The branch, v4-8-stable has been updated
via a62c2f3 VERSION: Disable GIT_SNAPSHOT for the 4.8.3 release.
via 519bc4d WHATSNEW: Add release notes for Samba 4.8.3.
via e25631d ldb: version 1.3.4
via fb522c1 .gitlab-ci.yml: Adapt to current GitLab CI setup
via 7ccd1eb Fix several mem leaks in ldb_index ldb_search ldb_tdb
via 2a3f91e check return value before using key_values
via 7a1906d ldb: check return values
via 9b5f368 ldb_tdb: Use mem_ctx and so avoid leak onto long-term
memory on duplicated add.
via 1fb7246 ldb: Fix memory leak on module context
via b4331a3 ldb: Add tests for when we should expect a full scan
via b8df3cd ldb: One-level search was incorrectly falling back to full
DB scan
via 703ca1a ldb: Explain why an entry can vanish from the index
via d1b59c2 ldb: Indicate that the ltdb_dn_list_sort() in list_union is
a bit subtle.
via 5c1d9b0 ldb: Save a copy of the index result before calling the
callbacks.
via 8b32d29 samdb: Fix build error with gcc8
via ee6bd86 s3:winbind: Fix regression introduced with bso #12851
via 941b566 s3:smbget: Fix buffer truncation issues with gcc8
via 5f2859e s3:registry: Fix buffer truncation issues issues with gcc8
via be00b89 heimdal: lib/krb5: do not fail set_config_files due to
parse error
via 0196569 krb5_plugin: Add winbind localauth plugin for MIT Kerberos
via 228e5d4 krb5_wrap: fix keep_old_entries logic for older kerberos
libraries
via df16008 bla
via 7f32430 python: Fix talloc frame use in make_simple_acl().
via 6121a6f s3: smbd: printing: Re-implement delete-on-close semantics
for print files missing since 3.5.x.
via e5ffffd s3: torture: Add DELETE-PRINT test.
via 0e3d52f lib: Fix array size in audit_logging
via fd83672 s4:ntvfs: Fix string copy of share_name
via 15c13f7 lib:util: Fix size types in debug.c
via 05dab79 lib:util: Fix parameter aliasing in tfork test
via ca1aced s3:winbind: Fix uninitialzed variable warning
via aa833e8 s3:passdb: Fix size of ascii_p16
via aff1261 s3:lib: Use memcpy() in escape_ldap_string()
via 3ef6d6a s4:torture: Use strlcpy() in gen_name()
via c16e479 lib:util: Fix string check in mkdir_p()
via 3e42a24 s3-utils: fix format-truncation in smbpasswd
via 23f19c8 s4-torture: fix format-truncation warning in smb2 session
tests.
via 1b420a2 s3-printing: fix format-truncation in print_queue_update()
via 35de20b s3-winbindd: remove unused fill_domain_username()
via c70a0d5 s3-winbindd: use fill_domain_username_talloc() in winbind.
via c5f3606 s4-heimdal: Fix the format-truncation errors.
via 2839bf2 s3: smbtorture: Add new SMB2-DIR-FSYNC test to show
behavior of FSYNC on directories.
via ce89931 s3: smbd: Fix SMB2-FLUSH against directories.
via a7a51bd smbd: Flush dfree memcache on service reload
via f7e53f8 smbd: Cache dfree information based on query path
via 3fd685e memcache: Add new cache type for dfree information
via 88d19df selftest: Add test for 'dfree cache'
via 2e5bc85 selftest: Add dfq_cache share with 'dfree cache time' set
via 68999b8 lib/util: Call log_stack_trace() in smb_panic_default()
via 5733e90 lib/util: Move log_stack_trace() to common code
via d14cd61 lib/util: Log PANIC before calling pacic action just like s3
via 8f01d94 s3-lib: Remove support for libexc for IRIX backtraces
via 9c794a2 s3:utils: Do not segfault on error in DoDNSUpdate()
via 9cb6459 auth/ntlmssp: fix handling of GENSEC_FEATURE_LDAP_STYLE as
a server
via 7faa201 s4:selftest: run test_ldb_simple.sh with more auth options
via e153636 auth/ntlmssp: add ntlmssp_client:ldap_style_send_seal option
via 2fb77a2 libgpo: Fix the build --without-ads
via bcee547 s3:smbd: fix interaction between chown and SD flags
via 6ea5d16 s4:torture/smb2: new test for interaction between chown and
SD flags
via 682a2e2 winbind: Fix UPN handling in canonicalize_username()
via 124f0e4 winbind: Fix UPN handling in parse_domain_user()
via b5ba5da winbind: Remove unused function parse_domain_user_talloc()
via f1dfb9f winbind: Pass upn unmodified to lookup names
via a52b067 nsswitch:tests: Add test for wbinfo --user-info
via 5c946eb selftest: Add a user with a different userPrincipalName
via 40a1341 nsswitch: Lookup the domain in tests with the wb seperator
via a28d7c4 nsswitch: Add a test looking up domain sid
via ee22c6f nsswitch: Add a test looking up the user using the upn
via 4bbc5a8 selftest: Make sure we have correct group mappings
via cc678c4 VERSION: Bump version up to 4.8.3...
