diff options
| -rw-r--r-- | source4/auth/ntlm/auth_sam.c | 10 | ||||
| -rw-r--r-- | source4/dsdb/common/util.c | 83 | ||||
| -rw-r--r-- | source4/dsdb/common/util.h | 1 | ||||
| -rw-r--r-- | source4/dsdb/kcc/kcc_connection.c | 6 | ||||
| -rw-r--r-- | source4/dsdb/kcc/kcc_drs_replica_info.c | 19 |
5 files changed, 86 insertions, 33 deletions
diff --git a/source4/auth/ntlm/auth_sam.c b/source4/auth/ntlm/auth_sam.c index baa95f7380..f476e1c3b2 100644 --- a/source4/auth/ntlm/auth_sam.c +++ b/source4/auth/ntlm/auth_sam.c @@ -28,6 +28,7 @@ #include "auth/ntlm/auth_proto.h" #include "auth/auth_sam.h" #include "dsdb/samdb/samdb.h" +#include "dsdb/common/util.h" #include "param/param.h" extern const char *user_attrs[]; @@ -45,10 +46,11 @@ static NTSTATUS authsam_search_account(TALLOC_CTX *mem_ctx, struct ldb_context * int ret; /* pull the user attributes */ - ret = gendb_search_single_extended_dn(sam_ctx, mem_ctx, domain_dn, LDB_SCOPE_SUBTREE, - ret_msg, user_attrs, - "(&(sAMAccountName=%s)(objectclass=user))", - ldb_binary_encode_string(mem_ctx, account_name)); + ret = dsdb_search_one(sam_ctx, mem_ctx, ret_msg, domain_dn, LDB_SCOPE_SUBTREE, + user_attrs, + DSDB_SEARCH_SHOW_EXTENDED_DN, + "(&(sAMAccountName=%s)(objectclass=user))", + ldb_binary_encode_string(mem_ctx, account_name)); if (ret == LDB_ERR_NO_SUCH_OBJECT) { DEBUG(3,("sam_search_user: Couldn't find user [%s] in samdb, under %s\n", account_name, ldb_dn_get_linearized(domain_dn))); diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c index 6f4129e9a0..2031aa9def 100644 --- a/source4/dsdb/common/util.c +++ b/source4/dsdb/common/util.c @@ -2237,28 +2237,26 @@ struct ldb_dn *samdb_domain_to_dn(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, */ int dsdb_find_dn_by_guid(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, - const char *guid_str, struct ldb_dn **dn) + const struct GUID *guid, struct ldb_dn **dn) { int ret; struct ldb_result *res; const char *attrs[] = { NULL }; + char *guid_str = GUID_string(mem_ctx, guid); + + if (!guid_str) { + return LDB_ERR_OPERATIONS_ERROR; + } ret = dsdb_search(ldb, mem_ctx, &res, NULL, LDB_SCOPE_SUBTREE, attrs, DSDB_SEARCH_SEARCH_ALL_PARTITIONS | - DSDB_SEARCH_SHOW_EXTENDED_DN, + DSDB_SEARCH_SHOW_EXTENDED_DN | + DSDB_SEARCH_ONE_ONLY, "objectGUID=%s", guid_str); + talloc_free(guid_str); if (ret != LDB_SUCCESS) { return ret; } - if (res->count == 0) { - talloc_free(res); - return LDB_ERR_NO_SUCH_OBJECT; - } - if (res->count != 1) { - DEBUG(1,(__location__ ": found %u records with GUID %s\n", res->count, guid_str)); - talloc_free(res); - return LDB_ERR_OPERATIONS_ERROR; - } *dn = talloc_steal(mem_ctx, res->msgs[0]->dn); talloc_free(res); @@ -3438,8 +3436,71 @@ int dsdb_search(struct ldb_context *ldb, return ret; } + if (dsdb_flags & DSDB_SEARCH_ONE_ONLY) { + if (res->count == 0) { + talloc_free(tmp_ctx); + return LDB_ERR_NO_SUCH_OBJECT; + } + if (res->count != 1) { + talloc_free(tmp_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + } + *_res = talloc_steal(mem_ctx, res); talloc_free(tmp_ctx); return LDB_SUCCESS; } + + +/* + general search with dsdb_flags for controls + returns exactly 1 record or an error + */ +int dsdb_search_one(struct ldb_context *ldb, + TALLOC_CTX *mem_ctx, + struct ldb_message **msg, + struct ldb_dn *basedn, + enum ldb_scope scope, + const char * const *attrs, + uint32_t dsdb_flags, + const char *exp_fmt, ...) _PRINTF_ATTRIBUTE(8, 9) +{ + int ret; + struct ldb_result *res; + va_list ap; + char *expression = NULL; + TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); + + dsdb_flags |= DSDB_SEARCH_ONE_ONLY; + + res = talloc_zero(tmp_ctx, struct ldb_result); + if (!res) { + talloc_free(tmp_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + + if (exp_fmt) { + va_start(ap, exp_fmt); + expression = talloc_vasprintf(tmp_ctx, exp_fmt, ap); + va_end(ap); + + if (!expression) { + talloc_free(tmp_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + } + + ret = dsdb_search(ldb, tmp_ctx, &res, basedn, scope, attrs, + dsdb_flags, "%s", expression); + if (ret != LDB_SUCCESS) { + talloc_free(tmp_ctx); + return ret; + } + + *msg = talloc_steal(mem_ctx, res->msgs[0]); + talloc_free(tmp_ctx); + + return LDB_SUCCESS; +} diff --git a/source4/dsdb/common/util.h b/source4/dsdb/common/util.h index e80fdd8216..53ffdc4d31 100644 --- a/source4/dsdb/common/util.h +++ b/source4/dsdb/common/util.h @@ -31,3 +31,4 @@ #define DSDB_MODIFY_RELAX 0x0020 #define DSDB_MODIFY_PERMISSIVE 0x0040 #define DSDB_FLAG_AS_SYSTEM 0x0080 +#define DSDB_SEARCH_ONE_ONLY 0x0020 /* give an error unless 1 record */ diff --git a/source4/dsdb/kcc/kcc_connection.c b/source4/dsdb/kcc/kcc_connection.c index 73198040c4..d0d549dc1f 100644 --- a/source4/dsdb/kcc/kcc_connection.c +++ b/source4/dsdb/kcc/kcc_connection.c @@ -65,8 +65,7 @@ static int kccsrv_add_connection(struct kccsrv_service *s, ret = LDB_ERR_INVALID_DN_SYNTAX; goto done; } - ret = dsdb_find_dn_by_guid(s->samdb, tmp_ctx, GUID_string(tmp_ctx, - &conn->dsa_guid), &server_dn); + ret = dsdb_find_dn_by_guid(s->samdb, tmp_ctx, &conn->dsa_guid, &server_dn); if (ret != LDB_SUCCESS) { DEBUG(0, ("failed to find fromServer DN '%s'\n", GUID_string(tmp_ctx, &conn->dsa_guid))); @@ -105,8 +104,7 @@ static int kccsrv_delete_connection(struct kccsrv_service *s, int ret; tmp_ctx = talloc_new(s); - ret = dsdb_find_dn_by_guid(s->samdb, tmp_ctx, - GUID_string(tmp_ctx, &conn->obj_guid), &dn); + ret = dsdb_find_dn_by_guid(s->samdb, tmp_ctx, &conn->obj_guid, &dn); if (ret != LDB_SUCCESS) { DEBUG(0, ("failed to find nTDSConnection's DN: %s\n", ldb_strerror(ret))); diff --git a/source4/dsdb/kcc/kcc_drs_replica_info.c b/source4/dsdb/kcc/kcc_drs_replica_info.c index da89a470a3..c35664905f 100644 --- a/source4/dsdb/kcc/kcc_drs_replica_info.c +++ b/source4/dsdb/kcc/kcc_drs_replica_info.c @@ -254,7 +254,6 @@ static WERROR fill_neighbor_from_repsFrom(TALLOC_CTX *mem_ctx, { struct ldb_dn *source_dsa_dn; int ret; - char *dsa_guid_str; struct ldb_dn *transport_obj_dn = NULL; neigh->source_dsa_address = reps_from->other_info->dns_name1; @@ -262,13 +261,11 @@ static WERROR fill_neighbor_from_repsFrom(TALLOC_CTX *mem_ctx, neigh->last_attempt = reps_from->last_attempt; neigh->source_dsa_obj_guid = reps_from->source_dsa_obj_guid; - dsa_guid_str = GUID_string(mem_ctx, &reps_from->source_dsa_obj_guid); - W_ERROR_HAVE_NO_MEMORY(dsa_guid_str); - ret = dsdb_find_dn_by_guid(samdb, mem_ctx, dsa_guid_str, &source_dsa_dn); + ret = dsdb_find_dn_by_guid(samdb, mem_ctx, &reps_from->source_dsa_obj_guid, &source_dsa_dn); if (ret != LDB_SUCCESS) { DEBUG(0,(__location__ ": Failed to find DN for neighbor GUID %s\n", - dsa_guid_str)); + GUID_string(mem_ctx, &reps_from->source_dsa_obj_guid))); return WERR_DS_DRA_INTERNAL_ERROR; } @@ -281,9 +278,7 @@ static WERROR fill_neighbor_from_repsFrom(TALLOC_CTX *mem_ctx, } if (!GUID_all_zero(&reps_from->transport_guid)) { - char *transp_guid_str = GUID_string(mem_ctx, &reps_from->transport_guid); - W_ERROR_HAVE_NO_MEMORY(transp_guid_str); - if (dsdb_find_dn_by_guid(samdb, mem_ctx, transp_guid_str, + if (dsdb_find_dn_by_guid(samdb, mem_ctx, &reps_from->transport_guid, &transport_obj_dn) != LDB_SUCCESS) { return WERR_DS_DRA_INTERNAL_ERROR; @@ -391,7 +386,6 @@ static WERROR fill_neighbor_from_repsTo(TALLOC_CTX *mem_ctx, struct drsuapi_DsReplicaNeighbour *neigh, struct repsFromTo2 *reps_to) { - char *dsa_guid_str; int ret; struct ldb_dn *source_dsa_dn; @@ -400,13 +394,10 @@ static WERROR fill_neighbor_from_repsTo(TALLOC_CTX *mem_ctx, neigh->last_attempt = reps_to->last_attempt; neigh->source_dsa_obj_guid = reps_to->source_dsa_obj_guid; - dsa_guid_str = GUID_string(mem_ctx, &reps_to->source_dsa_obj_guid); - W_ERROR_HAVE_NO_MEMORY(dsa_guid_str); - - ret = dsdb_find_dn_by_guid(samdb, mem_ctx, dsa_guid_str, &source_dsa_dn); + ret = dsdb_find_dn_by_guid(samdb, mem_ctx, &reps_to->source_dsa_obj_guid, &source_dsa_dn); if (ret != LDB_SUCCESS) { DEBUG(0,(__location__ ": Failed to find DN for neighbor GUID %s\n", - dsa_guid_str)); + GUID_string(mem_ctx, &reps_to->source_dsa_obj_guid))); return WERR_DS_DRA_INTERNAL_ERROR; } |