summaryrefslogtreecommitdiff
path: root/source4/rpc_server
diff options
context:
space:
mode:
Diffstat (limited to 'source4/rpc_server')
-rw-r--r--source4/rpc_server/drsuapi/drsuapi_cracknames.c6
-rw-r--r--source4/rpc_server/lsa/dcesrv_lsa.c93
-rw-r--r--source4/rpc_server/netlogon/dcerpc_netlogon.c9
-rw-r--r--source4/rpc_server/samr/dcesrv_samr.c84
-rw-r--r--source4/rpc_server/samr/dcesrv_samr.h4
-rw-r--r--source4/rpc_server/samr/samr_password.c31
6 files changed, 130 insertions, 97 deletions
diff --git a/source4/rpc_server/drsuapi/drsuapi_cracknames.c b/source4/rpc_server/drsuapi/drsuapi_cracknames.c
index e9b78b184b..b6a9105be5 100644
--- a/source4/rpc_server/drsuapi/drsuapi_cracknames.c
+++ b/source4/rpc_server/drsuapi/drsuapi_cracknames.c
@@ -36,7 +36,7 @@ static WERROR DsCrackNameOneName(struct drsuapi_bind_state *b_state, TALLOC_CTX
const char *domain_filter = NULL;
const char * const *domain_attrs;
struct ldb_message **domain_res = NULL;
- const char *result_basedn = NULL;
+ const struct ldb_dn *result_basedn = NULL;
const char *result_filter = NULL;
const char * const *result_attrs;
struct ldb_message **result_res = NULL;
@@ -166,7 +166,7 @@ static WERROR DsCrackNameOneName(struct drsuapi_bind_state *b_state, TALLOC_CTX
info1->status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY;
if (result_filter) {
- result_basedn = samdb_result_string(domain_res[0], "ncName", NULL);
+ result_basedn = samdb_result_dn(mem_ctx, domain_res[0], "ncName", NULL);
ret = gendb_search(b_state->sam_ctx, mem_ctx, result_basedn, &result_res,
result_attrs, "%s", result_filter);
@@ -189,7 +189,7 @@ static WERROR DsCrackNameOneName(struct drsuapi_bind_state *b_state, TALLOC_CTX
/* here we can use result_res[0] and domain_res[0] */
switch (format_desired) {
case DRSUAPI_DS_NAME_FORMAT_FQDN_1779: {
- info1->result_name = result_res[0]->dn;
+ info1->result_name = ldb_dn_linearize(mem_ctx, result_res[0]->dn);
WERR_TALLOC_CHECK(info1->result_name);
info1->status = DRSUAPI_DS_NAME_STATUS_OK;
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index fef1c91c6f..9ee0d6faec 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -49,9 +49,9 @@ struct lsa_policy_state {
struct ldb_context *sam_ldb;
struct sidmap_context *sidmap;
uint32_t access_mask;
- const char *domain_dn;
- const char *builtin_dn;
- const char *system_dn;
+ const struct ldb_dn *domain_dn;
+ const struct ldb_dn *builtin_dn;
+ const struct ldb_dn *system_dn;
const char *domain_name;
struct dom_sid *domain_sid;
struct dom_sid *builtin_sid;
@@ -65,7 +65,7 @@ struct lsa_account_state {
struct lsa_policy_state *policy;
uint32_t access_mask;
struct dom_sid *account_sid;
- const char *account_dn;
+ const struct ldb_dn *account_dn;
};
@@ -75,7 +75,7 @@ struct lsa_account_state {
struct lsa_secret_state {
struct lsa_policy_state *policy;
uint32_t access_mask;
- const char *secret_dn;
+ const struct ldb_dn *secret_dn;
struct ldb_context *sam_ldb;
BOOL global;
};
@@ -86,7 +86,7 @@ struct lsa_secret_state {
struct lsa_trusted_domain_state {
struct lsa_policy_state *policy;
uint32_t access_mask;
- const char *trusted_domain_dn;
+ const struct ldb_dn *trusted_domain_dn;
};
/*
@@ -254,14 +254,14 @@ static NTSTATUS lsa_get_policy_state(struct dcesrv_call_state *dce_call, TALLOC_
/* work out the domain_dn - useful for so many calls its worth
fetching here */
- state->domain_dn = talloc_steal(state, samdb_result_string(msgs_domain[0], "nCName", NULL));
