File 0034-Use-ndr_pull_steal_switch_value-for-modern-samba-ver.patch of Package sssd.27545
From bd06b0cecb0c5c036cc11d99c3957920f1ef539d Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power@suse.com>
Date: Tue, 24 Mar 2020 13:37:07 +0000
Subject: [PATCH 2/4] Use ndr_pull_steal_switch_value for modern samba versions
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
commit bc56b10aea999284458dcc293b54cf65288e325d attempted to
fix the build error resulting from removal of 'ndr_pull_get_switch'
This change uses the new replacement method
'ndr_pull_steal_switch_value' however depending on the samba version
the ndr_pull_steal_switch_value abi is different.
Note: ndr_pull_steal_switch_value is used since samba 4.10 for
the affected methods
Note: the following methods have been refreshed from samba-4.12 generated
code;
o ndr_pull_security_ace_object_type
o ndr_pull_security_ace_object_inherited_type
o ndr_pull_security_ace_object_ctr
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit 1fdd8fa2fded1985fbfc6aa67394eebcdbb6a2fc)
---
src/external/samba.m4 | 9 ++++++-
src/providers/ad/ad_gpo_ndr.c | 45 ++++++++++++++++++++---------------
2 files changed, 34 insertions(+), 20 deletions(-)
diff --git a/src/external/samba.m4 b/src/external/samba.m4
index f4c8056cd..8520347eb 100644
--- a/src/external/samba.m4
+++ b/src/external/samba.m4
@@ -130,8 +130,15 @@ int main(void)
AC_DEFINE_UNQUOTED(SMB_IDMAP_DOMAIN_HAS_DOM_SID, 1,
[Samba's struct idmap_domain has dom_sid member])
AC_MSG_NOTICE([Samba's struct idmap_domain has dom_sid member])
+ if test $samba_minor_version -ge 12 ; then
+ AC_DEFINE_UNQUOTED(SMB_HAS_NEW_NDR_PULL_STEAL_SWITCH, 1,
+ [Samba's new push/pull switch functions])
+ AC_MSG_NOTICE([Samba has support for new ndr_push_steal_switch_value and ndr_pull_steal_switch_value functions])
+ else
+ AC_MSG_NOTICE([Samba supports old ndr_pull_steal_switch_value and ndr_pull_steal_switch_value functions])
+ fi
else
AC_MSG_NOTICE([Samba's struct idmap_domain does not have dom_sid member])
+ AC_MSG_NOTICE([Samba supports old ndr_pull_steal_switch_value and ndr_pull_steal_switch_value functions])
fi
-
fi
diff --git a/src/providers/ad/ad_gpo_ndr.c b/src/providers/ad/ad_gpo_ndr.c
index e46b627ba..99821251f 100644
--- a/src/providers/ad/ad_gpo_ndr.c
+++ b/src/providers/ad/ad_gpo_ndr.c
@@ -105,9 +105,14 @@ ndr_pull_security_ace_object_type(struct ndr_pull *ndr,
union security_ace_object_type *r)
{
uint32_t level;
- level = ndr_token_peek(&ndr->switch_list, r);
NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
if (ndr_flags & NDR_SCALARS) {
+ /* This token is not used again (except perhaps below in the NDR_BUFFERS case) */
+#ifdef SMB_HAS_NEW_NDR_PULL_STEAL_SWITCH
+ NDR_CHECK(ndr_pull_steal_switch_value(ndr, r, &level));
+#else
+ level = ndr_pull_steal_switch_value(ndr, r);
+#endif
NDR_CHECK(ndr_pull_union_align(ndr, 4));
switch (level) {
case SEC_ACE_OBJECT_TYPE_PRESENT: {
@@ -117,14 +122,6 @@ ndr_pull_security_ace_object_type(struct ndr_pull *ndr,
break; }
}
}
- if (ndr_flags & NDR_BUFFERS) {
- switch (level) {
- case SEC_ACE_OBJECT_TYPE_PRESENT:
- break;
- default:
- break;
- }
- }
return NDR_ERR_SUCCESS;
}
@@ -135,9 +132,14 @@ ndr_pull_security_ace_object_inherited_type(struct ndr_pull *ndr,
union security_ace_object_inherited_type *r)
{
uint32_t level;
- level = ndr_token_peek(&ndr->switch_list, r);
NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
if (ndr_flags & NDR_SCALARS) {
+ /* This token is not used again (except perhaps below in the NDR_BUFFERS case) */
+#ifdef SMB_HAS_NEW_NDR_PULL_STEAL_SWITCH
+ NDR_CHECK(ndr_pull_steal_switch_value(ndr, r, &level));
+#else
+ level = ndr_pull_steal_switch_value(ndr, r);
+#endif
NDR_CHECK(ndr_pull_union_align(ndr, 4));
switch (level) {
case SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT: {
@@ -149,14 +151,6 @@ ndr_pull_security_ace_object_inherited_type(struct ndr_pull *ndr,
break; }
}
}
- if (ndr_flags & NDR_BUFFERS) {
- switch (level) {
- case SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT:
- break;
- default:
- break;
- }
- }
return NDR_ERR_SUCCESS;
}
@@ -198,9 +192,14 @@ ndr_pull_security_ace_object_ctr(struct ndr_pull *ndr,
union security_ace_object_ctr *r)
{
uint32_t level;
- level = ndr_token_peek(&ndr->switch_list, r);
NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
if (ndr_flags & NDR_SCALARS) {
+ /* This token is not used again (except perhaps below in the NDR_BUFFERS case) */
+#ifdef SMB_HAS_NEW_NDR_PULL_STEAL_SWITCH
+ NDR_CHECK(ndr_pull_steal_switch_value(ndr, r, &level));
+#else
+ level = ndr_pull_steal_switch_value(ndr, r);
+#endif
NDR_CHECK(ndr_pull_union_align(ndr, 4));
switch (level) {
case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT: {
@@ -224,6 +223,14 @@ ndr_pull_security_ace_object_ctr(struct ndr_pull *ndr,
}
}
if (ndr_flags & NDR_BUFFERS) {
+ if (!(ndr_flags & NDR_SCALARS)) {
+ /* We didn't get it above, and the token is not needed after this. */
+#ifdef SMB_HAS_NEW_NDR_PULL_STEAL_SWITCH
+ NDR_CHECK(ndr_pull_steal_switch_value(ndr, r, &level));
+#else
+ level = ndr_pull_steal_switch_value(ndr, r);
+#endif
+ }
switch (level) {
case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT:
NDR_CHECK(ndr_pull_security_ace_object
--
2.28.0
