The branch, master has been updated
via 8c0391d38e5 dsdb/schema: let dsdb_syntax_DN_BINARY_drsuapi_to_ldb
return WERR_DS_INVALID_ATTRIBUTE_SYNTAX
via 8026efd6479 dsdb/schema: add no memory checks for
{ldb,dsdb}_dn_get_extended_linearized()
via 15f332a1c03 dsdb/common: dsdb_dn_construct_internal() more strict
checking
via 8115fb03b6a dsdb/schema: fix Object(OR-Name) syntax definition
via e16d29f719f dsdb/schema/tests: let samba4.local.dsdb.syntax call
the validate_dn() hook
from 1243f52f7ae s4:rpc_server/netlogon: let CSDVersion="" wipe
operatingSystemServicePack
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 8c0391d38e53a356aabc6e2c9fdf747a1f1f16d5
Author: Stefan Metzmacher <me...@samba.org>
Date: Mon Dec 20 17:48:44 2021 +0100
dsdb/schema: let dsdb_syntax_DN_BINARY_drsuapi_to_ldb return
WERR_DS_INVALID_ATTRIBUTE_SYNTAX
When Object(OR-Name) uses dsdb_syntax_DN_BINARY_drsuapi_to_ldb() it
should genrate WERR_DS_INVALID_ATTRIBUTE_SYNTAX if the binary part
is not empty.
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
Autobuild-User(master): Jeremy Allison <j...@samba.org>
Autobuild-Date(master): Wed Jan 12 03:09:52 UTC 2022 on sn-devel-184
commit 8026efd647957bdb63e2ba98ea736ccaf3a71f4c
Author: Stefan Metzmacher <me...@samba.org>
Date: Mon Dec 20 17:46:47 2021 +0100
dsdb/schema: add no memory checks for
{ldb,dsdb}_dn_get_extended_linearized()
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit 15f332a1c0340b808730427e482e374c96e2cd20
Author: Stefan Metzmacher <me...@samba.org>
Date: Sat Jun 5 23:12:50 2021 +0200
dsdb/common: dsdb_dn_construct_internal() more strict checking
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit 8115fb03b6ade8d99c8acd459fc94dab5413a211
Author: Stefan Metzmacher <me...@samba.org>
Date: Mon Dec 20 17:50:07 2021 +0100
dsdb/schema: fix Object(OR-Name) syntax definition
This is a strange one, it uses DN_BINARY in the drsuapi
representation, while the binary part must be 0 bytes.
and the LDAP/ldb representation is a plain DN (without 'B:').
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit e16d29f719f8268b244cf7c6b20ade5d829669aa
Author: Stefan Metzmacher <me...@samba.org>
Date: Sat Jun 5 23:12:20 2021 +0200
dsdb/schema/tests: let samba4.local.dsdb.syntax call the validate_dn() hook
This demonstrates that our OR-Name syntax is wrong,
which wasn't noticed yet as it's not used in the AD-Schema.
I noticed it by installing the Exchange-Schema on a Samba DC.
