struct netr_ServerPasswordSet *r)
{
struct netlogon_creds_CredentialState *creds;
+ const struct dom_sid *client_sid = NULL;
struct ldb_context *sam_ctx;
NTSTATUS nt_status;
r->in.credential, r->out.return_authenticator,
&creds);
NT_STATUS_NOT_OK_RETURN(nt_status);
+ client_sid = creds->sid;
sam_ctx = dcesrv_samdb_connect_as_system(mem_ctx, dce_call);
if (sam_ctx == NULL) {
/* Using the sid for the account as the key, set the password */
nt_status = samdb_set_password_sid(sam_ctx, mem_ctx,
- creds->sid,
+ client_sid,
NULL, /* Don't have version */
NULL, /* Don't have plaintext */
r->in.new_password,
struct netr_ServerPasswordSet2 *r)
{
struct netlogon_creds_CredentialState *creds;
+ const struct dom_sid *client_sid = NULL;
struct ldb_context *sam_ctx;
struct NL_PASSWORD_VERSION version = {};
const uint32_t *new_version = NULL;
r->in.credential, r->out.return_authenticator,
&creds);
NT_STATUS_NOT_OK_RETURN(nt_status);
+ client_sid = creds->sid;
sam_ctx = dcesrv_samdb_connect_as_system(mem_ctx, dce_call);
if (sam_ctx == NULL) {
/* Using the sid for the account as the key, set the password */
nt_status = samdb_set_password_sid(sam_ctx, mem_ctx,
- creds->sid,
+ client_sid,
new_version,
&new_password, /* we have plaintext */
NULL,
TALLOC_CTX *mem_ctx, struct netr_LogonGetDomainInfo *r)
{
struct netlogon_creds_CredentialState *creds;
+ const struct dom_sid *client_sid = NULL;
static const char *const trusts_attrs[] = {"securityIdentifier",
"flatName",
"trustPartner",
talloc_free(frame);
}
NT_STATUS_NOT_OK_RETURN(status);
+ client_sid = creds->sid;
/* We want to avoid connecting as system. */
sam_ctx = dcesrv_samdb_connect_as_user(mem_ctx, dce_call);
/* Prepares the workstation DN */
workstation_dn = ldb_dn_new_fmt(mem_ctx, sam_ctx, "<SID=%s>",
- dom_sid_string(mem_ctx, creds->sid));
+ dom_sid_string(mem_ctx, client_sid));
NT_STATUS_HAVE_NO_MEMORY(workstation_dn);
/* Get the workstation's session info from the database. */
static bool sam_rodc_access_check(struct ldb_context *sam_ctx,
TALLOC_CTX *mem_ctx,
- struct dom_sid *user_sid,
+ const struct dom_sid *user_sid,
struct ldb_dn *obj_dn)
{
static const char *rodc_attrs[] = {"msDS-NeverRevealGroup",
struct netr_NetrLogonSendToSam *r)
{
struct netlogon_creds_CredentialState *creds;
+ const struct dom_sid *client_sid = NULL;
struct ldb_context *sam_ctx;
NTSTATUS nt_status;
DATA_BLOB decrypted_blob;
&creds);
NT_STATUS_NOT_OK_RETURN(nt_status);
+ client_sid = creds->sid;
switch (creds->secure_channel_type) {
case SEC_CHAN_BDC:
}
if (creds->secure_channel_type == SEC_CHAN_RODC &&
- !sam_rodc_access_check(sam_ctx, mem_ctx, creds->sid, dn)) {
+ !sam_rodc_access_check(sam_ctx, mem_ctx, client_sid, dn)) {
DEBUG(1, ("Client asked to reset bad password on "
"an arbitrary user: %s\n",
ldb_dn_get_linearized(dn)));
{
struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx;
struct netlogon_creds_CredentialState *creds = NULL;
+ const struct dom_sid *client_sid = NULL;
struct ldb_context *sam_ctx = NULL;
static const char * const attrs[] = {
"unicodePwd",
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
}
+ client_sid = creds->sid;
/* TODO: check r->in.server_name is our name */
return NT_STATUS_INVALID_SYSTEM_SERVICE;
}
- asid = ldap_encode_ndr_dom_sid(mem_ctx, creds->sid);
+ asid = ldap_encode_ndr_dom_sid(mem_ctx, client_sid);
if (asid == NULL) {
return NT_STATUS_NO_MEMORY;
}
struct tevent_req *subreq;
struct imessaging_context *imsg_ctx =
dcesrv_imessaging_context(dce_call->conn);
+ struct dom_sid *client_sid = NULL;
nt_status = dcesrv_netr_creds_server_step_check(dce_call,
mem_ctx,
r->out.return_authenticator,
&creds);
NT_STATUS_NOT_OK_RETURN(nt_status);
+ client_sid = creds->sid;
if (creds->secure_channel_type != SEC_CHAN_RODC) {
return NT_STATUS_ACCESS_DENIED;
st->r2 = talloc_zero(st, struct dnsupdate_RODC);
NT_STATUS_HAVE_NO_MEMORY(st->r2);
- st->r2->in.dom_sid = creds->sid;
+ st->r2->in.dom_sid = client_sid;
st->r2->in.site_name = r->in.site_name;
st->r2->in.dns_ttl = r->in.dns_ttl;
st->r2->in.dns_names = r->in.dns_names;
projects / thirdparty / samba.git / commitdiff
