struct ldb_dn *partitions_basedn;
struct interface *ifaces;
bool user_known;
+ NTSTATUS status;
partitions_basedn = samdb_partitions_dn(sam_ctx, mem_ctx);
struct ldb_dn *dom_dn;
/* try and find the domain */
- ret = ldb_search_exp_fmt(sam_ctx, mem_ctx, &ref_res,
- partitions_basedn, LDB_SCOPE_ONELEVEL,
- ref_attrs,
- "(&(&(objectClass=crossRef)(dnsRoot=%s))(nETBIOSName=*))",
- domain);
+ ret = ldb_search(sam_ctx, mem_ctx, &ref_res,
+ partitions_basedn, LDB_SCOPE_ONELEVEL,
+ ref_attrs,
+ "(&(&(objectClass=crossRef)(dnsRoot=%s))(nETBIOSName=*))",
+ ldb_binary_encode_string(mem_ctx, domain));
if (ret != LDB_SUCCESS) {
DEBUG(2,("Unable to find referece to '%s' in sam: %s\n",
ldb_errstring(sam_ctx)));
return NT_STATUS_NO_SUCH_DOMAIN;
} else if (ref_res->count == 1) {
- talloc_steal(mem_ctx, dom_res);
dom_dn = ldb_msg_find_attr_as_dn(sam_ctx, mem_ctx, ref_res->msgs[0], "ncName");
if (!dom_dn) {
return NT_STATUS_NO_SUCH_DOMAIN;
}
- ret = ldb_search(sam_ctx, dom_dn,
- LDB_SCOPE_BASE, "objectClass=domain",
- dom_attrs, &dom_res);
+ ret = ldb_search(sam_ctx, mem_ctx, &dom_res,
+ dom_dn, LDB_SCOPE_BASE, dom_attrs,
+ "objectClass=domain");
if (ret != LDB_SUCCESS) {
DEBUG(2,("Error finding domain '%s'/'%s' in sam: %s\n", domain, ldb_dn_get_linearized(dom_dn), ldb_errstring(sam_ctx)));
return NT_STATUS_NO_SUCH_DOMAIN;
}
- talloc_steal(mem_ctx, dom_res);
if (dom_res->count != 1) {
DEBUG(2,("Error finding domain '%s'/'%s' in sam\n", domain, ldb_dn_get_linearized(dom_dn)));
return NT_STATUS_NO_SUCH_DOMAIN;
struct ldb_dn *dom_dn;
/* try and find the domain */
- ret = ldb_search_exp_fmt(sam_ctx, mem_ctx, &ref_res,
- partitions_basedn, LDB_SCOPE_ONELEVEL,
- ref_attrs,
- "(&(objectClass=crossRef)(ncName=*)(nETBIOSName=%s))",
- netbios_domain);
+ ret = ldb_search(sam_ctx, mem_ctx, &ref_res,
+ partitions_basedn, LDB_SCOPE_ONELEVEL,
+ ref_attrs,
+ "(&(objectClass=crossRef)(ncName=*)(nETBIOSName=%s))",
+ ldb_binary_encode_string(mem_ctx, netbios_domain));
if (ret != LDB_SUCCESS) {
DEBUG(2,("Unable to find referece to '%s' in sam: %s\n",
ldb_errstring(sam_ctx)));
return NT_STATUS_NO_SUCH_DOMAIN;
} else if (ref_res->count == 1) {
- talloc_steal(mem_ctx, dom_res);
dom_dn = ldb_msg_find_attr_as_dn(sam_ctx, mem_ctx, ref_res->msgs[0], "ncName");
if (!dom_dn) {
return NT_STATUS_NO_SUCH_DOMAIN;
}
- ret = ldb_search(sam_ctx, dom_dn,
- LDB_SCOPE_BASE, "objectClass=domain",
- dom_attrs, &dom_res);
+ ret = ldb_search(sam_ctx, mem_ctx, &dom_res,
+ dom_dn, LDB_SCOPE_BASE, dom_attrs,
+ "objectClass=domain");
if (ret != LDB_SUCCESS) {
