From 50648760e786c0f1c7236344c31592ab586773dd Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Mon, 5 Sep 2011 16:46:35 +1000
Subject: s4-cracknames: fixed cracknames to use more specific search

this uses the bitwise comparison ldap operators to ensure we only get
NC roots

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Sep  5 12:48:39 CEST 2011 on sn-devel-104
---
 source4/dsdb/samdb/cracknames.c | 25 ++++++++++++-------------
 1 file changed, 12 insertions(+), 13 deletions(-)

diff --git a/source4/dsdb/samdb/cracknames.c b/source4/dsdb/samdb/cracknames.c
index 1e70a7731c..105de56056 100644
--- a/source4/dsdb/samdb/cracknames.c
+++ b/source4/dsdb/samdb/cracknames.c
@@ -299,12 +299,14 @@ static WERROR DsCrackNameUPN(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx,
 					 principal);
 
 	ldb_ret = ldb_search(sam_ctx, mem_ctx, &domain_res,
-				     samdb_partitions_dn(sam_ctx, mem_ctx), 
-				     LDB_SCOPE_ONELEVEL,
-				     domain_attrs,
-				     "(&(&(|(&(dnsRoot=%s)(nETBIOSName=*))(nETBIOSName=%s))(objectclass=crossRef))(ncName=*))",
-				     ldb_binary_encode_string(mem_ctx, realm), 
-				     ldb_binary_encode_string(mem_ctx, realm));
+			     samdb_partitions_dn(sam_ctx, mem_ctx),
+			     LDB_SCOPE_ONELEVEL,
+			     domain_attrs,
+			     "(&(objectClass=crossRef)(|(dnsRoot=%s)(netbiosName=%s))(systemFlags:%s:=%u))",
+			     ldb_binary_encode_string(mem_ctx, realm),
+			     ldb_binary_encode_string(mem_ctx, realm),
+			     LDB_OID_COMPARATOR_AND,
+			     SYSTEM_FLAG_CR_NTDS_DOMAIN);
 
 	if (ldb_ret != LDB_SUCCESS) {
 		DEBUG(2, ("DsCrackNameUPN domain ref search failed: %s\n", ldb_errstring(sam_ctx)));
@@ -464,7 +466,6 @@ WERROR DsCrackNameOneName(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx,
 	case DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT: {
 		char *p;
 		char *domain;
-		struct ldb_dn *dn_domain;
 		const char *account = NULL;
 
 		domain = talloc_strdup(mem_ctx, name);
@@ -482,14 +483,12 @@ WERROR DsCrackNameOneName(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx,
 			account = &p[1];
 		}
 
-		/* it could be in DNS domain form */
-		dn_domain = samdb_dns_domain_to_dn(sam_ctx, mem_ctx, domain);
-		W_ERROR_HAVE_NO_MEMORY(dn_domain);
-
 		domain_filter = talloc_asprintf(mem_ctx, 
-						"(&(&(|(nETBIOSName=%s)(nCName=%s))(objectclass=crossRef))(ncName=*))",
+						"(&(objectClass=crossRef)(|(dnsRoot=%s)(netbiosName=%s))(systemFlags:%s:=%u))",
+						ldb_binary_encode_string(mem_ctx, domain),
 						ldb_binary_encode_string(mem_ctx, domain),
-						ldb_dn_get_linearized(dn_domain));
+						LDB_OID_COMPARATOR_AND,
+						SYSTEM_FLAG_CR_NTDS_DOMAIN);
 		W_ERROR_HAVE_NO_MEMORY(domain_filter);
 		if (account) {
 			result_filter = talloc_asprintf(mem_ctx, "(sAMAccountName=%s)",
-- 
cgit