代码拉取完成,页面将自动刷新
同步操作将从 src-openEuler/samba 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
From 4f8b4ce403ff68ca26d33d7272276052829c96f7 Mon Sep 17 00:00:00 2001
From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Fri, 3 Mar 2023 17:29:03 +1300
Subject: [PATCH 12/34] CVE-2023-0614 ldb: Add function to filter message in
place
At present this function is an exact duplicate of ldb_filter_attrs(),
but in the next commit we shall modify it to work in place, without the
need for the allocation of a second message.
The test is a near duplicate of the existing test for
ldb_filter_attrs().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Conflict: NA
Reference: https://attachments.samba.org/attachment.cgi?id=17821
---
lib/ldb/common/ldb_pack.c | 143 +++
lib/ldb/include/ldb_module.h | 10 +
.../tests/ldb_filter_attrs_in_place_test.c | 989 ++++++++++++++++++
lib/ldb/wscript | 6 +
4 files changed, 1148 insertions(+)
create mode 100644 lib/ldb/tests/ldb_filter_attrs_in_place_test.c
diff --git a/lib/ldb/common/ldb_pack.c b/lib/ldb/common/ldb_pack.c
index b0b0d64a5ba..f19ac73fa5e 100644
--- a/lib/ldb/common/ldb_pack.c
+++ b/lib/ldb/common/ldb_pack.c
@@ -1262,6 +1262,149 @@ failed:
return -1;
}
+/*
+ * filter the specified list of attributes from msg,
+ * adding requested attributes, and perhaps all for *,
+ * but not the DN to filtered_msg.
+ */
+int ldb_filter_attrs_in_place(struct ldb_context *ldb,
+ const struct ldb_message *msg,
+ const char *const *attrs,
+ struct ldb_message *filtered_msg)
+{
+ unsigned int i;
+ bool keep_all = false;
+ bool add_dn = false;
+ uint32_t num_elements;
+ uint32_t elements_size;
+
+ if (attrs) {
+ /* check for special attrs */
+ for (i = 0; attrs[i]; i++) {
+ int cmp = strcmp(attrs[i], "*");
+ if (cmp == 0) {
+ keep_all = true;
+ break;
+ }
+ cmp = ldb_attr_cmp(attrs[i], "distinguishedName");
+ if (cmp == 0) {
+ add_dn = true;
+ }
+ }
+ } else {
+ keep_all = true;
+ }
+
+ if (keep_all) {
+ add_dn = true;
+ elements_size = msg->num_elements + 1;
+
+ /* Shortcuts for the simple cases */
+ } else if (add_dn && i == 1) {
+ if (ldb_msg_add_distinguished_name(filtered_msg) != 0) {
+ goto failed;
+ }
+ return 0;
+ } else if (i == 0) {
+ return 0;
+
+ /*
+ * Otherwise we are copying at most as many elements as we
+ * have attributes
+ */
+ } else {
+ elements_size = i;
+ }
+
+ filtered_msg->elements = talloc_array(filtered_msg,
+ struct ldb_message_element,
+ elements_size);
+ if (filtered_msg->elements == NULL) goto failed;
+
+ num_elements = 0;
+
+ for (i = 0; i < msg->num_elements; i++) {
+ struct ldb_message_element *el = &msg->elements[i];
+
+ /*
+ * el2 is assigned after the Pigeonhole principle
+ * check below for clarity
+ */
+ struct ldb_message_element *el2 = NULL;
+ unsigned int j;
+
+ if (keep_all == false) {
+ bool found = false;
+ for (j = 0; attrs[j]; j++) {
+ int cmp = ldb_attr_cmp(el->name, attrs[j]);
+ if (cmp == 0) {
+ found = true;
+ break;
+ }
+ }
+ if (found == false) {
+ continue;
+ }
+ }
+
+ /*
+ * Pigeonhole principle: we can't have more elements
+ * than the number of attributes if they are unique in
+ * the DB.
