searches all over the place.
This can be extended to cover an NT4 (no ADS) mode in future as well.
Andrew Bartlett
return sd;
}
+
+struct ldb_dn *samdb_base_dn(TALLOC_CTX *mem_ctx)
+{
+ TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+ int server_role = lp_server_role();
+ const char **split_realm;
+ struct ldb_dn *dn;
+
+ if (!tmp_ctx) {
+ return NULL;
+ }
+
+ if ((server_role == ROLE_DOMAIN_PDC)
+ || (server_role == ROLE_DOMAIN_BDC)) {
+ int i;
+ split_realm = str_list_make(tmp_ctx, lp_realm(), ".");
+ if (!split_realm) {
+ talloc_free(tmp_ctx);
+ return NULL;
+ }
+ dn = NULL;
+ i = str_list_length(split_realm);
+ i--;
+ for (; i >= 0; i--) {
+ dn = ldb_dn_build_child(tmp_ctx, "dc", split_realm[i], dn);
+ if (!dn) {
+ talloc_free(tmp_ctx);
+ return NULL;
+ }
+ }
+ return dn;
+ }
+ return ldb_dn_string_compose(mem_ctx, NULL, "cn=%s", lp_netbios_name());
+}
return NT_STATUS_INVALID_SYSTEM_SERVICE;
}
+ /* work out the domain_dn - useful for so many calls its worth
+ fetching here */
+ state->domain_dn = samdb_base_dn(state);
+ if (!state->domain_dn) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
ret_domain = gendb_search(state->sam_ldb, mem_ctx, NULL, &msgs_domain, domain_attrs,
- "(&(&(nETBIOSName=%s)(objectclass=crossRef))(ncName=*))",
- lp_workgroup());
+ "(&(objectclass=crossRef)(ncName=%s))", ldb_dn_linearize(mem_ctx, state->domain_dn));
if (ret_domain == -1) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
return NT_STATUS_NO_SUCH_DOMAIN;
}
- /* work out the domain_dn - useful for so many calls its worth
- fetching here */
- state->domain_dn = samdb_result_dn(state, msgs_domain[0], "nCName", NULL);
- if (!state->domain_dn) {
- return NT_STATUS_NO_SUCH_DOMAIN;
- }
-
/* work out the builtin_dn - useful for so many calls its worth
fetching here */
- state->builtin_dn = samdb_search_dn(state->sam_ldb, mem_ctx, NULL, "objectClass=builtinDomain");
+ state->builtin_dn = samdb_search_dn(state->sam_ldb, mem_ctx, state->domain_dn, "(objectClass=builtinDomain)");
if (!state->builtin_dn) {
return NT_STATUS_NO_SUCH_DOMAIN;
}
}
domains->domains = talloc_realloc(domains,
- domains->domains,
- struct lsa_TrustInformation,
- domains->count+1);
+ domains->domains,
+ struct lsa_TrustInformation,
+ domains->count+1);
if (domains->domains == NULL) {
return NT_STATUS_NO_MEMORY;
}
}
/* check it really exists */
- astate->account_dn = samdb_search_string(state->sam_ldb, astate,
- NULL, "(&(objectSid=%s)(objectClass=group))",
- ldap_encode_ndr_dom_sid(mem_ctx, astate->account_sid));
+ astate->account_dn = samdb_search_dn(state->sam_ldb, astate,
+ NULL, "(&(objectSid=%s)(objectClass=group))",
+ ldap_encode_ndr_dom_sid(mem_ctx, astate->account_sid));
if (astate->account_dn == NULL) {
talloc_free(astate);
return NT_STATUS_NO_SUCH_USER;
struct ldb_message *msg;
