sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Code

Fix all other modules to use ldb_module.h instead of ldb_private.h

Browse Source 
The only 2 modules escaping the rule so far are rootdse and partitions
This commit is contained in:
Simo Sorce 2009-01-30 16:31:19 -05:00
parent 4519eae158
commit d4aeed879b
19 changed files with 817 additions and 574 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
source4/dsdb/samdb/ldb_modules/kludge_acl.c
View File

@ -31,9 +31,7 @@
*/
#include "includes.h"
#include "ldb/include/ldb.h"
#include "ldb/include/ldb_errors.h"
#include "ldb/include/ldb_private.h"
#include "ldb_module.h"
#include "auth/auth.h"
#include "libcli/security/security.h"
#include "dsdb/samdb/samdb.h"
@ -52,15 +50,17 @@ struct kludge_private_data {
static enum security_user_level what_is_user(struct ldb_module *module)
{
struct ldb_context *ldb = ldb_module_get_ctx(module);
struct auth_session_info *session_info
= (struct auth_session_info *)ldb_get_opaque(module->ldb, "sessionInfo");
= (struct auth_session_info *)ldb_get_opaque(ldb, "sessionInfo");
return security_session_user_level(session_info);
}
static const char *user_name(TALLOC_CTX *mem_ctx, struct ldb_module *module)
{
struct ldb_context *ldb = ldb_module_get_ctx(module);
struct auth_session_info *session_info
= (struct auth_session_info *)ldb_get_opaque(module->ldb, "sessionInfo");
= (struct auth_session_info *)ldb_get_opaque(ldb, "sessionInfo");
if (!session_info) {
return "UNKNOWN (NULL)";
}
@ -209,12 +209,14 @@ static int kludge_acl_childClasses(struct ldb_context *ldb, struct ldb_message *
static int kludge_acl_callback(struct ldb_request *req, struct ldb_reply *ares)
{
struct ldb_context *ldb;
struct kludge_acl_context *ac;
struct kludge_private_data *data;
int i, ret;
ac = talloc_get_type(req->context, struct kludge_acl_context);
data = talloc_get_type(ac->module->private_data, struct kludge_private_data);
data = talloc_get_type(ldb_module_get_private(ac->module), struct kludge_private_data);
ldb = ldb_module_get_ctx(ac->module);
if (!ares) {
return ldb_module_done(ac->req, NULL, NULL,
@ -228,7 +230,7 @@ static int kludge_acl_callback(struct ldb_request *req, struct ldb_reply *ares)
switch (ares->type) {
case LDB_REPLY_ENTRY:
if (ac->allowedAttributes) {
ret = kludge_acl_allowedAttributes(ac->module->ldb,
ret = kludge_acl_allowedAttributes(ldb,
ares->message,
"allowedAttributes");
if (ret != LDB_SUCCESS) {
@ -236,7 +238,7 @@ static int kludge_acl_callback(struct ldb_request *req, struct ldb_reply *ares)
}
}
if (ac->allowedChildClasses) {
ret = kludge_acl_childClasses(ac->module->ldb,
ret = kludge_acl_childClasses(ldb,
ares->message,
"allowedChildClasses");
if (ret != LDB_SUCCESS) {
@ -249,14 +251,14 @@ static int kludge_acl_callback(struct ldb_request *req, struct ldb_reply *ares)
switch (ac->user_type) {
case SECURITY_SYSTEM:
if (ac->allowedAttributesEffective) {
ret = kludge_acl_allowedAttributes(ac->module->ldb, ares->message,
ret = kludge_acl_allowedAttributes(ldb, ares->message,
"allowedAttributesEffective");
if (ret != LDB_SUCCESS) {
return ldb_module_done(ac->req, NULL, NULL, ret);
}
}
if (ac->allowedChildClassesEffective) {
ret = kludge_acl_childClasses(ac->module->ldb, ares->message,
ret = kludge_acl_childClasses(ldb, ares->message,
"allowedChildClassesEffective");
if (ret != LDB_SUCCESS) {
return ldb_module_done(ac->req, NULL, NULL, ret);
@ -266,14 +268,14 @@ static int kludge_acl_callback(struct ldb_request *req, struct ldb_reply *ares)
case SECURITY_ADMINISTRATOR:
if (ac->allowedAttributesEffective) {
ret = kludge_acl_allowedAttributes(ac->module->ldb, ares->message,
ret = kludge_acl_allowedAttributes(ldb, ares->message,
"allowedAttributesEffective");
if (ret != LDB_SUCCESS) {
return ldb_module_done(ac->req, NULL, NULL, ret);
}
}
if (ac->allowedChildClassesEffective) {
ret = kludge_acl_childClasses(ac->module->ldb, ares->message,
ret = kludge_acl_childClasses(ldb, ares->message,
"allowedChildClassesEffective");
if (ret != LDB_SUCCESS) {
return ldb_module_done(ac->req, NULL, NULL, ret);
@ -316,6 +318,7 @@ static int kludge_acl_callback(struct ldb_request *req, struct ldb_reply *ares)
static int kludge_acl_search(struct ldb_module *module, struct ldb_request *req)
{
struct ldb_context *ldb;
struct kludge_acl_context *ac;
struct ldb_request *down_req;
struct kludge_private_data *data;
@ -324,13 +327,15 @@ static int kludge_acl_search(struct ldb_module *module, struct ldb_request *req)
struct ldb_control *sd_control;
struct ldb_control **sd_saved_controls;
ldb = ldb_module_get_ctx(module);
ac = talloc(req, struct kludge_acl_context);
if (ac == NULL) {
ldb_oom(module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
data = talloc_get_type(module->private_data, struct kludge_private_data);
data = talloc_get_type(ldb_module_get_private(module), struct kludge_private_data);
ac->module = module;
ac->req = req;
@ -372,7 +377,7 @@ static int kludge_acl_search(struct ldb_module *module, struct ldb_request *req)
}
ret = ldb_build_search_req_ex(&down_req,
module->ldb, ac,
ldb, ac,
req->op.search.base,
req->op.search.scope,
req->op.search.tree,
@ -402,13 +407,14 @@ static int kludge_acl_search(struct ldb_module *module, struct ldb_request *req)
/* ANY change type */
static int kludge_acl_change(struct ldb_module *module, struct ldb_request *req)
{
struct ldb_context *ldb = ldb_module_get_ctx(module);
enum security_user_level user_type = what_is_user(module);
switch (user_type) {
case SECURITY_SYSTEM:
case SECURITY_ADMINISTRATOR:
return ldb_next_request(module, req);
default:
ldb_asprintf_errstring(module->ldb,
ldb_asprintf_errstring(ldb,
"kludge_acl_change: "
"attempted database modify not permitted. "
"User %s is not SYSTEM or an administrator",
@ -419,6 +425,7 @@ static int kludge_acl_change(struct ldb_module *module, struct ldb_request *req)
static int kludge_acl_extended(struct ldb_module *module, struct ldb_request *req)
{
struct ldb_context *ldb = ldb_module_get_ctx(module);
enum security_user_level user_type;
/* allow everybody to read the sequence number */
@ -434,7 +441,7 @@ static int kludge_acl_extended(struct ldb_module *module, struct ldb_request *re
case SECURITY_ADMINISTRATOR:
return ldb_next_request(module, req);
default:
ldb_asprintf_errstring(module->ldb,
ldb_asprintf_errstring(ldb,
"kludge_acl_change: "
"attempted database modify not permitted. "
"User %s is not SYSTEM or an administrator",
@ -445,6 +452,7 @@ static int kludge_acl_extended(struct ldb_module *module, struct ldb_request *re
static int kludge_acl_init(struct ldb_module *module)
{
struct ldb_context *ldb;
int ret, i;
TALLOC_CTX *mem_ctx = talloc_new(module);
static const char *attrs[] = { "passwordAttribute", NULL };
@ -454,22 +462,24 @@ static int kludge_acl_init(struct ldb_module *module)
struct kludge_private_data *data;
ldb = ldb_module_get_ctx(module);
data = talloc(module, struct kludge_private_data);
if (data == NULL) {
ldb_oom(module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
data->password_attrs = NULL;
module->private_data = data;
ldb_module_set_private(module, data);
if (!mem_ctx) {
ldb_oom(module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
ret = ldb_search(module->ldb, mem_ctx, &res,
ldb_dn_new(mem_ctx, module->ldb, "@KLUDGEACL"),
ret = ldb_search(ldb, mem_ctx, &res,
ldb_dn_new(mem_ctx, ldb, "@KLUDGEACL"),
LDB_SCOPE_BASE, attrs, NULL);
if (ret != LDB_SUCCESS) {
goto done;
@ -492,7 +502,7 @@ static int kludge_acl_init(struct ldb_module *module)
data->password_attrs = talloc_array(data, const char *, password_attributes->num_values + 1);
if (!data->password_attrs) {
talloc_free(mem_ctx);
ldb_oom(module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
for (i=0; i < password_attributes->num_values; i++) {
@ -503,7 +513,7 @@ static int kludge_acl_init(struct ldb_module *module)
ret = ldb_mod_register_control(module, LDB_CONTROL_SD_FLAGS_OID);
if (ret != LDB_SUCCESS) {
ldb_debug(module->ldb, LDB_DEBUG_ERROR,
ldb_debug(ldb, LDB_DEBUG_ERROR,
"partition: Unable to register control with rootdse!\n");
return LDB_ERR_OPERATIONS_ERROR;
}

102
source4/dsdb/samdb/ldb_modules/linked_attributes.c
View File

@ -29,10 +29,7 @@
*/
#include "includes.h"
#include "ldb/include/ldb.h"
#include "ldb/include/ldb_errors.h"
#include "ldb/include/ldb_private.h"
#include "ldb/include/dlinklist.h"
#include "ldb_module.h"
#include "dsdb/samdb/samdb.h"
struct la_op_store {
@ -65,15 +62,18 @@ struct la_context {
static struct la_context *linked_attributes_init(struct ldb_module *module,
struct ldb_request *req)
{
struct ldb_context *ldb;
struct la_context *ac;
ldb = ldb_module_get_ctx(module);
ac = talloc_zero(req, struct la_context);
if (ac == NULL) {
ldb_oom(module->ldb);
ldb_oom(ldb);
return NULL;
}
ac->schema = dsdb_get_schema(module->ldb);
ac->schema = dsdb_get_schema(ldb);
ac->module = module;
ac->req = req;
@ -86,19 +86,22 @@ static int la_store_op(struct la_context *ac,
enum la_op op, struct ldb_val *dn,
const char *name)
{
struct ldb_context *ldb;
struct la_op_store *os;
struct ldb_dn *op_dn;
op_dn = ldb_dn_from_ldb_val(ac, ac->module->ldb, dn);
ldb = ldb_module_get_ctx(ac->module);
op_dn = ldb_dn_from_ldb_val(ac, ldb, dn);
if (!op_dn) {
ldb_asprintf_errstring(ac->module->ldb,
ldb_asprintf_errstring(ldb,
"could not parse attribute as a DN");
return LDB_ERR_INVALID_DN_SYNTAX;
}
os = talloc_zero(ac, struct la_op_store);
if (!os) {
ldb_oom(ac->module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
@ -108,7 +111,7 @@ static int la_store_op(struct la_context *ac,
os->name = talloc_strdup(os, name);
if (!os->name) {
ldb_oom(ac->module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
@ -136,12 +139,15 @@ static int la_down_req(struct la_context *ac);
/* add */
static int linked_attributes_add(struct ldb_module *module, struct ldb_request *req)
{
struct ldb_context *ldb;
const struct dsdb_attribute *target_attr;
struct la_context *ac;
const char *attr_name;
int ret;
int i, j;
ldb = ldb_module_get_ctx(module);
if (ldb_dn_is_special(req->op.add.message->dn)) {
/* do not manipulate our control entries */
return ldb_next_request(module, req);
@ -164,7 +170,7 @@ static int linked_attributes_add(struct ldb_module *module, struct ldb_request *
const struct dsdb_attribute *schema_attr
= dsdb_attribute_by_lDAPDisplayName(ac->schema, el->name);
if (!schema_attr) {
ldb_asprintf_errstring(module->ldb,
ldb_asprintf_errstring(ldb,
"attribute %s is not a valid attribute in schema", el->name);
return LDB_ERR_OBJECT_CLASS_VIOLATION;
}
@ -175,7 +181,7 @@ static int linked_attributes_add(struct ldb_module *module, struct ldb_request *
if ((schema_attr->linkID & 1) == 1) {
/* Odd is for the target. Illigal to modify */
ldb_asprintf_errstring(module->ldb,
ldb_asprintf_errstring(ldb,
"attribute %s must not be modified directly, it is a linked attribute", el->name);
return LDB_ERR_UNWILLING_TO_PERFORM;
}
@ -222,6 +228,7 @@ static int linked_attributes_add(struct ldb_module *module, struct ldb_request *
static int la_mod_search_callback(struct ldb_request *req, struct ldb_reply *ares)
{
struct ldb_context *ldb;
const struct dsdb_attribute *schema_attr;
const struct dsdb_attribute *target_attr;
struct ldb_message_element *search_el;
@ -232,6 +239,7 @@ static int la_mod_search_callback(struct ldb_request *req, struct ldb_reply *are
int ret = LDB_SUCCESS;
ac = talloc_get_type(req->context, struct la_context);
ldb = ldb_module_get_ctx(ac->module);
rc = ac->rc;
if (!ares) {
@ -248,7 +256,7 @@ static int la_mod_search_callback(struct ldb_request *req, struct ldb_reply *are
case LDB_REPLY_ENTRY:
if (ldb_dn_compare(ares->message->dn, ac->req->op.mod.message->dn) != 0) {
ldb_asprintf_errstring(ac->module->ldb,
ldb_asprintf_errstring(ldb,
"linked_attributes: %s is not the DN we were looking for", ldb_dn_get_linearized(ares->message->dn));
/* Guh? We only asked for this DN */
talloc_free(ares);
@ -263,7 +271,7 @@ static int la_mod_search_callback(struct ldb_request *req, struct ldb_reply *are
schema_attr = dsdb_attribute_by_lDAPDisplayName(ac->schema, rc->el[i].name);
if (!schema_attr) {
ldb_asprintf_errstring(ac->module->ldb,
ldb_asprintf_errstring(ldb,
"attribute %s is not a valid attribute in schema",
rc->el[i].name);
talloc_free(ares);
@ -348,6 +356,7 @@ static int linked_attributes_modify(struct ldb_module *module, struct ldb_reques
/* Determine the effect of the modification */
/* Apply the modify to the linked entry */
struct ldb_context *ldb;
int i, j;
struct la_context *ac;
struct ldb_request *search_req;
@ -355,6 +364,8 @@ static int linked_attributes_modify(struct ldb_module *module, struct ldb_reques
int ret;
ldb = ldb_module_get_ctx(module);
if (ldb_dn_is_special(req->op.mod.message->dn)) {
/* do not manipulate our control entries */
return ldb_next_request(module, req);
@ -372,7 +383,7 @@ static int linked_attributes_modify(struct ldb_module *module, struct ldb_reques
ac->rc = talloc_zero(ac, struct replace_context);
if (!ac->rc) {
ldb_oom(module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
@ -384,7 +395,7 @@ static int linked_attributes_modify(struct ldb_module *module, struct ldb_reques
const struct dsdb_attribute *schema_attr
= dsdb_attribute_by_lDAPDisplayName(ac->schema, el->name);
if (!schema_attr) {
ldb_asprintf_errstring(module->ldb,
ldb_asprintf_errstring(ldb,
"attribute %s is not a valid attribute in schema", el->name);
return LDB_ERR_OBJECT_CLASS_VIOLATION;
}
@ -395,7 +406,7 @@ static int linked_attributes_modify(struct ldb_module *module, struct ldb_reques
if ((schema_attr->linkID & 1) == 1) {
/* Odd is for the target. Illegal to modify */
ldb_asprintf_errstring(module->ldb,
ldb_asprintf_errstring(ldb,
"attribute %s must not be modified directly, it is a linked attribute", el->name);
return LDB_ERR_UNWILLING_TO_PERFORM;
}
@ -466,7 +477,7 @@ static int linked_attributes_modify(struct ldb_module *module, struct ldb_reques
struct ldb_message_element,
ac->rc->num_elements +1);
if (!search_el) {
ldb_oom(module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
ac->rc->el = search_el;
@ -482,7 +493,7 @@ static int linked_attributes_modify(struct ldb_module *module, struct ldb_reques
attrs = talloc_array(ac->rc, const char *, ac->rc->num_elements + 1);
if (!attrs) {
ldb_oom(module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
for (i = 0; ac->rc && i < ac->rc->num_elements; i++) {
@ -491,7 +502,7 @@ static int linked_attributes_modify(struct ldb_module *module, struct ldb_reques
attrs[i] = NULL;
/* The callback does all the hard work here */
ret = ldb_build_search_req(&search_req, module->ldb, ac,
ret = ldb_build_search_req(&search_req, ldb, ac,
req->op.mod.message->dn,
LDB_SCOPE_BASE,
"(objectClass=*)", attrs,
@ -523,6 +534,7 @@ static int linked_attributes_modify(struct ldb_module *module, struct ldb_reques
/* delete, rename */
static int linked_attributes_del(struct ldb_module *module, struct ldb_request *req)
{
struct ldb_context *ldb;
struct ldb_request *search_req;
struct la_context *ac;
const char **attrs;
@ -538,6 +550,8 @@ static int linked_attributes_del(struct ldb_module *module, struct ldb_request *
- Regain our sainity
*/
ldb = ldb_module_get_ctx(module);
ac = linked_attributes_init(module, req);
if (!ac) {
return LDB_ERR_OPERATIONS_ERROR;
@ -553,7 +567,7 @@ static int linked_attributes_del(struct ldb_module *module, struct ldb_request *
return LDB_ERR_OPERATIONS_ERROR;
}
ret = ldb_build_search_req(&search_req, module->ldb, req,
ret = ldb_build_search_req(&search_req, ldb, req,
req->op.del.dn, LDB_SCOPE_BASE,
"(objectClass=*)", attrs,
NULL,
@ -601,6 +615,7 @@ static int linked_attributes_rename(struct ldb_module *module, struct ldb_reques
static int la_op_search_callback(struct ldb_request *req,
struct ldb_reply *ares)
{
struct ldb_context *ldb;
struct la_context *ac;
const struct dsdb_attribute *schema_attr;
const struct dsdb_attribute *target_attr;
@ -610,6 +625,7 @@ static int la_op_search_callback(struct ldb_request *req,
int ret;
ac = talloc_get_type(req->context, struct la_context);
ldb = ldb_module_get_ctx(ac->module);
if (!ares) {
return ldb_module_done(ac->req, NULL, NULL,
@ -647,7 +663,7 @@ static int la_op_search_callback(struct ldb_request *req,
break;
default:
talloc_free(ares);
ldb_set_errstring(ac->module->ldb,
ldb_set_errstring(ldb,
"operations must be delete or rename");
return ldb_module_done(ac->req, NULL, NULL,
LDB_ERR_OPERATIONS_ERROR);
@ -658,7 +674,7 @@ static int la_op_search_callback(struct ldb_request *req,
schema_attr = dsdb_attribute_by_lDAPDisplayName(ac->schema, el->name);
if (!schema_attr) {
ldb_asprintf_errstring(ac->module->ldb,
ldb_asprintf_errstring(ldb,
"attribute %s is not a valid attribute"
" in schema", el->name);
talloc_free(ares);
@ -737,7 +753,7 @@ static int la_op_search_callback(struct ldb_request *req,
default:
talloc_free(ares);
ldb_set_errstring(ac->module->ldb,
ldb_set_errstring(ldb,
"operations must be delete or rename");
return ldb_module_done(ac->req, NULL, NULL,
LDB_ERR_OPERATIONS_ERROR);
@ -764,7 +780,7 @@ static int la_do_mod_request(struct la_context *ac)
ac->op_response, LDB_SUCCESS);
}
ldb = ac->module->ldb;
ldb = ldb_module_get_ctx(ac->module);
/* Create the modify request */
new_msg = ldb_msg_new(ac);
@ -797,7 +813,7 @@ static int la_do_mod_request(struct la_context *ac)
}
#if 0
ldb_debug(ac->module->ldb, LDB_DEBUG_WARNING,
ldb_debug(ldb, LDB_DEBUG_WARNING,
"link on %s %s: %s %s\n",
ldb_dn_get_linearized(new_msg->dn), ret_el->name,
ret_el->values[0].data, ac->ops->op == LA_OP_ADD ? "added" : "deleted");
@ -822,9 +838,11 @@ static int la_do_mod_request(struct la_context *ac)
static int la_mod_callback(struct ldb_request *req, struct ldb_reply *ares)
{
struct la_context *ac;
struct ldb_context *ldb;
struct la_op_store *os;
ac = talloc_get_type(req->context, struct la_context);
ldb = ldb_module_get_ctx(ac->module);
if (!ares) {
return ldb_module_done(ac->req, NULL, NULL,
@ -836,7 +854,7 @@ static int la_mod_callback(struct ldb_request *req, struct ldb_reply *ares)
}
if (ares->type != LDB_REPLY_DONE) {
ldb_set_errstring(ac->module->ldb,
ldb_set_errstring(ldb,
"invalid ldb_reply_type in callback");
talloc_free(ares);
return ldb_module_done(ac->req, NULL, NULL,
@ -860,7 +878,10 @@ static int la_mod_del_callback(struct ldb_request *req, struct ldb_reply *ares)
{
int ret;
struct la_context *ac;
struct ldb_context *ldb;
ac = talloc_get_type(req->context, struct la_context);
ldb = ldb_module_get_ctx(ac->module);
if (!ares) {
return ldb_module_done(ac->req, NULL, NULL,
@ -872,7 +893,7 @@ static int la_mod_del_callback(struct ldb_request *req, struct ldb_reply *ares)
}
if (ares->type != LDB_REPLY_DONE) {
ldb_set_errstring(ac->module->ldb,
ldb_set_errstring(ldb,
"invalid ldb_reply_type in callback");
talloc_free(ares);
return ldb_module_done(ac->req, NULL, NULL,
@ -903,7 +924,10 @@ static int la_rename_callback(struct ldb_request *req, struct ldb_reply *ares)
struct ldb_request *search_req;
const char **attrs;
WERROR werr;
struct ldb_context *ldb;
ac = talloc_get_type(req->context, struct la_context);
ldb = ldb_module_get_ctx(ac->module);
if (!ares) {
return ldb_module_done(ac->req, NULL, NULL,
@ -915,7 +939,7 @@ static int la_rename_callback(struct ldb_request *req, struct ldb_reply *ares)
}
if (ares->type != LDB_REPLY_DONE) {
ldb_set_errstring(ac->module->ldb,
ldb_set_errstring(ldb,
"invalid ldb_reply_type in callback");
talloc_free(ares);
return ldb_module_done(ac->req, NULL, NULL,
@ -927,7 +951,7 @@ static int la_rename_callback(struct ldb_request *req, struct ldb_reply *ares)
return LDB_ERR_OPERATIONS_ERROR;
}
ret = ldb_build_search_req(&search_req, ac->module->ldb, req,
ret = ldb_build_search_req(&search_req, ldb, req,
ac->req->op.rename.newdn, LDB_SCOPE_BASE,
"(objectClass=*)", attrs,
NULL,
@ -964,7 +988,10 @@ static int la_add_callback(struct ldb_request *req, struct ldb_reply *ares)
{
int ret;
struct la_context *ac;
struct ldb_context *ldb;
ac = talloc_get_type(req->context, struct la_context);
ldb = ldb_module_get_ctx(ac->module);
if (!ares) {
return ldb_module_done(ac->req, NULL, NULL,
@ -976,7 +1003,7 @@ static int la_add_callback(struct ldb_request *req, struct ldb_reply *ares)
}
if (ares->type != LDB_REPLY_DONE) {
ldb_set_errstring(ac->module->ldb,
ldb_set_errstring(ldb,
"invalid ldb_reply_type in callback");
talloc_free(ares);
return ldb_module_done(ac->req, NULL, NULL,
@ -989,7 +1016,7 @@ static int la_add_callback(struct ldb_request *req, struct ldb_reply *ares)
/* The callback does all the hard work here - we need
* the objectGUID and SID of the added record */
ret = ldb_build_search_req(&search_req, ac->module->ldb, ac,
ret = ldb_build_search_req(&search_req, ldb, ac,
ac->req->op.add.message->dn,
LDB_SCOPE_BASE,
"(objectClass=*)", attrs,
@ -1023,31 +1050,34 @@ static int la_down_req(struct la_context *ac)
{
struct ldb_request *down_req;
int ret;
struct ldb_context *ldb;
ldb = ldb_module_get_ctx(ac->module);
switch (ac->req->operation) {
case LDB_ADD:
ret = ldb_build_add_req(&down_req, ac->module->ldb, ac,
ret = ldb_build_add_req(&down_req, ldb, ac,
ac->req->op.add.message,
ac->req->controls,
ac, la_add_callback,
ac->req);
break;
case LDB_MODIFY:
ret = ldb_build_mod_req(&down_req, ac->module->ldb, ac,
ret = ldb_build_mod_req(&down_req, ldb, ac,
ac->req->op.mod.message,
ac->req->controls,
ac, la_mod_del_callback,
ac->req);
break;
case LDB_DELETE:
ret = ldb_build_del_req(&down_req, ac->module->ldb, ac,
ret = ldb_build_del_req(&down_req, ldb, ac,
ac->req->op.del.dn,
ac->req->controls,
ac, la_mod_del_callback,
ac->req);
break;
case LDB_RENAME:
ret = ldb_build_rename_req(&down_req, ac->module->ldb, ac,
ret = ldb_build_rename_req(&down_req, ldb, ac,
ac->req->op.rename.olddn,
ac->req->op.rename.newdn,
ac->req->controls,

