The branch, master has been updated via 7082902d56a ldap_client: Make ldap_parse_basic_url() IPv6-address aware via 61bc99362a3 ldap_client: Align integer types via 011a2a82953 ldap_client: Make ldap_parse_basic_url take care of ldapi as well via 9d988ce090f pdb_dsdb: Fix typos via 9f3d2ba7ee9 ldb_ldap: Fix a memleak from 3cc0f1eeda5 CVE-2020-14303: s4 nbt: fix busy loop on empty UDP packet
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 7082902d56ab1aa824e6b86bceaa7e1a14b6ef29 Author: Volker Lendecke <v...@samba.org> Date: Wed Jul 1 16:10:17 2020 +0200 ldap_client: Make ldap_parse_basic_url() IPv6-address aware Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Alexander Bokovoy <a...@samba.org> Autobuild-User(master): Volker Lendecke <v...@samba.org> Autobuild-Date(master): Thu Jul 2 12:01:06 UTC 2020 on sn-devel-184 commit 61bc99362a385fc8b59197c416f480a1054054b6 Author: Volker Lendecke <v...@samba.org> Date: Fri Jun 26 08:31:30 2020 +0200 ldap_client: Align integer types Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Alexander Bokovoy <a...@samba.org> commit 011a2a82953fa910e1e7dee9862fbb5deaae8651 Author: Volker Lendecke <v...@samba.org> Date: Thu Jun 25 21:20:04 2020 +0200 ldap_client: Make ldap_parse_basic_url take care of ldapi as well SUSV4's sscanf has the %m modifier, which allocates the right amount. Remove those SMB_ASSERTS for string buffers. Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Alexander Bokovoy <a...@samba.org> commit 9d988ce090fa1755ac203d74b759f210249966ed Author: Volker Lendecke <v...@samba.org> Date: Thu Jun 25 15:59:48 2020 +0200 pdb_dsdb: Fix typos Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Alexander Bokovoy <a...@samba.org> commit 9f3d2ba7ee9e41ddeee376aa74785199ef3dc8a2 Author: Volker Lendecke <v...@samba.org> Date: Wed Jun 24 16:50:34 2020 +0200 ldb_ldap: Fix a memleak Don't allocate a temporary value on a long-term context Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: David Mulder <dmul...@samba.org> ----------------------------------------------------------------------- Summary of changes: lib/ldb/ldb_ldap/ldb_ldap.c | 2 +- source3/passdb/pdb_samba_dsdb.c | 6 +- source4/libcli/ldap/ldap_client.c | 180 +++++++++++++++++++++++--------------- 3 files changed, 114 insertions(+), 74 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/ldb/ldb_ldap/ldb_ldap.c b/lib/ldb/ldb_ldap/ldb_ldap.c index 0531f8a62ae..7545a587c31 100644 --- a/lib/ldb/ldb_ldap/ldb_ldap.c +++ b/lib/ldb/ldb_ldap/ldb_ldap.c @@ -398,7 +398,7 @@ static int lldb_rename(struct lldb_context *lldb_ac) if ((rdn_name != NULL) && (rdn_val != NULL)) { newrdn = talloc_asprintf(lldb_ac, "%s=%s", rdn_name, - rdn_val->length > 0 ? ldb_dn_escape_value(lldb, *rdn_val) : ""); + rdn_val->length > 0 ? ldb_dn_escape_value(lldb_ac, *rdn_val) : ""); } else { newrdn = talloc_strdup(lldb_ac, ""); } diff --git a/source3/passdb/pdb_samba_dsdb.c b/source3/passdb/pdb_samba_dsdb.c index c5f8d479fb6..276bda88efc 100644 --- a/source3/passdb/pdb_samba_dsdb.c +++ b/source3/passdb/pdb_samba_dsdb.c @@ -791,7 +791,7 @@ static NTSTATUS pdb_samba_dsdb_delete_user(struct pdb_methods *m, /* This interface takes a fully populated struct samu and places it in * the database. This is not implemented at this time as we need to - * be careful around the creation of arbitary SIDs (ie, we must ensrue + * be careful around the creation of arbitrary SIDs (ie, we must ensure * they are not left in a RID pool */ static NTSTATUS pdb_samba_dsdb_add_sam_account(struct pdb_methods *m, struct samu *sampass) @@ -880,8 +880,8 @@ static NTSTATUS