The branch, master has been updated via f1781ad dsdb: remove a wrong comment in dsdb_check_access_on_dn_internal() via 122214b dsdb: don't allow a missing nTSecurityDescriptor in dsdb_get_sd_from_ldb_message() via 5959aff dsdb: use AS_SYSTEM | SHOW_RECYCLED for access check searches via afb2bcc s4:smb_server: call irpc_add_name() at startup (bug #9905) via 12d9728 s4:rpc_server: call irpc_add_name() at startup (bug #9905) via a1aeeee s4:ldap_server: call irpc_add_name() at startup (bug #9905) from 6c8cccc dsdb repl_meta_data: Use dsdb_request_add_controls()
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit f1781adb051bb5a166d619ed9db6bdb252b1acb5 Author: Stefan Metzmacher <me...@samba.org> Date: Thu Jun 13 14:16:43 2013 +0200 dsdb: remove a wrong comment in dsdb_check_access_on_dn_internal() Signed-off-by: Stefan Metzmacher <me...@samba.org> Autobuild-User(master): Stefan Metzmacher <me...@samba.org> Autobuild-Date(master): Thu Jun 13 18:19:24 CEST 2013 on sn-devel-104 commit 122214b16bb2d247c8040728a6b0964531596ea9 Author: Stefan Metzmacher <me...@samba.org> Date: Thu Jun 13 14:13:26 2013 +0200 dsdb: don't allow a missing nTSecurityDescriptor in dsdb_get_sd_from_ldb_message() Every object has a nTSecurityDescriptor attribute. This also avoids potential segfaults in the callers. Signed-off-by: Stefan Metzmacher <me...@samba.org> commit 5959affa031843d741513000fb382efe54ff147b Author: Stefan Metzmacher <me...@samba.org> Date: Mon Jun 10 13:31:59 2013 +0200 dsdb: use AS_SYSTEM | SHOW_RECYCLED for access check searches We need AS_SYSTEM in order to get the nTSecurityDescriptor attribute. Also the result of this search not controlled by the client nor is the result exposed to the client. Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit afb2bcc08489dbece732fc8f842cbd83862320be Author: Stefan Metzmacher <me...@samba.org> Date: Mon May 27 12:10:57 2013 +0200 s4:smb_server: call irpc_add_name() at startup (bug #9905) We should call irpc_add_name() when we start the smb_server task. Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 12d9728131afab7fa093a9cd7ccaff076a74f271 Author: Stefan Metzmacher <me...@samba.org> Date: Mon May 27 12:10:57 2013 +0200 s4:rpc_server: call irpc_add_name() at startup (bug #9905) We should call irpc_add_name() when we start the rpc_server task. Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit a1aeeee4302a4eaf7e210e8084416cd2a0d14384 Author: Stefan Metzmacher <me...@samba.org> Date: Mon May 27 12:10:57 2013 +0200 s4:ldap_server: call irpc_add_name() at startup (bug #9905) We should call irpc_add_name() when we start the ldap_server task. Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> ----------------------------------------------------------------------- Summary of changes: source4/dsdb/common/dsdb_access.c | 19 +++++++++++-------- source4/ldap_server/ldap_server.c | 3 +++ source4/rpc_server/service_rpc.c | 1 + source4/smb_server/service_smb.c | 1 + 4 files changed, 16 insertions(+), 8 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/dsdb/common/dsdb_access.c b/source4/dsdb/common/dsdb_access.c index 6af5c3a..5c02daa 100644 --- a/source4/dsdb/common/dsdb_access.c +++ b/source4/dsdb/common/dsdb_access.c @@ -64,9 +64,9 @@ int dsdb_get_sd_from_ldb_message(struct ldb_context *ldb, enum ndr_err_code ndr_err; sd_element = ldb_msg_find_element(acl_res, "nTSecurityDescriptor"); - if (!sd_element) { - *sd = NULL; - return LDB_SUCCESS; + if (sd_element == NULL) { + return ldb_error(ldb, LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS, + "nTSecurityDescriptor is missing"); } *sd = talloc(mem_ctx, struct security_descriptor); if(!*sd) { @@ -101,10 +101,7 @@ int dsdb_check_access_on_dn_internal(struct ldb_context *ldb, if (ret != LDB_SUCCESS) { return ldb_operr(ldb); } - /* Theoretically we pass the check if the object has no sd */ - if (!sd) { - return LDB_SUCCESS; - } + sid = samdb_result_dom_sid(mem_ctx, acl_res->msgs[0], "objectSid"); if (guid) { if (!insert_in_object_tree(mem_ctx, guid, access_mask, NULL, @@ -159,7 +156,13 @@ int dsdb_check_access_on_dn(struct ldb_context *ldb, } } - ret = dsdb_search_dn(ldb, mem_ctx, &acl_res, dn, acl_attrs, DSDB_SEARCH_SHOW_DELETED); + /* + * We need AS_SYSTEM in order to get the nTSecurityDescriptor attribute. + * Also the result of this search not controlled by the client + * nor is the result exposed to the client. + */ + ret = dsdb_search_dn(ldb, mem_ctx, &acl_res, dn, acl_attrs, + DSDB_FLAG_AS_SYSTEM | DSDB_SEARCH_SHOW_RECYCLED); if (ret != LDB_SUCCESS) { DEBUG(10,("access_check: failed to find object %s\n", ldb_dn_get_linearized(dn))); return ret; diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index a06feb0..0c0beca 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -1024,6 +1024,9 @@ static void ldapsrv_task_init(struct task_server *task) } #endif + + /* register the server */ + irpc_add_name(task->msg_ctx, "ldap_server"); return; failed: diff --git a/source4/rpc_server/service_rpc.c b/source4/rpc_server/service_rpc.c index 299ee48..9ecfd6f 100644 --- a/source4/rpc_server/service_rpc.c +++ b/source4/rpc_server/service_rpc.c @@ -76,6 +76,7 @@ static void dcesrv_task_init(struct task_server *task) if (!NT_STATUS_IS_OK(status)) goto failed; } + irpc_add_name(task->msg_ctx, "rpc_server"); return; failed: task_server_terminate(task, "Failed to startup dcerpc server task", true); diff --git a/source4/smb_server/service_smb.c b/source4/smb_server/service_smb.c index c910b0f..958792e 100644 --- a/source4/smb_server/service_smb.c +++ b/source4/smb_server/service_smb.c @@ -77,6 +77,7 @@ static void smbsrv_task_init(struct task_server *task) talloc_free(wcard); } + irpc_add_name(task->msg_ctx, "smb_server"); return; failed: task_server_terminate(task, "Failed to startup smb server task", true); -- Samba Shared Repository