from e64d0d0 VERSION: Disable GIT_SNAPSHOT for the 4.8.2 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-8-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
.gitlab-ci.yml => .gitlab-ci-private.yml | 14 +-
VERSION | 2 +-
WHATSNEW.txt | 106 +++++++-
auth/auth_log.c | 2 +-
auth/ntlmssp/gensec_ntlmssp_server.c | 19 --
auth/ntlmssp/ntlmssp_client.c | 24 +-
auth/ntlmssp/ntlmssp_server.c | 8 +
lib/krb5_wrap/krb5_samba.c | 2 +-
lib/ldb/ABI/{ldb-1.3.3.sigs => ldb-1.3.4.sigs} | 0
...b-util.py3-1.3.3.sigs => pyldb-util-1.3.4.sigs} | 0
...il.py3-1.3.3.sigs => pyldb-util.py3-1.3.4.sigs} | 0
lib/ldb/ldb_tdb/ldb_index.c | 134 +++++++---
lib/ldb/ldb_tdb/ldb_search.c | 23 +-
lib/ldb/ldb_tdb/ldb_tdb.c | 20 +-
lib/ldb/ldb_tdb/ldb_tdb.h | 6 +
lib/ldb/tests/ldb_mod_op_test.c | 275 ++++++++++++++++++++
lib/ldb/tests/python/api.py | 104 +++++++-
lib/ldb/wscript | 2 +-
lib/util/debug.c | 14 +-
lib/util/fault.c | 107 +++++++-
lib/util/fault.h | 1 +
lib/util/memcache.h | 3 +-
lib/util/mkdir_p.c | 4 +-
lib/util/tests/tfork.c | 7 +-
lib/util/wscript_configure | 1 +
libgpo/pygpo.c | 5 +
nsswitch/krb5_plugin/winbind_krb5_localauth.c | 267 ++++++++++++++++++++
nsswitch/tests/test_idmap_ad.sh | 2 +-
nsswitch/tests/test_idmap_nss.sh | 4 +-
nsswitch/tests/test_idmap_rid.sh | 2 +-
nsswitch/tests/test_wbinfo_name_lookup.sh | 13 +-
nsswitch/tests/test_wbinfo_user_info.sh | 83 ++++++
nsswitch/wscript_build | 6 +
selftest/knownfail | 1 +
selftest/knownfail.d/upn_handling | 8 +
selftest/target/Samba3.pm | 15 ++
selftest/target/Samba4.pm | 19 +-
source3/include/local.h | 3 -
source3/include/proto.h | 1 -
source3/lib/ldap_escape.c | 2 +-
source3/lib/util.c | 139 -----------
source3/modules/vfs_acl_common.c | 7 +-
source3/passdb/pdb_smbpasswd.c | 2 +-
source3/printing/printing.c | 2 +-
source3/printing/printspoolss.c | 17 ++
source3/registry/reg_perfcount.c | 12 +-
source3/script/tests/test_dfree_quota.sh | 35 +++
source3/script/tests/test_smbspool.sh | 63 +++++
source3/selftest/tests.py | 18 +-
source3/smbd/dfree.c | 104 ++++++--
source3/smbd/proto.h | 1 +
source3/smbd/pysmbd.c | 49 ++--
source3/smbd/server_reload.c | 1 +
source3/smbd/smb2_flush.c | 26 +-
source3/torture/proto.h | 1 +
source3/torture/test_smb2.c | 270 ++++++++++++++++++++
source3/torture/torture.c | 74 ++++++
source3/utils/net_dns.c | 1 +
source3/utils/smbget.c | 2 +-
