r816: - Make use of tridge's new samdb_result_sid_prefix() helper function.

 - Remove legacy sid_to_string (which contained a memleak)

 - Remove some unused parts of lib/util_sid.c

Andrew Bartlett
(This used to be commit 7c69a85984e47c004ddfd9bb5eadcb3191b56f9d)

5 files changed, 29 insertions, 109 deletions

diff --git a/source4/auth/auth_sam.c b/source4/auth/auth_sam.c
index 3c35031643..1c33b26528 100644
--- a/source4/auth/auth_sam.c
+++ b/source4/auth/auth_sam.c
@@ -183,14 +183,13 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
 	uint_t ret_domain;
 
 	const char *domain_dn;
+	const char *domain_sid;
 
 	NTSTATUS nt_status;
 	DATA_BLOB user_sess_key = data_blob(NULL, 0);
 	DATA_BLOB lm_sess_key = data_blob(NULL, 0);
 	uint8 *lm_pwd, *nt_pwd;
 
-	struct dom_sid *domain_sid;
-
 	const char *attrs[] = {"unicodePwd", "lmPwdHash", "ntPwdHash", 
 			       "userAccountControl",
 			       "pwdLastSet",
@@ -228,28 +227,27 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
 		return NT_STATUS_INTERNAL_DB_CORRUPTION;
 	}
 	
-	domain_sid = dom_sid_parse_talloc(mem_ctx, samdb_result_string(msgs[0], "objectSid", NULL));
+	domain_sid = samdb_result_sid_prefix(mem_ctx, msgs[0], "objectSid");
 	if (!domain_sid) {
 		samdb_close(sam_ctx);
 		return NT_STATUS_INTERNAL_DB_CORRUPTION;
 	}
 
-	sid_split_rid(domain_sid, NULL);
-
 	/* find the domain's DN */
 	ret_domain = samdb_search(sam_ctx, mem_ctx, NULL, &msgs_domain, domain_attrs,
 			   "(&(objectSid=%s)(objectclass=domain))", 
-			   dom_sid_string(mem_ctx, domain_sid));
+			   domain_sid);
 
 	if (ret_domain == 0) {
 		DEBUG(3,("check_sam_security: Couldn't find domain [%s] in passdb file.\n", 
-			 dom_sid_string(mem_ctx, domain_sid)));
+			 domain_sid));
 		samdb_close(sam_ctx);
 		return NT_STATUS_NO_SUCH_USER;
 	}
 
 	if (ret_domain > 1) {
-		DEBUG(1,("Found %d records matching domain [%s]\n", ret_domain, dom_sid_string(mem_ctx, domain_sid)));
+		DEBUG(1,("Found %d records matching domain [%s]\n", 
+			 ret_domain, domain_sid));
 		samdb_close(sam_ctx);
 		return NT_STATUS_INTERNAL_DB_CORRUPTION;
 	}
diff --git a/source4/auth/auth_util.c b/source4/auth/auth_util.c
index e72368132a..17d864b718 100644
--- a/source4/auth/auth_util.c
+++ b/source4/auth/auth_util.c
@@ -390,7 +390,8 @@ BOOL make_user_info_guest(auth_usersupplied_info **user_info)
 
 void debug_nt_user_token(int dbg_class, int dbg_lev, NT_USER_TOKEN *token)
 {
-	fstring sid_str;
+	TALLOC_CTX *mem_ctx;
+
 	size_t     i;
 	
 	if (!token) {
@@ -398,12 +399,19 @@ void debug_nt_user_token(int dbg_class, int dbg_lev, NT_USER_TOKEN *token)
 		return;
 	}
 	
+	mem_ctx = talloc_init("debug_nt_user_token()");
+	if (!mem_ctx) {
+		return;
+	}
+
 	DEBUGC(dbg_class, dbg_lev, ("NT user token of user %s\n",
-				    sid_to_string(sid_str, token->user_sids[0]) ));
+				    dom_sid_string(mem_ctx, token->user_sids[0]) ));
 	DEBUGADDC(dbg_class, dbg_lev, ("contains %lu SIDs\n", (unsigned long)token->num_sids));
 	for (i = 0; i < token->num_sids; i++)
 		DEBUGADDC(dbg_class, dbg_lev, ("SID[%3lu]: %s\n", (unsigned long)i, 
-					       sid_to_string(sid_str, token->user_sids[i])));
+					       dom_sid_string(mem_ctx, token->user_sids[i])));
+
+	talloc_destroy(mem_ctx);
 }
 
 /****************************************************************************
diff --git a/source4/lib/util_sid.c b/source4/lib/util_sid.c
index 6f63e25c5d..5ce72a6f51 100644
--- a/source4/lib/util_sid.c
+++ b/source4/lib/util_sid.c
@@ -143,76 +143,6 @@ void generate_wellknown_sids(void)
 	initialised = True;
 }
 