105
source4/dsdb/samdb/ldb_modules/local_password.c
View File

@ -31,8 +31,7 @@
#include "includes.h"
#include "libcli/ldap/ldap.h"
#include "ldb/include/ldb_errors.h"
#include "ldb/include/ldb_private.h"
#include "ldb_module.h"
#include "dsdb/samdb/samdb.h"
#include "librpc/ndr/libndr.h"
#include "dsdb/samdb/ldb_modules/password_modules.h"
@ -89,11 +88,14 @@ struct lpdb_context {
static struct lpdb_context *lpdb_init_context(struct ldb_module *module,
struct ldb_request *req)
{
struct ldb_context *ldb;
struct lpdb_context *ac;
ldb = ldb_module_get_ctx(module);
ac = talloc_zero(req, struct lpdb_context);
if (ac == NULL) {
ldb_set_errstring(module->ldb, "Out of Memory");
ldb_set_errstring(ldb, "Out of Memory");
return NULL;
}
@ -105,9 +107,11 @@ static struct lpdb_context *lpdb_init_context(struct ldb_module *module,
static int lpdb_local_callback(struct ldb_request *req, struct ldb_reply *ares)
{
struct ldb_context *ldb;
struct lpdb_context *ac;
ac = talloc_get_type(req->context, struct lpdb_context);
ldb = ldb_module_get_ctx(ac->module);
if (!ares) {
return ldb_module_done(ac->req, NULL, NULL,
@ -119,7 +123,7 @@ static int lpdb_local_callback(struct ldb_request *req, struct ldb_reply *ares)
}
if (ares->type != LDB_REPLY_DONE) {
ldb_set_errstring(ac->module->ldb, "Unexpected reply type");
ldb_set_errstring(ldb, "Unexpected reply type");
talloc_free(ares);
return ldb_module_done(ac->req, NULL, NULL,
LDB_ERR_OPERATIONS_ERROR);
@ -141,6 +145,7 @@ static int lpdb_add_callback(struct ldb_request *req,
static int local_password_add(struct ldb_module *module, struct ldb_request *req)
{
struct ldb_context *ldb;
struct ldb_message *remote_message;
struct ldb_request *remote_req;
struct lpdb_context *ac;
@ -148,14 +153,15 @@ static int local_password_add(struct ldb_module *module, struct ldb_request *req
int ret;
int i;
ldb_debug(module->ldb, LDB_DEBUG_TRACE, "local_password_add\n");
ldb = ldb_module_get_ctx(module);
ldb_debug(ldb, LDB_DEBUG_TRACE, "local_password_add\n");
if (ldb_dn_is_special(req->op.add.message->dn)) { /* do not manipulate our control entries */
return ldb_next_request(module, req);
}
/* If the caller is manipulating the local passwords directly, let them pass */
if (ldb_dn_compare_base(ldb_dn_new(req, module->ldb, LOCAL_BASE),
if (ldb_dn_compare_base(ldb_dn_new(req, ldb, LOCAL_BASE),
req->op.add.message->dn) == 0) {
return ldb_next_request(module, req);
}
@ -173,7 +179,7 @@ static int local_password_add(struct ldb_module *module, struct ldb_request *req
/* TODO: remove this when userPassword will be in schema */
if (!ldb_msg_check_string_attribute(req->op.add.message, "objectClass", "person")) {
ldb_asprintf_errstring(module->ldb,
ldb_asprintf_errstring(ldb,
"Cannot relocate a password on entry: %s, does not have objectClass 'person'",
ldb_dn_get_linearized(req->op.add.message->dn));
return LDB_ERR_OBJECT_CLASS_VIOLATION;
@ -213,7 +219,7 @@ static int local_password_add(struct ldb_module *module, struct ldb_request *req
* to add the password. This may be changed to an 'add and
* search', to allow the directory to create the objectGUID */
if (ldb_msg_find_ldb_val(req->op.add.message, "objectGUID") == NULL) {
ldb_set_errstring(module->ldb,
ldb_set_errstring(ldb,
"no objectGUID found in search: "
"local_password module must be "
"onfigured below objectGUID module!\n");
@ -221,7 +227,7 @@ static int local_password_add(struct ldb_module *module, struct ldb_request *req
}
ac->local_message->dn = ldb_dn_new(ac->local_message,
module->ldb, LOCAL_BASE);
ldb, LOCAL_BASE);
if ((ac->local_message->dn == NULL) ||
( ! ldb_dn_add_child_fmt(ac->local_message->dn,
PASSWORD_GUID_ATTR "=%s",
@ -230,7 +236,7 @@ static int local_password_add(struct ldb_module *module, struct ldb_request *req
return LDB_ERR_OPERATIONS_ERROR;
}
ret = ldb_build_add_req(&remote_req, module->ldb, ac,
ret = ldb_build_add_req(&remote_req, ldb, ac,
remote_message,
req->controls,
ac, lpdb_add_callback,
@ -247,11 +253,13 @@ static int local_password_add(struct ldb_module *module, struct ldb_request *req
static int lpdb_add_callback(struct ldb_request *req,
struct ldb_reply *ares)
{
struct ldb_context *ldb;
struct ldb_request *local_req;
struct lpdb_context *ac;
int ret;
ac = talloc_get_type(req->context, struct lpdb_context);
ldb = ldb_module_get_ctx(ac->module);
if (!ares) {
return ldb_module_done(ac->req, NULL, NULL,
@ -263,7 +271,7 @@ static int lpdb_add_callback(struct ldb_request *req,
}
if (ares->type != LDB_REPLY_DONE) {
ldb_set_errstring(ac->module->ldb, "Unexpected reply type");
ldb_set_errstring(ldb, "Unexpected reply type");
talloc_free(ares);
return ldb_module_done(ac->req, NULL, NULL,
LDB_ERR_OPERATIONS_ERROR);
@ -271,7 +279,7 @@ static int lpdb_add_callback(struct ldb_request *req,
ac->remote_done = talloc_steal(ac, ares);
ret = ldb_build_add_req(&local_req, ac->module->ldb, ac,
ret = ldb_build_add_req(&local_req, ldb, ac,
ac->local_message,
NULL,
ac, lpdb_local_callback,
@ -298,20 +306,22 @@ static int lpdb_mod_search_callback(struct ldb_request *req,
static int local_password_modify(struct ldb_module *module, struct ldb_request *req)
{
struct ldb_context *ldb;
struct lpdb_context *ac;
struct ldb_message *remote_message;
struct ldb_request *remote_req;
int ret;
int i;
ldb_debug(module->ldb, LDB_DEBUG_TRACE, "local_password_modify\n");
ldb = ldb_module_get_ctx(module);
ldb_debug(ldb, LDB_DEBUG_TRACE, "local_password_modify\n");
if (ldb_dn_is_special(req->op.mod.message->dn)) { /* do not manipulate our control entries */
return ldb_next_request(module, req);
}
/* If the caller is manipulating the local passwords directly, let them pass */
if (ldb_dn_compare_base(ldb_dn_new(req, module->ldb, LOCAL_BASE),
if (ldb_dn_compare_base(ldb_dn_new(req, ldb, LOCAL_BASE),
req->op.mod.message->dn) == 0) {
return ldb_next_request(module, req);
}
@ -354,7 +364,7 @@ static int local_password_modify(struct ldb_module *module, struct ldb_request *
ldb_msg_remove_attr(ac->local_message, remote_message->elements[i].name);
}
ret = ldb_build_mod_req(&remote_req, module->ldb, ac,
ret = ldb_build_mod_req(&remote_req, ldb, ac,
remote_message,
req->controls,
ac, lpdb_modify_callabck,
@ -371,12 +381,14 @@ static int local_password_modify(struct ldb_module *module, struct ldb_request *
static int lpdb_modify_callabck(struct ldb_request *req,
struct ldb_reply *ares)
{
struct ldb_context *ldb;
static const char * const attrs[] = { "objectGUID", "objectClass", NULL };
struct ldb_request *search_req;
struct lpdb_context *ac;
int ret;
ac = talloc_get_type(req->context, struct lpdb_context);
ldb = ldb_module_get_ctx(ac->module);
if (!ares) {
return ldb_module_done(ac->req, NULL, NULL,
@ -388,7 +400,7 @@ static int lpdb_modify_callabck(struct ldb_request *req,
}
if (ares->type != LDB_REPLY_DONE) {
ldb_set_errstring(ac->module->ldb, "Unexpected reply type");
ldb_set_errstring(ldb, "Unexpected reply type");
talloc_free(ares);
return ldb_module_done(ac->req, NULL, NULL,
LDB_ERR_OPERATIONS_ERROR);
@ -397,7 +409,7 @@ static int lpdb_modify_callabck(struct ldb_request *req,
ac->remote_done = talloc_steal(ac, ares);
/* prepare the search operation */
ret = ldb_build_search_req(&search_req, ac->module->ldb, ac,
ret = ldb_build_search_req(&search_req, ldb, ac,
ac->req->op.mod.message->dn, LDB_SCOPE_BASE,
"(objectclass=*)", attrs,
NULL,
@ -421,6 +433,7 @@ static int lpdb_modify_callabck(struct ldb_request *req,
static int lpdb_mod_search_callback(struct ldb_request *req,
struct ldb_reply *ares)
{
struct ldb_context *ldb;
struct ldb_request *local_req;
struct lpdb_context *ac;
struct ldb_dn *local_dn;
@ -428,6 +441,7 @@ static int lpdb_mod_search_callback(struct ldb_request *req,
int ret = LDB_SUCCESS;
ac = talloc_get_type(req->context, struct lpdb_context);
ldb = ldb_module_get_ctx(ac->module);
if (!ares) {
return ldb_module_done(ac->req, NULL, NULL,
@ -441,7 +455,7 @@ static int lpdb_mod_search_callback(struct ldb_request *req,
switch (ares->type) {
case LDB_REPLY_ENTRY:
if (ac->remote != NULL) {
ldb_set_errstring(ac->module->ldb, "Too many results");
ldb_set_errstring(ldb, "Too many results");
talloc_free(ares);
return ldb_module_done(ac->req, NULL, NULL,
LDB_ERR_OPERATIONS_ERROR);
@ -465,7 +479,7 @@ static int lpdb_mod_search_callback(struct ldb_request *req,
/* if it is not an entry of type person this is an error */
/* TODO: remove this when sambaPassword will be in schema */
if (ac->remote == NULL) {
ldb_asprintf_errstring(ac->module->ldb,
ldb_asprintf_errstring(ldb,
"entry just modified (%s) not found!",
ldb_dn_get_linearized(req->op.search.base));
return ldb_module_done(ac->req, NULL, NULL,
@ -482,7 +496,7 @@ static int lpdb_mod_search_callback(struct ldb_request *req,
if (ldb_msg_find_ldb_val(ac->remote->message,
"objectGUID") == NULL) {
ldb_set_errstring(ac->module->ldb,
ldb_set_errstring(ldb,
"no objectGUID found in search: "
"local_password module must be "
"configured below objectGUID "
@ -494,7 +508,7 @@ static int lpdb_mod_search_callback(struct ldb_request *req,
objectGUID = samdb_result_guid(ac->remote->message,
"objectGUID");
local_dn = ldb_dn_new(ac, ac->module->ldb, LOCAL_BASE);
local_dn = ldb_dn_new(ac, ldb, LOCAL_BASE);
if ((local_dn == NULL) ||
( ! ldb_dn_add_child_fmt(local_dn,
PASSWORD_GUID_ATTR "=%s",
@ -504,7 +518,7 @@ static int lpdb_mod_search_callback(struct ldb_request *req,
}
ac->local_message->dn = local_dn;
ret = ldb_build_mod_req(&local_req, ac->module->ldb, ac,
ret = ldb_build_mod_req(&local_req, ldb, ac,
ac->local_message,
NULL,
ac, lpdb_local_callback,
@ -535,11 +549,13 @@ static int lpdb_del_search_callback(struct ldb_request *req,
static int local_password_delete(struct ldb_module *module,
struct ldb_request *req)
{
struct ldb_context *ldb;
struct ldb_request *remote_req;
struct lpdb_context *ac;
int ret;
ldb_debug(module->ldb, LDB_DEBUG_TRACE, "local_password_delete\n");
ldb = ldb_module_get_ctx(module);
ldb_debug(ldb, LDB_DEBUG_TRACE, "local_password_delete\n");
/* do not manipulate our control entries */
if (ldb_dn_is_special(req->op.mod.message->dn)) {
@ -548,7 +564,7 @@ static int local_password_delete(struct ldb_module *module,
/* If the caller is manipulating the local passwords directly,
* let them pass */
if (ldb_dn_compare_base(ldb_dn_new(req, module->ldb, LOCAL_BASE),
if (ldb_dn_compare_base(ldb_dn_new(req, ldb, LOCAL_BASE),
req->op.del.dn) == 0) {
return ldb_next_request(module, req);
}
@ -559,7 +575,7 @@ static int local_password_delete(struct ldb_module *module,
return LDB_ERR_OPERATIONS_ERROR;
}
ret = ldb_build_del_req(&remote_req, module->ldb, ac,
ret = ldb_build_del_req(&remote_req, ldb, ac,
req->op.del.dn,
req->controls,
ac, lpdb_delete_callabck,
@ -576,12 +592,14 @@ static int local_password_delete(struct ldb_module *module,
static int lpdb_delete_callabck(struct ldb_request *req,
struct ldb_reply *ares)
{
struct ldb_context *ldb;
static const char * const attrs[] = { "objectGUID", "objectClass", NULL };
struct ldb_request *search_req;
struct lpdb_context *ac;
int ret;
ac = talloc_get_type(req->context, struct lpdb_context);
ldb = ldb_module_get_ctx(ac->module);
if (!ares) {
return ldb_module_done(ac->req, NULL, NULL,
@ -593,7 +611,7 @@ static int lpdb_delete_callabck(struct ldb_request *req,
}
if (ares->type != LDB_REPLY_DONE) {
ldb_set_errstring(ac->module->ldb, "Unexpected reply type");
ldb_set_errstring(ldb, "Unexpected reply type");
talloc_free(ares);
return ldb_module_done(ac->req, NULL, NULL,
LDB_ERR_OPERATIONS_ERROR);
@ -602,7 +620,7 @@ static int lpdb_delete_callabck(struct ldb_request *req,
ac->remote_done = talloc_steal(ac, ares);
/* prepare the search operation */
ret = ldb_build_search_req(&search_req, ac->module->ldb, ac,
ret = ldb_build_search_req(&search_req, ldb, ac,
ac->req->op.del.dn, LDB_SCOPE_BASE,
"(objectclass=*)", attrs,
NULL,
@ -626,6 +644,7 @@ static int lpdb_delete_callabck(struct ldb_request *req,
static int lpdb_del_search_callback(struct ldb_request *req,
struct ldb_reply *ares)
{
struct ldb_context *ldb;
struct ldb_request *local_req;
struct lpdb_context *ac;
struct ldb_dn *local_dn;
@ -633,6 +652,7 @@ static int lpdb_del_search_callback(struct ldb_request *req,
int ret = LDB_SUCCESS;
ac = talloc_get_type(req->context, struct lpdb_context);
ldb = ldb_module_get_ctx(ac->module);
if (!ares) {
return ldb_module_done(ac->req, NULL, NULL,
@ -646,7 +666,7 @@ static int lpdb_del_search_callback(struct ldb_request *req,
switch (ares->type) {
case LDB_REPLY_ENTRY:
if (ac->remote != NULL) {
ldb_set_errstring(ac->module->ldb, "Too many results");
ldb_set_errstring(ldb, "Too many results");
talloc_free(ares);
return ldb_module_done(ac->req, NULL, NULL,
LDB_ERR_OPERATIONS_ERROR);
@ -686,7 +706,7 @@ static int lpdb_del_search_callback(struct ldb_request *req,
if (ldb_msg_find_ldb_val(ac->remote->message,
"objectGUID") == NULL) {
ldb_set_errstring(ac->module->ldb,
ldb_set_errstring(ldb,
"no objectGUID found in search: "
"local_password module must be "
"configured below objectGUID "
@ -698,7 +718,7 @@ static int lpdb_del_search_callback(struct ldb_request *req,
objectGUID = samdb_result_guid(ac->remote->message,
"objectGUID");
local_dn = ldb_dn_new(ac, ac->module->ldb, LOCAL_BASE);
local_dn = ldb_dn_new(ac, ldb, LOCAL_BASE);
if ((local_dn == NULL) ||
( ! ldb_dn_add_child_fmt(local_dn,
PASSWORD_GUID_ATTR "=%s",
@ -707,7 +727,7 @@ static int lpdb_del_search_callback(struct ldb_request *req,
LDB_ERR_OPERATIONS_ERROR);
}
ret = ldb_build_del_req(&local_req, ac->module->ldb, ac,
ret = ldb_build_del_req(&local_req, ldb, ac,
local_dn,
NULL,
ac, lpdb_local_callback,
@ -736,10 +756,13 @@ static int lpdb_local_search_callback(struct ldb_request *req,
static int lpdb_local_search(struct lpdb_context *ac)
{
struct ldb_context *ldb;
struct ldb_request *local_req;
int ret;
ret = ldb_build_search_req(&local_req, ac->module->ldb, ac,
ldb = ldb_module_get_ctx(ac->module);
ret = ldb_build_search_req(&local_req, ldb, ac,
ac->current->local_dn,
LDB_SCOPE_BASE,
"(objectclass=*)",
@ -757,6 +780,7 @@ static int lpdb_local_search(struct lpdb_context *ac)
static int lpdb_local_search_callback(struct ldb_request *req,
struct ldb_reply *ares)
{
struct ldb_context *ldb;
struct lpdb_context *ac;
struct ldb_reply *merge;
struct lpdb_reply *lr;
@ -764,6 +788,7 @@ static int lpdb_local_search_callback(struct ldb_request *req,
int i;
ac = talloc_get_type(req->context, struct lpdb_context);
ldb = ldb_module_get_ctx(ac->module);
if (!ares) {
return ldb_module_done(ac->req, NULL, NULL,
@ -781,7 +806,7 @@ static int lpdb_local_search_callback(struct ldb_request *req,
case LDB_REPLY_ENTRY:
if (lr->remote == NULL) {
ldb_set_errstring(ac->module->ldb,
ldb_set_errstring(ldb,
"Too many results for password entry search!");
talloc_free(ares);
return ldb_module_done(ac->req, NULL, NULL,
@ -868,6 +893,7 @@ static int lpdb_local_search_callback(struct ldb_request *req,
static int lpdb_remote_search_callback(struct ldb_request *req,
struct ldb_reply *ares)
{
struct ldb_context *ldb;
struct lpdb_context *ac;
struct ldb_dn *local_dn;
struct GUID objectGUID;
@ -875,6 +901,7 @@ static int lpdb_remote_search_callback(struct ldb_request *req,
int ret;
ac = talloc_get_type(req->context, struct lpdb_context);
ldb = ldb_module_get_ctx(ac->module);
if (!ares) {
return ldb_module_done(ac->req, NULL, NULL,
@ -903,7 +930,7 @@ static int lpdb_remote_search_callback(struct ldb_request *req,
}
if (ldb_msg_find_ldb_val(ares->message, "objectGUID") == NULL) {
ldb_set_errstring(ac->module->ldb,
ldb_set_errstring(ldb,
"no objectGUID found in search: local_password module must be configured below objectGUID module!\n");
return ldb_module_done(ac->req, NULL, NULL,
LDB_ERR_OPERATIONS_ERROR);
@ -919,7 +946,7 @@ static int lpdb_remote_search_callback(struct ldb_request *req,
ldb_msg_remove_attr(ares->message, "objectClass");
}
local_dn = ldb_dn_new(ac, ac->module->ldb, LOCAL_BASE);
local_dn = ldb_dn_new(ac, ldb, LOCAL_BASE);
if ((local_dn == NULL) ||
(! ldb_dn_add_child_fmt(local_dn,
PASSWORD_GUID_ATTR "=%s",
@ -984,13 +1011,15 @@ static int lpdb_remote_search_callback(struct ldb_request *req,
static int local_password_search(struct ldb_module *module, struct ldb_request *req)
{
struct ldb_context *ldb;
struct ldb_request *remote_req;
struct lpdb_context *ac;
int i;
int ret;
const char * const *search_attrs = NULL;
ldb_debug(module->ldb, LDB_DEBUG_TRACE, "local_password_search\n");
ldb = ldb_module_get_ctx(module);
ldb_debug(ldb, LDB_DEBUG_TRACE, "local_password_search\n");
if (ldb_dn_is_special(req->op.search.base)) { /* do not manipulate our control entries */
return ldb_next_request(module, req);
@ -999,7 +1028,7 @@ static int local_password_search(struct ldb_module *module, struct ldb_request *
search_attrs = NULL;
/* If the caller is searching for the local passwords directly, let them pass */
if (ldb_dn_compare_base(ldb_dn_new(req, module->ldb, LOCAL_BASE),
if (ldb_dn_compare_base(ldb_dn_new(req, ldb, LOCAL_BASE),
req->op.search.base) == 0) {
return ldb_next_request(module, req);
}
@ -1044,7 +1073,7 @@ static int local_password_search(struct ldb_module *module, struct ldb_request *
search_attrs = req->op.search.attrs;
}
ret = ldb_build_search_req_ex(&remote_req, module->ldb, ac,
ret = ldb_build_search_req_ex(&remote_req, ldb, ac,
req->op.search.base,
req->op.search.scope,
req->op.search.tree,

39
source4/dsdb/samdb/ldb_modules/naming_fsmo.c
View File

@ -22,9 +22,7 @@
*/
#include "includes.h"
#include "lib/ldb/include/ldb.h"
#include "lib/ldb/include/ldb_errors.h"
#include "lib/ldb/include/ldb_private.h"
#include "ldb_module.h"
#include "dsdb/samdb/samdb.h"
#include "librpc/gen_ndr/ndr_misc.h"
#include "librpc/gen_ndr/ndr_drsuapi.h"
@ -33,6 +31,7 @@
static int naming_fsmo_init(struct ldb_module *module)
{
struct ldb_context *ldb;
TALLOC_CTX *mem_ctx;
struct ldb_dn *naming_dn;
struct dsdb_naming_fsmo *naming_fsmo;
@ -43,15 +42,17 @@ static int naming_fsmo_init(struct ldb_module *module)
NULL
};
ldb = ldb_module_get_ctx(module);
mem_ctx = talloc_new(module);
if (!mem_ctx) {
ldb_oom(module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
naming_dn = samdb_partitions_dn(module->ldb, mem_ctx);
naming_dn = samdb_partitions_dn(ldb, mem_ctx);
if (!naming_dn) {
ldb_debug(module->ldb, LDB_DEBUG_WARNING,
ldb_debug(ldb, LDB_DEBUG_WARNING,
"naming_fsmo_init: no partitions dn present: (skip loading of naming contexts details)\n");
talloc_free(mem_ctx);
return ldb_next_init(module);
@ -59,55 +60,55 @@ static int naming_fsmo_init(struct ldb_module *module)
naming_fsmo = talloc_zero(mem_ctx, struct dsdb_naming_fsmo);
if (!naming_fsmo) {
ldb_oom(module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
module->private_data = naming_fsmo;
ldb_module_set_private(module, naming_fsmo);
ret = ldb_search(module->ldb, mem_ctx, &naming_res,
ret = ldb_search(ldb, mem_ctx, &naming_res,
naming_dn, LDB_SCOPE_BASE,
naming_attrs, NULL);
if (ret == LDB_ERR_NO_SUCH_OBJECT) {
ldb_debug(module->ldb, LDB_DEBUG_WARNING,
ldb_debug(ldb, LDB_DEBUG_WARNING,
"naming_fsmo_init: no partitions dn present: (skip loading of naming contexts details)\n");
talloc_free(mem_ctx);
return ldb_next_init(module);
}
if (ret != LDB_SUCCESS) {
ldb_debug_set(module->ldb, LDB_DEBUG_FATAL,
ldb_debug_set(ldb, LDB_DEBUG_FATAL,
"naming_fsmo_init: failed to search the cross-ref container: %s: %s",
ldb_strerror(ret), ldb_errstring(module->ldb));
ldb_strerror(ret), ldb_errstring(ldb));
talloc_free(mem_ctx);
return ret;
}
if (naming_res->count == 0) {
ldb_debug(module->ldb, LDB_DEBUG_WARNING,
ldb_debug(ldb, LDB_DEBUG_WARNING,
"naming_fsmo_init: no cross-ref container present: (skip loading of naming contexts details)\n");
talloc_free(mem_ctx);
return ldb_next_init(module);
} else if (naming_res->count > 1) {
ldb_debug_set(module->ldb, LDB_DEBUG_FATAL,
ldb_debug_set(ldb, LDB_DEBUG_FATAL,
"naming_fsmo_init: [%u] cross-ref containers found on a base search",
naming_res->count);
talloc_free(mem_ctx);
return LDB_ERR_CONSTRAINT_VIOLATION;
}
naming_fsmo->master_dn = ldb_msg_find_attr_as_dn(module->ldb, naming_fsmo, naming_res->msgs[0], "fSMORoleOwner");
if (ldb_dn_compare(samdb_ntds_settings_dn(module->ldb), naming_fsmo->master_dn) == 0) {
naming_fsmo->master_dn = ldb_msg_find_attr_as_dn(ldb, naming_fsmo, naming_res->msgs[0], "fSMORoleOwner");
if (ldb_dn_compare(samdb_ntds_settings_dn(ldb), naming_fsmo->master_dn) == 0) {
naming_fsmo->we_are_master = true;
} else {
naming_fsmo->we_are_master = false;
}
if (ldb_set_opaque(module->ldb, "dsdb_naming_fsmo", naming_fsmo) != LDB_SUCCESS) {
ldb_oom(module->ldb);
if (ldb_set_opaque(ldb, "dsdb_naming_fsmo", naming_fsmo) != LDB_SUCCESS) {
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
talloc_steal(module, naming_fsmo);
ldb_debug(module->ldb, LDB_DEBUG_TRACE,
ldb_debug(ldb, LDB_DEBUG_TRACE,
"naming_fsmo_init: we are master: %s\n",
(naming_fsmo->we_are_master?"yes":"no"));

