2 Unix SMB/CIFS implementation.
4 interface functions for the sam database
6 Copyright (C) Andrew Tridgell 2004
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 #include "librpc/gen_ndr/ndr_netlogon.h"
25 #include "librpc/gen_ndr/ndr_misc.h"
26 #include "librpc/gen_ndr/ndr_security.h"
27 #include "lib/ldb/include/ldb.h"
28 #include "lib/ldb/include/ldb_errors.h"
29 #include "libcli/security/proto.h"
30 #include "system/time.h"
31 #include "system/filesys.h"
33 #include "dsdb/samdb/samdb.h"
37 connect to the SAM database
38 return an opaque context pointer on success, or NULL on failure
40 struct ldb_context *samdb_connect(TALLOC_CTX *mem_ctx,
41 struct auth_session_info *session_info)
43 struct ldb_context *ldb;
44 ldb = ldb_wrap_connect(mem_ctx, lp_sam_url(), session_info,
53 search the sam for the specified attributes in a specific domain, filter on
54 objectSid being in domain_sid.
56 int samdb_search_domain(struct ldb_context *sam_ldb,
58 const struct ldb_dn *basedn,
59 struct ldb_message ***res,
60 const char * const *attrs,
61 const struct dom_sid *domain_sid,
62 const char *format, ...) _PRINTF_ATTRIBUTE(7,8)
68 count = gendb_search_v(sam_ldb, mem_ctx, basedn,
69 res, attrs, format, ap);
75 struct dom_sid *entry_sid;
77 entry_sid = samdb_result_dom_sid(mem_ctx, (*res)[i], "objectSid");
79 if ((entry_sid == NULL) ||
80 (!dom_sid_in_domain(domain_sid, entry_sid))) {
81 /* Delete that entry from the result set */
82 (*res)[i] = (*res)[count-1];
84 talloc_free(entry_sid);
87 talloc_free(entry_sid);
95 search the sam for a single string attribute in exactly 1 record
97 const char *samdb_search_string_v(struct ldb_context *sam_ldb,
99 const struct ldb_dn *basedn,
100 const char *attr_name,
101 const char *format, va_list ap) _PRINTF_ATTRIBUTE(5,0)
104 const char *attrs[2] = { NULL, NULL };
105 struct ldb_message **res = NULL;
107 attrs[0] = attr_name;
109 count = gendb_search_v(sam_ldb, mem_ctx, basedn, &res, attrs, format, ap);
111 DEBUG(1,("samdb: search for %s %s not single valued (count=%d)\n",
112 attr_name, format, count));
119 return samdb_result_string(res[0], attr_name, NULL);
124 search the sam for a single string attribute in exactly 1 record
126 const char *samdb_search_string(struct ldb_context *sam_ldb,
128 const struct ldb_dn *basedn,
129 const char *attr_name,
130 const char *format, ...) _PRINTF_ATTRIBUTE(5,6)
135 va_start(ap, format);
136 str = samdb_search_string_v(sam_ldb, mem_ctx, basedn, attr_name, format, ap);
142 struct ldb_dn *samdb_search_dn(struct ldb_context *sam_ldb,
144 const struct ldb_dn *basedn,
145 const char *format, ...) _PRINTF_ATTRIBUTE(4,5)
149 struct ldb_message **res = NULL;
152 va_start(ap, format);
153 count = gendb_search_v(sam_ldb, mem_ctx, basedn, &res, NULL, format, ap);
156 if (count != 1) return NULL;
158 ret = talloc_steal(mem_ctx, res[0]->dn);
165 search the sam for a dom_sid attribute in exactly 1 record
167 struct dom_sid *samdb_search_dom_sid(struct ldb_context *sam_ldb,
169 const struct ldb_dn *basedn,
170 const char *attr_name,
171 const char *format, ...) _PRINTF_ATTRIBUTE(5,6)
175 struct ldb_message **res;
176 const char *attrs[2] = { NULL, NULL };
179 attrs[0] = attr_name;
181 va_start(ap, format);
182 count = gendb_search_v(sam_ldb, mem_ctx, basedn, &res, attrs, format, ap);
185 DEBUG(1,("samdb: search for %s %s not single valued (count=%d)\n",
186 attr_name, format, count));
192 sid = samdb_result_dom_sid(mem_ctx, res[0], attr_name);
198 return the count of the number of records in the sam matching the query
