sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-09-06 17:44:20 +03:00
Code Activity

CVE-2023-0614 ldb: Add function to filter message in place

Browse Source 
At present this function is an exact duplicate of ldb_filter_attrs(),
but in the next commit we shall modify it to work in place, without the
need for the allocation of a second message.

The test is a near duplicate of the existing test for
ldb_filter_attrs().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Joseph Sutton
2023-03-03 17:29:03 +13:00
committed by Andrew Bartlett
parent 784a342785
commit 131d417604
5 changed files with 1149 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
lib/ldb/ABI/ldb-2.8.0.sigs
View File

@@ -86,6 +86,7 @@ ldb_errstring: const char *(struct ldb_context *)
ldb_extended: int (struct ldb_context *, const char *, void *, struct ldb_result **) ldb_extended: int (struct ldb_context *, const char *, void *, struct ldb_result **)
ldb_extended_default_callback: int (struct ldb_request *, struct ldb_reply *) ldb_extended_default_callback: int (struct ldb_request *, struct ldb_reply *)
ldb_filter_attrs: int (struct ldb_context *, const struct ldb_message *, const char * const *, struct ldb_message *) ldb_filter_attrs: int (struct ldb_context *, const struct ldb_message *, const char * const *, struct ldb_message *)
ldb_filter_attrs_in_place: int (struct ldb_context *, const struct ldb_message *, const char * const *, struct ldb_message *)
ldb_filter_from_tree: char *(TALLOC_CTX *, const struct ldb_parse_tree *) ldb_filter_from_tree: char *(TALLOC_CTX *, const struct ldb_parse_tree *)
ldb_get_config_basedn: struct ldb_dn *(struct ldb_context *) ldb_get_config_basedn: struct ldb_dn *(struct ldb_context *)
ldb_get_create_perms: unsigned int (struct ldb_context *) ldb_get_create_perms: unsigned int (struct ldb_context *)

143
lib/ldb/common/ldb_pack.c
View File

@@ -1262,6 +1262,149 @@ failed:
return -1; return -1;
} }
/*
* filter the specified list of attributes from msg,
* adding requested attributes, and perhaps all for *,
* but not the DN to filtered_msg.
*/
int ldb_filter_attrs_in_place(struct ldb_context *ldb,
const struct ldb_message *msg,
const char *const *attrs,
struct ldb_message *filtered_msg)
{
unsigned int i;
bool keep_all = false;
bool add_dn = false;
uint32_t num_elements;
uint32_t elements_size;
if (attrs) {
/* check for special attrs */
for (i = 0; attrs[i]; i++) {
int cmp = strcmp(attrs[i], "*");
if (cmp == 0) {
keep_all = true;
break;
}
cmp = ldb_attr_cmp(attrs[i], "distinguishedName");
if (cmp == 0) {
add_dn = true;
}
}
} else {
keep_all = true;
}
if (keep_all) {
add_dn = true;
elements_size = msg->num_elements + 1;
/* Shortcuts for the simple cases */
} else if (add_dn && i == 1) {
if (ldb_msg_add_distinguished_name(filtered_msg) != 0) {
goto failed;
}
return 0;
} else if (i == 0) {
return 0;
/*
* Otherwise we are copying at most as many elements as we
* have attributes
*/
} else {
elements_size = i;
}
filtered_msg->elements = talloc_array(filtered_msg,
struct ldb_message_element,
elements_size);
if (filtered_msg->elements == NULL) goto failed;
num_elements = 0;
for (i = 0; i < msg->num_elements; i++) {
struct ldb_message_element *el = &msg->elements[i];
/*
* el2 is assigned after the Pigeonhole principle
* check below for clarity
*/
struct ldb_message_element *el2 = NULL;
unsigned int j;
if (keep_all == false) {
bool found = false;
for (j = 0; attrs[j]; j++) {
int cmp = ldb_attr_cmp(el->name, attrs[j]);
if (cmp == 0) {
found = true;
break;
}
}
if (found == false) {
continue;
}
}
/*
* Pigeonhole principle: we can't have more elements
* than the number of attributes if they are unique in
* the DB.
