dsdb encrypted_secrets: Allow "ldb:// and "mdb://" in file path

Correctly handle "ldb://" and "mdb://" schemes in the file path when
determining the path for the encrypted secrets key file.

When creating a new user and specifying the local file path of the
sam.ldb DB, it was possible to create an account that you could not
login with. The path for the key file was incorrectly calculated
for the "ldb://" and "mdb://" schemes, the scheme was not stripped from
the path and the subsequent open of the key file failed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13653

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Oct 19 09:34:46 CEST 2018 on sn-devel-144

diff --git a/selftest/knownfail.d/bug13653 b/selftest/knownfail.d/bug13653
deleted file mode 100644 (file)
index 14b955d..0000000
--- a/selftest/knownfail.d/bug13653
+++ /dev/null
@@ -1,14 +0,0 @@
-^samba.tests.blackbox.bug13653.samba.tests.blackbox.bug13653.Bug13653Tests.test_ldb_scheme
-^samba.tests.blackbox.bug13653.python3.samba.tests.blackbox.bug13653.Bug13653Tests.test_ldb_scheme
-^samba4.dsdb.samdb.ldb_modules.encrypted_secrets.mdb.test_key_file
-^samba4.dsdb.samdb.ldb_modules.encrypted_secrets.mdb.test_key_file_short_key
-^samba4.dsdb.samdb.ldb_modules.encrypted_secrets.mdb.test_key_file_long_key
-^samba4.dsdb.samdb.ldb_modules.encrypted_secrets.mdb.test_gnutls_value_encryption
-^samba4.dsdb.samdb.ldb_modules.encrypted_secrets.mdb.test_gnutls_altered_header
-^samba4.dsdb.samdb.ldb_modules.encrypted_secrets.mdb.test_gnutls_altered_data
-^samba4.dsdb.samdb.ldb_modules.encrypted_secrets.mdb.test_gnutls_altered_iv
-^samba4.dsdb.samdb.ldb_modules.encrypted_secrets.mdb.test_samba_value_encryption
-^samba4.dsdb.samdb.ldb_modules.encrypted_secrets.mdb.test_samba_altered_header
-^samba4.dsdb.samdb.ldb_modules.encrypted_secrets.mdb.test_samba_altered_data
-^samba4.dsdb.samdb.ldb_modules.encrypted_secrets.mdb.test_samba_altered_iv
-^samba4.dsdb.samdb.ldb_modules.encrypted_secrets.mdb.test_message_encryption_decryption

diff --git a/source4/dsdb/samdb/ldb_modules/encrypted_secrets.c b/source4/dsdb/samdb/ldb_modules/encrypted_secrets.c
index ef69bb0831c99d223460335e13d630eb03b3c695..b2df15c08f4f2401a83c40dc1e57e55fb34dd864 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/encrypted_secrets.c
+++ b/source4/dsdb/samdb/ldb_modules/encrypted_secrets.c
@@ -131,6 +131,12 @@ static const char* get_key_directory(TALLOC_CTX *ctx, struct ldb_context *ldb)
        if (strncmp("tdb://", sam_ldb_path, 6) == 0) {
                sam_ldb_path += 6;
        }
+       else if (strncmp("ldb://", sam_ldb_path, 6) == 0) {
+               sam_ldb_path += 6;
+       }
+       else if (strncmp("mdb://", sam_ldb_path, 6) == 0) {
+               sam_ldb_path += 6;
+       }
        private_dir = talloc_strdup(ctx, sam_ldb_path);
        if (private_dir == NULL) {
                ldb_set_errstring(ldb,