The branch, master has been updated
via aebc90f s4:lsa RPC server - "dcesrv_lsa_CreateSecret" - a bit of
rework
via 025aa3f s4:libnet/libnet_samsync_ldb,c - move away from
"samdb_msg_add_string" when possible
via d14e0e8 s4:libnet_JoinADSDomain - move away from
"samdb_msg_add_string"
from 189b4bc s3-waf: add krb5 configure check for WRFILE_KEYTAB.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit aebc90f97417f71ffd1aacd339b34cdee096c15e
Author: Matthias Dieter Wallnöfer <m...@samba.org>
Date: Fri Dec 3 20:38:03 2010 +0100
s4:lsa RPC server - "dcesrv_lsa_CreateSecret" - a bit of rework
- Added 'out of memory' checks
- Added checks regarding return values
- Switch to "ldb_msg_add_string" where possible
Autobuild-User: Matthias Dieter Wallnöfer <m...@samba.org>
Autobuild-Date: Fri Dec 3 21:41:39 CET 2010 on sn-devel-104
commit 025aa3f0532b6853569ac2a8eb9b4b37ff72b981
Author: Matthias Dieter Wallnöfer <m...@samba.org>
Date: Fri Dec 3 20:20:17 2010 +0100
s4:libnet/libnet_samsync_ldb,c - move away from "samdb_msg_add_string" when
possible
Also here we can move to "ldb_msg_add_string" without any impact!
commit d14e0e8ff1e3f9144bf815daec9eb292879a97ca
Author: Matthias Dieter Wallnöfer <m...@samba.org>
Date: Fri Dec 3 20:09:31 2010 +0100
s4:libnet_JoinADSDomain - move away from "samdb_msg_add_string"
These calls can be substituted by "ldb_msg_add_string" without any problems
-
only the allocation contexts of the SPNs and the DNS hostnames have to
adapted.
-----------------------------------------------------------------------
Summary of changes:
source4/libnet/libnet_join.c | 14 ++++----
source4/libnet/libnet_samsync_ldb.c | 12 ++++++-
source4/rpc_server/lsa/dcesrv_lsa.c | 56 ++++++++++++++++++++++-------------
3 files changed, 52 insertions(+), 30 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/libnet/libnet_join.c b/source4/libnet/libnet_join.c
index 6077de9..1b485e7 100644
--- a/source4/libnet/libnet_join.c
+++ b/source4/libnet/libnet_join.c
@@ -272,8 +272,8 @@ static NTSTATUS libnet_JoinADSDomain(struct libnet_context
*ctx, struct libnet_J
{
unsigned int i;
const char *service_principal_name[2];
- const char *dns_host_name = strlower_talloc(tmp_ctx,
-
talloc_asprintf(tmp_ctx,
+ const char *dns_host_name = strlower_talloc(msg,
+
talloc_asprintf(msg,
"%s.%s",
r->in.netbios_name,
realm));
@@ -284,9 +284,9 @@ static NTSTATUS libnet_JoinADSDomain(struct libnet_context
*ctx, struct libnet_J
return NT_STATUS_NO_MEMORY;
}
- service_principal_name[0] = talloc_asprintf(tmp_ctx, "HOST/%s",
+ service_principal_name[0] = talloc_asprintf(msg, "HOST/%s",
dns_host_name);
- service_principal_name[1] = talloc_asprintf(tmp_ctx, "HOST/%s",
+ service_principal_name[1] = talloc_asprintf(msg, "HOST/%s",
r->in.netbios_name);
for (i=0; i < ARRAY_SIZE(service_principal_name); i++) {
@@ -295,7 +295,8 @@ static NTSTATUS libnet_JoinADSDomain(struct libnet_context
*ctx, struct libnet_J
talloc_free(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
- rtn = samdb_msg_add_string(remote_ldb, tmp_ctx, msg,
"servicePrincipalName", service_principal_name[i]);
+ rtn = ldb_msg_add_string(msg, "servicePrincipalName",
+ service_principal_name[i]);
if (rtn != LDB_SUCCESS) {
r->out.error_string = NULL;
talloc_free(tmp_ctx);
