#include "rpc_server/dcerpc_server.h"
#include "rpc_server/common/common.h"
#include "lib/ldb/include/ldb.h"
-#include "auth/auth.h"
#include "system/time.h"
#include "db_wrap.h"
+#include "auth/auth.h"
/*
this type allows us to distinguish handle types
*/
struct lsa_policy_state {
struct dcesrv_handle *handle;
- struct ldb_wrap *sam_ctx;
+ struct ldb_context *sam_ldb;
struct sidmap_context *sidmap;
uint32_t access_mask;
- const char *domain_dn;
- const char *builtin_dn;
- const char *system_dn;
+ const struct ldb_dn *domain_dn;
+ const struct ldb_dn *builtin_dn;
+ const struct ldb_dn *system_dn;
const char *domain_name;
struct dom_sid *domain_sid;
struct dom_sid *builtin_sid;
struct lsa_policy_state *policy;
uint32_t access_mask;
struct dom_sid *account_sid;
- const char *account_sid_str;
- const char *account_dn;
+ const struct ldb_dn *account_dn;
};
struct lsa_secret_state {
struct lsa_policy_state *policy;
uint32_t access_mask;
- const char *secret_dn;
- struct ldb_wrap *sam_ctx;
+ const struct ldb_dn *secret_dn;
+ struct ldb_context *sam_ldb;
BOOL global;
};
struct lsa_trusted_domain_state {
struct lsa_policy_state *policy;
uint32_t access_mask;
- const char *trusted_domain_dn;
+ const struct ldb_dn *trusted_domain_dn;
};
/*
DCESRV_PULL_HANDLE(h, r->in.handle, DCESRV_HANDLE_ANY);
if (h->wire_handle.handle_type == LSA_HANDLE_SECRET) {
struct lsa_secret_state *secret_state = h->data;
- ret = samdb_delete(secret_state->sam_ctx, mem_ctx, secret_state->secret_dn);
+ ret = samdb_delete(secret_state->sam_ldb, mem_ctx, secret_state->secret_dn);
talloc_free(h);
if (ret != 0) {
return NT_STATUS_INVALID_HANDLE;
return NT_STATUS_OK;
} else if (h->wire_handle.handle_type == LSA_HANDLE_TRUSTED_DOMAIN) {
struct lsa_trusted_domain_state *trusted_domain_state = h->data;
- ret = samdb_delete(trusted_domain_state->policy->sam_ctx, mem_ctx,
+ ret = samdb_delete(trusted_domain_state->policy->sam_ldb, mem_ctx,
trusted_domain_state->trusted_domain_dn);
talloc_free(h);
if (ret != 0) {
struct lsa_policy_state **_state)
{
struct lsa_policy_state *state;
- const char *sid_str;
state = talloc(mem_ctx, struct lsa_policy_state);
if (!state) {
}
/* make sure the sam database is accessible */
- state->sam_ctx = samdb_connect(state);
- if (state->sam_ctx == NULL) {
+ state->sam_ldb = samdb_connect(state, dce_call->conn->auth_state.session_info);
+ if (state->sam_ldb == NULL) {
return NT_STATUS_INVALID_SYSTEM_SERVICE;
}
/* work out the domain_dn - useful for so many calls its worth
fetching here */
- state->domain_dn = talloc_reference(state,
- samdb_search_string(state->sam_ctx, mem_ctx, NULL,
- "dn", "(&(objectClass=domain)(!(objectclass=builtinDomain)))"));
+ state->domain_dn = samdb_base_dn(state);
if (!state->domain_dn) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ state->domain_name
+ = samdb_search_string(state->sam_ldb, state, NULL, "nETBIOSName",
+ "(&(objectclass=crossRef)(ncName=%s))", ldb_dn_linearize(mem_ctx, state->domain_dn));
+
+ if (!state->domain_name) {
return NT_STATUS_NO_SUCH_DOMAIN;
}
+ talloc_steal(state, state->domain_name);
/* work out the builtin_dn - useful for so many calls its worth
fetching here */
- state->builtin_dn = talloc_reference(state,
- samdb_search_string(state->sam_ctx, mem_ctx, NULL,
- "dn", "objectClass=builtinDomain"));
