dpward / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone
Blob Blame History Raw
From df00f0d33874381fc36ee59eaf28a4918ae5dc56 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Tue, 12 Jul 2016 13:29:33 +0200
Subject: [PATCH 39/44] AD: netlogon_get_domain_info() allow missing arguments
 and empty results

netlogon_get_domain_info() should not fail if not all parameters can be
retrieved. It should be the responsibility of the caller to see if the
needed data is available and act accordingly.

Resolves:
https://fedorahosted.org/sssd/ticket/3104

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
---
 src/providers/ad/ad_common.h      |   1 +
 src/providers/ad/ad_domain_info.c | 108 +++++++++++++++++++++-----------------
 src/providers/ad/ad_gpo.c         |   2 +-
 src/providers/ad/ad_subdomains.c  |   3 +-
 4 files changed, 64 insertions(+), 50 deletions(-)

diff --git a/src/providers/ad/ad_common.h b/src/providers/ad/ad_common.h
index f4a90e4f0a3fe5910071d5fe690d0a356e2a0bd1..7e86faf1142d7be49eef01e1ddd7bfafea2fcedc 100644
--- a/src/providers/ad/ad_common.h
+++ b/src/providers/ad/ad_common.h
@@ -187,6 +187,7 @@ errno_t ad_machine_account_password_renewal_init(struct be_ctx *be_ctx,
 
 errno_t netlogon_get_domain_info(TALLOC_CTX *mem_ctx,
                                  struct sysdb_attrs *reply,
+                                 bool check_next_nearest_site_as_well,
                                  char **_flat_name,
                                  char **_site,
                                  char **_forest);
diff --git a/src/providers/ad/ad_domain_info.c b/src/providers/ad/ad_domain_info.c
index a06379c263878aa95741055636d0a12764f3ad8c..5302c8083bd832d0772829d9f3a4b8e9537d34b9 100644
--- a/src/providers/ad/ad_domain_info.c
+++ b/src/providers/ad/ad_domain_info.c
@@ -37,6 +37,7 @@
 
 errno_t netlogon_get_domain_info(TALLOC_CTX *mem_ctx,
                                  struct sysdb_attrs *reply,
+                                 bool check_next_nearest_site_as_well,
                                  char **_flat_name,
                                  char **_site,
                                  char **_forest)
@@ -47,9 +48,6 @@ errno_t netlogon_get_domain_info(TALLOC_CTX *mem_ctx,
     struct ndr_pull *ndr_pull = NULL;
     enum ndr_err_code ndr_err;
     struct netlogon_samlogon_response response;
-    const char *flat_name;
-    const char *site;
-    const char *forest;
     TALLOC_CTX *tmp_ctx;
 
     ret = sysdb_attrs_get_el(reply, AD_AT_NETLOGON, &el);
@@ -102,57 +100,73 @@ errno_t netlogon_get_domain_info(TALLOC_CTX *mem_ctx,
         goto done;
     }
 
-    /* get flat name */
-    if (response.data.nt5_ex.domain_name != NULL &&
-        *response.data.nt5_ex.domain_name != '\0') {
-        flat_name = response.data.nt5_ex.domain_name;
-    } else {
-        DEBUG(SSSDBG_MINOR_FAILURE,
-              "No netlogon domain name data available\n");
-        ret = ENOENT;
-        goto done;
+    /* get flat domain name */
+    if (_flat_name != NULL) {
+        if (response.data.nt5_ex.domain_name != NULL &&
+            *response.data.nt5_ex.domain_name != '\0') {
+            *_flat_name = talloc_strdup(mem_ctx,
+                                        response.data.nt5_ex.domain_name);
+            if (*_flat_name == NULL) {
+                DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
+                ret = ENOMEM;
+                goto done;
+            }
+        } else {
+            DEBUG(SSSDBG_MINOR_FAILURE,
+                  "No netlogon flat domain name data available.\n");
+            *_flat_name = NULL;
+        }
     }
 
-    *_flat_name = talloc_strdup(mem_ctx, flat_name);
-    if (*_flat_name == NULL) {
-        DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
-        ret = ENOMEM;
-        goto done;
-    }
 
