The Samba-Bugzilla – Attachment 14272 Details for
Bug 13374
[SECURITY] CVE-2018-1140 ldbsearch '(distinguishedName=abc)' and DNS query with escapes crashes
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
backported patch for 4.8
dns-ldb-input-validation-4-8.patch (text/plain), 66.32 KB, created by
Andrew Bartlett
on 2018-07-03 05:46:37 UTC
(
hide
)
Description:
backported patch for 4.8
Filename:
MIME Type:
Creator:
Andrew Bartlett
Created:
2018-07-03 05:46:37 UTC
Size:
66.32 KB
patch
obsolete
>From 8ce869bbc5de5dc5ba4b088e7310e7e1e77e3a98 Mon Sep 17 00:00:00 2001 >From: Kai Blin <kai@samba.org> >Date: Fri, 8 Jun 2018 18:20:16 +0200 >Subject: [PATCH 01/11] CVE-2018-1140 dns: Add a test to trigger the LDB > casefolding issue on invalid chars > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13466 > >Signed-off-by: Kai Blin <kai@samba.org> >--- > python/samba/tests/dns_invalid.py | 87 +++++++++++++++++++++++++++++++++++++++ > selftest/knownfail.d/dns | 3 ++ > source4/selftest/tests.py | 3 ++ > 3 files changed, 93 insertions(+) > create mode 100644 python/samba/tests/dns_invalid.py > >diff --git a/python/samba/tests/dns_invalid.py b/python/samba/tests/dns_invalid.py >new file mode 100644 >index 00000000000..9f87cd56084 >--- /dev/null >+++ b/python/samba/tests/dns_invalid.py >@@ -0,0 +1,87 @@ >+# Unix SMB/CIFS implementation. >+# Copyright (C) Kai Blin <kai@samba.org> 2018 >+# >+# This program is free software; you can redistribute it and/or modify >+# it under the terms of the GNU General Public License as published by >+# the Free Software Foundation; either version 3 of the License, or >+# (at your option) any later version. >+# >+# This program is distributed in the hope that it will be useful, >+# but WITHOUT ANY WARRANTY; without even the implied warranty of >+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >+# GNU General Public License for more details. >+# >+# You should have received a copy of the GNU General Public License >+# along with this program. If not, see <http://www.gnu.org/licenses/>. >+# >+ >+import os >+import sys >+import struct >+import random >+import socket >+import samba.ndr as ndr >+from samba import credentials, param >+from samba.dcerpc import dns, dnsp, dnsserver >+from samba.netcmd.dns import TXTRecord, dns_record_match, data_to_dns_record >+from samba.tests.subunitrun import SubunitOptions, TestProgram >+from samba import werror, WERRORError >+from samba.tests.dns_base import DNSTest >+import samba.getopt as options >+import optparse >+ >+parser = optparse.OptionParser("dns_invalid.py <server ip> [options]") >+sambaopts = options.SambaOptions(parser) >+parser.add_option_group(sambaopts) >+ >+# This timeout only has relevance when testing against Windows >+# Format errors tend to return patchy responses, so a timeout is needed. >+parser.add_option("--timeout", type="int", dest="timeout", >+ help="Specify timeout for DNS requests") >+ >+# use command line creds if available >+credopts = options.CredentialsOptions(parser) >+parser.add_option_group(credopts) >+subunitopts = SubunitOptions(parser) >+parser.add_option_group(subunitopts) >+ >+opts, args = parser.parse_args() >+ >+lp = sambaopts.get_loadparm() >+creds = credopts.get_credentials(lp) >+ >+timeout = opts.timeout >+ >+if len(args) < 1: >+ parser.print_usage() >+ sys.exit(1) >+ >+server_ip = args[0] >+creds.set_krb_forwardable(credentials.NO_KRB_FORWARDABLE) >+ >+ >+class TestBrokenQueries(DNSTest): >+ def setUp(self): >+ super(TestBrokenQueries, self).setUp() >+ global server, server_ip, lp, creds, timeout >+ self.server_ip = server_ip >+ self.lp = lp >+ self.creds = creds >+ self.timeout = timeout >+ >+ def test_invalid_chars_in_name(self): >+ """Check the server refuses invalid characters in the query name""" >+ p = self.make_name_packet(dns.DNS_OPCODE_QUERY) >+ questions = [] >+ >+ name = "\x10\x11\x05\xa8.%s" % self.get_dns_domain() >+ q = self.make_name_question(name, dns.DNS_QTYPE_A, dns.DNS_QCLASS_IN) >+ print "asking for ", q.name >+ questions.append(q) >+ >+ self.finish_name_packet(p, questions) >+ (response, response_packet) = self.dns_transaction_udp(p, host=server_ip) >+ self.assert_dns_rcode_equals(response, dns.DNS_RCODE_NXDOMAIN) >+ >+ >+TestProgram(module=__name__, opts=subunitopts) >diff --git a/selftest/knownfail.d/dns b/selftest/knownfail.d/dns >index cb3003240ea..140ded24fa0 100644 >--- a/selftest/knownfail.d/dns >+++ b/selftest/knownfail.d/dns >@@ -45,3 +45,6 @@ samba.tests.dns.__main__.TestSimpleQueries.test_qtype_all_query\(rodc:local\) > > # The SOA override should not pass against the RODC, it must not overstamp > samba.tests.dns.__main__.TestSimpleQueries.test_one_SOA_query\(rodc:local\) >+ >+# This still needs to be fixed in LDB >+samba.tests.dns_invalid.__main__.TestBrokenQueries.test_invalid_chars_in_name\(ad_dc:local\) >diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py >index 226617f3b6a..f59c8041401 100755 >--- a/source4/selftest/tests.py >+++ b/source4/selftest/tests.py >@@ -376,6 +376,9 @@ plantestsuite_loadlist("samba.tests.dns_forwarder", "fl2003dc:local", [python, o > > plantestsuite_loadlist("samba.tests.dns_tkey", "fl2008r2dc", [python, os.path.join(srcdir(), "python/samba/tests/dns_tkey.py"), '$SERVER', '$SERVER_IP', '--machine-pass', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT']) > plantestsuite_loadlist("samba.tests.dns_wildcard", "ad_dc", [python, os.path.join(srcdir(), "python/samba/tests/dns_wildcard.py"), '$SERVER', '$SERVER_IP', '--machine-pass', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT']) >+ >+plantestsuite_loadlist("samba.tests.dns_invalid", "ad_dc", [python, os.path.join(srcdir(), "python/samba/tests/dns_invalid.py"), '$SERVER_IP', '--machine-pass', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT']) >+ > for t in smbtorture4_testsuites("dns_internal."): > plansmbtorture4testsuite(t, "ad_dc_ntvfs:local", '//$SERVER/whavever') > >-- >2.11.0 > > >From cf41d9216c0f2308f0bf44bab0491a65ce83e828 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Mon, 2 Jul 2018 16:49:37 +1200 >Subject: [PATCH 02/11] CVE-2018-1140 dns_server: Be strict when constructing a > LDB DN from an untrusted DNS name > >This changes our DNS server to be much more careful when constructing DNS names >into LDB DN values. > >This avoids a segfault deep in the LDB code if the ldb_dn_get_casefold() fails there. > >A seperate patch will address that part of the issue, and a later patch >will re-work this code to use single API: ldb_dn_add_child_val(). This >is not squahed with this work because this patch does not rely on a new >LDB release, and so may be helpful for a backport. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13466 > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >--- > selftest/knownfail.d/dns | 3 -- > source4/dns_server/dnsserver_common.c | 53 +++++++++++++++++++++++++++++++++-- > 2 files changed, 51 insertions(+), 5 deletions(-) > >diff --git a/selftest/knownfail.d/dns b/selftest/knownfail.d/dns >index 140ded24fa0..cb3003240ea 100644 >--- a/selftest/knownfail.d/dns >+++ b/selftest/knownfail.d/dns >@@ -45,6 +45,3 @@ samba.tests.dns.__main__.TestSimpleQueries.test_qtype_all_query\(rodc:local\) > > # The SOA override should not pass against the RODC, it must not overstamp > samba.tests.dns.__main__.TestSimpleQueries.test_one_SOA_query\(rodc:local\) >- >-# This still needs to be fixed in LDB >-samba.tests.dns_invalid.__main__.TestBrokenQueries.test_invalid_chars_in_name\(ad_dc:local\) >diff --git a/source4/dns_server/dnsserver_common.c b/source4/dns_server/dnsserver_common.c >index 6c7ab802575..ce38b78ee9f 100644 >--- a/source4/dns_server/dnsserver_common.c >+++ b/source4/dns_server/dnsserver_common.c >@@ -915,7 +915,11 @@ WERROR dns_common_name2dn(struct ldb_context *samdb, > struct ldb_dn *dn; > const struct dns_server_zone *z; > size_t host_part_len = 0; >+ struct ldb_val host_part; > WERROR werr; >+ bool ok; >+ int ret; >+ const char *casefold = NULL; > > if (name == NULL) { > return DNS_ERR(FORMAT_ERROR); >@@ -924,7 +928,13 @@ WERROR dns_common_name2dn(struct ldb_context *samdb, > if (strcmp(name, "") == 0) { > base = ldb_get_default_basedn(samdb); > dn = ldb_dn_copy(mem_ctx, base); >- ldb_dn_add_child_fmt(dn, "DC=@,DC=RootDNSServers,CN=MicrosoftDNS,CN=System"); >+ ok = ldb_dn_add_child_fmt(dn, >+ "DC=@,DC=RootDNSServers,CN=MicrosoftDNS,CN=System"); >+ if (ok == false) { >+ TALLOC_FREE(dn); >+ return WERR_NOT_ENOUGH_MEMORY; >+ } >+ > *_dn = dn; > return WERR_OK; > } >@@ -956,7 +966,46 @@ WERROR dns_common_name2dn(struct ldb_context *samdb, > } > > dn = ldb_dn_copy(mem_ctx, z->dn); >- ldb_dn_add_child_fmt(dn, "DC=%*.