DEBUG(2,("Error finding domain '%s'/'%s' in sam: %s\n", domain, ldb_dn_get_linearized(dom_dn), ldb_errstring(sam_ctx)));
return NT_STATUS_NO_SUCH_DOMAIN;
}
- talloc_steal(mem_ctx, dom_res);
if (dom_res->count != 1) {
DEBUG(2,("Error finding domain '%s'/'%s' in sam\n", domain, ldb_dn_get_linearized(dom_dn)));
return NT_STATUS_NO_SUCH_DOMAIN;
ref_res = NULL;
if (domain_guid) {
- ret = ldb_search_exp_fmt(sam_ctx, mem_ctx, &dom_res,
+ struct GUID binary_guid;
+ struct ldb_val guid_val;
+ enum ndr_err_code ndr_err;
+
+ /* By this means, we ensure we don't have funny stuff in the GUID */
+
+ status = GUID_from_string(domain_guid, &binary_guid);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ /* And this gets the result into the binary format we want anyway */
+ ndr_err = ndr_push_struct_blob(&guid_val, mem_ctx, NULL, &binary_guid,
+ (ndr_push_flags_fn_t)ndr_push_GUID);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ ret = ldb_search(sam_ctx, mem_ctx, &dom_res,
NULL, LDB_SCOPE_SUBTREE,
dom_attrs,
- "(&(objectClass=domainDNS)(objectGUID=%s))",
- domain_guid);
+ "(&(objectCategory=DomainDNS)(objectGUID=%s))",
+ ldb_binary_encode(mem_ctx, guid_val));
} else { /* domain_sid case */
- ret = ldb_search_exp_fmt(sam_ctx, mem_ctx, &dom_res,
+ struct dom_sid *sid;
+ struct ldb_val sid_val;
+ enum ndr_err_code ndr_err;
+
+ /* Rather than go via the string, just push into the NDR form */
+ ndr_err = ndr_push_struct_blob(&sid_val, mem_ctx, NULL, &sid,
+ (ndr_push_flags_fn_t)ndr_push_dom_sid);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ ret = ldb_search(sam_ctx, mem_ctx, &dom_res,
NULL, LDB_SCOPE_SUBTREE,
dom_attrs,
- "(&(objectClass=domainDNS)(objectSID=%s))",
- dom_sid_string(mem_ctx, domain_sid));
+ "(&(objectCategory=DomainDNS)(objectSID=%s))",
+ ldb_binary_encode(mem_ctx, sid_val));
}
if (ret != LDB_SUCCESS) {
return NT_STATUS_NO_SUCH_DOMAIN;
} else if (dom_res->count == 1) {
/* try and find the domain */
- ret = ldb_search_exp_fmt(sam_ctx, mem_ctx, &ref_res,
+ ret = ldb_search(sam_ctx, mem_ctx, &ref_res,
partitions_basedn, LDB_SCOPE_ONELEVEL,
ref_attrs,
"(&(objectClass=crossRef)(ncName=%s))",
acct_control = acct_control & (ACB_TEMPDUP | ACB_NORMAL | ACB_DOMTRUST | ACB_WSTRUST | ACB_SVRTRUST);
/* We must exclude disabled accounts, but otherwise do the bitwise match the client asked for */
- ret = ldb_search_exp_fmt(sam_ctx, mem_ctx, &user_res,
+ ret = ldb_search(sam_ctx, mem_ctx, &user_res,
dom_res->msgs[0]->dn, LDB_SCOPE_SUBTREE,
none_attrs,
"(&(objectClass=user)(samAccountName=%s)"
"(!(userAccountControl:" LDB_OID_COMPARATOR_AND ":=%u))"
