Changeset 745 for trunk/server/source4/dsdb/samdb/cracknames.c
- Timestamp:
- Nov 27, 2012, 4:43:17 PM (13 years ago)
- Location:
- trunk/server
- Files:
-
- 2 edited
-
. (modified) (1 prop)
-
source4/dsdb/samdb/cracknames.c (modified) (36 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/server
- Property svn:mergeinfo changed
/vendor/current merged: 581,587,591,594,597,600,615,618,740
- Property svn:mergeinfo changed
-
trunk/server/source4/dsdb/samdb/cracknames.c
r414 r745 24 24 #include "includes.h" 25 25 #include "librpc/gen_ndr/drsuapi.h" 26 #include "lib/events/events.h" 26 27 #include "rpc_server/common/common.h" 27 #include "lib/events/events.h" 28 #include "lib/ldb/include/ldb.h" 29 #include "lib/ldb/include/ldb_errors.h" 28 #include <ldb.h> 29 #include <ldb_errors.h> 30 30 #include "system/kerberos.h" 31 31 #include "auth/kerberos/kerberos.h" 32 32 #include "libcli/ldap/ldap_ndr.h" 33 33 #include "libcli/security/security.h" 34 #include "librpc/gen_ndr/ndr_misc.h"35 34 #include "auth/auth.h" 36 35 #include "../lib/util/util_ldb.h" 37 36 #include "dsdb/samdb/samdb.h" 37 #include "dsdb/common/util.h" 38 38 #include "param/param.h" 39 39 40 40 static WERROR DsCrackNameOneFilter(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx, 41 41 struct smb_krb5_context *smb_krb5_context, 42 uint32_t format_flags, uint32_t format_offered, uint32_t format_desired, 42 uint32_t format_flags, enum drsuapi_DsNameFormat format_offered, 43 enum drsuapi_DsNameFormat format_desired, 43 44 struct ldb_dn *name_dn, const char *name, 44 45 const char *domain_filter, const char *result_filter, 45 46 struct drsuapi_DsNameInfo1 *info1); 46 47 static WERROR DsCrackNameOneSyntactical(TALLOC_CTX *mem_ctx, 47 uint32_t format_offered, uint32_t format_desired, 48 enum drsuapi_DsNameFormat format_offered, 49 enum drsuapi_DsNameFormat format_desired, 48 50 struct ldb_dn *name_dn, const char *name, 49 51 struct drsuapi_DsNameInfo1 *info1); … … 56 58 krb5_principal principal; 57 59 /* perhaps it's a principal with a realm, so return the right 'domain only' response */ 58 c har *realm;60 const char *realm; 59 61 ret = krb5_parse_name_flags(smb_krb5_context->krb5_context, name, 60 62 KRB5_PRINCIPAL_PARSE_REQUIRE_REALM, &principal); … … 81 83 char **alias_to) 82 84 { 83 int i;85 unsigned int i; 84 86 int ret; 85 87 struct ldb_result *res; … … 100 102 101 103 service_dn = ldb_dn_new(tmp_ctx, ldb_ctx, "CN=Directory Service,CN=Windows NT,CN=Services"); 102 if ( ! ldb_dn_add_base(service_dn, samdb_config_dn(ldb_ctx))) {104 if ( ! ldb_dn_add_base(service_dn, ldb_get_config_basedn(ldb_ctx))) { 103 105 return DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR; 104 106 } … … 178 180 static WERROR DsCrackNameSPNAlias(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx, 179 181 struct smb_krb5_context *smb_krb5_context, 180 uint32_t format_flags, uint32_t format_offered, uint32_t format_desired, 182 uint32_t format_flags, enum drsuapi_DsNameFormat format_offered, 183 enum drsuapi_DsNameFormat format_desired, 181 184 const char *name, struct drsuapi_DsNameInfo1 *info1) 182 185 { … … 204 207 if (principal->name.name_string.len < 2) { 205 208 info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND; 209 krb5_free_principal(smb_krb5_context->krb5_context, principal); 206 210 return WERR_OK; 207 211 } … … 215 219 216 220 if (namestatus == DRSUAPI_DS_NAME_STATUS_NOT_FOUND) { 221 wret = WERR_OK; 217 222 info1->status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY; 