From df00f0d33874381fc36ee59eaf28a4918ae5dc56 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Tue, 12 Jul 2016 13:29:33 +0200 Subject: [PATCH 39/44] AD: netlogon_get_domain_info() allow missing arguments and empty results netlogon_get_domain_info() should not fail if not all parameters can be retrieved. It should be the responsibility of the caller to see if the needed data is available and act accordingly. Resolves: https://fedorahosted.org/sssd/ticket/3104 Reviewed-by: Jakub Hrozek --- src/providers/ad/ad_common.h | 1 + src/providers/ad/ad_domain_info.c | 108 +++++++++++++++++++++----------------- src/providers/ad/ad_gpo.c | 2 +- src/providers/ad/ad_subdomains.c | 3 +- 4 files changed, 64 insertions(+), 50 deletions(-) diff --git a/src/providers/ad/ad_common.h b/src/providers/ad/ad_common.h index f4a90e4f0a3fe5910071d5fe690d0a356e2a0bd1..7e86faf1142d7be49eef01e1ddd7bfafea2fcedc 100644 --- a/src/providers/ad/ad_common.h +++ b/src/providers/ad/ad_common.h @@ -187,6 +187,7 @@ errno_t ad_machine_account_password_renewal_init(struct be_ctx *be_ctx, errno_t netlogon_get_domain_info(TALLOC_CTX *mem_ctx, struct sysdb_attrs *reply, + bool check_next_nearest_site_as_well, char **_flat_name, char **_site, char **_forest); diff --git a/src/providers/ad/ad_domain_info.c b/src/providers/ad/ad_domain_info.c index a06379c263878aa95741055636d0a12764f3ad8c..5302c8083bd832d0772829d9f3a4b8e9537d34b9 100644 --- a/src/providers/ad/ad_domain_info.c +++ b/src/providers/ad/ad_domain_info.c @@ -37,6 +37,7 @@ errno_t netlogon_get_domain_info(TALLOC_CTX *mem_ctx, struct sysdb_attrs *reply, + bool check_next_nearest_site_as_well, char **_flat_name, char **_site, char **_forest) @@ -47,9 +48,6 @@ errno_t netlogon_get_domain_info(TALLOC_CTX *mem_ctx, struct ndr_pull *ndr_pull = NULL; enum ndr_err_code ndr_err; struct netlogon_samlogon_response response; - const char *flat_name; - const char *site; - const char *forest; TALLOC_CTX *tmp_ctx; ret = sysdb_attrs_get_el(reply, AD_AT_NETLOGON, &el); @@ -102,57 +100,73 @@ errno_t netlogon_get_domain_info(TALLOC_CTX *mem_ctx, goto done; } - /* get flat name */ - if (response.data.nt5_ex.domain_name != NULL && - *response.data.nt5_ex.domain_name != '\0') { - flat_name = response.data.nt5_ex.domain_name; - } else { - DEBUG(SSSDBG_MINOR_FAILURE, - "No netlogon domain name data available\n"); - ret = ENOENT; - goto done; + /* get flat domain name */ + if (_flat_name != NULL) { + if (response.data.nt5_ex.domain_name != NULL && + *response.data.nt5_ex.domain_name != '\0') { + *_flat_name = talloc_strdup(mem_ctx, + response.data.nt5_ex.domain_name); + if (*_flat_name == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n"); + ret = ENOMEM; + goto done; + } + } else { + DEBUG(SSSDBG_MINOR_FAILURE, + "No netlogon flat domain name data available.\n"); + *_flat_name = NULL; + } } - *_flat_name = talloc_strdup(mem_ctx, flat_name); - if (*_flat_name == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n"); - ret = ENOMEM; - goto done; - } /* get forest */ - if (response.data.nt5_ex.forest != NULL && - *response.data.nt5_ex.forest != '\0') { - forest = response.data.nt5_ex.forest; - } else { - DEBUG(SSSDBG_MINOR_FAILURE, "No netlogon forest data available\n"); - ret = ENOENT; - goto done; - } - - *_forest = talloc_strdup(mem_ctx, forest); - if (*_forest == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n"); - ret = ENOMEM; - goto done; + if (_forest != NULL) { + if (response.data.nt5_ex.forest != NULL && + *response.data.nt5_ex.forest != '\0') { + *_forest = talloc_strdup(mem_ctx, response.data.nt5_ex.forest); + if (*_forest == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n"); + ret = ENOMEM; + goto done; + } + } else { + DEBUG(SSSDBG_MINOR_FAILURE, "No netlogon forest data available.