[SCM] Samba Shared Repository - branch master updated

Douglas Bagnall Tue, 20 Jan 2026 19:30:25 -0800

The branch, master has been updated
       via  2a5135fe15e lib:ldb-samba:ildap: fix empty attribute list handling
      from  60540b9eedd WHATSNEW: Start release notes for Samba 4.21.0pre1.


https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 2a5135fe15e9391a2c9a6b7292fa8094e7754966
Author: Gary Lockyer <[email protected]>
Date:   Fri Jan 16 12:48:38 2026 +1300

    lib:ldb-samba:ildap: fix empty attribute list handling
    
    An LDB request interprets an empty attribute list as a request for no
    attributes, but LDAP interprets an empty list as a request for all 
attributes,
    and ["1.1"] as a request for no attributes, as per
    RFC4511:4.5.1.8(SearchRequest.attributes).  We need to convert [] to ["1.1"]
    in the ildap module before the request goes out.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13852
    
    Signed-off-by: Aaron Haslett <[email protected]>
    Signed-off-by: Gary Lockyer <[email protected]>
    Reviewed-by: Douglas Bagnall <[email protected]>
    
    Autobuild-User(master): Douglas Bagnall <[email protected]>
    Autobuild-Date(master): Wed Jan 21 03:29:23 UTC 2026 on atb-devel-224

-----------------------------------------------------------------------

Summary of changes:
 lib/ldb-samba/ldb_ildap.c                | 15 +++++++++++++-
 python/samba/tests/samba_tool/contact.py |  2 +-
 selftest/knownfail.d/ldap                |  1 -
 source4/dsdb/tests/python/ldap.py        | 34 ++++++++++++++++++++++++++++++++
 4 files changed, 49 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/lib/ldb-samba/ldb_ildap.c b/lib/ldb-samba/ldb_ildap.c
index 8ddb0ae9b8d..ab2ceb02293 100644
--- a/lib/ldb-samba/ldb_ildap.c
+++ b/lib/ldb-samba/ldb_ildap.c
@@ -558,8 +558,21 @@ static int ildb_search(struct ildb_context *ac)
        msg->r.SearchRequest.tree = discard_const(req->op.search.tree);
 
        for (n = 0; req->op.search.attrs && req->op.search.attrs[n]; n++) /* 
noop */ ;
+
+       /*
+        * In LDB, an empty attribute list indicates a request for no
+        * attributes, but in LDAP no attributes is requested with an
+        * attribute list of ["1.1"] according to RFC4511:4.5.1.8.
+        */
+       if (req->op.search.attrs && n == 0) {
+               static const char * attrs[] = {"1.1", NULL};
+               msg->r.SearchRequest.attributes = attrs;
+               n = 1;
+       } else {
+               msg->r.SearchRequest.attributes = req->op.search.attrs;
+       }
+
        msg->r.SearchRequest.num_attributes = n;
-       msg->r.SearchRequest.attributes = req->op.search.attrs;
        msg->controls = req->controls;
 
        return ildb_request_send(ac, msg);
diff --git a/python/samba/tests/samba_tool/contact.py 
b/python/samba/tests/samba_tool/contact.py
index 39e96231692..4978261ad7a 100644
--- a/python/samba/tests/samba_tool/contact.py
+++ b/python/samba/tests/samba_tool/contact.py
@@ -461,7 +461,7 @@ class ContactCmdTestCase(SambaToolCmdTest):
         contactlist = self.samdb.search(base=self.samdb.domain_dn(),
                                         scope=ldb.SCOPE_SUBTREE,
                                         expression=search_filter,
-                                        attrs=[])
+                                        attrs=["*"])
         if contactlist:
             return contactlist[0]
         else:
diff --git a/selftest/knownfail.d/ldap b/selftest/knownfail.d/ldap
index 0331d3687d4..f1abcf2aca0 100644
--- a/selftest/knownfail.d/ldap
+++ b/selftest/knownfail.d/ldap
@@ -1,3 +1,2 @@
 # the attributes too long test returns the wrong error
 ^samba4.ldap.python.+test_attribute_ranges_too_long
-samba4.ldap.python\(ad_dc_default\).*__main__.BasicTests.test_ldapSearchNoAttributes
diff --git a/source4/dsdb/tests/python/ldap.py 
b/source4/dsdb/tests/python/ldap.py
index 54219ee5003..bc5fb45d9be 100755
--- a/source4/dsdb/tests/python/ldap.py
+++ b/source4/dsdb/tests/python/ldap.py
@@ -3200,6 +3200,40 @@ nTSecurityDescriptor:: """ + desc_base64
         self.assertEqual(len(res), 1)
         self.assertEqual(len(res[0]), 0)
 
+    def test_ldapSearchExplicitNoAttributesOid(self):
+        """Testing ldap search with the no attributes OID 1.1 specified"""
+
+        user_name = "testnoattributesoiduser"
+        user_dn = "CN=%s,%s" % (user_name, self.base_dn)
+        delete_force(self.ldb, user_dn)
+
+        self.ldb.add({"dn": user_dn,
+                      "objectClass": "user",
+                      "sAMAccountName": user_name})
+
+        res = self.ldb.search(user_dn, scope=SCOPE_BASE, attrs=["1.1"])
+        delete_force(self.ldb, user_dn)
+
+        self.assertEqual(len(res), 1)
+        self.assertEqual(len(res[0]), 0)
+
+    def test_ldapSearchAllAttributes(self):
+        """Testing ldap search with all attributes"""
+
+        user_name = "testallattributesuser"
+        user_dn = "CN=%s,%s" % (user_name, self.base_dn)
+        delete_force(self.ldb, user_dn)
+
+        self.ldb.add({"dn": user_dn,
+                      "objectClass": "user",
+                      "sAMAccountName": user_name})
+
+        res = self.ldb.search(user_dn, scope=SCOPE_BASE, attrs=["*"])
+        delete_force(self.ldb, user_dn)
+
+        self.assertEqual(len(res), 1)
+        self.assertTrue(len(res[0]) > 3)
+
 
 class BaseDnTests(samba.tests.TestCase):
 


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

Reply via email to