2 Unix SMB/CIFS implementation.
4 endpoint server for the drsuapi pipe
7 Copyright (C) Stefan Metzmacher 2004
8 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 2 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program; if not, write to the Free Software
22 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
26 #include "librpc/gen_ndr/ndr_drsuapi.h"
27 #include "rpc_server/dcerpc_server.h"
28 #include "rpc_server/common/common.h"
29 #include "rpc_server/drsuapi/dcesrv_drsuapi.h"
30 #include "lib/ldb/include/ldb.h"
31 #include "system/kerberos.h"
32 #include "auth/kerberos/kerberos.h"
34 static WERROR DsCrackNameOneFilter(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx,
35 struct smb_krb5_context *smb_krb5_context,
36 uint32_t format_flags, uint32_t format_offered, uint32_t format_desired,
37 const struct ldb_dn *name_dn, const char *name,
38 const char *domain_filter, const char *result_filter,
39 struct drsuapi_DsNameInfo1 *info1);
40 static WERROR DsCrackNameOneSyntactical(TALLOC_CTX *mem_ctx,
41 uint32_t format_offered, uint32_t format_desired,
42 const struct ldb_dn *name_dn, const char *name,
43 struct drsuapi_DsNameInfo1 *info1);
45 static enum drsuapi_DsNameStatus LDB_lookup_spn_alias(krb5_context context, struct ldb_context *ldb_ctx,
47 const char *alias_from,
52 struct ldb_message **msg;
53 struct ldb_message_element *spnmappings;
54 struct ldb_dn *service_dn = ldb_dn_string_compose(mem_ctx, samdb_base_dn(mem_ctx),
55 "CN=Directory Service,CN=Windows NT"
56 ",CN=Services,CN=Configuration");
57 char *service_dn_str = ldb_dn_linearize(mem_ctx, service_dn);
58 const char *directory_attrs[] = {
63 count = ldb_search(ldb_ctx, service_dn, LDB_SCOPE_BASE, "(objectClass=nTDSService)",
64 directory_attrs, &msg);
65 talloc_steal(mem_ctx, msg);
68 DEBUG(1, ("ldb_search: dn: %s not found: %d", service_dn_str, count));
69 return DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
70 } else if (count > 1) {
71 DEBUG(1, ("ldb_search: dn: %s found %d times!", service_dn_str, count));
72 return DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
75 spnmappings = ldb_msg_find_element(msg[0], "sPNMappings");
76 if (!spnmappings || spnmappings->num_values == 0) {
77 DEBUG(1, ("ldb_search: dn: %s no sPNMappings attribute", service_dn_str));
78 return DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
81 for (i = 0; i < spnmappings->num_values; i++) {
82 char *mapping, *p, *str;
83 mapping = talloc_strdup(mem_ctx,
84 (const char *)spnmappings->values[i].data);
86 DEBUG(1, ("LDB_lookup_spn_alias: ldb_search: dn: %s did not have an sPNMapping\n", service_dn_str));
87 return DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
90 /* C string manipulation sucks */
92 p = strchr(mapping, '=');
94 DEBUG(1, ("ldb_search: dn: %s sPNMapping malformed: %s\n",
95 service_dn_str, mapping));
96 return DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
107 if (strcasecmp(str, alias_from) == 0) {
109 return DRSUAPI_DS_NAME_STATUS_OK;
113 DEBUG(1, ("LDB_lookup_spn_alias: no alias for service %s applicable\n", alias_from));
114 return DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
117 static WERROR DsCrackNameSPNAlias(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx,
118 struct smb_krb5_context *smb_krb5_context,
119 uint32_t format_flags, uint32_t format_offered, uint32_t format_desired,
120 const char *name, struct drsuapi_DsNameInfo1 *info1)
124 krb5_principal principal;
128 enum drsuapi_DsNameStatus namestatus;
