Bug 10122 - LDAP query with base dn containing a whitespace after the comma
Summary: LDAP query with base dn containing a whitespace after the comma
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: 4.10.0
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Andrew Bartlett
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-08-30 16:01 UTC by Benoit S. (mail address dead)
Modified: 2020-02-02 13:15 UTC (History)
3 users (show)

See Also:


Attachments
Temp Fix for CRLF in DN (688 bytes, patch)
2019-07-04 22:05 UTC, Romain MARIADASSOU
no flags Details
Temp Fix for CRLF in DN - samba 4.11 (674 bytes, patch)
2020-02-02 13:15 UTC, Romain MARIADASSOU
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Benoit S. (mail address dead) 2013-08-30 16:01:44 UTC
Some product using LDAP/ADS authentication use queries with base dn containing whitespace after the separating comma.

Example
-------
Domain : test.dom
Base DN : dc=test, dc=dom (notice the whitespace after the comma)

ldapsearch -a always -h [SambaIP] -D "Administrator@test.dom" -W -b "dc=test, dc=dom" -s sub "(objectClass=domain)"

No Result

With ADS & OpenLdap this kind of query works.
Comment 1 Romain MARIADASSOU 2019-03-27 22:38:08 UTC
The same apply for some product or bad query where '\r\n' are added to the end of the basedn.


Example for a query captured with pcap where response from samba was nosuchObject : 
(CN ... has been modified to remove some important information)

Query :
--------------------------------------------------
Frame 646: 221 bytes on wire (1768 bits), 221 bytes captured (1768 bits) on interface 0
Ethernet II, Src: TyanComp_db:eb:64 (00:e0:81:db:eb:64), Dst: TyanComp_dc:3d:41 (00:e0:81:dc:3d:41)
Internet Protocol Version 4, Src: 192.168.0.211, Dst: 192.168.0.201
Transmission Control Protocol, Src Port: 61476, Dst Port: 3268, Seq: 265, Ack: 2163, Len: 167
Lightweight Directory Access Protocol
    LDAPMessage searchRequest(4) "CN=EJE,OU=MALR,OU=MAE,OU=CIAS,DC=domain,DC=loc
" baseObject
        messageID: 4
        protocolOp: searchRequest (3)
            searchRequest
                baseObject: CN=EJE,OU=MALR,OU=MAE,OU=CIAS,DC=domain,DC=loc\r\n
                scope: baseObject (0)
                derefAliases: neverDerefAliases (0)
                sizeLimit: 0
                timeLimit: 0
                typesOnly: False
                Filter: (objectclass=*)
                    filter: present (7)
                        present: objectclass
                attributes: 0 items
        [Response In: 647]


Response :
--------------------------------------------------
Frame 647: 169 bytes on wire (1352 bits), 169 bytes captured (1352 bits) on interface 0
Ethernet II, Src: TyanComp_dc:3d:41 (00:e0:81:dc:3d:41), Dst: TyanComp_db:eb:64 (00:e0:81:db:eb:64)
Internet Protocol Version 4, Src: 192.168.0.201, Dst: 192.168.0.211
Transmission Control Protocol, Src Port: 3268, Dst Port: 61476, Seq: 2163, Ack: 432, Len: 115
Lightweight Directory Access Protocol
    LDAPMessage searchResDone(4) noSuchObject (acl_read: Error retrieving instanceType for base. at ../source4/dsdb/samdb/ldb_modules/acl_read.c:784) [2 results]
        messageID: 4
        protocolOp: searchResDone (5)
            searchResDone
                resultCode: noSuchObject (32)
                matchedDN: 
                errorMessage: acl_read: Error retrieving instanceType for base. at ../source4/dsdb/samdb/ldb_modules/acl_read.c:784
        [Response To: 646]
        [Time: 0.000517000 seconds]




The same query against a windows AD, does not return error the ldap auth/search work
Comment 2 Romain MARIADASSOU 2019-07-04 20:29:19 UTC
Please note that, for at least samba 4.10, white space after or before comma and at the end of base search are correctly ignored/remove.

But \r\n are not removed. 
(In the example, \r\n is after DC=loc)

Example of a working query against 2008R2 AD : 
ldapsearch -a always -h 192.168.0.53 -D "administrateur@domaine.loc" -W -b "OU=Informatique,DC=domaine,DC=loc
" -s sub "(objectClass=user)"

Result : 
# search result
search: 2
result: 0 Success

# numResponses: 10
# numEntries: 9



The same against samba 4.10.5 :
Result :
# search result
search: 2
result: 32 No such object
text: acl_read: Error retrieving instanceType for base. at ../../source4/dsdb/s
 amdb/ldb_modules/acl_read.c:759


Can someone make a simple patch to remove this offending characters at the end of the query ?
I did try some code editing, but got always a crash of samba when query is used.
Comment 3 Romain MARIADASSOU 2019-07-04 22:05:44 UTC
Created attachment 15288 [details]
Temp Fix for CRLF in DN

Temporary fix to trim CR LF (\r or \n) for DN.
This is based on trim for whitespace in function ldb_dn_explode and if we are "in_value"
Comment 4 Romain MARIADASSOU 2019-07-04 22:11:39 UTC
With the attachment, samba 4.10.5 is currently running and no crash for now.
LDAP Query in comment #1 and #2 are now resolved.

Can someone review this simple patch to make sure everything should be OK ?
Comment 5 Romain MARIADASSOU 2020-02-02 13:15:33 UTC
Created attachment 15760 [details]
Temp Fix for CRLF in DN - samba 4.11