diff options
Diffstat (limited to 'source4/dsdb/common')
| -rw-r--r-- | source4/dsdb/common/dsdb_access.c | 21 | ||||
| -rw-r--r-- | source4/dsdb/common/util.c | 78 |
2 files changed, 52 insertions, 47 deletions
diff --git a/source4/dsdb/common/dsdb_access.c b/source4/dsdb/common/dsdb_access.c index ac0c73643f..c7d8610c50 100644 --- a/source4/dsdb/common/dsdb_access.c +++ b/source4/dsdb/common/dsdb_access.c @@ -27,6 +27,7 @@ #include "includes.h" #include "ldb.h" +#include "ldb_module.h" #include "ldb_errors.h" #include "libcli/security/security.h" #include "librpc/gen_ndr/ndr_security.h" @@ -53,7 +54,8 @@ void dsdb_acl_debug(struct security_descriptor *sd, ndr_print_struct_string(0,(ndr_print_fn_t)ndr_print_security_descriptor,"", sd))); } -int dsdb_get_sd_from_ldb_message(TALLOC_CTX *mem_ctx, +int dsdb_get_sd_from_ldb_message(struct ldb_context *ldb, + TALLOC_CTX *mem_ctx, struct ldb_message *acl_res, struct security_descriptor **sd) { @@ -67,19 +69,20 @@ int dsdb_get_sd_from_ldb_message(TALLOC_CTX *mem_ctx, } *sd = talloc(mem_ctx, struct security_descriptor); if(!*sd) { - return LDB_ERR_OPERATIONS_ERROR; + return ldb_oom(ldb); } ndr_err = ndr_pull_struct_blob(&sd_element->values[0], *sd, *sd, (ndr_pull_flags_fn_t)ndr_pull_security_descriptor); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - return LDB_ERR_OPERATIONS_ERROR; + return ldb_operr(ldb); } return LDB_SUCCESS; } -int dsdb_check_access_on_dn_internal(struct ldb_result *acl_res, +int dsdb_check_access_on_dn_internal(struct ldb_context *ldb, + struct ldb_result *acl_res, TALLOC_CTX *mem_ctx, struct security_token *token, struct ldb_dn *dn, @@ -94,9 +97,9 @@ int dsdb_check_access_on_dn_internal(struct ldb_result *acl_res, uint32_t access_granted; int ret; - ret = dsdb_get_sd_from_ldb_message(mem_ctx, acl_res->msgs[0], &sd); + ret = dsdb_get_sd_from_ldb_message(ldb, mem_ctx, acl_res->msgs[0], &sd); if (ret != LDB_SUCCESS) { - return LDB_ERR_OPERATIONS_ERROR; + return ldb_operr(ldb); } /* Theoretically we pass the check if the object has no sd */ if (!sd) { @@ -105,7 +108,7 @@ int dsdb_check_access_on_dn_internal(struct ldb_result *acl_res, sid = samdb_result_dom_sid(mem_ctx, acl_res->msgs[0], "objectSid"); if (guid) { if (!insert_in_object_tree(mem_ctx, guid, access, &root, &new_node)) { - return LDB_ERR_OPERATIONS_ERROR; + return ldb_operr(ldb); } } status = sec_access_check_ds(sd, token, @@ -146,7 +149,7 @@ int dsdb_check_access_on_dn(struct ldb_context *ldb, struct auth_session_info *session_info = (struct auth_session_info *)ldb_get_opaque(ldb, "sessionInfo"); if(!session_info) { - return LDB_ERR_OPERATIONS_ERROR; + return ldb_operr(ldb); } ret = ldb_search(ldb, mem_ctx, &acl_res, dn, LDB_SCOPE_BASE, acl_attrs, NULL); @@ -155,7 +158,7 @@ int dsdb_check_access_on_dn(struct ldb_context *ldb, return ret; } - return