summaryrefslogtreecommitdiff
path: root/source4/dsdb
diff options
context:
space:
mode:
Diffstat (limited to 'source4/dsdb')
-rw-r--r--source4/dsdb/repl/drepl_notify.c18
-rw-r--r--source4/dsdb/repl/drepl_out_helpers.c208
-rw-r--r--source4/dsdb/samdb/ldb_modules/samldb.c180
-rw-r--r--source4/dsdb/samdb/ldb_modules/schema_load.c2
4 files changed, 241 insertions, 167 deletions
diff --git a/source4/dsdb/repl/drepl_notify.c b/source4/dsdb/repl/drepl_notify.c
index fe3b2d2497..2f0fa4892b 100644
--- a/source4/dsdb/repl/drepl_notify.c
+++ b/source4/dsdb/repl/drepl_notify.c
@@ -101,13 +101,14 @@ static void dreplsrv_op_notify_replica_sync_send(struct dreplsrv_op_notify_state
/*
called when we have an established connection
*/
-static void dreplsrv_op_notify_connect_recv(struct composite_context *creq)
+static void dreplsrv_op_notify_connect_done(struct tevent_req *subreq)
{
- struct dreplsrv_op_notify_state *st = talloc_get_type(creq->async.private_data,
- struct dreplsrv_op_notify_state);
+ struct dreplsrv_op_notify_state *st = tevent_req_callback_data(subreq,
+ struct dreplsrv_op_notify_state);
struct composite_context *c = st->creq;
- c->status = dreplsrv_out_drsuapi_recv(creq);
+ c->status = dreplsrv_out_drsuapi_recv(subreq);
+ TALLOC_FREE(subreq);
if (!composite_is_ok(c)) return;
dreplsrv_op_notify_replica_sync_send(st);
@@ -119,8 +120,8 @@ static void dreplsrv_op_notify_connect_recv(struct composite_context *creq)
static struct composite_context *dreplsrv_op_notify_send(struct dreplsrv_notify_operation *op)
{
struct composite_context *c;
- struct composite_context *creq;
struct dreplsrv_op_notify_state *st;
+ struct tevent_req *subreq;
c = composite_create(op, op->service->task->event_ctx);
if (c == NULL) return NULL;
@@ -131,8 +132,11 @@ static struct composite_context *dreplsrv_op_notify_send(struct dreplsrv_notify_
st->creq = c;
st->op = op;
- creq = dreplsrv_out_drsuapi_send(op->source_dsa->conn);
- composite_continue(c, creq, dreplsrv_op_notify_connect_recv, st);
+ subreq = dreplsrv_out_drsuapi_send(st,
+ op->service->task->event_ctx,
+ op->source_dsa->conn);
+ if (composite_nomem(subreq, c)) return c;
+ tevent_req_set_callback(subreq, dreplsrv_op_notify_connect_done, st);
return c;
}
diff --git a/source4/dsdb/repl/drepl_out_helpers.c b/source4/dsdb/repl/drepl_out_helpers.c
index 03f8842494..722db4f8ee 100644
--- a/source4/dsdb/repl/drepl_out_helpers.c
+++ b/source4/dsdb/repl/drepl_out_helpers.c
@@ -34,10 +34,9 @@
#include "libcli/composite/composite.h"
#include "auth/gensec/gensec.h"
#include "param/param.h"
+#include "../lib/util/tevent_ntstatus.h"
struct dreplsrv_out_drsuapi_state {
- struct composite_context *creq;
-
struct dreplsrv_out_connection *conn;
struct dreplsrv_drsuapi_connection *drsuapi;
@@ -46,139 +45,160 @@ struct dreplsrv_out_drsuapi_state {
struct drsuapi_DsBind bind_r;
};
-static void dreplsrv_out_drsuapi_connect_recv(struct composite_context *creq);
+static void dreplsrv_out_drsuapi_connect_done(struct composite_context *creq);
-struct composite_context *dreplsrv_out_drsuapi_send(struct dreplsrv_out_connection *conn)
