The branch, master has been updated via 15f191a ldb-samba: Add "secret" as a value to hide in LDIF files via ac1ed18 classicupgrade: Avoid needing to quote CN values in an DN, use dn.set_component() via e0acee0 samr4: Remove talloc_asprintf leak onto mem_ctx via 37ef959 samr4: Use <SID=%s> in GetAliasMembership from e3fdb0a ctdb-tests: rename tests from stubby.* to ctdb.*
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 15f191a2329d08b92111f71e22f8a28c8a39c193 Author: Andrew Bartlett <abart...@samba.org> Date: Sat Jan 2 20:58:39 2016 +1300 ldb-samba: Add "secret" as a value to hide in LDIF files This is not secret or encrypted in LDAP, but is sensitive in secrets.ldb Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Garming Sam <garm...@catalyst.net.nz> Autobuild-User(master): Garming Sam <garm...@samba.org> Autobuild-Date(master): Wed May 11 07:17:38 CEST 2016 on sn-devel-144 commit ac1ed18f8d396c431d381f511a21d6fd4f008c24 Author: Andrew Bartlett <abart...@samba.org> Date: Thu Sep 24 07:41:22 2015 +1200 classicupgrade: Avoid needing to quote CN values in an DN, use dn.set_component() While invalid for samAccountName values, when also used for samAccountName we should be dealing with this at the samldb layer, not here. This comes from unvalidated Samba3 data that can contain a , or = without a problem in that codebase. Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Garming Sam <garm...@catalyst.net.nz> commit e0acee02233d56392b99607bbd6afae6ff3da71f Author: Garming Sam <garm...@catalyst.net.nz> Date: Wed May 11 13:02:03 2016 +1200 samr4: Remove talloc_asprintf leak onto mem_ctx BUG: https://bugzilla.samba.org/show_bug.cgi?id=11751 Signed-off-by: Garming Sam <garm...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 37ef959f37dc57302ff5824ff3223617863aad3e Author: Mantas Mikulėnas <graw...@gmail.com> Date: Wed Feb 24 19:40:47 2016 +0200 samr4: Use <SID=%s> in GetAliasMembership As in commit 841845dea35089a187fd1626c9752d708989ac7b, this avoids quoting problems in user DN's. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11751 Signed-off-by: Mantas Mikulėnas <graw...@gmail.com> Reviewed-by: Garming Sam <garm...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> ----------------------------------------------------------------------- Summary of changes: lib/ldb-samba/ldif_handlers.c | 2 +- python/samba/upgrade.py | 6 ++++-- source4/rpc_server/samr/dcesrv_samr.c | 19 ++++++------------- 3 files changed, 11 insertions(+), 16 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/ldb-samba/ldif_handlers.c b/lib/ldb-samba/ldif_handlers.c index d1b5bd7..87c171e 100644 --- a/lib/ldb-samba/ldif_handlers.c +++ b/lib/ldb-samba/ldif_handlers.c @@ -1693,7 +1693,7 @@ const struct ldb_schema_syntax *ldb_samba_syntax_by_lDAPDisplayName(struct ldb_c return s; } -static const char *secret_attributes[] = {DSDB_SECRET_ATTRIBUTES, NULL}; +static const char *secret_attributes[] = {DSDB_SECRET_ATTRIBUTES, "secret", NULL}; /* register the samba ldif handlers diff --git a/python/samba/upgrade.py b/python/samba/upgrade.py index 215ccd3..3856323 100644 --- a/python/samba/upgrade.py +++ b/python/samba/upgrade.py @@ -272,8 +272,10 @@ def add_group_from_mapping_entry(samdb, groupmap, logger): return m = ldb.Message() - m.dn = ldb.Dn(samdb, "CN=%s,CN=Users,%s" % (groupmap.nt_name, samdb.get_default_basedn())) - m['cn'] = ldb.MessageElement(groupmap.nt_name, ldb.FLAG_MOD_ADD, 'cn') + # We avoid using the format string to avoid needing to escape the CN values + m.dn = ldb.Dn(samdb, "CN=X,CN=Users") + m.dn.set_component(0, "CN", groupmap.nt_name) + m.dn.add_base(samdb.get_default_basedn()) m['objectClass'] = ldb.MessageElement('group', ldb.FLAG_MOD_ADD, 'objectClass') m['objectSid'] = ldb.MessageElement(ndr_pack(groupmap.sid), ldb.FLAG_MOD_ADD, 'objectSid') diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c index 423fcf0..25255d3 100644 --- a/source4/rpc_server/samr/dcesrv_samr.c +++ b/source4/rpc_server/samr/dcesrv_samr.c @@ -1525,11 +1525,12 @@ static NTSTATUS dcesrv_samr_GetAliasMembership(struct dcesrv_call_state *dce_cal { struct dcesrv_handle *h; struct samr_domain_state *d_state; - const char *filter; + char *filter; const char * const attrs[] = { "objectSid", NULL }; struct ldb_message **res; uint32_t i; int count = 0; + char membersidstr[DOM_SID_STR_BUFLEN]; DCESRV_PULL_HANDLE(h, r->in.domain_handle, SAMR_HANDLE_DOMAIN); @@ -1545,19 +1546,11 @@ static NTSTATUS dcesrv_samr_GetAliasMembership(struct dcesrv_call_state *dce_cal } for (i=0; i<r->in.sids->num_sids; i++) { - const char *memberdn; - - memberdn = samdb_search_string(d_state->sam_ctx, mem_ctx, NULL, - "distinguishedName", - "(objectSid=%s)", - ldap_encode_ndr_dom_sid(mem_ctx, - r->in.sids->sids[i].sid)); - if (memberdn == NULL) { - continue; - } + dom_sid_string_buf(r->in.sids->sids[i].sid, + membersidstr, sizeof(membersidstr)); - filter = talloc_asprintf(mem_ctx, "%s(member=%s)", filter, - memberdn); + filter = talloc_asprintf_append(filter, "(member=<SID=%s>)", + membersidstr); if (filter == NULL) { return NT_STATUS_NO_MEMORY; } -- Samba Shared Repository