The branch, master has been updated via a3fc18f679e dsdb: Rewrite comment to remove refernece to LDAP backends via dc308d1c293 dsdb: Remove dead code in partition_prep_request() via 01a3cf8e1e2 dsdb: Do not use ldb_save_controls() in partitions module for domain_scope via 47b6c4b8f59 dsdb: Improve clarity by adding a comment in replmd_delete_internals() via 7ad56d41740 dsdb: Simplifiy VANISH_LINKS handling: The variable "parent" is always non-NULL via f2a2b469b4d selftest: Confirm we can delete a user with a dangling backlink via 3b95125187c prevent NULL reference from being used as '%s' argument. via 535debb312b ldb: Add mem_ctx argument to ldb_kv_index_key() via 48cfb8458b0 ldb: Improve coding style in ldb_kv_index_dn_simple() via 0a87f59ac25 ldb: Fix memory leak in ldb_kv_index_dn_ordered() via b29e6480dc3 Rename macro argument s_addr due to it already being defined via 534809a0f09 selftest: test samba-tool group commands with groupnames with brackets and spaces via f3e7ea0405d samba-tool group edit: use binary encoded group name via 104582b73ca samba-tool group delete: use binary encoded group name via 626209beab2 samba-tool group move: use binary encoded group name via d0f8e833653 samba-tool group listmembers: use binary encoded group names via 1d2e9f27fa9 samba-tool group listmembers: find group members by groups SID via 40e498e743e samba-tool group listmembers: handle group-does-not-exist error via 789d84c0a9a samba-tool group listmembers: hide python backtracke on command error from 7678032272b Undef ARRAY_SIZE, if defined, before define to avoid compilation warnings
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit a3fc18f679e65aadcb3f7c5f4cdb64905383ea5d Author: Andrew Bartlett <abart...@samba.org> Date: Mon Feb 24 16:57:35 2020 +1300 dsdb: Rewrite comment to remove refernece to LDAP backends This is required despire the demise of the LDAP backend. Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Gary Lockyer <g...@catalyst.net.nz> Autobuild-User(master): Andrew Bartlett <abart...@samba.org> Autobuild-Date(master): Fri Feb 28 04:42:23 UTC 2020 on sn-devel-184 commit dc308d1c2937313813b628d7fb94463542a0dd81 Author: Andrew Bartlett <abart...@samba.org> Date: Mon Feb 24 16:43:44 2020 +1300 dsdb: Remove dead code in partition_prep_request() The partition variable is never NULL. Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Gary Lockyer <g...@catalyst.net.nz> commit 01a3cf8e1e2562a77635ecf2a9a79e28af43fe7c Author: Andrew Bartlett <abart...@samba.org> Date: Mon Feb 24 16:22:24 2020 +1300 dsdb: Do not use ldb_save_controls() in partitions module for domain_scope The LDAP backend is long-removed so we do not need this workaround for a confused server any longer. This avoids references to old (but valid) memory after a new ldb_control array is allocated in ldb_save_controls() and keeps the controls pointer as constant as possible given the multiple ldb_request structures it will appear in. Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Gary Lockyer <g...@catalyst.net.nz> commit 47b6c4b8f5987adda861bf8440949df4aaacef6c Author: Andrew Bartlett <abart...@samba.org> Date: Mon Feb 24 10:30:26 2020 +1300 dsdb: Improve clarity by adding a comment in replmd_delete_internals() Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Gary Lockyer <g...@catalyst.net.nz> commit 7ad56d41740d6794a85889f268654564c48c8a74 Author: Andrew Bartlett <abart...@samba.org> Date: Mon Feb 24 13:28:56 2020 +1300 dsdb: Simplifiy VANISH_LINKS handling: The variable "parent" is always non-NULL Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Gary Lockyer <g...@catalyst.net.nz> commit f2a2b469b4d3378102d6011e80b0c6532d802953 Author: Andrew Bartlett <abart...