svn commit: samba r20377 - in branches/SAMBA_4_0/source/dsdb/samdb: .

abartlet at samba.org abartlet at samba.org
Thu Dec 28 04:52:46 GMT 2006 

Author: abartlet
Date: 2006-12-28 04:52:45 +0000 (Thu, 28 Dec 2006)
New Revision: 20377

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=20377

Log:
Rework the CrackNames implementation to handle some of the BUILTIN sid
cases.

Adjust our 'look for this value in this attribute, of the result'
function samdb_find_attribute() to use the correct comparison
function, no matter what that may be.

Andrew Bartlett

Modified:
   branches/SAMBA_4_0/source/dsdb/samdb/cracknames.c
   branches/SAMBA_4_0/source/dsdb/samdb/samdb.c


Changeset:
Modified: branches/SAMBA_4_0/source/dsdb/samdb/cracknames.c
===================================================================
--- branches/SAMBA_4_0/source/dsdb/samdb/cracknames.c	2006-12-28 04:44:34 UTC (rev 20376)
+++ branches/SAMBA_4_0/source/dsdb/samdb/cracknames.c	2006-12-28 04:52:45 UTC (rev 20377)
@@ -632,7 +632,7 @@
 	const char * const _result_attrs_canonical[] = { "canonicalName", NULL };
 
 	const char * const _domain_attrs_nt4[] = { "ncName", "dnsRoot", "nETBIOSName", NULL};
-	const char * const _result_attrs_nt4[] = { "sAMAccountName", "objectSid", NULL};
+	const char * const _result_attrs_nt4[] = { "sAMAccountName", "objectSid", "objectClass", NULL};
 		
 	const char * const _domain_attrs_guid[] = { "ncName", "dnsRoot", NULL};
 	const char * const _result_attrs_guid[] = { "objectGUID", NULL};
@@ -786,15 +786,11 @@
 						 result->dn, name, info1);
 	}
 	case DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT: {
+
 		const struct dom_sid *sid = samdb_result_dom_sid(mem_ctx, result, "objectSid");
 		const char *_acc = "", *_dom = "";
 		
-		if (!sid || (sid->num_auths < 4) || (sid->num_auths > 5)) {
-			info1->status = DRSUAPI_DS_NAME_STATUS_NO_MAPPING;
-			return WERR_OK;
-		}
-
-		if (sid->num_auths == 4) {
+		if (samdb_find_attribute(sam_ctx, result, "objectClass", "domain")) {
 			ldb_ret = gendb_search(sam_ctx, mem_ctx, partitions_basedn, &domain_res, domain_attrs,
 					       "(ncName=%s)", ldb_dn_get_linearized(result->dn));
 			if (ldb_ret != 1) {
@@ -803,33 +799,38 @@
 			}
 			_dom = samdb_result_string(domain_res[0], "nETBIOSName", NULL);
 			W_ERROR_HAVE_NO_MEMORY(_dom);
-		
-		} else if (sid->num_auths == 5) {
-			const char *attrs[] = { NULL };
-			struct ldb_message **domain_res2;
-			struct dom_sid *dom_sid = dom_sid_dup(mem_ctx, sid);
-			if (!dom_sid) {
+		} else {
+			_acc = samdb_result_string(result, "sAMAccountName", NULL);
+			if (!_acc) {
+				info1->status = DRSUAPI_DS_NAME_STATUS_NO_MAPPING;
 				return WERR_OK;
 			}
-			dom_sid->num_auths--;
-			ldb_ret = gendb_search(sam_ctx, mem_ctx, NULL, &domain_res, attrs,
-					       "(&(objectSid=%s)(objectClass=domain))", ldap_encode_ndr_dom_sid(mem_ctx, dom_sid));
-			if (ldb_ret != 1) {
-				info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
-				return WERR_OK;
+			if (dom_sid_in_domain(dom_sid_parse_talloc(mem_ctx, SID_BUILTIN), sid)) {
+				_dom = "BUILTIN";
+			} else {
+				const char *attrs[] = { NULL };
+				struct ldb_message **domain_res2;
+				struct dom_sid *dom_sid = dom_sid_dup(mem_ctx, sid);
+				if (!dom_sid) {
+					return WERR_OK;
+				}
+				dom_sid->num_auths--;
+				ldb_ret = gendb_search(sam_ctx, mem_ctx, NULL, &domain_res, attrs,
+						       "(&(objectSid=%s)(objectClass=domain))", ldap_encode_ndr_dom_sid(mem_ctx, dom_sid));
+				if (ldb_ret != 1) {
+					info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
+					return WERR_OK;
+				}
+				ldb_ret = gendb_search(sam_ctx, mem_ctx, partitions_basedn, &domain_res2, domain_attrs,
+						       "(ncName=%s)", ldb_dn_get_linearized(domain_res[0]->dn));
+				if (ldb_ret != 1) {
+					info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
+					return WERR_OK;
+				}
+				
+				_dom = samdb_result_string(domain_res2[0], "nETBIOSName", NULL);
+				W_ERROR_HAVE_NO_MEMORY(_dom);
 			}
-			ldb_ret = gendb_search(sam_ctx, mem_ctx, partitions_basedn, &domain_res2, domain_attrs,
-					       "(ncName=%s)", ldb_dn_get_linearized(domain_res[0]->dn));
-			if (ldb_ret != 1) {
-				info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
-				return WERR_OK;
-			}
-			
-			_dom = samdb_result_string(domain_res2[0], "nETBIOSName", NULL);
-			W_ERROR_HAVE_NO_MEMORY(_dom);
-
-			_acc = samdb_result_string(result, "sAMAccountName", NULL);
-			W_ERROR_HAVE_NO_MEMORY(_acc);
 		}
 
 		info1->result_name	= talloc_asprintf(mem_ctx, "%s\\%s", _dom, _acc);

Modified: branches/SAMBA_4_0/source/dsdb/samdb/samdb.c
===================================================================
--- branches/SAMBA_4_0/source/dsdb/samdb/samdb.c	2006-12-28 04:44:34 UTC (rev 20376)
+++ branches/SAMBA_4_0/source/dsdb/samdb/samdb.c	2006-12-28 04:52:45 UTC (rev 20377)
@@ -632,21 +632,32 @@
 {
 	int i;
 	struct ldb_message_element *el = ldb_msg_find_element(msg, name);
+	const struct ldb_schema_attribute *a;
 	struct ldb_val v;
 
+	TALLOC_CTX *tmp_ctx = talloc_new(ldb);
+	if (!tmp_ctx) {
+		return NULL;
+	}
+
 	v.data = discard_const_p(uint8_t, value);
 	v.length = strlen(value);
 
 	if (!el) {
+		talloc_free(tmp_ctx);
 		return NULL;
 	}
 
+	a = ldb_schema_attribute_by_name(ldb, name);
+
 	for (i=0;i<el->num_values;i++) {
-		if (strcasecmp(value, (char *)el->values[i].data) == 0) {
+		if (a->syntax->comparison_fn(ldb, tmp_ctx, &el->values[i], &v) == 0) {
+			talloc_free(tmp_ctx);
 			return el;
 		}
 	}
 
+	talloc_free(tmp_ctx);
 	return NULL;
 }

More information about the samba-cvs mailing list