+struct tevent_req *dreplsrv_out_drsuapi_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct dreplsrv_out_connection *conn)
{
- struct composite_context *c;
+ struct tevent_req *req;
+ struct dreplsrv_out_drsuapi_state *state;
struct composite_context *creq;
- struct dreplsrv_out_drsuapi_state *st;
- c = composite_create(conn, conn->service->task->event_ctx);
- if (c == NULL) return NULL;
+ req = tevent_req_create(mem_ctx, &state,
+ struct dreplsrv_out_drsuapi_state);
+ if (req == NULL) {
+ return NULL;
+ }
- st = talloc_zero(c, struct dreplsrv_out_drsuapi_state);
- if (composite_nomem(st, c)) return c;
+ state->conn = conn;
+ state->drsuapi = conn->drsuapi;
- c->private_data = st;
+ if (state->drsuapi && !state->drsuapi->pipe->conn->dead) {
+ tevent_req_done(req);
+ return tevent_req_post(req, ev);
+ }
- st->creq = c;
- st->conn = conn;
- st->drsuapi = conn->drsuapi;
-
- if (st->drsuapi && !st->drsuapi->pipe->conn->dead) {
- composite_done(c);
- return c;
- } else if (st->drsuapi && st->drsuapi->pipe->conn->dead) {
- talloc_free(st->drsuapi);
+ if (state->drsuapi && state->drsuapi->pipe->conn->dead) {
+ talloc_free(state->drsuapi);
conn->drsuapi = NULL;
}
- st->drsuapi = talloc_zero(st, struct dreplsrv_drsuapi_connection);
- if (composite_nomem(st->drsuapi, c)) return c;
+ state->drsuapi = talloc_zero(state, struct dreplsrv_drsuapi_connection);
+ if (tevent_req_nomem(state->drsuapi, req)) {
+ return tevent_req_post(req, ev);
+ }
- creq = dcerpc_pipe_connect_b_send(st, conn->binding, &ndr_table_drsuapi,
+ creq = dcerpc_pipe_connect_b_send(state, conn->binding, &ndr_table_drsuapi,
conn->service->system_session_info->credentials,
- c->event_ctx, conn->service->task->lp_ctx);
- composite_continue(c, creq, dreplsrv_out_drsuapi_connect_recv, st);
+ ev, conn->service->task->lp_ctx);
+ if (tevent_req_nomem(creq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ composite_continue(NULL, creq, dreplsrv_out_drsuapi_connect_done, req);
- return c;
+ return req;
}
-static void dreplsrv_out_drsuapi_bind_send(struct dreplsrv_out_drsuapi_state *st);
+static void dreplsrv_out_drsuapi_bind_done(struct rpc_request *rreq);
-static void dreplsrv_out_drsuapi_connect_recv(struct composite_context *creq)
+static void dreplsrv_out_drsuapi_connect_done(struct composite_context *creq)
{
- struct dreplsrv_out_drsuapi_state *st = talloc_get_type(creq->async.private_data,
- struct dreplsrv_out_drsuapi_state);
- struct composite_context *c = st->creq;
-
- c->status = dcerpc_pipe_connect_b_recv(creq, st->drsuapi, &st->drsuapi->pipe);
- if (!composite_is_ok(c)) return;
-
- c->status = gensec_session_key(st->drsuapi->pipe->conn->security_state.generic_state,
- &st->drsuapi->gensec_skey);
- if (!composite_is_ok(c)) return;
-
- dreplsrv_out_drsuapi_bind_send(st);
-}
+ struct tevent_req *req = talloc_get_type(creq->async.private_data,
+ struct tevent_req);
+ struct dreplsrv_out_drsuapi_state *state = tevent_req_data(req,
+ struct dreplsrv_out_drsuapi_state);
+ NTSTATUS status;
+ struct rpc_request *rreq;
