The branch, v4-14-test has been updated
via c8f87fd6c0c VERSION: Bump version up to Samba 4.14.15...
via ad06fd82945 VERSION: Disable GIT_SNAPSHOT for the 4.14.14 release.
via 0e6fc4fb33a WHATSNEW: Add release notes for Samba 4.14.14.
via 7720e0acfd7 CVE-2022-32742: s3: smbd: Harden the smbreq_bufrem()
macro.
via f6e1750c4fc CVE-2022-32742: s4: torture: Add raw.write.bad-write
test.
via a6231af1f1c CVE-2022-2031 testprogs: Add test for short-lived
ticket across an incoming trust
via d5af460403d CVE-2022-2031 s4:kpasswd: Do not accept TGTs as kpasswd
tickets
via 89c6e36938c CVE-2022-2031 s4:auth: Use PAC to determine whether
ticket is a TGT
via 4b61092459b CVE-2022-2031 auth: Add ticket type field to
auth_user_info_dc and auth_session_info
via 95afbc2da9b CVE-2022-2031 tests/krb5: Add test that we cannot
provide a TGT to kpasswd
via 340181bc110 CVE-2022-32744 s4:kpasswd: Ensure we pass the kpasswd
server principal into krb5_rd_req_ctx()
via c0c4b7a4bd2 CVE-2022-32744 s4:kdc: Modify HDB plugin to only look
up kpasswd principal
via 997f50c6647 s4:kdc: Remove kadmin mode from HDB plugin
via 42ba919c06c CVE-2022-32744 s4:kdc: Rename keytab_name ->
kpasswd_keytab_name
via d40593be831 CVE-2022-2031 s4:kdc: Don't use strncmp to compare
principal components
via 389851bcf39 CVE-2022-2031 tests/krb5: Test truncated forms of
server principals
via abdac4241dd CVE-2022-2031 s4:kdc: Reject tickets during the last
two minutes of their life
via 531e7b596d3 CVE-2022-2031 s4:kdc: Limit kpasswd ticket lifetime to
two minutes or less
via 3cab6289366 CVE-2022-2031 s4:kdc: Fix canonicalisation of
kadmin/changepw principal
via fa4742e1b9d CVE-2022-2031 s4:kdc: Refactor
samba_kdc_get_entry_principal()
via f68877af829 CVE-2022-2031 s4:kdc: Split out a
samba_kdc_get_entry_principal() function
via 36d94ffb9c9 CVE-2022-2031 s4:kdc: Implement is_kadmin_changepw()
helper function
via 91a1b0955a0 CVE-2022-2031 testprogs: Add kadmin/changepw
canonicalization test with MIT kpasswd
via b5adf7cc6d7 CVE-2022-2031 testprogs: Fix auth with smbclient and
krb5 ccache
via 69e742e6208 s4:kpasswd: Restructure code for clarity
via 6c4fd575d70 CVE-2022-2031 s4:kpasswd: Require an initial ticket
via 198256e2184 CVE-2022-2031 gensec_krb5: Add helper function to check
if client sent an initial ticket
via cf749fac346 CVE-2022-2031 s4:kpasswd: Return a kpasswd error code
in KRB-ERROR
via cf9e3760440 CVE-2022-2031 lib:krb5_wrap: Generate valid error codes
in smb_krb5_mk_error()
via 3a8da51396f CVE-2022-2031 s4:kpasswd: Don't return AP-REP on failure
via 29ec8b2369b CVE-2022-2031 s4:kpasswd: Correctly generate error
strings
via 450ff39d1c9 CVE-2022-2031 tests/krb5: Add tests for kpasswd service
via cf2d5d2ab38 CVE-2022-32744 selftest: Specify Administrator kvno for
Python krb5 tests
via 668825ad56f CVE-2022-2031 tests/krb5: Add kpasswd_exchange() method
via 5c41e20fae2 CVE-2022-2031 tests/krb5: Allow requesting a TGT to a
different sname and realm
via 5b030b176b8 tests/krb5: Add option for creating accounts with
expired passwords
via ca582250fca tests/krb5: Fix enum typo
via 13fe7e013ec CVE-2022-2031 tests/krb5: Add methods to send and
receive generic messages
via ae7dd875cd4 CVE-2022-2031 tests/krb5: Add 'port' parameter to
connect()
via 695c662bdc2 CVE-2022-2031 tests/krb5: Add methods to create ASN1
kpasswd structures
via f7fad997cc0 CVE-2022-2031 tests/krb5: Add new definitions for
kpasswd
via 245d9a42329 CVE-2022-32744 tests/krb5: Correctly calculate salt for
