[PATCHES] fix ASN.1 and control syntax for VLV
Jeremy Allison
jra at samba.org
Thu Mar 10 17:39:53 UTC 2016
On Tue, Mar 08, 2016 at 02:01:04PM +1300, Douglas Bagnall wrote:
> hi all,
>
> These patches are necessary to properly parse and construct ASN.1
> strings for the virtual list view (VLV) control. These are largely
> the result of running many queries against WIN2012R2.
>
> These patches don't actually make VLV work, but that is coming soon.
>
> Douglas
> From d35ece8106b231bf5f2fccab3f70309b649161ac Mon Sep 17 00:00:00 2001
> From: Garming Sam <garming at catalyst.net.nz>
> Date: Tue, 26 Jan 2016 13:07:48 +1300
> Subject: [PATCH 01/11] ldb controls: base64 encode VLV response context
> strings
>
> Pair-programmed-with: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
> Signed-off-by: Garming Sam <garming at catalyst.net.nz>
> ---
> lib/ldb/common/ldb_controls.c | 12 +++++++++---
> 1 file changed, 9 insertions(+), 3 deletions(-)
>
> diff --git a/lib/ldb/common/ldb_controls.c b/lib/ldb/common/ldb_controls.c
> index af056d0..500805c 100644
> --- a/lib/ldb/common/ldb_controls.c
> +++ b/lib/ldb/common/ldb_controls.c
> @@ -310,14 +310,20 @@ char *ldb_control_to_string(TALLOC_CTX *mem_ctx, const struct ldb_control *contr
> struct ldb_vlv_resp_control *rep_control = talloc_get_type(control->data,
> struct ldb_vlv_resp_control);
>
> - res = talloc_asprintf(mem_ctx, "%s:%d:%d:%d:%d:%d:%s",
> + char *cookie;
> + const uint8_t *c = (uint8_t*) rep_control->contextId;
> +
> + cookie = ldb_base64_encode(mem_ctx,
> + rep_control->contextId,
> + rep_control->ctxid_len);
> +
Doesn't this need a check for NULL return from ldb_base64_encode() ?
> + res = talloc_asprintf(mem_ctx, "%s:%d:%d:%d:%d:%s",
> LDB_CONTROL_VLV_RESP_NAME,
> control->critical,
> rep_control->targetPosition,
> rep_control->contentCount,
> rep_control->vlv_result,
> - rep_control->ctxid_len,
> - rep_control->contextId);
> + cookie);
>
> return res;
> }
> --
> 2.5.0
>
>
> From 3612f6de328c082a0e305463c69481fd6e49835d Mon Sep 17 00:00:00 2001
> From: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
> Date: Tue, 22 Dec 2015 16:34:53 +1300
> Subject: [PATCH 02/11] ldb controls: better error string for VLV control
>
> Pair-programmed-with: Garming Sam <garming at catalyst.net.nz>
> Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
> ---
> lib/ldb/common/ldb_controls.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/lib/ldb/common/ldb_controls.c b/lib/ldb/common/ldb_controls.c
> index 500805c..8d7b430 100644
> --- a/lib/ldb/common/ldb_controls.c
> +++ b/lib/ldb/common/ldb_controls.c
> @@ -468,7 +468,7 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO
> }
>
> if ((ret < 4) || (crit < 0) || (crit > 1)) {
> - error_string = talloc_asprintf(mem_ctx, "invalid server_sort control syntax\n");
> + error_string = talloc_asprintf(mem_ctx, "invalid VLV control syntax\n");
> error_string = talloc_asprintf_append(error_string, " syntax: crit(b):bc(n):ac(n):<os(n):cc(n)|attr(s)>[:ctxid(o)]\n");
> error_string = talloc_asprintf_append(error_string, " note: b = boolean, n = number, s = string, o = b64 binary blob");
> ldb_set_errstring(ldb, error_string);
> --
> 2.5.0
>
>
> From e9ced8fabba31ec6abec3cd666eb195575e6c054 Mon Sep 17 00:00:00 2001
> From: Garming Sam <garming at catalyst.net.nz>
> Date: Tue, 22 Dec 2015 17:07:38 +1300
> Subject: [PATCH 03/11] ldap VLV: use correct ASN.1 encoding for requests
>
> The search reference points (either an integer index or a string
> for comparison) are supposed to use ASN1_CONTEXT or ASN1_CONTEXT_SIMPLE
> (respectively) ASN.1 types. We were using these types, but we also put
> extra ones in too, which nobody else likes.
