*/
#include "includes.h"
-#include "lib/ldb/include/includes.h"
+#include "lib/ldb/include/ldb.h"
#ifdef HAVE_LDAP
if (gotalarm != 0)
return LDAP_TIMELIMIT_EXCEEDED;
+ /*
+ * A bug in OpenLDAP means ldap_search_ext_s can return
+ * LDAP_SUCCESS but with a NULL res pointer. Cope with
+ * this. See bug #6279 for details. JRA.
+ */
+
+ if (*res == NULL) {
+ return LDAP_TIMELIMIT_EXCEEDED;
+ }
+
return result;
}
return True;
}
+ if (ads->config.client_site_name == NULL) {
+ DEBUG(10,("ads_closest_dc: client belongs to no site\n"));
+ return True;
+ }
+
DEBUG(10,("ads_closest_dc: %s is not the closest DC\n",
ads->config.ldap_server_name));
TALLOC_FREE(s);
}
- if (ads->server.ldap_server &&
- ads_try_connect(ads, ads->server.ldap_server, ads->server.gc)) {
- goto got_connection;
+ if (ads->server.ldap_server)
+ {
+ if (ads_try_connect(ads, ads->server.ldap_server, ads->server.gc)) {
+ goto got_connection;
+ }
+
+ /* The choice of which GC use is handled one level up in
+ ads_connect_gc(). If we continue on from here with
+ ads_find_dc() we will get GC searches on port 389 which
+ doesn't work. --jerry */
+
+ if (ads->server.gc == true) {
+ return ADS_ERROR(LDAP_OPERATIONS_ERROR);
+ }
}
ntstatus = ads_find_dc(ads);
/* Must use the userPrincipalName value here or sAMAccountName
and not servicePrincipalName; found by Guenther Deschner */
- asprintf(&ads->auth.user_name, "%s$", global_myname() );
+ if (asprintf(&ads->auth.user_name, "%s$", global_myname() ) == -1) {
+ DEBUG(0,("ads_connect: asprintf fail.\n"));
+ ads->auth.user_name = NULL;
+ }
}
if (!ads->auth.realm) {
/* this is a really nasty hack to avoid ADS DNS problems. It needs a patch
to MIT kerberos to work (tridge) */
{
- char *env;
- asprintf(&env, "KRB5_KDC_ADDRESS_%s", ads->config.realm);
- setenv(env, ads->auth.kdc_server, 1);
- free(env);
+ char *env = NULL;
+ if (asprintf(&env, "KRB5_KDC_ADDRESS_%s", ads->config.realm) > 0) {
+ setenv(env, ads->auth.kdc_server, 1);
+ free(env);
+ }
}
#endif
/* cache the successful connection for workgroup and realm */
if (ads_closest_dc(ads)) {
- print_sockaddr(addr, sizeof(addr), &ads->ldap.ss);
- saf_store( ads->server.workgroup, addr);
- saf_store( ads->server.realm, addr);
+ saf_store( ads->server.workgroup, ads->config.ldap_server_name);
+ saf_store( ads->server.realm, ads->config.ldap_server_name);
}
ldap_set_option(ads->ldap.ld, LDAP_OPT_PROTOCOL_VERSION, &version);
- status = ADS_ERROR(smb_ldap_start_tls(ads->ldap.ld, version));
- if (!ADS_ERR_OK(status)) {
- goto out;
+ if ( lp_ldap_ssl_ads() ) {
+ status = ADS_ERROR(smb_ldap_start_tls(ads->ldap.ld, version));
+ if (!ADS_ERR_OK(status)) {
+ goto out;
+ }
}
/* fill in the current time and offsets */
ldap_msgfree(msg);
}
-/**
- * Free up memory from various ads requests
- * @param ads connection to ads server
