From 30872c04bfb794f56c305fcb767f480fc4ffad0a Mon Sep 17 00:00:00 2001 From: Arvid Requate Date: Fri, 26 Aug 2016 16:18:57 +0200 Subject: [PATCH 01/11] For Bug #9959: local talloc frame for next commit BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959 Signed-off-by: Arvid Requate [abartlet@samba.org Added additional talloc_free() in failure paths] Reviewed-by: Stefan Metzmacher (cherry picked from commit b6e80733c3a589f9d784eec86fc713f1ec9c1049) --- .../rpc_server/backupkey/dcesrv_backupkey.c | 35 ++++++++++--------- 1 file changed, 19 insertions(+), 16 deletions(-) diff --git a/source4/rpc_server/backupkey/dcesrv_backupkey.c b/source4/rpc_server/backupkey/dcesrv_backupkey.c index b5df40d1e1f..5d182ea4211 100644 --- a/source4/rpc_server/backupkey/dcesrv_backupkey.c +++ b/source4/rpc_server/backupkey/dcesrv_backupkey.c @@ -59,6 +59,7 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx, const char *name, const DATA_BLOB *lsa_secret) { + TALLOC_CTX *frame = talloc_stackframe(); struct ldb_message *msg; struct ldb_result *res; struct ldb_dn *domain_dn; @@ -74,11 +75,13 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx, domain_dn = ldb_get_default_basedn(ldb); if (!domain_dn) { + talloc_free(frame); return NT_STATUS_INTERNAL_ERROR; } - msg = ldb_msg_new(mem_ctx); + msg = ldb_msg_new(frame); if (msg == NULL) { + talloc_free(frame); return NT_STATUS_NO_MEMORY; } @@ -94,13 +97,13 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx, system_dn = samdb_search_dn(ldb, msg, domain_dn, "(&(objectClass=container)(cn=System))"); if (system_dn == NULL) { - talloc_free(msg); + talloc_free(frame); return NT_STATUS_NO_MEMORY; } name2 = talloc_asprintf(msg, "%s Secret", name); if (name2 == NULL) { - talloc_free(msg); + talloc_free(frame); return NT_STATUS_NO_MEMORY; } @@ -110,7 +113,7 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx, if (ret != LDB_SUCCESS || res->count != 0 ) { DEBUG(2, ("Secret %s already exists !\n", name2)); - talloc_free(msg); + talloc_free(frame); return NT_STATUS_OBJECT_NAME_COLLISION; } @@ -119,41 +122,41 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx, * here only if the key didn't exists before */ - msg->dn = ldb_dn_copy(mem_ctx, system_dn); + msg->dn = ldb_dn_copy(frame, system_dn); if (msg->dn == NULL) { - talloc_free(msg); + talloc_free(frame); return NT_STATUS_NO_MEMORY; } if (!ldb_dn_add_child_fmt(msg->dn, "cn=%s", name2)) { - talloc_free(msg); + talloc_free(frame); return NT_STATUS_NO_MEMORY; } ret = ldb_msg_add_string(msg, "cn", name2); if (ret != LDB_SUCCESS) { - talloc_free(msg); + talloc_free(frame); return NT_STATUS_NO_MEMORY; } ret = ldb_msg_add_string(msg, "objectClass", "secret"); if (ret != LDB_SUCCESS) { - talloc_free(msg); + talloc_free(frame); return NT_STATUS_NO_MEMORY; } - ret = samdb_msg_add_uint64(ldb, mem_ctx, msg, "priorSetTime", nt_now); + ret = samdb_msg_add_uint64(ldb, frame, msg, "priorSetTime", nt_now); if (ret != LDB_SUCCESS) { - talloc_free(msg); + talloc_free(frame); return NT_STATUS_NO_MEMORY; } val.data = lsa_secret->data; val.length = lsa_secret->length; ret = ldb_msg_add_value(msg, "currentValue", &val, NULL); if (ret != LDB_SUCCESS) { - talloc_free(msg); + talloc_free(frame); return NT_STATUS_NO_MEMORY; } - ret = samdb_msg_add_uint64(ldb, mem_ctx, msg, "lastSetTime", nt_now); + ret = samdb_msg_add_uint64(ldb, frame, msg, "lastSetTime", nt_now); if (ret != LDB_SUCCESS) { - talloc_free(msg); + talloc_free(frame); return NT_STATUS_NO_MEMORY; } @@ -167,11 +170,11 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx, DEBUG(2,("Failed to create secret record %s: %s\n", ldb_dn_get_linearized(msg->dn), ldb_errstring(ldb))); - talloc_free(msg); + talloc_free(frame); return NT_STATUS_ACCESS_DENIED; } - talloc_free(msg); + talloc_free(frame); return NT_STATUS_OK; } -- 2.25.1 From 9e504e6e22ffe5eff0e3e63a91dd6e673e8e6256 Mon Sep 17 00:00:00 2001 From: Arvid Requate Date: Fri, 26 Aug 2016 16:20:34 +0200 Subject: [PATCH 02/11] Bug #9959: Don't search for CN=System BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959 Signed-off-by: Arvid Requate Reviewed-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher (cherry picked from commit 2d461844a201fbca55ebc9a46a15e1d16048055b) --- .../rpc_server/backupkey/dcesrv_backupkey.c | 31 +++++++++---------- source4/rpc_server/lsa/lsa_init.c | 11 ++++--- source4/rpc_server/netlogon/dcerpc_netlogon.c | 12 ++++--- 3 files changed, 28 insertions(+), 26 deletions(-) diff --git a/source4/rpc_server/backupkey/dcesrv_backupkey.c b/source4/rpc_server/backupkey/dcesrv_backupkey.c index 5d182ea4211..0eda3ce7018 100644 --- a/source4/rpc_server/backupkey/dcesrv_backupkey.c +++ b/source4/rpc_server/backupkey/dcesrv_backupkey.c @@ -62,8 +62,7 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx, TALLOC_CTX *frame = talloc_stackframe(); struct ldb_message *msg; struct ldb_result *res; - struct ldb_dn *domain_dn; - struct ldb_dn *system_dn; + struct ldb_dn *system_dn = NULL; struct ldb_val val; int ret; char *name2; @@ -73,12 +72,6 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx, NULL }; - domain_dn = ldb_get_default_basedn(ldb); - if (!domain_dn) { - talloc_free(frame); - return NT_STATUS_INTERNAL_ERROR; - } - msg = ldb_msg_new(frame); if (msg == NULL) { talloc_free(frame); @@ -95,12 +88,17 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx, * * taillor the function to the particular needs of backup protocol */ - system_dn = samdb_search_dn(ldb, msg, domain_dn, "(&(objectClass=container)(cn=System))"); + system_dn = ldb_dn_copy(frame, ldb_get_default_basedn(ldb)); if (system_dn == NULL) { talloc_free(frame); return NT_STATUS_NO_MEMORY; } + if (!ldb_dn_add_child_fmt(system_dn, "CN=System")) { + talloc_free(frame); + return NT_STATUS_NO_MEMORY; + } + name2 = talloc_asprintf(msg, "%s Secret", name); if (name2 == NULL) { talloc_free(frame); @@ -186,8 +184,7 @@ static NTSTATUS get_lsa_secret(TALLOC_CTX *mem_ctx, { TALLOC_CTX *tmp_mem; struct ldb_result *res; - struct ldb_dn *domain_dn; - struct ldb_dn *system_dn; + struct ldb_dn *system_dn = NULL; const struct ldb_val *val; uint8_t *data; const char *attrs[] = { @@ -199,22 +196,22 @@ static NTSTATUS get_lsa_secret(TALLOC_CTX *mem_ctx, lsa_secret->data = NULL; lsa_secret->length = 0; - domain_dn = ldb_get_default_basedn(ldb); - if (!domain_dn) { - return NT_STATUS_INTERNAL_ERROR; - } - tmp_mem = talloc_new(mem_ctx); if (tmp_mem == NULL) { return NT_STATUS_NO_MEMORY; } - system_dn = samdb_search_dn(ldb, tmp_mem, domain_dn, "(&(objectClass=container)(cn=System))"); + system_dn = ldb_dn_copy(tmp_mem, ldb_get_default_basedn(ldb)); if (system_dn == NULL) { talloc_free(tmp_mem); return NT_STATUS_NO_MEMORY; } + if (!ldb_dn_add_child_fmt(system_dn, "CN=System")) { + talloc_free(tmp_mem); + return NT_STATUS_NO_MEMORY; + } + ret = ldb_search(ldb, mem_ctx, &res, system_dn, LDB_SCOPE_SUBTREE, attrs, "(&(cn=%s Secret)(objectclass=secret))", ldb_binary_encode_string(tmp_mem, name)); diff --git a/source4/rpc_server/lsa/lsa_init.c b/source4/rpc_server/lsa/lsa_init.c index 689634b9706..62aa638f4f5 100644 --- a/source4/rpc_server/lsa/lsa_init.c +++ b/source4/rpc_server/lsa/lsa_init.c @@ -146,10 +146,13 @@ NTSTATUS dcesrv_lsa_get_policy_state(struct dcesrv_call_state *dce_call, /* work out the system_dn - useful for so many calls its worth fetching here */ - state->system_dn = samdb_search_dn(state->sam_ldb, state, - state->domain_dn, "(&(objectClass=container)(cn=System))"); - if (!state->system_dn) { - return NT_STATUS_NO_SUCH_DOMAIN; + state->system_dn = ldb_dn_copy(state, state->domain_dn); + if (state->system_dn == NULL) { + return NT_STATUS_NO_MEMORY; + } + + if (!ldb_dn_add_child_fmt(state->system_dn, "CN=System")) { + return NT_STATUS_NO_MEMORY; } state->builtin_sid = dom_sid_parse_talloc(state, SID_BUILTIN); diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index e203e04143d..0a5fbaef58b 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -3911,11 +3911,13 @@ static WERROR fill_trusted_domains_array(TALLOC_CTX *mem_ctx, return WERR_INVALID_FLAGS; } - system_dn = samdb_search_dn(sam_ctx, mem_ctx, - ldb_get_default_basedn(sam_ctx), - "(&(objectClass=container)(cn=System))"); - if (!system_dn) { - return WERR_GEN_FAILURE; + system_dn = ldb_dn_copy(mem_ctx, ldb_get_default_basedn(sam_ctx)); + if (system_dn == NULL) { + return WERR_NOT_ENOUGH_MEMORY; + } + + if (!ldb_dn_add_child_fmt(system_dn, "CN=System")) { + return WERR_NOT_ENOUGH_MEMORY; } ret = gendb_search(sam_ctx, mem_ctx, system_dn, -- 2.25.1 From 2fd54a8d739dd871366b99eb6e849c89cdc7f0c5 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 27 Jul 2023 16:12:11 +1200 Subject: [PATCH 03/11] dsdb: Add new function samdb_system_container_dn() This will replace many calls crafting or searching for this DN elsewhere in the code. BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959 Pair-Programmed-With: Stefan Metzmacher Signed-off-by: Andrew Bartlett Signed-off-by: Stefan Metzmacher (cherry picked from commit 25b0e1102e1a502152d2695aeddf7c65555b16fb) --- source4/dsdb/common/util.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c index 6d7c6e10cc1..a95fe48e487 100644 --- a/source4/dsdb/common/util.c +++ b/source4/dsdb/common/util.c @@ -1241,6 +1241,25 @@ struct ldb_dn *samdb_infrastructure_dn(struct ldb_context *sam_ctx, TALLOC_CTX * return new_dn; } +struct ldb_dn *samdb_system_container_dn(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx) +{ + struct ldb_dn *new_dn = NULL; + bool ok; + + new_dn = ldb_dn_copy(mem_ctx, ldb_get_default_basedn(sam_ctx)); + if (new_dn == NULL) { + return NULL; + } + + ok = ldb_dn_add_child_fmt(new_dn, "CN=System"); + if (!ok) { + TALLOC_FREE(new_dn); + return NULL; + } + + return new_dn; +} + struct ldb_dn *samdb_sites_dn(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx) { struct ldb_dn *new_dn; -- 2.25.1 From 6413679fe445f570da330a715ea757d4f6ffff0a Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 27 Jul 2023 16:29:34 +1200 Subject: [PATCH 04/11] dsdb: Use samdb_system_container_dn() in samldb.c BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959 Signed-off-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher (cherry picked from commit 97b682e0eb0450513dcecb74be672e18e84fe7a2) --- source4/dsdb/samdb/ldb_modules/samldb.