sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-12-07 20:23:50 +03:00
Code Activity

r21806: I've been working over the last week to fix up the LDAP backend for

Browse Source 
Samba4.  This only broke on global catalog queries, which turned out to
be due to changes in the partitions module that metze needed for his
DRSUAPI work.

I've reworked partitions.c to always include the 'problematic' control,
and therefore demonstrated that this is the issue.  This ensures
consistency, and should help with finding issues like this in future.

As this control (DSDB_CONTROL_CURRENT_PARTITION_OID) is not intended to
be linearised, I've added logic to allow it to be skipped when creating
network packets.

I've likewise make our LDAP server skip unknown controls, when marked
'not critical' on it's input, rather than just dropping the entire
request.  I need some help to generate a correct error packet when it is
marked critical.

Further work could perhaps be to have the ldap_encode routine return a
textual description of what failed to encode, as that would have saved
me a lot of time...

Andrew Bartlett
(This used to be commit eef710668f)
This commit is contained in:
Andrew Bartlett
2007-03-13 00:59:06 +00:00
committed by Gerald (Jerry) Carter
parent b6b98f6300
commit 9b03286b32
6 changed files with 149 additions and 89 deletions
Download Patch File Download Diff File Expand all files Collapse all files

75
source4/libcli/ldap/ldap.c
View File

@@ -925,7 +925,9 @@ static void ldap_decode_attribs(TALLOC_CTX *mem_ctx, struct asn1_data *data,
asn1_end_tag(data);
}
BOOL ldap_decode(struct asn1_data *data, struct ldap_message *msg)
/* This routine returns LDAP status codes */
NTSTATUS ldap_decode(struct asn1_data *data, struct ldap_message *msg)
{
uint8_t tag;
@@ -933,7 +935,7 @@ BOOL ldap_decode(struct asn1_data *data, struct ldap_message *msg)
asn1_read_Integer(data, &msg->messageid);
if (!asn1_peek_uint8(data, &tag))
return False;
return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR);
switch(tag) {
@@ -950,12 +952,12 @@ BOOL ldap_decode(struct asn1_data *data, struct ldap_message *msg)
asn1_start_tag(data, ASN1_CONTEXT_SIMPLE(0));
pwlen = asn1_tag_remaining(data);
if (pwlen == -1) {
return False;
return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR);
}
if (pwlen != 0) {
char *pw = talloc_size(msg, pwlen+1);
if (!pw) {
return False;
return NT_STATUS_LDAP(LDAP_OPERATIONS_ERROR);
}
asn1_read(data, pw, pwlen);
pw[pwlen] = '\0';
@@ -971,7 +973,7 @@ BOOL ldap_decode(struct asn1_data *data, struct ldap_message *msg)
asn1_read_OctetString(data, &tmp_blob);
r->creds.SASL.secblob = talloc(msg, DATA_BLOB);
if (!r->creds.SASL.secblob) {
return False;
return NT_STATUS_LDAP(LDAP_OPERATIONS_ERROR);
}
*r->creds.SASL.secblob = data_blob_talloc(r->creds.SASL.secblob,
tmp_blob.data, tmp_blob.length);
@@ -982,7 +984,7 @@ BOOL ldap_decode(struct asn1_data *data, struct ldap_message *msg)
asn1_end_tag(data);
} else {
/* Neither Simple nor SASL bind */
return False;
return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR);
}
asn1_end_tag(data);
break;
@@ -998,7 +1000,7 @@ BOOL ldap_decode(struct asn1_data *data, struct ldap_message *msg)
asn1_read_ContextSimple(data, 7, &tmp_blob);
r->SASL.secblob = talloc(msg, DATA_BLOB);
if (!r->SASL.secblob) {
return False;
return NT_STATUS_LDAP(LDAP_OPERATIONS_ERROR);
}
*r->SASL.secblob = data_blob_talloc(r->SASL.secblob,
tmp_blob.data, tmp_blob.length);
@@ -1030,7 +1032,7 @@ BOOL ldap_decode(struct asn1_data *data, struct ldap_message *msg)
r->tree = ldap_decode_filter_tree(msg, data);
if (r->tree == NULL) {
return False;
return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR);
}
asn1_start_tag(data, ASN1_SEQUENCE(0));
@@ -1038,15 +1040,16 @@ BOOL ldap_decode(struct asn1_data *data, struct ldap_message *msg)
r->num_attributes = 0;
r->attributes = NULL;
while (asn1_tag_remaining(data) > 0) {
while (asn1_tag_remaining(data) > 0) {
const char *attr;
if (!asn1_read_OctetString_talloc(msg, data,
&attr))
return False;
