[SCM] Samba Shared Repository - branch master updated
Matthias Dieter Wallnöfer
mdw at samba.org
Sat Jun 12 08:52:21 MDT 2010
The branch, master has been updated
via 890d590... s4:password_hash LDB module - this does really deactivate the MS LAN manager hash
via 3e98262... s4:password_hash LDB module - fix comment
via 4d68147... s4:torture - SAMR testsuite - now we do support "GetAliasMembership" as expected
via d2c25e1... s4:dcesrv_samr_GetAliasMembership - provide a correct implementation
via 4a8ee9a... s4:dcesrv_samr_EnumDomainGroups/Aliases - when we don't get a SID then the database is corrupted
via 4659b3c... s4:dcesrv_samr_QueryAliasInfo - return "NT_STATUS_NO_SUCH_ALIAS" when it wasn't found
via d2099a1... s4:dcesrv_samr_QueryGroupInfo - make it more like "QueryAliasInfo"
via 776eb25... s4:dcesrv_samr_QueryUserInfo - minor fixes
via cdecae6... s4:dcesrv_samr_QueryDomainInfo - allocate the "info" structure only when really needed
via 0171f71... s4:dcesrv_samr_EnumDomainGroups - mostly small fixes
via f2c3d39... s4:dcesrv_samr_EnumDomainAliases - return an empty array also when no entry was returned
via 5a1cb70... s4:dcesrv_samr_EnumDomainAliases - mostly small fixes
via 84bda98... s4:dcesrv_samr_EnumDomainUsers - make this call look more similar to "EnumDomainGroups" and "EnumDomainAliases"
via bbb0b31... s4:ldif_read_prefixMap - don't cause memory leaks on error conditions
from 14974ba... s3: Remove smbd_server_conn from cancel_pending_lock_requests_by_fid_smb2
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 890d590e5193cc187d4c8dc423afef57048400fa
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Sat Jun 12 13:22:54 2010 +0200
s4:password_hash LDB module - this does really deactivate the MS LAN manager hash
Previously, only the conversion from cleartext to the LM hash was deactivated,
and not when the user specified it directly through "dBCSPwd".
commit 3e98262c7115322bb069d19e275c43b1fbd30ec3
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Sat Jun 12 13:22:22 2010 +0200
s4:password_hash LDB module - fix comment
commit 4d681471608f4e319672af368f34912f68ca26a4
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Sat Jun 12 12:17:33 2010 +0200
s4:torture - SAMR testsuite - now we do support "GetAliasMembership" as expected
commit d2c25e1b11c3ce1e59da2ee7148b5b4ad37a9167
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Sat Jun 12 12:14:59 2010 +0200
s4:dcesrv_samr_GetAliasMembership - provide a correct implementation
We could also have no valid SID specified at all and also then we have to
return an empty array with "NT_STATUS_OK". This shows the torture testsuite.
commit 4a8ee9a333ef2b9d0f0cc39c5debf9344cff1f83
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Sat Jun 12 11:39:25 2010 +0200
s4:dcesrv_samr_EnumDomainGroups/Aliases - when we don't get a SID then the database is corrupted
Group/User/Alias entries do always have a SID (it's a mandatory attribute in the
SAM directory)!
commit 4659b3c4fd0e9ae7108e9fc4d613682f9f0a098a
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Sat Jun 12 00:06:36 2010 +0200
s4:dcesrv_samr_QueryAliasInfo - return "NT_STATUS_NO_SUCH_ALIAS" when it wasn't found
commit d2099a1deff54423b477bf58c977118256ece92b
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Sat Jun 12 00:06:07 2010 +0200
s4:dcesrv_samr_QueryGroupInfo - make it more like "QueryAliasInfo"
commit 776eb25ef75bf4d7625f04db404c4b8a1ae90936
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Fri Jun 11 23:59:12 2010 +0200
s4:dcesrv_samr_QueryUserInfo - minor fixes
Return "NT_STATUS_NO_SUCH_USER" when user account doesn't exist.
commit cdecae6c03fd4ce49f3bcabfe5fccc1c9e7488b0
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Fri Jun 11 23:57:39 2010 +0200
s4:dcesrv_samr_QueryDomainInfo - allocate the "info" structure only when really needed
That means the allocation should move after the lookup (as it is on
"QueryUserInfo"). Return "NT_STATUS_NO_SUCH_DOMAIN" on an invalid domain.
