The branch, master has been updated
via d5750f0 dsdb: Fix dsdb_next_callback to correctly use
ldb_module_done() etc
via 5b316a4 waf: disable-python - fix talloc wscript if bundling
disabled
via 39c6274 dsdb: Do not force a re-index of sam.ldb on upgrade to 4.7
from 8ab6e51 lib: Fix an error path memleak
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit d5750f016362ce55a1c905509c419756b523dde6
Author: Andrew Bartlett <abart...@samba.org>
Date: Tue Aug 1 13:18:33 2017 +1200
dsdb: Fix dsdb_next_callback to correctly use ldb_module_done() etc
If we do not call ldb_module_done() then we do not know that
up_req->callback()
has been called, and ldb_next_request() will call the callback again.
If called twice, the new ldb_lock_backend_callback() in ldb 1.2.0 will
segfault.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12904
Signed-off-by: Andrew Bartlett <abart...@samba.org>
Reviewed-by: Garming Sam <garm...@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abart...@samba.org>
Autobuild-Date(master): Tue Aug 1 07:52:38 CEST 2017 on sn-devel-144
commit 5b316a4c7aa830194bf254942daa5aef88a0ed17
Author: Ian Stakenvicius <a...@gentoo.org>
Date: Tue Jul 25 16:31:14 2017 -0400
waf: disable-python - fix talloc wscript if bundling disabled
The pytalloc-util dependency logic in lib/talloc/wscript on a
standalone build checks for pytalloc-util in a manner that will
fail if bundling is disabled, this causes issues on
--disable-python builds of ldb, tevent, and samba.
This patch restructures the logic to skip checks if python
is disabled, instead just setting the temporary state variable
'using_system_pytalloc_util' to False
Successfully tested patch on ldb-1.1.31 and above, tevent-0.9.33,
and samba-4.7_rc3
Signed-off-by: Ian Stakenvicius <a...@gentoo.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
Reviewed-by: Garming Sam <garm...@catalyst.net.nz>
commit 39c6274084e5d72d6fdfae1fb9fede439f6ad60d
Author: Andrew Bartlett <abart...@samba.org>
Date: Tue Aug 1 10:26:34 2017 +1200
dsdb: Do not force a re-index of sam.ldb on upgrade to 4.7
This means that no compatibleFeatures or incompatibleFeatures will be
honoured
until a re-index, but that can be triggered when these features are set.
New databases will still get this support.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12855
Signed-off-by: Andrew Bartlett <abart...@samba.org>
Reviewed-by: Garming Sam <garm...@catalyst.net.nz>
-----------------------------------------------------------------------
Summary of changes:
lib/talloc/wscript | 21 ++++++++++++---------
python/samba/tests/dsdb.py | 23 +++++++++++++++++++++++
source4/dsdb/pydsdb.c | 1 +
source4/dsdb/samdb/ldb_modules/util.c | 25 +++++++++++++++++++++++--
source4/dsdb/samdb/samdb.h | 2 ++
source4/dsdb/schema/schema_set.c | 22 +++++++++++++++++++++-
6 files changed, 82 insertions(+), 12 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/talloc/wscript b/lib/talloc/wscript
index 0274dc0..ab74e72 100644
--- a/lib/talloc/wscript
+++ b/lib/talloc/wscript
@@ -74,19 +74,22 @@ def configure(conf):
implied_deps='replace'):
conf.define('USING_SYSTEM_TALLOC', 1)
- using_system_pytalloc_util = True
- if not conf.CHECK_BUNDLED_SYSTEM_PKG('pytalloc-util',
minversion=VERSION,
- implied_deps='talloc replace'):
+ if conf.env.disable_python:
using_system_pytalloc_util = False
-
- # We need to get a pytalloc-util for all the python versions
- # we are building for
- if conf.env['EXTRA_PYTHON']:
- name = 'pytalloc-util' +
conf.all_envs['extrapython']['PYTHON_SO_ABI_FLAG']
- if not conf.CHECK_BUNDLED_SYSTEM_PKG(name, minversion=VERSION,
+ else:
+ using_system_pytalloc_util = True
+ if not conf.CHECK_BUNDLED_SYSTEM_PKG('pytalloc-util',
minversion=VERSION,
implied_deps='talloc
replace'):
using_system_pytalloc_util = False
+ # We need to get a pytalloc-util for all the python versions
+ # we are building for
+ if conf.env['EXTRA_PYTHON']:
+ name = 'pytalloc-util' +
conf.all_envs['extrapython']['PYTHON_SO_ABI_FLAG']
+ if not conf.CHECK_BUNDLED_SYSTEM_PKG(name, minversion=VERSION,
+ implied_deps='talloc
replace'):
+ using_system_pytalloc_util = False
+
if using_system_pytalloc_util:
conf.define('USING_SYSTEM_PYTALLOC_UTIL', 1)
diff --git a/python/samba/tests/dsdb.py b/python/samba/tests/dsdb.py
index ce5f599..a9f569b 100644
--- a/python/samba/tests/dsdb.py
