summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
Diffstat (limited to 'source4')
-rw-r--r--source4/auth/auth_sam.c15
-rw-r--r--source4/dsdb/samdb/ldb_modules/samldb.c51
-rw-r--r--source4/dsdb/samdb/samdb.c99
-rw-r--r--source4/dsdb/samdb/samdb_privilege.c11
-rw-r--r--source4/lib/db_wrap.c9
-rw-r--r--source4/lib/ldb/config.mk4
-rw-r--r--source4/lib/ldb/samba/ldif_handlers.c6
-rw-r--r--source4/libcli/ldap/ldap_ndr.c2
-rw-r--r--source4/ntvfs/common/sidmap.c97
-rw-r--r--source4/rpc_server/lsa/dcesrv_lsa.c68
-rw-r--r--source4/rpc_server/netlogon/dcerpc_netlogon.c17
-rw-r--r--source4/rpc_server/samr/dcesrv_samr.c263
-rw-r--r--source4/rpc_server/samr/dcesrv_samr.h4
-rw-r--r--source4/rpc_server/samr/samr_password.c10
-rw-r--r--source4/setup/provision.ldif2
15 files changed, 303 insertions, 355 deletions
diff --git a/source4/auth/auth_sam.c b/source4/auth/auth_sam.c
index 1ad9087bfe..3318238fda 100644
--- a/source4/auth/auth_sam.c
+++ b/source4/auth/auth_sam.c
@@ -257,7 +257,7 @@ static NTSTATUS authsam_search_account(TALLOC_CTX *mem_ctx, struct ldb_context *
}
if (!domain_name) {
- const char *domain_sid;
+ struct dom_sid *domain_sid;
domain_sid = samdb_result_sid_prefix(mem_ctx, msgs[0], "objectSid");
if (!domain_sid) {
@@ -267,20 +267,20 @@ static NTSTATUS authsam_search_account(TALLOC_CTX *mem_ctx, struct ldb_context *
/* find the domain's DN */
ret = gendb_search(sam_ctx, mem_ctx, NULL, &msgs_tmp, NULL,
"(&(objectSid=%s)(objectclass=domain))",
- domain_sid);
+ ldap_encode_ndr_dom_sid(mem_ctx, domain_sid));
if (ret == -1) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
if (ret == 0) {
DEBUG(3,("check_sam_security: Couldn't find domain_sid [%s] in passdb file.\n",
- domain_sid));
+ dom_sid_string(mem_ctx, domain_sid)));
return NT_STATUS_NO_SUCH_USER;
}
if (ret > 1) {
DEBUG(0,("Found %d records matching domain_sid [%s]\n",
- ret, domain_sid));
+ ret, dom_sid_string(mem_ctx, domain_sid)));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
@@ -400,15 +400,14 @@ static NTSTATUS authsam_make_server_info(TALLOC_CTX *mem_ctx, struct ldb_context
/* Need to unroll some nested groups, but not aliases */
for (i = 0; i < group_ret; i++) {
- str = ldb_msg_find_string(group_msgs[i], "objectSid", NULL);
- groupSIDs[i] = dom_sid_parse_talloc(groupSIDs, str);
+ groupSIDs[i] = samdb_result_dom_sid(groupSIDs,
+ group_msgs[i], "objectSid");
NT_STATUS_HAVE_NO_MEMORY(groupSIDs[i]);
}
talloc_free(tmp_ctx);
- str = ldb_msg_find_string(msgs[0], "objectSid", NULL);
- account_sid = dom_sid_parse_talloc(server_info, str);
+ account_sid = samdb_result_dom_sid(server_info, msgs[0], "objectSid");
NT_STATUS_HAVE_NO_MEMORY(account_sid);
primary_group_sid = dom_sid_dup(server_info, account_sid);
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c
index 5472bed107..b5440c3cd1 100644
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -35,7 +35,8 @@
#include "includes.h"
#include "lib/ldb/include/ldb.h"
#include "lib/ldb/include/ldb_private.h"
-#include <time.h>
+#include "system/time.h"
+#include "librpc/gen_ndr/ndr_security.h"
#define SAM_ACCOUNT_NAME_BASE "$000000-000000000000"
@@ -169,14 +170,15 @@ static char *samldb_search_domain(struct ldb_module *module, TALLOC_CTX *mem_ctx
allocate a new RID for the domain
return the new sid string
*/
-static char *samldb_get_new_sid(struct ldb_module *module, TALLOC_CTX *mem_ctx, const char *obj_dn)
+static struct dom_sid *samldb_get_new_sid(struct ldb_module *module,
+ TALLOC_CTX *mem_ctx, const char *obj_dn)
{
const char * const attrs[2] = { "objectSid", NULL };
struct ldb_message **res = NULL;
- const char *dom_dn, *dom_sid;
- char *obj_sid;
+ const char *dom_dn;
uint32_t rid;
int ret, tries = 10;
+ struct dom_sid *dom_sid, *obj_sid;
/* get the domain component part of the provided dn */
@@ -197,11 +199,11 @@ static char *samldb_get_new_sid(struct ldb_module *module, TALLOC_CTX *mem_ctx,
ret = ldb_search(module->ldb, dom_dn, LDB_SCOPE_BASE, "objectSid=*", attrs, &res);
if (ret != 1) {
ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_get_new_sid: error retrieving domain sid!\n");
- if (res) talloc_free(res);
+ talloc_free(res);
return NULL;
}
- dom_sid = ldb_msg_find_string(res[0], "objectSid", NULL);
+ dom_sid = samdb_result_dom_sid(res, res[0], "objectSid");
if (dom_sid == NULL) {
ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_get_new_sid: error retrieving domain sid!\n");
talloc_free(res);
@@ -225,12 +227,10 @@ static char *samldb_get_new_sid(struct ldb_module *module, TALLOC_CTX *mem_ctx,
}
/* return the new object sid */
-
- obj_sid = talloc_asprintf(mem_ctx, "%s-%u", dom_sid, rid);
+ obj_sid = dom_sid_add_rid(mem_ctx, dom_sid, rid);
talloc_free(res);
-
return obj_sid;
}
@@ -307,6 +307,18 @@ static BOOL samldb_msg_add_string(struct ldb_module *module, struct ldb_message
return True;
}
+static BOOL samldb_msg_add_sid(struct ldb_module *module, struct ldb_message *msg, const char *name, const struct dom_sid *sid)
+{
+ struct ldb_val v;
+ NTSTATUS status;
+ status = ndr_push_struct_blob(&v, msg, sid,
+ (ndr_push_flags_fn_t)ndr_push_dom_sid);
+ if (!NT_STATUS_IS_OK(status)) {
+ return -1;
+ }
+ return (ldb_msg_add_value(module->ldb, msg, name, &v) == 0);
+}
+
static BOOL samldb_find_or_add_attribute(struct ldb_module *module, struct ldb_message *msg, const char *name, const char *value, const char *set_value)
{
if (samldb_find_attribute(msg, name, value) == NULL) {
@@ -367,7 +379,7 @@ static struct ldb_message *samldb_fill_group_object(struct ldb_module *module, c
{
struct ldb_message *msg2;
struct ldb_message_element *attribute;
- char *rdn, *basedn, *sidstr;
+ char *rdn, *basedn;
if (samldb_find_attribute(msg, "objectclass", "group") == NULL) {
return NULL;
@@ -418,15 +430,17 @@ static struct ldb_message *samldb_fill_group_object(struct ldb_module *module, c
}
if ((attribute = samldb_find_attribute(msg2, "objectSid", NULL)) == NULL ) {
-
- if ((sidstr = samldb_get_new_sid(module, msg2, msg2->dn)) == NULL) {
+ struct dom_sid *sid = samldb_get_new_sid(module, msg2, msg2->dn);
+ if (sid == NULL) {
ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_group_object: internal error! Can't generate new sid\n");
return NULL;
}
- if ( ! samldb_msg_add_string(module, msg2, "objectSid", sidstr)) {
+ if (!samldb_msg_add_sid(module, msg2, "objectSid", sid)) {
+ talloc_free(sid);
return NULL;
}
+ talloc_free(sid);
}
if ( ! samldb_find_or_add_attribute(module, msg2, "sAMAccountName", NULL, samldb_generate_samAccountName(msg2))) {
@@ -444,7 +458,7 @@ static struct ldb_message *samldb_fill_user_or_computer_object(struct ldb_module
{
struct ldb_message *msg2;
struct ldb_message_element *attribute;
- char *rdn, *basedn, *sidstr;
+ char *rdn, *basedn;
if ((samldb_find_attribute(msg, "objectclass", "user") == NULL) && (samldb_find_attribute(msg, "objectclass", "computer") == NULL)) {
return NULL;
@@ -500,15 +514,18 @@ static struct ldb_message *samldb_fill_user_or_computer_object(struct ldb_module
}
if ((attribute = samldb_find_attribute(msg2, "objectSid", NULL)) == NULL ) {
-
- if ((sidstr = samldb_get_new_sid(module, msg2, msg2->dn)) == NULL) {
+ struct dom_sid *sid;
+ sid = samldb_get_new_sid(module, msg2, msg2->dn);
+ if (sid == NULL) {
ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_user_or_computer_object: internal error! Can't generate new sid\n");
return NULL;
}
- if ( ! samldb_msg_add_string(module, msg2, "objectSid", sidstr)) {
+ if ( ! samldb_msg_add_sid(module, msg2, "objectSid", sid)) {
+ talloc_free(sid);
return NULL;
}
+ talloc_free(sid);
}
if ( ! samldb_find_or_add_attribute(module, msg2, "sAMAccountName", NULL, samldb_generate_samAccountName(msg2))) {
diff --git a/source4/dsdb/samdb/samdb.c b/source4/dsdb/samdb/samdb.c
index 5f9764ce42..e2426738da 100644
--- a/source4/dsdb/samdb/samdb.c
+++ b/source4/dsdb/samdb/samdb.c
@@ -61,17 +61,17 @@ int samdb_search_domain(struct ldb_context *sam_ldb,
while (i<count) {
struct dom_sid *entry_sid;
- entry_sid = samdb_result_dom_sid(mem_ctx, (*res)[i],
- "objectSid");
+ entry_sid = samdb_result_dom_sid(mem_ctx, (*res)[i], "objectSid");
if ((entry_sid == NULL) ||
(!dom_sid_in_domain(domain_sid, entry_sid))) {
-
/* Delete that entry from the result set */
(*res)[i] = (*res)[count-1];
count -= 1;
+ talloc_free(entry_sid);
continue;
}
+ talloc_free(entry_sid);
i += 1;
}
@@ -125,6 +125,37 @@ const char *samdb_search_string(struct ldb_context *sam_ldb,
}
/*
+ search the sam for a dom_sid attribute in exactly 1 record
+*/
+struct dom_sid *samdb_search_dom_sid(struct ldb_context *sam_ldb,
+ TALLOC_CTX *mem_ctx,
+ const char *basedn,
+ const char *attr_name,
+ const char *format, ...) _PRINTF_ATTRIBUTE(5,6)
+{
+ va_list ap;
+ int count;
+ struct ldb_message **res;
+ const char * const attrs[2] = { attr_name, NULL };
+ struct dom_sid *sid;
+
+ va_start(ap, format);
+ count = gendb_search_v(sam_ldb, mem_ctx, basedn, &res, attrs, format, ap);
+ va_end(ap);
+ if (count > 1) {
+ DEBUG(1,("samdb: search for %s %s not single valued (count=%d)\n",
+ attr_name, format, count));
+ }
+ if (count != 1) {
+ talloc_free(res);
+ return NULL;
+ }
+ sid = samdb_result_dom_sid(mem_ctx, res[0], attr_name);
+ talloc_free(res);
+ return sid;
+}
+
+/*
return the count of the number of records in the sam matching the query
*/
int samdb_search_count(struct ldb_context *sam_ldb,
@@ -274,16 +305,18 @@ const char *samdb_result_string(struct ldb_message *msg, const char *attr,
pull a rid from a objectSid in a result set.
