summaryrefslogtreecommitdiff
path: root/source4/dsdb
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2012-08-14 18:46:47 +1000
committerAndrew Bartlett <abartlet@samba.org>2012-08-14 15:37:22 +0200
commit1e127b270cf60a34ea9f0c74bbefa98ef9dd019f (patch)
tree404d0d2faa4379b32122afd322b2c42aab0e45fd /source4/dsdb
parent3c8d8f206b79280604cb79f263e74aa2b681726e (diff)
downloadsamba-1e127b270cf60a34ea9f0c74bbefa98ef9dd019f.tar.gz
samba-1e127b270cf60a34ea9f0c74bbefa98ef9dd019f.tar.bz2
samba-1e127b270cf60a34ea9f0c74bbefa98ef9dd019f.zip
s4-dsdb: Add helper function samdb_reference_dn_is_our_ntdsa()
We often want to know if we own an FSMO role (for example). This tries to be more efficient by comparing the GUID, rather than the string DN, as this does not need to be re-fetched each time. Andrew Bartlett
Diffstat (limited to 'source4/dsdb')
-rw-r--r--source4/dsdb/common/util.c40
1 files changed, 39 insertions, 1 deletions
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index 565dc36306..fd18d8881f 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -1588,7 +1588,7 @@ int samdb_reference_dn(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, struct ldb_
attrs[0] = attribute;
attrs[1] = NULL;
- ret = dsdb_search(ldb, mem_ctx, &res, base, LDB_SCOPE_BASE, attrs, DSDB_SEARCH_ONE_ONLY, NULL);
+ ret = dsdb_search(ldb, mem_ctx, &res, base, LDB_SCOPE_BASE, attrs, DSDB_SEARCH_ONE_ONLY|DSDB_SEARCH_SHOW_EXTENDED_DN, NULL);
if (ret != LDB_SUCCESS) {
ldb_asprintf_errstring(ldb, "Cannot find DN %s to get attribute %s for reference dn: %s",
ldb_dn_get_linearized(base), attribute, ldb_errstring(ldb));
@@ -1613,6 +1613,44 @@ int samdb_reference_dn(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, struct ldb_
}
/*
+ find a 'reference' DN that points at another object and indicate if it is our ntdsDsa
+ */
+int samdb_reference_dn_is_our_ntdsa(struct ldb_context *ldb, struct ldb_dn *base,
+ const char *attribute, bool *is_ntdsa)
+{
+ int ret;
+ struct ldb_dn *referenced_dn;
+ NTSTATUS status;
+ TALLOC_CTX *tmp_ctx = talloc_new(ldb);
+ struct GUID referenced_guid;
+ const struct GUID *our_ntds_guid;
+ if (tmp_ctx == NULL) {
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+ ret = samdb_reference_dn(ldb, tmp_ctx, base, attribute, &referenced_dn);
+ if (ret != LDB_SUCCESS) {
+ DEBUG(0, ("Failed to find object %s for attribute %s - %s\n", ldb_dn_get_linearized(base), attribute, ldb_errstring(ldb)));
+ return ret;
+ }
+
+ status = dsdb_get_extended_dn_guid(referenced_dn, &referenced_guid, "GUID");
+ talloc_free(tmp_ctx);
+ if (!NT_STATUS_IS_OK(status)) {
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+
+ our_ntds_guid = samdb_ntds_objectGUID(ldb);
+ if (!our_ntds_guid) {
+ DEBUG(0, ("Failed to find our NTDS Settings GUID for comparison with %s on %s - %s\n", attribute, ldb_dn_get_linearized(base), ldb_errstring(ldb)));
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ *is_ntdsa = GUID_equal(&referenced_guid, our_ntds_guid);
+ return LDB_SUCCESS;
+}
+
+/*
find our machine account via the serverReference attribute in the
server DN
*/