summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb/ldb_modules
diff options
context:
space:
mode:
Diffstat (limited to 'source4/dsdb/samdb/ldb_modules')
-rw-r--r--source4/dsdb/samdb/ldb_modules/instancetype.c2
-rw-r--r--source4/dsdb/samdb/ldb_modules/linked_attributes.c11
-rw-r--r--source4/dsdb/samdb/ldb_modules/password_hash.c22
-rw-r--r--source4/dsdb/samdb/ldb_modules/repl_meta_data.c2
-rw-r--r--source4/dsdb/samdb/ldb_modules/rootdse.c140
-rw-r--r--source4/dsdb/samdb/ldb_modules/samldb.c8
6 files changed, 158 insertions, 27 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/instancetype.c b/source4/dsdb/samdb/ldb_modules/instancetype.c
index 8d648d6d82..f0d56ac627 100644
--- a/source4/dsdb/samdb/ldb_modules/instancetype.c
+++ b/source4/dsdb/samdb/ldb_modules/instancetype.c
@@ -38,7 +38,7 @@
#include "ldb_module.h"
#include "librpc/gen_ndr/ndr_misc.h"
#include "dsdb/samdb/samdb.h"
-#include "dsdb/common/flags.h"
+#include "../libds/common/flags.h"
struct it_context {
struct ldb_module *module;
diff --git a/source4/dsdb/samdb/ldb_modules/linked_attributes.c b/source4/dsdb/samdb/ldb_modules/linked_attributes.c
index 4e28c8a149..9ed06a9130 100644
--- a/source4/dsdb/samdb/ldb_modules/linked_attributes.c
+++ b/source4/dsdb/samdb/ldb_modules/linked_attributes.c
@@ -741,15 +741,15 @@ static int la_op_search_callback(struct ldb_request *req,
if (ret != LDB_SUCCESS) {
return ldb_module_done(ac->req, NULL, NULL, ret);
}
- break;
- case LDB_RENAME:
-
+ return ret;
+
+ case LDB_RENAME:
+ /* start the mod requests chain */
ret = la_do_mod_request(ac);
if (ret != LDB_SUCCESS) {
return ldb_module_done(ac->req, NULL, NULL,
ret);
- }
-
+ }
return ret;
default:
@@ -759,7 +759,6 @@ static int la_op_search_callback(struct ldb_request *req,
return ldb_module_done(ac->req, NULL, NULL,
LDB_ERR_OPERATIONS_ERROR);
}
- return LDB_SUCCESS;
}
talloc_free(ares);
diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c
index 44b7ef91e9..c7fa636aa8 100644
--- a/source4/dsdb/samdb/ldb_modules/password_hash.c
+++ b/source4/dsdb/samdb/ldb_modules/password_hash.c
@@ -42,7 +42,7 @@
#include "auth/kerberos/kerberos.h"
#include "system/time.h"
#include "dsdb/samdb/samdb.h"
-#include "dsdb/common/flags.h"
+#include "../libds/common/flags.h"
#include "dsdb/samdb/ldb_modules/password_modules.h"
#include "librpc/ndr/libndr.h"
#include "librpc/gen_ndr/ndr_drsblobs.h"
@@ -1026,6 +1026,7 @@ static int setup_supplemental_field(struct setup_password_fields_io *io)
uint8_t zero16[16];
bool do_newer_keys = false;
bool do_cleartext = false;
+ int *domainFunctionality;
ZERO_STRUCT(zero16);
ZERO_STRUCT(names);
@@ -1064,10 +1065,10 @@ static int setup_supplemental_field(struct setup_password_fields_io *io)
_old_scb.sub.signature, SUPPLEMENTAL_CREDENTIALS_SIGNATURE);
}
}
+ /* Per MS-SAMR 3.1.1.8.11.6 we create AES keys if our domain functionality level is 2008 or higher */
+ domainFunctionality = talloc_get_type(ldb_get_opaque(ldb, "domainFunctionality"), int);
- /* TODO: do the correct check for this, it maybe depends on the functional level? */
- do_newer_keys = lp_parm_bool(ldb_get_opaque(ldb, "loadparm"),
- NULL, "password_hash", "create_aes_key", false);
+ do_newer_keys = *domainFunctionality && (*domainFunctionality >= DS_BEHAVIOR_WIN2008);
if (io->domain->store_cleartext &&
(io->u.user_account_control & UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED)) {
@@ -1399,33 +1400,33 @@ static int setup_password_fields(struct setup_password_fields_io *io)
}
ret = setup_kerberos_keys(io);
- if (ret != 0) {
+ if (ret != LDB_SUCCESS) {
return ret;
}
}
ret = setup_nt_fields(io);
- if (ret != 0) {
+ if (ret != LDB_SUCCESS) {
return ret;
}
ret = setup_lm_fields(io);
- if (ret != 0) {
+ if (ret != LDB_SUCCESS) {
return ret;
}
ret = setup_supplemental_field(io);
- if (ret != 0) {
+ if (ret != LDB_SUCCESS) {
return ret;
}
ret = setup_last_set_field(io);
- if (ret != 0) {
+ if (ret != LDB_SUCCESS) {
return ret;
