From e4e9a5f21f314c83803b4885eccf4f288949ca64 Mon Sep 17 00:00:00 2001 From: Arvid Requate Date: Fri, 26 Aug 2016 16:18:57 +0200 Subject: [PATCH 1/2] For Bug #9959: local talloc frame for next commit Signed-off-by: Arvid Requate --- source4/rpc_server/backupkey/dcesrv_backupkey.c | 33 +++++++++++----------- .../backupkey/dcesrv_backupkey_heimdal.c | 33 +++++++++++----------- 2 files changed, 34 insertions(+), 32 deletions(-) diff --git a/source4/rpc_server/backupkey/dcesrv_backupkey.c b/source4/rpc_server/backupkey/dcesrv_backupkey.c index 63b9ee9..eacc074 100644 --- a/source4/rpc_server/backupkey/dcesrv_backupkey.c +++ b/source4/rpc_server/backupkey/dcesrv_backupkey.c @@ -54,6 +54,7 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx, const char *name, const DATA_BLOB *lsa_secret) { + TALLOC_CTX *frame = talloc_stackframe(); struct ldb_message *msg; struct ldb_result *res; struct ldb_dn *domain_dn; @@ -72,7 +73,7 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx, return NT_STATUS_INTERNAL_ERROR; } - msg = ldb_msg_new(mem_ctx); + msg = ldb_msg_new(frame); if (msg == NULL) { return NT_STATUS_NO_MEMORY; } @@ -89,13 +90,13 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx, system_dn = samdb_search_dn(ldb, msg, domain_dn, "(&(objectClass=container)(cn=System))"); if (system_dn == NULL) { - talloc_free(msg); + talloc_free(frame); return NT_STATUS_NO_MEMORY; } name2 = talloc_asprintf(msg, "%s Secret", name); if (name2 == NULL) { - talloc_free(msg); + talloc_free(frame); return NT_STATUS_NO_MEMORY; } @@ -105,7 +106,7 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx, if (ret != LDB_SUCCESS || res->count != 0 ) { DEBUG(2, ("Secret %s already exists !\n", name2)); - talloc_free(msg); + talloc_free(frame); return NT_STATUS_OBJECT_NAME_COLLISION; } @@ -114,41 +115,41 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx, * here only if the key didn't exists before */ - msg->dn = ldb_dn_copy(mem_ctx, system_dn); + msg->dn = ldb_dn_copy(frame, system_dn); if (msg->dn == NULL) { - talloc_free(msg); + talloc_free(frame); return NT_STATUS_NO_MEMORY; } if (!ldb_dn_add_child_fmt(msg->dn, "cn=%s", name2)) { - talloc_free(msg); + talloc_free(frame); return NT_STATUS_NO_MEMORY; } ret = ldb_msg_add_string(msg, "cn", name2); if (ret != LDB_SUCCESS) { - talloc_free(msg); + talloc_free(frame); return NT_STATUS_NO_MEMORY; } ret = ldb_msg_add_string(msg, "objectClass", "secret"); if (ret != LDB_SUCCESS) { - talloc_free(msg); + talloc_free(frame); return NT_STATUS_NO_MEMORY; } - ret = samdb_msg_add_uint64(ldb, mem_ctx, msg, "priorSetTime", nt_now); + ret = samdb_msg_add_uint64(ldb, frame, msg, "priorSetTime", nt_now); if (ret != LDB_SUCCESS) { - talloc_free(msg); + talloc_free(frame); return NT_STATUS_NO_MEMORY; } val.data = lsa_secret->data; val.length = lsa_secret->length; ret = ldb_msg_add_value(msg, "currentValue", &val, NULL); if (ret != LDB_SUCCESS) { - talloc_free(msg); + talloc_free(frame); return NT_STATUS_NO_MEMORY; } - ret = samdb_msg_add_uint64(ldb, mem_ctx, msg, "lastSetTime", nt_now); + ret = samdb_msg_add_uint64(ldb, frame, msg, "lastSetTime", nt_now); if (ret != LDB_SUCCESS) { - talloc_free(msg); + talloc_free(frame); return NT_STATUS_NO_MEMORY; } @@ -162,11 +163,11 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx, DEBUG(2,("Failed to create secret record %s: %s\n", ldb_dn_get_linearized(msg->dn), ldb_errstring(ldb))); - talloc_free(msg); + talloc_free(frame); return