130 /* parse principal */
131 ret = krb5_parse_name_norealm(smb_krb5_context->krb5_context,
134 DEBUG(2, ("Could not parse principal: %s: %s",
135 name, smb_get_krb5_error_message(smb_krb5_context->krb5_context,
140 /* grab cifs/, http/ etc */
142 /* This is checked for in callers, but be safe */
143 if (principal->name.name_string.len < 2) {
144 info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
147 service = principal->name.name_string.val[0];
150 namestatus = LDB_lookup_spn_alias(smb_krb5_context->krb5_context,
152 service, &new_service);
154 if (namestatus != DRSUAPI_DS_NAME_STATUS_OK) {
155 info1->status = namestatus;
160 info1->status = DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR;
164 /* ooh, very nasty playing around in the Principal... */
165 free(principal->name.name_string.val[0]);
166 principal->name.name_string.val[0] = strdup(new_service);
167 if (!principal->name.name_string.val[0]) {
168 krb5_free_principal(smb_krb5_context->krb5_context, principal);
172 /* reform principal */
173 ret = krb5_unparse_name_norealm(smb_krb5_context->krb5_context, principal, &new_princ);
175 krb5_free_principal(smb_krb5_context->krb5_context, principal);
181 wret = DsCrackNameOneName(sam_ctx, mem_ctx, format_flags, format_offered, format_desired,
187 static WERROR DsCrackNameUPN(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx,
188 struct smb_krb5_context *smb_krb5_context,
189 uint32_t format_flags, uint32_t format_offered, uint32_t format_desired,
190 const char *name, struct drsuapi_DsNameInfo1 *info1)
193 const char *domain_filter = NULL;
194 const char *result_filter = NULL;
196 krb5_principal principal;
198 char *unparsed_name_short;
200 /* Prevent recursion */
202 info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
206 ret = krb5_parse_name_mustrealm(smb_krb5_context->krb5_context, name, &principal);
208 info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
212 domain_filter = NULL;
213 realm = krb5_princ_realm(smb_krb5_context->krb5_context, principal);
214 domain_filter = talloc_asprintf(mem_ctx,
215 "(&(&(|(&(dnsRoot=%s)(nETBIOSName=*))(nETBIOSName=%s))(objectclass=crossRef))(ncName=*))",
217 ret = krb5_unparse_name_norealm(smb_krb5_context->krb5_context, principal, &unparsed_name_short);
218 krb5_free_principal(smb_krb5_context->krb5_context, principal);
221 free(unparsed_name_short);
225 /* This may need to be extended for more userPrincipalName variations */
226 result_filter = talloc_asprintf(mem_ctx, "(&(objectClass=user)(samAccountName=%s))",
227 unparsed_name_short);
228 if (!result_filter || !domain_filter) {
229 free(unparsed_name_short);
232 status = DsCrackNameOneFilter(sam_ctx, mem_ctx,
234 format_flags, format_offered, format_desired,
235 NULL, unparsed_name_short, domain_filter, result_filter,
237 free(unparsed_name_short);
241 WERROR DsCrackNameOneName(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx,
242 uint32_t format_flags, uint32_t format_offered, uint32_t format_desired,
243 const char *name, struct drsuapi_DsNameInfo1 *info1)
246 const char *domain_filter = NULL;
247 const char *result_filter = NULL;
248 struct ldb_dn *name_dn = NULL;
250 struct smb_krb5_context *smb_krb5_context;
251 ret = smb_krb5_init_context(mem_ctx, &smb_krb5_context);
257 info1->status = DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR;
258 info1->dns_domain_name = NULL;
259 info1->result_name = NULL;
262 return WERR_INVALID_PARAM;
265 /* TODO: - fill the correct names in all cases!
