[Pkg-samba-maint] [Git][samba-team/samba][upstream_4.19] 21 commits: VERSION: Bump version up to Samba 4.19.0rc2...
Michael Tokarev (@mjt)
gitlab at salsa.debian.org
Tue Aug 8 09:12:10 BST 2023
Michael Tokarev pushed to branch upstream_4.19 at Debian Samba Team / samba
Commits:
3bab56a7 by Jule Anger at 2023-07-28T14:11:30+02:00
VERSION: Bump version up to Samba 4.19.0rc2...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
b4f10979 by Arvid Requate at 2023-08-01T11:11:16+00:00
For Bug #9959: local talloc frame for next commit
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Arvid Requate <requate at univention.de>
[abartlet at samba.org Added additional talloc_free() in failure paths]
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit b6e80733c3a589f9d784eec86fc713f1ec9c1049)
- - - - -
e5ea3562 by Arvid Requate at 2023-08-01T11:11:16+00:00
Bug #9959: Don't search for CN=System
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Arvid Requate <requate at univention.de>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 2d461844a201fbca55ebc9a46a15e1d16048055b)
- - - - -
37094ba8 by Andrew Bartlett at 2023-08-01T11:11:16+00:00
dsdb: Add new function samdb_system_container_dn()
This will replace many calls crafting or searching for this DN
elsewhere in the code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 25b0e1102e1a502152d2695aeddf7c65555b16fb)
- - - - -
3493671c by Andrew Bartlett at 2023-08-01T11:11:16+00:00
dsdb: Use samdb_system_container_dn() in samldb.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 97b682e0eb0450513dcecb74be672e18e84fe7a2)
- - - - -
66605c7c by Andrew Bartlett at 2023-08-01T11:11:16+00:00
dsdb: Use samdb_get_system_container_dn() to get Password Settings Container
By doing this we use the common samdb_get_system_container_dn() routine and we
avoid doing a linerize and parse step on the main DN, instead using the
already stored parse of the DN. This is more hygenic.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 3669caa97f76d3e893ac6a1ab88341057929ee6a)
- - - - -
9cb4754d by Andrew Bartlett at 2023-08-01T11:11:16+00:00
s4-rpc_server/lsa: Use samdb_system_container_dn() in dcesrv_lsa_get_policy_state()
This is now exactly the same actions, but just uses common code to do it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 4e18066fa243da1c505f782ba87187c3bb1078ee)
- - - - -
2f1502a7 by Andrew Bartlett at 2023-08-01T11:11:16+00:00
s4-rpc_server/netlogon: Use samdb_system_container_dn() in fill_trusted_domains_array()
This is now exactly the same actions, but just uses common code to do it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit a900f6aa5d909d912ee3ca529baa4047c9c4da87)
- - - - -
4f1156f1 by Andrew Bartlett at 2023-08-01T11:11:16+00:00
s4-rpc_server/backupkey: Use samdb_system_container_dn() in set_lsa_secret()
This is now exactly the same actions, but just uses common code to do it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 13eed1e0e7d0bdef6b5cdb6b858f124b812adbea)
- - - - -
4cd7ead4 by Andrew Bartlett at 2023-08-01T11:11:16+00:00
s4-rpc_server/backupkey: Use samdb_system_container_dn() in get_lsa_secret()
This is now exactly the same actions, but just uses common code to do it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 9b4f3f3cb4ed17bb233d3b5ccd191be63f01f3f4)
- - - - -
bffe1f57 by Andrew Bartlett at 2023-08-01T11:11:16+00:00
dsdb: Use samdb_system_container_dn() in dsdb_trust_*()
This is now exactly the same actions, but just uses common code to do it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 4250d07e4dcd43bf7450b1ae603ff46fdc892d02)
- - - - -
68db9b73 by Andrew Bartlett at 2023-08-01T12:12:30+00:00
dsdb: Use samdb_system_container_dn() in pdb_samba_dsdb_*()
This makes more calls to add children, but avoids the cn=system string in the
codebase which makes it easier to audit that this is always being built
correctly.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Mon Jul 31 07:20:21 UTC 2023 on atb-devel-224
(cherry picked from commit 5571ce9619d856d3c9545099366f4e0259aee8ef)
RN: A second container with name CN=System would disable the operation
of the Samba AD DC. Samba now finds the CN=System container by exact
DN and not a search.
