The Samba-Bugzilla – Attachment 16835 Details for
Bug 14854
samldb_krbtgtnumber_available() looks for incorrect string.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
git-am fix for 4.15.next, 4.14.next.
0001-samldb-Address-birthday-paradox-adding-an-RODC.patch (text/plain), 2.72 KB, created by
Jeremy Allison
on 2021-10-01 21:20:45 UTC
(
hide
)
Description:
git-am fix for 4.15.next, 4.14.next.
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2021-10-01 21:20:45 UTC
Size:
2.72 KB
patch
obsolete
>From c140cbcdcd8ee9574030ad61735fbd319a9ec950 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Mon, 5 Jul 2021 15:57:09 +1200 >Subject: [PATCH] samldb: Address birthday paradox adding an RODC > >It is possible that the randomly chosen RODC number will be one >that is already in use. The samldb_krbtgtnumber_available() >function was meant to prevent that, but due to a typo did not. > >There is no other race here as the whole thing is inside a transaction, >and we have duplicate protection on samAccountName, so the failure >looked like this: > >... >Adding CN=krbtgt_TESTRODCDRS5320202,CN=Users,DC=samba,DC=example,DC=com >UNEXPECTED(error): samba4.drs.repl_rodc.python(ad_dc_ntvfs).repl_rodc.DrsRodcTestCase.test_msDSRevealedUsers_admin(ad_dc_ntvfs) >REASON: Exception: Exception: Traceback (most recent call last): > File "/m/abartlet/aMASTER/b1635147/samba-def-build/source4/torture/drs/python/repl_rodc.py", line 111, in setUp > self._create_rodc(self.rodc_ctx) > File "/m/abartlet/aMASTER/b1635147/samba-def-build/source4/torture/drs/python/repl_rodc.py", line 693, in _create_rodc > ctx.join_add_objects() > File "bin/python/samba/join.py", line 641, in join_add_objects > ctx.add_krbtgt_account() > File "bin/python/samba/join.py", line 429, in add_krbtgt_account > ctx.samdb.add(rec, ["rodc_join:1:1"]) >_ldb.LdbError: (68, "LDAP error 68 LDAP_ENTRY_ALREADY_EXISTS - <00002071: samldb: samAccountName krbtgt_4405 already in use!> <>") > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14854 > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> > >Autobuild-User(master): Jeremy Allison <jra@samba.org> >Autobuild-Date(master): Fri Oct 1 20:50:37 UTC 2021 on sn-devel-184 > >(cherry picked from commit b6d60e8f4d06ca9733a4cc3094312a3dc456a656) >--- > source4/dsdb/samdb/ldb_modules/samldb.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > >diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c >index addb3f4bdf2..e3081cd13dc 100644 >--- a/source4/dsdb/samdb/ldb_modules/samldb.c >+++ b/source4/dsdb/samdb/ldb_modules/samldb.c >@@ -652,7 +652,7 @@ static bool samldb_krbtgtnumber_available(struct samldb_ctx *ac, > LDB_SCOPE_SUBTREE, no_attrs, > DSDB_FLAG_NEXT_MODULE, > ac->req, >- "(msDC-SecondaryKrbTgtNumber=%u)", >+ "(msDS-SecondaryKrbTgtNumber=%u)", > krbtgt_number); > if (ret == LDB_SUCCESS && res->count == 0) { > talloc_free(tmp_ctx); >@@ -670,7 +670,7 @@ static int samldb_rodc_add(struct samldb_ctx *ac) > int ret; > struct ldb_val newpass_utf16; > >- /* find a unused msDC-SecondaryKrbTgtNumber */ >+ /* find a unused msDS-SecondaryKrbTgtNumber */ > i_start = generate_random() & 0xFFFF; > if (i_start == 0) { > i_start = 1; >-- >2.30.2 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=16835">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
abartlet
:
review+
Actions:
View
Attachments on
bug 14854
: 16835