From 12c9af78179b71721e30b03ae9fc0edd7cda940b Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Sun, 25 Oct 2009 22:02:31 +1100
Subject: s4-ldb: allow for unescaped '=' in a index DN

The ldb_dn_explode code normally enforces all special characters,
including a '=', must be escaped. Unfortunately this conflicts with
the ltdb index DNs, which for binary attributes may be base64
encoded. This allows a unescaped '=' as a special case for index DNs.
---
 source4/lib/ldb/common/ldb_dn.c     | 13 +++++++++++++
 source4/lib/ldb/ldb_tdb/ldb_index.c |  4 ----
 2 files changed, 13 insertions(+), 4 deletions(-)

(limited to 'source4/lib/ldb')

diff --git a/source4/lib/ldb/common/ldb_dn.c b/source4/lib/ldb/common/ldb_dn.c
index 2ba17b2a6b..639e8b2837 100644
--- a/source4/lib/ldb/common/ldb_dn.c
+++ b/source4/lib/ldb/common/ldb_dn.c
@@ -439,6 +439,7 @@ static bool ldb_dn_explode(struct ldb_dn *dn)
 	unsigned x;
 	int l, ret;
 	char *parse_dn;
+	bool is_index;
 
 	if ( ! dn || dn->invalid) return false;
 
@@ -456,6 +457,7 @@ static bool ldb_dn_explode(struct ldb_dn *dn)
 		return false;
 	}
 
+	is_index = (strncmp(parse_dn, "DN=@INDEX:", 10) == 0);
 
 	if (strncmp(parse_dn, "B:", 2) == 0) {
 		parse_dn = strchr(parse_dn, ':');
@@ -765,6 +767,17 @@ static bool ldb_dn_explode(struct ldb_dn *dn)
 				continue;
 
 			case '=':
+				/* to main compatibility with earlier
+				versions of ldb indexing, we have to
+				accept the base64 encoded binary index
+				values, which contain a '=' */
+				if (is_index) {
+					if ( t ) t = NULL;
+					*d++ = *p++;
+					l++;
+					break;
+				}
+				/* fall through */
 			case '\n':
 			case '+':
 			case '<':
diff --git a/source4/lib/ldb/ldb_tdb/ldb_index.c b/source4/lib/ldb/ldb_tdb/ldb_index.c
index 252154ffd9..5002de527b 100644
--- a/source4/lib/ldb/ldb_tdb/ldb_index.c
+++ b/source4/lib/ldb/ldb_tdb/ldb_index.c
@@ -401,10 +401,6 @@ static struct ldb_dn *ltdb_index_key(struct ldb_context *ldb,
 	if (ldb_should_b64_encode(ldb, &v)) {
 		char *vstr = ldb_base64_encode(ldb, (char *)v.data, v.length);
 		if (!vstr) return NULL;
-		/* remove trailing '=' to make it a valid DN */
-		if (vstr[strlen(vstr)-1] == '=') {
-			vstr[strlen(vstr)-1] = 0;
-		}
 		ret = ldb_dn_new_fmt(ldb, ldb, "%s:%s::%s", LTDB_INDEX, attr_folded, vstr);
 		talloc_free(vstr);
 	} else {
-- 
cgit