source3/utils/smbpasswd.c | 49 ++--
source3/winbindd/wb_getpwsid.c | 23 +-
source3/winbindd/wb_lookupname.c | 8 +-
source3/winbindd/wb_query_user_list.c | 9 +-
source3/winbindd/wb_xids2sids.c | 1 +
source3/winbindd/winbindd_cache.c | 5 +-
source3/winbindd/winbindd_ccache_access.c | 43 +++-
source3/winbindd/winbindd_creds.c | 3 +-
source3/winbindd/winbindd_getgrnam.c | 18 +-
source3/winbindd/winbindd_getgroups.c | 13 +-
source3/winbindd/winbindd_getpwnam.c | 13 +-
source3/winbindd/winbindd_group.c | 12 +-
source3/winbindd/winbindd_irpc.c | 7 +-
source3/winbindd/winbindd_list_groups.c | 14 +-
source3/winbindd/winbindd_lookupname.c | 17 +-
source3/winbindd/winbindd_pam.c | 96 +++++--
source3/winbindd/winbindd_pam_auth.c | 11 +-
source3/winbindd/winbindd_pam_chauthtok.c | 12 +-
source3/winbindd/winbindd_pam_logoff.c | 12 +-
source3/winbindd/winbindd_proto.h | 20 +-
source3/winbindd/winbindd_util.c | 83 +++---
source3/wscript | 2 +-
source4/dsdb/samdb/ldb_modules/samldb.c | 2 +-
source4/heimdal/lib/com_err/compile_et.c | 6 +-
source4/heimdal/lib/krb5/config_file.c | 4 +-
source4/heimdal/lib/krb5/context.c | 3 +-
source4/ntvfs/ipc/rap_server.c | 9 +-
source4/selftest/tests.py | 7 +
source4/torture/basic/mangle_test.c | 2 +-
source4/torture/smb2/acls.c | 278 +++++++++++++++++++++
source4/torture/smb2/session.c | 2 +-
wscript_configure_system_mitkrb5 | 1 +
91 files changed, 2436 insertions(+), 482 deletions(-)
rename .gitlab-ci.yml => .gitlab-ci-private.yml (92%)
copy lib/ldb/ABI/{ldb-1.3.3.sigs => ldb-1.3.4.sigs} (100%)
copy lib/ldb/ABI/{pyldb-util.py3-1.3.3.sigs => pyldb-util-1.3.4.sigs} (100%)
copy lib/ldb/ABI/{pyldb-util.py3-1.3.3.sigs => pyldb-util.py3-1.3.4.sigs}
(100%)
create mode 100644 nsswitch/krb5_plugin/winbind_krb5_localauth.c
create mode 100755 nsswitch/tests/test_wbinfo_user_info.sh
create mode 100644 selftest/knownfail.d/upn_handling
Changeset truncated at 500 lines:
diff --git a/.gitlab-ci.yml b/.gitlab-ci-private.yml
similarity index 92%
rename from .gitlab-ci.yml
rename to .gitlab-ci-private.yml
index 2ae9eb4..584b853 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci-private.yml
@@ -1,12 +1,15 @@
# see https://docs.gitlab.com/ce/ci/yaml/README.html for all available options
+image: registry.gitlab.com/samba-team/samba:latest
+
before_script:
- echo "Build starting ..."