- * @param mem Area to free
- **/
-void ads_memfree(ADS_STRUCT *ads, void *mem)
-{
- SAFE_FREE(mem);
-}
-
/**
* Get a dn from search results
* @param ads connection to ads server
* @param msg Search result
* @return dn string
**/
- char *ads_get_dn(ADS_STRUCT *ads, LDAPMessage *msg)
+ char *ads_get_dn(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, LDAPMessage *msg)
{
char *utf8_dn, *unix_dn;
size_t converted_size;
return NULL;
}
- if (!pull_utf8_allocate(&unix_dn, utf8_dn, &converted_size)) {
+ if (!pull_utf8_talloc(mem_ctx, &unix_dn, utf8_dn, &converted_size)) {
DEBUG(0,("ads_get_dn: string conversion failure utf8 [%s]\n",
utf8_dn ));
return NULL;
controls[0] = &PermitModify;
controls[1] = NULL;
- if (!push_utf8_allocate(&utf8_dn, mod_dn, &converted_size)) {
+ if (!push_utf8_talloc(talloc_tos(), &utf8_dn, mod_dn, &converted_size)) {
return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
}
mods[i] = NULL;
ret = ldap_modify_ext_s(ads->ldap.ld, utf8_dn,
(LDAPMod **) mods, controls, NULL);
- SAFE_FREE(utf8_dn);
+ TALLOC_FREE(utf8_dn);
return ADS_ERROR(ret);
}
char *utf8_dn = NULL;
size_t converted_size;
- if (!push_utf8_allocate(&utf8_dn, new_dn, &converted_size)) {
- DEBUG(1, ("ads_gen_add: push_utf8_allocate failed!"));
+ if (!push_utf8_talloc(talloc_tos(), &utf8_dn, new_dn, &converted_size)) {
+ DEBUG(1, ("ads_gen_add: push_utf8_talloc failed!"));
return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
}
mods[i] = NULL;
ret = ldap_add_s(ads->ldap.ld, utf8_dn, (LDAPMod**)mods);
- SAFE_FREE(utf8_dn);
+ TALLOC_FREE(utf8_dn);
return ADS_ERROR(ret);
}
int ret;
char *utf8_dn = NULL;
size_t converted_size;
- if (!push_utf8_allocate(&utf8_dn, del_dn, &converted_size)) {
- DEBUG(1, ("ads_del_dn: push_utf8_allocate failed!"));
+ if (!push_utf8_talloc(talloc_tos(), &utf8_dn, del_dn, &converted_size)) {
+ DEBUG(1, ("ads_del_dn: push_utf8_talloc failed!"));
return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
}
ret = ldap_delete_s(ads->ldap.ld, utf8_dn);
- SAFE_FREE(utf8_dn);
+ TALLOC_FREE(utf8_dn);
return ADS_ERROR(ret);
}
}
/* substitute the bind-path from the well-known-guid-search result */
- wkn_dn = ads_get_dn(ads, res);
+ wkn_dn = ads_get_dn(ads, talloc_tos(), res);
if (!wkn_dn) {
goto out;
}
out:
SAFE_FREE(base);
ads_msgfree(ads, res);
- ads_memfree(ads, wkn_dn);
+ TALLOC_FREE(wkn_dn);
if (wkn_dn_exp) {
ldap_value_free(wkn_dn_exp);
}
return kvno;
}
- dn_string = ads_get_dn(ads, res);
+ dn_string = ads_get_dn(ads, talloc_tos(), res);
if (!dn_string) {
DEBUG(0,("ads_get_kvno: out of memory.\n"));
ads_msgfree(ads, res);
return kvno;
}
DEBUG(5,("ads_get_kvno: Using: %s\n", dn_string));
- ads_memfree(ads, dn_string);
+ TALLOC_FREE(dn_string);
/* ---------------------------------------------------------
* 0 is returned as a default KVNO from this point on...
