mirror of
https://github.com/samba-team/samba.git
synced 2025-11-09 20:23:51 +03:00
r6817: - fixed empty ldap search elements in filters
- added support for guids in cldap netlogon searches. the cldap server now passes the LDAP-CLDAP torture test
This commit is contained in:
Andrew Tridgell
committed by
Gerald (Jerry) Carter
Gerald (Jerry) Carter
parent
7d19eb9433
commit
eb7979d9de
@@ -33,6 +33,7 @@
|
|||||||
static NTSTATUS cldapd_netlogon_fill(struct cldap_socket *cldap,
|
static NTSTATUS cldapd_netlogon_fill(struct cldap_socket *cldap,
|
||||||
TALLOC_CTX *mem_ctx,
|
TALLOC_CTX *mem_ctx,
|
||||||
const char *domain,
|
const char *domain,
|
||||||
|
const char *domain_guid,
|
||||||
const char *user,
|
const char *user,
|
||||||
const char *src_address,
|
const char *src_address,
|
||||||
uint32_t version,
|
uint32_t version,
|
||||||
@@ -61,13 +62,15 @@ static NTSTATUS cldapd_netlogon_fill(struct cldap_socket *cldap,
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* the domain has an optional trailing . */
|
/* the domain has an optional trailing . */
|
||||||
if (domain[strlen(domain)-1] == '.') {
|
if (domain && domain[strlen(domain)-1] == '.') {
|
||||||
domain = talloc_strndup(mem_ctx, domain, strlen(domain)-1);
|
domain = talloc_strndup(mem_ctx, domain, strlen(domain)-1);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* try and find the domain */
|
/* try and find the domain */
|
||||||
ret = gendb_search(samctx, samctx, NULL, &res, attrs,
|
ret = gendb_search(samctx, samctx, NULL, &res, attrs,
|
||||||
"(&(dnsDomain=%s)(objectClass=domainDNS))", domain);
|
"(&(objectClass=domainDNS)(|(dnsDomain=%s)(objectGUID=%s)))",
|
||||||
|
domain?domain:"",
|
||||||
|
domain_guid?domain_guid:"");
|
||||||
if (ret != 1) {
|
if (ret != 1) {
|
||||||
DEBUG(2,("Unable to find domain '%s' in sam\n", domain));
|
DEBUG(2,("Unable to find domain '%s' in sam\n", domain));
|
||||||
return NT_STATUS_NO_SUCH_DOMAIN;
|
return NT_STATUS_NO_SUCH_DOMAIN;
|
||||||
@@ -210,9 +213,13 @@ void cldapd_netlogon_request(struct cldap_socket *cldap,
|
|||||||
t->u.simple.value.length);
|
t->u.simple.value.length);
|
||||||
}
|
}
|
||||||
if (strcasecmp(t->u.simple.attr, "DomainGuid") == 0) {
|
if (strcasecmp(t->u.simple.attr, "DomainGuid") == 0) {
|
||||||
domain_guid = talloc_strndup(tmp_ctx,
|
NTSTATUS enc_status;
|
||||||
t->u.simple.value.data,
|
struct GUID guid;
|
||||||
t->u.simple.value.length);
|
enc_status = ldap_decode_ndr_GUID(tmp_ctx,
|
||||||
|
t->u.simple.value, &guid);
|
||||||
|
if (NT_STATUS_IS_OK(enc_status)) {
|
||||||
|
domain_guid = GUID_string(tmp_ctx, &guid);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
if (strcasecmp(t->u.simple.attr, "DomainSid") == 0) {
|
if (strcasecmp(t->u.simple.attr, "DomainSid") == 0) {
|
||||||
domain_sid = talloc_strndup(tmp_ctx,
|
domain_sid = talloc_strndup(tmp_ctx,
|
||||||
@@ -234,14 +241,19 @@ void cldapd_netlogon_request(struct cldap_socket *cldap,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (domain == NULL || host == NULL || version == -1) {
|
if (domain_guid == NULL && domain == NULL) {
|
||||||
|
domain = lp_realm();
|
||||||
|
}
|
||||||
|
|
||||||
|
if (version == -1) {
|
||||||
goto failed;
|
goto failed;
|
||||||
}
|
}
|
||||||
|
|
||||||
DEBUG(0,("cldap netlogon query domain=%s host=%s user=%s version=%d\n",
|
DEBUG(0,("cldap netlogon query domain=%s host=%s user=%s version=%d guid=%s\n",
|
||||||
domain, host, user, version));
|
domain, host, user, version, domain_guid));
|
||||||
|
|
||||||
status = cldapd_netlogon_fill(cldap, tmp_ctx, domain, user, src_address,
|
status = cldapd_netlogon_fill(cldap, tmp_ctx, domain, domain_guid,
|
||||||
|
user, src_address,
|
||||||
version, &netlogon);
|
version, &netlogon);
|
||||||
if (!NT_STATUS_IS_OK(status)) {
|
if (!NT_STATUS_IS_OK(status)) {
|
||||||
goto failed;
|
goto failed;
|
||||||
|
|||||||
@@ -170,7 +170,7 @@ static struct ldb_parse_tree *ldb_parse_simple(TALLOC_CTX *ctx, const char *s)
|
|||||||
|
|
||||||
ret->operation = LDB_OP_SIMPLE;
|
ret->operation = LDB_OP_SIMPLE;
|
||||||
ret->u.simple.attr = l;
|
ret->u.simple.attr = l;
|
||||||
ret->u.simple.value.data = val;
|
ret->u.simple.value.data = val?val:discard_const_p(char, "");
|
||||||
ret->u.simple.value.length = val?strlen(val):0;
|
ret->u.simple.value.length = val?strlen(val):0;
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
|
|||||||
@@ -110,7 +110,7 @@ static struct ldap_parse_tree *ldap_parse_filter(TALLOC_CTX *mem_ctx,
|
|||||||
decode a RFC2254 binary string representation of a buffer.