}
ret = setup_kvno_field(io);
- if (ret != 0) {
+ if (ret != LDB_SUCCESS) {
return ret;
}
@@ -1648,6 +1649,7 @@ static int get_domain_data_callback(struct ldb_request *req,
if (ret != LDB_SUCCESS) {
return ldb_module_done(ac->req, NULL, NULL, ret);
}
+ break;
case LDB_REPLY_REFERRAL:
/* ignore */
diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
index 41f4e8e7d5..53d6d0749c 100644
--- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
+++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
@@ -41,7 +41,7 @@
#include "includes.h"
#include "ldb_module.h"
#include "dsdb/samdb/samdb.h"
-#include "dsdb/common/flags.h"
+#include "../libds/common/flags.h"
#include "librpc/gen_ndr/ndr_misc.h"
#include "librpc/gen_ndr/ndr_drsuapi.h"
#include "librpc/gen_ndr/ndr_drsblobs.h"
diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c
index 7080fb632f..59ea51dbce 100644
--- a/source4/dsdb/samdb/ldb_modules/rootdse.c
+++ b/source4/dsdb/samdb/ldb_modules/rootdse.c
@@ -59,6 +59,7 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms
struct private_data *priv = talloc_get_type(ldb_module_get_private(module), struct private_data);
char **server_sasl;
const struct dsdb_schema *schema;
+ int *val;
ldb = ldb_module_get_ctx(module);
schema = dsdb_get_schema(ldb);
@@ -77,7 +78,7 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms
}
}
- if (do_attribute(attrs, "supportedControl")) {
+ if (priv && do_attribute(attrs, "supportedControl")) {
int i;
for (i = 0; i < priv->num_controls; i++) {
char *control = talloc_strdup(msg, priv->controls[i]);
@@ -91,7 +92,7 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms
}
}
- if (do_attribute(attrs, "namingContexts")) {
+ if (priv && do_attribute(attrs, "namingContexts")) {
int i;
for (i = 0; i < priv->num_partitions; i++) {
struct ldb_dn *dn = priv->partitions[i];
@@ -201,13 +202,37 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms
}
}
- if (schema && do_attribute_explicit(attrs, "vendorVersion")) {
+ if (do_attribute_explicit(attrs, "vendorVersion")) {
if (ldb_msg_add_fmt(msg, "vendorVersion",
"%s", SAMBA_VERSION_STRING) != 0) {
goto failed;
}
}
+ if (priv && do_attribute(attrs, "domainFunctionality")
+ && (val = talloc_get_type(ldb_get_opaque(ldb, "domainFunctionality"), int))) {
+ if (ldb_msg_add_fmt(msg, "domainFunctionality",
+ "%d", *val) != 0) {
+ goto failed;
+ }
+ }
+
+ if (priv && do_attribute(attrs, "forestFunctionality")
+ && (val = talloc_get_type(ldb_get_opaque(ldb, "forestFunctionality"), int))) {
+ if (ldb_msg_add_fmt(msg, "forestFunctionality",
+ "%d", *val) != 0) {
+ goto failed;
+ }
+ }
+
+ if (priv && do_attribute(attrs, "domainControllerFunctionality")
+ && (val = talloc_get_type(ldb_get_opaque(ldb, "domainControllerFunctionality"), int))) {
+ if (ldb_msg_add_fmt(msg, "domainControllerFunctionality",
+ "%d", *val) != 0) {
+ goto failed;
+ }
+ }
+
/* TODO: lots more dynamic attributes should be added here */
return LDB_SUCCESS;
@@ -394,12 +419,17 @@ static int rootdse_request(struct ldb_module *module, struct ldb_request *req)
static int rootdse_init(struct ldb_module *module)
{
+ int ret;
struct ldb_context *ldb;
+ struct ldb_result *res;
struct private_data *data;
+ const char *attrs[] = { "msDS-Behavior-Version", NULL };
+ const char *ds_attrs[] = { "dsServiceName", NULL };
+ TALLOC_CTX *mem_ctx;
ldb = ldb_module_get_ctx(module);
- data = talloc(module, struct private_data);
+ data = talloc_zero(module, struct private_data);
if (data == NULL) {
return -1;
}
@@ -412,7 +442,107 @@ static int rootdse_init(struct ldb_module *module)
ldb_set_default_dns(ldb);
- return ldb_next_init(module);
+ ret = ldb_next_init(module);
+
+ if (ret) {
+ return ret;
+ }
+
+ mem_ctx = talloc_new(data);
+ if (!mem_ctx) {
+ ldb_oom(ldb);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ /* Now that the partitions are set up, do a search for:
+ - domainControllerFunctionality
+ - domainFunctionality
+ - forestFunctionality