+ */
+ if (num_elements >= elements_size) {
+ goto failed;
+ }
+
+ el2 = &filtered_msg->elements[num_elements];
+
+ *el2 = *el;
+ el2->name = talloc_strdup(filtered_msg->elements,
+ el->name);
+ if (el2->name == NULL) {
+ goto failed;
+ }
+ el2->values = talloc_array(filtered_msg->elements,
+ struct ldb_val, el->num_values);
+ if (el2->values == NULL) {
+ goto failed;
+ }
+ for (j=0;j<el->num_values;j++) {
+ el2->values[j] = ldb_val_dup(el2->values, &el->values[j]);
+ if (el2->values[j].data == NULL && el->values[j].length != 0) {
+ goto failed;
+ }
+ }
+ num_elements++;
+ }
+
+ filtered_msg->num_elements = num_elements;
+
+ if (add_dn) {
+ if (ldb_msg_add_distinguished_name(filtered_msg) != 0) {
+ goto failed;
+ }
+ }
+
+ if (filtered_msg->num_elements > 0) {
+ filtered_msg->elements
+ = talloc_realloc(filtered_msg,
+ filtered_msg->elements,
+ struct ldb_message_element,
+ filtered_msg->num_elements);
+ if (filtered_msg->elements == NULL) {
+ goto failed;
+ }
+ } else {
+ TALLOC_FREE(filtered_msg->elements);
+ }
+
+ return 0;
+failed:
+ TALLOC_FREE(filtered_msg->elements);
+ return -1;
+}
+
/* Have an unpacked ldb message take talloc ownership of its elements. */
int ldb_msg_elements_take_ownership(struct ldb_message *msg)
{
diff --git a/lib/ldb/include/ldb_module.h b/lib/ldb/include/ldb_module.h
index 8c7f33496fb..105093cf38c 100644
--- a/lib/ldb/include/ldb_module.h
+++ b/lib/ldb/include/ldb_module.h
@@ -543,6 +543,16 @@ int ldb_filter_attrs(struct ldb_context *ldb,
const char *const *attrs,
struct ldb_message *filtered_msg);
+/*
+ * filter the specified list of attributes from msg,
+ * adding requested attributes, and perhaps all for *,
+ * but not the DN to filtered_msg.
+ */
+int ldb_filter_attrs_in_place(struct ldb_context *ldb,
+ const struct ldb_message *msg,
+ const char *const *attrs,
+ struct ldb_message *filtered_msg);
+
/* Have an unpacked ldb message take talloc ownership of its elements. */
int ldb_msg_elements_take_ownership(struct ldb_message *msg);
diff --git a/lib/ldb/tests/ldb_filter_attrs_in_place_test.c b/lib/ldb/tests/ldb_filter_attrs_in_place_test.c
new file mode 100644
index 00000000000..bef961f8f9c
--- /dev/null
+++ b/lib/ldb/tests/ldb_filter_attrs_in_place_test.c
@@ -0,0 +1,989 @@
+/*
+ * Tests exercising ldb_filter_attrs_in_place().
+ *
+ *
+ * Copyright (C) Catalyst.NET Ltd 2017
+ * Copyright (C) Andrew Bartlett <abartlet@samba.org> 2019
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+/*
+ * from cmocka.c:
+ * These headers or their equivalents should be included prior to
+ * including
+ * this header file.
+ *
+ * #include <stdarg.h>
+ * #include <stddef.h>
+ * #include <setjmp.h>
+ *
+ * This allows test applications to use custom definitions of C standard
+ * library functions and types.
+ */
+#include <stdarg.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <string.h>
+#include <setjmp.h>
+#include <cmocka.h>
+
+#include "../include/ldb.h"
+#include "../include/ldb_module.h"
+
+struct ldbtest_ctx {
+ struct tevent_context *ev;
+ struct ldb_context *ldb;
+};
+
+/*
+ * NOTE WELL:
+ *
+ * This test checks the current behaviour of the function, however
+ * this is not in a public ABI and many of the tested behaviours are
+ * not ideal. If the behaviour is deliberatly improved, this test
+ * should be updated without worry to the new better behaviour.
+ *
+ * In particular the test is particularly to ensure the current
+ * behaviour is memory-safe.
+ */
+
+static int setup(void **state)
+{
+ struct ldbtest_ctx *test_ctx;
+
+ test_ctx = talloc_zero(NULL, struct ldbtest_ctx);
+ assert_non_null(test_ctx);
+
+ test_ctx->ev = tevent_context_init(test_ctx);
+ assert_non_null(test_ctx->ev);
+
+ test_ctx->ldb = ldb_init(test_ctx, test_ctx->ev);
+ assert_non_null(test_ctx->ldb);
+
+ *state = test_ctx;
+ return 0;
+}
+
+static int teardown(void **state)
+{
+ talloc_free(*state);
+ return 0;
+}
+
+
+/*