build_samba:
stage: build
tags:
- - autobuild
+ - docker
+ - private
script:
# this one takes about 4 hours to finish
- python script/autobuild.py samba --verbose --tail --testbase
/tmp/samba-testbase
@@ -14,7 +17,8 @@ build_samba:
build_samba_others:
stage: build
tags:
- - autobuild
+ - docker
+ - private
script:
- python script/autobuild.py samba-nopython --verbose --tail --testbase
/tmp/samba-testbase
- python script/autobuild.py samba-systemkrb5 --verbose --tail --testbase
/tmp/samba-testbase
@@ -26,7 +30,8 @@ build_samba_others:
build_ctdb:
stage: build
tags:
- - autobuild
+ - docker
+ - private
script:
- python script/autobuild.py samba-ctdb --verbose --tail --testbase
/tmp/samba-testbase
- python script/autobuild.py ctdb --verbose --tail --testbase
/tmp/samba-testbase
@@ -34,7 +39,8 @@ build_ctdb:
build_others:
stage: build
tags:
- - autobuild
+ - docker
+ - private
script:
- python script/autobuild.py ldb --verbose --tail --testbase
/tmp/samba-testbase
- python script/autobuild.py pidl --verbose --tail --testbase
/tmp/samba-testbase
diff --git a/VERSION b/VERSION
index 9dfbef0..f9e02e8 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=8
-SAMBA_VERSION_RELEASE=2
+SAMBA_VERSION_RELEASE=3
########################################################
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 6aa0f91..5c2d922 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,93 @@
=============================
+ Release Notes for Samba 4.8.3
+ June 26, 2018
+ =============================
+
+
+This is the latest stable release of the Samba 4.8 release series.
+
+
+Changes since 4.8.2:
+--------------------
+
+o Jeremy Allison <j...@samba.org>
+ * BUG 13428: s3: smbd: Fix SMB2-FLUSH against directories.
+ * BUG 13457: s3: smbd: printing: Re-implement delete-on-close semantics for
+ print files missing since 3.5.x.
+ * BUG 13474: python: Fix talloc frame use in make_simple_acl().
+
+o Jeffrey Altman <jalt...@secure-endpoints.com>
+ * BUG 11573: heimdal: lib/krb5: Do not fail set_config_files due to parse
+ error.
+
+o Andrew Bartlett <abart...@samba.org>
+ * ldb: version 1.3.4
+ * BUG 13448: ldb: One-level search was incorrectly falling back to full DB
+ scan.
+ * BUG 13452: ldb: Save a copy of the index result before calling the
+ callbacks.
+ * BUG 13454: No Backtrace given by Samba's AD DC by default.
+ * BUG 13471: ldb_tdb: Use mem_ctx and so avoid leak onto long-term memory
+ on duplicated add.
+
+o Ralph Boehme <s...@samba.org>
+ * BUG 13432: s3:smbd: Fix interaction between chown and SD flags.
+
+o Günther Deschner <g...@samba.org>
+ * BUG 13437: Fix building Samba with gcc 8.1.
+
+o Andrej Gessel <andrej.ges...@janztec.com>
+ * BUG 13475: Fix several mem leaks in ldb_index ldb_search ldb_tdb.
+
+o Volker Lendecke <v...@samba.org>
+ * BUG 13331: libgpo: Fix the build --without-ads.
+
+o Stefan Metzmacher <me...@samba.org>
+ * BUG 13369: Looking up the user using the UPN results in user name with the
+ REALM instead of the DOMAIN.
+ * BUG 13427: Fix broken server side GENSEC_FEATURE_LDAP_STYLE handling
+ (NTLMSSP NTLM2 packet check failed due to invalid signature!).
+
+o Christof Schmitt <c...@samba.org>
+ * BUG 13446: smbd: Flush dfree memcache on service reload.
+ * BUG 13478: krb5_wrap: Fix keep_old_entries logic for older Kerberos
+ libraries.
+
+o Andreas Schneider <a...@samba.org>
+ * BUG 13369: Looking up the user using the UPN results in user name with the
+ REALM instead of the DOMAIN.
+ * BUG 13437: Fix building Samba with gcc 8.1.
+ * BUG 13440: s3:utils: Do not segfault on error in DoDNSUpdate().
+ * BUG 13480: krb5_plugin: Add winbind localauth plugin for MIT Kerberos.
+
+o Lukas Slebodnik <lsleb...@fedoraproject.org>
+ * BUG 13459: ldb: Fix memory leak on module context.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
+ =============================
Release Notes for Samba 4.8.2
May 16, 2018
=============================
@@ -86,8 +175,8 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
+
=============================
Release Notes for Samba 4.8.1
@@ -450,6 +539,19 @@ This new module integrates with Sophos, F-Secure and
ClamAV anti-virus
software to provide scanning and filtering of files on a Samba share.
