[SCM] Samba Shared Repository - branch v3-2-test updated -
initial-v3-2-unstable-316-g0076045
Jeremy Allison
jra at samba.org
Thu Nov 15 00:06:22 GMT 2007
The branch, v3-2-test has been updated
via 00760451b6c2b65f3a8a9187789ca4f270b622a2 (commit)
from 72c19d114b40ee307bbe45d9828667165a26d7a3 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test
- Log -----------------------------------------------------------------
commit 00760451b6c2b65f3a8a9187789ca4f270b622a2
Author: Jeremy Allison <jra at samba.org>
Date: Wed Nov 14 16:05:42 2007 -0800
Remove smbldap_get_single_pstring() and all pstrings
from pdb_ldap.c. I don't have an LDAP passdb setup here,
so I'm going to need some help on testing this.
Jeremy.
-----------------------------------------------------------------------
Summary of changes:
source/lib/smbldap.c | 8 -
source/lib/util_str.c | 26 +-
source/passdb/passdb.c | 2 +-
source/passdb/pdb_ldap.c | 1263 +++++++++++++++++++++++++++++-----------------
4 files changed, 825 insertions(+), 474 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/lib/smbldap.c b/source/lib/smbldap.c
index 6f9ecb1..662a5a9 100644
--- a/source/lib/smbldap.c
+++ b/source/lib/smbldap.c
@@ -292,14 +292,6 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = {
return True;
}
- bool smbldap_get_single_pstring (LDAP * ldap_struct, LDAPMessage * entry,
- const char *attribute, pstring value)
-{
- return smbldap_get_single_attribute(ldap_struct, entry,
- attribute, value,
- sizeof(pstring));
-}
-
char * smbldap_talloc_single_attribute(LDAP *ldap_struct, LDAPMessage *entry,
const char *attribute,
TALLOC_CTX *mem_ctx)
diff --git a/source/lib/util_str.c b/source/lib/util_str.c
index 6d429e3..68b06a6 100644
--- a/source/lib/util_str.c
+++ b/source/lib/util_str.c
@@ -1187,14 +1187,17 @@ void pstring_sub(char *s,const char *pattern,const char *insert)
}
/**
- Similar to string_sub, but it will accept only allocated strings
+ Similar to string_sub2, but it will accept only allocated strings
and may realloc them so pay attention at what you pass on no
pointers inside strings, no pstrings or const may be passed
as string.
**/
-char *realloc_string_sub(char *string, const char *pattern,
- const char *insert)
+char *realloc_string_sub2(char *string,
+ const char *pattern,
+ const char *insert,
+ bool remove_unsafe_characters,
+ bool allow_trailing_dollar)
{
char *p, *in;
char *s;
@@ -1221,10 +1224,18 @@ char *realloc_string_sub(char *string, const char *pattern,
case '\'':
case ';':
case '$':
+ /* allow a trailing $
+ * (as in machine accounts) */
+ if (allow_trailing_dollar && (i == li - 1 )) {
+ break;
+ }
case '%':
case '\r':
case '\n':
- in[i] = '_';
+ if ( remove_unsafe_characters ) {
+ in[i] = '_';
+ break;
+ }
default:
/* ok */
break;
@@ -1254,6 +1265,13 @@ char *realloc_string_sub(char *string, const char *pattern,
return string;
}
+char *realloc_string_sub(char *string,
+ const char *pattern,
+ const char *insert)
+{
+ return realloc_string_sub2(string, pattern, insert, true, false);
+}
+
/*
* Internal guts of talloc_string_sub and talloc_all_string_sub.
* 'filter' differentiates between them.
diff --git a/source/passdb/passdb.c b/source/passdb/passdb.c
index e1e5967..a9dd90e 100644
--- a/source/passdb/passdb.c
+++ b/source/passdb/passdb.c
@@ -340,7 +340,7 @@ uint32 pdb_decode_acct_ctrl(const char *p)
Routine to set 32 hex password characters from a 16 byte array.
