The branch, master has been updated via aebc90f s4:lsa RPC server - "dcesrv_lsa_CreateSecret" - a bit of rework via 025aa3f s4:libnet/libnet_samsync_ldb,c - move away from "samdb_msg_add_string" when possible via d14e0e8 s4:libnet_JoinADSDomain - move away from "samdb_msg_add_string" from 189b4bc s3-waf: add krb5 configure check for WRFILE_KEYTAB.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit aebc90f97417f71ffd1aacd339b34cdee096c15e Author: Matthias Dieter Wallnöfer <m...@samba.org> Date: Fri Dec 3 20:38:03 2010 +0100 s4:lsa RPC server - "dcesrv_lsa_CreateSecret" - a bit of rework - Added 'out of memory' checks - Added checks regarding return values - Switch to "ldb_msg_add_string" where possible Autobuild-User: Matthias Dieter Wallnöfer <m...@samba.org> Autobuild-Date: Fri Dec 3 21:41:39 CET 2010 on sn-devel-104 commit 025aa3f0532b6853569ac2a8eb9b4b37ff72b981 Author: Matthias Dieter Wallnöfer <m...@samba.org> Date: Fri Dec 3 20:20:17 2010 +0100 s4:libnet/libnet_samsync_ldb,c - move away from "samdb_msg_add_string" when possible Also here we can move to "ldb_msg_add_string" without any impact! commit d14e0e8ff1e3f9144bf815daec9eb292879a97ca Author: Matthias Dieter Wallnöfer <m...@samba.org> Date: Fri Dec 3 20:09:31 2010 +0100 s4:libnet_JoinADSDomain - move away from "samdb_msg_add_string" These calls can be substituted by "ldb_msg_add_string" without any problems - only the allocation contexts of the SPNs and the DNS hostnames have to adapted. ----------------------------------------------------------------------- Summary of changes: source4/libnet/libnet_join.c | 14 ++++---- source4/libnet/libnet_samsync_ldb.c | 12 ++++++- source4/rpc_server/lsa/dcesrv_lsa.c | 56 ++++++++++++++++++++++------------- 3 files changed, 52 insertions(+), 30 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/libnet/libnet_join.c b/source4/libnet/libnet_join.c index 6077de9..1b485e7 100644 --- a/source4/libnet/libnet_join.c +++ b/source4/libnet/libnet_join.c @@ -272,8 +272,8 @@ static NTSTATUS libnet_JoinADSDomain(struct libnet_context *ctx, struct libnet_J { unsigned int i; const char *service_principal_name[2]; - const char *dns_host_name = strlower_talloc(tmp_ctx, - talloc_asprintf(tmp_ctx, + const char *dns_host_name = strlower_talloc(msg, + talloc_asprintf(msg, "%s.%s", r->in.netbios_name, realm)); @@ -284,9 +284,9 @@ static NTSTATUS libnet_JoinADSDomain(struct libnet_context *ctx, struct libnet_J return NT_STATUS_NO_MEMORY; } - service_principal_name[0] = talloc_asprintf(tmp_ctx, "HOST/%s", + service_principal_name[0] = talloc_asprintf(msg, "HOST/%s", dns_host_name); - service_principal_name[1] = talloc_asprintf(tmp_ctx, "HOST/%s", + service_principal_name[1] = talloc_asprintf(msg, "HOST/%s", r->in.netbios_name); for (i=0; i < ARRAY_SIZE(service_principal_name); i++) { @@ -295,7 +295,8 @@ static NTSTATUS libnet_JoinADSDomain(struct libnet_context *ctx, struct libnet_J talloc_free(tmp_ctx); return NT_STATUS_NO_MEMORY; } - rtn = samdb_msg_add_string(remote_ldb, tmp_ctx, msg, "servicePrincipalName", service_principal_name[i]); + rtn = ldb_msg_add_string(msg, "servicePrincipalName", + service_principal_name[i]); if (rtn != LDB_SUCCESS) { r->out.error_string = NULL; talloc_free(tmp_ctx); @@ -303,8 +304,7 @@ static NTSTATUS libnet_JoinADSDomain(struct libnet_context *ctx, struct libnet_J } } - rtn = samdb_msg_add_string(remote_ldb, tmp_ctx, msg, - "dNSHostName", dns_host_name); + rtn = ldb_msg_add_string(msg, "dNSHostName", dns_host_name); if (rtn != LDB_SUCCESS) { r->out.error_string = NULL; talloc_free(tmp_ctx); diff --git a/source4/libnet/libnet_samsync_ldb.c b/source4/libnet/libnet_samsync_ldb.c index bdeced8..9626341 100644 --- a/source4/libnet/libnet_samsync_ldb.c +++ b/source4/libnet/libnet_samsync_ldb.c @@ -652,6 +652,7 @@ static NTSTATUS samsync_ldb_handle_group_member(TALLOC_CTX *mem_ctx, struct ldb_message **msgs; int ret; const char *attrs[] = { NULL }; + const char *str_dn; uint32_t i; msg = ldb_msg_new(mem_ctx); @@ -696,7 +697,10 @@ static NTSTATUS samsync_ldb_handle_group_member(TALLOC_CTX *mem_ctx, } else if (ret > 1) { return NT_STATUS_INTERNAL_DB_CORRUPTION; } else { - samdb_msg_add_string(state->sam_ldb, mem_ctx, msg, "member", ldb_dn_alloc_linearized(mem_ctx, msgs[0]->dn)); + str_dn = ldb_dn_alloc_linearized(msg, msgs[0]->dn); + NT_STATUS_HAVE_NO_MEMORY(str_dn); + ret = ldb_msg_add_string(msg, "member", str_dn); + if (ret != LDB_SUCCESS) return NT_STATUS_NO_MEMORY; } talloc_free(msgs); @@ -893,6 +897,7 @@ static NTSTATUS samsync_ldb_handle_alias_member(TALLOC_CTX *mem_ctx, for (i=0; i<alias_member->sids.num_sids; i++) { struct ldb_dn *alias_member_dn; + const char *str_dn; /* search for members, in the top basedn (normal users are builtin aliases) */ ret = gendb_search(state->sam_ldb, mem_ctx, state->base_dn[SAM_DATABASE_DOMAIN], &msgs, attrs, "(objectSid=%s)", @@ -915,7 +920,10 @@ static NTSTATUS samsync_ldb_handle_alias_member(TALLOC_CTX *mem_ctx, } else { alias_member_dn = msgs[0]->dn; } - samdb_msg_add_string(state->sam_ldb, mem_ctx, msg, "member", ldb_dn_alloc_linearized(mem_ctx, alias_member_dn)); + str_dn = ldb_dn_alloc_linearized(msg, alias_member_dn); + NT_STATUS_HAVE_NO_MEMORY(str_dn); + ret = ldb_msg_add_string(msg, "member", str_dn); + if (ret != LDB_SUCCESS) return NT_STATUS_NO_MEMORY; talloc_free(msgs); } diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c index 4cb5da2..c1986b4 100644 --- a/source4/rpc_server/lsa/dcesrv_lsa.c +++ b/source4/rpc_server/lsa/dcesrv_lsa.c @@ -2869,9 +2869,7 @@ static NTSTATUS dcesrv_lsa_CreateSecret(struct dcesrv_call_state *dce_call, TALL } secret_state = talloc(mem_ctx, struct lsa_secret_state); - if (!secret_state) { - return NT_STATUS_NO_MEMORY; - } + NT_STATUS_HAVE_NO_MEMORY(secret_state); secret_state->policy = policy_state; msg = ldb_msg_new(mem_ctx); @@ -2881,17 +2879,25 @@ static NTSTATUS dcesrv_lsa_CreateSecret(struct dcesrv_call_state *dce_call, TALL if (strncmp("G$", r->in.name.string, 2) == 0) { const char *name2; - name = &r->in.name.string[2]; - /* We need to connect to the database as system, as this is one of the rare RPC calls that must read the secrets (and this is denied otherwise) */ - secret_state->sam_ldb = talloc_reference(secret_state, - samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, system_session(dce_call->conn->dce_ctx->lp_ctx), 0)); + secret_state->global = true; - if (strlen(name) < 1) { + name = &r->in.name.string[2]; + if (strlen(name) == 0) { return NT_STATUS_INVALID_PARAMETER; } - name2 = talloc_asprintf(mem_ctx, "%s Secret", ldb_binary_encode_string(mem_ctx, name)); + name2 = talloc_asprintf(mem_ctx, "%s Secret", + ldb_binary_encode_string(mem_ctx, name)); + NT_STATUS_HAVE_NO_MEMORY(name2); + + /* We need to connect to the database as system, as this is one + * of the rare RPC calls that must read the secrets (and this + * is denied otherwise) */ + secret_state->sam_ldb = talloc_reference(secret_state, + samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, system_session(dce_call->conn->dce_ctx->lp_ctx), 0)); + NT_STATUS_HAVE_NO_MEMORY(secret_state->sam_ldb); + /* search for the secret record */ ret = gendb_search(secret_state->sam_ldb, mem_ctx, policy_state->system_dn, &msgs, attrs, @@ -2908,22 +2914,25 @@ static NTSTATUS dcesrv_lsa_CreateSecret(struct dcesrv_call_state *dce_call, TALL } msg->dn = ldb_dn_copy(mem_ctx, policy_state->system_dn); - if (!name2 || ! ldb_dn_add_child_fmt(msg->dn, "cn=%s", name2)) { + NT_STATUS_HAVE_NO_MEMORY(msg->dn); + if (!ldb_dn_add_child_fmt(msg->dn, "cn=%s", name2)) { return NT_STATUS_NO_MEMORY; } - - samdb_msg_add_string(secret_state->sam_ldb, mem_ctx, msg, "cn", name2); - + + ret = ldb_msg_add_string(msg, "cn", name2); + if (ret != LDB_SUCCESS) return NT_STATUS_NO_MEMORY; } else { secret_state->global = false; name = r->in.name.string; - if (strlen(name) < 1) { + if (strlen(name) == 0) { return NT_STATUS_INVALID_PARAMETER; } secret_state->sam_ldb = talloc_reference(secret_state, secrets_db_connect(mem_ctx, dce_call->conn->dce_ctx->lp_ctx)); + NT_STATUS_HAVE_NO_MEMORY(secret_state->sam_ldb); + /* search for the secret record */ ret = gendb_search(secret_state->sam_ldb, mem_ctx, ldb_dn_new(mem_ctx, secret_state->sam_ldb, "cn=LSA Secrets"), @@ -2940,13 +2949,19 @@ static NTSTATUS dcesrv_lsa_CreateSecret(struct dcesrv_call_state *dce_call, TALL return NT_STATUS_INTERNAL_DB_CORRUPTION; } - msg->dn = ldb_dn_new_fmt(mem_ctx, secret_state->sam_ldb, "cn=%s,cn=LSA Secrets", name); - samdb_msg_add_string(secret_state->sam_ldb, mem_ctx, msg, "cn", name); + msg->dn = ldb_dn_new_fmt(mem_ctx, secret_state->sam_ldb, + "cn=%s,cn=LSA Secrets", name); + NT_STATUS_HAVE_NO_MEMORY(msg->dn); + ret = ldb_msg_add_string(msg, "cn", name); + if (ret != LDB_SUCCESS) return NT_STATUS_NO_MEMORY; } - samdb_msg_add_string(secret_state->sam_ldb, mem_ctx, msg, "objectClass", "secret"); + ret = samdb_msg_add_string(secret_state->sam_ldb, mem_ctx, msg, + "objectClass", "secret"); + if (ret != LDB_SUCCESS) return NT_STATUS_NO_MEMORY; secret_state->secret_dn = talloc_reference(secret_state, msg->dn); + NT_STATUS_HAVE_NO_MEMORY(secret_state->secret_dn); /* create the secret */ ret = ldb_add(secret_state->sam_ldb, msg); @@ -2958,14 +2973,13 @@ static NTSTATUS dcesrv_lsa_CreateSecret(struct dcesrv_call_state *dce_call, TALL } handle = dcesrv_handle_new(dce_call->context, LSA_HANDLE_SECRET); - if (!handle) { - return NT_STATUS_NO_MEMORY; - } - + NT_STATUS_HAVE_NO_MEMORY(handle); + handle->data = talloc_steal(handle, secret_state); secret_state->access_mask = r->in.access_mask; secret_state->policy = talloc_reference(secret_state, policy_state); + NT_STATUS_HAVE_NO_MEMORY(secret_state->policy); *r->out.sec_handle = handle->wire_handle; -- Samba Shared Repository