*s", (int)host_part_len, (int)host_part_len, name); >+ if (dn == NULL) { >+ TALLOC_FREE(dn); >+ return WERR_NOT_ENOUGH_MEMORY; >+ } >+ >+ ok = ldb_dn_add_child_fmt(dn, "DC=X"); >+ >+ if (ok == false) { >+ TALLOC_FREE(dn); >+ return WERR_NOT_ENOUGH_MEMORY; >+ } >+ >+ host_part = data_blob_const(name, host_part_len); >+ >+ ret = ldb_dn_set_component(dn, 0, "DC", host_part); >+ if (ret != LDB_SUCCESS) { >+ TALLOC_FREE(dn); >+ return WERR_NOT_ENOUGH_MEMORY; >+ } >+ >+ /* >+ * Check the new DN here for validity, so as to catch errors >+ * early >+ */ >+ ok = ldb_dn_validate(dn); >+ if (ok == false) { >+ TALLOC_FREE(dn); >+ return DNS_ERR(NAME_ERROR); >+ } >+ >+ /* >+ * The value from this check is saved in the DN, and doing >+ * this here allows an easy return here. >+ */ >+ casefold = ldb_dn_get_casefold(dn); >+ if (casefold == NULL) { >+ TALLOC_FREE(dn); >+ return DNS_ERR(NAME_ERROR); >+ } >+ > *_dn = dn; > return WERR_OK; > } >-- >2.11.0 > > >From c1a3ceb4075481ae7c71ed131c94451dc2307f37 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Tue, 3 Jul 2018 15:16:56 +1200 >Subject: [PATCH 03/11] CVE-2018-1140 ldb: Add new function > ldb_dn_add_child_val() > >This is safer for untrusted input than ldb_dn_add_child_fmt() > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >--- > lib/ldb/common/ldb_dn.c | 33 +++++++++++++ > lib/ldb/include/ldb.h | 3 ++ > lib/ldb/tests/test_ldb_dn.c | 117 ++++++++++++++++++++++++++++++++++++++++++++ > lib/ldb/wscript | 14 ++++-- > 4 files changed, 164 insertions(+), 3 deletions(-) > create mode 100644 lib/ldb/tests/test_ldb_dn.c > >diff --git a/lib/ldb/common/ldb_dn.c b/lib/ldb/common/ldb_dn.c >index b23ee1734cd..e58dc41eb36 100644 >--- a/lib/ldb/common/ldb_dn.c >+++ b/lib/ldb/common/ldb_dn.c >@@ -1604,6 +1604,39 @@ bool ldb_dn_add_child_fmt(struct ldb_dn *dn, const char *child_fmt, ...) > return ret; > } > >+/* modify the given dn by adding a single child element. >+ * >+ * return true if successful and false if not >+ * if false is returned the dn may be marked invalid >+ */ >+bool ldb_dn_add_child_val(struct ldb_dn *dn, >+ const char *rdn, >+ struct ldb_val value) >+{ >+ bool ret; >+ int ldb_ret; >+ >+ if ( !dn || dn->invalid) { >+ return false; >+ } >+ >+ ret = ldb_dn_add_child_fmt(dn, "X=Y"); >+ >+ if (ret == false) { >+ return ret; >+ } >+ >+ ldb_ret = ldb_dn_set_component(dn, >+ 0, >+ rdn, >+ value); >+ if (ldb_ret != LDB_SUCCESS) { >+ return false; >+ } >+ >+ return ret; >+} >+ > bool ldb_dn_remove_base_components(struct ldb_dn *dn, unsigned int num) > { > unsigned int i; >diff --git a/lib/ldb/include/ldb.h b/lib/ldb/include/ldb.h >index 9918b4e69d9..81bee934da5 100644 >--- a/lib/ldb/include/ldb.h >+++ b/lib/ldb/include/ldb.h >@@ -1882,6 +1882,9 @@ bool ldb_dn_add_child(struct ldb_dn *dn, struct ldb_dn *child); > bool ldb_dn_add_child_fmt(struct ldb_dn *dn, const char *child_fmt, ...) PRINTF_ATTRIBUTE(2,3); > bool ldb_dn_remove_base_components(struct ldb_dn *dn, unsigned int num); > bool ldb_dn_remove_child_components(struct ldb_dn *dn, unsigned int num); >+bool ldb_dn_add_child_val(struct ldb_dn *dn, >+ const char *rdn, >+ struct ldb_val value); > > struct ldb_dn *ldb_dn_copy(TALLOC_CTX *mem_ctx, struct ldb_dn *dn); > struct ldb_dn *ldb_dn_get_parent(TALLOC_CTX *mem_ctx, struct ldb_dn *dn); >diff --git a/lib/ldb/tests/test_ldb_dn.c b/lib/ldb/tests/test_ldb_dn.c >new file mode 100644 >index 00000000000..4965dcef575 >--- /dev/null >+++ b/lib/ldb/tests/test_ldb_dn.c >@@ -0,0 +1,117 @@ >+/* >+ * Unix SMB/CIFS implementation. >+ * >+ * Copyright (C) 2018 Andreas Schneider <asn@samba.org> >+ * >+ * This program is free software; you can redistribute it and/or modify >+ * it under the terms of the GNU General Public License as published by >+ * the Free Software Foundation; either version 3 of the License, or >+ * (at your option) any later version. >+ * >+ * This program is distributed in the hope that it will be useful, >+ * but WITHOUT ANY WARRANTY; without even the implied warranty of >+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >+ * GNU General Public License for more details. >+ * >+ * You should have received a copy of the GNU General Public License >+ * along with this program. If not, see <http://www.gnu.org/licenses/>. >+ */ >+ >+#include <stdarg.h> >+#include <stddef.h> >+#include <setjmp.h> >+#include <cmocka.h> >+ >+#include <ldb.h> >+ >+static void test_ldb_dn_add_child_fmt(void **state) >+{ >+ struct ldb_context *ldb = ldb_init(NULL, NULL); >+ >+ struct ldb_dn *dn = ldb_dn_new(ldb, ldb, "dc=samba,dc=org"); >+ >+ assert_true(ldb_dn_add_child_fmt(dn, >+ "DC=X")); >+ >+ assert_string_equal("DC=X,dc=samba,dc=org", >+ ldb_dn_get_linearized(dn)); >+ >+ assert_string_equal("DC=X,DC=SAMBA,DC=ORG", >+ ldb_dn_get_casefold(dn)); >+ >+} >+ >+static void test_ldb_dn_add_child_fmt2(void **state) >+{ >+ struct ldb_context *ldb = ldb_init(NULL, NULL); >+ >+ struct ldb_dn *dn = ldb_dn_new(ldb, ldb, "dc=samba,dc=org"); >+ >+ assert_true(ldb_dn_add_child_fmt(dn, >+ "DC=X,DC=Y")); >+ >+ assert_string_equal("DC=X,DC=Y,dc=samba,dc=org", >+ ldb_dn_get_linearized(dn)); >+ >+ assert_string_equal("DC=X,DC=Y,DC=SAMBA,DC=ORG", >+ ldb_dn_get_casefold(dn)); >+ >+ assert_int_equal(4, >+ ldb_dn_get_comp_num(dn)); >+ >+} >+ >+static void test_ldb_dn_add_child_val(void **state) >+{ >+ struct ldb_context *ldb = ldb_init(NULL, NULL); >+ >+ struct ldb_dn *dn = ldb_dn_new(ldb, ldb, "dc=samba,dc=org"); >+ struct ldb_val name = {.data = discard_const("X"), >+ .length = 1 >+ }; >+ >+ assert_true(ldb_dn_add_child_val(dn, >+ "DC", name)); >+ >+ assert_string_equal("DC=X,dc=samba,dc=org", >+ ldb_dn_get_linearized(dn)); >+ >+ assert_string_equal("DC=X,DC=SAMBA,DC=ORG", >+ ldb_dn_get_casefold(dn)); >+ >+} >+ >+static void test_ldb_dn_add_child_val2(void **state) >+{ >+ struct ldb_context *ldb = ldb_init(NULL, NULL); >+ >+ struct ldb_dn *dn = ldb_dn_new(ldb, ldb, "dc=samba,dc=org"); >+ >+ struct ldb_val name = {.data = discard_const("X,DC=Y"), >+ .length = 6 >+ }; >+ >+ assert_true(ldb_dn_add_child_val(dn, >+ "DC", name)); >+ >+ assert_string_equal("DC=X\\,DC\\3DY,dc=samba,dc=org", >+ ldb_dn_get_linearized(dn)); >+ >+ assert_string_equal("DC=X\\,DC\\3DY,DC=SAMBA,DC=ORG", >+ ldb_dn_get_casefold(dn)); >+ >+ assert_int_equal(3, >+ ldb_dn_get_comp_num(dn)); >+ >+} >+ >+int main(void) { >+ const struct CMUnitTest tests[] = { >+ cmocka_unit_test(test_ldb_dn_add_child_fmt), >+ cmocka_unit_test(test_ldb_dn_add_child_fmt2), >+ cmocka_unit_test(test_ldb_dn_add_child_val), >+ cmocka_unit_test(test_ldb_dn_add_child_val2), >+ }; >+ >+ return cmocka_run_group_tests(tests, NULL, NULL); >+} >diff --git a/lib/ldb/wscript b/lib/ldb/wscript >index 2477885cd32..b9482df5972 100644 >--- a/lib/ldb/wscript >+++ b/lib/ldb/wscript >@@ -352,6 +352,12 @@ def build(bld): > deps='cmocka ldb', > install=False) > >+ bld.SAMBA_BINARY('test_ldb_dn', >+ source='tests/test_ldb_dn.c', >+ deps='cmocka ldb', >+ install=False) >+ >+ > def test(ctx): > '''run ldb testsuite''' > import Utils, samba_utils, shutil >@@ -379,10 +385,12 @@ def test(ctx): > print("Python testsuite returned %d" % pyret) > > cmocka_ret = 0 >+ > for test_exe in ['ldb_tdb_mod_op_test', >- 'ldb_msg_test']: >- cmd = os.path.join(Utils.g_module.blddir, test_exe) >- cmocka_ret = cmocka_ret or samba_utils.RUN_COMMAND(cmd) >+ 'ldb_msg_test', >+ 'test_ldb_dn']: >+ cmd = os.path.join(Utils.g_module.blddir, test_exe) >+ cmocka_ret = cmocka_ret or samba_utils.RUN_COMMAND(cmd) > > sys.exit(ret or pyret or cmocka_ret) > >-- >2.11.0 > > >From 064e4a9bd4cadb334c3dd4006c2ab5fc27df8a2d Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Tue, 3 Jul 2018 15:18:25 +1200 >Subject: [PATCH 04/11] CVE-2018-1140 dns_server: Avoid ldb_dn_add_child_fmt() > on untrusted input > >By using the new ldb_dn_add_child_val() we ensure that the user-controlled values are >not parsed as DN seperators. > >Additionally, the casefold DN is obtained before the search to