dsdb_check_access_on_dn_internal(acl_res, + return dsdb_check_access_on_dn_internal(ldb, acl_res, mem_ctx, session_info->security_token, dn, diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c index d24803809d..4866a9a8d9 100644 --- a/source4/dsdb/common/util.c +++ b/source4/dsdb/common/util.c @@ -24,6 +24,7 @@ #include "includes.h" #include "events/events.h" #include "ldb.h" +#include "ldb_module.h" #include "ldb_errors.h" #include "../lib/util/util_ldb.h" #include "../lib/crypto/crypto.h" @@ -807,7 +808,7 @@ int samdb_msg_add_string(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struc char *s = talloc_strdup(mem_ctx, str); char *a = talloc_strdup(mem_ctx, attr_name); if (s == NULL || a == NULL) { - return LDB_ERR_OPERATIONS_ERROR; + return ldb_oom(sam_ldb); } return ldb_msg_add_string(msg, a, s); } @@ -825,7 +826,7 @@ int samdb_msg_add_dom_sid(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, stru sid, (ndr_push_flags_fn_t)ndr_push_dom_sid); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - return LDB_ERR_OPERATIONS_ERROR; + return ldb_operr(sam_ldb); } return ldb_msg_add_value(msg, attr_name, &v, NULL); } @@ -859,7 +860,7 @@ int samdb_msg_add_addval(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, v = talloc_strdup(mem_ctx, value); if (v == NULL) { - return LDB_ERR_OPERATIONS_ERROR; + return ldb_oom(sam_ldb); } val.data = (uint8_t *) v; @@ -889,7 +890,7 @@ int samdb_msg_add_addval(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, vals = talloc_realloc(msg, el->values, struct ldb_val, el->num_values + 1); if (vals == NULL) { - return LDB_ERR_OPERATIONS_ERROR; + return ldb_oom(sam_ldb); } el->values = vals; el->values[el->num_values] = val; @@ -915,7 +916,7 @@ int samdb_msg_add_delval(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, v = talloc_strdup(mem_ctx, value); if (v == NULL) { - return LDB_ERR_OPERATIONS_ERROR; + return ldb_oom(sam_ldb); } val.data = (uint8_t *) v; @@ -945,7 +946,7 @@ int samdb_msg_add_delval(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, vals = talloc_realloc(msg, el->values, struct ldb_val, el->num_values + 1); if (vals == NULL) { - return LDB_ERR_OPERATIONS_ERROR; + return ldb_oom(sam_ldb); } el->values = vals; el->values[el->num_values] = val; @@ -1001,7 +1002,7 @@ int samdb_msg_add_hash(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct struct ldb_val val; val.data = talloc_memdup(mem_ctx, hash->hash, 16); if (!val.data) { - return LDB_ERR_OPERATIONS_ERROR; + return ldb_oom(sam_ldb); } val.length = 16; return ldb_msg_add_value(msg, attr_name, &val, NULL); @@ -1010,7 +1011,8 @@ int samdb_msg_add_hash(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct /* add a samr_Password array to a message */ -int samdb_msg_add_hashes(TALLOC_CTX *mem_ctx, struct ldb_message *msg, +int samdb_msg_add_hashes(struct ldb_context *ldb, + TALLOC_CTX *mem_ctx, struct ldb_message *msg, const char *attr_name, struct samr_Password *hashes, unsigned int count) { @@ -1019,7 +1021,7 @@ int samdb_msg_add_hashes(TALLOC_CTX *mem_ctx, struct ldb_message *msg, val.data = talloc_array_size(mem_ctx, 16, count); val.length = count*16; if (!val.data) { - return LDB_ERR_OPERATIONS_ERROR; + return ldb_oom(ldb); } for (i=0;i<count;i++) { memcpy(i*16 + (char *)val.data, hashes[i].hash, 16); @@ -1905,7 +1907,7 @@ int samdb_search_for_parent_domain(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, const char *attrs[] = { NULL }; local_ctx = talloc_new(mem_ctx); - if (local_ctx == NULL) return LDB_ERR_OPERATIONS_ERROR; + if (local_ctx == NULL) return ldb_oom(ldb); while ((sdn = ldb_dn_get_parent(local_ctx, sdn))) { ret = ldb_search(ldb, local_ctx, &res, sdn, LDB_SCOPE_BASE, attrs, @@ -2393,7 +2395,7 @@ int dsdb_find_dn_by_guid(struct ldb_context *ldb, char *guid_str = GUID_string(mem_ctx, guid); if (!guid_str) { - return LDB_ERR_OPERATIONS_ERROR; + return ldb_operr(ldb); } ret = dsdb_search(ldb, mem_ctx, &res, NULL, LDB_SCOPE_SUBTREE, attrs, @@ -2533,7 +2535,7 @@ int dsdb_find_dn_by_sid(struct ldb_context *ldb, char *sid_str = dom_sid_string(mem_ctx, sid); if (!sid_str) { - return LDB_ERR_OPERATIONS_ERROR; + return ldb_operr(ldb); } ret = dsdb_search(ldb, mem_ctx, &res, NULL, LDB_SCOPE_SUBTREE, attrs, @@ -2675,7 +2677,7 @@ int dsdb_load_partition_usn(struct ldb_context *ldb, struct ldb_dn *dn, res = talloc_zero(tmp_ctx, struct ldb_result); if (!res) { talloc_free(tmp_ctx); - return LDB_ERR_OPERATIONS_ERROR; + return ldb_oom(ldb); } ret = ldb_build_search_req(&req, ldb, tmp_ctx, @@ -2693,7 +2695,7 @@ int dsdb_load_partition_usn(struct ldb_context *ldb, struct ldb_dn *dn, p_ctrl = talloc(req, struct dsdb_control_current_partition); if (p_ctrl == NULL) { talloc_free(tmp_ctx); - return LDB_ERR_OPERATIONS_ERROR; + return ldb_oom(ldb); } p_ctrl->version = DSDB_CONTROL_CURRENT_PARTITION_VERSION; p_ctrl->dn = dn; @@ -2775,7 +2777,7 @@ int samdb_is_rodc(struct ldb_context *sam_ctx, const struct GUID *objectGUID, bo config_dn = ldb_get_config_basedn(sam_ctx); if (!config_dn) { talloc_free(tmp_ctx); - return LDB_ERR_OPERATIONS_ERROR; + return ldb_operr(sam_ctx); } ret = dsdb_search(sam_ctx, tmp_ctx, &res, config_dn, LDB_SCOPE_SUBTREE, attrs, @@ -2821,7 +2823,7 @@ int samdb_rodc(struct ldb_context *sam_ctx, bool *am_rodc) objectGUID = samdb_ntds_objectGUID(sam_ctx); if (!objectGUID) { - return LDB_ERR_OPERATIONS_ERROR; + return ldb_operr(sam_ctx); } ret = samdb_is_rodc(sam_ctx, objectGUID, am_rodc); @@ -2831,14 +2833,14 @@ int samdb_rodc(struct ldb_context *sam_ctx, bool *am_rodc) cached = talloc(sam_ctx, bool); if (cached == NULL) { - return LDB_ERR_OPERATIONS_ERROR; + return ldb_oom(sam_ctx); } *cached = *am_rodc; ret = ldb_set_opaque(sam_ctx, "cache.am_rodc", cached); if (ret != LDB_SUCCESS) { talloc_free(cached); - return LDB_ERR_OPERATIONS_ERROR; + return ldb_operr(sam_ctx); } return LDB_SUCCESS; @@ -3166,7 +3168,7 @@ int dsdb_wellknown_dn(struct ldb_context *samdb, TALLOC_CTX *mem_ctx, wk_guid, ldb_dn_get_linearized(nc_root)); if (!wkguid_dn) { talloc_free(tmp_ctx); - return LDB_ERR_OPERATIONS_ERROR; + return ldb_operr(samdb); } ret = dsdb_search_dn(samdb, tmp_ctx, &res, dn, attrs, DSDB_SEARCH_SHOW_DELETED); @@ -3202,7 +3204,7 @@ int dsdb_find_nc_root(struct ldb_context *samdb, TALLOC_CTX *mem_ctx, struct ldb tmp_ctx = talloc_new(samdb); if (tmp_ctx == NULL) { - return LDB_ERR_OPERATIONS_ERROR; + return ldb_oom(samdb); } ret = ldb_search(samdb, tmp_ctx, &root_res, @@ -3224,14 +3226,14 @@ int dsdb_find_nc_root(struct ldb_context *samdb, TALLOC_CTX *mem_ctx, struct ldb nc_dns = talloc_array(tmp_ctx, struct ldb_dn *, el->num_values); if (!nc_dns) { talloc_free(tmp_ctx); - return LDB_ERR_OPERATIONS_ERROR; + return ldb_oom(samdb); } for (i=0; i<el->num_values; i++) { nc_dns[i] = ldb_dn_from_ldb_val(nc_dns, samdb, &el->values[i]); if (nc_dns[i] == NULL) { talloc_free(tmp_ctx); - return LDB_ERR_OPERATIONS_ERROR; + return ldb_operr(samdb); } } @@ -3283,13 +3285,13 @@ int dsdb_tombstone_lifetime(struct ldb_context *ldb, uint32_t *lifetime) } dn = ldb_dn_copy(ldb, dn); if (!dn) { - return LDB_ERR_OPERATIONS_ERROR; + return ldb_operr(ldb); } /* see MS-ADTS section 7.1.1.2.4.1.1. There doesn't appear to be a wellknown GUID for this */ if (!ldb_dn_add_child_fmt(dn, "CN=Directory Service,CN=Windows NT,CN=Services")) { talloc_free(dn); - return LDB_ERR_OPERATIONS_ERROR; + return ldb_operr(ldb); } *lifetime = samdb_search_uint(ldb, dn, 180, dn, "tombstoneLifetime", "objectClass=nTDSService"); @@ -3366,7 +3368,7 @@ int dsdb_load_udv_v2(struct ldb_context *samdb, struct ldb_dn *dn, TALLOC_CTX *m if (!our_invocation_id) { DEBUG(0,(__location__ ": No invocationID on samdb - %s\n", ldb_errstring(samdb))); talloc_free(*cursors); - return LDB_ERR_OPERATIONS_ERROR; + return ldb_operr(samdb); } ret = dsdb_load_partition_usn(samdb, dn, &highest_usn, NULL); @@ -3387,7 +3389,7 @@ int dsdb_load_udv_v2(struct ldb_context *samdb, struct ldb_dn *dn, TALLOC_CTX *m (*cursors) = talloc_realloc(mem_ctx, *cursors, struct drsuapi_DsReplicaCursor2, (*count)+1); if (! *cursors) { - return LDB_ERR_OPERATIONS_ERROR; + return ldb_oom(samdb); } (*cursors)[*count].source_dsa_invocation_id = *our_invocation_id; @@ -3425,7 +3427,7 @@ int dsdb_load_udv_v1(struct ldb_context *samdb, struct ldb_dn *dn, TALLOC_CTX *m *cursors = talloc_array(mem_ctx, struct drsuapi_DsReplicaCursor, *count); if (*cursors == NULL) { talloc_free(v2); - return LDB_ERR_OPERATIONS_ERROR; + return ldb_oom(samdb); } for (i=0; i<*count; i++) { @@ -3588,7 +3590,7 @@ int dsdb_search_dn(struct ldb_context *ldb, res = talloc_zero(mem_ctx, struct