sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-27 22:50:26 +03:00
Code

samldb: Address birthday paradox adding an RODC

Browse Source 
It is possible that the randomly chosen RODC number will be one
that is already in use.  The samldb_krbtgtnumber_available()
function was meant to prevent that, but due to a typo did not.

There is no other race here as the whole thing is inside a transaction,
and we have duplicate protection on samAccountName, so the failure
looked like this:

...
Adding CN=krbtgt_TESTRODCDRS5320202,CN=Users,DC=samba,DC=example,DC=com
UNEXPECTED(error): samba4.drs.repl_rodc.python(ad_dc_ntvfs).repl_rodc.DrsRodcTestCase.test_msDSRevealedUsers_admin(ad_dc_ntvfs)
REASON: Exception: Exception: Traceback (most recent call last):
  File "/m/abartlet/aMASTER/b1635147/samba-def-build/source4/torture/drs/python/repl_rodc.py", line 111, in setUp
    self._create_rodc(self.rodc_ctx)
  File "/m/abartlet/aMASTER/b1635147/samba-def-build/source4/torture/drs/python/repl_rodc.py", line 693, in _create_rodc
    ctx.join_add_objects()
  File "bin/python/samba/join.py", line 641, in join_add_objects
    ctx.add_krbtgt_account()
  File "bin/python/samba/join.py", line 429, in add_krbtgt_account
    ctx.samdb.add(rec, ["rodc_join:1:1"])
_ldb.LdbError: (68, "LDAP error 68 LDAP_ENTRY_ALREADY_EXISTS -  <00002071: samldb: samAccountName krbtgt_4405 already in use!> <>")

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14854

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Oct  1 20:50:37 UTC 2021 on sn-devel-184

(cherry picked from commit b6d60e8f4d06ca9733a4cc3094312a3dc456a656)

Autobuild-User(v4-15-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-15-test): Mon Oct  4 12:55:41 UTC 2021 on sn-devel-184
This commit is contained in:
Andrew Bartlett 2021-07-05 15:57:09 +12:00 committed by Jule Anger
parent eb28bd54ac
commit c951464806
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
source4/dsdb/samdb/ldb_modules/samldb.c
View File

@ -652,7 +652,7 @@ static bool samldb_krbtgtnumber_available(struct samldb_ctx *ac,
LDB_SCOPE_SUBTREE, no_attrs,
DSDB_FLAG_NEXT_MODULE,
ac->req,
"(msDC-SecondaryKrbTgtNumber=%u)",
"(msDS-SecondaryKrbTgtNumber=%u)",
krbtgt_number);
if (ret == LDB_SUCCESS && res->count == 0) {
talloc_free(tmp_ctx);
@ -670,7 +670,7 @@ static int samldb_rodc_add(struct samldb_ctx *ac)
int ret;
struct ldb_val newpass_utf16;
/* find a unused msDC-SecondaryKrbTgtNumber */
/* find a unused msDS-SecondaryKrbTgtNumber */
i_start = generate_random() & 0xFFFF;
if (i_start == 0) {
i_start = 1;