diff options
-rw-r--r-- | source3/libads/kerberos.c | 18 | ||||
-rw-r--r-- | source3/libads/ldap.c | 26 | ||||
-rw-r--r-- | source3/libsmb/ntlmssp_parse.c | 145 |
3 files changed, 120 insertions, 69 deletions
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c index f259c21bdb..29e5661d3c 100644 --- a/source3/libads/kerberos.c +++ b/source3/libads/kerberos.c @@ -829,13 +829,15 @@ bool create_local_private_krb5_conf_for_domain(const char *realm, /* Insanity, sheer insanity..... */ if (strequal(realm, lp_realm())) { - pstring linkpath; + char linkpath[PATH_MAX+1]; int lret; lret = readlink(SYSTEM_KRB5_CONF_PATH, linkpath, sizeof(linkpath)-1); - linkpath[sizeof(pstring)-1] = '\0'; + if (lret != -1) { + linkpath[lret] = '\0'; + } - if (lret == 0 || strcmp(linkpath, fname) == 0) { + if (lret != -1 || strcmp(linkpath, fname) == 0) { /* Symlink already exists. */ TALLOC_FREE(dname); return True; @@ -843,6 +845,7 @@ bool create_local_private_krb5_conf_for_domain(const char *realm, /* Try and replace with a symlink. */ if (symlink(fname, SYSTEM_KRB5_CONF_PATH) == -1) { + const char *newpath = SYSTEM_KRB5_CONF_PATH ## ".saved"; if (errno != EEXIST) { DEBUG(0,("create_local_private_krb5_conf_for_domain: symlink " "of %s to %s failed. Errno %s\n", @@ -851,20 +854,17 @@ bool create_local_private_krb5_conf_for_domain(const char *realm, return True; /* Not a fatal error. */ } - pstrcpy(linkpath, SYSTEM_KRB5_CONF_PATH); - pstrcat(linkpath, ".saved"); - /* Yes, this is a race conditon... too bad. */ - if (rename(SYSTEM_KRB5_CONF_PATH, linkpath) == -1) { + if (rename(SYSTEM_KRB5_CONF_PATH, newpath) == -1) { DEBUG(0,("create_local_private_krb5_conf_for_domain: rename " "of %s to %s failed. Errno %s\n", - SYSTEM_KRB5_CONF_PATH, linkpath, + SYSTEM_KRB5_CONF_PATH, newpath, strerror(errno) )); TALLOC_FREE(dname); return True; /* Not a fatal error. */ } - if (symlink(fname, "/etc/krb5.conf") == -1) { + if (symlink(fname, SYSTEM_KRB5_CONF_PATH) == -1) { DEBUG(0,("create_local_private_krb5_conf_for_domain: " "forced symlink of %s to /etc/krb5.conf failed. Errno %s\n", fname, strerror(errno) )); diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index 0294c4a5b5..01f6b00c02 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -251,7 +251,7 @@ static NTSTATUS ads_find_dc(ADS_STRUCT *ads) const char *c_realm; int count, i=0; struct ip_service *ip_list; - pstring realm; + const char *realm; bool got_realm = False; bool use_own_domain = False; char *sitename; @@ -261,7 +261,7 @@ static NTSTATUS ads_find_dc(ADS_STRUCT *ads) /* realm */ c_realm = ads->server.realm; - + if ( !c_realm || !*c_realm ) { /* special case where no realm and no workgroup means our own */ if ( !ads->server.workgroup || !*ads->server.workgroup ) { @@ -269,33 +269,33 @@ static NTSTATUS ads_find_dc(ADS_STRUCT *ads) c_realm = lp_realm(); } } - - if (c_realm && *c_realm) + + if (c_realm && *c_realm) got_realm = True; - - /* we need to try once with the realm name and fallback to the + + /* we need to try once with the realm name and fallback to the netbios domain name if we fail (if netbios has not been disabled */ - + if ( !got_realm && !lp_disable_netbios() ) { c_realm = ads->server.workgroup; if (!c_realm || !*c_realm) { if ( use_own_domain ) c_realm = lp_workgroup(); } - + if ( !c_realm || !