summaryrefslogtreecommitdiff
path: root/source4/rpc_server
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2009-10-06 18:59:30 +1100
committerAndrew Tridgell <tridge@samba.org>2009-10-06 18:59:30 +1100
commit0285d568c55410f3e2a5cfda5693873be2841151 (patch)
tree4bda2ac3b1633da463e03190ba253e94a6d8e4e0 /source4/rpc_server
parentf800d4998dc5cfa1e8ed2639dc334add78ceaea5 (diff)
downloadsamba-0285d568c55410f3e2a5cfda5693873be2841151.tar.gz
samba-0285d568c55410f3e2a5cfda5693873be2841151.tar.bz2
samba-0285d568c55410f3e2a5cfda5693873be2841151.zip
s4-drs: take advantage of system session auth in dsbind
Now that the bind opens samdb with the right credentials, we no longer need the re-open in updaterefs and getncchanges
Diffstat (limited to 'source4/rpc_server')
-rw-r--r--source4/rpc_server/drsuapi/getncchanges.c33
-rw-r--r--source4/rpc_server/drsuapi/updaterefs.c29
2 files changed, 21 insertions, 41 deletions
diff --git a/source4/rpc_server/drsuapi/getncchanges.c b/source4/rpc_server/drsuapi/getncchanges.c
index 2bfdf5280a..5713d41f84 100644
--- a/source4/rpc_server/drsuapi/getncchanges.c
+++ b/source4/rpc_server/drsuapi/getncchanges.c
@@ -66,7 +66,7 @@ static WERROR get_nc_changes_build_object(struct drsuapi_DsReplicaObjectListItem
if (instance_type & INSTANCE_TYPE_IS_NC_HEAD) {
struct ldb_result *res;
int ret;
- char *dnstr = ldb_dn_get_linearized(msg->dn);
+ const char *dnstr = ldb_dn_get_linearized(msg->dn);
msg->dn = ldb_dn_new(msg, sam_ctx, dnstr);
/* we need to re-search the msg, to avoid the
* broken dual message problems with our
@@ -322,7 +322,6 @@ static WERROR get_nc_changes_udv(struct ldb_context *sam_ctx,
struct drsuapi_getncchanges_state {
struct ldb_result *site_res;
uint32_t num_sent;
- struct ldb_context *sam_ctx;
struct ldb_dn *ncRoot_dn;
uint32_t min_usn;
};
@@ -393,18 +392,6 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_
return WERR_NOMEM;
}
b_state->getncchanges_state = getnc_state;
-
-
- /*
- * connect to the samdb. TODO: We need to check that the caller
- * has the rights to do this. This exposes all attributes,
- * including all passwords.
- */
- getnc_state->sam_ctx = samdb_connect(getnc_state, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx,
- system_session(getnc_state, dce_call->conn->dce_ctx->lp_ctx));
- if (!getnc_state->sam_ctx) {
- return WERR_FOOBAR;
- }
}
/* we need the session key for encrypting password attributes */
@@ -431,14 +418,14 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_
search_filter);
}
- getnc_state->ncRoot_dn = ldb_dn_new(getnc_state, getnc_state->sam_ctx, ncRoot->dn);
+ getnc_state->ncRoot_dn = ldb_dn_new(getnc_state, b_state->sam_ctx, ncRoot->dn);
if (r->in.req->req8.replica_flags & DRSUAPI_DS_REPLICA_NEIGHBOUR_ASYNC_REP) {
scope = LDB_SCOPE_BASE;
}
DEBUG(6,(__location__ ": getncchanges on %s using filter %s\n",