pre-existing accounts
via 8917979641a CVE-2022-2031 tests/krb5: Split out _make_tgs_request()
via 6305a558702 CVE-2022-32744 tests/krb5: Correctly handle specifying
account kvno
via f6c5a60336d CVE-2022-2031 s4:kpasswd: Add MIT fallback for decoding
setpw structure
via 1b38a28bcae CVE-2022-2031 s4:kpasswd: Account for missing target
principal
via 6843c44a450 heimdal:kdc: Accommodate NULL data parameter in
krb5_pac_get_buffer()
via c0395578c50 CVE-2022-2031 s4:kdc: Add MIT support for
ATTRIBUTES_INFO and REQUESTER_SID PAC buffers
via bff1978187d selftest: Simplify krb5 test environments
via c0977bee5b8 tests/krb5: Add helper function to modify ticket flags
via 787405ef59b tests/krb5: Correctly determine whether tickets are
service tickets
via 3fc519edec0 kdc: Canonicalize realm for enterprise principals
via 49aafce0a70 kdc: Require that PAC_REQUESTER_SID buffer is present
for TGTs
via 65bb0e3201d heimdal:kdc: Do not generate extra PAC buffers for
S4U2Self service ticket
via 8585333a8ef selftest: Properly check extra PAC buffers with Heimdal
via 8f97f78dd80 heimdal:kdc: Always generate a PAC for S4U2Self
via d3436300745 tests/krb5: Add a test for S4U2Self with no
authorization data required
via 29f15fe2d92 kdc: Remove PAC_TYPE_ATTRIBUTES_INFO from RODC-issued
tickets
via 72afa2641c2 kdc: Don't include extra PAC buffers in service tickets
via 925f63f3e46 Revert "CVE-2020-25719 s4/torture: Expect additional
PAC buffers"
via 4cd44326ce3 tests/krb5: Add tests for renewal and validation of
RODC TGTs with PAC requests
via 93a5264dd68 kdc: Always add the PAC if the header TGT is from an
RODC
via 46b05cbf803 kdc: Match Windows error code for mismatching sname
via c62a2b7a218 tests/krb5: Add test for S4U2Self with wrong sname
via 5556f97c782 kdc: Adjust SID mismatch error code to match Windows
via 02ceb9be33d heimdal:kdc: Adjust no-PAC error code to match Windows
via 33d5e5ad3a0 s4:torture: Fix typo
via 6dbed53756f heimdal:kdc: Fix error message for user-to-user
via 69233dd323b tests/krb5: Add comments for tests that fail against
Windows
via 3fdfbd08b94 tests/krb5: Add tests for validation with requester SID
PAC buffer
via 5375e2b99cd tests/krb5: Align PAC buffer checking to more closely
match Windows with PacRequestorEnforcement=2
via 1d616e8e9c0 tests/krb5: Add TGS-REQ tests with FAST
via 645d30ff371 tests/krb5: Add tests for TGS requests with a non-TGT
via eb0ed5f4f6d tests/krb5: Add tests for invalid TGTs
via ea82822a5c4 tests/krb5: Remove unnecessary expect_pac arguments
via 1e9ad4246ce tests/krb5: Adjust error codes to better match Windows
with PacRequestorEnforcement=2
via 651db77b1c1 tests/krb5: Split out methods to create renewable or
invalid tickets
via bf1aa092789 tests/krb5: Allow PasswordKey_create() to use s2kparams
via 3d48ade670b tests/krb5: Run test_rpc against member server
via 837453d3479 tests/krb5: Deduplicate AS-REQ tests
via 6a4ed078902 tests/krb5: Remove unused variable
via b4005403032 selftest: Check received LDB error code when
STRICT_CHECKING=0
via 06a0a75b16b s4:kdc: Also cannoicalize krbtgt principals when
enforcing canonicalization
via 34eb92a2066 s4:mit-kdb: Force canonicalization for looking up
principals
via 65d96369fa4 CVE-2022-32745 s4/dsdb/util: Correctly copy values into
message element
via 4d2d30c21b1 CVE-2022-32745 s4/dsdb/util: Don't call memcpy() with a
NULL pointer
via 7c8427e5d2f CVE-2022-32745 s4/dsdb/util: Use correct value for loop
count limit
via 6237c855653 CVE-2022-32745 s4/dsdb/samldb: Check for empty values
