r6883: Move to what simo assures me is the 'correct' way to find the NetBIOS
authorAndrew Bartlett <abartlet@samba.org>
Wed, 18 May 2005 14:19:17 +0000 (14:19 +0000)
committerGerald (Jerry) Carter <jerry@samba.org>
Wed, 10 Oct 2007 18:16:55 +0000 (13:16 -0500)
and long names for a domain.

Add servicePrincipalName mapping table (administrator configurable),
in the same spot as microsoft uses.

Andrew Bartlett

source/auth/auth_sam.c
source/setup/provision.ldif

index 947de1ef8c441c1ea133d12d827372c45728d00a..24007d1eb79bf8e24c0a90bf063d38c3d73c64d0 100644 (file)
@@ -179,6 +179,7 @@ static NTSTATUS authsam_search_account(TALLOC_CTX *mem_ctx, void *sam_ctx,
                                       struct ldb_message ***ret_msgs,
                                       struct ldb_message ***ret_msgs_domain)
 {
+       struct ldb_message **msgs_tmp;
        struct ldb_message **msgs;
        struct ldb_message **msgs_domain;
 
@@ -210,12 +211,12 @@ static NTSTATUS authsam_search_account(TALLOC_CTX *mem_ctx, void *sam_ctx,
                               NULL,
        };
 
-       const char *domain_attrs[] =  {"flatname", "objectSid"};
+       const char *domain_attrs[] =  {"nETBIOSName", "nCName"};
 
        if (domain_name) {
                /* find the domain's DN */
                ret_domain = gendb_search(sam_ctx, mem_ctx, NULL, &msgs_domain, domain_attrs,
-                                         "(|(&(dnsDomain=%s)(objectClass=domainDNS))(&(flatname=%s)(objectclass=domain)))", 
+                                         "(&(&(|(&(dnsRoot=%s)(nETBIOSName=*))(nETBIOSName=%s))(objectclass=crossRef))(ncName=*))", 
                                          domain_name, domain_name);
                if (ret_domain == -1) {
                        return NT_STATUS_INTERNAL_DB_CORRUPTION;
@@ -233,7 +234,7 @@ static NTSTATUS authsam_search_account(TALLOC_CTX *mem_ctx, void *sam_ctx,
                        return NT_STATUS_INTERNAL_DB_CORRUPTION;
                }
 
-               domain_dn = msgs_domain[0]->dn;
+               domain_dn = samdb_result_string(msgs_domain[0], "nCName", NULL);
        }
 
        /* pull the user attributes */
@@ -264,24 +265,44 @@ static NTSTATUS authsam_search_account(TALLOC_CTX *mem_ctx, void *sam_ctx,
                }
 
                /* find the domain's DN */
+               ret = gendb_search(sam_ctx, mem_ctx, NULL, &msgs_tmp, NULL,
+                                  "(&(objectSid=%s)(objectclass=domain))", 
+                                  domain_sid);
+               if (ret == -1) {
+                       return NT_STATUS_INTERNAL_DB_CORRUPTION;
+               }
+               
+               if (ret == 0) {
+                       DEBUG(3,("check_sam_security: Couldn't find domain_sid [%s] in passdb file.\n",
+                                domain_sid));
+                       return NT_STATUS_NO_SUCH_USER;
+               }
+               
+               if (ret > 1) {
+                       DEBUG(0,("Found %d records matching domain_sid [%s]\n", 
+                                ret, domain_sid));
+                       return NT_STATUS_INTERNAL_DB_CORRUPTION;
+               }
+
                ret_domain = gendb_search(sam_ctx, mem_ctx, NULL, &msgs_domain, domain_attrs,
-                                         "(&(objectSid=%s)(objectclass=domain))", 
-                                         domain_sid);
+                                         "(nCName=%s)", msgs_tmp[0]->dn);
+
                if (ret_domain == -1) {
                        return NT_STATUS_INTERNAL_DB_CORRUPTION;
                }
                
                if (ret_domain == 0) {
                        DEBUG(3,("check_sam_security: Couldn't find domain [%s] in passdb file.\n",
-                                domain_sid));
+                                msgs_tmp[0]->dn));
                        return NT_STATUS_NO_SUCH_USER;
                }
                
                if (ret_domain > 1) {
                        DEBUG(0,("Found %d records matching domain [%s]\n", 
-                                ret_domain, domain_sid));
+                                ret_domain, msgs_tmp[0]->dn));
                        return NT_STATUS_INTERNAL_DB_CORRUPTION;
                }
+
        }
 
        *ret_msgs = msgs;
@@ -304,7 +325,7 @@ static NTSTATUS authsam_authenticate(const struct auth_context *auth_context,
        NTTIME last_set_time;
        struct samr_Password *lm_pwd, *nt_pwd;
        NTSTATUS nt_status;
-       const char *domain_dn = msgs_domain[0]->dn;
+       const char *domain_dn = samdb_result_string(msgs_domain[0], "nCName", "");
 
        acct_flags = samdb_result_acct_flags(msgs[0], "sAMAcctFlags");
        
