From df00f0d33874381fc36ee59eaf28a4918ae5dc56 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Tue, 12 Jul 2016 13:29:33 +0200
Subject: [PATCH 39/44] AD: netlogon_get_domain_info() allow missing arguments
and empty results
netlogon_get_domain_info() should not fail if not all parameters can be
retrieved. It should be the responsibility of the caller to see if the
needed data is available and act accordingly.
Resolves:
https://fedorahosted.org/sssd/ticket/3104
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
---
src/providers/ad/ad_common.h | 1 +
src/providers/ad/ad_domain_info.c | 108 +++++++++++++++++++++-----------------
src/providers/ad/ad_gpo.c | 2 +-
src/providers/ad/ad_subdomains.c | 3 +-
4 files changed, 64 insertions(+), 50 deletions(-)
diff --git a/src/providers/ad/ad_common.h b/src/providers/ad/ad_common.h
index f4a90e4f0a3fe5910071d5fe690d0a356e2a0bd1..7e86faf1142d7be49eef01e1ddd7bfafea2fcedc 100644
--- a/src/providers/ad/ad_common.h
+++ b/src/providers/ad/ad_common.h
@@ -187,6 +187,7 @@ errno_t ad_machine_account_password_renewal_init(struct be_ctx *be_ctx,
errno_t netlogon_get_domain_info(TALLOC_CTX *mem_ctx,
struct sysdb_attrs *reply,
+ bool check_next_nearest_site_as_well,
char **_flat_name,
char **_site,
char **_forest);
diff --git a/src/providers/ad/ad_domain_info.c b/src/providers/ad/ad_domain_info.c
index a06379c263878aa95741055636d0a12764f3ad8c..5302c8083bd832d0772829d9f3a4b8e9537d34b9 100644
--- a/src/providers/ad/ad_domain_info.c
+++ b/src/providers/ad/ad_domain_info.c
@@ -37,6 +37,7 @@
errno_t netlogon_get_domain_info(TALLOC_CTX *mem_ctx,
struct sysdb_attrs *reply,
+ bool check_next_nearest_site_as_well,
char **_flat_name,
char **_site,
char **_forest)
@@ -47,9 +48,6 @@ errno_t netlogon_get_domain_info(TALLOC_CTX *mem_ctx,
struct ndr_pull *ndr_pull = NULL;
enum ndr_err_code ndr_err;
struct netlogon_samlogon_response response;
- const char *flat_name;
- const char *site;
- const char *forest;
TALLOC_CTX *tmp_ctx;
ret = sysdb_attrs_get_el(reply, AD_AT_NETLOGON, &el);
@@ -102,57 +100,73 @@ errno_t netlogon_get_domain_info(TALLOC_CTX *mem_ctx,
goto done;
}
- /* get flat name */
- if (response.data.nt5_ex.domain_name != NULL &&
- *response.data.nt5_ex.domain_name != '\0') {
- flat_name = response.data.nt5_ex.domain_name;
- } else {
- DEBUG(SSSDBG_MINOR_FAILURE,
- "No netlogon domain name data available\n");
- ret = ENOENT;
- goto done;
+ /* get flat domain name */
+ if (_flat_name != NULL) {
+ if (response.data.nt5_ex.domain_name != NULL &&
+ *response.data.nt5_ex.domain_name != '\0') {
+ *_flat_name = talloc_strdup(mem_ctx,
+ response.data.nt5_ex.domain_name);
+ if (*_flat_name == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
+ ret = ENOMEM;
+ goto done;
+ }
+ } else {
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ "No netlogon flat domain name data available.\n");
+ *_flat_name = NULL;
+ }
}
- *_flat_name = talloc_strdup(mem_ctx, flat_name);
- if (*_flat_name == NULL) {
- DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
- ret = ENOMEM;
- goto done;
- }
/* get forest */
- if (response.data.nt5_ex.forest != NULL &&
- *response.data.nt5_ex.forest != '\0') {
- forest = response.data.nt5_ex.forest;
- } else {
- DEBUG(SSSDBG_MINOR_FAILURE, "No netlogon forest data available\n");
- ret = ENOENT;
- goto done;
- }
-
- *_forest = talloc_strdup(mem_ctx, forest);
- if (*_forest == NULL) {
- DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
