File 0023-AD-netlogon_get_domain_info-allow-missing-arguments-.patch of Package sssd.13028
From 41604c3397f534fb7ef39a69045ce8fcf8d4ba76 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Tue, 12 Jul 2016 13:29:33 +0200
Subject: [PATCH 2/4] AD: netlogon_get_domain_info() allow missing arguments
and empty results
netlogon_get_domain_info() should not fail if not all parameters can be
retrieved. It should be the responsibility of the caller to see if the
needed data is available and act accordingly.
Resolves:
https://fedorahosted.org/sssd/ticket/3104
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 44656ce260030556820c4b6be519e66ffdacb408)
---
src/providers/ad/ad_common.h | 1 +
src/providers/ad/ad_domain_info.c | 110 +++++++++++++++++-------------
src/providers/ad/ad_gpo.c | 2 +-
src/providers/ad/ad_subdomains.c | 3 +-
4 files changed, 65 insertions(+), 51 deletions(-)
diff --git a/src/providers/ad/ad_common.h b/src/providers/ad/ad_common.h
index 3f1414f2b..71b5c0052 100644
--- a/src/providers/ad/ad_common.h
+++ b/src/providers/ad/ad_common.h
@@ -189,6 +189,7 @@ errno_t ad_machine_account_password_renewal_init(struct be_ctx *be_ctx,
errno_t netlogon_get_domain_info(TALLOC_CTX *mem_ctx,
struct sysdb_attrs *reply,
+ bool check_next_nearest_site_as_well,
char **_flat_name,
char **_site,
char **_forest);
diff --git a/src/providers/ad/ad_domain_info.c b/src/providers/ad/ad_domain_info.c
index a06379c26..5302c8083 100644
--- a/src/providers/ad/ad_domain_info.c
+++ b/src/providers/ad/ad_domain_info.c
@@ -37,6 +37,7 @@
errno_t netlogon_get_domain_info(TALLOC_CTX *mem_ctx,
struct sysdb_attrs *reply,
+ bool check_next_nearest_site_as_well,
char **_flat_name,
char **_site,
char **_forest)
@@ -47,9 +48,6 @@ errno_t netlogon_get_domain_info(TALLOC_CTX *mem_ctx,
struct ndr_pull *ndr_pull = NULL;
enum ndr_err_code ndr_err;
struct netlogon_samlogon_response response;
- const char *flat_name;
- const char *site;
- const char *forest;
TALLOC_CTX *tmp_ctx;
ret = sysdb_attrs_get_el(reply, AD_AT_NETLOGON, &el);
@@ -102,57 +100,73 @@ errno_t netlogon_get_domain_info(TALLOC_CTX *mem_ctx,
goto done;
}
- /* get flat name */
- if (response.data.nt5_ex.domain_name != NULL &&
- *response.data.nt5_ex.domain_name != '\0') {
- flat_name = response.data.nt5_ex.domain_name;
- } else {
- DEBUG(SSSDBG_MINOR_FAILURE,
- "No netlogon domain name data available\n");
- ret = ENOENT;
- goto done;
+ /* get flat domain name */
+ if (_flat_name != NULL) {
+ if (response.data.nt5_ex.domain_name != NULL &&
+ *response.data.nt5_ex.domain_name != '\0') {
+ *_flat_name = talloc_strdup(mem_ctx,
+ response.data.nt5_ex.domain_name);
+ if (*_flat_name == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
+ ret = ENOMEM;
+ goto done;
+ }
+ } else {
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ "No netlogon flat domain name data available.\n");
+ *_flat_name = NULL;
+ }
}
- *_flat_name = talloc_strdup(mem_ctx, flat_name);
- if (*_flat_name == NULL) {
- DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
- ret = ENOMEM;
- goto done;
- }
/* get forest */
- if (response.data.nt5_ex.forest != NULL &&
- *response.data.nt5_ex.forest != '\0') {
- forest = response.data.nt5_ex.forest;
- } else {
- DEBUG(SSSDBG_MINOR_FAILURE, "No netlogon forest data available\n");
- ret = ENOENT;
- goto done;
- }
-