+ state->builtin_dn = samdb_search_dn(state->sam_ldb, state, state->domain_dn, "(objectClass=builtinDomain)");
if (!state->builtin_dn) {
return NT_STATUS_NO_SUCH_DOMAIN;
}
/* work out the system_dn - useful for so many calls its worth
fetching here */
- state->system_dn = talloc_reference(state,
- samdb_search_string(state->sam_ctx, mem_ctx, state->domain_dn,
- "dn", "(&(objectClass=container)(cn=System))"));
+ state->system_dn = samdb_search_dn(state->sam_ldb, state,
+ state->domain_dn, "(&(objectClass=container)(cn=System))");
if (!state->system_dn) {
return NT_STATUS_NO_SUCH_DOMAIN;
}
- sid_str = samdb_search_string(state->sam_ctx, mem_ctx, NULL,
- "objectSid", "dn=%s", state->domain_dn);
- if (!sid_str) {
- return NT_STATUS_NO_SUCH_DOMAIN;
- }
-
- state->domain_sid = dom_sid_parse_talloc(state, sid_str);
+ state->domain_sid = samdb_search_dom_sid(state->sam_ldb, state,
+ state->domain_dn, "objectSid", NULL);
if (!state->domain_sid) {
return NT_STATUS_NO_SUCH_DOMAIN;
}
+ talloc_steal(state, state->domain_sid);
+
state->builtin_sid = dom_sid_parse_talloc(state, SID_BUILTIN);
if (!state->builtin_sid) {
return NT_STATUS_NO_SUCH_DOMAIN;
}
- state->domain_name = talloc_reference(state,
- samdb_search_string(state->sam_ctx, mem_ctx, NULL,
- "name", "dn=%s", state->domain_dn));
- if (!state->domain_name) {
- return NT_STATUS_NO_SUCH_DOMAIN;
- }
-
*_state = state;
return NT_STATUS_OK;
static NTSTATUS lsa_info_AccountDomain(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx,
struct lsa_DomainInfo *info)
{
- const char * const attrs[] = { "objectSid", "name", NULL};
- int ret;
- struct ldb_message **res;
-
- ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs,
- "dn=%s", state->domain_dn);
- if (ret != 1) {
- return NT_STATUS_INTERNAL_DB_CORRUPTION;
- }
-
- info->name.string = samdb_result_string(res[0], "name", NULL);
- info->sid = samdb_result_dom_sid(mem_ctx, res[0], "objectSid");
+ info->name.string = state->domain_name;
+ info->sid = state->domain_sid;
return NT_STATUS_OK;
}
static NTSTATUS lsa_info_DNS(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx,
struct lsa_DnsDomainInfo *info)
{
- const char * const attrs[] = { "name", "dnsDomain", "objectGUID", "objectSid", NULL };
+ const char * const attrs[] = { "dnsDomain", "objectGUID", "objectSid", NULL };
int ret;
struct ldb_message **res;
- ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs,
- "dn=%s", state->domain_dn);
+ ret = gendb_search_dn(state->sam_ldb, mem_ctx, state->domain_dn, &res, attrs);
if (ret != 1) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
- info->name.string = samdb_result_string(res[0], "name", NULL);
+ info->name.string = state->domain_name;
+ info->sid = state->domain_sid;
info->dns_domain.string = samdb_result_string(res[0], "dnsDomain", NULL);
info->dns_forest.string = samdb_result_string(res[0], "dnsDomain", NULL);
info->domain_guid = samdb_result_guid(res[0], "objectGUID");
- info->sid = samdb_result_dom_sid(mem_ctx, res[0], "objectSid");
return NT_STATUS_OK;
}
state = h->data;
- ret = samdb_search(state->sam_ctx, mem_ctx, state->builtin_dn, &res, attrs,
+ ret = gendb_search(state->sam_ldb, mem_ctx, state->builtin_dn, &res, attrs,
"privilege=*");
if (ret <= 0) {
return NT_STATUS_NO_SUCH_USER;
}
for (i=0;i<count;i++) {
- const char *sidstr;
-
- sidstr = samdb_result_string(res[i + *r->in.resume_handle], "objectSid", NULL);
