r10894: make the handling of dn/distinguishedName much closer to real

ldap. Also ensure we put a objectclass on our private ldb's, so they
have some chance of being stored in ldap if you want to
(This used to be commit 1af2cc067f)

source4/auth/gensec/schannel_state.c

@@ -118,6 +118,7 @@ NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx,
 	seed.data = creds->seed.data;
 	seed.length = sizeof(creds->seed.data);
 
+	ldb_msg_add_string(ldb, msg, "objectClass", "schannelState");
 	ldb_msg_add_value(ldb, msg, "sessionKey", &val);
 	ldb_msg_add_value(ldb, msg, "seed", &seed);
 	ldb_msg_add_string(ldb, msg, "negotiateFlags", f);

source4/dsdb/samdb/samdb.c

@@ -467,8 +467,7 @@ NTTIME samdb_result_allow_password_change(struct ldb_context *sam_ldb,
 		return 0;
 	}
 
-	minPwdAge = samdb_search_int64(sam_ldb, mem_ctx, 0,
+	minPwdAge = samdb_search_int64(sam_ldb, mem_ctx, 0, domain_dn, "minPwdAge", NULL);
-				       domain_dn, "minPwdAge", "dn=%s", ldb_dn_linearize(mem_ctx, domain_dn));
 
 	/* yes, this is a -= not a += as minPwdAge is stored as the negative
 	   of the number of 100-nano-seconds */
@@ -494,8 +493,7 @@ NTTIME samdb_result_force_password_change(struct ldb_context *sam_ldb,
 		return 0;
 	}
 
-	maxPwdAge = samdb_search_int64(sam_ldb, mem_ctx, 0, domain_dn, 
+	maxPwdAge = samdb_search_int64(sam_ldb, mem_ctx, 0, domain_dn, "maxPwdAge", NULL);
-				       "maxPwdAge", "dn=%s", ldb_dn_linearize(mem_ctx, domain_dn));
 	if (maxPwdAge == 0) {
 		return 0;
 	} else {

source4/lib/gendb.c

@@ -90,7 +90,7 @@ int gendb_search_dn(struct ldb_context *ldb,
 		 struct ldb_message ***res,
 		 const char * const *attrs)
 {
-	return gendb_search(ldb, mem_ctx, dn, res, attrs, "dn=%s", ldb_dn_linearize(mem_ctx, dn));
+	return gendb_search(ldb, mem_ctx, dn, res, attrs, NULL);
 }
 
 /*

source4/lib/ldb/common/ldb_match.c

@@ -88,7 +88,7 @@ static int ldb_match_present(struct ldb_context *ldb,
 			    enum ldb_scope scope)
 {
 
-	if (ldb_attr_cmp(tree->u.present.attr, "dn") == 0) {
+	if (ldb_attr_cmp(tree->u.present.attr, "distinguishedName") == 0) {
 		return 1;
 	}
 
@@ -151,8 +151,13 @@ static int ldb_match_equality(struct ldb_context *ldb,
 	struct ldb_dn *valuedn;
 	int ret;
 
+	/* catch the old method of dn matching */
 	if (ldb_attr_cmp(tree->u.equality.attr, "dn") == 0) {
+		ldb_debug(ldb, LDB_DEBUG_FATAL, "attempt to match on 'dn' - should use distinguishedName");
+		return 0;
+	}
 
+	if (ldb_attr_cmp(tree->u.equality.attr, "distinguishedName") == 0) {
 		valuedn = ldb_dn_explode_casefold(ldb, tree->u.equality.value.data);
 		if (valuedn == NULL) {
 			return 0;

source4/lib/ldb/common/ldb_parse.c

@@ -621,7 +621,7 @@ static struct ldb_parse_tree *ldb_parse_filter(void *mem_ctx, const char **s)
 struct ldb_parse_tree *ldb_parse_tree(void *mem_ctx, const char *s)
 {
 	if (s == NULL || *s == 0) {
-		s = "(|(objectClass=*)(dn=*))";
+		s = "(|(objectClass=*)(distinguishedName=*))";
 	}
 
 	while (isspace((unsigned char)*s)) s++;

source4/lib/ldb/tools/cmdline.c

@@ -54,7 +54,7 @@ struct ldb_cmdline *ldb_cmdline_process(struct ldb_context *ldb, int argc, const
 		{ "recursive", 'r', POPT_ARG_NONE, &options.recursive, 0, "recursive delete", NULL },
 		{ "num-searches", 0, POPT_ARG_INT, &options.num_searches, 0, "number of test searches", NULL },
 		{ "num-records", 0, POPT_ARG_INT, &options.num_records, 0, "number of test records", NULL },
-		{ "all", 'a',    POPT_ARG_NONE, &options.all_records, 0, "dn=*", NULL },
+		{ "all", 'a',    POPT_ARG_NONE, &options.all_records, 0, "objectClass=*", NULL },
 		{ "nosync", 0,   POPT_ARG_NONE, &options.nosync, 0, "non-synchronous transactions", NULL },
 		{ "sorted", 'S', POPT_ARG_NONE, &options.sorted, 0, "sort attributes", NULL },
 		{ "sasl-mechanism", 0, POPT_ARG_STRING, &options.sasl_mechanism, 0, "choose SASL mechanism", "MECHANISM" },

