The branch, master has been updated via e4d85fa dsdb-descriptor: Avoid segfault copying an SD without an owner or group via 87db233 dsdb-descriptor: Spell out security descriptor flags as constants via a166a34 torture-drs: Fix comment in replica_sync test via 59e8321 torture-drs: Make the samba4.drs.repl_schema.python emit failures, not errors on add failure via c89df54 ldb: Add missing dependency on replace for ldb via 613f49a build: Remove includes.h dep in winbind client libraries via f2c7f2c build: Remove unused includes.h reference to avoid build-time talloc dep from 46ab33d build:autoconf: fix output of syslog-facility check
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit e4d85fa73d3ce1f397fdd416af6b8c903a473824 Author: Andrew Bartlett <abart...@samba.org> Date: Mon Feb 11 14:46:43 2013 +1100 dsdb-descriptor: Avoid segfault copying an SD without an owner or group This is an unusual SD, but it does exist is some very old upgraded databases. Andrew Bartlett Reviewed-by: Stefan Metzmacher <me...@samba.org> Autobuild-User(master): Stefan Metzmacher <me...@samba.org> Autobuild-Date(master): Fri Feb 22 11:06:17 CET 2013 on sn-devel-104 commit 87db2331fc855473d8b3cad1c4149807823aa3c4 Author: Andrew Bartlett <abart...@samba.org> Date: Mon Feb 11 14:45:57 2013 +1100 dsdb-descriptor: Spell out security descriptor flags as constants Reviewed-by: Stefan Metzmacher <me...@samba.org> commit a166a3484a68dc5328ee1d3e65221c30c081204b Author: Andrew Bartlett <abart...@samba.org> Date: Wed Jan 16 08:52:41 2013 +1100 torture-drs: Fix comment in replica_sync test Reviewed-by: Stefan Metzmacher <me...@samba.org> commit 59e8321324fe6b652724e71ba1df9da80f30cc67 Author: Andrew Bartlett <abart...@samba.org> Date: Thu Feb 7 19:35:15 2013 +1100 torture-drs: Make the samba4.drs.repl_schema.python emit failures, not errors on add failure This then allows this particular failure to be masked with a knownfail. Andrew Bartlett Reviewed-by: Stefan Metzmacher <me...@samba.org> commit c89df544239dbaedbb7f231f4556aff8e4a3f288 Author: Andrew Bartlett <abart...@samba.org> Date: Fri Feb 15 13:32:06 2013 +1100 ldb: Add missing dependency on replace for ldb This brings in rep_timegm() on Solaris for example. Andrew Bartlett Reviewed-by: Stefan Metzmacher <me...@samba.org> commit 613f49ab8bf0bdcc7cd1e2c39bd624586a87cff3 Author: Andrew Bartlett <abart...@samba.org> Date: Tue Feb 19 11:44:19 2013 +1100 build: Remove includes.h dep in winbind client libraries Our LGPL winbind client libs do not link against our server-side code, and should not use the server-side includes.h. This removes a build-time dep on talloc that was brought in via includes.h as this code also does not use talloc. Andrew Bartlett Reviewed-by: Stefan Metzmacher <me...@samba.org> commit f2c7f2c93d54c77753e2a1b0663813e9778172a4 Author: Andrew Bartlett <abart...@samba.org> Date: Tue Feb 19 11:15:20 2013 +1100 build: Remove unused includes.h reference to avoid build-time talloc dep talloc is not a dependency of this library, but is required by includes.h. By not including includes.h, we avoid needing to add an otherwise false talloc dep. (this comes up if talloc.h is not installed as a system package). Andrew Bartlett Reviewed-by: Stefan Metzmacher <me...@samba.org> ----------------------------------------------------------------------- Summary of changes: lib/ldb/wscript | 2 +- lib/util/setid.c | 1 - nsswitch/winbind_nss_solaris.c | 1 - source4/dsdb/samdb/ldb_modules/acl_util.c | 2 +- source4/dsdb/samdb/ldb_modules/descriptor.c | 18 +++++++++++++----- source4/torture/drs/python/repl_schema.py | 6 +++++- source4/torture/drs/python/replica_sync.py | 2 +- 7 files changed, 21 insertions(+), 11 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/ldb/wscript b/lib/ldb/wscript index 1ae5438..fbed6fd 100755 --- a/lib/ldb/wscript +++ b/lib/ldb/wscript @@ -133,7 +133,7 @@ def build(bld): bld.SAMBA_LIBRARY('ldb', COMMON_SRC + ' ' + LDB_MAP_SRC, - deps='tevent LIBLDB_MAIN', + deps='tevent LIBLDB_MAIN replace', includes='include', public_headers='include/ldb.h include/ldb_errors.h '\ 'include/ldb_module.h include/ldb_handlers.h', diff --git a/lib/util/setid.c b/lib/util/setid.c