1 /*
2 ldb database library
3
4 Copyright (C) Andrew Tridgell 2004
5
6 ** NOTE! The following LGPL license applies to the ldb
7 ** library. This does NOT imply that all of Samba is released
8 ** under the LGPL
9
10 This library is free software; you can redistribute it and/or
11 modify it under the terms of the GNU Lesser General Public
12 License as published by the Free Software Foundation; either
13 version 3 of the License, or (at your option) any later version.
14
15 This library is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 Lesser General Public License for more details.
19
20 You should have received a copy of the GNU Lesser General Public
21 License along with this library; if not, see <http://www.gnu.org/licenses/>.
22 */
23
24 /*
25 * Name: ldb
26 *
27 * Component: ldb pack/unpack
28 *
29 * Description: pack/unpack routines for ldb messages as key/value blobs
30 *
31 * Author: Andrew Tridgell
32 */
33
34 #include "ldb_private.h"
35
36 /*
37 * These macros are from byte_array.h via libssh
38 * TODO: This will be replaced with use of the byte_array.h header when it
39 * becomes available.
40 *
41 * Macros for handling integer types in byte arrays
42 *
43 * This file is originally from the libssh.org project
44 *
45 * Copyright (c) 2018 Andreas Schneider <asn@cryptomilk.org>
46 *
47 * This library is free software; you can redistribute it and/or
48 * modify it under the terms of the GNU Lesser General Public
49 * License as published by the Free Software Foundation; either
50 * version 2.1 of the License, or (at your option) any later version.
51 *
52 * This library is distributed in the hope that it will be useful,
53 * but WITHOUT ANY WARRANTY; without even the implied warranty of
54 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
55 * Lesser General Public License for more details.
56 *
57 * You should have received a copy of the GNU Lesser General Public
58 * License along with this library; if not, write to the Free Software
59 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
60 */
61 #define _DATA_BYTE_CONST(data, pos) \
62 ((uint8_t)(((const uint8_t *)(data))[(pos)]))
63 #define PULL_LE_U8(data, pos) \
64 (_DATA_BYTE_CONST(data, pos))
65 #define PULL_LE_U16(data, pos) \
66 ((uint16_t)PULL_LE_U8(data, pos) |\
67 ((uint16_t)(PULL_LE_U8(data, (pos) + 1))) << 8)
68 #define PULL_LE_U32(data, pos) \
69 ((uint32_t)(PULL_LE_U16(data, pos) |\
70 ((uint32_t)PULL_LE_U16(data, (pos) + 2)) << 16))
71
72 #define _DATA_BYTE(data, pos) \
73 (((uint8_t *)(data))[(pos)])
74 #define PUSH_LE_U8(data, pos, val) \
75 (_DATA_BYTE(data, pos) = ((uint8_t)(val)))
76 #define PUSH_LE_U16(data, pos, val) \
77 (PUSH_LE_U8((data), (pos), (uint8_t)((uint16_t)(val) & 0xff)),\
78 PUSH_LE_U8((data), (pos) + 1,\
79 (uint8_t)((uint16_t)(val) >> 8)))
80 #define PUSH_LE_U32(data, pos, val) \
81 (PUSH_LE_U16((data), (pos), (uint16_t)((uint32_t)(val) & 0xffff)),\
82 PUSH_LE_U16((data), (pos) + 2, (uint16_t)((uint32_t)(val) >> 16)))
83
84 #define U32_LEN 4
85 #define U16_LEN 2
86 #define U8_LEN 1
87 #define NULL_PAD_BYTE_LEN 1
88
attribute_storable_values(const struct ldb_message_element * el)89 static int attribute_storable_values(const struct ldb_message_element *el)
90 {
91 if (el->num_values == 0) return 0;
92
93 if (ldb_attr_cmp(el->name, "distinguishedName") == 0) return 0;
94
95 return el->num_values;
96 }
97
ldb_pack_data_v1(struct ldb_context * ldb,const struct ldb_message * message,struct ldb_val * data)98 static int ldb_pack_data_v1(struct ldb_context *ldb,
99 const struct ldb_message *message,
100 struct ldb_val *data)
101 {
102 unsigned int i, j, real_elements=0;
103 size_t size, dn_len, attr_len, value_len;
104 const char *dn;
105 uint8_t *p;
106 size_t len;
107
108 dn = ldb_dn_get_linearized(message->dn);
109 if (dn == NULL) {
110 errno = ENOMEM;
111 return -1;
112 }
113
114 /* work out how big it needs to be */
115 size = U32_LEN * 2 + NULL_PAD_BYTE_LEN;
116
117 dn_len = strlen(dn);
118 if (size + dn_len < size) {
119 errno = ENOMEM;
120 return -1;
121 }
122 size += dn_len;
123
124 /*
125 * First calcuate the buffer size we need, and check for
126 * overflows
127 */
128 for (i=0;i<message->num_elements;i++) {
129 if (attribute_storable_values(&message->elements[i]) == 0) {
130 continue;
131 }
132
133 real_elements++;
134
135 if (size + U32_LEN + NULL_PAD_BYTE_LEN < size) {
136 errno = ENOMEM;
137 return -1;