trigger >a full parse of the DN before being handled to the LDB search. > >This is not normally required but is done here due to the nature >of the untrusted input. > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >--- > source4/dns_server/dlz_bind9.c | 159 ++++++++++++++++++++++++++++++-- > source4/dns_server/dnsserver_common.c | 13 +-- > source4/rpc_server/dnsserver/dnsdb.c | 11 ++- > source4/rpc_server/dnsserver/dnsutils.c | 14 ++- > 4 files changed, 174 insertions(+), 23 deletions(-) > >diff --git a/source4/dns_server/dlz_bind9.c b/source4/dns_server/dlz_bind9.c >index cf171cb6608..292a17f5367 100644 >--- a/source4/dns_server/dlz_bind9.c >+++ b/source4/dns_server/dlz_bind9.c >@@ -771,8 +771,11 @@ static isc_result_t b9_find_zone_dn(struct dlz_bind9_data *state, const char *zo > int i; > > for (i=0; zone_prefixes[i]; i++) { >+ const char *casefold; > struct ldb_dn *dn; > struct ldb_result *res; >+ struct ldb_val zone_name_val >+ = data_blob_string_const(zone_name); > > dn = ldb_dn_copy(tmp_ctx, ldb_get_default_basedn(state->samdb)); > if (dn == NULL) { >@@ -780,11 +783,40 @@ static isc_result_t b9_find_zone_dn(struct dlz_bind9_data *state, const char *zo > return ISC_R_NOMEMORY; > } > >- if (!ldb_dn_add_child_fmt(dn, "DC=%s,%s", zone_name, zone_prefixes[i])) { >+ /* >+ * This dance ensures that it is not possible to put >+ * (eg) an extra DC=x, into the DNS name being >+ * queried >+ */ >+ >+ if (!ldb_dn_add_child_fmt(dn, >+ "DC=X,%s", >+ zone_prefixes[i])) { >+ talloc_free(tmp_ctx); >+ return ISC_R_NOMEMORY; >+ } >+ >+ ret = ldb_dn_set_component(dn, >+ 0, >+ "DC", >+ zone_name_val); >+ if (ret != LDB_SUCCESS) { > talloc_free(tmp_ctx); > return ISC_R_NOMEMORY; > } > >+ /* >+ * Check if this is a plausibly valid DN early >+ * (time spent here will be saved during the >+ * search due to an internal cache) >+ */ >+ casefold = ldb_dn_get_casefold(dn); >+ >+ if (casefold == NULL) { >+ talloc_free(tmp_ctx); >+ return ISC_R_NOTFOUND; >+ } >+ > ret = ldb_search(state->samdb, tmp_ctx, &res, dn, LDB_SCOPE_BASE, attrs, "objectClass=dnsZone"); > if (ret == LDB_SUCCESS) { > if (zone_dn != NULL) { >@@ -815,19 +847,42 @@ static isc_result_t b9_find_name_dn(struct dlz_bind9_data *state, const char *na > isc_result_t result; > result = b9_find_zone_dn(state, p, mem_ctx, dn); > if (result == ISC_R_SUCCESS) { >+ const char *casefold; >+ > /* we found a zone, now extend the DN to get > * the full DN > */ > bool ret; > if (p == name) { > ret = ldb_dn_add_child_fmt(*dn, "DC=@"); >+ if (ret == false) { >+ talloc_free(*dn); >+ return ISC_R_NOMEMORY; >+ } > } else { >- ret = ldb_dn_add_child_fmt(*dn, "DC=%.*s", (int)(p-name)-1, name); >+ struct ldb_val name_val >+ = data_blob_const(name, >+ (int)(p-name)-1); >+ >+ if (!ldb_dn_add_child_val(*dn, >+ "DC", >+ name_val)) { >+ talloc_free(*dn); >+ return ISC_R_NOMEMORY; >+ } > } >- if (!ret) { >- talloc_free(*dn); >- return ISC_R_NOMEMORY; >+ >+ /* >+ * Check if this is a plausibly valid DN early >+ * (time spent here will be saved during the >+ * search due to an internal cache) >+ */ >+ casefold = ldb_dn_get_casefold(*dn); >+ >+ if (casefold == NULL) { >+ return ISC_R_NOTFOUND; > } >+ > return ISC_R_SUCCESS; > } > p = strchr(p, '.'); >@@ -869,19 +924,63 @@ static isc_result_t dlz_lookup_types(struct dlz_bind9_data *state, > WERROR werr = WERR_DNS_ERROR_NAME_DOES_NOT_EXIST; > struct dnsp_DnssrvRpcRecord *records = NULL; > uint16_t num_records = 0, i; >+ struct ldb_val zone_name_val >+ = data_blob_string_const(zone); >+ struct ldb_val name_val >+ = data_blob_string_const(name); > > for (i=0; zone_prefixes[i]; i++) { >+ int ret; >+ const char *casefold; > dn = ldb_dn_copy(tmp_ctx, ldb_get_default_basedn(state->samdb)); > if (dn == NULL) { > talloc_free(tmp_ctx); > return ISC_R_NOMEMORY; > } > >- if (!ldb_dn_add_child_fmt(dn, "DC=%s,DC=%s,%s", name, zone, zone_prefixes[i])) { >+ /* >+ * This dance ensures that it is not possible to put >+ * (eg) an extra DC=x, into the DNS name being >+ * queried >+ */ >+ >+ if (!ldb_dn_add_child_fmt(dn, >+ "DC=X,DC=X,%s", >+ zone_prefixes[i])) { > talloc_free(tmp_ctx); > return ISC_R_NOMEMORY; > } > >+ ret = ldb_dn_set_component(dn, >+ 1, >+ "DC", >+ zone_name_val); >+ if (ret != LDB_SUCCESS) { >+ talloc_free(tmp_ctx); >+ return ISC_R_NOMEMORY; >+ } >+ >+ ret = ldb_dn_set_component(dn, >+ 0, >+ "DC", >+ name_val); >+ if (ret != LDB_SUCCESS) { >+ talloc_free(tmp_ctx); >+ return ISC_R_NOMEMORY; >+ } >+ >+ /* >+ * Check if this is a plausibly valid DN early >+ * (time spent here will be saved during the >+ * search due to an internal cache) >+ */ >+ casefold = ldb_dn_get_casefold(dn); >+ >+ if (casefold == NULL) { >+ talloc_free(tmp_ctx); >+ return ISC_R_NOTFOUND; >+ } >+ > werr = dns_common_wildcard_lookup(state->samdb, tmp_ctx, dn, > &records, &num_records); > if (W_ERROR_IS_OK(werr)) { >@@ -950,17 +1049,49 @@ _PUBLIC_ isc_result_t dlz_allnodes(const char *zone, void *dbdata, > TALLOC_CTX *tmp_ctx = talloc_new(state); > > for (i=0; zone_prefixes[i]; i++) { >+ const char *casefold; >+ struct ldb_val zone_name_val >+ = data_blob_string_const(zone); >+ > dn = ldb_dn_copy(tmp_ctx, ldb_get_default_basedn(state->samdb)); > if (dn == NULL) { > talloc_free(tmp_ctx); > return ISC_R_NOMEMORY; > } > >- if (!ldb_dn_add_child_fmt(dn, "DC=%s,%s", zone, zone_prefixes[i])) { >+ /* >+ * This dance ensures that it is not possible to put >+ * (eg) an extra DC=x, into the DNS name being >+ * queried >+ */ >+ >+ if (!ldb_dn_add_child_fmt(dn, >+ "DC=X,%s", >+ zone_prefixes[i])) { > talloc_free(tmp_ctx); > return ISC_R_NOMEMORY; > } > >+ ret = ldb_dn_set_component(dn, >+ 0, >+ "DC", >+ zone_name_val); >+ if (ret != LDB_SUCCESS) { >+ talloc_free(tmp_ctx); >+ return ISC_R_NOMEMORY; >+ } >+ >+ /* >+ * Check if this is a plausibly valid DN early >+ * (time spent here will be saved during the >+ * search due to an internal cache) >+ */ >+ casefold = ldb_dn_get_casefold(dn); >+ >+ if (casefold == NULL) { >+ return ISC_R_NOTFOUND; >+ } >+ > ret = ldb_search(state->samdb, tmp_ctx, &res, dn, LDB_SCOPE_SUBTREE, > attrs, "objectClass=dnsNode"); > if (ret == LDB_SUCCESS) { >@@ -1113,10 +1244,20 @@ static bool b9_has_soa(struct dlz_bind9_data *state, struct ldb_dn *dn, const ch > WERROR werr; > struct dnsp_DnssrvRpcRecord *records = NULL; > uint16_t num_records = 0, i; >+ struct ldb_val zone_name_val >+ = data_blob_string_const(zone); > >- if (!ldb_dn_add_child_fmt(dn, "DC=@,DC=%s", zone)) { >+ /* >+ * This dance ensures that it is not possible to put >+ * (eg) an extra DC=x, into the DNS name being >+ * queried >+ */ >+ >+ if (!ldb_dn_add_child_val(dn, >+ "DC", >+ zone_name_val)) { > talloc_free(tmp_ctx); >- return false; >+ return ISC_R_NOMEMORY; > } > > werr = dns_common_lookup(state->samdb, tmp_ctx, dn, >diff --git a/source4/dns_server/dnsserver_common.c b/source4/dns_server/dnsserver_common.c >index ce38b78ee9f..bb8c660b918 100644 >--- a/source4/dns_server/dnsserver_common.c >+++ b/source4/dns_server/dnsserver_common.c >@@ -918,7 +918,6 @@ WERROR dns_common_name2dn(struct ldb_context *samdb, > struct ldb_val host_part; > WERROR werr; > bool ok; >- int ret; > const char *casefold = NULL; > > if (name == NULL) { >@@ -971,17 +970,11 @@ WERROR dns_common_name2dn(struct ldb_context *samdb, > return WERR_NOT_ENOUGH_MEMORY; > } > >- ok = ldb_dn_add_child_fmt(dn, "DC=X"); >- >- if (ok == false) { >- TALLOC_FREE(dn); >- return WERR_NOT_ENOUGH_MEMORY; >- } >- > host_part = data_blob_const(name, host_part_len); > >- ret = ldb_dn_set_component(dn, 0, "DC", host_part); >- if (ret != LDB_SUCCESS) { >+ ok = ldb_dn_add_child_val(dn, "DC", host_part); >+ >+ if (ok == false) { > TALLOC_FREE(dn); > return WERR_NOT_ENOUGH_MEMORY; > } >diff --git a/source4/rpc_server/dnsserver/dnsdb.c b/source4/rpc_server/dnsserver/dnsdb.c >index 81a2d2070a0..6ecc0b2a581 100644 >--- a/source4/rpc_server/dnsserver/dnsdb.c >+++ b/source4/rpc_server/dnsserver/dnsdb.c >@@ -365,6 +365,7 @@ WERROR dnsserver_db_add_empty_node(TALLOC_CTX *mem_ctx, > struct ldb_result *res; > struct ldb_dn *dn; > char *encoded_name = ldb_binary_encode_string(mem_ctx, name); >+ struct ldb_val name_val = data_blob_string_const(name); > int ret; > > ret = ldb_search(samdb, mem_ctx, &res, z->zone_dn, LDB_SCOPE_BASE, attrs, >@@ -382,7 +383,7 @@ WERROR