@samba.org> Date: Mon Feb 24 11:58:48 2020 +1300 selftest: Confirm we can delete a user with a dangling backlink Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Gary Lockyer <g...@catalyst.net.nz> commit 3b95125187c76945210a679b7ea2dc3b8ae7f778 Author: Swen Schillig <s...@linux.ibm.com> Date: Wed Jan 22 11:28:28 2020 +0100 prevent NULL reference from being used as '%s' argument. The two string arguments to torture_comment() can be NULL as the succeeding checks suggest. This is not wanted because a compile with --enable-developer throws an error of [-Werror=format-overflow=] in those situations. Signed-off-by: Swen Schillig <s...@linux.ibm.com> Reviewed-by: Gary Lockyer <g...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 535debb312b8dc5a9de6b6fe2543af84e9534a23 Author: Andrew Bartlett <abart...@samba.org> Date: Thu Feb 27 11:30:00 2020 +1300 ldb: Add mem_ctx argument to ldb_kv_index_key() This avoids using "ldb" as the memory context in most cases, and may avoid a long-term memory leak if future changes cause dn_key not to be freed. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14299 Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Gary Lockyer <g...@catalyst.net.nz> commit 48cfb8458b0ff86e3a431240933caa02d64af82f Author: Andrew Bartlett <abart...@samba.org> Date: Thu Feb 27 11:27:17 2020 +1300 ldb: Improve coding style in ldb_kv_index_dn_simple() We avoid bare if conditions in Samba. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14299 Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Gary Lockyer <g...@catalyst.net.nz> commit 0a87f59ac2580bdb7f93efa075323c73fc1ec83e Author: Andrew Bartlett <abart...@samba.org> Date: Thu Feb 27 11:12:55 2020 +1300 ldb: Fix memory leak in ldb_kv_index_dn_ordered() We need to ensure we TALLOC_FREE(tmp_ctx) in every error exit. Reported by Alex Kolesnik, ABISoft Ltd., www.abisoft.biz. Thanks! BUG: https://bugzilla.samba.org/show_bug.cgi?id=14299 Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Gary Lockyer <g...@catalyst.net.nz> commit b29e6480dc3b266ca1f311f675f67670f5635a21 Author: Peter Eriksson <p...@lysator.liu.se> Date: Thu Feb 27 09:59:32 2020 +0100 Rename macro argument s_addr due to it already being defined Signed-off-by: Peter Eriksson <p...@lysator.liu.se> Reviewed-by: Jeremy Allison <j...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 534809a0f09775390e89fa1cbfae3a1d0fafecb8 Author: Björn Baumbach <b...@sernet.de> Date: Thu Feb 27 11:06:34 2020 +0100 selftest: test samba-tool group commands with groupnames with brackets and spaces BUG: https://bugzilla.samba.org/show_bug.cgi?id=14296 Signed-off-by: Björn Baumbach <b...@sernet.de> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit f3e7ea0405d46ddfbeba9b3a84c13b7878464180 Author: Björn Baumbach <b...@sernet.de> Date: Wed Feb 26 13:56:14 2020 +0100 samba-tool group edit: use binary encoded group name Allows to edit groups with names like e.g. 'group1 (xy)'. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14296 Signed-off-by: Björn Baumbach <b...@sernet.de> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 104582b73caf008600e15d76d57424263a0f28d4 Author: Björn Baumbach <b...@sernet.de> Date: Wed Feb 26 13:55:01 2020 +0100 samba-tool group delete: use binary encoded group name Allows to delete groups with names like e.g. 'group1 (xy)'. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14296 Signed-off-by: Björn Baumbach <b...@sernet.de> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 626209beab2fc9b0fdb7e90338cdfec5cfa48dd7 Author: Björn Baumbach <b...@sernet.de> Date: Wed Feb 26 13:40:50 2020 +0100 samba-tool group move: use binary encoded group name Allows to move groups with names like e.g. 'group1 (xy)'. