The branch, master has been updated via 1219eaf s4-python: Complete python bindings for idmap.idl via 125e93c s3-pysmbd: Correct the python type for smb_acl_t via 10267f1 s4-python: complete python bindigns for smb_acls.idl via 450fcd7 s3-vfs: Remove extra calls to SMB_VFS_HANDLE_GET_DATA via 2b40446 selftest: Pass --use-ntvfs to provison in renamedc test via 9170f9c selftest: Specify --use-ntvfs to provision in test scripts via 97b1379 s4-classicupgrade: Add --use-ntvfs option via b5c2747 s4-provision: pass use_ntvfs from C wrappers and set to true in tests/vampire via c4b9c3a s4:samldb LDB module - remove unused "member" attribute from search filter via 32cd618 LDB:ldb_tdb.c - deny multi-valued attributes manipulation with doublets via cb63b34 LDB:ldbsearch - add search filter tests via 6a8c697 LDB:ldbsearch - search filters do not only contain "=" via c8bfb8e s4:dsdb - always fail if a search filter could not be parsed via 536c082 LDB:ldif_handlers.c - LDB_OP_GREATER/LDB_OP_LESS are thought as ">=" or "<=" via 5f8006c s4:dsdb_sort_objectClass_attr - simplify memory context handling via 166a7d3 s4:dsdb_sort_objectClass_attr - use "data_blob_string_const" for setting values from db075b0 libcli: fix value of NT_STATUS_FILE_NOT_AVAILABLE
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 1219eaffbe60ea875306f84d3ce7965ce4ae6384 Author: Andrew Bartlett <abart...@samba.org> Date: Tue Aug 21 23:21:41 2012 +1000 s4-python: Complete python bindings for idmap.idl Autobuild-User(master): Andrew Bartlett <abart...@samba.org> Autobuild-Date(master): Wed Aug 22 03:08:51 CEST 2012 on sn-devel-104 commit 125e93cdde0798f306cd8a5778ecbf985aa63d3e Author: Andrew Bartlett <abart...@samba.org> Date: Tue Aug 21 22:41:13 2012 +1000 s3-pysmbd: Correct the python type for smb_acl_t The t is weird, but the python bindings trim the traditional IDL name prefix of each element, as it is usually rudundent. Andrew Bartlett commit 10267f153c590838d2440e71b535e55874d82d9c Author: Andrew Bartlett <abart...@samba.org> Date: Tue Aug 21 22:40:12 2012 +1000 s4-python: complete python bindigns for smb_acls.idl commit 450fcd79c795698c33ef2e0e4e85460128ba7bfd Author: Andrew Bartlett <abart...@samba.org> Date: Tue Aug 21 21:22:31 2012 +1000 s3-vfs: Remove extra calls to SMB_VFS_HANDLE_GET_DATA Found by the talloc_stackframe() out of order checker! Andrew Bartlett commit 2b404462f5b055843ecc7af27bfd05d5d11d09e4 Author: Andrew Bartlett <abart...@samba.org> Date: Wed Aug 22 07:25:59 2012 +1000 selftest: Pass --use-ntvfs to provison in renamedc test Also fix test prefix to match the test Andrew Bartlett commit 9170f9ce95583f30d108d4a2d23b05f246a3514c Author: Andrew Bartlett <abart...@samba.org> Date: Tue Aug 21 20:04:16 2012 +1000 selftest: Specify --use-ntvfs to provision in test scripts Because these run as non-root, we need to avoid doing things that will fail during the provision. The main test of the s3fs provision is the plugin_s4_dc environment with a smb.conf that specifies vfs_fake_acls. Andrew Bartlett commit 97b13799ce4786f03602fba8eb6ad5da7023bb5c Author: Andrew Bartlett <abart...@samba.org> Date: Wed Aug 22 06:58:19 2012 +1000 s4-classicupgrade: Add --use-ntvfs option This is an odd option, but is needed because I wish to add assertions about ACL setting that will not work in make test without the vfs_fake_acls module loaded. Andrew Bartlett commit b5c2747cad0f9bbb69cceb4b90aab20546a5cf66 Author: Andrew Bartlett <abart...