The Samba-Bugzilla – Attachment 14316 Details for
Bug 13374
[SECURITY] CVE-2018-1140 ldbsearch '(distinguishedName=abc)' and DNS query with escapes crashes
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
CVE-2018-1140 patch for master
final-CVE-2018-1140-master.patch (text/plain), 43.97 KB, created by
Douglas Bagnall
on 2018-07-10 03:02:38 UTC
(
hide
)
Description:
CVE-2018-1140 patch for master
Filename:
MIME Type:
Creator:
Douglas Bagnall
Created:
2018-07-10 03:02:38 UTC
Size:
43.97 KB
patch
obsolete
>From 67632636420fa8805a679c2fa8fa837e41801c4f Mon Sep 17 00:00:00 2001 >From: Andrej Gessel <Andrej.Gessel@janztec.com> >Date: Fri, 6 Apr 2018 18:18:33 +0200 >Subject: [PATCH 1/7] CVE-2018-1140 Add NULL check for ldb_dn_get_casefold() in > ltdb_index_dn_attr() > >Signed-off-by: Andrej Gessel <Andrej.Gessel@janztec.com> >Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13374 >--- > lib/ldb/ldb_tdb/ldb_index.c | 9 +++++++++ > 1 file changed, 9 insertions(+) > >diff --git a/lib/ldb/ldb_tdb/ldb_index.c b/lib/ldb/ldb_tdb/ldb_index.c >index fb606124fb4..185da3d91d5 100644 >--- a/lib/ldb/ldb_tdb/ldb_index.c >+++ b/lib/ldb/ldb_tdb/ldb_index.c >@@ -1597,6 +1597,15 @@ static int ltdb_index_dn_attr(struct ldb_module *module, > > /* work out the index key from the parent DN */ > val.data = (uint8_t *)((uintptr_t)ldb_dn_get_casefold(dn)); >+ if (val.data == NULL) { >+ const char *dn_str = ldb_dn_get_linearized(dn); >+ ldb_asprintf_errstring(ldb_module_get_ctx(module), >+ __location__ >+ ": Failed to get casefold DN " >+ "from: %s", >+ dn_str); >+ return LDB_ERR_OPERATIONS_ERROR; >+ } > val.length = strlen((char *)val.data); > key = ltdb_index_key(ldb, ltdb, attr, &val, NULL, truncation); > if (!key) { >-- >2.11.0 > > >From 5830a3e1aa6f516ab849a9cf9428fc4d3bd22ad9 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Mon, 21 May 2018 14:50:50 +1200 >Subject: [PATCH 2/7] CVE-2018-1140 ldb: Check for ldb_dn_get_casefold() > failure in ldb_sqlite > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13374 >--- > lib/ldb/ldb_sqlite3/ldb_sqlite3.c | 3 +++ > 1 file changed, 3 insertions(+) > >diff --git a/lib/ldb/ldb_sqlite3/ldb_sqlite3.c b/lib/ldb/ldb_sqlite3/ldb_sqlite3.c >index f94dc993904..0f5abf87547 100644 >--- a/lib/ldb/ldb_sqlite3/ldb_sqlite3.c >+++ b/lib/ldb/ldb_sqlite3/ldb_sqlite3.c >@@ -323,6 +323,9 @@ static char *parsetree_to_sql(struct ldb_module *module, > const char *cdn = ldb_dn_get_casefold( > ldb_dn_new(mem_ctx, ldb, > (const char *)value.data)); >+ if (cdn == NULL) { >+ return NULL; >+ } > > return lsqlite3_tprintf(mem_ctx, > "SELECT eid FROM ldb_entry " >-- >2.11.0 > > >From e8da99afb51f95f15862cd5be35667c6ca954875 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Mon, 21 May 2018 15:20:26 +1200 >Subject: [PATCH 3/7] CVE-2018-1140 ldb_tdb: Ensure the dn in > distinguishedName= is valid before use > >ldb_dn_from_ldb_val() does not validate this untrusted input, so a later >call to ldb_dn_get_casefold() can fail if the input is not valid. > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13374 >--- > lib/ldb/ldb_tdb/ldb_index.c | 9 +++++++++ > 1 file changed, 9 insertions(+) > >diff --git a/lib/ldb/ldb_tdb/ldb_index.c b/lib/ldb/ldb_tdb/ldb_index.c >index 185da3d91d5..4b5054e81ec 100644 >--- a/lib/ldb/ldb_tdb/ldb_index.c >+++ b/lib/ldb/ldb_tdb/ldb_index.c >@@ -1155,6 +1155,7 @@ static int ltdb_index_dn_leaf(struct ldb_module *module, > } > if (ldb_attr_dn(tree->u.equality.attr) == 0) { > enum key_truncation truncation = KEY_NOT_TRUNCATED; >+ bool valid_dn = false; > struct ldb_dn *dn > = ldb_dn_from_ldb_val(list, > ldb_module_get_ctx(module), >@@ -1166,6 +1167,14 @@ static int ltdb_index_dn_leaf(struct ldb_module *module, > return LDB_SUCCESS; > } > >+ valid_dn = ldb_dn_validate(dn); >+ if (valid_dn == false) { >+ /* If we can't parse it, no match */ >+ list->dn = NULL; >+ list->count = 0; >+ return LDB_SUCCESS; >+ } >+ > /* > * Re-use the same code we use for a SCOPE_BASE > * search >-- >2.11.0 > > >From 8eefcad05bce2a3a8fcc6f8ebf03134d32cc11cb Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Mon, 21 May 2018 15:23:53 +1200 >Subject: [PATCH 4/7] CVE-2018-1140 ldb_tdb: Check for DN validity in add, > rename and search > >This ensures we fail with a good error code before an eventual ldb_dn_get_casefold() which >would otherwise fail. > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13374 >--- > lib/ldb/ldb_tdb/ldb_search.c | 16 ++++++++++++++++ > lib/ldb/ldb_tdb/ldb_tdb.c | 27 ++++++++++++++++++++++++++- > 2 files changed, 42 insertions(+), 1 deletion(-) > >diff --git a/lib/ldb/ldb_tdb/ldb_search.c b/lib/ldb/ldb_tdb/ldb_search.c >index 832be9a598b..af66a097ad5 100644 >--- a/lib/ldb/ldb_tdb/ldb_search.c >+++ b/lib/ldb/ldb_tdb/ldb_search.c >@@ -297,6 +297,14 @@ int ltdb_search_dn1(struct ldb_module *module, struct ldb_dn *dn, struct ldb_mes > }; > TALLOC_CTX *tdb_key_ctx = NULL; > >+ bool valid_dn = ldb_dn_validate(dn); >+ if (valid_dn == false) { >+ ldb_asprintf_errstring(ldb_module_get_ctx(module), >+ "Invalid Base DN: %s", >+ ldb_dn_get_linearized(dn)); >+ return LDB_ERR_INVALID_DN_SYNTAX; >+ } >+ > if (ltdb->cache->GUID_index_attribute == NULL || > ldb_dn_is_special(dn)) { > >@@ -791,6 +799,14 @@ int ltdb_search(struct ltdb_context *ctx) > ldb_dn_get_linearized(req->op.search.base)); > } > >+ } else if (ldb_dn_validate(req->op.search.base) == false) { >+ >+ /* We don't want invalid base DNs here */ >+ ldb_asprintf_errstring(ldb, >+ "Invalid Base DN: %s", >+ ldb_dn_get_linearized(req->op.search.base)); >+ ret = LDB_ERR_INVALID_DN_SYNTAX; >+ > } else { > /* If we are not checking the base DN life is easy */ > ret = LDB_SUCCESS; >diff --git a/lib/ldb/ldb_tdb/ldb_tdb.c b/lib/ldb/ldb_tdb/ldb_tdb.c >index daf9a778f5b..a83bc34f58b 100644 >--- a/lib/ldb/ldb_tdb/ldb_tdb.c >+++ b/lib/ldb/ldb_tdb/ldb_tdb.c >@@ -566,6 +566,16 @@ static int ltdb_add_internal(struct ldb_module *module, > struct ldb_context *ldb = ldb_module_get_ctx(module); > int ret = LDB_SUCCESS; > unsigned int i; >+ bool valid_dn = false; >+ >+ /* Check the new DN is reasonable */ >+ valid_dn = ldb_dn_validate(msg->dn); >+ if (valid_dn == false) { >+ ldb_asprintf_errstring(ldb_module_get_ctx(module), >+ "Invalid DN in ADD: %s", >+ ldb_dn_get_linearized(msg->dn)); >+ return LDB_ERR_INVALID_DN_SYNTAX; >+ } > > for (i=0;i<msg->num_elements;i++) { > struct ldb_message_element *el = &msg->elements[i]; >@@ -1369,6 +1379,7 @@ static int ltdb_rename(struct ltdb_context *ctx) > int ret = LDB_SUCCESS; > TDB_DATA tdb_key, tdb_key_old; > struct ldb_dn *db_dn; >+ bool valid_dn = false; > > ldb_request_set_state(req, LDB_ASYNC_PENDING); > >@@ -1381,10 +1392,24 @@ static int ltdb_rename(struct ltdb_context *ctx) > return LDB_ERR_OPERATIONS_ERROR; > } > >+ /* Check the new DN is reasonable */ >+ valid_dn = ldb_dn_validate(req->op.rename.newdn); >+ if (valid_dn == false) { >+ ldb_asprintf_errstring(ldb_module_get_ctx(module), >+ "Invalid New DN: %s", >+ ldb_dn_get_linearized(req->op.rename.newdn)); >+ return LDB_ERR_INVALID_DN_SYNTAX; >+ } >+ > /* we need to fetch the old record to re-add under the new name */ > ret = ltdb_search_dn1(module, req->op.rename.olddn, msg, > LDB_UNPACK_DATA_FLAG_NO_DATA_ALLOC); >- if (ret != LDB_SUCCESS) { >+ if (ret == LDB_ERR_INVALID_DN_SYNTAX) { >+ ldb_asprintf_errstring(ldb_module_get_ctx(module), >+ "Invalid Old DN: %s", >+ ldb_dn_get_linearized(req->op.rename.newdn)); >+ return ret; >+ } else if (ret != LDB_SUCCESS) { > /* not finding the old record is an error */ > return ret; > } >-- >2.11.0 > > >From a24187ef34fe46995eaf791f4b68b2c186861991 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Mon, 21 May 2018 15:25:58 +1200 >Subject: [PATCH 5/7] CVE-2018-1140 ldb: Add tests for search add and rename > with a bad dn= DN > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13374 >--- > lib/ldb/tests/python/api.py | 156 ++++++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 156 insertions(+) > >diff --git a/lib/ldb/tests/python/api.py b/lib/ldb/tests/python/api.py >index 9d01535e29c..e4010960697 100755 >--- a/lib/ldb/tests/python/api.py >+++ b/lib/ldb/tests/python/api.py >@@ -423,6 +423,19 @@ class SimpleLdb(LdbBaseTest): > finally: > l.delete(ldb.Dn(l, "dc=bar")) > >+ def test_rename_bad_string_dns(self): >+ l = ldb.Ldb(self.url(), flags=self.flags()) >+ m = ldb.Message() >+ m.dn = ldb.Dn(l, "dc=foo8") >+ m["bla"] = b"bla" >+ m["objectUUID"] = b"0123456789abcdef" >+ self.assertEqual(len(l.search()), 0) >+ l.add(m) >+ self.assertEqual(len(l.search()), 1) >+ self.assertRaises(ldb.LdbError,lambda: l.rename("dcXfoo8", "dc=bar")) >+ self.assertRaises(ldb.LdbError,lambda: l.rename("dc=foo8", "dcXbar")) >+ l.delete(ldb.Dn(l, "dc=foo8")) >+ > def test_empty_dn(self): > l = ldb.Ldb(self.url(), flags=self.flags()) > self.assertEqual(0, len(l.search())) >@@ -1192,6 +1205,110 @@ class SearchTests(LdbBaseTest): > # At some point we should fix this, but it isn't trivial > self.assertEqual(len(res11), 1) > >+ def test_distinguishedName_filter_one(self): >+ """Testing that a distinguishedName= filter succeeds >+ when the scope is SCOPE_ONELEVEL. >+ >+ This should be made more consistent, but for now lock in >+ the behaviour >+ >+ """ >+ >+ res11 = self.l.search(base="DC=SAMBA,DC=ORG", >+ scope=ldb.SCOPE_ONELEVEL, >+ expression="(distinguishedName=OU=OU1,DC=SAMBA,DC=ORG)") >+ self.assertEqual(len(res11), 1) >+ >+ def test_distinguishedName_filter_subtree(self): >+ """Testing that a distinguishedName= filter succeeds >+ when the scope is SCOPE_SUBTREE""" >+ >+ res11 = self.l.search(base="DC=SAMBA,DC=ORG", >+ scope=ldb.SCOPE_SUBTREE, >+ expression="(distinguishedName=OU=OU1,DC=SAMBA,DC=ORG)") >+ self.assertEqual(len(res11), 1) >+ >+ def test_distinguishedName_filter_base(self): >+ """Testing that (incorrectly) a distinguishedName= filter works >+ when the scope is SCOPE_BASE""" >+ >+ res11 = self.l.search(base="OU=OU1,DC=SAMBA,DC=ORG", >+ scope=ldb.SCOPE_BASE, >+ expression="(distinguishedName=OU=OU1,DC=SAMBA,DC=ORG)") >+ >+ # At some point we should fix this, but it isn't trivial >+ self.assertEqual(len(res11), 1) >+ >+ def test_bad_dn_filter_base(self): >+ """Testing that a dn= filter on an invalid DN works >+ when the scope is SCOPE_BASE but >+ returns zero results""" >+ >+ res11 = self.l.search(base="OU=OU1,DC=SAMBA,DC=ORG", >+ scope=ldb.SCOPE_BASE, >+ expression="(dn=OU=OU1,DC=SAMBA,DCXXXX)") >+ >+ # At some point we should fix this, but it isn't trivial >+ self.assertEqual(len(res11), 0) >+ >+ >+ def test_bad_dn_filter_one(self): >+ """Testing that a dn= filter succeeds but returns zero >+ results when the DN is not valid on a SCOPE_ONELEVEL search >+ >+ """ >+ >+ res11 = self.l.search(base="DC=SAMBA,DC=ORG", >+ scope=ldb.SCOPE_ONELEVEL, >+ expression="(dn=OU=OU1,DC=SAMBA,DCXXXX)") >+ self.assertEqual(len(res11), 0) >+ >+ def test_bad_dn_filter_subtree(self): >+ """Testing that a dn= filter succeeds