talloc_destroy(ctx);
return ret;
}
- dn_string = ads_get_dn(ads, res);
+ dn_string = ads_get_dn(ads, talloc_tos(), res);
if (!dn_string) {
talloc_destroy(ctx);
ads_msgfree(ads, res);
return ADS_ERROR(LDAP_NO_MEMORY);
}
ret = ads_gen_mod(ads, dn_string, mods);
- ads_memfree(ads,dn_string);
+ TALLOC_FREE(dn_string);
if (!ADS_ERR_OK(ret)) {
DEBUG(1,("ads_clear_service_principal_names: Error: Updating Service Principals for machine %s in LDAP\n",
machine_name));
goto out;
}
- if ( (dn_string = ads_get_dn(ads, res)) == NULL ) {
+ if ( (dn_string = ads_get_dn(ads, ctx, res)) == NULL ) {
ret = ADS_ERROR(LDAP_NO_MEMORY);
goto out;
}
ret = ads_gen_mod(ads, dn_string, mods);
- ads_memfree(ads,dn_string);
if (!ADS_ERR_OK(ret)) {
DEBUG(1,("ads_add_service_principal_name: Error: Updating Service Principals in LDAP\n"));
goto out;
goto done;
}
- computer_dn = ads_get_dn(ads, res);
+ computer_dn = ads_get_dn(ads, talloc_tos(), res);
if (!computer_dn) {
rc = ADS_ERROR(LDAP_NO_MEMORY);
goto done;
bool ads_pull_sid(ADS_STRUCT *ads, LDAPMessage *msg, const char *field,
DOM_SID *sid)
{
- struct berval **values;
- bool ret = False;
-
- values = ldap_get_values_len(ads->ldap.ld, msg, field);
-
- if (!values)
- return False;
-
- if (values[0])
- ret = sid_parse(values[0]->bv_val, values[0]->bv_len, sid);
-
- ldap_value_free_len(values);
- return ret;
+ return smbldap_pull_sid(ads->ldap.ld, msg, field, sid);
}
/**
return ADS_ERROR(LDAP_NO_SUCH_OBJECT);
}
- dn = ads_get_dn(ads, res);
+ dn = ads_get_dn(ads, mem_ctx, res);
if (dn == NULL) {
ads_msgfree(ads, res);
return ADS_ERROR(LDAP_NO_MEMORY);
parent = ads_parent_dn(ads_parent_dn(ads_parent_dn(dn)));
if (parent == NULL) {
ads_msgfree(ads, res);
- ads_memfree(ads, dn);
+ TALLOC_FREE(dn);
return ADS_ERROR(LDAP_NO_MEMORY);
}
*site_dn = talloc_strdup(mem_ctx, parent);
if (*site_dn == NULL) {
ads_msgfree(ads, res);
- ads_memfree(ads, dn);
+ TALLOC_FREE(dn);
return ADS_ERROR(LDAP_NO_MEMORY);
}
- ads_memfree(ads, dn);
+ TALLOC_FREE(dn);
ads_msgfree(ads, res);
return status;
char *dn = NULL;
- dn = ads_get_dn(ads, msg);
+ dn = ads_get_dn(ads, talloc_tos(), msg);
if (!dn) {
ads_msgfree(ads, res);
return ADS_ERROR(LDAP_NO_MEMORY);
if (!add_string_to_array(mem_ctx, dn,
(const char ***)ous,
(int *)num_ous)) {
- ads_memfree(ads, dn);
+ TALLOC_FREE(dn);
ads_msgfree(ads, res);
return ADS_ERROR(LDAP_NO_MEMORY);
}
- ads_memfree(ads, dn);
+ TALLOC_FREE(dn);
}
ads_msgfree(ads, res);
return ADS_ERROR_SYSTEM(ENOENT);
}
- hostnameDN = ads_get_dn(ads, (LDAPMessage *)msg);
+ hostnameDN = ads_get_dn(ads, talloc_tos(), (LDAPMessage *)msg);
