The branch, master has been updated
via 5571ce9619d dsdb: Use samdb_system_container_dn() in
pdb_samba_dsdb_*()
via 4250d07e4dc dsdb: Use samdb_system_container_dn() in dsdb_trust_*()
via 9b4f3f3cb4e s4-rpc_server/backupkey: Use
samdb_system_container_dn() in get_lsa_secret()
via 13eed1e0e7d s4-rpc_server/backupkey: Use
samdb_system_container_dn() in set_lsa_secret()
via a900f6aa5d9 s4-rpc_server/netlogon: Use samdb_system_container_dn()
in fill_trusted_domains_array()
via 4e18066fa24 s4-rpc_server/lsa: Use samdb_system_container_dn() in
dcesrv_lsa_get_policy_state()
via 3669caa97f7 dsdb: Use samdb_get_system_container_dn() to get
Password Settings Container
via 97b682e0eb0 dsdb: Use samdb_system_container_dn() in samldb.c
via 25b0e1102e1 dsdb: Add new function samdb_system_container_dn()
via 2d461844a20 Bug #9959: Don't search for CN=System
via b6e80733c3a For Bug #9959: local talloc frame for next commit
from 0bf8b25aacd s3/modules: Fix DFS links when widelinks = yes
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 5571ce9619d856d3c9545099366f4e0259aee8ef
Author: Andrew Bartlett <abart...@samba.org>
Date: Thu Jul 27 17:18:45 2023 +1200
dsdb: Use samdb_system_container_dn() in pdb_samba_dsdb_*()
This makes more calls to add children, but avoids the cn=system string in
the
codebase which makes it easier to audit that this is always being built
correctly.
Signed-off-by: Andrew Bartlett <abart...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
Autobuild-User(master): Stefan Metzmacher <me...@samba.org>
Autobuild-Date(master): Mon Jul 31 07:20:21 UTC 2023 on atb-devel-224
commit 4250d07e4dcd43bf7450b1ae603ff46fdc892d02
Author: Andrew Bartlett <abart...@samba.org>
Date: Thu Jul 27 17:14:30 2023 +1200
dsdb: Use samdb_system_container_dn() in dsdb_trust_*()
This is now exactly the same actions, but just uses common code to do it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abart...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
commit 9b4f3f3cb4ed17bb233d3b5ccd191be63f01f3f4
Author: Andrew Bartlett <abart...@samba.org>
Date: Thu Jul 27 17:11:39 2023 +1200
s4-rpc_server/backupkey: Use samdb_system_container_dn() in get_lsa_secret()
This is now exactly the same actions, but just uses common code to do it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abart...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
commit 13eed1e0e7d0bdef6b5cdb6b858f124b812adbea
Author: Andrew Bartlett <abart...@samba.org>
Date: Thu Jul 27 17:09:31 2023 +1200
s4-rpc_server/backupkey: Use samdb_system_container_dn() in set_lsa_secret()
This is now exactly the same actions, but just uses common code to do it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abart...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
commit a900f6aa5d909d912ee3ca529baa4047c9c4da87
Author: Andrew Bartlett <abart...@samba.org>
Date: Thu Jul 27 17:00:21 2023 +1200
s4-rpc_server/netlogon: Use samdb_system_container_dn() in
fill_trusted_domains_array()
This is now exactly the same actions, but just uses common code to do it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abart...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
commit 4e18066fa243da1c505f782ba87187c3bb1078ee
Author: Andrew Bartlett <abart...@samba.org>
Date: Thu Jul 27 16:58:13 2023 +1200
s4-rpc_server/lsa: Use samdb_system_container_dn() in
dcesrv_lsa_get_policy_state()
This is now exactly the same actions, but just uses common code to do it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abart...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
commit 3669caa97f76d3e893ac6a1ab88341057929ee6a
Author: Andrew Bartlett <abart...@samba.org>