commit 0171f714b4caf6ef67ea36729106b89e91706002
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Fri Jun 11 23:44:46 2010 +0200
s4:dcesrv_samr_EnumDomainGroups - mostly small fixes
commit f2c3d39e7223f6bd162f3a38efa1b568aee621de
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Sat Jun 12 11:49:26 2010 +0200
s4:dcesrv_samr_EnumDomainAliases - return an empty array also when no entry was returned
commit 5a1cb7029cdeaaf2bf1c2093ddc00f51a15d95e5
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Fri Jun 11 23:42:14 2010 +0200
s4:dcesrv_samr_EnumDomainAliases - mostly small fixes
The biggest change consists in the implementation of the Windows Server
return size formula MIN(*r->out.num_entries, 1+(r->in.max_size/SAMR_ENUM_USERS_MULTIPLIER).
commit 84bda98066e23b7963a6280155eafa88312724a9
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Fri Jun 11 23:39:46 2010 +0200
s4:dcesrv_samr_EnumDomainUsers - make this call look more similar to "EnumDomainGroups" and "EnumDomainAliases"
That means that the lookup is now also done by "samdb_search_domain" to be more
consistent.
commit bbb0b31911c41091dd79da3612b0227c68139da7
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Sat Jun 12 11:31:30 2010 +0200
s4:ldif_read_prefixMap - don't cause memory leaks on error conditions
-----------------------------------------------------------------------
Summary of changes:
source4/dsdb/samdb/ldb_modules/password_hash.c | 16 ++-
source4/lib/ldb-samba/ldif_handlers.c | 4 +-
source4/rpc_server/samr/dcesrv_samr.c | 200 +++++++++++++-----------
source4/torture/rpc/samr.c | 4 -
4 files changed, 118 insertions(+), 106 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c
index 1b0b490..94eb9cf 100644
--- a/source4/dsdb/samdb/ldb_modules/password_hash.c
+++ b/source4/dsdb/samdb/ldb_modules/password_hash.c
@@ -215,7 +215,7 @@ static int setup_lm_fields(struct setup_password_fields_io *io)
return LDB_SUCCESS;
}
- /* We might not have an old NT password */
+ /* We might not have an old LM password */
io->g.lm_history = talloc_array(io->ac,
struct samr_Password,
io->ac->status->domain_data.pwdHistoryLength);
@@ -1382,8 +1382,7 @@ static int setup_given_passwords(struct setup_password_fields_io *io,
g->cleartext_utf16->length);
}
- if (g->cleartext_utf8 &&
- lp_lanman_auth(ldb_get_opaque(ldb, "loadparm"))) {
+ if (g->cleartext_utf8) {
struct samr_Password *lm_hash;
lm_hash = talloc(io->ac, struct samr_Password);
@@ -1435,9 +1434,14 @@ static int setup_password_fields(struct setup_password_fields_io *io)
return ret;
}
- ret = setup_lm_fields(io);
- if (ret != LDB_SUCCESS) {
- return ret;
+ if (lp_lanman_auth(ldb_get_opaque(ldb, "loadparm"))) {
+ ret = setup_lm_fields(io);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+ } else {
+ io->g.lm_hash = NULL;
+ io->g.lm_history_len = 0;
}
ret = setup_supplemental_field(io);
diff --git a/source4/lib/ldb-samba/ldif_handlers.c b/source4/lib/ldb-samba/ldif_handlers.c
index f335d6c..480335f 100644
--- a/source4/lib/ldb-samba/ldif_handlers.c
+++ b/source4/lib/ldb-samba/ldif_handlers.c
@@ -522,11 +522,11 @@ static int ldif_read_prefixMap(struct ldb_context *ldb, void *mem_ctx,
blob = talloc_zero(tmp_ctx, struct prefixMapBlob);
if (blob == NULL) {
- talloc_free(blob);
+ talloc_free(tmp_ctx);
return -1;
}
- ndr_err = ndr_pull_struct_blob(in, blob, blob,
+ ndr_err = ndr_pull_struct_blob(in, tmp_ctx, blob,
