The branch, master has been updated via b74b9f4b06c CVE-2023-0922 set default ldap client sasl wrapping to seal via c33e78a27fb CVE-2023-0225 s4-acl: Don't return early if dNSHostName element has no values via 62cc4302b67 CVE-2023-0225 pytest/acl: test deleting dNSHostName as unprivileged user via 8b4e6f7b3fb s4-dsdb: Remove DSDB_ACL_CHECKS_DIRSYNC_FLAG via 82d2ec786f7 dsdb: Remove remaining references to DC_MODE_RETURN_NONE and DC_MODE_RETURN_ALL via d2bbb47a7ce ldb: Use correct member of union via dfe7b057304 CVE-2023-0614 lib/ldb-samba Ensure ACLs are evaluated on SAMBA_LDAP_MATCH_RULE_TRANSITIVE_EVAL / LDAP_MATCHING_RULE_IN_CHAIN via 9b8dd83fd02 CVE-2023-0614 lib/ldb-samba: Add test for SAMBA_LDAP_MATCH_RULE_TRANSITIVE_EVAL / LDAP_MATCHING_RULE_IN_CHAIN with and ACL hidden attributes via f6e93e2b3d9 CVE-2023-0614 dsdb: Add pre-cleanup and self.addCleanup() of OU created in match_rules tests via f188b6a978f CVE-2023-0614 dsdb: Add DSDB_MARK_REQ_UNTRUSTED via 15eac7676b2 CVE-2023-0614 s4-dsdb: Treat confidential attributes as unindexed via 449c2e99e27 CVE-2023-0614 ldb: Filter on search base before redacting message via 9f31e4139c1 CVE-2023-0614 ldb: Centralise checking for inaccessible matches via 197633cc2ad CVE-2023-0614 ldb: Use binary search to check whether attribute is secret via 3a70c6464de CVE-2023-0614 s4-acl: Avoid calling dsdb_module_am_system() if we can help it via d5d0e712797 CVE-2023-0614 ldb: Prevent disclosure of confidential attributes via 748bbbe70d2 CVE-2023-0614 s4-acl: Split out function to set up access checking variables via da8138c50e6 CVE-2023-0614 s4-dsdb: Add samdb_result_dom_sid_buf() via 5c334918a22 CVE-2023-0614 s4-acl: Split out logic to remove access checking attributes via fdeb6ea15c7 CVE-2023-0614 ldb: Add ldb_parse_tree_get_attr() via f995c3805dd CVE-2023-0614 tests/krb5: Add test for confidential attributes timing differences via 16487691c02 CVE-2023-0614 schema_samba4.ldif: Allocate previously added OID via d3fa2cb5ddd CVE-2023-0614 s4:dsdb:tests: Fix <GUID={}> search in confidential attributes test via f154fad3c1b CVE-2023-0614 s4:dsdb/extended_dn_in: Don't modify a search tree we don't own via fffea590017 CVE-2023-0614 ldb: Make use of ldb_filter_attrs_in_place() via f25b1756aac CVE-2023-0614 ldb: Make ldb_filter_attrs_in_place() work in place via 131d4176044 CVE-2023-0614 ldb: Add function to filter message in place via 784a342785f CVE-2023-0614 ldb: Add function to add distinguishedName to message via 721493f4bde CVE-2023-0614 ldb: Add function to remove excess capacity from an ldb message via b18ed9ae975 CVE-2023-0614 ldb: Add function to take ownership of an ldb message via 294a4f6e286 CVE-2023-0614 ldb:tests: Ensure all tests are accounted for via 1debb6584e4 CVE-2023-0614 ldb:tests: Ensure ldb_val data is zero-terminated via a43977499c0 CVE-2023-0614 s4-acl: Use ldb functions for handling inaccessible message elements via ca9c467e413 CVE-2023-0614 ldb: Add functions for handling inaccessible message elements via 17feef18bf5 CVE-2023-0614 s4-acl: Make some parameters const via a7222faade7 CVE-2023-0614 s4:dsdb: Use talloc_get_type_abort() more consistently via 6d2d1e7df43 CVE-2023-0614 libcli/security: Make some parameters const via 5fd0811ffac CVE-2023-0614 dsdb: Alter timeout test in large_ldap.py to be slower by matching on large objects from f5d04a43cf6 python:join: fix reused variable name in provision func
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit b74b9f4b06c24b16bf3daac96127e62b75f5b9ed Author: Rob van der Linde <r...@catalyst.net.nz> Date: Mon Feb 27 14:06:23 2023 +1300 CVE-2023-0922 set default ldap client sasl wrapping to seal This avoids sending new or reset passwords in the clear (integrity protected only) from samba-tool in particular. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15315 Signed-off-by: Rob van der Linde <r...@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Joseph Sutton <josephsut...@catalyst.net.nz> Autobuild-User(master): Andrew Bartlett <abart...@samba.org> Autobuild-Date(master): Wed Apr 5 03:08:51 UTC 2023 on atb-devel-224 commit c33e78a27fbeb913b08ef7f74343c1f652d1aa41 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Mon Jan 9 11:22:34 2023 +1300 CVE-2023-0225 s4-acl: Don't return early if dNSHostName element has no values This early return would mistakenly allow an unprivileged user to delete the dNSHostName attribute by making an LDAP modify request with no values. We should no longer allow this. Add or replace operations with no values and no privileges are disallowed. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15276 Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 62cc4302b67d33a2fd57738cc9180f7b36d0cb9d Author: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> Date: Wed Jan 4 21:37:49 2023 +1300 CVE-2023-0225 pytest/acl: test deleting dNSHostName as unprivileged user BUG: https://bugzilla.samba.org/show_bug.cgi?id=15276 Signed-off-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> Reviewed-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 8b4e6f7b3fb8018cb64deef9b8e1cbc2e5ba12cf Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Tue Feb 14 17:19:27 2023 +1300 s4-dsdb: Remove DSDB_ACL_CHECKS_DIRSYNC_FLAG It's no longer used anywhere. Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 82d2ec786f7e75ff6f34eb3357964345b10de091 Author: Andrew Bartlett <abart...