Date: Thu Jul 27 16:44:10 2023 +1200
dsdb: Use samdb_get_system_container_dn() to get Password Settings Container
By doing this we use the common samdb_get_system_container_dn() routine and
we
avoid doing a linerize and parse step on the main DN, instead using the
already stored parse of the DN. This is more hygenic.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abart...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
commit 97b682e0eb0450513dcecb74be672e18e84fe7a2
Author: Andrew Bartlett <abart...@samba.org>
Date: Thu Jul 27 16:29:34 2023 +1200
dsdb: Use samdb_system_container_dn() in samldb.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abart...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
commit 25b0e1102e1a502152d2695aeddf7c65555b16fb
Author: Andrew Bartlett <abart...@samba.org>
Date: Thu Jul 27 16:12:11 2023 +1200
dsdb: Add new function samdb_system_container_dn()
This will replace many calls crafting or searching for this DN
elsewhere in the code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Pair-Programmed-With: Stefan Metzmacher <me...@samba.org>
Signed-off-by: Andrew Bartlett <abart...@samba.org>
Signed-off-by: Stefan Metzmacher <me...@samba.org>
commit 2d461844a201fbca55ebc9a46a15e1d16048055b
Author: Arvid Requate <requ...@univention.de>
Date: Fri Aug 26 16:20:34 2016 +0200
Bug #9959: Don't search for CN=System
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Arvid Requate <requ...@univention.de>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
commit b6e80733c3a589f9d784eec86fc713f1ec9c1049
Author: Arvid Requate <requ...@univention.de>
Date: Fri Aug 26 16:18:57 2016 +0200
For Bug #9959: local talloc frame for next commit
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Arvid Requate <requ...@univention.de>
[abart...@samba.org Added additional talloc_free() in failure paths]
Reviewed-by: Stefan Metzmacher <me...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
source3/passdb/pdb_samba_dsdb.c | 12 ++++--
source4/dsdb/common/util.c | 19 +++++++++
source4/dsdb/common/util_trusts.c | 21 ++--------
source4/dsdb/samdb/ldb_modules/operational.c | 22 +++++-----
source4/dsdb/samdb/ldb_modules/samldb.c | 7 +---
source4/rpc_server/backupkey/dcesrv_backupkey.c | 54 ++++++++++---------------
source4/rpc_server/lsa/lsa_init.c | 7 ++--
source4/rpc_server/netlogon/dcerpc_netlogon.c | 8 ++--
8 files changed, 71 insertions(+), 79 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/passdb/pdb_samba_dsdb.c b/source3/passdb/pdb_samba_dsdb.c
index 8ed5799ac89..dee40bf2175 100644
--- a/source3/passdb/pdb_samba_dsdb.c
+++ b/source3/passdb/pdb_samba_dsdb.c
@@ -3317,9 +3317,13 @@ static NTSTATUS pdb_samba_dsdb_set_trusted_domain(struct
pdb_methods *methods,
goto out;
}
- msg->dn = ldb_dn_copy(tmp_ctx, base_dn);
+ msg->dn = samdb_system_container_dn(state->ldb, tmp_ctx);
+ if (msg->dn == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto out;
+ }
- ok = ldb_dn_add_child_fmt(msg->dn, "cn=%s,cn=System", td->domain_name);
+ ok = ldb_dn_add_child_fmt(msg->dn, "cn=%s", td->domain_name);
if (!ok) {
status = NT_STATUS_NO_MEMORY;
goto out;
@@ -3544,13 +3548,13 @@ static NTSTATUS
pdb_samba_dsdb_del_trusted_domain(struct pdb_methods *methods,
return NT_STATUS_OK;
}
- tdo_dn = ldb_dn_copy(tmp_ctx, ldb_get_default_basedn(state->ldb));
+ tdo_dn = samdb_system_container_dn(state->ldb, tmp_ctx);
if (tdo_dn == NULL) {
status = NT_STATUS_NO_MEMORY;
goto out;
}
- ok = ldb_dn_add_child_fmt(tdo_dn, "cn=%s,cn=System", domain);
+ ok = ldb_dn_add_child_fmt(tdo_dn, "cn=%s", domain);
if (!ok) {
TALLOC_FREE(tmp_ctx);
status = NT_STATUS_NO_MEMORY;
