[SCM] Samba Shared Repository - branch master updated

Andrew Tridgell tridge at samba.org
Fri Nov 13 01:33:05 MST 2009 

The branch, master has been updated
       via  c8884e1... s4-ldb: changed the DN checks for \n to warnings
       via  dbae29d... s4-ldb: make DN escaping/unescaping consistent
      from  f9ad5cd... s3: Convert cli_unix_extensions_version to async

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit c8884e1cf2f9fe08b464c34c25ce682ff3450b34
Author: Andrew Tridgell <tridge at samba.org>
Date:   Fri Nov 13 19:31:40 2009 +1100

    s4-ldb: changed the DN checks for \n to warnings
    
    a \n is sometimes allowed in AD (eg in deleted DNs). Until we know
    when is really is allowed, treat it as a warning only.

commit dbae29de1c146d1c6d2e1e0a2a82593f85c8ba0d
Author: Andrew Tridgell <tridge at samba.org>
Date:   Fri Nov 13 17:48:35 2009 +1100

    s4-ldb: make DN escaping/unescaping consistent
    
    The DN escape function was using the form \c where c is any
    character. The unescape function was using \XX where XX is a 2 digit
    hex number. The asymmetry led to quite a few problems when we start to
    deal with DNs containing escape chars, such as CN=foo\0ADEL:XXX. The
    result was a DN that was not accessible.
    
    This patch changes the escaping to follow RFC2253 much more
    closely. We accept either type of escape, and produce the two types of
    escape, depending on the character being escaped

-----------------------------------------------------------------------

Summary of changes:
 source4/dsdb/common/tests/dsdb_dn.c |    9 +++-
 source4/lib/ldb/common/ldb_dn.c     |   74 +++++++++++++++++++++++++---------
 source4/torture/ldb/ldb.c           |    8 ++-
 3 files changed, 65 insertions(+), 26 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/dsdb/common/tests/dsdb_dn.c b/source4/dsdb/common/tests/dsdb_dn.c
index 8f1aeca..183bce2 100644
--- a/source4/dsdb/common/tests/dsdb_dn.c
+++ b/source4/dsdb/common/tests/dsdb_dn.c
@@ -317,9 +317,12 @@ static bool torture_dsdb_dn_invalid(struct torture_context *torture)
 
 	/* Check DN based on MS-ADTS:3.1.1.5.1.2 Naming Constraints*/
 	val = data_blob_string_const("CN=New\nLine,DC=SAMBA,DC=org");
-	torture_assert(torture,
-		       dsdb_dn_parse(mem_ctx, ldb, &val, LDB_SYNTAX_DN) == NULL,
-		       "Should have Failed to create a DN with 0xA in it");
+
+	/* changed to a warning until we understand the DEL: DNs */
+	if (dsdb_dn_parse(mem_ctx, ldb, &val, LDB_SYNTAX_DN) != NULL) {
+		torture_warning(torture,
+				"Should have Failed to create a DN with 0xA in it");
+	}
 
 	val = data_blob_string_const("B:4:ABAB:CN=New\nLine,DC=SAMBA,DC=org");
 	torture_assert(torture,
diff --git a/source4/lib/ldb/common/ldb_dn.c b/source4/lib/ldb/common/ldb_dn.c
index 9ac6549..3721fa7 100644
--- a/source4/lib/ldb/common/ldb_dn.c
+++ b/source4/lib/ldb/common/ldb_dn.c
@@ -180,6 +180,7 @@ struct ldb_dn *ldb_dn_new_fmt(void *mem_ctx,
 	return NULL;
 }
 
+/* see RFC2253 section 2.4 */
 static int ldb_dn_escape_internal(char *dst, const char *src, int len)
 {
 	const char *p, *s;
@@ -190,8 +191,7 @@ static int ldb_dn_escape_internal(char *dst, const char *src, int len)
 	d = dst;
 
 	while (p - src < len) {
-
-		p += strcspn(p, ",=\n+<>#;\\\"");
+		p += strcspn(p, ",=\n\r+<>#;\\\" ");
 
 		if (p - src == len) /* found no escapable chars */
 			break;
@@ -199,14 +199,46 @@ static int ldb_dn_escape_internal(char *dst, const char *src, int len)
 		/* copy the part of the string before the stop */
 		memcpy(d, s, p - s);
 		d += (p - s); /* move to current position */
+		
+		switch (*p) {
+		case ' ':
+			if (p == src || (p-src)==(len-1)) {
+				/* if at the beginning or end
+				 * of the string then escape */
+				*d++ = '\\';
+				*d++ = *p++;					 
+			} else {
+				/* otherwise don't escape */
+				*d++ = *p++;
+			}
+			break;
 