- if (sidstr == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
- r->out.sids->sids[i].sid = dom_sid_parse_talloc(r->out.sids->sids, sidstr);
- if (r->out.sids->sids[i].sid == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
+ r->out.sids->sids[i].sid =
+ samdb_result_dom_sid(r->out.sids->sids,
+ res[i + *r->in.resume_handle],
+ "objectSid");
+ NT_STATUS_HAVE_NO_MEMORY(r->out.sids->sids[i].sid);
}
r->out.sids->num_sids = count;
}
/* search for the trusted_domain record */
- ret = samdb_search(trusted_domain_state->policy->sam_ctx,
+ ret = gendb_search(trusted_domain_state->policy->sam_ldb,
mem_ctx, policy_state->system_dn, &msgs, attrs,
"(&(cn=%s)(objectclass=trustedDomain))",
r->in.info->name.string);
}
if (ret < 0 || ret > 1) {
- DEBUG(0,("Found %d records matching DN %s\n", ret, policy_state->system_dn));
+ DEBUG(0,("Found %d records matching DN %s\n", ret,
+ ldb_dn_linearize(mem_ctx, policy_state->system_dn)));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
- msg->dn = talloc_asprintf(mem_ctx, "cn=%s,%s", r->in.info->name.string,
- policy_state->system_dn);
+ msg->dn = ldb_dn_build_child(mem_ctx, "cn",
+ r->in.info->name.string,
+ policy_state->system_dn);
if (!msg->dn) {
return NT_STATUS_NO_MEMORY;
}
- samdb_msg_add_string(trusted_domain_state->policy->sam_ctx, mem_ctx, msg, "cn", name);
- samdb_msg_add_string(trusted_domain_state->policy->sam_ctx, mem_ctx, msg, "flatname", name);
+ samdb_msg_add_string(trusted_domain_state->policy->sam_ldb, mem_ctx, msg, "cn", name);
+ samdb_msg_add_string(trusted_domain_state->policy->sam_ldb, mem_ctx, msg, "flatname", name);
if (r->in.info->sid) {
const char *sid_string = dom_sid_string(mem_ctx, r->in.info->sid);
return NT_STATUS_NO_MEMORY;
}
- samdb_msg_add_string(trusted_domain_state->policy->sam_ctx, mem_ctx, msg, "securityIdentifier", sid_string);
+ samdb_msg_add_string(trusted_domain_state->policy->sam_ldb, mem_ctx, msg, "securityIdentifier", sid_string);
}
- /* pull in all the template attributes. Note this is always from the global samdb */
- ret = samdb_copy_template(trusted_domain_state->policy->sam_ctx, mem_ctx, msg,
- "(&(name=TemplateTrustedDomain)(objectclass=trustedDomainTemplate))");
- if (ret != 0) {
- DEBUG(0,("Failed to load TemplateTrustedDomain from samdb\n"));
- return NT_STATUS_INTERNAL_DB_CORRUPTION;
- }
-
- samdb_msg_add_string(trusted_domain_state->policy->sam_ctx, mem_ctx, msg, "objectClass", "trustedDomain");
+ samdb_msg_add_string(trusted_domain_state->policy->sam_ldb, mem_ctx, msg, "objectClass", "trustedDomain");
trusted_domain_state->trusted_domain_dn = talloc_reference(trusted_domain_state, msg->dn);
/* create the trusted_domain */
- ret = samdb_add(trusted_domain_state->policy->sam_ctx, mem_ctx, msg);
+ ret = samdb_add(trusted_domain_state->policy->sam_ldb, mem_ctx, msg);
if (ret != 0) {
- DEBUG(0,("Failed to create trusted_domain record %s\n", msg->dn));
+ DEBUG(0,("Failed to create trusted_domain record %s\n",
+ ldb_dn_linearize(mem_ctx, msg->dn)));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
}
/* search for the trusted_domain record */
- ret = samdb_search(trusted_domain_state->policy->sam_ctx,
+ ret = gendb_search(trusted_domain_state->policy->sam_ldb,
mem_ctx, policy_state->system_dn, &msgs, attrs,
"(&(securityIdentifier=%s)(objectclass=trustedDomain))",
sid_string);