+ state->domain_dn = samdb_result_dn(state, msgs_domain[0], "nCName", NULL);
if (!state->domain_dn) {
return NT_STATUS_NO_SUCH_DOMAIN;
}
/* work out the builtin_dn - useful for so many calls its worth
fetching here */
- state->builtin_dn = talloc_steal(state,
+ state->builtin_dn = ldb_dn_explode(state,
samdb_search_string(state->sam_ldb, mem_ctx, NULL,
"dn", "objectClass=builtinDomain"));
if (!state->builtin_dn) {
@@ -270,7 +270,7 @@ static NTSTATUS lsa_get_policy_state(struct dcesrv_call_state *dce_call, TALLOC_
/* work out the system_dn - useful for so many calls its worth
fetching here */
- state->system_dn = talloc_steal(state,
+ state->system_dn = ldb_dn_explode(state,
samdb_search_string(state->sam_ldb, mem_ctx, state->domain_dn,
"dn", "(&(objectClass=container)(cn=System))"));
if (!state->system_dn) {
@@ -279,8 +279,8 @@ static NTSTATUS lsa_get_policy_state(struct dcesrv_call_state *dce_call, TALLOC_
state->domain_sid = talloc_steal(state,
samdb_search_dom_sid(state->sam_ldb, state,
- state->domain_dn, "objectSid",
- "dn=%s", state->domain_dn));
+ state->domain_dn, "objectSid", "dn=%s",
+ ldb_dn_linearize(mem_ctx, state->domain_dn)));
if (!state->domain_sid) {
return NT_STATUS_NO_SUCH_DOMAIN;
}
@@ -598,12 +598,14 @@ static NTSTATUS lsa_CreateTrustedDomain(struct dcesrv_call_state *dce_call, TALL
}
if (ret < 0 || ret > 1) {
- DEBUG(0,("Found %d records matching DN %s\n", ret, policy_state->system_dn));
+ DEBUG(0,("Found %d records matching DN %s\n", ret,
+ ldb_dn_linearize(mem_ctx, policy_state->system_dn)));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
- msg->dn = talloc_asprintf(mem_ctx, "cn=%s,%s", r->in.info->name.string,
- policy_state->system_dn);
+ msg->dn = ldb_dn_build_child(mem_ctx, "cn",
+ r->in.info->name.string,
+ policy_state->system_dn);
if (!msg->dn) {
return NT_STATUS_NO_MEMORY;
}
@@ -627,7 +629,8 @@ static NTSTATUS lsa_CreateTrustedDomain(struct dcesrv_call_state *dce_call, TALL
/* create the trusted_domain */
ret = samdb_add(trusted_domain_state->policy->sam_ldb, mem_ctx, msg);
if (ret != 0) {
- DEBUG(0,("Failed to create trusted_domain record %s\n", msg->dn));
+ DEBUG(0,("Failed to create trusted_domain record %s\n",
+ ldb_dn_linearize(mem_ctx, msg->dn)));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
@@ -690,7 +693,8 @@ static NTSTATUS lsa_OpenTrustedDomain(struct dcesrv_call_state *dce_call, TALLOC
}
if (ret != 1) {
- DEBUG(0,("Found %d records matching DN %s\n", ret, policy_state->system_dn));
+ DEBUG(0,("Found %d records matching DN %s\n", ret,
+ ldb_dn_linearize(mem_ctx, policy_state->system_dn)));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
@@ -755,7 +759,8 @@ static NTSTATUS lsa_OpenTrustedDomainByName(struct dcesrv_call_state *dce_call,
}
if (ret != 1) {
- DEBUG(0,("Found %d records matching DN %s\n", ret, policy_state->system_dn));
+ DEBUG(0,("Found %d records matching DN %s\n", ret,
+ ldb_dn_linearize(mem_ctx, policy_state->system_dn)));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
@@ -1300,11 +1305,12 @@ static NTSTATUS lsa_OpenAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *
/* check it really exists */
astate->account_dn =
- samdb_search_string(state->sam_ldb, astate,
- NULL, "dn",
- "(&(objectSid=%s)(objectClass=group))",
- ldap_encode_ndr_dom_sid(mem_ctx,
- astate->account_sid));
+ ldb_dn_explode(mem_ctx,