NT_STATUS_ACCESS_DENIED; } - talloc_free(msg); + talloc_free(frame); return NT_STATUS_OK; } diff --git a/source4/rpc_server/backupkey/dcesrv_backupkey_heimdal.c b/source4/rpc_server/backupkey/dcesrv_backupkey_heimdal.c index a9bd57f..d6eee46 100644 --- a/source4/rpc_server/backupkey/dcesrv_backupkey_heimdal.c +++ b/source4/rpc_server/backupkey/dcesrv_backupkey_heimdal.c @@ -67,6 +67,7 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx, const char *name, const DATA_BLOB *lsa_secret) { + TALLOC_CTX *frame = talloc_stackframe(); struct ldb_message *msg; struct ldb_result *res; struct ldb_dn *domain_dn; @@ -85,7 +86,7 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx, return NT_STATUS_INTERNAL_ERROR; } - msg = ldb_msg_new(mem_ctx); + msg = ldb_msg_new(frame); if (msg == NULL) { return NT_STATUS_NO_MEMORY; } @@ -102,13 +103,13 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx, system_dn = samdb_search_dn(ldb, msg, domain_dn, "(&(objectClass=container)(cn=System))"); if (system_dn == NULL) { - talloc_free(msg); + talloc_free(frame); return NT_STATUS_NO_MEMORY; } name2 = talloc_asprintf(msg, "%s Secret", name); if (name2 == NULL) { - talloc_free(msg); + talloc_free(frame); return NT_STATUS_NO_MEMORY; } @@ -118,7 +119,7 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx, if (ret != LDB_SUCCESS || res->count != 0 ) { DEBUG(2, ("Secret %s already exists !\n", name2)); - talloc_free(msg); + talloc_free(frame); return NT_STATUS_OBJECT_NAME_COLLISION; } @@ -127,41 +128,41 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx, * here only if the key didn't exists before */ - msg->dn = ldb_dn_copy(mem_ctx, system_dn); + msg->dn = ldb_dn_copy(frame, system_dn); if (msg->dn == NULL) { - talloc_free(msg); + talloc_free(frame); return NT_STATUS_NO_MEMORY; } if (!ldb_dn_add_child_fmt(msg->dn, "cn=%s", name2)) { - talloc_free(msg); + talloc_free(frame); return NT_STATUS_NO_MEMORY; } ret = ldb_msg_add_string(msg, "cn", name2); if (ret != LDB_SUCCESS) { - talloc_free(msg); + talloc_free(frame); return NT_STATUS_NO_MEMORY; } ret = ldb_msg_add_string(msg, "objectClass", "secret"); if (ret != LDB_SUCCESS) { - talloc_free(msg); + talloc_free(frame); return NT_STATUS_NO_MEMORY; } - ret = samdb_msg_add_uint64(ldb, mem_ctx, msg, "priorSetTime", nt_now); + ret = samdb_msg_add_uint64(ldb, frame, msg, "priorSetTime", nt_now); if (ret != LDB_SUCCESS) { - talloc_free(msg); + talloc_free(frame); return NT_STATUS_NO_MEMORY; } val.data = lsa_secret->data; val.length = lsa_secret->length; ret = ldb_msg_add_value(msg, "currentValue", &val, NULL); if (ret != LDB_SUCCESS) { - talloc_free(msg); + talloc_free(frame); return NT_STATUS_NO_MEMORY; } - ret = samdb_msg_add_uint64(ldb, mem_ctx, msg, "lastSetTime", nt_now); + ret = samdb_msg_add_uint64(ldb, frame, msg, "lastSetTime", nt_now); if (ret != LDB_SUCCESS) { - talloc_free(msg); + talloc_free(frame); return NT_STATUS_NO_MEMORY; } @@ -175,11 +176,11 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx, DEBUG(2,("Failed to create secret record %s: %s\n", ldb_dn_get_linearized(msg->dn), ldb_errstring(ldb))); - talloc_free(msg); + talloc_free(frame); return NT_STATUS_ACCESS_DENIED; } - talloc_free(msg); + talloc_free(frame); return NT_STATUS_OK; } -- 2.1.4 From 3814b42b41285ceed1771931605618908102ee9b Mon Sep 17 00:00:00 2001 From: Arvid Requate Date: Fri, 26 Aug 2016 16:20:34 +0200 Subject: [PATCH 2/2] Bug #9959: Don't search for