The branch, master has been updated
via 31158c02568c28507a8a405328c457d144ac6829 (commit)
via 2fc5ca8409ba0ad40236608bc1ca5f4f5f39445a (commit)
via 169f90640864fab9fcb10665c79879b161a56329 (commit)
via 9381a78c391bcccd5eddc159a5d3a3e12d19fde3 (commit)
via adf016e11946a354a140b1c0ed7789160e3af2aa (commit)
from be5c79cbeca6e0671e0e210087cf06645be4194e (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 31158c02568c28507a8a405328c457d144ac6829
Author: Andrew Bartlett <[EMAIL PROTECTED]>
Date: Tue Nov 4 15:48:10 2008 +1100
Use ldb_dn_from_ldb_val() to create a DN in the SAMR server
The previous code incorrectly cast an ldb_val into a char *.
Andrew Bartlett
commit 2fc5ca8409ba0ad40236608bc1ca5f4f5f39445a
Author: Andrew Bartlett <[EMAIL PROTECTED]>
Date: Tue Oct 28 21:07:52 2008 +1100
Re-add support for supporting the PAC over domain trusts.
(This was not entered in lorikeet-heimdal.diff, so missed by metze's
import).
Andrew Bartlett
commit 169f90640864fab9fcb10665c79879b161a56329
Author: Andrew Bartlett <[EMAIL PROTECTED]>
Date: Mon Oct 27 19:48:19 2008 +1100
Give a better error when ldb_dn_from_ldb_val fails
commit 9381a78c391bcccd5eddc159a5d3a3e12d19fde3
Author: Andrew Bartlett <[EMAIL PROTECTED]>
Date: Mon Oct 27 13:32:23 2008 +1100
Use ldb_dn_from_ldb_val to avoid possible over-run of the value.
The ldb_val is length-limited, and while normally NULL terminated,
this avoids the chance that this particular value might not be, as
well as avoiding a cast.
Andrew Bartlett
commit adf016e11946a354a140b1c0ed7789160e3af2aa
Author: Andrew Bartlett <[EMAIL PROTECTED]>
Date: Mon Oct 27 13:11:28 2008 +1100
Fix use of wrong union arm in linked_attributes module
This bug occours frequenetly in ldb users because the union so happens
to be layed out that this works. However, it is still incorrect
usage...
Andrew Bartlett
-----------------------------------------------------------------------
Summary of changes:
source4/dsdb/samdb/ldb_modules/linked_attributes.c | 22 ++++++-----
source4/dsdb/samdb/ldb_modules/normalise.c | 2 +-
source4/heimdal/kdc/krb5tgs.c | 36 +++++++++----------
source4/lib/ldb/common/attrib_handlers.c | 6 ++--
source4/lib/ldb/common/ldb_ldif.c | 4 +-
source4/lib/ldb/common/ldb_match.c | 2 +-
source4/lib/ldb/ldb_map/ldb_map.c | 4 +-
source4/rpc_server/samr/dcesrv_samr.c | 13 +++++--
8 files changed, 47 insertions(+), 42 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/dsdb/samdb/ldb_modules/linked_attributes.c
b/source4/dsdb/samdb/ldb_modules/linked_attributes.c
index 190a66c..dd199c0 100644
--- a/source4/dsdb/samdb/ldb_modules/linked_attributes.c
+++ b/source4/dsdb/samdb/ldb_modules/linked_attributes.c
@@ -79,15 +79,17 @@ static struct la_context *linked_attributes_init(struct
ldb_module *module,
/* Common routine to handle reading the attributes and creating a
* series of modify requests */
static int la_store_op(struct la_context *ac,
- enum la_op op, char *dn,
+ enum la_op op, struct ldb_val *dn,
const char *name, const char *value)
{
struct la_op_store *os, *tmp;
struct ldb_dn *op_dn;
