2025-01-11 05:18:09 +03:00 · 2008-08-21 16:09:42 +10:00 · 2008-08-21 16:09:42 +10:00 · 53a35b2655
commit 53a35b2655
parent c36c42af29
1 changed files with 37 additions and 7 deletions
--- a/source4/cldap_server/netlogon.c
+++ b/source4/cldap_server/netlogon.c
@ -71,6 +71,7 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx,
 	struct ldb_dn *partitions_basedn;
 	struct interface *ifaces;
 	bool user_known;
+	NTSTATUS status;

 	partitions_basedn = samdb_partitions_dn(sam_ctx, mem_ctx);

@ -87,7 +88,7 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx,
 					 partitions_basedn, LDB_SCOPE_ONELEVEL, 
 					 ref_attrs, 
 					 "(&(&(objectClass=crossRef)(dnsRoot=%s))(nETBIOSName=*))",
-					 domain);
+					 ldb_binary_encode_string(mem_ctx, domain));
 	
 		if (ret != LDB_SUCCESS) {
 			DEBUG(2,("Unable to find referece to '%s' in sam: %s\n",
@ -126,7 +127,7 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx,
 					 partitions_basedn, LDB_SCOPE_ONELEVEL, 
 					 ref_attrs, 
 					 "(&(objectClass=crossRef)(ncName=*)(nETBIOSName=%s))",
-					 netbios_domain);
+					 ldb_binary_encode_string(mem_ctx, netbios_domain));
 	
 		if (ret != LDB_SUCCESS) {
 			DEBUG(2,("Unable to find referece to '%s' in sam: %s\n",
@ -161,17 +162,45 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx,
 		ref_res = NULL;

 		if (domain_guid) {
+			struct GUID binary_guid;
+			struct ldb_val guid_val;
+			enum ndr_err_code ndr_err;
+
+			/* By this means, we ensure we don't have funny stuff in the GUID */
+
+			status = GUID_from_string(domain_guid, &binary_guid);
+			if (!NT_STATUS_IS_OK(status)) {
+				return status;
+			}
+
+			/* And this gets the result into the binary format we want anyway */
+			ndr_err = ndr_push_struct_blob(&guid_val, mem_ctx, NULL, &binary_guid,
+						       (ndr_push_flags_fn_t)ndr_push_GUID);
+			if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+				return NT_STATUS_INVALID_PARAMETER;
+			}
 			ret = ldb_search_exp_fmt(sam_ctx, mem_ctx, &dom_res,
 						 NULL, LDB_SCOPE_SUBTREE, 
 						 dom_attrs, 
-						 "(&(objectClass=domainDNS)(objectGUID=%s))", 
-						 domain_guid);
+						 "(&(objectCategory=Domain-DNS)(objectGUID=%s))", 
+						 ldb_binary_encode(mem_ctx, guid_val));
 		} else { /* domain_sid case */
+			struct dom_sid *sid;
+			struct ldb_val sid_val;
+			enum ndr_err_code ndr_err;
+			
+			/* Rather than go via the string, just push into the NDR form */
+			ndr_err = ndr_push_struct_blob(&sid_val, mem_ctx, NULL, &sid,
+						       (ndr_push_flags_fn_t)ndr_push_dom_sid);
+			if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+				return NT_STATUS_INVALID_PARAMETER;
+			}
+
 			ret = ldb_search_exp_fmt(sam_ctx, mem_ctx, &dom_res,
 						 NULL, LDB_SCOPE_SUBTREE, 
 						 dom_attrs, 
-						 "(&(objectClass=domainDNS)(objectSID=%s))", 
-						 dom_sid_string(mem_ctx, domain_sid));
+						 "(&(objectCategory=Domain-DNS)(objectSID=%s))", 
+						 ldb_binary_encode(mem_ctx, sid_val));
 		}
 		
 		if (ret != LDB_SUCCESS) {
@ -237,7 +266,8 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx,
 					 "(&(objectClass=user)(samAccountName=%s)"
 					 "(!(userAccountControl:" LDB_OID_COMPARATOR_AND ":=%u))"
 					 "(userAccountControl:" LDB_OID_COMPARATOR_OR ":=%u))", 
-					 user, UF_ACCOUNTDISABLE, samdb_acb2uf(acct_control));
+					 ldb_binary_encode_string(mem_ctx, user),
+					 UF_ACCOUNTDISABLE, samdb_acb2uf(acct_control));
 		if (ret != LDB_SUCCESS) {
 			DEBUG(2,("Unable to find referece to user '%s' with ACB 0x%8x under %s: %s\n",
 				 user, acct_control, ldb_dn_get_linearized(dom_res->msgs[0]->dn),