summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--source4/dsdb/samdb/samdb.c34
-rw-r--r--source4/rpc_server/lsa/dcesrv_lsa.c41
-rw-r--r--source4/rpc_server/samr/dcesrv_samr.c43
3 files changed, 69 insertions, 49 deletions
diff --git a/source4/dsdb/samdb/samdb.c b/source4/dsdb/samdb/samdb.c
index aed47d1ed2..717b72ded2 100644
--- a/source4/dsdb/samdb/samdb.c
+++ b/source4/dsdb/samdb/samdb.c
@@ -969,3 +969,37 @@ struct security_descriptor *samdb_default_security_descriptor(TALLOC_CTX *mem_ct
return sd;
}
+
+struct ldb_dn *samdb_base_dn(TALLOC_CTX *mem_ctx)
+{
+ TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+ int server_role = lp_server_role();
+ const char **split_realm;
+ struct ldb_dn *dn;
+
+ if (!tmp_ctx) {
+ return NULL;
+ }
+
+ if ((server_role == ROLE_DOMAIN_PDC)
+ || (server_role == ROLE_DOMAIN_BDC)) {
+ int i;
+ split_realm = str_list_make(tmp_ctx, lp_realm(), ".");
+ if (!split_realm) {
+ talloc_free(tmp_ctx);
+ return NULL;
+ }
+ dn = NULL;
+ i = str_list_length(split_realm);
+ i--;
+ for (; i >= 0; i--) {
+ dn = ldb_dn_build_child(tmp_ctx, "dc", split_realm[i], dn);
+ if (!dn) {
+ talloc_free(tmp_ctx);
+ return NULL;
+ }
+ }
+ return dn;
+ }
+ return ldb_dn_string_compose(mem_ctx, NULL, "cn=%s", lp_netbios_name());
+}
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index 55fc992080..2e3f42b272 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -240,9 +240,15 @@ static NTSTATUS lsa_get_policy_state(struct dcesrv_call_state *dce_call, TALLOC_
return NT_STATUS_INVALID_SYSTEM_SERVICE;
}
+ /* work out the domain_dn - useful for so many calls its worth
+ fetching here */
+ state->domain_dn = samdb_base_dn(state);
+ if (!state->domain_dn) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
ret_domain = gendb_search(state->sam_ldb, mem_ctx, NULL, &msgs_domain, domain_attrs,
- "(&(&(nETBIOSName=%s)(objectclass=crossRef))(ncName=*))",
- lp_workgroup());
+ "(&(objectclass=crossRef)(ncName=%s))", ldb_dn_linearize(mem_ctx, state->domain_dn));
if (ret_domain == -1) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
@@ -252,16 +258,9 @@ static NTSTATUS lsa_get_policy_state(struct dcesrv_call_state *dce_call, TALLOC_
return NT_STATUS_NO_SUCH_DOMAIN;
}
- /* work out the domain_dn - useful for so many calls its worth
- fetching here */
- state->domain_dn = samdb_result_dn(state, msgs_domain[0], "nCName", NULL);
- if (!state->domain_dn) {
- return NT_STATUS_NO_SUCH_DOMAIN;
- }
-
/* work out the builtin_dn - useful for so many calls its worth
fetching here */
- state->builtin_dn = samdb_search_dn(state->sam_ldb, mem_ctx, NULL, "objectClass=builtinDomain");
+ state->builtin_dn = samdb_search_dn(state->sam_ldb, mem_ctx, state->domain_dn, "(objectClass=builtinDomain)");
if (!state->builtin_dn) {
return NT_STATUS_NO_SUCH_DOMAIN;
}
@@ -1062,9 +1061,9 @@ static NTSTATUS lsa_authority_list(struct lsa_policy_state *state, TALLOC_CTX *m
}
domains->domains = talloc_realloc(domains,
- domains->domains,
- struct lsa_TrustInformation,
- domains->count+1);
+ domains->domains,
+ struct lsa_TrustInformation,
+ domains->count+1);
if (domains->domains == NULL) {
return NT_STATUS_NO_MEMORY;
}
@@ -1301,9 +1300,9 @@ static NTSTATUS lsa_OpenAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *
}
/* check it really exists */
- astate->account_dn = samdb_search_string(state->sam_ldb, astate,
- NULL, "(&(objectSid=%s)(objectClass=group))",
- ldap_encode_ndr_dom_sid(mem_ctx, astate->account_sid));
+ astate->account_dn = samdb_search_dn(state->sam_ldb, astate,
+ NULL, "(&(objectSid=%s)(objectClass=group))",
+ ldap_encode_ndr_dom_sid(mem_ctx, astate->account_sid));
if (astate->account_dn == NULL) {
talloc_free(astate);