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 3ecbd00e68e..d501973ac33 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -5390,14 +5390,9 @@ static int check_rename_constraints(struct ldb_message *msg, /* Objects under CN=System */ - dn1 = ldb_dn_copy(ac, ldb_get_default_basedn(ldb)); + dn1 = samdb_system_container_dn(ldb, ac); if (dn1 == NULL) return ldb_oom(ldb); - if ( ! ldb_dn_add_child_fmt(dn1, "CN=System")) { - talloc_free(dn1); - return LDB_ERR_OPERATIONS_ERROR; - } - if ((ldb_dn_compare_base(dn1, olddn) == 0) && (ldb_dn_compare_base(dn1, newdn) != 0)) { talloc_free(dn1); -- 2.25.1 From bb4cefdd738ee921591951cdff5dfdbf8bf47708 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 27 Jul 2023 16:44:10 +1200 Subject: [PATCH 05/11] dsdb: Use samdb_get_system_container_dn() to get Password Settings Container By doing this we use the common samdb_get_system_container_dn() routine and we avoid doing a linerize and parse step on the main DN, instead using the already stored parse of the DN. This is more hygenic. BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959 Signed-off-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher (cherry picked from commit 3669caa97f76d3e893ac6a1ab88341057929ee6a) --- source4/dsdb/samdb/ldb_modules/operational.c | 22 +++++++++++--------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/source4/dsdb/samdb/ldb_modules/operational.c b/source4/dsdb/samdb/ldb_modules/operational.c index 2b3cd2d7954..214079c0917 100644 --- a/source4/dsdb/samdb/ldb_modules/operational.c +++ b/source4/dsdb/samdb/ldb_modules/operational.c @@ -998,19 +998,20 @@ static int get_pso_count(struct ldb_module *module, TALLOC_CTX *mem_ctx, { static const char * const attrs[] = { NULL }; int ret; - struct ldb_dn *domain_dn = NULL; struct ldb_dn *psc_dn = NULL; struct ldb_result *res = NULL; struct ldb_context *ldb = ldb_module_get_ctx(module); + bool psc_ok; *pso_count = 0; - domain_dn = ldb_get_default_basedn(ldb); - psc_dn = ldb_dn_new_fmt(mem_ctx, ldb, - "CN=Password Settings Container,CN=System,%s", - ldb_dn_get_linearized(domain_dn)); + psc_dn = samdb_system_container_dn(ldb, mem_ctx); if (psc_dn == NULL) { return ldb_oom(ldb); } + psc_ok = ldb_dn_add_child_fmt(psc_dn, "CN=Password Settings Container"); + if (psc_ok == false) { + return ldb_oom(ldb); + } /* get the number of PSO children */ ret = dsdb_module_search(module, mem_ctx, &res, psc_dn, @@ -1077,8 +1078,8 @@ static int pso_search_by_sids(struct ldb_module *module, TALLOC_CTX *mem_ctx, int i; struct ldb_context *ldb = ldb_module_get_ctx(module); char *sid_filter = NULL; - struct ldb_dn *domain_dn = NULL; struct ldb_dn *psc_dn = NULL; + bool psc_ok; const char *attrs[] = { "msDS-PasswordSettingsPrecedence", "objectGUID", @@ -1104,13 +1105,14 @@ static int pso_search_by_sids(struct ldb_module *module, TALLOC_CTX *mem_ctx, } /* only PSOs located in the Password Settings Container are valid */ - domain_dn = ldb_get_default_basedn(ldb); - psc_dn = ldb_dn_new_fmt(mem_ctx, ldb, - "CN=Password Settings Container,CN=System,%s", - ldb_dn_get_linearized(domain_dn)); + psc_dn = samdb_system_container_dn(ldb, mem_ctx); if (psc_dn == NULL) { return ldb_oom(ldb); } + psc_ok = ldb_dn_add_child_fmt(psc_dn, "CN=Password Settings Container"); + if (psc_ok == false) { + return ldb_oom(ldb); + } ret = dsdb_module_search(module, mem_ctx, result, psc_dn, LDB_SCOPE_ONELEVEL, attrs, -- 2.25.1 From b7c7362b4352ec9161e05a5f43dbd029a65030d0 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 27 Jul 2023 16:58:13 +1200 Subject: [PATCH 06/11] s4-rpc_server/lsa: Use samdb_system_container_dn() in dcesrv_lsa_get_policy_state() This is now exactly the same actions, but just uses common code to do it. BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959 Signed-off-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher (cherry picked from commit 4e18066fa243da1c505f782ba87187c3bb1078ee) --- source4/rpc_server/lsa/lsa_init.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/source4/rpc_server/lsa/lsa_init.c b/source4/rpc_server/lsa/lsa_init.c index 62aa638f4f5..1065cc33f4d 100644 --- a/source4/rpc_server/lsa/lsa_init.c +++ b/source4/rpc_server/lsa/lsa_init.c @@ -146,15 +146,11 @@ NTSTATUS dcesrv_lsa_get_policy_state(struct dcesrv_call_state *dce_call, /* work out the system_dn - useful for so many calls its worth fetching here */ - state->system_dn = ldb_dn_copy(state, state->domain_dn); + state->system_dn = samdb_system_container_dn(state->sam_ldb, state); if (state->system_dn == NULL) { return NT_STATUS_NO_MEMORY; } - if (!ldb_dn_add_child_fmt(state->system_dn, "CN=System")) { - return NT_STATUS_NO_MEMORY; - } - state->builtin_sid = dom_sid_parse_talloc(state, SID_BUILTIN); if (!state->builtin_sid) { return NT_STATUS_NO_SUCH_DOMAIN; -- 2.25.1 From 64f87d1ed768684a449791f2d7328001b3076a0e Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 27 Jul 2023 17:00:21 +1200 Subject: [PATCH 07/11] s4-rpc_server/netlogon: Use samdb_system_container_dn() in fill_trusted_domains_array() This is now exactly the same actions, but just uses common code to do it. BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959 Signed-off-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher (cherry picked from commit a900f6aa5d909d912ee3ca529baa4047c9c4da87) --- source4/rpc_server/netlogon/dcerpc_netlogon.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index 0a5fbaef58b..3f312f1549f 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -3911,15 +3911,11 @@ static WERROR fill_trusted_domains_array(TALLOC_CTX *mem_ctx, return WERR_INVALID_FLAGS; } - system_dn = ldb_dn_copy(mem_ctx, ldb_get_default_basedn(sam_ctx)); + system_dn = samdb_system_container_dn(sam_ctx, mem_ctx); if (system_dn == NULL) { return WERR_NOT_ENOUGH_MEMORY; } - if (!ldb_dn_add_child_fmt(system_dn, "CN=System")) { - return WERR_NOT_ENOUGH_MEMORY; - } - ret = gendb_search(sam_ctx, mem_ctx, system_dn, &dom_res, trust_attrs, "(objectclass=trustedDomain)"); -- 2.25.1 From 6f7b48c5c82f7c4a8a193245182d9253177844f8 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 27 Jul 2023 17:09:31 +1200 Subject: [PATCH 08/11] s4-rpc_server/backupkey: Use samdb_system_container_dn() in set_lsa_secret() This is now exactly the same actions, but just uses common code to do it. BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959 Signed-off-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher (cherry picked from commit 13eed1e0e7d0bdef6b5cdb6b858f124b812adbea) --- source4/rpc_server/backupkey/dcesrv_backupkey.