summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthias Dieter Wallnöfer <mdw@samba.org>2010-09-13 22:41:06 +0200
committerMatthias Dieter Wallnöfer <mdw@samba.org>2010-09-13 22:41:06 +0200
commit6e720ecd259742d274d6281088c5052070c955e6 (patch)
tree923f2193abcc4aaf13ae2c93af57c44b2ce096e5
parenta4b7fac86d6f348d785409555849449527e22e58 (diff)
downloadsamba-6e720ecd259742d274d6281088c5052070c955e6.tar.gz
samba-6e720ecd259742d274d6281088c5052070c955e6.tar.bz2
samba-6e720ecd259742d274d6281088c5052070c955e6.zip
s4:SID handling - always encode the SID using "ldap_encode_ndr_dom_sid" for LDAP filters
This makes also lookups through special backends as "samba3sam" work.
-rw-r--r--source4/dsdb/common/util.c2
-rw-r--r--source4/dsdb/samdb/ldb_modules/samldb.c16
-rw-r--r--source4/lib/policy/gp_ldap.c7
-rw-r--r--source4/ntp_signd/ntp_signd.c3
4 files changed, 16 insertions, 12 deletions
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index d52590cd66..0e371082be 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -2560,7 +2560,7 @@ int dsdb_find_dn_by_sid(struct ldb_context *ldb,
int ret;
struct ldb_result *res;
const char *attrs[] = { NULL };
- char *sid_str = dom_sid_string(mem_ctx, sid);
+ char *sid_str = ldap_encode_ndr_dom_sid(mem_ctx, sid);
if (!sid_str) {
return ldb_operr(ldb);
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c
index acf796f20f..dca6ece9ee 100644
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -276,8 +276,8 @@ static int samldb_check_primaryGroupID(struct samldb_ctx *ac)
return ldb_operr(ldb);
}
- prim_group_dn = samdb_search_dn(ldb, ac, NULL, "(objectSID=%s)",
- dom_sid_string(ac, sid));
+ prim_group_dn = samdb_search_dn(ldb, ac, NULL, "(objectSid=%s)",
+ ldap_encode_ndr_dom_sid(ac, sid));
if (prim_group_dn == NULL) {
ldb_asprintf_errstring(ldb,
"Failed to find primary group with RID %u!",
@@ -929,8 +929,8 @@ static int samldb_prim_group_change(struct samldb_ctx *ac)
return ldb_operr(ldb);
}
- prev_prim_group_dn = samdb_search_dn(ldb, ac, NULL, "(objectSID=%s)",
- dom_sid_string(ac, sid));
+ prev_prim_group_dn = samdb_search_dn(ldb, ac, NULL, "(objectSid=%s)",
+ ldap_encode_ndr_dom_sid(ac, sid));
if (prev_prim_group_dn == NULL) {
return ldb_operr(ldb);
}
@@ -948,8 +948,8 @@ static int samldb_prim_group_change(struct samldb_ctx *ac)
return ldb_operr(ldb);
}
- new_prim_group_dn = samdb_search_dn(ldb, ac, NULL, "(objectSID=%s)",
- dom_sid_string(ac, sid));
+ new_prim_group_dn = samdb_search_dn(ldb, ac, NULL, "(objectSid=%s)",
+ ldap_encode_ndr_dom_sid(ac, sid));
if (new_prim_group_dn == NULL) {
/* Here we know if the specified new primary group candidate is
* valid or not. */
@@ -1041,8 +1041,8 @@ static int samldb_member_check(struct samldb_ctx *ac)
return ldb_operr(ldb);
}
- group_dn = samdb_search_dn(ldb, ac, NULL, "(objectSID=%s)",
- dom_sid_string(ac, sid));
+ group_dn = samdb_search_dn(ldb, ac, NULL, "(objectSid=%s)",
+ ldap_encode_ndr_dom_sid(ac, sid));
if (group_dn == NULL) {
return ldb_operr(ldb);
}
diff --git a/source4/lib/policy/gp_ldap.c b/source4/lib/policy/gp_ldap.c
index 87fde9dbd7..d612cf8769 100644
--- a/source4/lib/policy/gp_ldap.c
+++ b/source4/lib/policy/gp_ldap.c
@@ -28,6 +28,7 @@
#include "../librpc/gen_ndr/ndr_security.h"
#include "../libcli/security/dom_sid.h"
#include "libcli/security/security.h"
+#include "libcli/ldap/ldap_ndr.h"
#include "../lib/talloc/talloc.h"
#include "lib/policy/policy.h"
@@ -425,7 +426,7 @@ NTSTATUS gp_list_gpos(struct gp_context *gp_ctx, struct security_token *token, c
TALLOC_CTX *mem_ctx;
const char **gpos;
struct ldb_result *result;
- const char *sid;
+ char *sid;
struct ldb_dn *dn;
struct ldb_message_element *element;
bool inherit;
@@ -443,7 +444,9 @@ NTSTATUS gp_list_gpos(struct gp_context *gp_ctx, struct security_token *token, c
mem_ctx = talloc_new(gp_ctx);
NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
- sid = dom_sid_string(mem_ctx, &token->sids[PRIMARY_USER_SID_INDEX]);
+ sid = ldap_encode_ndr_dom_sid(mem_ctx,
+ &token->sids[PRIMARY_USER_SID_INDEX]);
+ NT_STATUS_HAVE_NO_MEMORY(sid);
/* Find the user DN and objectclass via the sid from the security token */
rv = ldb_search(gp_ctx->ldb_ctx,
diff --git a/source4/ntp_signd/ntp_signd.c b/source4/ntp_signd/ntp_signd.c
index 029071e2c2..0147c12d9e 100644
--- a/source4/ntp_signd/ntp_signd.c
+++ b/source4/ntp_signd/ntp_signd.c
@@ -34,6 +34,7 @@
#include "dsdb/samdb/samdb.h"
#include "auth/auth.h"
#include "libcli/security/security.h"
+#include "libcli/ldap/ldap_ndr.h"
#include "lib/ldb/include/ldb.h"
#include "lib/ldb/include/ldb_errors.h"
#include "../lib/crypto/md5.h"
@@ -164,7 +165,7 @@ static NTSTATUS ntp_signd_process(struct ntp_signd_connection *ntp_signd_conn,
LDB_SCOPE_SUBTREE,
attrs,
"(&(objectSid=%s)(objectClass=user))",
- dom_sid_string(mem_ctx, sid));
+ ldap_encode_ndr_dom_sid(mem_ctx, sid));
if (ret != LDB_SUCCESS) {
DEBUG(2, ("Failed to search for SID %s in SAM for NTP signing: "
"%s\n",