but returns zero >+ results when the DN is not valid on a SCOPE_SUBTREE search >+ >+ """ >+ >+ res11 = self.l.search(base="DC=SAMBA,DC=ORG", >+ scope=ldb.SCOPE_SUBTREE, >+ expression="(dn=OU=OU1,DC=SAMBA,DCXXXX)") >+ self.assertEqual(len(res11), 0) >+ >+ def test_bad_distinguishedName_filter_base(self): >+ """Testing that a distinguishedName= filter on an invalid DN works >+ when the scope is SCOPE_BASE but >+ returns zero results""" >+ >+ res11 = self.l.search(base="OU=OU1,DC=SAMBA,DC=ORG", >+ scope=ldb.SCOPE_BASE, >+ expression="(distinguishedName=OU=OU1,DC=SAMBA,DCXXXX)") >+ >+ # At some point we should fix this, but it isn't trivial >+ self.assertEqual(len(res11), 0) >+ >+ >+ def test_bad_distinguishedName_filter_one(self): >+ """Testing that a distinguishedName= filter succeeds but returns zero >+ results when the DN is not valid on a SCOPE_ONELEVEL search >+ >+ """ >+ >+ res11 = self.l.search(base="DC=SAMBA,DC=ORG", >+ scope=ldb.SCOPE_ONELEVEL, >+ expression="(distinguishedName=OU=OU1,DC=SAMBA,DCXXXX)") >+ self.assertEqual(len(res11), 0) >+ >+ def test_bad_distinguishedName_filter_subtree(self): >+ """Testing that a distinguishedName= filter succeeds but returns zero >+ results when the DN is not valid on a SCOPE_SUBTREE search >+ >+ """ >+ >+ res11 = self.l.search(base="DC=SAMBA,DC=ORG", >+ scope=ldb.SCOPE_SUBTREE, >+ expression="(distinguishedName=OU=OU1,DC=SAMBA,DCXXXX)") >+ self.assertEqual(len(res11), 0) >+ > > # Run the search tests against an lmdb backend > class SearchTestsLmdb(SearchTests): >@@ -1383,6 +1500,17 @@ class AddModifyTests(LdbBaseTest): > enum = err.args[0] > self.assertEqual(enum, ldb.ERR_ENTRY_ALREADY_EXISTS) > >+ def test_add_bad(self): >+ try: >+ self.l.add({"dn": "BAD,DC=SAMBA,DC=ORG", >+ "name": b"Admins", >+ "x": "z", "y": "a", >+ "objectUUID": b"0123456789abcde1"}) >+ self.fail("Should have failed adding entry with invalid DN") >+ except ldb.LdbError as err: >+ enum = err.args[0] >+ self.assertEqual(enum, ldb.ERR_INVALID_DN_SYNTAX) >+ > def test_add_del_add(self): > self.l.add({"dn": "OU=DUP,DC=SAMBA,DC=ORG", > "name": b"Admins", >@@ -1477,6 +1605,34 @@ class AddModifyTests(LdbBaseTest): > enum = err.args[0] > self.assertEqual(enum, ldb.ERR_NO_SUCH_OBJECT) > >+ def test_move_bad(self): >+ self.l.add({"dn": "OU=DUP2,DC=SAMBA,DC=ORG", >+ "name": b"Admins", >+ "x": "z", "y": "a", >+ "objectUUID": b"0123456789abcde2"}) >+ >+ try: >+ self.l.rename("OUXDUP,DC=SAMBA,DC=ORG", >+ "OU=DUP2,DC=SAMBA,DC=ORG") >+ self.fail("Should have failed on invalid DN") >+ except ldb.LdbError as err: >+ enum = err.args[0] >+ self.assertEqual(enum, ldb.ERR_INVALID_DN_SYNTAX) >+ >+ def test_move_bad2(self): >+ self.l.add({"dn": "OU=DUP2,DC=SAMBA,DC=ORG", >+ "name": b"Admins", >+ "x": "z", "y": "a", >+ "objectUUID": b"0123456789abcde2"}) >+ >+ try: >+ self.l.rename("OU=DUP,DC=SAMBA,DC=ORG", >+ "OUXDUP2,DC=SAMBA,DC=ORG") >+ self.fail("Should have failed on missing") >+ except ldb.LdbError as err: >+ enum = err.args[0] >+ self.assertEqual(enum, ldb.ERR_INVALID_DN_SYNTAX) >+ > def test_move_fail_move_add(self): > self.l.add({"dn": "OU=DUP,DC=SAMBA,DC=ORG", > "name": b"Admins", >-- >2.11.0 > > >From 604d287b46d7d212e98f89286c83d2720121b62c Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Fri, 6 Jul 2018 13:33:07 +1200 >Subject: [PATCH 6/7] Release LDB 1.4.1 for CVE-2018-1140 > >* Security fix for CVE-2018-1140 (NULL pointer de-reference, bug 13374) >* Fix memory leaks and missing error checks (bug 13459, 13471, 13475) > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >--- > lib/ldb/ABI/ldb-1.4.1.sigs | 279 ++++++++++++++++++++++++++++++++++ > lib/ldb/ABI/pyldb-util-1.4.1.sigs | 2 + > lib/ldb/ABI/pyldb-util.py3-1.4.1.sigs | 2 + > lib/ldb/wscript | 2 +- > 4 files changed, 284 insertions(+), 1 deletion(-) > create mode 100644 lib/ldb/ABI/ldb-1.4.1.sigs > create mode 100644 lib/ldb/ABI/pyldb-util-1.4.1.sigs > create mode 100644 lib/ldb/ABI/pyldb-util.py3-1.4.1.sigs > >diff --git a/lib/ldb/ABI/ldb-1.4.1.sigs b/lib/ldb/ABI/ldb-1.4.1.sigs >new file mode 100644 >index 00000000000..a31b84ef4b5 >--- /dev/null >+++ b/lib/ldb/ABI/ldb-1.4.1.sigs >@@ -0,0 +1,279 @@ >+ldb_add: int (struct ldb_context *, const struct ldb_message *) >+ldb_any_comparison: int (struct ldb_context *, void *, ldb_attr_handler_t, const struct ldb_val *, const struct ldb_val *) >+ldb_asprintf_errstring: void (struct ldb_context *, const char *, ...) >+ldb_attr_casefold: char *(TALLOC_CTX *, const char *) >+ldb_attr_dn: int (const char *) >+ldb_attr_in_list: int (const char * const *, const char *) >+ldb_attr_list_copy: const char **(TALLOC_CTX *, const char * const *) >+ldb_attr_list_copy_add: const char **(TALLOC_CTX *, const char * const *, const char *) >+ldb_base64_decode: int (char *) >+ldb_base64_encode: char *(TALLOC_CTX *, const char *, int) >+ldb_binary_decode: struct ldb_val (TALLOC_CTX *, const char *) >+ldb_binary_encode: char *(TALLOC_CTX *, struct ldb_val) >+ldb_binary_encode_string: char *(TALLOC_CTX *, const char *) >+ldb_build_add_req: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, const struct ldb_message *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *) >+ldb_build_del_req: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, struct ldb_dn *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *) >+ldb_build_extended_req: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, const char *, void *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *) >+ldb_build_mod_req: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, const struct ldb_message *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *) >+ldb_build_rename_req: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, struct ldb_dn *, struct ldb_dn *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *) >+ldb_build_search_req: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, struct ldb_dn *, enum ldb_scope, const char *, const char * const *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *) >+ldb_build_search_req_ex: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, struct ldb_dn *, enum ldb_scope, struct ldb_parse_tree *, const char * const *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *) >+ldb_casefold: char *(struct ldb_context *, TALLOC_CTX *, const char *, size_t) >+ldb_casefold_default: char *(void *, TALLOC_CTX *, const char *, size_t) >+ldb_check_critical_controls: int (struct ldb_control **) >+ldb_comparison_binary: int (struct ldb_context *, void *, const struct ldb_val *, const struct ldb_val *) >+ldb_comparison_fold: int (struct ldb_context *, void *, const struct ldb_val *, const struct ldb_val *) >+ldb_connect: int (struct ldb_context *, const char *, unsigned int, const char **) >+ldb_control_to_string: char *(TALLOC_CTX *, const struct ldb_control *) >+ldb_controls_except_specified: struct ldb_control **(struct ldb_control **, TALLOC_CTX *, struct ldb_control *) >+ldb_debug: void (struct ldb_context *, enum ldb_debug_level, const char *, ...) >+ldb_debug_add: void (struct ldb_context *, const char *, ...) >+ldb_debug_end: void (struct ldb_context *, enum ldb_debug_level) >+ldb_debug_set: void (struct ldb_context *, enum ldb_debug_level, const char *, ...) >+ldb_delete: int (struct ldb_context *, struct ldb_dn *) >+ldb_dn_add_base: bool (struct ldb_dn *, struct ldb_dn *) >+ldb_dn_add_base_fmt: bool (struct ldb_dn *, const char *, ...) >+ldb_dn_add_child: bool (struct ldb_dn *, struct ldb_dn *) >+ldb_dn_add_child_fmt: bool (struct ldb_dn *, const char *, ...) >+ldb_dn_alloc_casefold: char *(TALLOC_CTX *, struct ldb_dn *) >+ldb_dn_alloc_linearized: char *(TALLOC_CTX *, struct ldb_dn *) >+ldb_dn_canonical_ex_string: char *(TALLOC_CTX *, struct ldb_dn *) >+ldb_dn_canonical_string: char *(TALLOC_CTX *, struct ldb_dn *) >+ldb_dn_check_local: bool (struct ldb_module *, struct ldb_dn *) >+ldb_dn_check_special: bool (struct ldb_dn *, const char *) >+ldb_dn_compare: int (struct ldb_dn *, struct ldb_dn *) >+ldb_dn_compare_base: int (struct ldb_dn *, struct ldb_dn *) >+ldb_dn_copy: struct ldb_dn *(TALLOC_CTX *, struct ldb_dn *) >+ldb_dn_escape_value: char *(TALLOC_CTX *, struct ldb_val) >+ldb_dn_extended_add_syntax: int (struct ldb_context *, unsigned int, const struct ldb_dn_extended_syntax *) >+ldb_dn_extended_filter: void (struct ldb_dn *, const char * const *) >+ldb_dn_extended_syntax_by_name: const struct ldb_dn_extended_syntax *(struct ldb_context *, const char *) >+ldb_dn_from_ldb_val: struct ldb_dn *(TALLOC_CTX *, struct ldb_context *, const struct ldb_val *) >+ldb_dn_get_casefold: const char *(struct ldb_dn *) >+ldb_dn_get_comp_num: int (struct ldb_dn *) >+ldb_dn_get_component_name: const char *(struct ldb_dn *, unsigned int) >+ldb_dn_get_component_val: const struct ldb_val *(struct ldb_dn *, unsigned int) >+ldb_dn_get_extended_comp_num: int (struct ldb_dn *) >+ldb_dn_get_extended_component: const struct ldb_val *(struct ldb_dn *, const char *) >+ldb_dn_get_extended_linearized: char *(TALLOC_CTX *, struct ldb_dn *, int) >+ldb_dn_get_ldb_context: struct ldb_context *(struct ldb_dn *) >+ldb_dn_get_linearized: const char *(struct ldb_dn *) >+ldb_dn_get_parent: struct ldb_dn *(TALLOC_CTX *, struct ldb_dn *) >+ldb_dn_get_rdn_name: const char *(struct ldb_dn *) >+ldb_dn_get_rdn_val: const struct ldb_val *(struct ldb_dn *) >+ldb_dn_has_extended: bool (struct ldb_dn *) >+ldb_dn_is_null: bool (struct ldb_dn *) >+ldb_dn_is_special: bool (struct ldb_dn *) >+ldb_dn_is_valid: bool (struct ldb_dn *) >+ldb_dn_map_local: struct ldb_dn *(struct ldb_module *, void *, struct ldb_dn *) >+ldb_dn_map_rebase_remote: struct ldb_dn *(struct ldb_module *, void *, struct ldb_dn *) >+ldb_dn_map_remote: struct ldb_dn *(struct ldb_module *, void *, struct ldb_dn *) >+ldb_dn_minimise: bool (struct ldb_dn *) >+ldb_dn_new: struct ldb_dn *(TALLOC_CTX *, struct ldb_context *, const char *) >+ldb_dn_new_fmt: struct ldb_dn *(TALLOC_CTX *, struct ldb_context *, const char *, ...) >+ldb_dn_remove_base_components: bool (struct ldb_dn *, unsigned int) >+ldb_dn_remove_child_components: bool (struct ldb_dn *, unsigned int) >+ldb_dn_remove_extended_components: void (struct ldb_dn *) >+ldb_dn_replace_components: bool (struct ldb_dn *, struct ldb_dn *) >+ldb_dn_set_component: int (struct ldb_dn *, int, const char *, const struct ldb_val) >+ldb_dn_set_extended_component: int (struct ldb_dn *, const char *, const struct ldb_val *) >+ldb_dn_update_components: int (struct ldb_dn *, const struct ldb_dn *) >+ldb_dn_validate: bool (struct ldb_dn *) >+ldb_dump_results: void (struct ldb_context *, struct ldb_result *, FILE *) >+ldb_error_at: int (struct ldb_context *, int, const char *, const char *, int) >+ldb_errstring: const char *(struct ldb_context *) >+ldb_extended: int (struct ldb_context *, const char *, void *, struct ldb_result **) >+ldb_extended_default_callback: int (struct ldb_request *, struct ldb_reply *) >+ldb_filter_from_tree: char *(TALLOC_CTX *, const struct ldb_parse_tree *) >+ldb_get_config_basedn: struct ldb_dn *(struct ldb_context *) >+ldb_get_create_perms: unsigned int (struct ldb_context *) >+ldb_get_default_basedn: struct ldb_dn *(struct ldb_context *) >+ldb_get_event_context: struct tevent_context *(struct ldb_context *) >+ldb_get_flags: unsigned int (struct ldb_context *) >+ldb_get_opaque: void *(struct ldb_context *, const char *) >+ldb_get_root_basedn: struct ldb_dn *(struct ldb_context *) >+ldb_get_schema_basedn: struct ldb_dn *(struct ldb_context *) >+ldb_global_init: int (void) >+ldb_handle_get_event_context: struct tevent_context *(struct ldb_handle *) >+ldb_handle_new: struct ldb_handle *(TALLOC_CTX *, struct ldb_context *) >+ldb_handle_use_global_event_context: void (struct ldb_handle *) >+ldb_handler_copy: int (struct ldb_context *, void *, const struct ldb_val *, struct ldb_val *) >+ldb_handler_fold: int (struct ldb_context *, void *, const struct ldb_val *, struct ldb_val *) >+ldb_init: struct ldb_context *(TALLOC_CTX *, struct tevent_context *) >+ldb_ldif_message_redacted_string: char *(struct ldb_context *, TALLOC_CTX *, enum ldb_changetype, const struct ldb_message *) >+ldb_ldif_message_string: char *(struct ldb_context *, TALLOC_CTX *, enum ldb_changetype, const struct ldb_message *) >+ldb_ldif_parse_modrdn: int (struct ldb_context *, const struct ldb_ldif *, TALLOC_CTX *, struct ldb_dn **, struct ldb_dn **, bool *, struct ldb_dn **, struct ldb_dn **) >+ldb_ldif_read: struct ldb_ldif *(struct ldb_context *, int (*)(void *), void *) >+ldb_ldif_read_file: struct ldb_ldif *(struct ldb_context *, FILE *) >+ldb_ldif_read_file_state: struct ldb_ldif *(struct ldb_context *, struct ldif_read_file_state *) >+ldb_ldif_read_free: void (struct ldb_context *, struct ldb_ldif *) >+ldb_ldif_read_string: struct ldb_ldif *(struct ldb_context *, const char **) >+ldb_ldif_write: int (struct ldb_context *, int (*)(void *, const char *, ...), void *, const struct ldb_ldif *) >+ldb_ldif_write_file: int (struct ldb_context *, FILE *, const struct ldb_ldif *) >+ldb_ldif_write_redacted_trace_string: char *(struct ldb_context *, TALLOC_CTX *, const struct ldb_ldif *) >+ldb_ldif_write_string: char *(struct ldb_context *, TALLOC_CTX *, const struct ldb_ldif *) >+ldb_load_modules: int (struct ldb_context *, const char **) >+ldb_map_add: int (struct ldb_module *, struct ldb_request *) >+ldb_map_delete: int (struct ldb_module *, struct ldb_request *) >+ldb_map_init: int (struct ldb_module *, const struct ldb_map_attribute *, const struct ldb_map_objectclass *, const char * const *, const char *, const char *) >+ldb_map_modify: int (struct ldb_module *, struct ldb_request *) >+ldb_map_rename: int (struct ldb_module *, struct ldb_request *) >+ldb_map_search: int (struct ldb_module *, struct ldb_request *) >+ldb_match_message: int (struct ldb_context *, const struct ldb_message *, const struct ldb_parse_tree *, enum ldb_scope, bool *) >+ldb_match_msg: int (struct ldb_context *, const struct ldb_message *, const struct ldb_parse_tree *, struct ldb_dn *, enum ldb_scope) >+ldb_match_msg_error: int (struct ldb_context *, const struct ldb_message *, const struct ldb_parse_tree *, struct ldb_dn *, enum ldb_scope, bool *) >+ldb_match_msg_objectclass: int (const struct ldb_message *, const char *) >+ldb_mod_register_control: int (struct ldb_module *, const char *) >+ldb_modify: int (struct ldb_context *, const struct ldb_message *) >+ldb_modify_default_callback: int (struct ldb_request *, struct ldb_reply *) >+ldb_module_call_chain: char *(struct ldb_request *, TALLOC_CTX *) >+ldb_module_connect_backend: int (struct ldb_context *, const char *, const char **, struct ldb_module **) >+ldb_module_done: int (struct ldb_request *, struct ldb_control **, struct ldb_extended *, int) >+ldb_module_flags: uint32_t (struct ldb_context *) >+ldb_module_get_ctx: struct ldb_context *(struct ldb_module *) >+ldb_module_get_name: const char *(struct ldb_module *) >+ldb_module_get_ops: const struct ldb_module_ops *(struct ldb_module *) >+ldb_module_get_private: void *(struct ldb_module *) >+ldb_module_init_chain: int (struct ldb_context *, struct ldb_module *) >+ldb_module_load_list: int (struct ldb_context *, const char **, struct ldb_module *, struct ldb_module **) >+ldb_module_new: struct ldb_module *(TALLOC_CTX *, struct ldb_context *, const char *, const struct ldb_module_ops *) >+ldb_module_next: struct ldb_module *(struct ldb_module *) >+ldb_module_popt_options: struct poptOption **(struct ldb_context *) >+ldb_module_send_entry: int (struct ldb_request *, struct ldb_message *, struct ldb_control **) >+ldb_module_send_referral: int (struct ldb_request *, char *) >+ldb_module_set_next: void (struct ldb_module *, struct ldb_module *) >+ldb_module_set_private: void (struct ldb_module *, void *) >+ldb_modules_hook: int (struct ldb_context *, enum ldb_module_hook_type) >+ldb_modules_list_from_string: const char **(struct ldb_context *, TALLOC_CTX *, const char *) >+ldb_modules_load: int (const char *, const char *) >+ldb_msg_add: int (struct ldb_message *, const struct ldb_message_element *, int) >+ldb_msg_add_empty: int (struct ldb_message *, const char *, int, struct ldb_message_element **) >+ldb_msg_add_fmt: int (struct ldb_message *, const char *, const char *, ...) >+ldb_msg_add_linearized_dn: int (struct ldb_message *, const char *, struct ldb_dn *) >+ldb_msg_add_steal_string: int (struct