@samba.org> Date: Tue Aug 21 19:58:18 2012 +1000 s4-provision: pass use_ntvfs from C wrappers and set to true in tests/vampire None of these cases need the complexity of the s3fs backend. Andrew Bartlett commit c4b9c3aba8a448812d401fc28ad65ac818af5b04 Author: Matthias Dieter Wallnöfer <m...@samba.org> Date: Fri May 11 11:53:46 2012 +0200 s4:samldb LDB module - remove unused "member" attribute from search filter Signed-off-by: Andrew Bartlett <abart...@samba.org> commit 32cd618e6c0d44e0f64409ceda8451cc4665e625 Author: Matthias Dieter Wallnöfer <m...@samba.org> Date: Thu May 10 16:18:37 2012 +0200 LDB:ldb_tdb.c - deny multi-valued attributes manipulation with doublets This refers to LDB add operations as well, we have only to be careful on "@ATTRIBUTES" entries. E.g. dn: cn=testperson,cn=users,dc=...,dc=... objectClass: person url: www.example.com url: www.example.com should not work. Signed-off-by: Andrew Bartlett <abart...@samba.org> commit cb63b34b053119fcab093e95f555840afa9cfdcf Author: Matthias Dieter Wallnöfer <m...@samba.org> Date: Thu May 10 10:11:51 2012 +0200 LDB:ldbsearch - add search filter tests Signed-off-by: Andrew Bartlett <abart...@samba.org> commit 6a8c6979544594f9fadec768392888793e7eb74f Author: Matthias Dieter Wallnöfer <m...@samba.org> Date: Fri May 4 11:59:22 2012 +0200 LDB:ldbsearch - search filters do not only contain "=" Also "<=", ">=", "~"... are allowed as well. Enumeration taken from ldb_parse_filtertype(). This was the cause of not identifying the search filter as described in bug https://bugzilla.samba.org/show_bug.cgi?id=8647. Signed-off-by: Andrew Bartlett <abart...@samba.org> commit c8bfb8eb094e5bb80de8f5fa991910954d47b351 Author: Matthias Dieter Wallnöfer <m...@samba.org> Date: Fri May 4 11:42:14 2012 +0200 s4:dsdb - always fail if a search filter could not be parsed A NULL string/expression returns the generic "(objectClass=*)" filter Signed-off-by: Andrew Bartlett <abart...@samba.org> commit 536c082505fea55eb12056791e170c8cf80b36cb Author: Matthias Dieter Wallnöfer <m...@samba.org> Date: Fri May 4 11:41:03 2012 +0200 LDB:ldif_handlers.c - LDB_OP_GREATER/LDB_OP_LESS are thought as ">=" or "<=" Signed-off-by: Andrew Bartlett <abart...@samba.org> commit 5f8006cb64c6537f3004e91319d071a603e4468e Author: Matthias Dieter Wallnöfer <m...@samba.org> Date: Fri May 4 08:51:41 2012 +0200 s4:dsdb_sort_objectClass_attr - simplify memory context handling Do only require the out memory context and build the temporary one in the body of the function. This greatly simplifies the callers. Signed-off-by: Andrew Bartlett <abart...@samba.org> commit 166a7d37f7bfc7b22163e1d38a0bb0e47c2f6622 Author: Matthias Dieter Wallnöfer <m...@samba.org> Date: Fri May 4 08:46:29 2012 +0200 s4:dsdb_sort_objectClass_attr - use "data_blob_string_const" for setting values As shown in commit c8e6d8b487 this looks easier and in any case we can treat schema context data like global data. Signed-off-by: Andrew Bartlett <abart...