218 223 info1->dns_domain_name = talloc_strdup(mem_ctx, dns_name); 219 224 if (!info1->dns_domain_name) { 220 krb5_free_principal(smb_krb5_context->krb5_context, principal);221 return WERR_NOMEM;222 }223 return WERR_OK;225 wret = WERR_NOMEM; 226 } 227 krb5_free_principal(smb_krb5_context->krb5_context, principal); 228 return wret; 224 229 } else if (namestatus != DRSUAPI_DS_NAME_STATUS_OK) { 225 230 info1->status = namestatus; … … 263 268 static WERROR DsCrackNameUPN(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx, 264 269 struct smb_krb5_context *smb_krb5_context, 265 uint32_t format_flags, uint32_t format_offered, uint32_t format_desired, 270 uint32_t format_flags, enum drsuapi_DsNameFormat format_offered, 271 enum drsuapi_DsNameFormat format_desired, 266 272 const char *name, struct drsuapi_DsNameInfo1 *info1) 267 273 { … … 272 278 krb5_error_code ret; 273 279 krb5_principal principal; 274 c har *realm;280 const char *realm; 275 281 char *unparsed_name_short; 276 282 const char *domain_attrs[] = { NULL }; … … 290 296 } 291 297 292 realm = krb5_principal_get_realm(smb_krb5_context->krb5_context, principal); 298 realm = krb5_principal_get_realm(smb_krb5_context->krb5_context, 299 principal); 293 300 294 301 ldb_ret = ldb_search(sam_ctx, mem_ctx, &domain_res, … … 303 310 DEBUG(2, ("DsCrackNameUPN domain ref search failed: %s", ldb_errstring(sam_ctx))); 304 311 info1->status = DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR; 312 krb5_free_principal(smb_krb5_context->krb5_context, principal); 305 313 return WERR_OK; 306 314 } … … 310 318 break; 311 319 case 0: 320 krb5_free_principal(smb_krb5_context->krb5_context, principal); 312 321 return dns_domain_from_principal(mem_ctx, smb_krb5_context, 313 322 name, info1); 314 323 default: 315 324 info1->status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE; 325 krb5_free_principal(smb_krb5_context->krb5_context, principal); 316 326 return WERR_OK; 317 327 } … … 349 359 350 360 WERROR DsCrackNameOneName(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx, 351 uint32_t format_flags, uint32_t format_offered, uint32_t format_desired, 361 uint32_t format_flags, enum drsuapi_DsNameFormat format_offered, 362 enum drsuapi_DsNameFormat format_desired, 352 363 const char *name, struct drsuapi_DsNameInfo1 *info1) 353 364 { … … 375 386 case DRSUAPI_DS_NAME_FORMAT_UNKNOWN: 376 387 { 377 int i;388 unsigned int i; 378 389 enum drsuapi_DsNameFormat formats[] = { 379 390 DRSUAPI_DS_NAME_FORMAT_FQDN_1779, DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL, … … 454 465 char *p; 455 466 char *domain; 467 struct ldb_dn *dn_domain; 456 468 const char *account = NULL; 457 469 … … 471 483 } 472 484 485 /* it could be in DNS domain form */ 486 dn_domain = samdb_dns_domain_to_dn(sam_ctx, mem_ctx, domain); 487 W_ERROR_HAVE_NO_MEMORY(dn_domain); 488 473 489 domain_filter = talloc_asprintf(mem_ctx, 474 "(&(&(nETBIOSName=%s)(objectclass=crossRef))(ncName=*))", 475 ldb_binary_encode_string(mem_ctx, domain)); 490 "(&(&(|(nETBIOSName=%s)(nCName=%s))(objectclass=crossRef))(ncName=*))", 491 ldb_binary_encode_string(mem_ctx, domain), 492 ldb_dn_get_linearized(dn_domain)); 476 493 W_ERROR_HAVE_NO_MEMORY(domain_filter); 477 494 if (account) { … … 606 623 krb5_free_principal(smb_krb5_context->krb5_context, principal); 607 624 return WERR_OK; 625 } else if (ret == 0) { 626 krb5_free_principal(smb_krb5_context->krb5_context, principal); 608 627 } 609 628 ret = krb5_parse_name_flags(smb_krb5_context->krb5_context, name, 610 629 KRB5_PRINCIPAL_PARSE_NO_REALM, &principal); 611 630 if (ret) { 612 krb5_free_principal(smb_krb5_context->krb5_context, principal);613 614 631 return dns_domain_from_principal(mem_ctx, smb_krb5_context, 615 632 name, info1); … … 632 649 strcspn(principal->name.name_string.val[1], ".")); 633 650 if (computer_name == NULL) { 651 krb5_free_principal(smb_krb5_context->krb5_context, principal); 652 free(unparsed_name_short); 634 653 return WERR_NOMEM; 635 654 } … … 652 671 return WERR_OK; 653 672 } 654 655 673 } 656 674 … … 673 691 674 692 static WERROR DsCrackNameOneSyntactical(TALLOC_CTX *mem_ctx, 675 uint32_t format_offered, uint32_t format_desired, 693 enum drsuapi_DsNameFormat format_offered, 694 enum drsuapi_DsNameFormat format_desired, 676 695 struct ldb_dn *name_dn, const char *name, 677 696 struct drsuapi_DsNameInfo1 *info1) … … 712 731 static WERROR DsCrackNameOneFilter(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx, 713 732 struct smb_krb5_context *smb_krb5_context, 714 uint32_t format_flags, uint32_t format_offered, uint32_t format_desired, 733 uint32_t format_flags, enum drsuapi_DsNameFormat format_offered, 734 enum drsuapi_DsNameFormat format_desired, 715 735 struct ldb_dn *name_dn, const char *name, 716 736 const char *domain_filter, const char *result_filter, … … 723 743 struct ldb_message **result_res = NULL; 724 744 struct ldb_message *result = NULL; 725 struct ldb_dn *result_basedn = NULL;726 745 int i; 727 746 char *p; … … 800 819 } 801 820 802 info1->dns_domain_name = samdb_result_string(domain_res->msgs[0], "dnsRoot", NULL);821 info1->dns_domain_name = ldb_msg_find_attr_as_string(domain_res->msgs[0], "dnsRoot", NULL); 803 822 W_ERROR_HAVE_NO_MEMORY(info1->dns_domain_name); 804 823 info1->status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY; … … 811 830 int ret; 812 831 struct ldb_result *res; 832 uint32_t dsdb_flags = 0; 833 struct ldb_dn *search_dn; 834 813 835 if (domain_res) { 814 result_basedn = samdb_result_dn(sam_ctx, mem_ctx, domain_res->msgs[0], "ncName", NULL); 815 816 ret = ldb_search(sam_ctx, mem_ctx, &res, 817 result_basedn, LDB_SCOPE_SUBTREE, 818 result_attrs, "%s", result_filter); 819 if (ret != LDB_SUCCESS) { 820 talloc_free(result_res); 821 info1->status = DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR; 822 return WERR_OK; 823 } 824 ldb_ret = res->count; 825 result_res = res->msgs; 836 dsdb_flags = 0; 837 search_dn = samdb_result_dn(sam_ctx, mem_ctx, domain_res->msgs[0], "ncName", NULL); 826 838 } else { 827 /* search with the 'phantom root' flag */ 828 struct ldb_request *req; 829 830 res = talloc_zero(mem_ctx, struct ldb_result); 831 W_ERROR_HAVE_NO_MEMORY(res); 832 833 ret = ldb_build_search_req(&req, sam_ctx, mem_ctx, 834 ldb_get_root_basedn(sam_ctx), 835 LDB_SCOPE_SUBTREE, 836 result_filter, 837 result_attrs, 838 NULL, 839 res, 840 ldb_search_default_callback, 841 NULL); 842 if (ret == LDB_SUCCESS) { 843 struct ldb_search_options_control *search_options; 844 search_options = talloc(req, struct ldb_search_options_control); 845 W_ERROR_HAVE_NO_MEMORY(search_options); 846 search_options->search_options = LDB_SEARCH_OPTION_PHANTOM_ROOT; 847 848 ret = ldb_request_add_control(req, LDB_CONTROL_SEARCH_OPTIONS_OID, false, search_options); 849 } 850 if (ret != LDB_SUCCESS) { 851 talloc_free(res); 852 info1->status = DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR; 853 return WERR_OK; 854 } 855 856 ret = ldb_request(sam_ctx, req); 