- *_forest = talloc_strdup(mem_ctx, forest);
- if (*_forest == NULL) {
- DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
- ret = ENOMEM;
- goto done;
+ if (_forest != NULL) {
+ if (response.data.nt5_ex.forest != NULL &&
+ *response.data.nt5_ex.forest != '\0') {
+ *_forest = talloc_strdup(mem_ctx, response.data.nt5_ex.forest);
+ if (*_forest == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
+ ret = ENOMEM;
+ goto done;
+ }
+ } else {
+ DEBUG(SSSDBG_MINOR_FAILURE, "No netlogon forest data available.\n");
+ *_forest = NULL;
+ }
}
/* get site name */
- if (response.data.nt5_ex.client_site != NULL
- && response.data.nt5_ex.client_site[0] != '\0') {
- site = response.data.nt5_ex.client_site;
- } else {
- DEBUG(SSSDBG_MINOR_FAILURE,
- "No netlogon site name data available\n");
- ret = ENOENT;
- goto done;
- }
-
- *_site = talloc_strdup(mem_ctx, site);
- if (*_site == NULL) {
- DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
- ret = ENOMEM;
- goto done;
+ if (_site != NULL) {
+ if (response.data.nt5_ex.client_site != NULL
+ && response.data.nt5_ex.client_site[0] != '\0') {
+ *_site = talloc_strdup(mem_ctx, response.data.nt5_ex.client_site);
+ if (*_site == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
+ ret = ENOMEM;
+ goto done;
+ }
+ } else {
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ "No netlogon site name data available.\n");
+ *_site = NULL;
+
+ if (check_next_nearest_site_as_well) {
+ if (response.data.nt5_ex.next_closest_site != NULL
+ && response.data.nt5_ex.next_closest_site[0] != '\0') {
+ *_site = talloc_strdup(mem_ctx,
+ response.data.nt5_ex.next_closest_site);
+ if (*_site == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
+ ret = ENOMEM;
+ goto done;
+ }
+ } else {
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ "No netlogon next closest site name data "
+ "available.\n");
+ }
+ }
+ }
}
ret = EOK;
@@ -388,7 +402,7 @@ ad_master_domain_netlogon_done(struct tevent_req *subreq)
/* Exactly one flat name. Carry on */
- ret = netlogon_get_domain_info(state, reply[0], &state->flat,
+ ret = netlogon_get_domain_info(state, reply[0], false, &state->flat,
&state->site, &state->forest);
if (ret != EOK) {
DEBUG(SSSDBG_MINOR_FAILURE,
diff --git a/src/providers/ad/ad_gpo.c b/src/providers/ad/ad_gpo.c
index 4f84ff706..b2e97ce6b 100644
--- a/src/providers/ad/ad_gpo.c
+++ b/src/providers/ad/ad_gpo.c
@@ -2794,7 +2794,7 @@ ad_gpo_site_name_retrieval_done(struct tevent_req *subreq)
ret = ad_master_domain_recv(subreq, state, NULL, NULL, &site, NULL);
talloc_zfree(subreq);
- if (ret != EOK) {
+ if (ret != EOK || site == NULL) {
DEBUG(SSSDBG_OP_FAILURE, "Cannot retrieve master domain info\n");
tevent_req_error(req, ENOENT);
return;
diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
index f423b89cf..f79febcd4 100644
--- a/src/providers/ad/ad_subdomains.c
+++ b/src/providers/ad/ad_subdomains.c
@@ -89,7 +89,6 @@ struct ad_subdomains_req_ctx {
char *master_sid;
char *flat_name;
- char *site;
char *forest;
};
@@ -685,7 +684,7 @@ static void ad_subdomains_master_dom_done(struct tevent_req *req)
ret = ad_master_domain_recv(req, ctx,
&ctx->flat_name, &ctx->master_sid,
- &ctx->site, &ctx->forest);
+ NULL, &ctx->forest);
talloc_zfree(req);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, "Cannot retrieve master domain info\n");
--
2.23.0
