap_bind.c    | 28 ++++++++++++++++------------
 source4/ldap_server/ldap_server.c  |  8 ++++++--
 3 files changed, 35 insertions(+), 25 deletions(-)

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index d4e9030..95c7ee7 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -180,15 +180,17 @@ static int map_ldb_error(TALLOC_CTX *mem_ctx, int ldb_err,
 /*
   connect to the sam database
 */
-NTSTATUS ldapsrv_backend_Init(struct ldapsrv_connection *conn) 
+int ldapsrv_backend_Init(struct ldapsrv_connection *conn,
+			      char **errstring)
 {
-	conn->ldb = samdb_connect(conn, 
-				     conn->connection->event.ctx,
-				     conn->lp_ctx,
-				     conn->session_info,
-				     conn->global_catalog ? LDB_FLG_RDONLY : 0);
-	if (conn->ldb == NULL) {
-		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	int ret = samdb_connect_url(conn,
+				    conn->connection->event.ctx,
+				    conn->lp_ctx,
+				    conn->session_info,
+				    conn->global_catalog ? LDB_FLG_RDONLY : 0,
+				    "sam.ldb", &conn->ldb, errstring);
+	if (ret != LDB_SUCCESS) {
+		return ret;
 	}
 
 	if (conn->server_credentials) {
@@ -205,11 +207,11 @@ NTSTATUS ldapsrv_backend_Init(struct ldapsrv_connection *conn)
 				char *sasl_name = talloc_strdup(conn, ops[i]->sasl_name);
 
 				if (!sasl_name) {
-					return NT_STATUS_NO_MEMORY;
+					return LDB_ERR_OPERATIONS_ERROR;
 				}
 				sasl_mechs = talloc_realloc(conn, sasl_mechs, char *, j + 2);
 				if (!sasl_mechs) {
-					return NT_STATUS_NO_MEMORY;
+					return LDB_ERR_OPERATIONS_ERROR;
 				}
 				sasl_mechs[j] = sasl_name;
 				talloc_steal(sasl_mechs, sasl_name);
@@ -230,7 +232,7 @@ NTSTATUS ldapsrv_backend_Init(struct ldapsrv_connection *conn)
 	ldb_set_opaque(conn->ldb, "remoteAddress",
 		       conn->connection->remote_address);
 
-	return NT_STATUS_OK;
+	return LDB_SUCCESS;
 }
 
 struct ldapsrv_reply *ldapsrv_init_reply(struct ldapsrv_call *call, uint8_t type)
diff --git a/source4/ldap_server/ldap_bind.c b/source4/ldap_server/ldap_bind.c
index 21cbb7b..78653fd 100644
--- a/source4/ldap_server/ldap_bind.c
+++ b/source4/ldap_server/ldap_bind.c
@@ -237,6 +237,7 @@ static void ldapsrv_BindSimple_done(struct tevent_req *subreq)
 						    call,
 						    &session_info);
 	if (NT_STATUS_IS_OK(status)) {
+		char *ldb_errstring = NULL;
 		result = LDAP_SUCCESS;
 		errstr = NULL;
 
@@ -248,11 +249,14 @@ static void ldapsrv_BindSimple_done(struct tevent_req *subreq)
 		/* don't leak the old LDB */
 		talloc_unlink(call->conn, call->conn->ldb);
 
-		status = ldapsrv_backend_Init(call->conn);		
+		result = ldapsrv_backend_Init(call->conn, &ldb_errstring);
 		
-		if (!NT_STATUS_IS_OK(status)) {
-			result = LDAP_OPERATIONS_ERROR;
-			errstr = talloc_asprintf(reply, "Simple Bind: Failed to advise ldb new credentials: %s", nt_errstr(status));
+		if (result != LDB_SUCCESS) {
+			/* Only put the detailed error in DEBUG() */
+			DBG_ERR("ldapsrv_backend_Init failed: %s: %s",
+				ldb_errstring, ldb_strerror(result));
+			errstr = talloc_strdup(reply, "Simple Bind: Failed to advise ldb new credentials");
+			result = LDB_ERR_OPERATIONS_ERROR;
 		}
 	} else {
 		status = nt_status_squash(status);
@@ -475,6 +479,7 @@ static void ldapsrv_BindSASL_done(struct tevent_req *subreq)
 	NTSTATUS status;
 	int result;
 	const char *errstr = NULL;
+	char *ldb_errstring = NULL;
 	DATA_BLOB output = data_blob_null;
 
 	status = gensec_update_recv(subreq, call, &output);
@@ -582,15 +587,14 @@ static void ldapsrv_BindSASL_done(struct tevent_req *subreq)
 
 	call->conn->authz_logged = true;
 
-	status = ldapsrv_backend_Init(conn);
+	result = ldapsrv_backend_Init(call->conn, &ldb_errstring);
 
-	if (!NT_STATUS_IS_OK(status)) {
-		result = LDAP_OPERATIONS_ERROR;
-		errstr = talloc_asprintf(reply,
-					 "SASL:[%s]: Failed to advise samdb of new credentials: %s",
-					 req->creds.SASL.mechanism,
-					 nt_errstr(status));
-		goto do_reply;
+	if (result != LDB_SUCCESS) {
+		/* Only put the detailed error in DEBUG() */
+		DBG_ERR("ldapsrv_backend_Init failed: %s: %s",
+			ldb_errstring, ldb_strerror(result));
+		errstr = talloc_strdup(reply, "Simple Bind: Failed to advise ldb new credentials: %s");
+		result = LDB_ERR_OPERATIONS_ERROR;
 	}
 
 	if (context != NULL) {
diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c
index d9f24e0..89770fc 100644
--- a/source4/ldap_server/ldap_server.c
+++ b/source4/ldap_server/ldap_server.c
@@ -293,6 +293,7 @@ static void ldapsrv_accept(struct stream_connection *c,
 	int ret;
 	struct tevent_req *subreq;
 	struct timeval endtime;
+	char *errstring = NULL;
 
 	conn = talloc_zero(c, struct ldapsrv_connection);
 	if (!conn) {
@@ -361,8 +362,11 @@ static void ldapsrv_accept(struct stream_connection *c,
 		conn->require_strong_auth = lpcfg_ldap_server_require_strong_auth(conn->lp_ctx);
 	}
 
-	if (!NT_STATUS_IS_OK(ldapsrv_backend_Init(conn))) {
-		ldapsrv_terminate_connection(conn, "backend Init failed");
+	ret = ldapsrv_backend_Init(conn, &errstring);
+	if (ret != LDB_SUCCESS) {
+		char *reason = talloc_asprintf(conn, "LDB backend for LDAP Init failed: %s: %s",
+					       errstring, ldb_strerror(ret));
+		ldapsrv_terminate_connection(conn, reason);
 		return;
 	}
 
-- 
2.7.4

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20170919/ba374a75/signature-0001.sig>


More information about the samba-technical mailing list