*/
if (num_elements >= elements_size) {
goto failed;
}
el2 = &filtered_msg->elements[num_elements];
*el2 = *el;
el2->name = talloc_strdup(filtered_msg->elements,
el->name);
if (el2->name == NULL) {
goto failed;
}
el2->values = talloc_array(filtered_msg->elements,
struct ldb_val, el->num_values);
if (el2->values == NULL) {
goto failed;
}
for (j=0;j<el->num_values;j++) {
el2->values[j] = ldb_val_dup(el2->values, &el->values[j]);
if (el2->values[j].data == NULL && el->values[j].length != 0) {
goto failed;
}
}
num_elements++;
}
filtered_msg->num_elements = num_elements;
if (add_dn) {
if (ldb_msg_add_distinguished_name(filtered_msg) != 0) {
goto failed;
}
}
if (filtered_msg->num_elements > 0) {
filtered_msg->elements
= talloc_realloc(filtered_msg,
filtered_msg->elements,
struct ldb_message_element,
filtered_msg->num_elements);
if (filtered_msg->elements == NULL) {
goto failed;
}
} else {
TALLOC_FREE(filtered_msg->elements);
}
return 0;
failed:
TALLOC_FREE(filtered_msg->elements);
return -1;
}
/* Have an unpacked ldb message take talloc ownership of its elements. */ /* Have an unpacked ldb message take talloc ownership of its elements. */
int ldb_msg_elements_take_ownership(struct ldb_message *msg) int ldb_msg_elements_take_ownership(struct ldb_message *msg)
{ {

10
lib/ldb/include/ldb_module.h
View File

@@ -543,6 +543,16 @@ int ldb_filter_attrs(struct ldb_context *ldb,
const char *const *attrs, const char *const *attrs,
struct ldb_message *filtered_msg); struct ldb_message *filtered_msg);
/*
* filter the specified list of attributes from msg,
* adding requested attributes, and perhaps all for *,
* but not the DN to filtered_msg.
*/
int ldb_filter_attrs_in_place(struct ldb_context *ldb,
const struct ldb_message *msg,
const char *const *attrs,
struct ldb_message *filtered_msg);
/* Have an unpacked ldb message take talloc ownership of its elements. */ /* Have an unpacked ldb message take talloc ownership of its elements. */
int ldb_msg_elements_take_ownership(struct ldb_message *msg); int ldb_msg_elements_take_ownership(struct ldb_message *msg);

989
lib/ldb/tests/ldb_filter_attrs_in_place_test.c Normal file
View File

@@ -0,0 +1,989 @@
/*
* Tests exercising ldb_filter_attrs_in_place().
*
*
* Copyright (C) Catalyst.NET Ltd 2017
* Copyright (C) Andrew Bartlett <abartlet@samba.org> 2019
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
/*
* from cmocka.c:
* These headers or their equivalents should be included prior to
* including
* this header file.
*
* #include <stdarg.h>
* #include <stddef.h>
* #include <setjmp.h>
*
* This allows test applications to use custom definitions of C standard
* library functions and types.
*/
#include <stdarg.h>
#include <stddef.h>
#include <stdint.h>
#include <string.h>
#include <setjmp.h>
#include <cmocka.h>
#include "../include/ldb.h"
#include "../include/ldb_module.h"
struct ldbtest_ctx {
struct tevent_context *ev;
struct ldb_context *ldb;
};
/*
* NOTE WELL:
*
* This test checks the current behaviour of the function, however
* this is not in a public ABI and many of the tested behaviours are
* not ideal. If the behaviour is deliberatly improved, this test
* should be updated without worry to the new better behaviour.
*
* In particular the test is particularly to ensure the current
* behaviour is memory-safe.
