#include "rpc_server/dcerpc_server.h"
#include "rpc_server/common/common.h"
#include "lib/ldb/include/ldb.h"
-#include "auth/auth.h"
#include "system/time.h"
#include "db_wrap.h"
+#include "auth/auth.h"
/*
this type allows us to distinguish handle types
struct lsa_policy_state **_state)
{
struct lsa_policy_state *state;
- const char *domain_attrs[] = {"nETBIOSName", "nCName", NULL};
- int ret_domain;
- struct ldb_message **msgs_domain;
state = talloc(mem_ctx, struct lsa_policy_state);
if (!state) {
}
/* make sure the sam database is accessible */
- state->sam_ldb = samdb_connect(state);
+ state->sam_ldb = samdb_connect(state, dce_call->conn->auth_state.session_info);
if (state->sam_ldb == NULL) {
return NT_STATUS_INVALID_SYSTEM_SERVICE;
}
return NT_STATUS_INVALID_SYSTEM_SERVICE;
}
- ret_domain = gendb_search(state->sam_ldb, mem_ctx, NULL, &msgs_domain, domain_attrs,
- "(&(&(nETBIOSName=%s)(objectclass=crossRef))(ncName=*))",
- lp_workgroup());
-
- if (ret_domain == -1) {
- return NT_STATUS_INTERNAL_DB_CORRUPTION;
- }
-
- if (ret_domain != 1) {
- return NT_STATUS_NO_SUCH_DOMAIN;
- }
-
/* work out the domain_dn - useful for so many calls its worth
fetching here */
- state->domain_dn = samdb_result_dn(state, msgs_domain[0], "nCName", NULL);
+ state->domain_dn = samdb_base_dn(state);
if (!state->domain_dn) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ state->domain_name
+ = samdb_search_string(state->sam_ldb, state, NULL, "nETBIOSName",
+ "(&(objectclass=crossRef)(ncName=%s))", ldb_dn_linearize(mem_ctx, state->domain_dn));
+
+ if (!state->domain_name) {
return NT_STATUS_NO_SUCH_DOMAIN;
}
+ talloc_steal(state, state->domain_name);
/* work out the builtin_dn - useful for so many calls its worth
fetching here */
- state->builtin_dn = ldb_dn_explode(state,
- samdb_search_string(state->sam_ldb, mem_ctx, NULL,
- "dn", "objectClass=builtinDomain"));
+ state->builtin_dn = samdb_search_dn(state->sam_ldb, state, state->domain_dn, "(objectClass=builtinDomain)");
if (!state->builtin_dn) {
return NT_STATUS_NO_SUCH_DOMAIN;
}
/* work out the system_dn - useful for so many calls its worth
fetching here */
- state->system_dn = ldb_dn_explode(state,
- samdb_search_string(state->sam_ldb, mem_ctx, state->domain_dn,
- "dn", "(&(objectClass=container)(cn=System))"));
+ state->system_dn = samdb_search_dn(state->sam_ldb, state,
+ state->domain_dn, "(&(objectClass=container)(cn=System))");
if (!state->system_dn) {
return NT_STATUS_NO_SUCH_DOMAIN;
}
- state->domain_sid = talloc_steal(state,
- samdb_search_dom_sid(state->sam_ldb, state,
- state->domain_dn, "objectSid", "dn=%s",
- ldb_dn_linearize(mem_ctx, state->domain_dn)));
+ state->domain_sid = samdb_search_dom_sid(state->sam_ldb, state,
+ state->domain_dn, "objectSid", NULL);
if (!state->domain_sid) {
return NT_STATUS_NO_SUCH_DOMAIN;
}
+ talloc_steal(state, state->domain_sid);
+
state->builtin_sid = dom_sid_parse_talloc(state, SID_BUILTIN);
if (!state->builtin_sid) {
return NT_STATUS_NO_SUCH_DOMAIN;
}
- state->domain_name = talloc_strdup(state,
- samdb_result_string(msgs_domain[0], "nETBIOSName",
- lp_workgroup()));
-
*_state = state;
return NT_STATUS_OK;
}
domains->domains = talloc_realloc(domains,
- domains->domains,
- struct lsa_TrustInformation,
- domains->count+1);
+ domains->domains,
+ struct lsa_TrustInformation,
+ domains->count+1);
if (domains->domains == NULL) {
return NT_STATUS_NO_MEMORY;
