The branch, v4-0-test has been updated
via cc13903 torture: Add tests for LDAP substring search with no
strings provided
via 51f19c4 libcli/ldap: Cope with substring match with no chunks in
ldap_push_filter
via 980ecbf ldb: bump version to allow a depencency on the substring
crash fix
via 1650e8a ldb: Cope with substring match with no chunks in
ldb_filter_from_tree
via df6574c ldb: Ensure not to segfault on a filter such as (mail=)
via b67c906 heimdal_build: Add missing dep on samba4kgetcred
from 4b25860 docs: Avoid mentioning a possibly misleading option.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test
- Log -----------------------------------------------------------------
commit cc139035600923af4e8837548f5f210f191c3b38
Author: Andrew Bartlett <abart...@samba.org>
Date: Sat Jun 22 16:55:08 2013 +1000
torture: Add tests for LDAP substring search with no strings provided
Signed-off-by: Andrew Bartlett <abart...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
Autobuild-User(master): Jeremy Allison <j...@samba.org>
Autobuild-Date(master): Mon Jun 24 23:55:07 CEST 2013 on sn-devel-104
(cherry picked from commit 7bf8fc7ca2321c25b9194a0a13df6a8b4e783c9e)
The last 5 patches address bug #9967 - Fix crash bug from search of mail=.
Autobuild-User(v4-0-test): Karolin Seeger <ksee...@samba.org>
Autobuild-Date(v4-0-test): Tue Jun 25 13:35:05 CEST 2013 on sn-devel-104
commit 51f19c4e8517148030efbdd7830b5739bfc82328
Author: Andrew Bartlett <abart...@samba.org>
Date: Sat Jun 22 17:01:42 2013 +1000
libcli/ldap: Cope with substring match with no chunks in ldap_push_filter
Signed-off-by: Andrew Bartlett <abart...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
(cherry picked from commit 70cb7fd214041e8ffacc98de4dbde3ecd77bba85)
commit 980ecbf13d6b29bdb280b024d4bcb9243159ded5
Author: Andrew Bartlett <abart...@samba.org>
Date: Mon Jun 24 15:28:39 2013 +1000
ldb: bump version to allow a depencency on the substring crash fix
Signed-off-by: Andrew Bartlett <abart...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
(cherry picked from commit 4ca963926938917bf32af4eead61ded2a8275139)
commit 1650e8a9a244d0ea029dc0ce88eda277cf2be261
Author: Andrew Bartlett <abart...@samba.org>
Date: Sat Jun 22 17:01:02 2013 +1000
ldb: Cope with substring match with no chunks in ldb_filter_from_tree
Signed-off-by: Andrew Bartlett <abart...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
(cherry picked from commit 1a279f74b72018f0742fc407e0574c9dbd7b7883)
commit df6574ce0f73b9574a95d927c67774a31d07fa6a
Author: Andrew Bartlett <abart...@samba.org>
Date: Sat Jun 15 16:00:42 2013 +1000
ldb: Ensure not to segfault on a filter such as (mail=)
As reported by Robin McCorkell <xenopat...@gmail.com> triggered by
Mozilla Thunderbird as an LDAP client.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abart...@samba.org>
Reviewed-by: Matthieu Patou <m...@matws.net>
Autobuild-User(master): Andrew Bartlett <abart...@samba.org>
Autobuild-Date(master): Sat Jun 22 09:33:14 CEST 2013 on sn-devel-104
(cherry picked from commit 0ee8650d778736a130e914df9e14734ef18e0fb5)
commit b67c906b20f4658bb1c1bfd3bebef521c7063916
Author: Andrew Bartlett <abart...@samba.org>
Date: Sun Jun 16 14:02:57 2013 +1000
heimdal_build: Add missing dep on samba4kgetcred
This started to fail on current Debian Sid with system Heimdal after a
binutils update.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abart...@samba.org>
Reviewed-By: Jelmer Vernooij <jel...@samba.org>
Autobuild-User(master): Andrew Bartlett <abart...@samba.org>
Autobuild-Date(master): Tue Jun 25 02:30:59 CEST 2013 on sn-devel-104
(cherry picked from commit 48ae86f74c5ed2ae2612d61e232bfcf93d44c7f8)
Fix bug #9968 - fix build with system Heimdal of samba4kgetcred.