rc = ldap_delete_ext_s(ads->ldap.ld, hostnameDN, pldap_control, NULL);
if (rc) {
if (!ADS_ERR_OK(status)) {
SAFE_FREE(host);
- ads_memfree(ads, hostnameDN);
+ TALLOC_FREE(hostnameDN);
return status;
}
char *dn = NULL;
- if ((dn = ads_get_dn(ads, msg_sub)) == NULL) {
+ if ((dn = ads_get_dn(ads, talloc_tos(), msg_sub)) == NULL) {
SAFE_FREE(host);
- ads_memfree(ads, hostnameDN);
+ TALLOC_FREE(hostnameDN);
return ADS_ERROR(LDAP_NO_MEMORY);
}
if (!ADS_ERR_OK(status)) {
DEBUG(3,("failed to delete dn %s: %s\n", dn, ads_errstr(status)));
SAFE_FREE(host);
- ads_memfree(ads, dn);
- ads_memfree(ads, hostnameDN);
+ TALLOC_FREE(dn);
+ TALLOC_FREE(hostnameDN);
return status;
}
- ads_memfree(ads, dn);
+ TALLOC_FREE(dn);
}
/* there should be no subordinate objects anymore */
if (!ADS_ERR_OK(status) || ( (ads_count_replies(ads, res)) > 0 ) ) {
SAFE_FREE(host);
- ads_memfree(ads, hostnameDN);
+ TALLOC_FREE(hostnameDN);
return status;
}
if (!ADS_ERR_OK(status)) {
SAFE_FREE(host);
DEBUG(3,("failed to delete dn %s: %s\n", hostnameDN, ads_errstr(status)));
- ads_memfree(ads, hostnameDN);
+ TALLOC_FREE(hostnameDN);
return status;
}
}
- ads_memfree(ads, hostnameDN);
+ TALLOC_FREE(hostnameDN);
status = ads_find_machine_acct(ads, &res, host);
if (ADS_ERR_OK(status) && ads_count_replies(ads, res) == 1) {
goto out;
}
- dn = ads_get_dn(ads, res);
+ dn = ads_get_dn(ads, talloc_tos(), res);
if (dn == NULL) {
status = ADS_ERROR(LDAP_NO_MEMORY);
goto out;
}
}
out:
- ads_memfree(ads, dn);
+ TALLOC_FREE(dn);
ads_msgfree(ads, res);
return status;
struct ldb_dn *name_dn = NULL;
const char *name = NULL;
char *ou_string = NULL;
+ struct ldb_context *ldb = ldb_init(mem_ctx, NULL);
- name_dn = ldb_dn_explode(mem_ctx, *account_ou);
- if (name_dn) {
+ name_dn = ldb_dn_new(mem_ctx, ldb, *account_ou);
+ if (name_dn && ldb_dn_validate(name_dn)) {
+ talloc_free(ldb);
return ADS_SUCCESS;
}
ou_string = ads_ou_string(ads, *account_ou);
if (!ou_string) {
+ talloc_free(ldb);
return ADS_ERROR_LDAP(LDAP_INVALID_DN_SYNTAX);
}
- name = talloc_asprintf(mem_ctx, "%s,%s", ou_string,
- ads->config.bind_path);
+ name_dn = ldb_dn_new_fmt(mem_ctx, ldb, "%s,%s", ou_string,
+ ads->config.bind_path);
SAFE_FREE(ou_string);
- if (!name) {
- return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
- }
- name_dn = ldb_dn_explode(mem_ctx, name);
- if (!name_dn) {
+ if (!name_dn || !ldb_dn_validate(name_dn)) {
+ talloc_free(ldb);
return ADS_ERROR_LDAP(LDAP_INVALID_DN_SYNTAX);
}
*account_ou = talloc_strdup(mem_ctx, name);
if (!*account_ou) {
+ talloc_free(ldb);
return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
}
+ talloc_free(ldb);
return ADS_SUCCESS;
}