-static void dreplsrv_out_drsuapi_bind_recv(struct rpc_request *req);
+ status = dcerpc_pipe_connect_b_recv(creq,
+ state->drsuapi,
+ &state->drsuapi->pipe);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
-static void dreplsrv_out_drsuapi_bind_send(struct dreplsrv_out_drsuapi_state *st)
-{
- struct composite_context *c = st->creq;
- struct rpc_request *req;
+ status = gensec_session_key(state->drsuapi->pipe->conn->security_state.generic_state,
+ &state->drsuapi->gensec_skey);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
- st->bind_info_ctr.length = 28;
- st->bind_info_ctr.info.info28 = st->conn->service->bind_info28;
+ state->bind_info_ctr.length = 28;
+ state->bind_info_ctr.info.info28 = state->conn->service->bind_info28;
- st->bind_r.in.bind_guid = &st->conn->service->ntds_guid;
- st->bind_r.in.bind_info = &st->bind_info_ctr;
- st->bind_r.out.bind_handle = &st->drsuapi->bind_handle;
+ state->bind_r.in.bind_guid = &state->conn->service->ntds_guid;
+ state->bind_r.in.bind_info = &state->bind_info_ctr;
+ state->bind_r.out.bind_handle = &state->drsuapi->bind_handle;
- req = dcerpc_drsuapi_DsBind_send(st->drsuapi->pipe, st, &st->bind_r);
- composite_continue_rpc(c, req, dreplsrv_out_drsuapi_bind_recv, st);
+ rreq = dcerpc_drsuapi_DsBind_send(state->drsuapi->pipe,
+ state,
+ &state->bind_r);
+ if (tevent_req_nomem(rreq, req)) {
+ return;
+ }
+ composite_continue_rpc(NULL, rreq, dreplsrv_out_drsuapi_bind_done, req);
}
-static void dreplsrv_out_drsuapi_bind_recv(struct rpc_request *req)
+static void dreplsrv_out_drsuapi_bind_done(struct rpc_request *rreq)
{
- struct dreplsrv_out_drsuapi_state *st = talloc_get_type(req->async.private_data,
- struct dreplsrv_out_drsuapi_state);
- struct composite_context *c = st->creq;
+ struct tevent_req *req = talloc_get_type(rreq->async.private_data,
+ struct tevent_req);
+ struct dreplsrv_out_drsuapi_state *state = tevent_req_data(req,
+ struct dreplsrv_out_drsuapi_state);
+ NTSTATUS status;
- c->status = dcerpc_ndr_request_recv(req);
- if (!composite_is_ok(c)) return;
+ status = dcerpc_ndr_request_recv(rreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
- if (!W_ERROR_IS_OK(st->bind_r.out.result)) {
- composite_error(c, werror_to_ntstatus(st->bind_r.out.result));
+ if (!W_ERROR_IS_OK(state->bind_r.out.result)) {
+ status = werror_to_ntstatus(state->bind_r.out.result);
+ tevent_req_nterror(req, status);
return;
}
- ZERO_STRUCT(st->drsuapi->remote_info28);
- if (st->bind_r.out.bind_info) {
- switch (st->bind_r.out.bind_info->length) {
+ ZERO_STRUCT(state->drsuapi->remote_info28);
+ if (state->bind_r.out.bind_info) {
+ struct drsuapi_DsBindInfo28 *info28;
+ info28 = &state->drsuapi->remote_info28;
+
+ switch (state->bind_r.out.bind_info->length) {
case 24: {
struct drsuapi_DsBindInfo24 *info24;
- info24 = &st->bind_r.out.bind_info->info.info24;
- st->drsuapi->remote_info28.supported_extensions = info24->supported_extensions;
- st->drsuapi->remote_info28.site_guid = info24->site_guid;
- st->drsuapi->remote_info28.pid = info24->pid;
