r5988: Fix the -P option (use machine account credentials) to use the Samba4

secrets system, and not the old system from Samba3.

This allowed the code from auth_domain to be shared - we now only
lookup the secrets.ldb in lib/credentials.c.

In order to link the resultant binary, samdb_search() has been moved
from deep inside rpc_server into lib/gendb.c, along with the existing
gendb_search_v().  The vast majority of this patch is the simple
rename that followed,

(Depending on the whole SAMDB for just this function seemed pointless,
and brought in futher dependencies, such as smbencrypt.c).

Andrew Bartlett
(This used to be commit e13c671619bd290a8b3cae8555cb281a9a185ee0)

2 files changed, 7 insertions, 56 deletions

diff --git a/source4/auth/auth_domain.c b/source4/auth/auth_domain.c
index 86669b9b302..6a968592bdc 100644
--- a/source4/auth/auth_domain.c
+++ b/source4/auth/auth_domain.c
@@ -40,17 +40,6 @@ static NTSTATUS domain_check_password(struct auth_method_context *ctx,
 	struct netr_LogonSamLogon r;
 	struct netr_Authenticator auth, auth2;
 	struct netr_NetworkInfo ninfo;
-	const char *machine_account;
-	const char *password;
-	struct ldb_context *ldb;
-	int ldb_ret;
-	struct ldb_message **msgs;
-	const char *base_dn = SECRETS_PRIMARY_DOMAIN_DN;
-	const char *attrs[] = {
-		"secret",
-		"samAccountName",
-		NULL
-	};
 
 	struct creds_CredentialState *creds;
 	struct cli_credentials *credentials;
@@ -63,50 +52,12 @@ static NTSTATUS domain_check_password(struct auth_method_context *ctx,
 	}
 
 	credentials = cli_credentials_init(mem_ctx);
+	status = cli_credentials_set_machine_account(credentials);
 
-	/* Fetch join password */
-
-	/* Local secrets are stored in secrets.ldb */
-	ldb = secrets_db_connect(mem_ctx);
-	if (!ldb) {
-		return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
-	}
-
-	/* search for the secret record */
-	ldb_ret = samdb_search(ldb,
-			       mem_ctx, base_dn, &msgs, attrs,
-			       "(&(flatname=%s)(objectclass=primaryDomain))", 
-			       lp_workgroup());
-	if (ldb_ret == 0) {
-		DEBUG(1, ("Could not find join record to domain: %s\n",
-			  lp_workgroup()));
-		return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
-	} else if (ldb_ret != 1) {
-		DEBUG(1, ("Found %d records matching flatname=%s under DN %s\n", ldb_ret, 
-			  lp_workgroup(), base_dn));
-		return NT_STATUS_INTERNAL_ERROR;
-	}
-
-	password = ldb_msg_find_string(msgs[0], "secret", NULL);
-	if (!password) {
-		DEBUG(1, ("Could not find 'secret' in join record to domain: %s\n",
-			  lp_workgroup()));
-		return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
-	}
-		
-	machine_account = ldb_msg_find_string(msgs[0], "samAccountName", NULL);
-	if (!machine_account) {
-		DEBUG(1, ("Could not find 'samAccountName' in join record to domain: %s\n",
-			  lp_workgroup()));
-		return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
 	}
 
-	cli_credentials_set_domain(credentials, lp_workgroup(), CRED_SPECIFIED);
-	cli_credentials_set_username(credentials, machine_account, CRED_SPECIFIED);
-	cli_credentials_set_password(credentials, password, CRED_SPECIFIED);
-	
-	cli_credentials_guess(credentials);
-
 	/* Connect to DC (take a binding string for now) */
 
 	status = dcerpc_parse_binding(mem_ctx, binding, &b);
diff --git a/source4/auth/auth_sam.c b/source4/auth/auth_sam.c
index 2a2a437ded0..b2aeff78d88 100644
--- a/source4/auth/auth_sam.c
+++ b/source4/auth/auth_sam.c
@@ -214,7 +214,7 @@ static NTSTATUS authsam_search_account(TALLOC_CTX *mem_ctx, void *sam_ctx,
 
 	if (domain_name) {
 		/* find the domain's DN */
-		ret_domain = samdb_search(sam_ctx, mem_ctx, NULL, &msgs_domain, domain_attrs,
+		ret_domain = gendb_search(sam_ctx, mem_ctx, NULL, &msgs_domain, domain_attrs,
 					  "(&(|(realm=%s)(name=%s))(objectclass=domain))", 
 					  domain_name, domain_name);
 		if (ret_domain == -1) {
@@ -237,7 +237,7 @@ static NTSTATUS authsam_search_account(TALLOC_CTX *mem_ctx, void *sam_ctx,
 	}
 
 	/* pull the user attributes */
-	ret = samdb_search(sam_ctx, mem_ctx, domain_dn, &msgs, attrs,
+	ret = gendb_search(sam_ctx, mem_ctx, domain_dn, &msgs, attrs,
 			   "(&(sAMAccountName=%s)(objectclass=user))", 
 			   account_name);
 	if (ret == -1) {
@@ -264,7 +264,7 @@ static NTSTATUS authsam_search_account(TALLOC_CTX *mem_ctx, void *sam_ctx,
 		}
 
 		/* find the domain's DN */
-		ret_domain = samdb_search(sam_ctx, mem_ctx, NULL, &msgs_domain, domain_attrs,
+		ret_domain = gendb_search(sam_ctx, mem_ctx, NULL, &msgs_domain, domain_attrs,
 					  "(&(objectSid=%s)(objectclass=domain))", 
 					  domain_sid);
 		if (ret_domain == -1) {
@@ -360,7 +360,7 @@ static NTSTATUS authsam_make_server_info(TALLOC_CTX *mem_ctx, void *sam_ctx,
 	uint_t rid;
 	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
 
-	group_ret = samdb_search(sam_ctx,
+	group_ret = gendb_search(sam_ctx,
 				 tmp_ctx, NULL, &group_msgs, group_attrs,
 				 "(&(member=%s)(sAMAccountType=*))", 
 				 msgs[0]->dn);