From 5d375297718d06f7c5544372001b8955b23d7ba2 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 20 Aug 2008 13:09:40 +1000 Subject: Remove last traces of the old 'subclass' feature (This used to be commit ed19d0abea5b206d186a51fa11dc0c04197e6ee2) --- source4/lib/ldb/include/ldb_private.h | 7 ------- 1 file changed, 7 deletions(-) (limited to 'source4/lib/ldb') diff --git a/source4/lib/ldb/include/ldb_private.h b/source4/lib/ldb/include/ldb_private.h index d7c2efe8a1..62a6e35999 100644 --- a/source4/lib/ldb/include/ldb_private.h +++ b/source4/lib/ldb/include/ldb_private.h @@ -91,13 +91,6 @@ struct ldb_schema { /* attribute handling table */ unsigned num_attributes; struct ldb_schema_attribute *attributes; - - /* objectclass information */ - unsigned num_classes; - struct ldb_subclass { - char *name; - char **subclasses; - } *classes; }; /* -- cgit From 4016cfcab7bfb3ffd48a7592fa16952688525493 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 21 Aug 2008 12:51:06 +1000 Subject: Don't allow a NULL syntax (This used to be commit 505a0c2b702b696b91dab683626bb25b14a49c38) --- source4/lib/ldb/common/ldb_attributes.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source4/lib/ldb') diff --git a/source4/lib/ldb/common/ldb_attributes.c b/source4/lib/ldb/common/ldb_attributes.c index 3b9d01682c..747f241781 100644 --- a/source4/lib/ldb/common/ldb_attributes.c +++ b/source4/lib/ldb/common/ldb_attributes.c @@ -51,6 +51,10 @@ int ldb_schema_attribute_add_with_syntax(struct ldb_context *ldb, int i, n; struct ldb_schema_attribute *a; + if (!syntax) { + return LDB_ERR_OPERATIONS_ERROR; + } + n = ldb->schema.num_attributes + 1; a = talloc_realloc(ldb, ldb->schema.attributes, -- cgit From 0d89adcd4bd2de35cbd4b6d5dc0675a4631c6132 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 21 Aug 2008 12:51:55 +1000 Subject: Correct anr search commants and error messages in ldap.js (This used to be commit 233dd885c2a2b4ee7cc2287efe7d6e03625d4981) --- source4/lib/ldb/tests/python/ldap.py | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'source4/lib/ldb') diff --git a/source4/lib/ldb/tests/python/ldap.py b/source4/lib/ldb/tests/python/ldap.py index 13d4adf6d4..11a824a549 100755 --- a/source4/lib/ldb/tests/python/ldap.py +++ b/source4/lib/ldb/tests/python/ldap.py @@ -331,15 +331,15 @@ servicePrincipalName: host/ldaptest2computer29 print "Testing Ambigious Name Resolution" # Testing ldb.search for (&(anr=ldap testy)(objectClass=user)) res = ldb.search(expression="(&(anr=ldap testy)(objectClass=user))") - self.assertEquals(len(res), 3, "Could not find (&(anr=ldap testy)(objectClass=user))") + self.assertEquals(len(res), 3, "Found only %d of 3 for (&(anr=ldap testy)(objectClass=user))" % len(res)) # Testing ldb.search for (&(anr=testy ldap)(objectClass=user)) res = ldb.search(expression="(&(anr=testy ldap)(objectClass=user))") - self.assertEquals(len(res), 2, "Found only %d for (&(anr=testy ldap)(objectClass=user))" % len(res)) + self.assertEquals(len(res), 2, "Found only %d of 2 for (&(anr=testy ldap)(objectClass=user))" % len(res)) # Testing ldb.search for (&(anr=ldap)(objectClass=user)) res = ldb.search(expression="(&(anr=ldap)(objectClass=user))") - self.assertEquals(len(res), 4, "Found only %d for (&(anr=ldap)(objectClass=user))" % len(res)) + self.assertEquals(len(res), 4, "Found only %d of 4 for (&(anr=ldap)(objectClass=user))" % len(res)) # Testing ldb.search for (&(anr==ldap)(objectClass=user)) res = ldb.search(expression="(&(anr==ldap)(objectClass=user))") @@ -353,13 +353,13 @@ servicePrincipalName: host/ldaptest2computer29 res = ldb.search(expression="(&(anr=testy)(objectClass=user))") self.assertEquals(len(res), 2, "Found only %d for (&(anr=testy)(objectClass=user))" % len(res)) - # Testing ldb.search for (&(anr=ldap testy)(objectClass=user)) + # Testing ldb.search for (&(anr=testy ldap)(objectClass=user)) res = ldb.search(expression="(&(anr=testy ldap)(objectClass=user))") - self.assertEquals(len(res), 2, "Found only %d for (&(anr=ldap testy)(objectClass=user))" % len(res)) + self.assertEquals(len(res), 2, "Found only %d for (&(anr=testy ldap)(objectClass=user))" % len(res)) - # Testing ldb.search for (&(anr==ldap testy)(objectClass=user)) + # Testing ldb.search for (&(anr==testy ldap)(objectClass=user)) res = ldb.search(expression="(&(anr==testy ldap)(objectClass=user))") - self.assertEquals(len(res), 1, "Found only %d for (&(anr==ldap testy)(objectClass=user))" % len(res)) + self.assertEquals(len(res), 1, "Found only %d for (&(anr==testy ldap)(objectClass=user))" % len(res)) self.assertEquals(str(res[0].dn), ("CN=ldaptestuser,CN=Users," + self.base_dn)) self.assertEquals(res[0]["cn"][0], "ldaptestuser") -- cgit From 64293ca4afb6aa252d9e49bbcb8450a3dff04c37 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 21 Aug 2008 12:56:34 +1000 Subject: All these syntaxes are now handled by the schema. (This used to be commit 94d5e69190f34d66d4defd4a7de7ce24bee77bc3) --- source4/lib/ldb/modules/operational.c | 6 ------ 1 file changed, 6 deletions(-) (limited to 'source4/lib/ldb') diff --git a/source4/lib/ldb/modules/operational.c b/source4/lib/ldb/modules/operational.c index 7dc4ae08c3..a59e81becd 100644 --- a/source4/lib/ldb/modules/operational.c +++ b/source4/lib/ldb/modules/operational.c @@ -291,12 +291,6 @@ static int operational_init(struct ldb_module *ctx) { int ret = 0; - /* setup some standard attribute handlers */ - ret |= ldb_schema_attribute_add(ctx->ldb, "whenCreated", 0, LDB_SYNTAX_UTC_TIME); - ret |= ldb_schema_attribute_add(ctx->ldb, "whenChanged", 0, LDB_SYNTAX_UTC_TIME); - ret |= ldb_schema_attribute_add(ctx->ldb, "subschemaSubentry", 0, LDB_SYNTAX_DN); - ret |= ldb_schema_attribute_add(ctx->ldb, "structuralObjectClass", 0, LDB_SYNTAX_OBJECTCLASS); - if (ret != 0) { return ret; } -- cgit From 4ad97a1d0593b3401a352407009a99ead23f21f2 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 21 Aug 2008 19:24:58 +1000 Subject: Don't walk past the end of ldb values. This is a partial fix towards bugs due to us walking past the end of what we think are strings in ldb. There is much more work to do in this area. Andrew Bartlett (This used to be commit 5805a9a8f35fd90fa4f718f73534817fa3bbdfd2) --- source4/lib/ldb/common/ldb_dn.c | 23 ++++++++++++++++------- source4/lib/ldb/common/ldb_msg.c | 6 +++--- source4/lib/ldb/include/ldb.h | 1 + 3 files changed, 20 insertions(+), 10 deletions(-) (limited to 'source4/lib/ldb') diff --git a/source4/lib/ldb/common/ldb_dn.c b/source4/lib/ldb/common/ldb_dn.c index 08911344b7..c0d36cfbf3 100644 --- a/source4/lib/ldb/common/ldb_dn.c +++ b/source4/lib/ldb/common/ldb_dn.c @@ -71,7 +71,7 @@ struct ldb_dn { }; /* strdn may be NULL */ -struct ldb_dn *ldb_dn_new(void *mem_ctx, struct ldb_context *ldb, const char *strdn) +struct ldb_dn *ldb_dn_from_ldb_val(void *mem_ctx, struct ldb_context *ldb, const struct ldb_val *strdn) { struct ldb_dn *dn; @@ -82,27 +82,27 @@ struct ldb_dn *ldb_dn_new(void *mem_ctx, struct ldb_context *ldb, const char *st dn->ldb = ldb; - if (strdn) { - if (strdn[0] == '@') { + if (strdn->data && strdn->length) { + if (strdn->data[0] == '@') { dn->special = true; } - if (strncasecmp(strdn, "length >= 6 && strncasecmp((const char *)strdn->data, "special = true; /* FIXME: add a GUID string to ldb_dn structure */ - } else if (strncasecmp(strdn, "length >= 8 && strncasecmp((const char *)strdn->data, "special = true; /* FIXME: add a SID string to ldb_dn structure */ - } else if (strncasecmp(strdn, "length >= 8 && strncasecmp((const char *)strdn->data, "special = true; /* FIXME: add a WKGUID string to ldb_dn structure */ } - dn->linearized = talloc_strdup(dn, strdn); + dn->linearized = talloc_strndup(dn, (const char *)strdn->data, strdn->length); } else { dn->linearized = talloc_strdup(dn, ""); } @@ -115,6 +115,15 @@ failed: return NULL; } +/* strdn may be NULL */ +struct ldb_dn *ldb_dn_new(void *mem_ctx, struct ldb_context *ldb, const char *strdn) +{ + struct ldb_val blob; + blob.data = strdn; + blob.length = strdn ? strlen(strdn) : 0; + return ldb_dn_from_ldb_val(mem_ctx, ldb, &blob); +} + struct ldb_dn *ldb_dn_new_fmt(void *mem_ctx, struct ldb_context *ldb, const char *new_fmt, ...) { struct ldb_dn *dn; diff --git a/source4/lib/ldb/common/ldb_msg.c b/source4/lib/ldb/common/ldb_msg.c index c1ea9db56b..2f5fe1d18c 100644 --- a/source4/lib/ldb/common/ldb_msg.c +++ b/source4/lib/ldb/common/ldb_msg.c @@ -389,10 +389,10 @@ int ldb_msg_find_attr_as_bool(const struct ldb_message *msg, if (!v || !v->data) { return default_value; } - if (strcasecmp((const char *)v->data, "FALSE") == 0) { + if (v->length == 5 && strncasecmp((const char *)v->data, "FALSE", 5) == 0) { return 0; } - if (strcasecmp((const char *)v->data, "TRUE") == 0) { + if (v->length == 4 && strncasecmp((const char *)v->data, "TRUE", 4) == 0) { return 1; } return default_value; @@ -421,7 +421,7 @@ struct ldb_dn *ldb_msg_find_attr_as_dn(struct ldb_context *ldb, if (!v || !v->data) { return NULL; } - res_dn = ldb_dn_new(mem_ctx, ldb, (const char *)v->data); + res_dn = ldb_dn_from_ldb_val(mem_ctx, ldb, v); if ( ! ldb_dn_validate(res_dn)) { talloc_free(res_dn); return NULL; diff --git a/source4/lib/ldb/include/ldb.h b/source4/lib/ldb/include/ldb.h index 7ce6103422..5dbf99e5bf 100644 --- a/source4/lib/ldb/include/ldb.h +++ b/source4/lib/ldb/include/ldb.h @@ -1381,6 +1381,7 @@ int ldb_base64_decode(char *s); struct ldb_dn *ldb_dn_new(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, const char *dn); struct ldb_dn *ldb_dn_new_fmt(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, const char *new_fmt, ...) PRINTF_ATTRIBUTE(3,4); +struct ldb_dn *ldb_dn_from_ldb_val(void *mem_ctx, struct ldb_context *ldb, const struct ldb_val *strdn); bool ldb_dn_validate(struct ldb_dn *dn); char *ldb_dn_escape_value(TALLOC_CTX *mem_ctx, struct ldb_val value); -- cgit From cc43037f19056ed24d7fffa54456d597c63ad105 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 22 Aug 2008 17:36:56 +1000 Subject: fixed a problem with length limited ldap values The core ldb code for string matching assumed NULL terminated strings, whereas the anr module used data_blob_const() to effectively truncate a ldb_val by changing its length. The ldb code is supposed to be based around length limited blobs, not NULL terminated strings, so the correct fix was to change the string comparison functions