     /* get forest */
-    if (response.data.nt5_ex.forest != NULL &&
-        *response.data.nt5_ex.forest != '\0') {
-        forest = response.data.nt5_ex.forest;
-    } else {
-        DEBUG(SSSDBG_MINOR_FAILURE, "No netlogon forest data available\n");
-        ret = ENOENT;
-        goto done;
-    }
-
-    *_forest = talloc_strdup(mem_ctx, forest);
-    if (*_forest == NULL) {
-        DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
-        ret = ENOMEM;
-        goto done;
+    if (_forest != NULL) {
+        if (response.data.nt5_ex.forest != NULL &&
+            *response.data.nt5_ex.forest != '\0') {
+            *_forest = talloc_strdup(mem_ctx, response.data.nt5_ex.forest);
+            if (*_forest == NULL) {
+                DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
+                ret = ENOMEM;
+                goto done;
+            }
+        } else {
+            DEBUG(SSSDBG_MINOR_FAILURE, "No netlogon forest data available.\n");
+            *_forest = NULL;
+        }
     }
 
     /* get site name */
-    if (response.data.nt5_ex.client_site != NULL
-        && response.data.nt5_ex.client_site[0] != '\0') {
-        site = response.data.nt5_ex.client_site;
-    } else {
-        DEBUG(SSSDBG_MINOR_FAILURE,
-              "No netlogon site name data available\n");
-        ret = ENOENT;
-        goto done;
-    }
+    if (_site != NULL) {
+        if (response.data.nt5_ex.client_site != NULL
+            && response.data.nt5_ex.client_site[0] != '\0') {
+            *_site = talloc_strdup(mem_ctx, response.data.nt5_ex.client_site);
+            if (*_site == NULL) {
+                DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
+                ret = ENOMEM;
+                goto done;
+            }
+        } else {
+            DEBUG(SSSDBG_MINOR_FAILURE,
+                  "No netlogon site name data available.\n");
+            *_site = NULL;
 
-    *_site = talloc_strdup(mem_ctx, site);
-    if (*_site == NULL) {
-        DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
-        ret = ENOMEM;
-        goto done;
+            if (check_next_nearest_site_as_well) {
+                if (response.data.nt5_ex.next_closest_site != NULL
+                        && response.data.nt5_ex.next_closest_site[0] != '\0') {
+                    *_site = talloc_strdup(mem_ctx,
+                                        response.data.nt5_ex.next_closest_site);
+                    if (*_site == NULL) {
+                        DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
+                        ret = ENOMEM;
+                        goto done;
+                    }
+                } else {
+                    DEBUG(SSSDBG_MINOR_FAILURE,
+                          "No netlogon next closest site name data "
+                          "available.\n");
+                }
+            }
+        }
     }
 
     ret = EOK;
@@ -388,7 +402,7 @@ ad_master_domain_netlogon_done(struct tevent_req *subreq)
 
     /* Exactly one flat name. Carry on */
 
-    ret = netlogon_get_domain_info(state, reply[0], &state->flat,
+    ret = netlogon_get_domain_info(state, reply[0], false, &state->flat,
                                    &state->site, &state->forest);
     if (ret != EOK) {
         DEBUG(SSSDBG_MINOR_FAILURE,
diff --git a/src/providers/ad/ad_gpo.c b/src/providers/ad/ad_gpo.c
index 3e54fd8b5932a97779e178c7d3c5b9f6d3b3277c..f609d28136918adfe6a8d5e95319b27ffcab79c0 100644
--- a/src/providers/ad/ad_gpo.c
+++ b/src/providers/ad/ad_gpo.c
@@ -2801,7 +2801,7 @@ ad_gpo_site_name_retrieval_done(struct tevent_req *subreq)
     ret = ad_master_domain_recv(subreq, state, NULL, NULL, &site, NULL);
     talloc_zfree(subreq);
 
-    if (ret != EOK) {
+    if (ret != EOK || site == NULL) {
         DEBUG(SSSDBG_OP_FAILURE, "Cannot retrieve master domain info\n");
         tevent_req_error(req, ENOENT);
         return;
diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
index 928c4fe93cc6afa5c3f69c14503896db820a4c0a..e9da04e384e598927f9c8c203a751bcccd29e895 100644
--- a/src/providers/ad/ad_subdomains.c
+++ b/src/providers/ad/ad_subdomains.c
@@ -1108,14 +1108,13 @@ static void ad_subdomains_refresh_master_done(struct tevent_req *subreq)
     char *master_sid;
     char *flat_name;
     char *forest;
-    char *site;
     errno_t ret;
 
     req = tevent_req_callback_data(subreq, struct tevent_req);
     state = tevent_req_data(req, struct ad_subdomains_refresh_state);
 
     ret = ad_master_domain_recv(subreq, state, &flat_name, &master_sid,
-                                &site, &forest);
+                                NULL, &forest);
     talloc_zfree(subreq);
     if (ret != EOK) {
         DEBUG(SSSDBG_CRIT_FAILURE, "Unable to get master domain information "
-- 
2.4.11