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14296 Signed-off-by: Björn Baumbach <b...@sernet.de> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit d0f8e833653df652df01a472c4bbfd256f10f810 Author: Björn Baumbach <b...@sernet.de> Date: Wed Feb 26 13:38:50 2020 +0100 samba-tool group listmembers: use binary encoded group names Allows to find groups with names like e.g. 'group1 (xy)'. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14296 Signed-off-by: Björn Baumbach <b...@sernet.de> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 1d2e9f27fa9cff55245e45a194f696fc9ca4376d Author: Björn Baumbach <b...@sernet.de> Date: Wed Feb 26 13:39:44 2020 +0100 samba-tool group listmembers: find group members by groups SID BUG: https://bugzilla.samba.org/show_bug.cgi?id=14296 Signed-off-by: Björn Baumbach <b...@sernet.de> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 40e498e743e4677a42030373e8d97f6f9763080a Author: Björn Baumbach <b...@sernet.de> Date: Wed Feb 26 13:08:43 2020 +0100 samba-tool group listmembers: handle group-does-not-exist error Return a error with a proper message instead of just do nothing when the target group does not exist. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14296 Signed-off-by: Björn Baumbach <b...@sernet.de> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 789d84c0a9a406f7e0c9ab48cf2f31afdc4d3829 Author: Björn Baumbach <b...@sernet.de> Date: Wed Feb 26 13:05:16 2020 +0100 samba-tool group listmembers: hide python backtracke on command error Signed-off-by: Björn Baumbach <b...@sernet.de> Reviewed-by: Andrew Bartlett <abart...@samba.org> ----------------------------------------------------------------------- Summary of changes: lib/ldb/ldb_key_value/ldb_kv_index.c | 78 +++++++++++++++++++------ lib/tsocket/tsocket.h | 8 +-- lib/tsocket/tsocket_bsd.c | 6 +- python/samba/netcmd/group.py | 41 +++++++------ python/samba/tests/samba_tool/group.py | 3 + source4/dsdb/samdb/ldb_modules/partition.c | 63 +++++++++----------- source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 39 +++++++------ source4/torture/rpc/drsuapi_cracknames.c | 7 ++- testprogs/blackbox/dbcheck-links.sh | 46 +++++++++++++++ 9 files changed, 189 insertions(+), 102 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/ldb/ldb_key_value/ldb_kv_index.c b/lib/ldb/ldb_key_value/ldb_kv_index.c index a7e341552ea..5a24b074e1c 100644 --- a/lib/ldb/ldb_key_value/ldb_kv_index.c +++ b/lib/ldb/ldb_key_value/ldb_kv_index.c @@ -975,6 +975,7 @@ int ldb_kv_index_transaction_cancel(struct ldb_module *module) the caller is responsible for freeing */ static struct ldb_dn *ldb_kv_index_key(struct ldb_context *ldb, + TALLOC_CTX *mem_ctx, struct ldb_kv_private *ldb_kv, const char *attr, const struct ldb_val *value, @@ -1110,7 +1111,7 @@ static struct ldb_dn *ldb_kv_index_key(struct ldb_context *ldb, if (should_b64_encode) { size_t vstr_len = 0; - char *vstr = ldb_base64_encode(ldb, (char *)v.data, v.length); + char *vstr = ldb_base64_encode(mem_ctx, (char *)v.data, v.length); if (!vstr) { talloc_free(attr_folded); return NULL; @@ -1131,7 +1132,7 @@ static struct ldb_dn *ldb_kv_index_key(struct ldb_context *ldb, * Note: the double hash "##" is not a typo and * indicates that the following value is base64 encoded */ - ret = ldb_dn_new_fmt(ldb, ldb, "%s#%s##%.*s", + ret = ldb_dn_new_fmt(mem_ctx, ldb, "%s#%s##%.*s", LDB_KV_INDEX, attr_for_dn, frmt_len, vstr); } else { @@ -1141,7 +1142,7 @@ static struct ldb_dn *ldb_kv_index_key(struct ldb_context *ldb, * Note: the double colon "::" is not a typo and * indicates that the following value is base64 encoded */ - ret = ldb_dn_new_fmt(ldb, ldb, "%s:%s::%.*s", + ret = ldb_dn_new_fmt(mem_ctx, ldb, "%s:%s::%.