summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthias Dieter Wallnöfer <mdw@samba.org>2010-06-14 11:30:27 +0200
committerMatthias Dieter Wallnöfer <mdw@samba.org>2010-06-14 11:37:11 +0200
commitf0ab520f6e48096299624d30d904335e0d32a8a5 (patch)
tree4361664b72ba641fa4bdc01b01f298d93926ee48
parenta28b103900ea33d70c6acec150575e10caebfb9a (diff)
downloadsamba-f0ab520f6e48096299624d30d904335e0d32a8a5.tar.gz
samba-f0ab520f6e48096299624d30d904335e0d32a8a5.tar.bz2
samba-f0ab520f6e48096299624d30d904335e0d32a8a5.zip
s4:SAMR server - on alias search operations do never use the domain DN as base dn
Aliases (especially in the "builtin" domain) are often domain-independant.
-rw-r--r--source4/rpc_server/samr/dcesrv_samr.c17
1 files changed, 7 insertions, 10 deletions
diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c
index 9aab2b8b43..cda463a0cf 100644
--- a/source4/rpc_server/samr/dcesrv_samr.c
+++ b/source4/rpc_server/samr/dcesrv_samr.c
@@ -1440,10 +1440,9 @@ static NTSTATUS dcesrv_samr_EnumDomainAliases(struct dcesrv_call_state *dce_call
d_state = h->data;
- /* search for all domain groups in this domain. This could possibly be
+ /* search for all domain aliases in this domain. This could possibly be
cached and resumed based on resume_key */
- ldb_cnt = samdb_search_domain(d_state->sam_ctx, mem_ctx,
- d_state->domain_dn,
+ ldb_cnt = samdb_search_domain(d_state->sam_ctx, mem_ctx, NULL,
&res, attrs,
d_state->domain_sid,
"(&(|(grouptype=%d)(grouptype=%d)))"
@@ -1547,8 +1546,7 @@ static NTSTATUS dcesrv_samr_GetAliasMembership(struct dcesrv_call_state *dce_cal
for (i=0; i<r->in.sids->num_sids; i++) {
const char *memberdn;
- memberdn = samdb_search_string(d_state->sam_ctx,
- mem_ctx, d_state->domain_dn,
+ memberdn = samdb_search_string(d_state->sam_ctx, mem_ctx, NULL,
"distinguishedName",
"(objectSid=%s)",
ldap_encode_ndr_dom_sid(mem_ctx, r->in.sids->sids[i].sid));
@@ -1566,9 +1564,9 @@ static NTSTATUS dcesrv_samr_GetAliasMembership(struct dcesrv_call_state *dce_cal
/* Find out if we had at least one valid member SID passed - otherwise
* just skip the search. */
if (strstr(filter, "member") != NULL) {
- count = samdb_search_domain(d_state->sam_ctx, mem_ctx,
- d_state->domain_dn, &res, attrs,
- d_state->domain_sid, "%s))", filter);
+ count = samdb_search_domain(d_state->sam_ctx, mem_ctx, NULL,
+ &res, attrs, d_state->domain_sid,
+ "%s))", filter);
if (count < 0) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
@@ -2217,8 +2215,7 @@ static NTSTATUS dcesrv_samr_OpenAlias(struct dcesrv_call_state *dce_call, TALLOC
return NT_STATUS_NO_MEMORY;
/* search for the group record */
- ret = gendb_search(d_state->sam_ctx,
- mem_ctx, d_state->domain_dn, &msgs, attrs,
+ ret = gendb_search(d_state->sam_ctx, mem_ctx, NULL, &msgs, attrs,
"(&(objectSid=%s)(objectclass=group)"
"(|(grouptype=%d)(grouptype=%d)))",
ldap_encode_ndr_dom_sid(mem_ctx, sid),