[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Mon Jun 24 15:56:03 MDT 2013
The branch, master has been updated
via 7bf8fc7 torture: Add tests for LDAP substring search with no strings provided
via 70cb7fd libcli/ldap: Cope with substring match with no chunks in ldap_push_filter
via 4ca9639 ldb: bump version to allow a depencency on the substring crash fix
via 1a279f7 ldb: Cope with substring match with no chunks in ldb_filter_from_tree
from 32d0b75 Note how vfs_gpfs uses the "acl map full control" parameter.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 7bf8fc7ca2321c25b9194a0a13df6a8b4e783c9e
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sat Jun 22 16:55:08 2013 +1000
torture: Add tests for LDAP substring search with no strings provided
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Jun 24 23:55:07 CEST 2013 on sn-devel-104
commit 70cb7fd214041e8ffacc98de4dbde3ecd77bba85
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sat Jun 22 17:01:42 2013 +1000
libcli/ldap: Cope with substring match with no chunks in ldap_push_filter
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 4ca963926938917bf32af4eead61ded2a8275139
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Jun 24 15:28:39 2013 +1000
ldb: bump version to allow a depencency on the substring crash fix
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 1a279f74b72018f0742fc407e0574c9dbd7b7883
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sat Jun 22 17:01:02 2013 +1000
ldb: Cope with substring match with no chunks in ldb_filter_from_tree
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
-----------------------------------------------------------------------
Summary of changes:
lib/ldb/ABI/{ldb-1.1.14.sigs => ldb-1.1.16.sigs} | 0
...ldb-util-1.1.10.sigs => pyldb-util-1.1.16.sigs} | 0
lib/ldb/common/ldb_parse.c | 2 +-
lib/ldb/wscript | 2 +-
libcli/ldap/ldap_message.c | 41 ++++----
source4/torture/ldap/basic.c | 110 ++++++++++++++++++++
6 files changed, 134 insertions(+), 21 deletions(-)
copy lib/ldb/ABI/{ldb-1.1.14.sigs => ldb-1.1.16.sigs} (100%)
copy lib/ldb/ABI/{pyldb-util-1.1.10.sigs => pyldb-util-1.1.16.sigs} (100%)
Changeset truncated at 500 lines:
diff --git a/lib/ldb/ABI/ldb-1.1.14.sigs b/lib/ldb/ABI/ldb-1.1.16.sigs
similarity index 100%
copy from lib/ldb/ABI/ldb-1.1.14.sigs
copy to lib/ldb/ABI/ldb-1.1.16.sigs
diff --git a/lib/ldb/ABI/pyldb-util-1.1.10.sigs b/lib/ldb/ABI/pyldb-util-1.1.16.sigs
similarity index 100%
copy from lib/ldb/ABI/pyldb-util-1.1.10.sigs
copy to lib/ldb/ABI/pyldb-util-1.1.16.sigs
diff --git a/lib/ldb/common/ldb_parse.c b/lib/ldb/common/ldb_parse.c
index 33e8444..5fa5a74 100644
--- a/lib/ldb/common/ldb_parse.c
+++ b/lib/ldb/common/ldb_parse.c
@@ -748,7 +748,7 @@ char *ldb_filter_from_tree(TALLOC_CTX *mem_ctx, const struct ldb_parse_tree *tre
ret = talloc_asprintf(mem_ctx, "(%s=%s", tree->u.substring.attr,
tree->u.substring.start_with_wildcard?"*":"");
if (ret == NULL) return NULL;
- for (i = 0; tree->u.substring.chunks[i]; i++) {
+ for (i = 0; tree->u.substring.chunks && tree->u.substring.chunks[i]; i++) {
