Do a LDAP-Search with attribute "Member;Range=0-*" If you type "Range" with a capital letter you will get an error [2016/04/14 13:48:11, 10, pid=15641, effective(0, 0), real(0, 0), class=ldb] ../lib/ldb-samba/ldb_wrap.c:72(ldb_wrap_debug) ldb: ldb_asprintf/set_errstring: range request error: range request malformed If you type "range" with a lower case letter the search complets without an error. We found the problem because we want to use SCCM with a SAMBA AD-DC. In our testlab with a Windows AD-DC we can perform both searches ("Range" and "range") without problems. ;-)
I can confirm this (run into another utility which generates this kind of query). The problem appears in source4/dsdb/samdb/ldb_modules/ranged_results.c There is a case insensitive check for ";range=", but the subsequent sscanf calls look for lower case range only. If it's safe to overwrite p (and that capitals aren't against spec), then maybe something along these lines as a fix (including line numbers for reference): 201 /* Strip the range request from the attribute */ 202 for (i = 0; req->op.search.attrs && req->op.search.attrs[i]; i++) { 203 char *p; 204 new_attrs = talloc_realloc(req, new_attrs, const char *, i+2); 205 new_attrs[i] = req->op.search.attrs[i]; 206 new_attrs[i+1] = NULL; 207 p = strchr(new_attrs[i], ';'); 208 if (!p) { 209 continue; 210 } 211 if (strncasecmp(p, ";range=", strlen(";range=")) != 0) { 212 continue; 213 } 214 /* make sure ;range= is lower case. Fix for bug 41247*/ 215 strncpy(p,";range=",strlen(";range="); 216 /* end fix */ 217 end = (unsigned int)-1; 218 if (sscanf(p, ";range=%u-*", &start) != 1) { 219 if (sscanf(p, ";range=%u-%u", &start, &end) != 2) { 220 ldb_asprintf_errstring(ldb, 221 "range request error: " 222 "range request malformed"); 223 return LDB_ERR_UNWILLING_TO_PERFORM; 224 } 225 } I'm on a fairly tight schedule to get samba and the utility working together so any feedback here would be greatly appreciated.
Created attachment 12231 [details] git-am fix for master. Does this work for you ? If so I'll propose for master and get back ports for 4.4.next, 4.3.next.
Comment on attachment 12231 [details] git-am fix for master. I think we first need to put the attribute on the stack before we memcpy(), because we don't own the attribute.
Oh, good catch. I thought the talloc_realloc() above was doing that, but of course it's not. I withdraw that patch and I'll need to rework it.
Oh wait a minute. We've already checked case insensitively for the ";range=" string, so we really don't need it in the sscanf.... Fix to follow.
Created attachment 12232 [details] git-am fix for master. I think this is a correct fix - no modification of the string needed.
Comment on attachment 12232 [details] git-am fix for master. Nice! Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Ok. pushing to master then I'll back-port for 4.4.next, 4.3.next.
Created attachment 12247 [details] git-am fix for 4.4.next, 4.3.next. Cherry-picked from master.
Tested with the latest patch from Jeremy, it's working as expected now. Thanks much :) -T.J.
Thank you guys!
Comment on attachment 12247 [details] git-am fix for 4.4.next, 4.3.next. Ping. Andrew, can you +1 this so we can get into 4.4.next please ?
Karolin please apply to 4.4.next, 4.3.next. Thanks !
(In reply to Jeremy Allison from comment #13) Pushed to autobuild-v4-[4|3]-test.
(In reply to Karolin Seeger from comment #14) Pushed to both branches. Closing out bug report. Thanks!