138 }
139 size += U32_LEN + NULL_PAD_BYTE_LEN;
140
141 attr_len = strlen(message->elements[i].name);
142 if (size + attr_len < size) {
143 errno = ENOMEM;
144 return -1;
145 }
146 size += attr_len;
147
148 for (j=0;j<message->elements[i].num_values;j++) {
149 if (size + U32_LEN + NULL_PAD_BYTE_LEN < size) {
150 errno = ENOMEM;
151 return -1;
152 }
153 size += U32_LEN + NULL_PAD_BYTE_LEN;
154
155 value_len = message->elements[i].values[j].length;
156 if (size + value_len < size) {
157 errno = ENOMEM;
158 return -1;
159 }
160 size += value_len;
161 }
162 }
163
164 /* allocate it */
165 data->data = talloc_array(ldb, uint8_t, size);
166 if (!data->data) {
167 errno = ENOMEM;
168 return -1;
169 }
170 data->length = size;
171
172 p = data->data;
173 PUSH_LE_U32(p, 0, LDB_PACKING_FORMAT);
174 p += U32_LEN;
175 PUSH_LE_U32(p, 0, real_elements);
176 p += U32_LEN;
177
178 /* the dn needs to be packed so we can be case preserving
179 while hashing on a case folded dn */
180 len = dn_len;
181 memcpy(p, dn, len+NULL_PAD_BYTE_LEN);
182 p += len + NULL_PAD_BYTE_LEN;
183
184 for (i=0;i<message->num_elements;i++) {
185 if (attribute_storable_values(&message->elements[i]) == 0) {
186 continue;
187 }
188 len = strlen(message->elements[i].name);
189 memcpy(p, message->elements[i].name, len+NULL_PAD_BYTE_LEN);
190 p += len + NULL_PAD_BYTE_LEN;
191 PUSH_LE_U32(p, 0, message->elements[i].num_values);
192 p += U32_LEN;
193 for (j=0;j<message->elements[i].num_values;j++) {
194 PUSH_LE_U32(p, 0,
195 message->elements[i].values[j].length);
196 p += U32_LEN;
197 memcpy(p, message->elements[i].values[j].data,
198 message->elements[i].values[j].length);
199 p[message->elements[i].values[j].length] = 0;
200 p += message->elements[i].values[j].length +
201 NULL_PAD_BYTE_LEN;
202 }
203 }
204
205 return 0;
206 }
207
208 /*
209 * New pack version designed based on performance profiling of version 1.
210 * The approach is to separate value data from the rest of the record's data.
211 * This improves performance because value data is not needed during unpacking
212 * or filtering of the message's attribute list. During filtering we only copy
213 * attributes which are present in the attribute list, however at the parse
214 * stage we need to point to all attributes as they may be referenced in the
215 * search expression.
216 * With this new format, we don't lose time loading data (eg via
217 * talloc_memdup()) that is never needed (for the vast majority of attributes
218 * are are never found in either the search expression or attribute list).
219 * Additional changes include adding a canonicalized DN (for later
220 * optimizations) and variable width length fields for faster unpacking.
221 * The pack and unpack performance improvement is tested in the torture
222 * test torture_ldb_pack_format_perf.
223 *
224 * Layout:
225 *
226 * Version (4 bytes)
227 * Number of Elements (4 bytes)
228 * DN length (4 bytes)
229 * DN with null terminator (DN length + 1 bytes)
230 * Canonicalized DN length (4 bytes)
231 * Canonicalized DN with null terminator (Canonicalized DN length + 1 bytes)
232 * Number of bytes from here to value data section (4 bytes)
233 * # For each element:
234 * Element name length (4 bytes)
235 * Element name with null terminator (Element name length + 1 bytes)
236 * Number of values (4 bytes)
237 * Width of value lengths
238 * # For each value:
239 * Value data length (#bytes given by width field above)
240 * # For each element:
241 * # For each value:
242 * Value data (#bytes given by corresponding length above)
243 */
ldb_pack_data_v2(struct ldb_context * ldb,const struct ldb_message * message,struct ldb_val * data)244 static int ldb_pack_data_v2(struct ldb_context *ldb,
245 const struct ldb_message *message,
246 struct ldb_val *data)
247 {
248 unsigned int i, j, real_elements=0;
249 size_t size, dn_len, dn_canon_len, attr_len, value_len;
250 const char *dn, *dn_canon;
251 uint8_t *p, *q;
252 size_t len;
253 size_t max_val_len;
254 uint8_t val_len_width;
255
256 /*
257 * First half of this function will calculate required size for
258 * packed data. Initial size is 20 = 5 * 4. 5 fixed fields are:
259 * version, num elements, dn len, canon dn len, attr section len
260 */
261 size = U32_LEN * 5;
262
263 /*
264 * Get linearized and canonicalized form of the DN and add the lengths
265 * of each to size, plus 1 for null terminator.