Autobuild-User(v4-19-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-19-test): Tue Aug 1 12:12:30 UTC 2023 on atb-devel-224
- - - - -
e7f91e1d by Jones Syue at 2023-08-03T09:45:34+00:00
vfs_aio_pthread: fix segfault if samba-tool ntacl get
If configured as AD DC and aio_pthread appended into 'vfs objects'[1],
run these commands would get segfault:
1. sudo samba-tool ntacl get .
2. sudo net vfs getntacl sysvol .
gdb said it goes through aio_pthread_openat_fn() @ vfs_aio_pthread.c[2],
and the fsp->conn->sconn->client is null (0x0).
'sconn->client' memory is allocated when a new connection is accpeted:
smbd_accept_connection > smbd_process > smbXsrv_client_create
While running local commands looks like it would not go through
smbXsrv_client_create so the 'client' is null, segfault might happen.
We should not dereference 'client->server_multi_channel_enabled',
if 'client' is null.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15441
[1] smb.conf example, samba-4.18.5, ubuntu 22.04.2
[global]
dns forwarder = 127.0.0.53
netbios name = U22-JONES-88X1
realm = U22-JONES-88X1.X88X1.JONES
server role = active directory domain controller
workgroup = X88X1
idmap_ldb:use rfc2307 = yes
vfs objects = dfs_samba4 acl_xattr aio_pthread
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[netlogon]
path = /var/lib/samba/sysvol/u22-jones-88x1.x88x1.jones/scripts
read only = No
[2] gdb
(gdb) run /usr/local/samba/bin/samba-tool ntacl get .
Starting program: /usr/local/Python3/bin/python3 /usr/local/samba/bin/samba-tool ntacl get .
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/libthread_db.so.1".
Program received signal SIGSEGV, Segmentation fault.
0x00007fffd0eb809e in aio_pthread_openat_fn (handle=0x8d5cc0, dirfsp=0x8c3070, smb_fname=0x18ab4f0, fsp=0x1af3550, flags=196608, mode=0)
at ../../source3/modules/vfs_aio_pthread.c:467
warning: Source file is more recent than executable.
467 if (fsp->conn->sconn->client->server_multi_channel_enabled) {
(gdb) bt
at ../../source3/modules/vfs_aio_pthread.c:467
at ../../source3/smbd/pysmbd.c:320
---Type <return> to continue, or q <return> to quit---
(gdb) f
at ../../source3/modules/vfs_aio_pthread.c:467
467 if (fsp->conn->sconn->client->server_multi_channel_enabled) {
(gdb) p fsp->conn->sconn->client
$1 = (struct smbXsrv_client *) 0x0
(gdb)
Signed-off-by: Jones Syue <jonessyue at qnap.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 8f4c1c67b4f118a9a47b09ac7908cd3d969b19c2)
Autobuild-User(v4-19-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-19-test): Thu Aug 3 09:45:34 UTC 2023 on atb-devel-224
- - - - -
d5939205 by Noel Power at 2023-08-03T13:37:10+00:00
selftest: Add new dfs share (with widelinks enabled)
Adds share (to be used in later test) that has dfs node
but additionally has widelinks set to yes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15435
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit b57cdfd7efb161cf96b3a39dc7a1652db817e602)
- - - - -
ece48278 by Noel Power at 2023-08-03T13:37:10+00:00
sefltest: Add new regression test dfs with widelinks = yes
Adds a new test trying to cd into dfs path on share with
widelinks enabled, should generate an error (see BUG:)
Add a knownfail so CI continues
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15435
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 3d2e9db8b95f9f45d486f8272e53584975f177fa)
- - - - -
368b3e61 by Noel Power at 2023-08-03T13:37:10+00:00
s3/modules: Add flag indicating if connected share is a dfs share
Not used yet, will be used in the next commit to avoid testing
if the connected share is a dfs one.
Pair-Programmed-With: Jeremy Alison <jra at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15435
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 2668dcd0968133cca4f8410bf8c41ed0483f5d87)
- - - - -
1231268c by Noel Power at 2023-08-03T14:30:32+00:00
s3/modules: Fix DFS links when widelinks = yes
In openat(), even if we fail to open the file,
propagate stat if and only if the object is a link in
a DFS share. This allows calling code to further process
the link.