@samba.org> Date: Wed Mar 1 14:49:06 2023 +1300 dsdb: Remove remaining references to DC_MODE_RETURN_NONE and DC_MODE_RETURN_ALL The confidential_attrs test no longer uses DC_MODE_RETURN_NONE we can now remove the complexity. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270 Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Joseph Sutton <josephsut...@catalyst.net.nz> commit d2bbb47a7ce33c53e74744dae386a0c158b2cee3 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Tue Feb 14 14:18:45 2023 +1300 ldb: Use correct member of union Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit dfe7b05730425e9f1b0616bb7757dbf77bae6cd2 Author: Andrew Bartlett <abart...@samba.org> Date: Thu Mar 2 17:24:15 2023 +1300 CVE-2023-0614 lib/ldb-samba Ensure ACLs are evaluated on SAMBA_LDAP_MATCH_RULE_TRANSITIVE_EVAL / LDAP_MATCHING_RULE_IN_CHAIN Setting the LDB_HANDLE_FLAG_UNTRUSTED tells the acl_read module to operate on this request. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270 Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Joseph Sutton <josephsut...@catalyst.net.nz> commit 9b8dd83fd0270a25b24bec87fce25c965c6ad7a0 Author: Andrew Bartlett <abart...@samba.org> Date: Thu Mar 2 16:51:25 2023 +1300 CVE-2023-0614 lib/ldb-samba: Add test for SAMBA_LDAP_MATCH_RULE_TRANSITIVE_EVAL / LDAP_MATCHING_RULE_IN_CHAIN with and ACL hidden attributes The chain for transitive evaluation does consider ACLs, avoiding the disclosure of confidential information. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270 Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Joseph Sutton <josephsut...@catalyst.net.nz> commit f6e93e2b3d9b7e351f622a2275746474196ec2fa Author: Andrew Bartlett <abart...@samba.org> Date: Fri Mar 3 16:49:00 2023 +1300 CVE-2023-0614 dsdb: Add pre-cleanup and self.addCleanup() of OU created in match_rules tests BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270 Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Joseph Sutton <josephsut...@catalyst.net.nz> commit f188b6a978f6741352df018059fcf1c758a58027 Author: Andrew Bartlett <abart...@samba.org> Date: Thu Mar 2 16:31:17 2023 +1300 CVE-2023-0614 dsdb: Add DSDB_MARK_REQ_UNTRUSTED This will allow our dsdb helper search functions to mark the new request as untrusted, forcing read ACL evaluation (per current behaviour). BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270 Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Joseph Sutton <josephsut...@catalyst.net.nz> commit 15eac7676b2fad66021fe5b4fbc4c6f5a14d9ea3 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Fri Feb 24 10:03:25 2023 +1300 CVE-2023-0614 s4-dsdb: Treat confidential attributes as unindexed In the unlikely case that someone adds a confidential indexed attribute to the schema, LDAP search expressions on that attribute could disclose information via timing differences. Let's not use the index for searches on confidential attributes. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270 Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 449c2e99e27b472fa87153e17b25446cd35a5577 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Fri Mar 3 17:35:55 2023 +1300 CVE-2023-0614 ldb: Filter on search base before redacting message Redaction may be expensive if we end up needing to fetch a security descriptor to verify rights to an attribute. Checking the search scope is probably cheaper, so do that first. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270 Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 9f31e4139c12262f5626108c6a883f07c4dd314e Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Tue Feb 14 13:17:24 2023 +1300 CVE-2023-0614 ldb: Centralise checking for inaccessible matches This makes it less likely that we forget to handle a case. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270 Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 197633cc2ad2ac7e98013be093cbbb2fce083b4e Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Thu Feb 16 12:35:34 2023 +1300 CVE-2023-0614 ldb: Use binary search to check whether attribute is secret BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270 Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 3a70c6464de38266744f8c725d03bafa13d3e3f4 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Mon Feb 27 13:31:44 2023 +1300 CVE-2023-0614 s4-acl: Avoid calling dsdb_module_am_system() if we can help it If the AS_SYSTEM control is present, we know we have system privileges, and have no need to call dsdb_module_am_system(). BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270 Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit d5d0e71279790fdcf7e72749210b42b2faaa53f7 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Fri Mar 3 17:34:29 2023 +1300 CVE-2023-0614 ldb: Prevent disclosure of confidential attributes Add a hook, acl_redact_msg_for_filter(), in the aclread module, that marks inaccessible any message elements used by an LDAP search filter that the user has no right to access. Make the various ldb_match_*() functions check whether message elements are accessible, and refuse to match any that are not. Remaining message elements, not mentioned in the search filter, are checked in aclread_callback(), and any inaccessible elements are removed at this point. Certain attributes, namely objectClass, distinguishedName, name, and objectGUID, are always present, and hence the presence of said attributes is always allowed to be checked in a search filter. This corresponds with the behaviour of Windows. Further, we unconditionally allow the attributes isDeleted and isRecycled in a check for presence or equality. Windows is not known to make this special exception, but it seems mostly harmless, and should mitigate the performance impact on searches made by the show_deleted module. As a result of all these changes, our behaviour regarding confidential attributes happens to match Windows more closely. For the test in confidential_attr.py, we can now model our attribute handling with DC_MODE_RETURN_ALL, which corresponds to the behaviour exhibited by Windows. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270 Pair-Programmed-With: Andrew Bartlett <abart...@samba.org> Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 748bbbe70d23d5fe0a7d9610ce1192d2c2d8dcee Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Mon Feb 27 13:55:36 2023 +1300 CVE-2023-0614 s4-acl: Split out function to set up access checking variables These variables are often used together, and it is useful to have the setup code in one place. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270 Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit da8138c50e65988d8f2e6848b479abfce8e9784b Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Mon Feb 27 12:19:08 2023 +1300 CVE-2023-0614 s4-dsdb: Add samdb_result_dom_sid_buf() This function parses a SID from an ldb_message, similar to samdb_result_dom_sid(), but does it without allocating anything. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270 Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 5c334918a22a66adc75508dd0e2be3756c350fa8 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Mon Feb 27 13:40:33 2023 +1300 CVE-2023-0614 s4-acl: Split out logic to remove access checking attributes BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270 Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit fdeb6ea15c76cc005b2ec03ba830d1e00f4596e1 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Fri Mar 3 17:31:54 2023 +1300 CVE-2023-0614 ldb: Add ldb_parse_tree_get_attr() BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270 Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit f995c3805ddd2dd2f0722100a676fbe35f5b5e82 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Fri Jan 27 08:32:41 2023 +1300 CVE-2023-0614 tests/krb5: Add test for confidential attributes timing differences BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270 Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 16487691c02b97e6c7d07fe1ae6653f089feabff Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Tue Feb 7 09:25:48 2023 +1300 CVE-2023-0614 schema_samba4.ldif: Allocate previously added OID DSDB_CONTROL_CALCULATED_DEFAULT_SD_OID was added in commit 08187833fee57a8dba6c67546dfca516cd1f9d7a. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270 Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit d3fa2cb5ddd679a74848f7d77d6ad5174cb9b580 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Tue Feb 7 09:48:37 2023 +1300 CVE-2023-0614 s4:dsdb:tests: Fix <GUID={}> search in confidential attributes test The object returned by schema_format_value() is a bytes object. Therefore the search expression would resemble: (lastKnownParent=<GUID=b'00000000-0000-0000-0000-000000000000'>) which, due to the extra characters, would fail to match anything. Fix it to be: (lastKnownParent=<GUID=00000000-0000-0000-0000-000000000000>) BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270 Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit f154fad3c1b0a831882a0e5f657b6de06aa0986d Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Tue Feb 7 09:35:24 2023 +1300 CVE-2023-0614 s4:dsdb/extended_dn_in: Don't modify a search tree we don't own In extended_dn_fix_filter() we had: req->op.search.tree = ldb_parse_tree_copy_shallow(req, req->op.search.tree); which overwrote the parse tree on an existing ldb request with a fixed up tree. This became a problem if a module performed another search with that same request structure, as extended_dn_in would try to fix up the already-modified tree for a second time. The fixed-up tree element now having an extended DN, it would fall foul of the ldb_dn_match_allowed() check in extended_dn_filter_callback(), and be replaced with an ALWAYS_FALSE match rule. In practice this meant that <GUID={}> searches would only work for one search in an ldb request, and fail for subsequent ones. Fix this by creating a new request with the modified tree, and leaving the original request unmodified. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270 Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit fffea5900172f1df02426ba6ed7ca9b7750ffaf7 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Mon Feb 27 10:31:52 2023 +1300 CVE-2023-0614 ldb: Make use of ldb_filter_attrs_in_place() Change all uses of ldb_kv_filter_attrs() to use ldb_filter_attrs_in_place() instead. This function does less work than its predecessor, and no longer requires the allocation of a second ldb message. Some of the work is able to be split out into separate functions that each accomplish a single task, with a purpose to make the code clearer. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270 Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit f25b1756aacbaabfd75e270cc3fecbf6d17c29fd Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Fri Mar 3 17:30:19 2023 +1300 CVE-2023-0614 ldb: Make ldb_filter_attrs_in_place() work in place ldb_filter_attrs() previously did too much. Now its replacement, ldb_filter_attrs_in_place(), only does the actual filtering, while taking ownership of each element's values is handled in a separate function, ldb_msg_elements_take_ownership(). Also, ldb_filter_attrs_in_place() no longer adds the distinguishedName to the message if it is missing. That is handled in another function, ldb_msg_add_distinguished_name(). As we're now modifying the original message rather than copying it into a new one, we no longer need the filtered_msg parameter. We adapt a test, based on ldb_filter_attrs_test, to exercise the new function. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270 Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 131d4176044e54e0e5a94b9c57491bb1594d202c Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Fri Mar 3 17:29:03 2023 +1300 CVE-2023-0614 ldb: Add function to filter message in place At present this function is an exact duplicate of ldb_filter_attrs(), but in the next commit we shall modify it to work in place, without the need for the allocation of a second message. The test is a near duplicate of the existing test for ldb_filter_attrs(). BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270 Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 784a342785f2aca5bc01e61d210bb6bc103499ff Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Fri Mar 3 17:27:38 2023 +1300 CVE-2023-0614 ldb: Add function to add distinguishedName to message BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270 Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 721493f4bde7f5811b0b4499d0502a1962bc849c Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Fri Mar 3 17:26:04 2023 +1300 CVE-2023-0614 ldb: Add function to remove excess capacity from an ldb message BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270 Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit b18ed9ae97507c10e47aa22734ef1d65625839fe Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Fri Mar 3 17:23:42 2023 +1300 CVE-2023-0614 ldb: Add function to take ownership of an ldb message Many places in Samba depend upon various components of an ldb message being talloc allocated, and hence able to be used as talloc contexts. The elements and values of an unpacked ldb message point to unowned data inside the memory-mapped database, and this function ensures that such messages have talloc ownership of said elements and values. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270 Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 294a4f6e286b98899de0cf8f041a90f747884c20 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Wed Feb 15 14:08:57 2023 +1300 CVE-2023-0614 ldb:tests: Ensure all tests are accounted for Add ldb_filter_attrs_test to the list of tests so that it actually gets run. Remove a duplicate ldb_msg_test that was accidentally added in commit 5ca90e758ade97fb5e335029c7a1768094e70564. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270 Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 1debb6584e4fead70e5031ed89a96d7def635efe Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Wed Feb 15 12:34:51 2023 +1300 CVE-2023-0614 ldb:tests: Ensure ldb_val data is zero-terminated If the value of an ldb message element is not zero-terminated, calling ldb_msg_find_attr_as_string() will cause the function to read off the end of the buffer in an attempt to verify that the value is zero-terminated. This can cause unexpected behaviour and make the test randomly fail. To avoid this, we must have a terminating null byte that is *not* counted as part of the length, and so we must calculate the length with strlen() rather than sizeof. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270 Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit a43977499c0de2878cf7828b53691e9331e360a2 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Fri Jan 27 08:29:33 2023 +1300 CVE-2023-0614 s4-acl: Use ldb functions for handling inaccessible message elements BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270 Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit ca9c467e413faa6ed3d78009cea969fc8411b764 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Fri Jan 27 08:28:36 2023 +1300 CVE-2023-0614 ldb: Add functions for handling inaccessible message elements BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270 Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 17feef18bf5427a7a2706ca94f29274fd353e8a4 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Fri Jan 27 08:00:32 2023 +1300 CVE-2023-0614 s4-acl: Make some parameters const BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270 Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit a7222faade7757eeb2f8617b2f24706093257c17 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Tue Feb 7 09:29:51 2023 +1300 CVE-2023-0614 s4:dsdb: Use talloc_get_type_abort() more consistently It is better to explicitly abort than to dereference a NULL pointer or try to read data cast to the wrong type. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270 Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 6d2d1e7df436dcd2514edf444c904e549cf58f5a Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Fri Jan 27 07:57:27 2023 +1300 CVE-2023-0614 libcli/security: Make some parameters const BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270 Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 5fd0811ffacea0d9e872320842be53cb3f9045c1 Author: Andrew Bartlett <abart...