266 */
267 dn = ldb_dn_get_linearized(message->dn);
268 if (dn == NULL) {
269 errno = ENOMEM;
270 return -1;
271 }
272
273 dn_len = strlen(dn) + NULL_PAD_BYTE_LEN;
274 if (size + dn_len < size) {
275 errno = ENOMEM;
276 return -1;
277 }
278 size += dn_len;
279
280 if (ldb_dn_is_special(message->dn)) {
281 dn_canon_len = NULL_PAD_BYTE_LEN;
282 dn_canon = discard_const_p(char, "\0");
283 } else {
284 dn_canon = ldb_dn_canonical_string(message->dn, message->dn);
285 if (dn_canon == NULL) {
286 errno = ENOMEM;
287 return -1;
288 }
289
290 dn_canon_len = strlen(dn_canon) + NULL_PAD_BYTE_LEN;
291 if (size + dn_canon_len < size) {
292 errno = ENOMEM;
293 return -1;
294 }
295 }
296 size += dn_canon_len;
297
298 /* Add the size required by each element */
299 for (i=0;i<message->num_elements;i++) {
300 if (attribute_storable_values(&message->elements[i]) == 0) {
301 continue;
302 }
303
304 real_elements++;
305
306 /*
307 * Add length of element name + 9 for:
308 * 1 for null terminator
309 * 4 for element name length field
310 * 4 for number of values field
311 */
312 attr_len = strlen(message->elements[i].name);
313 if (size + attr_len + U32_LEN * 2 + NULL_PAD_BYTE_LEN < size) {
314 errno = ENOMEM;
315 return -1;
316 }
317 size += attr_len + U32_LEN * 2 + NULL_PAD_BYTE_LEN;
318
319 /*
320 * Find the max value length, so we can calculate the width
321 * required for the value length fields.
322 */
323 max_val_len = 0;
324 for (j=0;j<message->elements[i].num_values;j++) {
325 value_len = message->elements[i].values[j].length;
326 if (value_len > max_val_len) {
327 max_val_len = value_len;
328 }
329
330 if (size + value_len + NULL_PAD_BYTE_LEN < size) {
331 errno = ENOMEM;
332 return -1;
333 }
334 size += value_len + NULL_PAD_BYTE_LEN;
335 }
336
337 if (max_val_len <= UCHAR_MAX) {
338 val_len_width = U8_LEN;
339 } else if (max_val_len <= USHRT_MAX) {
340 val_len_width = U16_LEN;
341 } else if (max_val_len <= UINT_MAX) {
342 val_len_width = U32_LEN;
343 } else {
344 errno = EMSGSIZE;
345 return -1;
346 }
347
348 /* Total size required for val lengths (re-using variable) */
349 max_val_len = (val_len_width*message->elements[i].num_values);
350
351 /* Add one for storing the width */
352 max_val_len += U8_LEN;
353 if (size + max_val_len < size) {
354 errno = ENOMEM;
355 return -1;
356 }
357 size += max_val_len;
358 }
359
360 /* Allocate */
361 data->data = talloc_array(ldb, uint8_t, size);
362 if (!data->data) {
363 errno = ENOMEM;
364 return -1;
365 }
366 data->length = size;
367
368 /* Packing format version and number of element */
369 p = data->data;
370 PUSH_LE_U32(p, 0, LDB_PACKING_FORMAT_V2);
371 p += U32_LEN;
372 PUSH_LE_U32(p, 0, real_elements);
373 p += U32_LEN;
374
375 /* Pack DN and Canonicalized DN */
376 PUSH_LE_U32(p, 0, dn_len-NULL_PAD_BYTE_LEN);
377 p += U32_LEN;
378 memcpy(p, dn, dn_len);
379 p += dn_len;
380
381 PUSH_LE_U32(p, 0, dn_canon_len-NULL_PAD_BYTE_LEN);
382 p += U32_LEN;
383 memcpy(p, dn_canon, dn_canon_len);
384 p += dn_canon_len;
385
386 /*
387 * Save pointer at this point and leave a U32_LEN gap for
388 * storing the size of the attribute names and value lengths
389 * section
390 */
391 q = p;
392 p += U32_LEN;
393
394 for (i=0;i<message->num_elements;i++) {
395 if (attribute_storable_values(&message->elements[i]) == 0) {
396 continue;
397 }
398
399 /* Length of el name */
400 len = strlen(message->elements[i].name);
401 PUSH_LE_U32(p, 0, len);
402 p += U32_LEN;
403
404 /*
405 * Even though we have the element name's length, put a null
406 * terminator at the end so if any code uses the name
407 * directly, it'll be safe to do things requiring null
408 * termination like strlen
409 */
410 memcpy(p, message->elements[i].name, len+NULL_PAD_BYTE_LEN);
411 p += len + NULL_PAD_BYTE_LEN;
412 /* Num values */
413 PUSH_LE_U32(p, 0, message->elements[i].num_values);
414 p += U32_LEN;
415
416 /*
417 * Calculate value length width again. It's faster to
418 * calculate it again than do the array management to
419 * store the result during size calculation.
420 */
421 max_val_len = 0;
422 for (j=0;j<message->elements[i].num_values;j++) {
423 value_len = message->elements[i].values[j].length;
424 if (value_len > max_val_len) {
425 max_val_len = value_len;
426 }
427 }
428
429 if (max_val_len <= UCHAR_MAX) {
430 val_len_width = U8_LEN;
431 } else if (max_val_len <= USHRT_MAX) {
432 val_len_width = U16_LEN;
433 } else if (max_val_len <= UINT_MAX) {
434 val_len_width = U32_LEN;
435 } else {
436 errno = EMSGSIZE;
437 return -1;
438 }
439
440 /* Pack the width */
441 *p = val_len_width & 0xFF;
442 p += U8_LEN;
443
444 /*
445 * Pack each value's length using the minimum number of bytes
446 * required, which we just calculated. We repeat the loop
447 * for each case here so the compiler can inline code.