*s", LDB_KV_INDEX, attr_for_dn, frmt_len, vstr); } @@ -1163,13 +1164,13 @@ static struct ldb_dn *ldb_kv_index_key(struct ldb_context *ldb, * Truncated keys are placed in a separate key space * from the non truncated keys */ - ret = ldb_dn_new_fmt(ldb, ldb, "%s#%s#%.*s", + ret = ldb_dn_new_fmt(mem_ctx, ldb, "%s#%s#%.*s", LDB_KV_INDEX, attr_for_dn, frmt_len, (char *)v.data); } else { frmt_len = v.length; *truncation = KEY_NOT_TRUNCATED; - ret = ldb_dn_new_fmt(ldb, ldb, "%s:%s:%.*s", + ret = ldb_dn_new_fmt(mem_ctx, ldb, "%s:%s:%.*s", LDB_KV_INDEX, attr_for_dn, frmt_len, (char *)v.data); } @@ -1269,9 +1270,15 @@ static int ldb_kv_index_dn_simple(struct ldb_module *module, return LDB_ERR_OPERATIONS_ERROR; } - /* the attribute is indexed. Pull the list of DNs that match the - search criterion */ + /* + * the attribute is indexed. Pull the list of DNs that match the + * search criterion + * + * list is used as a memory context as it has a shorter life + * than 'ldb'. Regardless we talloc_free() 'dn' below. + */ dn = ldb_kv_index_key(ldb, + list, ldb_kv, tree->u.equality.attr, &tree->u.equality.value, @@ -1282,7 +1289,9 @@ static int ldb_kv_index_dn_simple(struct ldb_module *module, * as ltdb_search_indexed will filter out the wrong one in * ltdb_index_filter() which calls ldb_match_message(). */ - if (!dn) return LDB_ERR_OPERATIONS_ERROR; + if (!dn) { + return LDB_ERR_OPERATIONS_ERROR; + } ret = ldb_kv_dn_list_load(module, ldb_kv, dn, list, DN_LIST_WILL_BE_READ_ONLY); @@ -1910,7 +1919,7 @@ static int ldb_kv_index_dn_ordered(struct ldb_module *module, struct ldb_kv_ordered_index_context ctx; int ret; - TALLOC_CTX *tmp_ctx = talloc_new(NULL); + TALLOC_CTX *tmp_ctx = NULL; if (!ldb_kv_is_indexed(module, ldb_kv, tree->u.comparison.attr)) { return LDB_ERR_OPERATIONS_ERROR; @@ -1950,39 +1959,51 @@ static int ldb_kv_index_dn_ordered(struct ldb_module *module, return LDB_ERR_OPERATIONS_ERROR; } - key_dn = ldb_kv_index_key(ldb, ldb_kv, tree->u.comparison.attr, + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + return ldb_module_oom(module); + } + + key_dn = ldb_kv_index_key(ldb, tmp_ctx, ldb_kv, tree->u.comparison.attr, &tree->u.comparison.value, NULL, &truncation); if (!key_dn) { + TALLOC_FREE(tmp_ctx); return LDB_ERR_OPERATIONS_ERROR; } else if (truncation == KEY_TRUNCATED) { ldb_debug(ldb, LDB_DEBUG_WARNING, __location__ ": ordered index violation: key dn truncated: %s\n", ldb_dn_get_linearized(key_dn)); + TALLOC_FREE(tmp_ctx); return LDB_ERR_OPERATIONS_ERROR; } ldb_key = ldb_kv_key_dn(tmp_ctx, key_dn); talloc_free(key_dn); if (ldb_key.data == NULL) { + TALLOC_FREE(tmp_ctx); return LDB_ERR_OPERATIONS_ERROR; } - key_dn = ldb_kv_index_key(ldb, ldb_kv, tree->u.comparison.attr, + key_dn = ldb_kv_index_key(ldb, tmp_ctx, + ldb_kv, tree->u.comparison.attr, NULL, NULL, &truncation); if (!key_dn) { + TALLOC_FREE(tmp_ctx); return LDB_ERR_OPERATIONS_ERROR; } else if (truncation == KEY_TRUNCATED) { ldb_debug(ldb, LDB_DEBUG_WARNING, __location__ ": ordered index violation: key dn truncated: %s\n", ldb_dn_get_linearized(key_dn)); + TALLOC_FREE(tmp_ctx); return LDB_ERR_OPERATIONS_ERROR; } ldb_key2 = ldb_kv_key_dn(tmp_ctx, key_dn); talloc_free(key_dn); if (ldb_key2.data == NULL) { + TALLOC_FREE(tmp_ctx); return LDB_ERR_OPERATIONS_ERROR; } @@ -2022,13 +2043,14 @@ static int ldb_kv_index_dn_ordered(struct ldb_module *module, traverse_range_index, &ctx); if (ret != LDB_SUCCESS || ctx.error != LDB_SUCCESS) { + TALLOC_FREE(tmp_ctx); return LDB_ERR_OPERATIONS_ERROR; } TYPESAFE_QSORT(ctx.dn_list->dn, ctx.dn_list->count, ldb_val_equal_exact_for_qsort); - talloc_free(tmp_ctx); + TALLOC_FREE(tmp_ctx); return LDB_SUCCESS; } @@ -2084,7 +2106,13 @@ static int ldb_kv_index_dn_attr(struct ldb_module *module, return LDB_ERR_OPERATIONS_ERROR; } val.length = strlen((char *)val.data); - key = ldb_kv_index_key(ldb, ldb_kv, attr, &val, NULL, truncation); + + /* + * We use list as a TALLOC_CTX to provide a shorter-lived + * memory context than ldb, even as the result is freed with + * the talloc_free(key) below. + */ + key = ldb_kv_index_key(ldb, list, ldb_kv, attr, &val, NULL, truncation); if (!key) { ldb_oom(ldb); return LDB_ERR_OPERATIONS_ERROR; @@ -2656,8 +2684,13 @@ static int ldb_kv_index_add1(struct ldb_module *module, return LDB_ERR_OPERATIONS_ERROR; } - dn_key = ldb_kv_index_key( - ldb, ldb_kv, el->name, &el->values[v_idx], &a, &truncation); + dn_key = ldb_kv_index_key(ldb, + list, + ldb_kv, + el->name, + &el->values[v_idx], + &a, + &truncation); if (!dn_key) { talloc_free(list); return LDB_ERR_OPERATIONS_ERROR; @@ -2681,7 +2714,6 @@ static int ldb_kv_index_add1(struct ldb_module *module, talloc_free(list); return LDB_ERR_CONSTRAINT_VIOLATION; } - talloc_steal(list, dn_key); ret = ldb_kv_dn_list_load(module, ldb_kv, dn_key, list, DN_LIST_MUTABLE); @@ -3181,8 +3213,18 @@ int ldb_kv_index_del_value(struct ldb_module *module, return LDB_SUCCESS; } - dn_key = ldb_kv_index_key( - ldb, ldb_kv, el->name, &el->values[v_idx], NULL, &truncation); + /* + * ldb is being used as the memory context to ldb_kv_index_key + * as dn_key itself is also used as the TALLOC_CTX for the + * rest of this function. + */ + dn_key = ldb_kv_index_key(ldb, + ldb, + ldb_kv, + el->name, + &el->values[v_idx], + NULL, + &truncation); /* * We ignore key truncation in ltdb_index_add1() so * match that by ignoring it here as well diff --git a/lib/tsocket/tsocket.h b/lib/tsocket/tsocket.h index aad82795691..2f1c7981346 100644 --- a/lib/tsocket/tsocket.h +++ b/lib/tsocket/tsocket.h @@ -996,16 +996,16 @@ int _tsocket_address_bsd_from_sockaddr(TALLOC_CTX *mem_ctx, * @return 0 on success, -1 on error with errno set. */ int tsocket_address_bsd_from_samba_sockaddr(TALLOC_CTX *mem_ctx, - const struct samba_sockaddr *s_addr, + const struct samba_sockaddr *xs_addr, struct tsocket_address **t_addr); #else int _tsocket_address_bsd_from_samba_sockaddr(TALLOC_CTX *mem_ctx, - const struct samba_sockaddr *s_addr, + const struct samba_sockaddr *xs_addr, struct tsocket_address **t_addr, const char *location); -#define tsocket_address_bsd_from_samba_sockaddr(mem_ctx, s_addr, t_addr) \ - _tsocket_address_bsd_from_samba_sockaddr(mem_ctx, s_addr, t_addr, \ +#define tsocket_address_bsd_from_samba_sockaddr(mem_ctx, xs_addr, t_addr) \ + _tsocket_address_bsd_from_samba_sockaddr(mem_ctx, xs_addr, t_addr, \ __location__) #endif diff --git a/lib/tsocket/tsocket_bsd.c b/lib/tsocket/tsocket_bsd.c index 6ad40bd0ada..10ea1347149 100644 --- a/lib/tsocket/tsocket_bsd.c +++ b/lib/tsocket/tsocket_bsd.c @@ -282,13 +282,13 @@ int _tsocket_address_bsd_from_sockaddr(TALLOC_CTX *mem_ctx, } int _tsocket_address_bsd_from_samba_sockaddr(TALLOC_CTX *mem_ctx, - const struct samba_sockaddr *s_addr, + const struct samba_sockaddr *xs_addr, struct tsocket_address **t_addr, const char *location) { return _tsocket_address_bsd_from_sockaddr(mem_ctx, - &s_addr->u.sa, - s_addr->sa_socklen, + &xs_addr->u.sa, + xs_addr->sa_socklen, t_addr, location); } diff --git a/python/samba/netcmd/group.py b/python/samba/netcmd/group.py index 6e5ed1def28..76705100960 100644 --- a/python/samba/netcmd/group.py +++ b/python/samba/netcmd/group.py @@ -179,7 +179,7 @@ Example2 deletes group Group2 from the local server. The command is run under r credentials=creds, lp=lp) filter = ("(&(sAMAccountName=%s)(objectClass=group))" % - groupname) + ldb.binary_encode(groupname)) try: res = samdb.search(base=samdb.domain_dn(), @@ -516,21 +516,22 @@ samba-tool group listmembers \"Domain Users\" -H ldap://samba.samdom.example.com samdb = SamDB(url=H, session_info=system_session(), credentials=creds, lp=lp) - search_filter = "(&(objectClass=group)(samaccountname=%s))" % groupname - res = samdb.search(samdb.domain_dn(), scope=ldb.SCOPE_SUBTREE, - expression=(search_filter), - attrs=["objectSid"]) - - if (len(res) != 1): - return - - group_dn = res[0].get('dn', idx=0) - object_sid = res[0].get('objectSid', idx=0) - - object_sid = ndr_unpack(security.dom_sid, object_sid) - (group_dom_sid, rid) = object_sid.split() - - search_filter = "(|(primaryGroupID=%s)(memberOf=%s))" % (rid, group_dn) + search_filter = ("(&(objectClass=group)(sAMAccountName=%s))" % + ldb.binary_encode(groupname)) + try: + res = samdb.search(samdb.domain_dn(), scope=ldb.SCOPE_SUBTREE, + expression=(search_filter), + attrs=["objectSid"]) + group_sid_binary = res[0].get('objectSid', idx=0) + except IndexError: + raise CommandError('Unable to find group "%s"' % (groupname)) + + group_sid = ndr_unpack(security.dom_sid, group_sid_binary) + (group_dom_sid, rid) = group_sid.split() + group_sid_dn = "<SID=%s>" % (group_sid) + + search_filter = ("(|(primaryGroupID=%s)(memberOf=%s))" % + (rid, group_sid_dn)) res = samdb.search(samdb.domain_dn(), scope=ldb.SCOPE_SUBTREE, expression=(search_filter), attrs=["samAccountName", "cn"]) @@ -549,7 +550,8 @@ samba-tool group listmembers \"Domain Users\" -H ldap://samba.samdom.example.com self.outf.write("%s\n" % member_name) except Exception as e: - raise CommandError('Failed to list members of "%s" group ' % groupname, e) + raise CommandError('Failed to list members of "%s" group - %s' % + (groupname, e)) class cmd_group_move(Command): @@ -605,7 +607,7 @@ class cmd_group_move(Command): domain_dn = ldb.Dn(samdb, samdb.domain_dn()) filter = ("(&(sAMAccountName=%s)(objectClass=group))" % - groupname) + ldb.binary_encode(groupname)) try: res = samdb.search(base=domain_dn, expression=filter, @@ -871,7 +873,8 @@ class cmd_group_edit(Command): samdb = SamDB(url=H, session_info=system_session(), credentials=creds, lp=lp) - filter = ("(&(sAMAccountName=%s)(objectClass=group))" % groupname) + filter = ("(&(sAMAccountName=%s)(objectClass=group))" % + ldb.binary_encode(groupname)) domaindn = samdb.domain_dn() diff --git a/python/samba/tests/samba_tool/group.py b/python/samba/tests/samba_tool/group.py index f85c945d32c..47fd14b2d33 100644 --- a/python/samba/tests/samba_tool/group.py +++ b/python/samba/tests/samba_tool/group.py @@ -39,14 +39,17 @@ class GroupCmdTestCase(SambaToolCmdTest): self.groups.append(self._randomGroup({"name": "testgroup2"})) self.groups.append(self._randomGroup({"name": "testgroup3"})) self.groups.append(self._randomGroup({"name": "testgroup4"})) + self.groups.append(self._randomGroup({"name": "testgroup5 (with brackets)"})) self.groups.append(self._randomPosixGroup({"name": "posixgroup1"})) self.groups.append(self._randomPosixGroup({"name": "posixgroup2"})) self.groups.append(self._randomPosixGroup({"name": "posixgroup3"})) self.groups.append(self._randomPosixGroup({"name": "posixgroup4"})) + self.groups.append(self._randomPosixGroup({"name": "posixgroup5 (with brackets)"})) self.groups.append(self._randomUnixGroup({"name": "unixgroup1"})) self.groups.append(self._randomUnixGroup({"name": "unixgroup2"})) self.groups.append(self._randomUnixGroup({"name": "unixgroup3"})) self.groups.append(self._randomUnixGroup({"name": "unixgroup4"})) + self.groups.append(self._randomUnixGroup({"name": "unixgroup5 (with brackets)"})) # setup the 12 groups and ensure they are correct for group in self.groups: diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index 6b0fbe728bc..2544a106d13 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -238,6 +238,7 @@ static int partition_prep_request(struct partition_context *ac, int