summaryrefslogtreecommitdiff
path: root/source3/passdb
diff options
context:
space:
mode:
authorSimo Sorce <idra@samba.org>2001-12-30 19:21:25 +0000
committerSimo Sorce <idra@samba.org>2001-12-30 19:21:25 +0000
commit0608a60390db336bf179564aefdf16c43f1793ad (patch)
tree8ec4cc2b229552e37392cbaf7cc6b8f734469770 /source3/passdb
parentf6e6c678ad5338264496de43e9e1ab2fe4a28e64 (diff)
downloadsamba-0608a60390db336bf179564aefdf16c43f1793ad.tar.gz
samba-0608a60390db336bf179564aefdf16c43f1793ad.tar.bz2
samba-0608a60390db336bf179564aefdf16c43f1793ad.zip
util_sid.c - respect a const variabile (addedd strdup)
cli_reg.c - indentation pdb_ldap.c - some checks on init fns parameters pdb_tdb.c - some checks on init fns parameters + make sure we close the db on failure (This used to be commit 49f5cb7a3df6d673f86e6769319aa657e30d8380)
Diffstat (limited to 'source3/passdb')
-rw-r--r--source3/passdb/pdb_ldap.c14
-rw-r--r--source3/passdb/pdb_tdb.c57
2 files changed, 48 insertions, 23 deletions
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index 215292be48..b9facb3a33 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -70,7 +70,9 @@ ldap_open_connection (LDAP ** ldap_struct)
int port;
int version, rc;
int tls = LDAP_OPT_X_TLS_HARD;
-
+
+ /* there should be an lp_ldap_ssl_port(), what happen if for some
+ reason we need to bind an SSLed LDAP on port 389 ?? ---simo */
if (lp_ldap_ssl() == LDAP_SSL_ON && lp_ldap_port() == 389) {
port = 636;
}
@@ -368,6 +370,11 @@ static BOOL init_sam_from_ldap (SAM_ACCOUNT * sampass,
uint8 *hours;
pstring temp;
+ if (sampass == NULL || ldap_struct == NULL || entry == NULL) {
+ DEBUG(0, ("init_sam_from_ldap: NULL parameters found!\n"));
+ return False;
+ }
+
get_single_attribute(ldap_struct, entry, "uid", username);
DEBUG(2, ("Entry found for user: %s\n", username));
@@ -526,6 +533,11 @@ static BOOL init_ldap_from_sam (LDAPMod *** mods, int ldap_state, const SAM_ACCO
{
pstring temp;
+ if (mods == NULL || sampass == NULL) {
+ DEBUG(0, ("init_ldap_from_sam: NULL parameters found!\n"));
+ return False;
+ }
+
*mods = NULL;
/*
diff --git a/source3/passdb/pdb_tdb.c b/source3/passdb/pdb_tdb.c
index fbfdd1aace..8c17bb76ec 100644
--- a/source3/passdb/pdb_tdb.c
+++ b/source3/passdb/pdb_tdb.c
@@ -80,6 +80,11 @@ static BOOL init_sam_from_buffer (SAM_ACCOUNT *sampass, uint8 *buf, uint32 bufle
uint32 len = 0;
uint32 lmpwlen, ntpwlen, hourslen;
BOOL ret = True;
+
+ if(sampass == NULL || buf == NULL) {
+ DEBUG(0, ("init_sam_from_buffer: NULL parameters found!\n"));
+ return False;
+ }
/* unpack the buffer into variables */
len = tdb_unpack (buf, buflen, TDB_FORMAT_STRING,
@@ -207,9 +212,11 @@ static uint32 init_buffer_from_sam (uint8 **buf, const SAM_ACCOUNT *sampass)
uint32 nt_pw_len = 16;
/* do we have a valid SAM_ACCOUNT pointer? */
- if (sampass == NULL)
+ if (sampass == NULL) {
+ DEBUG(0, ("init_buffer_from_sam: SAM_ACCOUNT is NULL!\n"));
return -1;
-
+ }
+
*buf = NULL;
buflen = 0;
@@ -404,7 +411,7 @@ void pdb_endsampwent(void)
global_tdb_ent.passwd_tdb = NULL;
}
- DEBUG(7, ("endtdbpwent: closed password file.\n"));
+ DEBUG(7, ("endtdbpwent: closed sam database.\n"));
}
/*****************************************************************
@@ -425,10 +432,10 @@ BOOL pdb_getsampwent(SAM_ACCOUNT *user)
return False;
}
- /* skip all RID entries */
