[Patch] Fix the ";binary" suffix behavior

Jeremy Allison jra at samba.org
Tue Aug 9 00:13:59 UTC 2016 

On Mon, Aug 08, 2016 at 06:00:00PM +0200, Niklas Abel wrote:

> No problem, thanks for the review and the fast response.

OK - LGTM. Can I get a second Team reviewer ?

Thanks Niklas for all your work and help on this !

Jeremy.

> -- 
> Niklas Abel (IT Security Consultant), http://www.lsexperts.de
> LSE Leading Security Experts GmbH, Postfach 100121, 64201 Darmstadt
> Tel: +49 6151 86086-261, Fax: -299, Mobil: +49 151 26467737
> Unternehmenssitz: Weiterstadt, Amtsgericht Darmstadt: HRB8649
> Geschäftsführer: Nils Manegold, Oliver Michel, Arved Graf von Stackelberg, Sven Walther
> 

> From 90484eb5dc1beb36819ef0ff86396e6de5eb90d3 Mon Sep 17 00:00:00 2001
> From: Niklas Abel <niklas.abel at lsexperts.de>
> Date: Mon, 8 Aug 2016 17:34:46 +0200
> Subject: [PATCH] 
> Description:  
>  Fixed ";binary" suffix problem.  
>  Search requests with the ";binary" suffix can now be searched with samba.
>  The suffix will now be ignored as it is meaningless to samba.
> 
> BUG: https://lists.samba.org/archive/samba-technical/2016-May/114242.html
> Signed-off-by: Niklas Abel <niklas.abel at lsexperts.de>
> ---
>  source4/dsdb/samdb/ldb_modules/resolve_oids.c | 74 +++++++++++++++++++++++++++
>  source4/dsdb/tests/python/ldap_syntaxes.py    |  7 +++
>  2 files changed, 81 insertions(+)
> 
> diff --git a/source4/dsdb/samdb/ldb_modules/resolve_oids.c b/source4/dsdb/samdb/ldb_modules/resolve_oids.c
> index b5c5f8e..3b587ba 100644
> --- a/source4/dsdb/samdb/ldb_modules/resolve_oids.c
> +++ b/source4/dsdb/samdb/ldb_modules/resolve_oids.c
> @@ -440,6 +440,66 @@ static int resolve_oids_callback(struct ldb_request *req, struct ldb_reply *ares
>  	return LDB_SUCCESS;
>  }
>  
> +/**
> + * Strips suffix from an attribute,
> + * if there is any.
> +*/
> +const static char * strip_suffix (const void *mem_ctx, const char *attr, const char *suffix)
> +{
> +	size_t attr_length = 0;
> +	size_t suffix_length = 0;
> +	size_t new_attr_size = 0;
> +	const char *tmp = NULL;
> +	const static char *result = NULL;
> +
> +	if (!attr || !*attr || !suffix || !*suffix) {
> +		return attr;
> +	}
> +	attr_length = strlen(attr);
> +	suffix_length = strlen(suffix);
> +	if (attr_length < suffix_length) {
> +		return attr;
> +	}
> +	new_attr_size = (attr_length - suffix_length);
> +	tmp = attr + new_attr_size;
> +	if (strcasecmp(suffix, tmp) == 0) {
> +		result = talloc_strndup(mem_ctx, attr, new_attr_size);
> +		if (result) {
> +			return result;
> +		}
> +	}
> +	return attr;
> +}
> +
> +/**
> + * Modified version of str_list_copy_const() which creates the new list without
> + * entries with a ";binary" tail.
> +*/
> +const char **str_list_copy_const_clean_suffix(TALLOC_CTX *mem_ctx,
> +					  const char **list)
> +{
> +	int i;
> +	const char **ret;
> +
> +	if (list == NULL) {
> +		return NULL;
> +	}
> +
> +	ret = talloc_array(mem_ctx, const char *, str_list_length(list)+1);
> +	if (ret == NULL) {
> +		return NULL;
> +	}
> +
> +	for (i=0;list && list[i];i++) {
> +		ret[i] = strip_suffix(mem_ctx, list[i], ";binary");
> +		if (ret[i] == NULL) {
> +			break;
> +		}
> +	}
> +	ret[i] = NULL;
> +	return ret;
> +}
> +
>  static int resolve_oids_search(struct ldb_module *module, struct ldb_request *req)
>  {
>  	struct ldb_context *ldb;
> @@ -449,9 +509,11 @@ static int resolve_oids_search(struct ldb_module *module, struct ldb_request *re
>  	struct resolve_oids_context *ac;
>  	int ret;
>  	bool needed = false;
> +	bool needclean = false;
>  	const char * const *attrs1;
>  	const char **attrs2;
>  	unsigned int i;
> +	const char ** cleaned_attrs;
>  
>  	ldb = ldb_module_get_ctx(module);
>  	schema = dsdb_get_schema(ldb, NULL);
> @@ -479,6 +541,10 @@ static int resolve_oids_search(struct ldb_module *module, struct ldb_request *re
>  		const char *p;
>  		const struct dsdb_attribute *a;
>  
> +		p = strchr(attrs1[i], ';');
> +		if (p != NULL) {
> +			needclean = true;
> +		}
>  		p = strchr(attrs1[i], '.');
>  		if (p == NULL) {
>  			continue;
> @@ -493,6 +559,14 @@ static int resolve_oids_search(struct ldb_module *module, struct ldb_request *re
>  		break;
>  	}
>  
> +	if (needclean) {
> +		cleaned_attrs = str_list_copy_const_clean_suffix(req,
> +						discard_const_p(const char *, req->op.search.attrs));
> +		if(cleaned_attrs) {
> +			req->op.search.attrs = cleaned_attrs;
> +		}
> +	}
> +
>  	if (!needed) {
>  		return ldb_next_request(module, req);
>  	}
> diff --git a/source4/dsdb/tests/python/ldap_syntaxes.py b/source4/dsdb/tests/python/ldap_syntaxes.py
> index 56a1755..762f66e 100755
> --- a/source4/dsdb/tests/python/ldap_syntaxes.py
> +++ b/source4/dsdb/tests/python/ldap_syntaxes.py
> @@ -82,6 +82,13 @@ systemOnly: FALSE
>          self.assertEquals(res[0]["lDAPDisplayName"][0], attr_ldap_display_name)
>          self.assertTrue("schemaIDGUID" in res[0])
>  
> +        # search for created attribute with ";binary" suffix
> +        res = []
> +        res = self.ldb.search("cn=%s,%s" % (attr_name+";binary", self.schema_dn), scope=SCOPE_BASE, attrs=["*"])
> +        self.assertEquals(len(res), 1)
> +        self.assertEquals(res[0]["lDAPDisplayName"][0], attr_ldap_display_name)
> +        self.assertTrue("schemaIDGUID" in res[0])
> +
>          class_name = "test-Class-DN-String" + time.strftime("%s", time.gmtime())
>          class_ldap_display_name = class_name.replace("-", "")
>  
> -- 
> 2.1.4

More information about the samba-technical mailing list