The Samba-Bugzilla – Attachment 4282 Details for
Bug 6136
LDAP integer search filters don't handle signed/unsigned 32-bit rollover
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch to enable correct behaviour on "groupType", "userAccountControl" and "sAMAccountType"
groupType.patch (text/plain), 10.61 KB, created by
Matthias Dieter Wallnöfer
on 2009-06-13 12:22:33 UTC
(
hide
)
Description:
Patch to enable correct behaviour on "groupType", "userAccountControl" and "sAMAccountType"
Filename:
MIME Type:
Creator:
Matthias Dieter Wallnöfer
Created:
2009-06-13 12:22:33 UTC
Size:
10.61 KB
patch
obsolete
>diff --git a/source3/lib/ldb/common/ldb_msg.c b/source3/lib/ldb/common/ldb_msg.c >index a8a6e93..eb93bdf 100644 >--- a/source3/lib/ldb/common/ldb_msg.c >+++ b/source3/lib/ldb/common/ldb_msg.c >@@ -331,26 +331,26 @@ const struct ldb_val *ldb_msg_find_ldb_val(const struct ldb_message *msg, const > return &el->values[0]; > } > >-int ldb_msg_find_attr_as_int(const struct ldb_message *msg, >+int32_t ldb_msg_find_attr_as_int(const struct ldb_message *msg, > const char *attr_name, >- int default_value) >+ int32_t default_value) > { > const struct ldb_val *v = ldb_msg_find_ldb_val(msg, attr_name); > if (!v || !v->data) { > return default_value; > } >- return strtol((const char *)v->data, NULL, 0); >+ return (int32_t) strtol((const char *)v->data, NULL, 0); > } > >-unsigned int ldb_msg_find_attr_as_uint(const struct ldb_message *msg, >+uint32_t ldb_msg_find_attr_as_uint(const struct ldb_message *msg, > const char *attr_name, >- unsigned int default_value) >+ uint32_t default_value) > { > const struct ldb_val *v = ldb_msg_find_ldb_val(msg, attr_name); > if (!v || !v->data) { > return default_value; > } >- return strtoul((const char *)v->data, NULL, 0); >+ return (uint32_t) strtoul((const char *)v->data, NULL, 0); > } > > int64_t ldb_msg_find_attr_as_int64(const struct ldb_message *msg, >diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c >index 313005b..8e487cc 100644 >--- a/source4/dsdb/common/util.c >+++ b/source4/dsdb/common/util.c >@@ -205,9 +205,9 @@ int samdb_search_count(struct ldb_context *sam_ldb, > /* > search the sam for a single integer attribute in exactly 1 record > */ >-uint_t samdb_search_uint(struct ldb_context *sam_ldb, >+uint32_t samdb_search_uint(struct ldb_context *sam_ldb, > TALLOC_CTX *mem_ctx, >- uint_t default_value, >+ uint32_t default_value, > struct ldb_dn *basedn, > const char *attr_name, > const char *format, ...) _PRINTF_ATTRIBUTE(6,7) >@@ -311,7 +311,7 @@ int samdb_search_string_multiple(struct ldb_context *sam_ldb, > /* > pull a uint from a result set. > */ >-uint_t samdb_result_uint(const struct ldb_message *msg, const char *attr, uint_t default_value) >+uint32_t samdb_result_uint(const struct ldb_message *msg, const char *attr, uint32_t default_value) > { > return ldb_msg_find_attr_as_uint(msg, attr, default_value); > } >@@ -823,20 +823,20 @@ int samdb_msg_add_delval(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struc > } > > /* >- add a int element to a message >+ add a (signed) int32_t element to a message > */ > int samdb_msg_add_int(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg, >- const char *attr_name, int v) >+ const char *attr_name, int32_t v) > { > const char *s = talloc_asprintf(mem_ctx, "%d", v); > return samdb_msg_add_string(sam_ldb, mem_ctx, msg, attr_name, s); > } > > /* >- add a uint_t element to a message >+ add a uint32_t element to a message > */ > int samdb_msg_add_uint(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg, >- const char *attr_name, uint_t v) >+ const char *attr_name, uint32_t v) > { > const char *s = talloc_asprintf(mem_ctx, "%u", v); > return