CN=System Signed-off-by: Arvid Requate --- source4/rpc_server/backupkey/dcesrv_backupkey.c | 30 ++++++++++------------ .../backupkey/dcesrv_backupkey_heimdal.c | 30 ++++++++++------------ source4/rpc_server/lsa/lsa_init.c | 11 +++++--- source4/rpc_server/netlogon/dcerpc_netlogon.c | 12 +++++---- 4 files changed, 42 insertions(+), 41 deletions(-) diff --git a/source4/rpc_server/backupkey/dcesrv_backupkey.c b/source4/rpc_server/backupkey/dcesrv_backupkey.c index eacc074..5b97598 100644 --- a/source4/rpc_server/backupkey/dcesrv_backupkey.c +++ b/source4/rpc_server/backupkey/dcesrv_backupkey.c @@ -57,8 +57,7 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx, TALLOC_CTX *frame = talloc_stackframe(); struct ldb_message *msg; struct ldb_result *res; - struct ldb_dn *domain_dn; - struct ldb_dn *system_dn; + struct ldb_dn *system_dn = NULL; struct ldb_val val; int ret; char *name2; @@ -68,11 +67,6 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx, NULL }; - domain_dn = ldb_get_default_basedn(ldb); - if (!domain_dn) { - return NT_STATUS_INTERNAL_ERROR; - } - msg = ldb_msg_new(frame); if (msg == NULL) { return NT_STATUS_NO_MEMORY; @@ -88,12 +82,17 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx, * * taillor the function to the particular needs of backup protocol */ - system_dn = samdb_search_dn(ldb, msg, domain_dn, "(&(objectClass=container)(cn=System))"); + system_dn = ldb_dn_copy(frame, ldb_get_default_basedn(ldb)); if (system_dn == NULL) { talloc_free(frame); return NT_STATUS_NO_MEMORY; } + if (!ldb_dn_add_child_fmt(system_dn, "CN=System")) { + talloc_free(frame); + return NT_STATUS_NO_MEMORY; + } + name2 = talloc_asprintf(msg, "%s Secret", name); if (name2 == NULL) { talloc_free(frame); @@ -179,8 +178,7 @@ static NTSTATUS get_lsa_secret(TALLOC_CTX *mem_ctx, { TALLOC_CTX *tmp_mem; struct ldb_result *res; - struct ldb_dn *domain_dn; - struct ldb_dn *system_dn; + struct ldb_dn *system_dn = NULL; const struct ldb_val *val; uint8_t *data; const char *attrs[] = { @@ -192,22 +190,22 @@ static NTSTATUS get_lsa_secret(TALLOC_CTX *mem_ctx, lsa_secret->data = NULL; lsa_secret->length = 0; - domain_dn = ldb_get_default_basedn(ldb); - if (!domain_dn) { - return NT_STATUS_INTERNAL_ERROR; - } - tmp_mem = talloc_new(mem_ctx); if (tmp_mem == NULL) { return NT_STATUS_NO_MEMORY; } - system_dn = samdb_search_dn(ldb, tmp_mem, domain_dn, "(&(objectClass=container)(cn=System))"); + system_dn = ldb_dn_copy(tmp_mem, ldb_get_default_basedn(ldb)); if (system_dn == NULL) { talloc_free(tmp_mem); return NT_STATUS_NO_MEMORY; } + if (!ldb_dn_add_child_fmt(system_dn, "CN=System")) { + talloc_free(tmp_mem); + return NT_STATUS_NO_MEMORY; + } + ret = ldb_search(ldb, mem_ctx, &res, system_dn, LDB_SCOPE_SUBTREE, attrs, "(&(cn=%s Secret)(objectclass=secret))", ldb_binary_encode_string(tmp_mem, name)); diff --git a/source4/rpc_server/backupkey/dcesrv_backupkey_heimdal.c b/source4/rpc_server/backupkey/dcesrv_backupkey_heimdal.c index d6eee46..35dcc18 100644 --- a/source4/rpc_server/backupkey/dcesrv_backupkey_heimdal.c +++ b/source4/rpc_server/backupkey/dcesrv_backupkey_heimdal.c @@ -70,8 +70,7 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx, TALLOC_CTX *frame = talloc_stackframe(); struct ldb_message *msg; struct ldb_result *res; - struct ldb_dn *domain_dn; - struct ldb_dn *system_dn; + struct ldb_dn *system_dn = NULL; struct ldb_val val; int ret; char *name2; @@ -81,11 +80,6 