200 int samdb_search_count(struct ldb_context *sam_ldb,
202 const struct ldb_dn *basedn,
203 const char *format, ...) _PRINTF_ATTRIBUTE(4,5)
206 struct ldb_message **res;
207 const char * const attrs[] = { NULL };
210 va_start(ap, format);
211 ret = gendb_search_v(sam_ldb, mem_ctx, basedn, &res, attrs, format, ap);
219 search the sam for a single integer attribute in exactly 1 record
221 uint_t samdb_search_uint(struct ldb_context *sam_ldb,
223 uint_t default_value,
224 const struct ldb_dn *basedn,
225 const char *attr_name,
226 const char *format, ...) _PRINTF_ATTRIBUTE(6,7)
230 struct ldb_message **res;
231 const char *attrs[2] = { NULL, NULL };
233 attrs[0] = attr_name;
235 va_start(ap, format);
236 count = gendb_search_v(sam_ldb, mem_ctx, basedn, &res, attrs, format, ap);
240 return default_value;
243 return samdb_result_uint(res[0], attr_name, default_value);
247 search the sam for a single signed 64 bit integer attribute in exactly 1 record
249 int64_t samdb_search_int64(struct ldb_context *sam_ldb,
251 int64_t default_value,
252 const struct ldb_dn *basedn,
253 const char *attr_name,
254 const char *format, ...) _PRINTF_ATTRIBUTE(6,7)
258 struct ldb_message **res;
259 const char *attrs[2] = { NULL, NULL };
261 attrs[0] = attr_name;
263 va_start(ap, format);
264 count = gendb_search_v(sam_ldb, mem_ctx, basedn, &res, attrs, format, ap);
268 return default_value;
271 return samdb_result_int64(res[0], attr_name, default_value);
275 search the sam for multipe records each giving a single string attribute
276 return the number of matches, or -1 on error
278 int samdb_search_string_multiple(struct ldb_context *sam_ldb,
280 const struct ldb_dn *basedn,
282 const char *attr_name,
283 const char *format, ...) _PRINTF_ATTRIBUTE(6,7)
287 const char *attrs[2] = { NULL, NULL };
288 struct ldb_message **res = NULL;
290 attrs[0] = attr_name;
292 va_start(ap, format);
293 count = gendb_search_v(sam_ldb, mem_ctx, basedn, &res, attrs, format, ap);
300 /* make sure its single valued */
301 for (i=0;i<count;i++) {
302 if (res[i]->num_elements != 1) {
303 DEBUG(1,("samdb: search for %s %s not single valued\n",
310 *strs = talloc_array(mem_ctx, const char *, count+1);
316 for (i=0;i<count;i++) {
317 (*strs)[i] = samdb_result_string(res[i], attr_name, NULL);
319 (*strs)[count] = NULL;
325 pull a uint from a result set.
327 uint_t samdb_result_uint(struct ldb_message *msg, const char *attr, uint_t default_value)
329 return ldb_msg_find_uint(msg, attr, default_value);
333 pull a (signed) int64 from a result set.
335 int64_t samdb_result_int64(struct ldb_message *msg, const char *attr, int64_t default_value)
337 return ldb_msg_find_int64(msg, attr, default_value);
341 pull a string from a result set.
343 const char *samdb_result_string(struct ldb_message *msg, const char *attr,
344 const char *default_value)
346 return ldb_msg_find_string(msg, attr, default_value);
349 struct ldb_dn *samdb_result_dn(TALLOC_CTX *mem_ctx, struct ldb_message *msg,
350 const char *attr, struct ldb_dn *default_value)
352 const char *string = samdb_result_string(msg, attr, NULL);
353 if (string == NULL) return default_value;
354 return ldb_dn_explode(mem_ctx, string);
358 pull a rid from a objectSid in a result set.
360 uint32_t samdb_result_rid_from_sid(TALLOC_CTX *mem_ctx, struct ldb_message *msg,
361 const char *attr, uint32_t default_value)
366 sid = samdb_result_dom_sid(mem_ctx, msg, attr);
368 return default_value;
370 rid = sid->sub_auths[sid->num_auths-1];
376 pull a dom_sid structure from a objectSid in a result set.