pdb_samba_dsdb_rename_sam_account(struct pdb_methods *m, return NT_STATUS_NOT_IMPLEMENTED; } -/* This is not implemented, as this module is exptected to be used - * with auth_samba_dsdb, and this is responible for login counters etc +/* This is not implemented, as this module is expected to be used + * with auth_samba_dsdb, and this is responsible for login counters etc * */ static NTSTATUS pdb_samba_dsdb_update_login_attempts(struct pdb_methods *m, diff --git a/source4/libcli/ldap/ldap_client.c b/source4/libcli/ldap/ldap_client.c index abe4e523585..8614ccdfd54 100644 --- a/source4/libcli/ldap/ldap_client.c +++ b/source4/libcli/ldap/ldap_client.c @@ -321,43 +321,102 @@ static void ldap_connection_recv_done(struct tevent_req *subreq) return; } -/* - parse a ldap URL -*/ -static NTSTATUS ldap_parse_basic_url(TALLOC_CTX *mem_ctx, const char *url, - char **host, uint16_t *port, bool *ldaps) +enum ldap_proto { + LDAP_PROTO_NONE, + LDAP_PROTO_LDAP, + LDAP_PROTO_LDAPS, + LDAP_PROTO_LDAPI +}; + +static int ldap_parse_basic_url( + const char *url, + enum ldap_proto *pproto, + TALLOC_CTX *mem_ctx, + char **pdest, /* path for ldapi, host for ldap[s] */ + uint16_t *pport) /* Not set for ldapi */ { - int tmp_port = 0; - char protocol[11]; - char tmp_host[1025]; - int ret; + enum ldap_proto proto = LDAP_PROTO_NONE; + char *host = NULL; + int ret, port; + + if (url == NULL) { + return EINVAL; + } + + if (strncasecmp_m(url, "ldapi://", strlen("ldapi://")) == 0) { + char *path = NULL, *end = NULL; + + path = talloc_strdup(mem_ctx, url+8); + if (path == NULL) { + return ENOMEM; + } + end = rfc1738_unescape(path); + if (end == NULL) { + TALLOC_FREE(path); + return EINVAL; + } - /* Paranoia check */ - SMB_ASSERT(sizeof(protocol)>10 && sizeof(tmp_host)>254); - - ret = sscanf(url, "%10[^:]://%254[^:/]:%d", protocol, tmp_host, &tmp_port); - if (ret < 2) { - return NT_STATUS_INVALID_PARAMETER; + *pproto = LDAP_PROTO_LDAPI; + *pdest = path; + return 0; } - if (strequal(protocol, "ldap")) { - *port = 389; - *ldaps = false; - } else if (strequal(protocol, "ldaps")) { - *port = 636; - *ldaps = true; - } else { - DEBUG(0, ("unrecognised ldap protocol (%s)!\n", protocol)); - return NT_STATUS_PROTOCOL_UNREACHABLE; + if (strncasecmp_m(url, "ldap://", strlen("ldap://")) == 0) { + url += 7; + proto = LDAP_PROTO_LDAP; + port = 389; + } + if (strncasecmp_m(url, "ldaps://", strlen("ldaps://")) == 0) { + url += 8; + port = 636; + proto = LDAP_PROTO_LDAPS; + } + + if (proto == LDAP_PROTO_NONE) { + return EPROTONOSUPPORT; } - if (tmp_port != 0) - *port = tmp_port; + if (url[0] == '[') { + /* + * IPv6 with [aa:bb:cc..]:port + */ + const char *end = NULL; - *host = talloc_strdup(mem_ctx, tmp_host); - NT_STATUS_HAVE_NO_MEMORY(*host); + url +=1; - return NT_STATUS_OK; + end = strchr(url, ']'); + if (end == NULL) { + return EINVAL; + } + + ret = sscanf(end+1, ":%d", &port); + if (ret < 0) { + return EINVAL; + } + + *pdest = talloc_strndup(mem_ctx, url, end-url); + if (*pdest == NULL) { + return ENOMEM; + } + *pproto = proto; + *pport = port; + return 0; + } + + ret = sscanf(url, "%m[^:/]:%d", &host, &port); + if (ret < 1) { + return EINVAL; + } + + *pdest = talloc_strdup(mem_ctx, host); + SAFE_FREE(host); + if (*pdest == NULL) { + return ENOMEM; + } + *pproto = proto; + *pport = port; + + return 0; } /* @@ -381,7 +440,9 @@ _PUBLIC_ struct composite_context *ldap_connect_send(struct ldap_connection *con { struct composite_context *result, *ctx; struct ldap_connect_state *state; - char protocol[11]; + enum ldap_proto proto; + char *dest = NULL; + uint16_t port; int