s2 = ldb_binary_encode(mem_ctx, *(tree->u.substring.chunks[i]));
if (s2 == NULL) {
talloc_free(ret);
diff --git a/lib/ldb/wscript b/lib/ldb/wscript
index fbfed1a..f5647b1 100755
--- a/lib/ldb/wscript
+++ b/lib/ldb/wscript
@@ -1,7 +1,7 @@
#!/usr/bin/env python
APPNAME = 'ldb'
-VERSION = '1.1.15'
+VERSION = '1.1.16'
blddir = 'bin'
diff --git a/libcli/ldap/ldap_message.c b/libcli/ldap/ldap_message.c
index f640bf3..1c5542c 100644
--- a/libcli/ldap/ldap_message.c
+++ b/libcli/ldap/ldap_message.c
@@ -269,26 +269,29 @@ static bool ldap_push_filter(struct asn1_data *data, struct ldb_parse_tree *tree
asn1_push_tag(data, ASN1_CONTEXT(4));
asn1_write_OctetString(data, tree->u.substring.attr, strlen(tree->u.substring.attr));
asn1_push_tag(data, ASN1_SEQUENCE(0));
- i = 0;
- if ( ! tree->u.substring.start_with_wildcard) {
- asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(0));
- asn1_write_DATA_BLOB_LDAPString(data, tree->u.substring.chunks[i]);
- asn1_pop_tag(data);
- i++;
- }
- while (tree->u.substring.chunks[i]) {
- int ctx;
- if (( ! tree->u.substring.chunks[i + 1]) &&
- (tree->u.substring.end_with_wildcard == 0)) {
- ctx = 2;
- } else {
- ctx = 1;
+ if (tree->u.substring.chunks && tree->u.substring.chunks[0]) {
+ i = 0;
+ if (!tree->u.substring.start_with_wildcard) {
+ asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(0));
+ asn1_write_DATA_BLOB_LDAPString(data, tree->u.substring.chunks[i]);
+ asn1_pop_tag(data);
+ i++;
+ }
+ while (tree->u.substring.chunks[i]) {
+ int ctx;
+
+ if (( ! tree->u.substring.chunks[i + 1]) &&
+ (tree->u.substring.end_with_wildcard == 0)) {
+ ctx = 2;
+ } else {
+ ctx = 1;
+ }
+ asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(ctx));
+ asn1_write_DATA_BLOB_LDAPString(data, tree->u.substring.chunks[i]);
+ asn1_pop_tag(data);
+ i++;
}
- asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(ctx));
- asn1_write_DATA_BLOB_LDAPString(data, tree->u.substring.chunks[i]);
- asn1_pop_tag(data);
- i++;
}
asn1_pop_tag(data);
asn1_pop_tag(data);
diff --git a/source4/torture/ldap/basic.c b/source4/torture/ldap/basic.c
index 2d65948..8d964ac 100644
--- a/source4/torture/ldap/basic.c
+++ b/source4/torture/ldap/basic.c
@@ -156,6 +156,108 @@ static bool test_search_rootDSE(struct ldap_connection *conn, const char **based
return ret;
}
+static bool test_search_rootDSE_empty_substring(struct ldap_connection *conn)
+{
+ bool ret = true;
+ struct ldap_message *msg, *result;
+ struct ldap_request *req;
+ NTSTATUS status;
+
+ printf("Testing RootDSE Search with objectclass= substring filter\n");
+
+ msg = new_ldap_message(conn);
+ if (!msg) {
+ return false;
+ }
+
+ msg->type = LDAP_TAG_SearchRequest;
+ msg->r.SearchRequest.basedn = "";
+ msg->r.SearchRequest.scope = LDAP_SEARCH_SCOPE_BASE;
+ msg->r.SearchRequest.deref = LDAP_DEREFERENCE_NEVER;
+ msg->r.SearchRequest.timelimit = 0;
+ msg->r.SearchRequest.sizelimit = 0;
+ msg->r.SearchRequest.attributesonly = false;
+ msg->r.SearchRequest.tree = ldb_parse_tree(msg, "(objectclass=*)");
+ msg->r.SearchRequest.tree->operation = LDB_OP_SUBSTRING;
+ msg->r.SearchRequest.tree->u.substring.attr = "objectclass";