array
via 7270b683866 CVE-2022-32746 ldb: Release LDB 2.3.4
via f419753d1c7 CVE-2022-32746 ldb: Make use of functions for appending
to an ldb_message
via 512a2617b15 CVE-2022-32746 ldb: Add functions for appending to an
ldb_message
via 4e5fb78c3dc CVE-2022-32746 ldb: Ensure shallow copy modifications
do not affect original message
via faa61ab3053 CVE-2022-32746 ldb: Add flag to mark message element
values as shared
via 49dd9042f4e CVE-2022-32746 s4/registry: Use LDB_FLAG_MOD_TYPE() for
flags equality check
via bedd0b768c3 CVE-2022-32746 s4/dsdb/tombstone_reanimate: Use
LDB_FLAG_MOD_TYPE() for flags equality check
via 535b5a366a2 CVE-2022-32746 s4/dsdb/repl_meta_data: Use
LDB_FLAG_MOD_TYPE() for flags equality check
via 2869b5aa314 CVE-2022-32746 ldb:rdn_name: Use LDB_FLAG_MOD_TYPE()
for flags equality check
via 0526d27e9ed CVE-2022-32746 s4/dsdb/acl: Fix LDB flags comparison
via 582ac171364 CVE-2022-32746 s4:torture: Fix LDB flags comparison
via a68553792a8 CVE-2022-32746 s4/dsdb/partition: Fix LDB flags
comparison
via 51cbeff886f CVE-2022-32746 s4:dsdb:tests: Add test for deleting a
disallowed SPN
via 5d958156c7e CVE-2022-32746 s4/dsdb/objectclass_attrs: Fix typo
from 93bd8b08a09 VERSION: Bump version up to Samba 4.14.14...
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-14-test
- Log -----------------------------------------------------------------
commit c8f87fd6c0cda128078b3323ccf007de0659711c
Author: Jule Anger <jan...@samba.org>
Date: Wed Jul 27 12:35:59 2022 +0200
VERSION: Bump version up to Samba 4.14.15...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <jan...@samba.org>
Signed-off-by: Stefan Metzmacher <me...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 74 +-
auth/auth_sam_reply.c | 2 +-
auth/auth_util.c | 2 +-
lib/krb5_wrap/krb5_samba.c | 2 +-
lib/ldb/ABI/{ldb-2.0.5.sigs => ldb-2.3.4.sigs} | 8 +
...pyldb-util-2.1.0.sigs => pyldb-util-2.3.4.sigs} | 0
lib/ldb/common/ldb_msg.c | 260 ++++-
lib/ldb/include/ldb.h | 30 +
lib/ldb/include/ldb_module.h | 6 +
lib/ldb/ldb_map/ldb_map.c | 5 +-
lib/ldb/ldb_map/ldb_map_inbound.c | 9 +-
lib/ldb/modules/rdn_name.c | 24 +-
lib/ldb/wscript | 2 +-
librpc/idl/auth.idl | 23 +
python/samba/tests/krb5/alias_tests.py | 7 +-
python/samba/tests/krb5/as_req_tests.py | 199 ++--
python/samba/tests/krb5/compatability_tests.py | 10 +-
python/samba/tests/krb5/kdc_base_test.py | 129 ++-
python/samba/tests/krb5/kdc_tgs_tests.py | 795 +++++++++++----
python/samba/tests/krb5/kpasswd_tests.py | 1049 ++++++++++++++++++++
.../krb5/ms_kile_client_principal_lookup_tests.py | 39 +-
python/samba/tests/krb5/raw_testcase.py | 491 +++++++--
python/samba/tests/krb5/rfc4120.asn1 | 6 +
python/samba/tests/krb5/rfc4120_constants.py | 14 +
python/samba/tests/krb5/rfc4120_pyasn1.py | 13 +-
python/samba/tests/krb5/rodc_tests.py | 4 +-
python/samba/tests/krb5/s4u_tests.py | 140 ++-
python/samba/tests/krb5/salt_tests.py | 4 +-
python/samba/tests/krb5/test_rpc.py | 17 +-
python/samba/tests/usage.py | 1 +
selftest/knownfail.d/kdc-enterprise | 63 --
selftest/knownfail_heimdal_kdc | 20 +-
selftest/knownfail_mit_kdc | 86 +-
source3/include/smb_macros.h | 2 +-
source3/passdb/pdb_samba_dsdb.c | 14 +-
source3/smbd/reply.c | 4 +-
source4/auth/gensec/gensec_krb5.c | 20 +-
source4/auth/gensec/gensec_krb5_helpers.c | 72 ++
.../auth/gensec/gensec_krb5_helpers.h | 25 +-
.../auth/gensec/gensec_krb5_internal.h | 37 +-
source4/auth/gensec/wscript_build | 4 +
source4/auth/kerberos/kerberos_pac.c | 44 +