(ndr_pull_flags_fn_t)ndr_pull_prefixMapBlob);
if (NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
ndr_err = ndr_push_struct_blob(out, mem_ctx,
diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c
index 2ab5155..9f44dc5 100644
--- a/source4/rpc_server/samr/dcesrv_samr.c
+++ b/source4/rpc_server/samr/dcesrv_samr.c
@@ -732,11 +732,6 @@ static NTSTATUS dcesrv_samr_QueryDomainInfo(struct dcesrv_call_state *dce_call,
d_state = h->data;
- info = talloc(mem_ctx, union samr_DomainInfo);
- if (!info) {
- return NT_STATUS_NO_MEMORY;
- }
-
switch (r->in.level) {
case 1:
{
@@ -843,14 +838,21 @@ static NTSTATUS dcesrv_samr_QueryDomainInfo(struct dcesrv_call_state *dce_call,
int ret;
ret = gendb_search_dn(d_state->sam_ctx, mem_ctx,
d_state->domain_dn, &dom_msgs, attrs);
+ if (ret == 0) {
+ return NT_STATUS_NO_SUCH_DOMAIN;
+ }
if (ret != 1) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
}
- *r->out.info = info;
+ /* allocate the info structure */
+ info = talloc_zero(mem_ctx, union samr_DomainInfo);
+ if (info == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
- ZERO_STRUCTP(info);
+ *r->out.info = info;
switch (r->in.level) {
case 1:
@@ -1074,7 +1076,7 @@ static NTSTATUS dcesrv_samr_EnumDomainGroups(struct dcesrv_call_state *dce_call,
int i, ldb_cnt;
uint32_t first, count;
struct samr_SamEntry *entries;
- const char * const attrs[3] = { "objectSid", "sAMAccountName", NULL };
+ const char * const attrs[] = { "objectSid", "sAMAccountName", NULL };
struct samr_SamArray *sam;
*r->out.resume_handle = 0;
@@ -1093,7 +1095,7 @@ static NTSTATUS dcesrv_samr_EnumDomainGroups(struct dcesrv_call_state *dce_call,
"(&(|(groupType=%d)(groupType=%d))(objectClass=group))",
GTYPE_SECURITY_UNIVERSAL_GROUP,
GTYPE_SECURITY_GLOBAL_GROUP);
- if (ldb_cnt == -1) {
+ if (ldb_cnt < 0) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
@@ -1110,8 +1112,9 @@ static NTSTATUS dcesrv_samr_EnumDomainGroups(struct dcesrv_call_state *dce_call,
group_sid = samdb_result_dom_sid(mem_ctx, res[i],
"objectSid");
- if (group_sid == NULL)
- continue;
+ if (group_sid == NULL) {
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ }
entries[count].idx =
group_sid->sub_auths[group_sid->num_auths-1];
@@ -1128,7 +1131,7 @@ static NTSTATUS dcesrv_samr_EnumDomainGroups(struct dcesrv_call_state *dce_call,
first<count && entries[first].idx <= *r->in.resume_handle;
first++) ;
- /* return the rest, limit by max_size. Note that we
+ /* return the rest, limit by max_size. Note that we
use the w2k3 element size value of 54 */
*r->out.num_entries = count - first;
*r->out.num_entries = MIN(*r->out.num_entries,
@@ -1144,6 +1147,10 @@ static NTSTATUS dcesrv_samr_EnumDomainGroups(struct dcesrv_call_state *dce_call,
*r->out.sam = sam;
+ if (first == count) {
+ return NT_STATUS_OK;
+ }
+
if (*r->out.num_entries < count - first) {
*r->out.resume_handle = entries[first+*r->out.num_entries-1].idx;
return STATUS_MORE_ENTRIES;
@@ -1259,10 +1266,9 @@ static NTSTATUS dcesrv_samr_EnumDomainUsers(struct dcesrv_call_state *dce_call,
{
struct dcesrv_handle *h;
struct samr_domain_state *d_state;
- struct ldb_result *res;
- int ret;
- unsigned int i;
- uint32_t num_filtered_entries, first;
+ struct ldb_message **res;
+ int i, ldb_cnt;
+ uint32_t first, count;
struct samr_SamEntry *entries;
const char * const attrs[] = { "objectSid", "sAMAccountName",
"userAccountControl", NULL };
