diff options
Diffstat (limited to 'source4/dsdb/samdb')
-rw-r--r-- | source4/dsdb/samdb/cracknames.c | 21 | ||||
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/objectguid.c | 36 | ||||
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/proxy.c | 96 | ||||
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/samldb.c | 83 |
4 files changed, 125 insertions, 111 deletions
diff --git a/source4/dsdb/samdb/cracknames.c b/source4/dsdb/samdb/cracknames.c index 16afccda81..a377e3fe1d 100644 --- a/source4/dsdb/samdb/cracknames.c +++ b/source4/dsdb/samdb/cracknames.c @@ -28,6 +28,7 @@ #include "rpc_server/common/common.h" #include "rpc_server/drsuapi/dcesrv_drsuapi.h" #include "lib/ldb/include/ldb.h" +#include "lib/ldb/include/ldb_errors.h" #include "system/kerberos.h" #include "auth/kerberos/kerberos.h" @@ -48,8 +49,8 @@ static enum drsuapi_DsNameStatus LDB_lookup_spn_alias(krb5_context context, stru char **alias_to) { int i; - int count; - struct ldb_message **msg; + int ret; + struct ldb_result *res; struct ldb_message_element *spnmappings; struct ldb_dn *service_dn = ldb_dn_string_compose(mem_ctx, samdb_base_dn(mem_ctx), "CN=Directory Service,CN=Windows NT" @@ -60,19 +61,19 @@ static enum drsuapi_DsNameStatus LDB_lookup_spn_alias(krb5_context context, stru NULL }; - count = ldb_search(ldb_ctx, service_dn, LDB_SCOPE_BASE, "(objectClass=nTDSService)", - directory_attrs, &msg); - talloc_steal(mem_ctx, msg); + ret = ldb_search(ldb_ctx, service_dn, LDB_SCOPE_BASE, "(objectClass=nTDSService)", + directory_attrs, &res); + talloc_steal(mem_ctx, res); - if (count < 1) { - DEBUG(1, ("ldb_search: dn: %s not found: %d", service_dn_str, count)); + if (ret != LDB_SUCCESS) { + DEBUG(1, ("ldb_search: dn: %s not found: %s", service_dn_str, ldb_errstring(ldb_ctx))); return DRSUAPI_DS_NAME_STATUS_NOT_FOUND; - } else if (count > 1) { - DEBUG(1, ("ldb_search: dn: %s found %d times!", service_dn_str, count)); + } else if (res->count > 1) { + DEBUG(1, ("ldb_search: dn: %s found %d times!", service_dn_str, res->count)); return DRSUAPI_DS_NAME_STATUS_NOT_FOUND; } - spnmappings = ldb_msg_find_element(msg[0], "sPNMappings"); + spnmappings = ldb_msg_find_element(res->msgs[0], "sPNMappings"); if (!spnmappings || spnmappings->num_values == 0) { DEBUG(1, ("ldb_search: dn: %s no sPNMappings attribute", service_dn_str)); return DRSUAPI_DS_NAME_STATUS_NOT_FOUND; diff --git a/source4/dsdb/samdb/ldb_modules/objectguid.c b/source4/dsdb/samdb/ldb_modules/objectguid.c index 70bbaf179c..0d5ae69219 100644 --- a/source4/dsdb/samdb/ldb_modules/objectguid.c +++ b/source4/dsdb/samdb/ldb_modules/objectguid.c @@ -38,14 +38,6 @@ #include "ldb/include/ldb_private.h" #include "librpc/gen_ndr/ndr_misc.h" -static int objectguid_search_bytree(struct ldb_module *module, const struct ldb_dn *base, - enum ldb_scope scope, struct ldb_parse_tree *tree, - const char * const *attrs, struct ldb_message ***res) -{ - ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_search\n"); - return ldb_next_search_bytree(module, base, scope, tree, attrs, res); -} - static struct ldb_message_element *objectguid_find_attribute(const struct ldb_message *msg, const char *name) { int i; @@ -60,8 +52,9 @@ static struct ldb_message_element *objectguid_find_attribute(const struct ldb_me } /* add_record: add objectGUID attribute */ -static int objectguid_add_record(struct ldb_module *module, const struct ldb_message *msg) +static int objectguid_add(struct ldb_module *module, struct ldb_request *req) { + const struct ldb_message *msg = req->op.add.message; struct ldb_val v; struct ldb_message *msg2; struct ldb_message_element *attribute; @@ -72,11 +65,11 @@ static int objectguid_add_record(struct ldb_module *module, const struct ldb_mes ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_add_record\n"); if (ldb_dn_is_special(msg->dn)) { /* do not manipulate our control entries */ - return ldb_next_add_record(module, msg); + return ldb_next_request(module, req); } if ((attribute = objectguid_find_attribute(msg, "objectGUID")) != NULL ) { - return ldb_next_add_record(module, msg); + return ldb_next_request(module, req); } msg2 = talloc(module, struct ldb_message); @@ -106,16 +99,31 @@ static int objectguid_add_record(struct ldb_module *module, const struct ldb_mes return ret; } - ret = ldb_next_add_record(module, msg2); + req->op.add.message = msg2; + ret = ldb_next_request(module, req); + req->op.add.message = msg; + talloc_free(msg2); return ret; } +static int objectguid_request(struct ldb_module *module, struct ldb_request *req) +{ + switch (req->operation) { + + case LDB_REQ_ADD: + return objectguid_add(module, req); + + default: + return ldb_next_request(module, req); + + } +} + static const struct ldb_module_ops objectguid_ops = { .name = "objectguid", - .search_bytree = objectguid_search_bytree, - .add_record = objectguid_add_record + .request = objectguid_request }; diff --git a/source4/dsdb/samdb/ldb_modules/proxy.c b/source4/dsdb/samdb/ldb_modules/proxy.c index 4ef5e450aa..643ff5f3d0 100644 --- a/source4/dsdb/samdb/ldb_modules/proxy.c +++ b/source4/dsdb/samdb/ldb_modules/proxy.c @@ -39,6 +39,7 @@ #include "includes.h" #include "ldb/include/ldb.h" +#include "ldb/include/ldb_errors.h" #include "ldb/include/ldb_private.h" #include "lib/cmdline/popt_common.h" @@ -58,8 +59,8 @@ static int load_proxy_info(struct ldb_module *module) { struct proxy_data *proxy = talloc_get_type(module->private_data, struct proxy_data); struct ldb_dn *dn; - struct ldb_message **msg; - int res; + struct ldb_result *res; + int ret; const char *olddn, *newdn, *url, *username, *password, *oldstr, *newstr; struct cli_credentials *creds; @@ -73,20 +74,20 @@ static int load_proxy_info(struct ldb_module *module) if (dn == NULL) { goto failed; } - res = ldb_search(module->ldb, dn, LDB_SCOPE_BASE, NULL, NULL, &msg); + ret = ldb_search(module->ldb, dn, LDB_SCOPE_BASE, NULL, NULL, &res); talloc_free(dn); - if (res != 1) { + if (ret != LDB_SUCCESS || res->count != 1) { ldb_debug(module->ldb, LDB_DEBUG_FATAL, "Can't find @PROXYINFO\n"); goto failed; } - url = ldb_msg_find_string(msg[0], "url", NULL); - olddn = ldb_msg_find_string(msg[0], "olddn", NULL); - newdn = ldb_msg_find_string(msg[0], "newdn", NULL); - username = ldb_msg_find_string(msg[0], "username", NULL); - password = ldb_msg_find_string(msg[0], "password", NULL); - oldstr = ldb_msg_find_string(msg[0], "oldstr", NULL); - newstr = ldb_msg_find_string(msg[0], "newstr", NULL); + url = ldb_msg_find_string(res->msgs[0], "url", NULL); + olddn = ldb_msg_find_string(res->msgs[0], "olddn", NULL); + newdn = ldb_msg_find_string(res->msgs[0], "newdn", NULL); + username = ldb_msg_find_string(res->msgs[0], "username", NULL); + password = ldb_msg_find_string(res->msgs[0], "password", NULL); + oldstr = ldb_msg_find_string(res->msgs[0], "oldstr", NULL); + newstr = ldb_msg_find_string(res->msgs[0], "newstr", NULL); if (url == NULL || olddn == NULL || newdn == NULL || username == NULL || password == NULL) { ldb_debug(module->ldb, LDB_DEBUG_FATAL, "Need url, olddn, newdn, oldstr, newstr, username and password in @PROXYINFO\n"); @@ -135,20 +136,20 @@ static int load_proxy_info(struct ldb_module *module) ldb_set_opaque(proxy->upstream, "credentials", creds); - res = ldb_connect(proxy->upstream, url, 0, NULL); - if (res != 0) { + ret = ldb_connect(proxy->upstream, url, 0, NULL); + if (ret != 0) { ldb_debug(module->ldb, LDB_DEBUG_FATAL, "proxy failed to connect to %s\n", url); goto failed; } ldb_debug(module->ldb, LDB_DEBUG_TRACE, "proxy connected to %s\n", url); - talloc_free(msg); + talloc_free(res); return 0; failed: - talloc_free(msg); + talloc_free(res); talloc_free(proxy->olddn); talloc_free(proxy->newdn); talloc_free(proxy->upstream); @@ -246,15 +247,16 @@ static void proxy_convert_record(struct ldb_module *module, struct ldb_message * } /* search */ -static int proxy_search_bytree(struct ldb_module *module, const struct ldb_dn *base, - enum ldb_scope scope, struct ldb_parse_tree *tree, - const char * const *attrs, struct ldb_message ***res) +static int proxy_search_bytree(struct ldb_module *module, struct ldb_request *req) { struct proxy_data *proxy = talloc_get_type(module->private_data, struct proxy_data); - struct ldb_dn *newbase; + struct ldb_request newreq; + struct ldb_dn *base; int ret, i; - if (base == NULL || (base->comp_num == 1 && base->components[0].name[0] == '@')) { + if (req->op.search.base == NULL || + (req->op.search.base->comp_num == 1 && + req->op.search.base->components[0].name[0] == '@')) { goto passthru; } @@ -263,56 +265,72 @@ static int proxy_search_bytree(struct ldb_module *module, const struct ldb_dn *b } /* see if the dn is within olddn */ - if (ldb_dn_compare_base(module->ldb, proxy->newdn, base) != 0) { + if (ldb_dn_compare_base(module->ldb, proxy->newdn, req->op.search.base) != 0) { goto passthru; } - tree = proxy_convert_tree(module, tree); + newreq.op.search.tree = proxy_convert_tree(module, req->op.search.tree); /* convert the basedn of this search */ - newbase = ldb_dn_copy(proxy, base); - if (newbase == NULL) { + base = ldb_dn_copy(proxy, req->op.search.base); + if (base == NULL) { goto failed; } - newbase->comp_num -= proxy->newdn->comp_num; - newbase = ldb_dn_compose(proxy, newbase, proxy->olddn); + base->comp_num -= proxy->newdn->comp_num; + base = ldb_dn_compose(proxy, newreq.op.search.base, proxy->olddn); ldb_debug(module->ldb, LDB_DEBUG_FATAL, "proxying: '%s' with dn '%s' \n", - ldb_filter_from_tree(proxy, tree), ldb_dn_linearize(proxy, newbase)); - for (i=0;attrs && attrs[i];i++) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "attr: '%s'\n", attrs[i]); + ldb_filter_from_tree(proxy, newreq.op.search.tree), ldb_dn_linearize(proxy, newreq.op.search.base)); + for (i = 0; req->op.search.attrs && req->op.search.attrs[i]; i++) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "attr: '%s'\n", req->op.search.attrs[i]); } - - ret = ldb_search_bytree(proxy->upstream, newbase, scope, tree, attrs, res); - if (ret == -1) { + + newreq.op.search.base = base; + newreq.op.search.scope = req->op.search.scope; + newreq.op.search.attrs = req->op.search.attrs; + newreq.op.search.res = req->op.search.res; + ret = ldb_request(proxy->upstream, &newreq); + if (ret != LDB_SUCCESS) { ldb_set_errstring(module, talloc_strdup(module, ldb_errstring(proxy->upstream))); return -1; } - for (i=0;i<ret;i++) { + for (i = 0; i < (*newreq.op.search.res)->count; i++) { struct ldb_ldif ldif; printf("# record %d\n", i+1); - proxy_convert_record(module, (*res)[i]); + proxy_convert_record(module, (*newreq.op.search.res)->msgs[i]); ldif.changetype = LDB_CHANGETYPE_NONE; - ldif.msg = (*res)[i]; + ldif.msg = (*newreq.op.search.res)->msgs[i]; } return ret; failed: ldb_debug(module->ldb, LDB_DEBUG_TRACE, "proxy failed for %s\n", - ldb_dn_linearize(proxy, base)); + ldb_dn_linearize(proxy, req->op.search.base)); passthru: - return ldb_next_search_bytree(module, base, scope, tree, attrs, res); + return