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index fbc8ffe5ce5..5fa9f65e247 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -1276,6 +1276,25 @@ struct ldb_dn *samdb_infrastructure_dn(struct
ldb_context *sam_ctx, TALLOC_CTX *
return new_dn;
}
+struct ldb_dn *samdb_system_container_dn(struct ldb_context *sam_ctx,
TALLOC_CTX *mem_ctx)
+{
+ struct ldb_dn *new_dn = NULL;
+ bool ok;
+
+ new_dn = ldb_dn_copy(mem_ctx, ldb_get_default_basedn(sam_ctx));
+ if (new_dn == NULL) {
+ return NULL;
+ }
+
+ ok = ldb_dn_add_child_fmt(new_dn, "CN=System");
+ if (!ok) {
+ TALLOC_FREE(new_dn);
+ return NULL;
+ }
+
+ return new_dn;
+}
+
struct ldb_dn *samdb_sites_dn(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx)
{
struct ldb_dn *new_dn;
diff --git a/source4/dsdb/common/util_trusts.c
b/source4/dsdb/common/util_trusts.c
index 0f4d5584192..fd1aa2be4d4 100644
--- a/source4/dsdb/common/util_trusts.c
+++ b/source4/dsdb/common/util_trusts.c
@@ -2459,17 +2459,12 @@ NTSTATUS dsdb_trust_search_tdo(struct ldb_context
*sam_ctx,
return NT_STATUS_INVALID_PARAMETER_MIX;
}
- system_dn = ldb_dn_copy(frame, ldb_get_default_basedn(sam_ctx));
+ system_dn = samdb_system_container_dn(sam_ctx, frame);
if (system_dn == NULL) {
TALLOC_FREE(frame);
return NT_STATUS_NO_MEMORY;
}
- if (!ldb_dn_add_child_fmt(system_dn, "CN=System")) {
- TALLOC_FREE(frame);
- return NT_STATUS_NO_MEMORY;
- }
-
if (netbios != NULL) {
netbios_encoded = ldb_binary_encode_string(frame, netbios);
if (netbios_encoded == NULL) {
@@ -2617,17 +2612,12 @@ NTSTATUS dsdb_trust_search_tdo_by_sid(struct
ldb_context *sam_ctx,
return NT_STATUS_NO_MEMORY;
}
- system_dn = ldb_dn_copy(frame, ldb_get_default_basedn(sam_ctx));
+ system_dn = samdb_system_container_dn(sam_ctx, frame);
if (system_dn == NULL) {
TALLOC_FREE(frame);
return NT_STATUS_NO_MEMORY;
}
- if (!ldb_dn_add_child_fmt(system_dn, "CN=System")) {
- TALLOC_FREE(frame);
- return NT_STATUS_NO_MEMORY;
- }
-
filter = talloc_asprintf(frame,
"(&"
"(objectClass=trustedDomain)"
@@ -2794,17 +2784,12 @@ NTSTATUS dsdb_trust_search_tdos(struct ldb_context
*sam_ctx,
*res = NULL;
- system_dn = ldb_dn_copy(frame, ldb_get_default_basedn(sam_ctx));
+ system_dn = samdb_system_container_dn(sam_ctx, frame);
if (system_dn == NULL) {
TALLOC_FREE(frame);
return NT_STATUS_NO_MEMORY;
}
- if (!ldb_dn_add_child_fmt(system_dn, "CN=System")) {
- TALLOC_FREE(frame);
- return NT_STATUS_NO_MEMORY;
- }
-
if (exclude != NULL) {
exclude_encoded = ldb_binary_encode_string(frame, exclude);
if (exclude_encoded == NULL) {
diff --git a/source4/dsdb/samdb/ldb_modules/operational.c
b/source4/dsdb/samdb/ldb_modules/operational.c
index 310f98693c0..8821765a703 100644
--- a/source4/dsdb/samdb/ldb_modules/operational.c
+++ b/source4/dsdb/samdb/ldb_modules/operational.c
@@ -1009,19 +1009,20 @@ static int get_pso_count(struct ldb_module *module,
TALLOC_CTX *mem_ctx,
{
static const char * const attrs[] = { NULL };
int ret;
- struct ldb_dn *domain_dn = NULL;
struct ldb_dn *psc_dn = NULL;
struct ldb_result *res = NULL;
struct ldb_context *ldb = ldb_module_get_ctx(module);
+ bool psc_ok;
*pso_count = 0;
- domain_dn = ldb_get_default_basedn(ldb);
- psc_dn = ldb_dn_new_fmt(mem_ctx, ldb,
- "CN=Password Settings Container,CN=System,%s",
- ldb_dn_get_linearized(domain_dn));
+ psc_dn = samdb_system_container_dn(ldb, mem_ctx);
if (psc_dn == NULL) {
return ldb_oom(ldb);
}
+ psc_ok = ldb_dn_add_child_fmt(psc_dn, "CN=Password Settings Container");
+ if (psc_ok == false) {
+ return ldb_oom(ldb);
+ }
/* get the number of PSO children */
ret = dsdb_module_search(module, mem_ctx, &res, psc_dn,
@@ -1088,8 +1089,8 @@ static int pso_search_by_sids(struct ldb_module *module,