samdb_msg_add_string(sam_ldb, mem_ctx, msg, attr_name, s); >diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c >index dad5ff2..ebaf3d1 100644 >--- a/source4/dsdb/samdb/ldb_modules/samldb.c >+++ b/source4/dsdb/samdb/ldb_modules/samldb.c >@@ -3,6 +3,7 @@ > > Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005 > Copyright (C) Simo Sorce 2004-2008 >+ Copyright (C) Matthias Dieter Wallnöfer 2009 > > * NOTICE: this module is NOT released under the GNU LGPL license as > * other ldb code. This module is release under the GNU GPL v3 or >@@ -27,9 +28,10 @@ > * > * Component: ldb samldb module > * >- * Description: add embedded user/group creation functionality >+ * Description: Adds embedded user/group creation functionality and provides >+ * normalizations for special attributes > * >- * Author: Simo Sorce >+ * Original author: Simo Sorce > */ > > #include "includes.h" >@@ -97,6 +99,82 @@ static struct samldb_ctx *samldb_ctx_init(struct ldb_module *module, > return ac; > } > >+static struct ldb_val samldb_search_normalize(struct ldb_module *module, >+ TALLOC_CTX *ctx, >+ const char *attr, >+ const struct ldb_val *val) >+{ >+ unsigned int i; >+ const char * const samldb_norm_attributes[4] = >+ { "groupType", "userAccountControl", "sAMAccountType", NULL }; >+ >+ for (i = 0; samldb_norm_attributes[i] != NULL; i++) >+ if (!ldb_attr_cmp(samldb_norm_attributes[i], attr)) { >+ long long int signed_ll = strtoll((const char *)val->data, >+ NULL, 10); >+ >+ if (signed_ll >= 0x80000000LL) { >+ struct ldb_val out = data_blob_string_const(talloc_asprintf( >+ ctx, "%d", (int32_t) signed_ll)); >+ return out; >+ } else { >+ return *val; >+ } >+ } >+ return *val; >+} >+ >+static void samldb_search_normalize_tree(struct ldb_module *module, >+ TALLOC_CTX *ctx, >+ struct ldb_parse_tree *tree) >+{ >+ unsigned int i; >+ >+ if (tree == NULL) return; >+ >+ switch (tree->operation) { >+ case LDB_OP_AND: >+ case LDB_OP_OR: >+ for (i = 0; i < tree->u.list.num_elements; i++) >+ samldb_search_normalize_tree(module, ctx, >+ *tree->u.list.elements); >+ break; >+ case LDB_OP_NOT: >+ samldb_search_normalize_tree(module, ctx, tree->u.isnot.child); >+ break; >+ case LDB_OP_EQUALITY: >+ tree->u.equality.value = >+ samldb_search_normalize(module, ctx, tree->u.equality.attr, >+ &tree->u.equality.value); >+ break; >+ case LDB_OP_GREATER: >+ case LDB_OP_LESS: >+ case LDB_OP_APPROX: >+ tree->u.comparison.value = >+ samldb_search_normalize(module, ctx, tree->u.equality.attr, >+ &tree->u.comparison.value); >+ break; >+ case LDB_OP_EXTENDED: >+ tree->u.extended.value = >+ samldb_search_normalize(module, ctx, tree->u.equality.attr, >+ &tree->u.extended.value); >+ break; >+ case LDB_OP_PRESENT: >+ case LDB_OP_SUBSTRING: >+ /* Nothing to do */ >+ break; >+ } >+} >+ >+/* search operation */ >+static int samldb_search(struct ldb_module *module, struct ldb_request *req) >+{ >+ samldb_search_normalize_tree(module, ldb_module_get_ctx(module), >+ req->op.search.tree); >+ >+ return ldb_next_request(module, req); >+} >+ > static int samldb_add_step(struct samldb_ctx *ac, samldb_step_fn_t fn) > { > struct samldb_step *step; >@@ -484,9 +562,9 @@ static int samldb_check_samAccountName(struct samldb_ctx *ac) > static int samldb_check_samAccountType(struct samldb_ctx *ac) > { > struct ldb_context *ldb; >- unsigned int account_type; >- unsigned int group_type; >- unsigned int uac; >+ uint32_t account_type; >+ uint32_t group_type; >+ uint32_t uac; > int ret; > > ldb = ldb_module_get_ctx(ac->module); >@@ -1242,7 +1320,6 @@ static int samldb_modify(struct ldb_module *module, struct ldb_request *req) > return ldb_next_request(module, req); > } > >- > static int samldb_init(struct ldb_module *module) > { > return ldb_next_init(module); >@@ -1250,6 +1327,7 @@ static int samldb_init(struct