135
source4/dsdb/samdb/ldb_modules/objectclass.c
View File

@ -34,11 +34,8 @@
#include "includes.h"
#include "ldb/include/ldb.h"
#include "ldb/include/ldb_errors.h"
#include "ldb/include/ldb_private.h"
#include "ldb_module.h"
#include "dsdb/samdb/samdb.h"
#include "../lib/util/dlinklist.h"
#include "librpc/ndr/libndr.h"
#include "librpc/gen_ndr/ndr_security.h"
#include "libcli/security/security.h"
@ -63,11 +60,14 @@ struct class_list {
static struct oc_context *oc_init_context(struct ldb_module *module,
struct ldb_request *req)
{
struct ldb_context *ldb;
struct oc_context *ac;
ldb = ldb_module_get_ctx(module);
ac = talloc_zero(req, struct oc_context);
if (ac == NULL) {
ldb_set_errstring(module->ldb, "Out of Memory");
ldb_set_errstring(ldb, "Out of Memory");
return NULL;
}
@ -89,11 +89,14 @@ static int objectclass_sort(struct ldb_module *module,
struct ldb_message_element *objectclass_element,
struct class_list **sorted_out)
{
struct ldb_context *ldb;
int i;
int layer;
struct class_list *sorted = NULL, *parent_class = NULL,
*subclass = NULL, *unsorted = NULL, *current, *poss_subclass, *poss_parent, *new_parent;
ldb = ldb_module_get_ctx(module);
/* DESIGN:
*
* We work on 4 different 'bins' (implemented here as linked lists):
@ -127,12 +130,12 @@ static int objectclass_sort(struct ldb_module *module,
for (i=0; i < objectclass_element->num_values; i++) {
current = talloc(mem_ctx, struct class_list);
if (!current) {
ldb_oom(module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
current->objectclass = dsdb_class_by_lDAPDisplayName(schema, (const char *)objectclass_element->values[i].data);
if (!current->objectclass) {
ldb_asprintf_errstring(module->ldb, "objectclass %s is not a valid objectClass in schema", (const char *)objectclass_element->values[i].data);
ldb_asprintf_errstring(ldb, "objectclass %s is not a valid objectClass in schema", (const char *)objectclass_element->values[i].data);
return LDB_ERR_OBJECT_CLASS_VIOLATION;
}
@ -222,19 +225,20 @@ static int objectclass_sort(struct ldb_module *module,
* was no 'top', a conflict in the objectClasses or some other
* schema error?
*/
ldb_asprintf_errstring(module->ldb, "objectclass %s is not a valid objectClass in objectClass chain", unsorted->objectclass->lDAPDisplayName);
ldb_asprintf_errstring(ldb, "objectclass %s is not a valid objectClass in objectClass chain", unsorted->objectclass->lDAPDisplayName);
return LDB_ERR_OBJECT_CLASS_VIOLATION;
}
static DATA_BLOB *get_sd(struct ldb_module *module, TALLOC_CTX *mem_ctx,
const struct dsdb_class *objectclass)
{
struct ldb_context *ldb = ldb_module_get_ctx(module);
enum ndr_err_code ndr_err;
DATA_BLOB *linear_sd;
struct auth_session_info *session_info
= ldb_get_opaque(module->ldb, "sessionInfo");
= ldb_get_opaque(ldb, "sessionInfo");
struct security_descriptor *sd;
const struct dom_sid *domain_sid = samdb_domain_sid(module->ldb);
const struct dom_sid *domain_sid = samdb_domain_sid(ldb);
if (!objectclass->defaultSecurityDescriptor || !domain_sid) {
return NULL;
@ -257,7 +261,7 @@ static DATA_BLOB *get_sd(struct ldb_module *module, TALLOC_CTX *mem_ctx,
}
ndr_err = ndr_push_struct_blob(linear_sd, mem_ctx,
lp_iconv_convenience(ldb_get_opaque(module->ldb, "loadparm")),
lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm")),
sd,
(ndr_push_flags_fn_t)ndr_push_security_descriptor);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
@ -270,10 +274,12 @@ static DATA_BLOB *get_sd(struct ldb_module *module, TALLOC_CTX *mem_ctx,
static int get_search_callback(struct ldb_request *req, struct ldb_reply *ares)
{
struct ldb_context *ldb;
struct oc_context *ac;
int ret;
ac = talloc_get_type(req->context, struct oc_context);
ldb = ldb_module_get_ctx(ac->module);
if (!ares) {
return ldb_module_done(ac->req, NULL, NULL,
@ -288,7 +294,7 @@ static int get_search_callback(struct ldb_request *req, struct ldb_reply *ares)
switch (ares->type) {
case LDB_REPLY_ENTRY:
if (ac->search_res != NULL) {
ldb_set_errstring(ac->module->ldb, "Too many results");
ldb_set_errstring(ldb, "Too many results");
talloc_free(ares);
return ldb_module_done(ac->req, NULL, NULL,
LDB_ERR_OPERATIONS_ERROR);
@ -402,12 +408,15 @@ static int objectclass_do_add(struct oc_context *ac);
static int objectclass_add(struct ldb_module *module, struct ldb_request *req)
{
struct ldb_context *ldb;
struct ldb_request *search_req;
struct oc_context *ac;
struct ldb_dn *parent_dn;
int ret;
ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectclass_add\n");
ldb = ldb_module_get_ctx(module);
ldb_debug(ldb, LDB_DEBUG_TRACE, "objectclass_add\n");
/* do not manipulate our control entries */
if (ldb_dn_is_special(req->op.add.message->dn)) {
@ -433,11 +442,11 @@ static int objectclass_add(struct ldb_module *module, struct ldb_request *req)
/* get copy of parent DN */
parent_dn = ldb_dn_get_parent(ac, ac->req->op.add.message->dn);
if (parent_dn == NULL) {
ldb_oom(module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
ret = ldb_build_search_req(&search_req, module->ldb,
ret = ldb_build_search_req(&search_req, ldb,
ac, parent_dn, LDB_SCOPE_BASE,
"(objectClass=*)", NULL,
NULL,
@ -455,6 +464,7 @@ static int objectclass_add(struct ldb_module *module, struct ldb_request *req)
static int objectclass_do_add(struct oc_context *ac)
{
struct ldb_context *ldb;
const struct dsdb_schema *schema;
struct ldb_request *add_req;
char *value;
@ -464,7 +474,8 @@ static int objectclass_do_add(struct oc_context *ac)
struct class_list *sorted, *current;
int ret;
schema = dsdb_get_schema(ac->module->ldb);
ldb = ldb_module_get_ctx(ac->module);
schema = dsdb_get_schema(ldb);
mem_ctx = talloc_new(ac);
if (mem_ctx == NULL) {
@ -475,14 +486,14 @@ static int objectclass_do_add(struct oc_context *ac)
/* Check we have a valid parent */
if (ac->search_res == NULL) {
if (ldb_dn_compare(ldb_get_root_basedn(ac->module->ldb),
if (ldb_dn_compare(ldb_get_root_basedn(ldb),
msg->dn) == 0) {
/* Allow the tree to be started */
/* but don't keep any error string, it's meaningless */
ldb_set_errstring(ac->module->ldb, NULL);
ldb_set_errstring(ldb, NULL);
} else {
ldb_asprintf_errstring(ac->module->ldb, "objectclass: Cannot add %s, parent does not exist!",
ldb_asprintf_errstring(ldb, "objectclass: Cannot add %s, parent does not exist!",
ldb_dn_get_linearized(msg->dn));
talloc_free(mem_ctx);
return LDB_ERR_UNWILLING_TO_PERFORM;
@ -496,7 +507,7 @@ static int objectclass_do_add(struct oc_context *ac)
&msg->dn);
if (ret != LDB_SUCCESS) {
ldb_asprintf_errstring(ac->module->ldb, "Could not munge DN %s into normal form",
ldb_asprintf_errstring(ldb, "Could not munge DN %s into normal form",
ldb_dn_get_linearized(ac->req->op.add.message->dn));
talloc_free(mem_ctx);
return ret;
@ -509,7 +520,7 @@ static int objectclass_do_add(struct oc_context *ac)
}
if (schema) {
ret = fix_attributes(ac->module->ldb, schema, msg);
ret = fix_attributes(ldb, schema, msg);
if (ret != LDB_SUCCESS) {
talloc_free(mem_ctx);
return ret;
@ -544,13 +555,13 @@ static int objectclass_do_add(struct oc_context *ac)
for (current = sorted; current; current = current->next) {
value = talloc_strdup(msg, current->objectclass->lDAPDisplayName);
if (value == NULL) {
ldb_oom(ac->module->ldb);
ldb_oom(ldb);
talloc_free(mem_ctx);
return LDB_ERR_OPERATIONS_ERROR;
}
ret = ldb_msg_add_string(msg, "objectClass", value);
if (ret != LDB_SUCCESS) {
ldb_set_errstring(ac->module->ldb,
ldb_set_errstring(ldb,
"objectclass: could not re-add sorted "
"objectclass to modify msg");
talloc_free(mem_ctx);
@ -563,7 +574,7 @@ static int objectclass_do_add(struct oc_context *ac)
if (!ldb_msg_find_element(msg, "objectCategory")) {
value = talloc_strdup(msg, current->objectclass->defaultObjectCategory);
if (value == NULL) {
ldb_oom(ac->module->ldb);
ldb_oom(ldb);
talloc_free(mem_ctx);
return LDB_ERR_OPERATIONS_ERROR;
}
@ -612,21 +623,21 @@ static int objectclass_do_add(struct oc_context *ac)
/* TODO: If parent object is site or subnet, also add (SYSTEM_FLAG_CONFIG_ALLOW_RENAME) */
if (el || systemFlags != 0) {
samdb_msg_add_int(ac->module->ldb, msg, msg, "systemFlags", systemFlags);
samdb_msg_add_int(ldb, msg, msg, "systemFlags", systemFlags);
}
}
}
}
talloc_free(mem_ctx);
ret = ldb_msg_sanity_check(ac->module->ldb, msg);
ret = ldb_msg_sanity_check(ldb, msg);
if (ret != LDB_SUCCESS) {
return ret;
}
ret = ldb_build_add_req(&add_req, ac->module->ldb, ac,
ret = ldb_build_add_req(&add_req, ldb, ac,
msg,
ac->req->controls,
ac, oc_op_callback,
@ -645,9 +656,10 @@ static int objectclass_do_mod(struct oc_context *ac);
static int objectclass_modify(struct ldb_module *module, struct ldb_request *req)
{
struct ldb_context *ldb = ldb_module_get_ctx(module);
struct ldb_message_element *objectclass_element;
struct ldb_message *msg;
const struct dsdb_schema *schema = dsdb_get_schema(module->ldb);
const struct dsdb_schema *schema = dsdb_get_schema(ldb);
struct class_list *sorted, *current;
struct ldb_request *down_req;
struct oc_context *ac;
@ -655,7 +667,7 @@ static int objectclass_modify(struct ldb_module *module, struct ldb_request *req
char *value;
int ret;
ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectclass_modify\n");
ldb_debug(ldb, LDB_DEBUG_TRACE, "objectclass_modify\n");
/* do not manipulate our control entries */
if (ldb_dn_is_special(req->op.mod.message->dn)) {
@ -684,12 +696,12 @@ static int objectclass_modify(struct ldb_module *module, struct ldb_request *req
return LDB_ERR_OPERATIONS_ERROR;
}
ret = fix_attributes(module->ldb, schema, msg);
ret = fix_attributes(ldb, schema, msg);
if (ret != LDB_SUCCESS) {
return ret;
}
ret = ldb_build_mod_req(&down_req, module->ldb, ac,
ret = ldb_build_mod_req(&down_req, ldb, ac,
msg,
req->controls,
ac, oc_op_callback,
@ -721,7 +733,7 @@ static int objectclass_modify(struct ldb_module *module, struct ldb_request *req
return LDB_ERR_OPERATIONS_ERROR;
}
ret = fix_attributes(module->ldb, schema, msg);
ret = fix_attributes(ldb, schema, msg);
if (ret != LDB_SUCCESS) {
talloc_free(mem_ctx);
return ret;
@ -752,13 +764,13 @@ static int objectclass_modify(struct ldb_module *module, struct ldb_request *req
value = talloc_strdup(msg,
current->objectclass->lDAPDisplayName);
if (value == NULL) {
ldb_oom(module->ldb);
ldb_oom(ldb);
talloc_free(mem_ctx);
return LDB_ERR_OPERATIONS_ERROR;
}
ret = ldb_msg_add_string(msg, "objectClass", value);
if (ret != LDB_SUCCESS) {
ldb_set_errstring(module->ldb,
ldb_set_errstring(ldb,
"objectclass: could not re-add sorted "
"objectclass to modify msg");
talloc_free(mem_ctx);
@ -768,12 +780,12 @@ static int objectclass_modify(struct ldb_module *module, struct ldb_request *req
talloc_free(mem_ctx);
ret = ldb_msg_sanity_check(module->ldb, msg);
ret = ldb_msg_sanity_check(ldb, msg);
if (ret != LDB_SUCCESS) {
return ret;
}
ret = ldb_build_mod_req(&down_req, module->ldb, ac,
ret = ldb_build_mod_req(&down_req, ldb, ac,
msg,
req->controls,
ac, oc_op_callback,
@ -793,17 +805,17 @@ static int objectclass_modify(struct ldb_module *module, struct ldb_request *req
msg = ldb_msg_copy_shallow(ac, req->op.mod.message);
if (msg == NULL) {
ldb_oom(module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
ret = fix_attributes(module->ldb, schema, msg);
ret = fix_attributes(ldb, schema, msg);
if (ret != LDB_SUCCESS) {
ldb_oom(ac->module->ldb);
ldb_oom(ldb);
return ret;
}
ret = ldb_build_mod_req(&down_req, module->ldb, ac,
ret = ldb_build_mod_req(&down_req, ldb, ac,
msg,
req->controls,
ac, oc_modify_callback,
@ -817,12 +829,14 @@ static int objectclass_modify(struct ldb_module *module, struct ldb_request *req
static int oc_modify_callback(struct ldb_request *req, struct ldb_reply *ares)
{
struct ldb_context *ldb;
static const char * const attrs[] = { "objectClass", NULL };
struct ldb_request *search_req;
struct oc_context *ac;
int ret;
ac = talloc_get_type(req->context, struct oc_context);
ldb = ldb_module_get_ctx(ac->module);
if (!ares) {
return ldb_module_done(ac->req, NULL, NULL,
@ -839,7 +853,7 @@ static int oc_modify_callback(struct ldb_request *req, struct ldb_reply *ares)
LDB_ERR_OPERATIONS_ERROR);
}
ret = ldb_build_search_req(&search_req, ac->module->ldb, ac,
ret = ldb_build_search_req(&search_req, ldb, ac,
ac->req->op.mod.message->dn, LDB_SCOPE_BASE,
"(objectClass=*)",
attrs, NULL,
@ -860,7 +874,7 @@ static int oc_modify_callback(struct ldb_request *req, struct ldb_reply *ares)
static int objectclass_do_mod(struct oc_context *ac)
{
struct ldb_context *ldb;
const struct dsdb_schema *schema;
struct ldb_request *mod_req;
char *value;
@ -870,10 +884,12 @@ static int objectclass_do_mod(struct oc_context *ac)
struct class_list *sorted, *current;
int ret;
ldb = ldb_module_get_ctx(ac->module);
if (ac->search_res == NULL) {
return LDB_ERR_OPERATIONS_ERROR;
}
schema = dsdb_get_schema(ac->module->ldb);
schema = dsdb_get_schema(ldb);
mem_ctx = talloc_new(ac);
if (mem_ctx == NULL) {
@ -883,7 +899,7 @@ static int objectclass_do_mod(struct oc_context *ac)
/* use a new message structure */
msg = ldb_msg_new(ac);
if (msg == NULL) {
ldb_set_errstring(ac->module->ldb,
ldb_set_errstring(ldb,
"objectclass: could not create new modify msg");
talloc_free(mem_ctx);
return LDB_ERR_OPERATIONS_ERROR;
@ -912,7 +928,7 @@ static int objectclass_do_mod(struct oc_context *ac)
ret = ldb_msg_add_empty(msg, "objectClass", LDB_FLAG_MOD_REPLACE, NULL);
if (ret != LDB_SUCCESS) {
ldb_set_errstring(ac->module->ldb, "objectclass: could not clear objectclass in modify msg");
ldb_set_errstring(ldb, "objectclass: could not clear objectclass in modify msg");
talloc_free(mem_ctx);
return ret;
}
@ -921,24 +937,24 @@ static int objectclass_do_mod(struct oc_context *ac)
for (current = sorted; current; current = current->next) {
value = talloc_strdup(msg, current->objectclass->lDAPDisplayName);
if (value == NULL) {
ldb_oom(ac->module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
ret = ldb_msg_add_string(msg, "objectClass", value);
if (ret != LDB_SUCCESS) {
ldb_set_errstring(ac->module->ldb, "objectclass: could not re-add sorted objectclass to modify msg");
ldb_set_errstring(ldb, "objectclass: could not re-add sorted objectclass to modify msg");
talloc_free(mem_ctx);
return ret;
}
}
ret = ldb_msg_sanity_check(ac->module->ldb, msg);
ret = ldb_msg_sanity_check(ldb, msg);
if (ret != LDB_SUCCESS) {
talloc_free(mem_ctx);
return ret;
}
ret = ldb_build_mod_req(&mod_req, ac->module->ldb, ac,
ret = ldb_build_mod_req(&mod_req, ldb, ac,
msg,
ac->req->controls,
ac, oc_op_callback,
@ -958,13 +974,15 @@ static int objectclass_do_rename(struct oc_context *ac);
static int objectclass_rename(struct ldb_module *module, struct ldb_request *req)
{
static const char * const attrs[] = { NULL };
struct ldb_context *ldb;
struct ldb_request *search_req;
struct oc_context *ac;
struct ldb_dn *parent_dn;
int ret;
ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectclass_rename\n");
ldb = ldb_module_get_ctx(module);
ldb_debug(ldb, LDB_DEBUG_TRACE, "objectclass_rename\n");
if (ldb_dn_is_special(req->op.rename.newdn)) { /* do not manipulate our control entries */
return ldb_next_request(module, req);
@ -973,7 +991,7 @@ static int objectclass_rename(struct ldb_module *module, struct ldb_request *req
/* Firstly ensure we are not trying to rename it to be a child of itself */
if ((ldb_dn_compare_base(req->op.rename.olddn, req->op.rename.newdn) == 0)
&& (ldb_dn_compare(req->op.rename.olddn, req->op.rename.newdn) != 0)) {
ldb_asprintf_errstring(module->ldb, "Cannot rename %s to be a child of itself",
ldb_asprintf_errstring(ldb, "Cannot rename %s to be a child of itself",
ldb_dn_get_linearized(req->op.rename.olddn));
return LDB_ERR_UNWILLING_TO_PERFORM;
}
@ -985,10 +1003,10 @@ static int objectclass_rename(struct ldb_module *module, struct ldb_request *req
parent_dn = ldb_dn_get_parent(ac, req->op.rename.newdn);
if (parent_dn == NULL) {
ldb_oom(module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
ret = ldb_build_search_req(&search_req, module->ldb,
ret = ldb_build_search_req(&search_req, ldb,
ac, parent_dn, LDB_SCOPE_BASE,
"(objectClass=*)",
attrs, NULL,
@ -1005,13 +1023,16 @@ static int objectclass_rename(struct ldb_module *module, struct ldb_request *req
static int objectclass_do_rename(struct oc_context *ac)
{
struct ldb_context *ldb;
struct ldb_request *rename_req;
struct ldb_dn *fixed_dn;
int ret;
ldb = ldb_module_get_ctx(ac->module);
/* Check we have a valid parent */
if (ac->search_res == NULL) {
ldb_asprintf_errstring(ac->module->ldb, "objectclass: Cannot rename %s, parent does not exist!",
ldb_asprintf_errstring(ldb, "objectclass: Cannot rename %s, parent does not exist!",
ldb_dn_get_linearized(ac->req->op.rename.newdn));
return LDB_ERR_UNWILLING_TO_PERFORM;
}
@ -1030,7 +1051,7 @@ static int objectclass_do_rename(struct oc_context *ac)
* by reading the allowedChildClasses and
* allowedChildClasssesEffective attributes */
ret = ldb_build_rename_req(&rename_req, ac->module->ldb, ac,
ret = ldb_build_rename_req(&rename_req, ldb, ac,
ac->req->op.rename.olddn, fixed_dn,
ac->req->controls,
ac, oc_op_callback,