- op_dn = ldb_dn_new(ac, ac->module->ldb, dn);
+ op_dn = ldb_dn_from_ldb_val(ac, ac->module->ldb, dn);
if (!op_dn) {
- return LDB_ERR_OPERATIONS_ERROR;
+ ldb_asprintf_errstring(ac->module->ldb,
+ "could not parse attribute as a DN");
+ return LDB_ERR_INVALID_DN_SYNTAX;
}
/* optimize out del - add operations that would end up
@@ -177,7 +179,7 @@ static int linked_attributes_add(struct ldb_module *module,
struct ldb_request *
int ret;
int i, j;
- if (ldb_dn_is_special(req->op.mod.message->dn)) {
+ if (ldb_dn_is_special(req->op.add.message->dn)) {
/* do not manipulate our control entries */
return ldb_next_request(module, req);
}
@@ -233,7 +235,7 @@ static int linked_attributes_add(struct ldb_module *module,
struct ldb_request *
for (j = 0; j < el->num_values; j++) {
ret = la_store_op(ac, LA_OP_ADD,
- (char *)el->values[j].data,
+ &el->values[j],
attr_name, attr_val);
if (ret != LDB_SUCCESS) {
return ret;
@@ -327,7 +329,7 @@ static int la_mod_search_callback(struct ldb_request *req,
struct ldb_reply *are
/* make sure we manage each value */
for (j = 0; j < search_el->num_values; j++) {
ret = la_store_op(ac, LA_OP_DEL,
- (char *)search_el->values[j].data,
+ &search_el->values[j],
attr_name, dn);
if (ret != LDB_SUCCESS) {
talloc_free(ares);
@@ -445,7 +447,7 @@ static int linked_attributes_modify(struct ldb_module
*module, struct ldb_reques
/* For each value being added, we need to setup the
adds */
for (j = 0; j < el->num_values; j++) {
ret = la_store_op(ac, LA_OP_ADD,
- (char *)el->values[j].data,
+ &el->values[j],
attr_name, attr_val);
if (ret != LDB_SUCCESS) {
return ret;
@@ -459,7 +461,7 @@ static int linked_attributes_modify(struct ldb_module
*module, struct ldb_reques
/* For each value being deleted, we need to
setup the delete */
for (j = 0; j < el->num_values; j++) {
ret = la_store_op(ac, LA_OP_DEL,
- (char *)el->values[j].data,
+ &el->values[j],
attr_name, attr_val);
if (ret != LDB_SUCCESS) {
return ret;
@@ -701,7 +703,7 @@ static int la_op_search_callback(struct ldb_request *req,
}
for (j = 0; j < el->num_values; j++) {
ret = la_store_op(ac, LA_OP_DEL,
- (char *)el->values[j].data,
+ &el->values[j],
attr_name, deldn);
if (ret != LDB_SUCCESS) {
talloc_free(ares);
@@ -710,7 +712,7 @@ static int la_op_search_callback(struct ldb_request *req,
}
if (!adddn) continue;
ret = la_store_op(ac, LA_OP_ADD,
- (char *)el->values[j].data,
+ &el->values[j],
attr_name, adddn);
if (ret != LDB_SUCCESS) {
talloc_free(ares);
diff --git a/source4/dsdb/samdb/ldb_modules/normalise.c
b/source4/dsdb/samdb/ldb_modules/normalise.c
index 70513bd..2366bc7 100644
--- a/source4/dsdb/samdb/ldb_modules/normalise.c
+++ b/source4/dsdb/samdb/ldb_modules/normalise.c
@@ -120,7 +120,7 @@ static int normalize_search_callback(struct ldb_request
*req, struct ldb_reply *
}
for (j = 0; j < msg->elements[i].num_values; j++) {
const char *dn_str;
- struct ldb_dn *dn = ldb_dn_new(ac,
ac->module->ldb, (const char *)msg->elements[i].values[j].data);
+ struct ldb_dn *dn = ldb_dn_from_ldb_val(ac,
ac->module->ldb, &msg->elements[i].values[j]);
