summaryrefslogtreecommitdiffstats
path: root/source4/cldap_server
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2009-05-26 12:31:39 +1000
committerAndrew Bartlett <abartlet@samba.org>2009-05-26 12:37:09 +1000
commit6ef65389fd2f2bdcafe840e0cd0221bb9f26bdfc (patch)
tree04df0bce183d759a17d25483f302ed56d65e8153 /source4/cldap_server
parent86039855759ce38e6074f956073199b0ccd29bdf (diff)
downloadsamba-6ef65389fd2f2bdcafe840e0cd0221bb9f26bdfc.tar.gz
samba-6ef65389fd2f2bdcafe840e0cd0221bb9f26bdfc.tar.xz
samba-6ef65389fd2f2bdcafe840e0cd0221bb9f26bdfc.zip
Don't use crossRef records to find our own domain
A single AD server can only host a single domain, so don't stuff about with looking up our crossRef record in the cn=Partitions container. We instead trust that lp_realm() and lp_workgroup() works correctly. Andrew Bartlett
Diffstat (limited to 'source4/cldap_server')
-rw-r--r--source4/cldap_server/netlogon.c116
1 files changed, 20 insertions, 96 deletions
diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c
index 33c0adc3b18..8a21ea55c9a 100644
--- a/source4/cldap_server/netlogon.c
+++ b/source4/cldap_server/netlogon.c
@@ -53,10 +53,9 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx,
struct loadparm_context *lp_ctx,
struct netlogon_samlogon_response *netlogon)
{
- const char *ref_attrs[] = {"nETBIOSName", "dnsRoot", "ncName", NULL};
const char *dom_attrs[] = {"objectGUID", NULL};
const char *none_attrs[] = {NULL};
- struct ldb_result *ref_res = NULL, *dom_res = NULL, *user_res = NULL;
+ struct ldb_result *dom_res = NULL, *user_res = NULL;
int ret;
const char **services = lp_server_services(lp_ctx);
uint32_t server_type;
@@ -69,94 +68,39 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx,
const char *server_site;
const char *client_site;
const char *pdc_ip;
- struct ldb_dn *partitions_basedn;
+ struct ldb_dn *domain_dn = NULL;
struct interface *ifaces;
bool user_known;
NTSTATUS status;
- partitions_basedn = samdb_partitions_dn(sam_ctx, mem_ctx);
-
/* the domain has an optional trailing . */
if (domain && domain[strlen(domain)-1] == '.') {
domain = talloc_strndup(mem_ctx, domain, strlen(domain)-1);
}
- if (domain) {
- struct ldb_dn *dom_dn;
- /* try and find the domain */
-
- ret = ldb_search(sam_ctx, mem_ctx, &ref_res,
- partitions_basedn, LDB_SCOPE_ONELEVEL,
- ref_attrs,
- "(&(&(objectClass=crossRef)(dnsRoot=%s))(nETBIOSName=*))",
- ldb_binary_encode_string(mem_ctx, domain));
-
- if (ret != LDB_SUCCESS) {
- DEBUG(2,("Unable to find referece to '%s' in sam: %s\n",
- domain,
- ldb_errstring(sam_ctx)));
- return NT_STATUS_NO_SUCH_DOMAIN;
- } else if (ref_res->count == 1) {
- dom_dn = ldb_msg_find_attr_as_dn(sam_ctx, mem_ctx, ref_res->msgs[0], "ncName");
- if (!dom_dn) {
- return NT_STATUS_NO_SUCH_DOMAIN;
- }
- ret = ldb_search(sam_ctx, mem_ctx, &dom_res,
- dom_dn, LDB_SCOPE_BASE, dom_attrs,
- "objectClass=domain");
- if (ret != LDB_SUCCESS) {
- DEBUG(2,("Error finding domain '%s'/'%s' in sam: %s\n", domain, ldb_dn_get_linearized(dom_dn), ldb_errstring(sam_ctx)));
- return NT_STATUS_NO_SUCH_DOMAIN;
- }
- if (dom_res->count != 1) {
- DEBUG(2,("Error finding domain '%s'/'%s' in sam\n", domain, ldb_dn_get_linearized(dom_dn)));
- return NT_STATUS_NO_SUCH_DOMAIN;
- }
- } else if (ref_res->count > 1) {
- talloc_free(ref_res);
- return NT_STATUS_NO_SUCH_DOMAIN;
- }
+ if (domain && strcasecmp_m(domain, lp_realm(lp_ctx)) == 0) {
+ domain_dn = ldb_get_default_basedn(sam_ctx);
}
- if (netbios_domain) {
- struct ldb_dn *dom_dn;
- /* try and find the domain */
+ if (netbios_domain && strcasecmp_m(domain, lp_sam_name(lp_ctx))) {
+ domain_dn = ldb_get_default_basedn(sam_ctx);
+ }
- ret = ldb_search(sam_ctx, mem_ctx, &ref_res,