>
> Pair-programmed-with: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
> Signed-off-by: Garming Sam <garming at catalyst.net.nz>
> ---
> source4/libcli/ldap/ldap_controls.c | 14 +++-----------
> 1 file changed, 3 insertions(+), 11 deletions(-)
>
> diff --git a/source4/libcli/ldap/ldap_controls.c b/source4/libcli/ldap/ldap_controls.c
> index 863e5b6..6a4af70 100644
> --- a/source4/libcli/ldap/ldap_controls.c
> +++ b/source4/libcli/ldap/ldap_controls.c
> @@ -586,7 +586,7 @@ static bool decode_vlv_request(void *mem_ctx, DATA_BLOB in, void *_out)
>
> lvrc->type = 1;
>
> - if (!asn1_start_tag(data, ASN1_CONTEXT(1))) {
> + if (!asn1_start_tag(data, ASN1_CONTEXT_SIMPLE(1))) {
> return false;
> }
>
> @@ -1007,10 +1007,6 @@ static bool encode_vlv_request(void *mem_ctx, void *in, DATA_BLOB *out)
> return false;
> }
>
> - if (!asn1_push_tag(data, ASN1_SEQUENCE(0))) {
> - return false;
> - }
> -
> if (!asn1_write_Integer(data, lvrc->match.byOffset.offset)) {
> return false;
> }
> @@ -1019,19 +1015,15 @@ static bool encode_vlv_request(void *mem_ctx, void *in, DATA_BLOB *out)
> return false;
> }
>
> - if (!asn1_pop_tag(data)) { /*SEQUENCE*/
> - return false;
> - }
> -
> if (!asn1_pop_tag(data)) { /*CONTEXT*/
> return false;
> }
> } else {
> - if (!asn1_push_tag(data, ASN1_CONTEXT(1))) {
> + if (!asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(1))) {
> return false;
> }
>
> - if (!asn1_write_OctetString(data, lvrc->match.gtOrEq.value, lvrc->match.gtOrEq.value_len)) {
> + if (!asn1_write(data, lvrc->match.gtOrEq.value, lvrc->match.gtOrEq.value_len)) {
> return false;
> }
>
> --
> 2.5.0
>
>
> From 906de8bc3eabe26932baa762892960527f0820b2 Mon Sep 17 00:00:00 2001
> From: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
> Date: Tue, 22 Dec 2015 17:10:14 +1300
> Subject: [PATCH 04/11] ldap VLV: memdup, not strdup VLV context_id
>
> The context ID is not a text string, it is an opaque binary field.
>
> Pair-programmed-with: Garming Sam <garming at catalyst.net.nz>
> Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
> ---
> source4/libcli/ldap/ldap_controls.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/source4/libcli/ldap/ldap_controls.c b/source4/libcli/ldap/ldap_controls.c
> index 6a4af70..0a23cc7 100644
> --- a/source4/libcli/ldap/ldap_controls.c
> +++ b/source4/libcli/ldap/ldap_controls.c
> @@ -675,7 +675,7 @@ static bool decode_vlv_response(void *mem_ctx, DATA_BLOB in, void *_out)
> if (!asn1_read_OctetString(data, mem_ctx, &context_id)) {
> return false;
> }
> - lvrc->contextId = talloc_strndup(lvrc, (const char *)context_id.data, context_id.length);
> + lvrc->contextId = talloc_memdup(lvrc, (const char *)context_id.data, context_id.length);
> if (!lvrc->contextId) {
> return false;
> }
> --
> 2.5.0
>
>
> From c244680911b1468e8e7295fa0784d5a53af33fca Mon Sep 17 00:00:00 2001
> From: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
> Date: Wed, 23 Dec 2015 17:34:15 +1300
> Subject: [PATCH 05/11] vlv: better syntax for parsing greater than or equal
> strings
>
> This makes the gt_eq case different from the indexed case in the eyes
> of sscanf().