*/
uint32_t samdb_result_rid_from_sid(TALLOC_CTX *mem_ctx, struct ldb_message *msg,
- const char *attr, uint32_t default_value)
+ const char *attr, uint32_t default_value)
{
struct dom_sid *sid;
- const char *sidstr = ldb_msg_find_string(msg, attr, NULL);
- if (!sidstr) return default_value;
-
- sid = dom_sid_parse_talloc(mem_ctx, sidstr);
- if (!sid) return default_value;
+ uint32_t rid;
- return sid->sub_auths[sid->num_auths-1];
+ sid = samdb_result_dom_sid(mem_ctx, msg, attr);
+ if (sid == NULL) {
+ return default_value;
+ }
+ rid = sid->sub_auths[sid->num_auths-1];
+ talloc_free(sid);
+ return rid;
}
/*
@@ -292,10 +325,24 @@ uint32_t samdb_result_rid_from_sid(TALLOC_CTX *mem_ctx, struct ldb_message *msg,
struct dom_sid *samdb_result_dom_sid(TALLOC_CTX *mem_ctx, struct ldb_message *msg,
const char *attr)
{
- const char *sidstr = ldb_msg_find_string(msg, attr, NULL);
- if (!sidstr) return NULL;
-
- return dom_sid_parse_talloc(mem_ctx, sidstr);
+ const struct ldb_val *v;
+ struct dom_sid *sid;
+ NTSTATUS status;
+ v = ldb_msg_find_ldb_val(msg, attr);
+ if (v == NULL) {
+ return NULL;
+ }
+ sid = talloc(mem_ctx, struct dom_sid);
+ if (sid == NULL) {
+ return NULL;
+ }
+ status = ndr_pull_struct_blob(v, sid, sid,
+ (ndr_pull_flags_fn_t)ndr_pull_dom_sid);
+ if (!NT_STATUS_IS_OK(status)) {
+ talloc_free(sid);
+ return NULL;
+ }
+ return sid;
}
/*
@@ -324,15 +371,13 @@ struct GUID samdb_result_guid(struct ldb_message *msg, const char *attr)
pull a sid prefix from a objectSid in a result set.
this is used to find the domain sid for a user
*/
-const char *samdb_result_sid_prefix(TALLOC_CTX *mem_ctx, struct ldb_message *msg,
- const char *attr)
+struct dom_sid *samdb_result_sid_prefix(TALLOC_CTX *mem_ctx, struct ldb_message *msg,
+ const char *attr)
{
struct dom_sid *sid = samdb_result_dom_sid(mem_ctx, msg, attr);
if (!sid || sid->num_auths < 1) return NULL;
-
sid->num_auths--;
-
- return dom_sid_string(mem_ctx, sid);
+ return sid;
}
/*
@@ -704,6 +749,22 @@ int samdb_msg_add_string(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struc
}
/*
+ add a dom_sid element to a message
+*/
+int samdb_msg_add_dom_sid(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
+ const char *attr_name, struct dom_sid *sid)
+{
+ struct ldb_val v;
+ NTSTATUS status;
+ status = ndr_push_struct_blob(&v, mem_ctx, sid,
+ (ndr_push_flags_fn_t)ndr_push_dom_sid);
+ if (!NT_STATUS_IS_OK(status)) {
+ return -1;
+ }
+ return ldb_msg_add_value(sam_ldb, msg, attr_name, &v);
+}
+
+/*
add a delete element operation to a message
*/
int samdb_msg_add_delete(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
diff --git a/source4/dsdb/samdb/samdb_privilege.c b/source4/dsdb/samdb/samdb_privilege.c
index 77ddcbbdcd..bfd37f6417 100644
--- a/source4/dsdb/samdb/samdb_privilege.c
+++ b/source4/dsdb/samdb/samdb_privilege.c
@@ -31,29 +31,26 @@ static NTSTATUS samdb_privilege_setup_sid(void *samctx, TALLOC_CTX *mem_ctx,
const struct dom_sid *sid,
uint64_t *mask)
{
- char *sidstr;
const char * const attrs[] = { "privilege", NULL };
struct ldb_message **res = NULL;
struct ldb_message_element *el;
int ret, i;
+ char *sidstr;
*mask = 0;
- sidstr = dom_sid_string(mem_ctx, sid);
- if (sidstr == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
+ sidstr = ldap_encode_ndr_dom_sid(mem_ctx, sid);
+ NT_STATUS_HAVE_NO_MEMORY(sidstr);
ret = gendb_search(samctx, mem_ctx, NULL, &res, attrs, "objectSid=%s", sidstr);
+ talloc_free(sidstr);
if (ret != 1) {
- talloc_free(sidstr);
/* not an error to not match */
return NT_STATUS_OK;
}
el = ldb_msg_find_element(res[0], "privilege");
if (el == NULL) {
- talloc_free(sidstr);
return NT_STATUS_OK;
}
diff --git a/source4/lib/db_wrap.c b/source4/lib/db_wrap.c
index c277f2d975..b000225bbf 100644
--- a/source4/lib/db_wrap.c
+++ b/source4/lib/db_wrap.c
@@ -102,6 +102,15 @@ struct ldb_context *ldb_wrap_connect(TALLOC_CTX *mem_ctx,
ev = talloc_find_parent_bytype(mem_ctx, struct event_context);
if (ev) {
ldb_set_opaque(ldb, "EventContext", ev);
+ } else {
+ DEBUG(0,("WARNING: event_context not found\n"));
+ talloc_show_parents(mem_ctx, stdout);
+ }
+
+ ret = ldb_register_samba_handlers(ldb);
+ if (ret == -1) {
+ talloc_free(ldb);
+ return NULL;
}
ret = ldb_connect(ldb, url, flags, options);
diff --git a/source4/lib/ldb/config.mk b/source4/lib/ldb/config.mk
index 00568aeda8..cf3a7fa93d 100644
--- a/source4/lib/ldb/config.mk
+++ b/source4/lib/ldb/config.mk
@@ -72,7 +72,7 @@ ADD_OBJ_FILES = \
lib/ldb/common/ldb_modules.o \
lib/ldb/common/ldb_explode_dn.o
REQUIRED_SUBSYSTEMS = \
- LIBREPLACE LIBTALLOC
+ LIBREPLACE LIBTALLOC LDBSAMBA
NOPROTO = YES
#
# End SUBSYSTEM LIBLDB
@@ -103,7 +103,7 @@ OBJ_FILES = \
[SUBSYSTEM::LIBLDB_CMDLINE]
OBJ_FILES= \
lib/ldb/tools/cmdline.o
-REQUIRED_SUBSYSTEMS = LIBLDB LIBCMDLINE LIBBASIC LDBSAMBA
+REQUIRED_SUBSYSTEMS = LIBLDB LIBCMDLINE LIBBASIC
# End SUBSYSTEM LIBLDB_CMDLINE
################################################
diff --git a/source4/lib/ldb/samba/ldif_handlers.c b/source4/lib/ldb/samba/ldif_handlers.c
index 7252d081f1..17a45df78d 100644
--- a/source4/lib/ldb/samba/ldif_handlers.c
+++ b/source4/lib/ldb/samba/ldif_handlers.c
@@ -85,11 +85,5 @@ static const struct ldb_ldif_handler samba_handlers[] = {
*/
int ldb_register_samba_handlers(struct ldb_context *ldb)
{
-#if 0
- /* we can't enable this until we fix the sam code to handle
- non-string elements */
return ldb_ldif_add_handlers(ldb, samba_handlers, ARRAY_SIZE(samba_handlers));
-#else
- return 0;
-#endif
}
diff --git a/source4/libcli/ldap/ldap_ndr.c b/source4/libcli/ldap/ldap_ndr.c
index 88ca1ece77..f490b9983d 100644
--- a/source4/libcli/ldap/ldap_ndr.c
+++ b/source4/libcli/ldap/ldap_ndr.c
@@ -41,7 +41,7 @@ const char *ldap_encode_ndr_uint32(TALLOC_CTX *mem_ctx, uint32_t value)
/*
encode a NDR dom_sid as a ldap filter element
*/
-const char *ldap_encode_ndr_dom_sid(TALLOC_CTX *mem_ctx, struct dom_sid *sid)
+const char *ldap_encode_ndr_dom_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid)
{
DATA_BLOB blob;
NTSTATUS status;
diff --git a/source4/ntvfs/common/sidmap.c b/source4/ntvfs/common/sidmap.c
index a39ee2f0eb..b29f197b34 100644
--- a/source4/ntvfs/common/sidmap.c
+++ b/source4/ntvfs/common/sidmap.c
@@ -97,26 +97,18 @@ static NTSTATUS sidmap_primary_domain_sid(struct sidmap_context *sidmap,
TALLOC_CTX *mem_ctx, struct dom_sid **sid)
{
const char *attrs[] = { "objectSid", NULL };
- void *ctx = talloc_new(mem_ctx);
- const char *sidstr;
int ret;
- struct ldb_message **res;
+ struct ldb_message **res = NULL;
- ret = gendb_search(sidmap->samctx, ctx, NULL, &res, attrs,
+ ret = gendb_search(sidmap->samctx, mem_ctx, NULL, &res, attrs,
"(&(objectClass=domain)(name=%s))", lp_workgroup());
if (ret != 1) {
- talloc_free(ctx);
+ talloc_free(res);
return NT_STATUS_NO_SUCH_DOMAIN;
}
- sidstr = samdb_result_string(res[0], "objectSid", NULL);
