diff options
Diffstat (limited to 'source4/cldap_server/netlogon.c')
-rw-r--r-- | source4/cldap_server/netlogon.c | 43 |
1 files changed, 41 insertions, 2 deletions
diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index 0894b2bea7..a5c12df1fb 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -38,6 +38,7 @@ #include "../lib/tsocket/tsocket.h" #include "libds/common/flag_mapping.h" #include "lib/util/util_net.h" +#include "lib/ldb/include/ldb_module.h" /* fill in the cldap netlogon union for a given version @@ -369,6 +370,21 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, return NT_STATUS_OK; } +/* + create a always matching node from a equality node + */ +static void set_parse_tree_true(struct ldb_parse_tree *tree) +{ + const char *attr = tree->u.equality.attr; + struct ldb_val value = tree->u.equality.value; + + tree->operation = LDB_OP_EXTENDED; + tree->u.extended.attr = attr; + tree->u.extended.value = value; + tree->u.extended.rule_id = SAMBA_LDAP_MATCH_ALWAYS_TRUE; + tree->u.extended.dnAttributes = 0; +} + NTSTATUS parse_netlogon_request(struct ldb_parse_tree *tree, struct loadparm_context *lp_ctx, TALLOC_CTX *tmp_ctx, @@ -378,7 +394,8 @@ NTSTATUS parse_netlogon_request(struct ldb_parse_tree *tree, const char **domain_guid, struct dom_sid **domain_sid, int *acct_control, - int *version) + int *version, + bool filter_from_tree) { unsigned int i; @@ -400,11 +417,17 @@ NTSTATUS parse_netlogon_request(struct ldb_parse_tree *tree, *domain = talloc_strndup(tmp_ctx, (const char *)t->u.equality.value.data, t->u.equality.value.length); + if (filter_from_tree) { + set_parse_tree_true(t); + } } if (strcasecmp(t->u.equality.attr, "Host") == 0) { *host = talloc_strndup(tmp_ctx, (const char *)t->u.equality.value.data, t->u.equality.value.length); + if (filter_from_tree) { + set_parse_tree_true(t); + } } if (strcasecmp(t->u.equality.attr, "DomainGuid") == 0) { NTSTATUS enc_status; @@ -413,6 +436,9 @@ NTSTATUS parse_netlogon_request(struct ldb_parse_tree *tree, t->u.equality.value, &guid); if (NT_STATUS_IS_OK(enc_status)) { *domain_guid = GUID_string(tmp_ctx, &guid); + if (filter_from_tree) { + set_parse_tree_true(t); + } } } if (strcasecmp(t->u.equality.attr, "DomainSid") == 0) { @@ -429,19 +455,31 @@ NTSTATUS parse_netlogon_request(struct ldb_parse_tree *tree, talloc_free(*domain_sid); goto failed; } + if (filter_from_tree) { + set_parse_tree_true(t); + } } if (strcasecmp(t->u.equality.attr, "User") == 0) { *user = talloc_strndup(tmp_ctx, (const char *)t->u.equality.value.data, t->u.equality.value.length); + if (filter_from_tree) { + set_parse_tree_true(t); + } } if (strcasecmp(t->u.equality.attr, "NtVer") == 0 && t->u.equality.value.length == 4) { *version = IVAL(t->u.equality.value.data, 0); + if (filter_from_tree) { + set_parse_tree_true(t); + } } if (strcasecmp(t->u.equality.attr, "AAC") == 0 && t->u.equality.value.length == 4) { *acct_control = IVAL(t->u.equality.value.data, 0); + if (filter_from_tree) { + set_parse_tree_true(t); + } } } @@ -480,7 +518,8 @@ void cldapd_netlogon_request(struct cldap_socket *cldap, status = parse_netlogon_request(tree, cldapd->task->lp_ctx, tmp_ctx, &domain, &host, &user, &domain_guid, - &domain_sid, &acct_control, &version); + &domain_sid, &acct_control, &version, + false); if (!NT_STATUS_IS_OK(status)) { goto failed; } |