[SCM] Samba Shared Repository - branch v4-17-test updated
Jule Anger
janger at samba.org
Tue Aug 1 10:58:02 UTC 2023
The branch, v4-17-test has been updated
via 9313ebba32b dsdb: Use samdb_system_container_dn() in pdb_samba_dsdb_*()
via dc74e3e9470 dsdb: Use samdb_system_container_dn() in dsdb_trust_*()
via ecbba6aec27 s4-rpc_server/backupkey: Use samdb_system_container_dn() in get_lsa_secret()
via 558834c3e13 s4-rpc_server/backupkey: Use samdb_system_container_dn() in set_lsa_secret()
via 0d6bc07a572 s4-rpc_server/netlogon: Use samdb_system_container_dn() in fill_trusted_domains_array()
via cabc229210d s4-rpc_server/lsa: Use samdb_system_container_dn() in dcesrv_lsa_get_policy_state()
via 30c14e87e2b dsdb: Use samdb_get_system_container_dn() to get Password Settings Container
via d3c4dd68a0d dsdb: Use samdb_system_container_dn() in samldb.c
via bac861ed27f dsdb: Add new function samdb_system_container_dn()
via 7112efed3d4 Bug #9959: Don't search for CN=System
via 517339b1755 For Bug #9959: local talloc frame for next commit
from 947790f8d76 mdssvc: fix returning file modification date for older Mac releases
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-17-test
- Log -----------------------------------------------------------------
commit 9313ebba32b650f31957a8ad6e2b36ac84fba0a3
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Jul 27 17:18:45 2023 +1200
dsdb: Use samdb_system_container_dn() in pdb_samba_dsdb_*()
This makes more calls to add children, but avoids the cn=system string in the
codebase which makes it easier to audit that this is always being built
correctly.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Mon Jul 31 07:20:21 UTC 2023 on atb-devel-224
(cherry picked from commit 5571ce9619d856d3c9545099366f4e0259aee8ef)
RN: A second container with name CN=System would disable the operation
of the Samba AD DC. Samba now finds the CN=System container by exact
DN and not a search.
Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-17-test): Tue Aug 1 10:57:31 UTC 2023 on sn-devel-184
commit dc74e3e94704ce4a28a0adb8102f71abb723fae1
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Jul 27 17:14:30 2023 +1200
dsdb: Use samdb_system_container_dn() in dsdb_trust_*()
This is now exactly the same actions, but just uses common code to do it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 4250d07e4dcd43bf7450b1ae603ff46fdc892d02)
commit ecbba6aec277ba72e3ad0990c9ac6e0a291b0162
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Jul 27 17:11:39 2023 +1200
s4-rpc_server/backupkey: Use samdb_system_container_dn() in get_lsa_secret()
This is now exactly the same actions, but just uses common code to do it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 9b4f3f3cb4ed17bb233d3b5ccd191be63f01f3f4)
commit 558834c3e1323563a939386e52614ada0b3ec969
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Jul 27 17:09:31 2023 +1200
s4-rpc_server/backupkey: Use samdb_system_container_dn() in set_lsa_secret()
This is now exactly the same actions, but just uses common code to do it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 13eed1e0e7d0bdef6b5cdb6b858f124b812adbea)
commit 0d6bc07a57252ea380e13df84bcb50e8ae23b3c9
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Jul 27 17:00:21 2023 +1200
s4-rpc_server/netlogon: Use samdb_system_container_dn() in fill_trusted_domains_array()
This is now exactly the same actions, but just uses common code to do it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit a900f6aa5d909d912ee3ca529baa4047c9c4da87)
commit cabc229210d6af37a3250c396c7b112605898e43
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Jul 27 16:58:13 2023 +1200
s4-rpc_server/lsa: Use samdb_system_container_dn() in dcesrv_lsa_get_policy_state()