source4/auth/ntlm/auth_developer.c | 2 +-
source4/auth/sam.c | 2 +-
source4/auth/session.c | 2 +
source4/auth/system_session.c | 6 +-
source4/dns_server/dnsserver_common.c | 12 +-
source4/dsdb/common/util.c | 134 ++-
source4/dsdb/samdb/ldb_modules/acl.c | 5 +-
source4/dsdb/samdb/ldb_modules/descriptor.c | 10 +-
source4/dsdb/samdb/ldb_modules/objectclass_attrs.c | 2 +-
source4/dsdb/samdb/ldb_modules/objectguid.c | 20 +-
source4/dsdb/samdb/ldb_modules/partition.c | 4 +-
source4/dsdb/samdb/ldb_modules/partition_init.c | 14 +-
source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 32 +-
source4/dsdb/samdb/ldb_modules/samldb.c | 82 +-
.../dsdb/samdb/ldb_modules/tombstone_reanimate.c | 16 +-
source4/dsdb/samdb/ldb_modules/util.c | 14 +-
source4/dsdb/tests/python/acl.py | 26 +
source4/dsdb/tests/python/priv_attrs.py | 2 +-
source4/heimdal/kdc/kerberos5.c | 2 +-
source4/heimdal/kdc/krb5tgs.c | 37 +-
source4/heimdal/kdc/windc.c | 5 +-
source4/heimdal/kdc/windc_plugin.h | 2 +
source4/heimdal/lib/hdb/hdb.h | 1 +
source4/heimdal/lib/krb5/pac.c | 10 +-
source4/kdc/db-glue.c | 241 +++--
source4/kdc/hdb-samba4-plugin.c | 37 +-
source4/kdc/hdb-samba4.c | 66 ++
source4/kdc/kdc-glue.h | 3 +
source4/kdc/kdc-heimdal.c | 4 +-
source4/kdc/kdc-server.h | 2 +-
source4/kdc/kdc-service-mit.c | 4 +-
source4/kdc/kpasswd-helper.c | 33 +-
source4/kdc/kpasswd-helper.h | 2 +
source4/kdc/kpasswd-service-heimdal.c | 76 +-
source4/kdc/kpasswd-service-mit.c | 146 ++-
source4/kdc/kpasswd-service.c | 36 +-
source4/kdc/mit-kdb/kdb_samba_policies.c | 5 +-
source4/kdc/mit-kdb/kdb_samba_principals.c | 2 +-
source4/kdc/mit_samba.c | 101 +-
source4/kdc/mit_samba.h | 1 +
source4/kdc/pac-glue.c | 6 +-
source4/kdc/samba_kdc.h | 2 +
source4/kdc/sdb.h | 1 +
source4/kdc/wdc-samba4.c | 48 +-
source4/kdc/wscript_build | 1 +
source4/lib/registry/ldb.c | 2 +-
source4/nbt_server/wins/winsdb.c | 13 +-
source4/rpc_server/lsa/dcesrv_lsa.c | 55 +-
source4/selftest/tests.py | 178 +---
source4/torture/drs/rpc/dssync.c | 4 +-
source4/torture/krb5/kdc-canon-heimdal.c | 2 +-
source4/torture/raw/write.c | 89 ++
source4/torture/rpc/remote_pac.c | 24 +-
source4/winbind/idmap.c | 10 +-
testprogs/blackbox/test_kinit_trusts_heimdal.sh | 6 +-
testprogs/blackbox/test_kpasswd_heimdal.sh | 39 +-
99 files changed, 4179 insertions(+), 1260 deletions(-)
copy lib/ldb/ABI/{ldb-2.0.5.sigs => ldb-2.3.4.sigs} (96%)
copy lib/ldb/ABI/{pyldb-util-2.1.0.sigs => pyldb-util-2.3.4.sigs} (100%)
create mode 100755 python/samba/tests/krb5/kpasswd_tests.py
delete mode 100644 selftest/knownfail.d/kdc-enterprise
create mode 100644 source4/auth/gensec/gensec_krb5_helpers.c
copy source3/include/srvstr.h => source4/auth/gensec/gensec_krb5_helpers.h
(65%)
copy libcli/smbreadline/smbreadline.h =>
source4/auth/gensec/gensec_krb5_internal.h (51%)
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index 891184cfe20..ebe582200cf 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=14
-SAMBA_VERSION_RELEASE=14
+SAMBA_VERSION_RELEASE=15
########################################################
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 491a388ca9c..1aaeb74eade 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,74 @@
+ ===============================
+ Release Notes for Samba 4.14.14
+ July 27, 2022
+ ===============================
+
+
+This is a security release in order to address the following defects:
+
+o CVE-2022-2031: Samba AD users can bypass certain restrictions associated
with
+ changing passwords.