Also remove knownfail
Pair-Programmed-With: Jeremy Alison <jra at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15435
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Jul 29 00:43:52 UTC 2023 on atb-devel-224
(cherry picked from commit 0bf8b25aacdf2f5c746922320b32e3f0886c81f5)
Autobuild-User(v4-19-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-19-test): Thu Aug 3 14:30:32 UTC 2023 on atb-devel-224
- - - - -
9a87e206 by Joseph Sutton at 2023-08-04T09:31:54+00:00
third_party/heimdal: Import lorikeet-heimdal-202308030152 (commit 2a036a6fd80833799316b8a85623cdea3a1135df)
This import fixes the build on 32-bit FreeBSD.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15443
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Joseph Sutton <jsutton at samba.org>
Autobuild-Date(master): Thu Aug 3 05:40:28 UTC 2023 on atb-devel-224
(cherry picked from commit 06d673a1a0c54e78773cc951124486b547ca880d)
Autobuild-User(v4-19-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-19-test): Fri Aug 4 09:31:54 UTC 2023 on atb-devel-224
- - - - -
19e9735c by Jule Anger at 2023-08-08T09:11:57+02:00
WHATSNEW: Add release notes for Samba 4.19.0rc2.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
e7330e36 by Jule Anger at 2023-08-08T09:12:57+02:00
VERSION: Disable GIT_SNAPSHOT for the 4.19.0rc2 release.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
6956ea2f by Michael Tokarev at 2023-08-08T10:47:57+03:00
New upstream version 4.19.0~rc2+dfsg
- - - - -
16 changed files:
- VERSION
- WHATSNEW.txt
- selftest/target/Samba3.pm
- source3/modules/vfs_aio_pthread.c
- source3/modules/vfs_widelinks.c
- source3/passdb/pdb_samba_dsdb.c
- + source3/script/tests/test_bug15435_widelink_dfs.sh
- source3/selftest/tests.py
- source4/dsdb/common/util.c
- source4/dsdb/common/util_trusts.c
- source4/dsdb/samdb/ldb_modules/operational.c
- source4/dsdb/samdb/ldb_modules/samldb.c
- source4/rpc_server/backupkey/dcesrv_backupkey.c
- source4/rpc_server/lsa/lsa_init.c
- source4/rpc_server/netlogon/dcerpc_netlogon.c
- third_party/heimdal/kdc/pkinit.c
Changes:
=====================================
VERSION
=====================================
@@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE=
# e.g. SAMBA_VERSION_RC_RELEASE=1 #
# -> "3.0.0rc1" #
########################################################
-SAMBA_VERSION_RC_RELEASE=1
+SAMBA_VERSION_RC_RELEASE=2
########################################################
# To mark SVN snapshots this should be set to 'yes' #
=====================================
WHATSNEW.txt
=====================================
@@ -1,7 +1,7 @@
Release Announcements
=====================
-This is the first release candidate of Samba 4.19. This is *not*
+This is the second release candidate of Samba 4.19. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
@@ -235,6 +235,27 @@ smb.conf changes
directory name cache size Removed
+CHANGES SINCE 4.19.0rc1
+=======================
+
+o Andrew Bartlett <abartlet at samba.org>
+ * BUG 9959: Windows client join fails if a second container CN=System exists
+ somewhere.
+
+o Noel Power <noel.power at suse.com>
+ * BUG 15435: regression DFS not working with widelinks = true.
+
+o Arvid Requate <requate at univention.de>
+ * BUG 9959: Windows client join fails if a second container CN=System exists
+ somewhere.
+
+o Joseph Sutton <josephsutton at catalyst.net.nz>
+ * BUG 15443: Heimdal fails to build on 32-bit FreeBSD.
+
+o Jones Syue <jonessyue at qnap.com>
+ * BUG 15441: samba-tool ntacl get segfault if aio_pthread appended.