- st->drsuapi->remote_info28.repl_epoch = 0;
+ info24 = &state->bind_r.out.bind_info->info.info24;
+
+ info28->supported_extensions = info24->supported_extensions;
+ info28->site_guid = info24->site_guid;
+ info28->pid = info24->pid;
+ info28->repl_epoch = 0;
break;
}
case 48: {
struct drsuapi_DsBindInfo48 *info48;
- info48 = &st->bind_r.out.bind_info->info.info48;
- st->drsuapi->remote_info28.supported_extensions = info48->supported_extensions;
- st->drsuapi->remote_info28.site_guid = info48->site_guid;
- st->drsuapi->remote_info28.pid = info48->pid;
- st->drsuapi->remote_info28.repl_epoch = info48->repl_epoch;
+ info48 = &state->bind_r.out.bind_info->info.info48;
+
+ info28->supported_extensions = info48->supported_extensions;
+ info28->site_guid = info48->site_guid;
+ info28->pid = info48->pid;
+ info28->repl_epoch = info48->repl_epoch;
break;
}
case 28:
- st->drsuapi->remote_info28 = st->bind_r.out.bind_info->info.info28;
+ *info28 = state->bind_r.out.bind_info->info.info28;
break;
}
}
- composite_done(c);
+ tevent_req_done(req);
}
-NTSTATUS dreplsrv_out_drsuapi_recv(struct composite_context *c)
+NTSTATUS dreplsrv_out_drsuapi_recv(struct tevent_req *req)
{
+ struct dreplsrv_out_drsuapi_state *state = tevent_req_data(req,
+ struct dreplsrv_out_drsuapi_state);
NTSTATUS status;
- struct dreplsrv_out_drsuapi_state *st = talloc_get_type(c->private_data,
- struct dreplsrv_out_drsuapi_state);
- status = composite_wait(c);
-
- if (NT_STATUS_IS_OK(status)) {
- st->conn->drsuapi = talloc_steal(st->conn, st->drsuapi);
+ if (tevent_req_is_nterror(req, &status)) {
+ tevent_req_received(req);
+ return status;
}
- talloc_free(c);
- return status;
+ state->conn->drsuapi = talloc_move(state->conn, &state->drsuapi);
+
+ tevent_req_received(req);
+ return NT_STATUS_OK;
}
struct dreplsrv_op_pull_source_state {
@@ -195,13 +215,13 @@ struct dreplsrv_op_pull_source_state {
struct drsuapi_DsGetNCChangesCtr6 *ctr6;
};
-static void dreplsrv_op_pull_source_connect_recv(struct composite_context *creq);
+static void dreplsrv_op_pull_source_connect_done(struct tevent_req *subreq);
struct composite_context *dreplsrv_op_pull_source_send(struct dreplsrv_out_operation *op)
{
struct composite_context *c;
- struct composite_context *creq;
struct dreplsrv_op_pull_source_state *st;
+ struct tevent_req *subreq;
c = composite_create(op, op->service->task->event_ctx);
if (c == NULL) return NULL;
@@ -212,21 +232,25 @@ struct composite_context *dreplsrv_op_pull_source_send(struct dreplsrv_out_opera
st->creq = c;
st->op = op;
- creq = dreplsrv_out_drsuapi_send(op->source_dsa->conn);
- composite_continue(c, creq, dreplsrv_op_pull_source_connect_recv, st);
+ subreq = dreplsrv_out_drsuapi_send(st,
+ op->service->task->event_ctx,
+ op->source_dsa->conn);
+ if (composite_nomem(subreq, c)) return c;
+ tevent_req_set_callback(subreq, dreplsrv_op_pull_source_connect_done, st);
return c;
}
static void dreplsrv_op_pull_source_get_changes_send(struct dreplsrv_op_pull_source_state *st);
-static void dreplsrv_op_pull_source_connect_recv(struct composite_context *creq)