378 struct dom_sid *samdb_result_dom_sid(TALLOC_CTX *mem_ctx, struct ldb_message *msg,
381 const struct ldb_val *v;
384 v = ldb_msg_find_ldb_val(msg, attr);
388 sid = talloc(mem_ctx, struct dom_sid);
392 status = ndr_pull_struct_blob(v, sid, sid,
393 (ndr_pull_flags_fn_t)ndr_pull_dom_sid);
394 if (!NT_STATUS_IS_OK(status)) {
402 pull a guid structure from a objectGUID in a result set.
404 struct GUID samdb_result_guid(struct ldb_message *msg, const char *attr)
406 const struct ldb_val *v;
413 v = ldb_msg_find_ldb_val(msg, attr);
416 mem_ctx = talloc_named_const(NULL, 0, "samdb_result_guid");
417 if (!mem_ctx) return guid;
418 status = ndr_pull_struct_blob(v, mem_ctx, &guid,
419 (ndr_pull_flags_fn_t)ndr_pull_GUID);
420 talloc_free(mem_ctx);
421 if (!NT_STATUS_IS_OK(status)) {
429 pull a sid prefix from a objectSid in a result set.
430 this is used to find the domain sid for a user
432 struct dom_sid *samdb_result_sid_prefix(TALLOC_CTX *mem_ctx, struct ldb_message *msg,
435 struct dom_sid *sid = samdb_result_dom_sid(mem_ctx, msg, attr);
436 if (!sid || sid->num_auths < 1) return NULL;
442 pull a NTTIME in a result set.
444 NTTIME samdb_result_nttime(struct ldb_message *msg, const char *attr, NTTIME default_value)
446 const char *str = ldb_msg_find_string(msg, attr, NULL);
447 if (!str) return default_value;
448 return nttime_from_string(str);
452 pull a uint64_t from a result set.
454 uint64_t samdb_result_uint64(struct ldb_message *msg, const char *attr, uint64_t default_value)
456 return ldb_msg_find_uint64(msg, attr, default_value);
461 construct the allow_password_change field from the PwdLastSet attribute and the
462 domain password settings
464 NTTIME samdb_result_allow_password_change(struct ldb_context *sam_ldb,
466 const struct ldb_dn *domain_dn,
467 struct ldb_message *msg,
470 uint64_t attr_time = samdb_result_uint64(msg, attr, 0);
473 if (attr_time == 0) {
477 minPwdAge = samdb_search_int64(sam_ldb, mem_ctx, 0, domain_dn, "minPwdAge", NULL);
479 /* yes, this is a -= not a += as minPwdAge is stored as the negative
480 of the number of 100-nano-seconds */
481 attr_time -= minPwdAge;
487 construct the force_password_change field from the PwdLastSet attribute and the
488 domain password settings
490 NTTIME samdb_result_force_password_change(struct ldb_context *sam_ldb,
492 const struct ldb_dn *domain_dn,
493 struct ldb_message *msg)
495 uint64_t attr_time = samdb_result_uint64(msg, "pwdLastSet", 0);
496 uint32_t user_flags = samdb_result_uint64(msg, "userAccountControl", 0);
499 if (user_flags & UF_DONT_EXPIRE_PASSWD) {
500 return 0x7FFFFFFFFFFFFFFFULL;
503 if (attr_time == 0) {
507 maxPwdAge = samdb_search_int64(sam_ldb, mem_ctx, 0, domain_dn, "maxPwdAge", NULL);
508 if (maxPwdAge == 0) {
511 attr_time -= maxPwdAge;
518 pull a samr_Password structutre from a result set.
520 struct samr_Password *samdb_result_hash(TALLOC_CTX *mem_ctx, struct ldb_message *msg, const char *attr)
522 struct samr_Password *hash = NULL;
523 const struct ldb_val *val = ldb_msg_find_ldb_val(msg, attr);
524 if (val && (val->length >= sizeof(hash->hash))) {
525 hash = talloc(mem_ctx, struct samr_Password);
526 memcpy(hash->hash, val->data, MIN(val->length, sizeof(hash->hash)));
532 pull an array of samr_Password structutres from a result set.
