From 03ffed73db41e9433ddc41a6fddf79c2a632a043 Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Mon, 28 Jun 2010 19:57:12 +0200 Subject: s4:auth/sam.c - "authsam_expand_nested_groups" - use "dsdb_search_dn" where possible And always catch LDB errors --- source4/auth/sam.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) (limited to 'source4/auth/sam.c') diff --git a/source4/auth/sam.c b/source4/auth/sam.c index b0fc9ca6ca..20e242b1cc 100644 --- a/source4/auth/sam.c +++ b/source4/auth/sam.c @@ -322,7 +322,12 @@ NTSTATUS authsam_expand_nested_groups(struct ldb_context *sam_ctx, status = dsdb_get_extended_dn_sid(dn, &sid, "SID"); if (!NT_STATUS_IS_OK(status)) { - ret = dsdb_search(sam_ctx, tmp_ctx, &res, dn, LDB_SCOPE_BASE, attrs, DSDB_SEARCH_SHOW_EXTENDED_DN, NULL); + ret = dsdb_search_dn(sam_ctx, tmp_ctx, &res, dn, attrs, + DSDB_SEARCH_SHOW_EXTENDED_DN); + if (ret != LDB_SUCCESS) { + talloc_free(tmp_ctx); + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } dn = res->msgs[0]->dn; status = dsdb_get_extended_dn_sid(dn, &sid, "SID"); } @@ -336,7 +341,8 @@ NTSTATUS authsam_expand_nested_groups(struct ldb_context *sam_ctx, } if (only_childs) { - ret = dsdb_search(sam_ctx, tmp_ctx, &res, dn, LDB_SCOPE_BASE, attrs, DSDB_SEARCH_SHOW_EXTENDED_DN, NULL); + ret = dsdb_search_dn(sam_ctx, tmp_ctx, &res, dn, attrs, + DSDB_SEARCH_SHOW_EXTENDED_DN); } else { /* This is an O(n^2) linear search */ already_there = sids_contains_sid((const struct dom_sid**) *res_sids, @@ -345,7 +351,9 @@ NTSTATUS authsam_expand_nested_groups(struct ldb_context *sam_ctx, return NT_STATUS_OK; } - ret = dsdb_search(sam_ctx, tmp_ctx, &res, dn, LDB_SCOPE_BASE, attrs, DSDB_SEARCH_SHOW_EXTENDED_DN, "%s", filter); + ret = dsdb_search(sam_ctx, tmp_ctx, &res, dn, LDB_SCOPE_BASE, + attrs, DSDB_SEARCH_SHOW_EXTENDED_DN, "%s", + filter); } if (ret == LDB_ERR_NO_SUCH_OBJECT) { -- cgit