276
source4/dsdb/samdb/ldb_modules/password_hash.c
View File

@ -33,9 +33,7 @@
#include "includes.h"
#include "libcli/ldap/ldap_ndr.h"
#include "ldb/include/ldb_errors.h"
#include "ldb/include/ldb.h"
#include "ldb/include/ldb_private.h"
#include "ldb_module.h"
#include "librpc/gen_ndr/misc.h"
#include "librpc/gen_ndr/samr.h"
#include "libcli/auth/libcli_auth.h"
@ -150,9 +148,11 @@ struct setup_password_fields_io {
static int setup_nt_fields(struct setup_password_fields_io *io)
{
struct ldb_context *ldb;
uint32_t i;
io->g.nt_hash = io->n.nt_hash;
ldb = ldb_module_get_ctx(io->ac->module);
if (io->domain->pwdHistoryLength == 0) {
return LDB_SUCCESS;
@ -163,7 +163,7 @@ static int setup_nt_fields(struct setup_password_fields_io *io)
struct samr_Password,
io->domain->pwdHistoryLength);
if (!io->g.nt_history) {
ldb_oom(io->ac->module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
@ -190,9 +190,11 @@ static int setup_nt_fields(struct setup_password_fields_io *io)
static int setup_lm_fields(struct setup_password_fields_io *io)
{
struct ldb_context *ldb;
uint32_t i;
io->g.lm_hash = io->n.lm_hash;
ldb = ldb_module_get_ctx(io->ac->module);
if (io->domain->pwdHistoryLength == 0) {
return LDB_SUCCESS;
@ -203,7 +205,7 @@ static int setup_lm_fields(struct setup_password_fields_io *io)
struct samr_Password,
io->domain->pwdHistoryLength);
if (!io->g.lm_history) {
ldb_oom(io->ac->module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
@ -223,12 +225,14 @@ static int setup_lm_fields(struct setup_password_fields_io *io)
static int setup_kerberos_keys(struct setup_password_fields_io *io)
{
struct ldb_context *ldb;
krb5_error_code krb5_ret;
Principal *salt_principal;
krb5_salt salt;
krb5_keyblock key;
krb5_data cleartext_data;
ldb = ldb_module_get_ctx(io->ac->module);
cleartext_data.data = io->n.cleartext_utf8->data;
cleartext_data.length = io->n.cleartext_utf8->length;
@ -245,7 +249,7 @@ static int setup_kerberos_keys(struct setup_password_fields_io *io)
name = talloc_strdup(io->ac, io->u.sAMAccountName);
if (!name) {
ldb_oom(io->ac->module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
@ -255,7 +259,7 @@ static int setup_kerberos_keys(struct setup_password_fields_io *io)
saltbody = talloc_asprintf(io->ac, "%s.%s", name, io->domain->dns_domain);
if (!saltbody) {
ldb_oom(io->ac->module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
@ -269,7 +273,7 @@ static int setup_kerberos_keys(struct setup_password_fields_io *io)
user_principal_name = talloc_strdup(io->ac, io->u.user_principal_name);
if (!user_principal_name) {
ldb_oom(io->ac->module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
@ -289,7 +293,7 @@ static int setup_kerberos_keys(struct setup_password_fields_io *io)
NULL);
}
if (krb5_ret) {
ldb_asprintf_errstring(io->ac->module->ldb,
ldb_asprintf_errstring(ldb,
"setup_kerberos_keys: "
"generation of a salting principal failed: %s",
smb_get_krb5_error_message(io->smb_krb5_context->krb5_context, krb5_ret, io->ac));
@ -303,7 +307,7 @@ static int setup_kerberos_keys(struct setup_password_fields_io *io)
salt_principal, &salt);
krb5_free_principal(io->smb_krb5_context->krb5_context, salt_principal);
if (krb5_ret) {
ldb_asprintf_errstring(io->ac->module->ldb,
ldb_asprintf_errstring(ldb,
"setup_kerberos_keys: "
"generation of krb5_salt failed: %s",
smb_get_krb5_error_message(io->smb_krb5_context->krb5_context, krb5_ret, io->ac));
@ -315,7 +319,7 @@ static int setup_kerberos_keys(struct setup_password_fields_io *io)
salt.saltvalue.length);
krb5_free_salt(io->smb_krb5_context->krb5_context, salt);
if (!io->g.salt) {
ldb_oom(io->ac->module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
salt.saltvalue.data = discard_const(io->g.salt);
@ -331,7 +335,7 @@ static int setup_kerberos_keys(struct setup_password_fields_io *io)
salt,
&key);
if (krb5_ret) {
ldb_asprintf_errstring(io->ac->module->ldb,
ldb_asprintf_errstring(ldb,
"setup_kerberos_keys: "
"generation of a aes256-cts-hmac-sha1-96 key failed: %s",
smb_get_krb5_error_message(io->smb_krb5_context->krb5_context, krb5_ret, io->ac));
@ -342,7 +346,7 @@ static int setup_kerberos_keys(struct setup_password_fields_io *io)
key.keyvalue.length);
krb5_free_keyblock_contents(io->smb_krb5_context->krb5_context, &key);
if (!io->g.aes_256.data) {
ldb_oom(io->ac->module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
@ -356,7 +360,7 @@ static int setup_kerberos_keys(struct setup_password_fields_io *io)
salt,
&key);
if (krb5_ret) {
ldb_asprintf_errstring(io->ac->module->ldb,
ldb_asprintf_errstring(ldb,
"setup_kerberos_keys: "
"generation of a aes128-cts-hmac-sha1-96 key failed: %s",
smb_get_krb5_error_message(io->smb_krb5_context->krb5_context, krb5_ret, io->ac));
@ -367,7 +371,7 @@ static int setup_kerberos_keys(struct setup_password_fields_io *io)
key.keyvalue.length);
krb5_free_keyblock_contents(io->smb_krb5_context->krb5_context, &key);
if (!io->g.aes_128.data) {
ldb_oom(io->ac->module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
@ -381,7 +385,7 @@ static int setup_kerberos_keys(struct setup_password_fields_io *io)
salt,
&key);
if (krb5_ret) {
ldb_asprintf_errstring(io->ac->module->ldb,
ldb_asprintf_errstring(ldb,
"setup_kerberos_keys: "
"generation of a des-cbc-md5 key failed: %s",
smb_get_krb5_error_message(io->smb_krb5_context->krb5_context, krb5_ret, io->ac));
@ -392,7 +396,7 @@ static int setup_kerberos_keys(struct setup_password_fields_io *io)
key.keyvalue.length);
krb5_free_keyblock_contents(io->smb_krb5_context->krb5_context, &key);
if (!io->g.des_md5.data) {
ldb_oom(io->ac->module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
@ -406,7 +410,7 @@ static int setup_kerberos_keys(struct setup_password_fields_io *io)
salt,
&key);
if (krb5_ret) {
ldb_asprintf_errstring(io->ac->module->ldb,
ldb_asprintf_errstring(ldb,
"setup_kerberos_keys: "
"generation of a des-cbc-crc key failed: %s",
smb_get_krb5_error_message(io->smb_krb5_context->krb5_context, krb5_ret, io->ac));
@ -417,7 +421,7 @@ static int setup_kerberos_keys(struct setup_password_fields_io *io)
key.keyvalue.length);
krb5_free_keyblock_contents(io->smb_krb5_context->krb5_context, &key);
if (!io->g.des_crc.data) {
ldb_oom(io->ac->module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
@ -428,6 +432,7 @@ static int setup_primary_kerberos(struct setup_password_fields_io *io,
const struct supplementalCredentialsBlob *old_scb,
struct package_PrimaryKerberosBlob *pkb)
{
struct ldb_context *ldb;
struct package_PrimaryKerberosCtr3 *pkb3 = &pkb->ctr.ctr3;
struct supplementalCredentialsPackage *old_scp = NULL;
struct package_PrimaryKerberosBlob _old_pkb;
@ -435,6 +440,8 @@ static int setup_primary_kerberos(struct setup_password_fields_io *io,
uint32_t i;
enum ndr_err_code ndr_err;
ldb = ldb_module_get_ctx(io->ac->module);
/*
* prepare generation of keys
*
@ -448,7 +455,7 @@ static int setup_primary_kerberos(struct setup_password_fields_io *io,
struct package_PrimaryKerberosKey3,
pkb3->num_keys);
if (!pkb3->keys) {
ldb_oom(io->ac->module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
@ -484,16 +491,16 @@ static int setup_primary_kerberos(struct setup_password_fields_io *io,
blob = strhex_to_data_blob(io->ac, old_scp->data);
if (!blob.data) {
ldb_oom(io->ac->module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
/* TODO: use ndr_pull_struct_blob_all(), when the ndr layer handles it correct with relative pointers */
ndr_err = ndr_pull_struct_blob(&blob, io->ac, lp_iconv_convenience(ldb_get_opaque(io->ac->module->ldb, "loadparm")), &_old_pkb,
ndr_err = ndr_pull_struct_blob(&blob, io->ac, lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm")), &_old_pkb,
(ndr_pull_flags_fn_t)ndr_pull_package_PrimaryKerberosBlob);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
NTSTATUS status = ndr_map_error2ntstatus(ndr_err);
ldb_asprintf_errstring(io->ac->module->ldb,
ldb_asprintf_errstring(ldb,
"setup_primary_kerberos: "
"failed to pull old package_PrimaryKerberosBlob: %s",
nt_errstr(status));
@ -501,7 +508,7 @@ static int setup_primary_kerberos(struct setup_password_fields_io *io,
}
if (_old_pkb.version != 3) {
ldb_asprintf_errstring(io->ac->module->ldb,
ldb_asprintf_errstring(ldb,
"setup_primary_kerberos: "
"package_PrimaryKerberosBlob version[%u] expected[3]",
_old_pkb.version);
@ -527,6 +534,7 @@ static int setup_primary_kerberos_newer(struct setup_password_fields_io *io,
const struct supplementalCredentialsBlob *old_scb,
struct package_PrimaryKerberosBlob *pkb)
{
struct ldb_context *ldb;
struct package_PrimaryKerberosCtr4 *pkb4 = &pkb->ctr.ctr4;
struct supplementalCredentialsPackage *old_scp = NULL;
struct package_PrimaryKerberosBlob _old_pkb;
@ -534,6 +542,8 @@ static int setup_primary_kerberos_newer(struct setup_password_fields_io *io,
uint32_t i;
enum ndr_err_code ndr_err;
ldb = ldb_module_get_ctx(io->ac->module);
/*
* prepare generation of keys
*
@ -551,7 +561,7 @@ static int setup_primary_kerberos_newer(struct setup_password_fields_io *io,
struct package_PrimaryKerberosKey4,
pkb4->num_keys);
if (!pkb4->keys) {
ldb_oom(io->ac->module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
@ -597,18 +607,18 @@ static int setup_primary_kerberos_newer(struct setup_password_fields_io *io,
blob = strhex_to_data_blob(io->ac, old_scp->data);
if (!blob.data) {
ldb_oom(io->ac->module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
/* TODO: use ndr_pull_struct_blob_all(), when the ndr layer handles it correct with relative pointers */
ndr_err = ndr_pull_struct_blob(&blob, io->ac,
lp_iconv_convenience(ldb_get_opaque(io->ac->module->ldb, "loadparm")),
lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm")),
&_old_pkb,
(ndr_pull_flags_fn_t)ndr_pull_package_PrimaryKerberosBlob);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
NTSTATUS status = ndr_map_error2ntstatus(ndr_err);
ldb_asprintf_errstring(io->ac->module->ldb,
ldb_asprintf_errstring(ldb,
"setup_primary_kerberos_newer: "
"failed to pull old package_PrimaryKerberosBlob: %s",
nt_errstr(status));
@ -616,7 +626,7 @@ static int setup_primary_kerberos_newer(struct setup_password_fields_io *io,
}
if (_old_pkb.version != 4) {
ldb_asprintf_errstring(io->ac->module->ldb,
ldb_asprintf_errstring(ldb,
"setup_primary_kerberos_newer: "
"package_PrimaryKerberosBlob version[%u] expected[4]",
_old_pkb.version);
@ -644,6 +654,7 @@ static int setup_primary_wdigest(struct setup_password_fields_io *io,
const struct supplementalCredentialsBlob *old_scb,
struct package_PrimaryWDigestBlob *pdb)
{
struct ldb_context *ldb = ldb_module_get_ctx(io->ac->module);
DATA_BLOB sAMAccountName;
DATA_BLOB sAMAccountName_l;
DATA_BLOB sAMAccountName_u;
@ -890,12 +901,12 @@ static int setup_primary_wdigest(struct setup_password_fields_io *io,
sAMAccountName = data_blob_string_const(io->u.sAMAccountName);
sAMAccountName_l = data_blob_string_const(strlower_talloc(io->ac, io->u.sAMAccountName));
if (!sAMAccountName_l.data) {
ldb_oom(io->ac->module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
sAMAccountName_u = data_blob_string_const(strupper_talloc(io->ac, io->u.sAMAccountName));
if (!sAMAccountName_u.data) {
ldb_oom(io->ac->module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
@ -905,31 +916,31 @@ static int setup_primary_wdigest(struct setup_password_fields_io *io,
io->u.sAMAccountName,
io->domain->dns_domain);
if (!user_principal_name) {
ldb_oom(io->ac->module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
}
userPrincipalName = data_blob_string_const(user_principal_name);
userPrincipalName_l = data_blob_string_const(strlower_talloc(io->ac, user_principal_name));
if (!userPrincipalName_l.data) {
ldb_oom(io->ac->module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
userPrincipalName_u = data_blob_string_const(strupper_talloc(io->ac, user_principal_name));
if (!userPrincipalName_u.data) {
ldb_oom(io->ac->module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
netbios_domain = data_blob_string_const(io->domain->netbios_domain);
netbios_domain_l = data_blob_string_const(strlower_talloc(io->ac, io->domain->netbios_domain));
if (!netbios_domain_l.data) {
ldb_oom(io->ac->module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
netbios_domain_u = data_blob_string_const(strupper_talloc(io->ac, io->domain->netbios_domain));
if (!netbios_domain_u.data) {
ldb_oom(io->ac->module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
@ -945,7 +956,7 @@ static int setup_primary_wdigest(struct setup_password_fields_io *io,
pdb->num_hashes = ARRAY_SIZE(wdigest);
pdb->hashes = talloc_array(io->ac, struct package_PrimaryWDigestHash, pdb->num_hashes);
if (!pdb->hashes) {
ldb_oom(io->ac->module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
@ -971,6 +982,7 @@ static int setup_primary_wdigest(struct setup_password_fields_io *io,
static int setup_supplemental_field(struct setup_password_fields_io *io)
{
struct ldb_context *ldb;
struct supplementalCredentialsBlob scb;
struct supplementalCredentialsBlob _old_scb;
struct supplementalCredentialsBlob *old_scb = NULL;
@ -1017,6 +1029,8 @@ static int setup_supplemental_field(struct setup_password_fields_io *io)
ZERO_STRUCT(zero16);
ZERO_STRUCT(names);
ldb = ldb_module_get_ctx(io->ac->module);
if (!io->n.cleartext_utf8) {
/*
* when we don't have a cleartext password
@ -1028,12 +1042,12 @@ static int setup_supplemental_field(struct setup_password_fields_io *io)
/* if there's an old supplementaCredentials blob then parse it */
if (io->o.supplemental) {
ndr_err = ndr_pull_struct_blob_all(io->o.supplemental, io->ac,
lp_iconv_convenience(ldb_get_opaque(io->ac->module->ldb, "loadparm")),
lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm")),
&_old_scb,
(ndr_pull_flags_fn_t)ndr_pull_supplementalCredentialsBlob);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
NTSTATUS status = ndr_map_error2ntstatus(ndr_err);
ldb_asprintf_errstring(io->ac->module->ldb,
ldb_asprintf_errstring(ldb,
"setup_supplemental_field: "
"failed to pull old supplementalCredentialsBlob: %s",
nt_errstr(status));
@ -1043,7 +1057,7 @@ static int setup_supplemental_field(struct setup_password_fields_io *io)
if (_old_scb.sub.signature == SUPPLEMENTAL_CREDENTIALS_SIGNATURE) {
old_scb = &_old_scb;
} else {
ldb_debug(io->ac->module->ldb, LDB_DEBUG_ERROR,
ldb_debug(ldb, LDB_DEBUG_ERROR,
"setup_supplemental_field: "
"supplementalCredentialsBlob signature[0x%04X] expected[0x%04X]",
_old_scb.sub.signature, SUPPLEMENTAL_CREDENTIALS_SIGNATURE);
@ -1051,7 +1065,7 @@ static int setup_supplemental_field(struct setup_password_fields_io *io)
}
/* TODO: do the correct check for this, it maybe depends on the functional level? */
do_newer_keys = lp_parm_bool(ldb_get_opaque(io->ac->module->ldb, "loadparm"),
do_newer_keys = lp_parm_bool(ldb_get_opaque(ldb, "loadparm"),
NULL, "password_hash", "create_aes_key", false);
if (io->domain->store_cleartext &&
@ -1110,12 +1124,12 @@ static int setup_supplemental_field(struct setup_password_fields_io *io)
}
ndr_err = ndr_push_struct_blob(&pknb_blob, io->ac,
lp_iconv_convenience(ldb_get_opaque(io->ac->module->ldb, "loadparm")),
lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm")),
&pknb,
(ndr_push_flags_fn_t)ndr_push_package_PrimaryKerberosBlob);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
NTSTATUS status = ndr_map_error2ntstatus(ndr_err);
ldb_asprintf_errstring(io->ac->module->ldb,
ldb_asprintf_errstring(ldb,
"setup_supplemental_field: "
"failed to push package_PrimaryKerberosNeverBlob: %s",
nt_errstr(status));
@ -1123,7 +1137,7 @@ static int setup_supplemental_field(struct setup_password_fields_io *io)
}
pknb_hexstr = data_blob_hex_string(io->ac, &pknb_blob);
if (!pknb_hexstr) {
ldb_oom(io->ac->module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
pkn->name = "Primary:Kerberos-Newer-Keys";
@ -1142,12 +1156,12 @@ static int setup_supplemental_field(struct setup_password_fields_io *io)
}
ndr_err = ndr_push_struct_blob(&pkb_blob, io->ac,
lp_iconv_convenience(ldb_get_opaque(io->ac->module->ldb, "loadparm")),
lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm")),
&pkb,
(ndr_push_flags_fn_t)ndr_push_package_PrimaryKerberosBlob);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
NTSTATUS status = ndr_map_error2ntstatus(ndr_err);
ldb_asprintf_errstring(io->ac->module->ldb,
ldb_asprintf_errstring(ldb,
"setup_supplemental_field: "
"failed to push package_PrimaryKerberosBlob: %s",
nt_errstr(status));
@ -1155,7 +1169,7 @@ static int setup_supplemental_field(struct setup_password_fields_io *io)
}
pkb_hexstr = data_blob_hex_string(io->ac, &pkb_blob);
if (!pkb_hexstr) {
ldb_oom(io->ac->module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
pk->name = "Primary:Kerberos";
@ -1173,12 +1187,12 @@ static int setup_supplemental_field(struct setup_password_fields_io *io)
}
ndr_err = ndr_push_struct_blob(&pdb_blob, io->ac,
lp_iconv_convenience(ldb_get_opaque(io->ac->module->ldb, "loadparm")),
lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm")),
&pdb,
(ndr_push_flags_fn_t)ndr_push_package_PrimaryWDigestBlob);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
NTSTATUS status = ndr_map_error2ntstatus(ndr_err);
ldb_asprintf_errstring(io->ac->module->ldb,
ldb_asprintf_errstring(ldb,
"setup_supplemental_field: "
"failed to push package_PrimaryWDigestBlob: %s",
nt_errstr(status));
@ -1186,7 +1200,7 @@ static int setup_supplemental_field(struct setup_password_fields_io *io)
}
pdb_hexstr = data_blob_hex_string(io->ac, &pdb_blob);
if (!pdb_hexstr) {
ldb_oom(io->ac->module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
pd->name = "Primary:WDigest";
@ -1202,12 +1216,12 @@ static int setup_supplemental_field(struct setup_password_fields_io *io)
pcb.cleartext = *io->n.cleartext_utf16;
ndr_err = ndr_push_struct_blob(&pcb_blob, io->ac,
lp_iconv_convenience(ldb_get_opaque(io->ac->module->ldb, "loadparm")),
lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm")),
&pcb,
(ndr_push_flags_fn_t)ndr_push_package_PrimaryCLEARTEXTBlob);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
NTSTATUS status = ndr_map_error2ntstatus(ndr_err);
ldb_asprintf_errstring(io->ac->module->ldb,
ldb_asprintf_errstring(ldb,
"setup_supplemental_field: "
"failed to push package_PrimaryCLEARTEXTBlob: %s",
nt_errstr(status));
@ -1215,7 +1229,7 @@ static int setup_supplemental_field(struct setup_password_fields_io *io)
}
pcb_hexstr = data_blob_hex_string(io->ac, &pcb_blob);
if (!pcb_hexstr) {
ldb_oom(io->ac->module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
pc->name = "Primary:CLEARTEXT";
@ -1228,12 +1242,12 @@ static int setup_supplemental_field(struct setup_password_fields_io *io)
*/
pb.names = names;
ndr_err = ndr_push_struct_blob(&pb_blob, io->ac,
lp_iconv_convenience(ldb_get_opaque(io->ac->module->ldb, "loadparm")),
lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm")),
&pb,
(ndr_push_flags_fn_t)ndr_push_package_PackagesBlob);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
NTSTATUS status = ndr_map_error2ntstatus(ndr_err);
ldb_asprintf_errstring(io->ac->module->ldb,
ldb_asprintf_errstring(ldb,
"setup_supplemental_field: "
"failed to push package_PackagesBlob: %s",
nt_errstr(status));
@ -1241,7 +1255,7 @@ static int setup_supplemental_field(struct setup_password_fields_io *io)
}
pb_hexstr = data_blob_hex_string(io->ac, &pb_blob);
if (!pb_hexstr) {
ldb_oom(io->ac->module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
pp->name = "Packages";
@ -1256,12 +1270,12 @@ static int setup_supplemental_field(struct setup_password_fields_io *io)
scb.sub.packages = packages;
ndr_err = ndr_push_struct_blob(&io->g.supplemental, io->ac,
lp_iconv_convenience(ldb_get_opaque(io->ac->module->ldb, "loadparm")),
lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm")),
&scb,
(ndr_push_flags_fn_t)ndr_push_supplementalCredentialsBlob);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
NTSTATUS status = ndr_map_error2ntstatus(ndr_err);
ldb_asprintf_errstring(io->ac->module->ldb,
ldb_asprintf_errstring(ldb,
"setup_supplemental_field: "
"failed to push supplementalCredentialsBlob: %s",
nt_errstr(status));
@ -1289,23 +1303,26 @@ static int setup_kvno_field(struct setup_password_fields_io *io)
static int setup_password_fields(struct setup_password_fields_io *io)
{
struct ldb_context *ldb;
bool ok;
int ret;
ssize_t converted_pw_len;
ldb = ldb_module_get_ctx(io->ac->module);
/*
* refuse the change if someone want to change the cleartext
* and supply his own hashes at the same time...
*/
if ((io->n.cleartext_utf8 || io->n.cleartext_utf16) && (io->n.nt_hash || io->n.lm_hash)) {
ldb_asprintf_errstring(io->ac->module->ldb,
ldb_asprintf_errstring(ldb,
"setup_password_fields: "
"it's only allowed to set the cleartext password or the password hashes");
return LDB_ERR_UNWILLING_TO_PERFORM;
}
if (io->n.cleartext_utf8 && io->n.cleartext_utf16) {
ldb_asprintf_errstring(io->ac->module->ldb,
ldb_asprintf_errstring(ldb,
"setup_password_fields: "
"it's only allowed to set the cleartext password as userPassword or clearTextPasssword, not both at once");
return LDB_ERR_UNWILLING_TO_PERFORM;
@ -1316,14 +1333,14 @@ static int setup_password_fields(struct setup_password_fields_io *io)
struct ldb_val *cleartext_utf16_blob;
io->n.cleartext_utf16 = cleartext_utf16_blob = talloc(io->ac, struct ldb_val);
if (!io->n.cleartext_utf16) {
ldb_oom(io->ac->module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
converted_pw_len = convert_string_talloc_convenience(io->ac, lp_iconv_convenience(ldb_get_opaque(io->ac->module->ldb, "loadparm")),
converted_pw_len = convert_string_talloc_convenience(io->ac, lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm")),
CH_UTF8, CH_UTF16, io->n.cleartext_utf8->data, io->n.cleartext_utf8->length,
(void **)&cleartext_utf16_str);
if (converted_pw_len == -1) {
ldb_asprintf_errstring(io->ac->module->ldb,
ldb_asprintf_errstring(ldb,
"setup_password_fields: "
"failed to generate UTF16 password from cleartext UTF8 password");
return LDB_ERR_OPERATIONS_ERROR;
@ -1334,10 +1351,10 @@ static int setup_password_fields(struct setup_password_fields_io *io)
struct ldb_val *cleartext_utf8_blob;
io->n.cleartext_utf8 = cleartext_utf8_blob = talloc(io->ac, struct ldb_val);
if (!io->n.cleartext_utf8) {
ldb_oom(io->ac->module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
converted_pw_len = convert_string_talloc_convenience(io->ac, lp_iconv_convenience(ldb_get_opaque(io->ac->module->ldb, "loadparm")),
converted_pw_len = convert_string_talloc_convenience(io->ac, lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm")),
CH_UTF16MUNGED, CH_UTF8, io->n.cleartext_utf16->data, io->n.cleartext_utf16->length,
(void **)&cleartext_utf8_str);
if (converted_pw_len == -1) {
@ -1351,7 +1368,7 @@ static int setup_password_fields(struct setup_password_fields_io *io)
struct samr_Password *nt_hash;
nt_hash = talloc(io->ac, struct samr_Password);
if (!nt_hash) {
ldb_oom(io->ac->module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
io->n.nt_hash = nt_hash;
@ -1363,13 +1380,13 @@ static int setup_password_fields(struct setup_password_fields_io *io)
if (io->n.cleartext_utf8) {
struct samr_Password *lm_hash;
char *cleartext_unix;
converted_pw_len = convert_string_talloc_convenience(io->ac, lp_iconv_convenience(ldb_get_opaque(io->ac->module->ldb, "loadparm")),
converted_pw_len = convert_string_talloc_convenience(io->ac, lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm")),
CH_UTF8, CH_UNIX, io->n.cleartext_utf8->data, io->n.cleartext_utf8->length,
(void **)&cleartext_unix);
if (converted_pw_len != -1) {
lm_hash = talloc(io->ac, struct samr_Password);
if (!lm_hash) {
ldb_oom(io->ac->module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
@ -1419,11 +1436,14 @@ static int setup_password_fields(struct setup_password_fields_io *io)
static struct ph_context *ph_init_context(struct ldb_module *module,
struct ldb_request *req)
{
struct ldb_context *ldb;
struct ph_context *ac;
ldb = ldb_module_get_ctx(module);
ac = talloc_zero(req, struct ph_context);
if (ac == NULL) {
ldb_set_errstring(module->ldb, "Out of Memory");
ldb_set_errstring(ldb, "Out of Memory");
return NULL;
}
@ -1467,6 +1487,7 @@ static int password_hash_mod_do_mod(struct ph_context *ac);
static int get_domain_data_callback(struct ldb_request *req,
struct ldb_reply *ares)
{
struct ldb_context *ldb;
struct domain_data *data;
struct ph_context *ac;
int ret;
@ -1474,6 +1495,7 @@ static int get_domain_data_callback(struct ldb_request *req,
char *p;
ac = talloc_get_type(req->context, struct ph_context);
ldb = ldb_module_get_ctx(ac->module);
if (!ares) {
return ldb_module_done(ac->req, NULL, NULL,
@ -1487,7 +1509,7 @@ static int get_domain_data_callback(struct ldb_request *req,
switch (ares->type) {
case LDB_REPLY_ENTRY:
if (ac->domain != NULL) {
ldb_set_errstring(ac->module->ldb, "Too many results");
ldb_set_errstring(ldb, "Too many results");
return ldb_module_done(ac->req, NULL, NULL,
LDB_ERR_OPERATIONS_ERROR);
}
@ -1521,13 +1543,13 @@ static int get_domain_data_callback(struct ldb_request *req,
data->dns_domain = strlower_talloc(data, tmp);
if (data->dns_domain == NULL) {
ldb_oom(ac->module->ldb);
ldb_oom(ldb);
return ldb_module_done(ac->req, NULL, NULL,
LDB_ERR_OPERATIONS_ERROR);
}
data->realm = strupper_talloc(data, tmp);
if (data->realm == NULL) {
ldb_oom(ac->module->ldb);
ldb_oom(ldb);
return ldb_module_done(ac->req, NULL, NULL,
LDB_ERR_OPERATIONS_ERROR);
}
@ -1538,7 +1560,7 @@ static int get_domain_data_callback(struct ldb_request *req,
}
data->netbios_domain = strupper_talloc(data, tmp);
if (data->netbios_domain == NULL) {
ldb_oom(ac->module->ldb);
ldb_oom(ldb);
return ldb_module_done(ac->req, NULL, NULL,
LDB_ERR_OPERATIONS_ERROR);
}
@ -1581,19 +1603,22 @@ static int build_domain_data_request(struct ph_context *ac)
/* attrs[] is returned from this function in
ac->dom_req->op.search.attrs, so it must be static, as
otherwise the compiler can put it on the stack */
struct ldb_context *ldb;
static const char * const attrs[] = { "pwdProperties", "pwdHistoryLength", NULL };
char *filter;
ldb = ldb_module_get_ctx(ac->module);
filter = talloc_asprintf(ac,
"(&(objectSid=%s)(|(|(objectClass=domain)(objectClass=builtinDomain))(objectClass=samba4LocalDomain)))",
ldap_encode_ndr_dom_sid(ac, ac->domain_sid));
if (filter == NULL) {
ldb_oom(ac->module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
return ldb_build_search_req(&ac->dom_req, ac->module->ldb, ac,
ldb_get_default_basedn(ac->module->ldb),
return ldb_build_search_req(&ac->dom_req, ldb, ac,
ldb_get_default_basedn(ldb),
LDB_SCOPE_SUBTREE,
filter, attrs,
NULL,
@ -1603,6 +1628,7 @@ static int build_domain_data_request(struct ph_context *ac)
static int password_hash_add(struct ldb_module *module, struct ldb_request *req)
{
struct ldb_context *ldb;
struct ph_context *ac;
struct ldb_message_element *sambaAttr;
struct ldb_message_element *clearTextPasswordAttr;
@ -1610,14 +1636,16 @@ static int password_hash_add(struct ldb_module *module, struct ldb_request *req)
struct ldb_message_element *lmAttr;
int ret;
ldb_debug(module->ldb, LDB_DEBUG_TRACE, "password_hash_add\n");
ldb = ldb_module_get_ctx(module);
ldb_debug(ldb, LDB_DEBUG_TRACE, "password_hash_add\n");
if (ldb_dn_is_special(req->op.add.message->dn)) { /* do not manipulate our control entries */
return ldb_next_request(module, req);
}
/* If the caller is manipulating the local passwords directly, let them pass */
if (ldb_dn_compare_base(ldb_dn_new(req, module->ldb, LOCAL_BASE),
if (ldb_dn_compare_base(ldb_dn_new(req, ldb, LOCAL_BASE),
req->op.add.message->dn) == 0) {
return ldb_next_request(module, req);
}
@ -1648,46 +1676,46 @@ static int password_hash_add(struct ldb_module *module, struct ldb_request *req)
/* if it is not an entry of type person its an error */
/* TODO: remove this when userPassword will be in schema */
if (!ldb_msg_check_string_attribute(req->op.add.message, "objectClass", "person")) {
ldb_set_errstring(module->ldb, "Cannot set a password on entry that does not have objectClass 'person'");
ldb_set_errstring(ldb, "Cannot set a password on entry that does not have objectClass 'person'");
return LDB_ERR_OBJECT_CLASS_VIOLATION;
}
/* check userPassword is single valued here */
/* TODO: remove this when userPassword will be single valued in schema */
if (sambaAttr && sambaAttr->num_values > 1) {
ldb_set_errstring(module->ldb, "mupltiple values for userPassword not allowed!\n");
ldb_set_errstring(ldb, "mupltiple values for userPassword not allowed!\n");
return LDB_ERR_CONSTRAINT_VIOLATION;
}
if (clearTextPasswordAttr && clearTextPasswordAttr->num_values > 1) {
ldb_set_errstring(module->ldb, "mupltiple values for clearTextPassword not allowed!\n");
ldb_set_errstring(ldb, "mupltiple values for clearTextPassword not allowed!\n");
return LDB_ERR_CONSTRAINT_VIOLATION;
}
if (ntAttr && (ntAttr->num_values > 1)) {
ldb_set_errstring(module->ldb, "mupltiple values for unicodePwd not allowed!\n");
ldb_set_errstring(ldb, "mupltiple values for unicodePwd not allowed!\n");
return LDB_ERR_CONSTRAINT_VIOLATION;
}
if (lmAttr && (lmAttr->num_values > 1)) {
ldb_set_errstring(module->ldb, "mupltiple values for dBCSPwd not allowed!\n");
ldb_set_errstring(ldb, "mupltiple values for dBCSPwd not allowed!\n");
return LDB_ERR_CONSTRAINT_VIOLATION;
}
if (sambaAttr && sambaAttr->num_values == 0) {
ldb_set_errstring(module->ldb, "userPassword must have a value!\n");
ldb_set_errstring(ldb, "userPassword must have a value!\n");
return LDB_ERR_CONSTRAINT_VIOLATION;
}
if (clearTextPasswordAttr && clearTextPasswordAttr->num_values == 0) {
ldb_set_errstring(module->ldb, "clearTextPassword must have a value!\n");
ldb_set_errstring(ldb, "clearTextPassword must have a value!\n");
return LDB_ERR_CONSTRAINT_VIOLATION;
}
if (ntAttr && (ntAttr->num_values == 0)) {
ldb_set_errstring(module->ldb, "unicodePwd must have a value!\n");
ldb_set_errstring(ldb, "unicodePwd must have a value!\n");
return LDB_ERR_CONSTRAINT_VIOLATION;
}
if (lmAttr && (lmAttr->num_values == 0)) {
ldb_set_errstring(module->ldb, "dBCSPwd must have a value!\n");
ldb_set_errstring(ldb, "dBCSPwd must have a value!\n");
return LDB_ERR_CONSTRAINT_VIOLATION;
}
@ -1699,7 +1727,7 @@ static int password_hash_add(struct ldb_module *module, struct ldb_request *req)
/* get user domain data */
ac->domain_sid = samdb_result_sid_prefix(ac, req->op.add.message, "objectSid");
if (ac->domain_sid == NULL) {
ldb_debug(module->ldb, LDB_DEBUG_ERROR,
ldb_debug(ldb, LDB_DEBUG_ERROR,
"can't handle entry with missing objectSid!\n");
return LDB_ERR_OPERATIONS_ERROR;
}
@ -1712,14 +1740,17 @@ static int password_hash_add(struct ldb_module *module, struct ldb_request *req)
return ldb_next_request(module, ac->dom_req);
}
static int password_hash_add_do_add(struct ph_context *ac) {
static int password_hash_add_do_add(struct ph_context *ac)
{
struct ldb_context *ldb;
struct ldb_request *down_req;
struct smb_krb5_context *smb_krb5_context;
struct ldb_message *msg;
struct setup_password_fields_io io;
int ret;
ldb = ldb_module_get_ctx(ac->module);
msg = ldb_msg_copy_shallow(ac, ac->req->op.add.message);
if (msg == NULL) {
return LDB_ERR_OPERATIONS_ERROR;
@ -1727,8 +1758,8 @@ static int password_hash_add_do_add(struct ph_context *ac) {
/* Some operations below require kerberos contexts */
if (smb_krb5_init_context(ac,
ldb_get_event_context(ac->module->ldb),
(struct loadparm_context *)ldb_get_opaque(ac->module->ldb, "loadparm"),
ldb_get_event_context(ldb),
(struct loadparm_context *)ldb_get_opaque(ldb, "loadparm"),
&smb_krb5_context) != 0) {
return LDB_ERR_OPERATIONS_ERROR;
}
@ -1763,14 +1794,14 @@ static int password_hash_add_do_add(struct ph_context *ac) {
}
if (io.g.nt_hash) {
ret = samdb_msg_add_hash(ac->module->ldb, ac, msg,
ret = samdb_msg_add_hash(ldb, ac, msg,
"unicodePwd", io.g.nt_hash);
if (ret != LDB_SUCCESS) {
return ret;
}
}
if (io.g.lm_hash) {
ret = samdb_msg_add_hash(ac->module->ldb, ac, msg,
ret = samdb_msg_add_hash(ldb, ac, msg,
"dBCSPwd", io.g.lm_hash);
if (ret != LDB_SUCCESS) {
return ret;
@ -1801,20 +1832,20 @@ static int password_hash_add_do_add(struct ph_context *ac) {
return ret;
}
}
ret = samdb_msg_add_uint64(ac->module->ldb, ac, msg,
ret = samdb_msg_add_uint64(ldb, ac, msg,
"pwdLastSet",
io.g.last_set);
if (ret != LDB_SUCCESS) {
return ret;
}
ret = samdb_msg_add_uint(ac->module->ldb, ac, msg,
ret = samdb_msg_add_uint(ldb, ac, msg,
"msDs-KeyVersionNumber",
io.g.kvno);
if (ret != LDB_SUCCESS) {
return ret;
}
ret = ldb_build_add_req(&down_req, ac->module->ldb, ac,
ret = ldb_build_add_req(&down_req, ldb, ac,
msg,
ac->req->controls,
ac, ph_op_callback,
@ -1828,6 +1859,7 @@ static int password_hash_add_do_add(struct ph_context *ac) {
static int password_hash_modify(struct ldb_module *module, struct ldb_request *req)
{
struct ldb_context *ldb;
struct ph_context *ac;
struct ldb_message_element *sambaAttr;
struct ldb_message_element *clearTextAttr;
@ -1837,14 +1869,16 @@ static int password_hash_modify(struct ldb_module *module, struct ldb_request *r
struct ldb_request *down_req;
int ret;
ldb_debug(module->ldb, LDB_DEBUG_TRACE, "password_hash_modify\n");
ldb = ldb_module_get_ctx(module);
ldb_debug(ldb, LDB_DEBUG_TRACE, "password_hash_modify\n");
if (ldb_dn_is_special(req->op.mod.message->dn)) { /* do not manipulate our control entries */
return ldb_next_request(module, req);
}
/* If the caller is manipulating the local passwords directly, let them pass */
if (ldb_dn_compare_base(ldb_dn_new(req, module->ldb, LOCAL_BASE),
if (ldb_dn_compare_base(ldb_dn_new(req, ldb, LOCAL_BASE),
req->op.mod.message->dn) == 0) {
return ldb_next_request(module, req);
}
@ -1897,7 +1931,7 @@ static int password_hash_modify(struct ldb_module *module, struct ldb_request *r
/* use a new message structure so that we can modify it */
msg = ldb_msg_copy_shallow(ac, req->op.mod.message);
if (msg == NULL) {
ldb_oom(module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
@ -1913,7 +1947,7 @@ static int password_hash_modify(struct ldb_module *module, struct ldb_request *r
return password_hash_mod_search_self(ac);
}
ret = ldb_build_mod_req(&down_req, module->ldb, ac,
ret = ldb_build_mod_req(&down_req, ldb, ac,
msg,
req->controls,
ac, ph_modify_callback,
@ -1958,10 +1992,12 @@ static int ph_modify_callback(struct ldb_request *req, struct ldb_reply *ares)
static int ph_mod_search_callback(struct ldb_request *req, struct ldb_reply *ares)
{
struct ldb_context *ldb;
struct ph_context *ac;
int ret;
ac = talloc_get_type(req->context, struct ph_context);
ldb = ldb_module_get_ctx(ac->module);
if (!ares) {
return ldb_module_done(ac->req, NULL, NULL,
@ -1977,7 +2013,7 @@ static int ph_mod_search_callback(struct ldb_request *req, struct ldb_reply *are
case LDB_REPLY_ENTRY:
if (ac->search_res != NULL) {
ldb_set_errstring(ac->module->ldb, "Too many results");
ldb_set_errstring(ldb, "Too many results");
talloc_free(ares);
return ldb_module_done(ac->req, NULL, NULL,
LDB_ERR_OPERATIONS_ERROR);
@ -1986,7 +2022,7 @@ static int ph_mod_search_callback(struct ldb_request *req, struct ldb_reply *are
/* if it is not an entry of type person this is an error */
/* TODO: remove this when sambaPassword will be in schema */
if (!ldb_msg_check_string_attribute(ares->message, "objectClass", "person")) {
ldb_set_errstring(ac->module->ldb, "Object class violation");
ldb_set_errstring(ldb, "Object class violation");
talloc_free(ares);
return ldb_module_done(ac->req, NULL, NULL,
LDB_ERR_OBJECT_CLASS_VIOLATION);
@ -2002,7 +2038,7 @@ static int ph_mod_search_callback(struct ldb_request *req, struct ldb_reply *are
ac->search_res->message,
"objectSid");
if (ac->domain_sid == NULL) {
ldb_debug(ac->module->ldb, LDB_DEBUG_ERROR,
ldb_debug(ldb, LDB_DEBUG_ERROR,
"can't handle entry without objectSid!\n");
return ldb_module_done(ac->req, NULL, NULL,
LDB_ERR_OPERATIONS_ERROR);
@ -2025,8 +2061,9 @@ static int ph_mod_search_callback(struct ldb_request *req, struct ldb_reply *are
return LDB_SUCCESS;
}
static int password_hash_mod_search_self(struct ph_context *ac) {
static int password_hash_mod_search_self(struct ph_context *ac)
{
struct ldb_context *ldb;
static const char * const attrs[] = { "userAccountControl", "lmPwdHistory",
"ntPwdHistory",
"objectSid", "msDS-KeyVersionNumber",
@ -2038,7 +2075,9 @@ static int password_hash_mod_search_self(struct ph_context *ac) {
struct ldb_request *search_req;
int ret;
ret = ldb_build_search_req(&search_req, ac->module->ldb, ac,
ldb = ldb_module_get_ctx(ac->module);
ret = ldb_build_search_req(&search_req, ldb, ac,
ac->req->op.mod.message->dn,
LDB_SCOPE_BASE,
"(objectclass=*)",
@ -2054,8 +2093,9 @@ static int password_hash_mod_search_self(struct ph_context *ac) {
return ldb_next_request(ac->module, search_req);
}
static int password_hash_mod_do_mod(struct ph_context *ac) {
static int password_hash_mod_do_mod(struct ph_context *ac)
{
struct ldb_context *ldb;
struct ldb_request *mod_req;
struct smb_krb5_context *smb_krb5_context;
struct ldb_message *msg;
@ -2064,6 +2104,8 @@ static int password_hash_mod_do_mod(struct ph_context *ac) {
struct setup_password_fields_io io;
int ret;
ldb = ldb_module_get_ctx(ac->module);
/* use a new message structure so that we can modify it */
msg = ldb_msg_new(ac);
if (msg == NULL) {
@ -2075,8 +2117,8 @@ static int password_hash_mod_do_mod(struct ph_context *ac) {
/* Some operations below require kerberos contexts */
if (smb_krb5_init_context(ac,
ldb_get_event_context(ac->module->ldb),
(struct loadparm_context *)ldb_get_opaque(ac->module->ldb, "loadparm"),
ldb_get_event_context(ldb),
(struct loadparm_context *)ldb_get_opaque(ldb, "loadparm"),
&smb_krb5_context) != 0) {
return LDB_ERR_OPERATIONS_ERROR;
}
@ -2119,14 +2161,14 @@ static int password_hash_mod_do_mod(struct ph_context *ac) {
ret = ldb_msg_add_empty(msg, "msDs-KeyVersionNumber", LDB_FLAG_MOD_REPLACE, NULL);
if (io.g.nt_hash) {
ret = samdb_msg_add_hash(ac->module->ldb, ac, msg,
ret = samdb_msg_add_hash(ldb, ac, msg,
"unicodePwd", io.g.nt_hash);
if (ret != LDB_SUCCESS) {
return ret;
}
}
if (io.g.lm_hash) {
ret = samdb_msg_add_hash(ac->module->ldb, ac, msg,
ret = samdb_msg_add_hash(ldb, ac, msg,
"dBCSPwd", io.g.lm_hash);
if (ret != LDB_SUCCESS) {
return ret;
@ -2157,20 +2199,20 @@ static int password_hash_mod_do_mod(struct ph_context *ac) {
return ret;
}
}
ret = samdb_msg_add_uint64(ac->module->ldb, ac, msg,
ret = samdb_msg_add_uint64(ldb, ac, msg,
"pwdLastSet",
io.g.last_set);
if (ret != LDB_SUCCESS) {
return ret;
}
ret = samdb_msg_add_uint(ac->module->ldb, ac, msg,
ret = samdb_msg_add_uint(ldb, ac, msg,
"msDs-KeyVersionNumber",
io.g.kvno);
if (ret != LDB_SUCCESS) {
return ret;
}
ret = ldb_build_mod_req(&mod_req, ac->module->ldb, ac,
ret = ldb_build_mod_req(&mod_req, ldb, ac,
msg,
ac->req->controls,
ac, ph_op_callback,