+
+
KNOWN ISSUES
============
=====================================
selftest/target/Samba3.pm
=====================================
@@ -3034,6 +3034,11 @@ sub provision($$)
msdfs root = yes
msdfs shuffle referrals = yes
guest ok = yes
+[msdfs-share-wl]
+ path = $msdfs_shrdir
+ msdfs root = yes
+ wide links = yes
+ guest ok = yes
[msdfs-share2]
path = $msdfs_shrdir2
msdfs root = yes
=====================================
source3/modules/vfs_aio_pthread.c
=====================================
@@ -475,7 +475,8 @@ static int aio_pthread_openat_fn(vfs_handle_struct *handle,
aio_allow_open = false;
}
- if (fsp->conn->sconn->client->server_multi_channel_enabled) {
+ if (fsp->conn->sconn->client != NULL &&
+ fsp->conn->sconn->client->server_multi_channel_enabled) {
/*
* This module is not compatible with multi channel yet.
*/
=====================================
source3/modules/vfs_widelinks.c
=====================================
@@ -106,6 +106,7 @@
struct widelinks_config {
bool active;
+ bool is_dfs_share;
char *cwd;
};
@@ -134,7 +135,8 @@ static int widelinks_connect(struct vfs_handle_struct *handle,
DBG_ERR("vfs_widelinks module loaded with "
"widelinks = no\n");
}
-
+ config->is_dfs_share =
+ (lp_host_msdfs() && lp_msdfs_root(SNUM(handle->conn)));
SMB_VFS_HANDLE_SET_DATA(handle,
config,
NULL, /* free_fn */
@@ -346,7 +348,7 @@ static int widelinks_openat(vfs_handle_struct *handle,
{
struct vfs_open_how how = *_how;
struct widelinks_config *config = NULL;
-
+ int ret;
SMB_VFS_HANDLE_GET_DATA(handle,
config,
struct widelinks_config,
@@ -363,11 +365,33 @@ static int widelinks_openat(vfs_handle_struct *handle,
how.flags = (how.flags & ~O_NOFOLLOW);
}
- return SMB_VFS_NEXT_OPENAT(handle,
+ ret = SMB_VFS_NEXT_OPENAT(handle,
dirfsp,
smb_fname,
fsp,
&how);
+ if (config->is_dfs_share && ret == -1 && errno == ENOENT) {
+ struct smb_filename *full_fname = NULL;
+ int lstat_ret;
+
+ full_fname = full_path_from_dirfsp_atname(talloc_tos(),
+ dirfsp,
+ smb_fname);
+ if (full_fname == NULL) {
+ errno = ENOMEM;
+ return -1;
+ }
+ lstat_ret = SMB_VFS_NEXT_LSTAT(handle,
+ full_fname);
+ if (lstat_ret != -1 &&
+ VALID_STAT(full_fname->st) &&
+ S_ISLNK(full_fname->st.st_ex_mode)) {
+ fsp->fsp_name->st = full_fname->st;
+ }
+ TALLOC_FREE(full_fname);
+ errno = ENOENT;
+ }
+ return ret;
}
static struct vfs_fn_pointers vfs_widelinks_fns = {
=====================================
source3/passdb/pdb_samba_dsdb.c
=====================================
@@ -3317,9 +3317,13 @@ static NTSTATUS pdb_samba_dsdb_set_trusted_domain(struct pdb_methods *methods,
goto out;
}
- msg->dn = ldb_dn_copy(tmp_ctx, base_dn);
+ msg->dn = samdb_system_container_dn(state->ldb, tmp_ctx);
+ if (msg->dn == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto out;
+ }
- ok = ldb_dn_add_child_fmt(msg->dn, "cn=%s,cn=System", td->domain_name);
+ ok = ldb_dn_add_child_fmt(msg->dn, "cn=%s", td->domain_name);
if (!ok) {
status = NT_STATUS_NO_MEMORY;
goto out;
@@ -3544,13 +3548,13 @@ static NTSTATUS pdb_samba_dsdb_del_trusted_domain(struct pdb_methods *methods,
return NT_STATUS_OK;
}
- tdo_dn = ldb_dn_copy(tmp_ctx, ldb_get_default_basedn(state->ldb));
+ tdo_dn = samdb_system_container_dn(state->ldb, tmp_ctx);