266 * - handle format_flags
269 /* here we need to set the domain_filter and/or the result_filter */
270 switch (format_offered) {
271 case DRSUAPI_DS_NAME_FORMAT_CANONICAL: {
274 str = talloc_strdup(mem_ctx, name);
275 WERR_TALLOC_CHECK(str);
277 if (strlen(str) == 0 || str[strlen(str)-1] != '/') {
278 info1->status = DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR;
282 str[strlen(str)-1] = '\0';
284 domain_filter = talloc_asprintf(mem_ctx,
285 "(&(&(&(dnsRoot=%s)(objectclass=crossRef)))(nETBIOSName=*)(ncName=*))",
287 WERR_TALLOC_CHECK(domain_filter);
291 case DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT: {
294 const char *account = NULL;
296 domain = talloc_strdup(mem_ctx, name);
297 WERR_TALLOC_CHECK(domain);
299 p = strchr(domain, '\\');
301 /* invalid input format */
302 info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
311 domain_filter = talloc_asprintf(mem_ctx,
312 "(&(&(nETBIOSName=%s)(objectclass=crossRef))(ncName=*))",
314 WERR_TALLOC_CHECK(domain_filter);
316 result_filter = talloc_asprintf(mem_ctx, "(sAMAccountName=%s)",
318 WERR_TALLOC_CHECK(result_filter);
324 case DRSUAPI_DS_NAME_FORMAT_FQDN_1779: {
325 name_dn = ldb_dn_explode(mem_ctx, name);
326 domain_filter = NULL;
328 info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
333 case DRSUAPI_DS_NAME_FORMAT_GUID: {
337 domain_filter = NULL;
339 nt_status = GUID_from_string(name, &guid);
340 if (!NT_STATUS_IS_OK(nt_status)) {
341 info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
345 ldap_guid = ldap_encode_ndr_GUID(mem_ctx, &guid);
349 result_filter = talloc_asprintf(mem_ctx, "(objectGUID=%s)",
351 WERR_TALLOC_CHECK(result_filter);
354 case DRSUAPI_DS_NAME_FORMAT_DISPLAY: {
355 domain_filter = NULL;
357 result_filter = talloc_asprintf(mem_ctx, "(|(displayName=%s)(samAccountName=%s))",
359 WERR_TALLOC_CHECK(result_filter);
363 case DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY: {
364 struct dom_sid *sid = dom_sid_parse_talloc(mem_ctx, name);
367 domain_filter = NULL;
369 info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
372 ldap_sid = ldap_encode_ndr_dom_sid(mem_ctx,
377 result_filter = talloc_asprintf(mem_ctx, "(objectSid=%s)",
379 WERR_TALLOC_CHECK(result_filter);
382 case DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL: {
383 krb5_principal principal;
385 ret = krb5_parse_name(smb_krb5_context->krb5_context, name, &principal);
387 info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
391 domain_filter = NULL;
393 ret = krb5_unparse_name(smb_krb5_context->krb5_context, principal, &unparsed_name);
395 krb5_free_principal(smb_krb5_context->krb5_context, principal);
399 krb5_free_principal(smb_krb5_context->krb5_context, principal);
400 result_filter = talloc_asprintf(mem_ctx, "(&(objectClass=user)(userPrincipalName=%s))",
404 WERR_TALLOC_CHECK(result_filter);
407 case DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL: {
408 krb5_principal principal;
409 char *unparsed_name_short;
410 ret = krb5_parse_name_norealm(smb_krb5_context->krb5_context, name, &principal);
411 if (ret || (principal->name.name_string.len < 2)) {
412 info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
416 domain_filter = NULL;
418 ret = krb5_unparse_name_norealm(smb_krb5_context->krb5_context, principal, &unparsed_name_short);
419 krb5_free_principal(smb_krb5_context->krb5_context, principal);
424 result_filter = talloc_asprintf(mem_ctx, "(&(objectClass=user)(servicePrincipalName=%s))",
425 unparsed_name_short);
426 free(unparsed_name_short);
427 WERR_TALLOC_CHECK(result_filter);
432 info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
438 if (format_flags & DRSUAPI_DS_NAME_FLAG_SYNTACTICAL_ONLY) {