source4/lib/ldb/tools/ldbdel.c

@@ -44,10 +44,10 @@
 static int ldb_delete_recursive(struct ldb_context *ldb, const struct ldb_dn *dn)
 {
 	int ret, i, total=0;
-	const char *attrs[] = { "dn", NULL };
+	const char *attrs[] = { NULL };
 	struct ldb_message **res;
 	
-	ret = ldb_search(ldb, dn, LDB_SCOPE_SUBTREE, "dn=*", attrs, &res);
+	ret = ldb_search(ldb, dn, LDB_SCOPE_SUBTREE, "distinguishedName=*", attrs, &res);
 	if (ret <= 0) return -1;
 
 	for (i=0;i<ret;i++) {

source4/lib/ldb/tools/ldbedit.c

@@ -283,7 +283,7 @@ static void usage(void)
 	struct ldb_message **msgs;
 	struct ldb_dn *basedn = NULL;
 	int ret;
-	const char *expression = "(|(objectclass=*)(dn=*))";
+	const char *expression = "(|(objectclass=*)(distinguishedName=*))";
 	const char * const * attrs = NULL;
 
 	ldb = ldb_init(NULL);

source4/lib/ldb/tools/ldbsearch.c

@@ -124,7 +124,7 @@ static int do_search(struct ldb_context *ldb,
 	const char * const * attrs = NULL;
 	struct ldb_cmdline *options;
 	int ret = -1;
-	const char *expression = "(|(objectclass=*)(dn=*))";
+	const char *expression = "(objectclass=*)";
 
 	ldb = ldb_init(NULL);
 

source4/libnet/libnet_samsync_ldb.c

@@ -117,7 +117,6 @@ static NTSTATUS samsync_ldb_handle_domain(TALLOC_CTX *mem_ctx,
 		const char *domain_attrs[] =  {"nETBIOSName", "nCName", NULL};
 		struct ldb_message **msgs_domain;
 		int ret_domain;
-		char *base_dn;
 
 		ret_domain = gendb_search(state->sam_ldb, mem_ctx, NULL, &msgs_domain, domain_attrs,
 					  "(&(&(nETBIOSName=%s)(objectclass=crossRef))(ncName=*))", 
@@ -132,16 +131,14 @@ static NTSTATUS samsync_ldb_handle_domain(TALLOC_CTX *mem_ctx,
 
 		state->base_dn[database] = samdb_result_dn(state, msgs_domain[0], "nCName", NULL);
 
-		base_dn = ldb_dn_linearize(mem_ctx, state->base_dn[database]);
-
 		state->dom_sid[database] = samdb_search_dom_sid(state->sam_ldb, state,
 								state->base_dn[database], 
-								"objectSid", "dn=%s", base_dn);
+								"objectSid", NULL);
 	} else if (database == SAM_DATABASE_BUILTIN) {
 		/* work out the builtin_dn - useful for so many calls its worth
 		   fetching here */
 		const char *dnstring = samdb_search_string(state->sam_ldb, mem_ctx, NULL,
-							   "dn", "objectClass=builtinDomain");
+							   "distinguishedName", "objectClass=builtinDomain");
 		state->base_dn[database] = ldb_dn_explode(state, dnstring);
 		state->dom_sid[database] = dom_sid_parse_talloc(state, SID_BUILTIN);
 	} else {

source4/nbt_server/wins/winsdb.c

@@ -41,6 +41,7 @@ static BOOL winsdb_save_version(struct wins_server *winssrv)
 	msg->dn = ldb_dn_explode(msg, "CN=VERSION");
 	if (msg->dn == NULL) goto failed;
 