to be length limited (This used to be commit 26c6aa5a80ffaf06fc33f30a6533f8f16ef538bc) --- source4/lib/ldb/common/attrib_handlers.c | 27 +++++++++++++++++---------- source4/lib/ldb/common/ldb_utf8.c | 12 ++++++------ source4/lib/ldb/include/ldb.h | 8 ++++---- source4/lib/ldb/include/ldb_private.h | 2 +- source4/lib/ldb/tools/ldbtest.c | 2 +- 5 files changed, 29 insertions(+), 22 deletions(-) (limited to 'source4/lib/ldb') diff --git a/source4/lib/ldb/common/attrib_handlers.c b/source4/lib/ldb/common/attrib_handlers.c index 8ed2763d4d..fb57e2dadc 100644 --- a/source4/lib/ldb/common/attrib_handlers.c +++ b/source4/lib/ldb/common/attrib_handlers.c @@ -55,11 +55,12 @@ int ldb_handler_fold(struct ldb_context *ldb, void *mem_ctx, { char *s, *t; int l; + if (!in || !out || !(in->data)) { return -1; } - out->data = (uint8_t *)ldb_casefold(ldb, mem_ctx, (const char *)(in->data)); + out->data = (uint8_t *)ldb_casefold(ldb, mem_ctx, (const char *)(in->data), in->length); if (out->data == NULL) { ldb_debug(ldb, LDB_DEBUG_ERROR, "ldb_handler_fold: unable to casefold string [%s]", in->data); return -1; @@ -153,13 +154,14 @@ int ldb_comparison_fold(struct ldb_context *ldb, void *mem_ctx, const struct ldb_val *v1, const struct ldb_val *v2) { const char *s1=(const char *)v1->data, *s2=(const char *)v2->data; + size_t n1 = v1->length, n2 = v2->length; const char *u1, *u2; char *b1, *b2; int ret; - while (*s1 == ' ') s1++; - while (*s2 == ' ') s2++; + while (*s1 == ' ' && n1) { s1++; n1--; }; + while (*s2 == ' ' && n2) { s2++; n2--; }; /* TODO: make utf8 safe, possibly with helper function from application */ - while (*s1 && *s2) { + while (*s1 && *s2 && n1 && n2) { /* the first 127 (0x7F) chars are ascii and utf8 guarantes they * never appear in multibyte sequences */ if (((unsigned char)s1[0]) & 0x80) goto utf8str; @@ -167,10 +169,11 @@ int ldb_comparison_fold(struct ldb_context *ldb, void *mem_ctx, if (toupper((unsigned char)*s1) != toupper((unsigned char)*s2)) break; if (*s1 == ' ') { - while (s1[0] == s1[1]) s1++; - while (s2[0] == s2[1]) s2++; + while (s1[0] == s1[1] && n1) { s1++; n1--; } + while (s2[0] == s2[1] && n2) { s2++; n2--; } } s1++; s2++; + n1--; n2--; } if (! (*s1 && *s2)) { /* check for trailing spaces only if one of the pointers @@ -178,15 +181,18 @@ int ldb_comparison_fold(struct ldb_context *ldb, void *mem_ctx, * can mistakenly match. * ex. "domain users" <-> "domainUpdates" */ - while (*s1 == ' ') s1++; - while (*s2 == ' ') s2++; + while (*s1 == ' ') { s1++; n1--; } + while (*s2 == ' ') { s2++; n2--; } + } + if (n1 != n2) { + return n1 - n2; } return (int)(toupper(*s1)) - (int)(toupper(*s2)); utf8str: /* no need to recheck from the start, just from the first utf8 char found */ - b1 = ldb_casefold(ldb, mem_ctx, s1); - b2 = ldb_casefold(ldb, mem_ctx, s2); + b1 = ldb_casefold(ldb, mem_ctx, s1, n1); + b2 = ldb_casefold(ldb, mem_ctx, s2, n2); if (b1 && b2) { /* Both strings converted correctly */ @@ -221,6 +227,7 @@ utf8str: return ret; } + /* canonicalise a attribute in DN format */ diff --git a/source4/lib/ldb/common/ldb_utf8.c b/source4/lib/ldb/common/ldb_utf8.c index b7b4a60122..69ee2b6964 100644 --- a/source4/lib/ldb/common/ldb_utf8.c +++ b/source4/lib/ldb/common/ldb_utf8.c @@ -40,8 +40,8 @@ function to handle utf8 caseless comparisons */ void ldb_set_utf8_fns(struct ldb_context *ldb, - void *context, - char *(*casefold)(void *, void *, const char *)) + void *context, + char *(*casefold)(void *, void *, const char *, size_t)) { if (context) ldb->utf8_fns.context = context; @@ -53,10 +53,10 @@ void ldb_set_utf8_fns(struct ldb_context *ldb, a simple case folding function NOTE: does not handle UTF8 */ -char *ldb_casefold_default(void *context, void *mem_ctx, const char *s) +char *ldb_casefold_default(void *context, void *mem_ctx, const char *s, size_t n) { int i; - char *ret = talloc_strdup(mem_ctx, s); + char *ret = talloc_strndup(mem_ctx, s, n); if (!s) { errno = ENOMEM; return NULL; @@ -72,9 +72,9 @@ void ldb_set_utf8_default(struct ldb_context *ldb) ldb_set_utf8_fns(ldb, NULL, ldb_casefold_default); } -char *ldb_casefold(struct ldb_context *ldb, void *mem_ctx, const char *s) +char *ldb_casefold(struct ldb_context *ldb, void *mem_ctx, const char *s, size_t n) { - return ldb->utf8_fns.casefold(ldb->utf8_fns.context, mem_ctx, s); + return ldb->utf8_fns.casefold(ldb->utf8_fns.context, mem_ctx, s, n); } /* diff --git a/source4/lib/ldb/include/ldb.h b/source4/lib/ldb/include/ldb.h index 5dbf99e5bf..937029f52c 100644 --- a/source4/lib/ldb/include/ldb.h +++ b/source4/lib/ldb/include/ldb.h @@ -203,7 +203,7 @@ struct ldb_debug_ops { */ struct ldb_utf8_fns { void *context; - char *(*casefold)(void *context, TALLOC_CTX *mem_ctx, const char *s); + char *(*casefold)(void *context, TALLOC_CTX *mem_ctx, const char *s, size_t n); }; /** @@ -1216,7 +1216,7 @@ void ldb_set_utf8_default(struct ldb_context *ldb); \note The default function is not yet UTF8 aware. Provide your own set of functions through ldb_set_utf8_fns() */ -char *ldb_casefold(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, const char *s); +char *ldb_casefold(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, const char *s, size_t n); /** Check the attribute name is valid according to rfc2251 @@ -1603,8 +1603,8 @@ int ldb_set_debug(struct ldb_context *ldb, this allows the user to set custom utf8 function for error reporting */ void ldb_set_utf8_fns(struct ldb_context *ldb, - void *context, - char *(*casefold)(void *, void *, const char *)); + void *context, + char *(*casefold)(void *, void *, const char *, size_t n)); /** this sets up debug to print messages on stderr diff --git a/source4/lib/ldb/include/ldb_private.h b/source4/lib/ldb/include/ldb_private.h index 62a6e35999..e1026ab781 100644 --- a/source4/lib/ldb/include/ldb_private.h +++ b/source4/lib/ldb/include/ldb_private.h @@ -235,7 +235,7 @@ int save_controls(struct ldb_control *exclude, struct ldb_request *req, struct l int check_critical_controls(struct ldb_control **controls); /* The following definitions come from lib/ldb/common/ldb_utf8.c */ -char *ldb_casefold_default(void *context, void *mem_ctx, const char *s); +char *ldb_casefold_default(void *context, void *mem_ctx, const char *s, size_t n); void ldb_msg_remove_element(struct ldb_message *msg, struct ldb_message_element *el); diff --git a/source4/lib/ldb/tools/ldbtest.c b/source4/lib/ldb/tools/ldbtest.c index 6d141478ad..169ff02da1 100644 --- a/source4/lib/ldb/tools/ldbtest.c +++ b/source4/lib/ldb/tools/ldbtest.c @@ -93,7 +93,7 @@ static void add_records(struct ldb_context *ldb, el[2].name = talloc_strdup(tmp_ctx, "uid"); el[2].num_values = 1; el[2].values = vals[2]; - vals[2][0].data = (uint8_t *)ldb_casefold(ldb, tmp_ctx, name); + vals[2][0].data = (uint8_t *)ldb_casefold(ldb, tmp_ctx, name, strlen(name)); vals[2][0].length = strlen((char *)vals[2][0].data); el[3].flags = 0; -- cgit