-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[EMAIL PROTECTED] schrieb:
> WebSVN:
> http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=9815
>
> Log:
> Added cldap_netlogon() AD Site-Name lookup into libnet/libnet_join.c.
> Bugfixing rampage in libnet_join.c to resolve misunderstanding of
> talloc_steal().
> libnet_join now creates the CN=<netbios name>,CN=Servers,CN=<site
> name>,CN=Sites,CN=Configuration,<domain dn> container on a dc join.
Hi Brad,
a few comments:
1) you should splitt patches up into logical pieces!
so this should have been 3 seperate commits
2) I think there're still some problems and bugs in this patch
Index: branches/SOC/SAMBA_4_0/source/libnet/config.mk
===================================================================
- --- branches/SOC/SAMBA_4_0/source/libnet/config.mk (revision 9814)
+++ branches/SOC/SAMBA_4_0/source/libnet/config.mk (revision 9815)
@@ -17,6 +17,8 @@
libnet/userinfo.o \
libnet/userman.o \
libnet/domain.o
- -REQUIRED_SUBSYSTEMS = RPC_NDR_SAMR RPC_NDR_LSA RPC_NDR_SRVSVC
RPC_NDR_DRSUAPI LIBCLI_COMPOSITE
LIBCLI_RESOLVE LIBSAMBA3
+REQUIRED_SUBSYSTEMS = \
+ RPC_NDR_SAMR RPC_NDR_LSA RPC_NDR_SRVSVC RPC_NDR_DRSUAPI
LIBCLI_COMPOSITE \
+ LIBCLI_RESOLVE LIBSAMBA3 LIBCLI_CLDAP NDR_ALL
why do we need NDR_ALL here?
Index: branches/SOC/SAMBA_4_0/source/libnet/libnet_join.c
===================================================================
- --- branches/SOC/SAMBA_4_0/source/libnet/libnet_join.c (revision 9814)
+++ branches/SOC/SAMBA_4_0/source/libnet/libnet_join.c (revision 9815)
@@ -130,13 +128,13 @@
- - lsa_open_policy.in.system_name = talloc_asprintf(tmp_ctx, "\\%s",
r->in.netbios_name);
+ lsa_open_policy.in.system_name = talloc_asprintf(tmp_ctx, "\\%s",
r->in.netbios_name);
the return value of talloc should be checked
@@ -148,12 +146,12 @@
- - status = dcerpc_lsa_QueryInfoPolicy2(c.out.dcerpc_pipe, tmp_ctx,
+ status = dcerpc_lsa_QueryInfoPolicy2(c.out.dcerpc_pipe, mem_ctx,
/*chg tmp_ctx to mem_ctx*/
&lsa_query_info2);
tmp_ctx should be used here!
@@ -167,11 +165,11 @@
- - status = dcerpc_lsa_QueryInfoPolicy(c.out.dcerpc_pipe, tmp_ctx,
+ status = dcerpc_lsa_QueryInfoPolicy(c.out.dcerpc_pipe, mem_ctx,
/*chg tmp_ctx to mem_ctx*/
&lsa_query_info);
tmp_ctx should be used here too!
- - status = dcerpc_parse_binding(tmp_ctx,
c.out.dcerpc_pipe->conn->binding_string, &samr_binding);
+ status = dcerpc_parse_binding(mem_ctx,
c.out.dcerpc_pipe->conn->binding_string, &samr_binding);
/*chg tmp_ctx to mem_ctx*/
tmp_ctx should be used here too!
+ r->out.domain_sid = talloc_reference(tmp_ctx, domain_sid);
+ r->out.domain_name = talloc_reference(tmp_ctx, domain_name);
+ r->out.realm = talloc_reference(tmp_ctx, realm);
+ r->out.samr_pipe = talloc_reference(tmp_ctx, samr_pipe);
+ r->out.samr_binding = talloc_reference(tmp_ctx, samr_binding);
+ r->out.user_handle = &u_handle;
+ r->out.error_string = talloc_reference(tmp_ctx,
r2.samr_handle.out.error_string);
using tmp_ctx here will result in a mem leak
as you just increase the reference count,
as this values are supposed to be passed to the caller
this should be talloc_reference(mem_ctx, ...);
this will create a 2nd reference to the values from the callers TALLOC_CTX
and they get free'ed when the tmp_ctx AND the mem_ctx are free'ed.
but also in this case you can also use talloc_steal(mem_ctx, ...)
as talloc_steal() can never fail with a alloc failure,
where talloc_reference can!
and as we know that we'll destroy the tmp_ctx shortly,
talloc_steal is better.
+ computer_dn = talloc_asprintf(ctx,
+ "%s",r_crack_names.out.ctr.ctr1->array[0].result_name);
here we should also use talloc_steal(), with the right TALLOC_CTX.