ldb_next_request(module, req); } +static int proxy_request(struct ldb_module *module, struct ldb_request *req) +{ + switch (req->operation) { + + case LDB_REQ_SEARCH: + return proxy_search_bytree(module, req); + + default: + return ldb_next_request(module, req); + + } +} static const struct ldb_module_ops proxy_ops = { - .name = "proxy", - .search_bytree = proxy_search_bytree + .name = "proxy", + .request = proxy_request }; #ifdef HAVE_DLOPEN_DISABLED diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 5ed84cc10d..bb69b86e1d 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -34,20 +34,13 @@ #include "includes.h" #include "lib/ldb/include/ldb.h" +#include "lib/ldb/include/ldb_errors.h" #include "lib/ldb/include/ldb_private.h" #include "system/time.h" #include "librpc/gen_ndr/ndr_security.h" #define SAM_ACCOUNT_NAME_BASE "$000000-000000000000" -static int samldb_search_bytree(struct ldb_module *module, const struct ldb_dn *base, - enum ldb_scope scope, struct ldb_parse_tree *tree, - const char * const *attrs, struct ldb_message ***res) -{ - ldb_debug(module->ldb, LDB_DEBUG_TRACE, "samldb_search\n"); - return ldb_next_search_bytree(module, base, scope, tree, attrs, res); -} - /* allocate a new id, attempting to do it atomically return 0 on failure, the id on success @@ -56,7 +49,7 @@ static int samldb_allocate_next_rid(struct ldb_context *ldb, TALLOC_CTX *mem_ctx const struct ldb_dn *dn, uint32_t *id) { const char * const attrs[2] = { "nextRid", NULL }; - struct ldb_message **res = NULL; + struct ldb_result *res = NULL; struct ldb_message msg; int ret; const char *str; @@ -64,11 +57,11 @@ static int samldb_allocate_next_rid(struct ldb_context *ldb, TALLOC_CTX *mem_ctx struct ldb_message_element els[2]; ret = ldb_search(ldb, dn, LDB_SCOPE_BASE, "nextRid=*", attrs, &res); - if (ret != 1) { + if (ret != LDB_SUCCESS || res->count != 1) { if (res) talloc_free(res); return -1; } - str = ldb_msg_find_string(res[0], "nextRid", NULL); + str = ldb_msg_find_string(res->msgs[0], "nextRid", NULL); if (str == NULL) { ldb_debug(ldb, LDB_DEBUG_FATAL, "attribute nextRid not found in %s\n", ldb_dn_linearize(res, dn)); talloc_free(res); @@ -133,7 +126,7 @@ static struct ldb_dn *samldb_search_domain(struct ldb_module *module, TALLOC_CTX { TALLOC_CTX *local_ctx; struct ldb_dn *sdn; - struct ldb_message **res = NULL; + struct ldb_result *res = NULL; int ret = 0; local_ctx = talloc_named(mem_ctx, 0, "samldb_search_domain memory conext"); @@ -144,12 +137,12 @@ static struct ldb_dn *samldb_search_domain(struct ldb_module *module, TALLOC_CTX ret = ldb_search(module->ldb, sdn, LDB_SCOPE_BASE, "objectClass=domain", NULL, &res); talloc_free(res); - if (ret == 1) + if (ret == LDB_SUCCESS && res->count == 1) break; } while ((sdn = ldb_dn_get_parent(local_ctx, sdn))); - if (ret != 1) { + if (ret != LDB_SUCCESS || res->count != 1) { talloc_free(local_ctx); return NULL; } @@ -168,7 +161,7 @@ static struct dom_sid *samldb_get_new_sid(struct ldb_module *module, TALLOC_CTX *mem_ctx, const struct ldb_dn *obj_dn) { const char * const attrs[2] = { "objectSid", NULL }; - struct ldb_message **res = NULL; + struct ldb_result *res = NULL; const struct ldb_dn *dom_dn; uint32_t rid; int ret; @@ -191,13 +184,13 @@ static struct dom_sid *samldb_get_new_sid(struct ldb_module *module, /* find the domain sid */ ret = ldb_search(module->ldb, dom_dn, LDB_SCOPE_BASE, "objectSid=*", attrs, &res); - if (ret != 1) { + if (ret != LDB_SUCCESS || res->count != 1) { ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_get_new_sid: error retrieving domain sid!