diff options
Diffstat (limited to 'source4/rpc_server')
-rw-r--r-- | source4/rpc_server/drsuapi/drsuapi_cracknames.c | 6 | ||||
-rw-r--r-- | source4/rpc_server/lsa/dcesrv_lsa.c | 93 | ||||
-rw-r--r-- | source4/rpc_server/netlogon/dcerpc_netlogon.c | 9 | ||||
-rw-r--r-- | source4/rpc_server/samr/dcesrv_samr.c | 84 | ||||
-rw-r--r-- | source4/rpc_server/samr/dcesrv_samr.h | 4 | ||||
-rw-r--r-- | source4/rpc_server/samr/samr_password.c | 31 |
6 files changed, 130 insertions, 97 deletions
diff --git a/source4/rpc_server/drsuapi/drsuapi_cracknames.c b/source4/rpc_server/drsuapi/drsuapi_cracknames.c index e9b78b184b..b6a9105be5 100644 --- a/source4/rpc_server/drsuapi/drsuapi_cracknames.c +++ b/source4/rpc_server/drsuapi/drsuapi_cracknames.c @@ -36,7 +36,7 @@ static WERROR DsCrackNameOneName(struct drsuapi_bind_state *b_state, TALLOC_CTX const char *domain_filter = NULL; const char * const *domain_attrs; struct ldb_message **domain_res = NULL; - const char *result_basedn = NULL; + const struct ldb_dn *result_basedn = NULL; const char *result_filter = NULL; const char * const *result_attrs; struct ldb_message **result_res = NULL; @@ -166,7 +166,7 @@ static WERROR DsCrackNameOneName(struct drsuapi_bind_state *b_state, TALLOC_CTX info1->status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY; if (result_filter) { - result_basedn = samdb_result_string(domain_res[0], "ncName", NULL); + result_basedn = samdb_result_dn(mem_ctx, domain_res[0], "ncName", NULL); ret = gendb_search(b_state->sam_ctx, mem_ctx, result_basedn, &result_res, result_attrs, "%s", result_filter); @@ -189,7 +189,7 @@ static WERROR DsCrackNameOneName(struct drsuapi_bind_state *b_state, TALLOC_CTX /* here we can use result_res[0] and domain_res[0] */ switch (format_desired) { case DRSUAPI_DS_NAME_FORMAT_FQDN_1779: { - info1->result_name = result_res[0]->dn; + info1->result_name = ldb_dn_linearize(mem_ctx, result_res[0]->dn); WERR_TALLOC_CHECK(info1->result_name); info1->status = DRSUAPI_DS_NAME_STATUS_OK; diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c index fef1c91c6f..9ee0d6faec 100644 --- a/source4/rpc_server/lsa/dcesrv_lsa.c +++ b/source4/rpc_server/lsa/dcesrv_lsa.c @@ -49,9 +49,9 @@ struct lsa_policy_state { struct ldb_context *sam_ldb; struct sidmap_context *sidmap; uint32_t access_mask; - const char *domain_dn; - const char *builtin_dn; - const char *system_dn; + const struct ldb_dn *domain_dn; + const struct ldb_dn *builtin_dn; + const struct ldb_dn *system_dn; const char *domain_name; struct dom_sid *domain_sid; struct dom_sid *builtin_sid; @@ -65,7 +65,7 @@ struct lsa_account_state { struct lsa_policy_state *policy; uint32_t access_mask; struct dom_sid *account_sid; - const char *account_dn; + const struct ldb_dn *account_dn; }; @@ -75,7 +75,7 @@ struct lsa_account_state { struct lsa_secret_state { struct lsa_policy_state *policy; uint32_t access_mask; - const char *secret_dn; + const struct ldb_dn *secret_dn; struct ldb_context *sam_ldb; BOOL global; }; @@ -86,7 +86,7 @@ struct lsa_secret_state { struct lsa_trusted_domain_state { struct lsa_policy_state *policy; uint32_t access_mask; - const char *trusted_domain_dn; + const struct ldb_dn *trusted_domain_dn; }; /* @@ -254,14 +254,14 @@ static NTSTATUS lsa_get_policy_state(struct dcesrv_call_state *dce_call, TALLOC_ /* work out the domain_dn - useful for so many calls its worth fetching here */ - state->domain_dn = talloc_steal(state, samdb_result_string(msgs_domain[0], "nCName", NULL)); + state->domain_dn = samdb_result_dn(state, msgs_domain[0], "nCName", NULL); if (!state->domain_dn) { return NT_STATUS_NO_SUCH_DOMAIN; } /* work out the builtin_dn - useful for so many calls its worth fetching here */ - state->builtin_dn = talloc_steal(state, + state->builtin_dn = ldb_dn_explode(state, samdb_search_string(state->sam_ldb, mem_ctx, NULL, "dn", "objectClass=builtinDomain")); if (!state->builtin_dn) { @@ -270,7 +270,7 @@ static NTSTATUS lsa_get_policy_state(struct dcesrv_call_state *dce_call, TALLOC_ /* work out the system_dn - useful for so many calls its worth fetching here */ - state->system_dn = talloc_steal(state, + state->system_dn = ldb_dn_explode(state, samdb_search_string(state->sam_ldb, mem_ctx, state->domain_dn, "dn", "(&(objectClass=container)(cn=System))")); if (!state->system_dn) { @@ -279,8 +279,8 @@ static NTSTATUS lsa_get_policy_state(struct dcesrv_call_state *dce_call, TALLOC_ state->domain_sid = talloc_steal(state, samdb_search_dom_sid(state->sam_ldb, state, - state->domain_dn, "objectSid", - "dn=%s", state->domain_dn)); + state->domain_dn, "objectSid", "dn=%s", + ldb_dn_linearize(mem_ctx, state->domain_dn))); if (!state->domain_sid) { return NT_STATUS_NO_SUCH_DOMAIN; } @@ -598,12 +598,14 @@ static NTSTATUS lsa_CreateTrustedDomain(struct dcesrv_call_state *dce_call, TALL } if (ret < 0 || ret > 1) { - DEBUG(0,("Found %d records matching DN %s\n", ret, policy_state->system_dn)); + DEBUG(0,("Found %d records matching DN %s\n", ret, + ldb_dn_linearize(mem_ctx, policy_state->system_dn))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } - msg->dn = talloc_asprintf(mem_ctx, "cn=%s,%s", r->in.info->name.string, - policy_state->system_dn); + msg->dn = ldb_dn_build_child(mem_ctx, "cn", + r->in.info->name.string, + policy_state->system_dn); if (!msg->dn) { return NT_STATUS_NO_MEMORY; } @@ -627,7 +629,8 @@ static NTSTATUS lsa_CreateTrustedDomain(struct dcesrv_call_state *dce_call, TALL /* create the trusted_domain */ ret = samdb_add(trusted_domain_state->policy->sam_ldb, mem_ctx, msg); if (ret != 0) { - DEBUG(0,("Failed to create trusted_domain record %s\n", msg->dn)); + DEBUG(0,("Failed to create trusted_domain record %s\n", + ldb_dn_linearize(mem_ctx, msg->dn))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } @@ -690,7 +693,8 @@ static NTSTATUS lsa_OpenTrustedDomain(struct dcesrv_call_state *dce_call, TALLOC } if (ret != 1) { - DEBUG(0,("Found %d records matching DN %s\n", ret, policy_state->system_dn)); + DEBUG(0,("Found %d records matching DN %s\n", ret, + ldb_dn_linearize(mem_ctx, policy_state->system_dn))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } @@ -755,7 +759,8 @@ static NTSTATUS lsa_OpenTrustedDomainByName(struct dcesrv_call_state *dce_call, } if (ret != 1) { - DEBUG(0,("Found %d records matching DN %s\n", ret, policy_state->system_dn)); + DEBUG(0,("Found %d records matching DN %s\n", ret, + ldb_dn_linearize(mem_ctx, policy_state->system_dn))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } @@ -1300,11 +1305,12 @@ static NTSTATUS lsa_OpenAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX * /* check it really exists */ astate->account_dn = - samdb_search_string(state->sam_ldb, astate, - NULL, "dn", - "(&(objectSid=%s)(objectClass=group))", - ldap_encode_ndr_dom_sid(mem_ctx, - astate->account_sid)); + ldb_dn_explode(mem_ctx, + samdb_search_string(state->sam_ldb, astate, + NULL, "dn", + "(&(objectSid=%s)(objectClass=group))", + ldap_encode_ndr_dom_sid(mem_ctx, + astate->account_sid))); if (astate->account_dn == NULL) { talloc_free(astate); return NT_STATUS_NO_SUCH_USER; @@ -1466,7 +1472,7 @@ static NTSTATUS lsa_AddRemoveAccountRights(struct dcesrv_call_state *dce_call, return NT_STATUS_NO_SUCH_USER; } - msg->dn = talloc_strdup(mem_ctx, dn); + msg->dn = ldb_dn_explode(mem_ctx, dn); if (msg->dn == NULL) { return NT_STATUS_NO_MEMORY; } @@ -1732,11 +1738,12 @@ static NTSTATUS lsa_CreateSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX } if (ret < 0 || ret > 1) { - DEBUG(0,("Found %d records matching DN %s\n", ret, policy_state->system_dn)); + DEBUG(0,("Found %d records matching DN %s\n", ret, + ldb_dn_linearize(mem_ctx, policy_state->system_dn))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } - msg->dn = talloc_asprintf(mem_ctx, "cn=%s,%s", name2, policy_state->system_dn); + msg->dn = ldb_dn_build_child(mem_ctx, "cn", name2, policy_state->system_dn); if (!name2 || !msg->dn) { return NT_STATUS_NO_MEMORY; } @@ -1753,20 +1760,24 @@ static NTSTATUS lsa_CreateSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX secret_state->sam_ldb = talloc_reference(secret_state, secrets_db_connect(mem_ctx)); /* search for the secret record */ - ret = gendb_search(secret_state->sam_ldb, - mem_ctx, "cn=LSA Secrets", &msgs, attrs, - "(&(cn=%s)(objectclass=secret))", - name); + ret = gendb_search(secret_state->sam_ldb, mem_ctx, + ldb_dn_explode(mem_ctx, "cn=LSA Secrets"), + &msgs, attrs, + "(&(cn=%s)(objectclass=secret))", name); if (ret > 0) { return NT_STATUS_OBJECT_NAME_COLLISION; } if (ret < 0 || ret > 1) { - DEBUG(0,("Found %d records matching DN %s\n", ret, policy_state->system_dn)); + DEBUG(0,("Found %d records matching DN %s\n", ret, + ldb_dn_linearize(mem_ctx, policy_state->system_dn))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } - msg->dn = talloc_asprintf(mem_ctx, "cn=%s,cn=LSA Secrets", name); + msg->dn = ldb_dn_build_child(mem_ctx, + "cn", name, + ldb_dn_build_child(mem_ctx, + "cn", "LSA Secrets", NULL)); samdb_msg_add_string(secret_state->sam_ldb, mem_ctx, msg, "cn", name); } @@ -1785,7 +1796,8 @@ static NTSTATUS lsa_CreateSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX /* create the secret */ ret = samdb_add(secret_state->sam_ldb, mem_ctx, msg); if (ret != 0) { - DEBUG(0,("Failed to create secret record %s\n", msg->dn)); + DEBUG(0,("Failed to create secret record %s\n", + ldb_dn_linearize(mem_ctx, msg->dn))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } @@ -1858,7 +1870,8 @@ static NTSTATUS lsa_OpenSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *m } if (ret != 1) { - DEBUG(0,("Found %d records matching DN %s\n", ret, policy_state->system_dn)); + DEBUG(0,("Found %d records matching DN %s\n", ret, + ldb_dn_linearize(mem_ctx, policy_state->system_dn))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } @@ -1872,16 +1885,17 @@ static NTSTATUS lsa_OpenSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *m } /* search for the secret record */ - ret = gendb_search(secret_state->sam_ldb, - mem_ctx, "cn=LSA Secrets", &msgs, attrs, - "(&(cn=%s)(objectclass=secret))", - name); + ret = gendb_search(secret_state->sam_ldb, mem_ctx, + ldb_dn_explode(mem_ctx, "cn=LSA Secrets"), + &msgs, attrs, + "(&(cn=%s)(objectclass=secret))", name); if (ret == 0) { return NT_STATUS_OBJECT_NAME_NOT_FOUND; } if (ret != 1) { - DEBUG(0,("Found %d records matching DN %s\n", ret, policy_state->system_dn)); + DEBUG(0,("Found %d records matching DN %s\n", ret, + ldb_dn_linearize(mem_ctx, policy_state->system_dn))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } } @@ -2032,7 +2046,8 @@ static NTSTATUS lsa_SetSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *me } if (ret != 1) { - DEBUG(0,("Found %d records matching dn=%s\n", ret, secret_state->secret_dn)); + DEBUG(0,("Found %d records matching dn=%s\n", ret, + ldb_dn_linearize(mem_ctx, secret_state->secret_dn))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index aad66ad314..cea645cd02 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -956,7 +956,7 @@ static NTSTATUS netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_call, TALL ret = gendb_search(sam_ctx, mem_ctx, NULL, &ref_res, ref_attrs, "(&(objectClass=crossRef)(ncName=%s))", - res1[0]->dn); + ldb_dn_linearize(mem_ctx, res1[0]->dn)); if (ret != 1) { return NT_STATUS_INTERNAL_DB_CORRUPTION; } @@ -1261,7 +1261,8 @@ static WERROR netr_DsrEnumerateDomainTrusts(struct dcesrv_call_state *dce_call, return WERR_GENERAL_FAILURE; } - ret = gendb_search(sam_ctx, mem_ctx, NULL, &dom_res, dom_attrs, "(&(objectClass=domainDNS)(dnsDomain=%s))", lp_realm()); + ret = gendb_search(sam_ctx, mem_ctx, NULL, &dom_res, dom_attrs, + "(&(objectClass=domainDNS)(dnsDomain=%s))", lp_realm()); if (ret == -1) { return WERR_GENERAL_FAILURE; } @@ -1270,7 +1271,9 @@ static WERROR netr_DsrEnumerateDomainTrusts(struct dcesrv_call_state *dce_call, return WERR_GENERAL_FAILURE; } - ret = gendb_search(sam_ctx, mem_ctx, NULL, &ref_res, ref_attrs, "(&(objectClass=crossRef)(ncName=%s))", dom_res[0]->dn); + ret = gendb_search(sam_ctx, mem_ctx, NULL, &ref_res, ref_attrs, + "(&(objectClass=crossRef)(ncName=%s))", + ldb_dn_linearize(mem_ctx, dom_res[0]->dn)); if (ret == -1) { return WERR_GENERAL_FAILURE; } diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c index 1e47199d20..81db2b386b 100644 --- a/source4/rpc_server/samr/dcesrv_samr.c +++ b/source4/rpc_server/samr/dcesrv_samr.c @@ -191,7 +191,8 @@ static NTSTATUS samr_LookupDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX } ret = gendb_search_dn(c_state->sam_ctx, mem_ctx, - samdb_result_string(ref_msgs[0], "ncName", NULL), + samdb_result_dn(mem_ctx, + ref_msgs[0], "ncName", NULL), &dom_msgs, dom_attrs); } @@ -274,7 +275,7 @@ static NTSTATUS samr_EnumDomains(struct dcesrv_call_state *dce_call, TALLOC_CTX ret = gendb_search(c_state->sam_ctx, mem_ctx, NULL, &ref_msgs, ref_attrs, "(&(objectClass=crossRef)(ncName=%s))", - dom_msgs[i]->dn); + ldb_dn_linearize(mem_ctx, dom_msgs[i]->dn)); if (ret == 1) { array->entries[i].name.string = samdb_result_string(ref_msgs[0], "nETBIOSName", NULL); } else { @@ -339,7 +340,7 @@ static NTSTATUS samr_OpenDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX * ret = gendb_search(c_state->sam_ctx, mem_ctx, NULL, &ref_msgs, ref_attrs, "(&(&(nETBIOSName=*)(objectclass=crossRef))(ncName=%s))", - dom_msgs[0]->dn); + ldb_dn_linearize(mem_ctx, dom_msgs[0]->dn)); if (ret != 1) { return NT_STATUS_NO_SUCH_DOMAIN; } @@ -359,7 +360,7 @@ static NTSTATUS samr_OpenDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX * d_state->sam_ctx = c_state->sam_ctx; d_state->domain_sid = dom_sid_dup(d_state, r->in.sid); d_state->domain_name = talloc_strdup(d_state, domain_name); - d_state->domain_dn = talloc_strdup(d_state, dom_msgs[0]->dn); + d_state->domain_dn = ldb_dn_copy(d_state, dom_msgs[0]->dn); if (!d_state->domain_sid || !d_state->domain_name || !d_state->domain_dn) { talloc_free(d_state); return NT_STATUS_NO_MEMORY; @@ -553,8 +554,11 @@ static NTSTATUS samr_CreateDomainGroup(struct dcesrv_call_state *dce_call, TALLO } /* add core elements to the ldb_message for the user */ - msg->dn = talloc_asprintf(mem_ctx, "CN=%s,CN=Users,%s", groupname, - d_state->domain_dn); + msg->dn = ldb_dn_build_child(mem_ctx, + "CN", groupname, + ldb_dn_build_child(mem_ctx, + "CN", "Users", + d_state->domain_dn)); if (!msg->dn) { return NT_STATUS_NO_MEMORY; } @@ -564,7 +568,8 @@ static NTSTATUS samr_CreateDomainGroup(struct dcesrv_call_state *dce_call, TALLO /* create the group */ ret = samdb_add(d_state->sam_ctx, mem_ctx, msg); if (ret != 0) { - DEBUG(0,("Failed to create group record %s\n", msg->dn)); + DEBUG(0,("Failed to create group record %s\n", + ldb_dn_linearize(mem_ctx, msg->dn))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } @@ -579,7 +584,8 @@ static NTSTATUS samr_CreateDomainGroup(struct dcesrv_call_state *dce_call, TALLO /* retrieve the sid for the group just created */ sid = samdb_search_dom_sid(d_state->sam_ctx, a_state, - msg->dn, "objectSid", "dn=%s", msg->dn); + msg->dn, "objectSid", "dn=%s", + ldb_dn_linearize(mem_ctx, msg->dn)); if (sid == NULL) { return NT_STATUS_UNSUCCESSFUL; } @@ -789,7 +795,7 @@ static NTSTATUS samr_CreateUser2(struct dcesrv_call_state *dce_call, TALLOC_CTX } /* add core elements to the ldb_message for the user */ - msg->dn = talloc_asprintf(mem_ctx, "CN=%s,CN=%s,%s", cn_name, container, d_state->domain_dn); + msg->dn = ldb_dn_build_child(mem_ctx, "CN", cn_name, ldb_dn_build_child(mem_ctx, "CN", container, d_state->domain_dn)); if (!msg->dn) { return NT_STATUS_NO_MEMORY; } @@ -798,7 +804,8 @@ static NTSTATUS samr_CreateUser2(struct dcesrv_call_state *dce_call, TALLOC_CTX /* create the user */ ret = samdb_add(d_state->sam_ctx, mem_ctx, msg); if (ret != 0) { - DEBUG(0,("Failed to create user record %s\n", msg->dn)); + DEBUG(0,("Failed to create user record %s\n", + ldb_dn_linearize(mem_ctx, msg->dn))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } @@ -813,7 +820,7 @@ static NTSTATUS samr_CreateUser2(struct dcesrv_call_state *dce_call, TALLOC_CTX /* retrieve the sid for the user just created */ sid = samdb_search_dom_sid(d_state->sam_ctx, a_state, - msg->dn, "objectSid", "dn=%s", msg->dn); + msg->dn, "objectSid", "dn=%s", ldb_dn_linearize(mem_ctx, msg->dn)); if (sid == NULL) { return NT_STATUS_UNSUCCESSFUL; } @@ -984,8 +991,11 @@ static NTSTATUS samr_CreateDomAlias(struct dcesrv_call_state *dce_call, TALLOC_C } /* add core elements to the ldb_message for the alias */ - msg->dn = talloc_asprintf(mem_ctx, "CN=%s,CN=Users,%s", alias_name, - d_state->domain_dn); + msg->dn = ldb_dn_build_child(mem_ctx, + "CN", alias_name, + ldb_dn_build_child(mem_ctx, + "CN", "Users", + d_state->domain_dn)); if (!msg->dn) { return NT_STATUS_NO_MEMORY; } @@ -997,7 +1007,8 @@ static NTSTATUS samr_CreateDomAlias(struct dcesrv_call_state *dce_call, TALLOC_C /* create the alias */ ret = samdb_add(d_state->sam_ctx, mem_ctx, msg); if (ret != 0) { - DEBUG(0,("Failed to create alias record %s\n", msg->dn)); + DEBUG(0,("Failed to create alias