sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-08-04 08:22:08 +03:00
Code Activity

ldap_server: Plumb ldb error string from a failed connect to ldapsrv_terminate_connection()

Browse Source 
However, do not plumb it to the client-seen error string, as it could contain server paths.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This commit is contained in:
Andrew Bartlett
2017-09-14 15:07:10 +12:00
committed by Douglas Bagnall
parent c1e41d489d
commit dd53be2756
3 changed files with 42 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
source4/ldap_server/ldap_backend.c
View File

@ -180,15 +180,17 @@ static int map_ldb_error(TALLOC_CTX *mem_ctx, int ldb_err,
/* /*
connect to the sam database connect to the sam database
*/ */
NTSTATUS ldapsrv_backend_Init(struct ldapsrv_connection *conn) int ldapsrv_backend_Init(struct ldapsrv_connection *conn,
char **errstring)
{ {
conn->ldb = samdb_connect(conn, int ret = samdb_connect_url(conn,
conn->connection->event.ctx, conn->connection->event.ctx,
conn->lp_ctx, conn->lp_ctx,
conn->session_info, conn->session_info,
conn->global_catalog ? LDB_FLG_RDONLY : 0); conn->global_catalog ? LDB_FLG_RDONLY : 0,
if (conn->ldb == NULL) { "sam.ldb", &conn->ldb, errstring);
return NT_STATUS_INTERNAL_DB_CORRUPTION; if (ret != LDB_SUCCESS) {
return ret;
} }
if (conn->server_credentials) { if (conn->server_credentials) {
@ -205,11 +207,11 @@ NTSTATUS ldapsrv_backend_Init(struct ldapsrv_connection *conn)
char *sasl_name = talloc_strdup(conn, ops[i]->sasl_name); char *sasl_name = talloc_strdup(conn, ops[i]->sasl_name);
if (!sasl_name) { if (!sasl_name) {
return NT_STATUS_NO_MEMORY; return LDB_ERR_OPERATIONS_ERROR;
} }
sasl_mechs = talloc_realloc(conn, sasl_mechs, char *, j + 2); sasl_mechs = talloc_realloc(conn, sasl_mechs, char *, j + 2);
if (!sasl_mechs) { if (!sasl_mechs) {
return NT_STATUS_NO_MEMORY; return LDB_ERR_OPERATIONS_ERROR;
} }
sasl_mechs[j] = sasl_name; sasl_mechs[j] = sasl_name;
talloc_steal(sasl_mechs, sasl_name); talloc_steal(sasl_mechs, sasl_name);
@ -230,7 +232,7 @@ NTSTATUS ldapsrv_backend_Init(struct ldapsrv_connection *conn)
ldb_set_opaque(conn->ldb, "remoteAddress", ldb_set_opaque(conn->ldb, "remoteAddress",
conn->connection->remote_address); conn->connection->remote_address);
return NT_STATUS_OK; return LDB_SUCCESS;
} }
struct ldapsrv_reply *ldapsrv_init_reply(struct ldapsrv_call *call, uint8_t type) struct ldapsrv_reply *ldapsrv_init_reply(struct ldapsrv_call *call, uint8_t type)

34
source4/ldap_server/ldap_bind.c
View File

@ -237,6 +237,7 @@ static void ldapsrv_BindSimple_done(struct tevent_req *subreq)
call, call,
&session_info); &session_info);
if (NT_STATUS_IS_OK(status)) { if (NT_STATUS_IS_OK(status)) {
char *ldb_errstring = NULL;
result = LDAP_SUCCESS; result = LDAP_SUCCESS;
errstr = NULL; errstr = NULL;
@ -248,11 +249,16 @@ static void ldapsrv_BindSimple_done(struct tevent_req *subreq)
/* don't leak the old LDB */ /* don't leak the old LDB */
talloc_unlink(call->conn, call->conn->ldb); talloc_unlink(call->conn, call->conn->ldb);
status = ldapsrv_backend_Init(call->conn); result = ldapsrv_backend_Init(call->conn, &ldb_errstring);
if (!NT_STATUS_IS_OK(status)) { if (result != LDB_SUCCESS) {
result = LDAP_OPERATIONS_ERROR; /* Only put the detailed error in DEBUG() */
errstr = talloc_asprintf(reply, "Simple Bind: Failed to advise ldb new credentials: %s", nt_errstr(status)); DBG_ERR("ldapsrv_backend_Init failed: %s: %s",
ldb_errstring, ldb_strerror(result));
errstr = talloc_strdup(reply,
"Simple Bind: Failed to advise "
"ldb new credentials");
result = LDB_ERR_OPERATIONS_ERROR;
} }
} else { } else {
status = nt_status_squash(status); status = nt_status_squash(status);
@ -475,6 +481,7 @@ static void ldapsrv_BindSASL_done(struct tevent_req *subreq)
NTSTATUS status; NTSTATUS status;
int result; int result;
const char *errstr = NULL; const char *errstr = NULL;
char *ldb_errstring = NULL;
DATA_BLOB output = data_blob_null; DATA_BLOB output = data_blob_null;
status = gensec_update_recv(subreq, call, &output); status = gensec_update_recv(subreq, call, &output);
@ -582,15 +589,16 @@ static void ldapsrv_BindSASL_done(struct tevent_req *subreq)
call->conn->authz_logged = true; call->conn->authz_logged = true;
status = ldapsrv_backend_Init(conn); result = ldapsrv_backend_Init(call->conn, &ldb_errstring);
if (!NT_STATUS_IS_OK(status)) { if (result != LDB_SUCCESS) {
result = LDAP_OPERATIONS_ERROR; /* Only put the detailed error in DEBUG() */
errstr = talloc_asprintf(reply, DBG_ERR("ldapsrv_backend_Init failed: %s: %s",
"SASL:[%s]: Failed to advise samdb of new credentials: %s", ldb_errstring, ldb_strerror(result));
req->creds.SASL.mechanism, errstr = talloc_strdup(reply,
nt_errstr(status)); "SASL Bind: Failed to advise "
goto do_reply; "ldb new credentials");
result = LDB_ERR_OPERATIONS_ERROR;
} }
if (context != NULL) { if (context != NULL) {

10
source4/ldap_server/ldap_server.c
View File

@ -293,6 +293,7 @@ static void ldapsrv_accept(struct stream_connection *c,
int ret; int ret;
struct tevent_req *subreq; struct tevent_req *subreq;
struct timeval endtime; struct timeval endtime;
char *errstring = NULL;
conn = talloc_zero(c, struct ldapsrv_connection); conn = talloc_zero(c, struct ldapsrv_connection);
if (!conn) { if (!conn) {
@ -361,8 +362,13 @@ static void ldapsrv_accept(struct stream_connection *c,
conn->require_strong_auth = lpcfg_ldap_server_require_strong_auth(conn->lp_ctx); conn->require_strong_auth = lpcfg_ldap_server_require_strong_auth(conn->lp_ctx);
} }
if (!NT_STATUS_IS_OK(ldapsrv_backend_Init(conn))) { ret = ldapsrv_backend_Init(conn, &errstring);
ldapsrv_terminate_connection(conn, "backend Init failed"); if (ret != LDB_SUCCESS) {
char *reason = talloc_asprintf(conn,
"LDB backend for LDAP Init "
"failed: %s: %s",
errstring, ldb_strerror(ret));
ldapsrv_terminate_connection(conn, reason);
return; return;
} }