diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2006-07-06 05:23:29 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 14:09:48 -0500 |
| commit | f2e8b3202c99065dafca3ba36a43450c509d0bd8 (patch) | |
| tree | 4775c5023eab78b1a3f8e95bea249f40b6d8cc26 /source4/rpc_server/samr | |
| parent | 3aa8a700e6b838ffc32bb7e9aebbb197e91c4704 (diff) | |
| download | samba-f2e8b3202c99065dafca3ba36a43450c509d0bd8.tar.gz samba-f2e8b3202c99065dafca3ba36a43450c509d0bd8.tar.bz2 samba-f2e8b3202c99065dafca3ba36a43450c509d0bd8.zip | |
r16827: Factor out some code into common samdb functions:
- creation of ForeignSecurityPrincipals
- template duplication code
Rework much of the LSA server to pass the RPC-LSA test. Much of the
server code was untested. In implementing the LSA Accounts feature, I
have opted to have it only create entires when privilages are applied,
and not to delete entries, but to delete the privilages.
We skip some parts of the test, but it is much better than not testing
it at all.
Andrew Bartlett
(This used to be commit 10eeea6da465564ed9f785d06e2d2ed06cfe29a4)
Diffstat (limited to 'source4/rpc_server/samr')
| -rw-r--r-- | source4/rpc_server/samr/dcesrv_samr.c | 56 |
1 files changed, 6 insertions, 50 deletions
diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c index 40d562fc0c..e36c0e96ea 100644 --- a/source4/rpc_server/samr/dcesrv_samr.c +++ b/source4/rpc_server/samr/dcesrv_samr.c @@ -2527,6 +2527,7 @@ static NTSTATUS samr_AddAliasMember(struct dcesrv_call_state *dce_call, TALLOC_C const char * const attrs[] = { NULL }; struct ldb_dn *memberdn = NULL; int ret; + NTSTATUS status; DCESRV_PULL_HANDLE(h, r->in.alias_handle, SAMR_HANDLE_ALIAS); @@ -2544,58 +2545,13 @@ static NTSTATUS samr_AddAliasMember(struct dcesrv_call_state *dce_call, TALLOC_C ret, dom_sid_string(mem_ctx, r->in.sid))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } else if (ret == 0) { - struct ldb_message *msg; - struct ldb_dn *basedn; - const char *sidstr; - - sidstr = dom_sid_string(mem_ctx, r->in.sid); - NT_STATUS_HAVE_NO_MEMORY(sidstr); - - /* We might have to create a ForeignSecurityPrincipal, even if this user - * is in our own domain */ - - msg = ldb_msg_new(mem_ctx); - if (msg == NULL) { - return NT_STATUS_NO_MEMORY; - } - - /* TODO: Hmmm. This feels wrong. How do I find the base dn to - * put the ForeignSecurityPrincipals? d_state->domain_dn does - * not work, this is wrong for the Builtin domain, there's no - * cn=For...,cn=Builtin,dc={BASEDN}. -- vl - */ - - basedn = samdb_search_dn(d_state->sam_ctx, mem_ctx, samdb_base_dn(mem_ctx), - "(&(objectClass=container)(cn=ForeignSecurityPrincipals))"); - - if (basedn == NULL) { - DEBUG(0, ("Failed to find DN for " - "ForeignSecurityPrincipal container\n")); - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } - - /* add core elements to the ldb_message for the alias */ - msg->dn = ldb_dn_build_child(mem_ctx, "CN", sidstr, basedn); - if (msg->dn == NULL) - return NT_STATUS_NO_MEMORY; - - memberdn = msg->dn; - - samdb_msg_add_string(d_state->sam_ctx, mem_ctx, msg, - "objectClass", - "foreignSecurityPrincipal"); - - /* create the alias */ - ret = samdb_add(d_state->sam_ctx, mem_ctx, msg); - if (ret != 0) { - DEBUG(0,("Failed to create foreignSecurityPrincipal " - "record %s: %s\n", - ldb_dn_linearize(mem_ctx, msg->dn), - ldb_errstring(d_state->sam_ctx))); - return NT_STATUS_INTERNAL_DB_CORRUPTION; + status = samdb_create_foreign_security_principal(d_state->sam_ctx, mem_ctx, + r->in.sid, &memberdn); + if (!NT_STATUS_IS_OK(status)) { + return status; } } else { - DEBUG(0, ("samdb_search returned %d\n", ret)); + DEBUG(0, ("samdb_search returned %d: %s\n", ret, ldb_errstring(d_state->sam_ctx))); } if (memberdn == NULL) { |