+++ b/python/samba/tests/dsdb.py
@@ -23,6 +23,7 @@ from samba.auth import system_session
from samba.tests import TestCase
from samba.ndr import ndr_unpack, ndr_pack
from samba.dcerpc import drsblobs
+from samba import dsdb
import ldb
import os
import samba
@@ -505,3 +506,25 @@ class DsdbTests(TestCase):
backend_filename)
backend_path = self.lp.private_path(backend_subpath)
self._test_full_db_lock2(backend_path)
+
+ def test_no_error_on_invalid_control(self):
+ try:
+ res = self.samdb.search(expression="cn=Administrator",
+ scope=ldb.SCOPE_SUBTREE,
+ attrs=["replPropertyMetaData"],
+ controls=["local_oid:%s:0"
+ %
dsdb.DSDB_CONTROL_INVALID_NOT_IMPLEMENTED])
+ except ldb.LdbError as e:
+ self.fail("Should have not raised an exception")
+
+ def test_error_on_invalid_critical_control(self):
+ try:
+ res = self.samdb.search(expression="cn=Administrator",
+ scope=ldb.SCOPE_SUBTREE,
+ attrs=["replPropertyMetaData"],
+ controls=["local_oid:%s:1"
+ %
dsdb.DSDB_CONTROL_INVALID_NOT_IMPLEMENTED])
+ except ldb.LdbError as e:
+ if e[0] != ldb.ERR_UNSUPPORTED_CRITICAL_EXTENSION:
+ self.fail("Got %s should have got
ERR_UNSUPPORTED_CRITICAL_EXTENSION"
+ % e[1])
diff --git a/source4/dsdb/pydsdb.c b/source4/dsdb/pydsdb.c
index 47dc9ad..09623a6 100644
--- a/source4/dsdb/pydsdb.c
+++ b/source4/dsdb/pydsdb.c
@@ -1572,6 +1572,7 @@ void initdsdb(void)
ADD_DSDB_STRING(DSDB_CONTROL_PERMIT_INTERDOMAIN_TRUST_UAC_OID);
ADD_DSDB_STRING(DSDB_CONTROL_SKIP_DUPLICATES_CHECK_OID);
ADD_DSDB_STRING(DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID);
+ ADD_DSDB_STRING(DSDB_CONTROL_INVALID_NOT_IMPLEMENTED);
ADD_DSDB_STRING(DS_GUID_COMPUTERS_CONTAINER);
ADD_DSDB_STRING(DS_GUID_DELETED_OBJECTS_CONTAINER);
diff --git a/source4/dsdb/samdb/ldb_modules/util.c
b/source4/dsdb/samdb/ldb_modules/util.c
index 36d35b7..9e37c08 100644
--- a/source4/dsdb/samdb/ldb_modules/util.c
+++ b/source4/dsdb/samdb/ldb_modules/util.c
@@ -832,8 +832,29 @@ int dsdb_next_callback(struct ldb_request *req, struct
ldb_reply *ares)
{
struct ldb_request *up_req = talloc_get_type(req->context, struct
ldb_request);
- talloc_steal(up_req, req);
- return up_req->callback(up_req, ares);
+ if (!ares) {
+ return ldb_module_done(up_req, NULL, NULL,
+ LDB_ERR_OPERATIONS_ERROR);
+ }
+
+ if (ares->error != LDB_SUCCESS || ares->type == LDB_REPLY_DONE) {
+ return ldb_module_done(up_req, ares->controls,
+ ares->response, ares->error);
+ }
+
+ /* Otherwise pass on the callback */
+ switch (ares->type) {
+ case LDB_REPLY_ENTRY:
+ return ldb_module_send_entry(up_req, ares->message,
+ ares->controls);
+
+ case LDB_REPLY_REFERRAL:
+ return ldb_module_send_referral(up_req,
+ ares->referral);
+ default:
+ /* Can't happen */
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
}
/*
diff --git a/source4/dsdb/samdb/samdb.h b/source4/dsdb/samdb/samdb.h
index 5dce37e..c8658dc 100644
--- a/source4/dsdb/samdb/samdb.h
+++ b/source4/dsdb/samdb/samdb.h
@@ -189,6 +189,8 @@ struct dsdb_control_password_user_account_control {
*/
#define DSDB_CONTROL_FORCE_RODC_LOCAL_CHANGE "1.3.6.1.4.1.7165.4.3.31"
+#define DSDB_CONTROL_INVALID_NOT_IMPLEMENTED "1.3.6.1.4.1.7165.4.3.32"
+
#define DSDB_EXTENDED_REPLICATED_OBJECTS_OID "1.3.6.1.4.1.7165.4.4.1"
struct dsdb_extended_replicated_object {
struct ldb_message *msg;
diff --git a/source4/dsdb/schema/schema_set.c b/source4/dsdb/schema/schema_set.c
index 28bedb3..cfd320b 100644
--- a/source4/dsdb/schema/schema_set.c
+++ b/source4/dsdb/schema/schema_set.c
@@ -214,7 +214,27 @@ int dsdb_schema_set_indices_and_attributes(struct
ldb_context *ldb,
if (ret != LDB_SUCCESS) {
goto op_error;
}
- if (mod_msg->num_elements > 0) {
+
+ /*
+ * We don't want to re-index just because we didn't
+ * see this flag
+ *
+ * DO NOT backport this logic earlier than 4.7, it
+ * isn't needed and would be dangerous before 4.6,
+ * where we add logic to samba_dsdb to manage
+ * @SAMBA_FEATURES_SUPPORTED and need to know if the
+ * DB has been re-opened by an earlier version.
+ *
+ */
+
+ if (mod_msg->num_elements == 1
+ && ldb_attr_cmp(mod_msg->elements[0].name,
+ SAMBA_FEATURES_SUPPORTED_FLAG) == 0) {
+ /*
+ * Ignore only adding
+ * @SAMBA_FEATURES_SUPPORTED
+ */
+ } else if (mod_msg->num_elements > 0) {
/*
* Do the replace with the constructed message,
* to avoid needing a lock between this search
--
Samba Shared Repository