>
> Pair-programmed-with: Garming Sam <garming at catalyst.net.nz>
> Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
> ---
> lib/ldb/common/ldb_controls.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/lib/ldb/common/ldb_controls.c b/lib/ldb/common/ldb_controls.c
> index 8d7b430..c760540 100644
> --- a/lib/ldb/common/ldb_controls.c
> +++ b/lib/ldb/common/ldb_controls.c
> @@ -464,7 +464,7 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO
> p = &(control_strings[sizeof(LDB_CONTROL_VLV_REQ_NAME)]);
> ret = sscanf(p, "%d:%d:%d:%d:%d:%1023[^$]", &crit, &bc, &ac, &os, &cc, ctxid);
> if (ret < 5) {
> - ret = sscanf(p, "%d:%d:%d:%1023[^:]:%1023[^$]", &crit, &bc, &ac, attr, ctxid);
> + ret = sscanf(p, "%d:%d:%d:>=%1023[^:]:%1023[^$]", &crit, &bc, &ac, attr, ctxid);
> }
>
> if ((ret < 4) || (crit < 0) || (crit > 1)) {
> --
> 2.5.0
>
>
> From a995d0c4ee603f0f2e72d3a4ba53b3b61ff8cc13 Mon Sep 17 00:00:00 2001
> From: Garming Sam <garming at catalyst.net.nz>
> Date: Thu, 17 Dec 2015 10:33:54 +1300
> Subject: [PATCH 06/11] ldap: fix search control rule identifiers ASN.1 type
>
> Wireshark and Windows both expect matching rule identifiers to be
> given the ContextSimple type identifier instead of the Octet String.
>
> As far as we can tell this is not formally specified anywhere.
>
> Pair-programmed-with: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
> Signed-off-by: Garming Sam <garming at catalyst.net.nz>
> ---
> source4/libcli/ldap/ldap_controls.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/source4/libcli/ldap/ldap_controls.c b/source4/libcli/ldap/ldap_controls.c
> index 0a23cc7..98e690d 100644
> --- a/source4/libcli/ldap/ldap_controls.c
> +++ b/source4/libcli/ldap/ldap_controls.c
> @@ -757,7 +757,8 @@ static bool encode_server_sort_request(void *mem_ctx, void *in, DATA_BLOB *out)
> }
>
> if (lssc[num]->orderingRule) {
> - if (!asn1_write_OctetString(data, lssc[num]->orderingRule, strlen(lssc[num]->orderingRule))) {
> + DATA_BLOB order = data_blob_string_const(lssc[num]->orderingRule);
> + if (!asn1_write_ContextSimple(data, 0, &order)) {
> return false;
> }
> }
> --
> 2.5.0
>
>
> From 0d73ab1bb27634ca9b668c4b81e19fbba5805d71 Mon Sep 17 00:00:00 2001
> From: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
> Date: Wed, 30 Dec 2015 12:07:35 +1300
> Subject: [PATCH 07/11] ASN1: use a talloc context in read_contextSimple
>
> Pair-programmed-with: Garming Sam <garming at catalyst.net.nz>
> Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
> ---
> lib/util/asn1.c | 5 +++--
> lib/util/asn1.h | 2 +-
> libcli/ldap/ldap_message.c | 10 +++++-----
> 3 files changed, 9 insertions(+), 8 deletions(-)
>
> diff --git a/lib/util/asn1.c b/lib/util/asn1.c
> index 9d6d416..d81e50f 100644
> --- a/lib/util/asn1.c
> +++ b/lib/util/asn1.c
> @@ -927,7 +927,8 @@ bool asn1_read_OctetString(struct asn1_data *data, TALLOC_CTX *mem_ctx, DATA_BLO
> return false;
> }
>