439 return DsCrackNameOneSyntactical(mem_ctx, format_offered, format_desired,
440 name_dn, name, info1);
443 return DsCrackNameOneFilter(sam_ctx, mem_ctx,
445 format_flags, format_offered, format_desired,
447 domain_filter, result_filter,
451 static WERROR DsCrackNameOneSyntactical(TALLOC_CTX *mem_ctx,
452 uint32_t format_offered, uint32_t format_desired,
453 const struct ldb_dn *name_dn, const char *name,
454 struct drsuapi_DsNameInfo1 *info1)
457 if (format_offered != DRSUAPI_DS_NAME_FORMAT_FQDN_1779) {
458 info1->status = DRSUAPI_DS_NAME_STATUS_NO_SYNTACTICAL_MAPPING;
462 switch (format_desired) {
463 case DRSUAPI_DS_NAME_FORMAT_CANONICAL:
464 cracked = ldb_dn_canonical_string(mem_ctx, name_dn);
466 case DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX:
467 cracked = ldb_dn_canonical_ex_string(mem_ctx, name_dn);
470 info1->status = DRSUAPI_DS_NAME_STATUS_NO_SYNTACTICAL_MAPPING;
473 info1->status = DRSUAPI_DS_NAME_STATUS_OK;
474 info1->result_name = cracked;
483 static WERROR DsCrackNameOneFilter(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx,
484 struct smb_krb5_context *smb_krb5_context,
485 uint32_t format_flags, uint32_t format_offered, uint32_t format_desired,
486 const struct ldb_dn *name_dn, const char *name,
487 const char *domain_filter, const char *result_filter,
488 struct drsuapi_DsNameInfo1 *info1)
491 struct ldb_message **domain_res = NULL;
492 const char * const *domain_attrs;
493 const char * const *result_attrs;
494 struct ldb_message **result_res = NULL;
495 const struct ldb_dn *result_basedn;
497 /* here we need to set the attrs lists for domain and result lookups */
498 switch (format_desired) {
499 case DRSUAPI_DS_NAME_FORMAT_FQDN_1779:
500 case DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX: {
501 const char * const _domain_attrs[] = { "ncName", "dnsRoot", NULL};
502 const char * const _result_attrs[] = { NULL};
504 domain_attrs = _domain_attrs;
505 result_attrs = _result_attrs;
508 case DRSUAPI_DS_NAME_FORMAT_CANONICAL: {
509 const char * const _domain_attrs[] = { "ncName", "dnsRoot", NULL};
510 const char * const _result_attrs[] = { "canonicalName", NULL };
512 domain_attrs = _domain_attrs;
513 result_attrs = _result_attrs;
516 case DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT: {
517 const char * const _domain_attrs[] = { "ncName", "dnsRoot", "nETBIOSName", NULL};
518 const char * const _result_attrs[] = { "sAMAccountName", "objectSid", NULL};
520 domain_attrs = _domain_attrs;
521 result_attrs = _result_attrs;
524 case DRSUAPI_DS_NAME_FORMAT_GUID: {
525 const char * const _domain_attrs[] = { "ncName", "dnsRoot", NULL};
526 const char * const _result_attrs[] = { "objectGUID", NULL};
528 domain_attrs = _domain_attrs;
529 result_attrs = _result_attrs;
532 case DRSUAPI_DS_NAME_FORMAT_DISPLAY: {
533 const char * const _domain_attrs[] = { "ncName", "dnsRoot", NULL};
534 const char * const _result_attrs[] = { "displayName", "samAccountName", NULL};
536 domain_attrs = _domain_attrs;
537 result_attrs = _result_attrs;
545 /* if we have a domain_filter look it up and set the result_basedn and the dns_domain_name */
546 ldb_ret = gendb_search(sam_ctx, mem_ctx, NULL, &domain_res, domain_attrs,
547 "%s", domain_filter);
549 ldb_ret = gendb_search(sam_ctx, mem_ctx, NULL, &domain_res, domain_attrs,
550 "(ncName=%s)", ldb_dn_linearize(mem_ctx, samdb_base_dn(mem_ctx)));
557 info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
560 info1->status = DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR;
563 info1->status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE;
567 info1->dns_domain_name = samdb_result_string(domain_res[0], "dnsRoot", NULL);
568 WERR_TALLOC_CHECK(info1->dns_domain_name);