+ * Test against a record with only one attribute, matching the one in
+ * the list
+ */
+static void test_filter_attrs_one_attr_matched(void **state)
+{
+ struct ldbtest_ctx *ctx = *state;
+ int ret;
+
+ struct ldb_message *filtered_msg = ldb_msg_new(ctx);
+
+ const char *attrs[] = {"foo", NULL};
+
+ char value[] = "The value.......end";
+ struct ldb_val value_1 = {
+ .data = (uint8_t *)value,
+ .length = strlen(value)
+ };
+ struct ldb_message_element element_1 = {
+ .name = "foo",
+ .num_values = 1,
+ .values = &value_1
+ };
+ struct ldb_message in = {
+ .dn = ldb_dn_new(ctx, ctx->ldb, "dc=samba,dc=org"),
+ .num_elements = 1,
+ .elements = &element_1,
+ };
+
+ assert_non_null(in.dn);
+
+ ret = ldb_filter_attrs_in_place(ctx->ldb,
+ &in,
+ attrs,
+ filtered_msg);
+ assert_int_equal(ret, LDB_SUCCESS);
+ assert_non_null(filtered_msg);
+
+ /*
+ * assert the ldb_filter_attrs_in_place does not read or modify
+ * filtered_msg.dn in this case
+ */
+ assert_null(filtered_msg->dn);
+ assert_int_equal(filtered_msg->num_elements, 1);
+ assert_string_equal(filtered_msg->elements[0].name, "foo");
+ assert_int_equal(filtered_msg->elements[0].num_values, 1);
+ assert_int_equal(filtered_msg->elements[0].values[0].length,
+ strlen(value));
+ assert_memory_equal(filtered_msg->elements[0].values[0].data,
+ value, strlen(value));
+}
+
+/*
+ * Test against a record with only one attribute, matching the one of
+ * the multiple attributes in the list
+ */
+static void test_filter_attrs_one_attr_matched_of_many(void **state)
+{
+ struct ldbtest_ctx *ctx = *state;
+ int ret;
+
+ struct ldb_message *filtered_msg = ldb_msg_new(ctx);
+
+ const char *attrs[] = {"foo", "bar", "baz", NULL};
+
+ char value[] = "The value.......end";
+ struct ldb_val value_1 = {
+ .data = (uint8_t *)value,
+ .length = strlen(value)
+ };
+ struct ldb_message_element element_1 = {
+ .name = "foo",
+ .num_values = 1,
+ .values = &value_1
+ };
+ struct ldb_message in = {
+ .dn = ldb_dn_new(ctx, ctx->ldb, "dc=samba,dc=org"),
+ .num_elements = 1,
+ .elements = &element_1,
+ };
+
+ assert_non_null(in.dn);
+
+ ret = ldb_filter_attrs_in_place(ctx->ldb,
+ &in,
+ attrs,
+ filtered_msg);
+ assert_int_equal(ret, LDB_SUCCESS);
+ assert_non_null(filtered_msg);
+
+ /*
+ * assert the ldb_filter_attrs_in_place does not read or modify
+ * filtered_msg.dn in this case
+ */
+ assert_null(filtered_msg->dn);
+ assert_int_equal(filtered_msg->num_elements, 1);
+ assert_string_equal(filtered_msg->elements[0].name, "foo");
+ assert_int_equal(filtered_msg->elements[0].num_values, 1);
+ assert_int_equal(filtered_msg->elements[0].values[0].length,
+ strlen(value));
+ assert_memory_equal(filtered_msg->elements[0].values[0].data,
+ value, strlen(value));
+}
+
+/*
+ * Test against a record with only one attribute, matching both
+ * attributes in the list
+ */
+static void test_filter_attrs_two_attr_matched_attrs(void **state)
+{
+ struct ldbtest_ctx *ctx = *state;
+ int ret;
+
+ struct ldb_message *filtered_msg = ldb_msg_new(ctx);
+
+ /* deliberatly the other order */
+ const char *attrs[] = {"bar", "foo", NULL};
+
+ char value1[] = "The value.......end";
+ char value2[] = "The value..MUST.end";
+ struct ldb_val value_1 = {
+ .data = (uint8_t *)value1,
+ .length = strlen(value1)
+ };
+ struct ldb_val value_2 = {
+ .data = (uint8_t *)value2,
+ .length = strlen(value2)
+ };
+
+ /* foo and bar are the other order to in attrs */
+ struct ldb_message_element elements[] = {
+ {
+ .name = "foo",
+ .num_values = 1,
+ .values = &value_1
+ },
+ {
+ .name = "bar",
+ .num_values = 1,
+ .values = &value_2
+ }
+ };
+ struct ldb_message in = {
+ .dn = ldb_dn_new(ctx, ctx->ldb, "dc=samba,dc=org"),
+ .num_elements = 2,
+ .elements = elements,
+ };
+
+ assert_non_null(in.dn);
+
+ ret = ldb_filter_attrs_in_place(ctx->ldb,
+ &in,
+ attrs,
+ filtered_msg);
+ assert_int_equal(ret, LDB_SUCCESS);
+ assert_non_null(filtered_msg);
+ assert_int_equal(filtered_msg->num_elements, 2);
+
+ /*