ldb_message *, const char *, char *) >+ldb_msg_add_steal_value: int (struct ldb_message *, const char *, struct ldb_val *) >+ldb_msg_add_string: int (struct ldb_message *, const char *, const char *) >+ldb_msg_add_value: int (struct ldb_message *, const char *, const struct ldb_val *, struct ldb_message_element **) >+ldb_msg_canonicalize: struct ldb_message *(struct ldb_context *, const struct ldb_message *) >+ldb_msg_check_string_attribute: int (const struct ldb_message *, const char *, const char *) >+ldb_msg_copy: struct ldb_message *(TALLOC_CTX *, const struct ldb_message *) >+ldb_msg_copy_attr: int (struct ldb_message *, const char *, const char *) >+ldb_msg_copy_shallow: struct ldb_message *(TALLOC_CTX *, const struct ldb_message *) >+ldb_msg_diff: struct ldb_message *(struct ldb_context *, struct ldb_message *, struct ldb_message *) >+ldb_msg_difference: int (struct ldb_context *, TALLOC_CTX *, struct ldb_message *, struct ldb_message *, struct ldb_message **) >+ldb_msg_element_compare: int (struct ldb_message_element *, struct ldb_message_element *) >+ldb_msg_element_compare_name: int (struct ldb_message_element *, struct ldb_message_element *) >+ldb_msg_element_equal_ordered: bool (const struct ldb_message_element *, const struct ldb_message_element *) >+ldb_msg_find_attr_as_bool: int (const struct ldb_message *, const char *, int) >+ldb_msg_find_attr_as_dn: struct ldb_dn *(struct ldb_context *, TALLOC_CTX *, const struct ldb_message *, const char *) >+ldb_msg_find_attr_as_double: double (const struct ldb_message *, const char *, double) >+ldb_msg_find_attr_as_int: int (const struct ldb_message *, const char *, int) >+ldb_msg_find_attr_as_int64: int64_t (const struct ldb_message *, const char *, int64_t) >+ldb_msg_find_attr_as_string: const char *(const struct ldb_message *, const char *, const char *) >+ldb_msg_find_attr_as_uint: unsigned int (const struct ldb_message *, const char *, unsigned int) >+ldb_msg_find_attr_as_uint64: uint64_t (const struct ldb_message *, const char *, uint64_t) >+ldb_msg_find_common_values: int (struct ldb_context *, TALLOC_CTX *, struct ldb_message_element *, struct ldb_message_element *, uint32_t) >+ldb_msg_find_duplicate_val: int (struct ldb_context *, TALLOC_CTX *, const struct ldb_message_element *, struct ldb_val **, uint32_t) >+ldb_msg_find_element: struct ldb_message_element *(const struct ldb_message *, const char *) >+ldb_msg_find_ldb_val: const struct ldb_val *(const struct ldb_message *, const char *) >+ldb_msg_find_val: struct ldb_val *(const struct ldb_message_element *, struct ldb_val *) >+ldb_msg_new: struct ldb_message *(TALLOC_CTX *) >+ldb_msg_normalize: int (struct ldb_context *, TALLOC_CTX *, const struct ldb_message *, struct ldb_message **) >+ldb_msg_remove_attr: void (struct ldb_message *, const char *) >+ldb_msg_remove_element: void (struct ldb_message *, struct ldb_message_element *) >+ldb_msg_rename_attr: int (struct ldb_message *, const char *, const char *) >+ldb_msg_sanity_check: int (struct ldb_context *, const struct ldb_message *) >+ldb_msg_sort_elements: void (struct ldb_message *) >+ldb_next_del_trans: int (struct ldb_module *) >+ldb_next_end_trans: int (struct ldb_module *) >+ldb_next_init: int (struct ldb_module *) >+ldb_next_prepare_commit: int (struct ldb_module *) >+ldb_next_read_lock: int (struct ldb_module *) >+ldb_next_read_unlock: int (struct ldb_module *) >+ldb_next_remote_request: int (struct ldb_module *, struct ldb_request *) >+ldb_next_request: int (struct ldb_module *, struct ldb_request *) >+ldb_next_start_trans: int (struct ldb_module *) >+ldb_op_default_callback: int (struct ldb_request *, struct ldb_reply *) >+ldb_options_find: const char *(struct ldb_context *, const char **, const char *) >+ldb_pack_data: int (struct ldb_context *, const struct ldb_message *, struct ldb_val *) >+ldb_parse_control_from_string: struct ldb_control *(struct ldb_context *, TALLOC_CTX *, const char *) >+ldb_parse_control_strings: struct ldb_control **(struct ldb_context *, TALLOC_CTX *, const char **) >+ldb_parse_tree: struct ldb_parse_tree *(TALLOC_CTX *, const char *) >+ldb_parse_tree_attr_replace: void (struct ldb_parse_tree *, const char *, const char *) >+ldb_parse_tree_copy_shallow: struct ldb_parse_tree *(TALLOC_CTX *, const struct ldb_parse_tree *) >+ldb_parse_tree_walk: int (struct ldb_parse_tree *, int (*)(struct ldb_parse_tree *, void *), void *) >+ldb_qsort: void (void * const, size_t, size_t, void *, ldb_qsort_cmp_fn_t) >+ldb_register_backend: int (const char *, ldb_connect_fn, bool) >+ldb_register_extended_match_rule: int (struct ldb_context *, const struct ldb_extended_match_rule *) >+ldb_register_hook: int (ldb_hook_fn) >+ldb_register_module: int (const struct ldb_module_ops *) >+ldb_rename: int (struct ldb_context *, struct ldb_dn *, struct ldb_dn *) >+ldb_reply_add_control: int (struct ldb_reply *, const char *, bool, void *) >+ldb_reply_get_control: struct ldb_control *(struct ldb_reply *, const char *) >+ldb_req_get_custom_flags: uint32_t (struct ldb_request *) >+ldb_req_is_untrusted: bool (struct ldb_request *) >+ldb_req_location: const char *(struct ldb_request *) >+ldb_req_mark_trusted: void (struct ldb_request *) >+ldb_req_mark_untrusted: void (struct ldb_request *) >+ldb_req_set_custom_flags: void (struct ldb_request *, uint32_t) >+ldb_req_set_location: void (struct ldb_request *, const char *) >+ldb_request: int (struct ldb_context *, struct ldb_request *) >+ldb_request_add_control: int (struct ldb_request *, const char *, bool, void *) >+ldb_request_done: int (struct ldb_request *, int) >+ldb_request_get_control: struct ldb_control *(struct ldb_request *, const char *) >+ldb_request_get_status: int (struct ldb_request *) >+ldb_request_replace_control: int (struct ldb_request *, const char *, bool, void *) >+ldb_request_set_state: void (struct ldb_request *, int) >+ldb_reset_err_string: void (struct ldb_context *) >+ldb_save_controls: int (struct ldb_control *, struct ldb_request *, struct ldb_control ***) >+ldb_schema_attribute_add: int (struct ldb_context *, const char *, unsigned int, const char *) >+ldb_schema_attribute_add_with_syntax: int (struct ldb_context *, const char *, unsigned int, const struct ldb_schema_syntax *) >+ldb_schema_attribute_by_name: const struct ldb_schema_attribute *(struct ldb_context *, const char *) >+ldb_schema_attribute_fill_with_syntax: int (struct ldb_context *, TALLOC_CTX *, const char *, unsigned int, const struct ldb_schema_syntax *, struct ldb_schema_attribute *) >+ldb_schema_attribute_remove: void (struct ldb_context *, const char *) >+ldb_schema_attribute_remove_flagged: void (struct ldb_context *, unsigned int) >+ldb_schema_attribute_set_override_handler: void (struct ldb_context *, ldb_attribute_handler_override_fn_t, void *) >+ldb_schema_set_override_GUID_index: void (struct ldb_context *, const char *, const char *) >+ldb_schema_set_override_indexlist: void (struct ldb_context *, bool) >+ldb_search: int (struct ldb_context *, TALLOC_CTX *, struct ldb_result **, struct ldb_dn *, enum ldb_scope, const char * const *, const char *, ...) >+ldb_search_default_callback: int (struct ldb_request *, struct ldb_reply *) >+ldb_sequence_number: int (struct ldb_context *, enum ldb_sequence_type, uint64_t *) >+ldb_set_create_perms: void (struct ldb_context *, unsigned int) >+ldb_set_debug: int (struct ldb_context *, void (*)(void *, enum ldb_debug_level, const char *, va_list), void *) >+ldb_set_debug_stderr: int (struct ldb_context *) >+ldb_set_default_dns: void (struct ldb_context *) >+ldb_set_errstring: void (struct ldb_context *, const char *) >+ldb_set_event_context: void (struct ldb_context *, struct tevent_context *) >+ldb_set_flags: void (struct ldb_context *, unsigned int) >+ldb_set_modules_dir: void (struct ldb_context *, const char *) >+ldb_set_opaque: int (struct ldb_context *, const char *, void *) >+ldb_set_require_private_event_context: void (struct ldb_context *) >+ldb_set_timeout: int (struct ldb_context *, struct ldb_request *, int) >+ldb_set_timeout_from_prev_req: int (struct ldb_context *, struct ldb_request *, struct ldb_request *) >+ldb_set_utf8_default: void (struct ldb_context *) >+ldb_set_utf8_fns: void (struct ldb_context *, void *, char *(*)(void *, void *, const char *, size_t)) >+ldb_setup_wellknown_attributes: int (struct ldb_context *) >+ldb_should_b64_encode: int (struct ldb_context *, const struct ldb_val *) >+ldb_standard_syntax_by_name: const struct ldb_schema_syntax *(struct ldb_context *, const char *) >+ldb_strerror: const char *(int) >+ldb_string_to_time: time_t (const char *) >+ldb_string_utc_to_time: time_t (const char *) >+ldb_timestring: char *(TALLOC_CTX *, time_t) >+ldb_timestring_utc: char *(TALLOC_CTX *, time_t) >+ldb_transaction_cancel: int (struct ldb_context *) >+ldb_transaction_cancel_noerr: int (struct ldb_context *) >+ldb_transaction_commit: int (struct ldb_context *) >+ldb_transaction_prepare_commit: int (struct ldb_context *) >+ldb_transaction_start: int (struct ldb_context *) >+ldb_unpack_data: int (struct ldb_context *, const struct ldb_val *, struct ldb_message *) >+ldb_unpack_data_only_attr_list: int (struct ldb_context *, const struct ldb_val *, struct ldb_message *, const char * const *, unsigned int, unsigned int *) >+ldb_unpack_data_only_attr_list_flags: int (struct ldb_context *, const struct ldb_val *, struct ldb_message *, const char * const *, unsigned int, unsigned int, unsigned int *) >+ldb_val_dup: struct ldb_val (TALLOC_CTX *, const struct ldb_val *) >+ldb_val_equal_exact: int (const struct ldb_val *, const struct ldb_val *) >+ldb_val_map_local: struct ldb_val (struct ldb_module *, void *, const struct ldb_map_attribute *, const struct ldb_val *) >+ldb_val_map_remote: struct ldb_val (struct ldb_module *, void *, const struct ldb_map_attribute *, const struct ldb_val *) >+ldb_val_string_cmp: int (const struct ldb_val *, const char *) >+ldb_val_to_time: int (const struct ldb_val *, time_t *) >+ldb_valid_attr_name: int (const char *) >+ldb_vdebug: void (struct ldb_context *, enum ldb_debug_level, const char *, va_list) >+ldb_wait: int (struct ldb_handle *, enum ldb_wait_type) >diff --git a/lib/ldb/ABI/pyldb-util-1.4.1.sigs b/lib/ldb/ABI/pyldb-util-1.4.1.sigs >new file mode 100644 >index 00000000000..74d6719d2bc >--- /dev/null >+++ b/lib/ldb/ABI/pyldb-util-1.4.1.sigs >@@ -0,0 +1,2 @@ >+pyldb_Dn_FromDn: PyObject *(struct ldb_dn *) >+pyldb_Object_AsDn: bool (TALLOC_CTX *, PyObject *, struct ldb_context *, struct ldb_dn **) >diff --git a/lib/ldb/ABI/pyldb-util.py3-1.4.1.sigs b/lib/ldb/ABI/pyldb-util.py3-1.4.1.sigs >new file mode 100644 >index 00000000000..74d6719d2bc >--- /dev/null >+++ b/lib/ldb/ABI/pyldb-util.py3-1.4.1.sigs >@@ -0,0 +1,2 @@ >+pyldb_Dn_FromDn: PyObject *(struct ldb_dn *) >+pyldb_Object_AsDn: bool (TALLOC_CTX *, PyObject *, struct ldb_context *, struct ldb_dn **) >diff --git a/lib/ldb/wscript b/lib/ldb/wscript >index f5cb1e0ab28..35b40eddce6 100644 >--- a/lib/ldb/wscript >+++ b/lib/ldb/wscript >@@ -1,7 +1,7 @@ > #!