@@ -1276,44 +1282,50 @@ static NTSTATUS dcesrv_samr_EnumDomainUsers(struct dcesrv_call_state *dce_call,
d_state = h->data;
- /* don't have to worry about users in the builtin domain, as there are none */
- ret = ldb_search(d_state->sam_ctx, mem_ctx, &res, d_state->domain_dn, LDB_SCOPE_SUBTREE, attrs, "objectClass=user");
-
- if (ret != LDB_SUCCESS) {
- DEBUG(3, ("Failed to search for Domain Users in %s: %s\n",
- ldb_dn_get_linearized(d_state->domain_dn), ldb_errstring(d_state->sam_ctx)));
+ /* search for all domain users in this domain. This could possibly be
+ cached and resumed on resume_key */
+ ldb_cnt = samdb_search_domain(d_state->sam_ctx, mem_ctx,
+ d_state->domain_dn,
+ &res, attrs,
+ d_state->domain_sid,
+ "(objectClass=user)");
+ if (ldb_cnt < 0) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
/* convert to SamEntry format */
- entries = talloc_array(mem_ctx, struct samr_SamEntry, res->count);
+ entries = talloc_array(mem_ctx, struct samr_SamEntry, ldb_cnt);
if (!entries) {
return NT_STATUS_NO_MEMORY;
}
- num_filtered_entries = 0;
- for (i=0;i<res->count;i++) {
+
+ count = 0;
+
+ for (i=0;i<ldb_cnt;i++) {
/* Check if a mask has been requested */
if (r->in.acct_flags
- && ((samdb_result_acct_flags(d_state->sam_ctx, mem_ctx, res->msgs[i],
- d_state->domain_dn) & r->in.acct_flags) == 0)) {
+ && ((samdb_result_acct_flags(d_state->sam_ctx, mem_ctx,
+ res[i], d_state->domain_dn) & r->in.acct_flags) == 0)) {
continue;
}
- entries[num_filtered_entries].idx = samdb_result_rid_from_sid(mem_ctx, res->msgs[i], "objectSid", 0);
- entries[num_filtered_entries].name.string = samdb_result_string(res->msgs[i], "sAMAccountName", "");
- num_filtered_entries++;
+ entries[count].idx = samdb_result_rid_from_sid(mem_ctx, res[i],
+ "objectSid", 0);
+ entries[count].name.string = samdb_result_string(res[i],
+ "sAMAccountName", "");
+ count += 1;
}
/* sort the results by rid */
- TYPESAFE_QSORT(entries, num_filtered_entries, compare_SamEntry);
+ TYPESAFE_QSORT(entries, count, compare_SamEntry);
/* find the first entry to return */
for (first=0;
- first<num_filtered_entries && entries[first].idx <= *r->in.resume_handle;
+ first<count && entries[first].idx <= *r->in.resume_handle;
first++) ;
/* return the rest, limit by max_size. Note that we
use the w2k3 element size value of 54 */
- *r->out.num_entries = num_filtered_entries - first;
+ *r->out.num_entries = count - first;
*r->out.num_entries = MIN(*r->out.num_entries,
1+(r->in.max_size/SAMR_ENUM_USERS_MULTIPLIER));
@@ -1327,11 +1339,11 @@ static NTSTATUS dcesrv_samr_EnumDomainUsers(struct dcesrv_call_state *dce_call,
*r->out.sam = sam;
- if (first == num_filtered_entries) {
+ if (first == count) {
return NT_STATUS_OK;
}
- if (*r->out.num_entries < num_filtered_entries - first) {
+ if (*r->out.num_entries < count - first) {
*r->out.resume_handle = entries[first+*r->out.num_entries-1].idx;
return STATUS_MORE_ENTRIES;
}
@@ -1417,7 +1429,7 @@ static NTSTATUS dcesrv_samr_EnumDomainAliases(struct dcesrv_call_state *dce_call
int i, ldb_cnt;
uint32_t first, count;
struct samr_SamEntry *entries;
- const char * const attrs[3] = { "objectSid", "sAMAccountName", NULL };
+ const char * const attrs[] = { "objectSid", "sAMAccountName", NULL };
struct samr_SamArray *sam;
*r->out.resume_handle = 0;
@@ -1438,12 +1450,9 @@ static NTSTATUS dcesrv_samr_EnumDomainAliases(struct dcesrv_call_state *dce_call