This is now exactly the same actions, but just uses common code to do it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 4e18066fa243da1c505f782ba87187c3bb1078ee)
commit 30c14e87e2b66dd2ec4f09097394e5179c50411f
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Jul 27 16:44:10 2023 +1200
dsdb: Use samdb_get_system_container_dn() to get Password Settings Container
By doing this we use the common samdb_get_system_container_dn() routine and we
avoid doing a linerize and parse step on the main DN, instead using the
already stored parse of the DN. This is more hygenic.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 3669caa97f76d3e893ac6a1ab88341057929ee6a)
commit d3c4dd68a0db924879d1f5c53fff7e511530fca2
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Jul 27 16:29:34 2023 +1200
dsdb: Use samdb_system_container_dn() in samldb.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 97b682e0eb0450513dcecb74be672e18e84fe7a2)
commit bac861ed27fb4dc49a6defa3e26f0ea29b6dda4f
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Jul 27 16:12:11 2023 +1200
dsdb: Add new function samdb_system_container_dn()
This will replace many calls crafting or searching for this DN
elsewhere in the code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 25b0e1102e1a502152d2695aeddf7c65555b16fb)
commit 7112efed3d40b9220bf0d32e93d4de099565743e
Author: Arvid Requate <requate at univention.de>
Date: Fri Aug 26 16:20:34 2016 +0200
Bug #9959: Don't search for CN=System
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Arvid Requate <requate at univention.de>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 2d461844a201fbca55ebc9a46a15e1d16048055b)
commit 517339b17553eeaa0b95b44237899d381896de68
Author: Arvid Requate <requate at univention.de>
Date: Fri Aug 26 16:18:57 2016 +0200
For Bug #9959: local talloc frame for next commit
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Arvid Requate <requate at univention.de>
[abartlet at samba.org Added additional talloc_free() in failure paths]
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit b6e80733c3a589f9d784eec86fc713f1ec9c1049)
-----------------------------------------------------------------------
Summary of changes:
source3/passdb/pdb_samba_dsdb.c | 12 ++++--
source4/dsdb/common/util.c | 19 +++++++++
source4/dsdb/common/util_trusts.c | 21 ++--------
source4/dsdb/samdb/ldb_modules/operational.c | 22 +++++-----
source4/dsdb/samdb/ldb_modules/samldb.c | 7 +---
source4/rpc_server/backupkey/dcesrv_backupkey.c | 54 ++++++++++---------------
source4/rpc_server/lsa/lsa_init.c | 7 ++--
source4/rpc_server/netlogon/dcerpc_netlogon.c | 8 ++--
8 files changed, 71 insertions(+), 79 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/passdb/pdb_samba_dsdb.c b/source3/passdb/pdb_samba_dsdb.c
index d9c31e57186..c5be5c03526 100644
--- a/source3/passdb/pdb_samba_dsdb.c
+++ b/source3/passdb/pdb_samba_dsdb.c
@@ -3305,9 +3305,13 @@ static NTSTATUS pdb_samba_dsdb_set_trusted_domain(struct pdb_methods *methods,
goto out;
}
- msg->dn = ldb_dn_copy(tmp_ctx, base_dn);
+ msg->dn = samdb_system_container_dn(state->ldb, tmp_ctx);
+ if (msg->dn == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto out;
+ }
- ok = ldb_dn_add_child_fmt(msg->dn, "cn=%s,cn=System", td->domain_name);
+ ok = ldb_dn_add_child_fmt(msg->dn, "cn=%s", td->domain_name);
if (!ok) {
status = NT_STATUS_NO_MEMORY;
goto out;
@@ -3532,13 +3536,13 @@ static NTSTATUS pdb_samba_dsdb_del_trusted_domain(struct pdb_methods *methods,
return NT_STATUS_OK;
}
- tdo_dn = ldb_dn_copy(tmp_ctx, ldb_get_default_basedn(state->ldb));
+ tdo_dn = samdb_system_container_dn(state->ldb, tmp_ctx);
if (tdo_dn == NULL) {