+static void dreplsrv_op_pull_source_connect_done(struct tevent_req *subreq)
{
- struct dreplsrv_op_pull_source_state *st = talloc_get_type(creq->async.private_data,
+ struct dreplsrv_op_pull_source_state *st = tevent_req_callback_data(subreq,
struct dreplsrv_op_pull_source_state);
struct composite_context *c = st->creq;
- c->status = dreplsrv_out_drsuapi_recv(creq);
+ c->status = dreplsrv_out_drsuapi_recv(subreq);
+ TALLOC_FREE(subreq);
if (!composite_is_ok(c)) return;
dreplsrv_op_pull_source_get_changes_send(st);
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c
index fc286c4d83..17a99c74c7 100644
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -9,12 +9,12 @@
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
@@ -333,37 +333,37 @@ static int samldb_check_samAccountName_callback(struct ldb_request *req,
{
struct samldb_ctx *ac;
int ret;
-
+
ac = talloc_get_type(req->context, struct samldb_ctx);
-
+
if (ares->error != LDB_SUCCESS) {
return ldb_module_done(ac->req, ares->controls,
ares->response, ares->error);
}
-
+
switch (ares->type) {
- case LDB_REPLY_ENTRY:
+ case LDB_REPLY_ENTRY:
/* if we get an entry it means this samAccountName
* already exists */
return ldb_module_done(ac->req, NULL, NULL,
LDB_ERR_ENTRY_ALREADY_EXISTS);
-
+
case LDB_REPLY_REFERRAL:
/* this should not happen */
return ldb_module_done(ac->req, NULL, NULL,
LDB_ERR_OPERATIONS_ERROR);
-
+
case LDB_REPLY_DONE:
/* not found, go on */
talloc_free(ares);
ret = samldb_next_step(ac);
break;
}
-
+
if (ret != LDB_SUCCESS) {
return ldb_module_done(ac->req, NULL, NULL, ret);
}
-
+
return LDB_SUCCESS;
}
@@ -374,16 +374,16 @@ static int samldb_check_samAccountName(struct samldb_ctx *ac)
const char *name;
char *filter;
int ret;
-
+
ldb = ldb_module_get_ctx(ac->module);
-
+
if (ldb_msg_find_element(ac->msg, "samAccountName") == NULL) {
ret = samldb_generate_samAccountName(ac->msg);
if (ret != LDB_SUCCESS) {
return ret;
}
}
-
+
name = ldb_msg_find_attr_as_string(ac->msg, "samAccountName", NULL);
if (name == NULL) {
return LDB_ERR_OPERATIONS_ERROR;
@@ -393,7 +393,7 @@ static int samldb_check_samAccountName(struct samldb_ctx *ac)
if (filter == NULL) {
return LDB_ERR_OPERATIONS_ERROR;
}
-
+
ret = ldb_build_search_req(&req, ldb, ac,
ac->domain_dn, LDB_SCOPE_SUBTREE,
filter, NULL,
@@ -569,7 +569,7 @@ static int samldb_get_sid_domain(struct samldb_ctx *ac)
/* get the domain component part of the provided SID */
ac->domain_sid->num_auths--;
- filter = talloc_asprintf(ac,
+ filter = talloc_asprintf(ac,
"(&(objectSid=%s)"
"(|(objectClass=domain)"
"(objectClass=builtinDomain)))",
@@ -713,7 +713,7 @@ static int samldb_check_primaryGroupID_2(struct samldb_ctx *ac)
struct ldb_context *ldb;
ldb = ldb_module_get_ctx(ac->module);
ldb_asprintf_errstring(ldb,
- "Failed to find group sid %s!",
+ "Failed to find group sid %s!",
dom_sid_string(ac->sid, ac->sid));
return LDB_ERR_UNWILLING_TO_PERFORM;
}
@@ -918,36 +918,33 @@ done:
static int samldb_set_defaultObjectCategory(struct samldb_ctx *ac)
{
+ struct ldb_context *ldb;
+ struct ldb_message *msg;
