summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--lib/util/util_ldb.c97
-rw-r--r--lib/util/util_ldb.h8
-rw-r--r--source4/auth/sam.c5
-rw-r--r--source4/kdc/db-glue.c29
4 files changed, 19 insertions, 120 deletions
diff --git a/lib/util/util_ldb.c b/lib/util/util_ldb.c
index e92e3a2dff..9fd2acef16 100644
--- a/lib/util/util_ldb.c
+++ b/lib/util/util_ldb.c
@@ -132,100 +132,3 @@ char *wrap_casefold(void *context, void *mem_ctx, const char *s, size_t n)
return strupper_talloc_n(mem_ctx, s, n);
}
-
-
-/*
- search the LDB for a single record, with the extended_dn control
- return LDB_SUCCESS on success, or an ldb error code on error
-
- if the search returns 0 entries, return LDB_ERR_NO_SUCH_OBJECT
- if the search returns more than 1 entry, return LDB_ERR_CONSTRAINT_VIOLATION
-*/
-int gendb_search_single_extended_dn(struct ldb_context *ldb,
- TALLOC_CTX *mem_ctx,
- struct ldb_dn *basedn,
- enum ldb_scope scope,
- struct ldb_message **msg,
- const char * const *attrs,
- const char *format, ...)
-{
- va_list ap;
- int ret;
- struct ldb_request *req;
- char *filter;
- TALLOC_CTX *tmp_ctx;
- struct ldb_result *res;
- struct ldb_extended_dn_control *ctrl;
-
- tmp_ctx = talloc_new(mem_ctx);
-
- res = talloc_zero(tmp_ctx, struct ldb_result);
- if (!res) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- va_start(ap, format);
- filter = talloc_vasprintf(tmp_ctx, format, ap);
- va_end(ap);
-
- if (filter == NULL) {
- talloc_free(tmp_ctx);
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- ret = ldb_build_search_req(&req, ldb, tmp_ctx,
- basedn,
- scope,
- filter,
- attrs,
- NULL,
- res,
- ldb_search_default_callback,
- NULL);
- if (ret != LDB_SUCCESS) {
- talloc_free(tmp_ctx);
- return ret;
- }
-
- ctrl = talloc(tmp_ctx, struct ldb_extended_dn_control);
- if (ctrl == NULL) {
- talloc_free(tmp_ctx);
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- ctrl->type = 1;
-
- ret = ldb_request_add_control(req, LDB_CONTROL_EXTENDED_DN_OID, true, ctrl);
- if (ret != LDB_SUCCESS) {
- return ret;
- }
-
- ret = ldb_request(ldb, req);
- if (ret == LDB_SUCCESS) {
- ret = ldb_wait(req->handle, LDB_WAIT_ALL);
- }
-
- if (ret != LDB_SUCCESS) {
- talloc_free(tmp_ctx);
- return ret;
- }
-
- if (res->count == 0) {
- talloc_free(tmp_ctx);
- return LDB_ERR_NO_SUCH_OBJECT;
- }
-
- if (res->count > 1) {
- /* the function is only supposed to return a single entry */
- DEBUG(0,(__location__ ": More than one return for baseDN %s filter %s\n",
- ldb_dn_get_linearized(basedn), filter));
- talloc_free(tmp_ctx);
- return LDB_ERR_CONSTRAINT_VIOLATION;
- }
-
- *msg = talloc_steal(mem_ctx, res->msgs[0]);
-
- talloc_free(tmp_ctx);
-
- return LDB_SUCCESS;
-}
diff --git a/lib/util/util_ldb.h b/lib/util/util_ldb.h
index 4575c6565a..f9eb028916 100644
--- a/lib/util/util_ldb.h
+++ b/lib/util/util_ldb.h
@@ -26,12 +26,4 @@ int gendb_search_dn(struct ldb_context *ldb,
int gendb_add_ldif(struct ldb_context *ldb, const char *ldif_string);
char *wrap_casefold(void *context, void *mem_ctx, const char *s, size_t n);
-int gendb_search_single_extended_dn(struct ldb_context *ldb,
- TALLOC_CTX *mem_ctx,
- struct ldb_dn *basedn,
- enum ldb_scope scope,
- struct ldb_message **msg,