@samba.org> ----------------------------------------------------------------------- Summary of changes: lib/ldb-samba/ldif_handlers.c | 4 +- lib/ldb/common/ldb_parse.c | 2 +- lib/ldb/ldb_tdb/ldb_tdb.c | 19 +++++++++- lib/ldb/tests/test-generic.sh | 2 + lib/ldb/tools/ldbsearch.c | 2 +- librpc/wscript_build | 10 +++++ selftest/target/Samba4.pm | 38 ++++++++++--------- source3/modules/vfs_xattr_tdb.c | 6 --- source3/smbd/pysmbd.c | 4 +- source4/dsdb/pydsdb.c | 3 +- source4/dsdb/samdb/ldb_modules/objectclass.c | 29 ++------------- source4/dsdb/samdb/ldb_modules/proxy.c | 3 ++ source4/dsdb/samdb/ldb_modules/samldb.c | 2 +- source4/dsdb/schema/schema_query.c | 35 ++++++++++-------- source4/libcli/ldap/ldap_ildap.c | 6 +++- source4/libnet/libnet_vampire.c | 2 +- source4/librpc/wscript_build | 12 ++++++ source4/param/provision.c | 2 + source4/param/provision.h | 1 + source4/scripting/python/samba/netcmd/domain.py | 6 ++- .../scripting/python/samba/provision/__init__.py | 4 +- source4/scripting/python/samba/upgrade.py | 6 ++- source4/setup/tests/blackbox_provision.sh | 18 +++++----- source4/setup/tests/blackbox_s3upgrade.sh | 6 ++-- source4/setup/tests/blackbox_setpassword.sh | 2 +- source4/setup/tests/blackbox_upgradeprovision.sh | 4 +- source4/torture/local/torture.c | 1 + testprogs/blackbox/renamedc.sh | 10 +++--- 28 files changed, 136 insertions(+), 103 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/ldb-samba/ldif_handlers.c b/lib/ldb-samba/ldif_handlers.c index af66623..1cf7df7 100644 --- a/lib/ldb-samba/ldif_handlers.c +++ b/lib/ldb-samba/ldif_handlers.c @@ -1139,9 +1139,9 @@ static int samba_syntax_operator_fn(struct ldb_context *ldb, enum ldb_parse_op o ret = a->syntax->comparison_fn(ldb, tmp_ctx, v1, v2); talloc_free(tmp_ctx); if (operation == LDB_OP_GREATER) { - *matched = (ret > 0); + *matched = (ret >= 0); } else if (operation == LDB_OP_LESS) { - *matched = (ret < 0); + *matched = (ret <= 0); } else { *matched = (ret == 0); } diff --git a/lib/ldb/common/ldb_parse.c b/lib/ldb/common/ldb_parse.c index 47145a2..cfa2959 100644 --- a/lib/ldb/common/ldb_parse.c +++ b/lib/ldb/common/ldb_parse.c @@ -343,7 +343,7 @@ static enum ldb_parse_op ldb_parse_filtertype(TALLOC_CTX *mem_ctx, char **type, } if (!filter) { talloc_free(name); - return filter; + return 0; } p++; diff --git a/lib/ldb/ldb_tdb/ldb_tdb.c b/lib/ldb/ldb_tdb/ldb_tdb.c index cc1586d..3c18150 100644 --- a/lib/ldb/ldb_tdb/ldb_tdb.c +++ b/lib/ldb/ldb_tdb/ldb_tdb.c @@ -318,7 +318,7 @@ static int ltdb_add_internal(struct ldb_module *module, { struct ldb_context *ldb = ldb_module_get_ctx(module); int ret = LDB_SUCCESS; - unsigned int i; + unsigned int i, j; for (i=0;i<msg->num_elements;i++) { struct ldb_message_element *el = &msg->elements[i]; @@ -336,6 +336,22 @@ static int ltdb_add_internal(struct ldb_module *module, el->name, ldb_dn_get_linearized(msg->dn)); return LDB_ERR_CONSTRAINT_VIOLATION; } + + /* Do not check "@ATTRIBUTES" for duplicated values */ + if (ldb_dn_is_special(msg->dn) && + ldb_dn_check_special(msg->dn, LTDB_ATTRIBUTES)) { + continue; + } + + /* TODO: This is O(n^2) - replace with more efficient check */ + for (j=0; j<el->num_values; j++) { + if (ldb_msg_find_val(el, &el->values[j]) != &el->values[j]) { + ldb_asprintf_errstring(ldb, + "attribute '%s': value #%u on '%s' provided more than once", + el->name, j, ldb_dn_get_linearized(msg->dn)); + return LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS; + } + } } ret = ltdb_store(module, msg, TDB_INSERT); @@ -761,6 +777,7 @@ int ltdb_modify_internal(struct ldb_module *module, /* Check that values don't exist yet on