2 files changed, 73 insertions, 12 deletions

diff --git a/source/passdb/lookup_sid.c b/source/passdb/lookup_sid.c
index 0b596fc8d7f..d76cc07ce1e 100644
--- a/source/passdb/lookup_sid.c
+++ b/source/passdb/lookup_sid.c
@@ -411,9 +411,15 @@ static BOOL wb_lookup_rids(TALLOC_CTX *mem_ctx,
 			names[i] = "";
 			types[i] = SID_NAME_UNKNOWN;
 		}
+		TALLOC_FREE(tmp_ctx);
 		return True;
 	}
 
+	if (!(*domain_name = talloc_strdup(mem_ctx, *domain_name))) {
+		TALLOC_FREE(tmp_ctx);
+		return False;
+	}
+
 	/*
 	 * winbind_lookup_rids allocates its own array. We've been given the
 	 * array, so copy it over
@@ -1115,7 +1121,7 @@ void store_gid_sid_cache(const DOM_SID *psid, gid_t gid)
  *THE LEGACY* convert uid_t to SID function.
 *****************************************************************/  
 
-void legacy_uid_to_sid(DOM_SID *psid, uid_t uid)
+static void legacy_uid_to_sid(DOM_SID *psid, uid_t uid)
 {
 	uint32 rid;
 	BOOL ret;
@@ -1149,7 +1155,7 @@ void legacy_uid_to_sid(DOM_SID *psid, uid_t uid)
  *THE LEGACY* convert gid_t to SID function.
 *****************************************************************/  
 
-void legacy_gid_to_sid(DOM_SID *psid, gid_t gid)
+static void legacy_gid_to_sid(DOM_SID *psid, gid_t gid)
 {
 	BOOL ret;
 
@@ -1180,7 +1186,7 @@ void legacy_gid_to_sid(DOM_SID *psid, gid_t gid)
  *THE LEGACY* convert SID to uid function.
 *****************************************************************/  
 
-BOOL legacy_sid_to_uid(const DOM_SID *psid, uid_t *puid)
+static BOOL legacy_sid_to_uid(const DOM_SID *psid, uid_t *puid)
 {
 	enum lsa_SidType type;
 	uint32 rid;
@@ -1229,7 +1235,7 @@ done:
  Group mapping is used for gids that maps to Wellknown SIDs
 *****************************************************************/  
 
-BOOL legacy_sid_to_gid(const DOM_SID *psid, gid_t *pgid)
+static BOOL legacy_sid_to_gid(const DOM_SID *psid, gid_t *pgid)
 {
 	uint32 rid;
 	GROUP_MAP map;
diff --git a/source/passdb/pdb_ldap.c b/source/passdb/pdb_ldap.c
index 533b936efd9..c4c53c30664 100644
--- a/source/passdb/pdb_ldap.c
+++ b/source/passdb/pdb_ldap.c
@@ -2049,14 +2049,25 @@ static NTSTATUS ldapsam_add_sam_account(struct pdb_methods *my_methods, struct s
 	TALLOC_FREE( attr_list );
 
 	if (num_result == 0) {
+		char *escape_username;
 		/* Check if we need to add an entry */
 		DEBUG(3,("ldapsam_add_sam_account: Adding new user\n"));
 		ldap_op = LDAP_MOD_ADD;
+
+		escape_username = escape_rdn_val_string_alloc(username);
+		if (!escape_username) {
+			DEBUG(0, ("Out of memory!\n"));
+			ldap_msgfree(result);
+			return NT_STATUS_NO_MEMORY;
+		}
+
 		if (username[strlen(username)-1] == '$') {
-			slprintf (dn, sizeof (dn) - 1, "uid=%s,%s", username, lp_ldap_machine_suffix ());
+			slprintf (dn, sizeof (dn) - 1, "uid=%s,%s", escape_username, lp_ldap_machine_suffix ());
 		} else {
-			slprintf (dn, sizeof (dn) - 1, "uid=%s,%s", username, lp_ldap_user_suffix ());
+			slprintf (dn, sizeof (dn) - 1, "uid=%s,%s", escape_username, lp_ldap_user_suffix ());
 		}
+
+		SAFE_FREE(escape_username);
 	}
 
 	if (!init_ldap_from_sam(ldap_state, entry, &mods, newpwd,
@@ -2415,11 +2426,22 @@ static NTSTATUS ldapsam_enum_group_members(struct pdb_methods *methods,
 		}
 
 		for (memberuid = values; *memberuid != NULL; memberuid += 1) {
-			filter = talloc_asprintf_append(filter, "(uid=%s)", *memberuid);
+			char *escape_memberuid;
+
+			escape_memberuid = escape_ldap_string_alloc(*memberuid);
+			if (escape_memberuid == NULL) {
+				ret = NT_STATUS_NO_MEMORY;
+				goto done;
+			}
+			
+			filter = talloc_asprintf_append(filter, "(uid=%s)", escape_memberuid);
 			if (filter == NULL) {
+				SAFE_FREE(escape_memberuid);
 				ret = NT_STATUS_NO_MEMORY;
 				goto done;
 			}
+
+			SAFE_FREE(escape_memberuid);
 		}
 
 		filter = talloc_asprintf_append(filter, "))");
@@ -4773,6 +4795,8 @@ static NTSTATUS ldapsam_create_user(struct pdb_methods *my_methods,
 	smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_SAMBASAMACCOUNT);
 
 	if (add_posix) {
+		char *escape_name;
+
 		DEBUG(3,("ldapsam_create_user: Creating new posix user\n"));
 
