summaryrefslogtreecommitdiffstats
path: root/source4/rpc_server/netlogon
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2005-10-07 11:31:45 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:39:32 -0500
commit1377cca5f4beb43cf67fcc65eed79f14178d6349 (patch)
tree79a693899d0c1377e4009e4088018bc561ea9af4 /source4/rpc_server/netlogon
parent5158636aff545de3115e747b53ce68f753151bd7 (diff)
downloadsamba-1377cca5f4beb43cf67fcc65eed79f14178d6349.tar.gz
samba-1377cca5f4beb43cf67fcc65eed79f14178d6349.tar.xz
samba-1377cca5f4beb43cf67fcc65eed79f14178d6349.zip
r10810: This adds the hooks required to communicate the current user from the
authenticated session down into LDB. This associates a session info structure with the open LDB, allowing a future ldb_ntacl module to allow/deny operations on that basis. Along the way, I cleaned up a few things, and added new helper functions to assist. In particular the LSA pipe uses simpler queries for some of the setup. In ldap_server, I have removed the 'ldasrv:hacked' module, which hasn't been worked on (other than making it continue to compile) since January, and I think the features of this module are being put into ldb anyway. I have also changed the partitions in ldap_server to be initialised after the connection, with the private pointer used to associate the ldb with the incoming session. Andrew Bartlett (This used to be commit fd7203789a2c0929eecea8125b57b833a67fed71)
Diffstat (limited to 'source4/rpc_server/netlogon')
-rw-r--r--source4/rpc_server/netlogon/dcerpc_netlogon.c19
1 files changed, 9 insertions, 10 deletions
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index cea645cd02..99701fc4f1 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -26,8 +26,8 @@
#include "rpc_server/dcerpc_server.h"
#include "rpc_server/common/common.h"
#include "librpc/gen_ndr/ndr_dcom.h"
-#include "auth/auth.h"
#include "lib/ldb/include/ldb.h"
+#include "auth/auth.h"
struct server_pipe_state {
struct netr_Credential client_challenge;
@@ -147,7 +147,7 @@ static NTSTATUS netr_ServerAuthenticate3(struct dcesrv_call_state *dce_call, TAL
return NT_STATUS_ACCESS_DENIED;
}
- sam_ctx = samdb_connect(mem_ctx);
+ sam_ctx = samdb_connect(mem_ctx, system_session(mem_ctx));
if (sam_ctx == NULL) {
return NT_STATUS_INVALID_SYSTEM_SERVICE;
}
@@ -159,7 +159,7 @@ static NTSTATUS netr_ServerAuthenticate3(struct dcesrv_call_state *dce_call, TAL
if (num_records == 0) {
DEBUG(3,("Couldn't find user [%s] in samdb.\n",
r->in.account_name));
- return NT_STATUS_NO_SUCH_USER;
+ return NT_STATUS_ACCESS_DENIED;
}
if (num_records > 1) {
@@ -322,7 +322,7 @@ static NTSTATUS netr_ServerPasswordSet(struct dcesrv_call_state *dce_call, TALLO
nt_status = netr_creds_server_step_check(pipe_state, &r->in.credential, &r->out.return_authenticator);
NT_STATUS_NOT_OK_RETURN(nt_status);
- sam_ctx = samdb_connect(mem_ctx);
+ sam_ctx = samdb_connect(mem_ctx, system_session(mem_ctx));
if (sam_ctx == NULL) {
return NT_STATUS_INVALID_SYSTEM_SERVICE;
}
@@ -937,7 +937,7 @@ static NTSTATUS netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_call, TALL
return status;
}
- sam_ctx = samdb_connect(mem_ctx);
+ sam_ctx = samdb_connect(mem_ctx, dce_call->conn->auth_state.session_info);
if (sam_ctx == NULL) {
return NT_STATUS_INVALID_SYSTEM_SERVICE;
}
@@ -1034,7 +1034,7 @@ static NTSTATUS netr_ServerPasswordSet2(struct dcesrv_call_state *dce_call, TALL
nt_status = netr_creds_server_step_check(pipe_state, &r->in.credential, &r->out.return_authenticator);
NT_STATUS_NOT_OK_RETURN(nt_status);
- sam_ctx = samdb_connect(mem_ctx);
+ sam_ctx = samdb_connect(mem_ctx, system_session(mem_ctx));
if (sam_ctx == NULL) {
return NT_STATUS_INVALID_SYSTEM_SERVICE;
}
@@ -1167,7 +1167,7 @@ static WERROR netr_DrsGetDCNameEx2(struct dcesrv_call_state *dce_call, TALLOC_CT
ZERO_STRUCT(r->out);
- sam_ctx = samdb_connect(mem_ctx);
+ sam_ctx = samdb_connect(mem_ctx, dce_call->conn->auth_state.session_info);
if (sam_ctx == NULL) {
return WERR_DS_SERVICE_UNAVAILABLE;
}
@@ -1256,13 +1256,12 @@ static WERROR netr_DsrEnumerateDomainTrusts(struct dcesrv_call_state *dce_call,
ZERO_STRUCT(r->out);
- sam_ctx = samdb_connect(mem_ctx);
+ sam_ctx = samdb_connect(mem_ctx, dce_call->conn->auth_state.session_info);
if (sam_ctx == NULL) {
return WERR_GENERAL_FAILURE;
}
- ret = gendb_search(sam_ctx, mem_ctx, NULL, &dom_res, dom_attrs,
- "(&(objectClass=domainDNS)(dnsDomain=%s))", lp_realm());
+ ret = gendb_search_dn(sam_ctx, mem_ctx, samdb_base_dn(mem_ctx), &dom_res, dom_attrs);
if (ret == -1) {
return WERR_GENERAL_FAILURE;
}