summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/rpc_server/lsa/dcesrv_lsa.c80
1 files changed, 41 insertions, 39 deletions
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index c1a997f281..05e0a5a184 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -759,11 +759,13 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc
int ret;
NTSTATUS nt_status;
enum ndr_err_code ndr_err;
+ struct ldb_context *sam_ldb;
DCESRV_PULL_HANDLE(policy_handle, r->in.policy_handle, LSA_HANDLE_POLICY);
ZERO_STRUCTP(r->out.trustdom_handle);
policy_state = policy_handle->data;
+ sam_ldb = policy_state->sam_ldb;
nt_status = dcesrv_fetch_session_key(dce_call->conn, &session_key);
if (!NT_STATUS_IS_OK(nt_status)) {
@@ -898,7 +900,7 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc
trustAuthOutgoing = data_blob(NULL, 0);
}
- ret = ldb_transaction_start(policy_state->sam_ldb);
+ ret = ldb_transaction_start(sam_ldb);
if (ret != LDB_SUCCESS) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
@@ -907,29 +909,29 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc
char *dns_encoded = ldb_binary_encode_string(mem_ctx, netbios_name);
char *netbios_encoded = ldb_binary_encode_string(mem_ctx, netbios_name);
/* search for the trusted_domain record */
- ret = gendb_search(policy_state->sam_ldb,
+ ret = gendb_search(sam_ldb,
mem_ctx, policy_state->system_dn, &msgs, attrs,
"(&(|(flatname=%s)(cn=%s)(trustPartner=%s)(flatname=%s)(cn=%s)(trustPartner=%s))(objectclass=trustedDomain))",
dns_encoded, dns_encoded, dns_encoded, netbios_encoded, netbios_encoded, netbios_encoded);
if (ret > 0) {
- ldb_transaction_cancel(policy_state->sam_ldb);
+ ldb_transaction_cancel(sam_ldb);
return NT_STATUS_OBJECT_NAME_COLLISION;
}
} else {
char *netbios_encoded = ldb_binary_encode_string(mem_ctx, netbios_name);
/* search for the trusted_domain record */
- ret = gendb_search(policy_state->sam_ldb,
+ ret = gendb_search(sam_ldb,
mem_ctx, policy_state->system_dn, &msgs, attrs,
"(&(|(flatname=%s)(cn=%s)(trustPartner=%s))(objectclass=trustedDomain))",
netbios_encoded, netbios_encoded, netbios_encoded);
if (ret > 0) {
- ldb_transaction_cancel(policy_state->sam_ldb);
+ ldb_transaction_cancel(sam_ldb);
return NT_STATUS_OBJECT_NAME_COLLISION;
}
}
if (ret < 0 ) {
- ldb_transaction_cancel(policy_state->sam_ldb);
+ ldb_transaction_cancel(sam_ldb);
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
@@ -942,45 +944,45 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc
msg->dn = ldb_dn_copy(mem_ctx, policy_state->system_dn);
if ( ! ldb_dn_add_child_fmt(msg->dn, "cn=%s", name)) {
- ldb_transaction_cancel(policy_state->sam_ldb);
+ ldb_transaction_cancel(sam_ldb);
return NT_STATUS_NO_MEMORY;
}
- samdb_msg_add_string(trusted_domain_state->policy->sam_ldb, mem_ctx, msg, "flatname", netbios_name);
+ samdb_msg_add_string(sam_ldb, mem_ctx, msg, "flatname", netbios_name);
if (r->in.info->sid) {
const char *sid_string = dom_sid_string(mem_ctx, r->in.info->sid);
if (!sid_string) {
- ldb_transaction_cancel(policy_state->sam_ldb);
+ ldb_transaction_cancel(sam_ldb);
return NT_STATUS_NO_MEMORY;
}
- samdb_msg_add_string(trusted_domain_state->policy->sam_ldb, mem_ctx, msg, "securityIdentifier", sid_string);
+ samdb_msg_add_string(sam_ldb, mem_ctx, msg, "securityIdentifier", sid_string);