+ msg->r.SearchRequest.tree->u.substring.start_with_wildcard = 1;
+ msg->r.SearchRequest.tree->u.substring.end_with_wildcard = 1;
+ msg->r.SearchRequest.tree->u.substring.chunks = NULL;
+ msg->r.SearchRequest.num_attributes = 0;
+ msg->r.SearchRequest.attributes = NULL;
+
+ req = ldap_request_send(conn, msg);
+ if (req == NULL) {
+ printf("Could not setup ldap search\n");
+ return false;
+ }
+
+ status = ldap_result_one(req, &result, LDAP_TAG_SearchResultEntry);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("looking for search result reply failed - %s\n", nt_errstr(status));
+ return false;
+ }
+
+ printf("received %d replies\n", req->num_replies);
+
+ return ret;
+}
+
+static bool test_search_auth_empty_substring(struct ldap_connection *conn, const char *basedn)
+{
+ bool ret = true;
+ struct ldap_message *msg, *result;
+ struct ldap_request *req;
+ NTSTATUS status;
+ struct ldap_Result *r;
+
+ printf("Testing authenticated base Search with objectclass= substring filter\n");
+
+ msg = new_ldap_message(conn);
+ if (!msg) {
+ return false;
+ }
+
+ msg->type = LDAP_TAG_SearchRequest;
+ msg->r.SearchRequest.basedn = basedn;
+ msg->r.SearchRequest.scope = LDAP_SEARCH_SCOPE_BASE;
+ msg->r.SearchRequest.deref = LDAP_DEREFERENCE_NEVER;
+ msg->r.SearchRequest.timelimit = 0;
+ msg->r.SearchRequest.sizelimit = 0;
+ msg->r.SearchRequest.attributesonly = false;
+ msg->r.SearchRequest.tree = ldb_parse_tree(msg, "(objectclass=*)");
+ msg->r.SearchRequest.tree->operation = LDB_OP_SUBSTRING;
+ msg->r.SearchRequest.tree->u.substring.attr = "objectclass";
+ msg->r.SearchRequest.tree->u.substring.start_with_wildcard = 1;
+ msg->r.SearchRequest.tree->u.substring.end_with_wildcard = 1;
+ msg->r.SearchRequest.tree->u.substring.chunks = NULL;
+ msg->r.SearchRequest.num_attributes = 0;
+ msg->r.SearchRequest.attributes = NULL;
+
+ req = ldap_request_send(conn, msg);
+ if (req == NULL) {
+ printf("Could not setup ldap search\n");
+ return false;
+ }
+
+ status = ldap_result_one(req, &result, LDAP_TAG_SearchResultDone);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("looking for search result done failed - %s\n", nt_errstr(status));
+ return false;
+ }
+
+ printf("received %d replies\n", req->num_replies);
+
+ r = &result->r.SearchResultDone;
+
+ if (r->resultcode != LDAP_SUCCESS) {
+ printf("search result done gave error - %s\n", ldb_strerror(r->resultcode));
+ return false;
+ }
+
+ return ret;
+}
+
static bool test_compare_sasl(struct ldap_connection *conn, const char *basedn)
{
struct ldap_message *msg, *rep;
@@ -856,6 +958,10 @@ bool torture_ldap_basic(struct torture_context *torture)
ret = false;
}
+ if (!test_search_rootDSE_empty_substring(conn)) {
+ ret = false;
+ }
+
/* other bind tests here */
if (!test_multibind(conn, userdn, secret)) {
@@ -866,6 +972,10 @@ bool torture_ldap_basic(struct torture_context *torture)
ret = false;
}
+ if (!test_search_auth_empty_substring(conn, basedn)) {
+ ret = false;
+ }
+
if (!test_compare_sasl(conn, basedn)) {
ret = false;
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list