diff options
-rw-r--r-- | lib/util/util_ldb.c | 97 | ||||
-rw-r--r-- | lib/util/util_ldb.h | 8 | ||||
-rw-r--r-- | source4/auth/sam.c | 5 | ||||
-rw-r--r-- | source4/kdc/db-glue.c | 29 |
4 files changed, 19 insertions, 120 deletions
diff --git a/lib/util/util_ldb.c b/lib/util/util_ldb.c index e92e3a2dff..9fd2acef16 100644 --- a/lib/util/util_ldb.c +++ b/lib/util/util_ldb.c @@ -132,100 +132,3 @@ char *wrap_casefold(void *context, void *mem_ctx, const char *s, size_t n) return strupper_talloc_n(mem_ctx, s, n); } - - -/* - search the LDB for a single record, with the extended_dn control - return LDB_SUCCESS on success, or an ldb error code on error - - if the search returns 0 entries, return LDB_ERR_NO_SUCH_OBJECT - if the search returns more than 1 entry, return LDB_ERR_CONSTRAINT_VIOLATION -*/ -int gendb_search_single_extended_dn(struct ldb_context *ldb, - TALLOC_CTX *mem_ctx, - struct ldb_dn *basedn, - enum ldb_scope scope, - struct ldb_message **msg, - const char * const *attrs, - const char *format, ...) -{ - va_list ap; - int ret; - struct ldb_request *req; - char *filter; - TALLOC_CTX *tmp_ctx; - struct ldb_result *res; - struct ldb_extended_dn_control *ctrl; - - tmp_ctx = talloc_new(mem_ctx); - - res = talloc_zero(tmp_ctx, struct ldb_result); - if (!res) { - return LDB_ERR_OPERATIONS_ERROR; - } - - va_start(ap, format); - filter = talloc_vasprintf(tmp_ctx, format, ap); - va_end(ap); - - if (filter == NULL) { - talloc_free(tmp_ctx); - return LDB_ERR_OPERATIONS_ERROR; - } - - ret = ldb_build_search_req(&req, ldb, tmp_ctx, - basedn, - scope, - filter, - attrs, - NULL, - res, - ldb_search_default_callback, - NULL); - if (ret != LDB_SUCCESS) { - talloc_free(tmp_ctx); - return ret; - } - - ctrl = talloc(tmp_ctx, struct ldb_extended_dn_control); - if (ctrl == NULL) { - talloc_free(tmp_ctx); - return LDB_ERR_OPERATIONS_ERROR; - } - - ctrl->type = 1; - - ret = ldb_request_add_control(req, LDB_CONTROL_EXTENDED_DN_OID, true, ctrl); - if (ret != LDB_SUCCESS) { - return ret; - } - - ret = ldb_request(ldb, req); - if (ret == LDB_SUCCESS) { - ret = ldb_wait(req->handle, LDB_WAIT_ALL); - } - - if (ret != LDB_SUCCESS) { - talloc_free(tmp_ctx); - return ret; - } - - if (res->count == 0) { - talloc_free(tmp_ctx); - return LDB_ERR_NO_SUCH_OBJECT; - } - - if (res->count > 1) { - /* the function is only supposed to return a single entry */ - DEBUG(0,(__location__ ": More than one return for baseDN %s filter %s\n", - ldb_dn_get_linearized(basedn), filter)); - talloc_free(tmp_ctx); - return LDB_ERR_CONSTRAINT_VIOLATION; - } - - *msg = talloc_steal(mem_ctx, res->msgs[0]); - - talloc_free(tmp_ctx); - - return LDB_SUCCESS; -} diff --git a/lib/util/util_ldb.h b/lib/util/util_ldb.h index 4575c6565a..f9eb028916 100644 --- a/lib/util/util_ldb.h +++ b/lib/util/util_ldb.h @@ -26,12 +26,4 @@ int gendb_search_dn(struct ldb_context *ldb, int gendb_add_ldif(struct ldb_context *ldb, const char *ldif_string); char *wrap_casefold(void *context, void *mem_ctx, const char *s, size_t n); -int gendb_search_single_extended_dn(struct ldb_context *ldb, - TALLOC_CTX *mem_ctx, - struct ldb_dn *basedn, - enum ldb_scope scope, - struct