- if (sidstr == NULL) {
- talloc_free(ctx);
- return NT_STATUS_NO_SUCH_DOMAIN;
- }
-
- *sid = dom_sid_parse_talloc(mem_ctx, sidstr);
- talloc_free(ctx);
+ *sid = samdb_result_dom_sid(mem_ctx, res[0], "objectSid");
+ talloc_free(res);
if (*sid == NULL) {
return NT_STATUS_NO_MEMORY;
}
@@ -137,26 +129,21 @@ NTSTATUS sidmap_sid_to_unixuid(struct sidmap_context *sidmap,
const char *s;
void *ctx;
struct ldb_message **res;
- const char *sidstr;
struct dom_sid *domain_sid;
NTSTATUS status;
ctx = talloc_new(sidmap);
- sidstr = dom_sid_string(ctx, sid);
- if (sidstr == NULL) {
- talloc_free(ctx);
- return NT_STATUS_NO_MEMORY;
- }
ret = gendb_search(sidmap->samctx, ctx, NULL, &res, attrs,
- "objectSid=%s", sidstr);
+ "objectSid=%s", ldap_encode_ndr_dom_sid(ctx, sid));
if (ret != 1) {
goto allocated_sid;
}
/* make sure its a user, not a group */
if (!is_user_account(res[0])) {
- DEBUG(0,("sid_to_unixuid: sid %s is not an account!\n", sidstr));
+ DEBUG(0,("sid_to_unixuid: sid %s is not an account!\n",
+ dom_sid_string(ctx, sid)));
talloc_free(ctx);
return NT_STATUS_INVALID_SID;
}
@@ -174,7 +161,7 @@ NTSTATUS sidmap_sid_to_unixuid(struct sidmap_context *sidmap,
if (s != NULL) {
struct passwd *pwd = getpwnam(s);
if (!pwd) {
- DEBUG(0,("unixName %s for sid %s does not exist as a local user\n", s, sidstr));
+ DEBUG(0,("unixName %s for sid %s does not exist as a local user\n", s, dom_sid_string(ctx, sid)));
talloc_free(ctx);
return NT_STATUS_NO_SUCH_USER;
}
@@ -188,7 +175,8 @@ NTSTATUS sidmap_sid_to_unixuid(struct sidmap_context *sidmap,
if (s != NULL) {
struct passwd *pwd = getpwnam(s);
if (!pwd) {
- DEBUG(0,("sAMAccountName '%s' for sid %s does not exist as a local user\n", s, sidstr));
+ DEBUG(0,("sAMAccountName '%s' for sid %s does not exist as a local user\n",
+ s, dom_sid_string(ctx, sid)));
talloc_free(ctx);
return NT_STATUS_NO_SUCH_USER;
}
@@ -217,7 +205,7 @@ allocated_sid:
DEBUG(0,("sid_to_unixuid: no unixID, unixName or sAMAccountName for sid %s\n",
- sidstr));
+ dom_sid_string(ctx, sid)));
talloc_free(ctx);
return NT_STATUS_INVALID_SID;
@@ -236,26 +224,21 @@ NTSTATUS sidmap_sid_to_unixgid(struct sidmap_context *sidmap,
const char *s;
void *ctx;
struct ldb_message **res;
- const char *sidstr;
NTSTATUS status;
struct dom_sid *domain_sid;
ctx = talloc_new(sidmap);
- sidstr = dom_sid_string(ctx, sid);
- if (sidstr == NULL) {
- talloc_free(ctx);
- return NT_STATUS_NO_MEMORY;
- }
ret = gendb_search(sidmap->samctx, ctx, NULL, &res, attrs,
- "objectSid=%s", sidstr);
+ "objectSid=%s", ldap_encode_ndr_dom_sid(ctx, sid));
if (ret != 1) {
goto allocated_sid;
}
/* make sure its not a user */
if (!is_group_account(res[0])) {
- DEBUG(0,("sid_to_unixgid: sid %s is a ATYPE_NORMAL_ACCOUNT\n", sidstr));
+ DEBUG(0,("sid_to_unixgid: sid %s is a ATYPE_NORMAL_ACCOUNT\n",
+ dom_sid_string(ctx, sid)));
talloc_free(ctx);
return NT_STATUS_INVALID_SID;
}
@@ -274,7 +257,7 @@ NTSTATUS sidmap_sid_to_unixgid(struct sidmap_context *sidmap,
struct group *grp = getgrnam(s);
if (!grp) {
DEBUG(0,("unixName '%s' for sid %s does not exist as a local group\n",
- s, sidstr));
+ s, dom_sid_string(ctx, sid)));
talloc_free(ctx);
return NT_STATUS_NO_SUCH_USER;
}
@@ -288,7 +271,7 @@ NTSTATUS sidmap_sid_to_unixgid(struct sidmap_context *sidmap,
if (s != NULL) {
struct group *grp = getgrnam(s);
if (!grp) {
- DEBUG(0,("sAMAccountName '%s' for sid %s does not exist as a local group\n", s, sidstr));
+ DEBUG(0,("sAMAccountName '%s' for sid %s does not exist as a local group\n", s, dom_sid_string(ctx, sid)));
talloc_free(ctx);
return NT_STATUS_NO_SUCH_USER;
}
@@ -314,7 +297,7 @@ allocated_sid:
}
DEBUG(0,("sid_to_unixgid: no unixID, unixName or sAMAccountName for sid %s\n",
- sidstr));
+ dom_sid_string(ctx, sid)));
talloc_free(ctx);
return NT_STATUS_INVALID_SID;
@@ -363,18 +346,11 @@ NTSTATUS sidmap_uid_to_sid(struct sidmap_context *sidmap,
ret = gendb_search(sidmap->samctx, ctx, NULL, &res, attrs,
"unixID=%u", (unsigned int)uid);
for (i=0;i<ret;i++) {
- const char *sidstr;
-
if (!is_user_account(res[i])) continue;
- sidstr = samdb_result_string(res[i], "objectSid", NULL);
- if (sidstr == NULL) continue;
-
- *sid = dom_sid_parse_talloc(mem_ctx, sidstr);
+ *sid = samdb_result_dom_sid(mem_ctx, res[i], "objectSid");
talloc_free(ctx);
- if (*sid == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
+ NT_STATUS_HAVE_NO_MEMORY(*sid);
return NT_STATUS_OK;
}
@@ -391,18 +367,11 @@ NTSTATUS sidmap_uid_to_sid(struct sidmap_context *sidmap,
"(|(unixName=%s)(sAMAccountName=%s))",
pwd->pw_name, pwd->pw_name);
for (i=0;i<ret;i++) {
- const char *sidstr;
-
if (!is_user_account(res[i])) continue;
- sidstr = samdb_result_string(res[i], "objectSid", NULL);
- if (sidstr == NULL) continue;
-
- *sid = dom_sid_parse_talloc(mem_ctx, sidstr);
+ *sid = samdb_result_dom_sid(mem_ctx, res[i], "objectSid");
talloc_free(ctx);
- if (*sid == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
+ NT_STATUS_HAVE_NO_MEMORY(*sid);
return NT_STATUS_OK;
}
@@ -475,18 +444,11 @@ NTSTATUS sidmap_gid_to_sid(struct sidmap_context *sidmap,
ret = gendb_search(sidmap->samctx, ctx, NULL, &res, attrs,
"unixID=%u", (unsigned int)gid);
for (i=0;i<ret;i++) {
- const char *sidstr;
-
if (!is_group_account(res[i])) continue;
- sidstr = samdb_result_string(res[i], "objectSid", NULL);
- if (sidstr == NULL) continue;
-
- *sid = dom_sid_parse_talloc(mem_ctx, sidstr);
+ *sid = samdb_result_dom_sid(mem_ctx, res[i], "objectSid");
talloc_free(ctx);
- if (*sid == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
+ NT_STATUS_HAVE_NO_MEMORY(*sid);
return NT_STATUS_OK;
}
@@ -503,18 +465,11 @@ NTSTATUS sidmap_gid_to_sid(struct sidmap_context *sidmap,
"(|(unixName=%s)(sAMAccountName=%s))",
grp->gr_name, grp->gr_name);
for (i=0;i<ret;i++) {
- const char *sidstr;
-
if (!is_group_account(res[i])) continue;
- sidstr = samdb_result_string(res[i], "objectSid", NULL);
- if (sidstr == NULL) continue;
-
- *sid = dom_sid_parse_talloc(mem_ctx, sidstr);
+ *sid = samdb_result_dom_sid(mem_ctx, res[i], "objectSid");
talloc_free(ctx);
- if (*sid == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
+ NT_STATUS_HAVE_NO_MEMORY(*sid);
return NT_STATUS_OK;
}
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index b3de4e4ba1..726c82364b 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -65,7 +65,6 @@ struct lsa_account_state {
struct lsa_policy_state *policy;
uint32_t access_mask;
struct dom_sid *account_sid;
- const char *account_sid_str;
const char *account_dn;
};
@@ -221,7 +220,6 @@ static NTSTATUS lsa_get_policy_state(struct dcesrv_call_state *dce_call, TALLOC_
struct lsa_policy_state **_state)
{
struct lsa_policy_state *state;
- const char *sid_str;
state = talloc(mem_ctx, struct lsa_policy_state);
if (!state) {
@@ -266,13 +264,8 @@ static NTSTATUS lsa_get_policy_state(struct dcesrv_call_state *dce_call, TALLOC_
