From d2dc86994e7075490f95faa1cc85008feb38f04a Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sun, 27 Feb 2005 11:31:38 +0000 Subject: r5584: add new experimental ldb module (This used to be commit e77a070c841c7a1b73dfcea2d43651618557d0f4) --- source4/dsdb/samdb/ldb_modules/samldb.c | 512 ++++++++++++++++++++++++++++++++ 1 file changed, 512 insertions(+) create mode 100644 source4/dsdb/samdb/ldb_modules/samldb.c (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c new file mode 100644 index 0000000000..6b8546e2b8 --- /dev/null +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -0,0 +1,512 @@ +/* + ldb database library + + Copyright (C) Simo Sorce 2004 + + ** NOTE! The following LGPL license applies to the ldb + ** library. This does NOT imply that all of Samba is released + ** under the LGPL + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +*/ + +/* + * Name: ldb + * + * Component: ldb samldb module + * + * Description: add object timestamping functionality + * + * Author: Simo Sorce + */ + +#include "includes.h" +#include "lib/ldb/include/ldb.h" +#include "lib/ldb/include/ldb_private.h" +#include + +#define SAM_ACCOUNT_NAME_BASE "$000000-000000000000" + +struct private_data { + const char *error_string; +}; + +static int samldb_search(struct ldb_module *module, const char *base, + enum ldb_scope scope, const char *expression, + const char * const *attrs, struct ldb_message ***res) +{ + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "samldb_search\n"); + return ldb_next_search(module, base, scope, expression, attrs, res); +} + +static int samldb_search_free(struct ldb_module *module, struct ldb_message **res) +{ +ldb_debug(module->ldb, LDB_DEBUG_TRACE, "samldb_search_free\n"); + return ldb_next_search_free(module, res); +} + +static char *samldb_generate_samAccountName(const void *mem_ctx) { + char *name; + + name = talloc_strdup(mem_ctx, SAM_ACCOUNT_NAME_BASE); + /* TODO: randomize name */ + + return name; +} + +static BOOL samldb_get_rdn_and_basedn(const void *mem_ctx, const char *dn, char **rdn, char **basedn) +{ + char *p; + + p = strchr(dn, ','); + if ( ! p ) { + return False; + } + /* clear separator */ + *p = '\0'; + + *rdn = talloc_strdup(mem_ctx, dn); + + /* put back separator */ + *p = ','; + + if ( ! *rdn) { + return False; + } + + *basedn = talloc_strdup(mem_ctx, p + 1); + + if ( ! *basedn) { + talloc_free(*rdn); + *rdn = NULL; + return False; + } + + return True; +} + +/* if value is not null also check for attribute to have exactly that value */ +static struct ldb_message_element *samldb_find_attribute(const struct ldb_message *msg, const char *name, const char *value) +{ + int i, j; + + for (i = 0; i < msg->num_elements; i++) { + if (ldb_attr_cmp(name, msg->elements[i].name) == 0) { + if (!value) { + return &msg->elements[i]; + } + for (j = 0; j < msg->elements[i].num_values; j++) { + if (strcasecmp(value, msg->elements[i].values[j].data) == 0) { + return &msg->elements[i]; + } + } + } + } + + return NULL; +} + +static BOOL samldb_add_attribute(struct ldb_message *msg, const char *name, const char *value) +{ + struct ldb_message_element *attr; + int i; + + attr = samldb_find_attribute(msg, name, NULL); + if ( ! attr) { + msg->num_elements++; + msg->elements = talloc_realloc(msg, msg->elements, struct ldb_message_element, msg->num_elements); + if ( ! msg->elements ) { + return False; + } + attr = &msg->elements[msg->num_elements - 1]; + + attr->name = talloc_strdup(msg, name); + if ( ! attr->name ) { + return False; + } + attr->flags = 0; + attr->num_values = 0; + attr->values = NULL; + } + + i = attr->num_values; + attr->num_values++; + attr->values = talloc_realloc(msg, attr->values, struct ldb_val, attr->num_values); + if ( ! attr->values ){ + return False; + } + + attr->values[i].data = talloc_strdup(msg, value); + attr->values[i].length = strlen(value); + + if ( ! attr->values[i].data) { + return False; + } + + return True; +} + +static BOOL samldb_find_or_add_attribute(struct ldb_message *msg, const char *name, const char *value, const char *set_value) +{ + if (samldb_find_attribute(msg, name, value) == NULL) { + if ( ! samldb_add_attribute(msg, name, set_value)) { + return False; + } + } + return True; +} + +static struct ldb_message *samldb_manage_group_object(struct ldb_module *module, const struct ldb_message *msg) +{ + struct ldb_message *msg2; + struct ldb_message_element *attribute; + char *rdn, *basedn; + int i; + + if (samldb_find_attribute(msg, "objectclass", "group") == NULL) { + return NULL; + } + + msg2 = talloc(module, struct ldb_message); + if (!msg2) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_manage_group_object: talloc failed!\n"); + return NULL; + } + + /* build the new msg */ + msg2->dn = msg->dn; + msg2->num_elements = msg->num_elements; + msg2->private_data = msg->private_data; + msg2->elements = talloc_array(msg2, struct ldb_message_element, msg2->num_elements); + if (! msg2->elements) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_manage_group_object: talloc_array failed!\n"); + talloc_free(msg2); + return NULL; + } + for (i = 0; i < msg2->num_elements; i++) { + msg2->elements[i] = msg->elements[i]; + } + + if ( ! samldb_get_rdn_and_basedn(msg2, msg2->dn, &rdn, &basedn)) { + talloc_free(msg2); + return NULL; + } + if (strncasecmp(rdn, "cn", 2) != 0) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_manage_group_object: Bad RDN (%s) for group!\n", rdn); + talloc_free(msg2); + return NULL; + } + + if (! samldb_find_or_add_attribute(msg2, "objectclass", "top", "top")) { + talloc_free(msg2); + return NULL; + } + + if ((attribute = samldb_find_attribute(msg2, "cn", NULL)) != NULL) { + if (strcasecmp(rdn, attribute->values[0].data) != 0) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_manage_group_object: Bad Attribute Syntax for CN\n"); + talloc_free(msg2); + return NULL; + } + } else { /* FIXME: remove this if ldb supports natively aliasing between the rdn and the "cn" attribute */ + if ( ! samldb_add_attribute(msg2, "cn", &rdn[3])) { + talloc_free(msg2); + return NULL; + } + } + + if ((attribute = samldb_find_attribute(msg2, "name", NULL)) != NULL) { + if (strcasecmp(rdn, attribute->values[0].data) != 0) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_manage_group_object: Bad Attribute Syntax for name\n"); + talloc_free(msg2); + return NULL; + } + } else { /* FIXME: remove this if ldb supports natively aliasing between the rdn and the "name" attribute */ + if ( ! samldb_add_attribute(msg2, "name", &rdn[3])) { + talloc_free(msg2); + return NULL; + } + } + + if ( ! samldb_find_or_add_attribute(msg2, "instanceType", NULL, "4")) { + return NULL; + } + + if ( ! samldb_find_or_add_attribute(msg2, "sAMAccountName", NULL, samldb_generate_samAccountName(msg2))) { + return NULL; + } + + if ( ! samldb_find_or_add_attribute(msg2, "sAMAccountType", NULL, "268435456")) { + return NULL; + } + + if ( ! samldb_find_or_add_attribute(msg2, "groupType", NULL, "-2147483646")) { + return NULL; + } + + if ( ! samldb_find_or_add_attribute(msg2, "objectCategory", NULL, "foo")) { /* keep the schema module happy :) */ + return NULL; + } + + if ( ! samldb_find_or_add_attribute(msg2, "objectSid", NULL, "foo")) { /* keep the schema module happy :) */ + return NULL; + } + + /* TODO: objectGUID, objectSid, objectCategory */ + /* need a way to lock a new Sid */ + + return msg2; +} + +static struct ldb_message *samldb_manage_user_object(struct ldb_module *module, const struct ldb_message *msg) +{ + struct ldb_message *msg2; + struct ldb_message_element *attribute; + char *rdn, *basedn; + int i; + + if (samldb_find_attribute(msg, "objectclass", "user") == NULL) { + return NULL; + } + + msg2 = talloc(module, struct ldb_message); + if (!msg2) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_manage_user_object: talloc failed!\n"); + return NULL; + } + + /* build the new msg */ + msg2->dn = msg->dn; + msg2->num_elements = msg->num_elements; + msg2->private_data = msg->private_data; + msg2->elements = talloc_array(msg2, struct ldb_message_element, msg2->num_elements); + if (! msg2->elements) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_manage_user_object: talloc_array failed!\n"); + talloc_free(msg2); + return NULL; + } + for (i = 0; i < msg2->num_elements; i++) { + msg2->elements[i] = msg->elements[i]; + } + + if ( ! samldb_get_rdn_and_basedn(msg2, msg2->dn, &rdn, &basedn)) { + talloc_free(msg2); + return NULL; + } + if (strncasecmp(rdn, "cn", 2) != 0) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_manage_group_object: Bad RDN (%s) for group!\n", rdn); + talloc_free(msg2); + return NULL; + } + + + if ( ! samldb_find_or_add_attribute(msg2, "objectclass", "top", "top")) { + talloc_free(msg2); + return NULL; + } + + if ( ! samldb_find_or_add_attribute(msg2, "objectclass", "person", "person")) { + talloc_free(msg2); + return NULL; + } + + if ( ! samldb_find_or_add_attribute(msg2, "objectclass", "organizationalPerson", "organizationalPerson")) { + talloc_free(msg2); + return NULL; + } + + if ((attribute = samldb_find_attribute(msg2, "cn", NULL)) != NULL) { + if (strcasecmp(rdn, attribute->values[0].data) != 0) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_manage_user_object: Bad Attribute Syntax for CN\n"); + talloc_free(msg2); + return NULL; + } + } else { /* FIXME: remove this if ldb supports natively aliasing between the rdn and the "cn" attribute */ + if ( ! samldb_add_attribute(msg2, "cn", &rdn[3])) { + talloc_free(msg2); + return NULL; + } + } + + if ((attribute = samldb_find_attribute(msg2, "name", NULL)) != NULL) { + if (strcasecmp(rdn, attribute->values[0].data) != 0) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_manage_user_object: Bad Attribute Syntax for name\n"); + talloc_free(msg2); + return NULL; + } + } else { /* FIXME: remove this if ldb supports natively aliasing between the rdn and the "name" attribute */ + if ( ! samldb_add_attribute(msg2, "name", &rdn[3])) { + talloc_free(msg2); + return NULL; + } + } + + if ( ! samldb_find_or_add_attribute(msg2, "instanceType", NULL, "4")) { + talloc_free(msg2); + return NULL; + } + + if ( ! samldb_find_or_add_attribute(msg2, "sAMAccountName", NULL, samldb_generate_samAccountName(msg2))) { + talloc_free(msg2); + return NULL; + } + + if ( ! samldb_find_or_add_attribute(msg2, "sAMAccountType", NULL, "805306368")) { + talloc_free(msg2); + return NULL; + } + + if ( ! samldb_find_or_add_attribute(msg2, "objectCategory", NULL, "foo")) { /* keep the schema module happy :) */ + return NULL; + } + + if ( ! samldb_find_or_add_attribute(msg2, "objectSid", NULL, "foo")) { /* keep the schema module happy :) */ + return NULL; + } + + /* TODO: objectGUID, objectSid, objectCategory, userAccountControl, badPwdCount, codePage, countryCode, badPasswordTime, lastLogoff, lastLogon, pwdLastSet, primaryGroupID, accountExpires, logonCount */ + + return msg2; +} + +/* add_record */ +static int samldb_add_record(struct ldb_module *module, const struct ldb_message *msg) +{ + struct ldb_message *msg2 = NULL; + int ret; + + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "samldb_add_record\n"); + + if (msg->dn[0] == '@') { /* do not manipulate our control entries */ + return ldb_next_add_record(module, msg); + } + + /* is group? add all group relevant missing objects */ + msg2 = samldb_manage_group_object(module, msg); + + /* is user? add all user relevant missing objects */ + if ( ! msg2 ) { + msg2 = samldb_manage_user_object(module, msg); + } + + if (msg2) { + ret = ldb_next_add_record(module, msg2); + talloc_free(msg2); + } else { + ret = ldb_next_add_record(module, msg); + } + + return ret; +} + +/* modify_record: change modifyTimestamp as well */ +static int samldb_modify_record(struct ldb_module *module, const struct ldb_message *msg) +{ + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "samldb_modify_record\n"); + return ldb_next_modify_record(module, msg); +} + +static int samldb_delete_record(struct ldb_module *module, const char *dn) +{ + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "samldb_delete_record\n"); + return ldb_next_delete_record(module, dn); +} + +static int samldb_rename_record(struct ldb_module *module, const char *olddn, const char *newdn) +{ + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "samldb_rename_record\n"); + return ldb_next_rename_record(module, olddn, newdn); +} + +static int samldb_lock(struct ldb_module *module, const char *lockname) +{ + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "samldb_lock\n"); + return ldb_next_named_lock(module, lockname); +} + +static int samldb_unlock(struct ldb_module *module, const char *lockname) +{ + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "samldb_unlock\n"); + return ldb_next_named_unlock(module, lockname); +} + +/* return extended error information */ +static const char *samldb_errstring(struct ldb_module *module) +{ + struct private_data *data = (struct private_data *)module->private_data; + + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "samldb_errstring\n"); + if (data->error_string) { + const char *error; + + error = data->error_string; + data->error_string = NULL; + return error; + } + + return ldb_next_errstring(module); +} + +static int samldb_destructor(void *module_ctx) +{ + struct ldb_module *ctx = module_ctx; + /* put your clean-up functions here */ + return 0; +} + +static const struct ldb_module_ops samldb_ops = { + "samldb", + samldb_search, + samldb_search_free, + samldb_add_record, + samldb_modify_record, + samldb_delete_record, + samldb_rename_record, + samldb_lock, + samldb_unlock, + samldb_errstring +}; + + +/* the init function */ +#ifdef HAVE_DLOPEN_DISABLED + struct ldb_module *init_module(struct ldb_context *ldb, const char *options[]) +#else +struct ldb_module *samldb_module_init(struct ldb_context *ldb, const char *options[]) +#endif +{ + struct ldb_module *ctx; + struct private_data *data; + + ctx = talloc(ldb, struct ldb_module); + if (!ctx) + return NULL; + + data = talloc(ctx, struct private_data); + if (!data) { + talloc_free(ctx); + return NULL; + } + + data->error_string = NULL; + ctx->private_data = data; + ctx->ldb = ldb; + ctx->prev = ctx->next = NULL; + ctx->ops = &samldb_ops; + + talloc_set_destructor(ctx, samldb_destructor); + + return ctx; +} -- cgit From 625a2673c17d3a47f16f50fc5fdbe6f09f8c6a5e Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sun, 27 Feb 2005 16:35:19 +0000 Subject: r5587: more work around the samldb module fix the provision.ldif the layout of the @MODULES dn has changed since last commit (This used to be commit acb99e63d40e71fa843c1b7a1719a350a353ed28) --- source4/dsdb/samdb/ldb_modules/samldb.c | 188 ++++++++++++++++++++++++++++++-- 1 file changed, 180 insertions(+), 8 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 6b8546e2b8..1e110afc2e 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -57,6 +57,156 @@ ldb_debug(module->ldb, LDB_DEBUG_TRACE, "samldb_search_free\n"); return ldb_next_search_free(module, res); } + +/* + allocate a new id, attempting to do it atomically + return 0 on failure, the id on success +*/ +static int samldb_allocate_next_rid(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, + const char *dn, uint32_t *id) +{ + const char * const attrs[2] = { "nextRid", NULL }; + struct ldb_message **res = NULL; + struct ldb_message msg; + int ret; + const char *str; + struct ldb_val vals[2]; + struct ldb_message_element els[2]; + + ret = ldb_search(ldb, dn, LDB_SCOPE_BASE, "nextRid=*", attrs, &res); + if (ret != 1) { + if (res) ldb_search_free(ldb, res); + return -1; + } + str = ldb_msg_find_string(res[0], "nextRid", NULL); + if (str == NULL) { + ldb_debug(ldb, LDB_DEBUG_FATAL, "attribute nextRid not found in %s\n", dn); + ldb_search_free(ldb, res); + return -1; + } + talloc_steal(mem_ctx, str); + ldb_search_free(ldb, res); + + *id = strtol(str, NULL, 0); + if ((*id)+1 == 0) { + /* out of IDs ! */ + return -1; + } + + /* we do a delete and add as a single operation. That prevents + a race */ + ZERO_STRUCT(msg); + msg.dn = talloc_strdup(mem_ctx, dn); + if (!msg.dn) { + return -1; + } + msg.num_elements = 2; + msg.elements = els; + + els[0].num_values = 1; + els[0].values = &vals[0]; + els[0].flags = LDB_FLAG_MOD_DELETE; + els[0].name = talloc_strdup(mem_ctx, "nextRid"); + if (!els[0].name) { + return -1; + } + + els[1].num_values = 1; + els[1].values = &vals[1]; + els[1].flags = LDB_FLAG_MOD_ADD; + els[1].name = els[0].name; + + vals[0].data = talloc_asprintf(mem_ctx, "%u", *id); + if (!vals[0].data) { + return -1; + } + vals[0].length = strlen(vals[0].data); + + vals[1].data = talloc_asprintf(mem_ctx, "%u", (*id)+1); + if (!vals[1].data) { + return -1; + } + vals[1].length = strlen(vals[1].data); + + ret = ldb_modify(ldb, &msg); + if (ret != 0) { + return 1; + } + + (*id)++; + + return 0; +} + +/* search the domain related to the provided dn + allocate a new RID for the domain + return the new sid string +*/ +static char *samldb_get_new_sid(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, const char *obj_dn) +{ + const char * const attrs[2] = { "objectSid", NULL }; + struct ldb_message **res = NULL; + const char *dom_dn, *dom_sid; + char *obj_sid; + uint32_t rid; + int ret, tries = 10; + + /* get the domain component part of the provided dn */ + + /* FIXME: quick search here, I think we should use something like + ldap_parse_dn here to be 100% sure we get the right domain dn */ + + /* FIXME: "dc=" is probably not utf8 safe either, + we need a multibyte safe substring search function here */ + + dom_dn = strstr(obj_dn, "dc="); + if (dom_dn == NULL) { + ldb_debug(ldb, LDB_DEBUG_FATAL, "Invalid dn (%s)!\n", obj_dn); + return NULL; + } + + /* find the domain sid */ + + ret = ldb_search(ldb, dom_dn, LDB_SCOPE_BASE, "objectSid=*", attrs, &res); + if (ret != 1) { + ldb_debug(ldb, LDB_DEBUG_FATAL, "samldb_get_new_sid: error retrieving domain sid!\n"); + if (res) ldb_search_free(ldb, res); + return NULL; + } + + dom_sid = ldb_msg_find_string(res[0], "objectSid", NULL); + if (dom_sid == NULL) { + ldb_debug(ldb, LDB_DEBUG_FATAL, "samldb_get_new_sid: error retrieving domain sid!\n"); + ldb_search_free(ldb, res); + return NULL; + } + + talloc_steal(mem_ctx, dom_sid); + ldb_search_free(ldb, res); + + /* allocate a new Rid for the domain */ + + + /* we need to try multiple times to cope with two account + creations at the same time */ + while (tries--) { + ret = samldb_allocate_next_rid(ldb, mem_ctx, dom_dn, &rid); + if (ret != 1) { + break; + } + } + if (ret != 0) { + ldb_debug(ldb, LDB_DEBUG_FATAL, "Failed to increment nextRid of %s\n", dom_dn); + return NULL; + } + + /* return the new object sid */ + + obj_sid = talloc_asprintf(mem_ctx, "%s-%u", dom_sid, rid); + + return obj_sid; +} + static char *samldb_generate_samAccountName(const void *mem_ctx) { char *name; @@ -240,6 +390,21 @@ static struct ldb_message *samldb_manage_group_object(struct ldb_module *module, } } + if ((attribute = samldb_find_attribute(msg2, "objectSid", NULL)) == NULL ) { + char *sidstr; + + if ((sidstr = samldb_get_new_sid(module->ldb, msg2, msg2->dn)) == NULL) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_manage_group_object: internal error! Can't generate new sid\n"); + talloc_free(msg2); + return NULL; + } + + if ( ! samldb_add_attribute(msg2, "objectSid", sidstr)) { + talloc_free(msg2); + return NULL; + } + } + if ( ! samldb_find_or_add_attribute(msg2, "instanceType", NULL, "4")) { return NULL; } @@ -260,10 +425,6 @@ static struct ldb_message *samldb_manage_group_object(struct ldb_module *module, return NULL; } - if ( ! samldb_find_or_add_attribute(msg2, "objectSid", NULL, "foo")) { /* keep the schema module happy :) */ - return NULL; - } - /* TODO: objectGUID, objectSid, objectCategory */ /* need a way to lock a new Sid */ @@ -353,6 +514,21 @@ static struct ldb_message *samldb_manage_user_object(struct ldb_module *module, } } + if ((attribute = samldb_find_attribute(msg2, "objectSid", NULL)) == NULL ) { + char *sidstr; + + if ((sidstr = samldb_get_new_sid(module->ldb, msg2, msg2->dn)) == NULL) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_manage_user_object: internal error! Can't generate new sid\n"); + talloc_free(msg2); + return NULL; + } + + if ( ! samldb_add_attribute(msg2, "objectSid", sidstr)) { + talloc_free(msg2); + return NULL; + } + } + if ( ! samldb_find_or_add_attribute(msg2, "instanceType", NULL, "4")) { talloc_free(msg2); return NULL; @@ -372,10 +548,6 @@ static struct ldb_message *samldb_manage_user_object(struct ldb_module *module, return NULL; } - if ( ! samldb_find_or_add_attribute(msg2, "objectSid", NULL, "foo")) { /* keep the schema module happy :) */ - return NULL; - } - /* TODO: objectGUID, objectSid, objectCategory, userAccountControl, badPwdCount, codePage, countryCode, badPasswordTime, lastLogoff, lastLogon, pwdLastSet, primaryGroupID, accountExpires, logonCount */ return msg2; -- cgit From 7d7aacc34729c9dee806436647fdd82f6887df55 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sun, 27 Feb 2005 19:57:03 +0000 Subject: r5588: We currently use a string representing an hex number so conform to that. But we should move to a signed integer in future to be AD compatible. (This used to be commit b67512c5139af121b6579a5c6318a489c2132ebb) --- source4/dsdb/samdb/ldb_modules/samldb.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 1e110afc2e..ddd878070d 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -413,11 +413,11 @@ static struct ldb_message *samldb_manage_group_object(struct ldb_module *module, return NULL; } - if ( ! samldb_find_or_add_attribute(msg2, "sAMAccountType", NULL, "268435456")) { + if ( ! samldb_find_or_add_attribute(msg2, "sAMAccountType", NULL, "0x10000000")) { return NULL; } - if ( ! samldb_find_or_add_attribute(msg2, "groupType", NULL, "-2147483646")) { + if ( ! samldb_find_or_add_attribute(msg2, "groupType", NULL, "0x80000002")) { return NULL; } @@ -539,7 +539,7 @@ static struct ldb_message *samldb_manage_user_object(struct ldb_module *module, return NULL; } - if ( ! samldb_find_or_add_attribute(msg2, "sAMAccountType", NULL, "805306368")) { + if ( ! samldb_find_or_add_attribute(msg2, "sAMAccountType", NULL, "0x30000000")) { talloc_free(msg2); return NULL; } -- cgit From 5487ee5e9c9e6ea087b778ab7d90d8c38b348017 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sun, 27 Mar 2005 23:31:43 +0000 Subject: r6084: - Introduce the samldb module dependency on samba4 - This module will take care of properly filling an user or group object with required fields. You just need to provide the dn and the objectclass and a user/group get created Simo. (This used to be commit fb9afcaf533a4c32547d1857306e0aece8063953) --- source4/dsdb/samdb/ldb_modules/samldb.c | 375 +++++++++++++++----------------- 1 file changed, 170 insertions(+), 205 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index ddd878070d..7ec1ea1a29 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -1,25 +1,25 @@ /* - ldb database library + SAM ldb module Copyright (C) Simo Sorce 2004 - ** NOTE! The following LGPL license applies to the ldb - ** library. This does NOT imply that all of Samba is released - ** under the LGPL - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. + * NOTICE: this module is NOT released under the GNU LGPL license as + * other ldb code. This module is release under the GNU GPL v2 or + * later license. - This library is distributed in the hope that it will be useful, + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with this library; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ /* @@ -27,7 +27,7 @@ * * Component: ldb samldb module * - * Description: add object timestamping functionality + * Description: add embedded user/group creation functionality * * Author: Simo Sorce */ @@ -53,11 +53,10 @@ static int samldb_search(struct ldb_module *module, const char *base, static int samldb_search_free(struct ldb_module *module, struct ldb_message **res) { -ldb_debug(module->ldb, LDB_DEBUG_TRACE, "samldb_search_free\n"); + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "samldb_search_free\n"); return ldb_next_search_free(module, res); } - /* allocate a new id, attempting to do it atomically return 0 on failure, the id on success @@ -84,14 +83,15 @@ static int samldb_allocate_next_rid(struct ldb_context *ldb, TALLOC_CTX *mem_ctx ldb_search_free(ldb, res); return -1; } - talloc_steal(mem_ctx, str); - ldb_search_free(ldb, res); *id = strtol(str, NULL, 0); if ((*id)+1 == 0) { /* out of IDs ! */ + ldb_debug(ldb, LDB_DEBUG_FATAL, "Are we out of valid IDs ?\n"); + ldb_search_free(ldb, res); return -1; } + ldb_search_free(ldb, res); /* we do a delete and add as a single operation. That prevents a race */ @@ -138,11 +138,36 @@ static int samldb_allocate_next_rid(struct ldb_context *ldb, TALLOC_CTX *mem_ctx return 0; } +static char *samldb_search_domain(struct ldb_module *module, TALLOC_CTX *mem_ctx, const char *dn) +{ + const char *sdn; + struct ldb_message **res = NULL; + int ret; + + sdn = dn; + while ((sdn = strchr(sdn, ',')) != NULL) { + + sdn++; + + ret = ldb_search(module->ldb, sdn, LDB_SCOPE_BASE, "objectClass=domain", NULL, &res); + ldb_search_free(module->ldb, res); + + if (ret == 1) + break; + } + + if (ret != 1) { + return NULL; + } + + return talloc_strdup(mem_ctx, sdn); +} + /* search the domain related to the provided dn allocate a new RID for the domain return the new sid string */ -static char *samldb_get_new_sid(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, const char *obj_dn) +static char *samldb_get_new_sid(struct ldb_module *module, TALLOC_CTX *mem_ctx, const char *obj_dn) { const char * const attrs[2] = { "objectSid", NULL }; struct ldb_message **res = NULL; @@ -159,44 +184,41 @@ static char *samldb_get_new_sid(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, co /* FIXME: "dc=" is probably not utf8 safe either, we need a multibyte safe substring search function here */ - dom_dn = strstr(obj_dn, "dc="); + dom_dn = samldb_search_domain(module, mem_ctx, obj_dn); if (dom_dn == NULL) { - ldb_debug(ldb, LDB_DEBUG_FATAL, "Invalid dn (%s)!\n", obj_dn); + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "Invalid dn (%s) not child of a domain object!\n", obj_dn); return NULL; } /* find the domain sid */ - ret = ldb_search(ldb, dom_dn, LDB_SCOPE_BASE, "objectSid=*", attrs, &res); + ret = ldb_search(module->ldb, dom_dn, LDB_SCOPE_BASE, "objectSid=*", attrs, &res); if (ret != 1) { - ldb_debug(ldb, LDB_DEBUG_FATAL, "samldb_get_new_sid: error retrieving domain sid!\n"); - if (res) ldb_search_free(ldb, res); + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_get_new_sid: error retrieving domain sid!\n"); + if (res) ldb_search_free(module->ldb, res); return NULL; } dom_sid = ldb_msg_find_string(res[0], "objectSid", NULL); if (dom_sid == NULL) { - ldb_debug(ldb, LDB_DEBUG_FATAL, "samldb_get_new_sid: error retrieving domain sid!\n"); - ldb_search_free(ldb, res); + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_get_new_sid: error retrieving domain sid!\n"); + ldb_search_free(module->ldb, res); return NULL; } - talloc_steal(mem_ctx, dom_sid); - ldb_search_free(ldb, res); - /* allocate a new Rid for the domain */ - /* we need to try multiple times to cope with two account creations at the same time */ while (tries--) { - ret = samldb_allocate_next_rid(ldb, mem_ctx, dom_dn, &rid); + ret = samldb_allocate_next_rid(module->ldb, mem_ctx, dom_dn, &rid); if (ret != 1) { break; } } if (ret != 0) { - ldb_debug(ldb, LDB_DEBUG_FATAL, "Failed to increment nextRid of %s\n", dom_dn); + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "Failed to increment nextRid of %s\n", dom_dn); + ldb_search_free(module->ldb, res); return NULL; } @@ -204,6 +226,8 @@ static char *samldb_get_new_sid(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, co obj_sid = talloc_asprintf(mem_ctx, "%s-%u", dom_sid, rid); + ldb_search_free(module->ldb, res); + return obj_sid; } @@ -224,13 +248,8 @@ static BOOL samldb_get_rdn_and_basedn(const void *mem_ctx, const char *dn, char if ( ! p ) { return False; } - /* clear separator */ - *p = '\0'; - *rdn = talloc_strdup(mem_ctx, dn); - - /* put back separator */ - *p = ','; + *rdn = talloc_strndup(mem_ctx, dn, p - dn); if ( ! *rdn) { return False; @@ -268,287 +287,234 @@ static struct ldb_message_element *samldb_find_attribute(const struct ldb_messag return NULL; } -static BOOL samldb_add_attribute(struct ldb_message *msg, const char *name, const char *value) +static BOOL samldb_msg_add_string(struct ldb_module *module, struct ldb_message *msg, const char *name, const char *value) { - struct ldb_message_element *attr; - int i; - - attr = samldb_find_attribute(msg, name, NULL); - if ( ! attr) { - msg->num_elements++; - msg->elements = talloc_realloc(msg, msg->elements, struct ldb_message_element, msg->num_elements); - if ( ! msg->elements ) { - return False; - } - attr = &msg->elements[msg->num_elements - 1]; - - attr->name = talloc_strdup(msg, name); - if ( ! attr->name ) { - return False; - } - attr->flags = 0; - attr->num_values = 0; - attr->values = NULL; - } + char *aname = talloc_strdup(msg, name); + char *aval = talloc_strdup(msg, value); - i = attr->num_values; - attr->num_values++; - attr->values = talloc_realloc(msg, attr->values, struct ldb_val, attr->num_values); - if ( ! attr->values ){ + if (aname == NULL || aval == NULL) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_msg_add_string: talloc_strdup failed!\n"); return False; } - attr->values[i].data = talloc_strdup(msg, value); - attr->values[i].length = strlen(value); - - if ( ! attr->values[i].data) { + if (ldb_msg_add_string(module->ldb, msg, aname, aval) != 0) { return False; } return True; } -static BOOL samldb_find_or_add_attribute(struct ldb_message *msg, const char *name, const char *value, const char *set_value) +static BOOL samldb_find_or_add_attribute(struct ldb_module *module, struct ldb_message *msg, const char *name, const char *value, const char *set_value) { if (samldb_find_attribute(msg, name, value) == NULL) { - if ( ! samldb_add_attribute(msg, name, set_value)) { - return False; - } + return samldb_msg_add_string(module, msg, name, set_value); } return True; } -static struct ldb_message *samldb_manage_group_object(struct ldb_module *module, const struct ldb_message *msg) +static int samldb_copy_template(struct ldb_module *module, struct ldb_message *msg, const char *filter) +{ + struct ldb_message **res, *t; + int ret, i, j; + + + /* pull the template record */ + ret = ldb_search(module->ldb, NULL, LDB_SCOPE_SUBTREE, filter, NULL, &res); + if (ret != 1) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb: ERROR: template '%s' matched %d records\n", filter, ret); + return -1; + } + t = res[0]; + + for (i = 0; i < t->num_elements; i++) { + struct ldb_message_element *el = &t->elements[i]; + /* some elements should not be copied from the template */ + if (strcasecmp(el->name, "cn") == 0 || + strcasecmp(el->name, "name") == 0 || + strcasecmp(el->name, "sAMAccountName") == 0) { + continue; + } + for (j = 0; j < el->num_values; j++) { + if (strcasecmp(el->name, "objectClass") == 0 && + (strcasecmp((char *)el->values[j].data, "Template") == 0 || + strcasecmp((char *)el->values[j].data, "userTemplate") == 0 || + strcasecmp((char *)el->values[j].data, "groupTemplate") == 0 || + strcasecmp((char *)el->values[j].data, "foreignSecurityTemplate") == 0 || + strcasecmp((char *)el->values[j].data, "aliasTemplate") == 0 || + strcasecmp((char *)el->values[j].data, "trustedDomainTemplate") == 0 || + strcasecmp((char *)el->values[j].data, "secretTemplate") == 0)) { + continue; + } + if ( ! samldb_find_or_add_attribute(module, msg, el->name, + NULL, + (char *)el->values[j].data)) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "Attribute adding failed...\n"); + ldb_search_free(module->ldb, res); + return -1; + } + } + } + + ldb_search_free(module->ldb, res); + + return 0; +} + +static struct ldb_message *samldb_fill_group_object(struct ldb_module *module, const struct ldb_message *msg) { struct ldb_message *msg2; struct ldb_message_element *attribute; - char *rdn, *basedn; - int i; + char *rdn, *basedn, *sidstr; if (samldb_find_attribute(msg, "objectclass", "group") == NULL) { return NULL; } - msg2 = talloc(module, struct ldb_message); + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "samldb_fill_group_object\n"); + + /* build the new msg */ + msg2 = ldb_msg_copy(module->ldb, msg); if (!msg2) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_manage_group_object: talloc failed!\n"); + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_group_object: ldb_msg_copy failed!\n"); return NULL; } - /* build the new msg */ - msg2->dn = msg->dn; - msg2->num_elements = msg->num_elements; - msg2->private_data = msg->private_data; - msg2->elements = talloc_array(msg2, struct ldb_message_element, msg2->num_elements); - if (! msg2->elements) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_manage_group_object: talloc_array failed!\n"); - talloc_free(msg2); + if (samldb_copy_template(module, msg2, "(&(name=TemplateGroup)(objectclass=groupTemplate))") != 0) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_group_object: Error copying template!\n"); return NULL; } - for (i = 0; i < msg2->num_elements; i++) { - msg2->elements[i] = msg->elements[i]; - } if ( ! samldb_get_rdn_and_basedn(msg2, msg2->dn, &rdn, &basedn)) { - talloc_free(msg2); + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_group_object: Bad DN (%s)!\n", msg2->dn); return NULL; } if (strncasecmp(rdn, "cn", 2) != 0) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_manage_group_object: Bad RDN (%s) for group!\n", rdn); - talloc_free(msg2); - return NULL; - } - - if (! samldb_find_or_add_attribute(msg2, "objectclass", "top", "top")) { - talloc_free(msg2); + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_group_object: Bad RDN (%s) for group!\n", rdn); return NULL; } if ((attribute = samldb_find_attribute(msg2, "cn", NULL)) != NULL) { - if (strcasecmp(rdn, attribute->values[0].data) != 0) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_manage_group_object: Bad Attribute Syntax for CN\n"); - talloc_free(msg2); + if (strcasecmp(&rdn[3], attribute->values[0].data) != 0) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_group_object: Bad Attribute Syntax for CN\n"); return NULL; } } else { /* FIXME: remove this if ldb supports natively aliasing between the rdn and the "cn" attribute */ - if ( ! samldb_add_attribute(msg2, "cn", &rdn[3])) { - talloc_free(msg2); + if ( ! samldb_msg_add_string(module, msg2, "cn", &rdn[3])) { return NULL; } } if ((attribute = samldb_find_attribute(msg2, "name", NULL)) != NULL) { - if (strcasecmp(rdn, attribute->values[0].data) != 0) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_manage_group_object: Bad Attribute Syntax for name\n"); - talloc_free(msg2); + if (strcasecmp(&rdn[3], attribute->values[0].data) != 0) { return NULL; } } else { /* FIXME: remove this if ldb supports natively aliasing between the rdn and the "name" attribute */ - if ( ! samldb_add_attribute(msg2, "name", &rdn[3])) { - talloc_free(msg2); + if ( ! samldb_msg_add_string(module, msg2, "name", &rdn[3])) { return NULL; } } if ((attribute = samldb_find_attribute(msg2, "objectSid", NULL)) == NULL ) { - char *sidstr; - if ((sidstr = samldb_get_new_sid(module->ldb, msg2, msg2->dn)) == NULL) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_manage_group_object: internal error! Can't generate new sid\n"); - talloc_free(msg2); + if ((sidstr = samldb_get_new_sid(module, msg2, msg2->dn)) == NULL) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_group_object: internal error! Can't generate new sid\n"); return NULL; } - - if ( ! samldb_add_attribute(msg2, "objectSid", sidstr)) { - talloc_free(msg2); + + if ( ! samldb_msg_add_string(module, msg2, "objectSid", sidstr)) { return NULL; } } - if ( ! samldb_find_or_add_attribute(msg2, "instanceType", NULL, "4")) { - return NULL; - } - - if ( ! samldb_find_or_add_attribute(msg2, "sAMAccountName", NULL, samldb_generate_samAccountName(msg2))) { - return NULL; - } - - if ( ! samldb_find_or_add_attribute(msg2, "sAMAccountType", NULL, "0x10000000")) { - return NULL; - } - - if ( ! samldb_find_or_add_attribute(msg2, "groupType", NULL, "0x80000002")) { + if ( ! samldb_find_or_add_attribute(module, msg2, "sAMAccountName", NULL, samldb_generate_samAccountName(msg2))) { return NULL; } - if ( ! samldb_find_or_add_attribute(msg2, "objectCategory", NULL, "foo")) { /* keep the schema module happy :) */ - return NULL; - } + /* TODO: objectGUID */ - /* TODO: objectGUID, objectSid, objectCategory */ - /* need a way to lock a new Sid */ + talloc_steal(msg, msg2); return msg2; } -static struct ldb_message *samldb_manage_user_object(struct ldb_module *module, const struct ldb_message *msg) +static struct ldb_message *samldb_fill_user_or_computer_object(struct ldb_module *module, const struct ldb_message *msg) { struct ldb_message *msg2; struct ldb_message_element *attribute; - char *rdn, *basedn; - int i; + char *rdn, *basedn, *sidstr; - if (samldb_find_attribute(msg, "objectclass", "user") == NULL) { + if ((samldb_find_attribute(msg, "objectclass", "user") == NULL) && (samldb_find_attribute(msg, "objectclass", "computer") == NULL)) { return NULL; } - msg2 = talloc(module, struct ldb_message); + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "samldb_fill_user_or_computer_object\n"); + + /* build the new msg */ + msg2 = ldb_msg_copy(module->ldb, msg); if (!msg2) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_manage_user_object: talloc failed!\n"); + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_group_object: ldb_msg_copy failed!\n"); return NULL; } - /* build the new msg */ - msg2->dn = msg->dn; - msg2->num_elements = msg->num_elements; - msg2->private_data = msg->private_data; - msg2->elements = talloc_array(msg2, struct ldb_message_element, msg2->num_elements); - if (! msg2->elements) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_manage_user_object: talloc_array failed!\n"); - talloc_free(msg2); + if (samldb_copy_template(module, msg2, "(&(name=TemplateUser)(objectclass=userTemplate))") != 0) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_user_or_computer_object: Error copying template!\n"); return NULL; } - for (i = 0; i < msg2->num_elements; i++) { - msg2->elements[i] = msg->elements[i]; - } if ( ! samldb_get_rdn_and_basedn(msg2, msg2->dn, &rdn, &basedn)) { - talloc_free(msg2); return NULL; } if (strncasecmp(rdn, "cn", 2) != 0) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_manage_group_object: Bad RDN (%s) for group!\n", rdn); - talloc_free(msg2); - return NULL; - } - - - if ( ! samldb_find_or_add_attribute(msg2, "objectclass", "top", "top")) { - talloc_free(msg2); + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_user_or_computer_object: Bad RDN (%s) for group!\n", rdn); return NULL; } - if ( ! samldb_find_or_add_attribute(msg2, "objectclass", "person", "person")) { - talloc_free(msg2); - return NULL; - } - - if ( ! samldb_find_or_add_attribute(msg2, "objectclass", "organizationalPerson", "organizationalPerson")) { - talloc_free(msg2); + /* if the only attribute was: "objectclass: computer", then make sure we also add "user" objectclass */ + if ( ! samldb_find_or_add_attribute(module, msg2, "objectclass", "user", "user")) { return NULL; } if ((attribute = samldb_find_attribute(msg2, "cn", NULL)) != NULL) { - if (strcasecmp(rdn, attribute->values[0].data) != 0) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_manage_user_object: Bad Attribute Syntax for CN\n"); - talloc_free(msg2); + if (strcasecmp(&rdn[3], attribute->values[0].data) != 0) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_user_or_computer_object: Bad Attribute Syntax for CN\n"); return NULL; } } else { /* FIXME: remove this if ldb supports natively aliasing between the rdn and the "cn" attribute */ - if ( ! samldb_add_attribute(msg2, "cn", &rdn[3])) { - talloc_free(msg2); + if ( ! samldb_msg_add_string(module, msg2, "cn", &rdn[3])) { return NULL; } } if ((attribute = samldb_find_attribute(msg2, "name", NULL)) != NULL) { - if (strcasecmp(rdn, attribute->values[0].data) != 0) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_manage_user_object: Bad Attribute Syntax for name\n"); - talloc_free(msg2); + if (strcasecmp(&rdn[3], attribute->values[0].data) != 0) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_user_or_computer_object: Bad Attribute Syntax for name\n"); return NULL; } } else { /* FIXME: remove this if ldb supports natively aliasing between the rdn and the "name" attribute */ - if ( ! samldb_add_attribute(msg2, "name", &rdn[3])) { - talloc_free(msg2); + if ( ! samldb_msg_add_string(module, msg2, "name", &rdn[3])) { return NULL; } } if ((attribute = samldb_find_attribute(msg2, "objectSid", NULL)) == NULL ) { - char *sidstr; - if ((sidstr = samldb_get_new_sid(module->ldb, msg2, msg2->dn)) == NULL) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_manage_user_object: internal error! Can't generate new sid\n"); - talloc_free(msg2); + if ((sidstr = samldb_get_new_sid(module, msg2, msg2->dn)) == NULL) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_user_or_computer_object: internal error! Can't generate new sid\n"); return NULL; } - - if ( ! samldb_add_attribute(msg2, "objectSid", sidstr)) { - talloc_free(msg2); + + if ( ! samldb_msg_add_string(module, msg2, "objectSid", sidstr)) { return NULL; } } - if ( ! samldb_find_or_add_attribute(msg2, "instanceType", NULL, "4")) { - talloc_free(msg2); - return NULL; - } - - if ( ! samldb_find_or_add_attribute(msg2, "sAMAccountName", NULL, samldb_generate_samAccountName(msg2))) { - talloc_free(msg2); + if ( ! samldb_find_or_add_attribute(module, msg2, "sAMAccountName", NULL, samldb_generate_samAccountName(msg2))) { return NULL; } - if ( ! samldb_find_or_add_attribute(msg2, "sAMAccountType", NULL, "0x30000000")) { - talloc_free(msg2); - return NULL; - } - - if ( ! samldb_find_or_add_attribute(msg2, "objectCategory", NULL, "foo")) { /* keep the schema module happy :) */ - return NULL; - } + /* TODO: objectGUID, objectCategory, userAccountControl, badPwdCount, codePage, countryCode, badPasswordTime, lastLogoff, lastLogon, pwdLastSet, primaryGroupID, accountExpires, logonCount */ - /* TODO: objectGUID, objectSid, objectCategory, userAccountControl, badPwdCount, codePage, countryCode, badPasswordTime, lastLogoff, lastLogon, pwdLastSet, primaryGroupID, accountExpires, logonCount */ + talloc_steal(msg, msg2); return msg2; } @@ -565,17 +531,16 @@ static int samldb_add_record(struct ldb_module *module, const struct ldb_message return ldb_next_add_record(module, msg); } - /* is group? add all group relevant missing objects */ - msg2 = samldb_manage_group_object(module, msg); + /* is user or computer? add all relevant missing objects */ + msg2 = samldb_fill_user_or_computer_object(module, msg); - /* is user? add all user relevant missing objects */ + /* is group? add all relevant missing objects */ if ( ! msg2 ) { - msg2 = samldb_manage_user_object(module, msg); + msg2 = samldb_fill_group_object(module, msg); } if (msg2) { ret = ldb_next_add_record(module, msg2); - talloc_free(msg2); } else { ret = ldb_next_add_record(module, msg); } @@ -633,7 +598,7 @@ static const char *samldb_errstring(struct ldb_module *module) static int samldb_destructor(void *module_ctx) { - struct ldb_module *ctx = module_ctx; + /* struct ldb_module *ctx = module_ctx; */ /* put your clean-up functions here */ return 0; } -- cgit From fe4d985b6f3d318d9b58a16677be3b4ae34fba15 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 25 Apr 2005 12:46:18 +0000 Subject: r6470: Remove ldb_search_free() it is not needed anymore. Just use talloc_free() to release the memory after an ldb_search(). (This used to be commit 4f0948dab0aa5e8b6a4ce486f3668ca8dfae23db) --- source4/dsdb/samdb/ldb_modules/samldb.c | 30 ++++++++++++------------------ 1 file changed, 12 insertions(+), 18 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 7ec1ea1a29..a392f97865 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -51,12 +51,6 @@ static int samldb_search(struct ldb_module *module, const char *base, return ldb_next_search(module, base, scope, expression, attrs, res); } -static int samldb_search_free(struct ldb_module *module, struct ldb_message **res) -{ - ldb_debug(module->ldb, LDB_DEBUG_TRACE, "samldb_search_free\n"); - return ldb_next_search_free(module, res); -} - /* allocate a new id, attempting to do it atomically return 0 on failure, the id on success @@ -74,13 +68,13 @@ static int samldb_allocate_next_rid(struct ldb_context *ldb, TALLOC_CTX *mem_ctx ret = ldb_search(ldb, dn, LDB_SCOPE_BASE, "nextRid=*", attrs, &res); if (ret != 1) { - if (res) ldb_search_free(ldb, res); + if (res) talloc_free(res); return -1; } str = ldb_msg_find_string(res[0], "nextRid", NULL); if (str == NULL) { ldb_debug(ldb, LDB_DEBUG_FATAL, "attribute nextRid not found in %s\n", dn); - ldb_search_free(ldb, res); + talloc_free(res); return -1; } @@ -88,10 +82,10 @@ static int samldb_allocate_next_rid(struct ldb_context *ldb, TALLOC_CTX *mem_ctx if ((*id)+1 == 0) { /* out of IDs ! */ ldb_debug(ldb, LDB_DEBUG_FATAL, "Are we out of valid IDs ?\n"); - ldb_search_free(ldb, res); + talloc_free(res); return -1; } - ldb_search_free(ldb, res); + talloc_free(res); /* we do a delete and add as a single operation. That prevents a race */ @@ -150,7 +144,7 @@ static char *samldb_search_domain(struct ldb_module *module, TALLOC_CTX *mem_ctx sdn++; ret = ldb_search(module->ldb, sdn, LDB_SCOPE_BASE, "objectClass=domain", NULL, &res); - ldb_search_free(module->ldb, res); + talloc_free(res); if (ret == 1) break; @@ -195,14 +189,14 @@ static char *samldb_get_new_sid(struct ldb_module *module, TALLOC_CTX *mem_ctx, ret = ldb_search(module->ldb, dom_dn, LDB_SCOPE_BASE, "objectSid=*", attrs, &res); if (ret != 1) { ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_get_new_sid: error retrieving domain sid!\n"); - if (res) ldb_search_free(module->ldb, res); + if (res) talloc_free(res); return NULL; } dom_sid = ldb_msg_find_string(res[0], "objectSid", NULL); if (dom_sid == NULL) { ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_get_new_sid: error retrieving domain sid!\n"); - ldb_search_free(module->ldb, res); + talloc_free(res); return NULL; } @@ -218,7 +212,7 @@ static char *samldb_get_new_sid(struct ldb_module *module, TALLOC_CTX *mem_ctx, } if (ret != 0) { ldb_debug(module->ldb, LDB_DEBUG_FATAL, "Failed to increment nextRid of %s\n", dom_dn); - ldb_search_free(module->ldb, res); + talloc_free(res); return NULL; } @@ -226,7 +220,8 @@ static char *samldb_get_new_sid(struct ldb_module *module, TALLOC_CTX *mem_ctx, obj_sid = talloc_asprintf(mem_ctx, "%s-%u", dom_sid, rid); - ldb_search_free(module->ldb, res); + talloc_free(res); + return obj_sid; } @@ -349,13 +344,13 @@ static int samldb_copy_template(struct ldb_module *module, struct ldb_message *m NULL, (char *)el->values[j].data)) { ldb_debug(module->ldb, LDB_DEBUG_FATAL, "Attribute adding failed...\n"); - ldb_search_free(module->ldb, res); + talloc_free(res); return -1; } } } - ldb_search_free(module->ldb, res); + talloc_free(res); return 0; } @@ -606,7 +601,6 @@ static int samldb_destructor(void *module_ctx) static const struct ldb_module_ops samldb_ops = { "samldb", samldb_search, - samldb_search_free, samldb_add_record, samldb_modify_record, samldb_delete_record, -- cgit From 4b0e5bd75373ffa2d847706a71fd0349dfa15e71 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 13 Jun 2005 09:10:17 +0000 Subject: r7527: - added a ldb_search_bytree() interface, which takes a ldb_parse_tree instead of a search expression. This allows our ldap server to pass its ASN.1 parsed search expressions straight to ldb, instead of going via strings. - updated all the ldb modules code to handle the new interface - got rid of the separate ldb_parse.h now that the ldb_parse structures are exposed externally - moved to C99 structure initialisation in ldb - switched ldap server to using ldb_search_bytree() (This used to be commit 96620ab2ee5d440bbbc51c1bc0cad9977770f897) --- source4/dsdb/samdb/ldb_modules/samldb.c | 27 ++++++++++++++++++--------- 1 file changed, 18 insertions(+), 9 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index a392f97865..5472bed107 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -51,6 +51,14 @@ static int samldb_search(struct ldb_module *module, const char *base, return ldb_next_search(module, base, scope, expression, attrs, res); } +static int samldb_search_bytree(struct ldb_module *module, const char *base, + enum ldb_scope scope, struct ldb_parse_tree *tree, + const char * const *attrs, struct ldb_message ***res) +{ + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "samldb_search\n"); + return ldb_next_search_bytree(module, base, scope, tree, attrs, res); +} + /* allocate a new id, attempting to do it atomically return 0 on failure, the id on success @@ -599,15 +607,16 @@ static int samldb_destructor(void *module_ctx) } static const struct ldb_module_ops samldb_ops = { - "samldb", - samldb_search, - samldb_add_record, - samldb_modify_record, - samldb_delete_record, - samldb_rename_record, - samldb_lock, - samldb_unlock, - samldb_errstring + .name = "samldb", + .search = samldb_search, + .search_bytree = samldb_search_bytree, + .add_record = samldb_add_record, + .modify_record = samldb_modify_record, + .delete_record = samldb_delete_record, + .rename_record = samldb_rename_record, + .named_lock = samldb_lock, + .named_unlock = samldb_unlock, + .errstring = samldb_errstring }; -- cgit From bdee131f30e1bef31498b08bb648ddee35ea4892 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 24 Jun 2005 00:18:20 +0000 Subject: r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c) --- source4/dsdb/samdb/ldb_modules/samldb.c | 51 ++++++++++++++++++++++----------- 1 file changed, 34 insertions(+), 17 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 5472bed107..b5440c3cd1 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -35,7 +35,8 @@ #include "includes.h" #include "lib/ldb/include/ldb.h" #include "lib/ldb/include/ldb_private.h" -#include +#include "system/time.h" +#include "librpc/gen_ndr/ndr_security.h" #define SAM_ACCOUNT_NAME_BASE "$000000-000000000000" @@ -169,14 +170,15 @@ static char *samldb_search_domain(struct ldb_module *module, TALLOC_CTX *mem_ctx allocate a new RID for the domain return the new sid string */ -static char *samldb_get_new_sid(struct ldb_module *module, TALLOC_CTX *mem_ctx, const char *obj_dn) +static struct dom_sid *samldb_get_new_sid(struct ldb_module *module, + TALLOC_CTX *mem_ctx, const char *obj_dn) { const char * const attrs[2] = { "objectSid", NULL }; struct ldb_message **res = NULL; - const char *dom_dn, *dom_sid; - char *obj_sid; + const char *dom_dn; uint32_t rid; int ret, tries = 10; + struct dom_sid *dom_sid, *obj_sid; /* get the domain component part of the provided dn */ @@ -197,11 +199,11 @@ static char *samldb_get_new_sid(struct ldb_module *module, TALLOC_CTX *mem_ctx, ret = ldb_search(module->ldb, dom_dn, LDB_SCOPE_BASE, "objectSid=*", attrs, &res); if (ret != 1) { ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_get_new_sid: error retrieving domain sid!\n"); - if (res) talloc_free(res); + talloc_free(res); return NULL; } - dom_sid = ldb_msg_find_string(res[0], "objectSid", NULL); + dom_sid = samdb_result_dom_sid(res, res[0], "objectSid"); if (dom_sid == NULL) { ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_get_new_sid: error retrieving domain sid!\n"); talloc_free(res); @@ -225,12 +227,10 @@ static char *samldb_get_new_sid(struct ldb_module *module, TALLOC_CTX *mem_ctx, } /* return the new object sid */ - - obj_sid = talloc_asprintf(mem_ctx, "%s-%u", dom_sid, rid); + obj_sid = dom_sid_add_rid(mem_ctx, dom_sid, rid); talloc_free(res); - return obj_sid; } @@ -307,6 +307,18 @@ static BOOL samldb_msg_add_string(struct ldb_module *module, struct ldb_message return True; } +static BOOL samldb_msg_add_sid(struct ldb_module *module, struct ldb_message *msg, const char *name, const struct dom_sid *sid) +{ + struct ldb_val v; + NTSTATUS status; + status = ndr_push_struct_blob(&v, msg, sid, + (ndr_push_flags_fn_t)ndr_push_dom_sid); + if (!NT_STATUS_IS_OK(status)) { + return -1; + } + return (ldb_msg_add_value(module->ldb, msg, name, &v) == 0); +} + static BOOL samldb_find_or_add_attribute(struct ldb_module *module, struct ldb_message *msg, const char *name, const char *value, const char *set_value) { if (samldb_find_attribute(msg, name, value) == NULL) { @@ -367,7 +379,7 @@ static struct ldb_message *samldb_fill_group_object(struct ldb_module *module, c { struct ldb_message *msg2; struct ldb_message_element *attribute; - char *rdn, *basedn, *sidstr; + char *rdn, *basedn; if (samldb_find_attribute(msg, "objectclass", "group") == NULL) { return NULL; @@ -418,15 +430,17 @@ static struct ldb_message *samldb_fill_group_object(struct ldb_module *module, c } if ((attribute = samldb_find_attribute(msg2, "objectSid", NULL)) == NULL ) { - - if ((sidstr = samldb_get_new_sid(module, msg2, msg2->dn)) == NULL) { + struct dom_sid *sid = samldb_get_new_sid(module, msg2, msg2->dn); + if (sid == NULL) { ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_group_object: internal error! Can't generate new sid\n"); return NULL; } - if ( ! samldb_msg_add_string(module, msg2, "objectSid", sidstr)) { + if (!samldb_msg_add_sid(module, msg2, "objectSid", sid)) { + talloc_free(sid); return NULL; } + talloc_free(sid); } if ( ! samldb_find_or_add_attribute(module, msg2, "sAMAccountName", NULL, samldb_generate_samAccountName(msg2))) { @@ -444,7 +458,7 @@ static struct ldb_message *samldb_fill_user_or_computer_object(struct ldb_module { struct ldb_message *msg2; struct ldb_message_element *attribute; - char *rdn, *basedn, *sidstr; + char *rdn, *basedn; if ((samldb_find_attribute(msg, "objectclass", "user") == NULL) && (samldb_find_attribute(msg, "objectclass", "computer") == NULL)) { return NULL; @@ -500,15 +514,18 @@ static struct ldb_message *samldb_fill_user_or_computer_object(struct ldb_module } if ((attribute = samldb_find_attribute(msg2, "objectSid", NULL)) == NULL ) { - - if ((sidstr = samldb_get_new_sid(module, msg2, msg2->dn)) == NULL) { + struct dom_sid *sid; + sid = samldb_get_new_sid(module, msg2, msg2->dn); + if (sid == NULL) { ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_user_or_computer_object: internal error! Can't generate new sid\n"); return NULL; } - if ( ! samldb_msg_add_string(module, msg2, "objectSid", sidstr)) { + if ( ! samldb_msg_add_sid(module, msg2, "objectSid", sid)) { + talloc_free(sid); return NULL; } + talloc_free(sid); } if ( ! samldb_find_or_add_attribute(module, msg2, "sAMAccountName", NULL, samldb_generate_samAccountName(msg2))) { -- cgit From e83fb4fa1b08b427888c7e1b62fff0520bcd6942 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 26 Jun 2005 06:08:19 +0000 Subject: r7925: small tidyup (please keep lines at a reasonable length) (This used to be commit 0bfd91c32a62e651e81ce8d3b102158ec9c680fe) --- source4/dsdb/samdb/ldb_modules/samldb.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index b5440c3cd1..62a796bd89 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -460,7 +460,8 @@ static struct ldb_message *samldb_fill_user_or_computer_object(struct ldb_module struct ldb_message_element *attribute; char *rdn, *basedn; - if ((samldb_find_attribute(msg, "objectclass", "user") == NULL) && (samldb_find_attribute(msg, "objectclass", "computer") == NULL)) { + if ((samldb_find_attribute(msg, "objectclass", "user") == NULL) && + (samldb_find_attribute(msg, "objectclass", "computer") == NULL)) { return NULL; } -- cgit From 3e0aa2e756ec5fb3f03c9029ee442ed0aede5c53 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 11 Jul 2005 15:42:27 +0000 Subject: r8321: Fix some uninitalized variable warnings (This used to be commit 126cb3db4b0cf9c382ba7496ba08311f3b669f00) --- source4/dsdb/samdb/ldb_modules/samldb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 62a796bd89..0c43b8dc06 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -145,7 +145,7 @@ static char *samldb_search_domain(struct ldb_module *module, TALLOC_CTX *mem_ctx { const char *sdn; struct ldb_message **res = NULL; - int ret; + int ret = 0; sdn = dn; while ((sdn = strchr(sdn, ',')) != NULL) { -- cgit From 139e43bf9c0ddcb7122882db1cd8c569a71bafad Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 19 Jul 2005 02:08:38 +0000 Subject: r8568: change missing templates to warnings, so that provisioning with an existing db doesn't print lots of fatal errors (This used to be commit d8d47bb18fbb467e253e99c4281578d6e4762de3) --- source4/dsdb/samdb/ldb_modules/samldb.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 0c43b8dc06..04acbeaedf 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -336,7 +336,7 @@ static int samldb_copy_template(struct ldb_module *module, struct ldb_message *m /* pull the template record */ ret = ldb_search(module->ldb, NULL, LDB_SCOPE_SUBTREE, filter, NULL, &res); if (ret != 1) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb: ERROR: template '%s' matched %d records\n", filter, ret); + ldb_debug(module->ldb, LDB_DEBUG_WARNING, "samldb: ERROR: template '%s' matched %d records\n", filter, ret); return -1; } t = res[0]; @@ -395,7 +395,7 @@ static struct ldb_message *samldb_fill_group_object(struct ldb_module *module, c } if (samldb_copy_template(module, msg2, "(&(name=TemplateGroup)(objectclass=groupTemplate))") != 0) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_group_object: Error copying template!\n"); + ldb_debug(module->ldb, LDB_DEBUG_WARNING, "samldb_fill_group_object: Error copying template!\n"); return NULL; } @@ -475,7 +475,7 @@ static struct ldb_message *samldb_fill_user_or_computer_object(struct ldb_module } if (samldb_copy_template(module, msg2, "(&(name=TemplateUser)(objectclass=userTemplate))") != 0) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_user_or_computer_object: Error copying template!\n"); + ldb_debug(module->ldb, LDB_DEBUG_WARNING, "samldb_fill_user_or_computer_object: Error copying template!\n"); return NULL; } -- cgit From 24d2107324982d8ad69fb89d13037ba591f49534 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 20 Jul 2005 11:43:23 +0000 Subject: r8650: Use the timestamps and a new objectguid module rather than placing boilerplate attributes in every entry in provision.ldif. The next step will be to use templates. Andrew Bartlett (This used to be commit 940ed9827f5ab83b668a60a2b0110567dd54c3e2) --- source4/dsdb/samdb/ldb_modules/samldb.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 04acbeaedf..3a0368db69 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -346,7 +346,8 @@ static int samldb_copy_template(struct ldb_module *module, struct ldb_message *m /* some elements should not be copied from the template */ if (strcasecmp(el->name, "cn") == 0 || strcasecmp(el->name, "name") == 0 || - strcasecmp(el->name, "sAMAccountName") == 0) { + strcasecmp(el->name, "sAMAccountName") == 0 || + strcasecmp(el->name, "objectGUID")) { continue; } for (j = 0; j < el->num_values; j++) { @@ -447,8 +448,6 @@ static struct ldb_message *samldb_fill_group_object(struct ldb_module *module, c return NULL; } - /* TODO: objectGUID */ - talloc_steal(msg, msg2); return msg2; @@ -533,9 +532,7 @@ static struct ldb_message *samldb_fill_user_or_computer_object(struct ldb_module return NULL; } - /* TODO: objectGUID, objectCategory, userAccountControl, badPwdCount, codePage, countryCode, badPasswordTime, lastLogoff, lastLogon, pwdLastSet, primaryGroupID, accountExpires, logonCount */ - - talloc_steal(msg, msg2); + /* TODO: objectCategory, userAccountControl, badPwdCount, codePage, countryCode, badPasswordTime, lastLogoff, lastLogon, pwdLastSet, primaryGroupID, accountExpires, logonCount */ return msg2; } -- cgit From 6173fad23171add5b1d143f6c15fb36842811135 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 21 Jul 2005 02:12:20 +0000 Subject: r8660: Use templates for the initial provision of user and computer accounts. This ensures the templating code is used, and also makes it clearer what I need to duplicate in the vampire area. Also fix a silly bug in the template application code (the samdb module) that caused templates to be compleatly unused (my fault, from my commit last night). Andrew Bartlett (This used to be commit 4a8ef7197ff938942832034453f843cb8a50f2d1) --- source4/dsdb/samdb/ldb_modules/samldb.c | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 3a0368db69..40b6b72713 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -347,7 +347,7 @@ static int samldb_copy_template(struct ldb_module *module, struct ldb_message *m if (strcasecmp(el->name, "cn") == 0 || strcasecmp(el->name, "name") == 0 || strcasecmp(el->name, "sAMAccountName") == 0 || - strcasecmp(el->name, "objectGUID")) { + strcasecmp(el->name, "objectGUID") == 0) { continue; } for (j = 0; j < el->num_values; j++) { @@ -395,7 +395,7 @@ static struct ldb_message *samldb_fill_group_object(struct ldb_module *module, c return NULL; } - if (samldb_copy_template(module, msg2, "(&(name=TemplateGroup)(objectclass=groupTemplate))") != 0) { + if (samldb_copy_template(module, msg2, "(&(CN=TemplateGroup)(objectclass=groupTemplate))") != 0) { ldb_debug(module->ldb, LDB_DEBUG_WARNING, "samldb_fill_group_object: Error copying template!\n"); return NULL; } @@ -473,9 +473,16 @@ static struct ldb_message *samldb_fill_user_or_computer_object(struct ldb_module return NULL; } - if (samldb_copy_template(module, msg2, "(&(name=TemplateUser)(objectclass=userTemplate))") != 0) { - ldb_debug(module->ldb, LDB_DEBUG_WARNING, "samldb_fill_user_or_computer_object: Error copying template!\n"); - return NULL; + if (samldb_find_attribute(msg, "objectclass", "computer") == NULL) { + if (samldb_copy_template(module, msg2, "(&(CN=TemplateMemberServer)(objectclass=userTemplate))") != 0) { + ldb_debug(module->ldb, LDB_DEBUG_WARNING, "samldb_fill_user_or_computer_object: Error copying computer template!\n"); + return NULL; + } + } else { + if (samldb_copy_template(module, msg2, "(&(CN=TemplateUser)(objectclass=userTemplate))") != 0) { + ldb_debug(module->ldb, LDB_DEBUG_WARNING, "samldb_fill_user_or_computer_object: Error copying user template!\n"); + return NULL; + } } if ( ! samldb_get_rdn_and_basedn(msg2, msg2->dn, &rdn, &basedn)) { -- cgit From 8191f2cc800228e1e0d7378370f12bf6d3fca1e9 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 21 Jul 2005 05:24:02 +0000 Subject: r8663: Since simo constructed the samdb module, he and tridge have worked on a DN parsing system. Leverage that in the dsdb module. Andrew Bartlett (This used to be commit 2408f322765fc1b1769d5c8ea69eae4d968cd195) --- source4/dsdb/samdb/ldb_modules/samldb.c | 65 +++++++++++++++++---------------- 1 file changed, 34 insertions(+), 31 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 40b6b72713..6d6c1eb660 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -243,29 +243,29 @@ static char *samldb_generate_samAccountName(const void *mem_ctx) { return name; } -static BOOL samldb_get_rdn_and_basedn(const void *mem_ctx, const char *dn, char **rdn, char **basedn) +static BOOL samldb_get_rdn_and_basedn(void *mem_ctx, const char *dn, struct ldb_dn_component **rdn, char **base_dn) { - char *p; + struct ldb_dn *dn_exploded = ldb_dn_explode(mem_ctx, dn); + struct ldb_dn base_dn_exploded; - p = strchr(dn, ','); - if ( ! p ) { + if (!dn_exploded) { return False; } - - *rdn = talloc_strndup(mem_ctx, dn, p - dn); - - if ( ! *rdn) { + + if (dn_exploded->comp_num < 1) { return False; } - - *basedn = talloc_strdup(mem_ctx, p + 1); - - if ( ! *basedn) { - talloc_free(*rdn); - *rdn = NULL; - return False; + + if (dn_exploded->comp_num < 2) { + *base_dn = NULL; + } else { + base_dn_exploded.comp_num = dn_exploded->comp_num - 1; + base_dn_exploded.components = &dn_exploded->components[1]; + + *base_dn = ldb_dn_linearize(mem_ctx, &base_dn_exploded); } + *rdn = &dn_exploded->components[0]; return True; } @@ -380,7 +380,8 @@ static struct ldb_message *samldb_fill_group_object(struct ldb_module *module, c { struct ldb_message *msg2; struct ldb_message_element *attribute; - char *rdn, *basedn; + struct ldb_dn_component *rdn; + char *basedn; if (samldb_find_attribute(msg, "objectclass", "group") == NULL) { return NULL; @@ -404,28 +405,29 @@ static struct ldb_message *samldb_fill_group_object(struct ldb_module *module, c ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_group_object: Bad DN (%s)!\n", msg2->dn); return NULL; } - if (strncasecmp(rdn, "cn", 2) != 0) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_group_object: Bad RDN (%s) for group!\n", rdn); + if (strcasecmp(rdn->name, "cn") != 0) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_group_object: Bad RDN (%s) for group!\n", rdn->name); return NULL; } if ((attribute = samldb_find_attribute(msg2, "cn", NULL)) != NULL) { - if (strcasecmp(&rdn[3], attribute->values[0].data) != 0) { + if (strcasecmp(rdn->value.data, attribute->values[0].data) != 0) { ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_group_object: Bad Attribute Syntax for CN\n"); return NULL; } } else { /* FIXME: remove this if ldb supports natively aliasing between the rdn and the "cn" attribute */ - if ( ! samldb_msg_add_string(module, msg2, "cn", &rdn[3])) { + if ( ! ldb_msg_add_value(module->ldb, msg2, "cn", &rdn->value)) { return NULL; } } if ((attribute = samldb_find_attribute(msg2, "name", NULL)) != NULL) { - if (strcasecmp(&rdn[3], attribute->values[0].data) != 0) { + if (strcasecmp(rdn->value.data, attribute->values[0].data) != 0) { + return NULL; } } else { /* FIXME: remove this if ldb supports natively aliasing between the rdn and the "name" attribute */ - if ( ! samldb_msg_add_string(module, msg2, "name", &rdn[3])) { + if ( !ldb_msg_add_value(module->ldb, msg2, "name", &rdn->value)) { return NULL; } } @@ -457,7 +459,8 @@ static struct ldb_message *samldb_fill_user_or_computer_object(struct ldb_module { struct ldb_message *msg2; struct ldb_message_element *attribute; - char *rdn, *basedn; + struct ldb_dn_component *rdn; + char *basedn; if ((samldb_find_attribute(msg, "objectclass", "user") == NULL) && (samldb_find_attribute(msg, "objectclass", "computer") == NULL)) { @@ -473,7 +476,7 @@ static struct ldb_message *samldb_fill_user_or_computer_object(struct ldb_module return NULL; } - if (samldb_find_attribute(msg, "objectclass", "computer") == NULL) { + if (samldb_find_attribute(msg, "objectclass", "computer") != NULL) { if (samldb_copy_template(module, msg2, "(&(CN=TemplateMemberServer)(objectclass=userTemplate))") != 0) { ldb_debug(module->ldb, LDB_DEBUG_WARNING, "samldb_fill_user_or_computer_object: Error copying computer template!\n"); return NULL; @@ -488,8 +491,8 @@ static struct ldb_message *samldb_fill_user_or_computer_object(struct ldb_module if ( ! samldb_get_rdn_and_basedn(msg2, msg2->dn, &rdn, &basedn)) { return NULL; } - if (strncasecmp(rdn, "cn", 2) != 0) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_user_or_computer_object: Bad RDN (%s) for group!\n", rdn); + if (strcasecmp(rdn->name, "cn") != 0) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_user_or_computer_object: Bad RDN (%s) for group!\n", rdn->name); return NULL; } @@ -499,23 +502,23 @@ static struct ldb_message *samldb_fill_user_or_computer_object(struct ldb_module } if ((attribute = samldb_find_attribute(msg2, "cn", NULL)) != NULL) { - if (strcasecmp(&rdn[3], attribute->values[0].data) != 0) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_user_or_computer_object: Bad Attribute Syntax for CN\n"); + if (strcasecmp(rdn->value.data, attribute->values[0].data) != 0) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_group_object: Bad Attribute Syntax for CN\n"); return NULL; } } else { /* FIXME: remove this if ldb supports natively aliasing between the rdn and the "cn" attribute */ - if ( ! samldb_msg_add_string(module, msg2, "cn", &rdn[3])) { + if ( !ldb_msg_add_value(module->ldb, msg2, "cn", &rdn->value)) { return NULL; } } if ((attribute = samldb_find_attribute(msg2, "name", NULL)) != NULL) { - if (strcasecmp(&rdn[3], attribute->values[0].data) != 0) { + if (strcasecmp(rdn->value.data, attribute->values[0].data) != 0) { ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_user_or_computer_object: Bad Attribute Syntax for name\n"); return NULL; } } else { /* FIXME: remove this if ldb supports natively aliasing between the rdn and the "name" attribute */ - if ( ! samldb_msg_add_string(module, msg2, "name", &rdn[3])) { + if ( !ldb_msg_add_value(module->ldb, msg2, "name", &rdn->value)) { return NULL; } } -- cgit From c2f9eb30cd558d79f9593ed861e9684ade77c38d Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 21 Jul 2005 07:15:55 +0000 Subject: r8664: I got caught out not testing... I replaced these function calls, and they went from BOOL to int return values, so naturally failed. Andrew Bartlett (This used to be commit 1982fdb6f3355494ecaae93280eea4e69c78430f) --- source4/dsdb/samdb/ldb_modules/samldb.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 6d6c1eb660..d2a1cec572 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -507,7 +507,7 @@ static struct ldb_message *samldb_fill_user_or_computer_object(struct ldb_module return NULL; } } else { /* FIXME: remove this if ldb supports natively aliasing between the rdn and the "cn" attribute */ - if ( !ldb_msg_add_value(module->ldb, msg2, "cn", &rdn->value)) { + if ( ldb_msg_add_value(module->ldb, msg2, "cn", &rdn->value)) { return NULL; } } @@ -518,7 +518,7 @@ static struct ldb_message *samldb_fill_user_or_computer_object(struct ldb_module return NULL; } } else { /* FIXME: remove this if ldb supports natively aliasing between the rdn and the "name" attribute */ - if ( !ldb_msg_add_value(module->ldb, msg2, "name", &rdn->value)) { + if ( ldb_msg_add_value(module->ldb, msg2, "name", &rdn->value)) { return NULL; } } -- cgit From c7204bd9856dd4a58c420a590f1b2abab8aaa70e Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 21 Jul 2005 07:57:20 +0000 Subject: r8666: The same fix as the last commit, I was caught out on a move from a BOOL to int function return. Andrew Bartlett (This used to be commit e03e00fe606db443783f1dea03411025c01c7de5) --- source4/dsdb/samdb/ldb_modules/samldb.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index d2a1cec572..e8403a09b5 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -416,7 +416,7 @@ static struct ldb_message *samldb_fill_group_object(struct ldb_module *module, c return NULL; } } else { /* FIXME: remove this if ldb supports natively aliasing between the rdn and the "cn" attribute */ - if ( ! ldb_msg_add_value(module->ldb, msg2, "cn", &rdn->value)) { + if ( ldb_msg_add_value(module->ldb, msg2, "cn", &rdn->value)) { return NULL; } } @@ -427,7 +427,7 @@ static struct ldb_message *samldb_fill_group_object(struct ldb_module *module, c return NULL; } } else { /* FIXME: remove this if ldb supports natively aliasing between the rdn and the "name" attribute */ - if ( !ldb_msg_add_value(module->ldb, msg2, "name", &rdn->value)) { + if ( ldb_msg_add_value(module->ldb, msg2, "name", &rdn->value)) { return NULL; } } -- cgit From 4396d0d1482d4033a469f7a3e3835a6f3b145046 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 21 Jul 2005 08:32:07 +0000 Subject: r8669: The objectguid module belongs in Samba's ldb module collection, not in ldb, as it can't build without the NDR and GUID code. Also make it properly use the NDR encoding for the GUID (I forgot last time, and used a string), as well as set the dependencies on the module correctly. Andrew Bartlett (This used to be commit 8054abc76e5e3588cebc7fc01062a1223b7f140b) --- source4/dsdb/samdb/ldb_modules/objectguid.c | 224 ++++++++++++++++++++++++++++ 1 file changed, 224 insertions(+) create mode 100644 source4/dsdb/samdb/ldb_modules/objectguid.c (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/objectguid.c b/source4/dsdb/samdb/ldb_modules/objectguid.c new file mode 100644 index 0000000000..45f1a10730 --- /dev/null +++ b/source4/dsdb/samdb/ldb_modules/objectguid.c @@ -0,0 +1,224 @@ +/* + ldb database library + + Copyright (C) Simo Sorce 2004 + + ** NOTE! The following LGPL license applies to the ldb + ** library. This does NOT imply that all of Samba is released + ** under the LGPL + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +*/ + +/* + * Name: ldb + * + * Component: ldb objectguid module + * + * Description: add a unique objectGUID onto every new record + * + * Author: Simo Sorce + */ + +#include "includes.h" +#include "ldb/include/ldb.h" +#include "ldb/include/ldb_private.h" +#include + +struct private_data { + const char *error_string; +}; + +static int objectguid_search(struct ldb_module *module, const char *base, + enum ldb_scope scope, const char *expression, + const char * const *attrs, struct ldb_message ***res) +{ + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_search\n"); + return ldb_next_search(module, base, scope, expression, attrs, res); +} + +static int objectguid_search_bytree(struct ldb_module *module, const char *base, + enum ldb_scope scope, struct ldb_parse_tree *tree, + const char * const *attrs, struct ldb_message ***res) +{ + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_search\n"); + return ldb_next_search_bytree(module, base, scope, tree, attrs, res); +} + +static struct ldb_message_element *objectguid_find_attribute(const struct ldb_message *msg, const char *name) +{ + int i; + + for (i = 0; i < msg->num_elements; i++) { + if (ldb_attr_cmp(name, msg->elements[i].name) == 0) { + return &msg->elements[i]; + } + } + + return NULL; +} + +/* add_record: add crateTimestamp/modifyTimestamp attributes */ +static int objectguid_add_record(struct ldb_module *module, const struct ldb_message *msg) +{ + struct ldb_val v; + struct ldb_message *msg2; + struct ldb_message_element *attribute; + struct GUID guid; + NTSTATUS nt_status; + int ret, i; + + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_add_record\n"); + + if (msg->dn[0] == '@') { /* do not manipulate our control entries */ + return ldb_next_add_record(module, msg); + } + + if ((attribute = objectguid_find_attribute(msg, "objectGUID")) != NULL ) { + return ldb_next_add_record(module, msg); + } + + msg2 = talloc(module, struct ldb_message); + if (!msg2) { + return -1; + } + + msg2->dn = msg->dn; + msg2->num_elements = msg->num_elements; + msg2->private_data = msg->private_data; + msg2->elements = talloc_array(msg2, struct ldb_message_element, msg2->num_elements); + for (i = 0; i < msg2->num_elements; i++) { + msg2->elements[i] = msg->elements[i]; + } + + /* a new GUID */ + guid = GUID_random(); + + nt_status = ndr_push_struct_blob(&v, msg2, &guid, + (ndr_push_flags_fn_t)ndr_push_GUID); + if (!NT_STATUS_IS_OK(nt_status)) { + return -1; + } + + ret = ldb_msg_add_value(module->ldb, msg2, "objectGUID", &v); + if (ret) { + return ret; + } + + ret = ldb_next_add_record(module, msg2); + talloc_free(msg2); + + return ret; +} + +/* modify_record: change modifyTimestamp as well */ +static int objectguid_modify_record(struct ldb_module *module, const struct ldb_message *msg) +{ + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_modify_record\n"); + return ldb_next_modify_record(module, msg); +} + +static int objectguid_delete_record(struct ldb_module *module, const char *dn) +{ + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_delete_record\n"); + return ldb_next_delete_record(module, dn); +} + +static int objectguid_rename_record(struct ldb_module *module, const char *olddn, const char *newdn) +{ + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_rename_record\n"); + return ldb_next_rename_record(module, olddn, newdn); +} + +static int objectguid_lock(struct ldb_module *module, const char *lockname) +{ + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_lock\n"); + return ldb_next_named_lock(module, lockname); +} + +static int objectguid_unlock(struct ldb_module *module, const char *lockname) +{ + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_unlock\n"); + return ldb_next_named_unlock(module, lockname); +} + +/* return extended error information */ +static const char *objectguid_errstring(struct ldb_module *module) +{ + struct private_data *data = (struct private_data *)module->private_data; + + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_errstring\n"); + if (data->error_string) { + const char *error; + + error = data->error_string; + data->error_string = NULL; + return error; + } + + return ldb_next_errstring(module); +} + +static int objectguid_destructor(void *module_ctx) +{ + /* struct ldb_module *ctx = module_ctx; */ + /* put your clean-up functions here */ + return 0; +} + +static const struct ldb_module_ops objectguid_ops = { + .name = "objectguid", + .search = objectguid_search, + .search_bytree = objectguid_search_bytree, + .add_record = objectguid_add_record, + .modify_record = objectguid_modify_record, + .delete_record = objectguid_delete_record, + .rename_record = objectguid_rename_record, + .named_lock = objectguid_lock, + .named_unlock = objectguid_unlock, + .errstring = objectguid_errstring +}; + + +/* the init function */ +#ifdef HAVE_DLOPEN_DISABLED + struct ldb_module *init_module(struct ldb_context *ldb, const char *options[]) +#else +struct ldb_module *objectguid_module_init(struct ldb_context *ldb, const char *options[]) +#endif +{ + struct ldb_module *ctx; + struct private_data *data; + + ctx = talloc(ldb, struct ldb_module); + if (!ctx) + return NULL; + + data = talloc(ctx, struct private_data); + if (!data) { + talloc_free(ctx); + return NULL; + } + + data->error_string = NULL; + ctx->private_data = data; + ctx->ldb = ldb; + ctx->prev = ctx->next = NULL; + ctx->ops = &objectguid_ops; + + talloc_set_destructor (ctx, objectguid_destructor); + + return ctx; +} -- cgit From d3a2b03f7690ba0b8910d5b5ad37ca0cf67e3221 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 21 Jul 2005 09:19:21 +0000 Subject: r8674: With the rdn_name module, we don't need this duplication in the samdb module any more. Andrew Bartlett (This used to be commit da48e77e7ca21bc99f2829a22ea3dc96ba413191) --- source4/dsdb/samdb/ldb_modules/samldb.c | 22 ---------------------- 1 file changed, 22 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index e8403a09b5..f0f44cf4d5 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -421,17 +421,6 @@ static struct ldb_message *samldb_fill_group_object(struct ldb_module *module, c } } - if ((attribute = samldb_find_attribute(msg2, "name", NULL)) != NULL) { - if (strcasecmp(rdn->value.data, attribute->values[0].data) != 0) { - - return NULL; - } - } else { /* FIXME: remove this if ldb supports natively aliasing between the rdn and the "name" attribute */ - if ( ldb_msg_add_value(module->ldb, msg2, "name", &rdn->value)) { - return NULL; - } - } - if ((attribute = samldb_find_attribute(msg2, "objectSid", NULL)) == NULL ) { struct dom_sid *sid = samldb_get_new_sid(module, msg2, msg2->dn); if (sid == NULL) { @@ -512,17 +501,6 @@ static struct ldb_message *samldb_fill_user_or_computer_object(struct ldb_module } } - if ((attribute = samldb_find_attribute(msg2, "name", NULL)) != NULL) { - if (strcasecmp(rdn->value.data, attribute->values[0].data) != 0) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_user_or_computer_object: Bad Attribute Syntax for name\n"); - return NULL; - } - } else { /* FIXME: remove this if ldb supports natively aliasing between the rdn and the "name" attribute */ - if ( ldb_msg_add_value(module->ldb, msg2, "name", &rdn->value)) { - return NULL; - } - } - if ((attribute = samldb_find_attribute(msg2, "objectSid", NULL)) == NULL ) { struct dom_sid *sid; sid = samldb_get_new_sid(module, msg2, msg2->dn); -- cgit From a7f9d9c5b8e77e0530ace68bd2ed4a7c374bf0fa Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 25 Jul 2005 01:17:09 +0000 Subject: r8740: Extend the rdn_name module to handle adding the rdn as an attribute. ie: dn: cn=foo,ou=bar objectClass: person implies dn: cn=foo,ou=bar objectClass: person cn: foo (as well as a pile more default attributes) We also correct the case in the attirbute to match that in the DN (win2k3 behaviour) and I have a testsuite (in ejs) to prove it. This module also found a bug in our provision.ldif, so and reduces code complexity in the samdb module. Andrew Bartlett (This used to be commit 0cc58f5c3cce12341ad0f7a90cdd85a3fab786b3) --- source4/dsdb/samdb/ldb_modules/samldb.c | 24 +----------------------- 1 file changed, 1 insertion(+), 23 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index f0f44cf4d5..7b82621c8d 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -410,17 +410,6 @@ static struct ldb_message *samldb_fill_group_object(struct ldb_module *module, c return NULL; } - if ((attribute = samldb_find_attribute(msg2, "cn", NULL)) != NULL) { - if (strcasecmp(rdn->value.data, attribute->values[0].data) != 0) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_group_object: Bad Attribute Syntax for CN\n"); - return NULL; - } - } else { /* FIXME: remove this if ldb supports natively aliasing between the rdn and the "cn" attribute */ - if ( ldb_msg_add_value(module->ldb, msg2, "cn", &rdn->value)) { - return NULL; - } - } - if ((attribute = samldb_find_attribute(msg2, "objectSid", NULL)) == NULL ) { struct dom_sid *sid = samldb_get_new_sid(module, msg2, msg2->dn); if (sid == NULL) { @@ -481,7 +470,7 @@ static struct ldb_message *samldb_fill_user_or_computer_object(struct ldb_module return NULL; } if (strcasecmp(rdn->name, "cn") != 0) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_user_or_computer_object: Bad RDN (%s) for group!\n", rdn->name); + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_user_or_computer_object: Bad RDN (%s) for user/computer!\n", rdn->name); return NULL; } @@ -490,17 +479,6 @@ static struct ldb_message *samldb_fill_user_or_computer_object(struct ldb_module return NULL; } - if ((attribute = samldb_find_attribute(msg2, "cn", NULL)) != NULL) { - if (strcasecmp(rdn->value.data, attribute->values[0].data) != 0) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_group_object: Bad Attribute Syntax for CN\n"); - return NULL; - } - } else { /* FIXME: remove this if ldb supports natively aliasing between the rdn and the "cn" attribute */ - if ( ldb_msg_add_value(module->ldb, msg2, "cn", &rdn->value)) { - return NULL; - } - } - if ((attribute = samldb_find_attribute(msg2, "objectSid", NULL)) == NULL ) { struct dom_sid *sid; sid = samldb_get_new_sid(module, msg2, msg2->dn); -- cgit From 0b7a3878317f87331027c80ce6d8dce83932de6e Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 27 Jul 2005 00:24:47 +0000 Subject: r8791: (missing from previous commit) Add templating support for foreignSecurityPrincipal to the samdb module. Andrew Bartltt (This used to be commit 5f51d806d718bfa6931d102ff4e866c688a6ecd9) --- source4/dsdb/samdb/ldb_modules/samldb.c | 77 ++++++++++++++++++++++++++------- 1 file changed, 61 insertions(+), 16 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 7b82621c8d..88c1ab5804 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -243,10 +243,9 @@ static char *samldb_generate_samAccountName(const void *mem_ctx) { return name; } -static BOOL samldb_get_rdn_and_basedn(void *mem_ctx, const char *dn, struct ldb_dn_component **rdn, char **base_dn) +static BOOL samldb_get_rdn(void *mem_ctx, const char *dn, struct ldb_dn_component **rdn) { struct ldb_dn *dn_exploded = ldb_dn_explode(mem_ctx, dn); - struct ldb_dn base_dn_exploded; if (!dn_exploded) { return False; @@ -256,15 +255,6 @@ static BOOL samldb_get_rdn_and_basedn(void *mem_ctx, const char *dn, struct ldb_ return False; } - if (dn_exploded->comp_num < 2) { - *base_dn = NULL; - } else { - base_dn_exploded.comp_num = dn_exploded->comp_num - 1; - base_dn_exploded.components = &dn_exploded->components[1]; - - *base_dn = ldb_dn_linearize(mem_ctx, &base_dn_exploded); - } - *rdn = &dn_exploded->components[0]; return True; } @@ -355,7 +345,7 @@ static int samldb_copy_template(struct ldb_module *module, struct ldb_message *m (strcasecmp((char *)el->values[j].data, "Template") == 0 || strcasecmp((char *)el->values[j].data, "userTemplate") == 0 || strcasecmp((char *)el->values[j].data, "groupTemplate") == 0 || - strcasecmp((char *)el->values[j].data, "foreignSecurityTemplate") == 0 || + strcasecmp((char *)el->values[j].data, "foreignSecurityPrincipalTemplate") == 0 || strcasecmp((char *)el->values[j].data, "aliasTemplate") == 0 || strcasecmp((char *)el->values[j].data, "trustedDomainTemplate") == 0 || strcasecmp((char *)el->values[j].data, "secretTemplate") == 0)) { @@ -381,7 +371,6 @@ static struct ldb_message *samldb_fill_group_object(struct ldb_module *module, c struct ldb_message *msg2; struct ldb_message_element *attribute; struct ldb_dn_component *rdn; - char *basedn; if (samldb_find_attribute(msg, "objectclass", "group") == NULL) { return NULL; @@ -401,7 +390,7 @@ static struct ldb_message *samldb_fill_group_object(struct ldb_module *module, c return NULL; } - if ( ! samldb_get_rdn_and_basedn(msg2, msg2->dn, &rdn, &basedn)) { + if ( ! samldb_get_rdn(msg2, msg2->dn, &rdn)) { ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_group_object: Bad DN (%s)!\n", msg2->dn); return NULL; } @@ -438,7 +427,6 @@ static struct ldb_message *samldb_fill_user_or_computer_object(struct ldb_module struct ldb_message *msg2; struct ldb_message_element *attribute; struct ldb_dn_component *rdn; - char *basedn; if ((samldb_find_attribute(msg, "objectclass", "user") == NULL) && (samldb_find_attribute(msg, "objectclass", "computer") == NULL)) { @@ -466,7 +454,7 @@ static struct ldb_message *samldb_fill_user_or_computer_object(struct ldb_module } } - if ( ! samldb_get_rdn_and_basedn(msg2, msg2->dn, &rdn, &basedn)) { + if ( ! samldb_get_rdn(msg2, msg2->dn, &rdn)) { return NULL; } if (strcasecmp(rdn->name, "cn") != 0) { @@ -503,6 +491,58 @@ static struct ldb_message *samldb_fill_user_or_computer_object(struct ldb_module return msg2; } +static struct ldb_message *samldb_fill_foreignSecurityPrincipal_object(struct ldb_module *module, const struct ldb_message *msg) +{ + struct ldb_message *msg2; + struct ldb_message_element *attribute; + struct ldb_dn_component *rdn; + + if (samldb_find_attribute(msg, "objectclass", "foreignSecurityPrincipal") == NULL) { + return NULL; + } + + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "samldb_fill_foreignSecurityPrincipal_object\n"); + + /* build the new msg */ + msg2 = ldb_msg_copy(module->ldb, msg); + if (!msg2) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_foreignSecurityPrincpal_object: ldb_msg_copy failed!\n"); + return NULL; + } + + if (samldb_copy_template(module, msg2, "(&(CN=TemplateForeignSecurityPrincipal)(objectclass=foreignSecurityPrincipalTemplate))") != 0) { + ldb_debug(module->ldb, LDB_DEBUG_WARNING, "samldb_fill_foreignSecurityPrincipal_object: Error copying template!\n"); + return NULL; + } + + if ( ! samldb_get_rdn(msg2, msg2->dn, &rdn)) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_foreignSecurityPrincipal_object: Bad DN (%s)!\n", msg2->dn); + return NULL; + } + if (strcasecmp(rdn->name, "cn") != 0) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_foreignSecurityPrincipal_object: Bad RDN (%s) for foreignSecurityPrincpal!\n", rdn->name); + return NULL; + } + + if ((attribute = samldb_find_attribute(msg2, "objectSid", NULL)) == NULL ) { + struct dom_sid *sid = dom_sid_parse_talloc(msg2, rdn->value.data); + if (sid == NULL) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_foreignSecurityPrincipal_object: internal error! Can't parse sid in CN\n"); + return NULL; + } + + if (!samldb_msg_add_sid(module, msg2, "objectSid", sid)) { + talloc_free(sid); + return NULL; + } + talloc_free(sid); + } + + talloc_steal(msg, msg2); + + return msg2; +} + /* add_record */ static int samldb_add_record(struct ldb_module *module, const struct ldb_message *msg) { @@ -523,6 +563,11 @@ static int samldb_add_record(struct ldb_module *module, const struct ldb_message msg2 = samldb_fill_group_object(module, msg); } + /* perhaps a foreignSecurityPrincipal? */ + if ( ! msg2 ) { + msg2 = samldb_fill_foreignSecurityPrincipal_object(module, msg); + } + if (msg2) { ret = ldb_next_add_record(module, msg2); } else { -- cgit From 6553dd0c60e922f42de347a02c8f792f087c393c Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 28 Jul 2005 00:27:28 +0000 Subject: r8811: Fix the build.. (This used to be commit fac77f5fa267da57a55e88cad8993897e80741a0) --- source4/dsdb/samdb/ldb_modules/objectguid.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/objectguid.c b/source4/dsdb/samdb/ldb_modules/objectguid.c index 45f1a10730..873c89cf28 100644 --- a/source4/dsdb/samdb/ldb_modules/objectguid.c +++ b/source4/dsdb/samdb/ldb_modules/objectguid.c @@ -35,6 +35,7 @@ #include "includes.h" #include "ldb/include/ldb.h" #include "ldb/include/ldb_private.h" +#include "librpc/gen_ndr/ndr_misc.h" #include struct private_data { -- cgit From 3e4c4cff2177af33efdb15f03a1bbcb639505cee Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 18 Aug 2005 15:02:01 +0000 Subject: r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba) --- source4/dsdb/samdb/ldb_modules/objectguid.c | 10 ++-- source4/dsdb/samdb/ldb_modules/samldb.c | 76 +++++++++++++---------------- 2 files changed, 38 insertions(+), 48 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/objectguid.c b/source4/dsdb/samdb/ldb_modules/objectguid.c index 873c89cf28..dc4576a8f9 100644 --- a/source4/dsdb/samdb/ldb_modules/objectguid.c +++ b/source4/dsdb/samdb/ldb_modules/objectguid.c @@ -42,7 +42,7 @@ struct private_data { const char *error_string; }; -static int objectguid_search(struct ldb_module *module, const char *base, +static int objectguid_search(struct ldb_module *module, const struct ldb_dn *base, enum ldb_scope scope, const char *expression, const char * const *attrs, struct ldb_message ***res) { @@ -50,7 +50,7 @@ static int objectguid_search(struct ldb_module *module, const char *base, return ldb_next_search(module, base, scope, expression, attrs, res); } -static int objectguid_search_bytree(struct ldb_module *module, const char *base, +static int objectguid_search_bytree(struct ldb_module *module, const struct ldb_dn *base, enum ldb_scope scope, struct ldb_parse_tree *tree, const char * const *attrs, struct ldb_message ***res) { @@ -83,7 +83,7 @@ static int objectguid_add_record(struct ldb_module *module, const struct ldb_mes ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_add_record\n"); - if (msg->dn[0] == '@') { /* do not manipulate our control entries */ + if (ldb_dn_is_special(msg->dn)) { /* do not manipulate our control entries */ return ldb_next_add_record(module, msg); } @@ -131,13 +131,13 @@ static int objectguid_modify_record(struct ldb_module *module, const struct ldb_ return ldb_next_modify_record(module, msg); } -static int objectguid_delete_record(struct ldb_module *module, const char *dn) +static int objectguid_delete_record(struct ldb_module *module, const struct ldb_dn *dn) { ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_delete_record\n"); return ldb_next_delete_record(module, dn); } -static int objectguid_rename_record(struct ldb_module *module, const char *olddn, const char *newdn) +static int objectguid_rename_record(struct ldb_module *module, const struct ldb_dn *olddn, const struct ldb_dn *newdn) { ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_rename_record\n"); return ldb_next_rename_record(module, olddn, newdn); diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 88c1ab5804..ed7c135efa 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -44,7 +44,7 @@ struct private_data { const char *error_string; }; -static int samldb_search(struct ldb_module *module, const char *base, +static int samldb_search(struct ldb_module *module, const struct ldb_dn *base, enum ldb_scope scope, const char *expression, const char * const *attrs, struct ldb_message ***res) { @@ -52,7 +52,7 @@ static int samldb_search(struct ldb_module *module, const char *base, return ldb_next_search(module, base, scope, expression, attrs, res); } -static int samldb_search_bytree(struct ldb_module *module, const char *base, +static int samldb_search_bytree(struct ldb_module *module, const struct ldb_dn *base, enum ldb_scope scope, struct ldb_parse_tree *tree, const char * const *attrs, struct ldb_message ***res) { @@ -65,7 +65,7 @@ static int samldb_search_bytree(struct ldb_module *module, const char *base, return 0 on failure, the id on success */ static int samldb_allocate_next_rid(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, - const char *dn, uint32_t *id) + const struct ldb_dn *dn, uint32_t *id) { const char * const attrs[2] = { "nextRid", NULL }; struct ldb_message **res = NULL; @@ -82,7 +82,7 @@ static int samldb_allocate_next_rid(struct ldb_context *ldb, TALLOC_CTX *mem_ctx } str = ldb_msg_find_string(res[0], "nextRid", NULL); if (str == NULL) { - ldb_debug(ldb, LDB_DEBUG_FATAL, "attribute nextRid not found in %s\n", dn); + ldb_debug(ldb, LDB_DEBUG_FATAL, "attribute nextRid not found in %s\n", ldb_dn_linearize(res, dn)); talloc_free(res); return -1; } @@ -99,7 +99,7 @@ static int samldb_allocate_next_rid(struct ldb_context *ldb, TALLOC_CTX *mem_ctx /* we do a delete and add as a single operation. That prevents a race */ ZERO_STRUCT(msg); - msg.dn = talloc_strdup(mem_ctx, dn); + msg.dn = ldb_dn_copy(mem_ctx, dn); if (!msg.dn) { return -1; } @@ -141,29 +141,35 @@ static int samldb_allocate_next_rid(struct ldb_context *ldb, TALLOC_CTX *mem_ctx return 0; } -static char *samldb_search_domain(struct ldb_module *module, TALLOC_CTX *mem_ctx, const char *dn) +static struct ldb_dn *samldb_search_domain(struct ldb_module *module, TALLOC_CTX *mem_ctx, const struct ldb_dn *dn) { - const char *sdn; + TALLOC_CTX *local_ctx; + struct ldb_dn *sdn; struct ldb_message **res = NULL; int ret = 0; - sdn = dn; - while ((sdn = strchr(sdn, ',')) != NULL) { - - sdn++; + local_ctx = talloc_named(mem_ctx, 0, "samldb_search_domain memory conext"); + if (local_ctx == NULL) return NULL; + sdn = ldb_dn_copy(local_ctx, dn); + do { ret = ldb_search(module->ldb, sdn, LDB_SCOPE_BASE, "objectClass=domain", NULL, &res); talloc_free(res); if (ret == 1) break; - } + + } while ((sdn = ldb_dn_get_parent(local_ctx, sdn))); if (ret != 1) { + talloc_free(local_ctx); return NULL; } - return talloc_strdup(mem_ctx, sdn); + talloc_steal(mem_ctx, sdn); + talloc_free(local_ctx); + + return sdn; } /* search the domain related to the provided dn @@ -171,11 +177,11 @@ static char *samldb_search_domain(struct ldb_module *module, TALLOC_CTX *mem_ctx return the new sid string */ static struct dom_sid *samldb_get_new_sid(struct ldb_module *module, - TALLOC_CTX *mem_ctx, const char *obj_dn) + TALLOC_CTX *mem_ctx, const struct ldb_dn *obj_dn) { const char * const attrs[2] = { "objectSid", NULL }; struct ldb_message **res = NULL; - const char *dom_dn; + const struct ldb_dn *dom_dn; uint32_t rid; int ret, tries = 10; struct dom_sid *dom_sid, *obj_sid; @@ -190,7 +196,7 @@ static struct dom_sid *samldb_get_new_sid(struct ldb_module *module, dom_dn = samldb_search_domain(module, mem_ctx, obj_dn); if (dom_dn == NULL) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "Invalid dn (%s) not child of a domain object!\n", obj_dn); + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "Invalid dn (%s) not child of a domain object!\n", ldb_dn_linearize(mem_ctx, obj_dn)); return NULL; } @@ -221,7 +227,7 @@ static struct dom_sid *samldb_get_new_sid(struct ldb_module *module, } } if (ret != 0) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "Failed to increment nextRid of %s\n", dom_dn); + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "Failed to increment nextRid of %s\n", ldb_dn_linearize(mem_ctx, dom_dn)); talloc_free(res); return NULL; } @@ -243,22 +249,6 @@ static char *samldb_generate_samAccountName(const void *mem_ctx) { return name; } -static BOOL samldb_get_rdn(void *mem_ctx, const char *dn, struct ldb_dn_component **rdn) -{ - struct ldb_dn *dn_exploded = ldb_dn_explode(mem_ctx, dn); - - if (!dn_exploded) { - return False; - } - - if (dn_exploded->comp_num < 1) { - return False; - } - - *rdn = &dn_exploded->components[0]; - return True; -} - /* if value is not null also check for attribute to have exactly that value */ static struct ldb_message_element *samldb_find_attribute(const struct ldb_message *msg, const char *name, const char *value) { @@ -390,8 +380,8 @@ static struct ldb_message *samldb_fill_group_object(struct ldb_module *module, c return NULL; } - if ( ! samldb_get_rdn(msg2, msg2->dn, &rdn)) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_group_object: Bad DN (%s)!\n", msg2->dn); + if ((rdn = ldb_dn_get_rdn(msg2, msg2->dn)) == NULL) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_group_object: Bad DN (%s)!\n", ldb_dn_linearize(msg2, msg2->dn)); return NULL; } if (strcasecmp(rdn->name, "cn") != 0) { @@ -454,7 +444,7 @@ static struct ldb_message *samldb_fill_user_or_computer_object(struct ldb_module } } - if ( ! samldb_get_rdn(msg2, msg2->dn, &rdn)) { + if ((rdn = ldb_dn_get_rdn(msg2, msg2->dn)) == NULL) { return NULL; } if (strcasecmp(rdn->name, "cn") != 0) { @@ -510,13 +500,15 @@ static struct ldb_message *samldb_fill_foreignSecurityPrincipal_object(struct ld return NULL; } + talloc_steal(msg, msg2); + if (samldb_copy_template(module, msg2, "(&(CN=TemplateForeignSecurityPrincipal)(objectclass=foreignSecurityPrincipalTemplate))") != 0) { ldb_debug(module->ldb, LDB_DEBUG_WARNING, "samldb_fill_foreignSecurityPrincipal_object: Error copying template!\n"); return NULL; } - if ( ! samldb_get_rdn(msg2, msg2->dn, &rdn)) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_foreignSecurityPrincipal_object: Bad DN (%s)!\n", msg2->dn); + if ((rdn = ldb_dn_get_rdn(msg2, msg2->dn)) == NULL) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_foreignSecurityPrincipal_object: Bad DN (%s)!\n", ldb_dn_linearize(msg2, msg2->dn)); return NULL; } if (strcasecmp(rdn->name, "cn") != 0) { @@ -538,8 +530,6 @@ static struct ldb_message *samldb_fill_foreignSecurityPrincipal_object(struct ld talloc_free(sid); } - talloc_steal(msg, msg2); - return msg2; } @@ -551,7 +541,7 @@ static int samldb_add_record(struct ldb_module *module, const struct ldb_message ldb_debug(module->ldb, LDB_DEBUG_TRACE, "samldb_add_record\n"); - if (msg->dn[0] == '@') { /* do not manipulate our control entries */ + if (strcmp(msg->dn->components[0].name, "@SPEACIAL") == 0) { /* do not manipulate our control entries */ return ldb_next_add_record(module, msg); } @@ -584,13 +574,13 @@ static int samldb_modify_record(struct ldb_module *module, const struct ldb_mess return ldb_next_modify_record(module, msg); } -static int samldb_delete_record(struct ldb_module *module, const char *dn) +static int samldb_delete_record(struct ldb_module *module, const struct ldb_dn *dn) { ldb_debug(module->ldb, LDB_DEBUG_TRACE, "samldb_delete_record\n"); return ldb_next_delete_record(module, dn); } -static int samldb_rename_record(struct ldb_module *module, const char *olddn, const char *newdn) +static int samldb_rename_record(struct ldb_module *module, const struct ldb_dn *olddn, const struct ldb_dn *newdn) { ldb_debug(module->ldb, LDB_DEBUG_TRACE, "samldb_rename_record\n"); return ldb_next_rename_record(module, olddn, newdn); -- cgit From 2f6fd1d45c6c2edf716973388287259d877cf8c1 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 30 Aug 2005 00:25:46 +0000 Subject: r9767: Fix typo (This used to be commit 0602e8b3e7b5921fa99bfe788fe290f03b3dc7ac) --- source4/dsdb/samdb/ldb_modules/samldb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index ed7c135efa..9ab6830161 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -541,7 +541,7 @@ static int samldb_add_record(struct ldb_module *module, const struct ldb_message ldb_debug(module->ldb, LDB_DEBUG_TRACE, "samldb_add_record\n"); - if (strcmp(msg->dn->components[0].name, "@SPEACIAL") == 0) { /* do not manipulate our control entries */ + if (strcmp(msg->dn->components[0].name, LDB_SPECIAL) == 0) { /* do not manipulate our control entries */ return ldb_next_add_record(module, msg); } -- cgit From 584f3aeb7e4a59d9c6aa7650c196fd2c86500c16 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 30 Aug 2005 00:26:44 +0000 Subject: r9768: Arrrgh.. Right this time. (This used to be commit 8bded3fc926b8eb6285e06fd4b4706b779edb386) --- source4/dsdb/samdb/ldb_modules/samldb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 9ab6830161..6b6c8bd55d 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -541,7 +541,7 @@ static int samldb_add_record(struct ldb_module *module, const struct ldb_message ldb_debug(module->ldb, LDB_DEBUG_TRACE, "samldb_add_record\n"); - if (strcmp(msg->dn->components[0].name, LDB_SPECIAL) == 0) { /* do not manipulate our control entries */ + if (strcmp(msg->dn->components[0].name, "@SPECIAL") == 0) { /* do not manipulate our control entries */ return ldb_next_add_record(module, msg); } -- cgit From f9447d2a17089178d311e03e398c25c749450f6d Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 30 Aug 2005 11:08:03 +0000 Subject: r9786: Move ldb_map into ldb/modules/ Move samba3sam to dsdb/ (This used to be commit eb9d615bcd49328131613f64745760a90553b7f2) --- source4/dsdb/samdb/ldb_modules/samba3sam.c | 631 +++++++++++++++++++++++++++++ 1 file changed, 631 insertions(+) create mode 100644 source4/dsdb/samdb/ldb_modules/samba3sam.c (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samba3sam.c b/source4/dsdb/samdb/ldb_modules/samba3sam.c new file mode 100644 index 0000000000..444d7e8d12 --- /dev/null +++ b/source4/dsdb/samdb/ldb_modules/samba3sam.c @@ -0,0 +1,631 @@ +/* + ldb database library - Samba3 SAM compatibility backend + + Copyright (C) Jelmer Vernooij 2005 + + ** NOTE! The following LGPL license applies to the ldb + ** library. This does NOT imply that all of Samba is released + ** under the LGPL + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +*/ + +#include "includes.h" +#include "ldb/modules/ldb_map.h" +#include "ldb/include/ldb.h" +#include "ldb/include/ldb_private.h" + +/* FIXME: + * sambaSID -> member (dn!) + * sambaSIDList -> member (dn!) + * sambaDomainName -> name + * sambaTrustPassword + * sambaUnixIdPool + * sambaIdmapEntry + * sambaAccountPolicy + * sambaSidEntry + * sambaAcctFlags -> systemFlags ? + * sambaPasswordHistory -> ntPwdHistory*/ + +/* Not necessary: + * sambaConfig + * sambaShare + * sambaConfigOption + * sambaNextGroupRid + * sambaNextUserRid + * sambaAlgorithmicRidBase + */ + +/* Not in Samba4: + * sambaKickoffTime + * sambaPwdCanChange + * sambaPwdMustChange + * sambaHomePath + * sambaHomeDrive + * sambaLogonScript + * sambaProfilePath + * sambaUserWorkstations + * sambaMungedDial + * sambaLogonHours */ + +/* In Samba4 but not in Samba3: +*/ + +static struct ldb_val convert_sid_rid(struct ldb_map_context *map, TALLOC_CTX *ctx, const struct ldb_val *val) +{ + printf("Converting SID TO RID *\n"); + + return ldb_val_dup(ctx, val); +} + +static struct ldb_val convert_rid_sid(struct ldb_map_context *map, TALLOC_CTX *ctx, const struct ldb_val *val) +{ + printf("Converting RID TO SID *\n"); + + return ldb_val_dup(ctx, val); +} + +static struct ldb_val convert_unix_id2name(struct ldb_map_context *map, TALLOC_CTX *ctx, const struct ldb_val *val) +{ + printf("Converting UNIX ID to name\n"); + + return ldb_val_dup(ctx, val); +} + +static struct ldb_val convert_unix_name2id(struct ldb_map_context *map, TALLOC_CTX *ctx, const struct ldb_val *val) +{ + printf("Converting UNIX name to ID\n"); + + return ldb_val_dup(ctx, val); +} + +const struct ldb_map_objectclass samba3_objectclasses[] = { + { "group", "sambaGroupMapping" }, + { "user", "sambaSAMAccount" }, + { "domain", "sambaDomain" }, + { NULL, NULL } +}; + +const struct ldb_map_attribute samba3_attributes[] = +{ + /* sambaNextRid -> nextRid */ + { + .local_name = "nextRid", + .type = MAP_RENAME, + .u.rename.remote_name = "sambaNextRid", + }, + + /* sambaBadPasswordTime -> badPasswordtime*/ + { + .local_name = "badPasswordTime", + .type = MAP_RENAME, + .u.rename.remote_name = "sambaBadPasswordTime", + }, + + /* sambaLMPassword -> lmPwdHash*/ + { + .local_name = "lmPwdHash", + .type = MAP_RENAME, + .u.rename.remote_name = "sambaLMPassword", + }, + + /* sambaGroupType -> groupType */ + { + .local_name = "groupType", + .type = MAP_RENAME, + .u.rename.remote_name = "sambaGroupType", + }, + + /* sambaNTPassword -> ntPwdHash*/ + { + .local_name = "badPwdCount", + .type = MAP_RENAME, + .u.rename.remote_name = "sambaNTPassword", + }, + + /* sambaPrimaryGroupSID -> primaryGroupID */ + { + .local_name = "primaryGroupID", + .type = MAP_CONVERT, + .u.convert.remote_name = "sambaPrimaryGroupSID", + .u.convert.convert_local = convert_rid_sid, + .u.convert.convert_remote = convert_sid_rid, + }, + + /* sambaBadPasswordCount -> badPwdCount */ + { + .local_name = "badPwdCount", + .type = MAP_RENAME, + .u.rename.remote_name = "sambaBadPasswordCount", + }, + + /* sambaLogonTime -> lastLogon*/ + { + .local_name = "lastLogon", + .type = MAP_RENAME, + .u.rename.remote_name = "sambaLogonTime", + }, + + /* sambaLogoffTime -> lastLogoff*/ + { + .local_name = "lastLogoff", + .type = MAP_RENAME, + .u.rename.remote_name = "sambaLogoffTime", + }, + + /* gidNumber -> unixName */ + { + .local_name = "unixName", + .type = MAP_CONVERT, + .u.convert.remote_name = "gidNumber", + .u.convert.convert_local = convert_unix_name2id, + .u.convert.convert_remote = convert_unix_id2name, + }, + + /* uid -> unixName */ + { + .local_name = "unixName", + .type = MAP_CONVERT, + .u.convert.remote_name = "uid", + .u.convert.convert_local = convert_unix_name2id, + .u.convert.convert_remote = convert_unix_id2name, + }, + + /* displayName -> name */ + { + .local_name = "name", + .type = MAP_RENAME, + .u.rename.remote_name = "displayName", + }, + + /* cn */ + { + .local_name = "cn", + .type = MAP_KEEP, + }, + + /* sAMAccountName -> cn */ + { + .local_name = "sAMAccountName", + .type = MAP_RENAME, + .u.rename.remote_name = "uid", + }, + + /* objectCategory */ + { + .local_name = "objectCategory", + .type = MAP_IGNORE, + }, + + /* objectGUID */ + { + .local_name = "objectGUID", + .type = MAP_IGNORE, + }, + + /* objectVersion */ + { + .local_name = "objectVersion", + .type = MAP_IGNORE, + }, + + /* codePage */ + { + .local_name = "codePage", + .type = MAP_IGNORE, + }, + + /* dNSHostName */ + { + .local_name = "dNSHostName", + .type = MAP_IGNORE, + }, + + + /* dnsDomain */ + { + .local_name = "dnsDomain", + .type = MAP_IGNORE, + }, + + /* dnsRoot */ + { + .local_name = "dnsRoot", + .type = MAP_IGNORE, + }, + + /* countryCode */ + { + .local_name = "countryCode", + .type = MAP_IGNORE, + }, + + /* nTMixedDomain */ + { + .local_name = "nTMixedDomain", + .type = MAP_IGNORE, + }, + + /* operatingSystem */ + { + .local_name = "operatingSystem", + .type = MAP_IGNORE, + }, + + /* operatingSystemVersion */ + { + .local_name = "operatingSystemVersion", + .type = MAP_IGNORE, + }, + + + /* servicePrincipalName */ + { + .local_name = "servicePrincipalName", + .type = MAP_IGNORE, + }, + + /* msDS-Behavior-Version */ + { + .local_name = "msDS-Behavior-Version", + .type = MAP_IGNORE, + }, + + /* msDS-KeyVersionNumber */ + { + .local_name = "msDS-KeyVersionNumber", + .type = MAP_IGNORE, + }, + + /* msDs-masteredBy */ + { + .local_name = "msDs-masteredBy", + .type = MAP_IGNORE, + }, + + /* ou */ + { + .local_name = "ou", + .type = MAP_KEEP, + }, + + /* dc */ + { + .local_name = "dc", + .type = MAP_KEEP, + }, + + /* description */ + { + .local_name = "description", + .type = MAP_KEEP, + }, + + /* sambaSID -> objectSid*/ + { + .local_name = "objectSid", + .type = MAP_RENAME, + .u.rename.remote_name = "sambaSID", + }, + + /* sambaPwdLastSet -> pwdLastSet */ + { + .local_name = "pwdLastSet", + .type = MAP_RENAME, + .u.rename.remote_name = "sambaPwdLastSet", + }, + + /* accountExpires */ + { + .local_name = "accountExpires", + .type = MAP_IGNORE, + }, + + /* adminCount */ + { + .local_name = "adminCount", + .type = MAP_IGNORE, + }, + + /* canonicalName */ + { + .local_name = "canonicalName", + .type = MAP_IGNORE, + }, + + /* createTimestamp */ + { + .local_name = "createTimestamp", + .type = MAP_IGNORE, + }, + + /* creationTime */ + { + .local_name = "creationTime", + .type = MAP_IGNORE, + }, + + /* dMDLocation */ + { + .local_name = "dMDLocation", + .type = MAP_IGNORE, + }, + + /* fSMORoleOwner */ + { + .local_name = "fSMORoleOwner", + .type = MAP_IGNORE, + }, + + /* forceLogoff */ + { + .local_name = "forceLogoff", + .type = MAP_IGNORE, + }, + + /* instanceType */ + { + .local_name = "instanceType", + .type = MAP_IGNORE, + }, + + /* invocationId */ + { + .local_name = "invocationId", + .type = MAP_IGNORE, + }, + + /* isCriticalSystemObject */ + { + .local_name = "isCriticalSystemObject", + .type = MAP_IGNORE, + }, + + /* localPolicyFlags */ + { + .local_name = "localPolicyFlags", + .type = MAP_IGNORE, + }, + + /* lockOutObservationWindow */ + { + .local_name = "lockOutObservationWindow", + .type = MAP_IGNORE, + }, + + /* lockoutDuration */ + { + .local_name = "lockoutDuration", + .type = MAP_IGNORE, + }, + + /* lockoutThreshold */ + { + .local_name = "lockoutThreshold", + .type = MAP_IGNORE, + }, + + /* logonCount */ + { + .local_name = "logonCount", + .type = MAP_IGNORE, + }, + + /* masteredBy */ + { + .local_name = "masteredBy", + .type = MAP_IGNORE, + }, + + /* maxPwdAge */ + { + .local_name = "maxPwdAge", + .type = MAP_IGNORE, + }, + + /* member */ + { + .local_name = "member", + .type = MAP_IGNORE, + }, + + /* memberOf */ + { + .local_name = "memberOf", + .type = MAP_IGNORE, + }, + + /* minPwdAge */ + { + .local_name = "minPwdAge", + .type = MAP_IGNORE, + }, + + /* minPwdLength */ + { + .local_name = "minPwdLength", + .type = MAP_IGNORE, + }, + + /* modifiedCount */ + { + .local_name = "modifiedCount", + .type = MAP_IGNORE, + }, + + /* modifiedCountAtLastProm */ + { + .local_name = "modifiedCountAtLastProm", + .type = MAP_IGNORE, + }, + + /* modifyTimestamp */ + { + .local_name = "modifyTimestamp", + .type = MAP_IGNORE, + }, + + /* nCName */ + { + .local_name = "nCName", + .type = MAP_IGNORE, + }, + + /* nETBIOSName */ + { + .local_name = "nETBIOSName", + .type = MAP_IGNORE, + }, + + /* oEMInformation */ + { + .local_name = "oEMInformation", + .type = MAP_IGNORE, + }, + + /* privilege */ + { + .local_name = "privilege", + .type = MAP_IGNORE, + }, + + /* pwdHistoryLength */ + { + .local_name = "pwdHistoryLength", + .type = MAP_IGNORE, + }, + + /* pwdProperties */ + { + .local_name = "pwdProperties", + .type = MAP_IGNORE, + }, + + /* rIDAvailablePool */ + { + .local_name = "rIDAvailablePool", + .type = MAP_IGNORE, + }, + + /* revision */ + { + .local_name = "revision", + .type = MAP_IGNORE, + }, + + /* ridManagerReference */ + { + .local_name = "ridManagerReference", + .type = MAP_IGNORE, + }, + + /* sAMAccountType */ + { + .local_name = "sAMAccountType", + .type = MAP_IGNORE, + }, + + /* sPNMappings */ + { + .local_name = "sPNMappings", + .type = MAP_IGNORE, + }, + + /* serverReference */ + { + .local_name = "serverReference", + .type = MAP_IGNORE, + }, + + /* serverState */ + { + .local_name = "serverState", + .type = MAP_IGNORE, + }, + + /* showInAdvancedViewOnly */ + { + .local_name = "showInAdvancedViewOnly", + .type = MAP_IGNORE, + }, + + /* subRefs */ + { + .local_name = "subRefs", + .type = MAP_IGNORE, + }, + + /* systemFlags */ + { + .local_name = "systemFlags", + .type = MAP_IGNORE, + }, + + /* uASCompat */ + { + .local_name = "uASCompat", + .type = MAP_IGNORE, + }, + + /* uSNChanged */ + { + .local_name = "uSNChanged", + .type = MAP_IGNORE, + }, + + /* uSNCreated */ + { + .local_name = "uSNCreated", + .type = MAP_IGNORE, + }, + + /* unicodePwd */ + { + .local_name = "unicodePwd", + .type = MAP_IGNORE, + }, + + /* userAccountControl */ + { + .local_name = "userAccountControl", + .type = MAP_IGNORE, + }, + + /* whenChanged */ + { + .local_name = "whenChanged", + .type = MAP_IGNORE, + }, + + /* whenCreated */ + { + .local_name = "whenCreated", + .type = MAP_IGNORE, + }, + + { + .local_name = NULL, + } +}; + + /* the init function */ +#ifdef HAVE_DLOPEN_DISABLED +struct ldb_module *init_module(struct ldb_context *ldb, const char *options[]) +#else +struct ldb_module *ldb_samba3sam_module_init(struct ldb_context *ldb, const char *options[]) +#endif +{ + return ldb_map_init(ldb, samba3_attributes, samba3_objectclasses, "samba3sam"); +} -- cgit From 6cf1b0c07c819e9e2afdcb87b2e4fd31ed680b72 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 30 Aug 2005 12:27:53 +0000 Subject: r9793: Be more verbose, check for errors in upgrade script. (This used to be commit b7c09df9e506f8048f69c4bdd1c3351e3b554e18) --- source4/dsdb/samdb/ldb_modules/samba3sam.c | 30 +++++++++--------------------- source4/dsdb/samdb/ldb_modules/samldb.c | 3 ++- 2 files changed, 11 insertions(+), 22 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samba3sam.c b/source4/dsdb/samdb/ldb_modules/samba3sam.c index 444d7e8d12..02c7281811 100644 --- a/source4/dsdb/samdb/ldb_modules/samba3sam.c +++ b/source4/dsdb/samdb/ldb_modules/samba3sam.c @@ -2,24 +2,6 @@ ldb database library - Samba3 SAM compatibility backend Copyright (C) Jelmer Vernooij 2005 - - ** NOTE! The following LGPL license applies to the ldb - ** library. This does NOT imply that all of Samba is released - ** under the LGPL - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with this library; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include "includes.h" @@ -67,6 +49,8 @@ static struct ldb_val convert_sid_rid(struct ldb_map_context *map, TALLOC_CTX *c { printf("Converting SID TO RID *\n"); + /* FIXME */ + return ldb_val_dup(ctx, val); } @@ -74,6 +58,8 @@ static struct ldb_val convert_rid_sid(struct ldb_map_context *map, TALLOC_CTX *c { printf("Converting RID TO SID *\n"); + /* FIXME */ + return ldb_val_dup(ctx, val); } @@ -81,6 +67,8 @@ static struct ldb_val convert_unix_id2name(struct ldb_map_context *map, TALLOC_C { printf("Converting UNIX ID to name\n"); + /* FIXME */ + return ldb_val_dup(ctx, val); } @@ -88,6 +76,8 @@ static struct ldb_val convert_unix_name2id(struct ldb_map_context *map, TALLOC_C { printf("Converting UNIX name to ID\n"); + /* FIXME */ + return ldb_val_dup(ctx, val); } @@ -177,10 +167,8 @@ const struct ldb_map_attribute samba3_attributes[] = /* uid -> unixName */ { .local_name = "unixName", - .type = MAP_CONVERT, + .type = MAP_RENAME, .u.convert.remote_name = "uid", - .u.convert.convert_local = convert_unix_name2id, - .u.convert.convert_remote = convert_unix_id2name, }, /* displayName -> name */ diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 6b6c8bd55d..3266c89e2d 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -541,7 +541,8 @@ static int samldb_add_record(struct ldb_module *module, const struct ldb_message ldb_debug(module->ldb, LDB_DEBUG_TRACE, "samldb_add_record\n"); - if (strcmp(msg->dn->components[0].name, "@SPECIAL") == 0) { /* do not manipulate our control entries */ + + if (ldb_dn_is_special(msg->dn)) { /* do not manipulate our control entries */ return ldb_next_add_record(module, msg); } -- cgit From 84bfcd3c78afefd8d2869c695c116c9df7ee03c4 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 31 Aug 2005 18:33:57 +0000 Subject: r9835: Make ldb_map compile in the stand-alone LDB build (This used to be commit 2283a336e0e31e6857621d9806bba54c400bd986) --- source4/dsdb/samdb/ldb_modules/samba3sam.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samba3sam.c b/source4/dsdb/samdb/ldb_modules/samba3sam.c index 02c7281811..4680e17d0f 100644 --- a/source4/dsdb/samdb/ldb_modules/samba3sam.c +++ b/source4/dsdb/samdb/ldb_modules/samba3sam.c @@ -45,7 +45,7 @@ /* In Samba4 but not in Samba3: */ -static struct ldb_val convert_sid_rid(struct ldb_map_context *map, TALLOC_CTX *ctx, const struct ldb_val *val) +static struct ldb_val convert_sid_rid(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) { printf("Converting SID TO RID *\n"); @@ -54,7 +54,7 @@ static struct ldb_val convert_sid_rid(struct ldb_map_context *map, TALLOC_CTX *c return ldb_val_dup(ctx, val); } -static struct ldb_val convert_rid_sid(struct ldb_map_context *map, TALLOC_CTX *ctx, const struct ldb_val *val) +static struct ldb_val convert_rid_sid(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) { printf("Converting RID TO SID *\n"); @@ -63,7 +63,7 @@ static struct ldb_val convert_rid_sid(struct ldb_map_context *map, TALLOC_CTX *c return ldb_val_dup(ctx, val); } -static struct ldb_val convert_unix_id2name(struct ldb_map_context *map, TALLOC_CTX *ctx, const struct ldb_val *val) +static struct ldb_val convert_unix_id2name(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) { printf("Converting UNIX ID to name\n"); @@ -72,7 +72,7 @@ static struct ldb_val convert_unix_id2name(struct ldb_map_context *map, TALLOC_C return ldb_val_dup(ctx, val); } -static struct ldb_val convert_unix_name2id(struct ldb_map_context *map, TALLOC_CTX *ctx, const struct ldb_val *val) +static struct ldb_val convert_unix_name2id(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) { printf("Converting UNIX name to ID\n"); -- cgit From 222fdd5237c1fd8551c39ce544171df3a5a41831 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 31 Aug 2005 21:04:17 +0000 Subject: r9842: More error checks in the ldb_map modules, extend testsuite (This used to be commit b7992de4b7d42a55e00509c887a269a07c19627d) --- source4/dsdb/samdb/ldb_modules/samba3sam.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samba3sam.c b/source4/dsdb/samdb/ldb_modules/samba3sam.c index 4680e17d0f..b823f11f8c 100644 --- a/source4/dsdb/samdb/ldb_modules/samba3sam.c +++ b/source4/dsdb/samdb/ldb_modules/samba3sam.c @@ -120,7 +120,7 @@ const struct ldb_map_attribute samba3_attributes[] = /* sambaNTPassword -> ntPwdHash*/ { - .local_name = "badPwdCount", + .local_name = "ntPwdHash", .type = MAP_RENAME, .u.rename.remote_name = "sambaNTPassword", }, -- cgit From b19cc95a88d236605425d7421909bbdf9f3daf70 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 31 Aug 2005 22:27:40 +0000 Subject: r9849: Extend testsuite a bit more. (This used to be commit 5cbe1e6b70b03be441a36b36fb969339df0dfd45) --- source4/dsdb/samdb/ldb_modules/samba3sam.c | 52 ++++++++++++++++++++++++++++-- 1 file changed, 50 insertions(+), 2 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samba3sam.c b/source4/dsdb/samdb/ldb_modules/samba3sam.c index b823f11f8c..769cda2903 100644 --- a/source4/dsdb/samdb/ldb_modules/samba3sam.c +++ b/source4/dsdb/samdb/ldb_modules/samba3sam.c @@ -8,6 +8,7 @@ #include "ldb/modules/ldb_map.h" #include "ldb/include/ldb.h" #include "ldb/include/ldb_private.h" +#include "librpc/gen_ndr/ndr_security.h" /* FIXME: * sambaSID -> member (dn!) @@ -81,6 +82,51 @@ static struct ldb_val convert_unix_name2id(struct ldb_module *module, TALLOC_CTX return ldb_val_dup(ctx, val); } +static struct ldb_val encode_sid(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) +{ + struct dom_sid *sid = dom_sid_parse_talloc(ctx, (char *)val->data); + struct ldb_val *out = talloc_zero(out, struct ldb_val); + NTSTATUS status; + + if (sid == NULL) { + return *out; + } + status = ndr_push_struct_blob(out, ctx, sid, + (ndr_push_flags_fn_t)ndr_push_dom_sid); + talloc_free(sid); + if (!NT_STATUS_IS_OK(status)) { + return *out; + } + + return *out; +} + +static struct ldb_val decode_sid(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) +{ + struct dom_sid *sid; + NTSTATUS status; + struct ldb_val *out = talloc_zero(ctx, struct ldb_val); + + sid = talloc(ctx, struct dom_sid); + if (sid == NULL) { + return *out; + } + status = ndr_pull_struct_blob(val, sid, sid, + (ndr_pull_flags_fn_t)ndr_pull_dom_sid); + if (!NT_STATUS_IS_OK(status)) { + talloc_free(sid); + return *out; + } + out->data = (uint8_t *)dom_sid_string(ctx, sid); + talloc_free(sid); + if (out->data == NULL) { + return *out; + } + out->length = strlen((const char *)out->data); + + return *out; +} + const struct ldb_map_objectclass samba3_objectclasses[] = { { "group", "sambaGroupMapping" }, { "user", "sambaSAMAccount" }, @@ -304,8 +350,10 @@ const struct ldb_map_attribute samba3_attributes[] = /* sambaSID -> objectSid*/ { .local_name = "objectSid", - .type = MAP_RENAME, - .u.rename.remote_name = "sambaSID", + .type = MAP_CONVERT, + .u.convert.remote_name = "sambaSID", + .u.convert.convert_local = decode_sid, + .u.convert.convert_remote = encode_sid, }, /* sambaPwdLastSet -> pwdLastSet */ -- cgit From 23f68eda42dd92932341c28fc05070e26accef18 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Thu, 1 Sep 2005 08:56:37 +0000 Subject: r9883: More nested initialiser fixes. (This used to be commit 579d11147849932ec76a175f815de890a8ea20ad) --- source4/dsdb/samdb/ldb_modules/samba3sam.c | 100 +++++++++++++++++++++++------ 1 file changed, 79 insertions(+), 21 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samba3sam.c b/source4/dsdb/samdb/ldb_modules/samba3sam.c index 769cda2903..9337b612ba 100644 --- a/source4/dsdb/samdb/ldb_modules/samba3sam.c +++ b/source4/dsdb/samdb/ldb_modules/samba3sam.c @@ -140,88 +140,134 @@ const struct ldb_map_attribute samba3_attributes[] = { .local_name = "nextRid", .type = MAP_RENAME, - .u.rename.remote_name = "sambaNextRid", + .u = { + .rename = { + .remote_name = "sambaNextRid", + }, + }, }, /* sambaBadPasswordTime -> badPasswordtime*/ { .local_name = "badPasswordTime", .type = MAP_RENAME, - .u.rename.remote_name = "sambaBadPasswordTime", + .u = { + .rename = { + .remote_name = "sambaBadPasswordTime", + }, + }, }, /* sambaLMPassword -> lmPwdHash*/ { .local_name = "lmPwdHash", .type = MAP_RENAME, - .u.rename.remote_name = "sambaLMPassword", + .u = { + .rename = { + .remote_name = "sambaLMPassword", + }, + }, }, /* sambaGroupType -> groupType */ { .local_name = "groupType", .type = MAP_RENAME, - .u.rename.remote_name = "sambaGroupType", + .u = { + .rename = { + .remote_name = "sambaGroupType", + }, + }, }, /* sambaNTPassword -> ntPwdHash*/ { .local_name = "ntPwdHash", .type = MAP_RENAME, - .u.rename.remote_name = "sambaNTPassword", + .u = { + .rename = { + .remote_name = "sambaNTPassword", + }, + }, }, /* sambaPrimaryGroupSID -> primaryGroupID */ { .local_name = "primaryGroupID", .type = MAP_CONVERT, - .u.convert.remote_name = "sambaPrimaryGroupSID", - .u.convert.convert_local = convert_rid_sid, - .u.convert.convert_remote = convert_sid_rid, + .u = { + .convert = { + .remote_name = "sambaPrimaryGroupSID", + .convert_local = convert_rid_sid, + .convert_remote = convert_sid_rid, + }, + }, }, /* sambaBadPasswordCount -> badPwdCount */ { .local_name = "badPwdCount", .type = MAP_RENAME, - .u.rename.remote_name = "sambaBadPasswordCount", + .u = { + .rename = { + .remote_name = "sambaBadPasswordCount", + }, + }, }, /* sambaLogonTime -> lastLogon*/ { .local_name = "lastLogon", .type = MAP_RENAME, - .u.rename.remote_name = "sambaLogonTime", + .u = { + .rename = { + .remote_name = "sambaLogonTime", + }, + }, }, /* sambaLogoffTime -> lastLogoff*/ { .local_name = "lastLogoff", .type = MAP_RENAME, - .u.rename.remote_name = "sambaLogoffTime", + .u = { + .rename = { + .remote_name = "sambaLogoffTime", + }, + }, }, /* gidNumber -> unixName */ { .local_name = "unixName", .type = MAP_CONVERT, - .u.convert.remote_name = "gidNumber", - .u.convert.convert_local = convert_unix_name2id, - .u.convert.convert_remote = convert_unix_id2name, + .u = { + .convert = { + .remote_name = "gidNumber", + }, + }, }, /* uid -> unixName */ { .local_name = "unixName", .type = MAP_RENAME, - .u.convert.remote_name = "uid", + .u = { + .convert = { + .remote_name = "uid", + }, + }, }, /* displayName -> name */ { .local_name = "name", .type = MAP_RENAME, - .u.rename.remote_name = "displayName", + .u = { + .rename = { + .remote_name = "displayName", + }, + }, }, /* cn */ @@ -234,7 +280,11 @@ const struct ldb_map_attribute samba3_attributes[] = { .local_name = "sAMAccountName", .type = MAP_RENAME, - .u.rename.remote_name = "uid", + .u = { + .rename = { + .remote_name = "uid", + }, + }, }, /* objectCategory */ @@ -351,16 +401,24 @@ const struct ldb_map_attribute samba3_attributes[] = { .local_name = "objectSid", .type = MAP_CONVERT, - .u.convert.remote_name = "sambaSID", - .u.convert.convert_local = decode_sid, - .u.convert.convert_remote = encode_sid, + .u = { + .convert = { + .remote_name = "sambaSID", + .convert_local = decode_sid, + .convert_remote = encode_sid, + }, + }, }, /* sambaPwdLastSet -> pwdLastSet */ { .local_name = "pwdLastSet", .type = MAP_RENAME, - .u.rename.remote_name = "sambaPwdLastSet", + .u = { + .rename = { + .remote_name = "sambaPwdLastSet", + }, + }, }, /* accountExpires */ -- cgit From e2e2508b586a112e612bf3660f80d25c9bf8bc90 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 1 Sep 2005 15:33:31 +0000 Subject: r9899: Be more conservative about what is sent to the remote server in ldb_map. (This used to be commit 76e943d4416e38ce4cce27d5403bc3e133d0025b) --- source4/dsdb/samdb/ldb_modules/samba3sam.c | 44 ++++++++++++++++++++---------- 1 file changed, 29 insertions(+), 15 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samba3sam.c b/source4/dsdb/samdb/ldb_modules/samba3sam.c index 9337b612ba..9730363e92 100644 --- a/source4/dsdb/samdb/ldb_modules/samba3sam.c +++ b/source4/dsdb/samdb/ldb_modules/samba3sam.c @@ -85,7 +85,7 @@ static struct ldb_val convert_unix_name2id(struct ldb_module *module, TALLOC_CTX static struct ldb_val encode_sid(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) { struct dom_sid *sid = dom_sid_parse_talloc(ctx, (char *)val->data); - struct ldb_val *out = talloc_zero(out, struct ldb_val); + struct ldb_val *out = talloc_zero(ctx, struct ldb_val); NTSTATUS status; if (sid == NULL) { @@ -128,9 +128,34 @@ static struct ldb_val decode_sid(struct ldb_module *module, TALLOC_CTX *ctx, con } const struct ldb_map_objectclass samba3_objectclasses[] = { - { "group", "sambaGroupMapping" }, - { "user", "sambaSAMAccount" }, - { "domain", "sambaDomain" }, + { + .local_name = "group", + .remote_name = "sambaGroupMapping", + .musts = { "gidNumber", "sambaSID", "sambaGroupType", NULL }, + .mays = { "displayName", "description", "sambaSIDList", NULL }, + }, + { + .local_name = "user", + .remote_name = "sambaSAMAccount", + .base_classes = { "top", NULL }, + .musts = { "uid", "sambaSID", NULL }, + .mays = { "cn", "sambaLMPassword", "sambaNTPassword", + "sambaPwdLastSet", "sambaLogonTime", "sambaLogoffTime", + "sambaKickoffTime", "sambaPwdCanChange", "sambaPwdMustChange", + "sambaAcctFlags", "displayName", "sambaHomePath", "sambaHomeDrive", + "sambaLogonScript", "sambaProfilePath", "description", "sambaUserWorkstations", + "sambaPrimaryGroupSID", "sambaDomainName", "sambaMungedDial", + "sambaBadPasswordCount", "sambaBadPasswordTime", + "sambaPasswordHistory", "sambaLogonHours", NULL } + + }, + { + .local_name = "domain", + .remote_name = "sambaDomain", + .base_classes = { "top", NULL }, + .musts = { "sambaDomainName", "sambaSID", NULL }, + .mays = { "sambaNextRid", "sambaNextGroupRid", "sambaNextUserRid", "sambaAlgorithmicRidBase", NULL }, + }, { NULL, NULL } }; @@ -237,17 +262,6 @@ const struct ldb_map_attribute samba3_attributes[] = }, }, - /* gidNumber -> unixName */ - { - .local_name = "unixName", - .type = MAP_CONVERT, - .u = { - .convert = { - .remote_name = "gidNumber", - }, - }, - }, - /* uid -> unixName */ { .local_name = "unixName", -- cgit From ca6c0af86f3bbefbc29c4bf4815da963ca857cef Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 1 Sep 2005 18:04:23 +0000 Subject: r9908: Generate posixUser and posixGroup as well (This used to be commit ebed25b47d3d8bd350b51b462d605d713f17602d) --- source4/dsdb/samdb/ldb_modules/samba3sam.c | 176 +++++++++++++++++++++++++---- 1 file changed, 151 insertions(+), 25 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samba3sam.c b/source4/dsdb/samdb/ldb_modules/samba3sam.c index 9730363e92..41228e52f8 100644 --- a/source4/dsdb/samdb/ldb_modules/samba3sam.c +++ b/source4/dsdb/samdb/ldb_modules/samba3sam.c @@ -9,8 +9,9 @@ #include "ldb/include/ldb.h" #include "ldb/include/ldb_private.h" #include "librpc/gen_ndr/ndr_security.h" +#include "system/passwd.h" -/* FIXME: +/* * sambaSID -> member (dn!) * sambaSIDList -> member (dn!) * sambaDomainName -> name @@ -46,40 +47,114 @@ /* In Samba4 but not in Samba3: */ -static struct ldb_val convert_sid_rid(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) + +static struct ldb_message_element *generate_primaryGroupID(struct ldb_module *module, TALLOC_CTX *ctx, const char *attr, const struct ldb_message *remote) +{ + struct ldb_message_element *el; + const char *sid = ldb_msg_find_string(remote, attr, NULL); + + if (!sid) + return NULL; + + if (strchr(sid, '-') == NULL) + return NULL; + + el = talloc_zero(ctx, struct ldb_message_element); + el->name = talloc_strdup(ctx, "primaryGroupID"); + el->num_values = 1; + el->values = talloc_array(ctx, struct ldb_val, 1); + el->values[0].data = (uint8_t *)talloc_strdup(ctx, strchr(sid, '-')+1); + el->values[0].length = strlen((char *)el->values[0].data); + + return el; +} + +static void generate_sambaPrimaryGroupSID(struct ldb_module *module, const char *local_attr, const struct ldb_message *local, struct ldb_message *remote_mp, struct ldb_message *remote_fb) { - printf("Converting SID TO RID *\n"); + const struct ldb_val *sidval; + struct dom_sid *sid; + struct ldb_val out; + NTSTATUS status; + + sidval = ldb_msg_find_ldb_val(local, "objectSid"); + + if (!sidval) + return; /* Sorry, no SID today.. */ + + sid = talloc(remote_mp, struct dom_sid); + if (sid == NULL) { + return; + } + status = ndr_pull_struct_blob(sidval, sid, sid, (ndr_pull_flags_fn_t)ndr_pull_dom_sid); + if (!NT_STATUS_IS_OK(status)) { + talloc_free(sid); + return; + } + + if (!ldb_msg_find_ldb_val(local, "primaryGroupID")) + return; /* Sorry, no SID today.. */ - /* FIXME */ + sid->sub_auths[sid->num_auths-1] = ldb_msg_find_uint(local, "primaryGroupID", 0); - return ldb_val_dup(ctx, val); + status = ndr_push_struct_blob(&out, remote_mp, sid, (ndr_push_flags_fn_t)ndr_push_dom_sid); + talloc_free(sid); + if (!NT_STATUS_IS_OK(status)) { + return; + } + + ldb_msg_add_value(module->ldb, remote_mp, "sambaPrimaryGroupSID", &out); } -static struct ldb_val convert_rid_sid(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) + +static struct ldb_val lookup_homedir(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) { - printf("Converting RID TO SID *\n"); + struct passwd *pwd; + struct ldb_val retval; + + pwd = getpwnam((char *)val->data); + + if (!pwd) { + return *talloc_zero(ctx, struct ldb_val); + } - /* FIXME */ + retval.data = (uint8_t *)talloc_strdup(ctx, pwd->pw_dir); + retval.length = strlen((char *)retval.data); - return ldb_val_dup(ctx, val); + return retval; } -static struct ldb_val convert_unix_id2name(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) +static struct ldb_val lookup_gid(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) { - printf("Converting UNIX ID to name\n"); + struct passwd *pwd; + struct ldb_val retval; + + pwd = getpwnam((char *)val->data); - /* FIXME */ + if (!pwd) { + return *talloc_zero(ctx, struct ldb_val); + } - return ldb_val_dup(ctx, val); + retval.data = (uint8_t *)talloc_asprintf(ctx, "%d", pwd->pw_gid); + retval.length = strlen((char *)retval.data); + + return retval; } -static struct ldb_val convert_unix_name2id(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) +static struct ldb_val lookup_uid(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) { - printf("Converting UNIX name to ID\n"); + struct passwd *pwd; + struct ldb_val retval; + + pwd = getpwnam((char *)val->data); - /* FIXME */ + if (!pwd) { + return *talloc_zero(ctx, struct ldb_val); + } + + retval.data = (uint8_t *)talloc_asprintf(ctx, "%d", pwd->pw_uid); + retval.length = strlen((char *)retval.data); - return ldb_val_dup(ctx, val); + return retval; } static struct ldb_val encode_sid(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) @@ -128,16 +203,31 @@ static struct ldb_val decode_sid(struct ldb_module *module, TALLOC_CTX *ctx, con } const struct ldb_map_objectclass samba3_objectclasses[] = { + { + .local_name = "user", + .remote_name = "posixAccount", + .base_classes = { "top", NULL }, + .musts = { "cn", "uid", "uidNumber", "gidNumber", "homeDirectory", NULL }, + .mays = { "userPassword", "loginShell", "gecos", "description", NULL }, + }, + { + .local_name = "group", + .remote_name = "posixGroup", + .base_classes = { "top", NULL }, + .musts = { "cn", "gidNumber", NULL }, + .mays = { "userPassword", "memberUid", "description", NULL }, + }, { .local_name = "group", .remote_name = "sambaGroupMapping", + .base_classes = { "top", "posixGroup", NULL }, .musts = { "gidNumber", "sambaSID", "sambaGroupType", NULL }, .mays = { "displayName", "description", "sambaSIDList", NULL }, }, { .local_name = "user", .remote_name = "sambaSAMAccount", - .base_classes = { "top", NULL }, + .base_classes = { "top", "posixAccount", NULL }, .musts = { "uid", "sambaSID", NULL }, .mays = { "cn", "sambaLMPassword", "sambaNTPassword", "sambaPwdLastSet", "sambaLogonTime", "sambaLogoffTime", @@ -156,7 +246,7 @@ const struct ldb_map_objectclass samba3_objectclasses[] = { .musts = { "sambaDomainName", "sambaSID", NULL }, .mays = { "sambaNextRid", "sambaNextGroupRid", "sambaNextUserRid", "sambaAlgorithmicRidBase", NULL }, }, - { NULL, NULL } + { NULL, NULL } }; const struct ldb_map_attribute samba3_attributes[] = @@ -219,12 +309,12 @@ const struct ldb_map_attribute samba3_attributes[] = /* sambaPrimaryGroupSID -> primaryGroupID */ { .local_name = "primaryGroupID", - .type = MAP_CONVERT, + .type = MAP_GENERATE, .u = { - .convert = { - .remote_name = "sambaPrimaryGroupSID", - .convert_local = convert_rid_sid, - .convert_remote = convert_sid_rid, + .generate = { + .remote_names = { "sambaPrimaryGroupSID", NULL }, + .generate_local = generate_primaryGroupID, + .generate_remote = generate_sambaPrimaryGroupSID, }, }, }, @@ -267,7 +357,7 @@ const struct ldb_map_attribute samba3_attributes[] = .local_name = "unixName", .type = MAP_RENAME, .u = { - .convert = { + .rename = { .remote_name = "uid", }, }, @@ -723,6 +813,42 @@ const struct ldb_map_attribute samba3_attributes[] = .type = MAP_IGNORE, }, + /* uidNumber */ + { + .local_name = "unixName", + .type = MAP_CONVERT, + .u = { + .convert = { + .remote_name = "uidNumber", + .convert_local = lookup_uid, + }, + }, + }, + + /* gidNumber. Perhaps make into generate so we can distinguish between + * groups and accounts? */ + { + .local_name = "unixName", + .type = MAP_CONVERT, + .u = { + .convert = { + .remote_name = "gidNumber", + .convert_local = lookup_gid, + }, + }, + }, + + /* homeDirectory */ + { + .local_name = "unixName", + .type = MAP_CONVERT, + .u = { + .convert = { + .remote_name = "homeDirectory", + .convert_local = lookup_homedir, + }, + }, + }, { .local_name = NULL, } -- cgit From 08f630be8230ce061badd84bef952d5753afdff0 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 1 Sep 2005 20:28:03 +0000 Subject: r9915: Some more mappings. Fix weird sAMAccountName values. (This used to be commit 8ff1358f401e0086b941f4ff73af5d4c38a1f8bf) --- source4/dsdb/samdb/ldb_modules/samba3sam.c | 57 ++++++++++++++++++++++++------ 1 file changed, 47 insertions(+), 10 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samba3sam.c b/source4/dsdb/samdb/ldb_modules/samba3sam.c index 41228e52f8..0ee0433071 100644 --- a/source4/dsdb/samdb/ldb_modules/samba3sam.c +++ b/source4/dsdb/samdb/ldb_modules/samba3sam.c @@ -47,6 +47,27 @@ /* In Samba4 but not in Samba3: */ +static void generate_hashes (struct ldb_module *module, const char *local_attr, const struct ldb_message *local, struct ldb_message *remote_mp, struct ldb_message *remote_fb) +{ + const char *upwd = ldb_msg_find_string(local, local_attr, NULL); + struct ldb_val val; + + if (!upwd) + return; + + ldb_msg_add_string(module->ldb, remote_fb, local_attr, upwd); + + val.length = 16; + val.data = talloc_zero_size(module, val.length); + + E_md4hash(upwd, val.data); + ldb_msg_add_value(module->ldb, remote_mp, "sambaNTPassword", &val); + + val.data = talloc_zero_size(module, val.length); + E_deshash(upwd, val.data); + ldb_msg_add_value(module->ldb, remote_mp, "sambaLMPassword", &val); +} + static struct ldb_message_element *generate_primaryGroupID(struct ldb_module *module, TALLOC_CTX *ctx, const char *attr, const struct ldb_message *remote) { @@ -72,8 +93,8 @@ static struct ldb_message_element *generate_primaryGroupID(struct ldb_module *mo static void generate_sambaPrimaryGroupSID(struct ldb_module *module, const char *local_attr, const struct ldb_message *local, struct ldb_message *remote_mp, struct ldb_message *remote_fb) { const struct ldb_val *sidval; + char *sidstring; struct dom_sid *sid; - struct ldb_val out; NTSTATUS status; sidval = ldb_msg_find_ldb_val(local, "objectSid"); @@ -94,17 +115,18 @@ static void generate_sambaPrimaryGroupSID(struct ldb_module *module, const char if (!ldb_msg_find_ldb_val(local, "primaryGroupID")) return; /* Sorry, no SID today.. */ - sid->sub_auths[sid->num_auths-1] = ldb_msg_find_uint(local, "primaryGroupID", 0); + sid->num_auths--; - status = ndr_push_struct_blob(&out, remote_mp, sid, (ndr_push_flags_fn_t)ndr_push_dom_sid); + sidstring = dom_sid_string(remote_mp, sid); talloc_free(sid); - if (!NT_STATUS_IS_OK(status)) { - return; - } - - ldb_msg_add_value(module->ldb, remote_mp, "sambaPrimaryGroupSID", &out); + ldb_msg_add_fmt(module->ldb, remote_mp, "sambaPrimaryGroupSID", "%s-%d", sidstring, ldb_msg_find_uint(local, "primaryGroupID", 0)); + talloc_free(sidstring); } +static struct ldb_val convert_uid_samaccount(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) +{ + return ldb_val_dup(ctx, val); +} static struct ldb_val lookup_homedir(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) { @@ -114,6 +136,7 @@ static struct ldb_val lookup_homedir(struct ldb_module *module, TALLOC_CTX *ctx, pwd = getpwnam((char *)val->data); if (!pwd) { + ldb_debug(module->ldb, LDB_DEBUG_WARNING, "Unable to lookup '%s' in passwd", (char *)val->data); return *talloc_zero(ctx, struct ldb_val); } @@ -383,10 +406,11 @@ const struct ldb_map_attribute samba3_attributes[] = /* sAMAccountName -> cn */ { .local_name = "sAMAccountName", - .type = MAP_RENAME, + .type = MAP_CONVERT, .u = { - .rename = { + .convert = { .remote_name = "uid", + .convert_remote = convert_uid_samaccount, }, }, }, @@ -849,6 +873,19 @@ const struct ldb_map_attribute samba3_attributes[] = }, }, }, + + /* unicodePwd */ + { + .local_name = "unicodePwd", + .type = MAP_GENERATE, + .u = { + .generate = { + .remote_names = { "sambaNTPassword", "sambaLMPassword", NULL }, + .generate_local = NULL, + .generate_remote = generate_hashes + }, + }, + }, { .local_name = NULL, } -- cgit From 3caab0a64d5206d33f885a39fd1f0397235c579b Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Sat, 3 Sep 2005 12:35:50 +0000 Subject: r9992: More fixes from the 64-bit warning police. (This used to be commit cda829f0d9476bd8b057a7019f55fac206205825) --- source4/dsdb/samdb/ldb_modules/samba3sam.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samba3sam.c b/source4/dsdb/samdb/ldb_modules/samba3sam.c index 0ee0433071..a68f6f0640 100644 --- a/source4/dsdb/samdb/ldb_modules/samba3sam.c +++ b/source4/dsdb/samdb/ldb_modules/samba3sam.c @@ -157,7 +157,7 @@ static struct ldb_val lookup_gid(struct ldb_module *module, TALLOC_CTX *ctx, con return *talloc_zero(ctx, struct ldb_val); } - retval.data = (uint8_t *)talloc_asprintf(ctx, "%d", pwd->pw_gid); + retval.data = (uint8_t *)talloc_asprintf(ctx, "%ld", (unsigned long)pwd->pw_gid); retval.length = strlen((char *)retval.data); return retval; @@ -174,7 +174,7 @@ static struct ldb_val lookup_uid(struct ldb_module *module, TALLOC_CTX *ctx, con return *talloc_zero(ctx, struct ldb_val); } - retval.data = (uint8_t *)talloc_asprintf(ctx, "%d", pwd->pw_uid); + retval.data = (uint8_t *)talloc_asprintf(ctx, "%ld", (unsigned long)pwd->pw_uid); retval.length = strlen((char *)retval.data); return retval; -- cgit From 4f85004da5ea5809321ba4a3bc23631bef61bea7 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sat, 17 Sep 2005 19:29:45 +0000 Subject: r10300: forgot to change the dsdb modules function names (This used to be commit e9018e3d9f69528acc0c440929fdb8d95413fa0d) --- source4/dsdb/samdb/ldb_modules/objectguid.c | 16 ++++++++-------- source4/dsdb/samdb/ldb_modules/samldb.c | 16 ++++++++-------- 2 files changed, 16 insertions(+), 16 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/objectguid.c b/source4/dsdb/samdb/ldb_modules/objectguid.c index dc4576a8f9..c2569d18ca 100644 --- a/source4/dsdb/samdb/ldb_modules/objectguid.c +++ b/source4/dsdb/samdb/ldb_modules/objectguid.c @@ -143,16 +143,16 @@ static int objectguid_rename_record(struct ldb_module *module, const struct ldb_ return ldb_next_rename_record(module, olddn, newdn); } -static int objectguid_lock(struct ldb_module *module, const char *lockname) +static int objectguid_start_trans(struct ldb_module *module) { - ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_lock\n"); - return ldb_next_named_lock(module, lockname); + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_start_trans\n"); + return ldb_next_start_trans(module); } -static int objectguid_unlock(struct ldb_module *module, const char *lockname) +static int objectguid_end_trans(struct ldb_module *module, int status) { - ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_unlock\n"); - return ldb_next_named_unlock(module, lockname); + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_end_trans\n"); + return ldb_next_end_trans(module, status); } /* return extended error information */ @@ -187,8 +187,8 @@ static const struct ldb_module_ops objectguid_ops = { .modify_record = objectguid_modify_record, .delete_record = objectguid_delete_record, .rename_record = objectguid_rename_record, - .named_lock = objectguid_lock, - .named_unlock = objectguid_unlock, + .start_transaction = objectguid_start_trans, + .end_transaction = objectguid_end_trans, .errstring = objectguid_errstring }; diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 3266c89e2d..6ea98792b3 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -587,16 +587,16 @@ static int samldb_rename_record(struct ldb_module *module, const struct ldb_dn * return ldb_next_rename_record(module, olddn, newdn); } -static int samldb_lock(struct ldb_module *module, const char *lockname) +static int samldb_start_trans(struct ldb_module *module) { - ldb_debug(module->ldb, LDB_DEBUG_TRACE, "samldb_lock\n"); - return ldb_next_named_lock(module, lockname); + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "samldb_start_trans\n"); + return ldb_next_start_trans(module); } -static int samldb_unlock(struct ldb_module *module, const char *lockname) +static int samldb_end_trans(struct ldb_module *module, int status) { - ldb_debug(module->ldb, LDB_DEBUG_TRACE, "samldb_unlock\n"); - return ldb_next_named_unlock(module, lockname); + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "samldb_end_trans\n"); + return ldb_next_end_trans(module, status); } /* return extended error information */ @@ -631,8 +631,8 @@ static const struct ldb_module_ops samldb_ops = { .modify_record = samldb_modify_record, .delete_record = samldb_delete_record, .rename_record = samldb_rename_record, - .named_lock = samldb_lock, - .named_unlock = samldb_unlock, + .start_transaction = samldb_start_trans, + .end_transaction = samldb_end_trans, .errstring = samldb_errstring }; -- cgit From 3d7935e656fe682e1d0545eaaa72428b78a65635 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sun, 18 Sep 2005 18:50:02 +0000 Subject: r10306: change these modules to use new error API (This used to be commit e86c9b4a7f399a3152a2703c76406e9d69ec1225) --- source4/dsdb/samdb/ldb_modules/objectguid.c | 34 ++--------------------------- source4/dsdb/samdb/ldb_modules/samldb.c | 34 ++--------------------------- 2 files changed, 4 insertions(+), 64 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/objectguid.c b/source4/dsdb/samdb/ldb_modules/objectguid.c index c2569d18ca..2a27398fbc 100644 --- a/source4/dsdb/samdb/ldb_modules/objectguid.c +++ b/source4/dsdb/samdb/ldb_modules/objectguid.c @@ -38,10 +38,6 @@ #include "librpc/gen_ndr/ndr_misc.h" #include -struct private_data { - const char *error_string; -}; - static int objectguid_search(struct ldb_module *module, const struct ldb_dn *base, enum ldb_scope scope, const char *expression, const char * const *attrs, struct ldb_message ***res) @@ -155,23 +151,6 @@ static int objectguid_end_trans(struct ldb_module *module, int status) return ldb_next_end_trans(module, status); } -/* return extended error information */ -static const char *objectguid_errstring(struct ldb_module *module) -{ - struct private_data *data = (struct private_data *)module->private_data; - - ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_errstring\n"); - if (data->error_string) { - const char *error; - - error = data->error_string; - data->error_string = NULL; - return error; - } - - return ldb_next_errstring(module); -} - static int objectguid_destructor(void *module_ctx) { /* struct ldb_module *ctx = module_ctx; */ @@ -188,8 +167,7 @@ static const struct ldb_module_ops objectguid_ops = { .delete_record = objectguid_delete_record, .rename_record = objectguid_rename_record, .start_transaction = objectguid_start_trans, - .end_transaction = objectguid_end_trans, - .errstring = objectguid_errstring + .end_transaction = objectguid_end_trans }; @@ -201,20 +179,12 @@ struct ldb_module *objectguid_module_init(struct ldb_context *ldb, const char *o #endif { struct ldb_module *ctx; - struct private_data *data; ctx = talloc(ldb, struct ldb_module); if (!ctx) return NULL; - data = talloc(ctx, struct private_data); - if (!data) { - talloc_free(ctx); - return NULL; - } - - data->error_string = NULL; - ctx->private_data = data; + ctx->private_data = NULL; ctx->ldb = ldb; ctx->prev = ctx->next = NULL; ctx->ops = &objectguid_ops; diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 6ea98792b3..f7f7aca02e 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -40,10 +40,6 @@ #define SAM_ACCOUNT_NAME_BASE "$000000-000000000000" -struct private_data { - const char *error_string; -}; - static int samldb_search(struct ldb_module *module, const struct ldb_dn *base, enum ldb_scope scope, const char *expression, const char * const *attrs, struct ldb_message ***res) @@ -599,23 +595,6 @@ static int samldb_end_trans(struct ldb_module *module, int status) return ldb_next_end_trans(module, status); } -/* return extended error information */ -static const char *samldb_errstring(struct ldb_module *module) -{ - struct private_data *data = (struct private_data *)module->private_data; - - ldb_debug(module->ldb, LDB_DEBUG_TRACE, "samldb_errstring\n"); - if (data->error_string) { - const char *error; - - error = data->error_string; - data->error_string = NULL; - return error; - } - - return ldb_next_errstring(module); -} - static int samldb_destructor(void *module_ctx) { /* struct ldb_module *ctx = module_ctx; */ @@ -632,8 +611,7 @@ static const struct ldb_module_ops samldb_ops = { .delete_record = samldb_delete_record, .rename_record = samldb_rename_record, .start_transaction = samldb_start_trans, - .end_transaction = samldb_end_trans, - .errstring = samldb_errstring + .end_transaction = samldb_end_trans }; @@ -645,20 +623,12 @@ struct ldb_module *samldb_module_init(struct ldb_context *ldb, const char *optio #endif { struct ldb_module *ctx; - struct private_data *data; ctx = talloc(ldb, struct ldb_module); if (!ctx) return NULL; - data = talloc(ctx, struct private_data); - if (!data) { - talloc_free(ctx); - return NULL; - } - - data->error_string = NULL; - ctx->private_data = data; + ctx->private_data = NULL; ctx->ldb = ldb; ctx->prev = ctx->next = NULL; ctx->ops = &samldb_ops; -- cgit From 37cefc8b41a008939c34dfc9f06996ea2d40a77c Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 22 Sep 2005 05:31:16 +0000 Subject: r10411: we don't need the 10 times retry on rid allocation now, as transactions ensure two account creations can't interfere with each other (This used to be commit 91c27bc97662c8d8b764c76bd2d98a1b04f47337) --- source4/dsdb/samdb/ldb_modules/samldb.c | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index f7f7aca02e..18c7b27be3 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -179,7 +179,7 @@ static struct dom_sid *samldb_get_new_sid(struct ldb_module *module, struct ldb_message **res = NULL; const struct ldb_dn *dom_dn; uint32_t rid; - int ret, tries = 10; + int ret; struct dom_sid *dom_sid, *obj_sid; /* get the domain component part of the provided dn */ @@ -213,15 +213,7 @@ static struct dom_sid *samldb_get_new_sid(struct ldb_module *module, } /* allocate a new Rid for the domain */ - - /* we need to try multiple times to cope with two account - creations at the same time */ - while (tries--) { - ret = samldb_allocate_next_rid(module->ldb, mem_ctx, dom_dn, &rid); - if (ret != 1) { - break; - } - } + ret = samldb_allocate_next_rid(module->ldb, mem_ctx, dom_dn, &rid); if (ret != 0) { ldb_debug(module->ldb, LDB_DEBUG_FATAL, "Failed to increment nextRid of %s\n", ldb_dn_linearize(mem_ctx, dom_dn)); talloc_free(res); -- cgit From 63b43dd12fb579aaaccedd07aaa630cb1cd7aa88 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sat, 24 Sep 2005 15:42:15 +0000 Subject: r10477: expose transactions outside ldb and change the API once more do not autostart transactions on ldb operations if a transaction is already in place test transactions on winsdb all my tests passes so far tridge please confirm this is ok for you (This used to be commit c2bb2a36bdbe0ec7519697a9a9ba7526a0defac2) --- source4/dsdb/samdb/ldb_modules/objectguid.c | 13 ++++++++++--- source4/dsdb/samdb/ldb_modules/samldb.c | 13 ++++++++++--- 2 files changed, 20 insertions(+), 6 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/objectguid.c b/source4/dsdb/samdb/ldb_modules/objectguid.c index 2a27398fbc..bdef4d5147 100644 --- a/source4/dsdb/samdb/ldb_modules/objectguid.c +++ b/source4/dsdb/samdb/ldb_modules/objectguid.c @@ -145,10 +145,16 @@ static int objectguid_start_trans(struct ldb_module *module) return ldb_next_start_trans(module); } -static int objectguid_end_trans(struct ldb_module *module, int status) +static int objectguid_end_trans(struct ldb_module *module) { ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_end_trans\n"); - return ldb_next_end_trans(module, status); + return ldb_next_end_trans(module); +} + +static int objectguid_del_trans(struct ldb_module *module) +{ + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_del_trans\n"); + return ldb_next_del_trans(module); } static int objectguid_destructor(void *module_ctx) @@ -167,7 +173,8 @@ static const struct ldb_module_ops objectguid_ops = { .delete_record = objectguid_delete_record, .rename_record = objectguid_rename_record, .start_transaction = objectguid_start_trans, - .end_transaction = objectguid_end_trans + .end_transaction = objectguid_end_trans, + .del_transaction = objectguid_del_trans }; diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 18c7b27be3..28e56fe0ca 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -581,10 +581,16 @@ static int samldb_start_trans(struct ldb_module *module) return ldb_next_start_trans(module); } -static int samldb_end_trans(struct ldb_module *module, int status) +static int samldb_end_trans(struct ldb_module *module) { ldb_debug(module->ldb, LDB_DEBUG_TRACE, "samldb_end_trans\n"); - return ldb_next_end_trans(module, status); + return ldb_next_end_trans(module); +} + +static int samldb_del_trans(struct ldb_module *module) +{ + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "samldb_del_trans\n"); + return ldb_next_del_trans(module); } static int samldb_destructor(void *module_ctx) @@ -603,7 +609,8 @@ static const struct ldb_module_ops samldb_ops = { .delete_record = samldb_delete_record, .rename_record = samldb_rename_record, .start_transaction = samldb_start_trans, - .end_transaction = samldb_end_trans + .end_transaction = samldb_end_trans, + .del_transaction = samldb_del_trans }; -- cgit From 5fd031c97daaa1bf09a7ad80550753acd434075f Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 6 Oct 2005 05:24:46 +0000 Subject: r10753: don't require every ldb module to implement both a search_bytree() and a search() function, instead each module now only implements the bytree method, and the expression based search is handled generically by the modules code. This makes for more consistency and less code duplication. fixed the tdb backend to handle BASE searches much more efficiently. They now always only lookup one record, regardless of the search expression (This used to be commit 7e44f9153c5578624e2fca04cdc0a00af0fd9eb4) --- source4/dsdb/samdb/ldb_modules/objectguid.c | 9 --------- source4/dsdb/samdb/ldb_modules/samldb.c | 9 --------- 2 files changed, 18 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/objectguid.c b/source4/dsdb/samdb/ldb_modules/objectguid.c index bdef4d5147..9e0946b17c 100644 --- a/source4/dsdb/samdb/ldb_modules/objectguid.c +++ b/source4/dsdb/samdb/ldb_modules/objectguid.c @@ -38,14 +38,6 @@ #include "librpc/gen_ndr/ndr_misc.h" #include -static int objectguid_search(struct ldb_module *module, const struct ldb_dn *base, - enum ldb_scope scope, const char *expression, - const char * const *attrs, struct ldb_message ***res) -{ - ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_search\n"); - return ldb_next_search(module, base, scope, expression, attrs, res); -} - static int objectguid_search_bytree(struct ldb_module *module, const struct ldb_dn *base, enum ldb_scope scope, struct ldb_parse_tree *tree, const char * const *attrs, struct ldb_message ***res) @@ -166,7 +158,6 @@ static int objectguid_destructor(void *module_ctx) static const struct ldb_module_ops objectguid_ops = { .name = "objectguid", - .search = objectguid_search, .search_bytree = objectguid_search_bytree, .add_record = objectguid_add_record, .modify_record = objectguid_modify_record, diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 28e56fe0ca..89c9daa924 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -40,14 +40,6 @@ #define SAM_ACCOUNT_NAME_BASE "$000000-000000000000" -static int samldb_search(struct ldb_module *module, const struct ldb_dn *base, - enum ldb_scope scope, const char *expression, - const char * const *attrs, struct ldb_message ***res) -{ - ldb_debug(module->ldb, LDB_DEBUG_TRACE, "samldb_search\n"); - return ldb_next_search(module, base, scope, expression, attrs, res); -} - static int samldb_search_bytree(struct ldb_module *module, const struct ldb_dn *base, enum ldb_scope scope, struct ldb_parse_tree *tree, const char * const *attrs, struct ldb_message ***res) @@ -602,7 +594,6 @@ static int samldb_destructor(void *module_ctx) static const struct ldb_module_ops samldb_ops = { .name = "samldb", - .search = samldb_search, .search_bytree = samldb_search_bytree, .add_record = samldb_add_record, .modify_record = samldb_modify_record, -- cgit From 78d0e79c9f9263e7f3798aa2e174a347ea1a3df1 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 6 Oct 2005 06:57:09 +0000 Subject: r10759: make modules easier to write by allowing modules to only implement the functions they care about, instead of all functions. This also makes it more likely that future changes to ldb will not break existing modules (This used to be commit 45f0c967b58e7c1b2e900a4d74cfde2a2c527dfa) --- source4/dsdb/samdb/ldb_modules/objectguid.c | 53 +---------------------------- source4/dsdb/samdb/ldb_modules/samldb.c | 23 +------------ 2 files changed, 2 insertions(+), 74 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/objectguid.c b/source4/dsdb/samdb/ldb_modules/objectguid.c index 9e0946b17c..0a7fe3a42b 100644 --- a/source4/dsdb/samdb/ldb_modules/objectguid.c +++ b/source4/dsdb/samdb/ldb_modules/objectguid.c @@ -112,60 +112,11 @@ static int objectguid_add_record(struct ldb_module *module, const struct ldb_mes return ret; } -/* modify_record: change modifyTimestamp as well */ -static int objectguid_modify_record(struct ldb_module *module, const struct ldb_message *msg) -{ - ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_modify_record\n"); - return ldb_next_modify_record(module, msg); -} - -static int objectguid_delete_record(struct ldb_module *module, const struct ldb_dn *dn) -{ - ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_delete_record\n"); - return ldb_next_delete_record(module, dn); -} - -static int objectguid_rename_record(struct ldb_module *module, const struct ldb_dn *olddn, const struct ldb_dn *newdn) -{ - ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_rename_record\n"); - return ldb_next_rename_record(module, olddn, newdn); -} - -static int objectguid_start_trans(struct ldb_module *module) -{ - ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_start_trans\n"); - return ldb_next_start_trans(module); -} - -static int objectguid_end_trans(struct ldb_module *module) -{ - ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_end_trans\n"); - return ldb_next_end_trans(module); -} - -static int objectguid_del_trans(struct ldb_module *module) -{ - ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_del_trans\n"); - return ldb_next_del_trans(module); -} - -static int objectguid_destructor(void *module_ctx) -{ - /* struct ldb_module *ctx = module_ctx; */ - /* put your clean-up functions here */ - return 0; -} static const struct ldb_module_ops objectguid_ops = { .name = "objectguid", .search_bytree = objectguid_search_bytree, - .add_record = objectguid_add_record, - .modify_record = objectguid_modify_record, - .delete_record = objectguid_delete_record, - .rename_record = objectguid_rename_record, - .start_transaction = objectguid_start_trans, - .end_transaction = objectguid_end_trans, - .del_transaction = objectguid_del_trans + .add_record = objectguid_add_record }; @@ -187,7 +138,5 @@ struct ldb_module *objectguid_module_init(struct ldb_context *ldb, const char *o ctx->prev = ctx->next = NULL; ctx->ops = &objectguid_ops; - talloc_set_destructor (ctx, objectguid_destructor); - return ctx; } diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 89c9daa924..906a2299f7 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -567,24 +567,6 @@ static int samldb_rename_record(struct ldb_module *module, const struct ldb_dn * return ldb_next_rename_record(module, olddn, newdn); } -static int samldb_start_trans(struct ldb_module *module) -{ - ldb_debug(module->ldb, LDB_DEBUG_TRACE, "samldb_start_trans\n"); - return ldb_next_start_trans(module); -} - -static int samldb_end_trans(struct ldb_module *module) -{ - ldb_debug(module->ldb, LDB_DEBUG_TRACE, "samldb_end_trans\n"); - return ldb_next_end_trans(module); -} - -static int samldb_del_trans(struct ldb_module *module) -{ - ldb_debug(module->ldb, LDB_DEBUG_TRACE, "samldb_del_trans\n"); - return ldb_next_del_trans(module); -} - static int samldb_destructor(void *module_ctx) { /* struct ldb_module *ctx = module_ctx; */ @@ -598,10 +580,7 @@ static const struct ldb_module_ops samldb_ops = { .add_record = samldb_add_record, .modify_record = samldb_modify_record, .delete_record = samldb_delete_record, - .rename_record = samldb_rename_record, - .start_transaction = samldb_start_trans, - .end_transaction = samldb_end_trans, - .del_transaction = samldb_del_trans + .rename_record = samldb_rename_record }; -- cgit From 5e0fd505abd1926558e59ae77bcfd03cd0beecfa Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 7 Oct 2005 01:01:44 +0000 Subject: r10791: Add copyright, fix comments (this isn't the timestamps module any more) Andrew Bartlett (This used to be commit efdc6d834aecbf978f538365c72149fa7afe0828) --- source4/dsdb/samdb/ldb_modules/objectguid.