diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2014-05-23 16:06:17 +1200 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2014-06-11 10:18:26 +0200 |
| commit | 8327321225251e312ccbd06bbefa5ebf98099f34 (patch) | |
| tree | cd82c2bc1634f10dbf8bd85abfddd9738359dab9 /source4/dsdb/samdb | |
| parent | cda32d4e47aa3efb040eb60f1a0332ea8dd58417 (diff) | |
| download | samba-8327321225251e312ccbd06bbefa5ebf98099f34.tar.gz samba-8327321225251e312ccbd06bbefa5ebf98099f34.tar.xz samba-8327321225251e312ccbd06bbefa5ebf98099f34.zip | |
dsdb: Do not store a struct ldb_dn in struct schema_data
The issue is that the DN contains a pointer to the ldb it belongs to,
and if this is not kept around long enough, we might reference memory
after it is de-allocated.
Andrew Bartlett
Change-Id: I040a6c37a3164b3309f370e32e598dd56b1a1bbb
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Diffstat (limited to 'source4/dsdb/samdb')
| -rw-r--r-- | source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 11 | ||||
| -rw-r--r-- | source4/dsdb/samdb/ldb_modules/samldb.c | 3 | ||||
| -rw-r--r-- | source4/dsdb/samdb/ldb_modules/schema_data.c | 16 | ||||
| -rw-r--r-- | source4/dsdb/samdb/ldb_modules/schema_load.c | 5 |
4 files changed, 21 insertions, 14 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index 83dabdfdf3b..30b30126829 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -67,6 +67,7 @@ struct replmd_private { uint64_t mod_usn; uint64_t mod_usn_urgent; } *ncs; + struct ldb_dn *schema_dn; }; struct la_entry { @@ -240,6 +241,8 @@ static int replmd_init(struct ldb_module *module) } ldb_module_set_private(module, replmd_private); + replmd_private->schema_dn = ldb_get_schema_basedn(ldb); + return ldb_next_init(module); } @@ -888,6 +891,8 @@ static int replmd_add(struct ldb_module *module, struct ldb_request *req) bool remove_current_guid = false; bool is_urgent = false; struct ldb_message_element *objectclass_el; + struct replmd_private *replmd_private = + talloc_get_type_abort(ldb_module_get_private(module), struct replmd_private); /* check if there's a show relax control (used by provision to say 'I know what I'm doing') */ control = ldb_request_get_control(req, LDB_CONTROL_RELAX_OID); @@ -1179,7 +1184,7 @@ static int replmd_add(struct ldb_module *module, struct ldb_request *req) if (control) { control->critical = 0; } - if (ldb_dn_compare_base(ac->schema->base_dn, req->op.add.message->dn) != 0) { + if (ldb_dn_compare_base(replmd_private->schema_dn, req->op.add.message->dn) != 0) { /* Update the usn in the SAMLDB_MSDS_INTID_OPAQUE opaque */ msds_intid_struct = (struct samldb_msds_intid_persistant *) ldb_get_opaque(ldb, SAMLDB_MSDS_INTID_OPAQUE); @@ -2471,6 +2476,8 @@ static int replmd_modify(struct ldb_module *module, struct ldb_request *req) unsigned int functional_level; const DATA_BLOB *guid_blob; struct ldb_control *sd_propagation_control; + struct replmd_private *replmd_private = + talloc_get_type(ldb_module_get_private(module), struct replmd_private); /* do not manipulate our control entries */ if (ldb_dn_is_special(req->op.mod.message->dn)) { @@ -2609,7 +2616,7 @@ static int replmd_modify(struct ldb_module *module, struct ldb_request *req) } } - if (!ldb_dn_compare_base(ac->schema->base_dn, msg->dn)) { + if (!ldb_dn_compare_base(replmd_private->schema_dn, msg->dn)) { /* Update the usn in the SAMLDB_MSDS_INTID_OPAQUE opaque */ msds_intid_struct = (struct samldb_msds_intid_persistant *) ldb_get_opaque(ldb, SAMLDB_MSDS_INTID_OPAQUE); if (msds_intid_struct) { diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 981898ee4d9..ad3d4da17da 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -509,7 +509,8 @@ static int samldb_add_handle_msDS_IntId(struct samldb_ctx *ac) continue; } - ret = dsdb_module_load_partition_usn(ac->module, schema->base_dn, ¤t_usn, NULL, NULL); + ret = dsdb_module_load_partition_usn(ac->module, schema_dn, + ¤t_usn, NULL, NULL); if (ret != LDB_SUCCESS) { ldb_debug_set(ldb, LDB_DEBUG_ERROR, __location__": Searching for schema USN failed: %s\n", diff --git a/source4/dsdb/samdb/ldb_modules/schema_data.c b/source4/dsdb/samdb/ldb_modules/schema_data.c index 3ce7ef9935c..996b1f22386 100644 --- a/source4/dsdb/samdb/ldb_modules/schema_data.c +++ b/source4/dsdb/samdb/ldb_modules/schema_data.c @@ -144,6 +144,8 @@ static int schema_data_add(struct ldb_module *module, struct ldb_request *req) WERROR status; bool rodc = false; int ret; + struct schema_data_private_data *mc; + mc = talloc_get_type(ldb_module_get_private(module), struct schema_data_private_data); ldb = ldb_module_get_ctx(module); @@ -162,12 +164,6 @@ static int schema_data_add(struct ldb_module *module, struct ldb_request *req) return ldb_next_request(module, req); } - if (schema->base_dn == NULL) { - ldb_debug_set(ldb, LDB_DEBUG_FATAL, - "schema_data_add: base_dn NULL\n"); - return LDB_ERR_OPERATIONS_ERROR; - } - ret = samdb_rodc(ldb, &rodc); if (ret != LDB_SUCCESS) { DEBUG(4, (__location__ ": unable to tell if we are an RODC \n")); @@ -190,7 +186,7 @@ static int schema_data_add(struct ldb_module *module, struct ldb_request *req) * the provision code needs to create * the schema root object. */ - cmp = ldb_dn_compare(req->op.add.message->dn, schema->base_dn); + cmp = ldb_dn_compare(req->op.add.message->dn, mc->schema_dn); if (cmp == 0) { return ldb_next_request(module, req); } @@ -201,7 +197,7 @@ static int schema_data_add(struct ldb_module *module, struct ldb_request *req) return ldb_oom(ldb); } - cmp = ldb_dn_compare(parent_dn, schema->base_dn); + cmp = ldb_dn_compare(parent_dn, mc->schema_dn); if (cmp != 0) { ldb_debug_set(ldb, LDB_DEBUG_ERROR, "schema_data_add: no direct child :%s\n", @@ -257,6 +253,8 @@ static int schema_data_modify(struct ldb_module *module, struct ldb_request *req bool rodc = false; int ret; struct ldb_control *sd_propagation_control; + struct schema_data_private_data *mc; + mc = talloc_get_type(ldb_module_get_private(module), struct schema_data_private_data); ldb = ldb_module_get_ctx(module); @@ -295,7 +293,7 @@ static int schema_data_modify(struct ldb_module *module, struct ldb_request *req return ldb_next_request(module, req); } - cmp = ldb_dn_compare(req->op.mod.message->dn, schema->base_dn); + cmp = ldb_dn_compare(req->op.mod.message->dn, mc->schema_dn); if (cmp == 0) { static const char * const constrained_attrs[] = { "schemaInfo", diff --git a/source4/dsdb/samdb/ldb_modules/schema_load.c b/source4/dsdb/samdb/ldb_modules/schema_load.c index f19d0c5830b..fc725dfc6eb 100644 --- a/source4/dsdb/samdb/ldb_modules/schema_load.c +++ b/source4/dsdb/samdb/ldb_modules/schema_load.c @@ -161,6 +161,7 @@ static struct dsdb_schema *dsdb_schema_refresh(struct ldb_module *module, struct int ret; struct ldb_context *ldb = ldb_module_get_ctx(module); struct dsdb_schema *new_schema; + struct ldb_dn *schema_dn = ldb_get_schema_basedn(ldb); time_t ts, lastts; struct schema_load_private_data *private_data = talloc_get_type(ldb_module_get_private(module), struct schema_load_private_data); @@ -199,12 +200,12 @@ static struct dsdb_schema *dsdb_schema_refresh(struct ldb_module *module, struct } schema->last_refresh = ts; - ret = dsdb_module_load_partition_usn(module, schema->base_dn, ¤t_usn, NULL, NULL); + ret = dsdb_module_load_partition_usn(module, schema_dn, ¤t_usn, NULL, NULL); if (ret != LDB_SUCCESS || current_usn == schema->loaded_usn) { return schema; } - ret = dsdb_schema_from_db(module, schema->base_dn, current_usn, &new_schema); + ret = dsdb_schema_from_db(module, schema_dn, current_usn, &new_schema); if (ret != LDB_SUCCESS) { return schema; } |