From 36d73b0e71eb3fbbe8d660b7609806b0355bd09c Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 11 Oct 2005 11:00:16 +0000 Subject: r10894: make the handling of dn/distinguishedName much closer to real ldap. Also ensure we put a objectclass on our private ldb's, so they have some chance of being stored in ldap if you want to (This used to be commit 1af2cc067f70f6654d08387fc28def67229bb06a) --- source4/auth/gensec/schannel_state.c | 1 + source4/dsdb/samdb/samdb.c | 6 ++--- source4/lib/gendb.c | 2 +- source4/lib/ldb/common/ldb_match.c | 7 ++++- source4/lib/ldb/common/ldb_parse.c | 2 +- source4/lib/ldb/tools/cmdline.c | 2 +- source4/lib/ldb/tools/ldbdel.c | 4 +-- source4/lib/ldb/tools/ldbedit.c | 2 +- source4/lib/ldb/tools/ldbsearch.c | 2 +- source4/libnet/libnet_samsync_ldb.c | 7 ++--- source4/nbt_server/wins/winsdb.c | 1 + source4/rpc_server/drsuapi/drsuapi_cracknames.c | 2 +- source4/rpc_server/lsa/dcesrv_lsa.c | 3 +-- source4/rpc_server/samr/dcesrv_samr.c | 36 +++++++++++-------------- 14 files changed, 37 insertions(+), 40 deletions(-) diff --git a/source4/auth/gensec/schannel_state.c b/source4/auth/gensec/schannel_state.c index 632deb4326..0c4f99499c 100644 --- a/source4/auth/gensec/schannel_state.c +++ b/source4/auth/gensec/schannel_state.c @@ -118,6 +118,7 @@ NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx, seed.data = creds->seed.data; seed.length = sizeof(creds->seed.data); + ldb_msg_add_string(ldb, msg, "objectClass", "schannelState"); ldb_msg_add_value(ldb, msg, "sessionKey", &val); ldb_msg_add_value(ldb, msg, "seed", &seed); ldb_msg_add_string(ldb, msg, "negotiateFlags", f); diff --git a/source4/dsdb/samdb/samdb.c b/source4/dsdb/samdb/samdb.c index 93cf6f4b8d..bc8dcd0f06 100644 --- a/source4/dsdb/samdb/samdb.c +++ b/source4/dsdb/samdb/samdb.c @@ -467,8 +467,7 @@ NTTIME samdb_result_allow_password_change(struct ldb_context *sam_ldb, return 0; } - minPwdAge = samdb_search_int64(sam_ldb, mem_ctx, 0, - domain_dn, "minPwdAge", "dn=%s", ldb_dn_linearize(mem_ctx, domain_dn)); + minPwdAge = samdb_search_int64(sam_ldb, mem_ctx, 0, domain_dn, "minPwdAge", NULL); /* yes, this is a -= not a += as minPwdAge is stored as the negative of the number of 100-nano-seconds */ @@ -494,8 +493,7 @@ NTTIME samdb_result_force_password_change(struct ldb_context *sam_ldb, return 0; } - maxPwdAge = samdb_search_int64(sam_ldb, mem_ctx, 0, domain_dn, - "maxPwdAge", "dn=%s", ldb_dn_linearize(mem_ctx, domain_dn)); + maxPwdAge = samdb_search_int64(sam_ldb, mem_ctx, 0, domain_dn, "maxPwdAge", NULL); if (maxPwdAge == 0) { return 0; } else { diff --git a/source4/lib/gendb.c b/source4/lib/gendb.c index a5fe7c3bce..e0fb9662bb 100644 --- a/source4/lib/gendb.c +++ b/source4/lib/gendb.c @@ -90,7 +90,7 @@ int gendb_search_dn(struct ldb_context *ldb, struct ldb_message ***res, const char * const *attrs) { - return gendb_search(ldb, mem_ctx, dn, res, attrs, "dn=%s", ldb_dn_linearize(mem_ctx, dn)); + return