summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb/ldb_modules/schema_data.c
diff options
context:
space:
mode:
Diffstat (limited to 'source4/dsdb/samdb/ldb_modules/schema_data.c')
-rw-r--r--source4/dsdb/samdb/ldb_modules/schema_data.c175
1 files changed, 160 insertions, 15 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/schema_data.c b/source4/dsdb/samdb/ldb_modules/schema_data.c
index ed10ae6d69..2e99113953 100644
--- a/source4/dsdb/samdb/ldb_modules/schema_data.c
+++ b/source4/dsdb/samdb/ldb_modules/schema_data.c
@@ -92,6 +92,37 @@ struct schema_data_search_data {
const struct dsdb_schema *schema;
};
+/* context to be used during async operations */
+struct schema_data_context {
+ struct ldb_module *module;
+ struct ldb_request *req;
+
+ const struct dsdb_schema *schema;
+};
+
+/* Create new context using
+ * ldb_request as memory context */
+static int _schema_data_context_new(struct ldb_module *module,
+ struct ldb_request *req,
+ struct schema_data_context **pac)
+{
+ struct schema_data_context *ac;
+ struct ldb_context *ldb;
+
+ ldb = ldb_module_get_ctx(module);
+
+ *pac = ac = talloc_zero(req, struct schema_data_context);
+ if (ac == NULL) {
+ ldb_oom(ldb);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+ ac->module = module;
+ ac->req = req;
+ ac->schema = dsdb_get_schema(ldb);
+
+ return LDB_SUCCESS;
+}
+
static int schema_data_init(struct ldb_module *module)
{
struct ldb_context *ldb;
@@ -132,6 +163,57 @@ static int schema_data_init(struct ldb_module *module)
return LDB_SUCCESS;
}
+
+/* Generate new value for msDs-IntId
+ * Value should be in 0x80000000..0xBFFFFFFF range
+ * Generated value is added ldb_msg */
+static int _schema_data_gen_msds_intid(struct schema_data_context *ac,
+ struct ldb_message *ldb_msg)
+{
+ uint32_t id;
+
+ /* generate random num in 0x80000000..0xBFFFFFFF */
+ id = generate_random() % 0X3FFFFFFF;
+ id += 0x80000000;
+
+ /* make sure id is unique and adjust if not */
+ while (dsdb_attribute_by_attributeID_id(ac->schema, id)) {
+ id++;
+ if (id > 0xBFFFFFFF) {
+ id = 0x80000001;
+ }
+ }
+
+ /* add generated msDS-IntId value to ldb_msg */
+ return ldb_msg_add_fmt(ldb_msg, "msDS-IntId", "%d", id);
+}
+
+static int _schema_data_add_callback(struct ldb_request *req,
+ struct ldb_reply *ares)
+{
+ struct schema_data_context *ac;
+
+ ac = talloc_get_type(req->context, struct schema_data_context);
+
+ if (!ares) {
+ return ldb_module_done(ac->req, NULL, NULL,
+ LDB_ERR_OPERATIONS_ERROR);
+ }
+ if (ares->error != LDB_SUCCESS) {
+ return ldb_module_done(ac->req, ares->controls,
+ ares->response, ares->error);
+ }
+
+ if (ares->type != LDB_REPLY_DONE) {
+ talloc_free(ares);
+ return ldb_module_done(ac->req, NULL, NULL,
+ LDB_ERR_OPERATIONS_ERROR);
+ }
+
+ return ldb_module_done(ac->req, ares->controls,
+ ares->response, ares->error);
+}
+
static int schema_data_add(struct ldb_module *module, struct ldb_request *req)
{
struct ldb_context *ldb;
@@ -140,7 +222,6 @@ static int schema_data_add(struct ldb_module *module, struct ldb_request *req)
const struct ldb_val *governsID = NULL;
const char *oid_attr = NULL;
const char *oid = NULL;
- uint32_t attid;
WERROR status;
ldb = ldb_module_get_ctx(module);
@@ -170,6 +251,11 @@ static int schema_data_add(struct ldb_module *module, struct ldb_request *req)
governsID = ldb_msg_find_ldb_val(req->op.add.message, "governsID");
if (attributeID) {
+ /* Sanity check for not allowed attributes */
+ if (ldb_msg_find_ldb_val(req->op.add.message, "msDS-IntId")) {
+ return LDB_ERR_UNWILLING_TO_PERFORM;
+ }
+
oid_attr = "attributeID";