*/
static int setup(void **state)
{
struct ldbtest_ctx *test_ctx;
test_ctx = talloc_zero(NULL, struct ldbtest_ctx);
assert_non_null(test_ctx);
test_ctx->ev = tevent_context_init(test_ctx);
assert_non_null(test_ctx->ev);
test_ctx->ldb = ldb_init(test_ctx, test_ctx->ev);
assert_non_null(test_ctx->ldb);
*state = test_ctx;
return 0;
}
static int teardown(void **state)
{
talloc_free(*state);
return 0;
}
/*
* Test against a record with only one attribute, matching the one in
* the list
*/
static void test_filter_attrs_one_attr_matched(void **state)
{
struct ldbtest_ctx *ctx = *state;
int ret;
struct ldb_message *filtered_msg = ldb_msg_new(ctx);
const char *attrs[] = {"foo", NULL};
char value[] = "The value.......end";
struct ldb_val value_1 = {
.data = (uint8_t *)value,
.length = strlen(value)
};
struct ldb_message_element element_1 = {
.name = "foo",
.num_values = 1,
.values = &value_1
};
struct ldb_message in = {
.dn = ldb_dn_new(ctx, ctx->ldb, "dc=samba,dc=org"),
.num_elements = 1,
.elements = &element_1,
};
assert_non_null(in.dn);
ret = ldb_filter_attrs_in_place(ctx->ldb,
&in,
attrs,
filtered_msg);
assert_int_equal(ret, LDB_SUCCESS);
assert_non_null(filtered_msg);
/*
* assert the ldb_filter_attrs_in_place does not read or modify
* filtered_msg.dn in this case
*/
assert_null(filtered_msg->dn);
assert_int_equal(filtered_msg->num_elements, 1);
assert_string_equal(filtered_msg->elements[0].name, "foo");
assert_int_equal(filtered_msg->elements[0].num_values, 1);
assert_int_equal(filtered_msg->elements[0].values[0].length,
strlen(value));
assert_memory_equal(filtered_msg->elements[0].values[0].data,
value, strlen(value));
}
/*
* Test against a record with only one attribute, matching the one of
* the multiple attributes in the list
*/
static void test_filter_attrs_one_attr_matched_of_many(void **state)
{
struct ldbtest_ctx *ctx = *state;
int ret;
struct ldb_message *filtered_msg = ldb_msg_new(ctx);
const char *attrs[] = {"foo", "bar", "baz", NULL};
char value[] = "The value.......end";
struct ldb_val value_1 = {
.data = (uint8_t *)value,
.length = strlen(value)
};
struct ldb_message_element element_1 = {
.name = "foo",
.num_values = 1,
.values = &value_1
};
struct ldb_message in = {
.dn = ldb_dn_new(ctx, ctx->ldb, "dc=samba,dc=org"),
.num_elements = 1,
.elements = &element_1,
};
assert_non_null(in.dn);
ret = ldb_filter_attrs_in_place(ctx->ldb,
&in,
attrs,
filtered_msg);
assert_int_equal(ret, LDB_SUCCESS);
assert_non_null(filtered_msg);
/*
* assert the ldb_filter_attrs_in_place does not read or modify
* filtered_msg.dn in this case
*/
assert_null(filtered_msg->dn);
assert_int_equal(filtered_msg->num_elements, 1);
assert_string_equal(filtered_msg->elements[0].name, "foo");
assert_int_equal(filtered_msg->elements[0].num_values, 1);
assert_int_equal(filtered_msg->elements[0].values[0].length,
strlen(value));
assert_memory_equal(filtered_msg->elements[0].values[0].data,
value, strlen(value));
}
/*
* Test against a record with only one attribute, matching both
* attributes in the list
*/
static void test_filter_attrs_two_attr_matched_attrs(void **state)
{
struct ldbtest_ctx *ctx = *state;
int ret;
struct ldb_message *filtered_msg = ldb_msg_new(ctx);
/* deliberatly the other order */
const char *attrs[] = {"bar", "foo", NULL};
char value1[] = "The value.......end";
char value2[] = "The value..MUST.end";
struct ldb_val value_1 = {
.data = (uint8_t *)value1,
.length = strlen(value1)
};
struct ldb_val value_2 = {
.data = (uint8_t *)value2,
.length = strlen(value2)
};
/* foo and bar are the other order to in attrs */
struct ldb_message_element elements[] = {
{
.name = "foo",
.num_values = 1,
.values = &value_1
},
{
.name = "bar",
.num_values = 1,
.values = &value_2
}
};
struct ldb_message in = {
