diff options
-rw-r--r-- | source3/groupdb/mapping_ldb.c | 8 | ||||
-rw-r--r-- | source3/lib/ldb/common/ldb.c | 4 | ||||
-rw-r--r-- | source3/lib/ldb/common/ldb_dn.c | 53 | ||||
-rw-r--r-- | source3/libads/ldap.c | 19 |
4 files changed, 53 insertions, 31 deletions
diff --git a/source3/groupdb/mapping_ldb.c b/source3/groupdb/mapping_ldb.c index 143f4ed6cf..7ad0bbb703 100644 --- a/source3/groupdb/mapping_ldb.c +++ b/source3/groupdb/mapping_ldb.c @@ -23,7 +23,7 @@ #include "includes.h" #include "groupdb/mapping.h" -#include "lib/ldb/include/includes.h" +#include "lib/ldb/include/ldb.h" #include "lib/ldb/include/ldb_errors.h" static struct ldb_context *ldb; @@ -133,8 +133,8 @@ static struct ldb_dn *mapping_dn(TALLOC_CTX *mem_ctx, const DOM_SID *sid) } /* we split by domain and rid so we can do a subtree search when we only want one domain */ - return ldb_dn_string_compose(mem_ctx, NULL, "rid=%u,domain=%s", - rid, string_sid); + return ldb_dn_new_fmt(mem_ctx, ldb, "rid=%u,domain=%s", + rid, string_sid); } /* @@ -328,7 +328,7 @@ static bool enum_group_mapping(const DOM_SID *domsid, enum lsa_SidType sid_name_ /* we do a subtree search on the domain */ if (domsid != NULL) { sid_to_fstring(name, domsid); - basedn = ldb_dn_string_compose(tmp_ctx, NULL, "domain=%s", name); + basedn = ldb_dn_new_fmt(tmp_ctx, ldb, "domain=%s", name); if (basedn == NULL) goto failed; } diff --git a/source3/lib/ldb/common/ldb.c b/source3/lib/ldb/common/ldb.c index 0ea80fecfc..791c1863d7 100644 --- a/source3/lib/ldb/common/ldb.c +++ b/source3/lib/ldb/common/ldb.c @@ -166,7 +166,7 @@ static const struct ldb_dn *ldb_set_default_basedn(struct ldb_context *ldb) } tmp_ctx = talloc_new(ldb); - ret = ldb_search(ldb, ldb, &res, ldb_dn_new(tmp_ctx), LDB_SCOPE_BASE, + ret = ldb_search(ldb, ldb, &res, ldb_dn_new(tmp_ctx, ldb, NULL), LDB_SCOPE_BASE, attrs, "(objectClass=*)"); if (ret == LDB_SUCCESS) { if (res->count == 1) { @@ -601,7 +601,7 @@ int ldb_build_search_req(struct ldb_request **ret_req, req->operation = LDB_SEARCH; if (base == NULL) { - req->op.search.base = ldb_dn_new(req); + req->op.search.base = ldb_dn_new(req, ldb, NULL); } else { req->op.search.base = base; } diff --git a/source3/lib/ldb/common/ldb_dn.c b/source3/lib/ldb/common/ldb_dn.c index 7ef3c38024..09d58555bd 100644 --- a/source3/lib/ldb/common/ldb_dn.c +++ b/source3/lib/ldb/common/ldb_dn.c @@ -332,21 +332,44 @@ failed: return dc; } -struct ldb_dn *ldb_dn_new(void *mem_ctx) +struct ldb_dn *ldb_dn_new(void *mem_ctx, struct ldb_context *ldb, const char *text) { struct ldb_dn *edn; - edn = talloc(mem_ctx, struct ldb_dn); - LDB_DN_NULL_FAILED(edn); - - /* Initially there are no components */ - edn->comp_num = 0; - edn->components = NULL; + if (text == NULL) { + edn = talloc_zero(mem_ctx, struct ldb_dn); + } else { + edn = ldb_dn_explode(mem_ctx, text); + } return edn; +} -failed: - return NULL; +bool ldb_dn_validate(struct ldb_dn *dn) +{ + /* This implementation does not do "lazy" evaluation of DN's, so + * if a DN can be created it will be valid. */ + return true; +} + +struct ldb_dn *ldb_dn_new_fmt(void *mem_ctx, struct ldb_context *ldb, const