summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb
diff options
context:
space:
mode:
authorNadezhda Ivanova <nivanova@samba.org>2010-08-26 17:18:40 +0300
committerNadezhda Ivanova <nivanova@samba.org>2010-08-26 17:18:40 +0300
commita571487e6c6774e640abb67f3cefac2dedac9044 (patch)
tree0a566e578e1e7181dd72b205d0908adef5fa1316 /source4/dsdb/samdb
parent0de795414eca3f73386a7bd731ee2d1d6f051db9 (diff)
downloadsamba-a571487e6c6774e640abb67f3cefac2dedac9044.tar.gz
samba-a571487e6c6774e640abb67f3cefac2dedac9044.tar.bz2
samba-a571487e6c6774e640abb67f3cefac2dedac9044.zip
s4-dsdb: Added utility functions for retrieving dSHeuristics from the module stack
Also a function to check dsHeuristics value to determine of anonymous access should be blocked
Diffstat (limited to 'source4/dsdb/samdb')
-rw-r--r--source4/dsdb/samdb/ldb_modules/util.c47
1 files changed, 47 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/util.c b/source4/dsdb/samdb/ldb_modules/util.c
index 23a8da2228..86417e6f5e 100644
--- a/source4/dsdb/samdb/ldb_modules/util.c
+++ b/source4/dsdb/samdb/ldb_modules/util.c
@@ -1150,3 +1150,50 @@ int dsdb_module_constrainted_update_uint64(struct ldb_module *module,
(const int64_t *)old_val,
(const int64_t *)new_val);
}
+
+
+const struct ldb_val *dsdb_module_find_dsheuristics(struct ldb_module *module,
+ TALLOC_CTX *mem_ctx)
+{
+ int ret;
+ struct ldb_dn *new_dn;
+ struct ldb_context *ldb = ldb_module_get_ctx(module);
+ static const char *attrs[] = { "dsHeuristics", NULL };
+ struct ldb_result *res;
+
+ new_dn = ldb_dn_copy(mem_ctx, ldb_get_config_basedn(ldb));
+ if ( !ldb_dn_add_child_fmt(new_dn,
+ "CN=Directory Service,CN=Windows NT,CN=Services")) {
+ talloc_free(new_dn);
+ return NULL;
+ }
+ ret = dsdb_module_search_dn(module, mem_ctx, &res,
+ new_dn,
+ attrs,
+ DSDB_FLAG_NEXT_MODULE);
+ if (ret == LDB_SUCCESS && res->count == 1) {
+ return ldb_msg_find_ldb_val(res->msgs[0],
+ "dsHeuristics");
+ }
+ return NULL;
+}
+
+bool dsdb_block_anonymous_ops(struct ldb_module *module,
+ TALLOC_CTX *mem_ctx)
+{
+ TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+ struct ldb_context *ldb = ldb_module_get_ctx(module);
+ bool result;
+ const struct ldb_val *hr_val = dsdb_module_find_dsheuristics(module,
+ tmp_ctx);
+ if (hr_val == NULL || hr_val->length < DS_HR_BLOCK_ANONYMOUS_OPS) {
+ result = true;
+ } else if (hr_val->data[DS_HR_BLOCK_ANONYMOUS_OPS -1] == '2') {
+ result = false;
+ } else {
+ result = true;
+ }
+
+ talloc_free(tmp_ctx);
+ return result;
+}