+ * assert the ldb_filter_attrs_in_place does not read or modify
+ * filtered_msg.dn in this case
+ */
+ assert_null(filtered_msg->dn);
+
+ /* Assert that DB order is preserved */
+ assert_string_equal(filtered_msg->elements[0].name, "foo");
+ assert_int_equal(filtered_msg->elements[0].num_values, 1);
+ assert_int_equal(filtered_msg->elements[0].values[0].length,
+ strlen(value1));
+ assert_memory_equal(filtered_msg->elements[0].values[0].data,
+ value1, strlen(value1));
+ assert_string_equal(filtered_msg->elements[1].name, "bar");
+ assert_int_equal(filtered_msg->elements[1].num_values, 1);
+ assert_int_equal(filtered_msg->elements[1].values[0].length,
+ strlen(value2));
+ assert_memory_equal(filtered_msg->elements[1].values[0].data,
+ value2, strlen(value2));
+}
+
+/*
+ * Test against a record with two attributes, only of which is in
+ * the list
+ */
+static void test_filter_attrs_two_attr_matched_one_attr(void **state)
+{
+ struct ldbtest_ctx *ctx = *state;
+ int ret;
+
+ struct ldb_message *filtered_msg = ldb_msg_new(ctx);
+
+ /* deliberatly the other order */
+ const char *attrs[] = {"bar", NULL};
+
+ char value1[] = "The value.......end";
+ char value2[] = "The value..MUST.end";
+ struct ldb_val value_1 = {
+ .data = (uint8_t *)value1,
+ .length = strlen(value1)
+ };
+ struct ldb_val value_2 = {
+ .data = (uint8_t *)value2,
+ .length = strlen(value2)
+ };
+
+ /* foo and bar are the other order to in attrs */
+ struct ldb_message_element elements[] = {
+ {
+ .name = "foo",
+ .num_values = 1,
+ .values = &value_1
+ },
+ {
+ .name = "bar",
+ .num_values = 1,
+ .values = &value_2
+ }
+ };
+ struct ldb_message in = {
+ .dn = ldb_dn_new(ctx, ctx->ldb, "dc=samba,dc=org"),
+ .num_elements = 2,
+ .elements = elements,
+ };
+
+ assert_non_null(in.dn);
+
+ ret = ldb_filter_attrs_in_place(ctx->ldb,
+ &in,
+ attrs,
+ filtered_msg);
+ assert_int_equal(ret, LDB_SUCCESS);
+ assert_non_null(filtered_msg);
+ assert_int_equal(filtered_msg->num_elements, 1);
+
+ /*
+ * assert the ldb_filter_attrs_in_place does not read or modify
+ * filtered_msg.dn in this case
+ */
+ assert_null(filtered_msg->dn);
+
+ /* Assert that DB order is preserved */
+ assert_string_equal(filtered_msg->elements[0].name, "bar");
+ assert_int_equal(filtered_msg->elements[0].num_values, 1);
+ assert_int_equal(filtered_msg->elements[0].values[0].length,
+ strlen(value2));
+ assert_memory_equal(filtered_msg->elements[0].values[0].data,
+ value2, strlen(value2));
+}
+
+/*
+ * Test against a record with two attributes, both matching the one
+ * specified attribute in the list (a corrupt record)
+ */
+static void test_filter_attrs_two_dup_attr_matched_one_attr(void **state)
+{
+ struct ldbtest_ctx *ctx = *state;
+ int ret;
+
+ struct ldb_message *filtered_msg = ldb_msg_new(ctx);
+
+ /* deliberatly the other order */
+ const char *attrs[] = {"bar", NULL};
+
+ char value1[] = "The value.......end";
+ char value2[] = "The value..MUST.end";
+ struct ldb_val value_1 = {
+ .data = (uint8_t *)value1,
+ .length = strlen(value1)
+ };
+ struct ldb_val value_2 = {
+ .data = (uint8_t *)value2,
+ .length = strlen(value2)
+ };
+
+ /* foo and bar are the other order to in attrs */
+ struct ldb_message_element elements[] = {
+ {
+ .name = "bar",
+ .num_values = 1,
+ .values = &value_1
+ },
+ {
+ .name = "bar",
+ .num_values = 1,
+ .values = &value_2
+ }
+ };
+ struct ldb_message in = {
+ .dn = ldb_dn_new(ctx, ctx->ldb, "dc=samba,dc=org"),
+ .num_elements = 2,
+ .elements = elements,
+ };
+
+ assert_non_null(in.dn);
+
+ ret = ldb_filter_attrs_in_place(ctx->ldb,
+ &in,
+ attrs,
+ filtered_msg);
+
+ /* This should fail the pidgenhole test */
+ assert_int_equal(ret, -1);
+ assert_null(filtered_msg->elements);
+}
+
+/*
+ * Test against a record with two attributes, both matching the one
+ * specified attribute in the list (a corrupt record)
+ */
+static void test_filter_attrs_two_dup_attr_matched_dup(void **state)
+{
+ struct ldbtest_ctx *ctx = *state;