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/objectguid.c b/source4/dsdb/samdb/ldb_modules/objectguid.c index 0a7fe3a42b..7dc6a433c0 100644 --- a/source4/dsdb/samdb/ldb_modules/objectguid.c +++ b/source4/dsdb/samdb/ldb_modules/objectguid.c @@ -2,6 +2,7 @@ ldb database library Copyright (C) Simo Sorce 2004 + Copyright (C) Andrew Bartlett 2005 ** NOTE! The following LGPL license applies to the ldb ** library. This does NOT imply that all of Samba is released @@ -36,7 +37,6 @@ #include "ldb/include/ldb.h" #include "ldb/include/ldb_private.h" #include "librpc/gen_ndr/ndr_misc.h" -#include static int objectguid_search_bytree(struct ldb_module *module, const struct ldb_dn *base, enum ldb_scope scope, struct ldb_parse_tree *tree, @@ -59,7 +59,7 @@ static struct ldb_message_element *objectguid_find_attribute(const struct ldb_me return NULL; } -/* add_record: add crateTimestamp/modifyTimestamp attributes */ +/* add_record: add objectGUID attribute */ static int objectguid_add_record(struct ldb_module *module, const struct ldb_message *msg) { struct ldb_val v; @@ -112,7 +112,6 @@ static int objectguid_add_record(struct ldb_module *module, const struct ldb_mes return ret; } - static const struct ldb_module_ops objectguid_ops = { .name = "objectguid", .search_bytree = objectguid_search_bytree, -- cgit From 860ffba4e147b7c27b416df60bec587eb61ea148 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 11 Oct 2005 12:31:31 +0000 Subject: r10897: added in a hackish ldb proxy module that I am using to experiment with mmc management support (This used to be commit 99a5b088810e8e2f4e28b99a4a0e5e7dc9301594) --- source4/dsdb/samdb/ldb_modules/proxy.c | 340 +++++++++++++++++++++++++++++++++ 1 file changed, 340 insertions(+) create mode 100644 source4/dsdb/samdb/ldb_modules/proxy.c (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/proxy.c b/source4/dsdb/samdb/ldb_modules/proxy.c new file mode 100644 index 0000000000..4ef5e450aa --- /dev/null +++ b/source4/dsdb/samdb/ldb_modules/proxy.c @@ -0,0 +1,340 @@ +/* + samdb proxy module + + Copyright (C) Andrew Tridgell 2005 + + ** NOTE! The following LGPL license applies to the ldb + ** library. This does NOT imply that all of Samba is released + ** under the LGPL + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +*/ + +/* + ldb proxy module. At startup this looks for a record like this: + + dn=@PROXYINFO + url=destination url + olddn = basedn to proxy in upstream server + newdn = basedn in local server + username = username to connect to upstream + password = password for upstream + + NOTE: this module is a complete hack at this stage. I am committing it just + so others can know how I am investigating mmc support + + */ + +#include "includes.h" +#include "ldb/include/ldb.h" +#include "ldb/include/ldb_private.h" +#include "lib/cmdline/popt_common.h" + +struct proxy_data { + struct ldb_context *upstream; + struct ldb_dn *olddn; + struct ldb_dn *newdn; + const char **oldstr; + const char **newstr; +}; + + +/* + load the @PROXYINFO record +*/ +static int load_proxy_info(struct ldb_module *module) +{ + struct proxy_data *proxy = talloc_get_type(module->private_data, struct proxy_data); + struct ldb_dn *dn; + struct ldb_message **msg; + int res; + const char *olddn, *newdn, *url, *username, *password, *oldstr, *newstr; + struct cli_credentials *creds; + + + /* see if we have already loaded it */ + if (proxy->upstream != NULL) { + return 0; + } + + dn = ldb_dn_explode(proxy, "@PROXYINFO"); + if (dn == NULL) { + goto failed; + } + res = ldb_search(module->ldb, dn, LDB_SCOPE_BASE, NULL, NULL, &msg); + talloc_free(dn); + if (res != 1) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "Can't find @PROXYINFO\n"); + goto failed; + } + + url = ldb_msg_find_string(msg[0], "url", NULL); + olddn = ldb_msg_find_string(msg[0], "olddn", NULL); + newdn = ldb_msg_find_string(msg[0], "newdn", NULL); + username = ldb_msg_find_string(msg[0], "username", NULL); + password = ldb_msg_find_string(msg[0], "password", NULL); + oldstr = ldb_msg_find_string(msg[0], "oldstr", NULL); + newstr = ldb_msg_find_string(msg[0], "newstr", NULL); + + if (url == NULL || olddn == NULL || newdn == NULL || username == NULL || password == NULL) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "Need url, olddn, newdn, oldstr, newstr, username and password in @PROXYINFO\n"); + goto failed; + } + + proxy->olddn = ldb_dn_explode(proxy, olddn); + if (proxy->olddn == NULL) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "Failed to explode olddn '%s'\n", olddn); + goto failed; + } + + proxy->newdn = ldb_dn_explode(proxy, newdn); + if (proxy->newdn == NULL) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "Failed to explode newdn '%s'\n", newdn); + goto failed; + } + + proxy->upstream = ldb_init(proxy); + if (proxy->upstream == NULL) { + ldb_oom(module->ldb); + goto failed; + } + + proxy->oldstr = str_list_make(proxy, oldstr, ", "); + if (proxy->oldstr == NULL) { + ldb_oom(module->ldb); + goto failed; + } + + proxy->newstr = str_list_make(proxy, newstr, ", "); + if (proxy->newstr == NULL) { + ldb_oom(module->ldb); + goto failed; + } + + /* setup credentials for connection */ + creds = cli_credentials_init(proxy->upstream); + if (creds == NULL) { + ldb_oom(module->ldb); + goto failed; + } + cli_credentials_guess(creds); + cli_credentials_set_username(creds, username, CRED_SPECIFIED); + cli_credentials_set_password(creds, password, CRED_SPECIFIED); + + ldb_set_opaque(proxy->upstream, "credentials", creds); + + res = ldb_connect(proxy->upstream, url, 0, NULL); + if (res != 0) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "proxy failed to connect to %s\n", url); + goto failed; + } + + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "proxy connected to %s\n", url); + + talloc_free(msg); + + return 0; + +failed: + talloc_free(msg); + talloc_free(proxy->olddn); + talloc_free(proxy->newdn); + talloc_free(proxy->upstream); + proxy->upstream = NULL; + return -1; +} + + +/* + convert a binary blob +*/ +static void proxy_convert_blob(TALLOC_CTX *mem_ctx, struct ldb_val *v, + const char *oldstr, const char *newstr) +{ + int len1, len2, len3; + uint8_t *olddata = v->data; + char *p = strcasestr((char *)v->data, oldstr); + + len1 = (p - (char *)v->data); + len2 = strlen(newstr); + len3 = v->length - (p+strlen(oldstr) - (char *)v->data); + v->length = len1+len2+len3; + v->data = talloc_size(mem_ctx, v->length); + memcpy(v->data, olddata, len1); + memcpy(v->data+len1, newstr, len2); + memcpy(v->data+len1+len2, olddata + len1 + strlen(oldstr), len3); +} + +/* + convert a returned value +*/ +static void proxy_convert_value(struct ldb_module *module, struct ldb_message *msg, struct ldb_val *v) +{ + struct proxy_data *proxy = talloc_get_type(module->private_data, struct proxy_data); + int i; + for (i=0;proxy->oldstr[i];i++) { + char *p = strcasestr((char *)v->data, proxy->oldstr[i]); + if (p == NULL) continue; + proxy_convert_blob(msg, v, proxy->oldstr[i], proxy->newstr[i]); + } +} + + +/* + convert a returned value +*/ +static struct ldb_parse_tree *proxy_convert_tree(struct ldb_module *module, + struct ldb_parse_tree *tree) +{ + struct proxy_data *proxy = talloc_get_type(module->private_data, struct proxy_data); + int i; + char *expression = ldb_filter_from_tree(module, tree); + for (i=0;proxy->newstr[i];i++) { + struct ldb_val v; + char *p = strcasestr(expression, proxy->newstr[i]); + if (p == NULL) continue; + v.data = (uint8_t *)expression; + v.length = strlen(expression)+1; + proxy_convert_blob(module, &v, proxy->newstr[i], proxy->oldstr[i]); + return ldb_parse_tree(module, (const char *)v.data); + } + return tree; +} + + + +/* + convert a returned record +*/ +static void proxy_convert_record(struct ldb_module *module, struct ldb_message *msg) +{ + struct proxy_data *proxy = talloc_get_type(module->private_data, struct proxy_data); + int attr, v; + + /* fix the message DN */ + if (ldb_dn_compare_base(module->ldb, proxy->olddn, msg->dn) == 0) { + struct ldb_dn *newdn = ldb_dn_copy(msg, msg->dn); + newdn->comp_num -= proxy->olddn->comp_num; + msg->dn = ldb_dn_compose(msg, newdn, proxy->newdn); + } + + /* fix any attributes */ + for (attr=0;attrnum_elements;attr++) { + for (v=0;velements[attr].num_values;v++) { + proxy_convert_value(module, msg, &msg->elements[attr].values[v]); + } + } + + /* fix any DN components */ + for (attr=0;attrnum_elements;attr++) { + for (v=0;velements[attr].num_values;v++) { + proxy_convert_value(module, msg, &msg->elements[attr].values[v]); + } + } +} + +/* search */ +static int proxy_search_bytree(struct ldb_module *module, const struct ldb_dn *base, + enum ldb_scope scope, struct ldb_parse_tree *tree, + const char * const *attrs, struct ldb_message ***res) +{ + struct proxy_data *proxy = talloc_get_type(module->private_data, struct proxy_data); + struct ldb_dn *newbase; + int ret, i; + + if (base == NULL || (base->comp_num == 1 && base->components[0].name[0] == '@')) { + goto passthru; + } + + if (load_proxy_info(module) != 0) { + return -1; + } + + /* see if the dn is within olddn */ + if (ldb_dn_compare_base(module->ldb, proxy->newdn, base) != 0) { + goto passthru; + } + + tree = proxy_convert_tree(module, tree); + + /* convert the basedn of this search */ + newbase = ldb_dn_copy(proxy, base); + if (newbase == NULL) { + goto failed; + } + newbase->comp_num -= proxy->newdn->comp_num; + newbase = ldb_dn_compose(proxy, newbase, proxy->olddn); + + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "proxying: '%s' with dn '%s' \n", + ldb_filter_from_tree(proxy, tree), ldb_dn_linearize(proxy, newbase)); + for (i=0;attrs && attrs[i];i++) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "attr: '%s'\n", attrs[i]); + } + + ret = ldb_search_bytree(proxy->upstream, newbase, scope, tree, attrs, res); + if (ret == -1) { + ldb_set_errstring(module, talloc_strdup(module, ldb_errstring(proxy->upstream))); + return -1; + } + + for (i=0;ildb, LDB_DEBUG_TRACE, "proxy failed for %s\n", + ldb_dn_linearize(proxy, base)); + +passthru: + return ldb_next_search_bytree(module, base, scope, tree, attrs, res); +} + + +static const struct ldb_module_ops proxy_ops = { + .name = "proxy", + .search_bytree = proxy_search_bytree +}; + +#ifdef HAVE_DLOPEN_DISABLED +struct ldb_module *init_module(struct ldb_context *ldb, const char *options[]) +#else +struct ldb_module *proxy_module_init(struct ldb_context *ldb, const char *options[]) +#endif +{ + struct ldb_module *ctx; + + ctx = talloc(ldb, struct ldb_module); + if (!ctx) + return NULL; + + ctx->ldb = ldb; + ctx->prev = ctx->next = NULL; + ctx->ops = &proxy_ops; + + ctx->private_data = talloc_zero(ctx, struct proxy_data); + if (ctx->private_data == NULL) { + return NULL; + } + + return ctx; +} -- cgit From a599edf04cbdeef9014923ba0d3713b8ff84f266 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 12 Oct 2005 06:10:23 +0000 Subject: r10913: This patch isn't as big as it looks ... most of the changes are fixes to make all the ldb code compile without warnings on gcc4. Unfortunately That required a lot of casts :-( I have also added the start of an 'operational' module, which will replace the timestamp module, plus add support for some other operational attributes In ldb_msg_*() I added some new utility functions to make the operational module sane, and remove the 'ldb' argument from the ldb_msg_add_*() functions. That argument was only needed back in the early days of ldb when we didn't use the hierarchical talloc and thus needed a place to get the allocation function from. Now its just a pain to pass around everywhere. Also added a ldb_debug_set() function that calls ldb_debug() plus sets the result using ldb_set_errstring(). That saves on some awkward coding in a few places. (This used to be commit f6818daecca95760c12f79fd307770cbe3346f57) --- source4/dsdb/samdb/ldb_modules/objectguid.c | 2 +- source4/dsdb/samdb/ldb_modules/samba3sam.c | 8 ++++---- source4/dsdb/samdb/ldb_modules/samldb.c | 17 +++++++++-------- 3 files changed, 14 insertions(+), 13 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/objectguid.c b/source4/dsdb/samdb/ldb_modules/objectguid.c index 7dc6a433c0..70bbaf179c 100644 --- a/source4/dsdb/samdb/ldb_modules/objectguid.c +++ b/source4/dsdb/samdb/ldb_modules/objectguid.c @@ -101,7 +101,7 @@ static int objectguid_add_record(struct ldb_module *module, const struct ldb_mes return -1; } - ret = ldb_msg_add_value(module->ldb, msg2, "objectGUID", &v); + ret = ldb_msg_add_value(msg2, "objectGUID", &v); if (ret) { return ret; } diff --git a/source4/dsdb/samdb/ldb_modules/samba3sam.c b/source4/dsdb/samdb/ldb_modules/samba3sam.c index a68f6f0640..5e88cd6469 100644 --- a/source4/dsdb/samdb/ldb_modules/samba3sam.c +++ b/source4/dsdb/samdb/ldb_modules/samba3sam.c @@ -55,17 +55,17 @@ static void generate_hashes (struct ldb_module *module, const char *local_attr, if (!upwd) return; - ldb_msg_add_string(module->ldb, remote_fb, local_attr, upwd); + ldb_msg_add_string(remote_fb, local_attr, upwd); val.length = 16; val.data = talloc_zero_size(module, val.length); E_md4hash(upwd, val.data); - ldb_msg_add_value(module->ldb, remote_mp, "sambaNTPassword", &val); + ldb_msg_add_value(remote_mp, "sambaNTPassword", &val); val.data = talloc_zero_size(module, val.length); E_deshash(upwd, val.data); - ldb_msg_add_value(module->ldb, remote_mp, "sambaLMPassword", &val); + ldb_msg_add_value(remote_mp, "sambaLMPassword", &val); } @@ -119,7 +119,7 @@ static void generate_sambaPrimaryGroupSID(struct ldb_module *module, const char sidstring = dom_sid_string(remote_mp, sid); talloc_free(sid); - ldb_msg_add_fmt(module->ldb, remote_mp, "sambaPrimaryGroupSID", "%s-%d", sidstring, ldb_msg_find_uint(local, "primaryGroupID", 0)); + ldb_msg_add_fmt(remote_mp, "sambaPrimaryGroupSID", "%s-%d", sidstring, ldb_msg_find_uint(local, "primaryGroupID", 0)); talloc_free(sidstring); } diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 906a2299f7..5ed84cc10d 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -107,17 +107,17 @@ static int samldb_allocate_next_rid(struct ldb_context *ldb, TALLOC_CTX *mem_ctx els[1].flags = LDB_FLAG_MOD_ADD; els[1].name = els[0].name; - vals[0].data = talloc_asprintf(mem_ctx, "%u", *id); + vals[0].data = (uint8_t *)talloc_asprintf(mem_ctx, "%u", *id); if (!vals[0].data) { return -1; } - vals[0].length = strlen(vals[0].data); + vals[0].length = strlen((char *)vals[0].data); - vals[1].data = talloc_asprintf(mem_ctx, "%u", (*id)+1); + vals[1].data = (uint8_t *)talloc_asprintf(mem_ctx, "%u", (*id)+1); if (!vals[1].data) { return -1; } - vals[1].length = strlen(vals[1].data); + vals[1].length = strlen((char *)vals[1].data); ret = ldb_modify(ldb, &msg); if (ret != 0) { @@ -240,7 +240,8 @@ static struct ldb_message_element *samldb_find_attribute(const struct ldb_messag return &msg->elements[i]; } for (j = 0; j < msg->elements[i].num_values; j++) { - if (strcasecmp(value, msg->elements[i].values[j].data) == 0) { + if (strcasecmp(value, + (char *)msg->elements[i].values[j].data) == 0) { return &msg->elements[i]; } } @@ -260,7 +261,7 @@ static BOOL samldb_msg_add_string(struct ldb_module *module, struct ldb_message return False; } - if (ldb_msg_add_string(module->ldb, msg, aname, aval) != 0) { + if (ldb_msg_add_string(msg, aname, aval) != 0) { return False; } @@ -276,7 +277,7 @@ static BOOL samldb_msg_add_sid(struct ldb_module *module, struct ldb_message *ms if (!NT_STATUS_IS_OK(status)) { return -1; } - return (ldb_msg_add_value(module->ldb, msg, name, &v) == 0); + return (ldb_msg_add_value(msg, name, &v) == 0); } static BOOL samldb_find_or_add_attribute(struct ldb_module *module, struct ldb_message *msg, const char *name, const char *value, const char *set_value) @@ -497,7 +498,7 @@ static struct ldb_message *samldb_fill_foreignSecurityPrincipal_object(struct ld } if ((attribute = samldb_find_attribute(msg2, "objectSid", NULL)) == NULL ) { - struct dom_sid *sid = dom_sid_parse_talloc(msg2, rdn->value.data); + struct dom_sid *sid = dom_sid_parse_talloc(msg2, (char *)rdn->value.data); if (sid == NULL) { ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_foreignSecurityPrincipal_object: internal error! Can't parse sid in CN\n"); return NULL; -- cgit From 5c9590587197dcb95007fdc54318187d5716c7c6 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Tue, 8 Nov 2005 00:11:45 +0000 Subject: r11567: Ldb API change patch. This patch changes the way lsb_search is called and the meaning of the returned integer. The last argument of ldb_search is changed from struct ldb_message to struct ldb_result which contains a pointer to a struct ldb_message list and a count of the number of messages. The return is not the count of messages anymore but instead it is an ldb error value. I tryed to keep the patch as tiny as possible bu as you can guess I had to change a good amount of places. I also tried to double check all my changes being sure that the calling functions would still behave as before. But this patch is big enough that I fear some bug may have been introduced anyway even if it passes the test suite. So if you are currently working on any file being touched please give it a deep look and blame me for any error. Simo. (This used to be commit 22c8c97e6fb466b41859e090e959d7f1134be780) --- source4/dsdb/samdb/ldb_modules/objectguid.c | 36 ++++++----- source4/dsdb/samdb/ldb_modules/proxy.c | 96 +++++++++++++++++------------ source4/dsdb/samdb/ldb_modules/samldb.c | 83 +++++++++++-------------- 3 files changed, 114 insertions(+), 101 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/objectguid.c b/source4/dsdb/samdb/ldb_modules/objectguid.c index 70bbaf179c..0d5ae69219 100644 --- a/source4/dsdb/samdb/ldb_modules/objectguid.c +++ b/source4/dsdb/samdb/ldb_modules/objectguid.c @@ -38,14 +38,6 @@ #include "ldb/include/ldb_private.h" #include "librpc/gen_ndr/ndr_misc.h" -static int objectguid_search_bytree(struct ldb_module *module, const struct ldb_dn *base, - enum ldb_scope scope, struct ldb_parse_tree *tree, - const char * const *attrs, struct ldb_message ***res) -{ - ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_search\n"); - return ldb_next_search_bytree(module, base, scope, tree, attrs, res); -} - static struct ldb_message_element *objectguid_find_attribute(const struct ldb_message *msg, const char *name) { int i; @@ -60,8 +52,9 @@ static struct ldb_message_element *objectguid_find_attribute(const struct ldb_me } /* add_record: add objectGUID attribute */ -static int objectguid_add_record(struct ldb_module *module, const struct ldb_message *msg) +static int objectguid_add(struct ldb_module *module, struct ldb_request *req) { + const struct ldb_message *msg = req->op.add.message; struct ldb_val v; struct ldb_message *msg2; struct ldb_message_element *attribute; @@ -72,11 +65,11 @@ static int objectguid_add_record(struct ldb_module *module, const struct ldb_mes ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_add_record\n"); if (ldb_dn_is_special(msg->dn)) { /* do not manipulate our control entries */ - return ldb_next_add_record(module, msg); + return ldb_next_request(module, req); } if ((attribute = objectguid_find_attribute(msg, "objectGUID")) != NULL ) { - return ldb_next_add_record(module, msg); + return ldb_next_request(module, req); } msg2 = talloc(module, struct ldb_message); @@ -106,16 +99,31 @@ static int objectguid_add_record(struct ldb_module *module, const struct ldb_mes return ret; } - ret = ldb_next_add_record(module, msg2); + req->op.add.message = msg2; + ret = ldb_next_request(module, req); + req->op.add.message = msg; + talloc_free(msg2); return ret; } +static int objectguid_request(struct ldb_module *module, struct ldb_request *req) +{ + switch (req->operation) { + + case LDB_REQ_ADD: + return objectguid_add(module, req); + + default: + return ldb_next_request(module, req); + + } +} + static const struct ldb_module_ops objectguid_ops = { .name = "objectguid", - .search_bytree = objectguid_search_bytree, - .add_record = objectguid_add_record + .request = objectguid_request }; diff --git a/source4/dsdb/samdb/ldb_modules/proxy.c b/source4/dsdb/samdb/ldb_modules/proxy.c index 4ef5e450aa..643ff5f3d0 100644 --- a/source4/dsdb/samdb/ldb_modules/proxy.c +++ b/source4/dsdb/samdb/ldb_modules/proxy.c @@ -39,6 +39,7 @@ #include "includes.h" #include "ldb/include/ldb.h" +#include "ldb/include/ldb_errors.h" #include "ldb/include/ldb_private.h" #include "lib/cmdline/popt_common.h" @@ -58,8 +59,8 @@ static int load_proxy_info(struct ldb_module *module) { struct proxy_data *proxy = talloc_get_type(module->private_data, struct proxy_data); struct ldb_dn *dn; - struct ldb_message **msg; - int res; + struct ldb_result *res; + int ret; const char *olddn, *newdn, *url, *username, *password, *oldstr, *newstr; struct cli_credentials *creds; @@ -73,20 +74,20 @@ static int load_proxy_info(struct ldb_module *module) if (dn == NULL) { goto failed; } - res = ldb_search(module->ldb, dn, LDB_SCOPE_BASE, NULL, NULL, &msg); + ret = ldb_search(module->ldb, dn, LDB_SCOPE_BASE, NULL, NULL, &res); talloc_free(dn); - if (res != 1) { + if (ret != LDB_SUCCESS || res->count != 1) { ldb_debug(module->ldb, LDB_DEBUG_FATAL, "Can't find @PROXYINFO\n"); goto failed; } - url = ldb_msg_find_string(msg[0], "url", NULL); - olddn = ldb_msg_find_string(msg[0], "olddn", NULL); - newdn = ldb_msg_find_string(msg[0], "newdn", NULL); - username = ldb_msg_find_string(msg[0], "username", NULL); - password = ldb_msg_find_string(msg[0], "password", NULL); - oldstr = ldb_msg_find_string(msg[0], "oldstr", NULL); - newstr = ldb_msg_find_string(msg[0], "newstr", NULL); + url = ldb_msg_find_string(res->msgs[0], "url", NULL); + olddn = ldb_msg_find_string(res->msgs[0], "olddn", NULL); + newdn = ldb_msg_find_string(res->msgs[0], "newdn", NULL); + username = ldb_msg_find_string(res->msgs[0], "username", NULL); + password = ldb_msg_find_string(res->msgs[0], "password", NULL); + oldstr = ldb_msg_find_string(res->msgs[0], "oldstr", NULL); + newstr = ldb_msg_find_string(res->msgs[0], "newstr", NULL); if (url == NULL || olddn == NULL || newdn == NULL || username == NULL || password == NULL) { ldb_debug(module->ldb, LDB_DEBUG_FATAL, "Need url, olddn, newdn, oldstr, newstr, username and password in @PROXYINFO\n"); @@ -135,20 +136,20 @@ static int load_proxy_info(struct ldb_module *module) ldb_set_opaque(proxy->upstream, "credentials", creds); - res = ldb_connect(proxy->upstream, url, 0, NULL); - if (res != 0) { + ret = ldb_connect(proxy->upstream, url, 0, NULL); + if (ret != 0) { ldb_debug(module->ldb, LDB_DEBUG_FATAL, "proxy failed to connect to %s\n", url); goto failed; } ldb_debug(module->ldb, LDB_DEBUG_TRACE, "proxy connected to %s\n", url); - talloc_free(msg); + talloc_free(res); return 0; failed: - talloc_free(msg); + talloc_free(res); talloc_free(proxy->olddn); talloc_free(proxy->newdn); talloc_free(proxy->upstream); @@ -246,15 +247,16 @@ static void proxy_convert_record(struct ldb_module *module, struct ldb_message * } /* search */ -static int proxy_search_bytree(struct ldb_module *module, const struct ldb_dn *base, - enum ldb_scope scope, struct ldb_parse_tree *tree, - const char * const *attrs, struct ldb_message ***res) +static int proxy_search_bytree(struct ldb_module *module, struct ldb_request *req) { struct proxy_data *proxy = talloc_get_type(module->private_data, struct proxy_data); - struct ldb_dn *newbase; + struct ldb_request newreq; + struct ldb_dn *base; int ret, i; - if (base == NULL || (base->comp_num == 1 && base->components[0].name[0] == '@')) { + if (req->op.search.base == NULL || + (req->op.search.base->comp_num == 1 && + req->op.search.base->components[0].name[0] == '@')) { goto passthru; } @@ -263,56 +265,72 @@ static int proxy_search_bytree(struct ldb_module *module, const struct ldb_dn *b } /* see if the dn is within olddn */ - if (ldb_dn_compare_base(module->ldb, proxy->newdn, base) != 0) { + if (ldb_dn_compare_base(module->ldb, proxy->newdn, req->op.search.base) != 0) { goto passthru; } - tree = proxy_convert_tree(module, tree); + newreq.op.search.tree = proxy_convert_tree(module, req->op.search.tree); /* convert the basedn of this search */ - newbase = ldb_dn_copy(proxy, base); - if (newbase == NULL) { + base = ldb_dn_copy(proxy, req->op.search.base); + if (base == NULL) { goto failed; } - newbase->comp_num -= proxy->newdn->comp_num; - newbase = ldb_dn_compose(proxy, newbase, proxy->olddn); + base->comp_num -= proxy->newdn->comp_num; + base = ldb_dn_compose(proxy, newreq.op.search.base, proxy->olddn); ldb_debug(module->ldb, LDB_DEBUG_FATAL, "proxying: '%s' with dn '%s' \n", - ldb_filter_from_tree(proxy, tree), ldb_dn_linearize(proxy, newbase)); - for (i=0;attrs && attrs[i];i++) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "attr: '%s'\n", attrs[i]); + ldb_filter_from_tree(proxy, newreq.op.search.tree), ldb_dn_linearize(proxy, newreq.op.search.base)); + for (i = 0; req->op.search.attrs && req->op.search.attrs[i]; i++) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "attr: '%s'\n", req->op.search.attrs[i]); } - - ret = ldb_search_bytree(proxy->upstream, newbase, scope, tree, attrs, res); - if (ret == -1) { + + newreq.op.search.base = base; + newreq.op.search.scope = req->op.search.scope; + newreq.op.search.attrs = req->op.search.attrs; + newreq.op.search.res = req->op.search.res; + ret = ldb_request(proxy->upstream, &newreq); + if (ret != LDB_SUCCESS) { ldb_set_errstring(module, talloc_strdup(module, ldb_errstring(proxy->upstream))); return -1; } - for (i=0;icount; i++) { struct ldb_ldif ldif; printf("# record %d\n", i+1); - proxy_convert_record(module, (*res)[i]); + proxy_convert_record(module, (*newreq.op.search.res)->msgs[i]); ldif.changetype = LDB_CHANGETYPE_NONE; - ldif.msg = (*res)[i]; + ldif.msg = (*newreq.op.search.res)->msgs[i]; } return ret; failed: ldb_debug(module->ldb, LDB_DEBUG_TRACE, "proxy failed for %s\n", - ldb_dn_linearize(proxy, base)); + ldb_dn_linearize(proxy, req->op.search.base)); passthru: - return ldb_next_search_bytree(module, base, scope, tree, attrs, res); + return ldb_next_request(module, req); } +static int proxy_request(struct ldb_module *module, struct ldb_request *req) +{ + switch (req->operation) { + + case LDB_REQ_SEARCH: + return proxy_search_bytree(module, req); + + default: + return ldb_next_request(module, req); + + } +} static const struct ldb_module_ops proxy_ops = { - .name = "proxy", - .search_bytree = proxy_search_bytree + .name = "proxy", + .request = proxy_request }; #ifdef HAVE_DLOPEN_DISABLED diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 5ed84cc10d..bb69b86e1d 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -34,20 +34,13 @@ #include "includes.h" #include "lib/ldb/include/ldb.h" +#include "lib/ldb/include/ldb_errors.h" #include "lib/ldb/include/ldb_private.h" #include "system/time.h" #include "librpc/gen_ndr/ndr_security.h" #define SAM_ACCOUNT_NAME_BASE "$000000-000000000000" -static int samldb_search_bytree(struct ldb_module *module, const struct ldb_dn *base, - enum ldb_scope scope, struct ldb_parse_tree *tree, - const char * const *attrs, struct ldb_message ***res) -{ - ldb_debug(module->ldb, LDB_DEBUG_TRACE, "samldb_search\n"); - return ldb_next_search_bytree(module, base, scope, tree, attrs, res); -} - /* allocate a new id, attempting to do it atomically return 0 on failure, the id on success @@ -56,7 +49,7 @@ static int samldb_allocate_next_rid(struct ldb_context *ldb, TALLOC_CTX *mem_ctx const struct ldb_dn *dn, uint32_t *id) { const char * const attrs[2] = { "nextRid", NULL }; - struct ldb_message **res = NULL; + struct ldb_result *res = NULL; struct ldb_message msg; int ret; const char *str; @@ -64,11 +57,11 @@ static int samldb_allocate_next_rid(struct ldb_context *ldb, TALLOC_CTX *mem_ctx struct ldb_message_element els[2]; ret = ldb_search(ldb, dn, LDB_SCOPE_BASE, "nextRid=*", attrs, &res); - if (ret != 1) { + if (ret != LDB_SUCCESS || res->count != 1) { if (res) talloc_free(res); return -1; } - str = ldb_msg_find_string(res[0], "nextRid", NULL); + str = ldb_msg_find_string(res->msgs[0], "nextRid", NULL); if (str == NULL) { ldb_debug(ldb, LDB_DEBUG_FATAL, "attribute nextRid not found in %s\n", ldb_dn_linearize(res, dn)); talloc_free(res); @@ -133,7 +126,7 @@ static struct ldb_dn *samldb_search_domain(struct ldb_module *module, TALLOC_CTX { TALLOC_CTX *local_ctx; struct ldb_dn *sdn; - struct ldb_message **res = NULL; + struct ldb_result *res = NULL; int ret = 0; local_ctx = talloc_named(mem_ctx, 0, "samldb_search_domain memory conext"); @@ -144,12 +137,12 @@ static struct ldb_dn *samldb_search_domain(struct ldb_module *module, TALLOC_CTX ret = ldb_search(module->ldb, sdn, LDB_SCOPE_BASE, "objectClass=domain", NULL, &res); talloc_free(res); - if (ret == 1) + if (ret == LDB_SUCCESS && res->count == 1) break; } while ((sdn = ldb_dn_get_parent(local_ctx, sdn))); - if (ret != 1) { + if (ret != LDB_SUCCESS || res->count != 1) { talloc_free(local_ctx); return NULL; } @@ -168,7 +161,7 @@ static struct dom_sid *samldb_get_new_sid(struct ldb_module *module, TALLOC_CTX *mem_ctx, const struct ldb_dn *obj_dn) { const char * const attrs[2] = { "objectSid", NULL }; - struct ldb_message **res = NULL; + struct ldb_result *res = NULL; const struct ldb_dn *dom_dn; uint32_t rid; int ret; @@ -191,13 +184,13 @@ static struct dom_sid *samldb_get_new_sid(struct ldb_module *module, /* find the domain sid */ ret = ldb_search(module->ldb, dom_dn, LDB_SCOPE_BASE, "objectSid=*", attrs, &res); - if (ret != 1) { + if (ret != LDB_SUCCESS || res->count != 1) { ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_get_new_sid: error retrieving domain sid!\n"); talloc_free(res); return NULL; } - dom_sid = samdb_result_dom_sid(res, res[0], "objectSid"); + dom_sid = samdb_result_dom_sid(res, res->msgs[0], "objectSid"); if (dom_sid == NULL) { ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_get_new_sid: error retrieving domain sid!\n"); talloc_free(res); @@ -290,17 +283,18 @@ static BOOL samldb_find_or_add_attribute(struct ldb_module *module, struct ldb_m static int samldb_copy_template(struct ldb_module *module, struct ldb_message *msg, const char *filter) { - struct ldb_message **res, *t; + struct ldb_result *res; + struct ldb_message *t; int ret, i, j; /* pull the template record */ ret = ldb_search(module->ldb, NULL, LDB_SCOPE_SUBTREE, filter, NULL, &res); - if (ret != 1) { - ldb_debug(module->ldb, LDB_DEBUG_WARNING, "samldb: ERROR: template '%s' matched %d records\n", filter, ret); + if (ret != LDB_SUCCESS || res->count != 1) { + ldb_debug(module->ldb, LDB_DEBUG_WARNING, "samldb: ERROR: template '%s' matched too many records\n", filter); return -1; } - t = res[0]; + t = res->msgs[0]; for (i = 0; i < t->num_elements; i++) { struct ldb_message_element *el = &t->elements[i]; @@ -515,8 +509,9 @@ static struct ldb_message *samldb_fill_foreignSecurityPrincipal_object(struct ld } /* add_record */ -static int samldb_add_record(struct ldb_module *module, const struct ldb_message *msg) +static int samldb_add(struct ldb_module *module, struct ldb_request *req) { + const struct ldb_message *msg = req->op.add.message; struct ldb_message *msg2 = NULL; int ret; @@ -524,7 +519,7 @@ static int samldb_add_record(struct ldb_module *module, const struct ldb_message if (ldb_dn_is_special(msg->dn)) { /* do not manipulate our control entries */ - return ldb_next_add_record(module, msg); + return ldb_next_request(module, req); } /* is user or computer? add all relevant missing objects */ @@ -541,47 +536,39 @@ static int samldb_add_record(struct ldb_module *module, const struct ldb_message } if (msg2) { - ret = ldb_next_add_record(module, msg2); + req->op.add.message = msg2; + ret = ldb_next_request(module, req); + req->op.add.message = msg; } else { - ret = ldb_next_add_record(module, msg); + ret = ldb_next_request(module, req); } return ret; } -/* modify_record: change modifyTimestamp as well */ -static int samldb_modify_record(struct ldb_module *module, const struct ldb_message *msg) +static int samldb_destructor(void *module_ctx) { - ldb_debug(module->ldb, LDB_DEBUG_TRACE, "samldb_modify_record\n"); - return ldb_next_modify_record(module, msg); + /* struct ldb_module *ctx = module_ctx; */ + /* put your clean-up functions here */ + return 0; } -static int samldb_delete_record(struct ldb_module *module, const struct ldb_dn *dn) +static int samldb_request(struct ldb_module *module, struct ldb_request *req) { - ldb_debug(module->ldb, LDB_DEBUG_TRACE, "samldb_delete_record\n"); - return ldb_next_delete_record(module, dn); -} + switch (req->operation) { -static int samldb_rename_record(struct ldb_module *module, const struct ldb_dn *olddn, const struct ldb_dn *newdn) -{ - ldb_debug(module->ldb, LDB_DEBUG_TRACE, "samldb_rename_record\n"); - return ldb_next_rename_record(module, olddn, newdn); -} + case LDB_REQ_ADD: + return samldb_add(module, req); -static int samldb_destructor(void *module_ctx) -{ - /* struct ldb_module *ctx = module_ctx; */ - /* put your clean-up functions here */ - return 0; + default: + return ldb_next_request(module, req); + + } } static const struct ldb_module_ops samldb_ops = { .name = "samldb", - .search_bytree = samldb_search_bytree, - .add_record = samldb_add_record, - .modify_record = samldb_modify_record, - .delete_record = samldb_delete_record, - .rename_record = samldb_rename_record + .request = samldb_request }; -- cgit From 9a52d1a467c9ba601ab85a064bdb3d8732f53efd Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 9 Nov 2005 05:19:57 +0000 Subject: r11592: fixed a crash bug from the ldb_result changes (res was being used after being freed) (This used to be commit 5c7f3fef3e2324f0d1edda0f0f06f662bbcf7e08) --- source4/dsdb/samdb/ldb_modules/samldb.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index bb69b86e1d..6f98298f6b 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -129,17 +129,15 @@ static struct ldb_dn *samldb_search_domain(struct ldb_module *module, TALLOC_CTX struct ldb_result *res = NULL; int ret = 0; - local_ctx = talloc_named(mem_ctx, 0, "samldb_search_domain memory conext"); + local_ctx = talloc_new(mem_ctx); if (local_ctx == NULL) return NULL; sdn = ldb_dn_copy(local_ctx, dn); do { ret = ldb_search(module->ldb, sdn, LDB_SCOPE_BASE, "objectClass=domain", NULL, &res); - talloc_free(res); - + talloc_steal(local_ctx, res); if (ret == LDB_SUCCESS && res->count == 1) break; - } while ((sdn = ldb_dn_get_parent(local_ctx, sdn))); if (ret != LDB_SUCCESS || res->count != 1) { @@ -451,6 +449,10 @@ static struct ldb_message *samldb_fill_user_or_computer_object(struct ldb_module return NULL; } + /* + useraccountcontrol: setting value 0 gives 0x200 for users + */ + /* TODO: objectCategory, userAccountControl, badPwdCount, codePage, countryCode, badPasswordTime, lastLogoff, lastLogon, pwdLastSet, primaryGroupID, accountExpires, logonCount */ return msg2; -- cgit From 7b1850a411e22e5f096df9a201fb5e47bc50a912 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 29 Nov 2005 08:50:52 +0000 Subject: r11952: added a rootdse module. This will replace the existing rootdse code in the ldap server. The reason for the change is that ldb modules need some way to get at the static info stored in the rootDSE (such as the location of the schema) but they can't do that right now (This used to be commit 7e226383f2cd2ce9bb3983ab6a3de454649f8a15) --- source4/dsdb/samdb/ldb_modules/config.mk | 52 +++++++++++ source4/dsdb/samdb/ldb_modules/rootdse.c | 149 +++++++++++++++++++++++++++++++ 2 files changed, 201 insertions(+) create mode 100644 source4/dsdb/samdb/ldb_modules/config.mk create mode 100644 source4/dsdb/samdb/ldb_modules/rootdse.c (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk new file mode 100644 index 0000000000..48296dd18b --- /dev/null +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -0,0 +1,52 @@ +################################################ +# Start MODULE libldb_objectguid +[MODULE::libldb_objectguid] +SUBSYSTEM = LIBLDB +INIT_OBJ_FILES = \ + objectguid.o +REQUIRED_SUBSYSTEMS = \ + LIBNDR NDR_MISC +# End MODULE libldb_objectguid +################################################ + +################################################ +# Start MODULE libldb_samldb +[MODULE::libldb_samldb] +SUBSYSTEM = LIBLDB +INIT_OBJ_FILES = \ + samldb.o +# +# End MODULE libldb_samldb +################################################ + +################################################ +# Start MODULE libldb_samba3sam +[MODULE::libldb_samba3sam] +SUBSYSTEM = LIBLDB +INIT_OBJ_FILES = \ + samba3sam.o +# +# End MODULE libldb_samldb +################################################ + +################################################ +# Start MODULE libldb_proxy +[MODULE::libldb_proxy] +SUBSYSTEM = LIBLDB +INIT_OBJ_FILES = \ + proxy.o +# +# End MODULE libldb_proxy +################################################ + + +################################################ +# Start MODULE libldb_rootdse +[MODULE::libldb_rootdse] +SUBSYSTEM = LIBLDB +INIT_OBJ_FILES = \ + rootdse.o +# +# End MODULE libldb_rootdse +################################################ + diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c new file mode 100644 index 0000000000..b0a21efea4 --- /dev/null +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -0,0 +1,149 @@ +/* + Unix SMB/CIFS implementation. + + rootDSE ldb module + + Copyright (C) Andrew Tridgell 2005 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" +#include "lib/ldb/include/ldb.h" +#include "lib/ldb/include/ldb_errors.h" +#include "lib/ldb/include/ldb_private.h" +#include + +/* + return 1 if a specific attribute has been requested +*/ +static int do_attribute(const char * const *attrs, const char *name) +{ + return attrs == NULL || + ldb_attr_in_list(attrs, name) || + ldb_attr_in_list(attrs, "*"); +} + +/* + add dynamically generated attributes to rootDSE result +*/ +static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_request *req) +{ + struct ldb_search *s = &req->op.search; + struct ldb_message *msg; + + /* this is gross, and will be removed when I change ldb_result not + to be so pointer crazy :-) */ + if (s->res[0][0].msgs == NULL) { + return LDB_SUCCESS; + } + + msg = s->res[0][0].msgs[0]; + + msg->dn = ldb_dn_explode(msg, ""); + + if (do_attribute(s->attrs, "currentTime")) { + if (ldb_msg_add_string(msg, "currentTime", + ldb_timestring(msg, time(NULL))) != 0) { + goto failed; + } + } + + /* TODO: lots more dynamic attributes should be added here */ + + return 0; + +failed: + return LDB_ERR_OPERATIONS_ERROR; +} + +/* + handle search requests +*/ +static int rootdse_search_bytree(struct ldb_module *module, struct ldb_request *req) +{ +// struct ldb_request r = *req; + struct ldb_search *s = &req->op.search; + int ret; + TALLOC_CTX *tmp_ctx; + + /* see if its for the rootDSE */ + if (s->scope != LDB_SCOPE_BASE || + (s->base && s->base->comp_num != 0)) { + return ldb_next_request(module, req); + } + + tmp_ctx = talloc_new(module); + + /* in our db we store the rootDSE with a DN of cn=rootDSE */ + s->base = ldb_dn_explode(tmp_ctx, "cn=rootDSE"); + s->tree = ldb_parse_tree(tmp_ctx, "dn=*"); + if (s->base == NULL || s->tree == NULL) { + ldb_oom(module->ldb); + talloc_free(tmp_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + + /* grab the static contents of the record */ + ret = ldb_next_request(module, req); + + req->op.search.res = s->res; + + if (ret == LDB_SUCCESS) { + ret = rootdse_add_dynamic(module, req); + } + + talloc_free(tmp_ctx); + + return ret; +} + + +static int rootdse_request(struct ldb_module *module, struct ldb_request *req) +{ + switch (req->operation) { + case LDB_REQ_SEARCH: + return rootdse_search_bytree(module, req); + default: + break; + } + return ldb_next_request(module, req); +} + +static const struct ldb_module_ops rootdse_ops = { + .name = "rootdse", + .request = rootdse_request +}; + +#ifdef HAVE_DLOPEN_DISABLED +struct ldb_module *init_module(struct ldb_context *ldb, const char *options[]) +#else +struct ldb_module *rootdse_module_init(struct ldb_context *ldb, const char *options[]) +#endif +{ + struct ldb_module *ctx; + + ctx = talloc(ldb, struct ldb_module); + if (!ctx) + return NULL; + + ctx->ldb = ldb; + ctx->prev = ctx->next = NULL; + ctx->ops = &rootdse_ops; + ctx->private_data = NULL; + + return ctx; +} + -- cgit From b77685a4ae40e6619d82af98e0def173b4f4b7ec Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 29 Nov 2005 10:12:01 +0000 Subject: r11957: fixed up code meant for debugging (This used to be commit 8ca85842579a8a1d8f60259812d04eb7ee27d7aa) --- source4/dsdb/samdb/ldb_modules/rootdse.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index b0a21efea4..df12011d89 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -74,8 +74,8 @@ failed: */ static int rootdse_search_bytree(struct ldb_module *module, struct ldb_request *req) { -// struct ldb_request r = *req; - struct ldb_search *s = &req->op.search; + struct ldb_request r = *req; + struct ldb_search *s = &r.op.search; int ret; TALLOC_CTX *tmp_ctx; @@ -97,7 +97,7 @@ static int rootdse_search_bytree(struct ldb_module *module, struct ldb_request * } /* grab the static contents of the record */ - ret = ldb_next_request(module, req); + ret = ldb_next_request(module, &r); req->op.search.res = s->res; -- cgit From 6eabad9c9d977c1c5c6ecf7494a0be42ad113d23 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 29 Nov 2005 12:34:03 +0000 Subject: r11958: - fixed memory leaks in the ldb_result handling in ldb operations - removed an unnecessary level of pointer in ldb_search structure (This used to be commit b8d4afb14a18dfd8bac79882a035e74d3ed312bd) --- source4/dsdb/samdb/ldb_modules/proxy.c | 6 +++--- source4/dsdb/samdb/ldb_modules/rootdse.c | 9 ++++----- 2 files changed, 7 insertions(+), 8 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/proxy.c b/source4/dsdb/samdb/ldb_modules/proxy.c index 643ff5f3d0..a567db689d 100644 --- a/source4/dsdb/samdb/ldb_modules/proxy.c +++ b/source4/dsdb/samdb/ldb_modules/proxy.c @@ -295,14 +295,14 @@ static int proxy_search_bytree(struct ldb_module *module, struct ldb_request *re return -1; } - for (i = 0; i < (*newreq.op.search.res)->count; i++) { + for (i = 0; i < newreq.op.search.res->count; i++) { struct ldb_ldif ldif; printf("# record %d\n", i+1); - proxy_convert_record(module, (*newreq.op.search.res)->msgs[i]); + proxy_convert_record(module, newreq.op.search.res->msgs[i]); ldif.changetype = LDB_CHANGETYPE_NONE; - ldif.msg = (*newreq.op.search.res)->msgs[i]; + ldif.msg = newreq.op.search.res->msgs[i]; } return ret; diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index df12011d89..4032aee8b2 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -46,11 +46,11 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_request *re /* this is gross, and will be removed when I change ldb_result not to be so pointer crazy :-) */ - if (s->res[0][0].msgs == NULL) { + if (s->res->msgs == NULL) { return LDB_SUCCESS; } - msg = s->res[0][0].msgs[0]; + msg = s->res->msgs[0]; msg->dn = ldb_dn_explode(msg, ""); @@ -74,8 +74,7 @@ failed: */ static int rootdse_search_bytree(struct ldb_module *module, struct ldb_request *req) { - struct ldb_request r = *req; - struct ldb_search *s = &r.op.search; + struct ldb_search *s = &req->op.search; int ret; TALLOC_CTX *tmp_ctx; @@ -97,7 +96,7 @@ static int rootdse_search_bytree(struct ldb_module *module, struct ldb_request * } /* grab the static contents of the record */ - ret = ldb_next_request(module, &r); + ret = ldb_next_request(module, req); req->op.search.res = s->res; -- cgit From 77f4910b57db6264d5b6b7f67cab3518a2f2ca4a Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 22 Dec 2005 09:32:26 +0000 Subject: r12427: Move SAMR CreateUser2 to transactions, and re-add support for different computer account types. (Earlier code changes removed the BDC case). We don't use the TemplateDomainController, so just have a TemplateServer in provision_templates.ldif Andrew Bartlett (This used to be commit c4520ba2e6fad42a137983a2e1dbcd9c26db74e9) --- source4/dsdb/samdb/ldb_modules/samldb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 6f98298f6b..a959cc9bb4 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -406,7 +406,7 @@ static struct ldb_message *samldb_fill_user_or_computer_object(struct ldb_module } if (samldb_find_attribute(msg, "objectclass", "computer") != NULL) { - if (samldb_copy_template(module, msg2, "(&(CN=TemplateMemberServer)(objectclass=userTemplate))") != 0) { + if (samldb_copy_template(module, msg2, "(&(CN=TemplateServer)(objectclass=userTemplate))") != 0) { ldb_debug(module->ldb, LDB_DEBUG_WARNING, "samldb_fill_user_or_computer_object: Error copying computer template!\n"); return NULL; } -- cgit From d8e35f882879e189f55b3bca818dd44cc5f0c6fa Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 26 Dec 2005 18:03:50 +0000 Subject: r12498: Eliminate INIT_OBJ_FILES and ADD_OBJ_FILES. We were not using the difference between these at all, and in the future the fact that INIT_OBJ_FILES include smb_build.h will be sufficient to have recompiles at the right time. (This used to be commit b24f2583edee38abafa58578d8b5c4b43e517def) --- source4/dsdb/samdb/ldb_modules/config.mk | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index 48296dd18b..3d20bff809 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -2,7 +2,7 @@ # Start MODULE libldb_objectguid [MODULE::libldb_objectguid] SUBSYSTEM = LIBLDB -INIT_OBJ_FILES = \ +OBJ_FILES = \ objectguid.o REQUIRED_SUBSYSTEMS = \ LIBNDR NDR_MISC @@ -13,7 +13,7 @@ REQUIRED_SUBSYSTEMS = \ # Start MODULE libldb_samldb [MODULE::libldb_samldb] SUBSYSTEM = LIBLDB -INIT_OBJ_FILES = \ +OBJ_FILES = \ samldb.o # # End MODULE libldb_samldb @@ -23,7 +23,7 @@ INIT_OBJ_FILES = \ # Start MODULE libldb_samba3sam [MODULE::libldb_samba3sam] SUBSYSTEM = LIBLDB -INIT_OBJ_FILES = \ +OBJ_FILES = \ samba3sam.o # # End MODULE libldb_samldb @@ -33,7 +33,7 @@ INIT_OBJ_FILES = \ # Start MODULE libldb_proxy [MODULE::libldb_proxy] SUBSYSTEM = LIBLDB -INIT_OBJ_FILES = \ +OBJ_FILES = \ proxy.o # # End MODULE libldb_proxy @@ -44,7 +44,7 @@ INIT_OBJ_FILES = \ # Start MODULE libldb_rootdse [MODULE::libldb_rootdse] SUBSYSTEM = LIBLDB -INIT_OBJ_FILES = \ +OBJ_FILES = \ rootdse.o # # End MODULE libldb_rootdse -- cgit From 2cd5ca7d25f12aa9198bf8c2deb6aea282f573ee Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 28 Dec 2005 15:38:36 +0000 Subject: r12542: Move some more prototypes out to seperate headers (This used to be commit 0aca5fd5130d980d07398f3291d294202aefe3c2) --- source4/dsdb/samdb/ldb_modules/samldb.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index a959cc9bb4..cc4465b17d 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -38,6 +38,7 @@ #include "lib/ldb/include/ldb_private.h" #include "system/time.h" #include "librpc/gen_ndr/ndr_security.h" +#include "dsdb/samdb/samdb.h" #define SAM_ACCOUNT_NAME_BASE "$000000-000000000000" -- cgit From 1c027f35d70b0719ba671034e897834b4bed9c4f Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 30 Dec 2005 08:36:25 +0000 Subject: r12598: Make the 'objectClass' part of the templating process actually work. We need to add to the multivalued objectClass, not ignore it because the user has already specified a value. Also rename the template again. This was caught by more stringent tests in the unicodePwd module, but breaks MMC. A later commit will sort the objectClass. Andrew Bartlett (This used to be commit 0aaff059ba76c7eee86f37bfd74735c1c365d55f) --- source4/dsdb/samdb/ldb_modules/samldb.c | 43 ++++++++++++++++++++------------- 1 file changed, 26 insertions(+), 17 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index cc4465b17d..84ffcdd1be 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -305,22 +305,31 @@ static int samldb_copy_template(struct ldb_module *module, struct ldb_message *m continue; } for (j = 0; j < el->num_values; j++) { - if (strcasecmp(el->name, "objectClass") == 0 && - (strcasecmp((char *)el->values[j].data, "Template") == 0 || - strcasecmp((char *)el->values[j].data, "userTemplate") == 0 || - strcasecmp((char *)el->values[j].data, "groupTemplate") == 0 || - strcasecmp((char *)el->values[j].data, "foreignSecurityPrincipalTemplate") == 0 || - strcasecmp((char *)el->values[j].data, "aliasTemplate") == 0 || - strcasecmp((char *)el->values[j].data, "trustedDomainTemplate") == 0 || - strcasecmp((char *)el->values[j].data, "secretTemplate") == 0)) { - continue; - } - if ( ! samldb_find_or_add_attribute(module, msg, el->name, - NULL, - (char *)el->values[j].data)) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "Attribute adding failed...\n"); - talloc_free(res); - return -1; + if (strcasecmp(el->name, "objectClass") == 0) { + if (strcasecmp((char *)el->values[j].data, "Template") == 0 || + strcasecmp((char *)el->values[j].data, "userTemplate") == 0 || + strcasecmp((char *)el->values[j].data, "groupTemplate") == 0 || + strcasecmp((char *)el->values[j].data, "foreignSecurityPrincipalTemplate") == 0 || + strcasecmp((char *)el->values[j].data, "aliasTemplate") == 0 || + strcasecmp((char *)el->values[j].data, "trustedDomainTemplate") == 0 || + strcasecmp((char *)el->values[j].data, "secretTemplate") == 0) { + continue; + } + if ( ! samldb_find_or_add_attribute(module, msg, el->name, + (char *)el->values[j].data, + (char *)el->values[j].data)) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "Attribute adding failed...\n"); + talloc_free(res); + return -1; + } + } else { + if ( ! samldb_find_or_add_attribute(module, msg, el->name, + NULL, + (char *)el->values[j].data)) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "Attribute adding failed...\n"); + talloc_free(res); + return -1; + } } } } @@ -407,7 +416,7 @@ static struct ldb_message *samldb_fill_user_or_computer_object(struct ldb_module } if (samldb_find_attribute(msg, "objectclass", "computer") != NULL) { - if (samldb_copy_template(module, msg2, "(&(CN=TemplateServer)(objectclass=userTemplate))") != 0) { + if (samldb_copy_template(module, msg2, "(&(CN=TemplateComputer)(objectclass=userTemplate))") != 0) { ldb_debug(module->ldb, LDB_DEBUG_WARNING, "samldb_fill_user_or_computer_object: Error copying computer template!\n"); return NULL; } -- cgit From c82c9fe7bb47aa95d112159e46e79f52afe6f58d Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 30 Dec 2005 08:40:16 +0000 Subject: r12599: This new LDB module (and associated changes) allows Samba4 to operate using pre-calculated passwords for all kerberos key types. (Previously we could only use these for the NT# type). The module handles all of the hash/string2key tasks for all parts of Samba, which was previously in the rpc_server/samr/samr_password.c code. We also update the msDS-KeyVersionNumber, and the password history. This new module can be called at provision time, which ensures we start with a database that is consistent in this respect. By ensuring that the krb5key attribute is the only one we need to retrieve, this also simplifies the run-time KDC logic. (Each value of the multi-valued attribute is encoded as a 'Key' in ASN.1, using the definition from Heimdal's HDB. This simplfies the KDC code.). It is hoped that this will speed up the KDC enough that it can again operate under valgrind. (This used to be commit e9022743210b59f19f370d772e532e0f08bfebd9) --- source4/dsdb/samdb/ldb_modules/config.mk | 12 + source4/dsdb/samdb/ldb_modules/password_hash.c | 711 +++++++++++++++++++++++++ 2 files changed, 723 insertions(+) create mode 100644 source4/dsdb/samdb/ldb_modules/password_hash.c (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index 3d20bff809..f9c267e2db 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -50,3 +50,15 @@ OBJ_FILES = \ # End MODULE libldb_rootdse ################################################ +################################################ +# Start MODULE libldb_password_hash +[MODULE::libldb_password_hash] +SUBSYSTEM = LIBLDB +OBJ_FILES = \ + password_hash.o +REQUIRED_SUBSYSTEMS = \ + HEIMDAL_HDB HEIMDAL_KRB5 +# +# End MODULE libldb_rootdse +################################################ + diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c new file mode 100644 index 0000000000..bb42a0e634 --- /dev/null +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -0,0 +1,711 @@ +/* + ldb database module + + Copyright (C) Simo Sorce 2004 + Copyright (C) Andrew Bartlett 2005 + Copyright (C) Andrew Tridgell 2004 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +/* + * Name: ldb + * + * Component: ldb password_hash module + * + * Description: correctly update hash values based on changes to unicodePwd and friends + * + * Author: Andrew Bartlett + */ + +#include "includes.h" +#include "libcli/ldap/ldap.h" +#include "ldb/include/ldb_errors.h" +#include "ldb/include/ldb_private.h" +#include "librpc/gen_ndr/ndr_misc.h" +#include "librpc/gen_ndr/ndr_samr.h" +#include "system/kerberos.h" +#include "auth/kerberos/kerberos.h" +#include "system/time.h" +#include "dsdb/samdb/samdb.h" +#include "ads.h" +#include "hdb.h" + +/* If we have decided there is reason to work on this request, then + * setup all the password hash types correctly. + * + * If the administrator doesn't want the unicodePwd stored (set in the + * domain and per-account policies) then we must strip that out before + * we do the first operation. + * + * Once this is done (which could update anything at all), we + * calculate the password hashes. + * + * This function must not only update the ntPwdHash, lmPwdHash and + * krb5Key fields, it must also atomicly increment the + * msDS-KeyVersionNumber. We should be in a transaction, so all this + * should be quite safe... + * + * Finally, if the administrator has requested that a password history + * be maintained, then this should also be written out. + * + */ + + +static int password_hash_handle(struct ldb_module *module, struct ldb_request *req, + const struct ldb_message *msg) +{ + int ret, old_ret = -1; + uint_t pwdProperties, pwdHistoryLength; + uint_t userAccountControl; + const char *dnsDomain, *realm; + const char *unicodePwd; + struct samr_Password *lmPwdHistory, *ntPwdHistory; + struct samr_Password *lmPwdHash, *ntPwdHash; + struct samr_Password *lmOldHash = NULL, *ntOldHash = NULL; + struct samr_Password *new_lmPwdHistory, *new_ntPwdHistory; + struct samr_Password local_lmNewHash, local_ntNewHash; + int lmPwdHistory_len, ntPwdHistory_len; + uint_t kvno; + struct dom_sid *domain_sid; + time_t now = time(NULL); + NTTIME now_nt; + int i; + krb5_error_code krb5_ret; + + struct smb_krb5_context *smb_krb5_context; + + struct ldb_message_element *attribute; + struct ldb_dn *dn = msg->dn; + struct ldb_message *msg2; + + struct ldb_request search_request; + struct ldb_request modify_request; + struct ldb_request modified_orig_request; + struct ldb_result *res, *dom_res, *old_res; + + struct ldb_message_element *objectclasses; + struct ldb_val computer_val; + struct ldb_val person_val; + BOOL is_computer; + + struct ldb_message *modify_msg; + + const char *domain_expression; + const char *old_user_attrs[] = { "lmPwdHash", "ntPwdHash", NULL }; + const char *user_attrs[] = { "userAccountControl", "lmPwdHistory", + "ntPwdHistory", + "ntPwdHash", + "objectSid", "msDS-KeyVersionNumber", + "objectClass", "userPrincipalName", + "samAccountName", + NULL }; + const char * const domain_attrs[] = { "pwdProperties", "pwdHistoryLength", + "dnsDomain", NULL }; + + TALLOC_CTX *mem_ctx; + + /* Do the original action */ + + /* If no part of this touches the unicodePwd, then we don't + * need to make any changes. For password changes/set there should + * be a 'delete' or a 'modify' on this attribute. */ + if ((attribute = ldb_msg_find_element(msg, "unicodePwd")) == NULL ) { + return ldb_next_request(module, req); + } + + mem_ctx = talloc_new(module); + if (!mem_ctx) { + return LDB_ERR_OPERATIONS_ERROR; + } + + if (req->operation == LDB_REQ_MODIFY) { + /* Look up the old ntPwdHash and lmPwdHash values, so + * we can later place these into the password + * history */ + + search_request.operation = LDB_REQ_SEARCH; + search_request.op.search.base = dn; + search_request.op.search.scope = LDB_SCOPE_BASE; + search_request.op.search.tree = ldb_parse_tree(module->ldb, NULL); + search_request.op.search.attrs = old_user_attrs; + + old_ret = ldb_next_request(module, &search_request); + } + + /* we can't change things untill we copy it */ + msg2 = ldb_msg_copy_shallow(mem_ctx, msg); + + /* look again, this time at the copied attribute */ + if (!msg2 || (attribute = ldb_msg_find_element(msg2, "unicodePwd")) == NULL ) { + /* Gah? where did it go? Oh well... */ + return LDB_ERR_OPERATIONS_ERROR; + } + + /* Wipe out the unicodePwd attribute set, we will handle it in + * the second modify. We might not want it written to disk */ + + if (req->operation == LDB_REQ_ADD) { + if (attribute->num_values != 1) { + ldb_set_errstring(module, + talloc_asprintf(mem_ctx, "unicodePwd_handle: " + "attempted set of multiple unicodePwd attributes on %s rejected", + ldb_dn_linearize(mem_ctx, dn))); + return LDB_ERR_CONSTRAINT_VIOLAION; + } + + unicodePwd = (const char *)attribute->values[0].data; + ldb_msg_remove_attr(msg2, "unicodePwd"); + } else if (((attribute->flags & LDB_FLAG_MOD_MASK) == LDB_FLAG_MOD_ADD) + || ((attribute->flags & LDB_FLAG_MOD_MASK) == LDB_FLAG_MOD_REPLACE)) { + if (attribute->num_values != 1) { + return LDB_ERR_CONSTRAINT_VIOLAION; + } + + unicodePwd = (const char *)attribute->values[0].data; + ldb_msg_remove_attr(msg2, "unicodePwd"); + } else { + unicodePwd = NULL; + } + + modified_orig_request = *req; + switch (modified_orig_request.operation) { + case LDB_REQ_ADD: + modified_orig_request.op.add.message = msg2; + break; + case LDB_REQ_MODIFY: + modified_orig_request.op.mod.message = msg2; + break; + } + + /* Send the (modified) request of the original caller down to the database */ + ret = ldb_next_request(module, &modified_orig_request); + if (ret) { + return ret; + } + + /* While we do the search first (for the old password hashes), + * we don't want to override any error that the modify may + * have returned. Now check the error */ + if (req->operation == LDB_REQ_MODIFY) { + if (old_ret) { + talloc_free(mem_ctx); + return old_ret; + } + + /* Find out the old passwords details of the user */ + old_res = search_request.op.search.res; + + if (old_res->count != 1) { + ldb_set_errstring(module, + talloc_asprintf(mem_ctx, "password_hash_handle: " + "(pre) search for %s found %d != 1 objects, for entry we just modified", + ldb_dn_linearize(mem_ctx, dn), + old_res->count)); + /* What happend? The above add/modify worked... */ + talloc_free(mem_ctx); + return LDB_ERR_NO_SUCH_OBJECT; + } + + lmOldHash = samdb_result_hash(mem_ctx, old_res->msgs[0], "lmPwdHash"); + ntOldHash = samdb_result_hash(mem_ctx, old_res->msgs[0], "ntPwdHash"); + } + + /* Start finding out details we need for the second modify. + * We do this after the first add/modify because other modules + * will have filled in the templates, and we may have had + * things like the username (affecting the salt) changed along + * with the password. */ + + /* Now find out what is on the entry after the above add/modify */ + search_request.operation = LDB_REQ_SEARCH; + search_request.op.search.base = dn; + search_request.op.search.scope = LDB_SCOPE_BASE; + search_request.op.search.tree = ldb_parse_tree(module->ldb, NULL); + search_request.op.search.attrs = user_attrs; + + ret = ldb_next_request(module, &search_request); + if (ret) { + talloc_free(mem_ctx); + return ret; + } + + /* Find out the full details of the user */ + res = search_request.op.search.res; + if (res->count != 1) { + ldb_set_errstring(module, + talloc_asprintf(mem_ctx, "password_hash_handle: " + "search for %s found %d != 1 objects, for entry we just added/modified", + ldb_dn_linearize(mem_ctx, dn), + res->count)); + /* What happend? The above add/modify worked... */ + talloc_free(mem_ctx); + return LDB_ERR_NO_SUCH_OBJECT; + } + + userAccountControl = samdb_result_uint(res->msgs[0], "userAccountControl", 0); + lmPwdHistory_len = samdb_result_hashes(mem_ctx, res->msgs[0], + "lmPwdHistory", &lmPwdHistory); + ntPwdHistory_len = samdb_result_hashes(mem_ctx, res->msgs[0], + "ntPwdHistory", &ntPwdHistory); + ntPwdHash = samdb_result_hash(mem_ctx, res->msgs[0], "ntPwdHash"); + kvno = samdb_result_uint(res->msgs[0], "msDS-KeyVersionNumber", 0); + + domain_sid = samdb_result_sid_prefix(mem_ctx, res->msgs[0], "objectSid"); + + + objectclasses = ldb_msg_find_element(res->msgs[0], "objectClass"); + person_val = data_blob_string_const("person"); + + if (!objectclasses || !ldb_msg_find_val(objectclasses, &person_val)) { + /* Not a 'person', so the rest of this doesn't make + * sense. How we got a unicodePwd this far I don't + * know... */ + ldb_set_errstring(module, + talloc_asprintf(mem_ctx, "password_hash_handle: " + "attempted set of unicodePwd on non-'person' object %s rejected", + ldb_dn_linearize(mem_ctx, dn))); + talloc_free(mem_ctx); + return LDB_ERR_CONSTRAINT_VIOLAION; + } + + computer_val = data_blob_string_const("computer"); + + if (ldb_msg_find_val(objectclasses, &computer_val)) { + is_computer = True; + } else { + is_computer = False; + } + + domain_expression = talloc_asprintf(mem_ctx, "(&(objectSid=%s)(objectClass=domain))", + ldap_encode_ndr_dom_sid(mem_ctx, domain_sid)); + + /* Find the user's domain, then find out the domain password + * properties */ + ret = ldb_search(module->ldb, NULL, LDB_SCOPE_SUBTREE, domain_expression, + domain_attrs, &dom_res); + if (ret) { + talloc_free(mem_ctx); + return ret; + } + + if (dom_res->count != 1) { + /* What happend? The user we are modifying must be odd... */ + ldb_set_errstring(module, + talloc_asprintf(mem_ctx, "password_hash_handle: " + "search for domain %s found %d != 1 objects", + dom_sid_string(mem_ctx, domain_sid), + dom_res->count)); + talloc_free(mem_ctx); + return LDB_ERR_NO_SUCH_OBJECT; + } + + pwdProperties = samdb_result_uint(dom_res->msgs[0], "pwdProperties", 0); + pwdHistoryLength = samdb_result_uint(dom_res->msgs[0], "pwdHistoryLength", 0); + dnsDomain = ldb_msg_find_string(dom_res->msgs[0], "dnsDomain", NULL); + realm = strupper_talloc(mem_ctx, dnsDomain); + + /* Some operations below require kerberos contexts */ + if (smb_krb5_init_context(mem_ctx, &smb_krb5_context) != 0) { + talloc_free(mem_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + + /* Prepare the modifications to set all the hash/key types */ + modify_msg = ldb_msg_new(req); + modify_msg->dn = talloc_reference(modify_msg, dn); + +#define CHECK_RET(x) \ + do { \ + int check_ret = x; \ + if (check_ret != LDB_SUCCESS) { \ + talloc_free(mem_ctx); \ + return check_ret; \ + } \ + } while(0) + + /* Setup krb5Key (we want to either delete an existing value, + * or replace with a new one). Both the unicode and NT hash + * only branches append keys to this multivalued entry. */ + CHECK_RET(ldb_msg_add_empty(modify_msg, "krb5Key", LDB_FLAG_MOD_REPLACE)); + /* Yay, we can compute new password hashes from the unicode + * password */ + if (unicodePwd) { + Principal *salt_principal; + const char *user_principal_name = ldb_msg_find_string(res->msgs[0], "userPrincipalName", NULL); + + Key *keys; + size_t num_keys; + + /* compute the new nt and lm hashes */ + if (E_deshash(unicodePwd, local_lmNewHash.hash)) { + lmPwdHash = &local_lmNewHash; + } else { + lmPwdHash = NULL; + } + E_md4hash(unicodePwd, local_ntNewHash.hash); + ntPwdHash = &local_ntNewHash; + CHECK_RET(ldb_msg_add_empty(modify_msg, "ntPwdHash", + LDB_FLAG_MOD_REPLACE)); + CHECK_RET(samdb_msg_add_hash(module->ldb, req, + modify_msg, "ntPwdHash", + ntPwdHash)); + CHECK_RET(ldb_msg_add_empty(modify_msg, "lmPwdHash", + LDB_FLAG_MOD_REPLACE)); + if (lmPwdHash) { + CHECK_RET(samdb_msg_add_hash(module->ldb, req, + modify_msg, "lmPwdHash", + lmPwdHash)); + } + + /* Many, many thanks to lukeh@padl.com for this + * algorithm, described in his Nov 10 2004 mail to + * samba-technical@samba.org */ + + if (is_computer) { + /* Determine a salting principal */ + char *samAccountName = talloc_strdup(mem_ctx, ldb_msg_find_string(res->msgs[0], "samAccountName", NULL)); + char *saltbody; + if (!samAccountName) { + ldb_set_errstring(module, + talloc_asprintf(mem_ctx, "password_hash_handle: " + "generation of new kerberos keys failed: %s is a computer without a samAccountName", + ldb_dn_linearize(mem_ctx, dn))); + talloc_free(mem_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + if (samAccountName[strlen(samAccountName)-1] == '$') { + samAccountName[strlen(samAccountName)-1] = '\0'; + } + saltbody = talloc_asprintf(mem_ctx, "%s.%s", samAccountName, dnsDomain); + + krb5_ret = krb5_make_principal(smb_krb5_context->krb5_context, &salt_principal, realm, "host", saltbody, NULL); + } else if (user_principal_name) { + char *p; + user_principal_name = talloc_strdup(mem_ctx, user_principal_name); + if (!user_principal_name) { + talloc_free(mem_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } else { + p = strchr(user_principal_name, '@'); + if (p) { + p[0] = '\0'; + } + krb5_ret = krb5_make_principal(smb_krb5_context->krb5_context, &salt_principal, realm, user_principal_name, NULL); + } + } else { + const char *samAccountName = ldb_msg_find_string(res->msgs[0], "samAccountName", NULL); + if (!samAccountName) { + ldb_set_errstring(module, + talloc_asprintf(mem_ctx, "password_hash_handle: " + "generation of new kerberos keys failed: %s has no samAccountName", + ldb_dn_linearize(mem_ctx, dn))); + talloc_free(mem_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + krb5_ret = krb5_make_principal(smb_krb5_context->krb5_context, &salt_principal, realm, samAccountName, NULL); + } + + + if (krb5_ret) { + ldb_set_errstring(module, + talloc_asprintf(mem_ctx, "password_hash_handle: " + "generation of a saltking principal failed: %s", + smb_get_krb5_error_message(smb_krb5_context->krb5_context, + krb5_ret, mem_ctx))); + talloc_free(mem_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + + /* TODO: We may wish to control the encryption types chosen in future */ + krb5_ret = hdb_generate_key_set_password(smb_krb5_context->krb5_context, + salt_principal, unicodePwd, &keys, &num_keys); + krb5_free_principal(smb_krb5_context->krb5_context, salt_principal); + + if (krb5_ret) { + ldb_set_errstring(module, + talloc_asprintf(mem_ctx, "password_hash_handle: " + "generation of new kerberos keys failed: %s", + smb_get_krb5_error_message(smb_krb5_context->krb5_context, + krb5_ret, mem_ctx))); + talloc_free(mem_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + + /* Walking + */ + for (i=0; i < num_keys; i++) { + unsigned char *buf; + size_t buf_size; + size_t len; + struct ldb_val val; + + if (keys[i].key.keytype == ENCTYPE_ARCFOUR_HMAC) { + /* We might end up doing this below: + * This ensures we get the unicode + * conversion right. This should also + * be fixed in the Heimdal libs */ + continue; + } + ASN1_MALLOC_ENCODE(Key, buf, buf_size, &keys[i], &len, krb5_ret); + + val.data = talloc_memdup(req, buf, len); + val.length = len; + free(buf); + if (!val.data || krb5_ret) { + hdb_free_keys (smb_krb5_context->krb5_context, num_keys, keys); + talloc_free(mem_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + ret = ldb_msg_add_value(modify_msg, "krb5Key", &val); + if (ret != LDB_SUCCESS) { + hdb_free_keys (smb_krb5_context->krb5_context, num_keys, keys); + talloc_free(mem_ctx); + return ret; + } + } + + hdb_free_keys (smb_krb5_context->krb5_context, num_keys, keys); + } + + /* Possibly kill off the cleartext or store it */ + CHECK_RET(ldb_msg_add_empty(modify_msg, "unicodePwd", LDB_FLAG_MOD_REPLACE)); + + if (unicodePwd && (pwdProperties & DOMAIN_PASSWORD_STORE_CLEARTEXT) && + (userAccountControl & UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED)) { + CHECK_RET(ldb_msg_add_string(modify_msg, "unicodePwd", unicodePwd)); + } + + /* Even if we didn't get a unicodePwd, we can still setup + * krb5Key from the NT hash. + * + * This is an append, so it works with the 'continue' in the + * unicode loop above, to use Samba's NT hash function, which + * is more correct than Heimdal's + */ + if (ntPwdHash) { + unsigned char *buf; + size_t buf_size; + size_t len; + struct ldb_val val; + Key key; + + key.mkvno = 0; + key.salt = NULL; /* No salt for this enc type */ + + krb5_ret = krb5_keyblock_init(smb_krb5_context->krb5_context, + ENCTYPE_ARCFOUR_HMAC, + ntPwdHash->hash, sizeof(ntPwdHash->hash), + &key.key); + if (krb5_ret) { + return LDB_ERR_OPERATIONS_ERROR; + } + ASN1_MALLOC_ENCODE(Key, buf, buf_size, &key, &len, krb5_ret); + krb5_free_keyblock_contents(smb_krb5_context->krb5_context, + &key.key); + + val.data = talloc_memdup(req, buf, len); + val.length = len; + free(buf); + if (!val.data || ret) { + return LDB_ERR_OPERATIONS_ERROR; + } + CHECK_RET(ldb_msg_add_value(modify_msg, "krb5Key", &val)); + } + + /* If the original caller did anything with pwdLastSet then skip this. It could be an incoming samsync */ + if ((attribute = ldb_msg_find_element(msg, "pwdLastSet")) == NULL ) { + /* Update the password last set time */ + unix_to_nt_time(&now_nt, now); + CHECK_RET(ldb_msg_add_empty(modify_msg, "pwdLastSet", LDB_FLAG_MOD_REPLACE)); + CHECK_RET(samdb_msg_add_uint64(module->ldb, mem_ctx, modify_msg, "pwdLastSet", now_nt)); + } + + /* If the original caller did anything with "msDS-KeyVersionNumber" then skip this. It could be an incoming samsync */ + if ((attribute = ldb_msg_find_element(msg, "msDS-KeyVersionNumber")) == NULL ) { + if (kvno == 0) { + CHECK_RET(ldb_msg_add_empty(modify_msg, "msDS-KeyVersionNumber", + LDB_FLAG_MOD_REPLACE)); + CHECK_RET(samdb_msg_add_uint(module->ldb, mem_ctx, modify_msg, "msDS-KeyVersionNumber", kvno + 1)); + } else { + /* While we should be in a transaction, go one extra + * step in the dance for an 'atomic' increment. This + * may be of value against remote LDAP servers. (Note + * however that Mulitmaster replication stil offers no + * such guarantee) */ + + struct ldb_val old_kvno, new_kvno; + old_kvno.data = (uint8_t *)talloc_asprintf(mem_ctx, "%u", kvno); + if (!old_kvno.data) { + return -1; + } + old_kvno.length = strlen((char *)old_kvno.data); + + new_kvno.data = (uint8_t *)talloc_asprintf(mem_ctx, "%u", kvno + 1); + if (!new_kvno.data) { + return -1; + } + new_kvno.length = strlen((char *)new_kvno.data); + + CHECK_RET(ldb_msg_add_empty(modify_msg, "msDS-KeyVersionNumber", + LDB_FLAG_MOD_DELETE)); + CHECK_RET(ldb_msg_add_empty(modify_msg, "msDS-KeyVersionNumber", + LDB_FLAG_MOD_ADD)); + modify_msg->elements[modify_msg->num_elements - 2].num_values = 1; + modify_msg->elements[modify_msg->num_elements - 2].values = &old_kvno; + modify_msg->elements[modify_msg->num_elements - 1].num_values = 1; + modify_msg->elements[modify_msg->num_elements - 1].values = &new_kvno; + } + } + + CHECK_RET(ldb_msg_add_empty(modify_msg, "lmPwdHistory", + LDB_FLAG_MOD_REPLACE)); + CHECK_RET(ldb_msg_add_empty(modify_msg, "ntPwdHistory", + LDB_FLAG_MOD_REPLACE)); + + /* If we have something to put into the history, or an old + * history element to expire, update the history */ + if (pwdHistoryLength > 0 && + ((ntPwdHistory_len > 0) || (lmPwdHistory_len > 0) + || lmOldHash || ntOldHash)) { + /* store the password history */ + new_lmPwdHistory = talloc_array(mem_ctx, struct samr_Password, + pwdHistoryLength); + if (!new_lmPwdHistory) { + return LDB_ERR_OPERATIONS_ERROR; + } + new_ntPwdHistory = talloc_array(mem_ctx, struct samr_Password, + pwdHistoryLength); + if (!new_ntPwdHistory) { + return LDB_ERR_OPERATIONS_ERROR; + } + for (i=0;ildb, mem_ctx, modify_msg, + "lmPwdHistory", + new_lmPwdHistory, + lmPwdHistory_len)); + + CHECK_RET(samdb_msg_add_hashes(module->ldb, mem_ctx, modify_msg, + "ntPwdHistory", + new_ntPwdHistory, + ntPwdHistory_len)); + } + + /* Too much code above, we should check we got it close to reasonable */ + CHECK_RET(ldb_msg_sanity_check(modify_msg)); + + modify_request.operation = LDB_REQ_MODIFY; + modify_request.op.mod.message = modify_msg; + + ret = ldb_next_request(module, &modify_request); + + talloc_free(mem_ctx); + return ret; +} + +/* add_record: do things with the unicodePwd attribute */ +static int password_hash_add(struct ldb_module *module, struct ldb_request *req) +{ + const struct ldb_message *msg = req->op.add.message; + + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "password_hash_add_record\n"); + + if (ldb_dn_is_special(msg->dn)) { /* do not manipulate our control entries */ + return ldb_next_request(module, req); + } + + return password_hash_handle(module, req, msg); +} + +/* modify_record: do things with the unicodePwd attribute */ +static int password_hash_modify(struct ldb_module *module, struct ldb_request *req) +{ + const struct ldb_message *msg = req->op.mod.message; + + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "password_hash_modify_record\n"); + + if (ldb_dn_is_special(msg->dn)) { /* do not manipulate our control entries */ + return ldb_next_request(module, req); + } + + return password_hash_handle(module, req, msg); +} + +static int password_hash_request(struct ldb_module *module, struct ldb_request *req) +{ + switch (req->operation) { + + case LDB_REQ_ADD: + return password_hash_add(module, req); + + case LDB_REQ_MODIFY: + return password_hash_modify(module, req); + + default: + return ldb_next_request(module, req); + + } +} + +static const struct ldb_module_ops password_hash_ops = { + .name = "password_hash", + .request = password_hash_request +}; + + +/* the init function */ +#ifdef HAVE_DLOPEN_DISABLED + struct ldb_module *init_module(struct ldb_context *ldb, const char *options[]) +#else +struct ldb_module *password_hash_module_init(struct ldb_context *ldb, const char *options[]) +#endif +{ + struct ldb_module *ctx; + + ctx = talloc(ldb, struct ldb_module); + if (!ctx) + return NULL; + + ctx->private_data = NULL; + ctx->ldb = ldb; + ctx->prev = ctx->next = NULL; + ctx->ops = &password_hash_ops; + + return ctx; +} -- cgit From d4de4c2d210d2e8c9b5aedf70695594809ad6a0b Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Fri, 30 Dec 2005 13:16:54 +0000 Subject: r12608: Remove some unused #include lines. (This used to be commit 70e7449318aa0e9d2639c76730a7d1683b2f4981) --- source4/dsdb/samdb/ldb_modules/proxy.c | 1 - source4/dsdb/samdb/ldb_modules/samba3sam.c | 1 - source4/dsdb/samdb/ldb_modules/samldb.c | 2 -- 3 files changed, 4 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/proxy.c b/source4/dsdb/samdb/ldb_modules/proxy.c index a567db689d..fc1b896be4 100644 --- a/source4/dsdb/samdb/ldb_modules/proxy.c +++ b/source4/dsdb/samdb/ldb_modules/proxy.c @@ -41,7 +41,6 @@ #include "ldb/include/ldb.h" #include "ldb/include/ldb_errors.h" #include "ldb/include/ldb_private.h" -#include "lib/cmdline/popt_common.h" struct proxy_data { struct ldb_context *upstream; diff --git a/source4/dsdb/samdb/ldb_modules/samba3sam.c b/source4/dsdb/samdb/ldb_modules/samba3sam.c index 5e88cd6469..f2c4441f97 100644 --- a/source4/dsdb/samdb/ldb_modules/samba3sam.c +++ b/source4/dsdb/samdb/ldb_modules/samba3sam.c @@ -8,7 +8,6 @@ #include "ldb/modules/ldb_map.h" #include "ldb/include/ldb.h" #include "ldb/include/ldb_private.h" -#include "librpc/gen_ndr/ndr_security.h" #include "system/passwd.h" /* diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 84ffcdd1be..50ad2db38a 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -36,8 +36,6 @@ #include "lib/ldb/include/ldb.h" #include "lib/ldb/include/ldb_errors.h" #include "lib/ldb/include/ldb_private.h" -#include "system/time.h" -#include "librpc/gen_ndr/ndr_security.h" #include "dsdb/samdb/samdb.h" #define SAM_ACCOUNT_NAME_BASE "$000000-000000000000" -- cgit From 3b99d9c5bd563203adc4b017d6e6599dd84b8d57 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sun, 1 Jan 2006 17:32:10 +0000 Subject: r12658: Couple of fixes related to shared module builds. (This used to be commit c297c93faf3b748de68679f5a4be50845ebe25fe) --- source4/dsdb/samdb/ldb_modules/objectguid.c | 4 ---- source4/dsdb/samdb/ldb_modules/password_hash.c | 4 ---- source4/dsdb/samdb/ldb_modules/proxy.c | 4 ---- source4/dsdb/samdb/ldb_modules/rootdse.c | 4 ---- source4/dsdb/samdb/ldb_modules/samba3sam.c | 4 ---- source4/dsdb/samdb/ldb_modules/samldb.c | 4 ---- 6 files changed, 24 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/objectguid.c b/source4/dsdb/samdb/ldb_modules/objectguid.c index 0d5ae69219..c9063af6ef 100644 --- a/source4/dsdb/samdb/ldb_modules/objectguid.c +++ b/source4/dsdb/samdb/ldb_modules/objectguid.c @@ -128,11 +128,7 @@ static const struct ldb_module_ops objectguid_ops = { /* the init function */ -#ifdef HAVE_DLOPEN_DISABLED - struct ldb_module *init_module(struct ldb_context *ldb, const char *options[]) -#else struct ldb_module *objectguid_module_init(struct ldb_context *ldb, const char *options[]) -#endif { struct ldb_module *ctx; diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index bb42a0e634..212c9c91d1 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -690,11 +690,7 @@ static const struct ldb_module_ops password_hash_ops = { /* the init function */ -#ifdef HAVE_DLOPEN_DISABLED - struct ldb_module *init_module(struct ldb_context *ldb, const char *options[]) -#else struct ldb_module *password_hash_module_init(struct ldb_context *ldb, const char *options[]) -#endif { struct ldb_module *ctx; diff --git a/source4/dsdb/samdb/ldb_modules/proxy.c b/source4/dsdb/samdb/ldb_modules/proxy.c index fc1b896be4..cbe404fc4b 100644 --- a/source4/dsdb/samdb/ldb_modules/proxy.c +++ b/source4/dsdb/samdb/ldb_modules/proxy.c @@ -332,11 +332,7 @@ static const struct ldb_module_ops proxy_ops = { .request = proxy_request }; -#ifdef HAVE_DLOPEN_DISABLED -struct ldb_module *init_module(struct ldb_context *ldb, const char *options[]) -#else struct ldb_module *proxy_module_init(struct ldb_context *ldb, const char *options[]) -#endif { struct ldb_module *ctx; diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index 4032aee8b2..a421199038 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -126,11 +126,7 @@ static const struct ldb_module_ops rootdse_ops = { .request = rootdse_request }; -#ifdef HAVE_DLOPEN_DISABLED -struct ldb_module *init_module(struct ldb_context *ldb, const char *options[]) -#else struct ldb_module *rootdse_module_init(struct ldb_context *ldb, const char *options[]) -#endif { struct ldb_module *ctx; diff --git a/source4/dsdb/samdb/ldb_modules/samba3sam.c b/source4/dsdb/samdb/ldb_modules/samba3sam.c index f2c4441f97..7686d9b3ec 100644 --- a/source4/dsdb/samdb/ldb_modules/samba3sam.c +++ b/source4/dsdb/samdb/ldb_modules/samba3sam.c @@ -891,11 +891,7 @@ const struct ldb_map_attribute samba3_attributes[] = }; /* the init function */ -#ifdef HAVE_DLOPEN_DISABLED -struct ldb_module *init_module(struct ldb_context *ldb, const char *options[]) -#else struct ldb_module *ldb_samba3sam_module_init(struct ldb_context *ldb, const char *options[]) -#endif { return ldb_map_init(ldb, samba3_attributes, samba3_objectclasses, "samba3sam"); } diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 50ad2db38a..7bf25994e2 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -583,11 +583,7 @@ static const struct ldb_module_ops samldb_ops = { /* the init function */ -#ifdef HAVE_DLOPEN_DISABLED - struct ldb_module *init_module(struct ldb_context *ldb, const char *options[]) -#else struct ldb_module *samldb_module_init(struct ldb_context *ldb, const char *options[]) -#endif { struct ldb_module *ctx; -- cgit From bc4aebfaecf52678eb40aee2fd4bd81a315c554d Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 2 Jan 2006 00:16:08 +0000 Subject: r12670: Make a couple of dependencies stricter Re-introduce and use the OUTPUT_TYPE property for MODULEs to force specific modules to always be included (This used to be commit f9eede3d40098eddc3618ee48f9253cdddb94a6f) --- source4/dsdb/samdb/ldb_modules/config.mk | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index f9c267e2db..a18d2c4359 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -2,6 +2,7 @@ # Start MODULE libldb_objectguid [MODULE::libldb_objectguid] SUBSYSTEM = LIBLDB +OUTPUT_TYPE = MERGEDOBJ OBJ_FILES = \ objectguid.o REQUIRED_SUBSYSTEMS = \ @@ -13,8 +14,10 @@ REQUIRED_SUBSYSTEMS = \ # Start MODULE libldb_samldb [MODULE::libldb_samldb] SUBSYSTEM = LIBLDB +OUTPUT_TYPE = MERGEDOBJ OBJ_FILES = \ samldb.o +REQUIRED_SUBSYSTEMS = SAMDB # # End MODULE libldb_samldb ################################################ @@ -23,6 +26,7 @@ OBJ_FILES = \ # Start MODULE libldb_samba3sam [MODULE::libldb_samba3sam] SUBSYSTEM = LIBLDB +OUTPUT_TYPE = MERGEDOBJ OBJ_FILES = \ samba3sam.o # @@ -33,6 +37,7 @@ OBJ_FILES = \ # Start MODULE libldb_proxy [MODULE::libldb_proxy] SUBSYSTEM = LIBLDB +OUTPUT_TYPE = MERGEDOBJ OBJ_FILES = \ proxy.o # @@ -44,6 +49,7 @@ OBJ_FILES = \ # Start MODULE libldb_rootdse [MODULE::libldb_rootdse] SUBSYSTEM = LIBLDB +OUTPUT_TYPE = MERGEDOBJ OBJ_FILES = \ rootdse.o # @@ -54,6 +60,7 @@ OBJ_FILES = \ # Start MODULE libldb_password_hash [MODULE::libldb_password_hash] SUBSYSTEM = LIBLDB +OUTPUT_TYPE = MERGEDOBJ OBJ_FILES = \ password_hash.o REQUIRED_SUBSYSTEMS = \ -- cgit From 097ffed015826ff31b5f89742deed8f4d21b88f3 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 3 Jan 2006 04:25:12 +0000 Subject: r12687: Push the real list of supported GENSEC mechanisms out on supportedSASLMechanism in the rootdse. (Second half of a patch commited earlier today). Andrew Bartlett (This used to be commit 4b67b5d688493c385e12734fd2c0c9dbc1b238e4) --- source4/dsdb/samdb/ldb_modules/rootdse.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index a421199038..93bc9903ed 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -24,6 +24,7 @@ #include "lib/ldb/include/ldb.h" #include "lib/ldb/include/ldb_errors.h" #include "lib/ldb/include/ldb_private.h" +#include "auth/gensec/gensec.h" #include /* @@ -43,6 +44,7 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_request *re { struct ldb_search *s = &req->op.search; struct ldb_message *msg; + struct cli_credentials *server_creds; /* this is gross, and will be removed when I change ldb_result not to be so pointer crazy :-) */ @@ -61,6 +63,25 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_request *re } } + server_creds = talloc_get_type(ldb_get_opaque(module->ldb, "server_credentials"), + struct cli_credentials); + if (do_attribute(s->attrs, "supportedSASLMechanisms")) { + const struct gensec_security_ops **ops = cli_credentials_gensec_list(server_creds); + int i; + for (i = 0; ops && ops[i]; i++) { + if (ops[i]->sasl_name) { + const char *sasl_name = talloc_strdup(msg, ops[i]->sasl_name); + if (!sasl_name) { + goto failed; + } + if (ldb_msg_add_string(msg, "supportedSASLMechanisms", + sasl_name) != 0) { + goto failed; + } + } + } + } + /* TODO: lots more dynamic attributes should be added here */ return 0; -- cgit From 5cea3edcefc8bec3caed077a5712cb06c7f14816 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 5 Jan 2006 02:14:01 +0000 Subject: r12716: Tridge points out that the request argument to ldb_next_request must be a valid talloc() pointer, as other modules may rely on this. Andrew Bartlett (This used to be commit 356c8c56090a7c4254609c0cc138c994b618fa55) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 74 +++++++++++++++++--------- 1 file changed, 49 insertions(+), 25 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 212c9c91d1..b8554e4885 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -91,9 +91,9 @@ static int password_hash_handle(struct ldb_module *module, struct ldb_request *r struct ldb_dn *dn = msg->dn; struct ldb_message *msg2; - struct ldb_request search_request; - struct ldb_request modify_request; - struct ldb_request modified_orig_request; + struct ldb_request *search_request = NULL; + struct ldb_request *modify_request; + struct ldb_request *modified_orig_request; struct ldb_result *res, *dom_res, *old_res; struct ldb_message_element *objectclasses; @@ -132,17 +132,23 @@ static int password_hash_handle(struct ldb_module *module, struct ldb_request *r } if (req->operation == LDB_REQ_MODIFY) { + search_request = talloc(mem_ctx, struct ldb_request); + if (!search_request) { + talloc_free(mem_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + /* Look up the old ntPwdHash and lmPwdHash values, so * we can later place these into the password * history */ - search_request.operation = LDB_REQ_SEARCH; - search_request.op.search.base = dn; - search_request.op.search.scope = LDB_SCOPE_BASE; - search_request.op.search.tree = ldb_parse_tree(module->ldb, NULL); - search_request.op.search.attrs = old_user_attrs; + search_request->operation = LDB_REQ_SEARCH; + search_request->op.search.base = dn; + search_request->op.search.scope = LDB_SCOPE_BASE; + search_request->op.search.tree = ldb_parse_tree(module->ldb, NULL); + search_request->op.search.attrs = old_user_attrs; - old_ret = ldb_next_request(module, &search_request); + old_ret = ldb_next_request(module, search_request); } /* we can't change things untill we copy it */ @@ -180,18 +186,24 @@ static int password_hash_handle(struct ldb_module *module, struct ldb_request *r unicodePwd = NULL; } - modified_orig_request = *req; - switch (modified_orig_request.operation) { + modified_orig_request = talloc(mem_ctx, struct ldb_request); + if (!modified_orig_request) { + talloc_free(mem_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + + *modified_orig_request = *req; + switch (modified_orig_request->operation) { case LDB_REQ_ADD: - modified_orig_request.op.add.message = msg2; + modified_orig_request->op.add.message = msg2; break; case LDB_REQ_MODIFY: - modified_orig_request.op.mod.message = msg2; + modified_orig_request->op.mod.message = msg2; break; } /* Send the (modified) request of the original caller down to the database */ - ret = ldb_next_request(module, &modified_orig_request); + ret = ldb_next_request(module, modified_orig_request); if (ret) { return ret; } @@ -206,7 +218,7 @@ static int password_hash_handle(struct ldb_module *module, struct ldb_request *r } /* Find out the old passwords details of the user */ - old_res = search_request.op.search.res; + old_res = search_request->op.search.res; if (old_res->count != 1) { ldb_set_errstring(module, @@ -230,20 +242,26 @@ static int password_hash_handle(struct ldb_module *module, struct ldb_request *r * with the password. */ /* Now find out what is on the entry after the above add/modify */ - search_request.operation = LDB_REQ_SEARCH; - search_request.op.search.base = dn; - search_request.op.search.scope = LDB_SCOPE_BASE; - search_request.op.search.tree = ldb_parse_tree(module->ldb, NULL); - search_request.op.search.attrs = user_attrs; + search_request = talloc(mem_ctx, struct ldb_request); + if (!search_request) { + talloc_free(mem_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + + search_request->operation = LDB_REQ_SEARCH; + search_request->op.search.base = dn; + search_request->op.search.scope = LDB_SCOPE_BASE; + search_request->op.search.tree = ldb_parse_tree(module->ldb, NULL); + search_request->op.search.attrs = user_attrs; - ret = ldb_next_request(module, &search_request); + ret = ldb_next_request(module, search_request); if (ret) { talloc_free(mem_ctx); return ret; } /* Find out the full details of the user */ - res = search_request.op.search.res; + res = search_request->op.search.res; if (res->count != 1) { ldb_set_errstring(module, talloc_asprintf(mem_ctx, "password_hash_handle: " @@ -630,10 +648,16 @@ static int password_hash_handle(struct ldb_module *module, struct ldb_request *r /* Too much code above, we should check we got it close to reasonable */ CHECK_RET(ldb_msg_sanity_check(modify_msg)); - modify_request.operation = LDB_REQ_MODIFY; - modify_request.op.mod.message = modify_msg; + modify_request = talloc(mem_ctx, struct ldb_request); + if (!modify_request) { + talloc_free(mem_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + + modify_request->operation = LDB_REQ_MODIFY; + modify_request->op.mod.message = modify_msg; - ret = ldb_next_request(module, &modify_request); + ret = ldb_next_request(module, modify_request); talloc_free(mem_ctx); return ret; -- cgit From 4bfe2907e77809e499e998dd63f41985c5a02279 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 5 Jan 2006 06:53:39 +0000 Subject: r12719: Rename unicodePwd -> sambaPassword. Because we don't know the syntax of unicodePwd, we want to avoid using that attribute name. It may cause problems later when we get replication form windows. I'm doing this before the tech preview, so we don't get too many supprises as folks upgrade databases into later versions. Andrew Bartlett (This used to be commit 097d9d0b7fd3b1a10fb7039f0671fd459bed2d1b) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 52 +++++++++++++------------- source4/dsdb/samdb/ldb_modules/samba3sam.c | 17 +-------- 2 files changed, 28 insertions(+), 41 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index b8554e4885..80017548d2 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -25,7 +25,7 @@ * * Component: ldb password_hash module * - * Description: correctly update hash values based on changes to unicodePwd and friends + * Description: correctly update hash values based on changes to sambaPassword and friends * * Author: Andrew Bartlett */ @@ -46,7 +46,7 @@ /* If we have decided there is reason to work on this request, then * setup all the password hash types correctly. * - * If the administrator doesn't want the unicodePwd stored (set in the + * If the administrator doesn't want the sambaPassword stored (set in the * domain and per-account policies) then we must strip that out before * we do the first operation. * @@ -71,7 +71,7 @@ static int password_hash_handle(struct ldb_module *module, struct ldb_request *r uint_t pwdProperties, pwdHistoryLength; uint_t userAccountControl; const char *dnsDomain, *realm; - const char *unicodePwd; + const char *sambaPassword; struct samr_Password *lmPwdHistory, *ntPwdHistory; struct samr_Password *lmPwdHash, *ntPwdHash; struct samr_Password *lmOldHash = NULL, *ntOldHash = NULL; @@ -119,10 +119,10 @@ static int password_hash_handle(struct ldb_module *module, struct ldb_request *r /* Do the original action */ - /* If no part of this touches the unicodePwd, then we don't + /* If no part of this touches the sambaPassword, then we don't * need to make any changes. For password changes/set there should * be a 'delete' or a 'modify' on this attribute. */ - if ((attribute = ldb_msg_find_element(msg, "unicodePwd")) == NULL ) { + if ((attribute = ldb_msg_find_element(msg, "sambaPassword")) == NULL ) { return ldb_next_request(module, req); } @@ -155,35 +155,35 @@ static int password_hash_handle(struct ldb_module *module, struct ldb_request *r msg2 = ldb_msg_copy_shallow(mem_ctx, msg); /* look again, this time at the copied attribute */ - if (!msg2 || (attribute = ldb_msg_find_element(msg2, "unicodePwd")) == NULL ) { + if (!msg2 || (attribute = ldb_msg_find_element(msg2, "sambaPassword")) == NULL ) { /* Gah? where did it go? Oh well... */ return LDB_ERR_OPERATIONS_ERROR; } - /* Wipe out the unicodePwd attribute set, we will handle it in + /* Wipe out the sambaPassword attribute set, we will handle it in * the second modify. We might not want it written to disk */ if (req->operation == LDB_REQ_ADD) { if (attribute->num_values != 1) { ldb_set_errstring(module, - talloc_asprintf(mem_ctx, "unicodePwd_handle: " - "attempted set of multiple unicodePwd attributes on %s rejected", + talloc_asprintf(mem_ctx, "sambaPassword_handle: " + "attempted set of multiple sambaPassword attributes on %s rejected", ldb_dn_linearize(mem_ctx, dn))); return LDB_ERR_CONSTRAINT_VIOLAION; } - unicodePwd = (const char *)attribute->values[0].data; - ldb_msg_remove_attr(msg2, "unicodePwd"); + sambaPassword = (const char *)attribute->values[0].data; + ldb_msg_remove_attr(msg2, "sambaPassword"); } else if (((attribute->flags & LDB_FLAG_MOD_MASK) == LDB_FLAG_MOD_ADD) || ((attribute->flags & LDB_FLAG_MOD_MASK) == LDB_FLAG_MOD_REPLACE)) { if (attribute->num_values != 1) { return LDB_ERR_CONSTRAINT_VIOLAION; } - unicodePwd = (const char *)attribute->values[0].data; - ldb_msg_remove_attr(msg2, "unicodePwd"); + sambaPassword = (const char *)attribute->values[0].data; + ldb_msg_remove_attr(msg2, "sambaPassword"); } else { - unicodePwd = NULL; + sambaPassword = NULL; } modified_orig_request = talloc(mem_ctx, struct ldb_request); @@ -289,11 +289,11 @@ static int password_hash_handle(struct ldb_module *module, struct ldb_request *r if (!objectclasses || !ldb_msg_find_val(objectclasses, &person_val)) { /* Not a 'person', so the rest of this doesn't make - * sense. How we got a unicodePwd this far I don't + * sense. How we got a sambaPassword this far I don't * know... */ ldb_set_errstring(module, talloc_asprintf(mem_ctx, "password_hash_handle: " - "attempted set of unicodePwd on non-'person' object %s rejected", + "attempted set of sambaPassword on non-'person' object %s rejected", ldb_dn_linearize(mem_ctx, dn))); talloc_free(mem_ctx); return LDB_ERR_CONSTRAINT_VIOLAION; @@ -360,7 +360,7 @@ static int password_hash_handle(struct ldb_module *module, struct ldb_request *r CHECK_RET(ldb_msg_add_empty(modify_msg, "krb5Key", LDB_FLAG_MOD_REPLACE)); /* Yay, we can compute new password hashes from the unicode * password */ - if (unicodePwd) { + if (sambaPassword) { Principal *salt_principal; const char *user_principal_name = ldb_msg_find_string(res->msgs[0], "userPrincipalName", NULL); @@ -368,12 +368,12 @@ static int password_hash_handle(struct ldb_module *module, struct ldb_request *r size_t num_keys; /* compute the new nt and lm hashes */ - if (E_deshash(unicodePwd, local_lmNewHash.hash)) { + if (E_deshash(sambaPassword, local_lmNewHash.hash)) { lmPwdHash = &local_lmNewHash; } else { lmPwdHash = NULL; } - E_md4hash(unicodePwd, local_ntNewHash.hash); + E_md4hash(sambaPassword, local_ntNewHash.hash); ntPwdHash = &local_ntNewHash; CHECK_RET(ldb_msg_add_empty(modify_msg, "ntPwdHash", LDB_FLAG_MOD_REPLACE)); @@ -449,7 +449,7 @@ static int password_hash_handle(struct ldb_module *module, struct ldb_request *r /* TODO: We may wish to control the encryption types chosen in future */ krb5_ret = hdb_generate_key_set_password(smb_krb5_context->krb5_context, - salt_principal, unicodePwd, &keys, &num_keys); + salt_principal, sambaPassword, &keys, &num_keys); krb5_free_principal(smb_krb5_context->krb5_context, salt_principal); if (krb5_ret) { @@ -499,14 +499,14 @@ static int password_hash_handle(struct ldb_module *module, struct ldb_request *r } /* Possibly kill off the cleartext or store it */ - CHECK_RET(ldb_msg_add_empty(modify_msg, "unicodePwd", LDB_FLAG_MOD_REPLACE)); + CHECK_RET(ldb_msg_add_empty(modify_msg, "sambaPassword", LDB_FLAG_MOD_REPLACE)); - if (unicodePwd && (pwdProperties & DOMAIN_PASSWORD_STORE_CLEARTEXT) && + if (sambaPassword && (pwdProperties & DOMAIN_PASSWORD_STORE_CLEARTEXT) && (userAccountControl & UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED)) { - CHECK_RET(ldb_msg_add_string(modify_msg, "unicodePwd", unicodePwd)); + CHECK_RET(ldb_msg_add_string(modify_msg, "sambaPassword", sambaPassword)); } - /* Even if we didn't get a unicodePwd, we can still setup + /* Even if we didn't get a sambaPassword, we can still setup * krb5Key from the NT hash. * * This is an append, so it works with the 'continue' in the @@ -663,7 +663,7 @@ static int password_hash_handle(struct ldb_module *module, struct ldb_request *r return ret; } -/* add_record: do things with the unicodePwd attribute */ +/* add_record: do things with the sambaPassword attribute */ static int password_hash_add(struct ldb_module *module, struct ldb_request *req) { const struct ldb_message *msg = req->op.add.message; @@ -677,7 +677,7 @@ static int password_hash_add(struct ldb_module *module, struct ldb_request *req) return password_hash_handle(module, req, msg); } -/* modify_record: do things with the unicodePwd attribute */ +/* modify_record: do things with the sambaPassword attribute */ static int password_hash_modify(struct ldb_module *module, struct ldb_request *req) { const struct ldb_message *msg = req->op.mod.message; diff --git a/source4/dsdb/samdb/ldb_modules/samba3sam.c b/source4/dsdb/samdb/ldb_modules/samba3sam.c index 7686d9b3ec..429710c2c5 100644 --- a/source4/dsdb/samdb/ldb_modules/samba3sam.c +++ b/source4/dsdb/samdb/ldb_modules/samba3sam.c @@ -812,9 +812,9 @@ const struct ldb_map_attribute samba3_attributes[] = .type = MAP_IGNORE, }, - /* unicodePwd */ + /* sambaPassword */ { - .local_name = "unicodePwd", + .local_name = "sambaPassword", .type = MAP_IGNORE, }, @@ -872,19 +872,6 @@ const struct ldb_map_attribute samba3_attributes[] = }, }, }, - - /* unicodePwd */ - { - .local_name = "unicodePwd", - .type = MAP_GENERATE, - .u = { - .generate = { - .remote_names = { "sambaNTPassword", "sambaLMPassword", NULL }, - .generate_local = NULL, - .generate_remote = generate_hashes - }, - }, - }, { .local_name = NULL, } -- cgit From ff90c1c5c3b291d3d7ed5027743e1227df7a96d1 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 5 Jan 2006 09:03:13 +0000 Subject: r12720: By metze's request, rename the ntPwdHistory attribute to sambaNTPassword. Likewise lmPwdHistory -> sambaLMPwdHistory. The idea here is to avoid having conflicting formats when we get to replication. We know the base data matches, but we may need to use a module to munge formats. Andrew Bartlett (This used to be commit 8e608dd4bf4f108e02274a9977ced04a0a270570) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 64 +++++++++++++------------- 1 file changed, 32 insertions(+), 32 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 80017548d2..e0fc50f242 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -72,12 +72,12 @@ static int password_hash_handle(struct ldb_module *module, struct ldb_request *r uint_t userAccountControl; const char *dnsDomain, *realm; const char *sambaPassword; - struct samr_Password *lmPwdHistory, *ntPwdHistory; + struct samr_Password *sambaLMPwdHistory, *sambaNTPwdHistory; struct samr_Password *lmPwdHash, *ntPwdHash; struct samr_Password *lmOldHash = NULL, *ntOldHash = NULL; - struct samr_Password *new_lmPwdHistory, *new_ntPwdHistory; + struct samr_Password *new_sambaLMPwdHistory, *new_sambaNTPwdHistory; struct samr_Password local_lmNewHash, local_ntNewHash; - int lmPwdHistory_len, ntPwdHistory_len; + int sambaLMPwdHistory_len, sambaNTPwdHistory_len; uint_t kvno; struct dom_sid *domain_sid; time_t now = time(NULL); @@ -105,8 +105,8 @@ static int password_hash_handle(struct ldb_module *module, struct ldb_request *r const char *domain_expression; const char *old_user_attrs[] = { "lmPwdHash", "ntPwdHash", NULL }; - const char *user_attrs[] = { "userAccountControl", "lmPwdHistory", - "ntPwdHistory", + const char *user_attrs[] = { "userAccountControl", "sambaLMPwdHistory", + "sambaNTPwdHistory", "ntPwdHash", "objectSid", "msDS-KeyVersionNumber", "objectClass", "userPrincipalName", @@ -274,10 +274,10 @@ static int password_hash_handle(struct ldb_module *module, struct ldb_request *r } userAccountControl = samdb_result_uint(res->msgs[0], "userAccountControl", 0); - lmPwdHistory_len = samdb_result_hashes(mem_ctx, res->msgs[0], - "lmPwdHistory", &lmPwdHistory); - ntPwdHistory_len = samdb_result_hashes(mem_ctx, res->msgs[0], - "ntPwdHistory", &ntPwdHistory); + sambaLMPwdHistory_len = samdb_result_hashes(mem_ctx, res->msgs[0], + "sambaLMPwdHistory", &sambaLMPwdHistory); + sambaNTPwdHistory_len = samdb_result_hashes(mem_ctx, res->msgs[0], + "sambaNTPwdHistory", &sambaNTPwdHistory); ntPwdHash = samdb_result_hash(mem_ctx, res->msgs[0], "ntPwdHash"); kvno = samdb_result_uint(res->msgs[0], "msDS-KeyVersionNumber", 0); @@ -588,61 +588,61 @@ static int password_hash_handle(struct ldb_module *module, struct ldb_request *r } } - CHECK_RET(ldb_msg_add_empty(modify_msg, "lmPwdHistory", + CHECK_RET(ldb_msg_add_empty(modify_msg, "sambaLMPwdHistory", LDB_FLAG_MOD_REPLACE)); - CHECK_RET(ldb_msg_add_empty(modify_msg, "ntPwdHistory", + CHECK_RET(ldb_msg_add_empty(modify_msg, "sambaNTPwdHistory", LDB_FLAG_MOD_REPLACE)); /* If we have something to put into the history, or an old * history element to expire, update the history */ if (pwdHistoryLength > 0 && - ((ntPwdHistory_len > 0) || (lmPwdHistory_len > 0) + ((sambaNTPwdHistory_len > 0) || (sambaLMPwdHistory_len > 0) || lmOldHash || ntOldHash)) { /* store the password history */ - new_lmPwdHistory = talloc_array(mem_ctx, struct samr_Password, + new_sambaLMPwdHistory = talloc_array(mem_ctx, struct samr_Password, pwdHistoryLength); - if (!new_lmPwdHistory) { + if (!new_sambaLMPwdHistory) { return LDB_ERR_OPERATIONS_ERROR; } - new_ntPwdHistory = talloc_array(mem_ctx, struct samr_Password, + new_sambaNTPwdHistory = talloc_array(mem_ctx, struct samr_Password, pwdHistoryLength); - if (!new_ntPwdHistory) { + if (!new_sambaNTPwdHistory) { return LDB_ERR_OPERATIONS_ERROR; } - for (i=0;ildb, mem_ctx, modify_msg, - "lmPwdHistory", - new_lmPwdHistory, - lmPwdHistory_len)); + "sambaLMPwdHistory", + new_sambaLMPwdHistory, + sambaLMPwdHistory_len)); CHECK_RET(samdb_msg_add_hashes(module->ldb, mem_ctx, modify_msg, - "ntPwdHistory", - new_ntPwdHistory, - ntPwdHistory_len)); + "sambaNTPwdHistory", + new_sambaNTPwdHistory, + sambaNTPwdHistory_len)); } /* Too much code above, we should check we got it close to reasonable */ -- cgit From c908d0b2aa111659e57a73efb8c33c413965c846 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 6 Jan 2006 04:01:23 +0000 Subject: r12733: Merge ldap/ldb controls into main tree There's still lot of work to do but the patch is stable enough to be pushed into the main samba4 tree. Simo. (This used to be commit 77125feaff252cab44d26593093a9c211c846ce8) --- source4/dsdb/samdb/ldb_modules/config.mk | 11 + source4/dsdb/samdb/ldb_modules/extended_dn.c | 308 +++++++++++++++++++++++++ source4/dsdb/samdb/ldb_modules/objectguid.c | 4 +- source4/dsdb/samdb/ldb_modules/password_hash.c | 7 +- source4/dsdb/samdb/ldb_modules/proxy.c | 5 +- source4/dsdb/samdb/ldb_modules/rootdse.c | 56 ++++- source4/dsdb/samdb/ldb_modules/samba3sam.c | 4 +- source4/dsdb/samdb/ldb_modules/samldb.c | 4 +- 8 files changed, 392 insertions(+), 7 deletions(-) create mode 100644 source4/dsdb/samdb/ldb_modules/extended_dn.c (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index a18d2c4359..7fc0522034 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -69,3 +69,14 @@ REQUIRED_SUBSYSTEMS = \ # End MODULE libldb_rootdse ################################################ +################################################ +# Start MODULE libldb_extended_dn +[MODULE::libldb_extended_dn] +SUBSYSTEM = LIBLDB +OUTPUT_TYPE = MERGEDOBJ +OBJ_FILES = \ + extended_dn.o +# +# End MODULE libldb_extended_dn +################################################ + diff --git a/source4/dsdb/samdb/ldb_modules/extended_dn.c b/source4/dsdb/samdb/ldb_modules/extended_dn.c new file mode 100644 index 0000000000..49af8604d5 --- /dev/null +++ b/source4/dsdb/samdb/ldb_modules/extended_dn.c @@ -0,0 +1,308 @@ +/* + ldb database library + + Copyright (C) Simo Sorce 2005 + + ** NOTE! The following LGPL license applies to the ldb + ** library. This does NOT imply that all of Samba is released + ** under the LGPL + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +*/ + +/* + * Name: ldb + * + * Component: ldb extended dn control module + * + * Description: this module builds a special dn + * + * Author: Simo Sorce + */ + +#include "includes.h" +#include "ldb/include/ldb.h" +#include "ldb/include/ldb_errors.h" +#include "ldb/include/ldb_private.h" +#include "dsdb/samdb/samdb.h" + +#include + +static BOOL is_attr_in_list(const char * const * attrs, const char *attr) +{ + int i; + + for (i = 0; attrs[i]; i++) { + if (strcasecmp(attrs[i], attr) == 0) + return True; + } + + return False; +} + +static char **copy_attrs(void *mem_ctx, const char * const * attrs) +{ + char **new; + int i, num; + + for (num = 0; attrs[num]; num++); + + new = talloc_array(mem_ctx, char *, num + 1); + if (!new) return NULL; + + for(i = 0; i < num; i++) { + new[i] = talloc_strdup(new, attrs[i]); + if (!new[i]) { + talloc_free(new); + return NULL; + } + } + new[i] = NULL; + + return new; +} + +static BOOL add_attrs(void *mem_ctx, char ***attrs, const char *attr) +{ + char **new; + int num; + + for (num = 0; (*attrs)[num]; num++); + + new = talloc_realloc(mem_ctx, *attrs, char *, num + 2); + if (!new) return False; + + *attrs = new; + + new[num] = talloc_strdup(new, attr); + if (!new[num]) return False; + + new[num + 1] = NULL; + + return True; +} + +static BOOL inject_extended_dn(struct ldb_message *msg, + int type, + BOOL remove_guid, + BOOL remove_sid) +{ + const struct ldb_val *val; + struct GUID guid; + struct dom_sid *sid; + char *object_guid; + char *object_sid; + char *new_dn, *dn; + + dn = ldb_dn_linearize(msg, msg->dn); + if (!dn) + return False; + + /* retrieve object_guid */ + guid = samdb_result_guid(msg, "objectGUID"); + object_guid = GUID_string(msg, &guid); + if (!object_guid) + return False; + + if (remove_guid) + ldb_msg_remove_attr(msg, "objectGUID"); + + /* retrieve object_sid */ + object_sid = NULL; + sid = samdb_result_dom_sid(msg, msg, "objectSID"); + if (sid) { + object_sid = dom_sid_string(msg, sid); + if (!object_sid) + return False; + + if (remove_sid) + ldb_msg_remove_attr(msg, "objectSID"); + } + + /* TODO: handle type */ + switch (type) { + case 0: + case 1: + if (object_sid) { + new_dn = talloc_asprintf(msg, ";;%s", + object_guid, object_sid, dn); + } else { + new_dn = talloc_asprintf(msg, ";%s", + object_guid, dn); + } + break; + default: + return False; + } + + if (!new_dn) + return False; + + msg->dn = ldb_dn_explode_or_special(msg, new_dn); + if (!msg->dn) + return False; + + val = ldb_msg_find_ldb_val(msg, "distinguishedName"); + if (val) { + ldb_msg_remove_attr(msg, "distinguishedName"); + if (ldb_msg_add_string(msg, "distinguishedName", new_dn)) + return False; + } + + return True; +} + +/* search */ +static int extended_search(struct ldb_module *module, struct ldb_request *req) +{ + struct ldb_result *extended_result; + struct ldb_control *control; + struct ldb_control **saved_controls; + struct ldb_extended_dn_control *extended_ctrl; + int i, ret; + const char * const *saved_attrs = NULL; + char **new_attrs; + BOOL remove_guid = False; + BOOL remove_sid = False; + + /* check if there's a paged request control */ + control = get_control_from_list(req->controls, LDB_CONTROL_EXTENDED_DN_OID); + if (control == NULL) { + /* not found go on */ + return ldb_next_request(module, req); + } + + extended_ctrl = talloc_get_type(control->data, struct ldb_extended_dn_control); + + /* save it locally and remove it from the list */ + if (!save_controls(control, req, &saved_controls)) { + return LDB_ERR_OPERATIONS_ERROR; + } + + /* check if attrs only is specified, in that case check wether we need to modify them */ + if (req->op.search.attrs) { + if (! is_attr_in_list(req->op.search.attrs, "objectGUID")) { + remove_guid = True; + } + if (! is_attr_in_list(req->op.search.attrs, "objectSID")) { + remove_sid = True; + } + if (remove_guid || remove_sid) { + new_attrs = copy_attrs(req, req->op.search.attrs); + if (!new_attrs) + return LDB_ERR_OPERATIONS_ERROR; + + saved_attrs = req->op.search.attrs; + + if (remove_guid) { + if (!add_attrs(req, &new_attrs, "objectGUID")) + return LDB_ERR_OPERATIONS_ERROR; + } + if (remove_sid) { + if (!add_attrs(req, &new_attrs, "objectSID")) + return LDB_ERR_OPERATIONS_ERROR; + } + + req->op.search.attrs = (const char * const *)new_attrs; + } + } + + ret = ldb_next_request(module, req); + + /* put request back into original shape */ + /* TODO: build a new req and don't touch the original one */ + + if (req->controls) talloc_free(req->controls); + req->controls = saved_controls; + + if (saved_attrs) { + talloc_free(new_attrs); + req->op.search.attrs = saved_attrs; + } + + if (ret != LDB_SUCCESS) { + return ret; + } + + extended_result = req->op.search.res; + + for (i = 0; i < extended_result->count; i++) { + /* TODO: the following funtion updates only dn and + * distinguishedName. We still need to address other + * DN entries like objectCategory + */ + if (!inject_extended_dn(extended_result->msgs[i], + extended_ctrl->type, + remove_guid, remove_sid)) { + return LDB_ERR_OPERATIONS_ERROR; + } + } + + return LDB_SUCCESS; +} + +static int extended_request(struct ldb_module *module, struct ldb_request *req) +{ + switch (req->operation) { + + case LDB_REQ_SEARCH: + return extended_search(module, req); + + default: + return ldb_next_request(module, req); + + } +} + +static const struct ldb_module_ops extended_dn_ops = { + .name = "extended_dn", + .request = extended_request, +}; + +#ifdef HAVE_DLOPEN_DISABLED +struct ldb_module *init_module(struct ldb_context *ldb, int stage, const char *options[]) +#else +struct ldb_module *extended_dn_module_init(struct ldb_context *ldb, int stage, const char *options[]) +#endif +{ + struct ldb_module *ctx; + + if (stage == LDB_MODULES_INIT_STAGE_2) { + struct ldb_request request; + int ret; + + request.operation = LDB_REQ_REGISTER; + request.op.reg.oid = LDB_CONTROL_EXTENDED_DN_OID; + request.controls = NULL; + + ret = ldb_request(ldb, &request); + if (ret != LDB_SUCCESS) { + ldb_debug(ldb, LDB_DEBUG_ERROR, "extended_dn: Unable to register control with rootdse!\n"); + } + + return NULL; + } + + ctx = talloc(ldb, struct ldb_module); + if (!ctx) + return NULL; + + ctx->ldb = ldb; + ctx->prev = ctx->next = NULL; + ctx->ops = &extended_dn_ops; + ctx->private_data = NULL; + + return ctx; +} diff --git a/source4/dsdb/samdb/ldb_modules/objectguid.c b/source4/dsdb/samdb/ldb_modules/objectguid.c index c9063af6ef..935f92c55b 100644 --- a/source4/dsdb/samdb/ldb_modules/objectguid.c +++ b/source4/dsdb/samdb/ldb_modules/objectguid.c @@ -128,10 +128,12 @@ static const struct ldb_module_ops objectguid_ops = { /* the init function */ -struct ldb_module *objectguid_module_init(struct ldb_context *ldb, const char *options[]) +struct ldb_module *objectguid_module_init(struct ldb_context *ldb, int stage, const char *options[]) { struct ldb_module *ctx; + if (stage != LDB_MODULES_INIT_STAGE_1) return NULL; + ctx = talloc(ldb, struct ldb_module); if (!ctx) return NULL; diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index e0fc50f242..82e4639a23 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -147,6 +147,7 @@ static int password_hash_handle(struct ldb_module *module, struct ldb_request *r search_request->op.search.scope = LDB_SCOPE_BASE; search_request->op.search.tree = ldb_parse_tree(module->ldb, NULL); search_request->op.search.attrs = old_user_attrs; + search_request->controls = NULL; old_ret = ldb_next_request(module, search_request); } @@ -253,6 +254,7 @@ static int password_hash_handle(struct ldb_module *module, struct ldb_request *r search_request->op.search.scope = LDB_SCOPE_BASE; search_request->op.search.tree = ldb_parse_tree(module->ldb, NULL); search_request->op.search.attrs = user_attrs; + search_request->controls = NULL; ret = ldb_next_request(module, search_request); if (ret) { @@ -656,6 +658,7 @@ static int password_hash_handle(struct ldb_module *module, struct ldb_request *r modify_request->operation = LDB_REQ_MODIFY; modify_request->op.mod.message = modify_msg; + modify_request->controls = NULL; ret = ldb_next_request(module, modify_request); @@ -714,10 +717,12 @@ static const struct ldb_module_ops password_hash_ops = { /* the init function */ -struct ldb_module *password_hash_module_init(struct ldb_context *ldb, const char *options[]) +struct ldb_module *password_hash_module_init(struct ldb_context *ldb, int stage, const char *options[]) { struct ldb_module *ctx; + if (stage != LDB_MODULES_INIT_STAGE_1) return NULL; + ctx = talloc(ldb, struct ldb_module); if (!ctx) return NULL; diff --git a/source4/dsdb/samdb/ldb_modules/proxy.c b/source4/dsdb/samdb/ldb_modules/proxy.c index cbe404fc4b..540f4241b9 100644 --- a/source4/dsdb/samdb/ldb_modules/proxy.c +++ b/source4/dsdb/samdb/ldb_modules/proxy.c @@ -288,6 +288,7 @@ static int proxy_search_bytree(struct ldb_module *module, struct ldb_request *re newreq.op.search.scope = req->op.search.scope; newreq.op.search.attrs = req->op.search.attrs; newreq.op.search.res = req->op.search.res; + newreq.controls = req->controls; ret = ldb_request(proxy->upstream, &newreq); if (ret != LDB_SUCCESS) { ldb_set_errstring(module, talloc_strdup(module, ldb_errstring(proxy->upstream))); @@ -332,10 +333,12 @@ static const struct ldb_module_ops proxy_ops = { .request = proxy_request }; -struct ldb_module *proxy_module_init(struct ldb_context *ldb, const char *options[]) +struct ldb_module *proxy_module_init(struct ldb_context *ldb, int stage, const char *options[]) { struct ldb_module *ctx; + if (stage != LDB_MODULES_INIT_STAGE_1) return NULL; + ctx = talloc(ldb, struct ldb_module); if (!ctx) return NULL; diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index 93bc9903ed..8e0c231301 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -4,6 +4,7 @@ rootDSE ldb module Copyright (C) Andrew Tridgell 2005 + Copyright (C) Simo Sorce 2005 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -27,6 +28,11 @@ #include "auth/gensec/gensec.h" #include +struct private_data { + int num_controls; + char **controls; +}; + /* return 1 if a specific attribute has been requested */ @@ -42,6 +48,7 @@ static int do_attribute(const char * const *attrs, const char *name) */ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_request *req) { + struct private_data *priv = talloc_get_type(module->private_data, struct private_data); struct ldb_search *s = &req->op.search; struct ldb_message *msg; struct cli_credentials *server_creds; @@ -63,6 +70,16 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_request *re } } + if (do_attribute(s->attrs, "supportedControl")) { + int i; + for (i = 0; i < priv->num_controls; i++) { + if (ldb_msg_add_string(msg, "supportedControl", + priv->controls[i]) != 0) { + goto failed; + } + } + } + server_creds = talloc_get_type(ldb_get_opaque(module->ldb, "server_credentials"), struct cli_credentials); if (do_attribute(s->attrs, "supportedSASLMechanisms")) { @@ -130,12 +147,35 @@ static int rootdse_search_bytree(struct ldb_module *module, struct ldb_request * return ret; } +static int rootdse_register_control(struct ldb_module *module, struct ldb_request *req) +{ + struct private_data *priv = talloc_get_type(module->private_data, struct private_data); + char **list; + + list = talloc_realloc(priv, priv->controls, char *, priv->num_controls + 1); + if (!list) { + return LDB_ERR_OPERATIONS_ERROR; + } + + list[priv->num_controls] = talloc_strdup(list, req->op.reg.oid); + if (!list[priv->num_controls]) { + return LDB_ERR_OPERATIONS_ERROR; + } + + priv->num_controls += 1; + priv->controls = list; + + return LDB_SUCCESS; +} + static int rootdse_request(struct ldb_module *module, struct ldb_request *req) { switch (req->operation) { case LDB_REQ_SEARCH: return rootdse_search_bytree(module, req); + case LDB_REQ_REGISTER: + return rootdse_register_control(module, req); default: break; } @@ -147,18 +187,30 @@ static const struct ldb_module_ops rootdse_ops = { .request = rootdse_request }; -struct ldb_module *rootdse_module_init(struct ldb_context *ldb, const char *options[]) +struct ldb_module *rootdse_module_init(struct ldb_context *ldb, int stage, const char *options[]) { struct ldb_module *ctx; + struct private_data *data; + + if (stage != LDB_MODULES_INIT_STAGE_1) return NULL; ctx = talloc(ldb, struct ldb_module); if (!ctx) return NULL; + data = talloc(ctx, struct private_data); + if (data == NULL) { + talloc_free(ctx); + return NULL; + } + + data->num_controls = 0; + data->controls = NULL; + ctx->private_data = data; + ctx->ldb = ldb; ctx->prev = ctx->next = NULL; ctx->ops = &rootdse_ops; - ctx->private_data = NULL; return ctx; } diff --git a/source4/dsdb/samdb/ldb_modules/samba3sam.c b/source4/dsdb/samdb/ldb_modules/samba3sam.c index 429710c2c5..035321a90b 100644 --- a/source4/dsdb/samdb/ldb_modules/samba3sam.c +++ b/source4/dsdb/samdb/ldb_modules/samba3sam.c @@ -878,7 +878,9 @@ const struct ldb_map_attribute samba3_attributes[] = }; /* the init function */ -struct ldb_module *ldb_samba3sam_module_init(struct ldb_context *ldb, const char *options[]) +struct ldb_module *ldb_samba3sam_module_init(struct ldb_context *ldb, int stage, const char *options[]) { + if (stage != LDB_MODULES_INIT_STAGE_1) return NULL; + return ldb_map_init(ldb, samba3_attributes, samba3_objectclasses, "samba3sam"); } diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 7bf25994e2..82c2d4d0cc 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -583,10 +583,12 @@ static const struct ldb_module_ops samldb_ops = { /* the init function */ -struct ldb_module *samldb_module_init(struct ldb_context *ldb, const char *options[]) +struct ldb_module *samldb_module_init(struct ldb_context *ldb, int stage, const char *options[]) { struct ldb_module *ctx; + if (stage != LDB_MODULES_INIT_STAGE_1) return NULL; + ctx = talloc(ldb, struct ldb_module); if (!ctx) return NULL; -- cgit From dbef4d76de92c3388f4e1819a76d6febf90be290 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 6 Jan 2006 16:12:45 +0000 Subject: r12743: Remove the ugly way we had to make a second stage init and introduce a second_stage_init private function for modules that need a second stage init. Simo. (This used to be commit 5e8b365fa2d93801a5de1d9ea76ce9d5546bd248) --- source4/dsdb/samdb/ldb_modules/extended_dn.c | 41 +++++++++++++------------- source4/dsdb/samdb/ldb_modules/objectguid.c | 4 +-- source4/dsdb/samdb/ldb_modules/password_hash.c | 4 +-- source4/dsdb/samdb/ldb_modules/proxy.c | 4 +-- source4/dsdb/samdb/ldb_modules/rootdse.c | 4 +-- source4/dsdb/samdb/ldb_modules/samba3sam.c | 4 +-- source4/dsdb/samdb/ldb_modules/samldb.c | 4 +-- 7 files changed, 26 insertions(+), 39 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/extended_dn.c b/source4/dsdb/samdb/ldb_modules/extended_dn.c index 49af8604d5..839c190a8e 100644 --- a/source4/dsdb/samdb/ldb_modules/extended_dn.c +++ b/source4/dsdb/samdb/ldb_modules/extended_dn.c @@ -266,35 +266,34 @@ static int extended_request(struct ldb_module *module, struct ldb_request *req) } } +static int extended_init_2(struct ldb_module *module) +{ + struct ldb_request request; + int ret; + + request.operation = LDB_REQ_REGISTER; + request.op.reg.oid = LDB_CONTROL_EXTENDED_DN_OID; + request.controls = NULL; + + ret = ldb_request(module->ldb, &request); + if (ret != LDB_SUCCESS) { + ldb_debug(module->ldb, LDB_DEBUG_ERROR, "extended_dn: Unable to register control with rootdse!\n"); + return LDB_ERR_OTHER; + } + + return ldb_next_second_stage_init(module); +} + static const struct ldb_module_ops extended_dn_ops = { .name = "extended_dn", .request = extended_request, + .second_stage_init = extended_init_2 }; -#ifdef HAVE_DLOPEN_DISABLED -struct ldb_module *init_module(struct ldb_context *ldb, int stage, const char *options[]) -#else -struct ldb_module *extended_dn_module_init(struct ldb_context *ldb, int stage, const char *options[]) -#endif +struct ldb_module *extended_dn_module_init(struct ldb_context *ldb, const char *options[]) { struct ldb_module *ctx; - if (stage == LDB_MODULES_INIT_STAGE_2) { - struct ldb_request request; - int ret; - - request.operation = LDB_REQ_REGISTER; - request.op.reg.oid = LDB_CONTROL_EXTENDED_DN_OID; - request.controls = NULL; - - ret = ldb_request(ldb, &request); - if (ret != LDB_SUCCESS) { - ldb_debug(ldb, LDB_DEBUG_ERROR, "extended_dn: Unable to register control with rootdse!\n"); - } - - return NULL; - } - ctx = talloc(ldb, struct ldb_module); if (!ctx) return NULL; diff --git a/source4/dsdb/samdb/ldb_modules/objectguid.c b/source4/dsdb/samdb/ldb_modules/objectguid.c index 935f92c55b..c9063af6ef 100644 --- a/source4/dsdb/samdb/ldb_modules/objectguid.c +++ b/source4/dsdb/samdb/ldb_modules/objectguid.c @@ -128,12 +128,10 @@ static const struct ldb_module_ops objectguid_ops = { /* the init function */ -struct ldb_module *objectguid_module_init(struct ldb_context *ldb, int stage, const char *options[]) +struct ldb_module *objectguid_module_init(struct ldb_context *ldb, const char *options[]) { struct ldb_module *ctx; - if (stage != LDB_MODULES_INIT_STAGE_1) return NULL; - ctx = talloc(ldb, struct ldb_module); if (!ctx) return NULL; diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 82e4639a23..2b979857d9 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -717,12 +717,10 @@ static const struct ldb_module_ops password_hash_ops = { /* the init function */ -struct ldb_module *password_hash_module_init(struct ldb_context *ldb, int stage, const char *options[]) +struct ldb_module *password_hash_module_init(struct ldb_context *ldb, const char *options[]) { struct ldb_module *ctx; - if (stage != LDB_MODULES_INIT_STAGE_1) return NULL; - ctx = talloc(ldb, struct ldb_module); if (!ctx) return NULL; diff --git a/source4/dsdb/samdb/ldb_modules/proxy.c b/source4/dsdb/samdb/ldb_modules/proxy.c index 540f4241b9..2c66d2c1ec 100644 --- a/source4/dsdb/samdb/ldb_modules/proxy.c +++ b/source4/dsdb/samdb/ldb_modules/proxy.c @@ -333,12 +333,10 @@ static const struct ldb_module_ops proxy_ops = { .request = proxy_request }; -struct ldb_module *proxy_module_init(struct ldb_context *ldb, int stage, const char *options[]) +struct ldb_module *proxy_module_init(struct ldb_context *ldb, const char *options[]) { struct ldb_module *ctx; - if (stage != LDB_MODULES_INIT_STAGE_1) return NULL; - ctx = talloc(ldb, struct ldb_module); if (!ctx) return NULL; diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index 8e0c231301..68de8c884c 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -187,13 +187,11 @@ static const struct ldb_module_ops rootdse_ops = { .request = rootdse_request }; -struct ldb_module *rootdse_module_init(struct ldb_context *ldb, int stage, const char *options[]) +struct ldb_module *rootdse_module_init(struct ldb_context *ldb, const char *options[]) { struct ldb_module *ctx; struct private_data *data; - if (stage != LDB_MODULES_INIT_STAGE_1) return NULL; - ctx = talloc(ldb, struct ldb_module); if (!ctx) return NULL; diff --git a/source4/dsdb/samdb/ldb_modules/samba3sam.c b/source4/dsdb/samdb/ldb_modules/samba3sam.c index 035321a90b..429710c2c5 100644 --- a/source4/dsdb/samdb/ldb_modules/samba3sam.c +++ b/source4/dsdb/samdb/ldb_modules/samba3sam.c @@ -878,9 +878,7 @@ const struct ldb_map_attribute samba3_attributes[] = }; /* the init function */ -struct ldb_module *ldb_samba3sam_module_init(struct ldb_context *ldb, int stage, const char *options[]) +struct ldb_module *ldb_samba3sam_module_init(struct ldb_context *ldb, const char *options[]) { - if (stage != LDB_MODULES_INIT_STAGE_1) return NULL; - return ldb_map_init(ldb, samba3_attributes, samba3_objectclasses, "samba3sam"); } diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 82c2d4d0cc..7bf25994e2 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -583,12 +583,10 @@ static const struct ldb_module_ops samldb_ops = { /* the init function */ -struct ldb_module *samldb_module_init(struct ldb_context *ldb, int stage, const char *options[]) +struct ldb_module *samldb_module_init(struct ldb_context *ldb, const char *options[]) { struct ldb_module *ctx; - if (stage != LDB_MODULES_INIT_STAGE_1) return NULL; - ctx = talloc(ldb, struct ldb_module); if (!ctx) return NULL; -- cgit From a8eec313549905724a8186a1a4c14480658e2967 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 6 Jan 2006 21:04:32 +0000 Subject: r12746: An initial version of the kludge_acls module. This should be replaced with real ACLs, which tridge is working on. In the meantime, the rules are very simple: - SYSTEM and Administrators can read all. - Users and anonymous cannot read passwords, can read everything else - list of 'password' attributes is hard-coded Most of the difficult work in this was fighting with the C/js interface to add a system_session() all, as it still doesn't get on with me :-) Andrew Bartlett (This used to be commit be9d0cae8989429ef47a713d8f0a82f12966fc78) --- source4/dsdb/samdb/ldb_modules/config.mk | 13 ++ source4/dsdb/samdb/ldb_modules/kludge_acl.c | 210 ++++++++++++++++++++++++++++ 2 files changed, 223 insertions(+) create mode 100644 source4/dsdb/samdb/ldb_modules/kludge_acl.c (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index 7fc0522034..c53c7c1606 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -69,6 +69,19 @@ REQUIRED_SUBSYSTEMS = \ # End MODULE libldb_rootdse ################################################ +################################################ +# Start MODULE libldb_cludge_acl +[MODULE::libldb_kludge_acl] +SUBSYSTEM = LIBLDB +OUTPUT_TYPE = MERGEDOBJ +OBJ_FILES = \ + kludge_acl.o +REQUIRED_SUBSYSTEMS = \ + LIB_SECURITY +# +# End MODULE libldb_rootdse +################################################ + ################################################ # Start MODULE libldb_extended_dn [MODULE::libldb_extended_dn] diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c new file mode 100644 index 0000000000..d2fd96267d --- /dev/null +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -0,0 +1,210 @@ +/* + ldb database library + + Copyright (C) Andrew Bartlett 2005 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +/* + * Name: ldb + * + * Component: ldb kludge ACL module + * + * Description: Simple module to enforce a simple form of access + * control, sufficient for securing a default Samba4 + * installation. + * + * Author: Andrew Bartlett + */ + +#include "includes.h" +#include "ldb/include/ldb.h" +#include "ldb/include/ldb_errors.h" +#include "ldb/include/ldb_private.h" +#include "auth/auth.h" + +/* Kludge ACL rules: + * + * - System can read passwords + * - Administrators can write anything + * - Users can read anything that is not a password + * + */ + +const char *password_attribs[] = { + "sambaPassword", + "ntPwdHash", + "sambaNTPwdHistory", + "lmPwdHash", + "sambaLMPwdHistory", + "krb5key" +}; + +enum user_is { + ANONYMOUS, + USER, + ADMINISTRATOR, + SYSTEM +}; + +struct private_data { + + char *some_private_data; +}; + +static enum user_is what_is_user(struct ldb_module *module) +{ + struct auth_session_info *session_info + = ldb_get_opaque(module->ldb, "sessionInfo"); + if (!session_info) { + return ANONYMOUS; + } + + if (is_system_token(session_info->security_token)) { + return SYSTEM; + } + + if (is_administrator_token(session_info->security_token)) { + return SYSTEM; + } + if (is_authenticated_token(session_info->security_token)) { + return USER; + } + if (is_anonymous_token(session_info->security_token)) { + return ANONYMOUS; + } + return ANONYMOUS; +} + +/* search */ +static int kludge_acl_search(struct ldb_module *module, struct ldb_request *req) +{ + enum user_is user_type; + int ret = ldb_next_request(module, req); + struct ldb_message *msg; + int i, j; + + if (ret != LDB_SUCCESS) { + return ret; + } + + user_type = what_is_user(module); + switch (user_type) { + case SYSTEM: + case ADMINISTRATOR: + return ret; + default: + /* For every message, remove password attributes */ + for (i=0; i < req->op.search.res->count; i++) { + msg = req->op.search.res->msgs[i]; + for (j=0; j < ARRAY_SIZE(password_attribs); j++) { + ldb_msg_remove_attr(msg, password_attribs[j]); + } + } + } + return ret; +} + +/* ANY change type */ +static int kludge_acl_change(struct ldb_module *module, struct ldb_request *req){ + enum user_is user_type = what_is_user(module); + switch (user_type) { + case SYSTEM: + case ADMINISTRATOR: + return ldb_next_request(module, req); + default: + ldb_set_errstring(module, + talloc_asprintf(req, "kludge_acl_change: " + "attempted database modify not permitted. User is not SYSTEM or an administrator")); + return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS; + } +} + +/* start a transaction */ +static int kludge_acl_start_trans(struct ldb_module *module) +{ + return ldb_next_start_trans(module); +} + +/* end a transaction */ +static int kludge_acl_end_trans(struct ldb_module *module) +{ + return ldb_next_end_trans(module); +} + +/* delete a transaction */ +static int kludge_acl_del_trans(struct ldb_module *module) +{ + return ldb_next_del_trans(module); +} + +static int kludge_acl_destructor(void *module_ctx) +{ + struct ldb_module *ctx = talloc_get_type(module_ctx, struct ldb_module); + struct private_data *data = talloc_get_type(ctx->private_data, struct private_data); + /* put your clean-up functions here */ + if (data->some_private_data) talloc_free(data->some_private_data); + return 0; +} + +static int kludge_acl_request(struct ldb_module *module, struct ldb_request *req) +{ + switch (req->operation) { + + case LDB_REQ_SEARCH: + return kludge_acl_search(module, req); + case LDB_REQ_REGISTER: + return ldb_next_request(module, req); + default: + /* anything else must be a change of some kind */ + return kludge_acl_change(module, req); + } +} + +static const struct ldb_module_ops kludge_acl_ops = { + .name = "kludge_acl", + .request = kludge_acl_request, + .start_transaction = kludge_acl_start_trans, + .end_transaction = kludge_acl_end_trans, + .del_transaction = kludge_acl_del_trans, +}; + +struct ldb_module *kludge_acl_module_init(struct ldb_context *ldb, const char *options[]) +{ + struct ldb_module *ctx; + struct private_data *data; + + ctx = talloc(ldb, struct ldb_module); + if (!ctx) + return NULL; + + data = talloc(ctx, struct private_data); + if (data == NULL) { + talloc_free(ctx); + return NULL; + } + + data->some_private_data = NULL; + ctx->private_data = data; + + ctx->ldb = ldb; + ctx->prev = ctx->next = NULL; + ctx->ops = &kludge_acl_ops; + + talloc_set_destructor (ctx, kludge_acl_destructor); + + return ctx; +} -- cgit From 8c9d212f2a1984322118257e63f7a3280da6b392 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 8 Jan 2006 01:46:30 +0000 Subject: r12762: Simo correctly asked that the policy logic (which attributes contain passwords) be moved into the database, and not be hard-coded in the module source. Andrew Bartlett (This used to be commit 1fbe09ce818ac1603bd747610262865b8698fe04) --- source4/dsdb/samdb/ldb_modules/kludge_acl.c | 88 ++++++++++++++++++++--------- 1 file changed, 62 insertions(+), 26 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index d2fd96267d..09d8e82576 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -45,12 +45,6 @@ */ const char *password_attribs[] = { - "sambaPassword", - "ntPwdHash", - "sambaNTPwdHistory", - "lmPwdHash", - "sambaLMPwdHistory", - "krb5key" }; enum user_is { @@ -60,9 +54,8 @@ enum user_is { SYSTEM }; -struct private_data { - - char *some_private_data; +struct kludge_private_data { + const char **password_attrs; }; static enum user_is what_is_user(struct ldb_module *module) @@ -78,7 +71,7 @@ static enum user_is what_is_user(struct ldb_module *module) } if (is_administrator_token(session_info->security_token)) { - return SYSTEM; + return ADMINISTRATOR; } if (is_authenticated_token(session_info->security_token)) { return USER; @@ -95,6 +88,7 @@ static int kludge_acl_search(struct ldb_module *module, struct ldb_request *req) enum user_is user_type; int ret = ldb_next_request(module, req); struct ldb_message *msg; + struct kludge_private_data *data = talloc_get_type(module->private_data, struct kludge_private_data); int i, j; if (ret != LDB_SUCCESS) { @@ -110,8 +104,8 @@ static int kludge_acl_search(struct ldb_module *module, struct ldb_request *req) /* For every message, remove password attributes */ for (i=0; i < req->op.search.res->count; i++) { msg = req->op.search.res->msgs[i]; - for (j=0; j < ARRAY_SIZE(password_attribs); j++) { - ldb_msg_remove_attr(msg, password_attribs[j]); + for (j=0; data->password_attrs[j]; j++) { + ldb_msg_remove_attr(msg, data->password_attrs[j]); } } } @@ -151,15 +145,6 @@ static int kludge_acl_del_trans(struct ldb_module *module) return ldb_next_del_trans(module); } -static int kludge_acl_destructor(void *module_ctx) -{ - struct ldb_module *ctx = talloc_get_type(module_ctx, struct ldb_module); - struct private_data *data = talloc_get_type(ctx->private_data, struct private_data); - /* put your clean-up functions here */ - if (data->some_private_data) talloc_free(data->some_private_data); - return 0; -} - static int kludge_acl_request(struct ldb_module *module, struct ldb_request *req) { switch (req->operation) { @@ -174,37 +159,88 @@ static int kludge_acl_request(struct ldb_module *module, struct ldb_request *req } } +static int kludge_acl_init_2(struct ldb_module *module) +{ + int ret, i; + TALLOC_CTX *mem_ctx = talloc_new(module); + const char *attrs[] = { "attribute", NULL }; + struct ldb_result *res; + struct ldb_message *msg; + struct ldb_message_element *password_attributes; + + struct kludge_private_data *data = talloc_get_type(module->private_data, struct kludge_private_data); + data->password_attrs = NULL; + + if (!mem_ctx) { + return LDB_ERR_OPERATIONS_ERROR; + } + + ret = ldb_search(module->ldb, ldb_dn_explode(mem_ctx, "@KLUDGEACL"), + LDB_SCOPE_BASE, + NULL, attrs, + &res); + if (ret != LDB_SUCCESS) { + talloc_free(mem_ctx); + return ret; + } + if (res->count == 0) { + talloc_free(mem_ctx); + data->password_attrs = NULL; + return LDB_SUCCESS; + } + + if (res->count > 1) { + return LDB_ERR_CONSTRAINT_VIOLAION; + } + + msg = res->msgs[0]; + + password_attributes = ldb_msg_find_element(msg, "passwordAttribute"); + if (!password_attributes) { + return LDB_SUCCESS; + } + data->password_attrs = talloc_array(data, const char *, password_attributes->num_values + 1); + if (!data->password_attrs) { + return LDB_ERR_OPERATIONS_ERROR; + } + for (i=0; i < password_attributes->num_values; i++) { + data->password_attrs[i] = (const char *)password_attributes->values[i].data; + talloc_steal(data->password_attrs, password_attributes->values[i].data); + } + data->password_attrs[i] = NULL; + return LDB_SUCCESS; +} + static const struct ldb_module_ops kludge_acl_ops = { .name = "kludge_acl", .request = kludge_acl_request, .start_transaction = kludge_acl_start_trans, .end_transaction = kludge_acl_end_trans, .del_transaction = kludge_acl_del_trans, + .second_stage_init = kludge_acl_init_2 }; struct ldb_module *kludge_acl_module_init(struct ldb_context *ldb, const char *options[]) { struct ldb_module *ctx; - struct private_data *data; + struct kludge_private_data *data; ctx = talloc(ldb, struct ldb_module); if (!ctx) return NULL; - data = talloc(ctx, struct private_data); + data = talloc(ctx, struct kludge_private_data); if (data == NULL) { talloc_free(ctx); return NULL; } - data->some_private_data = NULL; + data->password_attrs = NULL; ctx->private_data = data; ctx->ldb = ldb; ctx->prev = ctx->next = NULL; ctx->ops = &kludge_acl_ops; - talloc_set_destructor (ctx, kludge_acl_destructor); - return ctx; } -- cgit From 1162b37ff0ce46a578b7e8a6cd92f66a5a1982d9 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 8 Jan 2006 02:05:20 +0000 Subject: r12763: Oops. If you call ldb_search from within an ldb module's search request handler, you really have to watch the recursion issues... Andrew Bartlett (This used to be commit 46628e86a2be6d334b2d0427e7052517c7ab1d4c) --- source4/dsdb/samdb/ldb_modules/kludge_acl.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index 09d8e82576..cc6a0d18f4 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -91,7 +91,9 @@ static int kludge_acl_search(struct ldb_module *module, struct ldb_request *req) struct kludge_private_data *data = talloc_get_type(module->private_data, struct kludge_private_data); int i, j; - if (ret != LDB_SUCCESS) { + /* We may not be fully initialised yet, or we might have just + * got an error */ + if (ret != LDB_SUCCESS || !data->password_attrs) { return ret; } -- cgit From bdc7d03c9c4e23af21c5a3f43b5470f196417af0 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sun, 8 Jan 2006 13:50:06 +0000 Subject: r12769: Make ldb_next_request() evident, I was much confused on first sight Simo. (This used to be commit 2f0c7b896274e5e15e150c70d7ebe70355f6c4c0) --- source4/dsdb/samdb/ldb_modules/kludge_acl.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index cc6a0d18f4..5d982d0842 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -85,11 +85,13 @@ static enum user_is what_is_user(struct ldb_module *module) /* search */ static int kludge_acl_search(struct ldb_module *module, struct ldb_request *req) { - enum user_is user_type; - int ret = ldb_next_request(module, req); - struct ldb_message *msg; struct kludge_private_data *data = talloc_get_type(module->private_data, struct kludge_private_data); - int i, j; + struct ldb_message *msg; + enum user_is user_type; + int i, j, ret; + + /* go down the path and wait for reply to filter out stuff if needed */ + ret = ldb_next_request(module, req); /* We may not be fully initialised yet, or we might have just * got an error */ -- cgit From 874c9b71b755393eb88172e420ba0d661dbae5f8 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sun, 8 Jan 2006 18:12:35 +0000 Subject: r12773: - remove unused variable, fix the build with some old compilers metze (This used to be commit 1253784c923b569593b5207c14567c637f3a7ae7) --- source4/dsdb/samdb/ldb_modules/kludge_acl.c | 3 --- 1 file changed, 3 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index 5d982d0842..56b2d4b398 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -44,9 +44,6 @@ * */ -const char *password_attribs[] = { -}; - enum user_is { ANONYMOUS, USER, -- cgit From 4f06be612369862d0005c68c3658c3ed18b7883d Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 10 Jan 2006 09:18:48 +0000 Subject: r12818: When denying an operation, include what we think the username is in the error message. Andrew Bartlett (This used to be commit 36c1f67f12d5ac83a7a205c0ec152a79c4a8ba4b) --- source4/dsdb/samdb/ldb_modules/kludge_acl.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index 56b2d4b398..4153456aa1 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -79,6 +79,20 @@ static enum user_is what_is_user(struct ldb_module *module) return ANONYMOUS; } +static const char *user_name(TALLOC_CTX *mem_ctx, struct ldb_module *module) +{ + struct auth_session_info *session_info + = ldb_get_opaque(module->ldb, "sessionInfo"); + if (!session_info) { + return "UNKNOWN (NULL)"; + } + + return talloc_asprintf(mem_ctx, "%s\\%s", + session_info->server_info->domain_name, + session_info->server_info->account_name); + return ANONYMOUS; +} + /* search */ static int kludge_acl_search(struct ldb_module *module, struct ldb_request *req) { @@ -123,7 +137,8 @@ static int kludge_acl_change(struct ldb_module *module, struct ldb_request *req) default: ldb_set_errstring(module, talloc_asprintf(req, "kludge_acl_change: " - "attempted database modify not permitted. User is not SYSTEM or an administrator")); + "attempted database modify not permitted. User %s is not SYSTEM or an administrator", + user_name(req, module))); return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS; } } -- cgit From 91a37f02dd11df226be5ff21881933126e1cb187 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 11 Jan 2006 15:01:21 +0000 Subject: r12842: don't include system headers directly metze (This used to be commit 976052c6561dee7232c1a10fb977b1c4776825a2) --- source4/dsdb/samdb/ldb_modules/rootdse.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index 68de8c884c..0bf63f30ae 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -26,7 +26,7 @@ #include "lib/ldb/include/ldb_errors.h" #include "lib/ldb/include/ldb_private.h" #include "auth/gensec/gensec.h" -#include +#include "system/time.h" struct private_data { int num_controls; -- cgit From 0b3deb20defaedb0570c17ec8b28e5d11979cb35 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 11 Jan 2006 18:14:55 +0000 Subject: r12851: Fix some typos (This used to be commit 61ae77beecd573809d917dd86d1fac6cc40e967d) --- source4/dsdb/samdb/ldb_modules/kludge_acl.c | 2 +- source4/dsdb/samdb/ldb_modules/password_hash.c | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index 4153456aa1..d6f7861f6b 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -206,7 +206,7 @@ static int kludge_acl_init_2(struct ldb_module *module) } if (res->count > 1) { - return LDB_ERR_CONSTRAINT_VIOLAION; + return LDB_ERR_CONSTRAINT_VIOLATION; } msg = res->msgs[0]; diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 2b979857d9..e52d4e6563 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -170,7 +170,7 @@ static int password_hash_handle(struct ldb_module *module, struct ldb_request *r talloc_asprintf(mem_ctx, "sambaPassword_handle: " "attempted set of multiple sambaPassword attributes on %s rejected", ldb_dn_linearize(mem_ctx, dn))); - return LDB_ERR_CONSTRAINT_VIOLAION; + return LDB_ERR_CONSTRAINT_VIOLATION; } sambaPassword = (const char *)attribute->values[0].data; @@ -178,7 +178,7 @@ static int password_hash_handle(struct ldb_module *module, struct ldb_request *r } else if (((attribute->flags & LDB_FLAG_MOD_MASK) == LDB_FLAG_MOD_ADD) || ((attribute->flags & LDB_FLAG_MOD_MASK) == LDB_FLAG_MOD_REPLACE)) { if (attribute->num_values != 1) { - return LDB_ERR_CONSTRAINT_VIOLAION; + return LDB_ERR_CONSTRAINT_VIOLATION; } sambaPassword = (const char *)attribute->values[0].data; @@ -298,7 +298,7 @@ static int password_hash_handle(struct ldb_module *module, struct ldb_request *r "attempted set of sambaPassword on non-'person' object %s rejected", ldb_dn_linearize(mem_ctx, dn))); talloc_free(mem_ctx); - return LDB_ERR_CONSTRAINT_VIOLAION; + return LDB_ERR_CONSTRAINT_VIOLATION; } computer_val = data_blob_string_const("computer"); -- cgit From 0b3fb7e04d3d572541a0dc4335e72b3fa776c810 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 12 Jan 2006 03:07:04 +0000 Subject: r12860: Remove unused function. (we handle this in the password_hash module). Andrew Bartlett (This used to be commit daa4b76800024c1494eeda675c46af3790fac788) --- source4/dsdb/samdb/ldb_modules/samba3sam.c | 22 ---------------------- 1 file changed, 22 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samba3sam.c b/source4/dsdb/samdb/ldb_modules/samba3sam.c index 429710c2c5..3f593235fa 100644 --- a/source4/dsdb/samdb/ldb_modules/samba3sam.c +++ b/source4/dsdb/samdb/ldb_modules/samba3sam.c @@ -46,28 +46,6 @@ /* In Samba4 but not in Samba3: */ -static void generate_hashes (struct ldb_module *module, const char *local_attr, const struct ldb_message *local, struct ldb_message *remote_mp, struct ldb_message *remote_fb) -{ - const char *upwd = ldb_msg_find_string(local, local_attr, NULL); - struct ldb_val val; - - if (!upwd) - return; - - ldb_msg_add_string(remote_fb, local_attr, upwd); - - val.length = 16; - val.data = talloc_zero_size(module, val.length); - - E_md4hash(upwd, val.data); - ldb_msg_add_value(remote_mp, "sambaNTPassword", &val); - - val.data = talloc_zero_size(module, val.length); - E_deshash(upwd, val.data); - ldb_msg_add_value(remote_mp, "sambaLMPassword", &val); -} - - static struct ldb_message_element *generate_primaryGroupID(struct ldb_module *module, TALLOC_CTX *ctx, const char *attr, const struct ldb_message *remote) { struct ldb_message_element *el; -- cgit From 87625070becd33af5064204645d091fb178331f4 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 13 Jan 2006 04:49:49 +0000 Subject: r12895: Error strings save lives. err, they save time at least. The correct use of an error string in this case quickly pinpoited an overzealous check, and saved me hours of painful debugging. Andrew Bartlett (This used to be commit 26946c90e87a94453a5ad3e9e26ef19b36656237) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index e52d4e6563..6e55816d72 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -71,7 +71,7 @@ static int password_hash_handle(struct ldb_module *module, struct ldb_request *r uint_t pwdProperties, pwdHistoryLength; uint_t userAccountControl; const char *dnsDomain, *realm; - const char *sambaPassword; + const char *sambaPassword = NULL; struct samr_Password *sambaLMPwdHistory, *sambaNTPwdHistory; struct samr_Password *lmPwdHash, *ntPwdHash; struct samr_Password *lmOldHash = NULL, *ntOldHash = NULL; @@ -165,26 +165,32 @@ static int password_hash_handle(struct ldb_module *module, struct ldb_request *r * the second modify. We might not want it written to disk */ if (req->operation == LDB_REQ_ADD) { - if (attribute->num_values != 1) { + if (attribute->num_values > 1) { ldb_set_errstring(module, talloc_asprintf(mem_ctx, "sambaPassword_handle: " "attempted set of multiple sambaPassword attributes on %s rejected", ldb_dn_linearize(mem_ctx, dn))); return LDB_ERR_CONSTRAINT_VIOLATION; } - - sambaPassword = (const char *)attribute->values[0].data; - ldb_msg_remove_attr(msg2, "sambaPassword"); + + if (attribute->num_values == 1) { + sambaPassword = (const char *)attribute->values[0].data; + ldb_msg_remove_attr(msg2, "sambaPassword"); + } } else if (((attribute->flags & LDB_FLAG_MOD_MASK) == LDB_FLAG_MOD_ADD) || ((attribute->flags & LDB_FLAG_MOD_MASK) == LDB_FLAG_MOD_REPLACE)) { - if (attribute->num_values != 1) { + if (attribute->num_values > 1) { + ldb_set_errstring(module, + talloc_asprintf(mem_ctx, "sambaPassword_handle: " + "attempted set of multiple sambaPassword attributes on %s rejected", + ldb_dn_linearize(mem_ctx, dn))); return LDB_ERR_CONSTRAINT_VIOLATION; } - sambaPassword = (const char *)attribute->values[0].data; - ldb_msg_remove_attr(msg2, "sambaPassword"); - } else { - sambaPassword = NULL; + if (attribute->num_values == 1) { + sambaPassword = (const char *)attribute->values[0].data; + ldb_msg_remove_attr(msg2, "sambaPassword"); + } } modified_orig_request = talloc(mem_ctx, struct ldb_request); -- cgit From c96b5723869eca3155db2e2185354bb95d61c566 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 15 Jan 2006 06:59:56 +0000 Subject: r12943: Generate a SID for the domain join account using the modules, rather than a hardcoded SID. Fix the samldb module to return the what *was* the nextrid, rather than the new nextrid (that is for next time). Andrew Bartlett (This used to be commit ffe9042e15cebbc7ff1bac90ec39835753d6caa7) --- source4/dsdb/samdb/ldb_modules/samldb.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 7bf25994e2..c10a96a6ad 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -116,8 +116,6 @@ static int samldb_allocate_next_rid(struct ldb_context *ldb, TALLOC_CTX *mem_ctx return 1; } - (*id)++; - return 0; } -- cgit From 7dad66d8e38e206dd83b88a4e37c0f413b4b69df Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 18 Jan 2006 12:06:36 +0000 Subject: r12998: A big update to samldb.c This updates the module to handle both SID allocation and nextRid updating while importing users. (As imported users already have a SID, so don't go via the allocation step). We also ensure that SIDs in the database are unquie at create time. Furthermore, at allocation time, we double-check the SID isn't already in use, and that we don't create a foriegnSecurityPrincipal for a 'local' sid. Also create random samAccountName entries for users without one (we were setting $000000-000000000000). We may want to seperate the uniqueness code from the rest of samldb, and into a module with the objectguid code, which needs similar checks. These checks also need to apply to modification, or those modifications denied outright. Also update part of the testsuite to validate this. Andrew Bartlett (This used to be commit 7a9c8eee4bea88f5f0bb7c62f701476384b7dc84) --- source4/dsdb/samdb/ldb_modules/samldb.c | 627 ++++++++++++++++++++++---------- 1 file changed, 433 insertions(+), 194 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index c10a96a6ad..e92def7ccd 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -2,6 +2,7 @@ SAM ldb module Copyright (C) Simo Sorce 2004 + Copyright (C) Andrew Bartlett 2005 * NOTICE: this module is NOT released under the GNU LGPL license as * other ldb code. This module is release under the GNU GPL v2 or @@ -33,55 +34,95 @@ */ #include "includes.h" -#include "lib/ldb/include/ldb.h" +#include "libcli/ldap/ldap.h" #include "lib/ldb/include/ldb_errors.h" #include "lib/ldb/include/ldb_private.h" #include "dsdb/samdb/samdb.h" -#define SAM_ACCOUNT_NAME_BASE "$000000-000000000000" + +/* if value is not null also check for attribute to have exactly that value */ +static struct ldb_message_element *samldb_find_attribute(const struct ldb_message *msg, const char *name, const char *value) +{ + int j; + struct ldb_message_element *el = ldb_msg_find_element(msg, name); + if (!el) { + return NULL; + } + + if (!value) { + return el; + } + + for (j = 0; j < el->num_values; j++) { + if (strcasecmp(value, + (char *)el->values[j].data) == 0) { + return el; + } + } + + return NULL; +} + +static BOOL samldb_msg_add_string(struct ldb_module *module, struct ldb_message *msg, const char *name, const char *value) +{ + char *aval = talloc_strdup(msg, value); + + if (aval == NULL) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_msg_add_string: talloc_strdup failed!\n"); + return False; + } + + if (ldb_msg_add_string(msg, name, aval) != 0) { + return False; + } + + return True; +} + +static BOOL samldb_msg_add_sid(struct ldb_module *module, struct ldb_message *msg, const char *name, const struct dom_sid *sid) +{ + struct ldb_val v; + NTSTATUS status; + status = ndr_push_struct_blob(&v, msg, sid, + (ndr_push_flags_fn_t)ndr_push_dom_sid); + if (!NT_STATUS_IS_OK(status)) { + return -1; + } + return (ldb_msg_add_value(msg, name, &v) == 0); +} + +static BOOL samldb_find_or_add_attribute(struct ldb_module *module, struct ldb_message *msg, const char *name, const char *value, const char *set_value) +{ + if (samldb_find_attribute(msg, name, value) == NULL) { + return samldb_msg_add_string(module, msg, name, set_value); + } + return True; +} /* allocate a new id, attempting to do it atomically return 0 on failure, the id on success */ -static int samldb_allocate_next_rid(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, - const struct ldb_dn *dn, uint32_t *id) +static int samldb_set_next_rid(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, + const struct ldb_dn *dn, uint32_t old_id, uint32_t new_id) { - const char * const attrs[2] = { "nextRid", NULL }; - struct ldb_result *res = NULL; struct ldb_message msg; int ret; - const char *str; struct ldb_val vals[2]; struct ldb_message_element els[2]; - ret = ldb_search(ldb, dn, LDB_SCOPE_BASE, "nextRid=*", attrs, &res); - if (ret != LDB_SUCCESS || res->count != 1) { - if (res) talloc_free(res); - return -1; - } - str = ldb_msg_find_string(res->msgs[0], "nextRid", NULL); - if (str == NULL) { - ldb_debug(ldb, LDB_DEBUG_FATAL, "attribute nextRid not found in %s\n", ldb_dn_linearize(res, dn)); - talloc_free(res); - return -1; - } - - *id = strtol(str, NULL, 0); - if ((*id)+1 == 0) { + if (new_id == 0) { /* out of IDs ! */ ldb_debug(ldb, LDB_DEBUG_FATAL, "Are we out of valid IDs ?\n"); - talloc_free(res); - return -1; + return LDB_ERR_OPERATIONS_ERROR; } - talloc_free(res); /* we do a delete and add as a single operation. That prevents - a race */ + a race, in case we are not actually on a transaction db */ ZERO_STRUCT(msg); msg.dn = ldb_dn_copy(mem_ctx, dn); if (!msg.dn) { - return -1; + return LDB_ERR_OPERATIONS_ERROR; } msg.num_elements = 2; msg.elements = els; @@ -91,7 +132,7 @@ static int samldb_allocate_next_rid(struct ldb_context *ldb, TALLOC_CTX *mem_ctx els[0].flags = LDB_FLAG_MOD_DELETE; els[0].name = talloc_strdup(mem_ctx, "nextRid"); if (!els[0].name) { - return -1; + return LDB_ERR_OPERATIONS_ERROR; } els[1].num_values = 1; @@ -99,26 +140,103 @@ static int samldb_allocate_next_rid(struct ldb_context *ldb, TALLOC_CTX *mem_ctx els[1].flags = LDB_FLAG_MOD_ADD; els[1].name = els[0].name; - vals[0].data = (uint8_t *)talloc_asprintf(mem_ctx, "%u", *id); + vals[0].data = (uint8_t *)talloc_asprintf(mem_ctx, "%u", old_id); if (!vals[0].data) { - return -1; + return LDB_ERR_OPERATIONS_ERROR; } vals[0].length = strlen((char *)vals[0].data); - vals[1].data = (uint8_t *)talloc_asprintf(mem_ctx, "%u", (*id)+1); + vals[1].data = (uint8_t *)talloc_asprintf(mem_ctx, "%u", new_id); if (!vals[1].data) { - return -1; + return LDB_ERR_OPERATIONS_ERROR; } vals[1].length = strlen((char *)vals[1].data); ret = ldb_modify(ldb, &msg); - if (ret != 0) { - return 1; + return ret; +} + +/* + allocate a new id, attempting to do it atomically + return 0 on failure, the id on success +*/ +static int samldb_find_next_rid(struct ldb_module *module, TALLOC_CTX *mem_ctx, + const struct ldb_dn *dn, uint32_t *old_rid) +{ + const char * const attrs[2] = { "nextRid", NULL }; + struct ldb_result *res = NULL; + int ret; + const char *str; + + ret = ldb_search(module->ldb, dn, LDB_SCOPE_BASE, "nextRid=*", attrs, &res); + if (ret != LDB_SUCCESS) { + return ret; + } + talloc_steal(mem_ctx, res); + if (res->count != 1) { + talloc_free(res); + return -1; + } + + str = ldb_msg_find_string(res->msgs[0], "nextRid", NULL); + if (str == NULL) { + ldb_set_errstring(module, talloc_asprintf(mem_ctx, "attribute nextRid not found in %s\n", ldb_dn_linearize(res, dn))); + talloc_free(res); + return -1; } + *old_rid = strtol(str, NULL, 0); + talloc_free(res); return 0; } +static int samldb_allocate_next_rid(struct ldb_module *module, TALLOC_CTX *mem_ctx, + const struct ldb_dn *dn, const struct dom_sid *dom_sid, + struct dom_sid **new_sid) +{ + struct dom_sid *obj_sid; + uint32_t old_rid; + int ret; + struct ldb_message **sid_msgs; + const char *sid_attrs[] = { NULL }; + + do { + ret = samldb_find_next_rid(module, mem_ctx, dn, &old_rid); + if (ret) { + return ret; + } + + /* return the new object sid */ + obj_sid = dom_sid_add_rid(mem_ctx, dom_sid, old_rid); + + ret = samldb_set_next_rid(module->ldb, mem_ctx, dn, old_rid, old_rid + 1); + if (ret != 0) { + return ret; + } + + *new_sid = dom_sid_add_rid(mem_ctx, dom_sid, old_rid + 1); + if (!*new_sid) { + return LDB_ERR_OPERATIONS_ERROR; + } + + ret = gendb_search(module->ldb, + mem_ctx, NULL, &sid_msgs, sid_attrs, + "objectSid=%s", + ldap_encode_ndr_dom_sid(mem_ctx, *new_sid)); + if (ret == 0) { + /* Great. There are no conflicting users/groups/etc */ + return 0; + } else if (ret == -1) { + /* Bugger, there is a problem, and we don't know what it is until gendb_search improves */ + return ret; + } else { + /* gah, there are conflicting sids, lets move around the loop again... */ + } + } while (1); + return ret; +} + +/* Find a domain object in the parents of a particular DN. */ static struct ldb_dn *samldb_search_domain(struct ldb_module *module, TALLOC_CTX *mem_ctx, const struct ldb_dn *dn) { TALLOC_CTX *local_ctx; @@ -158,18 +276,11 @@ static struct dom_sid *samldb_get_new_sid(struct ldb_module *module, const char * const attrs[2] = { "objectSid", NULL }; struct ldb_result *res = NULL; const struct ldb_dn *dom_dn; - uint32_t rid; int ret; struct dom_sid *dom_sid, *obj_sid; /* get the domain component part of the provided dn */ - /* FIXME: quick search here, I think we should use something like - ldap_parse_dn here to be 100% sure we get the right domain dn */ - - /* FIXME: "dc=" is probably not utf8 safe either, - we need a multibyte safe substring search function here */ - dom_dn = samldb_search_domain(module, mem_ctx, obj_dn); if (dom_dn == NULL) { ldb_debug(module->ldb, LDB_DEBUG_FATAL, "Invalid dn (%s) not child of a domain object!\n", ldb_dn_linearize(mem_ctx, obj_dn)); @@ -193,87 +304,148 @@ static struct dom_sid *samldb_get_new_sid(struct ldb_module *module, } /* allocate a new Rid for the domain */ - ret = samldb_allocate_next_rid(module->ldb, mem_ctx, dom_dn, &rid); + ret = samldb_allocate_next_rid(module, mem_ctx, dom_dn, dom_sid, &obj_sid); if (ret != 0) { ldb_debug(module->ldb, LDB_DEBUG_FATAL, "Failed to increment nextRid of %s\n", ldb_dn_linearize(mem_ctx, dom_dn)); talloc_free(res); return NULL; } - /* return the new object sid */ - obj_sid = dom_sid_add_rid(mem_ctx, dom_sid, rid); - talloc_free(res); return obj_sid; } -static char *samldb_generate_samAccountName(const void *mem_ctx) { - char *name; - - name = talloc_strdup(mem_ctx, SAM_ACCOUNT_NAME_BASE); - /* TODO: randomize name */ - - return name; -} +/* If we are adding new users/groups, we need to update the nextRid + * attribute to be 'above' all incoming users RIDs. This tries to + * avoid clashes in future */ -/* if value is not null also check for attribute to have exactly that value */ -static struct ldb_message_element *samldb_find_attribute(const struct ldb_message *msg, const char *name, const char *value) +int samldb_notice_sid(struct ldb_module *module, + TALLOC_CTX *mem_ctx, const struct dom_sid *sid) { - int i, j; + int ret; + struct ldb_dn *dom_dn; + struct dom_sid *dom_sid; + const char *dom_attrs[] = { NULL }; + struct ldb_message **dom_msgs; + uint32_t old_rid; + + /* find the domain DN */ + + ret = gendb_search(module->ldb, + mem_ctx, NULL, &dom_msgs, dom_attrs, + "objectSid=%s", + ldap_encode_ndr_dom_sid(mem_ctx, sid)); + if (ret > 0) { + ldb_set_errstring(module, talloc_asprintf(mem_ctx, "Attempt to add record with SID %s rejected, because this SID is already in the database", dom_sid_string(mem_ctx, sid))); + /* We have a duplicate SID, we must reject the add */ + talloc_free(dom_msgs); + return LDB_ERR_CONSTRAINT_VIOLATION; + } + + if (ret == -1) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_get_new_sid: error searching for proposed sid!\n"); + return -1; + } - for (i = 0; i < msg->num_elements; i++) { - if (ldb_attr_cmp(name, msg->elements[i].name) == 0) { - if (!value) { - return &msg->elements[i]; - } - for (j = 0; j < msg->elements[i].num_values; j++) { - if (strcasecmp(value, - (char *)msg->elements[i].values[j].data) == 0) { - return &msg->elements[i]; - } - } - } + dom_sid = dom_sid_dup(mem_ctx, sid); + if (!dom_sid) { + return LDB_ERR_OPERATIONS_ERROR; } + /* get the domain component part of the provided SID */ + dom_sid->num_auths--; - return NULL; -} + /* find the domain DN */ -static BOOL samldb_msg_add_string(struct ldb_module *module, struct ldb_message *msg, const char *name, const char *value) -{ - char *aname = talloc_strdup(msg, name); - char *aval = talloc_strdup(msg, value); + ret = gendb_search(module->ldb, + mem_ctx, NULL, &dom_msgs, dom_attrs, + "(&(objectSid=%s)(objectclass=domain))", + ldap_encode_ndr_dom_sid(mem_ctx, dom_sid)); + if (ret == 0) { + /* This isn't an operation on a domain we know about, so nothing to update */ + return 0; + } - if (aname == NULL || aval == NULL) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_msg_add_string: talloc_strdup failed!\n"); - return False; + if (ret > 1) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_get_new_sid: error retrieving domain from sid: duplicate domains!\n"); + talloc_free(dom_msgs); + return -1; } - if (ldb_msg_add_string(msg, aname, aval) != 0) { - return False; + if (ret != 1) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_get_new_sid: error retrieving domain sid!