diff options
Diffstat (limited to 'source/passdb')
-rw-r--r-- | source/passdb/lookup_sid.c | 14 | ||||
-rw-r--r-- | source/passdb/pdb_ldap.c | 71 |
2 files changed, 73 insertions, 12 deletions
diff --git a/source/passdb/lookup_sid.c b/source/passdb/lookup_sid.c index 0b596fc8d7f..d76cc07ce1e 100644 --- a/source/passdb/lookup_sid.c +++ b/source/passdb/lookup_sid.c @@ -411,9 +411,15 @@ static BOOL wb_lookup_rids(TALLOC_CTX *mem_ctx, names[i] = ""; types[i] = SID_NAME_UNKNOWN; } + TALLOC_FREE(tmp_ctx); return True; } + if (!(*domain_name = talloc_strdup(mem_ctx, *domain_name))) { + TALLOC_FREE(tmp_ctx); + return False; + } + /* * winbind_lookup_rids allocates its own array. We've been given the * array, so copy it over @@ -1115,7 +1121,7 @@ void store_gid_sid_cache(const DOM_SID *psid, gid_t gid) *THE LEGACY* convert uid_t to SID function. *****************************************************************/ -void legacy_uid_to_sid(DOM_SID *psid, uid_t uid) +static void legacy_uid_to_sid(DOM_SID *psid, uid_t uid) { uint32 rid; BOOL ret; @@ -1149,7 +1155,7 @@ void legacy_uid_to_sid(DOM_SID *psid, uid_t uid) *THE LEGACY* convert gid_t to SID function. *****************************************************************/ -void legacy_gid_to_sid(DOM_SID *psid, gid_t gid) +static void legacy_gid_to_sid(DOM_SID *psid, gid_t gid) { BOOL ret; @@ -1180,7 +1186,7 @@ void legacy_gid_to_sid(DOM_SID *psid, gid_t gid) *THE LEGACY* convert SID to uid function. *****************************************************************/ -BOOL legacy_sid_to_uid(const DOM_SID *psid, uid_t *puid) +static BOOL legacy_sid_to_uid(const DOM_SID *psid, uid_t *puid) { enum lsa_SidType type; uint32 rid; @@ -1229,7 +1235,7 @@ done: Group mapping is used for gids that maps to Wellknown SIDs *****************************************************************/ -BOOL legacy_sid_to_gid(const DOM_SID *psid, gid_t *pgid) +static BOOL legacy_sid_to_gid(const DOM_SID *psid, gid_t *pgid) { uint32 rid; GROUP_MAP map; diff --git a/source/passdb/pdb_ldap.c b/source/passdb/pdb_ldap.c index 533b936efd9..c4c53c30664 100644 --- a/source/passdb/pdb_ldap.c +++ b/source/passdb/pdb_ldap.c @@ -2049,14 +2049,25 @@ static NTSTATUS ldapsam_add_sam_account(struct pdb_methods *my_methods, struct s TALLOC_FREE( attr_list ); if (num_result == 0) { + char *escape_username; /* Check if we need to add an entry */ DEBUG(3,("ldapsam_add_sam_account: Adding new user\n")); ldap_op = LDAP_MOD_ADD; + + escape_username = escape_rdn_val_string_alloc(username); + if (!escape_username) { + DEBUG(0, ("Out of memory!\n")); + ldap_msgfree(result); + return NT_STATUS_NO_MEMORY; + } + if (username[strlen(username)-1] == '$') { - slprintf (dn, sizeof (dn) - 1, "uid=%s,%s", username, lp_ldap_machine_suffix ()); + slprintf (dn, sizeof (dn) - 1, "uid=%s,%s", escape_username, lp_ldap_machine_suffix ()); } else { - slprintf (dn, sizeof (dn) - 1, "uid=%s,%s", username, lp_ldap_user_suffix ()); + slprintf (dn, sizeof (dn) - 1, "uid=%s,%s", escape_username, lp_ldap_user_suffix ()); } + + SAFE_FREE(escape_username); } if (!init_ldap_from_sam(ldap_state, entry, &mods, newpwd, @@ -2415,11 +2426,22 @@ static NTSTATUS ldapsam_enum_group_members(struct pdb_methods *methods, } for (memberuid = values; *memberuid != NULL; memberuid += 1) { - filter = talloc_asprintf_append(filter, "(uid=%s)", *memberuid); + char *escape_memberuid; + + escape_memberuid = escape_ldap_string_alloc(*memberuid); + if (escape_memberuid == NULL) { + ret = NT_STATUS_NO_MEMORY; + goto done; + } + + filter = talloc_asprintf_append(filter, "(uid=%s)", escape_memberuid); if (filter == NULL) { + SAFE_FREE(escape_memberuid); ret = NT_STATUS_NO_MEMORY; goto done; } + + SAFE_FREE(escape_memberuid); } filter = talloc_asprintf_append(filter, "))"); @@ -4773,6 +4795,8 @@ static NTSTATUS ldapsam_create_user(struct pdb_methods *my_methods, smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_SAMBASAMACCOUNT); if (add_posix) { + char *escape_name; + DEBUG(3,("ldapsam_create_user: Creating new posix user\n")); /* retrieve the Domain Users group gid */ @@ -4799,12 +4823,21 @@ static NTSTATUS ldapsam_create_user(struct pdb_methods *my_methods, } uidstr = talloc_asprintf(tmp_ctx, "%d", uid); gidstr = talloc_asprintf(tmp_ctx, "%d", gid); + + escape_name = escape_rdn_val_string_alloc(name); + if (!escape_name) { + DEBUG (0, ("ldapsam_create_user: Out of memory!\n")); + return NT_STATUS_NO_MEMORY; + } + if (is_machine) { - dn = talloc_asprintf(tmp_ctx, "uid=%s,%s", name, lp_ldap_machine_suffix ()); + dn = talloc_asprintf(tmp_ctx, "uid=%s,%s", escape_name, lp_ldap_machine_suffix ()); } else { - dn = talloc_asprintf(tmp_ctx, "uid=%s,%s", name, lp_ldap_user_suffix ()); + dn = talloc_asprintf(tmp_ctx, "uid=%s,%s", escape_name, lp_ldap_user_suffix ()); } + SAFE_FREE(escape_name); + if (!homedir || !shell || !uidstr || !gidstr || !dn) { DEBUG (0, ("ldapsam_create_user: Out of memory!\n")); return NT_STATUS_NO_MEMORY; @@ -4986,6 +5019,8 @@ static NTSTATUS ldapsam_create_dom_group(struct pdb_methods *my_methods, } if (num_result == 0) { + char *escape_name; + DEBUG(3,("ldapsam_create_user: Creating new posix group\n")); is_new_entry = True; @@ -4997,7 +5032,16 @@ static NTSTATUS ldapsam_create_dom_group(struct pdb_methods *my_methods, } gidstr = talloc_asprintf(tmp_ctx, "%d", gid); - dn = talloc_asprintf(tmp_ctx, "cn=%s,%s", name, lp_ldap_group_suffix()); + + escape_name = escape_rdn_val_string_alloc(name); + if (!escape_name) { + DEBUG (0, ("ldapsam_create_group: Out of memory!\n")); + return NT_STATUS_NO_MEMORY; + } + + dn = talloc_asprintf(tmp_ctx, "cn=%s,%s", escape_name, lp_ldap_group_suffix()); + + SAFE_FREE(escape_name); if (!gidstr || !dn) { DEBUG (0, ("ldapsam_create_group: Out of memory!\n")); @@ -5335,6 +5379,7 @@ static NTSTATUS ldapsam_set_primary_group(struct pdb_methods *my_methods, uint32 num_result; LDAPMod **mods = NULL; char *filter; + char *escape_username; char *gidstr; const char *dn = NULL; gid_t gid; @@ -5351,14 +5396,22 @@ static NTSTATUS ldapsam_set_primary_group(struct pdb_methods *my_methods, DEBUG(0,("ldapsam_set_primary_group: Out of Memory!\n")); return NT_STATUS_NO_MEMORY; } - + + escape_username = escape_ldap_string_alloc(pdb_get_username(sampass)); + if (escape_username== NULL) { + return NT_STATUS_NO_MEMORY; + } + filter = talloc_asprintf(mem_ctx, "(&(uid=%s)" "(objectClass=%s)" "(objectClass=%s))", - pdb_get_username(sampass), + escape_username, LDAP_OBJ_POSIXACCOUNT, LDAP_OBJ_SAMBASAMACCOUNT); + + SAFE_FREE(escape_username); + if (filter == NULL) { return NT_STATUS_NO_MEMORY; } @@ -5620,6 +5673,7 @@ NTSTATUS pdb_init_ldapsam(struct pdb_methods **pdb_method, const char *location) dn = smbldap_get_dn(ldap_state->smbldap_state->ldap_struct, entry); if (!dn) { + ldap_msgfree(result); return NT_STATUS_UNSUCCESSFUL; } @@ -5636,6 +5690,7 @@ NTSTATUS pdb_init_ldapsam(struct pdb_methods **pdb_method, const char *location) if (!string_to_sid(&ldap_domain_sid, domain_sid_string)) { DEBUG(1, ("pdb_init_ldapsam: SID [%s] could not be " "read as a valid SID\n", domain_sid_string)); + ldap_msgfree(result); return NT_STATUS_INVALID_PARAMETER; } found_sid = secrets_fetch_domain_sid(ldap_state->domain_name, |