diff options
author | Andrew Bartlett <abartlet@samba.org> | 2005-07-27 00:23:09 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:30:05 -0500 |
commit | 66b2a04346a568e6564b9cb21a89cf887cad3d03 (patch) | |
tree | f87081c370373939889c695fb0da0be0746bff69 /source4/rpc_server/lsa/dcesrv_lsa.c | |
parent | 40119dcb1d72795513bdad4018eff19fdc4a203d (diff) | |
download | samba-66b2a04346a568e6564b9cb21a89cf887cad3d03.tar.gz samba-66b2a04346a568e6564b9cb21a89cf887cad3d03.tar.bz2 samba-66b2a04346a568e6564b9cb21a89cf887cad3d03.zip |
r8790: Finish the migration of aliases and privilages with SamSync, by adding
templating support for foreignSecurityPrincipals to the samdb module.
This is an extension beyond what microsoft does, and has been very
useful :-)
The setup scripts have been modified to use the new template, as has
the SAMR and LSA code.
Other cleanups in LSA remove the assumption that the short domain name
is the first component of the realm.
Also add a lot of useful debug messages, to make it clear how/why the
SamSync may have gone wrong. Many of these should perhaps be hooked
into an error string.
Andrew Bartlett
(This used to be commit 1f071b0609c5c83024db1d4a7d04334a932b8253)
Diffstat (limited to 'source4/rpc_server/lsa/dcesrv_lsa.c')
-rw-r--r-- | source4/rpc_server/lsa/dcesrv_lsa.c | 56 |
1 files changed, 29 insertions, 27 deletions
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c index 78973776f1..85f94712ba 100644 --- a/source4/rpc_server/lsa/dcesrv_lsa.c +++ b/source4/rpc_server/lsa/dcesrv_lsa.c @@ -220,6 +220,9 @@ static NTSTATUS lsa_get_policy_state(struct dcesrv_call_state *dce_call, TALLOC_ struct lsa_policy_state **_state) { struct lsa_policy_state *state; + const char *domain_attrs[] = {"nETBIOSName", "nCName", NULL}; + int ret_domain; + struct ldb_message **msgs_domain; state = talloc(mem_ctx, struct lsa_policy_state); if (!state) { @@ -237,36 +240,47 @@ static NTSTATUS lsa_get_policy_state(struct dcesrv_call_state *dce_call, TALLOC_ return NT_STATUS_INVALID_SYSTEM_SERVICE; } + ret_domain = gendb_search(state->sam_ldb, mem_ctx, NULL, &msgs_domain, domain_attrs, + "(&(&(nETBIOSName=%s)(objectclass=crossRef))(ncName=*))", + lp_workgroup()); + + if (ret_domain == -1) { + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } + + if (ret_domain != 1) { + return NT_STATUS_NO_SUCH_DOMAIN; + } + /* work out the domain_dn - useful for so many calls its worth fetching here */ - state->domain_dn = talloc_reference(state, - samdb_search_string(state->sam_ldb, mem_ctx, NULL, - "dn", "(&(objectClass=domain)(!(objectclass=builtinDomain)))")); + state->domain_dn = talloc_steal(state, samdb_result_string(msgs_domain[0], "nCName", NULL)); if (!state->domain_dn) { return NT_STATUS_NO_SUCH_DOMAIN; } /* work out the builtin_dn - useful for so many calls its worth fetching here */ - state->builtin_dn = talloc_reference(state, - samdb_search_string(state->sam_ldb, mem_ctx, NULL, - "dn", "objectClass=builtinDomain")); + state->builtin_dn = talloc_steal(state, + samdb_search_string(state->sam_ldb, mem_ctx, NULL, + "dn", "objectClass=builtinDomain")); if (!state->builtin_dn) { return NT_STATUS_NO_SUCH_DOMAIN; } /* work out the system_dn - useful for so many calls its worth fetching here */ - state->system_dn = talloc_reference(state, - samdb_search_string(state->sam_ldb, mem_ctx, state->domain_dn, - "dn", "(&(objectClass=container)(cn=System))")); + state->system_dn = talloc_steal(state, + samdb_search_string(state->sam_ldb, mem_ctx, state->domain_dn, + "dn", "(&(objectClass=container)(cn=System))")); if (!state->system_dn) { return NT_STATUS_NO_SUCH_DOMAIN; } - state->domain_sid = samdb_search_dom_sid(state->sam_ldb, state, - state->domain_dn, "objectSid", - "dn=%s", state->domain_dn); + state->domain_sid = talloc_steal(state, + samdb_search_dom_sid(state->sam_ldb, state, + state->domain_dn, "objectSid", + "dn=%s", state->domain_dn)); if (!state->domain_sid) { return NT_STATUS_NO_SUCH_DOMAIN; } @@ -276,13 +290,9 @@ static NTSTATUS lsa_get_policy_state(struct dcesrv_call_state *dce_call, TALLOC_ return NT_STATUS_NO_SUCH_DOMAIN; } - state->domain_name = talloc_reference(state, - samdb_search_string(state->sam_ldb, mem_ctx, - state->domain_dn, "name", - "dn=%s", state->domain_dn)); - if (!state->domain_name) { - return NT_STATUS_NO_SUCH_DOMAIN; - } + state->domain_name = talloc_strdup(state, + samdb_result_string(msgs_domain[0], "nETBIOSName", + lp_workgroup())); *_state = state; @@ -619,14 +629,6 @@ static NTSTATUS lsa_CreateTrustedDomain(struct dcesrv_call_state *dce_call, TALL samdb_msg_add_string(trusted_domain_state->policy->sam_ldb, mem_ctx, msg, "securityIdentifier", sid_string); } - /* pull in all the template attributes. */ - ret = samdb_copy_template(trusted_domain_state->policy->sam_ldb, mem_ctx, msg, - "(&(name=TemplateTrustedDomain)(objectclass=trustedDomainTemplate))"); - if (ret != 0) { - DEBUG(0,("Failed to load TemplateTrustedDomain from samdb\n")); - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } - samdb_msg_add_string(trusted_domain_state->policy->sam_ldb, mem_ctx, msg, "objectClass", "trustedDomain"); trusted_domain_state->trusted_domain_dn = talloc_reference(trusted_domain_state, msg->dn); |