.dn = ldb_dn_new(ctx, ctx->ldb, "dc=samba,dc=org"),
.num_elements = 2,
.elements = elements,
};
assert_non_null(in.dn);
ret = ldb_filter_attrs_in_place(ctx->ldb,
&in,
attrs,
filtered_msg);
assert_int_equal(ret, LDB_SUCCESS);
assert_non_null(filtered_msg);
assert_int_equal(filtered_msg->num_elements, 2);
/*
* assert the ldb_filter_attrs_in_place does not read or modify
* filtered_msg.dn in this case
*/
assert_null(filtered_msg->dn);
/* Assert that DB order is preserved */
assert_string_equal(filtered_msg->elements[0].name, "foo");
assert_int_equal(filtered_msg->elements[0].num_values, 1);
assert_int_equal(filtered_msg->elements[0].values[0].length,
strlen(value1));
assert_memory_equal(filtered_msg->elements[0].values[0].data,
value1, strlen(value1));
assert_string_equal(filtered_msg->elements[1].name, "bar");
assert_int_equal(filtered_msg->elements[1].num_values, 1);
assert_int_equal(filtered_msg->elements[1].values[0].length,
strlen(value2));
assert_memory_equal(filtered_msg->elements[1].values[0].data,
value2, strlen(value2));
}
/*
* Test against a record with two attributes, only of which is in
* the list
*/
static void test_filter_attrs_two_attr_matched_one_attr(void **state)
{
struct ldbtest_ctx *ctx = *state;
int ret;
struct ldb_message *filtered_msg = ldb_msg_new(ctx);
/* deliberatly the other order */
const char *attrs[] = {"bar", NULL};
char value1[] = "The value.......end";
char value2[] = "The value..MUST.end";
struct ldb_val value_1 = {
.data = (uint8_t *)value1,
.length = strlen(value1)
};
struct ldb_val value_2 = {
.data = (uint8_t *)value2,
.length = strlen(value2)
};
/* foo and bar are the other order to in attrs */
struct ldb_message_element elements[] = {
{
.name = "foo",
.num_values = 1,
.values = &value_1
},
{
.name = "bar",
.num_values = 1,
.values = &value_2
}
};
struct ldb_message in = {
.dn = ldb_dn_new(ctx, ctx->ldb, "dc=samba,dc=org"),
.num_elements = 2,
.elements = elements,
};
assert_non_null(in.dn);
ret = ldb_filter_attrs_in_place(ctx->ldb,
&in,
attrs,
filtered_msg);
assert_int_equal(ret, LDB_SUCCESS);
assert_non_null(filtered_msg);
assert_int_equal(filtered_msg->num_elements, 1);
/*
* assert the ldb_filter_attrs_in_place does not read or modify
* filtered_msg.dn in this case
*/
assert_null(filtered_msg->dn);
/* Assert that DB order is preserved */
assert_string_equal(filtered_msg->elements[0].name, "bar");
assert_int_equal(filtered_msg->elements[0].num_values, 1);
assert_int_equal(filtered_msg->elements[0].values[0].length,
strlen(value2));
assert_memory_equal(filtered_msg->elements[0].values[0].data,
value2, strlen(value2));
}
/*
* Test against a record with two attributes, both matching the one
* specified attribute in the list (a corrupt record)
*/
static void test_filter_attrs_two_dup_attr_matched_one_attr(void **state)
{
struct ldbtest_ctx *ctx = *state;
int ret;
struct ldb_message *filtered_msg = ldb_msg_new(ctx);
/* deliberatly the other order */
const char *attrs[] = {"bar", NULL};
char value1[] = "The value.......end";
char value2[] = "The value..MUST.end";
struct ldb_val value_1 = {
.data = (uint8_t *)value1,
.length = strlen(value1)
};
struct ldb_val value_2 = {
.data = (uint8_t *)value2,
.length = strlen(value2)
};
/* foo and bar are the other order to in attrs */
struct ldb_message_element elements[] = {
{
.name = "bar",
.num_values = 1,
.values = &value_1
},
{
.name = "bar",
.num_values = 1,
.values = &value_2
}
};
struct ldb_message in = {
.dn = ldb_dn_new(ctx, ctx->ldb, "dc=samba,dc=org"),
.num_elements = 2,
.elements = elements,
};
assert_non_null(in.dn);
ret = ldb_filter_attrs_in_place(ctx->ldb,
&in,
attrs,
filtered_msg);
/* This should fail the pidgenhole test */
assert_int_equal(ret, -1);
assert_null(filtered_msg->elements);