+ int ret;
+
+ struct ldb_message *filtered_msg = ldb_msg_new(ctx);
+
+ const char *attrs[] = {"bar", "bar", NULL};
+
+ char value1[] = "The value.......end";
+ char value2[] = "The value..MUST.end";
+ struct ldb_val value_1 = {
+ .data = (uint8_t *)value1,
+ .length = strlen(value1)
+ };
+ struct ldb_val value_2 = {
+ .data = (uint8_t *)value2,
+ .length = strlen(value2)
+ };
+
+ /* foo and bar are the other order to in attrs */
+ struct ldb_message_element elements[] = {
+ {
+ .name = "bar",
+ .num_values = 1,
+ .values = &value_1
+ },
+ {
+ .name = "bar",
+ .num_values = 1,
+ .values = &value_2
+ }
+ };
+ struct ldb_message in = {
+ .dn = ldb_dn_new(ctx, ctx->ldb, "dc=samba,dc=org"),
+ .num_elements = 2,
+ .elements = elements,
+ };
+
+ assert_non_null(in.dn);
+
+ ret = ldb_filter_attrs_in_place(ctx->ldb,
+ &in,
+ attrs,
+ filtered_msg);
+
+ /* This does not fail the pidgenhole test */
+ assert_int_equal(ret, LDB_SUCCESS);
+ assert_int_equal(filtered_msg->num_elements, 2);
+
+ /* Assert that DB order is preserved */
+ assert_string_equal(filtered_msg->elements[0].name, "bar");
+ assert_int_equal(filtered_msg->elements[0].num_values, 1);
+ assert_int_equal(filtered_msg->elements[0].values[0].length,
+ strlen(value1));
+ assert_memory_equal(filtered_msg->elements[0].values[0].data,
+ value1, strlen(value1));
+ assert_string_equal(filtered_msg->elements[1].name, "bar");
+ assert_int_equal(filtered_msg->elements[1].num_values, 1);
+ assert_int_equal(filtered_msg->elements[1].values[0].length,
+ strlen(value2));
+ assert_memory_equal(filtered_msg->elements[1].values[0].data,
+ value2, strlen(value2));
+}
+
+/*
+ * Test against a record with two attributes, both matching one of the
+ * specified attributes in the list (a corrupt record)
+ */
+static void test_filter_attrs_two_dup_attr_matched_one_of_two(void **state)
+{
+ struct ldbtest_ctx *ctx = *state;
+ int ret;
+
+ struct ldb_message *filtered_msg = ldb_msg_new(ctx);
+
+ const char *attrs[] = {"bar", "foo", NULL};
+
+ char value1[] = "The value.......end";
+ char value2[] = "The value..MUST.end";
+ struct ldb_val value_1 = {
+ .data = (uint8_t *)value1,
+ .length = strlen(value1)
+ };
+ struct ldb_val value_2 = {
+ .data = (uint8_t *)value2,
+ .length = strlen(value2)
+ };
+
+ /* foo and bar are the other order to in attrs */
+ struct ldb_message_element elements[] = {
+ {
+ .name = "bar",
+ .num_values = 1,
+ .values = &value_1
+ },
+ {
+ .name = "bar",
+ .num_values = 1,
+ .values = &value_2
+ }
+ };
+ struct ldb_message in = {
+ .dn = ldb_dn_new(ctx, ctx->ldb, "dc=samba,dc=org"),
+ .num_elements = 2,
+ .elements = elements,
+ };
+
+ assert_non_null(in.dn);
+
+ ret = ldb_filter_attrs_in_place(ctx->ldb,
+ &in,
+ attrs,
+ filtered_msg);
+
+ /* This does not fail the pidgenhole test */
+ assert_int_equal(ret, LDB_SUCCESS);
+ assert_int_equal(filtered_msg->num_elements, 2);
+
+ /* Assert that DB order is preserved */
+ assert_string_equal(filtered_msg->elements[0].name, "bar");
+ assert_int_equal(filtered_msg->elements[0].num_values, 1);
+ assert_int_equal(filtered_msg->elements[0].values[0].length,
+ strlen(value1));
+ assert_memory_equal(filtered_msg->elements[0].values[0].data,
+ value1, strlen(value1));
+ assert_string_equal(filtered_msg->elements[1].name, "bar");
+ assert_int_equal(filtered_msg->elements[1].num_values, 1);
+ assert_int_equal(filtered_msg->elements[1].values[0].length,
+ strlen(value2));
+ assert_memory_equal(filtered_msg->elements[1].values[0].data,
+ value2, strlen(value2));
+}
+
+/*
+ * Test against a record with two attributes against * (but not the
+ * other named attribute) (a corrupt record)
+ */
+static void test_filter_attrs_two_dup_attr_matched_star(void **state)
+{
+ struct ldbtest_ctx *ctx = *state;
+ int ret;
+
+ struct ldb_message *filtered_msg = ldb_msg_new(ctx);
+
+ const char *attrs[] = {"*", "foo", NULL};
+
+ char value1[] = "The value.......end";
