#include "libcli/ldap/ldap_ndr.h"
#include "dsdb/samdb/samdb.h"
#include "auth/auth.h"
-#include "util/util_ldb.h"
+#include "../lib/util/util_ldb.h"
#include "librpc/gen_ndr/ndr_misc.h"
#include "ldb_wrap.h"
#include "libcli/security/security.h"
const struct libnet_SamSync_state *samsync_state;
struct dom_sid *dom_sid[3];
- struct ldb_context *sam_ldb, *remote_ldb;
+ struct ldb_context *sam_ldb, *remote_ldb, *pdb;
struct ldb_dn *base_dn[3];
struct samsync_ldb_secret *secrets;
struct samsync_ldb_trusted_domain *trusted_domains;
}
if (state->samsync_state->domain_guid) {
- enum ndr_err_code ndr_err;
struct ldb_val v;
- ndr_err = ndr_push_struct_blob(&v, msg, NULL,
- state->samsync_state->domain_guid,
- (ndr_push_flags_fn_t)ndr_push_GUID);
- if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ NTSTATUS status;
+ status = GUID_to_ndr_blob(state->samsync_state->domain_guid, msg, &v);
+ if (!NT_STATUS_IS_OK(status)) {
*error_string = talloc_asprintf(mem_ctx, "ndr_push of domain GUID failed!");
- return ndr_map_error2ntstatus(ndr_err);
+ return status;
}
ldb_msg_add_value(msg, "objectGUID", &v, NULL);
}
samdb_msg_add_string(state->sam_ldb, mem_ctx,
- msg, "oEMInformation", domain->comment.string);
+ msg, "oEMInformation", domain->oem_information.string);
samdb_msg_add_int64(state->sam_ldb, mem_ctx,
msg, "forceLogoff", domain->force_logoff_time);
/* TODO: Account lockout, password properties */
- ret = samdb_replace(state->sam_ldb, mem_ctx, msg);
+ ret = dsdb_replace(state->sam_ldb, msg, 0);
if (ret) {
return NT_STATUS_INTERNAL_ERROR;
/* Passwords. Ensure there is no plaintext stored against
* this entry, as we only have hashes */
samdb_msg_add_delete(state->sam_ldb, mem_ctx, msg,
- "sambaPassword");
+ "userPassword");
}
if (user->lm_password_present) {
samdb_msg_add_hash(state->sam_ldb, mem_ctx, msg,
}
ADD_OR_DEL(string, "comment", comment.string);
- ADD_OR_DEL(string, "userParameters", parameters.string);
+
+ if (samdb_msg_add_parameters(state->sam_ldb, mem_ctx, msg, "userParameters", &user->parameters) != 0) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
ADD_OR_DEL(uint, "countryCode", country_code);
ADD_OR_DEL(uint, "codePage", code_page);
}
}
} else {
- ret = samdb_replace(state->sam_ldb, mem_ctx, msg);
+ ret = dsdb_replace(state->sam_ldb, msg, 0);
if (ret != 0) {
*error_string = talloc_asprintf(mem_ctx, "Failed to modify user record %s: %s",
ldb_dn_get_linearized(msg->dn),
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
} else {
- ret = samdb_replace(state->sam_ldb, mem_ctx, msg);
+ ret = dsdb_replace(state->sam_ldb, msg, 0);
if (ret != 0) {
*error_string = talloc_asprintf(mem_ctx, "Failed to modify group record %s: %s",
ldb_dn_get_linearized(msg->dn),
talloc_free(msgs);
}
- ret = samdb_replace(state->sam_ldb, mem_ctx, msg);
+ ret = dsdb_replace(state->sam_ldb, msg, 0);
if (ret != 0) {
*error_string = talloc_asprintf(mem_ctx, "Failed to modify group record %s: %s",
ldb_dn_get_linearized(msg->dn),
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
} else {
- ret = samdb_replace(state->sam_ldb, mem_ctx, msg);
+ ret = dsdb_replace(state->sam_ldb, msg, 0);
if (ret != 0) {
*error_string = talloc_asprintf(mem_ctx, "Failed to modify alias record %s: %s",
ldb_dn_get_linearized(msg->dn),
talloc_free(msgs);
}
- ret = samdb_replace(state->sam_ldb, mem_ctx, msg);
+ ret = dsdb_replace(state->sam_ldb, msg, 0);
if (ret != 0) {
*error_string = talloc_asprintf(mem_ctx, "Failed to modify group record %s: %s",
ldb_dn_get_linearized(msg->dn),
struct netr_DELTA_ACCOUNT *account = delta->delta_union.account;
struct ldb_message *msg;
- struct ldb_message **msgs;
- struct ldb_dn *privilege_dn;
int ret;
- const char *attrs[] = { NULL };
int i;
+ char *dnstr, *sidstr;
msg = ldb_msg_new(mem_ctx);
if (msg == NULL) {
return NT_STATUS_NO_MEMORY;
}
- /* search for the account, by sid, in the top basedn */
- ret = gendb_search(state->sam_ldb, mem_ctx, state->base_dn[SAM_DATABASE_DOMAIN], &msgs, attrs,
- "(objectSid=%s)", ldap_encode_ndr_dom_sid(mem_ctx, sid));
