The Samba-Bugzilla – Attachment 12414 Details for
Bug 9959
Windows client join fails if a second container CN=System exists somewhere
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Bug-9959-v4-4-stable.patch
Bug-9959-v4-4-stable.patch (text/plain), 14.31 KB, created by
Arvid Requate
on 2016-08-27 13:52:15 UTC
(
hide
)
Description:
Bug-9959-v4-4-stable.patch
Filename:
MIME Type:
Creator:
Arvid Requate
Created:
2016-08-27 13:52:15 UTC
Size:
14.31 KB
patch
obsolete
>From 5758d65f43582a21021d3eb2d3f887bac79b1cb2 Mon Sep 17 00:00:00 2001 >From: Arvid Requate <requate@univention.de> >Date: Fri, 26 Aug 2016 16:18:57 +0200 >Subject: [PATCH 1/2] For Bug #9959: local talloc frame for next commit > >Signed-off-by: Arvid Requate <requate@univention.de> >--- > source4/rpc_server/backupkey/dcesrv_backupkey.c | 33 +++++++++++----------- > .../backupkey/dcesrv_backupkey_heimdal.c | 33 +++++++++++----------- > 2 files changed, 34 insertions(+), 32 deletions(-) > >diff --git a/source4/rpc_server/backupkey/dcesrv_backupkey.c b/source4/rpc_server/backupkey/dcesrv_backupkey.c >index 63b9ee9..eacc074 100644 >--- a/source4/rpc_server/backupkey/dcesrv_backupkey.c >+++ b/source4/rpc_server/backupkey/dcesrv_backupkey.c >@@ -54,6 +54,7 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx, > const char *name, > const DATA_BLOB *lsa_secret) > { >+ TALLOC_CTX *frame = talloc_stackframe(); > struct ldb_message *msg; > struct ldb_result *res; > struct ldb_dn *domain_dn; >@@ -72,7 +73,7 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx, > return NT_STATUS_INTERNAL_ERROR; > } > >- msg = ldb_msg_new(mem_ctx); >+ msg = ldb_msg_new(frame); > if (msg == NULL) { > return NT_STATUS_NO_MEMORY; > } >@@ -89,13 +90,13 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx, > > system_dn = samdb_search_dn(ldb, msg, domain_dn, "(&(objectClass=container)(cn=System))"); > if (system_dn == NULL) { >- talloc_free(msg); >+ talloc_free(frame); > return NT_STATUS_NO_MEMORY; > } > > name2 = talloc_asprintf(msg, "%s Secret", name); > if (name2 == NULL) { >- talloc_free(msg); >+ talloc_free(frame); > return NT_STATUS_NO_MEMORY; > } > >@@ -105,7 +106,7 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx, > > if (ret != LDB_SUCCESS || res->count != 0 ) { > DEBUG(2, ("Secret %s already exists !\n", name2)); >- talloc_free(msg); >+ talloc_free(frame); > return NT_STATUS_OBJECT_NAME_COLLISION; > } > >@@ -114,41 +115,41 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx, > * here only if the key didn't exists before > */ > >- msg->dn = ldb_dn_copy(mem_ctx, system_dn); >+ msg->dn = ldb_dn_copy(frame, system_dn); > if (msg->dn == NULL) { >- talloc_free(msg); >+ talloc_free(frame); > return NT_STATUS_NO_MEMORY; > } > if (!ldb_dn_add_child_fmt(msg->dn, "cn=%s", name2)) { >- talloc_free(msg); >+ talloc_free(frame); > return NT_STATUS_NO_MEMORY; > } > > ret = ldb_msg_add_string(msg, "cn", name2); > if (ret != LDB_SUCCESS) { >- talloc_free(msg); >+ talloc_free(frame); > return NT_STATUS_NO_MEMORY; > } > ret = ldb_msg_add_string(msg, "objectClass", "secret"); > if (ret != LDB_SUCCESS) { >- talloc_free(msg); >+ talloc_free(frame); > return NT_STATUS_NO_MEMORY; > } >- ret = samdb_msg_add_uint64(ldb, mem_ctx, msg, "priorSetTime", nt_now); >+ ret = samdb_msg_add_uint64(ldb, frame, msg, "priorSetTime", nt_now); > if (ret != LDB_SUCCESS) { >- talloc_free(msg); >+ talloc_free(frame); > return NT_STATUS_NO_MEMORY; > } > val.data = lsa_secret->data; > val.length = lsa_secret->length; > ret = ldb_msg_add_value(msg, "currentValue", &val, NULL); > if (ret != LDB_SUCCESS) { >- talloc_free(msg); >+ talloc_free(frame); > return NT_STATUS_NO_MEMORY; > } >- ret = samdb_msg_add_uint64(ldb, mem_ctx, msg, "lastSetTime", nt_now); >+ ret = samdb_msg_add_uint64(ldb, frame, msg, "lastSetTime", nt_now); > if (ret != LDB_SUCCESS) { >- talloc_free(msg); >+ talloc_free(frame); > return NT_STATUS_NO_MEMORY; > } > >@@ -162,11 +163,11 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx, > DEBUG(2,("Failed to create secret record %s: %s\n", > ldb_dn_get_linearized(msg->dn), > ldb_errstring(ldb))); >- talloc_free(msg); >+ talloc_free(frame); > return NT_STATUS_ACCESS_DENIED; > } > >- talloc_free(msg); >+ talloc_free(frame); > return NT_STATUS_OK; > } > >diff --git a/source4/rpc_server/backupkey/dcesrv_backupkey_heimdal.c b/source4/rpc_server/backupkey/dcesrv_backupkey_heimdal.c >index ac12c64..6f642fc 100644 >--- a/source4/rpc_server/backupkey/dcesrv_backupkey_heimdal.c >+++ b/source4/rpc_server/backupkey/dcesrv_backupkey_heimdal.c >@@ -67,6 +67,7 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx, > const char *name, > const DATA_BLOB *lsa_secret) > { >+ TALLOC_CTX *frame = talloc_stackframe(); > struct ldb_message *msg; > struct ldb_result *res; > struct ldb_dn *domain_dn; >@@ -85,7 +86,7 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx, > return NT_STATUS_INTERNAL_ERROR; > } > >- msg = ldb_msg_new(mem_ctx); >+ msg = ldb_msg_new(frame); > if (msg == NULL) { > return NT_STATUS_NO_MEMORY; > } >@@ -102,13 +103,13 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx, > > system_dn = samdb_search_dn(ldb, msg, domain_dn, "(&(objectClass=container)(cn=System))"); > if (system_dn == NULL) { >- talloc_free(msg); >+ talloc_free(frame); > return NT_STATUS_NO_MEMORY; > } > > name2 = talloc_asprintf(msg, "%s Secret", name); > if (name2 == NULL) { >- talloc_free(msg); >+ talloc_free(frame); > return NT_STATUS_NO_MEMORY; > } > >@@ -118,7 +119,7 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx, > > if (ret != LDB_SUCCESS || res->count != 0 ) { > DEBUG(2, ("Secret %s already exists !\n", name2)); >- talloc_free(msg); >+ talloc_free(frame); > return NT_STATUS_OBJECT_NAME_COLLISION; > } > >@@ -127,41 +128,41 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx, > * here only if the key didn't exists before > */ > >- msg->dn = ldb_dn_copy(mem_ctx, system_dn); >+ msg->dn = ldb_dn_copy(frame, system_dn); > if (msg->dn == NULL) { >- talloc_free(msg); >+ talloc_free(frame); > return NT_STATUS_NO_MEMORY; > } > if (!ldb_dn_add_child_fmt(msg->dn, "cn=%s", name2)) { >- talloc_free(msg); >+ talloc_free(frame); > return NT_STATUS_NO_MEMORY; > } > > ret = ldb_msg_add_string(msg, "cn", name2); > if (ret != LDB_SUCCESS) { >- talloc_free(msg); >+ talloc_free(frame); > return NT_STATUS_NO_MEMORY; > } > ret = ldb_msg_add_string(msg, "objectClass", "secret"); > if (ret != LDB_SUCCESS) { >- talloc_free(msg); >+ talloc_free(frame); > return NT_STATUS_NO_MEMORY; > } >- ret = samdb_msg_add_uint64(ldb, mem_ctx, msg, "priorSetTime", nt_now); >+ ret = samdb_msg_add_uint64(ldb, frame, msg, "priorSetTime", nt_now); > if (ret != LDB_SUCCESS) { >- talloc_free(msg); >+ talloc_free(frame); > return NT_STATUS_NO_MEMORY; > } > val.data = lsa_secret->data; > val.length = lsa_secret->length; > ret = ldb_msg_add_value(msg, "currentValue", &val, NULL); > if (ret != LDB_SUCCESS) { >- talloc_free(msg); >+ talloc_free(frame); > return NT_STATUS_NO_MEMORY; > } >- ret = samdb_msg_add_uint64(ldb, mem_ctx, msg, "lastSetTime", nt_now); >+ ret = samdb_msg_add_uint64(ldb, frame, msg, "lastSetTime", nt_now); > if (ret != LDB_SUCCESS) { >- talloc_free(msg); >+ talloc_free(frame); > return NT_STATUS_NO_MEMORY; > } > >@@ -175,11 +176,11 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx, > DEBUG(2,("Failed to create secret record %s: %s\n", > ldb_dn_get_linearized(msg->dn), > ldb_errstring(ldb))); >- talloc_free(msg); >+ talloc_free(frame); > return NT_STATUS_ACCESS_DENIED; > } > >- talloc_free(msg); >+ talloc_free(frame); > return NT_STATUS_OK; > } > >-- >2.1.4 > >From 40179c299a71ecd64a20659b7a5ab2358f1d3973 Mon Sep 17 00:00:00 2001 >From: Arvid Requate <requate@univention.de> >Date: Fri, 26 Aug 2016 16:20:34 +0200 >Subject: [PATCH 2/2] Bug #9959: Don't search for CN=System > >Signed-off-by: Arvid Requate <requate@univention.de> >--- > source4/rpc_server/backupkey/dcesrv_backupkey.c | 30 ++++++++++------------ > .../backupkey/dcesrv_backupkey_heimdal.c | 30 ++++++++++------------ > source4/rpc_server/lsa/lsa_init.c | 11 +++++--- > source4/rpc_server/netlogon/dcerpc_netlogon.c | 12 +++++---- > 4 files changed, 42 insertions(+), 41 deletions(-) > >diff --git a/source4/rpc_server/backupkey/dcesrv_backupkey.c b/source4/rpc_server/backupkey/dcesrv_backupkey.c >index eacc074..5b97598 100644 >--- a/source4/rpc_server/backupkey/dcesrv_backupkey.c >+++ b/source4/rpc_server/backupkey/dcesrv_backupkey.c >@@ -57,8 +57,7 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx, > TALLOC_CTX *frame = talloc_stackframe(); > struct ldb_message *msg; > struct ldb_result *res; >- struct ldb_dn *domain_dn; >- struct ldb_dn *system_dn; >+ struct ldb_dn *system_dn = NULL; > struct ldb_val val; > int ret; > char *name2; >@@ -68,11 +67,6 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx, > NULL > }; > >- domain_dn = ldb_get_default_basedn(ldb); >- if (!domain_dn) { >- return NT_STATUS_INTERNAL_ERROR; >- } >- > msg = ldb_msg_new(frame); > if (msg == NULL) { > return NT_STATUS_NO_MEMORY; >@@ -88,12 +82,17 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx, > * * taillor the function to