+Local authorization plugin for MIT Kerberos
+-------------------------------------------
+
+This plugin controls the relationship between Kerberos principals and AD
+accounts through winbind. The module receives the Kerberos principal and the
+local account name as inputs and can then check if they match. This can resolve
+issues with canonicalized names returned by Kerberos within AD. If the user
+tries to log in as 'alice', but the samAccountName is set to ALICE (uppercase),
+Kerberos would return ALICE as the username. Kerberos would not be able to map
+'alice' to 'ALICE' in this case and auth would fail. With this plugin account
+names can be correctly mapped. This only applies to GSSAPI authentication,
+not for the geting the initial ticket granting ticket.
+
REMOVED FEATURES
================
diff --git a/auth/auth_log.c b/auth/auth_log.c
index d4c6c44..72d8f81 100644
--- a/auth/auth_log.c
+++ b/auth/auth_log.c
@@ -350,7 +350,7 @@ static void add_version(struct json_context *context, int
major, int minor)
static void add_timestamp(struct json_context *context)
{
char buffer[40]; /* formatted time less usec and timezone */
- char timestamp[50]; /* the formatted ISO 8601 time stamp */
+ char timestamp[65]; /* the formatted ISO 8601 time stamp */
char tz[10]; /* formatted time zone */
struct tm* tm_info; /* current local time */
struct timeval tv; /* current system time */
diff --git a/auth/ntlmssp/gensec_ntlmssp_server.c
b/auth/ntlmssp/gensec_ntlmssp_server.c
index c0e6cff..ab92f4d 100644
--- a/auth/ntlmssp/gensec_ntlmssp_server.c
+++ b/auth/ntlmssp/gensec_ntlmssp_server.c
@@ -179,25 +179,6 @@ NTSTATUS gensec_ntlmssp_server_start(struct
gensec_security *gensec_security)
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
- if (gensec_security->want_features & GENSEC_FEATURE_SESSION_KEY) {
- ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
- }
- if (gensec_security->want_features & GENSEC_FEATURE_SIGN) {
- ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
-
- if (gensec_security->want_features & GENSEC_FEATURE_LDAP_STYLE)
{
- /*
- * We need to handle NTLMSSP_NEGOTIATE_SIGN as
- * NTLMSSP_NEGOTIATE_SEAL if GENSEC_FEATURE_LDAP_STYLE
- * is requested.
- */
- ntlmssp_state->force_wrap_seal = true;
- }
- }
- if (gensec_security->want_features & GENSEC_FEATURE_SEAL) {
- ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
- ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
- }
if (role == ROLE_STANDALONE) {
ntlmssp_state->server.is_standalone = true;
diff --git a/auth/ntlmssp/ntlmssp_client.c b/auth/ntlmssp/ntlmssp_client.c
index db2003f..54fda41 100644
--- a/auth/ntlmssp/ntlmssp_client.c
+++ b/auth/ntlmssp/ntlmssp_client.c
@@ -865,13 +865,23 @@ NTSTATUS gensec_ntlmssp_client_start(struct
gensec_security *gensec_security)
* is requested.
*/
ntlmssp_state->force_wrap_seal = true;
- /*
- * We want also work against old Samba servers
- * which didn't had GENSEC_FEATURE_LDAP_STYLE
- * we negotiate SEAL too. We may remove this
- * in a few years. As all servers should have
- * GENSEC_FEATURE_LDAP_STYLE by then.
- */
+ }
+ }
+ if (ntlmssp_state->force_wrap_seal) {
+ bool ret;
+
+ /*
+ * We want also work against old Samba servers
+ * which didn't had GENSEC_FEATURE_LDAP_STYLE
+ * we negotiate SEAL too. We may remove this
+ * in a few years. As all servers should have
+ * GENSEC_FEATURE_LDAP_STYLE by then.
