[SCM] Samba Shared Repository - branch master updated

Thu Jul 2 12:02:01 UTC 2020

The branch, master has been updated
       via  7082902d56a ldap_client: Make ldap_parse_basic_url() IPv6-address aware
       via  61bc99362a3 ldap_client: Align integer types
       via  011a2a82953 ldap_client: Make ldap_parse_basic_url take care of ldapi as well
       via  9d988ce090f pdb_dsdb: Fix typos
       via  9f3d2ba7ee9 ldb_ldap: Fix a memleak
      from  3cc0f1eeda5 CVE-2020-14303: s4 nbt: fix busy loop on empty UDP packet

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 7082902d56ab1aa824e6b86bceaa7e1a14b6ef29
Author: Volker Lendecke <vl at samba.org>
Date:   Wed Jul 1 16:10:17 2020 +0200

    ldap_client: Make ldap_parse_basic_url() IPv6-address aware
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Alexander Bokovoy <ab at samba.org>
    
    Autobuild-User(master): Volker Lendecke <vl at samba.org>
    Autobuild-Date(master): Thu Jul  2 12:01:06 UTC 2020 on sn-devel-184

commit 61bc99362a385fc8b59197c416f480a1054054b6
Author: Volker Lendecke <vl at samba.org>
Date:   Fri Jun 26 08:31:30 2020 +0200

    ldap_client: Align integer types
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Alexander Bokovoy <ab at samba.org>

commit 011a2a82953fa910e1e7dee9862fbb5deaae8651
Author: Volker Lendecke <vl at samba.org>
Date:   Thu Jun 25 21:20:04 2020 +0200

    ldap_client: Make ldap_parse_basic_url take care of ldapi as well
    
    SUSV4's sscanf has the %m modifier, which allocates the right
    amount. Remove those SMB_ASSERTS for string buffers.
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Alexander Bokovoy <ab at samba.org>

commit 9d988ce090fa1755ac203d74b759f210249966ed
Author: Volker Lendecke <vl at samba.org>
Date:   Thu Jun 25 15:59:48 2020 +0200

    pdb_dsdb: Fix typos
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Alexander Bokovoy <ab at samba.org>

commit 9f3d2ba7ee9e41ddeee376aa74785199ef3dc8a2
Author: Volker Lendecke <vl at samba.org>
Date:   Wed Jun 24 16:50:34 2020 +0200

    ldb_ldap: Fix a memleak
    
    Don't allocate a temporary value on a long-term context
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: David Mulder <dmulder at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 lib/ldb/ldb_ldap/ldb_ldap.c       |   2 +-
 source3/passdb/pdb_samba_dsdb.c   |   6 +-
 source4/libcli/ldap/ldap_client.c | 180 +++++++++++++++++++++++---------------
 3 files changed, 114 insertions(+), 74 deletions(-)


Changeset truncated at 500 lines:

diff --git a/lib/ldb/ldb_ldap/ldb_ldap.c b/lib/ldb/ldb_ldap/ldb_ldap.c
index 0531f8a62ae..7545a587c31 100644
--- a/lib/ldb/ldb_ldap/ldb_ldap.c
+++ b/lib/ldb/ldb_ldap/ldb_ldap.c
@@ -398,7 +398,7 @@ static int lldb_rename(struct lldb_context *lldb_ac)
 
 	if ((rdn_name != NULL) && (rdn_val != NULL)) {
 		newrdn = talloc_asprintf(lldb_ac, "%s=%s", rdn_name,
-					 rdn_val->length > 0 ? ldb_dn_escape_value(lldb, *rdn_val) : "");
+					 rdn_val->length > 0 ? ldb_dn_escape_value(lldb_ac, *rdn_val) : "");
 	} else {
 		newrdn = talloc_strdup(lldb_ac, "");
 	}
diff --git a/source3/passdb/pdb_samba_dsdb.c b/source3/passdb/pdb_samba_dsdb.c
index c5f8d479fb6..276bda88efc 100644
--- a/source3/passdb/pdb_samba_dsdb.c
+++ b/source3/passdb/pdb_samba_dsdb.c
@@ -791,7 +791,7 @@ static NTSTATUS pdb_samba_dsdb_delete_user(struct pdb_methods *m,
 
 /* This interface takes a fully populated struct samu and places it in
  * the database.  This is not implemented at this time as we need to
- * be careful around the creation of arbitary SIDs (ie, we must ensrue
+ * be careful around the creation of arbitrary SIDs (ie, we must ensure
  * they are not left in a RID pool */
 static NTSTATUS pdb_samba_dsdb_add_sam_account(struct pdb_methods *m,
 					struct samu *sampass)
@@ -880,8 +880,8 @@ static NTSTATUS pdb_samba_dsdb_rename_sam_account(struct pdb_methods *m,
 	return NT_STATUS_NOT_IMPLEMENTED;
 }
 