status = NT_STATUS_NO_MEMORY;
goto out;
}
- ok = ldb_dn_add_child_fmt(tdo_dn, "cn=%s,cn=System", domain);
+ ok = ldb_dn_add_child_fmt(tdo_dn, "cn=%s", domain);
if (!ok) {
TALLOC_FREE(tmp_ctx);
status = NT_STATUS_NO_MEMORY;
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index 39b29cd2a0c..59d1f7eba58 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -1241,6 +1241,25 @@ struct ldb_dn *samdb_infrastructure_dn(struct ldb_context *sam_ctx, TALLOC_CTX *
return new_dn;
}
+struct ldb_dn *samdb_system_container_dn(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx)
+{
+ struct ldb_dn *new_dn = NULL;
+ bool ok;
+
+ new_dn = ldb_dn_copy(mem_ctx, ldb_get_default_basedn(sam_ctx));
+ if (new_dn == NULL) {
+ return NULL;
+ }
+
+ ok = ldb_dn_add_child_fmt(new_dn, "CN=System");
+ if (!ok) {
+ TALLOC_FREE(new_dn);
+ return NULL;
+ }
+
+ return new_dn;
+}
+
struct ldb_dn *samdb_sites_dn(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx)
{
struct ldb_dn *new_dn;
diff --git a/source4/dsdb/common/util_trusts.c b/source4/dsdb/common/util_trusts.c
index 0f4d5584192..fd1aa2be4d4 100644
--- a/source4/dsdb/common/util_trusts.c
+++ b/source4/dsdb/common/util_trusts.c
@@ -2459,17 +2459,12 @@ NTSTATUS dsdb_trust_search_tdo(struct ldb_context *sam_ctx,
return NT_STATUS_INVALID_PARAMETER_MIX;
}
- system_dn = ldb_dn_copy(frame, ldb_get_default_basedn(sam_ctx));
+ system_dn = samdb_system_container_dn(sam_ctx, frame);
if (system_dn == NULL) {
TALLOC_FREE(frame);
return NT_STATUS_NO_MEMORY;
}
- if (!ldb_dn_add_child_fmt(system_dn, "CN=System")) {
- TALLOC_FREE(frame);
- return NT_STATUS_NO_MEMORY;
- }
-
if (netbios != NULL) {
netbios_encoded = ldb_binary_encode_string(frame, netbios);
if (netbios_encoded == NULL) {
@@ -2617,17 +2612,12 @@ NTSTATUS dsdb_trust_search_tdo_by_sid(struct ldb_context *sam_ctx,
return NT_STATUS_NO_MEMORY;
}
- system_dn = ldb_dn_copy(frame, ldb_get_default_basedn(sam_ctx));
+ system_dn = samdb_system_container_dn(sam_ctx, frame);
if (system_dn == NULL) {
TALLOC_FREE(frame);
return NT_STATUS_NO_MEMORY;
}
- if (!ldb_dn_add_child_fmt(system_dn, "CN=System")) {
- TALLOC_FREE(frame);
- return NT_STATUS_NO_MEMORY;
- }
-
filter = talloc_asprintf(frame,
"(&"
"(objectClass=trustedDomain)"
@@ -2794,17 +2784,12 @@ NTSTATUS dsdb_trust_search_tdos(struct ldb_context *sam_ctx,
*res = NULL;
- system_dn = ldb_dn_copy(frame, ldb_get_default_basedn(sam_ctx));
+ system_dn = samdb_system_container_dn(sam_ctx, frame);
if (system_dn == NULL) {
TALLOC_FREE(frame);
return NT_STATUS_NO_MEMORY;
}
- if (!ldb_dn_add_child_fmt(system_dn, "CN=System")) {
- TALLOC_FREE(frame);
- return NT_STATUS_NO_MEMORY;
- }
-
if (exclude != NULL) {
exclude_encoded = ldb_binary_encode_string(frame, exclude);
if (exclude_encoded == NULL) {
diff --git a/source4/dsdb/samdb/ldb_modules/operational.c b/source4/dsdb/samdb/ldb_modules/operational.c
index 2b3cd2d7954..214079c0917 100644
--- a/source4/dsdb/samdb/ldb_modules/operational.c
+++ b/source4/dsdb/samdb/ldb_modules/operational.c
@@ -998,19 +998,20 @@ static int get_pso_count(struct ldb_module *module, TALLOC_CTX *mem_ctx,
{
static const char * const attrs[] = { NULL };
int ret;
- struct ldb_dn *domain_dn = NULL;
struct ldb_dn *psc_dn = NULL;
struct ldb_result *res = NULL;
struct ldb_context *ldb = ldb_module_get_ctx(module);
+ bool psc_ok;
*pso_count = 0;
- domain_dn = ldb_get_default_basedn(ldb);
- psc_dn = ldb_dn_new_fmt(mem_ctx, ldb,
- "CN=Password Settings Container,CN=System,%s",
- ldb_dn_get_linearized(domain_dn));
+ psc_dn = samdb_system_container_dn(ldb, mem_ctx);
if (psc_dn == NULL) {
return ldb_oom(ldb);
}
+ psc_ok = ldb_dn_add_child_fmt(psc_dn, "CN=Password Settings Container");
+ if (psc_ok == false) {
+ return ldb_oom(ldb);