+ samdb_search_string(state->sam_ldb, astate,
+ NULL, "dn",
+ "(&(objectSid=%s)(objectClass=group))",
+ ldap_encode_ndr_dom_sid(mem_ctx,
+ astate->account_sid)));
if (astate->account_dn == NULL) {
talloc_free(astate);
return NT_STATUS_NO_SUCH_USER;
@@ -1466,7 +1472,7 @@ static NTSTATUS lsa_AddRemoveAccountRights(struct dcesrv_call_state *dce_call,
return NT_STATUS_NO_SUCH_USER;
}
- msg->dn = talloc_strdup(mem_ctx, dn);
+ msg->dn = ldb_dn_explode(mem_ctx, dn);
if (msg->dn == NULL) {
return NT_STATUS_NO_MEMORY;
}
@@ -1732,11 +1738,12 @@ static NTSTATUS lsa_CreateSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX
}
if (ret < 0 || ret > 1) {
- DEBUG(0,("Found %d records matching DN %s\n", ret, policy_state->system_dn));
+ DEBUG(0,("Found %d records matching DN %s\n", ret,
+ ldb_dn_linearize(mem_ctx, policy_state->system_dn)));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
- msg->dn = talloc_asprintf(mem_ctx, "cn=%s,%s", name2, policy_state->system_dn);
+ msg->dn = ldb_dn_build_child(mem_ctx, "cn", name2, policy_state->system_dn);
if (!name2 || !msg->dn) {
return NT_STATUS_NO_MEMORY;
}
@@ -1753,20 +1760,24 @@ static NTSTATUS lsa_CreateSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX
secret_state->sam_ldb = talloc_reference(secret_state, secrets_db_connect(mem_ctx));
/* search for the secret record */
- ret = gendb_search(secret_state->sam_ldb,
- mem_ctx, "cn=LSA Secrets", &msgs, attrs,
- "(&(cn=%s)(objectclass=secret))",
- name);
+ ret = gendb_search(secret_state->sam_ldb, mem_ctx,
+ ldb_dn_explode(mem_ctx, "cn=LSA Secrets"),
+ &msgs, attrs,
+ "(&(cn=%s)(objectclass=secret))", name);
if (ret > 0) {
return NT_STATUS_OBJECT_NAME_COLLISION;
}
if (ret < 0 || ret > 1) {
- DEBUG(0,("Found %d records matching DN %s\n", ret, policy_state->system_dn));
+ DEBUG(0,("Found %d records matching DN %s\n", ret,
+ ldb_dn_linearize(mem_ctx, policy_state->system_dn)));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
- msg->dn = talloc_asprintf(mem_ctx, "cn=%s,cn=LSA Secrets", name);
+ msg->dn = ldb_dn_build_child(mem_ctx,
+ "cn", name,
+ ldb_dn_build_child(mem_ctx,
+ "cn", "LSA Secrets", NULL));
samdb_msg_add_string(secret_state->sam_ldb, mem_ctx, msg, "cn", name);
}
@@ -1785,7 +1796,8 @@ static NTSTATUS lsa_CreateSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX
/* create the secret */
ret = samdb_add(secret_state->sam_ldb, mem_ctx, msg);
if (ret != 0) {
- DEBUG(0,("Failed to create secret record %s\n", msg->dn));
+ DEBUG(0,("Failed to create secret record %s\n",
+ ldb_dn_linearize(mem_ctx, msg->dn)));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
@@ -1858,7 +1870,8 @@ static NTSTATUS lsa_OpenSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *m
}
if (ret != 1) {
- DEBUG(0,("Found %d records matching DN %s\n", ret, policy_state->system_dn));
+ DEBUG(0,("Found %d records matching DN %s\n", ret,
+ ldb_dn_linearize(mem_ctx, policy_state->system_dn)));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
@@ -1872,16 +1885,17 @@ static NTSTATUS lsa_OpenSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *m
}
/* search for the secret record */
- ret = gendb_search(secret_state->sam_ldb,
- mem_ctx, "cn=LSA Secrets", &msgs, attrs,
- "(&(cn=%s)(objectclass=secret))",
- name);
+ ret = gendb_search(secret_state->sam_ldb, mem_ctx,
+ ldb_dn_explode(mem_ctx, "cn=LSA Secrets"),
+ &msgs, attrs,
+ "(&(cn=%s)(objectclass=secret))", name);