}
/*
* Test against a record with two attributes, both matching the one
* specified attribute in the list (a corrupt record)
*/
static void test_filter_attrs_two_dup_attr_matched_dup(void **state)
{
struct ldbtest_ctx *ctx = *state;
int ret;
struct ldb_message *filtered_msg = ldb_msg_new(ctx);
const char *attrs[] = {"bar", "bar", NULL};
char value1[] = "The value.......end";
char value2[] = "The value..MUST.end";
struct ldb_val value_1 = {
.data = (uint8_t *)value1,
.length = strlen(value1)
};
struct ldb_val value_2 = {
.data = (uint8_t *)value2,
.length = strlen(value2)
};
/* foo and bar are the other order to in attrs */
struct ldb_message_element elements[] = {
{
.name = "bar",
.num_values = 1,
.values = &value_1
},
{
.name = "bar",
.num_values = 1,
.values = &value_2
}
};
struct ldb_message in = {
.dn = ldb_dn_new(ctx, ctx->ldb, "dc=samba,dc=org"),
.num_elements = 2,
.elements = elements,
};
assert_non_null(in.dn);
ret = ldb_filter_attrs_in_place(ctx->ldb,
&in,
attrs,
filtered_msg);
/* This does not fail the pidgenhole test */
assert_int_equal(ret, LDB_SUCCESS);
assert_int_equal(filtered_msg->num_elements, 2);
/* Assert that DB order is preserved */
assert_string_equal(filtered_msg->elements[0].name, "bar");
assert_int_equal(filtered_msg->elements[0].num_values, 1);
assert_int_equal(filtered_msg->elements[0].values[0].length,
strlen(value1));
assert_memory_equal(filtered_msg->elements[0].values[0].data,
value1, strlen(value1));
assert_string_equal(filtered_msg->elements[1].name, "bar");
assert_int_equal(filtered_msg->elements[1].num_values, 1);
assert_int_equal(filtered_msg->elements[1].values[0].length,
strlen(value2));
assert_memory_equal(filtered_msg->elements[1].values[0].data,
value2, strlen(value2));
}
/*
* Test against a record with two attributes, both matching one of the
* specified attributes in the list (a corrupt record)
*/
static void test_filter_attrs_two_dup_attr_matched_one_of_two(void **state)
{
struct ldbtest_ctx *ctx = *state;
int ret;
struct ldb_message *filtered_msg = ldb_msg_new(ctx);
const char *attrs[] = {"bar", "foo", NULL};
char value1[] = "The value.......end";
char value2[] = "The value..MUST.end";
struct ldb_val value_1 = {
.data = (uint8_t *)value1,
.length = strlen(value1)
};
struct ldb_val value_2 = {
.data = (uint8_t *)value2,
.length = strlen(value2)
};
/* foo and bar are the other order to in attrs */
struct ldb_message_element elements[] = {
{
.name = "bar",
.num_values = 1,
.values = &value_1
},
{
.name = "bar",
.num_values = 1,
.values = &value_2
}
};
struct ldb_message in = {
.dn = ldb_dn_new(ctx, ctx->ldb, "dc=samba,dc=org"),
.num_elements = 2,
.elements = elements,
};
assert_non_null(in.dn);
ret = ldb_filter_attrs_in_place(ctx->ldb,
&in,
attrs,
filtered_msg);
/* This does not fail the pidgenhole test */
assert_int_equal(ret, LDB_SUCCESS);
assert_int_equal(filtered_msg->num_elements, 2);
/* Assert that DB order is preserved */
assert_string_equal(filtered_msg->elements[0].name, "bar");
assert_int_equal(filtered_msg->elements[0].num_values, 1);
assert_int_equal(filtered_msg->elements[0].values[0].length,
strlen(value1));
assert_memory_equal(filtered_msg->elements[0].values[0].data,
value1, strlen(value1));
assert_string_equal(filtered_msg->elements[1].name, "bar");
assert_int_equal(filtered_msg->elements[1].num_values, 1);
assert_int_equal(filtered_msg->elements[1].values[0].length,
strlen(value2));
assert_memory_equal(filtered_msg->elements[1].values[0].data,
value2, strlen(value2));
}
/*
* Test against a record with two attributes against * (but not the
* other named attribute) (a corrupt record)
*/
static void test_filter_attrs_two_dup_attr_matched_star(void **state)
{
struct ldbtest_ctx *ctx = *state;
int ret;