+ char value2[] = "The value..MUST.end";
+ struct ldb_val value_1 = {
+ .data = (uint8_t *)value1,
+ .length = strlen(value1)
+ };
+ struct ldb_val value_2 = {
+ .data = (uint8_t *)value2,
+ .length = strlen(value2)
+ };
+
+ /* foo and bar are the other order to in attrs */
+ struct ldb_message_element elements[] = {
+ {
+ .name = "bar",
+ .num_values = 1,
+ .values = &value_1
+ },
+ {
+ .name = "bar",
+ .num_values = 1,
+ .values = &value_2
+ }
+ };
+ struct ldb_message in = {
+ .dn = ldb_dn_new(ctx, ctx->ldb, "dc=samba,dc=org"),
+ .num_elements = 2,
+ .elements = elements,
+ };
+
+ assert_non_null(in.dn);
+
+ /* Needed as * implies distinguishedName */
+ filtered_msg->dn = in.dn;
+
+ ret = ldb_filter_attrs_in_place(ctx->ldb,
+ &in,
+ attrs,
+ filtered_msg);
+
+ /* This does not fail the pidgenhole test */
+ assert_int_equal(ret, LDB_SUCCESS);
+ assert_int_equal(filtered_msg->num_elements, 3);
+
+ /* Assert that DB order is preserved */
+ assert_string_equal(filtered_msg->elements[0].name, "bar");
+ assert_int_equal(filtered_msg->elements[0].num_values, 1);
+ assert_int_equal(filtered_msg->elements[0].values[0].length,
+ strlen(value1));
+ assert_memory_equal(filtered_msg->elements[0].values[0].data,
+ value1, strlen(value1));
+ assert_string_equal(filtered_msg->elements[1].name, "bar");
+ assert_int_equal(filtered_msg->elements[1].num_values, 1);
+ assert_int_equal(filtered_msg->elements[1].values[0].length,
+ strlen(value2));
+ assert_memory_equal(filtered_msg->elements[1].values[0].data,
+ value2, strlen(value2));
+ /*
+ * assert the ldb_filter_attrs_in_place does not modify filtered_msg.dn
+ * in this case
+ */
+ assert_ptr_equal(filtered_msg->dn, in.dn);
+ assert_string_equal(ldb_msg_find_attr_as_string(filtered_msg,
+ "distinguishedName",
+ NULL),
+ ldb_dn_get_linearized(in.dn));
+}
+
+/*
+ * Test against a record with only one attribute, matching the * in
+ * the list
+ */
+static void test_filter_attrs_one_attr_matched_star(void **state)
+{
+ struct ldbtest_ctx *ctx = *state;
+ int ret;
+
+ struct ldb_message *filtered_msg = ldb_msg_new(ctx);
+
+ const char *attrs[] = {"*", NULL};
+
+ char value[] = "The value.......end";
+ struct ldb_val value_1 = {
+ .data = (uint8_t *)value,
+ .length = strlen(value)
+ };
+ struct ldb_message_element element_1 = {
+ .name = "foo",
+ .num_values = 1,
+ .values = &value_1
+ };
+ struct ldb_message in = {
+ .dn = ldb_dn_new(ctx, ctx->ldb, "dc=samba,dc=org"),
+ .num_elements = 1,
+ .elements = &element_1,
+ };
+
+ assert_non_null(in.dn);
+
+ /* Needed as * implies distinguishedName */
+ filtered_msg->dn = in.dn;
+
+ ret = ldb_filter_attrs_in_place(ctx->ldb,
+ &in,
+ attrs,
+ filtered_msg);
+ assert_int_equal(ret, LDB_SUCCESS);
+ assert_non_null(filtered_msg);
+ assert_int_equal(filtered_msg->num_elements, 2);
+
+ /*
+ * assert the ldb_filter_attrs_in_place does not modify filtered_msg.dn
+ * in this case
+ */
+ assert_ptr_equal(filtered_msg->dn, in.dn);
+ assert_string_equal(ldb_msg_find_attr_as_string(filtered_msg,
+ "distinguishedName",
+ NULL),
+ ldb_dn_get_linearized(in.dn));
+ assert_string_equal(ldb_msg_find_attr_as_string(filtered_msg,
+ "foo",
+ NULL),
+ value);
+}
+
+/*
+ * Test against a record with two attributes, matching the * in
+ * the list
+ */
+static void test_filter_attrs_two_attr_matched_star(void **state)
+{
+ struct ldbtest_ctx *ctx = *state;
+ int ret;
+
+ struct ldb_message *filtered_msg = ldb_msg_new(ctx);
+
+ const char *attrs[] = {"*", NULL};
+
+ char value1[] = "The value.......end";
+ char value2[] = "The value..MUST.end";
+ struct ldb_val value_1 = {
+ .data = (uint8_t *)value1,
+ .length = strlen(value1)
+ };
+ struct ldb_val value_2 = {
+ .data = (uint8_t *)value2,
+ .length = strlen(value2)
+ };
+ struct ldb_message_element elements[] = {
+ {
+ .name = "foo",
+ .num_values = 1,
+ .values = &value_1
+ },
+ {
+ .name = "bar",
+ .num_values = 1,
+ .values = &value_2
+ }
+ };
+ struct ldb_message in = {