dnsserver_db_add_empty_node(TALLOC_CTX *mem_ctx, > dn = ldb_dn_copy(mem_ctx, z->zone_dn); > W_ERROR_HAVE_NO_MEMORY(dn); > >- if (!ldb_dn_add_child_fmt(dn, "DC=%s", name)) { >+ if (!ldb_dn_add_child_val(dn, "DC", name_val)) { > return WERR_NOT_ENOUGH_MEMORY; > } > >@@ -886,6 +887,7 @@ WERROR dnsserver_db_create_zone(struct ldb_context *samdb, > struct dnsp_DnssrvRpcRecord *dns_rec; > struct dnsp_soa soa; > char *tmpstr, *server_fqdn, *soa_email; >+ struct ldb_val name_val = data_blob_string_const(zone->name); > NTTIME t; > > /* We only support primary zones for now */ >@@ -912,7 +914,12 @@ WERROR dnsserver_db_create_zone(struct ldb_context *samdb, > dn = ldb_dn_copy(tmp_ctx, p->partition_dn); > W_ERROR_HAVE_NO_MEMORY_AND_FREE(dn, tmp_ctx); > >- if(!ldb_dn_add_child_fmt(dn, "DC=%s,CN=MicrosoftDNS", zone->name)) { >+ if (!ldb_dn_add_child_fmt(dn, "CN=MicrosoftDNS")) { >+ talloc_free(tmp_ctx); >+ return WERR_NOT_ENOUGH_MEMORY; >+ } >+ >+ if (!ldb_dn_add_child_val(dn, "DC", name_val)) { > talloc_free(tmp_ctx); > return WERR_NOT_ENOUGH_MEMORY; > } >diff --git a/source4/rpc_server/dnsserver/dnsutils.c b/source4/rpc_server/dnsserver/dnsutils.c >index 72b47f72b4f..ece8f02c4d0 100644 >--- a/source4/rpc_server/dnsserver/dnsutils.c >+++ b/source4/rpc_server/dnsserver/dnsutils.c >@@ -313,6 +313,8 @@ struct ldb_dn *dnsserver_name_to_dn(TALLOC_CTX *mem_ctx, struct dnsserver_zone * > { > struct ldb_dn *dn; > bool ret; >+ struct ldb_val name_val = >+ data_blob_string_const(name); > > dn = ldb_dn_copy(mem_ctx, z->zone_dn); > if (dn == NULL) { >@@ -320,9 +322,17 @@ struct ldb_dn *dnsserver_name_to_dn(TALLOC_CTX *mem_ctx, struct dnsserver_zone * > } > if (strcasecmp(name, z->name) == 0) { > ret = ldb_dn_add_child_fmt(dn, "DC=@"); >- } else { >- ret = ldb_dn_add_child_fmt(dn, "DC=%s", name); >+ if (!ret) { >+ talloc_free(dn); >+ return NULL; >+ } >+ return dn; > } >+ >+ ret = ldb_dn_add_child_val(dn, >+ "DC", >+ name_val); >+ > if (!ret) { > talloc_free(dn); > return NULL; >-- >2.11.0 > > >From d48160cd28c073702d7ff2e96401da574dd49528 Mon Sep 17 00:00:00 2001 >From: Andrej Gessel <Andrej.Gessel@janztec.com> >Date: Fri, 6 Apr 2018 18:18:33 +0200 >Subject: [PATCH 05/11] Add NULL check for ldb_dn_get_casefold() in > ltdb_index_dn_attr() > >Signed-off-by: Andrej Gessel <Andrej.Gessel@janztec.com> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13374 >--- > lib/ldb/ldb_tdb/ldb_index.c | 9 +++++++++ > 1 file changed, 9 insertions(+) > >diff --git a/lib/ldb/ldb_tdb/ldb_index.c b/lib/ldb/ldb_tdb/ldb_index.c >index 40baeea5c2b..bc037a74947 100644 >--- a/lib/ldb/ldb_tdb/ldb_index.c >+++ b/lib/ldb/ldb_tdb/ldb_index.c >@@ -1405,6 +1405,15 @@ static int ltdb_index_dn_attr(struct ldb_module *module, > > /* work out the index key from the parent DN */ > val.data = (uint8_t *)((uintptr_t)ldb_dn_get_casefold(dn)); >+ if (val.data == NULL) { >+ const char *dn_str = ldb_dn_get_linearized(dn); >+ ldb_asprintf_errstring(ldb_module_get_ctx(module), >+ __location__ >+ ": Failed to get casefold DN" >+ "from: %s", >+ dn_str); >+ return LDB_ERR_OPERATIONS_ERROR; >+ } > val.length = strlen((char *)val.data); > key = ltdb_index_key(ldb, ltdb, attr, &val, NULL); > if (!key) { >-- >2.11.0 > > >From 69018be493ad4794230e6fd5a8db2b95433433c9 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Mon, 21 May 2018 14:50:50 +1200 >Subject: [PATCH 06/11] ldb: Check for ldb_dn_get_casefold() failure in > ldb_sqlite > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13374 >--- > lib/ldb/ldb_sqlite3/ldb_sqlite3.c | 3 +++ > 1 file changed, 3 insertions(+) > >diff --git a/lib/ldb/ldb_sqlite3/ldb_sqlite3.c b/lib/ldb/ldb_sqlite3/ldb_sqlite3.c >index f94dc993904..0f5abf87547 100644 >--- a/lib/ldb/ldb_sqlite3/ldb_sqlite3.c >+++ b/lib/ldb/ldb_sqlite3/ldb_sqlite3.c >@@ -323,6 +323,9 @@ static char *parsetree_to_sql(struct ldb_module *module, > const char *cdn = ldb_dn_get_casefold( > ldb_dn_new(mem_ctx, ldb, > (const char *)value.data)); >+ if (cdn == NULL) { >+ return NULL; >+ } > > return lsqlite3_tprintf(mem_ctx, > "SELECT eid FROM ldb_entry " >-- >2.11.0 > > >From cfd053ab18cb41a1f705a8cb4132df57c5375320 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Mon, 21 May 2018 15:20:26 +1200 >Subject: [PATCH 07/11] ldb_tdb: Ensure the dn in distinguishedName= is valid > before use > >ldb_dn_from_ldb_val() does not validate this untrusted input, so a later >call to ldb_dn_get_casefold() can fail if the input is not valid. > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13374 >--- > lib/ldb/ldb_tdb/ldb_index.c | 9 +++++++++ > 1 file changed, 9 insertions(+) > >diff --git a/lib/ldb/ldb_tdb/ldb_index.c b/lib/ldb/ldb_tdb/ldb_index.c >index bc037a74947..7b48090a7a6 100644 >--- a/lib/ldb/ldb_tdb/ldb_index.c >+++ b/lib/ldb/ldb_tdb/ldb_index.c >@@ -970,6 +970,7 @@ static int ltdb_index_dn_leaf(struct ldb_module *module, > return LDB_SUCCESS; > } > if (ldb_attr_dn(tree->u.equality.attr) == 0) { >+ bool valid_dn = false; > struct ldb_dn *dn > = ldb_dn_from_ldb_val(list, > ldb_module_get_ctx(module), >@@ -981,6 +982,14 @@ static int ltdb_index_dn_leaf(struct ldb_module *module, > return LDB_SUCCESS; > } > >+ valid_dn = ldb_dn_validate(dn); >+ if (valid_dn == false) { >+ /* If we can't parse it, no match */ >+ list->dn = NULL; >+ list->count = 0; >+ return LDB_SUCCESS; >+ } >+ > /* > * Re-use the same code we use for a SCOPE_BASE > * search >-- >2.11.0 > > >From 7db20e00d338e56ecbe2ed8a90289403249d9c75 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Mon, 21 May 2018 15:23:53 +1200 >Subject: [PATCH 08/11] ldb_tdb: Check for DN validity in add, rename and > search > >This ensures we fail with a good error code before an eventual ldb_dn_get_casefold() which >would otherwise fail. > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13374 >--- > lib/ldb/ldb_tdb/ldb_search.c | 16 ++++++++++++++++ > lib/ldb/ldb_tdb/ldb_tdb.c | 27 ++++++++++++++++++++++++++- > 2 files changed, 42 insertions(+), 1 deletion(-) > >diff --git a/lib/ldb/ldb_tdb/ldb_search.c b/lib/ldb/ldb_tdb/ldb_search.c >index 02890862cf7..ad09b8845a8 100644 >--- a/lib/ldb/ldb_tdb/ldb_search.c >+++ b/lib/ldb/ldb_tdb/ldb_search.c >@@ -295,6 +295,14 @@ int ltdb_search_dn1(struct ldb_module *module, struct ldb_dn *dn, struct ldb_mes > }; > TALLOC_CTX *tdb_key_ctx = NULL; > >+ bool valid_dn = ldb_dn_validate(dn); >+ if (valid_dn == false) { >+ ldb_asprintf_errstring(ldb_module_get_ctx(module), >+ "Invalid Base DN: %s", >+ ldb_dn_get_linearized(dn)); >+ return LDB_ERR_INVALID_DN_SYNTAX; >+ } >+ > if (ltdb->cache->GUID_index_attribute == NULL) { > tdb_key_ctx = talloc_new(msg); > if (!tdb_key_ctx) { >@@ -803,6 +811,14 @@ int ltdb_search(struct ltdb_context *ctx) > ldb_dn_get_linearized(req->op.search.base)); > } > >+ } else if (ldb_dn_validate(req->op.search.base) == false) { >+ >+ /* We don't want invalid base DNs here */ >+ ldb_asprintf_errstring(ldb, >+ "Invalid Base DN: %s", >+ ldb_dn_get_linearized(req->op.search.base)); >+ ret = LDB_ERR_INVALID_DN_SYNTAX; >+ > } else { > /* If we are not checking the base DN life is easy */ > ret = LDB_SUCCESS; >diff --git a/lib/ldb/ldb_tdb/ldb_tdb.c b/lib/ldb/ldb_tdb/ldb_tdb.c >index 701427609e9..c7bf865de58 100644 >--- a/lib/ldb/ldb_tdb/ldb_tdb.c >+++ b/lib/ldb/ldb_tdb/ldb_tdb.c >@@ -515,6 +515,16 @@ static int ltdb_add_internal(struct ldb_module *module, > struct ldb_context *ldb = ldb_module_get_ctx(module); > int ret = LDB_SUCCESS; > unsigned int i; >+ bool valid_dn = false; >+ >+ /* Check the new DN is reasonable */ >+ valid_dn = ldb_dn_validate(msg->dn); >+ if (valid_dn == false) { >+ ldb_asprintf_errstring(ldb_module_get_ctx(module), >+ "Invalid DN in ADD: %s", >+ ldb_dn_get_linearized(msg->dn)); >+ return LDB_ERR_INVALID_DN_SYNTAX; >+ } > > for (i=0;i<msg->num_elements;i++) { > struct ldb_message_element *el = &msg->elements[i]; >@@ -1292,6 +1302,7 @@ static int ltdb_rename(struct ltdb_context *ctx) > int ret = LDB_SUCCESS; > TDB_DATA tdb_key, tdb_key_old; > struct ldb_dn *db_dn; >+ bool valid_dn = false; > > ldb_request_set_state(req, LDB_ASYNC_PENDING); > >@@ -1304,10 +1315,24 @@ static int ltdb_rename(struct ltdb_context *ctx) > return LDB_ERR_OPERATIONS_ERROR; > } > >+ /* Check the new DN is reasonable */ >+ valid_dn = ldb_dn_validate(req->op.rename.newdn); >+ if (valid_dn == false) { >+ ldb_asprintf_errstring(ldb_module_get_ctx(module), >+ "Invalid New DN: %s", >+ ldb_dn_get_linearized(req->op.rename.newdn)); >+ return LDB_ERR_INVALID_DN_SYNTAX; >+ } >+ > /* we need to fetch the old record to re-add under the new name */ > ret = ltdb_search_dn1(module, req->op.rename.olddn, msg, > LDB_UNPACK_DATA_FLAG_NO_DATA_ALLOC); >- if (ret != LDB_SUCCESS) { >+ if (ret == LDB_ERR_INVALID_DN_SYNTAX) { >+ ldb_asprintf_errstring(ldb_module_get_ctx(module), >+ "Invalid Old DN: %s", >+ ldb_dn_get_linearized(req->op.rename.newdn)); >+ return ret; >+ } else if (ret != LDB_SUCCESS) { > /* not finding the old record is an error */ > return ret; > } >-- >2.11.0 > > >From d8102369b1859528ae9c7996d887fd5bf190fd1f Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Mon, 21 May 2018 15:25:33 +1200 >Subject: [PATCH 09/11] ldb_tdb: Remove pointless check of ldb_dn_is_valid() > >If the DN is not valid the ltdb_search_dn1() will catch it with ldb_dn_validate() which >is the only safe way to check this. ldb_dn_is_valid() does not actually check, but instead >returns only the result of the previous checks, if there was one. > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13374 >--- > lib/ldb/ldb_tdb/ldb_search.c | 8 -------- > 1 file changed, 8 deletions(-) > >diff --git a/lib/ldb/ldb_tdb/ldb_search.c b/lib/ldb/ldb_tdb/ldb_search.c >index ad09b8845a8..7ba6ed573d6 100644 >--- a/lib/ldb/ldb_tdb/ldb_search.c >+++ b/lib/ldb/ldb_tdb/ldb_search.c >@@ -771,14 +771,6 @@ int ltdb_search(struct ltdb_context *ctx) > /* We accept subtree searches from a NULL base DN, ie over the whole DB */ > ret = LDB_SUCCESS; > } >- } else if (ldb_dn_is_valid(req->op.search.base) == false) { >- >- /* We don't want invalid base DNs here */ >- ldb_asprintf_errstring(ldb, >- "Invalid Base DN: %s", >- ldb_dn_get_linearized(req->op.search.base)); >- ret = LDB_ERR_INVALID_DN_SYNTAX; >- > } else if (req->op.search.scope == LDB_SCOPE_BASE) { > > /* >-- >2.11.0 > > >From 234e80741ad2e012d25bcac65b94bfd8d273f88a Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Mon, 21 May 2018 15:25:58 +1200 >Subject: [PATCH 10/11] ldb: Add tests for search add and rename with a bad dn= > DN > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13374 >--- > lib/ldb/tests/python/api.py | 156 ++++++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 156 insertions(+) > >diff --git a/lib/ldb/tests/python/api.py b/lib/ldb/tests/python/api.py >index a62b241444b..48fac887f1c 100755 >--- a/lib/ldb/tests/python/api.py >+++ b/lib/ldb/tests/python/api.py >@@ -401,6 +401,19 @@ class SimpleLdb(LdbBaseTest): > finally: > l.delete(ldb.Dn(l, "dc=bar")) > >+ def test_rename_bad_string_dns(self): >+ l = ldb.Ldb(self.url(), flags=self.flags()) >+ m = ldb.Message() >+ m.dn = ldb.Dn(l, "dc=foo8") >+ m["bla"] = b"bla" >+ m["objectUUID"] = b"0123456789abcdef" >+ self.assertEqual(len(l.search()), 0) >+ l.add(m) >+ self.assertEqual(len(l.search()), 1) >+ self.assertRaises(ldb.LdbError,lambda: l.rename("dcXfoo8", "dc=bar")) >+ self.assertRaises(ldb.LdbError,lambda: l.rename("dc=foo8", "dcXbar")) >+ l.delete(ldb.Dn(l, "dc=foo8")) >+ > def test_empty_dn(self): > l = ldb.Ldb(self.url(), flags=self.flags()) > self.assertEqual(0, len(l.search())) >@@ -1143,6 +1156,110 @@ class SearchTests(LdbBaseTest): > # At some point we should fix this, but it isn't trivial > self.assertEqual(len(res11), 1) > >+ def test_distinguishedName_filter_one(self): >+ """Testing that a distinguishedName= filter succeeds >+ when the scope is SCOPE_ONELEVEL. >+ >+ This should be made more consistent, but for now lock in >+ the behaviour >+ >+ """ >+ >+ res11 = self.l.search(base="DC=SAMBA,DC=ORG", >+ scope=ldb.SCOPE_ONELEVEL, >+ expression="(distinguishedName=OU=OU1,DC=SAMBA,DC=ORG)") >+ self.assertEqual(len(res11), 1) >+ >+ def test_distinguishedName_filter_subtree(self): >+ """Testing that a distinguishedName= filter succeeds >+ when the scope is SCOPE_SUBTREE""" >+ >+ res11 = self.l.search(base="DC=SAMBA,DC=ORG", >+ scope=ldb.SCOPE_SUBTREE, >+ expression="(distinguishedName=OU=OU1,DC=SAMBA,DC=ORG)") >+ self.assertEqual(len(res11), 1) >+ >+ def test_distinguishedName_filter_base(self): >+ """Testing that (incorrectly) a distinguishedName= filter works >+ when the scope is SCOPE_BASE""" >+ >+ res11 = self.l.search(base="OU=OU1,DC=SAMBA,DC=ORG", >+ scope=ldb.SCOPE_BASE, >+ expression="(distinguishedName=OU=OU1,DC=SAMBA,DC=ORG)") >+ >+ # At some point we should fix this, but it isn't trivial >+ self.assertEqual(len(res11), 1) >+ >+ def test_bad_dn_filter_base(self): >+ """Testing that a dn= filter on an invalid DN works >+ when the scope is SCOPE_BASE but >+ returns zero results""" >+ >+ res11 = self.l.search(base="OU=OU1,DC=SAMBA,DC=ORG", >+ scope=ldb.SCOPE_BASE, >+ expression="(dn=OU=OU1,DC=SAMBA,DCXXXX)") >+ >+ # At some point we should fix this, but it isn't trivial >+ self.assertEqual(len(res11), 0) >+ >+ >+ def test_bad_dn_filter_one(self): >+ """Testing that a dn= filter succeeds but returns zero >+ results when the DN is not valid on a SCOPE_ONELEVEL search >+ >+ """ >+ >+ res11 = self.l.search(base="DC=SAMBA,DC=ORG", >+ scope=ldb.SCOPE_ONELEVEL, >+ expression="(dn=OU=OU1,DC=SAMBA,DCXXXX)") >+ self.assertEqual(len(res11), 0) >+ >+ def test_bad_dn_filter_subtree(self): >+ """Testing that a dn= filter succeeds but returns zero >+ results when the DN is not valid on a SCOPE_SUBTREE search >+ >+ """ >+ >+ res11 = self.l.search(base="DC=SAMBA,DC=ORG", >+ scope=ldb.SCOPE_SUBTREE, >+ expression="(dn=OU=OU1,DC=SAMBA,DCXXXX)") >+ self.assertEqual(len(res11), 0) >+ >+ def test_bad_distinguishedName_filter_base(self): >+ """Testing that a distinguishedName= filter on an invalid DN works >+ when the scope is SCOPE_BASE but >+ returns zero results""" >+ >+ res11 = self.l.search(base="OU=OU1,DC=SAMBA,DC=ORG", >+ scope=ldb.SCOPE_BASE, >+ expression="(distinguishedName=OU=OU1,DC=SAMBA,DCXXXX)") >+ >+ # At some point we should fix this, but it isn't trivial >+ self.assertEqual(len(res11), 0) >+ >+ >+ def test_bad_distinguishedName_filter_one(self): >+ """Testing that a distinguishedName= filter succeeds but returns zero >+ results when the DN is not valid on a SCOPE_ONELEVEL search >+ >+ """ >+ >+ res11 = self.l.search(base="DC=SAMBA,DC=ORG", >+ scope=ldb.SCOPE_ONELEVEL, >+ expression="(distinguishedName=OU=OU1,DC=SAMBA,DCXXXX)") >+ self.assertEqual(len(res11), 0) >+ >+ def test_bad_distinguishedName_filter_subtree(self): >+ """Testing that a distinguishedName= filter succeeds but returns zero >+ results when the DN is not valid on a SCOPE_SUBTREE search >+ >+ """ >+ >+ res11 = self.l.search(base="DC=SAMBA,DC=ORG", >+ scope=ldb.SCOPE_SUBTREE, >+ expression="(distinguishedName=OU=OU1,DC=SAMBA,DCXXXX)") >+ self.assertEqual(len(res11), 0) >+ > > class IndexedSearchTests(SearchTests): > """Test searches using the index, to ensure the index doesn't >@@ -1291,6 +1408,17 @@ class AddModifyTests(LdbBaseTest): > enum = err.args[0] > self.assertEqual(enum, ldb.ERR_ENTRY_ALREADY_EXISTS) > >+ def test_add_bad(self): >+ try: >+ self.l.add({"dn": "BAD,DC=SAMBA,DC=ORG", >+ "name": b"Admins", >+ "x": "z", "y": "a", >+ "objectUUID": b"0123456789abcde1"}) >+ self.fail("Should have failed adding entry with invalid DN") >+ except ldb.LdbError as err: >+ enum = err.args[0] >+ self.assertEqual(enum, ldb.ERR_INVALID_DN_SYNTAX) >+ > def test_add_del_add(self): > self.l.add({"dn": "OU=DUP,DC=SAMBA,DC=ORG", > "name": b"Admins", >@@ -1372,6 +1500,34 @@ class AddModifyTests(LdbBaseTest): > enum = err.args[0] > self.assertEqual(enum, ldb.ERR_NO_SUCH_OBJECT) > >+ def test_move_bad(self): >+ self.l.add({"dn": "OU=DUP2,DC=SAMBA,DC=ORG", >+ "name": b"Admins", >+ "x": "z", "y": "a", >+ "objectUUID": b"0123456789abcde2"}) >+ >+ try: >+ self.l.rename("OUXDUP,DC=SAMBA,DC=ORG", >+ "OU=DUP2,DC=SAMBA,DC=ORG") >+ self.fail("Should have failed on invalid DN") >+ except ldb.LdbError as err: >+ enum = err.args[0] >+ self.assertEqual(enum, ldb.ERR_INVALID_DN_SYNTAX) >+ >+ def test_move_bad2(self): >+ self.l.add({"dn": "OU=DUP2,DC=SAMBA,DC=ORG", >+ "name": b"Admins", >+ "x": "z", "y": "a", >+ "objectUUID": b"0123456789abcde2"}) >+ >+ try: >+ self.l.rename("OU=DUP,DC=SAMBA,DC=ORG", >+ "OUXDUP2,DC=SAMBA,DC=ORG") >+ self.fail("Should have failed on missing") >+ except ldb.LdbError as err: >+ enum = err.args[0] >+ self.assertEqual(enum, ldb.ERR_INVALID_DN_SYNTAX) >+ > def test_move_fail_move_add(self): > self.l.add({"dn": "OU=DUP,DC=SAMBA,DC=ORG", > "name": b"Admins", >-- >2.11.0 > > >From 1f56a10159db2a2382986dec243af327c04d2b51 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Tue, 3 Jul 2018 15:56:35 +1200 >Subject: [PATCH 11/11] ldb: Release LDB 1.3.5 for CVE-2018-1140 > >* Security fix for CVE-2018-1140 (NULL pointer de-reference, bug 13374) >* New API ldb_dn_add_child_val() avoids passing untrusted input to ldb_dn_add_child_fmt() > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >--- > lib/ldb/ABI/ldb-1.3.5.sigs | 280 ++++++++++++++++++++++++++++++++++ > lib/ldb/ABI/pyldb-util-1.3.5.sigs | 2 + > lib/ldb/ABI/pyldb-util.py3-1.3.5.sigs | 2 + > lib/ldb/wscript | 2 +- > 4 files changed, 285 insertions(+), 1 deletion(-) > create mode 100644 lib/ldb/ABI/ldb-1.3.5.sigs > create mode 100644 lib/ldb/ABI/pyldb-util-1.3.5.sigs > create mode 100644 lib/ldb/ABI/pyldb-util.py3-1.3.5.sigs > >diff --git a/lib/ldb/ABI/ldb-1.3.5.sigs b/lib/ldb/ABI/ldb-1.3.5.sigs >new file mode 100644 >index 00000000000..0c1234f1c97 >--- /dev/null >+++ b/lib/ldb/ABI/ldb-1.3.5.sigs >@@ -0,0 +1,280 @@ >+ldb_add: int (struct ldb_context *, const struct ldb_message *) >+ldb_any_comparison: int (struct ldb_context *, void *, ldb_attr_handler_t, const struct ldb_val *, const struct ldb_val *) >+ldb_asprintf_errstring: void (struct ldb_context *, const char *, ...) >+ldb_attr_casefold: char *(TALLOC_CTX *, const char *) >+ldb_attr_dn: int (const char *) >+ldb_attr_in_list: int (const char * const *, const char *) >+ldb_attr_list_copy: const char **(TALLOC_CTX *, const char * const *) >+ldb_attr_list_copy_add: const char **(TALLOC_CTX *, const char * const *, const char *) >+ldb_base64_decode: int (char *) >+ldb_base64_encode: char *(TALLOC_CTX *, const char *, int) >+ldb_binary_decode: struct ldb_val (TALLOC_CTX *, const char *) >+ldb_binary_encode: char *(TALLOC_CTX *, struct ldb_val) >+ldb_binary_encode_string: char *(TALLOC_CTX *, const char *) >+ldb_build_add_req: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, const struct ldb_message *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *) >+ldb_build_del_req: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, struct ldb_dn *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *) >+ldb_build_extended_req: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, const char *, void *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *) >+ldb_build_mod_req: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, const struct ldb_message *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *) >+ldb_build_rename_req: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, struct ldb_dn *, struct ldb_dn *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *) >+ldb_build_search_req: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, struct ldb_dn *, enum ldb_scope, const char *, const char * const *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *) >+ldb_build_search_req_ex: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, struct ldb_dn *, enum ldb_scope, struct ldb_parse_tree *, const char * const *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *) >+ldb_casefold: char *(struct ldb_context *, TALLOC_CTX *, const char *, size_t) >+ldb_casefold_default: char *(void *, TALLOC_CTX *, const char *, size_t) >+ldb_check_critical_controls: int (struct ldb_control **) >+ldb_comparison_binary: int (struct ldb_context *, void *, const struct ldb_val *, const struct ldb_val *) >+ldb_comparison_fold: int (struct ldb_context *, void *, const struct ldb_val *, const struct ldb_val *) >+ldb_connect: int (struct ldb_context *, const char *, unsigned int, const char **) >+ldb_control_to_string: char *(TALLOC_CTX *, const struct ldb_control *) >+ldb_controls_except_specified: struct ldb_control **(struct ldb_control **, TALLOC_CTX *, struct ldb_control *) >+ldb_debug: void (struct ldb_context *, enum ldb_debug_level, const char *, ...) >+ldb_debug_add: void (struct ldb_context *, const char *, ...) >+ldb_debug_end: void (struct ldb_context *, enum ldb_debug_level) >+ldb_debug_set: void (struct ldb_context *, enum ldb_debug_level, const char *, ...) >+ldb_delete: int (struct ldb_context *, struct ldb_dn *) >+ldb_dn_add_base: bool (struct ldb_dn *, struct ldb_dn *) >+ldb_dn_add_base_fmt: bool (struct ldb_dn *, const char *, ...) >+ldb_dn_add_child: bool (struct ldb_dn *, struct ldb_dn *) >+ldb_dn_add_child_fmt: bool (struct ldb_dn *, const char *, ...) >+ldb_dn_add_child_val: bool (struct ldb_dn *, const char *, struct ldb_val) >+ldb_dn_alloc_casefold: char *(TALLOC_CTX *, struct ldb_dn *) >+ldb_dn_alloc_linearized: char *(TALLOC_CTX *, struct ldb_dn *) >+ldb_dn_canonical_ex_string: char *(TALLOC_CTX *, struct ldb_dn *) >+ldb_dn_canonical_string: char *(TALLOC_CTX *, struct ldb_dn *) >+ldb_dn_check_local: bool (struct ldb_module *, struct ldb_dn *) >+ldb_dn_check_special: bool (struct ldb_dn *, const char *) >+ldb_dn_compare: int (struct ldb_dn *, struct ldb_dn *) >+ldb_dn_compare_base: int (struct ldb_dn *, struct ldb_dn *) >+ldb_dn_copy: struct ldb_dn *(TALLOC_CTX *, struct ldb_dn *) >+ldb_dn_escape_value: char *(TALLOC_CTX *, struct ldb_val) >+ldb_dn_extended_add_syntax: int (struct ldb_context *, unsigned int, const struct ldb_dn_extended_syntax *) >+ldb_dn_extended_filter: void (struct ldb_dn *, const char * const *) >+ldb_dn_extended_syntax_by_name: const struct ldb_dn_extended_syntax *(struct ldb_context *, const char *) >+ldb_dn_from_ldb_val: struct ldb_dn *(TALLOC_CTX *, struct ldb_context *, const struct ldb_val *) >+ldb_dn_get_casefold: const char *(struct ldb_dn *) >+ldb_dn_get_comp_num: int (struct ldb_dn *) >+ldb_dn_get_component_name: const char *(struct ldb_dn *, unsigned int) >+ldb_dn_get_component_val: const struct ldb_val *(struct ldb_dn *, unsigned int) >+ldb_dn_get_extended_comp_num: int (struct ldb_dn *) >+ldb_dn_get_extended_component: const struct ldb_val *(struct ldb_dn *, const char *) >+ldb_dn_get_extended_linearized: char *(TALLOC_CTX *, struct ldb_dn *, int) >+ldb_dn_get_ldb_context: struct ldb_context *(struct ldb_dn *) >+ldb_dn_get_linearized: const char *(struct ldb_dn *) >+ldb_dn_get_parent: struct ldb_dn *(TALLOC_CTX *, struct ldb_dn *) >+ldb_dn_get_rdn_name: const char *(struct ldb_dn *) >+ldb_dn_get_rdn_val: const struct ldb_val *(struct ldb_dn *) >+ldb_dn_has_extended: bool (struct ldb_dn *) >+ldb_dn_is_null: bool (struct ldb_dn *) >+ldb_dn_is_special: bool (struct ldb_dn *) >+ldb_dn_is_valid: bool (struct ldb_dn *) >+ldb_dn_map_local: struct ldb_dn *(struct ldb_module *, void *, struct ldb_dn *) >+ldb_dn_map_rebase_remote: struct ldb_dn *(struct ldb_module *, void *, struct ldb_dn *) >+ldb_dn_map_remote: struct ldb_dn *(struct ldb_module *, void *, struct ldb_dn *) >+ldb_dn_minimise: bool (struct ldb_dn *) >+ldb_dn_new: struct ldb_dn *(TALLOC_CTX *, struct ldb_context *, const char *) >+ldb_dn_new_fmt: struct ldb_dn *(TALLOC_CTX *, struct ldb_context *, const char *, ...) >+ldb_dn_remove_base_components: bool (struct ldb_dn *, unsigned int) >+ldb_dn_remove_child_components: bool (struct ldb_dn *, unsigned int) >+ldb_dn_remove_extended_components: void (struct ldb_dn *) >+ldb_dn_replace_components: bool (struct ldb_dn *, struct ldb_dn *) >+ldb_dn_set_component: int (struct ldb_dn *, int, const char *, const struct ldb_val) >+ldb_dn_set_extended_component: int (struct ldb_dn *, const char *, const struct ldb_val *) >+ldb_dn_update_components: int (struct ldb_dn *, const struct ldb_dn *) >+ldb_dn_validate: bool (struct ldb_dn *) >+ldb_dump_results: void (struct ldb_context *, struct ldb_result *, FILE *) >+ldb_error_at: int (struct ldb_context *, int, const char *, const char *, int) >+ldb_errstring: const char *(struct ldb_context *) >+ldb_extended: int (struct ldb_context *, const char *, void *, struct ldb_result **) >+ldb_extended_default_callback: int (struct ldb_request *, struct ldb_reply *) >+ldb_filter_from_tree: char *(TALLOC_CTX *, const struct ldb_parse_tree *) >+ldb_get_config_basedn: struct ldb_dn *(struct ldb_context *) >+ldb_get_create_perms: unsigned int (struct ldb_context *) >+ldb_get_default_basedn: struct ldb_dn *(struct ldb_context *) >+ldb_get_event_context: struct