**************************************************************/
-void pdb_sethexpwd(char *p, const unsigned char *pwd, uint32 acct_ctrl)
+void pdb_sethexpwd(char p[33], const unsigned char *pwd, uint32 acct_ctrl)
{
if (pwd != NULL) {
int i;
diff --git a/source/passdb/pdb_ldap.c b/source/passdb/pdb_ldap.c
index 0c60e3f..a3637bf 100644
--- a/source/passdb/pdb_ldap.c
+++ b/source/passdb/pdb_ldap.c
@@ -193,7 +193,7 @@ static NTSTATUS ldapsam_get_seq_num(struct pdb_methods *my_methods, time_t *seq_
TALLOC_CTX *mem_ctx;
char **values = NULL;
int rc, num_result, num_values, rid;
- pstring suffix;
+ char *suffix = NULL;
fstring tok;
const char *p;
const char **attrs;
@@ -239,16 +239,25 @@ static NTSTATUS ldapsam_get_seq_num(struct pdb_methods *my_methods, time_t *seq_
/* csn=20050126161620Z#0000001#00#00000 */
attrs[0] = talloc_strdup(mem_ctx, "syncreplCookie");
attrs[1] = NULL;
- pstr_sprintf( suffix, "cn=syncrepl%d,%s", rid, lp_ldap_suffix());
-
+ suffix = talloc_asprintf(mem_ctx,
+ "cn=syncrepl%d,%s", rid, lp_ldap_suffix());
+ if (!suffix) {
+ ntstatus = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
} else {
/* provider contextCSN */
/* 20050126161620Z#000009#00#000000 */
attrs[0] = talloc_strdup(mem_ctx, "contextCSN");
attrs[1] = NULL;
- pstr_sprintf( suffix, "cn=ldapsync,%s", lp_ldap_suffix());
+ suffix = talloc_asprintf(mem_ctx,
+ "cn=ldapsync,%s", lp_ldap_suffix());
+ if (!suffix) {
+ ntstatus = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
}
rc = smbldap_search(ldap_state->smbldap_state, suffix,
@@ -320,13 +329,14 @@ static NTSTATUS ldapsam_get_seq_num(struct pdb_methods *my_methods, time_t *seq_
Run the search by name.
******************************************************************/
-int ldapsam_search_suffix_by_name(struct ldapsam_privates *ldap_state,
+int ldapsam_search_suffix_by_name(struct ldapsam_privates *ldap_state,
const char *user,
LDAPMessage ** result,
const char **attr)
{
- pstring filter;
+ char *filter = NULL;
char *escape_user = escape_ldap_string_alloc(user);
+ int ret = -1;
if (!escape_user) {
return LDAP_NO_MEMORY;
@@ -336,37 +346,49 @@ int ldapsam_search_suffix_by_name(struct ldapsam_privates *ldap_state,
* in the filter expression, replace %u with the real name
* so in ldap filter, %u MUST exist :-)
*/
- pstr_sprintf(filter, "(&%s%s)", "(uid=%u)",
+ filter = talloc_asprintf(talloc_tos(), "(&%s%s)", "(uid=%u)",
get_objclass_filter(ldap_state->schema_ver));
-
- /*
+ if (!filter) {
+ return LDAP_NO_MEMORY;
+ }
+ /*
* have to use this here because $ is filtered out
- * in pstring_sub
+ * in string_sub
*/
-
- all_string_sub(filter, "%u", escape_user, sizeof(pstring));
+ filter = talloc_all_string_sub(talloc_tos(),
+ filter, "%u", escape_user);
+ if (!filter) {
+ return LDAP_NO_MEMORY;
+ }
SAFE_FREE(escape_user);
- return smbldap_search_suffix(ldap_state->smbldap_state, filter, attr, result);
+ ret = smbldap_search_suffix(ldap_state->smbldap_state,
+ filter, attr, result);
+ TALLOC_FREE(filter);
+ return ret;
}
/*******************************************************************
Run the search by rid.
******************************************************************/
-static int ldapsam_search_suffix_by_rid (struct ldapsam_privates *ldap_state,
- uint32 rid, LDAPMessage ** result,
+static int ldapsam_search_suffix_by_rid (struct ldapsam_privates *ldap_state,
+ uint32 rid, LDAPMessage ** result,
const char **attr)
{
- pstring filter;
+ char *filter = NULL;
int rc;
- pstr_sprintf(filter, "(&(rid=%i)%s)", rid,
+ filter = talloc_asprintf(talloc_tos(), "(&(rid=%i)%s)", rid,
get_objclass_filter(ldap_state->schema_ver));
-
- rc = smbldap_search_suffix(ldap_state->smbldap_state, filter, attr, result);
-
+ if (!filter) {
+ return LDAP_NO_MEMORY;
+ }
+
+ rc = smbldap_search_suffix(ldap_state->smbldap_state,
+ filter, attr, result);
+ TALLOC_FREE(filter);
return rc;
}
@@ -374,21 +396,27 @@ static int ldapsam_search_suffix_by_rid (struct ldapsam_privates *ldap_state,
Run the search by SID.