ldb_result); if (!res) { - return LDB_ERR_OPERATIONS_ERROR; + return ldb_oom(ldb); } ret = ldb_build_search_req(&req, ldb, res, @@ -3648,7 +3650,7 @@ int dsdb_search(struct ldb_context *ldb, res = talloc_zero(tmp_ctx, struct ldb_result); if (!res) { talloc_free(tmp_ctx); - return LDB_ERR_OPERATIONS_ERROR; + return ldb_oom(ldb); } if (exp_fmt) { @@ -3658,7 +3660,7 @@ int dsdb_search(struct ldb_context *ldb, if (!expression) { talloc_free(tmp_ctx); - return LDB_ERR_OPERATIONS_ERROR; + return ldb_oom(ldb); } } @@ -3734,7 +3736,7 @@ int dsdb_search_one(struct ldb_context *ldb, res = talloc_zero(tmp_ctx, struct ldb_result); if (!res) { talloc_free(tmp_ctx); - return LDB_ERR_OPERATIONS_ERROR; + return ldb_oom(ldb); } if (exp_fmt) { @@ -3744,7 +3746,7 @@ int dsdb_search_one(struct ldb_context *ldb, if (!expression) { talloc_free(tmp_ctx); - return LDB_ERR_OPERATIONS_ERROR; + return ldb_oom(ldb); } ret = dsdb_search(ldb, tmp_ctx, &res, basedn, scope, attrs, dsdb_flags, "%s", expression); @@ -3820,13 +3822,13 @@ int dsdb_validate_dsa_guid(struct ldb_context *ldb, DEBUG(1,(__location__ ": Failed to find DSA objectGUID %s for sid %s\n", GUID_string(tmp_ctx, dsa_guid), dom_sid_string(tmp_ctx, sid))); talloc_free(tmp_ctx); - return LDB_ERR_OPERATIONS_ERROR; + return ldb_operr(ldb); } dn = msg->dn; if (!ldb_dn_remove_child_components(dn, 1)) { talloc_free(tmp_ctx); - return LDB_ERR_OPERATIONS_ERROR; + return ldb_operr(ldb); } ret = dsdb_search_one(ldb, tmp_ctx, &msg, dn, LDB_SCOPE_BASE, @@ -3836,7 +3838,7 @@ int dsdb_validate_dsa_guid(struct ldb_context *ldb, DEBUG(1,(__location__ ": Failed to find server record for DSA with objectGUID %s, sid %s\n", GUID_string(tmp_ctx, dsa_guid), dom_sid_string(tmp_ctx, sid))); talloc_free(tmp_ctx); - return LDB_ERR_OPERATIONS_ERROR; + return ldb_operr(ldb); } account_dn = ldb_msg_find_attr_as_dn(ldb, tmp_ctx, msg, "serverReference"); @@ -3844,7 +3846,7 @@ int dsdb_validate_dsa_guid(struct ldb_context *ldb, DEBUG(1,(__location__ ": Failed to find account_dn for DSA with objectGUID %s, sid %s\n", GUID_string(tmp_ctx, dsa_guid), dom_sid_string(tmp_ctx, sid))); talloc_free(tmp_ctx); - return LDB_ERR_OPERATIONS_ERROR; + return ldb_operr(ldb); } status = dsdb_get_extended_dn_sid(account_dn, &sid2, "SID"); @@ -3852,7 +3854,7 @@ int dsdb_validate_dsa_guid(struct ldb_context *ldb, DEBUG(1,(__location__ ": Failed to find SID for DSA with objectGUID %s, sid %s\n", GUID_string(tmp_ctx, dsa_guid), dom_sid_string(tmp_ctx, sid))); talloc_free(tmp_ctx); - return LDB_ERR_OPERATIONS_ERROR; + return ldb_operr(ldb); } if (!dom_sid_equal(sid, &sid2)) { @@ -3862,7 +3864,7 @@ int dsdb_validate_dsa_guid(struct ldb_context *ldb, dom_sid_string(tmp_ctx, sid), dom_sid_string(tmp_ctx, &sid2))); talloc_free(tmp_ctx); - return LDB_ERR_OPERATIONS_ERROR; + return ldb_operr(ldb); } talloc_free(tmp_ctx); |