struct ldb_message *filtered_msg = ldb_msg_new(ctx);
const char *attrs[] = {"*", "foo", NULL};
char value1[] = "The value.......end";
char value2[] = "The value..MUST.end";
struct ldb_val value_1 = {
.data = (uint8_t *)value1,
.length = strlen(value1)
};
struct ldb_val value_2 = {
.data = (uint8_t *)value2,
.length = strlen(value2)
};
/* foo and bar are the other order to in attrs */
struct ldb_message_element elements[] = {
{
.name = "bar",
.num_values = 1,
.values = &value_1
},
{
.name = "bar",
.num_values = 1,
.values = &value_2
}
};
struct ldb_message in = {
.dn = ldb_dn_new(ctx, ctx->ldb, "dc=samba,dc=org"),
.num_elements = 2,
.elements = elements,
};
assert_non_null(in.dn);
/* Needed as * implies distinguishedName */
filtered_msg->dn = in.dn;
ret = ldb_filter_attrs_in_place(ctx->ldb,
&in,
attrs,
filtered_msg);
/* This does not fail the pidgenhole test */
assert_int_equal(ret, LDB_SUCCESS);
assert_int_equal(filtered_msg->num_elements, 3);
/* Assert that DB order is preserved */
assert_string_equal(filtered_msg->elements[0].name, "bar");
assert_int_equal(filtered_msg->elements[0].num_values, 1);
assert_int_equal(filtered_msg->elements[0].values[0].length,
strlen(value1));
assert_memory_equal(filtered_msg->elements[0].values[0].data,
value1, strlen(value1));
assert_string_equal(filtered_msg->elements[1].name, "bar");
assert_int_equal(filtered_msg->elements[1].num_values, 1);
assert_int_equal(filtered_msg->elements[1].values[0].length,
strlen(value2));
assert_memory_equal(filtered_msg->elements[1].values[0].data,
value2, strlen(value2));
/*
* assert the ldb_filter_attrs_in_place does not modify filtered_msg.dn
* in this case
*/
assert_ptr_equal(filtered_msg->dn, in.dn);
assert_string_equal(ldb_msg_find_attr_as_string(filtered_msg,
"distinguishedName",
NULL),
ldb_dn_get_linearized(in.dn));
}
/*
* Test against a record with only one attribute, matching the * in
* the list
*/
static void test_filter_attrs_one_attr_matched_star(void **state)
{
struct ldbtest_ctx *ctx = *state;
int ret;
struct ldb_message *filtered_msg = ldb_msg_new(ctx);
const char *attrs[] = {"*", NULL};
char value[] = "The value.......end";
struct ldb_val value_1 = {
.data = (uint8_t *)value,
.length = strlen(value)
};
struct ldb_message_element element_1 = {
.name = "foo",
.num_values = 1,
.values = &value_1
};
struct ldb_message in = {
.dn = ldb_dn_new(ctx, ctx->ldb, "dc=samba,dc=org"),
.num_elements = 1,
.elements = &element_1,
};
assert_non_null(in.dn);
/* Needed as * implies distinguishedName */
filtered_msg->dn = in.dn;
ret = ldb_filter_attrs_in_place(ctx->ldb,
&in,
attrs,
filtered_msg);
assert_int_equal(ret, LDB_SUCCESS);
assert_non_null(filtered_msg);
assert_int_equal(filtered_msg->num_elements, 2);
/*
* assert the ldb_filter_attrs_in_place does not modify filtered_msg.dn
* in this case
*/
assert_ptr_equal(filtered_msg->dn, in.dn);
assert_string_equal(ldb_msg_find_attr_as_string(filtered_msg,
"distinguishedName",
NULL),
ldb_dn_get_linearized(in.dn));
assert_string_equal(ldb_msg_find_attr_as_string(filtered_msg,
"foo",
NULL),
value);
}
/*
* Test against a record with two attributes, matching the * in
* the list
*/
static void test_filter_attrs_two_attr_matched_star(void **state)
{
struct ldbtest_ctx *ctx = *state;
int ret;
struct ldb_message *filtered_msg = ldb_msg_new(ctx);
const char *attrs[] = {"*", NULL};
char value1[] = "The value.......end";
char value2[] = "The value..MUST.end";
struct ldb_val value_1 = {
.data = (uint8_t *)value1,
.length = strlen(value1)
};
struct ldb_val value_2 = {
.data = (uint8_t *)value2,
.length = strlen(value2)
};
struct ldb_message_element elements[] = {
{
.name = "foo",
.num_values = 1,
.values = &value_1
},
{
.name = "bar",
.num_values = 1,
.values = &value_2
}