\n"); + return -1; } - return True; + dom_dn = dom_msgs[0]->dn; + + ret = samldb_find_next_rid(module, mem_ctx, + dom_dn, &old_rid); + if (ret) { + talloc_free(dom_msgs); + return ret; + } + + if (old_rid <= sid->sub_auths[sid->num_auths - 1]) { + ret = samldb_set_next_rid(module->ldb, mem_ctx, dom_dn, old_rid, + sid->sub_auths[sid->num_auths - 1] + 1); + } + talloc_free(dom_msgs); + return ret; } -static BOOL samldb_msg_add_sid(struct ldb_module *module, struct ldb_message *msg, const char *name, const struct dom_sid *sid) +static int samldb_handle_sid(struct ldb_module *module, + TALLOC_CTX *mem_ctx, struct ldb_message *msg2) { - struct ldb_val v; - NTSTATUS status; - status = ndr_push_struct_blob(&v, msg, sid, - (ndr_push_flags_fn_t)ndr_push_dom_sid); - if (!NT_STATUS_IS_OK(status)) { - return -1; + int ret; + + struct dom_sid *sid = samdb_result_dom_sid(mem_ctx, msg2, "objectSid"); + if (sid == NULL) { + sid = samldb_get_new_sid(module, msg2, msg2->dn); + if (sid == NULL) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_user_or_computer_object: internal error! Can't generate new sid\n"); + return LDB_ERR_OPERATIONS_ERROR; + } + + if ( ! samldb_msg_add_sid(module, msg2, "objectSid", sid)) { + talloc_free(sid); + return LDB_ERR_OPERATIONS_ERROR; + } + talloc_free(sid); + ret = 0; + } else { + ret = samldb_notice_sid(module, msg2, sid); } - return (ldb_msg_add_value(msg, name, &v) == 0); + return ret; } -static BOOL samldb_find_or_add_attribute(struct ldb_module *module, struct ldb_message *msg, const char *name, const char *value, const char *set_value) +static char *samldb_generate_samAccountName(struct ldb_module *module, TALLOC_CTX *mem_ctx) { - if (samldb_find_attribute(msg, name, value) == NULL) { - return samldb_msg_add_string(module, msg, name, set_value); - } - return True; + char *name; + const char *attrs[] = { NULL }; + struct ldb_message **msgs; + int ret; + + /* Format: $000000-000000000000 */ + + do { + name = talloc_asprintf(mem_ctx, "$%.6X-%.6X%.6X", (unsigned int)random(), (unsigned int)random(), (unsigned int)random()); + /* TODO: Figure out exactly what this is meant to conflict with */ + ret = gendb_search(module->ldb, + mem_ctx, NULL, &msgs, attrs, + "samAccountName=%s", + ldb_binary_encode_string(mem_ctx, name)); + if (ret == 0) { + /* Great. There are no conflicting users/groups/etc */ + return name; + } else if (ret == -1) { + /* Bugger, there is a problem, and we don't know what it is until gendb_search improves */ + return NULL; + } else { + talloc_free(name); + /* gah, there are conflicting sids, lets move around the loop again... */ + } + } while (1); } static int samldb_copy_template(struct ldb_module *module, struct ldb_message *msg, const char *filter) @@ -335,185 +507,236 @@ static int samldb_copy_template(struct ldb_module *module, struct ldb_message *m return 0; } -static struct ldb_message *samldb_fill_group_object(struct ldb_module *module, const struct ldb_message *msg) +static int samldb_fill_group_object(struct ldb_module *module, const struct ldb_message *msg, + struct ldb_message **ret_msg) { + int ret; + const char *name; struct ldb_message *msg2; - struct ldb_message_element *attribute; struct ldb_dn_component *rdn; - - if (samldb_find_attribute(msg, "objectclass", "group") == NULL) { - return NULL; + TALLOC_CTX *mem_ctx = talloc_new(msg); + if (!mem_ctx) { + return LDB_ERR_OPERATIONS_ERROR; } - ldb_debug(module->ldb, LDB_DEBUG_TRACE, "samldb_fill_group_object\n"); - /* build the new msg */ - msg2 = ldb_msg_copy(module->ldb, msg); + msg2 = ldb_msg_copy(mem_ctx, msg); if (!msg2) { ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_group_object: ldb_msg_copy failed!\n"); - return NULL; + talloc_free(mem_ctx); + return LDB_ERR_OPERATIONS_ERROR; } - if (samldb_copy_template(module, msg2, "(&(CN=TemplateGroup)(objectclass=groupTemplate))") != 0) { + ret = samldb_copy_template(module, msg2, "(&(CN=TemplateGroup)(objectclass=groupTemplate))"); + if (ret != 0) { ldb_debug(module->ldb, LDB_DEBUG_WARNING, "samldb_fill_group_object: Error copying template!\n"); - return NULL; + talloc_free(mem_ctx); + return ret; } - if ((rdn = ldb_dn_get_rdn(msg2, msg2->dn)) == NULL) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_group_object: Bad DN (%s)!\n", ldb_dn_linearize(msg2, msg2->dn)); - return NULL; - } + rdn = ldb_dn_get_rdn(msg2, msg2->dn); + if (strcasecmp(rdn->name, "cn") != 0) { ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_group_object: Bad RDN (%s) for group!\n", rdn->name); - return NULL; + talloc_free(mem_ctx); + return LDB_ERR_CONSTRAINT_VIOLATION; } - if ((attribute = samldb_find_attribute(msg2, "objectSid", NULL)) == NULL ) { - struct dom_sid *sid = samldb_get_new_sid(module, msg2, msg2->dn); - if (sid == NULL) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_group_object: internal error! Can't generate new sid\n"); - return NULL; + /* Generate a random name, if no samAccountName was supplied */ + if (ldb_msg_find_element(msg2, "samAccountName") == NULL) { + name = samldb_generate_samAccountName(module, mem_ctx); + if (!name) { + talloc_free(mem_ctx); + return LDB_ERR_OPERATIONS_ERROR; } - - if (!samldb_msg_add_sid(module, msg2, "objectSid", sid)) { - talloc_free(sid); - return NULL; + if ( ! samldb_find_or_add_attribute(module, msg2, "sAMAccountName", NULL, name)) { + talloc_free(mem_ctx); + return LDB_ERR_OPERATIONS_ERROR; } - talloc_free(sid); } + + /* Manage SID allocation, conflicts etc */ + ret = samldb_handle_sid(module, mem_ctx, msg2); - if ( ! samldb_find_or_add_attribute(module, msg2, "sAMAccountName", NULL, samldb_generate_samAccountName(msg2))) { - return NULL; + if (ret == 0) { + talloc_steal(msg, msg2); + *ret_msg = msg2; } - - talloc_steal(msg, msg2); - - return msg2; + talloc_free(mem_ctx); + return 0; } -static struct ldb_message *samldb_fill_user_or_computer_object(struct ldb_module *module, const struct ldb_message *msg) +static int samldb_fill_user_or_computer_object(struct ldb_module *module, const struct ldb_message *msg, + struct ldb_message **ret_msg) { + int ret; + char *name; struct ldb_message *msg2; - struct ldb_message_element *attribute; struct ldb_dn_component *rdn; - - if ((samldb_find_attribute(msg, "objectclass", "user") == NULL) && - (samldb_find_attribute(msg, "objectclass", "computer") == NULL)) { - return NULL; + TALLOC_CTX *mem_ctx = talloc_new(msg); + if (!mem_ctx) { + return LDB_ERR_OPERATIONS_ERROR; } - ldb_debug(module->ldb, LDB_DEBUG_TRACE, "samldb_fill_user_or_computer_object\n"); - /* build the new msg */ - msg2 = ldb_msg_copy(module->ldb, msg); + msg2 = ldb_msg_copy(mem_ctx, msg); if (!msg2) { ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_group_object: ldb_msg_copy failed!\n"); - return NULL; + talloc_free(mem_ctx); + return LDB_ERR_OPERATIONS_ERROR; } if (samldb_find_attribute(msg, "objectclass", "computer") != NULL) { - if (samldb_copy_template(module, msg2, "(&(CN=TemplateComputer)(objectclass=userTemplate))") != 0) { + ret = samldb_copy_template(module, msg2, "(&(CN=TemplateComputer)(objectclass=userTemplate))"); + if (ret) { ldb_debug(module->ldb, LDB_DEBUG_WARNING, "samldb_fill_user_or_computer_object: Error copying computer template!\n"); - return NULL; + talloc_free(mem_ctx); + return ret; } } else { - if (samldb_copy_template(module, msg2, "(&(CN=TemplateUser)(objectclass=userTemplate))") != 0) { + ret = samldb_copy_template(module, msg2, "(&(CN=TemplateUser)(objectclass=userTemplate))"); + if (ret) { ldb_debug(module->ldb, LDB_DEBUG_WARNING, "samldb_fill_user_or_computer_object: Error copying user template!\n"); - return NULL; + talloc_free(mem_ctx); + return ret; } } - if ((rdn = ldb_dn_get_rdn(msg2, msg2->dn)) == NULL) { - return NULL; - } + rdn = ldb_dn_get_rdn(msg2, msg2->dn); + if (strcasecmp(rdn->name, "cn") != 0) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_user_or_computer_object: Bad RDN (%s) for user/computer!\n", rdn->name); - return NULL; + ldb_set_errstring(module, talloc_asprintf(module, "Bad RDN (%s=) for user/computer, should be CN=!\n", rdn->name)); + talloc_free(mem_ctx); + return LDB_ERR_CONSTRAINT_VIOLATION; } /* if the only attribute was: "objectclass: computer", then make sure we also add "user" objectclass */ if ( ! samldb_find_or_add_attribute(module, msg2, "objectclass", "user", "user")) { - return NULL; + talloc_free(mem_ctx); + return LDB_ERR_OPERATIONS_ERROR; } - if ((attribute = samldb_find_attribute(msg2, "objectSid", NULL)) == NULL ) { - struct dom_sid *sid; - sid = samldb_get_new_sid(module, msg2, msg2->dn); - if (sid == NULL) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_user_or_computer_object: internal error! Can't generate new sid\n"); - return NULL; - } + /* meddle with objectclass */ - if ( ! samldb_msg_add_sid(module, msg2, "objectSid", sid)) { - talloc_free(sid); - return NULL; + if (ldb_msg_find_element(msg2, "samAccountName") == NULL) { + name = samldb_generate_samAccountName(module, mem_ctx); + if (!name) { + talloc_free(mem_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + if ( ! samldb_find_or_add_attribute(module, msg2, "sAMAccountName", NULL, name)) { + talloc_free(mem_ctx); + return LDB_ERR_OPERATIONS_ERROR; } - talloc_free(sid); - } - - if ( ! samldb_find_or_add_attribute(module, msg2, "sAMAccountName", NULL, samldb_generate_samAccountName(msg2))) { - return NULL; } /* - useraccountcontrol: setting value 0 gives 0x200 for users + TODO: useraccountcontrol: setting value 0 gives 0x200 for users */ + /* Manage SID allocation, conflicts etc */ + ret = samldb_handle_sid(module, mem_ctx, msg2); + /* TODO: objectCategory, userAccountControl, badPwdCount, codePage, countryCode, badPasswordTime, lastLogoff, lastLogon, pwdLastSet, primaryGroupID, accountExpires, logonCount */ - return msg2; + if (ret == 0) { + *ret_msg = msg2; + talloc_steal(msg, msg2); + } + talloc_free(mem_ctx); + return 0; } - -static struct ldb_message *samldb_fill_foreignSecurityPrincipal_object(struct ldb_module *module, const struct ldb_message *msg) + +static int samldb_fill_foreignSecurityPrincipal_object(struct ldb_module *module, const struct ldb_message *msg, + struct ldb_message **ret_msg) { struct ldb_message *msg2; - struct ldb_message_element *attribute; struct ldb_dn_component *rdn; + struct dom_sid *dom_sid; + struct dom_sid *sid; + const char *dom_attrs[] = { "name", NULL }; + struct ldb_message **dom_msgs; + int ret; - if (samldb_find_attribute(msg, "objectclass", "foreignSecurityPrincipal") == NULL) { - return NULL; + TALLOC_CTX *mem_ctx = talloc_new(msg); + if (!mem_ctx) { + return LDB_ERR_OPERATIONS_ERROR; } - ldb_debug(module->ldb, LDB_DEBUG_TRACE, "samldb_fill_foreignSecurityPrincipal_object\n"); - /* build the new msg */ - msg2 = ldb_msg_copy(module->ldb, msg); + msg2 = ldb_msg_copy(mem_ctx, msg); if (!msg2) { ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_foreignSecurityPrincpal_object: ldb_msg_copy failed!\n"); - return NULL; + talloc_free(mem_ctx); + return LDB_ERR_OPERATIONS_ERROR; } - talloc_steal(msg, msg2); - - if (samldb_copy_template(module, msg2, "(&(CN=TemplateForeignSecurityPrincipal)(objectclass=foreignSecurityPrincipalTemplate))") != 0) { + ret = samldb_copy_template(module, msg2, "(&(CN=TemplateForeignSecurityPrincipal)(objectclass=foreignSecurityPrincipalTemplate))"); + if (ret != 0) { ldb_debug(module->ldb, LDB_DEBUG_WARNING, "samldb_fill_foreignSecurityPrincipal_object: Error copying template!\n"); - return NULL; + talloc_free(mem_ctx); + return ret; } - if ((rdn = ldb_dn_get_rdn(msg2, msg2->dn)) == NULL) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_foreignSecurityPrincipal_object: Bad DN (%s)!\n", ldb_dn_linearize(msg2, msg2->dn)); - return NULL; - } + rdn = ldb_dn_get_rdn(msg2, msg2->dn); + if (strcasecmp(rdn->name, "cn") != 0) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_foreignSecurityPrincipal_object: Bad RDN (%s) for foreignSecurityPrincpal!\n", rdn->name); - return NULL; + ldb_set_errstring(module, talloc_asprintf(module, "Bad RDN (%s=) for ForeignSecurityPrincipal, should be CN=!", rdn->name)); + talloc_free(mem_ctx); + return LDB_ERR_CONSTRAINT_VIOLATION; } - if ((attribute = samldb_find_attribute(msg2, "objectSid", NULL)) == NULL ) { - struct dom_sid *sid = dom_sid_parse_talloc(msg2, (char *)rdn->value.data); - if (sid == NULL) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_foreignSecurityPrincipal_object: internal error! Can't parse sid in CN\n"); - return NULL; - } + /* Slightly different for the foreign sids. We don't want + * domain SIDs ending up there, it would cause all sorts of + * pain */ - if (!samldb_msg_add_sid(module, msg2, "objectSid", sid)) { - talloc_free(sid); - return NULL; - } + sid = dom_sid_parse_talloc(msg2, (const char *)rdn->value.data); + if (!sid) { + ldb_set_errstring(module, talloc_asprintf(module, "No valid found SID in ForeignSecurityPrincipal CN!")); + talloc_free(mem_ctx); + return LDB_ERR_CONSTRAINT_VIOLATION; + } + + if ( ! samldb_msg_add_sid(module, msg2, "objectSid", sid)) { talloc_free(sid); + return LDB_ERR_OPERATIONS_ERROR; + } + + dom_sid = dom_sid_dup(mem_ctx, sid); + if (!dom_sid) { + talloc_free(mem_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + /* get the domain component part of the provided SID */ + dom_sid->num_auths--; + + /* find the domain DN */ + + ret = gendb_search(module->ldb, + mem_ctx, NULL, &dom_msgs, dom_attrs, + "(&(objectSid=%s)(objectclass=domain))", + ldap_encode_ndr_dom_sid(mem_ctx, dom_sid)); + if (ret >= 1) { + const char *name = samdb_result_string(dom_msgs[0], "name", NULL); + ldb_set_errstring(module, talloc_asprintf(mem_ctx, "Attempt to add foreign SID record with SID %s rejected, because this domian (%s) is already in the database", dom_sid_string(mem_ctx, sid), name)); + /* We have a duplicate SID, we must reject the add */ + return LDB_ERR_CONSTRAINT_VIOLATION; + } else if (ret == -1) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_foreignSecurityPrincipal_object: error searching for a domain with this sid: %s\n", dom_sid_string(mem_ctx, dom_sid)); + talloc_free(dom_msgs); + return -1; } - return msg2; + /* This isn't an operation on a domain we know about, so just + * check for the SID, looking for duplicates via the common + * code */ + ret = samldb_notice_sid(module, msg2, sid); + if (ret == 0) { + talloc_steal(msg, msg2); + *ret_msg = msg2; + } + + return ret; } /* add_record */ @@ -531,16 +754,32 @@ static int samldb_add(struct ldb_module *module, struct ldb_request *req) } /* is user or computer? add all relevant missing objects */ - msg2 = samldb_fill_user_or_computer_object(module, msg); + if ((samldb_find_attribute(msg, "objectclass", "user") != NULL) || + (samldb_find_attribute(msg, "objectclass", "computer") != NULL)) { + ret = samldb_fill_user_or_computer_object(module, msg, &msg2); + if (ret) { + return ret; + } + } /* is group? add all relevant missing objects */ if ( ! msg2 ) { - msg2 = samldb_fill_group_object(module, msg); + if (samldb_find_attribute(msg, "objectclass", "group") != NULL) { + ret = samldb_fill_group_object(module, msg, &msg2); + if (ret) { + return ret; + } + } } /* perhaps a foreignSecurityPrincipal? */ if ( ! msg2 ) { - msg2 = samldb_fill_foreignSecurityPrincipal_object(module, msg); + if (samldb_find_attribute(msg, "objectclass", "foreignSecurityPrincipal") != NULL) { + ret = samldb_fill_foreignSecurityPrincipal_object(module, msg, &msg2); + if (ret) { + return ret; + } + } } if (msg2) { -- cgit From 3b0b7cb72385c5fed40c63971dfb1eab79e7741a Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 26 Jan 2006 02:02:47 +0000 Subject: r13150: Correct comment. Andrew Bartlett (This used to be commit c34666abc170687daa8dcd085020880b598caaf7) --- source4/dsdb/samdb/ldb_modules/samldb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index e92def7ccd..07f617f4b5 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -719,7 +719,7 @@ static int samldb_fill_foreignSecurityPrincipal_object(struct ldb_module *module if (ret >= 1) { const char *name = samdb_result_string(dom_msgs[0], "name", NULL); ldb_set_errstring(module, talloc_asprintf(mem_ctx, "Attempt to add foreign SID record with SID %s rejected, because this domian (%s) is already in the database", dom_sid_string(mem_ctx, sid), name)); - /* We have a duplicate SID, we must reject the add */ + /* We don't really like the idea of foreign sids that are not foreign */ return LDB_ERR_CONSTRAINT_VIOLATION; } else if (ret == -1) { ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_foreignSecurityPrincipal_object: error searching for a domain with this sid: %s\n", dom_sid_string(mem_ctx, dom_sid)); -- cgit From 654a21178fa7e908e3a2be42d5522ea1b1b23250 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 28 Jan 2006 12:19:20 +0000 Subject: r13207: Use the new API for using/not using kerbeors in hdb-ldb.c Update the rootdse module to use the new schema. Andrew Bartlett (This used to be commit b0b150d08ac39ed486071487826da2e306db6a0b) --- source4/dsdb/samdb/ldb_modules/rootdse.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index 0bf63f30ae..fc1bfa824e 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -83,7 +83,11 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_request *re server_creds = talloc_get_type(ldb_get_opaque(module->ldb, "server_credentials"), struct cli_credentials); if (do_attribute(s->attrs, "supportedSASLMechanisms")) { - const struct gensec_security_ops **ops = cli_credentials_gensec_list(server_creds); + struct gensec_security_ops **backends = gensec_security_all(); + enum credentials_use_kerberos use_kerberos + = cli_credentials_get_kerberos_state(server_creds); + struct gensec_security_ops **ops + = gensec_use_kerberos_mechs(req, backends, use_kerberos); int i; for (i = 0; ops && ops[i]; i++) { if (ops[i]->sasl_name) { -- cgit From 99f0659f67eb59d55aeee31bd16614a7ebe282a1 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 31 Jan 2006 03:20:18 +0000 Subject: r13253: More work to ensure that we don't keep data on long-term contexts. Andrew Bartlett (This used to be commit 35517573ff807339f96573e58bdec29073be9594) --- source4/dsdb/samdb/ldb_modules/kludge_acl.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index d6f7861f6b..0d0a266119 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -199,6 +199,7 @@ static int kludge_acl_init_2(struct ldb_module *module) talloc_free(mem_ctx); return ret; } + talloc_steal(mem_ctx, res); if (res->count == 0) { talloc_free(mem_ctx); data->password_attrs = NULL; @@ -206,6 +207,7 @@ static int kludge_acl_init_2(struct ldb_module *module) } if (res->count > 1) { + talloc_free(mem_ctx); return LDB_ERR_CONSTRAINT_VIOLATION; } @@ -213,10 +215,12 @@ static int kludge_acl_init_2(struct ldb_module *module) password_attributes = ldb_msg_find_element(msg, "passwordAttribute"); if (!password_attributes) { + talloc_free(mem_ctx); return LDB_SUCCESS; } data->password_attrs = talloc_array(data, const char *, password_attributes->num_values + 1); if (!data->password_attrs) { + talloc_free(mem_ctx); return LDB_ERR_OPERATIONS_ERROR; } for (i=0; i < password_attributes->num_values; i++) { @@ -224,6 +228,7 @@ static int kludge_acl_init_2(struct ldb_module *module) talloc_steal(data->password_attrs, password_attributes->values[i].data); } data->password_attrs[i] = NULL; + talloc_free(mem_ctx); return LDB_SUCCESS; } -- cgit From f9316daa4697bea13d2795c95a1486119de56e67 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 31 Jan 2006 10:03:44 +0000 Subject: r13256: Free temporary memory on error cases, and try to clean up what's left earlier. Move gendb_search() to use talloc_vasprintf() and steal only the parts actually being used for the results. Andrew Bartlett (This used to be commit 53efb3e3e980c768e0aee216ccd8dc3e14707246) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 6e55816d72..630edf1c7a 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -157,6 +157,7 @@ static int password_hash_handle(struct ldb_module *module, struct ldb_request *r /* look again, this time at the copied attribute */ if (!msg2 || (attribute = ldb_msg_find_element(msg2, "sambaPassword")) == NULL ) { + talloc_free(mem_ctx); /* Gah? where did it go? Oh well... */ return LDB_ERR_OPERATIONS_ERROR; } @@ -170,6 +171,7 @@ static int password_hash_handle(struct ldb_module *module, struct ldb_request *r talloc_asprintf(mem_ctx, "sambaPassword_handle: " "attempted set of multiple sambaPassword attributes on %s rejected", ldb_dn_linearize(mem_ctx, dn))); + talloc_free(mem_ctx); return LDB_ERR_CONSTRAINT_VIOLATION; } @@ -184,6 +186,7 @@ static int password_hash_handle(struct ldb_module *module, struct ldb_request *r talloc_asprintf(mem_ctx, "sambaPassword_handle: " "attempted set of multiple sambaPassword attributes on %s rejected", ldb_dn_linearize(mem_ctx, dn))); + talloc_free(mem_ctx); return LDB_ERR_CONSTRAINT_VIOLATION; } @@ -212,6 +215,7 @@ static int password_hash_handle(struct ldb_module *module, struct ldb_request *r /* Send the (modified) request of the original caller down to the database */ ret = ldb_next_request(module, modified_orig_request); if (ret) { + talloc_free(mem_ctx); return ret; } @@ -226,6 +230,8 @@ static int password_hash_handle(struct ldb_module *module, struct ldb_request *r /* Find out the old passwords details of the user */ old_res = search_request->op.search.res; + talloc_steal(mem_ctx, old_res); + talloc_free(search_request); if (old_res->count != 1) { ldb_set_errstring(module, @@ -270,6 +276,9 @@ static int password_hash_handle(struct ldb_module *module, struct ldb_request *r /* Find out the full details of the user */ res = search_request->op.search.res; + talloc_steal(mem_ctx, res); + talloc_free(search_request); + if (res->count != 1) { ldb_set_errstring(module, talloc_asprintf(mem_ctx, "password_hash_handle: " -- cgit From 096c2dc10362150aed84f2251fa8ff26c3a535bb Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sun, 5 Feb 2006 18:18:29 +0000 Subject: r13353: Fix a crash bug in rootdse when we do not pass in credentials a plain ldbsearch would just crash Fix kludge_acl, not passing on the second stage registration phase to other modules Simo (This used to be commit bec99c5cb65d8c32fd4f636ed2f5383fb1b39830) --- source4/dsdb/samdb/ldb_modules/kludge_acl.c | 14 ++++++-------- source4/dsdb/samdb/ldb_modules/rootdse.c | 2 +- 2 files changed, 7 insertions(+), 9 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index 0d0a266119..83c7d14da4 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -196,14 +196,11 @@ static int kludge_acl_init_2(struct ldb_module *module) NULL, attrs, &res); if (ret != LDB_SUCCESS) { - talloc_free(mem_ctx); - return ret; + goto done; } talloc_steal(mem_ctx, res); if (res->count == 0) { - talloc_free(mem_ctx); - data->password_attrs = NULL; - return LDB_SUCCESS; + goto done; } if (res->count > 1) { @@ -215,8 +212,7 @@ static int kludge_acl_init_2(struct ldb_module *module) password_attributes = ldb_msg_find_element(msg, "passwordAttribute"); if (!password_attributes) { - talloc_free(mem_ctx); - return LDB_SUCCESS; + goto done; } data->password_attrs = talloc_array(data, const char *, password_attributes->num_values + 1); if (!data->password_attrs) { @@ -228,8 +224,10 @@ static int kludge_acl_init_2(struct ldb_module *module) talloc_steal(data->password_attrs, password_attributes->values[i].data); } data->password_attrs[i] = NULL; + +done: talloc_free(mem_ctx); - return LDB_SUCCESS; + return ldb_next_second_stage_init(module); } static const struct ldb_module_ops kludge_acl_ops = { diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index fc1bfa824e..5f5b362c53 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -82,7 +82,7 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_request *re server_creds = talloc_get_type(ldb_get_opaque(module->ldb, "server_credentials"), struct cli_credentials); - if (do_attribute(s->attrs, "supportedSASLMechanisms")) { + if (server_creds && do_attribute(s->attrs, "supportedSASLMechanisms")) { struct gensec_security_ops **backends = gensec_security_all(); enum credentials_use_kerberos use_kerberos = cli_credentials_get_kerberos_state(server_creds); -- cgit From 37bd0b655f2483b2a04fa4a53d55abcc7c9705bb Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 15 Feb 2006 15:13:05 +0000 Subject: r13507: the 'data' element of LDAP controls is optional. (prepare the next commit) metze (This used to be commit a1bbf7f2982185cb6cd544b65b4709ab33a850c5) --- source4/dsdb/samdb/ldb_modules/extended_dn.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/extended_dn.c b/source4/dsdb/samdb/ldb_modules/extended_dn.c index 839c190a8e..9795758dc2 100644 --- a/source4/dsdb/samdb/ldb_modules/extended_dn.c +++ b/source4/dsdb/samdb/ldb_modules/extended_dn.c @@ -185,6 +185,9 @@ static int extended_search(struct ldb_module *module, struct ldb_request *req) } extended_ctrl = talloc_get_type(control->data, struct ldb_extended_dn_control); + if (!extended_ctrl) { + return LDB_ERR_PROTOCOL_ERROR; + } /* save it locally and remove it from the list */ if (!save_controls(control, req, &saved_controls)) { -- cgit From f490434c0f1f8e63de478c6d65f264277257968a Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 22 Feb 2006 00:26:56 +0000 Subject: r13606: An attempt to fix #3525. The problem was that the supportedControls were being stolen into the result sent to the client, then talloc_free()ed. This caused them to be invalid on the next rootDSE query. This also tries to avoid attaching the result to the long-term samdb context, and avoids an extra loop in the result processing (pointed out by tridge). Andrew BARtlett (This used to be commit d0b8957f38fda4d84a318d6121ad87ba53a9ddb3) --- source4/dsdb/samdb/ldb_modules/rootdse.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index 5f5b362c53..96236301b0 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -73,8 +73,12 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_request *re if (do_attribute(s->attrs, "supportedControl")) { int i; for (i = 0; i < priv->num_controls; i++) { + char *control = talloc_strdup(msg, priv->controls[i]); + if (!control) { + goto failed; + } if (ldb_msg_add_string(msg, "supportedControl", - priv->controls[i]) != 0) { + control) != 0) { goto failed; } } -- cgit From d590dea10b3abf93fcc8138189291e8b66bae7d7 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Wed, 22 Feb 2006 05:21:43 +0000 Subject: r13615: Make ldb_set_errstring get ldb instead of module as parameter. The module was just used to get to the ldb so it was meningless. Also add LDB_WAIT_ONCE e relative code in ldb_ildap.c (This used to be commit d5b467b7c132b0bd4d23918ba7bf3370b1afcce8) --- source4/dsdb/samdb/ldb_modules/kludge_acl.c | 2 +- source4/dsdb/samdb/ldb_modules/password_hash.c | 20 ++++++++++---------- source4/dsdb/samdb/ldb_modules/proxy.c | 2 +- source4/dsdb/samdb/ldb_modules/samldb.c | 18 ++++++++++++------ 4 files changed, 24 insertions(+), 18 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index 83c7d14da4..9ce3217104 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -135,7 +135,7 @@ static int kludge_acl_change(struct ldb_module *module, struct ldb_request *req) case ADMINISTRATOR: return ldb_next_request(module, req); default: - ldb_set_errstring(module, + ldb_set_errstring(module->ldb, talloc_asprintf(req, "kludge_acl_change: " "attempted database modify not permitted. User %s is not SYSTEM or an administrator", user_name(req, module))); diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 630edf1c7a..e28c85ae37 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -167,7 +167,7 @@ static int password_hash_handle(struct ldb_module *module, struct ldb_request *r if (req->operation == LDB_REQ_ADD) { if (attribute->num_values > 1) { - ldb_set_errstring(module, + ldb_set_errstring(module->ldb, talloc_asprintf(mem_ctx, "sambaPassword_handle: " "attempted set of multiple sambaPassword attributes on %s rejected", ldb_dn_linearize(mem_ctx, dn))); @@ -182,7 +182,7 @@ static int password_hash_handle(struct ldb_module *module, struct ldb_request *r } else if (((attribute->flags & LDB_FLAG_MOD_MASK) == LDB_FLAG_MOD_ADD) || ((attribute->flags & LDB_FLAG_MOD_MASK) == LDB_FLAG_MOD_REPLACE)) { if (attribute->num_values > 1) { - ldb_set_errstring(module, + ldb_set_errstring(module->ldb, talloc_asprintf(mem_ctx, "sambaPassword_handle: " "attempted set of multiple sambaPassword attributes on %s rejected", ldb_dn_linearize(mem_ctx, dn))); @@ -234,7 +234,7 @@ static int password_hash_handle(struct ldb_module *module, struct ldb_request *r talloc_free(search_request); if (old_res->count != 1) { - ldb_set_errstring(module, + ldb_set_errstring(module->ldb, talloc_asprintf(mem_ctx, "password_hash_handle: " "(pre) search for %s found %d != 1 objects, for entry we just modified", ldb_dn_linearize(mem_ctx, dn), @@ -280,7 +280,7 @@ static int password_hash_handle(struct ldb_module *module, struct ldb_request *r talloc_free(search_request); if (res->count != 1) { - ldb_set_errstring(module, + ldb_set_errstring(module->ldb, talloc_asprintf(mem_ctx, "password_hash_handle: " "search for %s found %d != 1 objects, for entry we just added/modified", ldb_dn_linearize(mem_ctx, dn), @@ -308,7 +308,7 @@ static int password_hash_handle(struct ldb_module *module, struct ldb_request *r /* Not a 'person', so the rest of this doesn't make * sense. How we got a sambaPassword this far I don't * know... */ - ldb_set_errstring(module, + ldb_set_errstring(module->ldb, talloc_asprintf(mem_ctx, "password_hash_handle: " "attempted set of sambaPassword on non-'person' object %s rejected", ldb_dn_linearize(mem_ctx, dn))); @@ -338,7 +338,7 @@ static int password_hash_handle(struct ldb_module *module, struct ldb_request *r if (dom_res->count != 1) { /* What happend? The user we are modifying must be odd... */ - ldb_set_errstring(module, + ldb_set_errstring(module->ldb, talloc_asprintf(mem_ctx, "password_hash_handle: " "search for domain %s found %d != 1 objects", dom_sid_string(mem_ctx, domain_sid), @@ -414,7 +414,7 @@ static int password_hash_handle(struct ldb_module *module, struct ldb_request *r char *samAccountName = talloc_strdup(mem_ctx, ldb_msg_find_string(res->msgs[0], "samAccountName", NULL)); char *saltbody; if (!samAccountName) { - ldb_set_errstring(module, + ldb_set_errstring(module->ldb, talloc_asprintf(mem_ctx, "password_hash_handle: " "generation of new kerberos keys failed: %s is a computer without a samAccountName", ldb_dn_linearize(mem_ctx, dn))); @@ -443,7 +443,7 @@ static int password_hash_handle(struct ldb_module *module, struct ldb_request *r } else { const char *samAccountName = ldb_msg_find_string(res->msgs[0], "samAccountName", NULL); if (!samAccountName) { - ldb_set_errstring(module, + ldb_set_errstring(module->ldb, talloc_asprintf(mem_ctx, "password_hash_handle: " "generation of new kerberos keys failed: %s has no samAccountName", ldb_dn_linearize(mem_ctx, dn))); @@ -455,7 +455,7 @@ static int password_hash_handle(struct ldb_module *module, struct ldb_request *r if (krb5_ret) { - ldb_set_errstring(module, + ldb_set_errstring(module->ldb, talloc_asprintf(mem_ctx, "password_hash_handle: " "generation of a saltking principal failed: %s", smb_get_krb5_error_message(smb_krb5_context->krb5_context, @@ -470,7 +470,7 @@ static int password_hash_handle(struct ldb_module *module, struct ldb_request *r krb5_free_principal(smb_krb5_context->krb5_context, salt_principal); if (krb5_ret) { - ldb_set_errstring(module, + ldb_set_errstring(module->ldb, talloc_asprintf(mem_ctx, "password_hash_handle: " "generation of new kerberos keys failed: %s", smb_get_krb5_error_message(smb_krb5_context->krb5_context, diff --git a/source4/dsdb/samdb/ldb_modules/proxy.c b/source4/dsdb/samdb/ldb_modules/proxy.c index 2c66d2c1ec..511f9aeec5 100644 --- a/source4/dsdb/samdb/ldb_modules/proxy.c +++ b/source4/dsdb/samdb/ldb_modules/proxy.c @@ -291,7 +291,7 @@ static int proxy_search_bytree(struct ldb_module *module, struct ldb_request *re newreq.controls = req->controls; ret = ldb_request(proxy->upstream, &newreq); if (ret != LDB_SUCCESS) { - ldb_set_errstring(module, talloc_strdup(module, ldb_errstring(proxy->upstream))); + ldb_set_errstring(module->ldb, talloc_strdup(module, ldb_errstring(proxy->upstream))); return -1; } diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 07f617f4b5..a582127bbe 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -180,7 +180,9 @@ static int samldb_find_next_rid(struct ldb_module *module, TALLOC_CTX *mem_ctx, str = ldb_msg_find_string(res->msgs[0], "nextRid", NULL); if (str == NULL) { - ldb_set_errstring(module, talloc_asprintf(mem_ctx, "attribute nextRid not found in %s\n", ldb_dn_linearize(res, dn))); + ldb_set_errstring(module->ldb, + talloc_asprintf(mem_ctx, "attribute nextRid not found in %s\n", + ldb_dn_linearize(res, dn))); talloc_free(res); return -1; } @@ -337,7 +339,11 @@ int samldb_notice_sid(struct ldb_module *module, "objectSid=%s", ldap_encode_ndr_dom_sid(mem_ctx, sid)); if (ret > 0) { - ldb_set_errstring(module, talloc_asprintf(mem_ctx, "Attempt to add record with SID %s rejected, because this SID is already in the database", dom_sid_string(mem_ctx, sid))); + ldb_set_errstring(module->ldb, + talloc_asprintf(mem_ctx, + "Attempt to add record with SID %s rejected," + " because this SID is already in the database", + dom_sid_string(mem_ctx, sid))); /* We have a duplicate SID, we must reject the add */ talloc_free(dom_msgs); return LDB_ERR_CONSTRAINT_VIOLATION; @@ -605,7 +611,7 @@ static int samldb_fill_user_or_computer_object(struct ldb_module *module, const rdn = ldb_dn_get_rdn(msg2, msg2->dn); if (strcasecmp(rdn->name, "cn") != 0) { - ldb_set_errstring(module, talloc_asprintf(module, "Bad RDN (%s=) for user/computer, should be CN=!\n", rdn->name)); + ldb_set_errstring(module->ldb, talloc_asprintf(module, "Bad RDN (%s=) for user/computer, should be CN=!\n", rdn->name)); talloc_free(mem_ctx); return LDB_ERR_CONSTRAINT_VIOLATION; } @@ -681,7 +687,7 @@ static int samldb_fill_foreignSecurityPrincipal_object(struct ldb_module *module rdn = ldb_dn_get_rdn(msg2, msg2->dn); if (strcasecmp(rdn->name, "cn") != 0) { - ldb_set_errstring(module, talloc_asprintf(module, "Bad RDN (%s=) for ForeignSecurityPrincipal, should be CN=!", rdn->name)); + ldb_set_errstring(module->ldb, talloc_asprintf(module, "Bad RDN (%s=) for ForeignSecurityPrincipal, should be CN=!", rdn->name)); talloc_free(mem_ctx); return LDB_ERR_CONSTRAINT_VIOLATION; } @@ -692,7 +698,7 @@ static int samldb_fill_foreignSecurityPrincipal_object(struct ldb_module *module sid = dom_sid_parse_talloc(msg2, (const char *)rdn->value.data); if (!sid) { - ldb_set_errstring(module, talloc_asprintf(module, "No valid found SID in ForeignSecurityPrincipal CN!")); + ldb_set_errstring(module->ldb, talloc_asprintf(module, "No valid found SID in ForeignSecurityPrincipal CN!")); talloc_free(mem_ctx); return LDB_ERR_CONSTRAINT_VIOLATION; } @@ -718,7 +724,7 @@ static int samldb_fill_foreignSecurityPrincipal_object(struct ldb_module *module ldap_encode_ndr_dom_sid(mem_ctx, dom_sid)); if (ret >= 1) { const char *name = samdb_result_string(dom_msgs[0], "name", NULL); - ldb_set_errstring(module, talloc_asprintf(mem_ctx, "Attempt to add foreign SID record with SID %s rejected, because this domian (%s) is already in the database", dom_sid_string(mem_ctx, sid), name)); + ldb_set_errstring(module->ldb, talloc_asprintf(mem_ctx, "Attempt to add foreign SID record with SID %s rejected, because this domian (%s) is already in the database", dom_sid_string(mem_ctx, sid), name)); /* We don't really like the idea of foreign sids that are not foreign */ return LDB_ERR_CONSTRAINT_VIOLATION; } else if (ret == -1) { -- cgit From 98c0767677156ff31791bd93f473ac11f856c75a Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 22 Feb 2006 09:28:58 +0000 Subject: r13616: Add new ldb functions: ldb_msg_add_steal_string() and ldb_msg_add_steal_value(). These try to maintain the talloc heirachy, which must be correct otherwise talloc_steal operations of entire attribute lists fails. This fixes the currentTime value, found by using Microsoft's dcdiag tool (before this commit, it pointed to invalid memory, due to the changes in -r 13606) Andrew Bartlett (This used to be commit 424df1bb369fddcfd358cf26dd0da9d3851d181e) --- source4/dsdb/samdb/ldb_modules/rootdse.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index 96236301b0..07e34f1841 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -64,8 +64,8 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_request *re msg->dn = ldb_dn_explode(msg, ""); if (do_attribute(s->attrs, "currentTime")) { - if (ldb_msg_add_string(msg, "currentTime", - ldb_timestring(msg, time(NULL))) != 0) { + if (ldb_msg_add_steal_string(msg, "currentTime", + ldb_timestring(msg, time(NULL))) != 0) { goto failed; } } @@ -77,8 +77,8 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_request *re if (!control) { goto failed; } - if (ldb_msg_add_string(msg, "supportedControl", - control) != 0) { + if (ldb_msg_add_steal_string(msg, "supportedControl", + control) != 0) { goto failed; } } @@ -95,12 +95,12 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_request *re int i; for (i = 0; ops && ops[i]; i++) { if (ops[i]->sasl_name) { - const char *sasl_name = talloc_strdup(msg, ops[i]->sasl_name); + char *sasl_name = talloc_strdup(msg, ops[i]->sasl_name); if (!sasl_name) { goto failed; } - if (ldb_msg_add_string(msg, "supportedSASLMechanisms", - sasl_name) != 0) { + if (ldb_msg_add_steal_string(msg, "supportedSASLMechanisms", + sasl_name) != 0) { goto failed; } } -- cgit From 57d5f19b3f032dfcecde9883651c6df8b18a8b58 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 27 Feb 2006 00:39:26 +0000 Subject: r13700: added highestCommittedUSN, uSNChanged and uSNCreated support, using the @BASEINFO sequenceNumber (simo, I changed the function pointer to a structure element as you preferred) (This used to be commit 68c9ac38c7eed221b44499ee3d74597063dfe7a1) --- source4/dsdb/samdb/ldb_modules/rootdse.c | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index 07e34f1841..987fd7a7f1 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -43,6 +43,7 @@ static int do_attribute(const char * const *attrs, const char *name) ldb_attr_in_list(attrs, "*"); } + /* add dynamically generated attributes to rootDSE result */ @@ -106,6 +107,14 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_request *re } } } + + if (do_attribute(s->attrs, "highestCommittedUSN")) { + if (module->ldb->sequence_number != NULL && + ldb_msg_add_fmt(msg, "highestCommittedUSN", + "%llu", module->ldb->sequence_number(module->ldb)) != 0) { + goto failed; + } + } /* TODO: lots more dynamic attributes should be added here */ -- cgit From 26af14c39b88b0e7eb53657b89be65d865804688 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 2 Mar 2006 16:32:53 +0000 Subject: r13786: [merge] Add registration functions for LDB modules Applications that use LDB modules will now have to run ldb_global_init() before they can use LDB. The next step will be adding support for loading LDB modules from .so files. This will also allow us to use one LDB without difference between the standalone and the Samba-specific build (This used to be commit 52a235650514039bf8ffee99a784bbc1b6ae6b92) --- source4/dsdb/samdb/ldb_modules/config.mk | 9 ++++++ source4/dsdb/samdb/ldb_modules/extended_dn.c | 21 ++++---------- source4/dsdb/samdb/ldb_modules/kludge_acl.c | 39 +++++++++----------------- source4/dsdb/samdb/ldb_modules/objectguid.c | 16 ++--------- source4/dsdb/samdb/ldb_modules/password_hash.c | 16 ++--------- source4/dsdb/samdb/ldb_modules/proxy.c | 19 ++----------- source4/dsdb/samdb/ldb_modules/rootdse.c | 34 ++++++++++------------ source4/dsdb/samdb/ldb_modules/samba3sam.c | 4 +-- source4/dsdb/samdb/ldb_modules/samldb.c | 25 ++++++----------- 9 files changed, 59 insertions(+), 124 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index c53c7c1606..e14b9bfecf 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -2,6 +2,7 @@ # Start MODULE libldb_objectguid [MODULE::libldb_objectguid] SUBSYSTEM = LIBLDB +INIT_FUNCTION = objectguid_module_init OUTPUT_TYPE = MERGEDOBJ OBJ_FILES = \ objectguid.o @@ -14,6 +15,7 @@ REQUIRED_SUBSYSTEMS = \ # Start MODULE libldb_samldb [MODULE::libldb_samldb] SUBSYSTEM = LIBLDB +INIT_FUNCTION = samldb_module_init OUTPUT_TYPE = MERGEDOBJ OBJ_FILES = \ samldb.o @@ -26,6 +28,8 @@ REQUIRED_SUBSYSTEMS = SAMDB # Start MODULE libldb_samba3sam [MODULE::libldb_samba3sam] SUBSYSTEM = LIBLDB +INIT_FUNCTION = ldb_samba3sam_module_init +ENABLE = NO OUTPUT_TYPE = MERGEDOBJ OBJ_FILES = \ samba3sam.o @@ -37,6 +41,7 @@ OBJ_FILES = \ # Start MODULE libldb_proxy [MODULE::libldb_proxy] SUBSYSTEM = LIBLDB +INIT_FUNCTION = proxy_module_init OUTPUT_TYPE = MERGEDOBJ OBJ_FILES = \ proxy.o @@ -49,6 +54,7 @@ OBJ_FILES = \ # Start MODULE libldb_rootdse [MODULE::libldb_rootdse] SUBSYSTEM = LIBLDB +INIT_FUNCTION = rootdse_module_init OUTPUT_TYPE = MERGEDOBJ OBJ_FILES = \ rootdse.o @@ -60,6 +66,7 @@ OBJ_FILES = \ # Start MODULE libldb_password_hash [MODULE::libldb_password_hash] SUBSYSTEM = LIBLDB +INIT_FUNCTION = password_hash_module_init OUTPUT_TYPE = MERGEDOBJ OBJ_FILES = \ password_hash.o @@ -73,6 +80,7 @@ REQUIRED_SUBSYSTEMS = \ # Start MODULE libldb_cludge_acl [MODULE::libldb_kludge_acl] SUBSYSTEM = LIBLDB +INIT_FUNCTION = ldb_kludge_acl_init OUTPUT_TYPE = MERGEDOBJ OBJ_FILES = \ kludge_acl.o @@ -86,6 +94,7 @@ REQUIRED_SUBSYSTEMS = \ # Start MODULE libldb_extended_dn [MODULE::libldb_extended_dn] SUBSYSTEM = LIBLDB +INIT_FUNCTION = ldb_extended_dn_init OUTPUT_TYPE = MERGEDOBJ OBJ_FILES = \ extended_dn.o diff --git a/source4/dsdb/samdb/ldb_modules/extended_dn.c b/source4/dsdb/samdb/ldb_modules/extended_dn.c index 9795758dc2..5b288aa311 100644 --- a/source4/dsdb/samdb/ldb_modules/extended_dn.c +++ b/source4/dsdb/samdb/ldb_modules/extended_dn.c @@ -269,7 +269,7 @@ static int extended_request(struct ldb_module *module, struct ldb_request *req) } } -static int extended_init_2(struct ldb_module *module) +static int extended_init(struct ldb_module *module) { struct ldb_request request; int ret; @@ -284,27 +284,16 @@ static int extended_init_2(struct ldb_module *module) return LDB_ERR_OTHER; } - return ldb_next_second_stage_init(module); + return ldb_next_init(module); } static const struct ldb_module_ops extended_dn_ops = { .name = "extended_dn", .request = extended_request, - .second_stage_init = extended_init_2 + .init_context = extended_init }; -struct ldb_module *extended_dn_module_init(struct ldb_context *ldb, const char *options[]) +int ldb_extended_dn_init(void) { - struct ldb_module *ctx; - - ctx = talloc(ldb, struct ldb_module); - if (!ctx) - return NULL; - - ctx->ldb = ldb; - ctx->prev = ctx->next = NULL; - ctx->ops = &extended_dn_ops; - ctx->private_data = NULL; - - return ctx; + return ldb_register_module(&extended_dn_ops); } diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index 9ce3217104..4c680df3e6 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -175,7 +175,7 @@ static int kludge_acl_request(struct ldb_module *module, struct ldb_request *req } } -static int kludge_acl_init_2(struct ldb_module *module) +static int kludge_acl_init(struct ldb_module *module) { int ret, i; TALLOC_CTX *mem_ctx = talloc_new(module); @@ -184,8 +184,15 @@ static int kludge_acl_init_2(struct ldb_module *module) struct ldb_message *msg; struct ldb_message_element *password_attributes; - struct kludge_private_data *data = talloc_get_type(module->private_data, struct kludge_private_data); + struct kludge_private_data *data; + + data = talloc(module, struct kludge_private_data); + if (data == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + data->password_attrs = NULL; + module->private_data = data; if (!mem_ctx) { return LDB_ERR_OPERATIONS_ERROR; @@ -227,7 +234,7 @@ static int kludge_acl_init_2(struct ldb_module *module) done: talloc_free(mem_ctx); - return ldb_next_second_stage_init(module); + return ldb_next_init(module); } static const struct ldb_module_ops kludge_acl_ops = { @@ -236,30 +243,10 @@ static const struct ldb_module_ops kludge_acl_ops = { .start_transaction = kludge_acl_start_trans, .end_transaction = kludge_acl_end_trans, .del_transaction = kludge_acl_del_trans, - .second_stage_init = kludge_acl_init_2 + .init_context = kludge_acl_init }; -struct ldb_module *kludge_acl_module_init(struct ldb_context *ldb, const char *options[]) +int ldb_kludge_acl_init(void) { - struct ldb_module *ctx; - struct kludge_private_data *data; - - ctx = talloc(ldb, struct ldb_module); - if (!ctx) - return NULL; - - data = talloc(ctx, struct kludge_private_data); - if (data == NULL) { - talloc_free(ctx); - return NULL; - } - - data->password_attrs = NULL; - ctx->private_data = data; - - ctx->ldb = ldb; - ctx->prev = ctx->next = NULL; - ctx->ops = &kludge_acl_ops; - - return ctx; + return ldb_register_module(&kludge_acl_ops); } diff --git a/source4/dsdb/samdb/ldb_modules/objectguid.c b/source4/dsdb/samdb/ldb_modules/objectguid.c index c9063af6ef..7169aa6842 100644 --- a/source4/dsdb/samdb/ldb_modules/objectguid.c +++ b/source4/dsdb/samdb/ldb_modules/objectguid.c @@ -127,19 +127,7 @@ static const struct ldb_module_ops objectguid_ops = { }; -/* the init function */ -struct ldb_module *objectguid_module_init(struct ldb_context *ldb, const char *options[]) +int objectguid_module_init(void) { - struct ldb_module *ctx; - - ctx = talloc(ldb, struct ldb_module); - if (!ctx) - return NULL; - - ctx->private_data = NULL; - ctx->ldb = ldb; - ctx->prev = ctx->next = NULL; - ctx->ops = &objectguid_ops; - - return ctx; + return ldb_register_module(&objectguid_ops); } diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index e28c85ae37..414f79ea10 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -731,19 +731,7 @@ static const struct ldb_module_ops password_hash_ops = { }; -/* the init function */ -struct ldb_module *password_hash_module_init(struct ldb_context *ldb, const char *options[]) +int password_hash_module_init(void) { - struct ldb_module *ctx; - - ctx = talloc(ldb, struct ldb_module); - if (!ctx) - return NULL; - - ctx->private_data = NULL; - ctx->ldb = ldb; - ctx->prev = ctx->next = NULL; - ctx->ops = &password_hash_ops; - - return ctx; + return ldb_register_module(&password_hash_ops); } diff --git a/source4/dsdb/samdb/ldb_modules/proxy.c b/source4/dsdb/samdb/ldb_modules/proxy.c index 511f9aeec5..85b40b62d1 100644 --- a/source4/dsdb/samdb/ldb_modules/proxy.c +++ b/source4/dsdb/samdb/ldb_modules/proxy.c @@ -333,22 +333,7 @@ static const struct ldb_module_ops proxy_ops = { .request = proxy_request }; -struct ldb_module *proxy_module_init(struct ldb_context *ldb, const char *options[]) +int proxy_module_init(void) { - struct ldb_module *ctx; - - ctx = talloc(ldb, struct ldb_module); - if (!ctx) - return NULL; - - ctx->ldb = ldb; - ctx->prev = ctx->next = NULL; - ctx->ops = &proxy_ops; - - ctx->private_data = talloc_zero(ctx, struct proxy_data); - if (ctx->private_data == NULL) { - return NULL; - } - - return ctx; + return ldb_register_module(&proxy_ops); } diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index 987fd7a7f1..69b1648040 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -199,34 +199,30 @@ static int rootdse_request(struct ldb_module *module, struct ldb_request *req) return ldb_next_request(module, req); } -static const struct ldb_module_ops rootdse_ops = { - .name = "rootdse", - .request = rootdse_request -}; - -struct ldb_module *rootdse_module_init(struct ldb_context *ldb, const char *options[]) +static int rootdse_init(struct ldb_module *module) { - struct ldb_module *ctx; struct private_data *data; - ctx = talloc(ldb, struct ldb_module); - if (!ctx) - return NULL; - - data = talloc(ctx, struct private_data); + data = talloc(module, struct private_data); if (data == NULL) { - talloc_free(ctx); - return NULL; + return -1; } data->num_controls = 0; data->controls = NULL; - ctx->private_data = data; + module->private_data = data; - ctx->ldb = ldb; - ctx->prev = ctx->next = NULL; - ctx->ops = &rootdse_ops; + return ldb_next_init(module); +} - return ctx; +static const struct ldb_module_ops rootdse_ops = { + .name = "rootdse", + .init_context = rootdse_init, + .request = rootdse_request +}; + +int rootdse_module_init(void) +{ + return ldb_register_module(&rootdse_ops); } diff --git a/source4/dsdb/samdb/ldb_modules/samba3sam.c b/source4/dsdb/samdb/ldb_modules/samba3sam.c index 3f593235fa..06774780a1 100644 --- a/source4/dsdb/samdb/ldb_modules/samba3sam.c +++ b/source4/dsdb/samdb/ldb_modules/samba3sam.c @@ -855,8 +855,8 @@ const struct ldb_map_attribute samba3_attributes[] = } }; - /* the init function */ -struct ldb_module *ldb_samba3sam_module_init(struct ldb_context *ldb, const char *options[]) +/* the init function */ +int ldb_samba3sam_module_init(void) { return ldb_map_init(ldb, samba3_attributes, samba3_objectclasses, "samba3sam"); } diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index a582127bbe..3355df4e23 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -819,27 +819,20 @@ static int samldb_request(struct ldb_module *module, struct ldb_request *req) } } +static int samldb_init(struct ldb_module *module) +{ + talloc_set_destructor(module, samldb_destructor); + return ldb_next_init(module); +} + static const struct ldb_module_ops samldb_ops = { .name = "samldb", + .init_context = samldb_init, .request = samldb_request }; -/* the init function */ -struct ldb_module *samldb_module_init(struct ldb_context *ldb, const char *options[]) +int samldb_module_init(void) { - struct ldb_module *ctx; - - ctx = talloc(ldb, struct ldb_module); - if (!ctx) - return NULL; - - ctx->private_data = NULL; - ctx->ldb = ldb; - ctx->prev = ctx->next = NULL; - ctx->ops = &samldb_ops; - - talloc_set_destructor(ctx, samldb_destructor); - - return ctx; + return ldb_register_module(&samldb_ops); } -- cgit From af03a9b8fbe32d9c7a2bcd1d4cb377b44894d666 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 3 Mar 2006 02:29:48 +0000 Subject: r13803: fixed two errors found with 'make valgrindtest' (This used to be commit 4257fd91ceca34dd868a9168efc28b6cb63f0357) --- source4/dsdb/samdb/ldb_modules/extended_dn.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/extended_dn.c b/source4/dsdb/samdb/ldb_modules/extended_dn.c index 5b288aa311..25a8dd1d36 100644 --- a/source4/dsdb/samdb/ldb_modules/extended_dn.c +++ b/source4/dsdb/samdb/ldb_modules/extended_dn.c @@ -157,7 +157,7 @@ static BOOL inject_extended_dn(struct ldb_message *msg, val = ldb_msg_find_ldb_val(msg, "distinguishedName"); if (val) { ldb_msg_remove_attr(msg, "distinguishedName"); - if (ldb_msg_add_string(msg, "distinguishedName", new_dn)) + if (ldb_msg_add_steal_string(msg, "distinguishedName", new_dn)) return False; } -- cgit From 509814bd037a3c73fea4ab92b531c25964f34dfa Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 3 Mar 2006 20:01:19 +0000 Subject: r13823: make async_wait part of the modules ops (This used to be commit b4202cf030d5f154f0f94f5f501ecd648ba5c48f) --- source4/dsdb/samdb/ldb_modules/rootdse.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index 69b1648040..14d6a243c4 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -217,7 +217,7 @@ static int rootdse_init(struct ldb_module *module) static const struct ldb_module_ops rootdse_ops = { .name = "rootdse", - .init_context = rootdse_init, + .init_context = rootdse_init, .request = rootdse_request }; -- cgit From af30a32b6924b0f2b701186e435defbca2ebd1aa Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sun, 5 Mar 2006 17:15:19 +0000 Subject: r13840: Mark some functions as public. (This used to be commit 9a188eb1f48a50d92a67a4fc2b3899b90074059a) --- source4/dsdb/samdb/ldb_modules/config.mk | 8 -------- 1 file changed, 8 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index e14b9bfecf..8eedc5a983 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -3,7 +3,6 @@ [MODULE::libldb_objectguid] SUBSYSTEM = LIBLDB INIT_FUNCTION = objectguid_module_init -OUTPUT_TYPE = MERGEDOBJ OBJ_FILES = \ objectguid.o REQUIRED_SUBSYSTEMS = \ @@ -16,7 +15,6 @@ REQUIRED_SUBSYSTEMS = \ [MODULE::libldb_samldb] SUBSYSTEM = LIBLDB INIT_FUNCTION = samldb_module_init -OUTPUT_TYPE = MERGEDOBJ OBJ_FILES = \ samldb.o REQUIRED_SUBSYSTEMS = SAMDB @@ -30,7 +28,6 @@ REQUIRED_SUBSYSTEMS = SAMDB SUBSYSTEM = LIBLDB INIT_FUNCTION = ldb_samba3sam_module_init ENABLE = NO -OUTPUT_TYPE = MERGEDOBJ OBJ_FILES = \ samba3sam.o # @@ -42,7 +39,6 @@ OBJ_FILES = \ [MODULE::libldb_proxy] SUBSYSTEM = LIBLDB INIT_FUNCTION = proxy_module_init -OUTPUT_TYPE = MERGEDOBJ OBJ_FILES = \ proxy.o # @@ -55,7 +51,6 @@ OBJ_FILES = \ [MODULE::libldb_rootdse] SUBSYSTEM = LIBLDB INIT_FUNCTION = rootdse_module_init -OUTPUT_TYPE = MERGEDOBJ OBJ_FILES = \ rootdse.o # @@ -67,7 +62,6 @@ OBJ_FILES = \ [MODULE::libldb_password_hash] SUBSYSTEM = LIBLDB INIT_FUNCTION = password_hash_module_init -OUTPUT_TYPE = MERGEDOBJ OBJ_FILES = \ password_hash.o REQUIRED_SUBSYSTEMS = \ @@ -81,7 +75,6 @@ REQUIRED_SUBSYSTEMS = \ [MODULE::libldb_kludge_acl] SUBSYSTEM = LIBLDB INIT_FUNCTION = ldb_kludge_acl_init -OUTPUT_TYPE = MERGEDOBJ OBJ_FILES = \ kludge_acl.o REQUIRED_SUBSYSTEMS = \ @@ -95,7 +88,6 @@ REQUIRED_SUBSYSTEMS = \ [MODULE::libldb_extended_dn] SUBSYSTEM = LIBLDB INIT_FUNCTION = ldb_extended_dn_init -OUTPUT_TYPE = MERGEDOBJ OBJ_FILES = \ extended_dn.o # -- cgit From 6a73835b0946a015d1bad0b502c35d92777d2446 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 7 Mar 2006 03:30:59 +0000 Subject: r13909: Make this code clearer. Andrew Bartlett (This used to be commit b89893ab90b50d6b04a6407441fe3e0e4f1688ec) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 414f79ea10..0530c63774 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -561,7 +561,8 @@ static int password_hash_handle(struct ldb_module *module, struct ldb_request *r } /* If the original caller did anything with pwdLastSet then skip this. It could be an incoming samsync */ - if ((attribute = ldb_msg_find_element(msg, "pwdLastSet")) == NULL ) { + attribute = ldb_msg_find_element(msg, "pwdLastSet"); + if (attribute == NULL) { /* Update the password last set time */ unix_to_nt_time(&now_nt, now); CHECK_RET(ldb_msg_add_empty(modify_msg, "pwdLastSet", LDB_FLAG_MOD_REPLACE)); @@ -569,7 +570,8 @@ static int password_hash_handle(struct ldb_module *module, struct ldb_request *r } /* If the original caller did anything with "msDS-KeyVersionNumber" then skip this. It could be an incoming samsync */ - if ((attribute = ldb_msg_find_element(msg, "msDS-KeyVersionNumber")) == NULL ) { + attribute = ldb_msg_find_element(msg, "msDS-KeyVersionNumber"); + if (attribute == NULL) { if (kvno == 0) { CHECK_RET(ldb_msg_add_empty(modify_msg, "msDS-KeyVersionNumber", LDB_FLAG_MOD_REPLACE)); -- cgit From 4ac2be99588b48b0652a524bf12fb1aa9c3f5fbb Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 7 Mar 2006 11:07:23 +0000 Subject: r13924: Split more prototypes out of include/proto.h + initial work on header file dependencies (This used to be commit 122835876748a3eaf5e8d31ad1abddab9acb8781) --- source4/dsdb/samdb/ldb_modules/kludge_acl.c | 1 + source4/dsdb/samdb/ldb_modules/password_hash.c | 1 + source4/dsdb/samdb/ldb_modules/samldb.c | 2 ++ 3 files changed, 4 insertions(+) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index 4c680df3e6..24866a9e45 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -35,6 +35,7 @@ #include "ldb/include/ldb_errors.h" #include "ldb/include/ldb_private.h" #include "auth/auth.h" +#include "libcli/security/proto.h" /* Kludge ACL rules: * diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 0530c63774..2abf060a0f 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -36,6 +36,7 @@ #include "ldb/include/ldb_private.h" #include "librpc/gen_ndr/ndr_misc.h" #include "librpc/gen_ndr/ndr_samr.h" +#include "libcli/auth/proto.h" #include "system/kerberos.h" #include "auth/kerberos/kerberos.h" #include "system/time.h" diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 3355df4e23..4be91a6cfb 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -38,6 +38,8 @@ #include "lib/ldb/include/ldb_errors.h" #include "lib/ldb/include/ldb_private.h" #include "dsdb/samdb/samdb.h" +#include "libcli/security/proto.h" +#include "db_wrap.h" /* if value is not null also check for attribute to have exactly that value */ -- cgit From ceb6e9717bf8ea5c83a01e159a7006fd8651620c Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 7 Mar 2006 16:41:04 +0000 Subject: r13960: Generate makefile rules for installing/removing shared modules. (This used to be commit 2c746980328431ab04852dc668899e3eb042da99) --- source4/dsdb/samdb/ldb_modules/config.mk | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index 8eedc5a983..1afdb2d35b 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -1,7 +1,7 @@ ################################################ # Start MODULE libldb_objectguid [MODULE::libldb_objectguid] -SUBSYSTEM = LIBLDB +SUBSYSTEM = ldb INIT_FUNCTION = objectguid_module_init OBJ_FILES = \ objectguid.o @@ -13,7 +13,7 @@ REQUIRED_SUBSYSTEMS = \ ################################################ # Start MODULE libldb_samldb [MODULE::libldb_samldb] -SUBSYSTEM = LIBLDB +SUBSYSTEM = ldb INIT_FUNCTION = samldb_module_init OBJ_FILES = \ samldb.o @@ -25,7 +25,7 @@ REQUIRED_SUBSYSTEMS = SAMDB ################################################ # Start MODULE libldb_samba3sam [MODULE::libldb_samba3sam] -SUBSYSTEM = LIBLDB +SUBSYSTEM = ldb INIT_FUNCTION = ldb_samba3sam_module_init ENABLE = NO OBJ_FILES = \ @@ -37,7 +37,7 @@ OBJ_FILES = \ ################################################ # Start MODULE libldb_proxy [MODULE::libldb_proxy] -SUBSYSTEM = LIBLDB +SUBSYSTEM = ldb INIT_FUNCTION = proxy_module_init OBJ_FILES = \ proxy.o @@ -49,7 +49,7 @@ OBJ_FILES = \ ################################################ # Start MODULE libldb_rootdse [MODULE::libldb_rootdse] -SUBSYSTEM = LIBLDB +SUBSYSTEM = ldb INIT_FUNCTION = rootdse_module_init OBJ_FILES = \ rootdse.o @@ -60,7 +60,7 @@ OBJ_FILES = \ ################################################ # Start MODULE libldb_password_hash [MODULE::libldb_password_hash] -SUBSYSTEM = LIBLDB +SUBSYSTEM = ldb INIT_FUNCTION = password_hash_module_init OBJ_FILES = \ password_hash.o @@ -73,7 +73,7 @@ REQUIRED_SUBSYSTEMS = \ ################################################ # Start MODULE libldb_cludge_acl [MODULE::libldb_kludge_acl] -SUBSYSTEM = LIBLDB +SUBSYSTEM = ldb INIT_FUNCTION = ldb_kludge_acl_init OBJ_FILES = \ kludge_acl.o @@ -86,7 +86,7 @@ REQUIRED_SUBSYSTEMS = \ ################################################ # Start MODULE libldb_extended_dn [MODULE::libldb_extended_dn] -SUBSYSTEM = LIBLDB +SUBSYSTEM = ldb INIT_FUNCTION = ldb_extended_dn_init OBJ_FILES = \ extended_dn.o -- cgit From 82da2d401e54d0b3124b727fab755d94dd5402d4 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Wed, 8 Mar 2006 01:01:14 +0000 Subject: r13998: From now on ldb_request() will require an alloced request By freeing the request you will be sure everything down the path get freed. this also means you have to steal the results if you want to keep them :) simo. (This used to be commit e8075e6a062ce5edb84485e45d0b841c2ee2af7d) --- source4/dsdb/samdb/ldb_modules/extended_dn.c | 19 ++++++++++----- source4/dsdb/samdb/ldb_modules/proxy.c | 36 +++++++++++++++------------- 2 files changed, 33 insertions(+), 22 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/extended_dn.c b/source4/dsdb/samdb/ldb_modules/extended_dn.c index 25a8dd1d36..20d08ccf42 100644 --- a/source4/dsdb/samdb/ldb_modules/extended_dn.c +++ b/source4/dsdb/samdb/ldb_modules/extended_dn.c @@ -271,19 +271,26 @@ static int extended_request(struct ldb_module *module, struct ldb_request *req) static int extended_init(struct ldb_module *module) { - struct ldb_request request; + struct ldb_request *req; int ret; - request.operation = LDB_REQ_REGISTER; - request.op.reg.oid = LDB_CONTROL_EXTENDED_DN_OID; - request.controls = NULL; + req = talloc(module, struct ldb_request); + if (req == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } - ret = ldb_request(module->ldb, &request); + req->operation = LDB_REQ_REGISTER; + req->op.reg.oid = LDB_CONTROL_EXTENDED_DN_OID; + req->controls = NULL; + + ret = ldb_request(module->ldb, req); if (ret != LDB_SUCCESS) { ldb_debug(module->ldb, LDB_DEBUG_ERROR, "extended_dn: Unable to register control with rootdse!\n"); - return LDB_ERR_OTHER; + talloc_free(req); + return LDB_ERR_OPERATIONS_ERROR; } + talloc_free(req); return ldb_next_init(module); } diff --git a/source4/dsdb/samdb/ldb_modules/proxy.c b/source4/dsdb/samdb/ldb_modules/proxy.c index 85b40b62d1..9f9a8c229e 100644 --- a/source4/dsdb/samdb/ldb_modules/proxy.c +++ b/source4/dsdb/samdb/ldb_modules/proxy.c @@ -249,7 +249,7 @@ static void proxy_convert_record(struct ldb_module *module, struct ldb_message * static int proxy_search_bytree(struct ldb_module *module, struct ldb_request *req) { struct proxy_data *proxy = talloc_get_type(module->private_data, struct proxy_data); - struct ldb_request newreq; + struct ldb_request *newreq; struct ldb_dn *base; int ret, i; @@ -268,43 +268,47 @@ static int proxy_search_bytree(struct ldb_module *module, struct ldb_request *re goto passthru; } - newreq.op.search.tree = proxy_convert_tree(module, req->op.search.tree); + newreq = talloc(module, struct ldb_request); + if (newreq == NULL) { + return -1; + } + + newreq->op.search.tree = proxy_convert_tree(module, req->op.search.tree); /* convert the basedn of this search */ base = ldb_dn_copy(proxy, req->op.search.base); if (base == NULL) { + talloc_free(newreq); goto failed; } base->comp_num -= proxy->newdn->comp_num; - base = ldb_dn_compose(proxy, newreq.op.search.base, proxy->olddn); + base = ldb_dn_compose(proxy, newreq->op.search.base, proxy->olddn); ldb_debug(module->ldb, LDB_DEBUG_FATAL, "proxying: '%s' with dn '%s' \n", - ldb_filter_from_tree(proxy, newreq.op.search.tree), ldb_dn_linearize(proxy, newreq.op.search.base)); + ldb_filter_from_tree(proxy, newreq->op.search.tree), ldb_dn_linearize(proxy, newreq->op.search.base)); for (i = 0; req->op.search.attrs && req->op.search.attrs[i]; i++) { ldb_debug(module->ldb, LDB_DEBUG_FATAL, "attr: '%s'\n", req->op.search.attrs[i]); } - newreq.op.search.base = base; - newreq.op.search.scope = req->op.search.scope; - newreq.op.search.attrs = req->op.search.attrs; - newreq.op.search.res = req->op.search.res; - newreq.controls = req->controls; - ret = ldb_request(proxy->upstream, &newreq); + newreq->op.search.base = base; + newreq->op.search.scope = req->op.search.scope; + newreq->op.search.attrs = req->op.search.attrs; + newreq->op.search.res = req->op.search.res; + newreq->controls = req->controls; + ret = ldb_request(proxy->upstream, newreq); if (ret != LDB_SUCCESS) { ldb_set_errstring(module->ldb, talloc_strdup(module, ldb_errstring(proxy->upstream))); + talloc_free(newreq); return -1; } - for (i = 0; i < newreq.op.search.res->count; i++) { - struct ldb_ldif ldif; + for (i = 0; i < newreq->op.search.res->count; i++) { printf("# record %d\n", i+1); - proxy_convert_record(module, newreq.op.search.res->msgs[i]); - - ldif.changetype = LDB_CHANGETYPE_NONE; - ldif.msg = newreq.op.search.res->msgs[i]; + proxy_convert_record(module, newreq->op.search.res->msgs[i]); } + talloc_free(newreq); return ret; failed: -- cgit From 964373b25d3dc015951fb00d9c8c68632890a55e Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 13 Mar 2006 05:00:45 +0000 Subject: r14293: fixed some errors found with beam (This used to be commit 230636a00ed9bd968356badad596ba7f93ba6c85) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 2abf060a0f..6980fe48b8 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -496,6 +496,9 @@ static int password_hash_handle(struct ldb_module *module, struct ldb_request *r continue; } ASN1_MALLOC_ENCODE(Key, buf, buf_size, &keys[i], &len, krb5_ret); + if (krb5_ret) { + return LDB_ERR_OPERATIONS_ERROR; + } val.data = talloc_memdup(req, buf, len); val.length = len; @@ -549,6 +552,9 @@ static int password_hash_handle(struct ldb_module *module, struct ldb_request *r return LDB_ERR_OPERATIONS_ERROR; } ASN1_MALLOC_ENCODE(Key, buf, buf_size, &key, &len, krb5_ret); + if (krb5_ret) { + return LDB_ERR_OPERATIONS_ERROR; + } krb5_free_keyblock_contents(smb_krb5_context->krb5_context, &key.key); -- cgit From 54b33de0fc93bc068fcd04ac12eb2e71b14eefa7 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 13 Mar 2006 11:12:46 +0000 Subject: r14312: Formatting and comments. Andrew Bartlett (This used to be commit 1905a27c78165972aaa78b72a199ee9230fbf73d) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 6980fe48b8..bdbbafd955 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -376,6 +376,7 @@ static int password_hash_handle(struct ldb_module *module, struct ldb_request *r * or replace with a new one). Both the unicode and NT hash * only branches append keys to this multivalued entry. */ CHECK_RET(ldb_msg_add_empty(modify_msg, "krb5Key", LDB_FLAG_MOD_REPLACE)); + /* Yay, we can compute new password hashes from the unicode * password */ if (sambaPassword) { @@ -467,7 +468,7 @@ static int password_hash_handle(struct ldb_module *module, struct ldb_request *r /* TODO: We may wish to control the encryption types chosen in future */ krb5_ret = hdb_generate_key_set_password(smb_krb5_context->krb5_context, - salt_principal, sambaPassword, &keys, &num_keys); + salt_principal, sambaPassword, &keys, &num_keys); krb5_free_principal(smb_krb5_context->krb5_context, salt_principal); if (krb5_ret) { @@ -480,7 +481,8 @@ static int password_hash_handle(struct ldb_module *module, struct ldb_request *r return LDB_ERR_OPERATIONS_ERROR; } - /* Walking + /* Walking all the key types generated, transform each + * key into an ASN.1 blob */ for (i=0; i < num_keys; i++) { unsigned char *buf; @@ -651,8 +653,8 @@ static int password_hash_handle(struct ldb_module *module, struct ldb_request *r } sambaLMPwdHistory_len = MIN(sambaLMPwdHistory_len + 1, pwdHistoryLength); - /* Likewise, we might not have a new NT password (lm - * only password change function) */ + /* Likewise, we might not have an old NT password (lm + * only password change function on previous change) */ if (ntOldHash) { new_sambaNTPwdHistory[0] = *ntOldHash; } else { -- cgit From 3f16241a1d3243447d0244ebac05b447aec94df8 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 14 Mar 2006 01:29:56 +0000 Subject: r14363: Remove credentials.h from the global includes. (This used to be commit 98c4c3051391c6f89df5d133665f51bef66b1563) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 1 + source4/dsdb/samdb/ldb_modules/proxy.c | 1 + 2 files changed, 2 insertions(+) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index bdbbafd955..6943a5f356 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -36,6 +36,7 @@ #include "ldb/include/ldb_private.h" #include "librpc/gen_ndr/ndr_misc.h" #include "librpc/gen_ndr/ndr_samr.h" +#include "auth/credentials/credentials.h" #include "libcli/auth/proto.h" #include "system/kerberos.h" #include "auth/kerberos/kerberos.h" diff --git a/source4/dsdb/samdb/ldb_modules/proxy.c b/source4/dsdb/samdb/ldb_modules/proxy.c index 9f9a8c229e..e666de1414 100644 --- a/source4/dsdb/samdb/ldb_modules/proxy.c +++ b/source4/dsdb/samdb/ldb_modules/proxy.c @@ -41,6 +41,7 @@ #include "ldb/include/ldb.h" #include "ldb/include/ldb_errors.h" #include "ldb/include/ldb_private.h" +#include "auth/credentials/credentials.h" struct proxy_data { struct ldb_context *upstream; -- cgit From 2ce73cb6db4290f38c45f788735203272ed20d85 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 14 Mar 2006 12:59:35 +0000 Subject: r14373: remove unreached wrong code, found by sparse metze (This used to be commit dd485aa9600dd24c8b10c140974df9313f8ff2e8) --- source4/dsdb/samdb/ldb_modules/kludge_acl.c | 1 - 1 file changed, 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index 24866a9e45..6b5bd3d296 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -91,7 +91,6 @@ static const char *user_name(TALLOC_CTX *mem_ctx, struct ldb_module *module) return talloc_asprintf(mem_ctx, "%s\\%s", session_info->server_info->domain_name, session_info->server_info->account_name); - return ANONYMOUS; } /* search */ -- cgit From e3f2414cf9e582a4e4deecc662b64a7bb2679a34 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 14 Mar 2006 15:03:25 +0000 Subject: r14380: Reduce the size of structs.h (This used to be commit 1a16a6f1dfa66499af43a6b88b3ea69a6a75f1fe) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 6943a5f356..32d226b2b7 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -36,8 +36,7 @@ #include "ldb/include/ldb_private.h" #include "librpc/gen_ndr/ndr_misc.h" #include "librpc/gen_ndr/ndr_samr.h" -#include "auth/credentials/credentials.h" -#include "libcli/auth/proto.h" +#include "libcli/auth/libcli_auth.h" #include "system/kerberos.h" #include "auth/kerberos/kerberos.h" #include "system/time.h" -- cgit From 331288811985ef894660cc28afd5fd04cd1f953b Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Tue, 14 Mar 2006 17:34:00 +0000 Subject: r14389: rootdse -> async (This used to be commit 4d76af63b07fd8fb5ca81ca310b174e253e7e4b1) --- source4/dsdb/samdb/ldb_modules/rootdse.c | 126 ++++++++++++++++++++++++++----- 1 file changed, 107 insertions(+), 19 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index 14d6a243c4..7ae96a3431 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -47,31 +47,21 @@ static int do_attribute(const char * const *attrs, const char *name) /* add dynamically generated attributes to rootDSE result */ -static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_request *req) +static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *msg, const char * const *attrs) { struct private_data *priv = talloc_get_type(module->private_data, struct private_data); - struct ldb_search *s = &req->op.search; - struct ldb_message *msg; struct cli_credentials *server_creds; - /* this is gross, and will be removed when I change ldb_result not - to be so pointer crazy :-) */ - if (s->res->msgs == NULL) { - return LDB_SUCCESS; - } - - msg = s->res->msgs[0]; - msg->dn = ldb_dn_explode(msg, ""); - if (do_attribute(s->attrs, "currentTime")) { + if (do_attribute(attrs, "currentTime")) { if (ldb_msg_add_steal_string(msg, "currentTime", ldb_timestring(msg, time(NULL))) != 0) { goto failed; } } - if (do_attribute(s->attrs, "supportedControl")) { + if (do_attribute(attrs, "supportedControl")) { int i; for (i = 0; i < priv->num_controls; i++) { char *control = talloc_strdup(msg, priv->controls[i]); @@ -87,12 +77,12 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_request *re server_creds = talloc_get_type(ldb_get_opaque(module->ldb, "server_credentials"), struct cli_credentials); - if (server_creds && do_attribute(s->attrs, "supportedSASLMechanisms")) { + if (server_creds && do_attribute(attrs, "supportedSASLMechanisms")) { struct gensec_security_ops **backends = gensec_security_all(); enum credentials_use_kerberos use_kerberos = cli_credentials_get_kerberos_state(server_creds); struct gensec_security_ops **ops - = gensec_use_kerberos_mechs(req, backends, use_kerberos); + = gensec_use_kerberos_mechs(msg, backends, use_kerberos); int i; for (i = 0; ops && ops[i]; i++) { if (ops[i]->sasl_name) { @@ -108,7 +98,7 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_request *re } } - if (do_attribute(s->attrs, "highestCommittedUSN")) { + if (do_attribute(attrs, "highestCommittedUSN")) { if (module->ldb->sequence_number != NULL && ldb_msg_add_fmt(msg, "highestCommittedUSN", "%llu", module->ldb->sequence_number(module->ldb)) != 0) { @@ -118,7 +108,7 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_request *re /* TODO: lots more dynamic attributes should be added here */ - return 0; + return LDB_SUCCESS; failed: return LDB_ERR_OPERATIONS_ERROR; @@ -155,8 +145,8 @@ static int rootdse_search_bytree(struct ldb_module *module, struct ldb_request * req->op.search.res = s->res; - if (ret == LDB_SUCCESS) { - ret = rootdse_add_dynamic(module, req); + if ((ret == LDB_SUCCESS) && (s->res->msgs != NULL)) { + ret = rootdse_add_dynamic(module, s->res->msgs[0], s->attrs); } talloc_free(tmp_ctx); @@ -164,6 +154,99 @@ static int rootdse_search_bytree(struct ldb_module *module, struct ldb_request * return ret; } +struct rootdse_async_context { + struct ldb_module *module; + void *up_context; + int (*up_callback)(struct ldb_context *, void *, struct ldb_async_result *); + int timeout; + + const char * const * attrs; +}; + +static int rootdse_async_callback(struct ldb_context *ldb, void *context, struct ldb_async_result *ares) +{ + struct rootdse_async_context *ac; + + if (!context || !ares) { + ldb_set_errstring(ldb, talloc_asprintf(ldb, "NULL Context or Result in callback")); + goto error; + } + + ac = talloc_get_type(context, struct rootdse_async_context); + + if (ares->type == LDB_REPLY_ENTRY) { + /* for each record returned post-process to add any dynamic + attributes that have been asked for */ + if (rootdse_add_dynamic(ac->module, ares->message, ac->attrs) != LDB_SUCCESS) { + goto error; + } + } + + return ac->up_callback(ldb, ac->up_context, ares); + +error: + talloc_free(ares); + return LDB_ERR_OPERATIONS_ERROR; +} + +static int rootdse_search_async(struct ldb_module *module, struct ldb_request *req) +{ + struct rootdse_async_context *ac; + struct ldb_request *down_req; + int ret; + + /* see if its for the rootDSE */ + if (req->op.search.scope != LDB_SCOPE_BASE || + (req->op.search.base && req->op.search.base->comp_num != 0)) { + return ldb_next_request(module, req); + } + + ac = talloc(req, struct rootdse_async_context); + if (ac == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + ac->module = module; + ac->up_context = req->async.context; + ac->up_callback = req->async.callback; + ac->timeout = req->async.timeout; + ac->attrs = req->op.search.attrs; + + down_req = talloc_zero(req, struct ldb_request); + if (down_req == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + down_req->operation = req->operation; + /* in our db we store the rootDSE with a DN of cn=rootDSE */ + down_req->op.search.base = ldb_dn_explode(down_req, "cn=rootDSE"); + down_req->op.search.scope = LDB_SCOPE_BASE; + down_req->op.search.tree = ldb_parse_tree(down_req, "dn=*"); + if (down_req->op.search.base == NULL || down_req->op.search.tree == NULL) { + ldb_oom(module->ldb); + talloc_free(down_req); + return LDB_ERR_OPERATIONS_ERROR; + } + down_req->op.search.attrs = req->op.search.attrs; + down_req->controls = req->controls; + down_req->creds = req->creds; + + down_req->async.context = ac; + down_req->async.callback = rootdse_async_callback; + down_req->async.timeout = req->async.timeout; + + /* perform the search */ + ret = ldb_next_request(module, down_req); + + /* do not free down_req as the call results may be linked to it, + * it will be freed when the upper level request get freed */ + if (ret == LDB_SUCCESS) { + req->async.handle = down_req->async.handle; + } + + return ret; +} + static int rootdse_register_control(struct ldb_module *module, struct ldb_request *req) { struct private_data *priv = talloc_get_type(module->private_data, struct private_data); @@ -191,8 +274,13 @@ static int rootdse_request(struct ldb_module *module, struct ldb_request *req) switch (req->operation) { case LDB_REQ_SEARCH: return rootdse_search_bytree(module, req); + + case LDB_ASYNC_SEARCH: + return rootdse_search_async(module, req); + case LDB_REQ_REGISTER: return rootdse_register_control(module, req); + default: break; } -- cgit From 265f596e50e78b9b7cbf29dabcbc695239b92617 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Tue, 14 Mar 2006 17:39:02 +0000 Subject: r14390: the rootdse does not show a distinguishedName attribute (This used to be commit 179e62d0931b382dc646b90fa8f4d418b2286823) --- source4/dsdb/samdb/ldb_modules/rootdse.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index 7ae96a3431..84622357f8 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -54,6 +54,9 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms msg->dn = ldb_dn_explode(msg, ""); + /* don't return the distinduishedName attribute if any */ + ldb_msg_remove_attr(msg, "distinguishedName"); + if (do_attribute(attrs, "currentTime")) { if (ldb_msg_add_steal_string(msg, "currentTime", ldb_timestring(msg, time(NULL))) != 0) { -- cgit From 45933a982804af9277b4980852ba65699d0f493d Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Tue, 14 Mar 2006 22:47:15 +0000 Subject: r14401: Let samldb intercept the async requests. Samld is NOT yet async itself, but as that module only intercepts user,groups or foreign principal creation and nothing else we can accept it not to be asynchronous for now. Simo. (This used to be commit 250dac3072c647caf9f301219922007a3a672d93) --- source4/dsdb/samdb/ldb_modules/samldb.c | 86 +++++++++++++++++++++++++++++++++ 1 file changed, 86 insertions(+) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 4be91a6cfb..8a4a871627 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -801,6 +801,89 @@ static int samldb_add(struct ldb_module *module, struct ldb_request *req) return ret; } +/* add_record */ + +/* + * FIXME + * + * Actually this module is not async at all as it does a number of sync searches + * in the process. It still to be decided how to deal with it properly so it is + * left SYNC for now until we think of a good solution. + */ + +static int samldb_add_async(struct ldb_module *module, struct ldb_request *req) +{ + const struct ldb_message *msg = req->op.add.message; + struct ldb_message *msg2 = NULL; + struct ldb_request *down_req; + int ret; + + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "samldb_add_record\n"); + + if (ldb_dn_is_special(msg->dn)) { /* do not manipulate our control entries */ + return ldb_next_request(module, req); + } + + down_req = talloc(module, struct ldb_request); + if (down_req == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + /* is user or computer? add all relevant missing objects */ + if ((samldb_find_attribute(msg, "objectclass", "user") != NULL) || + (samldb_find_attribute(msg, "objectclass", "computer") != NULL)) { + ret = samldb_fill_user_or_computer_object(module, msg, &msg2); + if (ret) { + return ret; + } + } + + /* is group? add all relevant missing objects */ + if ( ! msg2 ) { + if (samldb_find_attribute(msg, "objectclass", "group") != NULL) { + ret = samldb_fill_group_object(module, msg, &msg2); + if (ret) { + return ret; + } + } + } + + /* perhaps a foreignSecurityPrincipal? */ + if ( ! msg2 ) { + if (samldb_find_attribute(msg, "objectclass", "foreignSecurityPrincipal") != NULL) { + ret = samldb_fill_foreignSecurityPrincipal_object(module, msg, &msg2); + if (ret) { + return ret; + } + } + } + + + if (msg2 != NULL) { + down_req->op.add.message = talloc_steal(down_req, msg2); + } else { + down_req->op.add.message = msg; + } + + down_req->controls = req->controls; + down_req->creds = req->creds; + + down_req->async.context = req->async.context; + down_req->async.callback = req->async.callback; + down_req->async.timeout = req->async.timeout; + + /* go on with the call chain */ + ret = ldb_next_request(module, down_req); + + /* do not free down_req as the call results may be linked to it, + * it will be freed when the upper level request get freed */ + if (ret == LDB_SUCCESS) { + req->async.handle = down_req->async.handle; + } + + return ret; +} + static int samldb_destructor(void *module_ctx) { /* struct ldb_module *ctx = module_ctx; */ @@ -815,6 +898,9 @@ static int samldb_request(struct ldb_module *module, struct ldb_request *req) case LDB_REQ_ADD: return samldb_add(module, req); + case LDB_ASYNC_ADD: + return samldb_add_async(module, req); + default: return ldb_next_request(module, req); -- cgit From a088c2297d68385eb2869e73aaefd440606c5b4f Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 15 Mar 2006 05:48:39 +0000 Subject: r14426: ensure res is initialised (This used to be commit ce1326157c7e139a43ab31d4d1e366b78b69e26f) --- source4/dsdb/samdb/ldb_modules/proxy.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/proxy.c b/source4/dsdb/samdb/ldb_modules/proxy.c index e666de1414..6a7d04d331 100644 --- a/source4/dsdb/samdb/ldb_modules/proxy.c +++ b/source4/dsdb/samdb/ldb_modules/proxy.c @@ -59,7 +59,7 @@ static int load_proxy_info(struct ldb_module *module) { struct proxy_data *proxy = talloc_get_type(module->private_data, struct proxy_data); struct ldb_dn *dn; - struct ldb_result *res; + struct ldb_result *res = NULL; int ret; const char *olddn, *newdn, *url, *username, *password, *oldstr, *newstr; struct cli_credentials *creds; -- cgit From 8eb83c809f107e422b156774b561e5252fa5f382 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Wed, 15 Mar 2006 19:28:47 +0000 Subject: r14458: extended_dn -> async (This used to be commit 716c475999fce895392ba774ae9a15b8654334ba) --- source4/dsdb/samdb/ldb_modules/extended_dn.c | 157 +++++++++++++++++++++++++-- 1 file changed, 146 insertions(+), 11 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/extended_dn.c b/source4/dsdb/samdb/ldb_modules/extended_dn.c index 20d08ccf42..653ba27454 100644 --- a/source4/dsdb/samdb/ldb_modules/extended_dn.c +++ b/source4/dsdb/samdb/ldb_modules/extended_dn.c @@ -165,10 +165,9 @@ static BOOL inject_extended_dn(struct ldb_message *msg, } /* search */ -static int extended_search(struct ldb_module *module, struct ldb_request *req) +static int extended_search(struct ldb_module *module, struct ldb_control *control, struct ldb_request *req) { struct ldb_result *extended_result; - struct ldb_control *control; struct ldb_control **saved_controls; struct ldb_extended_dn_control *extended_ctrl; int i, ret; @@ -177,13 +176,6 @@ static int extended_search(struct ldb_module *module, struct ldb_request *req) BOOL remove_guid = False; BOOL remove_sid = False; - /* check if there's a paged request control */ - control = get_control_from_list(req->controls, LDB_CONTROL_EXTENDED_DN_OID); - if (control == NULL) { - /* not found go on */ - return ldb_next_request(module, req); - } - extended_ctrl = talloc_get_type(control->data, struct ldb_extended_dn_control); if (!extended_ctrl) { return LDB_ERR_PROTOCOL_ERROR; @@ -256,15 +248,158 @@ static int extended_search(struct ldb_module *module, struct ldb_request *req) return LDB_SUCCESS; } +/* search */ +struct extended_async_context { + + struct ldb_module *module; + void *up_context; + int (*up_callback)(struct ldb_context *, void *, struct ldb_async_result *); + int timeout; + + const char * const *attrs; + BOOL remove_guid; + BOOL remove_sid; + int extended_type; +}; + +static int extended_async_callback(struct ldb_context *ldb, void *context, struct ldb_async_result *ares) +{ + struct extended_async_context *ac; + + if (!context || !ares) { + ldb_set_errstring(ldb, talloc_asprintf(ldb, "NULL Context or Result in callback")); + goto error; + } + + ac = talloc_get_type(context, struct extended_async_context); + + if (ares->type == LDB_REPLY_ENTRY) { + /* for each record returned post-process to add any derived + attributes that have been asked for */ + if (!inject_extended_dn(ares->message, ac->extended_type, ac->remove_guid, ac->remove_sid)) { + goto error; + } + } + + return ac->up_callback(ldb, ac->up_context, ares); + +error: + talloc_free(ares); + return LDB_ERR_OPERATIONS_ERROR; +} + +static int extended_search_async(struct ldb_module *module, struct ldb_control *control, struct ldb_request *req) +{ + struct ldb_extended_dn_control *extended_ctrl; + struct ldb_control **saved_controls; + struct extended_async_context *ac; + struct ldb_request *down_req; + char **new_attrs; + int ret; + + extended_ctrl = talloc_get_type(control->data, struct ldb_extended_dn_control); + if (!extended_ctrl) { + return LDB_ERR_PROTOCOL_ERROR; + } + + ac = talloc(req, struct extended_async_context); + if (ac == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + ac->module = module; + ac->up_context = req->async.context; + ac->up_callback = req->async.callback; + ac->timeout = req->async.timeout; + ac->attrs = req->op.search.attrs; + ac->remove_guid = False; + ac->remove_sid = False; + ac->extended_type = extended_ctrl->type; + + down_req = talloc_zero(req, struct ldb_request); + if (down_req == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + down_req->operation = req->operation; + down_req->op.search.base = req->op.search.base; + down_req->op.search.scope = req->op.search.scope; + down_req->op.search.tree = req->op.search.tree; + + /* check if attrs only is specified, in that case check wether we need to modify them */ + if (req->op.search.attrs) { + if (! is_attr_in_list(req->op.search.attrs, "objectGUID")) { + ac->remove_guid = True; + } + if (! is_attr_in_list(req->op.search.attrs, "objectSID")) { + ac->remove_sid = True; + } + if (ac->remove_guid || ac->remove_sid) { + new_attrs = copy_attrs(down_req, req->op.search.attrs); + if (new_attrs == NULL) + return LDB_ERR_OPERATIONS_ERROR; + + if (ac->remove_guid) { + if (!add_attrs(down_req, &new_attrs, "objectGUID")) + return LDB_ERR_OPERATIONS_ERROR; + } + if (ac->remove_sid) { + if (!add_attrs(down_req, &new_attrs, "objectSID")) + return LDB_ERR_OPERATIONS_ERROR; + } + + down_req->op.search.attrs = (const char * const *)new_attrs; + } + } + + down_req->controls = req->controls; + + /* save it locally and remove it from the list */ + /* we do not need to replace them later as we + * are keeping the original req intact */ + if (!save_controls(control, down_req, &saved_controls)) { + return LDB_ERR_OPERATIONS_ERROR; + } + + down_req->creds = req->creds; + + down_req->async.context = ac; + down_req->async.callback = extended_async_callback; + down_req->async.timeout = req->async.timeout; + + /* perform the search */ + ret = ldb_next_request(module, down_req); + + /* do not free down_req as the call results may be linked to it, + * it will be freed when the upper level request get freed */ + if (ret == LDB_SUCCESS) { + req->async.handle = down_req->async.handle; + } + + return ret; +} + static int extended_request(struct ldb_module *module, struct ldb_request *req) { + struct ldb_control *control; + + /* check if there's an extended dn control */ + control = get_control_from_list(req->controls, LDB_CONTROL_EXTENDED_DN_OID); + if (control == NULL) { + /* not found go on */ + return ldb_next_request(module, req); + } + switch (req->operation) { case LDB_REQ_SEARCH: - return extended_search(module, req); + return extended_search(module, control, req); + + case LDB_ASYNC_SEARCH: + return extended_search_async(module, control, req); default: - return ldb_next_request(module, req); + return LDB_ERR_OPERATIONS_ERROR; } } -- cgit From 8528016978b084213ef53d66e1b6e831b1a01acc Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 16 Mar 2006 00:23:11 +0000 Subject: r14464: Don't include ndr_BASENAME.h files unless strictly required, instead try to include just the BASENAME.h files (containing only structs) (This used to be commit 3dd477ca5147f28a962b8437e2611a8222d706bd) --- source4/dsdb/samdb/ldb_modules/extended_dn.c | 1 + source4/dsdb/samdb/ldb_modules/password_hash.c | 5 +++-- source4/dsdb/samdb/ldb_modules/samldb.c | 1 + 3 files changed, 5 insertions(+), 2 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/extended_dn.c b/source4/dsdb/samdb/ldb_modules/extended_dn.c index 653ba27454..87446328f6 100644 --- a/source4/dsdb/samdb/ldb_modules/extended_dn.c +++ b/source4/dsdb/samdb/ldb_modules/extended_dn.c @@ -37,6 +37,7 @@ #include "ldb/include/ldb_errors.h" #include "ldb/include/ldb_private.h" #include "dsdb/samdb/samdb.h" +#include "librpc/gen_ndr/ndr_security.h" #include diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 32d226b2b7..047cb97b35 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -34,8 +34,9 @@ #include "libcli/ldap/ldap.h" #include "ldb/include/ldb_errors.h" #include "ldb/include/ldb_private.h" -#include "librpc/gen_ndr/ndr_misc.h" -#include "librpc/gen_ndr/ndr_samr.h" +#include "librpc/gen_ndr/misc.h" +#include "librpc/gen_ndr/samr.h" +#include "librpc/gen_ndr/ndr_security.h" #include "libcli/auth/libcli_auth.h" #include "system/kerberos.h" #include "auth/kerberos/kerberos.h" diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 8a4a871627..6ab33031df 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -39,6 +39,7 @@ #include "lib/ldb/include/ldb_private.h" #include "dsdb/samdb/samdb.h" #include "libcli/security/proto.h" +#include "librpc/gen_ndr/ndr_security.h" #include "db_wrap.h" -- cgit From 16f9685eafecfb3aa8f54ed600274521e8d7b51f Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 16 Mar 2006 06:25:23 +0000 Subject: r14465: kludge_acl -> async (This used to be commit b91b19131814abb4291c0bf7b13149060d6e9e62) --- source4/dsdb/samdb/ldb_modules/kludge_acl.c | 116 +++++++++++++++++++++++++++- 1 file changed, 114 insertions(+), 2 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index 6b5bd3d296..53acb77899 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -2,6 +2,7 @@ ldb database library Copyright (C) Andrew Bartlett 2005 + Copyright (C) Simo Sorce 2006 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -127,6 +128,102 @@ static int kludge_acl_search(struct ldb_module *module, struct ldb_request *req) return ret; } +/* search */ +struct kludge_acl_async_context { + + struct ldb_module *module; + void *up_context; + int (*up_callback)(struct ldb_context *, void *, struct ldb_async_result *); + int timeout; + + enum user_is user_type; +}; + +static int kludge_acl_async_callback(struct ldb_context *ldb, void *context, struct ldb_async_result *ares) +{ + struct kludge_acl_async_context *ac; + struct kludge_private_data *data; + int i; + + if (!context || !ares) { + ldb_set_errstring(ldb, talloc_asprintf(ldb, "NULL Context or Result in callback")); + goto error; + } + + ac = talloc_get_type(context, struct kludge_acl_async_context); + data = talloc_get_type(ac->module->private_data, struct kludge_private_data); + + if (ares->type == LDB_REPLY_ENTRY + && data->password_attrs) /* if we are not initialized just get through */ + { + switch (ac->user_type) { + case SYSTEM: + case ADMINISTRATOR: + break; + default: + /* remove password attributes */ + for (i = 0; data->password_attrs[i]; i++) { + ldb_msg_remove_attr(ares->message, data->password_attrs[i]); + } + } + } + + return ac->up_callback(ldb, ac->up_context, ares); + +error: + talloc_free(ares); + return LDB_ERR_OPERATIONS_ERROR; +} + +static int kludge_acl_search_async(struct ldb_module *module, struct ldb_request *req) +{ + struct kludge_acl_async_context *ac; + struct ldb_request *down_req; + int ret; + + req->async.handle = NULL; + + ac = talloc(req, struct kludge_acl_async_context); + if (ac == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + ac->module = module; + ac->up_context = req->async.context; + ac->up_callback = req->async.callback; + ac->timeout = req->async.timeout; + ac->user_type = what_is_user(module); + + down_req = talloc_zero(req, struct ldb_request); + if (down_req == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + down_req->operation = req->operation; + down_req->op.search.base = req->op.search.base; + down_req->op.search.scope = req->op.search.scope; + down_req->op.search.tree = req->op.search.tree; + down_req->op.search.attrs = req->op.search.attrs; + + down_req->controls = req->controls; + down_req->creds = req->creds; + + down_req->async.context = ac; + down_req->async.callback = kludge_acl_async_callback; + down_req->async.timeout = req->async.timeout; + + /* perform the search */ + ret = ldb_next_request(module, down_req); + + /* do not free down_req as the call results may be linked to it, + * it will be freed when the upper level request get freed */ + if (ret == LDB_SUCCESS) { + req->async.handle = down_req->async.handle; + } + + return ret; +} + /* ANY change type */ static int kludge_acl_change(struct ldb_module *module, struct ldb_request *req){ enum user_is user_type = what_is_user(module); @@ -165,13 +262,28 @@ static int kludge_acl_request(struct ldb_module *module, struct ldb_request *req { switch (req->operation) { + case LDB_REQ_ADD: + case LDB_ASYNC_ADD: + case LDB_REQ_MODIFY: + case LDB_ASYNC_MODIFY: + case LDB_REQ_DELETE: + case LDB_ASYNC_DELETE: + case LDB_REQ_RENAME: + case LDB_ASYNC_RENAME: + return kludge_acl_change(module, req); + case LDB_REQ_SEARCH: return kludge_acl_search(module, req); + + case LDB_ASYNC_SEARCH: + return kludge_acl_search_async(module, req); + case LDB_REQ_REGISTER: return ldb_next_request(module, req); + default: - /* anything else must be a change of some kind */ - return kludge_acl_change(module, req); + /* anything else must be something new, let's throw an error */ + return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS; } } -- cgit From bb1909e15e7a9f3cd79da2ce8b8ef90f1a557376 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 20 Mar 2006 21:44:59 +0000 Subject: r14592: Add support for loading shared modules to LDB. (This used to be commit f10fae23f0685b2d9c6174596e1c66d799f02c52) --- source4/dsdb/samdb/ldb_modules/config.mk | 48 ++++++++++++++++---------------- 1 file changed, 24 insertions(+), 24 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index 1afdb2d35b..c7ac5816e1 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -1,65 +1,65 @@ ################################################ -# Start MODULE libldb_objectguid -[MODULE::libldb_objectguid] +# Start MODULE ldb_objectguid +[MODULE::ldb_objectguid] SUBSYSTEM = ldb INIT_FUNCTION = objectguid_module_init OBJ_FILES = \ objectguid.o REQUIRED_SUBSYSTEMS = \ LIBNDR NDR_MISC -# End MODULE libldb_objectguid +# End MODULE ldb_objectguid ################################################ ################################################ -# Start MODULE libldb_samldb -[MODULE::libldb_samldb] +# Start MODULE ldb_samldb +[MODULE::ldb_samldb] SUBSYSTEM = ldb INIT_FUNCTION = samldb_module_init OBJ_FILES = \ samldb.o REQUIRED_SUBSYSTEMS = SAMDB # -# End MODULE libldb_samldb +# End MODULE ldb_samldb ################################################ ################################################ -# Start MODULE libldb_samba3sam -[MODULE::libldb_samba3sam] +# Start MODULE ldb_samba3sam +[MODULE::ldb_samba3sam] SUBSYSTEM = ldb INIT_FUNCTION = ldb_samba3sam_module_init ENABLE = NO OBJ_FILES = \ samba3sam.o # -# End MODULE libldb_samldb +# End MODULE ldb_samldb ################################################ ################################################ -# Start MODULE libldb_proxy -[MODULE::libldb_proxy] +# Start MODULE ldb_proxy +[MODULE::ldb_proxy] SUBSYSTEM = ldb INIT_FUNCTION = proxy_module_init OBJ_FILES = \ proxy.o # -# End MODULE libldb_proxy +# End MODULE ldb_proxy ################################################ ################################################ -# Start MODULE libldb_rootdse -[MODULE::libldb_rootdse] +# Start MODULE ldb_rootdse +[MODULE::ldb_rootdse] SUBSYSTEM = ldb INIT_FUNCTION = rootdse_module_init OBJ_FILES = \ rootdse.o # -# End MODULE libldb_rootdse +# End MODULE ldb_rootdse ################################################ ################################################ -# Start MODULE libldb_password_hash -[MODULE::libldb_password_hash] +# Start MODULE ldb_password_hash +[MODULE::ldb_password_hash] SUBSYSTEM = ldb INIT_FUNCTION = password_hash_module_init OBJ_FILES = \ @@ -67,12 +67,12 @@ OBJ_FILES = \ REQUIRED_SUBSYSTEMS = \ HEIMDAL_HDB HEIMDAL_KRB5 # -# End MODULE libldb_rootdse +# End MODULE ldb_rootdse ################################################ ################################################ -# Start MODULE libldb_cludge_acl -[MODULE::libldb_kludge_acl] +# Start MODULE ldb_cludge_acl +[MODULE::ldb_kludge_acl] SUBSYSTEM = ldb INIT_FUNCTION = ldb_kludge_acl_init OBJ_FILES = \ @@ -80,17 +80,17 @@ OBJ_FILES = \ REQUIRED_SUBSYSTEMS = \ LIB_SECURITY # -# End MODULE libldb_rootdse +# End MODULE ldb_rootdse ################################################ ################################################ -# Start MODULE libldb_extended_dn -[MODULE::libldb_extended_dn] +# Start MODULE ldb_extended_dn +[MODULE::ldb_extended_dn] SUBSYSTEM = ldb INIT_FUNCTION = ldb_extended_dn_init OBJ_FILES = \ extended_dn.o # -# End MODULE libldb_extended_dn +# End MODULE ldb_extended_dn ################################################ -- cgit From 7de4a5b135daddcbbe21ca11419491dac7c88c6c Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 22 Mar 2006 21:49:38 +0000 Subject: r14662: To allow the RPC-SAMR test to pass, we need to look for both domains and the builtinDomain objectClasses, when trying to find domain policies. Andrew Bartlett (This used to be commit 9fc1196f0ca0235aa764d4ae770e3c31978396fa) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 047cb97b35..8a5f94042a 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -326,7 +326,7 @@ static int password_hash_handle(struct ldb_module *module, struct ldb_request *r is_computer = False; } - domain_expression = talloc_asprintf(mem_ctx, "(&(objectSid=%s)(objectClass=domain))", + domain_expression = talloc_asprintf(mem_ctx, "(&(objectSid=%s)(|(objectClass=domain)(objectClass=builtinDomain)))", ldap_encode_ndr_dom_sid(mem_ctx, domain_sid)); /* Find the user's domain, then find out the domain password -- cgit From 8cd973decdc72b852417c55b913faad2a1f52183 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 31 Mar 2006 11:05:33 +0000 Subject: r14840: - rename some functions - stack specific functions on top of generic ones metze (This used to be commit e391f3c98aae600c5f64d5975dd55567a09c3100) --- source4/dsdb/samdb/ldb_modules/kludge_acl.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index 53acb77899..f7efdb65e4 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -65,19 +65,22 @@ static enum user_is what_is_user(struct ldb_module *module) return ANONYMOUS; } - if (is_system_token(session_info->security_token)) { + if (security_token_is_system(session_info->security_token)) { return SYSTEM; } - if (is_administrator_token(session_info->security_token)) { + if (security_token_is_anonymous(session_info->security_token)) { + return ANONYMOUS; + } + + if (security_token_has_builtin_administrators(session_info->security_token)) { return ADMINISTRATOR; } - if (is_authenticated_token(session_info->security_token)) { + + if (security_token_has_nt_authenticated_users(session_info->security_token)) { return USER; } - if (is_anonymous_token(session_info->security_token)) { - return ANONYMOUS; - } + return ANONYMOUS; } -- cgit From 1af925f394b1084779f5b1b5a10c2ec512d7e5be Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sun, 2 Apr 2006 12:02:01 +0000 Subject: r14860: create libcli/security/security.h metze (This used to be commit 9ec706238c173992dc938d537bdf1103bf519dbf) --- source4/dsdb/samdb/ldb_modules/kludge_acl.c | 2 +- source4/dsdb/samdb/ldb_modules/samldb.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index f7efdb65e4..88e1831d14 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -36,7 +36,7 @@ #include "ldb/include/ldb_errors.h" #include "ldb/include/ldb_private.h" #include "auth/auth.h" -#include "libcli/security/proto.h" +#include "libcli/security/security.h" /* Kludge ACL rules: * diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 6ab33031df..cfc7192543 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -38,7 +38,7 @@ #include "lib/ldb/include/ldb_errors.h" #include "lib/ldb/include/ldb_private.h" #include "dsdb/samdb/samdb.h" -#include "libcli/security/proto.h" +#include "libcli/security/security.h" #include "librpc/gen_ndr/ndr_security.h" #include "db_wrap.h" -- cgit From 69b51f702af1ded825d5c17bdb97014cac12e752 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 24 Apr 2006 15:47:59 +0000 Subject: r15207: Introduce PRIVATE_DEPENDENCIES and PUBLIC_DEPENDENCIES as replacement for REQUIRED_SUBSYSTEMS. (This used to be commit adc8a019b6da256f104abed1b82bfde6998a2ac9) --- source4/dsdb/samdb/ldb_modules/config.mk | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index c7ac5816e1..207fdf8201 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -5,7 +5,7 @@ SUBSYSTEM = ldb INIT_FUNCTION = objectguid_module_init OBJ_FILES = \ objectguid.o -REQUIRED_SUBSYSTEMS = \ +PUBLIC_DEPENDENCIES = \ LIBNDR NDR_MISC # End MODULE ldb_objectguid ################################################ @@ -17,7 +17,7 @@ SUBSYSTEM = ldb INIT_FUNCTION = samldb_module_init OBJ_FILES = \ samldb.o -REQUIRED_SUBSYSTEMS = SAMDB +PUBLIC_DEPENDENCIES = SAMDB # # End MODULE ldb_samldb ################################################ @@ -64,7 +64,7 @@ SUBSYSTEM = ldb INIT_FUNCTION = password_hash_module_init OBJ_FILES = \ password_hash.o -REQUIRED_SUBSYSTEMS = \ +PUBLIC_DEPENDENCIES = \ HEIMDAL_HDB HEIMDAL_KRB5 # # End MODULE ldb_rootdse @@ -77,7 +77,7 @@ SUBSYSTEM = ldb INIT_FUNCTION = ldb_kludge_acl_init OBJ_FILES = \ kludge_acl.o -REQUIRED_SUBSYSTEMS = \ +PUBLIC_DEPENDENCIES = \ LIB_SECURITY # # End MODULE ldb_rootdse -- cgit From 710ea949886dd57c66dc6d397e0ea41c89736107 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 27 Apr 2006 16:09:17 +0000 Subject: r15297: Move create_security_token() to samdb as it requires SAMDB (and the rest of LIBSECURITY doesn't) Make the ldb password_hash module only depend on some keys manipulation code, not full heimdal Some other dependency fixes (This used to be commit 5b3ab728edfc9cdd9eee16ad0fe6dfd4b5ced630) --- source4/dsdb/samdb/ldb_modules/config.mk | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index 207fdf8201..20f6e182e5 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -17,7 +17,6 @@ SUBSYSTEM = ldb INIT_FUNCTION = samldb_module_init OBJ_FILES = \ samldb.o -PUBLIC_DEPENDENCIES = SAMDB # # End MODULE ldb_samldb ################################################ @@ -62,10 +61,9 @@ OBJ_FILES = \ [MODULE::ldb_password_hash] SUBSYSTEM = ldb INIT_FUNCTION = password_hash_module_init -OBJ_FILES = \ - password_hash.o -PUBLIC_DEPENDENCIES = \ - HEIMDAL_HDB HEIMDAL_KRB5 +OBJ_FILES = password_hash.o +PUBLIC_DEPENDENCIES = HEIMDAL_KRB5 +PRIVATE_DEPENDENCIES = HEIMDAL_HDB_KEYS # # End MODULE ldb_rootdse ################################################ @@ -78,7 +76,7 @@ INIT_FUNCTION = ldb_kludge_acl_init OBJ_FILES = \ kludge_acl.o PUBLIC_DEPENDENCIES = \ - LIB_SECURITY + LIBSECURITY # # End MODULE ldb_rootdse ################################################ -- cgit From e002300f238dd0937dd9f768e366c006945e8baa Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sat, 29 Apr 2006 17:34:49 +0000 Subject: r15328: Move some functions around, remove dependencies. Remove some autogenerated headers (which had prototypes now autogenerated by pidl) Remove ndr_security.h from a few places - it's no longer necessary (This used to be commit c19c2b51d3e1ad347120b06a22bda5ec586c22e8) --- source4/dsdb/samdb/ldb_modules/extended_dn.c | 3 ++- source4/dsdb/samdb/ldb_modules/password_hash.c | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/extended_dn.c b/source4/dsdb/samdb/ldb_modules/extended_dn.c index 87446328f6..e421f7d13c 100644 --- a/source4/dsdb/samdb/ldb_modules/extended_dn.c +++ b/source4/dsdb/samdb/ldb_modules/extended_dn.c @@ -36,8 +36,9 @@ #include "ldb/include/ldb.h" #include "ldb/include/ldb_errors.h" #include "ldb/include/ldb_private.h" +#include "librpc/gen_ndr/ndr_misc.h" #include "dsdb/samdb/samdb.h" -#include "librpc/gen_ndr/ndr_security.h" +#include "libcli/security/security.h" #include diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 8a5f94042a..0310fbf9e3 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -36,8 +36,8 @@ #include "ldb/include/ldb_private.h" #include "librpc/gen_ndr/misc.h" #include "librpc/gen_ndr/samr.h" -#include "librpc/gen_ndr/ndr_security.h" #include "libcli/auth/libcli_auth.h" +#include "libcli/security/security.h" #include "system/kerberos.h" #include "auth/kerberos/kerberos.h" #include "system/time.h" -- cgit From c07db9b462da739387b390bffe7adcf30fa2c11e Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 8 May 2006 09:24:07 +0000 Subject: r15511: Using this name causes less warnings on the IBM checker, due to using the original, rather than equivilant, enum type. Andrew Bartlett (This used to be commit 3d43e458a828801a294e56a1aeb74a4d7cbf9f23) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 0310fbf9e3..46bafeefc2 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -491,7 +491,7 @@ static int password_hash_handle(struct ldb_module *module, struct ldb_request *r size_t len; struct ldb_val val; - if (keys[i].key.keytype == ENCTYPE_ARCFOUR_HMAC) { + if (keys[i].key.keytype == ETYPE_ARCFOUR_HMAC_MD5) { /* We might end up doing this below: * This ensures we get the unicode * conversion right. This should also @@ -548,9 +548,9 @@ static int password_hash_handle(struct ldb_module *module, struct ldb_request *r key.salt = NULL; /* No salt for this enc type */ krb5_ret = krb5_keyblock_init(smb_krb5_context->krb5_context, - ENCTYPE_ARCFOUR_HMAC, - ntPwdHash->hash, sizeof(ntPwdHash->hash), - &key.key); + ETYPE_ARCFOUR_HMAC_MD5, + ntPwdHash->hash, sizeof(ntPwdHash->hash), + &key.key); if (krb5_ret) { return LDB_ERR_OPERATIONS_ERROR; } -- cgit From aa7a02d45fefad3640f273b1d3bfe535a1e6b88c Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sat, 13 May 2006 21:08:37 +0000 Subject: r15582: Commit some forgotten stuff that have been setting on my private tree fro long (This used to be commit 7c050b541e98cd442a0c9ed0ddadb3e573cd1304) --- source4/dsdb/samdb/ldb_modules/objectguid.c | 75 +++++++++++++++++++++++++++-- source4/dsdb/samdb/ldb_modules/samldb.c | 10 +--- 2 files changed, 73 insertions(+), 12 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/objectguid.c b/source4/dsdb/samdb/ldb_modules/objectguid.c index 7169aa6842..699f04775c 100644 --- a/source4/dsdb/samdb/ldb_modules/objectguid.c +++ b/source4/dsdb/samdb/ldb_modules/objectguid.c @@ -1,7 +1,7 @@ /* ldb database library - Copyright (C) Simo Sorce 2004 + Copyright (C) Simo Sorce 2004-2006 Copyright (C) Andrew Bartlett 2005 ** NOTE! The following LGPL license applies to the ldb @@ -34,8 +34,7 @@ */ #include "includes.h" -#include "ldb/include/ldb.h" -#include "ldb/include/ldb_private.h" +#include "ldb/include/includes.h" #include "librpc/gen_ndr/ndr_misc.h" static struct ldb_message_element *objectguid_find_attribute(const struct ldb_message *msg, const char *name) @@ -108,6 +107,73 @@ static int objectguid_add(struct ldb_module *module, struct ldb_request *req) return ret; } +static int objectguid_add_async(struct ldb_module *module, struct ldb_request *req) +{ + struct ldb_request *down_req; + struct ldb_message_element *attribute; + struct ldb_message *msg; + struct ldb_val v; + struct GUID guid; + NTSTATUS nt_status; + int ret; + + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_add_record\n"); + + /* do not manipulate our control entries */ + if (ldb_dn_is_special(req->op.add.message->dn)) { + return ldb_next_request(module, req); + } + + if ((attribute = objectguid_find_attribute(req->op.add.message, "objectGUID")) != NULL ) { + return ldb_next_request(module, req); + } + + down_req = talloc(req, struct ldb_request); + if (down_req == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + /* we have to copy the message as the caller might have it as a const */ + msg = ldb_msg_copy_shallow(down_req, req->op.add.message); + if (msg == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + /* a new GUID */ + guid = GUID_random(); + + nt_status = ndr_push_struct_blob(&v, msg, &guid, + (ndr_push_flags_fn_t)ndr_push_GUID); + if (!NT_STATUS_IS_OK(nt_status)) { + return -1; + } + + ret = ldb_msg_add_value(msg, "objectGUID", &v); + if (ret) { + return ret; + } + + down_req->op.add.message = msg; + + down_req->controls = req->controls; + down_req->creds = req->creds; + + down_req->async.context = req->async.context; + down_req->async.callback = req->async.callback; + down_req->async.timeout = req->async.timeout; + + /* go on with the call chain */ + ret = ldb_next_request(module, down_req); + + /* do not free down_req as the call results may be linked to it, + * it will be freed when the upper level request get freed */ + if (ret == LDB_SUCCESS) { + req->async.handle = down_req->async.handle; + } + + return ret; +} + static int objectguid_request(struct ldb_module *module, struct ldb_request *req) { switch (req->operation) { @@ -115,6 +181,9 @@ static int objectguid_request(struct ldb_module *module, struct ldb_request *req case LDB_REQ_ADD: return objectguid_add(module, req); + case LDB_ASYNC_ADD: + return objectguid_add_async(module, req); + default: return ldb_next_request(module, req); diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index cfc7192543..f8a151ddda 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -859,20 +859,12 @@ static int samldb_add_async(struct ldb_module *module, struct ldb_request *req) } } + *down_req = *req; if (msg2 != NULL) { down_req->op.add.message = talloc_steal(down_req, msg2); - } else { - down_req->op.add.message = msg; } - down_req->controls = req->controls; - down_req->creds = req->creds; - - down_req->async.context = req->async.context; - down_req->async.callback = req->async.callback; - down_req->async.timeout = req->async.timeout; - /* go on with the call chain */ ret = ldb_next_request(module, down_req); -- cgit From 12f377c638d118da58f2f2802baf28961a631f0f Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 16 May 2006 16:43:34 +0000 Subject: r15639: fix warnings metze (This used to be commit 73ca71b42b20c9cc0acba8caecc24b07624c4abc) --- source4/dsdb/samdb/ldb_modules/objectguid.c | 2 +- source4/dsdb/samdb/ldb_modules/samldb.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/objectguid.c b/source4/dsdb/samdb/ldb_modules/objectguid.c index 699f04775c..71591f187f 100644 --- a/source4/dsdb/samdb/ldb_modules/objectguid.c +++ b/source4/dsdb/samdb/ldb_modules/objectguid.c @@ -53,7 +53,7 @@ static struct ldb_message_element *objectguid_find_attribute(const struct ldb_me /* add_record: add objectGUID attribute */ static int objectguid_add(struct ldb_module *module, struct ldb_request *req) { - const struct ldb_message *msg = req->op.add.message; + struct ldb_message *msg = req->op.add.message; struct ldb_val v; struct ldb_message *msg2; struct ldb_message_element *attribute; diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index f8a151ddda..31cf6143a1 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -751,7 +751,7 @@ static int samldb_fill_foreignSecurityPrincipal_object(struct ldb_module *module /* add_record */ static int samldb_add(struct ldb_module *module, struct ldb_request *req) { - const struct ldb_message *msg = req->op.add.message; + struct ldb_message *msg = req->op.add.message; struct ldb_message *msg2 = NULL; int ret; -- cgit From 1fdd6a6e68359bccc4998e416cb2395ac8e6eaca Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 19 May 2006 21:12:26 +0000 Subject: r15725: First shot at making password_hash async The async path is not yet enabled by default so it should make no harm (This used to be commit b7d5f2325726757a4fcd0b5ac03de1b867085a89) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 1087 +++++++++++++++++++++++- 1 file changed, 1076 insertions(+), 11 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 46bafeefc2..b7f4aff67a 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -121,13 +121,6 @@ static int password_hash_handle(struct ldb_module *module, struct ldb_request *r /* Do the original action */ - /* If no part of this touches the sambaPassword, then we don't - * need to make any changes. For password changes/set there should - * be a 'delete' or a 'modify' on this attribute. */ - if ((attribute = ldb_msg_find_element(msg, "sambaPassword")) == NULL ) { - return ldb_next_request(module, req); - } - mem_ctx = talloc_new(module); if (!mem_ctx) { return LDB_ERR_OPERATIONS_ERROR; @@ -326,7 +319,7 @@ static int password_hash_handle(struct ldb_module *module, struct ldb_request *r is_computer = False; } - domain_expression = talloc_asprintf(mem_ctx, "(&(objectSid=%s)(|(objectClass=domain)(objectClass=builtinDomain)))", + domain_expression = talloc_asprintf(mem_ctx, "(&(objectSid=%s)(objectClass=domain))", ldap_encode_ndr_dom_sid(mem_ctx, domain_sid)); /* Find the user's domain, then find out the domain password @@ -663,12 +656,12 @@ static int password_hash_handle(struct ldb_module *module, struct ldb_request *r } sambaNTPwdHistory_len = MIN(sambaNTPwdHistory_len + 1, pwdHistoryLength); - CHECK_RET(samdb_msg_add_hashes(module->ldb, mem_ctx, modify_msg, + CHECK_RET(samdb_msg_add_hashes(mem_ctx, modify_msg, "sambaLMPwdHistory", new_sambaLMPwdHistory, sambaLMPwdHistory_len)); - CHECK_RET(samdb_msg_add_hashes(module->ldb, mem_ctx, modify_msg, + CHECK_RET(samdb_msg_add_hashes(mem_ctx, modify_msg, "sambaNTPwdHistory", new_sambaNTPwdHistory, sambaNTPwdHistory_len)); @@ -704,6 +697,13 @@ static int password_hash_add(struct ldb_module *module, struct ldb_request *req) return ldb_next_request(module, req); } + /* If no part of this touches the sambaPassword, then we don't + * need to make any changes. For password changes/set there should + * be a 'delete' or a 'modify' on this attribute. */ + if (ldb_msg_find_element(msg, "sambaPassword") == NULL ) { + return ldb_next_request(module, req); + } + return password_hash_handle(module, req, msg); } @@ -718,9 +718,1067 @@ static int password_hash_modify(struct ldb_module *module, struct ldb_request *r return ldb_next_request(module, req); } + /* If no part of this touches the sambaPassword, then we don't + * need to make any changes. For password changes/set there should + * be a 'delete' or a 'modify' on this attribute. */ + if (ldb_msg_find_element(msg, "sambaPassword") == NULL ) { + return ldb_next_request(module, req); + } + return password_hash_handle(module, req, msg); } +enum ph_type {PH_ADD, PH_MOD}; +enum ph_step {PH_ADD_SEARCH_DOM, PH_ADD_DO_ADD, PH_MOD_DO_REQ, PH_MOD_SEARCH_SELF, PH_MOD_SEARCH_DOM, PH_MOD_DO_MOD}; + +struct ph_async_context { + + enum ph_type type; + enum ph_step step; + + struct ldb_module *module; + struct ldb_request *orig_req; + + struct ldb_request *dom_req; + struct ldb_async_result *dom_res; + + struct ldb_request *down_req; + + struct ldb_request *search_req; + struct ldb_async_result *search_res; + + struct ldb_request *mod_req; +}; + +struct domain_data { + uint_t pwdProperties; + uint_t pwdHistoryLength; + char *dnsDomain; + char *realm; +}; + +static int add_password_hashes(struct ldb_module *module, struct ldb_message *msg, int is_mod) +{ + const char *sambaPassword; + struct samr_Password tmp_hash; + + sambaPassword = ldb_msg_find_string(msg, "sambaPassword", NULL); + if (sambaPassword == NULL) { /* impossible, what happened ?! */ + return LDB_ERR_OPERATIONS_ERROR; + } + + /* compute the new nt and lm hashes */ + if (is_mod) { + if (ldb_msg_add_empty(msg, "ntPwdHash", LDB_FLAG_MOD_REPLACE) != 0) { + return LDB_ERR_OPERATIONS_ERROR; + } + } + E_md4hash(sambaPassword, tmp_hash.hash); + if (samdb_msg_add_hash(module->ldb, msg, msg, "ntPwdHash", &tmp_hash) != 0) { + return LDB_ERR_OPERATIONS_ERROR; + } + + if (E_deshash(sambaPassword, tmp_hash.hash)) { + if (is_mod) { + if (ldb_msg_add_empty(msg, "lmPwdHash", LDB_FLAG_MOD_REPLACE) != 0) { + return LDB_ERR_OPERATIONS_ERROR; + } + } + if (samdb_msg_add_hash(module->ldb, msg, msg, "lmPwdHash", &tmp_hash) != 0) { + return LDB_ERR_OPERATIONS_ERROR; + } + } + + return LDB_SUCCESS; +} + +static int add_krb5_keys_from_password(struct ldb_module *module, struct ldb_message *msg, + struct smb_krb5_context *smb_krb5_context, + struct domain_data *domain, + const char *samAccountName, + const char *user_principal_name, + int is_computer) +{ + const char *sambaPassword; + Principal *salt_principal; + krb5_error_code krb5_ret; + size_t num_keys; + Key *keys; + int i; + + /* Many, many thanks to lukeh@padl.com for this + * algorithm, described in his Nov 10 2004 mail to + * samba-technical@samba.org */ + + sambaPassword = ldb_msg_find_string(msg, "sambaPassword", NULL); + if (sambaPassword == NULL) { /* impossible, what happened ?! */ + return LDB_ERR_OPERATIONS_ERROR; + } + + if (is_computer) { + /* Determine a salting principal */ + char *name = talloc_strdup(msg, samAccountName); + char *saltbody; + if (name == NULL) { + ldb_set_errstring(module->ldb, + talloc_asprintf(msg, "password_hash_handle: " + "generation of new kerberos keys failed: %s is a computer without a samAccountName", + ldb_dn_linearize(msg, msg->dn))); + return LDB_ERR_OPERATIONS_ERROR; + } + if (name[strlen(name)-1] == '$') { + name[strlen(name)-1] = '\0'; + } + saltbody = talloc_asprintf(msg, "%s.%s", name, domain->dnsDomain); + + krb5_ret = krb5_make_principal(smb_krb5_context->krb5_context, + &salt_principal, + domain->realm, "host", + saltbody, NULL); + } else if (user_principal_name) { + char *p; + user_principal_name = talloc_strdup(msg, user_principal_name); + if (user_principal_name == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } else { + p = strchr(user_principal_name, '@'); + if (p) { + p[0] = '\0'; + } + krb5_ret = krb5_make_principal(smb_krb5_context->krb5_context, + &salt_principal, + domain->realm, user_principal_name, NULL); + } + } else { + if (!samAccountName) { + ldb_set_errstring(module->ldb, + talloc_asprintf(msg, "password_hash_handle: " + "generation of new kerberos keys failed: %s has no samAccountName", + ldb_dn_linearize(msg, msg->dn))); + return LDB_ERR_OPERATIONS_ERROR; + } + krb5_ret = krb5_make_principal(smb_krb5_context->krb5_context, + &salt_principal, + domain->realm, samAccountName, + NULL); + } + + if (krb5_ret) { + ldb_set_errstring(module->ldb, + talloc_asprintf(msg, "password_hash_handle: " + "generation of a saltking principal failed: %s", + smb_get_krb5_error_message(smb_krb5_context->krb5_context, + krb5_ret, msg))); + return LDB_ERR_OPERATIONS_ERROR; + } + + /* TODO: We may wish to control the encryption types chosen in future */ + krb5_ret = hdb_generate_key_set_password(smb_krb5_context->krb5_context, + salt_principal, sambaPassword, &keys, &num_keys); + krb5_free_principal(smb_krb5_context->krb5_context, salt_principal); + + if (krb5_ret) { + ldb_set_errstring(module->ldb, + talloc_asprintf(msg, "password_hash_handle: " + "generation of new kerberos keys failed: %s", + smb_get_krb5_error_message(smb_krb5_context->krb5_context, + krb5_ret, msg))); + return LDB_ERR_OPERATIONS_ERROR; + } + + /* Walking all the key types generated, transform each + * key into an ASN.1 blob + */ + for (i=0; i < num_keys; i++) { + unsigned char *buf; + size_t buf_size; + size_t len; + struct ldb_val val; + int ret; + + if (keys[i].key.keytype == ENCTYPE_ARCFOUR_HMAC) { + /* We might end up doing this below: + * This ensures we get the unicode + * conversion right. This should also + * be fixed in the Heimdal libs */ + continue; + } + ASN1_MALLOC_ENCODE(Key, buf, buf_size, &keys[i], &len, krb5_ret); + if (krb5_ret) { + return LDB_ERR_OPERATIONS_ERROR; + } + + val.data = talloc_memdup(msg, buf, len); + val.length = len; + free(buf); + if (!val.data || krb5_ret) { + hdb_free_keys (smb_krb5_context->krb5_context, num_keys, keys); + return LDB_ERR_OPERATIONS_ERROR; + } + ret = ldb_msg_add_value(msg, "krb5Key", &val); + if (ret != LDB_SUCCESS) { + hdb_free_keys (smb_krb5_context->krb5_context, num_keys, keys); + return ret; + } + } + + hdb_free_keys (smb_krb5_context->krb5_context, num_keys, keys); + + return LDB_SUCCESS; +} + +static int add_krb5_keys_from_NThash(struct ldb_module *module, struct ldb_message *msg, + struct smb_krb5_context *smb_krb5_context) +{ + struct samr_Password *ntPwdHash; + krb5_error_code krb5_ret; + unsigned char *buf; + size_t buf_size; + size_t len; + struct ldb_val val; + Key key; + + key.mkvno = 0; + key.salt = NULL; /* No salt for this enc type */ + + ntPwdHash = samdb_result_hash(msg, msg, "ntPwdHash"); + if (ntPwdHash == NULL) { /* what happened ?! */ + return LDB_ERR_OPERATIONS_ERROR; + } + + krb5_ret = krb5_keyblock_init(smb_krb5_context->krb5_context, + ENCTYPE_ARCFOUR_HMAC, + ntPwdHash->hash, sizeof(ntPwdHash->hash), + &key.key); + if (krb5_ret) { + return LDB_ERR_OPERATIONS_ERROR; + } + ASN1_MALLOC_ENCODE(Key, buf, buf_size, &key, &len, krb5_ret); + if (krb5_ret) { + return LDB_ERR_OPERATIONS_ERROR; + } + krb5_free_keyblock_contents(smb_krb5_context->krb5_context, + &key.key); + + val.data = talloc_memdup(msg, buf, len); + val.length = len; + free(buf); + if (!val.data) { + return LDB_ERR_OPERATIONS_ERROR; + } + if (ldb_msg_add_value(msg, "krb5Key", &val) != 0) { + return LDB_ERR_OPERATIONS_ERROR; + } + + return LDB_SUCCESS; +} + +static int set_pwdLastSet(struct ldb_module *module, struct ldb_message *msg) +{ + NTTIME now_nt; + + /* set it as now */ + unix_to_nt_time(&now_nt, time(NULL)); + + /* replace or add */ + if (ldb_msg_add_empty(msg, "pwdLastSet", LDB_FLAG_MOD_REPLACE) != 0) { + return LDB_ERR_OPERATIONS_ERROR; + } + + if (samdb_msg_add_uint64(module->ldb, msg, msg, "pwdLastSet", now_nt) != 0) { + return LDB_ERR_OPERATIONS_ERROR; + } + + return LDB_SUCCESS; +} + +static int add_keyVersionNumber(struct ldb_module *module, struct ldb_message *msg, int previous) +{ + /* replace or add */ + if (ldb_msg_add_empty(msg, "msDS-KeyVersionNumber", LDB_FLAG_MOD_REPLACE) != 0) { + return LDB_ERR_OPERATIONS_ERROR; + } + + if (samdb_msg_add_uint(module->ldb, msg, msg, "msDS-KeyVersionNumber", previous+1) != 0) { + return LDB_ERR_OPERATIONS_ERROR; + } + + return LDB_SUCCESS; +} + +static int setPwdHistory(struct ldb_module *module, struct ldb_message *msg, struct ldb_message *old_msg, int hlen) +{ + struct samr_Password *nt_hash; + struct samr_Password *lm_hash; + struct samr_Password *nt_history; + struct samr_Password *lm_history; + struct samr_Password *new_nt_history; + struct samr_Password *new_lm_history; + int nt_hist_len; + int lm_hist_len; + int i; + + nt_hash = samdb_result_hash(msg, old_msg, "ntPwdHash"); + lm_hash = samdb_result_hash(msg, old_msg, "lmPwdHash"); + + /* if no previous passwords just return */ + if (nt_hash == NULL && lm_hash == NULL) return LDB_SUCCESS; + + nt_hist_len = samdb_result_hashes(msg, old_msg, "sambaNTPwdHistory", &nt_history); + lm_hist_len = samdb_result_hashes(msg, old_msg, "sambaLMPwdHistory", &lm_history); + + /* We might not have an old NT password */ + new_nt_history = talloc_array(msg, struct samr_Password, hlen); + if (new_nt_history == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + for (i = 0; i < MIN(hlen-1, nt_hist_len); i++) { + new_nt_history[i+1] = nt_history[i]; + } + nt_hist_len = i + 1; + if (nt_hash) { + new_nt_history[0] = *nt_hash; + } else { + ZERO_STRUCT(new_nt_history[0]); + } + if (ldb_msg_add_empty(msg, "sambaNTPwdHistory", LDB_FLAG_MOD_REPLACE) != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; + } + if (samdb_msg_add_hashes(msg, msg, "sambaNTPwdHistory", new_nt_history, nt_hist_len) != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; + } + + + /* Don't store 'long' passwords in the LM history, + but make sure to 'expire' one password off the other end */ + new_lm_history = talloc_array(msg, struct samr_Password, hlen); + if (new_lm_history == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + for (i = 0; i < MIN(hlen-1, lm_hist_len); i++) { + new_lm_history[i+1] = lm_history[i]; + } + lm_hist_len = i + 1; + if (lm_hash) { + new_lm_history[0] = *lm_hash; + } else { + ZERO_STRUCT(new_lm_history[0]); + } + if (ldb_msg_add_empty(msg, "sambaLMPwdHistory", LDB_FLAG_MOD_REPLACE) != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; + } + if (samdb_msg_add_hashes(msg, msg, "sambaLMPwdHistory", new_lm_history, lm_hist_len) != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; + } + + return LDB_SUCCESS; +} + +static struct ldb_async_handle *ph_init_handle(struct ldb_request *req, struct ldb_module *module, enum ph_type type) +{ + struct ph_async_context *ac; + struct ldb_async_handle *h; + + h = talloc_zero(req, struct ldb_async_handle); + if (h == NULL) { + ldb_set_errstring(module->ldb, talloc_asprintf(module, "Out of Memory")); + return NULL; + } + + h->module = module; + + ac = talloc_zero(h, struct ph_async_context); + if (ac == NULL) { + ldb_set_errstring(module->ldb, talloc_asprintf(module, "Out of Memory")); + talloc_free(h); + return NULL; + } + + h->private_data = (void *)ac; + + h->state = LDB_ASYNC_INIT; + h->status = LDB_SUCCESS; + + ac->type = type; + ac->module = module; + ac->orig_req = req; + + return h; +} + +static int get_domain_data_callback(struct ldb_context *ldb, void *context, struct ldb_async_result *ares) +{ + struct ph_async_context *ac; + + if (!context || !ares) { + ldb_set_errstring(ldb, talloc_asprintf(ldb, "NULL Context or Result in callback")); + return LDB_ERR_OPERATIONS_ERROR; + } + + ac = talloc_get_type(context, struct ph_async_context); + + /* we are interested only in the single reply (base search) we receive here */ + if (ares->type == LDB_REPLY_ENTRY) { + if (ac->dom_res != NULL) { + ldb_set_errstring(ldb, talloc_asprintf(ldb, "Too many results")); + talloc_free(ares); + return LDB_ERR_OPERATIONS_ERROR; + } + ac->dom_res = talloc_steal(ac, ares); + } else { + talloc_free(ares); + } + + return LDB_SUCCESS; +} + +static int build_domain_data_request(struct ph_async_context *ac, + struct dom_sid *sid) +{ + const char * const attrs[] = { "pwdProperties", "pwdHistoryLength", "dnsDomain", NULL }; + char *filter; + + ac->dom_req = talloc_zero(ac, struct ldb_request); + if (ac->dom_req == NULL) { + ldb_debug(ac->module->ldb, LDB_DEBUG_ERROR, "Out of Memory!\n"); + return LDB_ERR_OPERATIONS_ERROR; + } + ac->dom_req->operation = LDB_ASYNC_SEARCH; + ac->dom_req->op.search.base = NULL; + ac->dom_req->op.search.scope = LDB_SCOPE_SUBTREE; + + filter = talloc_asprintf(ac->dom_req, "(&(objectSid=%s)(objectClass=domain))", dom_sid_string(ac->dom_req, sid)); + if (filter == NULL) { + ldb_debug(ac->module->ldb, LDB_DEBUG_ERROR, "Out of Memory!\n"); + talloc_free(ac->dom_req); + return LDB_ERR_OPERATIONS_ERROR; + } + + ac->dom_req->op.search.tree = ldb_parse_tree(ac->module->ldb, filter); + if (ac->dom_req->op.search.tree == NULL) { + ldb_set_errstring(ac->module->ldb, talloc_asprintf(ac, "Invalid search filter")); + talloc_free(ac->dom_req); + return LDB_ERR_OPERATIONS_ERROR; + } + ac->dom_req->op.search.attrs = attrs; + ac->dom_req->controls = NULL; + ac->dom_req->creds = ac->orig_req->creds; + ac->dom_req->async.context = ac; + ac->dom_req->async.callback = get_domain_data_callback; + ac->dom_req->async.timeout = ac->orig_req->async.timeout; + + return LDB_SUCCESS; +} + +static struct domain_data *get_domain_data(struct ldb_module *module, void *mem_ctx, struct ldb_async_result *res) +{ + struct domain_data *data; + const char *tmp; + + data = talloc_zero(mem_ctx, struct domain_data); + if (data == NULL) { + return NULL; + } + + data->pwdProperties = samdb_result_uint(res->message, "pwdProperties", 0); + data->pwdHistoryLength = samdb_result_uint(res->message, "pwdHistoryLength", 0); + tmp = ldb_msg_find_string(res->message, "dnsDomain", NULL); + + if (tmp != NULL) { + data->dnsDomain = talloc_strdup(data, tmp); + if (data->dnsDomain == NULL) { + ldb_debug(module->ldb, LDB_DEBUG_ERROR, "Out of memory!\n"); + return NULL; + } + data->realm = strupper_talloc(mem_ctx, tmp); + if (data->realm == NULL) { + ldb_debug(module->ldb, LDB_DEBUG_ERROR, "Out of memory!\n"); + return NULL; + } + } + + return data; +} + +static int password_hash_add_async(struct ldb_module *module, struct ldb_request *req) +{ + struct ldb_async_handle *h; + struct ph_async_context *ac; + struct ldb_message_element *attribute; + struct dom_sid *domain_sid; + int ret; + + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "password_hash_add_async\n"); + + if (ldb_dn_is_special(req->op.add.message->dn)) { /* do not manipulate our control entries */ + return ldb_next_request(module, req); + } + + /* nobody must touch password Histories */ + if (ldb_msg_find_element(req->op.add.message, "sambaNTPwdHistory") || + ldb_msg_find_element(req->op.add.message, "sambaLMPwdHistory")) { + return LDB_ERR_UNWILLING_TO_PERFORM; + } + + /* If no part of this touches the sambaPassword, then we don't + * need to make any changes. For password changes/set there should + * be a 'delete' or a 'modify' on this attribute. */ + if ((attribute = ldb_msg_find_element(req->op.add.message, "sambaPassword")) == NULL ) { + return ldb_next_request(module, req); + } + + /* if it is not an entry of type person its an error */ + /* TODO: remove this when sambaPassword will be in schema */ + if (!ldb_msg_check_string_attribute(req->op.add.message, "objectClass", "person")) { + return LDB_ERR_OBJECT_CLASS_VIOLATION; + } + + /* check sambaPassword is single valued here */ + /* TODO: remove this when sambaPassword will be single valued in schema */ + if (attribute->num_values > 1) { + ldb_set_errstring(module->ldb, talloc_asprintf(req, + "mupltiple values for sambaPassword not allowed!\n")); + return LDB_ERR_CONSTRAINT_VIOLATION; + } + + /* get user domain data */ + domain_sid = samdb_result_sid_prefix(req, req->op.add.message, "objectSid"); + if (domain_sid == NULL) { + ldb_debug(module->ldb, LDB_DEBUG_ERROR, "can't handle entry with missing objectSid!\n"); + return LDB_ERR_OPERATIONS_ERROR; + } + + h = ph_init_handle(req, module, PH_ADD); + if (!h) { + return LDB_ERR_OPERATIONS_ERROR; + } + ac = talloc_get_type(h->private_data, struct ph_async_context); + + ret = build_domain_data_request(ac, domain_sid); + if (ret != LDB_SUCCESS) { + return ret; + } + + ac->step = PH_ADD_SEARCH_DOM; + + req->async.handle = h; + + return ldb_next_request(module, ac->dom_req); +} + +static int password_hash_add_async_do_add(struct ldb_async_handle *h) { + + struct ph_async_context *ac; + struct domain_data *domain; + struct smb_krb5_context *smb_krb5_context; + struct ldb_message *msg; + + ac = talloc_get_type(h->private_data, struct ph_async_context); + + domain = get_domain_data(ac->module, ac, ac->search_res); + if (domain == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + ac->down_req = talloc(ac, struct ldb_request); + if (ac->down_req == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + *(ac->down_req) = *(ac->orig_req); + ac->down_req->op.add.message = msg = ldb_msg_copy_shallow(ac->down_req, ac->orig_req->op.add.message); + if (ac->down_req->op.add.message == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + /* Some operations below require kerberos contexts */ + if (smb_krb5_init_context(ac->down_req, &smb_krb5_context) != 0) { + return LDB_ERR_OPERATIONS_ERROR; + } + + /* we can compute new password hashes from the unicode password */ + if (add_password_hashes(ac->module, msg, 0) != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; + } + + /* now add krb5 keys based on unicode password */ + if (add_krb5_keys_from_password(ac->module, msg, smb_krb5_context, domain, + ldb_msg_find_string(msg, "samAccountName", NULL), + ldb_msg_find_string(msg, "userPrincipalName", NULL), + ldb_msg_check_string_attribute(msg, "objectClass", "computer") + ) != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; + } + + /* add also kr5 keys based on NT the hash */ + if (add_krb5_keys_from_NThash(ac->module, msg, smb_krb5_context) != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; + } + + /* if both the domain properties and the user account controls do not permit + * clear text passwords then wipe out the sambaPassword */ + if ((!(domain->pwdProperties & DOMAIN_PASSWORD_STORE_CLEARTEXT)) || + (!(ldb_msg_find_uint(msg, "userAccountControl", 0) & UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED))) { + ldb_msg_remove_attr(msg, "sambaPassword"); + } + + /* don't touch it if a value is set. It could be an incoming samsync */ + if (ldb_msg_find_uint64(msg, "pwdLastSet", 0) == 0) { + if (set_pwdLastSet(ac->module, msg) != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; + } + } + + /* don't touch it if a value is set. It could be an incoming samsync */ + if (!ldb_msg_find_element(msg, "msDS-KeyVersionNumber")) { + if (add_keyVersionNumber(ac->module, msg, 0) != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; + } + } + + h->state = LDB_ASYNC_INIT; + h->status = LDB_SUCCESS; + + ac->step = PH_ADD_DO_ADD; + + /* perform the operation */ + return ldb_next_request(ac->module, ac->down_req); +} + +static int password_hash_mod_async_search_self(struct ldb_async_handle *h); + +static int password_hash_modify_async(struct ldb_module *module, struct ldb_request *req) +{ + struct ldb_async_handle *h; + struct ph_async_context *ac; + struct ldb_message_element *sambaAttr; + struct ldb_message_element *ntAttr; + struct ldb_message_element *lmAttr; + + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "password_hash_add_async\n"); + + if (ldb_dn_is_special(req->op.mod.message->dn)) { /* do not manipulate our control entries */ + return ldb_next_request(module, req); + } + + /* nobody must touch password Histories */ + if (ldb_msg_find_element(req->op.mod.message, "sambaNTPwdHistory") || + ldb_msg_find_element(req->op.mod.message, "sambaLMPwdHistory")) { + return LDB_ERR_UNWILLING_TO_PERFORM; + } + + sambaAttr = ldb_msg_find_element(req->op.mod.message, "sambaPassword"); + ntAttr = ldb_msg_find_element(req->op.mod.message, "ntPwdHash"); + lmAttr = ldb_msg_find_element(req->op.mod.message, "lmPwdHash"); + + /* check passwords are single valued here */ + /* TODO: remove this when passwords will be single valued in schema */ + if (sambaAttr && (sambaAttr->num_values > 1)) { + return LDB_ERR_CONSTRAINT_VIOLATION; + } + if (ntAttr && (ntAttr->num_values > 1)) { + return LDB_ERR_CONSTRAINT_VIOLATION; + } + if (lmAttr && (lmAttr->num_values > 1)) { + return LDB_ERR_CONSTRAINT_VIOLATION; + } + + /* If no part of this touches the sambaPassword OR ntPwdHash and/or lmPwdHash, then we don't + * need to make any changes. For password changes/set there should + * be a 'delete' or a 'modify' on this attribute. */ + /* If the only operation is the deletion of the passwords then go on */ + if ( ((!sambaAttr) || ((sambaAttr->flags & LDB_FLAG_MOD_MASK) == LDB_FLAG_MOD_DELETE)) + && ((!ntAttr) || ((ntAttr->flags & LDB_FLAG_MOD_MASK) == LDB_FLAG_MOD_DELETE)) + && ((!lmAttr) || ((lmAttr->flags & LDB_FLAG_MOD_MASK) == LDB_FLAG_MOD_DELETE)) ) { + + return ldb_next_request(module, req); + } + + h = ph_init_handle(req, module, PH_MOD); + if (!h) { + return LDB_ERR_OPERATIONS_ERROR; + } + ac = talloc_get_type(h->private_data, struct ph_async_context); + + /* return or own handle to deal with this call */ + req->async.handle = h; + + /* prepare the first operation */ + ac->down_req = talloc_zero(ac, struct ldb_request); + if (ac->down_req == NULL) { + ldb_set_errstring(module->ldb, talloc_asprintf(module->ldb, "Out of memory!")); + return LDB_ERR_OPERATIONS_ERROR; + } + + *(ac->down_req) = *req; /* copy the request */ + + /* use a new message structure so that we can modify it */ + ac->down_req->op.mod.message = ldb_msg_copy_shallow(ac->down_req, req->op.mod.message); + + /* - remove any imodification to the password from the first commit + * we will make the real modification later */ + if (sambaAttr) ldb_msg_remove_attr(ac->down_req->op.mod.message, "sambaPassword"); + if (ntAttr) ldb_msg_remove_attr(ac->down_req->op.mod.message, "ntPwdHash"); + if (lmAttr) ldb_msg_remove_attr(ac->down_req->op.mod.message, "lmPwdHash"); + + /* if there was nothing else to be modify skip to next step */ + if (ac->down_req->op.mod.message->num_elements == 0) { + talloc_free(ac->down_req); + ac->down_req = NULL; + return password_hash_mod_async_search_self(h); + } + + ac->down_req->async.context = NULL; + ac->down_req->async.callback = NULL; + + ac->step = PH_MOD_DO_REQ; + + return ldb_next_request(module, ac->down_req); +} + +static int get_self_callback(struct ldb_context *ldb, void *context, struct ldb_async_result *ares) +{ + struct ph_async_context *ac; + + if (!context || !ares) { + ldb_set_errstring(ldb, talloc_asprintf(ldb, "NULL Context or Result in callback")); + return LDB_ERR_OPERATIONS_ERROR; + } + + ac = talloc_get_type(context, struct ph_async_context); + + /* we are interested only in the single reply (base search) we receive here */ + if (ares->type == LDB_REPLY_ENTRY) { + if (ac->search_res != NULL) { + ldb_set_errstring(ldb, talloc_asprintf(ldb, "Too many results")); + talloc_free(ares); + return LDB_ERR_OPERATIONS_ERROR; + } + + /* if it is not an entry of type person this is an error */ + /* TODO: remove this when sambaPassword will be in schema */ + if (!ldb_msg_check_string_attribute(ares->message, "objectClass", "person")) { + ldb_set_errstring(ldb, talloc_asprintf(ldb, "Object class violation")); + talloc_free(ares); + return LDB_ERR_OBJECT_CLASS_VIOLATION; + } + + ac->search_res = talloc_steal(ac, ares); + } else { + talloc_free(ares); + } + + return LDB_SUCCESS; +} + +static int password_hash_mod_async_search_self(struct ldb_async_handle *h) { + + struct ph_async_context *ac; + + ac = talloc_get_type(h->private_data, struct ph_async_context); + + /* prepare the search operation */ + ac->search_req = talloc_zero(ac, struct ldb_request); + if (ac->search_req == NULL) { + ldb_debug(ac->module->ldb, LDB_DEBUG_ERROR, "Out of Memory!\n"); + return LDB_ERR_OPERATIONS_ERROR; + } + + ac->search_req->operation = LDB_ASYNC_SEARCH; + ac->search_req->op.search.base = ac->orig_req->op.mod.message->dn; + ac->search_req->op.search.scope = LDB_SCOPE_BASE; + ac->search_req->op.search.tree = ldb_parse_tree(ac->module->ldb, NULL); + if (ac->search_req->op.search.tree == NULL) { + ldb_set_errstring(ac->module->ldb, talloc_asprintf(ac, "Invalid search filter")); + return LDB_ERR_OPERATIONS_ERROR; + } + ac->search_req->op.search.attrs = NULL; + ac->search_req->controls = NULL; + ac->search_req->creds = ac->orig_req->creds; + ac->search_req->async.context = ac; + ac->search_req->async.callback = get_self_callback; + ac->search_req->async.timeout = ac->orig_req->async.timeout; + + ac->step = PH_MOD_SEARCH_SELF; + + return ldb_next_request(ac->module, ac->search_req); +} + +static int password_hash_mod_async_search_dom(struct ldb_async_handle *h) { + + struct ph_async_context *ac; + struct dom_sid *domain_sid; + int ret; + + ac = talloc_get_type(h->private_data, struct ph_async_context); + + /* get object domain sid */ + domain_sid = samdb_result_sid_prefix(ac, ac->search_res->message, "objectSid"); + if (domain_sid == NULL) { + ldb_debug(ac->module->ldb, LDB_DEBUG_ERROR, "can't handle entry with missing objectSid!\n"); + return LDB_ERR_OPERATIONS_ERROR; + } + + /* get user domain data */ + ret = build_domain_data_request(ac, domain_sid); + if (ret != LDB_SUCCESS) { + return ret; + } + + ac->step = PH_MOD_SEARCH_DOM; + + return ldb_next_request(ac->module, ac->dom_req); +} + +static int password_hash_mod_async_do_mod(struct ldb_async_handle *h) { + + struct ph_async_context *ac; + struct domain_data *domain; + struct smb_krb5_context *smb_krb5_context; + struct ldb_message_element *sambaAttr; + struct ldb_message *msg; + int phlen; + + ac = talloc_get_type(h->private_data, struct ph_async_context); + + domain = get_domain_data(ac->module, ac, ac->dom_res); + if (domain == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + ac->mod_req = talloc(ac, struct ldb_request); + if (ac->mod_req == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + *(ac->mod_req) = *(ac->orig_req); + + /* use a new message structure so that we can modify it */ + ac->mod_req->op.mod.message = msg = ldb_msg_new(ac->mod_req); + if (msg == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + /* modify dn */ + msg->dn = ac->orig_req->op.mod.message->dn; + + /* Some operations below require kerberos contexts */ + if (smb_krb5_init_context(ac->mod_req, &smb_krb5_context) != 0) { + return LDB_ERR_OPERATIONS_ERROR; + } + + /* we are going to replace the existing krb5key or delete it */ + if (ldb_msg_add_empty(msg, "krb5key", LDB_FLAG_MOD_REPLACE) != 0) { + return LDB_ERR_OPERATIONS_ERROR; + } + + /* if we have sambaPassword in the original message add the operatio on it here */ + sambaAttr = ldb_msg_find_element(ac->orig_req->op.mod.message, "sambaPassword"); + if (sambaAttr) { + + if (ldb_msg_add(msg, sambaAttr, sambaAttr->flags) != 0) { + return LDB_ERR_OPERATIONS_ERROR; + } + + /* we are not deleteing it add password hashes */ + if ((sambaAttr->flags & LDB_FLAG_MOD_MASK) != LDB_FLAG_MOD_DELETE) { + + /* we can compute new password hashes from the unicode password */ + if (add_password_hashes(ac->module, msg, 1) != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; + } + + /* now add krb5 keys based on unicode password */ + if (add_krb5_keys_from_password(ac->module, msg, smb_krb5_context, domain, + ldb_msg_find_string(ac->search_res->message, "samAccountName", NULL), + ldb_msg_find_string(ac->search_res->message, "userPrincipalName", NULL), + ldb_msg_check_string_attribute(ac->search_res->message, "objectClass", "computer") + ) != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; + } + + /* if the domain properties or the user account controls do not permit + * clear text passwords then wipe out the sambaPassword */ + if ((!(domain->pwdProperties & DOMAIN_PASSWORD_STORE_CLEARTEXT)) || + (!(ldb_msg_find_uint(ac->search_res->message, "userAccountControl", 0) & UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED))) { + ldb_msg_remove_attr(msg, "sambaPassword"); + } + + } + } + + /* if we don't have sambaPassword or we are trying to delete it try with nt or lm hasehs */ + if ((!sambaAttr) || ((sambaAttr->flags & LDB_FLAG_MOD_MASK) == LDB_FLAG_MOD_DELETE)) { + struct ldb_message_element *el; + + el = ldb_msg_find_element(ac->orig_req->op.mod.message, "ntPwdHash"); + if (ldb_msg_add(msg, el, el->flags) != 0) { + return LDB_ERR_OPERATIONS_ERROR; + } + + el = ldb_msg_find_element(ac->orig_req->op.mod.message, "lmPwdHash"); + if (ldb_msg_add(msg, el, el->flags) != 0) { + return LDB_ERR_OPERATIONS_ERROR; + } + } + + /* add also kr5 keys based on NT the hash */ + if (add_krb5_keys_from_NThash(ac->module, msg, smb_krb5_context) != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; + } + + /* set change time */ + if (set_pwdLastSet(ac->module, msg) != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; + } + + /* don't touch it if a value is set. It could be an incoming samsync */ + if (add_keyVersionNumber(ac->module, msg, + ldb_msg_find_uint(msg, "msDS-KeyVersionNumber", 0) + ) != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; + } + + if ((phlen = samdb_result_uint(ac->dom_res->message, "pwdHistoryLength", 0)) > 0) { + if (setPwdHistory(ac->module, msg, ac->search_res->message, phlen) != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; + } + } + + h->state = LDB_ASYNC_INIT; + h->status = LDB_SUCCESS; + + ac->step = PH_MOD_DO_MOD; + + /* perform the search */ + return ldb_next_request(ac->module, ac->mod_req); +} + +static int ph_async_wait(struct ldb_async_handle *handle) { + struct ph_async_context *ac; + int ret; + + if (!handle || !handle->private_data) { + return LDB_ERR_OPERATIONS_ERROR; + } + + if (handle->state == LDB_ASYNC_DONE) { + return handle->status; + } + + handle->state = LDB_ASYNC_PENDING; + + ac = talloc_get_type(handle->private_data, struct ph_async_context); + + switch (ac->step) { + case PH_ADD_SEARCH_DOM: + if (ac->dom_req->async.handle->status != LDB_ASYNC_DONE) { + ret = ldb_async_wait(ac->dom_req->async.handle, LDB_WAIT_NONE); + if (ret != LDB_SUCCESS) goto error; + + if (ac->dom_req->async.handle->status != LDB_ASYNC_DONE) { + return LDB_SUCCESS; + } + } + + /* domain search done, go on */ + return password_hash_add_async_do_add(handle); + + case PH_ADD_DO_ADD: + if (ac->down_req->async.handle->status != LDB_ASYNC_DONE) { + ret = ldb_async_wait(ac->down_req->async.handle, LDB_WAIT_NONE); + if (ret != LDB_SUCCESS) goto error; + + if (ac->down_req->async.handle->status != LDB_ASYNC_DONE) { + return LDB_SUCCESS; + } + } + return LDB_SUCCESS; + + case PH_MOD_DO_REQ: + if (ac->down_req->async.handle->status != LDB_ASYNC_DONE) { + ret = ldb_async_wait(ac->down_req->async.handle, LDB_WAIT_NONE); + if (ret != LDB_SUCCESS) goto error; + + if (ac->down_req->async.handle->status != LDB_ASYNC_DONE) { + return LDB_SUCCESS; + } + } + + /* non-password mods done, go on */ + return password_hash_mod_async_search_self(handle); + + case PH_MOD_SEARCH_SELF: + if (ac->search_req->async.handle->status != LDB_ASYNC_DONE) { + ret = ldb_async_wait(ac->search_req->async.handle, LDB_WAIT_NONE); + if (ret != LDB_SUCCESS) goto error; + + if (ac->search_req->async.handle->status != LDB_ASYNC_DONE) { + return LDB_SUCCESS; + } + } + + /* self search done, go on */ + return password_hash_mod_async_search_dom(handle); + + case PH_MOD_SEARCH_DOM: + if (ac->dom_req->async.handle->status != LDB_ASYNC_DONE) { + ret = ldb_async_wait(ac->dom_req->async.handle, LDB_WAIT_NONE); + if (ret != LDB_SUCCESS) goto error; + + if (ac->dom_req->async.handle->status != LDB_ASYNC_DONE) { + return LDB_SUCCESS; + } + } + + /* domain search done, go on */ + return password_hash_mod_async_do_mod(handle); + + case PH_MOD_DO_MOD: + if (ac->mod_req->async.handle->status != LDB_ASYNC_DONE) { + ret = ldb_async_wait(ac->mod_req->async.handle, LDB_WAIT_NONE); + if (ret != LDB_SUCCESS) goto error; + + if (ac->mod_req->async.handle->status != LDB_ASYNC_DONE) { + return LDB_SUCCESS; + } + } + return LDB_SUCCESS; + + default: + ret = LDB_ERR_OPERATIONS_ERROR; + goto error; + } + +error: + handle->state = LDB_ASYNC_DONE; + handle->status = ret; + return ret; +} + +static int ph_async_wait_all(struct ldb_async_handle *handle) { + + int ret; + + while (handle->state != LDB_ASYNC_DONE) { + ret = ph_async_wait(handle); + if (ret != LDB_SUCCESS) { + return ret; + } + } + + return handle->status; +} + +static int password_hash_async_wait(struct ldb_async_handle *handle, enum ldb_async_wait_type type) +{ + if (type == LDB_WAIT_ALL) { + return ph_async_wait_all(handle); + } else { + return ph_async_wait(handle); + } +} + static int password_hash_request(struct ldb_module *module, struct ldb_request *req) { switch (req->operation) { @@ -731,6 +1789,12 @@ static int password_hash_request(struct ldb_module *module, struct ldb_request * case LDB_REQ_MODIFY: return password_hash_modify(module, req); + case LDB_ASYNC_ADD: + return password_hash_add_async(module, req); + + case LDB_ASYNC_MODIFY: + return password_hash_modify_async(module, req); + default: return ldb_next_request(module, req); @@ -739,7 +1803,8 @@ static int password_hash_request(struct ldb_module *module, struct ldb_request * static const struct ldb_module_ops password_hash_ops = { .name = "password_hash", - .request = password_hash_request + .request = password_hash_request, + .async_wait = password_hash_async_wait }; -- cgit From 6d0969aa1adff4c7f134bd6e3e42997e72b41cf6 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sat, 20 May 2006 19:37:21 +0000 Subject: r15761: Fix-as-you-go ... Testing various async paths and uncovering bugs (This used to be commit 099d873ea596ece18efe63b06bc64e7f97a96f82) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 45 ++++++++++++++------------ 1 file changed, 24 insertions(+), 21 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index b7f4aff67a..617962b909 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -1672,11 +1672,11 @@ static int ph_async_wait(struct ldb_async_handle *handle) { switch (ac->step) { case PH_ADD_SEARCH_DOM: - if (ac->dom_req->async.handle->status != LDB_ASYNC_DONE) { + if (ac->dom_req->async.handle->state != LDB_ASYNC_DONE) { ret = ldb_async_wait(ac->dom_req->async.handle, LDB_WAIT_NONE); - if (ret != LDB_SUCCESS) goto error; + if (ret != LDB_SUCCESS) goto done; - if (ac->dom_req->async.handle->status != LDB_ASYNC_DONE) { + if (ac->dom_req->async.handle->state != LDB_ASYNC_DONE) { return LDB_SUCCESS; } } @@ -1685,22 +1685,22 @@ static int ph_async_wait(struct ldb_async_handle *handle) { return password_hash_add_async_do_add(handle); case PH_ADD_DO_ADD: - if (ac->down_req->async.handle->status != LDB_ASYNC_DONE) { + if (ac->down_req->async.handle->state != LDB_ASYNC_DONE) { ret = ldb_async_wait(ac->down_req->async.handle, LDB_WAIT_NONE); - if (ret != LDB_SUCCESS) goto error; + if (ret != LDB_SUCCESS) goto done; - if (ac->down_req->async.handle->status != LDB_ASYNC_DONE) { + if (ac->down_req->async.handle->state != LDB_ASYNC_DONE) { return LDB_SUCCESS; } } return LDB_SUCCESS; case PH_MOD_DO_REQ: - if (ac->down_req->async.handle->status != LDB_ASYNC_DONE) { + if (ac->down_req->async.handle->state != LDB_ASYNC_DONE) { ret = ldb_async_wait(ac->down_req->async.handle, LDB_WAIT_NONE); - if (ret != LDB_SUCCESS) goto error; + if (ret != LDB_SUCCESS) goto done; - if (ac->down_req->async.handle->status != LDB_ASYNC_DONE) { + if (ac->down_req->async.handle->state != LDB_ASYNC_DONE) { return LDB_SUCCESS; } } @@ -1709,11 +1709,11 @@ static int ph_async_wait(struct ldb_async_handle *handle) { return password_hash_mod_async_search_self(handle); case PH_MOD_SEARCH_SELF: - if (ac->search_req->async.handle->status != LDB_ASYNC_DONE) { + if (ac->search_req->async.handle->state != LDB_ASYNC_DONE) { ret = ldb_async_wait(ac->search_req->async.handle, LDB_WAIT_NONE); - if (ret != LDB_SUCCESS) goto error; + if (ret != LDB_SUCCESS) goto done; - if (ac->search_req->async.handle->status != LDB_ASYNC_DONE) { + if (ac->search_req->async.handle->state != LDB_ASYNC_DONE) { return LDB_SUCCESS; } } @@ -1722,11 +1722,11 @@ static int ph_async_wait(struct ldb_async_handle *handle) { return password_hash_mod_async_search_dom(handle); case PH_MOD_SEARCH_DOM: - if (ac->dom_req->async.handle->status != LDB_ASYNC_DONE) { + if (ac->dom_req->async.handle->state != LDB_ASYNC_DONE) { ret = ldb_async_wait(ac->dom_req->async.handle, LDB_WAIT_NONE); - if (ret != LDB_SUCCESS) goto error; + if (ret != LDB_SUCCESS) goto done; - if (ac->dom_req->async.handle->status != LDB_ASYNC_DONE) { + if (ac->dom_req->async.handle->state != LDB_ASYNC_DONE) { return LDB_SUCCESS; } } @@ -1735,22 +1735,25 @@ static int ph_async_wait(struct ldb_async_handle *handle) { return password_hash_mod_async_do_mod(handle); case PH_MOD_DO_MOD: - if (ac->mod_req->async.handle->status != LDB_ASYNC_DONE) { + if (ac->mod_req->async.handle->state != LDB_ASYNC_DONE) { ret = ldb_async_wait(ac->mod_req->async.handle, LDB_WAIT_NONE); - if (ret != LDB_SUCCESS) goto error; + if (ret != LDB_SUCCESS) goto done; - if (ac->mod_req->async.handle->status != LDB_ASYNC_DONE) { + if (ac->mod_req->async.handle->state != LDB_ASYNC_DONE) { return LDB_SUCCESS; } } - return LDB_SUCCESS; + + break; default: ret = LDB_ERR_OPERATIONS_ERROR; - goto error; + goto done; } -error: + ret = LDB_SUCCESS; + +done: handle->state = LDB_ASYNC_DONE; handle->status = ret; return ret; -- cgit From e2112ba3b7d491f6b6d9957b57a36a78efed18a9 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sun, 21 May 2006 20:06:01 +0000 Subject: r15782: More fixes for async cases (This used to be commit 3c9434e264710a1fa29adedbe571d5324ecae906) --- source4/dsdb/samdb/ldb_modules/objectguid.c | 13 ++----- source4/dsdb/samdb/ldb_modules/password_hash.c | 7 ++-- source4/dsdb/samdb/ldb_modules/samldb.c | 48 ++++++++++++++++++-------- 3 files changed, 42 insertions(+), 26 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/objectguid.c b/source4/dsdb/samdb/ldb_modules/objectguid.c index 71591f187f..96457447fb 100644 --- a/source4/dsdb/samdb/ldb_modules/objectguid.c +++ b/source4/dsdb/samdb/ldb_modules/objectguid.c @@ -133,8 +133,10 @@ static int objectguid_add_async(struct ldb_module *module, struct ldb_request *r return LDB_ERR_OPERATIONS_ERROR; } + *down_req = *req; + /* we have to copy the message as the caller might have it as a const */ - msg = ldb_msg_copy_shallow(down_req, req->op.add.message); + down_req->op.add.message = msg = ldb_msg_copy_shallow(down_req, req->op.add.message); if (msg == NULL) { return LDB_ERR_OPERATIONS_ERROR; } @@ -152,16 +154,7 @@ static int objectguid_add_async(struct ldb_module *module, struct ldb_request *r if (ret) { return ret; } - - down_req->op.add.message = msg; - down_req->controls = req->controls; - down_req->creds = req->creds; - - down_req->async.context = req->async.context; - down_req->async.callback = req->async.callback; - down_req->async.timeout = req->async.timeout; - /* go on with the call chain */ ret = ldb_next_request(module, down_req); diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 617962b909..0d4f0c6a0f 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -205,6 +205,8 @@ static int password_hash_handle(struct ldb_module *module, struct ldb_request *r case LDB_REQ_MODIFY: modified_orig_request->op.mod.message = msg2; break; + default: + return LDB_ERR_OPERATIONS_ERROR; } /* Send the (modified) request of the original caller down to the database */ @@ -1275,7 +1277,7 @@ static int password_hash_add_async_do_add(struct ldb_async_handle *h) { ac = talloc_get_type(h->private_data, struct ph_async_context); - domain = get_domain_data(ac->module, ac, ac->search_res); + domain = get_domain_data(ac->module, ac, ac->dom_res); if (domain == NULL) { return LDB_ERR_OPERATIONS_ERROR; } @@ -1693,7 +1695,8 @@ static int ph_async_wait(struct ldb_async_handle *handle) { return LDB_SUCCESS; } } - return LDB_SUCCESS; + + break; case PH_MOD_DO_REQ: if (ac->down_req->async.handle->state != LDB_ASYNC_DONE) { diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 31cf6143a1..8a708af83b 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -625,6 +625,20 @@ static int samldb_fill_user_or_computer_object(struct ldb_module *module, const return LDB_ERR_OPERATIONS_ERROR; } + /* make sure we also add person, organizationalPerson and top */ + if ( ! samldb_find_or_add_attribute(module, msg2, "objectclass", "person", "person")) { + talloc_free(mem_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + if ( ! samldb_find_or_add_attribute(module, msg2, "objectclass", "organizationalPerson", "organizationalPerson")) { + talloc_free(mem_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + if ( ! samldb_find_or_add_attribute(module, msg2, "objectclass", "top", "top")) { + talloc_free(mem_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + /* meddle with objectclass */ if (ldb_msg_find_element(msg2, "samAccountName") == NULL) { @@ -762,13 +776,16 @@ static int samldb_add(struct ldb_module *module, struct ldb_request *req) return ldb_next_request(module, req); } - /* is user or computer? add all relevant missing objects */ - if ((samldb_find_attribute(msg, "objectclass", "user") != NULL) || - (samldb_find_attribute(msg, "objectclass", "computer") != NULL)) { - ret = samldb_fill_user_or_computer_object(module, msg, &msg2); - if (ret) { - return ret; - } + /* is user or computer? Skip if not */ + if ((samldb_find_attribute(msg, "objectclass", "user") == NULL) && + (samldb_find_attribute(msg, "objectclass", "computer") == NULL)) { + return ldb_next_request(module, req); + } + + /* add all relevant missing objects */ + ret = samldb_fill_user_or_computer_object(module, msg, &msg2); + if (ret) { + return ret; } /* is group? add all relevant missing objects */ @@ -830,13 +847,16 @@ static int samldb_add_async(struct ldb_module *module, struct ldb_request *req) return LDB_ERR_OPERATIONS_ERROR; } - /* is user or computer? add all relevant missing objects */ - if ((samldb_find_attribute(msg, "objectclass", "user") != NULL) || - (samldb_find_attribute(msg, "objectclass", "computer") != NULL)) { - ret = samldb_fill_user_or_computer_object(module, msg, &msg2); - if (ret) { - return ret; - } + /* is user or computer? Skip if not */ + if ((samldb_find_attribute(msg, "objectclass", "user") == NULL) && + (samldb_find_attribute(msg, "objectclass", "computer") == NULL)) { + return ldb_next_request(module, req); + } + + /* add all relevant missing objects */ + ret = samldb_fill_user_or_computer_object(module, msg, &msg2); + if (ret) { + return ret; } /* is group? add all relevant missing objects */ -- cgit From 1a22d88c93b173ef4221f69d566be1e1f4797850 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sun, 21 May 2006 20:21:34 +0000 Subject: r15783: Fix previous commit, was the wrong way to deal with the problem (This used to be commit 36537100db491012d8124f7aca266a8290f2eee6) --- source4/dsdb/samdb/ldb_modules/samldb.c | 50 ++++++++++++++++----------------- 1 file changed, 24 insertions(+), 26 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 8a708af83b..706c0bb5c3 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -776,16 +776,14 @@ static int samldb_add(struct ldb_module *module, struct ldb_request *req) return ldb_next_request(module, req); } - /* is user or computer? Skip if not */ - if ((samldb_find_attribute(msg, "objectclass", "user") == NULL) && - (samldb_find_attribute(msg, "objectclass", "computer") == NULL)) { - return ldb_next_request(module, req); - } - - /* add all relevant missing objects */ - ret = samldb_fill_user_or_computer_object(module, msg, &msg2); - if (ret) { - return ret; + /* is user or computer? */ + if ((samldb_find_attribute(msg, "objectclass", "user") != NULL) || + (samldb_find_attribute(msg, "objectclass", "computer") != NULL)) { + /* add all relevant missing objects */ + ret = samldb_fill_user_or_computer_object(module, msg, &msg2); + if (ret) { + return ret; + } } /* is group? add all relevant missing objects */ @@ -842,21 +840,14 @@ static int samldb_add_async(struct ldb_module *module, struct ldb_request *req) return ldb_next_request(module, req); } - down_req = talloc(module, struct ldb_request); - if (down_req == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - - /* is user or computer? Skip if not */ + /* is user or computer? */ if ((samldb_find_attribute(msg, "objectclass", "user") == NULL) && (samldb_find_attribute(msg, "objectclass", "computer") == NULL)) { - return ldb_next_request(module, req); - } - - /* add all relevant missing objects */ - ret = samldb_fill_user_or_computer_object(module, msg, &msg2); - if (ret) { - return ret; + /* add all relevant missing objects */ + ret = samldb_fill_user_or_computer_object(module, msg, &msg2); + if (ret) { + return ret; + } } /* is group? add all relevant missing objects */ @@ -879,11 +870,18 @@ static int samldb_add_async(struct ldb_module *module, struct ldb_request *req) } } + if (msg2 == NULL) { + return ldb_next_request(module, req); + } + + down_req = talloc(module, struct ldb_request); + if (down_req == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + *down_req = *req; - if (msg2 != NULL) { - down_req->op.add.message = talloc_steal(down_req, msg2); - } + down_req->op.add.message = talloc_steal(down_req, msg2); /* go on with the call chain */ ret = ldb_next_request(module, down_req); -- cgit From d51f4fb2c7c4f2eaee8f67769e76f05c5a289996 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sun, 21 May 2006 23:58:09 +0000 Subject: r15789: hmm, damn, testing uncovcer all your bugs :-) (This used to be commit 977982c884da15d1e9f5fe19d24cd4169ecbb0c5) --- source4/dsdb/samdb/ldb_modules/samldb.c | 18 ++---------------- 1 file changed, 2 insertions(+), 16 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 706c0bb5c3..e662b2a663 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -625,20 +625,6 @@ static int samldb_fill_user_or_computer_object(struct ldb_module *module, const return LDB_ERR_OPERATIONS_ERROR; } - /* make sure we also add person, organizationalPerson and top */ - if ( ! samldb_find_or_add_attribute(module, msg2, "objectclass", "person", "person")) { - talloc_free(mem_ctx); - return LDB_ERR_OPERATIONS_ERROR; - } - if ( ! samldb_find_or_add_attribute(module, msg2, "objectclass", "organizationalPerson", "organizationalPerson")) { - talloc_free(mem_ctx); - return LDB_ERR_OPERATIONS_ERROR; - } - if ( ! samldb_find_or_add_attribute(module, msg2, "objectclass", "top", "top")) { - talloc_free(mem_ctx); - return LDB_ERR_OPERATIONS_ERROR; - } - /* meddle with objectclass */ if (ldb_msg_find_element(msg2, "samAccountName") == NULL) { @@ -841,8 +827,8 @@ static int samldb_add_async(struct ldb_module *module, struct ldb_request *req) } /* is user or computer? */ - if ((samldb_find_attribute(msg, "objectclass", "user") == NULL) && - (samldb_find_attribute(msg, "objectclass", "computer") == NULL)) { + if ((samldb_find_attribute(msg, "objectclass", "user") != NULL) || + (samldb_find_attribute(msg, "objectclass", "computer") != NULL)) { /* add all relevant missing objects */ ret = samldb_fill_user_or_computer_object(module, msg, &msg2); if (ret) { -- cgit From 8081e4f40276034c47bd799aca64a7d01ffb1bce Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 22 May 2006 03:55:01 +0000 Subject: r15795: Try to use the async code by default It passess all my tests, but I still need to work on a lot of stuff. Shouldn't impact anybody else work, so I want to commit now and see what happens Will work to remove the old code from modules and backends soon, and make some more restyling in ldb internals. So, if there is something you don't like in this desgin please speak now. Simo. (This used to be commit 8b2a563e716a789ea77cbfbf2f372724de5361ce) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 21 ++++++++++----- source4/dsdb/samdb/ldb_modules/samldb.c | 36 ++++++++++++++++++++------ 2 files changed, 43 insertions(+), 14 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 0d4f0c6a0f..c1eb244e19 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -975,16 +975,25 @@ static int add_krb5_keys_from_NThash(struct ldb_module *module, struct ldb_messa return LDB_SUCCESS; } -static int set_pwdLastSet(struct ldb_module *module, struct ldb_message *msg) +static int set_pwdLastSet(struct ldb_module *module, struct ldb_message *msg, int is_mod) { NTTIME now_nt; /* set it as now */ unix_to_nt_time(&now_nt, time(NULL)); - /* replace or add */ - if (ldb_msg_add_empty(msg, "pwdLastSet", LDB_FLAG_MOD_REPLACE) != 0) { - return LDB_ERR_OPERATIONS_ERROR; + if (!is_mod) { + /* be sure there isn't a 0 value set (eg. coming from the template) */ + ldb_msg_remove_attr(msg, "pwdLastSet"); + /* add */ + if (ldb_msg_add_empty(msg, "pwdLastSet", LDB_FLAG_MOD_ADD) != 0) { + return LDB_ERR_OPERATIONS_ERROR; + } + } else { + /* replace */ + if (ldb_msg_add_empty(msg, "pwdLastSet", LDB_FLAG_MOD_REPLACE) != 0) { + return LDB_ERR_OPERATIONS_ERROR; + } } if (samdb_msg_add_uint64(module->ldb, msg, msg, "pwdLastSet", now_nt) != 0) { @@ -1326,7 +1335,7 @@ static int password_hash_add_async_do_add(struct ldb_async_handle *h) { /* don't touch it if a value is set. It could be an incoming samsync */ if (ldb_msg_find_uint64(msg, "pwdLastSet", 0) == 0) { - if (set_pwdLastSet(ac->module, msg) != LDB_SUCCESS) { + if (set_pwdLastSet(ac->module, msg, 0) != LDB_SUCCESS) { return LDB_ERR_OPERATIONS_ERROR; } } @@ -1630,7 +1639,7 @@ static int password_hash_mod_async_do_mod(struct ldb_async_handle *h) { } /* set change time */ - if (set_pwdLastSet(ac->module, msg) != LDB_SUCCESS) { + if (set_pwdLastSet(ac->module, msg, 1) != LDB_SUCCESS) { return LDB_ERR_OPERATIONS_ERROR; } diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index e662b2a663..9bf322f384 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -94,14 +94,35 @@ static BOOL samldb_msg_add_sid(struct ldb_module *module, struct ldb_message *ms return (ldb_msg_add_value(msg, name, &v) == 0); } -static BOOL samldb_find_or_add_attribute(struct ldb_module *module, struct ldb_message *msg, const char *name, const char *value, const char *set_value) +static BOOL samldb_find_or_add_value(struct ldb_module *module, struct ldb_message *msg, const char *name, const char *value, const char *set_value) { + if (msg == NULL || name == NULL || value == NULL || set_value == NULL) { + return False; + } + if (samldb_find_attribute(msg, name, value) == NULL) { return samldb_msg_add_string(module, msg, name, set_value); } return True; } +static BOOL samldb_find_or_add_attribute(struct ldb_module *module, struct ldb_message *msg, const char *name, const char *set_value) +{ + int j; + struct ldb_message_element *el; + + if (msg == NULL || name == NULL || set_value == NULL) { + return False; + } + + el = ldb_msg_find_element(msg, name); + if (el) { + return True; + } + + return samldb_msg_add_string(module, msg, name, set_value); +} + /* allocate a new id, attempting to do it atomically return 0 on failure, the id on success @@ -492,16 +513,15 @@ static int samldb_copy_template(struct ldb_module *module, struct ldb_message *m strcasecmp((char *)el->values[j].data, "secretTemplate") == 0) { continue; } - if ( ! samldb_find_or_add_attribute(module, msg, el->name, - (char *)el->values[j].data, - (char *)el->values[j].data)) { + if ( ! samldb_find_or_add_value(module, msg, el->name, + (char *)el->values[j].data, + (char *)el->values[j].data)) { ldb_debug(module->ldb, LDB_DEBUG_FATAL, "Attribute adding failed...