summaryrefslogtreecommitdiff
path: root/source4/auth
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2005-06-24 00:18:20 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:18:44 -0500
commitbdee131f30e1bef31498b08bb648ddee35ea4892 (patch)
treec0ad71d994361020334bb280a9a5cbd31f73db5b /source4/auth
parent3022bfef70f4d76d3a12cfb8ee8cbdc72644b58f (diff)
downloadsamba-bdee131f30e1bef31498b08bb648ddee35ea4892.tar.gz
samba-bdee131f30e1bef31498b08bb648ddee35ea4892.tar.bz2
samba-bdee131f30e1bef31498b08bb648ddee35ea4892.zip
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is
quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
Diffstat (limited to 'source4/auth')
-rw-r--r--source4/auth/auth_sam.c15
1 files changed, 7 insertions, 8 deletions
diff --git a/source4/auth/auth_sam.c b/source4/auth/auth_sam.c
index 1ad9087bfe..3318238fda 100644
--- a/source4/auth/auth_sam.c
+++ b/source4/auth/auth_sam.c
@@ -257,7 +257,7 @@ static NTSTATUS authsam_search_account(TALLOC_CTX *mem_ctx, struct ldb_context *
}
if (!domain_name) {
- const char *domain_sid;
+ struct dom_sid *domain_sid;
domain_sid = samdb_result_sid_prefix(mem_ctx, msgs[0], "objectSid");
if (!domain_sid) {
@@ -267,20 +267,20 @@ static NTSTATUS authsam_search_account(TALLOC_CTX *mem_ctx, struct ldb_context *
/* find the domain's DN */
ret = gendb_search(sam_ctx, mem_ctx, NULL, &msgs_tmp, NULL,
"(&(objectSid=%s)(objectclass=domain))",
- domain_sid);
+ ldap_encode_ndr_dom_sid(mem_ctx, domain_sid));
if (ret == -1) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
if (ret == 0) {
DEBUG(3,("check_sam_security: Couldn't find domain_sid [%s] in passdb file.\n",
- domain_sid));
+ dom_sid_string(mem_ctx, domain_sid)));
return NT_STATUS_NO_SUCH_USER;
}
if (ret > 1) {
DEBUG(0,("Found %d records matching domain_sid [%s]\n",
- ret, domain_sid));
+ ret, dom_sid_string(mem_ctx, domain_sid)));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
@@ -400,15 +400,14 @@ static NTSTATUS authsam_make_server_info(TALLOC_CTX *mem_ctx, struct ldb_context
/* Need to unroll some nested groups, but not aliases */
for (i = 0; i < group_ret; i++) {
- str = ldb_msg_find_string(group_msgs[i], "objectSid", NULL);
- groupSIDs[i] = dom_sid_parse_talloc(groupSIDs, str);
+ groupSIDs[i] = samdb_result_dom_sid(groupSIDs,
+ group_msgs[i], "objectSid");
NT_STATUS_HAVE_NO_MEMORY(groupSIDs[i]);
}
talloc_free(tmp_ctx);
- str = ldb_msg_find_string(msgs[0], "objectSid", NULL);
- account_sid = dom_sid_parse_talloc(server_info, str);
+ account_sid = samdb_result_dom_sid(server_info, msgs[0], "objectSid");
NT_STATUS_HAVE_NO_MEMORY(account_sid);
primary_group_sid = dom_sid_dup(server_info, account_sid);