record %s\n", + ldb_dn_linearize(mem_ctx, msg->dn))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } @@ -1013,7 +1024,8 @@ static NTSTATUS samr_CreateDomAlias(struct dcesrv_call_state *dce_call, TALLOC_C /* retrieve the sid for the alias just created */ sid = samdb_search_dom_sid(d_state->sam_ctx, a_state, - msg->dn, "objectSid", "dn=%s", msg->dn); + msg->dn, "objectSid", "dn=%s", + ldb_dn_linearize(mem_ctx, msg->dn)); a_state->account_name = talloc_strdup(a_state, alias_name); if (!a_state->account_name) { @@ -1580,7 +1592,7 @@ static NTSTATUS samr_SetGroupInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX return NT_STATUS_NO_MEMORY; } - msg->dn = talloc_strdup(mem_ctx, a_state->account_dn); + msg->dn = ldb_dn_copy(mem_ctx, a_state->account_dn); if (!msg->dn) { return NT_STATUS_NO_MEMORY; } @@ -1813,7 +1825,7 @@ static NTSTATUS samr_QueryGroupMember(struct dcesrv_call_state *dce_call, TALLOC struct ldb_message **res2; const char * const attrs2[2] = { "objectSid", NULL }; ret = gendb_search_dn(a_state->sam_ctx, mem_ctx, - (char *)el->values[i].data, + ldb_dn_explode(mem_ctx, el->values[i].data), &res2, attrs2); if (ret != 1) return NT_STATUS_INTERNAL_DB_CORRUPTION; @@ -2001,7 +2013,7 @@ static NTSTATUS samr_SetAliasInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX return NT_STATUS_NO_MEMORY; } - msg->dn = talloc_strdup(mem_ctx, a_state->account_dn); + msg->dn = ldb_dn_copy(mem_ctx, a_state->account_dn); if (!msg->dn) { return NT_STATUS_NO_MEMORY; } @@ -2069,7 +2081,7 @@ static NTSTATUS samr_AddAliasMember(struct dcesrv_call_state *dce_call, TALLOC_C struct ldb_message *mod; struct ldb_message **msgs; const char * const attrs[2] = { "dn", NULL }; - const char *memberdn = NULL; + struct ldb_dn *memberdn = NULL; int ret; DCESRV_PULL_HANDLE(h, r->in.alias_handle, SAMR_HANDLE_ALIAS); @@ -2082,14 +2094,15 @@ static NTSTATUS samr_AddAliasMember(struct dcesrv_call_state *dce_call, TALLOC_C ldap_encode_ndr_dom_sid(mem_ctx, r->in.sid)); if (ret == 1) { - memberdn = ldb_msg_find_string(msgs[0], "dn", NULL); + memberdn = ldb_dn_explode(mem_ctx, ldb_msg_find_string(msgs[0], "dn", NULL)); } else if (ret > 1) { DEBUG(0,("Found %d records matching sid %s\n", ret, dom_sid_string(mem_ctx, r->in.sid))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } else if (ret == 0) { struct ldb_message *msg; - const char *basedn, *sidstr; + struct ldb_dn *basedn; + const char *sidstr; sidstr = dom_sid_string(mem_ctx, r->in.sid); NT_STATUS_HAVE_NO_MEMORY(sidstr); @@ -2110,10 +2123,11 @@ static NTSTATUS samr_AddAliasMember(struct dcesrv_call_state *dce_call, TALLOC_C * cn=For...,cn=Builtin,dc={BASEDN}. -- vl */ - basedn = samdb_search_string(d_state->sam_ctx, mem_ctx, NULL, - "dn", - "(&(objectClass=container)" - "(cn=ForeignSecurityPrincipals))"); + basedn = ldb_dn_explode(mem_ctx, + samdb_search_string(d_state->sam_ctx, + mem_ctx, NULL, "dn", + "(&(objectClass=container)" + "(cn=ForeignSecurityPrincipals))")); if (basedn == NULL) { DEBUG(0, ("Failed to find DN for " @@ -2122,7 +2136,7 @@ static NTSTATUS samr_AddAliasMember(struct dcesrv_call_state *dce_call, TALLOC_C } /* add core elements to the ldb_message for the alias */ - msg->dn = talloc_asprintf(mem_ctx, "CN=%s,%s", sidstr, basedn); + msg->dn = ldb_dn_build_child(mem_ctx, "CN", sidstr, basedn); if (msg->dn == NULL) return NT_STATUS_NO_MEMORY; @@ -2136,7 +2150,7 @@ static NTSTATUS