return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR);
if (!add_string_to_array(msg, attr,
&r->attributes,
&r->num_attributes))
return False;
return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR);
}
asn1_end_tag(data);
@@ -1106,7 +1109,7 @@ BOOL ldap_decode(struct asn1_data *data, struct ldap_message *msg)
asn1_end_tag(data);
if (!add_mod_to_array_talloc(msg, &mod,
&r->mods, &r->num_mods)) {
return False;
return NT_STATUS_LDAP(LDAP_OPERATIONS_ERROR);
}
}
@@ -1157,7 +1160,7 @@ BOOL ldap_decode(struct asn1_data *data, struct ldap_message *msg)
ASN1_APPLICATION_SIMPLE(LDAP_TAG_DelRequest));
len = asn1_tag_remaining(data);
if (len == -1) {
return False;
return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR);
}
dn = talloc_size(msg, len+1);
if (dn == NULL)
@@ -1193,11 +1196,11 @@ BOOL ldap_decode(struct asn1_data *data, struct ldap_message *msg)
asn1_start_tag(data, ASN1_CONTEXT_SIMPLE(0));
len = asn1_tag_remaining(data);
if (len == -1) {
return False;
return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR);
}
newsup = talloc_size(msg, len+1);
if (newsup == NULL) {
return False;
return NT_STATUS_LDAP(LDAP_OPERATIONS_ERROR);
}
asn1_read(data, newsup, len);
newsup[len] = '\0';
@@ -1259,19 +1262,19 @@ BOOL ldap_decode(struct asn1_data *data, struct ldap_message *msg)
msg->type = LDAP_TAG_ExtendedRequest;
asn1_start_tag(data,tag);
if (!asn1_read_ContextSimple(data, 0, &tmp_blob)) {
return False;
return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR);
}
r->oid = blob2string_talloc(msg, tmp_blob);
data_blob_free(&tmp_blob);
if (!r->oid) {
return False;
return NT_STATUS_LDAP(LDAP_OPERATIONS_ERROR);
}
if (asn1_peek_tag(data, ASN1_CONTEXT_SIMPLE(1))) {
asn1_read_ContextSimple(data, 1, &tmp_blob);
r->value = talloc(msg, DATA_BLOB);
if (!r->value) {
return False;
return NT_STATUS_LDAP(LDAP_OPERATIONS_ERROR);
}
*r->value = data_blob_talloc(r->value, tmp_blob.data, tmp_blob.length);
data_blob_free(&tmp_blob);
@@ -1296,7 +1299,7 @@ BOOL ldap_decode(struct asn1_data *data, struct ldap_message *msg)
r->oid = blob2string_talloc(msg, tmp_blob);
data_blob_free(&tmp_blob);
if (!r->oid) {
return False;
return NT_STATUS_LDAP(LDAP_OPERATIONS_ERROR);
}
} else {
r->oid = NULL;
@@ -1306,7 +1309,7 @@ BOOL ldap_decode(struct asn1_data *data, struct ldap_message *msg)
asn1_read_ContextSimple(data, 1, &tmp_blob);
r->value = talloc(msg, DATA_BLOB);
if (!r->value) {
return False;
return NT_STATUS_LDAP(LDAP_OPERATIONS_ERROR);
}
*r->value = data_blob_talloc(r->value, tmp_blob.data, tmp_blob.length);
data_blob_free(&tmp_blob);
@@ -1318,34 +1321,45 @@ BOOL ldap_decode(struct asn1_data *data, struct ldap_message *msg)
break;
}
default:
return False;
return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR);
}
msg->controls = NULL;
if (asn1_peek_tag(data, ASN1_CONTEXT(0))) {
int i;
int i = 0;
struct ldb_control **ctrl = NULL;
asn1_start_tag(data, ASN1_CONTEXT(0));
for (i=0; asn1_peek_tag(data, ASN1_SEQUENCE(0)); i++) {
while (asn1_peek_tag(data, ASN1_SEQUENCE(0))) {
DATA_BLOB value;
/* asn1_start_tag(data, ASN1_SEQUENCE(0)); */
ctrl = talloc_realloc(msg, ctrl, struct ldb_control *, i+2);
if (!ctrl) {
return False;
return NT_STATUS_LDAP(LDAP_OPERATIONS_ERROR);
}
ctrl[i] = talloc(ctrl, struct ldb_control);
if (!ctrl[i]) {
return False;
return NT_STATUS_LDAP(LDAP_OPERATIONS_ERROR);
}
if (!ldap_decode_control(ctrl, data, ctrl[i])) {
return False;
if (!ldap_decode_control_wrapper(ctrl, data, ctrl[i], &value)) {
return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR);
}
if (!ldap_decode_control_value(ctrl, value, ctrl[i])) {
if (ctrl[i]->critical) {
return NT_STATUS_LDAP(LDAP_UNAVAILABLE_CRITICAL_EXTENSION);
} else {
talloc_free(ctrl[i]);
ctrl[i] = NULL;
}
} else {
i++;
}
}
if (ctrl != NULL) {
@@ -1358,7 +1372,10 @@ BOOL ldap_decode(struct asn1_data *data, struct ldap_message *msg)
}
asn1_end_tag(data);
return ((!data->has_error) && (data->nesting == NULL));
if ((data->has_error) || (data->nesting != NULL)) {
return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR);
}
return NT_STATUS_OK;
}