ldb_dn_get_linearized(getnc_state->ncRoot_dn), search_filter));
- ret = drsuapi_search_with_extended_dn(getnc_state->sam_ctx, getnc_state, &getnc_state->site_res,
+ ret = drsuapi_search_with_extended_dn(b_state->sam_ctx, getnc_state, &getnc_state->site_res,
getnc_state->ncRoot_dn, scope, attrs,
"distinguishedName",
search_filter);
@@ -448,7 +435,7 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_
}
/* Prefix mapping */
- schema = dsdb_get_schema(getnc_state->sam_ctx);
+ schema = dsdb_get_schema(b_state->sam_ctx);
if (!schema) {
DEBUG(0,("No schema in sam_ctx\n"));
return WERR_DS_DRA_INTERNAL_ERROR;
@@ -457,7 +444,7 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_
r->out.ctr->ctr6.naming_context = talloc(mem_ctx, struct drsuapi_DsReplicaObjectIdentifier);
*r->out.ctr->ctr6.naming_context = *ncRoot;
- if (dsdb_find_guid_by_dn(getnc_state->sam_ctx, getnc_state->ncRoot_dn,
+ if (dsdb_find_guid_by_dn(b_state->sam_ctx, getnc_state->ncRoot_dn,
&r->out.ctr->ctr6.naming_context->guid) != LDB_SUCCESS) {
DEBUG(0,(__location__ ": Failed to find GUID of ncRoot_dn %s\n",
ldb_dn_get_linearized(getnc_state->ncRoot_dn)));
@@ -465,13 +452,13 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_
}
/* find the SID if there is one */
- dsdb_find_sid_by_dn(getnc_state->sam_ctx, getnc_state->ncRoot_dn, &r->out.ctr->ctr6.naming_context->sid);
+ dsdb_find_sid_by_dn(b_state->sam_ctx, getnc_state->ncRoot_dn, &r->out.ctr->ctr6.naming_context->sid);
dsdb_get_oid_mappings_drsuapi(schema, true, mem_ctx, &ctr);
r->out.ctr->ctr6.mapping_ctr = *ctr;
- r->out.ctr->ctr6.source_dsa_guid = *(samdb_ntds_objectGUID(getnc_state->sam_ctx));
- r->out.ctr->ctr6.source_dsa_invocation_id = *(samdb_ntds_invocation_id(getnc_state->sam_ctx));
+ r->out.ctr->ctr6.source_dsa_guid = *(samdb_ntds_objectGUID(b_state->sam_ctx));
+ r->out.ctr->ctr6.source_dsa_invocation_id = *(samdb_ntds_invocation_id(b_state->sam_ctx));
r->out.ctr->ctr6.old_highwatermark = r->in.req->req8.highwatermark;
r->out.ctr->ctr6.new_highwatermark = r->in.req->req8.highwatermark;
@@ -493,7 +480,7 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_
}
werr = get_nc_changes_build_object(obj, getnc_state->site_res->msgs[i],
- getnc_state->sam_ctx, getnc_state->ncRoot_dn,
+ b_state->sam_ctx, getnc_state->ncRoot_dn,
schema, &session_key, getnc_state->min_usn,
r->in.req->req8.replica_flags);
if (!W_ERROR_IS_OK(werr)) {
@@ -528,7 +515,7 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_
r->out.ctr->ctr6.new_highwatermark.highest_usn = r->out.ctr->ctr6.new_highwatermark.tmp_highest_usn;
- werr = get_nc_changes_udv(getnc_state->sam_ctx, getnc_state->ncRoot_dn,
+ werr = get_nc_changes_udv(b_state->sam_ctx, getnc_state->ncRoot_dn,
r->out.ctr->ctr6.uptodateness_vector);
if (!W_ERROR_IS_OK(werr)) {
return werr;