\n"); talloc_free(res); return NULL; } - dom_sid = samdb_result_dom_sid(res, res[0], "objectSid"); + dom_sid = samdb_result_dom_sid(res, res->msgs[0], "objectSid"); if (dom_sid == NULL) { ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_get_new_sid: error retrieving domain sid!\n"); talloc_free(res); @@ -290,17 +283,18 @@ static BOOL samldb_find_or_add_attribute(struct ldb_module *module, struct ldb_m static int samldb_copy_template(struct ldb_module *module, struct ldb_message *msg, const char *filter) { - struct ldb_message **res, *t; + struct ldb_result *res; + struct ldb_message *t; int ret, i, j; /* pull the template record */ ret = ldb_search(module->ldb, NULL, LDB_SCOPE_SUBTREE, filter, NULL, &res); - if (ret != 1) { - ldb_debug(module->ldb, LDB_DEBUG_WARNING, "samldb: ERROR: template '%s' matched %d records\n", filter, ret); + if (ret != LDB_SUCCESS || res->count != 1) { + ldb_debug(module->ldb, LDB_DEBUG_WARNING, "samldb: ERROR: template '%s' matched too many records\n", filter); return -1; } - t = res[0]; + t = res->msgs[0]; for (i = 0; i < t->num_elements; i++) { struct ldb_message_element *el = &t->elements[i]; @@ -515,8 +509,9 @@ static struct ldb_message *samldb_fill_foreignSecurityPrincipal_object(struct ld } /* add_record */ -static int samldb_add_record(struct ldb_module *module, const struct ldb_message *msg) +static int samldb_add(struct ldb_module *module, struct ldb_request *req) { + const struct ldb_message *msg = req->op.add.message; struct ldb_message *msg2 = NULL; int ret; @@ -524,7 +519,7 @@ static int samldb_add_record(struct ldb_module *module, const struct ldb_message if (ldb_dn_is_special(msg->dn)) { /* do not manipulate our control entries */ - return ldb_next_add_record(module, msg); + return ldb_next_request(module, req); } /* is user or computer? add all relevant missing objects */ @@ -541,47 +536,39 @@ static int samldb_add_record(struct ldb_module *module, const struct ldb_message } if (msg2) { - ret = ldb_next_add_record(module, msg2); + req->op.add.message = msg2; + ret = ldb_next_request(module, req); + req->op.add.message = msg; } else { - ret = ldb_next_add_record(module, msg); + ret = ldb_next_request(module, req); } return ret; } -/* modify_record: change modifyTimestamp as well */ -static int samldb_modify_record(struct ldb_module *module, const struct ldb_message *msg) +static int samldb_destructor(void *module_ctx) { - ldb_debug(module->ldb, LDB_DEBUG_TRACE, "samldb_modify_record\n"); - return ldb_next_modify_record(module, msg); + /* struct ldb_module *ctx = module_ctx; */ + /* put your clean-up functions here */ + return 0; } -static int samldb_delete_record(struct ldb_module *module, const struct ldb_dn *dn) +static int samldb_request(struct ldb_module *module, struct ldb_request *req) { - ldb_debug(module->ldb, LDB_DEBUG_TRACE, "samldb_delete_record\n"); - return ldb_next_delete_record(module, dn); -} + switch (req->operation) { -static int samldb_rename_record(struct ldb_module *module, const struct ldb_dn *olddn, const struct ldb_dn *newdn) -{ - ldb_debug(module->ldb, LDB_DEBUG_TRACE, "samldb_rename_record\n"); - return ldb_next_rename_record(module, olddn, newdn); -} + case LDB_REQ_ADD: + return samldb_add(module, req); -static int samldb_destructor(void *module_ctx) -{ - /* struct ldb_module *ctx = module_ctx; */ - /* put your clean-up functions here */ - return 0; + default: + return ldb_next_request(module, req); + + } } static const struct ldb_module_ops samldb_ops = { .name = "samldb", - .search_bytree = samldb_search_bytree, - .add_record = samldb_add_record, - .modify_record = samldb_modify_record, - .delete_record = samldb_delete_record, - .rename_record = samldb_rename_record + .request = samldb_request }; |