[PATCH] Fix LDAPv2 unescaping in TLDAP
Andreas Schneider
asn at samba.org
Mon Feb 19 11:34:29 UTC 2018
Hi,
Andrew requested a test for the missing 'break' in the tldap unescaping
function for LDADv2 escaping. The attached patches adds the missing break
which the compiler complains about, adds code comments and a test for LDAPv3
and LDAPv3 filter escaping.
Please review.
Thanks,
Andreas
--
Andreas Schneider GPG-ID: CC014E3D
Samba Team asn at samba.org
www.samba.org
-------------- next part --------------
>From c923f6182dcdb802f4e73c6e0b137d19cf524916 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn at samba.org>
Date: Wed, 26 Jul 2017 17:48:34 +0200
Subject: [PATCH 1/3] s3:tldap: Fix parsing LDAPv2 escaped strings
Yes, this is outdated, but the missing 'break' produces a compiler
warning.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Simo Sorce <idra at samba.org>
---
source3/lib/tldap.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/source3/lib/tldap.c b/source3/lib/tldap.c
index 40064fdeeed..33a852446b9 100644
--- a/source3/lib/tldap.c
+++ b/source3/lib/tldap.c
@@ -1295,6 +1295,8 @@ static bool tldap_unescape_inplace(char *value, size_t *val_len)
case '\\':
value[p] = value[i];
p++;
+
+ break;
default:
/* invalid */
return false;
--
2.16.1
>From fbadeccd65f5828598b1ed76bb2887fc5bf7d4b4 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn at samba.org>
Date: Mon, 19 Feb 2018 12:29:55 +0100
Subject: [PATCH 2/3] s3:tldap: Comment code for to LDAP escaping version
Signed-off-by: Andreas Schneider <asn at samba.org>
---
source3/lib/tldap.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/source3/lib/tldap.c b/source3/lib/tldap.c
index 33a852446b9..205a9cf2b06 100644
--- a/source3/lib/tldap.c
+++ b/source3/lib/tldap.c
@@ -1280,6 +1280,7 @@ static bool tldap_unescape_inplace(char *value, size_t *val_len)
}
i++;
+ /* LDAPv3 escaped */
c = tldap_hex2char(&value[i]);
if (c >= 0 && c < 256) {
value[p] = c;
@@ -1288,6 +1289,7 @@ static bool tldap_unescape_inplace(char *value, size_t *val_len)
break;
}
+ /* LDAPv2 escaped */
switch (value[i]) {
case '(':
case ')':
--
2.16.1
>From 6854570ae321a6018cbb8d0fa713c91f1028444d Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn at samba.org>
Date: Mon, 19 Feb 2018 12:08:26 +0100
Subject: [PATCH 3/3] tests: Add tests for parsing LDAPv3 and LDAPv2 filter
strings
Signed-off-by: Andreas Schneider <asn at samba.org>
---
selftest/tests.py | 3 +++
source3/lib/test_tldap.c | 62 ++++++++++++++++++++++++++++++++++++++++++++++++
source3/wscript_build | 10 ++++++++
3 files changed, 75 insertions(+)
create mode 100644 source3/lib/test_tldap.c
diff --git a/selftest/tests.py b/selftest/tests.py
index ec48b03c5f6..be1be459f39 100644
--- a/selftest/tests.py
+++ b/selftest/tests.py
@@ -180,3 +180,6 @@ if with_cmocka:
plantestsuite("samba.unittests.smb1cli_session", "none",
[os.path.join(bindir(), "default/libcli/smb/test_smb1cli_session")])
+
+ plantestsuite("samba.unittests.tldap", "none",
+ [os.path.join(bindir(), "default/source3/test_tldap")])
diff --git a/source3/lib/test_tldap.c b/source3/lib/test_tldap.c
new file mode 100644
index 00000000000..a6c2f2117cb
--- /dev/null
+++ b/source3/lib/test_tldap.c
@@ -0,0 +1,62 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * Test suite for ldap client
+ *
+ * Copyright (C) 2018 Andreas Schneider <asn at samba.org>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <stdarg.h>
+#include <stddef.h>
+#include <setjmp.h>
+#include <cmocka.h>
+
+#include "source3/lib/tldap.c"
+
+static void test_tldap_unescape_ldapv3(void **state)
+{
+ const char *unescaped_dn = "(&(objectclass=group)(cn=Samba*))";
+ char dn[] = "\\28&\\28objectclass=group\\29\\28cn=Samba\\2a\\29\\29";
+ size_t dnlen = sizeof(dn);
+ bool ok;
+
+ ok = tldap_unescape_inplace(dn, &dnlen);
+ assert_true(ok);
+
+ assert_string_equal(dn, unescaped_dn);
+}
+
+static void test_tldap_unescape_ldapv2(void **state)
+{
+ const char *unescaped_dn = "(&(objectclass=group)(cn=Samba*))";
+ char dn[] = "\\(&\\(objectclass=group\\)\\(cn=Samba\\*\\)\\)";
+ size_t dnlen = sizeof(dn);
+ bool ok;
+
+ ok = tldap_unescape_inplace(dn, &dnlen);
+ assert_true(ok);
+
+ assert_string_equal(dn, unescaped_dn);
+}
+
+int main(void) {
+ const struct CMUnitTest tests[] = {
+ cmocka_unit_test(test_tldap_unescape_ldapv3),
+ cmocka_unit_test(test_tldap_unescape_ldapv2)
+ };
+
+ cmocka_set_message_output(CM_OUTPUT_SUBUNIT);
+ return cmocka_run_group_tests(tests, NULL, NULL);
+}
diff --git a/source3/wscript_build b/source3/wscript_build
index 76c5d6e203b..d5ac7a280cb 100644
--- a/source3/wscript_build
+++ b/source3/wscript_build
@@ -106,6 +106,16 @@ bld.SAMBA3_SUBSYSTEM('TLDAP',
samba3util
''')
+bld.SAMBA3_BINARY('test_tldap',
+ source='lib/test_tldap.c',
+ deps='''
+ asn1util
+ LIBTSOCKET
+ samba3util
+ smbconf
+ cmocka
+ ''')
+
# libpdb.so should not expose internal symbols that are only usable
# to the statically linked modules that are merged into libpdb.
# Note that we always filter these symbols out in libpdb, even
--
2.16.1
More information about the samba-technical
mailing list