summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/groupdb/mapping_ldb.c8
-rw-r--r--source3/lib/ldb/common/ldb.c4
-rw-r--r--source3/lib/ldb/common/ldb_dn.c53
-rw-r--r--source3/libads/ldap.c19
4 files changed, 53 insertions, 31 deletions
diff --git a/source3/groupdb/mapping_ldb.c b/source3/groupdb/mapping_ldb.c
index 143f4ed6cf..7ad0bbb703 100644
--- a/source3/groupdb/mapping_ldb.c
+++ b/source3/groupdb/mapping_ldb.c
@@ -23,7 +23,7 @@
#include "includes.h"
#include "groupdb/mapping.h"
-#include "lib/ldb/include/includes.h"
+#include "lib/ldb/include/ldb.h"
#include "lib/ldb/include/ldb_errors.h"
static struct ldb_context *ldb;
@@ -133,8 +133,8 @@ static struct ldb_dn *mapping_dn(TALLOC_CTX *mem_ctx, const DOM_SID *sid)
}
/* we split by domain and rid so we can do a subtree search
when we only want one domain */
- return ldb_dn_string_compose(mem_ctx, NULL, "rid=%u,domain=%s",
- rid, string_sid);
+ return ldb_dn_new_fmt(mem_ctx, ldb, "rid=%u,domain=%s",
+ rid, string_sid);
}
/*
@@ -328,7 +328,7 @@ static bool enum_group_mapping(const DOM_SID *domsid, enum lsa_SidType sid_name_
/* we do a subtree search on the domain */
if (domsid != NULL) {
sid_to_fstring(name, domsid);
- basedn = ldb_dn_string_compose(tmp_ctx, NULL, "domain=%s", name);
+ basedn = ldb_dn_new_fmt(tmp_ctx, ldb, "domain=%s", name);
if (basedn == NULL) goto failed;
}
diff --git a/source3/lib/ldb/common/ldb.c b/source3/lib/ldb/common/ldb.c
index 0ea80fecfc..791c1863d7 100644
--- a/source3/lib/ldb/common/ldb.c
+++ b/source3/lib/ldb/common/ldb.c
@@ -166,7 +166,7 @@ static const struct ldb_dn *ldb_set_default_basedn(struct ldb_context *ldb)
}
tmp_ctx = talloc_new(ldb);
- ret = ldb_search(ldb, ldb, &res, ldb_dn_new(tmp_ctx), LDB_SCOPE_BASE,
+ ret = ldb_search(ldb, ldb, &res, ldb_dn_new(tmp_ctx, ldb, NULL), LDB_SCOPE_BASE,
attrs, "(objectClass=*)");
if (ret == LDB_SUCCESS) {
if (res->count == 1) {
@@ -601,7 +601,7 @@ int ldb_build_search_req(struct ldb_request **ret_req,
req->operation = LDB_SEARCH;
if (base == NULL) {
- req->op.search.base = ldb_dn_new(req);
+ req->op.search.base = ldb_dn_new(req, ldb, NULL);
} else {
req->op.search.base = base;
}
diff --git a/source3/lib/ldb/common/ldb_dn.c b/source3/lib/ldb/common/ldb_dn.c
index 7ef3c38024..09d58555bd 100644
--- a/source3/lib/ldb/common/ldb_dn.c
+++ b/source3/lib/ldb/common/ldb_dn.c
@@ -332,21 +332,44 @@ failed:
return dc;
}
-struct ldb_dn *ldb_dn_new(void *mem_ctx)
+struct ldb_dn *ldb_dn_new(void *mem_ctx, struct ldb_context *ldb, const char *text)
{
struct ldb_dn *edn;
- edn = talloc(mem_ctx, struct ldb_dn);
- LDB_DN_NULL_FAILED(edn);
-
- /* Initially there are no components */
- edn->comp_num = 0;
- edn->components = NULL;
+ if (text == NULL) {
+ edn = talloc_zero(mem_ctx, struct ldb_dn);
+ } else {
+ edn = ldb_dn_explode(mem_ctx, text);
+ }
return edn;
+}
-failed:
- return NULL;
+bool ldb_dn_validate(struct ldb_dn *dn)
+{
+ /* This implementation does not do "lazy" evaluation of DN's, so
+ * if a DN can be created it will be valid. */
+ return true;
+}
+
+struct ldb_dn *ldb_dn_new_fmt(void *mem_ctx, struct ldb_context *ldb, const char *new_fmt, ...)
