[SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-616-gb850d7f

Anatoliy Atanasov anatoliy at samba.org
Mon Sep 21 18:20:30 MDT 2009


The branch, master has been updated
       via  b850d7fb08b97fff8ce5ec2cbff2256aa390e440 (commit)
       via  6033ce24038dfa467e7bf56b04dc6b45f6bff815 (commit)
      from  bc53052d38092d32f08fb794d7ea90f89367c229 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit b850d7fb08b97fff8ce5ec2cbff2256aa390e440
Author: Anatoliy Atanasov <anatoliy.atanasov at postpath.com>
Date:   Mon Sep 21 17:14:06 2009 -0700

    Add support in the ldb_dn.c code for MS-ADTS:3.1.1.5.1.2 Naming Constraints

commit 6033ce24038dfa467e7bf56b04dc6b45f6bff815
Author: Anatoliy Atanasov <anatoliy.atanasov at postpath.com>
Date:   Mon Sep 21 17:01:20 2009 -0700

    Add tests for MS-ADTS:3.1.1.5.1.2 Naming Constraints

-----------------------------------------------------------------------

Summary of changes:
 source4/lib/ldb/common/ldb_dn.c |   13 +++++++++++++
 source4/torture/ldb/ldb.c       |   29 +++++++++++++++++++++++++++++
 2 files changed, 42 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/lib/ldb/common/ldb_dn.c b/source4/lib/ldb/common/ldb_dn.c
index d905f47..af00ef9 100644
--- a/source4/lib/ldb/common/ldb_dn.c
+++ b/source4/lib/ldb/common/ldb_dn.c
@@ -103,6 +103,11 @@ struct ldb_dn *ldb_dn_from_ldb_val(void *mem_ctx,
 		dn->ext_linearized = talloc_strndup(dn, data, length);
 		LDB_DN_NULL_FAILED(dn->ext_linearized);
 
+		if (strlen(data) != length) {
+			/* The RDN must not contain a character with value 0x0 */
+			return NULL;
+		}
+
 		if (data[0] == '<') {
 			const char *p_save, *p = dn->ext_linearized;
 			do {
@@ -231,6 +236,9 @@ char *ldb_dn_escape_value(void *mem_ctx, struct ldb_val value)
 /*
   explode a DN string into a ldb_dn structure
   based on RFC4514 except that we don't support multiple valued RDNs
+
+  TODO: according to MS-ADTS:3.1.1.5.2 Naming Constraints
+  DN must be compliant with RFC2253
 */
 static bool ldb_dn_explode(struct ldb_dn *dn)
 {
@@ -264,6 +272,11 @@ static bool ldb_dn_explode(struct ldb_dn *dn)
 		return false;
 	}
 
+	/* The RDN size must be less than 255 characters */
+	if (strlen(parse_dn) > 255) {
+		return false;
+	}
+
 	/* Empty DNs */
 	if (parse_dn[0] == '\0') {
 		return true;
diff --git a/source4/torture/ldb/ldb.c b/source4/torture/ldb/ldb.c
index d9036dd..64ed669 100644
--- a/source4/torture/ldb/ldb.c
+++ b/source4/torture/ldb/ldb.c
@@ -587,6 +587,7 @@ static bool torture_ldb_dn(struct torture_context *torture)
 	struct ldb_dn *dn;
 	struct ldb_dn *child_dn;
 	struct ldb_dn *typo_dn;
+	struct ldb_val val;
 
 	torture_assert(torture, 
 		       ldb = ldb_init(mem_ctx, torture->ev),
@@ -655,6 +656,34 @@ static bool torture_ldb_dn(struct torture_context *torture)
 		       ldb_dn_compare_base(dn, typo_dn) != 0,
 		       "Base Comparison on dc=samba,dc=org and c=samba,dc=org should != 0");
 
+	/* Check DN based on MS-ADTS:3.1.1.5.1.2 Naming Constraints*/
+	torture_assert(torture,
+		       dn = ldb_dn_new(mem_ctx, ldb, "CN=New\nLine,DC=SAMBA,DC=org"),
+		       "Failed to create a DN with 0xA in it");
+
+	torture_assert(torture,
+		       ldb_dn_validate(dn) == false,
+		       "should have failed to validate a DN with 0xA in it");
+
+	val.data = "CN=Zer\0,DC=SAMBA,DC=org";
+	val.length = 23;
+	torture_assert(torture,
+		       NULL == ldb_dn_from_ldb_val(mem_ctx, ldb, &val),
+		       "should fail to create a DN with 0x0 in it");
+
+	torture_assert(torture,
+		       dn = ldb_dn_new(mem_ctx, ldb, "CN=loooooooooooooooooooooooooooo"
+"ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo"
+"ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo"
+"ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo"
+"ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo"
+"ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooongdn,DC=SAMBA,DC=org"),
+		       "Failed to create a DN with size more than 255 characters");
+
+	torture_assert(torture,
+		       ldb_dn_validate(dn) == false,
+		       "should have failed to validate DN with size more than 255 characters");
+
 	talloc_free(mem_ctx);
 	return true;
 }


-- 
Samba Shared Repository


More information about the samba-cvs mailing list