summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb
diff options
context:
space:
mode:
Diffstat (limited to 'source4/dsdb/samdb')
-rw-r--r--source4/dsdb/samdb/ldb_modules/samldb.c37
-rw-r--r--source4/dsdb/samdb/samdb.c89
2 files changed, 81 insertions, 45 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c
index 26560c361e..1c1ff0ea6e 100644
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -184,41 +184,6 @@ static int samldb_allocate_next_rid(struct ldb_module *module, TALLOC_CTX *mem_c
return ret;
}
-/* Find a domain object in the parents of a particular DN. */
-static struct ldb_dn *samldb_search_domain(struct ldb_module *module, TALLOC_CTX *mem_ctx, struct ldb_dn *dn)
-{
- TALLOC_CTX *local_ctx;
- struct ldb_dn *sdn;
- struct ldb_result *res = NULL;
- int ret = 0;
- const char *attrs[] = { NULL };
-
- local_ctx = talloc_new(mem_ctx);
- if (local_ctx == NULL) return NULL;
-
- sdn = ldb_dn_copy(local_ctx, dn);
- do {
- ret = ldb_search(module->ldb, sdn, LDB_SCOPE_BASE,
- "(|(objectClass=domain)(objectClass=builtinDomain))", attrs, &res);
- if (ret == LDB_SUCCESS) {
- talloc_steal(local_ctx, res);
- if (res->count == 1) {
- break;
- }
- }
- } while ((sdn = ldb_dn_get_parent(local_ctx, sdn)));
-
- if (ret != LDB_SUCCESS || res->count != 1) {
- talloc_free(local_ctx);
- return NULL;
- }
-
- talloc_steal(mem_ctx, sdn);
- talloc_free(local_ctx);
-
- return sdn;
-}
-
/* search the domain related to the provided dn
allocate a new RID for the domain
return the new sid string
@@ -235,7 +200,7 @@ static int samldb_get_new_sid(struct ldb_module *module,
/* get the domain component part of the provided dn */
- dom_dn = samldb_search_domain(module, mem_ctx, obj_dn);
+ dom_dn = samdb_search_for_parent_domain(module->ldb, mem_ctx, obj_dn);
if (dom_dn == NULL) {
ldb_asprintf_errstring(module->ldb,
"Invalid dn (%s) not child of a domain object!\n",
diff --git a/source4/dsdb/samdb/samdb.c b/source4/dsdb/samdb/samdb.c
index 9296352b0b..2d811094ff 100644
--- a/source4/dsdb/samdb/samdb.c
+++ b/source4/dsdb/samdb/samdb.c
@@ -353,15 +353,11 @@ const char *samdb_result_string(const struct ldb_message *msg, const char *attr,
struct ldb_dn *samdb_result_dn(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, const struct ldb_message *msg,
const char *attr, struct ldb_dn *default_value)
{
- struct ldb_dn *res_dn;
- const char *string = samdb_result_string(msg, attr, NULL);
- if (string == NULL) return default_value;
- res_dn = ldb_dn_new(mem_ctx, ldb, string);
- if ( ! ldb_dn_validate(res_dn)) {
- talloc_free(res_dn);
- return NULL;
+ struct ldb_dn *ret_dn = ldb_msg_find_attr_as_dn(ldb, mem_ctx, msg, attr);
+ if (!ret_dn) {
+ return default_value;
}
- return res_dn;
+ return ret_dn;
}
/*
@@ -1182,7 +1178,7 @@ struct ldb_dn *samdb_server_dn(struct ldb_context *ldb, TALLOC_CTX *mem_ctx)
}
/*
- work out the domain sid for the current open ldb
+ work out if we are the PDC for the domain of the current open ldb
*/
BOOL samdb_is_pdc(struct ldb_context *ldb)
{
@@ -1225,6 +1221,41 @@ failed:
return False;
}
+
+/* Find a domain object in the parents of a particular DN. */
+struct ldb_dn *samdb_search_for_parent_domain(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, struct ldb_dn *dn)
+{
+ TALLOC_CTX *local_ctx;
+ struct ldb_dn *sdn = dn;
+ struct ldb_result *res = NULL;
+ int ret = 0;
+ const char *attrs[] = { NULL };
+
+ local_ctx = talloc_new(mem_ctx);
+ if (local_ctx == NULL) return NULL;
+
+ while ((sdn = ldb_dn_get_parent(local_ctx, sdn))) {
+ ret = ldb_search(ldb, sdn, LDB_SCOPE_BASE,
+ "(|(objectClass=domain)(objectClass=builtinDomain))", attrs, &res);
+ if (ret == LDB_SUCCESS) {
+ talloc_steal(local_ctx, res);
+ if (res->count == 1) {
+ break;
+ }
+ }
+ }
+
+ if (ret != LDB_SUCCESS || res->count != 1) {
+ talloc_free(local_ctx);
+ return NULL;
+ }
+
+ talloc_steal(mem_ctx, sdn);
+ talloc_free(local_ctx);
+
+ return sdn;
+}
+
/*
check that a password is sufficiently complex
*/
@@ -1681,3 +1712,43 @@ NTSTATUS samdb_create_foreign_security_principal(struct ldb_context *sam_ctx, TA
*ret_dn = msg->dn;
return NT_STATUS_OK;
}
+
+/*
+ Find the DN of a domain, be it the netbios or DNS name
+*/
+
+struct ldb_dn *samdb_domain_to_dn(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
+ const char *domain_name)
+{
+ const char * const domain_ref_attrs[] = {
+ "ncName", NULL
+ };
+ struct ldb_result *res_domain_ref;
+ char *escaped_domain = ldb_binary_encode_string(mem_ctx, domain_name);
+ /* find the domain's DN */
+ int ret_domain = ldb_search_exp_fmt(ldb, mem_ctx,
+ &res_domain_ref,
+ samdb_partitions_dn(ldb, mem_ctx),
+ LDB_SCOPE_ONELEVEL,
+ domain_ref_attrs,
+ "(&(&(|(&(dnsRoot=%s)(nETBIOSName=*))(nETBIOSName=%s))(objectclass=crossRef))(ncName=*))",
+ escaped_domain, escaped_domain);
+ if (ret_domain != 0) {
+ return NULL;
+ }
+
+ if (res_domain_ref->count == 0) {
+ DEBUG(3,("sam_search_user: Couldn't find domain [%s] in samdb.\n",
+ domain_name));
+ return NULL;
+ }
+
+ if (res_domain_ref->count > 1) {
+ DEBUG(0,("Found %d records matching domain [%s]\n",
+ ret_domain, domain_name));
+ return NULL;
+ }
+
+ return samdb_result_dn(ldb, mem_ctx, res_domain_ref->msgs[0], "nCName", NULL);
+
+}