if (ret == 0) {
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
if (ret != 1) {
- DEBUG(0,("Found %d records matching DN %s\n", ret, policy_state->system_dn));
+ DEBUG(0,("Found %d records matching DN %s\n", ret,
+ ldb_dn_linearize(mem_ctx, policy_state->system_dn)));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
}
@@ -2032,7 +2046,8 @@ static NTSTATUS lsa_SetSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *me
}
if (ret != 1) {
- DEBUG(0,("Found %d records matching dn=%s\n", ret, secret_state->secret_dn));
+ DEBUG(0,("Found %d records matching dn=%s\n", ret,
+ ldb_dn_linearize(mem_ctx, secret_state->secret_dn)));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index aad66ad314..cea645cd02 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -956,7 +956,7 @@ static NTSTATUS netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_call, TALL
ret = gendb_search(sam_ctx, mem_ctx, NULL,
&ref_res, ref_attrs,
"(&(objectClass=crossRef)(ncName=%s))",
- res1[0]->dn);
+ ldb_dn_linearize(mem_ctx, res1[0]->dn));
if (ret != 1) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
@@ -1261,7 +1261,8 @@ static WERROR netr_DsrEnumerateDomainTrusts(struct dcesrv_call_state *dce_call,
return WERR_GENERAL_FAILURE;
}
- ret = gendb_search(sam_ctx, mem_ctx, NULL, &dom_res, dom_attrs, "(&(objectClass=domainDNS)(dnsDomain=%s))", lp_realm());
+ ret = gendb_search(sam_ctx, mem_ctx, NULL, &dom_res, dom_attrs,
+ "(&(objectClass=domainDNS)(dnsDomain=%s))", lp_realm());
if (ret == -1) {
return WERR_GENERAL_FAILURE;
}
@@ -1270,7 +1271,9 @@ static WERROR netr_DsrEnumerateDomainTrusts(struct dcesrv_call_state *dce_call,
return WERR_GENERAL_FAILURE;
}
- ret = gendb_search(sam_ctx, mem_ctx, NULL, &ref_res, ref_attrs, "(&(objectClass=crossRef)(ncName=%s))", dom_res[0]->dn);
+ ret = gendb_search(sam_ctx, mem_ctx, NULL, &ref_res, ref_attrs,
+ "(&(objectClass=crossRef)(ncName=%s))",
+ ldb_dn_linearize(mem_ctx, dom_res[0]->dn));
if (ret == -1) {
return WERR_GENERAL_FAILURE;
}
diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c
index 1e47199d20..81db2b386b 100644
--- a/source4/rpc_server/samr/dcesrv_samr.c
+++ b/source4/rpc_server/samr/dcesrv_samr.c
@@ -191,7 +191,8 @@ static NTSTATUS samr_LookupDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX
}
ret = gendb_search_dn(c_state->sam_ctx, mem_ctx,
- samdb_result_string(ref_msgs[0], "ncName", NULL),
+ samdb_result_dn(mem_ctx,
+ ref_msgs[0], "ncName", NULL),
&dom_msgs, dom_attrs);
}
@@ -274,7 +275,7 @@ static NTSTATUS samr_EnumDomains(struct dcesrv_call_state *dce_call, TALLOC_CTX
ret = gendb_search(c_state->sam_ctx, mem_ctx, NULL,
&ref_msgs, ref_attrs,
"(&(objectClass=crossRef)(ncName=%s))",
- dom_msgs[i]->dn);
+ ldb_dn_linearize(mem_ctx, dom_msgs[i]->dn));
if (ret == 1) {
array->entries[i].name.string = samdb_result_string(ref_msgs[0], "nETBIOSName", NULL);
} else {
@@ -339,7 +340,7 @@ static NTSTATUS samr_OpenDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *
ret = gendb_search(c_state->sam_ctx,
mem_ctx, NULL, &ref_msgs, ref_attrs,
"(&(&(nETBIOSName=*)(objectclass=crossRef))(ncName=%s))",
- dom_msgs[0]->dn);
+ ldb_dn_linearize(mem_ctx, dom_msgs[0]->dn));
if (ret != 1) {
return NT_STATUS_NO_SUCH_DOMAIN;
}
@@ -359,7 +360,7 @@ static NTSTATUS samr_OpenDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *
d_state->sam_ctx = c_state->sam_ctx;
d_state->domain_sid = dom_sid_dup(d_state, r->in.sid);
