The Samba-Bugzilla – Attachment 16004 Details for
Bug 14364
CVE-2020-10730 [SECURITY] NULL de-reference in AD DC LDAP server when ASQ and VLV combined
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for V4.11 (v1)
CVE-2020-10730-V4-11.patch (text/plain), 47.26 KB, created by
Gary Lockyer
on 2020-05-22 03:12:55 UTC
(
hide
)
Description:
Patch for V4.11 (v1)
Filename:
MIME Type:
Creator:
Gary Lockyer
Created:
2020-05-22 03:12:55 UTC
Size:
47.26 KB
patch
obsolete
>From 1d7ba035f71eb385f0f080ef4d837f3b833fc4b4 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Tue, 5 May 2020 12:54:59 +1200 >Subject: [PATCH 01/11] CVE-2020-10730: vlv: Use strcmp(), not strncmp() > checking the NULL terminated control OIDs > >The end result is the same, as sizeof() includes the trailing NUL, but this >avoids having to think about that. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364 > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> >--- > source4/dsdb/samdb/ldb_modules/vlv_pagination.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > >diff --git a/source4/dsdb/samdb/ldb_modules/vlv_pagination.c b/source4/dsdb/samdb/ldb_modules/vlv_pagination.c >index 980177cb05e..31e64b4bd78 100644 >--- a/source4/dsdb/samdb/ldb_modules/vlv_pagination.c >+++ b/source4/dsdb/samdb/ldb_modules/vlv_pagination.c >@@ -682,8 +682,8 @@ vlv_copy_down_controls(TALLOC_CTX *mem_ctx, struct ldb_control **controls) > if (control->oid == NULL) { > break; > } >- if (strncmp(control->oid, LDB_CONTROL_VLV_REQ_OID, sizeof(LDB_CONTROL_VLV_REQ_OID)) == 0 || >- strncmp(control->oid, LDB_CONTROL_SERVER_SORT_OID, sizeof(LDB_CONTROL_SERVER_SORT_OID)) == 0) { >+ if (strcmp(control->oid, LDB_CONTROL_VLV_REQ_OID) == 0 || >+ strcmp(control->oid, LDB_CONTROL_SERVER_SORT_OID) == 0) { > continue; > } > new_controls[j] = talloc_steal(new_controls, control); >-- >2.17.1 > > >From 4e9e2fc86d305fb99b33b80ed72f38dab6960e63 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Tue, 5 May 2020 12:55:57 +1200 >Subject: [PATCH 02/11] CVE-2020-10730: vlv: Do not re-ASQ search the results > of an ASQ search with VLV > >This is a silly combination, but at least try and keep the results sensible >and avoid a double-dereference. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364 > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> >--- > source4/dsdb/samdb/ldb_modules/vlv_pagination.c | 11 +++++++++++ > 1 file changed, 11 insertions(+) > >diff --git a/source4/dsdb/samdb/ldb_modules/vlv_pagination.c b/source4/dsdb/samdb/ldb_modules/vlv_pagination.c >index 31e64b4bd78..d58a62482c9 100644 >--- a/source4/dsdb/samdb/ldb_modules/vlv_pagination.c >+++ b/source4/dsdb/samdb/ldb_modules/vlv_pagination.c >@@ -682,10 +682,21 @@ vlv_copy_down_controls(TALLOC_CTX *mem_ctx, struct ldb_control **controls) > if (control->oid == NULL) { > break; > } >+ /* >+ * Do not re-use VLV, nor the server-sort, both are >+ * already handled here. >+ */ > if (strcmp(control->oid, LDB_CONTROL_VLV_REQ_OID) == 0 || > strcmp(control->oid, LDB_CONTROL_SERVER_SORT_OID) == 0) { > continue; > } >+ /* >+ * ASQ changes everything, do not copy it down for the >+ * per-GUID search >+ */ >+ if (strcmp(control->oid, LDB_CONTROL_ASQ_OID) == 0) { >+ continue; >+ } > new_controls[j] = talloc_steal(new_controls, control); > j++; > } >-- >2.17.1 > > >From 33541ebd5201c63285195b03143f2b08ad64220e Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Tue, 5 May 2020 13:16:48 +1200 >Subject: [PATCH 03/11] CVE-2020-10730: selftest: Add test to confirm VLV > interaction with ASQ > >Tested against Windows 1709. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364 > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> >--- > source4/dsdb/tests/python/asq.py | 27 +++++++++++++++++++++++++++ > 1 file changed, 27 insertions(+) > >diff --git a/source4/dsdb/tests/python/asq.py b/source4/dsdb/tests/python/asq.py >index a32c9f40cd3..1c93a45f131 100644 >--- a/source4/dsdb/tests/python/asq.py >+++ b/source4/dsdb/tests/python/asq.py >@@ -162,6 +162,33 @@ class ASQLDAPTest(samba.tests.TestCase): > self.assertIn(ldb.Dn(self.ldb, str(group)), > self.members) > >+ def test_asq_vlv(self): >+ """Testing ASQ behaviour with VLV set. >+ >+ ASQ is very strange, it turns a BASE search into a search for >+ all the objects pointed to by the specified attribute, >+ returning multiple entries! >+ >+ """ >+ >+ sort_control = "server_sort:1:0:cn" >+ >+ msgs = self.ldb.search(base=self.top_dn, >+ scope=ldb.SCOPE_BASE, >+ attrs=["objectGUID", "cn", "member"], >+ controls=["asq:1:member", >+ sort_control, >+ "vlv:1:20:20:11:0"]) >+ >+ self.assertEqual(len(msgs), 20) >+ >+ for msg in msgs: >+ self.assertNotEqual(msg.dn, self.top_dn) >+ self.assertIn(msg.dn, self.members2) >+ for group in msg["member"]: >+ self.assertIn(ldb.Dn(self.ldb, str(group)), >+ self.members) >+ > if "://" not in url: > if os.path.isfile(url): > url = "tdb://%s" % url >-- >2.17.1 > > >From fbacc01b0c16d1d11ffbf9dd064019db360f2538 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Tue, 5 May 2020 16:34:11 +1200 >Subject: [PATCH 04/11] CVE-2020-10730: vlv: Another workaround for mixing ASQ > and VLV > >This is essentially an alternative patch, but without the correct >behaviour. Instead this just avoids a segfault. > >Included in case we have something simialr again in >another module. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364 > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> >--- > .../dsdb/samdb/ldb_modules/vlv_pagination.c | 19 +++++++++++++++---- > 1 file changed, 15 insertions(+), 4 deletions(-) > >diff --git a/source4/dsdb/samdb/ldb_modules/vlv_pagination.c b/source4/dsdb/samdb/ldb_modules/vlv_pagination.c >index d58a62482c9..720b5e95638 100644 >--- a/source4/dsdb/samdb/ldb_modules/vlv_pagination.c >+++ b/source4/dsdb/samdb/ldb_modules/vlv_pagination.c >@@ -442,10 +442,21 @@ static int vlv_results(struct vlv_context *ac) > ret = vlv_search_by_dn_guid(ac->module, ac, &result, guid, > ac->req->op.search.attrs); > >- if (ret == LDAP_NO_SUCH_OBJECT) { >- /* The thing isn't there, which we quietly >- ignore and go on to send an extra one >- instead. */ >+ if (ret == LDAP_NO_SUCH_OBJECT >+ || result->count != 1) { >+ /* >+ * The thing isn't there, which we quietly >+ * ignore and go on to send an extra one >+ * instead. >+ * >+ * result->count == 0 or > 1 can only >+ * happen if ASQ (which breaks all the >+ * rules) is somehow invoked (as this >+ * is a BASE search). >+ * >+ * (We skip the ASQ cookie for the >+ * GUID searches) >+ */ > if (last_i < ac->store->num_entries - 1) { > last_i++; > } >-- >2.17.1 > > >From 0fa761d0ec2934f236701e694ee07f4880960673 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Wed, 6 May 2020 16:19:01 +1200 >Subject: [PATCH 05/11] CVE-2020-10730: selftest: Add test to show that VLV and > paged_results are incompatible > >As tested against Windows Server 1709 > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364 > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> >--- > source4/dsdb/tests/python/asq.py | 27 +++++++++++++++++++++++++++ > source4/dsdb/tests/python/vlv.py | 23 +++++++++++++++++++++++ > 2 files changed, 50 insertions(+) > >diff --git a/source4/dsdb/tests/python/asq.py b/source4/dsdb/tests/python/asq.py >index 1c93a45f131..33973d66c37 100644 >--- a/source4/dsdb/tests/python/asq.py >+++ b/source4/dsdb/tests/python/asq.py >@@ -189,6 +189,33 @@ class ASQLDAPTest(samba.tests.TestCase): > self.assertIn(ldb.Dn(self.ldb, str(group)), > self.members) > >+ def test_asq_vlv_paged(self): >+ """Testing ASQ behaviour with VLV and paged_results set. >+ >+ ASQ is very strange, it turns a BASE search into a search for >+ all the objects pointed to by the specified attribute, >+ returning multiple entries! >+ >+ Thankfully combining both of these gives >+ unavailable-critical-extension against Windows 1709 >+ >+ """ >+ >+ sort_control = "server_sort:1:0:cn" >+ >+ try: >+ msgs = self.ldb.search(base=self.top_dn, >+ scope=ldb.SCOPE_BASE, >+ attrs=["objectGUID", "cn", "member"], >+ controls=["asq:1:member", >+ sort_control, >+ "vlv:1:20:20:11:0", >+ "paged_results:1:1024"]) >+ self.fail("should have failed with LDAP_UNAVAILABLE_CRITICAL_EXTENSION") >+ except ldb.LdbError as e: >+ (enum, estr) = e.args >+ self.assertEqual(enum, ldb.ERR_UNSUPPORTED_CRITICAL_EXTENSION) >+ > if "://" not in url: > if os.path.isfile(url): > url = "tdb://%s" % url >diff --git a/source4/dsdb/tests/python/vlv.py b/source4/dsdb/tests/python/vlv.py >index 2efcaa5e7a3..f3c603e3a39 100644 >--- a/source4/dsdb/tests/python/vlv.py >+++ b/source4/dsdb/tests/python/vlv.py >@@ -1644,6 +1644,29 @@ class PagedResultsTests(TestsWithUserOU): > page_size=len(self.users)) > self.assertEqual(results, set_2[ps*2:]) > >+ def test_vlv_paged(self): >+ """Testing behaviour with VLV and paged_results set. >+ >+ A strange combination, certainly >+ >+ Thankfully combining both of these gives >+ unavailable-critical-extension against Windows 1709 >+ >+ """ >+ sort_control = "server_sort:1:0:cn" >+ >+ try: >+ msgs = self.ldb.search(base=self.base_dn, >+ scope=ldb.SCOPE_SUBTREE, >+ attrs=["objectGUID", "cn", "member"], >+ controls=["vlv:1:20:20:11:0", >+ sort_control, >+ "paged_results:1:1024"]) >+ self.fail("should have failed with LDAP_UNAVAILABLE_CRITICAL_EXTENSION") >+ except ldb.LdbError as e: >+ (enum, estr) = e.args >+ self.assertEqual(enum, ldb.ERR_UNSUPPORTED_CRITICAL_EXTENSION) >+ > > if "://" not in host: > if os.path.isfile(host): >-- >2.17.1 > > >From b9267396feb12d30cb0cfdfd9d9043a94c28e1d6 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Wed, 6 May 2020 17:05:30 +1200 >Subject: [PATCH 06/11] CVE-2020-10730: dsdb: Fix crash when vlv and > paged_results are combined > >The GUID is not returned in the DN for some reason in this (to be banned) >combination. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364 > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> >--- > source4/dsdb/samdb/ldb_modules/paged_results.c | 4 ++++ > 1 file changed, 4 insertions(+) > >diff --git a/source4/dsdb/samdb/ldb_modules/paged_results.c b/source4/dsdb/samdb/ldb_modules/paged_results.c >index dc211dd18ce..f720a2e4337 100644 >--- a/source4/dsdb/samdb/ldb_modules/paged_results.c >+++ b/source4/dsdb/samdb/ldb_modules/paged_results.c >@@ -416,6 +416,10 @@ static int paged_search_callback(struct ldb_request *req, > > guid_blob = ldb_dn_get_extended_component(ares->message->dn, > "GUID"); >+ if (guid_blob == NULL) { >+ return ldb_module_done(ac->req, NULL, NULL, >+ LDB_ERR_OPERATIONS_ERROR); >+ } > status = GUID_from_ndr_blob(guid_blob, &guid); > if (!NT_STATUS_IS_OK(status)) { > return ldb_module_done(ac->req, NULL, NULL, >-- >2.17.1 > > >From 2435e0eee61f168ca2bb206cd3861741a8b5dea1 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Wed, 6 May 2020 16:18:19 +1200 >Subject: [PATCH 07/11] CVE-2020-10730: dsdb: Ban the combination of > paged_results and VLV > >This (two different paging controls) makes no sense and fails against >Windows Server 1709. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364 > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> >--- > source4/dsdb/samdb/ldb_modules/paged_results.c | 10 ++++++++++ > 1 file changed, 10 insertions(+) > >diff --git a/source4/dsdb/samdb/ldb_modules/paged_results.c b/source4/dsdb/samdb/ldb_modules/paged_results.c >index f720a2e4337..aa49a6e4aa5 100644 >--- a/source4/dsdb/samdb/ldb_modules/paged_results.c >+++ b/source4/dsdb/samdb/ldb_modules/paged_results.c >@@ -589,6 +589,7 @@ static int paged_search(struct ldb_module *module, struct ldb_request *req) > { > struct ldb_context *ldb; > struct ldb_control *control; >+ struct ldb_control *vlv_control; > struct private_data *private_data; > struct ldb_paged_control *paged_ctrl; > struct ldb_request *search_req; >@@ -612,6 +613,15 @@ static int paged_search(struct ldb_module *module, struct ldb_request *req) > private_data = talloc_get_type(ldb_module_get_private(module), > struct private_data); > >+ vlv_control = ldb_request_get_control(req, LDB_CONTROL_VLV_REQ_OID); >+ if (vlv_control != NULL) { >+ /* >+ * VLV and paged_results are not allowed at the same >+ * time >+ */ >+ return LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION; >+ } >+ > ac = talloc_zero(req, struct paged_context); > if (ac == NULL) { > ldb_set_errstring(ldb, "Out of Memory"); >-- >2.17.1 > > >From 0ca30ca07d1c8f781967eebce04168504de068a0 Mon Sep 17 00:00:00 2001 >From: Gary Lockyer <gary@catalyst.net.nz> >Date: Mon, 18 May 2020 12:36:57 +1200 >Subject: [PATCH 08/11] CVE-2020-10730: s4 dsdb paged_results: Prevent repeat > call of ldb_module_done > >Check the return code from paged_results, if it is not LDB_SUCCESS >ldb_module_done has already been called, and SHOULD NOT be called again. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364 > >Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >--- > .../dsdb/samdb/ldb_modules/paged_results.c | 43 +++++++++++++++---- > 1 file changed, 34 insertions(+), 9 deletions(-) > >diff --git a/source4/dsdb/samdb/ldb_modules/paged_results.c b/source4/dsdb/samdb/ldb_modules/paged_results.c >index aa49a6e4aa5..735883e8802 100644 >--- a/source4/dsdb/samdb/ldb_modules/paged_results.c >+++ b/source4/dsdb/samdb/ldb_modules/paged_results.c >@@ -237,14 +237,16 @@ static int paged_search_by_dn_guid(struct ldb_module *module, > return ret; > } > >-static int paged_results(struct paged_context *ac) >+static int paged_results(struct paged_context *ac, struct ldb_reply *ares) > { > struct ldb_paged_control *paged; > unsigned int i, num_ctrls; > int ret; > > if (ac->store == NULL) { >- return LDB_ERR_OPERATIONS_ERROR; >+ ret = LDB_ERR_OPERATIONS_ERROR; >+ return ldb_module_done( >+ ac->req, ac->controls, ares->response, ret); > } > > while (ac->store->last_i < ac->store->num_entries && ac->size > 0) { >@@ -273,12 +275,17 @@ static int paged_results(struct paged_context *ac) > instead. */ > continue; > } else if (ret != LDB_SUCCESS) { >- return ret; >+ return ldb_module_done( >+ ac->req, ac->controls, ares->response, ret); > } > > ret = ldb_module_send_entry(ac->req, result->msgs[0], > NULL); > if (ret != LDB_SUCCESS) { >+ /* >+ * ldb_module_send_entry will have called >+ * ldb_module_done if an error occurred. >+ */ > return ret; > } > } >@@ -289,6 +296,10 @@ static int paged_results(struct paged_context *ac) > */ > ret = send_referrals(ac->store, ac->req); > if (ret != LDB_SUCCESS) { >+ /* >+ * send_referrals will have called ldb_module_done >+ * if an error occurred. >+ */ > return ret; > } > } >@@ -305,7 +316,9 @@ static int paged_results(struct paged_context *ac) > > ac->controls = talloc_array(ac, struct ldb_control *, num_ctrls +1); > if (ac->controls == NULL) { >- return LDB_ERR_OPERATIONS_ERROR; >+ ret = LDB_ERR_OPERATIONS_ERROR; >+ return ldb_module_done( >+ ac->req, ac->controls, ares->response, ret); > } > ac->controls[num_ctrls] = NULL; > >@@ -316,20 +329,26 @@ static int paged_results(struct paged_context *ac) > > ac->controls[i] = talloc(ac->controls, struct ldb_control); > if (ac->controls[i] == NULL) { >- return LDB_ERR_OPERATIONS_ERROR; >+ ret = LDB_ERR_OPERATIONS_ERROR; >+ return ldb_module_done( >+ ac->req, ac->controls, ares->response, ret); > } > > ac->controls[i]->oid = talloc_strdup(ac->controls[i], > LDB_CONTROL_PAGED_RESULTS_OID); > if (ac->controls[i]->oid == NULL) { >- return LDB_ERR_OPERATIONS_ERROR; >+ ret = LDB_ERR_OPERATIONS_ERROR; >+ return ldb_module_done( >+ ac->req, ac->controls, ares->response, ret); > } > > ac->controls[i]->critical = 0; > > paged = talloc(ac->controls[i], struct ldb_paged_control); > if (paged == NULL) { >- return LDB_ERR_OPERATIONS_ERROR; >+ ret = LDB_ERR_OPERATIONS_ERROR; >+ return ldb_module_done( >+ ac->req, ac->controls, ares->response, ret); > } > > ac->controls[i]->data = paged; >@@ -456,7 +475,13 @@ static int paged_search_callback(struct ldb_request *req, > store->result_array_size = store->num_entries; > > ac->store->controls = talloc_move(ac->store, &ares->controls); >- ret = paged_results(ac); >+ ret = paged_results(ac, ares); >+ if (ret != LDB_SUCCESS) { >+ /* paged_results will have called ldb_module_done >+ * if an error occurred >+ */ >+ return ret; >+ } > return ldb_module_done(ac->req, ac->controls, > ares->response, ret); > } >@@ -768,7 +793,7 @@ static int paged_search(struct ldb_module *module, struct ldb_request *req) > LDB_SUCCESS); > } > >- ret = paged_results(ac); >+ ret = paged_results(ac, NULL); > if (ret != LDB_SUCCESS) { > return ldb_module_done(req, NULL, NULL, ret); > } >-- >2.17.1 > > >From f4a60842f28e8f1e849a9ab66e6c75d58e25200d Mon Sep 17 00:00:00 2001 >From: Gary Lockyer <gary@catalyst.net.nz> >Date: Mon, 18 May 2020 12:37:39 +1200 >Subject: [PATCH 09/11] CVE-2020-10730: s4 dsdb vlv_pagination: Prevent repeat > call of ldb_module_done > >Check the return code from vlv_results, if it is not LDB_SUCCESS >ldb_module_done has already been called, and SHOULD NOT be called again. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364 > >Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >--- > .../dsdb/samdb/ldb_modules/vlv_pagination.c | 61 +++++++++++++++---- > 1 file changed, 49 insertions(+), 12 deletions(-) > >diff --git a/source4/dsdb/samdb/ldb_modules/vlv_pagination.c b/source4/dsdb/samdb/ldb_modules/vlv_pagination.c >index 720b5e95638..b103bda5f52 100644 >--- a/source4/dsdb/samdb/ldb_modules/vlv_pagination.c >+++ b/source4/dsdb/samdb/ldb_modules/vlv_pagination.c >@@ -387,7 +387,7 @@ static int vlv_calc_real_offset(int offset, int denominator, int n_entries) > has been prepared earlier and saved -- or by vlv_search_callback() when a > search has just been completed. */ > >-static int vlv_results(struct vlv_context *ac) >+static int vlv_results(struct vlv_context *ac, struct ldb_reply *ares) > { > struct ldb_vlv_resp_control *vlv; > unsigned int num_ctrls; >@@ -397,7 +397,9 @@ static int vlv_results(struct vlv_context *ac) > int target = 0; > > if (ac->store == NULL) { >- return LDB_ERR_OPERATIONS_ERROR; >+ ret = LDB_ERR_OPERATIONS_ERROR; >+ return ldb_module_done( >+ ac->req, ac->controls, ares->response, ret); > } > > if (ac->store->first_ref) { >@@ -406,6 +408,10 @@ static int vlv_results(struct vlv_context *ac) > */ > ret = send_referrals(ac->store, ac->req); > if (ret != LDB_SUCCESS) { >+ /* >+ * send_referrals will have called ldb_module_done >+ * if there was an error. >+ */ > return ret; > } > } >@@ -419,14 +425,23 @@ static int vlv_results(struct vlv_context *ac) > vlv_details, > sort_details, &ret); > if (ret != LDB_SUCCESS) { >- return ret; >+ return ldb_module_done( >+ ac->req, >+ ac->controls, >+ ares->response, >+ ret); > } > } else { > target = vlv_calc_real_offset(vlv_details->match.byOffset.offset, > vlv_details->match.byOffset.contentCount, > ac->store->num_entries); > if (target == -1) { >- return LDB_ERR_OPERATIONS_ERROR; >+ ret = LDB_ERR_OPERATIONS_ERROR; >+ return ldb_module_done( >+ ac->req, >+ ac->controls, >+ ares->response, >+ ret); > } > } > >@@ -462,12 +477,20 @@ static int vlv_results(struct vlv_context *ac) > } > continue; > } else if (ret != LDB_SUCCESS) { >- return ret; >+ return ldb_module_done( >+ ac->req, >+ ac->controls, >+ ares->response, >+ ret); > } > > ret = ldb_module_send_entry(ac->req, result->msgs[0], > NULL); > if (ret != LDB_SUCCESS) { >+ /* >+ * ldb_module_send_entry will have called >+ * ldb_module_done if there was an error >+ */ > return ret; > } > } >@@ -488,7 +511,9 @@ static int vlv_results(struct vlv_context *ac) > > ac->controls = talloc_array(ac, struct ldb_control *, num_ctrls + 1); > if (ac->controls == NULL) { >- return LDB_ERR_OPERATIONS_ERROR; >+ ret = LDB_ERR_OPERATIONS_ERROR; >+ return ldb_module_done( >+ ac->req, ac->controls, ares->response, ret); > } > ac->controls[num_ctrls] = NULL; > >@@ -498,20 +523,26 @@ static int vlv_results(struct vlv_context *ac) > > ac->controls[i] = talloc(ac->controls, struct ldb_control); > if (ac->controls[i] == NULL) { >- return LDB_ERR_OPERATIONS_ERROR; >+ ret = LDB_ERR_OPERATIONS_ERROR; >+ return ldb_module_done( >+ ac->req, ac->controls, ares->response, ret); > } > > ac->controls[i]->oid = talloc_strdup(ac->controls[i], > LDB_CONTROL_VLV_RESP_OID); > if (ac->controls[i]->oid == NULL) { >- return LDB_ERR_OPERATIONS_ERROR; >+ ret = LDB_ERR_OPERATIONS_ERROR; >+ return ldb_module_done( >+ ac->req, ac->controls, ares->response, ret); > } > > ac->controls[i]->critical = 0; > > vlv = talloc(ac->controls[i], struct ldb_vlv_resp_control); > if (vlv == NULL) { >- return LDB_ERR_OPERATIONS_ERROR; >+ ret = LDB_ERR_OPERATIONS_ERROR; >+ return ldb_module_done( >+ ac->req, ac->controls, ares->response, ret); > } > ac->controls[i]->data = vlv; > >@@ -600,7 +631,13 @@ static int vlv_search_callback(struct ldb_request *req, struct ldb_reply *ares) > store->result_array_size = store->num_entries; > > ac->store->controls = talloc_move(ac->store, &ares->controls); >- ret = vlv_results(ac); >+ ret = vlv_results(ac, ares); >+ if (ret != LDB_SUCCESS) { >+ /* vlv_results will have called ldb_module_done >+ * if there was an error. >+ */ >+ return ret; >+ } > return ldb_module_done(ac->req, ac->controls, > ares->response, ret); > } >@@ -845,9 +882,9 @@ static int vlv_search(struct ldb_module *module, struct ldb_request *req) > return ret; > } > >- ret = vlv_results(ac); >+ ret = vlv_results(ac, NULL); > if (ret != LDB_SUCCESS) { >- return ldb_module_done(req, NULL, NULL, ret); >+ return ret; > } > return ldb_module_done(req, ac->controls, NULL, > LDB_SUCCESS); >-- >2.17.1 > > >From fe8407af204e2c835e4ec3499cc2abb58cacc3a7 Mon Sep 17 00:00:00 2001 >From: Gary Lockyer <gary@catalyst.net.nz> >Date: Wed, 13 May 2020 10:56:56 +1200 >Subject: [PATCH 10/11] CVE-2020-10730: lib ldb: Check if > ldb_lock_backend_callback called twice > >Prevent use after free issues if ldb_lock_backend_callback is called >twice, usually due to ldb_module_done being called twice. This can happen if a >module ignores the return value from function a function that calls >ldb_module_done as part of it's error handling. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364 > >Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >--- > lib/ldb/common/ldb.c | 9 ++++++++- > 1 file changed, 8 insertions(+), 1 deletion(-) > >diff --git a/lib/ldb/common/ldb.c b/lib/ldb/common/ldb.c >index 95e9138a56b..2d0926ffaf9 100644 >--- a/lib/ldb/common/ldb.c >+++ b/lib/ldb/common/ldb.c >@@ -1018,6 +1018,13 @@ static int ldb_lock_backend_callback(struct ldb_request *req, > struct ldb_db_lock_context *lock_context; > int ret; > >+ if (req->context == NULL) { >+ /* >+ * The usual way to get here is to ignore the return codes >+ * and continuing processing after an error. >+ */ >+ abort(); >+ } > lock_context = talloc_get_type(req->context, > struct ldb_db_lock_context); > >@@ -1032,7 +1039,7 @@ static int ldb_lock_backend_callback(struct ldb_request *req, > * If this is a LDB_REPLY_DONE or an error, unlock the > * DB by calling the destructor on this context > */ >- talloc_free(lock_context); >+ TALLOC_FREE(req->context); > return ret; > } > >-- >2.17.1 > > >From 4fa96bab8e83d685a019f0e8c5f243ac644a51b1 Mon Sep 17 00:00:00 2001 >From: Gary Lockyer <gary@catalyst.net.nz> >Date: Fri, 22 May 2020 09:52:12 +1200 >Subject: [PATCH 11/11] ldb: Bump version to 2.0.12 > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364 > >Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >--- > lib/ldb/ABI/ldb-2.0.12.sigs | 283 +++++++++++++++++++++++++++++ > lib/ldb/ABI/pyldb-util-2.0.12.sigs | 2 + > lib/ldb/wscript | 2 +- > 3 files changed, 286 insertions(+), 1 deletion(-) > create mode 100644 lib/ldb/ABI/ldb-2.0.12.sigs > create mode 