+ https://www.samba.org/samba/security/CVE-2022-2031.html
+
+o CVE-2022-32744: Samba AD users can forge password change requests for any
user.
+ https://www.samba.org/samba/security/CVE-2022-32744.html
+
+o CVE-2022-32745: Samba AD users can crash the server process with an LDAP add
+ or modify request.
+ https://www.samba.org/samba/security/CVE-2022-32745.html
+
+o CVE-2022-32746: Samba AD users can induce a use-after-free in the server
+ process with an LDAP add or modify request.
+ https://www.samba.org/samba/security/CVE-2022-32746.html
+
+o CVE-2022-32742: Server memory information leak via SMB1.
+ https://www.samba.org/samba/security/CVE-2022-32742.html
+
+Changes since 4.14.13
+---------------------
+
+o Jeremy Allison <j...@samba.org>
+ * BUG 15085: CVE-2022-32742.
+
+o Andrew Bartlett <abart...@samba.org>
+ * BUG 15009: CVE-2022-32746.
+
+o Andreas Schneider <a...@samba.org>
+ * BUG 15047: CVE-2022-2031.
+
+o Isaac Boukris <ibouk...@gmail.com>
+ * BUG 15047: CVE-2022-2031.
+
+o Joseph Sutton <josephsut...@catalyst.net.nz>
+ * BUG 15008: CVE-2022-32745.
+ * BUG 15009: CVE-2022-32746.
+ * BUG 15047: CVE-2022-2031.
+ * BUG 15074: CVE-2022-32744.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical:matrix.org matrix room, or
+#samba-technical IRC channel on irc.libera.chat.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
===============================
Release Notes for Samba 4.14.13
April 04, 2022
@@ -88,8 +159,7 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
===============================
Release Notes for Samba 4.14.12
January 31, 2022
diff --git a/auth/auth_sam_reply.c b/auth/auth_sam_reply.c
index b5b6362dc93..2e27e5715d1 100644
--- a/auth/auth_sam_reply.c
+++ b/auth/auth_sam_reply.c
@@ -416,7 +416,7 @@ NTSTATUS make_user_info_dc_netlogon_validation(TALLOC_CTX
*mem_ctx,
return NT_STATUS_INVALID_LEVEL;
}
- user_info_dc = talloc(mem_ctx, struct auth_user_info_dc);
+ user_info_dc = talloc_zero(mem_ctx, struct auth_user_info_dc);
NT_STATUS_HAVE_NO_MEMORY(user_info_dc);
/*
diff --git a/auth/auth_util.c b/auth/auth_util.c
index fe01babd107..ec9094d0f15 100644
--- a/auth/auth_util.c
+++ b/auth/auth_util.c
@@ -44,7 +44,7 @@ struct auth_session_info *copy_session_info(TALLOC_CTX
*mem_ctx,
return NULL;
}
- dst = talloc(mem_ctx, struct auth_session_info);
+ dst = talloc_zero(mem_ctx, struct auth_session_info);
if (dst == NULL) {
DBG_ERR("talloc failed\n");
TALLOC_FREE(frame);
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index 76c2dcd2126..610efcc9b87 100644
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -237,7 +237,7 @@ krb5_error_code smb_krb5_mk_error(krb5_context context,
return code;
}
- errpkt.error = error_code;
+ errpkt.error = error_code - ERROR_TABLE_BASE_krb5;
errpkt.text.length = 0;
if (e_text != NULL) {
diff --git a/lib/ldb/ABI/ldb-2.0.5.sigs b/lib/ldb/ABI/ldb-2.3.4.sigs
similarity index 96%
copy from lib/ldb/ABI/ldb-2.0.5.sigs
copy to lib/ldb/ABI/ldb-2.3.4.sigs
index 5049dc64ce1..40388d9e330 100644
--- a/lib/ldb/ABI/ldb-2.0.5.sigs
+++ b/lib/ldb/ABI/ldb-2.3.4.sigs
@@ -155,7 +155,14 @@ ldb_msg_add_linearized_dn: int (struct ldb_message *,
const char *, struct ldb_d
ldb_msg_add_steal_string: int (struct ldb_message *, const char *, char *)
ldb_msg_add_steal_value: int (struct ldb_message *, const char *, struct
ldb_val *)
ldb_msg_add_string: int (struct ldb_message *, const char *, const char *)
+ldb_msg_add_string_flags: int (struct ldb_message *, const char *, const char
*, int)
ldb_msg_add_value: int (struct ldb_message *, const char *, const struct
ldb_val *, struct ldb_message_element **)
+ldb_msg_append_fmt: int (struct ldb_message *, int, const char *, const char
*, ...)