+ }
/* get the number of PSO children */
ret = dsdb_module_search(module, mem_ctx, &res, psc_dn,
@@ -1077,8 +1078,8 @@ static int pso_search_by_sids(struct ldb_module *module, TALLOC_CTX *mem_ctx,
int i;
struct ldb_context *ldb = ldb_module_get_ctx(module);
char *sid_filter = NULL;
- struct ldb_dn *domain_dn = NULL;
struct ldb_dn *psc_dn = NULL;
+ bool psc_ok;
const char *attrs[] = {
"msDS-PasswordSettingsPrecedence",
"objectGUID",
@@ -1104,13 +1105,14 @@ static int pso_search_by_sids(struct ldb_module *module, TALLOC_CTX *mem_ctx,
}
/* only PSOs located in the Password Settings Container are valid */
- domain_dn = ldb_get_default_basedn(ldb);
- psc_dn = ldb_dn_new_fmt(mem_ctx, ldb,
- "CN=Password Settings Container,CN=System,%s",
- ldb_dn_get_linearized(domain_dn));
+ psc_dn = samdb_system_container_dn(ldb, mem_ctx);
if (psc_dn == NULL) {
return ldb_oom(ldb);
}
+ psc_ok = ldb_dn_add_child_fmt(psc_dn, "CN=Password Settings Container");
+ if (psc_ok == false) {
+ return ldb_oom(ldb);
+ }
ret = dsdb_module_search(module, mem_ctx, result, psc_dn,
LDB_SCOPE_ONELEVEL, attrs,
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c
index 3ecbd00e68e..d501973ac33 100644
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -5390,14 +5390,9 @@ static int check_rename_constraints(struct ldb_message *msg,
/* Objects under CN=System */
- dn1 = ldb_dn_copy(ac, ldb_get_default_basedn(ldb));
+ dn1 = samdb_system_container_dn(ldb, ac);
if (dn1 == NULL) return ldb_oom(ldb);
- if ( ! ldb_dn_add_child_fmt(dn1, "CN=System")) {
- talloc_free(dn1);
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
if ((ldb_dn_compare_base(dn1, olddn) == 0) &&
(ldb_dn_compare_base(dn1, newdn) != 0)) {
talloc_free(dn1);
diff --git a/source4/rpc_server/backupkey/dcesrv_backupkey.c b/source4/rpc_server/backupkey/dcesrv_backupkey.c
index b5df40d1e1f..7c4b9de1feb 100644
--- a/source4/rpc_server/backupkey/dcesrv_backupkey.c
+++ b/source4/rpc_server/backupkey/dcesrv_backupkey.c
@@ -59,10 +59,10 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx,
const char *name,
const DATA_BLOB *lsa_secret)
{
+ TALLOC_CTX *frame = talloc_stackframe();
struct ldb_message *msg;
struct ldb_result *res;
- struct ldb_dn *domain_dn;
- struct ldb_dn *system_dn;
+ struct ldb_dn *system_dn = NULL;
struct ldb_val val;
int ret;
char *name2;
@@ -72,13 +72,9 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx,
NULL
};
- domain_dn = ldb_get_default_basedn(ldb);
- if (!domain_dn) {
- return NT_STATUS_INTERNAL_ERROR;
- }
-
- msg = ldb_msg_new(mem_ctx);
+ msg = ldb_msg_new(frame);
if (msg == NULL) {
+ talloc_free(frame);
return NT_STATUS_NO_MEMORY;
}
@@ -92,15 +88,15 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx,
* * taillor the function to the particular needs of backup protocol
*/
- system_dn = samdb_search_dn(ldb, msg, domain_dn, "(&(objectClass=container)(cn=System))");
+ system_dn = samdb_system_container_dn(ldb, frame);
if (system_dn == NULL) {
- talloc_free(msg);
+ talloc_free(frame);
return NT_STATUS_NO_MEMORY;
}
name2 = talloc_asprintf(msg, "%s Secret", name);
if (name2 == NULL) {
- talloc_free(msg);
+ talloc_free(frame);
return NT_STATUS_NO_MEMORY;
}
@@ -110,7 +106,7 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx,
if (ret != LDB_SUCCESS || res->count != 0 ) {
DEBUG(2, ("Secret %s already exists !\n", name2));
- talloc_free(msg);
+ talloc_free(frame);
return NT_STATUS_OBJECT_NAME_COLLISION;
}
@@ -119,41 +115,41 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx,
* here only if the key didn't exists before
*/
- msg->dn = ldb_dn_copy(mem_ctx, system_dn);
+ msg->dn = ldb_dn_copy(frame, system_dn);
if (msg->dn == NULL) {
- talloc_free(msg);
+ talloc_free(frame);