samr_AddAliasMember(struct dcesrv_call_state *dce_call, TALLOC_C ret = samdb_add(d_state->sam_ctx, mem_ctx, msg); if (ret != 0) { DEBUG(0,("Failed to create foreignSecurityPrincipal " - "record %s\n", msg->dn)); + "record %s\n", ldb_dn_linearize(mem_ctx, msg->dn))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } } else { @@ -2156,7 +2170,7 @@ static NTSTATUS samr_AddAliasMember(struct dcesrv_call_state *dce_call, TALLOC_C mod->dn = talloc_reference(mem_ctx, a_state->account_dn); if (samdb_msg_add_addval(d_state->sam_ctx, mem_ctx, mod, "member", - memberdn) != 0) + ldb_dn_linearize(mem_ctx, memberdn)) != 0) return NT_STATUS_UNSUCCESSFUL; if (samdb_modify(a_state->sam_ctx, mem_ctx, mod) != 0) @@ -2252,7 +2266,7 @@ static NTSTATUS samr_GetMembersInAlias(struct dcesrv_call_state *dce_call, TALLO struct ldb_message **msgs2; const char * const attrs2[2] = { "objectSid", NULL }; ret = gendb_search_dn(a_state->sam_ctx, mem_ctx, - (char *)el->values[i].data, + ldb_dn_explode(mem_ctx, el->values[i].data), &msgs2, attrs2); if (ret != 1) return NT_STATUS_INTERNAL_DB_CORRUPTION; @@ -2821,7 +2835,7 @@ static NTSTATUS samr_GetGroupsForUser(struct dcesrv_call_state *dce_call, TALLOC count = samdb_search_domain(a_state->sam_ctx, mem_ctx, NULL, &res, attrs, d_state->domain_sid, "(&(member=%s)(grouptype=%s)(objectclass=group))", - a_state->account_dn, + ldb_dn_linearize(mem_ctx, a_state->account_dn), ldb_hexstr(mem_ctx, GTYPE_SECURITY_GLOBAL_GROUP)); if (count < 0) @@ -3113,11 +3127,11 @@ static NTSTATUS samr_GetUserPwInfo(struct dcesrv_call_state *dce_call, TALLOC_CT r->out.info.min_password_length = samdb_search_uint(a_state->sam_ctx, mem_ctx, 0, a_state->domain_state->domain_dn, "minPwdLength", "dn=%s", - a_state->domain_state->domain_dn); + ldb_dn_linearize(mem_ctx, a_state->domain_state->domain_dn)); r->out.info.password_properties = samdb_search_uint(a_state->sam_ctx, mem_ctx, 0, a_state->account_dn, - "pwdProperties", - "dn=%s", a_state->account_dn); + "pwdProperties", "dn=%s", + ldb_dn_linearize(mem_ctx, a_state->account_dn)); return NT_STATUS_OK; } @@ -3170,9 +3184,7 @@ static NTSTATUS samr_RemoveMemberFromForeignDomain(struct dcesrv_call_state *dce return NT_STATUS_NO_MEMORY; } - mod->dn = talloc_reference(mod, - samdb_result_string(res[i], "dn", - NULL)); + mod->dn = samdb_result_dn(mod, res[i], "dn", NULL); if (mod->dn == NULL) { talloc_free(mod); continue; diff --git a/source4/rpc_server/samr/dcesrv_samr.h b/source4/rpc_server/samr/dcesrv_samr.h index 51e0869eef..8e53fa7a10 100644 --- a/source4/rpc_server/samr/dcesrv_samr.h +++ b/source4/rpc_server/samr/dcesrv_samr.h @@ -49,7 +49,7 @@ struct samr_domain_state { uint32_t access_mask; struct dom_sid *domain_sid; const char *domain_name; - const char *domain_dn; + const struct ldb_dn *domain_dn; }; /* @@ -61,5 +61,5 @@ struct samr_account_state { uint32_t access_mask; struct dom_sid *account_sid; const char *account_name; - const char *account_dn; + const struct ldb_dn *account_dn; }; diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c index 48abc7cfde..c862763101 100644 --- a/source4/rpc_server/samr/samr_password.c +++ b/source4/rpc_server/samr/samr_password.c @@ -108,7 +108,7 @@ NTSTATUS samr_ChangePasswordUser(struct dcesrv_call_state *dce_call, TALLOC_CTX return NT_STATUS_NO_MEMORY; } - msg->dn = talloc_strdup(msg, a_state->account_dn); + msg->dn = ldb_dn_copy(msg, a_state->account_dn); if (!msg->dn) { return NT_STATUS_NO_MEMORY; } @@ -143,7 +143,7 @@ NTSTATUS samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call, TALLOC_ uint32_t new_pass_len; struct samr_CryptPassword *pwbuf = r->in.password; void *sam_ctx; - const char *user_dn, *domain_dn; + const struct ldb_dn *user_dn, *domain_dn; int ret; struct ldb_message **res, *mod; const char * const attrs[] = { "objectSid", "lmPwdHash", "unicodePwd", NULL }; @@ -210,9 +210,10 @@ NTSTATUS samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call, TALLOC_ return NT_STATUS_NO_SUCH_USER; } - domain_dn = samdb_search_string(sam_ctx, mem_ctx, NULL, "dn", - "(objectSid=%s)", - ldap_encode_ndr_dom_sid(mem_ctx, domain_sid)); + domain_dn = ldb_dn_explode(mem_ctx, + samdb_search_string(sam_ctx, mem_ctx, NULL, "dn", + "(objectSid=%s)", + ldap_encode_ndr_dom_sid(mem_ctx, domain_sid))); if (!domain_dn) { return NT_STATUS_INTERNAL_DB_CORRUPTION; } @@ -222,7 +223,7 @@ NTSTATUS samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call, TALLOC_ return NT_STATUS_NO_MEMORY; } - mod->dn = talloc_strdup(mod, user_dn); + mod->dn = ldb_dn_copy(mod, user_dn); if (!mod->dn) { return NT_STATUS_NO_MEMORY; } @@ -261,7 +262,7 @@ NTSTATUS samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call, char new_pass[512]; uint32_t new_pass_len; void *sam_ctx = NULL; - const char *user_dn, *domain_dn = NULL; + const struct ldb_dn *user_dn, *domain_dn = NULL; int ret; struct ldb_message **res, *mod; const char * const attrs[] = { "objectSid", "ntPwdHash", "lmPwdHash", "unicodePwd", NULL }; @@ -360,9 +361,10 @@ NTSTATUS samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call, goto failed; } - domain_dn = samdb_search_string(sam_ctx, mem_ctx, NULL, "dn", - "(objectSid=%s)", - ldap_encode_ndr_dom_sid(mem_ctx, domain_sid)); + domain_dn = ldb_dn_explode(mem_ctx, + samdb_search_string(sam_ctx, mem_ctx, NULL, "dn", + "(objectSid=%s)", + ldap_encode_ndr_dom_sid(mem_ctx, domain_sid))); if (!domain_dn) { status = NT_STATUS_INTERNAL_DB_CORRUPTION; goto failed; @@ -373,7 +375,7 @@ NTSTATUS samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call, return NT_STATUS_NO_MEMORY; } - mod->dn = talloc_strdup(mod, user_dn); + mod->dn = ldb_dn_copy(mod, user_dn); if (!mod->dn) { status = NT_STATUS_NO_MEMORY; goto failed; @@ -485,7 +487,8 @@ static BOOL samdb_password_complexity_ok(const char *pass) changes (as is needed by some of the set user info levels) */ NTSTATUS samdb_set_password(void *ctx, TALLOC_CTX *mem_ctx, - const char *user_dn, const char *domain_dn, + const struct ldb_dn *user_dn, + const struct ldb_dn *domain_dn, struct ldb_message *mod, const char *new_pass, struct samr_Password *lmNewHash, @@ -743,7 +746,7 @@ NTSTATUS samdb_set_password(void *ctx, TALLOC_CTX *mem_ctx, */ NTSTATUS samr_set_password(struct dcesrv_call_state *dce_call, void *sam_ctx, - const char *account_dn, const char *domain_dn, + const struct ldb_dn *account_dn, const struct ldb_dn *domain_dn, TALLOC_CTX *mem_ctx, struct ldb_message *msg, struct samr_CryptPassword *pwbuf) @@ -785,7 +788,7 @@ NTSTATUS samr_set_password(struct dcesrv_call_state *dce_call, */ NTSTATUS samr_set_password_ex(struct dcesrv_call_state *dce_call, void *sam_ctx, - const char *account_dn, const char *domain_dn, + const struct ldb_dn *account_dn, const struct ldb_dn *domain_dn, TALLOC_CTX *mem_ctx, struct ldb_message *msg, struct samr_CryptPasswordEx *pwbuf) |