diff options
| author | Andreas Schneider <asn@samba.org> | 2019-08-14 13:01:19 +0200 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2019-10-16 12:15:54 +0000 |
| commit | f5216b70c373e3acffc1d75f6efa3e8d273a41fe (patch) | |
| tree | fdd6ca7f7547dcc246f46f06fd7d2f36f7f09260 | |
| parent | 60c5d1d3de6c8a44f716349805a8ac0dc935d97d (diff) | |
| download | samba-f5216b70c373e3acffc1d75f6efa3e8d273a41fe.tar.gz | |
s3:libads: Fix detection if acount already exists in ads_find_machine_count()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 4f389c1f78cdc2424795e3b2a1ce43818c400c2d)
| -rw-r--r-- | source3/libads/ldap.c | 36 |
1 files changed, 28 insertions, 8 deletions
diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index 3bc9a2a06aa..ec6ad61a55c 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -1366,7 +1366,21 @@ char *ads_parent_dn(const char *dn) { ADS_STATUS status; char *expr; - const char *attrs[] = {"*", "msDS-SupportedEncryptionTypes", "nTSecurityDescriptor", NULL}; + const char *attrs[] = { + /* This is how Windows checks for machine accounts */ + "objectClass", + "SamAccountName", + "userAccountControl", + "DnsHostName", + "ServicePrincipalName", + "unicodePwd", + + /* Additional attributes Samba checks */ + "msDS-SupportedEncryptionTypes", + "nTSecurityDescriptor", + + NULL + }; TALLOC_CTX *frame = talloc_stackframe(); *res = NULL; @@ -1380,6 +1394,11 @@ char *ads_parent_dn(const char *dn) } status = ads_search(ads, res, expr, attrs); + if (ADS_ERR_OK(status)) { + if (ads_count_replies(ads, *res) != 1) { + status = ADS_ERROR_LDAP(LDAP_NO_SUCH_OBJECT); + } + } done: TALLOC_FREE(frame); @@ -1867,11 +1886,11 @@ ADS_STATUS ads_clear_service_principal_names(ADS_STRUCT *ads, const char *machin char *dn_string = NULL; ret = ads_find_machine_acct(ads, &res, machine_name); - if (!ADS_ERR_OK(ret) || ads_count_replies(ads, res) != 1) { + if (!ADS_ERR_OK(ret)) { DEBUG(5,("ads_clear_service_principal_names: WARNING: Host Account for %s not found... skipping operation.\n", machine_name)); DEBUG(5,("ads_clear_service_principal_names: WARNING: Service Principals for %s have NOT been cleared.\n", machine_name)); ads_msgfree(ads, res); - return ADS_ERROR(LDAP_NO_SUCH_OBJECT); + return ret; } DEBUG(5,("ads_clear_service_principal_names: Host account for %s found\n", machine_name)); @@ -2027,12 +2046,12 @@ ADS_STATUS ads_add_service_principal_names(ADS_STRUCT *ads, const char **servicePrincipalName = spns; ret = ads_find_machine_acct(ads, &res, machine_name); - if (!ADS_ERR_OK(ret) || ads_count_replies(ads, res) != 1) { + if (!ADS_ERR_OK(ret)) { DEBUG(1,("ads_add_service_principal_name: WARNING: Host Account for %s not found... skipping operation.\n", machine_name)); DEBUG(1,("ads_add_service_principal_name: WARNING: Service Principals have NOT been added.\n")); ads_msgfree(ads, res); - return ADS_ERROR(LDAP_NO_SUCH_OBJECT); + return ret; } DEBUG(1,("ads_add_service_principal_name: Host account for %s found\n", machine_name)); @@ -2127,7 +2146,7 @@ ADS_STATUS ads_create_machine_acct(ADS_STRUCT *ads, } ret = ads_find_machine_acct(ads, &res, machine_escaped); - if (ADS_ERR_OK(ret) && ads_count_replies(ads, res) == 1) { + if (ADS_ERR_OK(ret)) { DBG_DEBUG("Host account for %s already exists.\n", machine_escaped); ret = ADS_ERROR_LDAP(LDAP_ALREADY_EXISTS); @@ -3684,14 +3703,15 @@ ADS_STATUS ads_leave_realm(ADS_STRUCT *ads, const char *hostname) TALLOC_FREE(hostnameDN); status = ads_find_machine_acct(ads, &res, host); - if (ADS_ERR_OK(status) && ads_count_replies(ads, res) == 1) { + if ((status.error_type == ENUM_ADS_ERROR_LDAP) && + (status.err.rc != LDAP_NO_SUCH_OBJECT)) { DEBUG(3, ("Failed to remove host account.\n")); SAFE_FREE(host); return status; } SAFE_FREE(host); - return status; + return ADS_SUCCESS; } /** |