diff options
author | Matthias Dieter Wallnöfer <mdw@samba.org> | 2010-09-13 22:41:06 +0200 |
---|---|---|
committer | Matthias Dieter Wallnöfer <mdw@samba.org> | 2010-09-13 22:41:06 +0200 |
commit | 6e720ecd259742d274d6281088c5052070c955e6 (patch) | |
tree | 923f2193abcc4aaf13ae2c93af57c44b2ce096e5 | |
parent | a4b7fac86d6f348d785409555849449527e22e58 (diff) | |
download | samba-6e720ecd259742d274d6281088c5052070c955e6.tar.gz samba-6e720ecd259742d274d6281088c5052070c955e6.tar.bz2 samba-6e720ecd259742d274d6281088c5052070c955e6.zip |
s4:SID handling - always encode the SID using "ldap_encode_ndr_dom_sid" for LDAP filters
This makes also lookups through special backends as "samba3sam" work.
-rw-r--r-- | source4/dsdb/common/util.c | 2 | ||||
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/samldb.c | 16 | ||||
-rw-r--r-- | source4/lib/policy/gp_ldap.c | 7 | ||||
-rw-r--r-- | source4/ntp_signd/ntp_signd.c | 3 |
4 files changed, 16 insertions, 12 deletions
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c index d52590cd66..0e371082be 100644 --- a/source4/dsdb/common/util.c +++ b/source4/dsdb/common/util.c @@ -2560,7 +2560,7 @@ int dsdb_find_dn_by_sid(struct ldb_context *ldb, int ret; struct ldb_result *res; const char *attrs[] = { NULL }; - char *sid_str = dom_sid_string(mem_ctx, sid); + char *sid_str = ldap_encode_ndr_dom_sid(mem_ctx, sid); if (!sid_str) { return ldb_operr(ldb); diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index acf796f20f..dca6ece9ee 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -276,8 +276,8 @@ static int samldb_check_primaryGroupID(struct samldb_ctx *ac) return ldb_operr(ldb); } - prim_group_dn = samdb_search_dn(ldb, ac, NULL, "(objectSID=%s)", - dom_sid_string(ac, sid)); + prim_group_dn = samdb_search_dn(ldb, ac, NULL, "(objectSid=%s)", + ldap_encode_ndr_dom_sid(ac, sid)); if (prim_group_dn == NULL) { ldb_asprintf_errstring(ldb, "Failed to find primary group with RID %u!", @@ -929,8 +929,8 @@ static int samldb_prim_group_change(struct samldb_ctx *ac) return ldb_operr(ldb); } - prev_prim_group_dn = samdb_search_dn(ldb, ac, NULL, "(objectSID=%s)", - dom_sid_string(ac, sid)); + prev_prim_group_dn = samdb_search_dn(ldb, ac, NULL, "(objectSid=%s)", + ldap_encode_ndr_dom_sid(ac, sid)); if (prev_prim_group_dn == NULL) { return ldb_operr(ldb); } @@ -948,8 +948,8 @@ static int samldb_prim_group_change(struct samldb_ctx *ac) return ldb_operr(ldb); } - new_prim_group_dn = samdb_search_dn(ldb, ac, NULL, "(objectSID=%s)", - dom_sid_string(ac, sid)); + new_prim_group_dn = samdb_search_dn(ldb, ac, NULL, "(objectSid=%s)", + ldap_encode_ndr_dom_sid(ac, sid)); if (new_prim_group_dn == NULL) { /* Here we know if the specified new primary group candidate is * valid or not. */ @@ -1041,8 +1041,8 @@ static int samldb_member_check(struct samldb_ctx *ac) return ldb_operr(ldb); } - group_dn = samdb_search_dn(ldb, ac, NULL, "(objectSID=%s)", - dom_sid_string(ac, sid)); + group_dn = samdb_search_dn(ldb, ac, NULL, "(objectSid=%s)", + ldap_encode_ndr_dom_sid(ac, sid)); if (group_dn == NULL) { return ldb_operr(ldb); } diff --git a/source4/lib/policy/gp_ldap.c b/source4/lib/policy/gp_ldap.c index 87fde9dbd7..d612cf8769 100644 --- a/source4/lib/policy/gp_ldap.c +++ b/source4/lib/policy/gp_ldap.c @@ -28,6 +28,7 @@ #include "../librpc/gen_ndr/ndr_security.h" #include "../libcli/security/dom_sid.h" #include "libcli/security/security.h" +#include "libcli/ldap/ldap_ndr.h" #include "../lib/talloc/talloc.h" #include "lib/policy/policy.h" @@ -425,7 +426,7 @@ NTSTATUS gp_list_gpos(struct gp_context *gp_ctx, struct security_token *token, c TALLOC_CTX *mem_ctx; const char **gpos; struct ldb_result *result; - const char *sid; + char *sid; struct ldb_dn *dn; struct ldb_message_element *element; bool inherit; @@ -443,7 +444,9 @@ NTSTATUS gp_list_gpos(struct gp_context *gp_ctx, struct security_token *token, c mem_ctx = talloc_new(gp_ctx); NT_STATUS_HAVE_NO_MEMORY(mem_ctx); - sid = dom_sid_string(mem_ctx, &token->sids[PRIMARY_USER_SID_INDEX]); + sid = ldap_encode_ndr_dom_sid(mem_ctx, + &token->sids[PRIMARY_USER_SID_INDEX]); + NT_STATUS_HAVE_NO_MEMORY(sid); /* Find the user DN and objectclass via the sid from the security token */ rv = ldb_search(gp_ctx->ldb_ctx, diff --git a/source4/ntp_signd/ntp_signd.c b/source4/ntp_signd/ntp_signd.c index 029071e2c2..0147c12d9e 100644 --- a/source4/ntp_signd/ntp_signd.c +++ b/source4/ntp_signd/ntp_signd.c @@ -34,6 +34,7 @@ #include "dsdb/samdb/samdb.h" #include "auth/auth.h" #include "libcli/security/security.h" +#include "libcli/ldap/ldap_ndr.h" #include "lib/ldb/include/ldb.h" #include "lib/ldb/include/ldb_errors.h" #include "../lib/crypto/md5.h" @@ -164,7 +165,7 @@ static NTSTATUS ntp_signd_process(struct ntp_signd_connection *ntp_signd_conn, LDB_SCOPE_SUBTREE, attrs, "(&(objectSid=%s)(objectClass=user))", - dom_sid_string(mem_ctx, sid)); + ldap_encode_ndr_dom_sid(mem_ctx, sid)); if (ret != LDB_SUCCESS) { DEBUG(2, ("Failed to search for SID %s in SAM for NTP signing: " "%s\n", |