The Samba-Bugzilla – Attachment 14695 Details for
Bug 13686
samba-tool user syscpasswords fails on a domain with many DCs
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Backport of fix for v4.9
bug-13686-v4-9-backport.txt (text/plain), 12.40 KB, created by
Tim Beale
on 2018-11-28 22:45:41 UTC
(
hide
)
Description:
Backport of fix for v4.9
Filename:
MIME Type:
Creator:
Tim Beale
Created:
2018-11-28 22:45:41 UTC
Size:
12.40 KB
patch
obsolete
>From 6dcc7ab57f98e92d840ebb866fb3792d68ee535f Mon Sep 17 00:00:00 2001 >From: Joe Guo <joeg@catalyst.net.nz> >Date: Mon, 30 Jul 2018 18:19:05 +1200 >Subject: [PATCH 1/4] PEP8: fix E231: missing whitespace after ',' > >Signed-off-by: Joe Guo <joeg@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> > >(part of commit 12d3fbe15cb58b57c60499103101e3a845378859 from master >cherry-picked to v4-9-test) >--- > python/samba/netcmd/user.py | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > >diff --git a/python/samba/netcmd/user.py b/python/samba/netcmd/user.py >index cc43c08..f43fab4 100644 >--- a/python/samba/netcmd/user.py >+++ b/python/samba/netcmd/user.py >@@ -1881,7 +1881,7 @@ samba-tool user syncpasswords --terminate \\ > self.samdb_url = H > self.dirsync_filter = dirsync_filter > self.dirsync_attrs = dirsync_attrs >- self.dirsync_controls = ["dirsync:1:0:0","extended_dn:1:0"]; >+ self.dirsync_controls = ["dirsync:1:0:0", "extended_dn:1:0"]; > self.password_attrs = password_attrs > self.decrypt_samba_gpg = decrypt_samba_gpg > self.sync_command = sync_command >@@ -1905,7 +1905,7 @@ samba-tool user syncpasswords --terminate \\ > self.current_pid = None > self.outf.write("Initialized cache_ldb[%s]\n" % (cache_ldb)) > msgs = self.cache.parse_ldif(add_ldif) >- changetype,msg = next(msgs) >+ changetype, msg = next(msgs) > ldif = self.cache.write_ldif(msg, ldb.CHANGETYPE_NONE) > self.outf.write("%s" % ldif) > else: >@@ -2103,7 +2103,7 @@ samba-tool user syncpasswords --terminate \\ > assert len(res_controls) > 0 > assert res_controls[0].oid == "1.2.840.113556.1.4.841" > res_controls[0].critical = True >- self.dirsync_controls = [str(res_controls[0]),"extended_dn:1:0"] >+ self.dirsync_controls = [str(res_controls[0]), "extended_dn:1:0"] > log_msg("dirsyncControls: %r\n" % self.dirsync_controls) > > modify_ldif = "dn: %s\n" % (self.cache_dn) >-- >2.7.4 > > >From 9d85f6354363f0e7123a3bdd500e830d751a0cb5 Mon Sep 17 00:00:00 2001 >From: Garming Sam <garming@catalyst.net.nz> >Date: Fri, 26 Oct 2018 13:38:02 +1300 >Subject: [PATCH 2/4] dirsync: Allow arbitrary length cookies > >The length of the cookie is proportional to the number of DCs ever in >the domain (as it stores the uptodateness vector which has stale >invocationID). > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13686 > >Signed-off-by: Garming Sam <garming@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit b7a0d3b110697923a31e353905d3b1bd9385ea9b) >--- > lib/ldb/common/ldb_controls.c | 26 +++++++++++++++++++++----- > 1 file changed, 21 insertions(+), 5 deletions(-) > >diff --git a/lib/ldb/common/ldb_controls.c b/lib/ldb/common/ldb_controls.c >index a83768a..f07f3c5 100644 >--- a/lib/ldb/common/ldb_controls.c >+++ b/lib/ldb/common/ldb_controls.c >@@ -534,13 +534,20 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO > if (LDB_CONTROL_CMP(control_strings, LDB_CONTROL_DIRSYNC_NAME) == 0) { > struct ldb_dirsync_control *control; > const char *p; >- char cookie[1024]; >+ char *cookie = NULL; > int crit, max_attrs, ret; > uint32_t flags; > >- cookie[0] = '\0'; >+ cookie = talloc_zero_array(ctrl, char, >+ strlen(control_strings) + 1); >+ if (cookie == NULL) { >+ ldb_oom(ldb); >+ talloc_free(ctrl); >+ return NULL; >+ } >+ > p = &(control_strings[sizeof(LDB_CONTROL_DIRSYNC_NAME)]); >- ret = sscanf(p, "%d:%u:%d:%1023[^$]", &crit, &flags, &max_attrs, cookie); >+ ret = sscanf(p, "%d:%u:%d:%[^$]", &crit, &flags, &max_attrs, cookie); > > if ((ret < 3) || (crit < 0) || (crit > 1) || (max_attrs < 0)) { > ldb_set_errstring(ldb, >@@ -582,17 +589,25 