"(userAccountControl:" LDB_OID_COMPARATOR_OR ":=%u))",
- user, UF_ACCOUNTDISABLE, samdb_acb2uf(acct_control));
+ ldb_binary_encode_string(mem_ctx, user),
+ UF_ACCOUNTDISABLE, samdb_acb2uf(acct_control));
if (ret != LDB_SUCCESS) {
DEBUG(2,("Unable to find referece to user '%s' with ACB 0x%8x under %s: %s\n",
user, acct_control, ldb_dn_get_linearized(dom_res->msgs[0]->dn),
server_type |= NBT_SERVER_KDC;
}
- if (!ldb_dn_compare_base(ldb_get_root_basedn(sam_ctx), ldb_get_default_basedn(sam_ctx))) {
+ if (ldb_dn_compare(ldb_get_root_basedn(sam_ctx), ldb_get_default_basedn(sam_ctx)) == 0) {
server_type |= NBT_SERVER_DS_DNS_FOREST;
}
/* could check if the user exists */
if (user_known) {
- netlogon->nt5_ex.command = LOGON_SAM_LOGON_RESPONSE_EX;
+ netlogon->data.nt5_ex.command = LOGON_SAM_LOGON_RESPONSE_EX;
} else {
- netlogon->nt5_ex.command = LOGON_SAM_LOGON_USER_UNKNOWN_EX;
+ netlogon->data.nt5_ex.command = LOGON_SAM_LOGON_USER_UNKNOWN_EX;
}
- netlogon->nt5_ex.server_type = server_type;
- netlogon->nt5_ex.domain_uuid = domain_uuid;
- netlogon->nt5_ex.forest = realm;
- netlogon->nt5_ex.dns_domain = dns_domain;
- netlogon->nt5_ex.pdc_dns_name = pdc_dns_name;
- netlogon->nt5_ex.domain = flatname;
- netlogon->nt5_ex.pdc_name = lp_netbios_name(lp_ctx);
- netlogon->nt5_ex.user_name = user;
- netlogon->nt5_ex.server_site = server_site;
- netlogon->nt5_ex.client_site = client_site;
+ netlogon->data.nt5_ex.server_type = server_type;
+ netlogon->data.nt5_ex.domain_uuid = domain_uuid;
+ netlogon->data.nt5_ex.forest = realm;
+ netlogon->data.nt5_ex.dns_domain = dns_domain;
+ netlogon->data.nt5_ex.pdc_dns_name = pdc_dns_name;
+ netlogon->data.nt5_ex.domain = flatname;
+ netlogon->data.nt5_ex.pdc_name = lp_netbios_name(lp_ctx);
+ netlogon->data.nt5_ex.user_name = user;
+ netlogon->data.nt5_ex.server_site = server_site;
+ netlogon->data.nt5_ex.client_site = client_site;
if (version & NETLOGON_NT_VERSION_5EX_WITH_IP) {
/* Clearly this needs to be fixed up for IPv6 */
extra_flags = NETLOGON_NT_VERSION_5EX_WITH_IP;
- netlogon->nt5_ex.sockaddr.sa_family = 2;
- netlogon->nt5_ex.sockaddr.pdc_ip = pdc_ip;
- netlogon->nt5_ex.sockaddr.remaining = data_blob_talloc_zero(mem_ctx, 8);
+ netlogon->data.nt5_ex.sockaddr.sa_family = 2;
+ netlogon->data.nt5_ex.sockaddr.pdc_ip = pdc_ip;
+ netlogon->data.nt5_ex.sockaddr.remaining = data_blob_talloc_zero(mem_ctx, 8);
}
- netlogon->nt5_ex.nt_version = NETLOGON_NT_VERSION_1|NETLOGON_NT_VERSION_5EX|extra_flags;
- netlogon->nt5_ex.lmnt_token = 0xFFFF;
- netlogon->nt5_ex.lm20_token = 0xFFFF;
