diff options
author | Andrew Tridgell <tridge@samba.org> | 2009-10-06 18:59:30 +1100 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 2009-10-06 18:59:30 +1100 |
commit | 0285d568c55410f3e2a5cfda5693873be2841151 (patch) | |
tree | 4bda2ac3b1633da463e03190ba253e94a6d8e4e0 /source4/rpc_server/drsuapi | |
parent | f800d4998dc5cfa1e8ed2639dc334add78ceaea5 (diff) | |
download | samba-0285d568c55410f3e2a5cfda5693873be2841151.tar.gz samba-0285d568c55410f3e2a5cfda5693873be2841151.tar.bz2 samba-0285d568c55410f3e2a5cfda5693873be2841151.zip |
s4-drs: take advantage of system session auth in dsbind
Now that the bind opens samdb with the right credentials, we no longer
need the re-open in updaterefs and getncchanges
Diffstat (limited to 'source4/rpc_server/drsuapi')
-rw-r--r-- | source4/rpc_server/drsuapi/getncchanges.c | 33 | ||||
-rw-r--r-- | source4/rpc_server/drsuapi/updaterefs.c | 29 |
2 files changed, 21 insertions, 41 deletions
diff --git a/source4/rpc_server/drsuapi/getncchanges.c b/source4/rpc_server/drsuapi/getncchanges.c index 2bfdf5280a..5713d41f84 100644 --- a/source4/rpc_server/drsuapi/getncchanges.c +++ b/source4/rpc_server/drsuapi/getncchanges.c @@ -66,7 +66,7 @@ static WERROR get_nc_changes_build_object(struct drsuapi_DsReplicaObjectListItem if (instance_type & INSTANCE_TYPE_IS_NC_HEAD) { struct ldb_result *res; int ret; - char *dnstr = ldb_dn_get_linearized(msg->dn); + const char *dnstr = ldb_dn_get_linearized(msg->dn); msg->dn = ldb_dn_new(msg, sam_ctx, dnstr); /* we need to re-search the msg, to avoid the * broken dual message problems with our @@ -322,7 +322,6 @@ static WERROR get_nc_changes_udv(struct ldb_context *sam_ctx, struct drsuapi_getncchanges_state { struct ldb_result *site_res; uint32_t num_sent; - struct ldb_context *sam_ctx; struct ldb_dn *ncRoot_dn; uint32_t min_usn; }; @@ -393,18 +392,6 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_ return WERR_NOMEM; } b_state->getncchanges_state = getnc_state; - - - /* - * connect to the samdb. TODO: We need to check that the caller - * has the rights to do this. This exposes all attributes, - * including all passwords. - */ - getnc_state->sam_ctx = samdb_connect(getnc_state, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, - system_session(getnc_state, dce_call->conn->dce_ctx->lp_ctx)); - if (!getnc_state->sam_ctx) { - return WERR_FOOBAR; - } } /* we need the session key for encrypting password attributes */ @@ -431,14 +418,14 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_ search_filter); } - getnc_state->ncRoot_dn = ldb_dn_new(getnc_state, getnc_state->sam_ctx, ncRoot->dn); + getnc_state->ncRoot_dn = ldb_dn_new(getnc_state, b_state->sam_ctx, ncRoot->dn); if (r->in.req->req8.replica_flags & DRSUAPI_DS_REPLICA_NEIGHBOUR_ASYNC_REP) { scope = LDB_SCOPE_BASE; } DEBUG(6,(__location__ ": getncchanges on %s using filter %s\n", ldb_dn_get_linearized(getnc_state->ncRoot_dn), search_filter)); - ret = drsuapi_search_with_extended_dn(getnc_state->sam_ctx, getnc_state, &getnc_state->site_res, + ret = drsuapi_search_with_extended_dn(b_state->sam_ctx, getnc_state, &getnc_state->site_res, getnc_state->ncRoot_dn, scope, attrs, "distinguishedName", search_filter); @@ -448,7 +435,7 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_ } /* Prefix mapping */ - schema = dsdb_get_schema(getnc_state->sam_ctx); + schema = dsdb_get_schema(b_state->sam_ctx); if (!schema) { DEBUG(0,("No schema in sam_ctx\n")); return WERR_DS_DRA_INTERNAL_ERROR; @@ -457,7 +444,7 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_ r->out.ctr->ctr6.naming_context = talloc(mem_ctx, struct drsuapi_DsReplicaObjectIdentifier); *r->out.ctr->ctr6.naming_context = *ncRoot; - if (dsdb_find_guid_by_dn(getnc_state->sam_ctx, getnc_state->ncRoot_dn, + if (dsdb_find_guid_by_dn(b_state->sam_ctx, getnc_state->ncRoot_dn, &r->out.ctr->ctr6.naming_context->guid) != LDB_SUCCESS) { DEBUG(0,(__location__ ": Failed to find GUID of ncRoot_dn %s\n", ldb_dn_get_linearized(getnc_state->ncRoot_dn))); @@ -465,13 +452,13 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_ } /* find the SID if there is one */ - dsdb_find_sid_by_dn(getnc_state->sam_ctx, getnc_state->ncRoot_dn, &r->out.ctr->ctr6.naming_context->sid); + dsdb_find_sid_by_dn(b_state->sam_ctx, getnc_state->ncRoot_dn, &r->out.ctr->ctr6.naming_context->sid); dsdb_get_oid_mappings_drsuapi(schema, true, mem_ctx, &ctr); r->out.ctr->ctr6.mapping_ctr = *ctr; - r->out.ctr->ctr6.source_dsa_guid = *(samdb_ntds_objectGUID(getnc_state->sam_ctx)); - r->out.ctr->ctr6.source_dsa_invocation_id = *(samdb_ntds_invocation_id(getnc_state->sam_ctx)); + r->out.ctr->ctr6.source_dsa_guid = *(samdb_ntds_objectGUID(b_state->sam_ctx)); + r->out.ctr->ctr6.source_dsa_invocation_id = *(samdb_ntds_invocation_id(b_state->sam_ctx)); r->out.ctr->ctr6.old_highwatermark = r->in.req->req8.highwatermark; r->out.ctr->ctr6.new_highwatermark = r->in.req->req8.highwatermark; @@ -493,7 +480,7 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_ } werr = get_nc_changes_build_object(obj, getnc_state->site_res->msgs[i], - getnc_state->sam_ctx, getnc_state->ncRoot_dn, + b_state->sam_ctx, getnc_state->ncRoot_dn, schema, &session_key, getnc_state->min_usn, r->in.req->req8.replica_flags); if (!W_ERROR_IS_OK(werr)) { @@ -528,7 +515,7 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_ r->out.ctr->ctr6.new_highwatermark.highest_usn = r->out.ctr->ctr6.new_highwatermark.tmp_highest_usn; - werr = get_nc_changes_udv(getnc_state->sam_ctx, getnc_state->ncRoot_dn, + werr = get_nc_changes_udv(b_state->sam_ctx, getnc_state->ncRoot_dn, r->out.ctr->ctr6.uptodateness_vector); if (!W_ERROR_IS_OK(werr)) { return werr; diff --git a/source4/rpc_server/drsuapi/updaterefs.c b/source4/rpc_server/drsuapi/updaterefs.c index e12be6f058..d01fabf575 100644 --- a/source4/rpc_server/drsuapi/updaterefs.c +++ b/source4/rpc_server/drsuapi/updaterefs.c @@ -101,9 +101,13 @@ WERROR dcesrv_drsuapi_DsReplicaUpdateRefs(struct dcesrv_call_state *dce_call, TA struct drsuapi_DsReplicaUpdateRefs *r) { struct drsuapi_DsReplicaUpdateRefsRequest1 *req; - struct ldb_context *sam_ctx; WERROR werr; struct ldb_dn *dn; + struct dcesrv_handle *h; + struct drsuapi_bind_state *b_state; + + DCESRV_PULL_HANDLE_WERR(h, r->in.bind_handle, DRSUAPI_BIND_HANDLE); + b_state = h->data; werr = drs_security_level_check(dce_call, "DsReplicaUpdateRefs"); if (!W_ERROR_IS_OK(werr)) { @@ -121,27 +125,18 @@ WERROR dcesrv_drsuapi_DsReplicaUpdateRefs(struct dcesrv_call_state *dce_call, TA req->options, drs_ObjectIdentifier_to_string(mem_ctx, req->naming_context))); - /* TODO: We need to authenticate this operation pretty carefully */ - sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, - system_session(mem_ctx, dce_call->conn->dce_ctx->lp_ctx)); - if (!sam_ctx) { - return WERR_DS_DRA_INTERNAL_ERROR; - } - - dn = ldb_dn_new(mem_ctx, sam_ctx, req->naming_context->dn); + dn = ldb_dn_new(mem_ctx, b_state->sam_ctx, req->naming_context->dn); if (dn == NULL) { - talloc_free(sam_ctx); return WERR_DS_INVALID_DN_SYNTAX; } - if (ldb_transaction_start(sam_ctx) != LDB_SUCCESS) { + if (ldb_transaction_start(b_state->sam_ctx) != LDB_SUCCESS) { DEBUG(0,(__location__ ": Failed to start transaction on samdb\n")); - talloc_free(sam_ctx); return WERR_DS_DRA_INTERNAL_ERROR; } if (req->options & DRSUAPI_DS_REPLICA_UPDATE_DELETE_REFERENCE) { - werr = uref_del_dest(sam_ctx, mem_ctx, dn, &req->dest_dsa_guid); + werr = uref_del_dest(b_state->sam_ctx, mem_ctx, dn, &req->dest_dsa_guid); if (!W_ERROR_IS_OK(werr)) { DEBUG(0,("Failed to delete repsTo for %s\n", GUID_string(dce_call, &req->dest_dsa_guid))); @@ -161,7 +156,7 @@ WERROR dcesrv_drsuapi_DsReplicaUpdateRefs(struct dcesrv_call_state *dce_call, TA dest.source_dsa_obj_guid = req->dest_dsa_guid; dest.replica_flags = req->options; - werr = uref_add_dest(sam_ctx, mem_ctx, dn, &dest); + werr = uref_add_dest(b_state->sam_ctx, mem_ctx, dn, &dest); if (!W_ERROR_IS_OK(werr)) { DEBUG(0,("Failed to delete repsTo for %s\n", GUID_string(dce_call, &dest.source_dsa_obj_guid))); @@ -169,16 +164,14 @@ WERROR dcesrv_drsuapi_DsReplicaUpdateRefs(struct dcesrv_call_state *dce_call, TA } } - if (ldb_transaction_commit(sam_ctx) != LDB_SUCCESS) { + if (ldb_transaction_commit(b_state->sam_ctx) != LDB_SUCCESS) { DEBUG(0,(__location__ ": Failed to commit transaction on samdb\n")); return WERR_DS_DRA_INTERNAL_ERROR; } - talloc_free(sam_ctx); return WERR_OK; failed: - ldb_transaction_cancel(sam_ctx); - talloc_free(sam_ctx); + ldb_transaction_cancel(b_state->sam_ctx); return werr; } |