+ .dn = ldb_dn_new(ctx, ctx->ldb, "dc=samba,dc=org"),
+ .num_elements = 2,
+ .elements = elements,
+ };
+
+ assert_non_null(in.dn);
+
+ /* Needed as * implies distinguishedName */
+ filtered_msg->dn = in.dn;
+
+ ret = ldb_filter_attrs_in_place(ctx->ldb,
+ &in,
+ attrs,
+ filtered_msg);
+ assert_int_equal(ret, LDB_SUCCESS);
+ assert_non_null(filtered_msg);
+ assert_int_equal(filtered_msg->num_elements, 3);
+
+ /*
+ * assert the ldb_filter_attrs_in_place does not modify filtered_msg.dn
+ * in this case
+ */
+ assert_ptr_equal(filtered_msg->dn, in.dn);
+ assert_string_equal(ldb_msg_find_attr_as_string(filtered_msg,
+ "distinguishedName",
+ NULL),
+ ldb_dn_get_linearized(in.dn));
+ assert_string_equal(ldb_msg_find_attr_as_string(filtered_msg,
+ "foo",
+ NULL),
+ value1);
+ assert_string_equal(ldb_msg_find_attr_as_string(filtered_msg,
+ "bar",
+ NULL),
+ value2);
+}
+
+/*
+ * Test against a record with only one attribute, matching the * in
+ * the list, but without the DN being pre-filled. Fails due to need
+ * to contstruct the distinguishedName
+ */
+static void test_filter_attrs_one_attr_matched_star_no_dn(void **state)
+{
+ struct ldbtest_ctx *ctx = *state;
+ int ret;
+
+ struct ldb_message *filtered_msg = ldb_msg_new(ctx);
+
+ const char *attrs[] = {"*", NULL};
+
+ char value[] = "The value.......end";
+ struct ldb_val value_1 = {
+ .data = (uint8_t *)value,
+ .length = strlen(value)
+ };
+ struct ldb_message_element element_1 = {
+ .name = "foo",
+ .num_values = 1,
+ .values = &value_1
+ };
+ struct ldb_message in = {
+ .dn = ldb_dn_new(ctx, ctx->ldb, "dc=samba,dc=org"),
+ .num_elements = 1,
+ .elements = &element_1,
+ };
+
+ assert_non_null(in.dn);
+
+ ret = ldb_filter_attrs_in_place(ctx->ldb,
+ &in,
+ attrs,
+ filtered_msg);
+ assert_int_equal(ret, -1);
+ assert_null(filtered_msg->elements);
+}
+
+/*
+ * Test against a record with only one attribute, matching the * in
+ * the list plus requsesting distinguishedName
+ */
+static void test_filter_attrs_one_attr_matched_star_dn(void **state)
+{
+ struct ldbtest_ctx *ctx = *state;
+ int ret;
+
+ struct ldb_message *filtered_msg = ldb_msg_new(ctx);
+
+ const char *attrs[] = {"*", "distinguishedName", NULL};
+
+ char value[] = "The value.......end";
+ struct ldb_val value_1 = {
+ .data = (uint8_t *)value,
+ .length = strlen(value)
+ };
+ struct ldb_message_element element_1 = {
+ .name = "foo",
+ .num_values = 1,
+ .values = &value_1
+ };
+ struct ldb_message in = {
+ .dn = ldb_dn_new(ctx, ctx->ldb, "dc=samba,dc=org"),
+ .num_elements = 1,
+ .elements = &element_1,
+ };
+
+ assert_non_null(in.dn);
+
+ /* Needed for distinguishedName */
+ filtered_msg->dn = in.dn;
+
+ ret = ldb_filter_attrs_in_place(ctx->ldb,
+ &in,
+ attrs,
+ filtered_msg);
+ assert_int_equal(ret, LDB_SUCCESS);
+ assert_non_null(filtered_msg);
+ assert_int_equal(filtered_msg->num_elements, 2);
+
+ /* show that ldb_filter_attrs_in_place does not modify in.dn */
+ assert_ptr_equal(filtered_msg->dn, in.dn);
+
+ assert_string_equal(ldb_msg_find_attr_as_string(filtered_msg,
+ "distinguishedName",
+ NULL),
+ ldb_dn_get_linearized(in.dn));
+ assert_string_equal(ldb_msg_find_attr_as_string(filtered_msg,
+ "foo",
+ NULL),
+ value);
+}
+
+/*
+ * Test against a record with only one attribute, but returning
+ * distinguishedName from the list (only)
+ */
+static void test_filter_attrs_one_attr_matched_dn(void **state)
+{
+ struct ldbtest_ctx *ctx = *state;
+ int ret;
+
+ struct ldb_message *filtered_msg = ldb_msg_new(ctx);
+
+ const char *attrs[] = {"distinguishedName", NULL};
+
+ char value[] = "The value.......end";
+ struct ldb_val value_1 = {
+ .data = (uint8_t *)value,
+ .length = strlen(value)
+ };
+ struct ldb_message_element element_1 = {
+ .name = "foo",
+ .num_values = 1,
+ .values = &value_1
+ };
+ struct ldb_message in = {
+ .dn = ldb_dn_new(ctx, ctx->ldb, "dc=samba,dc=org"),
+ .num_elements = 1,
+ .elements = &element_1,
+ };
+
+ assert_non_null(in.dn);
+