if (tdo_dn == NULL) {
status = NT_STATUS_NO_MEMORY;
goto out;
}
- ok = ldb_dn_add_child_fmt(tdo_dn, "cn=%s,cn=System", domain);
+ ok = ldb_dn_add_child_fmt(tdo_dn, "cn=%s", domain);
if (!ok) {
TALLOC_FREE(tmp_ctx);
status = NT_STATUS_NO_MEMORY;
=====================================
source3/script/tests/test_bug15435_widelink_dfs.sh
=====================================
@@ -0,0 +1,28 @@
+#!/bin/sh
+
+# regression test for dfs access with wide links enabled on dfs share
+
+if [ $# -lt 5 ]; then
+ cat <<EOF
+Usage: test_smbclient_basic.sh SERVER SERVER_IP DOMAIN USERNAME PASSWORD SMBCLIENT <smbclient arguments>
+EOF
+ exit 1
+fi
+
+SERVER="$1"
+SERVER_IP="$2"
+USERNAME="$3"
+PASSWORD="$4"
+smbclient="$5"
+CONFIGURATION="$6"
+shift 6
+ADDARGS="$@"
+
+incdir=$(dirname $0)/../../../testprogs/blackbox
+. $incdir/subunit.sh
+. $incdir/common_test_fns.inc
+
+# TEST
+test_smbclient "smbclient as $DOMAIN\\$USERNAME" 'ls' "//$SERVER/msdfs-share-wl" -U$DOMAIN\\$USERNAME%$PASSWORD $ADDARGS -c 'cd msdfs-src1' || failed=$(expr $failed + 1)
+
+exit $failed
=====================================
source3/selftest/tests.py
=====================================
@@ -1725,6 +1725,16 @@ if have_cluster_support:
"$SERVERCONFFILE",
"$SERVER_IP"])
+plantestsuite("samba3.blackbox.smbclient-bug15435",
+ "fileserver",
+ [os.path.join(samba3srcdir, "script/tests/test_bug15435_widelink_dfs.sh"),
+ "$SERVER",
+ "$SERVER_IP",
+ "$USERNAME",
+ "$PASSWORD",
+ smbclient3,
+ configuration])
+
plantestsuite(
"samba3.net_lookup_ldap",
"ad_dc:local",
=====================================
source4/dsdb/common/util.c
=====================================
@@ -1276,6 +1276,25 @@ struct ldb_dn *samdb_infrastructure_dn(struct ldb_context *sam_ctx, TALLOC_CTX *
return new_dn;
}
+struct ldb_dn *samdb_system_container_dn(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx)
+{
+ struct ldb_dn *new_dn = NULL;
+ bool ok;
+
+ new_dn = ldb_dn_copy(mem_ctx, ldb_get_default_basedn(sam_ctx));
+ if (new_dn == NULL) {
+ return NULL;
+ }
+
+ ok = ldb_dn_add_child_fmt(new_dn, "CN=System");
+ if (!ok) {
+ TALLOC_FREE(new_dn);
+ return NULL;
+ }
+
+ return new_dn;
+}
+
struct ldb_dn *samdb_sites_dn(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx)
{
struct ldb_dn *new_dn;
=====================================
source4/dsdb/common/util_trusts.c
=====================================
@@ -2459,17 +2459,12 @@ NTSTATUS dsdb_trust_search_tdo(struct ldb_context *sam_ctx,
return NT_STATUS_INVALID_PARAMETER_MIX;
}
- system_dn = ldb_dn_copy(frame, ldb_get_default_basedn(sam_ctx));
+ system_dn = samdb_system_container_dn(sam_ctx, frame);
if (system_dn == NULL) {
TALLOC_FREE(frame);
return NT_STATUS_NO_MEMORY;
}
- if (!ldb_dn_add_child_fmt(system_dn, "CN=System")) {
- TALLOC_FREE(frame);
- return NT_STATUS_NO_MEMORY;
- }
-
if (netbios != NULL) {
netbios_encoded = ldb_binary_encode_string(frame, netbios);
if (netbios_encoded == NULL) {
@@ -2617,17 +2612,12 @@ NTSTATUS dsdb_trust_search_tdo_by_sid(struct ldb_context *sam_ctx,
return NT_STATUS_NO_MEMORY;
}
- system_dn = ldb_dn_copy(frame, ldb_get_default_basedn(sam_ctx));
+ system_dn = samdb_system_container_dn(sam_ctx, frame);
if (system_dn == NULL) {
TALLOC_FREE(frame);