};
struct ldb_message in = {
.dn = ldb_dn_new(ctx, ctx->ldb, "dc=samba,dc=org"),
.num_elements = 2,
.elements = elements,
};
assert_non_null(in.dn);
/* Needed as * implies distinguishedName */
filtered_msg->dn = in.dn;
ret = ldb_filter_attrs_in_place(ctx->ldb,
&in,
attrs,
filtered_msg);
assert_int_equal(ret, LDB_SUCCESS);
assert_non_null(filtered_msg);
assert_int_equal(filtered_msg->num_elements, 3);
/*
* assert the ldb_filter_attrs_in_place does not modify filtered_msg.dn
* in this case
*/
assert_ptr_equal(filtered_msg->dn, in.dn);
assert_string_equal(ldb_msg_find_attr_as_string(filtered_msg,
"distinguishedName",
NULL),
ldb_dn_get_linearized(in.dn));
assert_string_equal(ldb_msg_find_attr_as_string(filtered_msg,
"foo",
NULL),
value1);
assert_string_equal(ldb_msg_find_attr_as_string(filtered_msg,
"bar",
NULL),
value2);
}
/*
* Test against a record with only one attribute, matching the * in
* the list, but without the DN being pre-filled. Fails due to need
* to contstruct the distinguishedName
*/
static void test_filter_attrs_one_attr_matched_star_no_dn(void **state)
{
struct ldbtest_ctx *ctx = *state;
int ret;
struct ldb_message *filtered_msg = ldb_msg_new(ctx);
const char *attrs[] = {"*", NULL};
char value[] = "The value.......end";
struct ldb_val value_1 = {
.data = (uint8_t *)value,
.length = strlen(value)
};
struct ldb_message_element element_1 = {
.name = "foo",
.num_values = 1,
.values = &value_1
};
struct ldb_message in = {
.dn = ldb_dn_new(ctx, ctx->ldb, "dc=samba,dc=org"),
.num_elements = 1,
.elements = &element_1,
};
assert_non_null(in.dn);
ret = ldb_filter_attrs_in_place(ctx->ldb,
&in,
attrs,
filtered_msg);
assert_int_equal(ret, -1);
assert_null(filtered_msg->elements);
}
/*
* Test against a record with only one attribute, matching the * in
* the list plus requsesting distinguishedName
*/
static void test_filter_attrs_one_attr_matched_star_dn(void **state)
{
struct ldbtest_ctx *ctx = *state;
int ret;
struct ldb_message *filtered_msg = ldb_msg_new(ctx);
const char *attrs[] = {"*", "distinguishedName", NULL};
char value[] = "The value.......end";
struct ldb_val value_1 = {
.data = (uint8_t *)value,
.length = strlen(value)
};
struct ldb_message_element element_1 = {
.name = "foo",
.num_values = 1,
.values = &value_1
};
struct ldb_message in = {
.dn = ldb_dn_new(ctx, ctx->ldb, "dc=samba,dc=org"),
.num_elements = 1,
.elements = &element_1,
};
assert_non_null(in.dn);
/* Needed for distinguishedName */
filtered_msg->dn = in.dn;
ret = ldb_filter_attrs_in_place(ctx->ldb,
&in,
attrs,
filtered_msg);
assert_int_equal(ret, LDB_SUCCESS);
assert_non_null(filtered_msg);
assert_int_equal(filtered_msg->num_elements, 2);
/* show that ldb_filter_attrs_in_place does not modify in.dn */
assert_ptr_equal(filtered_msg->dn, in.dn);
assert_string_equal(ldb_msg_find_attr_as_string(filtered_msg,
"distinguishedName",
NULL),
ldb_dn_get_linearized(in.dn));
assert_string_equal(ldb_msg_find_attr_as_string(filtered_msg,
"foo",
NULL),
value);
}
/*
* Test against a record with only one attribute, but returning
* distinguishedName from the list (only)
*/
static void test_filter_attrs_one_attr_matched_dn(void **state)
{
struct ldbtest_ctx *ctx = *state;
int ret;
struct ldb_message *filtered_msg = ldb_msg_new(ctx);
const char *attrs[] = {"distinguishedName", NULL};
char value[] = "The value.......end";
struct ldb_val value_1 = {
.data = (uint8_t *)value,
.length = strlen(value)
};
struct ldb_message_element element_1 = {
.name = "foo",
.num_values = 1,
.values = &value_1
};
struct ldb_message in = {
.dn = ldb_dn_new(ctx, ctx->ldb, "dc=samba,dc=org"),
.num_elements = 1,
.elements = &element_1,
};
assert_non_null(in.dn);
/* Needed for distinguishedName */
filtered_msg->dn = in.dn;
