diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2013-10-29 17:30:18 +1300 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2014-04-02 17:12:46 +0200 |
| commit | 6f8fb163e02579d57e731c0c09eafee5627bec62 (patch) | |
| tree | 760a79f0d2718a0a5a696a1860a0ad247b07d582 /source4/rpc_server/samr | |
| parent | 77e4beb0e027bb49454716b86c782c98c2ed823b (diff) | |
| download | samba-6f8fb163e02579d57e731c0c09eafee5627bec62.tar.gz samba-6f8fb163e02579d57e731c0c09eafee5627bec62.tar.xz samba-6f8fb163e02579d57e731c0c09eafee5627bec62.zip | |
dsdb: Rework samdb_result_acct_flags to use either userAccountControl or msDS-User-Account-Control-Computed
This allows us to avoid the domain lookup in the constructed attribute
when not required.
By using msDS-User-Account-Control-Computed the lockout and password
expiry checks are now handled in the operational ldb module.
Andrew Bartlett
Change-Id: I6eb94933e4602e2e50c2126062e9dfa83a46191b
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Diffstat (limited to 'source4/rpc_server/samr')
| -rw-r--r-- | source4/rpc_server/samr/dcesrv_samr.c | 28 |
1 files changed, 13 insertions, 15 deletions
diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c index e2f5f081b7..6877b903b2 100644 --- a/source4/rpc_server/samr/dcesrv_samr.c +++ b/source4/rpc_server/samr/dcesrv_samr.c @@ -60,7 +60,7 @@ #define QUERY_LHOURS(msg, field, attr) \ info->field = samdb_result_logon_hours(mem_ctx, msg, attr); #define QUERY_AFLAGS(msg, field, attr) \ - info->field = samdb_result_acct_flags(sam_ctx, mem_ctx, msg, a_state->domain_state->domain_dn); + info->field = samdb_result_acct_flags(msg, attr); #define QUERY_PARAMETERS(msg, field, attr) \ info->field = samdb_result_parameters(mem_ctx, msg, attr); @@ -1309,8 +1309,7 @@ static NTSTATUS dcesrv_samr_EnumDomainUsers(struct dcesrv_call_state *dce_call, for (i=0;i<ldb_cnt;i++) { /* Check if a mask has been requested */ if (r->in.acct_flags - && ((samdb_result_acct_flags(d_state->sam_ctx, mem_ctx, - res[i], d_state->domain_dn) & r->in.acct_flags) == 0)) { + && ((samdb_result_acct_flags(res[i], NULL) & r->in.acct_flags) == 0)) { continue; } entries[count].idx = samdb_result_rid_from_sid(mem_ctx, res[i], @@ -2750,6 +2749,7 @@ static NTSTATUS dcesrv_samr_QueryUserInfo(struct dcesrv_call_state *dce_call, TA "badPwdCount", "logonCount", "userAccountControl", + "msDS-User-Account-Control-Computed", NULL}; attrs = attrs2; break; @@ -2781,6 +2781,7 @@ static NTSTATUS dcesrv_samr_QueryUserInfo(struct dcesrv_call_state *dce_call, TA "pwdLastSet", "accountExpires", "userAccountControl", + "msDS-User-Account-Control-Computed", NULL}; attrs = attrs2; break; @@ -2853,6 +2854,7 @@ static NTSTATUS dcesrv_samr_QueryUserInfo(struct dcesrv_call_state *dce_call, TA case 16: { static const char * const attrs2[] = {"userAccountControl", + "msDS-User-Account-Control-Computed", "pwdLastSet", NULL}; attrs = attrs2; @@ -2895,6 +2897,7 @@ static NTSTATUS dcesrv_samr_QueryUserInfo(struct dcesrv_call_state *dce_call, TA "objectSid", "primaryGroupID", "userAccountControl", + "msDS-User-Account-Control-Computed", "logonHours", "badPwdCount", "logonCount", @@ -2968,7 +2971,7 @@ static NTSTATUS dcesrv_samr_QueryUserInfo(struct dcesrv_call_state *dce_call, TA QUERY_LHOURS(msg, info3.logon_hours, "logonHours"); QUERY_UINT (msg, info3.bad_password_count, "badPwdCount"); QUERY_UINT (msg, info3.logon_count, "logonCount"); - QUERY_AFLAGS(msg, info3.acct_flags, "userAccountControl"); + QUERY_AFLAGS(msg, info3.acct_flags, "msDS-User-Account-Control-Computed"); break; case 4: @@ -2993,7 +2996,7 @@ static NTSTATUS dcesrv_samr_QueryUserInfo(struct dcesrv_call_state *dce_call, TA QUERY_UINT (msg, info5.logon_count, "logonCount"); QUERY_UINT64(msg, info5.last_password_change, "pwdLastSet"); QUERY_UINT64(msg, info5.acct_expiry, "accountExpires"); - QUERY_AFLAGS(msg, info5.acct_flags, "userAccountControl"); + QUERY_AFLAGS(msg, info5.acct_flags, "msDS-User-Account-Control-Computed"); break; case 6: @@ -3035,7 +3038,7 @@ static NTSTATUS dcesrv_samr_QueryUserInfo(struct dcesrv_call_state *dce_call, TA break; case 16: - QUERY_AFLAGS(msg, info16.acct_flags, "userAccountControl"); + QUERY_AFLAGS(msg, info16.acct_flags, "msDS-User-Account-Control-Computed"); break; case 17: @@ -3065,7 +3068,7 @@ static NTSTATUS dcesrv_samr_QueryUserInfo(struct dcesrv_call_state *dce_call, TA QUERY_PARAMETERS(msg, info21.parameters, "userParameters"); QUERY_RID (msg, info21.rid, "objectSid"); QUERY_UINT (msg, info21.primary_gid, "primaryGroupID"); - QUERY_AFLAGS(msg, info21.acct_flags, "userAccountControl"); + QUERY_AFLAGS(msg, info21.acct_flags, "msDS-User-Account-Control-Computed"); info->info21.fields_present = 0x08FFFFFF; QUERY_LHOURS(msg, info21.logon_hours, "logonHours"); QUERY_UINT (msg, info21.bad_password_count, "badPwdCount"); @@ -3725,10 +3728,7 @@ static NTSTATUS dcesrv_samr_QueryDisplayInfo(struct dcesrv_call_state *dce_call, entriesGeneral[count].rid = objectsid->sub_auths[objectsid->num_auths-1]; entriesGeneral[count].acct_flags = - samdb_result_acct_flags(d_state->sam_ctx, - mem_ctx, - res->msgs[i], - d_state->domain_dn); + samdb_result_acct_flags(res->msgs[i], NULL); entriesGeneral[count].account_name.string = ldb_msg_find_attr_as_string(res->msgs[i], "sAMAccountName", ""); @@ -3746,10 +3746,8 @@ static NTSTATUS dcesrv_samr_QueryDisplayInfo(struct dcesrv_call_state *dce_call, /* No idea why we need to or in ACB_NORMAL here, but this is what Win2k3 seems to do... */ entriesFull[count].acct_flags = - samdb_result_acct_flags(d_state->sam_ctx, - mem_ctx, - res->msgs[i], - d_state->domain_dn) | ACB_NORMAL; + samdb_result_acct_flags(res->msgs[i], + NULL) | ACB_NORMAL; entriesFull[count].account_name.string = ldb_msg_find_attr_as_string(res->msgs[i], "sAMAccountName", ""); |