summaryrefslogtreecommitdiff
path: root/libcli/ldap
Commit message (Collapse)AuthorAgeFilesLines
* libcli ldap tests: remove use of zero length arrayGary Lockyer2020-06-231-1/+1
| | | | | | | | | | | | | | libcli/ldap/tests/ldap_message_test.c defines a zero length array (uint8_t buf[0]), which is a GCC extension and breaks the build with some strict compilers like xlc. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14387 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Jun 23 02:15:35 UTC 2020 on sn-devel-184
* CVE-2020-10704 libcli ldap: Check search request lengths.Gary Lockyer2020-05-041-0/+4
| | | | | | | | | | | | | | | | Check the search request lengths against the limits passed to ldap_decode. Credit to OSS-Fuzz REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Gary Lockyer <gary@samba.org> Autobuild-Date(master): Mon May 4 04:40:10 UTC 2020 on sn-devel-184
* CVE-2020-10704: libcli ldap_message: Add search size limits to ldap_decodeGary Lockyer2020-05-043-4/+26
| | | | | | | | | | | | | | | | Add search request size limits to ldap_decode calls. The ldap server uses the smb.conf variable "ldap max search request size" which defaults to 250Kb. For cldap the limit is hard coded as 4096. Credit to OSS-Fuzz REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2020-10704: libcli ldap: test recursion depth in ldap_decode_filter_treeGary Lockyer2020-05-044-0/+286
| | | | | | | | | | | | | | Add tests to check that ASN.1 ldap requests with deeply nested elements are rejected. Previously there was no check on the on the depth of nesting and excessive nesting could cause a stack overflow. Credit to OSS-Fuzz REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2020-10704: lib util asn1: Add ASN.1 max tree depthGary Lockyer2020-05-041-1/+1
| | | | | | | | | | | | | Add maximum parse tree depth to the call to asn1_init, which will be used to limit the depth of the ASN.1 parse tree. Credit to OSS-Fuzz REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* typo: mplementation => implementationGarming Sam2016-05-063-3/+3
| | | | | Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* ASN1: use a talloc context in read_contextSimpleDouglas Bagnall2016-03-091-5/+5
| | | | | | | Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* ldap: Correctly check asn1_tag_remaining retvalVolker Lendecke2016-02-031-1/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* Rename 'errors' to 'samba-errors' and make it public.Jelmer Vernooij2016-01-131-1/+1
| | | | | | | | | | | This is necessary because it has public headers. Signed-off-by: Jelmer Vernooij <jelmer@jelmer.uk> Reviewed-By: Andrew Bartlett <abartlet@samba.org> Reviewed-By: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org> Autobuild-Date(master): Wed Jan 13 07:47:04 CET 2016 on sn-devel-144
* libcli: Make headers for private libraries private.Jelmer Vernooij2016-01-131-3/+2
| | | | | | Signed-off-by: Jelmer Vernooij <jelmer@jelmer.uk> Reviewed-By: Andrew Bartlett <abartlet@samba.org> Reviewed-By: Stefan Metzmacher <metze@samba.org>
* lib: Use asn1_has_nestingVolker Lendecke2016-01-061-1/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib: Use asn1_extract_blob()Volker Lendecke2016-01-061-1/+4
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib: Use asn1_has_error()Volker Lendecke2016-01-061-7/+11
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* asn1: Make asn1_peek_full_tag return 0/errnoVolker Lendecke2016-01-061-1/+8
| | | | | | | | We don't need the full power of NTSTATUS here. This was the only NTSTATUS in asn1.h, so I think it's worth removing it. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libdap: Fix a '\0' vs NULL mixupVolker Lendecke2015-10-141-1/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib: ldap: Properly check talloc error returns.Jeremy Allison2015-06-161-1/+10
| | | | | | | | Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Jun 16 04:16:13 CEST 2015 on sn-devel-104
* samba: pass down size_t instead of int to add_string_to_array().Günther Deschner2014-11-171-1/+1
| | | | | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Mon Nov 17 19:53:22 CET 2014 on sn-devel-104
* s4: libcli: ldap message - Ensure all asn1_XX returns are checked.Jeremy Allison2014-09-262-391/+397
| | | | | | | | Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ronnie Sahlberg <ronniesahlberg@gmail.com> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Sep 26 03:15:00 CEST 2014 on sn-devel-104
* libcli/ldap: Cope with substring match with no chunks in ldap_push_filterAndrew Bartlett2013-06-241-18/+21
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli: make it easier to understand that a control was not correctly encodedMatthieu Patou2012-05-191-1/+1
|
* ldb: use ldb directly rather than via a copyAndrew Bartlett2011-10-072-8/+0
