|
 |
af2bad |
From a691be8ed36fb5740ae877a46f0aff72ce0c9cb2 Mon Sep 17 00:00:00 2001
|
|
|
af2bad |
From: Isaac Boukris <iboukris@gmail.com>
|
|
|
af2bad |
Date: Mon, 4 May 2020 12:17:37 +0200
|
|
|
af2bad |
Subject: [PATCH] ldb: revert ad-dc fix and keep ldb version at 1.5.4
|
|
|
af2bad |
|
|
|
af2bad |
Revert "ldap server: generate correct referral schemes"
|
|
|
af2bad |
|
|
|
af2bad |
This reverts commit 1958cd8a7fb81ec51b81944ecf4dd0fb5c4208fa.
|
|
|
af2bad |
---
|
|
|
af2bad |
lib/ldb/include/ldb_module.h | 5 -----
|
|
|
af2bad |
lib/ldb/wscript | 2 +-
|
|
|
af2bad |
selftest/knownfail.d/ldap_referrals | 1 +
|
|
|
af2bad |
source4/dsdb/samdb/ldb_modules/partition.c | 16 +++++-----------
|
|
|
af2bad |
source4/ldap_server/ldap_backend.c | 18 ------------------
|
|
|
af2bad |
source4/ldap_server/ldap_server.c | 1 -
|
|
|
af2bad |
source4/ldap_server/ldap_server.h | 6 ------
|
|
|
af2bad |
7 files changed, 7 insertions(+), 42 deletions(-)
|
|
|
af2bad |
create mode 100644 selftest/knownfail.d/ldap_referrals
|
|
|
af2bad |
|
|
|
af2bad |
diff --git a/lib/ldb/include/ldb_module.h b/lib/ldb/include/ldb_module.h
|
|
|
af2bad |
index 8c47082690b..9a5c61d0e73 100644
|
|
|
af2bad |
--- a/lib/ldb/include/ldb_module.h
|
|
|
af2bad |
+++ b/lib/ldb/include/ldb_module.h
|
|
|
af2bad |
@@ -103,11 +103,6 @@ struct ldb_module;
|
|
|
af2bad |
* attributes, not to be printed in trace messages */
|
|
|
af2bad |
#define LDB_SECRET_ATTRIBUTE_LIST_OPAQUE "LDB_SECRET_ATTRIBUTE_LIST"
|
|
|
af2bad |
|
|
|
af2bad |
-/*
|
|
|
af2bad |
- * The scheme to be used for referral entries, i.e. ldap or ldaps
|
|
|
af2bad |
- */
|
|
|
af2bad |
-#define LDAP_REFERRAL_SCHEME_OPAQUE "LDAP_REFERRAL_SCHEME"
|
|
|
af2bad |
-
|
|
|
af2bad |
/*
|
|
|
af2bad |
these function pointers define the operations that a ldb module can intercept
|
|
|
af2bad |
*/
|
|
|
af2bad |
diff --git a/lib/ldb/wscript b/lib/ldb/wscript
|
|
|
af2bad |
index 0f760a9bc80..d3402a7b5b2 100644
|
|
|
af2bad |
--- a/lib/ldb/wscript
|
|
|
af2bad |
+++ b/lib/ldb/wscript
|
|
|
af2bad |
@@ -1,7 +1,7 @@
|
|
|
af2bad |
#!/usr/bin/env python
|
|
|
af2bad |
|
|
|
af2bad |
APPNAME = 'ldb'
|
|
|
af2bad |
-VERSION = '1.5.7'
|
|
|
af2bad |
+VERSION = '1.5.4'
|
|
|
af2bad |
|
|
|
af2bad |
import sys, os
|
|
|
af2bad |
|
|
|
af2bad |
diff --git a/selftest/knownfail.d/ldap_referrals b/selftest/knownfail.d/ldap_referrals
|
|
|
af2bad |
new file mode 100644
|
|
|
af2bad |
index 00000000000..403f0d3bd6d
|
|
|
af2bad |
--- /dev/null
|
|
|
af2bad |
+++ b/selftest/knownfail.d/ldap_referrals
|
|
|
af2bad |
@@ -0,0 +1 @@
|
|
|
af2bad |
+^samba.ldap.referrals.samba.tests.ldap_referrals.LdapReferralTest.test_ldaps_search
|
|
|
af2bad |
diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c
|
|
|
af2bad |
index f66ccab1dd5..49bdeb04fa5 100644
|
|
|
af2bad |
--- a/source4/dsdb/samdb/ldb_modules/partition.c
|
|
|
af2bad |
+++ b/source4/dsdb/samdb/ldb_modules/partition.c
|
|
|
af2bad |
@@ -902,17 +902,11 @@ static int partition_search(struct ldb_module *module, struct ldb_request *req)
|
|
|
af2bad |
data->partitions[i]->ctrl->dn) == 0) &&
|
|
|
af2bad |
(ldb_dn_compare(req->op.search.base,
|
|
|
af2bad |
data->partitions[i]->ctrl->dn) != 0)) {
|
|
|
af2bad |
- const char *scheme = ldb_get_opaque(
|
|
|
af2bad |
- ldb, LDAP_REFERRAL_SCHEME_OPAQUE);
|
|
|
af2bad |
- char *ref = talloc_asprintf(
|
|
|
af2bad |
- ac,
|
|
|
af2bad |
- "%s://%s/%s%s",
|
|
|
af2bad |