ret; result = talloc_zero(conn, struct composite_context); @@ -402,30 +463,21 @@ _PUBLIC_ struct composite_context *ldap_connect_send(struct ldap_connection *con if (conn->reconnect.url == NULL) goto failed; } - /* Paranoia check */ - SMB_ASSERT(sizeof(protocol)>10); - - ret = sscanf(url, "%10[^:]://", protocol); - if (ret < 1) { - return NULL; + ret = ldap_parse_basic_url(url, &proto, conn, &dest, &port); + if (ret != 0) { + composite_error(result, map_nt_error_from_unix_common(ret)); + return result; } - if (strequal(protocol, "ldapi")) { + if (proto == LDAP_PROTO_LDAPI) { struct socket_address *unix_addr; - char path[1025]; - char *end = NULL; NTSTATUS status = socket_create(state, "unix", SOCKET_TYPE_STREAM, &state->sock, 0); if (!NT_STATUS_IS_OK(status)) { return NULL; } - SMB_ASSERT(sizeof(protocol)>10); - SMB_ASSERT(sizeof(path)>1024); - - /* LDAPI connections are to localhost, so give the - * local host name as the target for gensec's - * DIGEST-MD5 mechanism */ + conn->host = talloc_asprintf(conn, "%s.%s", lpcfg_netbios_name(conn->lp_ctx), lpcfg_dnsdomain(conn->lp_ctx)); @@ -433,22 +485,8 @@ _PUBLIC_ struct composite_context *ldap_connect_send(struct ldap_connection *con return result; } - /* The %c specifier doesn't null terminate :-( */ - ZERO_STRUCT(path); - ret = sscanf(url, "%10[^:]://%1025c", protocol, path); - if (ret < 2) { - composite_error(state->ctx, NT_STATUS_INVALID_PARAMETER); - return result; - } - - end = rfc1738_unescape(path); - if (end == NULL) { - composite_error(state->ctx, - NT_STATUS_INVALID_PARAMETER); - return result; - } unix_addr = socket_address_from_strings(state, state->sock->backend_name, - path, 0); + dest, 0); if (composite_nomem(unix_addr, result)) { return result; } @@ -458,13 +496,14 @@ _PUBLIC_ struct composite_context *ldap_connect_send(struct ldap_connection *con ctx->async.fn = ldap_connect_recv_unix_conn; ctx->async.private_data = state; return result; - } else { - NTSTATUS status = ldap_parse_basic_url(conn, url, &conn->host, - &conn->port, &conn->ldaps); - if (!NT_STATUS_IS_OK(status)) { - composite_error(result, status); - return result; - } + } + + if ((proto == LDAP_PROTO_LDAP) || (proto == LDAP_PROTO_LDAPS)) { + + conn->ldaps = (proto == LDAP_PROTO_LDAPS); + + conn->host = talloc_move(conn, &dest); + conn->port = port; if (conn->ldaps) { char *ca_file = lpcfg_tls_cafile(state, conn->lp_ctx); @@ -472,6 +511,7 @@ _PUBLIC_ struct composite_context *ldap_connect_send(struct ldap_connection *con const char *tls_priority = lpcfg_tls_priority(conn->lp_ctx); enum tls_verify_peer_state verify_peer = lpcfg_tls_verify_peer(conn->lp_ctx); + NTSTATUS status; status = tstream_tls_params_client(state, ca_file, @@ -941,7 +981,7 @@ static const struct { */ _PUBLIC_ NTSTATUS ldap_check_response(struct ldap_connection *conn, struct ldap_Result *r) { - int i; + size_t i; const char *codename = "unknown"; if (r->resultcode == LDAP_SUCCESS) { @@ -953,7 +993,7 @@ _PUBLIC_ NTSTATUS ldap_check_response(struct ldap_connection *conn, struct ldap_ } for (i=0;i<ARRAY_SIZE(ldap_code_map);i++) { - if (r->resultcode == ldap_code_map[i].code) { + if ((enum ldap_result_code)r->resultcode == ldap_code_map[i].code) { codename = ldap_code_map[i].str; break; } @@ -1021,7 +1061,7 @@ _PUBLIC_ NTSTATUS ldap_result_one(struct ldap_request *req, struct ldap_message if (!NT_STATUS_IS_OK(status)) { return status; } - if ((*msg) != NULL && (*msg)->type != type) { + if ((*msg) != NULL && (*msg)->type != (enum ldap_request_tag)type) { *msg = NULL; return NT_STATUS_UNEXPECTED_NETWORK_ERROR; } -- Samba Shared Repository