From c2b134cc3b67d48961226cbfac6ea3a2fc7cc1a6 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 1 Feb 2003 05:20:11 +0000
Subject: Always escape ldap filter strings.  Escaping code was from pam_ldap,
 but I'm to blame for the realloc() stuff.

Plus a couple of minor updates to libads.

Andrew Bartlett
(This used to be commit 34b2e558a4b3cfd753339bb228a9799e27ed8170)
---
 source3/libads/ads_ldap.c  | 12 +++++++++++-
 source3/libads/ldap.c      | 28 +++++++++++++++++++++-------
 source3/libads/ldap_user.c |  9 +++++++--
 3 files changed, 39 insertions(+), 10 deletions(-)

(limited to 'source3/libads')

diff --git a/source3/libads/ads_ldap.c b/source3/libads/ads_ldap.c
index 05b016539e..97f12de0f7 100644
--- a/source3/libads/ads_ldap.c
+++ b/source3/libads/ads_ldap.c
@@ -37,9 +37,16 @@ NTSTATUS ads_name_to_sid(ADS_STRUCT *ads,
 	char *exp;
 	uint32 t;
 	NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+	char *escaped_name = escape_ldap_string_alloc(name);
+	char *escaped_realm = escape_ldap_string_alloc(ads->config.realm);
+
+	if (!escaped_name || !escaped_realm) {
+		status = NT_STATUS_NO_MEMORY;
+		goto done;
+	}
 
 	if (asprintf(&exp, "(|(sAMAccountName=%s)(userPrincipalName=%s@%s))", 
-		     name, name, ads->config.realm) == -1) {
+		     escaped_name, escaped_name, escaped_realm) == -1) {
 		DEBUG(1,("ads_name_to_sid: asprintf failed!\n"));
 		status = NT_STATUS_NO_MEMORY;
 		goto done;
@@ -77,6 +84,9 @@ NTSTATUS ads_name_to_sid(ADS_STRUCT *ads,
 done:
 	if (res) ads_msgfree(ads, res);
 
+	SAFE_FREE(escaped_name);
+	SAFE_FREE(escaped_realm);
+
 	return status;
 }
 
diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index 0a95e019bf..603f17c994 100644
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -974,7 +974,7 @@ ADS_STATUS ads_gen_add(ADS_STRUCT *ads, const char *new_dn, ADS_MODLIST mods)
 	/* make sure the end of the list is NULL */
 	mods[i] = NULL;
 
-	ret = ldap_add_s(ads->ld, utf8_dn ? utf8_dn : new_dn, mods);
+	ret = ldap_add_s(ads->ld, utf8_dn, mods);
 	SAFE_FREE(utf8_dn);
 	return ADS_ERROR(ret);
 }
@@ -994,7 +994,7 @@ ADS_STATUS ads_del_dn(ADS_STRUCT *ads, char *del_dn)
 		return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
 	}
 	
-	ret = ldap_delete(ads->ld, utf8_dn ? utf8_dn : del_dn);
+	ret = ldap_delete(ads->ld, utf8_dn);
 	return ADS_ERROR(ret);
 }
 
@@ -1029,8 +1029,8 @@ static ADS_STATUS ads_add_machine_acct(ADS_STRUCT *ads, const char *hostname,
 	ADS_MODLIST mods;
 	const char *objectClass[] = {"top", "person", "organizationalPerson",
 				     "user", "computer", NULL};
-	const char *servicePrincipalName[3] = {NULL, NULL, NULL};
-	char *psp;
+	const char *servicePrincipalName[5] = {NULL, NULL, NULL, NULL, NULL};
+	char *psp, *psp2;
 	unsigned acct_control;
 
 	if (!(ctx = talloc_init("machine_account")))
@@ -1051,10 +1051,16 @@ static ADS_STATUS ads_add_machine_acct(ADS_STRUCT *ads, const char *hostname,
 				 ads->config.bind_path);
 	servicePrincipalName[0] = talloc_asprintf(ctx, "HOST/%s", hostname);
 	psp = talloc_asprintf(ctx, "HOST/%s.%s", 
-						  hostname, 
-						  ads->config.realm);
+			      hostname, 
+			      ads->config.realm);
 	strlower(&psp[5]);
 	servicePrincipalName[1] = psp;
+	servicePrincipalName[2] = talloc_asprintf(ctx, "CIFS/%s", hostname);
+	psp2 = talloc_asprintf(ctx, "CIFS/%s.%s", 
+			       hostname, 
+			       ads->config.realm);
+	strlower(&psp2[5]);
+	servicePrincipalName[3] = psp2;
 
 	free(ou_str);
 	if (!new_dn)
@@ -1405,6 +1411,7 @@ ADS_STATUS ads_set_machine_sd(ADS_STRUCT *ads, const char *hostname, char *dn)
 	size_t          sd_size = 0;
 	struct berval   bval = {0, NULL};
 	prs_struct      ps_wire;
+	char           *escaped_hostname = escape_ldap_string_alloc(hostname);
 
 	LDAPMessage *res  = 0;
 	LDAPMessage *msg  = 0;
@@ -1420,11 +1427,18 @@ ADS_STATUS ads_set_machine_sd(ADS_STRUCT *ads, const char *hostname, char *dn)
 
 	ret = ADS_ERROR(LDAP_SUCCESS);
 
-	if (asprintf(&exp, "(samAccountName=%s$)", hostname) == -1) {
+	if (!escaped_hostname) {
+		return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
+	}
+
+	if (asprintf(&exp, "(samAccountName=%s$)", escaped_hostname) == -1) {
 		DEBUG(1, ("ads_set_machine_sd: asprintf failed!\n"));
+		SAFE_FREE(escaped_hostname);
 		return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
 	}
 
+	SAFE_FREE(escaped_hostname);
+
 	ret = ads_search(ads, (void *) &res, exp, attrs);
 
 	if (!ADS_ERR_OK(ret)) return ret;
diff --git a/source3/libads/ldap_user.c b/source3/libads/ldap_user.c
index 2e38e7a00d..7efe5338f3 100644
--- a/source3/libads/ldap_user.c
+++ b/source3/libads/ldap_user.c
@@ -30,10 +30,15 @@ ADS_STATUS ads_find_user_acct(ADS_STRUCT *ads, void **res, const char *user)
 	ADS_STATUS status;
 	char *exp;
 	const char *attrs[] = {"*", NULL};
+	char *escaped_user = escape_ldap_string_alloc(user);
+	if (!escaped_user) {
+		return ADS_ERROR(LDAP_NO_MEMORY);
+	}
 
-	asprintf(&exp, "(samAccountName=%s)", user);
+	asprintf(&exp, "(samAccountName=%s)", escaped_user);
 	status = ads_search(ads, res, exp, attrs);
-	free(exp);
+	SAFE_FREE(exp);
+	SAFE_FREE(escaped_user);
 	return status;
 }
 
-- 
cgit