diff options
-rw-r--r-- | source4/dsdb/samdb/cracknames.c | 63 | ||||
-rw-r--r-- | source4/dsdb/samdb/samdb.c | 13 |
2 files changed, 44 insertions, 32 deletions
diff --git a/source4/dsdb/samdb/cracknames.c b/source4/dsdb/samdb/cracknames.c index aa4b2fe121..991ccfca03 100644 --- a/source4/dsdb/samdb/cracknames.c +++ b/source4/dsdb/samdb/cracknames.c @@ -632,7 +632,7 @@ static WERROR DsCrackNameOneFilter(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ const char * const _result_attrs_canonical[] = { "canonicalName", NULL }; const char * const _domain_attrs_nt4[] = { "ncName", "dnsRoot", "nETBIOSName", NULL}; - const char * const _result_attrs_nt4[] = { "sAMAccountName", "objectSid", NULL}; + const char * const _result_attrs_nt4[] = { "sAMAccountName", "objectSid", "objectClass", NULL}; const char * const _domain_attrs_guid[] = { "ncName", "dnsRoot", NULL}; const char * const _result_attrs_guid[] = { "objectGUID", NULL}; @@ -786,15 +786,11 @@ static WERROR DsCrackNameOneFilter(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ result->dn, name, info1); } case DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT: { + const struct dom_sid *sid = samdb_result_dom_sid(mem_ctx, result, "objectSid"); const char *_acc = "", *_dom = ""; - if (!sid || (sid->num_auths < 4) || (sid->num_auths > 5)) { - info1->status = DRSUAPI_DS_NAME_STATUS_NO_MAPPING; - return WERR_OK; - } - - if (sid->num_auths == 4) { + if (samdb_find_attribute(sam_ctx, result, "objectClass", "domain")) { ldb_ret = gendb_search(sam_ctx, mem_ctx, partitions_basedn, &domain_res, domain_attrs, "(ncName=%s)", ldb_dn_get_linearized(result->dn)); if (ldb_ret != 1) { @@ -803,33 +799,38 @@ static WERROR DsCrackNameOneFilter(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ } _dom = samdb_result_string(domain_res[0], "nETBIOSName", NULL); W_ERROR_HAVE_NO_MEMORY(_dom); - - } else if (sid->num_auths == 5) { - const char *attrs[] = { NULL }; - struct ldb_message **domain_res2; - struct dom_sid *dom_sid = dom_sid_dup(mem_ctx, sid); - if (!dom_sid) { - return WERR_OK; - } - dom_sid->num_auths--; - ldb_ret = gendb_search(sam_ctx, mem_ctx, NULL, &domain_res, attrs, - "(&(objectSid=%s)(objectClass=domain))", ldap_encode_ndr_dom_sid(mem_ctx, dom_sid)); - if (ldb_ret != 1) { - info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND; + } else { + _acc = samdb_result_string(result, "sAMAccountName", NULL); + if (!_acc) { + info1->status = DRSUAPI_DS_NAME_STATUS_NO_MAPPING; return WERR_OK; } - ldb_ret = gendb_search(sam_ctx, mem_ctx, partitions_basedn, &domain_res2, domain_attrs, - "(ncName=%s)", ldb_dn_get_linearized(domain_res[0]->dn)); - if (ldb_ret != 1) { - info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND; - return WERR_OK; + if (dom_sid_in_domain(dom_sid_parse_talloc(mem_ctx, SID_BUILTIN), sid)) { + _dom = "BUILTIN"; + } else { + const char *attrs[] = { NULL }; + struct ldb_message **domain_res2; + struct dom_sid *dom_sid = dom_sid_dup(mem_ctx, sid); + if (!dom_sid) { + return WERR_OK; + } + dom_sid->num_auths--; + ldb_ret = gendb_search(sam_ctx, mem_ctx, NULL, &domain_res, attrs, + "(&(objectSid=%s)(objectClass=domain))", ldap_encode_ndr_dom_sid(mem_ctx, dom_sid)); + if (ldb_ret != 1) { + info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND; + return WERR_OK; + } + ldb_ret = gendb_search(sam_ctx, mem_ctx, partitions_basedn, &domain_res2, domain_attrs, + "(ncName=%s)", ldb_dn_get_linearized(domain_res[0]->dn)); + if (ldb_ret != 1) { + info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND; + return WERR_OK; + } + + _dom = samdb_result_string(domain_res2[0], "nETBIOSName", NULL); + W_ERROR_HAVE_NO_MEMORY(_dom); } - - _dom = samdb_result_string(domain_res2[0], "nETBIOSName", NULL); - W_ERROR_HAVE_NO_MEMORY(_dom); - - _acc = samdb_result_string(result, "sAMAccountName", NULL); - W_ERROR_HAVE_NO_MEMORY(_acc); } info1->result_name = talloc_asprintf(mem_ctx, "%s\\%s", _dom, _acc); diff --git a/source4/dsdb/samdb/samdb.c b/source4/dsdb/samdb/samdb.c index 19c6ed773d..e5eafb9188 100644 --- a/source4/dsdb/samdb/samdb.c +++ b/source4/dsdb/samdb/samdb.c @@ -632,21 +632,32 @@ struct ldb_message_element *samdb_find_attribute(struct ldb_context *ldb, { int i; struct ldb_message_element *el = ldb_msg_find_element(msg, name); + const struct ldb_schema_attribute *a; struct ldb_val v; + TALLOC_CTX *tmp_ctx = talloc_new(ldb); + if (!tmp_ctx) { + return NULL; + } + v.data = discard_const_p(uint8_t, value); v.length = strlen(value); if (!el) { + talloc_free(tmp_ctx); return NULL; } + a = ldb_schema_attribute_by_name(ldb, name); + for (i=0;i<el->num_values;i++) { - if (strcasecmp(value, (char *)el->values[i].data) == 0) { + if (a->syntax->comparison_fn(ldb, tmp_ctx, &el->values[i], &v) == 0) { + talloc_free(tmp_ctx); return el; } } + talloc_free(tmp_ctx); return NULL; } |