@@ -303,8 +304,7 @@ static NTSTATUS libnet_JoinADSDomain(struct libnet_context
*ctx, struct libnet_J
}
}
- rtn = samdb_msg_add_string(remote_ldb, tmp_ctx, msg,
- "dNSHostName", dns_host_name);
+ rtn = ldb_msg_add_string(msg, "dNSHostName", dns_host_name);
if (rtn != LDB_SUCCESS) {
r->out.error_string = NULL;
talloc_free(tmp_ctx);
diff --git a/source4/libnet/libnet_samsync_ldb.c
b/source4/libnet/libnet_samsync_ldb.c
index bdeced8..9626341 100644
--- a/source4/libnet/libnet_samsync_ldb.c
+++ b/source4/libnet/libnet_samsync_ldb.c
@@ -652,6 +652,7 @@ static NTSTATUS samsync_ldb_handle_group_member(TALLOC_CTX
*mem_ctx,
struct ldb_message **msgs;
int ret;
const char *attrs[] = { NULL };
+ const char *str_dn;
uint32_t i;
msg = ldb_msg_new(mem_ctx);
@@ -696,7 +697,10 @@ static NTSTATUS samsync_ldb_handle_group_member(TALLOC_CTX
*mem_ctx,
} else if (ret > 1) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
} else {
- samdb_msg_add_string(state->sam_ldb, mem_ctx, msg,
"member", ldb_dn_alloc_linearized(mem_ctx, msgs[0]->dn));
+ str_dn = ldb_dn_alloc_linearized(msg, msgs[0]->dn);
+ NT_STATUS_HAVE_NO_MEMORY(str_dn);
+ ret = ldb_msg_add_string(msg, "member", str_dn);
+ if (ret != LDB_SUCCESS) return NT_STATUS_NO_MEMORY;
}
talloc_free(msgs);
@@ -893,6 +897,7 @@ static NTSTATUS samsync_ldb_handle_alias_member(TALLOC_CTX
*mem_ctx,
for (i=0; i<alias_member->sids.num_sids; i++) {
struct ldb_dn *alias_member_dn;
+ const char *str_dn;
/* search for members, in the top basedn (normal users are
builtin aliases) */
ret = gendb_search(state->sam_ldb, mem_ctx,
state->base_dn[SAM_DATABASE_DOMAIN], &msgs, attrs,
"(objectSid=%s)",
@@ -915,7 +920,10 @@ static NTSTATUS samsync_ldb_handle_alias_member(TALLOC_CTX
*mem_ctx,
} else {
alias_member_dn = msgs[0]->dn;
}
- samdb_msg_add_string(state->sam_ldb, mem_ctx, msg, "member",
ldb_dn_alloc_linearized(mem_ctx, alias_member_dn));
+ str_dn = ldb_dn_alloc_linearized(msg, alias_member_dn);
+ NT_STATUS_HAVE_NO_MEMORY(str_dn);
+ ret = ldb_msg_add_string(msg, "member", str_dn);
+ if (ret != LDB_SUCCESS) return NT_STATUS_NO_MEMORY;
talloc_free(msgs);
}
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c
b/source4/rpc_server/lsa/dcesrv_lsa.c
index 4cb5da2..c1986b4 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -2869,9 +2869,7 @@ static NTSTATUS dcesrv_lsa_CreateSecret(struct
dcesrv_call_state *dce_call, TALL
}
secret_state = talloc(mem_ctx, struct lsa_secret_state);
- if (!secret_state) {
- return NT_STATUS_NO_MEMORY;
- }
+ NT_STATUS_HAVE_NO_MEMORY(secret_state);
secret_state->policy = policy_state;
msg = ldb_msg_new(mem_ctx);
@@ -2881,17 +2879,25 @@ static NTSTATUS dcesrv_lsa_CreateSecret(struct
dcesrv_call_state *dce_call, TALL
if (strncmp("G$", r->in.name.string, 2) == 0) {
const char *name2;
- name = &r->in.name.string[2];
- /* We need to connect to the database as system, as
this is one of the rare RPC calls that must read the secrets (and this is
denied otherwise) */
- secret_state->sam_ldb = talloc_reference(secret_state,
- samdb_connect(mem_ctx,
dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx,
system_session(dce_call->conn->dce_ctx->lp_ctx), 0));
+
secret_state->global = true;
- if (strlen(name) < 1) {
+ name = &r->in.name.string[2];
+ if (strlen(name) == 0) {
return NT_STATUS_INVALID_PARAMETER;
}