}
if (ret != 1) {
- DEBUG(0,("Found %d records matching DN %s\n", ret, policy_state->system_dn));
+ DEBUG(0,("Found %d records matching DN %s\n", ret,
+ ldb_dn_linearize(mem_ctx, policy_state->system_dn)));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
trusted_domain_state->policy = policy_state;
/* search for the trusted_domain record */
- ret = samdb_search(trusted_domain_state->policy->sam_ctx,
+ ret = gendb_search(trusted_domain_state->policy->sam_ldb,
mem_ctx, policy_state->system_dn, &msgs, attrs,
"(&(flatname=%s)(objectclass=trustedDomain))",
r->in.name.string);
}
if (ret != 1) {
- DEBUG(0,("Found %d records matching DN %s\n", ret, policy_state->system_dn));
+ DEBUG(0,("Found %d records matching DN %s\n", ret,
+ ldb_dn_linearize(mem_ctx, policy_state->system_dn)));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
trusted_domain_state = h->data;
/* pull all the user attributes */
- ret = samdb_search(trusted_domain_state->policy->sam_ctx, mem_ctx, NULL, &res, attrs,
- "dn=%s", trusted_domain_state->trusted_domain_dn);
+ ret = gendb_search_dn(trusted_domain_state->policy->sam_ldb, mem_ctx,
+ trusted_domain_state->trusted_domain_dn, &res, attrs);
if (ret != 1) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
/* search for all users in this domain. This could possibly be cached and
resumed based on resume_key */
- count = samdb_search(policy_state->sam_ctx, mem_ctx, policy_state->system_dn, &domains, attrs,
+ count = gendb_search(policy_state->sam_ldb, mem_ctx, policy_state->system_dn, &domains, attrs,
"objectclass=trustedDomain");
if (count == -1) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
domains->domains = talloc_realloc(domains,
- domains->domains,
- struct lsa_TrustInformation,
- domains->count+1);
+ domains->domains,
+ struct lsa_TrustInformation,
+ domains->count+1);
if (domains->domains == NULL) {
return NT_STATUS_NO_MEMORY;
}
const char * const attrs[] = { "sAMAccountName", "sAMAccountType", "name", NULL};
NTSTATUS status;
- ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs,
- "objectSid=%s", sid_str);
+ ret = gendb_search(state->sam_ldb, mem_ctx, NULL, &res, attrs,
+ "objectSid=%s", ldap_encode_ndr_dom_sid(mem_ctx, sid));
if (ret == 1) {
*name = ldb_msg_find_string(res[0], "sAMAccountName", NULL);
if (!*name) {
r3.in.unknown1 = 0;
r3.in.unknown2 = 0;
r3.out.count = r->out.count;
+ r3.out.names = NULL;
status = lsa_LookupSids3(dce_call, mem_ctx, &r3);
if (dce_call->fault_code != 0) {
}
r->out.domains = r3.out.domains;
+ if (!r3.out.names) {
+ r->out.names = NULL;
+ return status;
+ }
+
r->out.names = talloc(mem_ctx, struct lsa_TransNameArray);
if (r->out.names == NULL) {
return NT_STATUS_NO_MEMORY;
return NT_STATUS_NO_MEMORY;
}
- astate->account_sid_str = dom_sid_string(astate, astate->account_sid);
- if (astate->account_sid_str == NULL) {
- talloc_free(astate);
- return NT_STATUS_NO_MEMORY;
- }
-
/* check it really exists */
- astate->account_dn = samdb_search_string(state->sam_ctx, astate,
- NULL, "dn",
- "(&(objectSid=%s)(objectClass=group))",
- astate->account_sid_str);
+ astate->account_dn = samdb_search_dn(state->sam_ldb, astate,
+ NULL, "(&(objectSid=%s)(objectClass=group))",
+ ldap_encode_ndr_dom_sid(mem_ctx, astate->account_sid));
if (astate->account_dn == NULL) {
talloc_free(astate);
return NT_STATUS_NO_SUCH_USER;