+ldb_msg_append_linearized_dn: int (struct ldb_message *, const char *, struct
ldb_dn *, int)
+ldb_msg_append_steal_string: int (struct ldb_message *, const char *, char *,
int)
+ldb_msg_append_steal_value: int (struct ldb_message *, const char *, struct
ldb_val *, int)
+ldb_msg_append_string: int (struct ldb_message *, const char *, const char *,
int)
+ldb_msg_append_value: int (struct ldb_message *, const char *, const struct
ldb_val *, int)
ldb_msg_canonicalize: struct ldb_message *(struct ldb_context *, const struct
ldb_message *)
ldb_msg_check_string_attribute: int (const struct ldb_message *, const char *,
const char *)
ldb_msg_copy: struct ldb_message *(TALLOC_CTX *, const struct ldb_message *)
@@ -163,6 +170,7 @@ ldb_msg_copy_attr: int (struct ldb_message *, const char *,
const char *)
ldb_msg_copy_shallow: struct ldb_message *(TALLOC_CTX *, const struct
ldb_message *)
ldb_msg_diff: struct ldb_message *(struct ldb_context *, struct ldb_message *,
struct ldb_message *)
ldb_msg_difference: int (struct ldb_context *, TALLOC_CTX *, struct
ldb_message *, struct ldb_message *, struct ldb_message **)
+ldb_msg_element_add_value: int (TALLOC_CTX *, struct ldb_message_element *,
const struct ldb_val *)
ldb_msg_element_compare: int (struct ldb_message_element *, struct
ldb_message_element *)
ldb_msg_element_compare_name: int (struct ldb_message_element *, struct
ldb_message_element *)
ldb_msg_element_equal_ordered: bool (const struct ldb_message_element *, const
struct ldb_message_element *)
diff --git a/lib/ldb/ABI/pyldb-util-2.1.0.sigs
b/lib/ldb/ABI/pyldb-util-2.3.4.sigs
similarity index 100%
copy from lib/ldb/ABI/pyldb-util-2.1.0.sigs
copy to lib/ldb/ABI/pyldb-util-2.3.4.sigs
diff --git a/lib/ldb/common/ldb_msg.c b/lib/ldb/common/ldb_msg.c
index 57dfc5a04c2..9cd7998e21c 100644
--- a/lib/ldb/common/ldb_msg.c
+++ b/lib/ldb/common/ldb_msg.c
@@ -417,6 +417,47 @@ int ldb_msg_add(struct ldb_message *msg,
return LDB_SUCCESS;
}
+/*
+ * add a value to a message element
+ */
+int ldb_msg_element_add_value(TALLOC_CTX *mem_ctx,
+ struct ldb_message_element *el,
+ const struct ldb_val *val)
+{
+ struct ldb_val *vals;
+
+ if (el->flags & LDB_FLAG_INTERNAL_SHARED_VALUES) {
+ /*
+ * Another message is using this message element's values array,
+ * so we don't want to make any modifications to the original
+ * message, or potentially invalidate its own values by calling
+ * talloc_realloc(). Make a copy instead.