+ netlogon->data.nt5_ex.nt_version = NETLOGON_NT_VERSION_1|NETLOGON_NT_VERSION_5EX|extra_flags;
+ netlogon->data.nt5_ex.lmnt_token = 0xFFFF;
+ netlogon->data.nt5_ex.lm20_token = 0xFFFF;
} else if (version & NETLOGON_NT_VERSION_5) {
netlogon->ntver = NETLOGON_NT_VERSION_5;
/* could check if the user exists */
if (user_known) {
- netlogon->nt5.command = LOGON_SAM_LOGON_RESPONSE;
+ netlogon->data.nt5.command = LOGON_SAM_LOGON_RESPONSE;
} else {
- netlogon->nt5.command = LOGON_SAM_LOGON_USER_UNKNOWN;
+ netlogon->data.nt5.command = LOGON_SAM_LOGON_USER_UNKNOWN;
}
- netlogon->nt5.pdc_name = pdc_name;
- netlogon->nt5.user_name = user;
- netlogon->nt5.domain_name = flatname;
- netlogon->nt5.domain_uuid = domain_uuid;
- netlogon->nt5.forest = realm;
- netlogon->nt5.dns_domain = dns_domain;
- netlogon->nt5.pdc_dns_name = pdc_dns_name;
- netlogon->nt5.pdc_ip = pdc_ip;
- netlogon->nt5.server_type = server_type;
- netlogon->nt5.nt_version = NETLOGON_NT_VERSION_1|NETLOGON_NT_VERSION_5;
- netlogon->nt5.lmnt_token = 0xFFFF;
- netlogon->nt5.lm20_token = 0xFFFF;
+ netlogon->data.nt5.pdc_name = pdc_name;
+ netlogon->data.nt5.user_name = user;
+ netlogon->data.nt5.domain_name = flatname;
+ netlogon->data.nt5.domain_uuid = domain_uuid;
+ netlogon->data.nt5.forest = realm;
+ netlogon->data.nt5.dns_domain = dns_domain;
+ netlogon->data.nt5.pdc_dns_name = pdc_dns_name;
+ netlogon->data.nt5.pdc_ip = pdc_ip;
+ netlogon->data.nt5.server_type = server_type;
+ netlogon->data.nt5.nt_version = NETLOGON_NT_VERSION_1|NETLOGON_NT_VERSION_5;
+ netlogon->data.nt5.lmnt_token = 0xFFFF;
+ netlogon->data.nt5.lm20_token = 0xFFFF;
} else /* (version & NETLOGON_NT_VERSION_1) and all other cases */ {
netlogon->ntver = NETLOGON_NT_VERSION_1;
/* could check if the user exists */
if (user_known) {
- netlogon->nt4.command = LOGON_SAM_LOGON_RESPONSE;
+ netlogon->data.nt4.command = LOGON_SAM_LOGON_RESPONSE;
} else {
- netlogon->nt4.command = LOGON_SAM_LOGON_USER_UNKNOWN;
+ netlogon->data.nt4.command = LOGON_SAM_LOGON_USER_UNKNOWN;
}
- netlogon->nt4.server = pdc_name;
- netlogon->nt4.user_name = user;
- netlogon->nt4.domain = flatname;
- netlogon->nt4.nt_version = NETLOGON_NT_VERSION_1;
- netlogon->nt4.lmnt_token = 0xFFFF;
- netlogon->nt4.lm20_token = 0xFFFF;
+ netlogon->data.nt4.server = pdc_name;
+ netlogon->data.nt4.user_name = user;
+ netlogon->data.nt4.domain = flatname;
+ netlogon->data.nt4.nt_version = NETLOGON_NT_VERSION_1;
+ netlogon->data.nt4.lmnt_token = 0xFFFF;
+ netlogon->data.nt4.lm20_token = 0xFFFF;
}
return NT_STATUS_OK;