 		/* retrieve the Domain Users group gid */
@@ -4799,12 +4823,21 @@ static NTSTATUS ldapsam_create_user(struct pdb_methods *my_methods,
 		}
 		uidstr = talloc_asprintf(tmp_ctx, "%d", uid);
 		gidstr = talloc_asprintf(tmp_ctx, "%d", gid);
+
+		escape_name = escape_rdn_val_string_alloc(name);
+		if (!escape_name) {
+			DEBUG (0, ("ldapsam_create_user: Out of memory!\n"));
+			return NT_STATUS_NO_MEMORY;
+		}
+
 		if (is_machine) {
-			dn = talloc_asprintf(tmp_ctx, "uid=%s,%s", name, lp_ldap_machine_suffix ());
+			dn = talloc_asprintf(tmp_ctx, "uid=%s,%s", escape_name, lp_ldap_machine_suffix ());
 		} else {
-			dn = talloc_asprintf(tmp_ctx, "uid=%s,%s", name, lp_ldap_user_suffix ());
+			dn = talloc_asprintf(tmp_ctx, "uid=%s,%s", escape_name, lp_ldap_user_suffix ());
 		}
 
+		SAFE_FREE(escape_name);
+
 		if (!homedir || !shell || !uidstr || !gidstr || !dn) {
 			DEBUG (0, ("ldapsam_create_user: Out of memory!\n"));
 			return NT_STATUS_NO_MEMORY;
@@ -4986,6 +5019,8 @@ static NTSTATUS ldapsam_create_dom_group(struct pdb_methods *my_methods,
 	}
 
 	if (num_result == 0) {
+		char *escape_name;
+
 		DEBUG(3,("ldapsam_create_user: Creating new posix group\n"));
 
 		is_new_entry = True;
@@ -4997,7 +5032,16 @@ static NTSTATUS ldapsam_create_dom_group(struct pdb_methods *my_methods,
 		}
 
 		gidstr = talloc_asprintf(tmp_ctx, "%d", gid);
-		dn = talloc_asprintf(tmp_ctx, "cn=%s,%s", name, lp_ldap_group_suffix());
+
+		escape_name = escape_rdn_val_string_alloc(name);
+		if (!escape_name) {
+			DEBUG (0, ("ldapsam_create_group: Out of memory!\n"));
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		dn = talloc_asprintf(tmp_ctx, "cn=%s,%s", escape_name, lp_ldap_group_suffix());
+
+		SAFE_FREE(escape_name);
 
 		if (!gidstr || !dn) {
 			DEBUG (0, ("ldapsam_create_group: Out of memory!\n"));
@@ -5335,6 +5379,7 @@ static NTSTATUS ldapsam_set_primary_group(struct pdb_methods *my_methods,
 	uint32 num_result;
 	LDAPMod **mods = NULL;
 	char *filter;
+	char *escape_username;
 	char *gidstr;
 	const char *dn = NULL;
 	gid_t gid;
@@ -5351,14 +5396,22 @@ static NTSTATUS ldapsam_set_primary_group(struct pdb_methods *my_methods,
 		DEBUG(0,("ldapsam_set_primary_group: Out of Memory!\n"));
 		return NT_STATUS_NO_MEMORY;
 	}
-	
+
+	escape_username = escape_ldap_string_alloc(pdb_get_username(sampass));
+	if (escape_username== NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
 	filter = talloc_asprintf(mem_ctx,
 				 "(&(uid=%s)"
 				 "(objectClass=%s)"
 				 "(objectClass=%s))",
-				 pdb_get_username(sampass),
+				 escape_username,
 				 LDAP_OBJ_POSIXACCOUNT,
 				 LDAP_OBJ_SAMBASAMACCOUNT);
+
+	SAFE_FREE(escape_username);
+
 	if (filter == NULL) {
 		return NT_STATUS_NO_MEMORY;
 	}
@@ -5620,6 +5673,7 @@ NTSTATUS pdb_init_ldapsam(struct pdb_methods **pdb_method, const char *location)
 
 	dn = smbldap_get_dn(ldap_state->smbldap_state->ldap_struct, entry);
 	if (!dn) {
+		ldap_msgfree(result);
 		return NT_STATUS_UNSUCCESSFUL;
 	}
 
@@ -5636,6 +5690,7 @@ NTSTATUS pdb_init_ldapsam(struct pdb_methods **pdb_method, const char *location)
 		if (!string_to_sid(&ldap_domain_sid, domain_sid_string)) {
 			DEBUG(1, ("pdb_init_ldapsam: SID [%s] could not be "
 				  "read as a valid SID\n", domain_sid_string));
+			ldap_msgfree(result);
 			return NT_STATUS_INVALID_PARAMETER;
 		}
 		found_sid = secrets_fetch_domain_sid(ldap_state->domain_name,