+	ret |= ldb_msg_add_string(ldb, msg, "objectClass", "winsEntry");
 	ret |= ldb_msg_add_fmt(ldb, msg, "minVersion", "%llu", winssrv->min_version);
 	ret |= ldb_msg_add_fmt(ldb, msg, "maxVersion", "%llu", winssrv->max_version);
 	if (ret != 0) goto failed;

source4/rpc_server/drsuapi/drsuapi_cracknames.c

@@ -451,7 +451,7 @@ static WERROR DsCrackNameOneFilter(struct drsuapi_bind_state *b_state, TALLOC_CT
 	switch (format_desired) {
 		case DRSUAPI_DS_NAME_FORMAT_FQDN_1779: {
 			const char * const _domain_attrs[] = { "ncName", "dnsRoot", NULL};
-			const char * const _result_attrs[] = { "dn", NULL};
+			const char * const _result_attrs[] = { "distinguishedName", NULL};
 			
 			domain_attrs = _domain_attrs;
 			result_attrs = _result_attrs;

source4/rpc_server/lsa/dcesrv_lsa.c

@@ -269,8 +269,7 @@ static NTSTATUS lsa_get_policy_state(struct dcesrv_call_state *dce_call, TALLOC_
 	}
 
 	state->domain_sid = samdb_search_dom_sid(state->sam_ldb, state,
-						 state->domain_dn, "objectSid", "dn=%s",
+						 state->domain_dn, "objectSid", NULL);
-						 ldb_dn_linearize(mem_ctx, state->domain_dn));
 	if (!state->domain_sid) {
 		return NT_STATUS_NO_SUCH_DOMAIN;		
 	}

source4/rpc_server/samr/dcesrv_samr.c

@@ -575,8 +575,7 @@ static NTSTATUS samr_CreateDomainGroup(struct dcesrv_call_state *dce_call, TALLO
 
 	/* retrieve the sid for the group just created */
 	sid = samdb_search_dom_sid(d_state->sam_ctx, a_state,
-				   msg->dn, "objectSid", "dn=%s",
+				   msg->dn, "objectSid", NULL);
-				   ldb_dn_linearize(mem_ctx, msg->dn));
 	if (sid == NULL) {
 		return NT_STATUS_UNSUCCESSFUL;
 	}
@@ -811,7 +810,7 @@ static NTSTATUS samr_CreateUser2(struct dcesrv_call_state *dce_call, TALLOC_CTX
 
 	/* retrieve the sid for the user just created */
 	sid = samdb_search_dom_sid(d_state->sam_ctx, a_state,
-				   msg->dn, "objectSid", "dn=%s", ldb_dn_linearize(mem_ctx, msg->dn));
+				   msg->dn, "objectSid", NULL);
 	if (sid == NULL) {
 		return NT_STATUS_UNSUCCESSFUL;
 	}
@@ -1012,8 +1011,7 @@ static NTSTATUS samr_CreateDomAlias(struct dcesrv_call_state *dce_call, TALLOC_C
 
 	/* retrieve the sid for the alias just created */
 	sid = samdb_search_dom_sid(d_state->sam_ctx, a_state,
-				   msg->dn, "objectSid", "dn=%s",
+				   msg->dn, "objectSid", NULL);
-				   ldb_dn_linearize(mem_ctx, msg->dn));
 
 	a_state->account_name = talloc_strdup(a_state, alias_name);
 	if (!a_state->account_name) {
@@ -1167,7 +1165,7 @@ static NTSTATUS samr_GetAliasMembership(struct dcesrv_call_state *dce_call, TALL
 
 			memberdn = 
 				samdb_search_string(d_state->sam_ctx,
-						    mem_ctx, NULL, "dn",
+						    mem_ctx, NULL, "distinguishedName",
 						    "(objectSid=%s)",
 						    ldap_encode_ndr_dom_sid(mem_ctx, 
 									    r->in.sids->sids[i].sid));
@@ -1625,7 +1623,7 @@ static NTSTATUS samr_AddGroupMember(struct dcesrv_call_state *dce_call, TALLOC_C
 	struct dom_sid *membersid;
 	const char *memberdn;
 	struct ldb_message **msgs;
-	const char * const attrs[2] = { "dn", NULL };
+	const char * const attrs[2] = { "distinguishedName", NULL };
 	int ret;
 
 	DCESRV_PULL_HANDLE(h, r->in.group_handle, SAMR_HANDLE_GROUP);
@@ -1649,7 +1647,7 @@ static NTSTATUS samr_AddGroupMember(struct dcesrv_call_state *dce_call, TALLOC_C
 	if (ret > 1)
 		return NT_STATUS_INTERNAL_DB_CORRUPTION;
 
-	memberdn = samdb_result_string(msgs[0], "dn", NULL);
+	memberdn = samdb_result_string(msgs[0], "distinguishedName", NULL);
 
 	if (memberdn == NULL)
 		return NT_STATUS_INTERNAL_DB_CORRUPTION;
@@ -1712,7 +1710,7 @@ static NTSTATUS samr_DeleteGroupMember(struct dcesrv_call_state *dce_call, TALLO
 	struct dom_sid *membersid;
 	const char *memberdn;
 	struct ldb_message **msgs;
-	const char * const attrs[2] = { "dn", NULL };
+	const char * const attrs[2] = { "distinguishedName", NULL };
 	int ret;
 