if (!dn) {
return ldb_module_done(ac->req, NULL,
NULL, LDB_ERR_OPERATIONS_ERROR);
}
diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c
index b986279..4cf93e5 100644
--- a/source4/heimdal/kdc/krb5tgs.c
+++ b/source4/heimdal/kdc/krb5tgs.c
@@ -1376,6 +1376,7 @@ tgs_build_reply(krb5_context context,
krb5_realm ref_realm = NULL;
EncTicketPart *tgt = &ticket->ticket;
KRB5SignedPathPrincipals *spp = NULL;
+ Key *tkey;
const EncryptionKey *ekey;
krb5_keyblock sessionkey;
krb5_kvno kvno;
@@ -1627,27 +1628,24 @@ server_lookup:
goto out;
}
- /* check PAC if not cross realm and if there is one */
- if (!cross_realm) {
- Key *tkey;
+ /* check PAC if there is one */
- ret = hdb_enctype2key(context, &krbtgt->entry,
- krbtgt_etype, &tkey);
- if(ret) {
- kdc_log(context, config, 0,
- "Failed to find key for krbtgt PAC check");
- goto out;
- }
+ ret = hdb_enctype2key(context, &krbtgt->entry,
+ krbtgt_etype, &tkey);
+ if(ret) {
+ kdc_log(context, config, 0,
+ "Failed to find key for krbtgt PAC check");
+ goto out;
+ }
- ret = check_PAC(context, config, cp,
- client, server, ekey, &tkey->key,
- tgt, &rspac, &signedpath);
- if (ret) {
- kdc_log(context, config, 0,
- "Verify PAC failed for %s (%s) from %s with %s",
- spn, cpn, from, krb5_get_err_text(context, ret));
- goto out;
- }
+ ret = check_PAC(context, config, cp,
+ client, server, ekey, &tkey->key,
+ tgt, &rspac, &signedpath);
+ if (ret) {
+ kdc_log(context, config, 0,
+ "Verify PAC failed for %s (%s) from %s with %s",
+ spn, cpn, from, krb5_get_err_text(context, ret));
+ goto out;
}
/* also check the krbtgt for signature */
diff --git a/source4/lib/ldb/common/attrib_handlers.c
b/source4/lib/ldb/common/attrib_handlers.c
index fb57e2d..5ec86b5 100644
--- a/source4/lib/ldb/common/attrib_handlers.c
+++ b/source4/lib/ldb/common/attrib_handlers.c
@@ -240,7 +240,7 @@ int ldb_canonicalise_dn(struct ldb_context *ldb, void
*mem_ctx,
out->length = 0;
out->data = NULL;
- dn = ldb_dn_new(ldb, mem_ctx, (char *)in->data);
+ dn = ldb_dn_from_ldb_val(ldb, mem_ctx, in);
if ( ! ldb_dn_validate(dn)) {
return LDB_ERR_INVALID_DN_SYNTAX;
}
@@ -268,10 +268,10 @@ int ldb_comparison_dn(struct ldb_context *ldb, void
*mem_ctx,
struct ldb_dn *dn1 = NULL, *dn2 = NULL;
int ret;
- dn1 = ldb_dn_new(ldb, mem_ctx, (char *)v1->data);
+ dn1 = ldb_dn_from_ldb_val(ldb, mem_ctx, v1);
if ( ! ldb_dn_validate(dn1)) return -1;
- dn2 = ldb_dn_new(ldb, mem_ctx, (char *)v2->data);
+ dn2 = ldb_dn_from_ldb_val(ldb, mem_ctx, v2);
if ( ! ldb_dn_validate(dn2)) {
talloc_free(dn1);
return -1;
diff --git a/source4/lib/ldb/common/ldb_ldif.c
b/source4/lib/ldb/common/ldb_ldif.c
index fb93e17..538ff8f 100644
--- a/source4/lib/ldb/common/ldb_ldif.c
+++ b/source4/lib/ldb/common/ldb_ldif.c
@@ -562,11 +562,11 @@ struct ldb_ldif *ldb_ldif_read(struct ldb_context *ldb,
goto failed;
}
- msg->dn = ldb_dn_new(msg, ldb, (char *)value.data);
+ msg->dn = ldb_dn_from_ldb_val(msg, ldb, &value);
if ( ! ldb_dn_validate(msg->dn)) {
ldb_debug(ldb, LDB_DEBUG_ERROR, "Error: Unable to parse dn
'%s'\n",
- value.data);