\n"); + *_forest = NULL; + } } /* get site name */ - if (response.data.nt5_ex.client_site != NULL - && response.data.nt5_ex.client_site[0] != '\0') { - site = response.data.nt5_ex.client_site; - } else { - DEBUG(SSSDBG_MINOR_FAILURE, - "No netlogon site name data available\n"); - ret = ENOENT; - goto done; - } + if (_site != NULL) { + if (response.data.nt5_ex.client_site != NULL + && response.data.nt5_ex.client_site[0] != '\0') { + *_site = talloc_strdup(mem_ctx, response.data.nt5_ex.client_site); + if (*_site == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n"); + ret = ENOMEM; + goto done; + } + } else { + DEBUG(SSSDBG_MINOR_FAILURE, + "No netlogon site name data available.\n"); + *_site = NULL; - *_site = talloc_strdup(mem_ctx, site); - if (*_site == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n"); - ret = ENOMEM; - goto done; + if (check_next_nearest_site_as_well) { + if (response.data.nt5_ex.next_closest_site != NULL + && response.data.nt5_ex.next_closest_site[0] != '\0') { + *_site = talloc_strdup(mem_ctx, + response.data.nt5_ex.next_closest_site); + if (*_site == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n"); + ret = ENOMEM; + goto done; + } + } else { + DEBUG(SSSDBG_MINOR_FAILURE, + "No netlogon next closest site name data " + "available.\n"); + } + } + } } ret = EOK; @@ -388,7 +402,7 @@ ad_master_domain_netlogon_done(struct tevent_req *subreq) /* Exactly one flat name. Carry on */ - ret = netlogon_get_domain_info(state, reply[0], &state->flat, + ret = netlogon_get_domain_info(state, reply[0], false, &state->flat, &state->site, &state->forest); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, diff --git a/src/providers/ad/ad_gpo.c b/src/providers/ad/ad_gpo.c index 3e54fd8b5932a97779e178c7d3c5b9f6d3b3277c..f609d28136918adfe6a8d5e95319b27ffcab79c0 100644 --- a/src/providers/ad/ad_gpo.c +++ b/src/providers/ad/ad_gpo.c @@ -2801,7 +2801,7 @@ ad_gpo_site_name_retrieval_done(struct tevent_req *subreq) ret = ad_master_domain_recv(subreq, state, NULL, NULL, &site, NULL); talloc_zfree(subreq); - if (ret != EOK) { + if (ret != EOK || site == NULL) { DEBUG(SSSDBG_OP_FAILURE, "Cannot retrieve master domain info\n"); tevent_req_error(req, ENOENT); return; diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c index 928c4fe93cc6afa5c3f69c14503896db820a4c0a..e9da04e384e598927f9c8c203a751bcccd29e895 100644 --- a/src/providers/ad/ad_subdomains.c +++ b/src/providers/ad/ad_subdomains.c @@ -1108,14 +1108,13 @@ static void ad_subdomains_refresh_master_done(struct tevent_req *subreq) char *master_sid; char *flat_name; char *forest; - char *site; errno_t ret; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct ad_subdomains_refresh_state); ret = ad_master_domain_recv(subreq, state, &flat_name, &master_sid, - &site, &forest); + NULL, &forest); talloc_zfree(subreq); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Unable to get master domain information " -- 2.4.11