"(objectclass=group))",
GTYPE_SECURITY_BUILTIN_LOCAL_GROUP,
GTYPE_SECURITY_DOMAIN_LOCAL_GROUP);
- if (ldb_cnt == -1) {
+ if (ldb_cnt < 0) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
- if (ldb_cnt == 0) {
- return NT_STATUS_OK;
- }
/* convert to SamEntry format */
entries = talloc_array(mem_ctx, struct samr_SamEntry, ldb_cnt);
@@ -1459,8 +1468,9 @@ static NTSTATUS dcesrv_samr_EnumDomainAliases(struct dcesrv_call_state *dce_call
alias_sid = samdb_result_dom_sid(mem_ctx, res[i],
"objectSid");
- if (alias_sid == NULL)
- continue;
+ if (alias_sid == NULL) {
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ }
entries[count].idx =
alias_sid->sub_auths[alias_sid->num_auths-1];
@@ -1477,12 +1487,11 @@ static NTSTATUS dcesrv_samr_EnumDomainAliases(struct dcesrv_call_state *dce_call
first<count && entries[first].idx <= *r->in.resume_handle;
first++) ;
- if (first == count) {
- return NT_STATUS_OK;
- }
-
+ /* return the rest, limit by max_size. Note that we
+ use the w2k3 element size value of 54 */
*r->out.num_entries = count - first;
- *r->out.num_entries = MIN(*r->out.num_entries, 1000);
+ *r->out.num_entries = MIN(*r->out.num_entries,
+ 1+(r->in.max_size/SAMR_ENUM_USERS_MULTIPLIER));
sam = talloc(mem_ctx, struct samr_SamArray);
if (!sam) {
@@ -1494,6 +1503,10 @@ static NTSTATUS dcesrv_samr_EnumDomainAliases(struct dcesrv_call_state *dce_call
*r->out.sam = sam;
+ if (first == count) {
+ return NT_STATUS_OK;
+ }
+
if (*r->out.num_entries < count - first) {
*r->out.resume_handle =
entries[first+*r->out.num_entries-1].idx;
@@ -1512,6 +1525,8 @@ static NTSTATUS dcesrv_samr_GetAliasMembership(struct dcesrv_call_state *dce_cal
{
struct dcesrv_handle *h;
struct samr_domain_state *d_state;
+ const char *filter;
+ const char * const attrs[] = { "objectSid", NULL };
struct ldb_message **res;
uint32_t i;
int count = 0;
@@ -1520,43 +1535,43 @@ static NTSTATUS dcesrv_samr_GetAliasMembership(struct dcesrv_call_state *dce_cal
d_state = h->data;
- if (r->in.sids->num_sids > 0) {
- const char *filter;
- const char * const attrs[2] = { "objectSid", NULL };
-
- filter = talloc_asprintf(mem_ctx,
- "(&(|(grouptype=%d)(grouptype=%d))"
- "(objectclass=group)(|",
- GTYPE_SECURITY_BUILTIN_LOCAL_GROUP,
- GTYPE_SECURITY_DOMAIN_LOCAL_GROUP);
- if (filter == NULL)
- return NT_STATUS_NO_MEMORY;
-
- for (i=0; i<r->in.sids->num_sids; i++) {
- const char *memberdn;
+ filter = talloc_asprintf(mem_ctx,
+ "(&(|(grouptype=%d)(grouptype=%d))"
+ "(objectclass=group)(|",
+ GTYPE_SECURITY_BUILTIN_LOCAL_GROUP,
+ GTYPE_SECURITY_DOMAIN_LOCAL_GROUP);
+ if (filter == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
- memberdn =
- samdb_search_string(d_state->sam_ctx,
- mem_ctx, NULL,
- "distinguishedName",
- "(objectSid=%s)",
- ldap_encode_ndr_dom_sid(mem_ctx,
- r->in.sids->sids[i].sid));
+ for (i=0; i<r->in.sids->num_sids; i++) {
+ const char *memberdn;
- if (memberdn == NULL)
- continue;
+ memberdn = samdb_search_string(d_state->sam_ctx,
+ mem_ctx, d_state->domain_dn,
+ "distinguishedName",
+ "(objectSid=%s)",
+ ldap_encode_ndr_dom_sid(mem_ctx, r->in.sids->sids[i].sid));
+ if (memberdn == NULL) {
+ continue;
+ }
- filter = talloc_asprintf(mem_ctx, "%s(member=%s)",
- filter, memberdn);
- if (filter == NULL)
- return NT_STATUS_NO_MEMORY;
+ filter = talloc_asprintf(mem_ctx, "%s(member=%s)", filter,
+ memberdn);
+ if (filter == NULL) {
