summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2005-09-01 23:26:50 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:36:23 -0500
commit9b905c9f27f6d7d682085036b27b55d26c1f38ee (patch)
tree9be17c239260c02b9ae1ab8a7b08e4921fb2a825
parent95fcf031b0480ada75ed5ed02826f4acf196be77 (diff)
downloadsamba-9b905c9f27f6d7d682085036b27b55d26c1f38ee.tar.gz
samba-9b905c9f27f6d7d682085036b27b55d26c1f38ee.tar.bz2
samba-9b905c9f27f6d7d682085036b27b55d26c1f38ee.zip
r9930: Use a single samdb_base_dn() function rather than lots of silly
searches all over the place. This can be extended to cover an NT4 (no ADS) mode in future as well. Andrew Bartlett (This used to be commit 0761b22f99a128bd9634a191adc88b0e30982a3a)
-rw-r--r--source4/dsdb/samdb/samdb.c34
-rw-r--r--source4/rpc_server/lsa/dcesrv_lsa.c41
-rw-r--r--source4/rpc_server/samr/dcesrv_samr.c43
3 files changed, 69 insertions, 49 deletions
diff --git a/source4/dsdb/samdb/samdb.c b/source4/dsdb/samdb/samdb.c
index aed47d1ed2..717b72ded2 100644
--- a/source4/dsdb/samdb/samdb.c
+++ b/source4/dsdb/samdb/samdb.c
@@ -969,3 +969,37 @@ struct security_descriptor *samdb_default_security_descriptor(TALLOC_CTX *mem_ct
return sd;
}
+
+struct ldb_dn *samdb_base_dn(TALLOC_CTX *mem_ctx)
+{
+ TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+ int server_role = lp_server_role();
+ const char **split_realm;
+ struct ldb_dn *dn;
+
+ if (!tmp_ctx) {
+ return NULL;
+ }
+
+ if ((server_role == ROLE_DOMAIN_PDC)
+ || (server_role == ROLE_DOMAIN_BDC)) {
+ int i;
+ split_realm = str_list_make(tmp_ctx, lp_realm(), ".");
+ if (!split_realm) {
+ talloc_free(tmp_ctx);
+ return NULL;
+ }
+ dn = NULL;
+ i = str_list_length(split_realm);
+ i--;
+ for (; i >= 0; i--) {
+ dn = ldb_dn_build_child(tmp_ctx, "dc", split_realm[i], dn);
+ if (!dn) {
+ talloc_free(tmp_ctx);
+ return NULL;
+ }
+ }
+ return dn;
+ }
+ return ldb_dn_string_compose(mem_ctx, NULL, "cn=%s", lp_netbios_name());
+}
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index 55fc992080..2e3f42b272 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -240,9 +240,15 @@ static NTSTATUS lsa_get_policy_state(struct dcesrv_call_state *dce_call, TALLOC_
return NT_STATUS_INVALID_SYSTEM_SERVICE;
}
+ /* work out the domain_dn - useful for so many calls its worth
+ fetching here */
+ state->domain_dn = samdb_base_dn(state);
+ if (!state->domain_dn) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
ret_domain = gendb_search(state->sam_ldb, mem_ctx, NULL, &msgs_domain, domain_attrs,
- "(&(&(nETBIOSName=%s)(objectclass=crossRef))(ncName=*))",
- lp_workgroup());
+ "(&(objectclass=crossRef)(ncName=%s))", ldb_dn_linearize(mem_ctx, state->domain_dn));
if (ret_domain == -1) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
@@ -252,16 +258,9 @@ static NTSTATUS lsa_get_policy_state(struct dcesrv_call_state *dce_call, TALLOC_
return NT_STATUS_NO_SUCH_DOMAIN;
}
- /* work out the domain_dn - useful for so many calls its worth
- fetching here */
- state->domain_dn = samdb_result_dn(state, msgs_domain[0], "nCName", NULL);
- if (!state->domain_dn) {
- return NT_STATUS_NO_SUCH_DOMAIN;
- }
-
/* work out the builtin_dn - useful for so many calls its worth
fetching here */
- state->builtin_dn = samdb_search_dn(state->sam_ldb, mem_ctx, NULL, "objectClass=builtinDomain");
+ state->builtin_dn = samdb_search_dn(state->sam_ldb, mem_ctx, state->domain_dn, "(objectClass=builtinDomain)");
if (!state->builtin_dn) {
return NT_STATUS_NO_SUCH_DOMAIN;
}
@@ -1062,9 +1061,9 @@ static NTSTATUS lsa_authority_list(struct lsa_policy_state *state, TALLOC_CTX *m
}
domains->domains = talloc_realloc(domains,
- domains->domains,
- struct lsa_TrustInformation,
- domains->count+1);
+ domains->domains,
+ struct lsa_TrustInformation,
+ domains->count+1);
if (domains->domains == NULL) {
return NT_STATUS_NO_MEMORY;
}
@@ -1301,9 +1300,9 @@ static NTSTATUS lsa_OpenAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *
}
/* check it really exists */
- astate->account_dn = samdb_search_string(state->sam_ldb, astate,