d_state->domain_name = talloc_strdup(d_state, domain_name);
- d_state->domain_dn = talloc_strdup(d_state, dom_msgs[0]->dn);
+ d_state->domain_dn = ldb_dn_copy(d_state, dom_msgs[0]->dn);
if (!d_state->domain_sid || !d_state->domain_name || !d_state->domain_dn) {
talloc_free(d_state);
return NT_STATUS_NO_MEMORY;
@@ -553,8 +554,11 @@ static NTSTATUS samr_CreateDomainGroup(struct dcesrv_call_state *dce_call, TALLO
}
/* add core elements to the ldb_message for the user */
- msg->dn = talloc_asprintf(mem_ctx, "CN=%s,CN=Users,%s", groupname,
- d_state->domain_dn);
+ msg->dn = ldb_dn_build_child(mem_ctx,
+ "CN", groupname,
+ ldb_dn_build_child(mem_ctx,
+ "CN", "Users",
+ d_state->domain_dn));
if (!msg->dn) {
return NT_STATUS_NO_MEMORY;
}
@@ -564,7 +568,8 @@ static NTSTATUS samr_CreateDomainGroup(struct dcesrv_call_state *dce_call, TALLO
/* create the group */
ret = samdb_add(d_state->sam_ctx, mem_ctx, msg);
if (ret != 0) {
- DEBUG(0,("Failed to create group record %s\n", msg->dn));
+ DEBUG(0,("Failed to create group record %s\n",
+ ldb_dn_linearize(mem_ctx, msg->dn)));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
@@ -579,7 +584,8 @@ static NTSTATUS samr_CreateDomainGroup(struct dcesrv_call_state *dce_call, TALLO
/* retrieve the sid for the group just created */
sid = samdb_search_dom_sid(d_state->sam_ctx, a_state,
- msg->dn, "objectSid", "dn=%s", msg->dn);
+ msg->dn, "objectSid", "dn=%s",
+ ldb_dn_linearize(mem_ctx, msg->dn));
if (sid == NULL) {
return NT_STATUS_UNSUCCESSFUL;
}
@@ -789,7 +795,7 @@ static NTSTATUS samr_CreateUser2(struct dcesrv_call_state *dce_call, TALLOC_CTX
}
/* add core elements to the ldb_message for the user */
- msg->dn = talloc_asprintf(mem_ctx, "CN=%s,CN=%s,%s", cn_name, container, d_state->domain_dn);
+ msg->dn = ldb_dn_build_child(mem_ctx, "CN", cn_name, ldb_dn_build_child(mem_ctx, "CN", container, d_state->domain_dn));
if (!msg->dn) {
return NT_STATUS_NO_MEMORY;
}
@@ -798,7 +804,8 @@ static NTSTATUS samr_CreateUser2(struct dcesrv_call_state *dce_call, TALLOC_CTX
/* create the user */
ret = samdb_add(d_state->sam_ctx, mem_ctx, msg);
if (ret != 0) {
- DEBUG(0,("Failed to create user record %s\n", msg->dn));
+ DEBUG(0,("Failed to create user record %s\n",
+ ldb_dn_linearize(mem_ctx, msg->dn)));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
@@ -813,7 +820,7 @@ static NTSTATUS samr_CreateUser2(struct dcesrv_call_state *dce_call, TALLOC_CTX
/* retrieve the sid for the user just created */
sid = samdb_search_dom_sid(d_state->sam_ctx, a_state,
- msg->dn, "objectSid", "dn=%s", msg->dn);
+ msg->dn, "objectSid", "dn=%s", ldb_dn_linearize(mem_ctx, msg->dn));
if (sid == NULL) {
return NT_STATUS_UNSUCCESSFUL;
}
@@ -984,8 +991,11 @@ static NTSTATUS samr_CreateDomAlias(struct dcesrv_call_state *dce_call, TALLOC_C
}
/* add core elements to the ldb_message for the alias */
- msg->dn = talloc_asprintf(mem_ctx, "CN=%s,CN=Users,%s", alias_name,
- d_state->domain_dn);
+ msg->dn = ldb_dn_build_child(mem_ctx,
+ "CN", alias_name,
+ ldb_dn_build_child(mem_ctx,
+ "CN", "Users",
+ d_state->domain_dn));
if (!msg->dn) {
return NT_STATUS_NO_MEMORY;
}
@@ -997,7 +1007,8 @@ static NTSTATUS samr_CreateDomAlias(struct dcesrv_call_state *dce_call, TALLOC_C
/* create the alias */
ret = samdb_add(d_state->sam_ctx, mem_ctx, msg);
if (ret != 0) {
- DEBUG(0,("Failed to create alias record %s\n", msg->dn));
+ DEBUG(0,("Failed to create alias record %s\n",