@@ -355,7 +376,7 @@ static NTSTATUS authsam_make_server_info(TALLOC_CTX *mem_ctx, void *sam_ctx,
        struct dom_sid **groupSIDs = NULL;
        struct dom_sid *account_sid;
        struct dom_sid *primary_group_sid;
-       const char *str;
+       const char *str, *ncname;
        int i;
        uint_t rid;
        TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
@@ -412,7 +433,7 @@ static NTSTATUS authsam_make_server_info(TALLOC_CTX *mem_ctx, void *sam_ctx,
 
        server_info->account_name = talloc_reference(server_info, samdb_result_string(msgs[0], "sAMAccountName", NULL));
 
-       server_info->domain_name = talloc_reference(server_info, samdb_result_string(msgs_domain[0], "flatname", NULL));
+       server_info->domain_name = talloc_reference(server_info, samdb_result_string(msgs_domain[0], "nETBIOSName", NULL));
 
        str = samdb_result_string(msgs[0], "displayName", "");
        server_info->full_name = talloc_strdup(server_info, str);
@@ -439,10 +460,12 @@ static NTSTATUS authsam_make_server_info(TALLOC_CTX *mem_ctx, void *sam_ctx,
        server_info->acct_expiry = samdb_result_nttime(msgs[0], "accountExpires", 0);
        server_info->last_password_change = samdb_result_nttime(msgs[0], "pwdLastSet", 0);
 
+       ncname = samdb_result_string(msgs_domain[0], "nCName", "");
+
        server_info->allow_password_change = samdb_result_allow_password_change(sam_ctx, mem_ctx, 
-                                                       msgs_domain[0]->dn, msgs[0], "pwdLastSet");
+                                                       ncname, msgs[0], "pwdLastSet");
        server_info->force_password_change = samdb_result_force_password_change(sam_ctx, mem_ctx, 
-                                                       msgs_domain[0]->dn, msgs[0], "pwdLastSet");
+                                                       ncname, msgs[0], "pwdLastSet");
 
        server_info->logon_count = samdb_result_uint(msgs[0], "logonCount", 0);
        server_info->bad_password_count = samdb_result_uint(msgs[0], "badPwdCount", 0);
index ca0c7f9051192635604d42d9b6ef1e95ab65f525..bce690c482550e09f7152ac8517e2ef7d873da12 100644 (file)
@@ -9,10 +9,10 @@ dn: @INDEXLIST
 @IDXATTR: privilege
 
 dn: @ATTRIBUTES
-realm: CASE_INSENSITIVE
 userPrincipalName: CASE_INSENSITIVE
 servicePrincipalName: CASE_INSENSITIVE
 dnsDomain: CASE_INSENSITIVE
+dnsRoot: CASE_INSENSITIVE
 cn: CASE_INSENSITIVE
 dc: CASE_INSENSITIVE
 name: CASE_INSENSITIVE
@@ -56,7 +56,6 @@ objectClass: domain
 objectClass: domainDNS
 name: ${DOMAIN}
 flatname: ${DOMAIN}
-realm: ${REALM}
 dnsDomain: ${DNSDOMAIN}
 dc: ${DOMAIN}
 objectGUID: ${DOMAINGUID}
@@ -614,10 +613,6 @@ isCriticalSystemObject: TRUE
 unicodePwd: ${JOINPASS}
 servicePrincipalName: HOST/${DNSNAME}
 servicePrincipalName: HOST/${NETBIOSNAME}
-servicePrincipalName: CIFS/${DNSNAME}
-servicePrincipalName: CIFS/${NETBIOSNAME}
-servicePrincipalName: LDAP/${DNSNAME}
-servicePrincipalName: LDAP/${NETBIOSNAME}
 
 dn: CN=krbtgt,CN=Users,${BASEDN}
 objectClass: top
@@ -1229,6 +1224,51 @@ objectGUID: ${INVOCATIONID}
 invocationId: ${INVOCATIONID}
 msDS-Behavior-Version: 2
 
+dn: CN=Services,CN=Configuration,${BASEDN}
+objectClass: top
+objectClass: container
+cn: Services
+instanceType: 4
+whenCreated: ${LDAPTIME}
+whenChanged: ${LDAPTIME}
+uSNCreated: ${USN}
+uSNChanged: ${USN}
+showInAdvancedViewOnly: TRUE
+name: Services
+systemFlags: 0x80000000
+objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
+objectGUID: ${INVOCATIONID}
+
+dn: CN=Windows NT,CN=Services,CN=Configuration,${BASEDN}
+objectClass: top
+objectClass: container
+cn: Windows NT
+instanceType: 4
+whenCreated: ${LDAPTIME}
+whenChanged: ${LDAPTIME}
+uSNCreated: ${USN}
+uSNChanged: ${USN}
+showInAdvancedViewOnly: TRUE
+name: Windows NT
+objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
+objectGUID: ${INVOCATIONID}
+
+dn: CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,${BASEDN}
+objectClass: top
+objectClass: nTDSService
+cn: Directory Service
+instanceType: 4
+whenCreated: ${LDAPTIME}
+whenChanged: ${LDAPTIME}
+uSNCreated: ${USN}
+uSNChanged: ${USN}
+showInAdvancedViewOnly: TRUE
+name: Directory Service
+objectCategory: CN=NTDS-Service,CN=Schema,CN=Configuration,${BASEDN}
+objectGUID: ${INVOCATIONID}
+sPNMappings: host=ldap,dns,cifs
+
+
 ###############################
 # Schema Naming Context
 ###############################