return NT_STATUS_NO_SUCH_DOMAIN;
}
- sid_str = samdb_search_string(state->sam_ldb, mem_ctx,
- state->domain_dn, "objectSid", NULL);
- if (!sid_str) {
- return NT_STATUS_NO_SUCH_DOMAIN;
- }
-
- state->domain_sid = dom_sid_parse_talloc(state, sid_str);
+ state->domain_sid = samdb_search_dom_sid(state->sam_ldb, state,
+ state->domain_dn, "objectSid", NULL);
if (!state->domain_sid) {
return NT_STATUS_NO_SUCH_DOMAIN;
}
@@ -519,16 +512,11 @@ static NTSTATUS lsa_EnumAccounts(struct dcesrv_call_state *dce_call, TALLOC_CTX
}
for (i=0;i<count;i++) {
- const char *sidstr;
-
- sidstr = samdb_result_string(res[i + *r->in.resume_handle], "objectSid", NULL);
- if (sidstr == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
- r->out.sids->sids[i].sid = dom_sid_parse_talloc(r->out.sids->sids, sidstr);
- if (r->out.sids->sids[i].sid == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
+ r->out.sids->sids[i].sid =
+ samdb_result_dom_sid(r->out.sids->sids,
+ res[i + *r->in.resume_handle],
+ "objectSid");
+ NT_STATUS_HAVE_NO_MEMORY(r->out.sids->sids[i].sid);
}
r->out.sids->num_sids = count;
@@ -1104,7 +1092,7 @@ static NTSTATUS lsa_lookup_sid(struct lsa_policy_state *state, TALLOC_CTX *mem_c
NTSTATUS status;
ret = gendb_search(state->sam_ldb, mem_ctx, NULL, &res, attrs,
- "objectSid=%s", sid_str);
+ "objectSid=%s", ldap_encode_ndr_dom_sid(mem_ctx, sid));
if (ret == 1) {
*name = ldb_msg_find_string(res[0], "sAMAccountName", NULL);
if (!*name) {
@@ -1315,17 +1303,13 @@ static NTSTATUS lsa_OpenAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *
return NT_STATUS_NO_MEMORY;
}
- astate->account_sid_str = dom_sid_string(astate, astate->account_sid);
- if (astate->account_sid_str == NULL) {
- talloc_free(astate);
- return NT_STATUS_NO_MEMORY;
- }
-
/* check it really exists */
- astate->account_dn = samdb_search_string(state->sam_ldb, astate,
- NULL, "dn",
- "(&(objectSid=%s)(objectClass=group))",
- astate->account_sid_str);
+ astate->account_dn =
+ samdb_search_string(state->sam_ldb, astate,
+ NULL, "dn",
+ "(&(objectSid=%s)(objectClass=group))",
+ ldap_encode_ndr_dom_sid(mem_ctx,
+ astate->account_sid));
if (astate->account_dn == NULL) {
talloc_free(astate);
return NT_STATUS_NO_SUCH_USER;
@@ -1422,7 +1406,7 @@ static NTSTATUS lsa_EnumAccountRights(struct dcesrv_call_state *dce_call,
state = h->data;
- sidstr = dom_sid_string(mem_ctx, r->in.sid);
+ sidstr = ldap_encode_ndr_dom_sid(mem_ctx, r->in.sid);
if (sidstr == NULL) {
return NT_STATUS_NO_MEMORY;
}
@@ -1471,7 +1455,7 @@ static NTSTATUS lsa_AddRemoveAccountRights(struct dcesrv_call_state *dce_call,
const char *dn;
struct lsa_EnumAccountRights r2;
- sidstr = dom_sid_string(mem_ctx, sid);
+ sidstr = ldap_encode_ndr_dom_sid(mem_ctx, sid);
if (sidstr == NULL) {
return NT_STATUS_NO_MEMORY;
}
@@ -2348,16 +2332,9 @@ static NTSTATUS lsa_EnumAccountsWithUserRight(struct dcesrv_call_state *dce_call
return NT_STATUS_NO_MEMORY;
}
for (i=0;i<ret;i++) {
- const char *sidstr;
- sidstr = samdb_result_string(res[i], "objectSid", NULL);
- if (sidstr == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
- r->out.sids->sids[i].sid = dom_sid_parse_talloc(r->out.sids->sids,
- sidstr);
- if (r->out.sids->sids[i].sid == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
+ r->out.sids->sids[i].sid = samdb_result_dom_sid(r->out.sids->sids,
+ res[i], "objectSid");
+ NT_STATUS_HAVE_NO_MEMORY(r->out.sids->sids[i].sid);
}
r->out.sids->num_sids = ret;
@@ -2540,12 +2517,7 @@ static NTSTATUS lsa_lookup_name(struct lsa_policy_state *state, TALLOC_CTX *mem_
ret = gendb_search(state->sam_ldb, mem_ctx, NULL, &res, attrs, "sAMAccountName=%s", name);
if (ret == 1) {
- const char *sid_str = ldb_msg_find_string(res[0], "objectSid", NULL);
- if (sid_str == NULL) {
- return NT_STATUS_INVALID_SID;
- }
-
- *sid = dom_sid_parse_talloc(mem_ctx, sid_str);
+ *sid = samdb_result_dom_sid(mem_ctx, res[0], "objectSid");
if (*sid == NULL) {
return NT_STATUS_INVALID_SID;
}
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index bd20deedb9..4dd8312df5 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -313,7 +313,7 @@ static NTSTATUS netr_ServerPasswordSet(struct dcesrv_call_state *dce_call, TALLO
struct ldb_message **msgs_domain;
NTSTATUS nt_status;
struct ldb_message *mod;
- const char *domain_sid;
+ struct dom_sid *domain_sid;
const char *attrs[] = {"objectSid", NULL };
@@ -356,20 +356,20 @@ static NTSTATUS netr_ServerPasswordSet(struct dcesrv_call_state *dce_call, TALLO
num_records_domain = gendb_search(sam_ctx, mem_ctx, NULL,
&msgs_domain, domain_attrs,
"(&(objectSid=%s)(objectclass=domain))",
- domain_sid);
+ ldap_encode_ndr_dom_sid(mem_ctx, domain_sid));
if (num_records_domain == -1) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
if (num_records_domain == 0) {
DEBUG(3,("Couldn't find domain [%s] in samdb.\n",
- domain_sid));
+ dom_sid_string(mem_ctx, domain_sid)));
return NT_STATUS_NO_SUCH_USER;
}
if (num_records_domain > 1) {
DEBUG(0,("Found %d records matching domain [%s]\n",
- num_records_domain, domain_sid));
+ num_records_domain, dom_sid_string(mem_ctx, domain_sid)));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
@@ -1036,7 +1036,7 @@ static NTSTATUS netr_ServerPasswordSet2(struct dcesrv_call_state *dce_call, TALL
struct ldb_message **msgs_domain;
NTSTATUS nt_status;
struct ldb_message *mod;
- const char *domain_sid;
+ struct dom_sid *domain_sid;
char new_pass[512];
uint32_t new_pass_len;
@@ -1083,20 +1083,21 @@ static NTSTATUS netr_ServerPasswordSet2(struct dcesrv_call_state *dce_call, TALL
num_records_domain = gendb_search(sam_ctx, mem_ctx, NULL,
&msgs_domain, domain_attrs,
"(&(objectSid=%s)(objectclass=domain))",
- domain_sid);
+ ldap_encode_ndr_dom_sid(mem_ctx, domain_sid));
if (num_records_domain == -1) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
if (num_records_domain == 0) {
DEBUG(3,("Couldn't find domain [%s] in samdb.\n",
- domain_sid));
+ ldap_encode_ndr_dom_sid(mem_ctx, domain_sid)));
return NT_STATUS_NO_SUCH_USER;
}
if (num_records_domain > 1) {
DEBUG(0,("Found %d records matching domain [%s]\n",
- num_records_domain, domain_sid));
+ num_records_domain,
+ ldap_encode_ndr_dom_sid(mem_ctx, domain_sid)));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c
index 337c300203..cce446533d 100644
--- a/source4/rpc_server/samr/dcesrv_samr.c
+++ b/source4/rpc_server/samr/dcesrv_samr.c
@@ -160,8 +160,7 @@ static NTSTATUS samr_LookupDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX
{
struct samr_connect_state *c_state;
struct dcesrv_handle *h;
- struct dom_sid2 *sid;
- const char *sidstr;
+ struct dom_sid *sid;
r->out.sid = NULL;
@@ -173,19 +172,12 @@ static NTSTATUS samr_LookupDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX
return NT_STATUS_INVALID_PARAMETER;
}
- sidstr = samdb_search_string(c_state->sam_ctx,