- while ((global_tdb_ent.key.dsize != 0) && (strncmp (global_tdb_ent.key.dptr, prefix, prefixlen)))
+ /* skip all non-USER entries (eg. RIDs) */
+ while ((global_tdb_ent.key.dsize != 0) && (strncmp(global_tdb_ent.key.dptr, prefix, prefixlen)))
/* increment to next in line */
- global_tdb_ent.key = tdb_nextkey (global_tdb_ent.passwd_tdb, global_tdb_ent.key);
+ global_tdb_ent.key = tdb_nextkey(global_tdb_ent.passwd_tdb, global_tdb_ent.key);
/* do we have an valid interation pointer? */
if(global_tdb_ent.passwd_tdb == NULL) {
@@ -436,14 +443,14 @@ BOOL pdb_getsampwent(SAM_ACCOUNT *user)
return False;
}
- data = tdb_fetch (global_tdb_ent.passwd_tdb, global_tdb_ent.key);
+ data = tdb_fetch(global_tdb_ent.passwd_tdb, global_tdb_ent.key);
if (!data.dptr) {
DEBUG(5,("pdb_getsampwent: database entry not found.\n"));
return False;
}
/* unpack the buffer */
- if (!init_sam_from_buffer (user, data.dptr, data.dsize)) {
+ if (!init_sam_from_buffer(user, data.dptr, data.dsize)) {
DEBUG(0,("pdb_getsampwent: Bad SAM_ACCOUNT entry returned from TDB!\n"));
SAFE_FREE(data.dptr);
return False;
@@ -461,11 +468,11 @@ BOOL pdb_getsampwent(SAM_ACCOUNT *user)
uid = pw->pw_uid;
gid = pw->pw_gid;
- pdb_set_uid (user, uid);
- pdb_set_gid (user, gid);
+ pdb_set_uid(user, uid);
+ pdb_set_gid(user, gid);
/* increment to next in line */
- global_tdb_ent.key = tdb_nextkey (global_tdb_ent.passwd_tdb, global_tdb_ent.key);
+ global_tdb_ent.key = tdb_nextkey(global_tdb_ent.passwd_tdb, global_tdb_ent.key);
return True;
}
@@ -495,12 +502,12 @@ BOOL pdb_getsampwnam (SAM_ACCOUNT *user, const char *sname)
unix_strlower(sname, -1, name, sizeof(name));
get_private_directory(tdbfile);
- pstrcat (tdbfile, PASSDB_FILE_NAME);
+ pstrcat(tdbfile, PASSDB_FILE_NAME);
/* set search key */
slprintf(keystr, sizeof(keystr)-1, "%s%s", USERPREFIX, name);
key.dptr = keystr;
- key.dsize = strlen (keystr) + 1;
+ key.dsize = strlen(keystr) + 1;
/* open the accounts TDB */
if (!(pwd_tdb = tdb_open_log(tdbfile, 0, TDB_DEFAULT, O_RDONLY, 0600))) {
@@ -509,34 +516,40 @@ BOOL pdb_getsampwnam (SAM_ACCOUNT *user, const char *sname)
}
/* get the record */
- data = tdb_fetch (pwd_tdb, key);
+ data = tdb_fetch(pwd_tdb, key);
if (!data.dptr) {
DEBUG(5,("pdb_getsampwnam (TDB): error fetching database.\n"));
DEBUGADD(5, (" Error: %s\n", tdb_errorstr(pwd_tdb)));
- tdb_close (pwd_tdb);
+ tdb_close(pwd_tdb);
return False;
}
/* unpack the buffer */
- if (!init_sam_from_buffer (user, data.dptr, data.dsize)) {
+ if (!init_sam_from_buffer(user, data.dptr, data.dsize)) {
DEBUG(0,("pdb_getsampwent: Bad SAM_ACCOUNT entry returned from TDB!\n"));
SAFE_FREE(data.dptr);
+ tdb_close(pwd_tdb);
return False;
}
SAFE_FREE(data.dptr);
+
+ /* cleanup */
+ tdb_close(pwd_tdb);
/* validate the account and fill in UNIX uid and gid. sys_getpwnam()
- is used instaed of Get_Pwnam() as we do not need to try case
+ is used instead of Get_Pwnam() as we do not need to try case
permutations */
if ((pw=sys_getpwnam(pdb_get_username(user)))) {
uid = pw->pw_uid;
gid = pw->pw_gid;
- pdb_set_uid (user, uid);
- pdb_set_gid (user, gid);
+ pdb_set_uid(user, uid);
+ pdb_set_gid(user, gid);
+ }
+ else {
+ DEBUG(0,("pdb_getsampwent: getpwnam(%s) return NULL. User does not exist!\n",
+ pdb_get_username(user)));
+ return False;
}
-
- /* cleanup */
- tdb_close (pwd_tdb);
return True;
}