s4:samr Push most of samr_LookupRids into a helper function

This is a rewrite of the lookup_rids code, using a query based on the
extended DN for a clearer interface.

By splitting this out, the logic is able to be shared, rather than
copied, into a passdb wrapper.

Andrew Bartlett

diff --git a/source4/dsdb/common/util_samr.c b/source4/dsdb/common/util_samr.c
index 3faf513e37b2edfe3413780aeeb862b54d995fa6..42f30e9ba7089c08d27e3f364048599a692e937d 100644 (file)
--- a/source4/dsdb/common/util_samr.c
+++ b/source4/dsdb/common/util_samr.c
@@ -26,6 +26,7 @@
 #include "dsdb/samdb/samdb.h"
 #include "dsdb/common/util.h"
 #include "../libds/common/flags.h"
+#include "libcli/security/dom_sid.h"
 
 /* Add a user, SAMR style, including the correct transaction
  * semantics.  Used by the SAMR server and by pdb_samba4 */
@@ -466,3 +467,68 @@ NTSTATUS dsdb_enum_group_mem(struct ldb_context *ldb,
        talloc_free(tmp_ctx);
        return NT_STATUS_OK;
 }
+
+NTSTATUS dsdb_lookup_rids(struct ldb_context *ldb,
+                         TALLOC_CTX *mem_ctx,
+                         const struct dom_sid *domain_sid,
+                         int num_rids,
+                         uint32_t *rids,
+                         const char **names,
+                         enum lsa_SidType *lsa_attrs)
+{
+       const char *attrs[] = { "sAMAccountType", "sAMAccountName", NULL };
+       int i, num_mapped;
+
+       TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+       NT_STATUS_HAVE_NO_MEMORY(tmp_ctx);
+
+       num_mapped = 0;
+
+       for (i=0; i<num_rids; i++) {
+               struct ldb_message *msg;
+               struct ldb_dn *dn;
+               uint32_t attr;
+               int rc;
+
+               lsa_attrs[i] = SID_NAME_UNKNOWN;
+
+               dn = ldb_dn_new_fmt(tmp_ctx, ldb, "<SID=%s>",
+                                   dom_sid_string(tmp_ctx,
+                                                  dom_sid_add_rid(tmp_ctx, domain_sid,
+                                                                  rids[i])));
+               if (!dn || !ldb_dn_validate(dn)) {
+                       talloc_free(tmp_ctx);
+                       return NT_STATUS_NO_MEMORY;
+               }
+               rc = dsdb_search_one(ldb, tmp_ctx, &msg, dn, LDB_SCOPE_BASE, attrs, 0, "samAccountName=*");
+               if (rc == LDB_ERR_NO_SUCH_OBJECT) {
+                       continue;
+               } else if (rc != LDB_SUCCESS) {
+                       talloc_free(tmp_ctx);
+                       return NT_STATUS_INTERNAL_DB_CORRUPTION;
+               }
+
+               names[i] = ldb_msg_find_attr_as_string(msg, "samAccountName", NULL);
+               if (names[i] == NULL) {
+                       DEBUG(10, ("no samAccountName\n"));
+                       continue;
+               }
+               talloc_steal(names, names[i]);
+               attr = ldb_msg_find_attr_as_uint(msg, "samAccountType", 0);
+               lsa_attrs[i] = ds_atype_map(attr);
+               if (lsa_attrs[i] == SID_NAME_UNKNOWN) {
+                       continue;
+               }
+               num_mapped += 1;
+       }
+       talloc_free(tmp_ctx);
+
+       if (num_mapped == 0) {
+               return NT_STATUS_NONE_MAPPED;
+       }
+       if (num_mapped < num_rids) {
+               return STATUS_SOME_UNMAPPED;
+       }
+       return NT_STATUS_OK;
+}
+

diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c
index 0fef07a9096ba6ed4335fa66d9dd14051e6a6b88..246a2e1ffc09156a69b728172dd2bc6c53602916 100644 (file)
--- a/source4/rpc_server/samr/dcesrv_samr.c
+++ b/source4/rpc_server/samr/dcesrv_samr.c
@@ -1669,11 +1669,11 @@ static NTSTATUS dcesrv_samr_LookupNames(struct dcesrv_call_state *dce_call, TALL
 static NTSTATUS dcesrv_samr_LookupRids(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
                       struct samr_LookupRids *r)
 {
+       NTSTATUS status;
        struct dcesrv_handle *h;
        struct samr_domain_state *d_state;
-       uint32_t i;
-       NTSTATUS status = NT_STATUS_OK;
-       struct lsa_String *names;
+       const char **names;
+       struct lsa_String *lsa_names;
        uint32_t *ids;
 
        ZERO_STRUCTP(r->out.names);
@@ -1686,63 +1686,27 @@ static NTSTATUS dcesrv_samr_LookupRids(struct dcesrv_call_state *dce_call, TALLO
        if (r->in.num_rids == 0)
                return NT_STATUS_OK;
 
-       names = talloc_array(mem_ctx, struct lsa_String, r->in.num_rids);
-       ids = talloc_array(mem_ctx, uint32_t, r->in.num_rids);
+       lsa_names = talloc_zero_array(mem_ctx, struct lsa_String, r->in.num_rids);
+       names = talloc_zero_array(mem_ctx, const char *, r->in.num_rids);
+       ids = talloc_zero_array(mem_ctx, uint32_t, r->in.num_rids);
 
-       if ((names == NULL) || (ids == NULL))
+       if ((lsa_names == NULL) || (names == NULL) || (ids == NULL))
                return NT_STATUS_NO_MEMORY;
 
-       for (i=0; i<r->in.num_rids; i++) {
-               struct ldb_message **res;
-               int count;
-               const char * const attrs[] = {  "sAMAccountType",
-                                               "sAMAccountName", NULL };
-               uint32_t atype;
-               struct dom_sid *sid;
-
-               ids[i] = SID_NAME_UNKNOWN;
-
-               sid = dom_sid_add_rid(mem_ctx, d_state->domain_sid,
-                       r->in.rids[i]);
-               if (sid == NULL) {
-                       names[i].string = NULL;
-                       status = STATUS_SOME_UNMAPPED;
-                       continue;
-               }
-               
-               count = gendb_search(d_state->sam_ctx, mem_ctx,
-                                    d_state->domain_dn, &res, attrs,
-                                    "(objectSid=%s)", 
-                                    ldap_encode_ndr_dom_sid(mem_ctx, sid));
-               if (count != 1) {
-                       names[i].string = NULL;
-                       status = STATUS_SOME_UNMAPPED;
-                       continue;
-               }
-
-               names[i].string = samdb_result_string(res[0], "sAMAccountName",
-                                                     NULL);
-
-               atype = samdb_result_uint(res[0], "sAMAccountType", 0);
-               if (atype == 0) {
-                       status = STATUS_SOME_UNMAPPED;
-                       continue;
-               }
-
-               ids[i] = ds_atype_map(atype);
-               
-               if (ids[i] == SID_NAME_UNKNOWN) {
-                       status = STATUS_SOME_UNMAPPED;
-                       continue;
-               }
-       }
-
-       r->out.names->names = names;
+       r->out.names->names = lsa_names;
        r->out.names->count = r->in.num_rids;
 
        r->out.types->ids = ids;
        r->out.types->count = r->in.num_rids;
 
+       status = dsdb_lookup_rids(d_state->sam_ctx, mem_ctx, d_state->domain_sid,
+                                 r->in.num_rids, r->in.rids, names, ids);
+       if (NT_STATUS_IS_OK(status) || NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED) || NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) {
+               uint32_t i;
+               for (i = 0; i < r->in.num_rids; i++) {
+                       lsa_names[i].string = names[i];
+               }
+       }
        return status;
 }