448 */
449 if (val_len_width == U8_LEN) {
450 for (j=0;j<message->elements[i].num_values;j++) {
451 PUSH_LE_U8(p, 0,
452 message->elements[i].values[j].length);
453 p += U8_LEN;
454 }
455 } else if (val_len_width == U16_LEN) {
456 for (j=0;j<message->elements[i].num_values;j++) {
457 PUSH_LE_U16(p, 0,
458 message->elements[i].values[j].length);
459 p += U16_LEN;
460 }
461 } else if (val_len_width == U32_LEN) {
462 for (j=0;j<message->elements[i].num_values;j++) {
463 PUSH_LE_U32(p, 0,
464 message->elements[i].values[j].length);
465 p += U32_LEN;
466 }
467 }
468 }
469
470 /*
471 * We've finished packing the attr names and value lengths
472 * section, so store the size in the U32_LEN gap we left
473 * earlier
474 */
475 PUSH_LE_U32(q, 0, p-q);
476
477 /* Now pack the values */
478 for (i=0;i<message->num_elements;i++) {
479 if (attribute_storable_values(&message->elements[i]) == 0) {
480 continue;
481 }
482 for (j=0;j<message->elements[i].num_values;j++) {
483 memcpy(p, message->elements[i].values[j].data,
484 message->elements[i].values[j].length);
485
486 /*
487 * Even though we have the data length, put a null
488 * terminator at the end of each value's data so if
489 * any code uses the data directly, it'll be safe to
490 * do things requiring null termination like strlen.
491 */
492 p[message->elements[i].values[j].length] = 0;
493 p += message->elements[i].values[j].length +
494 NULL_PAD_BYTE_LEN;
495 }
496 }
497
498 /*
499 * If we didn't end up at the end of the data here, something has
500 * gone very wrong.
501 */
502 if (p != data->data + size) {
503 errno = ENOMEM;
504 return -1;
505 }
506
507 return 0;
508 }
509
510 /*
511 pack a ldb message into a linear buffer in a ldb_val
512
513 note that this routine avoids saving elements with zero values,
514 as these are equivalent to having no element
515
516 caller frees the data buffer after use
517 */
ldb_pack_data(struct ldb_context * ldb,const struct ldb_message * message,struct ldb_val * data,uint32_t pack_format_version)518 int ldb_pack_data(struct ldb_context *ldb,
519 const struct ldb_message *message,
520 struct ldb_val *data,
521 uint32_t pack_format_version) {
522
523 if (pack_format_version == LDB_PACKING_FORMAT) {
524 return ldb_pack_data_v1(ldb, message, data);
525 } else if (pack_format_version == LDB_PACKING_FORMAT_V2) {
526 return ldb_pack_data_v2(ldb, message, data);
527 } else {
528 errno = EINVAL;
529 return -1;
530 }
531 }
532
533 /*
534 * Unpack a ldb message from a linear buffer in ldb_val
535 */
ldb_unpack_data_flags_v1(struct ldb_context * ldb,const struct ldb_val * data,struct ldb_message * message,unsigned int flags,unsigned format)536 static int ldb_unpack_data_flags_v1(struct ldb_context *ldb,
537 const struct ldb_val *data,
538 struct ldb_message *message,
539 unsigned int flags,
540 unsigned format)
541 {
542 uint8_t *p;
543 size_t remaining;
544 size_t dn_len;
545 unsigned int i, j;
546 unsigned int nelem = 0;
547 size_t len;
548 struct ldb_val *ldb_val_single_array = NULL;
549
550 message->elements = NULL;
551
552 p = data->data;
553
554 /* Format (U32, already read) + U32 for num_elements */
555 if (data->length < U32_LEN * 2) {
556 errno = EIO;
557 goto failed;
558 }
559
560 /* Skip first 4 bytes, format already read */
561 p += U32_LEN;
562 message->num_elements = PULL_LE_U32(p, 0);
563 p += U32_LEN;
564
565 remaining = data->length - U32_LEN * 2;
566
567 switch (format) {
568 case LDB_PACKING_FORMAT_NODN:
569 message->dn = NULL;
570 break;
571
572 case LDB_PACKING_FORMAT:
573 /*
574 * With this check, we know that the DN at p is \0
575 * terminated.