index ed86155..c5ee644 100644 --- a/lib/util/setid.c +++ b/lib/util/setid.c @@ -20,7 +20,6 @@ #ifndef AUTOCONF_TEST #include "replace.h" #include "system/passwd.h" -#include "include/includes.h" #ifdef UID_WRAPPER_REPLACE diff --git a/nsswitch/winbind_nss_solaris.c b/nsswitch/winbind_nss_solaris.c index 92da859..6d3c8a9 100644 --- a/nsswitch/winbind_nss_solaris.c +++ b/nsswitch/winbind_nss_solaris.c @@ -33,7 +33,6 @@ #include <sys/param.h> #include <string.h> #include <pwd.h> -#include "includes.h" #include <syslog.h> #if !defined(HPUX) diff --git a/source4/dsdb/samdb/ldb_modules/acl_util.c b/source4/dsdb/samdb/ldb_modules/acl_util.c index 9be376d..1f64ab1 100644 --- a/source4/dsdb/samdb/ldb_modules/acl_util.c +++ b/source4/dsdb/samdb/ldb_modules/acl_util.c @@ -272,7 +272,7 @@ uint32_t dsdb_request_sd_flags(struct ldb_request *req, bool *explicit) * equals all 4 bits */ if (sd_flags == 0) { - sd_flags = 0xF; + sd_flags = SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL | SECINFO_SACL; } return sd_flags; diff --git a/source4/dsdb/samdb/ldb_modules/descriptor.c b/source4/dsdb/samdb/ldb_modules/descriptor.c index d9bc89f..7743baa 100644 --- a/source4/dsdb/samdb/ldb_modules/descriptor.c +++ b/source4/dsdb/samdb/ldb_modules/descriptor.c @@ -181,20 +181,28 @@ static struct security_descriptor *descr_handle_sd_flags(TALLOC_CTX *mem_ctx, final_sd->type = SEC_DESC_SELF_RELATIVE; if (sd_flags & (SECINFO_OWNER)) { - final_sd->owner_sid = talloc_memdup(mem_ctx, new_sd->owner_sid, sizeof(struct dom_sid)); + if (new_sd->owner_sid) { + final_sd->owner_sid = talloc_memdup(mem_ctx, new_sd->owner_sid, sizeof(struct dom_sid)); + } final_sd->type |= new_sd->type & SEC_DESC_OWNER_DEFAULTED; } else if (old_sd) { - final_sd->owner_sid = talloc_memdup(mem_ctx, old_sd->owner_sid, sizeof(struct dom_sid)); + if (old_sd->owner_sid) { + final_sd->owner_sid = talloc_memdup(mem_ctx, old_sd->owner_sid, sizeof(struct dom_sid)); + } final_sd->type |= old_sd->type & SEC_DESC_OWNER_DEFAULTED; } if (sd_flags & (SECINFO_GROUP)) { - final_sd->group_sid = talloc_memdup(mem_ctx, new_sd->group_sid, sizeof(struct dom_sid)); + if (new_sd->group_sid) { + final_sd->group_sid = talloc_memdup(mem_ctx, new_sd->group_sid, sizeof(struct dom_sid)); + } final_sd->type |= new_sd->type & SEC_DESC_GROUP_DEFAULTED; } else if (old_sd) { - final_sd->group_sid = talloc_memdup(mem_ctx, old_sd->group_sid, sizeof(struct dom_sid)); + if (old_sd->group_sid) { + final_sd->group_sid = talloc_memdup(mem_ctx, old_sd->group_sid, sizeof(struct dom_sid)); + } final_sd->type |= old_sd->type & SEC_DESC_GROUP_DEFAULTED; } @@ -643,7 +651,7 @@ static int descriptor_add(struct ldb_module *module, struct ldb_request *req) * The SD_FLAG control is ignored on add * and we default to all bits set. */ - sd_flags = 0xF; + sd_flags = SECINFO_OWNER|SECINFO_GROUP|SECINFO_SACL|SECINFO_DACL; sd = get_new_descriptor(module, dn, req, objectclass, parent_sd, diff --git a/source4/torture/drs/python/repl_schema.py b/source4/torture/drs/python/repl_schema.py index 166a0eb..cbed640 100644 --- a/source4/torture/drs/python/repl_schema.py +++ b/source4/torture/drs/python/repl_schema.py @@ -84,7 +84,11 @@ class DrsReplSchemaTestCase(drs_base.DrsBaseTestCase): if not attrs is None: rec.update(attrs) # add it to the Schema - ldb_ctx.add(rec) + try: + ldb_ctx.add(rec) + except LdbError, (enum, estr): + self.fail("Adding record failed with %d/%s" % (enum, estr)) + self._ldap_schemaUpdateNow(ldb_ctx) return (rec["lDAPDisplayName"], rec["dn"]) diff --git a/source4/torture/drs/python/replica_sync.py b/source4/torture/drs/python/replica_sync.py index 89834a3..8839421 100644 --- a/source4/torture/drs/python/replica_sync.py +++ b/source4/torture/drs/python/replica_sync.py @@ -63,7 +63,7 @@ class DrsReplicaSyncTestCase(drs_base.DrsBaseTestCase): self.fail("'drs replicate' command should have failed!") def test_ReplDisabledForced(self): - """Tests we cann't replicate when replication is disabled""" + """Tests we can force replicate when replication is disabled""" self._disable_inbound_repl(self.dnsname_dc1) out = self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True) -- Samba Shared Repository