+ return NT_STATUS_NO_MEMORY;
}
+ }
+ /* Find out if we had at least one valid member SID passed - otherwise
+ * just skip the search. */
+ if (strstr(filter, "member") != NULL) {
count = samdb_search_domain(d_state->sam_ctx, mem_ctx,
d_state->domain_dn, &res, attrs,
d_state->domain_sid, "%s))", filter);
- if (count < 0)
+ if (count < 0) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ }
}
r->out.rids->count = 0;
@@ -1568,10 +1583,8 @@ static NTSTATUS dcesrv_samr_GetAliasMembership(struct dcesrv_call_state *dce_cal
struct dom_sid *alias_sid;
alias_sid = samdb_result_dom_sid(mem_ctx, res[i], "objectSid");
-
if (alias_sid == NULL) {
- DEBUG(0, ("Could not find objectSid\n"));
- continue;
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
r->out.rids->ids[r->out.rids->count] =
@@ -1799,8 +1812,7 @@ static NTSTATUS dcesrv_samr_QueryGroupInfo(struct dcesrv_call_state *dce_call, T
{
struct dcesrv_handle *h;
struct samr_account_state *a_state;
- struct ldb_message *msg;
- struct ldb_result *res;
+ struct ldb_message *msg, **res;
const char * const attrs[4] = { "sAMAccountName", "description",
"numMembers", NULL };
int ret;
@@ -1812,22 +1824,16 @@ static NTSTATUS dcesrv_samr_QueryGroupInfo(struct dcesrv_call_state *dce_call, T
a_state = h->data;
- ret = ldb_search(a_state->sam_ctx, mem_ctx, &res, a_state->account_dn,
- LDB_SCOPE_SUBTREE, attrs, "objectClass=*");
-
- if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+ /* pull all the group attributes */
+ ret = gendb_search_dn(a_state->sam_ctx, mem_ctx,
+ a_state->account_dn, &res, attrs);
+ if (ret == 0) {
return NT_STATUS_NO_SUCH_GROUP;
- } else if (ret != LDB_SUCCESS) {
- DEBUG(2, ("Error reading group info: %s\n", ldb_errstring(a_state->sam_ctx)));
- return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
-
- if (res->count != 1) {
- DEBUG(2, ("Error finding group info, got %d entries\n", res->count));
-
+ if (ret != 1) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
- msg = res->msgs[0];
+ msg = res[0];
/* allocate the info structure */
info = talloc_zero(mem_ctx, union samr_GroupInfo);
@@ -2280,7 +2286,10 @@ static NTSTATUS dcesrv_samr_QueryAliasInfo(struct dcesrv_call_state *dce_call, T
/* pull all the alias attributes */
ret = gendb_search_dn(a_state->sam_ctx, mem_ctx,
- a_state->account_dn ,&res, attrs);
+ a_state->account_dn, &res, attrs);
+ if (ret == 0) {
+ return NT_STATUS_NO_SUCH_ALIAS;
+ }
if (ret != 1) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
@@ -2907,7 +2916,10 @@ static NTSTATUS dcesrv_samr_QueryUserInfo(struct dcesrv_call_state *dce_call, TA
/* pull all the user attributes */
ret = gendb_search_dn(a_state->sam_ctx, mem_ctx,
- a_state->account_dn ,&res, attrs);
+ a_state->account_dn, &res, attrs);
+ if (ret == 0) {
+ return NT_STATUS_NO_SUCH_USER;
+ }
if (ret != 1) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
index b87cac5..acb033d 100644
--- a/source4/torture/rpc/samr.c
+++ b/source4/torture/rpc/samr.c
@@ -2708,10 +2708,6 @@ static bool test_GetAliasMembership(struct dcerpc_binding_handle *b,
torture_comment(tctx, "Testing GetAliasMembership\n");
- if (torture_setting_bool(tctx, "samba4", false)) {
- torture_skip(tctx, "skipping GetAliasMembership against s4");
- }
-
r.in.domain_handle = domain_handle;
r.in.sids = &sids;
r.out.rids = &rids;
--
Samba Shared Repository
More information about the samba-cvs
mailing list