char *new_fmt, ...) +{ + char *strdn; + va_list ap; + struct ldb_dn *dn; + + if ( (! mem_ctx) || (! ldb)) return NULL; + + va_start(ap, new_fmt); + strdn = talloc_vasprintf(mem_ctx, new_fmt, ap); + if (strdn == NULL) + return NULL; + va_end(ap); + + dn = ldb_dn_explode(mem_ctx, strdn); + + talloc_free(strdn); + return dn; } /* @@ -360,7 +383,7 @@ struct ldb_dn *ldb_dn_explode(void *mem_ctx, const char *dn) if (dn == NULL) return NULL; /* Allocate a structure to hold the exploded DN */ - edn = ldb_dn_new(mem_ctx); + edn = talloc_zero(mem_ctx, struct ldb_dn); if (edn == NULL) { return NULL; } @@ -440,7 +463,7 @@ struct ldb_dn *ldb_dn_explode_or_special(void *mem_ctx, const char *dn) */ /* Allocate a structure to hold the exploded DN */ - if (!(edn = ldb_dn_new(mem_ctx))) { + if (!(edn = talloc_zero(mem_ctx, struct ldb_dn))) { return NULL; } @@ -599,7 +622,7 @@ struct ldb_dn *ldb_dn_casefold(struct ldb_context *ldb, void *mem_ctx, const str if (edn == NULL) return NULL; - cedn = ldb_dn_new(mem_ctx); + cedn = talloc_zero(mem_ctx, struct ldb_dn); if (!cedn) { return NULL; } @@ -737,7 +760,7 @@ struct ldb_dn *ldb_dn_copy_partial(void *mem_ctx, const struct ldb_dn *dn, int n if (dn == NULL) return NULL; if (num_el <= 0) return NULL; - newdn = ldb_dn_new(mem_ctx); + newdn = talloc_zero(mem_ctx, struct ldb_dn); LDB_DN_NULL_FAILED(newdn); newdn->comp_num = num_el; @@ -814,7 +837,7 @@ struct ldb_dn *ldb_dn_build_child(void *mem_ctx, const char *attr, newdn = ldb_dn_copy_partial(mem_ctx, base, base->comp_num + 1); LDB_DN_NULL_FAILED(newdn); } else { - newdn = ldb_dn_new(mem_ctx); + newdn = talloc_zero(mem_ctx, struct ldb_dn); LDB_DN_NULL_FAILED(newdn); newdn->comp_num = 1; @@ -847,7 +870,7 @@ struct ldb_dn *ldb_dn_compose(void *mem_ctx, const struct ldb_dn *dn1, const str } if (dn2 == NULL) { - newdn = ldb_dn_new(mem_ctx); + newdn = talloc_zero(mem_ctx, struct ldb_dn); LDB_DN_NULL_FAILED(newdn); newdn->comp_num = dn1->comp_num; diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index 44a73cbfdb..588c0a131c 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -22,7 +22,7 @@ */ #include "includes.h" -#include "lib/ldb/include/includes.h" +#include "lib/ldb/include/ldb.h" #ifdef HAVE_LDAP @@ -3860,25 +3860,24 @@ ADS_STATUS ads_check_ou_dn(TALLOC_CTX *mem_ctx, char *ou_string = NULL; struct ldb_context *ldb = ldb_init(mem_ctx, NULL); - name_dn = ldb_dn_explode(mem_ctx, *account_ou); - if (name_dn) { + name_dn = ldb_dn_new(mem_ctx, ldb, *account_ou); + if (name_dn && ldb_dn_validate(name_dn)) { + talloc_free(ldb); return ADS_SUCCESS; } ou_string = ads_ou_string(ads, *account_ou); if (!ou_string) { + talloc_free(ldb); return ADS_ERROR_LDAP(LDAP_INVALID_DN_SYNTAX); } - name = talloc_asprintf(mem_ctx, "%s,%s", ou_string, - ads->config.bind_path); + name_dn = ldb_dn_new_fmt(mem_ctx, ldb, "%s,%s", ou_string, + ads->config.bind_path); SAFE_FREE(ou_string); - if (!name) { - return ADS_ERROR_LDAP(LDAP_NO_MEMORY); - } - name_dn = ldb_dn_explode(mem_ctx, name); - if (!name_dn) { + if (!name_dn || !ldb_dn_validate(name_dn)) { + talloc_free(ldb); return ADS_ERROR_LDAP(LDAP_INVALID_DN_SYNTAX); } |