+ struct ldb_request *req;
int ret;
- if (ac->dn) {
- struct ldb_request *req;
- struct ldb_context *ldb;
- struct ldb_message *msg = ldb_msg_new(ac);
-
- msg->dn = ac->dn;
-
- ldb_msg_add_empty(msg, "defaultObjectCategory", LDB_FLAG_MOD_REPLACE, NULL);
-
- ldb_msg_add_steal_string(msg, "defaultObjectCategory", ldb_dn_alloc_linearized(msg, ac->dn));
-
- ldb = ldb_module_get_ctx(ac->module);
- ret = ldb_build_mod_req(&req, ldb, ac,
- msg, NULL,
- ac, samldb_set_defaultObjectCategory_callback,
- ac->req);
- if (ret != LDB_SUCCESS) {
- return ret;
- }
+ ldb = ldb_module_get_ctx(ac->module);
- return ldb_next_request(ac->module, req);
- }
+ /* (Re)set the default object category to have it set to the DN in the
+ * storage format */
+ msg = ldb_msg_new(ac);
+ msg->dn = ac->msg->dn;
+ ldb_msg_add_empty(msg, "defaultObjectCategory",
+ LDB_FLAG_MOD_REPLACE, NULL);
+ ldb_msg_add_steal_string(msg, "defaultObjectCategory",
+ ldb_dn_alloc_linearized(msg, ac->dn));
- ret = samldb_next_step(ac);
+ ret = ldb_build_mod_req(&req, ldb, ac,
+ msg, NULL,
+ ac,
+ samldb_set_defaultObjectCategory_callback,
+ ac->req);
if (ret != LDB_SUCCESS) {
- return ldb_module_done(ac->req, NULL, NULL, ret);
+ talloc_free(msg);
+ return ret;
}
- return ret;
+
+ return ldb_next_request(ac->module, req);
}
/*
@@ -955,14 +952,35 @@ static int samldb_set_defaultObjectCategory(struct samldb_ctx *ac)
*/
static int samldb_find_for_defaultObjectCategory_callback(struct ldb_request *req,
- struct ldb_reply *ares)
+ struct ldb_reply *ares)
{
+ struct ldb_context *ldb;
struct samldb_ctx *ac;
int ret;
ac = talloc_get_type(req->context, struct samldb_ctx);
+ ldb = ldb_module_get_ctx(ac->module);
+ if (!ares) {
+ ret = LDB_ERR_OPERATIONS_ERROR;
+ goto done;
+ }
if (ares->error != LDB_SUCCESS) {
+ if (ares->error == LDB_ERR_NO_SUCH_OBJECT) {
+ if (ldb_request_get_control(ac->req,
+ LDB_CONTROL_RELAX_OID) != NULL) {
+ /* Don't be pricky when the DN doesn't exist */
+ /* if we have the RELAX control specified */
+ ac->dn = req->op.search.base;
+ return samldb_next_step(ac);
+ } else {
+ ldb_set_errstring(ldb,
+ "samldb_find_defaultObjectCategory: "
+ "Invalid DN for 'defaultObjectCategory'!");
+ ares->error = LDB_ERR_CONSTRAINT_VIOLATION;
+ }
+ }
+
return ldb_module_done(ac->req, ares->controls,
ares->response, ares->error);
}
@@ -970,22 +988,33 @@ static int samldb_find_for_defaultObjectCategory_callback(struct ldb_request *re
switch (ares->type) {
case LDB_REPLY_ENTRY:
ac->dn = talloc_steal(ac, ares->message->dn);
+
+ ret = LDB_SUCCESS;
break;
+
case LDB_REPLY_REFERRAL:
/* this should not happen */
- return ldb_module_done(ac->req, NULL, NULL,
- LDB_ERR_OPERATIONS_ERROR);
+ talloc_free(ares);
+ ret = LDB_ERR_OPERATIONS_ERROR;
+ break;
case LDB_REPLY_DONE:
- /* found or not found, go on */
talloc_free(ares);
- ret = samldb_next_step(ac);
- if (ret != LDB_SUCCESS) {
- return ldb_module_done(ac->req, NULL, NULL, ret);
+
+ if (ac->dn != NULL) {
+ /* when found go on */
+ ret = samldb_next_step(ac);
+ } else {
+ ret = LDB_ERR_OPERATIONS_ERROR;
}
break;
}