\n"); talloc_free(res); return -1; } } else { if ( ! samldb_find_or_add_attribute(module, msg, el->name, - NULL, (char *)el->values[j].data)) { ldb_debug(module->ldb, LDB_DEBUG_FATAL, "Attribute adding failed...\n"); talloc_free(res); @@ -558,7 +578,7 @@ static int samldb_fill_group_object(struct ldb_module *module, const struct ldb_ talloc_free(mem_ctx); return LDB_ERR_OPERATIONS_ERROR; } - if ( ! samldb_find_or_add_attribute(module, msg2, "sAMAccountName", NULL, name)) { + if ( ! samldb_find_or_add_attribute(module, msg2, "sAMAccountName", name)) { talloc_free(mem_ctx); return LDB_ERR_OPERATIONS_ERROR; } @@ -620,7 +640,7 @@ static int samldb_fill_user_or_computer_object(struct ldb_module *module, const } /* if the only attribute was: "objectclass: computer", then make sure we also add "user" objectclass */ - if ( ! samldb_find_or_add_attribute(module, msg2, "objectclass", "user", "user")) { + if ( ! samldb_find_or_add_value(module, msg2, "objectclass", "user", "user")) { talloc_free(mem_ctx); return LDB_ERR_OPERATIONS_ERROR; } @@ -633,7 +653,7 @@ static int samldb_fill_user_or_computer_object(struct ldb_module *module, const talloc_free(mem_ctx); return LDB_ERR_OPERATIONS_ERROR; } - if ( ! samldb_find_or_add_attribute(module, msg2, "sAMAccountName", NULL, name)) { + if ( ! samldb_find_or_add_attribute(module, msg2, "sAMAccountName", name)) { talloc_free(mem_ctx); return LDB_ERR_OPERATIONS_ERROR; } -- cgit From d6aaca599b8094b47246dd341dde165f204df090 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 22 May 2006 15:17:12 +0000 Subject: r15804: Fix SAMLOGON test (This used to be commit 2e9a840bb975f3269de4ca299a3d6e5b19f3cad1) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index c1eb244e19..1a2ca629bc 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -769,23 +769,22 @@ static int add_password_hashes(struct ldb_module *module, struct ldb_message *ms return LDB_ERR_OPERATIONS_ERROR; } - /* compute the new nt and lm hashes */ if (is_mod) { if (ldb_msg_add_empty(msg, "ntPwdHash", LDB_FLAG_MOD_REPLACE) != 0) { return LDB_ERR_OPERATIONS_ERROR; } + if (ldb_msg_add_empty(msg, "lmPwdHash", LDB_FLAG_MOD_REPLACE) != 0) { + return LDB_ERR_OPERATIONS_ERROR; + } } + + /* compute the new nt and lm hashes */ E_md4hash(sambaPassword, tmp_hash.hash); if (samdb_msg_add_hash(module->ldb, msg, msg, "ntPwdHash", &tmp_hash) != 0) { return LDB_ERR_OPERATIONS_ERROR; } if (E_deshash(sambaPassword, tmp_hash.hash)) { - if (is_mod) { - if (ldb_msg_add_empty(msg, "lmPwdHash", LDB_FLAG_MOD_REPLACE) != 0) { - return LDB_ERR_OPERATIONS_ERROR; - } - } if (samdb_msg_add_hash(module->ldb, msg, msg, "lmPwdHash", &tmp_hash) != 0) { return LDB_ERR_OPERATIONS_ERROR; } -- cgit From b22d15a0f80be0de1bb123f79058ec85d083cd75 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 24 May 2006 12:33:06 +0000 Subject: r15859: fixed a crash bug in the ldb password_hash module. This one is quite sublte - please have a look at the change if you are not certain you know the semantics of constant arrays declared on the stack (they must be static if you return them from the function) (This used to be commit 1848078fee2041195e3d65fcc090d7b6330b8ea0) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 1a2ca629bc..2885fb82a2 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -1145,7 +1145,10 @@ static int get_domain_data_callback(struct ldb_context *ldb, void *context, stru static int build_domain_data_request(struct ph_async_context *ac, struct dom_sid *sid) { - const char * const attrs[] = { "pwdProperties", "pwdHistoryLength", "dnsDomain", NULL }; + /* attrs[] is returned from this function in + ac->dom_req->op.search.attrs, so it must be static, as + otherwise the compiler can put it on the stack */ + static const char * const attrs[] = { "pwdProperties", "pwdHistoryLength", "dnsDomain", NULL }; char *filter; ac->dom_req = talloc_zero(ac, struct ldb_request); -- cgit From 90a5e19e03842b77fd7811965fb2603e552261bc Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sun, 28 May 2006 02:10:44 +0000 Subject: r15913: Error passing in the async code is not in agood shape Start enhancing it and fix some problems with incorrect evalutaion of the codes Implement rdn rename (async only) (This used to be commit 6af1d738b9668d4f0eb6194ac0f84af9e73f8c2e) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 110 ++++++++++++++++--------- 1 file changed, 73 insertions(+), 37 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 2885fb82a2..67cb01b9d8 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -1680,82 +1680,119 @@ static int ph_async_wait(struct ldb_async_handle *handle) { } handle->state = LDB_ASYNC_PENDING; + handle->status = LDB_SUCCESS; ac = talloc_get_type(handle->private_data, struct ph_async_context); switch (ac->step) { case PH_ADD_SEARCH_DOM: - if (ac->dom_req->async.handle->state != LDB_ASYNC_DONE) { - ret = ldb_async_wait(ac->dom_req->async.handle, LDB_WAIT_NONE); - if (ret != LDB_SUCCESS) goto done; + ret = ldb_async_wait(ac->dom_req->async.handle, LDB_WAIT_NONE); - if (ac->dom_req->async.handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } + if (ret != LDB_SUCCESS) { + handle->status = ret; + goto done; + } + if (ac->dom_req->async.handle->status != LDB_SUCCESS) { + handle->status = ac->dom_req->async.handle->status; + goto done; + } + + if (ac->dom_req->async.handle->state != LDB_ASYNC_DONE) { + return LDB_SUCCESS; } /* domain search done, go on */ return password_hash_add_async_do_add(handle); case PH_ADD_DO_ADD: - if (ac->down_req->async.handle->state != LDB_ASYNC_DONE) { - ret = ldb_async_wait(ac->down_req->async.handle, LDB_WAIT_NONE); - if (ret != LDB_SUCCESS) goto done; + ret = ldb_async_wait(ac->down_req->async.handle, LDB_WAIT_NONE); - if (ac->down_req->async.handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } + if (ret != LDB_SUCCESS) { + handle->status = ret; + goto done; + } + if (ac->down_req->async.handle->status != LDB_SUCCESS) { + handle->status = ac->down_req->async.handle->status; + goto done; + } + + if (ac->down_req->async.handle->state != LDB_ASYNC_DONE) { + return LDB_SUCCESS; } break; case PH_MOD_DO_REQ: - if (ac->down_req->async.handle->state != LDB_ASYNC_DONE) { - ret = ldb_async_wait(ac->down_req->async.handle, LDB_WAIT_NONE); - if (ret != LDB_SUCCESS) goto done; + ret = ldb_async_wait(ac->down_req->async.handle, LDB_WAIT_NONE); - if (ac->down_req->async.handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } + if (ret != LDB_SUCCESS) { + handle->status = ret; + goto done; + } + if (ac->down_req->async.handle->status != LDB_SUCCESS) { + handle->status = ac->down_req->async.handle->status; + goto done; + } + + if (ac->down_req->async.handle->state != LDB_ASYNC_DONE) { + return LDB_SUCCESS; } /* non-password mods done, go on */ return password_hash_mod_async_search_self(handle); case PH_MOD_SEARCH_SELF: - if (ac->search_req->async.handle->state != LDB_ASYNC_DONE) { - ret = ldb_async_wait(ac->search_req->async.handle, LDB_WAIT_NONE); - if (ret != LDB_SUCCESS) goto done; + ret = ldb_async_wait(ac->search_req->async.handle, LDB_WAIT_NONE); - if (ac->search_req->async.handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } + if (ret != LDB_SUCCESS) { + handle->status = ret; + goto done; + } + if (ac->search_req->async.handle->status != LDB_SUCCESS) { + handle->status = ac->search_req->async.handle->status; + goto done; + } + + if (ac->search_req->async.handle->state != LDB_ASYNC_DONE) { + return LDB_SUCCESS; } /* self search done, go on */ return password_hash_mod_async_search_dom(handle); case PH_MOD_SEARCH_DOM: - if (ac->dom_req->async.handle->state != LDB_ASYNC_DONE) { - ret = ldb_async_wait(ac->dom_req->async.handle, LDB_WAIT_NONE); - if (ret != LDB_SUCCESS) goto done; + ret = ldb_async_wait(ac->dom_req->async.handle, LDB_WAIT_NONE); - if (ac->dom_req->async.handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } + if (ret != LDB_SUCCESS) { + handle->status = ret; + goto done; + } + if (ac->dom_req->async.handle->status != LDB_SUCCESS) { + handle->status = ac->dom_req->async.handle->status; + goto done; + } + + if (ac->dom_req->async.handle->state != LDB_ASYNC_DONE) { + return LDB_SUCCESS; } /* domain search done, go on */ return password_hash_mod_async_do_mod(handle); case PH_MOD_DO_MOD: - if (ac->mod_req->async.handle->state != LDB_ASYNC_DONE) { - ret = ldb_async_wait(ac->mod_req->async.handle, LDB_WAIT_NONE); - if (ret != LDB_SUCCESS) goto done; + ret = ldb_async_wait(ac->mod_req->async.handle, LDB_WAIT_NONE); - if (ac->mod_req->async.handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } + if (ret != LDB_SUCCESS) { + handle->status = ret; + goto done; + } + if (ac->mod_req->async.handle->status != LDB_SUCCESS) { + handle->status = ac->mod_req->async.handle->status; + goto done; + } + + if (ac->mod_req->async.handle->state != LDB_ASYNC_DONE) { + return LDB_SUCCESS; } break; @@ -1769,7 +1806,6 @@ static int ph_async_wait(struct ldb_async_handle *handle) { done: handle->state = LDB_ASYNC_DONE; - handle->status = ret; return ret; } -- cgit From 3a4d7eb2c08a06fac89c34d132f1c32751ce7ad5 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 29 May 2006 01:30:02 +0000 Subject: r15927: Optimize ldb module traverse while keeping the API intact. I was sick of jumping inot each module for each request, even the ones not handle by that module. (This used to be commit 7d65105e885a28584e8555453b90232c43a92bf7) --- source4/dsdb/samdb/ldb_modules/extended_dn.c | 14 ++++++++++---- source4/dsdb/samdb/ldb_modules/kludge_acl.c | 12 +++++------- source4/dsdb/samdb/ldb_modules/objectguid.c | 4 +--- source4/dsdb/samdb/ldb_modules/password_hash.c | 8 ++------ source4/dsdb/samdb/ldb_modules/rootdse.c | 4 +--- source4/dsdb/samdb/ldb_modules/samldb.c | 4 +--- 6 files changed, 20 insertions(+), 26 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/extended_dn.c b/source4/dsdb/samdb/ldb_modules/extended_dn.c index e421f7d13c..520ffde32d 100644 --- a/source4/dsdb/samdb/ldb_modules/extended_dn.c +++ b/source4/dsdb/samdb/ldb_modules/extended_dn.c @@ -290,8 +290,9 @@ error: return LDB_ERR_OPERATIONS_ERROR; } -static int extended_search_async(struct ldb_module *module, struct ldb_control *control, struct ldb_request *req) +static int extended_search_async(struct ldb_module *module, struct ldb_request *req) { + struct ldb_control *control; struct ldb_extended_dn_control *extended_ctrl; struct ldb_control **saved_controls; struct extended_async_context *ac; @@ -299,6 +300,13 @@ static int extended_search_async(struct ldb_module *module, struct ldb_control * char **new_attrs; int ret; + /* check if there's an extended dn control */ + control = get_control_from_list(req->controls, LDB_CONTROL_EXTENDED_DN_OID); + if (control == NULL) { + /* not found go on */ + return ldb_next_request(module, req); + } + extended_ctrl = talloc_get_type(control->data, struct ldb_extended_dn_control); if (!extended_ctrl) { return LDB_ERR_PROTOCOL_ERROR; @@ -397,9 +405,6 @@ static int extended_request(struct ldb_module *module, struct ldb_request *req) case LDB_REQ_SEARCH: return extended_search(module, control, req); - case LDB_ASYNC_SEARCH: - return extended_search_async(module, control, req); - default: return LDB_ERR_OPERATIONS_ERROR; @@ -433,6 +438,7 @@ static int extended_init(struct ldb_module *module) static const struct ldb_module_ops extended_dn_ops = { .name = "extended_dn", + .search = extended_search_async, .request = extended_request, .init_context = extended_init }; diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index 88e1831d14..d6929bd732 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -266,21 +266,14 @@ static int kludge_acl_request(struct ldb_module *module, struct ldb_request *req switch (req->operation) { case LDB_REQ_ADD: - case LDB_ASYNC_ADD: case LDB_REQ_MODIFY: - case LDB_ASYNC_MODIFY: case LDB_REQ_DELETE: - case LDB_ASYNC_DELETE: case LDB_REQ_RENAME: - case LDB_ASYNC_RENAME: return kludge_acl_change(module, req); case LDB_REQ_SEARCH: return kludge_acl_search(module, req); - case LDB_ASYNC_SEARCH: - return kludge_acl_search_async(module, req); - case LDB_REQ_REGISTER: return ldb_next_request(module, req); @@ -354,6 +347,11 @@ done: static const struct ldb_module_ops kludge_acl_ops = { .name = "kludge_acl", + .search = kludge_acl_search_async, + .add = kludge_acl_change, + .modify = kludge_acl_change, + .del = kludge_acl_change, + .rename = kludge_acl_change, .request = kludge_acl_request, .start_transaction = kludge_acl_start_trans, .end_transaction = kludge_acl_end_trans, diff --git a/source4/dsdb/samdb/ldb_modules/objectguid.c b/source4/dsdb/samdb/ldb_modules/objectguid.c index 96457447fb..5ac3260339 100644 --- a/source4/dsdb/samdb/ldb_modules/objectguid.c +++ b/source4/dsdb/samdb/ldb_modules/objectguid.c @@ -174,9 +174,6 @@ static int objectguid_request(struct ldb_module *module, struct ldb_request *req case LDB_REQ_ADD: return objectguid_add(module, req); - case LDB_ASYNC_ADD: - return objectguid_add_async(module, req); - default: return ldb_next_request(module, req); @@ -185,6 +182,7 @@ static int objectguid_request(struct ldb_module *module, struct ldb_request *req static const struct ldb_module_ops objectguid_ops = { .name = "objectguid", + .add = objectguid_add_async, .request = objectguid_request }; diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 67cb01b9d8..0be0fff0ff 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -1842,12 +1842,6 @@ static int password_hash_request(struct ldb_module *module, struct ldb_request * case LDB_REQ_MODIFY: return password_hash_modify(module, req); - case LDB_ASYNC_ADD: - return password_hash_add_async(module, req); - - case LDB_ASYNC_MODIFY: - return password_hash_modify_async(module, req); - default: return ldb_next_request(module, req); @@ -1856,6 +1850,8 @@ static int password_hash_request(struct ldb_module *module, struct ldb_request * static const struct ldb_module_ops password_hash_ops = { .name = "password_hash", + .add = password_hash_add_async, + .modify = password_hash_modify_async, .request = password_hash_request, .async_wait = password_hash_async_wait }; diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index 84622357f8..892a98db12 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -278,9 +278,6 @@ static int rootdse_request(struct ldb_module *module, struct ldb_request *req) case LDB_REQ_SEARCH: return rootdse_search_bytree(module, req); - case LDB_ASYNC_SEARCH: - return rootdse_search_async(module, req); - case LDB_REQ_REGISTER: return rootdse_register_control(module, req); @@ -309,6 +306,7 @@ static int rootdse_init(struct ldb_module *module) static const struct ldb_module_ops rootdse_ops = { .name = "rootdse", .init_context = rootdse_init, + .search = rootdse_search_async, .request = rootdse_request }; diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 9bf322f384..368fd161d4 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -915,9 +915,6 @@ static int samldb_request(struct ldb_module *module, struct ldb_request *req) case LDB_REQ_ADD: return samldb_add(module, req); - case LDB_ASYNC_ADD: - return samldb_add_async(module, req); - default: return ldb_next_request(module, req); @@ -933,6 +930,7 @@ static int samldb_init(struct ldb_module *module) static const struct ldb_module_ops samldb_ops = { .name = "samldb", .init_context = samldb_init, + .add = samldb_add_async, .request = samldb_request }; -- cgit From 03703a58d7fe441ec5dcbe1814cea3f55544de55 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 29 May 2006 11:57:09 +0000 Subject: r15932: Remove per request creds They have never benn used and make little sense too imo (This used to be commit f0c1d08d50f8a3e25650ac85b178ec7a43e433d9) --- source4/dsdb/samdb/ldb_modules/extended_dn.c | 2 -- source4/dsdb/samdb/ldb_modules/kludge_acl.c | 1 - source4/dsdb/samdb/ldb_modules/password_hash.c | 2 -- source4/dsdb/samdb/ldb_modules/rootdse.c | 1 - 4 files changed, 6 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/extended_dn.c b/source4/dsdb/samdb/ldb_modules/extended_dn.c index 520ffde32d..8ca82b2670 100644 --- a/source4/dsdb/samdb/ldb_modules/extended_dn.c +++ b/source4/dsdb/samdb/ldb_modules/extended_dn.c @@ -371,8 +371,6 @@ static int extended_search_async(struct ldb_module *module, struct ldb_request * return LDB_ERR_OPERATIONS_ERROR; } - down_req->creds = req->creds; - down_req->async.context = ac; down_req->async.callback = extended_async_callback; down_req->async.timeout = req->async.timeout; diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index d6929bd732..23d96ba2b7 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -209,7 +209,6 @@ static int kludge_acl_search_async(struct ldb_module *module, struct ldb_request down_req->op.search.attrs = req->op.search.attrs; down_req->controls = req->controls; - down_req->creds = req->creds; down_req->async.context = ac; down_req->async.callback = kludge_acl_async_callback; diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 0be0fff0ff..bdf1bcc27a 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -1175,7 +1175,6 @@ static int build_domain_data_request(struct ph_async_context *ac, } ac->dom_req->op.search.attrs = attrs; ac->dom_req->controls = NULL; - ac->dom_req->creds = ac->orig_req->creds; ac->dom_req->async.context = ac; ac->dom_req->async.callback = get_domain_data_callback; ac->dom_req->async.timeout = ac->orig_req->async.timeout; @@ -1507,7 +1506,6 @@ static int password_hash_mod_async_search_self(struct ldb_async_handle *h) { } ac->search_req->op.search.attrs = NULL; ac->search_req->controls = NULL; - ac->search_req->creds = ac->orig_req->creds; ac->search_req->async.context = ac; ac->search_req->async.callback = get_self_callback; ac->search_req->async.timeout = ac->orig_req->async.timeout; diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index 892a98db12..7e408264ec 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -232,7 +232,6 @@ static int rootdse_search_async(struct ldb_module *module, struct ldb_request *r } down_req->op.search.attrs = req->op.search.attrs; down_req->controls = req->controls; - down_req->creds = req->creds; down_req->async.context = ac; down_req->async.callback = rootdse_async_callback; -- cgit From 0c7b82e5f6063de4114de21cf854ac67346e31f6 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 29 May 2006 23:46:43 +0000 Subject: r15942: Remove the sync internal ldb calls altogether. This means that some modules have been disabled as well as they have not been ported to the async interface One of them is the ugly objectclass module. I hope that the change in samldb module will make the MMC happy without the need of this crappy module, we need proper handling in a decent schema module. proxy and ldb_map have also been disabled ldb_sqlite3 need to be ported as well (currenlty just broken). (This used to be commit 51083de795bdcbf649de926e86969adc20239b6d) --- source4/dsdb/samdb/ldb_modules/config.mk | 20 +- source4/dsdb/samdb/ldb_modules/extended_dn.c | 107 ---- source4/dsdb/samdb/ldb_modules/kludge_acl.c | 57 -- source4/dsdb/samdb/ldb_modules/objectguid.c | 72 +-- source4/dsdb/samdb/ldb_modules/password_hash.c | 721 +------------------------ source4/dsdb/samdb/ldb_modules/rootdse.c | 42 +- source4/dsdb/samdb/ldb_modules/samldb.c | 101 +--- 7 files changed, 53 insertions(+), 1067 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index 20f6e182e5..3790d731d9 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -33,16 +33,16 @@ OBJ_FILES = \ # End MODULE ldb_samldb ################################################ -################################################ -# Start MODULE ldb_proxy -[MODULE::ldb_proxy] -SUBSYSTEM = ldb -INIT_FUNCTION = proxy_module_init -OBJ_FILES = \ - proxy.o -# -# End MODULE ldb_proxy -################################################ +# ################################################ +# # Start MODULE ldb_proxy +# [MODULE::ldb_proxy] +# SUBSYSTEM = ldb +# INIT_FUNCTION = proxy_module_init +# OBJ_FILES = \ +# proxy.o +# +# # End MODULE ldb_proxy +# ################################################ ################################################ diff --git a/source4/dsdb/samdb/ldb_modules/extended_dn.c b/source4/dsdb/samdb/ldb_modules/extended_dn.c index 8ca82b2670..1f2d406a28 100644 --- a/source4/dsdb/samdb/ldb_modules/extended_dn.c +++ b/source4/dsdb/samdb/ldb_modules/extended_dn.c @@ -166,90 +166,6 @@ static BOOL inject_extended_dn(struct ldb_message *msg, return True; } -/* search */ -static int extended_search(struct ldb_module *module, struct ldb_control *control, struct ldb_request *req) -{ - struct ldb_result *extended_result; - struct ldb_control **saved_controls; - struct ldb_extended_dn_control *extended_ctrl; - int i, ret; - const char * const *saved_attrs = NULL; - char **new_attrs; - BOOL remove_guid = False; - BOOL remove_sid = False; - - extended_ctrl = talloc_get_type(control->data, struct ldb_extended_dn_control); - if (!extended_ctrl) { - return LDB_ERR_PROTOCOL_ERROR; - } - - /* save it locally and remove it from the list */ - if (!save_controls(control, req, &saved_controls)) { - return LDB_ERR_OPERATIONS_ERROR; - } - - /* check if attrs only is specified, in that case check wether we need to modify them */ - if (req->op.search.attrs) { - if (! is_attr_in_list(req->op.search.attrs, "objectGUID")) { - remove_guid = True; - } - if (! is_attr_in_list(req->op.search.attrs, "objectSID")) { - remove_sid = True; - } - if (remove_guid || remove_sid) { - new_attrs = copy_attrs(req, req->op.search.attrs); - if (!new_attrs) - return LDB_ERR_OPERATIONS_ERROR; - - saved_attrs = req->op.search.attrs; - - if (remove_guid) { - if (!add_attrs(req, &new_attrs, "objectGUID")) - return LDB_ERR_OPERATIONS_ERROR; - } - if (remove_sid) { - if (!add_attrs(req, &new_attrs, "objectSID")) - return LDB_ERR_OPERATIONS_ERROR; - } - - req->op.search.attrs = (const char * const *)new_attrs; - } - } - - ret = ldb_next_request(module, req); - - /* put request back into original shape */ - /* TODO: build a new req and don't touch the original one */ - - if (req->controls) talloc_free(req->controls); - req->controls = saved_controls; - - if (saved_attrs) { - talloc_free(new_attrs); - req->op.search.attrs = saved_attrs; - } - - if (ret != LDB_SUCCESS) { - return ret; - } - - extended_result = req->op.search.res; - - for (i = 0; i < extended_result->count; i++) { - /* TODO: the following funtion updates only dn and - * distinguishedName. We still need to address other - * DN entries like objectCategory - */ - if (!inject_extended_dn(extended_result->msgs[i], - extended_ctrl->type, - remove_guid, remove_sid)) { - return LDB_ERR_OPERATIONS_ERROR; - } - } - - return LDB_SUCCESS; -} - /* search */ struct extended_async_context { @@ -387,28 +303,6 @@ static int extended_search_async(struct ldb_module *module, struct ldb_request * return ret; } -static int extended_request(struct ldb_module *module, struct ldb_request *req) -{ - struct ldb_control *control; - - /* check if there's an extended dn control */ - control = get_control_from_list(req->controls, LDB_CONTROL_EXTENDED_DN_OID); - if (control == NULL) { - /* not found go on */ - return ldb_next_request(module, req); - } - - switch (req->operation) { - - case LDB_REQ_SEARCH: - return extended_search(module, control, req); - - default: - return LDB_ERR_OPERATIONS_ERROR; - - } -} - static int extended_init(struct ldb_module *module) { struct ldb_request *req; @@ -437,7 +331,6 @@ static int extended_init(struct ldb_module *module) static const struct ldb_module_ops extended_dn_ops = { .name = "extended_dn", .search = extended_search_async, - .request = extended_request, .init_context = extended_init }; diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index 23d96ba2b7..4e09faf269 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -97,40 +97,6 @@ static const char *user_name(TALLOC_CTX *mem_ctx, struct ldb_module *module) session_info->server_info->account_name); } -/* search */ -static int kludge_acl_search(struct ldb_module *module, struct ldb_request *req) -{ - struct kludge_private_data *data = talloc_get_type(module->private_data, struct kludge_private_data); - struct ldb_message *msg; - enum user_is user_type; - int i, j, ret; - - /* go down the path and wait for reply to filter out stuff if needed */ - ret = ldb_next_request(module, req); - - /* We may not be fully initialised yet, or we might have just - * got an error */ - if (ret != LDB_SUCCESS || !data->password_attrs) { - return ret; - } - - user_type = what_is_user(module); - switch (user_type) { - case SYSTEM: - case ADMINISTRATOR: - return ret; - default: - /* For every message, remove password attributes */ - for (i=0; i < req->op.search.res->count; i++) { - msg = req->op.search.res->msgs[i]; - for (j=0; data->password_attrs[j]; j++) { - ldb_msg_remove_attr(msg, data->password_attrs[j]); - } - } - } - return ret; -} - /* search */ struct kludge_acl_async_context { @@ -260,28 +226,6 @@ static int kludge_acl_del_trans(struct ldb_module *module) return ldb_next_del_trans(module); } -static int kludge_acl_request(struct ldb_module *module, struct ldb_request *req) -{ - switch (req->operation) { - - case LDB_REQ_ADD: - case LDB_REQ_MODIFY: - case LDB_REQ_DELETE: - case LDB_REQ_RENAME: - return kludge_acl_change(module, req); - - case LDB_REQ_SEARCH: - return kludge_acl_search(module, req); - - case LDB_REQ_REGISTER: - return ldb_next_request(module, req); - - default: - /* anything else must be something new, let's throw an error */ - return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS; - } -} - static int kludge_acl_init(struct ldb_module *module) { int ret, i; @@ -351,7 +295,6 @@ static const struct ldb_module_ops kludge_acl_ops = { .modify = kludge_acl_change, .del = kludge_acl_change, .rename = kludge_acl_change, - .request = kludge_acl_request, .start_transaction = kludge_acl_start_trans, .end_transaction = kludge_acl_end_trans, .del_transaction = kludge_acl_del_trans, diff --git a/source4/dsdb/samdb/ldb_modules/objectguid.c b/source4/dsdb/samdb/ldb_modules/objectguid.c index 5ac3260339..643f8c17fd 100644 --- a/source4/dsdb/samdb/ldb_modules/objectguid.c +++ b/source4/dsdb/samdb/ldb_modules/objectguid.c @@ -52,62 +52,6 @@ static struct ldb_message_element *objectguid_find_attribute(const struct ldb_me /* add_record: add objectGUID attribute */ static int objectguid_add(struct ldb_module *module, struct ldb_request *req) -{ - struct ldb_message *msg = req->op.add.message; - struct ldb_val v; - struct ldb_message *msg2; - struct ldb_message_element *attribute; - struct GUID guid; - NTSTATUS nt_status; - int ret, i; - - ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_add_record\n"); - - if (ldb_dn_is_special(msg->dn)) { /* do not manipulate our control entries */ - return ldb_next_request(module, req); - } - - if ((attribute = objectguid_find_attribute(msg, "objectGUID")) != NULL ) { - return ldb_next_request(module, req); - } - - msg2 = talloc(module, struct ldb_message); - if (!msg2) { - return -1; - } - - msg2->dn = msg->dn; - msg2->num_elements = msg->num_elements; - msg2->private_data = msg->private_data; - msg2->elements = talloc_array(msg2, struct ldb_message_element, msg2->num_elements); - for (i = 0; i < msg2->num_elements; i++) { - msg2->elements[i] = msg->elements[i]; - } - - /* a new GUID */ - guid = GUID_random(); - - nt_status = ndr_push_struct_blob(&v, msg2, &guid, - (ndr_push_flags_fn_t)ndr_push_GUID); - if (!NT_STATUS_IS_OK(nt_status)) { - return -1; - } - - ret = ldb_msg_add_value(msg2, "objectGUID", &v); - if (ret) { - return ret; - } - - req->op.add.message = msg2; - ret = ldb_next_request(module, req); - req->op.add.message = msg; - - talloc_free(msg2); - - return ret; -} - -static int objectguid_add_async(struct ldb_module *module, struct ldb_request *req) { struct ldb_request *down_req; struct ldb_message_element *attribute; @@ -167,23 +111,9 @@ static int objectguid_add_async(struct ldb_module *module, struct ldb_request *r return ret; } -static int objectguid_request(struct ldb_module *module, struct ldb_request *req) -{ - switch (req->operation) { - - case LDB_REQ_ADD: - return objectguid_add(module, req); - - default: - return ldb_next_request(module, req); - - } -} - static const struct ldb_module_ops objectguid_ops = { .name = "objectguid", - .add = objectguid_add_async, - .request = objectguid_request + .add = objectguid_add, }; diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index bdf1bcc27a..16fe6b8f4d 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -65,678 +65,10 @@ * */ - -static int password_hash_handle(struct ldb_module *module, struct ldb_request *req, - const struct ldb_message *msg) -{ - int ret, old_ret = -1; - uint_t pwdProperties, pwdHistoryLength; - uint_t userAccountControl; - const char *dnsDomain, *realm; - const char *sambaPassword = NULL; - struct samr_Password *sambaLMPwdHistory, *sambaNTPwdHistory; - struct samr_Password *lmPwdHash, *ntPwdHash; - struct samr_Password *lmOldHash = NULL, *ntOldHash = NULL; - struct samr_Password *new_sambaLMPwdHistory, *new_sambaNTPwdHistory; - struct samr_Password local_lmNewHash, local_ntNewHash; - int sambaLMPwdHistory_len, sambaNTPwdHistory_len; - uint_t kvno; - struct dom_sid *domain_sid; - time_t now = time(NULL); - NTTIME now_nt; - int i; - krb5_error_code krb5_ret; - - struct smb_krb5_context *smb_krb5_context; - - struct ldb_message_element *attribute; - struct ldb_dn *dn = msg->dn; - struct ldb_message *msg2; - - struct ldb_request *search_request = NULL; - struct ldb_request *modify_request; - struct ldb_request *modified_orig_request; - struct ldb_result *res, *dom_res, *old_res; - - struct ldb_message_element *objectclasses; - struct ldb_val computer_val; - struct ldb_val person_val; - BOOL is_computer; - - struct ldb_message *modify_msg; - - const char *domain_expression; - const char *old_user_attrs[] = { "lmPwdHash", "ntPwdHash", NULL }; - const char *user_attrs[] = { "userAccountControl", "sambaLMPwdHistory", - "sambaNTPwdHistory", - "ntPwdHash", - "objectSid", "msDS-KeyVersionNumber", - "objectClass", "userPrincipalName", - "samAccountName", - NULL }; - const char * const domain_attrs[] = { "pwdProperties", "pwdHistoryLength", - "dnsDomain", NULL }; - - TALLOC_CTX *mem_ctx; - - /* Do the original action */ - - mem_ctx = talloc_new(module); - if (!mem_ctx) { - return LDB_ERR_OPERATIONS_ERROR; - } - - if (req->operation == LDB_REQ_MODIFY) { - search_request = talloc(mem_ctx, struct ldb_request); - if (!search_request) { - talloc_free(mem_ctx); - return LDB_ERR_OPERATIONS_ERROR; - } - - /* Look up the old ntPwdHash and lmPwdHash values, so - * we can later place these into the password - * history */ - - search_request->operation = LDB_REQ_SEARCH; - search_request->op.search.base = dn; - search_request->op.search.scope = LDB_SCOPE_BASE; - search_request->op.search.tree = ldb_parse_tree(module->ldb, NULL); - search_request->op.search.attrs = old_user_attrs; - search_request->controls = NULL; - - old_ret = ldb_next_request(module, search_request); - } - - /* we can't change things untill we copy it */ - msg2 = ldb_msg_copy_shallow(mem_ctx, msg); - - /* look again, this time at the copied attribute */ - if (!msg2 || (attribute = ldb_msg_find_element(msg2, "sambaPassword")) == NULL ) { - talloc_free(mem_ctx); - /* Gah? where did it go? Oh well... */ - return LDB_ERR_OPERATIONS_ERROR; - } - - /* Wipe out the sambaPassword attribute set, we will handle it in - * the second modify. We might not want it written to disk */ - - if (req->operation == LDB_REQ_ADD) { - if (attribute->num_values > 1) { - ldb_set_errstring(module->ldb, - talloc_asprintf(mem_ctx, "sambaPassword_handle: " - "attempted set of multiple sambaPassword attributes on %s rejected", - ldb_dn_linearize(mem_ctx, dn))); - talloc_free(mem_ctx); - return LDB_ERR_CONSTRAINT_VIOLATION; - } - - if (attribute->num_values == 1) { - sambaPassword = (const char *)attribute->values[0].data; - ldb_msg_remove_attr(msg2, "sambaPassword"); - } - } else if (((attribute->flags & LDB_FLAG_MOD_MASK) == LDB_FLAG_MOD_ADD) - || ((attribute->flags & LDB_FLAG_MOD_MASK) == LDB_FLAG_MOD_REPLACE)) { - if (attribute->num_values > 1) { - ldb_set_errstring(module->ldb, - talloc_asprintf(mem_ctx, "sambaPassword_handle: " - "attempted set of multiple sambaPassword attributes on %s rejected", - ldb_dn_linearize(mem_ctx, dn))); - talloc_free(mem_ctx); - return LDB_ERR_CONSTRAINT_VIOLATION; - } - - if (attribute->num_values == 1) { - sambaPassword = (const char *)attribute->values[0].data; - ldb_msg_remove_attr(msg2, "sambaPassword"); - } - } - - modified_orig_request = talloc(mem_ctx, struct ldb_request); - if (!modified_orig_request) { - talloc_free(mem_ctx); - return LDB_ERR_OPERATIONS_ERROR; - } - - *modified_orig_request = *req; - switch (modified_orig_request->operation) { - case LDB_REQ_ADD: - modified_orig_request->op.add.message = msg2; - break; - case LDB_REQ_MODIFY: - modified_orig_request->op.mod.message = msg2; - break; - default: - return LDB_ERR_OPERATIONS_ERROR; - } - - /* Send the (modified) request of the original caller down to the database */ - ret = ldb_next_request(module, modified_orig_request); - if (ret) { - talloc_free(mem_ctx); - return ret; - } - - /* While we do the search first (for the old password hashes), - * we don't want to override any error that the modify may - * have returned. Now check the error */ - if (req->operation == LDB_REQ_MODIFY) { - if (old_ret) { - talloc_free(mem_ctx); - return old_ret; - } - - /* Find out the old passwords details of the user */ - old_res = search_request->op.search.res; - talloc_steal(mem_ctx, old_res); - talloc_free(search_request); - - if (old_res->count != 1) { - ldb_set_errstring(module->ldb, - talloc_asprintf(mem_ctx, "password_hash_handle: " - "(pre) search for %s found %d != 1 objects, for entry we just modified", - ldb_dn_linearize(mem_ctx, dn), - old_res->count)); - /* What happend? The above add/modify worked... */ - talloc_free(mem_ctx); - return LDB_ERR_NO_SUCH_OBJECT; - } - - lmOldHash = samdb_result_hash(mem_ctx, old_res->msgs[0], "lmPwdHash"); - ntOldHash = samdb_result_hash(mem_ctx, old_res->msgs[0], "ntPwdHash"); - } - - /* Start finding out details we need for the second modify. - * We do this after the first add/modify because other modules - * will have filled in the templates, and we may have had - * things like the username (affecting the salt) changed along - * with the password. */ - - /* Now find out what is on the entry after the above add/modify */ - search_request = talloc(mem_ctx, struct ldb_request); - if (!search_request) { - talloc_free(mem_ctx); - return LDB_ERR_OPERATIONS_ERROR; - } - - search_request->operation = LDB_REQ_SEARCH; - search_request->op.search.base = dn; - search_request->op.search.scope = LDB_SCOPE_BASE; - search_request->op.search.tree = ldb_parse_tree(module->ldb, NULL); - search_request->op.search.attrs = user_attrs; - search_request->controls = NULL; - - ret = ldb_next_request(module, search_request); - if (ret) { - talloc_free(mem_ctx); - return ret; - } - - /* Find out the full details of the user */ - res = search_request->op.search.res; - talloc_steal(mem_ctx, res); - talloc_free(search_request); - - if (res->count != 1) { - ldb_set_errstring(module->ldb, - talloc_asprintf(mem_ctx, "password_hash_handle: " - "search for %s found %d != 1 objects, for entry we just added/modified", - ldb_dn_linearize(mem_ctx, dn), - res->count)); - /* What happend? The above add/modify worked... */ - talloc_free(mem_ctx); - return LDB_ERR_NO_SUCH_OBJECT; - } - - userAccountControl = samdb_result_uint(res->msgs[0], "userAccountControl", 0); - sambaLMPwdHistory_len = samdb_result_hashes(mem_ctx, res->msgs[0], - "sambaLMPwdHistory", &sambaLMPwdHistory); - sambaNTPwdHistory_len = samdb_result_hashes(mem_ctx, res->msgs[0], - "sambaNTPwdHistory", &sambaNTPwdHistory); - ntPwdHash = samdb_result_hash(mem_ctx, res->msgs[0], "ntPwdHash"); - kvno = samdb_result_uint(res->msgs[0], "msDS-KeyVersionNumber", 0); - - domain_sid = samdb_result_sid_prefix(mem_ctx, res->msgs[0], "objectSid"); - - - objectclasses = ldb_msg_find_element(res->msgs[0], "objectClass"); - person_val = data_blob_string_const("person"); - - if (!objectclasses || !ldb_msg_find_val(objectclasses, &person_val)) { - /* Not a 'person', so the rest of this doesn't make - * sense. How we got a sambaPassword this far I don't - * know... */ - ldb_set_errstring(module->ldb, - talloc_asprintf(mem_ctx, "password_hash_handle: " - "attempted set of sambaPassword on non-'person' object %s rejected", - ldb_dn_linearize(mem_ctx, dn))); - talloc_free(mem_ctx); - return LDB_ERR_CONSTRAINT_VIOLATION; - } - - computer_val = data_blob_string_const("computer"); - - if (ldb_msg_find_val(objectclasses, &computer_val)) { - is_computer = True; - } else { - is_computer = False; - } - - domain_expression = talloc_asprintf(mem_ctx, "(&(objectSid=%s)(objectClass=domain))", - ldap_encode_ndr_dom_sid(mem_ctx, domain_sid)); - - /* Find the user's domain, then find out the domain password - * properties */ - ret = ldb_search(module->ldb, NULL, LDB_SCOPE_SUBTREE, domain_expression, - domain_attrs, &dom_res); - if (ret) { - talloc_free(mem_ctx); - return ret; - } - - if (dom_res->count != 1) { - /* What happend? The user we are modifying must be odd... */ - ldb_set_errstring(module->ldb, - talloc_asprintf(mem_ctx, "password_hash_handle: " - "search for domain %s found %d != 1 objects", - dom_sid_string(mem_ctx, domain_sid), - dom_res->count)); - talloc_free(mem_ctx); - return LDB_ERR_NO_SUCH_OBJECT; - } - - pwdProperties = samdb_result_uint(dom_res->msgs[0], "pwdProperties", 0); - pwdHistoryLength = samdb_result_uint(dom_res->msgs[0], "pwdHistoryLength", 0); - dnsDomain = ldb_msg_find_string(dom_res->msgs[0], "dnsDomain", NULL); - realm = strupper_talloc(mem_ctx, dnsDomain); - - /* Some operations below require kerberos contexts */ - if (smb_krb5_init_context(mem_ctx, &smb_krb5_context) != 0) { - talloc_free(mem_ctx); - return LDB_ERR_OPERATIONS_ERROR; - } - - /* Prepare the modifications to set all the hash/key types */ - modify_msg = ldb_msg_new(req); - modify_msg->dn = talloc_reference(modify_msg, dn); - -#define CHECK_RET(x) \ - do { \ - int check_ret = x; \ - if (check_ret != LDB_SUCCESS) { \ - talloc_free(mem_ctx); \ - return check_ret; \ - } \ - } while(0) - - /* Setup krb5Key (we want to either delete an existing value, - * or replace with a new one). Both the unicode and NT hash - * only branches append keys to this multivalued entry. */ - CHECK_RET(ldb_msg_add_empty(modify_msg, "krb5Key", LDB_FLAG_MOD_REPLACE)); - - /* Yay, we can compute new password hashes from the unicode - * password */ - if (sambaPassword) { - Principal *salt_principal; - const char *user_principal_name = ldb_msg_find_string(res->msgs[0], "userPrincipalName", NULL); - - Key *keys; - size_t num_keys; - - /* compute the new nt and lm hashes */ - if (E_deshash(sambaPassword, local_lmNewHash.hash)) { - lmPwdHash = &local_lmNewHash; - } else { - lmPwdHash = NULL; - } - E_md4hash(sambaPassword, local_ntNewHash.hash); - ntPwdHash = &local_ntNewHash; - CHECK_RET(ldb_msg_add_empty(modify_msg, "ntPwdHash", - LDB_FLAG_MOD_REPLACE)); - CHECK_RET(samdb_msg_add_hash(module->ldb, req, - modify_msg, "ntPwdHash", - ntPwdHash)); - CHECK_RET(ldb_msg_add_empty(modify_msg, "lmPwdHash", - LDB_FLAG_MOD_REPLACE)); - if (lmPwdHash) { - CHECK_RET(samdb_msg_add_hash(module->ldb, req, - modify_msg, "lmPwdHash", - lmPwdHash)); - } - - /* Many, many thanks to lukeh@padl.com for this - * algorithm, described in his Nov 10 2004 mail to - * samba-technical@samba.org */ - - if (is_computer) { - /* Determine a salting principal */ - char *samAccountName = talloc_strdup(mem_ctx, ldb_msg_find_string(res->msgs[0], "samAccountName", NULL)); - char *saltbody; - if (!samAccountName) { - ldb_set_errstring(module->ldb, - talloc_asprintf(mem_ctx, "password_hash_handle: " - "generation of new kerberos keys failed: %s is a computer without a samAccountName", - ldb_dn_linearize(mem_ctx, dn))); - talloc_free(mem_ctx); - return LDB_ERR_OPERATIONS_ERROR; - } - if (samAccountName[strlen(samAccountName)-1] == '$') { - samAccountName[strlen(samAccountName)-1] = '\0'; - } - saltbody = talloc_asprintf(mem_ctx, "%s.%s", samAccountName, dnsDomain); - - krb5_ret = krb5_make_principal(smb_krb5_context->krb5_context, &salt_principal, realm, "host", saltbody, NULL); - } else if (user_principal_name) { - char *p; - user_principal_name = talloc_strdup(mem_ctx, user_principal_name); - if (!user_principal_name) { - talloc_free(mem_ctx); - return LDB_ERR_OPERATIONS_ERROR; - } else { - p = strchr(user_principal_name, '@'); - if (p) { - p[0] = '\0'; - } - krb5_ret = krb5_make_principal(smb_krb5_context->krb5_context, &salt_principal, realm, user_principal_name, NULL); - } - } else { - const char *samAccountName = ldb_msg_find_string(res->msgs[0], "samAccountName", NULL); - if (!samAccountName) { - ldb_set_errstring(module->ldb, - talloc_asprintf(mem_ctx, "password_hash_handle: " - "generation of new kerberos keys failed: %s has no samAccountName", - ldb_dn_linearize(mem_ctx, dn))); - talloc_free(mem_ctx); - return LDB_ERR_OPERATIONS_ERROR; - } - krb5_ret = krb5_make_principal(smb_krb5_context->krb5_context, &salt_principal, realm, samAccountName, NULL); - } - - - if (krb5_ret) { - ldb_set_errstring(module->ldb, - talloc_asprintf(mem_ctx, "password_hash_handle: " - "generation of a saltking principal failed: %s", - smb_get_krb5_error_message(smb_krb5_context->krb5_context, - krb5_ret, mem_ctx))); - talloc_free(mem_ctx); - return LDB_ERR_OPERATIONS_ERROR; - } - - /* TODO: We may wish to control the encryption types chosen in future */ - krb5_ret = hdb_generate_key_set_password(smb_krb5_context->krb5_context, - salt_principal, sambaPassword, &keys, &num_keys); - krb5_free_principal(smb_krb5_context->krb5_context, salt_principal); - - if (krb5_ret) { - ldb_set_errstring(module->ldb, - talloc_asprintf(mem_ctx, "password_hash_handle: " - "generation of new kerberos keys failed: %s", - smb_get_krb5_error_message(smb_krb5_context->krb5_context, - krb5_ret, mem_ctx))); - talloc_free(mem_ctx); - return LDB_ERR_OPERATIONS_ERROR; - } - - /* Walking all the key types generated, transform each - * key into an ASN.1 blob - */ - for (i=0; i < num_keys; i++) { - unsigned char *buf; - size_t buf_size; - size_t len; - struct ldb_val val; - - if (keys[i].key.keytype == ETYPE_ARCFOUR_HMAC_MD5) { - /* We might end up doing this below: - * This ensures we get the unicode - * conversion right. This should also - * be fixed in the Heimdal libs */ - continue; - } - ASN1_MALLOC_ENCODE(Key, buf, buf_size, &keys[i], &len, krb5_ret); - if (krb5_ret) { - return LDB_ERR_OPERATIONS_ERROR; - } - - val.data = talloc_memdup(req, buf, len); - val.length = len; - free(buf); - if (!val.data || krb5_ret) { - hdb_free_keys (smb_krb5_context->krb5_context, num_keys, keys); - talloc_free(mem_ctx); - return LDB_ERR_OPERATIONS_ERROR; - } - ret = ldb_msg_add_value(modify_msg, "krb5Key", &val); - if (ret != LDB_SUCCESS) { - hdb_free_keys (smb_krb5_context->krb5_context, num_keys, keys); - talloc_free(mem_ctx); - return ret; - } - } - - hdb_free_keys (smb_krb5_context->krb5_context, num_keys, keys); - } - - /* Possibly kill off the cleartext or store it */ - CHECK_RET(ldb_msg_add_empty(modify_msg, "sambaPassword", LDB_FLAG_MOD_REPLACE)); - - if (sambaPassword && (pwdProperties & DOMAIN_PASSWORD_STORE_CLEARTEXT) && - (userAccountControl & UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED)) { - CHECK_RET(ldb_msg_add_string(modify_msg, "sambaPassword", sambaPassword)); - } - - /* Even if we didn't get a sambaPassword, we can still setup - * krb5Key from the NT hash. - * - * This is an append, so it works with the 'continue' in the - * unicode loop above, to use Samba's NT hash function, which - * is more correct than Heimdal's - */ - if (ntPwdHash) { - unsigned char *buf; - size_t buf_size; - size_t len; - struct ldb_val val; - Key key; - - key.mkvno = 0; - key.salt = NULL; /* No salt for this enc type */ - - krb5_ret = krb5_keyblock_init(smb_krb5_context->krb5_context, - ETYPE_ARCFOUR_HMAC_MD5, - ntPwdHash->hash, sizeof(ntPwdHash->hash), - &key.key); - if (krb5_ret) { - return LDB_ERR_OPERATIONS_ERROR; - } - ASN1_MALLOC_ENCODE(Key, buf, buf_size, &key, &len, krb5_ret); - if (krb5_ret) { - return LDB_ERR_OPERATIONS_ERROR; - } - krb5_free_keyblock_contents(smb_krb5_context->krb5_context, - &key.key); - - val.data = talloc_memdup(req, buf, len); - val.length = len; - free(buf); - if (!val.data || ret) { - return LDB_ERR_OPERATIONS_ERROR; - } - CHECK_RET(ldb_msg_add_value(modify_msg, "krb5Key", &val)); - } - - /* If the original caller did anything with pwdLastSet then skip this. It could be an incoming samsync */ - attribute = ldb_msg_find_element(msg, "pwdLastSet"); - if (attribute == NULL) { - /* Update the password last set time */ - unix_to_nt_time(&now_nt, now); - CHECK_RET(ldb_msg_add_empty(modify_msg, "pwdLastSet", LDB_FLAG_MOD_REPLACE)); - CHECK_RET(samdb_msg_add_uint64(module->ldb, mem_ctx, modify_msg, "pwdLastSet", now_nt)); - } - - /* If the original caller did anything with "msDS-KeyVersionNumber" then skip this. It could be an incoming samsync */ - attribute = ldb_msg_find_element(msg, "msDS-KeyVersionNumber"); - if (attribute == NULL) { - if (kvno == 0) { - CHECK_RET(ldb_msg_add_empty(modify_msg, "msDS-KeyVersionNumber", - LDB_FLAG_MOD_REPLACE)); - CHECK_RET(samdb_msg_add_uint(module->ldb, mem_ctx, modify_msg, "msDS-KeyVersionNumber", kvno + 1)); - } else { - /* While we should be in a transaction, go one extra - * step in the dance for an 'atomic' increment. This - * may be of value against remote LDAP servers. (Note - * however that Mulitmaster replication stil offers no - * such guarantee) */ - - struct ldb_val old_kvno, new_kvno; - old_kvno.data = (uint8_t *)talloc_asprintf(mem_ctx, "%u", kvno); - if (!old_kvno.data) { - return -1; - } - old_kvno.length = strlen((char *)old_kvno.data); - - new_kvno.data = (uint8_t *)talloc_asprintf(mem_ctx, "%u", kvno + 1); - if (!new_kvno.data) { - return -1; - } - new_kvno.length = strlen((char *)new_kvno.data); - - CHECK_RET(ldb_msg_add_empty(modify_msg, "msDS-KeyVersionNumber", - LDB_FLAG_MOD_DELETE)); - CHECK_RET(ldb_msg_add_empty(modify_msg, "msDS-KeyVersionNumber", - LDB_FLAG_MOD_ADD)); - modify_msg->elements[modify_msg->num_elements - 2].num_values = 1; - modify_msg->elements[modify_msg->num_elements - 2].values = &old_kvno; - modify_msg->elements[modify_msg->num_elements - 1].num_values = 1; - modify_msg->elements[modify_msg->num_elements - 1].values = &new_kvno; - } - } - - CHECK_RET(ldb_msg_add_empty(modify_msg, "sambaLMPwdHistory", - LDB_FLAG_MOD_REPLACE)); - CHECK_RET(ldb_msg_add_empty(modify_msg, "sambaNTPwdHistory", - LDB_FLAG_MOD_REPLACE)); - - /* If we have something to put into the history, or an old - * history element to expire, update the history */ - if (pwdHistoryLength > 0 && - ((sambaNTPwdHistory_len > 0) || (sambaLMPwdHistory_len > 0) - || lmOldHash || ntOldHash)) { - /* store the password history */ - new_sambaLMPwdHistory = talloc_array(mem_ctx, struct samr_Password, - pwdHistoryLength); - if (!new_sambaLMPwdHistory) { - return LDB_ERR_OPERATIONS_ERROR; - } - new_sambaNTPwdHistory = talloc_array(mem_ctx, struct samr_Password, - pwdHistoryLength); - if (!new_sambaNTPwdHistory) { - return LDB_ERR_OPERATIONS_ERROR; - } - for (i=0;ioperation = LDB_REQ_MODIFY; - modify_request->op.mod.message = modify_msg; - modify_request->controls = NULL; - - ret = ldb_next_request(module, modify_request); - - talloc_free(mem_ctx); - return ret; -} - -/* add_record: do things with the sambaPassword attribute */ -static int password_hash_add(struct ldb_module *module, struct ldb_request *req) -{ - const struct ldb_message *msg = req->op.add.message; - - ldb_debug(module->ldb, LDB_DEBUG_TRACE, "password_hash_add_record\n"); - - if (ldb_dn_is_special(msg->dn)) { /* do not manipulate our control entries */ - return ldb_next_request(module, req); - } - - /* If no part of this touches the sambaPassword, then we don't - * need to make any changes. For password changes/set there should - * be a 'delete' or a 'modify' on this attribute. */ - if (ldb_msg_find_element(msg, "sambaPassword") == NULL ) { - return ldb_next_request(module, req); - } - - return password_hash_handle(module, req, msg); -} - -/* modify_record: do things with the sambaPassword attribute */ -static int password_hash_modify(struct ldb_module *module, struct ldb_request *req) -{ - const struct ldb_message *msg = req->op.mod.message; - - ldb_debug(module->ldb, LDB_DEBUG_TRACE, "password_hash_modify_record\n"); - - if (ldb_dn_is_special(msg->dn)) { /* do not manipulate our control entries */ - return ldb_next_request(module, req); - } - - /* If no part of this touches the sambaPassword, then we don't - * need to make any changes. For password changes/set there should - * be a 'delete' or a 'modify' on this attribute. */ - if (ldb_msg_find_element(msg, "sambaPassword") == NULL ) { - return ldb_next_request(module, req); - } - - return password_hash_handle(module, req, msg); -} - -enum ph_type {PH_ADD, PH_MOD}; -enum ph_step {PH_ADD_SEARCH_DOM, PH_ADD_DO_ADD, PH_MOD_DO_REQ, PH_MOD_SEARCH_SELF, PH_MOD_SEARCH_DOM, PH_MOD_DO_MOD}; - struct ph_async_context { - enum ph_type type; - enum ph_step step; + enum ph_type {PH_ADD, PH_MOD} type; + enum ph_step {PH_ADD_SEARCH_DOM, PH_ADD_DO_ADD, PH_MOD_DO_REQ, PH_MOD_SEARCH_SELF, PH_MOD_SEARCH_DOM, PH_MOD_DO_MOD} step; struct ldb_module *module; struct ldb_request *orig_req; @@ -1212,7 +544,7 @@ static struct domain_data *get_domain_data(struct ldb_module *module, void *mem_ return data; } -static int password_hash_add_async(struct ldb_module *module, struct ldb_request *req) +static int password_hash_add(struct ldb_module *module, struct ldb_request *req) { struct ldb_async_handle *h; struct ph_async_context *ac; @@ -1220,7 +552,7 @@ static int password_hash_add_async(struct ldb_module *module, struct ldb_request struct dom_sid *domain_sid; int ret; - ldb_debug(module->ldb, LDB_DEBUG_TRACE, "password_hash_add_async\n"); + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "password_hash_add\n"); if (ldb_dn_is_special(req->op.add.message->dn)) { /* do not manipulate our control entries */ return ldb_next_request(module, req); @@ -1278,7 +610,7 @@ static int password_hash_add_async(struct ldb_module *module, struct ldb_request return ldb_next_request(module, ac->dom_req); } -static int password_hash_add_async_do_add(struct ldb_async_handle *h) { +static int password_hash_add_do_add(struct ldb_async_handle *h) { struct ph_async_context *ac; struct domain_data *domain; @@ -1357,9 +689,9 @@ static int password_hash_add_async_do_add(struct ldb_async_handle *h) { return ldb_next_request(ac->module, ac->down_req); } -static int password_hash_mod_async_search_self(struct ldb_async_handle *h); +static int password_hash_mod_search_self(struct ldb_async_handle *h); -static int password_hash_modify_async(struct ldb_module *module, struct ldb_request *req) +static int password_hash_modify(struct ldb_module *module, struct ldb_request *req) { struct ldb_async_handle *h; struct ph_async_context *ac; @@ -1367,7 +699,7 @@ static int password_hash_modify_async(struct ldb_module *module, struct ldb_requ struct ldb_message_element *ntAttr; struct ldb_message_element *lmAttr; - ldb_debug(module->ldb, LDB_DEBUG_TRACE, "password_hash_add_async\n"); + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "password_hash_modify\n"); if (ldb_dn_is_special(req->op.mod.message->dn)) { /* do not manipulate our control entries */ return ldb_next_request(module, req); @@ -1437,7 +769,7 @@ static int password_hash_modify_async(struct ldb_module *module, struct ldb_requ if (ac->down_req->op.mod.message->num_elements == 0) { talloc_free(ac->down_req); ac->down_req = NULL; - return password_hash_mod_async_search_self(h); + return password_hash_mod_search_self(h); } ac->down_req->async.context = NULL; @@ -1483,7 +815,7 @@ static int get_self_callback(struct ldb_context *ldb, void *context, struct ldb_ return LDB_SUCCESS; } -static int password_hash_mod_async_search_self(struct ldb_async_handle *h) { +static int password_hash_mod_search_self(struct ldb_async_handle *h) { struct ph_async_context *ac; @@ -1515,7 +847,7 @@ static int password_hash_mod_async_search_self(struct ldb_async_handle *h) { return ldb_next_request(ac->module, ac->search_req); } -static int password_hash_mod_async_search_dom(struct ldb_async_handle *h) { +static int password_hash_mod_search_dom(struct ldb_async_handle *h) { struct ph_async_context *ac; struct dom_sid *domain_sid; @@ -1541,7 +873,7 @@ static int password_hash_mod_async_search_dom(struct ldb_async_handle *h) { return ldb_next_request(ac->module, ac->dom_req); } -static int password_hash_mod_async_do_mod(struct ldb_async_handle *h) { +static int password_hash_mod_do_mod(struct ldb_async_handle *h) { struct ph_async_context *ac; struct domain_data *domain; @@ -1700,7 +1032,7 @@ static int ph_async_wait(struct ldb_async_handle *handle) { } /* domain search done, go on */ - return password_hash_add_async_do_add(handle); + return password_hash_add_do_add(handle); case PH_ADD_DO_ADD: ret = ldb_async_wait(ac->down_req->async.handle, LDB_WAIT_NONE); @@ -1737,7 +1069,7 @@ static int ph_async_wait(struct ldb_async_handle *handle) { } /* non-password mods done, go on */ - return password_hash_mod_async_search_self(handle); + return password_hash_mod_search_self(handle); case PH_MOD_SEARCH_SELF: ret = ldb_async_wait(ac->search_req->async.handle, LDB_WAIT_NONE); @@ -1756,7 +1088,7 @@ static int ph_async_wait(struct ldb_async_handle *handle) { } /* self search done, go on */ - return password_hash_mod_async_search_dom(handle); + return password_hash_mod_search_dom(handle); case PH_MOD_SEARCH_DOM: ret = ldb_async_wait(ac->dom_req->async.handle, LDB_WAIT_NONE); @@ -1775,7 +1107,7 @@ static int ph_async_wait(struct ldb_async_handle *handle) { } /* domain search done, go on */ - return password_hash_mod_async_do_mod(handle); + return password_hash_mod_do_mod(handle); case PH_MOD_DO_MOD: ret = ldb_async_wait(ac->mod_req->async.handle, LDB_WAIT_NONE); @@ -1830,27 +1162,10 @@ static int password_hash_async_wait(struct ldb_async_handle *handle, enum ldb_as } } -static int password_hash_request(struct ldb_module *module, struct ldb_request *req) -{ - switch (req->operation) { - - case LDB_REQ_ADD: - return password_hash_add(module, req); - - case LDB_REQ_MODIFY: - return password_hash_modify(module, req); - - default: - return ldb_next_request(module, req); - - } -} - static const struct ldb_module_ops password_hash_ops = { .name = "password_hash", - .add = password_hash_add_async, - .modify = password_hash_modify_async, - .request = password_hash_request, + .add = password_hash_add, + .modify = password_hash_modify, .async_wait = password_hash_async_wait }; diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index 7e408264ec..46b34a469b 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -120,42 +120,6 @@ failed: /* handle search requests */ -static int rootdse_search_bytree(struct ldb_module *module, struct ldb_request *req) -{ - struct ldb_search *s = &req->op.search; - int ret; - TALLOC_CTX *tmp_ctx; - - /* see if its for the rootDSE */ - if (s->scope != LDB_SCOPE_BASE || - (s->base && s->base->comp_num != 0)) { - return ldb_next_request(module, req); - } - - tmp_ctx = talloc_new(module); - - /* in our db we store the rootDSE with a DN of cn=rootDSE */ - s->base = ldb_dn_explode(tmp_ctx, "cn=rootDSE"); - s->tree = ldb_parse_tree(tmp_ctx, "dn=*"); - if (s->base == NULL || s->tree == NULL) { - ldb_oom(module->ldb); - talloc_free(tmp_ctx); - return LDB_ERR_OPERATIONS_ERROR; - } - - /* grab the static contents of the record */ - ret = ldb_next_request(module, req); - - req->op.search.res = s->res; - - if ((ret == LDB_SUCCESS) && (s->res->msgs != NULL)) { - ret = rootdse_add_dynamic(module, s->res->msgs[0], s->attrs); - } - - talloc_free(tmp_ctx); - - return ret; -} struct rootdse_async_context { struct ldb_module *module; @@ -192,7 +156,7 @@ error: return LDB_ERR_OPERATIONS_ERROR; } -static int rootdse_search_async(struct ldb_module *module, struct ldb_request *req) +static int rootdse_search(struct ldb_module *module, struct ldb_request *req) { struct rootdse_async_context *ac; struct ldb_request *down_req; @@ -274,8 +238,6 @@ static int rootdse_register_control(struct ldb_module *module, struct ldb_reques static int rootdse_request(struct ldb_module *module, struct ldb_request *req) { switch (req->operation) { - case LDB_REQ_SEARCH: - return rootdse_search_bytree(module, req); case LDB_REQ_REGISTER: return rootdse_register_control(module, req); @@ -305,7 +267,7 @@ static int rootdse_init(struct ldb_module *module) static const struct ldb_module_ops rootdse_ops = { .name = "rootdse", .init_context = rootdse_init, - .search = rootdse_search_async, + .search = rootdse_search, .request = rootdse_request }; diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 368fd161d4..40092e68de 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -615,13 +615,28 @@ static int samldb_fill_user_or_computer_object(struct ldb_module *module, const return LDB_ERR_OPERATIONS_ERROR; } + /* remove objectclasses so that they will be added in the right order for MMC to be happy */ + ldb_msg_remove_attr(msg, "objectclass"); + if (samldb_find_attribute(msg, "objectclass", "computer") != NULL) { + ret = samldb_copy_template(module, msg2, "(&(CN=TemplateComputer)(objectclass=userTemplate))"); if (ret) { ldb_debug(module->ldb, LDB_DEBUG_WARNING, "samldb_fill_user_or_computer_object: Error copying computer template!\n"); talloc_free(mem_ctx); return ret; } + + /* readd user and then computer objectclasses */ + if ( ! samldb_find_or_add_value(module, msg2, "objectclass", "user", "user")) { + talloc_free(mem_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + if ( ! samldb_find_or_add_value(module, msg2, "objectclass", "computer", "computer")) { + talloc_free(mem_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + } else { ret = samldb_copy_template(module, msg2, "(&(CN=TemplateUser)(objectclass=userTemplate))"); if (ret) { @@ -629,6 +644,11 @@ static int samldb_fill_user_or_computer_object(struct ldb_module *module, const talloc_free(mem_ctx); return ret; } + /* readd user objectclass */ + if ( ! samldb_find_or_add_value(module, msg2, "objectclass", "user", "user")) { + talloc_free(mem_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } } rdn = ldb_dn_get_rdn(msg2, msg2->dn); @@ -639,14 +659,6 @@ static int samldb_fill_user_or_computer_object(struct ldb_module *module, const return LDB_ERR_CONSTRAINT_VIOLATION; } - /* if the only attribute was: "objectclass: computer", then make sure we also add "user" objectclass */ - if ( ! samldb_find_or_add_value(module, msg2, "objectclass", "user", "user")) { - talloc_free(mem_ctx); - return LDB_ERR_OPERATIONS_ERROR; - } - - /* meddle with objectclass */ - if (ldb_msg_find_element(msg2, "samAccountName") == NULL) { name = samldb_generate_samAccountName(module, mem_ctx); if (!name) { @@ -768,61 +780,6 @@ static int samldb_fill_foreignSecurityPrincipal_object(struct ldb_module *module return ret; } -/* add_record */ -static int samldb_add(struct ldb_module *module, struct ldb_request *req) -{ - struct ldb_message *msg = req->op.add.message; - struct ldb_message *msg2 = NULL; - int ret; - - ldb_debug(module->ldb, LDB_DEBUG_TRACE, "samldb_add_record\n"); - - - if (ldb_dn_is_special(msg->dn)) { /* do not manipulate our control entries */ - return ldb_next_request(module, req); - } - - /* is user or computer? */ - if ((samldb_find_attribute(msg, "objectclass", "user") != NULL) || - (samldb_find_attribute(msg, "objectclass", "computer") != NULL)) { - /* add all relevant missing objects */ - ret = samldb_fill_user_or_computer_object(module, msg, &msg2); - if (ret) { - return ret; - } - } - - /* is group? add all relevant missing objects */ - if ( ! msg2 ) { - if (samldb_find_attribute(msg, "objectclass", "group") != NULL) { - ret = samldb_fill_group_object(module, msg, &msg2); - if (ret) { - return ret; - } - } - } - - /* perhaps a foreignSecurityPrincipal? */ - if ( ! msg2 ) { - if (samldb_find_attribute(msg, "objectclass", "foreignSecurityPrincipal") != NULL) { - ret = samldb_fill_foreignSecurityPrincipal_object(module, msg, &msg2); - if (ret) { - return ret; - } - } - } - - if (msg2) { - req->op.add.message = msg2; - ret = ldb_next_request(module, req); - req->op.add.message = msg; - } else { - ret = ldb_next_request(module, req); - } - - return ret; -} - /* add_record */ /* @@ -833,7 +790,7 @@ static int samldb_add(struct ldb_module *module, struct ldb_request *req) * left SYNC for now until we think of a good solution. */ -static int samldb_add_async(struct ldb_module *module, struct ldb_request *req) +static int samldb_add(struct ldb_module *module, struct ldb_request *req) { const struct ldb_message *msg = req->op.add.message; struct ldb_message *msg2 = NULL; @@ -908,19 +865,6 @@ static int samldb_destructor(void *module_ctx) return 0; } -static int samldb_request(struct ldb_module *module, struct ldb_request *req) -{ - switch (req->operation) { - - case LDB_REQ_ADD: - return samldb_add(module, req); - - default: - return ldb_next_request(module, req); - - } -} - static int samldb_init(struct ldb_module *module) { talloc_set_destructor(module, samldb_destructor); @@ -930,8 +874,7 @@ static int samldb_init(struct ldb_module *module) static const struct ldb_module_ops samldb_ops = { .name = "samldb", .init_context = samldb_init, - .add = samldb_add_async, - .request = samldb_request + .add = samldb_add, }; -- cgit From 2d19dca9c80a5e3990296dde67163fce36ac883d Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Tue, 30 May 2006 00:33:52 +0000 Subject: r15944: rename LDB_ASYNC_ADD -> LDB_ADD, LDB_ASYNC_MODIFY -> LDB_MODIFY, etc... (This used to be commit 55d97ef88f377ef1dbf7b1774a15cf9035e2f320) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 16fe6b8f4d..79c863374c 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -488,7 +488,7 @@ static int build_domain_data_request(struct ph_async_context *ac, ldb_debug(ac->module->ldb, LDB_DEBUG_ERROR, "Out of Memory!\n"); return LDB_ERR_OPERATIONS_ERROR; } - ac->dom_req->operation = LDB_ASYNC_SEARCH; + ac->dom_req->operation = LDB_SEARCH; ac->dom_req->op.search.base = NULL; ac->dom_req->op.search.scope = LDB_SCOPE_SUBTREE; @@ -828,7 +828,7 @@ static int password_hash_mod_search_self(struct ldb_async_handle *h) { return LDB_ERR_OPERATIONS_ERROR; } - ac->search_req->operation = LDB_ASYNC_SEARCH; + ac->search_req->operation = LDB_SEARCH; ac->search_req->op.search.base = ac->orig_req->op.mod.message->dn; ac->search_req->op.search.scope = LDB_SCOPE_BASE; ac->search_req->op.search.tree = ldb_parse_tree(ac->module->ldb, NULL); -- cgit From 08a48b1803678aee7b51f7625533f1ac7a4ee8ee Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 2 Jun 2006 02:54:24 +0000 Subject: r15999: password_hash module changes: - Quiet some IBM Checker warnings (enum mismatch) - Only search for the attributes we need - fix comments - fix copyrights Andrew Bartlett (This used to be commit ee6fe3a80fd5038c2b141bf8a85139f99ac96e4d) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 79c863374c..a04fb52cd2 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -1,8 +1,8 @@ /* ldb database module - Copyright (C) Simo Sorce 2004 - Copyright (C) Andrew Bartlett 2005 + Copyright (C) Simo Sorce 2004-2006 + Copyright (C) Andrew Bartlett 2005-2006 Copyright (C) Andrew Tridgell 2004 This program is free software; you can redistribute it and/or modify @@ -229,7 +229,7 @@ static int add_krb5_keys_from_password(struct ldb_module *module, struct ldb_mes struct ldb_val val; int ret; - if (keys[i].key.keytype == ENCTYPE_ARCFOUR_HMAC) { + if (keys[i].key.keytype == ETYPE_ARCFOUR_HMAC_MD5) { /* We might end up doing this below: * This ensures we get the unicode * conversion right. This should also @@ -280,9 +280,9 @@ static int add_krb5_keys_from_NThash(struct ldb_module *module, struct ldb_messa } krb5_ret = krb5_keyblock_init(smb_krb5_context->krb5_context, - ENCTYPE_ARCFOUR_HMAC, - ntPwdHash->hash, sizeof(ntPwdHash->hash), - &key.key); + ETYPE_ARCFOUR_HMAC_MD5, + ntPwdHash->hash, sizeof(ntPwdHash->hash), + &key.key); if (krb5_ret) { return LDB_ERR_OPERATIONS_ERROR; } @@ -818,6 +818,14 @@ static int get_self_callback(struct ldb_context *ldb, void *context, struct ldb_ static int password_hash_mod_search_self(struct ldb_async_handle *h) { struct ph_async_context *ac; + static const char * const attrs[] = { "userAccountControl", "sambaLMPwdHistory", + "sambaNTPwdHistory", + "ntPwdHash", + "objectSid", "msDS-KeyVersionNumber", + "objectClass", "userPrincipalName", + "samAccountName", + "lmPwdHash", "ntPwdHash", + NULL }; ac = talloc_get_type(h->private_data, struct ph_async_context); @@ -836,7 +844,7 @@ static int password_hash_mod_search_self(struct ldb_async_handle *h) { ldb_set_errstring(ac->module->ldb, talloc_asprintf(ac, "Invalid search filter")); return LDB_ERR_OPERATIONS_ERROR; } - ac->search_req->op.search.attrs = NULL; + ac->search_req->op.search.attrs = attrs; ac->search_req->controls = NULL; ac->search_req->async.context = ac; ac->search_req->async.callback = get_self_callback; @@ -965,7 +973,7 @@ static int password_hash_mod_do_mod(struct ldb_async_handle *h) { } } - /* add also kr5 keys based on NT the hash */ + /* add also krb5 keys based on NT the hash */ if (add_krb5_keys_from_NThash(ac->module, msg, smb_krb5_context) != LDB_SUCCESS) { return LDB_ERR_OPERATIONS_ERROR; } -- cgit From 68e72e389b71fac43b77781c97e3807c690f243a Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sat, 3 Jun 2006 00:54:33 +0000 Subject: r16021: While studying how to make samldb really async I found a critical situation handled in the incorrect way. A while(1) loop may end up looping forever consuming all valid RIDs because of a secondary bug. And anyway nextRid is supposed to always give back a new unique RID, if someone messed up the database let him fix the problem first, trying to be smart here would probably end up in worst results. Simo. (This used to be commit 6b214f232eefc4ffbc98dfb68c99d1f0c97ae6db) --- source4/dsdb/samdb/ldb_modules/samldb.c | 58 ++++++++++++++++----------------- 1 file changed, 29 insertions(+), 29 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 40092e68de..ed95d2e7d1 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -226,39 +226,39 @@ static int samldb_allocate_next_rid(struct ldb_module *module, TALLOC_CTX *mem_c struct ldb_message **sid_msgs; const char *sid_attrs[] = { NULL }; - do { - ret = samldb_find_next_rid(module, mem_ctx, dn, &old_rid); - if (ret) { - return ret; - } + ret = samldb_find_next_rid(module, mem_ctx, dn, &old_rid); + if (ret) { + return ret; + } - /* return the new object sid */ - obj_sid = dom_sid_add_rid(mem_ctx, dom_sid, old_rid); + /* return the new object sid */ + obj_sid = dom_sid_add_rid(mem_ctx, dom_sid, old_rid); - ret = samldb_set_next_rid(module->ldb, mem_ctx, dn, old_rid, old_rid + 1); - if (ret != 0) { - return ret; - } + ret = samldb_set_next_rid(module->ldb, mem_ctx, dn, old_rid, old_rid + 1); + if (ret != 0) { + return ret; + } - *new_sid = dom_sid_add_rid(mem_ctx, dom_sid, old_rid + 1); - if (!*new_sid) { - return LDB_ERR_OPERATIONS_ERROR; - } + *new_sid = dom_sid_add_rid(mem_ctx, dom_sid, old_rid + 1); + if (!*new_sid) { + return LDB_ERR_OPERATIONS_ERROR; + } - ret = gendb_search(module->ldb, - mem_ctx, NULL, &sid_msgs, sid_attrs, - "objectSid=%s", - ldap_encode_ndr_dom_sid(mem_ctx, *new_sid)); - if (ret == 0) { - /* Great. There are no conflicting users/groups/etc */ - return 0; - } else if (ret == -1) { - /* Bugger, there is a problem, and we don't know what it is until gendb_search improves */ - return ret; - } else { - /* gah, there are conflicting sids, lets move around the loop again... */ - } - } while (1); + ret = gendb_search(module->ldb, + mem_ctx, NULL, &sid_msgs, sid_attrs, + "objectSid=%s", + ldap_encode_ndr_dom_sid(mem_ctx, *new_sid)); + if (ret == -1) { + /* Bugger, there is a problem, and we don't know what it is until gendb_search improves */ + return ret; + } else { + /* gah, there are conflicting sids. + * This is a critical situation it means that someone messed up with + * the DB and nextRid is not returning free RIDs, report an error + * and refuse to create any user until the problem is fixed */ + ldb_set_errstring(module->ldb, talloc_asprintf(mem_ctx, "Critical Error: unconsistent DB, unable to retireve an unique RID to generate a new SID")); + return LDB_ERR_OPERATIONS_ERROR; + } return ret; } -- cgit From e47c00414f4eb01951bb4ba3707cea4ffb82033d Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sat, 3 Jun 2006 01:32:55 +0000 Subject: r16022: ooops, a bit too aggressive commit :-) (This used to be commit 959c8c35ef170e03a5f698d0fa11616583cc6f66) --- source4/dsdb/samdb/ldb_modules/samldb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index ed95d2e7d1..01972016ae 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -251,7 +251,7 @@ static int samldb_allocate_next_rid(struct ldb_module *module, TALLOC_CTX *mem_c if (ret == -1) { /* Bugger, there is a problem, and we don't know what it is until gendb_search improves */ return ret; - } else { + } else if (ret != 0) { /* gah, there are conflicting sids. * This is a critical situation it means that someone messed up with * the DB and nextRid is not returning free RIDs, report an error -- cgit From ca5accf224dc3ef998235603797b519866b57b1c Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sun, 4 Jun 2006 05:28:13 +0000 Subject: r16036: Add a couple of new functions to corretly deal with timeouts. Check timeouts are correctly verified. Some minor fixed and removal of unused code. (This used to be commit b52e5d6a0cb1a32e62759eaa49ce3e4cc804cc92) --- source4/dsdb/samdb/ldb_modules/extended_dn.c | 4 +--- source4/dsdb/samdb/ldb_modules/kludge_acl.c | 7 +++---- source4/dsdb/samdb/ldb_modules/objectguid.c | 2 ++ source4/dsdb/samdb/ldb_modules/password_hash.c | 11 +++++++++-- source4/dsdb/samdb/ldb_modules/rootdse.c | 4 +--- source4/dsdb/samdb/ldb_modules/samldb.c | 4 +++- 6 files changed, 19 insertions(+), 13 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/extended_dn.c b/source4/dsdb/samdb/ldb_modules/extended_dn.c index 1f2d406a28..71f7a2dc7e 100644 --- a/source4/dsdb/samdb/ldb_modules/extended_dn.c +++ b/source4/dsdb/samdb/ldb_modules/extended_dn.c @@ -172,7 +172,6 @@ struct extended_async_context { struct ldb_module *module; void *up_context; int (*up_callback)(struct ldb_context *, void *, struct ldb_async_result *); - int timeout; const char * const *attrs; BOOL remove_guid; @@ -236,7 +235,6 @@ static int extended_search_async(struct ldb_module *module, struct ldb_request * ac->module = module; ac->up_context = req->async.context; ac->up_callback = req->async.callback; - ac->timeout = req->async.timeout; ac->attrs = req->op.search.attrs; ac->remove_guid = False; ac->remove_sid = False; @@ -289,7 +287,7 @@ static int extended_search_async(struct ldb_module *module, struct ldb_request * down_req->async.context = ac; down_req->async.callback = extended_async_callback; - down_req->async.timeout = req->async.timeout; + ldb_set_timeout_from_prev_req(module->ldb, req, down_req); /* perform the search */ ret = ldb_next_request(module, down_req); diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index 4e09faf269..1b5b896b3f 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -103,7 +103,6 @@ struct kludge_acl_async_context { struct ldb_module *module; void *up_context; int (*up_callback)(struct ldb_context *, void *, struct ldb_async_result *); - int timeout; enum user_is user_type; }; @@ -160,7 +159,6 @@ static int kludge_acl_search_async(struct ldb_module *module, struct ldb_request ac->module = module; ac->up_context = req->async.context; ac->up_callback = req->async.callback; - ac->timeout = req->async.timeout; ac->user_type = what_is_user(module); down_req = talloc_zero(req, struct ldb_request); @@ -178,7 +176,7 @@ static int kludge_acl_search_async(struct ldb_module *module, struct ldb_request down_req->async.context = ac; down_req->async.callback = kludge_acl_async_callback; - down_req->async.timeout = req->async.timeout; + ldb_set_timeout_from_prev_req(module->ldb, req, down_req); /* perform the search */ ret = ldb_next_request(module, down_req); @@ -193,7 +191,8 @@ static int kludge_acl_search_async(struct ldb_module *module, struct ldb_request } /* ANY change type */ -static int kludge_acl_change(struct ldb_module *module, struct ldb_request *req){ +static int kludge_acl_change(struct ldb_module *module, struct ldb_request *req) +{ enum user_is user_type = what_is_user(module); switch (user_type) { case SYSTEM: diff --git a/source4/dsdb/samdb/ldb_modules/objectguid.c b/source4/dsdb/samdb/ldb_modules/objectguid.c index 643f8c17fd..3f6a951997 100644 --- a/source4/dsdb/samdb/ldb_modules/objectguid.c +++ b/source4/dsdb/samdb/ldb_modules/objectguid.c @@ -99,6 +99,8 @@ static int objectguid_add(struct ldb_module *module, struct ldb_request *req) return ret; } + ldb_set_timeout_from_prev_req(module->ldb, req, down_req); + /* go on with the call chain */ ret = ldb_next_request(module, down_req); diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index a04fb52cd2..8a400fbc63 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -510,6 +510,7 @@ static int build_domain_data_request(struct ph_async_context *ac, ac->dom_req->async.context = ac; ac->dom_req->async.callback = get_domain_data_callback; ac->dom_req->async.timeout = ac->orig_req->async.timeout; + ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->dom_req); return LDB_SUCCESS; } @@ -634,7 +635,7 @@ static int password_hash_add_do_add(struct ldb_async_handle *h) { if (ac->down_req->op.add.message == NULL) { return LDB_ERR_OPERATIONS_ERROR; } - + /* Some operations below require kerberos contexts */ if (smb_krb5_init_context(ac->down_req, &smb_krb5_context) != 0) { return LDB_ERR_OPERATIONS_ERROR; @@ -685,6 +686,8 @@ static int password_hash_add_do_add(struct ldb_async_handle *h) { ac->step = PH_ADD_DO_ADD; + ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->down_req); + /* perform the operation */ return ldb_next_request(ac->module, ac->down_req); } @@ -777,6 +780,8 @@ static int password_hash_modify(struct ldb_module *module, struct ldb_request *r ac->step = PH_MOD_DO_REQ; + ldb_set_timeout_from_prev_req(module->ldb, req, ac->down_req); + return ldb_next_request(module, ac->down_req); } @@ -848,7 +853,7 @@ static int password_hash_mod_search_self(struct ldb_async_handle *h) { ac->search_req->controls = NULL; ac->search_req->async.context = ac; ac->search_req->async.callback = get_self_callback; - ac->search_req->async.timeout = ac->orig_req->async.timeout; + ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->search_req); ac->step = PH_MOD_SEARCH_SELF; @@ -1001,6 +1006,8 @@ static int password_hash_mod_do_mod(struct ldb_async_handle *h) { ac->step = PH_MOD_DO_MOD; + ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->mod_req); + /* perform the search */ return ldb_next_request(ac->module, ac->mod_req); } diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index 46b34a469b..e96da829eb 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -125,7 +125,6 @@ struct rootdse_async_context { struct ldb_module *module; void *up_context; int (*up_callback)(struct ldb_context *, void *, struct ldb_async_result *); - int timeout; const char * const * attrs; }; @@ -176,7 +175,6 @@ static int rootdse_search(struct ldb_module *module, struct ldb_request *req) ac->module = module; ac->up_context = req->async.context; ac->up_callback = req->async.callback; - ac->timeout = req->async.timeout; ac->attrs = req->op.search.attrs; down_req = talloc_zero(req, struct ldb_request); @@ -199,7 +197,7 @@ static int rootdse_search(struct ldb_module *module, struct ldb_request *req) down_req->async.context = ac; down_req->async.callback = rootdse_async_callback; - down_req->async.timeout = req->async.timeout; + ldb_set_timeout_from_prev_req(module->ldb, req, down_req); /* perform the search */ ret = ldb_next_request(module, down_req); diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 01972016ae..eaa7aa034a 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -845,7 +845,9 @@ static int samldb_add(struct ldb_module *module, struct ldb_request *req) *down_req = *req; down_req->op.add.message = talloc_steal(down_req, msg2); - + + ldb_set_timeout_from_prev_req(module->ldb, req, down_req); + /* go on with the call chain */ ret = ldb_next_request(module, down_req); -- cgit From 56c46ee24167ee17b5b7ef074ff5c524ea78bf42 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sun, 4 Jun 2006 22:39:57 +0000 Subject: r16042: Fix crashbug caused by incorret error reporting. (This used to be commit d346531d0a3e7160ae2a3bdc430521148b485540) --- source4/dsdb/samdb/ldb_modules/samldb.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index eaa7aa034a..52433b6249 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -199,7 +199,7 @@ static int samldb_find_next_rid(struct ldb_module *module, TALLOC_CTX *mem_ctx, talloc_steal(mem_ctx, res); if (res->count != 1) { talloc_free(res); - return -1; + return LDB_ERR_OPERATIONS_ERROR; } str = ldb_msg_find_string(res->msgs[0], "nextRid", NULL); @@ -208,12 +208,12 @@ static int samldb_find_next_rid(struct ldb_module *module, TALLOC_CTX *mem_ctx, talloc_asprintf(mem_ctx, "attribute nextRid not found in %s\n", ldb_dn_linearize(res, dn))); talloc_free(res); - return -1; + return LDB_ERR_OPERATIONS_ERROR; } *old_rid = strtol(str, NULL, 0); talloc_free(res); - return 0; + return LDB_SUCCESS; } static int samldb_allocate_next_rid(struct ldb_module *module, TALLOC_CTX *mem_ctx, @@ -250,7 +250,7 @@ static int samldb_allocate_next_rid(struct ldb_module *module, TALLOC_CTX *mem_c ldap_encode_ndr_dom_sid(mem_ctx, *new_sid)); if (ret == -1) { /* Bugger, there is a problem, and we don't know what it is until gendb_search improves */ - return ret; + return LDB_ERR_OPERATIONS_ERROR; } else if (ret != 0) { /* gah, there are conflicting sids. * This is a critical situation it means that someone messed up with @@ -375,7 +375,7 @@ int samldb_notice_sid(struct ldb_module *module, if (ret == -1) { ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_get_new_sid: error searching for proposed sid!\n"); - return -1; + return LDB_ERR_OPERATIONS_ERROR; } dom_sid = dom_sid_dup(mem_ctx, sid); @@ -393,18 +393,18 @@ int samldb_notice_sid(struct ldb_module *module, ldap_encode_ndr_dom_sid(mem_ctx, dom_sid)); if (ret == 0) { /* This isn't an operation on a domain we know about, so nothing to update */ - return 0; + return LDB_SUCCESS; } if (ret > 1) { ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_get_new_sid: error retrieving domain from sid: duplicate domains!\n"); talloc_free(dom_msgs); - return -1; + return LDB_ERR_OPERATIONS_ERROR; } if (ret != 1) { ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_get_new_sid: error retrieving domain sid!\n"); - return -1; + return LDB_ERR_OPERATIONS_ERROR; } dom_dn = dom_msgs[0]->dn; @@ -442,7 +442,7 @@ static int samldb_handle_sid(struct ldb_module *module, return LDB_ERR_OPERATIONS_ERROR; } talloc_free(sid); - ret = 0; + ret = LDB_SUCCESS; } else { ret = samldb_notice_sid(module, msg2, sid); } @@ -587,12 +587,12 @@ static int samldb_fill_group_object(struct ldb_module *module, const struct ldb_ /* Manage SID allocation, conflicts etc */ ret = samldb_handle_sid(module, mem_ctx, msg2); - if (ret == 0) { + if (ret == LDB_SUCCESS) { talloc_steal(msg, msg2); *ret_msg = msg2; } talloc_free(mem_ctx); - return 0; + return ret; } static int samldb_fill_user_or_computer_object(struct ldb_module *module, const struct ldb_message *msg, @@ -685,7 +685,7 @@ static int samldb_fill_user_or_computer_object(struct ldb_module *module, const talloc_steal(msg, msg2); } talloc_free(mem_ctx); - return 0; + return ret; } static int samldb_fill_foreignSecurityPrincipal_object(struct ldb_module *module, const struct ldb_message *msg, -- cgit From 629d6ad3cf98deba6b9e15701ed0c5d908b9fe11 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 6 Jun 2006 17:19:58 +0000 Subject: r16061: Prove that removing the objectClass list in the samldb module breaks things. With this fix, we now correctly detect computers again, and get the correct objectCategory, which is important for the OSX AD plugin. Andrew Bartlett (This used to be commit 4e39d7bb245bc337ac496c7e39a510d1c5611c71) --- source4/dsdb/samdb/ldb_modules/samldb.c | 3 --- 1 file changed, 3 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 52433b6249..464d08068f 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -615,9 +615,6 @@ static int samldb_fill_user_or_computer_object(struct ldb_module *module, const return LDB_ERR_OPERATIONS_ERROR; } - /* remove objectclasses so that they will be added in the right order for MMC to be happy */ - ldb_msg_remove_attr(msg, "objectclass"); - if (samldb_find_attribute(msg, "objectclass", "computer") != NULL) { ret = samldb_copy_template(module, msg2, "(&(CN=TemplateComputer)(objectclass=userTemplate))"); -- cgit From e2e5c037f09fe3480cb9fb14085bde1ee53b2252 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 6 Jun 2006 22:32:24 +0000 Subject: r16069: Remove unused destructor and an unused variable. Andrew Bartlett (This used to be commit 25e85975459acc556c0d46f1683dd4bbdd94874b) --- source4/dsdb/samdb/ldb_modules/samldb.c | 9 --------- 1 file changed, 9 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 464d08068f..e822bba842 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -108,7 +108,6 @@ static BOOL samldb_find_or_add_value(struct ldb_module *module, struct ldb_messa static BOOL samldb_find_or_add_attribute(struct ldb_module *module, struct ldb_message *msg, const char *name, const char *set_value) { - int j; struct ldb_message_element *el; if (msg == NULL || name == NULL || set_value == NULL) { @@ -857,16 +856,8 @@ static int samldb_add(struct ldb_module *module, struct ldb_request *req) return ret; } -static int samldb_destructor(void *module_ctx) -{ - /* struct ldb_module *ctx = module_ctx; */ - /* put your clean-up functions here */ - return 0; -} - static int samldb_init(struct ldb_module *module) { - talloc_set_destructor(module, samldb_destructor); return ldb_next_init(module); } -- cgit From 2ed444de43e626524e9d488da124f91e28e354bf Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Wed, 7 Jun 2006 00:42:19 +0000 Subject: r16070: Fix kludge_acls (This used to be commit 795f8ebe8eecf28f5729754dc248d2a8411effb9) --- source4/dsdb/samdb/ldb_modules/kludge_acl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index 1b5b896b3f..5f625686a9 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -229,7 +229,7 @@ static int kludge_acl_init(struct ldb_module *module) { int ret, i; TALLOC_CTX *mem_ctx = talloc_new(module); - const char *attrs[] = { "attribute", NULL }; + static const char *attrs[] = { "passwordAttribute", NULL }; struct ldb_result *res; struct ldb_message *msg; struct ldb_message_element *password_attributes; -- cgit From 247af0d569594512a24e83156e257b8d4d356883 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 7 Jun 2006 21:03:38 +0000 Subject: r16083: Make it possible to initialise a backend module, without it setting up the whole ldb structure. Because the sequence number was a fn pointer on the main ldb context, turn it into a full request (currently sync). Andrew Bartlett (This used to be commit fbe7d0ca9031e292b2d2fae263233c973982980a) --- source4/dsdb/samdb/ldb_modules/rootdse.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index e96da829eb..49d93be7f2 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -102,10 +102,13 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms } if (do_attribute(attrs, "highestCommittedUSN")) { - if (module->ldb->sequence_number != NULL && - ldb_msg_add_fmt(msg, "highestCommittedUSN", - "%llu", module->ldb->sequence_number(module->ldb)) != 0) { - goto failed; + uint64_t seq_num; + int ret = ldb_sequence_number(module->ldb, &seq_num); + if (ret == LDB_SUCCESS) { + if (ldb_msg_add_fmt(msg, "highestCommittedUSN", + "%llu", seq_num) != 0) { + goto failed; + } } } -- cgit From e5a00c8ca6cfbc6665d00aa7f13ca91aaf35da7a Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 8 Jun 2006 23:22:04 +0000 Subject: r16108: Fixes from working with the partition module. We were not using the correct baseDN for the templates search. Using NULL is no longer valid (like against AD). While chasing that down, return proper error codes, and use the ldb_set_errstr() to get a good error string back up to the UI layer. Andrew Bartlett (This used to be commit b31003403d84def6f11b21df566ff57c01da21b8) --- source4/dsdb/samdb/ldb_modules/samldb.c | 29 +++++++++++++++++------------ 1 file changed, 17 insertions(+), 12 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index e822bba842..2dd3c8d833 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -483,12 +483,14 @@ static int samldb_copy_template(struct ldb_module *module, struct ldb_message *m struct ldb_message *t; int ret, i, j; + struct ldb_dn *basedn = ldb_dn_string_compose(msg, samdb_base_dn(msg), "cn=Templates"); /* pull the template record */ - ret = ldb_search(module->ldb, NULL, LDB_SCOPE_SUBTREE, filter, NULL, &res); + ret = ldb_search(module->ldb, basedn, LDB_SCOPE_SUBTREE, filter, NULL, &res); if (ret != LDB_SUCCESS || res->count != 1) { - ldb_debug(module->ldb, LDB_DEBUG_WARNING, "samldb: ERROR: template '%s' matched too many records\n", filter); - return -1; + ldb_set_errstring(module->ldb, talloc_asprintf(module, "samldb_copy_template: ERROR: template '%s' matched %d records, expected 1\n", filter, + res->count)); + return LDB_ERR_OPERATIONS_ERROR; } t = res->msgs[0]; @@ -515,16 +517,16 @@ static int samldb_copy_template(struct ldb_module *module, struct ldb_message *m if ( ! samldb_find_or_add_value(module, msg, el->name, (char *)el->values[j].data, (char *)el->values[j].data)) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "Attribute adding failed...\n"); + ldb_set_errstring(module->ldb, talloc_asprintf(module, "Adding objectClass %s failed.\n", el->values[j].data)); talloc_free(res); - return -1; + return LDB_ERR_OPERATIONS_ERROR; } } else { if ( ! samldb_find_or_add_attribute(module, msg, el->name, (char *)el->values[j].data)) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "Attribute adding failed...\n"); + ldb_set_errstring(module->ldb, talloc_asprintf(module, "Adding attribute %s failed.\n", el->name)); talloc_free(res); - return -1; + return LDB_ERR_OPERATIONS_ERROR; } } } @@ -532,7 +534,7 @@ static int samldb_copy_template(struct ldb_module *module, struct ldb_message *m talloc_free(res); - return 0; + return LDB_SUCCESS; } static int samldb_fill_group_object(struct ldb_module *module, const struct ldb_message *msg, @@ -557,7 +559,6 @@ static int samldb_fill_group_object(struct ldb_module *module, const struct ldb_ ret = samldb_copy_template(module, msg2, "(&(CN=TemplateGroup)(objectclass=groupTemplate))"); if (ret != 0) { - ldb_debug(module->ldb, LDB_DEBUG_WARNING, "samldb_fill_group_object: Error copying template!\n"); talloc_free(mem_ctx); return ret; } @@ -755,13 +756,17 @@ static int samldb_fill_foreignSecurityPrincipal_object(struct ldb_module *module ldap_encode_ndr_dom_sid(mem_ctx, dom_sid)); if (ret >= 1) { const char *name = samdb_result_string(dom_msgs[0], "name", NULL); - ldb_set_errstring(module->ldb, talloc_asprintf(mem_ctx, "Attempt to add foreign SID record with SID %s rejected, because this domian (%s) is already in the database", dom_sid_string(mem_ctx, sid), name)); + ldb_set_errstring(module->ldb, talloc_asprintf(mem_ctx, + "Attempt to add foreign SID record with SID %s rejected, because this domian (%s) is already in the database", + dom_sid_string(mem_ctx, sid), name)); /* We don't really like the idea of foreign sids that are not foreign */ return LDB_ERR_CONSTRAINT_VIOLATION; } else if (ret == -1) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_foreignSecurityPrincipal_object: error searching for a domain with this sid: %s\n", dom_sid_string(mem_ctx, dom_sid)); + ldb_set_errstring(module->ldb, talloc_asprintf(mem_ctx, + "samldb_fill_foreignSecurityPrincipal_object: error searching for a domain with this sid: %s\n", + dom_sid_string(mem_ctx, dom_sid))); talloc_free(dom_msgs); - return -1; + return LDB_ERR_OPERATIONS_ERROR; } /* This isn't an operation on a domain we know about, so just -- cgit From 4a350fd18ffff1f9164a0a8e406bbafaab609547 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 8 Jun 2006 23:23:14 +0000 Subject: r16109: Make this module simpiler, don't intercept operations we are not going to implement. Andrew Bartlett (This used to be commit 3252e425b0e28656ac5fb19fa4edf7322ea72eab) --- source4/dsdb/samdb/ldb_modules/kludge_acl.c | 21 --------------------- 1 file changed, 21 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index 5f625686a9..9db443f48f 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -207,24 +207,6 @@ static int kludge_acl_change(struct ldb_module *module, struct ldb_request *req) } } -/* start a transaction */ -static int kludge_acl_start_trans(struct ldb_module *module) -{ - return ldb_next_start_trans(module); -} - -/* end a transaction */ -static int kludge_acl_end_trans(struct ldb_module *module) -{ - return ldb_next_end_trans(module); -} - -/* delete a transaction */ -static int kludge_acl_del_trans(struct ldb_module *module) -{ - return ldb_next_del_trans(module); -} - static int kludge_acl_init(struct ldb_module *module) { int ret, i; @@ -294,9 +276,6 @@ static const struct ldb_module_ops kludge_acl_ops = { .modify = kludge_acl_change, .del = kludge_acl_change, .rename = kludge_acl_change, - .start_transaction = kludge_acl_start_trans, - .end_transaction = kludge_acl_end_trans, - .del_transaction = kludge_acl_del_trans, .init_context = kludge_acl_init }; -- cgit From c8d0489c10c925ea7e9047ba9a95a6ffca6921c9 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 9 Jun 2006 21:10:08 +0000 Subject: r16129: Further clean up the samldb module. This adds more/better setting of the ldb error string, and avoids using gendb_search(), as this doens't return the error code. Andrew Bartlett (This used to be commit 2d2e71a2d5827c9dc8785b87547559071b47ab34) --- source4/dsdb/samdb/ldb_modules/samldb.c | 94 ++++++++++++++++++--------------- 1 file changed, 52 insertions(+), 42 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 2dd3c8d833..c3004a4d81 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -351,30 +351,35 @@ int samldb_notice_sid(struct ldb_module *module, int ret; struct ldb_dn *dom_dn; struct dom_sid *dom_sid; - const char *dom_attrs[] = { NULL }; - struct ldb_message **dom_msgs; + const char *attrs[] = { NULL }; + struct ldb_result *dom_res; + struct ldb_result *res; uint32_t old_rid; + char *filter; - /* find the domain DN */ + /* find if this SID already exists */ - ret = gendb_search(module->ldb, - mem_ctx, NULL, &dom_msgs, dom_attrs, - "objectSid=%s", - ldap_encode_ndr_dom_sid(mem_ctx, sid)); - if (ret > 0) { - ldb_set_errstring(module->ldb, - talloc_asprintf(mem_ctx, - "Attempt to add record with SID %s rejected," - " because this SID is already in the database", - dom_sid_string(mem_ctx, sid))); - /* We have a duplicate SID, we must reject the add */ - talloc_free(dom_msgs); - return LDB_ERR_CONSTRAINT_VIOLATION; - } - - if (ret == -1) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_get_new_sid: error searching for proposed sid!\n"); - return LDB_ERR_OPERATIONS_ERROR; + filter = talloc_asprintf(mem_ctx, "(objectSid=%s)", + ldap_encode_ndr_dom_sid(mem_ctx, sid)); + + ret = ldb_search(module->ldb, samdb_base_dn(mem_ctx), LDB_SCOPE_SUBTREE, filter, attrs, &res); + if (ret == LDB_SUCCESS) { + if (res->count > 0) { + talloc_free(res); + ldb_set_errstring(module->ldb, + talloc_asprintf(mem_ctx, + "Attempt to add record with SID %s rejected," + " because this SID is already in the database", + dom_sid_string(mem_ctx, sid))); + /* We have a duplicate SID, we must reject the add */ + return LDB_ERR_CONSTRAINT_VIOLATION; + } + talloc_free(res); + } else { + ldb_set_errstring(module->ldb, talloc_asprintf(module, "samldb_notice_sid: error searching to see if sid %s is in use: %s\n", + dom_sid_string(dom_res, sid), + ldb_errstring(module->ldb))); + return ret; } dom_sid = dom_sid_dup(mem_ctx, sid); @@ -385,33 +390,38 @@ int samldb_notice_sid(struct ldb_module *module, dom_sid->num_auths--; /* find the domain DN */ + + filter = talloc_asprintf(mem_ctx, "(&(objectSid=%s)(objectclass=domain))", + ldap_encode_ndr_dom_sid(mem_ctx, dom_sid)); - ret = gendb_search(module->ldb, - mem_ctx, NULL, &dom_msgs, dom_attrs, - "(&(objectSid=%s)(objectclass=domain))", - ldap_encode_ndr_dom_sid(mem_ctx, dom_sid)); - if (ret == 0) { - /* This isn't an operation on a domain we know about, so nothing to update */ - return LDB_SUCCESS; - } - - if (ret > 1) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_get_new_sid: error retrieving domain from sid: duplicate domains!\n"); - talloc_free(dom_msgs); - return LDB_ERR_OPERATIONS_ERROR; - } + ret = ldb_search(module->ldb, samdb_base_dn(mem_ctx), LDB_SCOPE_SUBTREE, filter, attrs, &dom_res); + if (ret == LDB_SUCCESS) { + talloc_steal(mem_ctx, dom_res); + if (dom_res->count == 0) { + talloc_free(dom_res); + /* This isn't an operation on a domain we know about, so nothing to update */ + return LDB_SUCCESS; + } - if (ret != 1) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_get_new_sid: error retrieving domain sid!\n"); - return LDB_ERR_OPERATIONS_ERROR; + if (dom_res->count > 1) { + talloc_free(dom_res); + ldb_set_errstring(module->ldb, talloc_asprintf(module, "samldb_notice_sid: error retrieving domain from sid: duplicate (found %d) domain: %s!\n", + dom_res->count, dom_sid_string(dom_res, dom_sid))); + return LDB_ERR_OPERATIONS_ERROR; + } + } else { + ldb_set_errstring(module->ldb, talloc_asprintf(module, "samldb_notice_sid: error retrieving domain from sid: %s: %s\n", + dom_sid_string(dom_res, dom_sid), + ldb_errstring(module->ldb))); + return ret; } - dom_dn = dom_msgs[0]->dn; + dom_dn = dom_res->msgs[0]->dn; ret = samldb_find_next_rid(module, mem_ctx, dom_dn, &old_rid); if (ret) { - talloc_free(dom_msgs); + talloc_free(dom_res); return ret; } @@ -419,7 +429,7 @@ int samldb_notice_sid(struct ldb_module *module, ret = samldb_set_next_rid(module->ldb, mem_ctx, dom_dn, old_rid, sid->sub_auths[sid->num_auths - 1] + 1); } - talloc_free(dom_msgs); + talloc_free(dom_res); return ret; } @@ -432,7 +442,7 @@ static int samldb_handle_sid(struct ldb_module *module, if (sid == NULL) { sid = samldb_get_new_sid(module, msg2, msg2->dn); if (sid == NULL) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_user_or_computer_object: internal error! Can't generate new sid\n"); + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_handle_sid: internal error! Can't generate new sid\n"); return LDB_ERR_OPERATIONS_ERROR; } -- cgit From 9f4b56dd13e13826290474d20c96221503f4a668 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 12 Jun 2006 19:02:41 +0000 Subject: r16159: Even more work on samldb error reporting. Make sure to get the original error strings back to the callers. Andrew Bartlett (This used to be commit defa63298838fefae7ed003458020045edaef21d) --- source4/dsdb/samdb/ldb_modules/samldb.c | 65 ++++++++++++++++----------------- 1 file changed, 31 insertions(+), 34 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index c3004a4d81..7c28c935ce 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -42,6 +42,8 @@ #include "librpc/gen_ndr/ndr_security.h" #include "db_wrap.h" +int samldb_notice_sid(struct ldb_module *module, + TALLOC_CTX *mem_ctx, const struct dom_sid *sid); /* if value is not null also check for attribute to have exactly that value */ static struct ldb_message_element *samldb_find_attribute(const struct ldb_message *msg, const char *name, const char *value) @@ -222,8 +224,6 @@ static int samldb_allocate_next_rid(struct ldb_module *module, TALLOC_CTX *mem_c struct dom_sid *obj_sid; uint32_t old_rid; int ret; - struct ldb_message **sid_msgs; - const char *sid_attrs[] = { NULL }; ret = samldb_find_next_rid(module, mem_ctx, dn, &old_rid); if (ret) { @@ -233,30 +233,19 @@ static int samldb_allocate_next_rid(struct ldb_module *module, TALLOC_CTX *mem_c /* return the new object sid */ obj_sid = dom_sid_add_rid(mem_ctx, dom_sid, old_rid); - ret = samldb_set_next_rid(module->ldb, mem_ctx, dn, old_rid, old_rid + 1); - if (ret != 0) { - return ret; - } - *new_sid = dom_sid_add_rid(mem_ctx, dom_sid, old_rid + 1); if (!*new_sid) { return LDB_ERR_OPERATIONS_ERROR; } - ret = gendb_search(module->ldb, - mem_ctx, NULL, &sid_msgs, sid_attrs, - "objectSid=%s", - ldap_encode_ndr_dom_sid(mem_ctx, *new_sid)); - if (ret == -1) { - /* Bugger, there is a problem, and we don't know what it is until gendb_search improves */ - return LDB_ERR_OPERATIONS_ERROR; - } else if (ret != 0) { + ret = samldb_notice_sid(module, mem_ctx, *new_sid); + if (ret != 0) { /* gah, there are conflicting sids. * This is a critical situation it means that someone messed up with * the DB and nextRid is not returning free RIDs, report an error * and refuse to create any user until the problem is fixed */ - ldb_set_errstring(module->ldb, talloc_asprintf(mem_ctx, "Critical Error: unconsistent DB, unable to retireve an unique RID to generate a new SID")); - return LDB_ERR_OPERATIONS_ERROR; + ldb_set_errstring(module->ldb, talloc_asprintf(mem_ctx, "Critical Error: unconsistent DB, unable to retireve an unique RID to generate a new SID: %s", ldb_errstring(module->ldb))); + return ret; } return ret; } @@ -295,8 +284,9 @@ static struct ldb_dn *samldb_search_domain(struct ldb_module *module, TALLOC_CTX allocate a new RID for the domain return the new sid string */ -static struct dom_sid *samldb_get_new_sid(struct ldb_module *module, - TALLOC_CTX *mem_ctx, const struct ldb_dn *obj_dn) +static int samldb_get_new_sid(struct ldb_module *module, + TALLOC_CTX *mem_ctx, const struct ldb_dn *obj_dn, + struct dom_sid **sid) { const char * const attrs[2] = { "objectSid", NULL }; struct ldb_result *res = NULL; @@ -308,37 +298,45 @@ static struct dom_sid *samldb_get_new_sid(struct ldb_module *module, dom_dn = samldb_search_domain(module, mem_ctx, obj_dn); if (dom_dn == NULL) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "Invalid dn (%s) not child of a domain object!\n", ldb_dn_linearize(mem_ctx, obj_dn)); - return NULL; + ldb_set_errstring(module->ldb, talloc_asprintf(mem_ctx, "Invalid dn (%s) not child of a domain object!\n", ldb_dn_linearize(mem_ctx, obj_dn))); + return LDB_ERR_CONSTRAINT_VIOLATION; } /* find the domain sid */ ret = ldb_search(module->ldb, dom_dn, LDB_SCOPE_BASE, "objectSid=*", attrs, &res); - if (ret != LDB_SUCCESS || res->count != 1) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_get_new_sid: error retrieving domain sid!\n"); + if (ret != LDB_SUCCESS) { + ldb_set_errstring(module->ldb, talloc_asprintf(module, "samldb_get_new_sid: error retrieving domain sid from %s: %s!\n", + ldb_dn_linearize(mem_ctx, dom_dn), + ldb_errstring(module->ldb))); talloc_free(res); - return NULL; + return ret; + } + + if (res->count != 1) { + ldb_set_errstring(module->ldb, talloc_asprintf(module, "samldb_get_new_sid: error retrieving domain sid from %s: not found!\n", + ldb_dn_linearize(mem_ctx, dom_dn))); + return LDB_ERR_CONSTRAINT_VIOLATION; } dom_sid = samdb_result_dom_sid(res, res->msgs[0], "objectSid"); if (dom_sid == NULL) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_get_new_sid: error retrieving domain sid!\n"); + ldb_set_errstring(module->ldb, talloc_asprintf(module, "samldb_get_new_sid: error parsing domain sid!\n")); talloc_free(res); - return NULL; + return LDB_ERR_CONSTRAINT_VIOLATION; } /* allocate a new Rid for the domain */ - ret = samldb_allocate_next_rid(module, mem_ctx, dom_dn, dom_sid, &obj_sid); + ret = samldb_allocate_next_rid(module, mem_ctx, dom_dn, dom_sid, sid); if (ret != 0) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "Failed to increment nextRid of %s\n", ldb_dn_linearize(mem_ctx, dom_dn)); + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "Failed to increment nextRid of %s: %s\n", ldb_dn_linearize(mem_ctx, dom_dn), ldb_errstring(module->ldb)); talloc_free(res); - return NULL; + return ret; } talloc_free(res); - return obj_sid; + return ret; } /* If we are adding new users/groups, we need to update the nextRid @@ -440,10 +438,9 @@ static int samldb_handle_sid(struct ldb_module *module, struct dom_sid *sid = samdb_result_dom_sid(mem_ctx, msg2, "objectSid"); if (sid == NULL) { - sid = samldb_get_new_sid(module, msg2, msg2->dn); - if (sid == NULL) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_handle_sid: internal error! Can't generate new sid\n"); - return LDB_ERR_OPERATIONS_ERROR; + ret = samldb_get_new_sid(module, msg2, msg2->dn, &sid); + if (ret != 0) { + return ret; } if ( ! samldb_msg_add_sid(module, msg2, "objectSid", sid)) { -- cgit From 422f1b5495cba21c697d9d7b6026e980ed611546 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 14 Jun 2006 16:09:34 +0000 Subject: r16227: Don't segfault if the ldb_search() fails. Andrew Bartlett (This used to be commit af11f464a717cc7db0393070da780091a6053ee0) --- source4/dsdb/samdb/ldb_modules/samldb.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 7c28c935ce..b883809417 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -292,7 +292,7 @@ static int samldb_get_new_sid(struct ldb_module *module, struct ldb_result *res = NULL; const struct ldb_dn *dom_dn; int ret; - struct dom_sid *dom_sid, *obj_sid; + struct dom_sid *dom_sid; /* get the domain component part of the provided dn */ @@ -494,7 +494,10 @@ static int samldb_copy_template(struct ldb_module *module, struct ldb_message *m /* pull the template record */ ret = ldb_search(module->ldb, basedn, LDB_SCOPE_SUBTREE, filter, NULL, &res); - if (ret != LDB_SUCCESS || res->count != 1) { + if (ret != LDB_SUCCESS) { + return ret; + } + if (res->count != 1) { ldb_set_errstring(module->ldb, talloc_asprintf(module, "samldb_copy_template: ERROR: template '%s' matched %d records, expected 1\n", filter, res->count)); return LDB_ERR_OPERATIONS_ERROR; -- cgit From 4a687bc44fa92a2a3c1848e7431ecc8c26bb9f31 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 15 Jun 2006 00:29:11 +0000 Subject: r16240: Add better error reporting in the password_hash module Remove duplicate attribute in search request Search for the domain by NDR-encoded SID, not string (consistant with the rest of the C code, and helps partially-constructed LDAP backends). Use the default basedn for the domain search. Andrew Bartlett (This used to be commit 2f104612cd6f170dd28fd4ce09156168d47a681a) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 8a400fbc63..2466aac423 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -489,10 +489,11 @@ static int build_domain_data_request(struct ph_async_context *ac, return LDB_ERR_OPERATIONS_ERROR; } ac->dom_req->operation = LDB_SEARCH; - ac->dom_req->op.search.base = NULL; + ac->dom_req->op.search.base = samdb_base_dn(ac); ac->dom_req->op.search.scope = LDB_SCOPE_SUBTREE; - filter = talloc_asprintf(ac->dom_req, "(&(objectSid=%s)(objectClass=domain))", dom_sid_string(ac->dom_req, sid)); + filter = talloc_asprintf(ac->dom_req, "(&(objectSid=%s)(objectClass=domain))", + ldap_encode_ndr_dom_sid(ac->dom_req, sid)); if (filter == NULL) { ldb_debug(ac->module->ldb, LDB_DEBUG_ERROR, "Out of Memory!\n"); talloc_free(ac->dom_req); @@ -525,6 +526,12 @@ static struct domain_data *get_domain_data(struct ldb_module *module, void *mem_ return NULL; } + if (res == NULL) { + ldb_debug(module->ldb, LDB_DEBUG_ERROR, "Could not find this user's domain!\n"); + talloc_free(data); + return NULL; + } + data->pwdProperties = samdb_result_uint(res->message, "pwdProperties", 0); data->pwdHistoryLength = samdb_result_uint(res->message, "pwdHistoryLength", 0); tmp = ldb_msg_find_string(res->message, "dnsDomain", NULL); @@ -575,14 +582,16 @@ static int password_hash_add(struct ldb_module *module, struct ldb_request *req) /* if it is not an entry of type person its an error */ /* TODO: remove this when sambaPassword will be in schema */ if (!ldb_msg_check_string_attribute(req->op.add.message, "objectClass", "person")) { + ldb_set_errstring(module->ldb, talloc_asprintf(module, "Cannot set a password on entry that does not have objectClass 'person'")); return LDB_ERR_OBJECT_CLASS_VIOLATION; } /* check sambaPassword is single valued here */ /* TODO: remove this when sambaPassword will be single valued in schema */ if (attribute->num_values > 1) { - ldb_set_errstring(module->ldb, talloc_asprintf(req, - "mupltiple values for sambaPassword not allowed!\n")); + ldb_set_errstring(module->ldb, + talloc_asprintf(req, + "mupltiple values for sambaPassword not allowed!\n")); return LDB_ERR_CONSTRAINT_VIOLATION; } @@ -825,7 +834,6 @@ static int password_hash_mod_search_self(struct ldb_async_handle *h) { struct ph_async_context *ac; static const char * const attrs[] = { "userAccountControl", "sambaLMPwdHistory", "sambaNTPwdHistory", - "ntPwdHash", "objectSid", "msDS-KeyVersionNumber", "objectClass", "userPrincipalName", "samAccountName", -- cgit From f77c4100842f8c5357fa90822e04319810a04b8d Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 15 Jun 2006 18:04:24 +0000 Subject: r16264: Add, but do not yet enable, the partitions module. This required changes to the rootDSE module, to allow registration of partitions. In doing so I renamed the 'register' operation to 'register_control' and 'register_partition', which changed a few more modules. Due to the behaviour of certain LDAP servers, we create the baseDN entry in two parts: Firstly, we allow the admin to export a simple LDIF file to add to their server. Then we perform a modify to add the remaining attributes. To delete all users in partitions, we must now search and delete all objects in the partition, rather than a simple search from the root. Against LDAP, this might not delete all objects, so we allow this to fail. In testing, we found that the 'Domain Controllers' container was misnamed, and should be 'CN=', rather than 'OU='. To avoid the Templates being found in default searches, they have been moved to CN=Templates from CN=Templates,${BASEDN}. Andrew Bartlett (This used to be commit b49a4fbb57f10726bd288fdc9fc95c0cbbe9094a) --- source4/dsdb/samdb/ldb_modules/config.mk | 11 + source4/dsdb/samdb/ldb_modules/extended_dn.c | 4 +- source4/dsdb/samdb/ldb_modules/partition.c | 297 +++++++++++++++++++++++++++ source4/dsdb/samdb/ldb_modules/rootdse.c | 50 ++++- source4/dsdb/samdb/ldb_modules/samldb.c | 2 +- 5 files changed, 356 insertions(+), 8 deletions(-) create mode 100644 source4/dsdb/samdb/ldb_modules/partition.c (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index 3790d731d9..ce4f12bcfe 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -92,3 +92,14 @@ OBJ_FILES = \ # End MODULE ldb_extended_dn ################################################ +################################################ +# Start MODULE ldb_partition +[MODULE::ldb_partition] +SUBSYSTEM = ldb +INIT_FUNCTION = ldb_partition_init +OBJ_FILES = \ + partition.o +# +# End MODULE ldb_partition +################################################ + diff --git a/source4/dsdb/samdb/ldb_modules/extended_dn.c b/source4/dsdb/samdb/ldb_modules/extended_dn.c index 71f7a2dc7e..aa800a0ae1 100644 --- a/source4/dsdb/samdb/ldb_modules/extended_dn.c +++ b/source4/dsdb/samdb/ldb_modules/extended_dn.c @@ -311,8 +311,8 @@ static int extended_init(struct ldb_module *module) return LDB_ERR_OPERATIONS_ERROR; } - req->operation = LDB_REQ_REGISTER; - req->op.reg.oid = LDB_CONTROL_EXTENDED_DN_OID; + req->operation = LDB_REQ_REGISTER_CONTROL; + req->op.reg_control.oid = LDB_CONTROL_EXTENDED_DN_OID; req->controls = NULL; ret = ldb_request(module->ldb, req); diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c new file mode 100644 index 0000000000..6d3d42c23a --- /dev/null +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -0,0 +1,297 @@ +/* + Partitions ldb module + + Copyright (C) Andrew Bartlett 2006 + + * NOTICE: this module is NOT released under the GNU LGPL license as + * other ldb code. This module is release under the GNU GPL v2 or + * later license. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +/* + * Name: ldb + * + * Component: ldb partitions module + * + * Description: Implement LDAP partitions + * + * Author: Andrew Bartlett + */ + +#include "includes.h" +#include "ldb/include/includes.h" + +struct partition { + struct ldb_module *module; + const char *backend; + struct ldb_dn *dn; +}; +struct partition_private_data { + struct partition **partitions; +}; + +struct ldb_module *find_backend(struct ldb_module *module, struct ldb_request *req, const struct ldb_dn *dn) +{ + int i; + struct partition_private_data *data = talloc_get_type(module->private_data, + struct partition_private_data); + /* Look at base DN */ + /* Figure out which partition it is under */ + /* Skip the lot if 'data' isn't here yet (initialistion) */ + for (i=0; data && data->partitions && data->partitions[i]; i++) { + if (ldb_dn_compare_base(module->ldb, + data->partitions[i]->dn, + dn) == 0) { + struct ldb_module *current; + static const struct ldb_module_ops ops; /* zero */ + current = talloc_zero(req, struct ldb_module); + if (current == NULL) { + return module; + } + + current->ldb = module->ldb; + current->ops = &ops; + current->prev = module; + current->next = data->partitions[i]->module; + return current; + } + } + + return module; +}; + +/* search */ +static int partition_search(struct ldb_module *module, struct ldb_request *req) +{ + /* Find backend */ + struct ldb_module *backend = find_backend(module, req, req->op.search.base); + + /* issue request */ + + /* (later) consider if we should be searching multiple + * partitions (for 'invisible' partition behaviour */ + return ldb_next_request(backend, req); +} + +/* add */ +static int partition_add(struct ldb_module *module, struct ldb_request *req) +{ + /* Find backend */ + struct ldb_module *backend = find_backend(module, req, req->op.add.message->dn); + + /* issue request */ + + return ldb_next_request(backend, req); +} + +/* modify */ +static int partition_modify(struct ldb_module *module, struct ldb_request *req) +{ + /* Find backend */ + struct ldb_module *backend = find_backend(module, req, req->op.mod.message->dn); + + /* issue request */ + + return ldb_next_request(backend, req); +} + +/* delete */ +static int partition_delete(struct ldb_module *module, struct ldb_request *req) +{ + /* Find backend */ + struct ldb_module *backend = find_backend(module, req, req->op.del.dn); + + /* issue request */ + + return ldb_next_request(backend, req); +} + +/* rename */ +static int partition_rename(struct ldb_module *module, struct ldb_request *req) +{ + /* Find backend */ + struct ldb_module *backend = find_backend(module, req, req->op.rename.olddn); + struct ldb_module *backend2 = find_backend(module, req, req->op.rename.newdn); + + if (backend->next != backend2->next) { + return LDB_ERR_AFFECTS_MULTIPLE_DSAS; + } + + /* issue request */ + + /* (later) consider if we should be searching multiple partitions */ + return ldb_next_request(backend, req); +} + +#if 0 +/* We should do this over the entire list of partitions */ + +/* start a transaction */ +static int partition_start_trans(struct ldb_module *module) +{ + return ldb_next_start_trans(module); +} + +/* end a transaction */ +static int partition_end_trans(struct ldb_module *module) +{ + return ldb_next_end_trans(module); +} + +/* delete a transaction */ +static int partition_del_trans(struct ldb_module *module) +{ + return ldb_next_del_trans(module); +} +#endif + +static int partition_init(struct ldb_module *module) +{ + int ret, i; + TALLOC_CTX *mem_ctx = talloc_new(module); + static const char *attrs[] = { "partition", NULL }; + struct ldb_result *res; + struct ldb_message *msg; + struct ldb_message_element *partition_attributes; + + struct partition_private_data *data; + + if (!mem_ctx) { + return LDB_ERR_OPERATIONS_ERROR; + } + + data = talloc(mem_ctx, struct partition_private_data); + if (data == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + ret = ldb_search(module->ldb, ldb_dn_explode(mem_ctx, "@PARTITION"), + LDB_SCOPE_BASE, + NULL, attrs, + &res); + if (ret != LDB_SUCCESS) { + talloc_free(mem_ctx); + return ret; + } + talloc_steal(mem_ctx, res); + if (res->count == 0) { + talloc_free(mem_ctx); + return ldb_next_init(module); + } + + if (res->count > 1) { + talloc_free(mem_ctx); + return LDB_ERR_CONSTRAINT_VIOLATION; + } + + msg = res->msgs[0]; + + partition_attributes = ldb_msg_find_element(msg, "partition"); + if (!partition_attributes) { + ldb_set_errstring(module->ldb, + talloc_asprintf(module, "partition_init: " + "no partitions specified")); + return LDB_ERR_CONSTRAINT_VIOLATION; + } + data->partitions = talloc_array(data, struct partition *, partition_attributes->num_values + 1); + if (!data->partitions) { + talloc_free(mem_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + for (i=0; i < partition_attributes->num_values; i++) { + struct ldb_request *req; + + char *base = talloc_strdup(data->partitions, (char *)partition_attributes->values[i].data); + char *p = strchr(base, ':'); + if (!p) { + ldb_set_errstring(module->ldb, + talloc_asprintf(module, "partition_init: " + "invalid form for partition record (missing ':'): %s", base)); + return LDB_ERR_CONSTRAINT_VIOLATION; + } + p[0] = '\0'; + p++; + if (!p[0]) { + ldb_set_errstring(module->ldb, + talloc_asprintf(module, "partition_init: " + "invalid form for partition record (missing backend database): %s", base)); + return LDB_ERR_CONSTRAINT_VIOLATION; + } + data->partitions[i] = talloc(data->partitions, struct partition); + if (!data->partitions[i]) { + talloc_free(mem_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + + data->partitions[i]->dn = ldb_dn_explode(data->partitions[i], base); + if (!data->partitions[i]->dn) { + ldb_set_errstring(module->ldb, + talloc_asprintf(module, "partition_init: " + "invalid DN in partition record: %s", base)); + return LDB_ERR_CONSTRAINT_VIOLATION; + } + + data->partitions[i]->backend = private_path(data->partitions[i], p); + ret = ldb_connect_backend(module->ldb, data->partitions[i]->backend, 0, NULL, &data->partitions[i]->module); + if (ret != LDB_SUCCESS) { + return ret; + } + + req = talloc_zero(mem_ctx, struct ldb_request); + if (req == NULL) { + ldb_debug(module->ldb, LDB_DEBUG_ERROR, "partition: Out of memory!\n"); + return LDB_ERR_OPERATIONS_ERROR; + } + + req->operation = LDB_REQ_REGISTER_PARTITION; + req->op.reg_partition.dn = data->partitions[i]->dn; + + ret = ldb_request(module->ldb, req); + if (ret != LDB_SUCCESS) { + ldb_debug(module->ldb, LDB_DEBUG_ERROR, "partition: Unable to register partition with rootdse!\n"); + return LDB_ERR_OTHER; + } + talloc_free(req); + } + data->partitions[i] = NULL; + + module->private_data = data; + talloc_steal(module, data); + + talloc_free(mem_ctx); + return ldb_next_init(module); +} + +static const struct ldb_module_ops partition_ops = { + .name = "partition", + .init_context = partition_init, + .search = partition_search, + .add = partition_add, + .modify = partition_modify, + .del = partition_delete, + .rename = partition_rename, +#if 0 + .start_transaction = partition_start_trans, + .end_transaction = partition_end_trans, + .del_transaction = partition_del_trans, +#endif +}; + +int ldb_partition_init(void) +{ + return ldb_register_module(&partition_ops); +} diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index 49d93be7f2..fd3d2d0fe7 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -31,6 +31,8 @@ struct private_data { int num_controls; char **controls; + int num_partitions; + struct ldb_dn **partitions; }; /* @@ -54,8 +56,10 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms msg->dn = ldb_dn_explode(msg, ""); - /* don't return the distinduishedName attribute if any */ + /* don't return the distinduishedName, cn and name attributes */ ldb_msg_remove_attr(msg, "distinguishedName"); + ldb_msg_remove_attr(msg, "cn"); + ldb_msg_remove_attr(msg, "name"); if (do_attribute(attrs, "currentTime")) { if (ldb_msg_add_steal_string(msg, "currentTime", @@ -78,6 +82,17 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms } } + if (do_attribute(attrs, "namingContexts")) { + int i; + for (i = 0; i < priv->num_partitions; i++) { + struct ldb_dn *dn = priv->partitions[i]; + if (ldb_msg_add_steal_string(msg, "namingContexts", + ldb_dn_linearize(msg, dn)) != 0) { + goto failed; + } + } + } + server_creds = talloc_get_type(ldb_get_opaque(module->ldb, "server_credentials"), struct cli_credentials); if (server_creds && do_attribute(attrs, "supportedSASLMechanisms")) { @@ -111,7 +126,7 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms } } } - + /* TODO: lots more dynamic attributes should be added here */ return LDB_SUCCESS; @@ -189,7 +204,7 @@ static int rootdse_search(struct ldb_module *module, struct ldb_request *req) /* in our db we store the rootDSE with a DN of cn=rootDSE */ down_req->op.search.base = ldb_dn_explode(down_req, "cn=rootDSE"); down_req->op.search.scope = LDB_SCOPE_BASE; - down_req->op.search.tree = ldb_parse_tree(down_req, "dn=*"); + down_req->op.search.tree = ldb_parse_tree(down_req, NULL); if (down_req->op.search.base == NULL || down_req->op.search.tree == NULL) { ldb_oom(module->ldb); talloc_free(down_req); @@ -224,7 +239,7 @@ static int rootdse_register_control(struct ldb_module *module, struct ldb_reques return LDB_ERR_OPERATIONS_ERROR; } - list[priv->num_controls] = talloc_strdup(list, req->op.reg.oid); + list[priv->num_controls] = talloc_strdup(list, req->op.reg_control.oid); if (!list[priv->num_controls]) { return LDB_ERR_OPERATIONS_ERROR; } @@ -235,13 +250,36 @@ static int rootdse_register_control(struct ldb_module *module, struct ldb_reques return LDB_SUCCESS; } +static int rootdse_register_partition(struct ldb_module *module, struct ldb_request *req) +{ + struct private_data *priv = talloc_get_type(module->private_data, struct private_data); + struct ldb_dn **list; + + list = talloc_realloc(priv, priv->partitions, struct ldb_dn *, priv->num_partitions + 1); + if (!list) { + return LDB_ERR_OPERATIONS_ERROR; + } + + list[priv->num_partitions] = talloc_reference(list, req->op.reg_partition.dn); + if (!list[priv->num_partitions]) { + return LDB_ERR_OPERATIONS_ERROR; + } + + priv->num_partitions += 1; + priv->partitions = list; + + return LDB_SUCCESS; +} + static int rootdse_request(struct ldb_module *module, struct ldb_request *req) { switch (req->operation) { - case LDB_REQ_REGISTER: + case LDB_REQ_REGISTER_CONTROL: return rootdse_register_control(module, req); + case LDB_REQ_REGISTER_PARTITION: + return rootdse_register_partition(module, req); default: break; @@ -260,6 +298,8 @@ static int rootdse_init(struct ldb_module *module) data->num_controls = 0; data->controls = NULL; + data->num_partitions = 0; + data->partitions = NULL; module->private_data = data; return ldb_next_init(module); diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index b883809417..2f0c6f2d17 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -490,7 +490,7 @@ static int samldb_copy_template(struct ldb_module *module, struct ldb_message *m struct ldb_message *t; int ret, i, j; - struct ldb_dn *basedn = ldb_dn_string_compose(msg, samdb_base_dn(msg), "cn=Templates"); + struct ldb_dn *basedn = ldb_dn_explode(msg, "cn=Templates"); /* pull the template record */ ret = ldb_search(module->ldb, basedn, LDB_SCOPE_SUBTREE, filter, NULL, &res); -- cgit From 6218aef0cab79dd79818adf351b7d5d64562ac05 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 3 Jul 2006 03:37:55 +0000 Subject: r16769: Working on fixing the RPC-SAMR test against Samba4. This fixes password changes which only include the LM and NT hash, such as the original ChangePassword. It also fixes setting passwords on the BUILTIN domain. Finally, the msDS-KeyVersionNumber is only incremented if not explicity set by the modify. Andrew Bartlett (This used to be commit e957f6f4c61c121f79ad518822691e4fd4bf4341) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 172 +++++++++++++++---------- 1 file changed, 106 insertions(+), 66 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 2466aac423..a4816f13db 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -82,6 +82,8 @@ struct ph_async_context { struct ldb_async_result *search_res; struct ldb_request *mod_req; + + struct dom_sid *domain_sid; }; struct domain_data { @@ -474,8 +476,7 @@ static int get_domain_data_callback(struct ldb_context *ldb, void *context, stru return LDB_SUCCESS; } -static int build_domain_data_request(struct ph_async_context *ac, - struct dom_sid *sid) +static int build_domain_data_request(struct ph_async_context *ac) { /* attrs[] is returned from this function in ac->dom_req->op.search.attrs, so it must be static, as @@ -492,8 +493,8 @@ static int build_domain_data_request(struct ph_async_context *ac, ac->dom_req->op.search.base = samdb_base_dn(ac); ac->dom_req->op.search.scope = LDB_SCOPE_SUBTREE; - filter = talloc_asprintf(ac->dom_req, "(&(objectSid=%s)(objectClass=domain))", - ldap_encode_ndr_dom_sid(ac->dom_req, sid)); + filter = talloc_asprintf(ac->dom_req, "(&(objectSid=%s)(|(objectClass=domain)(objectClass=builtinDomain)))", + ldap_encode_ndr_dom_sid(ac->dom_req, ac->domain_sid)); if (filter == NULL) { ldb_debug(ac->module->ldb, LDB_DEBUG_ERROR, "Out of Memory!\n"); talloc_free(ac->dom_req); @@ -516,18 +517,21 @@ static int build_domain_data_request(struct ph_async_context *ac, return LDB_SUCCESS; } -static struct domain_data *get_domain_data(struct ldb_module *module, void *mem_ctx, struct ldb_async_result *res) +static struct domain_data *get_domain_data(struct ldb_module *module, void *ctx, struct ldb_async_result *res) { struct domain_data *data; const char *tmp; + struct ph_async_context *ac; - data = talloc_zero(mem_ctx, struct domain_data); + ac = talloc_get_type(ctx, struct ph_async_context); + + data = talloc_zero(ac, struct domain_data); if (data == NULL) { return NULL; } if (res == NULL) { - ldb_debug(module->ldb, LDB_DEBUG_ERROR, "Could not find this user's domain!\n"); + ldb_debug(module->ldb, LDB_DEBUG_ERROR, "Could not find this user's domain: %s!\n", dom_sid_string(data, ac->domain_sid)); talloc_free(data); return NULL; } @@ -542,7 +546,7 @@ static struct domain_data *get_domain_data(struct ldb_module *module, void *mem_ ldb_debug(module->ldb, LDB_DEBUG_ERROR, "Out of memory!\n"); return NULL; } - data->realm = strupper_talloc(mem_ctx, tmp); + data->realm = strupper_talloc(data, tmp); if (data->realm == NULL) { ldb_debug(module->ldb, LDB_DEBUG_ERROR, "Out of memory!\n"); return NULL; @@ -556,8 +560,9 @@ static int password_hash_add(struct ldb_module *module, struct ldb_request *req) { struct ldb_async_handle *h; struct ph_async_context *ac; - struct ldb_message_element *attribute; - struct dom_sid *domain_sid; + struct ldb_message_element *sambaAttr; + struct ldb_message_element *ntAttr; + struct ldb_message_element *lmAttr; int ret; ldb_debug(module->ldb, LDB_DEBUG_TRACE, "password_hash_add\n"); @@ -572,10 +577,14 @@ static int password_hash_add(struct ldb_module *module, struct ldb_request *req) return LDB_ERR_UNWILLING_TO_PERFORM; } - /* If no part of this touches the sambaPassword, then we don't - * need to make any changes. For password changes/set there should - * be a 'delete' or a 'modify' on this attribute. */ - if ((attribute = ldb_msg_find_element(req->op.add.message, "sambaPassword")) == NULL ) { + /* If no part of this ADD touches the sambaPassword, or the NT + * or LM hashes, then we don't need to make any changes. */ + + sambaAttr = ldb_msg_find_element(req->op.mod.message, "sambaPassword"); + ntAttr = ldb_msg_find_element(req->op.mod.message, "ntPwdHash"); + lmAttr = ldb_msg_find_element(req->op.mod.message, "lmPwdHash"); + + if ((!sambaAttr) && (!ntAttr) && (!lmAttr)) { return ldb_next_request(module, req); } @@ -588,16 +597,31 @@ static int password_hash_add(struct ldb_module *module, struct ldb_request *req) /* check sambaPassword is single valued here */ /* TODO: remove this when sambaPassword will be single valued in schema */ - if (attribute->num_values > 1) { + if (sambaAttr->num_values > 1) { ldb_set_errstring(module->ldb, talloc_asprintf(req, "mupltiple values for sambaPassword not allowed!\n")); return LDB_ERR_CONSTRAINT_VIOLATION; } + if (ntAttr && (ntAttr->num_values > 1)) { + ldb_set_errstring(module->ldb, + talloc_asprintf(req, + "mupltiple values for lmPwdHash not allowed!\n")); + return LDB_ERR_CONSTRAINT_VIOLATION; + } + if (lmAttr && (lmAttr->num_values > 1)) { + ldb_set_errstring(module->ldb, + talloc_asprintf(req, + "mupltiple values for lmPwdHash not allowed!\n")); + return LDB_ERR_CONSTRAINT_VIOLATION; + } + + ac = talloc_get_type(h->private_data, struct ph_async_context); + /* get user domain data */ - domain_sid = samdb_result_sid_prefix(req, req->op.add.message, "objectSid"); - if (domain_sid == NULL) { + ac->domain_sid = samdb_result_sid_prefix(ac, req->op.add.message, "objectSid"); + if (ac->domain_sid == NULL) { ldb_debug(module->ldb, LDB_DEBUG_ERROR, "can't handle entry with missing objectSid!\n"); return LDB_ERR_OPERATIONS_ERROR; } @@ -606,9 +630,7 @@ static int password_hash_add(struct ldb_module *module, struct ldb_request *req) if (!h) { return LDB_ERR_OPERATIONS_ERROR; } - ac = talloc_get_type(h->private_data, struct ph_async_context); - - ret = build_domain_data_request(ac, domain_sid); + ret = build_domain_data_request(ac); if (ret != LDB_SUCCESS) { return ret; } @@ -625,7 +647,9 @@ static int password_hash_add_do_add(struct ldb_async_handle *h) { struct ph_async_context *ac; struct domain_data *domain; struct smb_krb5_context *smb_krb5_context; + struct ldb_message_element *sambaAttr; struct ldb_message *msg; + int ret; ac = talloc_get_type(h->private_data, struct ph_async_context); @@ -650,30 +674,36 @@ static int password_hash_add_do_add(struct ldb_async_handle *h) { return LDB_ERR_OPERATIONS_ERROR; } - /* we can compute new password hashes from the unicode password */ - if (add_password_hashes(ac->module, msg, 0) != LDB_SUCCESS) { - return LDB_ERR_OPERATIONS_ERROR; - } - - /* now add krb5 keys based on unicode password */ - if (add_krb5_keys_from_password(ac->module, msg, smb_krb5_context, domain, - ldb_msg_find_string(msg, "samAccountName", NULL), - ldb_msg_find_string(msg, "userPrincipalName", NULL), - ldb_msg_check_string_attribute(msg, "objectClass", "computer") - ) != LDB_SUCCESS) { - return LDB_ERR_OPERATIONS_ERROR; - } - - /* add also kr5 keys based on NT the hash */ - if (add_krb5_keys_from_NThash(ac->module, msg, smb_krb5_context) != LDB_SUCCESS) { - return LDB_ERR_OPERATIONS_ERROR; - } - - /* if both the domain properties and the user account controls do not permit - * clear text passwords then wipe out the sambaPassword */ - if ((!(domain->pwdProperties & DOMAIN_PASSWORD_STORE_CLEARTEXT)) || - (!(ldb_msg_find_uint(msg, "userAccountControl", 0) & UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED))) { - ldb_msg_remove_attr(msg, "sambaPassword"); + /* if we have sambaPassword in the original message add the operatio on it here */ + sambaAttr = ldb_msg_find_element(msg, "sambaPassword"); + if (sambaAttr) { + ret = add_password_hashes(ac->module, msg, 0); + /* we can compute new password hashes from the unicode password */ + if (ret != LDB_SUCCESS) { + return ret; + } + + /* now add krb5 keys based on unicode password */ + ret = add_krb5_keys_from_password(ac->module, msg, smb_krb5_context, domain, + ldb_msg_find_string(msg, "samAccountName", NULL), + ldb_msg_find_string(msg, "userPrincipalName", NULL), + ldb_msg_check_string_attribute(msg, "objectClass", "computer")); + if (ret != LDB_SUCCESS) { + return ret; + } + + /* add also kr5 keys based on NT the hash */ + ret = add_krb5_keys_from_NThash(ac->module, msg, smb_krb5_context); + if (ret != LDB_SUCCESS) { + return ret; + } + + /* if both the domain properties and the user account controls do not permit + * clear text passwords then wipe out the sambaPassword */ + if ((!(domain->pwdProperties & DOMAIN_PASSWORD_STORE_CLEARTEXT)) || + (!(ldb_msg_find_uint(msg, "userAccountControl", 0) & UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED))) { + ldb_msg_remove_attr(msg, "sambaPassword"); + } } /* don't touch it if a value is set. It could be an incoming samsync */ @@ -871,20 +901,19 @@ static int password_hash_mod_search_self(struct ldb_async_handle *h) { static int password_hash_mod_search_dom(struct ldb_async_handle *h) { struct ph_async_context *ac; - struct dom_sid *domain_sid; int ret; ac = talloc_get_type(h->private_data, struct ph_async_context); /* get object domain sid */ - domain_sid = samdb_result_sid_prefix(ac, ac->search_res->message, "objectSid"); - if (domain_sid == NULL) { + ac->domain_sid = samdb_result_sid_prefix(ac, ac->search_res->message, "objectSid"); + if (ac->domain_sid == NULL) { ldb_debug(ac->module->ldb, LDB_DEBUG_ERROR, "can't handle entry with missing objectSid!\n"); return LDB_ERR_OPERATIONS_ERROR; } /* get user domain data */ - ret = build_domain_data_request(ac, domain_sid); + ret = build_domain_data_request(ac); if (ret != LDB_SUCCESS) { return ret; } @@ -902,6 +931,8 @@ static int password_hash_mod_do_mod(struct ldb_async_handle *h) { struct ldb_message_element *sambaAttr; struct ldb_message *msg; int phlen; + int ret; + BOOL added_hashes = False; ac = talloc_get_type(h->private_data, struct ph_async_context); @@ -936,7 +967,7 @@ static int password_hash_mod_do_mod(struct ldb_async_handle *h) { return LDB_ERR_OPERATIONS_ERROR; } - /* if we have sambaPassword in the original message add the operatio on it here */ + /* if we have sambaPassword in the original message add the operation on it here */ sambaAttr = ldb_msg_find_element(ac->orig_req->op.mod.message, "sambaPassword"); if (sambaAttr) { @@ -944,21 +975,26 @@ static int password_hash_mod_do_mod(struct ldb_async_handle *h) { return LDB_ERR_OPERATIONS_ERROR; } - /* we are not deleteing it add password hashes */ - if ((sambaAttr->flags & LDB_FLAG_MOD_MASK) != LDB_FLAG_MOD_DELETE) { - + /* if we are actually settting a new unicode password, + * use it to generate the password hashes */ + if (((sambaAttr->flags & LDB_FLAG_MOD_MASK) != LDB_FLAG_MOD_DELETE) + && (sambaAttr->num_values == 1)) { /* we can compute new password hashes from the unicode password */ - if (add_password_hashes(ac->module, msg, 1) != LDB_SUCCESS) { - return LDB_ERR_OPERATIONS_ERROR; + ret = add_password_hashes(ac->module, msg, 1); + if (ret != LDB_SUCCESS) { + return ret; } + added_hashes = True; + /* now add krb5 keys based on unicode password */ - if (add_krb5_keys_from_password(ac->module, msg, smb_krb5_context, domain, - ldb_msg_find_string(ac->search_res->message, "samAccountName", NULL), - ldb_msg_find_string(ac->search_res->message, "userPrincipalName", NULL), - ldb_msg_check_string_attribute(ac->search_res->message, "objectClass", "computer") - ) != LDB_SUCCESS) { - return LDB_ERR_OPERATIONS_ERROR; + ret = add_krb5_keys_from_password(ac->module, msg, smb_krb5_context, domain, + ldb_msg_find_string(ac->search_res->message, "samAccountName", NULL), + ldb_msg_find_string(ac->search_res->message, "userPrincipalName", NULL), + ldb_msg_check_string_attribute(ac->search_res->message, "objectClass", "computer")); + + if (ret != LDB_SUCCESS) { + return ret; } /* if the domain properties or the user account controls do not permit @@ -971,8 +1007,8 @@ static int password_hash_mod_do_mod(struct ldb_async_handle *h) { } } - /* if we don't have sambaPassword or we are trying to delete it try with nt or lm hasehs */ - if ((!sambaAttr) || ((sambaAttr->flags & LDB_FLAG_MOD_MASK) == LDB_FLAG_MOD_DELETE)) { + /* if we didn't create the hashes above, try using values supplied directly */ + if (!added_hashes) { struct ldb_message_element *el; el = ldb_msg_find_element(ac->orig_req->op.mod.message, "ntPwdHash"); @@ -997,10 +1033,14 @@ static int password_hash_mod_do_mod(struct ldb_async_handle *h) { } /* don't touch it if a value is set. It could be an incoming samsync */ - if (add_keyVersionNumber(ac->module, msg, - ldb_msg_find_uint(msg, "msDS-KeyVersionNumber", 0) - ) != LDB_SUCCESS) { - return LDB_ERR_OPERATIONS_ERROR; + if (!ldb_msg_find_element(ac->orig_req->op.mod.message, + "msDS-KeyVersionNumber")) { + if (add_keyVersionNumber(ac->module, msg, + ldb_msg_find_uint(ac->search_res->message, + "msDS-KeyVersionNumber", 0) + ) != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; + } } if ((phlen = samdb_result_uint(ac->dom_res->message, "pwdHistoryLength", 0)) > 0) { -- cgit From a3f606f6cab58e7e15f8a4f6a05a7437dc0569c8 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 3 Jul 2006 15:49:23 +0000 Subject: r16784: - make some function in ldb static, they not need to be exported anywhere - fix a bad segfault Andrew please make test before committing. Simo. (This used to be commit b9b6bb3e89d3b0e04ccce15156c1a128b6f20d88) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index a4816f13db..9d7c78487a 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -617,6 +617,10 @@ static int password_hash_add(struct ldb_module *module, struct ldb_request *req) return LDB_ERR_CONSTRAINT_VIOLATION; } + h = ph_init_handle(req, module, PH_ADD); + if (!h) { + return LDB_ERR_OPERATIONS_ERROR; + } ac = talloc_get_type(h->private_data, struct ph_async_context); /* get user domain data */ @@ -626,10 +630,6 @@ static int password_hash_add(struct ldb_module *module, struct ldb_request *req) return LDB_ERR_OPERATIONS_ERROR; } - h = ph_init_handle(req, module, PH_ADD); - if (!h) { - return LDB_ERR_OPERATIONS_ERROR; - } ret = build_domain_data_request(ac); if (ret != LDB_SUCCESS) { return ret; -- cgit From f2e8b3202c99065dafca3ba36a43450c509d0bd8 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 6 Jul 2006 05:23:29 +0000 Subject: r16827: Factor out some code into common samdb functions: - creation of ForeignSecurityPrincipals - template duplication code Rework much of the LSA server to pass the RPC-LSA test. Much of the server code was untested. In implementing the LSA Accounts feature, I have opted to have it only create entires when privilages are applied, and not to delete entries, but to delete the privilages. We skip some parts of the test, but it is much better than not testing it at all. Andrew Bartlett (This used to be commit 10eeea6da465564ed9f785d06e2d2ed06cfe29a4) --- source4/dsdb/samdb/ldb_modules/samldb.c | 173 +++++--------------------------- 1 file changed, 24 insertions(+), 149 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 2f0c6f2d17..c95fb70820 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -45,45 +45,6 @@ int samldb_notice_sid(struct ldb_module *module, TALLOC_CTX *mem_ctx, const struct dom_sid *sid); -/* if value is not null also check for attribute to have exactly that value */ -static struct ldb_message_element *samldb_find_attribute(const struct ldb_message *msg, const char *name, const char *value) -{ - int j; - struct ldb_message_element *el = ldb_msg_find_element(msg, name); - if (!el) { - return NULL; - } - - if (!value) { - return el; - } - - for (j = 0; j < el->num_values; j++) { - if (strcasecmp(value, - (char *)el->values[j].data) == 0) { - return el; - } - } - - return NULL; -} - -static BOOL samldb_msg_add_string(struct ldb_module *module, struct ldb_message *msg, const char *name, const char *value) -{ - char *aval = talloc_strdup(msg, value); - - if (aval == NULL) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_msg_add_string: talloc_strdup failed!\n"); - return False; - } - - if (ldb_msg_add_string(msg, name, aval) != 0) { - return False; - } - - return True; -} - static BOOL samldb_msg_add_sid(struct ldb_module *module, struct ldb_message *msg, const char *name, const struct dom_sid *sid) { struct ldb_val v; @@ -96,34 +57,6 @@ static BOOL samldb_msg_add_sid(struct ldb_module *module, struct ldb_message *ms return (ldb_msg_add_value(msg, name, &v) == 0); } -static BOOL samldb_find_or_add_value(struct ldb_module *module, struct ldb_message *msg, const char *name, const char *value, const char *set_value) -{ - if (msg == NULL || name == NULL || value == NULL || set_value == NULL) { - return False; - } - - if (samldb_find_attribute(msg, name, value) == NULL) { - return samldb_msg_add_string(module, msg, name, set_value); - } - return True; -} - -static BOOL samldb_find_or_add_attribute(struct ldb_module *module, struct ldb_message *msg, const char *name, const char *set_value) -{ - struct ldb_message_element *el; - - if (msg == NULL || name == NULL || set_value == NULL) { - return False; - } - - el = ldb_msg_find_element(msg, name); - if (el) { - return True; - } - - return samldb_msg_add_string(module, msg, name, set_value); -} - /* allocate a new id, attempting to do it atomically return 0 on failure, the id on success @@ -484,69 +417,6 @@ static char *samldb_generate_samAccountName(struct ldb_module *module, TALLOC_CT } while (1); } -static int samldb_copy_template(struct ldb_module *module, struct ldb_message *msg, const char *filter) -{ - struct ldb_result *res; - struct ldb_message *t; - int ret, i, j; - - struct ldb_dn *basedn = ldb_dn_explode(msg, "cn=Templates"); - - /* pull the template record */ - ret = ldb_search(module->ldb, basedn, LDB_SCOPE_SUBTREE, filter, NULL, &res); - if (ret != LDB_SUCCESS) { - return ret; - } - if (res->count != 1) { - ldb_set_errstring(module->ldb, talloc_asprintf(module, "samldb_copy_template: ERROR: template '%s' matched %d records, expected 1\n", filter, - res->count)); - return LDB_ERR_OPERATIONS_ERROR; - } - t = res->msgs[0]; - - for (i = 0; i < t->num_elements; i++) { - struct ldb_message_element *el = &t->elements[i]; - /* some elements should not be copied from the template */ - if (strcasecmp(el->name, "cn") == 0 || - strcasecmp(el->name, "name") == 0 || - strcasecmp(el->name, "sAMAccountName") == 0 || - strcasecmp(el->name, "objectGUID") == 0) { - continue; - } - for (j = 0; j < el->num_values; j++) { - if (strcasecmp(el->name, "objectClass") == 0) { - if (strcasecmp((char *)el->values[j].data, "Template") == 0 || - strcasecmp((char *)el->values[j].data, "userTemplate") == 0 || - strcasecmp((char *)el->values[j].data, "groupTemplate") == 0 || - strcasecmp((char *)el->values[j].data, "foreignSecurityPrincipalTemplate") == 0 || - strcasecmp((char *)el->values[j].data, "aliasTemplate") == 0 || - strcasecmp((char *)el->values[j].data, "trustedDomainTemplate") == 0 || - strcasecmp((char *)el->values[j].data, "secretTemplate") == 0) { - continue; - } - if ( ! samldb_find_or_add_value(module, msg, el->name, - (char *)el->values[j].data, - (char *)el->values[j].data)) { - ldb_set_errstring(module->ldb, talloc_asprintf(module, "Adding objectClass %s failed.\n", el->values[j].data)); - talloc_free(res); - return LDB_ERR_OPERATIONS_ERROR; - } - } else { - if ( ! samldb_find_or_add_attribute(module, msg, el->name, - (char *)el->values[j].data)) { - ldb_set_errstring(module->ldb, talloc_asprintf(module, "Adding attribute %s failed.\n", el->name)); - talloc_free(res); - return LDB_ERR_OPERATIONS_ERROR; - } - } - } - } - - talloc_free(res); - - return LDB_SUCCESS; -} - static int samldb_fill_group_object(struct ldb_module *module, const struct ldb_message *msg, struct ldb_message **ret_msg) { @@ -567,7 +437,7 @@ static int samldb_fill_group_object(struct ldb_module *module, const struct ldb_ return LDB_ERR_OPERATIONS_ERROR; } - ret = samldb_copy_template(module, msg2, "(&(CN=TemplateGroup)(objectclass=groupTemplate))"); + ret = samdb_copy_template(module->ldb, msg2, "(&(CN=TemplateGroup)(objectclass=groupTemplate))"); if (ret != 0) { talloc_free(mem_ctx); return ret; @@ -588,9 +458,10 @@ static int samldb_fill_group_object(struct ldb_module *module, const struct ldb_ talloc_free(mem_ctx); return LDB_ERR_OPERATIONS_ERROR; } - if ( ! samldb_find_or_add_attribute(module, msg2, "sAMAccountName", name)) { + ret = samdb_find_or_add_attribute(module->ldb, msg2, "sAMAccountName", name); + if (ret) { talloc_free(mem_ctx); - return LDB_ERR_OPERATIONS_ERROR; + return ret; } } @@ -625,9 +496,9 @@ static int samldb_fill_user_or_computer_object(struct ldb_module *module, const return LDB_ERR_OPERATIONS_ERROR; } - if (samldb_find_attribute(msg, "objectclass", "computer") != NULL) { + if (samdb_find_attribute(module->ldb, msg, "objectclass", "computer") != NULL) { - ret = samldb_copy_template(module, msg2, "(&(CN=TemplateComputer)(objectclass=userTemplate))"); + ret = samdb_copy_template(module->ldb, msg2, "(&(CN=TemplateComputer)(objectclass=userTemplate))"); if (ret) { ldb_debug(module->ldb, LDB_DEBUG_WARNING, "samldb_fill_user_or_computer_object: Error copying computer template!\n"); talloc_free(mem_ctx); @@ -635,26 +506,29 @@ static int samldb_fill_user_or_computer_object(struct ldb_module *module, const } /* readd user and then computer objectclasses */ - if ( ! samldb_find_or_add_value(module, msg2, "objectclass", "user", "user")) { + ret = samdb_find_or_add_value(module->ldb, msg2, "objectclass", "user"); + if (ret) { talloc_free(mem_ctx); - return LDB_ERR_OPERATIONS_ERROR; + return ret; } - if ( ! samldb_find_or_add_value(module, msg2, "objectclass", "computer", "computer")) { + ret = samdb_find_or_add_value(module->ldb, msg2, "objectclass", "computer"); + if (ret) { talloc_free(mem_ctx); - return LDB_ERR_OPERATIONS_ERROR; + return ret; } } else { - ret = samldb_copy_template(module, msg2, "(&(CN=TemplateUser)(objectclass=userTemplate))"); + ret = samdb_copy_template(module->ldb, msg2, "(&(CN=TemplateUser)(objectclass=userTemplate))"); if (ret) { ldb_debug(module->ldb, LDB_DEBUG_WARNING, "samldb_fill_user_or_computer_object: Error copying user template!\n"); talloc_free(mem_ctx); return ret; } /* readd user objectclass */ - if ( ! samldb_find_or_add_value(module, msg2, "objectclass", "user", "user")) { + ret = samdb_find_or_add_value(module->ldb, msg2, "objectclass", "user"); + if (ret) { talloc_free(mem_ctx); - return LDB_ERR_OPERATIONS_ERROR; + return ret; } } @@ -672,9 +546,10 @@ static int samldb_fill_user_or_computer_object(struct ldb_module *module, const talloc_free(mem_ctx); return LDB_ERR_OPERATIONS_ERROR; } - if ( ! samldb_find_or_add_attribute(module, msg2, "sAMAccountName", name)) { + ret = samdb_find_or_add_attribute(module->ldb, msg2, "sAMAccountName", name); + if (ret) { talloc_free(mem_ctx); - return LDB_ERR_OPERATIONS_ERROR; + return ret; } } @@ -719,7 +594,7 @@ static int samldb_fill_foreignSecurityPrincipal_object(struct ldb_module *module return LDB_ERR_OPERATIONS_ERROR; } - ret = samldb_copy_template(module, msg2, "(&(CN=TemplateForeignSecurityPrincipal)(objectclass=foreignSecurityPrincipalTemplate))"); + ret = samdb_copy_template(module->ldb, msg2, "(&(CN=TemplateForeignSecurityPrincipal)(objectclass=foreignSecurityPrincipalTemplate))"); if (ret != 0) { ldb_debug(module->ldb, LDB_DEBUG_WARNING, "samldb_fill_foreignSecurityPrincipal_object: Error copying template!\n"); talloc_free(mem_ctx); @@ -815,8 +690,8 @@ static int samldb_add(struct ldb_module *module, struct ldb_request *req) } /* is user or computer? */ - if ((samldb_find_attribute(msg, "objectclass", "user") != NULL) || - (samldb_find_attribute(msg, "objectclass", "computer") != NULL)) { + if ((samdb_find_attribute(module->ldb, msg, "objectclass", "user") != NULL) || + (samdb_find_attribute(module->ldb, msg, "objectclass", "computer") != NULL)) { /* add all relevant missing objects */ ret = samldb_fill_user_or_computer_object(module, msg, &msg2); if (ret) { @@ -826,7 +701,7 @@ static int samldb_add(struct ldb_module *module, struct ldb_request *req) /* is group? add all relevant missing objects */ if ( ! msg2 ) { - if (samldb_find_attribute(msg, "objectclass", "group") != NULL) { + if (samdb_find_attribute(module->ldb, msg, "objectclass", "group") != NULL) { ret = samldb_fill_group_object(module, msg, &msg2); if (ret) { return ret; @@ -836,7 +711,7 @@ static int samldb_add(struct ldb_module *module, struct ldb_request *req) /* perhaps a foreignSecurityPrincipal? */ if ( ! msg2 ) { - if (samldb_find_attribute(msg, "objectclass", "foreignSecurityPrincipal") != NULL) { + if (samdb_find_attribute(module->ldb, msg, "objectclass", "foreignSecurityPrincipal") != NULL) { ret = samldb_fill_foreignSecurityPrincipal_object(module, msg, &msg2); if (ret) { return ret; -- cgit From 3ed1e8ff3c351296adfa78a99c19cc7b0fd5d7e7 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 6 Jul 2006 05:51:39 +0000 Subject: r16829: Fix a number of issues raised by the IBM checker, or gcc warnings. In particular, this removes one use of the LDB_DN_NULL_FAILED macro, which was being used on more than DNs, had an embedded goto, and confused the IBM checker. In the password_hash code, ensure that sambaAttr is not, before checking the number of values. In GENSEC, note that this switch value can't occour. This seems to be the only way to quiet both the IBM checker and gcc, as well as cope with possibly invalid inputs. Andrew Bartlet (This used to be commit 3e58350ec2ab883795b1dd03ac46a3520cac67d0) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 9d7c78487a..abb267d884 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -597,7 +597,7 @@ static int password_hash_add(struct ldb_module *module, struct ldb_request *req) /* check sambaPassword is single valued here */ /* TODO: remove this when sambaPassword will be single valued in schema */ - if (sambaAttr->num_values > 1) { + if (sambaAttr && sambaAttr->num_values > 1) { ldb_set_errstring(module->ldb, talloc_asprintf(req, "mupltiple values for sambaPassword not allowed!\n")); -- cgit From ebea352760482081411dbdfb821c381a9ed276eb Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 6 Jul 2006 06:04:06 +0000 Subject: r16831: Use a valid memory context (found by the IBM checker). Andrew Bartlett (This used to be commit 9fdbedafad69e55ef4ccad51c4f002c49e43f372) --- source4/dsdb/samdb/ldb_modules/samldb.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index c95fb70820..0ac3449488 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -307,8 +307,8 @@ int samldb_notice_sid(struct ldb_module *module, } talloc_free(res); } else { - ldb_set_errstring(module->ldb, talloc_asprintf(module, "samldb_notice_sid: error searching to see if sid %s is in use: %s\n", - dom_sid_string(dom_res, sid), + ldb_set_errstring(module->ldb, talloc_asprintf(mem_ctx, "samldb_notice_sid: error searching to see if sid %s is in use: %s\n", + dom_sid_string(mem_ctx, sid), ldb_errstring(module->ldb))); return ret; } -- cgit From bc3d68af6de8af435381c9361b3bcb113406e1a8 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 7 Jul 2006 04:55:18 +0000 Subject: r16854: Fix the RPC-SAMR-PASSWORDS test. It failed because we allocated users in the Builtin domain a SID from the global domain. Andrew Bartlett (This used to be commit 9d31b9f04721a2cac62f492f8db071aaa0aa966b) --- source4/dsdb/samdb/ldb_modules/samldb.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 0ac3449488..b1fcaf4f02 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -190,13 +190,15 @@ static struct ldb_dn *samldb_search_domain(struct ldb_module *module, TALLOC_CTX struct ldb_dn *sdn; struct ldb_result *res = NULL; int ret = 0; + const char *attrs[] = { NULL }; local_ctx = talloc_new(mem_ctx); if (local_ctx == NULL) return NULL; sdn = ldb_dn_copy(local_ctx, dn); do { - ret = ldb_search(module->ldb, sdn, LDB_SCOPE_BASE, "objectClass=domain", NULL, &res); + ret = ldb_search(module->ldb, sdn, LDB_SCOPE_BASE, + "(|(objectClass=domain)(objectClass=builtinDomain))", attrs, &res); talloc_steal(local_ctx, res); if (ret == LDB_SUCCESS && res->count == 1) break; -- cgit From 0f215e99479cf75392a3a9f4ab7c3b2ef976f97d Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 7 Jul 2006 07:38:36 +0000 Subject: r16860: Fix (and reactivate) the RPC-SAMR test. We need to allow these sids to be created as foreign, even if they are in a local domain. Also we do need the user to exist for the life of the test, as we add it to a group. Andrew Bartlett (This used to be commit ae470ff7014e52b55d88e9fe12e2322e069daf9d) --- source4/dsdb/samdb/ldb_modules/samldb.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index b1fcaf4f02..81bfa32398 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -642,12 +642,10 @@ static int samldb_fill_foreignSecurityPrincipal_object(struct ldb_module *module "(&(objectSid=%s)(objectclass=domain))", ldap_encode_ndr_dom_sid(mem_ctx, dom_sid)); if (ret >= 1) { + /* We don't really like the idea of foreign sids that are not foreign, but it happens */ const char *name = samdb_result_string(dom_msgs[0], "name", NULL); - ldb_set_errstring(module->ldb, talloc_asprintf(mem_ctx, - "Attempt to add foreign SID record with SID %s rejected, because this domian (%s) is already in the database", - dom_sid_string(mem_ctx, sid), name)); - /* We don't really like the idea of foreign sids that are not foreign */ - return LDB_ERR_CONSTRAINT_VIOLATION; + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "NOTE (strange but valid): Adding foreign SID record with SID %s, but this domian (%s) is already in the database", + dom_sid_string(mem_ctx, sid), name); } else if (ret == -1) { ldb_set_errstring(module->ldb, talloc_asprintf(mem_ctx, "samldb_fill_foreignSecurityPrincipal_object: error searching for a domain with this sid: %s\n", -- cgit From bfc02627ceb02046fb23c62f28dc69765c8aa8f0 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 10 Jul 2006 11:24:46 +0000 Subject: r16914: Add more tests for the partition module. Andrew Bartlett (This used to be commit 2728b60dfa50ded03e06f0bd53eee55fce5143bd) --- source4/dsdb/samdb/ldb_modules/partition.c | 162 ++++++++++++++++++++++++----- 1 file changed, 137 insertions(+), 25 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index 6d3d42c23a..c7c9aa7cfe 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -44,6 +44,24 @@ struct partition_private_data { struct partition **partitions; }; +struct ldb_module *make_module_for_next_request(TALLOC_CTX *mem_ctx, + struct ldb_context *ldb, + struct ldb_module *module) +{ + struct ldb_module *current; + static const struct ldb_module_ops ops; /* zero */ + current = talloc_zero(mem_ctx, struct ldb_module); + if (current == NULL) { + return module; + } + + current->ldb = ldb; + current->ops = &ops; + current->prev = NULL; + current->next = module; + return current; +} + struct ldb_module *find_backend(struct ldb_module *module, struct ldb_request *req, const struct ldb_dn *dn) { int i; @@ -56,18 +74,7 @@ struct ldb_module *find_backend(struct ldb_module *module, struct ldb_request *r if (ldb_dn_compare_base(module->ldb, data->partitions[i]->dn, dn) == 0) { - struct ldb_module *current; - static const struct ldb_module_ops ops; /* zero */ - current = talloc_zero(req, struct ldb_module); - if (current == NULL) { - return module; - } - - current->ldb = module->ldb; - current->ops = &ops; - current->prev = module; - current->next = data->partitions[i]->module; - return current; + return make_module_for_next_request(req, module->ldb, data->partitions[i]->module); } } @@ -137,27 +144,128 @@ static int partition_rename(struct ldb_module *module, struct ldb_request *req) return ldb_next_request(backend, req); } -#if 0 -/* We should do this over the entire list of partitions */ - /* start a transaction */ static int partition_start_trans(struct ldb_module *module) { - return ldb_next_start_trans(module); + int i, ret; + struct partition_private_data *data = talloc_get_type(module->private_data, + struct partition_private_data); + /* Look at base DN */ + /* Figure out which partition it is under */ + /* Skip the lot if 'data' isn't here yet (initialistion) */ + ret = ldb_next_start_trans(module); + if (ret != LDB_SUCCESS) { + return ret; + } + + for (i=0; data && data->partitions && data->partitions[i]; i++) { + struct ldb_module *next = make_module_for_next_request(module, module->ldb, data->partitions[i]->module); + + ret = ldb_next_start_trans(next); + talloc_free(next); + if (ret != LDB_SUCCESS) { + /* Back it out, if it fails on one */ + for (i--; i >= 0; i--) { + next = make_module_for_next_request(module, module->ldb, data->partitions[i]->module); + ldb_next_del_trans(next); + talloc_free(next); + } + return ret; + } + } + return LDB_SUCCESS; } /* end a transaction */ static int partition_end_trans(struct ldb_module *module) { - return ldb_next_end_trans(module); + int i, ret, ret2 = LDB_SUCCESS; + struct partition_private_data *data = talloc_get_type(module->private_data, + struct partition_private_data); + ret = ldb_next_end_trans(module); + if (ret != LDB_SUCCESS) { + return ret; + } + + /* Look at base DN */ + /* Figure out which partition it is under */ + /* Skip the lot if 'data' isn't here yet (initialistion) */ + for (i=0; data && data->partitions && data->partitions[i]; i++) { + struct ldb_module *next = make_module_for_next_request(module, module->ldb, data->partitions[i]->module); + + ret = ldb_next_end_trans(next); + talloc_free(next); + if (ret != LDB_SUCCESS) { + ret2 = ret; + } + } + + if (ret != LDB_SUCCESS) { + /* Back it out, if it fails on one */ + for (i=0; data && data->partitions && data->partitions[i]; i++) { + struct ldb_module *next = make_module_for_next_request(module, module->ldb, data->partitions[i]->module); + ldb_next_del_trans(next); + talloc_free(next); + } + } + return ret; } /* delete a transaction */ static int partition_del_trans(struct ldb_module *module) { - return ldb_next_del_trans(module); + int i, ret, ret2 = LDB_SUCCESS; + struct partition_private_data *data = talloc_get_type(module->private_data, + struct partition_private_data); + /* Look at base DN */ + /* Figure out which partition it is under */ + /* Skip the lot if 'data' isn't here yet (initialistion) */ + for (i=0; data && data->partitions && data->partitions[i]; i++) { + struct ldb_module *next = make_module_for_next_request(module, module->ldb, data->partitions[i]->module); + + ret = ldb_next_del_trans(next); + talloc_free(next); + if (ret != LDB_SUCCESS) { + ret2 = ret; + } + } + return ret2; +} + +static int partition_sequence_number(struct ldb_module *module, struct ldb_request *req) +{ + int i, ret; + uint64_t seq_number = 0; + struct partition_private_data *data = talloc_get_type(module->private_data, + struct partition_private_data); + /* Look at base DN */ + /* Figure out which partition it is under */ + /* Skip the lot if 'data' isn't here yet (initialistion) */ + for (i=0; data && data->partitions && data->partitions[i]; i++) { + struct ldb_module *next = make_module_for_next_request(req, module->ldb, data->partitions[i]->module); + + ret = ldb_next_request(next, req); + talloc_free(next); + if (ret != LDB_SUCCESS) { + return ret; + } + seq_number = seq_number + req->op.seq_num.seq_num; + } + req->op.seq_num.seq_num = seq_number; + return LDB_SUCCESS; +} + +static int sort_compare(void *void1, + void *void2, void *opaque) +{ + struct ldb_context *ldb = talloc_get_type(opaque, struct ldb_context); + struct partition **pp1 = void1; + struct partition **pp2 = void2; + struct partition *partition1 = talloc_get_type(*pp1, struct partition); + struct partition *partition2 = talloc_get_type(*pp2, struct partition); + + return -ldb_dn_compare(ldb, partition1->dn, partition2->dn); } -#endif static int partition_init(struct ldb_module *module) { @@ -213,8 +321,6 @@ static int partition_init(struct ldb_module *module) return LDB_ERR_OPERATIONS_ERROR; } for (i=0; i < partition_attributes->num_values; i++) { - struct ldb_request *req; - char *base = talloc_strdup(data->partitions, (char *)partition_attributes->values[i].data); char *p = strchr(base, ':'); if (!p) { @@ -250,7 +356,15 @@ static int partition_init(struct ldb_module *module) if (ret != LDB_SUCCESS) { return ret; } - + } + data->partitions[i] = NULL; + + /* sort these into order */ + ldb_qsort(data->partitions, partition_attributes->num_values, sizeof(*data->partitions), + module->ldb, sort_compare); + + for (i=0; data->partitions[i]; i++) { + struct ldb_request *req; req = talloc_zero(mem_ctx, struct ldb_request); if (req == NULL) { ldb_debug(module->ldb, LDB_DEBUG_ERROR, "partition: Out of memory!