s4-dsdb: cope with cracknames of form dnsdomain\account

this is used by w2k8r2 when doing a RODC dcpromo

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

diff --git a/source4/dsdb/samdb/cracknames.c b/source4/dsdb/samdb/cracknames.c
index 99d25c4e9ce288350500fa28231a2a25058fd429..63fe34552da2b325013037593e28e5021a77f60c 100644 (file)
--- a/source4/dsdb/samdb/cracknames.c
+++ b/source4/dsdb/samdb/cracknames.c
@@ -453,6 +453,7 @@ WERROR DsCrackNameOneName(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx,
        case DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT: {
                char *p;
                char *domain;
+               struct ldb_dn *dn_domain;
                const char *account = NULL;
 
                domain = talloc_strdup(mem_ctx, name);
@@ -470,9 +471,14 @@ WERROR DsCrackNameOneName(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx,
                        account = &p[1];
                }
 
+               /* it could be in DNS domain form */
+               dn_domain = samdb_dns_domain_to_dn(sam_ctx, mem_ctx, domain);
+               W_ERROR_HAVE_NO_MEMORY(dn_domain);
+
                domain_filter = talloc_asprintf(mem_ctx, 
-                                               "(&(&(nETBIOSName=%s)(objectclass=crossRef))(ncName=*))", 
-                                               ldb_binary_encode_string(mem_ctx, domain));
+                                               "(&(&(|(nETBIOSName=%s)(nCName=%s))(objectclass=crossRef))(ncName=*))",
+                                               ldb_binary_encode_string(mem_ctx, domain),
+                                               ldb_dn_get_linearized(dn_domain));
                W_ERROR_HAVE_NO_MEMORY(domain_filter);
                if (account) {
                        result_filter = talloc_asprintf(mem_ctx, "(sAMAccountName=%s)",