-/* This is not implemented, as this module is exptected to be used
- * with auth_samba_dsdb, and this is responible for login counters etc
+/* This is not implemented, as this module is expected to be used
+ * with auth_samba_dsdb, and this is responsible for login counters etc
  *
  */
 static NTSTATUS pdb_samba_dsdb_update_login_attempts(struct pdb_methods *m,
diff --git a/source4/libcli/ldap/ldap_client.c b/source4/libcli/ldap/ldap_client.c
index abe4e523585..8614ccdfd54 100644
--- a/source4/libcli/ldap/ldap_client.c
+++ b/source4/libcli/ldap/ldap_client.c
@@ -321,43 +321,102 @@ static void ldap_connection_recv_done(struct tevent_req *subreq)
 	return;
 }
 
-/*
-  parse a ldap URL
-*/
-static NTSTATUS ldap_parse_basic_url(TALLOC_CTX *mem_ctx, const char *url,
-				     char **host, uint16_t *port, bool *ldaps)
+enum ldap_proto {
+	LDAP_PROTO_NONE,
+	LDAP_PROTO_LDAP,
+	LDAP_PROTO_LDAPS,
+	LDAP_PROTO_LDAPI
+};
+
+static int ldap_parse_basic_url(
+	const char *url,
+	enum ldap_proto *pproto,
+	TALLOC_CTX *mem_ctx,
+	char **pdest,		/* path for ldapi, host for ldap[s] */
+	uint16_t *pport)	/* Not set for ldapi */
 {
-	int tmp_port = 0;
-	char protocol[11];
-	char tmp_host[1025];
-	int ret;
+	enum ldap_proto proto = LDAP_PROTO_NONE;
+	char *host = NULL;
+	int ret, port;
+
+	if (url == NULL) {
+		return EINVAL;
+	}
+
+	if (strncasecmp_m(url, "ldapi://", strlen("ldapi://")) == 0) {
+		char *path = NULL, *end = NULL;
+
+		path = talloc_strdup(mem_ctx, url+8);
+		if (path == NULL) {
+			return ENOMEM;
+		}
+		end = rfc1738_unescape(path);
+		if (end == NULL) {
+			TALLOC_FREE(path);
+			return EINVAL;
+		}
 
-	/* Paranoia check */
-	SMB_ASSERT(sizeof(protocol)>10 && sizeof(tmp_host)>254);
-		
-	ret = sscanf(url, "%10[^:]://%254[^:/]:%d", protocol, tmp_host, &tmp_port);
-	if (ret < 2) {
-		return NT_STATUS_INVALID_PARAMETER;
+		*pproto = LDAP_PROTO_LDAPI;
+		*pdest = path;
+		return 0;
 	}
 
-	if (strequal(protocol, "ldap")) {
-		*port = 389;
-		*ldaps = false;
-	} else if (strequal(protocol, "ldaps")) {
-		*port = 636;
-		*ldaps = true;
-	} else {
-		DEBUG(0, ("unrecognised ldap protocol (%s)!\n", protocol));
-		return NT_STATUS_PROTOCOL_UNREACHABLE;
+	if (strncasecmp_m(url, "ldap://", strlen("ldap://")) == 0) {
+		url += 7;
+		proto = LDAP_PROTO_LDAP;
+		port = 389;
+	}
+	if (strncasecmp_m(url, "ldaps://", strlen("ldaps://")) == 0) {
+		url += 8;
+		port = 636;
+		proto = LDAP_PROTO_LDAPS;
+	}
+
+	if (proto == LDAP_PROTO_NONE) {
+		return EPROTONOSUPPORT;
 	}
 
-	if (tmp_port != 0)
-		*port = tmp_port;
+	if (url[0] == '[') {
+		/*
+		 * IPv6 with [aa:bb:cc..]:port
+		 */
+		const char *end = NULL;
 
-	*host = talloc_strdup(mem_ctx, tmp_host);
-	NT_STATUS_HAVE_NO_MEMORY(*host);
+		url +=1;
 
-	return NT_STATUS_OK;
+		end = strchr(url, ']');
+		if (end == NULL) {
+			return EINVAL;
+		}
+
+		ret = sscanf(end+1, ":%d", &port);
+		if (ret < 0) {
+			return EINVAL;
+		}
+
+		*pdest = talloc_strndup(mem_ctx, url, end-url);
+		if (*pdest == NULL) {
+			return ENOMEM;
+		}
+		*pproto = proto;
+		*pport = port;
+		return 0;
+	}
+
+	ret = sscanf(url, "%m[^:/]:%d", &host, &port);
+	if (ret < 1) {
+		return EINVAL;
+	}
+
+	*pdest = talloc_strdup(mem_ctx, host);
+	SAFE_FREE(host);
+	if (*pdest == NULL) {
+		return ENOMEM;
+	}
+	*pproto = proto;
+	*pport = port;
+
+	return 0;
 }
 
 /*
@@ -381,7 +440,9 @@ _PUBLIC_ struct composite_context *ldap_connect_send(struct ldap_connection *con
 {
 	struct composite_context *result, *ctx;
 	struct ldap_connect_state *state;
-	char protocol[11];
+	enum ldap_proto proto;
+	char *dest = NULL;
+	uint16_t port;
 	int ret;
 
 	result = talloc_zero(conn, struct composite_context);
@@ -402,30 +463,21 @@ _PUBLIC_ struct composite_context *ldap_connect_send(struct ldap_connection *con
 		if (conn->reconnect.url == NULL) goto failed;
 	}
 