tevent_context *(struct ldb_context *) >+ldb_get_flags: unsigned int (struct ldb_context *) >+ldb_get_opaque: void *(struct ldb_context *, const char *) >+ldb_get_root_basedn: struct ldb_dn *(struct ldb_context *) >+ldb_get_schema_basedn: struct ldb_dn *(struct ldb_context *) >+ldb_global_init: int (void) >+ldb_handle_get_event_context: struct tevent_context *(struct ldb_handle *) >+ldb_handle_new: struct ldb_handle *(TALLOC_CTX *, struct ldb_context *) >+ldb_handle_use_global_event_context: void (struct ldb_handle *) >+ldb_handler_copy: int (struct ldb_context *, void *, const struct ldb_val *, struct ldb_val *) >+ldb_handler_fold: int (struct ldb_context *, void *, const struct ldb_val *, struct ldb_val *) >+ldb_init: struct ldb_context *(TALLOC_CTX *, struct tevent_context *) >+ldb_ldif_message_redacted_string: char *(struct ldb_context *, TALLOC_CTX *, enum ldb_changetype, const struct ldb_message *) >+ldb_ldif_message_string: char *(struct ldb_context *, TALLOC_CTX *, enum ldb_changetype, const struct ldb_message *) >+ldb_ldif_parse_modrdn: int (struct ldb_context *, const struct ldb_ldif *, TALLOC_CTX *, struct ldb_dn **, struct ldb_dn **, bool *, struct ldb_dn **, struct ldb_dn **) >+ldb_ldif_read: struct ldb_ldif *(struct ldb_context *, int (*)(void *), void *) >+ldb_ldif_read_file: struct ldb_ldif *(struct ldb_context *, FILE *) >+ldb_ldif_read_file_state: struct ldb_ldif *(struct ldb_context *, struct ldif_read_file_state *) >+ldb_ldif_read_free: void (struct ldb_context *, struct ldb_ldif *) >+ldb_ldif_read_string: struct ldb_ldif *(struct ldb_context *, const char **) >+ldb_ldif_write: int (struct ldb_context *, int (*)(void *, const char *, ...), void *, const struct ldb_ldif *) >+ldb_ldif_write_file: int (struct ldb_context *, FILE *, const struct ldb_ldif *) >+ldb_ldif_write_redacted_trace_string: char *(struct ldb_context *, TALLOC_CTX *, const struct ldb_ldif *) >+ldb_ldif_write_string: char *(struct ldb_context *, TALLOC_CTX *, const struct ldb_ldif *) >+ldb_load_modules: int (struct ldb_context *, const char **) >+ldb_map_add: int (struct ldb_module *, struct ldb_request *) >+ldb_map_delete: int (struct ldb_module *, struct ldb_request *) >+ldb_map_init: int (struct ldb_module *, const struct ldb_map_attribute *, const struct ldb_map_objectclass *, const char * const *, const char *, const char *) >+ldb_map_modify: int (struct ldb_module *, struct ldb_request *) >+ldb_map_rename: int (struct ldb_module *, struct ldb_request *) >+ldb_map_search: int (struct ldb_module *, struct ldb_request *) >+ldb_match_message: int (struct ldb_context *, const struct ldb_message *, const struct ldb_parse_tree *, enum ldb_scope, bool *) >+ldb_match_msg: int (struct ldb_context *, const struct ldb_message *, const struct ldb_parse_tree *, struct ldb_dn *, enum ldb_scope) >+ldb_match_msg_error: int (struct ldb_context *, const struct ldb_message *, const struct ldb_parse_tree *, struct ldb_dn *, enum ldb_scope, bool *) >+ldb_match_msg_objectclass: int (const struct ldb_message *, const char *) >+ldb_mod_register_control: int (struct ldb_module *, const char *) >+ldb_modify: int (struct ldb_context *, const struct ldb_message *) >+ldb_modify_default_callback: int (struct ldb_request *, struct ldb_reply *) >+ldb_module_call_chain: char *(struct ldb_request *, TALLOC_CTX *) >+ldb_module_connect_backend: int (struct ldb_context *, const char *, const char **, struct ldb_module **) >+ldb_module_done: int (struct ldb_request *, struct ldb_control **, struct ldb_extended *, int) >+ldb_module_flags: uint32_t (struct ldb_context *) >+ldb_module_get_ctx: struct ldb_context *(struct ldb_module *) >+ldb_module_get_name: const char *(struct ldb_module *) >+ldb_module_get_ops: const struct ldb_module_ops *(struct ldb_module *) >+ldb_module_get_private: void *(struct ldb_module *) >+ldb_module_init_chain: int (struct ldb_context *, struct ldb_module *) >+ldb_module_load_list: int (struct ldb_context *, const char **, struct ldb_module *, struct ldb_module **) >+ldb_module_new: struct ldb_module *(TALLOC_CTX *, struct ldb_context *, const char *, const struct ldb_module_ops *) >+ldb_module_next: struct ldb_module *(struct ldb_module *) >+ldb_module_popt_options: struct poptOption **(struct ldb_context *) >+ldb_module_send_entry: int (struct ldb_request *, struct ldb_message *, struct ldb_control **) >+ldb_module_send_referral: int (struct ldb_request *, char *) >+ldb_module_set_next: void (struct ldb_module *, struct ldb_module *) >+ldb_module_set_private: void (struct ldb_module *, void *) >+ldb_modules_hook: int (struct ldb_context *, enum ldb_module_hook_type) >+ldb_modules_list_from_string: const char **(struct ldb_context *, TALLOC_CTX *, const char *) >+ldb_modules_load: int (const char *, const char *) >+ldb_msg_add: int (struct ldb_message *, const struct ldb_message_element *, int) >+ldb_msg_add_empty: int (struct ldb_message *, const char *, int, struct ldb_message_element **) >+ldb_msg_add_fmt: int (struct ldb_message *, const char *, const char *, ...) >+ldb_msg_add_linearized_dn: int (struct ldb_message *, const char *, struct ldb_dn *) >+ldb_msg_add_steal_string: int (struct ldb_message *, const char *, char *) >+ldb_msg_add_steal_value: int (struct ldb_message *, const char *, struct ldb_val *) >+ldb_msg_add_string: int (struct ldb_message *, const char *, const char *) >+ldb_msg_add_value: int (struct ldb_message *, const char *, const struct ldb_val *, struct ldb_message_element **) >+ldb_msg_canonicalize: struct ldb_message *(struct ldb_context *, const struct ldb_message *) >+ldb_msg_check_string_attribute: int (const struct ldb_message *, const char *, const char *) >+ldb_msg_copy: struct ldb_message *(TALLOC_CTX *, const struct ldb_message *) >+ldb_msg_copy_attr: int (struct ldb_message *, const char *, const char *) >+ldb_msg_copy_shallow: struct ldb_message *(TALLOC_CTX *, const struct ldb_message *) >+ldb_msg_diff: struct ldb_message *(struct ldb_context *, struct ldb_message *, struct ldb_message *) >+ldb_msg_difference: int (struct ldb_context *, TALLOC_CTX *, struct ldb_message *, struct ldb_message *, struct ldb_message **) >+ldb_msg_element_compare: int (struct ldb_message_element *, struct ldb_message_element *) >+ldb_msg_element_compare_name: int (struct ldb_message_element *, struct ldb_message_element *) >+ldb_msg_element_equal_ordered: bool (const struct ldb_message_element *, const struct ldb_message_element *) >+ldb_msg_find_attr_as_bool: int (const struct ldb_message *, const char *, int) >+ldb_msg_find_attr_as_dn: struct ldb_dn *(struct ldb_context *, TALLOC_CTX *, const struct ldb_message *, const char *) >+ldb_msg_find_attr_as_double: double (const struct ldb_message *, const char *, double) >+ldb_msg_find_attr_as_int: int (const struct ldb_message *, const char *, int) >+ldb_msg_find_attr_as_int64: int64_t (const struct ldb_message *, const char *, int64_t) >+ldb_msg_find_attr_as_string: const char *(const struct ldb_message *, const char *, const char *) >+ldb_msg_find_attr_as_uint: unsigned int (const struct ldb_message *, const char *, unsigned int) >+ldb_msg_find_attr_as_uint64: uint64_t (const struct ldb_message *, const char *, uint64_t) >+ldb_msg_find_common_values: int (struct ldb_context *, TALLOC_CTX *, struct ldb_message_element *, struct ldb_message_element *, uint32_t) >+ldb_msg_find_duplicate_val: int (struct ldb_context *, TALLOC_CTX *, const struct ldb_message_element *, struct ldb_val **, uint32_t) >+ldb_msg_find_element: struct ldb_message_element *(const struct ldb_message *, const char *) >+ldb_msg_find_ldb_val: const struct ldb_val *(const struct ldb_message *, const char *) >+ldb_msg_find_val: struct ldb_val *(const struct ldb_message_element *, struct ldb_val *) >+ldb_msg_new: struct ldb_message *(TALLOC_CTX *) >+ldb_msg_normalize: int (struct ldb_context *, TALLOC_CTX *, const struct ldb_message *, struct ldb_message **) >+ldb_msg_remove_attr: void (struct ldb_message *, const char *) >+ldb_msg_remove_element: void (struct ldb_message *, struct ldb_message_element *) >+ldb_msg_rename_attr: int (struct ldb_message *, const char *, const char *) >+ldb_msg_sanity_check: int (struct ldb_context *, const struct ldb_message *) >+ldb_msg_sort_elements: void (struct ldb_message *) >+ldb_next_del_trans: int (struct ldb_module *) >+ldb_next_end_trans: int (struct ldb_module *) >+ldb_next_init: int (struct ldb_module *) >+ldb_next_prepare_commit: int (struct ldb_module *) >+ldb_next_read_lock: int (struct ldb_module *) >+ldb_next_read_unlock: int (struct ldb_module *) >+ldb_next_remote_request: int (struct ldb_module *, struct ldb_request *) >+ldb_next_request: int (struct ldb_module *, struct ldb_request *) >+ldb_next_start_trans: int (struct ldb_module *) >+ldb_op_default_callback: int (struct ldb_request *, struct ldb_reply *) >+ldb_options_find: const char *(struct ldb_context *, const char **, const char *) >+ldb_pack_data: int (struct ldb_context *, const struct ldb_message *, struct ldb_val *) >+ldb_parse_control_from_string: struct ldb_control *(struct ldb_context *, TALLOC_CTX *, const char *) >+ldb_parse_control_strings: struct ldb_control **(struct ldb_context *, TALLOC_CTX *, const char **) >+ldb_parse_tree: struct ldb_parse_tree *(TALLOC_CTX *, const char *) >+ldb_parse_tree_attr_replace: void (struct ldb_parse_tree *, const char *, const char *) >+ldb_parse_tree_copy_shallow: struct ldb_parse_tree *(TALLOC_CTX *, const struct ldb_parse_tree *) >+ldb_parse_tree_walk: int (struct ldb_parse_tree *, int (*)(struct ldb_parse_tree *, void *), void *) >+ldb_qsort: void (void * const, size_t, size_t, void *, ldb_qsort_cmp_fn_t) >+ldb_register_backend: int (const char *, ldb_connect_fn, bool) >+ldb_register_extended_match_rule: int (struct ldb_context *, const struct ldb_extended_match_rule *) >+ldb_register_hook: int (ldb_hook_fn) >+ldb_register_module: int (const struct ldb_module_ops *) >+ldb_rename: int (struct ldb_context *, struct ldb_dn *, struct ldb_dn *) >+ldb_reply_add_control: int (struct ldb_reply *, const char *, bool, void *) >+ldb_reply_get_control: struct ldb_control *(struct ldb_reply *, const char *) >+ldb_req_get_custom_flags: uint32_t (struct ldb_request *) >+ldb_req_is_untrusted: bool (struct ldb_request *) >+ldb_req_location: const char *(struct ldb_request *) >+ldb_req_mark_trusted: void (struct ldb_request *) >+ldb_req_mark_untrusted: void (struct ldb_request *) >+ldb_req_set_custom_flags: void (struct ldb_request *, uint32_t) >+ldb_req_set_location: void (struct ldb_request *, const char *) >+ldb_request: int (struct ldb_context *, struct ldb_request *) >+ldb_request_add_control: int (struct ldb_request *, const char *, bool, void *) >+ldb_request_done: int (struct ldb_request *, int) >+ldb_request_get_control: struct ldb_control *(struct ldb_request *, const char *) >+ldb_request_get_status: int (struct ldb_request *) >+ldb_request_replace_control: int (struct ldb_request *, const char *, bool, void *) >+ldb_request_set_state: void (struct ldb_request *, int) >+ldb_reset_err_string: void (struct ldb_context *) >+ldb_save_controls: int (struct ldb_control *, struct ldb_request *, struct ldb_control ***) >+ldb_schema_attribute_add: int (struct ldb_context *, const char *, unsigned int, const char *) >+ldb_schema_attribute_add_with_syntax: int (struct ldb_context *, const char *, unsigned int, const struct ldb_schema_syntax *) >+ldb_schema_attribute_by_name: const struct ldb_schema_attribute *(struct ldb_context *, const char *) >+ldb_schema_attribute_fill_with_syntax: int (struct ldb_context *, TALLOC_CTX *, const char *, unsigned int, const struct ldb_schema_syntax *, struct ldb_schema_attribute *) >+ldb_schema_attribute_remove: void (struct ldb_context *, const char *) >+ldb_schema_attribute_remove_flagged: void (struct ldb_context *, unsigned int) >+ldb_schema_attribute_set_override_handler: void (struct ldb_context *, ldb_attribute_handler_override_fn_t, void *) >+ldb_schema_set_override_GUID_index: void (struct ldb_context *, const char *, const char *) >+ldb_schema_set_override_indexlist: void (struct ldb_context *, bool) >+ldb_search: int (struct ldb_context *, TALLOC_CTX *, struct ldb_result **, struct ldb_dn *, enum ldb_scope, const char * const *, const char *, ...) >+ldb_search_default_callback: int (struct ldb_request *, struct ldb_reply *) >+ldb_sequence_number: int (struct ldb_context *, enum ldb_sequence_type, uint64_t *) >+ldb_set_create_perms: void (struct ldb_context *, unsigned int) >+ldb_set_debug: int (struct ldb_context *, void (*)(void *, enum ldb_debug_level, const char *, va_list), void *) >+ldb_set_debug_stderr: int (struct ldb_context *) >+ldb_set_default_dns: void (struct ldb_context *) >+ldb_set_errstring: void (struct ldb_context *, const char *) >+ldb_set_event_context: void (struct ldb_context *, struct tevent_context *) >+ldb_set_flags: void (struct ldb_context *, unsigned int) >+ldb_set_modules_dir: void (struct ldb_context *, const char *) >+ldb_set_opaque: int (struct ldb_context *, const char *, void *) >+ldb_set_require_private_event_context: void (struct ldb_context *) >+ldb_set_timeout: int (struct ldb_context *, struct ldb_request *, int) >+ldb_set_timeout_from_prev_req: int (struct ldb_context *, struct ldb_request *, struct ldb_request *) >+ldb_set_utf8_default: void (struct ldb_context *) >+ldb_set_utf8_fns: void (struct ldb_context *, void *, char *(*)(void *, void *, const char *, size_t)) >+ldb_setup_wellknown_attributes: int (struct ldb_context *) >+ldb_should_b64_encode: int (struct ldb_context *, const struct ldb_val *) >+ldb_standard_syntax_by_name: const struct ldb_schema_syntax *(struct ldb_context *, const char *) >+ldb_strerror: const char *(int) >+ldb_string_to_time: time_t (const char *) >+ldb_string_utc_to_time: time_t (const char *) >+ldb_timestring: char *(TALLOC_CTX *, time_t) >+ldb_timestring_utc: char *(TALLOC_CTX *, time_t) >+ldb_transaction_cancel: int (struct ldb_context *) >+ldb_transaction_cancel_noerr: int (struct ldb_context *) >+ldb_transaction_commit: int (struct ldb_context *) >+ldb_transaction_prepare_commit: int (struct ldb_context *) >+ldb_transaction_start: int (struct ldb_context *) >+ldb_unpack_data: int (struct ldb_context *, const struct ldb_val *, struct ldb_message *) >+ldb_unpack_data_only_attr_list: int (struct ldb_context *, const struct ldb_val *, struct ldb_message *, const char * const *, unsigned int, unsigned int *) >+ldb_unpack_data_only_attr_list_flags: int (struct ldb_context *, const struct ldb_val *, struct ldb_message *, const char * const *, unsigned int, unsigned int, unsigned int *) >+ldb_val_dup: struct ldb_val (TALLOC_CTX *, const struct ldb_val *) >+ldb_val_equal_exact: int (const struct ldb_val *, const struct ldb_val *) >+ldb_val_map_local: struct ldb_val (struct ldb_module *, void *, const struct ldb_map_attribute *, const struct ldb_val *) >+ldb_val_map_remote: struct ldb_val (struct ldb_module *, void *, const struct ldb_map_attribute *, const struct ldb_val *) >+ldb_val_string_cmp: int (const struct ldb_val *, const char *) >+ldb_val_to_time: int (const struct ldb_val *, time_t *) >+ldb_valid_attr_name: int (const char *) >+ldb_vdebug: void (struct ldb_context *, enum ldb_debug_level, const char *, va_list) >+ldb_wait: int (struct ldb_handle *, enum ldb_wait_type) >diff --git a/lib/ldb/ABI/pyldb-util-1.3.5.sigs b/lib/ldb/ABI/pyldb-util-1.3.5.sigs >new file mode 100644 >index 00000000000..74d6719d2bc >--- /dev/null >+++ b/lib/ldb/ABI/pyldb-util-1.3.5.sigs >@@ -0,0 +1,2 @@ >+pyldb_Dn_FromDn: PyObject *(struct ldb_dn *) >+pyldb_Object_AsDn: bool (TALLOC_CTX *, PyObject *, struct ldb_context *, struct ldb_dn **) >diff --git a/lib/ldb/ABI/pyldb-util.py3-1.3.5.sigs b/lib/ldb/ABI/pyldb-util.py3-1.3.5.sigs >new file mode 100644 >index 00000000000..74d6719d2bc >--- /dev/null >+++ b/lib/ldb/ABI/pyldb-util.py3-1.3.5.sigs >@@ -0,0 +1,2 @@ >+pyldb_Dn_FromDn: PyObject *(struct ldb_dn *) >+pyldb_Object_AsDn: bool (TALLOC_CTX *, PyObject *, struct ldb_context *, struct ldb_dn **) >diff --git a/lib/ldb/wscript b/lib/ldb/wscript >index b9482df5972..d18b2609417 100644 >--- a/lib/ldb/wscript >+++ b/lib/ldb/wscript >@@ -1,7 +1,7 @@ > #!/usr/bin/env python > > APPNAME = 'ldb' >-VERSION = '1.3.4' >+VERSION = '1.3.5' > > blddir = 'bin' > >-- >2.11.0 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 13374
:
14113
|
14206
|
14207
|
14208
|
14267
|
14270
|
14271
|
14272
|
14273
|
14274
|
14275
|
14276
|
14278
|
14279
|
14282
|
14283
|
14289
|
14290
|
14295
|
14296
|
14297
|
14316
|
14317
|
14418
|
14419