- mem_ctx, NULL, "objectSid",
- "(&(name=%s)(objectclass=domain))",
- r->in.domain_name->string);
- if (sidstr == NULL) {
- return NT_STATUS_NO_SUCH_DOMAIN;
- }
-
- sid = dom_sid_parse_talloc(mem_ctx, sidstr);
+ sid = samdb_search_dom_sid(c_state->sam_ctx,
+ mem_ctx, NULL, "objectSid",
+ "(&(name=%s)(objectclass=domain))",
+ r->in.domain_name->string);
if (sid == NULL) {
- DEBUG(0,("samdb: Invalid sid '%s' for domain %s\n",
- sidstr, r->in.domain_name->string));
- return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ return NT_STATUS_NO_SUCH_DOMAIN;
}
r->out.sid = sid;
@@ -266,7 +258,7 @@ static NTSTATUS samr_OpenDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *
struct samr_OpenDomain *r)
{
struct dcesrv_handle *h_conn, *h_domain;
- const char *sidstr, *domain_name;
+ const char *domain_name;
struct samr_connect_state *c_state;
struct samr_domain_state *d_state;
const char * const attrs[2] = { "name", NULL};
@@ -283,15 +275,10 @@ static NTSTATUS samr_OpenDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *
return NT_STATUS_INVALID_PARAMETER;
}
- sidstr = dom_sid_string(mem_ctx, r->in.sid);
- if (sidstr == NULL) {
- return NT_STATUS_INVALID_PARAMETER;
- }
-
ret = gendb_search(c_state->sam_ctx,
mem_ctx, NULL, &msgs, attrs,
"(&(objectSid=%s)(objectclass=domain))",
- sidstr);
+ ldap_encode_ndr_dom_sid(mem_ctx, r->in.sid));
if (ret != 1) {
return NT_STATUS_NO_SUCH_DOMAIN;
}
@@ -308,7 +295,7 @@ static NTSTATUS samr_OpenDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *
d_state->connect_state = talloc_reference(d_state, c_state);
d_state->sam_ctx = c_state->sam_ctx;
- d_state->domain_sid = talloc_strdup(d_state, sidstr);
+ d_state->domain_sid = dom_sid_dup(d_state, r->in.sid);
d_state->domain_name = talloc_strdup(d_state, domain_name);
d_state->domain_dn = talloc_strdup(d_state, msgs[0]->dn);
if (!d_state->domain_sid || !d_state->domain_name || !d_state->domain_dn) {
@@ -470,7 +457,7 @@ static NTSTATUS samr_CreateDomainGroup(struct dcesrv_call_state *dce_call, TALLO
const char *name;
struct ldb_message *msg;
struct dom_sid *sid;
- const char *groupname, *sidstr;
+ const char *groupname;
struct dcesrv_handle *g_handle;
int ret;
@@ -526,10 +513,10 @@ static NTSTATUS samr_CreateDomainGroup(struct dcesrv_call_state *dce_call, TALLO
a_state->domain_state = talloc_reference(a_state, d_state);
a_state->account_dn = talloc_steal(a_state, msg->dn);
- /* retrieve the sidstring for the group just created */
- sidstr = samdb_search_string(d_state->sam_ctx, a_state,
- msg->dn, "objectSid", NULL);
- if (sidstr == NULL) {
+ /* retrieve the sid for the group just created */
+ sid = samdb_search_dom_sid(d_state->sam_ctx, a_state,
+ msg->dn, "objectSid", NULL);
+ if (sid == NULL) {
return NT_STATUS_UNSUCCESSFUL;
}
@@ -547,11 +534,6 @@ static NTSTATUS samr_CreateDomainGroup(struct dcesrv_call_state *dce_call, TALLO
g_handle->data = talloc_steal(g_handle, a_state);
*r->out.group_handle = g_handle->wire_handle;
-
- sid = dom_sid_parse_talloc(mem_ctx, sidstr);
- if (!sid)
- return NT_STATUS_UNSUCCESSFUL;
-
*r->out.rid = sid->sub_auths[sid->num_auths-1];
return NT_STATUS_OK;
@@ -578,7 +560,6 @@ static NTSTATUS samr_EnumDomainGroups(struct dcesrv_call_state *dce_call, TALLOC
int ldb_cnt, count, i, first;
struct samr_SamEntry *entries;
const char * const attrs[3] = { "objectSid", "sAMAccountName", NULL };
- struct dom_sid *domain_sid;
*r->out.resume_handle = 0;
r->out.sam = NULL;
@@ -588,15 +569,11 @@ static NTSTATUS samr_EnumDomainGroups(struct dcesrv_call_state *dce_call, TALLOC
d_state = h->data;
- domain_sid = dom_sid_parse_talloc(mem_ctx, d_state->domain_sid);
- if (domain_sid == NULL)
- return NT_STATUS_NO_MEMORY;
-
/* search for all domain groups in this domain. This could possibly be
cached and resumed based on resume_key */
ldb_cnt = samdb_search_domain(d_state->sam_ctx, mem_ctx,
d_state->domain_dn, &res, attrs,
- domain_sid,
+ d_state->domain_sid,
"(&(grouptype=%s)(objectclass=group))",
ldb_hexstr(mem_ctx,
GTYPE_SECURITY_GLOBAL_GROUP));
@@ -680,7 +657,7 @@ static NTSTATUS samr_CreateUser2(struct dcesrv_call_state *dce_call, TALLOC_CTX
const char *name;
struct ldb_message *msg;
struct dom_sid *sid;
- const char *account_name, *sidstr;
+ const char *account_name;
struct dcesrv_handle *u_handle;
int ret;
const char *container, *class=NULL;
@@ -756,10 +733,10 @@ static NTSTATUS samr_CreateUser2(struct dcesrv_call_state *dce_call, TALLOC_CTX
a_state->domain_state = talloc_reference(a_state, d_state);
a_state->account_dn = talloc_steal(a_state, msg->dn);
- /* retrieve the sidstring for the group just created */
- sidstr = samdb_search_string(d_state->sam_ctx, a_state,
+ /* retrieve the sid for the group just created */
+ sid = samdb_search_dom_sid(d_state->sam_ctx, a_state,
msg->dn, "objectSid", NULL);
- if (sidstr == NULL) {
+ if (sid == NULL) {
return NT_STATUS_UNSUCCESSFUL;
}
@@ -779,10 +756,6 @@ static NTSTATUS samr_CreateUser2(struct dcesrv_call_state *dce_call, TALLOC_CTX
*r->out.user_handle = u_handle->wire_handle;
*r->out.access_granted = 0xf07ff; /* TODO: fix access mask calculations */
- sid = dom_sid_parse_talloc(mem_ctx, sidstr);
- if (!sid)
- return NT_STATUS_UNSUCCESSFUL;
-
*r->out.rid = sid->sub_auths[sid->num_auths-1];
return NT_STATUS_OK;
@@ -898,7 +871,7 @@ static NTSTATUS samr_CreateDomAlias(struct dcesrv_call_state *dce_call, TALLOC_C
struct samr_domain_state *d_state;
struct samr_account_state *a_state;
struct dcesrv_handle *h;
- const char *alias_name, *name, *sidstr;
+ const char *alias_name, *name;
struct ldb_message *msg;
struct dom_sid *sid;
struct dcesrv_handle *a_handle;
@@ -960,12 +933,9 @@ static NTSTATUS samr_CreateDomAlias(struct dcesrv_call_state *dce_call, TALLOC_C
a_state->domain_state = talloc_reference(a_state, d_state);
a_state->account_dn = talloc_steal(a_state, msg->dn);
- /* retrieve the sidstring for the group just created */
- sidstr = samdb_search_string(d_state->sam_ctx, a_state,
+ /* retrieve the sid for the alias just created */
+ sid = samdb_search_dom_sid(d_state->sam_ctx, a_state,
msg->dn, "objectSid", NULL);
- if (sidstr == NULL) {
- return NT_STATUS_UNSUCCESSFUL;
- }
a_state->account_name = talloc_strdup(a_state, alias_name);
if (!a_state->account_name) {
@@ -981,10 +951,6 @@ static NTSTATUS samr_CreateDomAlias(struct dcesrv_call_state *dce_call, TALLOC_C
*r->out.alias_handle = a_handle->wire_handle;
- sid = dom_sid_parse_talloc(mem_ctx, sidstr);
- if (!sid)
- return NT_STATUS_UNSUCCESSFUL;
-
*r->out.rid = sid->sub_auths[sid->num_auths-1];
return NT_STATUS_OK;
@@ -1003,7 +969,6 @@ static NTSTATUS samr_EnumDomainAliases(struct dcesrv_call_state *dce_call, TALLO
int ldb_cnt, count, i, first;
struct samr_SamEntry *entries;
const char * const attrs[3] = { "objectSid", "sAMAccountName", NULL };
- struct dom_sid *domain_sid;
*r->out.resume_handle = 0;
