The branch, master has been updated via d5750f0 dsdb: Fix dsdb_next_callback to correctly use ldb_module_done() etc via 5b316a4 waf: disable-python - fix talloc wscript if bundling disabled via 39c6274 dsdb: Do not force a re-index of sam.ldb on upgrade to 4.7 from 8ab6e51 lib: Fix an error path memleak
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit d5750f016362ce55a1c905509c419756b523dde6 Author: Andrew Bartlett <abart...@samba.org> Date: Tue Aug 1 13:18:33 2017 +1200 dsdb: Fix dsdb_next_callback to correctly use ldb_module_done() etc If we do not call ldb_module_done() then we do not know that up_req->callback() has been called, and ldb_next_request() will call the callback again. If called twice, the new ldb_lock_backend_callback() in ldb 1.2.0 will segfault. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12904 Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Garming Sam <garm...@catalyst.net.nz> Autobuild-User(master): Andrew Bartlett <abart...@samba.org> Autobuild-Date(master): Tue Aug 1 07:52:38 CEST 2017 on sn-devel-144 commit 5b316a4c7aa830194bf254942daa5aef88a0ed17 Author: Ian Stakenvicius <a...@gentoo.org> Date: Tue Jul 25 16:31:14 2017 -0400 waf: disable-python - fix talloc wscript if bundling disabled The pytalloc-util dependency logic in lib/talloc/wscript on a standalone build checks for pytalloc-util in a manner that will fail if bundling is disabled, this causes issues on --disable-python builds of ldb, tevent, and samba. This patch restructures the logic to skip checks if python is disabled, instead just setting the temporary state variable 'using_system_pytalloc_util' to False Successfully tested patch on ldb-1.1.31 and above, tevent-0.9.33, and samba-4.7_rc3 Signed-off-by: Ian Stakenvicius <a...@gentoo.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Garming Sam <garm...@catalyst.net.nz> commit 39c6274084e5d72d6fdfae1fb9fede439f6ad60d Author: Andrew Bartlett <abart...@samba.org> Date: Tue Aug 1 10:26:34 2017 +1200 dsdb: Do not force a re-index of sam.ldb on upgrade to 4.7 This means that no compatibleFeatures or incompatibleFeatures will be honoured until a re-index, but that can be triggered when these features are set. New databases will still get this support. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12855 Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Garming Sam <garm...@catalyst.net.nz> ----------------------------------------------------------------------- Summary of changes: lib/talloc/wscript | 21 ++++++++++++--------- python/samba/tests/dsdb.py | 23 +++++++++++++++++++++++ source4/dsdb/pydsdb.c | 1 + source4/dsdb/samdb/ldb_modules/util.c | 25 +++++++++++++++++++++++-- source4/dsdb/samdb/samdb.h | 2 ++ source4/dsdb/schema/schema_set.c | 22 +++++++++++++++++++++- 6 files changed, 82 insertions(+), 12 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/talloc/wscript b/lib/talloc/wscript index 0274dc0..ab74e72 100644 --- a/lib/talloc/wscript +++ b/lib/talloc/wscript @@ -74,19 +74,22 @@ def configure(conf): implied_deps='replace'): conf.define('USING_SYSTEM_TALLOC', 1) - using_system_pytalloc_util = True - if not conf.CHECK_BUNDLED_SYSTEM_PKG('pytalloc-util', minversion=VERSION, - implied_deps='talloc replace'): + if conf.env.disable_python: using_system_pytalloc_util = False - - # We need to get a pytalloc-util for all the python versions - # we are building for - if conf.env['EXTRA_PYTHON']: - name = 'pytalloc-util' + conf.all_envs['extrapython']['PYTHON_SO_ABI_FLAG'] - if not conf.CHECK_BUNDLED_SYSTEM_PKG(name, minversion=VERSION, + else: + using_system_pytalloc_util = True + if not conf.CHECK_BUNDLED_SYSTEM_PKG('pytalloc-util', minversion=VERSION, implied_deps='talloc replace'): using_system_pytalloc_util = False + # We need to get a pytalloc-util for all the python versions + # we are building for + if conf.env['EXTRA_PYTHON']: + name = 'pytalloc-util' + conf.all_envs['extrapython']['PYTHON_SO_ABI_FLAG'] + if not conf.CHECK_BUNDLED_SYSTEM_PKG(name, minversion=VERSION, + implied_deps='talloc replace'): + using_system_pytalloc_util = False + if using_system_pytalloc_util: conf.define('USING_SYSTEM_PYTALLOC_UTIL', 1) diff --git a/python/samba/tests/dsdb.py b/python/samba/tests/dsdb.py index ce5f599..a9f569b 100644 --- a/python/samba/tests/dsdb.py +++ b/python/samba/tests/dsdb.py @@ -23,6 +23,7 @@ from samba.auth import system_session from samba.tests import TestCase from samba.ndr import ndr_unpack, ndr_pack from samba.dcerpc import drsblobs +from samba import dsdb import ldb import os import samba @@ -505,3 +506,25 @@ class DsdbTests(TestCase): backend_filename) backend_path = self.lp.private_path(backend_subpath) self._test_full_db_lock2(backend_path) + + def test_no_error_on_invalid_control(self): + try: + res = self.samdb.search(expression="cn=Administrator", + scope=ldb.SCOPE_SUBTREE, + attrs=["replPropertyMetaData"], + controls=["local_oid:%s:0" + % dsdb.DSDB_CONTROL_INVALID_NOT_IMPLEMENTED]) + except ldb.LdbError as e: + self.fail("Should have not raised an exception") + + def test_error_on_invalid_critical_control(self): + try: + res = self.samdb.search(expression="cn=Administrator", + scope=ldb.SCOPE_SUBTREE, + attrs=["replPropertyMetaData"], + controls=["local_oid:%s:1" + % dsdb.DSDB_CONTROL_INVALID_NOT_IMPLEMENTED]) + except ldb.LdbError as e: + if e[0] != ldb.ERR_UNSUPPORTED_CRITICAL_EXTENSION: + self.fail("Got %s should have got ERR_UNSUPPORTED_CRITICAL_EXTENSION" + % e[1]) diff --git a/source4/dsdb/pydsdb.c b/source4/dsdb/pydsdb.c index 47dc9ad..09623a6 100644 --- a/source4/dsdb/pydsdb.c +++ b/source4/dsdb/pydsdb.c @@ -1572,6 +1572,7 @@ void initdsdb(void) ADD_DSDB_STRING(DSDB_CONTROL_PERMIT_INTERDOMAIN_TRUST_UAC_OID); ADD_DSDB_STRING(DSDB_CONTROL_SKIP_DUPLICATES_CHECK_OID); ADD_DSDB_STRING(DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID); + ADD_DSDB_STRING(DSDB_CONTROL_INVALID_NOT_IMPLEMENTED); ADD_DSDB_STRING(DS_GUID_COMPUTERS_CONTAINER); ADD_DSDB_STRING(DS_GUID_DELETED_OBJECTS_CONTAINER); diff --git a/source4/dsdb/samdb/ldb_modules/util.c b/source4/dsdb/samdb/ldb_modules/util.c index 36d35b7..9e37c08 100644 --- a/source4/dsdb/samdb/ldb_modules/util.c +++ b/source4/dsdb/samdb/ldb_modules/util.c @@ -832,8 +832,29 @@ int dsdb_next_callback(struct ldb_request *req, struct ldb_reply *ares) { struct ldb_request *up_req = talloc_get_type(req->context, struct ldb_request); - talloc_steal(up_req, req); - return up_req->callback(up_req, ares); + if (!ares) { + return ldb_module_done(up_req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + + if (ares->error != LDB_SUCCESS || ares->type == LDB_REPLY_DONE) { + return ldb_module_done(up_req, ares->controls, + ares->response, ares->error); + } + + /* Otherwise pass on the callback */ + switch (ares->type) { + case LDB_REPLY_ENTRY: + return ldb_module_send_entry(up_req, ares->message, + ares->controls); + + case LDB_REPLY_REFERRAL: + return ldb_module_send_referral(up_req, + ares->referral); + default: + /* Can't happen */ + return LDB_ERR_OPERATIONS_ERROR; + } } /* diff --git a/source4/dsdb/samdb/samdb.h b/source4/dsdb/samdb/samdb.h index 5dce37e..c8658dc 100644 --- a/source4/dsdb/samdb/samdb.h +++ b/source4/dsdb/samdb/samdb.h @@ -189,6 +189,8 @@ struct dsdb_control_password_user_account_control { */ #define DSDB_CONTROL_FORCE_RODC_LOCAL_CHANGE "1.3.6.1.4.1.7165.4.3.31" +#define DSDB_CONTROL_INVALID_NOT_IMPLEMENTED "1.3.6.1.4.1.7165.4.3.32" + #define DSDB_EXTENDED_REPLICATED_OBJECTS_OID "1.3.6.1.4.1.7165.4.4.1" struct dsdb_extended_replicated_object { struct ldb_message *msg; diff --git a/source4/dsdb/schema/schema_set.c b/source4/dsdb/schema/schema_set.c index 28bedb3..cfd320b 100644 --- a/source4/dsdb/schema/schema_set.c +++ b/source4/dsdb/schema/schema_set.c @@ -214,7 +214,27 @@ int dsdb_schema_set_indices_and_attributes(struct ldb_context *ldb, if (ret != LDB_SUCCESS) { goto op_error; } - if (mod_msg->num_elements > 0) { + + /* + * We don't want to re-index just because we didn't + * see this flag + * + * DO NOT backport this logic earlier than 4.7, it + * isn't needed and would be dangerous before 4.6, + * where we add logic to samba_dsdb to manage + * @SAMBA_FEATURES_SUPPORTED and need to know if the + * DB has been re-opened by an earlier version. + * + */ + + if (mod_msg->num_elements == 1 + && ldb_attr_cmp(mod_msg->elements[0].name, + SAMBA_FEATURES_SUPPORTED_FLAG) == 0) { + /* + * Ignore only adding + * @SAMBA_FEATURES_SUPPORTED + */ + } else if (mod_msg->num_elements > 0) { /* * Do the replace with the constructed message, * to avoid needing a lock between this search -- Samba Shared Repository