oid = talloc_strndup(req, (const char *)attributeID->data, attributeID->length);
} else if (governsID) {
@@ -183,25 +269,83 @@ static int schema_data_add(struct ldb_module *module, struct ldb_request *req)
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
-
- status = dsdb_schema_pfm_make_attid(schema->prefixmap, oid, &attid);
- if (W_ERROR_IS_OK(status)) {
+
+ status = dsdb_schema_pfm_find_oid(schema->prefixmap, oid, NULL);
+ if (!W_ERROR_IS_OK(status)) {
+ /* check for internal errors */
+ if (!W_ERROR_EQUAL(WERR_DS_NO_MSDS_INTID, status)) {
+ ldb_debug_set(ldb, LDB_DEBUG_ERROR,
+ "schema_data_add: failed to map %s[%s]: %s\n",
+ oid_attr, oid, win_errstr(status));
+ return LDB_ERR_UNWILLING_TO_PERFORM;
+ }
+
+ /* Update prefixMap and save it */
+ status = dsdb_create_prefix_mapping(ldb, schema, oid);
+ if (!W_ERROR_IS_OK(status)) {
+ ldb_debug_set(ldb, LDB_DEBUG_ERROR,
+ "schema_data_add: failed to create prefix mapping for %s[%s]: %s\n",
+ oid_attr, oid, win_errstr(status));
+ return LDB_ERR_UNWILLING_TO_PERFORM;
+ }
+ }
+
+ /* generate and add msDS-IntId attr value */
+ if (attributeID
+ && (dsdb_functional_level(ldb) >= DS_DOMAIN_FUNCTION_2003)
+ && !(ldb_msg_find_attr_as_uint(req->op.add.message, "systemFlags", 0) & SYSTEM_FLAG_SCHEMA_BASE_OBJECT)) {
+ struct ldb_message *msg;
+ struct schema_data_context *ac;
+ struct ldb_request *add_req;
+
+ if (_schema_data_context_new(module, req, &ac) != LDB_SUCCESS) {
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ /* we have to copy the message as the caller might have it as a const */
+ msg = ldb_msg_copy_shallow(ac, req->op.add.message);
+ if (msg == NULL) {
+ ldb_oom(ldb);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ /* generate unique value for msDS-IntId attr value */
+ if (_schema_data_gen_msds_intid(ac, msg) != LDB_SUCCESS) {
+ ldb_debug_set(ldb, LDB_DEBUG_ERROR,
+ "_schema_data_gen_msds_intid() failed to generate msDS-IntId value\n");
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ ldb_build_add_req(&add_req, ldb, ac,
+ msg,
+ req->controls,
+ ac, _schema_data_add_callback,
+ req);
+
+ return ldb_next_request(module, add_req);
+ }
+
+ return ldb_next_request(module, req);
+}
+
+static int schema_data_modify(struct ldb_module *module, struct ldb_request *req)
+{
+ /* special objects should always go through */
+ if (ldb_dn_is_special(req->op.mod.message->dn)) {
return ldb_next_request(module, req);
- } else if (!W_ERROR_EQUAL(WERR_DS_NO_MSDS_INTID, status)) {
- ldb_debug_set(ldb, LDB_DEBUG_ERROR,
- "schema_data_add: failed to map %s[%s]: %s\n",
- oid_attr, oid, win_errstr(status));
- return LDB_ERR_UNWILLING_TO_PERFORM;
}
- status = dsdb_create_prefix_mapping(ldb, schema, oid);
- if (!W_ERROR_IS_OK(status)) {
- ldb_debug_set(ldb, LDB_DEBUG_ERROR,
- "schema_data_add: failed to create prefix mapping for %s[%s]: %s\n",
- oid_attr, oid, win_errstr(status));
- return LDB_ERR_UNWILLING_TO_PERFORM;
+ /* replicated update should always go through */
+ if (ldb_request_get_control(req, DSDB_CONTROL_REPLICATED_UPDATE_OID)) {
+ return ldb_next_request(module, req);
+ }
+
+ /* msDS-IntId is not allowed to be modified */
+ if (ldb_msg_find_ldb_val(req->op.mod.message, "msDS-IntId")) {
+ return LDB_ERR_CONSTRAINT_VIOLATION;
}
+ /* go on with the call chain */
return ldb_next_request(module, req);
}
@@ -460,5 +604,6 @@ _PUBLIC_ const struct ldb_module_ops ldb_schema_data_module_ops = {
.name = "schema_data",
.init_context = schema_data_init,
.add = schema_data_add,
+ .modify = schema_data_modify,
.search = schema_data_search
};