534 uint_t samdb_result_hashes(TALLOC_CTX *mem_ctx, struct ldb_message *msg,
535 const char *attr, struct samr_Password **hashes)
538 const struct ldb_val *val = ldb_msg_find_ldb_val(msg, attr);
545 count = val->length / 16;
550 *hashes = talloc_array(mem_ctx, struct samr_Password, count);
555 for (i=0;i<count;i++) {
556 memcpy((*hashes)[i].hash, (i*16)+(char *)val->data, 16);
562 NTSTATUS samdb_result_passwords(TALLOC_CTX *mem_ctx, struct ldb_message *msg,
563 struct samr_Password **lm_pwd, struct samr_Password **nt_pwd)
565 struct samr_Password *lmPwdHash, *ntPwdHash;
568 num_nt = samdb_result_hashes(mem_ctx, msg, "ntPwdHash", &ntPwdHash);
571 } else if (num_nt > 1) {
572 return NT_STATUS_INTERNAL_DB_CORRUPTION;
574 *nt_pwd = &ntPwdHash[0];
579 num_lm = samdb_result_hashes(mem_ctx, msg, "lmPwdHash", &lmPwdHash);
582 } else if (num_lm > 1) {
583 return NT_STATUS_INTERNAL_DB_CORRUPTION;
585 *lm_pwd = &lmPwdHash[0];
592 pull a samr_LogonHours structutre from a result set.
594 struct samr_LogonHours samdb_result_logon_hours(TALLOC_CTX *mem_ctx, struct ldb_message *msg, const char *attr)
596 struct samr_LogonHours hours;
597 const int units_per_week = 168;
598 const struct ldb_val *val = ldb_msg_find_ldb_val(msg, attr);
600 hours.bits = talloc_array(mem_ctx, uint8_t, units_per_week);
604 hours.units_per_week = units_per_week;
605 memset(hours.bits, 0xFF, units_per_week);
607 memcpy(hours.bits, val->data, MIN(val->length, units_per_week));
613 pull a set of account_flags from a result set.
615 uint16_t samdb_result_acct_flags(struct ldb_message *msg, const char *attr)
617 uint_t userAccountControl = ldb_msg_find_uint(msg, attr, 0);
618 return samdb_uf2acb(userAccountControl);
622 copy from a template record to a message
624 int samdb_copy_template(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx,
625 struct ldb_message *msg, const char *expression)
627 struct ldb_message **res, *t;
631 /* pull the template record */
632 ret = gendb_search(sam_ldb, mem_ctx, NULL, &res, NULL, "%s", expression);
634 DEBUG(1,("samdb: ERROR: template '%s' matched %d records\n",
640 for (i=0;i<t->num_elements;i++) {
641 struct ldb_message_element *el = &t->elements[i];
642 /* some elements should not be copied from the template */
643 if (strcasecmp(el->name, "cn") == 0 ||
644 strcasecmp(el->name, "name") == 0 ||
645 strcasecmp(el->name, "sAMAccountName") == 0) {
648 for (j=0;j<el->num_values;j++) {
649 if (strcasecmp(el->name, "objectClass") == 0 &&
650 (strcasecmp((char *)el->values[j].data, "Template") == 0 ||
651 strcasecmp((char *)el->values[j].data, "userTemplate") == 0 ||
652 strcasecmp((char *)el->values[j].data, "groupTemplate") == 0 ||
653 strcasecmp((char *)el->values[j].data, "foreignSecurityTemplate") == 0 ||
654 strcasecmp((char *)el->values[j].data, "aliasTemplate") == 0 ||
655 strcasecmp((char *)el->values[j].data, "trustedDomainTemplate") == 0 ||
656 strcasecmp((char *)el->values[j].data, "secretTemplate") == 0)) {
659 samdb_msg_add_string(sam_ldb, mem_ctx, msg, el->name,
660 (char *)el->values[j].data);
669 add a string element to a message
671 int samdb_msg_add_string(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
672 const char *attr_name, const char *str)
674 char *s = talloc_strdup(mem_ctx, str);
675 char *a = talloc_strdup(mem_ctx, attr_name);
676 if (s == NULL || a == NULL) {
679 return ldb_msg_add_string(msg, a, s);
683 add a dom_sid element to a message
685 int samdb_msg_add_dom_sid(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
686 const char *attr_name, struct dom_sid *sid)
690 status = ndr_push_struct_blob(&v, mem_ctx, sid,
