diff options
Diffstat (limited to 'source4/dsdb')
-rw-r--r-- | source4/dsdb/common/util.c | 2 | ||||
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/descriptor.c | 6 | ||||
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/rootdse.c | 137 | ||||
-rw-r--r-- | source4/dsdb/schema/schema_init.c | 36 |
4 files changed, 160 insertions, 21 deletions
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c index 1fe5979c69..126f9fa829 100644 --- a/source4/dsdb/common/util.c +++ b/source4/dsdb/common/util.c @@ -1454,7 +1454,7 @@ bool samdb_is_capable_dc(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, samdb_base_dn(ldb), "nTMixedDomain", NULL); if (errmsg != NULL) - *errmsg = talloc_asprintf(mem_ctx, ""); + *errmsg = talloc_strdup(mem_ctx, ""); if (level_forest == -1 || level_domain == -1 || level_domain_mixed == -1) { ret = false; diff --git a/source4/dsdb/samdb/ldb_modules/descriptor.c b/source4/dsdb/samdb/ldb_modules/descriptor.c index 7b5b700916..b0a5467bb7 100644 --- a/source4/dsdb/samdb/ldb_modules/descriptor.c +++ b/source4/dsdb/samdb/ldb_modules/descriptor.c @@ -43,7 +43,6 @@ #include "param/param.h" struct descriptor_data { - bool inherit; }; struct descriptor_context { @@ -405,9 +404,6 @@ static int descriptor_add(struct ldb_module *module, struct ldb_request *req) data = talloc_get_type(ldb_module_get_private(module), struct descriptor_data); ldb = ldb_module_get_ctx(module); - if (!data->inherit) - return ldb_next_request(module, req); - ldb_debug(ldb, LDB_DEBUG_TRACE, "descriptor_add\n"); if (ldb_dn_is_special(req->op.add.message->dn)) { @@ -473,8 +469,6 @@ static int descriptor_init(struct ldb_module *module) return LDB_ERR_OPERATIONS_ERROR; } - data->inherit = lp_parm_bool(ldb_get_opaque(ldb, "loadparm"), - NULL, "acl", "inheritance", false); ldb_module_set_private(module, data); return ldb_next_init(module); } diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index 59ea51dbce..a8e08ec3ad 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -51,15 +51,128 @@ static int do_attribute_explicit(const char * const *attrs, const char *name) /* + expand a DN attribute to include extended DN information if requested + */ +static int expand_dn_in_message(struct ldb_module *module, struct ldb_message *msg, + const char *attrname, struct ldb_control *edn_control, + struct ldb_request *req) +{ + struct ldb_dn *dn, *dn2; + struct ldb_val *v; + int ret; + struct ldb_request *req2; + char *dn_string; + const char *no_attrs[] = { NULL }; + struct ldb_result *res; + struct ldb_extended_dn_control *edn; + TALLOC_CTX *tmp_ctx = talloc_new(req); + struct ldb_context *ldb; + int edn_type = 0; + + ldb = ldb_module_get_ctx(module); + + edn = talloc_get_type(edn_control->data, struct ldb_extended_dn_control); + if (edn) { + edn_type = edn->type; + } + + v = discard_const_p(struct ldb_val, ldb_msg_find_ldb_val(msg, attrname)); + if (v == NULL) { + talloc_free(tmp_ctx); + return 0; + } + + dn_string = talloc_strndup(tmp_ctx, (const char *)v->data, v->length); + if (dn_string == NULL) { + talloc_free(tmp_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + + res = talloc_zero(tmp_ctx, struct ldb_result); + if (res == NULL) { + talloc_free(tmp_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + + dn = ldb_dn_new(tmp_ctx, ldb, dn_string); + if (!ldb_dn_validate(dn)) { + talloc_free(tmp_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + + ret = ldb_build_search_req(&req2, ldb, tmp_ctx, + dn, + LDB_SCOPE_BASE, + NULL, + no_attrs, + NULL, + res, ldb_search_default_callback, + req); + if (ret != LDB_SUCCESS) { + talloc_free(tmp_ctx); + return ret; + } + + + ret = ldb_request_add_control(req2, + LDB_CONTROL_EXTENDED_DN_OID, + edn_control->critical, edn); + if (ret != LDB_SUCCESS) { + talloc_free(tmp_ctx); + return ret; + } + + ret = ldb_next_request(module, req2); + if (ret == LDB_SUCCESS) { + ret = ldb_wait(req2->handle, LDB_WAIT_ALL); + } + if (ret != LDB_SUCCESS) { + talloc_free(tmp_ctx); + return ret; + } + + if (!res || res->count != 1) { + talloc_free(tmp_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + + dn2 = res->msgs[0]->dn; + + v->data = (uint8_t *)ldb_dn_get_extended_linearized(msg->elements, dn2, edn_type); + v->length = strlen((char *)v->data); + + if (v->data == NULL) { + talloc_free(tmp_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + + talloc_free(tmp_ctx); + + return 0; +} + + +/* add dynamically generated attributes to rootDSE