gendb_search(ldb, mem_ctx, dn, res, attrs, NULL); } /* diff --git a/source4/lib/ldb/common/ldb_match.c b/source4/lib/ldb/common/ldb_match.c index 1269d99a0f..78e4304f6c 100644 --- a/source4/lib/ldb/common/ldb_match.c +++ b/source4/lib/ldb/common/ldb_match.c @@ -88,7 +88,7 @@ static int ldb_match_present(struct ldb_context *ldb, enum ldb_scope scope) { - if (ldb_attr_cmp(tree->u.present.attr, "dn") == 0) { + if (ldb_attr_cmp(tree->u.present.attr, "distinguishedName") == 0) { return 1; } @@ -151,8 +151,13 @@ static int ldb_match_equality(struct ldb_context *ldb, struct ldb_dn *valuedn; int ret; + /* catch the old method of dn matching */ if (ldb_attr_cmp(tree->u.equality.attr, "dn") == 0) { + ldb_debug(ldb, LDB_DEBUG_FATAL, "attempt to match on 'dn' - should use distinguishedName"); + return 0; + } + if (ldb_attr_cmp(tree->u.equality.attr, "distinguishedName") == 0) { valuedn = ldb_dn_explode_casefold(ldb, tree->u.equality.value.data); if (valuedn == NULL) { return 0; diff --git a/source4/lib/ldb/common/ldb_parse.c b/source4/lib/ldb/common/ldb_parse.c index 27f9e1ec25..e61511ebec 100644 --- a/source4/lib/ldb/common/ldb_parse.c +++ b/source4/lib/ldb/common/ldb_parse.c @@ -621,7 +621,7 @@ static struct ldb_parse_tree *ldb_parse_filter(void *mem_ctx, const char **s) struct ldb_parse_tree *ldb_parse_tree(void *mem_ctx, const char *s) { if (s == NULL || *s == 0) { - s = "(|(objectClass=*)(dn=*))"; + s = "(|(objectClass=*)(distinguishedName=*))"; } while (isspace((unsigned char)*s)) s++; diff --git a/source4/lib/ldb/tools/cmdline.c b/source4/lib/ldb/tools/cmdline.c index 2428306f39..ca9d3847e8 100644 --- a/source4/lib/ldb/tools/cmdline.c +++ b/source4/lib/ldb/tools/cmdline.c @@ -54,7 +54,7 @@ struct ldb_cmdline *ldb_cmdline_process(struct ldb_context *ldb, int argc, const { "recursive", 'r', POPT_ARG_NONE, &options.recursive, 0, "recursive delete", NULL }, { "num-searches", 0, POPT_ARG_INT, &options.num_searches, 0, "number of test searches", NULL }, { "num-records", 0, POPT_ARG_INT, &options.num_records, 0, "number of test records", NULL }, - { "all", 'a', POPT_ARG_NONE, &options.all_records, 0, "dn=*", NULL }, + { "all", 'a', POPT_ARG_NONE, &options.all_records, 0, "objectClass=*", NULL }, { "nosync", 0, POPT_ARG_NONE, &options.nosync, 0, "non-synchronous transactions", NULL }, { "sorted", 'S', POPT_ARG_NONE, &options.sorted, 0, "sort attributes", NULL }, { "sasl-mechanism", 0, POPT_ARG_STRING, &options.sasl_mechanism, 0, "choose SASL mechanism", "MECHANISM" }, diff --git a/source4/lib/ldb/tools/ldbdel.c b/source4/lib/ldb/tools/ldbdel.c index 6082931e22..bd40fccbdb 100644 --- a/source4/lib/ldb/tools/ldbdel.c +++ b/source4/lib/ldb/tools/ldbdel.c @@ -44,10 +44,10 @@ static int ldb_delete_recursive(struct ldb_context *ldb, const struct ldb_dn *dn) { int ret, i, total=0; - const char *attrs[] = { "dn", NULL }; + const char *attrs[] = { NULL }; struct ldb_message **res; - ret = ldb_search(ldb, dn, LDB_SCOPE_SUBTREE, "dn=*", attrs, &res); + ret = ldb_search(ldb, dn, LDB_SCOPE_SUBTREE, "distinguishedName=*", attrs, &res); if (ret <= 0) return -1; for (i=0;isam_ldb, mem_ctx, NULL, &msgs_domain, domain_attrs, "(&(&(nETBIOSName=%s)(objectclass=crossRef))(ncName=*))", @@ -132,16 +131,14 @@ static NTSTATUS samsync_ldb_handle_domain(TALLOC_CTX *mem_ctx, state->base_dn[database] = samdb_result_dn(state, msgs_domain[0], "nCName", NULL); - base_dn = ldb_dn_linearize(mem_ctx, state->base_dn[database]); - state->dom_sid[database] = samdb_search_dom_sid(state->sam_ldb, state, state->base_dn[database], - "objectSid", "dn=%s", base_dn); + "objectSid", NULL); } else if (database == SAM_DATABASE_BUILTIN) { /* work out the builtin_dn - useful for so many calls its worth fetching here */ const char *dnstring = samdb_search_string(state->sam_ldb, mem_ctx, NULL, - "dn", "objectClass=builtinDomain"); + "distinguishedName", "objectClass=builtinDomain"); state->base_dn[database] = ldb_dn_explode(state, dnstring); state->dom_sid[database] = dom_sid_parse_talloc(state, SID_BUILTIN); } else { diff --git a/source4/nbt_server/wins/winsdb.c b/source4/nbt_server/wins/winsdb.c index 88433795ea..cd6f262eb6 100644 --- a/source4/nbt_server/wins/winsdb.c +++ b/source4/nbt_server/wins/winsdb.c @@ -41,6 +41,7 @@ static BOOL winsdb_save_version(struct wins_server *winssrv) msg->dn = ldb_dn_explode(msg, "CN=VERSION"); if (msg->dn == NULL) goto failed; + ret |= ldb_msg_add_string(ldb, msg, "objectClass", "winsEntry"); ret |= ldb_msg_add_fmt(ldb, msg, "minVersion", "%llu", winssrv->min_version); ret |= ldb_msg_add_fmt(ldb, msg, "maxVersion", "%llu", winssrv->max_version); if (ret != 0) goto failed; diff --git a/source4/rpc_server/drsuapi/drsuapi_cracknames.c b/source4/rpc_server/drsuapi/drsuapi_cracknames.c index 866faf49b9..29ca1a4527 100644 --- a/source4/rpc_server/drsuapi/drsuapi_cracknames.c +++ b/source4/rpc_server/drsuapi/drsuapi_cracknames.c @@ -451,7 +451,7 @@ static WERROR DsCrackNameOneFilter(struct drsuapi_bind_state *b_state, TALLOC_CT switch (format_desired) { case DRSUAPI_DS_NAME_FORMAT_FQDN_1779: { const char * const _domain_attrs[] = { "ncName", "dnsRoot", NULL}; - const char * const _result_attrs[] = { "dn", NULL}; + const char * const _result_attrs[] = { "distinguishedName", NULL}; domain_attrs = _domain_attrs; result_attrs = _result_attrs; diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c index e4b0e8c8ba..34d9bb899e 100644 --- a/source4/rpc_server/lsa/dcesrv_lsa.c +++ b/source4/rpc_server/lsa/dcesrv_lsa.c @@ -269,8 +269,7 @@ static NTSTATUS lsa_get_policy_state(struct dcesrv_call_state *dce_call, TALLOC_ } state->domain_sid = samdb_search_dom_sid(state->sam_ldb, state, - state->domain_dn, "objectSid", "dn=%s", - ldb_dn_linearize(mem_ctx, state->domain_dn)); + state->domain_dn, "objectSid", NULL); if (!state->domain_sid) { return NT_STATUS_NO_SUCH_DOMAIN; } diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c index c985187cd9..e2b1a3bddc 100644 --- a/source4/rpc_server/samr/dcesrv_samr.c +++ b/source4/rpc_server/samr/dcesrv_samr.c @@ -575,8 +575,7 @@ static NTSTATUS samr_CreateDomainGroup(struct dcesrv_call_state *dce_call, TALLO /* retrieve the sid for the group just created */ sid = samdb_search_dom_sid(d_state->sam_ctx, a_state, - msg->dn, "objectSid", "dn=%s", - ldb_dn_linearize(mem_ctx, msg->dn)); + msg->dn, "objectSid", NULL); if (sid == NULL) { return NT_STATUS_UNSUCCESSFUL; } @@ -811,7 +810,7 @@ static NTSTATUS samr_CreateUser2(struct dcesrv_call_state *dce_call, TALLOC_CTX /* retrieve the sid for the user just created */ sid = samdb_search_dom_sid(d_state->sam_ctx, a_state, - msg->dn, "objectSid", "dn=%s", ldb_dn_linearize(mem_ctx, msg->dn)); + msg->dn, "objectSid", NULL); if (sid == NULL) { return NT_STATUS_UNSUCCESSFUL; } @@ -1012,8 +1011,7 @@ static NTSTATUS samr_CreateDomAlias(struct dcesrv_call_state *dce_call, TALLOC_C /* retrieve the sid for the alias just created */ sid = samdb_search_dom_sid(d_state->sam_ctx, a_state, - msg->dn, "objectSid", "dn=%s", - ldb_dn_linearize(mem_ctx, msg->dn)); + msg->dn, "objectSid", NULL); a_state->account_name = talloc_strdup(a_state, alias_name); if (!a_state->account_name) { @@ -1167,7 +1165,7 @@ static NTSTATUS samr_GetAliasMembership(struct dcesrv_call_state *dce_call, TALL memberdn = samdb_search_string(d_state->sam_ctx, - mem_ctx, NULL, "dn", + mem_ctx, NULL, "distinguishedName", "(objectSid=%s)", ldap_encode_ndr_dom_sid(mem_ctx, r->in.sids->sids[i].sid)); @@ -1625,7 +1623,7 @@ static NTSTATUS samr_AddGroupMember(struct dcesrv_call_state *dce_call, TALLOC_C struct dom_sid *membersid; const char *memberdn; struct ldb_message **msgs; - const char * const attrs[2] = { "dn", NULL }; + const char * const attrs[2] = { "distinguishedName", NULL }; int ret; DCESRV_PULL_HANDLE(h, r->in.group_handle, SAMR_HANDLE_GROUP); @@ -1649,7 +1647,7 @@ static NTSTATUS samr_AddGroupMember(struct dcesrv_call_state *dce_call, TALLOC_C if (ret > 1) return NT_STATUS_INTERNAL_DB_CORRUPTION; - memberdn = samdb_result_string(msgs[0], "dn", NULL); + memberdn = samdb_result_string(msgs[0], "distinguishedName", NULL); if (memberdn == NULL) return NT_STATUS_INTERNAL_DB_CORRUPTION; @@ -1712,7 +1710,7 @@ static NTSTATUS samr_DeleteGroupMember(struct dcesrv_call_state *dce_call, TALLO struct dom_sid *membersid; const char *memberdn; struct ldb_message **msgs; - const char * const attrs[2] = { "dn", NULL }; + const char * const attrs[2] = { "distinguishedName", NULL }; int ret; DCESRV_PULL_HANDLE(h, r->in.group_handle, SAMR_HANDLE_GROUP); @@ -1736,7 +1734,7 @@ static NTSTATUS samr_DeleteGroupMember(struct dcesrv_call_state *dce_call, TALLO if (ret > 1) return NT_STATUS_INTERNAL_DB_CORRUPTION; - memberdn = samdb_result_string(msgs[0], "dn", NULL); + memberdn = samdb_result_string(msgs[0], "distinguishedName", NULL); if (memberdn == NULL) return NT_STATUS_INTERNAL_DB_CORRUPTION; @@ -2068,7 +2066,7 @@ static NTSTATUS samr_AddAliasMember(struct dcesrv_call_state *dce_call, TALLOC_C struct samr_domain_state *d_state; struct ldb_message *mod; struct ldb_message **msgs; - const char * const attrs[2] = { "dn", NULL }; + const char * const attrs[2] = { "distinguishedName", NULL }; struct ldb_dn *memberdn = NULL; int ret; @@ -2082,7 +2080,7 @@ static NTSTATUS samr_AddAliasMember(struct dcesrv_call_state *dce_call, TALLOC_C ldap_encode_ndr_dom_sid(mem_ctx, r->in.sid)); if (ret == 1) { - memberdn = ldb_dn_explode(mem_ctx, ldb_msg_find_string(msgs[0], "dn", NULL)); + memberdn = ldb_dn_explode(mem_ctx, ldb_msg_find_string(msgs[0], "distinguishedName", NULL)); } else if (ret > 1) { DEBUG(0,("Found %d records matching sid %s\n", ret, dom_sid_string(mem_ctx, r->in.sid))); @@ -2183,7 +2181,7 @@ static NTSTATUS samr_DeleteAliasMember(struct dcesrv_call_state *dce_call, TALLO d_state = a_state->domain_state; memberdn = samdb_search_string(d_state->sam_ctx, mem_ctx, NULL, - "dn", "(objectSid=%s)", + "distinguishedName", "(objectSid=%s)", ldap_encode_ndr_dom_sid(mem_ctx, r->in.sid)); if (memberdn == NULL) @@ -3111,12 +3109,10 @@ static NTSTATUS samr_GetUserPwInfo(struct dcesrv_call_state *dce_call, TALLOC_CT r->out.info.min_password_length = samdb_search_uint(a_state->sam_ctx, mem_ctx, 0, a_state->domain_state->domain_dn, "minPwdLength", - "dn=%s", - ldb_dn_linearize(mem_ctx, a_state->domain_state->domain_dn)); + NULL); r->out.info.password_properties = samdb_search_uint(a_state->sam_ctx, mem_ctx, 0, a_state->account_dn, - "pwdProperties", "dn=%s", - ldb_dn_linearize(mem_ctx, a_state->account_dn)); + "pwdProperties", NULL); return NT_STATUS_OK; } @@ -3131,7 +3127,7 @@ static NTSTATUS samr_RemoveMemberFromForeignDomain(struct dcesrv_call_state *dce struct samr_domain_state *d_state; const char *memberdn; struct ldb_message **res; - const char * const attrs[3] = { "dn", "objectSid", NULL }; + const char * const attrs[3] = { "distinguishedName", "objectSid", NULL }; int i, count; DCESRV_PULL_HANDLE(h, r->in.domain_handle, SAMR_HANDLE_DOMAIN); @@ -3139,7 +3135,7 @@ static NTSTATUS samr_RemoveMemberFromForeignDomain(struct dcesrv_call_state *dce d_state = h->data; memberdn = samdb_search_string(d_state->sam_ctx, mem_ctx, NULL, - "dn", "(objectSid=%s)", + "distinguishedName", "(objectSid=%s)", ldap_encode_ndr_dom_sid(mem_ctx, r->in.sid)); if (memberdn == NULL) return NT_STATUS_OBJECT_NAME_NOT_FOUND; @@ -3169,7 +3165,7 @@ static NTSTATUS samr_RemoveMemberFromForeignDomain(struct dcesrv_call_state *dce return NT_STATUS_NO_MEMORY; } - mod->dn = samdb_result_dn(mod, res[i], "dn", NULL); + mod->dn = samdb_result_dn(mod, res[i], "distinguishedName", NULL); if (mod->dn == NULL) { talloc_free(mod); continue; -- cgit