-		if (*p) { /* it is a normal escapable character */
+		case '#':
+			/* despite the RFC, windows escapes a #
+			   anywhere in the string */
+		case ',':
+		case '+':
+		case '"':
+		case '\\':
+		case '<':
+		case '>':
+		case '?':
+			/* these must be escaped using \c form */
 			*d++ = '\\';
 			*d++ = *p++;
-		} else { /* we have a zero byte in the string */
-			strncpy(d, "\00", 3); /* escape the zero */
-			d += 3;
-			p++; /* skip the zero */
+			break;
+
+		default: {
+			/* any others get \XX form */
+			unsigned char v;
+			const char *hexbytes = "0123456789ABCDEF";
+			v = *(unsigned char *)p;
+			*d++ = '\\';
+			*d++ = hexbytes[v>>4];
+			*d++ = hexbytes[v&0xF];
+			p++;
+			break;
+		}
 		}
 		s = p; /* move forward */
 	}
@@ -582,12 +614,13 @@ static bool ldb_dn_explode(struct ldb_dn *dn)
 
 				continue;
 
-			case '=':
 			case '+':
+			case '=':
 				/* to main compatibility with earlier
 				versions of ldb indexing, we have to
 				accept the base64 encoded binary index
-				values, which contain a '=' */
+				values, which contain a '+' or '='
+				which should normally be escaped */
 				if (is_index) {
 					if ( t ) t = NULL;
 					*d++ = *p++;
@@ -595,12 +628,10 @@ static bool ldb_dn_explode(struct ldb_dn *dn)
 					break;
 				}
 				/* fall through */
-			case '\n':
+			case '\"':
 			case '<':
 			case '>':
-			case '#':
 			case ';':
-			case '\"':
 				/* a string with not escaped specials is invalid (tested) */
 				if ( ! escape) {
 					ldb_dn_mark_invalid(dn);
@@ -630,17 +661,20 @@ static bool ldb_dn_explode(struct ldb_dn *dn)
 
 			default:
 				if (escape) {
-	 				if (sscanf(p, "%02x", &x) != 1) {
-						/* invalid escaping sequence */
-						ldb_dn_mark_invalid(dn);
-						goto failed;
+					if (isxdigit(p[0]) && isxdigit(p[1])) {
+						if (sscanf(p, "%02x", &x) != 1) {
+							/* invalid escaping sequence */
+							ldb_dn_mark_invalid(dn);
+							goto failed;
+						}
+						p += 2;
+						*d++ = (unsigned char)x;
+					} else {
+						*d++ = *p++;
 					}
-					escape = false;
 
-					p += 2;
-					*d++ = (unsigned char)x;
+					escape = false;
 					l++;
-
 					if ( t ) t = NULL;
 					break;
 				}
diff --git a/source4/torture/ldb/ldb.c b/source4/torture/ldb/ldb.c
index f986372..dbfd96c 100644
--- a/source4/torture/ldb/ldb.c
+++ b/source4/torture/ldb/ldb.c
@@ -661,9 +661,11 @@ static bool torture_ldb_dn(struct torture_context *torture)
 		       dn = ldb_dn_new(mem_ctx, ldb, "CN=New\nLine,DC=SAMBA,DC=org"),
 		       "Failed to create a DN with 0xA in it");
 
-	torture_assert(torture,
-		       ldb_dn_validate(dn) == false,
-		       "should have failed to validate a DN with 0xA in it");
+	/* this is a warning until we work out how the DEL: CNs work */
+	if (ldb_dn_validate(dn) != false) {
+		torture_warning(torture,
+				"should have failed to validate a DN with 0xA in it");
+	}
 
 	val = data_blob_const("CN=Zer\0,DC=SAMBA,DC=org", 23);
 	torture_assert(torture,


-- 
Samba Shared Repository

More information about the samba-cvs mailing list