+{
+ char *strdn;
+ va_list ap;
+ struct ldb_dn *dn;
+
+ if ( (! mem_ctx) || (! ldb)) return NULL;
+
+ va_start(ap, new_fmt);
+ strdn = talloc_vasprintf(mem_ctx, new_fmt, ap);
+ if (strdn == NULL)
+ return NULL;
+ va_end(ap);
+
+ dn = ldb_dn_explode(mem_ctx, strdn);
+
+ talloc_free(strdn);
+ return dn;
}
/*
@@ -360,7 +383,7 @@ struct ldb_dn *ldb_dn_explode(void *mem_ctx, const char *dn)
if (dn == NULL) return NULL;
/* Allocate a structure to hold the exploded DN */
- edn = ldb_dn_new(mem_ctx);
+ edn = talloc_zero(mem_ctx, struct ldb_dn);
if (edn == NULL) {
return NULL;
}
@@ -440,7 +463,7 @@ struct ldb_dn *ldb_dn_explode_or_special(void *mem_ctx, const char *dn)
*/
/* Allocate a structure to hold the exploded DN */
- if (!(edn = ldb_dn_new(mem_ctx))) {
+ if (!(edn = talloc_zero(mem_ctx, struct ldb_dn))) {
return NULL;
}
@@ -599,7 +622,7 @@ struct ldb_dn *ldb_dn_casefold(struct ldb_context *ldb, void *mem_ctx, const str
if (edn == NULL) return NULL;
- cedn = ldb_dn_new(mem_ctx);
+ cedn = talloc_zero(mem_ctx, struct ldb_dn);
if (!cedn) {
return NULL;
}
@@ -737,7 +760,7 @@ struct ldb_dn *ldb_dn_copy_partial(void *mem_ctx, const struct ldb_dn *dn, int n
if (dn == NULL) return NULL;
if (num_el <= 0) return NULL;
- newdn = ldb_dn_new(mem_ctx);
+ newdn = talloc_zero(mem_ctx, struct ldb_dn);
LDB_DN_NULL_FAILED(newdn);
newdn->comp_num = num_el;
@@ -814,7 +837,7 @@ struct ldb_dn *ldb_dn_build_child(void *mem_ctx, const char *attr,
newdn = ldb_dn_copy_partial(mem_ctx, base, base->comp_num + 1);
LDB_DN_NULL_FAILED(newdn);
} else {
- newdn = ldb_dn_new(mem_ctx);
+ newdn = talloc_zero(mem_ctx, struct ldb_dn);
LDB_DN_NULL_FAILED(newdn);
newdn->comp_num = 1;
@@ -847,7 +870,7 @@ struct ldb_dn *ldb_dn_compose(void *mem_ctx, const struct ldb_dn *dn1, const str
}
if (dn2 == NULL) {
- newdn = ldb_dn_new(mem_ctx);
+ newdn = talloc_zero(mem_ctx, struct ldb_dn);
LDB_DN_NULL_FAILED(newdn);
newdn->comp_num = dn1->comp_num;
diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index 44a73cbfdb..588c0a131c 100644
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -22,7 +22,7 @@
*/
#include "includes.h"
-#include "lib/ldb/include/includes.h"
+#include "lib/ldb/include/ldb.h"
#ifdef HAVE_LDAP
@@ -3860,25 +3860,24 @@ ADS_STATUS ads_check_ou_dn(TALLOC_CTX *mem_ctx,
char *ou_string = NULL;
struct ldb_context *ldb = ldb_init(mem_ctx, NULL);
- name_dn = ldb_dn_explode(mem_ctx, *account_ou);
- if (name_dn) {
+ name_dn = ldb_dn_new(mem_ctx, ldb, *account_ou);
+ if (name_dn && ldb_dn_validate(name_dn)) {
+ talloc_free(ldb);
return ADS_SUCCESS;
}
ou_string = ads_ou_string(ads, *account_ou);
if (!ou_string) {
+ talloc_free(ldb);
return ADS_ERROR_LDAP(LDAP_INVALID_DN_SYNTAX);
}
- name = talloc_asprintf(mem_ctx, "%s,%s", ou_string,
- ads->config.bind_path);
+ name_dn = ldb_dn_new_fmt(mem_ctx, ldb, "%s,%s", ou_string,
+ ads->config.bind_path);
SAFE_FREE(ou_string);
- if (!name) {
- return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
- }
- name_dn = ldb_dn_explode(mem_ctx, name);
- if (!name_dn) {
+ if (!name_dn || !ldb_dn_validate(name_dn)) {
+ talloc_free(ldb);
return ADS_ERROR_LDAP(LDAP_INVALID_DN_SYNTAX);
}