@samba.org> Date: Fri Mar 3 10:31:40 2023 +1300 CVE-2023-0614 dsdb: Alter timeout test in large_ldap.py to be slower by matching on large objects This changes the slow aspect to be the object matching not the filter parsing. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270 Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Joseph Sutton <josephsut...@catalyst.net.nz> ----------------------------------------------------------------------- Summary of changes: .../smbdotconf/ldap/clientldapsaslwrapping.xml | 27 +- lib/ldb-samba/ldb_matching_rules.c | 17 +- lib/ldb-samba/tests/match_rules.py | 135 +-- lib/ldb-samba/tests/match_rules_remote.py | 104 ++ lib/ldb/ABI/ldb-2.8.0.sigs | 10 + lib/ldb/common/ldb_match.c | 51 +- lib/ldb/common/ldb_msg.c | 42 + lib/ldb/common/ldb_pack.c | 105 +- lib/ldb/common/ldb_parse.c | 45 +- lib/ldb/include/ldb_module.h | 31 + lib/ldb/include/ldb_private.h | 21 + lib/ldb/ldb_key_value/ldb_kv.h | 6 +- lib/ldb/ldb_key_value/ldb_kv_index.c | 59 +- lib/ldb/ldb_key_value/ldb_kv_search.c | 115 ++- lib/ldb/ldb_map/ldb_map_outbound.c | 7 +- lib/ldb/tests/ldb_filter_attrs_in_place_test.c | 940 ++++++++++++++++++ lib/ldb/tests/ldb_filter_attrs_test.c | 171 ++-- lib/ldb/wscript | 11 +- lib/param/loadparm.c | 2 +- libcli/security/access_check.c | 10 +- libcli/security/access_check.h | 2 +- python/samba/tests/auth_log.py | 2 +- source3/param/loadparm.c | 2 +- source4/dsdb/common/util.c | 24 + source4/dsdb/common/util.h | 1 + source4/dsdb/samdb/ldb_modules/acl.c | 195 +--- source4/dsdb/samdb/ldb_modules/acl_read.c | 1017 +++++++++++++------- source4/dsdb/samdb/ldb_modules/acl_util.c | 6 +- source4/dsdb/samdb/ldb_modules/dirsync.c | 11 +- source4/dsdb/samdb/ldb_modules/extended_dn_in.c | 50 +- source4/dsdb/samdb/ldb_modules/linked_attributes.c | 2 +- source4/dsdb/samdb/ldb_modules/password_hash.c | 2 +- source4/dsdb/samdb/samdb.h | 3 +- source4/dsdb/schema/schema_description.c | 7 + source4/dsdb/schema/schema_init.c | 11 +- source4/dsdb/schema/schema_set.c | 9 +- source4/dsdb/tests/python/acl_modify.py | 236 +++++ source4/dsdb/tests/python/confidential_attr.py | 254 +++-- source4/dsdb/tests/python/large_ldap.py | 17 +- source4/selftest/tests.py | 2 + source4/setup/schema_samba4.ldif | 2 + source4/torture/ldb/ldb.c | 12 +- 42 files changed, 2888 insertions(+), 888 deletions(-) create mode 100755 lib/ldb-samba/tests/match_rules_remote.py create mode 100644 lib/ldb/tests/ldb_filter_attrs_in_place_test.c create mode 100755 source4/dsdb/tests/python/acl_modify.py Changeset truncated at 500 lines: diff --git a/docs-xml/smbdotconf/ldap/clientldapsaslwrapping.xml b/docs-xml/smbdotconf/ldap/clientldapsaslwrapping.xml index 3152f0682dd..21bd2090057 100644 --- a/docs-xml/smbdotconf/ldap/clientldapsaslwrapping.xml +++ b/docs-xml/smbdotconf/ldap/clientldapsaslwrapping.xml @@ -18,25 +18,24 @@ </para> <para> - This option is needed in the case of Domain Controllers enforcing - the usage of signed LDAP connections (e.g. Windows 2000 SP3 or higher). - LDAP sign and seal can be controlled with the registry key - "<literal>HKLM\System\CurrentControlSet\Services\</literal> - <literal>NTDS\Parameters\LDAPServerIntegrity</literal>" - on the Windows server side. - </para> + This option is needed firstly to secure the privacy of + administrative connections from <command>samba-tool</command>, + including in particular new or reset passwords for users. For + this reason the default is <emphasis>seal</emphasis>.</para> - <para> - Depending on the used KRB5 library (MIT and older Heimdal versions) - it is possible that the message "integrity only" is not supported. - In this case, <emphasis>sign</emphasis> is just an alias for - <emphasis>seal</emphasis>. + <para>Additionally, <command>winbindd</command> and the + <command>net</command> tool can use LDAP to communicate with + Domain Controllers, so this option also controls the level of + privacy for those connections. All supported AD DC versions + will enforce the usage of at least signed LDAP connections by + default, so a value of at least <emphasis>sign</emphasis> is + required in practice. </para> <para> - The default value is <emphasis>sign</emphasis>. That implies synchronizing the time + The default value is <emphasis>seal</emphasis>. That implies synchronizing the time with the KDC in the case of using <emphasis>Kerberos</emphasis>. </para> </description> -<value type="default">sign</value> +<value type="default">seal</value> </samba:parameter> diff --git a/lib/ldb-samba/ldb_matching_rules.c b/lib/ldb-samba/ldb_matching_rules.c index 827f3920ae8..59d1385f4e3 100644 --- a/lib/ldb-samba/ldb_matching_rules.c +++ b/lib/ldb-samba/ldb_matching_rules.c @@ -67,7 +67,12 @@ static int ldb_eval_transitive_filter_helper(TALLOC_CTX *mem_ctx, * Note also that we don't have the original request * here, so we can not apply controls or timeouts here. */ - ret = dsdb_search_dn(ldb, tmp_ctx, &res, to_visit->dn, attrs, 0); + ret = dsdb_search_dn(ldb, + tmp_ctx, + &res, + to_visit->dn, + attrs, + DSDB_MARK_REQ_UNTRUSTED); if (ret != LDB_SUCCESS) { talloc_free(tmp_ctx); return ret; @@ -370,6 +375,11 @@ static int dsdb_match_for_dns_to_tombstone_time(struct ldb_context *ldb, return