}
- samdb_msg_add_string(trusted_domain_state->policy->sam_ldb, mem_ctx, msg, "objectClass", "trustedDomain");
+ samdb_msg_add_string(sam_ldb, mem_ctx, msg, "objectClass", "trustedDomain");
- samdb_msg_add_int(trusted_domain_state->policy->sam_ldb, mem_ctx, msg, "trustType", r->in.info->trust_type);
+ samdb_msg_add_int(sam_ldb, mem_ctx, msg, "trustType", r->in.info->trust_type);
- samdb_msg_add_int(trusted_domain_state->policy->sam_ldb, mem_ctx, msg, "trustAttributes", r->in.info->trust_attributes);
+ samdb_msg_add_int(sam_ldb, mem_ctx, msg, "trustAttributes", r->in.info->trust_attributes);
- samdb_msg_add_int(trusted_domain_state->policy->sam_ldb, mem_ctx, msg, "trustDirection", r->in.info->trust_direction);
+ samdb_msg_add_int(sam_ldb, mem_ctx, msg, "trustDirection", r->in.info->trust_direction);
if (dns_name) {
- samdb_msg_add_string(trusted_domain_state->policy->sam_ldb, mem_ctx, msg, "trustPartner", dns_name);
+ samdb_msg_add_string(sam_ldb, mem_ctx, msg, "trustPartner", dns_name);
}
if (trustAuthIncoming.data) {
ret = ldb_msg_add_value(msg, "trustAuthIncoming", &trustAuthIncoming, NULL);
if (ret != LDB_SUCCESS) {
- ldb_transaction_cancel(policy_state->sam_ldb);
+ ldb_transaction_cancel(sam_ldb);
return NT_STATUS_NO_MEMORY;
}
}
if (trustAuthOutgoing.data) {
ret = ldb_msg_add_value(msg, "trustAuthOutgoing", &trustAuthOutgoing, NULL);
if (ret != LDB_SUCCESS) {
- ldb_transaction_cancel(policy_state->sam_ldb);
+ ldb_transaction_cancel(sam_ldb);
return NT_STATUS_NO_MEMORY;
}
}
@@ -988,34 +990,34 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc
trusted_domain_state->trusted_domain_dn = talloc_reference(trusted_domain_state, msg->dn);
/* create the trusted_domain */
- ret = ldb_add(trusted_domain_state->policy->sam_ldb, msg);
+ ret = ldb_add(sam_ldb, msg);
switch (ret) {
case LDB_SUCCESS:
break;
case LDB_ERR_ENTRY_ALREADY_EXISTS:
- ldb_transaction_cancel(trusted_domain_state->policy->sam_ldb);
+ ldb_transaction_cancel(sam_ldb);
DEBUG(0,("Failed to create trusted domain record %s: %s\n",
ldb_dn_get_linearized(msg->dn),
- ldb_errstring(trusted_domain_state->policy->sam_ldb)));
+ ldb_errstring(sam_ldb)));
return NT_STATUS_DOMAIN_EXISTS;
case LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS:
- ldb_transaction_cancel(trusted_domain_state->policy->sam_ldb);
+ ldb_transaction_cancel(sam_ldb);
DEBUG(0,("Failed to create trusted domain record %s: %s\n",
ldb_dn_get_linearized(msg->dn),
- ldb_errstring(trusted_domain_state->policy->sam_ldb)));
+ ldb_errstring(sam_ldb)));
return NT_STATUS_ACCESS_DENIED;
default:
- ldb_transaction_cancel(trusted_domain_state->policy->sam_ldb);
+ ldb_transaction_cancel(sam_ldb);
DEBUG(0,("Failed to create user record %s: %s\n",
ldb_dn_get_linearized(msg->dn),
- ldb_errstring(trusted_domain_state->policy->sam_ldb)));
+ ldb_errstring(sam_ldb)));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
if (r->in.info->trust_direction & LSA_TRUST_DIRECTION_INBOUND) {
msg_user = ldb_msg_new(mem_ctx);
if (msg_user == NULL) {
- ldb_transaction_cancel(trusted_domain_state->policy->sam_ldb);
+ ldb_transaction_cancel(sam_ldb);
return NT_STATUS_NO_MEMORY;
}
@@ -1024,12 +1026,12 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc
trusted_domain_state->trusted_domain_user_dn = msg_user->dn
= ldb_dn_copy(trusted_domain_state, policy_state->domain_dn);
if ( ! ldb_dn_add_child_fmt(msg_user->dn, "cn=users")) {
- ldb_transaction_cancel(policy_state->sam_ldb);
+ ldb_transaction_cancel(sam_ldb);
return NT_STATUS_NO_MEMORY;
}
if ( ! ldb_dn_add_child_fmt(msg_user->dn, "cn=%s", netbios_name)) {
- ldb_transaction_cancel(policy_state->sam_ldb);
+ ldb_transaction_cancel(sam_ldb);
return NT_STATUS_NO_MEMORY;
}
@@ -1038,10 +1040,10 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc
ldb_msg_add_steal_string(msg_user, "samAccountName",
talloc_asprintf(mem_ctx, "%s$", netbios_name));
- if (samdb_msg_add_uint(trusted_domain_state->policy->sam_ldb, mem_ctx, msg_user,
+ if (samdb_msg_add_uint(sam_ldb, mem_ctx, msg_user,
"userAccountControl",
UF_INTERDOMAIN_TRUST_ACCOUNT) != 0) {
- ldb_transaction_cancel(policy_state->sam_ldb);
+ ldb_transaction_cancel(sam_ldb);
return NT_STATUS_NO_MEMORY;
}
@@ -1049,7 +1051,7 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc
int i;
for (i=0; i < auth_struct.incoming.count; i++ ) {
if (auth_struct.incoming.current[i]->AuthType == TRUST_AUTH_TYPE_NT4OWF) {
- samdb_msg_add_hash(trusted_domain_state->policy->sam_ldb,
+ samdb_msg_add_hash(sam_ldb,
mem_ctx, msg_user, "unicodePwd",
&auth_struct.incoming.current[i]->AuthInfo.nt4owf.password);
} else if (auth_struct.incoming.current[i]->AuthType == TRUST_AUTH_TYPE_CLEAR) {
@@ -1057,7 +1059,7 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc
auth_struct.incoming.current[i]->AuthInfo.clear.size);
ret = ldb_msg_add_value(msg_user, "clearTextPassword", &new_password, NULL);
if (ret != LDB_SUCCESS) {
- ldb_transaction_cancel(policy_state->sam_ldb);
+ ldb_transaction_cancel(sam_ldb);
return NT_STATUS_NO_MEMORY;
}
}
@@ -1065,32 +1067,32 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc
}
/* create the cn=users trusted_domain account */
- ret = ldb_add(trusted_domain_state->policy->sam_ldb, msg_user);
+ ret = ldb_add(sam_ldb, msg_user);
switch (ret) {
case LDB_SUCCESS:
break;
case LDB_ERR_ENTRY_ALREADY_EXISTS:
- ldb_transaction_cancel(trusted_domain_state->policy->sam_ldb);
+ ldb_transaction_cancel(sam_ldb);
DEBUG(0,("Failed to create trusted domain record %s: %s\n",
ldb_dn_get_linearized(msg_user->dn),
- ldb_errstring(trusted_domain_state->policy->sam_ldb)));
+ ldb_errstring(sam_ldb)));
return NT_STATUS_DOMAIN_EXISTS;
case LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS:
- ldb_transaction_cancel(trusted_domain_state->policy->sam_ldb);
+ ldb_transaction_cancel(sam_ldb);
DEBUG(0,("Failed to create trusted domain record %s: %s\n",
ldb_dn_get_linearized(msg_user->dn),
- ldb_errstring(trusted_domain_state->policy->sam_ldb)));
+ ldb_errstring(sam_ldb)));
return NT_STATUS_ACCESS_DENIED;
default:
- ldb_transaction_cancel(trusted_domain_state->policy->sam_ldb);
+ ldb_transaction_cancel(sam_ldb);
DEBUG(0,("Failed to create user record %s: %s\n",
ldb_dn_get_linearized(msg_user->dn),
- ldb_errstring(trusted_domain_state->policy->sam_ldb)));
+ ldb_errstring(sam_ldb)));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
}
- ret = ldb_transaction_commit(policy_state->sam_ldb);
+ ret = ldb_transaction_commit(sam_ldb);
if (ret != LDB_SUCCESS) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}