- NULL, "(&(objectSid=%s)(objectClass=group))",
- ldap_encode_ndr_dom_sid(mem_ctx, astate->account_sid));
+ astate->account_dn = samdb_search_dn(state->sam_ldb, astate,
+ NULL, "(&(objectSid=%s)(objectClass=group))",
+ ldap_encode_ndr_dom_sid(mem_ctx, astate->account_sid));
if (astate->account_dn == NULL) {
talloc_free(astate);
return NT_STATUS_NO_SUCH_USER;
@@ -1446,7 +1445,6 @@ static NTSTATUS lsa_AddRemoveAccountRights(struct dcesrv_call_state *dce_call,
struct ldb_message *msg;
struct ldb_message_element el;
int i, ret;
- const char *dn;
struct lsa_EnumAccountRights r2;
sidstr = ldap_encode_ndr_dom_sid(mem_ctx, sid);
@@ -1459,14 +1457,9 @@ static NTSTATUS lsa_AddRemoveAccountRights(struct dcesrv_call_state *dce_call,
return NT_STATUS_NO_MEMORY;
}
- dn = samdb_search_dn(state->sam_ldb, mem_ctx, NULL, "objectSid=%s", sidstr);
- if (dn == NULL) {
- return NT_STATUS_NO_SUCH_USER;
- }
-
- msg->dn = ldb_dn_explode(mem_ctx, dn);
+ msg->dn = samdb_search_dn(state->sam_ldb, mem_ctx, NULL, "objectSid=%s", sidstr);
if (msg->dn == NULL) {
- return NT_STATUS_NO_MEMORY;
+ return NT_STATUS_NO_SUCH_USER;
}
if (ldb_msg_add_empty(state->sam_ldb, msg, "privilege", ldb_flag)) {
diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c
index aeea3a120c..249fb1c8a4 100644
--- a/source4/rpc_server/samr/dcesrv_samr.c
+++ b/source4/rpc_server/samr/dcesrv_samr.c
@@ -192,7 +192,7 @@ static NTSTATUS samr_LookupDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX
ret = gendb_search_dn(c_state->sam_ctx, mem_ctx,
samdb_result_dn(mem_ctx,
- ref_msgs[0], "ncName", NULL),
+ ref_msgs[0], "ncName", NULL),
&dom_msgs, dom_attrs);
}
@@ -319,34 +319,27 @@ static NTSTATUS samr_OpenDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *
ret = gendb_search(c_state->sam_ctx,
mem_ctx, NULL, &dom_msgs, dom_attrs,
- "(&(objectSid=%s)(&(objectclass=domain)(!(objectClass=builtinDomain))))",
+ "(&(objectSid=%s)(&(objectclass=domain)))",
ldap_encode_ndr_dom_sid(mem_ctx, r->in.sid));
- if (ret == -1) {
+ if (ret != 1) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
- } else if (ret == 0) {
- ret = gendb_search(c_state->sam_ctx,
- mem_ctx, NULL, &dom_msgs, dom_attrs,
- "(&(objectSid=%s)(objectClass=builtinDomain))",
- ldap_encode_ndr_dom_sid(mem_ctx, r->in.sid));
- if (ret != 1) {
- return NT_STATUS_NO_SUCH_DOMAIN;
- }
-
- domain_name = ldb_msg_find_string(dom_msgs[0], "cn", NULL);
- if (domain_name == NULL) {
- return NT_STATUS_NO_SUCH_DOMAIN;
- }
} else {
ret = gendb_search(c_state->sam_ctx,
mem_ctx, NULL, &ref_msgs, ref_attrs,
"(&(&(nETBIOSName=*)(objectclass=crossRef))(ncName=%s))",
ldb_dn_linearize(mem_ctx, dom_msgs[0]->dn));
- if (ret != 1) {
- return NT_STATUS_NO_SUCH_DOMAIN;
- }
+ if (ret == 0) {
+ domain_name = ldb_msg_find_string(dom_msgs[0], "cn", NULL);
+ if (domain_name == NULL) {
+ return NT_STATUS_NO_SUCH_DOMAIN;
+ }
+ } else if (ret == 1) {
- domain_name = ldb_msg_find_string(ref_msgs[0], "nETBIOSName", NULL);
- if (domain_name == NULL) {
+ domain_name = ldb_msg_find_string(ref_msgs[0], "nETBIOSName", NULL);
+ if (domain_name == NULL) {
+ return NT_STATUS_NO_SUCH_DOMAIN;
+ }
+ } else {
return NT_STATUS_NO_SUCH_DOMAIN;
}
}
@@ -1769,7 +1762,7 @@ static NTSTATUS samr_DeleteGroupMember(struct dcesrv_call_state *dce_call, TALLO
samr_QueryGroupMember
*/
static NTSTATUS samr_QueryGroupMember(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
- struct samr_QueryGroupMember *r)
+ struct samr_QueryGroupMember *r)
{
struct dcesrv_handle *h;
struct samr_account_state *a_state;
@@ -3317,9 +3310,9 @@ static NTSTATUS samr_GetDomPwInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX
return NT_STATUS_INVALID_SYSTEM_SERVICE;
}
- ret = gendb_search(sam_ctx,
- mem_ctx, NULL, &msgs, attrs,
- "(&(!(objectClass=builtinDomain))(objectclass=domain))");
+ /* The domain name in this call is ignored */
+ ret = gendb_search_dn(sam_ctx,
+ mem_ctx, samdb_base_dn(mem_ctx), &msgs, attrs);
if (ret <= 0) {
return NT_STATUS_NO_SUCH_DOMAIN;
}