the particular needs of backup protocol > */ > >- system_dn = samdb_search_dn(ldb, msg, domain_dn, "(&(objectClass=container)(cn=System))"); >+ system_dn = ldb_dn_copy(frame, ldb_get_default_basedn(ldb)); > if (system_dn == NULL) { > talloc_free(frame); > return NT_STATUS_NO_MEMORY; > } > >+ if (!ldb_dn_add_child_fmt(system_dn, "CN=System")) { >+ talloc_free(frame); >+ return NT_STATUS_NO_MEMORY; >+ } >+ > name2 = talloc_asprintf(msg, "%s Secret", name); > if (name2 == NULL) { > talloc_free(frame); >@@ -179,8 +178,7 @@ static NTSTATUS get_lsa_secret(TALLOC_CTX *mem_ctx, > { > TALLOC_CTX *tmp_mem; > struct ldb_result *res; >- struct ldb_dn *domain_dn; >- struct ldb_dn *system_dn; >+ struct ldb_dn *system_dn = NULL; > const struct ldb_val *val; > uint8_t *data; > const char *attrs[] = { >@@ -192,22 +190,22 @@ static NTSTATUS get_lsa_secret(TALLOC_CTX *mem_ctx, > lsa_secret->data = NULL; > lsa_secret->length = 0; > >- domain_dn = ldb_get_default_basedn(ldb); >- if (!domain_dn) { >- return NT_STATUS_INTERNAL_ERROR; >- } >- > tmp_mem = talloc_new(mem_ctx); > if (tmp_mem == NULL) { > return NT_STATUS_NO_MEMORY; > } > >- system_dn = samdb_search_dn(ldb, tmp_mem, domain_dn, "(&(objectClass=container)(cn=System))"); >+ system_dn = ldb_dn_copy(tmp_mem, ldb_get_default_basedn(ldb)); > if (system_dn == NULL) { > talloc_free(tmp_mem); > return NT_STATUS_NO_MEMORY; > } > >+ if (!ldb_dn_add_child_fmt(system_dn, "CN=System")) { >+ talloc_free(tmp_mem); >+ return NT_STATUS_NO_MEMORY; >+ } >+ > ret = ldb_search(ldb, mem_ctx, &res, system_dn, LDB_SCOPE_SUBTREE, attrs, > "(&(cn=%s Secret)(objectclass=secret))", > ldb_binary_encode_string(tmp_mem, name)); >diff --git a/source4/rpc_server/backupkey/dcesrv_backupkey_heimdal.c b/source4/rpc_server/backupkey/dcesrv_backupkey_heimdal.c >index 6f642fc..de5fa50 100644 >--- a/source4/rpc_server/backupkey/dcesrv_backupkey_heimdal.c >+++ b/source4/rpc_server/backupkey/dcesrv_backupkey_heimdal.c >@@ -70,8 +70,7 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx, > TALLOC_CTX *frame = talloc_stackframe(); > struct ldb_message *msg; > struct ldb_result *res; >- struct ldb_dn *domain_dn; >- struct ldb_dn *system_dn; >+ struct ldb_dn *system_dn = NULL; > struct ldb_val val; > int ret; > char *name2; >@@ -81,11 +80,6 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx, > NULL > }; > >- domain_dn = ldb_get_default_basedn(ldb); >- if (!domain_dn) { >- return NT_STATUS_INTERNAL_ERROR; >- } >- > msg = ldb_msg_new(frame); > if (msg == NULL) { > return NT_STATUS_NO_MEMORY; >@@ -101,12 +95,17 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx, > * * taillor the function to the particular needs of backup protocol > */ > >- system_dn = samdb_search_dn(ldb, msg, domain_dn, "(&(objectClass=container)(cn=System))"); >+ system_dn = ldb_dn_copy(frame, ldb_get_default_basedn(ldb)); > if (system_dn == NULL) { > talloc_free(frame); > return NT_STATUS_NO_MEMORY; > } > >+ if (!ldb_dn_add_child_fmt(system_dn, "CN=System")) { >+ talloc_free(frame); >+ return NT_STATUS_NO_MEMORY; >+ } >+ > name2 = talloc_asprintf(msg, "%s Secret", name); > if (name2 == NULL) { > talloc_free(frame); >@@ -192,8 +191,7 @@ static NTSTATUS get_lsa_secret(TALLOC_CTX *mem_ctx, > { > TALLOC_CTX *tmp_mem; > struct ldb_result *res; >- struct ldb_dn *domain_dn; >- struct ldb_dn *system_dn; >+ struct ldb_dn *system_dn = NULL; > const struct ldb_val *val; > uint8_t *data; > const char *attrs[] = { >@@ -205,22 +203,22 @@ static NTSTATUS get_lsa_secret(TALLOC_CTX *mem_ctx, > lsa_secret->data = NULL; > lsa_secret->length = 0; > >- domain_dn = ldb_get_default_basedn(ldb); >- if (!domain_dn) { >- return NT_STATUS_INTERNAL_ERROR; >- } >- > tmp_mem = talloc_new(mem_ctx); > if (tmp_mem == NULL) { > return NT_STATUS_NO_MEMORY; > } > >- system_dn = samdb_search_dn(ldb, tmp_mem, domain_dn, "(&(objectClass=container)(cn=System))"); >+ system_dn = ldb_dn_copy(tmp_mem, ldb_get_default_basedn(ldb)); > if (system_dn == NULL) { > talloc_free(tmp_mem); > return NT_STATUS_NO_MEMORY; > } > >+ if (!ldb_dn_add_child_fmt(system_dn, "CN=System")) { >+ talloc_free(tmp_mem); >+ return NT_STATUS_NO_MEMORY; >+ } >+ > ret = ldb_search(ldb, mem_ctx, &res, system_dn, LDB_SCOPE_SUBTREE, attrs, > "(&(cn=%s Secret)(objectclass=secret))", > ldb_binary_encode_string(tmp_mem, name)); >diff --git a/source4/rpc_server/lsa/lsa_init.c b/source4/rpc_server/lsa/lsa_init.c >index 5628c5b..4173a97 100644 >--- a/source4/rpc_server/lsa/lsa_init.c >+++ b/source4/rpc_server/lsa/lsa_init.c >@@ -144,10 +144,13 @@ NTSTATUS dcesrv_lsa_get_policy_state(struct dcesrv_call_state *dce_call, > > /* work out the system_dn - useful for so many calls its worth > fetching here */ >- state->system_dn = samdb_search_dn(state->sam_ldb, state, >- state->domain_dn, "(&(objectClass=container)(cn=System))"); >- if (!state->system_dn) { >- return NT_STATUS_NO_SUCH_DOMAIN; >+ state->system_dn = ldb_dn_copy(state, state->domain_dn); >+ if (state->system_dn == NULL) { >+ return NT_STATUS_NO_MEMORY; >+ } >+ >+ if (!ldb_dn_add_child_fmt(state->system_dn, "CN=System")) { >+ return NT_STATUS_NO_MEMORY; > } > > state->builtin_sid = dom_sid_parse_talloc(state, SID_BUILTIN); >diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c >index 7a92a6d..d97b77b 100644 >--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c >+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c >@@ -2663,11 +2663,13 @@ static WERROR fill_trusted_domains_array(TALLOC_CTX *mem_ctx, > return WERR_INVALID_FLAGS; > } > >- system_dn = samdb_search_dn(sam_ctx, mem_ctx, >- ldb_get_default_basedn(sam_ctx), >- "(&(objectClass=container)(cn=System))"); >- if (!system_dn) { >- return WERR_GENERAL_FAILURE; >+ system_dn = ldb_dn_copy(mem_ctx, ldb_get_default_basedn(sam_ctx)); >+ if (system_dn == NULL) { >+ return WERR_NOMEM; >+ } >+ >+ if (!ldb_dn_add_child_fmt(system_dn, "CN=System")) { >+ return WERR_NOMEM; > } > > ret = gendb_search(sam_ctx, mem_ctx, system_dn, >-- >2.1.4 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 9959
:
8981
|
8982
|
8983
|
12413
|
12414
|
12415
|
12884
|
18014
|
18015
|
18016