576 */
577 dn_len = strnlen((char *)p, remaining);
578 if (dn_len == remaining) {
579 errno = EIO;
580 goto failed;
581 }
582 if (flags & LDB_UNPACK_DATA_FLAG_NO_DN) {
583 message->dn = NULL;
584 } else {
585 struct ldb_val blob;
586 blob.data = discard_const_p(uint8_t, p);
587 blob.length = dn_len;
588 message->dn = ldb_dn_from_ldb_val(message, ldb, &blob);
589 if (message->dn == NULL) {
590 errno = ENOMEM;
591 goto failed;
592 }
593 }
594 /*
595 * Redundant: by definition, remaining must be more
596 * than one less than dn_len, as otherwise it would be
597 * == dn_len
598 */
599 if (remaining < dn_len + NULL_PAD_BYTE_LEN) {
600 errno = EIO;
601 goto failed;
602 }
603 remaining -= dn_len + NULL_PAD_BYTE_LEN;
604 p += dn_len + NULL_PAD_BYTE_LEN;
605 break;
606
607 default:
608 errno = EIO;
609 goto failed;
610 }
611
612 if (flags & LDB_UNPACK_DATA_FLAG_NO_ATTRS) {
613 return 0;
614 }
615
616 if (message->num_elements == 0) {
617 return 0;
618 }
619
620 if (message->num_elements > remaining / 6) {
621 errno = EIO;
622 goto failed;
623 }
624
625 message->elements = talloc_zero_array(message, struct ldb_message_element,
626 message->num_elements);
627 if (!message->elements) {
628 errno = ENOMEM;
629 goto failed;
630 }
631
632 /*
633 * In typical use, most values are single-valued. This makes
634 * it quite expensive to allocate an array of ldb_val for each
635 * of these, just to then hold the pointer to the data buffer
636 * So with LDB_UNPACK_DATA_FLAG_NO_VALUES_ALLOC we allocate this
637 * ahead of time and use it for the single values where possible.
638 * (This is used the the normal search case, but not in the
639 * index case because of caller requirements).
640 */
641 if (flags & LDB_UNPACK_DATA_FLAG_NO_VALUES_ALLOC) {
642 ldb_val_single_array = talloc_array(message->elements, struct ldb_val,
643 message->num_elements);
644 if (ldb_val_single_array == NULL) {
645 errno = ENOMEM;
646 goto failed;
647 }
648 }
649
650 for (i=0;i<message->num_elements;i++) {
651 const char *attr = NULL;
652 size_t attr_len;
653 struct ldb_message_element *element = NULL;
654
655 /*
656 * Sanity check: Element must be at least the size of empty
657 * attr name and value and NULL terms for each.
658 */
659 if (remaining < U32_LEN * 2 + NULL_PAD_BYTE_LEN * 2) {
660 errno = EIO;
661 goto failed;
662 }
663
664 /*
665 * With this check, we know that the attribute name at
666 * p is \0 terminated.
667 */
668 attr_len = strnlen((char *)p, remaining-6);
669 if (attr_len == remaining-6) {
670 errno = EIO;
671 goto failed;
672 }
673 if (attr_len == 0) {
674 errno = EIO;
675 goto failed;
676 }
677 attr = (char *)p;
678
679 element = &message->elements[nelem];
680 element->name = attr;
681 element->flags = 0;
682
683 if (remaining < (attr_len + NULL_PAD_BYTE_LEN)) {
684 errno = EIO;
685 goto failed;
686 }
687 remaining -= attr_len + NULL_PAD_BYTE_LEN;
688 p += attr_len + NULL_PAD_BYTE_LEN;
689 element->num_values = PULL_LE_U32(p, 0);
690 element->values = NULL;
691 if ((flags & LDB_UNPACK_DATA_FLAG_NO_VALUES_ALLOC) && element->num_values == 1) {
692 element->values = &ldb_val_single_array[nelem];
693 } else if (element->num_values != 0) {
694 element->values = talloc_array(message->elements,
695 struct ldb_val,
696 element->num_values);
697 if (!element->values) {
698 errno = ENOMEM;
699 goto failed;
700 }
701 }
702 p += U32_LEN;
703 if (remaining < U32_LEN) {
704 errno = EIO;
705 goto failed;
706 }
707 remaining -= U32_LEN;
708 for (j = 0; j < element->num_values; j++) {
709 /*
710 * Sanity check: Value must be at least the size of
711 * empty val and NULL terminator.
712 */
713 if (remaining < U32_LEN + NULL_PAD_BYTE_LEN) {
714 errno = EIO;
715 goto failed;
716 }
717 remaining -= U32_LEN + NULL_PAD_BYTE_LEN;
718
719 len = PULL_LE_U32(p, 0);
720 if (remaining < len) {
721 errno = EIO;
722 goto failed;
723 }
724 if (len + NULL_PAD_BYTE_LEN < len) {
725 errno = EIO;
726 goto failed;
727 }
728
729 element->values[j].length = len;
730 element->values[j].data = p + U32_LEN;
731 remaining -= len;
732 p += len + U32_LEN + NULL_PAD_BYTE_LEN;
733 }
734 nelem++;
735 }
736 /*
737 * Adapt the number of elements to the real number of unpacked elements,
738 * it means that we overallocated elements array.
739 */
740 message->num_elements = nelem;
741
742 /*
743 * Shrink the allocated size. On current talloc behaviour
744 * this will help if we skipped 32 or more attributes.