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
source4/dsdb/common/dsdb_dn.c | 26 ++++++++++++++++++++------
source4/dsdb/schema/schema_syntax.c | 16 +++++++++++++---
source4/dsdb/schema/tests/schema_syntax.c | 2 ++
3 files changed, 35 insertions(+), 9 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/dsdb/common/dsdb_dn.c b/source4/dsdb/common/dsdb_dn.c
index 856b3048771..e348ab6aa94 100644
--- a/source4/dsdb/common/dsdb_dn.c
+++ b/source4/dsdb/common/dsdb_dn.c
@@ -47,18 +47,32 @@ static struct dsdb_dn
*dsdb_dn_construct_internal(TALLOC_CTX *mem_ctx,
enum dsdb_dn_format
dn_format,
const char *oid)
{
- struct dsdb_dn *dsdb_dn = talloc(mem_ctx, struct dsdb_dn);
+ struct dsdb_dn *dsdb_dn = NULL;
+
+ switch (dn_format) {
+ case DSDB_BINARY_DN:
+ case DSDB_STRING_DN:
+ break;
+ case DSDB_NORMAL_DN:
+ if (extra_part.length != 0) {
+ errno = EINVAL;
+ return NULL;
+ }
+ break;
+ case DSDB_INVALID_DN:
+ default:
+ errno = EINVAL;
+ return NULL;
+ }
+
+ dsdb_dn = talloc(mem_ctx, struct dsdb_dn);
if (!dsdb_dn) {
+ errno = ENOMEM;
return NULL;
}
dsdb_dn->dn = talloc_steal(dsdb_dn, dn);
dsdb_dn->extra_part = extra_part;
dsdb_dn->dn_format = dn_format;
- /* Look to see if this attributeSyntax is a DN */
- if (dsdb_dn->dn_format == DSDB_INVALID_DN) {
- talloc_free(dsdb_dn);
- return NULL;
- }
dsdb_dn->oid = oid;
talloc_steal(dsdb_dn, extra_part.data);
diff --git a/source4/dsdb/schema/schema_syntax.c
b/source4/dsdb/schema/schema_syntax.c
index fcf9ca4ce3c..b3df10a0217 100644
--- a/source4/dsdb/schema/schema_syntax.c
+++ b/source4/dsdb/schema/schema_syntax.c
@@ -1726,6 +1726,7 @@ static WERROR
dsdb_syntax_one_DN_drsuapi_to_ldb(TALLOC_CTX *mem_ctx, struct ldb_
*out = data_blob_string_const(ldb_dn_get_extended_linearized(mem_ctx,
dn, 1));
talloc_free(tmp_ctx);
+ W_ERROR_HAVE_NO_MEMORY(out->data);
return WERR_OK;
}
@@ -2054,12 +2055,21 @@ static WERROR
dsdb_syntax_DN_BINARY_drsuapi_to_ldb(const struct dsdb_syntax_ctx
/* set binary stuff */
dsdb_dn = dsdb_dn_construct(tmp_ctx, dn, id3.binary,
attr->syntax->ldap_oid);
if (!dsdb_dn) {
- /* If this fails, it must be out of memory, we know the
ldap_oid is valid */
+ if (errno == EINVAL) {
+ /*
+ * This might be Object(OR-Name)
+ * failing because of a non empty
+ * binary part.
+ */
+ talloc_free(tmp_ctx);
+ return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
+ }
talloc_free(tmp_ctx);
W_ERROR_HAVE_NO_MEMORY(dsdb_dn);
}
out->values[i] =
data_blob_string_const(dsdb_dn_get_extended_linearized(out->values, dsdb_dn,
1));
talloc_free(tmp_ctx);
+ W_ERROR_HAVE_NO_MEMORY(out->values[i].data);
}
return WERR_OK;
@@ -2584,8 +2594,8 @@ static const struct dsdb_syntax dsdb_syntaxes[] = {
.attributeSyntax_oid = "2.5.5.7",
.drsuapi_to_ldb = dsdb_syntax_DN_BINARY_drsuapi_to_ldb,
.ldb_to_drsuapi = dsdb_syntax_DN_BINARY_ldb_to_drsuapi,
- .validate_ldb = dsdb_syntax_DN_BINARY_validate_ldb,
- .equality = "caseIgnoreMatch",
+ .validate_ldb = dsdb_syntax_DN_validate_ldb,
+ .equality = "distinguishedNameMatch",
.ldb_syntax = LDB_SYNTAX_DN,
},{
/*
diff --git a/source4/dsdb/schema/tests/schema_syntax.c
b/source4/dsdb/schema/tests/schema_syntax.c
index b22e110db52..7eba1029164 100644
--- a/source4/dsdb/schema/tests/schema_syntax.c
+++ b/source4/dsdb/schema/tests/schema_syntax.c
@@ -119,6 +119,8 @@ static bool torture_test_syntax(struct torture_context
*torture,
torture_assert_data_blob_equal(torture, el.values[0], ldb_blob,
"Incorrect conversion from DRS to ldb format");
+ torture_assert_werr_ok(torture, syntax->validate_ldb(&syntax_ctx, attr,
&el), "Failed to validate ldb format");
+
torture_assert_werr_ok(torture, syntax->ldb_to_drsuapi(&syntax_ctx,
attr, &el, tmp_ctx, &drs2), "Failed to convert from ldb to DRS format");
torture_assert(torture, drs2.value_ctr.values[0].blob, "No blob
returned from conversion");
--
Samba Shared Repository