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx, NULL }; - domain_dn = ldb_get_default_basedn(ldb); - if (!domain_dn) { - return NT_STATUS_INTERNAL_ERROR; - } - msg = ldb_msg_new(frame); if (msg == NULL) { return NT_STATUS_NO_MEMORY; @@ -101,12 +95,17 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx, * * taillor the function to the particular needs of backup protocol */ - system_dn = samdb_search_dn(ldb, msg, domain_dn, "(&(objectClass=container)(cn=System))"); + system_dn = ldb_dn_copy(frame, ldb_get_default_basedn(ldb)); if (system_dn == NULL) { talloc_free(frame); return NT_STATUS_NO_MEMORY; } + if (!ldb_dn_add_child_fmt(system_dn, "CN=System")) { + talloc_free(frame); + return NT_STATUS_NO_MEMORY; + } + name2 = talloc_asprintf(msg, "%s Secret", name); if (name2 == NULL) { talloc_free(frame); @@ -192,8 +191,7 @@ static NTSTATUS get_lsa_secret(TALLOC_CTX *mem_ctx, { TALLOC_CTX *tmp_mem; struct ldb_result *res; - struct ldb_dn *domain_dn; - struct ldb_dn *system_dn; + struct ldb_dn *system_dn = NULL; const struct ldb_val *val; uint8_t *data; const char *attrs[] = { @@ -205,22 +203,22 @@ static NTSTATUS get_lsa_secret(TALLOC_CTX *mem_ctx, lsa_secret->data = NULL; lsa_secret->length = 0; - domain_dn = ldb_get_default_basedn(ldb); - if (!domain_dn) { - return NT_STATUS_INTERNAL_ERROR; - } - tmp_mem = talloc_new(mem_ctx); if (tmp_mem == NULL) { return NT_STATUS_NO_MEMORY; } - system_dn = samdb_search_dn(ldb, tmp_mem, domain_dn, "(&(objectClass=container)(cn=System))"); + system_dn = ldb_dn_copy(tmp_mem, ldb_get_default_basedn(ldb)); if (system_dn == NULL) { talloc_free(tmp_mem); return NT_STATUS_NO_MEMORY; } + if (!ldb_dn_add_child_fmt(system_dn, "CN=System")) { + talloc_free(tmp_mem); + return NT_STATUS_NO_MEMORY; + } + ret = ldb_search(ldb, mem_ctx, &res, system_dn, LDB_SCOPE_SUBTREE, attrs, "(&(cn=%s Secret)(objectclass=secret))", ldb_binary_encode_string(tmp_mem, name)); diff --git a/source4/rpc_server/lsa/lsa_init.c b/source4/rpc_server/lsa/lsa_init.c index 5628c5b..4173a97 100644 --- a/source4/rpc_server/lsa/lsa_init.c +++ b/source4/rpc_server/lsa/lsa_init.c @@ -144,10 +144,13 @@ NTSTATUS dcesrv_lsa_get_policy_state(struct dcesrv_call_state *dce_call, /* work out the system_dn - useful for so many calls its worth fetching here */ - state->system_dn = samdb_search_dn(state->sam_ldb, state, - state->domain_dn, "(&(objectClass=container)(cn=System))"); - if (!state->system_dn) { - return NT_STATUS_NO_SUCH_DOMAIN; + state->system_dn = ldb_dn_copy(state, state->domain_dn); + if (state->system_dn == NULL) { + return NT_STATUS_NO_MEMORY; + } + + if (!ldb_dn_add_child_fmt(state->system_dn, "CN=System")) { + return NT_STATUS_NO_MEMORY; } state->builtin_sid = dom_sid_parse_talloc(state, SID_BUILTIN); diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index 73ac874..001e48d 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -2640,11 +2640,13 @@ static WERROR fill_trusted_domains_array(TALLOC_CTX *mem_ctx, return WERR_INVALID_FLAGS; } - system_dn = samdb_search_dn(sam_ctx, mem_ctx, - ldb_get_default_basedn(sam_ctx), - "(&(objectClass=container)(cn=System))"); - if (!system_dn) { - return WERR_GEN_FAILURE; + system_dn = ldb_dn_copy(mem_ctx, ldb_get_default_basedn(sam_ctx)); + if (system_dn == NULL) { + return WERR_NOT_ENOUGH_MEMORY; + } + + if (!ldb_dn_add_child_fmt(system_dn, "CN=System")) { + return WERR_NOT_ENOUGH_MEMORY; } ret = gendb_search(sam_ctx, mem_ctx, system_dn, -- 2.1.4