******************************************************************/
-static int ldapsam_search_suffix_by_sid (struct ldapsam_privates *ldap_state,
- const DOM_SID *sid, LDAPMessage ** result,
- const char **attr)
+static int ldapsam_search_suffix_by_sid (struct ldapsam_privates *ldap_state,
+ const DOM_SID *sid, LDAPMessage ** result,
+ const char **attr)
{
- pstring filter;
+ char *filter = NULL;
int rc;
fstring sid_string;
- pstr_sprintf(filter, "(&(%s=%s)%s)",
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_USER_SID),
- sid_to_string(sid_string, sid),
+ filter = talloc_asprintf(talloc_tos(), "(&(%s=%s)%s)",
+ get_userattr_key2string(ldap_state->schema_ver,
+ LDAP_ATTR_USER_SID),
+ sid_to_string(sid_string, sid),
get_objclass_filter(ldap_state->schema_ver));
-
- rc = smbldap_search_suffix(ldap_state->smbldap_state, filter, attr, result);
-
+ if (!filter) {
+ return LDAP_NO_MEMORY;
+ }
+
+ rc = smbldap_search_suffix(ldap_state->smbldap_state,
+ filter, attr, result);
+
+ TALLOC_FREE(filter);
return rc;
}
@@ -441,28 +469,32 @@ static int ldapsam_delete_entry(struct ldapsam_privates *priv,
if (ptr != NULL) {
ber_free(ptr, 0);
}
-
+
smbldap_set_mod(&mods, LDAP_MOD_DELETE, "objectClass", objectclass);
talloc_autofree_ldapmod(mem_ctx, mods);
-
+
return smbldap_modify(priv->smbldap_state, dn, mods);
}
-
+
static time_t ldapsam_get_entry_timestamp( struct ldapsam_privates *ldap_state, LDAPMessage * entry)
{
- pstring temp;
+ char *temp;
struct tm tm;
- if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry,
+ temp = smbldap_talloc_single_attribute(ldap_state->smbldap_state->ldap_struct, entry,
get_userattr_key2string(ldap_state->schema_ver,LDAP_ATTR_MOD_TIMESTAMP),
- temp))
+ talloc_tos());
+ if (!temp) {
return (time_t) 0;
+ }
if ( !strptime(temp, "%Y%m%d%H%M%SZ", &tm)) {
DEBUG(2,("ldapsam_get_entry_timestamp: strptime failed on: %s\n",
(char*)temp));
+ TALLOC_FREE(temp);
return (time_t) 0;
}
+ TALLOC_FREE(temp);
tzset();
return timegm(&tm);
}
@@ -472,100 +504,104 @@ static time_t ldapsam_get_entry_timestamp( struct ldapsam_privates *ldap_state,
(Based on init_sam_from_buffer in pdb_tdb.c)
*********************************************************************/
-static bool init_sam_from_ldap(struct ldapsam_privates *ldap_state,
+static bool init_sam_from_ldap(struct ldapsam_privates *ldap_state,
struct samu * sampass,
LDAPMessage * entry)
{
time_t logon_time,
logoff_time,
kickoff_time,
- pass_last_set_time,
- pass_can_change_time,
+ pass_last_set_time,
+ pass_can_change_time,
pass_must_change_time,
ldap_entry_time,
bad_password_time;
- pstring username,
- domain,
- nt_username,
- fullname,
- homedir,
- dir_drive,
- logon_script,
- profile_path,
- acct_desc,
- workstations;
- char munged_dial[2048];
- uint32 user_rid;
+ char *username = NULL,
+ *domain = NULL,
+ *nt_username = NULL,
+ *fullname = NULL,
+ *homedir = NULL,
+ *dir_drive = NULL,
+ *logon_script = NULL,
+ *profile_path = NULL,
+ *acct_desc = NULL,
+ *workstations = NULL,
+ *munged_dial = NULL;
+ uint32 user_rid;
uint8 smblmpwd[LM_HASH_LEN],
smbntpwd[NT_HASH_LEN];
bool use_samba_attrs = True;
uint32 acct_ctrl = 0;
uint16 logon_divs;
- uint16 bad_password_count = 0,
+ uint16 bad_password_count = 0,
logon_count = 0;
uint32 hours_len;
uint8 hours[MAX_HOURS_LEN];
- pstring temp;
+ char *temp = NULL;
LOGIN_CACHE *cache_entry = NULL;
uint32 pwHistLen;
- pstring tmpstring;
bool expand_explicit = lp_passdb_expand_explicit();
+ bool ret = false;
+ TALLOC_CTX *ctx = talloc_init("init_sam_from_ldap");
- /*
- * do a little initialization
- */
- username[0] = '\0';
- domain[0] = '\0';
- nt_username[0] = '\0';
- fullname[0] = '\0';
- homedir[0] = '\0';
- dir_drive[0] = '\0';
- logon_script[0] = '\0';
- profile_path[0] = '\0';
- acct_desc[0] = '\0';