569 info1->status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY;
572 result_basedn = samdb_result_dn(mem_ctx, domain_res[0], "ncName", NULL);
574 ldb_ret = gendb_search(sam_ctx, mem_ctx, result_basedn, &result_res,
575 result_attrs, "%s", result_filter);
576 } else if (format_offered == DRSUAPI_DS_NAME_FORMAT_FQDN_1779) {
577 ldb_ret = gendb_search_dn(sam_ctx, mem_ctx, name_dn, &result_res,
580 name_dn = samdb_result_dn(mem_ctx, domain_res[0], "ncName", NULL);
581 ldb_ret = gendb_search_dn(sam_ctx, mem_ctx, name_dn, &result_res,
589 switch (format_offered) {
590 case DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL:
591 return DsCrackNameSPNAlias(sam_ctx, mem_ctx,
593 format_flags, format_offered, format_desired,
596 case DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL:
597 return DsCrackNameUPN(sam_ctx, mem_ctx, smb_krb5_context,
598 format_flags, format_offered, format_desired,
601 info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
604 info1->status = DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR;
607 info1->status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE;
611 /* here we can use result_res[0] and domain_res[0] */
612 switch (format_desired) {
613 case DRSUAPI_DS_NAME_FORMAT_FQDN_1779: {
614 info1->result_name = ldb_dn_linearize(mem_ctx, result_res[0]->dn);
615 WERR_TALLOC_CHECK(info1->result_name);
617 info1->status = DRSUAPI_DS_NAME_STATUS_OK;
620 case DRSUAPI_DS_NAME_FORMAT_CANONICAL: {
621 info1->result_name = samdb_result_string(result_res[0], "canonicalName", NULL);
622 info1->status = DRSUAPI_DS_NAME_STATUS_OK;
625 case DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX: {
626 /* Not in the virtual ldb attribute */
627 return DsCrackNameOneSyntactical(mem_ctx,
628 DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
629 DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX,
630 result_res[0]->dn, name, info1);
632 case DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT: {
633 const struct dom_sid *sid = samdb_result_dom_sid(mem_ctx, result_res[0], "objectSid");
634 const char *_acc = "", *_dom = "";
636 if ((sid->num_auths < 4) || (sid->num_auths > 5)) {
637 info1->status = DRSUAPI_DS_NAME_STATUS_NO_MAPPING;
641 if (sid->num_auths == 4) {
642 ldb_ret = gendb_search(sam_ctx, mem_ctx, NULL, &domain_res, domain_attrs,
643 "(ncName=%s)", ldb_dn_linearize(mem_ctx, result_res[0]->dn));
645 info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
648 _dom = samdb_result_string(domain_res[0], "nETBIOSName", NULL);
649 WERR_TALLOC_CHECK(_dom);
651 } else if (sid->num_auths == 5) {
652 const char *attrs[] = { NULL };
653 struct ldb_message **domain_res2;
654 struct dom_sid *dom_sid = dom_sid_dup(mem_ctx, sid);
658 dom_sid->num_auths--;
659 ldb_ret = gendb_search(sam_ctx, mem_ctx, NULL, &domain_res, attrs,
660 "(objectSid=%s)", ldap_encode_ndr_dom_sid(mem_ctx, dom_sid));
662 info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
665 ldb_ret = gendb_search(sam_ctx, mem_ctx, NULL, &domain_res2, domain_attrs,
666 "(ncName=%s)", ldb_dn_linearize(mem_ctx, domain_res[0]->dn));
668 info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
672 _dom = samdb_result_string(domain_res2[0], "nETBIOSName", NULL);
673 WERR_TALLOC_CHECK(_dom);
675 _acc = samdb_result_string(result_res[0], "sAMAccountName", NULL);
676 WERR_TALLOC_CHECK(_acc);
679 info1->result_name = talloc_asprintf(mem_ctx, "%s\\%s", _dom, _acc);
680 WERR_TALLOC_CHECK(info1->result_name);
682 info1->status = DRSUAPI_DS_NAME_STATUS_OK;
685 case DRSUAPI_DS_NAME_FORMAT_GUID: {
688 guid = samdb_result_guid(result_res[0], "objectGUID");
690 info1->result_name = GUID_string2(mem_ctx, &guid);
691 WERR_TALLOC_CHECK(info1->result_name);