> -bool asn1_read_ContextSimple(struct asn1_data *data, uint8_t num, DATA_BLOB *blob)
> +bool asn1_read_ContextSimple(struct asn1_data *data, TALLOC_CTX *mem_ctx, uint8_t num,
> + DATA_BLOB *blob)
> {
> int len;
> ZERO_STRUCTP(blob);
> @@ -937,7 +938,7 @@ bool asn1_read_ContextSimple(struct asn1_data *data, uint8_t num, DATA_BLOB *blo
> data->has_error = true;
> return false;
> }
> - *blob = data_blob(NULL, len);
> + *blob = data_blob_talloc(mem_ctx, NULL, len);
> if ((len != 0) && (!blob->data)) {
> data->has_error = true;
> return false;
> diff --git a/lib/util/asn1.h b/lib/util/asn1.h
> index 95e7dbf..ddd6986 100644
> --- a/lib/util/asn1.h
> +++ b/lib/util/asn1.h
> @@ -87,7 +87,7 @@ bool asn1_check_OID(struct asn1_data *data, const char *OID);
> bool asn1_read_LDAPString(struct asn1_data *data, TALLOC_CTX *mem_ctx, char **s);
> bool asn1_read_GeneralString(struct asn1_data *data, TALLOC_CTX *mem_ctx, char **s);
> bool asn1_read_OctetString(struct asn1_data *data, TALLOC_CTX *mem_ctx, DATA_BLOB *blob);
> -bool asn1_read_ContextSimple(struct asn1_data *data, uint8_t num, DATA_BLOB *blob);
> +bool asn1_read_ContextSimple(struct asn1_data *data, TALLOC_CTX *mem_ctx, uint8_t num, DATA_BLOB *blob);
> bool asn1_read_implicit_Integer(struct asn1_data *data, int *i);
> bool asn1_read_Integer(struct asn1_data *data, int *i);
> bool asn1_read_BitString(struct asn1_data *data, TALLOC_CTX *mem_ctx, DATA_BLOB *blob, uint8_t *padding);
> diff --git a/libcli/ldap/ldap_message.c b/libcli/ldap/ldap_message.c
> index c89705b..9546dce 100644
> --- a/libcli/ldap/ldap_message.c
> +++ b/libcli/ldap/ldap_message.c
> @@ -1232,7 +1232,7 @@ _PUBLIC_ NTSTATUS ldap_decode(struct asn1_data *data,
> if (!ldap_decode_response(msg, data, &r->response)) goto prot_err;
> if (asn1_peek_tag(data, ASN1_CONTEXT_SIMPLE(7))) {
> DATA_BLOB tmp_blob = data_blob(NULL, 0);
> - if (!asn1_read_ContextSimple(data, 7, &tmp_blob)) goto prot_err;
> + if (!asn1_read_ContextSimple(data, msg, 7, &tmp_blob)) goto prot_err;
> r->SASL.secblob = talloc(msg, DATA_BLOB);
> if (!r->SASL.secblob) {
> return NT_STATUS_LDAP(LDAP_OPERATIONS_ERROR);
> @@ -1501,7 +1501,7 @@ _PUBLIC_ NTSTATUS ldap_decode(struct asn1_data *data,
>
> msg->type = LDAP_TAG_ExtendedRequest;
> if (!asn1_start_tag(data,tag)) goto prot_err;
> - if (!asn1_read_ContextSimple(data, 0, &tmp_blob)) {
> + if (!asn1_read_ContextSimple(data, msg, 0, &tmp_blob)) {
> goto prot_err;
> }
> r->oid = blob2string_talloc(msg, tmp_blob);
> @@ -1511,7 +1511,7 @@ _PUBLIC_ NTSTATUS ldap_decode(struct asn1_data *data,
> }
>
> if (asn1_peek_tag(data, ASN1_CONTEXT_SIMPLE(1))) {
> - if (!asn1_read_ContextSimple(data, 1, &tmp_blob)) goto prot_err;
> + if (!asn1_read_ContextSimple(data, msg, 1, &tmp_blob)) goto prot_err;
> r->value = talloc(msg, DATA_BLOB);
> if (!r->value) {
> return NT_STATUS_LDAP(LDAP_OPERATIONS_ERROR);
> @@ -1535,7 +1535,7 @@ _PUBLIC_ NTSTATUS ldap_decode(struct asn1_data *data,