- const char * const *attrs,
- const char *format, ...) PRINTF_ATTRIBUTE(7,8);
-
#endif /* __LIB_UTIL_UTIL_LDB_H__ */
diff --git a/source4/auth/sam.c b/source4/auth/sam.c
index 4c0fafeff8..9d841e4e9b 100644
--- a/source4/auth/sam.c
+++ b/source4/auth/sam.c
@@ -33,6 +33,7 @@
#include "librpc/gen_ndr/ndr_security.h"
#include "param/param.h"
#include "auth/auth_sam.h"
+#include "dsdb/common/util.h"
#define KRBTGT_ATTRS \
/* required for the krb5 kdc */ \
@@ -548,8 +549,8 @@ NTSTATUS sam_get_results_principal(struct ldb_context *sam_ctx,
}
/* pull the user attributes */
- ret = gendb_search_single_extended_dn(sam_ctx, tmp_ctx, user_dn,
- LDB_SCOPE_BASE, msg, attrs, "(objectClass=*)");
+ ret = dsdb_search_one(sam_ctx, tmp_ctx, msg, user_dn,
+ LDB_SCOPE_BASE, attrs, DSDB_SEARCH_SHOW_EXTENDED_DN, "(objectClass=*)");
if (ret != LDB_SUCCESS) {
talloc_free(tmp_ctx);
return NT_STATUS_INTERNAL_DB_CORRUPTION;
diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c
index 4fc94f8669..a54f8f59cf 100644
--- a/source4/kdc/db-glue.c
+++ b/source4/kdc/db-glue.c
@@ -32,6 +32,7 @@
#include "auth/auth_sam.h"
#include "../lib/util/util_ldb.h"
#include "dsdb/samdb/samdb.h"
+#include "dsdb/common/util.h"
#include "librpc/ndr/libndr.h"
#include "librpc/gen_ndr/ndr_drsblobs.h"
#include "librpc/gen_ndr/lsa.h"
@@ -1043,10 +1044,11 @@ static krb5_error_code samba_kdc_fetch_krbtgt(krb5_context context,
int lret;
char *realm_fixed;
- lret = gendb_search_single_extended_dn(kdc_db_ctx->samdb, mem_ctx,
- realm_dn, LDB_SCOPE_SUBTREE,
- &msg, krbtgt_attrs,
- "(&(objectClass=user)(samAccountName=krbtgt))");
+ lret = dsdb_search_one(kdc_db_ctx->samdb, mem_ctx,
+ &msg, realm_dn, LDB_SCOPE_SUBTREE,
+ krbtgt_attrs,
+ DSDB_SEARCH_SHOW_EXTENDED_DN,
+ "(&(objectClass=user)(samAccountName=krbtgt))");
if (lret == LDB_ERR_NO_SUCH_OBJECT) {
krb5_warnx(context, "samba_kdc_fetch: could not find own KRBTGT in DB!");
krb5_set_error_message(context, HDB_ERR_NOENTRY, "samba_kdc_fetch: could not find own KRBTGT in DB!");
@@ -1167,11 +1169,10 @@ static krb5_error_code samba_kdc_lookup_server(krb5_context context,
return HDB_ERR_NOENTRY;
}
- ldb_ret = gendb_search_single_extended_dn(kdc_db_ctx->samdb,
- mem_ctx,
- user_dn, LDB_SCOPE_BASE,
- msg, attrs,
- "(objectClass=*)");
+ ldb_ret = dsdb_search_one(kdc_db_ctx->samdb,
+ mem_ctx,
+ msg, user_dn, LDB_SCOPE_BASE,
+ attrs, DSDB_SEARCH_SHOW_EXTENDED_DN, "(objectClass=*)");
if (ldb_ret != LDB_SUCCESS) {
return HDB_ERR_NOENTRY;
}
@@ -1194,10 +1195,12 @@ static krb5_error_code samba_kdc_lookup_server(krb5_context context,
return ret;
}
- lret = gendb_search_single_extended_dn(kdc_db_ctx->samdb, mem_ctx,
- *realm_dn, LDB_SCOPE_SUBTREE,
- msg, attrs, "(&(objectClass=user)(samAccountName=%s))",
- ldb_binary_encode_string(mem_ctx, short_princ));
+ lret = dsdb_search_one(kdc_db_ctx->samdb, mem_ctx, msg,
+ *realm_dn, LDB_SCOPE_SUBTREE,
+ attrs,
+ DSDB_SEARCH_SHOW_EXTENDED_DN,
+ "(&(objectClass=user)(samAccountName=%s))",
+ ldb_binary_encode_string(mem_ctx, short_princ));
free(short_princ);
if (lret == LDB_ERR_NO_SUCH_OBJECT) {
DEBUG(3, ("Failed find a entry for %s\n", filter));
generated by cgit (git 2.34.1) at 2024-06-26 00:38:32 +0000