+ */
+ ret = gensec_setting_bool(gensec_security->settings,
+ "ntlmssp_client",
+ "ldap_style_send_seal",
+ true);
+ if (ret) {
ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SEAL;
}
}
diff --git a/auth/ntlmssp/ntlmssp_server.c b/auth/ntlmssp/ntlmssp_server.c
index 37ed2bc..140e89d 100644
--- a/auth/ntlmssp/ntlmssp_server.c
+++ b/auth/ntlmssp/ntlmssp_server.c
@@ -1080,6 +1080,14 @@ static NTSTATUS ntlmssp_server_postauth(struct
gensec_security *gensec_security,
data_blob_free(&ntlmssp_state->challenge_blob);
if (gensec_ntlmssp_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
+ if (gensec_security->want_features & GENSEC_FEATURE_LDAP_STYLE)
{
+ /*
+ * We need to handle NTLMSSP_NEGOTIATE_SIGN as
+ * NTLMSSP_NEGOTIATE_SEAL if GENSEC_FEATURE_LDAP_STYLE
+ * is requested.
+ */
+ ntlmssp_state->force_wrap_seal = true;
+ }
nt_status = ntlmssp_sign_init(ntlmssp_state);
}
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index 7c461e5..0ba8aae 100644
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -1549,7 +1549,7 @@ krb5_error_code
smb_krb5_kt_seek_and_delete_old_entries(krb5_context context,
}
if (!flush &&
- (kt_entry.vno == kvno) &&
+ ((kt_entry.vno & 0xff) == (kvno & 0xff)) &&
(kt_entry_enctype != enctype))
{
DEBUG(5, (__location__ ": Saving entry with kvno [%d] "
diff --git a/lib/ldb/ABI/ldb-1.3.3.sigs b/lib/ldb/ABI/ldb-1.3.4.sigs
similarity index 100%
copy from lib/ldb/ABI/ldb-1.3.3.sigs
copy to lib/ldb/ABI/ldb-1.3.4.sigs
diff --git a/lib/ldb/ABI/pyldb-util.py3-1.3.3.sigs
b/lib/ldb/ABI/pyldb-util-1.3.4.sigs
similarity index 100%
copy from lib/ldb/ABI/pyldb-util.py3-1.3.3.sigs
copy to lib/ldb/ABI/pyldb-util-1.3.4.sigs
diff --git a/lib/ldb/ABI/pyldb-util.py3-1.3.3.sigs
b/lib/ldb/ABI/pyldb-util.py3-1.3.4.sigs
similarity index 100%
copy from lib/ldb/ABI/pyldb-util.py3-1.3.3.sigs
copy to lib/ldb/ABI/pyldb-util.py3-1.3.4.sigs
diff --git a/lib/ldb/ldb_tdb/ldb_index.c b/lib/ldb/ldb_tdb/ldb_index.c
index ee20273..40baeea 100644
--- a/lib/ldb/ldb_tdb/ldb_index.c
+++ b/lib/ldb/ldb_tdb/ldb_index.c
@@ -403,6 +403,7 @@ normal_index:
"expected %d for %s",
version, LTDB_INDEXING_VERSION,
ldb_dn_get_linearized(dn));
+ talloc_free(msg);
return LDB_ERR_OPERATIONS_ERROR;
}
@@ -420,19 +421,26 @@ normal_index:
"expected %d for %s",
version, LTDB_GUID_INDEXING_VERSION,
ldb_dn_get_linearized(dn));
+ talloc_free(msg);
return LDB_ERR_OPERATIONS_ERROR;
}
if (el->num_values != 1) {
+ talloc_free(msg);
return LDB_ERR_OPERATIONS_ERROR;
}
if ((el->values[0].length % LTDB_GUID_SIZE) != 0) {
+ talloc_free(msg);
return LDB_ERR_OPERATIONS_ERROR;
}
list->count = el->values[0].length / LTDB_GUID_SIZE;
list->dn = talloc_array(list, struct ldb_val, list->count);
+ if (list->dn == NULL) {
+ talloc_free(msg);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
/*
* The actual data is on msg, due to
@@ -523,9 +531,9 @@ static int ltdb_dn_list_store_full(struct ldb_module
*module,
if (list->count == 0) {
ret = ltdb_delete_noindex(module, msg);
if (ret == LDB_ERR_NO_SUCH_OBJECT) {
- talloc_free(msg);
- return LDB_SUCCESS;
+ ret = LDB_SUCCESS;
}
+ talloc_free(msg);
return ret;
}
@@ -621,6 +629,9 @@ static int ltdb_dn_list_store(struct ldb_module *module,
struct ldb_dn *dn,
}
key.dptr = discard_const_p(unsigned char, ldb_dn_get_linearized(dn));
+ if (key.dptr == NULL) {
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
key.dsize = strlen((char *)key.dptr);
rec = tdb_fetch(ltdb->idxptr->itdb, key);
@@ -1120,6 +1131,9 @@ static bool list_union(struct ldb_context *ldb,
/*
* Sort the lists (if not in GUID DN mode) so we can do
* the de-duplication during the merge
+ *
+ * NOTE: This can sort the in-memory index values, as list or
+ * list2 might not be a copy!
