summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2008-09-08 12:46:04 +1000
committerAndrew Bartlett <abartlet@samba.org>2008-09-08 12:46:04 +1000
commitdadd59ba401943d0cf5e4d07959456b70a3c11d9 (patch)
tree48da338e285f9319e08fbcd71ddc4bc5ad85273e /source4
parentc222f8196ab018c53579ceb3ffeeb1a9b3e77b6b (diff)
downloadsamba-dadd59ba401943d0cf5e4d07959456b70a3c11d9.tar.gz
samba-dadd59ba401943d0cf5e4d07959456b70a3c11d9.tar.bz2
samba-dadd59ba401943d0cf5e4d07959456b70a3c11d9.zip
Simplfy SetSecrets behaviour in line with RPC-LSA and Win2008.
(This used to be commit 07cb8db799cc22685af4bb63285fa10115790ce1)
Diffstat (limited to 'source4')
-rw-r--r--source4/rpc_server/lsa/dcesrv_lsa.c115
1 files changed, 64 insertions, 51 deletions
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index 69061ee092..a1ca3b4a46 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -2018,7 +2018,9 @@ static NTSTATUS dcesrv_lsa_CreateSecret(struct dcesrv_call_state *dce_call, TALL
if (strncmp("G$", r->in.name.string, 2) == 0) {
const char *name2;
name = &r->in.name.string[2];
- secret_state->sam_ldb = talloc_reference(secret_state, policy_state->sam_ldb);
+ /* We need to connect to the database as system, as this is one of the rare RPC calls that must read the secrets (and this is denied otherwise) */
+ secret_state->sam_ldb = talloc_reference(secret_state,
+ samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, system_session(secret_state, dce_call->conn->dce_ctx->lp_ctx)));
secret_state->global = true;
if (strlen(name) < 1) {
@@ -2162,7 +2164,9 @@ static NTSTATUS dcesrv_lsa_OpenSecret(struct dcesrv_call_state *dce_call, TALLOC
if (strncmp("G$", r->in.name.string, 2) == 0) {
name = &r->in.name.string[2];
- secret_state->sam_ldb = talloc_reference(secret_state, policy_state->sam_ldb);
+ /* We need to connect to the database as system, as this is one of the rare RPC calls that must read the secrets (and this is denied otherwise) */
+ secret_state->sam_ldb = talloc_reference(secret_state,
+ samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, system_session(secret_state, dce_call->conn->dce_ctx->lp_ctx)));
secret_state->global = true;
if (strlen(name) < 1) {
@@ -2291,16 +2295,60 @@ static NTSTATUS dcesrv_lsa_SetSecret(struct dcesrv_call_state *dce_call, TALLOC_
return NT_STATUS_NO_MEMORY;
}
- if (!r->in.new_val) {
- /* set old value mtime */
- if (samdb_msg_add_uint64(secret_state->sam_ldb,
- mem_ctx, msg, "lastSetTime", nt_now) != 0) {
+ } else {
+ /* If the old value is not set, then migrate the
+ * current value to the old value */
+ const struct ldb_val *old_val;
+ NTTIME last_set_time;
+ struct ldb_message **res;
+ const char *attrs[] = {
+ "currentValue",
+ "lastSetTime",
+ NULL
+ };
+
+ /* search for the secret record */
+ ret = gendb_search_dn(secret_state->sam_ldb,mem_ctx,
+ secret_state->secret_dn, &res, attrs);
+ if (ret == 0) {
+ return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+ }
+
+ if (ret != 1) {
+ DEBUG(0,("Found %d records matching dn=%s\n", ret,
+ ldb_dn_get_linearized(secret_state->secret_dn)));
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ }
+
+ old_val = ldb_msg_find_ldb_val(res[0], "currentValue");
+ last_set_time = ldb_msg_find_attr_as_uint64(res[0], "lastSetTime", 0);
+
+ if (old_val) {
+ /* set old value */
+ if (samdb_msg_add_value(secret_state->sam_ldb,
+ mem_ctx, msg, "priorValue",
+ old_val) != 0) {
return NT_STATUS_NO_MEMORY;
}
+ } else {
if (samdb_msg_add_delete(secret_state->sam_ldb,
- mem_ctx, msg, "currentValue")) {
+ mem_ctx, msg, "priorValue")) {
return NT_STATUS_NO_MEMORY;
}
+
+ }
+
+ /* set old value mtime */
+ if (ldb_msg_find_ldb_val(res[0], "lastSetTime")) {
+ if (samdb_msg_add_uint64(secret_state->sam_ldb,
+ mem_ctx, msg, "priorSetTime", last_set_time) != 0) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ } else {
+ if (samdb_msg_add_uint64(secret_state->sam_ldb,
+ mem_ctx, msg, "priorSetTime", nt_now) != 0) {
+ return NT_STATUS_NO_MEMORY;
+ }
}
}
@@ -2329,50 +2377,15 @@ static NTSTATUS dcesrv_lsa_SetSecret(struct dcesrv_call_state *dce_call, TALLOC_
return NT_STATUS_NO_MEMORY;
}
- /* If the old value is not set, then migrate the
- * current value to the old value */
- if (!r->in.old_val) {
- const struct ldb_val *new_val;
- NTTIME last_set_time;
- struct ldb_message **res;
- const char *attrs[] = {
- "currentValue",
- "lastSetTime",
- NULL
- };
-
- /* search for the secret record */
- ret = gendb_search_dn(secret_state->sam_ldb,mem_ctx,
- secret_state->secret_dn, &res, attrs);
- if (ret == 0) {
- return NT_STATUS_OBJECT_NAME_NOT_FOUND;
- }
-
- if (ret != 1) {
- DEBUG(0,("Found %d records matching dn=%s\n", ret,
- ldb_dn_get_linearized(secret_state->secret_dn)));
- return NT_STATUS_INTERNAL_DB_CORRUPTION;
- }
-
- new_val = ldb_msg_find_ldb_val(res[0], "currentValue");
- last_set_time = ldb_msg_find_attr_as_uint64(res[0], "lastSetTime", 0);
-
- if (new_val) {
- /* set value */
- if (samdb_msg_add_value(secret_state->sam_ldb,
- mem_ctx, msg, "priorValue",
- new_val) != 0) {
- return NT_STATUS_NO_MEMORY;
- }
- }
-
- /* set new value mtime */
- if (ldb_msg_find_ldb_val(res[0], "lastSetTime")) {
- if (samdb_msg_add_uint64(secret_state->sam_ldb,
- mem_ctx, msg, "priorSetTime", last_set_time) != 0) {
- return NT_STATUS_NO_MEMORY;
- }
- }
+ } else {
+ /* NULL out the NEW value */
+ if (samdb_msg_add_uint64(secret_state->sam_ldb,
+ mem_ctx, msg, "lastSetTime", nt_now) != 0) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ if (samdb_msg_add_delete(secret_state->sam_ldb,
+ mem_ctx, msg, "currentValue")) {
+ return NT_STATUS_NO_MEMORY;
}
}