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/source4/rpc_server/backupkey/dcesrv_backupkey.c b/source4/rpc_server/backupkey/dcesrv_backupkey.c index 0eda3ce7018..5faffdc022c 100644 --- a/source4/rpc_server/backupkey/dcesrv_backupkey.c +++ b/source4/rpc_server/backupkey/dcesrv_backupkey.c @@ -88,17 +88,12 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx, * * taillor the function to the particular needs of backup protocol */ - system_dn = ldb_dn_copy(frame, ldb_get_default_basedn(ldb)); + system_dn = samdb_system_container_dn(ldb, frame); if (system_dn == NULL) { talloc_free(frame); return NT_STATUS_NO_MEMORY; } - if (!ldb_dn_add_child_fmt(system_dn, "CN=System")) { - talloc_free(frame); - return NT_STATUS_NO_MEMORY; - } - name2 = talloc_asprintf(msg, "%s Secret", name); if (name2 == NULL) { talloc_free(frame); -- 2.25.1 From 89bcc948ad6b4e6b6f496895f3c2e1a41e1e049d Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 27 Jul 2023 17:11:39 +1200 Subject: [PATCH 09/11] s4-rpc_server/backupkey: Use samdb_system_container_dn() in get_lsa_secret() This is now exactly the same actions, but just uses common code to do it. BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959 Signed-off-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher (cherry picked from commit 9b4f3f3cb4ed17bb233d3b5ccd191be63f01f3f4) --- source4/rpc_server/backupkey/dcesrv_backupkey.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/source4/rpc_server/backupkey/dcesrv_backupkey.c b/source4/rpc_server/backupkey/dcesrv_backupkey.c index 5faffdc022c..7c4b9de1feb 100644 --- a/source4/rpc_server/backupkey/dcesrv_backupkey.c +++ b/source4/rpc_server/backupkey/dcesrv_backupkey.c @@ -196,17 +196,12 @@ static NTSTATUS get_lsa_secret(TALLOC_CTX *mem_ctx, return NT_STATUS_NO_MEMORY; } - system_dn = ldb_dn_copy(tmp_mem, ldb_get_default_basedn(ldb)); + system_dn = samdb_system_container_dn(ldb, tmp_mem); if (system_dn == NULL) { talloc_free(tmp_mem); return NT_STATUS_NO_MEMORY; } - if (!ldb_dn_add_child_fmt(system_dn, "CN=System")) { - talloc_free(tmp_mem); - return NT_STATUS_NO_MEMORY; - } - ret = ldb_search(ldb, mem_ctx, &res, system_dn, LDB_SCOPE_SUBTREE, attrs, "(&(cn=%s Secret)(objectclass=secret))", ldb_binary_encode_string(tmp_mem, name)); -- 2.25.1 From 63ac328ebf6d998d2c1f1bd0c3e5c6e9cae44a7a Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 27 Jul 2023 17:14:30 +1200 Subject: [PATCH 10/11] dsdb: Use samdb_system_container_dn() in dsdb_trust_*() This is now exactly the same actions, but just uses common code to do it. BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959 Signed-off-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher (cherry picked from commit 4250d07e4dcd43bf7450b1ae603ff46fdc892d02) --- source4/dsdb/common/util_trusts.c | 21 +++------------------ 1 file changed, 3 insertions(+), 18 deletions(-) diff --git a/source4/dsdb/common/util_trusts.c b/source4/dsdb/common/util_trusts.c index 0f4d5584192..fd1aa2be4d4 100644 --- a/source4/dsdb/common/util_trusts.c +++ b/source4/dsdb/common/util_trusts.c @@ -2459,17 +2459,12 @@ NTSTATUS dsdb_trust_search_tdo(struct ldb_context *sam_ctx, return NT_STATUS_INVALID_PARAMETER_MIX; } - system_dn = ldb_dn_copy(frame, ldb_get_default_basedn(sam_ctx)); + system_dn = samdb_system_container_dn(sam_ctx, frame); if (system_dn == NULL) { TALLOC_FREE(frame); return NT_STATUS_NO_MEMORY; } - if (!ldb_dn_add_child_fmt(system_dn, "CN=System")) { - TALLOC_FREE(frame); - return NT_STATUS_NO_MEMORY; - } - if (netbios != NULL) { netbios_encoded = ldb_binary_encode_string(frame, netbios); if (netbios_encoded == NULL) { @@ -2617,17 +2612,12 @@ NTSTATUS dsdb_trust_search_tdo_by_sid(struct ldb_context *sam_ctx, return NT_STATUS_NO_MEMORY; } - system_dn = ldb_dn_copy(frame, ldb_get_default_basedn(sam_ctx)); + system_dn = samdb_system_container_dn(sam_ctx, frame); if (system_dn == NULL) { TALLOC_FREE(frame); return NT_STATUS_NO_MEMORY; } - if (!ldb_dn_add_child_fmt(system_dn, "CN=System")) { - TALLOC_FREE(frame); - return NT_STATUS_NO_MEMORY; - } - filter = talloc_asprintf(frame, "(&" "(objectClass=trustedDomain)" @@ -2794,17 +2784,12 @@ NTSTATUS dsdb_trust_search_tdos(struct ldb_context *sam_ctx, *res = NULL; - system_dn = ldb_dn_copy(frame, ldb_get_default_basedn(sam_ctx)); + system_dn = samdb_system_container_dn(sam_ctx, frame); if (system_dn == NULL) { TALLOC_FREE(frame); return NT_STATUS_NO_MEMORY; } - if (!ldb_dn_add_child_fmt(system_dn, "CN=System")) { - TALLOC_FREE(frame); - return NT_STATUS_NO_MEMORY; - } - if (exclude != NULL) { exclude_encoded = ldb_binary_encode_string(frame, exclude); if (exclude_encoded == NULL) { -- 2.25.1 From 0c08e35906147b39d0344ca2bfdb1f760fa2098c Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 27 Jul 2023 17:18:45 +1200 Subject: [PATCH 11/11] dsdb: Use samdb_system_container_dn() in pdb_samba_dsdb_*() This makes more calls to add children, but avoids the cn=system string in the codebase which makes it easier to audit that this is always being built correctly. Signed-off-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Mon Jul 31 07:20:21 UTC 2023 on atb-devel-224 (cherry picked from commit 5571ce9619d856d3c9545099366f4e0259aee8ef) RN: A second container with name CN=System would disable the operation of the Samba AD DC. Samba now finds the CN=System container by exact DN and not a search. --- source3/passdb/pdb_samba_dsdb.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/source3/passdb/pdb_samba_dsdb.c b/source3/passdb/pdb_samba_dsdb.c index 4c0fd6d4430..1951c6974f8 100644 --- a/source3/passdb/pdb_samba_dsdb.c +++ b/source3/passdb/pdb_samba_dsdb.c @@ -3317,9 +3317,13 @@ static NTSTATUS pdb_samba_dsdb_set_trusted_domain(struct pdb_methods *methods, goto out; } - msg->dn = ldb_dn_copy(tmp_ctx, base_dn); + msg->dn = samdb_system_container_dn(state->ldb, tmp_ctx); + if (msg->dn == NULL) { + status = NT_STATUS_NO_MEMORY; + goto out; + } - ok = ldb_dn_add_child_fmt(msg->dn, "cn=%s,cn=System", td->domain_name); + ok = ldb_dn_add_child_fmt(msg->dn, "cn=%s", td->domain_name); if (!ok) { status = NT_STATUS_NO_MEMORY; goto out; @@ -3544,13 +3548,13 @@ static NTSTATUS pdb_samba_dsdb_del_trusted_domain(struct pdb_methods *methods, return NT_STATUS_OK; } - tdo_dn = ldb_dn_copy(tmp_ctx, ldb_get_default_basedn(state->ldb)); + tdo_dn = samdb_system_container_dn(state->ldb, tmp_ctx); if (tdo_dn == NULL) { status = NT_STATUS_NO_MEMORY; goto out; } - ok = ldb_dn_add_child_fmt(tdo_dn, "cn=%s,cn=System", domain); + ok = ldb_dn_add_child_fmt(tdo_dn, "cn=%s", domain); if (!ok) { TALLOC_FREE(tmp_ctx); status = NT_STATUS_NO_MEMORY; -- 2.25.1