IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
- documentation fixes
- build with Python 3.12 (bug #15513)
- a lot of additional error checking in
the python bindings
- minor code fixes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15513
Signed-off-by: Jule Anger <janger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
When we added a second run of the Python testsuite, the return code from
the first run began to go ignored.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
If we’re going to call PyList_Size() on an object, we should be sure
that it is a list first.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Accessing the wrong member of a union invokes undefined behaviour.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
PyObject_AsMessageElement() has ‘flags’ and ‘attr_name’ parameters to
set properties of the returned MessageElement, but they apply only
*sometimes*.
‘attr_name’ not being set can result in cryptic and misleading error
messages from various ldb operations.
Changing the function’s behaviour to be more consistent could break
existing code, so we work around the issue instead.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
If ‘tmp’ happens to be garbage-collected, ‘name’ will become invalid.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2023-0614 Not-secret but access controlled LDAP attributes can be discovered (bug 15270)
* pyldb: Raise an exception if ldb_dn_get_parent() fails
* Implement ldap_whoami in pyldb and add the RFC4532 LDB_EXTENDED_WHOAMI_OID definition
* Documentation and spelling fixes
* Add ldb_val -> bool,uint64,int64 parsing functions
* Split out ldb_val_as_dn() helper function
* add LDB_CHANGETYPE_MODRDN support to ldb_ldif_to_pyobject()
* add LDB_CHANGETYPE_DELETE support to ldb_ldif_to_pyobject()
* let ldb_ldif_parse_modrdn() handle names without 'rdn_name=' prefix
* Don't create error string if there is no error
* Avoid allocation and memcpy() for every wildcard match candidate
* Make ldb_msg_remove_attr O(n)
* pyldb: Throw error on invalid controls
* pyldb: remove py2 ifdefs
* Call tevent_set_max_debug_level(TEVENT_DEBUG_TRACE)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Jule Anger <janger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This means ldb_tevent_debug() is only called for TEVENT_DEBUG_TRACE.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Removing the explicit notice about ldb in order to
have the same content in all copies of dlinklist.h
in the next commits.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Such a failure could be caused by situations other than memory errors,
but a simple indication of failure is all that ldb_dn_get_parent() gives
us to work with.
We keep the old behaviour of returning None if the DN has no components,
which an existing test (ldb.python.api.DnTests.test_parent_nonexistent)
expects.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Using Py_CLEAR() ensures that these structures are observed in a
consistent state by any Python code that may run during deconstruction.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Fix the following error observed running samba.test.registry
compiled with clang-17 and UBsan:
lib/ldb/common/ldb_ldif.c:881:9: runtime error: applying non-zero offset 137438953440 to null pointer
#0 0x7faa0eb3932f in ldb_ldif_read lib/ldb/common/ldb_ldif.c:881
#1 0x7faa0eb3aec6 in ldb_ldif_read_string lib/ldb/common/ldb_ldif.c:1004
#2 0x7faa077ed759 in dsdb_set_schema_from_ldif source4/dsdb/schema/schema_set.c:1113
#3 0x7faa068fcbbf in py_dsdb_set_schema_from_ldif source4/dsdb/pydsdb.c:929
#4 0x7faa1d1d4507 in cfunction_call (/lib64/libpython3.11.so.1.0+0x1d4507)
[... a lot of Python calls skipped...]
I.e. number of elements should be checked against zero
before making an attempt to access an element by index.
Signed-off-by: Dmitry Antipov <dantipov@cloudlinux.com>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
If we don't check for NULL after each loop iteration, the failure could
be masked in the next iteration by talloc_asprintf_append() allocating
on the NULL context. That could result in values getting lost.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Computing a pointer that points outside of an array, and not to one past
the last element, is undefined behaviour. To avoid this, do our
comparisons in terms of lengths, not pointers.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
If the LDB_UNPACK_DATA_FLAG_NO_ATTRS flag is set, we don't return any
elements, so we should set num_elements accordingly. This ensures
callers don't try to access elements that aren't there.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
That an attribute has been access checked doesn't mean that the user has
the right to view it.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Commit bed9efa6cd introduced
ldb_msg_add_linearized_dn() to replace ldb_msg_add_dn(), but retained
the now-incorrect associated comment. The comment later made its way
into a function added later by commit 'CVE-2022-32746 ldb: Add functions
for appending to an ldb_message'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15008
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>