mirror of
https://github.com/samba-team/samba.git
synced 2025-01-11 05:18:09 +03:00
s4:SID handling - always encode the SID using "ldap_encode_ndr_dom_sid" for LDAP filters
This makes also lookups through special backends as "samba3sam" work.
This commit is contained in:
parent
a4b7fac86d
commit
6e720ecd25
@ -2560,7 +2560,7 @@ int dsdb_find_dn_by_sid(struct ldb_context *ldb,
|
||||
int ret;
|
||||
struct ldb_result *res;
|
||||
const char *attrs[] = { NULL };
|
||||
char *sid_str = dom_sid_string(mem_ctx, sid);
|
||||
char *sid_str = ldap_encode_ndr_dom_sid(mem_ctx, sid);
|
||||
|
||||
if (!sid_str) {
|
||||
return ldb_operr(ldb);
|
||||
|
@ -276,8 +276,8 @@ static int samldb_check_primaryGroupID(struct samldb_ctx *ac)
|
||||
return ldb_operr(ldb);
|
||||
}
|
||||
|
||||
prim_group_dn = samdb_search_dn(ldb, ac, NULL, "(objectSID=%s)",
|
||||
dom_sid_string(ac, sid));
|
||||
prim_group_dn = samdb_search_dn(ldb, ac, NULL, "(objectSid=%s)",
|
||||
ldap_encode_ndr_dom_sid(ac, sid));
|
||||
if (prim_group_dn == NULL) {
|
||||
ldb_asprintf_errstring(ldb,
|
||||
"Failed to find primary group with RID %u!",
|
||||
@ -929,8 +929,8 @@ static int samldb_prim_group_change(struct samldb_ctx *ac)
|
||||
return ldb_operr(ldb);
|
||||
}
|
||||
|
||||
prev_prim_group_dn = samdb_search_dn(ldb, ac, NULL, "(objectSID=%s)",
|
||||
dom_sid_string(ac, sid));
|
||||
prev_prim_group_dn = samdb_search_dn(ldb, ac, NULL, "(objectSid=%s)",
|
||||
ldap_encode_ndr_dom_sid(ac, sid));
|
||||
if (prev_prim_group_dn == NULL) {
|
||||
return ldb_operr(ldb);
|
||||
}
|
||||
@ -948,8 +948,8 @@ static int samldb_prim_group_change(struct samldb_ctx *ac)
|
||||
return ldb_operr(ldb);
|
||||
}
|
||||
|
||||
new_prim_group_dn = samdb_search_dn(ldb, ac, NULL, "(objectSID=%s)",
|
||||
dom_sid_string(ac, sid));
|
||||
new_prim_group_dn = samdb_search_dn(ldb, ac, NULL, "(objectSid=%s)",
|
||||
ldap_encode_ndr_dom_sid(ac, sid));
|
||||
if (new_prim_group_dn == NULL) {
|
||||
/* Here we know if the specified new primary group candidate is
|
||||
* valid or not. */
|
||||
@ -1041,8 +1041,8 @@ static int samldb_member_check(struct samldb_ctx *ac)
|
||||
return ldb_operr(ldb);
|
||||
}
|
||||
|
||||
group_dn = samdb_search_dn(ldb, ac, NULL, "(objectSID=%s)",
|
||||
dom_sid_string(ac, sid));
|
||||
group_dn = samdb_search_dn(ldb, ac, NULL, "(objectSid=%s)",
|
||||
ldap_encode_ndr_dom_sid(ac, sid));
|
||||
if (group_dn == NULL) {
|
||||
return ldb_operr(ldb);
|
||||
}
|
||||
|
@ -28,6 +28,7 @@
|
||||
#include "../librpc/gen_ndr/ndr_security.h"
|
||||
#include "../libcli/security/dom_sid.h"
|
||||
#include "libcli/security/security.h"
|
||||
#include "libcli/ldap/ldap_ndr.h"
|
||||
#include "../lib/talloc/talloc.h"
|
||||
#include "lib/policy/policy.h"
|
||||
|
||||
@ -425,7 +426,7 @@ NTSTATUS gp_list_gpos(struct gp_context *gp_ctx, struct security_token *token, c
|
||||
TALLOC_CTX *mem_ctx;
|
||||
const char **gpos;
|
||||
struct ldb_result *result;
|
||||
const char *sid;
|
||||
char *sid;
|
||||
struct ldb_dn *dn;
|
||||
struct ldb_message_element *element;
|
||||
bool inherit;
|
||||
@ -443,7 +444,9 @@ NTSTATUS gp_list_gpos(struct gp_context *gp_ctx, struct security_token *token, c
|
||||
mem_ctx = talloc_new(gp_ctx);
|
||||
NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
|
||||
|
||||
sid = dom_sid_string(mem_ctx, &token->sids[PRIMARY_USER_SID_INDEX]);
|
||||
sid = ldap_encode_ndr_dom_sid(mem_ctx,
|
||||
&token->sids[PRIMARY_USER_SID_INDEX]);
|
||||
NT_STATUS_HAVE_NO_MEMORY(sid);
|
||||
|
||||
/* Find the user DN and objectclass via the sid from the security token */
|
||||
rv = ldb_search(gp_ctx->ldb_ctx,
|
||||
|
@ -34,6 +34,7 @@
|
||||
#include "dsdb/samdb/samdb.h"
|
||||
#include "auth/auth.h"
|
||||
#include "libcli/security/security.h"
|
||||
#include "libcli/ldap/ldap_ndr.h"
|
||||
#include "lib/ldb/include/ldb.h"
|
||||
#include "lib/ldb/include/ldb_errors.h"
|
||||
#include "../lib/crypto/md5.h"
|
||||
@ -164,7 +165,7 @@ static NTSTATUS ntp_signd_process(struct ntp_signd_connection *ntp_signd_conn,
|
||||
LDB_SCOPE_SUBTREE,
|
||||
attrs,
|
||||
"(&(objectSid=%s)(objectClass=user))",
|
||||
dom_sid_string(mem_ctx, sid));
|
||||
ldap_encode_ndr_dom_sid(mem_ctx, sid));
|
||||
if (ret != LDB_SUCCESS) {
|
||||
DEBUG(2, ("Failed to search for SID %s in SAM for NTP signing: "
|
||||
"%s\n",
|
||||
|
Loading…
Reference in New Issue
Block a user