sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-02 09:47:23 +03:00
Code

getncchanges: Prevent a small, but possible race condition in build_object

Browse Source 
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Garming Sam 2017-03-03 11:14:24 +13:00 committed by Andrew Bartlett
parent cf9552effe
commit 2e02f3602d
1 changed files with 39 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
source4/rpc_server/drsuapi/getncchanges.c
View File

@ -491,27 +491,6 @@ static WERROR get_nc_changes_build_object(struct drsuapi_DsReplicaObjectListItem
}
revealed_list_msg->dn = machine_dn;
ldb_err = dsdb_search_dn(sam_ctx, obj, &res, machine_dn, machine_attrs, 0);
if (ldb_err != LDB_SUCCESS || res->count != 1) {
return WERR_DS_DRA_INTERNAL_ERROR;
}
existing_revealed_list_msg = res->msgs[0];
}
werr = get_nc_changes_filter_attrs(obj, md, sam_ctx, msg, &n,
highest_usn, rdn_sa, schema,
extended_op == DRSUAPI_EXOP_REPL_SECRET,
&revealed_list_msg,
existing_revealed_list_msg,
uptodateness_vector,
partial_attribute_set, local_pas,
attids);
if (!W_ERROR_IS_OK(werr)) {
return werr;
}
if (revealed_list_msg != NULL) {
ret = ldb_transaction_start(sam_ctx);
if (ret != LDB_SUCCESS) {
DEBUG(0,(__location__ ": Failed transaction start - %s\n",
@ -519,20 +498,55 @@ static WERROR get_nc_changes_build_object(struct drsuapi_DsReplicaObjectListItem
return WERR_DS_DRA_INTERNAL_ERROR;
}
ret = ldb_modify(sam_ctx, revealed_list_msg);
if (ret != LDB_SUCCESS) {
DEBUG(0,(__location__ ": Failed to commit revealed links - %s\n",
ldb_errstring(sam_ctx)));
ldb_err = dsdb_search_dn(sam_ctx, obj, &res, machine_dn, machine_attrs, 0);
if (ldb_err != LDB_SUCCESS || res->count != 1) {
ldb_transaction_cancel(sam_ctx);
return WERR_DS_DRA_INTERNAL_ERROR;
}
existing_revealed_list_msg = res->msgs[0];
werr = get_nc_changes_filter_attrs(obj, md, sam_ctx, msg, &n,
highest_usn, rdn_sa, schema,
true,
&revealed_list_msg,
existing_revealed_list_msg,
uptodateness_vector,
partial_attribute_set, local_pas,
attids);
if (!W_ERROR_IS_OK(werr)) {
ldb_transaction_cancel(sam_ctx);
return werr;
}
if (revealed_list_msg != NULL) {
ret = ldb_modify(sam_ctx, revealed_list_msg);
if (ret != LDB_SUCCESS) {
DEBUG(0,(__location__ ": Failed to alter revealed links - %s\n",
ldb_errstring(sam_ctx)));
ldb_transaction_cancel(sam_ctx);
return WERR_DS_DRA_INTERNAL_ERROR;
}
}
ret = ldb_transaction_commit(sam_ctx);
if (ret != LDB_SUCCESS) {
DEBUG(0,(__location__ ": Failed transaction commit - %s\n",
ldb_errstring(sam_ctx)));
return WERR_DS_DRA_INTERNAL_ERROR;
}
} else {
werr = get_nc_changes_filter_attrs(obj, md, sam_ctx, msg, &n,
highest_usn, rdn_sa, schema,
false,
&revealed_list_msg,
existing_revealed_list_msg,
uptodateness_vector,
partial_attribute_set, local_pas,
attids);
if (!W_ERROR_IS_OK(werr)) {
return werr;
}
}
/* ignore it if its an empty change. Note that renames always