summaryrefslogtreecommitdiff
path: root/source4/param/secrets.c
diff options
context:
space:
mode:
Diffstat (limited to 'source4/param/secrets.c')
-rw-r--r--source4/param/secrets.c43
1 files changed, 16 insertions, 27 deletions
diff --git a/source4/param/secrets.c b/source4/param/secrets.c
index f21be822a2..18a0800779 100644
--- a/source4/param/secrets.c
+++ b/source4/param/secrets.c
@@ -31,6 +31,9 @@
#include "../lib/util/util_tdb.h"
#include "../lib/util/util_ldb.h"
#include "librpc/gen_ndr/ndr_security.h"
+#include "dsdb/samdb/samdb.h"
+#include "dsdb/common/util.h"
+#include "dsdb/common/proto.h"
/**
* Use a TDB to store an incrementing random seed.
@@ -138,15 +141,17 @@ struct ldb_context *secrets_db_connect(TALLOC_CTX *mem_ctx,
struct dom_sid *secrets_get_domain_sid(TALLOC_CTX *mem_ctx,
struct tevent_context *ev_ctx,
struct loadparm_context *lp_ctx,
- const char *domain)
+ const char *domain,
+ char **errstring)
{
struct ldb_context *ldb;
- struct ldb_message **msgs;
+ struct ldb_message *msg;
int ldb_ret;
const char *attrs[] = { "objectSid", NULL };
struct dom_sid *result = NULL;
const struct ldb_val *v;
enum ndr_err_code ndr_err;
+ *errstring = NULL;
ldb = secrets_db_connect(mem_ctx, ev_ctx, lp_ctx);
if (ldb == NULL) {
@@ -154,35 +159,18 @@ struct dom_sid *secrets_get_domain_sid(TALLOC_CTX *mem_ctx,
return NULL;
}
- ldb_ret = gendb_search(ldb, ldb,
- ldb_dn_new(mem_ctx, ldb, SECRETS_PRIMARY_DOMAIN_DN),
- &msgs, attrs,
- SECRETS_PRIMARY_DOMAIN_FILTER, domain);
+ ldb_ret = dsdb_search_one(ldb, ldb, &msg,
+ ldb_dn_new(mem_ctx, ldb, SECRETS_PRIMARY_DOMAIN_DN),
+ LDB_SCOPE_ONELEVEL,
+ attrs, 0, SECRETS_PRIMARY_DOMAIN_FILTER, domain);
- if (ldb_ret == -1) {
- DEBUG(5, ("Error searching for domain SID for %s: %s",
- domain, ldb_errstring(ldb)));
- talloc_free(ldb);
- return NULL;
- }
-
- if (ldb_ret == 0) {
- DEBUG(5, ("Did not find domain record for %s\n", domain));
- talloc_free(ldb);
+ if (ldb_ret != LDB_SUCCESS) {
+ *errstring = talloc_asprintf(mem_ctx, "Failed to find record for %s in secrets.ldb: %s: %s", domain, ldb_strerror(ldb_ret), ldb_errstring(ldb));
return NULL;
}
-
- if (ldb_ret > 1) {
- DEBUG(5, ("Found more than one (%d) domain records for %s\n",
- ldb_ret, domain));
- talloc_free(ldb);
- return NULL;
- }
-
- v = ldb_msg_find_ldb_val(msgs[0], "objectSid");
+ v = ldb_msg_find_ldb_val(msg, "objectSid");
if (v == NULL) {
- DEBUG(0, ("Domain object for %s does not contain a SID!\n",
- domain));
+ *errstring = talloc_asprintf(mem_ctx, "Failed to find a SID on record for %s in secrets.ldb", domain);
return NULL;
}
result = talloc(mem_ctx, struct dom_sid);
@@ -194,6 +182,7 @@ struct dom_sid *secrets_get_domain_sid(TALLOC_CTX *mem_ctx,
ndr_err = ndr_pull_struct_blob(v, result, NULL, result,
(ndr_pull_flags_fn_t)ndr_pull_dom_sid);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ *errstring = talloc_asprintf(mem_ctx, "Failed to parse SID on record for %s in secrets.ldb", domain);
talloc_free(result);
talloc_free(ldb);
return NULL;