samba.git/source4/libcli/ldap, branch talloc-2.3.4 Unnamed repository; edit this file 'description' to name the repository. dsdb: Return dsdb_password_change control name to DSDB_CONTROL_PASSWORD_CHANGE_OLD_PW_CHECKED_OID 2022-03-17T01:57:38+00:00 Andrew Bartlett abartlet@samba.org 2022-02-09T03:53:08+00:00 0a907c2f45c34efcac784738c9d75303b9d04d2f This makes it clearer that the purpose of this control is to indicate that the password was already checked (by an out-of-band mechanism, eg kpasswd) and so can safely be changed subject to ACLs etc. This essentially reverts bbb9dc806e4399c65dee9b5dc2cde0bfaa9609bd Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> 
This makes it clearer that the purpose of this control is to indicate that the password
was already checked (by an out-of-band mechanism, eg kpasswd) and so can safely be changed
subject to ACLs etc.

This essentially reverts bbb9dc806e4399c65dee9b5dc2cde0bfaa9609bd

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
auth:creds: Add obtained arg to cli_credentials_set_gensec_features() 2021-04-28T03:43:34+00:00 Andreas Schneider asn@samba.org 2020-08-20T08:50:30+00:00 2fbc63cacc81ab9e1dfdbe6d979c248c3bdea686 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
ldap_client: Make ldap_parse_basic_url() IPv6-address aware 2020-07-02T12:01:06+00:00 Volker Lendecke vl@samba.org 2020-07-01T14:10:17+00:00 7082902d56ab1aa824e6b86bceaa7e1a14b6ef29 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Thu Jul 2 12:01:06 UTC 2020 on sn-devel-184 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Jul  2 12:01:06 UTC 2020 on sn-devel-184
ldap_client: Align integer types 2020-07-02T10:38:34+00:00 Volker Lendecke vl@samba.org 2020-06-26T06:31:30+00:00 61bc99362a385fc8b59197c416f480a1054054b6 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
ldap_client: Make ldap_parse_basic_url take care of ldapi as well 2020-07-02T10:38:34+00:00 Volker Lendecke vl@samba.org 2020-06-25T19:20:04+00:00 011a2a82953fa910e1e7dee9862fbb5deaae8651 SUSV4's sscanf has the %m modifier, which allocates the right amount. Remove those SMB_ASSERTS for string buffers. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> 
SUSV4's sscanf has the %m modifier, which allocates the right
amount. Remove those SMB_ASSERTS for string buffers.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
CVE-2020-10704: libcli ldap_message: Add search size limits to ldap_decode 2020-05-04T02:59:32+00:00 Gary Lockyer gary@catalyst.net.nz 2020-04-07T20:49:23+00:00 3149ea0a8aada3b03d1ca0af2e3a0f6304cda43b Add search request size limits to ldap_decode calls. The ldap server uses the smb.conf variable "ldap max search request size" which defaults to 250Kb. For cldap the limit is hard coded as 4096. Credit to OSS-Fuzz REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Add search request size limits to ldap_decode calls.

The ldap server uses the smb.conf variable
"ldap max search request size" which defaults to 250Kb.
For cldap the limit is hard coded as 4096.

Credit to OSS-Fuzz

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
CVE-2020-10704: lib util asn1: Add ASN.1 max tree depth 2020-05-04T02:59:31+00:00 Gary Lockyer gary@catalyst.net.nz 2020-04-02T23:18:03+00:00 f467727db5ff6a6e58d9b590e4d443a1d974b679 Add maximum parse tree depth to the call to asn1_init, which will be used to limit the depth of the ASN.1 parse tree. Credit to OSS-Fuzz REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Add maximum parse tree depth to the call to asn1_init, which will be
used to limit the depth of the ASN.1 parse tree.

Credit to OSS-Fuzz

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
s4/libcli/ldab: clang: Fix 'Access results in a deref of a null pointer' 2019-07-16T22:52:24+00:00 Noel Power noel.power@suse.com 2019-07-10T15:13:38+00:00 8aed7e9aae13b3fc64a2af1fbdf835f12038ac9b Fixes: source4/libcli/ldap/ldap_client.c:1023:6: warning: Access to field 'type' results in a dereference of a null pointer <--[clang] if ((*msg)->type != type) { ^~~~~~~~~~~~ Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> 
Fixes:

source4/libcli/ldap/ldap_client.c:1023:6: warning: Access to field 'type' results in a dereference of a null pointer <--[clang]
        if ((*msg)->type != type) {
            ^~~~~~~~~~~~

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
libcli/ldap: Remove unsued ldap_transaction() 2019-05-22T05:59:14+00:00 Andrew Bartlett abartlet@samba.org 2019-05-21T03:42:39+00:00 5b957f816c8647c6423926ee47243ff0bb1e09e5 This is unsued since a87dea2a0894015cf4a3140995791f5468c40038 in 2007 when we moved to using LDB for LDAP in this area of the code. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> 
This is unsued since a87dea2a0894015cf4a3140995791f5468c40038 in 2007
when we moved to using LDB for LDAP in this area of the code.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
samdb: Add transaction id control 2018-05-10T18:02:23+00:00 Gary Lockyer gary@catalyst.net.nz 2018-04-15T19:59:43+00:00 01fab30a9779c7f2bfd3016c9c482d956cde5198 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>