+ ldb_dn_linearize(mem_ctx, msg->dn)));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
@@ -1013,7 +1024,8 @@ static NTSTATUS samr_CreateDomAlias(struct dcesrv_call_state *dce_call, TALLOC_C
/* retrieve the sid for the alias just created */
sid = samdb_search_dom_sid(d_state->sam_ctx, a_state,
- msg->dn, "objectSid", "dn=%s", msg->dn);
+ msg->dn, "objectSid", "dn=%s",
+ ldb_dn_linearize(mem_ctx, msg->dn));
a_state->account_name = talloc_strdup(a_state, alias_name);
if (!a_state->account_name) {
@@ -1580,7 +1592,7 @@ static NTSTATUS samr_SetGroupInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX
return NT_STATUS_NO_MEMORY;
}
- msg->dn = talloc_strdup(mem_ctx, a_state->account_dn);
+ msg->dn = ldb_dn_copy(mem_ctx, a_state->account_dn);
if (!msg->dn) {
return NT_STATUS_NO_MEMORY;
}
@@ -1813,7 +1825,7 @@ static NTSTATUS samr_QueryGroupMember(struct dcesrv_call_state *dce_call, TALLOC
struct ldb_message **res2;
const char * const attrs2[2] = { "objectSid", NULL };
ret = gendb_search_dn(a_state->sam_ctx, mem_ctx,
- (char *)el->values[i].data,
+ ldb_dn_explode(mem_ctx, el->values[i].data),
&res2, attrs2);
if (ret != 1)
return NT_STATUS_INTERNAL_DB_CORRUPTION;
@@ -2001,7 +2013,7 @@ static NTSTATUS samr_SetAliasInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX
return NT_STATUS_NO_MEMORY;
}
- msg->dn = talloc_strdup(mem_ctx, a_state->account_dn);
+ msg->dn = ldb_dn_copy(mem_ctx, a_state->account_dn);
if (!msg->dn) {
return NT_STATUS_NO_MEMORY;
}
@@ -2069,7 +2081,7 @@ static NTSTATUS samr_AddAliasMember(struct dcesrv_call_state *dce_call, TALLOC_C
struct ldb_message *mod;
struct ldb_message **msgs;
const char * const attrs[2] = { "dn", NULL };
- const char *memberdn = NULL;
+ struct ldb_dn *memberdn = NULL;
int ret;
DCESRV_PULL_HANDLE(h, r->in.alias_handle, SAMR_HANDLE_ALIAS);
@@ -2082,14 +2094,15 @@ static NTSTATUS samr_AddAliasMember(struct dcesrv_call_state *dce_call, TALLOC_C
ldap_encode_ndr_dom_sid(mem_ctx, r->in.sid));
if (ret == 1) {
- memberdn = ldb_msg_find_string(msgs[0], "dn", NULL);
+ memberdn = ldb_dn_explode(mem_ctx, ldb_msg_find_string(msgs[0], "dn", NULL));
} else if (ret > 1) {
DEBUG(0,("Found %d records matching sid %s\n",
ret, dom_sid_string(mem_ctx, r->in.sid)));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
} else if (ret == 0) {
struct ldb_message *msg;
- const char *basedn, *sidstr;
+ struct ldb_dn *basedn;
+ const char *sidstr;
sidstr = dom_sid_string(mem_ctx, r->in.sid);
NT_STATUS_HAVE_NO_MEMORY(sidstr);
@@ -2110,10 +2123,11 @@ static NTSTATUS samr_AddAliasMember(struct dcesrv_call_state *dce_call, TALLOC_C
* cn=For...,cn=Builtin,dc={BASEDN}. -- vl
*/
- basedn = samdb_search_string(d_state->sam_ctx, mem_ctx, NULL,
- "dn",
- "(&(objectClass=container)"
- "(cn=ForeignSecurityPrincipals))");
+ basedn = ldb_dn_explode(mem_ctx,
+ samdb_search_string(d_state->sam_ctx,
+ mem_ctx, NULL, "dn",
+ "(&(objectClass=container)"
+ "(cn=ForeignSecurityPrincipals))"));
if (basedn == NULL) {
DEBUG(0, ("Failed to find DN for "
@@ -2122,7 +2136,7 @@ static NTSTATUS samr_AddAliasMember(struct dcesrv_call_state *dce_call, TALLOC_C
}
/* add core elements to the ldb_message for the alias */
- msg->dn = talloc_asprintf(mem_ctx, "CN=%s,%s", sidstr, basedn);
+ msg->dn = ldb_dn_build_child(mem_ctx, "CN", sidstr, basedn);
if (msg->dn == NULL)
return NT_STATUS_NO_MEMORY;