+
+ Then stuff these values into an opaque
+ */
+ ret = ldb_search(ldb, mem_ctx, &res,
+ ldb_get_default_basedn(ldb),
+ LDB_SCOPE_BASE, attrs, NULL);
+ if (ret == LDB_SUCCESS && res->count == 1) {
+ int domain_behaviour_version
+ = ldb_msg_find_attr_as_int(res->msgs[0],
+ "msDS-Behavior-Version", -1);
+ if (domain_behaviour_version != -1) {
+ int *val = talloc(ldb, int);
+ if (!val) {
+ ldb_oom(ldb);
+ talloc_free(mem_ctx);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+ *val = domain_behaviour_version;
+ ret = ldb_set_opaque(ldb, "domainFunctionality", val);
+ if (ret != LDB_SUCCESS) {
+ talloc_free(mem_ctx);
+ return ret;
+ }
+ }
+ }
+
+ ret = ldb_search(ldb, mem_ctx, &res,
+ samdb_partitions_dn(ldb, mem_ctx),
+ LDB_SCOPE_BASE, attrs, NULL);
+ if (ret == LDB_SUCCESS && res->count == 1) {
+ int forest_behaviour_version
+ = ldb_msg_find_attr_as_int(res->msgs[0],
+ "msDS-Behavior-Version", -1);
+ if (forest_behaviour_version != -1) {
+ int *val = talloc(ldb, int);
+ if (!val) {
+ ldb_oom(ldb);
+ talloc_free(mem_ctx);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+ *val = forest_behaviour_version;
+ ret = ldb_set_opaque(ldb, "forestFunctionality", val);
+ if (ret != LDB_SUCCESS) {
+ talloc_free(mem_ctx);
+ return ret;
+ }
+ }
+ }
+
+ ret = ldb_search(ldb, mem_ctx, &res,
+ ldb_dn_new(mem_ctx, ldb, ""),
+ LDB_SCOPE_BASE, ds_attrs, NULL);
+ if (ret == LDB_SUCCESS && res->count == 1) {
+ struct ldb_dn *ds_dn
+ = ldb_msg_find_attr_as_dn(ldb, mem_ctx, res->msgs[0],
+ "dsServiceName");
+ if (ds_dn) {
+ ret = ldb_search(ldb, mem_ctx, &res, ds_dn,
+ LDB_SCOPE_BASE, attrs, NULL);
+ if (ret == LDB_SUCCESS && res->count == 1) {
+ int domain_controller_behaviour_version
+ = ldb_msg_find_attr_as_int(res->msgs[0],
+ "msDS-Behavior-Version", -1);
+ if (domain_controller_behaviour_version != -1) {
+ int *val = talloc(ldb, int);
+ if (!val) {
+ ldb_oom(ldb);
+ talloc_free(mem_ctx);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+ *val = domain_controller_behaviour_version;
+ ret = ldb_set_opaque(ldb,
+ "domainControllerFunctionality", val);
+ if (ret != LDB_SUCCESS) {
+ talloc_free(mem_ctx);
+ return ret;
+ }
+ }
+ }
+ }
+ }
+
+ talloc_free(mem_ctx);
+
+ return LDB_SUCCESS;
}
static int rootdse_modify(struct ldb_module *module, struct ldb_request *req)
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c
index 8e21e38139..544249cbe3 100644
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -572,7 +572,7 @@ static int samldb_check_samAccountType(struct samldb_ctx *ac)
"userAccountControl invalid");
return LDB_ERR_UNWILLING_TO_PERFORM;
} else {
- account_type = samdb_uf2atype(uac);
+ account_type = ds_uf2atype(uac);
ret = samdb_msg_add_uint(ldb,
ac->msg, ac->msg,
"sAMAccountType",
@@ -590,7 +590,7 @@ static int samldb_check_samAccountType(struct samldb_ctx *ac)
"groupType invalid");
return LDB_ERR_UNWILLING_TO_PERFORM;
} else {
- account_type = samdb_gtype2atype(group_type);
+ account_type = ds_gtype2atype(group_type);
ret = samdb_msg_add_uint(ldb,
ac->msg, ac->msg,
"sAMAccountType",
@@ -1280,7 +1280,7 @@ static int samldb_modify(struct ldb_module *module, struct ldb_request *req)
req->op.mod.message = msg = ldb_msg_copy_shallow(req, req->op.mod.message);
group_type = strtoul((const char *)el->values[0].data, NULL, 0);
- account_type = samdb_gtype2atype(group_type);
+ account_type = ds_gtype2atype(group_type);
ret = samdb_msg_add_uint(ldb, msg, msg,
"sAMAccountType",
account_type);
@@ -1296,7 +1296,7 @@ static int samldb_modify(struct ldb_module *module, struct ldb_request *req)
req->op.mod.message = msg = ldb_msg_copy_shallow(req, req->op.mod.message);
user_account_control = strtoul((const char *)el->values[0].data, NULL, 0);
- account_type = samdb_uf2atype(user_account_control);
+ account_type = ds_uf2atype(user_account_control);
ret = samdb_msg_add_uint(ldb, msg, msg,
"sAMAccountType",
account_type);
generated by cgit (git 2.34.1) at 2024-07-19 11:39:24 +0000