From 6ef65389fd2f2bdcafe840e0cd0221bb9f26bdfc Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 26 May 2009 12:31:39 +1000 Subject: Don't use crossRef records to find our own domain A single AD server can only host a single domain, so don't stuff about with looking up our crossRef record in the cn=Partitions container. We instead trust that lp_realm() and lp_workgroup() works correctly. Andrew Bartlett --- source4/cldap_server/netlogon.c | 116 +++++++--------------------------------- 1 file changed, 20 insertions(+), 96 deletions(-) (limited to 'source4/cldap_server/netlogon.c') diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index 33c0adc3b1..8a21ea55c9 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -53,10 +53,9 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, struct loadparm_context *lp_ctx, struct netlogon_samlogon_response *netlogon) { - const char *ref_attrs[] = {"nETBIOSName", "dnsRoot", "ncName", NULL}; const char *dom_attrs[] = {"objectGUID", NULL}; const char *none_attrs[] = {NULL}; - struct ldb_result *ref_res = NULL, *dom_res = NULL, *user_res = NULL; + struct ldb_result *dom_res = NULL, *user_res = NULL; int ret; const char **services = lp_server_services(lp_ctx); uint32_t server_type; @@ -69,94 +68,39 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, const char *server_site; const char *client_site; const char *pdc_ip; - struct ldb_dn *partitions_basedn; + struct ldb_dn *domain_dn = NULL; struct interface *ifaces; bool user_known; NTSTATUS status; - partitions_basedn = samdb_partitions_dn(sam_ctx, mem_ctx); - /* the domain has an optional trailing . */ if (domain && domain[strlen(domain)-1] == '.') { domain = talloc_strndup(mem_ctx, domain, strlen(domain)-1); } - if (domain) { - struct ldb_dn *dom_dn; - /* try and find the domain */ - - ret = ldb_search(sam_ctx, mem_ctx, &ref_res, - partitions_basedn, LDB_SCOPE_ONELEVEL, - ref_attrs, - "(&(&(objectClass=crossRef)(dnsRoot=%s))(nETBIOSName=*))", - ldb_binary_encode_string(mem_ctx, domain)); - - if (ret != LDB_SUCCESS) { - DEBUG(2,("Unable to find referece to '%s' in sam: %s\n", - domain, - ldb_errstring(sam_ctx))); - return NT_STATUS_NO_SUCH_DOMAIN; - } else if (ref_res->count == 1) { - dom_dn = ldb_msg_find_attr_as_dn(sam_ctx, mem_ctx, ref_res->msgs[0], "ncName"); - if (!dom_dn) { - return NT_STATUS_NO_SUCH_DOMAIN; - } - ret = ldb_search(sam_ctx, mem_ctx, &dom_res, - dom_dn, LDB_SCOPE_BASE, dom_attrs, - "objectClass=domain"); - if (ret != LDB_SUCCESS) { - DEBUG(2,("Error finding domain '%s'/'%s' in sam: %s\n", domain, ldb_dn_get_linearized(dom_dn), ldb_errstring(sam_ctx))); - return NT_STATUS_NO_SUCH_DOMAIN; - } - if (dom_res->count != 1) { - DEBUG(2,("Error finding domain '%s'/'%s' in sam\n", domain, ldb_dn_get_linearized(dom_dn))); - return NT_STATUS_NO_SUCH_DOMAIN; - } - } else if (ref_res->count > 1) { - talloc_free(ref_res); - return NT_STATUS_NO_SUCH_DOMAIN; - } + if (domain && strcasecmp_m(domain, lp_realm(lp_ctx)) == 0) { + domain_dn = ldb_get_default_basedn(sam_ctx); } - if (netbios_domain) { - struct ldb_dn *dom_dn; - /* try and find the domain */ + if (netbios_domain && strcasecmp_m(domain, lp_sam_name(lp_ctx))) { + domain_dn = ldb_get_default_basedn(sam_ctx); + } - ret = ldb_search(sam_ctx, mem_ctx, &ref_res, - partitions_basedn, LDB_SCOPE_ONELEVEL, - ref_attrs, - "(&(objectClass=crossRef)(ncName=*)(nETBIOSName=%s))", - ldb_binary_encode_string(mem_ctx, netbios_domain)); - + if (domain_dn) { + ret = ldb_search(sam_ctx, mem_ctx, &dom_res, + domain_dn, LDB_SCOPE_BASE, dom_attrs, + "objectClass=domain"); if (ret != LDB_SUCCESS) { - DEBUG(2,("Unable to find referece to '%s' in sam: %s\n", - netbios_domain, - ldb_errstring(sam_ctx))); + DEBUG(2,("Error finding domain '%s'/'%s' in sam: %s\n", domain, ldb_dn_get_linearized(domain_dn), ldb_errstring(sam_ctx))); return NT_STATUS_NO_SUCH_DOMAIN; - } else if (ref_res->count == 1) { - dom_dn = ldb_msg_find_attr_as_dn(sam_ctx, mem_ctx, ref_res->msgs[0], "ncName"); - if (!dom_dn) { - return NT_STATUS_NO_SUCH_DOMAIN; - } - ret = ldb_search(sam_ctx, mem_ctx, &dom_res, - dom_dn, LDB_SCOPE_BASE, dom_attrs, - "objectClass=domain"); - if (ret != LDB_SUCCESS) { - DEBUG(2,("Error finding domain '%s'/'%s' in sam: %s\n", domain, ldb_dn_get_linearized(dom_dn), ldb_errstring(sam_ctx))); - return NT_STATUS_NO_SUCH_DOMAIN; - } - if (dom_res->count != 1) { - DEBUG(2,("Error finding domain '%s'/'%s' in sam\n", domain, ldb_dn_get_linearized(dom_dn))); - return NT_STATUS_NO_SUCH_DOMAIN; - } - } else if (ref_res->count > 1) { - talloc_free(ref_res); + } + if (dom_res->count != 1) { + DEBUG(2,("Error finding domain '%s'/'%s' in sam\n", domain, ldb_dn_get_linearized(domain_dn))); return NT_STATUS_NO_SUCH_DOMAIN; } } if ((dom_res == NULL || dom_res->count == 0) && (domain_guid || domain_sid)) { - ref_res = NULL; if (domain_guid) { struct GUID binary_guid; @@ -206,36 +150,17 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, ldb_errstring(sam_ctx))); return NT_STATUS_NO_SUCH_DOMAIN; } else if (dom_res->count == 1) { - /* try and find the domain */ - ret = ldb_search(sam_ctx, mem_ctx, &ref_res, - partitions_basedn, LDB_SCOPE_ONELEVEL, - ref_attrs, - "(&(objectClass=crossRef)(ncName=%s))", - ldb_dn_get_linearized(dom_res->msgs[0]->dn)); + /* Ok, now just check it is our domain */ - if (ret != LDB_SUCCESS) { - DEBUG(2,("Unable to find referece to '%s' in sam: %s\n", - ldb_dn_get_linearized(dom_res->msgs[0]->dn), - ldb_errstring(sam_ctx))); - return NT_STATUS_NO_SUCH_DOMAIN; - - } else if (ref_res->count != 1) { - DEBUG(2,("Unable to find referece to '%s' in sam\n", - ldb_dn_get_linearized(dom_res->msgs[0]->dn))); + if (ldb_dn_compare(ldb_get_default_basedn(sam_ctx), dom_res->msgs[0]->dn) != 0) { return NT_STATUS_NO_SUCH_DOMAIN; } } else if (dom_res->count > 1) { - talloc_free(ref_res); return NT_STATUS_NO_SUCH_DOMAIN; } } - if ((ref_res == NULL || ref_res->count == 0)) { - DEBUG(2,("Unable to find domain reference with name %s or GUID {%s}\n", domain, domain_guid)); - return NT_STATUS_NO_SUCH_DOMAIN; - } - if ((dom_res == NULL || dom_res->count == 0)) { DEBUG(2,("Unable to find domain with name %s or GUID {%s}\n", domain, domain_guid)); return NT_STATUS_NO_SUCH_DOMAIN; @@ -308,15 +233,14 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, pdc_name = talloc_asprintf(mem_ctx, "\\\\%s", lp_netbios_name(lp_ctx)); domain_uuid = samdb_result_guid(dom_res->msgs[0], "objectGUID"); - realm = samdb_result_string(ref_res->msgs[0], "dnsRoot", lp_realm(lp_ctx)); - dns_domain = samdb_result_string(ref_res->msgs[0], "dnsRoot", lp_realm(lp_ctx)); + realm = lp_realm(lp_ctx); + dns_domain = lp_realm(lp_ctx); pdc_dns_name = talloc_asprintf(mem_ctx, "%s.%s", strlower_talloc(mem_ctx, lp_netbios_name(lp_ctx)), dns_domain); - flatname = samdb_result_string(ref_res->msgs[0], "nETBIOSName", - lp_workgroup(lp_ctx)); + flatname = lp_sam_name(lp_ctx); /* FIXME: Hardcoded site names */ server_site = "Default-First-Site-Name"; client_site = "Default-First-Site-Name"; -- cgit