693 info1->status = DRSUAPI_DS_NAME_STATUS_OK;
696 case DRSUAPI_DS_NAME_FORMAT_DISPLAY: {
697 info1->result_name = samdb_result_string(result_res[0], "displayName", NULL);
698 if (!info1->result_name) {
699 info1->result_name = samdb_result_string(result_res[0], "sAMAccountName", NULL);
701 if (!info1->result_name) {
702 info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
704 info1->status = DRSUAPI_DS_NAME_STATUS_OK;
712 return WERR_INVALID_PARAM;
715 NTSTATUS crack_user_principal_name(struct ldb_context *sam_ctx,
717 const char *user_principal_name,
718 struct ldb_dn **user_dn,
719 struct ldb_dn **domain_dn)
722 struct drsuapi_DsNameInfo1 info1;
723 werr = DsCrackNameOneName(sam_ctx, mem_ctx, 0,
724 DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
725 DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
728 if (!W_ERROR_IS_OK(werr)) {
729 return werror_to_ntstatus(werr);
731 switch (info1.status) {
732 case DRSUAPI_DS_NAME_STATUS_OK:
734 case DRSUAPI_DS_NAME_STATUS_NOT_FOUND:
735 case DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY:
736 case DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE:
737 return NT_STATUS_NO_SUCH_USER;
738 case DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR:
740 return NT_STATUS_UNSUCCESSFUL;
743 *user_dn = ldb_dn_explode(mem_ctx, info1.result_name);
746 werr = DsCrackNameOneName(sam_ctx, mem_ctx, 0,
747 DRSUAPI_DS_NAME_FORMAT_CANONICAL,
748 DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
749 talloc_asprintf(mem_ctx, "%s/",
750 info1.dns_domain_name),
752 if (!W_ERROR_IS_OK(werr)) {
753 return werror_to_ntstatus(werr);
755 switch (info1.status) {
756 case DRSUAPI_DS_NAME_STATUS_OK:
758 case DRSUAPI_DS_NAME_STATUS_NOT_FOUND:
759 case DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY:
760 case DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE:
761 return NT_STATUS_NO_SUCH_USER;
762 case DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR:
764 return NT_STATUS_UNSUCCESSFUL;
767 *domain_dn = ldb_dn_explode(mem_ctx, info1.result_name);
774 NTSTATUS crack_service_principal_name(struct ldb_context *sam_ctx,
776 const char *service_principal_name,
777 struct ldb_dn **user_dn,
778 struct ldb_dn **domain_dn)
781 struct drsuapi_DsNameInfo1 info1;
782 werr = DsCrackNameOneName(sam_ctx, mem_ctx, 0,
783 DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
784 DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
785 service_principal_name,
787 if (!W_ERROR_IS_OK(werr)) {
788 return werror_to_ntstatus(werr);
790 switch (info1.status) {
791 case DRSUAPI_DS_NAME_STATUS_OK:
793 case DRSUAPI_DS_NAME_STATUS_NOT_FOUND:
794 case DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY:
795 case DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE:
796 return NT_STATUS_NO_SUCH_USER;
797 case DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR:
799 return NT_STATUS_UNSUCCESSFUL;
802 *user_dn = ldb_dn_explode(mem_ctx, info1.result_name);
805 werr = DsCrackNameOneName(sam_ctx, mem_ctx, 0,
806 DRSUAPI_DS_NAME_FORMAT_CANONICAL,
807 DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
808 talloc_asprintf(mem_ctx, "%s/",
809 info1.dns_domain_name),
811 if (!W_ERROR_IS_OK(werr)) {
812 return werror_to_ntstatus(werr);
814 switch (info1.status) {
815 case DRSUAPI_DS_NAME_STATUS_OK:
817 case DRSUAPI_DS_NAME_STATUS_NOT_FOUND:
818 case DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY:
819 case DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE:
820 return NT_STATUS_NO_SUCH_USER;
821 case DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR:
823 return NT_STATUS_UNSUCCESSFUL;
826 *domain_dn = ldb_dn_explode(mem_ctx, info1.result_name);
git.samba.org / jelmer / samba4-debian.git / blob