The Samba-Bugzilla – Attachment 13729 Details for
Bug 13095
Broken linked attribute handling
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch for 4.7.1
la-fix-for-47.patch (text/plain), 5.04 KB, created by
Douglas Bagnall
on 2017-10-26 22:22:18 UTC
(
hide
)
Description:
patch for 4.7.1
Filename:
MIME Type:
Creator:
Douglas Bagnall
Created:
2017-10-26 22:22:18 UTC
Size:
5.04 KB
patch
obsolete
>From 07e2a2612002741cda09ff44c93ccc62ed352fc8 Mon Sep 17 00:00:00 2001 >From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >Date: Wed, 25 Oct 2017 10:54:42 +1300 >Subject: [PATCH 1/2] linked attribute tests: test against duplicates in > replace > >We should not be able to introduce duplicate links using MOD_REPLACE. >It turns out we could and weren't testing. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13095 > >Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit 046fc1f7de685afcbb7f0b92f0280ff0109ed4b7) >--- > selftest/knownfail.d/ldap-linked-attributes | 3 +++ > source4/dsdb/tests/python/linked_attributes.py | 10 ++++++++++ > 2 files changed, 13 insertions(+) > create mode 100644 selftest/knownfail.d/ldap-linked-attributes > >diff --git a/selftest/knownfail.d/ldap-linked-attributes b/selftest/knownfail.d/ldap-linked-attributes >new file mode 100644 >index 00000000000..5fa50e3ea0c >--- /dev/null >+++ b/selftest/knownfail.d/ldap-linked-attributes >@@ -0,0 +1,3 @@ >+# linked attribute replacement isn't checking for duplicates. >+ >+samba4.ldap.linked_attributes.python.*test_la_links_replace >diff --git a/source4/dsdb/tests/python/linked_attributes.py b/source4/dsdb/tests/python/linked_attributes.py >index 6235bf77a89..705c9d5c0db 100644 >--- a/source4/dsdb/tests/python/linked_attributes.py >+++ b/source4/dsdb/tests/python/linked_attributes.py >@@ -464,6 +464,16 @@ class LATests(samba.tests.TestCase): > self.assert_back_links(u3, [g1]) > self.assert_back_links(u4, []) > >+ try: >+ # adding u2 twice should be an error >+ self.replace_linked_attribute(g2, [u1, u2, u3, u2]) >+ except ldb.LdbError as (num, msg): >+ if num != ldb.ERR_ENTRY_ALREADY_EXISTS: >+ self.fail("adding duplicate values, expected " >+ "ERR_ENTRY_ALREADY_EXISTS, (%d) " >+ "got %d" % (ldb.ERR_ENTRY_ALREADY_EXISTS, num)) >+ else: >+ self.fail("replacing duplicate values succeeded when it shouldn't") > > def test_la_links_replace2(self): > users = self.add_objects(12, 'user', 'u_replace2') >-- >2.11.0 > > >From 1eb7a4ba863d0413811a1361f249dff91eda85e4 Mon Sep 17 00:00:00 2001 >From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >Date: Wed, 25 Oct 2017 10:12:09 +1300 >Subject: [PATCH 2/2] replmd: check for duplicate values in MOD_REPLACE case > >Because we already have a sorted parsed_dn list, this is a simple >linear scan. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13095 > >Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit 625e65d9f354059d0b44ca7df329d862d93378c4) >--- > selftest/knownfail.d/ldap-linked-attributes | 3 -- > source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 37 +++++++++++++++++++++++++ > 2 files changed, 37 insertions(+), 3 deletions(-) > delete mode 100644 selftest/knownfail.d/ldap-linked-attributes > >diff --git a/selftest/knownfail.d/ldap-linked-attributes b/selftest/knownfail.d/ldap-linked-attributes >deleted file mode 100644 >index 5fa50e3ea0c..00000000000 >--- a/selftest/knownfail.d/ldap-linked-attributes >+++ /dev/null >@@ -1,3 +0,0 @@ >-# linked attribute replacement isn't checking for duplicates. >- >-samba4.ldap.linked_attributes.python.*test_la_links_replace >diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c >index e4c3cda8cda..8c6040a3d52 100644 >--- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c >+++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c >@@ -2090,6 +2090,37 @@ static int get_parsed_dns_trusted(struct ldb_module *module, > } > > /* >+ Return LDB_SUCCESS if a parsed_dn list contains no duplicate values, >+ otherwise an error code. For compatibility the error code differs depending >+ on whether or not the attribute is "member". >+ >+ As always, the parsed_dn list is assumed to be sorted. >+ */ >+static int check_parsed_dn_duplicates(struct ldb_module *module, >+ struct ldb_message_element *el, >+ struct parsed_dn *pdn) >+{ >+ unsigned int i; >+ struct ldb_context *ldb = ldb_module_get_ctx(module); >+ >+ for (i = 1; i < el->num_values; i++) { >+ struct parsed_dn *p = &pdn[i]; >+ if (parsed_dn_compare(p, &pdn[i - 1]) == 0) { >+ ldb_asprintf_errstring(ldb, >+ "Linked attribute %s has " >+ "multiple identical values", >+ el->name); >+ if (ldb_attr_cmp(el->name, "member") == 0) { >+ return LDB_ERR_ENTRY_ALREADY_EXISTS; >+ } else { >+ return LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS; >+ } >+ } >+ } >+ return LDB_SUCCESS; >+} >+ >+/* > build a new extended DN, including all meta data fields > > RMD_FLAGS = DSDB_RMD_FLAG_* bits >@@ -2900,6 +2931,12 @@ static int replmd_modify_la_replace(struct ldb_module *module, > return ret; > } > >+ ret = check_parsed_dn_duplicates(module, el, dns); >+ if (ret != LDB_SUCCESS) { >+ talloc_free(tmp_ctx); >+ return ret; >+ } >+ > ret = get_parsed_dns(module, tmp_ctx, old_el, &old_dns, > ldap_oid, parent); > if (ret != LDB_SUCCESS) { >-- >2.11.0 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
abartlet
:
review+
Actions:
View
Attachments on
bug 13095
:
13715
|
13716
|
13717
|
13721
| 13729 |
13812