diff options
Diffstat (limited to 'source4/rpc_server/samr')
-rw-r--r-- | source4/rpc_server/samr/dcesrv_samr.c | 84 | ||||
-rw-r--r-- | source4/rpc_server/samr/dcesrv_samr.h | 4 | ||||
-rw-r--r-- | source4/rpc_server/samr/samr_password.c | 31 |
3 files changed, 67 insertions, 52 deletions
diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c index 1e47199d20..81db2b386b 100644 --- a/source4/rpc_server/samr/dcesrv_samr.c +++ b/source4/rpc_server/samr/dcesrv_samr.c @@ -191,7 +191,8 @@ static NTSTATUS samr_LookupDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX } ret = gendb_search_dn(c_state->sam_ctx, mem_ctx, - samdb_result_string(ref_msgs[0], "ncName", NULL), + samdb_result_dn(mem_ctx, + ref_msgs[0], "ncName", NULL), &dom_msgs, dom_attrs); } @@ -274,7 +275,7 @@ static NTSTATUS samr_EnumDomains(struct dcesrv_call_state *dce_call, TALLOC_CTX ret = gendb_search(c_state->sam_ctx, mem_ctx, NULL, &ref_msgs, ref_attrs, "(&(objectClass=crossRef)(ncName=%s))", - dom_msgs[i]->dn); + ldb_dn_linearize(mem_ctx, dom_msgs[i]->dn)); if (ret == 1) { array->entries[i].name.string = samdb_result_string(ref_msgs[0], "nETBIOSName", NULL); } else { @@ -339,7 +340,7 @@ static NTSTATUS samr_OpenDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX * ret = gendb_search(c_state->sam_ctx, mem_ctx, NULL, &ref_msgs, ref_attrs, "(&(&(nETBIOSName=*)(objectclass=crossRef))(ncName=%s))", - dom_msgs[0]->dn); + ldb_dn_linearize(mem_ctx, dom_msgs[0]->dn)); if (ret != 1) { return NT_STATUS_NO_SUCH_DOMAIN; } @@ -359,7 +360,7 @@ static NTSTATUS samr_OpenDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX * d_state->sam_ctx = c_state->sam_ctx; d_state->domain_sid = dom_sid_dup(d_state, r->in.sid); d_state->domain_name = talloc_strdup(d_state, domain_name); - d_state->domain_dn = talloc_strdup(d_state, dom_msgs[0]->dn); + d_state->domain_dn = ldb_dn_copy(d_state, dom_msgs[0]->dn); if (!d_state->domain_sid || !d_state->domain_name || !d_state->domain_dn) { talloc_free(d_state); return NT_STATUS_NO_MEMORY; @@ -553,8 +554,11 @@ static NTSTATUS samr_CreateDomainGroup(struct dcesrv_call_state *dce_call, TALLO } /* add core elements to the ldb_message for the user */ - msg->dn = talloc_asprintf(mem_ctx, "CN=%s,CN=Users,%s", groupname, - d_state->domain_dn); + msg->dn = ldb_dn_build_child(mem_ctx, + "CN", groupname, + ldb_dn_build_child(mem_ctx, + "CN", "Users", + d_state->domain_dn)); if (!msg->dn) { return NT_STATUS_NO_MEMORY; } @@ -564,7 +568,8 @@ static NTSTATUS samr_CreateDomainGroup(struct dcesrv_call_state *dce_call, TALLO /* create the group */ ret = samdb_add(d_state->sam_ctx, mem_ctx, msg); if (ret != 0) { - DEBUG(0,("Failed to create group record %s\n", msg->dn)); + DEBUG(0,("Failed to create group record %s\n", + ldb_dn_linearize(mem_ctx, msg->dn))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } @@ -579,7 +584,8 @@ static NTSTATUS samr_CreateDomainGroup(struct dcesrv_call_state *dce_call, TALLO /* retrieve the sid for the group just created */ sid = samdb_search_dom_sid(d_state->sam_ctx, a_state, - msg->dn, "objectSid", "dn=%s", msg->dn); + msg->dn, "objectSid", "dn=%s", + ldb_dn_linearize(mem_ctx, msg->dn)); if (sid == NULL) { return NT_STATUS_UNSUCCESSFUL; } @@ -789,7 +795,7 @@ static NTSTATUS samr_CreateUser2(struct dcesrv_call_state *dce_call, TALLOC_CTX } /* add core elements to the ldb_message for the user */ - msg->dn = talloc_asprintf(mem_ctx, "CN=%s,CN=%s,%s", cn_name, container, d_state->domain_dn); + msg->dn = ldb_dn_build_child(mem_ctx, "CN", cn_name, ldb_dn_build_child(mem_ctx, "CN", container, d_state->domain_dn)); if (!msg->dn) { return NT_STATUS_NO_MEMORY; } @@ -798,7 +804,8 @@ static NTSTATUS samr_CreateUser2(struct dcesrv_call_state *dce_call, TALLOC_CTX /* create the user */ ret = samdb_add(d_state->sam_ctx, mem_ctx, msg); if (ret != 0) { - DEBUG(0,("Failed to create user record %s\n", msg->dn)); + DEBUG(0,("Failed to create user record %s\n", + ldb_dn_linearize(mem_ctx, msg->dn))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } @@ -813,7 +820,7 @@ static NTSTATUS samr_CreateUser2(struct dcesrv_call_state *dce_call, TALLOC_CTX /* retrieve the sid for the user just created */ sid = samdb_search_dom_sid(d_state->sam_ctx, a_state, - msg->dn, "objectSid", "dn=%s", msg->dn); + msg->dn, "objectSid", "dn=%s", ldb_dn_linearize(mem_ctx, msg->dn)); if (sid == NULL) { return NT_STATUS_UNSUCCESSFUL; } @@ -984,8 +991,11 @@ static NTSTATUS samr_CreateDomAlias(struct dcesrv_call_state *dce_call, TALLOC_C } /* add core elements to the ldb_message for the alias */ - msg->dn = talloc_asprintf(mem_ctx, "CN=%s,CN=Users,%s", alias_name, - d_state->domain_dn); + msg->dn = ldb_dn_build_child(mem_ctx, + "CN", alias_name, + ldb_dn_build_child(mem_ctx, + "CN", "Users", + d_state->domain_dn)); if (!msg->dn) { return NT_STATUS_NO_MEMORY; } @@ -997,7 +1007,8 @@ static NTSTATUS samr_CreateDomAlias(struct dcesrv_call_state *dce_call, TALLOC_C /* create the alias */ ret = samdb_add(d_state->sam_ctx, mem_ctx, msg); if (ret != 0) { - DEBUG(0,("Failed to create alias record %s\n", msg->dn)); + DEBUG(0,("Failed to create alias record %s\n", + ldb_dn_linearize(mem_ctx, msg->dn))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } @@ -1013,7 +1024,8 @@ static NTSTATUS samr_CreateDomAlias(struct dcesrv_call_state *dce_call, TALLOC_C /* retrieve the sid for the alias just created */ sid = samdb_search_dom_sid(d_state->sam_ctx, a_state, - msg->dn, "objectSid", "dn=%s", msg->dn); + msg->dn, "objectSid", "dn=%s", + ldb_dn_linearize(mem_ctx, msg->dn)); a_state->account_name = talloc_strdup(a_state, alias_name); if (!a_state->account_name) { @@ -1580,7 +1592,7 @@ static NTSTATUS samr_SetGroupInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX return NT_STATUS_NO_MEMORY; } - msg->dn = talloc_strdup(mem_ctx, a_state->account_dn); + msg->dn = ldb_dn_copy(mem_ctx, a_state->account_dn); if (!msg->dn) { return NT_STATUS_NO_MEMORY; } @@ -1813,7 +1825,7 @@ static NTSTATUS samr_QueryGroupMember(struct dcesrv_call_state *dce_call, TALLOC struct ldb_message **res2; const char * const attrs2[2] = { "objectSid", NULL }; ret = gendb_search_dn(a_state->sam_ctx, mem_ctx, - (char *)el->values[i].data, + ldb_dn_explode(mem_ctx, el->values[i].data), &res2, attrs2); if (ret != 1) return NT_STATUS_INTERNAL_DB_CORRUPTION; @@ -2001,7 +2013,7 @@ static NTSTATUS samr_SetAliasInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX return NT_STATUS_NO_MEMORY; } - msg->dn = talloc_strdup(mem_ctx, a_state->account_dn); + msg->dn = ldb_dn_copy(mem_ctx, a_state->account_dn); if (!msg->dn) { return NT_STATUS_NO_MEMORY; } @@ -2069,7 +2081,7 @@ static NTSTATUS samr_AddAliasMember(struct dcesrv_call_state *dce_call, TALLOC_C struct ldb_message *mod; struct ldb_message **msgs; const char * const attrs[2] = { "dn", NULL }; - const char *memberdn = NULL; + struct ldb_dn *memberdn = NULL; int ret; DCESRV_PULL_HANDLE(h, r->in.alias_handle, SAMR_HANDLE_ALIAS); @@ -2082,14 +2094,15 @@ static NTSTATUS samr_AddAliasMember(struct dcesrv_call_state *dce_call, TALLOC_C ldap_encode_ndr_dom_sid(mem_ctx, r->in.sid)); if (ret == 1) { - memberdn = ldb_msg_find_string(msgs[0], "dn", NULL); + memberdn = ldb_dn_explode(mem_ctx, ldb_msg_find_string(msgs[0], "dn", NULL)); } else if (ret > 1) { DEBUG(0,("Found %d records matching sid %s\n", ret, dom_sid_string(mem_ctx, r->in.sid))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } else if (ret == 0) { struct ldb_message *msg; - const char *basedn, *sidstr; + struct ldb_dn *basedn; + const char *sidstr; sidstr = dom_sid_string(mem_ctx, r->in.sid); NT_STATUS_HAVE_NO_MEMORY(sidstr); @@ -2110,10 +2123,11 @@ static NTSTATUS samr_AddAliasMember(struct dcesrv_call_state *dce_call, TALLOC_C * cn=For...,cn=Builtin,dc={BASEDN}. -- vl */ - basedn = samdb_search_string(d_state->sam_ctx, mem_ctx, NULL, - "dn", - "(&(objectClass=container)" - "(cn=ForeignSecurityPrincipals))"); + basedn = ldb_dn_explode(mem_ctx, + samdb_search_string(d_state->sam_ctx, + mem_ctx, NULL, "dn", + "(&(objectClass=container)" + "(cn=ForeignSecurityPrincipals))")); if (basedn == NULL) { DEBUG(0, ("Failed to find DN for " @@ -2122,7 +2136,7 @@ static NTSTATUS samr_AddAliasMember(struct dcesrv_call_state *dce_call, TALLOC_C } /* add core elements to the ldb_message for the alias */ - msg->dn = talloc_asprintf(mem_ctx, "CN=%s,%s", sidstr, basedn); + msg->dn = ldb_dn_build_child(mem_ctx, "CN", sidstr, basedn); if (msg->dn == NULL) return NT_STATUS_NO_MEMORY; @@ -2136,7 +2150,7 @@ static NTSTATUS samr_AddAliasMember(struct dcesrv_call_state *dce_call, TALLOC_C ret = samdb_add(d_state->sam_ctx, mem_ctx, msg); if (ret != 0) { DEBUG(0,("Failed to create foreignSecurityPrincipal " - "record %s\n", msg->dn)); + "record %s\n", ldb_dn_linearize(mem_ctx, msg->dn))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } } else { @@ -2156,7 +2170,7 @@ static NTSTATUS samr_AddAliasMember(struct dcesrv_call_state *dce_call, TALLOC_C mod->dn = talloc_reference(mem_ctx, a_state->account_dn); if (samdb_msg_add_addval(d_state->sam_ctx, mem_ctx, mod, "member", - memberdn) != 0) + ldb_dn_linearize(mem_ctx, memberdn)) != 0) return NT_STATUS_UNSUCCESSFUL; if (samdb_modify(a_state->sam_ctx, mem_ctx, mod) != 