LDB_SUCCESS; } + if (ldb_msg_element_is_inaccessible(el)) { + *matched = false; + return LDB_SUCCESS; + } + session_info = talloc_get_type(ldb_get_opaque(ldb, "sessionInfo"), struct auth_session_info); if (session_info == NULL) { @@ -489,6 +499,11 @@ static int dsdb_match_for_expunge(struct ldb_context *ldb, return LDB_SUCCESS; } + if (ldb_msg_element_is_inaccessible(el)) { + *matched = false; + return LDB_SUCCESS; + } + session_info = talloc_get_type(ldb_get_opaque(ldb, DSDB_SESSION_INFO), struct auth_session_info); diff --git a/lib/ldb-samba/tests/match_rules.py b/lib/ldb-samba/tests/match_rules.py index abf485c9eab..2fe6c3e2264 100755 --- a/lib/ldb-samba/tests/match_rules.py +++ b/lib/ldb-samba/tests/match_rules.py @@ -20,22 +20,35 @@ from ldb import SCOPE_BASE, SCOPE_SUBTREE, SCOPE_ONELEVEL # Windows appear to preserve casing of the RDN and uppercase the other keys. -class MatchRulesTests(samba.tests.TestCase): +class MatchRulesTestsBase(samba.tests.TestCase): def setUp(self): - super(MatchRulesTests, self).setUp() - self.lp = lp - self.ldb = SamDB(host, credentials=creds, session_info=system_session(lp), lp=lp) + super().setUp() + self.lp = self.sambaopts.get_loadparm() + self.creds = self.credopts.get_credentials(self.lp) + + self.ldb = SamDB(self.host, credentials=self.creds, + session_info=system_session(self.lp), + lp=self.lp) self.base_dn = self.ldb.domain_dn() - self.ou = "OU=matchrulestest,%s" % self.base_dn + self.ou_rdn = "OU=matchrulestest" + self.ou = self.ou_rdn + "," + self.base_dn self.ou_users = "OU=users,%s" % self.ou self.ou_groups = "OU=groups,%s" % self.ou self.ou_computers = "OU=computers,%s" % self.ou + try: + self.ldb.delete(self.ou, ["tree_delete:1"]) + except LdbError as e: + pass + # Add a organizational unit to create objects self.ldb.add({ "dn": self.ou, "objectclass": "organizationalUnit"}) + self.addCleanup(self.ldb.delete, self.ou, controls=['tree_delete:0']) + + # Add the following OU hierarchy and set otherWellKnownObjects, # which has BinaryDN syntax: # @@ -204,6 +217,39 @@ class MatchRulesTests(samba.tests.TestCase): FLAG_MOD_ADD, "member") self.ldb.modify(m) + # Add a couple of ms-Exch-Configuration-Container to test forward-link + # attributes without backward link (addressBookRoots2) + # e1 + # |--> e2 + # | |--> c1 + self.ldb.add({ + "dn": "cn=e1,%s" % self.ou, + "objectclass": "msExchConfigurationContainer"}) + self.ldb.add({ + "dn": "cn=e2,%s" % self.ou, + "objectclass": "msExchConfigurationContainer"}) + + m = Message() + m.dn = Dn(self.ldb, "cn=e2,%s" % self.ou) + m["e1"] = MessageElement("cn=c1,%s" % self.ou_computers, + FLAG_MOD_ADD, "addressBookRoots2") + self.ldb.modify(m) + + m = Message() + m.dn = Dn(self.ldb, "cn=e1,%s" % self.ou) + m["e1"] = MessageElement("cn=e2,%s" % self.ou, + FLAG_MOD_ADD, "addressBookRoots2") + self.ldb.modify(m) + + + +class MatchRulesTests(MatchRulesTestsBase): + def setUp(self): + self.sambaopts = sambaopts + self.credopts = credopts + self.host = host + super().setUp() + # The msDS-RevealedUsers is owned by system and cannot be modified # directly. Set the schemaUpgradeInProgress flag as workaround # and create this hierarchy: @@ -243,33 +289,6 @@ class MatchRulesTests(samba.tests.TestCase): m["e1"] = MessageElement("0", FLAG_MOD_REPLACE, "schemaUpgradeInProgress") self.ldb.modify(m) - # Add a couple of ms-Exch-Configuration-Container to test forward-link - # attributes without backward link (addressBookRoots2) - # e1 - # |--> e2 - # | |--> c1 - self.ldb.add({ - "dn": "cn=e1,%s" % self.ou, - "objectclass": "msExchConfigurationContainer"}) - self.ldb.add({ - "dn": "cn=e2,%s" % self.ou, - "objectclass": "msExchConfigurationContainer"}) - - m = Message() - m.dn = Dn(self.ldb, "cn=e2,%s" % self.ou) - m["e1"] = MessageElement("cn=c1,%s" % self.ou_computers, - FLAG_MOD_ADD, "addressBookRoots2") - self.ldb.modify(m) - - m = Message() - m.dn = Dn(self.ldb, "cn=e1,%s" % self.ou) - m["e1"] = MessageElement("cn=e2,%s" % self.ou, - FLAG_MOD_ADD, "addressBookRoots2") - self.ldb.modify(m) - - def tearDown(self): - super(MatchRulesTests, self).tearDown() - self.ldb.delete(self.ou, controls=['tree_delete:0']) def test_u1_member_of_g4(self): # Search without transitive match must return 0 results @@ -945,8 +964,12 @@ class MatchRulesTests(samba.tests.TestCase): class MatchRuleConditionTests(samba.tests.TestCase): def setUp(self): super(MatchRuleConditionTests, self).setUp() - self.lp = lp - self.ldb = SamDB(host, credentials=creds, session_info=system_session(lp), lp=lp) + self.lp = sambaopts.get_loadparm() + self.creds = credopts.get_credentials(self.lp) + + self.ldb = SamDB(host, credentials=self.creds, + session_info=system_session(self.lp), + lp=self.lp) self.base_dn = self.ldb.domain_dn() self.ou = "OU=matchruleconditiontests,%s" % self.base_dn self.ou_users = "OU=users,%s" % self.ou @@ -1745,32 +1768,30 @@ class MatchRuleConditionTests(samba.tests.TestCase): self.ou_groups, self.ou_computers)) self.assertEqual(len(res1), 0) +if __name__ == "__main__": -parser = optparse.OptionParser("match_rules.py [options] <host>") -sambaopts = options.SambaOptions(parser) -parser.add_option_group(sambaopts) -parser.add_option_group(options.VersionOptions(parser)) - -# use command line creds if available -credopts = options.CredentialsOptions(parser) -parser.add_option_group(credopts) -opts, args = parser.parse_args() -subunitopts = SubunitOptions(parser) -parser.add_option_group(subunitopts) + parser = optparse.OptionParser("match_rules.py [options] <host>") + sambaopts = options.SambaOptions(parser) + parser.add_option_group(sambaopts) + parser.add_option_group(options.VersionOptions(parser)) -if len(args) < 1: - parser.print_usage() - sys.exit(1) + # use command line creds if available + credopts = options.CredentialsOptions(parser) + parser.add_option_group(credopts) + opts, args = parser.parse_args() + subunitopts = SubunitOptions(parser) + parser.add_option_group(subunitopts) -host = args[0] + if len(args) < 1: + parser.print_usage() + sys.exit(1) -lp = sambaopts.get_loadparm() -creds = credopts.get_credentials(lp) + host = args[0] -if "://" not in host: - if os.path.isfile(host): - host = "tdb://%s" % host - else: - host = "ldap://%s" % host + if "://" not in host: + if os.path.isfile(host): + host = "tdb://%s" % host + else: + host = "ldap://%s" % host -TestProgram(module=__name__, opts=subunitopts) + TestProgram(module=__name__, opts=subunitopts) diff --git a/lib/ldb-samba/tests/match_rules_remote.py b/lib/ldb-samba/tests/match_rules_remote.py new file mode 100755 index 00000000000..122231f2a60 --- /dev/null +++ b/lib/ldb-samba/tests/match_rules_remote.py @@ -0,0 +1,104 @@ +#!/usr/bin/env python3 + +import optparse +import sys +import os +import samba +import samba.getopt as options + +from samba.tests.subunitrun import SubunitOptions, TestProgram + +from samba.samdb import SamDB +from samba.auth import system_session +from samba import sd_utils +from samba.ndr import ndr_unpack +from ldb import Message, MessageElement, Dn, LdbError +from ldb import FLAG_MOD_ADD, FLAG_MOD_REPLACE, FLAG_MOD_DELETE +from ldb import SCOPE_BASE, SCOPE_SUBTREE, SCOPE_ONELEVEL + +from match_rules import MatchRulesTestsBase + + +class MatchRulesTestsUser(MatchRulesTestsBase): + def setUp(self): + self.sambaopts = sambaopts + self.credopts = credopts + self.host = host + super().setUp() + self.sd_utils = sd_utils.SDUtils(self.ldb) + + self.user_pass = "samba123@" + self.match_test_user = "matchtestuser" + self.ldb.newuser(self.match_test_user, + self.user_pass, + userou=self.ou_rdn) + user_creds = self.insta_creds(template=self.creds, + username=self.match_test_user, + userpass=self.user_pass) + self.user_ldb = SamDB(host, credentials=user_creds, lp=self.lp) + token_res = self.user_ldb.search(scope=SCOPE_BASE, + base="", + attrs=["tokenGroups"]) + self.user_sid = ndr_unpack(samba.dcerpc.security.dom_sid, + token_res[0]["tokenGroups"][0]) + + self.member_attr_guid = "bf9679c0-0de6-11d0-a285-00aa003049e2" + + def test_with_denied_link(self): + + # add an ACE that denies the user Read Property (RP) access to + # the member attr (which is similar to making the attribute + # confidential) + ace = "(OD;;RP;{0};;{1})".format(self.member_attr_guid, + self.user_sid) + g2_dn = Dn(self.ldb, "CN=g2,%s" % self.ou_groups) + + # add the ACE that denies access to the attr under test + self.sd_utils.dacl_add_ace(g2_dn, ace) + + # Search without transitive match must return 0 results + res1 = self.ldb.search("cn=g4,%s" % self.ou_groups, + scope=SCOPE_BASE, + expression="member=cn=u1,%s" % self.ou_users) + self.assertEqual(len(res1), 0) + + # Search with transitive match must return 1 results + res1 = self.ldb.search("cn=g4,%s" % self.ou_groups, + scope=SCOPE_BASE, + expression="member:1.2.840.113556.1.4.1941:=cn=u1,%s" % self.ou_users) + self.assertEqual(len(res1), 1) + self.assertEqual(str(res1[0].dn).lower(), ("CN=g4,%s" % self.ou_groups).lower()) + + # Search as a user match must return 0 results as the intermediate link can't be seen + res1 = self.user_ldb.search("cn=g4,%s" % self.ou_groups, + scope=SCOPE_BASE, + expression="member:1.2.840.113556.1.4.1941:=cn=u1,%s" % self.ou_users) + self.assertEqual(len(res1), 0) + + + +parser = optparse.OptionParser("match_rules_remote.py [options] <host>") +sambaopts = options.SambaOptions(parser) +parser.add_option_group(sambaopts) +parser.add_option_group(options.VersionOptions(parser)) + +# use command line creds if available +credopts = options.CredentialsOptions(parser) +parser.add_option_group(credopts) +opts, args = parser.parse_args() +subunitopts = SubunitOptions(parser) +parser.add_option_group(subunitopts) + +if len(args) < 1: + parser.print_usage() + sys.exit(1) + +host = args[0] + +if "://" not in host: + if os.path.isfile(host): + host = "tdb://%s" % host + else: + host = "ldap://%s" % host + +TestProgram(module=__name__, opts=subunitopts) diff --git a/lib/ldb/ABI/ldb-2.8.0.sigs b/lib/ldb/ABI/ldb-2.8.0.sigs index b53c9925cde..759659a22f9 100644 --- a/lib/ldb/ABI/ldb-2.8.0.sigs +++ b/lib/ldb/ABI/ldb-2.8.0.sigs @@ -86,6 +86,7 @@ ldb_errstring: const char *(struct ldb_context *) ldb_extended: int (struct ldb_context *, const char *, void *, struct ldb_result **) ldb_extended_default_callback: int (struct ldb_request *, struct ldb_reply *) ldb_filter_attrs: int (struct ldb_context *, const struct ldb_message *, const char * const *, struct ldb_message *) +ldb_filter_attrs_in_place: int (struct ldb_message *, const char * const *) ldb_filter_from_tree: char *(TALLOC_CTX *, const struct ldb_parse_tree *) ldb_get_config_basedn: struct ldb_dn *(struct ldb_context *) ldb_get_create_perms: unsigned int (struct ldb_context *) @@ -125,6 +126,7 @@ ldb_match_message: int (struct ldb_context *, const struct ldb_message *, const ldb_match_msg: int (struct