\n"); @@ -267,7 +381,6 @@ static int partition_init(struct ldb_module *module) } talloc_free(req); } - data->partitions[i] = NULL; module->private_data = data; talloc_steal(module, data); @@ -284,11 +397,10 @@ static const struct ldb_module_ops partition_ops = { .modify = partition_modify, .del = partition_delete, .rename = partition_rename, -#if 0 .start_transaction = partition_start_trans, .end_transaction = partition_end_trans, .del_transaction = partition_del_trans, -#endif + .sequence_number = partition_sequence_number }; int ldb_partition_init(void) -- cgit From fdbbabe60223062ac72f1853d3c236a1de8ebe0e Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 11 Jul 2006 02:04:43 +0000 Subject: r16933: Sort the partitions in order from most, to least specific. Remember to perform operations on the base database as well. Andrew Bartlett (This used to be commit eae232530c967fe949355cf1914ca0cb8c0ea8c2) --- source4/dsdb/samdb/ldb_modules/partition.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index c7c9aa7cfe..05ba701653 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -217,6 +217,11 @@ static int partition_del_trans(struct ldb_module *module) int i, ret, ret2 = LDB_SUCCESS; struct partition_private_data *data = talloc_get_type(module->private_data, struct partition_private_data); + ret = ldb_next_del_trans(module); + if (ret != LDB_SUCCESS) { + ret2 = ret; + } + /* Look at base DN */ /* Figure out which partition it is under */ /* Skip the lot if 'data' isn't here yet (initialistion) */ @@ -238,6 +243,12 @@ static int partition_sequence_number(struct ldb_module *module, struct ldb_reque uint64_t seq_number = 0; struct partition_private_data *data = talloc_get_type(module->private_data, struct partition_private_data); + ret = ldb_next_request(module, req); + if (ret != LDB_SUCCESS) { + return ret; + } + seq_number = seq_number + req->op.seq_num.seq_num; + /* Look at base DN */ /* Figure out which partition it is under */ /* Skip the lot if 'data' isn't here yet (initialistion) */ @@ -264,7 +275,7 @@ static int sort_compare(void *void1, struct partition *partition1 = talloc_get_type(*pp1, struct partition); struct partition *partition2 = talloc_get_type(*pp2, struct partition); - return -ldb_dn_compare(ldb, partition1->dn, partition2->dn); + return ldb_dn_compare(ldb, partition1->dn, partition2->dn); } static int partition_init(struct ldb_module *module) @@ -359,7 +370,7 @@ static int partition_init(struct ldb_module *module) } data->partitions[i] = NULL; - /* sort these into order */ + /* sort these into order, most to least specific */ ldb_qsort(data->partitions, partition_attributes->num_values, sizeof(*data->partitions), module->ldb, sort_compare); -- cgit From 32ab51876728577375b954a04103f71ddd4d93dc Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 12 Jul 2006 04:59:41 +0000 Subject: r16972: Replace the sequence_number function pointer in ldb with the ldb flags. The function pointer was meant to be unused, this patch fixes partition.c to use ldb_sequence_number(). (No backend provided the pointer any more). Set the flags onto the ldb structure, so that all backends opened by the partitions module inherit the flags. Set the read-ony flag when accessed as the global catalog Modify the LDAP server to track that this query is for the global catalog (by incoming port), and set a opqaue pointer. Next step is to read that opaque pointer in the partitions module. Andrew Bartlett (This used to be commit a1161cb30e4ffa09657a89e03ca85dd6efd4feba) --- source4/dsdb/samdb/ldb_modules/partition.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index 05ba701653..6f41513200 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -363,7 +363,7 @@ static int partition_init(struct ldb_module *module) } data->partitions[i]->backend = private_path(data->partitions[i], p); - ret = ldb_connect_backend(module->ldb, data->partitions[i]->backend, 0, NULL, &data->partitions[i]->module); + ret = ldb_connect_backend(module->ldb, data->partitions[i]->backend, NULL, &data->partitions[i]->module); if (ret != LDB_SUCCESS) { return ret; } -- cgit From 37eab825287d73f2b2b79342369d17da56dca5dc Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 17 Jul 2006 22:36:04 +0000 Subject: r17103: Big updates to the not-yet-enabled partitions module. It now services the Global Catalog port 'correctly' (in a very simple sense) in that it should be no worse than what we had before. We now combine partitions together to search over the whole tree, when we are marked as 'global catalog'. Andrew Bartlett (This used to be commit 0a354a1ddeccd9a6b1610bc6813a86fcdfc4d310) --- source4/dsdb/samdb/ldb_modules/partition.c | 193 ++++++++++++++++++++++++++++- 1 file changed, 189 insertions(+), 4 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index 6f41513200..f523119e21 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -44,6 +44,43 @@ struct partition_private_data { struct partition **partitions; }; +struct partition_async_context { + struct ldb_module *module; + struct ldb_request *orig_req; + + struct ldb_request **search_req; + BOOL *finished_search; + int num_searches; +}; + +static struct ldb_async_handle *partition_init_handle(struct ldb_request *req, struct ldb_module *module) +{ + struct partition_async_context *ac; + struct ldb_async_handle *h; + + h = talloc_zero(req, struct ldb_async_handle); + if (h == NULL) { + ldb_set_errstring(module->ldb, talloc_asprintf(module, "Out of Memory")); + return NULL; + } + + h->module = module; + + ac = talloc_zero(h, struct partition_async_context); + if (ac == NULL) { + ldb_set_errstring(module->ldb, talloc_asprintf(module, "Out of Memory")); + talloc_free(h); + return NULL; + } + + h->private_data = (void *)ac; + + ac->module = module; + ac->orig_req = req; + + return h; +} + struct ldb_module *make_module_for_next_request(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, struct ldb_module *module) @@ -81,17 +118,98 @@ struct ldb_module *find_backend(struct ldb_module *module, struct ldb_request *r return module; }; +static int partition_send_search(struct partition_async_context *ac, struct ldb_module *partition) +{ + int ret; + struct ldb_module *next = make_module_for_next_request(ac->module, ac->module->ldb, partition); + + ac->search_req = talloc_realloc(ac, ac->search_req, + struct ldb_request *, ac->num_searches + 1); + if (!ac->search_req) { + ldb_set_errstring(ac->module->ldb, talloc_asprintf(ac->module->ldb, "Out of memory!")); + return LDB_ERR_OPERATIONS_ERROR; + } + ac->search_req[ac->num_searches] = talloc(ac, struct ldb_request); + if (ac->search_req[ac->num_searches] == NULL) { + ldb_set_errstring(ac->module->ldb, talloc_asprintf(ac->module->ldb, "Out of memory!")); + return LDB_ERR_OPERATIONS_ERROR; + } + + *ac->search_req[ac->num_searches] = *ac->orig_req; /* copy the request */ + + /* Spray off search requests to all backends */ + ret = ldb_next_request(next, ac->search_req[ac->num_searches]); + if (ret != LDB_SUCCESS) { + return ret; + } + + ac->num_searches++; + return LDB_SUCCESS; +} + /* search */ static int partition_search(struct ldb_module *module, struct ldb_request *req) { /* Find backend */ - struct ldb_module *backend = find_backend(module, req, req->op.search.base); - + struct partition_private_data *data = talloc_get_type(module->private_data, + struct partition_private_data); /* issue request */ /* (later) consider if we should be searching multiple * partitions (for 'invisible' partition behaviour */ - return ldb_next_request(backend, req); + if (ldb_get_opaque(module->ldb, "global_catalog")) { + int ret, i; + struct ldb_async_handle *h; + struct partition_async_context *ac; + + h = partition_init_handle(req, module); + if (!h) { + return LDB_ERR_OPERATIONS_ERROR; + } + /* return our own handle to deal with this call */ + req->async.handle = h; + + ac = talloc_get_type(h->private_data, struct partition_async_context); + + ac->orig_req = req; + ac->num_searches = 0; + + for (i=0; data && data->partitions && data->partitions[i]; i++) { + /* Find all partitions under the search base */ + if (ldb_dn_compare_base(module->ldb, + req->op.search.base, + data->partitions[i]->dn) == 0) { + ret = partition_send_search(ac, data->partitions[i]->module); + if (ret != LDB_SUCCESS) { + return ret; + } + } + } + + /* Perhaps we didn't match any partitions. Try the main partition, then all partitions */ + if (ac->num_searches == 0) { + ret = partition_send_search(ac, module->next); + if (ret != LDB_SUCCESS) { + return ret; + } + for (i=0; data && data->partitions && data->partitions[i]; i++) { + ret = partition_send_search(ac, data->partitions[i]->module); + if (ret != LDB_SUCCESS) { + return ret; + } + } + } + + ac->finished_search = talloc_zero_array(ac, BOOL, ac->num_searches); + if (!ac->finished_search) { + return LDB_ERR_OPERATIONS_ERROR; + } + return LDB_SUCCESS; + } else { + struct ldb_module *backend = find_backend(module, req, req->op.search.base); + + return ldb_next_request(backend, req); + } } /* add */ @@ -400,6 +518,72 @@ static int partition_init(struct ldb_module *module) return ldb_next_init(module); } +static int partition_async_wait_none(struct ldb_async_handle *handle) { + struct partition_async_context *ac; + int ret; + int i; + + if (!handle || !handle->private_data) { + return LDB_ERR_OPERATIONS_ERROR; + } + + if (handle->state == LDB_ASYNC_DONE) { + return handle->status; + } + + handle->state = LDB_ASYNC_PENDING; + handle->status = LDB_SUCCESS; + + ac = talloc_get_type(handle->private_data, struct partition_async_context); + + for (i=0; i < ac->num_searches; i++) { + ret = ldb_async_wait(ac->search_req[i]->async.handle, LDB_WAIT_NONE); + + if (ret != LDB_SUCCESS) { + handle->status = ret; + goto done; + } + if (ac->search_req[i]->async.handle->status != LDB_SUCCESS) { + handle->status = ac->search_req[i]->async.handle->status; + goto done; + } + + if (ac->search_req[i]->async.handle->state != LDB_ASYNC_DONE) { + return LDB_SUCCESS; + } + } + + ret = LDB_SUCCESS; + +done: + handle->state = LDB_ASYNC_DONE; + return ret; +} + + +static int partition_async_wait_all(struct ldb_async_handle *handle) { + + int ret; + + while (handle->state != LDB_ASYNC_DONE) { + ret = partition_async_wait_none(handle); + if (ret != LDB_SUCCESS) { + return ret; + } + } + + return handle->status; +} + +static int partition_async_wait(struct ldb_async_handle *handle, enum ldb_async_wait_type type) +{ + if (type == LDB_WAIT_ALL) { + return partition_async_wait_all(handle); + } else { + return partition_async_wait_none(handle); + } +} + static const struct ldb_module_ops partition_ops = { .name = "partition", .init_context = partition_init, @@ -411,7 +595,8 @@ static const struct ldb_module_ops partition_ops = { .start_transaction = partition_start_trans, .end_transaction = partition_end_trans, .del_transaction = partition_del_trans, - .sequence_number = partition_sequence_number + .sequence_number = partition_sequence_number, + .async_wait = partition_async_wait }; int ldb_partition_init(void) -- cgit From c93817b36d3ff7f44cb7b3e1d1a29e37ec12affe Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sat, 22 Jul 2006 16:56:33 +0000 Subject: r17185: Oh, I wanted to do this for sooo long time. Finally acknowledge that ldb is inherently async and does not have a dual personality anymore Rename all ldb_async_XXX functions to ldb_XXX except for ldb_async_result, it is now ldb_reply to reflect the real function of this structure. Simo. (This used to be commit 25fc7354049d62efeba17681ef1cdd326bc3f2ef) --- source4/dsdb/samdb/ldb_modules/extended_dn.c | 4 +- source4/dsdb/samdb/ldb_modules/kludge_acl.c | 4 +- source4/dsdb/samdb/ldb_modules/partition.c | 40 +++++----- source4/dsdb/samdb/ldb_modules/password_hash.c | 104 ++++++++++++------------- source4/dsdb/samdb/ldb_modules/rootdse.c | 4 +- 5 files changed, 78 insertions(+), 78 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/extended_dn.c b/source4/dsdb/samdb/ldb_modules/extended_dn.c index aa800a0ae1..0d8d49dea5 100644 --- a/source4/dsdb/samdb/ldb_modules/extended_dn.c +++ b/source4/dsdb/samdb/ldb_modules/extended_dn.c @@ -171,7 +171,7 @@ struct extended_async_context { struct ldb_module *module; void *up_context; - int (*up_callback)(struct ldb_context *, void *, struct ldb_async_result *); + int (*up_callback)(struct ldb_context *, void *, struct ldb_reply *); const char * const *attrs; BOOL remove_guid; @@ -179,7 +179,7 @@ struct extended_async_context { int extended_type; }; -static int extended_async_callback(struct ldb_context *ldb, void *context, struct ldb_async_result *ares) +static int extended_async_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) { struct extended_async_context *ac; diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index 9db443f48f..09173f0aa4 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -102,12 +102,12 @@ struct kludge_acl_async_context { struct ldb_module *module; void *up_context; - int (*up_callback)(struct ldb_context *, void *, struct ldb_async_result *); + int (*up_callback)(struct ldb_context *, void *, struct ldb_reply *); enum user_is user_type; }; -static int kludge_acl_async_callback(struct ldb_context *ldb, void *context, struct ldb_async_result *ares) +static int kludge_acl_async_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) { struct kludge_acl_async_context *ac; struct kludge_private_data *data; diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index f523119e21..0dcf710ba4 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -44,7 +44,7 @@ struct partition_private_data { struct partition **partitions; }; -struct partition_async_context { +struct partition_context { struct ldb_module *module; struct ldb_request *orig_req; @@ -53,12 +53,12 @@ struct partition_async_context { int num_searches; }; -static struct ldb_async_handle *partition_init_handle(struct ldb_request *req, struct ldb_module *module) +static struct ldb_handle *partition_init_handle(struct ldb_request *req, struct ldb_module *module) { - struct partition_async_context *ac; - struct ldb_async_handle *h; + struct partition_context *ac; + struct ldb_handle *h; - h = talloc_zero(req, struct ldb_async_handle); + h = talloc_zero(req, struct ldb_handle); if (h == NULL) { ldb_set_errstring(module->ldb, talloc_asprintf(module, "Out of Memory")); return NULL; @@ -66,7 +66,7 @@ static struct ldb_async_handle *partition_init_handle(struct ldb_request *req, s h->module = module; - ac = talloc_zero(h, struct partition_async_context); + ac = talloc_zero(h, struct partition_context); if (ac == NULL) { ldb_set_errstring(module->ldb, talloc_asprintf(module, "Out of Memory")); talloc_free(h); @@ -118,7 +118,7 @@ struct ldb_module *find_backend(struct ldb_module *module, struct ldb_request *r return module; }; -static int partition_send_search(struct partition_async_context *ac, struct ldb_module *partition) +static int partition_send_search(struct partition_context *ac, struct ldb_module *partition) { int ret; struct ldb_module *next = make_module_for_next_request(ac->module, ac->module->ldb, partition); @@ -159,8 +159,8 @@ static int partition_search(struct ldb_module *module, struct ldb_request *req) * partitions (for 'invisible' partition behaviour */ if (ldb_get_opaque(module->ldb, "global_catalog")) { int ret, i; - struct ldb_async_handle *h; - struct partition_async_context *ac; + struct ldb_handle *h; + struct partition_context *ac; h = partition_init_handle(req, module); if (!h) { @@ -169,7 +169,7 @@ static int partition_search(struct ldb_module *module, struct ldb_request *req) /* return our own handle to deal with this call */ req->async.handle = h; - ac = talloc_get_type(h->private_data, struct partition_async_context); + ac = talloc_get_type(h->private_data, struct partition_context); ac->orig_req = req; ac->num_searches = 0; @@ -518,8 +518,8 @@ static int partition_init(struct ldb_module *module) return ldb_next_init(module); } -static int partition_async_wait_none(struct ldb_async_handle *handle) { - struct partition_async_context *ac; +static int partition_wait_none(struct ldb_handle *handle) { + struct partition_context *ac; int ret; int i; @@ -534,10 +534,10 @@ static int partition_async_wait_none(struct ldb_async_handle *handle) { handle->state = LDB_ASYNC_PENDING; handle->status = LDB_SUCCESS; - ac = talloc_get_type(handle->private_data, struct partition_async_context); + ac = talloc_get_type(handle->private_data, struct partition_context); for (i=0; i < ac->num_searches; i++) { - ret = ldb_async_wait(ac->search_req[i]->async.handle, LDB_WAIT_NONE); + ret = ldb_wait(ac->search_req[i]->async.handle, LDB_WAIT_NONE); if (ret != LDB_SUCCESS) { handle->status = ret; @@ -561,12 +561,12 @@ done: } -static int partition_async_wait_all(struct ldb_async_handle *handle) { +static int partition_wait_all(struct ldb_handle *handle) { int ret; while (handle->state != LDB_ASYNC_DONE) { - ret = partition_async_wait_none(handle); + ret = partition_wait_none(handle); if (ret != LDB_SUCCESS) { return ret; } @@ -575,12 +575,12 @@ static int partition_async_wait_all(struct ldb_async_handle *handle) { return handle->status; } -static int partition_async_wait(struct ldb_async_handle *handle, enum ldb_async_wait_type type) +static int partition_wait(struct ldb_handle *handle, enum ldb_wait_type type) { if (type == LDB_WAIT_ALL) { - return partition_async_wait_all(handle); + return partition_wait_all(handle); } else { - return partition_async_wait_none(handle); + return partition_wait_none(handle); } } @@ -596,7 +596,7 @@ static const struct ldb_module_ops partition_ops = { .end_transaction = partition_end_trans, .del_transaction = partition_del_trans, .sequence_number = partition_sequence_number, - .async_wait = partition_async_wait + .wait = partition_wait }; int ldb_partition_init(void) diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index abb267d884..d6c2a45217 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -65,7 +65,7 @@ * */ -struct ph_async_context { +struct ph_context { enum ph_type {PH_ADD, PH_MOD} type; enum ph_step {PH_ADD_SEARCH_DOM, PH_ADD_DO_ADD, PH_MOD_DO_REQ, PH_MOD_SEARCH_SELF, PH_MOD_SEARCH_DOM, PH_MOD_DO_MOD} step; @@ -74,12 +74,12 @@ struct ph_async_context { struct ldb_request *orig_req; struct ldb_request *dom_req; - struct ldb_async_result *dom_res; + struct ldb_reply *dom_res; struct ldb_request *down_req; struct ldb_request *search_req; - struct ldb_async_result *search_res; + struct ldb_reply *search_res; struct ldb_request *mod_req; @@ -418,12 +418,12 @@ static int setPwdHistory(struct ldb_module *module, struct ldb_message *msg, str return LDB_SUCCESS; } -static struct ldb_async_handle *ph_init_handle(struct ldb_request *req, struct ldb_module *module, enum ph_type type) +static struct ldb_handle *ph_init_handle(struct ldb_request *req, struct ldb_module *module, enum ph_type type) { - struct ph_async_context *ac; - struct ldb_async_handle *h; + struct ph_context *ac; + struct ldb_handle *h; - h = talloc_zero(req, struct ldb_async_handle); + h = talloc_zero(req, struct ldb_handle); if (h == NULL) { ldb_set_errstring(module->ldb, talloc_asprintf(module, "Out of Memory")); return NULL; @@ -431,7 +431,7 @@ static struct ldb_async_handle *ph_init_handle(struct ldb_request *req, struct l h->module = module; - ac = talloc_zero(h, struct ph_async_context); + ac = talloc_zero(h, struct ph_context); if (ac == NULL) { ldb_set_errstring(module->ldb, talloc_asprintf(module, "Out of Memory")); talloc_free(h); @@ -450,16 +450,16 @@ static struct ldb_async_handle *ph_init_handle(struct ldb_request *req, struct l return h; } -static int get_domain_data_callback(struct ldb_context *ldb, void *context, struct ldb_async_result *ares) +static int get_domain_data_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) { - struct ph_async_context *ac; + struct ph_context *ac; if (!context || !ares) { ldb_set_errstring(ldb, talloc_asprintf(ldb, "NULL Context or Result in callback")); return LDB_ERR_OPERATIONS_ERROR; } - ac = talloc_get_type(context, struct ph_async_context); + ac = talloc_get_type(context, struct ph_context); /* we are interested only in the single reply (base search) we receive here */ if (ares->type == LDB_REPLY_ENTRY) { @@ -476,7 +476,7 @@ static int get_domain_data_callback(struct ldb_context *ldb, void *context, stru return LDB_SUCCESS; } -static int build_domain_data_request(struct ph_async_context *ac) +static int build_domain_data_request(struct ph_context *ac) { /* attrs[] is returned from this function in ac->dom_req->op.search.attrs, so it must be static, as @@ -517,13 +517,13 @@ static int build_domain_data_request(struct ph_async_context *ac) return LDB_SUCCESS; } -static struct domain_data *get_domain_data(struct ldb_module *module, void *ctx, struct ldb_async_result *res) +static struct domain_data *get_domain_data(struct ldb_module *module, void *ctx, struct ldb_reply *res) { struct domain_data *data; const char *tmp; - struct ph_async_context *ac; + struct ph_context *ac; - ac = talloc_get_type(ctx, struct ph_async_context); + ac = talloc_get_type(ctx, struct ph_context); data = talloc_zero(ac, struct domain_data); if (data == NULL) { @@ -558,8 +558,8 @@ static struct domain_data *get_domain_data(struct ldb_module *module, void *ctx, static int password_hash_add(struct ldb_module *module, struct ldb_request *req) { - struct ldb_async_handle *h; - struct ph_async_context *ac; + struct ldb_handle *h; + struct ph_context *ac; struct ldb_message_element *sambaAttr; struct ldb_message_element *ntAttr; struct ldb_message_element *lmAttr; @@ -621,7 +621,7 @@ static int password_hash_add(struct ldb_module *module, struct ldb_request *req) if (!h) { return LDB_ERR_OPERATIONS_ERROR; } - ac = talloc_get_type(h->private_data, struct ph_async_context); + ac = talloc_get_type(h->private_data, struct ph_context); /* get user domain data */ ac->domain_sid = samdb_result_sid_prefix(ac, req->op.add.message, "objectSid"); @@ -642,16 +642,16 @@ static int password_hash_add(struct ldb_module *module, struct ldb_request *req) return ldb_next_request(module, ac->dom_req); } -static int password_hash_add_do_add(struct ldb_async_handle *h) { +static int password_hash_add_do_add(struct ldb_handle *h) { - struct ph_async_context *ac; + struct ph_context *ac; struct domain_data *domain; struct smb_krb5_context *smb_krb5_context; struct ldb_message_element *sambaAttr; struct ldb_message *msg; int ret; - ac = talloc_get_type(h->private_data, struct ph_async_context); + ac = talloc_get_type(h->private_data, struct ph_context); domain = get_domain_data(ac->module, ac, ac->dom_res); if (domain == NULL) { @@ -731,12 +731,12 @@ static int password_hash_add_do_add(struct ldb_async_handle *h) { return ldb_next_request(ac->module, ac->down_req); } -static int password_hash_mod_search_self(struct ldb_async_handle *h); +static int password_hash_mod_search_self(struct ldb_handle *h); static int password_hash_modify(struct ldb_module *module, struct ldb_request *req) { - struct ldb_async_handle *h; - struct ph_async_context *ac; + struct ldb_handle *h; + struct ph_context *ac; struct ldb_message_element *sambaAttr; struct ldb_message_element *ntAttr; struct ldb_message_element *lmAttr; @@ -784,7 +784,7 @@ static int password_hash_modify(struct ldb_module *module, struct ldb_request *r if (!h) { return LDB_ERR_OPERATIONS_ERROR; } - ac = talloc_get_type(h->private_data, struct ph_async_context); + ac = talloc_get_type(h->private_data, struct ph_context); /* return or own handle to deal with this call */ req->async.handle = h; @@ -824,16 +824,16 @@ static int password_hash_modify(struct ldb_module *module, struct ldb_request *r return ldb_next_request(module, ac->down_req); } -static int get_self_callback(struct ldb_context *ldb, void *context, struct ldb_async_result *ares) +static int get_self_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) { - struct ph_async_context *ac; + struct ph_context *ac; if (!context || !ares) { ldb_set_errstring(ldb, talloc_asprintf(ldb, "NULL Context or Result in callback")); return LDB_ERR_OPERATIONS_ERROR; } - ac = talloc_get_type(context, struct ph_async_context); + ac = talloc_get_type(context, struct ph_context); /* we are interested only in the single reply (base search) we receive here */ if (ares->type == LDB_REPLY_ENTRY) { @@ -859,9 +859,9 @@ static int get_self_callback(struct ldb_context *ldb, void *context, struct ldb_ return LDB_SUCCESS; } -static int password_hash_mod_search_self(struct ldb_async_handle *h) { +static int password_hash_mod_search_self(struct ldb_handle *h) { - struct ph_async_context *ac; + struct ph_context *ac; static const char * const attrs[] = { "userAccountControl", "sambaLMPwdHistory", "sambaNTPwdHistory", "objectSid", "msDS-KeyVersionNumber", @@ -870,7 +870,7 @@ static int password_hash_mod_search_self(struct ldb_async_handle *h) { "lmPwdHash", "ntPwdHash", NULL }; - ac = talloc_get_type(h->private_data, struct ph_async_context); + ac = talloc_get_type(h->private_data, struct ph_context); /* prepare the search operation */ ac->search_req = talloc_zero(ac, struct ldb_request); @@ -898,12 +898,12 @@ static int password_hash_mod_search_self(struct ldb_async_handle *h) { return ldb_next_request(ac->module, ac->search_req); } -static int password_hash_mod_search_dom(struct ldb_async_handle *h) { +static int password_hash_mod_search_dom(struct ldb_handle *h) { - struct ph_async_context *ac; + struct ph_context *ac; int ret; - ac = talloc_get_type(h->private_data, struct ph_async_context); + ac = talloc_get_type(h->private_data, struct ph_context); /* get object domain sid */ ac->domain_sid = samdb_result_sid_prefix(ac, ac->search_res->message, "objectSid"); @@ -923,9 +923,9 @@ static int password_hash_mod_search_dom(struct ldb_async_handle *h) { return ldb_next_request(ac->module, ac->dom_req); } -static int password_hash_mod_do_mod(struct ldb_async_handle *h) { +static int password_hash_mod_do_mod(struct ldb_handle *h) { - struct ph_async_context *ac; + struct ph_context *ac; struct domain_data *domain; struct smb_krb5_context *smb_krb5_context; struct ldb_message_element *sambaAttr; @@ -934,7 +934,7 @@ static int password_hash_mod_do_mod(struct ldb_async_handle *h) { int ret; BOOL added_hashes = False; - ac = talloc_get_type(h->private_data, struct ph_async_context); + ac = talloc_get_type(h->private_data, struct ph_context); domain = get_domain_data(ac->module, ac, ac->dom_res); if (domain == NULL) { @@ -1060,8 +1060,8 @@ static int password_hash_mod_do_mod(struct ldb_async_handle *h) { return ldb_next_request(ac->module, ac->mod_req); } -static int ph_async_wait(struct ldb_async_handle *handle) { - struct ph_async_context *ac; +static int ph_wait(struct ldb_handle *handle) { + struct ph_context *ac; int ret; if (!handle || !handle->private_data) { @@ -1075,11 +1075,11 @@ static int ph_async_wait(struct ldb_async_handle *handle) { handle->state = LDB_ASYNC_PENDING; handle->status = LDB_SUCCESS; - ac = talloc_get_type(handle->private_data, struct ph_async_context); + ac = talloc_get_type(handle->private_data, struct ph_context); switch (ac->step) { case PH_ADD_SEARCH_DOM: - ret = ldb_async_wait(ac->dom_req->async.handle, LDB_WAIT_NONE); + ret = ldb_wait(ac->dom_req->async.handle, LDB_WAIT_NONE); if (ret != LDB_SUCCESS) { handle->status = ret; @@ -1098,7 +1098,7 @@ static int ph_async_wait(struct ldb_async_handle *handle) { return password_hash_add_do_add(handle); case PH_ADD_DO_ADD: - ret = ldb_async_wait(ac->down_req->async.handle, LDB_WAIT_NONE); + ret = ldb_wait(ac->down_req->async.handle, LDB_WAIT_NONE); if (ret != LDB_SUCCESS) { handle->status = ret; @@ -1116,7 +1116,7 @@ static int ph_async_wait(struct ldb_async_handle *handle) { break; case PH_MOD_DO_REQ: - ret = ldb_async_wait(ac->down_req->async.handle, LDB_WAIT_NONE); + ret = ldb_wait(ac->down_req->async.handle, LDB_WAIT_NONE); if (ret != LDB_SUCCESS) { handle->status = ret; @@ -1135,7 +1135,7 @@ static int ph_async_wait(struct ldb_async_handle *handle) { return password_hash_mod_search_self(handle); case PH_MOD_SEARCH_SELF: - ret = ldb_async_wait(ac->search_req->async.handle, LDB_WAIT_NONE); + ret = ldb_wait(ac->search_req->async.handle, LDB_WAIT_NONE); if (ret != LDB_SUCCESS) { handle->status = ret; @@ -1154,7 +1154,7 @@ static int ph_async_wait(struct ldb_async_handle *handle) { return password_hash_mod_search_dom(handle); case PH_MOD_SEARCH_DOM: - ret = ldb_async_wait(ac->dom_req->async.handle, LDB_WAIT_NONE); + ret = ldb_wait(ac->dom_req->async.handle, LDB_WAIT_NONE); if (ret != LDB_SUCCESS) { handle->status = ret; @@ -1173,7 +1173,7 @@ static int ph_async_wait(struct ldb_async_handle *handle) { return password_hash_mod_do_mod(handle); case PH_MOD_DO_MOD: - ret = ldb_async_wait(ac->mod_req->async.handle, LDB_WAIT_NONE); + ret = ldb_wait(ac->mod_req->async.handle, LDB_WAIT_NONE); if (ret != LDB_SUCCESS) { handle->status = ret; @@ -1202,12 +1202,12 @@ done: return ret; } -static int ph_async_wait_all(struct ldb_async_handle *handle) { +static int ph_wait_all(struct ldb_handle *handle) { int ret; while (handle->state != LDB_ASYNC_DONE) { - ret = ph_async_wait(handle); + ret = ph_wait(handle); if (ret != LDB_SUCCESS) { return ret; } @@ -1216,12 +1216,12 @@ static int ph_async_wait_all(struct ldb_async_handle *handle) { return handle->status; } -static int password_hash_async_wait(struct ldb_async_handle *handle, enum ldb_async_wait_type type) +static int password_hash_wait(struct ldb_handle *handle, enum ldb_wait_type type) { if (type == LDB_WAIT_ALL) { - return ph_async_wait_all(handle); + return ph_wait_all(handle); } else { - return ph_async_wait(handle); + return ph_wait(handle); } } @@ -1229,7 +1229,7 @@ static const struct ldb_module_ops password_hash_ops = { .name = "password_hash", .add = password_hash_add, .modify = password_hash_modify, - .async_wait = password_hash_async_wait + .wait = password_hash_wait }; diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index fd3d2d0fe7..01421d2817 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -142,12 +142,12 @@ failed: struct rootdse_async_context { struct ldb_module *module; void *up_context; - int (*up_callback)(struct ldb_context *, void *, struct ldb_async_result *); + int (*up_callback)(struct ldb_context *, void *, struct ldb_reply *); const char * const * attrs; }; -static int rootdse_async_callback(struct ldb_context *ldb, void *context, struct ldb_async_result *ares) +static int rootdse_async_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) { struct rootdse_async_context *ac; -- cgit From 49f68caed20d2a7d1850e493005bdf85929d6365 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sat, 22 Jul 2006 17:21:59 +0000 Subject: r17186: "async" word abuse clean-up part 2 (This used to be commit c6aa60c7e69abf1f83efc150b1c3ed02751c45fc) --- source4/dsdb/samdb/ldb_modules/extended_dn.c | 26 +++++----- source4/dsdb/samdb/ldb_modules/kludge_acl.c | 28 +++++------ source4/dsdb/samdb/ldb_modules/objectguid.c | 2 +- source4/dsdb/samdb/ldb_modules/partition.c | 10 ++-- source4/dsdb/samdb/ldb_modules/password_hash.c | 66 +++++++++++++------------- source4/dsdb/samdb/ldb_modules/rootdse.c | 22 ++++----- source4/dsdb/samdb/ldb_modules/samldb.c | 2 +- 7 files changed, 78 insertions(+), 78 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/extended_dn.c b/source4/dsdb/samdb/ldb_modules/extended_dn.c index 0d8d49dea5..e79af57042 100644 --- a/source4/dsdb/samdb/ldb_modules/extended_dn.c +++ b/source4/dsdb/samdb/ldb_modules/extended_dn.c @@ -167,7 +167,7 @@ static BOOL inject_extended_dn(struct ldb_message *msg, } /* search */ -struct extended_async_context { +struct extended_context { struct ldb_module *module; void *up_context; @@ -179,16 +179,16 @@ struct extended_async_context { int extended_type; }; -static int extended_async_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +static int extended_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) { - struct extended_async_context *ac; + struct extended_context *ac; if (!context || !ares) { ldb_set_errstring(ldb, talloc_asprintf(ldb, "NULL Context or Result in callback")); goto error; } - ac = talloc_get_type(context, struct extended_async_context); + ac = talloc_get_type(context, struct extended_context); if (ares->type == LDB_REPLY_ENTRY) { /* for each record returned post-process to add any derived @@ -205,12 +205,12 @@ error: return LDB_ERR_OPERATIONS_ERROR; } -static int extended_search_async(struct ldb_module *module, struct ldb_request *req) +static int extended_search(struct ldb_module *module, struct ldb_request *req) { struct ldb_control *control; struct ldb_extended_dn_control *extended_ctrl; struct ldb_control **saved_controls; - struct extended_async_context *ac; + struct extended_context *ac; struct ldb_request *down_req; char **new_attrs; int ret; @@ -227,14 +227,14 @@ static int extended_search_async(struct ldb_module *module, struct ldb_request * return LDB_ERR_PROTOCOL_ERROR; } - ac = talloc(req, struct extended_async_context); + ac = talloc(req, struct extended_context); if (ac == NULL) { return LDB_ERR_OPERATIONS_ERROR; } ac->module = module; - ac->up_context = req->async.context; - ac->up_callback = req->async.callback; + ac->up_context = req->context; + ac->up_callback = req->callback; ac->attrs = req->op.search.attrs; ac->remove_guid = False; ac->remove_sid = False; @@ -285,8 +285,8 @@ static int extended_search_async(struct ldb_module *module, struct ldb_request * return LDB_ERR_OPERATIONS_ERROR; } - down_req->async.context = ac; - down_req->async.callback = extended_async_callback; + down_req->context = ac; + down_req->callback = extended_callback; ldb_set_timeout_from_prev_req(module->ldb, req, down_req); /* perform the search */ @@ -295,7 +295,7 @@ static int extended_search_async(struct ldb_module *module, struct ldb_request * /* do not free down_req as the call results may be linked to it, * it will be freed when the upper level request get freed */ if (ret == LDB_SUCCESS) { - req->async.handle = down_req->async.handle; + req->handle = down_req->handle; } return ret; @@ -328,7 +328,7 @@ static int extended_init(struct ldb_module *module) static const struct ldb_module_ops extended_dn_ops = { .name = "extended_dn", - .search = extended_search_async, + .search = extended_search, .init_context = extended_init }; diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index 09173f0aa4..ecb3e00f95 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -98,7 +98,7 @@ static const char *user_name(TALLOC_CTX *mem_ctx, struct ldb_module *module) } /* search */ -struct kludge_acl_async_context { +struct kludge_acl_context { struct ldb_module *module; void *up_context; @@ -107,9 +107,9 @@ struct kludge_acl_async_context { enum user_is user_type; }; -static int kludge_acl_async_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +static int kludge_acl_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) { - struct kludge_acl_async_context *ac; + struct kludge_acl_context *ac; struct kludge_private_data *data; int i; @@ -118,7 +118,7 @@ static int kludge_acl_async_callback(struct ldb_context *ldb, void *context, str goto error; } - ac = talloc_get_type(context, struct kludge_acl_async_context); + ac = talloc_get_type(context, struct kludge_acl_context); data = talloc_get_type(ac->module->private_data, struct kludge_private_data); if (ares->type == LDB_REPLY_ENTRY @@ -143,22 +143,22 @@ error: return LDB_ERR_OPERATIONS_ERROR; } -static int kludge_acl_search_async(struct ldb_module *module, struct ldb_request *req) +static int kludge_acl_search(struct ldb_module *module, struct ldb_request *req) { - struct kludge_acl_async_context *ac; + struct kludge_acl_context *ac; struct ldb_request *down_req; int ret; - req->async.handle = NULL; + req->handle = NULL; - ac = talloc(req, struct kludge_acl_async_context); + ac = talloc(req, struct kludge_acl_context); if (ac == NULL) { return LDB_ERR_OPERATIONS_ERROR; } ac->module = module; - ac->up_context = req->async.context; - ac->up_callback = req->async.callback; + ac->up_context = req->context; + ac->up_callback = req->callback; ac->user_type = what_is_user(module); down_req = talloc_zero(req, struct ldb_request); @@ -174,8 +174,8 @@ static int kludge_acl_search_async(struct ldb_module *module, struct ldb_request down_req->controls = req->controls; - down_req->async.context = ac; - down_req->async.callback = kludge_acl_async_callback; + down_req->context = ac; + down_req->callback = kludge_acl_callback; ldb_set_timeout_from_prev_req(module->ldb, req, down_req); /* perform the search */ @@ -184,7 +184,7 @@ static int kludge_acl_search_async(struct ldb_module *module, struct ldb_request /* do not free down_req as the call results may be linked to it, * it will be freed when the upper level request get freed */ if (ret == LDB_SUCCESS) { - req->async.handle = down_req->async.handle; + req->handle = down_req->handle; } return ret; @@ -271,7 +271,7 @@ done: static const struct ldb_module_ops kludge_acl_ops = { .name = "kludge_acl", - .search = kludge_acl_search_async, + .search = kludge_acl_search, .add = kludge_acl_change, .modify = kludge_acl_change, .del = kludge_acl_change, diff --git a/source4/dsdb/samdb/ldb_modules/objectguid.c b/source4/dsdb/samdb/ldb_modules/objectguid.c index 3f6a951997..1f18f0e603 100644 --- a/source4/dsdb/samdb/ldb_modules/objectguid.c +++ b/source4/dsdb/samdb/ldb_modules/objectguid.c @@ -107,7 +107,7 @@ static int objectguid_add(struct ldb_module *module, struct ldb_request *req) /* do not free down_req as the call results may be linked to it, * it will be freed when the upper level request get freed */ if (ret == LDB_SUCCESS) { - req->async.handle = down_req->async.handle; + req->handle = down_req->handle; } return ret; diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index 0dcf710ba4..92fddca270 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -167,7 +167,7 @@ static int partition_search(struct ldb_module *module, struct ldb_request *req) return LDB_ERR_OPERATIONS_ERROR; } /* return our own handle to deal with this call */ - req->async.handle = h; + req->handle = h; ac = talloc_get_type(h->private_data, struct partition_context); @@ -537,18 +537,18 @@ static int partition_wait_none(struct ldb_handle *handle) { ac = talloc_get_type(handle->private_data, struct partition_context); for (i=0; i < ac->num_searches; i++) { - ret = ldb_wait(ac->search_req[i]->async.handle, LDB_WAIT_NONE); + ret = ldb_wait(ac->search_req[i]->handle, LDB_WAIT_NONE); if (ret != LDB_SUCCESS) { handle->status = ret; goto done; } - if (ac->search_req[i]->async.handle->status != LDB_SUCCESS) { - handle->status = ac->search_req[i]->async.handle->status; + if (ac->search_req[i]->handle->status != LDB_SUCCESS) { + handle->status = ac->search_req[i]->handle->status; goto done; } - if (ac->search_req[i]->async.handle->state != LDB_ASYNC_DONE) { + if (ac->search_req[i]->handle->state != LDB_ASYNC_DONE) { return LDB_SUCCESS; } } diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index d6c2a45217..ec42249633 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -509,9 +509,9 @@ static int build_domain_data_request(struct ph_context *ac) } ac->dom_req->op.search.attrs = attrs; ac->dom_req->controls = NULL; - ac->dom_req->async.context = ac; - ac->dom_req->async.callback = get_domain_data_callback; - ac->dom_req->async.timeout = ac->orig_req->async.timeout; + ac->dom_req->context = ac; + ac->dom_req->callback = get_domain_data_callback; + ac->dom_req->timeout = ac->orig_req->timeout; ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->dom_req); return LDB_SUCCESS; @@ -637,7 +637,7 @@ static int password_hash_add(struct ldb_module *module, struct ldb_request *req) ac->step = PH_ADD_SEARCH_DOM; - req->async.handle = h; + req->handle = h; return ldb_next_request(module, ac->dom_req); } @@ -787,7 +787,7 @@ static int password_hash_modify(struct ldb_module *module, struct ldb_request *r ac = talloc_get_type(h->private_data, struct ph_context); /* return or own handle to deal with this call */ - req->async.handle = h; + req->handle = h; /* prepare the first operation */ ac->down_req = talloc_zero(ac, struct ldb_request); @@ -814,8 +814,8 @@ static int password_hash_modify(struct ldb_module *module, struct ldb_request *r return password_hash_mod_search_self(h); } - ac->down_req->async.context = NULL; - ac->down_req->async.callback = NULL; + ac->down_req->context = NULL; + ac->down_req->callback = NULL; ac->step = PH_MOD_DO_REQ; @@ -889,8 +889,8 @@ static int password_hash_mod_search_self(struct ldb_handle *h) { } ac->search_req->op.search.attrs = attrs; ac->search_req->controls = NULL; - ac->search_req->async.context = ac; - ac->search_req->async.callback = get_self_callback; + ac->search_req->context = ac; + ac->search_req->callback = get_self_callback; ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->search_req); ac->step = PH_MOD_SEARCH_SELF; @@ -1079,18 +1079,18 @@ static int ph_wait(struct ldb_handle *handle) { switch (ac->step) { case PH_ADD_SEARCH_DOM: - ret = ldb_wait(ac->dom_req->async.handle, LDB_WAIT_NONE); + ret = ldb_wait(ac->dom_req->handle, LDB_WAIT_NONE); if (ret != LDB_SUCCESS) { handle->status = ret; goto done; } - if (ac->dom_req->async.handle->status != LDB_SUCCESS) { - handle->status = ac->dom_req->async.handle->status; + if (ac->dom_req->handle->status != LDB_SUCCESS) { + handle->status = ac->dom_req->handle->status; goto done; } - if (ac->dom_req->async.handle->state != LDB_ASYNC_DONE) { + if (ac->dom_req->handle->state != LDB_ASYNC_DONE) { return LDB_SUCCESS; } @@ -1098,36 +1098,36 @@ static int ph_wait(struct ldb_handle *handle) { return password_hash_add_do_add(handle); case PH_ADD_DO_ADD: - ret = ldb_wait(ac->down_req->async.handle, LDB_WAIT_NONE); + ret = ldb_wait(ac->down_req->handle, LDB_WAIT_NONE); if (ret != LDB_SUCCESS) { handle->status = ret; goto done; } - if (ac->down_req->async.handle->status != LDB_SUCCESS) { - handle->status = ac->down_req->async.handle->status; + if (ac->down_req->handle->status != LDB_SUCCESS) { + handle->status = ac->down_req->handle->status; goto done; } - if (ac->down_req->async.handle->state != LDB_ASYNC_DONE) { + if (ac->down_req->handle->state != LDB_ASYNC_DONE) { return LDB_SUCCESS; } break; case PH_MOD_DO_REQ: - ret = ldb_wait(ac->down_req->async.handle, LDB_WAIT_NONE); + ret = ldb_wait(ac->down_req->handle, LDB_WAIT_NONE); if (ret != LDB_SUCCESS) { handle->status = ret; goto done; } - if (ac->down_req->async.handle->status != LDB_SUCCESS) { - handle->status = ac->down_req->async.handle->status; + if (ac->down_req->handle->status != LDB_SUCCESS) { + handle->status = ac->down_req->handle->status; goto done; } - if (ac->down_req->async.handle->state != LDB_ASYNC_DONE) { + if (ac->down_req->handle->state != LDB_ASYNC_DONE) { return LDB_SUCCESS; } @@ -1135,18 +1135,18 @@ static int ph_wait(struct ldb_handle *handle) { return password_hash_mod_search_self(handle); case PH_MOD_SEARCH_SELF: - ret = ldb_wait(ac->search_req->async.handle, LDB_WAIT_NONE); + ret = ldb_wait(ac->search_req->handle, LDB_WAIT_NONE); if (ret != LDB_SUCCESS) { handle->status = ret; goto done; } - if (ac->search_req->async.handle->status != LDB_SUCCESS) { - handle->status = ac->search_req->async.handle->status; + if (ac->search_req->handle->status != LDB_SUCCESS) { + handle->status = ac->search_req->handle->status; goto done; } - if (ac->search_req->async.handle->state != LDB_ASYNC_DONE) { + if (ac->search_req->handle->state != LDB_ASYNC_DONE) { return LDB_SUCCESS; } @@ -1154,18 +1154,18 @@ static int ph_wait(struct ldb_handle *handle) { return password_hash_mod_search_dom(handle); case PH_MOD_SEARCH_DOM: - ret = ldb_wait(ac->dom_req->async.handle, LDB_WAIT_NONE); + ret = ldb_wait(ac->dom_req->handle, LDB_WAIT_NONE); if (ret != LDB_SUCCESS) { handle->status = ret; goto done; } - if (ac->dom_req->async.handle->status != LDB_SUCCESS) { - handle->status = ac->dom_req->async.handle->status; + if (ac->dom_req->handle->status != LDB_SUCCESS) { + handle->status = ac->dom_req->handle->status; goto done; } - if (ac->dom_req->async.handle->state != LDB_ASYNC_DONE) { + if (ac->dom_req->handle->state != LDB_ASYNC_DONE) { return LDB_SUCCESS; } @@ -1173,18 +1173,18 @@ static int ph_wait(struct ldb_handle *handle) { return password_hash_mod_do_mod(handle); case PH_MOD_DO_MOD: - ret = ldb_wait(ac->mod_req->async.handle, LDB_WAIT_NONE); + ret = ldb_wait(ac->mod_req->handle, LDB_WAIT_NONE); if (ret != LDB_SUCCESS) { handle->status = ret; goto done; } - if (ac->mod_req->async.handle->status != LDB_SUCCESS) { - handle->status = ac->mod_req->async.handle->status; + if (ac->mod_req->handle->status != LDB_SUCCESS) { + handle->status = ac->mod_req->handle->status; goto done; } - if (ac->mod_req->async.handle->state != LDB_ASYNC_DONE) { + if (ac->mod_req->handle->state != LDB_ASYNC_DONE) { return LDB_SUCCESS; } diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index 01421d2817..efb3d9a05f 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -139,7 +139,7 @@ failed: handle search requests */ -struct rootdse_async_context { +struct rootdse_context { struct ldb_module *module; void *up_context; int (*up_callback)(struct ldb_context *, void *, struct ldb_reply *); @@ -147,16 +147,16 @@ struct rootdse_async_context { const char * const * attrs; }; -static int rootdse_async_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +static int rootdse_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) { - struct rootdse_async_context *ac; + struct rootdse_context *ac; if (!context || !ares) { ldb_set_errstring(ldb, talloc_asprintf(ldb, "NULL Context or Result in callback")); goto error; } - ac = talloc_get_type(context, struct rootdse_async_context); + ac = talloc_get_type(context, struct rootdse_context); if (ares->type == LDB_REPLY_ENTRY) { /* for each record returned post-process to add any dynamic @@ -175,7 +175,7 @@ error: static int rootdse_search(struct ldb_module *module, struct ldb_request *req) { - struct rootdse_async_context *ac; + struct rootdse_context *ac; struct ldb_request *down_req; int ret; @@ -185,14 +185,14 @@ static int rootdse_search(struct ldb_module *module, struct ldb_request *req) return ldb_next_request(module, req); } - ac = talloc(req, struct rootdse_async_context); + ac = talloc(req, struct rootdse_context); if (ac == NULL) { return LDB_ERR_OPERATIONS_ERROR; } ac->module = module; - ac->up_context = req->async.context; - ac->up_callback = req->async.callback; + ac->up_context = req->context; + ac->up_callback = req->callback; ac->attrs = req->op.search.attrs; down_req = talloc_zero(req, struct ldb_request); @@ -213,8 +213,8 @@ static int rootdse_search(struct ldb_module *module, struct ldb_request *req) down_req->op.search.attrs = req->op.search.attrs; down_req->controls = req->controls; - down_req->async.context = ac; - down_req->async.callback = rootdse_async_callback; + down_req->context = ac; + down_req->callback = rootdse_callback; ldb_set_timeout_from_prev_req(module->ldb, req, down_req); /* perform the search */ @@ -223,7 +223,7 @@ static int rootdse_search(struct ldb_module *module, struct ldb_request *req) /* do not free down_req as the call results may be linked to it, * it will be freed when the upper level request get freed */ if (ret == LDB_SUCCESS) { - req->async.handle = down_req->async.handle; + req->handle = down_req->handle; } return ret; diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 81bfa32398..d0c278257e 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -740,7 +740,7 @@ static int samldb_add(struct ldb_module *module, struct ldb_request *req) /* do not free down_req as the call results may be linked to it, * it will be freed when the upper level request get freed */ if (ret == LDB_SUCCESS) { - req->async.handle = down_req->async.handle; + req->handle = down_req->handle; } return ret; -- cgit From 077180191197e257f97dcea5eabb4e226b87e945 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 28 Jul 2006 06:29:09 +0000 Subject: r17287: Add the local_password module to the tree, so it doesn't get lost in ldb API changes. Andrew Bartlett (This used to be commit 44806c67dbabe2952fe355de76d7fa51f772775f) --- source4/dsdb/samdb/ldb_modules/config.mk | 16 +- source4/dsdb/samdb/ldb_modules/local_password.c | 888 ++++++++++++++++++++++ source4/dsdb/samdb/ldb_modules/password_modules.h | 3 + 3 files changed, 904 insertions(+), 3 deletions(-) create mode 100644 source4/dsdb/samdb/ldb_modules/local_password.c create mode 100644 source4/dsdb/samdb/ldb_modules/password_modules.h (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index ce4f12bcfe..b9fc15fc02 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -65,11 +65,21 @@ OBJ_FILES = password_hash.o PUBLIC_DEPENDENCIES = HEIMDAL_KRB5 PRIVATE_DEPENDENCIES = HEIMDAL_HDB_KEYS # -# End MODULE ldb_rootdse +# End MODULE ldb_password_hash +################################################ + ################################################ +# Start MODULE ldb_password_sync +[MODULE::ldb_password_sync] +SUBSYSTEM = ldb +INIT_FUNCTION = password_sync_module_init +OBJ_FILES = password_sync.o +# End MODULE ldb_password_sync ################################################ -# Start MODULE ldb_cludge_acl + +################################################ +# Start MODULE ldb_kludge_acl [MODULE::ldb_kludge_acl] SUBSYSTEM = ldb INIT_FUNCTION = ldb_kludge_acl_init @@ -78,7 +88,7 @@ OBJ_FILES = \ PUBLIC_DEPENDENCIES = \ LIBSECURITY # -# End MODULE ldb_rootdse +# End MODULE ldb_kludge_acl ################################################ ################################################ diff --git a/source4/dsdb/samdb/ldb_modules/local_password.c b/source4/dsdb/samdb/ldb_modules/local_password.c new file mode 100644 index 0000000000..a570e7c83d --- /dev/null +++ b/source4/dsdb/samdb/ldb_modules/local_password.c @@ -0,0 +1,888 @@ +/* + ldb database module + + Copyright (C) Simo Sorce 2004-2006 + Copyright (C) Andrew Bartlett 2005-2006 + Copyright (C) Andrew Tridgell 2004 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +/* + * Name: ldb + * + * Component: ldb local_password module + * + * Description: correctly update hash values based on changes to sambaPassword and friends + * + * Author: Andrew Bartlett + */ + +#include "includes.h" +#include "libcli/ldap/ldap.h" +#include "ldb/include/ldb_errors.h" +#include "ldb/include/ldb_private.h" +#include "dsdb/samdb/samdb.h" +#include "librpc/ndr/libndr.h" +#include "dsdb/samdb/ldb_modules/password_modules.h" + +#define PASSWORD_GUID_ATTR "masterGUID" + +/* This module maintains a local password database, seperate from the main LDAP server. + + This allows the password database to be syncronised in a multi-master + fashion, seperate to the more difficult concerns of the main + database. (With passwords, the last writer always wins) + + Each incoming add/modify is split into a remote, and a local request, done in that order. + + We maintain a list of attributes that are kept locally: + */ + +static const char * const password_attrs[] = { + "sambaPassword", + "krb5Key", + "ntPwdHash", + "lmPwdHash", + "sambaLMPwdHistory", + "sambaNTPwdHistory", + "msDS-KeyVersionNumber", + "pwdLastSet" +}; + +/* And we merge them back into search requests when asked to do so */ + +struct lpdb_async_context { + + enum lpdb_type {LPDB_ADD, LPDB_MOD, LPDB_SEARCH} type; + enum lpdb_step {LPDB_ADD_REMOTE, LPDB_MOD_REMOTE, LPDB_MOD_SEARCH_SELF, LPDB_LOCAL, LPDB_SEARCH_REMOTE} step; + + struct ldb_module *module; + struct ldb_request *orig_req; + struct ldb_request *remote_req; + struct ldb_request *search_req; + struct ldb_request *local_req; + + struct ldb_message *local_message; + + BOOL added_objectGUID; + BOOL added_objectClass; + + struct ldb_async_result *search_res; +}; + +struct lpdb_async_local_search_context { + struct lpdb_async_context *ac; + struct ldb_async_result *remote_res; + struct ldb_async_result *local_res; +}; + +static struct ldb_async_handle *lpdb_init_handle(struct ldb_request *req, struct ldb_module *module, enum lpdb_type type) +{ + struct lpdb_async_context *ac; + struct ldb_async_handle *h; + + h = talloc_zero(req, struct ldb_async_handle); + if (h == NULL) { + ldb_set_errstring(module->ldb, talloc_asprintf(module, "Out of Memory")); + return NULL; + } + + h->module = module; + + ac = talloc_zero(h, struct lpdb_async_context); + if (ac == NULL) { + ldb_set_errstring(module->ldb, talloc_asprintf(module, "Out of Memory")); + talloc_free(h); + return NULL; + } + + h->private_data = (void *)ac; + + h->state = LDB_ASYNC_INIT; + h->status = LDB_SUCCESS; + + ac->type = type; + ac->module = module; + ac->orig_req = req; + + return h; +} + +/* Add a record, splitting password attributes from the user's main + * record */ + +static int local_password_add(struct ldb_module *module, struct ldb_request *req) +{ + struct ldb_async_handle *h; + struct lpdb_async_context *ac; + struct ldb_message *remote_message; + struct ldb_message *local_message; + struct GUID objectGUID; + int i; + + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "local_password_add\n"); + + if (ldb_dn_is_special(req->op.add.message->dn)) { /* do not manipulate our control entries */ + return ldb_next_request(module, req); + } + + /* If the caller is manipulating the local passwords directly, let them pass */ + if (ldb_dn_compare_base(module->ldb, + ldb_dn_explode(req, LOCAL_BASE), + req->op.add.message->dn) == 0) { + return ldb_next_request(module, req); + } + + for (i=0; i < ARRAY_SIZE(password_attrs); i++) { + if (ldb_msg_find_element(req->op.add.message, password_attrs[i])) { + break; + } + } + + /* It didn't match any of our password attributes, go on */ + if (i == ARRAY_SIZE(password_attrs)) { + return ldb_next_request(module, req); + } + + /* TODO: remove this when sambaPassword will be in schema */ + if (!ldb_msg_check_string_attribute(req->op.add.message, "objectClass", "person")) { + ldb_set_errstring(module->ldb, talloc_asprintf(module, "Cannot relocate a password on entry: %s, does not have objectClass 'person'", + ldb_dn_linearize(req, req->op.add.message->dn))); + return LDB_ERR_OBJECT_CLASS_VIOLATION; + } + + /* From here, we assume we have password attributes to split off */ + h = lpdb_init_handle(req, module, LPDB_ADD); + if (!h) { + return LDB_ERR_OPERATIONS_ERROR; + } + ac = talloc_get_type(h->private_data, struct lpdb_async_context); + + ac->orig_req = req; + + ac->remote_req = talloc(ac, struct ldb_request); + if (ac->remote_req == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + *(ac->remote_req) = *(ac->orig_req); + + remote_message = ldb_msg_copy_shallow(ac->remote_req, ac->orig_req->op.add.message); + if (remote_message == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + /* Remove any password attributes from the remote message */ + for (i=0; i < ARRAY_SIZE(password_attrs); i++) { + ldb_msg_remove_attr(remote_message, password_attrs[i]); + } + + ac->remote_req->op.add.message = remote_message; + + ac->remote_req->async.context = NULL; + ac->remote_req->async.callback = NULL; + + ac->local_req = talloc(ac, struct ldb_request); + if (ac->local_req == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + *(ac->local_req) = *(ac->orig_req); + local_message = ldb_msg_copy_shallow(ac->local_req, ac->orig_req->op.add.message); + if (local_message == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + /* Remove anything seen in the remote message from the local + * message (leaving only password attributes) */ + for (i=0;iremote_req->op.add.message->num_elements;i++) { + ldb_msg_remove_attr(local_message, ac->remote_req->op.add.message->elements[i].name); + } + + /* We must have an objectGUID already, or we don't know where + * to add the password. This may be changed to an 'add and + * search', to allow the directory to create the objectGUID */ + if (ldb_msg_find_ldb_val(ac->orig_req->op.add.message, "objectGUID") == NULL) { + ldb_set_errstring(module->ldb, + talloc_asprintf(req, + "no objectGUID found in search: local_password module must be configured below objectGUID module!\n")); + return LDB_ERR_CONSTRAINT_VIOLATION; + } + + /* Find the objectGUID to use as the key */ + objectGUID = samdb_result_guid(ac->orig_req->op.add.message, "objectGUID"); + + local_message->dn = ldb_dn_string_compose(local_message, + ldb_dn_explode(local_message, LOCAL_BASE), + PASSWORD_GUID_ATTR "=%s", GUID_string(local_message, &objectGUID)); + + ac->local_req->op.add.message = local_message; + + ac->local_req->async.context = NULL; + ac->local_req->async.callback = NULL; + + ac->step = LPDB_ADD_REMOTE; + + /* Return our own handle do deal with this call */ + req->async.handle = h; + + return ldb_next_request(module, ac->remote_req); +} + +/* After adding the remote entry, add the local one */ +static int local_password_add_local(struct ldb_async_handle *h) { + + struct lpdb_async_context *ac; + ac = talloc_get_type(h->private_data, struct lpdb_async_context); + + h->state = LDB_ASYNC_INIT; + h->status = LDB_SUCCESS; + + ac->step = LPDB_LOCAL; + + ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->local_req); + + /* perform the local add */ + return ldb_next_request(ac->module, ac->local_req); +} + +static int local_password_mod_search_self(struct ldb_async_handle *h); + +static int local_password_modify(struct ldb_module *module, struct ldb_request *req) +{ + struct ldb_async_handle *h; + struct lpdb_async_context *ac; + struct ldb_message *remote_message; + struct ldb_message *local_message; + int i; + + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "local_password_modify\n"); + + if (ldb_dn_is_special(req->op.mod.message->dn)) { /* do not manipulate our control entries */ + return ldb_next_request(module, req); + } + + /* If the caller is manipulating the local passwords directly, let them pass */ + if (ldb_dn_compare_base(module->ldb, + ldb_dn_explode(req, LOCAL_BASE), + req->op.mod.message->dn) == 0) { + return ldb_next_request(module, req); + } + + for (i=0; i < ARRAY_SIZE(password_attrs); i++) { + if (ldb_msg_find_element(req->op.add.message, password_attrs[i])) { + break; + } + } + + /* It didn't match any of our password attributes, then we have nothing to do here */ + if (i == ARRAY_SIZE(password_attrs)) { + return ldb_next_request(module, req); + } + + /* From here, we assume we have password attributes to split off */ + h = lpdb_init_handle(req, module, LPDB_MOD); + if (!h) { + return LDB_ERR_OPERATIONS_ERROR; + } + ac = talloc_get_type(h->private_data, struct lpdb_async_context); + + ac->orig_req = req; + + ac->remote_req = talloc(ac, struct ldb_request); + if (ac->remote_req == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + *(ac->remote_req) = *(ac->orig_req); + remote_message = ldb_msg_copy_shallow(ac->remote_req, ac->orig_req->op.mod.message); + if (remote_message == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + /* Remove any password attributes from the remote message */ + for (i=0; i < ARRAY_SIZE(password_attrs); i++) { + ldb_msg_remove_attr(remote_message, password_attrs[i]); + } + + ac->remote_req->op.mod.message = remote_message; + + ac->remote_req->async.context = NULL; + ac->remote_req->async.callback = NULL; + + ac->local_req = talloc(ac, struct ldb_request); + if (ac->local_req == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + *(ac->local_req) = *(ac->orig_req); + local_message = ldb_msg_copy_shallow(ac->local_req, ac->orig_req->op.mod.message); + if (local_message == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + /* Remove anything seen in the remote message from the local + * message (leaving only password attributes) */ + for (i=0;iremote_req->op.mod.message->num_elements;i++) { + ldb_msg_remove_attr(local_message, ac->remote_req->op.mod.message->elements[i].name); + } + + ac->local_req->op.mod.message = local_message; + ac->local_message = local_message; + + ac->local_req->async.context = NULL; + ac->local_req->async.callback = NULL; + + ac->step = LPDB_MOD_REMOTE; + + /* Return our own handle do deal with this call */ + req->async.handle = h; + + return ldb_next_request(module, ac->remote_req); +} + +/* Called when we search for our oen entry. Stores the one entry we + * expect (as it is a base search) on the context pointer */ +static int get_self_callback(struct ldb_context *ldb, void *context, struct ldb_async_result *ares) +{ + struct lpdb_async_context *ac; + + if (!context || !ares) { + ldb_set_errstring(ldb, talloc_asprintf(ldb, "NULL Context or Result in callback")); + return LDB_ERR_OPERATIONS_ERROR; + } + + ac = talloc_get_type(context, struct lpdb_async_context); + + /* we are interested only in the single reply (base search) we receive here */ + if (ares->type == LDB_REPLY_ENTRY) { + if (ac->search_res != NULL) { + ldb_set_errstring(ldb, talloc_asprintf(ldb, "Too many results")); + talloc_free(ares); + return LDB_ERR_OPERATIONS_ERROR; + } + + ac->search_res = talloc_steal(ac, ares); + } else { + talloc_free(ares); + } + + return LDB_SUCCESS; +} + +/* On a modify, we don't have the objectGUID handy, so we need to + * search our DN for it */ +static int local_password_mod_search_self(struct ldb_async_handle *h) { + + struct lpdb_async_context *ac; + static const char * const attrs[] = { "objectGUID", "objectClass", NULL }; + + ac = talloc_get_type(h->private_data, struct lpdb_async_context); + + /* prepare the search operation */ + ac->search_req = talloc_zero(ac, struct ldb_request); + if (ac->search_req == NULL) { + ldb_debug(ac->module->ldb, LDB_DEBUG_ERROR, "Out of Memory!\n"); + return LDB_ERR_OPERATIONS_ERROR; + } + + ac->search_req->operation = LDB_SEARCH; + ac->search_req->op.search.base = ac->orig_req->op.mod.message->dn; + ac->search_req->op.search.scope = LDB_SCOPE_BASE; + ac->search_req->op.search.tree = ldb_parse_tree(ac->module->ldb, NULL); + if (ac->search_req->op.search.tree == NULL) { + ldb_set_errstring(ac->module->ldb, talloc_asprintf(ac, "Invalid search filter")); + return LDB_ERR_OPERATIONS_ERROR; + } + ac->search_req->op.search.attrs = attrs; + ac->search_req->controls = NULL; + ac->search_req->async.context = ac; + ac->search_req->async.callback = get_self_callback; + ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->search_req); + + ac->step = LPDB_MOD_SEARCH_SELF; + + return ldb_next_request(ac->module, ac->search_req); +} + +/* After we find out the objectGUID for the entry, modify the local + * password database as required */ +static int local_password_mod_local(struct ldb_async_handle *h) { + + struct lpdb_async_context *ac; + struct GUID objectGUID; + ac = talloc_get_type(h->private_data, struct lpdb_async_context); + + /* if it is not an entry of type person this is an error */ + /* TODO: remove this when sambaPassword will be in schema */ + if (!ac->search_res) { + ldb_set_errstring(ac->module->ldb, + talloc_asprintf(ac, + "entry just modified (%s) not found!", + ldb_dn_linearize(ac, ac->remote_req->op.mod.message->dn))); + return LDB_ERR_OPERATIONS_ERROR; + } + if (!ldb_msg_check_string_attribute(ac->search_res->message, "objectClass", "person")) { + /* Not relevent to us */ + return LDB_SUCCESS; + } + + if (ldb_msg_find_ldb_val(ac->search_res->message, "objectGUID") == NULL) { + ldb_set_errstring(ac->module->ldb, + talloc_asprintf(ac, + "no objectGUID found in search: local_password module must be configured below objectGUID module!\n")); + return LDB_ERR_OBJECT_CLASS_VIOLATION; + } + + objectGUID = samdb_result_guid(ac->search_res->message, "objectGUID"); + + ac->local_message->dn = ldb_dn_string_compose(ac, + ldb_dn_explode(ac, LOCAL_BASE), + PASSWORD_GUID_ATTR "=%s", GUID_string(ac, &objectGUID)); + + h->state = LDB_ASYNC_INIT; + h->status = LDB_SUCCESS; + + ac->step = LPDB_LOCAL; + + ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->local_req); + + /* perform the local update */ + return ldb_next_request(ac->module, ac->local_req); +} + + +static int lpdb_local_search_async_callback(struct ldb_context *ldb, void *context, struct ldb_async_result *ares) +{ + struct lpdb_async_local_search_context *local_context; + + if (!context || !ares) { + ldb_set_errstring(ldb, talloc_asprintf(ldb, "NULL Context or Result in callback")); + return LDB_ERR_OPERATIONS_ERROR; + } + + local_context = talloc_get_type(context, struct lpdb_async_local_search_context); + + /* we are interested only in the single reply (base search) we receive here */ + switch (ares->type) { + case LDB_REPLY_ENTRY: + { + int i; + if (local_context->local_res != NULL) { + ldb_set_errstring(ldb, talloc_asprintf(ldb, "Too many results to base search for password entry!")); + talloc_free(ares); + return LDB_ERR_OPERATIONS_ERROR; + } + + local_context->local_res = ares; + + /* Make sure never to return the internal key attribute to the caller */ + ldb_msg_remove_attr(ares->message, PASSWORD_GUID_ATTR); + + talloc_steal(local_context->remote_res->message->elements, ares->message->elements); + for (i=0; i < ares->message->num_elements; i++) { + struct ldb_message_element *el; + + el = ldb_msg_find_element(local_context->remote_res->message, + ares->message->elements[i].name); + if (!el) { + if (ldb_msg_add_empty(local_context->remote_res->message, + ares->message->elements[i].name, 0) != LDB_SUCCESS) { + talloc_free(ares); + return LDB_ERR_OPERATIONS_ERROR; + } + el = ldb_msg_find_element(local_context->remote_res->message, + ares->message->elements[i].name); + *el = ares->message->elements[i]; + } + } + return local_context->ac->orig_req->async.callback(ldb, + local_context->ac->orig_req->async.context, + local_context->remote_res); + } + case LDB_REPLY_DONE: + { + /* Fire off the callback if there was no local entry, so we get the rest returned */ + if (local_context->local_res == NULL) { + return local_context->ac->orig_req->async.callback(ldb, + local_context->ac->orig_req->async.context, + local_context->remote_res); + } + } + default: + { + talloc_free(ares); + ldb_set_errstring(ldb, talloc_asprintf(ldb, "Unexpected result type in base search for password entry!")); + return LDB_ERR_OPERATIONS_ERROR; + } + } +} + +/* For each entry returned in a remote search, do a local base search, + * based on the objectGUID we asked for as an additional attribute */ +static int lpdb_remote_search_async_callback(struct ldb_context *ldb, void *context, struct ldb_async_result *ares) +{ + struct lpdb_async_context *ac; + + if (!context || !ares) { + ldb_set_errstring(ldb, talloc_asprintf(ldb, "NULL Context or Result in callback")); + goto error; + } + + ac = talloc_get_type(context, struct lpdb_async_context); + + if (ares->type == LDB_REPLY_ENTRY) { + struct ldb_request *req; + struct lpdb_async_local_search_context *local_context; + struct GUID objectGUID; + + /* No point searching further if it's not a 'person' entry */ + if (!ldb_msg_check_string_attribute(ares->message, "objectClass", "person")) { + + /* Make sure to remove anything we added */ + if (ac->added_objectGUID) { + ldb_msg_remove_attr(ares->message, "objectGUID"); + } + + if (ac->added_objectClass) { + ldb_msg_remove_attr(ares->message, "objectClass"); + } + + return ac->orig_req->async.callback(ldb, ac->orig_req->async.context, ares); + } + + if (ldb_msg_find_ldb_val(ares->message, "objectGUID") == NULL) { + ldb_set_errstring(ac->module->ldb, + talloc_asprintf(ac, + "no objectGUID found in search: local_password module must be configured below objectGUID module!\n")); + return LDB_ERR_OPERATIONS_ERROR; + } + + objectGUID = samdb_result_guid(ares->message, "objectGUID"); + + if (ac->added_objectGUID) { + ldb_msg_remove_attr(ares->message, "objectGUID"); + } + + if (ac->added_objectClass) { + ldb_msg_remove_attr(ares->message, "objectClass"); + } + + req = talloc_zero(ac, struct ldb_request); + if (!req) { + return LDB_ERR_OPERATIONS_ERROR; + } + + local_context = talloc(ac, struct lpdb_async_local_search_context); + if (!local_context) { + return LDB_ERR_OPERATIONS_ERROR; + } + local_context->ac = ac; + local_context->remote_res = ares; + local_context->local_res = NULL; + + req->op.search.base = ldb_dn_string_compose(ac, + ldb_dn_explode(ac, LOCAL_BASE), + PASSWORD_GUID_ATTR "=%s", GUID_string(ac, &objectGUID)); + if (!req->op.search.base) { + return LDB_ERR_OPERATIONS_ERROR; + } + req->operation = LDB_SEARCH; + req->op.search.scope = LDB_SCOPE_BASE; + req->op.search.tree = ldb_parse_tree(ac->module->ldb, NULL); + if (req->op.search.tree == NULL) { + ldb_set_errstring(ac->module->ldb, talloc_asprintf(ac, "out of memory")); + return LDB_ERR_OPERATIONS_ERROR; + } + req->op.search.attrs = ac->orig_req->op.search.attrs; + req->controls = NULL; + req->async.context = ac; + req->async.callback = get_self_callback; + + ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, req); + + req->async.context = local_context; + req->async.callback = lpdb_local_search_async_callback; + + return ldb_next_request(ac->module, req); + } else { + return ac->orig_req->async.callback(ldb, ac->orig_req->async.context, ares); + } +error: + talloc_free(ares); + return LDB_ERR_OPERATIONS_ERROR; +} + +/* Search for passwords and other attributes. The passwords are + * local, but the other attributes are remote, and we need to glue the + * two search spaces back togeather */ + +static int local_password_search(struct ldb_module *module, struct ldb_request *req) +{ + struct ldb_async_handle *h; + struct lpdb_async_context *ac; + int i; + int ret; + const char * const *search_attrs = NULL; + + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "local_password_search\n"); + + if (ldb_dn_is_special(req->op.search.base)) { /* do not manipulate our control entries */ + return ldb_next_request(module, req); + } + + /* If the caller is searching for the local passwords directly, let them pass */ + if (ldb_dn_compare_base(module->ldb, + ldb_dn_explode(req, LOCAL_BASE), + req->op.search.base) == 0) { + return ldb_next_request(module, req); + } + + if (req->op.search.attrs && (!ldb_attr_in_list(req->op.search.attrs, "*"))) { + for (i=0; i < ARRAY_SIZE(password_attrs); i++) { + if (ldb_attr_in_list(req->op.search.attrs, password_attrs[i])) { + break; + } + } + + /* It didn't match any of our password attributes, go on */ + if (i == ARRAY_SIZE(password_attrs)) { + return ldb_next_request(module, req); + } + } + + h = lpdb_init_handle(req, module, LPDB_SEARCH); + if (!h) { + return LDB_ERR_OPERATIONS_ERROR; + } + + ac = talloc_get_type(h->private_data, struct lpdb_async_context); + + ac->orig_req = req; + + ac->remote_req = talloc(ac, struct ldb_request); + if (ac->remote_req == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + /* Remote search is for all attributes: if the remote LDAP server has these attributes, then it overrides the local database */ + *(ac->remote_req) = *(ac->orig_req); + + /* Return our own handle do deal with this call */ + ac->remote_req->async.handle = h; + + ac->remote_req->async.context = ac; + ac->remote_req->async.callback = lpdb_remote_search_async_callback; + + if (req->op.search.attrs && !ldb_attr_in_list(req->op.search.attrs, "*")) { + if (!ldb_attr_in_list(req->op.search.attrs, "objectGUID")) { + search_attrs = ldb_attr_list_copy_add(req, req->op.search.attrs, "objectGUID"); + ac->added_objectGUID = True; + if (!search_attrs) { + return LDB_ERR_OPERATIONS_ERROR; + } + } else { + search_attrs = req->op.search.attrs; + } + if (!ldb_attr_in_list(search_attrs, "objectClass")) { + search_attrs = ldb_attr_list_copy_add(req, search_attrs, "objectClass"); + ac->added_objectClass = True; + if (!search_attrs) { + return LDB_ERR_OPERATIONS_ERROR; + } + } + } else { + search_attrs = req->op.search.attrs; + } + + ac->remote_req->op.search.attrs = search_attrs; + + ldb_set_timeout_from_prev_req(module->ldb, ac->orig_req, ac->remote_req); + + h->state = LDB_ASYNC_INIT; + h->status = LDB_SUCCESS; + + ac->step = LPDB_SEARCH_REMOTE; + + /* perform the search */ + ret = ldb_next_request(module, ac->remote_req); + + if (ret == LDB_SUCCESS) { + req->async.handle = ac->remote_req->async.handle; + } + + return ret; +} + +static int lpdb_async_wait(struct ldb_async_handle *handle) { + struct lpdb_async_context *ac; + int ret; + + if (!handle || !handle->private_data) { + return LDB_ERR_OPERATIONS_ERROR; + } + + if (handle->state == LDB_ASYNC_DONE) { + return handle->status; + } + + handle->state = LDB_ASYNC_PENDING; + handle->status = LDB_SUCCESS; + + ac = talloc_get_type(handle->private_data, struct lpdb_async_context); + + switch (ac->step) { + case LPDB_ADD_REMOTE: + ret = ldb_async_wait(ac->remote_req->async.handle, LDB_WAIT_NONE); + + if (ret != LDB_SUCCESS) { + handle->status = ret; + goto done; + } + if (ac->remote_req->async.handle->status != LDB_SUCCESS) { + handle->status = ac->remote_req->async.handle->status; + goto done; + } + + if (ac->remote_req->async.handle->state != LDB_ASYNC_DONE) { + return LDB_SUCCESS; + } + + /* original request done, go on */ + return local_password_add_local(handle); + + case LPDB_MOD_REMOTE: + ret = ldb_async_wait(ac->remote_req->async.handle, LDB_WAIT_NONE); + + if (ret != LDB_SUCCESS) { + handle->status = ret; + goto done; + } + if (ac->remote_req->async.handle->status != LDB_SUCCESS) { + handle->status = ac->remote_req->async.handle->status; + goto done; + } + + if (ac->remote_req->async.handle->state != LDB_ASYNC_DONE) { + return LDB_SUCCESS; + } + + /* original request done, go on */ + return local_password_mod_search_self(handle); + + case LPDB_MOD_SEARCH_SELF: + ret = ldb_async_wait(ac->search_req->async.handle, LDB_WAIT_NONE); + + if (ret != LDB_SUCCESS) { + handle->status = ret; + goto done; + } + if (ac->search_req->async.handle->status != LDB_SUCCESS) { + handle->status = ac->search_req->async.handle->status; + goto done; + } + + if (ac->search_req->async.handle->state != LDB_ASYNC_DONE) { + return LDB_SUCCESS; + } + + /* original request done, go on */ + return local_password_mod_local(handle); + + case LPDB_LOCAL: + ret = ldb_async_wait(ac->local_req->async.handle, LDB_WAIT_NONE); + + if (ret != LDB_SUCCESS) { + handle->status = ret; + goto done; + } + if (ac->local_req->async.handle->status != LDB_SUCCESS) { + handle->status = ac->local_req->async.handle->status; + goto done; + } + + if (ac->local_req->async.handle->state != LDB_ASYNC_DONE) { + return LDB_SUCCESS; + } + + break; + + case LPDB_SEARCH_REMOTE: + ret = ldb_async_wait(ac->remote_req->async.handle, LDB_WAIT_NONE); + + if (ret != LDB_SUCCESS) { + handle->status = ret; + goto done; + } + if (ac->remote_req->async.handle->status != LDB_SUCCESS) { + handle->status = ac->remote_req->async.handle->status; + goto done; + } + + if (ac->remote_req->async.handle->state != LDB_ASYNC_DONE) { + return LDB_SUCCESS; + } + + break; + + default: + ret = LDB_ERR_OPERATIONS_ERROR; + goto done; + } + + ret = LDB_SUCCESS; + +done: + handle->state = LDB_ASYNC_DONE; + return ret; +} + +static int lpdb_async_wait_all(struct ldb_async_handle *handle) { + + int ret; + + while (handle->state != LDB_ASYNC_DONE) { + ret = lpdb_async_wait(handle); + if (ret != LDB_SUCCESS) { + return ret; + } + } + + return handle->status; +} + +static int local_password_async_wait(struct ldb_async_handle *handle, enum ldb_async_wait_type type) +{ + if (type == LDB_WAIT_ALL) { + return lpdb_async_wait_all(handle); + } else { + return lpdb_async_wait(handle); + } +} + +static const struct ldb_module_ops local_password_ops = { + .name = "local_password", + .add = local_password_add, + .modify = local_password_modify, + .search = local_password_search, + .async_wait = local_password_async_wait +}; + + +int local_password_module_init(void) +{ + return ldb_register_module(&local_password_ops); +} diff --git a/source4/dsdb/samdb/ldb_modules/password_modules.h b/source4/dsdb/samdb/ldb_modules/password_modules.h new file mode 100644 index 0000000000..40d0144416 --- /dev/null +++ b/source4/dsdb/samdb/ldb_modules/password_modules.h @@ -0,0 +1,3 @@ +/* We store these passwords under this base DN: */ + +#define LOCAL_BASE "cn=Passwords" -- cgit From 56b1714e9c40dfeae855d0917d78fc0ddc04162e Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 28 Jul 2006 06:30:03 +0000 Subject: r17288: Don't mess with entries in the local password prefix, and fix const warnings. Andrew Bartlett (This used to be commit 4569c58a42e1d65ae71ee57e391b9e3dbaba2218) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index ec42249633..ae02eb9e98 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -44,6 +44,7 @@ #include "dsdb/samdb/samdb.h" #include "ads.h" #include "hdb.h" +#include "dsdb/samdb/ldb_modules/password_modules.h" /* If we have decided there is reason to work on this request, then * setup all the password hash types correctly. @@ -571,6 +572,13 @@ static int password_hash_add(struct ldb_module *module, struct ldb_request *req) return ldb_next_request(module, req); } + /* If the caller is manipulating the local passwords directly, let them pass */ + if (ldb_dn_compare_base(module->ldb, + ldb_dn_explode(req, LOCAL_BASE), + req->op.add.message->dn) == 0) { + return ldb_next_request(module, req); + } + /* nobody must touch password Histories */ if (ldb_msg_find_element(req->op.add.message, "sambaNTPwdHistory") || ldb_msg_find_element(req->op.add.message, "sambaLMPwdHistory")) { @@ -740,6 +748,7 @@ static int password_hash_modify(struct ldb_module *module, struct ldb_request *r struct ldb_message_element *sambaAttr; struct ldb_message_element *ntAttr; struct ldb_message_element *lmAttr; + struct ldb_message *msg; ldb_debug(module->ldb, LDB_DEBUG_TRACE, "password_hash_modify\n"); @@ -747,6 +756,13 @@ static int password_hash_modify(struct ldb_module *module, struct ldb_request *r return ldb_next_request(module, req); } + /* If the caller is manipulating the local passwords directly, let them pass */ + if (ldb_dn_compare_base(module->ldb, + ldb_dn_explode(req, LOCAL_BASE), + req->op.mod.message->dn) == 0) { + return ldb_next_request(module, req); + } + /* nobody must touch password Histories */ if (ldb_msg_find_element(req->op.mod.message, "sambaNTPwdHistory") || ldb_msg_find_element(req->op.mod.message, "sambaLMPwdHistory")) { @@ -799,16 +815,16 @@ static int password_hash_modify(struct ldb_module *module, struct ldb_request *r *(ac->down_req) = *req; /* copy the request */ /* use a new message structure so that we can modify it */ - ac->down_req->op.mod.message = ldb_msg_copy_shallow(ac->down_req, req->op.mod.message); + ac->down_req->op.mod.message = msg = ldb_msg_copy_shallow(ac->down_req, req->op.mod.message); /* - remove any imodification to the password from the first commit * we will make the real modification later */ - if (sambaAttr) ldb_msg_remove_attr(ac->down_req->op.mod.message, "sambaPassword"); - if (ntAttr) ldb_msg_remove_attr(ac->down_req->op.mod.message, "ntPwdHash"); - if (lmAttr) ldb_msg_remove_attr(ac->down_req->op.mod.message, "lmPwdHash"); + if (sambaAttr) ldb_msg_remove_attr(msg, "sambaPassword"); + if (ntAttr) ldb_msg_remove_attr(msg, "ntPwdHash"); + if (lmAttr) ldb_msg_remove_attr(msg, "lmPwdHash"); /* if there was nothing else to be modify skip to next step */ - if (ac->down_req->op.mod.message->num_elements == 0) { + if (msg->num_elements == 0) { talloc_free(ac->down_req); ac->down_req = NULL; return password_hash_mod_search_self(h); -- cgit From e20ed616e449e665988df82f99c7be706e0f8f5a Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 28 Jul 2006 07:49:07 +0000 Subject: r17289: Fix the build: I havn't commited this module yet. Andrew Bartlett (This used to be commit 8b0f6e637ee3ef0767be4017b4106877c185d7c7) --- source4/dsdb/samdb/ldb_modules/config.mk | 10 ---------- 1 file changed, 10 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index b9fc15fc02..0cee23fc1e 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -68,16 +68,6 @@ PRIVATE_DEPENDENCIES = HEIMDAL_HDB_KEYS # End MODULE ldb_password_hash ################################################ -################################################ -# Start MODULE ldb_password_sync -[MODULE::ldb_password_sync] -SUBSYSTEM = ldb -INIT_FUNCTION = password_sync_module_init -OBJ_FILES = password_sync.o - -# End MODULE ldb_password_sync -################################################ - ################################################ # Start MODULE ldb_kludge_acl [MODULE::ldb_kludge_acl] -- cgit From 431720960648841305ca1f2b8ebc2c1344461661 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 28 Jul 2006 23:46:39 +0000 Subject: r17298: Fix up the local_password module to the current LDB API, and build it by default. Andrew Bartlett (This used to be commit c1ea0a350cdc2c5ddfd71e08f8c3907d97fc1efd) --- source4/dsdb/samdb/ldb_modules/config.mk | 10 ++ source4/dsdb/samdb/ldb_modules/local_password.c | 194 ++++++++++++------------ 2 files changed, 108 insertions(+), 96 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index 0cee23fc1e..799d650ee7 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -68,6 +68,16 @@ PRIVATE_DEPENDENCIES = HEIMDAL_HDB_KEYS # End MODULE ldb_password_hash ################################################ +################################################ +# Start MODULE ldb_local_password +[MODULE::ldb_local_password] +SUBSYSTEM = ldb +INIT_FUNCTION = local_password_module_init +OBJ_FILES = local_password.o +# +# End MODULE ldb_local_password +################################################ + ################################################ # Start MODULE ldb_kludge_acl [MODULE::ldb_kludge_acl] diff --git a/source4/dsdb/samdb/ldb_modules/local_password.c b/source4/dsdb/samdb/ldb_modules/local_password.c index a570e7c83d..90fb3ae23b 100644 --- a/source4/dsdb/samdb/ldb_modules/local_password.c +++ b/source4/dsdb/samdb/ldb_modules/local_password.c @@ -64,7 +64,7 @@ static const char * const password_attrs[] = { /* And we merge them back into search requests when asked to do so */ -struct lpdb_async_context { +struct lpdb_context { enum lpdb_type {LPDB_ADD, LPDB_MOD, LPDB_SEARCH} type; enum lpdb_step {LPDB_ADD_REMOTE, LPDB_MOD_REMOTE, LPDB_MOD_SEARCH_SELF, LPDB_LOCAL, LPDB_SEARCH_REMOTE} step; @@ -80,21 +80,21 @@ struct lpdb_async_context { BOOL added_objectGUID; BOOL added_objectClass; - struct ldb_async_result *search_res; + struct ldb_reply *search_res; }; -struct lpdb_async_local_search_context { - struct lpdb_async_context *ac; - struct ldb_async_result *remote_res; - struct ldb_async_result *local_res; +struct lpdb_local_search_context { + struct lpdb_context *ac; + struct ldb_reply *remote_res; + struct ldb_reply *local_res; }; -static struct ldb_async_handle *lpdb_init_handle(struct ldb_request *req, struct ldb_module *module, enum lpdb_type type) +static struct ldb_handle *lpdb_init_handle(struct ldb_request *req, struct ldb_module *module, enum lpdb_type type) { - struct lpdb_async_context *ac; - struct ldb_async_handle *h; + struct lpdb_context *ac; + struct ldb_handle *h; - h = talloc_zero(req, struct ldb_async_handle); + h = talloc_zero(req, struct ldb_handle); if (h == NULL) { ldb_set_errstring(module->ldb, talloc_asprintf(module, "Out of Memory")); return NULL; @@ -102,7 +102,7 @@ static struct ldb_async_handle *lpdb_init_handle(struct ldb_request *req, struct h->module = module; - ac = talloc_zero(h, struct lpdb_async_context); + ac = talloc_zero(h, struct lpdb_context); if (ac == NULL) { ldb_set_errstring(module->ldb, talloc_asprintf(module, "Out of Memory")); talloc_free(h); @@ -126,8 +126,8 @@ static struct ldb_async_handle *lpdb_init_handle(struct ldb_request *req, struct static int local_password_add(struct ldb_module *module, struct ldb_request *req) { - struct ldb_async_handle *h; - struct lpdb_async_context *ac; + struct ldb_handle *h; + struct lpdb_context *ac; struct ldb_message *remote_message; struct ldb_message *local_message; struct GUID objectGUID; @@ -169,7 +169,7 @@ static int local_password_add(struct ldb_module *module, struct ldb_request *req if (!h) { return LDB_ERR_OPERATIONS_ERROR; } - ac = talloc_get_type(h->private_data, struct lpdb_async_context); + ac = talloc_get_type(h->private_data, struct lpdb_context); ac->orig_req = req; @@ -192,8 +192,8 @@ static int local_password_add(struct ldb_module *module, struct ldb_request *req ac->remote_req->op.add.message = remote_message; - ac->remote_req->async.context = NULL; - ac->remote_req->async.callback = NULL; + ac->remote_req->context = NULL; + ac->remote_req->callback = NULL; ac->local_req = talloc(ac, struct ldb_request); if (ac->local_req == NULL) { @@ -231,22 +231,22 @@ static int local_password_add(struct ldb_module *module, struct ldb_request *req ac->local_req->op.add.message = local_message; - ac->local_req->async.context = NULL; - ac->local_req->async.callback = NULL; + ac->local_req->context = NULL; + ac->local_req->callback = NULL; ac->step = LPDB_ADD_REMOTE; /* Return our own handle do deal with this call */ - req->async.handle = h; + req->handle = h; return ldb_next_request(module, ac->remote_req); } /* After adding the remote entry, add the local one */ -static int local_password_add_local(struct ldb_async_handle *h) { +static int local_password_add_local(struct ldb_handle *h) { - struct lpdb_async_context *ac; - ac = talloc_get_type(h->private_data, struct lpdb_async_context); + struct lpdb_context *ac; + ac = talloc_get_type(h->private_data, struct lpdb_context); h->state = LDB_ASYNC_INIT; h->status = LDB_SUCCESS; @@ -259,12 +259,12 @@ static int local_password_add_local(struct ldb_async_handle *h) { return ldb_next_request(ac->module, ac->local_req); } -static int local_password_mod_search_self(struct ldb_async_handle *h); +static int local_password_mod_search_self(struct ldb_handle *h); static int local_password_modify(struct ldb_module *module, struct ldb_request *req) { - struct ldb_async_handle *h; - struct lpdb_async_context *ac; + struct ldb_handle *h; + struct lpdb_context *ac; struct ldb_message *remote_message; struct ldb_message *local_message; int i; @@ -298,7 +298,7 @@ static int local_password_modify(struct ldb_module *module, struct ldb_request * if (!h) { return LDB_ERR_OPERATIONS_ERROR; } - ac = talloc_get_type(h->private_data, struct lpdb_async_context); + ac = talloc_get_type(h->private_data, struct lpdb_context); ac->orig_req = req; @@ -320,8 +320,8 @@ static int local_password_modify(struct ldb_module *module, struct ldb_request * ac->remote_req->op.mod.message = remote_message; - ac->remote_req->async.context = NULL; - ac->remote_req->async.callback = NULL; + ac->remote_req->context = NULL; + ac->remote_req->callback = NULL; ac->local_req = talloc(ac, struct ldb_request); if (ac->local_req == NULL) { @@ -343,29 +343,29 @@ static int local_password_modify(struct ldb_module *module, struct ldb_request * ac->local_req->op.mod.message = local_message; ac->local_message = local_message; - ac->local_req->async.context = NULL; - ac->local_req->async.callback = NULL; + ac->local_req->context = NULL; + ac->local_req->callback = NULL; ac->step = LPDB_MOD_REMOTE; /* Return our own handle do deal with this call */ - req->async.handle = h; + req->handle = h; return ldb_next_request(module, ac->remote_req); } /* Called when we search for our oen entry. Stores the one entry we * expect (as it is a base search) on the context pointer */ -static int get_self_callback(struct ldb_context *ldb, void *context, struct ldb_async_result *ares) +static int get_self_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) { - struct lpdb_async_context *ac; + struct lpdb_context *ac; if (!context || !ares) { ldb_set_errstring(ldb, talloc_asprintf(ldb, "NULL Context or Result in callback")); return LDB_ERR_OPERATIONS_ERROR; } - ac = talloc_get_type(context, struct lpdb_async_context); + ac = talloc_get_type(context, struct lpdb_context); /* we are interested only in the single reply (base search) we receive here */ if (ares->type == LDB_REPLY_ENTRY) { @@ -385,12 +385,12 @@ static int get_self_callback(struct ldb_context *ldb, void *context, struct ldb_ /* On a modify, we don't have the objectGUID handy, so we need to * search our DN for it */ -static int local_password_mod_search_self(struct ldb_async_handle *h) { +static int local_password_mod_search_self(struct ldb_handle *h) { - struct lpdb_async_context *ac; + struct lpdb_context *ac; static const char * const attrs[] = { "objectGUID", "objectClass", NULL }; - ac = talloc_get_type(h->private_data, struct lpdb_async_context); + ac = talloc_get_type(h->private_data, struct lpdb_context); /* prepare the search operation */ ac->search_req = talloc_zero(ac, struct ldb_request); @@ -409,8 +409,8 @@ static int local_password_mod_search_self(struct ldb_async_handle *h) { } ac->search_req->op.search.attrs = attrs; ac->search_req->controls = NULL; - ac->search_req->async.context = ac; - ac->search_req->async.callback = get_self_callback; + ac->search_req->context = ac; + ac->search_req->callback = get_self_callback; ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->search_req); ac->step = LPDB_MOD_SEARCH_SELF; @@ -420,11 +420,11 @@ static int local_password_mod_search_self(struct ldb_async_handle *h) { /* After we find out the objectGUID for the entry, modify the local * password database as required */ -static int local_password_mod_local(struct ldb_async_handle *h) { +static int local_password_mod_local(struct ldb_handle *h) { - struct lpdb_async_context *ac; + struct lpdb_context *ac; struct GUID objectGUID; - ac = talloc_get_type(h->private_data, struct lpdb_async_context); + ac = talloc_get_type(h->private_data, struct lpdb_context); /* if it is not an entry of type person this is an error */ /* TODO: remove this when sambaPassword will be in schema */ @@ -465,16 +465,16 @@ static int local_password_mod_local(struct ldb_async_handle *h) { } -static int lpdb_local_search_async_callback(struct ldb_context *ldb, void *context, struct ldb_async_result *ares) +static int lpdb_local_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) { - struct lpdb_async_local_search_context *local_context; + struct lpdb_local_search_context *local_context; if (!context || !ares) { ldb_set_errstring(ldb, talloc_asprintf(ldb, "NULL Context or Result in callback")); return LDB_ERR_OPERATIONS_ERROR; } - local_context = talloc_get_type(context, struct lpdb_async_local_search_context); + local_context = talloc_get_type(context, struct lpdb_local_search_context); /* we are interested only in the single reply (base search) we receive here */ switch (ares->type) { @@ -509,18 +509,20 @@ static int lpdb_local_search_async_callback(struct ldb_context *ldb, void *conte *el = ares->message->elements[i]; } } - return local_context->ac->orig_req->async.callback(ldb, - local_context->ac->orig_req->async.context, + return local_context->ac->orig_req->callback(ldb, + local_context->ac->orig_req->context, local_context->remote_res); } case LDB_REPLY_DONE: { /* Fire off the callback if there was no local entry, so we get the rest returned */ if (local_context->local_res == NULL) { - return local_context->ac->orig_req->async.callback(ldb, - local_context->ac->orig_req->async.context, + return local_context->ac->orig_req->callback(ldb, + local_context->ac->orig_req->context, local_context->remote_res); } + return LDB_SUCCESS; + break; } default: { @@ -533,20 +535,20 @@ static int lpdb_local_search_async_callback(struct ldb_context *ldb, void *conte /* For each entry returned in a remote search, do a local base search, * based on the objectGUID we asked for as an additional attribute */ -static int lpdb_remote_search_async_callback(struct ldb_context *ldb, void *context, struct ldb_async_result *ares) +static int lpdb_remote_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) { - struct lpdb_async_context *ac; + struct lpdb_context *ac; if (!context || !ares) { ldb_set_errstring(ldb, talloc_asprintf(ldb, "NULL Context or Result in callback")); goto error; } - ac = talloc_get_type(context, struct lpdb_async_context); + ac = talloc_get_type(context, struct lpdb_context); if (ares->type == LDB_REPLY_ENTRY) { struct ldb_request *req; - struct lpdb_async_local_search_context *local_context; + struct lpdb_local_search_context *local_context; struct GUID objectGUID; /* No point searching further if it's not a 'person' entry */ @@ -561,7 +563,7 @@ static int lpdb_remote_search_async_callback(struct ldb_context *ldb, void *cont ldb_msg_remove_attr(ares->message, "objectClass"); } - return ac->orig_req->async.callback(ldb, ac->orig_req->async.context, ares); + return ac->orig_req->callback(ldb, ac->orig_req->context, ares); } if (ldb_msg_find_ldb_val(ares->message, "objectGUID") == NULL) { @@ -586,7 +588,7 @@ static int lpdb_remote_search_async_callback(struct ldb_context *ldb, void *cont return LDB_ERR_OPERATIONS_ERROR; } - local_context = talloc(ac, struct lpdb_async_local_search_context); + local_context = talloc(ac, struct lpdb_local_search_context); if (!local_context) { return LDB_ERR_OPERATIONS_ERROR; } @@ -609,17 +611,17 @@ static int lpdb_remote_search_async_callback(struct ldb_context *ldb, void *cont } req->op.search.attrs = ac->orig_req->op.search.attrs; req->controls = NULL; - req->async.context = ac; - req->async.callback = get_self_callback; + req->context = ac; + req->callback = get_self_callback; ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, req); - req->async.context = local_context; - req->async.callback = lpdb_local_search_async_callback; + req->context = local_context; + req->callback = lpdb_local_search_callback; return ldb_next_request(ac->module, req); } else { - return ac->orig_req->async.callback(ldb, ac->orig_req->async.context, ares); + return ac->orig_req->callback(ldb, ac->orig_req->context, ares); } error: talloc_free(ares); @@ -632,8 +634,8 @@ error: static int local_password_search(struct ldb_module *module, struct ldb_request *req) { - struct ldb_async_handle *h; - struct lpdb_async_context *ac; + struct ldb_handle *h; + struct lpdb_context *ac; int i; int ret; const char * const *search_attrs = NULL; @@ -669,7 +671,7 @@ static int local_password_search(struct ldb_module *module, struct ldb_request * return LDB_ERR_OPERATIONS_ERROR; } - ac = talloc_get_type(h->private_data, struct lpdb_async_context); + ac = talloc_get_type(h->private_data, struct lpdb_context); ac->orig_req = req; @@ -682,10 +684,10 @@ static int local_password_search(struct ldb_module *module, struct ldb_request * *(ac->remote_req) = *(ac->orig_req); /* Return our own handle do deal with this call */ - ac->remote_req->async.handle = h; + ac->remote_req->handle = h; - ac->remote_req->async.context = ac; - ac->remote_req->async.callback = lpdb_remote_search_async_callback; + ac->remote_req->context = ac; + ac->remote_req->callback = lpdb_remote_search_callback; if (req->op.search.attrs && !ldb_attr_in_list(req->op.search.attrs, "*")) { if (!ldb_attr_in_list(req->op.search.attrs, "objectGUID")) { @@ -721,14 +723,14 @@ static int local_password_search(struct ldb_module *module, struct ldb_request * ret = ldb_next_request(module, ac->remote_req); if (ret == LDB_SUCCESS) { - req->async.handle = ac->remote_req->async.handle; + req->handle = ac->remote_req->handle; } return ret; } -static int lpdb_async_wait(struct ldb_async_handle *handle) { - struct lpdb_async_context *ac; +static int lpdb_wait(struct ldb_handle *handle) { + struct lpdb_context *ac; int ret; if (!handle || !handle->private_data) { @@ -742,22 +744,22 @@ static int lpdb_async_wait(struct ldb_async_handle *handle) { handle->state = LDB_ASYNC_PENDING; handle->status = LDB_SUCCESS; - ac = talloc_get_type(handle->private_data, struct lpdb_async_context); + ac = talloc_get_type(handle->private_data, struct lpdb_context); switch (ac->step) { case LPDB_ADD_REMOTE: - ret = ldb_async_wait(ac->remote_req->async.handle, LDB_WAIT_NONE); + ret = ldb_wait(ac->remote_req->handle, LDB_WAIT_NONE); if (ret != LDB_SUCCESS) { handle->status = ret; goto done; } - if (ac->remote_req->async.handle->status != LDB_SUCCESS) { - handle->status = ac->remote_req->async.handle->status; + if (ac->remote_req->handle->status != LDB_SUCCESS) { + handle->status = ac->remote_req->handle->status; goto done; } - if (ac->remote_req->async.handle->state != LDB_ASYNC_DONE) { + if (ac->remote_req->handle->state != LDB_ASYNC_DONE) { return LDB_SUCCESS; } @@ -765,18 +767,18 @@ static int lpdb_async_wait(struct ldb_async_handle *handle) { return local_password_add_local(handle); case LPDB_MOD_REMOTE: - ret = ldb_async_wait(ac->remote_req->async.handle, LDB_WAIT_NONE); + ret = ldb_wait(ac->remote_req->handle, LDB_WAIT_NONE); if (ret != LDB_SUCCESS) { handle->status = ret; goto done; } - if (ac->remote_req->async.handle->status != LDB_SUCCESS) { - handle->status = ac->remote_req->async.handle->status; + if (ac->remote_req->handle->status != LDB_SUCCESS) { + handle->status = ac->remote_req->handle->status; goto done; } - if (ac->remote_req->async.handle->state != LDB_ASYNC_DONE) { + if (ac->remote_req->handle->state != LDB_ASYNC_DONE) { return LDB_SUCCESS; } @@ -784,18 +786,18 @@ static int lpdb_async_wait(struct ldb_async_handle *handle) { return local_password_mod_search_self(handle); case LPDB_MOD_SEARCH_SELF: - ret = ldb_async_wait(ac->search_req->async.handle, LDB_WAIT_NONE); + ret = ldb_wait(ac->search_req->handle, LDB_WAIT_NONE); if (ret != LDB_SUCCESS) { handle->status = ret; goto done; } - if (ac->search_req->async.handle->status != LDB_SUCCESS) { - handle->status = ac->search_req->async.handle->status; + if (ac->search_req->handle->status != LDB_SUCCESS) { + handle->status = ac->search_req->handle->status; goto done; } - if (ac->search_req->async.handle->state != LDB_ASYNC_DONE) { + if (ac->search_req->handle->state != LDB_ASYNC_DONE) { return LDB_SUCCESS; } @@ -803,36 +805,36 @@ static int lpdb_async_wait(struct ldb_async_handle *handle) { return local_password_mod_local(handle); case LPDB_LOCAL: - ret = ldb_async_wait(ac->local_req->async.handle, LDB_WAIT_NONE); + ret = ldb_wait(ac->local_req->handle, LDB_WAIT_NONE); if (ret != LDB_SUCCESS) { handle->status = ret; goto done; } - if (ac->local_req->async.handle->status != LDB_SUCCESS) { - handle->status = ac->local_req->async.handle->status; + if (ac->local_req->handle->status != LDB_SUCCESS) { + handle->status = ac->local_req->handle->status; goto done; } - if (ac->local_req->async.handle->state != LDB_ASYNC_DONE) { + if (ac->local_req->handle->state != LDB_ASYNC_DONE) { return LDB_SUCCESS; } break; case LPDB_SEARCH_REMOTE: - ret = ldb_async_wait(ac->remote_req->async.handle, LDB_WAIT_NONE); + ret = ldb_wait(ac->remote_req->handle, LDB_WAIT_NONE); if (ret != LDB_SUCCESS) { handle->status = ret; goto done; } - if (ac->remote_req->async.handle->status != LDB_SUCCESS) { - handle->status = ac->remote_req->async.handle->status; + if (ac->remote_req->handle->status != LDB_SUCCESS) { + handle->status = ac->remote_req->handle->status; goto done; } - if (ac->remote_req->async.handle->state != LDB_ASYNC_DONE) { + if (ac->remote_req->handle->state != LDB_ASYNC_DONE) { return LDB_SUCCESS; } @@ -850,12 +852,12 @@ done: return ret; } -static int lpdb_async_wait_all(struct ldb_async_handle *handle) { +static int lpdb_wait_all(struct ldb_handle *handle) { int ret; while (handle->state != LDB_ASYNC_DONE) { - ret = lpdb_async_wait(handle); + ret = lpdb_wait(handle); if (ret != LDB_SUCCESS) { return ret; } @@ -864,12 +866,12 @@ static int lpdb_async_wait_all(struct ldb_async_handle *handle) { return handle->status; } -static int local_password_async_wait(struct ldb_async_handle *handle, enum ldb_async_wait_type type) +static int local_password_wait(struct ldb_handle *handle, enum ldb_wait_type type) { if (type == LDB_WAIT_ALL) { - return lpdb_async_wait_all(handle); + return lpdb_wait_all(handle); } else { - return lpdb_async_wait(handle); + return lpdb_wait(handle); } } @@ -878,7 +880,7 @@ static const struct ldb_module_ops local_password_ops = { .add = local_password_add, .modify = local_password_modify, .search = local_password_search, - .async_wait = local_password_async_wait + .wait = local_password_wait }; -- cgit From 77bb75ead0b5b13539ab89531542cc2e9813fda4 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 29 Jul 2006 01:13:53 +0000 Subject: r17299: Improve the partition module to replicate attribute records into all partitions. Test that we do that correctly. Andrew Bartlett (This used to be commit 90c07b88010b848423dee9556a24e8d181c365dd) --- source4/dsdb/samdb/ldb_modules/partition.c | 240 ++++++++++++++++++++++------- 1 file changed, 181 insertions(+), 59 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index 92fddca270..a21fabb747 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -42,15 +42,16 @@ struct partition { }; struct partition_private_data { struct partition **partitions; + struct ldb_dn **replicate; }; struct partition_context { struct ldb_module *module; struct ldb_request *orig_req; - struct ldb_request **search_req; - BOOL *finished_search; - int num_searches; + struct ldb_request **down_req; + int num_requests; + int finished_requests; }; static struct ldb_handle *partition_init_handle(struct ldb_request *req, struct ldb_module *module) @@ -118,35 +119,163 @@ struct ldb_module *find_backend(struct ldb_module *module, struct ldb_request *r return module; }; -static int partition_send_search(struct partition_context *ac, struct ldb_module *partition) + +/* + fire the caller's callback for every entry, but only send 'done' once. +*/ +static int partition_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +{ + struct partition_context *ac; + + if (!context || !ares) { + ldb_set_errstring(ldb, talloc_asprintf(ldb, "NULL Context or Result in callback")); + goto error; + } + + ac = talloc_get_type(context, struct partition_context); + + if (ares->type == LDB_REPLY_ENTRY) { + return ac->orig_req->callback(ldb, ac->orig_req->context, ares); + } else { + ac->finished_requests++; + if (ac->finished_requests == ac->num_requests) { + return ac->orig_req->callback(ldb, ac->orig_req->context, ares); + } else { + talloc_free(ares); + return LDB_SUCCESS; + } + } +error: + talloc_free(ares); + return LDB_ERR_OPERATIONS_ERROR; +} + +/* + only fire the 'last' callback, and only for START-TLS for now +*/ +static int partition_other_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +{ + struct partition_context *ac; + + if (!context || !ares) { + ldb_set_errstring(ldb, talloc_asprintf(ldb, "NULL Context or Result in callback")); + goto error; + } + + ac = talloc_get_type(context, struct partition_context); + + if (ares->type == LDB_REPLY_EXTENDED && strcmp(ares->response->oid, LDB_EXTENDED_START_TLS_OID)) { + ac->finished_requests++; + if (ac->finished_requests == ac->num_requests) { + return ac->orig_req->callback(ldb, ac->orig_req->context, ares); + } + talloc_free(ares); + return LDB_SUCCESS; + } + ldb_set_errstring(ldb, talloc_asprintf(ldb, "partition_other_callback: Unknown reply type, only supports START_TLS")); +error: + talloc_free(ares); + return LDB_ERR_OPERATIONS_ERROR; +} + + +static int partition_send_request(struct partition_context *ac, struct ldb_module *partition) { int ret; struct ldb_module *next = make_module_for_next_request(ac->module, ac->module->ldb, partition); - ac->search_req = talloc_realloc(ac, ac->search_req, - struct ldb_request *, ac->num_searches + 1); - if (!ac->search_req) { + ac->down_req = talloc_realloc(ac, ac->down_req, + struct ldb_request *, ac->num_requests + 1); + if (!ac->down_req) { ldb_set_errstring(ac->module->ldb, talloc_asprintf(ac->module->ldb, "Out of memory!")); return LDB_ERR_OPERATIONS_ERROR; } - ac->search_req[ac->num_searches] = talloc(ac, struct ldb_request); - if (ac->search_req[ac->num_searches] == NULL) { + ac->down_req[ac->num_requests] = talloc(ac, struct ldb_request); + if (ac->down_req[ac->num_requests] == NULL) { ldb_set_errstring(ac->module->ldb, talloc_asprintf(ac->module->ldb, "Out of memory!")); return LDB_ERR_OPERATIONS_ERROR; } - *ac->search_req[ac->num_searches] = *ac->orig_req; /* copy the request */ + *ac->down_req[ac->num_requests] = *ac->orig_req; /* copy the request */ + if (ac->down_req[ac->num_requests]->operation == LDB_SEARCH) { + ac->down_req[ac->num_requests]->callback = partition_search_callback; + ac->down_req[ac->num_requests]->context = ac; + } else { + ac->down_req[ac->num_requests]->callback = partition_other_callback; + ac->down_req[ac->num_requests]->context = ac; + } + /* Spray off search requests to all backends */ - ret = ldb_next_request(next, ac->search_req[ac->num_searches]); + ret = ldb_next_request(next, ac->down_req[ac->num_requests]); if (ret != LDB_SUCCESS) { return ret; } - ac->num_searches++; + ac->num_requests++; return LDB_SUCCESS; } +/* Send a request down to all the partitions */ +static int partition_send_all(struct ldb_module *module, + struct partition_context *ac, struct ldb_request *req) +{ + int i; + struct partition_private_data *data = talloc_get_type(module->private_data, + struct partition_private_data); + int ret = partition_send_request(ac, module->next); + if (ret != LDB_SUCCESS) { + return ret; + } + for (i=0; data && data->partitions && data->partitions[i]; i++) { + ret = partition_send_request(ac, data->partitions[i]->module); + if (ret != LDB_SUCCESS) { + return ret; + } + } + return LDB_SUCCESS; +} + +/* Figure out which backend a request needs to be aimed at. Some + * requests must be replicated to all backends */ +static int partition_replicate(struct ldb_module *module, struct ldb_request *req, const struct ldb_dn *dn) +{ + int i; + struct ldb_module *backend; + struct partition_private_data *data = talloc_get_type(module->private_data, + struct partition_private_data); + + /* Is this a special DN, we need to replicate to every backend? */ + for (i=0; data->replicate && data->replicate[i]; i++) { + if (ldb_dn_compare(module->ldb, + data->replicate[i], + dn) == 0) { + struct ldb_handle *h; + struct partition_context *ac; + + h = partition_init_handle(req, module); + if (!h) { + return LDB_ERR_OPERATIONS_ERROR; + } + /* return our own handle to deal with this call */ + req->handle = h; + + ac = talloc_get_type(h->private_data, struct partition_context); + + return partition_send_all(module, ac, req); + } + } + + /* Otherwise, we need to find the backend to fire it to */ + + /* Find backend */ + backend = find_backend(module, req, req->op.add.message->dn); + + /* issue request */ + return ldb_next_request(backend, req); + +} + /* search */ static int partition_search(struct ldb_module *module, struct ldb_request *req) { @@ -171,15 +300,12 @@ static int partition_search(struct ldb_module *module, struct ldb_request *req) ac = talloc_get_type(h->private_data, struct partition_context); - ac->orig_req = req; - ac->num_searches = 0; - for (i=0; data && data->partitions && data->partitions[i]; i++) { /* Find all partitions under the search base */ if (ldb_dn_compare_base(module->ldb, req->op.search.base, data->partitions[i]->dn) == 0) { - ret = partition_send_search(ac, data->partitions[i]->module); + ret = partition_send_request(ac, data->partitions[i]->module); if (ret != LDB_SUCCESS) { return ret; } @@ -187,23 +313,10 @@ static int partition_search(struct ldb_module *module, struct ldb_request *req) } /* Perhaps we didn't match any partitions. Try the main partition, then all partitions */ - if (ac->num_searches == 0) { - ret = partition_send_search(ac, module->next); - if (ret != LDB_SUCCESS) { - return ret; - } - for (i=0; data && data->partitions && data->partitions[i]; i++) { - ret = partition_send_search(ac, data->partitions[i]->module); - if (ret != LDB_SUCCESS) { - return ret; - } - } + if (ac->num_requests == 0) { + return partition_send_all(module, ac, req); } - ac->finished_search = talloc_zero_array(ac, BOOL, ac->num_searches); - if (!ac->finished_search) { - return LDB_ERR_OPERATIONS_ERROR; - } return LDB_SUCCESS; } else { struct ldb_module *backend = find_backend(module, req, req->op.search.base); @@ -215,34 +328,19 @@ static int partition_search(struct ldb_module *module, struct ldb_request *req) /* add */ static int partition_add(struct ldb_module *module, struct ldb_request *req) { - /* Find backend */ - struct ldb_module *backend = find_backend(module, req, req->op.add.message->dn); - - /* issue request */ - - return ldb_next_request(backend, req); + return partition_replicate(module, req, req->op.add.message->dn); } /* modify */ static int partition_modify(struct ldb_module *module, struct ldb_request *req) { - /* Find backend */ - struct ldb_module *backend = find_backend(module, req, req->op.mod.message->dn); - - /* issue request */ - - return ldb_next_request(backend, req); + return partition_replicate(module, req, req->op.mod.message->dn); } /* delete */ static int partition_delete(struct ldb_module *module, struct ldb_request *req) { - /* Find backend */ - struct ldb_module *backend = find_backend(module, req, req->op.del.dn); - - /* issue request */ - - return ldb_next_request(backend, req); + return partition_replicate(module, req, req->op.del.dn); } /* rename */ @@ -256,10 +354,7 @@ static int partition_rename(struct ldb_module *module, struct ldb_request *req) return LDB_ERR_AFFECTS_MULTIPLE_DSAS; } - /* issue request */ - - /* (later) consider if we should be searching multiple partitions */ - return ldb_next_request(backend, req); + return partition_replicate(module, req, req->op.rename.olddn); } /* start a transaction */ @@ -400,10 +495,11 @@ static int partition_init(struct ldb_module *module) { int ret, i; TALLOC_CTX *mem_ctx = talloc_new(module); - static const char *attrs[] = { "partition", NULL }; + static const char *attrs[] = { "partition", "replicateEntries", NULL }; struct ldb_result *res; struct ldb_message *msg; struct ldb_message_element *partition_attributes; + struct ldb_message_element *replicate_attributes; struct partition_private_data *data; @@ -511,6 +607,32 @@ static int partition_init(struct ldb_module *module) talloc_free(req); } + replicate_attributes = ldb_msg_find_element(msg, "replicateEntries"); + if (!replicate_attributes) { + ldb_set_errstring(module->ldb, + talloc_asprintf(module, "partition_init: " + "no entries to replicate specified")); + data->replicate = NULL; + } else { + data->replicate = talloc_array(data, struct ldb_dn *, replicate_attributes->num_values + 1); + if (!data->replicate) { + talloc_free(mem_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + + for (i=0; i < replicate_attributes->num_values; i++) { + data->replicate[i] = ldb_dn_explode(data->replicate[i], replicate_attributes->values[i].data); + if (!data->replicate[i]) { + ldb_set_errstring(module->ldb, + talloc_asprintf(module, "partition_init: " + "invalid DN in partition replicate record: %s", + replicate_attributes->values[i].data)); + return LDB_ERR_CONSTRAINT_VIOLATION; + } + } + data->replicate[i] = NULL; + } + module->private_data = data; talloc_steal(module, data); @@ -536,19 +658,19 @@ static int partition_wait_none(struct ldb_handle *handle) { ac = talloc_get_type(handle->private_data, struct partition_context); - for (i=0; i < ac->num_searches; i++) { - ret = ldb_wait(ac->search_req[i]->handle, LDB_WAIT_NONE); + for (i=0; i < ac->num_requests; i++) { + ret = ldb_wait(ac->down_req[i]->handle, LDB_WAIT_NONE); if (ret != LDB_SUCCESS) { handle->status = ret; goto done; } - if (ac->search_req[i]->handle->status != LDB_SUCCESS) { - handle->status = ac->search_req[i]->handle->status; + if (ac->down_req[i]->handle->status != LDB_SUCCESS) { + handle->status = ac->down_req[i]->handle->status; goto done; } - if (ac->search_req[i]->handle->state != LDB_ASYNC_DONE) { + if (ac->down_req[i]->handle->state != LDB_ASYNC_DONE) { return LDB_SUCCESS; } } -- cgit From cfa762ff8781531cf7dffc0f81377b90be6f439a Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 29 Jul 2006 01:52:15 +0000 Subject: r17302: Testing! This confirms that records are replicated into the correct databases, and that the case insensitive flags really work. Andrew Bartlett (This used to be commit ad463c1a5243019548bdbeea3070ec2e6cbcfcdf) --- source4/dsdb/samdb/ldb_modules/partition.c | 12 +++++++----- source4/dsdb/samdb/ldb_modules/password_sync.c | 0 2 files changed, 7 insertions(+), 5 deletions(-) create mode 100644 source4/dsdb/samdb/ldb_modules/password_sync.c (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index a21fabb747..aa692547ce 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -128,7 +128,7 @@ static int partition_search_callback(struct ldb_context *ldb, void *context, str struct partition_context *ac; if (!context || !ares) { - ldb_set_errstring(ldb, talloc_asprintf(ldb, "NULL Context or Result in callback")); + ldb_set_errstring(ldb, talloc_asprintf(ldb, "partition_search_callback: NULL Context or Result in 'search' callback")); goto error; } @@ -157,14 +157,16 @@ static int partition_other_callback(struct ldb_context *ldb, void *context, stru { struct partition_context *ac; - if (!context || !ares) { - ldb_set_errstring(ldb, talloc_asprintf(ldb, "NULL Context or Result in callback")); + if (!context) { + ldb_set_errstring(ldb, talloc_asprintf(ldb, "partition_other_callback: NULL Context in 'other' callback")); goto error; } ac = talloc_get_type(context, struct partition_context); - if (ares->type == LDB_REPLY_EXTENDED && strcmp(ares->response->oid, LDB_EXTENDED_START_TLS_OID)) { + if (!ares + || (ares->type == LDB_REPLY_EXTENDED + && strcmp(ares->response->oid, LDB_EXTENDED_START_TLS_OID))) { ac->finished_requests++; if (ac->finished_requests == ac->num_requests) { return ac->orig_req->callback(ldb, ac->orig_req->context, ares); @@ -621,7 +623,7 @@ static int partition_init(struct ldb_module *module) } for (i=0; i < replicate_attributes->num_values; i++) { - data->replicate[i] = ldb_dn_explode(data->replicate[i], replicate_attributes->values[i].data); + data->replicate[i] = ldb_dn_explode(data->replicate, replicate_attributes->values[i].data); if (!data->replicate[i]) { ldb_set_errstring(module->ldb, talloc_asprintf(module, "partition_init: " diff --git a/source4/dsdb/samdb/ldb_modules/password_sync.c b/source4/dsdb/samdb/ldb_modules/password_sync.c new file mode 100644 index 0000000000..e69de29bb2 -- cgit From 5d7b99804acb921496248956542645889b05e928 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 29 Jul 2006 02:00:33 +0000 Subject: r17303: More testing results: Don't try and call a NULL callback, and use the correct parameter, as this is called for more than just 'add'. Andrew Bartlett (This used to be commit be51b7240889bfcc752f92a2920d8b6a2eccecd6) --- source4/dsdb/samdb/ldb_modules/partition.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index aa692547ce..c94c843a83 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -164,6 +164,11 @@ static int partition_other_callback(struct ldb_context *ldb, void *context, stru ac = talloc_get_type(context, struct partition_context); + if (!ac->orig_req->callback) { + talloc_free(ares); + return LDB_SUCCESS; + } + if (!ares || (ares->type == LDB_REPLY_EXTENDED && strcmp(ares->response->oid, LDB_EXTENDED_START_TLS_OID))) { @@ -271,7 +276,7 @@ static int partition_replicate(struct ldb_module *module, struct ldb_request *re /* Otherwise, we need to find the backend to fire it to */ /* Find backend */ - backend = find_backend(module, req, req->op.add.message->dn); + backend = find_backend(module, req, dn); /* issue request */ return ldb_next_request(backend, req); -- cgit From c45ac4343c6669101c27f0830cc4410e8dc55986 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 31 Jul 2006 01:16:28 +0000 Subject: r17331: Oops, how did I commit this empty file... Andrew Bartlett (This used to be commit 3b81f21d4153350b1febe23daad9a08efc617954) --- source4/dsdb/samdb/ldb_modules/password_sync.c | 0 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 source4/dsdb/samdb/ldb_modules/password_sync.c (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_sync.c b/source4/dsdb/samdb/ldb_modules/password_sync.c deleted file mode 100644 index e69de29bb2..0000000000 -- cgit From ecfdd5fc6cd704eaf496f4d31c18b6db97589fb3 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 10 Aug 2006 01:51:27 +0000 Subject: r17474: Allow the partitions module to load modules for specific backends. Andrew Bartlett (This used to be commit c016db2187120991e8ad779b9df35480d7c19400) --- source4/dsdb/samdb/ldb_modules/partition.c | 79 ++++++++++++++++++++++++++++-- 1 file changed, 75 insertions(+), 4 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index c94c843a83..af8fa475d1 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -502,11 +502,12 @@ static int partition_init(struct ldb_module *module) { int ret, i; TALLOC_CTX *mem_ctx = talloc_new(module); - static const char *attrs[] = { "partition", "replicateEntries", NULL }; + static const char *attrs[] = { "partition", "replicateEntries", "modules", NULL }; struct ldb_result *res; struct ldb_message *msg; struct ldb_message_element *partition_attributes; struct ldb_message_element *replicate_attributes; + struct ldb_message_element *modules_attributes; struct partition_private_data *data; @@ -545,6 +546,7 @@ static int partition_init(struct ldb_module *module) ldb_set_errstring(module->ldb, talloc_asprintf(module, "partition_init: " "no partitions specified")); + talloc_free(mem_ctx); return LDB_ERR_CONSTRAINT_VIOLATION; } data->partitions = talloc_array(data, struct partition *, partition_attributes->num_values + 1); @@ -559,6 +561,7 @@ static int partition_init(struct ldb_module *module) ldb_set_errstring(module->ldb, talloc_asprintf(module, "partition_init: " "invalid form for partition record (missing ':'): %s", base)); + talloc_free(mem_ctx); return LDB_ERR_CONSTRAINT_VIOLATION; } p[0] = '\0'; @@ -567,6 +570,7 @@ static int partition_init(struct ldb_module *module) ldb_set_errstring(module->ldb, talloc_asprintf(module, "partition_init: " "invalid form for partition record (missing backend database): %s", base)); + talloc_free(mem_ctx); return LDB_ERR_CONSTRAINT_VIOLATION; } data->partitions[i] = talloc(data->partitions, struct partition); @@ -580,12 +584,14 @@ static int partition_init(struct ldb_module *module) ldb_set_errstring(module->ldb, talloc_asprintf(module, "partition_init: " "invalid DN in partition record: %s", base)); + talloc_free(mem_ctx); return LDB_ERR_CONSTRAINT_VIOLATION; } data->partitions[i]->backend = private_path(data->partitions[i], p); ret = ldb_connect_backend(module->ldb, data->partitions[i]->backend, NULL, &data->partitions[i]->module); if (ret != LDB_SUCCESS) { + talloc_free(mem_ctx); return ret; } } @@ -600,6 +606,7 @@ static int partition_init(struct ldb_module *module) req = talloc_zero(mem_ctx, struct ldb_request); if (req == NULL) { ldb_debug(module->ldb, LDB_DEBUG_ERROR, "partition: Out of memory!\n"); + talloc_free(mem_ctx); return LDB_ERR_OPERATIONS_ERROR; } @@ -609,6 +616,7 @@ static int partition_init(struct ldb_module *module) ret = ldb_request(module->ldb, req); if (ret != LDB_SUCCESS) { ldb_debug(module->ldb, LDB_DEBUG_ERROR, "partition: Unable to register partition with rootdse!\n"); + talloc_free(mem_ctx); return LDB_ERR_OTHER; } talloc_free(req); @@ -616,9 +624,6 @@ static int partition_init(struct ldb_module *module) replicate_attributes = ldb_msg_find_element(msg, "replicateEntries"); if (!replicate_attributes) { - ldb_set_errstring(module->ldb, - talloc_asprintf(module, "partition_init: " - "no entries to replicate specified")); data->replicate = NULL; } else { data->replicate = talloc_array(data, struct ldb_dn *, replicate_attributes->num_values + 1); @@ -634,12 +639,78 @@ static int partition_init(struct ldb_module *module) talloc_asprintf(module, "partition_init: " "invalid DN in partition replicate record: %s", replicate_attributes->values[i].data)); + talloc_free(mem_ctx); return LDB_ERR_CONSTRAINT_VIOLATION; } } data->replicate[i] = NULL; } + modules_attributes = ldb_msg_find_element(msg, "modules"); + if (modules_attributes) { + for (i=0; i < modules_attributes->num_values; i++) { + struct ldb_dn *base_dn; + int partition_idx; + struct partition *partition = NULL; + const char **modules = NULL; + + char *base = talloc_strdup(data->partitions, (char *)modules_attributes->values[i].data); + char *p = strchr(base, ':'); + if (!p) { + ldb_set_errstring(module->ldb, + talloc_asprintf(mem_ctx, "partition_init: " + "invalid form for partition module record (missing ':'): %s", base)); + talloc_free(mem_ctx); + return LDB_ERR_CONSTRAINT_VIOLATION; + } + p[0] = '\0'; + p++; + if (!p[0]) { + ldb_set_errstring(module->ldb, + talloc_asprintf(mem_ctx, "partition_init: " + "invalid form for partition module record (missing backend database): %s", base)); + talloc_free(mem_ctx); + return LDB_ERR_CONSTRAINT_VIOLATION; + } + + modules = ldb_modules_list_from_string(module->ldb, mem_ctx, + p); + + base_dn = ldb_dn_explode(mem_ctx, base); + if (!base_dn) { + talloc_free(mem_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + + for (partition_idx = 0; data->partitions[partition_idx]; partition_idx++) { + if (ldb_dn_compare(module->ldb, data->partitions[partition_idx]->dn, + base_dn) == 0) { + partition = data->partitions[partition_idx]; + break; + } + } + + if (!partition) { + ldb_set_errstring(module->ldb, + talloc_asprintf(mem_ctx, "partition_init: " + "invalid form for partition module record (no such partition): %s", base)); + talloc_free(mem_ctx); + return LDB_ERR_CONSTRAINT_VIOLATION; + } + + ret = ldb_load_modules_list(module->ldb, modules, partition->module, &partition->module); + if (ret != LDB_SUCCESS) { + talloc_free(mem_ctx); + return ret; + } + ret = ldb_init_module_chain(module->ldb, partition->module); + if (ret != LDB_SUCCESS) { + talloc_free(mem_ctx); + return ret; + } + } + } + module->private_data = data; talloc_steal(module, data); -- cgit From 8b9e08fe76bb324b78ff33b766a46dec2f7492ec Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sat, 12 Aug 2006 15:22:58 +0000 Subject: r17505: we are setting the timeout with the provide function right after. (This used to be commit 6520e3c83acfbb7b6aa63d1cbebe8f8801db292f) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 1 - 1 file changed, 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index ae02eb9e98..804235258f 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -512,7 +512,6 @@ static int build_domain_data_request(struct ph_context *ac) ac->dom_req->controls = NULL; ac->dom_req->context = ac; ac->dom_req->callback = get_domain_data_callback; - ac->dom_req->timeout = ac->orig_req->timeout; ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->dom_req); return LDB_SUCCESS; -- cgit From faed8175063b16df94d5332581baf1af0562bb09 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sun, 13 Aug 2006 07:33:57 +0000 Subject: r17514: Simplify the way to set ldb errors and add another helper function to set them. (This used to be commit 260868bae56194fcb98d55afc22fc66d96a303df) --- source4/dsdb/samdb/ldb_modules/extended_dn.c | 2 +- source4/dsdb/samdb/ldb_modules/kludge_acl.c | 11 ++-- source4/dsdb/samdb/ldb_modules/local_password.c | 41 +++++++-------- source4/dsdb/samdb/ldb_modules/partition.c | 61 +++++++++++----------- source4/dsdb/samdb/ldb_modules/password_hash.c | 68 +++++++++++-------------- source4/dsdb/samdb/ldb_modules/proxy.c | 2 +- source4/dsdb/samdb/ldb_modules/rootdse.c | 2 +- source4/dsdb/samdb/ldb_modules/samldb.c | 68 ++++++++++++++----------- 8 files changed, 125 insertions(+), 130 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/extended_dn.c b/source4/dsdb/samdb/ldb_modules/extended_dn.c index e79af57042..64600fff8b 100644 --- a/source4/dsdb/samdb/ldb_modules/extended_dn.c +++ b/source4/dsdb/samdb/ldb_modules/extended_dn.c @@ -184,7 +184,7 @@ static int extended_callback(struct ldb_context *ldb, void *context, struct ldb_ struct extended_context *ac; if (!context || !ares) { - ldb_set_errstring(ldb, talloc_asprintf(ldb, "NULL Context or Result in callback")); + ldb_set_errstring(ldb, "NULL Context or Result in callback"); goto error; } diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index ecb3e00f95..088f2657cc 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -114,7 +114,7 @@ static int kludge_acl_callback(struct ldb_context *ldb, void *context, struct ld int i; if (!context || !ares) { - ldb_set_errstring(ldb, talloc_asprintf(ldb, "NULL Context or Result in callback")); + ldb_set_errstring(ldb, "NULL Context or Result in callback"); goto error; } @@ -199,10 +199,11 @@ static int kludge_acl_change(struct ldb_module *module, struct ldb_request *req) case ADMINISTRATOR: return ldb_next_request(module, req); default: - ldb_set_errstring(module->ldb, - talloc_asprintf(req, "kludge_acl_change: " - "attempted database modify not permitted. User %s is not SYSTEM or an administrator", - user_name(req, module))); + ldb_asprintf_errstring(module->ldb, + "kludge_acl_change: " + "attempted database modify not permitted. " + "User %s is not SYSTEM or an administrator", + user_name(req, module)); return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS; } } diff --git a/source4/dsdb/samdb/ldb_modules/local_password.c b/source4/dsdb/samdb/ldb_modules/local_password.c index 90fb3ae23b..85e4318693 100644 --- a/source4/dsdb/samdb/ldb_modules/local_password.c +++ b/source4/dsdb/samdb/ldb_modules/local_password.c @@ -96,7 +96,7 @@ static struct ldb_handle *lpdb_init_handle(struct ldb_request *req, struct ldb_m h = talloc_zero(req, struct ldb_handle); if (h == NULL) { - ldb_set_errstring(module->ldb, talloc_asprintf(module, "Out of Memory")); + ldb_set_errstring(module->ldb, "Out of Memory"); return NULL; } @@ -104,7 +104,7 @@ static struct ldb_handle *lpdb_init_handle(struct ldb_request *req, struct ldb_m ac = talloc_zero(h, struct lpdb_context); if (ac == NULL) { - ldb_set_errstring(module->ldb, talloc_asprintf(module, "Out of Memory")); + ldb_set_errstring(module->ldb, "Out of Memory"); talloc_free(h); return NULL; } @@ -159,8 +159,9 @@ static int local_password_add(struct ldb_module *module, struct ldb_request *req /* TODO: remove this when sambaPassword will be in schema */ if (!ldb_msg_check_string_attribute(req->op.add.message, "objectClass", "person")) { - ldb_set_errstring(module->ldb, talloc_asprintf(module, "Cannot relocate a password on entry: %s, does not have objectClass 'person'", - ldb_dn_linearize(req, req->op.add.message->dn))); + ldb_asprintf_errstring(module->ldb, + "Cannot relocate a password on entry: %s, does not have objectClass 'person'", + ldb_dn_linearize(req, req->op.add.message->dn)); return LDB_ERR_OBJECT_CLASS_VIOLATION; } @@ -217,8 +218,7 @@ static int local_password_add(struct ldb_module *module, struct ldb_request *req * search', to allow the directory to create the objectGUID */ if (ldb_msg_find_ldb_val(ac->orig_req->op.add.message, "objectGUID") == NULL) { ldb_set_errstring(module->ldb, - talloc_asprintf(req, - "no objectGUID found in search: local_password module must be configured below objectGUID module!\n")); + "no objectGUID found in search: local_password module must be configured below objectGUID module!\n"); return LDB_ERR_CONSTRAINT_VIOLATION; } @@ -361,7 +361,7 @@ static int get_self_callback(struct ldb_context *ldb, void *context, struct ldb_ struct lpdb_context *ac; if (!context || !ares) { - ldb_set_errstring(ldb, talloc_asprintf(ldb, "NULL Context or Result in callback")); + ldb_set_errstring(ldb, "NULL Context or Result in callback"); return LDB_ERR_OPERATIONS_ERROR; } @@ -370,7 +370,7 @@ static int get_self_callback(struct ldb_context *ldb, void *context, struct ldb_ /* we are interested only in the single reply (base search) we receive here */ if (ares->type == LDB_REPLY_ENTRY) { if (ac->search_res != NULL) { - ldb_set_errstring(ldb, talloc_asprintf(ldb, "Too many results")); + ldb_set_errstring(ldb, "Too many results"); talloc_free(ares); return LDB_ERR_OPERATIONS_ERROR; } @@ -404,7 +404,7 @@ static int local_password_mod_search_self(struct ldb_handle *h) { ac->search_req->op.search.scope = LDB_SCOPE_BASE; ac->search_req->op.search.tree = ldb_parse_tree(ac->module->ldb, NULL); if (ac->search_req->op.search.tree == NULL) { - ldb_set_errstring(ac->module->ldb, talloc_asprintf(ac, "Invalid search filter")); + ldb_set_errstring(ac->module->ldb, "Invalid search filter"); return LDB_ERR_OPERATIONS_ERROR; } ac->search_req->op.search.attrs = attrs; @@ -429,10 +429,9 @@ static int local_password_mod_local(struct ldb_handle *h) { /* if it is not an entry of type person this is an error */ /* TODO: remove this when sambaPassword will be in schema */ if (!ac->search_res) { - ldb_set_errstring(ac->module->ldb, - talloc_asprintf(ac, - "entry just modified (%s) not found!", - ldb_dn_linearize(ac, ac->remote_req->op.mod.message->dn))); + ldb_asprintf_errstring(ac->module->ldb, + "entry just modified (%s) not found!", + ldb_dn_linearize(ac, ac->remote_req->op.mod.message->dn)); return LDB_ERR_OPERATIONS_ERROR; } if (!ldb_msg_check_string_attribute(ac->search_res->message, "objectClass", "person")) { @@ -442,8 +441,7 @@ static int local_password_mod_local(struct ldb_handle *h) { if (ldb_msg_find_ldb_val(ac->search_res->message, "objectGUID") == NULL) { ldb_set_errstring(ac->module->ldb, - talloc_asprintf(ac, - "no objectGUID found in search: local_password module must be configured below objectGUID module!\n")); + "no objectGUID found in search: local_password module must be configured below objectGUID module!\n"); return LDB_ERR_OBJECT_CLASS_VIOLATION; } @@ -470,7 +468,7 @@ static int lpdb_local_search_callback(struct ldb_context *ldb, void *context, st struct lpdb_local_search_context *local_context; if (!context || !ares) { - ldb_set_errstring(ldb, talloc_asprintf(ldb, "NULL Context or Result in callback")); + ldb_set_errstring(ldb, "NULL Context or Result in callback"); return LDB_ERR_OPERATIONS_ERROR; } @@ -482,7 +480,7 @@ static int lpdb_local_search_callback(struct ldb_context *ldb, void *context, st { int i; if (local_context->local_res != NULL) { - ldb_set_errstring(ldb, talloc_asprintf(ldb, "Too many results to base search for password entry!")); + ldb_set_errstring(ldb, "Too many results to base search for password entry!"); talloc_free(ares); return LDB_ERR_OPERATIONS_ERROR; } @@ -527,7 +525,7 @@ static int lpdb_local_search_callback(struct ldb_context *ldb, void *context, st default: { talloc_free(ares); - ldb_set_errstring(ldb, talloc_asprintf(ldb, "Unexpected result type in base search for password entry!")); + ldb_set_errstring(ldb, "Unexpected result type in base search for password entry!"); return LDB_ERR_OPERATIONS_ERROR; } } @@ -540,7 +538,7 @@ static int lpdb_remote_search_callback(struct ldb_context *ldb, void *context, s struct lpdb_context *ac; if (!context || !ares) { - ldb_set_errstring(ldb, talloc_asprintf(ldb, "NULL Context or Result in callback")); + ldb_set_errstring(ldb, "NULL Context or Result in callback"); goto error; } @@ -568,8 +566,7 @@ static int lpdb_remote_search_callback(struct ldb_context *ldb, void *context, s if (ldb_msg_find_ldb_val(ares->message, "objectGUID") == NULL) { ldb_set_errstring(ac->module->ldb, - talloc_asprintf(ac, - "no objectGUID found in search: local_password module must be configured below objectGUID module!\n")); + "no objectGUID found in search: local_password module must be configured below objectGUID module!\n"); return LDB_ERR_OPERATIONS_ERROR; } @@ -606,7 +603,7 @@ static int lpdb_remote_search_callback(struct ldb_context *ldb, void *context, s req->op.search.scope = LDB_SCOPE_BASE; req->op.search.tree = ldb_parse_tree(ac->module->ldb, NULL); if (req->op.search.tree == NULL) { - ldb_set_errstring(ac->module->ldb, talloc_asprintf(ac, "out of memory")); + ldb_set_errstring(ac->module->ldb, "Out of Memory"); return LDB_ERR_OPERATIONS_ERROR; } req->op.search.attrs = ac->orig_req->op.search.attrs; diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index af8fa475d1..ba0c2bc9f4 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -61,7 +61,7 @@ static struct ldb_handle *partition_init_handle(struct ldb_request *req, struct h = talloc_zero(req, struct ldb_handle); if (h == NULL) { - ldb_set_errstring(module->ldb, talloc_asprintf(module, "Out of Memory")); + ldb_set_errstring(module->ldb, "Out of Memory"); return NULL; } @@ -69,7 +69,7 @@ static struct ldb_handle *partition_init_handle(struct ldb_request *req, struct ac = talloc_zero(h, struct partition_context); if (ac == NULL) { - ldb_set_errstring(module->ldb, talloc_asprintf(module, "Out of Memory")); + ldb_set_errstring(module->ldb, "Out of Memory"); talloc_free(h); return NULL; } @@ -128,7 +128,7 @@ static int partition_search_callback(struct ldb_context *ldb, void *context, str struct partition_context *ac; if (!context || !ares) { - ldb_set_errstring(ldb, talloc_asprintf(ldb, "partition_search_callback: NULL Context or Result in 'search' callback")); + ldb_set_errstring(ldb, "partition_search_callback: NULL Context or Result in 'search' callback"); goto error; } @@ -158,7 +158,7 @@ static int partition_other_callback(struct ldb_context *ldb, void *context, stru struct partition_context *ac; if (!context) { - ldb_set_errstring(ldb, talloc_asprintf(ldb, "partition_other_callback: NULL Context in 'other' callback")); + ldb_set_errstring(ldb, "partition_other_callback: NULL Context in 'other' callback"); goto error; } @@ -179,7 +179,7 @@ static int partition_other_callback(struct ldb_context *ldb, void *context, stru talloc_free(ares); return LDB_SUCCESS; } - ldb_set_errstring(ldb, talloc_asprintf(ldb, "partition_other_callback: Unknown reply type, only supports START_TLS")); + ldb_set_errstring(ldb, "partition_other_callback: Unknown reply type, only supports START_TLS"); error: talloc_free(ares); return LDB_ERR_OPERATIONS_ERROR; @@ -194,12 +194,12 @@ static int partition_send_request(struct partition_context *ac, struct ldb_modul ac->down_req = talloc_realloc(ac, ac->down_req, struct ldb_request *, ac->num_requests + 1); if (!ac->down_req) { - ldb_set_errstring(ac->module->ldb, talloc_asprintf(ac->module->ldb, "Out of memory!")); + ldb_set_errstring(ac->module->ldb, "Out of Memory"); return LDB_ERR_OPERATIONS_ERROR; } ac->down_req[ac->num_requests] = talloc(ac, struct ldb_request); if (ac->down_req[ac->num_requests] == NULL) { - ldb_set_errstring(ac->module->ldb, talloc_asprintf(ac->module->ldb, "Out of memory!")); + ldb_set_errstring(ac->module->ldb, "Out of Memory"); return LDB_ERR_OPERATIONS_ERROR; } @@ -543,9 +543,7 @@ static int partition_init(struct ldb_module *module) partition_attributes = ldb_msg_find_element(msg, "partition"); if (!partition_attributes) { - ldb_set_errstring(module->ldb, - talloc_asprintf(module, "partition_init: " - "no partitions specified")); + ldb_set_errstring(module->ldb, "partition_init: no partitions specified"); talloc_free(mem_ctx); return LDB_ERR_CONSTRAINT_VIOLATION; } @@ -558,18 +556,18 @@ static int partition_init(struct ldb_module *module) char *base = talloc_strdup(data->partitions, (char *)partition_attributes->values[i].data); char *p = strchr(base, ':'); if (!p) { - ldb_set_errstring(module->ldb, - talloc_asprintf(module, "partition_init: " - "invalid form for partition record (missing ':'): %s", base)); + ldb_asprintf_errstring(module->ldb, + "partition_init: " + "invalid form for partition record (missing ':'): %s", base); talloc_free(mem_ctx); return LDB_ERR_CONSTRAINT_VIOLATION; } p[0] = '\0'; p++; if (!p[0]) { - ldb_set_errstring(module->ldb, - talloc_asprintf(module, "partition_init: " - "invalid form for partition record (missing backend database): %s", base)); + ldb_asprintf_errstring(module->ldb, + "partition_init: " + "invalid form for partition record (missing backend database): %s", base); talloc_free(mem_ctx); return LDB_ERR_CONSTRAINT_VIOLATION; } @@ -581,9 +579,8 @@ static int partition_init(struct ldb_module *module) data->partitions[i]->dn = ldb_dn_explode(data->partitions[i], base); if (!data->partitions[i]->dn) { - ldb_set_errstring(module->ldb, - talloc_asprintf(module, "partition_init: " - "invalid DN in partition record: %s", base)); + ldb_asprintf_errstring(module->ldb, + "partition_init: invalid DN in partition record: %s", base); talloc_free(mem_ctx); return LDB_ERR_CONSTRAINT_VIOLATION; } @@ -635,10 +632,10 @@ static int partition_init(struct ldb_module *module) for (i=0; i < replicate_attributes->num_values; i++) { data->replicate[i] = ldb_dn_explode(data->replicate, replicate_attributes->values[i].data); if (!data->replicate[i]) { - ldb_set_errstring(module->ldb, - talloc_asprintf(module, "partition_init: " - "invalid DN in partition replicate record: %s", - replicate_attributes->values[i].data)); + ldb_asprintf_errstring(module->ldb, + "partition_init: " + "invalid DN in partition replicate record: %s", + replicate_attributes->values[i].data); talloc_free(mem_ctx); return LDB_ERR_CONSTRAINT_VIOLATION; } @@ -657,18 +654,18 @@ static int partition_init(struct ldb_module *module) char *base = talloc_strdup(data->partitions, (char *)modules_attributes->values[i].data); char *p = strchr(base, ':'); if (!p) { - ldb_set_errstring(module->ldb, - talloc_asprintf(mem_ctx, "partition_init: " - "invalid form for partition module record (missing ':'): %s", base)); + ldb_asprintf_errstring(module->ldb, + "partition_init: " + "invalid form for partition module record (missing ':'): %s", base); talloc_free(mem_ctx); return LDB_ERR_CONSTRAINT_VIOLATION; } p[0] = '\0'; p++; if (!p[0]) { - ldb_set_errstring(module->ldb, - talloc_asprintf(mem_ctx, "partition_init: " - "invalid form for partition module record (missing backend database): %s", base)); + ldb_asprintf_errstring(module->ldb, + "partition_init: " + "invalid form for partition module record (missing backend database): %s", base); talloc_free(mem_ctx); return LDB_ERR_CONSTRAINT_VIOLATION; } @@ -691,9 +688,9 @@ static int partition_init(struct ldb_module *module) } if (!partition) { - ldb_set_errstring(module->ldb, - talloc_asprintf(mem_ctx, "partition_init: " - "invalid form for partition module record (no such partition): %s", base)); + ldb_asprintf_errstring(module->ldb, + "partition_init: " + "invalid form for partition module record (no such partition): %s", base); talloc_free(mem_ctx); return LDB_ERR_CONSTRAINT_VIOLATION; } diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 804235258f..93af3ae260 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -156,10 +156,10 @@ static int add_krb5_keys_from_password(struct ldb_module *module, struct ldb_mes char *name = talloc_strdup(msg, samAccountName); char *saltbody; if (name == NULL) { - ldb_set_errstring(module->ldb, - talloc_asprintf(msg, "password_hash_handle: " - "generation of new kerberos keys failed: %s is a computer without a samAccountName", - ldb_dn_linearize(msg, msg->dn))); + ldb_asprintf_errstring(module->ldb, + "password_hash_handle: " + "generation of new kerberos keys failed: %s is a computer without a samAccountName", + ldb_dn_linearize(msg, msg->dn)); return LDB_ERR_OPERATIONS_ERROR; } if (name[strlen(name)-1] == '$') { @@ -187,10 +187,10 @@ static int add_krb5_keys_from_password(struct ldb_module *module, struct ldb_mes } } else { if (!samAccountName) { - ldb_set_errstring(module->ldb, - talloc_asprintf(msg, "password_hash_handle: " - "generation of new kerberos keys failed: %s has no samAccountName", - ldb_dn_linearize(msg, msg->dn))); + ldb_asprintf_errstring(module->ldb, + "password_hash_handle: " + "generation of new kerberos keys failed: %s has no samAccountName", + ldb_dn_linearize(msg, msg->dn)); return LDB_ERR_OPERATIONS_ERROR; } krb5_ret = krb5_make_principal(smb_krb5_context->krb5_context, @@ -200,11 +200,10 @@ static int add_krb5_keys_from_password(struct ldb_module *module, struct ldb_mes } if (krb5_ret) { - ldb_set_errstring(module->ldb, - talloc_asprintf(msg, "password_hash_handle: " - "generation of a saltking principal failed: %s", - smb_get_krb5_error_message(smb_krb5_context->krb5_context, - krb5_ret, msg))); + ldb_asprintf_errstring(module->ldb, + "password_hash_handle: " + "generation of a saltking principal failed: %s", + smb_get_krb5_error_message(smb_krb5_context->krb5_context, krb5_ret, msg)); return LDB_ERR_OPERATIONS_ERROR; } @@ -214,11 +213,10 @@ static int add_krb5_keys_from_password(struct ldb_module *module, struct ldb_mes krb5_free_principal(smb_krb5_context->krb5_context, salt_principal); if (krb5_ret) { - ldb_set_errstring(module->ldb, - talloc_asprintf(msg, "password_hash_handle: " - "generation of new kerberos keys failed: %s", - smb_get_krb5_error_message(smb_krb5_context->krb5_context, - krb5_ret, msg))); + ldb_asprintf_errstring(module->ldb, + "password_hash_handle: " + "generation of new kerberos keys failed: %s", + smb_get_krb5_error_message(smb_krb5_context->krb5_context, krb5_ret, msg)); return LDB_ERR_OPERATIONS_ERROR; } @@ -426,7 +424,7 @@ static struct ldb_handle *ph_init_handle(struct ldb_request *req, struct ldb_mod h = talloc_zero(req, struct ldb_handle); if (h == NULL) { - ldb_set_errstring(module->ldb, talloc_asprintf(module, "Out of Memory")); + ldb_set_errstring(module->ldb, "Out of Memory"); return NULL; } @@ -434,7 +432,7 @@ static struct ldb_handle *ph_init_handle(struct ldb_request *req, struct ldb_mod ac = talloc_zero(h, struct ph_context); if (ac == NULL) { - ldb_set_errstring(module->ldb, talloc_asprintf(module, "Out of Memory")); + ldb_set_errstring(module->ldb, "Out of Memory"); talloc_free(h); return NULL; } @@ -456,7 +454,7 @@ static int get_domain_data_callback(struct ldb_context *ldb, void *context, stru struct ph_context *ac; if (!context || !ares) { - ldb_set_errstring(ldb, talloc_asprintf(ldb, "NULL Context or Result in callback")); + ldb_set_errstring(ldb, "NULL Context or Result in callback"); return LDB_ERR_OPERATIONS_ERROR; } @@ -465,7 +463,7 @@ static int get_domain_data_callback(struct ldb_context *ldb, void *context, stru /* we are interested only in the single reply (base search) we receive here */ if (ares->type == LDB_REPLY_ENTRY) { if (ac->dom_res != NULL) { - ldb_set_errstring(ldb, talloc_asprintf(ldb, "Too many results")); + ldb_set_errstring(ldb, "Too many results"); talloc_free(ares); return LDB_ERR_OPERATIONS_ERROR; } @@ -504,7 +502,7 @@ static int build_domain_data_request(struct ph_context *ac) ac->dom_req->op.search.tree = ldb_parse_tree(ac->module->ldb, filter); if (ac->dom_req->op.search.tree == NULL) { - ldb_set_errstring(ac->module->ldb, talloc_asprintf(ac, "Invalid search filter")); + ldb_set_errstring(ac->module->ldb, "Invalid search filter"); talloc_free(ac->dom_req); return LDB_ERR_OPERATIONS_ERROR; } @@ -598,29 +596,23 @@ static int password_hash_add(struct ldb_module *module, struct ldb_request *req) /* if it is not an entry of type person its an error */ /* TODO: remove this when sambaPassword will be in schema */ if (!ldb_msg_check_string_attribute(req->op.add.message, "objectClass", "person")) { - ldb_set_errstring(module->ldb, talloc_asprintf(module, "Cannot set a password on entry that does not have objectClass 'person'")); + ldb_set_errstring(module->ldb, "Cannot set a password on entry that does not have objectClass 'person'"); return LDB_ERR_OBJECT_CLASS_VIOLATION; } /* check sambaPassword is single valued here */ /* TODO: remove this when sambaPassword will be single valued in schema */ if (sambaAttr && sambaAttr->num_values > 1) { - ldb_set_errstring(module->ldb, - talloc_asprintf(req, - "mupltiple values for sambaPassword not allowed!\n")); + ldb_set_errstring(module->ldb, "mupltiple values for sambaPassword not allowed!\n"); return LDB_ERR_CONSTRAINT_VIOLATION; } if (ntAttr && (ntAttr->num_values > 1)) { - ldb_set_errstring(module->ldb, - talloc_asprintf(req, - "mupltiple values for lmPwdHash not allowed!\n")); + ldb_set_errstring(module->ldb, "mupltiple values for lmPwdHash not allowed!\n"); return LDB_ERR_CONSTRAINT_VIOLATION; } if (lmAttr && (lmAttr->num_values > 1)) { - ldb_set_errstring(module->ldb, - talloc_asprintf(req, - "mupltiple values for lmPwdHash not allowed!\n")); + ldb_set_errstring(module->ldb, "mupltiple values for lmPwdHash not allowed!\n"); return LDB_ERR_CONSTRAINT_VIOLATION; } @@ -807,7 +799,7 @@ static int password_hash_modify(struct ldb_module *module, struct ldb_request *r /* prepare the first operation */ ac->down_req = talloc_zero(ac, struct ldb_request); if (ac->down_req == NULL) { - ldb_set_errstring(module->ldb, talloc_asprintf(module->ldb, "Out of memory!")); + ldb_set_errstring(module->ldb, "Out of memory!"); return LDB_ERR_OPERATIONS_ERROR; } @@ -844,7 +836,7 @@ static int get_self_callback(struct ldb_context *ldb, void *context, struct ldb_ struct ph_context *ac; if (!context || !ares) { - ldb_set_errstring(ldb, talloc_asprintf(ldb, "NULL Context or Result in callback")); + ldb_set_errstring(ldb, "NULL Context or Result in callback"); return LDB_ERR_OPERATIONS_ERROR; } @@ -853,7 +845,7 @@ static int get_self_callback(struct ldb_context *ldb, void *context, struct ldb_ /* we are interested only in the single reply (base search) we receive here */ if (ares->type == LDB_REPLY_ENTRY) { if (ac->search_res != NULL) { - ldb_set_errstring(ldb, talloc_asprintf(ldb, "Too many results")); + ldb_set_errstring(ldb, "Too many results"); talloc_free(ares); return LDB_ERR_OPERATIONS_ERROR; } @@ -861,7 +853,7 @@ static int get_self_callback(struct ldb_context *ldb, void *context, struct ldb_ /* if it is not an entry of type person this is an error */ /* TODO: remove this when sambaPassword will be in schema */ if (!ldb_msg_check_string_attribute(ares->message, "objectClass", "person")) { - ldb_set_errstring(ldb, talloc_asprintf(ldb, "Object class violation")); + ldb_set_errstring(ldb, "Object class violation"); talloc_free(ares); return LDB_ERR_OBJECT_CLASS_VIOLATION; } @@ -899,7 +891,7 @@ static int password_hash_mod_search_self(struct ldb_handle *h) { ac->search_req->op.search.scope = LDB_SCOPE_BASE; ac->search_req->op.search.tree = ldb_parse_tree(ac->module->ldb, NULL); if (ac->search_req->op.search.tree == NULL) { - ldb_set_errstring(ac->module->ldb, talloc_asprintf(ac, "Invalid search filter")); + ldb_set_errstring(ac->module->ldb, "Invalid search filter"); return LDB_ERR_OPERATIONS_ERROR; } ac->search_req->op.search.attrs = attrs; diff --git a/source4/dsdb/samdb/ldb_modules/proxy.c b/source4/dsdb/samdb/ldb_modules/proxy.c index 6a7d04d331..c8e5a91e58 100644 --- a/source4/dsdb/samdb/ldb_modules/proxy.c +++ b/source4/dsdb/samdb/ldb_modules/proxy.c @@ -298,7 +298,7 @@ static int proxy_search_bytree(struct ldb_module *module, struct ldb_request *re newreq->controls = req->controls; ret = ldb_request(proxy->upstream, newreq); if (ret != LDB_SUCCESS) { - ldb_set_errstring(module->ldb, talloc_strdup(module, ldb_errstring(proxy->upstream))); + ldb_set_errstring(module->ldb, ldb_errstring(proxy->upstream)); talloc_free(newreq); return -1; } diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index efb3d9a05f..ab9c43577c 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -152,7 +152,7 @@ static int rootdse_callback(struct ldb_context *ldb, void *context, struct ldb_r struct rootdse_context *ac; if (!context || !ares) { - ldb_set_errstring(ldb, talloc_asprintf(ldb, "NULL Context or Result in callback")); + ldb_set_errstring(ldb, "NULL Context or Result in callback"); goto error; } diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index d0c278257e..55f545a45a 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -138,9 +138,9 @@ static int samldb_find_next_rid(struct ldb_module *module, TALLOC_CTX *mem_ctx, str = ldb_msg_find_string(res->msgs[0], "nextRid", NULL); if (str == NULL) { - ldb_set_errstring(module->ldb, - talloc_asprintf(mem_ctx, "attribute nextRid not found in %s\n", - ldb_dn_linearize(res, dn))); + ldb_asprintf_errstring(module->ldb, + "attribute nextRid not found in %s\n", + ldb_dn_linearize(res, dn)); talloc_free(res); return LDB_ERR_OPERATIONS_ERROR; } @@ -177,7 +177,9 @@ static int samldb_allocate_next_rid(struct ldb_module *module, TALLOC_CTX *mem_c * This is a critical situation it means that someone messed up with * the DB and nextRid is not returning free RIDs, report an error * and refuse to create any user until the problem is fixed */ - ldb_set_errstring(module->ldb, talloc_asprintf(mem_ctx, "Critical Error: unconsistent DB, unable to retireve an unique RID to generate a new SID: %s", ldb_errstring(module->ldb))); + ldb_asprintf_errstring(module->ldb, + "Critical Error: unconsistent DB, unable to retireve an unique RID to generate a new SID: %s", + ldb_errstring(module->ldb)); return ret; } return ret; @@ -233,7 +235,9 @@ static int samldb_get_new_sid(struct ldb_module *module, dom_dn = samldb_search_domain(module, mem_ctx, obj_dn); if (dom_dn == NULL) { - ldb_set_errstring(module->ldb, talloc_asprintf(mem_ctx, "Invalid dn (%s) not child of a domain object!\n", ldb_dn_linearize(mem_ctx, obj_dn))); + ldb_asprintf_errstring(module->ldb, + "Invalid dn (%s) not child of a domain object!\n", + ldb_dn_linearize(mem_ctx, obj_dn)); return LDB_ERR_CONSTRAINT_VIOLATION; } @@ -241,22 +245,24 @@ static int samldb_get_new_sid(struct ldb_module *module, ret = ldb_search(module->ldb, dom_dn, LDB_SCOPE_BASE, "objectSid=*", attrs, &res); if (ret != LDB_SUCCESS) { - ldb_set_errstring(module->ldb, talloc_asprintf(module, "samldb_get_new_sid: error retrieving domain sid from %s: %s!\n", - ldb_dn_linearize(mem_ctx, dom_dn), - ldb_errstring(module->ldb))); + ldb_asprintf_errstring(module->ldb, + "samldb_get_new_sid: error retrieving domain sid from %s: %s!\n", + ldb_dn_linearize(mem_ctx, dom_dn), + ldb_errstring(module->ldb)); talloc_free(res); return ret; } if (res->count != 1) { - ldb_set_errstring(module->ldb, talloc_asprintf(module, "samldb_get_new_sid: error retrieving domain sid from %s: not found!\n", - ldb_dn_linearize(mem_ctx, dom_dn))); + ldb_asprintf_errstring(module->ldb, + "samldb_get_new_sid: error retrieving domain sid from %s: not found!\n", + ldb_dn_linearize(mem_ctx, dom_dn)); return LDB_ERR_CONSTRAINT_VIOLATION; } dom_sid = samdb_result_dom_sid(res, res->msgs[0], "objectSid"); if (dom_sid == NULL) { - ldb_set_errstring(module->ldb, talloc_asprintf(module, "samldb_get_new_sid: error parsing domain sid!\n")); + ldb_set_errstring(module->ldb, "samldb_get_new_sid: error parsing domain sid!\n"); talloc_free(res); return LDB_ERR_CONSTRAINT_VIOLATION; } @@ -299,19 +305,19 @@ int samldb_notice_sid(struct ldb_module *module, if (ret == LDB_SUCCESS) { if (res->count > 0) { talloc_free(res); - ldb_set_errstring(module->ldb, - talloc_asprintf(mem_ctx, - "Attempt to add record with SID %s rejected," - " because this SID is already in the database", - dom_sid_string(mem_ctx, sid))); + ldb_asprintf_errstring(module->ldb, + "Attempt to add record with SID %s rejected," + " because this SID is already in the database", + dom_sid_string(mem_ctx, sid)); /* We have a duplicate SID, we must reject the add */ return LDB_ERR_CONSTRAINT_VIOLATION; } talloc_free(res); } else { - ldb_set_errstring(module->ldb, talloc_asprintf(mem_ctx, "samldb_notice_sid: error searching to see if sid %s is in use: %s\n", - dom_sid_string(mem_ctx, sid), - ldb_errstring(module->ldb))); + ldb_asprintf_errstring(module->ldb, + "samldb_notice_sid: error searching to see if sid %s is in use: %s\n", + dom_sid_string(mem_ctx, sid), + ldb_errstring(module->ldb)); return ret; } @@ -338,14 +344,16 @@ int samldb_notice_sid(struct ldb_module *module, if (dom_res->count > 1) { talloc_free(dom_res); - ldb_set_errstring(module->ldb, talloc_asprintf(module, "samldb_notice_sid: error retrieving domain from sid: duplicate (found %d) domain: %s!\n", - dom_res->count, dom_sid_string(dom_res, dom_sid))); + ldb_asprintf_errstring(module->ldb, + "samldb_notice_sid: error retrieving domain from sid: duplicate (found %d) domain: %s!\n", + dom_res->count, dom_sid_string(dom_res, dom_sid)); return LDB_ERR_OPERATIONS_ERROR; } } else { - ldb_set_errstring(module->ldb, talloc_asprintf(module, "samldb_notice_sid: error retrieving domain from sid: %s: %s\n", - dom_sid_string(dom_res, dom_sid), - ldb_errstring(module->ldb))); + ldb_asprintf_errstring(module->ldb, + "samldb_notice_sid: error retrieving domain from sid: %s: %s\n", + dom_sid_string(dom_res, dom_sid), + ldb_errstring(module->ldb)); return ret; } @@ -537,7 +545,7 @@ static int samldb_fill_user_or_computer_object(struct ldb_module *module, const rdn = ldb_dn_get_rdn(msg2, msg2->dn); if (strcasecmp(rdn->name, "cn") != 0) { - ldb_set_errstring(module->ldb, talloc_asprintf(module, "Bad RDN (%s=) for user/computer, should be CN=!\n", rdn->name)); + ldb_asprintf_errstring(module->ldb, "Bad RDN (%s=) for user/computer, should be CN=!\n", rdn->name); talloc_free(mem_ctx); return LDB_ERR_CONSTRAINT_VIOLATION; } @@ -606,7 +614,7 @@ static int samldb_fill_foreignSecurityPrincipal_object(struct ldb_module *module rdn = ldb_dn_get_rdn(msg2, msg2->dn); if (strcasecmp(rdn->name, "cn") != 0) { - ldb_set_errstring(module->ldb, talloc_asprintf(module, "Bad RDN (%s=) for ForeignSecurityPrincipal, should be CN=!", rdn->name)); + ldb_asprintf_errstring(module->ldb, "Bad RDN (%s=) for ForeignSecurityPrincipal, should be CN=!", rdn->name); talloc_free(mem_ctx); return LDB_ERR_CONSTRAINT_VIOLATION; } @@ -617,7 +625,7 @@ static int samldb_fill_foreignSecurityPrincipal_object(struct ldb_module *module sid = dom_sid_parse_talloc(msg2, (const char *)rdn->value.data); if (!sid) { - ldb_set_errstring(module->ldb, talloc_asprintf(module, "No valid found SID in ForeignSecurityPrincipal CN!")); + ldb_set_errstring(module->ldb, "No valid found SID in ForeignSecurityPrincipal CN!"); talloc_free(mem_ctx); return LDB_ERR_CONSTRAINT_VIOLATION; } @@ -647,9 +655,9 @@ static int samldb_fill_foreignSecurityPrincipal_object(struct ldb_module *module ldb_debug(module->ldb, LDB_DEBUG_TRACE, "NOTE (strange but valid): Adding foreign SID record with SID %s, but this domian (%s) is already in the database", dom_sid_string(mem_ctx, sid), name); } else if (ret == -1) { - ldb_set_errstring(module->ldb, talloc_asprintf(mem_ctx, - "samldb_fill_foreignSecurityPrincipal_object: error searching for a domain with this sid: %s\n", - dom_sid_string(mem_ctx, dom_sid))); + ldb_asprintf_errstring(module->ldb, + "samldb_fill_foreignSecurityPrincipal_object: error searching for a domain with this sid: %s\n", + dom_sid_string(mem_ctx, dom_sid)); talloc_free(dom_msgs); return LDB_ERR_OPERATIONS_ERROR; } -- cgit From a23b63a8e54db7d0ec98ad95cdca11dd4d039e17 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sun, 13 Aug 2006 08:00:36 +0000 Subject: r17516: Change helper function names to make more clear what they are meant to do (This used to be commit ad75cf869550af66119d0293503024d41d834e02) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 22 +++++++++++----------- source4/dsdb/samdb/ldb_modules/proxy.c | 14 +++++++------- source4/dsdb/samdb/ldb_modules/samba3sam.c | 4 ++-- source4/dsdb/samdb/ldb_modules/samldb.c | 2 +- 4 files changed, 21 insertions(+), 21 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 93af3ae260..273cc60c30 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -99,7 +99,7 @@ static int add_password_hashes(struct ldb_module *module, struct ldb_message *ms const char *sambaPassword; struct samr_Password tmp_hash; - sambaPassword = ldb_msg_find_string(msg, "sambaPassword", NULL); + sambaPassword = ldb_msg_find_attr_as_string(msg, "sambaPassword", NULL); if (sambaPassword == NULL) { /* impossible, what happened ?! */ return LDB_ERR_OPERATIONS_ERROR; } @@ -146,7 +146,7 @@ static int add_krb5_keys_from_password(struct ldb_module *module, struct ldb_mes * algorithm, described in his Nov 10 2004 mail to * samba-technical@samba.org */ - sambaPassword = ldb_msg_find_string(msg, "sambaPassword", NULL); + sambaPassword = ldb_msg_find_attr_as_string(msg, "sambaPassword", NULL); if (sambaPassword == NULL) { /* impossible, what happened ?! */ return LDB_ERR_OPERATIONS_ERROR; } @@ -536,7 +536,7 @@ static struct domain_data *get_domain_data(struct ldb_module *module, void *ctx, data->pwdProperties = samdb_result_uint(res->message, "pwdProperties", 0); data->pwdHistoryLength = samdb_result_uint(res->message, "pwdHistoryLength", 0); - tmp = ldb_msg_find_string(res->message, "dnsDomain", NULL); + tmp = ldb_msg_find_attr_as_string(res->message, "dnsDomain", NULL); if (tmp != NULL) { data->dnsDomain = talloc_strdup(data, tmp); @@ -684,8 +684,8 @@ static int password_hash_add_do_add(struct ldb_handle *h) { /* now add krb5 keys based on unicode password */ ret = add_krb5_keys_from_password(ac->module, msg, smb_krb5_context, domain, - ldb_msg_find_string(msg, "samAccountName", NULL), - ldb_msg_find_string(msg, "userPrincipalName", NULL), + ldb_msg_find_attr_as_string(msg, "samAccountName", NULL), + ldb_msg_find_attr_as_string(msg, "userPrincipalName", NULL), ldb_msg_check_string_attribute(msg, "objectClass", "computer")); if (ret != LDB_SUCCESS) { return ret; @@ -700,13 +700,13 @@ static int password_hash_add_do_add(struct ldb_handle *h) { /* if both the domain properties and the user account controls do not permit * clear text passwords then wipe out the sambaPassword */ if ((!(domain->pwdProperties & DOMAIN_PASSWORD_STORE_CLEARTEXT)) || - (!(ldb_msg_find_uint(msg, "userAccountControl", 0) & UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED))) { + (!(ldb_msg_find_attr_as_uint(msg, "userAccountControl", 0) & UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED))) { ldb_msg_remove_attr(msg, "sambaPassword"); } } /* don't touch it if a value is set. It could be an incoming samsync */ - if (ldb_msg_find_uint64(msg, "pwdLastSet", 0) == 0) { + if (ldb_msg_find_attr_as_uint64(msg, "pwdLastSet", 0) == 0) { if (set_pwdLastSet(ac->module, msg, 0) != LDB_SUCCESS) { return LDB_ERR_OPERATIONS_ERROR; } @@ -996,8 +996,8 @@ static int password_hash_mod_do_mod(struct ldb_handle *h) { /* now add krb5 keys based on unicode password */ ret = add_krb5_keys_from_password(ac->module, msg, smb_krb5_context, domain, - ldb_msg_find_string(ac->search_res->message, "samAccountName", NULL), - ldb_msg_find_string(ac->search_res->message, "userPrincipalName", NULL), + ldb_msg_find_attr_as_string(ac->search_res->message, "samAccountName", NULL), + ldb_msg_find_attr_as_string(ac->search_res->message, "userPrincipalName", NULL), ldb_msg_check_string_attribute(ac->search_res->message, "objectClass", "computer")); if (ret != LDB_SUCCESS) { @@ -1007,7 +1007,7 @@ static int password_hash_mod_do_mod(struct ldb_handle *h) { /* if the domain properties or the user account controls do not permit * clear text passwords then wipe out the sambaPassword */ if ((!(domain->pwdProperties & DOMAIN_PASSWORD_STORE_CLEARTEXT)) || - (!(ldb_msg_find_uint(ac->search_res->message, "userAccountControl", 0) & UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED))) { + (!