return NT_STATUS_NO_MEMORY;
}
- if (!ldb_dn_add_child_fmt(system_dn, "CN=System")) {
- TALLOC_FREE(frame);
- return NT_STATUS_NO_MEMORY;
- }
-
filter = talloc_asprintf(frame,
"(&"
"(objectClass=trustedDomain)"
@@ -2794,17 +2784,12 @@ NTSTATUS dsdb_trust_search_tdos(struct ldb_context *sam_ctx,
*res = NULL;
- system_dn = ldb_dn_copy(frame, ldb_get_default_basedn(sam_ctx));
+ system_dn = samdb_system_container_dn(sam_ctx, frame);
if (system_dn == NULL) {
TALLOC_FREE(frame);
return NT_STATUS_NO_MEMORY;
}
- if (!ldb_dn_add_child_fmt(system_dn, "CN=System")) {
- TALLOC_FREE(frame);
- return NT_STATUS_NO_MEMORY;
- }
-
if (exclude != NULL) {
exclude_encoded = ldb_binary_encode_string(frame, exclude);
if (exclude_encoded == NULL) {
=====================================
source4/dsdb/samdb/ldb_modules/operational.c
=====================================
@@ -1009,19 +1009,20 @@ static int get_pso_count(struct ldb_module *module, TALLOC_CTX *mem_ctx,
{
static const char * const attrs[] = { NULL };
int ret;
- struct ldb_dn *domain_dn = NULL;
struct ldb_dn *psc_dn = NULL;
struct ldb_result *res = NULL;
struct ldb_context *ldb = ldb_module_get_ctx(module);
+ bool psc_ok;
*pso_count = 0;
- domain_dn = ldb_get_default_basedn(ldb);
- psc_dn = ldb_dn_new_fmt(mem_ctx, ldb,
- "CN=Password Settings Container,CN=System,%s",
- ldb_dn_get_linearized(domain_dn));
+ psc_dn = samdb_system_container_dn(ldb, mem_ctx);
if (psc_dn == NULL) {
return ldb_oom(ldb);
}
+ psc_ok = ldb_dn_add_child_fmt(psc_dn, "CN=Password Settings Container");
+ if (psc_ok == false) {
+ return ldb_oom(ldb);
+ }
/* get the number of PSO children */
ret = dsdb_module_search(module, mem_ctx, &res, psc_dn,
@@ -1088,8 +1089,8 @@ static int pso_search_by_sids(struct ldb_module *module, TALLOC_CTX *mem_ctx,
int i;
struct ldb_context *ldb = ldb_module_get_ctx(module);
char *sid_filter = NULL;
- struct ldb_dn *domain_dn = NULL;
struct ldb_dn *psc_dn = NULL;
+ bool psc_ok;
const char *attrs[] = {
"msDS-PasswordSettingsPrecedence",
"objectGUID",
@@ -1117,13 +1118,14 @@ static int pso_search_by_sids(struct ldb_module *module, TALLOC_CTX *mem_ctx,
}
/* only PSOs located in the Password Settings Container are valid */
- domain_dn = ldb_get_default_basedn(ldb);
- psc_dn = ldb_dn_new_fmt(mem_ctx, ldb,
- "CN=Password Settings Container,CN=System,%s",
- ldb_dn_get_linearized(domain_dn));
+ psc_dn = samdb_system_container_dn(ldb, mem_ctx);
if (psc_dn == NULL) {
return ldb_oom(ldb);
}
+ psc_ok = ldb_dn_add_child_fmt(psc_dn, "CN=Password Settings Container");
+ if (psc_ok == false) {
+ return ldb_oom(ldb);
+ }
ret = dsdb_module_search(module, mem_ctx, result, psc_dn,
LDB_SCOPE_ONELEVEL, attrs,
=====================================
source4/dsdb/samdb/ldb_modules/samldb.c
=====================================
@@ -5402,14 +5402,9 @@ static int check_rename_constraints(struct ldb_message *msg,
/* Objects under CN=System */
- dn1 = ldb_dn_copy(ac, ldb_get_default_basedn(ldb));
+ dn1 = samdb_system_container_dn(ldb, ac);
if (dn1 == NULL) return ldb_oom(ldb);
- if ( ! ldb_dn_add_child_fmt(dn1, "CN=System")) {
- talloc_free(dn1);
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
if ((ldb_dn_compare_base(dn1, olddn) == 0) &&
