diff options
Diffstat (limited to 'source3/passdb/pdb_samba_dsdb.c')
-rw-r--r-- | source3/passdb/pdb_samba_dsdb.c | 77 |
1 files changed, 60 insertions, 17 deletions
diff --git a/source3/passdb/pdb_samba_dsdb.c b/source3/passdb/pdb_samba_dsdb.c index 3fc266c4e26..4cd7a4b6cdc 100644 --- a/source3/passdb/pdb_samba_dsdb.c +++ b/source3/passdb/pdb_samba_dsdb.c @@ -259,9 +259,13 @@ static NTSTATUS pdb_samba_dsdb_init_sam_from_priv(struct pdb_methods *m, pdb_set_workstations(sam, str, PDB_SET); } - str = ldb_msg_find_attr_as_string(msg, "userParameters", - NULL); - if (str != NULL) { + blob = ldb_msg_find_ldb_val(msg, "userParameters"); + if (blob != NULL) { + str = base64_encode_data_blob(frame, *blob); + if (str == NULL) { + DEBUG(0, ("base64_encode_data_blob() failed\n")); + goto fail; + } pdb_set_munged_dial(sam, str, PDB_SET); } @@ -553,8 +557,25 @@ static int pdb_samba_dsdb_replace_by_sam(struct pdb_samba_dsdb_state *state, /* This will need work, it is actually a UTF8 'string' with internal NULLs, to handle TS parameters */ if (need_update(sam, PDB_MUNGEDDIAL)) { - ret |= ldb_msg_add_string(msg, "userParameters", - pdb_get_munged_dial(sam)); + const char *base64_munged_dial = NULL; + + base64_munged_dial = pdb_get_munged_dial(sam); + if (base64_munged_dial != NULL && strlen(base64_munged_dial) > 0) { + struct ldb_val blob; + + blob = base64_decode_data_blob_talloc(msg, + base64_munged_dial); + if (blob.data == NULL) { + DEBUG(0, ("Failed to decode userParameters from " + "munged dialback string[%s] for %s\n", + base64_munged_dial, + ldb_dn_get_linearized(msg->dn))); + talloc_free(frame); + return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; + } + ret |= ldb_msg_add_steal_value(msg, "userParameters", + &blob); + } } if (need_update(sam, PDB_COUNTRY_CODE)) { @@ -2193,6 +2214,10 @@ static void free_private_data(void **vp) static NTSTATUS pdb_samba_dsdb_init_secrets(struct pdb_methods *m) { struct pdb_domain_info *dom_info; + struct dom_sid stored_sid; + struct GUID stored_guid; + bool sid_exists_and_matches = false; + bool guid_exists_and_matches = false; bool ret; dom_info = pdb_samba_dsdb_get_domain_info(m, m); @@ -2200,20 +2225,38 @@ static NTSTATUS pdb_samba_dsdb_init_secrets(struct pdb_methods *m) return NT_STATUS_UNSUCCESSFUL; } - secrets_clear_domain_protection(dom_info->name); - ret = secrets_store_domain_sid(dom_info->name, - &dom_info->sid); - if (!ret) { - goto done; + ret = secrets_fetch_domain_sid(dom_info->name, &stored_sid); + if (ret) { + if (dom_sid_equal(&stored_sid, &dom_info->sid)) { + sid_exists_and_matches = true; + } } - ret = secrets_store_domain_guid(dom_info->name, - &dom_info->guid); - if (!ret) { - goto done; + + if (sid_exists_and_matches == false) { + secrets_clear_domain_protection(dom_info->name); + ret = secrets_store_domain_sid(dom_info->name, + &dom_info->sid); + ret &= secrets_mark_domain_protected(dom_info->name); + if (!ret) { + goto done; + } } - ret = secrets_mark_domain_protected(dom_info->name); - if (!ret) { - goto done; + + ret = secrets_fetch_domain_guid(dom_info->name, &stored_guid); + if (ret) { + if (GUID_equal(&stored_guid, &dom_info->guid)) { + guid_exists_and_matches = true; + } + } + + if (guid_exists_and_matches == false) { + secrets_clear_domain_protection(dom_info->name); + ret = secrets_store_domain_guid(dom_info->name, + &dom_info->guid); + ret &= secrets_mark_domain_protected(dom_info->name); + if (!ret) { + goto done; + } } done: |