+done:
+ if (ret != LDB_SUCCESS) {
+ return ldb_module_done(ac->req, NULL, NULL, ret);
+ }
+
return LDB_SUCCESS;
}
@@ -993,38 +1022,55 @@ static int samldb_find_for_defaultObjectCategory(struct samldb_ctx *ac)
{
struct ldb_context *ldb;
struct ldb_request *req;
- int ret;
static const char *no_attrs[] = { NULL };
+ int ret;
+ const struct ldb_val *val;
+ struct ldb_dn *def_obj_cat_dn;
ldb = ldb_module_get_ctx(ac->module);
ac->dn = NULL;
- if (ldb_msg_find_element(ac->msg, "defaultObjectCategory") == NULL) {
- ret = ldb_build_search_req(&req, ldb, ac,
- ac->msg->dn, LDB_SCOPE_BASE,
- "objectClass=classSchema", no_attrs,
- NULL,
- ac, samldb_find_for_defaultObjectCategory_callback,
- ac->req);
- if (ret != LDB_SUCCESS) {
- return ret;
- }
- ret = dsdb_request_add_controls(ac->module, req, DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT);
- if (ret != LDB_SUCCESS) {
- return ret;
+ val = ldb_msg_find_ldb_val(ac->msg, "defaultObjectCategory");
+ if (val != NULL) {
+ /* "defaultObjectCategory" has been set by the caller. Do some
+ * checks for consistency.
+ * NOTE: The real constraint check (that 'defaultObjectCategory'
+ * is the DN of the new objectclass or any parent of it) is
+ * still incomplete.
+ * For now we say that 'defaultObjectCategory' is valid if it
+ * exists and it is of objectclass "classSchema". */
+ def_obj_cat_dn = ldb_dn_from_ldb_val(ac, ldb, val);
+ if (def_obj_cat_dn == NULL) {
+ ldb_set_errstring(ldb,
+ "samldb_find_defaultObjectCategory: Invalid DN "
+ "for 'defaultObjectCategory'!");
+ return LDB_ERR_CONSTRAINT_VIOLATION;
}
- return ldb_next_request(ac->module, req);
+ } else {
+ /* "defaultObjectCategory" has not been set by the caller. Use
+ * the entry DN for it. */
+ def_obj_cat_dn = ac->msg->dn;
}
- ret = samldb_next_step(ac);
+ ret = ldb_build_search_req(&req, ldb, ac,
+ def_obj_cat_dn, LDB_SCOPE_BASE,
+ "objectClass=classSchema", no_attrs,
+ NULL,
+ ac, samldb_find_for_defaultObjectCategory_callback,
+ ac->req);
if (ret != LDB_SUCCESS) {
- return ldb_module_done(ac->req, NULL, NULL, ret);
+ return ret;
}
- return ret;
-}
+ ret = dsdb_request_add_controls(ac->module, req,
+ DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+ return ldb_next_request(ac->module, req);
+}
/*
@@ -1377,7 +1423,7 @@ static int samldb_foreign_notice_sid(struct samldb_ctx *ac)
}
- filter = talloc_asprintf(ac,
+ filter = talloc_asprintf(ac,
"(&(objectSid=%s)"
"(|(objectClass=domain)"
"(objectClass=builtinDomain)))",
diff --git a/source4/dsdb/samdb/ldb_modules/schema_load.c b/source4/dsdb/samdb/ldb_modules/schema_load.c
index c7cd76a395..c72911fe89 100644
--- a/source4/dsdb/samdb/ldb_modules/schema_load.c
+++ b/source4/dsdb/samdb/ldb_modules/schema_load.c
@@ -102,7 +102,7 @@ static int dsdb_schema_from_schema_dn(TALLOC_CTX *mem_ctx, struct ldb_module *mo
"(objectClass=classSchema)");
if (ret != LDB_SUCCESS) {
ldb_asprintf_errstring(ldb,
- "dsdb_schema: failed to search attributeSchema objects: %s",
+ "dsdb_schema: failed to search classSchema objects: %s",
ldb_errstring(ldb));
goto failed;
}