/usr/bin/env python > > APPNAME = 'ldb' >-VERSION = '1.4.0' >+VERSION = '1.4.1' > > blddir = 'bin' > >-- >2.11.0 > > >From 0a9d8c60ad43044214cea75b05d9c8948156120b Mon Sep 17 00:00:00 2001 >From: Kai Blin <kai@samba.org> >Date: Fri, 8 Jun 2018 18:20:16 +0200 >Subject: [PATCH 7/7] CVE-2018-1140 dns: Add a test to trigger the LDB > casefolding issue on invalid chars > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13466 > >Signed-off-by: Kai Blin <kai@samba.org> >Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >--- > python/samba/tests/dns_invalid.py | 87 +++++++++++++++++++++++++++++++++++++++ > source4/selftest/tests.py | 3 ++ > 2 files changed, 90 insertions(+) > create mode 100644 python/samba/tests/dns_invalid.py > >diff --git a/python/samba/tests/dns_invalid.py b/python/samba/tests/dns_invalid.py >new file mode 100644 >index 00000000000..9f87cd56084 >--- /dev/null >+++ b/python/samba/tests/dns_invalid.py >@@ -0,0 +1,87 @@ >+# Unix SMB/CIFS implementation. >+# Copyright (C) Kai Blin <kai@samba.org> 2018 >+# >+# This program is free software; you can redistribute it and/or modify >+# it under the terms of the GNU General Public License as published by >+# the Free Software Foundation; either version 3 of the License, or >+# (at your option) any later version. >+# >+# This program is distributed in the hope that it will be useful, >+# but WITHOUT ANY WARRANTY; without even the implied warranty of >+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >+# GNU General Public License for more details. >+# >+# You should have received a copy of the GNU General Public License >+# along with this program. If not, see <http://www.gnu.org/licenses/>. >+# >+ >+import os >+import sys >+import struct >+import random >+import socket >+import samba.ndr as ndr >+from samba import credentials, param >+from samba.dcerpc import dns, dnsp, dnsserver >+from samba.netcmd.dns import TXTRecord, dns_record_match, data_to_dns_record >+from samba.tests.subunitrun import SubunitOptions, TestProgram >+from samba import werror, WERRORError >+from samba.tests.dns_base import DNSTest >+import samba.getopt as options >+import optparse >+ >+parser = optparse.OptionParser("dns_invalid.py <server ip> [options]") >+sambaopts = options.SambaOptions(parser) >+parser.add_option_group(sambaopts) >+ >+# This timeout only has relevance when testing against Windows >+# Format errors tend to return patchy responses, so a timeout is needed. >+parser.add_option("--timeout", type="int", dest="timeout", >+ help="Specify timeout for DNS requests") >+ >+# use command line creds if available >+credopts = options.CredentialsOptions(parser) >+parser.add_option_group(credopts) >+subunitopts = SubunitOptions(parser) >+parser.add_option_group(subunitopts) >+ >+opts, args = parser.parse_args() >+ >+lp = sambaopts.get_loadparm() >+creds = credopts.get_credentials(lp) >+ >+timeout = opts.timeout >+ >+if len(args) < 1: >+ parser.print_usage() >+ sys.exit(1) >+ >+server_ip = args[0] >+creds.set_krb_forwardable(credentials.NO_KRB_FORWARDABLE) >+ >+ >+class TestBrokenQueries(DNSTest): >+ def setUp(self): >+ super(TestBrokenQueries, self).setUp() >+ global server, server_ip, lp, creds, timeout >+ self.server_ip = server_ip >+ self.lp = lp >+ self.creds = creds >+ self.timeout = timeout >+ >+ def test_invalid_chars_in_name(self): >+ """Check the server refuses invalid characters in the query name""" >+ p = self.make_name_packet(dns.DNS_OPCODE_QUERY) >+ questions = [] >+ >+ name = "\x10\x11\x05\xa8.%s" % self.get_dns_domain() >+ q = self.make_name_question(name, dns.DNS_QTYPE_A, dns.DNS_QCLASS_IN) >+ print "asking for ", q.name >+ questions.append(q) >+ >+ self.finish_name_packet(p, questions) >+ (response, response_packet) = self.dns_transaction_udp(p, host=server_ip) >+ self.assert_dns_rcode_equals(response, dns.DNS_RCODE_NXDOMAIN) >+ >+ >+TestProgram(module=__name__, opts=subunitopts) >diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py >index 121d399cd2a..9928f0a4d4f 100755 >--- a/source4/selftest/tests.py >+++ b/source4/selftest/tests.py >@@ -376,6 +376,9 @@ plantestsuite_loadlist("samba.tests.dns_forwarder", "fl2003dc:local", [python, o > > plantestsuite_loadlist("samba.tests.dns_tkey", "fl2008r2dc", [python, os.path.join(srcdir(), "python/samba/tests/dns_tkey.py"), '$SERVER', '$SERVER_IP', '--machine-pass', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT']) > plantestsuite_loadlist("samba.tests.dns_wildcard", "ad_dc", [python, os.path.join(srcdir(), "python/samba/tests/dns_wildcard.py"), '$SERVER', '$SERVER_IP', '--machine-pass', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT']) >+ >+plantestsuite_loadlist("samba.tests.dns_invalid", "ad_dc", [python, os.path.join(srcdir(), "python/samba/tests/dns_invalid.py"), '$SERVER_IP', '--machine-pass', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT']) >+ > for t in smbtorture4_testsuites("dns_internal."): > plansmbtorture4testsuite(t, "ad_dc_ntvfs:local", '//$SERVER/whavever') > >-- >2.11.0 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
abartlet
:
review+
Actions:
View
Attachments on
bug 13374
:
14113
|
14206
|
14207
|
14208
|
14267
|
14270
|
14271
|
14272
|
14273
|
14274
|
14275
|
14276
|
14278
|
14279
|
14282
|
14283
|
14289
|
14290
|
14295
|
14296
|
14297
|
14316
|
14317
|
14418
|
14419