@@ -2136,7 +2150,7 @@ static NTSTATUS samr_AddAliasMember(struct dcesrv_call_state *dce_call, TALLOC_C
ret = samdb_add(d_state->sam_ctx, mem_ctx, msg);
if (ret != 0) {
DEBUG(0,("Failed to create foreignSecurityPrincipal "
- "record %s\n", msg->dn));
+ "record %s\n", ldb_dn_linearize(mem_ctx, msg->dn)));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
} else {
@@ -2156,7 +2170,7 @@ static NTSTATUS samr_AddAliasMember(struct dcesrv_call_state *dce_call, TALLOC_C
mod->dn = talloc_reference(mem_ctx, a_state->account_dn);
if (samdb_msg_add_addval(d_state->sam_ctx, mem_ctx, mod, "member",
- memberdn) != 0)
+ ldb_dn_linearize(mem_ctx, memberdn)) != 0)
return NT_STATUS_UNSUCCESSFUL;
if (samdb_modify(a_state->sam_ctx, mem_ctx, mod) != 0)
@@ -2252,7 +2266,7 @@ static NTSTATUS samr_GetMembersInAlias(struct dcesrv_call_state *dce_call, TALLO
struct ldb_message **msgs2;
const char * const attrs2[2] = { "objectSid", NULL };
ret = gendb_search_dn(a_state->sam_ctx, mem_ctx,
- (char *)el->values[i].data,
+ ldb_dn_explode(mem_ctx, el->values[i].data),
&msgs2, attrs2);
if (ret != 1)
return NT_STATUS_INTERNAL_DB_CORRUPTION;
@@ -2821,7 +2835,7 @@ static NTSTATUS samr_GetGroupsForUser(struct dcesrv_call_state *dce_call, TALLOC
count = samdb_search_domain(a_state->sam_ctx, mem_ctx, NULL, &res,
attrs, d_state->domain_sid,
"(&(member=%s)(grouptype=%s)(objectclass=group))",
- a_state->account_dn,
+ ldb_dn_linearize(mem_ctx, a_state->account_dn),
ldb_hexstr(mem_ctx,
GTYPE_SECURITY_GLOBAL_GROUP));
if (count < 0)
@@ -3113,11 +3127,11 @@ static NTSTATUS samr_GetUserPwInfo(struct dcesrv_call_state *dce_call, TALLOC_CT
r->out.info.min_password_length = samdb_search_uint(a_state->sam_ctx, mem_ctx, 0,
a_state->domain_state->domain_dn, "minPwdLength",
"dn=%s",
- a_state->domain_state->domain_dn);
+ ldb_dn_linearize(mem_ctx, a_state->domain_state->domain_dn));
r->out.info.password_properties = samdb_search_uint(a_state->sam_ctx, mem_ctx, 0,
a_state->account_dn,
- "pwdProperties",
- "dn=%s", a_state->account_dn);
+ "pwdProperties", "dn=%s",
+ ldb_dn_linearize(mem_ctx, a_state->account_dn));
return NT_STATUS_OK;
}
@@ -3170,9 +3184,7 @@ static NTSTATUS samr_RemoveMemberFromForeignDomain(struct dcesrv_call_state *dce
return NT_STATUS_NO_MEMORY;
}
- mod->dn = talloc_reference(mod,
- samdb_result_string(res[i], "dn",
- NULL));
+ mod->dn = samdb_result_dn(mod, res[i], "dn", NULL);
if (mod->dn == NULL) {
talloc_free(mod);
continue;
diff --git a/source4/rpc_server/samr/dcesrv_samr.h b/source4/rpc_server/samr/dcesrv_samr.h
index 51e0869eef..8e53fa7a10 100644
--- a/source4/rpc_server/samr/dcesrv_samr.h
+++ b/source4/rpc_server/samr/dcesrv_samr.h
@@ -49,7 +49,7 @@ struct samr_domain_state {
uint32_t access_mask;
struct dom_sid *domain_sid;
const char *domain_name;
- const char *domain_dn;
+ const struct ldb_dn *domain_dn;
};
/*
@@ -61,5 +61,5 @@ struct samr_account_state {
uint32_t access_mask;
struct dom_sid *account_sid;
const char *account_name;
- const char *account_dn;
+ const struct ldb_dn *account_dn;
};
diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c
index 48abc7cfde..c862763101 100644
--- a/source4/rpc_server/samr/samr_password.c
+++ b/source4/rpc_server/samr/samr_password.c
@@ -108,7 +108,7 @@ NTSTATUS samr_ChangePasswordUser(struct dcesrv_call_state *dce_call, TALLOC_CTX
return NT_STATUS_NO_MEMORY;
}
- msg->dn = talloc_strdup(msg, a_state->account_dn);
+ msg->dn = ldb_dn_copy(msg, a_state->account_dn);