+ (char *)value.data);
goto failed;
}
diff --git a/source4/lib/ldb/common/ldb_match.c
b/source4/lib/ldb/common/ldb_match.c
index 64d0e54..4cde739 100644
--- a/source4/lib/ldb/common/ldb_match.c
+++ b/source4/lib/ldb/common/ldb_match.c
@@ -147,7 +147,7 @@ static int ldb_match_equality(struct ldb_context *ldb,
int ret;
if (ldb_attr_dn(tree->u.equality.attr) == 0) {
- valuedn = ldb_dn_new(ldb, ldb, (char
*)tree->u.equality.value.data);
+ valuedn = ldb_dn_from_ldb_val(ldb, ldb,
&tree->u.equality.value);
if (valuedn == NULL) {
return 0;
}
diff --git a/source4/lib/ldb/ldb_map/ldb_map.c
b/source4/lib/ldb/ldb_map/ldb_map.c
index fafbb63..72d8378 100644
--- a/source4/lib/ldb/ldb_map/ldb_map.c
+++ b/source4/lib/ldb/ldb_map/ldb_map.c
@@ -626,7 +626,7 @@ static struct ldb_val ldb_dn_convert_local(struct
ldb_module *module, void *mem_
struct ldb_dn *dn, *newdn;
struct ldb_val newval;
- dn = ldb_dn_new(mem_ctx, module->ldb, (char *)val->data);
+ dn = ldb_dn_from_ldb_val(mem_ctx, module->ldb, val);
if (! ldb_dn_validate(dn)) {
newval.length = 0;
newval.data = NULL;
@@ -652,7 +652,7 @@ static struct ldb_val ldb_dn_convert_remote(struct
ldb_module *module, void *mem
struct ldb_dn *dn, *newdn;
struct ldb_val newval;
- dn = ldb_dn_new(mem_ctx, module->ldb, (char *)val->data);
+ dn = ldb_dn_from_ldb_val(mem_ctx, module->ldb, val);
if (! ldb_dn_validate(dn)) {
newval.length = 0;
newval.data = NULL;
diff --git a/source4/rpc_server/samr/dcesrv_samr.c
b/source4/rpc_server/samr/dcesrv_samr.c
index 22d201e..b3118d7 100644
--- a/source4/rpc_server/samr/dcesrv_samr.c
+++ b/source4/rpc_server/samr/dcesrv_samr.c
@@ -2451,7 +2451,7 @@ static NTSTATUS dcesrv_samr_QueryGroupMember(struct
dcesrv_call_state *dce_call,
struct ldb_message **res2;
const char * const attrs2[2] = { "objectSid", NULL };
ret = gendb_search_dn(a_state->sam_ctx, mem_ctx,
- ldb_dn_new(mem_ctx,
a_state->sam_ctx, (const char *)el->values[i].data),
+ ldb_dn_from_ldb_val(mem_ctx,
a_state->sam_ctx, &el->values[i]),
&res2, attrs2);
if (ret != 1)
return NT_STATUS_INTERNAL_DB_CORRUPTION;
@@ -2824,8 +2824,13 @@ static NTSTATUS dcesrv_samr_GetMembersInAlias(struct
dcesrv_call_state *dce_call
ret = gendb_search_dn(d_state->sam_ctx, mem_ctx,
a_state->account_dn, &msgs, attrs);
- if (ret != 1)
+ if (ret == -1) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ } else if (ret == 0) {
+ return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+ } else if (ret != 1) {
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ }
r->out.sids->num_sids = 0;
r->out.sids->sids = NULL;
@@ -2845,8 +2850,8 @@ static NTSTATUS dcesrv_samr_GetMembersInAlias(struct
dcesrv_call_state *dce_call
struct ldb_message **msgs2;
const char * const attrs2[2] = { "objectSid", NULL };
ret = gendb_search_dn(a_state->sam_ctx, mem_ctx,
- ldb_dn_new(mem_ctx,
a_state->sam_ctx, (const char *)el->values[i].data),
- &msgs2, attrs2);
+ ldb_dn_from_ldb_val(mem_ctx,
a_state->sam_ctx, &el->values[i]),
+ &msgs2, attrs2);
if (ret != 1)
return NT_STATUS_INTERNAL_DB_CORRUPTION;
--
Samba Shared Repository