745 */
746 message->elements = talloc_realloc(message, message->elements,
747 struct ldb_message_element,
748 message->num_elements);
749
750 if (remaining != 0) {
751 ldb_debug(ldb, LDB_DEBUG_ERROR,
752 "Error: %zu bytes unread in ldb_unpack_data_flags",
753 remaining);
754 }
755
756 return 0;
757
758 failed:
759 talloc_free(message->elements);
760 return -1;
761 }
762
763 /*
764 * Unpack a ldb message from a linear buffer in ldb_val
765 */
ldb_unpack_data_flags_v2(struct ldb_context * ldb,const struct ldb_val * data,struct ldb_message * message,unsigned int flags)766 static int ldb_unpack_data_flags_v2(struct ldb_context *ldb,
767 const struct ldb_val *data,
768 struct ldb_message *message,
769 unsigned int flags)
770 {
771 uint8_t *p, *q, *end_p, *value_section_p;
772 unsigned int i, j;
773 unsigned int nelem = 0;
774 size_t len;
775 struct ldb_val *ldb_val_single_array = NULL;
776 uint8_t val_len_width;
777
778 message->elements = NULL;
779
780 p = data->data;
781 end_p = p + data->length;
782
783 /* Skip first 4 bytes, format already read */
784 p += U32_LEN;
785
786 /* First fields are fixed: num_elements, DN length */
787 if (p + U32_LEN * 2 > end_p) {
788 errno = EIO;
789 goto failed;
790 }
791
792 message->num_elements = PULL_LE_U32(p, 0);
793 p += U32_LEN;
794
795 len = PULL_LE_U32(p, 0);
796 p += U32_LEN;
797
798 if (p + len + NULL_PAD_BYTE_LEN > end_p) {
799 errno = EIO;
800 goto failed;
801 }
802
803 if (flags & LDB_UNPACK_DATA_FLAG_NO_DN) {
804 message->dn = NULL;
805 } else {
806 struct ldb_val blob;
807 blob.data = discard_const_p(uint8_t, p);
808 blob.length = len;
809 message->dn = ldb_dn_from_ldb_val(message, ldb, &blob);
810 if (message->dn == NULL) {
811 errno = ENOMEM;
812 goto failed;
813 }
814 }
815
816 p += len + NULL_PAD_BYTE_LEN;
817
818 if (*(p-NULL_PAD_BYTE_LEN) != '\0') {
819 errno = EINVAL;
820 goto failed;
821 }
822
823 /* Now skip the canonicalized DN and its length */
824 len = PULL_LE_U32(p, 0) + NULL_PAD_BYTE_LEN;
825 p += U32_LEN;
826
827 if (p + len > end_p) {
828 errno = EIO;
829 goto failed;
830 }
831
832 p += len;
833
834 if (*(p-NULL_PAD_BYTE_LEN) != '\0') {
835 errno = EINVAL;
836 goto failed;
837 }
838
839 if (flags & LDB_UNPACK_DATA_FLAG_NO_ATTRS) {
840 return 0;
841 }
842
843 if (message->num_elements == 0) {
844 return 0;
845 }
846
847 /*
848 * Sanity check (17 bytes is the minimum element size)
849 */
850 if (message->num_elements > (end_p - p) / 17) {
851 errno = EIO;
852 goto failed;
853 }
854
855 message->elements = talloc_zero_array(message,
856 struct ldb_message_element,
857 message->num_elements);
858 if (!message->elements) {
859 errno = ENOMEM;
860 goto failed;
861 }
862
863 /*
864 * In typical use, most values are single-valued. This makes
865 * it quite expensive to allocate an array of ldb_val for each
866 * of these, just to then hold the pointer to the data buffer.
867 * So with LDB_UNPACK_DATA_FLAG_NO_VALUES_ALLOC we allocate this
868 * ahead of time and use it for the single values where possible.
869 * (This is used the the normal search case, but not in the
870 * index case because of caller requirements).
871 */
872 if (flags & LDB_UNPACK_DATA_FLAG_NO_VALUES_ALLOC) {
873 ldb_val_single_array = talloc_array(message->elements,
874 struct ldb_val,
875 message->num_elements);
876 if (ldb_val_single_array == NULL) {
877 errno = ENOMEM;
878 goto failed;
879 }
880 }
881
882 q = p + PULL_LE_U32(p, 0);
883 value_section_p = q;
884 p += U32_LEN;
885
886 for (i=0;i<message->num_elements;i++) {
887 const char *attr = NULL;
888 size_t attr_len;
889 struct ldb_message_element *element = NULL;
890
891 /* Sanity check: minimum element size */
892 if (p + (U32_LEN * 2) + /* attr name len, num values */
893 (U8_LEN * 2) + /* value length width, one val length */
894 (NULL_PAD_BYTE_LEN * 2) /* null for attr name + val */
895 > value_section_p) {
896 errno = EIO;
897 goto failed;
898 }
899
900 attr_len = PULL_LE_U32(p, 0);
901 p += U32_LEN;
902
903 if (attr_len == 0) {
904 errno = EIO;
905 goto failed;
906 }
907 attr = (char *)p;
908
909 p += attr_len + NULL_PAD_BYTE_LEN;
910 /*
911 * num_values, val_len_width
912 *
913 * val_len_width is the width specifier
914 * for the variable length encoding
915 */
916 if (p + U32_LEN + U8_LEN > value_section_p) {
917 errno = EIO;
918 goto failed;
919 }
920
921 if (*(p-NULL_PAD_BYTE_LEN) != '\0') {
922 errno = EINVAL;
923 goto failed;
924 }
925
926 element = &message->elements[nelem];
927 element->name = attr;
928 element->flags = 0;
929
930 element->num_values = PULL_LE_U32(p, 0);
931 element->values = NULL;
932 if ((flags & LDB_UNPACK_DATA_FLAG_NO_VALUES_ALLOC) &&
933 element->num_values == 1) {
934 element->values = &ldb_val_single_array[nelem];
935 } else if (element->num_values != 0) {