diff --git a/source4/rpc_server/drsuapi/updaterefs.c b/source4/rpc_server/drsuapi/updaterefs.c
index e12be6f058..d01fabf575 100644
--- a/source4/rpc_server/drsuapi/updaterefs.c
+++ b/source4/rpc_server/drsuapi/updaterefs.c
@@ -101,9 +101,13 @@ WERROR dcesrv_drsuapi_DsReplicaUpdateRefs(struct dcesrv_call_state *dce_call, TA
struct drsuapi_DsReplicaUpdateRefs *r)
{
struct drsuapi_DsReplicaUpdateRefsRequest1 *req;
- struct ldb_context *sam_ctx;
WERROR werr;
struct ldb_dn *dn;
+ struct dcesrv_handle *h;
+ struct drsuapi_bind_state *b_state;
+
+ DCESRV_PULL_HANDLE_WERR(h, r->in.bind_handle, DRSUAPI_BIND_HANDLE);
+ b_state = h->data;
werr = drs_security_level_check(dce_call, "DsReplicaUpdateRefs");
if (!W_ERROR_IS_OK(werr)) {
@@ -121,27 +125,18 @@ WERROR dcesrv_drsuapi_DsReplicaUpdateRefs(struct dcesrv_call_state *dce_call, TA
req->options,
drs_ObjectIdentifier_to_string(mem_ctx, req->naming_context)));
- /* TODO: We need to authenticate this operation pretty carefully */
- sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx,
- system_session(mem_ctx, dce_call->conn->dce_ctx->lp_ctx));
- if (!sam_ctx) {
- return WERR_DS_DRA_INTERNAL_ERROR;
- }
-
- dn = ldb_dn_new(mem_ctx, sam_ctx, req->naming_context->dn);
+ dn = ldb_dn_new(mem_ctx, b_state->sam_ctx, req->naming_context->dn);
if (dn == NULL) {
- talloc_free(sam_ctx);
return WERR_DS_INVALID_DN_SYNTAX;
}
- if (ldb_transaction_start(sam_ctx) != LDB_SUCCESS) {
+ if (ldb_transaction_start(b_state->sam_ctx) != LDB_SUCCESS) {
DEBUG(0,(__location__ ": Failed to start transaction on samdb\n"));
- talloc_free(sam_ctx);
return WERR_DS_DRA_INTERNAL_ERROR;
}
if (req->options & DRSUAPI_DS_REPLICA_UPDATE_DELETE_REFERENCE) {
- werr = uref_del_dest(sam_ctx, mem_ctx, dn, &req->dest_dsa_guid);
+ werr = uref_del_dest(b_state->sam_ctx, mem_ctx, dn, &req->dest_dsa_guid);
if (!W_ERROR_IS_OK(werr)) {
DEBUG(0,("Failed to delete repsTo for %s\n",
GUID_string(dce_call, &req->dest_dsa_guid)));
@@ -161,7 +156,7 @@ WERROR dcesrv_drsuapi_DsReplicaUpdateRefs(struct dcesrv_call_state *dce_call, TA
dest.source_dsa_obj_guid = req->dest_dsa_guid;
dest.replica_flags = req->options;
- werr = uref_add_dest(sam_ctx, mem_ctx, dn, &dest);
+ werr = uref_add_dest(b_state->sam_ctx, mem_ctx, dn, &dest);
if (!W_ERROR_IS_OK(werr)) {
DEBUG(0,("Failed to delete repsTo for %s\n",
GUID_string(dce_call, &dest.source_dsa_obj_guid)));
@@ -169,16 +164,14 @@ WERROR dcesrv_drsuapi_DsReplicaUpdateRefs(struct dcesrv_call_state *dce_call, TA
}
}
- if (ldb_transaction_commit(sam_ctx) != LDB_SUCCESS) {
+ if (ldb_transaction_commit(b_state->sam_ctx) != LDB_SUCCESS) {
DEBUG(0,(__location__ ": Failed to commit transaction on samdb\n"));
return WERR_DS_DRA_INTERNAL_ERROR;
}
- talloc_free(sam_ctx);
return WERR_OK;
failed:
- ldb_transaction_cancel(sam_ctx);
- talloc_free(sam_ctx);
+ ldb_transaction_cancel(b_state->sam_ctx);
return werr;
}