 	DCESRV_PULL_HANDLE(h, r->in.group_handle, SAMR_HANDLE_GROUP);
@@ -1736,7 +1734,7 @@ static NTSTATUS samr_DeleteGroupMember(struct dcesrv_call_state *dce_call, TALLO
 	if (ret > 1)
 		return NT_STATUS_INTERNAL_DB_CORRUPTION;
 
-	memberdn = samdb_result_string(msgs[0], "dn", NULL);
+	memberdn = samdb_result_string(msgs[0], "distinguishedName", NULL);
 
 	if (memberdn == NULL)
 		return NT_STATUS_INTERNAL_DB_CORRUPTION;
@@ -2068,7 +2066,7 @@ static NTSTATUS samr_AddAliasMember(struct dcesrv_call_state *dce_call, TALLOC_C
 	struct samr_domain_state *d_state;
 	struct ldb_message *mod;
 	struct ldb_message **msgs;
-	const char * const attrs[2] = { "dn", NULL };
+	const char * const attrs[2] = { "distinguishedName", NULL };
 	struct ldb_dn *memberdn = NULL;
 	int ret;
 
@@ -2082,7 +2080,7 @@ static NTSTATUS samr_AddAliasMember(struct dcesrv_call_state *dce_call, TALLOC_C
 			   ldap_encode_ndr_dom_sid(mem_ctx, r->in.sid));
 
 	if (ret == 1) {
-		memberdn = ldb_dn_explode(mem_ctx, ldb_msg_find_string(msgs[0], "dn", NULL));
+		memberdn = ldb_dn_explode(mem_ctx, ldb_msg_find_string(msgs[0], "distinguishedName", NULL));
 	} else 	if (ret > 1) {
 		DEBUG(0,("Found %d records matching sid %s\n", 
 			 ret, dom_sid_string(mem_ctx, r->in.sid)));
@@ -2183,7 +2181,7 @@ static NTSTATUS samr_DeleteAliasMember(struct dcesrv_call_state *dce_call, TALLO
 	d_state = a_state->domain_state;
 
 	memberdn = samdb_search_string(d_state->sam_ctx, mem_ctx, NULL,
-				       "dn", "(objectSid=%s)", 
+				       "distinguishedName", "(objectSid=%s)", 
 				       ldap_encode_ndr_dom_sid(mem_ctx, r->in.sid));
 
 	if (memberdn == NULL)
@@ -3111,12 +3109,10 @@ static NTSTATUS samr_GetUserPwInfo(struct dcesrv_call_state *dce_call, TALLOC_CT
 
 	r->out.info.min_password_length = samdb_search_uint(a_state->sam_ctx, mem_ctx, 0,
 							    a_state->domain_state->domain_dn, "minPwdLength", 
-							    "dn=%s", 
+							    NULL);
-							    ldb_dn_linearize(mem_ctx, a_state->domain_state->domain_dn));
 	r->out.info.password_properties = samdb_search_uint(a_state->sam_ctx, mem_ctx, 0,
 							    a_state->account_dn, 
-							    "pwdProperties", "dn=%s",
+							    "pwdProperties", NULL);
-							    ldb_dn_linearize(mem_ctx, a_state->account_dn));
 	return NT_STATUS_OK;
 }
 
@@ -3131,7 +3127,7 @@ static NTSTATUS samr_RemoveMemberFromForeignDomain(struct dcesrv_call_state *dce
 	struct samr_domain_state *d_state;
 	const char *memberdn;
 	struct ldb_message **res;
-	const char * const attrs[3] = { "dn", "objectSid", NULL };
+	const char * const attrs[3] = { "distinguishedName", "objectSid", NULL };
 	int i, count;
 
 	DCESRV_PULL_HANDLE(h, r->in.domain_handle, SAMR_HANDLE_DOMAIN);
@@ -3139,7 +3135,7 @@ static NTSTATUS samr_RemoveMemberFromForeignDomain(struct dcesrv_call_state *dce
 	d_state = h->data;
 
 	memberdn = samdb_search_string(d_state->sam_ctx, mem_ctx, NULL,
-				       "dn", "(objectSid=%s)", 
+				       "distinguishedName", "(objectSid=%s)", 
 				       ldap_encode_ndr_dom_sid(mem_ctx, r->in.sid));
 	if (memberdn == NULL)
 		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
@@ -3169,7 +3165,7 @@ static NTSTATUS samr_RemoveMemberFromForeignDomain(struct dcesrv_call_state *dce
 			return NT_STATUS_NO_MEMORY;
 		}
 
-		mod->dn = samdb_result_dn(mod, res[i], "dn", NULL);
+		mod->dn = samdb_result_dn(mod, res[i], "distinguishedName", NULL);
 		if (mod->dn == NULL) {
 			talloc_free(mod);
 			continue;