(I haven't looked close to it to find the right one out.)
and also we should move that statement after the DsCrackNames call,
and make shure we didn't dereference a NULL pointer or empty array,
in case the server sends bad data.
so we need to check if r_crack_names.out.ctr.ctr1 and
r_crack_names.out.ctr.ctr1->array[0]
and r_crack_names.out.ctr.ctr1->array[0].result_name are valid.
(we may already do this checks, I haven't checked closer)
+ /* We do the dsbind in this function, so we might as well do the
domain_dn cracknames here too. */
+ r_crack_names.in.req.req1.format_offered =
DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT;
+ r_crack_names.in.req.req1.format_desired =
DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
+ names[0].str = talloc_asprintf(ctx, "%s\\", r->in.domain_name);
this should be tmp_ctx not ctx.
+ status = dcerpc_drsuapi_DsCrackNames(drsuapi_pipe, tmp_ctx,
&r_crack_names);
+ if (!NT_STATUS_IS_OK(status)) {
+ if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
+ r->out.error_string
+ = talloc_asprintf(tmp_ctx,
here we need to use mem_ctx!!!
+ } else {
+ r->out.error_string
+ = talloc_asprintf(tmp_ctx,
here we need to use mem_ctx too!!!
+ } else if (!W_ERROR_IS_OK(r_crack_names.out.result)) {
+ r->out.error_string
+ = talloc_asprintf(tmp_ctx,
here we need to use mem_ctx too!!!
+ domain_dn = talloc_asprintf(ctx,
+ "%s",
+
r_crack_names.out.ctr.ctr1->array[0].result_name);
talloc_steal() here...
and maybe tmp_ctx!
+NTSTATUS libnet_JoinSite(struct libnet_context *ctx,
+ TALLOC_CTX *mem_ctx,
+ struct dcerpc_pipe *drsuapi_pipe,
+ struct policy_handle drsuapi_bind_handle,
+ char *computer_dn,
+ char *domain_dn,
these should be const char *
+ cldap = cldap_socket_init(tmp_ctx, NULL);
+ status = cldap_netlogon(cldap, tmp_ctx, &search);
+ if (!NT_STATUS_IS_OK(status)) {
+ /* Default to using Default-First-Site-Name rather than
returning status at this point. */
+ site_name = talloc_asprintf(tmp_ctx, "%s",
"Default-First-Site-Name");
+ } else {
+ site_name = talloc_steal(tmp_ctx,
search.out.netlogon.logon5.site_name);
+ }
talloc fail checks
+ config_dn = talloc_asprintf(tmp_ctx, "CN=Configuration,%s", domain_dn);
+
+ server_dn = talloc_asprintf(tmp_ctx,
+ "CN=%s,CN=Servers,CN=%s,CN=Sites,%s",
+ libnet_r->in.netbios_name, site_name,
config_dn);
+
+ schema_dn = talloc_asprintf(tmp_ctx, "CN=Schema,%s", config_dn);
+
+ ntds_dn = talloc_asprintf(tmp_ctx,
+ "CN=NTDS Settings,%s", server_dn);
talloc fail checks...
+ printf("domain_dn: %s.\n", domain_dn);
+ printf("computer_dn: %s.\n", computer_dn);
+ printf("config_dn: %s.\n", config_dn);
+ printf("server_dn: %s.\n", server_dn);
+ printf("schema_dn: %s.\n", schema_dn);
+ printf("ntds_dn: %s.\n", ntds_dn);
+ printf("site_name: %s.\n", site_name);
use DEBUG() instead of printf here
printf should only be used in torture tests
+ /*
+ Add entry CN=<netbios name>,CN=Servers,CN=<site
name>,CN=Sites,CN=Configuration,<domain dn>.
+ */
+ remote_ldb_url = talloc_asprintf(tmp_ctx, "ldap://%s";,
+ libnet_r->out.samr_binding->host);
talloc fails check
+ msg = ldb_msg_new(tmp_ctx);
+ if (!msg) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ ldb_msg_add_string(remote_ldb, msg, "objectClass", "server");
+ ldb_msg_add_string(remote_ldb, msg, "systemFlags", "50000000");
+ ldb_msg_add_string(remote_ldb, msg, "serverReference", computer_dn);
ldb_msg_add_string can also fails,
(I know other places also didn't check the return value...,
but that's bad!)
