diff options
author | Andrew Bartlett <abartlet@samba.org> | 2006-06-12 19:02:41 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 14:09:02 -0500 |
commit | 9f4b56dd13e13826290474d20c96221503f4a668 (patch) | |
tree | 115e0f85fb24b4988d89f773d8e065f9bf84bd2e /source4/dsdb/samdb/ldb_modules/samldb.c | |
parent | 6bc51330219b07c90dbc92fca5647d8d9f286c37 (diff) | |
download | samba-9f4b56dd13e13826290474d20c96221503f4a668.tar.gz samba-9f4b56dd13e13826290474d20c96221503f4a668.tar.bz2 samba-9f4b56dd13e13826290474d20c96221503f4a668.zip |
r16159: Even more work on samldb error reporting. Make sure to get the
original error strings back to the callers.
Andrew Bartlett
(This used to be commit defa63298838fefae7ed003458020045edaef21d)
Diffstat (limited to 'source4/dsdb/samdb/ldb_modules/samldb.c')
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/samldb.c | 65 |
1 files changed, 31 insertions, 34 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index c3004a4d81..7c28c935ce 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -42,6 +42,8 @@ #include "librpc/gen_ndr/ndr_security.h" #include "db_wrap.h" +int samldb_notice_sid(struct ldb_module *module, + TALLOC_CTX *mem_ctx, const struct dom_sid *sid); /* if value is not null also check for attribute to have exactly that value */ static struct ldb_message_element *samldb_find_attribute(const struct ldb_message *msg, const char *name, const char *value) @@ -222,8 +224,6 @@ static int samldb_allocate_next_rid(struct ldb_module *module, TALLOC_CTX *mem_c struct dom_sid *obj_sid; uint32_t old_rid; int ret; - struct ldb_message **sid_msgs; - const char *sid_attrs[] = { NULL }; ret = samldb_find_next_rid(module, mem_ctx, dn, &old_rid); if (ret) { @@ -233,30 +233,19 @@ static int samldb_allocate_next_rid(struct ldb_module *module, TALLOC_CTX *mem_c /* return the new object sid */ obj_sid = dom_sid_add_rid(mem_ctx, dom_sid, old_rid); - ret = samldb_set_next_rid(module->ldb, mem_ctx, dn, old_rid, old_rid + 1); - if (ret != 0) { - return ret; - } - *new_sid = dom_sid_add_rid(mem_ctx, dom_sid, old_rid + 1); if (!*new_sid) { return LDB_ERR_OPERATIONS_ERROR; } - ret = gendb_search(module->ldb, - mem_ctx, NULL, &sid_msgs, sid_attrs, - "objectSid=%s", - ldap_encode_ndr_dom_sid(mem_ctx, *new_sid)); - if (ret == -1) { - /* Bugger, there is a problem, and we don't know what it is until gendb_search improves */ - return LDB_ERR_OPERATIONS_ERROR; - } else if (ret != 0) { + ret = samldb_notice_sid(module, mem_ctx, *new_sid); + if (ret != 0) { /* gah, there are conflicting sids. * This is a critical situation it means that someone messed up with * the DB and nextRid is not returning free RIDs, report an error * and refuse to create any user until the problem is fixed */ - ldb_set_errstring(module->ldb, talloc_asprintf(mem_ctx, "Critical Error: unconsistent DB, unable to retireve an unique RID to generate a new SID")); - return LDB_ERR_OPERATIONS_ERROR; + ldb_set_errstring(module->ldb, talloc_asprintf(mem_ctx, "Critical Error: unconsistent DB, unable to retireve an unique RID to generate a new SID: %s", ldb_errstring(module->ldb))); + return ret; } return ret; } @@ -295,8 +284,9 @@ static struct ldb_dn *samldb_search_domain(struct ldb_module *module, TALLOC_CTX allocate a new RID for the domain return the new sid string */ -static struct dom_sid *samldb_get_new_sid(struct ldb_module *module, - TALLOC_CTX *mem_ctx, const struct ldb_dn *obj_dn) +static int samldb_get_new_sid(struct ldb_module *module, + TALLOC_CTX *mem_ctx, const struct ldb_dn *obj_dn, + struct dom_sid **sid) { const char * const attrs[2] = { "objectSid", NULL }; struct ldb_result *res = NULL; @@ -308,37 +298,45 @@ static struct dom_sid *samldb_get_new_sid(struct ldb_module *module, dom_dn = samldb_search_domain(module, mem_ctx, obj_dn); if (dom_dn == NULL) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "Invalid dn (%s) not child of a domain object!\n", ldb_dn_linearize(mem_ctx, obj_dn)); - return NULL; + ldb_set_errstring(module->ldb, talloc_asprintf(mem_ctx, "Invalid dn (%s) not child of a domain object!\n", ldb_dn_linearize(mem_ctx, obj_dn))); + return LDB_ERR_CONSTRAINT_VIOLATION; } /* find the domain sid */ ret = ldb_search(module->ldb, dom_dn, LDB_SCOPE_BASE, "objectSid=*", attrs, &res); - if (ret != LDB_SUCCESS || res->count != 1) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_get_new_sid: error retrieving domain sid!\n"); + if (ret != LDB_SUCCESS) { + ldb_set_errstring(module->ldb, talloc_asprintf(module, "samldb_get_new_sid: error retrieving domain sid from %s: %s!\n", + ldb_dn_linearize(mem_ctx, dom_dn), + ldb_errstring(module->ldb))); talloc_free(res); - return NULL; + return ret; + } + + if (res->count != 1) { + ldb_set_errstring(module->ldb, talloc_asprintf(module, "samldb_get_new_sid: error retrieving domain sid from %s: not found!\n", + ldb_dn_linearize(mem_ctx, dom_dn))); + return LDB_ERR_CONSTRAINT_VIOLATION; } dom_sid = samdb_result_dom_sid(res, res->msgs[0], "objectSid"); if (dom_sid == NULL) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_get_new_sid: error retrieving domain sid!\n"); + ldb_set_errstring(module->ldb, talloc_asprintf(module, "samldb_get_new_sid: error parsing domain sid!\n")); talloc_free(res); - return NULL; + return LDB_ERR_CONSTRAINT_VIOLATION; } /* allocate a new Rid for the domain */ - ret = samldb_allocate_next_rid(module, mem_ctx, dom_dn, dom_sid, &obj_sid); + ret = samldb_allocate_next_rid(module, mem_ctx, dom_dn, dom_sid, sid); if (ret != 0) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "Failed to increment nextRid of %s\n", ldb_dn_linearize(mem_ctx, dom_dn)); + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "Failed to increment nextRid of %s: %s\n", ldb_dn_linearize(mem_ctx, dom_dn), ldb_errstring(module->ldb)); talloc_free(res); - return NULL; + return ret; } talloc_free(res); - return obj_sid; + return ret; } /* If we are adding new users/groups, we need to update the nextRid @@ -440,10 +438,9 @@ static int samldb_handle_sid(struct ldb_module *module, struct dom_sid *sid = samdb_result_dom_sid(mem_ctx, msg2, "objectSid"); if (sid == NULL) { - sid = samldb_get_new_sid(module, msg2, msg2->dn); - if (sid == NULL) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_handle_sid: internal error! Can't generate new sid\n"); - return LDB_ERR_OPERATIONS_ERROR; + ret = samldb_get_new_sid(module, msg2, msg2->dn, &sid); + if (ret != 0) { + return ret; } if ( ! samldb_msg_add_sid(module, msg2, "objectSid", sid)) { |