summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/dsdb/samdb/cracknames.c63
-rw-r--r--source4/dsdb/samdb/samdb.c13
2 files changed, 44 insertions, 32 deletions
diff --git a/source4/dsdb/samdb/cracknames.c b/source4/dsdb/samdb/cracknames.c
index aa4b2fe121..991ccfca03 100644
--- a/source4/dsdb/samdb/cracknames.c
+++ b/source4/dsdb/samdb/cracknames.c
@@ -632,7 +632,7 @@ static WERROR DsCrackNameOneFilter(struct ldb_context *sam_ctx, TALLOC_CTX *mem_
const char * const _result_attrs_canonical[] = { "canonicalName", NULL };
const char * const _domain_attrs_nt4[] = { "ncName", "dnsRoot", "nETBIOSName", NULL};
- const char * const _result_attrs_nt4[] = { "sAMAccountName", "objectSid", NULL};
+ const char * const _result_attrs_nt4[] = { "sAMAccountName", "objectSid", "objectClass", NULL};
const char * const _domain_attrs_guid[] = { "ncName", "dnsRoot", NULL};
const char * const _result_attrs_guid[] = { "objectGUID", NULL};
@@ -786,15 +786,11 @@ static WERROR DsCrackNameOneFilter(struct ldb_context *sam_ctx, TALLOC_CTX *mem_
result->dn, name, info1);
}
case DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT: {
+
const struct dom_sid *sid = samdb_result_dom_sid(mem_ctx, result, "objectSid");
const char *_acc = "", *_dom = "";
- if (!sid || (sid->num_auths < 4) || (sid->num_auths > 5)) {
- info1->status = DRSUAPI_DS_NAME_STATUS_NO_MAPPING;
- return WERR_OK;
- }
-
- if (sid->num_auths == 4) {
+ if (samdb_find_attribute(sam_ctx, result, "objectClass", "domain")) {
ldb_ret = gendb_search(sam_ctx, mem_ctx, partitions_basedn, &domain_res, domain_attrs,
"(ncName=%s)", ldb_dn_get_linearized(result->dn));
if (ldb_ret != 1) {
@@ -803,33 +799,38 @@ static WERROR DsCrackNameOneFilter(struct ldb_context *sam_ctx, TALLOC_CTX *mem_
}
_dom = samdb_result_string(domain_res[0], "nETBIOSName", NULL);
W_ERROR_HAVE_NO_MEMORY(_dom);
-
- } else if (sid->num_auths == 5) {
- const char *attrs[] = { NULL };
- struct ldb_message **domain_res2;
- struct dom_sid *dom_sid = dom_sid_dup(mem_ctx, sid);
- if (!dom_sid) {
- return WERR_OK;
- }
- dom_sid->num_auths--;
- ldb_ret = gendb_search(sam_ctx, mem_ctx, NULL, &domain_res, attrs,
- "(&(objectSid=%s)(objectClass=domain))", ldap_encode_ndr_dom_sid(mem_ctx, dom_sid));
- if (ldb_ret != 1) {
- info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
+ } else {
+ _acc = samdb_result_string(result, "sAMAccountName", NULL);
+ if (!_acc) {
+ info1->status = DRSUAPI_DS_NAME_STATUS_NO_MAPPING;
return WERR_OK;
}
- ldb_ret = gendb_search(sam_ctx, mem_ctx, partitions_basedn, &domain_res2, domain_attrs,
- "(ncName=%s)", ldb_dn_get_linearized(domain_res[0]->dn));
- if (ldb_ret != 1) {
- info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
- return WERR_OK;
+ if (dom_sid_in_domain(dom_sid_parse_talloc(mem_ctx, SID_BUILTIN), sid)) {
+ _dom = "BUILTIN";
+ } else {
+ const char *attrs[] = { NULL };
+ struct ldb_message **domain_res2;
+ struct dom_sid *dom_sid = dom_sid_dup(mem_ctx, sid);
+ if (!dom_sid) {
+ return WERR_OK;
+ }
+ dom_sid->num_auths--;
+ ldb_ret = gendb_search(sam_ctx, mem_ctx, NULL, &domain_res, attrs,
+ "(&(objectSid=%s)(objectClass=domain))", ldap_encode_ndr_dom_sid(mem_ctx, dom_sid));
+ if (ldb_ret != 1) {
+ info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
+ return WERR_OK;
+ }
+ ldb_ret = gendb_search(sam_ctx, mem_ctx, partitions_basedn, &domain_res2, domain_attrs,
+ "(ncName=%s)", ldb_dn_get_linearized(domain_res[0]->dn));
+ if (ldb_ret != 1) {
+ info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
+ return WERR_OK;
+ }
+
+ _dom = samdb_result_string(domain_res2[0], "nETBIOSName", NULL);
+ W_ERROR_HAVE_NO_MEMORY(_dom);
}
-
- _dom = samdb_result_string(domain_res2[0], "nETBIOSName", NULL);
- W_ERROR_HAVE_NO_MEMORY(_dom);
-
- _acc = samdb_result_string(result, "sAMAccountName", NULL);
- W_ERROR_HAVE_NO_MEMORY(_acc);
}
info1->result_name = talloc_asprintf(mem_ctx, "%s\\%s", _dom, _acc);
diff --git a/source4/dsdb/samdb/samdb.c b/source4/dsdb/samdb/samdb.c
index 19c6ed773d..e5eafb9188 100644
--- a/source4/dsdb/samdb/samdb.c
+++ b/source4/dsdb/samdb/samdb.c
@@ -632,21 +632,32 @@ struct ldb_message_element *samdb_find_attribute(struct ldb_context *ldb,
{
int i;
struct ldb_message_element *el = ldb_msg_find_element(msg, name);
+ const struct ldb_schema_attribute *a;
struct ldb_val v;
+ TALLOC_CTX *tmp_ctx = talloc_new(ldb);
+ if (!tmp_ctx) {
+ return NULL;
+ }
+
v.data = discard_const_p(uint8_t, value);
v.length = strlen(value);
if (!el) {
+ talloc_free(tmp_ctx);
return NULL;
}
+ a = ldb_schema_attribute_by_name(ldb, name);
+
for (i=0;i<el->num_values;i++) {
- if (strcasecmp(value, (char *)el->values[i].data) == 0) {
+ if (a->syntax->comparison_fn(ldb, tmp_ctx, &el->values[i], &v) == 0) {
+ talloc_free(tmp_ctx);
return el;
}
}
+ talloc_free(tmp_ctx);
return NULL;
}