936 element->values = talloc_array(message->elements,
937 struct ldb_val,
938 element->num_values);
939 if (!element->values) {
940 errno = ENOMEM;
941 goto failed;
942 }
943 }
944
945 p += U32_LEN;
946
947 /*
948 * Here we read how wide the remaining lengths are
949 * which avoids storing and parsing a lot of leading
950 * 0s
951 */
952 val_len_width = *p;
953 p += U8_LEN;
954
955 if (p + val_len_width * element->num_values >
956 value_section_p) {
957 errno = EIO;
958 goto failed;
959 }
960
961 /*
962 * This is structured weird for compiler optimization
963 * purposes, but we need to pull the array of widths
964 * with different macros depending on how wide the
965 * biggest one is (specified by val_len_width)
966 */
967 if (val_len_width == U8_LEN) {
968 for (j = 0; j < element->num_values; j++) {
969 element->values[j].length = PULL_LE_U8(p, 0);
970 p += U8_LEN;
971 }
972 } else if (val_len_width == U16_LEN) {
973 for (j = 0; j < element->num_values; j++) {
974 element->values[j].length = PULL_LE_U16(p, 0);
975 p += U16_LEN;
976 }
977 } else if (val_len_width == U32_LEN) {
978 for (j = 0; j < element->num_values; j++) {
979 element->values[j].length = PULL_LE_U32(p, 0);
980 p += U32_LEN;
981 }
982 } else {
983 errno = ERANGE;
984 goto failed;
985 }
986
987 for (j = 0; j < element->num_values; j++) {
988 len = element->values[j].length;
989 if (len + NULL_PAD_BYTE_LEN < len) {
990 errno = EIO;
991 goto failed;
992 }
993 if (q + len + NULL_PAD_BYTE_LEN > end_p) {
994 errno = EIO;
995 goto failed;
996 }
997
998 element->values[j].data = q;
999 q += len + NULL_PAD_BYTE_LEN;
1000 }
1001 nelem++;
1002 }
1003
1004 /*
1005 * If p isn't now pointing at the beginning of the value section,
1006 * something went very wrong.
1007 */
1008 if (p != value_section_p) {
1009 ldb_debug(ldb, LDB_DEBUG_ERROR,
1010 "Error: Data corruption in ldb_unpack_data_flags");
1011 errno = EIO;
1012 goto failed;
1013 }
1014
1015 /*
1016 * Adapt the number of elements to the real number of unpacked
1017 * elements it means that we overallocated elements array.
1018 */
1019 message->num_elements = nelem;
1020
1021 /*
1022 * Shrink the allocated size. On current talloc behaviour
1023 * this will help if we skipped 32 or more attributes.
1024 */
1025 message->elements = talloc_realloc(message, message->elements,
1026 struct ldb_message_element,
1027 message->num_elements);
1028
1029 if (q != end_p) {
1030 ldb_debug(ldb, LDB_DEBUG_ERROR,
1031 "Error: %zu bytes unread in ldb_unpack_data_flags",
1032 end_p - q);
1033 errno = EIO;
1034 goto failed;
1035 }
1036
1037 return 0;
1038
1039 failed:
1040 talloc_free(message->elements);
1041 return -1;
1042 }
1043
ldb_unpack_get_format(const struct ldb_val * data,uint32_t * pack_format_version)1044 int ldb_unpack_get_format(const struct ldb_val *data,
1045 uint32_t *pack_format_version)
1046 {
1047 if (data->length < U32_LEN) {
1048 return LDB_ERR_OPERATIONS_ERROR;
1049 }
1050 *pack_format_version = PULL_LE_U32(data->data, 0);
1051 return LDB_SUCCESS;
1052 }
1053
1054 /*
1055 * Unpack a ldb message from a linear buffer in ldb_val
1056 */
ldb_unpack_data_flags(struct ldb_context * ldb,const struct ldb_val * data,struct ldb_message * message,unsigned int flags)1057 int ldb_unpack_data_flags(struct ldb_context *ldb,
1058 const struct ldb_val *data,
1059 struct ldb_message *message,
1060 unsigned int flags)
1061 {
1062 unsigned format;
1063
1064 if (data->length < U32_LEN) {
1065 errno = EIO;
1066 return -1;
1067 }
1068
1069 format = PULL_LE_U32(data->data, 0);
1070 if (format == LDB_PACKING_FORMAT_V2) {
1071 return ldb_unpack_data_flags_v2(ldb, data, message, flags);
1072 }
1073
1074 /*
1075 * The v1 function we're about to call takes either LDB_PACKING_FORMAT
1076 * or LDB_PACKING_FORMAT_NODN packing format versions, and will error
1077 * if given some other version, so we don't need to do any further
1078 * checks on 'format'.
1079 */
1080 return ldb_unpack_data_flags_v1(ldb, data, message, flags, format);
1081 }
1082
1083
1084 /*
1085 * Unpack a ldb message from a linear buffer in ldb_val
1086 *
1087 * Free with ldb_unpack_data_free()
1088 */
ldb_unpack_data(struct ldb_context * ldb,const struct ldb_val * data,struct ldb_message * message)1089 int ldb_unpack_data(struct ldb_context *ldb,
1090 const struct ldb_val *data,
1091 struct ldb_message *message)
1092 {
1093 return ldb_unpack_data_flags(ldb, data, message, 0);
1094 }
1095
1096 /*
1097 add the special distinguishedName element
1098 */
msg_add_distinguished_name(struct ldb_message * msg)1099 static int msg_add_distinguished_name(struct ldb_message *msg)
1100 {
1101 const char *dn_attr = "distinguishedName";
1102 char *dn = NULL;
1103
1104 if (ldb_msg_find_element(msg, dn_attr)) {
1105 /*
1106 * This should not happen, but this is
1107 * existing behaviour...