-----------------------------------------------------------------------
Summary of changes:
lib/ldb/ABI/{ldb-1.1.14.sigs => ldb-1.1.16.sigs} | 0
...ldb-util-1.1.10.sigs => pyldb-util-1.1.16.sigs} | 0
lib/ldb/common/ldb_match.c | 5 +
lib/ldb/common/ldb_parse.c | 2 +-
lib/ldb/wscript | 2 +-
libcli/ldap/ldap_message.c | 41 ++++----
source4/heimdal_build/wscript_build | 2 +-
source4/torture/ldap/basic.c | 110 ++++++++++++++++++++
8 files changed, 140 insertions(+), 22 deletions(-)
copy lib/ldb/ABI/{ldb-1.1.14.sigs => ldb-1.1.16.sigs} (100%)
copy lib/ldb/ABI/{pyldb-util-1.1.10.sigs => pyldb-util-1.1.16.sigs} (100%)
Changeset truncated at 500 lines:
diff --git a/lib/ldb/ABI/ldb-1.1.14.sigs b/lib/ldb/ABI/ldb-1.1.16.sigs
similarity index 100%
copy from lib/ldb/ABI/ldb-1.1.14.sigs
copy to lib/ldb/ABI/ldb-1.1.16.sigs
diff --git a/lib/ldb/ABI/pyldb-util-1.1.10.sigs
b/lib/ldb/ABI/pyldb-util-1.1.16.sigs
similarity index 100%
copy from lib/ldb/ABI/pyldb-util-1.1.10.sigs
copy to lib/ldb/ABI/pyldb-util-1.1.16.sigs
diff --git a/lib/ldb/common/ldb_match.c b/lib/ldb/common/ldb_match.c
index 5eee02d..7918aec 100644
--- a/lib/ldb/common/ldb_match.c
+++ b/lib/ldb/common/ldb_match.c
@@ -249,6 +249,11 @@ static int ldb_wildcard_compare(struct ldb_context *ldb,
return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
}
+ if (tree->u.substring.chunks == NULL) {
+ *matched = false;
+ return LDB_SUCCESS;
+ }
+
if (a->syntax->canonicalise_fn(ldb, ldb, &value, &val) != 0) {
return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
}
diff --git a/lib/ldb/common/ldb_parse.c b/lib/ldb/common/ldb_parse.c
index 33e8444..5fa5a74 100644
--- a/lib/ldb/common/ldb_parse.c
+++ b/lib/ldb/common/ldb_parse.c
@@ -748,7 +748,7 @@ char *ldb_filter_from_tree(TALLOC_CTX *mem_ctx, const
struct ldb_parse_tree *tre
ret = talloc_asprintf(mem_ctx, "(%s=%s", tree->u.substring.attr,
tree->u.substring.start_with_wildcard?"*":"");
if (ret == NULL) return NULL;
- for (i = 0; tree->u.substring.chunks[i]; i++) {
+ for (i = 0; tree->u.substring.chunks &&
tree->u.substring.chunks[i]; i++) {
s2 = ldb_binary_encode(mem_ctx,
*(tree->u.substring.chunks[i]));
if (s2 == NULL) {
talloc_free(ret);
diff --git a/lib/ldb/wscript b/lib/ldb/wscript
index 983d5a2..f2ea8e1 100755
--- a/lib/ldb/wscript
+++ b/lib/ldb/wscript
@@ -1,7 +1,7 @@
#!/usr/bin/env python
APPNAME = 'ldb'
-VERSION = '1.1.15'
+VERSION = '1.1.16'
blddir = 'bin'
diff --git a/libcli/ldap/ldap_message.c b/libcli/ldap/ldap_message.c
index f640bf3..1c5542c 100644
--- a/libcli/ldap/ldap_message.c
+++ b/libcli/ldap/ldap_message.c
@@ -269,26 +269,29 @@ static bool ldap_push_filter(struct asn1_data *data,
struct ldb_parse_tree *tree
asn1_push_tag(data, ASN1_CONTEXT(4));
asn1_write_OctetString(data, tree->u.substring.attr,
strlen(tree->u.substring.attr));
asn1_push_tag(data, ASN1_SEQUENCE(0));
- i = 0;
- if ( ! tree->u.substring.start_with_wildcard) {
- asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(0));
- asn1_write_DATA_BLOB_LDAPString(data,
tree->u.substring.chunks[i]);
- asn1_pop_tag(data);
- i++;
- }
- while (tree->u.substring.chunks[i]) {
- int ctx;
- if (( ! tree->u.substring.chunks[i + 1]) &&
- (tree->u.substring.end_with_wildcard == 0)) {
- ctx = 2;
- } else {
- ctx = 1;
+ if (tree->u.substring.chunks && tree->u.substring.chunks[0]) {
+ i = 0;
+ if (!tree->u.substring.start_with_wildcard) {
+ asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(0));
+ asn1_write_DATA_BLOB_LDAPString(data,
tree->u.substring.chunks[i]);
+ asn1_pop_tag(data);
+ i++;
+ }
+ while (tree->u.substring.chunks[i]) {
+ int ctx;
+
+ if (( ! tree->u.substring.chunks[i + 1]) &&
+ (tree->u.substring.end_with_wildcard == 0))
{
+ ctx = 2;
+ } else {
+ ctx = 1;
+ }
+ asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(ctx));
+ asn1_write_DATA_BLOB_LDAPString(data,
tree->u.substring.chunks[i]);
+ asn1_pop_tag(data);
+ i++;
}
- asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(ctx));
- asn1_write_DATA_BLOB_LDAPString(data,
tree->u.substring.chunks[i]);
- asn1_pop_tag(data);
- i++;
}
asn1_pop_tag(data);
asn1_pop_tag(data);
diff --git a/source4/heimdal_build/wscript_build
b/source4/heimdal_build/wscript_build
index f447115..d9fc9e3 100644
--- a/source4/heimdal_build/wscript_build
+++ b/source4/heimdal_build/wscript_build
@@ -948,7 +948,7 @@ HEIMDAL_BINARY('samba4kinit',
HEIMDAL_BINARY('samba4kgetcred',
'kuser/kgetcred.c',
- deps='krb5 heimntlm roken HEIMDAL_VERS hcrypto',
+ deps='krb5 heimntlm roken HEIMDAL_VERS hcrypto asn1',
install=False
)
diff --git a/source4/torture/ldap/basic.c b/source4/torture/ldap/basic.c
index 2d65948..8d964ac 100644
--- a/source4/torture/ldap/basic.c
+++ b/source4/torture/ldap/basic.c
@@ -156,6 +156,108 @@ static bool test_search_rootDSE(struct ldap_connection
*conn, const char **based
return ret;
}
+static bool test_search_rootDSE_empty_substring(struct ldap_connection *conn)
+{
+ bool ret = true;
+ struct ldap_message *msg, *result;
+ struct ldap_request *req;
+ NTSTATUS status;
+
+ printf("Testing RootDSE Search with objectclass= substring filter\n");
+
+ msg = new_ldap_message(conn);
+ if (!msg) {
+ return false;
+ }
+
+ msg->type = LDAP_TAG_SearchRequest;
+ msg->r.SearchRequest.basedn = "";
+ msg->r.SearchRequest.scope = LDAP_SEARCH_SCOPE_BASE;
+ msg->r.SearchRequest.deref = LDAP_DEREFERENCE_NEVER;
+ msg->r.SearchRequest.timelimit = 0;
+ msg->r.SearchRequest.sizelimit = 0;
+ msg->r.SearchRequest.attributesonly = false;
+ msg->r.SearchRequest.tree = ldb_parse_tree(msg, "(objectclass=*)");
+ msg->r.SearchRequest.tree->operation = LDB_OP_SUBSTRING;
+ msg->r.SearchRequest.tree->u.substring.attr = "objectclass";
+ msg->r.SearchRequest.tree->u.substring.start_with_wildcard = 1;
+ msg->r.SearchRequest.tree->u.substring.end_with_wildcard = 1;