+ sidstr = dom_sid_string(msg, sid);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(sidstr, msg);
- if (ret == -1) {
- *error_string = talloc_asprintf(mem_ctx, "gendb_search failed: %s", ldb_errstring(state->sam_ldb));
- return NT_STATUS_INTERNAL_DB_CORRUPTION;
- } else if (ret == 0) {
- NTSTATUS nt_status;
- nt_status = samsync_ldb_add_foreignSecurityPrincipal(mem_ctx, state,
- sid,
- &privilege_dn,
- error_string);
- privilege_dn = talloc_steal(msg, privilege_dn);
- if (!NT_STATUS_IS_OK(nt_status)) {
- return nt_status;
- }
- } else if (ret > 1) {
- *error_string = talloc_asprintf(mem_ctx, "More than one account with SID: %s",
- dom_sid_string(mem_ctx, sid));
- return NT_STATUS_INTERNAL_DB_CORRUPTION;
- } else {
- privilege_dn = talloc_steal(msg, msgs[0]->dn);
- }
+ dnstr = talloc_asprintf(msg, "sid=%s", sidstr);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(dnstr, msg);
- msg->dn = privilege_dn;
+ msg->dn = ldb_dn_new(msg, state->pdb, dnstr);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(msg->dn, msg);
for (i=0; i< account->privilege_entries; i++) {
- samdb_msg_add_string(state->sam_ldb, mem_ctx, msg, "privilege",
+ samdb_msg_add_string(state->pdb, mem_ctx, msg, "privilege",
account->privilege_name[i].string);
}
- ret = samdb_replace(state->sam_ldb, mem_ctx, msg);
+ ret = dsdb_replace(state->pdb, msg, 0);
+ if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+ if (samdb_msg_add_dom_sid(state->pdb, msg, msg, "objectSid", sid) != LDB_SUCCESS) {
+ talloc_free(msg);
+ return NT_STATUS_NO_MEMORY;
+ }
+ samdb_msg_add_string(state->pdb, msg, msg, "comment", "added via samsync");
+ ret = ldb_add(state->pdb, msg);
+ }
+
if (ret != 0) {
*error_string = talloc_asprintf(mem_ctx, "Failed to modify privilege record %s",
ldb_dn_get_linearized(msg->dn));
}
samdb_msg_add_delete(state->sam_ldb, mem_ctx, msg,
- "privilage");
+ "privilege");
- ret = samdb_replace(state->sam_ldb, mem_ctx, msg);
+ ret = dsdb_replace(state->sam_ldb, msg, 0);
if (ret != 0) {
*error_string = talloc_asprintf(mem_ctx, "Failed to modify privilege record %s",
ldb_dn_get_linearized(msg->dn));
}
static NTSTATUS libnet_samsync_ldb_fn(TALLOC_CTX *mem_ctx,
- void *private,
+ void *private_data,
enum netr_SamDatabaseID database,
struct netr_DELTA_ENUM *delta,
char **error_string)
{
NTSTATUS nt_status = NT_STATUS_OK;
- struct samsync_ldb_state *state = talloc_get_type(private, struct samsync_ldb_state);
+ struct samsync_ldb_state *state = talloc_get_type(private_data, struct samsync_ldb_state);
*error_string = NULL;
switch (delta->delta_type) {
}
static NTSTATUS libnet_samsync_ldb_init(TALLOC_CTX *mem_ctx,
- void *private,
+ void *private_data,
struct libnet_SamSync_state *samsync_state,
char **error_string)
{
- struct samsync_ldb_state *state = talloc_get_type(private, struct samsync_ldb_state);
+ struct samsync_ldb_state *state = talloc_get_type(private_data, struct samsync_ldb_state);
const char *server = dcerpc_server_name(samsync_state->netlogon_pipe);
char *ldap_url;
state->samsync_state->machine_net_ctx->lp_ctx,
ldap_url,
NULL, state->samsync_state->machine_net_ctx->cred,
- 0, NULL);
+ 0);
if (!state->remote_ldb) {
*error_string = talloc_asprintf(mem_ctx, "Failed to connect to remote LDAP server at %s (used to extract additional data in SamSync replication)", ldap_url);
return NT_STATUS_NO_LOGON_SERVERS;
state->secrets = NULL;
state->trusted_domains = NULL;
- state->sam_ldb = ldb_wrap_connect(mem_ctx,
- ctx->event_ctx,
- ctx->lp_ctx,
- lp_sam_url(ctx->lp_ctx),
- r->in.session_info,
- ctx->cred, 0, NULL);
+ state->sam_ldb = samdb_connect(mem_ctx,
+ ctx->event_ctx,
+ ctx->lp_ctx,
+ r->in.session_info);
+ if (!state->sam_ldb) {
+ return NT_STATUS_INTERNAL_DB_ERROR;
+ }
+
+ state->pdb = privilege_connect(mem_ctx,
+ ctx->event_ctx,
+ ctx->lp_ctx);
+ if (!state->pdb) {
+ return NT_STATUS_INTERNAL_DB_ERROR;
+ }
r2.out.error_string = NULL;
r2.in.binding_string = r->in.binding_string;
- r2.in.rid_crypt = true;
r2.in.init_fn = libnet_samsync_ldb_init;
r2.in.delta_fn = libnet_samsync_ldb_fn;
r2.in.fn_ctx = state;
git.samba.org / ira / wip.git / blobdiff