(ldb_msg_find_attr_as_uint(ac->search_res->message, "userAccountControl", 0) & UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED))) { ldb_msg_remove_attr(msg, "sambaPassword"); } @@ -1043,7 +1043,7 @@ static int password_hash_mod_do_mod(struct ldb_handle *h) { if (!ldb_msg_find_element(ac->orig_req->op.mod.message, "msDS-KeyVersionNumber")) { if (add_keyVersionNumber(ac->module, msg, - ldb_msg_find_uint(ac->search_res->message, + ldb_msg_find_attr_as_uint(ac->search_res->message, "msDS-KeyVersionNumber", 0) ) != LDB_SUCCESS) { return LDB_ERR_OPERATIONS_ERROR; diff --git a/source4/dsdb/samdb/ldb_modules/proxy.c b/source4/dsdb/samdb/ldb_modules/proxy.c index c8e5a91e58..d2628f5d1d 100644 --- a/source4/dsdb/samdb/ldb_modules/proxy.c +++ b/source4/dsdb/samdb/ldb_modules/proxy.c @@ -81,13 +81,13 @@ static int load_proxy_info(struct ldb_module *module) goto failed; } - url = ldb_msg_find_string(res->msgs[0], "url", NULL); - olddn = ldb_msg_find_string(res->msgs[0], "olddn", NULL); - newdn = ldb_msg_find_string(res->msgs[0], "newdn", NULL); - username = ldb_msg_find_string(res->msgs[0], "username", NULL); - password = ldb_msg_find_string(res->msgs[0], "password", NULL); - oldstr = ldb_msg_find_string(res->msgs[0], "oldstr", NULL); - newstr = ldb_msg_find_string(res->msgs[0], "newstr", NULL); + url = ldb_msg_find_attr_as_string(res->msgs[0], "url", NULL); + olddn = ldb_msg_find_attr_as_string(res->msgs[0], "olddn", NULL); + newdn = ldb_msg_find_attr_as_string(res->msgs[0], "newdn", NULL); + username = ldb_msg_find_attr_as_string(res->msgs[0], "username", NULL); + password = ldb_msg_find_attr_as_string(res->msgs[0], "password", NULL); + oldstr = ldb_msg_find_attr_as_string(res->msgs[0], "oldstr", NULL); + newstr = ldb_msg_find_attr_as_string(res->msgs[0], "newstr", NULL); if (url == NULL || olddn == NULL || newdn == NULL || username == NULL || password == NULL) { ldb_debug(module->ldb, LDB_DEBUG_FATAL, "Need url, olddn, newdn, oldstr, newstr, username and password in @PROXYINFO\n"); diff --git a/source4/dsdb/samdb/ldb_modules/samba3sam.c b/source4/dsdb/samdb/ldb_modules/samba3sam.c index 06774780a1..80cedb7b08 100644 --- a/source4/dsdb/samdb/ldb_modules/samba3sam.c +++ b/source4/dsdb/samdb/ldb_modules/samba3sam.c @@ -49,7 +49,7 @@ static struct ldb_message_element *generate_primaryGroupID(struct ldb_module *module, TALLOC_CTX *ctx, const char *attr, const struct ldb_message *remote) { struct ldb_message_element *el; - const char *sid = ldb_msg_find_string(remote, attr, NULL); + const char *sid = ldb_msg_find_attr_as_string(remote, attr, NULL); if (!sid) return NULL; @@ -96,7 +96,7 @@ static void generate_sambaPrimaryGroupSID(struct ldb_module *module, const char sidstring = dom_sid_string(remote_mp, sid); talloc_free(sid); - ldb_msg_add_fmt(remote_mp, "sambaPrimaryGroupSID", "%s-%d", sidstring, ldb_msg_find_uint(local, "primaryGroupID", 0)); + ldb_msg_add_fmt(remote_mp, "sambaPrimaryGroupSID", "%s-%d", sidstring, ldb_msg_find_attr_as_uint(local, "primaryGroupID", 0)); talloc_free(sidstring); } diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 55f545a45a..67724d56b5 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -136,7 +136,7 @@ static int samldb_find_next_rid(struct ldb_module *module, TALLOC_CTX *mem_ctx, return LDB_ERR_OPERATIONS_ERROR; } - str = ldb_msg_find_string(res->msgs[0], "nextRid", NULL); + str = ldb_msg_find_attr_as_string(res->msgs[0], "nextRid", NULL); if (str == NULL) { ldb_asprintf_errstring(module->ldb, "attribute nextRid not found in %s\n", -- cgit From 027583e6de2a6981d1c0e8959e1e37bf758be8f9 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 13 Aug 2006 23:58:04 +0000 Subject: r17525: This is a merge from the Google Summer of Code 2006 project by Martin Kühl . MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Martin took over the work done last year by Jelmer, in last year's SoC. This was a substanital task, as the the ldb modules API changed significantly during the past year, with the addition of async calls. This changeset reimplements and enables the ldb_map ldb module and adapts the example module and test case, both named samba3sam, to the implementation. The ldb_map module supports splitting an ldb database into two parts (called the "local" and "remote" part) and storing the data in one of them (the remote database) in a different format while the other acts as a fallback. This allows ldb to e.g. store to and load data from a remote LDAP server and present it according to the Samba4 schema while still allowing the LDAP to present and modify its data separately. A complex example of this is the samba3sam module (by Jelmer Vernooij), which maps data between the samba3 and samba4 schemas. A simpler example is given by the entryUUID module (by Andrew Bartlett), which handles some of the differences between AD and OpenLDAP in operational attributes. It principally maps objectGUID, to and from entryUUID elements. This is also an example of a module that doesn't use the local backend as fallback storage. This merge also splits the ldb_map.c file into smaller, more manageable parts. (This used to be commit af2bece4d343a9f787b2e3628848b266cec2b9f0) --- source4/dsdb/samdb/ldb_modules/config.mk | 12 ++ source4/dsdb/samdb/ldb_modules/entryUUID.c | 182 +++++++++++++++++++++++++++++ source4/dsdb/samdb/ldb_modules/samba3sam.c | 35 +++++- 3 files changed, 227 insertions(+), 2 deletions(-) create mode 100644 source4/dsdb/samdb/ldb_modules/entryUUID.c (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index 799d650ee7..6168a73d94 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -33,6 +33,18 @@ OBJ_FILES = \ # End MODULE ldb_samldb ################################################ +################################################ +# Start MODULE ldb_entryUUID +[MODULE::ldb_entryUUID] +SUBSYSTEM = ldb +INIT_FUNCTION = ldb_entryUUID_module_init +ENABLE = YES +OBJ_FILES = \ + entryUUID.o +# +# End MODULE ldb_entryUUID +################################################ + # ################################################ # # Start MODULE ldb_proxy # [MODULE::ldb_proxy] diff --git a/source4/dsdb/samdb/ldb_modules/entryUUID.c b/source4/dsdb/samdb/ldb_modules/entryUUID.c new file mode 100644 index 0000000000..5f7efc1681 --- /dev/null +++ b/source4/dsdb/samdb/ldb_modules/entryUUID.c @@ -0,0 +1,182 @@ +/* + ldb database module + + LDAP semantics mapping module + + Copyright (C) Jelmer Vernooij 2005 + Copyright (C) Andrew Bartlett 2006 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +/* + This module relies on ldb_map to do all the real work, but performs + some of the trivial mappings between AD semantics and that provided + by OpenLDAP and similar servers. +*/ + +#include "includes.h" +#include "ldb/include/ldb.h" +#include "ldb/include/ldb_private.h" +#include "ldb/include/ldb_errors.h" +#include "ldb/modules/ldb_map.h" + +#include "librpc/gen_ndr/ndr_misc.h" +#include "librpc/ndr/libndr.h" + +static struct ldb_val encode_guid(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) +{ + struct GUID guid; + NTSTATUS status = GUID_from_string((char *)val->data, &guid); + struct ldb_val out = data_blob(NULL, 0); + + if (!NT_STATUS_IS_OK(status)) { + return out; + } + status = ndr_push_struct_blob(&out, ctx, &guid, + (ndr_push_flags_fn_t)ndr_push_GUID); + if (!NT_STATUS_IS_OK(status)) { + return out; + } + + return out; +} + +static struct ldb_val decode_guid(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) +{ + struct GUID *guid; + NTSTATUS status; + struct ldb_val out = data_blob(NULL, 0); + + guid = talloc(ctx, struct GUID); + if (guid == NULL) { + return out; + } + status = ndr_pull_struct_blob(val, guid, guid, + (ndr_pull_flags_fn_t)ndr_pull_GUID); + if (!NT_STATUS_IS_OK(status)) { + talloc_free(guid); + return out; + } + out = data_blob_string_const(GUID_string(ctx, guid)); + talloc_free(guid); + return out; +} + +/* The backend holds binary sids, so just copy them back */ +static struct ldb_val sid_copy(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) +{ + struct ldb_val out = data_blob(NULL, 0); + ldb_handler_copy(module->ldb, ctx, val, &out); + + return out; +} + +/* Ensure we always convert sids into binary, so the backend doesn't have to know about both forms */ +static struct ldb_val sid_always_binary(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) +{ + struct ldb_val out = data_blob(NULL, 0); + const struct ldb_attrib_handler *handler = ldb_attrib_handler(module->ldb, "objectSid"); + + if (handler->canonicalise_fn(module->ldb, ctx, val, &out) != LDB_SUCCESS) { + return data_blob(NULL, 0); + } + + return out; +} + +const struct ldb_map_attribute entryUUID_attributes[] = +{ + /* objectGUID */ + { + .local_name = "objectGUID", + .type = MAP_CONVERT, + .u = { + .convert = { + .remote_name = "entryUUID", + .convert_local = decode_guid, + .convert_remote = encode_guid, + }, + }, + }, + /* objectSid */ + { + .local_name = "objectSid", + .type = MAP_CONVERT, + .u = { + .convert = { + .remote_name = "objectSid", + .convert_local = sid_always_binary, + .convert_remote = sid_copy, + }, + }, + }, + { + .local_name = "whenCreated", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "createTimestamp" + } + } + }, + { + .local_name = "whenChanged", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "modifyTimestamp" + } + } + }, + { + .local_name = "*", + .type = MAP_KEEP, + }, + { + .local_name = NULL, + } +}; + +/* the context init function */ +static int entryUUID_init(struct ldb_module *module) +{ + int ret; + + ret = ldb_map_init(module, entryUUID_attributes, NULL, NULL); + if (ret != LDB_SUCCESS) + return ret; + + return ldb_next_init(module); +} + +static struct ldb_module_ops entryUUID_ops = { + .name = "entryUUID", + .init_context = entryUUID_init, +}; + +/* the init function */ +int ldb_entryUUID_module_init(void) +{ + struct ldb_module_ops ops = ldb_map_get_ops(); + entryUUID_ops.add = ops.add; + entryUUID_ops.modify = ops.modify; + entryUUID_ops.del = ops.del; + entryUUID_ops.rename = ops.rename; + entryUUID_ops.search = ops.search; + entryUUID_ops.wait = ops.wait; + + return ldb_register_module(&entryUUID_ops); +} diff --git a/source4/dsdb/samdb/ldb_modules/samba3sam.c b/source4/dsdb/samdb/ldb_modules/samba3sam.c index 80cedb7b08..670d9ef0d8 100644 --- a/source4/dsdb/samdb/ldb_modules/samba3sam.c +++ b/source4/dsdb/samdb/ldb_modules/samba3sam.c @@ -5,11 +5,17 @@ */ #include "includes.h" -#include "ldb/modules/ldb_map.h" #include "ldb/include/ldb.h" #include "ldb/include/ldb_private.h" +#include "ldb/include/ldb_errors.h" +#include "ldb/modules/ldb_map.h" #include "system/passwd.h" +#include "librpc/gen_ndr/ndr_security.h" +#include "librpc/ndr/libndr.h" +#include "libcli/security/security.h" +#include "libcli/security/proto.h" + /* * sambaSID -> member (dn!) * sambaSIDList -> member (dn!) @@ -855,8 +861,33 @@ const struct ldb_map_attribute samba3_attributes[] = } }; +/* the context init function */ +static int samba3sam_init(struct ldb_module *module) +{ + int ret; + + ret = ldb_map_init(module, samba3_attributes, samba3_objectclasses, "samba3sam"); + if (ret != LDB_SUCCESS) + return ret; + + return ldb_next_init(module); +} + +static struct ldb_module_ops samba3sam_ops = { + .name = "samba3sam", + .init_context = samba3sam_init, +}; + /* the init function */ int ldb_samba3sam_module_init(void) { - return ldb_map_init(ldb, samba3_attributes, samba3_objectclasses, "samba3sam"); + struct ldb_module_ops ops = ldb_map_get_ops(); + samba3sam_ops.add = ops.add; + samba3sam_ops.modify = ops.modify; + samba3sam_ops.del = ops.del; + samba3sam_ops.rename = ops.rename; + samba3sam_ops.search = ops.search; + samba3sam_ops.wait = ops.wait; + + return ldb_register_module(&samba3sam_ops); } -- cgit From 8f42f1292c2f1f1002b8446dc8b5351eb633d5ce Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 14 Aug 2006 00:59:57 +0000 Subject: r17526: Move timestamp generation into the objectGUID module. It probably needs to be renamed (operation_add?). This allows me to match the behaviour and substitute with the entryUUID module for remote LDAP connections. Andrew Bartlett (This used to be commit af02b4d7c631bb15bf5a5f73f9fdc23075d50f60) --- source4/dsdb/samdb/ldb_modules/objectguid.c | 89 ++++++++++++++++++++++++++++- 1 file changed, 88 insertions(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/objectguid.c b/source4/dsdb/samdb/ldb_modules/objectguid.c index 1f18f0e603..ca27f17d71 100644 --- a/source4/dsdb/samdb/ldb_modules/objectguid.c +++ b/source4/dsdb/samdb/ldb_modules/objectguid.c @@ -50,6 +50,35 @@ static struct ldb_message_element *objectguid_find_attribute(const struct ldb_me return NULL; } +/* + add a time element to a record +*/ +static int add_time_element(struct ldb_message *msg, const char *attr, time_t t) +{ + struct ldb_message_element *el; + char *s; + + if (ldb_msg_find_element(msg, attr) != NULL) { + return 0; + } + + s = ldb_timestring(msg, t); + if (s == NULL) { + return -1; + } + + if (ldb_msg_add_string(msg, attr, s) != 0) { + return -1; + } + + el = ldb_msg_find_element(msg, attr); + /* always set as replace. This works because on add ops, the flag + is ignored */ + el->flags = LDB_FLAG_MOD_REPLACE; + + return 0; +} + /* add_record: add objectGUID attribute */ static int objectguid_add(struct ldb_module *module, struct ldb_request *req) { @@ -60,6 +89,7 @@ static int objectguid_add(struct ldb_module *module, struct ldb_request *req) struct GUID guid; NTSTATUS nt_status; int ret; + time_t t = time(NULL); ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_add_record\n"); @@ -82,6 +112,7 @@ static int objectguid_add(struct ldb_module *module, struct ldb_request *req) /* we have to copy the message as the caller might have it as a const */ down_req->op.add.message = msg = ldb_msg_copy_shallow(down_req, req->op.add.message); if (msg == NULL) { + talloc_free(down_req); return LDB_ERR_OPERATIONS_ERROR; } @@ -91,14 +122,70 @@ static int objectguid_add(struct ldb_module *module, struct ldb_request *req) nt_status = ndr_push_struct_blob(&v, msg, &guid, (ndr_push_flags_fn_t)ndr_push_GUID); if (!NT_STATUS_IS_OK(nt_status)) { - return -1; + talloc_free(down_req); + return LDB_ERR_OPERATIONS_ERROR; } ret = ldb_msg_add_value(msg, "objectGUID", &v); if (ret) { + talloc_free(down_req); return ret; } + if (add_time_element(msg, "whenCreated", t) != 0 || + add_time_element(msg, "whenChanged", t) != 0) { + talloc_free(down_req); + return LDB_ERR_OPERATIONS_ERROR; + } + + ldb_set_timeout_from_prev_req(module->ldb, req, down_req); + + /* go on with the call chain */ + ret = ldb_next_request(module, down_req); + + /* do not free down_req as the call results may be linked to it, + * it will be freed when the upper level request get freed */ + if (ret == LDB_SUCCESS) { + req->handle = down_req->handle; + } + + return ret; +} + +/* modify_record: update timestamps */ +static int objectguid_modify(struct ldb_module *module, struct ldb_request *req) +{ + struct ldb_request *down_req; + struct ldb_message *msg; + int ret; + time_t t = time(NULL); + + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_add_record\n"); + + /* do not manipulate our control entries */ + if (ldb_dn_is_special(req->op.add.message->dn)) { + return ldb_next_request(module, req); + } + + down_req = talloc(req, struct ldb_request); + if (down_req == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + *down_req = *req; + + /* we have to copy the message as the caller might have it as a const */ + down_req->op.mod.message = msg = ldb_msg_copy_shallow(down_req, req->op.mod.message); + if (msg == NULL) { + talloc_free(down_req); + return LDB_ERR_OPERATIONS_ERROR; + } + + if (add_time_element(msg, "whenChanged", t) != 0) { + talloc_free(down_req); + return LDB_ERR_OPERATIONS_ERROR; + } + ldb_set_timeout_from_prev_req(module->ldb, req, down_req); /* go on with the call chain */ -- cgit From a993f53d525799df410bab1061fdb28f52379b3c Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 14 Aug 2006 02:50:18 +0000 Subject: r17529: Simo doesn't like the use of the internal ldb_errstring in functions not used purely as ldb module helper functions. This now passes these strings back as explicit parameters. Andrew Bartlett (This used to be commit 9c1cd9c2c6bcd9d056a7c9caafacdd573562ebbc) --- source4/dsdb/samdb/ldb_modules/samldb.c | 36 +++++++++++++++++++++++++-------- 1 file changed, 28 insertions(+), 8 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 67724d56b5..e9ddb7cad7 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -435,6 +435,7 @@ static int samldb_fill_group_object(struct ldb_module *module, const struct ldb_ struct ldb_message *msg2; struct ldb_dn_component *rdn; TALLOC_CTX *mem_ctx = talloc_new(msg); + char *errstr; if (!mem_ctx) { return LDB_ERR_OPERATIONS_ERROR; } @@ -447,8 +448,11 @@ static int samldb_fill_group_object(struct ldb_module *module, const struct ldb_ return LDB_ERR_OPERATIONS_ERROR; } - ret = samdb_copy_template(module->ldb, msg2, "(&(CN=TemplateGroup)(objectclass=groupTemplate))"); + ret = samdb_copy_template(module->ldb, msg2, + "(&(CN=TemplateGroup)(objectclass=groupTemplate))", + &errstr); if (ret != 0) { + talloc_free(mem_ctx); return ret; } @@ -494,6 +498,7 @@ static int samldb_fill_user_or_computer_object(struct ldb_module *module, const struct ldb_message *msg2; struct ldb_dn_component *rdn; TALLOC_CTX *mem_ctx = talloc_new(msg); + char *errstr; if (!mem_ctx) { return LDB_ERR_OPERATIONS_ERROR; } @@ -508,9 +513,14 @@ static int samldb_fill_user_or_computer_object(struct ldb_module *module, const if (samdb_find_attribute(module->ldb, msg, "objectclass", "computer") != NULL) { - ret = samdb_copy_template(module->ldb, msg2, "(&(CN=TemplateComputer)(objectclass=userTemplate))"); + ret = samdb_copy_template(module->ldb, msg2, + "(&(CN=TemplateComputer)(objectclass=userTemplate))", + &errstr); if (ret) { - ldb_debug(module->ldb, LDB_DEBUG_WARNING, "samldb_fill_user_or_computer_object: Error copying computer template!\n"); + ldb_asprintf_errstring(module->ldb, + "samldb_fill_user_or_computer_object: " + "Error copying computer template: %s", + errstr); talloc_free(mem_ctx); return ret; } @@ -528,9 +538,13 @@ static int samldb_fill_user_or_computer_object(struct ldb_module *module, const } } else { - ret = samdb_copy_template(module->ldb, msg2, "(&(CN=TemplateUser)(objectclass=userTemplate))"); + ret = samdb_copy_template(module->ldb, msg2, + "(&(CN=TemplateUser)(objectclass=userTemplate))", + &errstr); if (ret) { - ldb_debug(module->ldb, LDB_DEBUG_WARNING, "samldb_fill_user_or_computer_object: Error copying user template!\n"); + ldb_asprintf_errstring(module->ldb, + "samldb_fill_user_or_computer_object: Error copying user template: %s\n", + errstr); talloc_free(mem_ctx); return ret; } @@ -581,7 +595,7 @@ static int samldb_fill_user_or_computer_object(struct ldb_module *module, const } static int samldb_fill_foreignSecurityPrincipal_object(struct ldb_module *module, const struct ldb_message *msg, - struct ldb_message **ret_msg) + struct ldb_message **ret_msg) { struct ldb_message *msg2; struct ldb_dn_component *rdn; @@ -589,6 +603,7 @@ static int samldb_fill_foreignSecurityPrincipal_object(struct ldb_module *module struct dom_sid *sid; const char *dom_attrs[] = { "name", NULL }; struct ldb_message **dom_msgs; + char *errstr; int ret; TALLOC_CTX *mem_ctx = talloc_new(msg); @@ -604,9 +619,14 @@ static int samldb_fill_foreignSecurityPrincipal_object(struct ldb_module *module return LDB_ERR_OPERATIONS_ERROR; } - ret = samdb_copy_template(module->ldb, msg2, "(&(CN=TemplateForeignSecurityPrincipal)(objectclass=foreignSecurityPrincipalTemplate))"); + ret = samdb_copy_template(module->ldb, msg2, + "(&(CN=TemplateForeignSecurityPrincipal)(objectclass=foreignSecurityPrincipalTemplate))", + &errstr); if (ret != 0) { - ldb_debug(module->ldb, LDB_DEBUG_WARNING, "samldb_fill_foreignSecurityPrincipal_object: Error copying template!\n"); + ldb_asprintf_errstring(module->ldb, + "samldb_fill_foreignSecurityPrincipal_object: " + "Error copying template: %s", + errstr); talloc_free(mem_ctx); return ret; } -- cgit From 4fe22ebe8bd1bddfbd9db7da37139151d75d7f90 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 15 Aug 2006 12:59:46 +0000 Subject: r17553: Actually enable the samba3sam module. Should help 'make test'. Andrew Bartlett (This used to be commit 0e19d159697e99f6c45879cf42c39c9b2b134ffa) --- source4/dsdb/samdb/ldb_modules/config.mk | 1 - 1 file changed, 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index 6168a73d94..caf218ddc7 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -26,7 +26,6 @@ OBJ_FILES = \ [MODULE::ldb_samba3sam] SUBSYSTEM = ldb INIT_FUNCTION = ldb_samba3sam_module_init -ENABLE = NO OBJ_FILES = \ samba3sam.o # -- cgit From acd66674b4b7106d01e3ce8dbe29137e9779c633 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 20 Aug 2006 23:30:54 +0000 Subject: r17639: Martin Kuhl noticed that we loaded an incorrect value for distinguisedName on templated objects. In looking how to handle distinguishedName correctly on LDAP, I was very glad to find it supported entryDN, and this adds another mapping. Andrew Bartlett (This used to be commit 3b5c973988648a2b2a5e1885ee894607e4d9679b) --- source4/dsdb/samdb/ldb_modules/entryUUID.c | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/entryUUID.c b/source4/dsdb/samdb/ldb_modules/entryUUID.c index 5f7efc1681..acc8067fa7 100644 --- a/source4/dsdb/samdb/ldb_modules/entryUUID.c +++ b/source4/dsdb/samdb/ldb_modules/entryUUID.c @@ -141,6 +141,15 @@ const struct ldb_map_attribute entryUUID_attributes[] = } } }, + { + .local_name = "distinguishedName", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "entryDN" + } + } + }, { .local_name = "*", .type = MAP_KEEP, -- cgit From e4759eb0b60edc5ce3ad404590a23044a5130a0d Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 22 Aug 2006 04:05:36 +0000 Subject: r17690: Demonstrate how we can read the schema to find out details needed for translation. I hope to have this reading a schema structure in the future. Andrew Bartlett (This used to be commit fb085a651ff60ab9b5d120a1ea228ff3edf0c224) --- source4/dsdb/samdb/ldb_modules/entryUUID.c | 185 ++++++++++++++++++++++++++++- 1 file changed, 182 insertions(+), 3 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/entryUUID.c b/source4/dsdb/samdb/ldb_modules/entryUUID.c index acc8067fa7..c2c422185f 100644 --- a/source4/dsdb/samdb/ldb_modules/entryUUID.c +++ b/source4/dsdb/samdb/ldb_modules/entryUUID.c @@ -36,6 +36,10 @@ #include "librpc/gen_ndr/ndr_misc.h" #include "librpc/ndr/libndr.h" +struct entryUUID_private { + struct ldb_result *objectclass_res; +}; + static struct ldb_val encode_guid(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) { struct GUID guid; @@ -76,7 +80,7 @@ static struct ldb_val decode_guid(struct ldb_module *module, TALLOC_CTX *ctx, co } /* The backend holds binary sids, so just copy them back */ -static struct ldb_val sid_copy(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) +static struct ldb_val val_copy(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) { struct ldb_val out = data_blob(NULL, 0); ldb_handler_copy(module->ldb, ctx, val, &out); @@ -97,6 +101,75 @@ static struct ldb_val sid_always_binary(struct ldb_module *module, TALLOC_CTX *c return out; } +static struct ldb_val objectCategory_always_dn(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) +{ + int i; + struct map_private *map_private; + struct entryUUID_private *entryUUID_private; + struct ldb_result *list; + + if (ldb_dn_explode(ctx, val->data)) { + return *val; + } + map_private = talloc_get_type(module->private_data, struct map_private); + + entryUUID_private = talloc_get_type(map_private->caller_private, struct entryUUID_private); + list = entryUUID_private->objectclass_res; + + for (i=0; i < list->count; i++) { + if (ldb_attr_cmp(val->data, ldb_msg_find_attr_as_string(list->msgs[i], "lDAPDisplayName", NULL)) == 0) { + char *dn = ldb_dn_linearize(ctx, list->msgs[i]->dn); + return data_blob_string_const(dn); + } + } + return *val; +} + +static struct ldb_val class_to_oid(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) +{ + int i; + struct map_private *map_private; + struct entryUUID_private *entryUUID_private; + struct ldb_result *list; + + map_private = talloc_get_type(module->private_data, struct map_private); + + entryUUID_private = talloc_get_type(map_private->caller_private, struct entryUUID_private); + list = entryUUID_private->objectclass_res; + + for (i=0; i < list->count; i++) { + if (ldb_attr_cmp(val->data, ldb_msg_find_attr_as_string(list->msgs[i], "lDAPDisplayName", NULL)) == 0) { + const char *oid = ldb_msg_find_attr_as_string(list->msgs[i], "governsID", NULL); + return data_blob_string_const(oid); + } + } + return *val; +} + +static struct ldb_val class_from_oid(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) +{ + int i; + struct map_private *map_private; + struct entryUUID_private *entryUUID_private; + struct ldb_result *list; + + map_private = talloc_get_type(module->private_data, struct map_private); + + entryUUID_private = talloc_get_type(map_private->caller_private, struct entryUUID_private); + list = entryUUID_private->objectclass_res; + + for (i=0; i < list->count; i++) { + if (ldb_attr_cmp(val->data, ldb_msg_find_attr_as_string(list->msgs[i], "governsID", NULL)) == 0) { + const char *oc = ldb_msg_find_attr_as_string(list->msgs[i], "lDAPDisplayName", NULL); + return data_blob_string_const(oc); + } + } + return *val; +} + + + + const struct ldb_map_attribute entryUUID_attributes[] = { /* objectGUID */ @@ -119,7 +192,7 @@ const struct ldb_map_attribute entryUUID_attributes[] = .convert = { .remote_name = "objectSid", .convert_local = sid_always_binary, - .convert_remote = sid_copy, + .convert_remote = val_copy, }, }, }, @@ -141,6 +214,28 @@ const struct ldb_map_attribute entryUUID_attributes[] = } } }, + { + .local_name = "allowedChildClassesEffective", + .type = MAP_CONVERT, + .u = { + .convert = { + .remote_name = "allowedChildClassesEffective", + .convert_local = class_to_oid, + .convert_remote = class_from_oid, + }, + }, + }, + { + .local_name = "objectCategory", + .type = MAP_CONVERT, + .u = { + .convert = { + .remote_name = "objectCategory", + .convert_local = objectCategory_always_dn, + .convert_remote = val_copy, + }, + }, + }, { .local_name = "distinguishedName", .type = MAP_RENAME, @@ -159,16 +254,100 @@ const struct ldb_map_attribute entryUUID_attributes[] = } }; +static struct ldb_dn *find_schema_dn(struct ldb_context *ldb, TALLOC_CTX *mem_ctx) +{ + const char *rootdse_attrs[] = {"schemaNamingContext", NULL}; + struct ldb_dn *schemadn; + struct ldb_dn *basedn = ldb_dn_explode(mem_ctx, ""); + struct ldb_result *rootdse_res; + int ldb_ret; + if (!basedn) { + return NULL; + } + + /* Search for rootdse */ + ldb_ret = ldb_search(ldb, basedn, LDB_SCOPE_BASE, NULL, rootdse_attrs, &rootdse_res); + if (ldb_ret != LDB_SUCCESS) { + printf("Search failed: %s\n", ldb_errstring(ldb)); + return NULL; + } + + talloc_steal(mem_ctx, rootdse_res); + + if (rootdse_res->count != 1) { + printf("Failed to find rootDSE"); + return NULL; + } + + /* Locate schema */ + schemadn = ldb_msg_find_attr_as_dn(mem_ctx, rootdse_res->msgs[0], "schemaNamingContext"); + if (!schemadn) { + return NULL; + } + + talloc_free(rootdse_res); + return schemadn; +} + +static int fetch_objectclass_schema(struct ldb_context *ldb, struct ldb_dn *schemadn, + TALLOC_CTX *mem_ctx, + struct ldb_result **objectclass_res) +{ + TALLOC_CTX *local_ctx = talloc_new(mem_ctx); + int ret; + const char *attrs[] = { + "lDAPDisplayName", + "governsID", + NULL + }; + + if (!local_ctx) { + return LDB_ERR_OPERATIONS_ERROR; + } + + /* Downlaod schema */ + ret = ldb_search(ldb, schemadn, LDB_SCOPE_SUBTREE, + "objectClass=classSchema", + attrs, objectclass_res); + if (ret != LDB_SUCCESS) { + printf("Search failed: %s\n", ldb_errstring(ldb)); + return LDB_ERR_OPERATIONS_ERROR; + } + + return ret; +} + /* the context init function */ static int entryUUID_init(struct ldb_module *module) { int ret; + struct map_private *map_private; + struct entryUUID_private *entryUUID_private; + struct ldb_dn *schema_dn; ret = ldb_map_init(module, entryUUID_attributes, NULL, NULL); if (ret != LDB_SUCCESS) return ret; - return ldb_next_init(module); + map_private = talloc_get_type(module->private_data, struct map_private); + + entryUUID_private = talloc(map_private, struct entryUUID_private); + map_private->caller_private = entryUUID_private; + + schema_dn = find_schema_dn(module->ldb, map_private); + if (!schema_dn) { + printf("Failed to find schema DN: %s\n", ldb_errstring(module->ldb)); + return LDB_ERR_OPERATIONS_ERROR; + } + + ret = fetch_objectclass_schema(module->ldb, schema_dn, entryUUID_private, &entryUUID_private->objectclass_res); + if (ret != LDB_SUCCESS) { + printf("Failed to fetch objectClass schema elements: %s\n", ldb_errstring(module->ldb)); + return ret; + } + + + return ldb_next_init(module); } static struct ldb_module_ops entryUUID_ops = { -- cgit From 23557a9f17a792f427fedb9012bc951bf3918b2d Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 22 Aug 2006 04:32:34 +0000 Subject: r17694: Don't use printf() in a module... (This used to be commit 9f810ddd1436672e16a6b80500bb14aa21e097de) --- source4/dsdb/samdb/ldb_modules/entryUUID.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/entryUUID.c b/source4/dsdb/samdb/ldb_modules/entryUUID.c index c2c422185f..62f4d3fdcb 100644 --- a/source4/dsdb/samdb/ldb_modules/entryUUID.c +++ b/source4/dsdb/samdb/ldb_modules/entryUUID.c @@ -257,7 +257,7 @@ const struct ldb_map_attribute entryUUID_attributes[] = static struct ldb_dn *find_schema_dn(struct ldb_context *ldb, TALLOC_CTX *mem_ctx) { const char *rootdse_attrs[] = {"schemaNamingContext", NULL}; - struct ldb_dn *schemadn; + struct ldb_dn *schema_dn; struct ldb_dn *basedn = ldb_dn_explode(mem_ctx, ""); struct ldb_result *rootdse_res; int ldb_ret; @@ -268,25 +268,24 @@ static struct ldb_dn *find_schema_dn(struct ldb_context *ldb, TALLOC_CTX *mem_ct /* Search for rootdse */ ldb_ret = ldb_search(ldb, basedn, LDB_SCOPE_BASE, NULL, rootdse_attrs, &rootdse_res); if (ldb_ret != LDB_SUCCESS) { - printf("Search failed: %s\n", ldb_errstring(ldb)); return NULL; } talloc_steal(mem_ctx, rootdse_res); if (rootdse_res->count != 1) { - printf("Failed to find rootDSE"); + ldb_asprintf_errstring(ldb, "Failed to find rootDSE: count %d", rootdse_res->count); return NULL; } /* Locate schema */ - schemadn = ldb_msg_find_attr_as_dn(mem_ctx, rootdse_res->msgs[0], "schemaNamingContext"); - if (!schemadn) { + schema_dn = ldb_msg_find_attr_as_dn(mem_ctx, rootdse_res->msgs[0], "schemaNamingContext"); + if (!schema_dn) { return NULL; } talloc_free(rootdse_res); - return schemadn; + return schema_dn; } static int fetch_objectclass_schema(struct ldb_context *ldb, struct ldb_dn *schemadn, -- cgit From 54b5ba20f6bd6aa7cf749e3e4b6e4472dc94cefb Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 22 Aug 2006 06:07:01 +0000 Subject: r17699: Remove more printf calls. Try to cope with partital initialisation. Andrew Bartlett (This used to be commit 3c497405fea2f3e48a0d1bb2818b6a1ff345d368) --- source4/dsdb/samdb/ldb_modules/entryUUID.c | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/entryUUID.c b/source4/dsdb/samdb/ldb_modules/entryUUID.c index 62f4d3fdcb..826a895dbc 100644 --- a/source4/dsdb/samdb/ldb_modules/entryUUID.c +++ b/source4/dsdb/samdb/ldb_modules/entryUUID.c @@ -116,7 +116,7 @@ static struct ldb_val objectCategory_always_dn(struct ldb_module *module, TALLOC entryUUID_private = talloc_get_type(map_private->caller_private, struct entryUUID_private); list = entryUUID_private->objectclass_res; - for (i=0; i < list->count; i++) { + for (i=0; list && i < list->count; i++) { if (ldb_attr_cmp(val->data, ldb_msg_find_attr_as_string(list->msgs[i], "lDAPDisplayName", NULL)) == 0) { char *dn = ldb_dn_linearize(ctx, list->msgs[i]->dn); return data_blob_string_const(dn); @@ -137,7 +137,7 @@ static struct ldb_val class_to_oid(struct ldb_module *module, TALLOC_CTX *ctx, c entryUUID_private = talloc_get_type(map_private->caller_private, struct entryUUID_private); list = entryUUID_private->objectclass_res; - for (i=0; i < list->count; i++) { + for (i=0; list && i < list->count; i++) { if (ldb_attr_cmp(val->data, ldb_msg_find_attr_as_string(list->msgs[i], "lDAPDisplayName", NULL)) == 0) { const char *oid = ldb_msg_find_attr_as_string(list->msgs[i], "governsID", NULL); return data_blob_string_const(oid); @@ -158,7 +158,7 @@ static struct ldb_val class_from_oid(struct ldb_module *module, TALLOC_CTX *ctx, entryUUID_private = talloc_get_type(map_private->caller_private, struct entryUUID_private); list = entryUUID_private->objectclass_res; - for (i=0; i < list->count; i++) { + for (i=0; list && i < list->count; i++) { if (ldb_attr_cmp(val->data, ldb_msg_find_attr_as_string(list->msgs[i], "governsID", NULL)) == 0) { const char *oc = ldb_msg_find_attr_as_string(list->msgs[i], "lDAPDisplayName", NULL); return data_blob_string_const(oc); @@ -309,8 +309,7 @@ static int fetch_objectclass_schema(struct ldb_context *ldb, struct ldb_dn *sche "objectClass=classSchema", attrs, objectclass_res); if (ret != LDB_SUCCESS) { - printf("Search failed: %s\n", ldb_errstring(ldb)); - return LDB_ERR_OPERATIONS_ERROR; + return ret; } return ret; @@ -330,21 +329,20 @@ static int entryUUID_init(struct ldb_module *module) map_private = talloc_get_type(module->private_data, struct map_private); - entryUUID_private = talloc(map_private, struct entryUUID_private); + entryUUID_private = talloc_zero(map_private, struct entryUUID_private); map_private->caller_private = entryUUID_private; schema_dn = find_schema_dn(module->ldb, map_private); if (!schema_dn) { - printf("Failed to find schema DN: %s\n", ldb_errstring(module->ldb)); - return LDB_ERR_OPERATIONS_ERROR; + /* Perhaps no schema yet */ + return LDB_SUCCESS; } ret = fetch_objectclass_schema(module->ldb, schema_dn, entryUUID_private, &entryUUID_private->objectclass_res); if (ret != LDB_SUCCESS) { - printf("Failed to fetch objectClass schema elements: %s\n", ldb_errstring(module->ldb)); + ldb_asprintf_errstring(module->ldb, "Failed to fetch objectClass schema elements: %s\n", ldb_errstring(module->ldb)); return ret; - } - + } return ldb_next_init(module); } -- cgit From 6ddd5f6e6686644be8163f289c9480253b45db12 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 22 Aug 2006 10:05:20 +0000 Subject: r17703: Fixes to enable the entryUUID module to work for it's objectClass -> OID mappings. The key point is to 'enable' the partitions in the partitions module before the init is complete. That way, the modules can perform searches that use partitions. Andrew Bartlett (This used to be commit 420d1920a6824a6c0cb70b4ba832ddb90b0e95ff) --- source4/dsdb/samdb/ldb_modules/entryUUID.c | 6 +++--- source4/dsdb/samdb/ldb_modules/partition.c | 7 ++++--- 2 files changed, 7 insertions(+), 6 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/entryUUID.c b/source4/dsdb/samdb/ldb_modules/entryUUID.c index 826a895dbc..06e5384cff 100644 --- a/source4/dsdb/samdb/ldb_modules/entryUUID.c +++ b/source4/dsdb/samdb/ldb_modules/entryUUID.c @@ -116,7 +116,7 @@ static struct ldb_val objectCategory_always_dn(struct ldb_module *module, TALLOC entryUUID_private = talloc_get_type(map_private->caller_private, struct entryUUID_private); list = entryUUID_private->objectclass_res; - for (i=0; list && i < list->count; i++) { + for (i=0; list && (i < list->count); i++) { if (ldb_attr_cmp(val->data, ldb_msg_find_attr_as_string(list->msgs[i], "lDAPDisplayName", NULL)) == 0) { char *dn = ldb_dn_linearize(ctx, list->msgs[i]->dn); return data_blob_string_const(dn); @@ -137,7 +137,7 @@ static struct ldb_val class_to_oid(struct ldb_module *module, TALLOC_CTX *ctx, c entryUUID_private = talloc_get_type(map_private->caller_private, struct entryUUID_private); list = entryUUID_private->objectclass_res; - for (i=0; list && i < list->count; i++) { + for (i=0; list && (i < list->count); i++) { if (ldb_attr_cmp(val->data, ldb_msg_find_attr_as_string(list->msgs[i], "lDAPDisplayName", NULL)) == 0) { const char *oid = ldb_msg_find_attr_as_string(list->msgs[i], "governsID", NULL); return data_blob_string_const(oid); @@ -158,7 +158,7 @@ static struct ldb_val class_from_oid(struct ldb_module *module, TALLOC_CTX *ctx, entryUUID_private = talloc_get_type(map_private->caller_private, struct entryUUID_private); list = entryUUID_private->objectclass_res; - for (i=0; list && i < list->count; i++) { + for (i=0; list && (i < list->count); i++) { if (ldb_attr_cmp(val->data, ldb_msg_find_attr_as_string(list->msgs[i], "governsID", NULL)) == 0) { const char *oc = ldb_msg_find_attr_as_string(list->msgs[i], "lDAPDisplayName", NULL); return data_blob_string_const(oc); diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index ba0c2bc9f4..889c0bfeb0 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -643,6 +643,10 @@ static int partition_init(struct ldb_module *module) data->replicate[i] = NULL; } + /* Make the private data available to any searches the modules may trigger in initialisation */ + module->private_data = data; + talloc_steal(module, data); + modules_attributes = ldb_msg_find_element(msg, "modules"); if (modules_attributes) { for (i=0; i < modules_attributes->num_values; i++) { @@ -708,9 +712,6 @@ static int partition_init(struct ldb_module *module) } } - module->private_data = data; - talloc_steal(module, data); - talloc_free(mem_ctx); return ldb_next_init(module); } -- cgit From 6268e2f148a1d2487b5d2c825333b3bc866b79a6 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 24 Aug 2006 10:41:31 +0000 Subject: r17788: fix compiler warnings metze (This used to be commit 00fcc4f16a01a0c6a70f86c8bd9d1f9801dfd9df) --- source4/dsdb/samdb/ldb_modules/samldb.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index e9ddb7cad7..98acc2696f 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -435,7 +435,7 @@ static int samldb_fill_group_object(struct ldb_module *module, const struct ldb_ struct ldb_message *msg2; struct ldb_dn_component *rdn; TALLOC_CTX *mem_ctx = talloc_new(msg); - char *errstr; + const char *errstr; if (!mem_ctx) { return LDB_ERR_OPERATIONS_ERROR; } @@ -498,7 +498,7 @@ static int samldb_fill_user_or_computer_object(struct ldb_module *module, const struct ldb_message *msg2; struct ldb_dn_component *rdn; TALLOC_CTX *mem_ctx = talloc_new(msg); - char *errstr; + const char *errstr; if (!mem_ctx) { return LDB_ERR_OPERATIONS_ERROR; } @@ -603,7 +603,7 @@ static int samldb_fill_foreignSecurityPrincipal_object(struct ldb_module *module struct dom_sid *sid; const char *dom_attrs[] = { "name", NULL }; struct ldb_message **dom_msgs; - char *errstr; + const char *errstr; int ret; TALLOC_CTX *mem_ctx = talloc_new(msg); -- cgit From 0fd98079425cff37c45be824ffa2695458ff12f3 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 25 Aug 2006 07:08:06 +0000 Subject: r17823: get rid of most of the samdb_base_dn() calls, as they are no longer needed in searches (This used to be commit a5ea749f0ac63bf495a55ee8d9d002208ab93572) --- source4/dsdb/samdb/ldb_modules/samldb.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 98acc2696f..8cf865bd3e 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -301,7 +301,7 @@ int samldb_notice_sid(struct ldb_module *module, filter = talloc_asprintf(mem_ctx, "(objectSid=%s)", ldap_encode_ndr_dom_sid(mem_ctx, sid)); - ret = ldb_search(module->ldb, samdb_base_dn(mem_ctx), LDB_SCOPE_SUBTREE, filter, attrs, &res); + ret = ldb_search(module->ldb, NULL, LDB_SCOPE_SUBTREE, filter, attrs, &res); if (ret == LDB_SUCCESS) { if (res->count > 0) { talloc_free(res); @@ -333,7 +333,7 @@ int samldb_notice_sid(struct ldb_module *module, filter = talloc_asprintf(mem_ctx, "(&(objectSid=%s)(objectclass=domain))", ldap_encode_ndr_dom_sid(mem_ctx, dom_sid)); - ret = ldb_search(module->ldb, samdb_base_dn(mem_ctx), LDB_SCOPE_SUBTREE, filter, attrs, &dom_res); + ret = ldb_search(module->ldb, NULL, LDB_SCOPE_SUBTREE, filter, attrs, &dom_res); if (ret == LDB_SUCCESS) { talloc_steal(mem_ctx, dom_res); if (dom_res->count == 0) { -- cgit From b21b119cbcff175453173d7061e3be3888dc8ec3 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 25 Aug 2006 07:32:18 +0000 Subject: r17824: add a wrapper for the common partitions_basedn calculation (This used to be commit 09007b0907662a0d147e8eb21d5bdfc90dbffefc) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 273cc60c30..e8b9307cf5 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -489,7 +489,7 @@ static int build_domain_data_request(struct ph_context *ac) return LDB_ERR_OPERATIONS_ERROR; } ac->dom_req->operation = LDB_SEARCH; - ac->dom_req->op.search.base = samdb_base_dn(ac); + ac->dom_req->op.search.base = ldb_auto_basedn(ac->module->ldb); ac->dom_req->op.search.scope = LDB_SCOPE_SUBTREE; filter = talloc_asprintf(ac->dom_req, "(&(objectSid=%s)(|(objectClass=domain)(objectClass=builtinDomain)))", -- cgit From 88b04ab6e65137079b2dad76d1cea07e7ea9ab80 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 25 Aug 2006 12:59:03 +0000 Subject: r17830: Set the default_basedn (hey, it comes from the "default" naming contex :-) once at connection time, after modules have been loaded. Introduce a function to retrieve the value where needed. (This used to be commit 0caf6a44e03393c645030a9288e7dfd31e97c98b) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index e8b9307cf5..2fcfdff997 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -489,7 +489,7 @@ static int build_domain_data_request(struct ph_context *ac) return LDB_ERR_OPERATIONS_ERROR; } ac->dom_req->operation = LDB_SEARCH; - ac->dom_req->op.search.base = ldb_auto_basedn(ac->module->ldb); + ac->dom_req->op.search.base = ldb_get_default_basedn(ac->module->ldb); ac->dom_req->op.search.scope = LDB_SCOPE_SUBTREE; filter = talloc_asprintf(ac->dom_req, "(&(objectSid=%s)(|(objectClass=domain)(objectClass=builtinDomain)))", -- cgit From 0c34fbe311aef79489bf626705e6cd709295dcc5 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sun, 27 Aug 2006 23:39:09 +0000 Subject: r17860: Let's commit the work down up to now on the new schema module. At the moment it is able to validate an object has no conflicting objectlasses that it meets the criteria to be inserted as child of the parent and also sorts and create the objectclass hierarchy so that the objectclass .c module can be obsoleted. Not activated by default as we have to completely rework the current provisioning method. (In my tests I could not activate it before all other ldif except for the one that create users were loaded, make test seem to be happy anyway if it is activated after provisioning). Next steps will be attribute and attribute syntax checking on add operation. And then the modify operation will follow. Simo. (This used to be commit 0c444ba1adfb9ce5cfa736bf0620aa3bec66050d) --- source4/dsdb/samdb/ldb_modules/config.mk | 11 + source4/dsdb/samdb/ldb_modules/schema.c | 1309 ++++++++++++++++++++++++++++++ 2 files changed, 1320 insertions(+) create mode 100644 source4/dsdb/samdb/ldb_modules/schema.c (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index caf218ddc7..a24703c5b6 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -124,3 +124,14 @@ OBJ_FILES = \ # End MODULE ldb_partition ################################################ +################################################ +# Start MODULE ldb_schema +[MODULE::ldb_schema] +SUBSYSTEM = ldb +INIT_FUNCTION = ldb_schema_init +OBJ_FILES = \ + schema.o +# +# End MODULE ldb_schema +################################################ + diff --git a/source4/dsdb/samdb/ldb_modules/schema.c b/source4/dsdb/samdb/ldb_modules/schema.c new file mode 100644 index 0000000000..21a6527e10 --- /dev/null +++ b/source4/dsdb/samdb/ldb_modules/schema.c @@ -0,0 +1,1309 @@ +/* + ldb database library + + Copyright (C) Simo Sorce 2004-2006 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +/* + * Name: ldb + * + * Component: ldb schema module + * + * Description: add schema check functionality + * + * Author: Simo Sorce + * + * License: GNU GPL v2 or Later + */ + +#include "includes.h" +#include "libcli/ldap/ldap.h" +#include "ldb/include/ldb_errors.h" +#include "ldb/include/ldb_private.h" +#include "include/dlinklist.h" + +/* Syntax-Table + + see ldap_server/devdocs/AD-syntaxes.txt +*/ + +enum schema_int_attr_id { + SCHEMA_AS_BOOLEAN, + SCHEMA_AS_INTEGER, + SCHEMA_AS_OCTET_STRING, + SCHEMA_AS_SID, + SCHEMA_AS_OID, + SCHEMA_AS_ENUMERATION, + SCHEMA_AS_NUMERIC_STRING, + SCHEMA_AS_PRINTABLE_STRING, + SCHEMA_AS_CASE_IGNORE_STRING, + SCHEMA_AS_IA5_STRING, + SCHEMA_AS_UTC_TIME, + SCHEMA_AS_GENERALIZED_TIME, + SCHEMA_AS_CASE_SENSITIVE_STRING, + SCHEMA_AS_DIRECTORY_STRING, + SCHEMA_AS_LARGE_INTEGER, + SCHEMA_AS_OBJECT_SECURITY_DESCRIPTOR, + SCHEMA_AS_DN, + SCHEMA_AS_DN_BINARY, + SCHEMA_AS_OR_NAME, + SCHEMA_AS_REPLICA_LINK, + SCHEMA_AS_PRESENTATION_ADDRESS, + SCHEMA_AS_ACCESS_POINT, + SCHEMA_AS_DN_STRING +}; + +enum schema_class_type { + SCHEMA_CT_88 = 0, + SCHEMA_CT_STRUCTURAL = 1, + SCHEMA_CT_ABSTRACT = 2, + SCHEMA_CT_AUXILIARY = 3 +}; + +struct schema_attribute { + char *OID; /* attributeID */ + char *name; /* lDAPDisplayName */ + enum schema_int_attr_id syntax; /* generated from attributeSyntax, oMSyntax, oMObjectClass */ + bool single; /* isSingleValued */ + int min; /* rangeLower */ + int max; /* rangeUpper */ +}; + +struct schema_class { + char *OID; /* governsID */ + char *name; /* lDAPDisplayName */ + enum schema_class_type type; /* objectClassCategory */ + bool systemOnly; /* systemOnly */ + struct schema_class *parent; /* subClassOf */ + struct schema_class **sysaux; /* systemAuxiliaryClass */ + struct schema_class **aux; /* auxiliaryClass */ + struct schema_class **sysposssup; /* systemPossSuperiors */ + struct schema_class **posssup; /* possSuperiors */ + struct schema_class **possinf; /* possibleInferiors */ + struct schema_attribute **sysmust; /* systemMustContain */ + struct schema_attribute **must; /* MustContain */ + struct schema_attribute **sysmay; /* systemMayContain */ + struct schema_attribute **may; /* MayContain */ +}; + +/* TODO: ditcontentrules */ + +struct schema_private_data { + struct ldb_dn *schema_dn; + struct schema_attribute **attrs; + struct schema_store *attrs_store; + int num_attributes; + struct schema_class **class; + struct schema_store *class_store; + int num_classes; +}; + +struct schema_class_dlist { + struct schema_class *class; + struct schema_class_dlist *prev; + struct schema_class_dlist *next; + enum schema_class_type role; +}; + +struct schema_context { + + enum sc_op { SC_ADD, SC_MOD, SC_DEL, SC_RENAME } op; + enum sc_step { SC_INIT, SC_ADD_CHECK_PARENT, SC_ADD_TEMP, SC_DEL_CHECK_CHILDREN } step; + + struct schema_private_data *data; + + struct ldb_module *module; + struct ldb_request *orig_req; + struct ldb_request *down_req; + + struct ldb_request *parent_req; + struct ldb_reply *parent_res; + + struct schema_class_dlist *class_list; + struct schema_class **sup_list; + struct schema_class **aux_list; +}; + +/* FIXME: I'd really like to use an hash table here */ +struct schema_link { + const char *name; + void *object; +}; + +struct schema_store { + struct schema_link *store; + int num_links; +}; + +static struct schema_store *schema_store_new(TALLOC_CTX *mem_ctx) +{ + struct schema_store *ht; + + ht = talloc(mem_ctx, struct schema_store); + if (!ht) return NULL; + + ht->store = NULL; + ht->num_links = 0; + + return ht; +} + +static int schema_store_add(struct schema_store *ht, const char *key, void *object) +{ + ht->store = talloc_realloc(ht, ht->store, struct schema_link, ht->num_links + 1); + if (!ht->store) return LDB_ERR_OPERATIONS_ERROR; + + ht->store[ht->num_links].name = key; + ht->store[ht->num_links].object = object; + + ht->num_links++; + + return LDB_SUCCESS; +} + +static void *schema_store_find(struct schema_store *ht, const char *key) +{ + int i; + + for (i = 0; i < ht->num_links; i++) { + if (strcasecmp(ht->store[i].name, key) == 0) { + return ht->store[i].object; + } + } + + return NULL; +} + +#define SCHEMA_CHECK_VALUE(mem, val, mod) \ + do { if (mem == val) { \ + ret = LDB_ERR_OPERATIONS_ERROR; \ + ldb_asprintf_errstring(mod->ldb, \ + "schema module: Memory allocation or attribute error on %s", #mem); \ + goto done; } } while(0) + +struct schema_class **schema_get_class_list(struct ldb_module *module, + struct schema_private_data *data, + struct ldb_message_element *el) +{ + struct schema_class **list; + int i; + + list = talloc_array(data, struct schema_class *, el->num_values + 1); + if (!list) { + ldb_debug(module->ldb, LDB_DEBUG_ERROR, "Out of Memory"); + return NULL; + } + + for (i = 0; i < el->num_values; i++) { + list[i] = (struct schema_class *)schema_store_find(data->class_store, + (char *)el->values[i].data); + if (!list[i]) { + ldb_debug_set(module->ldb, + LDB_DEBUG_ERROR, + "Class %s referenced but not found in schema\n", + (char *)el->values[i].data); + return NULL; + } + } + list[i] = NULL; + + return list; +} + +struct schema_attribute **schema_get_attrs_list(struct ldb_module *module, + struct schema_private_data *data, + struct ldb_message_element *el) +{ + struct schema_attribute **list; + int i; + + list = talloc_array(data, struct schema_attribute *, el->num_values + 1); + if (!list) { + ldb_debug(module->ldb, LDB_DEBUG_ERROR, "Out of Memory"); + return NULL; + } + + for (i = 0; i < el->num_values; i++) { + list[i] = (struct schema_attribute *)schema_store_find(data->attrs_store, + (char *)el->values[i].data); + if (!list[i]) { + ldb_debug_set(module->ldb, + LDB_DEBUG_ERROR, + "Attriobute %s referenced but not found in schema\n", + (char *)el->values[i].data); + return NULL; + } + } + list[i] = NULL; + + return list; +} + +static int map_schema_syntax(uint32_t om_syntax, const char *attr_syntax, const struct ldb_val *om_class, enum schema_int_attr_id *syntax) +{ + int ret; + + ret = LDB_SUCCESS; + + switch(om_syntax) { + case 1: + *syntax = SCHEMA_AS_BOOLEAN; + break; + case 2: + *syntax = SCHEMA_AS_INTEGER; + break; + case 4: + if (strcmp(attr_syntax, "2.5.5.10") == 0) { + *syntax = SCHEMA_AS_OCTET_STRING; + break; + } + if (strcmp(attr_syntax, "2.5.5.17") == 0) { + *syntax = SCHEMA_AS_SID; + break; + } + ret = LDB_ERR_OPERATIONS_ERROR; + break; + case 6: + *syntax = SCHEMA_AS_OID; + break; + case 10: + *syntax = SCHEMA_AS_ENUMERATION; + break; + case 18: + *syntax = SCHEMA_AS_NUMERIC_STRING; + break; + case 19: + *syntax = SCHEMA_AS_PRINTABLE_STRING; + break; + case 20: + *syntax = SCHEMA_AS_CASE_IGNORE_STRING; + break; + case 22: + *syntax = SCHEMA_AS_IA5_STRING; + break; + case 23: + *syntax = SCHEMA_AS_UTC_TIME; + break; + case 24: + *syntax = SCHEMA_AS_GENERALIZED_TIME; + break; + case 27: + *syntax = SCHEMA_AS_CASE_SENSITIVE_STRING; + break; + case 64: + *syntax = SCHEMA_AS_DIRECTORY_STRING; + break; + case 65: + *syntax = SCHEMA_AS_LARGE_INTEGER; + break; + case 66: + *syntax = SCHEMA_AS_OBJECT_SECURITY_DESCRIPTOR; + break; + case 127: + if (!om_class) { + ret = LDB_ERR_OPERATIONS_ERROR; + break; + } + + if (memcmp(om_class->data, "\x2b\x0c\x02\x87\x73\x1c\x00\x85\x4a\x00", MIN(om_class->length, 10)) == 0) { + *syntax = SCHEMA_AS_DN; + break; + } + if (memcmp(om_class->data, "\x2a\x86\x48\x86\xf7\x14\x01\x01\x01\x0b", MIN(om_class->length, 10)) == 0) { + *syntax = SCHEMA_AS_DN_BINARY; + break; + } + if (memcmp(om_class->data, "\x56\x06\x01\x02\x05\x0b\x1d\x00\x00\x00", MIN(om_class->length, 10)) == 0) { + *syntax = SCHEMA_AS_OR_NAME; + break; + } + if (memcmp(om_class->data, "\x2a\x86\x48\x86\xf7\x14\x01\x01\x01\x06", MIN(om_class->length, 10)) == 0) { + *syntax = SCHEMA_AS_REPLICA_LINK; + break; + } + if (memcmp(om_class->data, "\x2b\x0c\x02\x87\x73\x1c\x00\x85\x5c\x00", MIN(om_class->length, 10)) == 0) { + *syntax = SCHEMA_AS_PRESENTATION_ADDRESS; + break; + } + if (memcmp(om_class->data, "\x2b\x0c\x02\x87\x73\x1c\x00\x85\x3e\x00", MIN(om_class->length, 10)) == 0) { + *syntax = SCHEMA_AS_ACCESS_POINT; + break; + } + if (memcmp(om_class->data, "\x2a\x86\x48\x86\xf7\x14\x01\x01\x01\x0c", MIN(om_class->length, 10)) == 0) { + *syntax = SCHEMA_AS_DN_STRING; + break; + } + /* not found will error in default: */ + default: + ret = LDB_ERR_OPERATIONS_ERROR; + } + + return ret; +} + +static int schema_init_attrs(struct ldb_module *module, struct schema_private_data *data) +{ + static const char *schema_attrs[] = { "attributeID", + "lDAPDisplayName", + "attributeSyntax", + "oMSyntax", + "oMObjectClass", + "isSingleValued", + "rangeLower", + "rangeUpper", + NULL }; + struct ldb_result *res; + int ret, i; + + ret = ldb_search(module->ldb, + data->schema_dn, + LDB_SCOPE_SUBTREE, + "(objectClass=attributeSchema)", + schema_attrs, + &res); + + if (ret != LDB_SUCCESS) { + goto done; + } + + data->num_attributes = res->count; + data->attrs = talloc_array(data, struct schema_attribute *, res->count); + SCHEMA_CHECK_VALUE(data->attrs, NULL, module); + + data->attrs_store = schema_store_new(data); + SCHEMA_CHECK_VALUE(data->attrs_store, NULL, module); + + for (i = 0; i < res->count; i++) { + const char *tmp_single; + const char *attr_syntax; + uint32_t om_syntax; + const struct ldb_val *om_class; + + data->attrs[i] = talloc(data->attrs, struct schema_attribute); + SCHEMA_CHECK_VALUE(data->attrs[i], NULL, module); + + data->attrs[i]->OID = talloc_strdup(data->attrs[i], + ldb_msg_find_attr_as_string(res->msgs[i], "attributeID", NULL)); + SCHEMA_CHECK_VALUE(data->attrs[i]->OID, NULL, module); + + data->attrs[i]->name = talloc_strdup(data->attrs[i], + ldb_msg_find_attr_as_string(res->msgs[i], "lDAPDisplayName", NULL)); + SCHEMA_CHECK_VALUE(data->attrs[i]->name, NULL, module); + + /* once we have both the OID and the attribute name, add the pointer to the store */ + schema_store_add(data->attrs_store, data->attrs[i]->OID, data->attrs[i]); + schema_store_add(data->attrs_store, data->attrs[i]->name, data->attrs[i]); + + attr_syntax = ldb_msg_find_attr_as_string(res->msgs[i], "attributeSyntax", NULL); + SCHEMA_CHECK_VALUE(attr_syntax, NULL, module); + + om_syntax = ldb_msg_find_attr_as_uint(res->msgs[i], "oMSyntax", 0); + /* 0 is not a valid oMSyntax */ + SCHEMA_CHECK_VALUE(om_syntax, 0, module); + + om_class = ldb_msg_find_ldb_val(res->msgs[i], "oMObjectClass"); + + ret = map_schema_syntax(om_syntax, attr_syntax, om_class, &data->attrs[i]->syntax); + if (ret != LDB_SUCCESS) { + ldb_asprintf_errstring(module->ldb, + "schema module: invalid om syntax value on %s", + data->attrs[i]->name); + goto done; + } + + tmp_single = ldb_msg_find_attr_as_string(res->msgs[i], "isSingleValued", NULL); + SCHEMA_CHECK_VALUE(tmp_single, NULL, module); + if (strcmp(tmp_single, "TRUE") == 0) { + data->attrs[i]->single = 1; + } else { + data->attrs[i]->single = 0; + } + + /* rangeLower and rangeUpper are optional */ + data->attrs[i]->min = ldb_msg_find_attr_as_int(res->msgs[i], "rangeLower", -1); + data->attrs[i]->max = ldb_msg_find_attr_as_int(res->msgs[i], "rangeUpper", -1); + } + +done: + talloc_free(res); + return ret; +} + +static int schema_init_classes(struct ldb_module *module, struct schema_private_data *data) +{ + static const char *schema_attrs[] = { "governsID", + "lDAPDisplayName", + "objectClassCategory", + "systemOnly", + "subClassOf", + "systemAuxiliaryClass", + "auxiliaryClass", + "systemPossSuperiors", + "possSuperiors", + "possibleInferiors", + "systemMustContain", + "MustContain", + "systemMayContain", + "MayContain", + NULL }; + struct ldb_result *res; + int ret, i; + + ret = ldb_search(module->ldb, + data->schema_dn, + LDB_SCOPE_SUBTREE, + "(objectClass=classSchema)", + schema_attrs, + &res); + + if (ret != LDB_SUCCESS) { + goto done; + } + + data->num_classes = res->count; + data->class = talloc_array(data, struct schema_class *, res->count); + SCHEMA_CHECK_VALUE(data->class, NULL, module); + + data->class_store = schema_store_new(data); + SCHEMA_CHECK_VALUE(data->class_store, NULL, module); + + for (i = 0; i < res->count; i++) { + struct ldb_message_element *el; + + data->class[i] = talloc(data->class, struct schema_class); + SCHEMA_CHECK_VALUE(data->class[i], NULL, module); + + data->class[i]->OID = talloc_strdup(data->class[i], + ldb_msg_find_attr_as_string(res->msgs[i], "governsID", NULL)); + SCHEMA_CHECK_VALUE(data->class[i]->OID, NULL, module); + + data->class[i]->name = talloc_strdup(data->class[i], + ldb_msg_find_attr_as_string(res->msgs[i], "lDAPDisplayName", NULL)); + SCHEMA_CHECK_VALUE(data->class[i]->name, NULL, module); + + /* once we have both the OID and the class name, add the pointer to the store */ + schema_store_add(data->class_store, data->class[i]->OID, data->class[i]); + schema_store_add(data->class_store, data->class[i]->name, data->class[i]); + + data->class[i]->type = ldb_msg_find_attr_as_int(res->msgs[i], "objectClassCategory", -1); + /* 0 should not be a valid value, but turn out it is so test with -1 */ + SCHEMA_CHECK_VALUE(data->class[i]->type, -1, module); + + /* the following attributes are all optional */ + + data->class[i]->systemOnly = ldb_msg_find_attr_as_bool(res->msgs[i], "systemOnly", False); + + /* attributes are loaded first, so we can just go an query the attributes repo */ + + el = ldb_msg_find_element(res->msgs[i], "systemMustContain"); + if (el) { + data->class[i]->sysmust = schema_get_attrs_list(module, data, el); + SCHEMA_CHECK_VALUE(data->class[i]->sysmust, NULL, module); + } + + el = ldb_msg_find_element(res->msgs[i], "MustContain"); + if (el) { + data->class[i]->must = schema_get_attrs_list(module, data, el); + SCHEMA_CHECK_VALUE(data->class[i]->must, NULL, module); + } + + el = ldb_msg_find_element(res->msgs[i], "systemMayContain"); + if (el) { + data->class[i]->sysmay = schema_get_attrs_list(module, data, el); + SCHEMA_CHECK_VALUE(data->class[i]->sysmay, NULL, module); + } + + el = ldb_msg_find_element(res->msgs[i], "MayContain"); + if (el) { + data->class[i]->may = schema_get_attrs_list(module, data, el); + SCHEMA_CHECK_VALUE(data->class[i]->may, NULL, module); + } + + } + + /* subClassOf, systemAuxiliaryClass, auxiliaryClass, systemPossSuperiors + * must be filled in a second loop, when all class objects are allocated + * or we may not find a class that has not yet been parsed */ + for (i = 0; i < res->count; i++) { + struct ldb_message_element *el; + const char *attr; + + /* this is single valued anyway */ + attr = ldb_msg_find_attr_as_string(res->msgs[i], "subClassOf", NULL); + SCHEMA_CHECK_VALUE(attr, NULL, module); + data->class[i]->parent = schema_store_find(data->class_store, attr); + SCHEMA_CHECK_VALUE(data->class[i]->parent, NULL, module); + + /* the following attributes are all optional */ + + data->class[i]->sysaux = NULL; + el = ldb_msg_find_element(res->msgs[i], "systemAuxiliaryClass"); + if (el) { + data->class[i]->sysaux = schema_get_class_list(module, data, el); + SCHEMA_CHECK_VALUE(data->class[i]->sysaux, NULL, module); + } + + data->class[i]->aux = NULL; + el = ldb_msg_find_element(res->msgs[i], "auxiliaryClass"); + if (el) { + data->class[i]->aux = schema_get_class_list(module, data, el); + SCHEMA_CHECK_VALUE(data->class[i]->aux, NULL, module); + } + + data->class[i]->sysposssup = NULL; + el = ldb_msg_find_element(res->msgs[i], "systemPossSuperiors"); + if (el) { + data->class[i]->sysposssup = schema_get_class_list(module, data, el); + SCHEMA_CHECK_VALUE(data->class[i]->sysposssup, NULL, module); + } + + data->class[i]->posssup = NULL; + el = ldb_msg_find_element(res->msgs[i], "possSuperiors"); + if (el) { + data->class[i]->posssup = schema_get_class_list(module, data, el); + SCHEMA_CHECK_VALUE(data->class[i]->posssup, NULL, module); + } + + data->class[i]->possinf = NULL; + el = ldb_msg_find_element(res->msgs[i], "possibleInferiors"); + if (el) { + data->class[i]->possinf = schema_get_class_list(module, data, el); + SCHEMA_CHECK_VALUE(data->class[i]->possinf, NULL, module); + } + } + +done: + talloc_free(res); + return ret; +} + +static struct ldb_handle *schema_init_handle(struct ldb_request *req, struct ldb_module *module, enum sc_op op) +{ + struct schema_context *sctx; + struct ldb_handle *h; + + h = talloc_zero(req, struct ldb_handle); + if (h == NULL) { + ldb_set_errstring(module->ldb, "Out of Memory"); + return NULL; + } + + h->module = module; + + sctx = talloc_zero(h, struct schema_context); + if (sctx == NULL) { + ldb_set_errstring(module->ldb, "Out of Memory"); + talloc_free(h); + return NULL; + } + + h->private_data = (void *)sctx; + + h->state = LDB_ASYNC_INIT; + h->status = LDB_SUCCESS; + + sctx->op = op; + sctx->step = SC_INIT; + sctx->data = module->private_data; + sctx->module = module; + sctx->orig_req = req; + + return h; +} + +static int schema_add_check_parent(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +{ + struct schema_context *sctx; + + if (!context || !ares) { + ldb_set_errstring(ldb, "NULL Context or Result in callback"); + return LDB_ERR_OPERATIONS_ERROR; + } + + sctx = talloc_get_type(context, struct schema_context); + + /* we are interested only in the single reply (base search) we receive here */ + if (ares->type == LDB_REPLY_ENTRY) { + if (sctx->parent_res != NULL) { + ldb_set_errstring(ldb, "Too many results"); + talloc_free(ares); + return LDB_ERR_OPERATIONS_ERROR; + } + sctx->parent_res = talloc_steal(sctx, ares); + } else { + talloc_free(ares); + } + + return LDB_SUCCESS; +} + +static int schema_add_build_parent_req(struct schema_context *sctx) +{ + static const char * const parent_attrs[] = { "objectClass", NULL }; + int ret; + + sctx->parent_req = talloc_zero(sctx, struct ldb_request); + if (sctx->parent_req == NULL) { + ldb_debug(sctx->module->ldb, LDB_DEBUG_ERROR, "Out of Memory!\n"); + return LDB_ERR_OPERATIONS_ERROR; + } + + sctx->parent_req->operation = LDB_SEARCH; + sctx->parent_req->op.search.scope = LDB_SCOPE_BASE; + sctx->parent_req->op.search.base = ldb_dn_get_parent(sctx->parent_req, sctx->orig_req->op.add.message->dn); + sctx->parent_req->op.search.tree = ldb_parse_tree(sctx->module->ldb, "(objectClass=*)"); + sctx->parent_req->op.search.attrs = parent_attrs; + sctx->parent_req->controls = NULL; + sctx->parent_req->context = sctx; + sctx->parent_req->callback = schema_add_check_parent; + ret = ldb_set_timeout_from_prev_req(sctx->module->ldb, sctx->orig_req, sctx->parent_req); + + return ret; +} + +static struct schema_class_dlist *schema_add_get_dlist_entry_with_class(struct schema_class_dlist *list, struct schema_class *class) +{ + struct schema_class_dlist *temp; + + for (temp = list; temp && (temp->class != class); temp = temp->next) /* noop */ ; + return temp; +} + +static int schema_add_class_to_dlist(struct schema_class_dlist *list, struct schema_class *class, enum schema_class_type role) +{ + struct schema_class_dlist *entry; + struct schema_class_dlist *temp; + int ret; + + /* see if this class already exist in the class list */ + if (schema_add_get_dlist_entry_with_class(list, class)) { + return LDB_SUCCESS; + } + + /* this is a new class go on and add to the list */ + entry = talloc_zero(list, struct schema_class_dlist); + if (!entry) return LDB_ERR_OPERATIONS_ERROR; + entry->class = class; + entry->role = class->type; + + /* If parent is top (list is guaranteed to start always with top) */ + if (class->parent == list->class) { + /* if the hierarchy role is structural try to add it just after top */ + if (role == SCHEMA_CT_STRUCTURAL) { + /* but check no other class at after top has a structural role */ + if (list->next && (list->next->role == SCHEMA_CT_STRUCTURAL)) { + return LDB_ERR_OBJECT_CLASS_VIOLATION; + } + DLIST_ADD_AFTER(list, entry, list); + } else { + DLIST_ADD_END(list, entry, struct schema_class_dlist *); + } + return LDB_SUCCESS; + } + + /* search if parent has already been added */ + temp = schema_add_get_dlist_entry_with_class(list->next, class->parent); + if (temp == NULL) { + ret = schema_add_class_to_dlist(list, class->parent, role); + if (ret != LDB_SUCCESS) { + return ret; + } + temp = schema_add_get_dlist_entry_with_class(list->next, class->parent); + } + if (!temp) { /* parent not found !? */ + return LDB_ERR_OPERATIONS_ERROR; + } + + DLIST_ADD_AFTER(list, entry, temp); + if (role == SCHEMA_CT_STRUCTURAL || role == SCHEMA_CT_AUXILIARY) { + temp = entry; + do { + temp->role = role; + temp = temp->prev; + /* stop when hierarchy base is met or when base class parent is top */ + } while (temp->class == temp->next->class->parent && + temp->next->class->parent != list->class); + + /* if we have not reached the head of the list + * and role is structural */ + if (temp != list && role == SCHEMA_CT_STRUCTURAL) { + struct schema_class_dlist *hfirst, *hlast; + + /* check if the list second entry is structural */ + if (list->next->role == SCHEMA_CT_STRUCTURAL) { + /* we have a confilict here */ + return LDB_ERR_OBJECT_CLASS_VIOLATION; + } + /* we have to move this hierarchy of classes + * so that the base of the structural hierarchy is right after top */ + + hfirst = temp->next; + hlast = entry; + /* now hfirst - hlast are the boundaries of the structural hierarchy */ + + /* extract the structural hierachy from the list */ + hfirst->prev->next = hlast->next; + if (hlast->next) hlast->next->prev = hfirst->prev; + + /* insert the structural hierarchy just after top */ + list->next->prev = hlast; + hlast->next = list->next; + list->next = hfirst; + hfirst->prev = list; + } + } + + return LDB_SUCCESS; +} + +/* merge source list into dest list and remove duplicates */ +static int schema_merge_class_list(TALLOC_CTX *mem_ctx, struct schema_class ***dest, struct schema_class **source) +{ + struct schema_class **list = *dest; + int i, j, n, f; + + n = 0; + if (list) for (n = 0; list[n]; n++) /* noop */ ; + f = n; + + for (i = 0; source[i]; i++) { + for (j = 0; j < f; j++) { + if (list[j] == source[i]) { + break; + } + } + if (j < f) { /* duplicate found */ + continue; + } + + list = talloc_realloc(mem_ctx, list, struct schema_class *, n + 2); + if (!list) { + return LDB_ERR_OPERATIONS_ERROR; + } + list[n] = source[i]; + n++; + list[n] = NULL; + } + + *dest = list; + + return LDB_SUCCESS; +} + +/* validate and modify the objectclass attribute to sort and add parents */ +static int schema_add_build_objectclass_list(struct schema_context *sctx) +{ + struct schema_class_dlist *temp; + struct ldb_message_element * el; + struct schema_class *class; + int ret, i, an; + + /* First of all initialize list, it must start with class top */ + sctx->class_list = talloc_zero(sctx, struct schema_class_dlist); + if (!sctx->class_list) return LDB_ERR_OPERATIONS_ERROR; + + sctx->class_list->class = schema_store_find(sctx->data->class_store, "top"); + if (!sctx->class_list->class) return LDB_ERR_OPERATIONS_ERROR; + + el = ldb_msg_find_element(sctx->orig_req->op.add.message, "objectClass"); + if (!el) { + return LDB_ERR_OBJECT_CLASS_VIOLATION; + } + + for (i = 0; i < el->num_values; i++) { + + class = schema_store_find(sctx->data->class_store, (char *)el->values[i].data); + if (!class) { + return LDB_ERR_NO_SUCH_OBJECT; + } + + ret = schema_add_class_to_dlist(sctx->class_list, class, class->type); + if (ret != LDB_SUCCESS) { + return ret; + } + } + + /* now check if there is any class role that is still not STRUCTURAL or AUXILIARY */ + /* build also the auxiliary class list and the possible superiors list */ + temp = sctx->class_list->next; /* top is special, skip it */ + an = 0; + + while (temp) { + if (temp->role == SCHEMA_CT_ABSTRACT || temp->role == SCHEMA_CT_88) { + return LDB_ERR_OBJECT_CLASS_VIOLATION; + } + if (temp->class->sysaux) { + ret = schema_merge_class_list(sctx, &sctx->aux_list, temp->class->sysaux); + if (ret != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; + } + } + if (temp->class->aux) { + ret = schema_merge_class_list(sctx, &sctx->aux_list, temp->class->aux); + if (ret != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; + } + } + if (temp->class->sysposssup) { + ret = schema_merge_class_list(sctx, &sctx->sup_list, temp->class->sysposssup); + if (ret != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; + } + } + if (temp->class->posssup) { + ret = schema_merge_class_list(sctx, &sctx->sup_list, temp->class->posssup); + if (ret != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; + } + } + temp = temp->next; + } + + /* complete sup_list with material from the aux classes */ + for (i = 0; sctx->aux_list && sctx->aux_list[i]; i++) { + if (sctx->aux_list[i]->sysposssup) { + ret = schema_merge_class_list(sctx, &sctx->sup_list, sctx->aux_list[i]->sysposssup); + if (ret != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; + } + } + if (sctx->aux_list[i]->posssup) { + ret = schema_merge_class_list(sctx, &sctx->sup_list, sctx->aux_list[i]->posssup); + if (ret != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; + } + } + } + + if (!sctx->sup_list) return LDB_ERR_NAMING_VIOLATION; + + return LDB_SUCCESS; +} + +static int schema_add_check_container_constraints(struct schema_context *sctx) +{ + struct schema_class **parent_possinf = NULL; + struct schema_class **parent_classes; + struct schema_class_dlist *temp; + struct ldb_message_element *el; + int i, j, ret; + + el = ldb_msg_find_element(sctx->parent_res->message, "objectClass"); + if (!el) { + /* what the .. */ + return LDB_ERR_OPERATIONS_ERROR; + } + + parent_classes = talloc_array(sctx, struct schema_class *, el->num_values + 1); + + for (i = 0; i < el->num_values; i++) { + + parent_classes[i] = schema_store_find(sctx->data->class_store, (const char *)el->values[i].data); + if (!parent_classes[i]) { /* should not be possible */ + return LDB_ERR_OPERATIONS_ERROR; + } + + if (parent_classes[i]->possinf) { + ret = schema_merge_class_list(sctx, &parent_possinf, parent_classes[i]->possinf); + if (ret != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; + } + } + + /* check also embedded auxiliary classes possinf */ + for (j = 0; parent_classes[i]->sysaux && parent_classes[i]->sysaux[j]; j++) { + if (parent_classes[i]->sysaux[j]->possinf) { + ret = schema_merge_class_list(sctx, &parent_possinf, parent_classes[i]->sysaux[j]->possinf); + if (ret != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; + } + } + } + for (j = 0; parent_classes[i]->aux && parent_classes[i]->aux[j]; j++) { + if (parent_classes[i]->aux[j]->possinf) { + ret = schema_merge_class_list(sctx, &parent_possinf, parent_classes[i]->aux[j]->possinf); + if (ret != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; + } + } + } + } + + /* foreach parent objectclass, + * check parent possible inferiors match all of the child objectclasses + * and that + * poss Superiors of the child objectclasses mathes one of the parent classes + */ + + temp = sctx->class_list->next; /* skip top it is special */ + while (temp) { + + for (i = 0; parent_possinf[i]; i++) { + if (temp->class == parent_possinf[i]) { + break; + } + } + if (parent_possinf[i] == NULL) { + /* class not found in possible inferiors */ + return LDB_ERR_NAMING_VIOLATION; + } + + temp = temp->next; + } + + for (i = 0; parent_classes[i]; i++) { + for (j = 0; sctx->sup_list[j]; j++) { + if (sctx->sup_list[j] == parent_classes[i]) { + break; + } + } + if (sctx->sup_list[j]) { /* possible Superiors match one of the parent classes */ + return LDB_SUCCESS; + } + } + + /* no parent classes matched superiors */ + return LDB_ERR_NAMING_VIOLATION; +} + +static int schema_add_build_down_req(struct schema_context *sctx) +{ + struct schema_class_dlist *temp; + struct ldb_message *msg; + int ret; + + sctx->down_req = talloc(sctx, struct ldb_request); + if (!sctx->down_req) { + ldb_set_errstring(sctx->module->ldb, "Out of memory!"); + return LDB_ERR_OPERATIONS_ERROR; + } + + *(sctx->down_req) = *(sctx->orig_req); /* copy the request */ + msg = ldb_msg_copy_shallow(sctx->down_req, sctx->orig_req->op.add.message); + if (!msg) { + ldb_set_errstring(sctx->module->ldb, "Out of memory!"); + return LDB_ERR_OPERATIONS_ERROR; + } + + ldb_msg_remove_attr(msg, "objectClass"); + ret = ldb_msg_add_empty(msg, "objectClass", 0); + if (ret != LDB_SUCCESS) { + return ret; + } + + /* Add the complete list of classes back to the message */ + for (temp = sctx->class_list; temp; temp = temp->next) { + ret = ldb_msg_add_string(msg, "objectClass", temp->class->name); + if (ret != LDB_SUCCESS) { + return ret; + } + } + + sctx->down_req->op.add.message = msg; + + return LDB_SUCCESS; +} + +static int schema_add_continue(struct ldb_handle *h) +{ + struct schema_context *sctx; + int ret; + + sctx = talloc_get_type(h->private_data, struct schema_context); + + switch (sctx->step) { + case SC_INIT: + + /* First of all check that a parent exists for this entry */ + ret = schema_add_build_parent_req(sctx); + if (ret != LDB_SUCCESS) { + break; + } + + sctx->step = SC_ADD_CHECK_PARENT; + return ldb_next_request(sctx->module, sctx->parent_req); + + case SC_ADD_CHECK_PARENT: + + /* parent search done, check result and go on */ + if (sctx->parent_res == NULL) { + /* we must have a parent */ + ret = LDB_ERR_NO_SUCH_OBJECT; + break; + } + + /* Check objectclasses are ok */ + ret = schema_add_build_objectclass_list(sctx); + if (ret != LDB_SUCCESS) { + break; + } + + /* check the parent is of the right type for this object */ + ret = schema_add_check_container_constraints(sctx); + if (ret != LDB_SUCCESS) { + break; + } + + /* check attributes syntax */ + /* + ret = schema_check_attributes_syntax(sctx); + if (ret != LDB_SUCCESS) { + break; + } + */ + + ret = schema_add_build_down_req(sctx); + if (ret != LDB_SUCCESS) { + break; + } + sctx->step = SC_ADD_TEMP; + + return ldb_next_request(sctx->module, sctx->down_req); + + default: + ret = LDB_ERR_OPERATIONS_ERROR; + break; + } + + /* this is reached only in case of error */ + /* FIXME: fire an async reply ? */ + h->status = ret; + h->state = LDB_ASYNC_DONE; + return ret; +} + +static int schema_add(struct ldb_module *module, struct ldb_request *req) +{ + struct schema_context *sctx; + struct ldb_handle *h; + + if (ldb_dn_is_special(req->op.add.message->dn)) { /* do not manipulate our control entries */ + return ldb_next_request(module, req); + } + + h = schema_init_handle(req, module, SC_ADD); + if (!h) { + return LDB_ERR_OPERATIONS_ERROR; + } + + sctx = talloc_get_type(h->private_data, struct schema_context); + sctx->orig_req->handle = h; + return schema_add_continue(h); +} + + +static int schema_modify(struct ldb_module *module, struct ldb_request *req) +{ + struct ldb_handle *h; + struct schema_context *sctx; + + if (ldb_dn_is_special(req->op.mod.message->dn)) { /* do not manipulate our control entries */ + return ldb_next_request(module, req); + } + + return ldb_next_request(module, req); +} + +static int schema_delete(struct ldb_module *module, struct ldb_request *req) +{ + struct ldb_handle *h; + struct schema_context *sctx; + + if (ldb_dn_is_special(req->op.del.dn)) { /* do not manipulate our control entries */ + return ldb_next_request(module, req); + } + + /* First of all check no children exists for this entry */ + + return ldb_next_request(module, req); +} + +static int schema_rename(struct ldb_module *module, struct ldb_request *req) +{ + struct ldb_handle *h; + struct schema_context *sctx; + + if (ldb_dn_is_special(req->op.rename.olddn) && + ldb_dn_is_special(req->op.rename.newdn)) { /* do not manipulate our control entries */ + return ldb_next_request(module, req); + } + + return ldb_next_request(module, req); +} + +static int schema_wait_loop(struct ldb_handle *handle) { + struct schema_context *sctx; + int ret; + + if (!handle || !handle->private_data) { + return LDB_ERR_OPERATIONS_ERROR; + } + + if (handle->state == LDB_ASYNC_DONE) { + return handle->status; + } + + handle->state = LDB_ASYNC_PENDING; + handle->status = LDB_SUCCESS; + + sctx = talloc_get_type(handle->private_data, struct schema_context); + + switch (sctx->step) { + case SC_ADD_CHECK_PARENT: + ret = ldb_wait(sctx->parent_req->handle, LDB_WAIT_NONE); + + if (ret != LDB_SUCCESS) { + handle->status = ret; + goto done; + } + if (sctx->parent_req->handle->status != LDB_SUCCESS) { + handle->status = sctx->parent_req->handle->status; + goto done; + } + + if (sctx->parent_req->handle->state != LDB_ASYNC_DONE) { + return LDB_SUCCESS; + } + + return schema_add_continue(handle); + + case SC_ADD_TEMP: + ret = ldb_wait(sctx->down_req->handle, LDB_WAIT_NONE); + + if (ret != LDB_SUCCESS) { + handle->status = ret; + goto done; + } + if (sctx->down_req->handle->status != LDB_SUCCESS) { + handle->status = sctx->down_req->handle->status; + goto done; + } + + if (sctx->down_req->handle->state != LDB_ASYNC_DONE) { + return LDB_SUCCESS; + } + + break; + + default: + ret = LDB_ERR_OPERATIONS_ERROR; + goto done; + } + + ret = LDB_SUCCESS; + +done: + handle->state = LDB_ASYNC_DONE; + return ret; +} + +static int schema_wait_all(struct ldb_handle *handle) { + + int ret; + + while (handle->state != LDB_ASYNC_DONE) { + ret = schema_wait_loop(handle); + if (ret != LDB_SUCCESS) { + return ret; + } + } + + return handle->status; +} + +static int schema_wait(struct ldb_handle *handle, enum ldb_wait_type type) +{ + if (type == LDB_WAIT_ALL) { + return schema_wait_all(handle); + } else { + return schema_wait_loop(handle); + } +} + +static int schema_init(struct ldb_module *module) +{ + static const char *schema_attrs[] = { "schemaNamingContext", NULL }; + struct schema_private_data *data; + struct ldb_result *res; + int ret; + + /* need to let the partiorion module to register first */ + ret = ldb_next_init(module); + if (ret != LDB_SUCCESS) { + return ret; + } + + data = talloc_zero(module, struct schema_private_data); + if (data == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + /* find the schema partition */ + ret = ldb_search(module->ldb, + ldb_dn_new(module), + LDB_SCOPE_BASE, + "(objectClass=*)", + schema_attrs, + &res); + + if (res->count != 1) { + /* FIXME: return a clear error string */ + talloc_free(data); + talloc_free(res); + return LDB_ERR_OPERATIONS_ERROR; + } + + data->schema_dn = ldb_msg_find_attr_as_dn(data, res->msgs[0], "schemaNamingContext"); + if (data->schema_dn == NULL) { + /* FIXME: return a clear error string */ + talloc_free(data); + talloc_free(res); + return LDB_ERR_OPERATIONS_ERROR; + } + + talloc_free(res); + + ret = schema_init_attrs(module, data); + if (ret != LDB_SUCCESS) { + talloc_free(data); + return ret; + } + + ret = schema_init_classes(module, data); + if (ret != LDB_SUCCESS) { + talloc_free(data); + return ret; + } + + module->private_data = data; + return LDB_SUCCESS; +} + +static const struct ldb_module_ops schema_ops = { + .name = "schema", + .init_context = schema_init, + .add = schema_add, + .modify = schema_modify, + .del = schema_delete, + .rename = schema_rename, + .wait = schema_wait +}; + +int ldb_schema_init(void) +{ + return ldb_register_module(&schema_ops); +} -- cgit From 69ecd9538fac24e20c7500096a479a7c8ff260ba Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 28 Aug 2006 03:26:17 +0000 Subject: r17870: This module (for the moment) handles the modifyTimestamp generation. For that, it needs to hook into the modify operation. Andrew Bartlett (This used to be commit d22117a53bafa4bb72c854353620099b5a6f81d8) --- source4/dsdb/samdb/ldb_modules/objectguid.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/objectguid.c b/source4/dsdb/samdb/ldb_modules/objectguid.c index ca27f17d71..7e475d1ef4 100644 --- a/source4/dsdb/samdb/ldb_modules/objectguid.c +++ b/source4/dsdb/samdb/ldb_modules/objectguid.c @@ -203,6 +203,7 @@ static int objectguid_modify(struct ldb_module *module, struct ldb_request *req) static const struct ldb_module_ops objectguid_ops = { .name = "objectguid", .add = objectguid_add, + .modify = objectguid_modify, }; -- cgit From 3ddab071eb81023fa99e69d0a8a2d696cf56db70 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 28 Aug 2006 18:00:45 +0000 Subject: r17894: better name for the internal syntax type (This used to be commit 4241a1bb832461ca44ce0f20cb770ea2b6f2d7e3) --- source4/dsdb/samdb/ldb_modules/schema.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/schema.c b/source4/dsdb/samdb/ldb_modules/schema.c index 21a6527e10..3e8a70a043 100644 --- a/source4/dsdb/samdb/ldb_modules/schema.c +++ b/source4/dsdb/samdb/ldb_modules/schema.c @@ -41,7 +41,7 @@ see ldap_server/devdocs/AD-syntaxes.txt */ -enum schema_int_attr_id { +enum schema_internal_syntax { SCHEMA_AS_BOOLEAN, SCHEMA_AS_INTEGER, SCHEMA_AS_OCTET_STRING, @@ -77,7 +77,7 @@ enum schema_class_type { struct schema_attribute { char *OID; /* attributeID */ char *name; /* lDAPDisplayName */ - enum schema_int_attr_id syntax; /* generated from attributeSyntax, oMSyntax, oMObjectClass */ + enum schema_internal_syntax syntax; /* generated from attributeSyntax, oMSyntax, oMObjectClass */ bool single; /* isSingleValued */ int min; /* rangeLower */ int max; /* rangeUpper */ @@ -253,7 +253,7 @@ struct schema_attribute **schema_get_attrs_list(struct ldb_module *module, return list; } -static int map_schema_syntax(uint32_t om_syntax, const char *attr_syntax, const struct ldb_val *om_class, enum schema_int_attr_id *syntax) +static int map_schema_syntax(uint32_t om_syntax, const char *attr_syntax, const struct ldb_val *om_class, enum schema_internal_syntax *syntax) { int ret; -- cgit From 814582de5a8a8fa63bcff14e5fa4c847e1ab470f Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 28 Aug 2006 23:30:43 +0000 Subject: r17898: handle objectcategory and isdefunct for classes (This used to be commit 7664b52b89bfac6f2db52fae2daa65c856acd1ac) --- source4/dsdb/samdb/ldb_modules/schema.c | 77 +++++++++++++++++++++++++-------- 1 file changed, 60 insertions(+), 17 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/schema.c b/source4/dsdb/samdb/ldb_modules/schema.c index 3e8a70a043..090a211927 100644 --- a/source4/dsdb/samdb/ldb_modules/schema.c +++ b/source4/dsdb/samdb/ldb_modules/schema.c @@ -81,23 +81,29 @@ struct schema_attribute { bool single; /* isSingleValued */ int min; /* rangeLower */ int max; /* rangeUpper */ + int systemflag; /* systemFlag */ + int searchflag; /* searchFlag */ + bool isdefunct; /* isDefunct */ }; struct schema_class { - char *OID; /* governsID */ - char *name; /* lDAPDisplayName */ - enum schema_class_type type; /* objectClassCategory */ - bool systemOnly; /* systemOnly */ - struct schema_class *parent; /* subClassOf */ - struct schema_class **sysaux; /* systemAuxiliaryClass */ - struct schema_class **aux; /* auxiliaryClass */ - struct schema_class **sysposssup; /* systemPossSuperiors */ - struct schema_class **posssup; /* possSuperiors */ - struct schema_class **possinf; /* possibleInferiors */ - struct schema_attribute **sysmust; /* systemMustContain */ - struct schema_attribute **must; /* MustContain */ - struct schema_attribute **sysmay; /* systemMayContain */ - struct schema_attribute **may; /* MayContain */ + char *OID; /* governsID */ + char *name; /* lDAPDisplayName */ + enum schema_class_type type; /* objectClassCategory */ + bool systemOnly; /* systemOnly */ + bool isdefunct; /* isDefunct */ + int systemflag; /* systemFlag */ + char *defobjcat; /* defaultObjectCategory */ + struct schema_class *parent; /* subClassOf */ + struct schema_class **sysaux; /* systemAuxiliaryClass */ + struct schema_class **aux; /* auxiliaryClass */ + struct schema_class **sysposssup; /* systemPossSuperiors */ + struct schema_class **posssup; /* possSuperiors */ + struct schema_class **possinf; /* possibleInferiors */ + struct schema_attribute **sysmust; /* systemMustContain */ + struct schema_attribute **must; /* MustContain */ + struct schema_attribute **sysmay; /* systemMayContain */ + struct schema_attribute **may; /* MayContain */ }; /* TODO: ditcontentrules */ @@ -365,6 +371,9 @@ static int schema_init_attrs(struct ldb_module *module, struct schema_private_da "isSingleValued", "rangeLower", "rangeUpper", + "searchFlag", + "systemFlag", + "isDefunct", NULL }; struct ldb_result *res; int ret, i; @@ -433,9 +442,12 @@ static int schema_init_attrs(struct ldb_module *module, struct schema_private_da data->attrs[i]->single = 0; } - /* rangeLower and rangeUpper are optional */ + /* the following are optional */ data->attrs[i]->min = ldb_msg_find_attr_as_int(res->msgs[i], "rangeLower", -1); data->attrs[i]->max = ldb_msg_find_attr_as_int(res->msgs[i], "rangeUpper", -1); + data->attrs[i]->systemflag = ldb_msg_find_attr_as_int(res->msgs[i], "systemFlag", 0); + data->attrs[i]->searchflag = ldb_msg_find_attr_as_int(res->msgs[i], "searchFlag", 0); + data->attrs[i]->isdefunct = ldb_msg_find_attr_as_bool(res->msgs[i], "isDefunct", False); } done: @@ -448,7 +460,10 @@ static int schema_init_classes(struct ldb_module *module, struct schema_private_ static const char *schema_attrs[] = { "governsID", "lDAPDisplayName", "objectClassCategory", + "defaultObjectCategory" "systemOnly", + "systemFlag", + "isDefunct", "subClassOf", "systemAuxiliaryClass", "auxiliaryClass", @@ -503,9 +518,16 @@ static int schema_init_classes(struct ldb_module *module, struct schema_private_ /* 0 should not be a valid value, but turn out it is so test with -1 */ SCHEMA_CHECK_VALUE(data->class[i]->type, -1, module); + data->class[i]->defobjcat = talloc_strdup(data->class[i], + ldb_msg_find_attr_as_string(res->msgs[i], + "defaultObjectCategory", NULL)); + SCHEMA_CHECK_VALUE(data->class[i]->defobjcat, NULL, module); + /* the following attributes are all optional */ data->class[i]->systemOnly = ldb_msg_find_attr_as_bool(res->msgs[i], "systemOnly", False); + data->class[i]->systemflag = ldb_msg_find_attr_as_int(res->msgs[i], "systemFlag", 0); + data->class[i]->isdefunct = ldb_msg_find_attr_as_bool(res->msgs[i], "isDefunct", False); /* attributes are loaded first, so we can just go an query the attributes repo */ @@ -689,6 +711,11 @@ static int schema_add_class_to_dlist(struct schema_class_dlist *list, struct sch struct schema_class_dlist *temp; int ret; + /* see if this class is usable */ + if (class->isdefunct) { + return LDB_ERR_NO_SUCH_ATTRIBUTE; + } + /* see if this class already exist in the class list */ if (schema_add_get_dlist_entry_with_class(list, class)) { return LDB_SUCCESS; @@ -828,7 +855,7 @@ static int schema_add_build_objectclass_list(struct schema_context *sctx) class = schema_store_find(sctx->data->class_store, (char *)el->values[i].data); if (!class) { - return LDB_ERR_NO_SUCH_OBJECT; + return LDB_ERR_NO_SUCH_ATTRIBUTE; } ret = schema_add_class_to_dlist(sctx->class_list, class, class->type); @@ -984,6 +1011,7 @@ static int schema_add_build_down_req(struct schema_context *sctx) { struct schema_class_dlist *temp; struct ldb_message *msg; + char *oc; int ret; sctx->down_req = talloc(sctx, struct ldb_request); @@ -999,6 +1027,7 @@ static int schema_add_build_down_req(struct schema_context *sctx) return LDB_ERR_OPERATIONS_ERROR; } + /* rebuild the objectclass list */ ldb_msg_remove_attr(msg, "objectClass"); ret = ldb_msg_add_empty(msg, "objectClass", 0); if (ret != LDB_SUCCESS) { @@ -1012,7 +1041,21 @@ static int schema_add_build_down_req(struct schema_context *sctx) return ret; } } - + + /* objectCategory can be set only by the system */ + if (ldb_msg_find_element(msg, "objectCategory")) { + return LDB_ERR_CONSTRAINT_VIOLATION; + } + + /* the OC is mandatory, every class defines it */ + /* use the one defined in the structural class that defines the object */ + for (temp = sctx->class_list->next; temp; temp = temp->next) { + if (!temp->next) break; + if (temp->next->role != SCHEMA_CT_STRUCTURAL) break; + } + oc = talloc_strdup(msg, temp->class->defobjcat); + ret = ldb_msg_add_string(msg, "objectCategory", oc); + sctx->down_req->op.add.message = msg; return LDB_SUCCESS; -- cgit From 0329d755a7611ba3897fc1ee9bdce410cc33d7f8 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 30 Aug 2006 11:29:34 +0000 Subject: r17930: Merge noinclude branch: * Move dlinklist.h, smb.h to subsystem-specific directories * Clean up ads.h and move what is left of it to dsdb/ (only place where it's used) (This used to be commit f7afa1cb77f3cfa7020b57de12e6003db7cfcc42) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 2 +- source4/dsdb/samdb/ldb_modules/schema.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 2fcfdff997..dbe307fc03 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -42,7 +42,7 @@ #include "auth/kerberos/kerberos.h" #include "system/time.h" #include "dsdb/samdb/samdb.h" -#include "ads.h" +#include "dsdb/common/flags.h" #include "hdb.h" #include "dsdb/samdb/ldb_modules/password_modules.h" diff --git a/source4/dsdb/samdb/ldb_modules/schema.c b/source4/dsdb/samdb/ldb_modules/schema.c index 090a211927..e498fa987e 100644 --- a/source4/dsdb/samdb/ldb_modules/schema.c +++ b/source4/dsdb/samdb/ldb_modules/schema.c @@ -34,7 +34,7 @@ #include "libcli/ldap/ldap.h" #include "ldb/include/ldb_errors.h" #include "ldb/include/ldb_private.h" -#include "include/dlinklist.h" +#include "lib/util/dlinklist.h" /* Syntax-Table -- cgit From 25f9e52a5d7a7dce7c98a1f27c9b38ada650d343 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 31 Aug 2006 08:17:09 +0000 Subject: r17955: Don't search for the dnsDomain attribute, it is invented (not in the AD schema). Andrew Bartlett (This used to be commit fac27e4dddc98288dc765e135db6b168fbec760c) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 30 ++++++++++++++++++++------ 1 file changed, 23 insertions(+), 7 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index dbe307fc03..9bdb9aa0cc 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -90,7 +90,7 @@ struct ph_context { struct domain_data { uint_t pwdProperties; uint_t pwdHistoryLength; - char *dnsDomain; + char *dns_domain; char *realm; }; @@ -165,7 +165,7 @@ static int add_krb5_keys_from_password(struct ldb_module *module, struct ldb_mes if (name[strlen(name)-1] == '$') { name[strlen(name)-1] = '\0'; } - saltbody = talloc_asprintf(msg, "%s.%s", name, domain->dnsDomain); + saltbody = talloc_asprintf(msg, "%s.%s", name, domain->dns_domain); krb5_ret = krb5_make_principal(smb_krb5_context->krb5_context, &salt_principal, @@ -480,7 +480,7 @@ static int build_domain_data_request(struct ph_context *ac) /* attrs[] is returned from this function in ac->dom_req->op.search.attrs, so it must be static, as otherwise the compiler can put it on the stack */ - static const char * const attrs[] = { "pwdProperties", "pwdHistoryLength", "dnsDomain", NULL }; + static const char * const attrs[] = { "pwdProperties", "pwdHistoryLength", NULL }; char *filter; ac->dom_req = talloc_zero(ac, struct ldb_request); @@ -520,7 +520,8 @@ static struct domain_data *get_domain_data(struct ldb_module *module, void *ctx, struct domain_data *data; const char *tmp; struct ph_context *ac; - + char *p; + ac = talloc_get_type(ctx, struct ph_context); data = talloc_zero(ac, struct domain_data); @@ -536,11 +537,26 @@ static struct domain_data *get_domain_data(struct ldb_module *module, void *ctx, data->pwdProperties = samdb_result_uint(res->message, "pwdProperties", 0); data->pwdHistoryLength = samdb_result_uint(res->message, "pwdHistoryLength", 0); - tmp = ldb_msg_find_attr_as_string(res->message, "dnsDomain", NULL); + + /* For a domain DN, this puts things in dotted notation */ + /* For builtin domains, this will give details for the host, + * but that doesn't really matter, as it's just used for salt + * and kerberos principals, which don't exist here */ + + tmp = ldb_dn_canonical_string(ctx, res->message->dn); + if (!tmp) { + return NULL; + } + + /* But it puts a trailing (or just before 'builtin') / on things, so kill that */ + p = strchr(tmp, '/'); + if (p) { + p[0] = '\0'; + } if (tmp != NULL) { - data->dnsDomain = talloc_strdup(data, tmp); - if (data->dnsDomain == NULL) { + data->dns_domain = strlower_talloc(data, tmp); + if (data->dns_domain == NULL) { ldb_debug(module->ldb, LDB_DEBUG_ERROR, "Out of memory!\n"); return NULL; } -- cgit From 23e6b27d5c7f04dfd948decb21bcefccc7070b13 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sat, 2 Sep 2006 02:41:26 +0000 Subject: r17998: start working on syntaxes (This used to be commit b49b8f5cb5ffa29a3b63f70a1f437c9720d2228c) --- source4/dsdb/samdb/ldb_modules/config.mk | 2 +- source4/dsdb/samdb/ldb_modules/schema.c | 31 +- source4/dsdb/samdb/ldb_modules/schema_syntax.c | 373 +++++++++++++++++++++++++ source4/dsdb/samdb/ldb_modules/schema_syntax.h | 64 +++++ 4 files changed, 441 insertions(+), 29 deletions(-) create mode 100644 source4/dsdb/samdb/ldb_modules/schema_syntax.c create mode 100644 source4/dsdb/samdb/ldb_modules/schema_syntax.h (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index a24703c5b6..1e3b793629 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -130,7 +130,7 @@ OBJ_FILES = \ SUBSYSTEM = ldb INIT_FUNCTION = ldb_schema_init OBJ_FILES = \ - schema.o + schema.o schema_syntax.o # # End MODULE ldb_schema ################################################ diff --git a/source4/dsdb/samdb/ldb_modules/schema.c b/source4/dsdb/samdb/ldb_modules/schema.c index e498fa987e..36b7916e95 100644 --- a/source4/dsdb/samdb/ldb_modules/schema.c +++ b/source4/dsdb/samdb/ldb_modules/schema.c @@ -35,38 +35,13 @@ #include "ldb/include/ldb_errors.h" #include "ldb/include/ldb_private.h" #include "lib/util/dlinklist.h" +#include "schema_syntax.h" /* Syntax-Table see ldap_server/devdocs/AD-syntaxes.txt */ -enum schema_internal_syntax { - SCHEMA_AS_BOOLEAN, - SCHEMA_AS_INTEGER, - SCHEMA_AS_OCTET_STRING, - SCHEMA_AS_SID, - SCHEMA_AS_OID, - SCHEMA_AS_ENUMERATION, - SCHEMA_AS_NUMERIC_STRING, - SCHEMA_AS_PRINTABLE_STRING, - SCHEMA_AS_CASE_IGNORE_STRING, - SCHEMA_AS_IA5_STRING, - SCHEMA_AS_UTC_TIME, - SCHEMA_AS_GENERALIZED_TIME, - SCHEMA_AS_CASE_SENSITIVE_STRING, - SCHEMA_AS_DIRECTORY_STRING, - SCHEMA_AS_LARGE_INTEGER, - SCHEMA_AS_OBJECT_SECURITY_DESCRIPTOR, - SCHEMA_AS_DN, - SCHEMA_AS_DN_BINARY, - SCHEMA_AS_OR_NAME, - SCHEMA_AS_REPLICA_LINK, - SCHEMA_AS_PRESENTATION_ADDRESS, - SCHEMA_AS_ACCESS_POINT, - SCHEMA_AS_DN_STRING -}; - enum schema_class_type { SCHEMA_CT_88 = 0, SCHEMA_CT_STRUCTURAL = 1, @@ -443,8 +418,8 @@ static int schema_init_attrs(struct ldb_module *module, struct schema_private_da } /* the following are optional */ - data->attrs[i]->min = ldb_msg_find_attr_as_int(res->msgs[i], "rangeLower", -1); - data->attrs[i]->max = ldb_msg_find_attr_as_int(res->msgs[i], "rangeUpper", -1); + data->attrs[i]->min = ldb_msg_find_attr_as_int(res->msgs[i], "rangeLower", INT_MIN); + data->attrs[i]->max = ldb_msg_find_attr_as_int(res->msgs[i], "rangeUpper", INT_MAX); data->attrs[i]->systemflag = ldb_msg_find_attr_as_int(res->msgs[i], "systemFlag", 0); data->attrs[i]->searchflag = ldb_msg_find_attr_as_int(res->msgs[i], "searchFlag", 0); data->attrs[i]->isdefunct = ldb_msg_find_attr_as_bool(res->msgs[i], "isDefunct", False); diff --git a/source4/dsdb/samdb/ldb_modules/schema_syntax.c b/source4/dsdb/samdb/ldb_modules/schema_syntax.c new file mode 100644 index 0000000000..02c42bbf8f --- /dev/null +++ b/source4/dsdb/samdb/ldb_modules/schema_syntax.c @@ -0,0 +1,373 @@ +/* + ldb database library + + Copyright (C) Simo Sorce 2004-2006 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +/* + * Name: ldb + * + * Component: ldb schema module + * + * Description: add schema syntax functionality + * + * Author: Simo Sorce + * + * License: GNU GPL v2 or Later + */ + +#include "includes.h" +#include "ldb/include/ldb.h" +#include "ldb/include/ldb_errors.h" +#include "schema_syntax.h" + +static int schema_validate_boolean(struct ldb_val *val, int min, int max) +{ + + if ((strncmp("TRUE", (const char *)val->data, val->length) != 0) && + (strncmp("FALSE", (const char *)val->data, val->length) != 0)) { + return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; + } + + return LDB_SUCCESS; +} + +static int schema_validate_integer(struct ldb_val *val, int min, int max) +{ + int value; + char *endptr; + + errno = 0; + value = strtol((const char *)val->data, &endptr, 0); + if (errno) return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; + if (endptr[0] != '\0') return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; + if ((min > INT_MIN) && (value < min)) return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; + if ((max < INT_MAX) && (value > max)) return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; + + return LDB_SUCCESS; +} + +static int schema_validate_binary_blob(struct ldb_val *val, int min, int max) +{ + /* is there anythign we should check in a binary blob ? */ + return LDB_SUCCESS; +} + +static int schema_validate_sid(struct ldb_val *val, int min, int max) +{ + /* TODO: validate binary form of objectSid */ + return LDB_SUCCESS; +} + +static int schema_validate_oid(struct ldb_val *val, int min, int max) +{ + if (strspn((const char *)val->data, "0123456789.") != val->length) + return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; + + return LDB_SUCCESS; +} + +static int schema_validate_numeric_string(struct ldb_val *val, int min, int max) +{ + if (strspn((const char *)val->data, "0123456789") != val->length) + return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; + + return LDB_SUCCESS; +} + +static int schema_validate_printable_string(struct ldb_val *val, int min, int max) +{ + /* TODO: find out what constitutes the printable character set */ + return LDB_SUCCESS; +} + +static int schema_validate_teletext_string(struct ldb_val *val, int min, int max) +{ + /* TODO: find out what constitutes the teletext character set */ + return LDB_SUCCESS; +} + +static int schema_validate_ia5_string(struct ldb_val *val, int min, int max) +{ + /* TODO: find out what constitutes the IA5 character set */ + return LDB_SUCCESS; +} + +static int schema_validate_utc_time(struct ldb_val *val, int min, int max) +{ + /* TODO: validate syntax of UTC Time string */ + return LDB_SUCCESS; +} + +static int schema_validate_generalized_time(struct ldb_val *val, int min, int max) +{ + /* TODO: validate syntax of Generalized Time string */ + return LDB_SUCCESS; +} + +/* NOTE: not a single attribute has this syntax in the basic w2k3 schema */ +static int schema_validate_sensitive_string(struct ldb_val *val, int min, int max) +{ + /* TODO: find out what constitutes a "case sensitive string" */ + return LDB_SUCCESS; +} + +static int schema_validate_unicode_string(struct ldb_val *val, int min, int max) +{ + /* TODO: validate utf8 string */ + return LDB_SUCCESS; +} + +static int schema_validate_large_integer(struct ldb_val *val, int min, int max) +{ + /* TODO: validate large integer/interval */ + return LDB_SUCCESS; +} + +static int schema_validate_object_sd(struct ldb_val *val, int min, int max) +{ + /* TODO: validate object Security Descriptor */ + return LDB_SUCCESS; +} + +static int schema_validate_dn(struct ldb_val *val, int min, int max) +{ + TALLOC_CTX *memctx; + struct ldb_dn *dn; + int ret = LDB_SUCCESS; + + memctx = talloc_new(NULL); + if (!memctx) return LDB_ERR_OPERATIONS_ERROR; + + dn = ldb_dn_explode(memctx, (const char *)val->data); + if (!dn) { + ret = LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; + } + + talloc_free(memctx); + return ret; +} + +static int schema_validate_binary_plus_dn(struct ldb_val *val, int min, int max) +{ + int ret = LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; + TALLOC_CTX *memctx; + struct ldb_dn *dn; + char *str, *p; + char *endptr; + int num; + + memctx = talloc_new(NULL); + if (!memctx) return LDB_ERR_OPERATIONS_ERROR; + + str = talloc_strdup(memctx, (const char *)val->data); + if (!str) { + ret = LDB_ERR_OPERATIONS_ERROR; + goto done; + } + if (strncasecmp(str, "B:", 2) != 0) { + goto done; + } + + /* point at the number of chars in the string */ + str = strchr(&str[2], ':'); + if (!str) { + goto done; + } + str++; + + errno = 0; + num = strtol(str, &endptr, 0); + if (errno) return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; + if (endptr[0] != ':') return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; + if ((min > INT_MIN) && (num < min)) return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; + if ((max < INT_MAX) && (num > max)) return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; + + /* point at the string */ + str = strchr(str, ':'); + if (!str) { + goto done; + } + str++; + + /* terminate the string */ + p = strchr(str, ':'); + if (!p) { + goto done; + } + *p = '\0'; + + if (strlen(str) != 2*num) { + goto done; + } + + str = p + 1; + + dn = ldb_dn_explode(memctx, str); + if (dn) { + ret = LDB_SUCCESS; + } + +done: + talloc_free(memctx); + return ret; +} + +static int schema_validate_x400_or_name(struct ldb_val *val, int min, int max) +{ + /* TODO: find out what is the syntax of an X400 OR NAME */ + return LDB_SUCCESS; +} + +static int schema_validate_presentation_address(struct ldb_val *val, int min, int max) +{ + /* TODO: find out what is the syntax of a presentation address */ + return LDB_SUCCESS; +} + +static int schema_validate_x400_access_point(struct ldb_val *val, int min, int max) +{ + /* TODO: find out what is the syntax of an X400 Access Point */ + return LDB_SUCCESS; +} + +/* NOTE: seem there isn't a single attribute defined like this in the base w2k3 schema */ +static int schema_validate_string_plus_dn(struct ldb_val *val, int min, int max) +{ + int ret = LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; + TALLOC_CTX *memctx; + struct ldb_dn *dn; + char *str, *p; + char *endptr; + int num; + + memctx = talloc_new(NULL); + if (!memctx) return LDB_ERR_OPERATIONS_ERROR; + + str = talloc_strdup(memctx, (const char *)val->data); + if (!str) { + ret = LDB_ERR_OPERATIONS_ERROR; + goto done; + } + if (strncasecmp(str, "S:", 2) != 0) { + goto done; + } + + /* point at the number of chars in the string */ + str = strchr(&str[2], ':'); + if (!str) { + goto done; + } + str++; + + errno = 0; + num = strtol(str, &endptr, 0); + if (errno) return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; + if (endptr[0] != ':') return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; + if ((min > INT_MIN) && (num < min)) return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; + if ((max < INT_MAX) && (num > max)) return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; + + /* point at the string */ + str = strchr(str, ':'); + if (!str) { + goto done; + } + str++; + + /* terminate the string */ + p = strchr(str, ':'); + if (!p) { + goto done; + } + *p = '\0'; + + if (strlen(str) != num) { + goto done; + } + + str = p + 1; + + dn = ldb_dn_explode(memctx, str); + if (dn) { + ret = LDB_SUCCESS; + } + +done: + talloc_free(memctx); + return ret; +} + +struct schema_syntax_validator { + enum schema_internal_syntax type; + int (*validate)(struct ldb_val *, int, int); +}; + +struct schema_syntax_validator schema_syntax_validators[] = { + { SCHEMA_AS_BOOLEAN, schema_validate_boolean }, + { SCHEMA_AS_INTEGER, schema_validate_integer }, + { SCHEMA_AS_OCTET_STRING, schema_validate_binary_blob }, + { SCHEMA_AS_SID, schema_validate_sid }, + { SCHEMA_AS_OID, schema_validate_oid }, + { SCHEMA_AS_ENUMERATION, schema_validate_integer }, + { SCHEMA_AS_NUMERIC_STRING, schema_validate_numeric_string }, + { SCHEMA_AS_PRINTABLE_STRING, schema_validate_printable_string }, + { SCHEMA_AS_CASE_IGNORE_STRING, schema_validate_teletext_string }, + { SCHEMA_AS_IA5_STRING, schema_validate_ia5_string }, + { SCHEMA_AS_UTC_TIME, schema_validate_utc_time }, + { SCHEMA_AS_GENERALIZED_TIME, schema_validate_generalized_time }, + { SCHEMA_AS_CASE_SENSITIVE_STRING, schema_validate_sensitive_string }, + { SCHEMA_AS_DIRECTORY_STRING, schema_validate_unicode_string }, + { SCHEMA_AS_LARGE_INTEGER, schema_validate_large_integer }, + { SCHEMA_AS_OBJECT_SECURITY_DESCRIPTOR, schema_validate_object_sd }, + { SCHEMA_AS_DN, schema_validate_dn }, + { SCHEMA_AS_DN_BINARY, schema_validate_binary_plus_dn }, + { SCHEMA_AS_OR_NAME, schema_validate_x400_or_name }, + { SCHEMA_AS_REPLICA_LINK, schema_validate_binary_blob }, + { SCHEMA_AS_PRESENTATION_ADDRESS, schema_validate_presentation_address }, /* see rfc1278 ? */ + { SCHEMA_AS_ACCESS_POINT, schema_validate_x400_access_point }, + { SCHEMA_AS_DN_STRING, schema_validate_string_plus_dn }, + { -1, NULL } +}; + +int schema_validate(struct ldb_message_element *el, + enum schema_internal_syntax type, + bool single, int min, int max) +{ + struct schema_syntax_validator *v; + int i, ret; + + if (single && (el->num_values > 1)) { + return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; + } + + for (i = 0; schema_syntax_validators[i].type != 0; i++) { + if (schema_syntax_validators[i].type == type) + break; + } + if (schema_syntax_validators[i].type == 0) { + return LDB_ERR_OPERATIONS_ERROR; + } + v = &schema_syntax_validators[i]; + + for (i = 0; i < el->num_values; i++) { + ret = v->validate(&el->values[i], min, max); + } + + return LDB_SUCCESS; +} + + diff --git a/source4/dsdb/samdb/ldb_modules/schema_syntax.h b/source4/dsdb/samdb/ldb_modules/schema_syntax.h new file mode 100644 index 0000000000..1974c10b99 --- /dev/null +++ b/source4/dsdb/samdb/ldb_modules/schema_syntax.h @@ -0,0 +1,64 @@ +/* + ldb database library + + Copyright (C) Simo Sorce 2004-2006 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +/* + * Name: ldb + * + * Component: ldb schema module + * + * Description: add schema syntax functionality + * + * Author: Simo Sorce + * + * License: GNU GPL v2 or Later + */ + + +/* Syntax-Table + + see ldap_server/devdocs/AD-syntaxes.txt +*/ + +enum schema_internal_syntax { + SCHEMA_AS_BOOLEAN = 1, + SCHEMA_AS_INTEGER = 2, + SCHEMA_AS_OCTET_STRING = 3, + SCHEMA_AS_SID = 4, + SCHEMA_AS_OID = 5, + SCHEMA_AS_ENUMERATION = 6, + SCHEMA_AS_NUMERIC_STRING = 7, + SCHEMA_AS_PRINTABLE_STRING = 8, + SCHEMA_AS_CASE_IGNORE_STRING = 9, + SCHEMA_AS_IA5_STRING = 10, + SCHEMA_AS_UTC_TIME = 11, + SCHEMA_AS_GENERALIZED_TIME = 12, + SCHEMA_AS_CASE_SENSITIVE_STRING = 13, + SCHEMA_AS_DIRECTORY_STRING = 14, + SCHEMA_AS_LARGE_INTEGER = 15, + SCHEMA_AS_OBJECT_SECURITY_DESCRIPTOR = 16, + SCHEMA_AS_DN = 17, + SCHEMA_AS_DN_BINARY = 18, + SCHEMA_AS_OR_NAME = 19, + SCHEMA_AS_REPLICA_LINK = 20, + SCHEMA_AS_PRESENTATION_ADDRESS = 21, + SCHEMA_AS_ACCESS_POINT = 22, + SCHEMA_AS_DN_STRING = 23 +}; + -- cgit From 38fdde5d9bf15b10caa60ee216d278ba8d870c2e Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 4 Sep 2006 12:21:42 +0000 Subject: r18031: Merge my replace fixes: * libreplace can now build stand-alone * add stub testsuite for libreplace * make talloc/tdb/ldb use libreplace (This used to be commit fe7ca4b1454e01a33ed0d53791ebffdd349298b4) --- source4/dsdb/samdb/ldb_modules/config.mk | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index 1e3b793629..725d98ac7e 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -2,6 +2,7 @@ # Start MODULE ldb_objectguid [MODULE::ldb_objectguid] SUBSYSTEM = ldb +PRIVATE_DEPENDENCIES = LIBTALLOC INIT_FUNCTION = objectguid_module_init OBJ_FILES = \ objectguid.o @@ -14,6 +15,7 @@ PUBLIC_DEPENDENCIES = \ # Start MODULE ldb_samldb [MODULE::ldb_samldb] SUBSYSTEM = ldb +PRIVATE_DEPENDENCIES = LIBTALLOC INIT_FUNCTION = samldb_module_init OBJ_FILES = \ samldb.o @@ -26,6 +28,7 @@ OBJ_FILES = \ [MODULE::ldb_samba3sam] SUBSYSTEM = ldb INIT_FUNCTION = ldb_samba3sam_module_init +PRIVATE_DEPENDENCIES = LIBTALLOC OBJ_FILES = \ samba3sam.o # @@ -37,6 +40,7 @@ OBJ_FILES = \ [MODULE::ldb_entryUUID] SUBSYSTEM = ldb INIT_FUNCTION = ldb_entryUUID_module_init +PRIVATE_DEPENDENCIES = LIBTALLOC ENABLE = YES OBJ_FILES = \ entryUUID.o @@ -60,6 +64,7 @@ OBJ_FILES = \ # Start MODULE ldb_rootdse [MODULE::ldb_rootdse] SUBSYSTEM = ldb +PRIVATE_DEPENDENCIES = LIBTALLOC INIT_FUNCTION = rootdse_module_init OBJ_FILES = \ rootdse.o @@ -74,7 +79,7 @@ SUBSYSTEM = ldb INIT_FUNCTION = password_hash_module_init OBJ_FILES = password_hash.o PUBLIC_DEPENDENCIES = HEIMDAL_KRB5 -PRIVATE_DEPENDENCIES = HEIMDAL_HDB_KEYS +PRIVATE_DEPENDENCIES = HEIMDAL_HDB_KEYS LIBTALLOC # # End MODULE ldb_password_hash ################################################ @@ -82,6 +87,7 @@ PRIVATE_DEPENDENCIES = HEIMDAL_HDB_KEYS ################################################ # Start MODULE ldb_local_password [MODULE::ldb_local_password] +PRIVATE_DEPENDENCIES = LIBTALLOC SUBSYSTEM = ldb INIT_FUNCTION = local_password_module_init OBJ_FILES = local_password.o @@ -92,6 +98,7 @@ OBJ_FILES = local_password.o ################################################ # Start MODULE ldb_kludge_acl [MODULE::ldb_kludge_acl] +PRIVATE_DEPENDENCIES = LIBTALLOC SUBSYSTEM = ldb INIT_FUNCTION = ldb_kludge_acl_init OBJ_FILES = \ @@ -106,6 +113,7 @@ PUBLIC_DEPENDENCIES = \ # Start MODULE ldb_extended_dn [MODULE::ldb_extended_dn] SUBSYSTEM = ldb +PRIVATE_DEPENDENCIES = LIBTALLOC INIT_FUNCTION = ldb_extended_dn_init OBJ_FILES = \ extended_dn.o @@ -117,6 +125,7 @@ OBJ_FILES = \ # Start MODULE ldb_partition [MODULE::ldb_partition] SUBSYSTEM = ldb +PRIVATE_DEPENDENCIES = LIBTALLOC INIT_FUNCTION = ldb_partition_init OBJ_FILES = \ partition.o @@ -128,6 +137,7 @@ OBJ_FILES = \ # Start MODULE ldb_schema [MODULE::ldb_schema] SUBSYSTEM = ldb +PRIVATE_DEPENDENCIES = LIBTALLOC INIT_FUNCTION = ldb_schema_init OBJ_FILES = \ schema.o schema_syntax.o -- cgit From 704327044d6f54129cef4706b572f1f4dc3ad36f Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 8 Sep 2006 00:23:21 +0000 Subject: r18240: Make it clearer when we store the plaintext password. Store the plaintext password in userPassword in the LDAP backend so that the OpenLDAP server can use DIGEST-MD5. Andrew Bartlett (This used to be commit 1b02c604b2c55e1c9e15ac1f266e7df74d619dbd) --- source4/dsdb/samdb/ldb_modules/entryUUID.c | 9 +++++++++ source4/dsdb/samdb/ldb_modules/password_hash.c | 17 ++++++++++++----- 2 files changed, 21 insertions(+), 5 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/entryUUID.c b/source4/dsdb/samdb/ldb_modules/entryUUID.c index 06e5384cff..d6f4b10d76 100644 --- a/source4/dsdb/samdb/ldb_modules/entryUUID.c +++ b/source4/dsdb/samdb/ldb_modules/entryUUID.c @@ -214,6 +214,15 @@ const struct ldb_map_attribute entryUUID_attributes[] = } } }, + { + .local_name = "sambaPassword", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "userPassword" + } + } + }, { .local_name = "allowedChildClassesEffective", .type = MAP_CONVERT, diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 9bdb9aa0cc..d8ef9176fd 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -88,6 +88,7 @@ struct ph_context { }; struct domain_data { + BOOL store_cleartext; uint_t pwdProperties; uint_t pwdHistoryLength; char *dns_domain; @@ -535,7 +536,8 @@ static struct domain_data *get_domain_data(struct ldb_module *module, void *ctx, return NULL; } - data->pwdProperties = samdb_result_uint(res->message, "pwdProperties", 0); + data->pwdProperties= samdb_result_uint(res->message, "pwdProperties", 0); + data->store_cleartext = data->pwdProperties & DOMAIN_PASSWORD_STORE_CLEARTEXT; data->pwdHistoryLength = samdb_result_uint(res->message, "pwdHistoryLength", 0); /* For a domain DN, this puts things in dotted notation */ @@ -692,6 +694,7 @@ static int password_hash_add_do_add(struct ldb_handle *h) { /* if we have sambaPassword in the original message add the operatio on it here */ sambaAttr = ldb_msg_find_element(msg, "sambaPassword"); if (sambaAttr) { + unsigned int user_account_control; ret = add_password_hashes(ac->module, msg, 0); /* we can compute new password hashes from the unicode password */ if (ret != LDB_SUCCESS) { @@ -715,8 +718,10 @@ static int password_hash_add_do_add(struct ldb_handle *h) { /* if both the domain properties and the user account controls do not permit * clear text passwords then wipe out the sambaPassword */ - if ((!(domain->pwdProperties & DOMAIN_PASSWORD_STORE_CLEARTEXT)) || - (!(ldb_msg_find_attr_as_uint(msg, "userAccountControl", 0) & UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED))) { + user_account_control = ldb_msg_find_attr_as_uint(msg, "userAccountControl", 0); + if (domain->store_cleartext && (user_account_control & UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED)) { + /* Keep sambaPassword attribute */ + } else { ldb_msg_remove_attr(msg, "sambaPassword"); } } @@ -1022,8 +1027,10 @@ static int password_hash_mod_do_mod(struct ldb_handle *h) { /* if the domain properties or the user account controls do not permit * clear text passwords then wipe out the sambaPassword */ - if ((!(domain->pwdProperties & DOMAIN_PASSWORD_STORE_CLEARTEXT)) || - (!(ldb_msg_find_attr_as_uint(ac->search_res->message, "userAccountControl", 0) & UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED))) { + if (domain->store_cleartext && + (ldb_msg_find_attr_as_uint(ac->search_res->message, "userAccountControl", 0) & UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED)) { + /* Keep sambaPassword attribute */ + } else { ldb_msg_remove_attr(msg, "sambaPassword"); } -- cgit From 30ee8beb9316a99e8a49993306252591106cb349 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 9 Sep 2006 10:05:58 +0000 Subject: r18301: I discovered how to load the warnings from a build farm build into emacs compile mode (hint, paste to a file, and compile as "cat filename"). This allowed me to fix nearly all the warnings for a IA_64 SuSE build very quickly. (This used to be commit eba6c84efff735bb0ca941ac4b755ce2b0591667) --- source4/dsdb/samdb/ldb_modules/rootdse.c | 4 ++-- source4/dsdb/samdb/ldb_modules/schema.c | 9 --------- 2 files changed, 2 insertions(+), 11 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index ab9c43577c..ba0dc5645c 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -121,7 +121,7 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms int ret = ldb_sequence_number(module->ldb, &seq_num); if (ret == LDB_SUCCESS) { if (ldb_msg_add_fmt(msg, "highestCommittedUSN", - "%llu", seq_num) != 0) { + "%llu", (unsigned long long)seq_num) != 0) { goto failed; } } @@ -260,7 +260,7 @@ static int rootdse_register_partition(struct ldb_module *module, struct ldb_requ return LDB_ERR_OPERATIONS_ERROR; } - list[priv->num_partitions] = talloc_reference(list, req->op.reg_partition.dn); + list[priv->num_partitions] = ldb_dn_copy(list, req->op.reg_partition.dn); if (!list[priv->num_partitions]) { return LDB_ERR_OPERATIONS_ERROR; } diff --git a/source4/dsdb/samdb/ldb_modules/schema.c b/source4/dsdb/samdb/ldb_modules/schema.c index 36b7916e95..95330e7e8c 100644 --- a/source4/dsdb/samdb/ldb_modules/schema.c +++ b/source4/dsdb/samdb/ldb_modules/schema.c @@ -1126,9 +1126,6 @@ static int schema_add(struct ldb_module *module, struct ldb_request *req) static int schema_modify(struct ldb_module *module, struct ldb_request *req) { - struct ldb_handle *h; - struct schema_context *sctx; - if (ldb_dn_is_special(req->op.mod.message->dn)) { /* do not manipulate our control entries */ return ldb_next_request(module, req); } @@ -1138,9 +1135,6 @@ static int schema_modify(struct ldb_module *module, struct ldb_request *req) static int schema_delete(struct ldb_module *module, struct ldb_request *req) { - struct ldb_handle *h; - struct schema_context *sctx; - if (ldb_dn_is_special(req->op.del.dn)) { /* do not manipulate our control entries */ return ldb_next_request(module, req); } @@ -1152,9 +1146,6 @@ static int schema_delete(struct ldb_module *module, struct ldb_request *req) static int schema_rename(struct ldb_module *module, struct ldb_request *req) { - struct ldb_handle *h; - struct schema_context *sctx; - if (ldb_dn_is_special(req->op.rename.olddn) && ldb_dn_is_special(req->op.rename.newdn)) { /* do not manipulate our control entries */ return ldb_next_request(module, req); -- cgit From a41b696346bd3c525d09fa97bdf487aa809f3c73 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 11 Sep 2006 07:50:49 +0000 Subject: r18367: When converting to entryUUID, ensure we don't double-convert a string-format GUID. Andrew Bartlett (This used to be commit 11cc6408c93f46f4d9ae7ae0ee18dac836fe270d) --- source4/dsdb/samdb/ldb_modules/entryUUID.c | 29 ++++++++++++++++------------- 1 file changed, 16 insertions(+), 13 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/entryUUID.c b/source4/dsdb/samdb/ldb_modules/entryUUID.c index d6f4b10d76..29e80ff003 100644 --- a/source4/dsdb/samdb/ldb_modules/entryUUID.c +++ b/source4/dsdb/samdb/ldb_modules/entryUUID.c @@ -58,24 +58,27 @@ static struct ldb_val encode_guid(struct ldb_module *module, TALLOC_CTX *ctx, co return out; } -static struct ldb_val decode_guid(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) +static struct ldb_val guid_always_string(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) { struct GUID *guid; NTSTATUS status; struct ldb_val out = data_blob(NULL, 0); - - guid = talloc(ctx, struct GUID); - if (guid == NULL) { - return out; - } - status = ndr_pull_struct_blob(val, guid, guid, - (ndr_pull_flags_fn_t)ndr_pull_GUID); - if (!NT_STATUS_IS_OK(status)) { + if (val->length >= 32 && val->data[val->length] == '\0') { + ldb_handler_copy(module->ldb, ctx, val, &out); + } else { + guid = talloc(ctx, struct GUID); + if (guid == NULL) { + return out; + } + status = ndr_pull_struct_blob(val, guid, guid, + (ndr_pull_flags_fn_t)ndr_pull_GUID); + if (!NT_STATUS_IS_OK(status)) { + talloc_free(guid); + return out; + } + out = data_blob_string_const(GUID_string(ctx, guid)); talloc_free(guid); - return out; } - out = data_blob_string_const(GUID_string(ctx, guid)); - talloc_free(guid); return out; } @@ -179,7 +182,7 @@ const struct ldb_map_attribute entryUUID_attributes[] = .u = { .convert = { .remote_name = "entryUUID", - .convert_local = decode_guid, + .convert_local = guid_always_string, .convert_remote = encode_guid, }, }, -- cgit From 35d30de0954eb665c6b900584cbf38212d45752b Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 11 Sep 2006 07:51:30 +0000 Subject: r18368: Don't list GENSEC mechs that only have client implementations in our supportedSASLMechanism list. Andrew Bartlett (This used to be commit 3e69637b5f79e4132026ebaf9d57cf67ef3826c1) --- source4/dsdb/samdb/ldb_modules/rootdse.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index ba0dc5645c..c180e2f1b0 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -103,7 +103,7 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms = gensec_use_kerberos_mechs(msg, backends, use_kerberos); int i; for (i = 0; ops && ops[i]; i++) { - if (ops[i]->sasl_name) { + if (ops[i]->sasl_name && ops[i]->server_start) { char *sasl_name = talloc_strdup(msg, ops[i]->sasl_name); if (!sasl_name) { goto failed; -- cgit From 918db36213fdd2faea7dc200de43595259b397f4 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 13 Sep 2006 04:03:58 +0000 Subject: r18441: Allow searching for the high bit in these bitfields, when the client asks for them as large integers, rather than a negative integer. Due to an OpenLDAP bug, this only works reliably against OpenLDAP CVS as of today. (but mostly works in older versions, depending on a thread-specific value fo errno in the server). Andrew Bartlett (This used to be commit 3b5354aededc619ac6656611eacd43888e74260a) --- source4/dsdb/samdb/ldb_modules/entryUUID.c | 39 +++++++++++++++++++++++++++++- 1 file changed, 38 insertions(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/entryUUID.c b/source4/dsdb/samdb/ldb_modules/entryUUID.c index 29e80ff003..109e9be2f9 100644 --- a/source4/dsdb/samdb/ldb_modules/entryUUID.c +++ b/source4/dsdb/samdb/ldb_modules/entryUUID.c @@ -171,7 +171,22 @@ static struct ldb_val class_from_oid(struct ldb_module *module, TALLOC_CTX *ctx, } - +static struct ldb_val normalise_to_signed32(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) +{ + long long int signed_ll = strtoll(val->data, NULL, 10); + if (signed_ll >= 0x80000000LL) { + union { + int32_t signed_int; + uint32_t unsigned_int; + } u = { + .unsigned_int = strtoul(val->data, NULL, 10) + }; + + struct ldb_val out = data_blob_string_const(talloc_asprintf(ctx, "%d", u.signed_int)); + return out; + } + return val_copy(module, ctx, val); +} const struct ldb_map_attribute entryUUID_attributes[] = { @@ -257,6 +272,28 @@ const struct ldb_map_attribute entryUUID_attributes[] = } } }, + { + .local_name = "groupType", + .type = MAP_CONVERT, + .u = { + .convert = { + .remote_name = "groupType", + .convert_local = normalise_to_signed32, + .convert_remote = val_copy, + }, + } + }, + { + .local_name = "samAccountType", + .type = MAP_CONVERT, + .u = { + .convert = { + .remote_name = "samAccountType", + .convert_local = normalise_to_signed32, + .convert_remote = val_copy, + }, + } + }, { .local_name = "*", .type = MAP_KEEP, -- cgit From 1e4f5a096cb75f0db0219fc55a6f654c485b0427 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 14 Sep 2006 03:15:30 +0000 Subject: r18495: More work on the LDAP backend (which now passes a lot of our tests!) This adds a list of attributes that are in our wildcard seaches, but the remote server requires to be explicitly listed. This also cleans up the handling of wildcards in ldb_map to be more consistant. Also fix the partitions module to rebase the search, if on the GC port, we do a subtree search. (Otherwise backends can rightly complain that the search is not in their scope). Andrew Bartlett (This used to be commit bc58792b7102f086b19353635d5d5ef9d40a0aae) --- source4/dsdb/samdb/ldb_modules/entryUUID.c | 14 ++++++-- source4/dsdb/samdb/ldb_modules/partition.c | 53 +++++++++++++++++++++--------- source4/dsdb/samdb/ldb_modules/samba3sam.c | 2 +- 3 files changed, 50 insertions(+), 19 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/entryUUID.c b/source4/dsdb/samdb/ldb_modules/entryUUID.c index 109e9be2f9..f7701b7652 100644 --- a/source4/dsdb/samdb/ldb_modules/entryUUID.c +++ b/source4/dsdb/samdb/ldb_modules/entryUUID.c @@ -303,6 +303,15 @@ const struct ldb_map_attribute entryUUID_attributes[] = } }; +/* These things do not show up in wildcard searches in OpenLDAP, but + * we need them to show up in the AD-like view */ +const char * const wildcard_attributes[] = { + "objectGUID", + "whenCreated", + "whenChanged", + NULL +}; + static struct ldb_dn *find_schema_dn(struct ldb_context *ldb, TALLOC_CTX *mem_ctx) { const char *rootdse_attrs[] = {"schemaNamingContext", NULL}; @@ -372,7 +381,7 @@ static int entryUUID_init(struct ldb_module *module) struct entryUUID_private *entryUUID_private; struct ldb_dn *schema_dn; - ret = ldb_map_init(module, entryUUID_attributes, NULL, NULL); + ret = ldb_map_init(module, entryUUID_attributes, NULL, wildcard_attributes, NULL); if (ret != LDB_SUCCESS) return ret; @@ -387,7 +396,8 @@ static int entryUUID_init(struct ldb_module *module) return LDB_SUCCESS; } - ret = fetch_objectclass_schema(module->ldb, schema_dn, entryUUID_private, &entryUUID_private->objectclass_res); + ret = fetch_objectclass_schema(module->ldb, schema_dn, entryUUID_private, + &entryUUID_private->objectclass_res); if (ret != LDB_SUCCESS) { ldb_asprintf_errstring(module->ldb, "Failed to fetch objectClass schema elements: %s\n", ldb_errstring(module->ldb)); return ret; diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index 889c0bfeb0..bb085e0b11 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -186,35 +186,43 @@ error: } -static int partition_send_request(struct partition_context *ac, struct ldb_module *partition) +static int partition_send_request(struct partition_context *ac, struct ldb_module *partition, + struct ldb_dn *partition_base_dn) { int ret; struct ldb_module *next = make_module_for_next_request(ac->module, ac->module->ldb, partition); - + struct ldb_request *req; ac->down_req = talloc_realloc(ac, ac->down_req, struct ldb_request *, ac->num_requests + 1); if (!ac->down_req) { ldb_set_errstring(ac->module->ldb, "Out of Memory"); return LDB_ERR_OPERATIONS_ERROR; } - ac->down_req[ac->num_requests] = talloc(ac, struct ldb_request); - if (ac->down_req[ac->num_requests] == NULL) { + req = ac->down_req[ac->num_requests] = talloc(ac, struct ldb_request); + if (req == NULL) { ldb_set_errstring(ac->module->ldb, "Out of Memory"); return LDB_ERR_OPERATIONS_ERROR; } *ac->down_req[ac->num_requests] = *ac->orig_req; /* copy the request */ - - if (ac->down_req[ac->num_requests]->operation == LDB_SEARCH) { - ac->down_req[ac->num_requests]->callback = partition_search_callback; - ac->down_req[ac->num_requests]->context = ac; + + if (req->operation == LDB_SEARCH) { + /* If the search is for 'more' than this partition, + * then change the basedn, so a remote LDAP server + * doesn't object */ + if (ldb_dn_compare_base(ac->module->ldb, + partition_base_dn, req->op.search.base) != 0) { + req->op.search.base = partition_base_dn; + } + req->callback = partition_search_callback; + req->context = ac; } else { - ac->down_req[ac->num_requests]->callback = partition_other_callback; - ac->down_req[ac->num_requests]->context = ac; + req->callback = partition_other_callback; + req->context = ac; } /* Spray off search requests to all backends */ - ret = ldb_next_request(next, ac->down_req[ac->num_requests]); + ret = ldb_next_request(next, req); if (ret != LDB_SUCCESS) { return ret; } @@ -230,12 +238,12 @@ static int partition_send_all(struct ldb_module *module, int i; struct partition_private_data *data = talloc_get_type(module->private_data, struct partition_private_data); - int ret = partition_send_request(ac, module->next); + int ret = partition_send_request(ac, module->next, NULL); if (ret != LDB_SUCCESS) { return ret; } for (i=0; data && data->partitions && data->partitions[i]; i++) { - ret = partition_send_request(ac, data->partitions[i]->module); + ret = partition_send_request(ac, data->partitions[i]->module, data->partitions[i]->dn); if (ret != LDB_SUCCESS) { return ret; } @@ -307,21 +315,26 @@ static int partition_search(struct ldb_module *module, struct ldb_request *req) ac = talloc_get_type(h->private_data, struct partition_context); + /* Search from the base DN */ + if (!req->op.search.base || req->op.search.base->comp_num == 0) { + return partition_send_all(module, ac, req); + } for (i=0; data && data->partitions && data->partitions[i]; i++) { /* Find all partitions under the search base */ if (ldb_dn_compare_base(module->ldb, req->op.search.base, data->partitions[i]->dn) == 0) { - ret = partition_send_request(ac, data->partitions[i]->module); + ret = partition_send_request(ac, data->partitions[i]->module, data->partitions[i]->dn); if (ret != LDB_SUCCESS) { return ret; } } } - /* Perhaps we didn't match any partitions. Try the main partition, then all partitions */ + /* Perhaps we didn't match any partitions. Try the main partition, only */ if (ac->num_requests == 0) { - return partition_send_all(module, ac, req); + talloc_free(h); + return ldb_next_request(module, req); } return LDB_SUCCESS; @@ -701,11 +714,19 @@ static int partition_init(struct ldb_module *module) ret = ldb_load_modules_list(module->ldb, modules, partition->module, &partition->module); if (ret != LDB_SUCCESS) { + ldb_asprintf_errstring(module->ldb, + "partition_init: " + "loading backend for %s failed: %s", + base, ldb_errstring(module->ldb)); talloc_free(mem_ctx); return ret; } ret = ldb_init_module_chain(module->ldb, partition->module); if (ret != LDB_SUCCESS) { + ldb_asprintf_errstring(module->ldb, + "partition_init: " + "initialising backend for %s failed: %s", + base, ldb_errstring(module->ldb)); talloc_free(mem_ctx); return ret; } diff --git a/source4/dsdb/samdb/ldb_modules/samba3sam.c b/source4/dsdb/samdb/ldb_modules/samba3sam.c index 670d9ef0d8..fcbcf0f421 100644 --- a/source4/dsdb/samdb/ldb_modules/samba3sam.c +++ b/source4/dsdb/samdb/ldb_modules/samba3sam.c @@ -866,7 +866,7 @@ static int samba3sam_init(struct ldb_module *module) { int ret; - ret = ldb_map_init(module, samba3_attributes, samba3_objectclasses, "samba3sam"); + ret = ldb_map_init(module, samba3_attributes, samba3_objectclasses, NULL, "samba3sam"); if (ret != LDB_SUCCESS) return ret; -- cgit From 595c141a69ea0744fccba477717a71fa4abeb825 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 14 Sep 2006 07:57:49 +0000 Subject: r18504: Handle mappings for RENAME and KEEP attributes better. We don't need to mess with the values in these cases. Where we do convert the values, try and convert substrings. This isn't going to be perfect, but we should try rather than segfault. This also avoids using the wrong arm of the union for the attribute name The change in the entryUUID module is to correct the case of sAMAccountName, due to the case sensitive ldap.js test. Andrew Bartlett (This used to be commit 81d9a692c1e74ec9078bf718003eafdba85b4324) --- source4/dsdb/samdb/ldb_modules/entryUUID.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/entryUUID.c b/source4/dsdb/samdb/ldb_modules/entryUUID.c index f7701b7652..ebe78f9fc4 100644 --- a/source4/dsdb/samdb/ldb_modules/entryUUID.c +++ b/source4/dsdb/samdb/ldb_modules/entryUUID.c @@ -284,11 +284,11 @@ const struct ldb_map_attribute entryUUID_attributes[] = } }, { - .local_name = "samAccountType", + .local_name = "sAMAccountType", .type = MAP_CONVERT, .u = { .convert = { - .remote_name = "samAccountType", + .remote_name = "sAMAccountType", .convert_local = normalise_to_signed32, .convert_remote = val_copy, }, -- cgit From 77db3973c417cc934485dbd6bf1a8a1c84c1b30b Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 21 Sep 2006 06:44:12 +0000 Subject: r18781: Move the usnCreated and usnChanged handling around again. This moves these attributes from objectguid into an optional backend (objectguid), used by ltdb. For OpenLDAP, the entryUUID module converts entryCSN into usnChanged. This also changes the sequence number API, and uses 'time based' sequence numbers, when an LDAP or similar backend is detected. To assist this, we also store the last modified time in the TDB, whenever we change a value. Andrew Bartlett (This used to be commit 72858f859483c0c532dddb2c146d6bd7b9be5072) --- source4/dsdb/samdb/ldb_modules/entryUUID.c | 262 +++++++++++++++++++++++++++- source4/dsdb/samdb/ldb_modules/objectguid.c | 45 +++++ source4/dsdb/samdb/ldb_modules/partition.c | 105 +++++++++-- source4/dsdb/samdb/ldb_modules/rootdse.c | 2 +- 4 files changed, 396 insertions(+), 18 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/entryUUID.c b/source4/dsdb/samdb/ldb_modules/entryUUID.c index ebe78f9fc4..04beac7a94 100644 --- a/source4/dsdb/samdb/ldb_modules/entryUUID.c +++ b/source4/dsdb/samdb/ldb_modules/entryUUID.c @@ -38,6 +38,7 @@ struct entryUUID_private { struct ldb_result *objectclass_res; + struct ldb_dn **base_dns; }; static struct ldb_val encode_guid(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) @@ -188,6 +189,80 @@ static struct ldb_val normalise_to_signed32(struct ldb_module *module, TALLOC_CT return val_copy(module, ctx, val); } +static struct ldb_val usn_to_entryCSN(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) +{ + struct ldb_val out; + unsigned long long usn = strtoull(val->data, NULL, 10); + time_t t = (usn >> 24); + out = data_blob_string_const(talloc_asprintf(ctx, "%s#%06x#00#000000", ldb_timestring(ctx, t), (unsigned int)(usn & 0xFFFFFF))); + return out; +} + +static unsigned long long entryCSN_to_usn_int(TALLOC_CTX *ctx, const struct ldb_val *val) +{ + char *entryCSN = talloc_strdup(ctx, val->data); + char *mod_per_sec; + time_t t; + unsigned long long usn; + char *p; + if (!entryCSN) { + return 0; + } + p = strchr(entryCSN, '#'); + if (!p) { + return 0; + } + p[0] = '\0'; + p++; + mod_per_sec = p; + + p = strchr(p, '#'); + if (!p) { + return 0; + } + p[0] = '\0'; + p++; + + usn = strtol(mod_per_sec, NULL, 16); + + t = ldb_string_to_time(entryCSN); + + usn = usn | ((unsigned long long)t <<24); + return usn; +} + +static struct ldb_val entryCSN_to_usn(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) +{ + struct ldb_val out; + unsigned long long usn = entryCSN_to_usn_int(ctx, val); + out = data_blob_string_const(talloc_asprintf(ctx, "%lld", usn)); + return out; +} + +static struct ldb_val usn_to_timestamp(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) +{ + struct ldb_val out; + unsigned long long usn = strtoull(val->data, NULL, 10); + time_t t = (usn >> 24); + out = data_blob_string_const(ldb_timestring(ctx, t)); + return out; +} + +static struct ldb_val timestamp_to_usn(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) +{ + struct ldb_val out; + time_t t; + unsigned long long usn; + + t = ldb_string_to_time(val->data); + + usn = ((unsigned long long)t <<24); + + out = data_blob_string_const(talloc_asprintf(ctx, "%lld", usn)); + return out; +} + + const struct ldb_map_attribute entryUUID_attributes[] = { /* objectGUID */ @@ -294,6 +369,28 @@ const struct ldb_map_attribute entryUUID_attributes[] = }, } }, + { + .local_name = "usnChanged", + .type = MAP_CONVERT, + .u = { + .convert = { + .remote_name = "entryCSN", + .convert_local = usn_to_entryCSN, + .convert_remote = entryCSN_to_usn + }, + }, + }, + { + .local_name = "usnCreated", + .type = MAP_CONVERT, + .u = { + .convert = { + .remote_name = "createTimestamp", + .convert_local = usn_to_timestamp, + .convert_remote = timestamp_to_usn, + }, + }, + }, { .local_name = "*", .type = MAP_KEEP, @@ -309,6 +406,8 @@ const char * const wildcard_attributes[] = { "objectGUID", "whenCreated", "whenChanged", + "usnCreated", + "usnChanged", NULL }; @@ -373,6 +472,75 @@ static int fetch_objectclass_schema(struct ldb_context *ldb, struct ldb_dn *sche return ret; } + +static int get_remote_rootdse(struct ldb_context *ldb, void *context, + struct ldb_reply *ares) +{ + struct entryUUID_private *entryUUID_private; + entryUUID_private = talloc_get_type(context, + struct entryUUID_private); + if (ares->type == LDB_REPLY_ENTRY) { + int i; + struct ldb_message_element *el = ldb_msg_find_element(ares->message, "namingContexts"); + entryUUID_private->base_dns = talloc_realloc(entryUUID_private, entryUUID_private->base_dns, struct ldb_dn *, + el->num_values + 1); + for (i=0; i < el->num_values; i++) { + if (!entryUUID_private->base_dns) { + return LDB_ERR_OPERATIONS_ERROR; + } + entryUUID_private->base_dns[i] = ldb_dn_explode(entryUUID_private->base_dns, (const char *)el->values[i].data); + if (!entryUUID_private->base_dns[i]) { + return LDB_ERR_OPERATIONS_ERROR; + } + } + entryUUID_private->base_dns[i] = NULL; + } +} + +static int find_base_dns(struct ldb_module *module, + struct entryUUID_private *entryUUID_private) +{ + int ret; + struct ldb_request *req; + const char *naming_context_attr[] = { + "namingContexts", + NULL + }; + req = talloc(module, struct ldb_request); + if (req == NULL) { + ldb_set_errstring(module->ldb, "Out of Memory"); + return LDB_ERR_OPERATIONS_ERROR; + } + + req->operation = LDB_SEARCH; + req->op.search.base = ldb_dn_new(req); + req->op.search.scope = LDB_SCOPE_BASE; + + req->op.search.tree = ldb_parse_tree(req, "objectClass=*"); + if (req->op.search.tree == NULL) { + ldb_set_errstring(module->ldb, "Unable to parse search expression"); + talloc_free(req); + return LDB_ERR_OPERATIONS_ERROR; + } + + req->op.search.attrs = naming_context_attr; + req->controls = NULL; + req->context = entryUUID_private; + req->callback = get_remote_rootdse; + ldb_set_timeout(module->ldb, req, 0); /* use default timeout */ + + ret = ldb_next_request(module, req); + + if (ret == LDB_SUCCESS) { + ret = ldb_wait(req->handle, LDB_WAIT_ALL); + } + + talloc_free(req); + if (ret != LDB_SUCCESS) { + return ret; + } +} + /* the context init function */ static int entryUUID_init(struct ldb_module *module) { @@ -402,13 +570,104 @@ static int entryUUID_init(struct ldb_module *module) ldb_asprintf_errstring(module->ldb, "Failed to fetch objectClass schema elements: %s\n", ldb_errstring(module->ldb)); return ret; } - + + ret = find_base_dns(module, entryUUID_private); + return ldb_next_init(module); } +static int get_seq(struct ldb_context *ldb, void *context, + struct ldb_reply *ares) +{ + unsigned long long *max_seq = context; + unsigned long long seq; + if (ares->type == LDB_REPLY_ENTRY) { + struct ldb_message_element *el = ldb_msg_find_element(ares->message, "contextCSN"); + if (el) { + seq = entryCSN_to_usn_int(ares, &el->values[0]); + *max_seq = MAX(seq, *max_seq); + } + } +} + +static int entryUUID_sequence_number(struct ldb_module *module, struct ldb_request *req) +{ + int i, ret; + struct map_private *map_private; + struct entryUUID_private *entryUUID_private; + unsigned long long max_seq = 0; + struct ldb_request *search_req; + map_private = talloc_get_type(module->private_data, struct map_private); + + entryUUID_private = talloc_get_type(map_private->caller_private, struct entryUUID_private); + + /* Search the baseDNs for a sequence number */ + for (i=0; entryUUID_private && + entryUUID_private->base_dns && + entryUUID_private->base_dns[i]; + i++) { + static const char *contextCSN_attr[] = { + "contextCSN", NULL + }; + search_req = talloc(req, struct ldb_request); + if (search_req == NULL) { + ldb_set_errstring(module->ldb, "Out of Memory"); + return LDB_ERR_OPERATIONS_ERROR; + } + + search_req->operation = LDB_SEARCH; + search_req->op.search.base = entryUUID_private->base_dns[i]; + search_req->op.search.scope = LDB_SCOPE_BASE; + + search_req->op.search.tree = ldb_parse_tree(search_req, "objectClass=*"); + if (search_req->op.search.tree == NULL) { + ldb_set_errstring(module->ldb, "Unable to parse search expression"); + talloc_free(search_req); + return LDB_ERR_OPERATIONS_ERROR; + } + + search_req->op.search.attrs = contextCSN_attr; + search_req->controls = NULL; + search_req->context = &max_seq; + search_req->callback = get_seq; + ldb_set_timeout(module->ldb, search_req, 0); /* use default timeout */ + + ret = ldb_next_request(module, search_req); + + if (ret == LDB_SUCCESS) { + ret = ldb_wait(search_req->handle, LDB_WAIT_ALL); + } + + talloc_free(search_req); + if (ret != LDB_SUCCESS) { + return ret; + } + } + + switch (req->op.seq_num.type) { + case LDB_SEQ_HIGHEST_SEQ: + req->op.seq_num.seq_num = max_seq; + break; + case LDB_SEQ_NEXT: + req->op.seq_num.seq_num = max_seq; + req->op.seq_num.seq_num++; + break; + case LDB_SEQ_HIGHEST_TIMESTAMP: + { + req->op.seq_num.seq_num = (max_seq >> 24); + break; + } + } + req->op.seq_num.flags = 0; + req->op.seq_num.flags |= LDB_SEQ_TIMESTAMP_SEQUENCE; + req->op.seq_num.flags |= LDB_SEQ_GLOBAL_SEQUENCE; + return LDB_SUCCESS; +} + static struct ldb_module_ops entryUUID_ops = { .name = "entryUUID", .init_context = entryUUID_init, + .sequence_number = entryUUID_sequence_number }; /* the init function */ @@ -421,6 +680,5 @@ int ldb_entryUUID_module_init(void) entryUUID_ops.rename = ops.rename; entryUUID_ops.search = ops.search; entryUUID_ops.wait = ops.wait; - return ldb_register_module(&entryUUID_ops); } diff --git a/source4/dsdb/samdb/ldb_modules/objectguid.c b/source4/dsdb/samdb/ldb_modules/objectguid.c index 7e475d1ef4..0c4a493adb 100644 --- a/source4/dsdb/samdb/ldb_modules/objectguid.c +++ b/source4/dsdb/samdb/ldb_modules/objectguid.c @@ -3,6 +3,7 @@ Copyright (C) Simo Sorce 2004-2006 Copyright (C) Andrew Bartlett 2005 + Copyright (C) Andrew Tridgell 2005 ** NOTE! The following LGPL license applies to the ldb ** library. This does NOT imply that all of Samba is released @@ -79,6 +80,29 @@ static int add_time_element(struct ldb_message *msg, const char *attr, time_t t) return 0; } +/* + add a uint64_t element to a record +*/ +static int add_uint64_element(struct ldb_message *msg, const char *attr, uint64_t v) +{ + struct ldb_message_element *el; + + if (ldb_msg_find_element(msg, attr) != NULL) { + return 0; + } + + if (ldb_msg_add_fmt(msg, attr, "%llu", (unsigned long long)v) != 0) { + return -1; + } + + el = ldb_msg_find_element(msg, attr); + /* always set as replace. This works because on add ops, the flag + is ignored */ + el->flags = LDB_FLAG_MOD_REPLACE; + + return 0; +} + /* add_record: add objectGUID attribute */ static int objectguid_add(struct ldb_module *module, struct ldb_request *req) { @@ -87,6 +111,7 @@ static int objectguid_add(struct ldb_module *module, struct ldb_request *req) struct ldb_message *msg; struct ldb_val v; struct GUID guid; + uint64_t seq_num; NTSTATUS nt_status; int ret; time_t t = time(NULL); @@ -138,6 +163,16 @@ static int objectguid_add(struct ldb_module *module, struct ldb_request *req) return LDB_ERR_OPERATIONS_ERROR; } + /* Get a sequence number from the backend */ + ret = ldb_sequence_number(module->ldb, LDB_SEQ_NEXT, &seq_num); + if (ret == LDB_SUCCESS) { + if (add_uint64_element(msg, "uSNCreated", seq_num) != 0 || + add_uint64_element(msg, "uSNChanged", seq_num) != 0) { + talloc_free(down_req); + return LDB_ERR_OPERATIONS_ERROR; + } + } + ldb_set_timeout_from_prev_req(module->ldb, req, down_req); /* go on with the call chain */ @@ -159,6 +194,7 @@ static int objectguid_modify(struct ldb_module *module, struct ldb_request *req) struct ldb_message *msg; int ret; time_t t = time(NULL); + uint64_t seq_num; ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_add_record\n"); @@ -186,6 +222,15 @@ static int objectguid_modify(struct ldb_module *module, struct ldb_request *req) return LDB_ERR_OPERATIONS_ERROR; } + /* Get a sequence number from the backend */ + ret = ldb_sequence_number(module->ldb, LDB_SEQ_NEXT, &seq_num); + if (ret == LDB_SUCCESS) { + if (add_uint64_element(msg, "uSNChanged", seq_num) != 0) { + talloc_free(down_req); + return LDB_ERR_OPERATIONS_ERROR; + } + } + ldb_set_timeout_from_prev_req(module->ldb, req, down_req); /* go on with the call chain */ diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index bb085e0b11..437e288be5 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -474,28 +474,103 @@ static int partition_sequence_number(struct ldb_module *module, struct ldb_reque { int i, ret; uint64_t seq_number = 0; + uint64_t timestamp_sequence = 0; + uint64_t timestamp = 0; struct partition_private_data *data = talloc_get_type(module->private_data, struct partition_private_data); - ret = ldb_next_request(module, req); - if (ret != LDB_SUCCESS) { - return ret; - } - seq_number = seq_number + req->op.seq_num.seq_num; - /* Look at base DN */ - /* Figure out which partition it is under */ - /* Skip the lot if 'data' isn't here yet (initialistion) */ - for (i=0; data && data->partitions && data->partitions[i]; i++) { - struct ldb_module *next = make_module_for_next_request(req, module->ldb, data->partitions[i]->module); - - ret = ldb_next_request(next, req); - talloc_free(next); + switch (req->op.seq_num.type) { + case LDB_SEQ_NEXT: + case LDB_SEQ_HIGHEST_SEQ: + ret = ldb_next_request(module, req); + if (ret != LDB_SUCCESS) { + return ret; + } + if (req->op.seq_num.flags & LDB_SEQ_TIMESTAMP_SEQUENCE) { + timestamp_sequence = req->op.seq_num.seq_num; + } else { + seq_number = seq_number + req->op.seq_num.seq_num; + } + + /* Look at base DN */ + /* Figure out which partition it is under */ + /* Skip the lot if 'data' isn't here yet (initialistion) */ + for (i=0; data && data->partitions && data->partitions[i]; i++) { + struct ldb_module *next = make_module_for_next_request(req, module->ldb, data->partitions[i]->module); + + ret = ldb_next_request(next, req); + talloc_free(next); + if (ret != LDB_SUCCESS) { + return ret; + } + if (req->op.seq_num.flags & LDB_SEQ_TIMESTAMP_SEQUENCE) { + timestamp_sequence = MAX(timestamp_sequence, req->op.seq_num.seq_num); + } else { + seq_number = seq_number + req->op.seq_num.seq_num; + } + } + /* fall though */ + case LDB_SEQ_HIGHEST_TIMESTAMP: + { + struct ldb_request *date_req = talloc(req, struct ldb_request); + if (!date_req) { + return LDB_ERR_OPERATIONS_ERROR; + } + *date_req = *req; + date_req->op.seq_num.flags = LDB_SEQ_HIGHEST_TIMESTAMP; + + ret = ldb_next_request(module, date_req); if (ret != LDB_SUCCESS) { return ret; } - seq_number = seq_number + req->op.seq_num.seq_num; + timestamp = date_req->op.seq_num.seq_num; + + /* Look at base DN */ + /* Figure out which partition it is under */ + /* Skip the lot if 'data' isn't here yet (initialistion) */ + for (i=0; data && data->partitions && data->partitions[i]; i++) { + struct ldb_module *next = make_module_for_next_request(req, module->ldb, data->partitions[i]->module); + + ret = ldb_next_request(next, date_req); + talloc_free(next); + if (ret != LDB_SUCCESS) { + return ret; + } + timestamp = MAX(timestamp, date_req->op.seq_num.seq_num); + } + break; + } + } + + switch (req->op.seq_num.flags) { + case LDB_SEQ_NEXT: + case LDB_SEQ_HIGHEST_SEQ: + + req->op.seq_num.flags = 0; + + /* Has someone above set a timebase sequence? */ + if (timestamp_sequence) { + req->op.seq_num.seq_num = (((unsigned long long)timestamp << 24) | (seq_number & 0xFFFFFF)); + } else { + req->op.seq_num.seq_num = seq_number; + } + + if (timestamp_sequence > req->op.seq_num.seq_num) { + req->op.seq_num.seq_num = timestamp_sequence; + req->op.seq_num.flags |= LDB_SEQ_TIMESTAMP_SEQUENCE; + } + + req->op.seq_num.flags |= LDB_SEQ_GLOBAL_SEQUENCE; + break; + case LDB_SEQ_HIGHEST_TIMESTAMP: + req->op.seq_num.seq_num = timestamp; + break; + } + + switch (req->op.seq_num.flags) { + case LDB_SEQ_NEXT: + req->op.seq_num.seq_num++; } - req->op.seq_num.seq_num = seq_number; return LDB_SUCCESS; } diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index c180e2f1b0..a8bc3fbdc2 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -118,7 +118,7 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms if (do_attribute(attrs, "highestCommittedUSN")) { uint64_t seq_num; - int ret = ldb_sequence_number(module->ldb, &seq_num); + int ret = ldb_sequence_number(module->ldb, LDB_SEQ_HIGHEST_SEQ, &seq_num); if (ret == LDB_SUCCESS) { if (ldb_msg_add_fmt(msg, "highestCommittedUSN", "%llu", (unsigned long long)seq_num) != 0) { -- cgit From 7a1c1a1fd88d907c3ed4b336ac50ba06896593b4 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 25 Sep 2006 22:53:03 +0000 Subject: r18908: Store the schema structure into an opaque pointer so that it can be reused by multiple connections (This used to be commit ca8827d8f9a9f6ec60afed29b0b85f491d725d1c) --- source4/dsdb/samdb/ldb_modules/schema.c | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/schema.c b/source4/dsdb/samdb/ldb_modules/schema.c index 95330e7e8c..1a7060a524 100644 --- a/source4/dsdb/samdb/ldb_modules/schema.c +++ b/source4/dsdb/samdb/ldb_modules/schema.c @@ -496,8 +496,8 @@ static int schema_init_classes(struct ldb_module *module, struct schema_private_ data->class[i]->defobjcat = talloc_strdup(data->class[i], ldb_msg_find_attr_as_string(res->msgs[i], "defaultObjectCategory", NULL)); - SCHEMA_CHECK_VALUE(data->class[i]->defobjcat, NULL, module); - +/* SCHEMA_CHECK_VALUE(data->class[i]->defobjcat, NULL, module); +*/ /* the following attributes are all optional */ data->class[i]->systemOnly = ldb_msg_find_attr_as_bool(res->msgs[i], "systemOnly", False); @@ -1028,9 +1028,9 @@ static int schema_add_build_down_req(struct schema_context *sctx) if (!temp->next) break; if (temp->next->role != SCHEMA_CT_STRUCTURAL) break; } - oc = talloc_strdup(msg, temp->class->defobjcat); +/* oc = talloc_strdup(msg, temp->class->defobjcat); ret = ldb_msg_add_string(msg, "objectCategory", oc); - +*/ sctx->down_req->op.add.message = msg; return LDB_SUCCESS; @@ -1250,13 +1250,19 @@ static int schema_init(struct ldb_module *module) struct ldb_result *res; int ret; - /* need to let the partiorion module to register first */ + /* need to let the partition module to register first */ ret = ldb_next_init(module); if (ret != LDB_SUCCESS) { return ret; } - data = talloc_zero(module, struct schema_private_data); + data = ldb_get_opaque(module->ldb, "schema_instance"); + if (data) { + module->private_data = data; + return LDB_SUCCESS; + } + + data = talloc_zero(module->ldb, struct schema_private_data); if (data == NULL) { return LDB_ERR_OPERATIONS_ERROR; } @@ -1299,6 +1305,8 @@ static int schema_init(struct ldb_module *module) } module->private_data = data; + ldb_set_opaque(module->ldb, "schema_instance", data); + return LDB_SUCCESS; } -- cgit From ce02a7e9dc974b49444f716060df21a1412f0aaf Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 27 Sep 2006 06:42:19 +0000 Subject: r18945: fix compiler warnings and end-of-non-void function bugs metze (This used to be commit ed195999c0c7d89cdc61e980576d191fc05d65d7) --- source4/dsdb/samdb/ldb_modules/entryUUID.c | 26 ++++++++++++++++---------- source4/dsdb/samdb/ldb_modules/partition.c | 2 +- 2 files changed, 17 insertions(+), 11 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/entryUUID.c b/source4/dsdb/samdb/ldb_modules/entryUUID.c index 04beac7a94..328a7654ed 100644 --- a/source4/dsdb/samdb/ldb_modules/entryUUID.c +++ b/source4/dsdb/samdb/ldb_modules/entryUUID.c @@ -112,7 +112,7 @@ static struct ldb_val objectCategory_always_dn(struct ldb_module *module, TALLOC struct entryUUID_private *entryUUID_private; struct ldb_result *list; - if (ldb_dn_explode(ctx, val->data)) { + if (ldb_dn_explode(ctx, (const char *)val->data)) { return *val; } map_private = talloc_get_type(module->private_data, struct map_private); @@ -121,7 +121,7 @@ static struct ldb_val objectCategory_always_dn(struct ldb_module *module, TALLOC list = entryUUID_private->objectclass_res; for (i=0; list && (i < list->count); i++) { - if (ldb_attr_cmp(val->data, ldb_msg_find_attr_as_string(list->msgs[i], "lDAPDisplayName", NULL)) == 0) { + if (ldb_attr_cmp((const char *)val->data, ldb_msg_find_attr_as_string(list->msgs[i], "lDAPDisplayName", NULL)) == 0) { char *dn = ldb_dn_linearize(ctx, list->msgs[i]->dn); return data_blob_string_const(dn); } @@ -142,7 +142,7 @@ static struct ldb_val class_to_oid(struct ldb_module *module, TALLOC_CTX *ctx, c list = entryUUID_private->objectclass_res; for (i=0; list && (i < list->count); i++) { - if (ldb_attr_cmp(val->data, ldb_msg_find_attr_as_string(list->msgs[i], "lDAPDisplayName", NULL)) == 0) { + if (ldb_attr_cmp((const char *)val->data, ldb_msg_find_attr_as_string(list->msgs[i], "lDAPDisplayName", NULL)) == 0) { const char *oid = ldb_msg_find_attr_as_string(list->msgs[i], "governsID", NULL); return data_blob_string_const(oid); } @@ -163,7 +163,7 @@ static struct ldb_val class_from_oid(struct ldb_module *module, TALLOC_CTX *ctx, list = entryUUID_private->objectclass_res; for (i=0; list && (i < list->count); i++) { - if (ldb_attr_cmp(val->data, ldb_msg_find_attr_as_string(list->msgs[i], "governsID", NULL)) == 0) { + if (ldb_attr_cmp((const char *)val->data, ldb_msg_find_attr_as_string(list->msgs[i], "governsID", NULL)) == 0) { const char *oc = ldb_msg_find_attr_as_string(list->msgs[i], "lDAPDisplayName", NULL); return data_blob_string_const(oc); } @@ -174,13 +174,13 @@ static struct ldb_val class_from_oid(struct ldb_module *module, TALLOC_CTX *ctx, static struct ldb_val normalise_to_signed32(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) { - long long int signed_ll = strtoll(val->data, NULL, 10); + long long int signed_ll = strtoll((const char *)val->data, NULL, 10); if (signed_ll >= 0x80000000LL) { union { int32_t signed_int; uint32_t unsigned_int; } u = { - .unsigned_int = strtoul(val->data, NULL, 10) + .unsigned_int = strtoul((const char *)val->data, NULL, 10) }; struct ldb_val out = data_blob_string_const(talloc_asprintf(ctx, "%d", u.signed_int)); @@ -192,7 +192,7 @@ static struct ldb_val normalise_to_signed32(struct ldb_module *module, TALLOC_CT static struct ldb_val usn_to_entryCSN(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) { struct ldb_val out; - unsigned long long usn = strtoull(val->data, NULL, 10); + unsigned long long usn = strtoull((const char *)val->data, NULL, 10); time_t t = (usn >> 24); out = data_blob_string_const(talloc_asprintf(ctx, "%s#%06x#00#000000", ldb_timestring(ctx, t), (unsigned int)(usn & 0xFFFFFF))); return out; @@ -200,7 +200,7 @@ static struct ldb_val usn_to_entryCSN(struct ldb_module *module, TALLOC_CTX *ctx static unsigned long long entryCSN_to_usn_int(TALLOC_CTX *ctx, const struct ldb_val *val) { - char *entryCSN = talloc_strdup(ctx, val->data); + char *entryCSN = talloc_strdup(ctx, (const char *)val->data); char *mod_per_sec; time_t t; unsigned long long usn; @@ -242,7 +242,7 @@ static struct ldb_val entryCSN_to_usn(struct ldb_module *module, TALLOC_CTX *ctx static struct ldb_val usn_to_timestamp(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) { struct ldb_val out; - unsigned long long usn = strtoull(val->data, NULL, 10); + unsigned long long usn = strtoull((const char *)val->data, NULL, 10); time_t t = (usn >> 24); out = data_blob_string_const(ldb_timestring(ctx, t)); return out; @@ -254,7 +254,7 @@ static struct ldb_val timestamp_to_usn(struct ldb_module *module, TALLOC_CTX *ct time_t t; unsigned long long usn; - t = ldb_string_to_time(val->data); + t = ldb_string_to_time((const char *)val->data); usn = ((unsigned long long)t <<24); @@ -495,6 +495,8 @@ static int get_remote_rootdse(struct ldb_context *ldb, void *context, } entryUUID_private->base_dns[i] = NULL; } + + return LDB_SUCCESS; } static int find_base_dns(struct ldb_module *module, @@ -539,6 +541,8 @@ static int find_base_dns(struct ldb_module *module, if (ret != LDB_SUCCESS) { return ret; } + + return LDB_SUCCESS; } /* the context init function */ @@ -588,6 +592,8 @@ static int get_seq(struct ldb_context *ldb, void *context, *max_seq = MAX(seq, *max_seq); } } + + return LDB_SUCCESS; } static int entryUUID_sequence_number(struct ldb_module *module, struct ldb_request *req) diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index 437e288be5..a38f08e104 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -718,7 +718,7 @@ static int partition_init(struct ldb_module *module) } for (i=0; i < replicate_attributes->num_values; i++) { - data->replicate[i] = ldb_dn_explode(data->replicate, replicate_attributes->values[i].data); + data->replicate[i] = ldb_dn_explode(data->replicate, (const char *)replicate_attributes->values[i].data); if (!data->replicate[i]) { ldb_asprintf_errstring(module->ldb, "partition_init: " -- cgit From 59b66744f7318d8197f0d2029bf3b641dafa327e Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sun, 15 Oct 2006 23:14:19 +0000 Subject: r19299: Fix possible memleaks (This used to be commit 6fad80bb09113a60689061a2de67711c9924708b) --- source4/dsdb/samdb/ldb_modules/entryUUID.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/entryUUID.c b/source4/dsdb/samdb/ldb_modules/entryUUID.c index 328a7654ed..215d777d00 100644 --- a/source4/dsdb/samdb/ldb_modules/entryUUID.c +++ b/source4/dsdb/samdb/ldb_modules/entryUUID.c @@ -468,7 +468,9 @@ static int fetch_objectclass_schema(struct ldb_context *ldb, struct ldb_dn *sche if (ret != LDB_SUCCESS) { return ret; } - + + talloc_steal(mem_ctx, objectclass_res); + return ret; } -- cgit From 379e6598e128e5e63a10bd6a81ede01d3965a8be Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 16 Oct 2006 01:19:01 +0000 Subject: r19308: Merge samsync fixes from SAMBA_4_0_RELEASE Andrew Bartlett (This used to be commit 331003239972d80864211377e864f7e469bd3d77) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index d8ef9176fd..6f24c7fa4c 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -102,7 +102,7 @@ static int add_password_hashes(struct ldb_module *module, struct ldb_message *ms sambaPassword = ldb_msg_find_attr_as_string(msg, "sambaPassword", NULL); if (sambaPassword == NULL) { /* impossible, what happened ?! */ - return LDB_ERR_OPERATIONS_ERROR; + return LDB_ERR_CONSTRAINT_VIOLATION; } if (is_mod) { @@ -634,6 +634,20 @@ static int password_hash_add(struct ldb_module *module, struct ldb_request *req) return LDB_ERR_CONSTRAINT_VIOLATION; } + if (sambaAttr && sambaAttr->num_values == 0) { + ldb_set_errstring(module->ldb, "sambaPassword must have a value!\n"); + return LDB_ERR_CONSTRAINT_VIOLATION; + } + + if (ntAttr && (ntAttr->num_values == 0)) { + ldb_set_errstring(module->ldb, "lmPwdHash must have a value!\n"); + return LDB_ERR_CONSTRAINT_VIOLATION; + } + if (lmAttr && (lmAttr->num_values == 0)) { + ldb_set_errstring(module->ldb, "lmPwdHash must have a value!\n"); + return LDB_ERR_CONSTRAINT_VIOLATION; + } + h = ph_init_handle(req, module, PH_ADD); if (!h) { return LDB_ERR_OPERATIONS_ERROR; -- cgit From b0fadb51b210d6400bc66bce8603b522e1aad347 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 16 Oct 2006 03:12:48 +0000 Subject: r19313: Don't mess with hierarchies!! There is a reason why we use them :-) (This used to be commit e3b7e91299559ddc7f300be53785d313a4aa90fc) --- source4/dsdb/samdb/ldb_modules/samba3sam.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samba3sam.c b/source4/dsdb/samdb/ldb_modules/samba3sam.c index fcbcf0f421..341fad4bd9 100644 --- a/source4/dsdb/samdb/ldb_modules/samba3sam.c +++ b/source4/dsdb/samdb/ldb_modules/samba3sam.c @@ -67,7 +67,7 @@ static struct ldb_message_element *generate_primaryGroupID(struct ldb_module *mo el->name = talloc_strdup(ctx, "primaryGroupID"); el->num_values = 1; el->values = talloc_array(ctx, struct ldb_val, 1); - el->values[0].data = (uint8_t *)talloc_strdup(ctx, strchr(sid, '-')+1); + el->values[0].data = (uint8_t *)talloc_strdup(el->values, strchr(sid, '-')+1); el->values[0].length = strlen((char *)el->values[0].data); return el; -- cgit From bd8f63a61747d91452dadaa1667bc30a708fa4d4 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 16 Oct 2006 07:32:22 +0000 Subject: r19321: Merge from release branch: Always set the krb5key from the ntPwdHash, even if we don't have the cleartext password in sambaPassword. This fixes kerberos after a vampire. Andrew Bartlett (This used to be commit 1d4d2271c9b944db3a9a2eba971aec5bcd9cf100) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 6f24c7fa4c..a4862f3820 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -724,12 +724,6 @@ static int password_hash_add_do_add(struct ldb_handle *h) { return ret; } - /* add also kr5 keys based on NT the hash */ - ret = add_krb5_keys_from_NThash(ac->module, msg, smb_krb5_context); - if (ret != LDB_SUCCESS) { - return ret; - } - /* if both the domain properties and the user account controls do not permit * clear text passwords then wipe out the sambaPassword */ user_account_control = ldb_msg_find_attr_as_uint(msg, "userAccountControl", 0); @@ -740,6 +734,12 @@ static int password_hash_add_do_add(struct ldb_handle *h) { } } + /* add also krb5 keys based on NT the hash (we might have ntPwdHash, but not the cleartext */ + ret = add_krb5_keys_from_NThash(ac->module, msg, smb_krb5_context); + if (ret != LDB_SUCCESS) { + return ret; + } + /* don't touch it if a value is set. It could be an incoming samsync */ if (ldb_msg_find_attr_as_uint64(msg, "pwdLastSet", 0) == 0) { if (set_pwdLastSet(ac->module, msg, 0) != LDB_SUCCESS) { -- cgit From 86a549eacaef6fee1077c96790cb037b09638c31 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 16 Oct 2006 11:12:13 +0000 Subject: r19328: another leak plugged .... (This used to be commit f57535b9c2214e58c71084fcb9d74848e7d26b89) --- source4/dsdb/samdb/ldb_modules/samldb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 8cf865bd3e..f6070d518c 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -751,7 +751,7 @@ static int samldb_add(struct ldb_module *module, struct ldb_request *req) return ldb_next_request(module, req); } - down_req = talloc(module, struct ldb_request); + down_req = talloc(req, struct ldb_request); if (down_req == NULL) { return LDB_ERR_OPERATIONS_ERROR; } -- cgit From 8b60b7fa2ad0f707cad5af63566f4dd931a7a6b9 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 16 Oct 2006 11:23:40 +0000 Subject: r19329: fixed a leak in the password hash module (This used to be commit 3f48bcb0585684686ba7601eb7614589a1bc2f5d) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index a4862f3820..8bfd46e641 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -501,7 +501,7 @@ static int build_domain_data_request(struct ph_context *ac) return LDB_ERR_OPERATIONS_ERROR; } - ac->dom_req->op.search.tree = ldb_parse_tree(ac->module->ldb, filter); + ac->dom_req->op.search.tree = ldb_parse_tree(ac->dom_req, filter); if (ac->dom_req->op.search.tree == NULL) { ldb_set_errstring(ac->module->ldb, "Invalid search filter"); talloc_free(ac->dom_req); -- cgit From 56bacd2b44f975f34b101561b9a38660dd04d499 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 16 Oct 2006 11:57:44 +0000 Subject: r19330: Fix memleaks (This used to be commit f163f422e3f201d8b0e22538949eccf0f7e62143) --- source4/dsdb/samdb/ldb_modules/samldb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index f6070d518c..f589ba859d 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -130,7 +130,6 @@ static int samldb_find_next_rid(struct ldb_module *module, TALLOC_CTX *mem_ctx, if (ret != LDB_SUCCESS) { return ret; } - talloc_steal(mem_ctx, res); if (res->count != 1) { talloc_free(res); return LDB_ERR_OPERATIONS_ERROR; @@ -257,6 +256,7 @@ static int samldb_get_new_sid(struct ldb_module *module, ldb_asprintf_errstring(module->ldb, "samldb_get_new_sid: error retrieving domain sid from %s: not found!