multi- valued attributes or aren't provided twice */ + /* TODO: This is O(n^2) - replace with more efficient check */ for (j = 0; j < el->num_values; j++) { if (ldb_msg_find_val(el2, &el->values[j]) != NULL) { if (control_permissive) { diff --git a/lib/ldb/tests/test-generic.sh b/lib/ldb/tests/test-generic.sh index 69f901b..e1f8e79 100755 --- a/lib/ldb/tests/test-generic.sh +++ b/lib/ldb/tests/test-generic.sh @@ -123,12 +123,14 @@ if [ $count != 2 ]; then echo returned $count records - expected 2 echo "this fails on openLdap ..." fi +$VALGRIND ldbsearch '(cn>t)' cn && exit 1 # strictly greater should not work count=`$VALGRIND ldbsearch '(cn<=t)' cn | grep '^dn' | wc -l` if [ $count != 13 ]; then echo returned $count records - expected 13 echo "this fails on openLdap ..." fi +$VALGRIND ldbsearch '(cn<t)' cn && exit 1 # strictly less should not work checkcount() { count=$1 diff --git a/lib/ldb/tools/ldbsearch.c b/lib/ldb/tools/ldbsearch.c index 2da7072..a030a5a 100644 --- a/lib/ldb/tools/ldbsearch.c +++ b/lib/ldb/tools/ldbsearch.c @@ -305,7 +305,7 @@ int main(int argc, const char **argv) /* the check for '=' is for compatibility with ldapsearch */ if (!options->interactive && options->argc > 0 && - strchr(options->argv[0], '=')) { + strpbrk(options->argv[0], "=<>~:")) { expression = options->argv[0]; options->argv++; options->argc--; diff --git a/librpc/wscript_build b/librpc/wscript_build index 8dbbe2d..ee8483b 100644 --- a/librpc/wscript_build +++ b/librpc/wscript_build @@ -377,6 +377,16 @@ bld.SAMBA_SUBSYSTEM('RPC_NDR_XATTR', public_deps='NDR_XATTR dcerpc-binding' ) +bld.SAMBA_SUBSYSTEM('RPC_NDR_IDMAP', + source='gen_ndr/ndr_idmap_c.c', + public_deps='NDR_IDMAP dcerpc-binding' + ) + +bld.SAMBA_SUBSYSTEM('RPC_NDR_SMB_ACL', + source='gen_ndr/ndr_smb_acl_c.c', + public_deps='NDR_SMB_ACL dcerpc-binding' + ) + bld.SAMBA_SUBSYSTEM('RPC_NDR_ROT', source='gen_ndr/ndr_rot_c.c', public_deps='NDR_ROT dcerpc-binding' diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm index 17f3a32..b8d245c 100644 --- a/selftest/target/Samba4.pm +++ b/selftest/target/Samba4.pm @@ -420,11 +420,11 @@ Wfz/8alZ5aMezCQzXJyIaJsCLeKABosSwHcpAFmxlQ== EOF } -sub provision_raw_prepare($$$$$$$$$) +sub provision_raw_prepare($$$$$$$$$$) { my ($self, $prefix, $server_role, $hostname, $domain, $realm, $functional_level, - $password, $kdc_ipv4) = @_; + $password, $kdc_ipv4, $use_ntvfs) = @_; my $ctx; my $netbiosname = uc($hostname); @@ -534,7 +534,9 @@ sub provision_raw_prepare($$$$$$$$$) push (@provision_options, "--server-role=\"$ctx->{server_role}\""); push (@provision_options, "--function-level=\"$ctx->{functional_level}\""); push (@provision_options, "--dns-backend=BIND9_DLZ"); - push (@provision_options, "--use-ntvfs"); + if ($use_ntvfs) { + push (@provision_options, "--use-ntvfs"); + } @{$ctx->{provision_options}} = @provision_options; @@ -698,16 +700,16 @@ sub provision_raw_step2($$$) return $ret; } -sub provision($$$$$$$$) +sub provision($$$$$$$$$) { my ($self, $prefix, $server_role, $hostname, $domain, $realm, $functional_level, - $password, $kdc_ipv4, $extra_smbconf_options, $extra_smbconf_shares) = @_; + $password, $kdc_ipv4, $extra_smbconf_options, $extra_smbconf_shares, $use_ntvfs) = @_; my $ctx = $self->provision_raw_prepare($prefix, $server_role, $hostname, $domain, $realm, $functional_level, - $password, $kdc_ipv4); + $password, $kdc_ipv4, $use_ntvfs); $ctx->{share} = "$ctx->{prefix_abs}/share"; push(@{$ctx->{directories}}, "$ctx->{share}"); @@ -841,7 +843,7 @@ sub provision_member($$$) "2008", "locMEMpass3", $dcvars->{SERVER_IP}, - "", ""); + "", "", 1); unless ($ret) { return undef; } @@ -906,7 +908,7 @@ sub provision_rpc_proxy($$$) "2008", "locRPCproxypass4", $dcvars->{SERVER_IP}, - $extra_smbconf_options, ""); + $extra_smbconf_options, "", 1); unless ($ret) { return undef; @@ -978,7 +980,7 @@ sub provision_promoted_vampire_dc($$$) "samba.example.com", "2008", $dcvars->{PASSWORD}, - $dcvars->{SERVER_IP}); + $dcvars->{SERVER_IP}, 1); $ctx->{smb_conf_extra_options} = " max xmit = 32K @@ -1050,7 +1052,7 @@ sub provision_vampire_dc($$$) "samba.example.com", "2008", $dcvars->{PASSWORD}, - $dcvars->{SERVER_IP}); + $dcvars->{SERVER_IP}, 1); $ctx->{smb_conf_extra_options} = " max xmit = 32K @@ -1109,7 +1111,7 @@ sub provision_subdom_dc($$$) "sub.samba.example.com", "2008", $dcvars->{PASSWORD}, - undef); + undef, 1); $ctx->{smb_conf_extra_options} = " max xmit = 32K @@ -1174,7 +1176,7 @@ allow dns updates = True"; "samba.example.com", "2008", "locDCpass1", - undef, $extra_conf_options, ""); + undef, $extra_conf_options, "", 1); return undef unless(defined $ret); unless($self->add_wins_config("$prefix/private")) { @@ -1203,7 +1205,7 @@ sub provision_fl2000dc($$) "samba2000.example.com", "2000", "locDCpass5", - undef, ""); + undef, "", 1); unless($self->add_wins_config("$prefix/private")) { warn("Unable to add wins configuration"); @@ -1225,7 +1227,7 @@ sub provision_fl2003dc($$) "samba2003.example.com", "2003", "locDCpass6", - undef, "", ""); + undef, "", "", 1); unless($self->add_wins_config("$prefix/private")) { warn("Unable to add wins configuration"); @@ -1247,7 +1249,7 @@ sub provision_fl2008r2dc($$) "samba2008R2.example.com", "2008_R2", "locDCpass7", - undef, "", ""); + undef, "", "", 1); unless ($self->add_wins_config("$prefix/private")) { warn("Unable to add wins configuration"); @@ -1270,7 +1272,7 @@ sub provision_rodc($$$) "samba.example.com", "2008", $dcvars->{PASSWORD}, - $dcvars->{SERVER_IP}); + $dcvars->{SERVER_IP}, 1); unless ($ctx) { return undef; } @@ -1411,7 +1413,7 @@ sub provision_plugin_s4_dc($$) "2008", "locDCpass1", undef, $extra_smbconf_options, - $extra_smbconf_shares); + $extra_smbconf_shares, 0); return undef unless(defined $ret); unless($self->add_wins_config("$prefix/private")) { @@ -1440,7 +1442,7 @@ sub provision_chgdcpass($$) "chgdcpassword.samba.example.com", "2008", "chgDCpass1", - undef); + undef, 1); return undef unless(defined $ret); unless($self->add_wins_config("$prefix/private")) { diff --git a/source3/modules/vfs_xattr_tdb.c b/source3/modules/vfs_xattr_tdb.c index 36e113e..c0debed 100644 --- a/source3/modules/vfs_xattr_tdb.c +++ b/source3/modules/vfs_xattr_tdb.c @@ -150,8 +150,6 @@ static int xattr_tdb_setxattr(struct vfs_handle_struct *handle, TALLOC_FREE(frame); return -1; }); - SMB_VFS_HANDLE_GET_DATA(handle, db, struct db_context, return -1); - ret = xattr_tdb_get_file_id(handle, path, &id); if (ret == -1) { TALLOC_FREE(frame); @@ -207,8 +205,6 @@ static ssize_t xattr_tdb_listxattr(struct vfs_handle_struct *handle, TALLOC_FREE(frame); return -1; }); - SMB_VFS_HANDLE_GET_DATA(handle, db, struct db_context, return -1); - ret = xattr_tdb_get_file_id(handle, path, &id); if (ret == -1) { TALLOC_FREE(frame); @@ -263,8 +259,6 @@ static int xattr_tdb_removexattr(struct vfs_handle_struct *handle, TALLOC_FREE(frame); return -1; }); - SMB_VFS_HANDLE_GET_DATA(handle, db, struct db_context, TALLOC_FREE(frame); return -1); - ret = xattr_tdb_get_file_id(handle, path, &id); if (ret == -1) { TALLOC_FREE(frame); diff --git a/source3/smbd/pysmbd.c b/source3/smbd/pysmbd.c index 8fca4e7..6456797 100644 --- a/source3/smbd/pysmbd.c +++ b/source3/smbd/pysmbd.c @@ -398,7 +398,7 @@ static PyObject *py_smbd_set_sys_acl(PyObject *self, PyObject *args) if (!PyArg_ParseTuple(args, "siO", &fname, &acl_type, &py_acl)) return NULL; - if (!py_check_dcerpc_type(py_acl, "samba.dcerpc.smb_acl", "sys_acl_t")) { + if (!py_check_dcerpc_type(py_acl, "samba.dcerpc.smb_acl", "t")) { return NULL; } @@ -460,7 +460,7 @@ static PyObject *py_smbd_get_sys_acl(PyObject *self, PyObject *args) talloc_steal(frame, acl); conn_free(conn); - py_acl = py_return_ndr_struct("samba.dcerpc.smb_acl", "sys_acl_t", acl, acl); + py_acl = py_return_ndr_struct("samba.dcerpc.smb_acl", "t", acl, acl); TALLOC_FREE(frame); diff --git a/source4/dsdb/pydsdb.c b/source4/dsdb/pydsdb.c index 39229f4..99e239e 100644 --- a/source4/dsdb/pydsdb.c +++ b/source4/dsdb/pydsdb.c @@ -681,8 +681,7 @@ static PyObject *py_dsdb_normalise_attributes(PyObject *self, PyObject *args) /* Normalise "objectClass" attribute if needed */ if (ldb_attr_cmp(a->lDAPDisplayName, "objectClass") == 0) { int iret; - iret = dsdb_sort_objectClass_attr(ldb, schema, tmp_ctx, el, - tmp_ctx, el); + iret = dsdb_sort_objectClass_attr(ldb, schema, el, tmp_ctx, el); if (iret != LDB_SUCCESS) { PyErr_SetString(PyExc_RuntimeError, ldb_errstring(ldb)); talloc_free(tmp_ctx); diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c index 7d34b4e..0743600 100644 --- a/source4/dsdb/samdb/ldb_modules/objectclass.c +++ b/source4/dsdb/samdb/ldb_modules/objectclass.c @@ -383,7 +383,6 @@ static int objectclass_do_add(struct oc_context *ac) struct ldb_request *add_req; struct ldb_message_element *objectclass_element, *el; struct ldb_message *msg; - TALLOC_CTX *mem_ctx; const char *rdn_name = NULL; char *value; const struct dsdb_class *objectclass; @@ -448,22 +447,14 @@ static int objectclass_do_add(struct oc_context *ac) return LDB_ERR_CONSTRAINT_VIOLATION; } - mem_ctx = talloc_new(ac); - if (mem_ctx == NULL) { - return ldb_module_oom(ac->module); - } - /* Now do the sorting */ - ret = dsdb_sort_objectClass_attr(ldb, ac->schema, mem_ctx, + ret = dsdb_sort_objectClass_attr(ldb, ac->schema, objectclass_element, msg, objectclass_element); if (ret != LDB_SUCCESS) { - talloc_free(mem_ctx); return ret; } - talloc_free(mem_ctx); - /* * Get the new top-most structural object class and check for * unrelated structural classes @@ -823,7 +814,6 @@ static int objectclass_do_mod(struct oc_context *ac) struct ldb_message_element *oc_el_entry, *oc_el_change; struct ldb_val *vals; struct ldb_message *msg; - TALLOC_CTX *mem_ctx; const struct dsdb_class *objectclass; unsigned int i, j, k; bool found; @@ -851,11 +841,6 @@ static int objectclass_do_mod(struct oc_context *ac) msg->dn = ac->req->op.mod.message->dn; - mem_ctx = talloc_new(ac); - if (mem_ctx == NULL) { - return ldb_module_oom(ac->module); - } - /* We've to walk over all "objectClass" message elements */ for (k = 0; k < ac->req->op.mod.message->num_elements; k++) { if (ldb_attr_cmp(ac->req->op.mod.message->elements[k].name, @@ -876,7 +861,6 @@ static int objectclass_do_mod(struct oc_context *ac) "objectclass: cannot re-add an existing objectclass: '%.