ldb_module *module) > > _PUBLIC_ const struct ldb_module_ops ldb_samldb_module_ops = { > .name = "samldb", >+ .search = samldb_search, > .init_context = samldb_init, > .add = samldb_add, > .modify = samldb_modify >diff --git a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c >index 948241b..e9ab095 100644 >--- a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c >+++ b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c >@@ -144,23 +144,6 @@ static struct ldb_val objectCategory_always_dn(struct ldb_module *module, TALLOC > return out; > } > >-static struct ldb_val normalise_to_signed32(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) >-{ >- long long int signed_ll = strtoll((const char *)val->data, NULL, 10); >- if (signed_ll >= 0x80000000LL) { >- union { >- int32_t signed_int; >- uint32_t unsigned_int; >- } u = { >- .unsigned_int = strtoul((const char *)val->data, NULL, 10) >- }; >- >- struct ldb_val out = data_blob_string_const(talloc_asprintf(ctx, "%d", u.signed_int)); >- return out; >- } >- return val_copy(module, ctx, val); >-} >- > static struct ldb_val usn_to_entryCSN(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) > { > struct ldb_val out; >@@ -348,28 +331,6 @@ static const struct ldb_map_attribute entryuuid_attributes[] = > } > }, > { >- .local_name = "groupType", >- .type = MAP_CONVERT, >- .u = { >- .convert = { >- .remote_name = "groupType", >- .convert_local = normalise_to_signed32, >- .convert_remote = val_copy, >- }, >- } >- }, >- { >- .local_name = "sAMAccountType", >- .type = MAP_CONVERT, >- .u = { >- .convert = { >- .remote_name = "sAMAccountType", >- .convert_local = normalise_to_signed32, >- .convert_remote = val_copy, >- }, >- } >- }, >- { > .local_name = "usnChanged", > .type = MAP_CONVERT, > .u = { >@@ -489,28 +450,6 @@ static const struct ldb_map_attribute nsuniqueid_attributes[] = > } > }, > { >- .local_name = "groupType", >- .type = MAP_CONVERT, >- .u = { >- .convert = { >- .remote_name = "groupType", >- .convert_local = normalise_to_signed32, >- .convert_remote = val_copy, >- }, >- } >- }, >- { >- .local_name = "sAMAccountType", >- .type = MAP_CONVERT, >- .u = { >- .convert = { >- .remote_name = "sAMAccountType", >- .convert_local = normalise_to_signed32, >- .convert_remote = val_copy, >- }, >- } >- }, >- { > .local_name = "usnChanged", > .type = MAP_CONVERT, > .u = { >diff --git a/source4/lib/ldb/common/ldb_msg.c b/source4/lib/ldb/common/ldb_msg.c >index ad53a3d..3065fb7 100644 >--- a/source4/lib/ldb/common/ldb_msg.c >+++ b/source4/lib/ldb/common/ldb_msg.c >@@ -326,26 +326,26 @@ const struct ldb_val *ldb_msg_find_ldb_val(const struct ldb_message *msg, > return &el->values[0]; > } > >-int ldb_msg_find_attr_as_int(const struct ldb_message *msg, >+int32_t ldb_msg_find_attr_as_int(const struct ldb_message *msg, > const char *attr_name, >- int default_value) >+ int32_t default_value) > { > const struct ldb_val *v = ldb_msg_find_ldb_val(msg, attr_name); > if (!v || !v->data) { > return default_value; > } >- return strtol((const char *)v->data, NULL, 0); >+ return (int32_t) strtol((const char *)v->data, NULL, 0); > } > >-unsigned int ldb_msg_find_attr_as_uint(const struct ldb_message *msg, >+uint32_t ldb_msg_find_attr_as_uint(const struct ldb_message *msg, > const char *attr_name, >- unsigned int default_value) >+ uint32_t default_value) > { > const struct ldb_val *v = ldb_msg_find_ldb_val(msg, attr_name); > if (!v || !v->data) { > return default_value; > } >- return strtoul((const char *)v->data, NULL, 0); >+ return (uint32_t) strtoul((const char *)v->data, NULL, 0); > } > > int64_t ldb_msg_find_attr_as_int64(const struct ldb_message *msg,
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 6136
:
3951
|
3952
|
4282
|
4290
|
4292
|
4300