[continued from previous message]

- if (memcmp((char *)val.data, (char *)cnk.data, cnk.length) != 0) goto mismatch;
val.length -= cnk.length;
val.data += cnk.length;
c++;
- talloc_free(cnk.data);
+ TALLOC_FREE(cnk_to_free);
cnk.data = NULL;
}

while (tree->u.substring.chunks[c]) {
uint8_t *p;
+ uint8_t *cnk_to_free = NULL;

chunk = tree->u.substring.chunks[c];
- if(a->syntax->canonicalise_fn(ldb, ldb, chunk, &cnk) != 0) {
- goto mismatch;
+ /* No need to just copy this value for a binary match */
+ if (a->syntax->canonicalise_fn != ldb_handler_copy) {
+ if (a->syntax->canonicalise_fn(ldb, ldb, chunk, &cnk) != 0) {
+ goto mismatch;
+ }
+
+ cnk_to_free = cnk.data;
+ } else {
+ cnk = *chunk;
}
/*
* Empty strings are returned as length 0. Ensure
* we can cope with this.
*/
if (cnk.length == 0) {
+ TALLOC_FREE(cnk_to_free);
goto mismatch;
}
if (cnk.length > val.length) {
+ TALLOC_FREE(cnk_to_free);
goto mismatch;
}

@@ -320,6 +358,8 @@
cmp = memcmp(p,
cnk.data,
cnk.length);
+ TALLOC_FREE(cnk_to_free);
+
if (cmp != 0) {
goto mismatch;
}
@@ -331,15 +371,16 @@
p = memmem((const void *)val.data, val.length,
(const void *)cnk.data, cnk.length);
if (p == NULL) {
+ TALLOC_FREE(cnk_to_free);
goto mismatch;
}
/* move val to the end of the match */
p += cnk.length;
val.length -= (p - val.data);
val.data = p;
+ TALLOC_FREE(cnk_to_free);
}
c++;
- TALLOC_FREE(cnk.data);
}

talloc_free(save_p);
@@ -349,7 +390,6 @@
mismatch:
*matched = false;
talloc_free(save_p);
- talloc_free(cnk.data);
return LDB_SUCCESS;
}

@@ -531,6 +571,26 @@
&tree->u.extended.value, matched);
}

+static bool ldb_must_suppress_match(const struct ldb_message *msg,
+ const struct ldb_parse_tree *tree)
+{
+ const char *attr = NULL;
+ struct ldb_message_element *el = NULL;
+
+ attr = ldb_parse_tree_get_attr(tree);
+ if (attr == NULL) {
+ return false;
+ }
+
+ /* find the message element */
+ el = ldb_msg_find_element(msg, attr);
+ if (el == NULL) {
+ return false;
+ }
+
+ return ldb_msg_element_is_inaccessible(el);
+}
+
/*
Check if a particular message will match the given filter

@@ -555,6 +615,17 @@
return LDB_SUCCESS;
}

+ /*
+ * Suppress matches on confidential attributes (handled
+ * manually in extended matches as these can do custom things
+ * like read other parts of the DB or other attributes).
+ */
+ if (tree->operation != LDB_OP_EXTENDED) {
+ if (ldb_must_suppress_match(msg, tree)) {
+ return LDB_SUCCESS;
+ }
+ }
+
switch (tree->operation) {
case LDB_OP_AND:
for (i=0;i<tree->u.list.num_elements;i++) {
@@ -741,3 +812,15 @@
return LDB_SUCCESS;
}

+int ldb_register_redact_callback(struct ldb_context *ldb,
+ ldb_redact_fn redact_fn,
+ struct ldb_module *module)
+{
+ if (ldb->redact.callback != NULL) {
+ return LDB_ERR_ENTRY_ALREADY_EXISTS;
+ }
+
+ ldb->redact.callback = redact_fn;
+ ldb->redact.module = module;
+ return LDB_SUCCESS;
+}
diff -Nru samba-4.17.6+dfsg/lib/ldb/common/ldb_msg.c samba-4.17.7+dfsg/lib/ldb/common/ldb_msg.c
--- samba-4.17.6+dfsg/lib/ldb/common/ldb_msg.c 2022-08-08 17:15:39.080190000 +0300
+++ samba-4.17.7+dfsg/lib/ldb/common/ldb_msg.c 2023-03-20 12:03:44.611650000 +0300
@@ -795,6 +795,32 @@
return ldb_attr_cmp(el1->name, el2->name);
}

+void ldb_msg_element_mark_inaccessible(struct ldb_message_element *el)
+{
+ el->flags |= LDB_FLAG_INTERNAL_INACCESSIBLE_ATTRIBUTE;
+}
+
+bool ldb_msg_element_is_inaccessible(const struct ldb_message_element *el)
+{
+ return (el->flags & LDB_FLAG_INTERNAL_INACCESSIBLE_ATTRIBUTE) != 0;
+}
+
+void ldb_msg_remove_inaccessible(struct ldb_message *msg)
+{
+ unsigned i;
+ unsigned num_del = 0;
+
+ for (i = 0; i < msg->num_elements; ++i) {
+ if (ldb_msg_element_is_inaccessible(&msg->elements[i])) {
+ ++num_del;
+ } else if (num_del) {
+ msg->elements[i - num_del] = msg->elements[i];
+ }
+ }
+
+ msg->num_elements -= num_del;
+}
+
/*
convenience functions to return common types from a message
these return the first value if the attribute i