(ldb_dn_compare_base(dn1, newdn) != 0)) {
talloc_free(dn1);
=====================================
source4/rpc_server/backupkey/dcesrv_backupkey.c
=====================================
@@ -59,10 +59,10 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx,
const char *name,
const DATA_BLOB *lsa_secret)
{
+ TALLOC_CTX *frame = talloc_stackframe();
struct ldb_message *msg;
struct ldb_result *res;
- struct ldb_dn *domain_dn;
- struct ldb_dn *system_dn;
+ struct ldb_dn *system_dn = NULL;
struct ldb_val val;
int ret;
char *name2;
@@ -72,13 +72,9 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx,
NULL
};
- domain_dn = ldb_get_default_basedn(ldb);
- if (!domain_dn) {
- return NT_STATUS_INTERNAL_ERROR;
- }
-
- msg = ldb_msg_new(mem_ctx);
+ msg = ldb_msg_new(frame);
if (msg == NULL) {
+ talloc_free(frame);
return NT_STATUS_NO_MEMORY;
}
@@ -92,15 +88,15 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx,
* * taillor the function to the particular needs of backup protocol
*/
- system_dn = samdb_search_dn(ldb, msg, domain_dn, "(&(objectClass=container)(cn=System))");
+ system_dn = samdb_system_container_dn(ldb, frame);
if (system_dn == NULL) {
- talloc_free(msg);
+ talloc_free(frame);
return NT_STATUS_NO_MEMORY;
}
name2 = talloc_asprintf(msg, "%s Secret", name);
if (name2 == NULL) {
- talloc_free(msg);
+ talloc_free(frame);
return NT_STATUS_NO_MEMORY;
}
@@ -110,7 +106,7 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx,
if (ret != LDB_SUCCESS || res->count != 0 ) {
DEBUG(2, ("Secret %s already exists !\n", name2));
- talloc_free(msg);
+ talloc_free(frame);
return NT_STATUS_OBJECT_NAME_COLLISION;
}
@@ -119,41 +115,41 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx,
* here only if the key didn't exists before
*/
- msg->dn = ldb_dn_copy(mem_ctx, system_dn);
+ msg->dn = ldb_dn_copy(frame, system_dn);
if (msg->dn == NULL) {
- talloc_free(msg);
+ talloc_free(frame);
return NT_STATUS_NO_MEMORY;
}
if (!ldb_dn_add_child_fmt(msg->dn, "cn=%s", name2)) {
- talloc_free(msg);
+ talloc_free(frame);
return NT_STATUS_NO_MEMORY;
}
ret = ldb_msg_add_string(msg, "cn", name2);
if (ret != LDB_SUCCESS) {
- talloc_free(msg);
+ talloc_free(frame);
return NT_STATUS_NO_MEMORY;
}
ret = ldb_msg_add_string(msg, "objectClass", "secret");
if (ret != LDB_SUCCESS) {
- talloc_free(msg);
+ talloc_free(frame);
return NT_STATUS_NO_MEMORY;
}
- ret = samdb_msg_add_uint64(ldb, mem_ctx, msg, "priorSetTime", nt_now);
+ ret = samdb_msg_add_uint64(ldb, frame, msg, "priorSetTime", nt_now);
if (ret != LDB_SUCCESS) {
- talloc_free(msg);
+ talloc_free(frame);
return NT_STATUS_NO_MEMORY;
}
val.data = lsa_secret->data;
val.length = lsa_secret->length;
ret = ldb_msg_add_value(msg, "currentValue", &val, NULL);
if (ret != LDB_SUCCESS) {
- talloc_free(msg);
+ talloc_free(frame);
return NT_STATUS_NO_MEMORY;
}
- ret = samdb_msg_add_uint64(ldb, mem_ctx, msg, "lastSetTime", nt_now);
+ ret = samdb_msg_add_uint64(ldb, frame, msg, "lastSetTime", nt_now);
if (ret != LDB_SUCCESS) {
- talloc_free(msg);
+ talloc_free(frame);
return NT_STATUS_NO_MEMORY;
}
@@ -167,11 +163,11 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx,
DEBUG(2,("Failed to create secret record %s: %s\n",
ldb_dn_get_linearized(msg->dn),