r->out.privs->unknown = 0;
r->out.privs->set = NULL;
- ret = samdb_search(astate->policy->sam_ctx, mem_ctx, NULL, &res, attrs,
- "dn=%s", astate->account_dn);
+ ret = gendb_search_dn(astate->policy->sam_ldb, mem_ctx,
+ astate->account_dn, &res, attrs);
if (ret != 1) {
return NT_STATUS_OK;
}
}
for (i=0;i<el->num_values;i++) {
- int id = sec_privilege_id(el->values[i].data);
+ int id = sec_privilege_id((const char *)el->values[i].data);
if (id == -1) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
state = h->data;
- sidstr = dom_sid_string(mem_ctx, r->in.sid);
+ sidstr = ldap_encode_ndr_dom_sid(mem_ctx, r->in.sid);
if (sidstr == NULL) {
return NT_STATUS_NO_MEMORY;
}
- ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs,
+ ret = gendb_search(state->sam_ldb, mem_ctx, NULL, &res, attrs,
"objectSid=%s", sidstr);
if (ret != 1) {
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
for (i=0;i<el->num_values;i++) {
- r->out.rights->names[i].string = el->values[i].data;
+ r->out.rights->names[i].string = (const char *)el->values[i].data;
}
return NT_STATUS_OK;
struct ldb_message *msg;
struct ldb_message_element el;
int i, ret;
- const char *dn;
struct lsa_EnumAccountRights r2;
- sidstr = dom_sid_string(mem_ctx, sid);
+ sidstr = ldap_encode_ndr_dom_sid(mem_ctx, sid);
if (sidstr == NULL) {
return NT_STATUS_NO_MEMORY;
}
return NT_STATUS_NO_MEMORY;
}
- dn = samdb_search_string(state->sam_ctx, mem_ctx, NULL, "dn",
- "objectSid=%s", sidstr);
- if (dn == NULL) {
- return NT_STATUS_NO_SUCH_USER;
- }
-
- msg->dn = talloc_strdup(mem_ctx, dn);
+ msg->dn = samdb_search_dn(state->sam_ldb, mem_ctx, NULL, "objectSid=%s", sidstr);
if (msg->dn == NULL) {
- return NT_STATUS_NO_MEMORY;
+ return NT_STATUS_NO_SUCH_USER;
}
- if (ldb_msg_add_empty(state->sam_ctx->ldb, msg, "privilege", ldb_flag)) {
+ if (ldb_msg_add_empty(msg, "privilege", ldb_flag)) {
return NT_STATUS_NO_MEMORY;
}
if (ldb_flag == LDB_FLAG_MOD_ADD) {
int j;
for (j=0;j<r2.out.rights->count;j++) {
- if (StrCaseCmp(r2.out.rights->names[j].string,
+ if (strcasecmp_m(r2.out.rights->names[j].string,
rights->names[i].string) == 0) {
break;
}
el.values[el.num_values].length = strlen(rights->names[i].string);
- el.values[el.num_values].data = talloc_strdup(mem_ctx, rights->names[i].string);
+ el.values[el.num_values].data = (uint8_t *)talloc_strdup(mem_ctx, rights->names[i].string);
if (el.values[el.num_values].data == NULL) {
return NT_STATUS_NO_MEMORY;
}
return NT_STATUS_OK;
}
- ret = samdb_modify(state->sam_ctx, mem_ctx, msg);
+ ret = samdb_modify(state->sam_ldb, mem_ctx, msg);
if (ret != 0) {
if (ldb_flag == LDB_FLAG_MOD_DELETE) {
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
if (strncmp("G$", r->in.name.string, 2) == 0) {
const char *name2;
name = &r->in.name.string[2];
- secret_state->sam_ctx = talloc_reference(secret_state, policy_state->sam_ctx);
+ secret_state->sam_ldb = talloc_reference(secret_state, policy_state->sam_ldb);
secret_state->global = True;
if (strlen(name) < 1) {
name2 = talloc_asprintf(mem_ctx, "%s Secret", name);
/* search for the secret record */
- ret = samdb_search(secret_state->sam_ctx,
+ ret = gendb_search(secret_state->sam_ldb,
mem_ctx, policy_state->system_dn, &msgs, attrs,
"(&(cn=%s)(objectclass=secret))",
name2);
}
if (ret < 0 || ret > 1) {
- DEBUG(0,("Found %d records matching DN %s\n", ret, policy_state->system_dn));
