summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2005-06-18 12:45:28 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:18:26 -0500
commit2a0a0f2551b03e4792cab37455b094d21819dc87 (patch)
treed6432274387b6eb809d2c8a1085307b24f4a510f /source4
parent91a79f2b24b62d9b78ecb52ff593672acc6f971a (diff)
downloadsamba-2a0a0f2551b03e4792cab37455b094d21819dc87.tar.gz
samba-2a0a0f2551b03e4792cab37455b094d21819dc87.tar.bz2
samba-2a0a0f2551b03e4792cab37455b094d21819dc87.zip
r7723: - fix a mismatched asn1 push/pop on bind
- add error checking to ldap_encode() - fixed the asn1 codes for extended search - use asn1 context macros (This used to be commit 25d500b6e559b9a530ae65a21046cfde0f8c41af)
Diffstat (limited to 'source4')
-rw-r--r--source4/libcli/ldap/ldap.c55
1 files changed, 26 insertions, 29 deletions
diff --git a/source4/libcli/ldap/ldap.c b/source4/libcli/ldap/ldap.c
index 83858b1768..81e659d3e8 100644
--- a/source4/libcli/ldap/ldap.c
+++ b/source4/libcli/ldap/ldap.c
@@ -38,7 +38,7 @@ static BOOL ldap_push_filter(struct asn1_data *data, struct ldb_parse_tree *tree
if ((tree->u.simple.value.length == 1) &&
(((char *)(tree->u.simple.value.data))[0] == '*')) {
/* Just a presence test */
- asn1_push_tag(data, 0x87);
+ asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(7));
asn1_write(data, tree->u.simple.attr,
strlen(tree->u.simple.attr));
asn1_pop_tag(data);
@@ -46,7 +46,7 @@ static BOOL ldap_push_filter(struct asn1_data *data, struct ldb_parse_tree *tree
}
/* equality test */
- asn1_push_tag(data, 0xa3);
+ asn1_push_tag(data, ASN1_CONTEXT(3));
asn1_write_OctetString(data, tree->u.simple.attr,
strlen(tree->u.simple.attr));
asn1_write_OctetString(data, tree->u.simple.value.data,
@@ -63,37 +63,34 @@ static BOOL ldap_push_filter(struct asn1_data *data, struct ldb_parse_tree *tree
dnAttributes [4] BOOLEAN DEFAULT FALSE
}
*/
- asn1_push_tag(data, 0xa9);
+ asn1_push_tag(data, ASN1_CONTEXT(9));
if (tree->u.extended.rule_id) {
- asn1_push_tag(data, 1);
- asn1_write_OctetString(data, tree->u.extended.rule_id,
- strlen(tree->u.extended.rule_id));
+ asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(1));
+ asn1_write_LDAPString(data, tree->u.extended.rule_id);
asn1_pop_tag(data);
}
if (tree->u.extended.attr) {
- asn1_push_tag(data, 2);
- asn1_write_OctetString(data, tree->u.extended.attr,
- strlen(tree->u.extended.attr));
+ asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(2));
+ asn1_write_LDAPString(data, tree->u.extended.attr);
asn1_pop_tag(data);
}
- asn1_push_tag(data, 3);
- asn1_write_OctetString(data, tree->u.extended.value.data,
- tree->u.extended.value.length);
+ asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(3));
+ asn1_write_LDAPString(data, tree->u.extended.value.data);
+ asn1_pop_tag(data);
+ asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(4));
+ asn1_write_uint8(data, tree->u.extended.dnAttributes);
asn1_pop_tag(data);
- if (tree->u.extended.dnAttributes) {
- asn1_push_tag(data, 4);
- asn1_write_BOOLEAN(data, True);
- asn1_pop_tag(data);
- }
asn1_pop_tag(data);
break;
case LDB_OP_AND:
case LDB_OP_OR:
- asn1_push_tag(data, 0xa0 | (tree->operation==LDB_OP_AND?0:1));
+ asn1_push_tag(data, ASN1_CONTEXT(tree->operation==LDB_OP_AND?0:1));
for (i=0; i<tree->u.list.num_elements; i++) {
- ldap_push_filter(data, tree->u.list.elements[i]);
+ if (!ldap_push_filter(data, tree->u.list.elements[i])) {
+ return False;
+ }
}
asn1_pop_tag(data);
break;
@@ -162,7 +159,6 @@ BOOL ldap_encode(struct ldap_message *msg, DATA_BLOB *result)
}
asn1_pop_tag(&data);
- asn1_pop_tag(&data);
break;
}
case LDAP_TAG_BindResponse: {
@@ -187,7 +183,9 @@ BOOL ldap_encode(struct ldap_message *msg, DATA_BLOB *result)
asn1_write_Integer(&data, r->timelimit);
asn1_write_BOOLEAN(&data, r->attributesonly);
- ldap_push_filter(&data, r->tree);
+ if (!ldap_push_filter(&data, r->tree)) {
+ return False;
+ }
asn1_push_tag(&data, ASN1_SEQUENCE(0));
for (i=0; i<r->num_attributes; i++) {
@@ -389,6 +387,12 @@ BOOL ldap_encode(struct ldap_message *msg, DATA_BLOB *result)
}
asn1_pop_tag(&data);
+
+ if (data.has_error) {
+ asn1_free(&data);
+ return False;
+ }
+
*result = data_blob(data.data, data.length);
asn1_free(&data);
return True;
@@ -438,16 +442,14 @@ static void ldap_decode_response(TALLOC_CTX *mem_ctx,
static struct ldb_parse_tree *ldap_decode_filter_tree(TALLOC_CTX *mem_ctx,
struct asn1_data *data)
{
- uint8_t filter_tag, tag_desc;
+ uint8_t filter_tag;
struct ldb_parse_tree *ret;
if (!asn1_peek_uint8(data, &filter_tag)) {
return NULL;
}
- tag_desc = filter_tag;
filter_tag &= 0x1f; /* strip off the asn1 stuff */
- tag_desc &= 0xe0;
ret = talloc(mem_ctx, struct ldb_parse_tree);
if (ret == NULL) return NULL;
@@ -460,11 +462,6 @@ static struct ldb_parse_tree *ldap_decode_filter_tree(TALLOC_CTX *mem_ctx,
ret->u.list.num_elements = 0;
ret->u.list.elements = NULL;
- if (tag_desc != 0xa0) {
- /* context compount */
- goto failed;
- }
-
if (!asn1_start_tag(data, ASN1_CONTEXT(filter_tag))) {
goto failed;
}