1108 */
1109 return LDB_SUCCESS;
1110 }
1111
1112 dn = ldb_dn_alloc_linearized(msg, msg->dn);
1113 if (dn == NULL) {
1114 return LDB_ERR_OPERATIONS_ERROR;
1115 }
1116
1117 return ldb_msg_add_steal_string(msg, dn_attr, dn);
1118 }
1119
1120 /*
1121 * filter the specified list of attributes from msg,
1122 * adding requested attributes, and perhaps all for *,
1123 * but not the DN to filtered_msg.
1124 */
ldb_filter_attrs(struct ldb_context * ldb,const struct ldb_message * msg,const char * const * attrs,struct ldb_message * filtered_msg)1125 int ldb_filter_attrs(struct ldb_context *ldb,
1126 const struct ldb_message *msg,
1127 const char *const *attrs,
1128 struct ldb_message *filtered_msg)
1129 {
1130 unsigned int i;
1131 bool keep_all = false;
1132 bool add_dn = false;
1133 uint32_t num_elements;
1134 uint32_t elements_size;
1135
1136 if (attrs) {
1137 /* check for special attrs */
1138 for (i = 0; attrs[i]; i++) {
1139 int cmp = strcmp(attrs[i], "*");
1140 if (cmp == 0) {
1141 keep_all = true;
1142 break;
1143 }
1144 cmp = ldb_attr_cmp(attrs[i], "distinguishedName");
1145 if (cmp == 0) {
1146 add_dn = true;
1147 }
1148 }
1149 } else {
1150 keep_all = true;
1151 }
1152
1153 if (keep_all) {
1154 add_dn = true;
1155 elements_size = msg->num_elements + 1;
1156
1157 /* Shortcuts for the simple cases */
1158 } else if (add_dn && i == 1) {
1159 if (msg_add_distinguished_name(filtered_msg) != 0) {
1160 goto failed;
1161 }
1162 return 0;
1163 } else if (i == 0) {
1164 return 0;
1165
1166 /*
1167 * Otherwise we are copying at most as many elements as we
1168 * have attributes
1169 */
1170 } else {
1171 elements_size = i;
1172 }
1173
1174 filtered_msg->elements = talloc_array(filtered_msg,
1175 struct ldb_message_element,
1176 elements_size);
1177 if (filtered_msg->elements == NULL) goto failed;
1178
1179 num_elements = 0;
1180
1181 for (i = 0; i < msg->num_elements; i++) {
1182 struct ldb_message_element *el = &msg->elements[i];
1183
1184 /*
1185 * el2 is assigned after the Pigeonhole principle
1186 * check below for clarity
1187 */
1188 struct ldb_message_element *el2 = NULL;
1189 unsigned int j;
1190
1191 if (keep_all == false) {
1192 bool found = false;
1193 for (j = 0; attrs[j]; j++) {
1194 int cmp = ldb_attr_cmp(el->name, attrs[j]);
1195 if (cmp == 0) {
1196 found = true;
1197 break;
1198 }
1199 }
1200 if (found == false) {
1201 continue;
1202 }
1203 }
1204
1205 /*
1206 * Pigeonhole principle: we can't have more elements
1207 * than the number of attributes if they are unique in
1208 * the DB.
1209 */
1210 if (num_elements >= elements_size) {
1211 goto failed;
1212 }
1213
1214 el2 = &filtered_msg->elements[num_elements];
1215
1216 *el2 = *el;
1217 el2->name = talloc_strdup(filtered_msg->elements,
1218 el->name);
1219 if (el2->name == NULL) {
1220 goto failed;
1221 }
1222 el2->values = talloc_array(filtered_msg->elements,
1223 struct ldb_val, el->num_values);
1224 if (el2->values == NULL) {
1225 goto failed;
1226 }
1227 for (j=0;j<el->num_values;j++) {
1228 el2->values[j] = ldb_val_dup(el2->values, &el->values[j]);
1229 if (el2->values[j].data == NULL && el->values[j].length != 0) {
1230 goto failed;
1231 }
1232 }
1233 num_elements++;
1234 }
1235
1236 filtered_msg->num_elements = num_elements;
1237
1238 if (add_dn) {
1239 if (msg_add_distinguished_name(filtered_msg) != 0) {
1240 goto failed;
1241 }
1242 }
1243
1244 if (filtered_msg->num_elements > 0) {
1245 filtered_msg->elements
1246 = talloc_realloc(filtered_msg,
1247 filtered_msg->elements,
1248 struct ldb_message_element,
1249 filtered_msg->num_elements);
1250 if (filtered_msg->elements == NULL) {
1251 goto failed;
1252 }
1253 } else {
1254 TALLOC_FREE(filtered_msg->elements);
1255 }
1256
1257 return 0;
1258 failed:
1259 TALLOC_FREE(filtered_msg->elements);
1260 return -1;
1261 }
1262