+ */
+ el->flags &= ~LDB_FLAG_INTERNAL_SHARED_VALUES;
+
+ vals = talloc_array(mem_ctx, struct ldb_val,
+ el->num_values + 1);
+ if (vals == NULL) {
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ if (el->values != NULL) {
+ memcpy(vals, el->values, el->num_values * sizeof(struct
ldb_val));
+ }
+ } else {
+ vals = talloc_realloc(mem_ctx, el->values, struct ldb_val,
+ el->num_values + 1);
+ if (vals == NULL) {
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+ }
+ el->values = vals;
+ el->values[el->num_values] = *val;
+ el->num_values++;
+
+ return LDB_SUCCESS;
+}
+
/*
add a value to a message
*/
@@ -426,7 +467,6 @@ int ldb_msg_add_value(struct ldb_message *msg,
struct ldb_message_element **return_el)
{
struct ldb_message_element *el;
- struct ldb_val *vals;
int ret;
el = ldb_msg_find_element(msg, attr_name);
@@ -437,14 +477,10 @@ int ldb_msg_add_value(struct ldb_message *msg,
}
}
- vals = talloc_realloc(msg->elements, el->values, struct ldb_val,
- el->num_values+1);
- if (!vals) {
- return LDB_ERR_OPERATIONS_ERROR;
+ ret = ldb_msg_element_add_value(msg->elements, el, val);
+ if (ret != LDB_SUCCESS) {
+ return ret;
}
- el->values = vals;
- el->values[el->num_values] = *val;
- el->num_values++;
if (return_el) {
*return_el = el;
@@ -473,12 +509,15 @@ int ldb_msg_add_steal_value(struct ldb_message *msg,
/*
- add a string element to a message
+ add a string element to a message, specifying flags
*/
-int ldb_msg_add_string(struct ldb_message *msg,
- const char *attr_name, const char *str)
+int ldb_msg_add_string_flags(struct ldb_message *msg,
+ const char *attr_name, const char *str,
+ int flags)
{
struct ldb_val val;
+ int ret;
+ struct ldb_message_element *el = NULL;
val.data = discard_const_p(uint8_t, str);
val.length = strlen(str);
@@ -488,7 +527,25 @@ int ldb_msg_add_string(struct ldb_message *msg,
return LDB_SUCCESS;
}
- return ldb_msg_add_value(msg, attr_name, &val, NULL);
+ ret = ldb_msg_add_value(msg, attr_name, &val, &el);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+
+ if (flags != 0) {
+ el->flags = flags;
+ }
+
+ return LDB_SUCCESS;
+}
+
+/*
+ add a string element to a message
+*/
+int ldb_msg_add_string(struct ldb_message *msg,
+ const char *attr_name, const char *str)
+{
+ return ldb_msg_add_string_flags(msg, attr_name, str, 0);
}
/*
@@ -550,6 +607,142 @@ int ldb_msg_add_fmt(struct ldb_message *msg,
return ldb_msg_add_steal_value(msg, attr_name, &val);
}
+static int ldb_msg_append_value_impl(struct ldb_message *msg,
+ const char *attr_name,
+ const struct ldb_val *val,
+ int flags,
+ struct ldb_message_element **return_el)
+{
+ struct ldb_message_element *el = NULL;
+ int ret;
+
+ ret = ldb_msg_add_empty(msg, attr_name, flags, &el);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+
+ ret = ldb_msg_element_add_value(msg->elements, el, val);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+
+ if (return_el != NULL) {
+ *return_el = el;
+ }
+
+ return LDB_SUCCESS;
+}
+
+/*
+ append a value to a message
+*/
+int ldb_msg_append_value(struct ldb_message *msg,
+ const char *attr_name,
+ const struct ldb_val *val,
+ int flags)
+{
+ return ldb_msg_append_value_impl(msg, attr_name, val, flags, NULL);
+}
+
+/*
+ append a value to a message, stealing it into the 'right' place
+*/
+int ldb_msg_append_steal_value(struct ldb_message *msg,
+ const char *attr_name,
+ struct ldb_val *val,
+ int flags)
+{
+ int ret;
+ struct ldb_message_element *el = NULL;
+
+ ret = ldb_msg_append_value_impl(msg, attr_name, val, flags, &el);
+ if (ret == LDB_SUCCESS) {
+ talloc_steal(el->values, val->data);
+ }
+ return ret;
+}
+
+/*
+ append a string element to a message, stealing it into the 'right' place
+*/
+int ldb_msg_append_steal_string(struct ldb_message *msg,
+ const char *attr_name, char *str,
+ int flags)
+{
+ struct ldb_val val;
+
+ val.data = (uint8_t *)str;
+ val.length = strlen(str);
+
+ if (val.length == 0) {
+ /* allow empty strings as non-existent attributes */
+ return LDB_SUCCESS;
+ }
+
+ return ldb_msg_append_steal_value(msg, attr_name, &val, flags);
+}
+
+/*
+ append a string element to a message
+*/
+int ldb_msg_append_string(struct ldb_message *msg,
+ const char *attr_name, const char *str, int flags)
+{
+ struct ldb_val val;
+
+ val.data = discard_const_p(uint8_t, str);
+ val.length = strlen(str);
+
+ if (val.length == 0) {
+ /* allow empty strings as non-existent attributes */
+ return LDB_SUCCESS;
+ }
+
+ return ldb_msg_append_value(msg, attr_name, &val, flags);
+}
+
+/*
+ append a DN element to a message
+ WARNING: this uses the linearized string from the dn, and does not
+ copy the string.