TALLOC_CTX *mem_ctx,
int i;
struct ldb_context *ldb = ldb_module_get_ctx(module);
char *sid_filter = NULL;
- struct ldb_dn *domain_dn = NULL;
struct ldb_dn *psc_dn = NULL;
+ bool psc_ok;
const char *attrs[] = {
"msDS-PasswordSettingsPrecedence",
"objectGUID",
@@ -1117,13 +1118,14 @@ static int pso_search_by_sids(struct ldb_module
*module, TALLOC_CTX *mem_ctx,
}
/* only PSOs located in the Password Settings Container are valid */
- domain_dn = ldb_get_default_basedn(ldb);
- psc_dn = ldb_dn_new_fmt(mem_ctx, ldb,
- "CN=Password Settings Container,CN=System,%s",
- ldb_dn_get_linearized(domain_dn));
+ psc_dn = samdb_system_container_dn(ldb, mem_ctx);
if (psc_dn == NULL) {
return ldb_oom(ldb);
}
+ psc_ok = ldb_dn_add_child_fmt(psc_dn, "CN=Password Settings Container");
+ if (psc_ok == false) {
+ return ldb_oom(ldb);
+ }
ret = dsdb_module_search(module, mem_ctx, result, psc_dn,
LDB_SCOPE_ONELEVEL, attrs,
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c
b/source4/dsdb/samdb/ldb_modules/samldb.c
index 1b4921a6f2e..1edcba7223d 100644
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -5402,14 +5402,9 @@ static int check_rename_constraints(struct ldb_message
*msg,
/* Objects under CN=System */
- dn1 = ldb_dn_copy(ac, ldb_get_default_basedn(ldb));
+ dn1 = samdb_system_container_dn(ldb, ac);
if (dn1 == NULL) return ldb_oom(ldb);
- if ( ! ldb_dn_add_child_fmt(dn1, "CN=System")) {
- talloc_free(dn1);
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
if ((ldb_dn_compare_base(dn1, olddn) == 0) &&
(ldb_dn_compare_base(dn1, newdn) != 0)) {
talloc_free(dn1);
diff --git a/source4/rpc_server/backupkey/dcesrv_backupkey.c
b/source4/rpc_server/backupkey/dcesrv_backupkey.c
index b5df40d1e1f..7c4b9de1feb 100644
--- a/source4/rpc_server/backupkey/dcesrv_backupkey.c
+++ b/source4/rpc_server/backupkey/dcesrv_backupkey.c
@@ -59,10 +59,10 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx,
const char *name,
const DATA_BLOB *lsa_secret)
{
+ TALLOC_CTX *frame = talloc_stackframe();
struct ldb_message *msg;
struct ldb_result *res;
- struct ldb_dn *domain_dn;
- struct ldb_dn *system_dn;
+ struct ldb_dn *system_dn = NULL;
struct ldb_val val;
int ret;
char *name2;
@@ -72,13 +72,9 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx,
NULL
};
- domain_dn = ldb_get_default_basedn(ldb);
- if (!domain_dn) {
- return NT_STATUS_INTERNAL_ERROR;
- }
-
- msg = ldb_msg_new(mem_ctx);
+ msg = ldb_msg_new(frame);
if (msg == NULL) {
+ talloc_free(frame);
return NT_STATUS_NO_MEMORY;
}
@@ -92,15 +88,15 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx,
* * taillor the function to the particular needs of backup protocol
*/
- system_dn = samdb_search_dn(ldb, msg, domain_dn,
"(&(objectClass=container)(cn=System))");
+ system_dn = samdb_system_container_dn(ldb, frame);
if (system_dn == NULL) {
- talloc_free(msg);
+ talloc_free(frame);
return NT_STATUS_NO_MEMORY;
}
name2 = talloc_asprintf(msg, "%s Secret", name);
if (name2 == NULL) {
- talloc_free(msg);
+ talloc_free(frame);
return NT_STATUS_NO_MEMORY;
}
@@ -110,7 +106,7 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx,
if (ret != LDB_SUCCESS || res->count != 0 ) {
DEBUG(2, ("Secret %s already exists !\n", name2));
- talloc_free(msg);
+ talloc_free(frame);
return NT_STATUS_OBJECT_NAME_COLLISION;
}
@@ -119,41 +115,41 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx,
* here only if the key didn't exists before
*/
- msg->dn = ldb_dn_copy(mem_ctx, system_dn);
+ msg->dn = ldb_dn_copy(frame, system_dn);
if (msg->dn == NULL) {
- talloc_free(msg);
+ talloc_free(frame);
return NT_STATUS_NO_MEMORY;
}
if (!ldb_dn_add_child_fmt(msg->dn, "cn=%s", name2)) {