*/
ltdb_dn_list_sort(ltdb, list);
ltdb_dn_list_sort(ltdb, list2);
@@ -1522,27 +1536,64 @@ static int ltdb_index_filter(struct ltdb_private *ltdb,
struct ltdb_context *ac,
uint32_t *match_count)
{
- struct ldb_context *ldb;
+ struct ldb_context *ldb = ldb_module_get_ctx(ac->module);
struct ldb_message *msg;
struct ldb_message *filtered_msg;
unsigned int i;
+ unsigned int num_keys = 0;
uint8_t previous_guid_key[LTDB_GUID_KEY_SIZE] = {};
+ TDB_DATA *keys = NULL;
+
+ /*
+ * We have to allocate the key list (rather than just walk the
+ * caller supplied list) as the callback could change the list
+ * (by modifying an indexed attribute hosted in the in-memory
+ * index cache!)
+ */
+ keys = talloc_array(ac, TDB_DATA, dn_list->count);
+ if (keys == NULL) {
+ return ldb_module_oom(ac->module);
+ }
+
+ if (ltdb->cache->GUID_index_attribute != NULL) {
+ /*
+ * We speculate that the keys will be GUID based and so
+ * pre-fill in enough space for a GUID (avoiding a pile of
+ * small allocations)
+ */
+ struct guid_tdb_key {
+ uint8_t guid_key[LTDB_GUID_KEY_SIZE];
+ } *key_values = NULL;
+
+ key_values = talloc_array(keys,
+ struct guid_tdb_key,
+ dn_list->count);
- ldb = ldb_module_get_ctx(ac->module);
+ if (key_values == NULL) {
+ talloc_free(keys);
+ return ldb_module_oom(ac->module);
+ }
+ for (i = 0; i < dn_list->count; i++) {
+ keys[i].dptr = key_values[i].guid_key;
+ keys[i].dsize = sizeof(key_values[i].guid_key);
+ }
+ } else {
+ for (i = 0; i < dn_list->count; i++) {
+ keys[i].dptr = NULL;
+ keys[i].dsize = 0;
+ }
+ }
for (i = 0; i < dn_list->count; i++) {
- uint8_t guid_key[LTDB_GUID_KEY_SIZE];
- TDB_DATA tdb_key = {
- .dptr = guid_key,
- .dsize = sizeof(guid_key)
- };
int ret;
- bool matched;
- ret = ltdb_idx_to_key(ac->module, ltdb,
- ac, &dn_list->dn[i],
- &tdb_key);
+ ret = ltdb_idx_to_key(ac->module,
+ ltdb,
+ keys,
+ &dn_list->dn[i],
+ &keys[num_keys]);
if (ret != LDB_SUCCESS) {
+ talloc_free(keys);
return ret;
}
@@ -1558,36 +1609,50 @@ static int ltdb_index_filter(struct ltdb_private *ltdb,
* LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK
*/
- if (memcmp(previous_guid_key, tdb_key.dptr,
+ if (memcmp(previous_guid_key,
+ keys[num_keys].dptr,
sizeof(previous_guid_key)) == 0) {
continue;
}
- memcpy(previous_guid_key, tdb_key.dptr,
+ memcpy(previous_guid_key,
+ keys[num_keys].dptr,
sizeof(previous_guid_key));
}
+ num_keys++;
+ }
+
+ /*
+ * Now that the list is a safe copy, send the callbacks
+ */
+ for (i = 0; i < num_keys; i++) {
+ int ret;
+ bool matched;
msg = ldb_msg_new(ac);
if (!msg) {
+ talloc_free(keys);
return LDB_ERR_OPERATIONS_ERROR;
}
-
ret = ltdb_search_key(ac->module, ltdb,
- tdb_key, msg,
--
Samba Shared Repository