return NT_STATUS_NO_SUCH_USER;
@@ -1446,7 +1445,6 @@ static NTSTATUS lsa_AddRemoveAccountRights(struct dcesrv_call_state *dce_call,
struct ldb_message *msg;
struct ldb_message_element el;
int i, ret;
- const char *dn;
struct lsa_EnumAccountRights r2;
sidstr = ldap_encode_ndr_dom_sid(mem_ctx, sid);
@@ -1459,14 +1457,9 @@ static NTSTATUS lsa_AddRemoveAccountRights(struct dcesrv_call_state *dce_call,
return NT_STATUS_NO_MEMORY;
}
- dn = samdb_search_dn(state->sam_ldb, mem_ctx, NULL, "objectSid=%s", sidstr);
- if (dn == NULL) {
- return NT_STATUS_NO_SUCH_USER;
- }
-
- msg->dn = ldb_dn_explode(mem_ctx, dn);
+ msg->dn = samdb_search_dn(state->sam_ldb, mem_ctx, NULL, "objectSid=%s", sidstr);
if (msg->dn == NULL) {
- return NT_STATUS_NO_MEMORY;
+ return NT_STATUS_NO_SUCH_USER;
}
if (ldb_msg_add_empty(state->sam_ldb, msg, "privilege", ldb_flag)) {
diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c
index aeea3a120c..249fb1c8a4 100644
--- a/source4/rpc_server/samr/dcesrv_samr.c
+++ b/source4/rpc_server/samr/dcesrv_samr.c
@@ -192,7 +192,7 @@ static NTSTATUS samr_LookupDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX
ret = gendb_search_dn(c_state->sam_ctx, mem_ctx,
samdb_result_dn(mem_ctx,
- ref_msgs[0], "ncName", NULL),
+ ref_msgs[0], "ncName", NULL),
&dom_msgs, dom_attrs);
}
@@ -319,34 +319,27 @@ static NTSTATUS samr_OpenDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *
ret = gendb_search(c_state->sam_ctx,
mem_ctx, NULL, &dom_msgs, dom_attrs,
- "(&(objectSid=%s)(&(objectclass=domain)(!(objectClass=builtinDomain))))",
+ "(&(objectSid=%s)(&(objectclass=domain)))",
ldap_encode_ndr_dom_sid(mem_ctx, r->in.sid));
- if (ret == -1) {
+ if (ret != 1) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
- } else if (ret == 0) {
- ret = gendb_search(c_state->sam_ctx,
- mem_ctx, NULL, &dom_msgs, dom_attrs,
- "(&(objectSid=%s)(objectClass=builtinDomain))",
- ldap_encode_ndr_dom_sid(mem_ctx, r->in.sid));
- if (ret != 1) {
- return NT_STATUS_NO_SUCH_DOMAIN;
- }
-
- domain_name = ldb_msg_find_string(dom_msgs[0], "cn", NULL);
- if (domain_name == NULL) {
- return NT_STATUS_NO_SUCH_DOMAIN;
- }
} else {
ret = gendb_search(c_state->sam_ctx,
mem_ctx, NULL, &ref_msgs, ref_attrs,
"(&(&(nETBIOSName=*)(objectclass=crossRef))(ncName=%s))",
ldb_dn_linearize(mem_ctx, dom_msgs[0]->dn));
- if (ret != 1) {
- return NT_STATUS_NO_SUCH_DOMAIN;
- }
+ if (ret == 0) {
+ domain_name = ldb_msg_find_string(dom_msgs[0], "cn", NULL);
+ if (domain_name == NULL) {
+ return NT_STATUS_NO_SUCH_DOMAIN;
+ }
+ } else if (ret == 1) {
- domain_name = ldb_msg_find_string(ref_msgs[0], "nETBIOSName", NULL);
- if (domain_name == NULL) {
+ domain_name = ldb_msg_find_string(ref_msgs[0], "nETBIOSName", NULL);
+ if (domain_name == NULL) {
+ return NT_STATUS_NO_SUCH_DOMAIN;
+ }
+ } else {
return NT_STATUS_NO_SUCH_DOMAIN;
}
}
@@ -1769,7 +1762,7 @@ static NTSTATUS samr_DeleteGroupMember(struct dcesrv_call_state *dce_call, TALLO
samr_QueryGroupMember
*/
static NTSTATUS samr_QueryGroupMember(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
- struct samr_QueryGroupMember *r)
+ struct samr_QueryGroupMember *r)
{
struct dcesrv_handle *h;
struct samr_account_state *a_state;
@@ -3317,9 +3310,9 @@ static NTSTATUS samr_GetDomPwInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX
return NT_STATUS_INVALID_SYSTEM_SERVICE;
}
- ret = gendb_search(sam_ctx,
- mem_ctx, NULL, &msgs, attrs,
- "(&(!(objectClass=builtinDomain))(objectclass=domain))");
+ /* The domain name in this call is ignored */
+ ret = gendb_search_dn(sam_ctx,
+ mem_ctx, samdb_base_dn(mem_ctx), &msgs, attrs);
if (ret <= 0) {
return NT_STATUS_NO_SUCH_DOMAIN;
}
generated by cgit (git 2.34.1) at 2024-12-01 07:20:17 +0000