*c_realm ) { DEBUG(0,("ads_find_dc: no realm or workgroup! Don't know what to do\n")); return NT_STATUS_INVALID_PARAMETER; /* rather need MISSING_PARAMETER ... */ } } - - pstrcpy( realm, c_realm ); + + realm = c_realm; sitename = sitename_fetch(realm); again: - DEBUG(6,("ads_find_dc: looking for %s '%s'\n", + DEBUG(6,("ads_find_dc: looking for %s '%s'\n", (got_realm ? "realm" : "domain"), realm)); status = get_sorted_dc_list(realm, sitename, &ip_list, &count, got_realm); @@ -305,7 +305,7 @@ static NTSTATUS ads_find_dc(ADS_STRUCT *ads) got_realm = False; goto again; } - + SAFE_FREE(sitename); return status; } @@ -338,7 +338,7 @@ static NTSTATUS ads_find_dc(ADS_STRUCT *ads) continue; } } - + if ( ads_try_connect(ads, server) ) { SAFE_FREE(ip_list); SAFE_FREE(sitename); diff --git a/source3/libsmb/ntlmssp_parse.c b/source3/libsmb/ntlmssp_parse.c index 76194d5974..ac8846ad1e 100644 --- a/source3/libsmb/ntlmssp_parse.c +++ b/source3/libsmb/ntlmssp_parse.c @@ -1,20 +1,20 @@ -/* +/* Unix SMB/CIFS implementation. simple kerberos5/SPNEGO routines Copyright (C) Andrew Tridgell 2001 Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2002 Copyright (C) Andrew Bartlett 2002-2003 - + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ @@ -89,7 +89,9 @@ bool msrpc_gen(DATA_BLOB *blob, } va_end(ap); - /* allocate the space, then scan the format again to fill in the values */ + /* allocate the space, then scan the format + * again to fill in the values */ + *blob = data_blob(NULL, head_size + data_size); head_ofs = 0; @@ -104,7 +106,8 @@ bool msrpc_gen(DATA_BLOB *blob, SSVAL(blob->data, head_ofs, n*2); head_ofs += 2; SSVAL(blob->data, head_ofs, n*2); head_ofs += 2; SIVAL(blob->data, head_ofs, data_ofs); head_ofs += 4; - push_string(NULL, blob->data+data_ofs, s, n*2, STR_UNICODE|STR_NOALIGN); + push_string(NULL, blob->data+data_ofs, + s, n*2, STR_UNICODE|STR_NOALIGN); data_ofs += n*2; break; case 'A': @@ -113,7 +116,8 @@ bool msrpc_gen(DATA_BLOB *blob, SSVAL(blob->data, head_ofs, n); head_ofs += 2; SSVAL(blob->data, head_ofs, n); head_ofs += 2; SIVAL(blob->data, head_ofs, data_ofs); head_ofs += 4; - push_string(NULL, blob->data+data_ofs, s, n, STR_ASCII|STR_NOALIGN); + push_string(NULL, blob->data+data_ofs, + s, n, STR_ASCII|STR_NOALIGN); data_ofs += n; break; case 'a': @@ -159,7 +163,7 @@ bool msrpc_gen(DATA_BLOB *blob, } va_end(ap); - return True; + return true; } @@ -193,7 +197,6 @@ bool msrpc_parse(const DATA_BLOB *blob, uint16 len1, len2; uint32 ptr; uint32 *v; - pstring p; va_start(ap, format); for (i=0; format[i]; i++) { @@ -208,23 +211,37 @@ bool msrpc_parse(const DATA_BLOB *blob, if (len1 == 0 && len2 == 0) { *ps = smb_xstrdup(""); } else { - /* make sure its in the right format - be strict */ - if ((len1 != len2) || (ptr + len1 < ptr) || (ptr + len1 < len1) || (ptr + len1 > blob->length)) { - return False; + /* make sure its in the right format + * be strict */ + if ((len1 != len2) || (ptr + len1 < ptr) || + (ptr + len1 < len1) || + (ptr + len1 > blob->length)) { + return false; } if (len1 & 1) { /* if odd length and unicode */ - return False; + return false; } - if (blob->data + ptr < (uint8 *)(unsigned long)ptr || blob->data + ptr < blob->data) - return False; + if (blob->data + ptr < + (uint8 *)(unsigned long)ptr || + blob->data + ptr < blob->data) + return false; if (0 < len1) { - pull_string( - NULL, 