ret = ldb_filter_attrs_in_place(ctx->ldb,
&in,
attrs,
filtered_msg);
assert_int_equal(ret, LDB_SUCCESS);
assert_non_null(filtered_msg);
assert_int_equal(filtered_msg->num_elements, 1);
/* show that ldb_filter_attrs_in_place does not modify in.dn */
assert_ptr_equal(filtered_msg->dn, in.dn);
assert_string_equal(filtered_msg->elements[0].name, "distinguishedName");
assert_int_equal(filtered_msg->elements[0].num_values, 1);
assert_string_equal(filtered_msg->elements[0].values[0].data,
ldb_dn_get_linearized(in.dn));
}
/*
* Test against a record with only one attribute, not matching the
* empty attribute list
*/
static void test_filter_attrs_one_attr_empty_list(void **state)
{
struct ldbtest_ctx *ctx = *state;
int ret;
struct ldb_message *filtered_msg = ldb_msg_new(ctx);
const char *attrs[] = {NULL};
char value[] = "The value.......end";
struct ldb_val value_1 = {
.data = (uint8_t *)value,
.length = strlen(value)
};
struct ldb_message_element element_1 = {
.name = "foo",
.num_values = 1,
.values = &value_1
};
struct ldb_message in = {
.dn = ldb_dn_new(ctx, ctx->ldb, "dc=samba,dc=org"),
.num_elements = 1,
.elements = &element_1,
};
assert_non_null(in.dn);
ret = ldb_filter_attrs_in_place(ctx->ldb,
&in,
attrs,
filtered_msg);
assert_int_equal(ret, LDB_SUCCESS);
assert_non_null(filtered_msg);
assert_int_equal(filtered_msg->num_elements, 0);
assert_null(filtered_msg->dn);
assert_null(filtered_msg->elements);
}
int main(int argc, const char **argv)
{
const struct CMUnitTest tests[] = {
cmocka_unit_test_setup_teardown(
test_filter_attrs_one_attr_matched,
setup,
teardown),
cmocka_unit_test_setup_teardown(
test_filter_attrs_one_attr_matched_of_many,
setup,
teardown),
cmocka_unit_test_setup_teardown(
test_filter_attrs_two_attr_matched_attrs,
setup,
teardown),
cmocka_unit_test_setup_teardown(
test_filter_attrs_two_attr_matched_one_attr,
setup,
teardown),
cmocka_unit_test_setup_teardown(
test_filter_attrs_two_dup_attr_matched_one_attr,
setup,
teardown),
cmocka_unit_test_setup_teardown(
test_filter_attrs_two_dup_attr_matched_dup,
setup,
teardown),
cmocka_unit_test_setup_teardown(
test_filter_attrs_two_dup_attr_matched_one_of_two,
setup,
teardown),
cmocka_unit_test_setup_teardown(
test_filter_attrs_two_dup_attr_matched_star,
setup,
teardown),
cmocka_unit_test_setup_teardown(
test_filter_attrs_one_attr_matched_star,
setup,
teardown),
cmocka_unit_test_setup_teardown(
test_filter_attrs_two_attr_matched_star,
setup,
teardown),
cmocka_unit_test_setup_teardown(
test_filter_attrs_one_attr_matched_star_no_dn,
setup,
teardown),
cmocka_unit_test_setup_teardown(
test_filter_attrs_one_attr_matched_star_dn,
setup,
teardown),
cmocka_unit_test_setup_teardown(
test_filter_attrs_one_attr_matched_dn,
setup,
teardown),
cmocka_unit_test_setup_teardown(
test_filter_attrs_one_attr_empty_list,
setup,
teardown),
};
return cmocka_run_group_tests(tests, NULL, NULL);
}

6
lib/ldb/wscript
View File

@@ -518,6 +518,11 @@ def build(bld):
deps='cmocka ldb ldb_tdb_err_map', deps='cmocka ldb ldb_tdb_err_map',
install=False) install=False)
bld.SAMBA_BINARY('ldb_filter_attrs_in_place_test',
source='tests/ldb_filter_attrs_in_place_test.c',
deps='cmocka ldb ldb_tdb_err_map',
install=False)
bld.SAMBA_BINARY('ldb_key_value_sub_txn_tdb_test', bld.SAMBA_BINARY('ldb_key_value_sub_txn_tdb_test',
bld.SUBDIR('ldb_key_value', bld.SUBDIR('ldb_key_value',
'''ldb_kv_search.c '''ldb_kv_search.c
@@ -645,6 +650,7 @@ def test(ctx):
# 'ldb_key_value_sub_txn_tdb_test' # 'ldb_key_value_sub_txn_tdb_test'
'ldb_parse_test', 'ldb_parse_test',
'ldb_filter_attrs_test', 'ldb_filter_attrs_test',
'ldb_filter_attrs_in_place_test',
] ]
# if LIB_LDAP and LIB_LBER defined, then we can test ldb_ldap backend # if LIB_LDAP and LIB_LBER defined, then we can test ldb_ldap backend