diff options
Diffstat (limited to 'source4/rpc_server')
-rw-r--r-- | source4/rpc_server/lsa/dcesrv_lsa.c | 3 | ||||
-rw-r--r-- | source4/rpc_server/netlogon/dcerpc_netlogon.c | 12 | ||||
-rw-r--r-- | source4/rpc_server/samr/dcesrv_samr.c | 47 |
3 files changed, 40 insertions, 22 deletions
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c index 982de469f6..17f9754c3b 100644 --- a/source4/rpc_server/lsa/dcesrv_lsa.c +++ b/source4/rpc_server/lsa/dcesrv_lsa.c @@ -221,6 +221,7 @@ static NTSTATUS lsa_get_policy_state(struct dcesrv_call_state *dce_call, TALLOC_ struct lsa_policy_state **_state) { struct lsa_policy_state *state; + const struct ldb_dn *partitions_basedn = ldb_dn_string_compose(mem_ctx, samdb_base_dn(mem_ctx), "CN=Partitions,CN=Configuration"); state = talloc(mem_ctx, struct lsa_policy_state); if (!state) { @@ -246,7 +247,7 @@ static NTSTATUS lsa_get_policy_state(struct dcesrv_call_state *dce_call, TALLOC_ } state->domain_name - = samdb_search_string(state->sam_ldb, state, NULL, "nETBIOSName", + = samdb_search_string(state->sam_ldb, state, partitions_basedn, "nETBIOSName", "(&(objectclass=crossRef)(ncName=%s))", ldb_dn_linearize(mem_ctx, state->domain_dn)); if (!state->domain_name) { diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index 4075ce82ce..e3814f4c0d 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -99,7 +99,7 @@ static NTSTATUS netr_ServerAuthenticate3(struct dcesrv_call_state *dce_call, TAL return NT_STATUS_INVALID_SYSTEM_SERVICE; } /* pull the user attributes */ - num_records = gendb_search(sam_ctx, mem_ctx, NULL, &msgs, attrs, + num_records = gendb_search(sam_ctx, mem_ctx, samdb_base_dn(mem_ctx), &msgs, attrs, "(&(sAMAccountName=%s)(objectclass=user))", r->in.account_name); @@ -901,6 +901,7 @@ static NTSTATUS netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_call, TALL struct netr_DomainInfo1 *info1; int ret, ret1, ret2, i; NTSTATUS status; + const struct ldb_dn *partitions_basedn = ldb_dn_string_compose(mem_ctx, samdb_base_dn(mem_ctx), "CN=Partitions,CN=Configuration"); const char *local_domain; @@ -922,13 +923,13 @@ static NTSTATUS netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_call, TALL primary domain is also a "trusted" domain, so we need to put the primary domain into the lists of returned trusts as well */ - ret1 = gendb_search(sam_ctx, mem_ctx, NULL, &res1, attrs, "(objectClass=domainDNS)"); + ret1 = gendb_search(sam_ctx, mem_ctx, samdb_base_dn(mem_ctx), &res1, attrs, "(objectClass=domainDNS)"); if (ret1 != 1) { return NT_STATUS_INTERNAL_DB_CORRUPTION; } /* try and find the domain */ - ret = gendb_search(sam_ctx, mem_ctx, NULL, + ret = gendb_search(sam_ctx, mem_ctx, partitions_basedn, &ref_res, ref_attrs, "(&(objectClass=crossRef)(ncName=%s))", ldb_dn_linearize(mem_ctx, res1[0]->dn)); @@ -938,7 +939,7 @@ static NTSTATUS netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_call, TALL local_domain = samdb_result_string(ref_res[0], "nETBIOSName", NULL); - ret2 = gendb_search(sam_ctx, mem_ctx, NULL, &res2, attrs, "(objectClass=trustedDomain)"); + ret2 = gendb_search(sam_ctx, mem_ctx, samdb_base_dn(mem_ctx), &res2, attrs, "(objectClass=trustedDomain)"); if (ret2 == -1) { return NT_STATUS_INTERNAL_DB_CORRUPTION; } @@ -1164,6 +1165,7 @@ static WERROR netr_DsrEnumerateDomainTrusts(struct dcesrv_call_state *dce_call, struct ldb_message **dom_res, **ref_res; const char * const dom_attrs[] = { "dnsDomain", "objectSid", "objectGUID", NULL }; const char * const ref_attrs[] = { "nETBIOSName", NULL }; + const struct ldb_dn *partitions_basedn = ldb_dn_string_compose(mem_ctx, samdb_base_dn(mem_ctx), "CN=Partitions,CN=Configuration"); ZERO_STRUCT(r->out); @@ -1181,7 +1183,7 @@ static WERROR netr_DsrEnumerateDomainTrusts(struct dcesrv_call_state *dce_call, return WERR_GENERAL_FAILURE; } - ret = gendb_search(sam_ctx, mem_ctx, NULL, &ref_res, ref_attrs, + ret = gendb_search(sam_ctx, mem_ctx, partitions_basedn, &ref_res, ref_attrs, "(&(objectClass=crossRef)(ncName=%s))", ldb_dn_linearize(mem_ctx, dom_res[0]->dn)); if (ret == -1) { diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c index 66994778da..ecacff60e3 100644 --- a/source4/rpc_server/samr/dcesrv_samr.c +++ b/source4/rpc_server/samr/dcesrv_samr.c @@ -29,6 +29,7 @@ #include "rpc_server/samr/dcesrv_samr.h" #include "system/time.h" #include "lib/ldb/include/ldb.h" +#include "lib/ldb/include/ldb_errors.h" #include "ads.h" #include "dsdb/samdb/samdb.h" #include "libcli/ldap/ldap.h" @@ -163,6 +164,7 @@ static NTSTATUS samr_LookupDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX struct ldb_message **dom_msgs; struct ldb_message **ref_msgs; int ret; + const struct ldb_dn *partitions_basedn = ldb_dn_string_compose(mem_ctx, samdb_base_dn(mem_ctx), "CN=Partitions,CN=Configuration"); r->out.sid = NULL; @@ -176,11 +178,11 @@ static NTSTATUS samr_LookupDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX if (strcasecmp(r->in.domain_name->string, "BUILTIN") == 0) { ret = gendb_search(c_state->sam_ctx, - mem_ctx, NULL, &dom_msgs, dom_attrs, + mem_ctx, samdb_base_dn(mem_ctx), &dom_msgs, dom_attrs, "(objectClass=builtinDomain)"); } else { ret = gendb_search(c_state->sam_ctx, - mem_ctx, NULL, &ref_msgs, ref_attrs, + mem_ctx, partitions_basedn, &ref_msgs, ref_attrs, "(&(&(nETBIOSName=%s)(objectclass=crossRef))(ncName=*))", ldb_binary_encode_string(mem_ctx, r->in.domain_name->string)); if (ret != 1) { @@ -226,6 +228,7 @@ static NTSTATUS samr_EnumDomains(struct dcesrv_call_state *dce_call, TALLOC_CTX const char * const ref_attrs[] = { "nETBIOSName", NULL}; struct ldb_message **dom_msgs; struct ldb_message **ref_msgs; + const struct ldb_dn *partitions_basedn = ldb_dn_string_compose(mem_ctx, samdb_base_dn(mem_ctx), "CN=Partitions,CN=Configuration"); *r->out.resume_handle = 0; r->out.sam = NULL; @@ -236,8 +239,8 @@ static NTSTATUS samr_EnumDomains(struct dcesrv_call_state *dce_call, TALLOC_CTX c_state = h->data; count = gendb_search(c_state->sam_ctx, - mem_ctx, NULL, &dom_msgs, dom_attrs, - "(objectClass=domain)"); + mem_ctx, samdb_base_dn(mem_ctx), &dom_msgs, dom_attrs, + "(objectClass=domain)"); if (count == -1) { DEBUG(0,("samdb: no domains found in EnumDomains\n")); return NT_STATUS_INTERNAL_DB_CORRUPTION; @@ -269,7 +272,7 @@ static NTSTATUS samr_EnumDomains(struct dcesrv_call_state *dce_call, TALLOC_CTX int ret; array->entries[i].idx = start_i + i; /* try and find the domain */ - ret = gendb_search(c_state->sam_ctx, mem_ctx, NULL, + ret = gendb_search(c_state->sam_ctx, mem_ctx, partitions_basedn, &ref_msgs, ref_attrs, "(&(objectClass=crossRef)(ncName=%s))", ldb_dn_linearize(mem_ctx, dom_msgs[i]->dn)); @@ -303,6 +306,7 @@ static NTSTATUS samr_OpenDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX * struct ldb_message **dom_msgs; struct ldb_message **ref_msgs; int ret; + const struct ldb_dn *partitions_basedn = ldb_dn_string_compose(mem_ctx, samdb_base_dn(mem_ctx), "CN=Partitions,CN=Configuration"); ZERO_STRUCTP(r->out.domain_handle); @@ -315,14 +319,14 @@ static NTSTATUS samr_OpenDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX * } ret = gendb_search(c_state->sam_ctx, - mem_ctx, NULL, &dom_msgs, dom_attrs, + mem_ctx, samdb_base_dn(mem_ctx), &dom_msgs, dom_attrs, "(&(objectSid=%s)(&(objectclass=domain)))", ldap_encode_ndr_dom_sid(mem_ctx, r->in.sid)); if (ret != 1) { return NT_STATUS_INTERNAL_DB_CORRUPTION; } else { ret = gendb_search(c_state->sam_ctx, - mem_ctx, NULL, &ref_msgs, ref_attrs, + mem_ctx, partitions_basedn, &ref_msgs, ref_attrs, "(&(&(nETBIOSName=*)(objectclass=crossRef))(ncName=%s))", ldb_dn_linearize(mem_ctx, dom_msgs[0]->dn)); if (ret == 0) { @@ -431,11 +435,13 @@ static NTSTATUS samr_info_DomInfo2(struct samr_domain_state *state, TALLOC_CTX * info->primary.string = lp_netbios_name(); info->sequence_num = 0; info->role = ROLE_DOMAIN_PDC; - info->num_users = samdb_search_count(state->sam_ctx, mem_ctx, NULL, "(objectClass=user)"); - info->num_groups = samdb_search_count(state->sam_ctx, mem_ctx, NULL, + + /* TODO: Should these filter on SID, to avoid counting BUILTIN? */ + info->num_users = samdb_search_count(state->sam_ctx, mem_ctx, state->domain_dn, "(objectClass=user)"); + info->num_groups = samdb_search_count(state->sam_ctx, mem_ctx, state->domain_dn, "(&(objectClass=group)(sAMAccountType=%u))", ATYPE_GLOBAL_GROUP); - info->num_aliases = samdb_search_count(state->sam_ctx, mem_ctx, NULL, + info->num_aliases = samdb_search_count(state->sam_ctx, mem_ctx, state->domain_dn, "(&(objectClass=group)(sAMAccountType=%u))", ATYPE_LOCAL_GROUP); @@ -764,7 +770,7 @@ static NTSTATUS samr_CreateUser2(struct dcesrv_call_state *dce_call, TALLOC_CTX } /* check if the user already exists */ - name = samdb_search_string(d_state->sam_ctx, mem_ctx, NULL, + name = samdb_search_string(d_state->sam_ctx, mem_ctx, samdb_base_dn(mem_ctx), "sAMAccountName", "(&(sAMAccountName=%s)(objectclass=user))", ldb_binary_encode_string(mem_ctx, account_name)); @@ -830,7 +836,16 @@ static NTSTATUS samr_CreateUser2(struct dcesrv_call_state *dce_call, TALLOC_CTX /* create the user */ ret = samdb_add(d_state->sam_ctx, mem_ctx, msg); - if (ret != 0) { + switch (ret) { + case LDB_SUCCESS: + break; + case LDB_ERR_ENTRY_ALREADY_EXISTS: + ldb_transaction_cancel(d_state->sam_ctx); + DEBUG(0,("Failed to create user record %s: %s\n", + ldb_dn_linearize(mem_ctx, msg->dn), + ldb_errstring(d_state->sam_ctx))); + return NT_STATUS_USER_EXISTS; + default: ldb_transaction_cancel(d_state->sam_ctx); DEBUG(0,("Failed to create user record %s: %s\n", ldb_dn_linearize(mem_ctx, msg->dn), @@ -1256,7 +1271,7 @@ static NTSTATUS samr_GetAliasMembership(struct dcesrv_call_state *dce_call, TALL memberdn = samdb_search_string(d_state->sam_ctx, - mem_ctx, NULL, "distinguishedName", + mem_ctx, samdb_base_dn(mem_ctx), "distinguishedName", "(objectSid=%s)", ldap_encode_ndr_dom_sid(mem_ctx, r->in.sids->sids[i].sid)); @@ -2164,7 +2179,7 @@ static NTSTATUS samr_AddAliasMember(struct dcesrv_call_state *dce_call, TALLOC_C a_state = h->data; d_state = a_state->domain_state; - ret = gendb_search(d_state->sam_ctx, mem_ctx, NULL, + ret = gendb_search(d_state->sam_ctx, mem_ctx, d_state->domain_dn, &msgs, attrs, "(objectsid=%s)", ldap_encode_ndr_dom_sid(mem_ctx, r->in.sid)); @@ -2269,7 +2284,7 @@ static NTSTATUS samr_DeleteAliasMember(struct dcesrv_call_state *dce_call, TALLO a_state = h->data; d_state = a_state->domain_state; - memberdn = samdb_search_string(d_state->sam_ctx, mem_ctx, NULL, + memberdn = samdb_search_string(d_state->sam_ctx, mem_ctx, d_state->domain_dn, "distinguishedName", "(objectSid=%s)", ldap_encode_ndr_dom_sid(mem_ctx, r->in.sid)); @@ -2908,7 +2923,7 @@ static NTSTATUS samr_GetGroupsForUser(struct dcesrv_call_state *dce_call, TALLOC a_state = h->data; d_state = a_state->domain_state; - count = samdb_search_domain(a_state->sam_ctx, mem_ctx, NULL, &res, + count = samdb_search_domain(a_state->sam_ctx, mem_ctx, d_state->domain_dn, &res, attrs, d_state->domain_sid, "(&(member=%s)(grouptype=%d)(objectclass=group))", ldb_dn_linearize(mem_ctx, a_state->account_dn), |