summaryrefslogtreecommitdiff
path: root/source4/rpc_server/lsa/dcesrv_lsa.c
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2005-10-07 11:31:45 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:39:32 -0500
commit1377cca5f4beb43cf67fcc65eed79f14178d6349 (patch)
tree79a693899d0c1377e4009e4088018bc561ea9af4 /source4/rpc_server/lsa/dcesrv_lsa.c
parent5158636aff545de3115e747b53ce68f753151bd7 (diff)
downloadsamba-1377cca5f4beb43cf67fcc65eed79f14178d6349.tar.gz
samba-1377cca5f4beb43cf67fcc65eed79f14178d6349.tar.bz2
samba-1377cca5f4beb43cf67fcc65eed79f14178d6349.zip
r10810: This adds the hooks required to communicate the current user from the
authenticated session down into LDB. This associates a session info structure with the open LDB, allowing a future ldb_ntacl module to allow/deny operations on that basis. Along the way, I cleaned up a few things, and added new helper functions to assist. In particular the LSA pipe uses simpler queries for some of the setup. In ldap_server, I have removed the 'ldasrv:hacked' module, which hasn't been worked on (other than making it continue to compile) since January, and I think the features of this module are being put into ldb anyway. I have also changed the partitions in ldap_server to be initialised after the connection, with the private pointer used to associate the ldb with the incoming session. Andrew Bartlett (This used to be commit fd7203789a2c0929eecea8125b57b833a67fed71)
Diffstat (limited to 'source4/rpc_server/lsa/dcesrv_lsa.c')
-rw-r--r--source4/rpc_server/lsa/dcesrv_lsa.c40
1 files changed, 12 insertions, 28 deletions
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index ba28462d5e..e4b0e8c8ba 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -27,9 +27,9 @@
#include "rpc_server/dcerpc_server.h"
#include "rpc_server/common/common.h"
#include "lib/ldb/include/ldb.h"
-#include "auth/auth.h"
#include "system/time.h"
#include "db_wrap.h"
+#include "auth/auth.h"
/*
this type allows us to distinguish handle types
@@ -220,9 +220,6 @@ static NTSTATUS lsa_get_policy_state(struct dcesrv_call_state *dce_call, TALLOC_
struct lsa_policy_state **_state)
{
struct lsa_policy_state *state;
- const char *domain_attrs[] = {"nETBIOSName", "nCName", NULL};
- int ret_domain;
- struct ldb_message **msgs_domain;
state = talloc(mem_ctx, struct lsa_policy_state);
if (!state) {
@@ -230,7 +227,7 @@ static NTSTATUS lsa_get_policy_state(struct dcesrv_call_state *dce_call, TALLOC_
}
/* make sure the sam database is accessible */
- state->sam_ldb = samdb_connect(state);
+ state->sam_ldb = samdb_connect(state, dce_call->conn->auth_state.session_info);
if (state->sam_ldb == NULL) {
return NT_STATUS_INVALID_SYSTEM_SERVICE;
}
@@ -247,16 +244,14 @@ static NTSTATUS lsa_get_policy_state(struct dcesrv_call_state *dce_call, TALLOC_
return NT_STATUS_NO_MEMORY;
}
- ret_domain = gendb_search(state->sam_ldb, mem_ctx, NULL, &msgs_domain, domain_attrs,
- "(&(objectclass=crossRef)(ncName=%s))", ldb_dn_linearize(mem_ctx, state->domain_dn));
+ state->domain_name
+ = samdb_search_string(state->sam_ldb, mem_ctx, NULL, "nETBIOSName",
+ "(&(objectclass=crossRef)(ncName=%s))", ldb_dn_linearize(mem_ctx, state->domain_dn));
- if (ret_domain == -1) {
- return NT_STATUS_INTERNAL_DB_CORRUPTION;
- }
-
- if (ret_domain != 1) {
+ if (!state->domain_name) {
return NT_STATUS_NO_SUCH_DOMAIN;
}
+ talloc_steal(state, state->domain_name);
/* work out the builtin_dn - useful for so many calls its worth
fetching here */
@@ -273,23 +268,20 @@ static NTSTATUS lsa_get_policy_state(struct dcesrv_call_state *dce_call, TALLOC_
return NT_STATUS_NO_SUCH_DOMAIN;
}
- state->domain_sid = talloc_steal(state,
- samdb_search_dom_sid(state->sam_ldb, state,
- state->domain_dn, "objectSid", "dn=%s",
- ldb_dn_linearize(mem_ctx, state->domain_dn)));
+ state->domain_sid = samdb_search_dom_sid(state->sam_ldb, state,
+ state->domain_dn, "objectSid", "dn=%s",
+ ldb_dn_linearize(mem_ctx, state->domain_dn));
if (!state->domain_sid) {
return NT_STATUS_NO_SUCH_DOMAIN;
}
+ talloc_steal(state, state->domain_sid);
+
state->builtin_sid = dom_sid_parse_talloc(state, SID_BUILTIN);
if (!state->builtin_sid) {
return NT_STATUS_NO_SUCH_DOMAIN;
}
- state->domain_name = talloc_strdup(state,
- samdb_result_string(msgs_domain[0], "nETBIOSName",
- lp_workgroup()));
-
*_state = state;
return NT_STATUS_OK;
@@ -2426,14 +2418,6 @@ static NTSTATUS lsa_GetUserName(struct dcesrv_call_state *dce_call, TALLOC_CTX *
return NT_STATUS_INVALID_PARAMETER;
}
- /* TODO: this check should go and we should rely on the calling code that this is valid */
- if (!dce_call->conn->auth_state.session_info ||
- !dce_call->conn->auth_state.session_info->server_info ||
- !dce_call->conn->auth_state.session_info->server_info->account_name ||
- !dce_call->conn->auth_state.session_info->server_info->domain_name) {
- return NT_STATUS_INTERNAL_ERROR;
- }
-
account_name = talloc_reference(mem_ctx, dce_call->conn->auth_state.session_info->server_info->account_name);
authority_name = talloc_reference(mem_ctx, dce_call->conn->auth_state.session_info->server_info->domain_name);