- partitions_basedn, LDB_SCOPE_ONELEVEL,
- ref_attrs,
- "(&(objectClass=crossRef)(ncName=*)(nETBIOSName=%s))",
- ldb_binary_encode_string(mem_ctx, netbios_domain));
-
+ if (domain_dn) {
+ ret = ldb_search(sam_ctx, mem_ctx, &dom_res,
+ domain_dn, LDB_SCOPE_BASE, dom_attrs,
+ "objectClass=domain");
if (ret != LDB_SUCCESS) {
- DEBUG(2,("Unable to find referece to '%s' in sam: %s\n",
- netbios_domain,
- ldb_errstring(sam_ctx)));
+ DEBUG(2,("Error finding domain '%s'/'%s' in sam: %s\n", domain, ldb_dn_get_linearized(domain_dn), ldb_errstring(sam_ctx)));
return NT_STATUS_NO_SUCH_DOMAIN;
- } else if (ref_res->count == 1) {
- dom_dn = ldb_msg_find_attr_as_dn(sam_ctx, mem_ctx, ref_res->msgs[0], "ncName");
- if (!dom_dn) {
- return NT_STATUS_NO_SUCH_DOMAIN;
- }
- ret = ldb_search(sam_ctx, mem_ctx, &dom_res,
- dom_dn, LDB_SCOPE_BASE, dom_attrs,
- "objectClass=domain");
- if (ret != LDB_SUCCESS) {
- DEBUG(2,("Error finding domain '%s'/'%s' in sam: %s\n", domain, ldb_dn_get_linearized(dom_dn), ldb_errstring(sam_ctx)));
- return NT_STATUS_NO_SUCH_DOMAIN;
- }
- if (dom_res->count != 1) {
- DEBUG(2,("Error finding domain '%s'/'%s' in sam\n", domain, ldb_dn_get_linearized(dom_dn)));
- return NT_STATUS_NO_SUCH_DOMAIN;
- }
- } else if (ref_res->count > 1) {
- talloc_free(ref_res);
+ }
+ if (dom_res->count != 1) {
+ DEBUG(2,("Error finding domain '%s'/'%s' in sam\n", domain, ldb_dn_get_linearized(domain_dn)));
return NT_STATUS_NO_SUCH_DOMAIN;
}
}
if ((dom_res == NULL || dom_res->count == 0) && (domain_guid || domain_sid)) {
- ref_res = NULL;
if (domain_guid) {
struct GUID binary_guid;
@@ -206,36 +150,17 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx,
ldb_errstring(sam_ctx)));
return NT_STATUS_NO_SUCH_DOMAIN;
} else if (dom_res->count == 1) {
- /* try and find the domain */
- ret = ldb_search(sam_ctx, mem_ctx, &ref_res,
- partitions_basedn, LDB_SCOPE_ONELEVEL,
- ref_attrs,
- "(&(objectClass=crossRef)(ncName=%s))",
- ldb_dn_get_linearized(dom_res->msgs[0]->dn));
+ /* Ok, now just check it is our domain */
- if (ret != LDB_SUCCESS) {
- DEBUG(2,("Unable to find referece to '%s' in sam: %s\n",
- ldb_dn_get_linearized(dom_res->msgs[0]->dn),
- ldb_errstring(sam_ctx)));
- return NT_STATUS_NO_SUCH_DOMAIN;
-
- } else if (ref_res->count != 1) {
- DEBUG(2,("Unable to find referece to '%s' in sam\n",
- ldb_dn_get_linearized(dom_res->msgs[0]->dn)));
+ if (ldb_dn_compare(ldb_get_default_basedn(sam_ctx), dom_res->msgs[0]->dn) != 0) {
return NT_STATUS_NO_SUCH_DOMAIN;
}
} else if (dom_res->count > 1) {
- talloc_free(ref_res);
return NT_STATUS_NO_SUCH_DOMAIN;
}
}
- if ((ref_res == NULL || ref_res->count == 0)) {
- DEBUG(2,("Unable to find domain reference with name %s or GUID {%s}\n", domain, domain_guid));
- return NT_STATUS_NO_SUCH_DOMAIN;
- }
-
if ((dom_res == NULL || dom_res->count == 0)) {
DEBUG(2,("Unable to find domain with name %s or GUID {%s}\n", domain, domain_guid));
return NT_STATUS_NO_SUCH_DOMAIN;
@@ -308,15 +233,14 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx,
pdc_name = talloc_asprintf(mem_ctx, "\\\\%s", lp_netbios_name(lp_ctx));
domain_uuid = samdb_result_guid(dom_res->msgs[0], "objectGUID");
- realm = samdb_result_string(ref_res->msgs[0], "dnsRoot", lp_realm(lp_ctx));
- dns_domain = samdb_result_string(ref_res->msgs[0], "dnsRoot", lp_realm(lp_ctx));
+ realm = lp_realm(lp_ctx);
+ dns_domain = lp_realm(lp_ctx);
pdc_dns_name = talloc_asprintf(mem_ctx, "%s.%s",
strlower_talloc(mem_ctx,
lp_netbios_name(lp_ctx)),
dns_domain);
- flatname = samdb_result_string(ref_res->msgs[0], "nETBIOSName",
- lp_workgroup(lp_ctx));
+ flatname = lp_sam_name(lp_ctx);
/* FIXME: Hardcoded site names */
server_site = "Default-First-Site-Name";
client_site = "Default-First-Site-Name";