r->out.sam = NULL;
@@ -1013,15 +978,12 @@ static NTSTATUS samr_EnumDomainAliases(struct dcesrv_call_state *dce_call, TALLO
d_state = h->data;
- domain_sid = dom_sid_parse_talloc(mem_ctx, d_state->domain_sid);
- if (domain_sid == NULL)
- return NT_STATUS_NO_MEMORY;
-
/* search for all domain groups in this domain. This could possibly be
cached and resumed based on resume_key */
ldb_cnt = samdb_search_domain(d_state->sam_ctx, mem_ctx,
d_state->domain_dn,
- &res, attrs, domain_sid,
+ &res, attrs,
+ d_state->domain_sid,
"(&(|(grouptype=%s)(grouptype=%s)))"
"(objectclass=group))",
ldb_hexstr(mem_ctx,
@@ -1102,7 +1064,6 @@ static NTSTATUS samr_GetAliasMembership(struct dcesrv_call_state *dce_call, TALL
struct dcesrv_handle *h;
struct samr_domain_state *d_state;
struct ldb_message **res;
- struct dom_sid *domain_sid;
int i, count = 0;
DCESRV_PULL_HANDLE(h, r->in.domain_handle, SAMR_HANDLE_DOMAIN);
@@ -1124,17 +1085,14 @@ static NTSTATUS samr_GetAliasMembership(struct dcesrv_call_state *dce_call, TALL
return NT_STATUS_NO_MEMORY;
for (i=0; i<r->in.sids->num_sids; i++) {
- const char *sidstr, *memberdn;
+ const char *memberdn;
- sidstr = dom_sid_string(mem_ctx,
- r->in.sids->sids[i].sid);
- if (sidstr == NULL)
- return NT_STATUS_NO_MEMORY;
-
- memberdn = samdb_search_string(d_state->sam_ctx,
- mem_ctx, NULL, "dn",
- "(objectSid=%s)",
- sidstr);
+ memberdn =
+ samdb_search_string(d_state->sam_ctx,
+ mem_ctx, NULL, "dn",
+ "(objectSid=%s)",
+ ldap_encode_ndr_dom_sid(mem_ctx,
+ r->in.sids->sids[i].sid));
if (memberdn == NULL)
continue;
@@ -1145,14 +1103,9 @@ static NTSTATUS samr_GetAliasMembership(struct dcesrv_call_state *dce_call, TALL
return NT_STATUS_NO_MEMORY;
}
- domain_sid = dom_sid_parse_talloc(mem_ctx,
- d_state->domain_sid);
- if (domain_sid == NULL)
- return NT_STATUS_NO_MEMORY;
-
count = samdb_search_domain(d_state->sam_ctx, mem_ctx,
d_state->domain_dn, &res, attrs,
- domain_sid, "%s))", filter);
+ d_state->domain_sid, "%s))", filter);
if (count < 0)
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
@@ -1215,8 +1168,7 @@ static NTSTATUS samr_LookupNames(struct dcesrv_call_state *dce_call, TALLOC_CTX
for (i=0;i<r->in.num_names;i++) {
struct ldb_message **res;
- struct dom_sid2 *sid;
- const char *sidstr;
+ struct dom_sid *sid;
uint32_t atype, rtype;
r->out.rids.ids[i] = 0;
@@ -1229,18 +1181,12 @@ static NTSTATUS samr_LookupNames(struct dcesrv_call_state *dce_call, TALLOC_CTX
continue;
}
- sidstr = samdb_result_string(res[0], "objectSid", NULL);
- if (sidstr == NULL) {
- status = STATUS_SOME_UNMAPPED;
- continue;
- }
-
- sid = dom_sid_parse_talloc(mem_ctx, sidstr);
+ sid = samdb_result_dom_sid(mem_ctx, res[0], "objectSid");
if (sid == NULL) {
status = STATUS_SOME_UNMAPPED;
continue;
}
-
+
atype = samdb_result_uint(res[0], "sAMAccountType", 0);
if (atype == 0) {
status = STATUS_SOME_UNMAPPED;
@@ -1300,13 +1246,21 @@ static NTSTATUS samr_LookupRids(struct dcesrv_call_state *dce_call, TALLOC_CTX *
const char * const attrs[] = { "sAMAccountType",
"sAMAccountName", NULL };
uint32_t atype;
+ struct dom_sid *sid;
ids[i] = SID_NAME_UNKNOWN;
+ sid = dom_sid_add_rid(mem_ctx, d_state->domain_sid, r->in.rids[i]);
+ if (sid == NULL) {
+ names[i].string = NULL;
+ status = STATUS_SOME_UNMAPPED;
+ continue;
+ }
+
count = gendb_search(d_state->sam_ctx, mem_ctx,
d_state->domain_dn, &res, attrs,
- "(objectSid=%s-%u)", d_state->domain_sid,
- r->in.rids[i]);
+ "(objectSid=%s)",
+ ldap_encode_ndr_dom_sid(mem_ctx, sid));
if (count != 1) {
names[i].string = NULL;
status = STATUS_SOME_UNMAPPED;
@@ -1349,7 +1303,8 @@ static NTSTATUS samr_OpenGroup(struct dcesrv_call_state *dce_call, TALLOC_CTX *m
struct samr_domain_state *d_state;
struct samr_account_state *a_state;
struct dcesrv_handle *h;
- const char *groupname, *sidstr;
+ const char *groupname;
+ struct dom_sid *sid;
struct ldb_message **msgs;
struct dcesrv_handle *g_handle;
const char * const attrs[2] = { "sAMAccountName", NULL };
@@ -1362,8 +1317,8 @@ static NTSTATUS samr_OpenGroup(struct dcesrv_call_state *dce_call, TALLOC_CTX *m
d_state = h->data;
/* form the group SID */
- sidstr = talloc_asprintf(mem_ctx, "%s-%u", d_state->domain_sid, r->in.rid);
- if (!sidstr) {
+ sid = dom_sid_add_rid(mem_ctx, d_state->domain_sid, r->in.rid);
+ if (!sid) {
return NT_STATUS_NO_MEMORY;
}
@@ -1372,19 +1327,22 @@ static NTSTATUS samr_OpenGroup(struct dcesrv_call_state *dce_call, TALLOC_CTX *m
mem_ctx, d_state->domain_dn, &msgs, attrs,
"(&(objectSid=%s)(objectclass=group)"
"(grouptype=%s))",
- sidstr, ldb_hexstr(mem_ctx,
- GTYPE_SECURITY_GLOBAL_GROUP));
+ ldap_encode_ndr_dom_sid(mem_ctx, sid),
+ ldb_hexstr(mem_ctx,
+ GTYPE_SECURITY_GLOBAL_GROUP));
if (ret == 0) {
return NT_STATUS_NO_SUCH_GROUP;
}
if (ret != 1) {
- DEBUG(0,("Found %d records matching sid %s\n", ret, sidstr));
+ DEBUG(0,("Found %d records matching sid %s\n",
+ ret, dom_sid_string(mem_ctx, sid)));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
groupname = samdb_result_string(msgs[0], "sAMAccountName", NULL);
if (groupname == NULL) {
- DEBUG(0,("sAMAccountName field missing for sid %s\n", sidstr));
+ DEBUG(0,("sAMAccountName field missing for sid %s\n",
+ dom_sid_string(mem_ctx, sid)));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
@@ -1396,7 +1354,7 @@ static NTSTATUS samr_OpenGroup(struct dcesrv_call_state *dce_call, TALLOC_CTX *m
a_state->access_mask = r->in.access_mask;
a_state->domain_state = talloc_reference(a_state, d_state);
a_state->account_dn = talloc_steal(a_state, msgs[0]->dn);
- a_state->account_sid = talloc_steal(a_state, sidstr);
+ a_state->account_sid = talloc_steal(a_state, sid);
a_state->account_name = talloc_strdup(a_state, groupname);
if (!a_state->account_name) {
return NT_STATUS_NO_MEMORY;
@@ -1586,7 +1544,7 @@ static NTSTATUS samr_AddGroupMember(struct dcesrv_call_state *dce_call, TALLOC_C
struct samr_account_state *a_state;
struct samr_domain_state *d_state;
struct ldb_message *mod;
- char *membersidstr;
+ struct dom_sid *membersid;
const char *memberdn;
struct ldb_message **msgs;
const char * const attrs[2] = { "dn", NULL };
@@ -1597,16 +1555,15 @@ static NTSTATUS samr_AddGroupMember(struct dcesrv_call_state *dce_call, TALLOC_C
a_state = h->data;
d_state = a_state->domain_state;
- membersidstr = talloc_asprintf(mem_ctx, "%s-%u", d_state->domain_sid,
- r->in.rid);
- if (membersidstr == NULL)
+ membersid = dom_sid_add_rid(mem_ctx, d_state->domain_sid, r->in.rid);
+ if (membersid == NULL)
return NT_STATUS_NO_MEMORY;
/* In native mode, AD can also nest domain groups. Not sure yet
* whether this is also available via RPC. */
ret = gendb_search(d_state->sam_ctx, mem_ctx, d_state->domain_dn,
&msgs, attrs, "(&(objectSid=%s)(objectclass=user))",
- membersidstr);
+ ldap_encode_ndr_dom_sid(mem_ctx, membersid));
if (ret == 0)
return NT_STATUS_NO_SUCH_USER;