*s'!", (int)oc_el_change->values[i].length, (const char *)oc_el_change->values[i].data); - talloc_free(mem_ctx); return LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS; } } @@ -886,7 +870,6 @@ static int objectclass_do_mod(struct oc_context *ac) struct ldb_val, oc_el_entry->num_values + 1); if (vals == NULL) { - talloc_free(mem_ctx); return ldb_module_oom(ac->module); } oc_el_entry->values = vals; @@ -933,7 +916,6 @@ static int objectclass_do_mod(struct oc_context *ac) "objectclass: cannot delete this objectclass: '%.*s'!", (int)oc_el_change->values[i].length, (const char *)oc_el_change->values[i].data); - talloc_free(mem_ctx); return LDB_ERR_NO_SUCH_ATTRIBUTE; } } @@ -942,10 +924,9 @@ static int objectclass_do_mod(struct oc_context *ac) } /* Now do the sorting */ - ret = dsdb_sort_objectClass_attr(ldb, ac->schema, mem_ctx, - oc_el_entry, msg, oc_el_entry); + ret = dsdb_sort_objectClass_attr(ldb, ac->schema, oc_el_entry, + msg, oc_el_entry); if (ret != LDB_SUCCESS) { - talloc_free(mem_ctx); return ret; } @@ -958,7 +939,6 @@ static int objectclass_do_mod(struct oc_context *ac) if (objectclass == NULL) { ldb_set_errstring(ldb, "objectclass: cannot delete all structural objectclasses!"); - talloc_free(mem_ctx); return LDB_ERR_OBJECT_CLASS_VIOLATION; } @@ -967,13 +947,10 @@ static int objectclass_do_mod(struct oc_context *ac) objectclass, oc_el_entry); if (ret != LDB_SUCCESS) { - talloc_free(mem_ctx); return ret; } } - talloc_free(mem_ctx); - /* Now add the new object class attribute to the change message */ ret = ldb_msg_add(msg, oc_el_entry, LDB_FLAG_MOD_REPLACE); if (ret != LDB_SUCCESS) { diff --git a/source4/dsdb/samdb/ldb_modules/proxy.c b/source4/dsdb/samdb/ldb_modules/proxy.c index 5f6e56f..c3f12ba 100644 --- a/source4/dsdb/samdb/ldb_modules/proxy.c +++ b/source4/dsdb/samdb/ldb_modules/proxy.c @@ -339,6 +339,9 @@ static int proxy_search_bytree(struct ldb_module *module, struct ldb_request *re #endif newtree = proxy_convert_tree(ac, proxy, req->op.search.tree); + if (newtree == NULL) { + goto failed; + } /* convert the basedn of this search */ base = ldb_dn_copy(ac, req->op.search.base); diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index bb30605..da9c966 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -1734,7 +1734,7 @@ static int samldb_sam_accountname_check(struct samldb_ctx *ac) static int samldb_member_check(struct samldb_ctx *ac) { - const char * const attrs[] = { "objectSid", "member", NULL }; + const char * const attrs[] = { "objectSid", NULL }; struct ldb_context *ldb = ldb_module_get_ctx(ac->module); struct ldb_message_element *el; struct ldb_dn *member_dn; diff --git a/source4/dsdb/schema/schema_query.c b/source4/dsdb/schema/schema_query.c index d16711a..013878d 100644 --- a/source4/dsdb/schema/schema_query.c +++ b/source4/dsdb/schema/schema_query.c @@ -451,14 +451,12 @@ const struct GUID *attribute_schemaid_guid_by_lDAPDisplayName(const struct dsdb_ * into correct order and validate that all object classes specified actually * exist in the schema. * The output is written in an existing LDB message element -- Samba Shared Repository