-	/* Paranoia check */
-	SMB_ASSERT(sizeof(protocol)>10);
-
-	ret = sscanf(url, "%10[^:]://", protocol);
-	if (ret < 1) {
-		return NULL;
+	ret = ldap_parse_basic_url(url, &proto, conn, &dest, &port);
+	if (ret != 0) {
+		composite_error(result, map_nt_error_from_unix_common(ret));
+		return result;
 	}
 
-	if (strequal(protocol, "ldapi")) {
+	if (proto == LDAP_PROTO_LDAPI) {
 		struct socket_address *unix_addr;
-		char path[1025];
-		char *end = NULL;
 		NTSTATUS status = socket_create(state, "unix",
 						SOCKET_TYPE_STREAM,
 						&state->sock, 0);
 		if (!NT_STATUS_IS_OK(status)) {
 			return NULL;
 		}
-		SMB_ASSERT(sizeof(protocol)>10);
-		SMB_ASSERT(sizeof(path)>1024);
-	
-		/* LDAPI connections are to localhost, so give the
-		 * local host name as the target for gensec's
-		 * DIGEST-MD5 mechanism */
+
 		conn->host = talloc_asprintf(conn, "%s.%s",
 					     lpcfg_netbios_name(conn->lp_ctx),
 					     lpcfg_dnsdomain(conn->lp_ctx));
@@ -433,22 +485,8 @@ _PUBLIC_ struct composite_context *ldap_connect_send(struct ldap_connection *con
 			return result;
 		}
 
-		/* The %c specifier doesn't null terminate :-( */
-		ZERO_STRUCT(path);
-		ret = sscanf(url, "%10[^:]://%1025c", protocol, path);
-		if (ret < 2) {
-			composite_error(state->ctx, NT_STATUS_INVALID_PARAMETER);
-			return result;
-		}
-
-		end = rfc1738_unescape(path);
-		if (end == NULL) {
-			composite_error(state->ctx,
-					NT_STATUS_INVALID_PARAMETER);
-			return result;
-		}	
 		unix_addr = socket_address_from_strings(state, state->sock->backend_name,
-							path, 0);
+							dest, 0);
 		if (composite_nomem(unix_addr, result)) {
 			return result;
 		}
@@ -458,13 +496,14 @@ _PUBLIC_ struct composite_context *ldap_connect_send(struct ldap_connection *con
 		ctx->async.fn = ldap_connect_recv_unix_conn;
 		ctx->async.private_data = state;
 		return result;
-	} else {
-		NTSTATUS status = ldap_parse_basic_url(conn, url, &conn->host,
-							  &conn->port, &conn->ldaps);
-		if (!NT_STATUS_IS_OK(status)) {
-			composite_error(result, status);
-			return result;
-		}
+	}
+
+	if ((proto == LDAP_PROTO_LDAP) || (proto == LDAP_PROTO_LDAPS)) {
+
+		conn->ldaps = (proto == LDAP_PROTO_LDAPS);
+
+		conn->host = talloc_move(conn, &dest);
+		conn->port = port;
 
 		if (conn->ldaps) {
 			char *ca_file = lpcfg_tls_cafile(state, conn->lp_ctx);
@@ -472,6 +511,7 @@ _PUBLIC_ struct composite_context *ldap_connect_send(struct ldap_connection *con
 			const char *tls_priority = lpcfg_tls_priority(conn->lp_ctx);
 			enum tls_verify_peer_state verify_peer =
 				lpcfg_tls_verify_peer(conn->lp_ctx);
+			NTSTATUS status;
 
 			status = tstream_tls_params_client(state,
 							   ca_file,
@@ -941,7 +981,7 @@ static const struct {
 */
 _PUBLIC_ NTSTATUS ldap_check_response(struct ldap_connection *conn, struct ldap_Result *r)
 {
-	int i;
+	size_t i;
 	const char *codename = "unknown";
 
 	if (r->resultcode == LDAP_SUCCESS) {
@@ -953,7 +993,7 @@ _PUBLIC_ NTSTATUS ldap_check_response(struct ldap_connection *conn, struct ldap_
 	}
 
 	for (i=0;i<ARRAY_SIZE(ldap_code_map);i++) {
-		if (r->resultcode == ldap_code_map[i].code) {
+		if ((enum ldap_result_code)r->resultcode == ldap_code_map[i].code) {
 			codename = ldap_code_map[i].str;
 			break;
 		}
@@ -1021,7 +1061,7 @@ _PUBLIC_ NTSTATUS ldap_result_one(struct ldap_request *req, struct ldap_message
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
 	}
-	if ((*msg) != NULL && (*msg)->type != type) {
+	if ((*msg) != NULL && (*msg)->type != (enum ldap_request_tag)type) {
 		*msg = NULL;
 		return NT_STATUS_UNEXPECTED_NETWORK_ERROR;
 	}


-- 
Samba Shared Repository