@@ -1674,7 +1631,7 @@ static NTSTATUS samr_DeleteGroupMember(struct dcesrv_call_state *dce_call, TALLO
struct samr_account_state *a_state;
struct samr_domain_state *d_state;
struct ldb_message *mod;
- char *membersidstr;
+ struct dom_sid *membersid;
const char *memberdn;
struct ldb_message **msgs;
const char * const attrs[2] = { "dn", NULL };
@@ -1685,16 +1642,15 @@ static NTSTATUS samr_DeleteGroupMember(struct dcesrv_call_state *dce_call, TALLO
a_state = h->data;
d_state = a_state->domain_state;
- membersidstr = talloc_asprintf(mem_ctx, "%s-%u", d_state->domain_sid,
- r->in.rid);
- if (membersidstr == NULL)
+ membersid = dom_sid_add_rid(mem_ctx, d_state->domain_sid, r->in.rid);
+ if (membersid == NULL)
return NT_STATUS_NO_MEMORY;
/* In native mode, AD can also nest domain groups. Not sure yet
* whether this is also available via RPC. */
ret = gendb_search(d_state->sam_ctx, mem_ctx, d_state->domain_dn,
&msgs, attrs, "(&(objectSid=%s)(objectclass=user))",
- membersidstr);
+ ldap_encode_ndr_dom_sid(mem_ctx, membersid));
if (ret == 0)
return NT_STATUS_NO_SUCH_USER;
@@ -1820,7 +1776,8 @@ static NTSTATUS samr_OpenAlias(struct dcesrv_call_state *dce_call, TALLOC_CTX *m
struct samr_domain_state *d_state;
struct samr_account_state *a_state;
struct dcesrv_handle *h;
- const char *alias_name, *sidstr;
+ const char *alias_name;
+ struct dom_sid *sid;
struct ldb_message **msgs;
struct dcesrv_handle *g_handle;
const char * const attrs[2] = { "sAMAccountName", NULL };
@@ -1833,9 +1790,8 @@ static NTSTATUS samr_OpenAlias(struct dcesrv_call_state *dce_call, TALLOC_CTX *m
d_state = h->data;
/* form the alias SID */
- sidstr = talloc_asprintf(mem_ctx, "%s-%u", d_state->domain_sid,
- r->in.rid);
- if (sidstr == NULL)
+ sid = dom_sid_add_rid(mem_ctx, d_state->domain_sid, r->in.rid);
+ if (sid == NULL)
return NT_STATUS_NO_MEMORY;
/* search for the group record */
@@ -1843,7 +1799,7 @@ static NTSTATUS samr_OpenAlias(struct dcesrv_call_state *dce_call, TALLOC_CTX *m
mem_ctx, d_state->domain_dn, &msgs, attrs,
"(&(objectSid=%s)(objectclass=group)"
"(|(grouptype=%s)(grouptype=%s)))",
- sidstr,
+ ldap_encode_ndr_dom_sid(mem_ctx, sid),
ldb_hexstr(mem_ctx,
GTYPE_SECURITY_BUILTIN_LOCAL_GROUP),
ldb_hexstr(mem_ctx,
@@ -1852,13 +1808,15 @@ static NTSTATUS samr_OpenAlias(struct dcesrv_call_state *dce_call, TALLOC_CTX *m
return NT_STATUS_NO_SUCH_ALIAS;
}
if (ret != 1) {
- DEBUG(0,("Found %d records matching sid %s\n", ret, sidstr));
+ DEBUG(0,("Found %d records matching sid %s\n",
+ ret, dom_sid_string(mem_ctx, sid)));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
alias_name = samdb_result_string(msgs[0], "sAMAccountName", NULL);
if (alias_name == NULL) {
- DEBUG(0,("sAMAccountName field missing for sid %s\n", sidstr));
+ DEBUG(0,("sAMAccountName field missing for sid %s\n",
+ dom_sid_string(mem_ctx, sid)));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
@@ -1870,7 +1828,7 @@ static NTSTATUS samr_OpenAlias(struct dcesrv_call_state *dce_call, TALLOC_CTX *m
a_state->access_mask = r->in.access_mask;
a_state->domain_state = talloc_reference(a_state, d_state);
a_state->account_dn = talloc_steal(a_state, msgs[0]->dn);
- a_state->account_sid = talloc_steal(a_state, sidstr);
+ a_state->account_sid = talloc_steal(a_state, sid);
a_state->account_name = talloc_strdup(a_state, alias_name);
if (!a_state->account_name) {
return NT_STATUS_NO_MEMORY;
@@ -2030,7 +1988,6 @@ static NTSTATUS samr_AddAliasMember(struct dcesrv_call_state *dce_call, TALLOC_C
struct dcesrv_handle *h;
struct samr_account_state *a_state;
struct samr_domain_state *d_state;
- const char *sidstr;
struct ldb_message *mod;
struct ldb_message **msgs;
const char * const attrs[2] = { "dn", NULL };
@@ -2042,28 +1999,27 @@ static NTSTATUS samr_AddAliasMember(struct dcesrv_call_state *dce_call, TALLOC_C
a_state = h->data;
d_state = a_state->domain_state;
- sidstr = dom_sid_string(mem_ctx, r->in.sid);
- if (sidstr == NULL)
- return NT_STATUS_INVALID_PARAMETER;
-
ret = gendb_search(d_state->sam_ctx, mem_ctx, NULL,
- &msgs, attrs, "(objectsid=%s)", sidstr);
+ &msgs, attrs, "(objectsid=%s)",
+ ldap_encode_ndr_dom_sid(mem_ctx, r->in.sid));
if (ret == 1) {
memberdn = ldb_msg_find_string(msgs[0], "dn", NULL);
} else if (ret > 1) {
- DEBUG(0,("Found %d records matching sid %s\n", ret, sidstr));
+ DEBUG(0,("Found %d records matching sid %s\n",
+ ret, dom_sid_string(mem_ctx, r->in.sid)));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
} else if (ret == 0) {
struct ldb_message *msg;
struct GUID guid;
- const char *guidstr, *basedn;
+ const char *guidstr, *basedn, *sidstr;
+
+ sidstr = dom_sid_string(mem_ctx, r->in.sid);
+ NT_STATUS_HAVE_NO_MEMORY(sidstr);
/* We might have to create a ForeignSecurityPrincipal, but
* only if it's not our own domain */
- if (dom_sid_in_domain(dom_sid_parse_talloc(mem_ctx,
- d_state->domain_sid),
- r->in.sid))
+ if (dom_sid_in_domain(d_state->domain_sid, r->in.sid))
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
msg = ldb_msg_new(mem_ctx);
@@ -2166,7 +2122,6 @@ static NTSTATUS samr_DeleteAliasMember(struct dcesrv_call_state *dce_call, TALLO
struct dcesrv_handle *h;
struct samr_account_state *a_state;
struct samr_domain_state *d_state;
- const char *sidstr;
struct ldb_message *mod;
const char *memberdn;
@@ -2175,12 +2130,9 @@ static NTSTATUS samr_DeleteAliasMember(struct dcesrv_call_state *dce_call, TALLO
a_state = h->data;
d_state = a_state->domain_state;
- sidstr = dom_sid_string(mem_ctx, r->in.sid);
- if (sidstr == NULL)
- return NT_STATUS_INVALID_PARAMETER;
-
memberdn = samdb_search_string(d_state->sam_ctx, mem_ctx, NULL,
- "dn", "(objectSid=%s)", sidstr);
+ "dn", "(objectSid=%s)",
+ ldap_encode_ndr_dom_sid(mem_ctx, r->in.sid));
if (memberdn == NULL)
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
@@ -2274,7 +2226,8 @@ static NTSTATUS samr_OpenUser(struct dcesrv_call_state *dce_call, TALLOC_CTX *me
struct samr_domain_state *d_state;
struct samr_account_state *a_state;
struct dcesrv_handle *h;
- const char *account_name, *sidstr;
+ const char *account_name;
+ struct dom_sid *sid;
struct ldb_message **msgs;
struct dcesrv_handle *u_handle;
const char * const attrs[2] = { "sAMAccountName", NULL };
@@ -2287,8 +2240,8 @@ static NTSTATUS samr_OpenUser(struct dcesrv_call_state *dce_call, TALLOC_CTX *me
d_state = h->data;
/* form the users SID */
- sidstr = talloc_asprintf(mem_ctx, "%s-%u", d_state->domain_sid, r->in.rid);
- if (!sidstr) {
+ sid = dom_sid_add_rid(mem_ctx, d_state->domain_sid, r->in.rid);
+ if (!sid) {
return NT_STATUS_NO_MEMORY;
}
@@ -2296,18 +2249,20 @@ static NTSTATUS samr_OpenUser(struct dcesrv_call_state *dce_call, TALLOC_CTX *me
ret = gendb_search(d_state->sam_ctx,
mem_ctx, d_state->domain_dn, &msgs, attrs,
"(&(objectSid=%s)(objectclass=user))",
- sidstr);
+ ldap_encode_ndr_dom_sid(mem_ctx, sid));