37
source4/dsdb/samdb/ldb_modules/pdc_fsmo.c
View File

@ -21,9 +21,7 @@
*/
#include "includes.h"
#include "lib/ldb/include/ldb.h"
#include "lib/ldb/include/ldb_errors.h"
#include "lib/ldb/include/ldb_private.h"
#include "ldb_module.h"
#include "dsdb/samdb/samdb.h"
#include "librpc/gen_ndr/ndr_misc.h"
#include "librpc/gen_ndr/ndr_drsuapi.h"
@ -32,6 +30,7 @@
static int pdc_fsmo_init(struct ldb_module *module)
{
struct ldb_context *ldb;
TALLOC_CTX *mem_ctx;
struct ldb_dn *pdc_dn;
struct dsdb_pdc_fsmo *pdc_fsmo;
@ -42,15 +41,17 @@ static int pdc_fsmo_init(struct ldb_module *module)
NULL
};
ldb = ldb_module_get_ctx(module);
mem_ctx = talloc_new(module);
if (!mem_ctx) {
ldb_oom(module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
pdc_dn = samdb_base_dn(module->ldb);
pdc_dn = samdb_base_dn(ldb);
if (!pdc_dn) {
ldb_debug(module->ldb, LDB_DEBUG_WARNING,
ldb_debug(ldb, LDB_DEBUG_WARNING,
"pdc_fsmo_init: no domain dn present: (skip loading of domain details)\n");
talloc_free(mem_ctx);
return ldb_next_init(module);
@ -58,54 +59,54 @@ static int pdc_fsmo_init(struct ldb_module *module)
pdc_fsmo = talloc_zero(mem_ctx, struct dsdb_pdc_fsmo);
if (!pdc_fsmo) {
ldb_oom(module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
module->private_data = pdc_fsmo;
ldb_module_set_private(module, pdc_fsmo);
ret = ldb_search(module->ldb, mem_ctx, &pdc_res,
ret = ldb_search(ldb, mem_ctx, &pdc_res,
pdc_dn, LDB_SCOPE_BASE,
pdc_attrs, NULL);
if (ret == LDB_ERR_NO_SUCH_OBJECT) {
ldb_debug(module->ldb, LDB_DEBUG_WARNING,
ldb_debug(ldb, LDB_DEBUG_WARNING,
"pdc_fsmo_init: no domain object present: (skip loading of domain details)\n");
talloc_free(mem_ctx);
return ldb_next_init(module);
} else if (ret != LDB_SUCCESS) {
ldb_debug_set(module->ldb, LDB_DEBUG_FATAL,
ldb_debug_set(ldb, LDB_DEBUG_FATAL,
"pdc_fsmo_init: failed to search the domain object: %d:%s",
ret, ldb_strerror(ret));
talloc_free(mem_ctx);
return ret;
}
if (pdc_res->count == 0) {
ldb_debug(module->ldb, LDB_DEBUG_WARNING,
ldb_debug(ldb, LDB_DEBUG_WARNING,
"pdc_fsmo_init: no domain object present: (skip loading of domain details)\n");
talloc_free(mem_ctx);
return ldb_next_init(module);
} else if (pdc_res->count > 1) {
ldb_debug_set(module->ldb, LDB_DEBUG_FATAL,
ldb_debug_set(ldb, LDB_DEBUG_FATAL,
"pdc_fsmo_init: [%u] domain objects found on a base search",
pdc_res->count);
talloc_free(mem_ctx);
return LDB_ERR_CONSTRAINT_VIOLATION;
}
pdc_fsmo->master_dn = ldb_msg_find_attr_as_dn(module->ldb, mem_ctx, pdc_res->msgs[0], "fSMORoleOwner");
if (ldb_dn_compare(samdb_ntds_settings_dn(module->ldb), pdc_fsmo->master_dn) == 0) {
pdc_fsmo->master_dn = ldb_msg_find_attr_as_dn(ldb, mem_ctx, pdc_res->msgs[0], "fSMORoleOwner");
if (ldb_dn_compare(samdb_ntds_settings_dn(ldb), pdc_fsmo->master_dn) == 0) {
pdc_fsmo->we_are_master = true;
} else {
pdc_fsmo->we_are_master = false;
}
if (ldb_set_opaque(module->ldb, "dsdb_pdc_fsmo", pdc_fsmo) != LDB_SUCCESS) {
ldb_oom(module->ldb);
if (ldb_set_opaque(ldb, "dsdb_pdc_fsmo", pdc_fsmo) != LDB_SUCCESS) {
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
talloc_steal(module, pdc_fsmo);
ldb_debug(module->ldb, LDB_DEBUG_TRACE,
ldb_debug(ldb, LDB_DEBUG_TRACE,
"pdc_fsmo_init: we are master: %s\n",
(pdc_fsmo->we_are_master?"yes":"no"));

60
source4/dsdb/samdb/ldb_modules/proxy.c
View File

@ -37,9 +37,7 @@
*/
#include "includes.h"
#include "ldb/include/ldb.h"
#include "ldb/include/ldb_errors.h"
#include "ldb/include/ldb_private.h"
#include "ldb_module.h"
#include "auth/credentials/credentials.h"
struct proxy_data {
@ -64,7 +62,8 @@ struct proxy_ctx {
*/
static int load_proxy_info(struct ldb_module *module)
{
struct proxy_data *proxy = talloc_get_type(module->private_data, struct proxy_data);
struct ldb = ldb_module_get_ctx(module);
struct proxy_data *proxy = talloc_get_type(ldb_module_get_private(module), struct proxy_data);
struct ldb_dn *dn;
struct ldb_result *res = NULL;
int ret;
@ -76,14 +75,14 @@ static int load_proxy_info(struct ldb_module *module)
return LDB_SUCCESS;
}
dn = ldb_dn_new(proxy, module->ldb, "@PROXYINFO");
dn = ldb_dn_new(proxy, ldb, "@PROXYINFO");
if (dn == NULL) {
goto failed;
}
ret = ldb_search(module->ldb, proxy, &res, dn, LDB_SCOPE_BASE, NULL, NULL);
ret = ldb_search(ldb, proxy, &res, dn, LDB_SCOPE_BASE, NULL, NULL);
talloc_free(dn);
if (ret != LDB_SUCCESS || res->count != 1) {
ldb_debug(module->ldb, LDB_DEBUG_FATAL, "Can't find @PROXYINFO\n");
ldb_debug(ldb, LDB_DEBUG_FATAL, "Can't find @PROXYINFO\n");
goto failed;
}
@ -96,47 +95,47 @@ static int load_proxy_info(struct ldb_module *module)
newstr = ldb_msg_find_attr_as_string(res->msgs[0], "newstr", NULL);
if (url == NULL || olddn == NULL || newdn == NULL || username == NULL || password == NULL) {
ldb_debug(module->ldb, LDB_DEBUG_FATAL, "Need url, olddn, newdn, oldstr, newstr, username and password in @PROXYINFO\n");
ldb_debug(ldb, LDB_DEBUG_FATAL, "Need url, olddn, newdn, oldstr, newstr, username and password in @PROXYINFO\n");
goto failed;
}
proxy->olddn = ldb_dn_new(proxy, module->ldb, olddn);
proxy->olddn = ldb_dn_new(proxy, ldb, olddn);
if (proxy->olddn == NULL) {
ldb_debug(module->ldb, LDB_DEBUG_FATAL, "Failed to explode olddn '%s'\n", olddn);
ldb_debug(ldb, LDB_DEBUG_FATAL, "Failed to explode olddn '%s'\n", olddn);
goto failed;
}
proxy->newdn = ldb_dn_new(proxy, module->ldb, newdn);
proxy->newdn = ldb_dn_new(proxy, ldb, newdn);
if (proxy->newdn == NULL) {
ldb_debug(module->ldb, LDB_DEBUG_FATAL, "Failed to explode newdn '%s'\n", newdn);
ldb_debug(ldb, LDB_DEBUG_FATAL, "Failed to explode newdn '%s'\n", newdn);
goto failed;
}
proxy->upstream = ldb_init(proxy, ldb_get_event_context(ldb));
if (proxy->upstream == NULL) {
ldb_oom(module->ldb);
ldb_oom(ldb);
goto failed;
}
proxy->oldstr = str_list_make(proxy, oldstr, ", ");
if (proxy->oldstr == NULL) {
ldb_oom(module->ldb);
ldb_oom(ldb);
goto failed;
}
proxy->newstr = str_list_make(proxy, newstr, ", ");
if (proxy->newstr == NULL) {
ldb_oom(module->ldb);
ldb_oom(ldb);
goto failed;
}
/* setup credentials for connection */
creds = cli_credentials_init(proxy->upstream);
if (creds == NULL) {
ldb_oom(module->ldb);
ldb_oom(ldb);
goto failed;
}
cli_credentials_guess(creds, ldb_get_opaque(module->ldb, "loadparm"));
cli_credentials_guess(creds, ldb_get_opaque(ldb, "loadparm"));
cli_credentials_set_username(creds, username, CRED_SPECIFIED);
cli_credentials_set_password(creds, password, CRED_SPECIFIED);
@ -144,11 +143,11 @@ static int load_proxy_info(struct ldb_module *module)
ret = ldb_connect(proxy->upstream, url, 0, NULL);
if (ret != 0) {
ldb_debug(module->ldb, LDB_DEBUG_FATAL, "proxy failed to connect to %s\n", url);
ldb_debug(ldb, LDB_DEBUG_FATAL, "proxy failed to connect to %s\n", url);
goto failed;
}
ldb_debug(module->ldb, LDB_DEBUG_TRACE, "proxy connected to %s\n", url);
ldb_debug(ldb, LDB_DEBUG_TRACE, "proxy connected to %s\n", url);
talloc_free(res);
@ -256,12 +255,14 @@ static void proxy_convert_record(struct ldb_context *ldb,
static int proxy_search_callback(struct ldb_request *req,
struct ldb_reply *ares)
{
struct ldb_context *ldb;
struct proxy_data *proxy;
struct proxy_ctx *ac;
int ret;
ac = talloc_get_type(req->context, struct proxy_ctx);
proxy = talloc_get_type(ac->module->private_data, struct proxy_data);
ldb = ldb_module_get_ctx(ac->module);
proxy = talloc_get_type(private_data, struct proxy_data);
if (!ares) {
return ldb_module_done(ac->req, NULL, NULL,
@ -279,7 +280,7 @@ static int proxy_search_callback(struct ldb_request *req,
#ifdef DEBUG_PROXY
ac->count++;
#endif
proxy_convert_record(ac->module->ldb, proxy, ares->message);
proxy_convert_record(ldb, proxy, ares->message);
ret = ldb_module_send_entry(ac->req, ares->message, ares->controls);
break;
@ -304,13 +305,16 @@ static int proxy_search_callback(struct ldb_request *req,
/* search */
static int proxy_search_bytree(struct ldb_module *module, struct ldb_request *req)
{
struct ldb_context *ldb;
struct proxy_ctx *ac;
struct ldb_parse_tree *newtree;
struct proxy_data *proxy = talloc_get_type(module->private_data, struct proxy_data);
struct proxy_data *proxy = talloc_get_type(ldb_module_get_private(module), struct proxy_data);
struct ldb_request *newreq;
struct ldb_dn *base;
int ret, i;
ldb = ldb_module_get_ctx(module);
if (req->op.search.base == NULL ||
(req->op.search.base->comp_num == 1 &&
req->op.search.base->components[0].name[0] == '@')) {
@ -347,13 +351,13 @@ static int proxy_search_bytree(struct ldb_module *module, struct ldb_request *re
ldb_dn_remove_base_components(base, ldb_dn_get_comp_num(proxy->newdn));
ldb_dn_add_base(base, proxy->olddn);
ldb_debug(module->ldb, LDB_DEBUG_FATAL, "proxying: '%s' with dn '%s' \n",
ldb_debug(ldb, LDB_DEBUG_FATAL, "proxying: '%s' with dn '%s' \n",
ldb_filter_from_tree(ac, newreq->op.search.tree), ldb_dn_get_linearized(newreq->op.search.base));
for (i = 0; req->op.search.attrs && req->op.search.attrs[i]; i++) {
ldb_debug(module->ldb, LDB_DEBUG_FATAL, "attr: '%s'\n", req->op.search.attrs[i]);
ldb_debug(ldb, LDB_DEBUG_FATAL, "attr: '%s'\n", req->op.search.attrs[i]);
}
ret = ldb_build_search_req_ex(&newreq, module->ldb, ac,
ret = ldb_build_search_req_ex(&newreq, ldb, ac,
base, req->op.search.scope,
newtree, req->op.search.attrs,
req->controls,
@ -364,16 +368,16 @@ static int proxy_search_bytree(struct ldb_module *module, struct ldb_request *re
* for now this makes the module *not* ASYNC */
ret = ldb_request(proxy->upstream, newreq);
if (ret != LDB_SUCCESS) {
ldb_set_errstring(module->ldb, ldb_errstring(proxy->upstream));
ldb_set_errstring(ldb, ldb_errstring(proxy->upstream));
}
ret = ldb_wait(newreq->handle, LDB_WAIT_ALL);
if (ret != LDB_SUCCESS) {
ldb_set_errstring(module->ldb, ldb_errstring(proxy->upstream));
ldb_set_errstring(ldb, ldb_errstring(proxy->upstream));
}
return ret;
failed:
ldb_debug(module->ldb, LDB_DEBUG_TRACE, "proxy failed for %s\n",
ldb_debug(ldb, LDB_DEBUG_TRACE, "proxy failed for %s\n",
ldb_dn_get_linearized(req->op.search.base));
passthru:

155
source4/dsdb/samdb/ldb_modules/repl_meta_data.c
View File

@ -39,9 +39,7 @@
*/
#include "includes.h"
#include "lib/ldb/include/ldb.h"
#include "lib/ldb/include/ldb_errors.h"
#include "lib/ldb/include/ldb_private.h"
#include "ldb_module.h"
#include "dsdb/samdb/samdb.h"
#include "dsdb/common/flags.h"
#include "librpc/gen_ndr/ndr_misc.h"
@ -68,11 +66,14 @@ struct replmd_replicated_request {
static struct replmd_replicated_request *replmd_ctx_init(struct ldb_module *module,
struct ldb_request *req)
{
struct ldb_context *ldb;
struct replmd_replicated_request *ac;
ldb = ldb_module_get_ctx(module);
ac = talloc_zero(req, struct replmd_replicated_request);
if (ac == NULL) {
ldb_oom(module->ldb);
ldb_oom(ldb);
return NULL;
}
@ -204,9 +205,11 @@ static void replmd_ldb_message_sort(struct ldb_message *msg,
static int replmd_op_callback(struct ldb_request *req, struct ldb_reply *ares)
{
struct ldb_context *ldb;
struct replmd_replicated_request *ac;
ac = talloc_get_type(req->context, struct replmd_replicated_request);
ldb = ldb_module_get_ctx(ac->module);
if (!ares) {
return ldb_module_done(ac->req, NULL, NULL,
@ -218,7 +221,7 @@ static int replmd_op_callback(struct ldb_request *req, struct ldb_reply *ares)
}
if (ares->type != LDB_REPLY_DONE) {
ldb_set_errstring(ac->module->ldb,
ldb_set_errstring(ldb,
"invalid ldb_reply_type in callback");
talloc_free(ares);
return ldb_module_done(ac->req, NULL, NULL,
@ -231,6 +234,7 @@ static int replmd_op_callback(struct ldb_request *req, struct ldb_reply *ares)
static int replmd_add(struct ldb_module *module, struct ldb_request *req)
{
struct ldb_context *ldb;
struct replmd_replicated_request *ac;
const struct dsdb_schema *schema;
enum ndr_err_code ndr_err;
@ -254,11 +258,13 @@ static int replmd_add(struct ldb_module *module, struct ldb_request *req)
return ldb_next_request(module, req);
}
ldb_debug(module->ldb, LDB_DEBUG_TRACE, "replmd_add\n");
ldb = ldb_module_get_ctx(ac->module);
schema = dsdb_get_schema(module->ldb);
ldb_debug(ldb, LDB_DEBUG_TRACE, "replmd_add\n");
schema = dsdb_get_schema(ldb);
if (!schema) {
ldb_debug_set(module->ldb, LDB_DEBUG_FATAL,
ldb_debug_set(ldb, LDB_DEBUG_FATAL,
"replmd_modify: no dsdb_schema loaded");
return LDB_ERR_CONSTRAINT_VIOLATION;
}
@ -271,13 +277,13 @@ static int replmd_add(struct ldb_module *module, struct ldb_request *req)
ac->schema = schema;
if (ldb_msg_find_element(req->op.add.message, "objectGUID") != NULL) {
ldb_debug_set(module->ldb, LDB_DEBUG_ERROR,
ldb_debug_set(ldb, LDB_DEBUG_ERROR,
"replmd_add: it's not allowed to add an object with objectGUID\n");
return LDB_ERR_UNWILLING_TO_PERFORM;
}
/* Get a sequence number from the backend */
ret = ldb_sequence_number(module->ldb, LDB_SEQ_NEXT, &seq_num);
ret = ldb_sequence_number(ldb, LDB_SEQ_NEXT, &seq_num);
if (ret != LDB_SUCCESS) {
return ret;
}
@ -286,9 +292,9 @@ static int replmd_add(struct ldb_module *module, struct ldb_request *req)
guid = GUID_random();
/* get our invicationId */
our_invocation_id = samdb_ntds_invocation_id(module->ldb);
our_invocation_id = samdb_ntds_invocation_id(ldb);
if (!our_invocation_id) {
ldb_debug_set(module->ldb, LDB_DEBUG_ERROR,
ldb_debug_set(ldb, LDB_DEBUG_ERROR,
"replmd_add: unable to find invocationId\n");
return LDB_ERR_OPERATIONS_ERROR;
}
@ -296,7 +302,7 @@ static int replmd_add(struct ldb_module *module, struct ldb_request *req)
/* we have to copy the message as the caller might have it as a const */
msg = ldb_msg_copy_shallow(ac, req->op.add.message);
if (msg == NULL) {
ldb_oom(module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
@ -321,7 +327,7 @@ static int replmd_add(struct ldb_module *module, struct ldb_request *req)
*/
ret = ldb_msg_add_string(msg, "whenCreated", time_str);
if (ret != LDB_SUCCESS) {
ldb_oom(module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
@ -333,7 +339,7 @@ static int replmd_add(struct ldb_module *module, struct ldb_request *req)
struct replPropertyMetaData1,
nmd.ctr.ctr1.count);
if (!nmd.ctr.ctr1.array) {
ldb_oom(module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
@ -346,7 +352,7 @@ static int replmd_add(struct ldb_module *module, struct ldb_request *req)
sa = dsdb_attribute_by_lDAPDisplayName(schema, e->name);
if (!sa) {
ldb_debug_set(module->ldb, LDB_DEBUG_ERROR,
ldb_debug_set(ldb, LDB_DEBUG_ERROR,
"replmd_add: attribute '%s' not defined in schema\n",
e->name);
return LDB_ERR_NO_SUCH_ATTRIBUTE;
@ -386,15 +392,15 @@ static int replmd_add(struct ldb_module *module, struct ldb_request *req)
&guid,
(ndr_push_flags_fn_t)ndr_push_GUID);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
ldb_oom(module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
ndr_err = ndr_push_struct_blob(&nmd_value, msg,
lp_iconv_convenience(ldb_get_opaque(module->ldb, "loadparm")),
lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm")),
&nmd,
(ndr_push_flags_fn_t)ndr_push_replPropertyMetaDataBlob);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
ldb_oom(module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
@ -403,27 +409,27 @@ static int replmd_add(struct ldb_module *module, struct ldb_request *req)
*/
ret = ldb_msg_add_value(msg, "objectGUID", &guid_value, NULL);
if (ret != LDB_SUCCESS) {
ldb_oom(module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
ret = ldb_msg_add_string(msg, "whenChanged", time_str);
if (ret != LDB_SUCCESS) {
ldb_oom(module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
ret = samdb_msg_add_uint64(module->ldb, msg, msg, "uSNCreated", seq_num);
ret = samdb_msg_add_uint64(ldb, msg, msg, "uSNCreated", seq_num);
if (ret != LDB_SUCCESS) {
ldb_oom(module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
ret = samdb_msg_add_uint64(module->ldb, msg, msg, "uSNChanged", seq_num);
ret = samdb_msg_add_uint64(ldb, msg, msg, "uSNChanged", seq_num);
if (ret != LDB_SUCCESS) {
ldb_oom(module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
ret = ldb_msg_add_value(msg, "replPropertyMetaData", &nmd_value, NULL);
if (ret != LDB_SUCCESS) {
ldb_oom(module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
@ -432,7 +438,7 @@ static int replmd_add(struct ldb_module *module, struct ldb_request *req)
*/
replmd_ldb_message_sort(msg, schema);
ret = ldb_build_add_req(&down_req, module->ldb, ac,
ret = ldb_build_add_req(&down_req, ldb, ac,
msg,
req->controls,
ac, replmd_op_callback,
@ -447,6 +453,7 @@ static int replmd_add(struct ldb_module *module, struct ldb_request *req)
static int replmd_modify(struct ldb_module *module, struct ldb_request *req)
{
struct ldb_context *ldb;
struct replmd_replicated_request *ac;
const struct dsdb_schema *schema;
struct ldb_request *down_req;
@ -460,11 +467,13 @@ static int replmd_modify(struct ldb_module *module, struct ldb_request *req)
return ldb_next_request(module, req);
}
ldb_debug(module->ldb, LDB_DEBUG_TRACE, "replmd_modify\n");
ldb = ldb_module_get_ctx(module);
schema = dsdb_get_schema(module->ldb);
ldb_debug(ldb, LDB_DEBUG_TRACE, "replmd_modify\n");
schema = dsdb_get_schema(ldb);
if (!schema) {
ldb_debug_set(module->ldb, LDB_DEBUG_FATAL,
ldb_debug_set(ldb, LDB_DEBUG_FATAL,
"replmd_modify: no dsdb_schema loaded");
return LDB_ERR_CONSTRAINT_VIOLATION;
}
@ -501,7 +510,7 @@ static int replmd_modify(struct ldb_module *module, struct ldb_request *req)
}
/* Get a sequence number from the backend */
ret = ldb_sequence_number(module->ldb, LDB_SEQ_NEXT, &seq_num);
ret = ldb_sequence_number(ldb, LDB_SEQ_NEXT, &seq_num);
if (ret == LDB_SUCCESS) {
if (add_uint64_element(msg, "uSNChanged", seq_num) != LDB_SUCCESS) {
talloc_free(ac);
@ -514,7 +523,7 @@ static int replmd_modify(struct ldb_module *module, struct ldb_request *req)
* - replace the old object with the newly constructed one
*/
ret = ldb_build_mod_req(&down_req, module->ldb, ac,
ret = ldb_build_mod_req(&down_req, ldb, ac,
msg,
req->controls,
ac, replmd_op_callback,
@ -545,10 +554,12 @@ static int replmd_replicated_apply_next(struct replmd_replicated_request *ar);
static int replmd_replicated_apply_add_callback(struct ldb_request *req,
struct ldb_reply *ares)
{
struct ldb_context *ldb;
struct replmd_replicated_request *ar = talloc_get_type(req->context,
struct replmd_replicated_request);
int ret;
ldb = ldb_module_get_ctx(ar->module);
if (!ares) {
return ldb_module_done(ar->req, NULL, NULL,
@ -560,7 +571,7 @@ static int replmd_replicated_apply_add_callback(struct ldb_request *req,
}
if (ares->type != LDB_REPLY_DONE) {
ldb_set_errstring(ar->module->ldb, "Invalid reply type\n!");
ldb_set_errstring(ldb, "Invalid reply type\n!");
return ldb_module_done(ar->req, NULL, NULL,
LDB_ERR_OPERATIONS_ERROR);
}
@ -578,6 +589,7 @@ static int replmd_replicated_apply_add_callback(struct ldb_request *req,
static int replmd_replicated_apply_add(struct replmd_replicated_request *ar)
{
struct ldb_context *ldb;
struct ldb_request *change_req;
enum ndr_err_code ndr_err;
struct ldb_message *msg;
@ -596,10 +608,11 @@ static int replmd_replicated_apply_add(struct replmd_replicated_request *ar)
* same name exist
*/
ldb = ldb_module_get_ctx(ar->module);
msg = ar->objs->objects[ar->index_current].msg;
md = ar->objs->objects[ar->index_current].meta_data;
ret = ldb_sequence_number(ar->module->ldb, LDB_SEQ_NEXT, &seq_num);
ret = ldb_sequence_number(ldb, LDB_SEQ_NEXT, &seq_num);
if (ret != LDB_SUCCESS) {
return replmd_replicated_request_error(ar, ret);
}
@ -614,12 +627,12 @@ static int replmd_replicated_apply_add(struct replmd_replicated_request *ar)
return replmd_replicated_request_error(ar, ret);
}
ret = samdb_msg_add_uint64(ar->module->ldb, msg, msg, "uSNCreated", seq_num);
ret = samdb_msg_add_uint64(ldb, msg, msg, "uSNCreated", seq_num);
if (ret != LDB_SUCCESS) {
return replmd_replicated_request_error(ar, ret);
}
ret = samdb_msg_add_uint64(ar->module->ldb, msg, msg, "uSNChanged", seq_num);
ret = samdb_msg_add_uint64(ldb, msg, msg, "uSNChanged", seq_num);
if (ret != LDB_SUCCESS) {
return replmd_replicated_request_error(ar, ret);
}
@ -631,7 +644,7 @@ static int replmd_replicated_apply_add(struct replmd_replicated_request *ar)
md->ctr.ctr1.array[i].local_usn = seq_num;
}
ndr_err = ndr_push_struct_blob(&md_value, msg,
lp_iconv_convenience(ldb_get_opaque(ar->module->ldb, "loadparm")),
lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm")),
md,
(ndr_push_flags_fn_t)ndr_push_replPropertyMetaDataBlob);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
@ -646,7 +659,7 @@ static int replmd_replicated_apply_add(struct replmd_replicated_request *ar)
replmd_ldb_message_sort(msg, ar->schema);
ret = ldb_build_add_req(&change_req,
ar->module->ldb,
ldb,
ar,
msg,
ar->controls,
@ -682,10 +695,13 @@ static int replmd_replPropertyMetaData1_conflict_compare(struct replPropertyMeta
static int replmd_replicated_apply_merge_callback(struct ldb_request *req,
struct ldb_reply *ares)
{
struct ldb_context *ldb;
struct replmd_replicated_request *ar = talloc_get_type(req->context,
struct replmd_replicated_request);
int ret;
ldb = ldb_module_get_ctx(ar->module);
if (!ares) {
return ldb_module_done(ar->req, NULL, NULL,
LDB_ERR_OPERATIONS_ERROR);
@ -696,7 +712,7 @@ static int replmd_replicated_apply_merge_callback(struct ldb_request *req,
}
if (ares->type != LDB_REPLY_DONE) {
ldb_set_errstring(ar->module->ldb, "Invalid reply type\n!");
ldb_set_errstring(ldb, "Invalid reply type\n!");
return ldb_module_done(ar->req, NULL, NULL,
LDB_ERR_OPERATIONS_ERROR);
}
@ -714,6 +730,7 @@ static int replmd_replicated_apply_merge_callback(struct ldb_request *req,
static int replmd_replicated_apply_merge(struct replmd_replicated_request *ar)
{
struct ldb_context *ldb;
struct ldb_request *change_req;
enum ndr_err_code ndr_err;
struct ldb_message *msg;
@ -727,6 +744,7 @@ static int replmd_replicated_apply_merge(struct replmd_replicated_request *ar)
uint64_t seq_num;
int ret;
ldb = ldb_module_get_ctx(ar->module);
msg = ar->objs->objects[ar->index_current].msg;
rmd = ar->objs->objects[ar->index_current].meta_data;
ZERO_STRUCT(omd);
@ -736,15 +754,15 @@ static int replmd_replicated_apply_merge(struct replmd_replicated_request *ar)
* TODO: add rename conflict handling
*/
if (ldb_dn_compare(msg->dn, ar->search_msg->dn) != 0) {
ldb_debug_set(ar->module->ldb, LDB_DEBUG_FATAL, "replmd_replicated_apply_merge[%u]: rename not supported",
ldb_debug_set(ldb, LDB_DEBUG_FATAL, "replmd_replicated_apply_merge[%u]: rename not supported",
ar->index_current);
ldb_debug(ar->module->ldb, LDB_DEBUG_FATAL, "%s => %s\n",
ldb_debug(ldb, LDB_DEBUG_FATAL, "%s => %s\n",
ldb_dn_get_linearized(ar->search_msg->dn),
ldb_dn_get_linearized(msg->dn));
return replmd_replicated_request_werror(ar, WERR_NOT_SUPPORTED);
}
ret = ldb_sequence_number(ar->module->ldb, LDB_SEQ_NEXT, &seq_num);
ret = ldb_sequence_number(ldb, LDB_SEQ_NEXT, &seq_num);
if (ret != LDB_SUCCESS) {
return replmd_replicated_request_error(ar, ret);
}
@ -753,7 +771,7 @@ static int replmd_replicated_apply_merge(struct replmd_replicated_request *ar)
omd_value = ldb_msg_find_ldb_val(ar->search_msg, "replPropertyMetaData");
if (omd_value) {
ndr_err = ndr_pull_struct_blob(omd_value, ar,
lp_iconv_convenience(ldb_get_opaque(ar->module->ldb, "loadparm")), &omd,
lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm")), &omd,
(ndr_pull_flags_fn_t)ndr_pull_replPropertyMetaDataBlob);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err);
@ -837,7 +855,7 @@ static int replmd_replicated_apply_merge(struct replmd_replicated_request *ar)
/* create the meta data value */
ndr_err = ndr_push_struct_blob(&nmd_value, msg,
lp_iconv_convenience(ldb_get_opaque(ar->module->ldb, "loadparm")),
lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm")),
&nmd,
(ndr_push_flags_fn_t)ndr_push_replPropertyMetaDataBlob);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
@ -849,14 +867,14 @@ static int replmd_replicated_apply_merge(struct replmd_replicated_request *ar)
* check if some replicated attributes left, otherwise skip the ldb_modify() call
*/
if (msg->num_elements == 0) {
ldb_debug(ar->module->ldb, LDB_DEBUG_TRACE, "replmd_replicated_apply_merge[%u]: skip replace\n",
ldb_debug(ldb, LDB_DEBUG_TRACE, "replmd_replicated_apply_merge[%u]: skip replace\n",
ar->index_current);
ar->index_current++;
return replmd_replicated_apply_next(ar);
}
ldb_debug(ar->module->ldb, LDB_DEBUG_TRACE, "replmd_replicated_apply_merge[%u]: replace %u attributes\n",
ldb_debug(ldb, LDB_DEBUG_TRACE, "replmd_replicated_apply_merge[%u]: replace %u attributes\n",
ar->index_current, msg->num_elements);
/*
@ -867,7 +885,7 @@ static int replmd_replicated_apply_merge(struct replmd_replicated_request *ar)
if (ret != LDB_SUCCESS) {
return replmd_replicated_request_error(ar, ret);
}
ret = samdb_msg_add_uint64(ar->module->ldb, msg, msg, "uSNChanged", seq_num);
ret = samdb_msg_add_uint64(ldb, msg, msg, "uSNChanged", seq_num);
if (ret != LDB_SUCCESS) {
return replmd_replicated_request_error(ar, ret);
}
@ -884,7 +902,7 @@ static int replmd_replicated_apply_merge(struct replmd_replicated_request *ar)
}
ret = ldb_build_mod_req(&change_req,
ar->module->ldb,
ldb,
ar,
msg,
ar->controls,
@ -941,6 +959,7 @@ static int replmd_replicated_uptodate_vector(struct replmd_replicated_request *a
static int replmd_replicated_apply_next(struct replmd_replicated_request *ar)
{
struct ldb_context *ldb;
int ret;
char *tmp_str;
char *filter;
@ -951,6 +970,7 @@ static int replmd_replicated_apply_next(struct replmd_replicated_request *ar)
return replmd_replicated_uptodate_vector(ar);
}
ldb = ldb_module_get_ctx(ar->module);
ar->search_msg = NULL;
tmp_str = ldb_binary_encode(ar, ar->objs->objects[ar->index_current].guid_value);
@ -961,7 +981,7 @@ static int replmd_replicated_apply_next(struct replmd_replicated_request *ar)
talloc_free(tmp_str);
ret = ldb_build_search_req(&search_req,
ar->module->ldb,
ldb,
ar,
ar->objs->partition_dn,
LDB_SCOPE_SUBTREE,
@ -979,8 +999,10 @@ static int replmd_replicated_apply_next(struct replmd_replicated_request *ar)
static int replmd_replicated_uptodate_modify_callback(struct ldb_request *req,
struct ldb_reply *ares)
{
struct ldb_context *ldb;
struct replmd_replicated_request *ar = talloc_get_type(req->context,
struct replmd_replicated_request);
ldb = ldb_module_get_ctx(ar->module);
if (!ares) {
return ldb_module_done(ar->req, NULL, NULL,
@ -992,7 +1014,7 @@ static int replmd_replicated_uptodate_modify_callback(struct ldb_request *req,
}
if (ares->type != LDB_REPLY_DONE) {
ldb_set_errstring(ar->module->ldb, "Invalid reply type\n!");
ldb_set_errstring(ldb, "Invalid reply type\n!");
return ldb_module_done(ar->req, NULL, NULL,
LDB_ERR_OPERATIONS_ERROR);
}
@ -1010,6 +1032,7 @@ static int replmd_drsuapi_DsReplicaCursor2_compare(const struct drsuapi_DsReplic
static int replmd_replicated_uptodate_modify(struct replmd_replicated_request *ar)
{
struct ldb_context *ldb;
struct ldb_request *change_req;
enum ndr_err_code ndr_err;
struct ldb_message *msg;
@ -1031,6 +1054,7 @@ static int replmd_replicated_uptodate_modify(struct replmd_replicated_request *a
NTTIME now;
int ret;
ldb = ldb_module_get_ctx(ar->module);
ruv = ar->objs->uptodateness_vector;
ZERO_STRUCT(ouv);
ouv.version = 2;
@ -1044,7 +1068,7 @@ static int replmd_replicated_uptodate_modify(struct replmd_replicated_request *a
* because we will do a modify request and this will increment
* our highest_usn
*/
ret = ldb_sequence_number(ar->module->ldb, LDB_SEQ_NEXT, &seq_num);
ret = ldb_sequence_number(ldb, LDB_SEQ_NEXT, &seq_num);
if (ret != LDB_SUCCESS) {
return replmd_replicated_request_error(ar, ret);
}
@ -1055,7 +1079,7 @@ static int replmd_replicated_uptodate_modify(struct replmd_replicated_request *a
ouv_value = ldb_msg_find_ldb_val(ar->search_msg, "replUpToDateVector");
if (ouv_value) {
ndr_err = ndr_pull_struct_blob(ouv_value, ar,
lp_iconv_convenience(ldb_get_opaque(ar->module->ldb, "loadparm")), &ouv,
lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm")), &ouv,
(ndr_pull_flags_fn_t)ndr_pull_replUpToDateVectorBlob);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err);
@ -1087,7 +1111,7 @@ static int replmd_replicated_uptodate_modify(struct replmd_replicated_request *a
}
/* get our invocation_id if we have one already attached to the ldb */
our_invocation_id = samdb_ntds_invocation_id(ar->module->ldb);
our_invocation_id = samdb_ntds_invocation_id(ldb);
/* merge in the source_dsa vector is available */
for (i=0; (ruv && i < ruv->count); i++) {
@ -1181,7 +1205,7 @@ static int replmd_replicated_uptodate_modify(struct replmd_replicated_request *a
msg->dn = ar->search_msg->dn;
ndr_err = ndr_push_struct_blob(&nuv_value, msg,
lp_iconv_convenience(ldb_get_opaque(ar->module->ldb, "loadparm")),
lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm")),
&nuv,
(ndr_push_flags_fn_t)ndr_push_replUpToDateVectorBlob);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
@ -1219,7 +1243,7 @@ static int replmd_replicated_uptodate_modify(struct replmd_replicated_request *a
trf = talloc(ar, struct repsFromToBlob);
if (!trf) return replmd_replicated_request_werror(ar, WERR_NOMEM);
ndr_err = ndr_pull_struct_blob(&orf_el->values[i], trf, lp_iconv_convenience(ldb_get_opaque(ar->module->ldb, "loadparm")), trf,
ndr_err = ndr_pull_struct_blob(&orf_el->values[i], trf, lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm")), trf,
(ndr_pull_flags_fn_t)ndr_pull_repsFromToBlob);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err);
@ -1270,7 +1294,7 @@ static int replmd_replicated_uptodate_modify(struct replmd_replicated_request *a
/* we now fill the value which is already attached to ldb_message */
ndr_err = ndr_push_struct_blob(nrf_value, msg,
lp_iconv_convenience(ldb_get_opaque(ar->module->ldb, "loadparm")),
lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm")),
&nrf,
(ndr_push_flags_fn_t)ndr_push_repsFromToBlob);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
@ -1286,7 +1310,7 @@ static int replmd_replicated_uptodate_modify(struct replmd_replicated_request *a
/* prepare the ldb_modify() request */
ret = ldb_build_mod_req(&change_req,
ar->module->ldb,
ldb,
ar,
msg,
ar->controls,
@ -1342,6 +1366,7 @@ static int replmd_replicated_uptodate_search_callback(struct ldb_request *req,
static int replmd_replicated_uptodate_vector(struct replmd_replicated_request *ar)
{
struct ldb_context *ldb;
int ret;
static const char *attrs[] = {
"replUpToDateVector",
@ -1350,10 +1375,11 @@ static int replmd_replicated_uptodate_vector(struct replmd_replicated_request *a
};
struct ldb_request *search_req;
ldb = ldb_module_get_ctx(ar->module);
ar->search_msg = NULL;
ret = ldb_build_search_req(&search_req,
ar->module->ldb,
ldb,
ar,
ar->objs->partition_dn,
LDB_SCOPE_BASE,
@ -1370,21 +1396,24 @@ static int replmd_replicated_uptodate_vector(struct replmd_replicated_request *a
static int replmd_extended_replicated_objects(struct ldb_module *module, struct ldb_request *req)
{
struct ldb_context *ldb;
struct dsdb_extended_replicated_objects *objs;
struct replmd_replicated_request *ar;
struct ldb_control **ctrls;
int ret;
ldb_debug(module->ldb, LDB_DEBUG_TRACE, "replmd_extended_replicated_objects\n");
ldb = ldb_module_get_ctx(module);
ldb_debug(ldb, LDB_DEBUG_TRACE, "replmd_extended_replicated_objects\n");
objs = talloc_get_type(req->op.extended.data, struct dsdb_extended_replicated_objects);
if (!objs) {
ldb_debug(module->ldb, LDB_DEBUG_FATAL, "replmd_extended_replicated_objects: invalid extended data\n");
ldb_debug(ldb, LDB_DEBUG_FATAL, "replmd_extended_replicated_objects: invalid extended data\n");
return LDB_ERR_PROTOCOL_ERROR;
}
if (objs->version != DSDB_EXTENDED_REPLICATED_OBJECTS_VERSION) {
ldb_debug(module->ldb, LDB_DEBUG_FATAL, "replmd_extended_replicated_objects: extended data invalid version [%u != %u]\n",
ldb_debug(ldb, LDB_DEBUG_FATAL, "replmd_extended_replicated_objects: extended data invalid version [%u != %u]\n",
objs->version, DSDB_EXTENDED_REPLICATED_OBJECTS_VERSION);
return LDB_ERR_PROTOCOL_ERROR;
}
@ -1394,9 +1423,9 @@ static int replmd_extended_replicated_objects(struct ldb_module *module, struct
return LDB_ERR_OPERATIONS_ERROR;
ar->objs = objs;
ar->schema = dsdb_get_schema(module->ldb);
ar->schema = dsdb_get_schema(ldb);
if (!ar->schema) {
ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, "replmd_ctx_init: no loaded schema found\n");
ldb_debug_set(ldb, LDB_DEBUG_FATAL, "replmd_ctx_init: no loaded schema found\n");
talloc_free(ar);
return LDB_ERR_CONSTRAINT_VIOLATION;
}

62
source4/dsdb/samdb/ldb_modules/rootdse.c
View File

@ -21,9 +21,7 @@
*/
#include "includes.h"
#include "lib/ldb/include/ldb.h"
#include "lib/ldb/include/ldb_errors.h"
#include "lib/ldb/include/ldb_private.h"
#include "ldb_private.h"
#include "system/time.h"
#include "dsdb/samdb/samdb.h"
#include "version.h"
@ -56,13 +54,15 @@ static int do_attribute_explicit(const char * const *attrs, const char *name)
*/
static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *msg, const char * const *attrs)
{
struct private_data *priv = talloc_get_type(module->private_data, struct private_data);
struct ldb_context *ldb;
struct private_data *priv = talloc_get_type(ldb_module_get_private(module), struct private_data);
char **server_sasl;
const struct dsdb_schema *schema;
schema = dsdb_get_schema(module->ldb);
ldb = ldb_module_get_ctx(module);
schema = dsdb_get_schema(ldb);
msg->dn = ldb_dn_new(msg, module->ldb, NULL);
msg->dn = ldb_dn_new(msg, ldb, NULL);
/* don't return the distinduishedName, cn and name attributes */
ldb_msg_remove_attr(msg, "distinguishedName");
@ -101,7 +101,7 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms
}
}
server_sasl = talloc_get_type(ldb_get_opaque(module->ldb, "supportedSASLMechanims"),
server_sasl = talloc_get_type(ldb_get_opaque(ldb, "supportedSASLMechanims"),
char *);
if (server_sasl && do_attribute(attrs, "supportedSASLMechanisms")) {
int i;
@ -119,7 +119,7 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms
if (do_attribute(attrs, "highestCommittedUSN")) {
uint64_t seq_num;
int ret = ldb_sequence_number(module->ldb, LDB_SEQ_HIGHEST_SEQ, &seq_num);
int ret = ldb_sequence_number(ldb, LDB_SEQ_HIGHEST_SEQ, &seq_num);
if (ret == LDB_SUCCESS) {
if (ldb_msg_add_fmt(msg, "highestCommittedUSN",
"%llu", (unsigned long long)seq_num) != 0) {
@ -169,7 +169,7 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms
const char *dn_str;
if (schema && schema->fsmo.we_are_master) {
dn_str = ldb_dn_get_linearized(samdb_schema_dn(module->ldb));
dn_str = ldb_dn_get_linearized(samdb_schema_dn(ldb));
if (dn_str && dn_str[0]) {
if (ldb_msg_add_fmt(msg, "validFSMOs", "%s", dn_str) != 0) {
goto failed;
@ -177,10 +177,10 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms
}
}
naming_fsmo = talloc_get_type(ldb_get_opaque(module->ldb, "dsdb_naming_fsmo"),
naming_fsmo = talloc_get_type(ldb_get_opaque(ldb, "dsdb_naming_fsmo"),
struct dsdb_naming_fsmo);
if (naming_fsmo && naming_fsmo->we_are_master) {
dn_str = ldb_dn_get_linearized(samdb_partitions_dn(module->ldb, msg));
dn_str = ldb_dn_get_linearized(samdb_partitions_dn(ldb, msg));
if (dn_str && dn_str[0]) {
if (ldb_msg_add_fmt(msg, "validFSMOs", "%s", dn_str) != 0) {
goto failed;
@ -188,10 +188,10 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms
}
}
pdc_fsmo = talloc_get_type(ldb_get_opaque(module->ldb, "dsdb_pdc_fsmo"),
pdc_fsmo = talloc_get_type(ldb_get_opaque(ldb, "dsdb_pdc_fsmo"),
struct dsdb_pdc_fsmo);
if (pdc_fsmo && pdc_fsmo->we_are_master) {
dn_str = ldb_dn_get_linearized(samdb_base_dn(module->ldb));
dn_str = ldb_dn_get_linearized(samdb_base_dn(ldb));
if (dn_str && dn_str[0]) {
if (ldb_msg_add_fmt(msg, "validFSMOs", "%s", dn_str) != 0) {
goto failed;
@ -227,11 +227,14 @@ struct rootdse_context {
static struct rootdse_context *rootdse_init_context(struct ldb_module *module,
struct ldb_request *req)
{
struct ldb_context *ldb;
struct rootdse_context *ac;
ldb = ldb_module_get_ctx(module);
ac = talloc_zero(req, struct rootdse_context);
if (ac == NULL) {
ldb_set_errstring(module->ldb, "Out of Memory");
ldb_set_errstring(ldb, "Out of Memory");
return NULL;
}
@ -296,10 +299,13 @@ static int rootdse_callback(struct ldb_request *req, struct ldb_reply *ares)
static int rootdse_search(struct ldb_module *module, struct ldb_request *req)
{
struct ldb_context *ldb;
struct rootdse_context *ac;
struct ldb_request *down_req;
int ret;
ldb = ldb_module_get_ctx(module);
/* see if its for the rootDSE - only a base search on the "" DN qualifies */
if (!(req->op.search.scope == LDB_SCOPE_BASE && ldb_dn_is_null(req->op.search.base))) {
/* Otherwise, pass down to the rest of the stack */
@ -312,8 +318,8 @@ static int rootdse_search(struct ldb_module *module, struct ldb_request *req)
}
/* in our db we store the rootDSE with a DN of @ROOTDSE */
ret = ldb_build_search_req(&down_req, module->ldb, ac,
ldb_dn_new(ac, module->ldb, "@ROOTDSE"),
ret = ldb_build_search_req(&down_req, ldb, ac,
ldb_dn_new(ac, ldb, "@ROOTDSE"),
LDB_SCOPE_BASE,
NULL,
req->op.search.attrs,
@ -329,7 +335,7 @@ static int rootdse_search(struct ldb_module *module, struct ldb_request *req)
static int rootdse_register_control(struct ldb_module *module, struct ldb_request *req)
{
struct private_data *priv = talloc_get_type(module->private_data, struct private_data);
struct private_data *priv = talloc_get_type(ldb_module_get_private(module), struct private_data);
char **list;
list = talloc_realloc(priv, priv->controls, char *, priv->num_controls + 1);
@ -350,7 +356,7 @@ static int rootdse_register_control(struct ldb_module *module, struct ldb_reques
static int rootdse_register_partition(struct ldb_module *module, struct ldb_request *req)
{
struct private_data *priv = talloc_get_type(module->private_data, struct private_data);
struct private_data *priv = talloc_get_type(ldb_module_get_private(module), struct private_data);
struct ldb_dn **list;
list = talloc_realloc(priv, priv->partitions, struct ldb_dn *, priv->num_partitions + 1);
@ -387,8 +393,11 @@ static int rootdse_request(struct ldb_module *module, struct ldb_request *req)
static int rootdse_init(struct ldb_module *module)
{
struct ldb_context *ldb;
struct private_data *data;
ldb = ldb_module_get_ctx(module);
data = talloc(module, struct private_data);
if (data == NULL) {
return -1;
@ -398,15 +407,16 @@ static int rootdse_init(struct ldb_module *module)
data->controls = NULL;
data->num_partitions = 0;
data->partitions = NULL;
module->private_data = data;
ldb_module_set_private(module, data);
ldb_set_default_dns(module->ldb);
ldb_set_default_dns(ldb);
return ldb_next_init(module);
}
static int rootdse_modify(struct ldb_module *module, struct ldb_request *req)
{
struct ldb_context *ldb;
struct ldb_result *ext_res;
int ret;
struct ldb_dn *schema_dn;
@ -418,7 +428,9 @@ static int rootdse_modify(struct ldb_module *module, struct ldb_request *req)
if (!ldb_dn_is_null(req->op.mod.message->dn)) {
return ldb_next_request(module, req);
}
ldb = ldb_module_get_ctx(module);
/*
dn is empty so check for schemaUpdateNow attribute
"The type of modification and values specified in the LDAP modify operation do not matter." MSDN
@ -428,15 +440,15 @@ static int rootdse_modify(struct ldb_module *module, struct ldb_request *req)
return LDB_ERR_OPERATIONS_ERROR;
}
schema_dn = samdb_schema_dn(module->ldb);
schema_dn = samdb_schema_dn(ldb);
if (!schema_dn) {
ldb_reset_err_string(module->ldb);
ldb_debug(module->ldb, LDB_DEBUG_WARNING,
ldb_reset_err_string(ldb);
ldb_debug(ldb, LDB_DEBUG_WARNING,
"rootdse_modify: no schema dn present: (skip ldb_extended call)\n");
return ldb_next_request(module, req);
}
ret = ldb_extended(module->ldb, DSDB_EXTENDED_SCHEMA_UPDATE_NOW_OID, schema_dn, &ext_res);
ret = ldb_extended(ldb, DSDB_EXTENDED_SCHEMA_UPDATE_NOW_OID, schema_dn, &ext_res);
if (ret != LDB_SUCCESS) {
return LDB_ERR_OPERATIONS_ERROR;
}