\n", ldb_dn_linearize(mem_ctx, dom_dn)); + talloc_free(res); return LDB_ERR_CONSTRAINT_VIOLATION; } -- cgit From 549dd10f0f4bbc15c47a6da885db5d802b0a9a24 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 16 Oct 2006 12:03:55 +0000 Subject: r19332: ldb_parse_tree leaks (This used to be commit 3e0e2787c1da1c3831e21b163e1370001d725a3d) --- source4/dsdb/samdb/ldb_modules/local_password.c | 4 ++-- source4/dsdb/samdb/ldb_modules/password_hash.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/local_password.c b/source4/dsdb/samdb/ldb_modules/local_password.c index 85e4318693..a19b71a44f 100644 --- a/source4/dsdb/samdb/ldb_modules/local_password.c +++ b/source4/dsdb/samdb/ldb_modules/local_password.c @@ -402,7 +402,7 @@ static int local_password_mod_search_self(struct ldb_handle *h) { ac->search_req->operation = LDB_SEARCH; ac->search_req->op.search.base = ac->orig_req->op.mod.message->dn; ac->search_req->op.search.scope = LDB_SCOPE_BASE; - ac->search_req->op.search.tree = ldb_parse_tree(ac->module->ldb, NULL); + ac->search_req->op.search.tree = ldb_parse_tree(ac->orig_req, NULL); if (ac->search_req->op.search.tree == NULL) { ldb_set_errstring(ac->module->ldb, "Invalid search filter"); return LDB_ERR_OPERATIONS_ERROR; @@ -601,7 +601,7 @@ static int lpdb_remote_search_callback(struct ldb_context *ldb, void *context, s } req->operation = LDB_SEARCH; req->op.search.scope = LDB_SCOPE_BASE; - req->op.search.tree = ldb_parse_tree(ac->module->ldb, NULL); + req->op.search.tree = ldb_parse_tree(req, NULL); if (req->op.search.tree == NULL) { ldb_set_errstring(ac->module->ldb, "Out of Memory"); return LDB_ERR_OPERATIONS_ERROR; diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 8bfd46e641..9ba7bc44c4 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -924,7 +924,7 @@ static int password_hash_mod_search_self(struct ldb_handle *h) { ac->search_req->operation = LDB_SEARCH; ac->search_req->op.search.base = ac->orig_req->op.mod.message->dn; ac->search_req->op.search.scope = LDB_SCOPE_BASE; - ac->search_req->op.search.tree = ldb_parse_tree(ac->module->ldb, NULL); + ac->search_req->op.search.tree = ldb_parse_tree(ac->search_req, NULL); if (ac->search_req->op.search.tree == NULL) { ldb_set_errstring(ac->module->ldb, "Invalid search filter"); return LDB_ERR_OPERATIONS_ERROR; -- cgit From d9cb938dcd73f10fb36838a5edaee1690628ec1b Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 16 Oct 2006 12:05:06 +0000 Subject: r19333: commit module changes I made some time ago before I loose them (This used to be commit 524ec78086597e0507cb6ce307155ef1b6a47836) --- source4/dsdb/samdb/ldb_modules/schema.c | 130 +++++-------------------- source4/dsdb/samdb/ldb_modules/schema_syntax.c | 102 +++++++++++++++++++ source4/dsdb/samdb/ldb_modules/schema_syntax.h | 9 ++ 3 files changed, 135 insertions(+), 106 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/schema.c b/source4/dsdb/samdb/ldb_modules/schema.c index 1a7060a524..87b1d30269 100644 --- a/source4/dsdb/samdb/ldb_modules/schema.c +++ b/source4/dsdb/samdb/ldb_modules/schema.c @@ -234,108 +234,6 @@ struct schema_attribute **schema_get_attrs_list(struct ldb_module *module, return list; } -static int map_schema_syntax(uint32_t om_syntax, const char *attr_syntax, const struct ldb_val *om_class, enum schema_internal_syntax *syntax) -{ - int ret; - - ret = LDB_SUCCESS; - - switch(om_syntax) { - case 1: - *syntax = SCHEMA_AS_BOOLEAN; - break; - case 2: - *syntax = SCHEMA_AS_INTEGER; - break; - case 4: - if (strcmp(attr_syntax, "2.5.5.10") == 0) { - *syntax = SCHEMA_AS_OCTET_STRING; - break; - } - if (strcmp(attr_syntax, "2.5.5.17") == 0) { - *syntax = SCHEMA_AS_SID; - break; - } - ret = LDB_ERR_OPERATIONS_ERROR; - break; - case 6: - *syntax = SCHEMA_AS_OID; - break; - case 10: - *syntax = SCHEMA_AS_ENUMERATION; - break; - case 18: - *syntax = SCHEMA_AS_NUMERIC_STRING; - break; - case 19: - *syntax = SCHEMA_AS_PRINTABLE_STRING; - break; - case 20: - *syntax = SCHEMA_AS_CASE_IGNORE_STRING; - break; - case 22: - *syntax = SCHEMA_AS_IA5_STRING; - break; - case 23: - *syntax = SCHEMA_AS_UTC_TIME; - break; - case 24: - *syntax = SCHEMA_AS_GENERALIZED_TIME; - break; - case 27: - *syntax = SCHEMA_AS_CASE_SENSITIVE_STRING; - break; - case 64: - *syntax = SCHEMA_AS_DIRECTORY_STRING; - break; - case 65: - *syntax = SCHEMA_AS_LARGE_INTEGER; - break; - case 66: - *syntax = SCHEMA_AS_OBJECT_SECURITY_DESCRIPTOR; - break; - case 127: - if (!om_class) { - ret = LDB_ERR_OPERATIONS_ERROR; - break; - } - - if (memcmp(om_class->data, "\x2b\x0c\x02\x87\x73\x1c\x00\x85\x4a\x00", MIN(om_class->length, 10)) == 0) { - *syntax = SCHEMA_AS_DN; - break; - } - if (memcmp(om_class->data, "\x2a\x86\x48\x86\xf7\x14\x01\x01\x01\x0b", MIN(om_class->length, 10)) == 0) { - *syntax = SCHEMA_AS_DN_BINARY; - break; - } - if (memcmp(om_class->data, "\x56\x06\x01\x02\x05\x0b\x1d\x00\x00\x00", MIN(om_class->length, 10)) == 0) { - *syntax = SCHEMA_AS_OR_NAME; - break; - } - if (memcmp(om_class->data, "\x2a\x86\x48\x86\xf7\x14\x01\x01\x01\x06", MIN(om_class->length, 10)) == 0) { - *syntax = SCHEMA_AS_REPLICA_LINK; - break; - } - if (memcmp(om_class->data, "\x2b\x0c\x02\x87\x73\x1c\x00\x85\x5c\x00", MIN(om_class->length, 10)) == 0) { - *syntax = SCHEMA_AS_PRESENTATION_ADDRESS; - break; - } - if (memcmp(om_class->data, "\x2b\x0c\x02\x87\x73\x1c\x00\x85\x3e\x00", MIN(om_class->length, 10)) == 0) { - *syntax = SCHEMA_AS_ACCESS_POINT; - break; - } - if (memcmp(om_class->data, "\x2a\x86\x48\x86\xf7\x14\x01\x01\x01\x0c", MIN(om_class->length, 10)) == 0) { - *syntax = SCHEMA_AS_DN_STRING; - break; - } - /* not found will error in default: */ - default: - ret = LDB_ERR_OPERATIONS_ERROR; - } - - return ret; -} - static int schema_init_attrs(struct ldb_module *module, struct schema_private_data *data) { static const char *schema_attrs[] = { "attributeID", @@ -435,7 +333,7 @@ static int schema_init_classes(struct ldb_module *module, struct schema_private_ static const char *schema_attrs[] = { "governsID", "lDAPDisplayName", "objectClassCategory", - "defaultObjectCategory" + "defaultObjectCategory", "systemOnly", "systemFlag", "isDefunct", @@ -662,7 +560,7 @@ static int schema_add_build_parent_req(struct schema_context *sctx) sctx->parent_req->operation = LDB_SEARCH; sctx->parent_req->op.search.scope = LDB_SCOPE_BASE; sctx->parent_req->op.search.base = ldb_dn_get_parent(sctx->parent_req, sctx->orig_req->op.add.message->dn); - sctx->parent_req->op.search.tree = ldb_parse_tree(sctx->module->ldb, "(objectClass=*)"); + sctx->parent_req->op.search.tree = ldb_parse_tree(sctx->parent_req, "(objectClass=*)"); sctx->parent_req->op.search.attrs = parent_attrs; sctx->parent_req->controls = NULL; sctx->parent_req->context = sctx; @@ -1036,6 +934,27 @@ static int schema_add_build_down_req(struct schema_context *sctx) return LDB_SUCCESS; } +static int schema_check_attributes_syntax(struct schema_context *sctx) +{ + struct ldb_message *msg; + struct schema_attribute *attr; + int i, ret; + + msg = sctx->orig_req->op.add.message; + for (i = 0; i < msg->num_elements; i++) { + attr = schema_store_find(sctx->data->attrs_store, msg->elements[i].name); + if (attr == NULL) { + return LDB_ERR_NO_SUCH_ATTRIBUTE; + } + ret = schema_validate(&msg->elements[i], attr->syntax, attr->single, attr->min, attr->max); + if (ret != LDB_SUCCESS) { + return ret; + } + } + + return LDB_SUCCESS; +} + static int schema_add_continue(struct ldb_handle *h) { struct schema_context *sctx; @@ -1077,12 +996,11 @@ static int schema_add_continue(struct ldb_handle *h) } /* check attributes syntax */ - /* + ret = schema_check_attributes_syntax(sctx); if (ret != LDB_SUCCESS) { break; } - */ ret = schema_add_build_down_req(sctx); if (ret != LDB_SUCCESS) { diff --git a/source4/dsdb/samdb/ldb_modules/schema_syntax.c b/source4/dsdb/samdb/ldb_modules/schema_syntax.c index 02c42bbf8f..f23c2d156d 100644 --- a/source4/dsdb/samdb/ldb_modules/schema_syntax.c +++ b/source4/dsdb/samdb/ldb_modules/schema_syntax.c @@ -35,6 +35,108 @@ #include "ldb/include/ldb_errors.h" #include "schema_syntax.h" +int map_schema_syntax(uint32_t om_syntax, const char *attr_syntax, const struct ldb_val *om_class, enum schema_internal_syntax *syntax) +{ + int ret; + + ret = LDB_SUCCESS; + + switch(om_syntax) { + case 1: + *syntax = SCHEMA_AS_BOOLEAN; + break; + case 2: + *syntax = SCHEMA_AS_INTEGER; + break; + case 4: + if (strcmp(attr_syntax, "2.5.5.10") == 0) { + *syntax = SCHEMA_AS_OCTET_STRING; + break; + } + if (strcmp(attr_syntax, "2.5.5.17") == 0) { + *syntax = SCHEMA_AS_SID; + break; + } + ret = LDB_ERR_OPERATIONS_ERROR; + break; + case 6: + *syntax = SCHEMA_AS_OID; + break; + case 10: + *syntax = SCHEMA_AS_ENUMERATION; + break; + case 18: + *syntax = SCHEMA_AS_NUMERIC_STRING; + break; + case 19: + *syntax = SCHEMA_AS_PRINTABLE_STRING; + break; + case 20: + *syntax = SCHEMA_AS_CASE_IGNORE_STRING; + break; + case 22: + *syntax = SCHEMA_AS_IA5_STRING; + break; + case 23: + *syntax = SCHEMA_AS_UTC_TIME; + break; + case 24: + *syntax = SCHEMA_AS_GENERALIZED_TIME; + break; + case 27: + *syntax = SCHEMA_AS_CASE_SENSITIVE_STRING; + break; + case 64: + *syntax = SCHEMA_AS_DIRECTORY_STRING; + break; + case 65: + *syntax = SCHEMA_AS_LARGE_INTEGER; + break; + case 66: + *syntax = SCHEMA_AS_OBJECT_SECURITY_DESCRIPTOR; + break; + case 127: + if (!om_class) { + ret = LDB_ERR_OPERATIONS_ERROR; + break; + } + + if (memcmp(om_class->data, "\x2b\x0c\x02\x87\x73\x1c\x00\x85\x4a\x00", MIN(om_class->length, 10)) == 0) { + *syntax = SCHEMA_AS_DN; + break; + } + if (memcmp(om_class->data, "\x2a\x86\x48\x86\xf7\x14\x01\x01\x01\x0b", MIN(om_class->length, 10)) == 0) { + *syntax = SCHEMA_AS_DN_BINARY; + break; + } + if (memcmp(om_class->data, "\x56\x06\x01\x02\x05\x0b\x1d\x00\x00\x00", MIN(om_class->length, 10)) == 0) { + *syntax = SCHEMA_AS_OR_NAME; + break; + } + if (memcmp(om_class->data, "\x2a\x86\x48\x86\xf7\x14\x01\x01\x01\x06", MIN(om_class->length, 10)) == 0) { + *syntax = SCHEMA_AS_REPLICA_LINK; + break; + } + if (memcmp(om_class->data, "\x2b\x0c\x02\x87\x73\x1c\x00\x85\x5c\x00", MIN(om_class->length, 10)) == 0) { + *syntax = SCHEMA_AS_PRESENTATION_ADDRESS; + break; + } + if (memcmp(om_class->data, "\x2b\x0c\x02\x87\x73\x1c\x00\x85\x3e\x00", MIN(om_class->length, 10)) == 0) { + *syntax = SCHEMA_AS_ACCESS_POINT; + break; + } + if (memcmp(om_class->data, "\x2a\x86\x48\x86\xf7\x14\x01\x01\x01\x0c", MIN(om_class->length, 10)) == 0) { + *syntax = SCHEMA_AS_DN_STRING; + break; + } + /* not found will error in default: */ + default: + ret = LDB_ERR_OPERATIONS_ERROR; + } + + return ret; +} + static int schema_validate_boolean(struct ldb_val *val, int min, int max) { diff --git a/source4/dsdb/samdb/ldb_modules/schema_syntax.h b/source4/dsdb/samdb/ldb_modules/schema_syntax.h index 1974c10b99..453f79a3c2 100644 --- a/source4/dsdb/samdb/ldb_modules/schema_syntax.h +++ b/source4/dsdb/samdb/ldb_modules/schema_syntax.h @@ -62,3 +62,12 @@ enum schema_internal_syntax { SCHEMA_AS_DN_STRING = 23 }; +int map_schema_syntax(uint32_t om_syntax, + const char *attr_syntax, + const struct ldb_val *om_class, + enum schema_internal_syntax *syntax); + +int schema_validate(struct ldb_message_element *el, + enum schema_internal_syntax type, + bool single, int min, int max); + -- cgit From fd82e3f39b71bf37a2aa0d63cc127e89fb8dd438 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 16 Oct 2006 12:30:02 +0000 Subject: r19337: never alloc on module unless you mean to attach a context to it to keep the data around as long as the module lives (This used to be commit d2073c1f7e1bc674358df5da0dc09e183b4b8712) --- source4/dsdb/samdb/ldb_modules/entryUUID.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/entryUUID.c b/source4/dsdb/samdb/ldb_modules/entryUUID.c index 215d777d00..38f366dfa2 100644 --- a/source4/dsdb/samdb/ldb_modules/entryUUID.c +++ b/source4/dsdb/samdb/ldb_modules/entryUUID.c @@ -510,7 +510,7 @@ static int find_base_dns(struct ldb_module *module, "namingContexts", NULL }; - req = talloc(module, struct ldb_request); + req = talloc(entryUUID_private, struct ldb_request); if (req == NULL) { ldb_set_errstring(module->ldb, "Out of Memory"); return LDB_ERR_OPERATIONS_ERROR; -- cgit From 7f833458ca0083654e34cbfde1c6c6510cab1826 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Wed, 25 Oct 2006 01:42:59 +0000 Subject: r19489: Change ldb_msg_add_value and ldb_msg_add_empty to take a foruth argument. This is a pointer to an element pointer. If it is not null it will be filled with the pointer of the manipulated element. Will avoid double searches on the elements list in some cases. (This used to be commit 0fa5d4bc225b83e9f63ac6d75bffc4c08eb6b620) --- source4/dsdb/samdb/ldb_modules/local_password.c | 4 +--- source4/dsdb/samdb/ldb_modules/objectguid.c | 2 +- source4/dsdb/samdb/ldb_modules/password_hash.c | 20 ++++++++++---------- source4/dsdb/samdb/ldb_modules/samldb.c | 2 +- source4/dsdb/samdb/ldb_modules/schema.c | 2 +- 5 files changed, 14 insertions(+), 16 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/local_password.c b/source4/dsdb/samdb/ldb_modules/local_password.c index a19b71a44f..b5cff0272d 100644 --- a/source4/dsdb/samdb/ldb_modules/local_password.c +++ b/source4/dsdb/samdb/ldb_modules/local_password.c @@ -498,12 +498,10 @@ static int lpdb_local_search_callback(struct ldb_context *ldb, void *context, st ares->message->elements[i].name); if (!el) { if (ldb_msg_add_empty(local_context->remote_res->message, - ares->message->elements[i].name, 0) != LDB_SUCCESS) { + ares->message->elements[i].name, 0, &el) != LDB_SUCCESS) { talloc_free(ares); return LDB_ERR_OPERATIONS_ERROR; } - el = ldb_msg_find_element(local_context->remote_res->message, - ares->message->elements[i].name); *el = ares->message->elements[i]; } } diff --git a/source4/dsdb/samdb/ldb_modules/objectguid.c b/source4/dsdb/samdb/ldb_modules/objectguid.c index 0c4a493adb..76413ca56b 100644 --- a/source4/dsdb/samdb/ldb_modules/objectguid.c +++ b/source4/dsdb/samdb/ldb_modules/objectguid.c @@ -151,7 +151,7 @@ static int objectguid_add(struct ldb_module *module, struct ldb_request *req) return LDB_ERR_OPERATIONS_ERROR; } - ret = ldb_msg_add_value(msg, "objectGUID", &v); + ret = ldb_msg_add_value(msg, "objectGUID", &v, NULL); if (ret) { talloc_free(down_req); return ret; diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 9ba7bc44c4..1b35ec3e8c 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -106,10 +106,10 @@ static int add_password_hashes(struct ldb_module *module, struct ldb_message *ms } if (is_mod) { - if (ldb_msg_add_empty(msg, "ntPwdHash", LDB_FLAG_MOD_REPLACE) != 0) { + if (ldb_msg_add_empty(msg, "ntPwdHash", LDB_FLAG_MOD_REPLACE, NULL) != 0) { return LDB_ERR_OPERATIONS_ERROR; } - if (ldb_msg_add_empty(msg, "lmPwdHash", LDB_FLAG_MOD_REPLACE) != 0) { + if (ldb_msg_add_empty(msg, "lmPwdHash", LDB_FLAG_MOD_REPLACE, NULL) != 0) { return LDB_ERR_OPERATIONS_ERROR; } } @@ -250,7 +250,7 @@ static int add_krb5_keys_from_password(struct ldb_module *module, struct ldb_mes hdb_free_keys (smb_krb5_context->krb5_context, num_keys, keys); return LDB_ERR_OPERATIONS_ERROR; } - ret = ldb_msg_add_value(msg, "krb5Key", &val); + ret = ldb_msg_add_value(msg, "krb5Key", &val, NULL); if (ret != LDB_SUCCESS) { hdb_free_keys (smb_krb5_context->krb5_context, num_keys, keys); return ret; @@ -301,7 +301,7 @@ static int add_krb5_keys_from_NThash(struct ldb_module *module, struct ldb_messa if (!val.data) { return LDB_ERR_OPERATIONS_ERROR; } - if (ldb_msg_add_value(msg, "krb5Key", &val) != 0) { + if (ldb_msg_add_value(msg, "krb5Key", &val, NULL) != 0) { return LDB_ERR_OPERATIONS_ERROR; } @@ -319,12 +319,12 @@ static int set_pwdLastSet(struct ldb_module *module, struct ldb_message *msg, in /* be sure there isn't a 0 value set (eg. coming from the template) */ ldb_msg_remove_attr(msg, "pwdLastSet"); /* add */ - if (ldb_msg_add_empty(msg, "pwdLastSet", LDB_FLAG_MOD_ADD) != 0) { + if (ldb_msg_add_empty(msg, "pwdLastSet", LDB_FLAG_MOD_ADD, NULL) != 0) { return LDB_ERR_OPERATIONS_ERROR; } } else { /* replace */ - if (ldb_msg_add_empty(msg, "pwdLastSet", LDB_FLAG_MOD_REPLACE) != 0) { + if (ldb_msg_add_empty(msg, "pwdLastSet", LDB_FLAG_MOD_REPLACE, NULL) != 0) { return LDB_ERR_OPERATIONS_ERROR; } } @@ -339,7 +339,7 @@ static int set_pwdLastSet(struct ldb_module *module, struct ldb_message *msg, in static int add_keyVersionNumber(struct ldb_module *module, struct ldb_message *msg, int previous) { /* replace or add */ - if (ldb_msg_add_empty(msg, "msDS-KeyVersionNumber", LDB_FLAG_MOD_REPLACE) != 0) { + if (ldb_msg_add_empty(msg, "msDS-KeyVersionNumber", LDB_FLAG_MOD_REPLACE, NULL) != 0) { return LDB_ERR_OPERATIONS_ERROR; } @@ -385,7 +385,7 @@ static int setPwdHistory(struct ldb_module *module, struct ldb_message *msg, str } else { ZERO_STRUCT(new_nt_history[0]); } - if (ldb_msg_add_empty(msg, "sambaNTPwdHistory", LDB_FLAG_MOD_REPLACE) != LDB_SUCCESS) { + if (ldb_msg_add_empty(msg, "sambaNTPwdHistory", LDB_FLAG_MOD_REPLACE, NULL) != LDB_SUCCESS) { return LDB_ERR_OPERATIONS_ERROR; } if (samdb_msg_add_hashes(msg, msg, "sambaNTPwdHistory", new_nt_history, nt_hist_len) != LDB_SUCCESS) { @@ -408,7 +408,7 @@ static int setPwdHistory(struct ldb_module *module, struct ldb_message *msg, str } else { ZERO_STRUCT(new_lm_history[0]); } - if (ldb_msg_add_empty(msg, "sambaLMPwdHistory", LDB_FLAG_MOD_REPLACE) != LDB_SUCCESS) { + if (ldb_msg_add_empty(msg, "sambaLMPwdHistory", LDB_FLAG_MOD_REPLACE, NULL) != LDB_SUCCESS) { return LDB_ERR_OPERATIONS_ERROR; } if (samdb_msg_add_hashes(msg, msg, "sambaLMPwdHistory", new_lm_history, lm_hist_len) != LDB_SUCCESS) { @@ -1005,7 +1005,7 @@ static int password_hash_mod_do_mod(struct ldb_handle *h) { } /* we are going to replace the existing krb5key or delete it */ - if (ldb_msg_add_empty(msg, "krb5key", LDB_FLAG_MOD_REPLACE) != 0) { + if (ldb_msg_add_empty(msg, "krb5key", LDB_FLAG_MOD_REPLACE, NULL) != 0) { return LDB_ERR_OPERATIONS_ERROR; } diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index f589ba859d..fbb5ead537 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -54,7 +54,7 @@ static BOOL samldb_msg_add_sid(struct ldb_module *module, struct ldb_message *ms if (!NT_STATUS_IS_OK(status)) { return -1; } - return (ldb_msg_add_value(msg, name, &v) == 0); + return (ldb_msg_add_value(msg, name, &v, NULL) == 0); } /* diff --git a/source4/dsdb/samdb/ldb_modules/schema.c b/source4/dsdb/samdb/ldb_modules/schema.c index 87b1d30269..fe275ce841 100644 --- a/source4/dsdb/samdb/ldb_modules/schema.c +++ b/source4/dsdb/samdb/ldb_modules/schema.c @@ -902,7 +902,7 @@ static int schema_add_build_down_req(struct schema_context *sctx) /* rebuild the objectclass list */ ldb_msg_remove_attr(msg, "objectClass"); - ret = ldb_msg_add_empty(msg, "objectClass", 0); + ret = ldb_msg_add_empty(msg, "objectClass", 0, NULL); if (ret != LDB_SUCCESS) { return ret; } -- cgit From 4fa24df98ded939c68bdc95e9f09334caeeb84af Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sun, 29 Oct 2006 17:40:19 +0000 Subject: r19507: Merge my DSO fixes branch. Building Samba's libraries as shared libraries works again now, by specifying --enable-dso to configure. (This used to be commit 7a01235067a4800b07b8919a6a475954bfb0b04c) --- source4/dsdb/samdb/ldb_modules/config.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index 725d98ac7e..bf286b4828 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -28,7 +28,7 @@ OBJ_FILES = \ [MODULE::ldb_samba3sam] SUBSYSTEM = ldb INIT_FUNCTION = ldb_samba3sam_module_init -PRIVATE_DEPENDENCIES = LIBTALLOC +PRIVATE_DEPENDENCIES = LIBTALLOC ldb_map OBJ_FILES = \ samba3sam.o # -- cgit From 899ae849e87bf4c294f8e30d0de9a17917526321 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 1 Nov 2006 03:21:04 +0000 Subject: r19522: Remove gensec and credentials dependency from the rootdse module (less dependency loops). This moves the evaluation of the SASL mechansim list to display in the rootDSE to the ldap server. Andrew Bartlett (This used to be commit 379da475e224d93c05d91b37902c121eb4007d97) --- source4/dsdb/samdb/ldb_modules/rootdse.c | 32 ++++++++++++-------------------- 1 file changed, 12 insertions(+), 20 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index a8bc3fbdc2..88f5eba2b4 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -25,7 +25,6 @@ #include "lib/ldb/include/ldb.h" #include "lib/ldb/include/ldb_errors.h" #include "lib/ldb/include/ldb_private.h" -#include "auth/gensec/gensec.h" #include "system/time.h" struct private_data { @@ -52,7 +51,7 @@ static int do_attribute(const char * const *attrs, const char *name) static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *msg, const char * const *attrs) { struct private_data *priv = talloc_get_type(module->private_data, struct private_data); - struct cli_credentials *server_creds; + char **server_sasl; msg->dn = ldb_dn_explode(msg, ""); @@ -93,25 +92,18 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms } } - server_creds = talloc_get_type(ldb_get_opaque(module->ldb, "server_credentials"), - struct cli_credentials); - if (server_creds && do_attribute(attrs, "supportedSASLMechanisms")) { - struct gensec_security_ops **backends = gensec_security_all(); - enum credentials_use_kerberos use_kerberos - = cli_credentials_get_kerberos_state(server_creds); - struct gensec_security_ops **ops - = gensec_use_kerberos_mechs(msg, backends, use_kerberos); + server_sasl = talloc_get_type(ldb_get_opaque(module->ldb, "supportedSASLMechanims"), + char *); + if (server_sasl && do_attribute(attrs, "supportedSASLMechanisms")) { int i; - for (i = 0; ops && ops[i]; i++) { - if (ops[i]->sasl_name && ops[i]->server_start) { - char *sasl_name = talloc_strdup(msg, ops[i]->sasl_name); - if (!sasl_name) { - goto failed; - } - if (ldb_msg_add_steal_string(msg, "supportedSASLMechanisms", - sasl_name) != 0) { - goto failed; - } + for (i = 0; server_sasl && server_sasl[i]; i++) { + char *sasl_name = talloc_strdup(msg, server_sasl[i]); + if (!sasl_name) { + goto failed; + } + if (ldb_msg_add_steal_string(msg, "supportedSASLMechanisms", + sasl_name) != 0) { + goto failed; } } } -- cgit From b7774527faf095f612eb1de48efacec6bd710a87 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Wed, 1 Nov 2006 23:31:26 +0000 Subject: r19531: Make struct ldb_dn opaque and local to ldb_dn.c (This used to be commit 889fb983ba1cf8a11424a8b3dc3a5ef76e780082) --- source4/dsdb/samdb/ldb_modules/partition.c | 2 +- source4/dsdb/samdb/ldb_modules/rootdse.c | 2 +- source4/dsdb/samdb/ldb_modules/samldb.c | 26 +++++++++++++------------- 3 files changed, 15 insertions(+), 15 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index a38f08e104..d678364b6e 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -316,7 +316,7 @@ static int partition_search(struct ldb_module *module, struct ldb_request *req) ac = talloc_get_type(h->private_data, struct partition_context); /* Search from the base DN */ - if (!req->op.search.base || req->op.search.base->comp_num == 0) { + if (!req->op.search.base || (ldb_dn_get_comp_num(req->op.search.base) == 0)) { return partition_send_all(module, ac, req); } for (i=0; data && data->partitions && data->partitions[i]; i++) { diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index 88f5eba2b4..c174ac65a1 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -173,7 +173,7 @@ static int rootdse_search(struct ldb_module *module, struct ldb_request *req) /* see if its for the rootDSE */ if (req->op.search.scope != LDB_SCOPE_BASE || - (req->op.search.base && req->op.search.base->comp_num != 0)) { + (req->op.search.base && ldb_dn_get_comp_num(req->op.search.base) != 0)) { return ldb_next_request(module, req); } diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index fbb5ead537..e86a3bfde4 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -433,7 +433,7 @@ static int samldb_fill_group_object(struct ldb_module *module, const struct ldb_ int ret; const char *name; struct ldb_message *msg2; - struct ldb_dn_component *rdn; + const char *rdn_name; TALLOC_CTX *mem_ctx = talloc_new(msg); const char *errstr; if (!mem_ctx) { @@ -457,10 +457,10 @@ static int samldb_fill_group_object(struct ldb_module *module, const struct ldb_ return ret; } - rdn = ldb_dn_get_rdn(msg2, msg2->dn); + rdn_name = ldb_dn_get_rdn_name(msg2->dn); - if (strcasecmp(rdn->name, "cn") != 0) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_group_object: Bad RDN (%s) for group!\n", rdn->name); + if (strcasecmp(rdn_name, "cn") != 0) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_group_object: Bad RDN (%s) for group!\n", rdn_name); talloc_free(mem_ctx); return LDB_ERR_CONSTRAINT_VIOLATION; } @@ -496,7 +496,7 @@ static int samldb_fill_user_or_computer_object(struct ldb_module *module, const int ret; char *name; struct ldb_message *msg2; - struct ldb_dn_component *rdn; + const char *rdn_name; TALLOC_CTX *mem_ctx = talloc_new(msg); const char *errstr; if (!mem_ctx) { @@ -556,10 +556,10 @@ static int samldb_fill_user_or_computer_object(struct ldb_module *module, const } } - rdn = ldb_dn_get_rdn(msg2, msg2->dn); + rdn_name = ldb_dn_get_rdn_name(msg2->dn); - if (strcasecmp(rdn->name, "cn") != 0) { - ldb_asprintf_errstring(module->ldb, "Bad RDN (%s=) for user/computer, should be CN=!\n", rdn->name); + if (strcasecmp(rdn_name, "cn") != 0) { + ldb_asprintf_errstring(module->ldb, "Bad RDN (%s=) for user/computer, should be CN=!\n", rdn_name); talloc_free(mem_ctx); return LDB_ERR_CONSTRAINT_VIOLATION; } @@ -598,7 +598,7 @@ static int samldb_fill_foreignSecurityPrincipal_object(struct ldb_module *module struct ldb_message **ret_msg) { struct ldb_message *msg2; - struct ldb_dn_component *rdn; + const char *rdn_name; struct dom_sid *dom_sid; struct dom_sid *sid; const char *dom_attrs[] = { "name", NULL }; @@ -631,10 +631,10 @@ static int samldb_fill_foreignSecurityPrincipal_object(struct ldb_module *module return ret; } - rdn = ldb_dn_get_rdn(msg2, msg2->dn); + rdn_name = ldb_dn_get_rdn_name(msg2->dn); - if (strcasecmp(rdn->name, "cn") != 0) { - ldb_asprintf_errstring(module->ldb, "Bad RDN (%s=) for ForeignSecurityPrincipal, should be CN=!", rdn->name); + if (strcasecmp(rdn_name, "cn") != 0) { + ldb_asprintf_errstring(module->ldb, "Bad RDN (%s=) for ForeignSecurityPrincipal, should be CN=!", rdn_name); talloc_free(mem_ctx); return LDB_ERR_CONSTRAINT_VIOLATION; } @@ -643,7 +643,7 @@ static int samldb_fill_foreignSecurityPrincipal_object(struct ldb_module *module * domain SIDs ending up there, it would cause all sorts of * pain */ - sid = dom_sid_parse_talloc(msg2, (const char *)rdn->value.data); + sid = dom_sid_parse_talloc(msg2, (const char *)ldb_dn_get_rdn_val(msg2->dn)->data); if (!sid) { ldb_set_errstring(module->ldb, "No valid found SID in ForeignSecurityPrincipal CN!"); talloc_free(mem_ctx); -- cgit From 76d0193bf3cc12fde1ce454a17a334d97b4533f3 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 15 Nov 2006 17:35:24 +0000 Subject: r19726: when a client explicit asks for the 'netlogon' attriubute on LDAP the result entry is skipped! metze (This used to be commit 62aa73f3d56596780fc82fecbc99c688ecbf5b08) --- source4/dsdb/samdb/ldb_modules/rootdse.c | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index c174ac65a1..371031be26 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -151,6 +151,15 @@ static int rootdse_callback(struct ldb_context *ldb, void *context, struct ldb_r ac = talloc_get_type(context, struct rootdse_context); if (ares->type == LDB_REPLY_ENTRY) { + /* + * if the client explicit asks for the 'netlogon' attribute + * the reply_entry needs to be skipped + */ + if (ac->attrs && ldb_attr_in_list(ac->attrs, "netlogon")) { + talloc_free(ares); + return LDB_SUCCESS; + } + /* for each record returned post-process to add any dynamic attributes that have been asked for */ if (rootdse_add_dynamic(ac->module, ares->message, ac->attrs) != LDB_SUCCESS) { -- cgit From adae413042e15e7228bcc25321913b38ae61358a Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 16 Nov 2006 09:16:17 +0000 Subject: r19731: Modify the ldb_map infrustructure to always map from requested attributes to backend (remote) attributes. We can't do a reverse mapping safely where the remote attribute may be a source for multiple local attributes. (We end up with the wrong attributes returned). In doing this, I've modified the samba3sam.js test to be more realistic, and fixed some failures in the handling of primaryGroupID. I've added a new (private) helper function ldb_msg_remove_element() to avoid a double lookup of the element name. I've also re-formatted many of the function headers, to fit into standard editor widths. Andrew Bartlett (This used to be commit 186766e3095e71ba716c69e681592e217a3bc420) --- source4/dsdb/samdb/ldb_modules/samba3sam.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samba3sam.c b/source4/dsdb/samdb/ldb_modules/samba3sam.c index 341fad4bd9..6c7c3c7066 100644 --- a/source4/dsdb/samdb/ldb_modules/samba3sam.c +++ b/source4/dsdb/samdb/ldb_modules/samba3sam.c @@ -52,22 +52,25 @@ /* In Samba4 but not in Samba3: */ -static struct ldb_message_element *generate_primaryGroupID(struct ldb_module *module, TALLOC_CTX *ctx, const char *attr, const struct ldb_message *remote) +/* From a sambaPrimaryGroupSID, generate a primaryGroupID (integer) attribute */ +static struct ldb_message_element *generate_primaryGroupID(struct ldb_module *module, TALLOC_CTX *ctx, const char *local_attr, const struct ldb_message *remote) { struct ldb_message_element *el; - const char *sid = ldb_msg_find_attr_as_string(remote, attr, NULL); - + const char *sid = ldb_msg_find_attr_as_string(remote, "sambaPrimaryGroupSID", NULL); + const char *p; + if (!sid) return NULL; - if (strchr(sid, '-') == NULL) + p = strrchr(sid, '-'); + if (!p) return NULL; el = talloc_zero(ctx, struct ldb_message_element); el->name = talloc_strdup(ctx, "primaryGroupID"); el->num_values = 1; el->values = talloc_array(ctx, struct ldb_val, 1); - el->values[0].data = (uint8_t *)talloc_strdup(el->values, strchr(sid, '-')+1); + el->values[0].data = (uint8_t *)talloc_strdup(el->values, strrchr(sid, '-')+1); el->values[0].length = strlen((char *)el->values[0].data); return el; @@ -80,6 +83,7 @@ static void generate_sambaPrimaryGroupSID(struct ldb_module *module, const char struct dom_sid *sid; NTSTATUS status; + /* We need the domain, so we get it from the objectSid that we hope is here... */ sidval = ldb_msg_find_ldb_val(local, "objectSid"); if (!sidval) -- cgit From 84138215cade4bd427a4a04810696cbb89434928 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 16 Nov 2006 09:34:19 +0000 Subject: r19732: The 'res' from ldb_search is only valid if the call returns LDB_SUCCESS. This seems to show up (as an abort() from talloc) particularly under ldb_ildap. Andrew Bartlett (This used to be commit 9890af534d845d471d2a98268c408a907b29e016) --- source4/dsdb/samdb/ldb_modules/samldb.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index e86a3bfde4..3ce5cc1b5c 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -200,9 +200,12 @@ static struct ldb_dn *samldb_search_domain(struct ldb_module *module, TALLOC_CTX do { ret = ldb_search(module->ldb, sdn, LDB_SCOPE_BASE, "(|(objectClass=domain)(objectClass=builtinDomain))", attrs, &res); - talloc_steal(local_ctx, res); - if (ret == LDB_SUCCESS && res->count == 1) - break; + if (ret == LDB_SUCCESS) { + talloc_steal(local_ctx, res); + if (res->count == 1) { + break; + } + } } while ((sdn = ldb_dn_get_parent(local_ctx, sdn))); if (ret != LDB_SUCCESS || res->count != 1) { -- cgit From c9035c6633236c940b915f3cee2a7e87b3038678 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 17 Nov 2006 01:21:13 +0000 Subject: r19757: Don't do the strrchr twice. Pointed out by Martin Kuhl. Andrew Bartlett (This used to be commit c4bf9cc09b36d8dcc465608b55bbf5dc07aed9e4) --- source4/dsdb/samdb/ldb_modules/samba3sam.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samba3sam.c b/source4/dsdb/samdb/ldb_modules/samba3sam.c index 6c7c3c7066..be60dd7b4c 100644 --- a/source4/dsdb/samdb/ldb_modules/samba3sam.c +++ b/source4/dsdb/samdb/ldb_modules/samba3sam.c @@ -70,7 +70,7 @@ static struct ldb_message_element *generate_primaryGroupID(struct ldb_module *mo el->name = talloc_strdup(ctx, "primaryGroupID"); el->num_values = 1; el->values = talloc_array(ctx, struct ldb_val, 1); - el->values[0].data = (uint8_t *)talloc_strdup(el->values, strrchr(sid, '-')+1); + el->values[0].data = (uint8_t *)talloc_strdup(el->values, p+1); el->values[0].length = strlen((char *)el->values[0].data); return el; -- cgit From 4889eb9f7aae9349e426d0f6d2217adff67eaebd Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Wed, 22 Nov 2006 00:59:34 +0000 Subject: r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63) --- source4/dsdb/samdb/ldb_modules/entryUUID.c | 12 ++--- source4/dsdb/samdb/ldb_modules/extended_dn.c | 7 +-- source4/dsdb/samdb/ldb_modules/kludge_acl.c | 2 +- source4/dsdb/samdb/ldb_modules/local_password.c | 25 ++++----- source4/dsdb/samdb/ldb_modules/partition.c | 35 ++++++------- source4/dsdb/samdb/ldb_modules/password_hash.c | 6 +-- source4/dsdb/samdb/ldb_modules/proxy.c | 15 +++--- source4/dsdb/samdb/ldb_modules/rootdse.c | 6 +-- source4/dsdb/samdb/ldb_modules/samldb.c | 12 ++--- source4/dsdb/samdb/ldb_modules/schema.c | 6 +-- source4/dsdb/samdb/ldb_modules/schema_syntax.c | 67 ++++++++++++------------- source4/dsdb/samdb/ldb_modules/schema_syntax.h | 3 +- 12 files changed, 90 insertions(+), 106 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/entryUUID.c b/source4/dsdb/samdb/ldb_modules/entryUUID.c index 38f366dfa2..2bc97f2040 100644 --- a/source4/dsdb/samdb/ldb_modules/entryUUID.c +++ b/source4/dsdb/samdb/ldb_modules/entryUUID.c @@ -112,7 +112,7 @@ static struct ldb_val objectCategory_always_dn(struct ldb_module *module, TALLOC struct entryUUID_private *entryUUID_private; struct ldb_result *list; - if (ldb_dn_explode(ctx, (const char *)val->data)) { + if (ldb_dn_validate(ldb_dn_new(ctx, module->ldb, (const char *)val->data))) { return *val; } map_private = talloc_get_type(module->private_data, struct map_private); @@ -415,7 +415,7 @@ static struct ldb_dn *find_schema_dn(struct ldb_context *ldb, TALLOC_CTX *mem_ct { const char *rootdse_attrs[] = {"schemaNamingContext", NULL}; struct ldb_dn *schema_dn; - struct ldb_dn *basedn = ldb_dn_explode(mem_ctx, ""); + struct ldb_dn *basedn = ldb_dn_new(mem_ctx, ldb, NULL); struct ldb_result *rootdse_res; int ldb_ret; if (!basedn) { @@ -436,7 +436,7 @@ static struct ldb_dn *find_schema_dn(struct ldb_context *ldb, TALLOC_CTX *mem_ct } /* Locate schema */ - schema_dn = ldb_msg_find_attr_as_dn(mem_ctx, rootdse_res->msgs[0], "schemaNamingContext"); + schema_dn = ldb_msg_find_attr_as_dn(ldb, mem_ctx, rootdse_res->msgs[0], "schemaNamingContext"); if (!schema_dn) { return NULL; } @@ -490,8 +490,8 @@ static int get_remote_rootdse(struct ldb_context *ldb, void *context, if (!entryUUID_private->base_dns) { return LDB_ERR_OPERATIONS_ERROR; } - entryUUID_private->base_dns[i] = ldb_dn_explode(entryUUID_private->base_dns, (const char *)el->values[i].data); - if (!entryUUID_private->base_dns[i]) { + entryUUID_private->base_dns[i] = ldb_dn_new(entryUUID_private->base_dns, ldb, (const char *)el->values[i].data); + if ( ! ldb_dn_validate(entryUUID_private->base_dns[i])) { return LDB_ERR_OPERATIONS_ERROR; } } @@ -517,7 +517,7 @@ static int find_base_dns(struct ldb_module *module, } req->operation = LDB_SEARCH; - req->op.search.base = ldb_dn_new(req); + req->op.search.base = ldb_dn_new(req, module->ldb, NULL); req->op.search.scope = LDB_SCOPE_BASE; req->op.search.tree = ldb_parse_tree(req, "objectClass=*"); diff --git a/source4/dsdb/samdb/ldb_modules/extended_dn.c b/source4/dsdb/samdb/ldb_modules/extended_dn.c index 64600fff8b..012ac74514 100644 --- a/source4/dsdb/samdb/ldb_modules/extended_dn.c +++ b/source4/dsdb/samdb/ldb_modules/extended_dn.c @@ -97,6 +97,7 @@ static BOOL add_attrs(void *mem_ctx, char ***attrs, const char *attr) } static BOOL inject_extended_dn(struct ldb_message *msg, + struct ldb_context *ldb, int type, BOOL remove_guid, BOOL remove_sid) @@ -152,8 +153,8 @@ static BOOL inject_extended_dn(struct ldb_message *msg, if (!new_dn) return False; - msg->dn = ldb_dn_explode_or_special(msg, new_dn); - if (!msg->dn) + msg->dn = ldb_dn_new(msg, ldb, new_dn); + if (! ldb_dn_validate(msg->dn)) return False; val = ldb_msg_find_ldb_val(msg, "distinguishedName"); @@ -193,7 +194,7 @@ static int extended_callback(struct ldb_context *ldb, void *context, struct ldb_ if (ares->type == LDB_REPLY_ENTRY) { /* for each record returned post-process to add any derived attributes that have been asked for */ - if (!inject_extended_dn(ares->message, ac->extended_type, ac->remove_guid, ac->remove_sid)) { + if (!inject_extended_dn(ares->message, ldb, ac->extended_type, ac->remove_guid, ac->remove_sid)) { goto error; } } diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index 088f2657cc..176cfbf3a5 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -231,7 +231,7 @@ static int kludge_acl_init(struct ldb_module *module) return LDB_ERR_OPERATIONS_ERROR; } - ret = ldb_search(module->ldb, ldb_dn_explode(mem_ctx, "@KLUDGEACL"), + ret = ldb_search(module->ldb, ldb_dn_new(mem_ctx, module->ldb, "@KLUDGEACL"), LDB_SCOPE_BASE, NULL, attrs, &res); diff --git a/source4/dsdb/samdb/ldb_modules/local_password.c b/source4/dsdb/samdb/ldb_modules/local_password.c index b5cff0272d..57323d859f 100644 --- a/source4/dsdb/samdb/ldb_modules/local_password.c +++ b/source4/dsdb/samdb/ldb_modules/local_password.c @@ -140,8 +140,7 @@ static int local_password_add(struct ldb_module *module, struct ldb_request *req } /* If the caller is manipulating the local passwords directly, let them pass */ - if (ldb_dn_compare_base(module->ldb, - ldb_dn_explode(req, LOCAL_BASE), + if (ldb_dn_compare_base(ldb_dn_new(req, module->ldb, LOCAL_BASE), req->op.add.message->dn) == 0) { return ldb_next_request(module, req); } @@ -225,9 +224,8 @@ static int local_password_add(struct ldb_module *module, struct ldb_request *req /* Find the objectGUID to use as the key */ objectGUID = samdb_result_guid(ac->orig_req->op.add.message, "objectGUID"); - local_message->dn = ldb_dn_string_compose(local_message, - ldb_dn_explode(local_message, LOCAL_BASE), - PASSWORD_GUID_ATTR "=%s", GUID_string(local_message, &objectGUID)); + local_message->dn = ldb_dn_new(local_message, module->ldb, LOCAL_BASE); + ldb_dn_add_child_fmt(local_message->dn, PASSWORD_GUID_ATTR "=%s", GUID_string(local_message, &objectGUID)); ac->local_req->op.add.message = local_message; @@ -276,8 +274,7 @@ static int local_password_modify(struct ldb_module *module, struct ldb_request * } /* If the caller is manipulating the local passwords directly, let them pass */ - if (ldb_dn_compare_base(module->ldb, - ldb_dn_explode(req, LOCAL_BASE), + if (ldb_dn_compare_base(ldb_dn_new(req, module->ldb, LOCAL_BASE), req->op.mod.message->dn) == 0) { return ldb_next_request(module, req); } @@ -447,9 +444,8 @@ static int local_password_mod_local(struct ldb_handle *h) { objectGUID = samdb_result_guid(ac->search_res->message, "objectGUID"); - ac->local_message->dn = ldb_dn_string_compose(ac, - ldb_dn_explode(ac, LOCAL_BASE), - PASSWORD_GUID_ATTR "=%s", GUID_string(ac, &objectGUID)); + ac->local_message->dn = ldb_dn_new(ac, ac->module->ldb, LOCAL_BASE); + ldb_dn_add_child_fmt(ac->local_message->dn, PASSWORD_GUID_ATTR "=%s", GUID_string(ac, &objectGUID)); h->state = LDB_ASYNC_INIT; h->status = LDB_SUCCESS; @@ -591,10 +587,8 @@ static int lpdb_remote_search_callback(struct ldb_context *ldb, void *context, s local_context->remote_res = ares; local_context->local_res = NULL; - req->op.search.base = ldb_dn_string_compose(ac, - ldb_dn_explode(ac, LOCAL_BASE), - PASSWORD_GUID_ATTR "=%s", GUID_string(ac, &objectGUID)); - if (!req->op.search.base) { + req->op.search.base = ldb_dn_new(ac, ac->module->ldb, LOCAL_BASE); + if ( ! ldb_dn_add_child_fmt(req->op.search.base, PASSWORD_GUID_ATTR "=%s", GUID_string(ac, &objectGUID))) { return LDB_ERR_OPERATIONS_ERROR; } req->operation = LDB_SEARCH; @@ -642,8 +636,7 @@ static int local_password_search(struct ldb_module *module, struct ldb_request * } /* If the caller is searching for the local passwords directly, let them pass */ - if (ldb_dn_compare_base(module->ldb, - ldb_dn_explode(req, LOCAL_BASE), + if (ldb_dn_compare_base(ldb_dn_new(req, module->ldb, LOCAL_BASE), req->op.search.base) == 0) { return ldb_next_request(module, req); } diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index d678364b6e..625c846bdc 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -100,7 +100,7 @@ struct ldb_module *make_module_for_next_request(TALLOC_CTX *mem_ctx, return current; } -struct ldb_module *find_backend(struct ldb_module *module, struct ldb_request *req, const struct ldb_dn *dn) +struct ldb_module *find_backend(struct ldb_module *module, struct ldb_request *req, struct ldb_dn *dn) { int i; struct partition_private_data *data = talloc_get_type(module->private_data, @@ -109,8 +109,7 @@ struct ldb_module *find_backend(struct ldb_module *module, struct ldb_request *r /* Figure out which partition it is under */ /* Skip the lot if 'data' isn't here yet (initialistion) */ for (i=0; data && data->partitions && data->partitions[i]; i++) { - if (ldb_dn_compare_base(module->ldb, - data->partitions[i]->dn, + if (ldb_dn_compare_base(data->partitions[i]->dn, dn) == 0) { return make_module_for_next_request(req, module->ldb, data->partitions[i]->module); } @@ -210,8 +209,7 @@ static int partition_send_request(struct partition_context *ac, struct ldb_modul /* If the search is for 'more' than this partition, * then change the basedn, so a remote LDAP server * doesn't object */ - if (ldb_dn_compare_base(ac->module->ldb, - partition_base_dn, req->op.search.base) != 0) { + if (ldb_dn_compare_base(partition_base_dn, req->op.search.base) != 0) { req->op.search.base = partition_base_dn; } req->callback = partition_search_callback; @@ -253,7 +251,7 @@ static int partition_send_all(struct ldb_module *module, /* Figure out which backend a request needs to be aimed at. Some * requests must be replicated to all backends */ -static int partition_replicate(struct ldb_module *module, struct ldb_request *req, const struct ldb_dn *dn) +static int partition_replicate(struct ldb_module *module, struct ldb_request *req, struct ldb_dn *dn) { int i; struct ldb_module *backend; @@ -262,8 +260,7 @@ static int partition_replicate(struct ldb_module *module, struct ldb_request *re /* Is this a special DN, we need to replicate to every backend? */ for (i=0; data->replicate && data->replicate[i]; i++) { - if (ldb_dn_compare(module->ldb, - data->replicate[i], + if (ldb_dn_compare(data->replicate[i], dn) == 0) { struct ldb_handle *h; struct partition_context *ac; @@ -316,13 +313,12 @@ static int partition_search(struct ldb_module *module, struct ldb_request *req) ac = talloc_get_type(h->private_data, struct partition_context); /* Search from the base DN */ - if (!req->op.search.base || (ldb_dn_get_comp_num(req->op.search.base) == 0)) { + if (!req->op.search.base || ldb_dn_is_null(req->op.search.base)) { return partition_send_all(module, ac, req); } for (i=0; data && data->partitions && data->partitions[i]; i++) { /* Find all partitions under the search base */ - if (ldb_dn_compare_base(module->ldb, - req->op.search.base, + if (ldb_dn_compare_base(req->op.search.base, data->partitions[i]->dn) == 0) { ret = partition_send_request(ac, data->partitions[i]->module, data->partitions[i]->dn); if (ret != LDB_SUCCESS) { @@ -577,13 +573,12 @@ static int partition_sequence_number(struct ldb_module *module, struct ldb_reque static int sort_compare(void *void1, void *void2, void *opaque) { - struct ldb_context *ldb = talloc_get_type(opaque, struct ldb_context); struct partition **pp1 = void1; struct partition **pp2 = void2; struct partition *partition1 = talloc_get_type(*pp1, struct partition); struct partition *partition2 = talloc_get_type(*pp2, struct partition); - return ldb_dn_compare(ldb, partition1->dn, partition2->dn); + return ldb_dn_compare(partition1->dn, partition2->dn); } static int partition_init(struct ldb_module *module) @@ -608,7 +603,7 @@ static int partition_init(struct ldb_module *module) return LDB_ERR_OPERATIONS_ERROR; } - ret = ldb_search(module->ldb, ldb_dn_explode(mem_ctx, "@PARTITION"), + ret = ldb_search(module->ldb, ldb_dn_new(mem_ctx, module->ldb, "@PARTITION"), LDB_SCOPE_BASE, NULL, attrs, &res); @@ -665,7 +660,7 @@ static int partition_init(struct ldb_module *module) return LDB_ERR_OPERATIONS_ERROR; } - data->partitions[i]->dn = ldb_dn_explode(data->partitions[i], base); + data->partitions[i]->dn = ldb_dn_new(data->partitions[i], module->ldb, base); if (!data->partitions[i]->dn) { ldb_asprintf_errstring(module->ldb, "partition_init: invalid DN in partition record: %s", base); @@ -718,8 +713,8 @@ static int partition_init(struct ldb_module *module) } for (i=0; i < replicate_attributes->num_values; i++) { - data->replicate[i] = ldb_dn_explode(data->replicate, (const char *)replicate_attributes->values[i].data); - if (!data->replicate[i]) { + data->replicate[i] = ldb_dn_new(data->replicate, module->ldb, (const char *)replicate_attributes->values[i].data); + if (!ldb_dn_validate(data->replicate[i])) { ldb_asprintf_errstring(module->ldb, "partition_init: " "invalid DN in partition replicate record: %s", @@ -765,14 +760,14 @@ static int partition_init(struct ldb_module *module) modules = ldb_modules_list_from_string(module->ldb, mem_ctx, p); - base_dn = ldb_dn_explode(mem_ctx, base); - if (!base_dn) { + base_dn = ldb_dn_new(mem_ctx, module->ldb, base); + if (!ldb_dn_validate(base_dn)) { talloc_free(mem_ctx); return LDB_ERR_OPERATIONS_ERROR; } for (partition_idx = 0; data->partitions[partition_idx]; partition_idx++) { - if (ldb_dn_compare(module->ldb, data->partitions[partition_idx]->dn, + if (ldb_dn_compare(data->partitions[partition_idx]->dn, base_dn) == 0) { partition = data->partitions[partition_idx]; break; diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 1b35ec3e8c..b25beb7a8f 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -588,8 +588,7 @@ static int password_hash_add(struct ldb_module *module, struct ldb_request *req) } /* If the caller is manipulating the local passwords directly, let them pass */ - if (ldb_dn_compare_base(module->ldb, - ldb_dn_explode(req, LOCAL_BASE), + if (ldb_dn_compare_base(ldb_dn_new(req, module->ldb, LOCAL_BASE), req->op.add.message->dn) == 0) { return ldb_next_request(module, req); } @@ -783,8 +782,7 @@ static int password_hash_modify(struct ldb_module *module, struct ldb_request *r } /* If the caller is manipulating the local passwords directly, let them pass */ - if (ldb_dn_compare_base(module->ldb, - ldb_dn_explode(req, LOCAL_BASE), + if (ldb_dn_compare_base(ldb_dn_new(req, module->ldb, LOCAL_BASE), req->op.mod.message->dn) == 0) { return ldb_next_request(module, req); } diff --git a/source4/dsdb/samdb/ldb_modules/proxy.c b/source4/dsdb/samdb/ldb_modules/proxy.c index d2628f5d1d..41fe8b68c9 100644 --- a/source4/dsdb/samdb/ldb_modules/proxy.c +++ b/source4/dsdb/samdb/ldb_modules/proxy.c @@ -70,7 +70,7 @@ static int load_proxy_info(struct ldb_module *module) return 0; } - dn = ldb_dn_explode(proxy, "@PROXYINFO"); + dn = ldb_dn_new(proxy, module->ldb, "@PROXYINFO"); if (dn == NULL) { goto failed; } @@ -94,13 +94,13 @@ static int load_proxy_info(struct ldb_module *module) goto failed; } - proxy->olddn = ldb_dn_explode(proxy, olddn); + proxy->olddn = ldb_dn_new(proxy, module->ldb, olddn); if (proxy->olddn == NULL) { ldb_debug(module->ldb, LDB_DEBUG_FATAL, "Failed to explode olddn '%s'\n", olddn); goto failed; } - proxy->newdn = ldb_dn_explode(proxy, newdn); + proxy->newdn = ldb_dn_new(proxy, module->ldb, newdn); if (proxy->newdn == NULL) { ldb_debug(module->ldb, LDB_DEBUG_FATAL, "Failed to explode newdn '%s'\n", newdn); goto failed; @@ -226,9 +226,8 @@ static void proxy_convert_record(struct ldb_module *module, struct ldb_message * /* fix the message DN */ if (ldb_dn_compare_base(module->ldb, proxy->olddn, msg->dn) == 0) { - struct ldb_dn *newdn = ldb_dn_copy(msg, msg->dn); - newdn->comp_num -= proxy->olddn->comp_num; - msg->dn = ldb_dn_compose(msg, newdn, proxy->newdn); + ldb_dn_remove_base_components(msg->dn, ldb_dn_get_comp_num(proxy->olddn)); + ldb_dn_add_base(msg->dn, proxy->newdn); } /* fix any attributes */ @@ -282,8 +281,8 @@ static int proxy_search_bytree(struct ldb_module *module, struct ldb_request *re talloc_free(newreq); goto failed; } - base->comp_num -= proxy->newdn->comp_num; - base = ldb_dn_compose(proxy, newreq->op.search.base, proxy->olddn); + ldb_dn_remove_base_components(base, ldb_dn_get_comp_num(proxy->newdn)); + ldb_dn_add_base(base, proxy->olddn); ldb_debug(module->ldb, LDB_DEBUG_FATAL, "proxying: '%s' with dn '%s' \n", ldb_filter_from_tree(proxy, newreq->op.search.tree), ldb_dn_linearize(proxy, newreq->op.search.base)); diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index 371031be26..e073c8f89b 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -53,7 +53,7 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms struct private_data *priv = talloc_get_type(module->private_data, struct private_data); char **server_sasl; - msg->dn = ldb_dn_explode(msg, ""); + msg->dn = ldb_dn_new(msg, module->ldb, NULL); /* don't return the distinduishedName, cn and name attributes */ ldb_msg_remove_attr(msg, "distinguishedName"); @@ -182,7 +182,7 @@ static int rootdse_search(struct ldb_module *module, struct ldb_request *req) /* see if its for the rootDSE */ if (req->op.search.scope != LDB_SCOPE_BASE || - (req->op.search.base && ldb_dn_get_comp_num(req->op.search.base) != 0)) { + ( ! ldb_dn_is_null(req->op.search.base))) { return ldb_next_request(module, req); } @@ -203,7 +203,7 @@ static int rootdse_search(struct ldb_module *module, struct ldb_request *req) down_req->operation = req->operation; /* in our db we store the rootDSE with a DN of cn=rootDSE */ - down_req->op.search.base = ldb_dn_explode(down_req, "cn=rootDSE"); + down_req->op.search.base = ldb_dn_new(down_req, module->ldb, "cn=rootDSE"); down_req->op.search.scope = LDB_SCOPE_BASE; down_req->op.search.tree = ldb_parse_tree(down_req, NULL); if (down_req->op.search.base == NULL || down_req->op.search.tree == NULL) { diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 3ce5cc1b5c..667b0d5ca8 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -62,7 +62,7 @@ static BOOL samldb_msg_add_sid(struct ldb_module *module, struct ldb_message *ms return 0 on failure, the id on success */ static int samldb_set_next_rid(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, - const struct ldb_dn *dn, uint32_t old_id, uint32_t new_id) + struct ldb_dn *dn, uint32_t old_id, uint32_t new_id) { struct ldb_message msg; int ret; @@ -119,7 +119,7 @@ static int samldb_set_next_rid(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, return 0 on failure, the id on success */ static int samldb_find_next_rid(struct ldb_module *module, TALLOC_CTX *mem_ctx, - const struct ldb_dn *dn, uint32_t *old_rid) + struct ldb_dn *dn, uint32_t *old_rid) { const char * const attrs[2] = { "nextRid", NULL }; struct ldb_result *res = NULL; @@ -150,7 +150,7 @@ static int samldb_find_next_rid(struct ldb_module *module, TALLOC_CTX *mem_ctx, } static int samldb_allocate_next_rid(struct ldb_module *module, TALLOC_CTX *mem_ctx, - const struct ldb_dn *dn, const struct dom_sid *dom_sid, + struct ldb_dn *dn, const struct dom_sid *dom_sid, struct dom_sid **new_sid) { struct dom_sid *obj_sid; @@ -185,7 +185,7 @@ static int samldb_allocate_next_rid(struct ldb_module *module, TALLOC_CTX *mem_c } /* Find a domain object in the parents of a particular DN. */ -static struct ldb_dn *samldb_search_domain(struct ldb_module *module, TALLOC_CTX *mem_ctx, const struct ldb_dn *dn) +static struct ldb_dn *samldb_search_domain(struct ldb_module *module, TALLOC_CTX *mem_ctx, struct ldb_dn *dn) { TALLOC_CTX *local_ctx; struct ldb_dn *sdn; @@ -224,12 +224,12 @@ static struct ldb_dn *samldb_search_domain(struct ldb_module *module, TALLOC_CTX return the new sid string */ static int samldb_get_new_sid(struct ldb_module *module, - TALLOC_CTX *mem_ctx, const struct ldb_dn *obj_dn, + TALLOC_CTX *mem_ctx, struct ldb_dn *obj_dn, struct dom_sid **sid) { const char * const attrs[2] = { "objectSid", NULL }; struct ldb_result *res = NULL; - const struct ldb_dn *dom_dn; + struct ldb_dn *dom_dn; int ret; struct dom_sid *dom_sid; diff --git a/source4/dsdb/samdb/ldb_modules/schema.c b/source4/dsdb/samdb/ldb_modules/schema.c index fe275ce841..f7bbb7b2c5 100644 --- a/source4/dsdb/samdb/ldb_modules/schema.c +++ b/source4/dsdb/samdb/ldb_modules/schema.c @@ -946,7 +946,7 @@ static int schema_check_attributes_syntax(struct schema_context *sctx) if (attr == NULL) { return LDB_ERR_NO_SUCH_ATTRIBUTE; } - ret = schema_validate(&msg->elements[i], attr->syntax, attr->single, attr->min, attr->max); + ret = schema_validate(sctx->module->ldb, &msg->elements[i], attr->syntax, attr->single, attr->min, attr->max); if (ret != LDB_SUCCESS) { return ret; } @@ -1187,7 +1187,7 @@ static int schema_init(struct ldb_module *module) /* find the schema partition */ ret = ldb_search(module->ldb, - ldb_dn_new(module), + ldb_dn_new(module, module->ldb, NULL), LDB_SCOPE_BASE, "(objectClass=*)", schema_attrs, @@ -1200,7 +1200,7 @@ static int schema_init(struct ldb_module *module) return LDB_ERR_OPERATIONS_ERROR; } - data->schema_dn = ldb_msg_find_attr_as_dn(data, res->msgs[0], "schemaNamingContext"); + data->schema_dn = ldb_msg_find_attr_as_dn(module->ldb, data, res->msgs[0], "schemaNamingContext"); if (data->schema_dn == NULL) { /* FIXME: return a clear error string */ talloc_free(data); diff --git a/source4/dsdb/samdb/ldb_modules/schema_syntax.c b/source4/dsdb/samdb/ldb_modules/schema_syntax.c index f23c2d156d..f394c75047 100644 --- a/source4/dsdb/samdb/ldb_modules/schema_syntax.c +++ b/source4/dsdb/samdb/ldb_modules/schema_syntax.c @@ -137,7 +137,7 @@ int map_schema_syntax(uint32_t om_syntax, const char *attr_syntax, const struct return ret; } -static int schema_validate_boolean(struct ldb_val *val, int min, int max) +static int schema_validate_boolean(struct ldb_context *ldb, struct ldb_val *val, int min, int max) { if ((strncmp("TRUE", (const char *)val->data, val->length) != 0) && @@ -148,7 +148,7 @@ static int schema_validate_boolean(struct ldb_val *val, int min, int max) return LDB_SUCCESS; } -static int schema_validate_integer(struct ldb_val *val, int min, int max) +static int schema_validate_integer(struct ldb_context *ldb, struct ldb_val *val, int min, int max) { int value; char *endptr; @@ -163,19 +163,19 @@ static int schema_validate_integer(struct ldb_val *val, int min, int max) return LDB_SUCCESS; } -static int schema_validate_binary_blob(struct ldb_val *val, int min, int max) +static int schema_validate_binary_blob(struct ldb_context *ldb, struct ldb_val *val, int min, int max) { /* is there anythign we should check in a binary blob ? */ return LDB_SUCCESS; } -static int schema_validate_sid(struct ldb_val *val, int min, int max) +static int schema_validate_sid(struct ldb_context *ldb, struct ldb_val *val, int min, int max) { /* TODO: validate binary form of objectSid */ return LDB_SUCCESS; } -static int schema_validate_oid(struct ldb_val *val, int min, int max) +static int schema_validate_oid(struct ldb_context *ldb, struct ldb_val *val, int min, int max) { if (strspn((const char *)val->data, "0123456789.") != val->length) return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; @@ -183,7 +183,7 @@ static int schema_validate_oid(struct ldb_val *val, int min, int max) return LDB_SUCCESS; } -static int schema_validate_numeric_string(struct ldb_val *val, int min, int max) +static int schema_validate_numeric_string(struct ldb_context *ldb, struct ldb_val *val, int min, int max) { if (strspn((const char *)val->data, "0123456789") != val->length) return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; @@ -191,80 +191,76 @@ static int schema_validate_numeric_string(struct ldb_val *val, int min, int max) return LDB_SUCCESS; } -static int schema_validate_printable_string(struct ldb_val *val, int min, int max) +static int schema_validate_printable_string(struct ldb_context *ldb, struct ldb_val *val, int min, int max) { /* TODO: find out what constitutes the printable character set */ return LDB_SUCCESS; } -static int schema_validate_teletext_string(struct ldb_val *val, int min, int max) +static int schema_validate_teletext_string(struct ldb_context *ldb, struct ldb_val *val, int min, int max) { /* TODO: find out what constitutes the teletext character set */ return LDB_SUCCESS; } -static int schema_validate_ia5_string(struct ldb_val *val, int min, int max) +static int schema_validate_ia5_string(struct ldb_context *ldb, struct ldb_val *val, int min, int max) { /* TODO: find out what constitutes the IA5 character set */ return LDB_SUCCESS; } -static int schema_validate_utc_time(struct ldb_val *val, int min, int max) +static int schema_validate_utc_time(struct ldb_context *ldb, struct ldb_val *val, int min, int max) { /* TODO: validate syntax of UTC Time string */ return LDB_SUCCESS; } -static int schema_validate_generalized_time(struct ldb_val *val, int min, int max) +static int schema_validate_generalized_time(struct ldb_context *ldb, struct ldb_val *val, int min, int max) { /* TODO: validate syntax of Generalized Time string */ return LDB_SUCCESS; } /* NOTE: not a single attribute has this syntax in the basic w2k3 schema */ -static int schema_validate_sensitive_string(struct ldb_val *val, int min, int max) +static int schema_validate_sensitive_string(struct ldb_context *ldb, struct ldb_val *val, int min, int max) { /* TODO: find out what constitutes a "case sensitive string" */ return LDB_SUCCESS; } -static int schema_validate_unicode_string(struct ldb_val *val, int min, int max) +static int schema_validate_unicode_string(struct ldb_context *ldb, struct ldb_val *val, int min, int max) { /* TODO: validate utf8 string */ return LDB_SUCCESS; } -static int schema_validate_large_integer(struct ldb_val *val, int min, int max) +static int schema_validate_large_integer(struct ldb_context *ldb, struct ldb_val *val, int min, int max) { /* TODO: validate large integer/interval */ return LDB_SUCCESS; } -static int schema_validate_object_sd(struct ldb_val *val, int min, int max) +static int schema_validate_object_sd(struct ldb_context *ldb, struct ldb_val *val, int min, int max) { /* TODO: validate object Security Descriptor */ return LDB_SUCCESS; } -static int schema_validate_dn(struct ldb_val *val, int min, int max) +static int schema_validate_dn(struct ldb_context *ldb, struct ldb_val *val, int min, int max) { - TALLOC_CTX *memctx; struct ldb_dn *dn; int ret = LDB_SUCCESS; - memctx = talloc_new(NULL); - if (!memctx) return LDB_ERR_OPERATIONS_ERROR; - - dn = ldb_dn_explode(memctx, (const char *)val->data); - if (!dn) { + dn = ldb_dn_new(ldb, ldb, (const char *)val->data); + if ( ! ldb_dn_validate(dn)) { ret = LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; } - talloc_free(memctx); + talloc_free(dn); return ret; } -static int schema_validate_binary_plus_dn(struct ldb_val *val, int min, int max) +static int schema_validate_binary_plus_dn(struct ldb_context *ldb, struct ldb_val *val, int min, int max) { int ret = LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; TALLOC_CTX *memctx; @@ -319,8 +315,8 @@ static int schema_validate_binary_plus_dn(struct ldb_val *val, int min, int max) str = p + 1; - dn = ldb_dn_explode(memctx, str); - if (dn) { + dn = ldb_dn_new(memctx, ldb, str); + if (ldb_dn_validate(dn)) { ret = LDB_SUCCESS; } @@ -329,26 +325,26 @@ done: return ret; } -static int schema_validate_x400_or_name(struct ldb_val *val, int min, int max) +static int schema_validate_x400_or_name(struct ldb_context *ldb, struct ldb_val *val, int min, int max) { /* TODO: find out what is the syntax of an X400 OR NAME */ return LDB_SUCCESS; } -static int schema_validate_presentation_address(struct ldb_val *val, int min, int max) +static int schema_validate_presentation_address(struct ldb_context *ldb, struct ldb_val *val, int min, int max) { /* TODO: find out what is the syntax of a presentation address */ return LDB_SUCCESS; } -static int schema_validate_x400_access_point(struct ldb_val *val, int min, int max) +static int schema_validate_x400_access_point(struct ldb_context *ldb, struct ldb_val *val, int min, int max) { /* TODO: find out what is the syntax of an X400 Access Point */ return LDB_SUCCESS; } /* NOTE: seem there isn't a single attribute defined like this in the base w2k3 schema */ -static int schema_validate_string_plus_dn(struct ldb_val *val, int min, int max) +static int schema_validate_string_plus_dn(struct ldb_context *ldb, struct ldb_val *val, int min, int max) { int ret = LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; TALLOC_CTX *memctx; @@ -403,8 +399,8 @@ static int schema_validate_string_plus_dn(struct ldb_val *val, int min, int max) str = p + 1; - dn = ldb_dn_explode(memctx, str); - if (dn) { + dn = ldb_dn_new(memctx, ldb, str); + if (ldb_dn_validate(dn)) { ret = LDB_SUCCESS; } @@ -415,7 +411,7 @@ done: struct schema_syntax_validator { enum schema_internal_syntax type; - int (*validate)(struct ldb_val *, int, int); + int (*validate)(struct ldb_context *ldb, struct ldb_val *, int, int); }; struct schema_syntax_validator schema_syntax_validators[] = { @@ -445,7 +441,8 @@ struct schema_syntax_validator schema_syntax_validators[] = { { -1, NULL } }; -int schema_validate(struct ldb_message_element *el, +int schema_validate(struct ldb_context *ldb, + struct ldb_message_element *el, enum schema_internal_syntax type, bool single, int min, int max) { @@ -466,7 +463,7 @@ int schema_validate(struct ldb_message_element *el, v = &schema_syntax_validators[i]; for (i = 0; i < el->num_values; i++) { - ret = v->validate(&el->values[i], min, max); + ret = v->validate(ldb, &el->values[i], min, max); } return LDB_SUCCESS; diff --git a/source4/dsdb/samdb/ldb_modules/schema_syntax.h b/source4/dsdb/samdb/ldb_modules/schema_syntax.h index 453f79a3c2..39a5603cae 100644 --- a/source4/dsdb/samdb/ldb_modules/schema_syntax.h +++ b/source4/dsdb/samdb/ldb_modules/schema_syntax.h @@ -67,7 +67,8 @@ int map_schema_syntax(uint32_t om_syntax, const struct ldb_val *om_class, enum schema_internal_syntax *syntax); -int schema_validate(struct ldb_message_element *el, +int schema_validate(struct ldb_context *ldb, + struct ldb_message_element *el, enum schema_internal_syntax type, bool single, int min, int max); -- cgit From a9e31b33b55a873c2f01db5e348560176adf863d Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Wed, 22 Nov 2006 02:05:19 +0000 Subject: r19832: better prototypes for the linearization functions: - ldb_dn_get_linearized returns a const string - ldb_dn_alloc_linearized allocs astring with the linearized dn (This used to be commit 3929c086d5d0b3f08b1c4f2f3f9602c3f4a9a4bd) --- source4/dsdb/samdb/ldb_modules/entryUUID.c | 2 +- source4/dsdb/samdb/ldb_modules/extended_dn.c | 12 +++++------- source4/dsdb/samdb/ldb_modules/local_password.c | 4 ++-- source4/dsdb/samdb/ldb_modules/password_hash.c | 4 ++-- source4/dsdb/samdb/ldb_modules/proxy.c | 4 ++-- source4/dsdb/samdb/ldb_modules/rootdse.c | 2 +- source4/dsdb/samdb/ldb_modules/samldb.c | 10 +++++----- 7 files changed, 18 insertions(+), 20 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/entryUUID.c b/source4/dsdb/samdb/ldb_modules/entryUUID.c index 2bc97f2040..42aa53ca64 100644 --- a/source4/dsdb/samdb/ldb_modules/entryUUID.c +++ b/source4/dsdb/samdb/ldb_modules/entryUUID.c @@ -122,7 +122,7 @@ static struct ldb_val objectCategory_always_dn(struct ldb_module *module, TALLOC for (i=0; list && (i < list->count); i++) { if (ldb_attr_cmp((const char *)val->data, ldb_msg_find_attr_as_string(list->msgs[i], "lDAPDisplayName", NULL)) == 0) { - char *dn = ldb_dn_linearize(ctx, list->msgs[i]->dn); + char *dn = ldb_dn_alloc_linearized(ctx, list->msgs[i]->dn); return data_blob_string_const(dn); } } diff --git a/source4/dsdb/samdb/ldb_modules/extended_dn.c b/source4/dsdb/samdb/ldb_modules/extended_dn.c index 012ac74514..a571857bbb 100644 --- a/source4/dsdb/samdb/ldb_modules/extended_dn.c +++ b/source4/dsdb/samdb/ldb_modules/extended_dn.c @@ -107,11 +107,7 @@ static BOOL inject_extended_dn(struct ldb_message *msg, struct dom_sid *sid; char *object_guid; char *object_sid; - char *new_dn, *dn; - - dn = ldb_dn_linearize(msg, msg->dn); - if (!dn) - return False; + char *new_dn; /* retrieve object_guid */ guid = samdb_result_guid(msg, "objectGUID"); @@ -140,10 +136,12 @@ static BOOL inject_extended_dn(struct ldb_message *msg, case 1: if (object_sid) { new_dn = talloc_asprintf(msg, ";;%s", - object_guid, object_sid, dn); + object_guid, object_sid, + ldb_dn_get_linearized(msg->dn)); } else { new_dn = talloc_asprintf(msg, ";%s", - object_guid, dn); + object_guid, + ldb_dn_get_linearized(msg->dn)); } break; default: diff --git a/source4/dsdb/samdb/ldb_modules/local_password.c b/source4/dsdb/samdb/ldb_modules/local_password.c index 57323d859f..9e1cdd32b3 100644 --- a/source4/dsdb/samdb/ldb_modules/local_password.c +++ b/source4/dsdb/samdb/ldb_modules/local_password.c @@ -160,7 +160,7 @@ static int local_password_add(struct ldb_module *module, struct ldb_request *req if (!ldb_msg_check_string_attribute(req->op.add.message, "objectClass", "person")) { ldb_asprintf_errstring(module->ldb, "Cannot relocate a password on entry: %s, does not have objectClass 'person'", - ldb_dn_linearize(req, req->op.add.message->dn)); + ldb_dn_get_linearized(req->op.add.message->dn)); return LDB_ERR_OBJECT_CLASS_VIOLATION; } @@ -428,7 +428,7 @@ static int local_password_mod_local(struct ldb_handle *h) { if (!ac->search_res) { ldb_asprintf_errstring(ac->module->ldb, "entry just modified (%s) not found!", - ldb_dn_linearize(ac, ac->remote_req->op.mod.message->dn)); + ldb_dn_get_linearized(ac->remote_req->op.mod.message->dn)); return LDB_ERR_OPERATIONS_ERROR; } if (!ldb_msg_check_string_attribute(ac->search_res->message, "objectClass", "person")) { diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index b25beb7a8f..38a44bdae2 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -160,7 +160,7 @@ static int add_krb5_keys_from_password(struct ldb_module *module, struct ldb_mes ldb_asprintf_errstring(module->ldb, "password_hash_handle: " "generation of new kerberos keys failed: %s is a computer without a samAccountName", - ldb_dn_linearize(msg, msg->dn)); + ldb_dn_get_linearized(msg->dn)); return LDB_ERR_OPERATIONS_ERROR; } if (name[strlen(name)-1] == '$') { @@ -191,7 +191,7 @@ static int add_krb5_keys_from_password(struct ldb_module *module, struct ldb_mes ldb_asprintf_errstring(module->ldb, "password_hash_handle: " "generation of new kerberos keys failed: %s has no samAccountName", - ldb_dn_linearize(msg, msg->dn)); + ldb_dn_get_linearized(msg->dn)); return LDB_ERR_OPERATIONS_ERROR; } krb5_ret = krb5_make_principal(smb_krb5_context->krb5_context, diff --git a/source4/dsdb/samdb/ldb_modules/proxy.c b/source4/dsdb/samdb/ldb_modules/proxy.c index 41fe8b68c9..0dd5ee1e3d 100644 --- a/source4/dsdb/samdb/ldb_modules/proxy.c +++ b/source4/dsdb/samdb/ldb_modules/proxy.c @@ -285,7 +285,7 @@ static int proxy_search_bytree(struct ldb_module *module, struct ldb_request *re ldb_dn_add_base(base, proxy->olddn); ldb_debug(module->ldb, LDB_DEBUG_FATAL, "proxying: '%s' with dn '%s' \n", - ldb_filter_from_tree(proxy, newreq->op.search.tree), ldb_dn_linearize(proxy, newreq->op.search.base)); + ldb_filter_from_tree(proxy, newreq->op.search.tree), ldb_dn_get_linearized(newreq->op.search.base)); for (i = 0; req->op.search.attrs && req->op.search.attrs[i]; i++) { ldb_debug(module->ldb, LDB_DEBUG_FATAL, "attr: '%s'\n", req->op.search.attrs[i]); } @@ -313,7 +313,7 @@ static int proxy_search_bytree(struct ldb_module *module, struct ldb_request *re failed: ldb_debug(module->ldb, LDB_DEBUG_TRACE, "proxy failed for %s\n", - ldb_dn_linearize(proxy, req->op.search.base)); + ldb_dn_get_linearized(req->op.search.base)); passthru: return ldb_next_request(module, req); diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index e073c8f89b..86e97f9cfb 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -86,7 +86,7 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms for (i = 0; i < priv->num_partitions; i++) { struct ldb_dn *dn = priv->partitions[i]; if (ldb_msg_add_steal_string(msg, "namingContexts", - ldb_dn_linearize(msg, dn)) != 0) { + ldb_dn_alloc_linearized(msg, dn)) != 0) { goto failed; } } diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 667b0d5ca8..c62c7dcf71 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -139,7 +139,7 @@ static int samldb_find_next_rid(struct ldb_module *module, TALLOC_CTX *mem_ctx, if (str == NULL) { ldb_asprintf_errstring(module->ldb, "attribute nextRid not found in %s\n", - ldb_dn_linearize(res, dn)); + ldb_dn_get_linearized(dn)); talloc_free(res); return LDB_ERR_OPERATIONS_ERROR; } @@ -239,7 +239,7 @@ static int samldb_get_new_sid(struct ldb_module *module, if (dom_dn == NULL) { ldb_asprintf_errstring(module->ldb, "Invalid dn (%s) not child of a domain object!\n", - ldb_dn_linearize(mem_ctx, obj_dn)); + ldb_dn_get_linearized(obj_dn)); return LDB_ERR_CONSTRAINT_VIOLATION; } @@ -249,7 +249,7 @@ static int samldb_get_new_sid(struct ldb_module *module, if (ret != LDB_SUCCESS) { ldb_asprintf_errstring(module->ldb, "samldb_get_new_sid: error retrieving domain sid from %s: %s!\n", - ldb_dn_linearize(mem_ctx, dom_dn), + ldb_dn_get_linearized(dom_dn), ldb_errstring(module->ldb)); talloc_free(res); return ret; @@ -258,7 +258,7 @@ static int samldb_get_new_sid(struct ldb_module *module, if (res->count != 1) { ldb_asprintf_errstring(module->ldb, "samldb_get_new_sid: error retrieving domain sid from %s: not found!\n", - ldb_dn_linearize(mem_ctx, dom_dn)); + ldb_dn_get_linearized(dom_dn)); talloc_free(res); return LDB_ERR_CONSTRAINT_VIOLATION; } @@ -273,7 +273,7 @@ static int samldb_get_new_sid(struct ldb_module *module, /* allocate a new Rid for the domain */ ret = samldb_allocate_next_rid(module, mem_ctx, dom_dn, dom_sid, sid); if (ret != 0) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "Failed to increment nextRid of %s: %s\n", ldb_dn_linearize(mem_ctx, dom_dn), ldb_errstring(module->ldb)); + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "Failed to increment nextRid of %s: %s\n", ldb_dn_get_linearized(dom_dn), ldb_errstring(module->ldb)); talloc_free(res); return ret; } -- cgit From 353b968025f126dc1dd0c0f7ac547f7a0cb5a83d Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 23 Nov 2006 22:06:07 +0000 Subject: r19869: fix memleaks (This used to be commit 3a662a2d985bf801284c5dc1123dec6705e6d092) --- source4/dsdb/samdb/ldb_modules/partition.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index 625c846bdc..278b727df7 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -109,8 +109,7 @@ struct ldb_module *find_backend(struct ldb_module *module, struct ldb_request *r /* Figure out which partition it is under */ /* Skip the lot if 'data' isn't here yet (initialistion) */ for (i=0; data && data->partitions && data->partitions[i]; i++) { - if (ldb_dn_compare_base(data->partitions[i]->dn, - dn) == 0) { + if (ldb_dn_compare_base(data->partitions[i]->dn, dn) == 0) { return make_module_for_next_request(req, module->ldb, data->partitions[i]->module); } } @@ -318,8 +317,7 @@ static int partition_search(struct ldb_module *module, struct ldb_request *req) } for (i=0; data && data->partitions && data->partitions[i]; i++) { /* Find all partitions under the search base */ - if (ldb_dn_compare_base(req->op.search.base, - data->partitions[i]->dn) == 0) { + if (ldb_dn_compare_base(req->op.search.base, data->partitions[i]->dn) == 0) { ret = partition_send_request(ac, data->partitions[i]->module, data->partitions[i]->dn); if (ret != LDB_SUCCESS) { return ret; @@ -767,8 +765,7 @@ static int partition_init(struct ldb_module *module) } for (partition_idx = 0; data->partitions[partition_idx]; partition_idx++) { - if (ldb_dn_compare(data->partitions[partition_idx]->dn, - base_dn) == 0) { + if (ldb_dn_compare(data->partitions[partition_idx]->dn, base_dn) == 0) { partition = data->partitions[partition_idx]; break; } -- cgit From ea212eb00fd358e7335648b9cd556227e53df367 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Tue, 5 Dec 2006 04:25:27 +0000 Subject: r20034: Start using ldb_search_exp_fmt() (This used to be commit 4f07542143ddf5066f0360d965f26a8470504047) --- source4/dsdb/samdb/ldb_modules/samldb.c | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index c62c7dcf71..26560c361e 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -297,14 +297,11 @@ int samldb_notice_sid(struct ldb_module *module, struct ldb_result *dom_res; struct ldb_result *res; uint32_t old_rid; - char *filter; /* find if this SID already exists */ - - filter = talloc_asprintf(mem_ctx, "(objectSid=%s)", - ldap_encode_ndr_dom_sid(mem_ctx, sid)); - - ret = ldb_search(module->ldb, NULL, LDB_SCOPE_SUBTREE, filter, attrs, &res); + ret = ldb_search_exp_fmt(module->ldb, mem_ctx, &res, + NULL, LDB_SCOPE_SUBTREE, attrs, + "(objectSid=%s)", ldap_encode_ndr_dom_sid(mem_ctx, sid)); if (ret == LDB_SUCCESS) { if (res->count > 0) { talloc_free(res); @@ -332,13 +329,11 @@ int samldb_notice_sid(struct ldb_module *module, dom_sid->num_auths--; /* find the domain DN */ - - filter = talloc_asprintf(mem_ctx, "(&(objectSid=%s)(objectclass=domain))", + ret = ldb_search_exp_fmt(module->ldb, mem_ctx, &dom_res, + NULL, LDB_SCOPE_SUBTREE, attrs, + "(&(objectSid=%s)(objectclass=domain))", ldap_encode_ndr_dom_sid(mem_ctx, dom_sid)); - - ret = ldb_search(module->ldb, NULL, LDB_SCOPE_SUBTREE, filter, attrs, &dom_res); if (ret == LDB_SUCCESS) { - talloc_steal(mem_ctx, dom_res); if (dom_res->count == 0) { talloc_free(dom_res); /* This isn't an operation on a domain we know about, so nothing to update */ -- cgit From c69717755abeaf8bf93e76255d0912e3a24b7cb0 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 15 Dec 2006 13:08:57 +0000 Subject: r20184: change ldb_attrib_handler into ldb_schema_attribute, which has a pointer to a ldb_schema_syntax struct. the default attribute handler is now registered dynamicly as "*" attribute, instead of having its own code path. ldb_schema_attribute's can be added to the ldb_schema given a ldb_schema_syntax struct or the syntax name we may also need to introduce a ldb_schema_matching_rule, and add a pointer to a default ldb_schema_matching_rule in the ldb_schema_syntax. metze (This used to be commit b97b8f5dcbce006f005e53ca79df3330e62f117b) --- source4/dsdb/samdb/ldb_modules/entryUUID.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/entryUUID.c b/source4/dsdb/samdb/ldb_modules/entryUUID.c index 42aa53ca64..9bd4c499fe 100644 --- a/source4/dsdb/samdb/ldb_modules/entryUUID.c +++ b/source4/dsdb/samdb/ldb_modules/entryUUID.c @@ -96,9 +96,9 @@ static struct ldb_val val_copy(struct ldb_module *module, TALLOC_CTX *ctx, const static struct ldb_val sid_always_binary(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) { struct ldb_val out = data_blob(NULL, 0); - const struct ldb_attrib_handler *handler = ldb_attrib_handler(module->ldb, "objectSid"); - - if (handler->canonicalise_fn(module->ldb, ctx, val, &out) != LDB_SUCCESS) { + const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(module->ldb, "objectSid"); + + if (a->syntax->canonicalise_fn(module->ldb, ctx, val, &out) != LDB_SUCCESS) { return data_blob(NULL, 0); } -- cgit From 400a56d6dd2f02569a626f4507ec06fa49cf0839 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 22 Dec 2006 07:04:06 +0000 Subject: r20315: Implement the server side of DsGetDomainControllerInfo. This is a supprisingly complex call... It turns out that the in/out parameter 'level' is not in/out, but set seperatly by the server-side code from r->req.req1.level. This commit also breaks out some common code from samldb into samdb. Andrew Bartlett (This used to be commit 2eb9e6445c64840399171f4f56b1e43786dbcfa7) --- source4/dsdb/samdb/ldb_modules/samldb.c | 37 +-------------------------------- 1 file changed, 1 insertion(+), 36 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 26560c361e..1c1ff0ea6e 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -184,41 +184,6 @@ static int samldb_allocate_next_rid(struct ldb_module *module, TALLOC_CTX *mem_c return ret; } -/* Find a domain object in the parents of a particular DN. */ -static struct ldb_dn *samldb_search_domain(struct ldb_module *module, TALLOC_CTX *mem_ctx, struct ldb_dn *dn) -{ - TALLOC_CTX *local_ctx; - struct ldb_dn *sdn; - struct ldb_result *res = NULL; - int ret = 0; - const char *attrs[] = { NULL }; - - local_ctx = talloc_new(mem_ctx); - if (local_ctx == NULL) return NULL; - - sdn = ldb_dn_copy(local_ctx, dn); - do { - ret = ldb_search(module->ldb, sdn, LDB_SCOPE_BASE, - "(|(objectClass=domain)(objectClass=builtinDomain))", attrs, &res); - if (ret == LDB_SUCCESS) { - talloc_steal(local_ctx, res); - if (res->count == 1) { - break; - } - } - } while ((sdn = ldb_dn_get_parent(local_ctx, sdn))); - - if (ret != LDB_SUCCESS || res->count != 1) { - talloc_free(local_ctx); - return NULL; - } - - talloc_steal(mem_ctx, sdn); - talloc_free(local_ctx); - - return sdn; -} - /* search the domain related to the provided dn allocate a new RID for the domain return the new sid string @@ -235,7 +200,7 @@ static int samldb_get_new_sid(struct ldb_module *module, /* get the domain component part of the provided dn */ - dom_dn = samldb_search_domain(module, mem_ctx, obj_dn); + dom_dn = samdb_search_for_parent_domain(module->ldb, mem_ctx, obj_dn); if (dom_dn == NULL) { ldb_asprintf_errstring(module->ldb, "Invalid dn (%s) not child of a domain object!\n", -- cgit From bea88a10285f814415ede4ee1ff1c34a4fd4e000 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 2 Jan 2007 01:07:44 +0000 Subject: r20455: Apply some of the patches from Martin Kuehl to better handle the Samba3 backend. I've refactored the password format patch to use the routines in lib/samba3/smbpasswd.c, which has required me to move this into a seperate subsystem, due to recursive dependencies. Andrew Bartlett (This used to be commit 14e2c877a82d1fcf060455f9b46de5767b71438d) --- source4/dsdb/samdb/ldb_modules/config.mk | 2 +- source4/dsdb/samdb/ldb_modules/samba3sam.c | 180 ++++++++++++++++++----------- 2 files changed, 116 insertions(+), 66 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index bf286b4828..abf83f840f 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -28,7 +28,7 @@ OBJ_FILES = \ [MODULE::ldb_samba3sam] SUBSYSTEM = ldb INIT_FUNCTION = ldb_samba3sam_module_init -PRIVATE_DEPENDENCIES = LIBTALLOC ldb_map +PRIVATE_DEPENDENCIES = LIBTALLOC ldb_map SMBPASSWD OBJ_FILES = \ samba3sam.o # diff --git a/source4/dsdb/samdb/ldb_modules/samba3sam.c b/source4/dsdb/samdb/ldb_modules/samba3sam.c index be60dd7b4c..1653812b88 100644 --- a/source4/dsdb/samdb/ldb_modules/samba3sam.c +++ b/source4/dsdb/samdb/ldb_modules/samba3sam.c @@ -1,7 +1,8 @@ -/* +/* ldb database library - Samba3 SAM compatibility backend Copyright (C) Jelmer Vernooij 2005 + Copyright (C) Martin Kuehl 2006 */ #include "includes.h" @@ -12,32 +13,34 @@ #include "system/passwd.h" #include "librpc/gen_ndr/ndr_security.h" +#include "librpc/gen_ndr/ndr_samr.h" #include "librpc/ndr/libndr.h" #include "libcli/security/security.h" #include "libcli/security/proto.h" +#include "lib/samba3/samba3.h" -/* +/* * sambaSID -> member (dn!) - * sambaSIDList -> member (dn!) - * sambaDomainName -> name - * sambaTrustPassword - * sambaUnixIdPool - * sambaIdmapEntry - * sambaAccountPolicy - * sambaSidEntry + * sambaSIDList -> member (dn!) + * sambaDomainName -> name + * sambaTrustPassword + * sambaUnixIdPool + * sambaIdmapEntry + * sambaAccountPolicy + * sambaSidEntry * sambaAcctFlags -> systemFlags ? * sambaPasswordHistory -> ntPwdHistory*/ /* Not necessary: * sambaConfig * sambaShare - * sambaConfigOption + * sambaConfigOption * sambaNextGroupRid * sambaNextUserRid * sambaAlgorithmicRidBase */ -/* Not in Samba4: +/* Not in Samba4: * sambaKickoffTime * sambaPwdCanChange * sambaPwdMustChange @@ -86,7 +89,7 @@ static void generate_sambaPrimaryGroupSID(struct ldb_module *module, const char /* We need the domain, so we get it from the objectSid that we hope is here... */ sidval = ldb_msg_find_ldb_val(local, "objectSid"); - if (!sidval) + if (!sidval) return; /* Sorry, no SID today.. */ sid = talloc(remote_mp, struct dom_sid); @@ -110,9 +113,13 @@ static void generate_sambaPrimaryGroupSID(struct ldb_module *module, const char talloc_free(sidstring); } +/* Just copy the old value. */ static struct ldb_val convert_uid_samaccount(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) { - return ldb_val_dup(ctx, val); + struct ldb_val out = data_blob(NULL, 0); + ldb_handler_copy(module->ldb, ctx, val, &out); + + return out; } static struct ldb_val lookup_homedir(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) @@ -167,49 +174,88 @@ static struct ldb_val lookup_uid(struct ldb_module *module, TALLOC_CTX *ctx, con return retval; } +/* Encode a sambaSID to an objectSid. */ static struct ldb_val encode_sid(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) { - struct dom_sid *sid = dom_sid_parse_talloc(ctx, (char *)val->data); - struct ldb_val *out = talloc_zero(ctx, struct ldb_val); + struct ldb_val out = data_blob(NULL, 0); + struct dom_sid *sid; NTSTATUS status; + sid = dom_sid_parse_talloc(ctx, (char *)val->data); if (sid == NULL) { - return *out; + return out; } - status = ndr_push_struct_blob(out, ctx, sid, + + status = ndr_push_struct_blob(&out, ctx, sid, (ndr_push_flags_fn_t)ndr_push_dom_sid); talloc_free(sid); if (!NT_STATUS_IS_OK(status)) { - return *out; + return out; } - return *out; + return out; } +/* Decode an objectSid to a sambaSID. */ static struct ldb_val decode_sid(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) { + struct ldb_val out = data_blob(NULL, 0); struct dom_sid *sid; NTSTATUS status; - struct ldb_val *out = talloc_zero(ctx, struct ldb_val); - + sid = talloc(ctx, struct dom_sid); if (sid == NULL) { - return *out; + return out; } - status = ndr_pull_struct_blob(val, sid, sid, + + status = ndr_pull_struct_blob(val, sid, sid, (ndr_pull_flags_fn_t)ndr_pull_dom_sid); if (!NT_STATUS_IS_OK(status)) { - talloc_free(sid); - return *out; + goto done; } - out->data = (uint8_t *)dom_sid_string(ctx, sid); + + out.data = (uint8_t *)dom_sid_string(ctx, sid); + if (out.data == NULL) { + goto done; + } + out.length = strlen((const char *)out.data); + +done: talloc_free(sid); - if (out->data == NULL) { - return *out; + return out; +} + +/* Convert 16 bytes to 32 hex digits. */ +static struct ldb_val bin2hex(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) +{ + struct ldb_val out; + struct samr_Password pwd; + if (val->length != sizeof(pwd.hash)) { + return data_blob(NULL, 0); + } + memcpy(pwd.hash, val->data, sizeof(pwd.hash)); + out = data_blob_string_const(smbpasswd_sethexpwd(ctx, &pwd, 0)); + if (!out.data) { + return data_blob(NULL, 0); } - out->length = strlen((const char *)out->data); + return out; +} - return *out; +/* Convert 32 hex digits to 16 bytes. */ +static struct ldb_val hex2bin(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) +{ + struct ldb_val out; + struct samr_Password *pwd; + pwd = smbpasswd_gethexpwd(ctx, talloc_strndup(ctx, (const char *)val->data, val->length)); + if (!pwd) { + return data_blob(NULL, 0); + } + out.data = talloc_memdup(ctx, pwd->hash, sizeof(pwd->hash)); + if (!out.data) { + return data_blob(NULL, 0); + } + out.length = sizeof(pwd->hash); + return out; } const struct ldb_map_objectclass samba3_objectclasses[] = { @@ -227,15 +273,15 @@ const struct ldb_map_objectclass samba3_objectclasses[] = { .musts = { "cn", "gidNumber", NULL }, .mays = { "userPassword", "memberUid", "description", NULL }, }, - { - .local_name = "group", + { + .local_name = "group", .remote_name = "sambaGroupMapping", .base_classes = { "top", "posixGroup", NULL }, .musts = { "gidNumber", "sambaSID", "sambaGroupType", NULL }, .mays = { "displayName", "description", "sambaSIDList", NULL }, }, - { - .local_name = "user", + { + .local_name = "user", .remote_name = "sambaSAMAccount", .base_classes = { "top", "posixAccount", NULL }, .musts = { "uid", "sambaSID", NULL }, @@ -246,11 +292,11 @@ const struct ldb_map_objectclass samba3_objectclasses[] = { "sambaLogonScript", "sambaProfilePath", "description", "sambaUserWorkstations", "sambaPrimaryGroupSID", "sambaDomainName", "sambaMungedDial", "sambaBadPasswordCount", "sambaBadPasswordTime", - "sambaPasswordHistory", "sambaLogonHours", NULL } - + "sambaPasswordHistory", "sambaLogonHours", NULL } + }, - { - .local_name = "domain", + { + .local_name = "domain", .remote_name = "sambaDomain", .base_classes = { "top", NULL }, .musts = { "sambaDomainName", "sambaSID", NULL }, @@ -259,7 +305,7 @@ const struct ldb_map_objectclass samba3_objectclasses[] = { { NULL, NULL } }; -const struct ldb_map_attribute samba3_attributes[] = +const struct ldb_map_attribute samba3_attributes[] = { /* sambaNextRid -> nextRid */ { @@ -285,11 +331,13 @@ const struct ldb_map_attribute samba3_attributes[] = /* sambaLMPassword -> lmPwdHash*/ { - .local_name = "lmPwdHash", - .type = MAP_RENAME, + .local_name = "lmpwdhash", + .type = MAP_CONVERT, .u = { - .rename = { + .convert = { .remote_name = "sambaLMPassword", + .convert_local = bin2hex, + .convert_remote = hex2bin, }, }, }, @@ -307,11 +355,13 @@ const struct ldb_map_attribute samba3_attributes[] = /* sambaNTPassword -> ntPwdHash*/ { - .local_name = "ntPwdHash", - .type = MAP_RENAME, + .local_name = "ntpwdhash", + .type = MAP_CONVERT, .u = { - .rename = { + .convert = { .remote_name = "sambaNTPassword", + .convert_local = bin2hex, + .convert_remote = hex2bin, }, }, }, @@ -324,7 +374,7 @@ const struct ldb_map_attribute samba3_attributes[] = .generate = { .remote_names = { "sambaPrimaryGroupSID", NULL }, .generate_local = generate_primaryGroupID, - .generate_remote = generate_sambaPrimaryGroupSID, + .generate_remote = generate_sambaPrimaryGroupSID, }, }, }, @@ -421,7 +471,7 @@ const struct ldb_map_attribute samba3_attributes[] = }, /* codePage */ - { + { .local_name = "codePage", .type = MAP_IGNORE, }, @@ -452,13 +502,13 @@ const struct ldb_map_attribute samba3_attributes[] = }, /* nTMixedDomain */ - { + { .local_name = "nTMixedDomain", .type = MAP_IGNORE, }, /* operatingSystem */ - { + { .local_name = "operatingSystem", .type = MAP_IGNORE, }, @@ -518,7 +568,7 @@ const struct ldb_map_attribute samba3_attributes[] = .type = MAP_CONVERT, .u = { .convert = { - .remote_name = "sambaSID", + .remote_name = "sambaSID", .convert_local = decode_sid, .convert_remote = encode_sid, }, @@ -534,11 +584,11 @@ const struct ldb_map_attribute samba3_attributes[] = .remote_name = "sambaPwdLastSet", }, }, - }, + }, /* accountExpires */ { - .local_name = "accountExpires", + .local_name = "accountExpires", .type = MAP_IGNORE, }, @@ -559,55 +609,55 @@ const struct ldb_map_attribute samba3_attributes[] = .local_name = "createTimestamp", .type = MAP_IGNORE, }, - + /* creationTime */ { .local_name = "creationTime", .type = MAP_IGNORE, }, - + /* dMDLocation */ { .local_name = "dMDLocation", .type = MAP_IGNORE, }, - + /* fSMORoleOwner */ { .local_name = "fSMORoleOwner", .type = MAP_IGNORE, }, - + /* forceLogoff */ { .local_name = "forceLogoff", .type = MAP_IGNORE, }, - + /* instanceType */ { .local_name = "instanceType", .type = MAP_IGNORE, }, - + /* invocationId */ { .local_name = "invocationId", .type = MAP_IGNORE, }, - + /* isCriticalSystemObject */ { .local_name = "isCriticalSystemObject", .type = MAP_IGNORE, }, - + /* localPolicyFlags */ { .local_name = "localPolicyFlags", .type = MAP_IGNORE, }, - + /* lockOutObservationWindow */ { .local_name = "lockOutObservationWindow", @@ -868,13 +918,13 @@ const struct ldb_map_attribute samba3_attributes[] = /* the context init function */ static int samba3sam_init(struct ldb_module *module) { - int ret; + int ret; ret = ldb_map_init(module, samba3_attributes, samba3_objectclasses, NULL, "samba3sam"); - if (ret != LDB_SUCCESS) - return ret; + if (ret != LDB_SUCCESS) + return ret; - return ldb_next_init(module); + return ldb_next_init(module); } static struct ldb_module_ops samba3sam_ops = { -- cgit From adcc7299b698b9942cd1fe1cbf9080d0bd952dbf Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 2 Jan 2007 03:40:29 +0000 Subject: r20460: Simplfy the handling of password hashes in the samba3sam module. Andrew Bartlett (This used to be commit 2959b4ba8bb5764ea654ae7b152284a4e02405ab) --- source4/dsdb/samdb/ldb_modules/samba3sam.c | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samba3sam.c b/source4/dsdb/samdb/ldb_modules/samba3sam.c index 1653812b88..c66dbee360 100644 --- a/source4/dsdb/samdb/ldb_modules/samba3sam.c +++ b/source4/dsdb/samdb/ldb_modules/samba3sam.c @@ -246,15 +246,11 @@ static struct ldb_val hex2bin(struct ldb_module *module, TALLOC_CTX *ctx, const { struct ldb_val out; struct samr_Password *pwd; - pwd = smbpasswd_gethexpwd(ctx, talloc_strndup(ctx, (const char *)val->data, val->length)); + pwd = smbpasswd_gethexpwd(ctx, (const char *)val->data); if (!pwd) { return data_blob(NULL, 0); } - out.data = talloc_memdup(ctx, pwd->hash, sizeof(pwd->hash)); - if (!out.data) { - return data_blob(NULL, 0); - } - out.length = sizeof(pwd->hash); + out = data_blob_talloc(ctx, pwd->hash, sizeof(pwd->hash)); return out; } @@ -331,7 +327,7 @@ const struct ldb_map_attribute samba3_attributes[] = /* sambaLMPassword -> lmPwdHash*/ { - .local_name = "lmpwdhash", + .local_name = "lmPwdHash", .type = MAP_CONVERT, .u = { .convert = { -- cgit From bf4c652af7824478ca3f029cc653aace3da1022f Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 3 Jan 2007 03:19:02 +0000 Subject: r20492: Add in instructions/sample LDIF to setup Fedora DS as a backend. Add a new module entrypoint to handle the new, interesting and different mappings required for Fedora DS. Andrew Bartlett (This used to be commit 600c7f1a68c175b835ce45d13794a6f66bcc8493) --- source4/dsdb/samdb/ldb_modules/entryUUID.c | 250 ++++++++++++++++++++++++++++- 1 file changed, 249 insertions(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/entryUUID.c b/source4/dsdb/samdb/ldb_modules/entryUUID.c index 9bd4c499fe..7cd79cb730 100644 --- a/source4/dsdb/samdb/ldb_modules/entryUUID.c +++ b/source4/dsdb/samdb/ldb_modules/entryUUID.c @@ -83,6 +83,50 @@ static struct ldb_val guid_always_string(struct ldb_module *module, TALLOC_CTX * return out; } +static struct ldb_val encode_ns_guid(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) +{ + struct GUID guid; + NTSTATUS status = NS_GUID_from_string((char *)val->data, &guid); + struct ldb_val out = data_blob(NULL, 0); + + if (!NT_STATUS_IS_OK(status)) { + return out; + } + status = ndr_push_struct_blob(&out, ctx, &guid, + (ndr_push_flags_fn_t)ndr_push_GUID); + if (!NT_STATUS_IS_OK(status)) { + return out; + } + + return out; +} + +static struct ldb_val guid_ns_string(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) +{ + NTSTATUS status; + struct ldb_val out = data_blob(NULL, 0); + if (val->length >= 32 && val->data[val->length] == '\0') { + struct GUID guid; + GUID_from_string((char *)val->data, &guid); + out = data_blob_string_const(NS_GUID_string(ctx, &guid)); + } else { + struct GUID *guid_p; + guid_p = talloc(ctx, struct GUID); + if (guid_p == NULL) { + return out; + } + status = ndr_pull_struct_blob(val, guid_p, guid_p, + (ndr_pull_flags_fn_t)ndr_pull_GUID); + if (!NT_STATUS_IS_OK(status)) { + talloc_free(guid_p); + return out; + } + out = data_blob_string_const(NS_GUID_string(ctx, guid_p)); + talloc_free(guid_p); + } + return out; +} + /* The backend holds binary sids, so just copy them back */ static struct ldb_val val_copy(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) { @@ -411,6 +455,154 @@ const char * const wildcard_attributes[] = { NULL }; +const struct ldb_map_attribute nsuniqueid_attributes[] = +{ + /* objectGUID */ + { + .local_name = "objectGUID", + .type = MAP_CONVERT, + .u = { + .convert = { + .remote_name = "nsuniqueid", + .convert_local = guid_ns_string, + .convert_remote = encode_ns_guid, + }, + }, + }, + /* objectSid */ + { + .local_name = "objectSid", + .type = MAP_CONVERT, + .u = { + .convert = { + .remote_name = "objectSid", + .convert_local = sid_always_binary, + .convert_remote = val_copy, + }, + }, + }, + { + .local_name = "whenCreated", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "createTimestamp" + } + } + }, + { + .local_name = "whenChanged", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "modifyTimestamp" + } + } + }, + { + .local_name = "sambaPassword", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "userPassword" + } + } + }, + { + .local_name = "allowedChildClassesEffective", + .type = MAP_CONVERT, + .u = { + .convert = { + .remote_name = "allowedChildClassesEffective", + .convert_local = class_to_oid, + .convert_remote = class_from_oid, + }, + }, + }, + { + .local_name = "objectCategory", + .type = MAP_CONVERT, + .u = { + .convert = { + .remote_name = "objectCategory", + .convert_local = objectCategory_always_dn, + .convert_remote = val_copy, + }, + }, + }, + { + .local_name = "distinguishedName", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "entryDN" + } + } + }, + { + .local_name = "groupType", + .type = MAP_CONVERT, + .u = { + .convert = { + .remote_name = "groupType", + .convert_local = normalise_to_signed32, + .convert_remote = val_copy, + }, + } + }, + { + .local_name = "sAMAccountType", + .type = MAP_CONVERT, + .u = { + .convert = { + .remote_name = "sAMAccountType", + .convert_local = normalise_to_signed32, + .convert_remote = val_copy, + }, + } + }, + { + .local_name = "usnChanged", + .type = MAP_CONVERT, + .u = { + .convert = { + .remote_name = "modifyTimestamp", + .convert_local = usn_to_timestamp, + .convert_remote = timestamp_to_usn, + }, + }, + }, + { + .local_name = "usnCreated", + .type = MAP_CONVERT, + .u = { + .convert = { + .remote_name = "createTimestamp", + .convert_local = usn_to_timestamp, + .convert_remote = timestamp_to_usn, + }, + }, + }, + { + .local_name = "*", + .type = MAP_KEEP, + }, + { + .local_name = NULL, + } +}; + +/* These things do not show up in wildcard searches in OpenLDAP, but + * we need them to show up in the AD-like view */ +const char * const nsuniqueid_wildcard_attributes[] = { + "objectGUID", + "whenCreated", + "whenChanged", + "usnCreated", + "usnChanged", + NULL +}; + static struct ldb_dn *find_schema_dn(struct ldb_context *ldb, TALLOC_CTX *mem_ctx) { const char *rootdse_attrs[] = {"schemaNamingContext", NULL}; @@ -582,6 +774,41 @@ static int entryUUID_init(struct ldb_module *module) return ldb_next_init(module); } +/* the context init function */ +static int nsuniqueid_init(struct ldb_module *module) +{ + int ret; + struct map_private *map_private; + struct entryUUID_private *entryUUID_private; + struct ldb_dn *schema_dn; + + ret = ldb_map_init(module, nsuniqueid_attributes, NULL, nsuniqueid_wildcard_attributes, NULL); + if (ret != LDB_SUCCESS) + return ret; + + map_private = talloc_get_type(module->private_data, struct map_private); + + entryUUID_private = talloc_zero(map_private, struct entryUUID_private); + map_private->caller_private = entryUUID_private; + + schema_dn = find_schema_dn(module->ldb, map_private); + if (!schema_dn) { + /* Perhaps no schema yet */ + return LDB_SUCCESS; + } + + ret = fetch_objectclass_schema(module->ldb, schema_dn, entryUUID_private, + &entryUUID_private->objectclass_res); + if (ret != LDB_SUCCESS) { + ldb_asprintf_errstring(module->ldb, "Failed to fetch objectClass schema elements: %s\n", ldb_errstring(module->ldb)); + return ret; + } + + ret = find_base_dns(module, entryUUID_private); + + return ldb_next_init(module); +} + static int get_seq(struct ldb_context *ldb, void *context, struct ldb_reply *ares) { @@ -678,9 +905,16 @@ static struct ldb_module_ops entryUUID_ops = { .sequence_number = entryUUID_sequence_number }; +static struct ldb_module_ops nsuniqueid_ops = { + .name = "nsuniqueid", + .init_context = nsuniqueid_init, + .sequence_number = entryUUID_sequence_number +}; + /* the init function */ int ldb_entryUUID_module_init(void) { + int ret; struct ldb_module_ops ops = ldb_map_get_ops(); entryUUID_ops.add = ops.add; entryUUID_ops.modify = ops.modify; @@ -688,5 +922,19 @@ int ldb_entryUUID_module_init(void) entryUUID_ops.rename = ops.rename; entryUUID_ops.search = ops.search; entryUUID_ops.wait = ops.wait; - return ldb_register_module(&entryUUID_ops); + ret = ldb_register_module(&entryUUID_ops); + + if (ret) { + return ret; + } + + nsuniqueid_ops.add = ops.add; + nsuniqueid_ops.modify = ops.modify; + nsuniqueid_ops.del = ops.del; + nsuniqueid_ops.rename = ops.rename; + nsuniqueid_ops.search = ops.search; + nsuniqueid_ops.wait = ops.wait; + ret = ldb_register_module(&nsuniqueid_ops); + + return ret; } -- cgit From b3c793c58cd539278c853219e609bbe2571498b9 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 4 Jan 2007 12:10:55 +0000 Subject: r20522: make a copy of the objectguid ldb module because: - I'll add handling of replication meta data to it for orginating changes - I'll pass replication meta data via a ldb control for applying replicated changes - It will also update the replUpToDateVector attribute in in root object of the partition - It will handle deleted records by adding the isDeleted=TRUE attribute and move them to the CN=Deleted Objects container of the partition - I make a copy to play with the code without breaking the LDAP backend setup metze (This used to be commit 045ddfe1ec626fab5e8fd75c5b47f0525b7ebb01) --- source4/dsdb/samdb/ldb_modules/config.mk | 13 ++ source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 262 ++++++++++++++++++++++++ 2 files changed, 275 insertions(+) create mode 100644 source4/dsdb/samdb/ldb_modules/repl_meta_data.c (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index abf83f840f..95059c800e 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -11,6 +11,19 @@ PUBLIC_DEPENDENCIES = \ # End MODULE ldb_objectguid ################################################ +################################################ +# Start MODULE ldb_repl_mata_data +[MODULE::ldb_repl_meta_data] +SUBSYSTEM = ldb +PRIVATE_DEPENDENCIES = LIBTALLOC +INIT_FUNCTION = repl_meta_data_module_init +OBJ_FILES = \ + repl_meta_data.o +PUBLIC_DEPENDENCIES = \ + LIBNDR NDR_MISC +# End MODULE ldb_objectguid +################################################ + ################################################ # Start MODULE ldb_samldb [MODULE::ldb_samldb] diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c new file mode 100644 index 0000000000..d9ad9d6e51 --- /dev/null +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -0,0 +1,262 @@ +/* + ldb database library + + Copyright (C) Simo Sorce 2004-2006 + Copyright (C) Andrew Bartlett 2005 + Copyright (C) Andrew Tridgell 2005 + Copyright (C) Stefan Metzmacher 2007 + + ** NOTE! The following LGPL license applies to the ldb + ** library. This does NOT imply that all of Samba is released + ** under the LGPL + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +*/ + +/* + * Name: ldb + * + * Component: ldb repl_meta_data module + * + * Description: - add a unique objectGUID onto every new record, + * - handle whenCreated, whenChanged timestamps + * - handle uSNCreated, uSNChanged numbers + * - handle replPropertyMetaData attribute + * + * Author: Simo Sorce + * Author: Stefan Metzmacher + */ + +#include "includes.h" +#include "ldb/include/includes.h" +#include "librpc/gen_ndr/ndr_misc.h" + +static struct ldb_message_element *replmd_find_attribute(const struct ldb_message *msg, const char *name) +{ + int i; + + for (i = 0; i < msg->num_elements; i++) { + if (ldb_attr_cmp(name, msg->elements[i].name) == 0) { + return &msg->elements[i]; + } + } + + return NULL; +} + +/* + add a time element to a record +*/ +static int add_time_element(struct ldb_message *msg, const char *attr, time_t t) +{ + struct ldb_message_element *el; + char *s; + + if (ldb_msg_find_element(msg, attr) != NULL) { + return 0; + } + + s = ldb_timestring(msg, t); + if (s == NULL) { + return -1; + } + + if (ldb_msg_add_string(msg, attr, s) != 0) { + return -1; + } + + el = ldb_msg_find_element(msg, attr); + /* always set as replace. This works because on add ops, the flag + is ignored */ + el->flags = LDB_FLAG_MOD_REPLACE; + + return 0; +} + +/* + add a uint64_t element to a record +*/ +static int add_uint64_element(struct ldb_message *msg, const char *attr, uint64_t v) +{ + struct ldb_message_element *el; + + if (ldb_msg_find_element(msg, attr) != NULL) { + return 0; + } + + if (ldb_msg_add_fmt(msg, attr, "%llu", (unsigned long long)v) != 0) { + return -1; + } + + el = ldb_msg_find_element(msg, attr); + /* always set as replace. This works because on add ops, the flag + is ignored */ + el->flags = LDB_FLAG_MOD_REPLACE; + + return 0; +} + +/* add_record: add objectGUID attribute */ +static int replmd_add(struct ldb_module *module, struct ldb_request *req) +{ + struct ldb_request *down_req; + struct ldb_message_element *attribute; + struct ldb_message *msg; + struct ldb_val v; + struct GUID guid; + uint64_t seq_num; + NTSTATUS nt_status; + int ret; + time_t t = time(NULL); + + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "replmd_add_record\n"); + + /* do not manipulate our control entries */ + if (ldb_dn_is_special(req->op.add.message->dn)) { + return ldb_next_request(module, req); + } + + if ((attribute = replmd_find_attribute(req->op.add.message, "objectGUID")) != NULL ) { + return ldb_next_request(module, req); + } + + down_req = talloc(req, struct ldb_request); + if (down_req == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + *down_req = *req; + + /* we have to copy the message as the caller might have it as a const */ + down_req->op.add.message = msg = ldb_msg_copy_shallow(down_req, req->op.add.message); + if (msg == NULL) { + talloc_free(down_req); + return LDB_ERR_OPERATIONS_ERROR; + } + + /* a new GUID */ + guid = GUID_random(); + + nt_status = ndr_push_struct_blob(&v, msg, &guid, + (ndr_push_flags_fn_t)ndr_push_GUID); + if (!NT_STATUS_IS_OK(nt_status)) { + talloc_free(down_req); + return LDB_ERR_OPERATIONS_ERROR; + } + + ret = ldb_msg_add_value(msg, "objectGUID", &v, NULL); + if (ret) { + talloc_free(down_req); + return ret; + } + + if (add_time_element(msg, "whenCreated", t) != 0 || + add_time_element(msg, "whenChanged", t) != 0) { + talloc_free(down_req); + return LDB_ERR_OPERATIONS_ERROR; + } + + /* Get a sequence number from the backend */ + ret = ldb_sequence_number(module->ldb, LDB_SEQ_NEXT, &seq_num); + if (ret == LDB_SUCCESS) { + if (add_uint64_element(msg, "uSNCreated", seq_num) != 0 || + add_uint64_element(msg, "uSNChanged", seq_num) != 0) { + talloc_free(down_req); + return LDB_ERR_OPERATIONS_ERROR; + } + } + + ldb_set_timeout_from_prev_req(module->ldb, req, down_req); + + /* go on with the call chain */ + ret = ldb_next_request(module, down_req); + + /* do not free down_req as the call results may be linked to it, + * it will be freed when the upper level request get freed */ + if (ret == LDB_SUCCESS) { + req->handle = down_req->handle; + } + + return ret; +} + +/* modify_record: update timestamps */ +static int replmd_modify(struct ldb_module *module, struct ldb_request *req) +{ + struct ldb_request *down_req; + struct ldb_message *msg; + int ret; + time_t t = time(NULL); + uint64_t seq_num; + + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "replmd_modify\n"); + + /* do not manipulate our control entries */ + if (ldb_dn_is_special(req->op.add.message->dn)) { + return ldb_next_request(module, req); + } + + down_req = talloc(req, struct ldb_request); + if (down_req == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + *down_req = *req; + + /* we have to copy the message as the caller might have it as a const */ + down_req->op.mod.message = msg = ldb_msg_copy_shallow(down_req, req->op.mod.message); + if (msg == NULL) { + talloc_free(down_req); + return LDB_ERR_OPERATIONS_ERROR; + } + + if (add_time_element(msg, "whenChanged", t) != 0) { + talloc_free(down_req); + return LDB_ERR_OPERATIONS_ERROR; + } + + /* Get a sequence number from the backend */ + ret = ldb_sequence_number(module->ldb, LDB_SEQ_NEXT, &seq_num); + if (ret == LDB_SUCCESS) { + if (add_uint64_element(msg, "uSNChanged", seq_num) != 0) { + talloc_free(down_req); + return LDB_ERR_OPERATIONS_ERROR; + } + } + + ldb_set_timeout_from_prev_req(module->ldb, req, down_req); + + /* go on with the call chain */ + ret = ldb_next_request(module, down_req); + + /* do not free down_req as the call results may be linked to it, + * it will be freed when the upper level request get freed */ + if (ret == LDB_SUCCESS) { + req->handle = down_req->handle; + } + + return ret; +} + +static const struct ldb_module_ops replmd_ops = { + .name = "repl_meta_data", + .add = replmd_add, + .modify = replmd_modify, +}; + +int repl_meta_data_module_init(void) +{ + return ldb_register_module(&replmd_ops); +} -- cgit From fcd2f2e8f564a2aa5d6f94a2fd810b0800a335ed Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 4 Jan 2007 20:36:12 +0000 Subject: r20529: very, very ugly... But this is currently needed to make regpatch linking in the dsdb/schema/schema_*.o object files. the problem is that the linker doesn't find any references to public symbols in this files and removes them from the link list. gnu ld has a --whole-archive option, but it seems to be not portable... I think the solution with prelinking using 'ld -r' to create one object file for a subsystem instead of using 'ar -rcs' to create an archive for a subsystem... jelmer: any ideas about this problem? metze (This used to be commit 46df7ff6e5e74eddcb81b5a195e82688d83afaf4) --- source4/dsdb/samdb/ldb_modules/config.mk | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index 95059c800e..f2706c0995 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -15,13 +15,11 @@ PUBLIC_DEPENDENCIES = \ # Start MODULE ldb_repl_mata_data [MODULE::ldb_repl_meta_data] SUBSYSTEM = ldb -PRIVATE_DEPENDENCIES = LIBTALLOC +PRIVATE_DEPENDENCIES = SAMDB LIBTALLOC LIBNDR NDR_MISC NDR_DRSUAPI INIT_FUNCTION = repl_meta_data_module_init OBJ_FILES = \ repl_meta_data.o -PUBLIC_DEPENDENCIES = \ - LIBNDR NDR_MISC -# End MODULE ldb_objectguid +# End MODULE ldb_repl_meta_data ################################################ ################################################ -- cgit From 3137e4f2fe036824984352edf618a8eddde17c51 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sat, 6 Jan 2007 01:13:59 +0000 Subject: r20580: pass the DSDB_CONTROL_REPLICATED_OBJECT_OID with the ldb_add request when applying replicated objects. the samldb module ignores such requests now... and the repl_meta_data module has different functions for the replicated and originating cases... metze (This used to be commit a4d5e0126cfd6135ab829f4984269e265a868a28) --- source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 95 ++++++++++++++++++++----- source4/dsdb/samdb/ldb_modules/samldb.c | 5 ++ 2 files changed, 83 insertions(+), 17 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index d9ad9d6e51..171af52eda 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -40,8 +40,11 @@ */ #include "includes.h" -#include "ldb/include/includes.h" +#include "lib/ldb/include/ldb.h" +#include "lib/ldb/include/ldb_errors.h" +#include "lib/ldb/include/ldb_private.h" #include "librpc/gen_ndr/ndr_misc.h" +#include "dsdb/samdb/samdb.h" static struct ldb_message_element *replmd_find_attribute(const struct ldb_message *msg, const char *name) { @@ -108,8 +111,24 @@ static int add_uint64_element(struct ldb_message *msg, const char *attr, uint64_ return 0; } -/* add_record: add objectGUID attribute */ -static int replmd_add(struct ldb_module *module, struct ldb_request *req) +static int replmd_add_replicated(struct ldb_module *module, struct ldb_request *req, struct ldb_control *ctrl) +{ + struct ldb_control **saved_ctrls; + int ret; + + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "replmd_add_replicated\n"); + + if (!save_controls(ctrl, req, &saved_ctrls)) { + return LDB_ERR_OPERATIONS_ERROR; + } + + ret = ldb_next_request(module, req); + req->controls = saved_ctrls; + + return ret; +} + +static int replmd_add_originating(struct ldb_module *module, struct ldb_request *req) { struct ldb_request *down_req; struct ldb_message_element *attribute; @@ -121,12 +140,7 @@ static int replmd_add(struct ldb_module *module, struct ldb_request *req) int ret; time_t t = time(NULL); - ldb_debug(module->ldb, LDB_DEBUG_TRACE, "replmd_add_record\n"); - - /* do not manipulate our control entries */ - if (ldb_dn_is_special(req->op.add.message->dn)) { - return ldb_next_request(module, req); - } + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "replmd_add_originating\n"); if ((attribute = replmd_find_attribute(req->op.add.message, "objectGUID")) != NULL ) { return ldb_next_request(module, req); @@ -192,8 +206,42 @@ static int replmd_add(struct ldb_module *module, struct ldb_request *req) return ret; } -/* modify_record: update timestamps */ -static int replmd_modify(struct ldb_module *module, struct ldb_request *req) +static int replmd_add(struct ldb_module *module, struct ldb_request *req) +{ + struct ldb_control *ctrl; + + /* do not manipulate our control entries */ + if (ldb_dn_is_special(req->op.add.message->dn)) { + return ldb_next_request(module, req); + } + + ctrl = get_control_from_list(req->controls, DSDB_CONTROL_REPLICATED_OBJECT_OID); + if (ctrl) { + /* handle replicated objects different */ + return replmd_add_replicated(module, req, ctrl); + } + + return replmd_add_originating(module, req); +} + +static int replmd_modify_replicated(struct ldb_module *module, struct ldb_request *req, struct ldb_control *ctrl) +{ + struct ldb_control **saved_ctrls; + int ret; + + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "replmd_modify_replicated\n"); + + if (!save_controls(ctrl, req, &saved_ctrls)) { + return LDB_ERR_OPERATIONS_ERROR; + } + + ret = ldb_next_request(module, req); + req->controls = saved_ctrls; + + return ret; +} + +static int replmd_modify_originating(struct ldb_module *module, struct ldb_request *req) { struct ldb_request *down_req; struct ldb_message *msg; @@ -201,12 +249,7 @@ static int replmd_modify(struct ldb_module *module, struct ldb_request *req) time_t t = time(NULL); uint64_t seq_num; - ldb_debug(module->ldb, LDB_DEBUG_TRACE, "replmd_modify\n"); - - /* do not manipulate our control entries */ - if (ldb_dn_is_special(req->op.add.message->dn)) { - return ldb_next_request(module, req); - } + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "replmd_modify_originating\n"); down_req = talloc(req, struct ldb_request); if (down_req == NULL) { @@ -250,6 +293,24 @@ static int replmd_modify(struct ldb_module *module, struct ldb_request *req) return ret; } +static int replmd_modify(struct ldb_module *module, struct ldb_request *req) +{ + struct ldb_control *ctrl; + + /* do not manipulate our control entries */ + if (ldb_dn_is_special(req->op.mod.message->dn)) { + return ldb_next_request(module, req); + } + + ctrl = get_control_from_list(req->controls, DSDB_CONTROL_REPLICATED_OBJECT_OID); + if (ctrl) { + /* handle replicated objects different */ + return replmd_modify_replicated(module, req, ctrl); + } + + return replmd_modify_originating(module, req); +} + static const struct ldb_module_ops replmd_ops = { .name = "repl_meta_data", .add = replmd_add, diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 1c1ff0ea6e..07d77ee3fc 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -680,6 +680,11 @@ static int samldb_add(struct ldb_module *module, struct ldb_request *req) return ldb_next_request(module, req); } + if (get_control_from_list(req->controls, DSDB_CONTROL_REPLICATED_OBJECT_OID)) { + /* if it's a replicated object we have nothing to do */ + return ldb_next_request(module, req); + } + /* is user or computer? */ if ((samdb_find_attribute(module->ldb, msg, "objectclass", "user") != NULL) || (samdb_find_attribute(module->ldb, msg, "objectclass", "computer") != NULL)) { -- cgit From ac0c34a9a4aba69bc51094645e585ebc415f3170 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sat, 6 Jan 2007 10:15:02 +0000 Subject: r20587: prepare the DSDB_EXTENDED_REPLICATED_OBJECTS_OID handling metze (This used to be commit ef3b325db060d43a7c2e058f6b8914b5867cd321) --- source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index 171af52eda..803142bbb7 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -311,10 +311,26 @@ static int replmd_modify(struct ldb_module *module, struct ldb_request *req) return replmd_modify_originating(module, req); } +static int replmd_extended_replicated_objects(struct ldb_module *module, struct ldb_request *req) +{ + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "replmd_extended_replicated_objects\n"); + return LDB_ERR_OPERATIONS_ERROR; +} + +static int replmd_extended(struct ldb_module *module, struct ldb_request *req) +{ + if (strcmp(req->op.extended.oid, DSDB_EXTENDED_REPLICATED_OBJECTS_OID) == 0) { + return replmd_extended_replicated_objects(module, req); + } + + return ldb_next_request(module, req); +} + static const struct ldb_module_ops replmd_ops = { .name = "repl_meta_data", .add = replmd_add, .modify = replmd_modify, + .extended = replmd_extended, }; int repl_meta_data_module_init(void) -- cgit From a04a3b8bc21101e6a11bad04c3d5c9655fa606b4 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sun, 7 Jan 2007 19:11:27 +0000 Subject: r20599: - forward extended operations in the partitions module - by default the operations goes to all partitions - but some wellkown ones will go to just one partition (DSDB_EXTENDED_REPLICATED_OBJECTS_OID for now) I'll soon change the partitions module so that it'll attach a DSDB_CONTROL_PARTITION_CONTEXT_OID control to give the repl_meta_data or other partition specific modules a chance to to know for which partition it should work. metze (This used to be commit 0ed53c6d0f4a4e43ff9c8943730eeb57c735201b) --- source4/dsdb/samdb/ldb_modules/partition.c | 47 ++++++++++++++++++++++++++++-- 1 file changed, 45 insertions(+), 2 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index 278b727df7..3face5f051 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -2,6 +2,7 @@ Partitions ldb module Copyright (C) Andrew Bartlett 2006 + Copyright (C) Stefan Metzmacher 2007 * NOTICE: this module is NOT released under the GNU LGPL license as * other ldb code. This module is release under the GNU GPL v2 or @@ -30,10 +31,12 @@ * Description: Implement LDAP partitions * * Author: Andrew Bartlett + * Author: Stefan Metzmacher */ #include "includes.h" #include "ldb/include/includes.h" +#include "dsdb/samdb/samdb.h" struct partition { struct ldb_module *module; @@ -84,7 +87,7 @@ static struct ldb_handle *partition_init_handle(struct ldb_request *req, struct struct ldb_module *make_module_for_next_request(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, - struct ldb_module *module) + struct ldb_module *module) { struct ldb_module *current; static const struct ldb_module_ops ops; /* zero */ @@ -568,6 +571,45 @@ static int partition_sequence_number(struct ldb_module *module, struct ldb_reque return LDB_SUCCESS; } +static int partition_extended_replicated_objects(struct ldb_module *module, struct ldb_request *req) +{ + struct dsdb_extended_replicated_objects *ext; + + ext = talloc_get_type(req->op.extended.data, struct dsdb_extended_replicated_objects); + if (!ext) { + return LDB_ERR_OTHER; + } + + return partition_replicate(module, req, ext->partition_dn); +} + +/* extended */ +static int partition_extended(struct ldb_module *module, struct ldb_request *req) +{ + struct ldb_handle *h; + struct partition_context *ac; + + if (strcmp(req->op.extended.oid, DSDB_EXTENDED_REPLICATED_OBJECTS_OID) == 0) { + return partition_extended_replicated_objects(module, req); + } + + /* + * as the extended operation has no dn + * we need to send it to all partitions + */ + + h = partition_init_handle(req, module); + if (!h) { + return LDB_ERR_OPERATIONS_ERROR; + } + /* return our own handle to deal with this call */ + req->handle = h; + + ac = talloc_get_type(h->private_data, struct partition_context); + + return partition_send_all(module, ac, req); +} + static int sort_compare(void *void1, void *void2, void *opaque) { @@ -878,10 +920,11 @@ static const struct ldb_module_ops partition_ops = { .modify = partition_modify, .del = partition_delete, .rename = partition_rename, + .extended = partition_extended, + .sequence_number = partition_sequence_number, .start_transaction = partition_start_trans, .end_transaction = partition_end_trans, .del_transaction = partition_del_trans, - .sequence_number = partition_sequence_number, .wait = partition_wait }; -- cgit From 08439c72c494565669bdd260050d061a005e89fe Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 9 Jan 2007 03:45:50 +0000 Subject: r20622: Add in a hack to avoid permitting searches on the value of protected attributes. Andrew Bartlett (This used to be commit 5aa2195ec26d9ddf82e51f2b242cdf7c8ab52f52) --- source4/dsdb/samdb/ldb_modules/kludge_acl.c | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index 176cfbf3a5..7b2150bec8 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -147,7 +147,8 @@ static int kludge_acl_search(struct ldb_module *module, struct ldb_request *req) { struct kludge_acl_context *ac; struct ldb_request *down_req; - int ret; + struct kludge_private_data *data; + int ret, i; req->handle = NULL; @@ -156,6 +157,8 @@ static int kludge_acl_search(struct ldb_module *module, struct ldb_request *req) return LDB_ERR_OPERATIONS_ERROR; } + data = talloc_get_type(module->private_data, struct kludge_private_data); + ac->module = module; ac->up_context = req->context; ac->up_callback = req->callback; @@ -172,6 +175,25 @@ static int kludge_acl_search(struct ldb_module *module, struct ldb_request *req) down_req->op.search.tree = req->op.search.tree; down_req->op.search.attrs = req->op.search.attrs; + + /* FIXME: I hink we should copy the tree and keep the original + * unmodified. SSS */ + /* replace any attributes in the parse tree that are private, + so we don't allow a search for 'sambaPassword=penguin', + just as we would not allow that attribute to be returned */ + switch (ac->user_type) { + case SYSTEM: + case ADMINISTRATOR: + break; + default: + /* remove password attributes */ + for (i = 0; data && data->password_attrs && data->password_attrs[i]; i++) { + ldb_parse_tree_attr_replace(down_req->op.search.tree, + data->password_attrs[i], + "kludgeACLredactedattribute"); + } + } + down_req->controls = req->controls; down_req->context = ac; -- cgit From ee3c15860248259777028b7f16526b93adc410f3 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 11 Jan 2007 09:38:21 +0000 Subject: r20679: make the init_handle stuff a bit easier and get rid of really ugly talloc_get_type() usage simo: if you change more modules, please include also this change metze (This used to be commit 88051a82c4918ba8183e0d6909161b2af2109446) --- source4/dsdb/samdb/ldb_modules/partition.c | 41 +++++++++++------------------- 1 file changed, 15 insertions(+), 26 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index 3face5f051..31150b5f7b 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -50,6 +50,7 @@ struct partition_private_data { struct partition_context { struct ldb_module *module; + struct ldb_handle *handle; struct ldb_request *orig_req; struct ldb_request **down_req; @@ -57,7 +58,7 @@ struct partition_context { int finished_requests; }; -static struct ldb_handle *partition_init_handle(struct ldb_request *req, struct ldb_module *module) +static struct partition_context *partition_init_handle(struct ldb_request *req, struct ldb_module *module) { struct partition_context *ac; struct ldb_handle *h; @@ -77,12 +78,15 @@ static struct ldb_handle *partition_init_handle(struct ldb_request *req, struct return NULL; } - h->private_data = (void *)ac; + h->private_data = ac; ac->module = module; + ac->handle = h; ac->orig_req = req; - return h; + req->handle = h; + + return ac; } struct ldb_module *make_module_for_next_request(TALLOC_CTX *mem_ctx, @@ -264,17 +268,12 @@ static int partition_replicate(struct ldb_module *module, struct ldb_request *re for (i=0; data->replicate && data->replicate[i]; i++) { if (ldb_dn_compare(data->replicate[i], dn) == 0) { - struct ldb_handle *h; struct partition_context *ac; - h = partition_init_handle(req, module); - if (!h) { + ac = partition_init_handle(req, module); + if (!ac) { return LDB_ERR_OPERATIONS_ERROR; } - /* return our own handle to deal with this call */ - req->handle = h; - - ac = talloc_get_type(h->private_data, struct partition_context); return partition_send_all(module, ac, req); } @@ -302,18 +301,13 @@ static int partition_search(struct ldb_module *module, struct ldb_request *req) * partitions (for 'invisible' partition behaviour */ if (ldb_get_opaque(module->ldb, "global_catalog")) { int ret, i; - struct ldb_handle *h; struct partition_context *ac; - h = partition_init_handle(req, module); - if (!h) { + ac = partition_init_handle(req, module); + if (!ac) { return LDB_ERR_OPERATIONS_ERROR; } - /* return our own handle to deal with this call */ - req->handle = h; - - ac = talloc_get_type(h->private_data, struct partition_context); - + /* Search from the base DN */ if (!req->op.search.base || ldb_dn_is_null(req->op.search.base)) { return partition_send_all(module, ac, req); @@ -330,7 +324,7 @@ static int partition_search(struct ldb_module *module, struct ldb_request *req) /* Perhaps we didn't match any partitions. Try the main partition, only */ if (ac->num_requests == 0) { - talloc_free(h); + talloc_free(ac); return ldb_next_request(module, req); } @@ -586,7 +580,6 @@ static int partition_extended_replicated_objects(struct ldb_module *module, stru /* extended */ static int partition_extended(struct ldb_module *module, struct ldb_request *req) { - struct ldb_handle *h; struct partition_context *ac; if (strcmp(req->op.extended.oid, DSDB_EXTENDED_REPLICATED_OBJECTS_OID) == 0) { @@ -598,14 +591,10 @@ static int partition_extended(struct ldb_module *module, struct ldb_request *req * we need to send it to all partitions */ - h = partition_init_handle(req, module); - if (!h) { + ac = partition_init_handle(req, module); + if (!ac) { return LDB_ERR_OPERATIONS_ERROR; } - /* return our own handle to deal with this call */ - req->handle = h; - - ac = talloc_get_type(h->private_data, struct partition_context); return partition_send_all(module, ac, req); } -- cgit From f68dff9f81afc8b107ad41d5b446f33ecdc2fcb1 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 11 Jan 2007 09:54:10 +0000 Subject: r20681: implement the DSDB_EXTENDED_REPLICATED_OBJECTS operation. the merging of existing objects is not implemented yet... there are a few ifdef REPLMD_FULL_ASYNC because we need to workarouns ldb's async infrastructure (which don't handle full async sub requests nicely) metze (This used to be commit da4ff0e7ccde47b3e092313ba22422350cf50f78) --- source4/dsdb/samdb/ldb_modules/config.mk | 2 +- source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 375 +++++++++++++++++++++++- 2 files changed, 374 insertions(+), 3 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index f2706c0995..663f2cfb63 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -15,7 +15,7 @@ PUBLIC_DEPENDENCIES = \ # Start MODULE ldb_repl_mata_data [MODULE::ldb_repl_meta_data] SUBSYSTEM = ldb -PRIVATE_DEPENDENCIES = SAMDB LIBTALLOC LIBNDR NDR_MISC NDR_DRSUAPI +PRIVATE_DEPENDENCIES = SAMDB LIBTALLOC LIBNDR NDR_MISC NDR_DRSUAPI NDR_DRSBLOBS INIT_FUNCTION = repl_meta_data_module_init OBJ_FILES = \ repl_meta_data.o diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index 803142bbb7..487a6146af 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -43,8 +43,64 @@ #include "lib/ldb/include/ldb.h" #include "lib/ldb/include/ldb_errors.h" #include "lib/ldb/include/ldb_private.h" -#include "librpc/gen_ndr/ndr_misc.h" #include "dsdb/samdb/samdb.h" +#include "librpc/gen_ndr/ndr_misc.h" +#include "librpc/gen_ndr/ndr_drsblobs.h" + +struct replmd_replicated_request { + struct ldb_module *module; + struct ldb_handle *handle; + struct ldb_request *orig_req; + + struct dsdb_extended_replicated_objects *objs; + + uint32_t index_current; + + struct { + TALLOC_CTX *mem_ctx; + struct ldb_request *search_req; + struct ldb_message *search_msg; + int search_ret; + struct ldb_request *change_req; + int change_ret; + } sub; +}; + +static struct replmd_replicated_request *replmd_replicated_init_handle(struct ldb_module *module, + struct ldb_request *req, + struct dsdb_extended_replicated_objects *objs) +{ + struct replmd_replicated_request *ar; + struct ldb_handle *h; + + h = talloc_zero(req, struct ldb_handle); + if (h == NULL) { + ldb_set_errstring(module->ldb, "Out of Memory"); + return NULL; + } + + h->module = module; + h->state = LDB_ASYNC_PENDING; + h->status = LDB_SUCCESS; + + ar = talloc_zero(h, struct replmd_replicated_request); + if (ar == NULL) { + ldb_set_errstring(module->ldb, "Out of Memory"); + talloc_free(h); + return NULL; + } + + h->private_data = ar; + + ar->module = module; + ar->handle = h; + ar->orig_req = req; + ar->objs = objs; + + req->handle = h; + + return ar; +} static struct ldb_message_element *replmd_find_attribute(const struct ldb_message *msg, const char *name) { @@ -311,10 +367,281 @@ static int replmd_modify(struct ldb_module *module, struct ldb_request *req) return replmd_modify_originating(module, req); } +static int replmd_replicated_request_reply_helper(struct replmd_replicated_request *ar, int ret) +{ + struct ldb_reply *ares = NULL; + + ar->handle->status = ret; + ar->handle->state = LDB_ASYNC_DONE; + + if (!ar->orig_req->callback) { + return LDB_SUCCESS; + } + + /* we're done and need to report the success to the caller */ + ares = talloc_zero(ar, struct ldb_reply); + if (!ares) { + ar->handle->status = LDB_ERR_OPERATIONS_ERROR; + ar->handle->state = LDB_ASYNC_DONE; + return LDB_ERR_OPERATIONS_ERROR; + } + + ares->type = LDB_REPLY_EXTENDED; + ares->response = NULL; + + return ar->orig_req->callback(ar->module->ldb, ar->orig_req->context, ares); +} + +static int replmd_replicated_request_done(struct replmd_replicated_request *ar) +{ + return replmd_replicated_request_reply_helper(ar, LDB_SUCCESS); +} + +static int replmd_replicated_request_error(struct replmd_replicated_request *ar, int ret) +{ + return replmd_replicated_request_reply_helper(ar, ret); +} + +static int replmd_replicated_request_werror(struct replmd_replicated_request *ar, WERROR status) +{ + int ret = LDB_ERR_OTHER; + /* TODO: do some error mapping */ + return replmd_replicated_request_reply_helper(ar, ret); +} + +static int replmd_replicated_apply_next(struct replmd_replicated_request *ar); + +static int replmd_replicated_apply_add_callback(struct ldb_context *ldb, + void *private_data, + struct ldb_reply *ares) +{ +#ifdef REPLMD_FULL_ASYNC /* TODO: active this code when ldb support full async code */ + struct replmd_replicated_request *ar = talloc_get_type(private_data, + struct replmd_replicated_request); + + ar->sub.change_ret = ldb_wait(ar->sub.search_req->handle, LDB_WAIT_ALL); + if (ar->sub.change_ret != LDB_SUCCESS) { + return replmd_replicated_request_error(ar, ar->sub.change_ret); + } + + talloc_free(ar->sub.mem_ctx); + ZERO_STRUCT(ar->sub); + + ar->index_current++; + + return replmd_replicated_apply_next(ar); +#else + return LDB_SUCCESS; +#endif +} + +static int replmd_replicated_apply_add(struct replmd_replicated_request *ar) +{ + NTSTATUS nt_status; + struct ldb_message *msg; + struct replPropertyMetaDataBlob *md; + struct ldb_val md_value; + uint32_t i; + uint64_t seq_num; + int ret; + + msg = ar->objs->objects[ar->index_current].msg; + md = ar->objs->objects[ar->index_current].meta_data; + + ret = ldb_sequence_number(ar->module->ldb, LDB_SEQ_NEXT, &seq_num); + if (ret != LDB_SUCCESS) { + return replmd_replicated_request_error(ar, ret); + } + + ret = samdb_msg_add_uint64(ar->module->ldb, msg, msg, "uSNCreated", seq_num); + if (ret != LDB_SUCCESS) { + return replmd_replicated_request_error(ar, ret); + } + + ret = samdb_msg_add_uint64(ar->module->ldb, msg, msg, "uSNChanged", seq_num); + if (ret != LDB_SUCCESS) { + return replmd_replicated_request_error(ar, ret); + } + + md = ar->objs->objects[ar->index_current].meta_data; + for (i=0; i < md->ctr.ctr1.count; i++) { + md->ctr.ctr1.array[i].local_usn = seq_num; + } + nt_status = ndr_push_struct_blob(&md_value, msg, md, + (ndr_push_flags_fn_t)ndr_push_replPropertyMetaDataBlob); + if (!NT_STATUS_IS_OK(nt_status)) { + return replmd_replicated_request_werror(ar, ntstatus_to_werror(nt_status)); + } + ret = ldb_msg_add_value(msg, "replPropertyMetaData", &md_value, NULL); + if (ret != LDB_SUCCESS) { + return replmd_replicated_request_error(ar, ret); + } + + ret = ldb_build_add_req(&ar->sub.change_req, + ar->module->ldb, + ar->sub.mem_ctx, + msg, + NULL, + ar, + replmd_replicated_apply_add_callback); + if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret); + +#ifdef REPLMD_FULL_ASYNC /* TODO: active this code when ldb support full async code */ + return ldb_next_request(ar->module, ar->sub.change_req); +#else + ret = ldb_next_request(ar->module, ar->sub.change_req); + if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret); + + ar->sub.change_ret = ldb_wait(ar->sub.search_req->handle, LDB_WAIT_ALL); + if (ar->sub.change_ret != LDB_SUCCESS) { + return replmd_replicated_request_error(ar, ar->sub.change_ret); + } + + talloc_free(ar->sub.mem_ctx); + ZERO_STRUCT(ar->sub); + + ar->index_current++; + + return LDB_SUCCESS; +#endif +} + +static int replmd_replicated_apply_merge(struct replmd_replicated_request *ar) +{ +#ifdef REPLMD_FULL_ASYNC /* TODO: active this code when ldb support full async code */ +#error sorry replmd_replicated_apply_merge not implemented +#else + ldb_debug(ar->module->ldb, LDB_DEBUG_FATAL, + "replmd_replicated_apply_merge: ignore [%u]\n", + ar->index_current); + + talloc_free(ar->sub.mem_ctx); + ZERO_STRUCT(ar->sub); + + ar->index_current++; + + return LDB_SUCCESS; +#endif +} + +static int replmd_replicated_apply_search_callback(struct ldb_context *ldb, + void *private_data, + struct ldb_reply *ares) +{ + struct replmd_replicated_request *ar = talloc_get_type(private_data, + struct replmd_replicated_request); + bool is_done = false; + + switch (ares->type) { + case LDB_REPLY_ENTRY: + ar->sub.search_msg = talloc_steal(ar->sub.mem_ctx, ares->message); + break; + case LDB_REPLY_REFERRAL: + /* we ignore referrals */ + break; + case LDB_REPLY_EXTENDED: + case LDB_REPLY_DONE: + is_done = true; + } + + talloc_free(ares); + +#ifdef REPLMD_FULL_ASYNC /* TODO: active this code when ldb support full async code */ + if (is_done) { + ar->sub.search_ret = ldb_wait(ar->sub.search_req->handle, LDB_WAIT_ALL); + if (ar->sub.search_ret != LDB_SUCCESS) { + return replmd_replicated_request_error(ar, ar->sub.search_ret); + } + if (ar->sub.search_msg) { + return replmd_replicated_apply_merge(ar); + } + return replmd_replicated_apply_add(ar); + } +#endif + return LDB_SUCCESS; +} + +static int replmd_replicated_apply_search(struct replmd_replicated_request *ar) +{ + int ret; + char *tmp_str; + char *filter; + + tmp_str = ldb_binary_encode(ar->sub.mem_ctx, ar->objs->objects[ar->index_current].guid_value); + if (!tmp_str) return replmd_replicated_request_werror(ar, WERR_NOMEM); + + filter = talloc_asprintf(ar->sub.mem_ctx, "(objectGUID=%s)", tmp_str); + if (!filter) return replmd_replicated_request_werror(ar, WERR_NOMEM); + talloc_free(tmp_str); + + ret = ldb_build_search_req(&ar->sub.search_req, + ar->module->ldb, + ar->sub.mem_ctx, + ar->objs->partition_dn, + LDB_SCOPE_SUBTREE, + filter, + NULL, + NULL, + ar, + replmd_replicated_apply_search_callback); + if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret); + +#ifdef REPLMD_FULL_ASYNC /* TODO: active this code when ldb support full async code */ + return ldb_next_request(ar->module, ar->sub.search_req); +#else + ret = ldb_next_request(ar->module, ar->sub.search_req); + if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret); + + ar->sub.search_ret = ldb_wait(ar->sub.search_req->handle, LDB_WAIT_ALL); + if (ar->sub.search_ret != LDB_SUCCESS) { + return replmd_replicated_request_error(ar, ar->sub.search_ret); + } + if (ar->sub.search_msg) { + return replmd_replicated_apply_merge(ar); + } + + return replmd_replicated_apply_add(ar); +#endif +} + +static int replmd_replicated_apply_next(struct replmd_replicated_request *ar) +{ + if (ar->index_current >= ar->objs->num_objects) { + return replmd_replicated_request_done(ar); + } + + ar->sub.mem_ctx = talloc_new(ar); + if (!ar->sub.mem_ctx) return replmd_replicated_request_werror(ar, WERR_NOMEM); + + return replmd_replicated_apply_search(ar); +} + static int replmd_extended_replicated_objects(struct ldb_module *module, struct ldb_request *req) { + struct dsdb_extended_replicated_objects *objs; + struct replmd_replicated_request *ar; + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "replmd_extended_replicated_objects\n"); - return LDB_ERR_OPERATIONS_ERROR; + + objs = talloc_get_type(req->op.extended.data, struct dsdb_extended_replicated_objects); + if (!objs) { + return LDB_ERR_PROTOCOL_ERROR; + } + + ar = replmd_replicated_init_handle(module, req, objs); + if (!ar) { + return LDB_ERR_OPERATIONS_ERROR; + } + +#ifdef REPLMD_FULL_ASYNC /* TODO: active this code when ldb support full async code */ + return replmd_replicated_apply_next(ar); +#else + while (req->handle->state != LDB_ASYNC_DONE) { + replmd_replicated_apply_next(ar); + } + + return LDB_SUCCESS; +#endif } static int replmd_extended(struct ldb_module *module, struct ldb_request *req) @@ -326,11 +653,55 @@ static int replmd_extended(struct ldb_module *module, struct ldb_request *req) return ldb_next_request(module, req); } +static int replmd_wait_none(struct ldb_handle *handle) { + struct replmd_replicated_request *ar; + + if (!handle || !handle->private_data) { + return LDB_ERR_OPERATIONS_ERROR; + } + + ar = talloc_get_type(handle->private_data, struct replmd_replicated_request); + if (!ar) { + return LDB_ERR_OPERATIONS_ERROR; + } + + /* we do only sync calls */ + if (handle->state != LDB_ASYNC_DONE) { + return LDB_ERR_OPERATIONS_ERROR; + } + + return handle->status; +} + +static int replmd_wait_all(struct ldb_handle *handle) { + + int ret; + + while (handle->state != LDB_ASYNC_DONE) { + ret = replmd_wait_none(handle); + if (ret != LDB_SUCCESS) { + return ret; + } + } + + return handle->status; +} + +static int replmd_wait(struct ldb_handle *handle, enum ldb_wait_type type) +{ + if (type == LDB_WAIT_ALL) { + return replmd_wait_all(handle); + } else { + return replmd_wait_none(handle); + } +} + static const struct ldb_module_ops replmd_ops = { .name = "repl_meta_data", .add = replmd_add, .modify = replmd_modify, .extended = replmd_extended, + .wait = replmd_wait }; int repl_meta_data_module_init(void) -- cgit From ffa259f4a463054a398cfcd4ae3f409c9a718bbc Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 12 Jan 2007 13:17:25 +0000 Subject: r20705: store the "replUpToDateVector" attribute in DSDB_EXTENDED_REPLICATED_OBJECTS metze (This used to be commit c9e7a58f6a16dfa28323fd0fd01ad6ee516c51b0) --- source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 337 +++++++++++++++++++++++- 1 file changed, 335 insertions(+), 2 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index 487a6146af..7998d5466c 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -45,6 +45,7 @@ #include "lib/ldb/include/ldb_private.h" #include "dsdb/samdb/samdb.h" #include "librpc/gen_ndr/ndr_misc.h" +#include "librpc/gen_ndr/ndr_drsuapi.h" #include "librpc/gen_ndr/ndr_drsblobs.h" struct replmd_replicated_request { @@ -606,9 +607,11 @@ static int replmd_replicated_apply_search(struct replmd_replicated_request *ar) static int replmd_replicated_apply_next(struct replmd_replicated_request *ar) { +#ifdef REPLMD_FULL_ASYNC /* TODO: active this code when ldb support full async code */ if (ar->index_current >= ar->objs->num_objects) { - return replmd_replicated_request_done(ar); + return replmd_replicated_uptodate_vector(ar); } +#endif ar->sub.mem_ctx = talloc_new(ar); if (!ar->sub.mem_ctx) return replmd_replicated_request_werror(ar, WERR_NOMEM); @@ -616,6 +619,331 @@ static int replmd_replicated_apply_next(struct replmd_replicated_request *ar) return replmd_replicated_apply_search(ar); } +static int replmd_replicated_uptodate_modify_callback(struct ldb_context *ldb, + void *private_data, + struct ldb_reply *ares) +{ +#ifdef REPLMD_FULL_ASYNC /* TODO: active this code when ldb support full async code */ + struct replmd_replicated_request *ar = talloc_get_type(private_data, + struct replmd_replicated_request); + + ar->sub.change_ret = ldb_wait(ar->sub.search_req->handle, LDB_WAIT_ALL); + if (ar->sub.change_ret != LDB_SUCCESS) { + return replmd_replicated_request_error(ar, ar->sub.change_ret); + } + + talloc_free(ar->sub.mem_ctx); + ZERO_STRUCT(ar->sub); + + return replmd_replicated_request_done(ar); +#else + return LDB_SUCCESS; +#endif +} + +static int replmd_replicated_uptodate_modify(struct replmd_replicated_request *ar) +{ + NTSTATUS nt_status; + struct ldb_message *msg; + struct replUpToDateVectorBlob ouv; + const struct ldb_val *ouv_value; + const struct drsuapi_DsReplicaCursor2CtrEx *ruv; + struct replUpToDateVectorBlob nuv; + struct ldb_val nuv_value; + struct ldb_message_element *nuv_el = NULL; + struct GUID *our_invocation_id; + uint32_t i,j,ni=0; + uint64_t seq_num; + bool found = false; + time_t t = time(NULL); + NTTIME now; + int ret; + + ruv = ar->objs->uptodateness_vector; + ZERO_STRUCT(ouv); + ouv.version = 2; + ZERO_STRUCT(nuv); + nuv.version = 2; + + unix_to_nt_time(&now, t); + + /* + * we use the next sequence number for our own highest_usn + * because we will do a modify request and this will increment + * our highest_usn + */ + ret = ldb_sequence_number(ar->module->ldb, LDB_SEQ_NEXT, &seq_num); + if (ret != LDB_SUCCESS) { + return replmd_replicated_request_error(ar, ret); + } + + ouv_value = ldb_msg_find_ldb_val(ar->sub.search_msg, "replUpToDateVector"); + if (ouv_value) { + nt_status = ndr_pull_struct_blob(ouv_value, ar->sub.mem_ctx, &ouv, + (ndr_pull_flags_fn_t)ndr_pull_replUpToDateVectorBlob); + if (!NT_STATUS_IS_OK(nt_status)) { + return replmd_replicated_request_werror(ar, ntstatus_to_werror(nt_status)); + } + + if (ouv.version != 2) { + return replmd_replicated_request_werror(ar, WERR_DS_DRA_INTERNAL_ERROR); + } + } + + /* + * the new uptodateness vector will at least + * contain 2 entries, one for the source_dsa and one the local server + * + * plus optional values from our old vector and the one from the source_dsa + */ + nuv.ctr.ctr2.count = 2 + ouv.ctr.ctr2.count; + if (ruv) nuv.ctr.ctr2.count += ruv->count; + nuv.ctr.ctr2.cursors = talloc_array(ar->sub.mem_ctx, + struct drsuapi_DsReplicaCursor2, + nuv.ctr.ctr2.count); + if (!nuv.ctr.ctr2.cursors) return replmd_replicated_request_werror(ar, WERR_NOMEM); + + /* first copy the old vector */ + for (i=0; i < ouv.ctr.ctr2.count; i++) { + nuv.ctr.ctr2.cursors[ni] = ouv.ctr.ctr2.cursors[i]; + ni++; + } + + /* merge in the source_dsa vector is available */ + for (i=0; (ruv && i < ruv->count); i++) { + found = false; + + for (j=0; j < ni; j++) { + if (!GUID_equal(&ruv->cursors[i].source_dsa_invocation_id, + &nuv.ctr.ctr2.cursors[j].source_dsa_invocation_id)) { + continue; + } + + found = true; + + /* + * we update only the highest_usn and not the latest_sync_success time, + * because the last success stands for direct replication + */ + if (ruv->cursors[i].highest_usn > nuv.ctr.ctr2.cursors[j].highest_usn) { + nuv.ctr.ctr2.cursors[j].highest_usn = ruv->cursors[i].highest_usn; + } + break; + } + + if (found) continue; + + /* if it's not there yet, add it */ + nuv.ctr.ctr2.cursors[ni] = ruv->cursors[i]; + ni++; + } + + /* + * merge in the current highwatermark for the source_dsa + */ + found = false; + for (j=0; j < ni; j++) { + if (!GUID_equal(ar->objs->source_dsa_invocation_id, + &nuv.ctr.ctr2.cursors[j].source_dsa_invocation_id)) { + continue; + } + + found = true; + + /* + * here we update the highest_usn and last_sync_success time + * because we're directly replicating from the source_dsa + * + * and use the tmp_highest_usn because this is what we have just applied + * to our ldb + */ + nuv.ctr.ctr2.cursors[j].highest_usn = ar->objs->new_highwatermark->tmp_highest_usn; + nuv.ctr.ctr2.cursors[j].last_sync_success = now; + break; + } + if (!found) { + /* + * here we update the highest_usn and last_sync_success time + * because we're directly replicating from the source_dsa + * + * and use the tmp_highest_usn because this is what we have just applied + * to our ldb + */ + nuv.ctr.ctr2.cursors[ni].source_dsa_invocation_id= *ar->objs->source_dsa_invocation_id; + nuv.ctr.ctr2.cursors[ni].highest_usn = ar->objs->new_highwatermark->tmp_highest_usn; + nuv.ctr.ctr2.cursors[ni].last_sync_success = now; + ni++; + } + + /* + * merge our own current values if we have a invocation_id already + * attached to the ldb + */ + our_invocation_id = samdb_ntds_invocation_id(ar->module->ldb); + if (our_invocation_id) { + found = false; + for (j=0; j < ni; j++) { + if (!GUID_equal(our_invocation_id, + &nuv.ctr.ctr2.cursors[j].source_dsa_invocation_id)) { + continue; + } + + found = true; + + /* + * here we update the highest_usn and last_sync_success time + * because it's our own entry + */ + nuv.ctr.ctr2.cursors[j].highest_usn = seq_num; + nuv.ctr.ctr2.cursors[j].last_sync_success = now; + break; + } + if (!found) { + /* + * here we update the highest_usn and last_sync_success time + * because it's our own entry + */ + nuv.ctr.ctr2.cursors[ni].source_dsa_invocation_id= *our_invocation_id; + nuv.ctr.ctr2.cursors[ni].highest_usn = seq_num; + nuv.ctr.ctr2.cursors[ni].last_sync_success = now; + ni++; + } + } + + /* + * finally correct the size of the cursors array + */ + nuv.ctr.ctr2.count = ni; + + /* + * create the change ldb_message + */ + msg = ldb_msg_new(ar->sub.mem_ctx); + if (!msg) return replmd_replicated_request_werror(ar, WERR_NOMEM); + msg->dn = ar->sub.search_msg->dn; + + nt_status = ndr_push_struct_blob(&nuv_value, msg, &nuv, + (ndr_push_flags_fn_t)ndr_push_replUpToDateVectorBlob); + if (!NT_STATUS_IS_OK(nt_status)) { + return replmd_replicated_request_werror(ar, ntstatus_to_werror(nt_status)); + } + ret = ldb_msg_add_value(msg, "replUpToDateVector", &nuv_value, &nuv_el); + if (ret != LDB_SUCCESS) { + return replmd_replicated_request_error(ar, ret); + } + nuv_el->flags = LDB_FLAG_MOD_REPLACE; + + ret = ldb_build_mod_req(&ar->sub.change_req, + ar->module->ldb, + ar->sub.mem_ctx, + msg, + NULL, + ar, + replmd_replicated_uptodate_modify_callback); + if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret); + +#ifdef REPLMD_FULL_ASYNC /* TODO: active this code when ldb support full async code */ + return ldb_next_request(ar->module, ar->sub.change_req); +#else + ret = ldb_next_request(ar->module, ar->sub.change_req); + if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret); + + ar->sub.change_ret = ldb_wait(ar->sub.search_req->handle, LDB_WAIT_ALL); + if (ar->sub.change_ret != LDB_SUCCESS) { + return replmd_replicated_request_error(ar, ar->sub.change_ret); + } + + talloc_free(ar->sub.mem_ctx); + ZERO_STRUCT(ar->sub); + + return replmd_replicated_request_done(ar); +#endif +} + +static int replmd_replicated_uptodate_search_callback(struct ldb_context *ldb, + void *private_data, + struct ldb_reply *ares) +{ + struct replmd_replicated_request *ar = talloc_get_type(private_data, + struct replmd_replicated_request); + bool is_done = false; + + switch (ares->type) { + case LDB_REPLY_ENTRY: + ar->sub.search_msg = talloc_steal(ar->sub.mem_ctx, ares->message); + break; + case LDB_REPLY_REFERRAL: + /* we ignore referrals */ + break; + case LDB_REPLY_EXTENDED: + case LDB_REPLY_DONE: + is_done = true; + } + + talloc_free(ares); + +#ifdef REPLMD_FULL_ASYNC /* TODO: active this code when ldb support full async code */ + if (is_done) { + ar->sub.search_ret = ldb_wait(ar->sub.search_req->handle, LDB_WAIT_ALL); + if (ar->sub.search_ret != LDB_SUCCESS) { + return replmd_replicated_request_error(ar, ar->sub.search_ret); + } + if (!ar->sub.search_msg) { + return replmd_replicated_request_werror(ar, WERR_DS_DRA_INTERNAL_ERROR); + } + + return replmd_replicated_uptodate_modify(ar); + } +#endif + return LDB_SUCCESS; +} + +static int replmd_replicated_uptodate_search(struct replmd_replicated_request *ar) +{ + int ret; + static const char *attrs[] = { + "replUpToDateVector", + NULL + }; + + ret = ldb_build_search_req(&ar->sub.search_req, + ar->module->ldb, + ar->sub.mem_ctx, + ar->objs->partition_dn, + LDB_SCOPE_BASE, + "(objectClass=*)", + attrs, + NULL, + ar, + replmd_replicated_uptodate_search_callback); + if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret); + +#ifdef REPLMD_FULL_ASYNC /* TODO: active this code when ldb support full async code */ + return ldb_next_request(ar->module, ar->sub.search_req); +#else + ret = ldb_next_request(ar->module, ar->sub.search_req); + if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret); + + ar->sub.search_ret = ldb_wait(ar->sub.search_req->handle, LDB_WAIT_ALL); + if (ar->sub.search_ret != LDB_SUCCESS) { + return replmd_replicated_request_error(ar, ar->sub.search_ret); + } + if (!ar->sub.search_msg) { + return replmd_replicated_request_werror(ar, WERR_DS_DRA_INTERNAL_ERROR); + } + + return replmd_replicated_uptodate_modify(ar); +#endif +} + +static int replmd_replicated_uptodate_vector(struct replmd_replicated_request *ar) +{ + ar->sub.mem_ctx = talloc_new(ar); + if (!ar->sub.mem_ctx) return replmd_replicated_request_werror(ar, WERR_NOMEM); + + return replmd_replicated_uptodate_search(ar); +} + static int replmd_extended_replicated_objects(struct ldb_module *module, struct ldb_request *req) { struct dsdb_extended_replicated_objects *objs; @@ -636,10 +964,15 @@ static int replmd_extended_replicated_objects(struct ldb_module *module, struct #ifdef REPLMD_FULL_ASYNC /* TODO: active this code when ldb support full async code */ return replmd_replicated_apply_next(ar); #else - while (req->handle->state != LDB_ASYNC_DONE) { + while (ar->index_current < ar->objs->num_objects && + req->handle->state != LDB_ASYNC_DONE) { replmd_replicated_apply_next(ar); } + if (req->handle->state != LDB_ASYNC_DONE) { + replmd_replicated_uptodate_vector(ar); + } + return LDB_SUCCESS; #endif } -- cgit From 18f81804696c0916652acc1f9491e96fda0d25fc Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 12 Jan 2007 16:02:10 +0000 Subject: r20709: pass a repsFromTo1 struct down as it contains all needed info for the source dsa and the highwater mark vector metze (This used to be commit a31e017e5388e5abd6ed9d09adcf26d2527954a6) --- source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index 7998d5466c..a1fe2e7eb5 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -677,6 +677,9 @@ static int replmd_replicated_uptodate_modify(struct replmd_replicated_request *a return replmd_replicated_request_error(ar, ret); } + /* + * first create the new replUpToDateVector + */ ouv_value = ldb_msg_find_ldb_val(ar->sub.search_msg, "replUpToDateVector"); if (ouv_value) { nt_status = ndr_pull_struct_blob(ouv_value, ar->sub.mem_ctx, &ouv, @@ -743,7 +746,7 @@ static int replmd_replicated_uptodate_modify(struct replmd_replicated_request *a */ found = false; for (j=0; j < ni; j++) { - if (!GUID_equal(ar->objs->source_dsa_invocation_id, + if (!GUID_equal(&ar->objs->source_dsa->source_dsa_invocation_id, &nuv.ctr.ctr2.cursors[j].source_dsa_invocation_id)) { continue; } @@ -757,7 +760,7 @@ static int replmd_replicated_uptodate_modify(struct replmd_replicated_request *a * and use the tmp_highest_usn because this is what we have just applied * to our ldb */ - nuv.ctr.ctr2.cursors[j].highest_usn = ar->objs->new_highwatermark->tmp_highest_usn; + nuv.ctr.ctr2.cursors[j].highest_usn = ar->objs->source_dsa->highwatermark.tmp_highest_usn; nuv.ctr.ctr2.cursors[j].last_sync_success = now; break; } @@ -769,8 +772,8 @@ static int replmd_replicated_uptodate_modify(struct replmd_replicated_request *a * and use the tmp_highest_usn because this is what we have just applied * to our ldb */ - nuv.ctr.ctr2.cursors[ni].source_dsa_invocation_id= *ar->objs->source_dsa_invocation_id; - nuv.ctr.ctr2.cursors[ni].highest_usn = ar->objs->new_highwatermark->tmp_highest_usn; + nuv.ctr.ctr2.cursors[ni].source_dsa_invocation_id= ar->objs->source_dsa->source_dsa_invocation_id; + nuv.ctr.ctr2.cursors[ni].highest_usn = ar->objs->source_dsa->highwatermark.tmp_highest_usn; nuv.ctr.ctr2.cursors[ni].last_sync_success = now; ni++; } -- cgit From ce87c63146d6060b92ba9590e29d7dc6009bfdeb Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 12 Jan 2007 17:02:55 +0000 Subject: r20710: update or create the "repsFrom" values after applying replicated objects metze (This used to be commit 665d8f9626f8ef1c64f6fac79bdc40d14330f126) --- source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 94 ++++++++++++++++++++++++- 1 file changed, 93 insertions(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index a1fe2e7eb5..18713d7e19 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -651,7 +651,11 @@ static int replmd_replicated_uptodate_modify(struct replmd_replicated_request *a struct replUpToDateVectorBlob nuv; struct ldb_val nuv_value; struct ldb_message_element *nuv_el = NULL; - struct GUID *our_invocation_id; + const struct GUID *our_invocation_id; + struct ldb_message_element *orf_el = NULL; + struct repsFromToBlob nrf; + struct ldb_val *nrf_value = NULL; + struct ldb_message_element *nrf_el = NULL; uint32_t i,j,ni=0; uint64_t seq_num; bool found = false; @@ -836,6 +840,93 @@ static int replmd_replicated_uptodate_modify(struct replmd_replicated_request *a } nuv_el->flags = LDB_FLAG_MOD_REPLACE; + /* + * now create the new repsFrom value from the given repsFromTo1 structure + */ + ZERO_STRUCT(nrf); + nrf.version = 1; + nrf.ctr.ctr1 = *ar->objs->source_dsa; + /* and fix some values... */ + nrf.ctr.ctr1.consecutive_sync_failures = 0; + nrf.ctr.ctr1.last_success = now; + nrf.ctr.ctr1.last_attempt = now; + nrf.ctr.ctr1.result_last_attempt = WERR_OK; + nrf.ctr.ctr1.highwatermark.highest_usn = nrf.ctr.ctr1.highwatermark.tmp_highest_usn; + + /* + * first see if we already have a repsFrom value for the current source dsa + * if so we'll later replace this value + */ + orf_el = ldb_msg_find_element(ar->sub.search_msg, "repsFrom"); + if (orf_el) { + for (i=0; i < orf_el->num_values; i++) { + struct repsFromToBlob *trf; + + trf = talloc(ar->sub.mem_ctx, struct repsFromToBlob); + if (!trf) return replmd_replicated_request_werror(ar, WERR_NOMEM); + + nt_status = ndr_pull_struct_blob(&orf_el->values[i], trf, trf, + (ndr_pull_flags_fn_t)ndr_pull_repsFromToBlob); + if (!NT_STATUS_IS_OK(nt_status)) { + return replmd_replicated_request_werror(ar, ntstatus_to_werror(nt_status)); + } + + if (trf->version != 1) { + return replmd_replicated_request_werror(ar, WERR_DS_DRA_INTERNAL_ERROR); + } + + /* + * we compare the source dsa objectGUID not the invocation_id + * because we want only one repsFrom value per source dsa + * and when the invocation_id of the source dsa has changed we don't need + * the old repsFrom with the old invocation_id + */ + if (!GUID_equal(&trf->ctr.ctr1.source_dsa_obj_guid, + &ar->objs->source_dsa->source_dsa_obj_guid)) { + talloc_free(trf); + continue; + } + + talloc_free(trf); + nrf_value = &orf_el->values[i]; + break; + } + + /* + * copy over all old values to the new ldb_message + */ + ret = ldb_msg_add_empty(msg, "repsFrom", 0, &nrf_el); + if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret); + *nrf_el = *orf_el; + } + + /* + * if we haven't found an old repsFrom value for the current source dsa + * we'll add a new value + */ + if (!nrf_value) { + struct ldb_val zero_value; + ZERO_STRUCT(zero_value); + ret = ldb_msg_add_value(msg, "repsFrom", &zero_value, &nrf_el); + if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret); + + nrf_value = &nrf_el->values[nrf_el->num_values - 1]; + } + + /* we now fill the value which is already attached to ldb_message */ + nt_status = ndr_push_struct_blob(nrf_value, msg, &nrf, + (ndr_push_flags_fn_t)ndr_push_repsFromToBlob); + if (!NT_STATUS_IS_OK(nt_status)) { + return replmd_replicated_request_werror(ar, ntstatus_to_werror(nt_status)); + } + + /* + * the ldb_message_element for the attribute, has all the old values and the new one + * so we'll replace the whole attribute with all values + */ + nrf_el->flags = LDB_FLAG_MOD_REPLACE; + + /* prepare the ldb_modify() request */ ret = ldb_build_mod_req(&ar->sub.change_req, ar->module->ldb, ar->sub.mem_ctx, @@ -906,6 +997,7 @@ static int replmd_replicated_uptodate_search(struct replmd_replicated_request *a int ret; static const char *attrs[] = { "replUpToDateVector", + "repsFrom", NULL }; -- cgit From 33f894664005544b80a6640c34dbf133edbe363d Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 12 Jan 2007 17:19:48 +0000 Subject: r20713: sort the cursors in replUpToDateVector by source_dsa_invocation_id, w2k3 seems to do the same. It's later useful, when we would have a large array be could use a binary search metze (This used to be commit cd654f20e16c32f82ceb2b66453ce8d1be7020dd) --- source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index 18713d7e19..ca0291affd 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -641,6 +641,12 @@ static int replmd_replicated_uptodate_modify_callback(struct ldb_context *ldb, #endif } +static int replmd_drsuapi_DsReplicaCursor2_compare(const struct drsuapi_DsReplicaCursor2 *c1, + const struct drsuapi_DsReplicaCursor2 *c2) +{ + return GUID_compare(&c1->source_dsa_invocation_id, &c2->source_dsa_invocation_id); +} + static int replmd_replicated_uptodate_modify(struct replmd_replicated_request *ar) { NTSTATUS nt_status; @@ -822,6 +828,13 @@ static int replmd_replicated_uptodate_modify(struct replmd_replicated_request *a */ nuv.ctr.ctr2.count = ni; + /* + * sort the cursors + */ + qsort(nuv.ctr.ctr2.cursors, nuv.ctr.ctr2.count, + sizeof(struct drsuapi_DsReplicaCursor2), + (comparison_fn_t)replmd_drsuapi_DsReplicaCursor2_compare); + /* * create the change ldb_message */ -- cgit From 007c6f6e659c61e426deb97f6156d92723549f71 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 12 Jan 2007 17:58:38 +0000 Subject: r20716: add a dsdb_cache ldb module which will load the dsdb_schema and other things on startup into memory structures in future. metze (This used to be commit fbb1f85e320830f52bdf410ad61f2ec60e168d80) --- source4/dsdb/samdb/ldb_modules/config.mk | 11 +++++++ source4/dsdb/samdb/ldb_modules/dsdb_cache.c | 48 +++++++++++++++++++++++++++++ 2 files changed, 59 insertions(+) create mode 100644 source4/dsdb/samdb/ldb_modules/dsdb_cache.c (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index 663f2cfb63..a92095f6f2 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -22,6 +22,17 @@ OBJ_FILES = \ # End MODULE ldb_repl_meta_data ################################################ +################################################ +# Start MODULE ldb_dsdb_cache +[MODULE::ldb_dsdb_cache] +SUBSYSTEM = ldb +PRIVATE_DEPENDENCIES = SAMDB LIBTALLOC +INIT_FUNCTION = dsdb_cache_module_init +OBJ_FILES = \ + dsdb_cache.o +# End MODULE ldb_dsdb_cache +################################################ + ################################################ # Start MODULE ldb_samldb [MODULE::ldb_samldb] diff --git a/source4/dsdb/samdb/ldb_modules/dsdb_cache.c b/source4/dsdb/samdb/ldb_modules/dsdb_cache.c new file mode 100644 index 0000000000..92de96915d --- /dev/null +++ b/source4/dsdb/samdb/ldb_modules/dsdb_cache.c @@ -0,0 +1,48 @@ +/* + Unix SMB/CIFS mplementation. + + The Module that loads some DSDB related things + into memory. E.g. it loads the dsdb_schema struture + + Copyright (C) Stefan Metzmacher 2007 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + +*/ + +#include "includes.h" +#include "lib/ldb/include/ldb.h" +#include "lib/ldb/include/ldb_errors.h" +#include "lib/ldb/include/ldb_private.h" +#include "dsdb/samdb/samdb.h" +#include "librpc/gen_ndr/ndr_misc.h" +#include "librpc/gen_ndr/ndr_drsuapi.h" +#include "librpc/gen_ndr/ndr_drsblobs.h" + +static int dsdb_cache_init(struct ldb_module *module) +{ + /* TODO: load the schema */ + return ldb_next_init(module); +} + +static const struct ldb_module_ops dsdb_cache_ops = { + .name = "dsdb_cache", + .init_context = dsdb_cache_init +}; + +int dsdb_cache_module_init(void) +{ + return ldb_register_module(&dsdb_cache_ops); +} -- cgit From 7ff19c935de67089f7a807bafb1f6e206ff6c585 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sat, 13 Jan 2007 10:53:12 +0000 Subject: r20726: - only add the rdn attribute and it's meta_data when the 'name' attribute is there - add the values for objectGUID and whenChanged inside the ldb module, so that the ldb module has only replicated attributes as input metze (This used to be commit 0ecb07e0526462529fb21cec30e789a9002b30a1) --- source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index ca0291affd..498cf6a94f 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -446,6 +446,15 @@ static int replmd_replicated_apply_add(struct replmd_replicated_request *ar) uint64_t seq_num; int ret; + /* + * TODO: check if the parent object exist + */ + + /* + * TODO: handle the conflict case where an object with the + * same name exist + */ + msg = ar->objs->objects[ar->index_current].msg; md = ar->objs->objects[ar->index_current].meta_data; @@ -454,6 +463,16 @@ static int replmd_replicated_apply_add(struct replmd_replicated_request *ar) return replmd_replicated_request_error(ar, ret); } + ret = ldb_msg_add_value(msg, "objectGUID", &ar->objs->objects[ar->index_current].guid_value, NULL); + if (ret != LDB_SUCCESS) { + return replmd_replicated_request_error(ar, ret); + } + + ret = ldb_msg_add_string(msg, "whenChanged", ar->objs->objects[ar->index_current].when_changed); + if (ret != LDB_SUCCESS) { + return replmd_replicated_request_error(ar, ret); + } + ret = samdb_msg_add_uint64(ar->module->ldb, msg, msg, "uSNCreated", seq_num); if (ret != LDB_SUCCESS) { return replmd_replicated_request_error(ar, ret); -- cgit From 2cf643929ce9024bcdad7ef52bcfce6e97677996 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sat, 13 Jan 2007 11:17:27 +0000 Subject: r20727: implement basic merging of replicated objects when it already exist in the ldb metze (This used to be commit 262e42123d0bca77560fbb5a33c13a9c275ba3ec) --- source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 250 +++++++++++++++++++++++- 1 file changed, 246 insertions(+), 4 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index 498cf6a94f..4b12c68175 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -526,15 +526,257 @@ static int replmd_replicated_apply_add(struct replmd_replicated_request *ar) #endif } +static int replmd_replPropertyMetaData1_attid_compare(struct replPropertyMetaData1 *m1, + struct replPropertyMetaData1 *m2) +{ + return m1->attid - m2->attid; +} + +static int replmd_replPropertyMetaData1_conflict_compare(struct replPropertyMetaData1 *m1, + struct replPropertyMetaData1 *m2) +{ + int ret; + + if (m1->version != m2->version) { + return m1->version - m2->version; + } + + if (m1->orginating_time != m2->orginating_time) { + return m1->orginating_time - m2->orginating_time; + } + + ret = GUID_compare(&m1->orginating_invocation_id, &m2->orginating_invocation_id); + if (ret != 0) { + return ret; + } + + return m1->orginating_usn - m2->orginating_usn; +} + +static int replmd_replicated_apply_merge_callback(struct ldb_context *ldb, + void *private_data, + struct ldb_reply *ares) +{ +#ifdef REPLMD_FULL_ASYNC /* TODO: active this code when ldb support full async code */ + struct replmd_replicated_request *ar = talloc_get_type(private_data, + struct replmd_replicated_request); + + ret = ldb_next_request(ar->module, ar->sub.change_req); + if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret); + + ar->sub.change_ret = ldb_wait(ar->sub.search_req->handle, LDB_WAIT_ALL); + if (ar->sub.change_ret != LDB_SUCCESS) { + return replmd_replicated_request_error(ar, ar->sub.change_ret); + } + + talloc_free(ar->sub.mem_ctx); + ZERO_STRUCT(ar->sub); + + ar->index_current++; + + return LDB_SUCCESS; +#else + return LDB_SUCCESS; +#endif +} + static int replmd_replicated_apply_merge(struct replmd_replicated_request *ar) { + NTSTATUS nt_status; + struct ldb_message *msg; + struct replPropertyMetaDataBlob *rmd; + struct replPropertyMetaDataBlob omd; + const struct ldb_val *omd_value; + struct replPropertyMetaDataBlob nmd; + struct ldb_val nmd_value; + uint32_t i,j,ni=0; + uint32_t removed_attrs = 0; + uint64_t seq_num; + int ret; + + msg = ar->objs->objects[ar->index_current].msg; + rmd = ar->objs->objects[ar->index_current].meta_data; + ZERO_STRUCT(omd); + omd.version = 1; + + /* + * TODO: add rename conflict handling + */ + if (ldb_dn_compare(msg->dn, ar->sub.search_msg->dn) != 0) { + ldb_debug(ar->module->ldb, LDB_DEBUG_FATAL, "replmd_replicated_apply_merge[%u]: rename not supported", + ar->index_current); + ldb_debug(ar->module->ldb, LDB_DEBUG_FATAL, "%s => %s\n", + ldb_dn_get_linearized(ar->sub.search_msg->dn), + ldb_dn_get_linearized(msg->dn)); + return replmd_replicated_request_werror(ar, WERR_NOT_SUPPORTED); + } + + ret = ldb_sequence_number(ar->module->ldb, LDB_SEQ_NEXT, &seq_num); + if (ret != LDB_SUCCESS) { + return replmd_replicated_request_error(ar, ret); + } + + /* find existing meta data */ + omd_value = ldb_msg_find_ldb_val(ar->sub.search_msg, "replPropertyMetaData"); + if (omd_value) { + nt_status = ndr_pull_struct_blob(omd_value, ar->sub.mem_ctx, &omd, + (ndr_pull_flags_fn_t)ndr_pull_replPropertyMetaDataBlob); + if (!NT_STATUS_IS_OK(nt_status)) { + return replmd_replicated_request_werror(ar, ntstatus_to_werror(nt_status)); + } + + if (omd.version != 1) { + return replmd_replicated_request_werror(ar, WERR_DS_DRA_INTERNAL_ERROR); + } + } + + ZERO_STRUCT(nmd); + nmd.version = 1; + nmd.ctr.ctr1.count = omd.ctr.ctr1.count + rmd->ctr.ctr1.count; + nmd.ctr.ctr1.array = talloc_array(ar->sub.mem_ctx, + struct replPropertyMetaData1, + nmd.ctr.ctr1.count); + if (!nmd.ctr.ctr1.array) return replmd_replicated_request_werror(ar, WERR_NOMEM); + + /* first copy the old meta data */ + for (i=0; i < omd.ctr.ctr1.count; i++) { + nmd.ctr.ctr1.array[ni] = omd.ctr.ctr1.array[i]; + ni++; + } + + /* now merge in the new meta data */ + for (i=0; i < rmd->ctr.ctr1.count; i++) { + bool found = false; + + rmd->ctr.ctr1.array[i].local_usn = seq_num; + + for (j=0; j < ni; j++) { + int cmp; + + if (rmd->ctr.ctr1.array[i].attid != nmd.ctr.ctr1.array[j].attid) { + continue; + } + + cmp = replmd_replPropertyMetaData1_conflict_compare(&rmd->ctr.ctr1.array[i], + &nmd.ctr.ctr1.array[j]); + if (cmp > 0) { + /* replace the entry */ + nmd.ctr.ctr1.array[j] = rmd->ctr.ctr1.array[i]; + found = true; + break; + } + + /* we don't want to apply this change so remove the attribute */ + ldb_msg_remove_element(msg, &msg->elements[i-removed_attrs]); + removed_attrs++; + + found = true; + break; + } + + if (found) continue; + + nmd.ctr.ctr1.array[ni] = rmd->ctr.ctr1.array[i]; + ni++; + } + + /* + * finally correct the size of the meta_data array + */ + nmd.ctr.ctr1.count = ni; + + /* + * the rdn attribute (the alias for the name attribute), + * 'cn' for most objects is the last entry in the meta data array + * we have stored + * + * as it should stay the last one in the new list, we move it to the end + */ + { + struct replPropertyMetaData1 *rdn_p, rdn, *last_p; + uint32_t rdn_idx = omd.ctr.ctr1.count - 1; + uint32_t last_idx = ni - 1; + + rdn_p = &nmd.ctr.ctr1.array[rdn_idx]; + rdn = *rdn_p; + last_p = &nmd.ctr.ctr1.array[last_idx]; + + if (last_idx > rdn_idx) { + memmove(rdn_p, rdn_p+1, (last_idx - rdn_idx)*sizeof(rdn)); + *last_p = rdn; + } + } + + /* + * sort the meta data entries by attid, but skip the last one containing + * the rdn attribute + */ + qsort(nmd.ctr.ctr1.array, nmd.ctr.ctr1.count - 1, + sizeof(struct replPropertyMetaData1), + (comparison_fn_t)replmd_replPropertyMetaData1_attid_compare); + + /* create the meta data value */ + nt_status = ndr_push_struct_blob(&nmd_value, msg, &nmd, + (ndr_push_flags_fn_t)ndr_push_replPropertyMetaDataBlob); + if (!NT_STATUS_IS_OK(nt_status)) { + return replmd_replicated_request_werror(ar, ntstatus_to_werror(nt_status)); + } + + /* + * check if some replicated attributes left, otherwise skip the ldb_modify() call + */ + if (msg->num_elements == 0) { + ldb_debug(ar->module->ldb, LDB_DEBUG_TRACE, "replmd_replicated_apply_merge[%u]: skip replace\n", + ar->index_current); + goto next_object; + } + + ldb_debug(ar->module->ldb, LDB_DEBUG_TRACE, "replmd_replicated_apply_merge[%u]: replace %u attributes\n", + ar->index_current, msg->num_elements); + + /* + * when we now that we'll modify the record, add the whenChanged, uSNChanged + * and replPopertyMetaData attributes + */ + ret = ldb_msg_add_string(msg, "whenChanged", ar->objs->objects[ar->index_current].when_changed); + if (ret != LDB_SUCCESS) { + return replmd_replicated_request_error(ar, ret); + } + ret = samdb_msg_add_uint64(ar->module->ldb, msg, msg, "uSNChanged", seq_num); + if (ret != LDB_SUCCESS) { + return replmd_replicated_request_error(ar, ret); + } + ret = ldb_msg_add_value(msg, "replPropertyMetaData", &nmd_value, NULL); + if (ret != LDB_SUCCESS) { + return replmd_replicated_request_error(ar, ret); + } + + /* we want to replace the old values */ + for (i=0; i < msg->num_elements; i++) { + msg->elements[i].flags = LDB_FLAG_MOD_REPLACE; + } + + ret = ldb_build_mod_req(&ar->sub.change_req, + ar->module->ldb, + ar->sub.mem_ctx, + msg, + NULL, + ar, + replmd_replicated_apply_merge_callback); + if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret); + #ifdef REPLMD_FULL_ASYNC /* TODO: active this code when ldb support full async code */ -#error sorry replmd_replicated_apply_merge not implemented + return ldb_next_request(ar->module, ar->sub.change_req); #else - ldb_debug(ar->module->ldb, LDB_DEBUG_FATAL, - "replmd_replicated_apply_merge: ignore [%u]\n", - ar->index_current); + ret = ldb_next_request(ar->module, ar->sub.change_req); + if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret); + + ar->sub.change_ret = ldb_wait(ar->sub.search_req->handle, LDB_WAIT_ALL); + if (ar->sub.change_ret != LDB_SUCCESS) { + return replmd_replicated_request_error(ar, ar->sub.change_ret); + } +next_object: talloc_free(ar->sub.mem_ctx); ZERO_STRUCT(ar->sub); -- cgit From 82b4069171fdc5a6b8058161546786aec52913ca Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sat, 13 Jan 2007 11:24:39 +0000 Subject: r20728: the DSDB_CONTROL_REPLICATED_OBJECT_OID control isn't used anymore because we now use DSDB_EXTENDED_REPLICATED_OBJECTS_OID extended operation metze (This used to be commit 4380cc9ed6ac2e6c133b5a36f922b341474a8e7e) --- source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 50 ------------------------- source4/dsdb/samdb/ldb_modules/samldb.c | 5 --- 2 files changed, 55 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index 4b12c68175..53fd46f116 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -168,23 +168,6 @@ static int add_uint64_element(struct ldb_message *msg, const char *attr, uint64_ return 0; } -static int replmd_add_replicated(struct ldb_module *module, struct ldb_request *req, struct ldb_control *ctrl) -{ - struct ldb_control **saved_ctrls; - int ret; - - ldb_debug(module->ldb, LDB_DEBUG_TRACE, "replmd_add_replicated\n"); - - if (!save_controls(ctrl, req, &saved_ctrls)) { - return LDB_ERR_OPERATIONS_ERROR; - } - - ret = ldb_next_request(module, req); - req->controls = saved_ctrls; - - return ret; -} - static int replmd_add_originating(struct ldb_module *module, struct ldb_request *req) { struct ldb_request *down_req; @@ -265,39 +248,14 @@ static int replmd_add_originating(struct ldb_module *module, struct ldb_request static int replmd_add(struct ldb_module *module, struct ldb_request *req) { - struct ldb_control *ctrl; - /* do not manipulate our control entries */ if (ldb_dn_is_special(req->op.add.message->dn)) { return ldb_next_request(module, req); } - ctrl = get_control_from_list(req->controls, DSDB_CONTROL_REPLICATED_OBJECT_OID); - if (ctrl) { - /* handle replicated objects different */ - return replmd_add_replicated(module, req, ctrl); - } - return replmd_add_originating(module, req); } -static int replmd_modify_replicated(struct ldb_module *module, struct ldb_request *req, struct ldb_control *ctrl) -{ - struct ldb_control **saved_ctrls; - int ret; - - ldb_debug(module->ldb, LDB_DEBUG_TRACE, "replmd_modify_replicated\n"); - - if (!save_controls(ctrl, req, &saved_ctrls)) { - return LDB_ERR_OPERATIONS_ERROR; - } - - ret = ldb_next_request(module, req); - req->controls = saved_ctrls; - - return ret; -} - static int replmd_modify_originating(struct ldb_module *module, struct ldb_request *req) { struct ldb_request *down_req; @@ -352,19 +310,11 @@ static int replmd_modify_originating(struct ldb_module *module, struct ldb_reque static int replmd_modify(struct ldb_module *module, struct ldb_request *req) { - struct ldb_control *ctrl; - /* do not manipulate our control entries */ if (ldb_dn_is_special(req->op.mod.message->dn)) { return ldb_next_request(module, req); } - ctrl = get_control_from_list(req->controls, DSDB_CONTROL_REPLICATED_OBJECT_OID); - if (ctrl) { - /* handle replicated objects different */ - return replmd_modify_replicated(module, req, ctrl); - } - return replmd_modify_originating(module, req); } diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 07d77ee3fc..1c1ff0ea6e 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -680,11 +680,6 @@ static int samldb_add(struct ldb_module *module, struct ldb_request *req) return ldb_next_request(module, req); } - if (get_control_from_list(req->controls, DSDB_CONTROL_REPLICATED_OBJECT_OID)) { - /* if it's a replicated object we have nothing to do */ - return ldb_next_request(module, req); - } - /* is user or computer? */ if ((samdb_find_attribute(module->ldb, msg, "objectclass", "user") != NULL) || (samdb_find_attribute(module->ldb, msg, "objectclass", "computer") != NULL)) { -- cgit From 21729fff115046ede3a316028b6a4e95cc7c590b Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sat, 13 Jan 2007 11:37:13 +0000 Subject: r20729: add a version number to struct dsdb_extended_replicated_objects metze (This used to be commit 2e79863d54030526841e5858e7be6a815c25593b) --- source4/dsdb/samdb/ldb_modules/partition.c | 9 ++++++++- source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 7 +++++++ 2 files changed, 15 insertions(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index 31150b5f7b..6ed113857d 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -571,7 +571,14 @@ static int partition_extended_replicated_objects(struct ldb_module *module, stru ext = talloc_get_type(req->op.extended.data, struct dsdb_extended_replicated_objects); if (!ext) { - return LDB_ERR_OTHER; + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "partition_extended_replicated_objects: invalid extended data\n"); + return LDB_ERR_PROTOCOL_ERROR; + } + + if (ext->version != DSDB_EXTENDED_REPLICATED_OBJECTS_VERSION) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "partition_extended_replicated_objects: extended data invalid version [%u != %u]\n", + ext->version, DSDB_EXTENDED_REPLICATED_OBJECTS_VERSION); + return LDB_ERR_PROTOCOL_ERROR; } return partition_replicate(module, req, ext->partition_dn); diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index 53fd46f116..d88ca5f05e 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -1272,6 +1272,13 @@ static int replmd_extended_replicated_objects(struct ldb_module *module, struct objs = talloc_get_type(req->op.extended.data, struct dsdb_extended_replicated_objects); if (!objs) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "replmd_extended_replicated_objects: invalid extended data\n"); + return LDB_ERR_PROTOCOL_ERROR; + } + + if (objs->version != DSDB_EXTENDED_REPLICATED_OBJECTS_VERSION) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "replmd_extended_replicated_objects: extended data invalid version [%u != %u]\n", + objs->version, DSDB_EXTENDED_REPLICATED_OBJECTS_VERSION); return LDB_ERR_PROTOCOL_ERROR; } -- cgit From 1687e73abe84104ea0a3d396878ad30051963b1b Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sun, 14 Jan 2007 13:40:53 +0000 Subject: r20760: also handle the case where no private data is attached to the module metze (This used to be commit c8f5aad40af0741984ded2047931a77161f69ece) --- source4/dsdb/samdb/ldb_modules/kludge_acl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index 7b2150bec8..8876db0482 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -122,7 +122,7 @@ static int kludge_acl_callback(struct ldb_context *ldb, void *context, struct ld data = talloc_get_type(ac->module->private_data, struct kludge_private_data); if (ares->type == LDB_REPLY_ENTRY - && data->password_attrs) /* if we are not initialized just get through */ + && data && data->password_attrs) /* if we are not initialized just get through */ { switch (ac->user_type) { case SYSTEM: -- cgit From ee56bf2317febe3f84428e41b0b9e149aa94dc18 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sun, 14 Jan 2007 13:45:18 +0000 Subject: r20762: load the default dn's after the rootdse module is initialized, so that following module can access the default dn's. metze (This used to be commit a934da4dcfeae49fcfc901a071da2d41507da69b) --- source4/dsdb/samdb/ldb_modules/rootdse.