result */ -static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *msg, const char * const *attrs) +static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *msg, + const char * const *attrs, struct ldb_request *req) { struct ldb_context *ldb; struct private_data *priv = talloc_get_type(ldb_module_get_private(module), struct private_data); char **server_sasl; const struct dsdb_schema *schema; int *val; + struct ldb_control *edn_control; + const char *dn_attrs[] = { + "configurationNamingContext", + "defaultNamingContext", + "dsServiceName", + "rootDomainNamingContext", + "schemaNamingContext", + "serverName", + NULL + }; ldb = ldb_module_get_ctx(module); schema = dsdb_get_schema(ldb); @@ -233,6 +346,26 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms } } + edn_control = ldb_request_get_control(req, LDB_CONTROL_EXTENDED_DN_OID); + + /* if the client sent us the EXTENDED_DN control then we need + to expand the DNs to have GUID and SID. W2K8 join relies on + this */ + if (edn_control) { + int i, ret; + for (i=0; dn_attrs[i]; i++) { + if (!do_attribute(attrs, dn_attrs[i])) continue; + ret = expand_dn_in_message(module, msg, dn_attrs[i], + edn_control, req); + if (ret != LDB_SUCCESS) { + DEBUG(0,(__location__ ": Failed to expand DN in rootDSE for %s\n", + dn_attrs[i])); + goto failed; + } + } + } + + /* TODO: lots more dynamic attributes should be added here */ return LDB_SUCCESS; @@ -301,7 +434,7 @@ static int rootdse_callback(struct ldb_request *req, struct ldb_reply *ares) /* for each record returned post-process to add any dynamic attributes that have been asked for */ ret = rootdse_add_dynamic(ac->module, ares->message, - ac->req->op.search.attrs); + ac->req->op.search.attrs, ac->req); if (ret != LDB_SUCCESS) { talloc_free(ares); return ldb_module_done(ac->req, NULL, NULL, ret); diff --git a/source4/dsdb/schema/schema_init.c b/source4/dsdb/schema/schema_init.c index 9f7d967158..fa1953a14f 100644 --- a/source4/dsdb/schema/schema_init.c +++ b/source4/dsdb/schema/schema_init.c @@ -1028,6 +1028,7 @@ int dsdb_schema_from_schema_dn(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, "fSMORoleOwner", NULL }; + unsigned flags; tmp_ctx = talloc_new(mem_ctx); if (!tmp_ctx) { @@ -1035,27 +1036,28 @@ int dsdb_schema_from_schema_dn(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, return LDB_ERR_OPERATIONS_ERROR; } + /* we don't want to trace the schema load */ + flags = ldb_get_flags(ldb); + ldb_set_flags(ldb, flags & ~LDB_FLG_ENABLE_TRACING); + /* * setup the prefix mappings and schema info */ ret = ldb_search(ldb, tmp_ctx, &schema_res, schema_dn, LDB_SCOPE_BASE, schema_attrs, NULL); if (ret == LDB_ERR_NO_SUCH_OBJECT) { - talloc_free(tmp_ctx); - return ret; + goto failed; } else if (ret != LDB_SUCCESS) { *error_string_out = talloc_asprintf(mem_ctx, "dsdb_schema: failed to search the schema head: %s", ldb_errstring(ldb)); - talloc_free(tmp_ctx); - return ret; + goto failed; } if (schema_res->count != 1) { *error_string_out = talloc_asprintf(mem_ctx, "dsdb_schema: [%u] schema heads found on a base search", schema_res->count); - talloc_free(tmp_ctx); - return LDB_ERR_CONSTRAINT_VIOLATION; + goto failed; } /* @@ -1068,8 +1070,7 @@ int dsdb_schema_from_schema_dn(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, *error_string_out = talloc_asprintf(mem_ctx, "dsdb_schema: failed to search attributeSchema objects: %s", ldb_errstring(ldb)); - talloc_free(tmp_ctx); - return ret; + goto failed; } /* @@ -1082,8 +1083,7 @@ int dsdb_schema_from_schema_dn(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, *error_string_out = talloc_asprintf(mem_ctx, "dsdb_schema: failed to search attributeSchema objects: %s", ldb_errstring(ldb)); - talloc_free(tmp_ctx); - return ret; + goto failed; } ret = dsdb_schema_from_ldb_results(tmp_ctx, ldb, @@ -1093,13 +1093,25 @@ int dsdb_schema_from_schema_dn(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, *error_string_out = talloc_asprintf(mem_ctx, "dsdb_schema load failed: %s", error_string); - talloc_free(tmp_ctx); - return ret; + goto failed; } talloc_steal(mem_ctx, *schema); talloc_free(tmp_ctx); + if (flags & LDB_FLG_ENABLE_TRACING) { + flags = ldb_get_flags(ldb); + ldb_set_flags(ldb, flags | LDB_FLG_ENABLE_TRACING); + } + return LDB_SUCCESS; + +failed: + if (flags & LDB_FLG_ENABLE_TRACING) { + flags = ldb_get_flags(ldb); + ldb_set_flags(ldb, flags | LDB_FLG_ENABLE_TRACING); + } + talloc_free(tmp_ctx); + return ret; } |