15
source4/dsdb/samdb/ldb_modules/samba3sam.c
View File

@ -6,9 +6,7 @@
*/
#include "includes.h"
#include "ldb/include/ldb.h"
#include "ldb/include/ldb_private.h"
#include "ldb/include/ldb_errors.h"
#include "ldb/include/ldb_module.h"
#include "ldb/ldb_map/ldb_map.h"
#include "system/passwd.h"
@ -118,20 +116,23 @@ static void generate_sambaPrimaryGroupSID(struct ldb_module *module, const char
static struct ldb_val convert_uid_samaccount(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val)
{
struct ldb_val out = data_blob(NULL, 0);
ldb_handler_copy(module->ldb, ctx, val, &out);
out = ldb_val_dup(ctx, val);
return out;
}
static struct ldb_val lookup_homedir(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val)
{
struct ldb_context *ldb;
struct passwd *pwd;
struct ldb_val retval;
ldb = ldb_module_get_ctx(module);
pwd = getpwnam((char *)val->data);
if (!pwd) {
ldb_debug(module->ldb, LDB_DEBUG_WARNING, "Unable to lookup '%s' in passwd", (char *)val->data);
ldb_debug(ldb, LDB_DEBUG_WARNING, "Unable to lookup '%s' in passwd", (char *)val->data);
return *talloc_zero(ctx, struct ldb_val);
}
@ -145,7 +146,7 @@ static struct ldb_val lookup_gid(struct ldb_module *module, TALLOC_CTX *ctx, con
{
struct passwd *pwd;
struct ldb_val retval;
pwd = getpwnam((char *)val->data);
if (!pwd) {

176
source4/dsdb/samdb/ldb_modules/samldb.c
View File

@ -34,10 +34,7 @@
#include "includes.h"
#include "libcli/ldap/ldap_ndr.h"
#include "lib/ldb/include/ldb_errors.h"
#include "lib/ldb/include/ldb.h"
#include "lib/ldb/include/ldb_private.h"
#include "lib/events/events.h"
#include "ldb_module.h"
#include "dsdb/samdb/samdb.h"
#include "libcli/security/security.h"
#include "librpc/gen_ndr/ndr_security.h"
@ -83,11 +80,14 @@ struct samldb_ctx {
static struct samldb_ctx *samldb_ctx_init(struct ldb_module *module,
struct ldb_request *req)
{
struct ldb_context *ldb;
struct samldb_ctx *ac;
ldb = ldb_module_get_ctx(module);
ac = talloc_zero(req, struct samldb_ctx);
if (ac == NULL) {
ldb_oom(module->ldb);
ldb_oom(ldb);
return NULL;
}
@ -144,10 +144,12 @@ static int samldb_next_step(struct samldb_ctx *ac)
static int samldb_search_template_callback(struct ldb_request *req,
struct ldb_reply *ares)
{
struct ldb_context *ldb;
struct samldb_ctx *ac;
int ret;
ac = talloc_get_type(req->context, struct samldb_ctx);
ldb = ldb_module_get_ctx(ac->module);
if (!ares) {
ret = LDB_ERR_OPERATIONS_ERROR;
@ -163,7 +165,7 @@ static int samldb_search_template_callback(struct ldb_request *req,
/* save entry */
if (ac->ares != NULL) {
/* one too many! */
ldb_set_errstring(ac->module->ldb,
ldb_set_errstring(ldb,
"Invalid number of results while searching "
"for template objects");
ret = LDB_ERR_OPERATIONS_ERROR;
@ -197,6 +199,7 @@ done:
static int samldb_search_template(struct samldb_ctx *ac)
{
struct ldb_context *ldb;
struct tevent_context *ev;
struct loadparm_context *lparm_ctx;
struct ldb_context *templates_ldb;
@ -206,31 +209,33 @@ static int samldb_search_template(struct samldb_ctx *ac)
void *opaque;
int ret;
opaque = ldb_get_opaque(ac->module->ldb, "loadparm");
ldb = ldb_module_get_ctx(ac->module);
opaque = ldb_get_opaque(ldb, "loadparm");
lparm_ctx = talloc_get_type(opaque, struct loadparm_context);
if (lparm_ctx == NULL) {
ldb_set_errstring(ac->module->ldb,
ldb_set_errstring(ldb,
"Unable to find loadparm context\n");
return LDB_ERR_OPERATIONS_ERROR;
}
opaque = ldb_get_opaque(ac->module->ldb, "templates_ldb");
opaque = ldb_get_opaque(ldb, "templates_ldb");
templates_ldb = talloc_get_type(opaque, struct ldb_context);
/* make sure we have the templates ldb */
if (!templates_ldb) {
templates_ldb_path = samdb_relative_path(ac->module->ldb, ac,
templates_ldb_path = samdb_relative_path(ldb, ac,
"templates.ldb");
if (!templates_ldb_path) {
ldb_set_errstring(ac->module->ldb,
ldb_set_errstring(ldb,
"samldb_init_template: ERROR: Failed "
"to contruct path for template db");
return LDB_ERR_OPERATIONS_ERROR;
}
ev = ldb_get_event_context(ac->module->ldb);
ev = ldb_get_event_context(ldb);
templates_ldb = ldb_wrap_connect(ac->module->ldb, ev,
templates_ldb = ldb_wrap_connect(ldb, ev,
lparm_ctx, templates_ldb_path,
NULL, NULL, 0, NULL);
talloc_free(templates_ldb_path);
@ -243,7 +248,7 @@ static int samldb_search_template(struct samldb_ctx *ac)
return LDB_ERR_OPERATIONS_ERROR;
}
ret = ldb_set_opaque(ac->module->ldb,
ret = ldb_set_opaque(ldb,
"templates_ldb", templates_ldb);
if (ret != LDB_SUCCESS) {
return ret;
@ -254,7 +259,7 @@ static int samldb_search_template(struct samldb_ctx *ac)
basedn = ldb_dn_new_fmt(ac, templates_ldb,
"cn=Template%s,cn=Templates", ac->type);
if (basedn == NULL) {
ldb_set_errstring(ac->module->ldb,
ldb_set_errstring(ldb,
"samldb_init_template: ERROR: Failed "
"to contruct DN for template");
return LDB_ERR_OPERATIONS_ERROR;
@ -279,11 +284,13 @@ static int samldb_search_template(struct samldb_ctx *ac)
static int samldb_apply_template(struct samldb_ctx *ac)
{
struct ldb_context *ldb;
struct ldb_message_element *el;
struct ldb_message *msg;
int i, j;
int ret;
ldb = ldb_module_get_ctx(ac->module);
msg = ac->ares->message;
for (i = 0; i < msg->num_elements; i++) {
@ -300,10 +307,10 @@ static int samldb_apply_template(struct samldb_ctx *ac)
}
for (j = 0; j < el->num_values; j++) {
ret = samdb_find_or_add_attribute(
ac->module->ldb, ac->msg, el->name,
ldb, ac->msg, el->name,
(char *)el->values[j].data);
if (ret != LDB_SUCCESS) {
ldb_set_errstring(ac->module->ldb,
ldb_set_errstring(ldb,
"Failed adding template attribute\n");
return LDB_ERR_OPERATIONS_ERROR;
}
@ -318,11 +325,13 @@ static int samldb_get_parent_domain(struct samldb_ctx *ac);
static int samldb_get_parent_domain_callback(struct ldb_request *req,
struct ldb_reply *ares)
{
struct ldb_context *ldb;
struct samldb_ctx *ac;
const char *nextRid;
int ret;
ac = talloc_get_type(req->context, struct samldb_ctx);
ldb = ldb_module_get_ctx(ac->module);
if (!ares) {
ret = LDB_ERR_OPERATIONS_ERROR;
@ -338,7 +347,7 @@ static int samldb_get_parent_domain_callback(struct ldb_request *req,
/* save entry */
if (ac->domain_dn != NULL) {
/* one too many! */
ldb_set_errstring(ac->module->ldb,
ldb_set_errstring(ldb,
"Invalid number of results while searching "
"for domain object");
ret = LDB_ERR_OPERATIONS_ERROR;
@ -348,7 +357,7 @@ static int samldb_get_parent_domain_callback(struct ldb_request *req,
nextRid = ldb_msg_find_attr_as_string(ares->message,
"nextRid", NULL);
if (nextRid == NULL) {
ldb_asprintf_errstring(ac->module->ldb,
ldb_asprintf_errstring(ldb,
"while looking for domain above %s attribute nextRid not found in %s\n",
ldb_dn_get_linearized(ac->req->op.add.message->dn),
ldb_dn_get_linearized(ares->message->dn));
@ -361,7 +370,7 @@ static int samldb_get_parent_domain_callback(struct ldb_request *req,
ac->domain_sid = samdb_result_dom_sid(ac, ares->message,
"objectSid");
if (ac->domain_sid == NULL) {
ldb_set_errstring(ac->module->ldb,
ldb_set_errstring(ldb,
"error retrieving parent domain domain sid!\n");
ret = LDB_ERR_CONSTRAINT_VIOLATION;
break;
@ -370,7 +379,7 @@ static int samldb_get_parent_domain_callback(struct ldb_request *req,
talloc_free(ares);
ret = LDB_SUCCESS;
ldb_reset_err_string(ac->module->ldb);
ldb_reset_err_string(ldb);
break;
case LDB_REPLY_REFERRAL:
@ -403,25 +412,28 @@ done:
/* Find a domain object in the parents of a particular DN. */
static int samldb_get_parent_domain(struct samldb_ctx *ac)
{
struct ldb_context *ldb;
static const char * const attrs[3] = { "objectSid", "nextRid", NULL };
struct ldb_request *req;
struct ldb_dn *dn;
int ret;
ldb = ldb_module_get_ctx(ac->module);
if (ac->check_dn == NULL) {
return LDB_ERR_OPERATIONS_ERROR;
}
dn = ldb_dn_get_parent(ac, ac->check_dn);
if (dn == NULL) {
ldb_set_errstring(ac->module->ldb,
ldb_set_errstring(ldb,
"Unable to find parent domain object");
return LDB_ERR_CONSTRAINT_VIOLATION;
}
ac->check_dn = dn;
ret = ldb_build_search_req(&req, ac->module->ldb, ac,
ret = ldb_build_search_req(&req, ldb, ac,
dn, LDB_SCOPE_BASE,
"(|(objectClass=domain)"
"(objectClass=builtinDomain)"
@ -503,11 +515,14 @@ done:
static int samldb_check_samAccountName(struct samldb_ctx *ac)
{
struct ldb_context *ldb;
struct ldb_request *req;
const char *name;
char *filter;
int ret;
ldb = ldb_module_get_ctx(ac->module);
if (ldb_msg_find_element(ac->msg, "samAccountName") == NULL) {
ret = samldb_generate_samAccountName(ac->msg);
if (ret != LDB_SUCCESS) {
@ -524,7 +539,7 @@ static int samldb_check_samAccountName(struct samldb_ctx *ac)
return LDB_ERR_OPERATIONS_ERROR;
}
ret = ldb_build_search_req(&req, ac->module->ldb, ac,
ret = ldb_build_search_req(&req, ldb, ac,
ac->domain_dn, LDB_SCOPE_SUBTREE,
filter, NULL,
NULL,
@ -540,14 +555,17 @@ static int samldb_check_samAccountName(struct samldb_ctx *ac)
static int samldb_check_samAccountType(struct samldb_ctx *ac)
{
struct ldb_context *ldb;
unsigned int account_type;
unsigned int group_type;
unsigned int uac;
int ret;
ldb = ldb_module_get_ctx(ac->module);
/* make sure sAMAccountType is not specified */
if (ldb_msg_find_element(ac->msg, "sAMAccountType") != NULL) {
ldb_asprintf_errstring(ac->module->ldb,
ldb_asprintf_errstring(ldb,
"sAMAccountType must not be specified");
return LDB_ERR_UNWILLING_TO_PERFORM;
}
@ -555,12 +573,12 @@ static int samldb_check_samAccountType(struct samldb_ctx *ac)
if (strcmp("user", ac->type) == 0) {
uac = samdb_result_uint(ac->msg, "userAccountControl", 0);
if (uac == 0) {
ldb_asprintf_errstring(ac->module->ldb,
ldb_asprintf_errstring(ldb,
"userAccountControl invalid");
return LDB_ERR_UNWILLING_TO_PERFORM;
} else {
account_type = samdb_uf2atype(uac);
ret = samdb_msg_add_uint(ac->module->ldb,
ret = samdb_msg_add_uint(ldb,
ac->msg, ac->msg,
"sAMAccountType",
account_type);
@ -573,12 +591,12 @@ static int samldb_check_samAccountType(struct samldb_ctx *ac)
group_type = samdb_result_uint(ac->msg, "groupType", 0);
if (group_type == 0) {
ldb_asprintf_errstring(ac->module->ldb,
ldb_asprintf_errstring(ldb,
"groupType invalid");
return LDB_ERR_UNWILLING_TO_PERFORM;
} else {
account_type = samdb_gtype2atype(group_type);
ret = samdb_msg_add_uint(ac->module->ldb,
ret = samdb_msg_add_uint(ldb,
ac->msg, ac->msg,
"sAMAccountType",
account_type);
@ -594,11 +612,13 @@ static int samldb_check_samAccountType(struct samldb_ctx *ac)
static int samldb_get_sid_domain_callback(struct ldb_request *req,
struct ldb_reply *ares)
{
struct ldb_context *ldb;
struct samldb_ctx *ac;
const char *nextRid;
int ret;
ac = talloc_get_type(req->context, struct samldb_ctx);
ldb = ldb_module_get_ctx(ac->module);
if (!ares) {
ret = LDB_ERR_OPERATIONS_ERROR;
@ -614,7 +634,7 @@ static int samldb_get_sid_domain_callback(struct ldb_request *req,
/* save entry */
if (ac->next_rid != 0) {
/* one too many! */
ldb_set_errstring(ac->module->ldb,
ldb_set_errstring(ldb,
"Invalid number of results while searching "
"for domain object");
ret = LDB_ERR_OPERATIONS_ERROR;
@ -624,7 +644,7 @@ static int samldb_get_sid_domain_callback(struct ldb_request *req,
nextRid = ldb_msg_find_attr_as_string(ares->message,
"nextRid", NULL);
if (nextRid == NULL) {
ldb_asprintf_errstring(ac->module->ldb,
ldb_asprintf_errstring(ldb,
"attribute nextRid not found in %s\n",
ldb_dn_get_linearized(ares->message->dn));
ret = LDB_ERR_OPERATIONS_ERROR;
@ -648,7 +668,7 @@ static int samldb_get_sid_domain_callback(struct ldb_request *req,
case LDB_REPLY_DONE:
if (ac->next_rid == 0) {
ldb_asprintf_errstring(ac->module->ldb,
ldb_asprintf_errstring(ldb,
"Unable to get nextRid from domain entry\n");
ret = LDB_ERR_OPERATIONS_ERROR;
break;
@ -670,11 +690,14 @@ done:
/* Find a domain object in the parents of a particular DN. */
static int samldb_get_sid_domain(struct samldb_ctx *ac)
{
struct ldb_context *ldb;
static const char * const attrs[2] = { "nextRid", NULL };
struct ldb_request *req;
char *filter;
int ret;
ldb = ldb_module_get_ctx(ac->module);
if (ac->sid == NULL) {
return LDB_ERR_OPERATIONS_ERROR;
}
@ -695,8 +718,8 @@ static int samldb_get_sid_domain(struct samldb_ctx *ac)
return LDB_ERR_OPERATIONS_ERROR;
}
ret = ldb_build_search_req(&req, ac->module->ldb, ac,
ldb_get_default_basedn(ac->module->ldb),
ret = ldb_build_search_req(&req, ldb, ac,
ldb_get_default_basedn(ldb),
LDB_SCOPE_SUBTREE,
filter, attrs,
NULL,
@ -793,6 +816,7 @@ done:
static int samldb_check_sid(struct samldb_ctx *ac)
{
struct ldb_context *ldb;
const char *const attrs[2] = { "objectSid", NULL };
struct ldb_request *req;
char *filter;
@ -802,14 +826,16 @@ static int samldb_check_sid(struct samldb_ctx *ac)
return LDB_ERR_OPERATIONS_ERROR;
}
ldb = ldb_module_get_ctx(ac->module);
filter = talloc_asprintf(ac, "(objectSid=%s)",
ldap_encode_ndr_dom_sid(ac, ac->sid));
if (filter == NULL) {
return LDB_ERR_OPERATIONS_ERROR;
}
ret = ldb_build_search_req(&req, ac->module->ldb, ac,
ldb_get_default_basedn(ac->module->ldb),
ret = ldb_build_search_req(&req, ldb, ac,
ldb_get_default_basedn(ldb),
LDB_SCOPE_SUBTREE,
filter, attrs,
NULL,
@ -826,10 +852,12 @@ static int samldb_check_sid(struct samldb_ctx *ac)
static int samldb_notice_sid_callback(struct ldb_request *req,
struct ldb_reply *ares)
{
struct ldb_context *ldb;
struct samldb_ctx *ac;
int ret;
ac = talloc_get_type(req->context, struct samldb_ctx);
ldb = ldb_module_get_ctx(ac->module);
if (!ares) {
ret = LDB_ERR_OPERATIONS_ERROR;
@ -840,7 +868,7 @@ static int samldb_notice_sid_callback(struct ldb_request *req,
ares->response, ares->error);
}
if (ares->type != LDB_REPLY_DONE) {
ldb_set_errstring(ac->module->ldb,
ldb_set_errstring(ldb,
"Invalid reply type!\n");
ret = LDB_ERR_OPERATIONS_ERROR;
goto done;
@ -861,6 +889,7 @@ done:
*atomically. */
static int samldb_notice_sid(struct samldb_ctx *ac)
{
struct ldb_context *ldb;
uint32_t old_id, new_id;
struct ldb_request *req;
struct ldb_message *msg;
@ -868,6 +897,7 @@ static int samldb_notice_sid(struct samldb_ctx *ac)
struct ldb_val *vals;
int ret;
ldb = ldb_module_get_ctx(ac->module);
old_id = ac->next_rid;
new_id = ac->sid->sub_auths[ac->sid->num_auths - 1];
@ -880,17 +910,17 @@ static int samldb_notice_sid(struct samldb_ctx *ac)
a race, in case we are not actually on a transaction db */
msg = talloc_zero(ac, struct ldb_message);
if (msg == NULL) {
ldb_oom(ac->module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
els = talloc_array(msg, struct ldb_message_element, 2);
if (els == NULL) {
ldb_oom(ac->module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
vals = talloc_array(msg, struct ldb_val, 2);
if (vals == NULL) {
ldb_oom(ac->module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
msg->dn = ac->domain_dn;
@ -902,7 +932,7 @@ static int samldb_notice_sid(struct samldb_ctx *ac)
els[0].flags = LDB_FLAG_MOD_DELETE;
els[0].name = talloc_strdup(msg, "nextRid");
if (!els[0].name) {
ldb_oom(ac->module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
@ -913,19 +943,19 @@ static int samldb_notice_sid(struct samldb_ctx *ac)
vals[0].data = (uint8_t *)talloc_asprintf(vals, "%u", old_id);
if (!vals[0].data) {
ldb_oom(ac->module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
vals[0].length = strlen((char *)vals[0].data);
vals[1].data = (uint8_t *)talloc_asprintf(vals, "%u", new_id);
if (!vals[1].data) {
ldb_oom(ac->module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
vals[1].length = strlen((char *)vals[1].data);
ret = ldb_build_mod_req(&req, ac->module->ldb, ac,
ret = ldb_build_mod_req(&req, ldb, ac,
msg, NULL,
ac, samldb_notice_sid_callback,
ac->req);
@ -939,9 +969,11 @@ static int samldb_notice_sid(struct samldb_ctx *ac)
static int samldb_add_entry_callback(struct ldb_request *req,
struct ldb_reply *ares)
{
struct ldb_context *ldb;
struct samldb_ctx *ac;
ac = talloc_get_type(req->context, struct samldb_ctx);
ldb = ldb_module_get_ctx(ac->module);
if (!ares) {
return ldb_module_done(ac->req, NULL, NULL,
@ -952,7 +984,7 @@ static int samldb_add_entry_callback(struct ldb_request *req,
ares->response, ares->error);
}
if (ares->type != LDB_REPLY_DONE) {
ldb_set_errstring(ac->module->ldb,
ldb_set_errstring(ldb,
"Invalid reply type!\n");
return ldb_module_done(ac->req, NULL, NULL,
LDB_ERR_OPERATIONS_ERROR);
@ -965,10 +997,13 @@ static int samldb_add_entry_callback(struct ldb_request *req,
static int samldb_add_entry(struct samldb_ctx *ac)
{
struct ldb_context *ldb;
struct ldb_request *req;
int ret;
ret = ldb_build_add_req(&req, ac->module->ldb, ac,
ldb = ldb_module_get_ctx(ac->module);
ret = ldb_build_add_req(&req, ldb, ac,
ac->msg,
ac->req->controls,
ac, samldb_add_entry_callback,
@ -1037,12 +1072,14 @@ static int samldb_fill_object(struct samldb_ctx *ac, const char *type)
static int samldb_foreign_notice_sid_callback(struct ldb_request *req,
struct ldb_reply *ares)
{
struct ldb_context *ldb;
struct samldb_ctx *ac;
const char *nextRid;
const char *name;
int ret;
ac = talloc_get_type(req->context, struct samldb_ctx);
ldb = ldb_module_get_ctx(ac->module);
if (!ares) {
ret = LDB_ERR_OPERATIONS_ERROR;
@ -1058,7 +1095,7 @@ static int samldb_foreign_notice_sid_callback(struct ldb_request *req,
/* save entry */
if (ac->next_rid != 0) {
/* one too many! */
ldb_set_errstring(ac->module->ldb,
ldb_set_errstring(ldb,
"Invalid number of results while searching "
"for domain object");
ret = LDB_ERR_OPERATIONS_ERROR;
@ -1068,7 +1105,7 @@ static int samldb_foreign_notice_sid_callback(struct ldb_request *req,
nextRid = ldb_msg_find_attr_as_string(ares->message,
"nextRid", NULL);
if (nextRid == NULL) {
ldb_asprintf_errstring(ac->module->ldb,
ldb_asprintf_errstring(ldb,
"while looking for forign sid %s attribute nextRid not found in %s\n",
dom_sid_string(ares, ac->sid), ldb_dn_get_linearized(ares->message->dn));
ret = LDB_ERR_OPERATIONS_ERROR;
@ -1080,7 +1117,7 @@ static int samldb_foreign_notice_sid_callback(struct ldb_request *req,
ac->domain_dn = talloc_steal(ac, ares->message->dn);
name = samdb_result_string(ares->message, "name", NULL);
ldb_debug(ac->module->ldb, LDB_DEBUG_TRACE,
ldb_debug(ldb, LDB_DEBUG_TRACE,
"NOTE (strange but valid): Adding foreign SID "
"record with SID %s, but this domain (%s) is "
"not foreign in the database",
@ -1118,12 +1155,15 @@ done:
/* Find a domain object in the parents of a particular DN. */
static int samldb_foreign_notice_sid(struct samldb_ctx *ac)
{
struct ldb_context *ldb;
static const char * const attrs[3] = { "nextRid", "name", NULL };
struct ldb_request *req;
NTSTATUS status;
char *filter;
int ret;
ldb = ldb_module_get_ctx(ac->module);
if (ac->sid == NULL) {
return LDB_ERR_OPERATIONS_ERROR;
}
@ -1139,8 +1179,8 @@ static int samldb_foreign_notice_sid(struct samldb_ctx *ac)
return LDB_ERR_OPERATIONS_ERROR;
}
ret = ldb_build_search_req(&req, ac->module->ldb, ac,
ldb_get_default_basedn(ac->module->ldb),
ret = ldb_build_search_req(&req, ldb, ac,
ldb_get_default_basedn(ldb),
LDB_SCOPE_SUBTREE,
filter, attrs,
NULL,
@ -1157,14 +1197,17 @@ static int samldb_foreign_notice_sid(struct samldb_ctx *ac)
static int samldb_fill_foreignSecurityPrincipal_object(struct samldb_ctx *ac)
{
struct ldb_context *ldb;
int ret;
ldb = ldb_module_get_ctx(ac->module);
ac->sid = samdb_result_dom_sid(ac->msg, ac->msg, "objectSid");
if (ac->sid == NULL) {
ac->sid = dom_sid_parse_talloc(ac->msg,
(const char *)ldb_dn_get_rdn_val(ac->msg->dn)->data);
if (!ac->sid) {
ldb_set_errstring(ac->module->ldb,
ldb_set_errstring(ldb,
"No valid found SID in "
"ForeignSecurityPrincipal CN!");
talloc_free(ac);
@ -1202,12 +1245,14 @@ static int samldb_fill_foreignSecurityPrincipal_object(struct samldb_ctx *ac)
static int samldb_check_rdn(struct ldb_module *module, struct ldb_dn *dn)
{
struct ldb_context *ldb;
const char *rdn_name;
ldb = ldb_module_get_ctx(module);
rdn_name = ldb_dn_get_rdn_name(dn);
if (strcasecmp(rdn_name, "cn") != 0) {
ldb_asprintf_errstring(module->ldb,
ldb_asprintf_errstring(ldb,
"Bad RDN (%s=) for samldb object, "
"should be CN=!\n", rdn_name);
return LDB_ERR_CONSTRAINT_VIOLATION;
@ -1219,10 +1264,12 @@ static int samldb_check_rdn(struct ldb_module *module, struct ldb_dn *dn)
/* add_record */
static int samldb_add(struct ldb_module *module, struct ldb_request *req)
{
struct ldb_context *ldb;
struct samldb_ctx *ac;
int ret;
ldb_debug(module->ldb, LDB_DEBUG_TRACE, "samldb_add_record\n");
ldb = ldb_module_get_ctx(module);
ldb_debug(ldb, LDB_DEBUG_TRACE, "samldb_add_record\n");
/* do not manipulate our control entries */
if (ldb_dn_is_special(req->op.add.message->dn)) {
@ -1238,17 +1285,17 @@ static int samldb_add(struct ldb_module *module, struct ldb_request *req)
ac->msg = ldb_msg_copy(ac, ac->req->op.add.message);
if (!ac->msg) {
talloc_free(ac);
ldb_debug(ac->module->ldb, LDB_DEBUG_FATAL,
ldb_debug(ldb, LDB_DEBUG_FATAL,
"samldb_add: ldb_msg_copy failed!\n");
return LDB_ERR_OPERATIONS_ERROR;
}
if (samdb_find_attribute(module->ldb, ac->msg,
if (samdb_find_attribute(ldb, ac->msg,
"objectclass", "computer") != NULL) {
/* make sure the computer object also has the 'user'
* objectclass so it will be handled by the next call */
ret = samdb_find_or_add_value(module->ldb, ac->msg,
ret = samdb_find_or_add_value(ldb, ac->msg,
"objectclass", "user");
if (ret != LDB_SUCCESS) {
talloc_free(ac);
@ -1256,7 +1303,7 @@ static int samldb_add(struct ldb_module *module, struct ldb_request *req)
}
}
if (samdb_find_attribute(module->ldb, ac->msg,
if (samdb_find_attribute(ldb, ac->msg,
"objectclass", "user") != NULL) {
ret = samldb_check_rdn(module, ac->req->op.add.message->dn);
@ -1268,7 +1315,7 @@ static int samldb_add(struct ldb_module *module, struct ldb_request *req)
return samldb_fill_object(ac, "user");
}
if (samdb_find_attribute(module->ldb, ac->msg,
if (samdb_find_attribute(ldb, ac->msg,
"objectclass", "group") != NULL) {
ret = samldb_check_rdn(module, ac->req->op.add.message->dn);
@ -1281,7 +1328,7 @@ static int samldb_add(struct ldb_module *module, struct ldb_request *req)
}
/* perhaps a foreignSecurityPrincipal? */
if (samdb_find_attribute(module->ldb, ac->msg,
if (samdb_find_attribute(ldb, ac->msg,
"objectclass",
"foreignSecurityPrincipal") != NULL) {
@ -1303,6 +1350,7 @@ static int samldb_add(struct ldb_module *module, struct ldb_request *req)
/* modify */
static int samldb_modify(struct ldb_module *module, struct ldb_request *req)
{
struct ldb_context *ldb;
struct ldb_message *msg;
struct ldb_message_element *el, *el2;
int ret;
@ -1311,8 +1359,10 @@ static int samldb_modify(struct ldb_module *module, struct ldb_request *req)
return ldb_next_request(module, req);
}
ldb = ldb_module_get_ctx(module);
if (ldb_msg_find_element(req->op.mod.message, "sAMAccountType") != NULL) {
ldb_asprintf_errstring(module->ldb, "sAMAccountType must not be specified");
ldb_asprintf_errstring(ldb, "sAMAccountType must not be specified");
return LDB_ERR_UNWILLING_TO_PERFORM;
}
@ -1324,7 +1374,7 @@ static int samldb_modify(struct ldb_module *module, struct ldb_request *req)
group_type = strtoul((const char *)el->values[0].data, NULL, 0);
account_type = samdb_gtype2atype(group_type);
ret = samdb_msg_add_uint(module->ldb, msg, msg,
ret = samdb_msg_add_uint(ldb, msg, msg,
"sAMAccountType",
account_type);
if (ret != LDB_SUCCESS) {
@ -1340,7 +1390,7 @@ static int samldb_modify(struct ldb_module *module, struct ldb_request *req)
user_account_control = strtoul((const char *)el->values[0].data, NULL, 0);
account_type = samdb_uf2atype(user_account_control);
ret = samdb_msg_add_uint(module->ldb, msg, msg,
ret = samdb_msg_add_uint(ldb, msg, msg,
"sAMAccountType",
account_type);
if (ret != LDB_SUCCESS) {

