summaryrefslogtreecommitdiff
path: root/source4/rpc_server/samr
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2005-07-27 00:23:09 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:30:05 -0500
commit66b2a04346a568e6564b9cb21a89cf887cad3d03 (patch)
treef87081c370373939889c695fb0da0be0746bff69 /source4/rpc_server/samr
parent40119dcb1d72795513bdad4018eff19fdc4a203d (diff)
downloadsamba-66b2a04346a568e6564b9cb21a89cf887cad3d03.tar.gz
samba-66b2a04346a568e6564b9cb21a89cf887cad3d03.tar.bz2
samba-66b2a04346a568e6564b9cb21a89cf887cad3d03.zip
r8790: Finish the migration of aliases and privilages with SamSync, by adding
templating support for foreignSecurityPrincipals to the samdb module. This is an extension beyond what microsoft does, and has been very useful :-) The setup scripts have been modified to use the new template, as has the SAMR and LSA code. Other cleanups in LSA remove the assumption that the short domain name is the first component of the realm. Also add a lot of useful debug messages, to make it clear how/why the SamSync may have gone wrong. Many of these should perhaps be hooked into an error string. Andrew Bartlett (This used to be commit 1f071b0609c5c83024db1d4a7d04334a932b8253)
Diffstat (limited to 'source4/rpc_server/samr')
-rw-r--r--source4/rpc_server/samr/dcesrv_samr.c26
1 files changed, 5 insertions, 21 deletions
diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c
index 3cda88c04c..26593d1697 100644
--- a/source4/rpc_server/samr/dcesrv_samr.c
+++ b/source4/rpc_server/samr/dcesrv_samr.c
@@ -747,7 +747,7 @@ static NTSTATUS samr_CreateUser2(struct dcesrv_call_state *dce_call, TALLOC_CTX
a_state->domain_state = talloc_reference(a_state, d_state);
a_state->account_dn = talloc_steal(a_state, msg->dn);
- /* retrieve the sid for the group just created */
+ /* retrieve the sid for the user just created */
sid = samdb_search_dom_sid(d_state->sam_ctx, a_state,
msg->dn, "objectSid", "dn=%s", msg->dn);
if (sid == NULL) {
@@ -907,7 +907,7 @@ static NTSTATUS samr_CreateDomAlias(struct dcesrv_call_state *dce_call, TALLOC_C
/* Check if alias already exists */
name = samdb_search_string(d_state->sam_ctx, mem_ctx, NULL,
"sAMAccountName",
- "(&pAMAccountName=%s)(objectclass=group))",
+ "(sAMAccountName=%s)(objectclass=group))",
alias_name);
if (name != NULL) {
@@ -2040,17 +2040,6 @@ static NTSTATUS samr_AddAliasMember(struct dcesrv_call_state *dce_call, TALLOC_C
return NT_STATUS_NO_MEMORY;
}
- /* pull in all the template attributes */
- ret = samdb_copy_template(d_state->sam_ctx, mem_ctx, msg,
- "(&(name=TemplateForeignSecurityPrincipal)"
- "(objectclass=foreignSecurityPrincipalTemplate))");
- if (ret != 0) {
- DEBUG(0,("Failed to load "
- "TemplateForeignSecurityPrincipal "
- "from samdb\n"));
- return NT_STATUS_INTERNAL_DB_CORRUPTION;
- }
-
/* TODO: Hmmm. This feels wrong. How do I find the base dn to
* put the ForeignSecurityPrincipals? d_state->domain_dn does
* not work, this is wrong for the Builtin domain, there's no
@@ -2076,13 +2065,9 @@ static NTSTATUS samr_AddAliasMember(struct dcesrv_call_state *dce_call, TALLOC_C
memberdn = msg->dn;
samdb_msg_add_string(d_state->sam_ctx, mem_ctx, msg,
- "name", sidstr);
- samdb_msg_add_string(d_state->sam_ctx, mem_ctx, msg,
"objectClass",
"foreignSecurityPrincipal");
- samdb_msg_add_string(d_state->sam_ctx, mem_ctx, msg,
- "objectSid", sidstr);
-
+
/* create the alias */
ret = samdb_add(d_state->sam_ctx, mem_ctx, msg);
if (ret != 0) {
@@ -3256,7 +3241,7 @@ static NTSTATUS samr_GetDomPwInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX
struct ldb_message **msgs;
int ret;
const char * const attrs[] = {"minPwdLength", "pwdProperties", NULL };
- void *sam_ctx;
+ struct ldb_context *sam_ctx;
ZERO_STRUCT(r->out.info);
@@ -3267,8 +3252,7 @@ static NTSTATUS samr_GetDomPwInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX
ret = gendb_search(sam_ctx,
mem_ctx, NULL, &msgs, attrs,
- "(&(name=%s)(objectclass=domain))",
- lp_workgroup());
+ "(&(!(objectClass=builtinDomain))(objectclass=domain))");
if (ret <= 0) {
return NT_STATUS_NO_SUCH_DOMAIN;
}