| | | | | | | | | | | | | | | | | | This avoids needing to manually sync the two files, which due to the top level build must be API compatible at all times anyway. The most important recent change was: commit e3b76bd6205acfc1a89fbcab5d9588b32cb47b88 Author: Andrew Tridgell <tridge@samba.org> Date: Thu Jul 28 15:51:31 2011 +1000 ldb: fixed a search expression parse bug However, as we always control the search expression in the callers to this code, no backport to other releases is required. Andrew Bartlett
* libcli/ldap/ldap_ndr.h: fix licence/copyrightGünther Deschner2011-06-101-0/+22
| | | | Guenther
* libcli/ldap Re-add ldap_ndr.h as a public headerAndrew Bartlett2011-04-141-1/+1
| | | | | | as noticed by Brad Hards Andrew Bartlett
* libcli/ldap pull LIBCLI_LDAP_MESSAGE and LIBCLI_LDAP_NDR into a libraryAndrew Bartlett2011-04-131-14/+6
| | | | | | This reduces symbol duplication Andrew Bartlett
* lib: make asn1_util a private libraryAndrew Tridgell2011-04-061-1/+1
| | | | | | | this prevents symbol duplication of the asn1 symbols in the service and ntvfs subsystems Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* ldapcli: allocate control value on the control object not on the control ↵Matthieu Patou2011-03-201-2/+2
| | | | container
* ldb: use #include <ldb.h> for ldbAndrew Tridgell2011-02-102-2/+2
| | | | | | | | thi ensures we are using the header corresponding to the version of ldb we're linking against. Otherwise we could use the system ldb for link and the in-tree one for include Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* libcli/ldap: use lib/ldb_compat.h for the s3 buildStefan Metzmacher2011-01-241-0/+4
| | | | | | | metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Mon Jan 24 14:55:50 CET 2011 on sn-devel-104
* s4: Remove the old perl/m4/make/mk-based build system.Jelmer Vernooij2010-10-311-15/+0
| | | | | | | | The new waf-based build system now has all the same functionality, and the old build system has been broken for quite some time. Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sun Oct 31 02:01:44 UTC 2010 on sn-devel-104
* waf: Remove lib prefix from libraries manually.Jelmer Vernooij2010-10-261-2/+2
|
* s4: Drop duplicate 'lib' prefix for private libraries.Jelmer Vernooij2010-10-261-2/+2
|
* s4: Rename LIBSAMBA-* to libsamba-*Jelmer Vernooij2010-10-241-4/+4
|
* s4-waf: removed dependencies on missing subsystemsAndrew Tridgell2010-10-211-1/+1
| | | | these were left over from the old config.mk system
* libcli/ldap Don't try and encode a control with a NULL OIDAndrew Bartlett2010-10-201-0/+6
| | | | | | | | | | ctrl->oid is set to NULL by the Samba4 rootDSE module when removing controls that should not be exposed over LDAP (to avoid a realloc). Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Wed Oct 20 04:13:44 UTC 2010 on sn-devel-104
* libcli/ldap: ldap_full_packet() requires at least 6 bytesStefan Metzmacher2010-10-041-0/+7
| | | | metze
* libcli/ldap: correctly marshall LDAP Unbind PDUsStefan Metzmacher2010-09-271-0/+2
| | | | metze
* libcli/ldap: let ldap_full_packet() use asn1_peek_tag_needed_size()Stefan Metzmacher2010-09-261-1/+1
| | | | | | | This allows us to read a full packet without read byte after byte or possible read to much. metze
* libcli/ldap Add const to ldap_encode_ndr_dom_sid()Andrew Bartlett2010-09-202-2/+2
| | | | Signed-off-by: Günther Deschner <gd@samba.org>
* Finish removal of iconv_convenience in public API's.Jelmer Vernooij2010-05-181-2/+2
|
* Remove the copy of ldb from Samba 3.Jelmer Vernooij2010-05-061-0/+4
| | | | | There were two utility functions that other parts of Samba 3 still relied on; they have been moved to lib/ldb_compat.[ch].
* s4-waf: fixed some deps now we don't auto-include tevent and replaceAndrew Tridgell2010-04-061-1/+1
| | | | | this is preparation for being able to use system versions of these libraries
* s4-waf: mark the wscript files as python so vim/emacs knows how to highlight ↵Andrew Tridgell2010-04-061-0/+2
| | | | them
* s4-waf: install the rest of the headersAndrew Tridgell2010-04-061-4/+0
|
* build: commit all the waf build files in the treeAndrew Tridgell2010-04-061-0/+19
|
* ldap: give a debug error when we don't know a controlAndrew Tridgell2009-12-161-0/+2
| | | | | | | This interface should really have a proper error interface, but at least a DEBUG() gives the user a chance of finding the error Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* libcli: use GUID_to_ndr_blob()Andrew Tridgell2009-12-101-4/+3
|
* Fix a couple of warningsVolker Lendecke2009-04-231-2/+2
|
* libcli/ldap: move generic ldap control encoding code to ldap_message.cStefan Metzmacher2009-02-242-6/+156
| | | | | | | As they can we static there, we pass the specific handlers as parameter where we need to support controls. metze
* libcli/ldap: move ldap_ndr from source4/ to toplevelStefan Metzmacher2009-02-243-1/+117
| | | | metze
* libcli/ldap: fix compiler warningsStefan Metzmacher2009-02-242-6/+11
| | | | metze
View Lorry Controller Status