smbd: Fix CID 1035478 Negative array index read
[Samba/wip.git] / source4 / winbind / wb_cmd_getdcname.c
blobf3c24825799470ff55d7497203a62d007df21655
1 /*
2 Unix SMB/CIFS implementation.
4 Command backend for wbinfo --getdcname
6 Copyright (C) Volker Lendecke 2005
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "includes.h"
23 #include "libcli/composite/composite.h"
24 #include "winbind/wb_server.h"
25 #include "smbd/service_task.h"
27 #include "librpc/gen_ndr/ndr_netlogon_c.h"
29 struct cmd_getdcname_state {
30 struct composite_context *ctx;
31 const char *domain_name;
33 struct netr_GetAnyDCName g;
36 static void getdcname_recv_domain(struct composite_context *ctx);
37 static void getdcname_recv_dcname(struct tevent_req *subreq);
39 struct composite_context *wb_cmd_getdcname_send(TALLOC_CTX *mem_ctx,
40 struct wbsrv_service *service,
41 const char *domain_name)
43 struct composite_context *result, *ctx;
44 struct cmd_getdcname_state *state;
46 result = composite_create(mem_ctx, service->task->event_ctx);
47 if (result == NULL) goto failed;
49 state = talloc(result, struct cmd_getdcname_state);
50 if (state == NULL) goto failed;
51 state->ctx = result;
52 result->private_data = state;
54 state->domain_name = talloc_strdup(state, domain_name);
55 if (state->domain_name == NULL) goto failed;
57 ctx = wb_sid2domain_send(state, service, service->primary_sid);
58 if (ctx == NULL) goto failed;
60 ctx->async.fn = getdcname_recv_domain;
61 ctx->async.private_data = state;
62 return result;
64 failed:
65 talloc_free(result);
66 return NULL;
69 static void getdcname_recv_domain(struct composite_context *ctx)
71 struct cmd_getdcname_state *state =
72 talloc_get_type(ctx->async.private_data,
73 struct cmd_getdcname_state);
74 struct wbsrv_domain *domain;
75 struct tevent_req *subreq;
77 state->ctx->status = wb_sid2domain_recv(ctx, &domain);
78 if (!composite_is_ok(state->ctx)) return;
80 state->g.in.logon_server = talloc_asprintf(
81 state, "\\\\%s",
82 dcerpc_server_name(domain->netlogon_pipe));
83 state->g.in.domainname = state->domain_name;
84 state->g.out.dcname = talloc(state, const char *);
86 subreq = dcerpc_netr_GetAnyDCName_r_send(state,
87 state->ctx->event_ctx,
88 domain->netlogon_pipe->binding_handle,
89 &state->g);
90 if (composite_nomem(subreq, state->ctx)) return;
92 tevent_req_set_callback(subreq, getdcname_recv_dcname, state);
95 static void getdcname_recv_dcname(struct tevent_req *subreq)
97 struct cmd_getdcname_state *state =
98 tevent_req_callback_data(subreq,
99 struct cmd_getdcname_state);
101 state->ctx->status = dcerpc_netr_GetAnyDCName_r_recv(subreq, state);
102 TALLOC_FREE(subreq);
103 if (!composite_is_ok(state->ctx)) return;
104 state->ctx->status = werror_to_ntstatus(state->g.out.result);
105 if (!composite_is_ok(state->ctx)) return;
107 composite_done(state->ctx);
110 NTSTATUS wb_cmd_getdcname_recv(struct composite_context *c,
111 TALLOC_CTX *mem_ctx,
112 const char **dcname)
114 struct cmd_getdcname_state *state =
115 talloc_get_type(c->private_data, struct cmd_getdcname_state);
116 NTSTATUS status = composite_wait(c);
117 if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_DOMAIN)) {
118 /* special case: queried DC is PDC */
119 state->g.out.dcname = &state->g.in.logon_server;
120 status = NT_STATUS_OK;
122 if (NT_STATUS_IS_OK(status)) {
123 const char *p = *(state->g.out.dcname);
124 if (*p == '\\') p += 1;
125 if (*p == '\\') p += 1;
126 *dcname = talloc_strdup(mem_ctx, p);
127 if (*dcname == NULL) {
128 status = NT_STATUS_NO_MEMORY;
131 talloc_free(state);
132 return status;