ldb_message **msg, - const char * const *attrs, - const char *format, ...) PRINTF_ATTRIBUTE(7,8); - #endif /* __LIB_UTIL_UTIL_LDB_H__ */ diff --git a/source4/auth/sam.c b/source4/auth/sam.c index 4c0fafeff8..9d841e4e9b 100644 --- a/source4/auth/sam.c +++ b/source4/auth/sam.c @@ -33,6 +33,7 @@ #include "librpc/gen_ndr/ndr_security.h" #include "param/param.h" #include "auth/auth_sam.h" +#include "dsdb/common/util.h" #define KRBTGT_ATTRS \ /* required for the krb5 kdc */ \ @@ -548,8 +549,8 @@ NTSTATUS sam_get_results_principal(struct ldb_context *sam_ctx, } /* pull the user attributes */ - ret = gendb_search_single_extended_dn(sam_ctx, tmp_ctx, user_dn, - LDB_SCOPE_BASE, msg, attrs, "(objectClass=*)"); + ret = dsdb_search_one(sam_ctx, tmp_ctx, msg, user_dn, + LDB_SCOPE_BASE, attrs, DSDB_SEARCH_SHOW_EXTENDED_DN, "(objectClass=*)"); if (ret != LDB_SUCCESS) { talloc_free(tmp_ctx); return NT_STATUS_INTERNAL_DB_CORRUPTION; diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c index 4fc94f8669..a54f8f59cf 100644 --- a/source4/kdc/db-glue.c +++ b/source4/kdc/db-glue.c @@ -32,6 +32,7 @@ #include "auth/auth_sam.h" #include "../lib/util/util_ldb.h" #include "dsdb/samdb/samdb.h" +#include "dsdb/common/util.h" #include "librpc/ndr/libndr.h" #include "librpc/gen_ndr/ndr_drsblobs.h" #include "librpc/gen_ndr/lsa.h" @@ -1043,10 +1044,11 @@ static krb5_error_code samba_kdc_fetch_krbtgt(krb5_context context, int lret; char *realm_fixed; - lret = gendb_search_single_extended_dn(kdc_db_ctx->samdb, mem_ctx, - realm_dn, LDB_SCOPE_SUBTREE, - &msg, krbtgt_attrs, - "(&(objectClass=user)(samAccountName=krbtgt))"); + lret = dsdb_search_one(kdc_db_ctx->samdb, mem_ctx, + &msg, realm_dn, LDB_SCOPE_SUBTREE, + krbtgt_attrs, + DSDB_SEARCH_SHOW_EXTENDED_DN, + "(&(objectClass=user)(samAccountName=krbtgt))"); if (lret == LDB_ERR_NO_SUCH_OBJECT) { krb5_warnx(context, "samba_kdc_fetch: could not find own KRBTGT in DB!"); krb5_set_error_message(context, HDB_ERR_NOENTRY, "samba_kdc_fetch: could not find own KRBTGT in DB!"); @@ -1167,11 +1169,10 @@ static krb5_error_code samba_kdc_lookup_server(krb5_context context, return HDB_ERR_NOENTRY; } - ldb_ret = gendb_search_single_extended_dn(kdc_db_ctx->samdb, - mem_ctx, - user_dn, LDB_SCOPE_BASE, - msg, attrs, - "(objectClass=*)"); + ldb_ret = dsdb_search_one(kdc_db_ctx->samdb, + mem_ctx, + msg, user_dn, LDB_SCOPE_BASE, + attrs, DSDB_SEARCH_SHOW_EXTENDED_DN, "(objectClass=*)"); if (ldb_ret != LDB_SUCCESS) { return HDB_ERR_NOENTRY; } @@ -1194,10 +1195,12 @@ static krb5_error_code samba_kdc_lookup_server(krb5_context context, return ret; } - lret = gendb_search_single_extended_dn(kdc_db_ctx->samdb, mem_ctx, - *realm_dn, LDB_SCOPE_SUBTREE, - msg, attrs, "(&(objectClass=user)(samAccountName=%s))", - ldb_binary_encode_string(mem_ctx, short_princ)); + lret = dsdb_search_one(kdc_db_ctx->samdb, mem_ctx, msg, + *realm_dn, LDB_SCOPE_SUBTREE, + attrs, + DSDB_SEARCH_SHOW_EXTENDED_DN, + "(&(objectClass=user)(samAccountName=%s))", + ldb_binary_encode_string(mem_ctx, short_princ)); free(short_princ); if (lret == LDB_ERR_NO_SUCH_OBJECT) { DEBUG(3, ("Failed find a entry for %s\n", filter)); |