diff options
author | Andrew Bartlett <abartlet@samba.org> | 2003-02-01 05:20:11 +0000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2003-02-01 05:20:11 +0000 |
commit | c2b134cc3b67d48961226cbfac6ea3a2fc7cc1a6 (patch) | |
tree | 3ca8971139282d99baed4a833162fc94c0f98911 /source3/libads/ldap.c | |
parent | 1454c1c99ab87e216dea1871b53c51ce7e548ba5 (diff) | |
download | samba-c2b134cc3b67d48961226cbfac6ea3a2fc7cc1a6.tar.gz samba-c2b134cc3b67d48961226cbfac6ea3a2fc7cc1a6.tar.bz2 samba-c2b134cc3b67d48961226cbfac6ea3a2fc7cc1a6.zip |
Always escape ldap filter strings. Escaping code was from pam_ldap, but I'm to
blame for the realloc() stuff.
Plus a couple of minor updates to libads.
Andrew Bartlett
(This used to be commit 34b2e558a4b3cfd753339bb228a9799e27ed8170)
Diffstat (limited to 'source3/libads/ldap.c')
-rw-r--r-- | source3/libads/ldap.c | 28 |
1 files changed, 21 insertions, 7 deletions
diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index 0a95e019bf..603f17c994 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -974,7 +974,7 @@ ADS_STATUS ads_gen_add(ADS_STRUCT *ads, const char *new_dn, ADS_MODLIST mods) /* make sure the end of the list is NULL */ mods[i] = NULL; - ret = ldap_add_s(ads->ld, utf8_dn ? utf8_dn : new_dn, mods); + ret = ldap_add_s(ads->ld, utf8_dn, mods); SAFE_FREE(utf8_dn); return ADS_ERROR(ret); } @@ -994,7 +994,7 @@ ADS_STATUS ads_del_dn(ADS_STRUCT *ads, char *del_dn) return ADS_ERROR_NT(NT_STATUS_NO_MEMORY); } - ret = ldap_delete(ads->ld, utf8_dn ? utf8_dn : del_dn); + ret = ldap_delete(ads->ld, utf8_dn); return ADS_ERROR(ret); } @@ -1029,8 +1029,8 @@ static ADS_STATUS ads_add_machine_acct(ADS_STRUCT *ads, const char *hostname, ADS_MODLIST mods; const char *objectClass[] = {"top", "person", "organizationalPerson", "user", "computer", NULL}; - const char *servicePrincipalName[3] = {NULL, NULL, NULL}; - char *psp; + const char *servicePrincipalName[5] = {NULL, NULL, NULL, NULL, NULL}; + char *psp, *psp2; unsigned acct_control; if (!(ctx = talloc_init("machine_account"))) @@ -1051,10 +1051,16 @@ static ADS_STATUS ads_add_machine_acct(ADS_STRUCT *ads, const char *hostname, ads->config.bind_path); servicePrincipalName[0] = talloc_asprintf(ctx, "HOST/%s", hostname); psp = talloc_asprintf(ctx, "HOST/%s.%s", - hostname, - ads->config.realm); + hostname, + ads->config.realm); strlower(&psp[5]); servicePrincipalName[1] = psp; + servicePrincipalName[2] = talloc_asprintf(ctx, "CIFS/%s", hostname); + psp2 = talloc_asprintf(ctx, "CIFS/%s.%s", + hostname, + ads->config.realm); + strlower(&psp2[5]); + servicePrincipalName[3] = psp2; free(ou_str); if (!new_dn) @@ -1405,6 +1411,7 @@ ADS_STATUS ads_set_machine_sd(ADS_STRUCT *ads, const char *hostname, char *dn) size_t sd_size = 0; struct berval bval = {0, NULL}; prs_struct ps_wire; + char *escaped_hostname = escape_ldap_string_alloc(hostname); LDAPMessage *res = 0; LDAPMessage *msg = 0; @@ -1420,11 +1427,18 @@ ADS_STATUS ads_set_machine_sd(ADS_STRUCT *ads, const char *hostname, char *dn) ret = ADS_ERROR(LDAP_SUCCESS); - if (asprintf(&exp, "(samAccountName=%s$)", hostname) == -1) { + if (!escaped_hostname) { + return ADS_ERROR_NT(NT_STATUS_NO_MEMORY); + } + + if (asprintf(&exp, "(samAccountName=%s$)", escaped_hostname) == -1) { DEBUG(1, ("ads_set_machine_sd: asprintf failed!\n")); + SAFE_FREE(escaped_hostname); return ADS_ERROR_NT(NT_STATUS_NO_MEMORY); } + SAFE_FREE(escaped_hostname); + ret = ads_search(ads, (void *) &res, exp, attrs); if (!ADS_ERR_OK(ret)) return ret; |