+ DEBUG(0,("Found %d records matching DN %s\n", ret,
+ ldb_dn_linearize(mem_ctx, policy_state->system_dn)));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
- msg->dn = talloc_asprintf(mem_ctx, "cn=%s,%s", name2, policy_state->system_dn);
+ msg->dn = ldb_dn_build_child(mem_ctx, "cn", name2, policy_state->system_dn);
if (!name2 || !msg->dn) {
return NT_STATUS_NO_MEMORY;
}
- samdb_msg_add_string(secret_state->sam_ctx, mem_ctx, msg, "cn", name2);
+ samdb_msg_add_string(secret_state->sam_ldb, mem_ctx, msg, "cn", name2);
} else {
secret_state->global = False;
return NT_STATUS_INVALID_PARAMETER;
}
- secret_state->sam_ctx = talloc_reference(secret_state, secrets_db_connect(mem_ctx));
+ secret_state->sam_ldb = talloc_reference(secret_state, secrets_db_connect(mem_ctx));
/* search for the secret record */
- ret = samdb_search(secret_state->sam_ctx,
- mem_ctx, "cn=LSA Secrets", &msgs, attrs,
- "(&(cn=%s)(objectclass=secret))",
- name);
+ ret = gendb_search(secret_state->sam_ldb, mem_ctx,
+ ldb_dn_explode(mem_ctx, "cn=LSA Secrets"),
+ &msgs, attrs,
+ "(&(cn=%s)(objectclass=secret))", name);
if (ret > 0) {
return NT_STATUS_OBJECT_NAME_COLLISION;
}
if (ret < 0 || ret > 1) {
- DEBUG(0,("Found %d records matching DN %s\n", ret, policy_state->system_dn));
+ DEBUG(0,("Found %d records matching DN %s\n", ret,
+ ldb_dn_linearize(mem_ctx, policy_state->system_dn)));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
- msg->dn = talloc_asprintf(mem_ctx, "cn=%s,cn=LSA Secrets", name);
- samdb_msg_add_string(secret_state->sam_ctx, mem_ctx, msg, "cn", name);
+ msg->dn = ldb_dn_string_compose(mem_ctx, NULL, "cn=%s,cn=LSA Secrets", name);
+ samdb_msg_add_string(secret_state->sam_ldb, mem_ctx, msg, "cn", name);
}
/* pull in all the template attributes. Note this is always from the global samdb */
- ret = samdb_copy_template(secret_state->policy->sam_ctx, mem_ctx, msg,
+ ret = samdb_copy_template(secret_state->policy->sam_ldb, mem_ctx, msg,
"(&(name=TemplateSecret)(objectclass=secretTemplate))");
if (ret != 0) {
DEBUG(0,("Failed to load TemplateSecret from samdb\n"));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
- samdb_msg_add_string(secret_state->sam_ctx, mem_ctx, msg, "objectClass", "secret");
+ samdb_msg_add_string(secret_state->sam_ldb, mem_ctx, msg, "objectClass", "secret");
secret_state->secret_dn = talloc_reference(secret_state, msg->dn);
/* create the secret */
- ret = samdb_add(secret_state->sam_ctx, mem_ctx, msg);
+ ret = samdb_add(secret_state->sam_ldb, mem_ctx, msg);
if (ret != 0) {
- DEBUG(0,("Failed to create secret record %s\n", msg->dn));
+ DEBUG(0,("Failed to create secret record %s\n",
+ ldb_dn_linearize(mem_ctx, msg->dn)));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
if (strncmp("G$", r->in.name.string, 2) == 0) {
name = &r->in.name.string[2];
- secret_state->sam_ctx = talloc_reference(secret_state, policy_state->sam_ctx);
+ secret_state->sam_ldb = talloc_reference(secret_state, policy_state->sam_ldb);
secret_state->global = True;
if (strlen(name) < 1) {
}
/* search for the secret record */
- ret = samdb_search(secret_state->sam_ctx,
+ ret = gendb_search(secret_state->sam_ldb,
mem_ctx, policy_state->system_dn, &msgs, attrs,
"(&(cn=%s Secret)(objectclass=secret))",
name);
}
if (ret != 1) {
- DEBUG(0,("Found %d records matching DN %s\n", ret, policy_state->system_dn));
