aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGary Lockyer <gary@catalyst.net.nz>2018-10-15 16:02:40 +1300
committerAndrew Bartlett <abartlet@samba.org>2018-10-19 09:34:46 +0200
commit7b59cd74f9f75d85b91c6ca517d0243e7f6bd2e1 (patch)
tree8e70f2dbf707d0a955d405d8d14b18c1c9c5701a
parente1eee614ca8a3f0f5609a3d9d8ce7ae926de1f9e (diff)
downloadsamba-7b59cd74f9f75d85b91c6ca517d0243e7f6bd2e1.tar.gz
samba-7b59cd74f9f75d85b91c6ca517d0243e7f6bd2e1.tar.xz
samba-7b59cd74f9f75d85b91c6ca517d0243e7f6bd2e1.zip
dsdb encrypted_secrets: Allow "ldb:// and "mdb://" in file path
Correctly handle "ldb://" and "mdb://" schemes in the file path when determining the path for the encrypted secrets key file. When creating a new user and specifying the local file path of the sam.ldb DB, it was possible to create an account that you could not login with. The path for the key file was incorrectly calculated for the "ldb://" and "mdb://" schemes, the scheme was not stripped from the path and the subsequent open of the key file failed. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13653 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Oct 19 09:34:46 CEST 2018 on sn-devel-144
-rw-r--r--selftest/knownfail.d/bug1365314
-rw-r--r--source4/dsdb/samdb/ldb_modules/encrypted_secrets.c6
2 files changed, 6 insertions, 14 deletions
diff --git a/selftest/knownfail.d/bug13653 b/selftest/knownfail.d/bug13653
deleted file mode 100644
index 14b955de178..00000000000
--- a/selftest/knownfail.d/bug13653
+++ /dev/null
@@ -1,14 +0,0 @@
-^samba.tests.blackbox.bug13653.samba.tests.blackbox.bug13653.Bug13653Tests.test_ldb_scheme
-^samba.tests.blackbox.bug13653.python3.samba.tests.blackbox.bug13653.Bug13653Tests.test_ldb_scheme
-^samba4.dsdb.samdb.ldb_modules.encrypted_secrets.mdb.test_key_file
-^samba4.dsdb.samdb.ldb_modules.encrypted_secrets.mdb.test_key_file_short_key
-^samba4.dsdb.samdb.ldb_modules.encrypted_secrets.mdb.test_key_file_long_key
-^samba4.dsdb.samdb.ldb_modules.encrypted_secrets.mdb.test_gnutls_value_encryption
-^samba4.dsdb.samdb.ldb_modules.encrypted_secrets.mdb.test_gnutls_altered_header
-^samba4.dsdb.samdb.ldb_modules.encrypted_secrets.mdb.test_gnutls_altered_data
-^samba4.dsdb.samdb.ldb_modules.encrypted_secrets.mdb.test_gnutls_altered_iv
-^samba4.dsdb.samdb.ldb_modules.encrypted_secrets.mdb.test_samba_value_encryption
-^samba4.dsdb.samdb.ldb_modules.encrypted_secrets.mdb.test_samba_altered_header
-^samba4.dsdb.samdb.ldb_modules.encrypted_secrets.mdb.test_samba_altered_data
-^samba4.dsdb.samdb.ldb_modules.encrypted_secrets.mdb.test_samba_altered_iv
-^samba4.dsdb.samdb.ldb_modules.encrypted_secrets.mdb.test_message_encryption_decryption
diff --git a/source4/dsdb/samdb/ldb_modules/encrypted_secrets.c b/source4/dsdb/samdb/ldb_modules/encrypted_secrets.c
index ef69bb0831c..b2df15c08f4 100644
--- a/source4/dsdb/samdb/ldb_modules/encrypted_secrets.c
+++ b/source4/dsdb/samdb/ldb_modules/encrypted_secrets.c
@@ -131,6 +131,12 @@ static const char* get_key_directory(TALLOC_CTX *ctx, struct ldb_context *ldb)
if (strncmp("tdb://", sam_ldb_path, 6) == 0) {
sam_ldb_path += 6;
}
+ else if (strncmp("ldb://", sam_ldb_path, 6) == 0) {
+ sam_ldb_path += 6;
+ }
+ else if (strncmp("mdb://", sam_ldb_path, 6) == 0) {
+ sam_ldb_path += 6;
+ }
private_dir = talloc_strdup(ctx, sam_ldb_path);
if (private_dir == NULL) {
ldb_set_errstring(ldb,