|
decode a RFC2254 binary string representation of a buffer.
|
||||||
Used in LDAP filters.
|
Used in LDAP filters.
|
||||||
*/
|
*/
|
||||||
static struct ldap_val ldap_binary_decode(TALLOC_CTX *mem_ctx, const char *str)
|
struct ldap_val ldap_binary_decode(TALLOC_CTX *mem_ctx, const char *str)
|
||||||
{
|
{
|
||||||
int i, j;
|
int i, j;
|
||||||
struct ldap_val ret;
|
struct ldap_val ret;
|
||||||
|
|||||||
@@ -326,6 +326,7 @@ BOOL ldap_parse_basic_url(TALLOC_CTX *mem_ctx, const char *url,
|
|||||||
struct ldap_parse_tree *ldap_parse_filter_string(TALLOC_CTX *mem_ctx,
|
struct ldap_parse_tree *ldap_parse_filter_string(TALLOC_CTX *mem_ctx,
|
||||||
const char *s);
|
const char *s);
|
||||||
const char *ldap_binary_encode(TALLOC_CTX *mem_ctx, DATA_BLOB blob);
|
const char *ldap_binary_encode(TALLOC_CTX *mem_ctx, DATA_BLOB blob);
|
||||||
|
struct ldap_val ldap_binary_decode(TALLOC_CTX *mem_ctx, const char *str);
|
||||||
|
|
||||||
/* The following definitions come from libcli/ldap/ldap_client.c */
|
/* The following definitions come from libcli/ldap/ldap_client.c */
|
||||||
|
|
||||||
@@ -384,5 +385,6 @@ struct ldap_message *ldap_ldif2msg(TALLOC_CTX *mem_ctx, const char *s);
|
|||||||
const char *ldap_encode_ndr_uint32(TALLOC_CTX *mem_ctx, uint32_t value);
|
const char *ldap_encode_ndr_uint32(TALLOC_CTX *mem_ctx, uint32_t value);
|
||||||
const char *ldap_encode_ndr_dom_sid(TALLOC_CTX *mem_ctx, struct dom_sid *sid);
|
const char *ldap_encode_ndr_dom_sid(TALLOC_CTX *mem_ctx, struct dom_sid *sid);
|
||||||
const char *ldap_encode_ndr_GUID(TALLOC_CTX *mem_ctx, struct GUID *guid);
|
const char *ldap_encode_ndr_GUID(TALLOC_CTX *mem_ctx, struct GUID *guid);
|
||||||
|
NTSTATUS ldap_decode_ndr_GUID(TALLOC_CTX *mem_ctx, struct ldap_val val, struct GUID *guid);
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
@@ -74,3 +74,19 @@ const char *ldap_encode_ndr_GUID(TALLOC_CTX *mem_ctx, struct GUID *guid)
|
|||||||
data_blob_free(&blob);
|
data_blob_free(&blob);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
decode a NDR GUID from a ldap filter element
|
||||||
|
*/
|
||||||
|
NTSTATUS ldap_decode_ndr_GUID(TALLOC_CTX *mem_ctx, struct ldap_val val, struct GUID *guid)
|
||||||
|
{
|
||||||
|
DATA_BLOB blob;
|
||||||
|
NTSTATUS status;
|
||||||
|
|
||||||
|
blob.data = val.data;
|
||||||
|
blob.length = val.length;
|
||||||
|
status = ndr_pull_struct_blob(&blob, mem_ctx, guid,
|
||||||
|
(ndr_pull_flags_fn_t)ndr_pull_GUID);
|
||||||
|
talloc_free(val.data);
|
||||||
|
return status;
|
||||||
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user