- name2 = talloc_asprintf(mem_ctx, "%s Secret",
ldb_binary_encode_string(mem_ctx, name));
+ name2 = talloc_asprintf(mem_ctx, "%s Secret",
+ ldb_binary_encode_string(mem_ctx,
name));
+ NT_STATUS_HAVE_NO_MEMORY(name2);
+
+ /* We need to connect to the database as system, as this is one
+ * of the rare RPC calls that must read the secrets (and this
+ * is denied otherwise) */
+ secret_state->sam_ldb = talloc_reference(secret_state,
+ samdb_connect(mem_ctx,
dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx,
system_session(dce_call->conn->dce_ctx->lp_ctx), 0));
+ NT_STATUS_HAVE_NO_MEMORY(secret_state->sam_ldb);
+
/* search for the secret record */
ret = gendb_search(secret_state->sam_ldb,
mem_ctx, policy_state->system_dn, &msgs,
attrs,
@@ -2908,22 +2914,25 @@ static NTSTATUS dcesrv_lsa_CreateSecret(struct
dcesrv_call_state *dce_call, TALL
}
msg->dn = ldb_dn_copy(mem_ctx, policy_state->system_dn);
- if (!name2 || ! ldb_dn_add_child_fmt(msg->dn, "cn=%s", name2)) {
+ NT_STATUS_HAVE_NO_MEMORY(msg->dn);
+ if (!ldb_dn_add_child_fmt(msg->dn, "cn=%s", name2)) {
return NT_STATUS_NO_MEMORY;
}
-
- samdb_msg_add_string(secret_state->sam_ldb, mem_ctx, msg, "cn",
name2);
-
+
+ ret = ldb_msg_add_string(msg, "cn", name2);
+ if (ret != LDB_SUCCESS) return NT_STATUS_NO_MEMORY;
} else {
secret_state->global = false;
name = r->in.name.string;
- if (strlen(name) < 1) {
+ if (strlen(name) == 0) {
return NT_STATUS_INVALID_PARAMETER;
}
secret_state->sam_ldb = talloc_reference(secret_state,
secrets_db_connect(mem_ctx, dce_call->conn->dce_ctx->lp_ctx));
+ NT_STATUS_HAVE_NO_MEMORY(secret_state->sam_ldb);
+
/* search for the secret record */
ret = gendb_search(secret_state->sam_ldb, mem_ctx,
ldb_dn_new(mem_ctx, secret_state->sam_ldb,
"cn=LSA Secrets"),
@@ -2940,13 +2949,19 @@ static NTSTATUS dcesrv_lsa_CreateSecret(struct
dcesrv_call_state *dce_call, TALL
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
- msg->dn = ldb_dn_new_fmt(mem_ctx, secret_state->sam_ldb,
"cn=%s,cn=LSA Secrets", name);
- samdb_msg_add_string(secret_state->sam_ldb, mem_ctx, msg, "cn",
name);
+ msg->dn = ldb_dn_new_fmt(mem_ctx, secret_state->sam_ldb,
+ "cn=%s,cn=LSA Secrets", name);
+ NT_STATUS_HAVE_NO_MEMORY(msg->dn);
+ ret = ldb_msg_add_string(msg, "cn", name);
+ if (ret != LDB_SUCCESS) return NT_STATUS_NO_MEMORY;
}
- samdb_msg_add_string(secret_state->sam_ldb, mem_ctx, msg,
"objectClass", "secret");
+ ret = samdb_msg_add_string(secret_state->sam_ldb, mem_ctx, msg,
+ "objectClass", "secret");
+ if (ret != LDB_SUCCESS) return NT_STATUS_NO_MEMORY;
secret_state->secret_dn = talloc_reference(secret_state, msg->dn);
+ NT_STATUS_HAVE_NO_MEMORY(secret_state->secret_dn);
/* create the secret */
ret = ldb_add(secret_state->sam_ldb, msg);
@@ -2958,14 +2973,13 @@ static NTSTATUS dcesrv_lsa_CreateSecret(struct
dcesrv_call_state *dce_call, TALL
}
handle = dcesrv_handle_new(dce_call->context, LSA_HANDLE_SECRET);
- if (!handle) {
- return NT_STATUS_NO_MEMORY;
- }
-
+ NT_STATUS_HAVE_NO_MEMORY(handle);
+
handle->data = talloc_steal(handle, secret_state);
secret_state->access_mask = r->in.access_mask;
secret_state->policy = talloc_reference(secret_state, policy_state);
+ NT_STATUS_HAVE_NO_MEMORY(secret_state->policy);
*r->out.sec_handle = handle->wire_handle;
--
Samba Shared Repository