691 (ndr_push_flags_fn_t)ndr_push_dom_sid);
692 if (!NT_STATUS_IS_OK(status)) {
695 return ldb_msg_add_value(msg, attr_name, &v);
700 add a delete element operation to a message
702 int samdb_msg_add_delete(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
703 const char *attr_name)
705 /* we use an empty replace rather than a delete, as it allows for
706 samdb_replace() to be used everywhere */
707 return ldb_msg_add_empty(msg, attr_name, LDB_FLAG_MOD_REPLACE);
711 add a add attribute value to a message
713 int samdb_msg_add_addval(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
714 const char *attr_name, const char *value)
716 struct ldb_message_element *el;
719 a = talloc_strdup(mem_ctx, attr_name);
722 v = talloc_strdup(mem_ctx, value);
725 ret = ldb_msg_add_string(msg, a, v);
728 el = ldb_msg_find_element(msg, a);
731 el->flags = LDB_FLAG_MOD_ADD;
736 add a delete attribute value to a message
738 int samdb_msg_add_delval(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
739 const char *attr_name, const char *value)
741 struct ldb_message_element *el;
744 a = talloc_strdup(mem_ctx, attr_name);
747 v = talloc_strdup(mem_ctx, value);
750 ret = ldb_msg_add_string(msg, a, v);
753 el = ldb_msg_find_element(msg, a);
756 el->flags = LDB_FLAG_MOD_DELETE;
761 add a uint_t element to a message
763 int samdb_msg_add_uint(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
764 const char *attr_name, uint_t v)
766 const char *s = talloc_asprintf(mem_ctx, "%u", v);
767 return samdb_msg_add_string(sam_ldb, mem_ctx, msg, attr_name, s);
771 add a (signed) int64_t element to a message
773 int samdb_msg_add_int64(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
774 const char *attr_name, int64_t v)
776 const char *s = talloc_asprintf(mem_ctx, "%lld", (long long)v);
777 return samdb_msg_add_string(sam_ldb, mem_ctx, msg, attr_name, s);
781 add a uint64_t element to a message
783 int samdb_msg_add_uint64(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
784 const char *attr_name, uint64_t v)
786 const char *s = talloc_asprintf(mem_ctx, "%llu", (unsigned long long)v);
787 return samdb_msg_add_string(sam_ldb, mem_ctx, msg, attr_name, s);
791 add a samr_Password element to a message
793 int samdb_msg_add_hash(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
794 const char *attr_name, struct samr_Password *hash)
797 val.data = talloc_memdup(mem_ctx, hash->hash, 16);
802 return ldb_msg_add_value(msg, attr_name, &val);
806 add a samr_Password array to a message
808 int samdb_msg_add_hashes(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
809 const char *attr_name, struct samr_Password *hashes, uint_t count)
813 val.data = talloc_array_size(mem_ctx, 16, count);
814 val.length = count*16;
818 for (i=0;i<count;i++) {
819 memcpy(i*16 + (char *)val.data, hashes[i].hash, 16);
821 return ldb_msg_add_value(msg, attr_name, &val);
825 add a acct_flags element to a message
827 int samdb_msg_add_acct_flags(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
828 const char *attr_name, uint32_t v)
830 return samdb_msg_add_uint(sam_ldb, mem_ctx, msg, attr_name, samdb_acb2uf(v));
834 add a logon_hours element to a message
836 int samdb_msg_add_logon_hours(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
837 const char *attr_name, struct samr_LogonHours *hours)
840 val.length = hours->units_per_week / 8;
841 val.data = hours->bits;
842 return ldb_msg_add_value(msg, attr_name, &val);
846 add a general value element to a message
848 int samdb_msg_add_value(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
849 const char *attr_name, const struct ldb_val *val)