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO > control->cookie_len = 0; > } > ctrl->data = control; >+ TALLOC_FREE(cookie); > > return ctrl; > } > if (LDB_CONTROL_CMP(control_strings, LDB_CONTROL_DIRSYNC_EX_NAME) == 0) { > struct ldb_dirsync_control *control; > const char *p; >- char cookie[1024]; >+ char *cookie = NULL; > int crit, max_attrs, ret; > uint32_t flags; > >- cookie[0] = '\0'; >+ cookie = talloc_zero_array(ctrl, char, >+ strlen(control_strings) + 1); >+ if (cookie == NULL) { >+ ldb_oom(ldb); >+ talloc_free(ctrl); >+ return NULL; >+ } >+ > p = &(control_strings[sizeof(LDB_CONTROL_DIRSYNC_EX_NAME)]); > ret = sscanf(p, "%d:%u:%d:%1023[^$]", &crit, &flags, &max_attrs, cookie); > >@@ -637,6 +652,7 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO > control->cookie_len = 0; > } > ctrl->data = control; >+ TALLOC_FREE(cookie); > > return ctrl; > } >-- >2.7.4 > > >From 2bb0e12519798c5380ac6e95e3ed22446ae206ea Mon Sep 17 00:00:00 2001 >From: Garming Sam <garming@catalyst.net.nz> >Date: Mon, 19 Nov 2018 11:05:59 +1300 >Subject: [PATCH 3/4] sync_passwords: Remove dirsync cookie logging for > continuous operation > >Under normal operation, users shouldn't see giant cookies in their logs. >We still log the initial cookie retrieved from the cache database, which >should still be helpful for identifying corrupt cookies. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13686 > >Signed-off-by: Garming Sam <garming@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit ac90c9faa783fc133229e7c163471d96440ff30e) >--- > python/samba/netcmd/user.py | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > >diff --git a/python/samba/netcmd/user.py b/python/samba/netcmd/user.py >index f43fab4..5af76c9 100644 >--- a/python/samba/netcmd/user.py >+++ b/python/samba/netcmd/user.py >@@ -2104,7 +2104,8 @@ samba-tool user syncpasswords --terminate \\ > assert res_controls[0].oid == "1.2.840.113556.1.4.841" > res_controls[0].critical = True > self.dirsync_controls = [str(res_controls[0]), "extended_dn:1:0"] >- log_msg("dirsyncControls: %r\n" % self.dirsync_controls) >+ # This cookie can be extremely long >+ # log_msg("dirsyncControls: %r\n" % self.dirsync_controls) > > modify_ldif = "dn: %s\n" % (self.cache_dn) > modify_ldif += "changetype: modify\n" >-- >2.7.4 > > >From 2e2e22ca4a980107dd8fb4ec6d9656c9a99dcf00 Mon Sep 17 00:00:00 2001 >From: Garming Sam <garming@catalyst.net.nz> >Date: Wed, 14 Nov 2018 10:29:01 +1300 >Subject: [PATCH 4/4] ldb_controls: Add some talloc error checking for controls > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13686 > >Signed-off-by: Garming Sam <garming@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit ad8bb6fcd08be28c40f2522d640333e9e69b7852) >--- > lib/ldb/common/ldb_controls.c | 82 +++++++++++++++++++++++++++++++++++++++++-- > 1 file changed, 80 insertions(+), 2 deletions(-) > >diff --git a/lib/ldb/common/ldb_controls.c b/lib/ldb/common/ldb_controls.c >index f07f3c5..e0f0eb4 100644 >--- a/lib/ldb/common/ldb_controls.c >+++ b/lib/ldb/common/ldb_controls.c >@@ -520,6 +520,7 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO > control->ctxid_len); > if (control->contextId == NULL) { > ldb_oom(ldb); >+ talloc_free(ctrl); > return NULL; > } > } else { >@@ -568,6 +569,11 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO > ctrl->oid = LDB_CONTROL_DIRSYNC_OID; > ctrl->critical = crit; > control = talloc(ctrl, struct ldb_dirsync_control); >+ if (control == NULL) { >+ ldb_oom(ldb); >+ talloc_free(ctrl); >+ return NULL; >+ } > control->flags = flags; > control->max_attributes = max_attrs; > if (*cookie) { >@@ -582,6 +588,7 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO > control->cookie = (char *)talloc_memdup(control, cookie, control->cookie_len); > if (control->cookie == NULL) { > ldb_oom(ldb); >+ talloc_free(ctrl); > return NULL; > } > } else { >@@ -630,6 +637,11 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO > ctrl->oid = LDB_CONTROL_DIRSYNC_EX_OID; > ctrl->critical = crit; > control = talloc(ctrl, struct ldb_dirsync_control); >+ if (control == NULL) { >+ ldb_oom(ldb); >+ talloc_free(ctrl); >+ return NULL; >+ } > control->flags = flags; > control->max_attributes = max_attrs; > if (*cookie) { >@@ -645,6 +657,7 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO > control->cookie = (char *)talloc_memdup(control, cookie, control->cookie_len); > if (control->cookie == NULL) { > ldb_oom(ldb); >+ talloc_free(ctrl); > return NULL; > } > } else { >@@ -678,6 +691,11 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO > ctrl->oid = LDB_CONTROL_ASQ_OID; > ctrl->critical = crit; > control = talloc(ctrl, struct ldb_asq_control); >+ if (control == NULL) { >+ ldb_oom(ldb); >+ talloc_free(ctrl); >+ return NULL; >+ } > control->request = 1; > control->source_attribute = talloc_strdup(control, attr); > control->src_attr_len = strlen(attr); >@@ -709,6 +727,11 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO > control = NULL; > } else { > control = talloc(ctrl, struct ldb_extended_dn_control); >+ if (control == NULL) { >+ ldb_oom(ldb); >+ talloc_free(ctrl); >+ return NULL; >+ } > control->type = type; > } > >@@ -739,6 +762,12 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO > ctrl->oid = LDB_CONTROL_SD_FLAGS_OID; > ctrl->critical = crit; > control = talloc(ctrl, struct ldb_sd_flags_control); >+ if (control == NULL) { >+ ldb_oom(ldb); >+ talloc_free(ctrl); >+ return NULL; >+ } >+ > control->secinfo_flags = secinfo_flags; > ctrl->data = control; > >@@ -765,6 +794,12 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO > ctrl->oid = LDB_CONTROL_SEARCH_OPTIONS_OID; > ctrl->critical = crit; > control = talloc(ctrl, struct ldb_search_options_control); >+ if (control == NULL) { >+ ldb_oom(ldb); >+ talloc_free(ctrl); >+ return NULL; >+ } >+ > control->search_options = search_options; > ctrl->data = control; > >@@ -881,6 +916,12 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO > ctrl->oid = LDB_CONTROL_PAGED_RESULTS_OID; > ctrl->critical = crit; > control = talloc(ctrl, struct ldb_paged_control); >+ if (control == NULL) { >+ ldb_oom(ldb); >+ talloc_free(ctrl); >+ return NULL; >+ } >+ > control->size = size; > if (cookie[0] != '\0') { > int len = ldb_base64_decode(cookie); >@@ -895,6 +936,7 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO > control->cookie = talloc_memdup(control, cookie, control->cookie_len); > if (control->cookie == NULL) { > ldb_oom(ldb); >+ talloc_free(ctrl); > return NULL; > } > } else { >@@ -928,12 +970,36 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO > ctrl->oid = LDB_CONTROL_SERVER_SORT_OID; > ctrl->critical = crit; > control = talloc_array(ctrl, struct ldb_server_sort_control *, 2); >+ if (control == NULL) { >+ ldb_oom(ldb); >+ talloc_free(ctrl); >+ return NULL; >+ } >+ > control[0] = talloc(control, struct ldb_server_sort_control); >+ if (control[0] == NULL) { >+ ldb_oom(ldb); >+ talloc_free(ctrl); >+ return NULL; >+ } >+ > control[0]->attributeName = talloc_strdup(control, attr); >- if (rule[0]) >+ if (control[0]->attributeName == NULL) { >+ ldb_oom(ldb); >+ talloc_free(ctrl); >+ return NULL; >+ } >+ >+ if (rule[0]) { > control[0]->orderingRule = talloc_strdup(control, rule); >- else >+ if (control[0]->orderingRule == NULL) { >+ ldb_oom(ldb); >+ talloc_free(ctrl); >+ return NULL; >+ } >+ } else { > control[0]->orderingRule = NULL; >+ } > control[0]->reverse = rev; > control[1] = NULL; > ctrl->data = control; >@@ -1195,7 +1261,19 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO > ctrl->oid = LDB_CONTROL_VERIFY_NAME_OID; > ctrl->critical = crit; > control = talloc(ctrl, struct ldb_verify_name_control); >+ if (control == NULL) { >+ ldb_oom(ldb); >+ talloc_free(ctrl); >+ return NULL; >+ } >+ > control->gc = talloc_strdup(control, gc); >+ if (control->gc == NULL) { >+ ldb_oom(ldb); >+ talloc_free(ctrl); >+ return NULL; >+ } >+ > control->gc_len = strlen(gc); > control->flags = flags; > ctrl->data = control; >-- >2.7.4 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
abartlet
:
review+
Actions:
View
Attachments on
bug 13686
: 14695