92
source4/dsdb/samdb/ldb_modules/schema_fsmo.c
View File

@ -22,14 +22,11 @@
*/
#include "includes.h"
#include "lib/ldb/include/ldb.h"
#include "lib/ldb/include/ldb_errors.h"
#include "lib/ldb/include/ldb_private.h"
#include "ldb_module.h"
#include "dsdb/samdb/samdb.h"
#include "librpc/gen_ndr/ndr_misc.h"
#include "librpc/gen_ndr/ndr_drsuapi.h"
#include "librpc/gen_ndr/ndr_drsblobs.h"
#include "../lib/util/dlinklist.h"
#include "param/param.h"
static int generate_objectClasses(struct ldb_context *ldb, struct ldb_message *msg,
@ -82,6 +79,7 @@ struct schema_fsmo_search_data {
static int schema_fsmo_init(struct ldb_module *module)
{
struct ldb_context *ldb;
TALLOC_CTX *mem_ctx;
struct ldb_dn *schema_dn;
struct dsdb_schema *schema;
@ -89,53 +87,54 @@ static int schema_fsmo_init(struct ldb_module *module)
int ret;
struct schema_fsmo_private_data *data;
schema_dn = samdb_schema_dn(module->ldb);
ldb = ldb_module_get_ctx(module);
schema_dn = samdb_schema_dn(ldb);
if (!schema_dn) {
ldb_reset_err_string(module->ldb);
ldb_debug(module->ldb, LDB_DEBUG_WARNING,
ldb_reset_err_string(ldb);
ldb_debug(ldb, LDB_DEBUG_WARNING,
"schema_fsmo_init: no schema dn present: (skip schema loading)\n");
return ldb_next_init(module);
}
data = talloc(module, struct schema_fsmo_private_data);
if (data == NULL) {
ldb_oom(module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
/* Check to see if this is a result on the CN=Aggregate schema */
data->aggregate_dn = ldb_dn_copy(data, schema_dn);
if (!ldb_dn_add_child_fmt(data->aggregate_dn, "CN=Aggregate")) {
ldb_oom(module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
module->private_data = data;
ldb_module_set_private(module, data);
if (dsdb_get_schema(module->ldb)) {
if (dsdb_get_schema(ldb)) {
return ldb_next_init(module);
}
mem_ctx = talloc_new(module);
if (!mem_ctx) {
ldb_oom(module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
ret = dsdb_schema_from_schema_dn(mem_ctx, module->ldb,
lp_iconv_convenience(ldb_get_opaque(module->ldb, "loadparm")),
ret = dsdb_schema_from_schema_dn(mem_ctx, ldb,
lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm")),
schema_dn, &schema, &error_string);
if (ret == LDB_ERR_NO_SUCH_OBJECT) {
ldb_reset_err_string(module->ldb);
ldb_debug(module->ldb, LDB_DEBUG_WARNING,
ldb_reset_err_string(ldb);
ldb_debug(ldb, LDB_DEBUG_WARNING,
"schema_fsmo_init: no schema head present: (skip schema loading)\n");
talloc_free(mem_ctx);
return ldb_next_init(module);
}
if (ret != LDB_SUCCESS) {
ldb_asprintf_errstring(module->ldb,
ldb_asprintf_errstring(ldb,
"schema_fsmo_init: dsdb_schema load failed: %s",
error_string);
talloc_free(mem_ctx);
@ -143,9 +142,9 @@ static int schema_fsmo_init(struct ldb_module *module)
}
/* dsdb_set_schema() steal schema into the ldb_context */
ret = dsdb_set_schema(module->ldb, schema);
ret = dsdb_set_schema(ldb, schema);
if (ret != LDB_SUCCESS) {
ldb_debug_set(module->ldb, LDB_DEBUG_FATAL,
ldb_debug_set(ldb, LDB_DEBUG_FATAL,
"schema_fsmo_init: dsdb_set_schema() failed: %d:%s",
ret, ldb_strerror(ret));
talloc_free(mem_ctx);
@ -158,6 +157,7 @@ static int schema_fsmo_init(struct ldb_module *module)
static int schema_fsmo_add(struct ldb_module *module, struct ldb_request *req)
{
struct ldb_context *ldb;
struct dsdb_schema *schema;
const char *attributeID = NULL;
const char *governsID = NULL;
@ -166,6 +166,8 @@ static int schema_fsmo_add(struct ldb_module *module, struct ldb_request *req)
uint32_t id32;
WERROR status;
ldb = ldb_module_get_ctx(module);
/* special objects should always go through */
if (ldb_dn_is_special(req->op.add.message->dn)) {
return ldb_next_request(module, req);
@ -176,13 +178,13 @@ static int schema_fsmo_add(struct ldb_module *module, struct ldb_request *req)
return ldb_next_request(module, req);
}
schema = dsdb_get_schema(module->ldb);
schema = dsdb_get_schema(ldb);
if (!schema) {
return ldb_next_request(module, req);
}
if (!schema->fsmo.we_are_master) {
ldb_debug_set(module->ldb, LDB_DEBUG_ERROR,
ldb_debug_set(ldb, LDB_DEBUG_ERROR,
"schema_fsmo_add: we are not master: reject request\n");
return LDB_ERR_UNWILLING_TO_PERFORM;
}
@ -206,15 +208,15 @@ static int schema_fsmo_add(struct ldb_module *module, struct ldb_request *req)
if (W_ERROR_IS_OK(status)) {
return ldb_next_request(module, req);
} else if (!W_ERROR_EQUAL(WERR_DS_NO_MSDS_INTID, status)) {
ldb_debug_set(module->ldb, LDB_DEBUG_ERROR,
ldb_debug_set(ldb, LDB_DEBUG_ERROR,
"schema_fsmo_add: failed to map %s[%s]: %s\n",
oid_attr, oid, win_errstr(status));
return LDB_ERR_UNWILLING_TO_PERFORM;
}
status = dsdb_create_prefix_mapping(module->ldb, schema, oid);
status = dsdb_create_prefix_mapping(ldb, schema, oid);
if (!W_ERROR_IS_OK(status)) {
ldb_debug_set(module->ldb, LDB_DEBUG_ERROR,
ldb_debug_set(ldb, LDB_DEBUG_ERROR,
"schema_fsmo_add: failed to create prefix mapping for %s[%s]: %s\n",
oid_attr, oid, win_errstr(status));
return LDB_ERR_UNWILLING_TO_PERFORM;
@ -225,44 +227,47 @@ static int schema_fsmo_add(struct ldb_module *module, struct ldb_request *req)
static int schema_fsmo_extended(struct ldb_module *module, struct ldb_request *req)
{
struct ldb_context *ldb;
struct ldb_dn *schema_dn;
struct dsdb_schema *schema;
char *error_string = NULL;
int ret;
TALLOC_CTX *mem_ctx;
ldb = ldb_module_get_ctx(module);
if (strcmp(req->op.extended.oid, DSDB_EXTENDED_SCHEMA_UPDATE_NOW_OID) != 0) {
return ldb_next_request(module, req);
}
schema_dn = samdb_schema_dn(module->ldb);
schema_dn = samdb_schema_dn(ldb);
if (!schema_dn) {
ldb_reset_err_string(module->ldb);
ldb_debug(module->ldb, LDB_DEBUG_WARNING,
ldb_reset_err_string(ldb);
ldb_debug(ldb, LDB_DEBUG_WARNING,
"schema_fsmo_extended: no schema dn present: (skip schema loading)\n");
return ldb_next_request(module, req);
}
mem_ctx = talloc_new(module);
if (!mem_ctx) {
ldb_oom(module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
ret = dsdb_schema_from_schema_dn(mem_ctx, module->ldb,
lp_iconv_convenience(ldb_get_opaque(module->ldb, "loadparm")),
ret = dsdb_schema_from_schema_dn(mem_ctx, ldb,
lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm")),
schema_dn, &schema, &error_string);
if (ret == LDB_ERR_NO_SUCH_OBJECT) {
ldb_reset_err_string(module->ldb);
ldb_debug(module->ldb, LDB_DEBUG_WARNING,
ldb_reset_err_string(ldb);
ldb_debug(ldb, LDB_DEBUG_WARNING,
"schema_fsmo_extended: no schema head present: (skip schema loading)\n");
talloc_free(mem_ctx);
return ldb_next_request(module, req);
}
if (ret != LDB_SUCCESS) {
ldb_asprintf_errstring(module->ldb,
ldb_asprintf_errstring(ldb,
"schema_fsmo_extended: dsdb_schema load failed: %s",
error_string);
talloc_free(mem_ctx);
@ -270,9 +275,9 @@ static int schema_fsmo_extended(struct ldb_module *module, struct ldb_request *r
}
/* Replace the old schema*/
ret = dsdb_set_schema(module->ldb, schema);
ret = dsdb_set_schema(ldb, schema);
if (ret != LDB_SUCCESS) {
ldb_debug_set(module->ldb, LDB_DEBUG_FATAL,
ldb_debug_set(ldb, LDB_DEBUG_FATAL,
"schema_fsmo_extended: dsdb_set_schema() failed: %d:%s",
ret, ldb_strerror(ret));
talloc_free(mem_ctx);
@ -385,12 +390,14 @@ static int generate_extendedClassInfo(struct ldb_context *ldb,
*/
static int schema_fsmo_search_callback(struct ldb_request *req, struct ldb_reply *ares)
{
struct ldb_context *ldb;
struct schema_fsmo_search_data *ac;
struct schema_fsmo_private_data *mc;
int i, ret;
ac = talloc_get_type(req->context, struct schema_fsmo_search_data);
mc = talloc_get_type(ac->module->private_data, struct schema_fsmo_private_data);
mc = talloc_get_type(ldb_module_get_private(ac->module), struct schema_fsmo_private_data);
ldb = ldb_module_get_ctx(ac->module);
if (!ares) {
return ldb_module_done(ac->req, NULL, NULL,
@ -411,7 +418,7 @@ static int schema_fsmo_search_callback(struct ldb_request *req, struct ldb_reply
for (i=0; i < ARRAY_SIZE(generated_attrs); i++) {
if (ldb_attr_in_list(ac->req->op.search.attrs, generated_attrs[i].attr)) {
ret = generated_attrs[i].fn(ac->module->ldb, ares->message, ac->schema);
ret = generated_attrs[i].fn(ldb, ares->message, ac->schema);
if (ret != LDB_SUCCESS) {
return ret;
}
@ -436,12 +443,13 @@ static int schema_fsmo_search_callback(struct ldb_request *req, struct ldb_reply
/* search */
static int schema_fsmo_search(struct ldb_module *module, struct ldb_request *req)
{
struct ldb_context *ldb = ldb_module_get_ctx(module);
int i, ret;
struct schema_fsmo_search_data *search_context;
struct ldb_request *down_req;
struct dsdb_schema *schema = dsdb_get_schema(module->ldb);
struct dsdb_schema *schema = dsdb_get_schema(ldb);
if (!schema || !module->private_data) {
if (!schema || !ldb_module_get_private(module)) {
/* If there is no schema, there is little we can do */
return ldb_next_request(module, req);
}
@ -458,7 +466,7 @@ static int schema_fsmo_search(struct ldb_module *module, struct ldb_request *req
search_context = talloc(req, struct schema_fsmo_search_data);
if (!search_context) {
ldb_oom(module->ldb);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
@ -466,7 +474,7 @@ static int schema_fsmo_search(struct ldb_module *module, struct ldb_request *req
search_context->req = req;
search_context->schema = schema;
ret = ldb_build_search_req_ex(&down_req, module->ldb, search_context,
ret = ldb_build_search_req_ex(&down_req, ldb, search_context,
req->op.search.base,
req->op.search.scope,
req->op.search.tree,

16
source4/dsdb/samdb/ldb_modules/show_deleted.c
View File

@ -33,9 +33,7 @@
*/
#include "includes.h"
#include "ldb/include/ldb.h"
#include "ldb/include/ldb_errors.h"
#include "ldb/include/ldb_private.h"
#include "ldb/include/ldb_module.h"
#include "dsdb/samdb/samdb.h"
/* search */
@ -79,6 +77,7 @@ static int show_deleted_search_callback(struct ldb_request *req,
static int show_deleted_search(struct ldb_module *module, struct ldb_request *req)
{
struct ldb_context *ldb;
struct ldb_control *control;
struct ldb_control **saved_controls;
struct show_deleted_search_request *ar;
@ -87,6 +86,8 @@ static int show_deleted_search(struct ldb_module *module, struct ldb_request *re
char *new_filter;
int ret;
ldb = ldb_module_get_ctx(module);
ar = talloc_zero(req, struct show_deleted_search_request);
if (ar == NULL) {
return LDB_ERR_OPERATIONS_ERROR;
@ -102,7 +103,7 @@ static int show_deleted_search(struct ldb_module *module, struct ldb_request *re
new_filter = talloc_asprintf(ar, "(&(!(isDeleted=TRUE))%s)",
old_filter);
ret = ldb_build_search_req(&down_req, module->ldb, ar,
ret = ldb_build_search_req(&down_req, ldb, ar,
req->op.search.base,
req->op.search.scope,
new_filter,
@ -112,7 +113,7 @@ static int show_deleted_search(struct ldb_module *module, struct ldb_request *re
req);
} else {
ret = ldb_build_search_req_ex(&down_req, module->ldb, ar,
ret = ldb_build_search_req_ex(&down_req, ldb, ar,
req->op.search.base,
req->op.search.scope,
req->op.search.tree,
@ -136,11 +137,14 @@ static int show_deleted_search(struct ldb_module *module, struct ldb_request *re
static int show_deleted_init(struct ldb_module *module)
{
struct ldb_context *ldb;
int ret;
ldb = ldb_module_get_ctx(module);
ret = ldb_mod_register_control(module, LDB_CONTROL_SHOW_DELETED_OID);
if (ret != LDB_SUCCESS) {
ldb_debug(module->ldb, LDB_DEBUG_ERROR,
ldb_debug(ldb, LDB_DEBUG_ERROR,
"extended_dn: Unable to register control with rootdse!\n");
return LDB_ERR_OPERATIONS_ERROR;
}

27
source4/dsdb/samdb/ldb_modules/simple_ldap_map.c
View File

@ -27,9 +27,7 @@
*/
#include "includes.h"
#include "ldb/include/ldb.h"
#include "ldb/include/ldb_private.h"
#include "ldb/include/ldb_errors.h"
#include "ldb/include/ldb_module.h"
#include "ldb/ldb_map/ldb_map.h"
#include "librpc/gen_ndr/ndr_misc.h"
@ -105,7 +103,7 @@ static struct ldb_val guid_ns_string(struct ldb_module *module, TALLOC_CTX *ctx,
static struct ldb_val val_copy(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val)
{
struct ldb_val out = data_blob(NULL, 0);
ldb_handler_copy(module->ldb, ctx, val, &out);
out = ldb_val_dup(ctx, val);
return out;
}
@ -113,10 +111,11 @@ static struct ldb_val val_copy(struct ldb_module *module, TALLOC_CTX *ctx, const
/* Ensure we always convert sids into binary, so the backend doesn't have to know about both forms */
static struct ldb_val sid_always_binary(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val)
{
struct ldb_context *ldb = ldb_module_get_ctx(module);
struct ldb_val out = data_blob(NULL, 0);
const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(module->ldb, "objectSid");
const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(ldb, "objectSid");
if (a->syntax->canonicalise_fn(module->ldb, ctx, val, &out) != LDB_SUCCESS) {
if (a->syntax->canonicalise_fn(ldb, ctx, val, &out) != LDB_SUCCESS) {
return data_blob(NULL, 0);
}
@ -126,18 +125,19 @@ static struct ldb_val sid_always_binary(struct ldb_module *module, TALLOC_CTX *c
/* Ensure we always convert objectCategory into a DN */
static struct ldb_val objectCategory_always_dn(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val)
{
struct ldb_context *ldb = ldb_module_get_ctx(module);
struct ldb_dn *dn;
struct ldb_val out = data_blob(NULL, 0);
const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(module->ldb, "objectCategory");
const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(ldb, "objectCategory");
dn = ldb_dn_from_ldb_val(ctx, module->ldb, val);
dn = ldb_dn_from_ldb_val(ctx, ldb, val);
if (dn && ldb_dn_validate(dn)) {
talloc_free(dn);
return val_copy(module, ctx, val);
}
talloc_free(dn);
if (a->syntax->canonicalise_fn(module->ldb, ctx, val, &out) != LDB_SUCCESS) {
if (a->syntax->canonicalise_fn(ldb, ctx, val, &out) != LDB_SUCCESS) {
return data_blob(NULL, 0);
}
@ -603,6 +603,7 @@ static int get_seq_callback(struct ldb_request *req,
static int entryuuid_sequence_number(struct ldb_module *module, struct ldb_request *req)
{
struct ldb_context *ldb;
int ret;
struct map_private *map_private;
struct entryuuid_private *entryuuid_private;
@ -620,16 +621,18 @@ static int entryuuid_sequence_number(struct ldb_module *module, struct ldb_reque
struct ldb_seqnum_result *seqr;
struct ldb_extended *ext;
ldb = ldb_module_get_ctx(module);
seq = talloc_get_type(req->op.extended.data, struct ldb_seqnum_request);
map_private = talloc_get_type(module->private_data, struct map_private);
map_private = talloc_get_type(ldb_module_get_private(module), struct map_private);
entryuuid_private = talloc_get_type(map_private->caller_private, struct entryuuid_private);
/* All this to get the DN of the parition, so we can search the right thing */
partition_ctrl = ldb_request_get_control(req, DSDB_CONTROL_CURRENT_PARTITION_OID);
if (!partition_ctrl) {
ldb_debug_set(module->ldb, LDB_DEBUG_FATAL,
ldb_debug_set(ldb, LDB_DEBUG_FATAL,
"entryuuid_sequence_number: no current partition control found");
return LDB_ERR_CONSTRAINT_VIOLATION;
}
@ -638,7 +641,7 @@ static int entryuuid_sequence_number(struct ldb_module *module, struct ldb_reque
struct dsdb_control_current_partition);
SMB_ASSERT(partition && partition->version == DSDB_CONTROL_CURRENT_PARTITION_VERSION);
ret = ldb_build_search_req(&search_req, module->ldb, req,
ret = ldb_build_search_req(&search_req, ldb, req,
partition->dn, LDB_SCOPE_BASE,
NULL, contextCSN_attr, NULL,
&seq_num, get_seq_callback,

4
source4/dsdb/schema/schema_set.c
View File

@ -22,9 +22,7 @@
#include "includes.h"
#include "dsdb/samdb/samdb.h"
#include "lib/ldb/include/ldb_errors.h"
#include "lib/ldb/include/ldb_private.h"
#include "../lib/util/dlinklist.h"
#include "lib/ldb/include/ldb_module.h"
#include "param/param.h"

3
source4/lib/ldb/include/ldb.h
View File

@ -695,6 +695,9 @@ enum ldb_sequence_type {
LDB_SEQ_NEXT
};
#define LDB_SEQ_GLOBAL_SEQUENCE 0x01
#define LDB_SEQ_TIMESTAMP_SEQUENCE 0x02
struct ldb_seqnum_request {
enum ldb_sequence_type type;
};

3
source4/lib/ldb/include/ldb_private.h
View File

@ -160,9 +160,6 @@ char *ldb_casefold_default(void *context, void *mem_ctx, const char *s, size_t n
void ldb_dump_results(struct ldb_context *ldb, struct ldb_result *result, FILE *f);
#define LDB_SEQ_GLOBAL_SEQUENCE 0x01
#define LDB_SEQ_TIMESTAMP_SEQUENCE 0x02
/* The following definitions come from lib/ldb/common/ldb_modules.c */

26
source4/nbt_server/wins/wins_ldb.c
View File

@ -31,16 +31,15 @@
#include "lib/events/events.h"
#include "nbt_server/nbt_server.h"
#include "nbt_server/wins/winsdb.h"
#include "lib/ldb/include/ldb.h"
#include "lib/ldb/include/ldb_errors.h"
#include "lib/ldb/include/ldb_private.h"
#include "lib/ldb/include/ldb_module.h"
#include "system/network.h"
#include "lib/socket/netif.h"
#include "param/param.h"
static int wins_ldb_verify(struct ldb_module *module, struct ldb_request *req)
{
struct winsdb_handle *h = talloc_get_type(ldb_get_opaque(module->ldb, "winsdb_handle"),
struct ldb_context *ldb = ldb_module_get_ctx(module);
struct winsdb_handle *h = talloc_get_type(ldb_get_opaque(ldb, "winsdb_handle"),
struct winsdb_handle);
const struct ldb_message *msg;
@ -63,7 +62,7 @@ static int wins_ldb_verify(struct ldb_module *module, struct ldb_request *req)
}
if (!h) {
ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, "%s", "WINS_LDB: INTERNAL ERROR: no winsdb_handle present!");
ldb_debug_set(ldb, LDB_DEBUG_FATAL, "%s", "WINS_LDB: INTERNAL ERROR: no winsdb_handle present!");
return LDB_ERR_OTHER;
}
@ -74,39 +73,40 @@ static int wins_ldb_verify(struct ldb_module *module, struct ldb_request *req)
return ldb_next_request(module, req);
case WINSDB_HANDLE_CALLER_ADMIN:
ldb_debug(module->ldb, LDB_DEBUG_WARNING, "%s\n", "WINS_LDB: TODO verify add/modify for WINSDB_HANDLE_CALLER_ADMIN");
ldb_debug(ldb, LDB_DEBUG_WARNING, "%s\n", "WINS_LDB: TODO verify add/modify for WINSDB_HANDLE_CALLER_ADMIN");
return ldb_next_request(module, req);
}
return LDB_ERR_OTHER;
}
static int wins_ldb_init(struct ldb_module *ctx)
static int wins_ldb_init(struct ldb_module *module)
{
struct ldb_context *ldb = ldb_module_get_ctx(module);
struct winsdb_handle *h;
const char *owner;
struct loadparm_context *lp_ctx = ldb_get_opaque(ctx->ldb, "loadparm");
struct loadparm_context *lp_ctx = ldb_get_opaque(ldb, "loadparm");
ctx->private_data = NULL;
ldb_module_set_private(module, NULL);
owner = lp_parm_string(lp_ctx, NULL, "winsdb", "local_owner");
if (!owner) {
struct interface *ifaces;
load_interfaces(ctx, lp_interfaces(lp_ctx), &ifaces);
load_interfaces(module, lp_interfaces(lp_ctx), &ifaces);
owner = iface_n_ip(ifaces, 0);
if (!owner) {
owner = "0.0.0.0";
}
}
h = talloc_zero(ctx, struct winsdb_handle);
h = talloc_zero(module, struct winsdb_handle);
if (!h) goto failed;
h->ldb = ctx->ldb;
h->ldb = ldb;
h->caller = WINSDB_HANDLE_CALLER_ADMIN;
h->local_owner = talloc_strdup(h, owner);
if (!h->local_owner) goto failed;
return ldb_set_opaque(ctx->ldb, "winsdb_handle", h);
return ldb_set_opaque(ldb, "winsdb_handle", h);
failed:
talloc_free(h);