ldb_context *, const struct ldb_message *, const struct ldb_parse_tree *, struct ldb_dn *, enum ldb_scope) ldb_match_msg_error: int (struct ldb_context *, const struct ldb_message *, const struct ldb_parse_tree *, struct ldb_dn *, enum ldb_scope, bool *) ldb_match_msg_objectclass: int (const struct ldb_message *, const char *) +ldb_match_scope: int (struct ldb_context *, struct ldb_dn *, struct ldb_dn *, enum ldb_scope) ldb_mod_register_control: int (struct ldb_module *, const char *) ldb_modify: int (struct ldb_context *, const struct ldb_message *) ldb_modify_default_callback: int (struct ldb_request *, struct ldb_reply *) @@ -149,6 +151,7 @@ ldb_modules_hook: int (struct ldb_context *, enum ldb_module_hook_type) ldb_modules_list_from_string: const char **(struct ldb_context *, TALLOC_CTX *, const char *) ldb_modules_load: int (const char *, const char *) ldb_msg_add: int (struct ldb_message *, const struct ldb_message_element *, int) +ldb_msg_add_distinguished_name: int (struct ldb_message *) ldb_msg_add_empty: int (struct ldb_message *, const char *, int, struct ldb_message_element **) ldb_msg_add_fmt: int (struct ldb_message *, const char *, const char *, ...) ldb_msg_add_linearized_dn: int (struct ldb_message *, const char *, struct ldb_dn *) @@ -174,6 +177,9 @@ ldb_msg_element_add_value: int (TALLOC_CTX *, struct ldb_message_element *, cons ldb_msg_element_compare: int (struct ldb_message_element *, struct ldb_message_element *) ldb_msg_element_compare_name: int (struct ldb_message_element *, struct ldb_message_element *) ldb_msg_element_equal_ordered: bool (const struct ldb_message_element *, const struct ldb_message_element *) +ldb_msg_element_is_inaccessible: bool (const struct ldb_message_element *) +ldb_msg_element_mark_inaccessible: void (struct ldb_message_element *) +ldb_msg_elements_take_ownership: int (struct ldb_message *) ldb_msg_find_attr_as_bool: int (const struct ldb_message *, const char *, int) ldb_msg_find_attr_as_dn: struct ldb_dn *(struct ldb_context *, TALLOC_CTX *, const struct ldb_message *, const char *) ldb_msg_find_attr_as_double: double (const struct ldb_message *, const char *, double) @@ -191,8 +197,10 @@ ldb_msg_new: struct ldb_message *(TALLOC_CTX *) ldb_msg_normalize: int (struct ldb_context *, TALLOC_CTX *, const struct ldb_message *, struct ldb_message **) ldb_msg_remove_attr: void (struct ldb_message *, const char *) ldb_msg_remove_element: void (struct ldb_message *, struct ldb_message_element *) +ldb_msg_remove_inaccessible: void (struct ldb_message *) ldb_msg_rename_attr: int (struct ldb_message *, const char *, const char *) ldb_msg_sanity_check: int (struct ldb_context *, const struct ldb_message *) +ldb_msg_shrink_to_fit: void (struct ldb_message *) ldb_msg_sort_elements: void (struct ldb_message *) ldb_next_del_trans: int (struct ldb_module *) ldb_next_end_trans: int (struct ldb_module *) @@ -213,12 +221,14 @@ ldb_parse_control_strings: struct ldb_control **(struct ldb_context *, TALLOC_CT ldb_parse_tree: struct ldb_parse_tree *(TALLOC_CTX *, const char *) ldb_parse_tree_attr_replace: void (struct ldb_parse_tree *, const char *, const char *) ldb_parse_tree_copy_shallow: struct ldb_parse_tree *(TALLOC_CTX *, const struct ldb_parse_tree *) +ldb_parse_tree_get_attr: const char *(const struct ldb_parse_tree *) ldb_parse_tree_walk: int (struct ldb_parse_tree *, int (*)(struct ldb_parse_tree *, void *), void *) ldb_qsort: void (void * const, size_t, size_t, void *, ldb_qsort_cmp_fn_t) ldb_register_backend: int (const char *, ldb_connect_fn, bool) ldb_register_extended_match_rule: int (struct ldb_context *, const struct ldb_extended_match_rule *) ldb_register_hook: int (ldb_hook_fn) ldb_register_module: int (const struct ldb_module_ops *) +ldb_register_redact_callback: int (struct ldb_context *, ldb_redact_fn, struct ldb_module *) ldb_rename: int (struct ldb_context *, struct ldb_dn *, struct ldb_dn *) ldb_reply_add_control: int (struct ldb_reply *, const char *, bool, void *) ldb_reply_get_control: struct ldb_control *(struct ldb_reply *, const char *) diff --git a/lib/ldb/common/ldb_match.c b/lib/ldb/common/ldb_match.c index 7127bf34568..1f74ebb84ce 100644 --- a/lib/ldb/common/ldb_match.c +++ b/lib/ldb/common/ldb_match.c @@ -39,10 +39,10 @@ /* check if the scope matches in a search result */ -static int ldb_match_scope(struct ldb_context *ldb, - struct ldb_dn *base, - struct ldb_dn *dn, - enum ldb_scope scope) +int ldb_match_scope(struct ldb_context *ldb, + struct ldb_dn *base, + struct ldb_dn *dn, + enum ldb_scope scope) { int ret = 0; @@ -571,6 +571,26 @@ static int ldb_match_extended(struct ldb_context *ldb, &tree->u.extended.value, matched); } +static bool ldb_must_suppress_match(const struct ldb_message *msg, + const struct ldb_parse_tree *tree) +{ + const char *attr = NULL; + struct ldb_message_element *el = NULL; + + attr = ldb_parse_tree_get_attr(tree); + if (attr == NULL) { + return false; + } + + /* find the message element */ + el = ldb_msg_find_element(msg, attr); + if (el == NULL) { + return false; + } + + return ldb_msg_element_is_inaccessible(el); +} + /* Check if a particular message will match the given filter @@ -595,6 +615,17 @@ int ldb_match_message(struct ldb_context *ldb, return LDB_SUCCESS; } + /* + * Suppress matches on confidential attributes (handled + * manually in extended matches as these can do custom things -- Samba Shared Repository