0, p, - blob->data + ptr, sizeof(p), - len1, STR_UNICODE|STR_NOALIGN); - (*ps) = smb_xstrdup(p); + char *p = NULL; + pull_string_talloc(talloc_tos(), + NULL, + 0, + &p, + blob->data + ptr, + len1, + STR_UNICODE|STR_NOALIGN); + if (p) { + (*ps) = smb_xstrdup(p); + TALLOC_FREE(p); + } else { + (*ps) = smb_xstrdup(""); + } } else { (*ps) = smb_xstrdup(""); } @@ -241,19 +258,32 @@ bool msrpc_parse(const DATA_BLOB *blob, if (len1 == 0 && len2 == 0) { *ps = smb_xstrdup(""); } else { - if ((len1 != len2) || (ptr + len1 < ptr) || (ptr + len1 < len1) || (ptr + len1 > blob->length)) { - return False; + if ((len1 != len2) || (ptr + len1 < ptr) || + (ptr + len1 < len1) || + (ptr + len1 > blob->length)) { + return false; } - if (blob->data + ptr < (uint8 *)(unsigned long)ptr || blob->data + ptr < blob->data) - return False; + if (blob->data + ptr < + (uint8 *)(unsigned long)ptr || + blob->data + ptr < blob->data) + return false; if (0 < len1) { - pull_string( - NULL, 0, p, - blob->data + ptr, sizeof(p), - len1, STR_ASCII|STR_NOALIGN); - (*ps) = smb_xstrdup(p); + char *p = NULL; + pull_string_talloc(talloc_tos(), + NULL, + 0, + &p, + blob->data + ptr, + len1, + STR_ASCII|STR_NOALIGN); + if (p) { + (*ps) = smb_xstrdup(p); + TALLOC_FREE(p); + } else { + (*ps) = smb_xstrdup(""); + } } else { (*ps) = smb_xstrdup(""); } @@ -269,14 +299,19 @@ bool msrpc_parse(const DATA_BLOB *blob, if (len1 == 0 && len2 == 0) { *b = data_blob_null; } else { - /* make sure its in the right format - be strict */ - if ((len1 != len2) || (ptr + len1 < ptr) || (ptr + len1 < len1) || (ptr + len1 > blob->length)) { - return False; + /* make sure its in the right format + * be strict */ + if ((len1 != len2) || (ptr + len1 < ptr) || + (ptr + len1 < len1) || + (ptr + len1 > blob->length)) { + return false; } - if (blob->data + ptr < (uint8 *)(unsigned long)ptr || blob->data + ptr < blob->data) - return False; - + if (blob->data + ptr < + (uint8 *)(unsigned long)ptr || + blob->data + ptr < blob->data) + return false; + *b = data_blob(blob->data + ptr, len1); } break; @@ -285,9 +320,11 @@ bool msrpc_parse(const DATA_BLOB *blob, len1 = va_arg(ap, unsigned); /* make sure its in the right format - be strict */ NEED_DATA(len1); - if (blob->data + head_ofs < (uint8 *)head_ofs || blob->data + head_ofs < blob->data) - return False; - + if (blob->data + head_ofs < (uint8 *)head_ofs || + blob->data + head_ofs < blob->data) { + return false; + } + *b = data_blob(blob->data + head_ofs, len1); head_ofs += len1; break; @@ -299,15 +336,29 @@ bool msrpc_parse(const DATA_BLOB *blob, case 'C': s = va_arg(ap, char *); - if (blob->data + head_ofs < (uint8 *)head_ofs || blob->data + head_ofs < blob->data) - return False; - - head_ofs += pull_string( - NULL, 0, p, blob->data+head_ofs, sizeof(p), - blob->length - head_ofs, - STR_ASCII|STR_TERMINATE); - if (strcmp(s, p) != 0) { - return False; + if (blob->data + head_ofs < (uint8 *)head_ofs || + blob->data + head_ofs < blob->data) { + return false; + } + + { + char *p = NULL; + size_t ret = pull_string_talloc(talloc_tos(), + NULL, + 0, + &p, + blob->data+head_ofs, + blob->length - head_ofs, + STR_ASCII|STR_TERMINATE); + if (ret == (size_t)-1 || p == NULL) { + return false; + } + head_ofs += ret; + if (strcmp(s, p) != 0) { + TALLOC_FREE(p); + return false; + } + TALLOC_FREE(p); } break; } |