857 858 if (ret == LDB_SUCCESS) { 859 ret = ldb_wait(req->handle, LDB_WAIT_ALL); 860 } 861 862 talloc_free(req); 863 864 if (ret != LDB_SUCCESS) { 865 DEBUG(2, ("DsCrackNameOneFilter phantom root search failed: %s", 866 ldb_errstring(sam_ctx))); 867 info1->status = DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR; 868 return WERR_OK; 869 } 870 ldb_ret = res->count; 871 result_res = res->msgs; 872 } 839 dsdb_flags = DSDB_SEARCH_SEARCH_ALL_PARTITIONS; 840 search_dn = ldb_get_root_basedn(sam_ctx); 841 } 842 843 /* search with the 'phantom root' flag */ 844 ret = dsdb_search(sam_ctx, mem_ctx, &res, 845 search_dn, 846 LDB_SCOPE_SUBTREE, 847 result_attrs, 848 DSDB_SEARCH_SEARCH_ALL_PARTITIONS, 849 "%s", result_filter); 850 if (ret != LDB_SUCCESS) { 851 DEBUG(2, ("DsCrackNameOneFilter phantom root search failed: %s", 852 ldb_errstring(sam_ctx))); 853 info1->status = DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR; 854 return WERR_OK; 855 } 856 857 ldb_ret = res->count; 858 result_res = res->msgs; 873 859 } else if (format_offered == DRSUAPI_DS_NAME_FORMAT_FQDN_1779) { 874 860 ldb_ret = gendb_search_dn(sam_ctx, mem_ctx, name_dn, &result_res, … … 880 866 } else { 881 867 /* Can't happen */ 882 DEBUG(0, ("LOGIC ERROR: DsCrackNameOneFilter domain ref search not avail ible: This can't happen..."));868 DEBUG(0, ("LOGIC ERROR: DsCrackNameOneFilter domain ref search not available: This can't happen...")); 883 869 info1->status = DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR; 884 870 return WERR_OK; … … 901 887 format_flags, format_offered, format_desired, 902 888 name, info1); 889 default: 890 break; 903 891 } 904 892 info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND; … … 923 911 canonical_name = ldb_dn_canonical_ex_string(mem_ctx, result_res[i]->dn); 924 912 break; 913 default: 914 break; 925 915 } 926 916 if (strcasecmp_m(canonical_name, name) == 0) { … … 957 947 } 958 948 case DRSUAPI_DS_NAME_FORMAT_CANONICAL: { 959 info1->result_name = samdb_result_string(result, "canonicalName", NULL);949 info1->result_name = ldb_msg_find_attr_as_string(result, "canonicalName", NULL); 960 950 info1->status = DRSUAPI_DS_NAME_STATUS_OK; 961 951 return WERR_OK; … … 997 987 return WERR_OK; 998 988 } 999 _dom = samdb_result_string(domain_res->msgs[0], "nETBIOSName", NULL);989 _dom = ldb_msg_find_attr_as_string(domain_res->msgs[0], "nETBIOSName", NULL); 1000 990 W_ERROR_HAVE_NO_MEMORY(_dom); 1001 991 } else { 1002 _acc = samdb_result_string(result, "sAMAccountName", NULL);992 _acc = ldb_msg_find_attr_as_string(result, "sAMAccountName", NULL); 1003 993 if (!_acc) { 1004 994 info1->status = DRSUAPI_DS_NAME_STATUS_NO_MAPPING; … … 1061 1051 return WERR_OK; 1062 1052 } 1063 _dom = samdb_result_string(domain_res2->msgs[0], "nETBIOSName", NULL);1053 _dom = ldb_msg_find_attr_as_string(domain_res2->msgs[0], "nETBIOSName", NULL); 1064 1054 W_ERROR_HAVE_NO_MEMORY(_dom); 1065 1055 } … … 1084 1074 } 1085 1075 case DRSUAPI_DS_NAME_FORMAT_DISPLAY: { 1086 info1->result_name = samdb_result_string(result, "displayName", NULL);1076 info1->result_name = ldb_msg_find_attr_as_string(result, "displayName", NULL); 1087 1077 if (!info1->result_name) { 1088 info1->result_name = samdb_result_string(result, "sAMAccountName", NULL);1078 info1->result_name = ldb_msg_find_attr_as_string(result, "sAMAccountName", NULL); 1089 1079 } 1090 1080 if (!info1->result_name) { … … 1237 1227 struct tevent_context *ev_ctx, 1238 1228 struct loadparm_context *lp_ctx, 