- munged_dial[0] = '\0';
- workstations[0] = '\0';
-
-
+ if (!ctx) {
+ return false;
+ }
if (sampass == NULL || ldap_state == NULL || entry == NULL) {
DEBUG(0, ("init_sam_from_ldap: NULL parameters found!\n"));
- return False;
+ goto fn_exit;
}
if (priv2ld(ldap_state) == NULL) {
DEBUG(0, ("init_sam_from_ldap: ldap_state->smbldap_state->"
"ldap_struct is NULL!\n"));
- return False;
+ goto fn_exit;
}
-
- if (!smbldap_get_single_pstring(priv2ld(ldap_state), entry, "uid",
- username)) {
+
+ if (!(username = smbldap_talloc_single_attribute(priv2ld(ldap_state),
+ entry,
+ "uid",
+ ctx))) {
DEBUG(1, ("init_sam_from_ldap: No uid attribute found for "
"this user!\n"));
- return False;
+ goto fn_exit;
}
DEBUG(2, ("init_sam_from_ldap: Entry found for user: %s\n", username));
- pstrcpy(nt_username, username);
+ nt_username = talloc_strdup(ctx, username);
+ if (!nt_username) {
+ goto fn_exit;
+ }
+
+ domain = talloc_strdup(ctx, ldap_state->domain_name);
+ if (!domain) {
+ goto fn_exit;
+ }
- pstrcpy(domain, ldap_state->domain_name);
-
pdb_set_username(sampass, username, PDB_SET);
pdb_set_domain(sampass, domain, PDB_DEFAULT);
pdb_set_nt_username(sampass, nt_username, PDB_SET);
/* deal with different attributes between the schema first */
-
+
if ( ldap_state->schema_ver == SCHEMAVER_SAMBASAMACCOUNT ) {
- if (smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_USER_SID), temp)) {
+ if ((temp = smbldap_talloc_single_attribute(
+ ldap_state->smbldap_state->ldap_struct,
+ entry,
+ get_userattr_key2string(ldap_state->schema_ver,
+ LDAP_ATTR_USER_SID),
+ ctx))!=NULL) {
pdb_set_user_sid_from_string(sampass, temp, PDB_SET);
}
} else {
- if (smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_USER_RID), temp)) {
+ if ((temp = smbldap_talloc_single_attribute(
+ ldap_state->smbldap_state->ldap_struct,
+ entry,
+ get_userattr_key2string(ldap_state->schema_ver,
+ LDAP_ATTR_USER_RID),
+ ctx))!=NULL) {
user_rid = (uint32)atol(temp);
pdb_set_user_sid_from_rid(sampass, user_rid, PDB_SET);
}
@@ -573,58 +609,81 @@ static bool init_sam_from_ldap(struct ldapsam_privates *ldap_state,
if (pdb_get_init_flags(sampass,PDB_USERSID) == PDB_DEFAULT) {
DEBUG(1, ("init_sam_from_ldap: no %s or %s attribute found for this user %s\n",
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_USER_SID),
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_USER_RID),
+ get_userattr_key2string(ldap_state->schema_ver,
+ LDAP_ATTR_USER_SID),
+ get_userattr_key2string(ldap_state->schema_ver,
+ LDAP_ATTR_USER_RID),
username));
return False;
}
- if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PWD_LAST_SET), temp)) {
- /* leave as default */
- } else {
+ temp = smbldap_talloc_single_attribute(
+ ldap_state->smbldap_state->ldap_struct,
+ entry,
+ get_userattr_key2string(ldap_state->schema_ver,
+ LDAP_ATTR_PWD_LAST_SET),
+ ctx);
+ if (temp) {
pass_last_set_time = (time_t) atol(temp);
- pdb_set_pass_last_set_time(sampass, pass_last_set_time, PDB_SET);
+ pdb_set_pass_last_set_time(sampass,
+ pass_last_set_time, PDB_SET);
}
- if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LOGON_TIME), temp)) {
- /* leave as default */
- } else {
+ temp = smbldap_talloc_single_attribute(
+ ldap_state->smbldap_state->ldap_struct,
+ entry,
+ get_userattr_key2string(ldap_state->schema_ver,
+ LDAP_ATTR_LOGON_TIME),
+ ctx);
+ if (temp) {
logon_time = (time_t) atol(temp);
pdb_set_logon_time(sampass, logon_time, PDB_SET);
}
- if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LOGOFF_TIME), temp)) {
- /* leave as default */
- } else {
+ temp = smbldap_talloc_single_attribute(
+ ldap_state->smbldap_state->ldap_struct,
+ entry,
+ get_userattr_key2string(ldap_state->schema_ver,
+ LDAP_ATTR_LOGOFF_TIME),
+ ctx);
--
Samba Shared Repository
More information about the samba-cvs
mailing list