- ret = ENOMEM;
- goto done;
+ if (_forest != NULL) {
+ if (response.data.nt5_ex.forest != NULL &&
+ *response.data.nt5_ex.forest != '\0') {
+ *_forest = talloc_strdup(mem_ctx, response.data.nt5_ex.forest);
+ if (*_forest == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
+ ret = ENOMEM;
+ goto done;
+ }
+ } else {
+ DEBUG(SSSDBG_MINOR_FAILURE, "No netlogon forest data available.\n");
+ *_forest = NULL;
+ }
}
/* get site name */
- if (response.data.nt5_ex.client_site != NULL
- && response.data.nt5_ex.client_site[0] != '\0') {
- site = response.data.nt5_ex.client_site;
- } else {
- DEBUG(SSSDBG_MINOR_FAILURE,
- "No netlogon site name data available\n");
- ret = ENOENT;
- goto done;
- }
+ if (_site != NULL) {
+ if (response.data.nt5_ex.client_site != NULL
+ && response.data.nt5_ex.client_site[0] != '\0') {
+ *_site = talloc_strdup(mem_ctx, response.data.nt5_ex.client_site);
+ if (*_site == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
+ ret = ENOMEM;
+ goto done;
+ }
+ } else {
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ "No netlogon site name data available.\n");
+ *_site = NULL;
- *_site = talloc_strdup(mem_ctx, site);
- if (*_site == NULL) {
- DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
- ret = ENOMEM;
- goto done;
+ if (check_next_nearest_site_as_well) {
+ if (response.data.nt5_ex.next_closest_site != NULL
+ && response.data.nt5_ex.next_closest_site[0] != '\0') {
+ *_site = talloc_strdup(mem_ctx,
+ response.data.nt5_ex.next_closest_site);
+ if (*_site == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
+ ret = ENOMEM;
+ goto done;
+ }
+ } else {
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ "No netlogon next closest site name data "
+ "available.\n");
+ }
+ }
+ }
}
ret = EOK;
@@ -388,7 +402,7 @@ ad_master_domain_netlogon_done(struct tevent_req *subreq)
/* Exactly one flat name. Carry on */
- ret = netlogon_get_domain_info(state, reply[0], &state->flat,
+ ret = netlogon_get_domain_info(state, reply[0], false, &state->flat,
&state->site, &state->forest);
if (ret != EOK) {
DEBUG(SSSDBG_MINOR_FAILURE,
diff --git a/src/providers/ad/ad_gpo.c b/src/providers/ad/ad_gpo.c
index 3e54fd8b5932a97779e178c7d3c5b9f6d3b3277c..f609d28136918adfe6a8d5e95319b27ffcab79c0 100644
--- a/src/providers/ad/ad_gpo.c
+++ b/src/providers/ad/ad_gpo.c
@@ -2801,7 +2801,7 @@ ad_gpo_site_name_retrieval_done(struct tevent_req *subreq)
ret = ad_master_domain_recv(subreq, state, NULL, NULL, &site, NULL);
talloc_zfree(subreq);
- if (ret != EOK) {
+ if (ret != EOK || site == NULL) {
DEBUG(SSSDBG_OP_FAILURE, "Cannot retrieve master domain info\n");
tevent_req_error(req, ENOENT);
return;
diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
index 928c4fe93cc6afa5c3f69c14503896db820a4c0a..e9da04e384e598927f9c8c203a751bcccd29e895 100644
--- a/src/providers/ad/ad_subdomains.c
+++ b/src/providers/ad/ad_subdomains.c
@@ -1108,14 +1108,13 @@ static void ad_subdomains_refresh_master_done(struct tevent_req *subreq)
char *master_sid;
char *flat_name;
char *forest;
- char *site;
errno_t ret;
req = tevent_req_callback_data(subreq, struct tevent_req);
state = tevent_req_data(req, struct ad_subdomains_refresh_state);
ret = ad_master_domain_recv(subreq, state, &flat_name, &master_sid,
- &site, &forest);
+ NULL, &forest);
talloc_zfree(subreq);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, "Unable to get master domain information "
--
2.4.11