+ /* Needed for distinguishedName */
+ filtered_msg->dn = in.dn;
+
+ ret = ldb_filter_attrs_in_place(ctx->ldb,
+ &in,
+ attrs,
+ filtered_msg);
+ assert_int_equal(ret, LDB_SUCCESS);
+ assert_non_null(filtered_msg);
+ assert_int_equal(filtered_msg->num_elements, 1);
+
+ /* show that ldb_filter_attrs_in_place does not modify in.dn */
+ assert_ptr_equal(filtered_msg->dn, in.dn);
+ assert_string_equal(filtered_msg->elements[0].name, "distinguishedName");
+ assert_int_equal(filtered_msg->elements[0].num_values, 1);
+ assert_string_equal(filtered_msg->elements[0].values[0].data,
+ ldb_dn_get_linearized(in.dn));
+}
+
+/*
+ * Test against a record with only one attribute, not matching the
+ * empty attribute list
+ */
+static void test_filter_attrs_one_attr_empty_list(void **state)
+{
+ struct ldbtest_ctx *ctx = *state;
+ int ret;
+
+ struct ldb_message *filtered_msg = ldb_msg_new(ctx);
+
+ const char *attrs[] = {NULL};
+
+ char value[] = "The value.......end";
+ struct ldb_val value_1 = {
+ .data = (uint8_t *)value,
+ .length = strlen(value)
+ };
+ struct ldb_message_element element_1 = {
+ .name = "foo",
+ .num_values = 1,
+ .values = &value_1
+ };
+ struct ldb_message in = {
+ .dn = ldb_dn_new(ctx, ctx->ldb, "dc=samba,dc=org"),
+ .num_elements = 1,
+ .elements = &element_1,
+ };
+
+ assert_non_null(in.dn);
+
+ ret = ldb_filter_attrs_in_place(ctx->ldb,
+ &in,
+ attrs,
+ filtered_msg);
+ assert_int_equal(ret, LDB_SUCCESS);
+ assert_non_null(filtered_msg);
+ assert_int_equal(filtered_msg->num_elements, 0);
+ assert_null(filtered_msg->dn);
+ assert_null(filtered_msg->elements);
+}
+
+int main(int argc, const char **argv)
+{
+ const struct CMUnitTest tests[] = {
+ cmocka_unit_test_setup_teardown(
+ test_filter_attrs_one_attr_matched,
+ setup,
+ teardown),
+ cmocka_unit_test_setup_teardown(
+ test_filter_attrs_one_attr_matched_of_many,
+ setup,
+ teardown),
+ cmocka_unit_test_setup_teardown(
+ test_filter_attrs_two_attr_matched_attrs,
+ setup,
+ teardown),
+ cmocka_unit_test_setup_teardown(
+ test_filter_attrs_two_attr_matched_one_attr,
+ setup,
+ teardown),
+ cmocka_unit_test_setup_teardown(
+ test_filter_attrs_two_dup_attr_matched_one_attr,
+ setup,
+ teardown),
+ cmocka_unit_test_setup_teardown(
+ test_filter_attrs_two_dup_attr_matched_dup,
+ setup,
+ teardown),
+ cmocka_unit_test_setup_teardown(
+ test_filter_attrs_two_dup_attr_matched_one_of_two,
+ setup,
+ teardown),
+ cmocka_unit_test_setup_teardown(
+ test_filter_attrs_two_dup_attr_matched_star,
+ setup,
+ teardown),
+ cmocka_unit_test_setup_teardown(
+ test_filter_attrs_one_attr_matched_star,
+ setup,
+ teardown),
+ cmocka_unit_test_setup_teardown(
+ test_filter_attrs_two_attr_matched_star,
+ setup,
+ teardown),
+ cmocka_unit_test_setup_teardown(
+ test_filter_attrs_one_attr_matched_star_no_dn,
+ setup,
+ teardown),
+ cmocka_unit_test_setup_teardown(
+ test_filter_attrs_one_attr_matched_star_dn,
+ setup,
+ teardown),
+ cmocka_unit_test_setup_teardown(
+ test_filter_attrs_one_attr_matched_dn,
+ setup,
+ teardown),
+ cmocka_unit_test_setup_teardown(
+ test_filter_attrs_one_attr_empty_list,
+ setup,
+ teardown),
+ };
+
+ return cmocka_run_group_tests(tests, NULL, NULL);
+}
diff --git a/lib/ldb/wscript b/lib/ldb/wscript
index c862229822d..7e02309c1d5 100644
--- a/lib/ldb/wscript
+++ b/lib/ldb/wscript
@@ -518,6 +518,11 @@ def build(bld):
deps='cmocka ldb ldb_tdb_err_map',
install=False)
+ bld.SAMBA_BINARY('ldb_filter_attrs_in_place_test',
+ source='tests/ldb_filter_attrs_in_place_test.c',
+ deps='cmocka ldb ldb_tdb_err_map',
+ install=False)
+
bld.SAMBA_BINARY('ldb_key_value_sub_txn_tdb_test',
bld.SUBDIR('ldb_key_value',
'''ldb_kv_search.c
@@ -638,6 +643,7 @@ def test(ctx):
# 'ldb_key_value_sub_txn_tdb_test'
'ldb_parse_test',
'ldb_filter_attrs_test',
+ 'ldb_filter_attrs_in_place_test',
]
# if LIB_LDAP and LIB_LBER defined, then we can test ldb_ldap backend
--
2.25.1
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手