- scheme == NULL ? "ldap" : scheme,
|
|
|
af2bad |
- lpcfg_dnsdomain(lp_ctx),
|
|
|
af2bad |
- ldb_dn_get_linearized(
|
|
|
af2bad |
- data->partitions[i]->ctrl->dn),
|
|
|
af2bad |
- req->op.search.scope ==
|
|
|
af2bad |
- LDB_SCOPE_ONELEVEL ? "??base" : "");
|
|
|
af2bad |
+ char *ref = talloc_asprintf(ac,
|
|
|
af2bad |
+ "ldap://%s/%s%s",
|
|
|
af2bad |
+ lpcfg_dnsdomain(lp_ctx),
|
|
|
af2bad |
+ ldb_dn_get_linearized(data->partitions[i]->ctrl->dn),
|
|
|
af2bad |
+ req->op.search.scope == LDB_SCOPE_ONELEVEL ? "??base" : "");
|
|
|
af2bad |
|
|
|
af2bad |
if (ref == NULL) {
|
|
|
af2bad |
return ldb_oom(ldb);
|
|
|
af2bad |
diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
|
|
|
af2bad |
index 573472c0f7f..39f1aa2a2a6 100644
|
|
|
af2bad |
--- a/source4/ldap_server/ldap_backend.c
|
|
|
af2bad |
+++ b/source4/ldap_server/ldap_backend.c
|
|
|
af2bad |
@@ -647,24 +647,6 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
|
|
|
af2bad |
call->notification.busy = true;
|
|
|
af2bad |
}
|
|
|
af2bad |
|
|
|
af2bad |
- {
|
|
|
af2bad |
- const char *scheme = NULL;
|
|
|
af2bad |
- switch (call->conn->referral_scheme) {
|
|
|
af2bad |
- case LDAP_REFERRAL_SCHEME_LDAPS:
|
|
|
af2bad |
- scheme = "ldaps";
|
|
|
af2bad |
- break;
|
|
|
af2bad |
- default:
|
|
|
af2bad |
- scheme = "ldap";
|
|
|
af2bad |
- }
|
|
|
af2bad |
- ldb_ret = ldb_set_opaque(
|
|
|
af2bad |
- samdb,
|
|
|
af2bad |
- LDAP_REFERRAL_SCHEME_OPAQUE,
|
|
|
af2bad |
- discard_const_p(char *, scheme));
|
|
|
af2bad |
- if (ldb_ret != LDB_SUCCESS) {
|
|
|
af2bad |
- goto reply;
|
|
|
af2bad |
- }
|
|
|
af2bad |
- }
|
|
|
af2bad |
-
|
|
|
af2bad |
ldb_set_timeout(samdb, lreq, req->timelimit);
|
|
|
af2bad |
|
|
|
af2bad |
if (!call->conn->is_privileged) {
|
|
|
af2bad |
diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c
|
|
|
af2bad |
index 25c3b624abc..7c7eeb0a6c1 100644
|
|
|
af2bad |
--- a/source4/ldap_server/ldap_server.c
|
|
|
af2bad |
+++ b/source4/ldap_server/ldap_server.c
|
|
|
af2bad |
@@ -436,7 +436,6 @@ static void ldapsrv_accept_tls_done(struct tevent_req *subreq)
|
|
|
af2bad |
}
|
|
|
af2bad |
|
|
|
af2bad |
conn->sockets.active = conn->sockets.tls;
|
|
|
af2bad |
- conn->referral_scheme = LDAP_REFERRAL_SCHEME_LDAPS;
|
|
|
af2bad |
ldapsrv_call_read_next(conn);
|
|
|
af2bad |
}
|
|
|
af2bad |
|
|
|
af2bad |
diff --git a/source4/ldap_server/ldap_server.h b/source4/ldap_server/ldap_server.h
|
|
|
af2bad |
index 5b944f5ab9b..d3e31fb1eec 100644
|
|
|
af2bad |
--- a/source4/ldap_server/ldap_server.h
|
|
|
af2bad |
+++ b/source4/ldap_server/ldap_server.h
|
|
|
af2bad |
@@ -24,11 +24,6 @@
|
|
|
af2bad |
#include "system/network.h"
|
|
|
af2bad |
#include "lib/param/loadparm.h"
|
|
|
af2bad |
|
|
|
af2bad |
-enum ldap_server_referral_scheme {
|
|
|
af2bad |
- LDAP_REFERRAL_SCHEME_LDAP,
|
|
|
af2bad |
- LDAP_REFERRAL_SCHEME_LDAPS
|
|
|
af2bad |
-};
|
|
|
af2bad |
-
|
|
|
af2bad |
struct ldapsrv_connection {
|
|
|
af2bad |
struct ldapsrv_connection *next, *prev;
|
|
|
af2bad |
struct loadparm_context *lp_ctx;
|
|
|
af2bad |
@@ -52,7 +47,6 @@ struct ldapsrv_connection {
|
|
|
af2bad |
bool is_privileged;
|
|
|
af2bad |
enum ldap_server_require_strong_auth require_strong_auth;
|
|
|
af2bad |
bool authz_logged;
|
|
|
af2bad |
- enum ldap_server_referral_scheme referral_scheme;
|
|
|
af2bad |
|
|
|
af2bad |
struct {
|
|
|
af2bad |
int initial_timeout;
|
|
|
af2bad |
--
|
|
|
af2bad |
2.24.1
|
|
|
af2bad |
|