summaryrefslogtreecommitdiff
path: root/source3/passdb/pdb_samba_dsdb.c
diff options
context:
space:
mode:
Diffstat (limited to 'source3/passdb/pdb_samba_dsdb.c')
-rw-r--r--source3/passdb/pdb_samba_dsdb.c77
1 files changed, 60 insertions, 17 deletions
diff --git a/source3/passdb/pdb_samba_dsdb.c b/source3/passdb/pdb_samba_dsdb.c
index 3fc266c4e26..4cd7a4b6cdc 100644
--- a/source3/passdb/pdb_samba_dsdb.c
+++ b/source3/passdb/pdb_samba_dsdb.c
@@ -259,9 +259,13 @@ static NTSTATUS pdb_samba_dsdb_init_sam_from_priv(struct pdb_methods *m,
pdb_set_workstations(sam, str, PDB_SET);
}
- str = ldb_msg_find_attr_as_string(msg, "userParameters",
- NULL);
- if (str != NULL) {
+ blob = ldb_msg_find_ldb_val(msg, "userParameters");
+ if (blob != NULL) {
+ str = base64_encode_data_blob(frame, *blob);
+ if (str == NULL) {
+ DEBUG(0, ("base64_encode_data_blob() failed\n"));
+ goto fail;
+ }
pdb_set_munged_dial(sam, str, PDB_SET);
}
@@ -553,8 +557,25 @@ static int pdb_samba_dsdb_replace_by_sam(struct pdb_samba_dsdb_state *state,
/* This will need work, it is actually a UTF8 'string' with internal NULLs, to handle TS parameters */
if (need_update(sam, PDB_MUNGEDDIAL)) {
- ret |= ldb_msg_add_string(msg, "userParameters",
- pdb_get_munged_dial(sam));
+ const char *base64_munged_dial = NULL;
+
+ base64_munged_dial = pdb_get_munged_dial(sam);
+ if (base64_munged_dial != NULL && strlen(base64_munged_dial) > 0) {
+ struct ldb_val blob;
+
+ blob = base64_decode_data_blob_talloc(msg,
+ base64_munged_dial);
+ if (blob.data == NULL) {
+ DEBUG(0, ("Failed to decode userParameters from "
+ "munged dialback string[%s] for %s\n",
+ base64_munged_dial,
+ ldb_dn_get_linearized(msg->dn)));
+ talloc_free(frame);
+ return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
+ }
+ ret |= ldb_msg_add_steal_value(msg, "userParameters",
+ &blob);
+ }
}
if (need_update(sam, PDB_COUNTRY_CODE)) {
@@ -2193,6 +2214,10 @@ static void free_private_data(void **vp)
static NTSTATUS pdb_samba_dsdb_init_secrets(struct pdb_methods *m)
{
struct pdb_domain_info *dom_info;
+ struct dom_sid stored_sid;
+ struct GUID stored_guid;
+ bool sid_exists_and_matches = false;
+ bool guid_exists_and_matches = false;
bool ret;
dom_info = pdb_samba_dsdb_get_domain_info(m, m);
@@ -2200,20 +2225,38 @@ static NTSTATUS pdb_samba_dsdb_init_secrets(struct pdb_methods *m)
return NT_STATUS_UNSUCCESSFUL;
}
- secrets_clear_domain_protection(dom_info->name);
- ret = secrets_store_domain_sid(dom_info->name,
- &dom_info->sid);
- if (!ret) {
- goto done;
+ ret = secrets_fetch_domain_sid(dom_info->name, &stored_sid);
+ if (ret) {
+ if (dom_sid_equal(&stored_sid, &dom_info->sid)) {
+ sid_exists_and_matches = true;
+ }
}
- ret = secrets_store_domain_guid(dom_info->name,
- &dom_info->guid);
- if (!ret) {
- goto done;
+
+ if (sid_exists_and_matches == false) {
+ secrets_clear_domain_protection(dom_info->name);
+ ret = secrets_store_domain_sid(dom_info->name,
+ &dom_info->sid);
+ ret &= secrets_mark_domain_protected(dom_info->name);
+ if (!ret) {
+ goto done;
+ }
}
- ret = secrets_mark_domain_protected(dom_info->name);
- if (!ret) {
- goto done;
+
+ ret = secrets_fetch_domain_guid(dom_info->name, &stored_guid);
+ if (ret) {
+ if (GUID_equal(&stored_guid, &dom_info->guid)) {
+ guid_exists_and_matches = true;
+ }
+ }
+
+ if (guid_exists_and_matches == false) {
+ secrets_clear_domain_protection(dom_info->name);
+ ret = secrets_store_domain_guid(dom_info->name,
+ &dom_info->guid);
+ ret &= secrets_mark_domain_protected(dom_info->name);
+ if (!ret) {
+ goto done;
+ }
}
done:
View Lorry Controller Status