if (ret == 0) {
return NT_STATUS_NO_SUCH_USER;
}
if (ret != 1) {
- DEBUG(0,("Found %d records matching sid %s\n", ret, sidstr));
+ DEBUG(0,("Found %d records matching sid %s\n", ret,
+ dom_sid_string(mem_ctx, sid)));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
account_name = samdb_result_string(msgs[0], "sAMAccountName", NULL);
if (account_name == NULL) {
- DEBUG(0,("sAMAccountName field missing for sid %s\n", sidstr));
+ DEBUG(0,("sAMAccountName field missing for sid %s\n",
+ dom_sid_string(mem_ctx, sid)));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
@@ -2319,7 +2274,7 @@ static NTSTATUS samr_OpenUser(struct dcesrv_call_state *dce_call, TALLOC_CTX *me
a_state->access_mask = r->in.access_mask;
a_state->domain_state = talloc_reference(a_state, d_state);
a_state->account_dn = talloc_steal(a_state, msgs[0]->dn);
- a_state->account_sid = talloc_steal(a_state, sidstr);
+ a_state->account_sid = talloc_steal(a_state, sid);
a_state->account_name = talloc_strdup(a_state, account_name);
if (!a_state->account_name) {
return NT_STATUS_NO_MEMORY;
@@ -2801,7 +2756,6 @@ static NTSTATUS samr_GetGroupsForUser(struct dcesrv_call_state *dce_call, TALLOC
struct samr_account_state *a_state;
struct samr_domain_state *d_state;
struct ldb_message **res;
- struct dom_sid *domain_sid;
const char * const attrs[2] = { "objectSid", NULL };
struct samr_RidWithTypeArray *array;
int count;
@@ -2810,12 +2764,9 @@ static NTSTATUS samr_GetGroupsForUser(struct dcesrv_call_state *dce_call, TALLOC
a_state = h->data;
d_state = a_state->domain_state;
- domain_sid = dom_sid_parse_talloc(mem_ctx, d_state->domain_sid);
- if (domain_sid == NULL)
- return NT_STATUS_NO_MEMORY;
count = samdb_search_domain(a_state->sam_ctx, mem_ctx, NULL, &res,
- attrs, domain_sid,
+ attrs, d_state->domain_sid,
"(&(member=%s)(grouptype=%s)(objectclass=group))",
a_state->account_dn,
ldb_hexstr(mem_ctx,
@@ -2873,7 +2824,6 @@ static NTSTATUS samr_QueryDisplayInfo(struct dcesrv_call_state *dce_call, TALLOC
int ldb_cnt, count, i;
const char * const attrs[4] = { "objectSid", "sAMAccountName",
"description", NULL };
- struct dom_sid *domain_sid;
struct samr_DispEntryFull *entriesFull = NULL;
struct samr_DispEntryAscii *entriesAscii = NULL;
struct samr_DispEntryGeneral * entriesGeneral = NULL;
@@ -2907,15 +2857,11 @@ static NTSTATUS samr_QueryDisplayInfo(struct dcesrv_call_state *dce_call, TALLOC
return NT_STATUS_INVALID_INFO_CLASS;
}
- domain_sid = dom_sid_parse_talloc(mem_ctx, d_state->domain_sid);
- if (domain_sid == NULL)
- return NT_STATUS_NO_MEMORY;
-
/* search for all requested objects in this domain. This could
possibly be cached and resumed based on resume_key */
ldb_cnt = samdb_search_domain(d_state->sam_ctx, mem_ctx,
d_state->domain_dn, &res, attrs,
- domain_sid, "%s", filter);
+ d_state->domain_sid, "%s", filter);
if (ldb_cnt == -1) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
@@ -3127,8 +3073,7 @@ static NTSTATUS samr_RemoveMemberFromForeignDomain(struct dcesrv_call_state *dce
{
struct dcesrv_handle *h;
struct samr_domain_state *d_state;
- struct dom_sid *domain_sid;
- const char *membersid, *memberdn;
+ const char *memberdn;
struct ldb_message **res;
const char * const attrs[3] = { "dn", "objectSid", NULL };
int i, count;
@@ -3137,13 +3082,9 @@ static NTSTATUS samr_RemoveMemberFromForeignDomain(struct dcesrv_call_state *dce
d_state = h->data;
- domain_sid = dom_sid_parse_talloc(mem_ctx, d_state->domain_sid);
- membersid = dom_sid_string(mem_ctx, r->in.sid);
- if ((domain_sid == NULL) || (membersid == NULL))
- return NT_STATUS_NO_MEMORY;
-
memberdn = samdb_search_string(d_state->sam_ctx, mem_ctx, NULL,
- "dn", "(objectSid=%s)", membersid);
+ "dn", "(objectSid=%s)",
+ ldap_encode_ndr_dom_sid(mem_ctx, r->in.sid));
if (memberdn == NULL)
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
@@ -3152,7 +3093,7 @@ static NTSTATUS samr_RemoveMemberFromForeignDomain(struct dcesrv_call_state *dce
count = samdb_search_domain(d_state->sam_ctx, mem_ctx,
d_state->domain_dn, &res, attrs,
- domain_sid,
+ d_state->domain_sid,
"(&(member=%s)(objectClass=group)"
"(|(groupType=%s)(groupType=%s)))",
memberdn,
diff --git a/source4/rpc_server/samr/dcesrv_samr.h b/source4/rpc_server/samr/dcesrv_samr.h
index 9e41937328..51e0869eef 100644
--- a/source4/rpc_server/samr/dcesrv_samr.h
+++ b/source4/rpc_server/samr/dcesrv_samr.h
@@ -47,7 +47,7 @@ struct samr_domain_state {
struct samr_connect_state *connect_state;
void *sam_ctx;
uint32_t access_mask;
- const char *domain_sid;
+ struct dom_sid *domain_sid;
const char *domain_name;
const char *domain_dn;
};
@@ -59,7 +59,7 @@ struct samr_account_state {
struct samr_domain_state *domain_state;
void *sam_ctx;
uint32_t access_mask;
- const char *account_sid;
+ struct dom_sid *account_sid;
const char *account_name;
const char *account_dn;
};
diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c
index 8fa261cf35..d251c02eca 100644
--- a/source4/rpc_server/samr/samr_password.c
+++ b/source4/rpc_server/samr/samr_password.c
@@ -147,11 +147,11 @@ NTSTATUS samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call, TALLOC_
int ret;
struct ldb_message **res, *mod;
const char * const attrs[] = { "objectSid", "lmPwdHash", "unicodePwd", NULL };
- const char *domain_sid;
struct samr_Password *lm_pwd;
DATA_BLOB lm_pwd_blob;
uint8_t new_lm_hash[16];
struct samr_Password lm_verifier;
+ struct dom_sid *domain_sid;
if (pwbuf == NULL) {
return NT_STATUS_WRONG_PASSWORD;
@@ -211,7 +211,8 @@ NTSTATUS samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call, TALLOC_
}
domain_dn = samdb_search_string(sam_ctx, mem_ctx, NULL, "dn",
- "(objectSid=%s)", domain_sid);
+ "(objectSid=%s)",
+ ldap_encode_ndr_dom_sid(mem_ctx, domain_sid));
if (!domain_dn) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
@@ -267,7 +268,7 @@ NTSTATUS samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
const char * const dom_attrs[] = { "minPwdLength", "pwdHistoryLength",
"pwdProperties", "minPwdAge", "maxPwdAge",
NULL };
- const char *domain_sid;
+ struct dom_sid *domain_sid;
struct samr_Password *nt_pwd, *lm_pwd;
DATA_BLOB nt_pwd_blob;
struct samr_DomInfo1 *dominfo;
@@ -360,7 +361,8 @@ NTSTATUS samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
}
domain_dn = samdb_search_string(sam_ctx, mem_ctx, NULL, "dn",
- "(objectSid=%s)", domain_sid);
+ "(objectSid=%s)",
+ ldap_encode_ndr_dom_sid(mem_ctx, domain_sid));
if (!domain_dn) {
status = NT_STATUS_INTERNAL_DB_CORRUPTION;
goto failed;
diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif
index c3968495e4..ce6d349aca 100644
--- a/source4/setup/provision.ldif
+++ b/source4/setup/provision.ldif
@@ -1,7 +1,7 @@
dn: @INDEXLIST
@IDXATTR: name
@IDXATTR: sAMAccountName
-@IDXATTR: objectSid
+@IDXATTR: objectSid_DISABLED_BY_TRIDGE
@IDXATTR: objectClass
@IDXATTR: member
@IDXATTR: unixID