+*/
+int ldb_msg_append_linearized_dn(struct ldb_message *msg, const char
*attr_name,
+ struct ldb_dn *dn, int flags)
+{
+ char *str = ldb_dn_alloc_linearized(msg, dn);
+
+ if (str == NULL) {
+ /* we don't want to have unknown DNs added */
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ return ldb_msg_append_steal_string(msg, attr_name, str, flags);
+}
+
+/*
+ append a printf formatted element to a message
+*/
+int ldb_msg_append_fmt(struct ldb_message *msg, int flags,
+ const char *attr_name, const char *fmt, ...)
+{
+ struct ldb_val val;
+ va_list ap;
+ char *str = NULL;
+
+ va_start(ap, fmt);
+ str = talloc_vasprintf(msg, fmt, ap);
+ va_end(ap);
+
+ if (str == NULL) {
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ val.data = (uint8_t *)str;
+ val.length = strlen(str);
+
+ return ldb_msg_append_steal_value(msg, attr_name, &val, flags);
+}
+
/*
compare two ldb_message_element structures
assumes case sensitive comparison
@@ -833,11 +1026,7 @@ void ldb_msg_sort_elements(struct ldb_message *msg)
ldb_msg_element_compare_name);
}
-/*
- shallow copy a message - copying only the elements array so that the caller
- can safely add new elements without changing the message
-*/
-struct ldb_message *ldb_msg_copy_shallow(TALLOC_CTX *mem_ctx,
+static struct ldb_message *ldb_msg_copy_shallow_impl(TALLOC_CTX *mem_ctx,
const struct ldb_message *msg)
{
struct ldb_message *msg2;
@@ -863,6 +1052,35 @@ failed:
return NULL;
}
+/*
+ shallow copy a message - copying only the elements array so that the caller
+ can safely add new elements without changing the message
+*/
+struct ldb_message *ldb_msg_copy_shallow(TALLOC_CTX *mem_ctx,
+ const struct ldb_message *msg)
+{
+ struct ldb_message *msg2;
+ unsigned int i;
+
+ msg2 = ldb_msg_copy_shallow_impl(mem_ctx, msg);
+ if (msg2 == NULL) {
+ return NULL;
+ }
+
+ for (i = 0; i < msg2->num_elements; ++i) {
+ /*
+ * Mark this message's elements as sharing their values with the
+ * original message, so that we don't inadvertently modify or
+ * free them. We don't mark the original message element as
+ * shared, so the original message element should not be
+ * modified or freed while the shallow copy lives.
+ */
+ struct ldb_message_element *el = &msg2->elements[i];
+ el->flags |= LDB_FLAG_INTERNAL_SHARED_VALUES;
+ }
+
+ return msg2;
+}
/*
copy a message, allocating new memory for all parts
@@ -873,7 +1091,7 @@ struct ldb_message *ldb_msg_copy(TALLOC_CTX *mem_ctx,
struct ldb_message *msg2;
unsigned int i, j;
- msg2 = ldb_msg_copy_shallow(mem_ctx, msg);
+ msg2 = ldb_msg_copy_shallow_impl(mem_ctx, msg);
if (msg2 == NULL) return NULL;
if (msg2->dn != NULL) {
--
Samba Shared Repository
