From 508527890adc7bedd47522a7dae0c96d2b2e4bae Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Tue, 23 Sep 2008 14:30:06 -0400 Subject: Merge ldb_search() and ldb_search_exp_fmt() into a simgle function. The previous ldb_search() interface made it way too easy to leak results, and being able to use a printf-like expression turns to be really useful. --- source4/rpc_server/lsa/lsa_init.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) (limited to 'source4/rpc_server/lsa/lsa_init.c') diff --git a/source4/rpc_server/lsa/lsa_init.c b/source4/rpc_server/lsa/lsa_init.c index 0dc21fd9c5..e5e31c74f8 100644 --- a/source4/rpc_server/lsa/lsa_init.c +++ b/source4/rpc_server/lsa/lsa_init.c @@ -71,12 +71,11 @@ NTSTATUS dcesrv_lsa_get_policy_state(struct dcesrv_call_state *dce_call, TALLOC_ return NT_STATUS_NO_MEMORY; } - ret = ldb_search(state->sam_ldb, state->domain_dn, LDB_SCOPE_BASE, NULL, dom_attrs, &dom_res); - + ret = ldb_search(state->sam_ldb, mem_ctx, &dom_res, + state->domain_dn, LDB_SCOPE_BASE, dom_attrs, NULL); if (ret != LDB_SUCCESS) { return NT_STATUS_INVALID_SYSTEM_SERVICE; } - talloc_steal(mem_ctx, dom_res); if (dom_res->count != 1) { return NT_STATUS_NO_SUCH_DOMAIN; } @@ -95,7 +94,7 @@ NTSTATUS dcesrv_lsa_get_policy_state(struct dcesrv_call_state *dce_call, TALLOC_ talloc_free(dom_res); - ret = ldb_search_exp_fmt(state->sam_ldb, state, &ref_res, + ret = ldb_search(state->sam_ldb, state, &ref_res, partitions_basedn, LDB_SCOPE_SUBTREE, ref_attrs, "(&(objectclass=crossRef)(ncName=%s))", ldb_dn_get_linearized(state->domain_dn)); @@ -125,7 +124,7 @@ NTSTATUS dcesrv_lsa_get_policy_state(struct dcesrv_call_state *dce_call, TALLOC_ talloc_free(ref_res); - ret = ldb_search_exp_fmt(state->sam_ldb, state, &forest_ref_res, + ret = ldb_search(state->sam_ldb, state, &forest_ref_res, partitions_basedn, LDB_SCOPE_SUBTREE, ref_attrs, "(&(objectclass=crossRef)(ncName=%s))", ldb_dn_get_linearized(state->forest_dn)); -- cgit From 28482efa5ceebdea821b9368a2761e93ee2fff59 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 29 Sep 2008 16:51:05 -0700 Subject: WSPP docs say we need to check that root_dir is NULL --- source4/rpc_server/lsa/lsa_init.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'source4/rpc_server/lsa/lsa_init.c') diff --git a/source4/rpc_server/lsa/lsa_init.c b/source4/rpc_server/lsa/lsa_init.c index e5e31c74f8..a95cb10f9f 100644 --- a/source4/rpc_server/lsa/lsa_init.c +++ b/source4/rpc_server/lsa/lsa_init.c @@ -199,6 +199,12 @@ NTSTATUS dcesrv_lsa_OpenPolicy2(struct dcesrv_call_state *dce_call, TALLOC_CTX * ZERO_STRUCTP(r->out.handle); + if (r->in.attr == NULL || + r->in.attr->root_dir != NULL) { + /* MS-LSAD 3.1.4.4.1 */ + return NT_STATUS_INVALID_PARAMETER; + } + status = dcesrv_lsa_get_policy_state(dce_call, mem_ctx, &state); if (!NT_STATUS_IS_OK(status)) { return status; -- cgit From dab5d4abbce7fc54427e5eb130e36860ffa74685 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 30 Sep 2008 08:44:06 -0700 Subject: cope with NULL attr --- source4/rpc_server/lsa/lsa_init.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source4/rpc_server/lsa/lsa_init.c') diff --git a/source4/rpc_server/lsa/lsa_init.c b/source4/rpc_server/lsa/lsa_init.c index a95cb10f9f..8d8417109f 100644 --- a/source4/rpc_server/lsa/lsa_init.c +++ b/source4/rpc_server/lsa/lsa_init.c @@ -199,7 +199,7 @@ NTSTATUS dcesrv_lsa_OpenPolicy2(struct dcesrv_call_state *dce_call, TALLOC_CTX * ZERO_STRUCTP(r->out.handle); - if (r->in.attr == NULL || + if (r->in.attr != NULL && r->in.attr->root_dir != NULL) { /* MS-LSAD 3.1.4.4.1 */ return NT_STATUS_INVALID_PARAMETER; @@ -217,6 +217,8 @@ NTSTATUS dcesrv_lsa_OpenPolicy2(struct dcesrv_call_state *dce_call, TALLOC_CTX * handle->data = talloc_steal(handle, state); + /* need to check the access mask against - need ACLs - fails + WSPP test */ state->access_mask = r->in.access_mask; state->handle = handle; *r->out.handle = handle->wire_handle; -- cgit