-/**************************************************************************
- Splits a name of format \DOMAIN\name or name into its two components.
- Sets the DOMAIN name to lp_netbios_name() if it has not been specified.
-***************************************************************************/
-
-void split_domain_name(const char *fullname, char *domain, char *name)
-{
-	pstring full_name;
-	const char *sep;
-	char *p;
-
-	sep = lp_winbind_separator();
-
-	*domain = *name = '\0';
-
-	if (fullname[0] == sep[0] || fullname[0] == '\\')
-		fullname++;
-
-	pstrcpy(full_name, fullname);
-	p = strchr_m(full_name+1, '\\');
-	if (!p) p = strchr_m(full_name+1, sep[0]);
-
-	if (p != NULL) {
-		*p = 0;
-		fstrcpy(domain, full_name);
-		fstrcpy(name, p+1);
-	} else {
-		fstrcpy(domain, lp_netbios_name());
-		fstrcpy(name, full_name);
-	}
-
-	DEBUG(10,("split_domain_name:name '%s' split into domain :'%s' and user :'%s'\n",
-			fullname, domain, name));
-}
-
-/*****************************************************************
- Convert a SID to an ascii string.
-*****************************************************************/
-
-char *sid_to_string(fstring sidstr_out, const struct dom_sid *sid)
-{
-	char *tmp_string;
-	TALLOC_CTX *mem_ctx;
-	if (!(mem_ctx = talloc_init("sid_to_string temp context"))) {
-		return NULL;
-	}
-
-	tmp_string = dom_sid_string(mem_ctx, sid);
-	if (!tmp_string)
-		return NULL;
-	
-	fstrcpy(sidstr_out, tmp_string);
-	return sidstr_out;
-}
-
-/*****************************************************************
- Removes the last rid from the end of a sid
-*****************************************************************/  
-
-BOOL sid_split_rid(struct dom_sid *sid, uint32 *rid)
-{
-	if (sid->num_auths > 0) {
-		sid->num_auths--;
-		if (rid) 
-			*rid = sid->sub_auths[sid->num_auths];
-		return True;
-	}
-	return False;
-}
-
 /*****************************************************************
  Return the last rid from the end of a sid
 *****************************************************************/  
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index 853a8b39e9..1dab39ebc1 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -332,14 +332,13 @@ static NTSTATUS netr_ServerPasswordSet(struct dcesrv_call_state *dce_call, TALLO
 	int num_records;
 	int num_records_domain;
 	int ret;
-	int i;
 	struct ldb_message **msgs;
 	struct ldb_message **msgs_domain;
 	NTSTATUS nt_status;
 	struct samr_Hash newNtHash;
 	struct ldb_message mod, *msg_set_pw = &mod;
 	const char *domain_dn;
-	struct dom_sid *domain_sid;
+	const char *domain_sid;
 
 	const char *attrs[] = {"objectSid", NULL 
 	};
@@ -379,32 +378,28 @@ static NTSTATUS netr_ServerPasswordSet(struct dcesrv_call_state *dce_call, TALLO
 		return NT_STATUS_INTERNAL_DB_CORRUPTION;
 	}
 
-	domain_sid = dom_sid_parse_talloc(mem_ctx, 
-					  samdb_result_string(msgs[0], 
-							      "objectSid", 
-							      NULL));
+	domain_sid = samdb_result_sid_prefix(mem_ctx, msgs[0], "objectSid");
 	if (!domain_sid) {
 		samdb_close(sam_ctx);
 		return NT_STATUS_INTERNAL_DB_CORRUPTION;
 	}
 
-	sid_split_rid(domain_sid, NULL);
-
 	/* find the domain's DN */
 	num_records_domain = samdb_search(sam_ctx, mem_ctx, NULL, 
 					  &msgs_domain, domain_attrs,
 					  "(&(objectSid=%s)(objectclass=domain))", 
-					  dom_sid_string(mem_ctx, domain_sid));
+					  domain_sid);
 
 	if (num_records_domain == 0) {
 		DEBUG(3,("check_sam_security: Couldn't find domain [%s] in passdb file.\n", 
-			 dom_sid_string(mem_ctx, domain_sid)));
+			 domain_sid));
 		samdb_close(sam_ctx);
 		return NT_STATUS_NO_SUCH_USER;
 	}
 
 	if (num_records_domain > 1) {
-		DEBUG(1,("Found %d records matching domain [%s]\n", num_records_domain, dom_sid_string(mem_ctx, domain_sid)));
+		DEBUG(1,("Found %d records matching domain [%s]\n", 
+			 num_records_domain, domain_sid));
 		samdb_close(sam_ctx);
 		return NT_STATUS_INTERNAL_DB_CORRUPTION;
 	}
@@ -435,15 +430,7 @@ static NTSTATUS netr_ServerPasswordSet(struct dcesrv_call_state *dce_call, TALLO
 		return nt_status;
 	}
 
-	/* mark all the message elements as LDB_FLAG_MOD_REPLACE, 
-	   unless they are already marked with some other flag */
-	for (i=0;i<mod.num_elements;i++) {
-		if (mod.elements[i].flags == 0) {
-			mod.elements[i].flags = LDB_FLAG_MOD_REPLACE;
-		}
-	}
-
-	ret = samdb_modify(sam_ctx, mem_ctx, msg_set_pw);
+	ret = samdb_replace(sam_ctx, mem_ctx, msg_set_pw);
 	if (ret != 0) {
 		/* we really need samdb.c to return NTSTATUS */
 
diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c
index 50e4dd36d4..524af42e01 100644
--- a/source4/torture/rpc/netlogon.c
+++ b/source4/torture/rpc/netlogon.c
@@ -1050,15 +1050,12 @@ static BOOL test_SetPassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
 		printf("Credential chaining failed\n");
 	}
 
-	password = generate_random_str(mem_ctx, 8);
-	E_md4hash(password, r.in.new_password.data);
-
-	creds_des_encrypt(&creds, &r.in.new_password);
-
-	/* by changing the machine password twice we test the credentials
-	   chaining fully */
+	/* by changing the machine password twice we test the
+	   credentials chaining fully, and we verify that the server
+	   allows the password to be set to the same value twice in a
+	   row (match win2k3) */
 	printf("Testing a second ServerPasswordSet on machine account\n");
-	printf("Changing machine account password to '%s'\n", password);
+	printf("Changing machine account password to '%s' (same as pervsious run)\n", password);
 
 	creds_client_authenticator(&creds, &r.in.credential);