From 4e8ca6140aff0cac534d2ea2e370c1dc70a73b21 Mon Sep 17 00:00:00 2001 From: Jo Sutton Date: Wed, 1 May 2024 16:54:01 +1200 Subject: [PATCH] ldb: Attach appropriate ldb context to returned result This is done by adding a new API that avoids the problems of ldb_dn_copy() and makes it clear that a struct ldb_context * pointer will be stored in the new copy. Signed-off-by: Jo Sutton Reviewed-by: Andrew Bartlett --- lib/ldb/ABI/ldb-2.10.0.sigs | 1 + lib/ldb/common/ldb_dn.c | 16 ++++++++++++++++ lib/ldb/include/ldb.h | 3 +++ lib/ldb/ldb_key_value/ldb_kv_search.c | 2 +- python/samba/tests/krb5/gmsa_tests.py | 2 +- 5 files changed, 22 insertions(+), 2 deletions(-) diff --git a/lib/ldb/ABI/ldb-2.10.0.sigs b/lib/ldb/ABI/ldb-2.10.0.sigs index f23014ffaaa..bd9aa54a005 100644 --- a/lib/ldb/ABI/ldb-2.10.0.sigs +++ b/lib/ldb/ABI/ldb-2.10.0.sigs @@ -47,6 +47,7 @@ ldb_dn_check_special: bool (struct ldb_dn *, const char *) ldb_dn_compare: int (struct ldb_dn *, struct ldb_dn *) ldb_dn_compare_base: int (struct ldb_dn *, struct ldb_dn *) ldb_dn_copy: struct ldb_dn *(TALLOC_CTX *, struct ldb_dn *) +ldb_dn_copy_with_ldb_context: struct ldb_dn *(TALLOC_CTX *, struct ldb_dn *, struct ldb_context *) ldb_dn_escape_value: char *(TALLOC_CTX *, struct ldb_val) ldb_dn_extended_add_syntax: int (struct ldb_context *, unsigned int, const struct ldb_dn_extended_syntax *) ldb_dn_extended_filter: void (struct ldb_dn *, const char * const *) diff --git a/lib/ldb/common/ldb_dn.c b/lib/ldb/common/ldb_dn.c index cb4266dca91..e785a6d9e3d 100644 --- a/lib/ldb/common/ldb_dn.c +++ b/lib/ldb/common/ldb_dn.c @@ -1398,6 +1398,22 @@ struct ldb_dn *ldb_dn_copy(TALLOC_CTX *mem_ctx, struct ldb_dn *dn) return new_dn; } +struct ldb_dn *ldb_dn_copy_with_ldb_context(TALLOC_CTX *mem_ctx, + struct ldb_dn *dn, + struct ldb_context *ldb) +{ + struct ldb_dn *new_dn = NULL; + + new_dn = ldb_dn_copy(mem_ctx, dn); + if (new_dn == NULL) { + return NULL; + } + + /* Set the ldb context. */ + new_dn->ldb = ldb; + return new_dn; +} + /* modify the given dn by adding a base. * * return true if successful and false if not diff --git a/lib/ldb/include/ldb.h b/lib/ldb/include/ldb.h index f29392ad4ea..f2d4642375f 100644 --- a/lib/ldb/include/ldb.h +++ b/lib/ldb/include/ldb.h @@ -1902,6 +1902,9 @@ bool ldb_dn_add_child_val(struct ldb_dn *dn, struct ldb_val value); struct ldb_dn *ldb_dn_copy(TALLOC_CTX *mem_ctx, struct ldb_dn *dn); +struct ldb_dn *ldb_dn_copy_with_ldb_context(TALLOC_CTX *mem_ctx, + struct ldb_dn *dn, + struct ldb_context *ldb); struct ldb_dn *ldb_dn_get_parent(TALLOC_CTX *mem_ctx, struct ldb_dn *dn); char *ldb_dn_canonical_string(TALLOC_CTX *mem_ctx, struct ldb_dn *dn); char *ldb_dn_canonical_ex_string(TALLOC_CTX *mem_ctx, struct ldb_dn *dn); diff --git a/lib/ldb/ldb_key_value/ldb_kv_search.c b/lib/ldb/ldb_key_value/ldb_kv_search.c index 5dbbae6b15c..9d0d218b48a 100644 --- a/lib/ldb/ldb_key_value/ldb_kv_search.c +++ b/lib/ldb/ldb_key_value/ldb_kv_search.c @@ -586,7 +586,7 @@ static int ldb_kv_search_and_return_base(struct ldb_kv_private *ldb_kv, * returned result, as it has already been * casefolded */ - struct ldb_dn *dn = ldb_dn_copy(msg, ctx->base); + struct ldb_dn *dn = ldb_dn_copy_with_ldb_context(msg, ctx->base, ldb); if (dn != NULL) { msg->dn = dn; } diff --git a/python/samba/tests/krb5/gmsa_tests.py b/python/samba/tests/krb5/gmsa_tests.py index f27e4235713..4189f05d22d 100755 --- a/python/samba/tests/krb5/gmsa_tests.py +++ b/python/samba/tests/krb5/gmsa_tests.py @@ -1800,7 +1800,7 @@ class GmsaTests(GkdiBaseTest, KDCBaseTest): modify_attr("lockoutThreshold", lockout_threshold) creds = self.gmsa_account(kerberos_enabled=kerberos_enabled) - dn = ldb.Dn(samdb, str(creds.get_dn())) + dn = creds.get_dn() # Truncate the password to ensure that it is invalid. creds.set_password(creds.get_password()[:-1]) -- 2.47.3