From 1377cca5f4beb43cf67fcc65eed79f14178d6349 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 7 Oct 2005 11:31:45 +0000
Subject: r10810: This adds the hooks required to communicate the current user
 from the authenticated session down into LDB.  This associates a session info
 structure with the open LDB, allowing a future ldb_ntacl module to allow/deny
 operations on that basis.

Along the way, I cleaned up a few things, and added new helper functions
to assist.  In particular the LSA pipe uses simpler queries for some of
the setup.

In ldap_server, I have removed the 'ldasrv:hacked' module, which hasn't
been worked on (other than making it continue to compile) since January,
and I think the features of this module are being put into ldb anyway.

I have also changed the partitions in ldap_server to be initialised
after the connection, with the private pointer used to associate the ldb
with the incoming session.

Andrew Bartlett
(This used to be commit fd7203789a2c0929eecea8125b57b833a67fed71)
---
 source4/rpc_server/lsa/dcesrv_lsa.c | 40 +++++++++++--------------------------
 1 file changed, 12 insertions(+), 28 deletions(-)

(limited to 'source4/rpc_server/lsa')

diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index ba28462d5e..e4b0e8c8ba 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -27,9 +27,9 @@
 #include "rpc_server/dcerpc_server.h"
 #include "rpc_server/common/common.h"
 #include "lib/ldb/include/ldb.h"
-#include "auth/auth.h"
 #include "system/time.h"
 #include "db_wrap.h"
+#include "auth/auth.h"
 
 /*
   this type allows us to distinguish handle types
@@ -220,9 +220,6 @@ static NTSTATUS lsa_get_policy_state(struct dcesrv_call_state *dce_call, TALLOC_
 				     struct lsa_policy_state **_state)
 {
 	struct lsa_policy_state *state;
-	const char *domain_attrs[] =  {"nETBIOSName", "nCName", NULL};
-	int ret_domain;
-	struct ldb_message **msgs_domain;
 
 	state = talloc(mem_ctx, struct lsa_policy_state);
 	if (!state) {
@@ -230,7 +227,7 @@ static NTSTATUS lsa_get_policy_state(struct dcesrv_call_state *dce_call, TALLOC_
 	}
 
 	/* make sure the sam database is accessible */
-	state->sam_ldb = samdb_connect(state);
+	state->sam_ldb = samdb_connect(state, dce_call->conn->auth_state.session_info); 
 	if (state->sam_ldb == NULL) {
 		return NT_STATUS_INVALID_SYSTEM_SERVICE;
 	}
@@ -247,16 +244,14 @@ static NTSTATUS lsa_get_policy_state(struct dcesrv_call_state *dce_call, TALLOC_
 		return NT_STATUS_NO_MEMORY;		
 	}
 
-	ret_domain = gendb_search(state->sam_ldb, mem_ctx, NULL, &msgs_domain, domain_attrs,
-				  "(&(objectclass=crossRef)(ncName=%s))", ldb_dn_linearize(mem_ctx, state->domain_dn));
+	state->domain_name
+		= samdb_search_string(state->sam_ldb, mem_ctx, NULL, "nETBIOSName", 
+				      "(&(objectclass=crossRef)(ncName=%s))", ldb_dn_linearize(mem_ctx, state->domain_dn));
 	
-	if (ret_domain == -1) {
-		return NT_STATUS_INTERNAL_DB_CORRUPTION;
-	}
-		
-	if (ret_domain != 1) {
+	if (!state->domain_name) {
 		return NT_STATUS_NO_SUCH_DOMAIN;		
 	}
+	talloc_steal(state, state->domain_name);
 
 	/* work out the builtin_dn - useful for so many calls its worth
 	   fetching here */
@@ -273,23 +268,20 @@ static NTSTATUS lsa_get_policy_state(struct dcesrv_call_state *dce_call, TALLOC_
 		return NT_STATUS_NO_SUCH_DOMAIN;		
 	}
 
-	state->domain_sid = talloc_steal(state, 
-					 samdb_search_dom_sid(state->sam_ldb, state,
-							      state->domain_dn, "objectSid", "dn=%s",
-							      ldb_dn_linearize(mem_ctx, state->domain_dn)));
+	state->domain_sid = samdb_search_dom_sid(state->sam_ldb, state,
+						 state->domain_dn, "objectSid", "dn=%s",
+						 ldb_dn_linearize(mem_ctx, state->domain_dn));
 	if (!state->domain_sid) {
 		return NT_STATUS_NO_SUCH_DOMAIN;		
 	}
 
+	talloc_steal(state, state->domain_sid);
+
 	state->builtin_sid = dom_sid_parse_talloc(state, SID_BUILTIN);
 	if (!state->builtin_sid) {
 		return NT_STATUS_NO_SUCH_DOMAIN;		
 	}
 
-	state->domain_name = talloc_strdup(state, 
-					   samdb_result_string(msgs_domain[0], "nETBIOSName", 
-							       lp_workgroup()));
-
 	*_state = state;
 
 	return NT_STATUS_OK;
@@ -2426,14 +2418,6 @@ static NTSTATUS lsa_GetUserName(struct dcesrv_call_state *dce_call, TALLOC_CTX *
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
-	/* TODO: this check should go and we should rely on the calling code that this is valid */
-	if (!dce_call->conn->auth_state.session_info ||
-	    !dce_call->conn->auth_state.session_info->server_info ||
-	    !dce_call->conn->auth_state.session_info->server_info->account_name ||
-	    !dce_call->conn->auth_state.session_info->server_info->domain_name) {
-	    	return NT_STATUS_INTERNAL_ERROR;
-	}
-
 	account_name = talloc_reference(mem_ctx, dce_call->conn->auth_state.session_info->server_info->account_name);
 	authority_name = talloc_reference(mem_ctx, dce_call->conn->auth_state.session_info->server_info->domain_name);
 
-- 
cgit