100644 lib/ldb/ABI/pyldb-util-2.0.12.sigs > >diff --git a/lib/ldb/ABI/ldb-2.0.12.sigs b/lib/ldb/ABI/ldb-2.0.12.sigs >new file mode 100644 >index 00000000000..5049dc64ce1 >--- /dev/null >+++ b/lib/ldb/ABI/ldb-2.0.12.sigs >@@ -0,0 +1,283 @@ >+ldb_add: int (struct ldb_context *, const struct ldb_message *) >+ldb_any_comparison: int (struct ldb_context *, void *, ldb_attr_handler_t, const struct ldb_val *, const struct ldb_val *) >+ldb_asprintf_errstring: void (struct ldb_context *, const char *, ...) >+ldb_attr_casefold: char *(TALLOC_CTX *, const char *) >+ldb_attr_dn: int (const char *) >+ldb_attr_in_list: int (const char * const *, const char *) >+ldb_attr_list_copy: const char **(TALLOC_CTX *, const char * const *) >+ldb_attr_list_copy_add: const char **(TALLOC_CTX *, const char * const *, const char *) >+ldb_base64_decode: int (char *) >+ldb_base64_encode: char *(TALLOC_CTX *, const char *, int) >+ldb_binary_decode: struct ldb_val (TALLOC_CTX *, const char *) >+ldb_binary_encode: char *(TALLOC_CTX *, struct ldb_val) >+ldb_binary_encode_string: char *(TALLOC_CTX *, const char *) >+ldb_build_add_req: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, const struct ldb_message *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *) >+ldb_build_del_req: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, struct ldb_dn *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *) >+ldb_build_extended_req: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, const char *, void *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *) >+ldb_build_mod_req: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, const struct ldb_message *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *) >+ldb_build_rename_req: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, struct ldb_dn *, struct ldb_dn *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *) >+ldb_build_search_req: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, struct ldb_dn *, enum ldb_scope, const char *, const char * const *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *) >+ldb_build_search_req_ex: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, struct ldb_dn *, enum ldb_scope, struct ldb_parse_tree *, const char * const *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *) >+ldb_casefold: char *(struct ldb_context *, TALLOC_CTX *, const char *, size_t) >+ldb_casefold_default: char *(void *, TALLOC_CTX *, const char *, size_t) >+ldb_check_critical_controls: int (struct ldb_control **) >+ldb_comparison_binary: int (struct ldb_context *, void *, const struct ldb_val *, const struct ldb_val *) >+ldb_comparison_fold: int (struct ldb_context *, void *, const struct ldb_val *, const struct ldb_val *) >+ldb_connect: int (struct ldb_context *, const char *, unsigned int, const char **) >+ldb_control_to_string: char *(TALLOC_CTX *, const struct ldb_control *) >+ldb_controls_except_specified: struct ldb_control **(struct ldb_control **, TALLOC_CTX *, struct ldb_control *) >+ldb_debug: void (struct ldb_context *, enum ldb_debug_level, const char *, ...) >+ldb_debug_add: void (struct ldb_context *, const char *, ...) >+ldb_debug_end: void (struct ldb_context *, enum ldb_debug_level) >+ldb_debug_set: void (struct ldb_context *, enum ldb_debug_level, const char *, ...) >+ldb_delete: int (struct ldb_context *, struct ldb_dn *) >+ldb_dn_add_base: bool (struct ldb_dn *, struct ldb_dn *) >+ldb_dn_add_base_fmt: bool (struct ldb_dn *, const char *, ...) >+ldb_dn_add_child: bool (struct ldb_dn *, struct ldb_dn *) >+ldb_dn_add_child_fmt: bool (struct ldb_dn *, const char *, ...) >+ldb_dn_add_child_val: bool (struct ldb_dn *, const char *, struct ldb_val) >+ldb_dn_alloc_casefold: char *(TALLOC_CTX *, struct ldb_dn *) >+ldb_dn_alloc_linearized: char *(TALLOC_CTX *, struct ldb_dn *) >+ldb_dn_canonical_ex_string: char *(TALLOC_CTX *, struct ldb_dn *) >+ldb_dn_canonical_string: char *(TALLOC_CTX *, struct ldb_dn *) >+ldb_dn_check_local: bool (struct ldb_module *, struct ldb_dn *) >+ldb_dn_check_special: bool (struct ldb_dn *, const char *) >+ldb_dn_compare: int (struct ldb_dn *, struct ldb_dn *) >+ldb_dn_compare_base: int (struct ldb_dn *, struct ldb_dn *) >+ldb_dn_copy: struct ldb_dn *(TALLOC_CTX *, struct ldb_dn *) >+ldb_dn_escape_value: char *(TALLOC_CTX *, struct ldb_val) >+ldb_dn_extended_add_syntax: int (struct ldb_context *, unsigned int, const struct ldb_dn_extended_syntax *) >+ldb_dn_extended_filter: void (struct ldb_dn *, const char * const *) >+ldb_dn_extended_syntax_by_name: const struct ldb_dn_extended_syntax *(struct ldb_context *, const char *) >+ldb_dn_from_ldb_val: struct ldb_dn *(TALLOC_CTX *, struct ldb_context *, const struct ldb_val *) >+ldb_dn_get_casefold: const char *(struct ldb_dn *) >+ldb_dn_get_comp_num: int (struct ldb_dn *) >+ldb_dn_get_component_name: const char *(struct ldb_dn *, unsigned int) >+ldb_dn_get_component_val: const struct ldb_val *(struct ldb_dn *, unsigned int) >+ldb_dn_get_extended_comp_num: int (struct ldb_dn *) >+ldb_dn_get_extended_component: const struct ldb_val *(struct ldb_dn *, const char *) >+ldb_dn_get_extended_linearized: char *(TALLOC_CTX *, struct ldb_dn *, int) >+ldb_dn_get_ldb_context: struct ldb_context *(struct ldb_dn *) >+ldb_dn_get_linearized: const char *(struct ldb_dn *) >+ldb_dn_get_parent: struct ldb_dn *(TALLOC_CTX *, struct ldb_dn *) >+ldb_dn_get_rdn_name: const char *(struct ldb_dn *) >+ldb_dn_get_rdn_val: const struct ldb_val *(struct ldb_dn *) >+ldb_dn_has_extended: bool (struct ldb_dn *) >+ldb_dn_is_null: bool (struct ldb_dn *) >+ldb_dn_is_special: bool (struct ldb_dn *) >+ldb_dn_is_valid: bool (struct ldb_dn *) >+ldb_dn_map_local: struct ldb_dn *(struct ldb_module *, void *, struct ldb_dn *) >+ldb_dn_map_rebase_remote: struct ldb_dn *(struct ldb_module *, void *, struct ldb_dn *) >+ldb_dn_map_remote: struct ldb_dn *(struct ldb_module *, void *, struct ldb_dn *) >+ldb_dn_minimise: bool (struct ldb_dn *) >+ldb_dn_new: struct ldb_dn *(TALLOC_CTX *, struct ldb_context *, const char *) >+ldb_dn_new_fmt: struct ldb_dn *(TALLOC_CTX *, struct ldb_context *, const char *, ...) >+ldb_dn_remove_base_components: bool (struct ldb_dn *, unsigned int) >+ldb_dn_remove_child_components: bool (struct ldb_dn *, unsigned int) >+ldb_dn_remove_extended_components: void (struct ldb_dn *) >+ldb_dn_replace_components: bool (struct ldb_dn *, struct ldb_dn *) >+ldb_dn_set_component: int (struct ldb_dn *, int, const char *, const struct ldb_val) >+ldb_dn_set_extended_component: int (struct ldb_dn *, const char *, const struct ldb_val *) >+ldb_dn_update_components: int (struct ldb_dn *, const struct ldb_dn *) >+ldb_dn_validate: bool (struct ldb_dn *) >+ldb_dump_results: void (struct ldb_context *, struct ldb_result *, FILE *) >+ldb_error_at: int (struct ldb_context *, int, const char *, const char *, int) >+ldb_errstring: const char *(struct ldb_context *) >+ldb_extended: int (struct ldb_context *, const char *, void *, struct ldb_result **) >+ldb_extended_default_callback: int (struct ldb_request *, struct ldb_reply *) >+ldb_filter_attrs: int (struct ldb_context *, const struct ldb_message *, const char * const *, struct ldb_message *) >+ldb_filter_from_tree: char *(TALLOC_CTX *, const struct ldb_parse_tree *) >+ldb_get_config_basedn: struct ldb_dn *(struct ldb_context *) >+ldb_get_create_perms: unsigned int (struct ldb_context *) >+ldb_get_default_basedn: struct ldb_dn *(struct ldb_context *) >+ldb_get_event_context: struct tevent_context *(struct ldb_context *) >+ldb_get_flags: unsigned int (struct ldb_context *) >+ldb_get_opaque: void *(struct ldb_context *, const char *) >+ldb_get_root_basedn: struct ldb_dn *(struct ldb_context *) >+ldb_get_schema_basedn: struct ldb_dn *(struct ldb_context *) >+ldb_global_init: int (void) >+ldb_handle_get_event_context: struct tevent_context *(struct ldb_handle *) >+ldb_handle_new: struct ldb_handle *(TALLOC_CTX *, struct ldb_context *) >+ldb_handle_use_global_event_context: void (struct ldb_handle *) >+ldb_handler_copy: int (struct ldb_context *, void *, const struct ldb_val *, struct ldb_val *) >+ldb_handler_fold: int (struct ldb_context *, void *, const struct ldb_val *, struct ldb_val *) >+ldb_init: struct ldb_context *(TALLOC_CTX *, struct tevent_context *) >+ldb_ldif_message_redacted_string: char *(struct ldb_context *, TALLOC_CTX *, enum ldb_changetype, const struct ldb_message *) >+ldb_ldif_message_string: char *(struct ldb_context *, TALLOC_CTX *, enum ldb_changetype, const struct ldb_message *) >+ldb_ldif_parse_modrdn: int (struct ldb_context *, const struct ldb_ldif *, TALLOC_CTX *, struct ldb_dn **, struct ldb_dn **, bool *, struct ldb_dn **, struct ldb_dn **) >+ldb_ldif_read: struct ldb_ldif *(struct ldb_context *, int (*)(void *), void *) >+ldb_ldif_read_file: struct ldb_ldif *(struct ldb_context *, FILE *) >+ldb_ldif_read_file_state: struct ldb_ldif *(struct ldb_context *, struct ldif_read_file_state *) >+ldb_ldif_read_free: void (struct ldb_context *, struct ldb_ldif *) >+ldb_ldif_read_string: struct ldb_ldif *(struct ldb_context *, const char **) >+ldb_ldif_write: int (struct ldb_context *, int (*)(void *, const char *, ...), void *, const struct ldb_ldif *) >+ldb_ldif_write_file: int (struct ldb_context *, FILE *, const struct ldb_ldif *) >+ldb_ldif_write_redacted_trace_string: char *(struct ldb_context *, TALLOC_CTX *, const struct ldb_ldif *) >+ldb_ldif_write_string: char *(struct ldb_context *, TALLOC_CTX *, const struct ldb_ldif *) >+ldb_load_modules: int (struct ldb_context *, const char **) >+ldb_map_add: int (struct ldb_module *, struct ldb_request *) >+ldb_map_delete: int (struct ldb_module *, struct ldb_request *) >+ldb_map_init: int (struct ldb_module *, const struct ldb_map_attribute *, const struct ldb_map_objectclass *, const char * const *, const char *, const char *) >+ldb_map_modify: int (struct ldb_module *, struct ldb_request *) >+ldb_map_rename: int (struct ldb_module *, struct ldb_request *) >+ldb_map_search: int (struct ldb_module *, struct ldb_request *) >+ldb_match_message: int (struct ldb_context *, const struct ldb_message *, const struct ldb_parse_tree *, enum ldb_scope, bool *) >+ldb_match_msg: int (struct ldb_context *, const struct ldb_message *, const struct ldb_parse_tree *, struct ldb_dn *, enum ldb_scope) >+ldb_match_msg_error: int (struct ldb_context *, const struct ldb_message *, const struct ldb_parse_tree *, struct ldb_dn *, enum ldb_scope, bool *) >+ldb_match_msg_objectclass: int (const struct ldb_message *, const char *) >+ldb_mod_register_control: int (struct ldb_module *, const char *) >+ldb_modify: int (struct ldb_context *, const struct ldb_message *) >+ldb_modify_default_callback: int (struct ldb_request *, struct ldb_reply *) >+ldb_module_call_chain: char *(struct ldb_request *, TALLOC_CTX *) >+ldb_module_connect_backend: int (struct ldb_context *, const char *, const char **, struct ldb_module **) >+ldb_module_done: int (struct ldb_request *, struct ldb_control **, struct ldb_extended *, int) >+ldb_module_flags: uint32_t (struct ldb_context *) >+ldb_module_get_ctx: struct ldb_context *(struct ldb_module *) >+ldb_module_get_name: const char *(struct ldb_module *) >+ldb_module_get_ops: const struct ldb_module_ops *(struct ldb_module *) >+ldb_module_get_private: void *(struct ldb_module *) >+ldb_module_init_chain: int (struct ldb_context *, struct ldb_module *) >+ldb_module_load_list: int (struct ldb_context *, const char **, struct ldb_module *, struct ldb_module **) >+ldb_module_new: struct ldb_module *(TALLOC_CTX *, struct ldb_context *, const char *, const struct ldb_module_ops *) >+ldb_module_next: struct ldb_module *(struct ldb_module *) >+ldb_module_popt_options: struct poptOption **(struct ldb_context *) >+ldb_module_send_entry: int (struct ldb_request *, struct ldb_message *, struct