+ DEBUG(0,("Found %d records matching DN %s\n", ret,
+ ldb_dn_linearize(mem_ctx, policy_state->system_dn)));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
} else {
- secret_state->sam_ctx = talloc_reference(secret_state, secrets_db_connect(mem_ctx));
+ secret_state->sam_ldb = talloc_reference(secret_state, secrets_db_connect(mem_ctx));
secret_state->global = False;
name = r->in.name.string;
}
/* search for the secret record */
- ret = samdb_search(secret_state->sam_ctx,
- mem_ctx, "cn=LSA Secrets", &msgs, attrs,
- "(&(cn=%s)(objectclass=secret))",
- name);
+ ret = gendb_search(secret_state->sam_ldb, mem_ctx,
+ ldb_dn_explode(mem_ctx, "cn=LSA Secrets"),
+ &msgs, attrs,
+ "(&(cn=%s)(objectclass=secret))", name);
if (ret == 0) {
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
if (ret != 1) {
- DEBUG(0,("Found %d records matching DN %s\n", ret, policy_state->system_dn));
+ DEBUG(0,("Found %d records matching DN %s\n", ret,
+ ldb_dn_linearize(mem_ctx, policy_state->system_dn)));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
}
val.length = secret.length;
/* set value */
- if (samdb_msg_add_value(secret_state->sam_ctx,
+ if (samdb_msg_add_value(secret_state->sam_ldb,
mem_ctx, msg, "priorSecret", &val) != 0) {
return NT_STATUS_NO_MEMORY;
}
/* set old value mtime */
- if (samdb_msg_add_uint64(secret_state->sam_ctx,
+ if (samdb_msg_add_uint64(secret_state->sam_ldb,
mem_ctx, msg, "priorSetTime", nt_now) != 0) {
return NT_STATUS_NO_MEMORY;
}
/* This behaviour varies depending of if this is a local, or a global secret... */
if (secret_state->global) {
/* set old value mtime */
- if (samdb_msg_add_uint64(secret_state->sam_ctx,
+ if (samdb_msg_add_uint64(secret_state->sam_ldb,
mem_ctx, msg, "lastSetTime", nt_now) != 0) {
return NT_STATUS_NO_MEMORY;
}
} else {
- if (samdb_msg_add_delete(secret_state->sam_ctx,
+ if (samdb_msg_add_delete(secret_state->sam_ldb,
mem_ctx, msg, "secret")) {
return NT_STATUS_NO_MEMORY;
}
- if (samdb_msg_add_delete(secret_state->sam_ctx,
+ if (samdb_msg_add_delete(secret_state->sam_ldb,
mem_ctx, msg, "lastSetTime")) {
return NT_STATUS_NO_MEMORY;
}
val.length = secret.length;
/* set value */
- if (samdb_msg_add_value(secret_state->sam_ctx,
+ if (samdb_msg_add_value(secret_state->sam_ldb,
mem_ctx, msg, "secret", &val) != 0) {
return NT_STATUS_NO_MEMORY;
}
/* set new value mtime */
- if (samdb_msg_add_uint64(secret_state->sam_ctx,
+ if (samdb_msg_add_uint64(secret_state->sam_ldb,
mem_ctx, msg, "lastSetTime", nt_now) != 0) {
return NT_STATUS_NO_MEMORY;
}
};
/* search for the secret record */
- ret = samdb_search(secret_state->sam_ctx,
- mem_ctx, NULL, &res, attrs,
- "(dn=%s)", secret_state->secret_dn);
+ ret = gendb_search_dn(secret_state->sam_ldb,mem_ctx,
+ secret_state->secret_dn, &res, attrs);
if (ret == 0) {
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
if (ret != 1) {
- DEBUG(0,("Found %d records matching dn=%s\n", ret, secret_state->secret_dn));
+ DEBUG(0,("Found %d records matching dn=%s\n", ret,
+ ldb_dn_linearize(mem_ctx, secret_state->secret_dn)));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
if (new_val) {
/* set value */
- if (samdb_msg_add_value(secret_state->sam_ctx,
+ if (samdb_msg_add_value(secret_state->sam_ldb,
mem_ctx, msg, "priorSecret",
new_val) != 0) {
return NT_STATUS_NO_MEMORY;
/* set new value mtime */