> if (!ldap_decode_response(msg, data, &r->response)) goto prot_err;
>
> if (asn1_peek_tag(data, ASN1_CONTEXT_SIMPLE(10))) {
> - if (!asn1_read_ContextSimple(data, 1, &tmp_blob)) goto prot_err;
> + if (!asn1_read_ContextSimple(data, msg, 1, &tmp_blob)) goto prot_err;
> r->oid = blob2string_talloc(msg, tmp_blob);
> data_blob_free(&tmp_blob);
> if (!r->oid) {
> @@ -1546,7 +1546,7 @@ _PUBLIC_ NTSTATUS ldap_decode(struct asn1_data *data,
> }
>
> if (asn1_peek_tag(data, ASN1_CONTEXT_SIMPLE(11))) {
> - if (!asn1_read_ContextSimple(data, 1, &tmp_blob)) goto prot_err;
> + if (!asn1_read_ContextSimple(data, msg, 1, &tmp_blob)) goto prot_err;
> r->value = talloc(msg, DATA_BLOB);
> if (!r->value) {
> return NT_STATUS_LDAP(LDAP_OPERATIONS_ERROR);
> --
> 2.5.0
>
>
> From d01df4b546dd496bfeeb49a533753649a4ca7441 Mon Sep 17 00:00:00 2001
> From: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
> Date: Fri, 4 Mar 2016 14:46:46 +1300
> Subject: [PATCH 08/11] ldap VLV: correct ASN1 parsing of VLV requests
>
> As with the encoding, the ASN1_CONTEXT tag isn't followed by an
> ASN1_SEQUENCE, though you wouldn't think that from reading the
> specification.
>
> Pair-programmed-with: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
> ---
> source4/libcli/ldap/ldap_controls.c | 25 +++++--------------------
> 1 file changed, 5 insertions(+), 20 deletions(-)
>
> diff --git a/source4/libcli/ldap/ldap_controls.c b/source4/libcli/ldap/ldap_controls.c
> index 98e690d..4192e42 100644
> --- a/source4/libcli/ldap/ldap_controls.c
> +++ b/source4/libcli/ldap/ldap_controls.c
> @@ -117,9 +117,9 @@ static bool decode_server_sort_request(void *mem_ctx, DATA_BLOB in, void *_out)
> if (!lssc [num]->attributeName) {
> return false;
> }
> -
> - if (asn1_peek_tag(data, ASN1_OCTET_STRING)) {
> - if (!asn1_read_OctetString(data, mem_ctx, &rule)) {
> +
> + if (asn1_peek_tag(data, ASN1_CONTEXT_SIMPLE(0))) {
> + if (!asn1_read_ContextSimple(data, mem_ctx, 0, &rule)) {
> return false;
> }
> lssc[num]->orderingRule = talloc_strndup(lssc[num], (const char *)rule.data, rule.length);
> @@ -557,12 +557,8 @@ static bool decode_vlv_request(void *mem_ctx, DATA_BLOB in, void *_out)
> if (asn1_peek_tag(data, ASN1_CONTEXT(0))) {
>
> lvrc->type = 0;
> -
> - if (!asn1_start_tag(data, ASN1_CONTEXT(0))) {
> - return false;
> - }
>
> - if (!asn1_start_tag(data, ASN1_SEQUENCE(0))) {
> + if (!asn1_start_tag(data, ASN1_CONTEXT(0))) {
> return false;
> }
>
> @@ -574,10 +570,6 @@ static bool decode_vlv_request(void *mem_ctx, DATA_BLOB in, void *_out)
> return false;
> }
>
> - if (!asn1_end_tag(data)) { /*SEQUENCE*/
> - return false;
> - }
> -
> if (!asn1_end_tag(data)) { /*CONTEXT*/
> return false;
> }
> @@ -586,13 +578,10 @@ static bool decode_vlv_request(void *mem_ctx, DATA_BLOB in, void *_out)
>
> lvrc->type = 1;
>
> - if (!asn1_start_tag(data, ASN1_CONTEXT_SIMPLE(1))) {
> + if (!asn1_read_ContextSimple(data, mem_ctx, 1, &assertion_value)){
> return false;
> }