if ((r->in.netbios_name != NULL) && (r->in.level !=
LIBNET_JOIN_AUTOMATIC)) {
- - r2->in.netbios_name = r->in.netbios_name;
+ r2.in.netbios_name = r->in.netbios_name;
} else {
- - r2->in.netbios_name = talloc_asprintf(r2, "%s",
lp_netbios_name());
+ r2.in.netbios_name = talloc_asprintf(mem_ctx, "%s",
lp_netbios_name());
talloc checks, and tmp_ctx (maybe we can skip the talloc_asprintf completely
here)
- - r2->in.account_name = talloc_asprintf(r2, "%s$", r2->in.netbios_name);
+ r2.in.account_name = talloc_asprintf(mem_ctx, "%s$",
r2.in.netbios_name);
talloc checks, and tmp_ctx
- - r->out.samr_pipe = talloc_steal(r, r2->out.samr_pipe);
- - /*r->out.user_handle = talloc_steal(mem_ctx, r2.out.user_handle);*/
- - r->out.user_handle = talloc_steal(r, r2->out.user_handle);
- - r->out.domain_sid = talloc_steal(r, r2->out.domain_sid);
- - r->out.join_password = talloc_steal(r, r2->out.join_password);
+ r->out.samr_pipe = r2.out.samr_pipe;
+ r->out.user_handle = r2.out.user_handle;
+ r->out.domain_sid = r2.out.domain_sid;
+ r->out.join_password = r2.out.join_password;
talloc_steal(mem_ctx, ..) here
- - msg->dn = ldb_dn_build_child(mem_ctx, "flatname", r2->out.domain_name,
base_dn);
+ msg->dn = ldb_dn_build_child(mem_ctx, "flatname", r2.out.domain_name,
base_dn);
this can fail!
- - samdb_msg_add_string(ldb, mem_ctx, msg, "flatname",
r2->out.domain_name);
- - if (r2->out.realm) {
- - samdb_msg_add_string(ldb, mem_ctx, msg, "realm", r2->out.realm);
+ samdb_msg_add_string(ldb, mem_ctx, msg, "flatname", r2.out.domain_name);
+ if (r2.out.realm) {
+ samdb_msg_add_string(ldb, mem_ctx, msg, "realm", r2.out.realm);
}
samdb_msg_add_string(ldb, mem_ctx, msg, "objectClass", "primaryDomain");
- - samdb_msg_add_string(ldb, mem_ctx, msg, "secret",
r2->out.join_password);
+ samdb_msg_add_string(ldb, mem_ctx, msg, "secret", r2.out.join_password);
- - samdb_msg_add_string(ldb, mem_ctx, msg, "samAccountName",
r2->in.account_name);
+ samdb_msg_add_string(ldb, mem_ctx, msg, "samAccountName",
r2.in.account_name);
samdb_msg_add_string(ldb, mem_ctx, msg, "secureChannelType", sct);
samdb_msg_add_string can fail, and use tmp_ctx
- - if (r2->out.kvno) {
+ if (r2.out.kvno) {
samdb_msg_add_uint(ldb, mem_ctx, msg, "msDS-KeyVersionNumber",
- - r2->out.kvno);
+ r2.out.kvno);
samdb_msg_add_uint can fail(I think but need to checked), and use tmp_ctx
- - samdb_msg_set_string(ldb, mem_ctx, msg, "secret",
r2->out.join_password);
+ samdb_msg_set_string(ldb, mem_ctx, msg, "secret",
r2.out.join_password);
samdb_msg_add_string can fail, and use tmp_ctx
- - samdb_msg_set_string(ldb, mem_ctx, msg, "samAccountName",
r2->in.account_name);
+ samdb_msg_set_string(ldb, mem_ctx, msg, "samAccountName",
r2.in.account_name);
samdb_msg_set_string(ldb, mem_ctx, msg, "secureChannelType",
sct);
samdb_msg_add_string can fail, and use tmp_ctx
- - r->out.error_string = talloc_asprintf(r, "%s", r2->out.error_string);
- - r->out.join_password = talloc_steal(r, r2->out.join_password);
- - r->out.domain_sid = talloc_steal(r, r2->out.domain_sid);
- - r->out.samr_pipe = talloc_steal(r, r2->out.samr_pipe);
- - r->out.user_handle = talloc_steal(r, r2->out.user_handle);
- - /*r->out.user_handle = talloc_steal(mem_ctx, r2->out.user_handle);*/
+ /*
+ r->out.error_string = talloc_steal(r, r2.out.error_string);
+ r->out.join_password = talloc_steal(r, r2.out.join_password);
+ r->out.domain_sid = talloc_steal(r, r2.out.domain_sid);
+ r->out.samr_pipe = talloc_steal(r, r2.out.samr_pipe);
+ r->out.user_handle = talloc_steal(r, r2.out.user_handle);
+ */
please don't commit this kind of comments, just remove them:-)
+ r->out.error_string = r2.out.error_string;
+ r->out.join_password = r2.out.join_password;
+ r->out.domain_sid = r2.out.domain_sid;
+ r->out.samr_pipe = r2.out.samr_pipe;
+ r->out.user_handle = r2.out.user_handle;
talloc_steal(mem_ctx, ...)
- --
metze
Stefan Metzmacher <metze at samba.org> www.samba.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-nr1 (Windows XP)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDFWfnm70gjA5TCD8RAv9FAJ90i0wGgrpzvQBhron5ZN1HWseQ0wCgnzrp
1y/9EyaIjs+Z6wIZqBEBhyU=
=PDzh
-----END PGP SIGNATURE-----