1239 uint32_t format_offered,1229 enum drsuapi_DsNameFormat format_offered, 1240 1230 const char *name, 1241 1231 const char **nt4_domain, const char **nt4_account) … … 1253 1243 } 1254 1244 1255 ldb = samdb_connect(mem_ctx, ev_ctx, lp_ctx, system_session( mem_ctx, lp_ctx));1245 ldb = samdb_connect(mem_ctx, ev_ctx, lp_ctx, system_session(lp_ctx), 0); 1256 1246 if (ldb == NULL) { 1257 1247 return NT_STATUS_INTERNAL_DB_CORRUPTION; … … 1289 1279 p[0] = '\0'; 1290 1280 1291 if (p[1]) { 1292 *nt4_account = talloc_strdup(mem_ctx, &p[1]); 1293 if (*nt4_account == NULL) { 1294 return NT_STATUS_NO_MEMORY; 1295 } 1281 *nt4_account = talloc_strdup(mem_ctx, &p[1]); 1282 if (*nt4_account == NULL) { 1283 return NT_STATUS_NO_MEMORY; 1296 1284 } 1297 1285 … … 1306 1294 const char **nt4_account) 1307 1295 { 1308 uint32_t format_offered = DRSUAPI_DS_NAME_FORMAT_UNKNOWN;1296 enum drsuapi_DsNameFormat format_offered = DRSUAPI_DS_NAME_FORMAT_UNKNOWN; 1309 1297 1310 1298 /* Handle anonymous bind */ … … 1329 1317 return crack_name_to_nt4_name(mem_ctx, ev_ctx, lp_ctx, format_offered, name, nt4_domain, nt4_account); 1330 1318 } 1319 1320 1321 WERROR dcesrv_drsuapi_ListRoles(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx, 1322 const struct drsuapi_DsNameRequest1 *req1, 1323 struct drsuapi_DsNameCtr1 **ctr1) 1324 { 1325 struct drsuapi_DsNameInfo1 *names; 1326 uint32_t i; 1327 uint32_t count = 5;/*number of fsmo role owners we are going to return*/ 1328 1329 *ctr1 = talloc(mem_ctx, struct drsuapi_DsNameCtr1); 1330 W_ERROR_HAVE_NO_MEMORY(*ctr1); 1331 names = talloc_array(mem_ctx, struct drsuapi_DsNameInfo1, count); 1332 W_ERROR_HAVE_NO_MEMORY(names); 1333 1334 for (i = 0; i < count; i++) { 1335 WERROR werr; 1336 struct ldb_dn *role_owner_dn, *fsmo_role_dn, *server_dn; 1337 werr = dsdb_get_fsmo_role_info(mem_ctx, sam_ctx, i, 1338 &fsmo_role_dn, &role_owner_dn); 1339 if(!W_ERROR_IS_OK(werr)) { 1340 return werr; 1341 } 1342 server_dn = ldb_dn_copy(mem_ctx, role_owner_dn); 1343 ldb_dn_remove_child_components(server_dn, 1); 1344 names[i].status = DRSUAPI_DS_NAME_STATUS_OK; 1345 names[i].dns_domain_name = samdb_dn_to_dnshostname(sam_ctx, mem_ctx, 1346 server_dn); 1347 if(!names[i].dns_domain_name) { 1348 DEBUG(4, ("list_roles: Failed to find dNSHostName for server %s", 1349 ldb_dn_get_linearized(server_dn))); 1350 } 1351 names[i].result_name = talloc_strdup(mem_ctx, ldb_dn_get_linearized(role_owner_dn)); 1352 } 1353 1354 (*ctr1)->count = count; 1355 (*ctr1)->array = names; 1356 1357 return WERR_OK; 1358 } 1359 1360 WERROR dcesrv_drsuapi_CrackNamesByNameFormat(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx, 1361 const struct drsuapi_DsNameRequest1 *req1, 1362 struct drsuapi_DsNameCtr1 **ctr1) 1363 { 1364 struct drsuapi_DsNameInfo1 *names; 1365 uint32_t i, count; 1366 WERROR status; 1367 1368 *ctr1 = talloc(mem_ctx, struct drsuapi_DsNameCtr1); 1369 W_ERROR_HAVE_NO_MEMORY(*ctr1); 1370 1371 count = req1->count; 1372 names = talloc_array(mem_ctx, struct drsuapi_DsNameInfo1, count); 1373 W_ERROR_HAVE_NO_MEMORY(names); 1374 1375 for (i=0; i < count; i++) { 1376 status = DsCrackNameOneName(sam_ctx, mem_ctx, 1377 req1->format_flags, 1378 req1->format_offered, 1379 req1->format_desired, 1380 req1->names[i].str, 1381 &names[i]); 1382 if (!W_ERROR_IS_OK(status)) { 1383 return status; 1384 } 1385 } 1386 1387 (*ctr1)->count = count; 1388 (*ctr1)->array = names; 1389 1390 return WERR_OK; 1391 }
Note:
See TracChangeset
for help on using the changeset viewer.