0) @@ -2252,7 +2266,7 @@ static NTSTATUS samr_GetMembersInAlias(struct dcesrv_call_state *dce_call, TALLO struct ldb_message **msgs2; const char * const attrs2[2] = { "objectSid", NULL }; ret = gendb_search_dn(a_state->sam_ctx, mem_ctx, - (char *)el->values[i].data, + ldb_dn_explode(mem_ctx, el->values[i].data), &msgs2, attrs2); if (ret != 1) return NT_STATUS_INTERNAL_DB_CORRUPTION; @@ -2821,7 +2835,7 @@ static NTSTATUS samr_GetGroupsForUser(struct dcesrv_call_state *dce_call, TALLOC count = samdb_search_domain(a_state->sam_ctx, mem_ctx, NULL, &res, attrs, d_state->domain_sid, "(&(member=%s)(grouptype=%s)(objectclass=group))", - a_state->account_dn, + ldb_dn_linearize(mem_ctx, a_state->account_dn), ldb_hexstr(mem_ctx, GTYPE_SECURITY_GLOBAL_GROUP)); if (count < 0) @@ -3113,11 +3127,11 @@ static NTSTATUS samr_GetUserPwInfo(struct dcesrv_call_state *dce_call, TALLOC_CT r->out.info.min_password_length = samdb_search_uint(a_state->sam_ctx, mem_ctx, 0, a_state->domain_state->domain_dn, "minPwdLength", "dn=%s", - a_state->domain_state->domain_dn); + ldb_dn_linearize(mem_ctx, a_state->domain_state->domain_dn)); r->out.info.password_properties = samdb_search_uint(a_state->sam_ctx, mem_ctx, 0, a_state->account_dn, - "pwdProperties", - "dn=%s", a_state->account_dn); + "pwdProperties", "dn=%s", + ldb_dn_linearize(mem_ctx, a_state->account_dn)); return NT_STATUS_OK; } @@ -3170,9 +3184,7 @@ static NTSTATUS samr_RemoveMemberFromForeignDomain(struct dcesrv_call_state *dce return NT_STATUS_NO_MEMORY; } - mod->dn = talloc_reference(mod, - samdb_result_string(res[i], "dn", - NULL)); + mod->dn = samdb_result_dn(mod, res[i], "dn", NULL); if (mod->dn == NULL) { talloc_free(mod); continue; diff --git a/source4/rpc_server/samr/dcesrv_samr.h b/source4/rpc_server/samr/dcesrv_samr.h index 51e0869eef..8e53fa7a10 100644 --- a/source4/rpc_server/samr/dcesrv_samr.h +++ b/source4/rpc_server/samr/dcesrv_samr.h @@ -49,7 +49,7 @@ struct samr_domain_state { uint32_t access_mask; struct dom_sid *domain_sid; const char *domain_name; - const char *domain_dn; + const struct ldb_dn *domain_dn; }; /* @@ -61,5 +61,5 @@ struct samr_account_state { uint32_t access_mask; struct dom_sid *account_sid; const char *account_name; - const char *account_dn; + const struct ldb_dn *account_dn; }; diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c index 48abc7cfde..c862763101 100644 --- a/source4/rpc_server/samr/samr_password.c +++ b/source4/rpc_server/samr/samr_password.c @@ -108,7 +108,7 @@ NTSTATUS samr_ChangePasswordUser(struct dcesrv_call_state *dce_call, TALLOC_CTX return NT_STATUS_NO_MEMORY; } - msg->dn = talloc_strdup(msg, a_state->account_dn); + msg->dn = ldb_dn_copy(msg, a_state->account_dn); if (!msg->dn) { return NT_STATUS_NO_MEMORY; } @@ -143,7 +143,7 @@ NTSTATUS samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call, TALLOC_ uint32_t new_pass_len; struct samr_CryptPassword *pwbuf = r->in.password; void *sam_ctx; - const char *user_dn, *domain_dn; + const struct ldb_dn *user_dn, *domain_dn; int ret; struct ldb_message **res, *mod; const char * const attrs[] = { "objectSid", "lmPwdHash", "unicodePwd", NULL }; @@ -210,9 +210,10 @@ NTSTATUS samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call, TALLOC_ return NT_STATUS_NO_SUCH_USER; } - domain_dn = samdb_search_string(sam_ctx, mem_ctx, NULL, "dn", - "(objectSid=%s)", - ldap_encode_ndr_dom_sid(mem_ctx, domain_sid)); + domain_dn = ldb_dn_explode(mem_ctx, + samdb_search_string(sam_ctx, mem_ctx, NULL, "dn", + "(objectSid=%s)", + ldap_encode_ndr_dom_sid(mem_ctx, domain_sid))); if (!domain_dn) { return NT_STATUS_INTERNAL_DB_CORRUPTION; } @@ -222,7 +223,7 @@ NTSTATUS samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call, TALLOC_ return NT_STATUS_NO_MEMORY; } - mod->dn = talloc_strdup(mod, user_dn); + mod->dn = ldb_dn_copy(mod, user_dn); if (!mod->dn) { return NT_STATUS_NO_MEMORY; } @@ -261,7 +262,7 @@ NTSTATUS samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call, char new_pass[512]; uint32_t new_pass_len; void *sam_ctx = NULL; - const char *user_dn, *domain_dn = NULL; + const struct ldb_dn *user_dn, *domain_dn = NULL; int ret; struct ldb_message **res, *mod; const char * const attrs[] = { "objectSid", "ntPwdHash", "lmPwdHash", "unicodePwd", NULL }; @@ -360,9 +361,10 @@ NTSTATUS samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call, goto failed; } - domain_dn = samdb_search_string(sam_ctx, mem_ctx, NULL, "dn", - "(objectSid=%s)", - ldap_encode_ndr_dom_sid(mem_ctx, domain_sid)); + domain_dn = ldb_dn_explode(mem_ctx, + samdb_search_string(sam_ctx, mem_ctx, NULL, "dn", + "(objectSid=%s)", + ldap_encode_ndr_dom_sid(mem_ctx, domain_sid))); if (!domain_dn) { status = NT_STATUS_INTERNAL_DB_CORRUPTION; goto failed; @@ -373,7 +375,7 @@ NTSTATUS samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call, return NT_STATUS_NO_MEMORY; } - mod->dn = talloc_strdup(mod, user_dn); + mod->dn = ldb_dn_copy(mod, user_dn); if (!mod->dn) { status = NT_STATUS_NO_MEMORY; goto failed; @@ -485,7 +487,8 @@ static BOOL samdb_password_complexity_ok(const char *pass) changes (as is needed by some of the set user info levels) */ NTSTATUS samdb_set_password(void *ctx, TALLOC_CTX *mem_ctx, - const char *user_dn, const char *domain_dn, + const struct ldb_dn *user_dn, + const struct ldb_dn *domain_dn, struct ldb_message *mod, const char *new_pass, struct samr_Password *lmNewHash, @@ -743,7 +746,7 @@ NTSTATUS samdb_set_password(void *ctx, TALLOC_CTX *mem_ctx, */ NTSTATUS samr_set_password(struct dcesrv_call_state *dce_call, void *sam_ctx, - const char *account_dn, const char *domain_dn, + const struct ldb_dn *account_dn, const struct ldb_dn *domain_dn, TALLOC_CTX *mem_ctx, struct ldb_message *msg, struct samr_CryptPassword *pwbuf) @@ -785,7 +788,7 @@ NTSTATUS samr_set_password(struct dcesrv_call_state *dce_call, */ NTSTATUS samr_set_password_ex(struct dcesrv_call_state *dce_call, void *sam_ctx, - const char *account_dn, const char *domain_dn, + const struct ldb_dn *account_dn, const struct ldb_dn *domain_dn, TALLOC_CTX *mem_ctx, struct ldb_message *msg, struct samr_CryptPasswordEx *pwbuf) |