return NT_STATUS_NO_MEMORY;
}
if (!ldb_dn_add_child_fmt(msg->dn, "cn=%s", name2)) {
- talloc_free(msg);
+ talloc_free(frame);
return NT_STATUS_NO_MEMORY;
}
ret = ldb_msg_add_string(msg, "cn", name2);
if (ret != LDB_SUCCESS) {
- talloc_free(msg);
+ talloc_free(frame);
return NT_STATUS_NO_MEMORY;
}
ret = ldb_msg_add_string(msg, "objectClass", "secret");
if (ret != LDB_SUCCESS) {
- talloc_free(msg);
+ talloc_free(frame);
return NT_STATUS_NO_MEMORY;
}
- ret = samdb_msg_add_uint64(ldb, mem_ctx, msg, "priorSetTime", nt_now);
+ ret = samdb_msg_add_uint64(ldb, frame, msg, "priorSetTime", nt_now);
if (ret != LDB_SUCCESS) {
- talloc_free(msg);
+ talloc_free(frame);
return NT_STATUS_NO_MEMORY;
}
val.data = lsa_secret->data;
val.length = lsa_secret->length;
ret = ldb_msg_add_value(msg, "currentValue", &val, NULL);
if (ret != LDB_SUCCESS) {
- talloc_free(msg);
+ talloc_free(frame);
return NT_STATUS_NO_MEMORY;
}
- ret = samdb_msg_add_uint64(ldb, mem_ctx, msg, "lastSetTime", nt_now);
+ ret = samdb_msg_add_uint64(ldb, frame, msg, "lastSetTime", nt_now);
if (ret != LDB_SUCCESS) {
- talloc_free(msg);
+ talloc_free(frame);
return NT_STATUS_NO_MEMORY;
}
@@ -167,11 +163,11 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx,
DEBUG(2,("Failed to create secret record %s: %s\n",
ldb_dn_get_linearized(msg->dn),
ldb_errstring(ldb)));
- talloc_free(msg);
+ talloc_free(frame);
return NT_STATUS_ACCESS_DENIED;
}
- talloc_free(msg);
+ talloc_free(frame);
return NT_STATUS_OK;
}
@@ -183,8 +179,7 @@ static NTSTATUS get_lsa_secret(TALLOC_CTX *mem_ctx,
{
TALLOC_CTX *tmp_mem;
struct ldb_result *res;
- struct ldb_dn *domain_dn;
- struct ldb_dn *system_dn;
+ struct ldb_dn *system_dn = NULL;
const struct ldb_val *val;
uint8_t *data;
const char *attrs[] = {
@@ -196,17 +191,12 @@ static NTSTATUS get_lsa_secret(TALLOC_CTX *mem_ctx,
lsa_secret->data = NULL;
lsa_secret->length = 0;
- domain_dn = ldb_get_default_basedn(ldb);
- if (!domain_dn) {
- return NT_STATUS_INTERNAL_ERROR;
- }
-
tmp_mem = talloc_new(mem_ctx);
if (tmp_mem == NULL) {
return NT_STATUS_NO_MEMORY;
}
- system_dn = samdb_search_dn(ldb, tmp_mem, domain_dn, "(&(objectClass=container)(cn=System))");
+ system_dn = samdb_system_container_dn(ldb, tmp_mem);
if (system_dn == NULL) {
talloc_free(tmp_mem);
return NT_STATUS_NO_MEMORY;
diff --git a/source4/rpc_server/lsa/lsa_init.c b/source4/rpc_server/lsa/lsa_init.c
index 689634b9706..1065cc33f4d 100644
--- a/source4/rpc_server/lsa/lsa_init.c
+++ b/source4/rpc_server/lsa/lsa_init.c
@@ -146,10 +146,9 @@ NTSTATUS dcesrv_lsa_get_policy_state(struct dcesrv_call_state *dce_call,
/* work out the system_dn - useful for so many calls its worth
fetching here */
- state->system_dn = samdb_search_dn(state->sam_ldb, state,
- state->domain_dn, "(&(objectClass=container)(cn=System))");
- if (!state->system_dn) {
- return NT_STATUS_NO_SUCH_DOMAIN;
+ state->system_dn = samdb_system_container_dn(state->sam_ldb, state);
+ if (state->system_dn == NULL) {
+ return NT_STATUS_NO_MEMORY;
}
state->builtin_sid = dom_sid_parse_talloc(state, SID_BUILTIN);
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index e203e04143d..3f312f1549f 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -3911,11 +3911,9 @@ static WERROR fill_trusted_domains_array(TALLOC_CTX *mem_ctx,
return WERR_INVALID_FLAGS;
}
- system_dn = samdb_search_dn(sam_ctx, mem_ctx,
- ldb_get_default_basedn(sam_ctx),
- "(&(objectClass=container)(cn=System))");
- if (!system_dn) {
- return WERR_GEN_FAILURE;
+ system_dn = samdb_system_container_dn(sam_ctx, mem_ctx);
+ if (system_dn == NULL) {
+ return WERR_NOT_ENOUGH_MEMORY;
}
ret = gendb_search(sam_ctx, mem_ctx, system_dn,
--
Samba Shared Repository
More information about the samba-cvs
mailing list