ret; struct ldb_request *req; struct ldb_control *partition_ctrl = NULL; + void *part_data = NULL; ac->part_req = talloc_realloc(ac, ac->part_req, struct part_request, @@ -323,42 +324,37 @@ static int partition_prep_request(struct partition_context *ac, } } - if (partition) { - void *part_data = partition->ctrl; + part_data = partition->ctrl; - ac->part_req[ac->num_requests].module = partition->module; + ac->part_req[ac->num_requests].module = partition->module; - if (partition_ctrl != NULL) { - if (partition_ctrl->data != NULL) { - part_data = partition_ctrl->data; - } - - /* - * If the provided current partition control is without - * data then use the calculated one. - */ - ret = ldb_request_add_control(req, - DSDB_CONTROL_CURRENT_PARTITION_OID, - false, part_data); - if (ret != LDB_SUCCESS) { - return ret; - } + if (partition_ctrl != NULL) { + if (partition_ctrl->data != NULL) { + part_data = partition_ctrl->data; } - if (req->operation == LDB_SEARCH) { - /* If the search is for 'more' than this partition, - * then change the basedn, so a remote LDAP server - * doesn't object */ - if (ldb_dn_compare_base(partition->ctrl->dn, - req->op.search.base) != 0) { - req->op.search.base = partition->ctrl->dn; - } + /* + * If the provided current partition control is without + * data then use the calculated one. + */ + ret = ldb_request_add_control(req, + DSDB_CONTROL_CURRENT_PARTITION_OID, + false, part_data); + if (ret != LDB_SUCCESS) { + return ret; } + } - } else { - /* make sure you put the module here, or - * or ldb_next_request() will skip a module */ - ac->part_req[ac->num_requests].module = ac->module; + if (req->operation == LDB_SEARCH) { + /* + * If the search is for 'more' than this partition, + * then change the basedn, so the check of the BASE DN + * still passes in the ldb_key_value layer + */ + if (ldb_dn_compare_base(partition->ctrl->dn, + req->op.search.base) != 0) { + req->op.search.base = partition->ctrl->dn; + } } ac->num_requests++; @@ -752,7 +748,6 @@ static int partition_replicate(struct ldb_module *module, struct ldb_request *re /* search */ static int partition_search(struct ldb_module *module, struct ldb_request *req) { - struct ldb_control **saved_controls; /* Find backend */ struct partition_private_data *data = talloc_get_type(ldb_module_get_private(module), struct partition_private_data); @@ -787,12 +782,6 @@ static int partition_search(struct ldb_module *module, struct ldb_request *req) } - /* Remove the "domain_scope" control, so we don't confuse a backend - * server */ - if (domain_scope_control && !ldb_save_controls(domain_scope_control, req, &saved_controls)) { - return ldb_oom(ldb_module_get_ctx(module)); - } - /* if we aren't initialised yet go further */ if (!data || !data->partitions) { return ldb_next_request(module, req); diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index a8a61d5df7c..824a4612f5a 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -2829,12 +2829,10 @@ static int replmd_modify_la_delete(struct ldb_module *module, return ret; } - if (parent) { - vanish_links_ctrl = ldb_request_get_control(parent, DSDB_CONTROL_REPLMD_VANISH_LINKS); - if (vanish_links_ctrl) { - vanish_links = true; - vanish_links_ctrl->critical = false; - } + vanish_links_ctrl = ldb_request_get_control(parent, DSDB_CONTROL_REPLMD_VANISH_LINKS); + if (vanish_links_ctrl) { + vanish_links = true; + vanish_links_ctrl->critical = false; } /* we empty out el->values here to avoid damage if we return early. */ @@ -3344,20 +3342,18 @@ static int replmd_modify_handle_linked_attribs(struct ldb_module *module, continue; } if ((schema_attr->linkID & 1) == 1) { - if (parent) { - struct ldb_control *ctrl; + struct ldb_control *ctrl; -- Samba Shared Repository