+ msg->r.SearchRequest.tree->u.substring.chunks = NULL;
+ msg->r.SearchRequest.num_attributes = 0;
+ msg->r.SearchRequest.attributes = NULL;
+
+ req = ldap_request_send(conn, msg);
+ if (req == NULL) {
+ printf("Could not setup ldap search\n");
+ return false;
+ }
+
+ status = ldap_result_one(req, &result, LDAP_TAG_SearchResultEntry);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("looking for search result reply failed - %s\n",
nt_errstr(status));
+ return false;
+ }
+
+ printf("received %d replies\n", req->num_replies);
+
+ return ret;
+}
+
+static bool test_search_auth_empty_substring(struct ldap_connection *conn,
const char *basedn)
+{
+ bool ret = true;
+ struct ldap_message *msg, *result;
+ struct ldap_request *req;
+ NTSTATUS status;
+ struct ldap_Result *r;
+
+ printf("Testing authenticated base Search with objectclass= substring
filter\n");
+
+ msg = new_ldap_message(conn);
+ if (!msg) {
+ return false;
+ }
+
+ msg->type = LDAP_TAG_SearchRequest;
+ msg->r.SearchRequest.basedn = basedn;
+ msg->r.SearchRequest.scope = LDAP_SEARCH_SCOPE_BASE;
+ msg->r.SearchRequest.deref = LDAP_DEREFERENCE_NEVER;
+ msg->r.SearchRequest.timelimit = 0;
+ msg->r.SearchRequest.sizelimit = 0;
+ msg->r.SearchRequest.attributesonly = false;
+ msg->r.SearchRequest.tree = ldb_parse_tree(msg, "(objectclass=*)");
+ msg->r.SearchRequest.tree->operation = LDB_OP_SUBSTRING;
+ msg->r.SearchRequest.tree->u.substring.attr = "objectclass";
+ msg->r.SearchRequest.tree->u.substring.start_with_wildcard = 1;
+ msg->r.SearchRequest.tree->u.substring.end_with_wildcard = 1;
+ msg->r.SearchRequest.tree->u.substring.chunks = NULL;
+ msg->r.SearchRequest.num_attributes = 0;
+ msg->r.SearchRequest.attributes = NULL;
+
+ req = ldap_request_send(conn, msg);
+ if (req == NULL) {
+ printf("Could not setup ldap search\n");
+ return false;
+ }
+
+ status = ldap_result_one(req, &result, LDAP_TAG_SearchResultDone);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("looking for search result done failed - %s\n",
nt_errstr(status));
+ return false;
+ }
+
+ printf("received %d replies\n", req->num_replies);
+
+ r = &result->r.SearchResultDone;
+
+ if (r->resultcode != LDAP_SUCCESS) {
+ printf("search result done gave error - %s\n",
ldb_strerror(r->resultcode));
+ return false;
+ }
+
+ return ret;
+}
+
static bool test_compare_sasl(struct ldap_connection *conn, const char *basedn)
{
struct ldap_message *msg, *rep;
@@ -856,6 +958,10 @@ bool torture_ldap_basic(struct torture_context *torture)
ret = false;
}
+ if (!test_search_rootDSE_empty_substring(conn)) {
+ ret = false;
+ }
+
/* other bind tests here */
if (!test_multibind(conn, userdn, secret)) {
@@ -866,6 +972,10 @@ bool torture_ldap_basic(struct torture_context *torture)
ret = false;
}
+ if (!test_search_auth_empty_substring(conn, basedn)) {
+ ret = false;
+ }
+
if (!test_compare_sasl(conn, basedn)) {
ret = false;
}
--
Samba Shared Repository