>
> - if (!asn1_read_OctetString(data, mem_ctx, &assertion_value)) {
> - return false;
> - }
> lvrc->match.gtOrEq.value_len = assertion_value.length;
> if (lvrc->match.gtOrEq.value_len) {
> lvrc->match.gtOrEq.value = talloc_memdup(lvrc, assertion_value.data, assertion_value.length);
> @@ -603,10 +592,6 @@ static bool decode_vlv_request(void *mem_ctx, DATA_BLOB in, void *_out)
> } else {
> lvrc->match.gtOrEq.value = NULL;
> }
> -
> - if (!asn1_end_tag(data)) { /*CONTEXT*/
> - return false;
> - }
> }
>
> if (asn1_peek_tag(data, ASN1_OCTET_STRING)) {
> --
> 2.5.0
>
>
> From a1a98f25dbda61dc7be9d57b10de16b364ac619a Mon Sep 17 00:00:00 2001
> From: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
> Date: Tue, 26 Jan 2016 13:33:15 +1300
> Subject: [PATCH 09/11] ldb controls: use uint8_t* for contextID binary blob
>
> It is never a readable string.
>
> Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
> Signed-off-by: Garming Sam <garming at catalyst.net.nz>
> ---
> lib/ldb/common/ldb_controls.c | 5 ++---
> lib/ldb/include/ldb.h | 4 ++--
> 2 files changed, 4 insertions(+), 5 deletions(-)
>
> diff --git a/lib/ldb/common/ldb_controls.c b/lib/ldb/common/ldb_controls.c
> index c760540..343c813 100644
> --- a/lib/ldb/common/ldb_controls.c
> +++ b/lib/ldb/common/ldb_controls.c
> @@ -311,10 +311,9 @@ char *ldb_control_to_string(TALLOC_CTX *mem_ctx, const struct ldb_control *contr
> struct ldb_vlv_resp_control);
>
> char *cookie;
> - const uint8_t *c = (uint8_t*) rep_control->contextId;
>
> cookie = ldb_base64_encode(mem_ctx,
> - rep_control->contextId,
> + (char *)rep_control->contextId,
> rep_control->ctxid_len);
And here...
>
> res = talloc_asprintf(mem_ctx, "%s:%d:%d:%d:%d:%s",
> @@ -497,7 +496,7 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO
> }
> if (ctxid[0]) {
> control->ctxid_len = ldb_base64_decode(ctxid);
> - control->contextId = (char *)talloc_memdup(control, ctxid, control->ctxid_len);
> + control->contextId = talloc_memdup(control, ctxid, control->ctxid_len);
> } else {
> control->ctxid_len = 0;
> control->contextId = NULL;
> diff --git a/lib/ldb/include/ldb.h b/lib/ldb/include/ldb.h
> index e715b92..7422d46 100644
> --- a/lib/ldb/include/ldb.h
> +++ b/lib/ldb/include/ldb.h
> @@ -849,7 +849,7 @@ struct ldb_vlv_req_control {
> } gtOrEq;
> } match;
> int ctxid_len;
> - char *contextId;
> + uint8_t *contextId;
> };
>
> struct ldb_vlv_resp_control {
> @@ -857,7 +857,7 @@ struct ldb_vlv_resp_control {
> int contentCount;
> int vlv_result;
> int ctxid_len;
> - char *contextId;
> + uint8_t *contextId;
> };
>
> struct ldb_verify_name_control {
> --
> 2.5.0
>
>
> From 0cc6d56ac25c72f0f81b2e263b39510e49ab05cb Mon Sep 17 00:00:00 2001
> From: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
> Date: Mon, 11 Jan 2016 11:36:07 +1300
> Subject: [PATCH 10/11] asn1: make readContextSimple() add a NUL byte
>
> Pair-programmed-with: Garming Sam <garming at catalyst.net.nz>
> Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
> ---
> lib/util/asn1.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/lib/util/asn1.c b/lib/util/asn1.c
> index d81e50f..d3b46aa 100644
> --- a/lib/util/asn1.c
> +++ b/lib/util/asn1.c
> @@ -938,12 +938,14 @@ bool asn1_read_ContextSimple(struct asn1_data *data, TALLOC_CTX *mem_ctx, uint8_
> data->has_error = true;
> return false;
> }
> - *blob = data_blob_talloc(mem_ctx, NULL, len);
> + *blob = data_blob_talloc(mem_ctx, NULL, len + 1);
> if ((len != 0) && (!blob->data)) {
> data->has_error = true;
> return false;
> }
> if (!asn1_read(data, blob->data, len)) return false;
> + blob->length--;
> + blob->data[len] = 0;
> return asn1_end_tag(data);
> }
>
> --
> 2.5.0
>
>
> From f28a71f648dbba3f73f28dd54d1b843dcbb50b24 Mon Sep 17 00:00:00 2001
> From: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
> Date: Fri, 29 Jan 2016 17:47:45 +1300
> Subject: [PATCH 11/11] ldb_controls: add base64 option to VLV
>
> The Samba control syntax limits the range of valid search terms for
> VLV's gt_eq mode. To get around that, we allow base64 encoded strings
> using the syntax 'base64>=Zm9vCg==' rather than '>=foo'.
>
> Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
> ---
> lib/ldb/common/ldb_controls.c | 18 +++++++++++++++---
> 1 file changed, 15 insertions(+), 3 deletions(-)
>
> diff --git a/lib/ldb/common/ldb_controls.c b/lib/ldb/common/ldb_controls.c
> index 343c813..7da0cf0 100644
> --- a/lib/ldb/common/ldb_controls.c
> +++ b/lib/ldb/common/ldb_controls.c
> @@ -462,13 +462,25 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO
> ctxid[0] = '\0';
> p = &(control_strings[sizeof(LDB_CONTROL_VLV_REQ_NAME)]);
> ret = sscanf(p, "%d:%d:%d:%d:%d:%1023[^$]", &crit, &bc, &ac, &os, &cc, ctxid);
> - if (ret < 5) {
> + /* We allow 2 ways to encode the GT_EQ case, because the
> + comparison string might contain null bytes or colons, which
> + would break sscanf (or indeed any parsing mechanism). */
> + if (ret == 3) {
> ret = sscanf(p, "%d:%d:%d:>=%1023[^:]:%1023[^$]", &crit, &bc, &ac, attr, ctxid);
> }
> -
> + if (ret == 3) {
> + int len;
> + ret = sscanf(p, "%d:%d:%d:base64>=%1023[^:]:%1023[^$]", &crit, &bc, &ac, attr, ctxid);
> + len = ldb_base64_decode(attr);
> + if (len < 0) {
> + ret = -1;
> + }
> + }
> +
> if ((ret < 4) || (crit < 0) || (crit > 1)) {
> error_string = talloc_asprintf(mem_ctx, "invalid VLV control syntax\n");
> - error_string = talloc_asprintf_append(error_string, " syntax: crit(b):bc(n):ac(n):<os(n):cc(n)|attr(s)>[:ctxid(o)]\n");
> + error_string = talloc_asprintf_append(error_string, " syntax: crit(b):bc(n):ac(n):"
> + "{os(n):cc(n)|>=val(s)|base64>=val(o)}[:ctxid(o)]\n");
> error_string = talloc_asprintf_append(error_string, " note: b = boolean, n = number, s = string, o = b64 binary blob");
> ldb_set_errstring(ldb, error_string);
> talloc_free(error_string);
> --
> 2.5.0
>
More information about the samba-technical
mailing list