851 return ldb_msg_add_value(msg, attr_name, val);
855 sets a general value element to a message
857 int samdb_msg_set_value(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
858 const char *attr_name, const struct ldb_val *val)
860 struct ldb_message_element *el;
862 el = ldb_msg_find_element(msg, attr_name);
866 return ldb_msg_add_value(msg, attr_name, val);
870 set a string element in a message
872 int samdb_msg_set_string(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
873 const char *attr_name, const char *str)
875 struct ldb_message_element *el;
877 el = ldb_msg_find_element(msg, attr_name);
881 return samdb_msg_add_string(sam_ldb, mem_ctx, msg, attr_name, str);
887 int samdb_add(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg)
889 return ldb_add(sam_ldb, msg);
895 int samdb_delete(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, const struct ldb_dn *dn)
897 return ldb_delete(sam_ldb, dn);
903 int samdb_modify(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg)
905 return ldb_modify(sam_ldb, msg);
909 replace elements in a record
911 int samdb_replace(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg)
915 /* mark all the message elements as LDB_FLAG_MOD_REPLACE */
916 for (i=0;i<msg->num_elements;i++) {
917 msg->elements[i].flags = LDB_FLAG_MOD_REPLACE;
920 /* modify the samdb record */
921 return samdb_modify(sam_ldb, mem_ctx, msg);
925 return a default security descriptor
927 struct security_descriptor *samdb_default_security_descriptor(TALLOC_CTX *mem_ctx)
929 struct security_descriptor *sd;
931 sd = security_descriptor_initialise(mem_ctx);
936 struct ldb_dn *samdb_base_dn(TALLOC_CTX *mem_ctx)
938 TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
939 int server_role = lp_server_role();
940 const char **split_realm;
947 if ((server_role == ROLE_DOMAIN_PDC)
948 || (server_role == ROLE_DOMAIN_BDC)) {
950 split_realm = str_list_make(tmp_ctx, lp_realm(), ".");
952 talloc_free(tmp_ctx);
956 i = str_list_length(split_realm);
958 for (; i >= 0; i--) {
959 dn = ldb_dn_build_child(tmp_ctx, "dc", split_realm[i], dn);
961 talloc_free(tmp_ctx);
967 return ldb_dn_string_compose(mem_ctx, NULL, "cn=%s", lp_netbios_name());
972 work out the domain sid for the current open ldb
974 const struct dom_sid *samdb_domain_sid(struct ldb_context *ldb)
976 const char *attrs[] = { "rootDomainNamingContext", NULL };
978 struct ldb_result *res = NULL;
980 struct dom_sid *domain_sid;
981 const char *basedn_s;
982 struct ldb_dn *basedn;
984 /* see if we have a cached copy */
985 domain_sid = ldb_get_opaque(ldb, "cache.domain_sid");
990 tmp_ctx = talloc_new(ldb);
991 if (tmp_ctx == NULL) {
995 basedn = ldb_dn_explode(tmp_ctx, "");
996 if (basedn == NULL) {
1000 /* find the basedn of the domain from the rootdse */
1001 ret = ldb_search(ldb, basedn, LDB_SCOPE_BASE, NULL, attrs, &res);
1002 talloc_steal(tmp_ctx, res);
1003 if (ret != LDB_SUCCESS || res->count != 1) {
1007 basedn_s = ldb_msg_find_string(res->msgs[0], "rootDomainNamingContext", NULL);
1008 if (basedn_s == NULL) {
1012 basedn = ldb_dn_explode(tmp_ctx, basedn_s);
1013 if (basedn == NULL) {
1017 /* find the domain_sid */
1018 domain_sid = samdb_search_dom_sid(ldb, tmp_ctx, basedn,
1019 "objectSid", "objectClass=domainDNS");
1020 if (domain_sid == NULL) {
1024 /* cache the domain_sid in the ldb */
1025 if (ldb_set_opaque(ldb, "cache.domain_sid", domain_sid) != LDB_SUCCESS) {
1029 talloc_steal(ldb, domain_sid);
1030 talloc_free(tmp_ctx);
1035 DEBUG(1,("Failed to find domain_sid for open ldb\n"));
1036 talloc_free(tmp_ctx);
git.samba.org / kai / samba-autobuild / .git / blob