if (ldb_msg_find_ldb_val(res[0], "lastSetTime")) {
- if (samdb_msg_add_uint64(secret_state->sam_ctx,
+ if (samdb_msg_add_uint64(secret_state->sam_ldb,
mem_ctx, msg, "priorSetTime", last_set_time) != 0) {
return NT_STATUS_NO_MEMORY;
}
}
/* modify the samdb record */
- ret = samdb_replace(secret_state->sam_ctx, mem_ctx, msg);
+ ret = samdb_replace(secret_state->sam_ldb, mem_ctx, msg);
if (ret != 0) {
/* we really need samdb.c to return NTSTATUS */
return NT_STATUS_UNSUCCESSFUL;
secret_state = h->data;
/* pull all the user attributes */
- ret = samdb_search(secret_state->sam_ctx, mem_ctx, NULL, &res, attrs,
- "dn=%s", secret_state->secret_dn);
+ ret = gendb_search_dn(secret_state->sam_ldb, mem_ctx,
+ secret_state->secret_dn, &res, attrs);
if (ret != 1) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
return NT_STATUS_NO_SUCH_PRIVILEGE;
}
- ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs,
+ ret = gendb_search(state->sam_ldb, mem_ctx, NULL, &res, attrs,
"privilege=%s", privname);
if (ret <= 0) {
return NT_STATUS_NO_SUCH_USER;
return NT_STATUS_NO_MEMORY;
}
for (i=0;i<ret;i++) {
- const char *sidstr;
- sidstr = samdb_result_string(res[i], "objectSid", NULL);
- if (sidstr == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
- r->out.sids->sids[i].sid = dom_sid_parse_talloc(r->out.sids->sids,
- sidstr);
- if (r->out.sids->sids[i].sid == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
+ r->out.sids->sids[i].sid = samdb_result_dom_sid(r->out.sids->sids,
+ res[i], "objectSid");
+ NT_STATUS_HAVE_NO_MEMORY(r->out.sids->sids[i].sid);
}
r->out.sids->num_sids = ret;
lsa_GetUserName
*/
static NTSTATUS lsa_GetUserName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
- struct lsa_GetUserName *r)
+ struct lsa_GetUserName *r)
{
NTSTATUS status = NT_STATUS_OK;
const char *account_name;
return NT_STATUS_INVALID_PARAMETER;
}
- /* TODO: this check should go and we should rely on the calling code that this is valid */
- if (!dce_call->conn->auth_state.session_info ||
- !dce_call->conn->auth_state.session_info->server_info ||
- !dce_call->conn->auth_state.session_info->server_info->account_name ||
- !dce_call->conn->auth_state.session_info->server_info->domain_name) {
- return NT_STATUS_INTERNAL_ERROR;
- }
-
account_name = talloc_reference(mem_ctx, dce_call->conn->auth_state.session_info->server_info->account_name);
authority_name = talloc_reference(mem_ctx, dce_call->conn->auth_state.session_info->server_info->domain_name);
/*
lsa_SetDomInfoPolicy
*/
-static NTSTATUS lsa_SetDomInfoPolicy(struct dcesrv_call_state *dce_call,
- TALLOC_CTX *mem_ctx,
- struct lsa_SetDomInfoPolicy *r)
+static NTSTATUS lsa_SetDomainInformationPolicy(struct dcesrv_call_state *dce_call,
+ TALLOC_CTX *mem_ctx,
+ struct lsa_SetDomainInformationPolicy *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
name = p + 1;
}
- ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs, "sAMAccountName=%s", name);
+ ret = gendb_search(state->sam_ldb, mem_ctx, NULL, &res, attrs, "sAMAccountName=%s", name);
if (ret == 1) {
- const char *sid_str = ldb_msg_find_string(res[0], "objectSid", NULL);
- if (sid_str == NULL) {
- return NT_STATUS_INVALID_SID;
- }
-
- *sid = dom_sid_parse_talloc(mem_ctx, sid_str);
+ *sid = samdb_result_dom_sid(mem_ctx, res[0], "objectSid");
if (*sid == NULL) {
return NT_STATUS_INVALID_SID;
}