s4-dsdb: fixed crash bug in extended_dn_in

when extended_dn_in fails to resolve a GUID extended DN component, the
debug code assumed that it was a search operation, and accessed
ac->req->op.search.base, which is not valid for non-search DN
expansions.

Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>

diff --git a/source4/dsdb/samdb/ldb_modules/extended_dn_in.c b/source4/dsdb/samdb/ldb_modules/extended_dn_in.c
index 9a70d9a3dbb5c8eded131a26727d5ac623f4bc2f..494413792c0dae21b5689a1ab1550099c6c4e0c3 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/extended_dn_in.c
+++ b/source4/dsdb/samdb/ldb_modules/extended_dn_in.c
@@ -44,6 +44,7 @@ struct extended_search_context {
        struct ldb_module *module;
        struct ldb_request *req;
        struct ldb_dn *basedn;
+       struct ldb_dn *dn;
        char *wellknown_object;
        int extended_type;
 };
@@ -109,7 +110,7 @@ static int extended_base_callback(struct ldb_request *req, struct ldb_reply *are
                           normal provision. We need to return
                           NO_SUCH_OBJECT */
                        const char *str = talloc_asprintf(req, "Duplicate base-DN matches found for '%s'",
-                                                         ldb_dn_get_extended_linearized(req, ac->req->op.search.base, 1));
+                                                         ldb_dn_get_extended_linearized(req, ac->dn, 1));
                        ldb_set_errstring(ldb_module_get_ctx(ac->module), str);
                        return ldb_module_done(ac->req, NULL, NULL,
                                               LDB_ERR_NO_SUCH_OBJECT);
@@ -168,7 +169,7 @@ static int extended_base_callback(struct ldb_request *req, struct ldb_reply *are
 
                if (!ac->basedn) {
                        const char *str = talloc_asprintf(req, "Base-DN '%s' not found",
-                                                         ldb_dn_get_extended_linearized(req, ac->req->op.search.base, 1));
+                                                         ldb_dn_get_extended_linearized(req, ac->dn, 1));
                        ldb_set_errstring(ldb_module_get_ctx(ac->module), str);
                        return ldb_module_done(ac->req, NULL, NULL,
                                               LDB_ERR_NO_SUCH_OBJECT);
@@ -388,6 +389,7 @@ static int extended_dn_in_fix(struct ldb_module *module, struct ldb_request *req
                
                ac->module = module;
                ac->req = req;
+               ac->dn = dn;
                ac->basedn = NULL;  /* Filled in if the search finds the DN by SID/GUID etc */
                ac->wellknown_object = wellknown_object;