struct ldb_message_element el;
int i, ret;
- const char *dn;
struct lsa_EnumAccountRights r2;
sidstr = ldap_encode_ndr_dom_sid(mem_ctx, sid);
return NT_STATUS_NO_MEMORY;
}
- dn = samdb_search_dn(state->sam_ldb, mem_ctx, NULL, "objectSid=%s", sidstr);
- if (dn == NULL) {
- return NT_STATUS_NO_SUCH_USER;
- }
-
- msg->dn = ldb_dn_explode(mem_ctx, dn);
+ msg->dn = samdb_search_dn(state->sam_ldb, mem_ctx, NULL, "objectSid=%s", sidstr);
if (msg->dn == NULL) {
- return NT_STATUS_NO_MEMORY;
+ return NT_STATUS_NO_SUCH_USER;
}
if (ldb_msg_add_empty(state->sam_ldb, msg, "privilege", ldb_flag)) {
ret = gendb_search_dn(c_state->sam_ctx, mem_ctx,
samdb_result_dn(mem_ctx,
- ref_msgs[0], "ncName", NULL),
+ ref_msgs[0], "ncName", NULL),
&dom_msgs, dom_attrs);
}
ret = gendb_search(c_state->sam_ctx,
mem_ctx, NULL, &dom_msgs, dom_attrs,
- "(&(objectSid=%s)(&(objectclass=domain)(!(objectClass=builtinDomain))))",
+ "(&(objectSid=%s)(&(objectclass=domain)))",
ldap_encode_ndr_dom_sid(mem_ctx, r->in.sid));
- if (ret == -1) {
+ if (ret != 1) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
- } else if (ret == 0) {
- ret = gendb_search(c_state->sam_ctx,
- mem_ctx, NULL, &dom_msgs, dom_attrs,
- "(&(objectSid=%s)(objectClass=builtinDomain))",
- ldap_encode_ndr_dom_sid(mem_ctx, r->in.sid));
- if (ret != 1) {
- return NT_STATUS_NO_SUCH_DOMAIN;
- }
-
- domain_name = ldb_msg_find_string(dom_msgs[0], "cn", NULL);
- if (domain_name == NULL) {
- return NT_STATUS_NO_SUCH_DOMAIN;
- }
} else {
ret = gendb_search(c_state->sam_ctx,
mem_ctx, NULL, &ref_msgs, ref_attrs,
"(&(&(nETBIOSName=*)(objectclass=crossRef))(ncName=%s))",
ldb_dn_linearize(mem_ctx, dom_msgs[0]->dn));
- if (ret != 1) {
- return NT_STATUS_NO_SUCH_DOMAIN;
- }
+ if (ret == 0) {
+ domain_name = ldb_msg_find_string(dom_msgs[0], "cn", NULL);
+ if (domain_name == NULL) {
+ return NT_STATUS_NO_SUCH_DOMAIN;
+ }
+ } else if (ret == 1) {
- domain_name = ldb_msg_find_string(ref_msgs[0], "nETBIOSName", NULL);
- if (domain_name == NULL) {
+ domain_name = ldb_msg_find_string(ref_msgs[0], "nETBIOSName", NULL);
+ if (domain_name == NULL) {
+ return NT_STATUS_NO_SUCH_DOMAIN;
+ }
+ } else {
return NT_STATUS_NO_SUCH_DOMAIN;
}
}
samr_QueryGroupMember
*/
static NTSTATUS samr_QueryGroupMember(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
- struct samr_QueryGroupMember *r)
+ struct samr_QueryGroupMember *r)
{
struct dcesrv_handle *h;
struct samr_account_state *a_state;
return NT_STATUS_INVALID_SYSTEM_SERVICE;
}
- ret = gendb_search(sam_ctx,
- mem_ctx, NULL, &msgs, attrs,
- "(&(!(objectClass=builtinDomain))(objectclass=domain))");
+ /* The domain name in this call is ignored */
+ ret = gendb_search_dn(sam_ctx,
+ mem_ctx, samdb_base_dn(mem_ctx), &msgs, attrs);
if (ret <= 0) {
return NT_STATUS_NO_SUCH_DOMAIN;
}
git.samba.org / jelmer / samba4-debian.git / commitdiff