ldb_errstring(ldb)));
- talloc_free(msg);
+ talloc_free(frame);
return NT_STATUS_ACCESS_DENIED;
}
- talloc_free(msg);
+ talloc_free(frame);
return NT_STATUS_OK;
}
@@ -183,8 +179,7 @@ static NTSTATUS get_lsa_secret(TALLOC_CTX *mem_ctx,
{
TALLOC_CTX *tmp_mem;
struct ldb_result *res;
- struct ldb_dn *domain_dn;
- struct ldb_dn *system_dn;
+ struct ldb_dn *system_dn = NULL;
const struct ldb_val *val;
uint8_t *data;
const char *attrs[] = {
@@ -196,17 +191,12 @@ static NTSTATUS get_lsa_secret(TALLOC_CTX *mem_ctx,
lsa_secret->data = NULL;
lsa_secret->length = 0;
- domain_dn = ldb_get_default_basedn(ldb);
- if (!domain_dn) {
- return NT_STATUS_INTERNAL_ERROR;
- }
-
tmp_mem = talloc_new(mem_ctx);
if (tmp_mem == NULL) {
return NT_STATUS_NO_MEMORY;
}
- system_dn = samdb_search_dn(ldb, tmp_mem, domain_dn, "(&(objectClass=container)(cn=System))");
+ system_dn = samdb_system_container_dn(ldb, tmp_mem);
if (system_dn == NULL) {
talloc_free(tmp_mem);
return NT_STATUS_NO_MEMORY;
=====================================
source4/rpc_server/lsa/lsa_init.c
=====================================
@@ -146,10 +146,9 @@ NTSTATUS dcesrv_lsa_get_policy_state(struct dcesrv_call_state *dce_call,
/* work out the system_dn - useful for so many calls its worth
fetching here */
- state->system_dn = samdb_search_dn(state->sam_ldb, state,
- state->domain_dn, "(&(objectClass=container)(cn=System))");
- if (!state->system_dn) {
- return NT_STATUS_NO_SUCH_DOMAIN;
+ state->system_dn = samdb_system_container_dn(state->sam_ldb, state);
+ if (state->system_dn == NULL) {
+ return NT_STATUS_NO_MEMORY;
}
state->builtin_sid = dom_sid_parse_talloc(state, SID_BUILTIN);
=====================================
source4/rpc_server/netlogon/dcerpc_netlogon.c
=====================================
@@ -3941,11 +3941,9 @@ static WERROR fill_trusted_domains_array(TALLOC_CTX *mem_ctx,
return WERR_INVALID_FLAGS;
}
- system_dn = samdb_search_dn(sam_ctx, mem_ctx,
- ldb_get_default_basedn(sam_ctx),
- "(&(objectClass=container)(cn=System))");
- if (!system_dn) {
- return WERR_GEN_FAILURE;
+ system_dn = samdb_system_container_dn(sam_ctx, mem_ctx);
+ if (system_dn == NULL) {
+ return WERR_NOT_ENOUGH_MEMORY;
}
ret = gendb_search(sam_ctx, mem_ctx, system_dn,
=====================================
third_party/heimdal/kdc/pkinit.c
=====================================
@@ -1978,10 +1978,10 @@ _kdc_pk_validate_freshness_token(astgs_request_t r,
token_time, sizeof(token_time), TRUE);
kdc_log(r->context, r->config, 4, "Freshness token has too large time skew: "
- "time in token %s is out by %ld > %ld seconds — %s",
+ "time in token %s is out by %ld > %jd seconds — %s",
token_time,
time_diff,
- r->context->max_skew,
+ (intmax_t)(r->context->max_skew),
r->cname);
r->e_text = NULL;
View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/7d05c43e61f4e5262be0552ca1380210390ff6f9...6956ea2f016b97de8419691ecd5f018700bfd91f
--
View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/7d05c43e61f4e5262be0552ca1380210390ff6f9...6956ea2f016b97de8419691ecd5f018700bfd91f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-samba-maint/attachments/20230808/e7ede805/attachment-0001.htm>
More information about the Pkg-samba-maint
mailing list