- talloc_free(msg);
+ talloc_free(frame);
return NT_STATUS_NO_MEMORY;
}
ret = ldb_msg_add_string(msg, "cn", name2);
if (ret != LDB_SUCCESS) {
- talloc_free(msg);
+ talloc_free(frame);
return NT_STATUS_NO_MEMORY;
}
ret = ldb_msg_add_string(msg, "objectClass", "secret");
if (ret != LDB_SUCCESS) {
- talloc_free(msg);
+ talloc_free(frame);
return NT_STATUS_NO_MEMORY;
}
- ret = samdb_msg_add_uint64(ldb, mem_ctx, msg, "priorSetTime", nt_now);
+ ret = samdb_msg_add_uint64(ldb, frame, msg, "priorSetTime", nt_now);
if (ret != LDB_SUCCESS) {
- talloc_free(msg);
+ talloc_free(frame);
return NT_STATUS_NO_MEMORY;
}
val.data = lsa_secret->data;
val.length = lsa_secret->length;
ret = ldb_msg_add_value(msg, "currentValue", &val, NULL);
if (ret != LDB_SUCCESS) {
- talloc_free(msg);
+ talloc_free(frame);
return NT_STATUS_NO_MEMORY;
}
- ret = samdb_msg_add_uint64(ldb, mem_ctx, msg, "lastSetTime", nt_now);
+ ret = samdb_msg_add_uint64(ldb, frame, msg, "lastSetTime", nt_now);
if (ret != LDB_SUCCESS) {
- talloc_free(msg);
+ talloc_free(frame);
return NT_STATUS_NO_MEMORY;
}
@@ -167,11 +163,11 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx,
DEBUG(2,("Failed to create secret record %s: %s\n",
ldb_dn_get_linearized(msg->dn),
ldb_errstring(ldb)));
- talloc_free(msg);
+ talloc_free(frame);
return NT_STATUS_ACCESS_DENIED;
}
- talloc_free(msg);
+ talloc_free(frame);
return NT_STATUS_OK;
}
@@ -183,8 +179,7 @@ static NTSTATUS get_lsa_secret(TALLOC_CTX *mem_ctx,
{
TALLOC_CTX *tmp_mem;
struct ldb_result *res;
- struct ldb_dn *domain_dn;
- struct ldb_dn *system_dn;
+ struct ldb_dn *system_dn = NULL;
const struct ldb_val *val;
uint8_t *data;
const char *attrs[] = {
@@ -196,17 +191,12 @@ static NTSTATUS get_lsa_secret(TALLOC_CTX *mem_ctx,
lsa_secret->data = NULL;
lsa_secret->length = 0;
- domain_dn = ldb_get_default_basedn(ldb);
- if (!domain_dn) {
- return NT_STATUS_INTERNAL_ERROR;
- }
-
tmp_mem = talloc_new(mem_ctx);
if (tmp_mem == NULL) {
return NT_STATUS_NO_MEMORY;
}
- system_dn = samdb_search_dn(ldb, tmp_mem, domain_dn,
"(&(objectClass=container)(cn=System))");
+ system_dn = samdb_system_container_dn(ldb, tmp_mem);
if (system_dn == NULL) {
talloc_free(tmp_mem);
return NT_STATUS_NO_MEMORY;
diff --git a/source4/rpc_server/lsa/lsa_init.c
b/source4/rpc_server/lsa/lsa_init.c
index 689634b9706..1065cc33f4d 100644
--- a/source4/rpc_server/lsa/lsa_init.c
+++ b/source4/rpc_server/lsa/lsa_init.c
@@ -146,10 +146,9 @@ NTSTATUS dcesrv_lsa_get_policy_state(struct
dcesrv_call_state *dce_call,
/* work out the system_dn - useful for so many calls its worth
fetching here */
- state->system_dn = samdb_search_dn(state->sam_ldb, state,
- state->domain_dn,
"(&(objectClass=container)(cn=System))");
- if (!state->system_dn) {
- return NT_STATUS_NO_SUCH_DOMAIN;
+ state->system_dn = samdb_system_container_dn(state->sam_ldb, state);
+ if (state->system_dn == NULL) {
+ return NT_STATUS_NO_MEMORY;
}
state->builtin_sid = dom_sid_parse_talloc(state, SID_BUILTIN);
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c
b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index dc2167f08b2..0b07641f409 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -3941,11 +3941,9 @@ static WERROR fill_trusted_domains_array(TALLOC_CTX
*mem_ctx,
return WERR_INVALID_FLAGS;
}
- system_dn = samdb_search_dn(sam_ctx, mem_ctx,
- ldb_get_default_basedn(sam_ctx),
- "(&(objectClass=container)(cn=System))");
- if (!system_dn) {
- return WERR_GEN_FAILURE;
+ system_dn = samdb_system_container_dn(sam_ctx, mem_ctx);
+ if (system_dn == NULL) {
+ return WERR_NOT_ENOUGH_MEMORY;
}
ret = gendb_search(sam_ctx, mem_ctx, system_dn,
--
Samba Shared Repository