}
r3.in.unknown1 = 0;
r3.in.unknown2 = 0;
r3.out.count = r->out.count;
+ r3.out.names = NULL;
status = lsa_LookupSids3(dce_call, mem_ctx, &r3);
if (dce_call->fault_code != 0) {
}
r->out.domains = r3.out.domains;
+ if (!r3.out.names) {
+ r->out.names = NULL;
+ return status;
+ }
+
r->out.names = talloc(mem_ctx, struct lsa_TransNameArray);
if (r->out.names == NULL) {
return NT_STATUS_NO_MEMORY;
}
/* check it really exists */
- astate->account_dn =
- ldb_dn_explode(mem_ctx,
- samdb_search_string(state->sam_ldb, astate,
- NULL, "dn",
- "(&(objectSid=%s)(objectClass=group))",
- ldap_encode_ndr_dom_sid(mem_ctx,
- astate->account_sid)));
+ astate->account_dn = samdb_search_dn(state->sam_ldb, astate,
+ NULL, "(&(objectSid=%s)(objectClass=group))",
+ ldap_encode_ndr_dom_sid(mem_ctx, astate->account_sid));
if (astate->account_dn == NULL) {
talloc_free(astate);
return NT_STATUS_NO_SUCH_USER;
struct ldb_message *msg;
struct ldb_message_element el;
int i, ret;
- const char *dn;
struct lsa_EnumAccountRights r2;
sidstr = ldap_encode_ndr_dom_sid(mem_ctx, sid);
return NT_STATUS_NO_MEMORY;
}
- dn = samdb_search_string(state->sam_ldb, mem_ctx, NULL, "dn",
- "objectSid=%s", sidstr);
- if (dn == NULL) {
- return NT_STATUS_NO_SUCH_USER;
- }
-
- msg->dn = ldb_dn_explode(mem_ctx, dn);
+ msg->dn = samdb_search_dn(state->sam_ldb, mem_ctx, NULL, "objectSid=%s", sidstr);
if (msg->dn == NULL) {
- return NT_STATUS_NO_MEMORY;
+ return NT_STATUS_NO_SUCH_USER;
}
- if (ldb_msg_add_empty(state->sam_ldb, msg, "privilege", ldb_flag)) {
+ if (ldb_msg_add_empty(msg, "privilege", ldb_flag)) {
return NT_STATUS_NO_MEMORY;
}
if (ldb_flag == LDB_FLAG_MOD_ADD) {
int j;
for (j=0;j<r2.out.rights->count;j++) {
- if (StrCaseCmp(r2.out.rights->names[j].string,
+ if (strcasecmp_m(r2.out.rights->names[j].string,
rights->names[i].string) == 0) {
break;
}
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
- msg->dn = ldb_dn_build_child(mem_ctx,
- "cn", name,
- ldb_dn_build_child(mem_ctx,
- "cn", "LSA Secrets", NULL));
+ msg->dn = ldb_dn_string_compose(mem_ctx, NULL, "cn=%s,cn=LSA Secrets", name);
samdb_msg_add_string(secret_state->sam_ldb, mem_ctx, msg, "cn", name);
}
lsa_GetUserName
*/
static NTSTATUS lsa_GetUserName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
- struct lsa_GetUserName *r)
+ struct lsa_GetUserName *r)
{
NTSTATUS status = NT_STATUS_OK;
const char *account_name;
return NT_STATUS_INVALID_PARAMETER;
}
- /* TODO: this check should go and we should rely on the calling code that this is valid */
- if (!dce_call->conn->auth_state.session_info ||
- !dce_call->conn->auth_state.session_info->server_info ||
- !dce_call->conn->auth_state.session_info->server_info->account_name ||
- !dce_call->conn->auth_state.session_info->server_info->domain_name) {
- return NT_STATUS_INTERNAL_ERROR;
- }
-
account_name = talloc_reference(mem_ctx, dce_call->conn->auth_state.session_info->server_info->account_name);
authority_name = talloc_reference(mem_ctx, dce_call->conn->auth_state.session_info->server_info->domain_name);
/*
lsa_SetDomInfoPolicy
*/
-static NTSTATUS lsa_SetDomInfoPolicy(struct dcesrv_call_state *dce_call,
- TALLOC_CTX *mem_ctx,
- struct lsa_SetDomInfoPolicy *r)
+static NTSTATUS lsa_SetDomainInformationPolicy(struct dcesrv_call_state *dce_call,
+ TALLOC_CTX *mem_ctx,
+ struct lsa_SetDomainInformationPolicy *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}