bool tldap_pull_binsid(struct tldap_message *msg, const char *attribute,
struct dom_sid *sid)
{
DATA_BLOB val;
if (!tldap_get_single_valueblob(msg, attribute, &val)) {
return false;
}
return sid_parse((char *)val.data, val.length, sid);
}
bool tldap_pull_guid(struct tldap_message *msg, const char *attribute,
struct GUID *guid)
{
DATA_BLOB val;
if (!tldap_get_single_valueblob(msg, attribute, &val)) {
return false;
}
return NT_STATUS_IS_OK(GUID_from_data_blob(&val, guid));
}
char *tldap_talloc_single_attribute(struct tldap_message *msg,
const char *attribute,
TALLOC_CTX *mem_ctx)
{
DATA_BLOB val;
char *result;
size_t len;
if (!tldap_get_single_valueblob(msg, attribute, &val)) {
return false;
}
if (!convert_string_talloc(mem_ctx, CH_UTF8, CH_UNIX,
val.data, val.length,
&result, &len)) {
return NULL;
}
return result;
}
static NTSTATUS mymachinepw(uint8_t pwd[16])
{
TALLOC_CTX *frame = talloc_stackframe();
struct tldap_context *ld = NULL;
struct tldap_message *rootdse, **msg;
const char *attrs[1] = { "unicodePwd" };
char *default_nc, *myname;
int rc, num_msg;
DATA_BLOB pwdblob;
NTSTATUS status;
status = get_ldapi_ctx(talloc_tos(), &ld);
if (!NT_STATUS_IS_OK(status)) {
goto fail;
}
rootdse = tldap_rootdse(ld);
if (rootdse == NULL) {
DEBUG(10, ("Could not get rootdse\n"));
status = NT_STATUS_INTERNAL_ERROR;
goto fail;
}
default_nc = tldap_talloc_single_attribute(
rootdse, "defaultNamingContext", talloc_tos());
if (default_nc == NULL) {
DEBUG(10, ("Could not get defaultNamingContext\n"));
status = NT_STATUS_NO_MEMORY;
goto fail;
}
DEBUG(10, ("default_nc = %s\n", default_nc));
myname = talloc_asprintf_strupper_m(talloc_tos(), "%s$",
global_myname());
if (myname == NULL) {
DEBUG(10, ("talloc failed\n"));
status = NT_STATUS_NO_MEMORY;
goto fail;
}
rc = tldap_search_fmt(
ld, default_nc, TLDAP_SCOPE_SUB, attrs, ARRAY_SIZE(attrs), 0,
talloc_tos(), &msg,
"(&(sAMAccountName=%s)(objectClass=computer))", myname);
if (rc != TLDAP_SUCCESS) {
DEBUG(10, ("Could not retrieve our account: %s\n",
tldap_errstr(talloc_tos(), ld, rc)));
status = NT_STATUS_LDAP(rc);
goto fail;
}
num_msg = talloc_array_length(msg);
if (num_msg != 1) {
DEBUG(10, ("Got %d accounts, expected one\n", num_msg));
status = NT_STATUS_INTERNAL_DB_CORRUPTION;
goto fail;
}
if (!tldap_get_single_valueblob(msg[0], "unicodePwd", &pwdblob)) {
char *dn = NULL;
tldap_entry_dn(msg[0], &dn);
DEBUG(10, ("No unicodePwd attribute in %s\n",
dn ? dn : "<unknown DN>"));
status = NT_STATUS_INTERNAL_DB_CORRUPTION;
goto fail;
}
if (pwdblob.length != 16) {
DEBUG(10, ("Password hash hash has length %d, expected 16\n",
(int)pwdblob.length));
status = NT_STATUS_INTERNAL_DB_CORRUPTION;
goto fail;
}
memcpy(pwd, pwdblob.data, 16);
fail:
TALLOC_FREE(frame);
return status;
}