if (!msg->dn) {
return NT_STATUS_NO_MEMORY;
}
@@ -143,7 +143,7 @@ NTSTATUS samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call, TALLOC_
uint32_t new_pass_len;
struct samr_CryptPassword *pwbuf = r->in.password;
void *sam_ctx;
- const char *user_dn, *domain_dn;
+ const struct ldb_dn *user_dn, *domain_dn;
int ret;
struct ldb_message **res, *mod;
const char * const attrs[] = { "objectSid", "lmPwdHash", "unicodePwd", NULL };
@@ -210,9 +210,10 @@ NTSTATUS samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call, TALLOC_
return NT_STATUS_NO_SUCH_USER;
}
- domain_dn = samdb_search_string(sam_ctx, mem_ctx, NULL, "dn",
- "(objectSid=%s)",
- ldap_encode_ndr_dom_sid(mem_ctx, domain_sid));
+ domain_dn = ldb_dn_explode(mem_ctx,
+ samdb_search_string(sam_ctx, mem_ctx, NULL, "dn",
+ "(objectSid=%s)",
+ ldap_encode_ndr_dom_sid(mem_ctx, domain_sid)));
if (!domain_dn) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
@@ -222,7 +223,7 @@ NTSTATUS samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call, TALLOC_
return NT_STATUS_NO_MEMORY;
}
- mod->dn = talloc_strdup(mod, user_dn);
+ mod->dn = ldb_dn_copy(mod, user_dn);
if (!mod->dn) {
return NT_STATUS_NO_MEMORY;
}
@@ -261,7 +262,7 @@ NTSTATUS samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
char new_pass[512];
uint32_t new_pass_len;
void *sam_ctx = NULL;
- const char *user_dn, *domain_dn = NULL;
+ const struct ldb_dn *user_dn, *domain_dn = NULL;
int ret;
struct ldb_message **res, *mod;
const char * const attrs[] = { "objectSid", "ntPwdHash", "lmPwdHash", "unicodePwd", NULL };
@@ -360,9 +361,10 @@ NTSTATUS samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
goto failed;
}
- domain_dn = samdb_search_string(sam_ctx, mem_ctx, NULL, "dn",
- "(objectSid=%s)",
- ldap_encode_ndr_dom_sid(mem_ctx, domain_sid));
+ domain_dn = ldb_dn_explode(mem_ctx,
+ samdb_search_string(sam_ctx, mem_ctx, NULL, "dn",
+ "(objectSid=%s)",
+ ldap_encode_ndr_dom_sid(mem_ctx, domain_sid)));
if (!domain_dn) {
status = NT_STATUS_INTERNAL_DB_CORRUPTION;
goto failed;
@@ -373,7 +375,7 @@ NTSTATUS samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
return NT_STATUS_NO_MEMORY;
}
- mod->dn = talloc_strdup(mod, user_dn);
+ mod->dn = ldb_dn_copy(mod, user_dn);
if (!mod->dn) {
status = NT_STATUS_NO_MEMORY;
goto failed;
@@ -485,7 +487,8 @@ static BOOL samdb_password_complexity_ok(const char *pass)
changes (as is needed by some of the set user info levels)
*/
NTSTATUS samdb_set_password(void *ctx, TALLOC_CTX *mem_ctx,
- const char *user_dn, const char *domain_dn,
+ const struct ldb_dn *user_dn,
+ const struct ldb_dn *domain_dn,
struct ldb_message *mod,
const char *new_pass,
struct samr_Password *lmNewHash,
@@ -743,7 +746,7 @@ NTSTATUS samdb_set_password(void *ctx, TALLOC_CTX *mem_ctx,
*/
NTSTATUS samr_set_password(struct dcesrv_call_state *dce_call,
void *sam_ctx,
- const char *account_dn, const char *domain_dn,
+ const struct ldb_dn *account_dn, const struct ldb_dn *domain_dn,
TALLOC_CTX *mem_ctx,
struct ldb_message *msg,
struct samr_CryptPassword *pwbuf)
@@ -785,7 +788,7 @@ NTSTATUS samr_set_password(struct dcesrv_call_state *dce_call,
*/
NTSTATUS samr_set_password_ex(struct dcesrv_call_state *dce_call,
void *sam_ctx,
- const char *account_dn, const char *domain_dn,
+ const struct ldb_dn *account_dn, const struct ldb_dn *domain_dn,
TALLOC_CTX *mem_ctx,
struct ldb_message *msg,
struct samr_CryptPasswordEx *pwbuf)