ldb_control **) >+ldb_module_send_referral: int (struct ldb_request *, char *) >+ldb_module_set_next: void (struct ldb_module *, struct ldb_module *) >+ldb_module_set_private: void (struct ldb_module *, void *) >+ldb_modules_hook: int (struct ldb_context *, enum ldb_module_hook_type) >+ldb_modules_list_from_string: const char **(struct ldb_context *, TALLOC_CTX *, const char *) >+ldb_modules_load: int (const char *, const char *) >+ldb_msg_add: int (struct ldb_message *, const struct ldb_message_element *, int) >+ldb_msg_add_empty: int (struct ldb_message *, const char *, int, struct ldb_message_element **) >+ldb_msg_add_fmt: int (struct ldb_message *, const char *, const char *, ...) >+ldb_msg_add_linearized_dn: int (struct ldb_message *, const char *, struct ldb_dn *) >+ldb_msg_add_steal_string: int (struct ldb_message *, const char *, char *) >+ldb_msg_add_steal_value: int (struct ldb_message *, const char *, struct ldb_val *) >+ldb_msg_add_string: int (struct ldb_message *, const char *, const char *) >+ldb_msg_add_value: int (struct ldb_message *, const char *, const struct ldb_val *, struct ldb_message_element **) >+ldb_msg_canonicalize: struct ldb_message *(struct ldb_context *, const struct ldb_message *) >+ldb_msg_check_string_attribute: int (const struct ldb_message *, const char *, const char *) >+ldb_msg_copy: struct ldb_message *(TALLOC_CTX *, const struct ldb_message *) >+ldb_msg_copy_attr: int (struct ldb_message *, const char *, const char *) >+ldb_msg_copy_shallow: struct ldb_message *(TALLOC_CTX *, const struct ldb_message *) >+ldb_msg_diff: struct ldb_message *(struct ldb_context *, struct ldb_message *, struct ldb_message *) >+ldb_msg_difference: int (struct ldb_context *, TALLOC_CTX *, struct ldb_message *, struct ldb_message *, struct ldb_message **) >+ldb_msg_element_compare: int (struct ldb_message_element *, struct ldb_message_element *) >+ldb_msg_element_compare_name: int (struct ldb_message_element *, struct ldb_message_element *) >+ldb_msg_element_equal_ordered: bool (const struct ldb_message_element *, const struct ldb_message_element *) >+ldb_msg_find_attr_as_bool: int (const struct ldb_message *, const char *, int) >+ldb_msg_find_attr_as_dn: struct ldb_dn *(struct ldb_context *, TALLOC_CTX *, const struct ldb_message *, const char *) >+ldb_msg_find_attr_as_double: double (const struct ldb_message *, const char *, double) >+ldb_msg_find_attr_as_int: int (const struct ldb_message *, const char *, int) >+ldb_msg_find_attr_as_int64: int64_t (const struct ldb_message *, const char *, int64_t) >+ldb_msg_find_attr_as_string: const char *(const struct ldb_message *, const char *, const char *) >+ldb_msg_find_attr_as_uint: unsigned int (const struct ldb_message *, const char *, unsigned int) >+ldb_msg_find_attr_as_uint64: uint64_t (const struct ldb_message *, const char *, uint64_t) >+ldb_msg_find_common_values: int (struct ldb_context *, TALLOC_CTX *, struct ldb_message_element *, struct ldb_message_element *, uint32_t) >+ldb_msg_find_duplicate_val: int (struct ldb_context *, TALLOC_CTX *, const struct ldb_message_element *, struct ldb_val **, uint32_t) >+ldb_msg_find_element: struct ldb_message_element *(const struct ldb_message *, const char *) >+ldb_msg_find_ldb_val: const struct ldb_val *(const struct ldb_message *, const char *) >+ldb_msg_find_val: struct ldb_val *(const struct ldb_message_element *, struct ldb_val *) >+ldb_msg_new: struct ldb_message *(TALLOC_CTX *) >+ldb_msg_normalize: int (struct ldb_context *, TALLOC_CTX *, const struct ldb_message *, struct ldb_message **) >+ldb_msg_remove_attr: void (struct ldb_message *, const char *) >+ldb_msg_remove_element: void (struct ldb_message *, struct ldb_message_element *) >+ldb_msg_rename_attr: int (struct ldb_message *, const char *, const char *) >+ldb_msg_sanity_check: int (struct ldb_context *, const struct ldb_message *) >+ldb_msg_sort_elements: void (struct ldb_message *) >+ldb_next_del_trans: int (struct ldb_module *) >+ldb_next_end_trans: int (struct ldb_module *) >+ldb_next_init: int (struct ldb_module *) >+ldb_next_prepare_commit: int (struct ldb_module *) >+ldb_next_read_lock: int (struct ldb_module *) >+ldb_next_read_unlock: int (struct ldb_module *) >+ldb_next_remote_request: int (struct ldb_module *, struct ldb_request *) >+ldb_next_request: int (struct ldb_module *, struct ldb_request *) >+ldb_next_start_trans: int (struct ldb_module *) >+ldb_op_default_callback: int (struct ldb_request *, struct ldb_reply *) >+ldb_options_copy: const char **(TALLOC_CTX *, const char **) >+ldb_options_find: const char *(struct ldb_context *, const char **, const char *) >+ldb_options_get: const char **(struct ldb_context *) >+ldb_pack_data: int (struct ldb_context *, const struct ldb_message *, struct ldb_val *, uint32_t) >+ldb_parse_control_from_string: struct ldb_control *(struct ldb_context *, TALLOC_CTX *, const char *) >+ldb_parse_control_strings: struct ldb_control **(struct ldb_context *, TALLOC_CTX *, const char **) >+ldb_parse_tree: struct ldb_parse_tree *(TALLOC_CTX *, const char *) >+ldb_parse_tree_attr_replace: void (struct ldb_parse_tree *, const char *, const char *) >+ldb_parse_tree_copy_shallow: struct ldb_parse_tree *(TALLOC_CTX *, const struct ldb_parse_tree *) >+ldb_parse_tree_walk: int (struct ldb_parse_tree *, int (*)(struct ldb_parse_tree *, void *), void *) >+ldb_qsort: void (void * const, size_t, size_t, void *, ldb_qsort_cmp_fn_t) >+ldb_register_backend: int (const char *, ldb_connect_fn, bool) >+ldb_register_extended_match_rule: int (struct ldb_context *, const struct ldb_extended_match_rule *) >+ldb_register_hook: int (ldb_hook_fn) >+ldb_register_module: int (const struct ldb_module_ops *) >+ldb_rename: int (struct ldb_context *, struct ldb_dn *, struct ldb_dn *) >+ldb_reply_add_control: int (struct ldb_reply *, const char *, bool, void *) >+ldb_reply_get_control: struct ldb_control *(struct ldb_reply *, const char *) >+ldb_req_get_custom_flags: uint32_t (struct ldb_request *) >+ldb_req_is_untrusted: bool (struct ldb_request *) >+ldb_req_location: const char *(struct ldb_request *) >+ldb_req_mark_trusted: void (struct ldb_request *) >+ldb_req_mark_untrusted: void (struct ldb_request *) >+ldb_req_set_custom_flags: void (struct ldb_request *, uint32_t) >+ldb_req_set_location: void (struct ldb_request *, const char *) >+ldb_request: int (struct ldb_context *, struct ldb_request *) >+ldb_request_add_control: int (struct ldb_request *, const char *, bool, void *) >+ldb_request_done: int (struct ldb_request *, int) >+ldb_request_get_control: struct ldb_control *(struct ldb_request *, const char *) >+ldb_request_get_status: int (struct ldb_request *) >+ldb_request_replace_control: int (struct ldb_request *, const char *, bool, void *) >+ldb_request_set_state: void (struct ldb_request *, int) >+ldb_reset_err_string: void (struct ldb_context *) >+ldb_save_controls: int (struct ldb_control *, struct ldb_request *, struct ldb_control ***) >+ldb_schema_attribute_add: int (struct ldb_context *, const char *, unsigned int, const char *) >+ldb_schema_attribute_add_with_syntax: int (struct ldb_context *, const char *, unsigned int, const struct ldb_schema_syntax *) >+ldb_schema_attribute_by_name: const struct ldb_schema_attribute *(struct ldb_context *, const char *) >+ldb_schema_attribute_fill_with_syntax: int (struct ldb_context *, TALLOC_CTX *, const char *, unsigned int, const struct ldb_schema_syntax *, struct ldb_schema_attribute *) >+ldb_schema_attribute_remove: void (struct ldb_context *, const char *) >+ldb_schema_attribute_remove_flagged: void (struct ldb_context *, unsigned int) >+ldb_schema_attribute_set_override_handler: void (struct ldb_context *, ldb_attribute_handler_override_fn_t, void *) >+ldb_schema_set_override_GUID_index: void (struct ldb_context *, const char *, const char *) >+ldb_schema_set_override_indexlist: void (struct ldb_context *, bool) >+ldb_search: int (struct ldb_context *, TALLOC_CTX *, struct ldb_result **, struct ldb_dn *, enum ldb_scope, const char * const *, const char *, ...) >+ldb_search_default_callback: int (struct ldb_request *, struct ldb_reply *) >+ldb_sequence_number: int (struct ldb_context *, enum ldb_sequence_type, uint64_t *) >+ldb_set_create_perms: void (struct ldb_context *, unsigned int) >+ldb_set_debug: int (struct ldb_context *, void (*)(void *, enum ldb_debug_level, const char *, va_list), void *) >+ldb_set_debug_stderr: int (struct ldb_context *) >+ldb_set_default_dns: void (struct ldb_context *) >+ldb_set_errstring: void (struct ldb_context *, const char *) >+ldb_set_event_context: void (struct ldb_context *, struct tevent_context *) >+ldb_set_flags: void (struct ldb_context *, unsigned int) >+ldb_set_modules_dir: void (struct ldb_context *, const char *) >+ldb_set_opaque: int (struct ldb_context *, const char *, void *) >+ldb_set_require_private_event_context: void (struct ldb_context *) >+ldb_set_timeout: int (struct ldb_context *, struct ldb_request *, int) >+ldb_set_timeout_from_prev_req: int (struct ldb_context *, struct ldb_request *, struct ldb_request *) >+ldb_set_utf8_default: void (struct ldb_context *) >+ldb_set_utf8_fns: void (struct ldb_context *, void *, char *(*)(void *, void *, const char *, size_t)) >+ldb_setup_wellknown_attributes: int (struct ldb_context *) >+ldb_should_b64_encode: int (struct ldb_context *, const struct ldb_val *) >+ldb_standard_syntax_by_name: const struct ldb_schema_syntax *(struct ldb_context *, const char *) >+ldb_strerror: const char *(int) >+ldb_string_to_time: time_t (const char *) >+ldb_string_utc_to_time: time_t (const char *) >+ldb_timestring: char *(TALLOC_CTX *, time_t) >+ldb_timestring_utc: char *(TALLOC_CTX *, time_t) >+ldb_transaction_cancel: int (struct ldb_context *) >+ldb_transaction_cancel_noerr: int (struct ldb_context *) >+ldb_transaction_commit: int (struct ldb_context *) >+ldb_transaction_prepare_commit: int (struct ldb_context *) >+ldb_transaction_start: int (struct ldb_context *) >+ldb_unpack_data: int (struct ldb_context *, const struct ldb_val *, struct ldb_message *) >+ldb_unpack_data_flags: int (struct ldb_context *, const struct ldb_val *, struct ldb_message *, unsigned int) >+ldb_unpack_get_format: int (const struct ldb_val *, uint32_t *) >+ldb_val_dup: struct ldb_val (TALLOC_CTX *, const struct ldb_val *) >+ldb_val_equal_exact: int (const struct ldb_val *, const struct ldb_val *) >+ldb_val_map_local: struct ldb_val (struct ldb_module *, void *, const struct ldb_map_attribute *, const struct ldb_val *) >+ldb_val_map_remote: struct ldb_val (struct ldb_module *, void *, const struct ldb_map_attribute *, const struct ldb_val *) >+ldb_val_string_cmp: int (const struct ldb_val *, const char *) >+ldb_val_to_time: int (const struct ldb_val *, time_t *) >+ldb_valid_attr_name: int (const char *) >+ldb_vdebug: void (struct ldb_context *, enum ldb_debug_level, const char *, va_list) >+ldb_wait: int (struct ldb_handle *, enum ldb_wait_type) >diff --git a/lib/ldb/ABI/pyldb-util-2.0.12.sigs b/lib/ldb/ABI/pyldb-util-2.0.12.sigs >new file mode 100644 >index 00000000000..74d6719d2bc >--- /dev/null >+++ b/lib/ldb/ABI/pyldb-util-2.0.12.sigs >@@ -0,0 +1,2 @@ >+pyldb_Dn_FromDn: PyObject *(struct ldb_dn *) >+pyldb_Object_AsDn: bool (TALLOC_CTX *, PyObject *, struct ldb_context *, struct ldb_dn **) >diff --git a/lib/ldb/wscript b/lib/ldb/wscript >index 7ae5a6fbb97..31801d01b93 100644 >--- a/lib/ldb/wscript >+++ b/lib/ldb/wscript >@@ -1,7 +1,7 @@ > #!/usr/bin/env python > > APPNAME = 'ldb' >-VERSION = '2.0.11' >+VERSION = '2.0.12' > > import sys, os > >-- >2.17.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
abartlet
:
review+
gary
:
ci-passed+
Actions:
View
Attachments on
bug 14364
:
15951
|
15952
|
15983
|
15987
|
15998
|
16002
|
16003
| 16004 |
16005
|
16007
|
16008
|
16009
|
16056
|
16067
|
16089