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index 86e97f9cfb..f9a9b52029 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -303,6 +303,8 @@ static int rootdse_init(struct ldb_module *module) data->partitions = NULL; module->private_data = data; + ldb_set_default_dns(module->ldb); + return ldb_next_init(module); } -- cgit From dd4b91f2f49d5b3908f3659d44fd65d5b1216043 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sun, 14 Jan 2007 17:04:15 +0000 Subject: r20771: add an ldb module which will force the Schema FSMO Role Owner constraints and it also loads the dsdb_schema at startup. currently it only loads the dsdb_schema metze (This used to be commit d78de0fb68f8b4ef4c5372f3c3ed171e44cf2037) --- source4/dsdb/samdb/ldb_modules/config.mk | 11 ++ source4/dsdb/samdb/ldb_modules/schema_fsmo.c | 225 +++++++++++++++++++++++++++ 2 files changed, 236 insertions(+) create mode 100644 source4/dsdb/samdb/ldb_modules/schema_fsmo.c (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index a92095f6f2..2c84ee0aef 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -33,6 +33,17 @@ OBJ_FILES = \ # End MODULE ldb_dsdb_cache ################################################ +################################################ +# Start MODULE ldb_schema_fsmo +[MODULE::ldb_schema_fsmo] +SUBSYSTEM = ldb +PRIVATE_DEPENDENCIES = SAMDB LIBTALLOC +INIT_FUNCTION = schema_fsmo_module_init +OBJ_FILES = \ + schema_fsmo.o +# End MODULE ldb_schema_fsmo +################################################ + ################################################ # Start MODULE ldb_samldb [MODULE::ldb_samldb] diff --git a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c new file mode 100644 index 0000000000..1a83e3a9bf --- /dev/null +++ b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c @@ -0,0 +1,225 @@ +/* + Unix SMB/CIFS mplementation. + + The module that handles the Schema FSMO Role Owner + checkings, it also loads the dsdb_schema. + + Copyright (C) Stefan Metzmacher 2007 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + +*/ + +#include "includes.h" +#include "lib/ldb/include/ldb.h" +#include "lib/ldb/include/ldb_errors.h" +#include "lib/ldb/include/ldb_private.h" +#include "dsdb/samdb/samdb.h" +#include "librpc/gen_ndr/ndr_misc.h" +#include "librpc/gen_ndr/ndr_drsuapi.h" +#include "librpc/gen_ndr/ndr_drsblobs.h" +#include "lib/util/dlinklist.h" + +static int schema_fsmo_init(struct ldb_module *module) +{ + WERROR status; + TALLOC_CTX *mem_ctx; + struct ldb_dn *schema_dn; + struct dsdb_schema *schema; + struct ldb_result *schema_res; + const struct ldb_val *prefix_val; + const struct ldb_val *info_val; + struct ldb_result *a_res; + struct ldb_result *c_res; + uint32_t i; + int ret; + static const char *schema_attrs[] = { + "prefixMap", + "schemaInfo", + NULL + }; + + schema_dn = samdb_schema_dn(module->ldb); + if (!schema_dn) { + ldb_debug(module->ldb, LDB_DEBUG_TRACE, + "schema_fsmo_init: no schema dn present: (skip schema loading)"); + return ldb_next_init(module); + } + + mem_ctx = talloc_new(module); + if (!mem_ctx) { + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + schema = talloc_zero(mem_ctx, struct dsdb_schema); + if (!schema) { + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + /* + * setup the prefix mappings and schema info + */ + ret = ldb_search(module->ldb, schema_dn, + LDB_SCOPE_BASE, + NULL, schema_attrs, + &schema_res); + if (ret != LDB_SUCCESS) { + ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, + "schema_fsmo_init: failed to search the schema head: %d:%s", + ret, ldb_strerror(ret)); + talloc_free(mem_ctx); + return ret; + } + talloc_steal(mem_ctx, schema_res); + if (schema_res->count == 0) { + ldb_debug(module->ldb, LDB_DEBUG_TRACE, + "schema_fsmo_init: no schema head present: (skip schema loading)"); + talloc_free(mem_ctx); + return ldb_next_init(module); + } else if (schema_res->count > 1) { + ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, + "schema_fsmo_init: [%u] schema heads found on a base search", + schema_res->count); + talloc_free(mem_ctx); + return LDB_ERR_CONSTRAINT_VIOLATION; + } + + prefix_val = ldb_msg_find_ldb_val(schema_res->msgs[0], "prefixMap"); + if (!prefix_val) { + ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, + "schema_fsmo_init: no prefixMap attribute found"); + talloc_free(mem_ctx); + return LDB_ERR_CONSTRAINT_VIOLATION; + } + info_val = ldb_msg_find_ldb_val(schema_res->msgs[0], "schemaInfo"); + if (!info_val) { + ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, + "schema_fsmo_init: no schemaInfo attribute found"); + talloc_free(mem_ctx); + return LDB_ERR_CONSTRAINT_VIOLATION; + } + + status = dsdb_load_oid_mappings_ldb(schema, prefix_val, info_val); + if (!W_ERROR_IS_OK(status)) { + ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, + "schema_fsmo_init: failed to load oid mappings: %s", + win_errstr(status)); + talloc_free(mem_ctx); + return LDB_ERR_CONSTRAINT_VIOLATION; + } + + /* + * load the attribute definitions + */ + ret = ldb_search(module->ldb, schema_dn, + LDB_SCOPE_ONELEVEL, + "(objectClass=attributeSchema)", NULL, + &a_res); + if (ret != LDB_SUCCESS) { + ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, + "schema_fsmo_init: failed to search attributeSchema objects: %d:%s", + ret, ldb_strerror(ret)); + talloc_free(mem_ctx); + return ret; + } + talloc_steal(mem_ctx, a_res); + + for (i=0; i < a_res->count; i++) { + struct dsdb_attribute *sa; + + sa = talloc_zero(schema, struct dsdb_attribute); + if (!sa) { + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + status = dsdb_attribute_from_ldb(schema, a_res->msgs[i], sa, sa); + if (!W_ERROR_IS_OK(status)) { + ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, + "schema_fsmo_init: failed to load attriute definition: %s:%s", + ldb_dn_get_linearized(a_res->msgs[i]->dn), + win_errstr(status)); + talloc_free(mem_ctx); + return LDB_ERR_CONSTRAINT_VIOLATION; + } + + DLIST_ADD_END(schema->attributes, sa, struct dsdb_attribute *); + } + talloc_free(a_res); + + /* + * load the objectClass definitions + */ + ret = ldb_search(module->ldb, schema_dn, + LDB_SCOPE_ONELEVEL, + "(objectClass=classSchema)", NULL, + &c_res); + if (ret != LDB_SUCCESS) { + ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, + "schema_fsmo_init: failed to search classSchema objects: %d:%s", + ret, ldb_strerror(ret)); + talloc_free(mem_ctx); + return ret; + } + talloc_steal(mem_ctx, c_res); + + for (i=0; i < c_res->count; i++) { + struct dsdb_class *sc; + + sc = talloc_zero(schema, struct dsdb_class); + if (!sc) { + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + status = dsdb_class_from_ldb(schema, c_res->msgs[i], sc, sc); + if (!W_ERROR_IS_OK(status)) { + ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, + "schema_fsmo_init: failed to load class definition: %s:%s", + ldb_dn_get_linearized(c_res->msgs[i]->dn), + win_errstr(status)); + talloc_free(mem_ctx); + return LDB_ERR_CONSTRAINT_VIOLATION; + } + + DLIST_ADD_END(schema->classes, sc, struct dsdb_class *); + } + talloc_free(c_res); + + ret = dsdb_set_schema(module->ldb, schema); + if (ret != LDB_SUCCESS) { + ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, + "schema_fsmo_init: dsdb_set_schema() failed: %d:%s", + ret, ldb_strerror(ret)); + talloc_free(mem_ctx); + return ret; + } + + talloc_steal(module, schema); + talloc_free(mem_ctx); + return ldb_next_init(module); +} + +static const struct ldb_module_ops schema_fsmo_ops = { + .name = "schema_fsmo", + .init_context = schema_fsmo_init +}; + +int schema_fsmo_module_init(void) +{ + return ldb_register_module(&schema_fsmo_ops); +} -- cgit From 47523dbc6a03498b362f08897c260f7cdebe271b Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sun, 14 Jan 2007 18:19:26 +0000 Subject: r20776: require a loaded dsdb_schema for originating add and modify operations (later we'll require it for all originating changes...) metze (This used to be commit fc1a836eccc0913fdab644341fa3e37a2f086de8) --- source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 32 ++++++++++++++++++++----- 1 file changed, 26 insertions(+), 6 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index d88ca5f05e..c91fcb2f40 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -168,7 +168,9 @@ static int add_uint64_element(struct ldb_message *msg, const char *attr, uint64_ return 0; } -static int replmd_add_originating(struct ldb_module *module, struct ldb_request *req) +static int replmd_add_originating(struct ldb_module *module, + struct ldb_request *req, + const struct dsdb_schema *schema) { struct ldb_request *down_req; struct ldb_message_element *attribute; @@ -248,15 +250,25 @@ static int replmd_add_originating(struct ldb_module *module, struct ldb_request static int replmd_add(struct ldb_module *module, struct ldb_request *req) { + const struct dsdb_schema *schema; + /* do not manipulate our control entries */ if (ldb_dn_is_special(req->op.add.message->dn)) { return ldb_next_request(module, req); } - return replmd_add_originating(module, req); + schema = dsdb_get_schema(module->ldb); + if (!schema) { + ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, "replmd_add: no dsdb_schema loaded"); + return LDB_ERR_CONSTRAINT_VIOLATION; + } + + return replmd_add_originating(module, req, schema); } -static int replmd_modify_originating(struct ldb_module *module, struct ldb_request *req) +static int replmd_modify_originating(struct ldb_module *module, + struct ldb_request *req, + const struct dsdb_schema *schema) { struct ldb_request *down_req; struct ldb_message *msg; @@ -310,12 +322,20 @@ static int replmd_modify_originating(struct ldb_module *module, struct ldb_reque static int replmd_modify(struct ldb_module *module, struct ldb_request *req) { + const struct dsdb_schema *schema; + /* do not manipulate our control entries */ if (ldb_dn_is_special(req->op.mod.message->dn)) { return ldb_next_request(module, req); } - return replmd_modify_originating(module, req); + schema = dsdb_get_schema(module->ldb); + if (!schema) { + ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, "replmd_modify: no dsdb_schema loaded"); + return LDB_ERR_CONSTRAINT_VIOLATION; + } + + return replmd_modify_originating(module, req, schema); } static int replmd_replicated_request_reply_helper(struct replmd_replicated_request *ar, int ret) @@ -553,8 +573,8 @@ static int replmd_replicated_apply_merge(struct replmd_replicated_request *ar) * TODO: add rename conflict handling */ if (ldb_dn_compare(msg->dn, ar->sub.search_msg->dn) != 0) { - ldb_debug(ar->module->ldb, LDB_DEBUG_FATAL, "replmd_replicated_apply_merge[%u]: rename not supported", - ar->index_current); + ldb_debug_set(ar->module->ldb, LDB_DEBUG_FATAL, "replmd_replicated_apply_merge[%u]: rename not supported", + ar->index_current); ldb_debug(ar->module->ldb, LDB_DEBUG_FATAL, "%s => %s\n", ldb_dn_get_linearized(ar->sub.search_msg->dn), ldb_dn_get_linearized(msg->dn)); -- cgit From 2fe86d1e427d333741dae2f83c2bb23f629eec2e Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sun, 14 Jan 2007 18:54:42 +0000 Subject: r20778: we don't need a talloc_steal here metze (This used to be commit 0ef90769b49b93cb57e9a1ba2aea280ec70ae151) --- source4/dsdb/samdb/ldb_modules/schema_fsmo.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c index 1a83e3a9bf..9faed9a5ac 100644 --- a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c +++ b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c @@ -200,6 +200,7 @@ static int schema_fsmo_init(struct ldb_module *module) } talloc_free(c_res); + /* dsdb_set_schema() steal schema into the ldb_context */ ret = dsdb_set_schema(module->ldb, schema); if (ret != LDB_SUCCESS) { ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, @@ -209,7 +210,6 @@ static int schema_fsmo_init(struct ldb_module *module) return ret; } - talloc_steal(module, schema); talloc_free(mem_ctx); return ldb_next_init(module); } -- cgit From b15f4878e194bc47ec08ab54e74ebeb5fa9aae6c Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sun, 14 Jan 2007 19:08:14 +0000 Subject: r20780: keep a dsdb_schema_fsmo struct as private data and remember if we're the schema master metze (This used to be commit c42dab21fb275ca36a517f97922af21447671785) --- source4/dsdb/samdb/ldb_modules/schema_fsmo.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c index 9faed9a5ac..33a7539b39 100644 --- a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c +++ b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c @@ -32,13 +32,19 @@ #include "librpc/gen_ndr/ndr_drsblobs.h" #include "lib/util/dlinklist.h" +struct dsdb_schema_fsmo { + bool we_are_master; +}; + static int schema_fsmo_init(struct ldb_module *module) { WERROR status; TALLOC_CTX *mem_ctx; struct ldb_dn *schema_dn; struct dsdb_schema *schema; + struct dsdb_schema_fsmo *schema_fsmo; struct ldb_result *schema_res; + struct ldb_dn *schema_master_dn; const struct ldb_val *prefix_val; const struct ldb_val *info_val; struct ldb_result *a_res; @@ -48,6 +54,7 @@ static int schema_fsmo_init(struct ldb_module *module) static const char *schema_attrs[] = { "prefixMap", "schemaInfo", + "fSMORoleOwner", NULL }; @@ -64,6 +71,13 @@ static int schema_fsmo_init(struct ldb_module *module) return LDB_ERR_OPERATIONS_ERROR; } + schema_fsmo = talloc_zero(mem_ctx, struct dsdb_schema_fsmo); + if (!schema_fsmo) { + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + module->private_data = schema_fsmo; + schema = talloc_zero(mem_ctx, struct dsdb_schema); if (!schema) { ldb_oom(module->ldb); @@ -210,6 +224,13 @@ static int schema_fsmo_init(struct ldb_module *module) return ret; } + schema_master_dn = ldb_msg_find_attr_as_dn(module->ldb, mem_ctx, schema_res->msgs[0], "fSMORoleOwner"); + if (ldb_dn_compare(samdb_ntds_settings_dn(module->ldb), schema_master_dn) == 0) { + schema_fsmo->we_are_master = true; + } else { + schema_fsmo->we_are_master = false; + } + talloc_free(mem_ctx); return ldb_next_init(module); } -- cgit From 842e2804d8ab4b3bf0ee9d719204c66464a570ae Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 15 Jan 2007 17:53:53 +0000 Subject: r20809: rename struct partition into struct dsdb_control_current_partition we'll soon pass this down as DSDB_CONTROL_CURRENT_PARTITION_OID control so that the repl_meta_data module knows where to update the replUpToDateVector attribute metze (This used to be commit e5de40f8c2377d6dce54109a8d8bf9c6b681b813) --- source4/dsdb/samdb/ldb_modules/partition.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index 6ed113857d..c05fc215dc 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -38,13 +38,13 @@ #include "ldb/include/includes.h" #include "dsdb/samdb/samdb.h" -struct partition { +struct dsdb_control_current_partition { struct ldb_module *module; const char *backend; struct ldb_dn *dn; }; struct partition_private_data { - struct partition **partitions; + struct dsdb_control_current_partition **partitions; struct ldb_dn **replicate; }; @@ -609,10 +609,12 @@ static int partition_extended(struct ldb_module *module, struct ldb_request *req static int sort_compare(void *void1, void *void2, void *opaque) { - struct partition **pp1 = void1; - struct partition **pp2 = void2; - struct partition *partition1 = talloc_get_type(*pp1, struct partition); - struct partition *partition2 = talloc_get_type(*pp2, struct partition); + struct dsdb_control_current_partition **pp1 = void1; + struct dsdb_control_current_partition **pp2 = void2; + struct dsdb_control_current_partition *partition1 = talloc_get_type(*pp1, + struct dsdb_control_current_partition); + struct dsdb_control_current_partition *partition2 = talloc_get_type(*pp2, + struct dsdb_control_current_partition); return ldb_dn_compare(partition1->dn, partition2->dn); } @@ -666,7 +668,7 @@ static int partition_init(struct ldb_module *module) talloc_free(mem_ctx); return LDB_ERR_CONSTRAINT_VIOLATION; } - data->partitions = talloc_array(data, struct partition *, partition_attributes->num_values + 1); + data->partitions = talloc_array(data, struct dsdb_control_current_partition *, partition_attributes->num_values + 1); if (!data->partitions) { talloc_free(mem_ctx); return LDB_ERR_OPERATIONS_ERROR; @@ -690,7 +692,7 @@ static int partition_init(struct ldb_module *module) talloc_free(mem_ctx); return LDB_ERR_CONSTRAINT_VIOLATION; } - data->partitions[i] = talloc(data->partitions, struct partition); + data->partitions[i] = talloc(data->partitions, struct dsdb_control_current_partition); if (!data->partitions[i]) { talloc_free(mem_ctx); return LDB_ERR_OPERATIONS_ERROR; @@ -771,7 +773,7 @@ static int partition_init(struct ldb_module *module) for (i=0; i < modules_attributes->num_values; i++) { struct ldb_dn *base_dn; int partition_idx; - struct partition *partition = NULL; + struct dsdb_control_current_partition *partition = NULL; const char **modules = NULL; char *base = talloc_strdup(data->partitions, (char *)modules_attributes->values[i].data); -- cgit From 21206f36c6f59fe5f31ecf531013ae8fee60ea63 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 16 Jan 2007 10:57:55 +0000 Subject: r20826: make the dsdb_control_current_partition struct public and allocate an oid for the control metze (This used to be commit 684eee52e8812f6d104d8706ab059643ff4faa46) --- source4/dsdb/samdb/ldb_modules/partition.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index c05fc215dc..a7456c48f1 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -38,11 +38,6 @@ #include "ldb/include/includes.h" #include "dsdb/samdb/samdb.h" -struct dsdb_control_current_partition { - struct ldb_module *module; - const char *backend; - struct ldb_dn *dn; -}; struct partition_private_data { struct dsdb_control_current_partition **partitions; struct ldb_dn **replicate; @@ -697,6 +692,7 @@ static int partition_init(struct ldb_module *module) talloc_free(mem_ctx); return LDB_ERR_OPERATIONS_ERROR; } + data->partitions[i]->version = DSDB_CONTROL_CURRENT_PARTITION_VERSION; data->partitions[i]->dn = ldb_dn_new(data->partitions[i], module->ldb, base); if (!data->partitions[i]->dn) { -- cgit From 7730ff44afea09f8765f8efdb7a4e5ad61f19ff4 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 17 Jan 2007 13:46:16 +0000 Subject: r20847: - split some code out into a new function find_partition() - make all functions static metze (This used to be commit 3d313f08c7d6b201011f3b4744c8e54b1d0640c7) --- source4/dsdb/samdb/ldb_modules/partition.c | 35 +++++++++++++++++++++++------- 1 file changed, 27 insertions(+), 8 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index a7456c48f1..8a497411df 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -84,9 +84,9 @@ static struct partition_context *partition_init_handle(struct ldb_request *req, return ac; } -struct ldb_module *make_module_for_next_request(TALLOC_CTX *mem_ctx, - struct ldb_context *ldb, - struct ldb_module *module) +static struct ldb_module *make_module_for_next_request(TALLOC_CTX *mem_ctx, + struct ldb_context *ldb, + struct ldb_module *module) { struct ldb_module *current; static const struct ldb_module_ops ops; /* zero */ @@ -102,21 +102,40 @@ struct ldb_module *make_module_for_next_request(TALLOC_CTX *mem_ctx, return current; } -struct ldb_module *find_backend(struct ldb_module *module, struct ldb_request *req, struct ldb_dn *dn) +static struct dsdb_control_current_partition *find_partition(struct partition_private_data *data, + struct ldb_dn *dn) { int i; - struct partition_private_data *data = talloc_get_type(module->private_data, - struct partition_private_data); + /* Look at base DN */ /* Figure out which partition it is under */ /* Skip the lot if 'data' isn't here yet (initialistion) */ for (i=0; data && data->partitions && data->partitions[i]; i++) { if (ldb_dn_compare_base(data->partitions[i]->dn, dn) == 0) { - return make_module_for_next_request(req, module->ldb, data->partitions[i]->module); + return data->partitions[i]; } } - return module; + return NULL; +}; + +static struct ldb_module *find_backend(struct ldb_module *module, struct ldb_request *req, struct ldb_dn *dn) +{ + struct dsdb_control_current_partition *partition; + struct partition_private_data *data = talloc_get_type(module->private_data, + struct partition_private_data); + + /* Skip the lot if 'data' isn't here yet (initialistion) */ + if (!data) { + return module; + } + + partition = find_partition(data, dn); + if (!partition) { + return module; + } + + return make_module_for_next_request(req, module->ldb, partition->module); }; -- cgit From a35a071fc95823cea74fdd3cb1858df4d7104901 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 17 Jan 2007 14:19:06 +0000 Subject: r20849: first step to move away from using find_backend() and use find_partition() instead metze (This used to be commit 0d75cca6f37975a3855973468dc55520cb3b3fb7) --- source4/dsdb/samdb/ldb_modules/partition.c | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index 8a497411df..5ac954d65b 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -138,7 +138,6 @@ static struct ldb_module *find_backend(struct ldb_module *module, struct ldb_req return make_module_for_next_request(req, module->ldb, partition->module); }; - /* fire the caller's callback for every entry, but only send 'done' once. */ @@ -274,6 +273,7 @@ static int partition_send_all(struct ldb_module *module, static int partition_replicate(struct ldb_module *module, struct ldb_request *req, struct ldb_dn *dn) { int i; + struct dsdb_control_current_partition *partition; struct ldb_module *backend; struct partition_private_data *data = talloc_get_type(module->private_data, struct partition_private_data); @@ -293,11 +293,26 @@ static int partition_replicate(struct ldb_module *module, struct ldb_request *re } } - /* Otherwise, we need to find the backend to fire it to */ + /* Otherwise, we need to find the partition to fire it to */ + + /* Find partition */ + partition = find_partition(data, dn); + if (!partition) { + /* + * if we haven't found a matching partition + * pass the request to the main ldb + * + * TODO: we should maybe return an error here + * if it's not a special dn + */ + return ldb_next_request(module, req); + } + + backend = make_module_for_next_request(req, module->ldb, partition->module); + if (!backend) { + return LDB_ERR_OPERATIONS_ERROR; + } - /* Find backend */ - backend = find_backend(module, req, dn); - /* issue request */ return ldb_next_request(backend, req); -- cgit From f58e49ade829067064602cd8d143c7223f75057e Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 17 Jan 2007 16:11:46 +0000 Subject: r20853: attach the DSDB_CONTROL_CURRENT_PARTITION_OID control when requests are passed to a specific partition metze (This used to be commit 06a46b1db46251989676fb04548f038930c83eb5) --- source4/dsdb/samdb/ldb_modules/partition.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index 5ac954d65b..9a0dd9ca0a 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -272,7 +272,8 @@ static int partition_send_all(struct ldb_module *module, * requests must be replicated to all backends */ static int partition_replicate(struct ldb_module *module, struct ldb_request *req, struct ldb_dn *dn) { - int i; + unsigned i; + int ret; struct dsdb_control_current_partition *partition; struct ldb_module *backend; struct partition_private_data *data = talloc_get_type(module->private_data, @@ -313,9 +314,13 @@ static int partition_replicate(struct ldb_module *module, struct ldb_request *re return LDB_ERR_OPERATIONS_ERROR; } + ret = ldb_request_add_control(req, DSDB_CONTROL_CURRENT_PARTITION_OID, false, partition); + if (ret != LDB_SUCCESS) { + return ret; + } + /* issue request */ return ldb_next_request(backend, req); - } /* search */ -- cgit From 1500cd79d97b623816e6e13ea8da4e1ed194fdad Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 17 Jan 2007 16:55:37 +0000 Subject: r20855: pass the DSDB_CONTROL_CURRENT_PARTITION_OID control also for the send_all case metze (This used to be commit b3fce383d3824ee418cbb7343f5d06720f5d31df) --- source4/dsdb/samdb/ldb_modules/partition.c | 37 ++++++++++++++++++++++-------- 1 file changed, 27 insertions(+), 10 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index 9a0dd9ca0a..b23ceebf1b 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -204,12 +204,18 @@ error: } -static int partition_send_request(struct partition_context *ac, struct ldb_module *partition, - struct ldb_dn *partition_base_dn) +static int partition_send_request(struct partition_context *ac, struct dsdb_control_current_partition *partition) { int ret; - struct ldb_module *next = make_module_for_next_request(ac->module, ac->module->ldb, partition); + struct ldb_module *backend; struct ldb_request *req; + + if (partition) { + backend = make_module_for_next_request(ac, ac->module->ldb, partition->module); + } else { + backend = ac->module; + } + ac->down_req = talloc_realloc(ac, ac->down_req, struct ldb_request *, ac->num_requests + 1); if (!ac->down_req) { @@ -228,8 +234,12 @@ static int partition_send_request(struct partition_context *ac, struct ldb_modul /* If the search is for 'more' than this partition, * then change the basedn, so a remote LDAP server * doesn't object */ - if (ldb_dn_compare_base(partition_base_dn, req->op.search.base) != 0) { - req->op.search.base = partition_base_dn; + if (partition) { + if (ldb_dn_compare_base(partition->dn, req->op.search.base) != 0) { + req->op.search.base = partition->dn; + } + } else { + req->op.search.base = NULL; } req->callback = partition_search_callback; req->context = ac; @@ -238,12 +248,19 @@ static int partition_send_request(struct partition_context *ac, struct ldb_modul req->context = ac; } + if (partition) { + ret = ldb_request_add_control(req, DSDB_CONTROL_CURRENT_PARTITION_OID, false, partition); + if (ret != LDB_SUCCESS) { + return ret; + } + } + /* Spray off search requests to all backends */ - ret = ldb_next_request(next, req); + ret = ldb_next_request(backend, req); if (ret != LDB_SUCCESS) { return ret; } - + ac->num_requests++; return LDB_SUCCESS; } @@ -255,12 +272,12 @@ static int partition_send_all(struct ldb_module *module, int i; struct partition_private_data *data = talloc_get_type(module->private_data, struct partition_private_data); - int ret = partition_send_request(ac, module->next, NULL); + int ret = partition_send_request(ac, NULL); if (ret != LDB_SUCCESS) { return ret; } for (i=0; data && data->partitions && data->partitions[i]; i++) { - ret = partition_send_request(ac, data->partitions[i]->module, data->partitions[i]->dn); + ret = partition_send_request(ac, data->partitions[i]); if (ret != LDB_SUCCESS) { return ret; } @@ -349,7 +366,7 @@ static int partition_search(struct ldb_module *module, struct ldb_request *req) for (i=0; data && data->partitions && data->partitions[i]; i++) { /* Find all partitions under the search base */ if (ldb_dn_compare_base(req->op.search.base, data->partitions[i]->dn) == 0) { - ret = partition_send_request(ac, data->partitions[i]->module, data->partitions[i]->dn); + ret = partition_send_request(ac, data->partitions[i]); if (ret != LDB_SUCCESS) { return ret; } -- cgit From 2a7cbb2c53c14e3bb4a22c12594ca262806d78d0 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 17 Jan 2007 19:45:17 +0000 Subject: r20863: check that there's a current partition control attached to the request metze (This used to be commit b1377a2e240dbe36277816452d33d6abaa486b9e) --- source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 71 ++++++++++++++++++++++--- 1 file changed, 65 insertions(+), 6 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index c91fcb2f40..b91d5e3db2 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -170,7 +170,8 @@ static int add_uint64_element(struct ldb_message *msg, const char *attr, uint64_ static int replmd_add_originating(struct ldb_module *module, struct ldb_request *req, - const struct dsdb_schema *schema) + const struct dsdb_schema *schema, + const struct dsdb_control_current_partition *partition) { struct ldb_request *down_req; struct ldb_message_element *attribute; @@ -251,6 +252,8 @@ static int replmd_add_originating(struct ldb_module *module, static int replmd_add(struct ldb_module *module, struct ldb_request *req) { const struct dsdb_schema *schema; + const struct ldb_control *partition_ctrl; + const struct dsdb_control_current_partition *partition; /* do not manipulate our control entries */ if (ldb_dn_is_special(req->op.add.message->dn)) { @@ -259,16 +262,40 @@ static int replmd_add(struct ldb_module *module, struct ldb_request *req) schema = dsdb_get_schema(module->ldb); if (!schema) { - ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, "replmd_add: no dsdb_schema loaded"); + ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, + "replmd_add: no dsdb_schema loaded"); return LDB_ERR_CONSTRAINT_VIOLATION; } - return replmd_add_originating(module, req, schema); + partition_ctrl = get_control_from_list(req->controls, DSDB_CONTROL_CURRENT_PARTITION_OID); + if (!partition_ctrl) { + ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, + "replmd_add: no current partition control found"); + return LDB_ERR_CONSTRAINT_VIOLATION; + } + + partition = talloc_get_type(partition_ctrl->data, + struct dsdb_control_current_partition); + if (!partition) { + ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, + "replmd_add: current partition control contains invalid data"); + return LDB_ERR_CONSTRAINT_VIOLATION; + } + + if (partition->version != DSDB_CONTROL_CURRENT_PARTITION_VERSION) { + ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, + "replmd_add: current partition control contains invalid version [%u != %u]\n", + partition->version, DSDB_CONTROL_CURRENT_PARTITION_VERSION); + return LDB_ERR_CONSTRAINT_VIOLATION; + } + + return replmd_add_originating(module, req, schema, partition); } static int replmd_modify_originating(struct ldb_module *module, struct ldb_request *req, - const struct dsdb_schema *schema) + const struct dsdb_schema *schema, + const struct dsdb_control_current_partition *partition) { struct ldb_request *down_req; struct ldb_message *msg; @@ -323,6 +350,8 @@ static int replmd_modify_originating(struct ldb_module *module, static int replmd_modify(struct ldb_module *module, struct ldb_request *req) { const struct dsdb_schema *schema; + const struct ldb_control *partition_ctrl; + const struct dsdb_control_current_partition *partition; /* do not manipulate our control entries */ if (ldb_dn_is_special(req->op.mod.message->dn)) { @@ -331,11 +360,41 @@ static int replmd_modify(struct ldb_module *module, struct ldb_request *req) schema = dsdb_get_schema(module->ldb); if (!schema) { - ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, "replmd_modify: no dsdb_schema loaded"); + ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, + "replmd_modify: no dsdb_schema loaded"); + return LDB_ERR_CONSTRAINT_VIOLATION; + } + + schema = dsdb_get_schema(module->ldb); + if (!schema) { + ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, + "replmd_modify: no dsdb_schema loaded"); + return LDB_ERR_CONSTRAINT_VIOLATION; + } + + partition_ctrl = get_control_from_list(req->controls, DSDB_CONTROL_CURRENT_PARTITION_OID); + if (!partition_ctrl) { + ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, + "replmd_modify: no current partition control found"); + return LDB_ERR_CONSTRAINT_VIOLATION; + } + + partition = talloc_get_type(partition_ctrl->data, + struct dsdb_control_current_partition); + if (!partition) { + ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, + "replmd_modify: current partition control contains invalid data"); + return LDB_ERR_CONSTRAINT_VIOLATION; + } + + if (partition->version != DSDB_CONTROL_CURRENT_PARTITION_VERSION) { + ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, + "replmd_modify: current partition control contains invalid version [%u != %u]\n", + partition->version, DSDB_CONTROL_CURRENT_PARTITION_VERSION); return LDB_ERR_CONSTRAINT_VIOLATION; } - return replmd_modify_originating(module, req, schema); + return replmd_modify_originating(module, req, schema, partition); } static int replmd_replicated_request_reply_helper(struct replmd_replicated_request *ar, int ret) -- cgit From bd46898e69ff9431eb164f4d5fa3caec99e2bb4a Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 17 Jan 2007 22:21:25 +0000 Subject: r20864: move common stuff into an extra function metze (This used to be commit 3f441741a6ff00ba88d3134c97e597285afbfed7) --- source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 147 ++++++++++-------------- 1 file changed, 62 insertions(+), 85 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index b91d5e3db2..7469cadaa8 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -168,6 +168,64 @@ static int add_uint64_element(struct ldb_message *msg, const char *attr, uint64_ return 0; } +static int replmd_prepare_originating(struct ldb_module *module, struct ldb_request *req, + struct ldb_dn *dn, const char *fn_name, + int (*fn)(struct ldb_module *, + struct ldb_request *, + const struct dsdb_schema *, + const struct dsdb_control_current_partition *)) +{ + const struct dsdb_schema *schema; + const struct ldb_control *partition_ctrl; + const struct dsdb_control_current_partition *partition; + + /* do not manipulate our control entries */ + if (ldb_dn_is_special(dn)) { + return ldb_next_request(module, req); + } + + schema = dsdb_get_schema(module->ldb); + if (!schema) { + ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, + "replmd_modify: no dsdb_schema loaded"); + return LDB_ERR_CONSTRAINT_VIOLATION; + } + + schema = dsdb_get_schema(module->ldb); + if (!schema) { + ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, + "%s: no dsdb_schema loaded", + fn_name); + return LDB_ERR_CONSTRAINT_VIOLATION; + } + + partition_ctrl = get_control_from_list(req->controls, DSDB_CONTROL_CURRENT_PARTITION_OID); + if (!partition_ctrl) { + ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, + "%s: no current partition control found", + fn_name); + return LDB_ERR_CONSTRAINT_VIOLATION; + } + + partition = talloc_get_type(partition_ctrl->data, + struct dsdb_control_current_partition); + if (!partition) { + ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, + "%s: current partition control contains invalid data", + fn_name); + return LDB_ERR_CONSTRAINT_VIOLATION; + } + + if (partition->version != DSDB_CONTROL_CURRENT_PARTITION_VERSION) { + ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, + "%s: current partition control contains invalid version [%u != %u]\n", + fn_name, partition->version, DSDB_CONTROL_CURRENT_PARTITION_VERSION); + return LDB_ERR_CONSTRAINT_VIOLATION; + } + + return fn(module, req, schema, partition); +} + static int replmd_add_originating(struct ldb_module *module, struct ldb_request *req, const struct dsdb_schema *schema, @@ -251,45 +309,8 @@ static int replmd_add_originating(struct ldb_module *module, static int replmd_add(struct ldb_module *module, struct ldb_request *req) { - const struct dsdb_schema *schema; - const struct ldb_control *partition_ctrl; - const struct dsdb_control_current_partition *partition; - - /* do not manipulate our control entries */ - if (ldb_dn_is_special(req->op.add.message->dn)) { - return ldb_next_request(module, req); - } - - schema = dsdb_get_schema(module->ldb); - if (!schema) { - ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, - "replmd_add: no dsdb_schema loaded"); - return LDB_ERR_CONSTRAINT_VIOLATION; - } - - partition_ctrl = get_control_from_list(req->controls, DSDB_CONTROL_CURRENT_PARTITION_OID); - if (!partition_ctrl) { - ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, - "replmd_add: no current partition control found"); - return LDB_ERR_CONSTRAINT_VIOLATION; - } - - partition = talloc_get_type(partition_ctrl->data, - struct dsdb_control_current_partition); - if (!partition) { - ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, - "replmd_add: current partition control contains invalid data"); - return LDB_ERR_CONSTRAINT_VIOLATION; - } - - if (partition->version != DSDB_CONTROL_CURRENT_PARTITION_VERSION) { - ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, - "replmd_add: current partition control contains invalid version [%u != %u]\n", - partition->version, DSDB_CONTROL_CURRENT_PARTITION_VERSION); - return LDB_ERR_CONSTRAINT_VIOLATION; - } - - return replmd_add_originating(module, req, schema, partition); + return replmd_prepare_originating(module, req, req->op.add.message->dn, + "replmd_add", replmd_add_originating); } static int replmd_modify_originating(struct ldb_module *module, @@ -349,52 +370,8 @@ static int replmd_modify_originating(struct ldb_module *module, static int replmd_modify(struct ldb_module *module, struct ldb_request *req) { - const struct dsdb_schema *schema; - const struct ldb_control *partition_ctrl; - const struct dsdb_control_current_partition *partition; - - /* do not manipulate our control entries */ - if (ldb_dn_is_special(req->op.mod.message->dn)) { - return ldb_next_request(module, req); - } - - schema = dsdb_get_schema(module->ldb); - if (!schema) { - ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, - "replmd_modify: no dsdb_schema loaded"); - return LDB_ERR_CONSTRAINT_VIOLATION; - } - - schema = dsdb_get_schema(module->ldb); - if (!schema) { - ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, - "replmd_modify: no dsdb_schema loaded"); - return LDB_ERR_CONSTRAINT_VIOLATION; - } - - partition_ctrl = get_control_from_list(req->controls, DSDB_CONTROL_CURRENT_PARTITION_OID); - if (!partition_ctrl) { - ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, - "replmd_modify: no current partition control found"); - return LDB_ERR_CONSTRAINT_VIOLATION; - } - - partition = talloc_get_type(partition_ctrl->data, - struct dsdb_control_current_partition); - if (!partition) { - ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, - "replmd_modify: current partition control contains invalid data"); - return LDB_ERR_CONSTRAINT_VIOLATION; - } - - if (partition->version != DSDB_CONTROL_CURRENT_PARTITION_VERSION) { - ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, - "replmd_modify: current partition control contains invalid version [%u != %u]\n", - partition->version, DSDB_CONTROL_CURRENT_PARTITION_VERSION); - return LDB_ERR_CONSTRAINT_VIOLATION; - } - - return replmd_modify_originating(module, req, schema, partition); + return replmd_prepare_originating(module, req, req->op.mod.message->dn, + "replmd_modify", replmd_modify_originating); } static int replmd_replicated_request_reply_helper(struct replmd_replicated_request *ar, int ret) -- cgit From aa2439da359e966df819f5c142c9b1093420db70 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 17 Jan 2007 23:56:01 +0000 Subject: r20866: - fix debug messages missing new lines - use LDB_DEBUG_WARNING in some places - debug if we're the schema master metze (This used to be commit 63f46344437002202990bd34fb200d847fcfcf40) --- source4/dsdb/samdb/ldb_modules/schema_fsmo.c | 32 ++++++++++++++++------------ 1 file changed, 18 insertions(+), 14 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c index 33a7539b39..c692b983dd 100644 --- a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c +++ b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c @@ -60,8 +60,8 @@ static int schema_fsmo_init(struct ldb_module *module) schema_dn = samdb_schema_dn(module->ldb); if (!schema_dn) { - ldb_debug(module->ldb, LDB_DEBUG_TRACE, - "schema_fsmo_init: no schema dn present: (skip schema loading)"); + ldb_debug(module->ldb, LDB_DEBUG_WARNING, + "schema_fsmo_init: no schema dn present: (skip schema loading)\n"); return ldb_next_init(module); } @@ -93,20 +93,20 @@ static int schema_fsmo_init(struct ldb_module *module) &schema_res); if (ret != LDB_SUCCESS) { ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, - "schema_fsmo_init: failed to search the schema head: %d:%s", + "schema_fsmo_init: failed to search the schema head: %d:%s\n", ret, ldb_strerror(ret)); talloc_free(mem_ctx); return ret; } talloc_steal(mem_ctx, schema_res); if (schema_res->count == 0) { - ldb_debug(module->ldb, LDB_DEBUG_TRACE, - "schema_fsmo_init: no schema head present: (skip schema loading)"); + ldb_debug(module->ldb, LDB_DEBUG_WARNING, + "schema_fsmo_init: no schema head present: (skip schema loading)\n"); talloc_free(mem_ctx); return ldb_next_init(module); } else if (schema_res->count > 1) { ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, - "schema_fsmo_init: [%u] schema heads found on a base search", + "schema_fsmo_init: [%u] schema heads found on a base search\n", schema_res->count); talloc_free(mem_ctx); return LDB_ERR_CONSTRAINT_VIOLATION; @@ -115,14 +115,14 @@ static int schema_fsmo_init(struct ldb_module *module) prefix_val = ldb_msg_find_ldb_val(schema_res->msgs[0], "prefixMap"); if (!prefix_val) { ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, - "schema_fsmo_init: no prefixMap attribute found"); + "schema_fsmo_init: no prefixMap attribute found\n"); talloc_free(mem_ctx); return LDB_ERR_CONSTRAINT_VIOLATION; } info_val = ldb_msg_find_ldb_val(schema_res->msgs[0], "schemaInfo"); if (!info_val) { ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, - "schema_fsmo_init: no schemaInfo attribute found"); + "schema_fsmo_init: no schemaInfo attribute found\n"); talloc_free(mem_ctx); return LDB_ERR_CONSTRAINT_VIOLATION; } @@ -130,7 +130,7 @@ static int schema_fsmo_init(struct ldb_module *module) status = dsdb_load_oid_mappings_ldb(schema, prefix_val, info_val); if (!W_ERROR_IS_OK(status)) { ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, - "schema_fsmo_init: failed to load oid mappings: %s", + "schema_fsmo_init: failed to load oid mappings: %s\n", win_errstr(status)); talloc_free(mem_ctx); return LDB_ERR_CONSTRAINT_VIOLATION; @@ -145,7 +145,7 @@ static int schema_fsmo_init(struct ldb_module *module) &a_res); if (ret != LDB_SUCCESS) { ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, - "schema_fsmo_init: failed to search attributeSchema objects: %d:%s", + "schema_fsmo_init: failed to search attributeSchema objects: %d:%s\n", ret, ldb_strerror(ret)); talloc_free(mem_ctx); return ret; @@ -164,7 +164,7 @@ static int schema_fsmo_init(struct ldb_module *module) status = dsdb_attribute_from_ldb(schema, a_res->msgs[i], sa, sa); if (!W_ERROR_IS_OK(status)) { ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, - "schema_fsmo_init: failed to load attriute definition: %s:%s", + "schema_fsmo_init: failed to load attriute definition: %s:%s\n", ldb_dn_get_linearized(a_res->msgs[i]->dn), win_errstr(status)); talloc_free(mem_ctx); @@ -184,7 +184,7 @@ static int schema_fsmo_init(struct ldb_module *module) &c_res); if (ret != LDB_SUCCESS) { ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, - "schema_fsmo_init: failed to search classSchema objects: %d:%s", + "schema_fsmo_init: failed to search classSchema objects: %d:%s\n", ret, ldb_strerror(ret)); talloc_free(mem_ctx); return ret; @@ -203,7 +203,7 @@ static int schema_fsmo_init(struct ldb_module *module) status = dsdb_class_from_ldb(schema, c_res->msgs[i], sc, sc); if (!W_ERROR_IS_OK(status)) { ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, - "schema_fsmo_init: failed to load class definition: %s:%s", + "schema_fsmo_init: failed to load class definition: %s:%s\n", ldb_dn_get_linearized(c_res->msgs[i]->dn), win_errstr(status)); talloc_free(mem_ctx); @@ -218,7 +218,7 @@ static int schema_fsmo_init(struct ldb_module *module) ret = dsdb_set_schema(module->ldb, schema); if (ret != LDB_SUCCESS) { ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, - "schema_fsmo_init: dsdb_set_schema() failed: %d:%s", + "schema_fsmo_init: dsdb_set_schema() failed: %d:%s\n", ret, ldb_strerror(ret)); talloc_free(mem_ctx); return ret; @@ -231,6 +231,10 @@ static int schema_fsmo_init(struct ldb_module *module) schema_fsmo->we_are_master = false; } + ldb_debug(module->ldb, LDB_DEBUG_TRACE, + "schema_fsmo_init: we are master: %s\n", + (schema_fsmo->we_are_master?"yes":"no")); + talloc_free(mem_ctx); return ldb_next_init(module); } -- cgit From cc6c3eb38c267c7a1f0087bcfdccc01e2164134f Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 17 Jan 2007 23:58:14 +0000 Subject: r20867: add modules to handle the domain naming and the pdc FSMO Roles metze (This used to be commit 341fae8e8465e67023ab0e82110835669a593577) --- source4/dsdb/samdb/ldb_modules/config.mk | 22 +++++ source4/dsdb/samdb/ldb_modules/naming_fsmo.c | 121 +++++++++++++++++++++++++++ source4/dsdb/samdb/ldb_modules/pdc_fsmo.c | 120 ++++++++++++++++++++++++++ 3 files changed, 263 insertions(+) create mode 100644 source4/dsdb/samdb/ldb_modules/naming_fsmo.c create mode 100644 source4/dsdb/samdb/ldb_modules/pdc_fsmo.c (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index 2c84ee0aef..0934b4ca6a 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -44,6 +44,28 @@ OBJ_FILES = \ # End MODULE ldb_schema_fsmo ################################################ +################################################ +# Start MODULE ldb_naming_fsmo +[MODULE::ldb_naming_fsmo] +SUBSYSTEM = ldb +PRIVATE_DEPENDENCIES = SAMDB LIBTALLOC +INIT_FUNCTION = naming_fsmo_module_init +OBJ_FILES = \ + naming_fsmo.o +# End MODULE ldb_naming_fsmo +################################################ + +################################################ +# Start MODULE ldb_pdc_fsmo +[MODULE::ldb_pdc_fsmo] +SUBSYSTEM = ldb +PRIVATE_DEPENDENCIES = SAMDB LIBTALLOC +INIT_FUNCTION = pdc_fsmo_module_init +OBJ_FILES = \ + pdc_fsmo.o +# End MODULE ldb_pdc_fsmo +################################################ + ################################################ # Start MODULE ldb_samldb [MODULE::ldb_samldb] diff --git a/source4/dsdb/samdb/ldb_modules/naming_fsmo.c b/source4/dsdb/samdb/ldb_modules/naming_fsmo.c new file mode 100644 index 0000000000..9041c37ce7 --- /dev/null +++ b/source4/dsdb/samdb/ldb_modules/naming_fsmo.c @@ -0,0 +1,121 @@ +/* + Unix SMB/CIFS mplementation. + + The module that handles the Domain Naming FSMO Role Owner + checkings + + Copyright (C) Stefan Metzmacher 2007 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + +*/ + +#include "includes.h" +#include "lib/ldb/include/ldb.h" +#include "lib/ldb/include/ldb_errors.h" +#include "lib/ldb/include/ldb_private.h" +#include "dsdb/samdb/samdb.h" +#include "librpc/gen_ndr/ndr_misc.h" +#include "librpc/gen_ndr/ndr_drsuapi.h" +#include "librpc/gen_ndr/ndr_drsblobs.h" +#include "lib/util/dlinklist.h" + +struct dsdb_naming_fsmo { + bool we_are_master; +}; + +static int naming_fsmo_init(struct ldb_module *module) +{ + TALLOC_CTX *mem_ctx; + struct ldb_dn *naming_dn; + struct dsdb_naming_fsmo *naming_fsmo; + struct ldb_result *naming_res; + struct ldb_dn *naming_master_dn; + int ret; + static const char *naming_attrs[] = { + "fSMORoleOwner", + NULL + }; + + mem_ctx = talloc_new(module); + if (!mem_ctx) { + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + naming_dn = samdb_partitions_dn(module->ldb, mem_ctx); + if (!naming_dn) { + ldb_debug(module->ldb, LDB_DEBUG_WARNING, + "naming_fsmo_init: no partitions dn present: (skip loading of naming contexts details)\n"); + talloc_free(mem_ctx); + return ldb_next_init(module); + } + + naming_fsmo = talloc_zero(mem_ctx, struct dsdb_naming_fsmo); + if (!naming_fsmo) { + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + module->private_data = naming_fsmo; + + ret = ldb_search(module->ldb, naming_dn, + LDB_SCOPE_BASE, + NULL, naming_attrs, + &naming_res); + if (ret != LDB_SUCCESS) { + ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, + "naming_fsmo_init: failed to search the cross-ref container: %d:%s\n", + ret, ldb_strerror(ret)); + talloc_free(mem_ctx); + return ret; + } + talloc_steal(mem_ctx, naming_res); + if (naming_res->count == 0) { + ldb_debug(module->ldb, LDB_DEBUG_WARNING, + "naming_fsmo_init: no cross-ref container present: (skip loading of naming contexts details)\n"); + talloc_free(mem_ctx); + return ldb_next_init(module); + } else if (naming_res->count > 1) { + ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, + "naming_fsmo_init: [%u] cross-ref containers found on a base search\n", + naming_res->count); + talloc_free(mem_ctx); + return LDB_ERR_CONSTRAINT_VIOLATION; + } + + naming_master_dn = ldb_msg_find_attr_as_dn(module->ldb, mem_ctx, naming_res->msgs[0], "fSMORoleOwner"); + if (ldb_dn_compare(samdb_ntds_settings_dn(module->ldb), naming_master_dn) == 0) { + naming_fsmo->we_are_master = true; + } else { + naming_fsmo->we_are_master = false; + } + + ldb_debug(module->ldb, LDB_DEBUG_TRACE, + "naming_fsmo_init: we are master: %s\n", + (naming_fsmo->we_are_master?"yes":"no")); + + talloc_free(mem_ctx); + return ldb_next_init(module); +} + +static const struct ldb_module_ops naming_fsmo_ops = { + .name = "naming_fsmo", + .init_context = naming_fsmo_init +}; + +int naming_fsmo_module_init(void) +{ + return ldb_register_module(&naming_fsmo_ops); +} diff --git a/source4/dsdb/samdb/ldb_modules/pdc_fsmo.c b/source4/dsdb/samdb/ldb_modules/pdc_fsmo.c new file mode 100644 index 0000000000..16b40ef8d9 --- /dev/null +++ b/source4/dsdb/samdb/ldb_modules/pdc_fsmo.c @@ -0,0 +1,120 @@ +/* + Unix SMB/CIFS mplementation. + + The module that handles the PDC FSMO Role Owner checkings + + Copyright (C) Stefan Metzmacher 2007 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + +*/ + +#include "includes.h" +#include "lib/ldb/include/ldb.h" +#include "lib/ldb/include/ldb_errors.h" +#include "lib/ldb/include/ldb_private.h" +#include "dsdb/samdb/samdb.h" +#include "librpc/gen_ndr/ndr_misc.h" +#include "librpc/gen_ndr/ndr_drsuapi.h" +#include "librpc/gen_ndr/ndr_drsblobs.h" +#include "lib/util/dlinklist.h" + +struct dsdb_pdc_fsmo { + bool we_are_master; +}; + +static int pdc_fsmo_init(struct ldb_module *module) +{ + TALLOC_CTX *mem_ctx; + struct ldb_dn *pdc_dn; + struct dsdb_pdc_fsmo *pdc_fsmo; + struct ldb_result *pdc_res; + struct ldb_dn *pdc_master_dn; + int ret; + static const char *pdc_attrs[] = { + "fSMORoleOwner", + NULL + }; + + mem_ctx = talloc_new(module); + if (!mem_ctx) { + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + pdc_dn = samdb_base_dn(module->ldb); + if (!pdc_dn) { + ldb_debug(module->ldb, LDB_DEBUG_WARNING, + "pdc_fsmo_init: no domain dn present: (skip loading of domain details)\n"); + talloc_free(mem_ctx); + return ldb_next_init(module); + } + + pdc_fsmo = talloc_zero(mem_ctx, struct dsdb_pdc_fsmo); + if (!pdc_fsmo) { + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + module->private_data = pdc_fsmo; + + ret = ldb_search(module->ldb, pdc_dn, + LDB_SCOPE_BASE, + NULL, pdc_attrs, + &pdc_res); + if (ret != LDB_SUCCESS) { + ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, + "pdc_fsmo_init: failed to search the domain object: %d:%s\n", + ret, ldb_strerror(ret)); + talloc_free(mem_ctx); + return ret; + } + talloc_steal(mem_ctx, pdc_res); + if (pdc_res->count == 0) { + ldb_debug(module->ldb, LDB_DEBUG_WARNING, + "pdc_fsmo_init: no domain object present: (skip loading of domain details)\n"); + talloc_free(mem_ctx); + return ldb_next_init(module); + } else if (pdc_res->count > 1) { + ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, + "pdc_fsmo_init: [%u] domain objects found on a base search\n", + pdc_res->count); + talloc_free(mem_ctx); + return LDB_ERR_CONSTRAINT_VIOLATION; + } + + pdc_master_dn = ldb_msg_find_attr_as_dn(module->ldb, mem_ctx, pdc_res->msgs[0], "fSMORoleOwner"); + if (ldb_dn_compare(samdb_ntds_settings_dn(module->ldb), pdc_master_dn) == 0) { + pdc_fsmo->we_are_master = true; + } else { + pdc_fsmo->we_are_master = false; + } + + ldb_debug(module->ldb, LDB_DEBUG_TRACE, + "pdc_fsmo_init: we are master: %s\n", + (pdc_fsmo->we_are_master?"yes":"no")); + + talloc_free(mem_ctx); + return ldb_next_init(module); +} + +static const struct ldb_module_ops pdc_fsmo_ops = { + .name = "pdc_fsmo", + .init_context = pdc_fsmo_init +}; + +int pdc_fsmo_module_init(void) +{ + return ldb_register_module(&pdc_fsmo_ops); +} -- cgit From 301129f6defacfc924647e6aa7be45cf6d7f2f5b Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 18 Jan 2007 00:49:52 +0000 Subject: r20870: implement the constructed attributes dsSchemaAttrCount, dsSchemaClassCount and dsSchemaPrefixCount on the rootdse having a loaded dsdb_schema make things so easy...:-) metze (This used to be commit 7862fcdbb5ce43e702512c1acdbb5843ef551293) --- source4/dsdb/samdb/ldb_modules/rootdse.c | 44 ++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index f9a9b52029..9a469c4563 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -26,6 +26,7 @@ #include "lib/ldb/include/ldb_errors.h" #include "lib/ldb/include/ldb_private.h" #include "system/time.h" +#include "dsdb/samdb/samdb.h" struct private_data { int num_controls; @@ -44,6 +45,11 @@ static int do_attribute(const char * const *attrs, const char *name) ldb_attr_in_list(attrs, "*"); } +static int do_attribute_explicit(const char * const *attrs, const char *name) +{ + return attrs != NULL && ldb_attr_in_list(attrs, name); +} + /* add dynamically generated attributes to rootDSE result @@ -52,6 +58,9 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms { struct private_data *priv = talloc_get_type(module->private_data, struct private_data); char **server_sasl; + const struct dsdb_schema *schema; + + schema = dsdb_get_schema(module->ldb); msg->dn = ldb_dn_new(msg, module->ldb, NULL); @@ -119,6 +128,41 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms } } + if (schema && do_attribute_explicit(attrs, "dsSchemaAttrCount")) { + struct dsdb_attribute *cur; + uint32_t n = 0; + + for (cur = schema->attributes; cur; cur = cur->next) { + n++; + } + + if (ldb_msg_add_fmt(msg, "dsSchemaAttrCount", + "%u", n) != 0) { + goto failed; + } + } + + if (schema && do_attribute_explicit(attrs, "dsSchemaClassCount")) { + struct dsdb_class *cur; + uint32_t n = 0; + + for (cur = schema->classes; cur; cur = cur->next) { + n++; + } + + if (ldb_msg_add_fmt(msg, "dsSchemaClassCount", + "%u", n) != 0) { + goto failed; + } + } + + if (schema && do_attribute_explicit(attrs, "dsSchemaPrefixCount")) { + if (ldb_msg_add_fmt(msg, "dsSchemaPrefixCount", + "%u", schema->num_prefixes) != 0) { + goto failed; + } + } + /* TODO: lots more dynamic attributes should be added here */ return LDB_SUCCESS; -- cgit From 3e523582ea41702450d2f14535be24ecb45023b7 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 18 Jan 2007 01:31:09 +0000 Subject: r20871: implement the validFSMOs constructed attribute on the rootdse for the schema, domain naming and pdc fsmo roles infrastructure and rid manager will be added later, when we have module for them metze (This used to be commit 308f9cf822a3a34dae28a5fa5aa850e2adbeb472) --- source4/dsdb/samdb/ldb_modules/naming_fsmo.c | 16 ++++++----- source4/dsdb/samdb/ldb_modules/pdc_fsmo.c | 16 ++++++----- source4/dsdb/samdb/ldb_modules/rootdse.c | 40 ++++++++++++++++++++++++++++ source4/dsdb/samdb/ldb_modules/schema_fsmo.c | 16 ++++++----- 4 files changed, 67 insertions(+), 21 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/naming_fsmo.c b/source4/dsdb/samdb/ldb_modules/naming_fsmo.c index 9041c37ce7..ddd120caf2 100644 --- a/source4/dsdb/samdb/ldb_modules/naming_fsmo.c +++ b/source4/dsdb/samdb/ldb_modules/naming_fsmo.c @@ -32,17 +32,12 @@ #include "librpc/gen_ndr/ndr_drsblobs.h" #include "lib/util/dlinklist.h" -struct dsdb_naming_fsmo { - bool we_are_master; -}; - static int naming_fsmo_init(struct ldb_module *module) { TALLOC_CTX *mem_ctx; struct ldb_dn *naming_dn; struct dsdb_naming_fsmo *naming_fsmo; struct ldb_result *naming_res; - struct ldb_dn *naming_master_dn; int ret; static const char *naming_attrs[] = { "fSMORoleOwner", @@ -95,13 +90,20 @@ static int naming_fsmo_init(struct ldb_module *module) return LDB_ERR_CONSTRAINT_VIOLATION; } - naming_master_dn = ldb_msg_find_attr_as_dn(module->ldb, mem_ctx, naming_res->msgs[0], "fSMORoleOwner"); - if (ldb_dn_compare(samdb_ntds_settings_dn(module->ldb), naming_master_dn) == 0) { + naming_fsmo->master_dn = ldb_msg_find_attr_as_dn(module->ldb, naming_fsmo, naming_res->msgs[0], "fSMORoleOwner"); + if (ldb_dn_compare(samdb_ntds_settings_dn(module->ldb), naming_fsmo->master_dn) == 0) { naming_fsmo->we_are_master = true; } else { naming_fsmo->we_are_master = false; } + if (ldb_set_opaque(module->ldb, "dsdb_naming_fsmo", naming_fsmo) != LDB_SUCCESS) { + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + talloc_steal(module, naming_fsmo); + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "naming_fsmo_init: we are master: %s\n", (naming_fsmo->we_are_master?"yes":"no")); diff --git a/source4/dsdb/samdb/ldb_modules/pdc_fsmo.c b/source4/dsdb/samdb/ldb_modules/pdc_fsmo.c index 16b40ef8d9..35a1636a4d 100644 --- a/source4/dsdb/samdb/ldb_modules/pdc_fsmo.c +++ b/source4/dsdb/samdb/ldb_modules/pdc_fsmo.c @@ -31,17 +31,12 @@ #include "librpc/gen_ndr/ndr_drsblobs.h" #include "lib/util/dlinklist.h" -struct dsdb_pdc_fsmo { - bool we_are_master; -}; - static int pdc_fsmo_init(struct ldb_module *module) { TALLOC_CTX *mem_ctx; struct ldb_dn *pdc_dn; struct dsdb_pdc_fsmo *pdc_fsmo; struct ldb_result *pdc_res; - struct ldb_dn *pdc_master_dn; int ret; static const char *pdc_attrs[] = { "fSMORoleOwner", @@ -94,13 +89,20 @@ static int pdc_fsmo_init(struct ldb_module *module) return LDB_ERR_CONSTRAINT_VIOLATION; } - pdc_master_dn = ldb_msg_find_attr_as_dn(module->ldb, mem_ctx, pdc_res->msgs[0], "fSMORoleOwner"); - if (ldb_dn_compare(samdb_ntds_settings_dn(module->ldb), pdc_master_dn) == 0) { + pdc_fsmo->master_dn = ldb_msg_find_attr_as_dn(module->ldb, mem_ctx, pdc_res->msgs[0], "fSMORoleOwner"); + if (ldb_dn_compare(samdb_ntds_settings_dn(module->ldb), pdc_fsmo->master_dn) == 0) { pdc_fsmo->we_are_master = true; } else { pdc_fsmo->we_are_master = false; } + if (ldb_set_opaque(module->ldb, "dsdb_pdc_fsmo", pdc_fsmo) != LDB_SUCCESS) { + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + talloc_steal(module, pdc_fsmo); + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "pdc_fsmo_init: we are master: %s\n", (pdc_fsmo->we_are_master?"yes":"no")); diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index 9a469c4563..a698e0db43 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -163,6 +163,46 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms } } + if (do_attribute_explicit(attrs, "validFSMOs")) { + const struct dsdb_schema_fsmo *schema_fsmo; + const struct dsdb_naming_fsmo *naming_fsmo; + const struct dsdb_pdc_fsmo *pdc_fsmo; + const char *dn_str; + + schema_fsmo = talloc_get_type(ldb_get_opaque(module->ldb, "dsdb_schema_fsmo"), + struct dsdb_schema_fsmo); + if (schema_fsmo && schema_fsmo->we_are_master) { + dn_str = ldb_dn_get_linearized(samdb_schema_dn(module->ldb)); + if (dn_str && dn_str[0]) { + if (ldb_msg_add_fmt(msg, "validFSMOs", "%s", dn_str) != 0) { + goto failed; + } + } + } + + naming_fsmo = talloc_get_type(ldb_get_opaque(module->ldb, "dsdb_naming_fsmo"), + struct dsdb_naming_fsmo); + if (naming_fsmo && naming_fsmo->we_are_master) { + dn_str = ldb_dn_get_linearized(samdb_partitions_dn(module->ldb, msg)); + if (dn_str && dn_str[0]) { + if (ldb_msg_add_fmt(msg, "validFSMOs", "%s", dn_str) != 0) { + goto failed; + } + } + } + + pdc_fsmo = talloc_get_type(ldb_get_opaque(module->ldb, "dsdb_pdc_fsmo"), + struct dsdb_pdc_fsmo); + if (pdc_fsmo && pdc_fsmo->we_are_master) { + dn_str = ldb_dn_get_linearized(samdb_base_dn(module->ldb)); + if (dn_str && dn_str[0]) { + if (ldb_msg_add_fmt(msg, "validFSMOs", "%s", dn_str) != 0) { + goto failed; + } + } + } + } + /* TODO: lots more dynamic attributes should be added here */ return LDB_SUCCESS; diff --git a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c index c692b983dd..deba2b7d88 100644 --- a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c +++ b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c @@ -32,10 +32,6 @@ #include "librpc/gen_ndr/ndr_drsblobs.h" #include "lib/util/dlinklist.h" -struct dsdb_schema_fsmo { - bool we_are_master; -}; - static int schema_fsmo_init(struct ldb_module *module) { WERROR status; @@ -44,7 +40,6 @@ static int schema_fsmo_init(struct ldb_module *module) struct dsdb_schema *schema; struct dsdb_schema_fsmo *schema_fsmo; struct ldb_result *schema_res; - struct ldb_dn *schema_master_dn; const struct ldb_val *prefix_val; const struct ldb_val *info_val; struct ldb_result *a_res; @@ -224,13 +219,20 @@ static int schema_fsmo_init(struct ldb_module *module) return ret; } - schema_master_dn = ldb_msg_find_attr_as_dn(module->ldb, mem_ctx, schema_res->msgs[0], "fSMORoleOwner"); - if (ldb_dn_compare(samdb_ntds_settings_dn(module->ldb), schema_master_dn) == 0) { + schema_fsmo->master_dn = ldb_msg_find_attr_as_dn(module->ldb, schema_fsmo, schema_res->msgs[0], "fSMORoleOwner"); + if (ldb_dn_compare(samdb_ntds_settings_dn(module->ldb), schema_fsmo->master_dn) == 0) { schema_fsmo->we_are_master = true; } else { schema_fsmo->we_are_master = false; } + if (ldb_set_opaque(module->ldb, "dsdb_schema_fsmo", schema_fsmo) != LDB_SUCCESS) { + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + talloc_steal(module, schema_fsmo); + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "schema_fsmo_init: we are master: %s\n", (schema_fsmo->we_are_master?"yes":"no")); -- cgit From c2e492ece3e5dd39c3c113dfe7f745fc900a5dc0 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 19 Jan 2007 13:36:15 +0000 Subject: r20902: don't crash if the object isn't there yet metze (This used to be commit 4588e2522b11f707e608488c782f6988fd97628a) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 38a44bdae2..9a72643ec9 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -1192,6 +1192,10 @@ static int ph_wait(struct ldb_handle *handle) { return LDB_SUCCESS; } + if (ac->search_res == NULL) { + return LDB_ERR_NO_SUCH_OBJECT; + } + /* self search done, go on */ return password_hash_mod_search_dom(handle); -- cgit From 8309f2c35b152a82885a5f5352013d39ec349097 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 19 Jan 2007 16:55:38 +0000 Subject: r20909: add a module that implements the LDAP_CONTROL_SHOW_DELETED_OID control it hides objects with isDeleted=TRUE by default, and let them through if the control is present metze (This used to be commit 7108d62cb0360e734045eb39c03508d8528dc9cc) --- source4/dsdb/samdb/ldb_modules/config.mk | 12 ++ source4/dsdb/samdb/ldb_modules/show_deleted.c | 215 ++++++++++++++++++++++++++ 2 files changed, 227 insertions(+) create mode 100644 source4/dsdb/samdb/ldb_modules/show_deleted.c (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index 0934b4ca6a..929d0bcead 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -176,6 +176,18 @@ OBJ_FILES = \ # End MODULE ldb_extended_dn ################################################ +################################################ +# Start MODULE ldb_show_deleted +[MODULE::ldb_show_deleted] +SUBSYSTEM = ldb +PRIVATE_DEPENDENCIES = LIBTALLOC +INIT_FUNCTION = ldb_show_deleted_init +OBJ_FILES = \ + show_deleted.o +# +# End MODULE ldb_show_deleted +################################################ + ################################################ # Start MODULE ldb_partition [MODULE::ldb_partition] diff --git a/source4/dsdb/samdb/ldb_modules/show_deleted.c b/source4/dsdb/samdb/ldb_modules/show_deleted.c new file mode 100644 index 0000000000..9d624c9982 --- /dev/null +++ b/source4/dsdb/samdb/ldb_modules/show_deleted.c @@ -0,0 +1,215 @@ +/* + ldb database library + + Copyright (C) Simo Sorce 2005 + Copyright (C) Stefa Metzmacher 2007 + + ** NOTE! The following LGPL license applies to the ldb + ** library. This does NOT imply that all of Samba is released + ** under the LGPL + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +*/ + +/* + * Name: ldb + * + * Component: ldb deleted objects control module + * + * Description: this module hides deleted objects, and returns them if the control is there + * + * Author: Stefan Metzmacher + */ + +#include "includes.h" +#include "ldb/include/ldb.h" +#include "ldb/include/ldb_errors.h" +#include "ldb/include/ldb_private.h" +#include "dsdb/samdb/samdb.h" + +/* search */ +struct show_deleted_search_request { + + struct ldb_module *module; + void *up_context; + int (*up_callback)(struct ldb_context *, void *, struct ldb_reply *); + + bool remove_from_msg; +}; + +static int show_deleted_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +{ + struct show_deleted_search_request *ar; + + if (!context || !ares) { + ldb_set_errstring(ldb, "NULL Context or Result in callback"); + goto error; + } + + ar = talloc_get_type(context, struct show_deleted_search_request); + + if (ares->type == LDB_REPLY_ENTRY) { + bool isDeleted; + + isDeleted = ldb_msg_find_attr_as_bool(ares->message, "isDeleted", false); + + if (isDeleted) { + goto skip_deleted; + } + + if (ar->remove_from_msg) { + ldb_msg_remove_attr(ares->message, "isDeleted"); + } + } + + return ar->up_callback(ldb, ar->up_context, ares); + +skip_deleted: + talloc_free(ares); + return LDB_SUCCESS; +error: + talloc_free(ares); + return LDB_ERR_OPERATIONS_ERROR; +} + +static int show_deleted_search(struct ldb_module *module, struct ldb_request *req) +{ + struct ldb_control *control; + struct ldb_control **saved_controls; + struct show_deleted_search_request *ar; + struct ldb_request *down_req; + char **new_attrs; + uint32_t num_attrs = 0; + uint32_t i; + int ret; + + /* check if there's a show deleted control */ + control = get_control_from_list(req->controls, LDB_CONTROL_SHOW_DELETED_OID); + + /* copy the request for modification */ + down_req = talloc(req, struct ldb_request); + if (down_req == NULL) { + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + /* copy the request */ + *down_req = *req; + + /* if a control is there remove if from the modified request */ + if (control && !save_controls(control, down_req, &saved_controls)) { + return LDB_ERR_OPERATIONS_ERROR; + } + + /* if we had a control, then just go on to the next request as we have nothing to hide */ + if (control) { + goto next_request; + } + + ar = talloc(down_req, struct show_deleted_search_request); + if (ar == NULL) { + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + ar->module = module; + ar->up_context = req->context; + ar->up_callback = req->callback; + ar->remove_from_msg = true; + + /* check if attrs only is specified, in that case check wether we need to modify them */ + if (down_req->op.search.attrs) { + for (i=0; (down_req->op.search.attrs && down_req->op.search.attrs[i]); i++) { + num_attrs++; + if (strcasecmp(down_req->op.search.attrs[i], "*") == 0) { + ar->remove_from_msg = false; + } else if (strcasecmp(down_req->op.search.attrs[i], "isDeleted") == 0) { + ar->remove_from_msg = false; + } + } + } else { + ar->remove_from_msg = false; + } + + if (ar->remove_from_msg) { + new_attrs = talloc_array(down_req, char *, num_attrs + 2); + if (!new_attrs) { + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + for (i=0; i < num_attrs; i++) { + new_attrs[i] = discard_const_p(char, down_req->op.search.attrs[i]); + } + new_attrs[i] = talloc_strdup(new_attrs, "isDeleted"); + if (!new_attrs[i]) { + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + new_attrs[i+1] = NULL; + down_req->op.search.attrs = (const char * const *)new_attrs; + } + + down_req->context = ar; + down_req->callback = show_deleted_search_callback; + ldb_set_timeout_from_prev_req(module->ldb, req, down_req); + +next_request: + /* perform the search */ + ret = ldb_next_request(module, down_req); + + /* do not free down_req as the call results may be linked to it, + * it will be freed when the upper level request get freed */ + if (ret == LDB_SUCCESS) { + req->handle = down_req->handle; + } + + return ret; +} + +static int show_deleted_init(struct ldb_module *module) +{ + struct ldb_request *req; + int ret; + + req = talloc(module, struct ldb_request); + if (req == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + req->operation = LDB_REQ_REGISTER_CONTROL; + req->op.reg_control.oid = LDB_CONTROL_SHOW_DELETED_OID; + req->controls = NULL; + + ret = ldb_request(module->ldb, req); + if (ret != LDB_SUCCESS) { + ldb_debug(module->ldb, LDB_DEBUG_ERROR, "show_deleted: Unable to register control with rootdse!\n"); + talloc_free(req); + return LDB_ERR_OPERATIONS_ERROR; + } + + talloc_free(req); + return ldb_next_init(module); +} + +static const struct ldb_module_ops show_deleted_ops = { + .name = "show_deleted", + .search = show_deleted_search, + .init_context = show_deleted_init +}; + +int ldb_show_deleted_init(void) +{ + return ldb_register_module(&show_deleted_ops); +} -- cgit From 21cf5c82a2e23cfef8aa2ba0d0251c94564620e0 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sat, 20 Jan 2007 09:46:42 +0000 Subject: r20921: - only give password attributes to the SYSTEM account - but SYSTEM and administrators can change them metze (This used to be commit fc5319e927d96b68d8bd90a01e10aa00a6ddf494) --- source4/dsdb/samdb/ldb_modules/kludge_acl.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index 8876db0482..e2a11cf87d 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -126,7 +126,6 @@ static int kludge_acl_callback(struct ldb_context *ldb, void *context, struct ld { switch (ac->user_type) { case SYSTEM: - case ADMINISTRATOR: break; default: /* remove password attributes */ @@ -183,7 +182,6 @@ static int kludge_acl_search(struct ldb_module *module, struct ldb_request *req) just as we would not allow that attribute to be returned */ switch (ac->user_type) { case SYSTEM: - case ADMINISTRATOR: break; default: /* remove password attributes */ -- cgit From bf86c2744052aa34fe9140ade368570a995b98bb Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sat, 20 Jan 2007 12:21:06 +0000 Subject: r20923: only allow extended operations for SYSTEM or administrators for now metze (This used to be commit f062f09fbf45dd6cd36d1bfd9abb301d850c19dc) --- source4/dsdb/samdb/ldb_modules/kludge_acl.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index e2a11cf87d..644217b99c 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -297,6 +297,7 @@ static const struct ldb_module_ops kludge_acl_ops = { .modify = kludge_acl_change, .del = kludge_acl_change, .rename = kludge_acl_change, + .extended = kludge_acl_change, .init_context = kludge_acl_init }; -- cgit From a00bd47bfa0afeaaf0b8db511f7fed06bb557b6f Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 22 Jan 2007 19:07:57 +0000 Subject: r20957: a value of FF0000000000000000000000000000000000000000 isn't stored as schemaInfo so we need to use it as value if nothing is stored metze (This used to be commit cd326134079375fc83640444d6323a5cbe7c02ee) --- source4/dsdb/samdb/ldb_modules/schema_fsmo.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c index deba2b7d88..231042fe66 100644 --- a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c +++ b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c @@ -42,6 +42,7 @@ static int schema_fsmo_init(struct ldb_module *module) struct ldb_result *schema_res; const struct ldb_val *prefix_val; const struct ldb_val *info_val; + struct ldb_val info_val_default; struct ldb_result *a_res; struct ldb_result *c_res; uint32_t i; @@ -116,10 +117,13 @@ static int schema_fsmo_init(struct ldb_module *module) } info_val = ldb_msg_find_ldb_val(schema_res->msgs[0], "schemaInfo"); if (!info_val) { - ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, - "schema_fsmo_init: no schemaInfo attribute found\n"); - talloc_free(mem_ctx); - return LDB_ERR_CONSTRAINT_VIOLATION; + info_val_default = strhex_to_data_blob("FF0000000000000000000000000000000000000000"); + if (!info_val_default.data) { + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + talloc_steal(mem_ctx, info_val_default.data); + info_val = &info_val_default; } status = dsdb_load_oid_mappings_ldb(schema, prefix_val, info_val); -- cgit From c84d8124b2c61e9ef5d3c43333b76009b5f79a5b Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 23 Jan 2007 10:21:14 +0000 Subject: r20968: - add functions to sort the meta data and attribute arrays - we should use them before we store records to disk metze (This used to be commit a5200ef0cae5e8b0cedf196c9d76afc46e08c316) --- source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 115 ++++++++++++++++++------ 1 file changed, 90 insertions(+), 25 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index 7469cadaa8..d326b58159 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -53,6 +53,8 @@ struct replmd_replicated_request { struct ldb_handle *handle; struct ldb_request *orig_req; + const struct dsdb_schema *schema; + struct dsdb_extended_replicated_objects *objs; uint32_t index_current; @@ -73,6 +75,14 @@ static struct replmd_replicated_request *replmd_replicated_init_handle(struct ld { struct replmd_replicated_request *ar; struct ldb_handle *h; + const struct dsdb_schema *schema; + + schema = dsdb_get_schema(module->ldb); + if (!schema) { + ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, + "replmd_replicated_init_handle: no loaded schema found\n"); + return NULL; + } h = talloc_zero(req, struct ldb_handle); if (h == NULL) { @@ -96,6 +106,7 @@ static struct replmd_replicated_request *replmd_replicated_init_handle(struct ld ar->module = module; ar->handle = h; ar->orig_req = req; + ar->schema = schema; ar->objs = objs; req->handle = h; @@ -168,6 +179,75 @@ static int add_uint64_element(struct ldb_message *msg, const char *attr, uint64_ return 0; } +static int replmd_replPropertyMetaData1_attid_sort(const struct replPropertyMetaData1 *m1, + const struct replPropertyMetaData1 *m2, + const uint32_t *rdn_attid) +{ + if (m1->attid == m2->attid) { + return 0; + } + + /* + * the rdn attribute should be at the end! + * so we need to return a value greater than zero + * which means m1 is greater than m2 + */ + if (m1->attid == *rdn_attid) { + return 1; + } + + /* + * the rdn attribute should be at the end! + * so we need to return a value less than zero + * which means m2 is greater than m1 + */ + if (m2->attid == *rdn_attid) { + return -1; + } + + return m1->attid - m2->attid; +} + +static void replmd_replPropertyMetaDataCtr1_sort(struct replPropertyMetaDataCtr1 *ctr1, + const uint32_t *rdn_attid) +{ + ldb_qsort(ctr1->array, ctr1->count, sizeof(struct replPropertyMetaData1), + discard_const_p(void, rdn_attid), (ldb_qsort_cmp_fn_t)replmd_replPropertyMetaData1_attid_sort); +} + +static int replmd_ldb_message_element_attid_sort(const struct ldb_message_element *e1, + const struct ldb_message_element *e2, + const struct dsdb_schema *schema) +{ + const struct dsdb_attribute *a1; + const struct dsdb_attribute *a2; + + /* + * TODO: make this faster by caching the dsdb_attribute pointer + * on the ldb_messag_element + */ + + a1 = dsdb_attribute_by_lDAPDisplayName(schema, e1->name); + a2 = dsdb_attribute_by_lDAPDisplayName(schema, e2->name); + + /* + * TODO: remove this check, we should rely on e1 and e2 having valid attribute names + * in the schema + */ + if (!a1 || !a2) { + return strcasecmp(e1->name, e2->name); + } + + return a1->attributeID_id - a2->attributeID_id; +} + +static void replmd_ldb_message_sort(struct ldb_message *msg, + const struct dsdb_schema *schema) +{ + ldb_qsort(msg->elements, msg->num_elements, sizeof(struct ldb_message_element), + discard_const_p(void, schema), (ldb_qsort_cmp_fn_t)replmd_ldb_message_element_attid_sort); +} + static int replmd_prepare_originating(struct ldb_module *module, struct ldb_request *req, struct ldb_dn *dn, const char *fn_name, int (*fn)(struct ldb_module *, @@ -489,7 +569,9 @@ static int replmd_replicated_apply_add(struct replmd_replicated_request *ar) return replmd_replicated_request_error(ar, ret); } - md = ar->objs->objects[ar->index_current].meta_data; + /* + * the meta data array is already sorted by the caller + */ for (i=0; i < md->ctr.ctr1.count; i++) { md->ctr.ctr1.array[i].local_usn = seq_num; } @@ -503,6 +585,8 @@ static int replmd_replicated_apply_add(struct replmd_replicated_request *ar) return replmd_replicated_request_error(ar, ret); } + replmd_ldb_message_sort(msg, ar->schema); + ret = ldb_build_add_req(&ar->sub.change_req, ar->module->ldb, ar->sub.mem_ctx, @@ -532,12 +616,6 @@ static int replmd_replicated_apply_add(struct replmd_replicated_request *ar) #endif } -static int replmd_replPropertyMetaData1_attid_compare(struct replPropertyMetaData1 *m1, - struct replPropertyMetaData1 *m2) -{ - return m1->attid - m2->attid; -} - static int replmd_replPropertyMetaData1_conflict_compare(struct replPropertyMetaData1 *m1, struct replPropertyMetaData1 *m2) { @@ -696,31 +774,16 @@ static int replmd_replicated_apply_merge(struct replmd_replicated_request *ar) * 'cn' for most objects is the last entry in the meta data array * we have stored * - * as it should stay the last one in the new list, we move it to the end + * sort the new meta data array */ { - struct replPropertyMetaData1 *rdn_p, rdn, *last_p; + struct replPropertyMetaData1 *rdn_p; uint32_t rdn_idx = omd.ctr.ctr1.count - 1; - uint32_t last_idx = ni - 1; rdn_p = &nmd.ctr.ctr1.array[rdn_idx]; - rdn = *rdn_p; - last_p = &nmd.ctr.ctr1.array[last_idx]; - - if (last_idx > rdn_idx) { - memmove(rdn_p, rdn_p+1, (last_idx - rdn_idx)*sizeof(rdn)); - *last_p = rdn; - } + replmd_replPropertyMetaDataCtr1_sort(&nmd.ctr.ctr1, &rdn_p->attid); } - /* - * sort the meta data entries by attid, but skip the last one containing - * the rdn attribute - */ - qsort(nmd.ctr.ctr1.array, nmd.ctr.ctr1.count - 1, - sizeof(struct replPropertyMetaData1), - (comparison_fn_t)replmd_replPropertyMetaData1_attid_compare); - /* create the meta data value */ nt_status = ndr_push_struct_blob(&nmd_value, msg, &nmd, (ndr_push_flags_fn_t)ndr_push_replPropertyMetaDataBlob); @@ -757,6 +820,8 @@ static int replmd_replicated_apply_merge(struct replmd_replicated_request *ar) return replmd_replicated_request_error(ar, ret); } + replmd_ldb_message_sort(msg, ar->schema); + /* we want to replace the old values */ for (i=0; i < msg->num_elements; i++) { msg->elements[i].flags = LDB_FLAG_MOD_REPLACE; -- cgit From 6fda023f80cdb28a43e45aee1b5312bafca95b8a Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 23 Jan 2007 12:06:52 +0000 Subject: r20971: we don't need this check twice:-) metze (This used to be commit b7d48274a7341c5e4a3f103387f87fcc94853271) --- source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 7 ------- 1 file changed, 7 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index d326b58159..0ea73dcbd4 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -264,13 +264,6 @@ static int replmd_prepare_originating(struct ldb_module *module, struct ldb_requ return ldb_next_request(module, req); } - schema = dsdb_get_schema(module->ldb); - if (!schema) { - ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, - "replmd_modify: no dsdb_schema loaded"); - return LDB_ERR_CONSTRAINT_VIOLATION; - } - schema = dsdb_get_schema(module->ldb); if (!schema) { ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, -- cgit From c601a9ddcdd27464d8a3f871fef2f959b47f66a0 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 23 Jan 2007 16:18:45 +0000 Subject: r20975: - implement handling of meta data an on originating add there're a few things TODO, but it's a good start we need to research if an originating change causes the replUpToDateVector attribute to change...(I assume it, but needs testing) metze (This used to be commit fde0aabd9ae79fcefbcba34e6f9143f93ffcf96c) --- source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 277 ++++++++++++++++++++---- 1 file changed, 240 insertions(+), 37 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index 0ea73dcbd4..78e7aca92f 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -44,6 +44,7 @@ #include "lib/ldb/include/ldb_errors.h" #include "lib/ldb/include/ldb_private.h" #include "dsdb/samdb/samdb.h" +#include "dsdb/common/flags.h" #include "librpc/gen_ndr/ndr_misc.h" #include "librpc/gen_ndr/ndr_drsuapi.h" #include "librpc/gen_ndr/ndr_drsblobs.h" @@ -114,19 +115,6 @@ static struct replmd_replicated_request *replmd_replicated_init_handle(struct ld return ar; } -static struct ldb_message_element *replmd_find_attribute(const struct ldb_message *msg, const char *name) -{ - int i; - - for (i = 0; i < msg->num_elements; i++) { - if (ldb_attr_cmp(name, msg->elements[i].name) == 0) { - return &msg->elements[i]; - } - } - - return NULL; -} - /* add a time element to a record */ @@ -304,68 +292,283 @@ static int replmd_add_originating(struct ldb_module *module, const struct dsdb_schema *schema, const struct dsdb_control_current_partition *partition) { + NTSTATUS nt_status; struct ldb_request *down_req; - struct ldb_message_element *attribute; struct ldb_message *msg; - struct ldb_val v; + uint32_t instance_type; + struct ldb_dn *new_dn; + const char *rdn_name; + const char *rdn_name_upper; + const struct ldb_val *rdn_value = NULL; + const struct dsdb_attribute *rdn_attr = NULL; struct GUID guid; + struct ldb_val guid_value; + struct replPropertyMetaDataBlob nmd; + struct ldb_val nmd_value; uint64_t seq_num; - NTSTATUS nt_status; - int ret; + const struct GUID *our_invocation_id; time_t t = time(NULL); + NTTIME now; + char *time_str; + int ret; + uint32_t i, ni=0; ldb_debug(module->ldb, LDB_DEBUG_TRACE, "replmd_add_originating\n"); - if ((attribute = replmd_find_attribute(req->op.add.message, "objectGUID")) != NULL ) { - return ldb_next_request(module, req); + if (ldb_msg_find_element(req->op.add.message, "objectGUID")) { + ldb_debug_set(module->ldb, LDB_DEBUG_ERROR, + "replmd_add_originating: it's not allowed to add an object with objectGUID\n"); + return LDB_ERR_UNWILLING_TO_PERFORM; + } + + if (ldb_msg_find_element(req->op.add.message, "instanceType")) { + ldb_debug_set(module->ldb, LDB_DEBUG_ERROR, + "replmd_add_originating: it's not allowed to add an object with instanceType\n"); + return LDB_ERR_UNWILLING_TO_PERFORM; } + /* Get a sequence number from the backend */ + ret = ldb_sequence_number(module->ldb, LDB_SEQ_NEXT, &seq_num); + if (ret != LDB_SUCCESS) { + return ret; + } + + /* a new GUID */ + guid = GUID_random(); + + /* get our invicationId */ + our_invocation_id = samdb_ntds_invocation_id(module->ldb); + if (!our_invocation_id) { + ldb_debug_set(module->ldb, LDB_DEBUG_ERROR, + "replmd_add_originating: unable to find invocationId\n"); + return LDB_ERR_OPERATIONS_ERROR; + } + + /* create a copy of the request */ down_req = talloc(req, struct ldb_request); if (down_req == NULL) { + ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } - *down_req = *req; /* we have to copy the message as the caller might have it as a const */ down_req->op.add.message = msg = ldb_msg_copy_shallow(down_req, req->op.add.message); if (msg == NULL) { talloc_free(down_req); + ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } - /* a new GUID */ - guid = GUID_random(); + /* generated times */ + unix_to_nt_time(&now, t); + time_str = ldb_timestring(msg, t); + if (!time_str) { + talloc_free(down_req); + return LDB_ERR_OPERATIONS_ERROR; + } - nt_status = ndr_push_struct_blob(&v, msg, &guid, - (ndr_push_flags_fn_t)ndr_push_GUID); - if (!NT_STATUS_IS_OK(nt_status)) { + /* + * get details of the rdn name + */ + rdn_name = ldb_dn_get_rdn_name(msg->dn); + if (!rdn_name) { + talloc_free(down_req); + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + rdn_attr = dsdb_attribute_by_lDAPDisplayName(schema, rdn_name); + if (!rdn_attr) { + talloc_free(down_req); + return LDB_ERR_OPERATIONS_ERROR; + } + rdn_value = ldb_dn_get_rdn_val(msg->dn); + if (!rdn_value) { talloc_free(down_req); + ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } - ret = ldb_msg_add_value(msg, "objectGUID", &v, NULL); - if (ret) { + /* + * remove autogenerated attributes + */ + ldb_msg_remove_attr(msg, rdn_name); + ldb_msg_remove_attr(msg, "name"); + ldb_msg_remove_attr(msg, "whenCreated"); + ldb_msg_remove_attr(msg, "whenChanged"); + ldb_msg_remove_attr(msg, "uSNCreated"); + ldb_msg_remove_attr(msg, "uSNChanged"); + ldb_msg_remove_attr(msg, "replPropertyMetaData"); + + /* + * TODO: construct a new DN out of: + * - the parent DN + * - the upper case of rdn_attr->LDAPDisplayName + * - rdn_value + */ + new_dn = ldb_dn_copy(msg, msg->dn); + if (!new_dn) { talloc_free(down_req); - return ret; + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; } - - if (add_time_element(msg, "whenCreated", t) != 0 || - add_time_element(msg, "whenChanged", t) != 0) { + rdn_name_upper = strupper_talloc(msg, rdn_attr->lDAPDisplayName); + if (!rdn_name_upper) { + talloc_free(down_req); + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + ret = ldb_dn_set_component(new_dn, 0, rdn_name_upper, *rdn_value); + if (ret != LDB_SUCCESS) { talloc_free(down_req); + ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } + msg->dn = new_dn; - /* Get a sequence number from the backend */ - ret = ldb_sequence_number(module->ldb, LDB_SEQ_NEXT, &seq_num); - if (ret == LDB_SUCCESS) { - if (add_uint64_element(msg, "uSNCreated", seq_num) != 0 || - add_uint64_element(msg, "uSNChanged", seq_num) != 0) { + /* + * TODO: calculate correct instance type + */ + instance_type = INSTANCE_TYPE_WRITE; + if (ldb_dn_compare(partition->dn, msg->dn) == 0) { + instance_type |= INSTANCE_TYPE_IS_NC_HEAD; + if (ldb_dn_compare(msg->dn, samdb_base_dn(module->ldb)) != 0) { + instance_type |= INSTANCE_TYPE_NC_ABOVE; + } + } + + /* + * readd replicated attributes + */ + ret = ldb_msg_add_value(msg, rdn_attr->lDAPDisplayName, rdn_value, NULL); + if (ret != LDB_SUCCESS) { + talloc_free(down_req); + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + ret = ldb_msg_add_value(msg, "name", rdn_value, NULL); + if (ret != LDB_SUCCESS) { + talloc_free(down_req); + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + ret = ldb_msg_add_string(msg, "whenCreated", time_str); + if (ret != LDB_SUCCESS) { + talloc_free(down_req); + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + ret = ldb_msg_add_fmt(msg, "instanceType", "%u", instance_type); + if (ret != LDB_SUCCESS) { + talloc_free(down_req); + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + /* build the replication meta_data */ + ZERO_STRUCT(nmd); + nmd.version = 1; + nmd.ctr.ctr1.count = msg->num_elements; + nmd.ctr.ctr1.array = talloc_array(msg, + struct replPropertyMetaData1, + nmd.ctr.ctr1.count); + if (!nmd.ctr.ctr1.array) { + talloc_free(down_req); + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + for (i=0; i < msg->num_elements; i++) { + struct ldb_message_element *e = &msg->elements[i]; + struct replPropertyMetaData1 *m = &nmd.ctr.ctr1.array[ni]; + const struct dsdb_attribute *sa; + + sa = dsdb_attribute_by_lDAPDisplayName(schema, e->name); + if (!sa) { + ldb_debug_set(module->ldb, LDB_DEBUG_ERROR, + "replmd_add_originating: attribute '%s' not defined in schema\n", + e->name); talloc_free(down_req); - return LDB_ERR_OPERATIONS_ERROR; + return LDB_ERR_NO_SUCH_ATTRIBUTE; } + + if (sa->systemFlags & 0x00000001) { + /* attribute is not replicated so it has no meta data */ + continue; + } + + m->attid = sa->attributeID_id; + m->version = 1; + m->orginating_time = now; + m->orginating_invocation_id = *our_invocation_id; + m->orginating_usn = seq_num; + m->local_usn = seq_num; + ni++; } + /* fix meta data count */ + nmd.ctr.ctr1.count = ni; + + /* + * sort meta data array, and move the rdn attribute entry to the end + */ + replmd_replPropertyMetaDataCtr1_sort(&nmd.ctr.ctr1, &rdn_attr->attributeID_id); + + /* generated NDR encoded values */ + nt_status = ndr_push_struct_blob(&guid_value, msg, &guid, + (ndr_push_flags_fn_t)ndr_push_GUID); + if (!NT_STATUS_IS_OK(nt_status)) { + talloc_free(down_req); + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + nt_status = ndr_push_struct_blob(&nmd_value, msg, &nmd, + (ndr_push_flags_fn_t)ndr_push_replPropertyMetaDataBlob); + if (!NT_STATUS_IS_OK(nt_status)) { + talloc_free(down_req); + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + /* + * add the autogenerated values + */ + ret = ldb_msg_add_value(msg, "objectGUID", &guid_value, NULL); + if (ret != LDB_SUCCESS) { + talloc_free(down_req); + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + ret = ldb_msg_add_string(msg, "whenChanged", time_str); + if (ret != LDB_SUCCESS) { + talloc_free(down_req); + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + ret = samdb_msg_add_uint64(module->ldb, msg, msg, "uSNCreated", seq_num); + if (ret != LDB_SUCCESS) { + talloc_free(down_req); + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + ret = samdb_msg_add_uint64(module->ldb, msg, msg, "uSNChanged", seq_num); + if (ret != LDB_SUCCESS) { + talloc_free(down_req); + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + ret = ldb_msg_add_value(msg, "replPropertyMetaData", &nmd_value, NULL); + if (ret != LDB_SUCCESS) { + talloc_free(down_req); + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + /* + * sort the attributes by attid before storing the object + */ + replmd_ldb_message_sort(msg, schema); + ldb_set_timeout_from_prev_req(module->ldb, req, down_req); /* go on with the call chain */ -- cgit From 744dddd75be73e4e883241b808b37a12a7a39ac1 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 4 Feb 2007 07:17:03 +0000 Subject: r21135: Instead of having hooks to update keytabs as an explicit thing, update them as a hook on ldb modify, via a module. This should allow the secrets.ldb to be edited by the admin, and to have things update in the on-disk keytab just as an in-memory keytab would. This isn't really a dsdb plugin, but I don't have any other good ideas about where to put it. Andrew Bartlett (This used to be commit 6ce557a1aff4754d2622be8f1c6695d9ee788d54) --- source4/dsdb/samdb/ldb_modules/config.mk | 16 ++- source4/dsdb/samdb/ldb_modules/update_keytab.c | 189 +++++++++++++++++++++++++ 2 files changed, 203 insertions(+), 2 deletions(-) create mode 100644 source4/dsdb/samdb/ldb_modules/update_keytab.c (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index 929d0bcead..b50e275ebf 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -133,8 +133,7 @@ OBJ_FILES = \ SUBSYSTEM = ldb INIT_FUNCTION = password_hash_module_init OBJ_FILES = password_hash.o -PUBLIC_DEPENDENCIES = HEIMDAL_KRB5 -PRIVATE_DEPENDENCIES = HEIMDAL_HDB_KEYS LIBTALLOC +PRIVATE_DEPENDENCIES = HEIMDAL_HDB_KEYS LIBTALLOC HEIMDAL_KRB5 # # End MODULE ldb_password_hash ################################################ @@ -212,3 +211,16 @@ OBJ_FILES = \ # End MODULE ldb_schema ################################################ +################################################ +# Start MODULE ldb_update_kt +[MODULE::ldb_update_kt] +SUBSYSTEM = ldb +PRIVATE_DEPENDENCIES = LIBTALLOC CREDENTIALS_KRB5 +#Also depends on credentials, but that would loop +INIT_FUNCTION = ldb_update_kt_init +OBJ_FILES = \ + update_keytab.o +# +# End MODULE ldb_update_kt +################################################ + diff --git a/source4/dsdb/samdb/ldb_modules/update_keytab.c b/source4/dsdb/samdb/ldb_modules/update_keytab.c new file mode 100644 index 0000000000..411f8c98ef --- /dev/null +++ b/source4/dsdb/samdb/ldb_modules/update_keytab.c @@ -0,0 +1,189 @@ +/* + ldb database library + + Copyright (C) Andrew Bartlett 2007 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +/* + * Name: ldb + * + * Component: ldb update_keytabs module + * + * Description: Update keytabs whenever their matching secret record changes + * + * Author: Andrew Bartlett + */ + +#include "includes.h" +#include "ldb/include/includes.h" +#include "auth/credentials/credentials.h" +#include "auth/credentials/credentials_krb5.h" +#include "system/kerberos.h" + +struct dn_list { + struct cli_credentials *creds; + struct dn_list *prev, *next; +}; + +struct update_kt_private { + struct dn_list *changed_dns; +}; + +static int add_modified(struct ldb_module *module, struct ldb_dn *dn, BOOL delete) { + struct update_kt_private *data = talloc_get_type(module->private_data, struct update_kt_private); + struct dn_list *item = talloc(data->changed_dns? (void *)data->changed_dns: (void *)data, struct dn_list); + char *filter; + NTSTATUS status; + if (!item) { + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + item->creds = cli_credentials_init(item); + if (!item->creds) { + DEBUG(1, ("cli_credentials_init failed!")); + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + cli_credentials_set_conf(item->creds); + filter = talloc_asprintf(item, "(&(&(objectClass=kerberosSecret)(&(privateKeytab=*)(|(secret=*)(ntPwdHash=*))))(dn=%s))", + ldb_dn_get_linearized(dn)); + status = cli_credentials_set_secrets(item->creds, module->ldb, NULL, filter); + talloc_free(filter); + if (NT_STATUS_IS_OK(status)) { + if (delete) { + /* Ensure we don't helpfully keep an old keytab entry */ + cli_credentials_set_kvno(item->creds, cli_credentials_get_kvno(item->creds)+2); + /* Wipe passwords */ + cli_credentials_set_nt_hash(item->creds, NULL, + CRED_SPECIFIED); + } + DLIST_ADD_END(data->changed_dns, item, struct dn_list *); + } + return LDB_SUCCESS; +} + +/* add */ +static int update_kt_add(struct ldb_module *module, struct ldb_request *req) +{ + int ret; + ret = ldb_next_request(module, req); + if (ret != LDB_SUCCESS) { + return ret; + } + return add_modified(module, req->op.add.message->dn, False); +} + +/* modify */ +static int update_kt_modify(struct ldb_module *module, struct ldb_request *req) +{ + int ret; + ret = ldb_next_request(module, req); + if (ret != LDB_SUCCESS) { + return ret; + } + return add_modified(module, req->op.mod.message->dn, False); +} + +/* delete */ +static int update_kt_delete(struct ldb_module *module, struct ldb_request *req) +{ + int ret; + /* Before we delete it, record the details */ + ret = add_modified(module, req->op.del.dn, True); + if (ret != LDB_SUCCESS) { + return ret; + } + return ldb_next_request(module, req); +} + +/* rename */ +static int update_kt_rename(struct ldb_module *module, struct ldb_request *req) +{ + int ret; + ret = ldb_next_request(module, req); + if (ret != LDB_SUCCESS) { + return ret; + } + return add_modified(module, req->op.rename.newdn, False); +} + +/* end a transaction */ +static int update_kt_end_trans(struct ldb_module *module) +{ + struct update_kt_private *data = talloc_get_type(module->private_data, struct update_kt_private); + + struct dn_list *p; + for (p=data->changed_dns; p; p = p->next) { + int kret; + kret = cli_credentials_update_keytab(p->creds); + if (kret != 0) { + talloc_free(data->changed_dns); + data->changed_dns = NULL; + ldb_asprintf_errstring(module->ldb, "Failed to update keytab: %s", error_message(kret)); + return LDB_ERR_OPERATIONS_ERROR; + } + } + + talloc_free(data->changed_dns); + data->changed_dns = NULL; + return ldb_next_end_trans(module); +} + +/* end a transaction */ +static int update_kt_del_trans(struct ldb_module *module) +{ + struct update_kt_private *data = talloc_get_type(module->private_data, struct update_kt_private); + + talloc_free(data->changed_dns); + data->changed_dns = NULL; + + return ldb_next_end_trans(module); +} + +static int update_kt_init(struct ldb_module *module) +{ + struct update_kt_private *data; + + data = talloc(module, struct update_kt_private); + if (data == NULL) { + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + module->private_data = data; + data->changed_dns = NULL; + + return ldb_next_init(module); +} + +static const struct ldb_module_ops update_kt_ops = { + .name = "update_keytab", + .init_context = update_kt_init, + .add = update_kt_add, + .modify = update_kt_modify, + .rename = update_kt_rename, + .del = update_kt_delete, + .end_transaction = update_kt_end_trans, + .del_transaction = update_kt_del_trans, +}; + +int ldb_update_kt_init(void) +{ + return ldb_register_module(&update_kt_ops); +} -- cgit From 4aa1f83ca5629bb2a086c7431e8e96301f6af79f Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 6 Feb 2007 12:27:23 +0000 Subject: r21179: Anything more complex than this causes the keytab never to be updated... Andrew Bartlett (This used to be commit c3977b4bae1e1b5e4ff4a64c7146534536685e91) --- source4/dsdb/samdb/ldb_modules/update_keytab.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/update_keytab.c b/source4/dsdb/samdb/ldb_modules/update_keytab.c index 411f8c98ef..fa61887bd5 100644 --- a/source4/dsdb/samdb/ldb_modules/update_keytab.c +++ b/source4/dsdb/samdb/ldb_modules/update_keytab.c @@ -61,7 +61,8 @@ static int add_modified(struct ldb_module *module, struct ldb_dn *dn, BOOL delet } cli_credentials_set_conf(item->creds); - filter = talloc_asprintf(item, "(&(&(objectClass=kerberosSecret)(&(privateKeytab=*)(|(secret=*)(ntPwdHash=*))))(dn=%s))", +/* filter = talloc_asprintf(item, "(&(&(&(objectClass=kerberosSecret)(privateKeytab=*))(|(secret=*)(ntPwdHash=*)))(distinguishedName=%s))", */ + filter = talloc_asprintf(item, "dn=%s", ldb_dn_get_linearized(dn)); status = cli_credentials_set_secrets(item->creds, module->ldb, NULL, filter); talloc_free(filter); -- cgit From e869883d801b79f4d13cf323b73a45fcd6d63492 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 13 Feb 2007 08:08:23 +0000 Subject: r21306: fix the RPC-LSA tests the admin couldn't no longer get the 'currentValue' attribute... this needs more works, but make it work again for now metze (This used to be commit 608d24f0016ff090b7de7fbd0bed85153bcc703d) --- source4/dsdb/samdb/ldb_modules/kludge_acl.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index 644217b99c..ff0dd062fb 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -126,6 +126,7 @@ static int kludge_acl_callback(struct ldb_context *ldb, void *context, struct ld { switch (ac->user_type) { case SYSTEM: + case ADMINISTRATOR: break; default: /* remove password attributes */ -- cgit From 43a0c615a3f2b8da0baa99090ed0049d13212085 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 13 Feb 2007 13:43:23 +0000 Subject: r21315: ldb now supports filters like (&(dn=%s)(&(objectClass=kerberosSecret)(privateKeytab=*))) again we can use such a filter:-) we should only update the keytab for records matching this filter, that means we need to do a search before calling cli_credentials_set_secrets() metze (This used to be commit 23adca4e3426360fe0685548ae2b808578f6ba75) --- source4/dsdb/samdb/ldb_modules/update_keytab.c | 34 +++++++++++++++++++++++--- 1 file changed, 30 insertions(+), 4 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/update_keytab.c b/source4/dsdb/samdb/ldb_modules/update_keytab.c index fa61887bd5..21c9539e91 100644 --- a/source4/dsdb/samdb/ldb_modules/update_keytab.c +++ b/source4/dsdb/samdb/ldb_modules/update_keytab.c @@ -45,10 +45,38 @@ struct update_kt_private { static int add_modified(struct ldb_module *module, struct ldb_dn *dn, BOOL delete) { struct update_kt_private *data = talloc_get_type(module->private_data, struct update_kt_private); - struct dn_list *item = talloc(data->changed_dns? (void *)data->changed_dns: (void *)data, struct dn_list); + struct dn_list *item; char *filter; + struct ldb_result *res; + const char *attrs[] = { NULL }; + int ret; NTSTATUS status; + + filter = talloc_asprintf(data, "(&(dn=%s)(&(objectClass=kerberosSecret)(privateKeytab=*)))", + ldb_dn_get_linearized(dn)); + if (!filter) { + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + ret = ldb_search(module->ldb, dn, LDB_SCOPE_BASE, + filter, attrs, &res); + if (ret != LDB_SUCCESS) { + talloc_free(filter); + return ret; + } + + if (res->count != 1) { + /* if it's not a kerberosSecret then we don't have anything to update */ + talloc_free(res); + talloc_free(filter); + return LDB_SUCCESS; + } + talloc_free(res); + + item = talloc(data->changed_dns? (void *)data->changed_dns: (void *)data, struct dn_list); if (!item) { + talloc_free(filter); ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } @@ -56,14 +84,12 @@ static int add_modified(struct ldb_module *module, struct ldb_dn *dn, BOOL delet item->creds = cli_credentials_init(item); if (!item->creds) { DEBUG(1, ("cli_credentials_init failed!")); + talloc_free(filter); ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } cli_credentials_set_conf(item->creds); -/* filter = talloc_asprintf(item, "(&(&(&(objectClass=kerberosSecret)(privateKeytab=*))(|(secret=*)(ntPwdHash=*)))(distinguishedName=%s))", */ - filter = talloc_asprintf(item, "dn=%s", - ldb_dn_get_linearized(dn)); status = cli_credentials_set_secrets(item->creds, module->ldb, NULL, filter); talloc_free(filter); if (NT_STATUS_IS_OK(status)) { -- cgit From 3b14713f6d583a33fc2b2bb8c2c3aab6f5928630 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 15 Feb 2007 12:54:58 +0000 Subject: r21362: rename: "ntPwdHash" => "unicodePwd" "lmPwdHash" => "dBCSPwd" "sambaLMPwdHistory" => "lmPwdHistory" "sambaNTPwdHistory" => "ntPwdHistory" Note: you need to reprovision after this change! metze (This used to be commit dc4242c09c0402cbfdba912f82892df3153456ad) --- source4/dsdb/samdb/ldb_modules/local_password.c | 8 ++-- source4/dsdb/samdb/ldb_modules/password_hash.c | 56 ++++++++++++------------- source4/dsdb/samdb/ldb_modules/samba3sam.c | 2 +- 3 files changed, 33 insertions(+), 33 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/local_password.c b/source4/dsdb/samdb/ldb_modules/local_password.c index 9e1cdd32b3..e72b7cb3a3 100644 --- a/source4/dsdb/samdb/ldb_modules/local_password.c +++ b/source4/dsdb/samdb/ldb_modules/local_password.c @@ -54,10 +54,10 @@ static const char * const password_attrs[] = { "sambaPassword", "krb5Key", - "ntPwdHash", - "lmPwdHash", - "sambaLMPwdHistory", - "sambaNTPwdHistory", + "unicodePwd", + "dBCSPwd", + "lmPwdHistory", + "ntPwdHistory", "msDS-KeyVersionNumber", "pwdLastSet" }; diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 9a72643ec9..201a5d295a 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -106,22 +106,22 @@ static int add_password_hashes(struct ldb_module *module, struct ldb_message *ms } if (is_mod) { - if (ldb_msg_add_empty(msg, "ntPwdHash", LDB_FLAG_MOD_REPLACE, NULL) != 0) { + if (ldb_msg_add_empty(msg, "unicodePwd", LDB_FLAG_MOD_REPLACE, NULL) != 0) { return LDB_ERR_OPERATIONS_ERROR; } - if (ldb_msg_add_empty(msg, "lmPwdHash", LDB_FLAG_MOD_REPLACE, NULL) != 0) { + if (ldb_msg_add_empty(msg, "dBCSPwd", LDB_FLAG_MOD_REPLACE, NULL) != 0) { return LDB_ERR_OPERATIONS_ERROR; } } /* compute the new nt and lm hashes */ E_md4hash(sambaPassword, tmp_hash.hash); - if (samdb_msg_add_hash(module->ldb, msg, msg, "ntPwdHash", &tmp_hash) != 0) { + if (samdb_msg_add_hash(module->ldb, msg, msg, "unicodePwd", &tmp_hash) != 0) { return LDB_ERR_OPERATIONS_ERROR; } if (E_deshash(sambaPassword, tmp_hash.hash)) { - if (samdb_msg_add_hash(module->ldb, msg, msg, "lmPwdHash", &tmp_hash) != 0) { + if (samdb_msg_add_hash(module->ldb, msg, msg, "dBCSPwd", &tmp_hash) != 0) { return LDB_ERR_OPERATIONS_ERROR; } } @@ -276,7 +276,7 @@ static int add_krb5_keys_from_NThash(struct ldb_module *module, struct ldb_messa key.mkvno = 0; key.salt = NULL; /* No salt for this enc type */ - ntPwdHash = samdb_result_hash(msg, msg, "ntPwdHash"); + ntPwdHash = samdb_result_hash(msg, msg, "unicodePwd"); if (ntPwdHash == NULL) { /* what happened ?! */ return LDB_ERR_OPERATIONS_ERROR; } @@ -362,14 +362,14 @@ static int setPwdHistory(struct ldb_module *module, struct ldb_message *msg, str int lm_hist_len; int i; - nt_hash = samdb_result_hash(msg, old_msg, "ntPwdHash"); - lm_hash = samdb_result_hash(msg, old_msg, "lmPwdHash"); + nt_hash = samdb_result_hash(msg, old_msg, "unicodePwd"); + lm_hash = samdb_result_hash(msg, old_msg, "dBCSPwd"); /* if no previous passwords just return */ if (nt_hash == NULL && lm_hash == NULL) return LDB_SUCCESS; - nt_hist_len = samdb_result_hashes(msg, old_msg, "sambaNTPwdHistory", &nt_history); - lm_hist_len = samdb_result_hashes(msg, old_msg, "sambaLMPwdHistory", &lm_history); + nt_hist_len = samdb_result_hashes(msg, old_msg, "ntPwdHistory", &nt_history); + lm_hist_len = samdb_result_hashes(msg, old_msg, "lmPwdHistory", &lm_history); /* We might not have an old NT password */ new_nt_history = talloc_array(msg, struct samr_Password, hlen); @@ -385,10 +385,10 @@ static int setPwdHistory(struct ldb_module *module, struct ldb_message *msg, str } else { ZERO_STRUCT(new_nt_history[0]); } - if (ldb_msg_add_empty(msg, "sambaNTPwdHistory", LDB_FLAG_MOD_REPLACE, NULL) != LDB_SUCCESS) { + if (ldb_msg_add_empty(msg, "ntPwdHistory", LDB_FLAG_MOD_REPLACE, NULL) != LDB_SUCCESS) { return LDB_ERR_OPERATIONS_ERROR; } - if (samdb_msg_add_hashes(msg, msg, "sambaNTPwdHistory", new_nt_history, nt_hist_len) != LDB_SUCCESS) { + if (samdb_msg_add_hashes(msg, msg, "ntPwdHistory", new_nt_history, nt_hist_len) != LDB_SUCCESS) { return LDB_ERR_OPERATIONS_ERROR; } @@ -408,10 +408,10 @@ static int setPwdHistory(struct ldb_module *module, struct ldb_message *msg, str } else { ZERO_STRUCT(new_lm_history[0]); } - if (ldb_msg_add_empty(msg, "sambaLMPwdHistory", LDB_FLAG_MOD_REPLACE, NULL) != LDB_SUCCESS) { + if (ldb_msg_add_empty(msg, "lmPwdHistory", LDB_FLAG_MOD_REPLACE, NULL) != LDB_SUCCESS) { return LDB_ERR_OPERATIONS_ERROR; } - if (samdb_msg_add_hashes(msg, msg, "sambaLMPwdHistory", new_lm_history, lm_hist_len) != LDB_SUCCESS) { + if (samdb_msg_add_hashes(msg, msg, "lmPwdHistory", new_lm_history, lm_hist_len) != LDB_SUCCESS) { return LDB_ERR_OPERATIONS_ERROR; } @@ -594,8 +594,8 @@ static int password_hash_add(struct ldb_module *module, struct ldb_request *req) } /* nobody must touch password Histories */ - if (ldb_msg_find_element(req->op.add.message, "sambaNTPwdHistory") || - ldb_msg_find_element(req->op.add.message, "sambaLMPwdHistory")) { + if (ldb_msg_find_element(req->op.add.message, "ntPwdHistory") || + ldb_msg_find_element(req->op.add.message, "lmPwdHistory")) { return LDB_ERR_UNWILLING_TO_PERFORM; } @@ -603,8 +603,8 @@ static int password_hash_add(struct ldb_module *module, struct ldb_request *req) * or LM hashes, then we don't need to make any changes. */ sambaAttr = ldb_msg_find_element(req->op.mod.message, "sambaPassword"); - ntAttr = ldb_msg_find_element(req->op.mod.message, "ntPwdHash"); - lmAttr = ldb_msg_find_element(req->op.mod.message, "lmPwdHash"); + ntAttr = ldb_msg_find_element(req->op.mod.message, "unicodePwd"); + lmAttr = ldb_msg_find_element(req->op.mod.message, "dBCSPwd"); if ((!sambaAttr) && (!ntAttr) && (!lmAttr)) { return ldb_next_request(module, req); @@ -788,14 +788,14 @@ static int password_hash_modify(struct ldb_module *module, struct ldb_request *r } /* nobody must touch password Histories */ - if (ldb_msg_find_element(req->op.mod.message, "sambaNTPwdHistory") || - ldb_msg_find_element(req->op.mod.message, "sambaLMPwdHistory")) { + if (ldb_msg_find_element(req->op.mod.message, "ntPwdHistory") || + ldb_msg_find_element(req->op.mod.message, "lmPwdHistory")) { return LDB_ERR_UNWILLING_TO_PERFORM; } sambaAttr = ldb_msg_find_element(req->op.mod.message, "sambaPassword"); - ntAttr = ldb_msg_find_element(req->op.mod.message, "ntPwdHash"); - lmAttr = ldb_msg_find_element(req->op.mod.message, "lmPwdHash"); + ntAttr = ldb_msg_find_element(req->op.mod.message, "unicodePwd"); + lmAttr = ldb_msg_find_element(req->op.mod.message, "dBCSPwd"); /* check passwords are single valued here */ /* TODO: remove this when passwords will be single valued in schema */ @@ -844,8 +844,8 @@ static int password_hash_modify(struct ldb_module *module, struct ldb_request *r /* - remove any imodification to the password from the first commit * we will make the real modification later */ if (sambaAttr) ldb_msg_remove_attr(msg, "sambaPassword"); - if (ntAttr) ldb_msg_remove_attr(msg, "ntPwdHash"); - if (lmAttr) ldb_msg_remove_attr(msg, "lmPwdHash"); + if (ntAttr) ldb_msg_remove_attr(msg, "unicodePwd"); + if (lmAttr) ldb_msg_remove_attr(msg, "dBCSPwd"); /* if there was nothing else to be modify skip to next step */ if (msg->num_elements == 0) { @@ -902,12 +902,12 @@ static int get_self_callback(struct ldb_context *ldb, void *context, struct ldb_ static int password_hash_mod_search_self(struct ldb_handle *h) { struct ph_context *ac; - static const char * const attrs[] = { "userAccountControl", "sambaLMPwdHistory", - "sambaNTPwdHistory", + static const char * const attrs[] = { "userAccountControl", "lmPwdHistory", + "ntPwdHistory", "objectSid", "msDS-KeyVersionNumber", "objectClass", "userPrincipalName", "samAccountName", - "lmPwdHash", "ntPwdHash", + "dBCSPwd", "unicodePwd", NULL }; ac = talloc_get_type(h->private_data, struct ph_context); @@ -1053,12 +1053,12 @@ static int password_hash_mod_do_mod(struct ldb_handle *h) { if (!added_hashes) { struct ldb_message_element *el; - el = ldb_msg_find_element(ac->orig_req->op.mod.message, "ntPwdHash"); + el = ldb_msg_find_element(ac->orig_req->op.mod.message, "unicodePwd"); if (ldb_msg_add(msg, el, el->flags) != 0) { return LDB_ERR_OPERATIONS_ERROR; } - el = ldb_msg_find_element(ac->orig_req->op.mod.message, "lmPwdHash"); + el = ldb_msg_find_element(ac->orig_req->op.mod.message, "dBCSPwd"); if (ldb_msg_add(msg, el, el->flags) != 0) { return LDB_ERR_OPERATIONS_ERROR; } diff --git a/source4/dsdb/samdb/ldb_modules/samba3sam.c b/source4/dsdb/samdb/ldb_modules/samba3sam.c index c66dbee360..170b859584 100644 --- a/source4/dsdb/samdb/ldb_modules/samba3sam.c +++ b/source4/dsdb/samdb/ldb_modules/samba3sam.c @@ -327,7 +327,7 @@ const struct ldb_map_attribute samba3_attributes[] = /* sambaLMPassword -> lmPwdHash*/ { - .local_name = "lmPwdHash", + .local_name = "dBCSPwd", .type = MAP_CONVERT, .u = { .convert = { -- cgit From 9a9b1978560b9758d69fbcd7028d098e363f7e8f Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 15 Feb 2007 13:01:18 +0000 Subject: r21364: cosmetic change: it's nicer to use the KEYTYPE_ macro for the keytype field... metze (This used to be commit e96aa8980097712d7666a85f17c7214486d99618) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 201a5d295a..58a408a3d9 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -231,7 +231,7 @@ static int add_krb5_keys_from_password(struct ldb_module *module, struct ldb_mes struct ldb_val val; int ret; - if (keys[i].key.keytype == ETYPE_ARCFOUR_HMAC_MD5) { + if (keys[i].key.keytype == KEYTYPE_ARCFOUR) { /* We might end up doing this below: * This ensures we get the unicode * conversion right. This should also @@ -282,7 +282,7 @@ static int add_krb5_keys_from_NThash(struct ldb_module *module, struct ldb_messa } krb5_ret = krb5_keyblock_init(smb_krb5_context->krb5_context, - ETYPE_ARCFOUR_HMAC_MD5, + KEYTYPE_ARCFOUR, ntPwdHash->hash, sizeof(ntPwdHash->hash), &key.key); if (krb5_ret) { -- cgit From 8a9a68b707963f071480e79618d33e858154263f Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 16 Feb 2007 17:36:58 +0000 Subject: r21395: fix comments metze (This used to be commit 97fc985bd062b6ad5a58dd6ce883a637043283a1) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 58a408a3d9..a2fe2a85db 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -56,7 +56,7 @@ * Once this is done (which could update anything at all), we * calculate the password hashes. * - * This function must not only update the ntPwdHash, lmPwdHash and + * This function must not only update the unicodePwd, dBCSPwd and * krb5Key fields, it must also atomicly increment the * msDS-KeyVersionNumber. We should be in a transaction, so all this * should be quite safe... @@ -625,11 +625,11 @@ static int password_hash_add(struct ldb_module *module, struct ldb_request *req) } if (ntAttr && (ntAttr->num_values > 1)) { - ldb_set_errstring(module->ldb, "mupltiple values for lmPwdHash not allowed!\n"); + ldb_set_errstring(module->ldb, "mupltiple values for unicodePwd not allowed!\n"); return LDB_ERR_CONSTRAINT_VIOLATION; } if (lmAttr && (lmAttr->num_values > 1)) { - ldb_set_errstring(module->ldb, "mupltiple values for lmPwdHash not allowed!\n"); + ldb_set_errstring(module->ldb, "mupltiple values for dBCSPwd not allowed!\n"); return LDB_ERR_CONSTRAINT_VIOLATION; } @@ -639,11 +639,11 @@ static int password_hash_add(struct ldb_module *module, struct ldb_request *req) } if (ntAttr && (ntAttr->num_values == 0)) { - ldb_set_errstring(module->ldb, "lmPwdHash must have a value!\n"); + ldb_set_errstring(module->ldb, "unicodePwd must have a value!\n"); return LDB_ERR_CONSTRAINT_VIOLATION; } if (lmAttr && (lmAttr->num_values == 0)) { - ldb_set_errstring(module->ldb, "lmPwdHash must have a value!\n"); + ldb_set_errstring(module->ldb, "dBCSPwd must have a value!\n"); return LDB_ERR_CONSTRAINT_VIOLATION; } @@ -733,7 +733,7 @@ static int password_hash_add_do_add(struct ldb_handle *h) { } } - /* add also krb5 keys based on NT the hash (we might have ntPwdHash, but not the cleartext */ + /* add also krb5 keys based on NT the hash (we might have unicodePwd, but not the cleartext */ ret = add_krb5_keys_from_NThash(ac->module, msg, smb_krb5_context); if (ret != LDB_SUCCESS) { return ret; @@ -809,7 +809,7 @@ static int password_hash_modify(struct ldb_module *module, struct ldb_request *r return LDB_ERR_CONSTRAINT_VIOLATION; } - /* If no part of this touches the sambaPassword OR ntPwdHash and/or lmPwdHash, then we don't + /* If no part of this touches the sambaPassword OR unicodePwd and/or dBCSPwd, then we don't * need to make any changes. For password changes/set there should * be a 'delete' or a 'modify' on this attribute. */ /* If the only operation is the deletion of the passwords then go on */ -- cgit From 6e2d85e38baa2221c2d31d2246567e7523e00fd6 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sun, 18 Feb 2007 22:01:02 +0000 Subject: r21434: - get rid of "krb5Key" - use "sambaPassword" only as virtual attribute for passing the cleartext password (in unix charset) into the ldb layer - store des-cbc-crc, des-cbc-md5 keys in the Primary:Kerberos blob to match w2k and w2k3 - aes key support is disabled by default, as we don't know exacly how longhorn stores them. use password_hash:create_aes_key=yes to force creation of them. - store the cleartext password in the Primary:CLEARTEXT blob if configured TODO: - find out how longhorn stores aes keys - find out how the Primary:WDigest blob needs to be constructed (not supported by w2k) metze (This used to be commit e20b53f6feaaca2cc81ee7d296ca3ff757ee3953) --- source4/dsdb/samdb/ldb_modules/local_password.c | 3 +- source4/dsdb/samdb/ldb_modules/password_hash.c | 1088 +++++++++++++++-------- 2 files changed, 732 insertions(+), 359 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/local_password.c b/source4/dsdb/samdb/ldb_modules/local_password.c index e72b7cb3a3..1a49ed5847 100644 --- a/source4/dsdb/samdb/ldb_modules/local_password.c +++ b/source4/dsdb/samdb/ldb_modules/local_password.c @@ -52,8 +52,7 @@ */ static const char * const password_attrs[] = { - "sambaPassword", - "krb5Key", + "supplementalCredentials", "unicodePwd", "dBCSPwd", "lmPwdHistory", diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index a2fe2a85db..a31486fdda 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -45,6 +45,8 @@ #include "dsdb/common/flags.h" #include "hdb.h" #include "dsdb/samdb/ldb_modules/password_modules.h" +#include "librpc/ndr/libndr.h" +#include "librpc/gen_ndr/ndr_drsblobs.h" /* If we have decided there is reason to work on this request, then * setup all the password hash types correctly. @@ -57,7 +59,7 @@ * calculate the password hashes. * * This function must not only update the unicodePwd, dBCSPwd and - * krb5Key fields, it must also atomicly increment the + * supplementalCredentials fields, it must also atomicly increment the * msDS-KeyVersionNumber. We should be in a transaction, so all this * should be quite safe... * @@ -95,324 +97,660 @@ struct domain_data { char *realm; }; -static int add_password_hashes(struct ldb_module *module, struct ldb_message *msg, int is_mod) +struct setup_password_fields_io { + struct ph_context *ac; + struct domain_data *domain; + struct smb_krb5_context *smb_krb5_context; + + /* infos about the user account */ + struct { + uint32_t user_account_control; + const char *sAMAccountName; + const char *user_principal_name; + bool is_computer; + } u; + + /* new credentials */ + struct { + const char *cleartext; + struct samr_Password *nt_hash; + struct samr_Password *lm_hash; + } n; + + /* old credentials */ + struct { + uint32_t nt_history_len; + struct samr_Password *nt_history; + uint32_t lm_history_len; + struct samr_Password *lm_history; + const struct ldb_val *supplemental; + struct supplementalCredentialsBlob scb; + uint32_t kvno; + } o; + + /* generated credentials */ + struct { + struct samr_Password *nt_hash; + struct samr_Password *lm_hash; + uint32_t nt_history_len; + struct samr_Password *nt_history; + uint32_t lm_history_len; + struct samr_Password *lm_history; + struct ldb_val supplemental; + NTTIME last_set; + uint32_t kvno; + } g; +}; + +static int setup_nt_fields(struct setup_password_fields_io *io) { - const char *sambaPassword; - struct samr_Password tmp_hash; - - sambaPassword = ldb_msg_find_attr_as_string(msg, "sambaPassword", NULL); - if (sambaPassword == NULL) { /* impossible, what happened ?! */ - return LDB_ERR_CONSTRAINT_VIOLATION; + uint32_t i; + + io->g.nt_hash = io->n.nt_hash; + + if (io->domain->pwdHistoryLength == 0) { + return LDB_SUCCESS; } - if (is_mod) { - if (ldb_msg_add_empty(msg, "unicodePwd", LDB_FLAG_MOD_REPLACE, NULL) != 0) { - return LDB_ERR_OPERATIONS_ERROR; - } - if (ldb_msg_add_empty(msg, "dBCSPwd", LDB_FLAG_MOD_REPLACE, NULL) != 0) { - return LDB_ERR_OPERATIONS_ERROR; - } - } + /* We might not have an old NT password */ + io->g.nt_history = talloc_array(io->ac, + struct samr_Password, + io->domain->pwdHistoryLength); + if (!io->g.nt_history) { + ldb_oom(io->ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + for (i = 0; i < MIN(io->domain->pwdHistoryLength-1, io->o.nt_history_len); i++) { + io->g.nt_history[i+1] = io->o.nt_history[i]; + } + io->g.nt_history_len = i + 1; - /* compute the new nt and lm hashes */ - E_md4hash(sambaPassword, tmp_hash.hash); - if (samdb_msg_add_hash(module->ldb, msg, msg, "unicodePwd", &tmp_hash) != 0) { + if (io->g.nt_hash) { + io->g.nt_history[0] = *io->g.nt_hash; + } else { + /* + * TODO: is this correct? + * the simular behavior is correct for the lm history case + */ + E_md4hash("", io->g.nt_history[0].hash); + } + + return LDB_SUCCESS; +} + +static int setup_lm_fields(struct setup_password_fields_io *io) +{ + uint32_t i; + + io->g.lm_hash = io->n.lm_hash; + + if (io->domain->pwdHistoryLength == 0) { + return LDB_SUCCESS; + } + + /* We might not have an old NT password */ + io->g.lm_history = talloc_array(io->ac, + struct samr_Password, + io->domain->pwdHistoryLength); + if (!io->g.lm_history) { + ldb_oom(io->ac->module->ldb); return LDB_ERR_OPERATIONS_ERROR; } - if (E_deshash(sambaPassword, tmp_hash.hash)) { - if (samdb_msg_add_hash(module->ldb, msg, msg, "dBCSPwd", &tmp_hash) != 0) { - return LDB_ERR_OPERATIONS_ERROR; - } + for (i = 0; i < MIN(io->domain->pwdHistoryLength-1, io->o.lm_history_len); i++) { + io->g.lm_history[i+1] = io->o.lm_history[i]; + } + io->g.lm_history_len = i + 1; + + if (io->g.lm_hash) { + io->g.lm_history[0] = *io->g.lm_hash; + } else { + E_deshash("", io->g.lm_history[0].hash); } return LDB_SUCCESS; } -static int add_krb5_keys_from_password(struct ldb_module *module, struct ldb_message *msg, - struct smb_krb5_context *smb_krb5_context, - struct domain_data *domain, - const char *samAccountName, - const char *user_principal_name, - int is_computer) +static int setup_primary_kerberos(struct setup_password_fields_io *io, + const struct supplementalCredentialsBlob *old_scb, + struct package_PrimaryKerberosBlob *pkb) { - const char *sambaPassword; - Principal *salt_principal; krb5_error_code krb5_ret; - size_t num_keys; - Key *keys; - int i; + Principal *salt_principal; + krb5_salt salt; + krb5_keyblock key; + uint32_t k=0; + struct supplementalCredentialsPackage *old_scp = NULL; + struct package_PrimaryKerberosBlob _old_pkb; + struct package_PrimaryKerberosBlob *old_pkb = NULL; + uint32_t i; + NTSTATUS status; /* Many, many thanks to lukeh@padl.com for this * algorithm, described in his Nov 10 2004 mail to * samba-technical@samba.org */ - sambaPassword = ldb_msg_find_attr_as_string(msg, "sambaPassword", NULL); - if (sambaPassword == NULL) { /* impossible, what happened ?! */ - return LDB_ERR_OPERATIONS_ERROR; - } - - if (is_computer) { - /* Determine a salting principal */ - char *name = talloc_strdup(msg, samAccountName); + /* + * Determine a salting principal + */ + if (io->u.is_computer) { + char *name; char *saltbody; - if (name == NULL) { - ldb_asprintf_errstring(module->ldb, - "password_hash_handle: " - "generation of new kerberos keys failed: %s is a computer without a samAccountName", - ldb_dn_get_linearized(msg->dn)); + + name = talloc_strdup(io->ac, io->u.sAMAccountName); + if (!name) { + ldb_oom(io->ac->module->ldb); return LDB_ERR_OPERATIONS_ERROR; } + if (name[strlen(name)-1] == '$') { name[strlen(name)-1] = '\0'; } - saltbody = talloc_asprintf(msg, "%s.%s", name, domain->dns_domain); + + saltbody = talloc_asprintf(io->ac, "%s.%s", name, io->domain->dns_domain); + if (!saltbody) { + ldb_oom(io->ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } - krb5_ret = krb5_make_principal(smb_krb5_context->krb5_context, - &salt_principal, - domain->realm, "host", - saltbody, NULL); - } else if (user_principal_name) { + krb5_ret = krb5_make_principal(io->smb_krb5_context->krb5_context, + &salt_principal, + io->domain->realm, "host", + saltbody, NULL); + } else if (io->u.user_principal_name) { + char *user_principal_name; char *p; - user_principal_name = talloc_strdup(msg, user_principal_name); - if (user_principal_name == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } else { - p = strchr(user_principal_name, '@'); - if (p) { - p[0] = '\0'; - } - krb5_ret = krb5_make_principal(smb_krb5_context->krb5_context, - &salt_principal, - domain->realm, user_principal_name, NULL); - } - } else { - if (!samAccountName) { - ldb_asprintf_errstring(module->ldb, - "password_hash_handle: " - "generation of new kerberos keys failed: %s has no samAccountName", - ldb_dn_get_linearized(msg->dn)); + + user_principal_name = talloc_strdup(io->ac, io->u.user_principal_name); + if (!user_principal_name) { + ldb_oom(io->ac->module->ldb); return LDB_ERR_OPERATIONS_ERROR; } - krb5_ret = krb5_make_principal(smb_krb5_context->krb5_context, - &salt_principal, - domain->realm, samAccountName, - NULL); + + p = strchr(user_principal_name, '@'); + if (p) { + p[0] = '\0'; + } + + krb5_ret = krb5_make_principal(io->smb_krb5_context->krb5_context, + &salt_principal, + io->domain->realm, user_principal_name, + NULL); + } else { + krb5_ret = krb5_make_principal(io->smb_krb5_context->krb5_context, + &salt_principal, + io->domain->realm, io->u.sAMAccountName, + NULL); + } + if (krb5_ret) { + ldb_asprintf_errstring(io->ac->module->ldb, + "setup_primary_kerberos: " + "generation of a salting principal failed: %s", + smb_get_krb5_error_message(io->smb_krb5_context->krb5_context, krb5_ret, io->ac)); + return LDB_ERR_OPERATIONS_ERROR; } + /* + * create salt from salt_principal + */ + krb5_ret = krb5_get_pw_salt(io->smb_krb5_context->krb5_context, + salt_principal, &salt); + krb5_free_principal(io->smb_krb5_context->krb5_context, salt_principal); if (krb5_ret) { - ldb_asprintf_errstring(module->ldb, - "password_hash_handle: " - "generation of a saltking principal failed: %s", - smb_get_krb5_error_message(smb_krb5_context->krb5_context, krb5_ret, msg)); + ldb_asprintf_errstring(io->ac->module->ldb, + "setup_primary_kerberos: " + "generation of krb5_salt failed: %s", + smb_get_krb5_error_message(io->smb_krb5_context->krb5_context, krb5_ret, io->ac)); + return LDB_ERR_OPERATIONS_ERROR; + } + /* create a talloc copy */ + pkb->salt.string = talloc_strndup(io->ac, + salt.saltvalue.data, + salt.saltvalue.length); + krb5_free_salt(io->smb_krb5_context->krb5_context, salt); + if (!pkb->salt.string) { + ldb_oom(io->ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + salt.saltvalue.data = discard_const(pkb->salt.string); + salt.saltvalue.length = strlen(pkb->salt.string); + + /* + * prepare generation of keys + * + * ENCTYPE_AES256_CTS_HMAC_SHA1_96 (disabled by default) + * ENCTYPE_DES_CBC_MD5 + * ENCTYPE_DES_CBC_CRC + * + * NOTE: update num_keys1 when you add another enctype! + */ + pkb->num_keys1 = 0; + pkb->keys1 = talloc_array(io->ac, struct package_PrimaryKerberosKey, 3); + if (!pkb->keys1) { + ldb_oom(io->ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + pkb->unknown3_1 = talloc_zero_array(io->ac, uint64_t, pkb->num_keys1); + if (!pkb->unknown3_1) { + ldb_oom(io->ac->module->ldb); return LDB_ERR_OPERATIONS_ERROR; } - /* TODO: We may wish to control the encryption types chosen in future */ - krb5_ret = hdb_generate_key_set_password(smb_krb5_context->krb5_context, - salt_principal, sambaPassword, &keys, &num_keys); - krb5_free_principal(smb_krb5_context->krb5_context, salt_principal); +if (lp_parm_bool(-1, "password_hash", "create_aes_key", false)) { +/* + * TODO: + * + * w2k and w2k3 doesn't support AES, so we'll not include + * the AES key here yet. + * + * Also we don't have an example supplementalCredentials blob + * from Windows Longhorn Server with AES support + * + */ + /* + * create ENCTYPE_AES256_CTS_HMAC_SHA1_96 key out of + * the salt and the cleartext password + */ + krb5_ret = krb5_string_to_key_salt(io->smb_krb5_context->krb5_context, + ENCTYPE_AES256_CTS_HMAC_SHA1_96, + io->n.cleartext, + salt, + &key); + pkb->keys1[k].keytype = ENCTYPE_AES256_CTS_HMAC_SHA1_96; + pkb->keys1[k].value = talloc(pkb->keys1, DATA_BLOB); + if (!pkb->keys1[k].value) { + krb5_free_keyblock_contents(io->smb_krb5_context->krb5_context, &key); + ldb_oom(io->ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + *pkb->keys1[k].value = data_blob_talloc(pkb->keys1[k].value, + key.keyvalue.data, + key.keyvalue.length); + krb5_free_keyblock_contents(io->smb_krb5_context->krb5_context, &key); + if (!pkb->keys1[k].value->data) { + ldb_oom(io->ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + k++; +} - if (krb5_ret) { - ldb_asprintf_errstring(module->ldb, - "password_hash_handle: " - "generation of new kerberos keys failed: %s", - smb_get_krb5_error_message(smb_krb5_context->krb5_context, krb5_ret, msg)); + /* + * create ENCTYPE_DES_CBC_MD5 key out of + * the salt and the cleartext password + */ + krb5_ret = krb5_string_to_key_salt(io->smb_krb5_context->krb5_context, + ENCTYPE_DES_CBC_MD5, + io->n.cleartext, + salt, + &key); + pkb->keys1[k].keytype = ENCTYPE_DES_CBC_MD5; + pkb->keys1[k].value = talloc(pkb->keys1, DATA_BLOB); + if (!pkb->keys1[k].value) { + krb5_free_keyblock_contents(io->smb_krb5_context->krb5_context, &key); + ldb_oom(io->ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + *pkb->keys1[k].value = data_blob_talloc(pkb->keys1[k].value, + key.keyvalue.data, + key.keyvalue.length); + krb5_free_keyblock_contents(io->smb_krb5_context->krb5_context, &key); + if (!pkb->keys1[k].value->data) { + ldb_oom(io->ac->module->ldb); return LDB_ERR_OPERATIONS_ERROR; } + k++; - /* Walking all the key types generated, transform each - * key into an ASN.1 blob + /* + * create ENCTYPE_DES_CBC_CRC key out of + * the salt and the cleartext password */ - for (i=0; i < num_keys; i++) { - unsigned char *buf; - size_t buf_size; - size_t len; - struct ldb_val val; - int ret; - - if (keys[i].key.keytype == KEYTYPE_ARCFOUR) { - /* We might end up doing this below: - * This ensures we get the unicode - * conversion right. This should also - * be fixed in the Heimdal libs */ + krb5_ret = krb5_string_to_key_salt(io->smb_krb5_context->krb5_context, + ENCTYPE_DES_CBC_CRC, + io->n.cleartext, + salt, + &key); + pkb->keys1[k].keytype = ENCTYPE_DES_CBC_CRC; + pkb->keys1[k].value = talloc(pkb->keys1, DATA_BLOB); + if (!pkb->keys1[k].value) { + krb5_free_keyblock_contents(io->smb_krb5_context->krb5_context, &key); + ldb_oom(io->ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + *pkb->keys1[k].value = data_blob_talloc(pkb->keys1[k].value, + key.keyvalue.data, + key.keyvalue.length); + krb5_free_keyblock_contents(io->smb_krb5_context->krb5_context, &key); + if (!pkb->keys1[k].value->data) { + ldb_oom(io->ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + k++; + + /* fix up key number */ + pkb->num_keys1 = k; + + /* initialize the old keys to zero */ + pkb->num_keys2 = 0; + pkb->keys2 = NULL; + pkb->unknown3_2 = NULL; + + /* if there're no old keys, then we're done */ + if (!old_scb) { + return LDB_SUCCESS; + } + + for (i=0; i < old_scb->sub.num_packages; i++) { + if (old_scb->sub.packages[i].unknown1 != 0x00000001) { continue; } - ASN1_MALLOC_ENCODE(Key, buf, buf_size, &keys[i], &len, krb5_ret); - if (krb5_ret) { - return LDB_ERR_OPERATIONS_ERROR; + + if (strcmp("Primary:Kerberos", old_scb->sub.packages[i].name) != 0) { + continue; } - - val.data = talloc_memdup(msg, buf, len); - val.length = len; - free(buf); - if (!val.data || krb5_ret) { - hdb_free_keys (smb_krb5_context->krb5_context, num_keys, keys); + + if (!old_scb->sub.packages[i].data || !old_scb->sub.packages[i].data[0]) { + continue; + } + + old_scp = &old_scb->sub.packages[i]; + break; + } + /* Primary:Kerberos element of supplementalCredentials */ + if (old_scp) { + DATA_BLOB blob; + + blob = strhex_to_data_blob(old_scp->data); + if (!blob.data) { + ldb_oom(io->ac->module->ldb); return LDB_ERR_OPERATIONS_ERROR; } - ret = ldb_msg_add_value(msg, "krb5Key", &val, NULL); - if (ret != LDB_SUCCESS) { - hdb_free_keys (smb_krb5_context->krb5_context, num_keys, keys); - return ret; + talloc_steal(io->ac, blob.data); + + /* TODO: use ndr_pull_struct_blob_all(), when the ndr layer handles it correct with relative pointers */ + status = ndr_pull_struct_blob(&blob, io->ac, &_old_pkb, + (ndr_pull_flags_fn_t)ndr_pull_package_PrimaryKerberosBlob); + if (!NT_STATUS_IS_OK(status)) { + ldb_asprintf_errstring(io->ac->module->ldb, + "setup_primary_kerberos: " + "failed to pull old package_PrimaryKerberosBlob: %s", + nt_errstr(status)); + return LDB_ERR_OPERATIONS_ERROR; } + old_pkb = &_old_pkb; } - - hdb_free_keys (smb_krb5_context->krb5_context, num_keys, keys); + + /* if we didn't found the old keys we're done */ + if (!old_pkb) { + return LDB_SUCCESS; + } + + /* fill in the old keys */ + pkb->num_keys2 = old_pkb->num_keys1; + pkb->keys2 = old_pkb->keys1; + pkb->unknown3_2 = old_pkb->unknown3_1; return LDB_SUCCESS; } -static int add_krb5_keys_from_NThash(struct ldb_module *module, struct ldb_message *msg, - struct smb_krb5_context *smb_krb5_context) +static int setup_supplemental_field(struct setup_password_fields_io *io) { - struct samr_Password *ntPwdHash; - krb5_error_code krb5_ret; - unsigned char *buf; - size_t buf_size; - size_t len; - struct ldb_val val; - Key key; - - key.mkvno = 0; - key.salt = NULL; /* No salt for this enc type */ + struct supplementalCredentialsBlob scb; + struct supplementalCredentialsBlob _old_scb; + struct supplementalCredentialsBlob *old_scb = NULL; + /* Packages + (Kerberos and maybe CLEARTEXT) */ + uint32_t num_packages = 1 + 1; + struct supplementalCredentialsPackage packages[1+2]; + struct supplementalCredentialsPackage *pp = &packages[0]; + struct supplementalCredentialsPackage *pk = &packages[1]; + struct supplementalCredentialsPackage *pc = NULL; + struct package_PackagesBlob pb; + DATA_BLOB pb_blob; + char *pb_hexstr; + struct package_PrimaryKerberosBlob pkb; + DATA_BLOB pkb_blob; + char *pkb_hexstr; + struct package_PrimaryCLEARTEXTBlob pcb; + DATA_BLOB pcb_blob; + char *pcb_hexstr; + int ret; + NTSTATUS status; + uint8_t zero16[16]; + + ZERO_STRUCT(zero16); + + if (!io->n.cleartext) { + /* + * when we don't have a cleartext password + * we can't setup a supplementalCredential value + */ + return LDB_SUCCESS; + } + + /* if there's an old supplementaCredentials blob then parse it */ + if (io->o.supplemental) { + status = ndr_pull_struct_blob_all(io->o.supplemental, io->ac, &_old_scb, + (ndr_pull_flags_fn_t)ndr_pull_supplementalCredentialsBlob); + if (!NT_STATUS_IS_OK(status)) { + ldb_asprintf_errstring(io->ac->module->ldb, + "setup_supplemental_field: " + "failed to pull old supplementalCredentialsBlob: %s", + nt_errstr(status)); + return LDB_ERR_OPERATIONS_ERROR; + } - ntPwdHash = samdb_result_hash(msg, msg, "unicodePwd"); - if (ntPwdHash == NULL) { /* what happened ?! */ - return LDB_ERR_OPERATIONS_ERROR; + old_scb = &_old_scb; } - krb5_ret = krb5_keyblock_init(smb_krb5_context->krb5_context, - KEYTYPE_ARCFOUR, - ntPwdHash->hash, sizeof(ntPwdHash->hash), - &key.key); - if (krb5_ret) { - return LDB_ERR_OPERATIONS_ERROR; + if (io->domain->store_cleartext && + (io->u.user_account_control & UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED)) { + pc = &packages[2]; + num_packages++; } - ASN1_MALLOC_ENCODE(Key, buf, buf_size, &key, &len, krb5_ret); - if (krb5_ret) { + + /* Kerberos, CLEARTEXT and termination(counted by the Packages element) */ + pb.names = talloc_zero_array(io->ac, const char *, num_packages); + + /* + * setup 'Primary:Kerberos' element + */ + pb.names[0] = "Kerberos"; + + ret = setup_primary_kerberos(io, old_scb, &pkb); + if (ret != LDB_SUCCESS) { + return ret; + } + + status = ndr_push_struct_blob(&pkb_blob, io->ac, &pkb, + (ndr_push_flags_fn_t)ndr_push_package_PrimaryKerberosBlob); + if (!NT_STATUS_IS_OK(status)) { + ldb_asprintf_errstring(io->ac->module->ldb, + "setup_supplemental_field: " + "failed to push package_PrimaryKerberosBlob: %s", + nt_errstr(status)); return LDB_ERR_OPERATIONS_ERROR; } - krb5_free_keyblock_contents(smb_krb5_context->krb5_context, - &key.key); - - val.data = talloc_memdup(msg, buf, len); - val.length = len; - free(buf); - if (!val.data) { + /* + * TODO: + * + * This is ugly, but we want to generate the same blob as + * w2k and w2k3...we should handle this in the idl + */ + status = data_blob_append(io->ac, &pkb_blob, zero16, sizeof(zero16)); + if (!NT_STATUS_IS_OK(status)) { + ldb_oom(io->ac->module->ldb); return LDB_ERR_OPERATIONS_ERROR; } - if (ldb_msg_add_value(msg, "krb5Key", &val, NULL) != 0) { + pkb_hexstr = data_blob_hex_string(io->ac, &pkb_blob); + if (!pkb_hexstr) { + ldb_oom(io->ac->module->ldb); return LDB_ERR_OPERATIONS_ERROR; } + pk->name = "Primary:Kerberos"; + pk->unknown1 = 1; + pk->data = pkb_hexstr; - return LDB_SUCCESS; -} - -static int set_pwdLastSet(struct ldb_module *module, struct ldb_message *msg, int is_mod) -{ - NTTIME now_nt; - - /* set it as now */ - unix_to_nt_time(&now_nt, time(NULL)); - - if (!is_mod) { - /* be sure there isn't a 0 value set (eg. coming from the template) */ - ldb_msg_remove_attr(msg, "pwdLastSet"); - /* add */ - if (ldb_msg_add_empty(msg, "pwdLastSet", LDB_FLAG_MOD_ADD, NULL) != 0) { + /* + * setup 'Primary:CLEARTEXT' element + */ + if (pc) { + pb.names[1] = "CLEARTEXT"; + + pcb.cleartext = io->n.cleartext; + + status = ndr_push_struct_blob(&pcb_blob, io->ac, &pcb, + (ndr_push_flags_fn_t)ndr_push_package_PrimaryCLEARTEXTBlob); + if (!NT_STATUS_IS_OK(status)) { + ldb_asprintf_errstring(io->ac->module->ldb, + "setup_supplemental_field: " + "failed to push package_PrimaryCLEARTEXTBlob: %s", + nt_errstr(status)); return LDB_ERR_OPERATIONS_ERROR; } - } else { - /* replace */ - if (ldb_msg_add_empty(msg, "pwdLastSet", LDB_FLAG_MOD_REPLACE, NULL) != 0) { + pcb_hexstr = data_blob_hex_string(io->ac, &pcb_blob); + if (!pcb_hexstr) { + ldb_oom(io->ac->module->ldb); return LDB_ERR_OPERATIONS_ERROR; } + pc->name = "Primary:CLEARTEXT"; + pc->unknown1 = 1; + pc->data = pcb_hexstr; } - if (samdb_msg_add_uint64(module->ldb, msg, msg, "pwdLastSet", now_nt) != 0) { + /* + * setup 'Packages' element + */ + status = ndr_push_struct_blob(&pb_blob, io->ac, &pb, + (ndr_push_flags_fn_t)ndr_push_package_PackagesBlob); + if (!NT_STATUS_IS_OK(status)) { + ldb_asprintf_errstring(io->ac->module->ldb, + "setup_supplemental_field: " + "failed to push package_PackagesBlob: %s", + nt_errstr(status)); return LDB_ERR_OPERATIONS_ERROR; } - - return LDB_SUCCESS; -} - -static int add_keyVersionNumber(struct ldb_module *module, struct ldb_message *msg, int previous) -{ - /* replace or add */ - if (ldb_msg_add_empty(msg, "msDS-KeyVersionNumber", LDB_FLAG_MOD_REPLACE, NULL) != 0) { + pb_hexstr = data_blob_hex_string(io->ac, &pb_blob); + if (!pb_hexstr) { + ldb_oom(io->ac->module->ldb); return LDB_ERR_OPERATIONS_ERROR; } + pp->name = "Packages"; + pp->unknown1 = 2; + pp->data = pb_hexstr; - if (samdb_msg_add_uint(module->ldb, msg, msg, "msDS-KeyVersionNumber", previous+1) != 0) { + /* + * setup 'supplementalCredentials' value + */ + scb.sub.num_packages = num_packages; + scb.sub.packages = packages; + + status = ndr_push_struct_blob(&io->g.supplemental, io->ac, &scb, + (ndr_push_flags_fn_t)ndr_push_supplementalCredentialsBlob); + if (!NT_STATUS_IS_OK(status)) { + ldb_asprintf_errstring(io->ac->module->ldb, + "setup_supplemental_field: " + "failed to push supplementalCredentialsBlob: %s", + nt_errstr(status)); return LDB_ERR_OPERATIONS_ERROR; } return LDB_SUCCESS; } -static int setPwdHistory(struct ldb_module *module, struct ldb_message *msg, struct ldb_message *old_msg, int hlen) +static int setup_last_set_field(struct setup_password_fields_io *io) { - struct samr_Password *nt_hash; - struct samr_Password *lm_hash; - struct samr_Password *nt_history; - struct samr_Password *lm_history; - struct samr_Password *new_nt_history; - struct samr_Password *new_lm_history; - int nt_hist_len; - int lm_hist_len; - int i; + /* set it as now */ + unix_to_nt_time(&io->g.last_set, time(NULL)); - nt_hash = samdb_result_hash(msg, old_msg, "unicodePwd"); - lm_hash = samdb_result_hash(msg, old_msg, "dBCSPwd"); + return LDB_SUCCESS; +} - /* if no previous passwords just return */ - if (nt_hash == NULL && lm_hash == NULL) return LDB_SUCCESS; +static int setup_kvno_field(struct setup_password_fields_io *io) +{ + /* increment by one */ + io->g.kvno = io->o.kvno + 1; - nt_hist_len = samdb_result_hashes(msg, old_msg, "ntPwdHistory", &nt_history); - lm_hist_len = samdb_result_hashes(msg, old_msg, "lmPwdHistory", &lm_history); + return LDB_SUCCESS; +} - /* We might not have an old NT password */ - new_nt_history = talloc_array(msg, struct samr_Password, hlen); - if (new_nt_history == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - for (i = 0; i < MIN(hlen-1, nt_hist_len); i++) { - new_nt_history[i+1] = nt_history[i]; - } - nt_hist_len = i + 1; - if (nt_hash) { - new_nt_history[0] = *nt_hash; - } else { - ZERO_STRUCT(new_nt_history[0]); +static int setup_password_fields(struct setup_password_fields_io *io) +{ + bool ok; + int ret; + + /* + * refuse the change if someone want to change the cleartext + * and supply his own hashes at the same time... + */ + if (io->n.cleartext && (io->n.nt_hash || io->n.lm_hash)) { + ldb_asprintf_errstring(io->ac->module->ldb, + "setup_password_fields: " + "it's only allowed to set the cleartext password or the password hashes"); + return LDB_ERR_UNWILLING_TO_PERFORM; } - if (ldb_msg_add_empty(msg, "ntPwdHistory", LDB_FLAG_MOD_REPLACE, NULL) != LDB_SUCCESS) { - return LDB_ERR_OPERATIONS_ERROR; + + if (io->n.cleartext && !io->n.nt_hash) { + struct samr_Password *hash; + + hash = talloc(io->ac, struct samr_Password); + if (!hash) { + ldb_oom(io->ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + /* compute the new nt hash */ + ok = E_md4hash(io->n.cleartext, hash->hash); + if (ok) { + io->n.nt_hash = hash; + } else { + ldb_asprintf_errstring(io->ac->module->ldb, + "setup_password_fields: " + "failed to generate nthash from cleartext password"); + return LDB_ERR_OPERATIONS_ERROR; + } } - if (samdb_msg_add_hashes(msg, msg, "ntPwdHistory", new_nt_history, nt_hist_len) != LDB_SUCCESS) { - return LDB_ERR_OPERATIONS_ERROR; + + if (io->n.cleartext && !io->n.lm_hash) { + struct samr_Password *hash; + + hash = talloc(io->ac, struct samr_Password); + if (!hash) { + ldb_oom(io->ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + /* compute the new lm hash */ + ok = E_deshash(io->n.cleartext, hash->hash); + if (ok) { + io->n.lm_hash = hash; + } else { + talloc_free(hash->hash); + } } - - /* Don't store 'long' passwords in the LM history, - but make sure to 'expire' one password off the other end */ - new_lm_history = talloc_array(msg, struct samr_Password, hlen); - if (new_lm_history == NULL) { - return LDB_ERR_OPERATIONS_ERROR; + ret = setup_nt_fields(io); + if (ret != 0) { + return ret; } - for (i = 0; i < MIN(hlen-1, lm_hist_len); i++) { - new_lm_history[i+1] = lm_history[i]; + + ret = setup_lm_fields(io); + if (ret != 0) { + return ret; } - lm_hist_len = i + 1; - if (lm_hash) { - new_lm_history[0] = *lm_hash; - } else { - ZERO_STRUCT(new_lm_history[0]); + + ret = setup_supplemental_field(io); + if (ret != 0) { + return ret; } - if (ldb_msg_add_empty(msg, "lmPwdHistory", LDB_FLAG_MOD_REPLACE, NULL) != LDB_SUCCESS) { - return LDB_ERR_OPERATIONS_ERROR; + + ret = setup_last_set_field(io); + if (ret != 0) { + return ret; } - if (samdb_msg_add_hashes(msg, msg, "lmPwdHistory", new_lm_history, lm_hist_len) != LDB_SUCCESS) { - return LDB_ERR_OPERATIONS_ERROR; + + ret = setup_kvno_field(io); + if (ret != 0) { + return ret; } return LDB_SUCCESS; @@ -593,9 +931,14 @@ static int password_hash_add(struct ldb_module *module, struct ldb_request *req) return ldb_next_request(module, req); } - /* nobody must touch password Histories */ - if (ldb_msg_find_element(req->op.add.message, "ntPwdHistory") || - ldb_msg_find_element(req->op.add.message, "lmPwdHistory")) { + /* nobody must touch this fields */ + if (ldb_msg_find_element(req->op.add.message, "ntPwdHistory")) { + return LDB_ERR_UNWILLING_TO_PERFORM; + } + if (ldb_msg_find_element(req->op.add.message, "lmPwdHistory")) { + return LDB_ERR_UNWILLING_TO_PERFORM; + } + if (ldb_msg_find_element(req->op.add.message, "supplementalCredentials")) { return LDB_ERR_UNWILLING_TO_PERFORM; } @@ -677,8 +1020,8 @@ static int password_hash_add_do_add(struct ldb_handle *h) { struct ph_context *ac; struct domain_data *domain; struct smb_krb5_context *smb_krb5_context; - struct ldb_message_element *sambaAttr; struct ldb_message *msg; + struct setup_password_fields_io io; int ret; ac = talloc_get_type(h->private_data, struct ph_context); @@ -704,54 +1047,84 @@ static int password_hash_add_do_add(struct ldb_handle *h) { return LDB_ERR_OPERATIONS_ERROR; } - /* if we have sambaPassword in the original message add the operatio on it here */ - sambaAttr = ldb_msg_find_element(msg, "sambaPassword"); - if (sambaAttr) { - unsigned int user_account_control; - ret = add_password_hashes(ac->module, msg, 0); - /* we can compute new password hashes from the unicode password */ + ZERO_STRUCT(io); + io.ac = ac; + io.domain = domain; + io.smb_krb5_context = smb_krb5_context; + + io.u.user_account_control = samdb_result_uint(msg, "userAccountControl", 0); + io.u.sAMAccountName = samdb_result_string(msg, "samAccountName", NULL); + io.u.user_principal_name = samdb_result_string(msg, "userPrincipalName", NULL); + io.u.is_computer = ldb_msg_check_string_attribute(msg, "objectClass", "computer"); + + io.n.cleartext = samdb_result_string(msg, "sambaPassword", NULL); + io.n.nt_hash = samdb_result_hash(io.ac, msg, "unicodePwd"); + io.n.lm_hash = samdb_result_hash(io.ac, msg, "dBCSPwd"); + + /* remove attributes */ + if (io.n.cleartext) ldb_msg_remove_attr(msg, "sambaPassword"); + if (io.n.nt_hash) ldb_msg_remove_attr(msg, "unicodePwd"); + if (io.n.lm_hash) ldb_msg_remove_attr(msg, "dBCSPwd"); + ldb_msg_remove_attr(msg, "pwdLastSet"); + io.o.kvno = samdb_result_uint(msg, "msDs-KeyVersionNumber", 1) - 1; + ldb_msg_remove_attr(msg, "msDs-KeyVersionNumber"); + + ret = setup_password_fields(&io); + if (ret != LDB_SUCCESS) { + return ret; + } + + if (io.g.nt_hash) { + ret = samdb_msg_add_hash(ac->module->ldb, ac, msg, + "unicodePwd", io.g.nt_hash); if (ret != LDB_SUCCESS) { return ret; } - - /* now add krb5 keys based on unicode password */ - ret = add_krb5_keys_from_password(ac->module, msg, smb_krb5_context, domain, - ldb_msg_find_attr_as_string(msg, "samAccountName", NULL), - ldb_msg_find_attr_as_string(msg, "userPrincipalName", NULL), - ldb_msg_check_string_attribute(msg, "objectClass", "computer")); + } + if (io.g.lm_hash) { + ret = samdb_msg_add_hash(ac->module->ldb, ac, msg, + "dBCSPwd", io.g.lm_hash); if (ret != LDB_SUCCESS) { return ret; } - - /* if both the domain properties and the user account controls do not permit - * clear text passwords then wipe out the sambaPassword */ - user_account_control = ldb_msg_find_attr_as_uint(msg, "userAccountControl", 0); - if (domain->store_cleartext && (user_account_control & UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED)) { - /* Keep sambaPassword attribute */ - } else { - ldb_msg_remove_attr(msg, "sambaPassword"); - } } - - /* add also krb5 keys based on NT the hash (we might have unicodePwd, but not the cleartext */ - ret = add_krb5_keys_from_NThash(ac->module, msg, smb_krb5_context); - if (ret != LDB_SUCCESS) { - return ret; + if (io.g.nt_history_len > 0) { + ret = samdb_msg_add_hashes(ac, msg, + "ntPwdHistory", + io.g.nt_history, + io.g.nt_history_len); + if (ret != LDB_SUCCESS) { + return ret; + } } - - /* don't touch it if a value is set. It could be an incoming samsync */ - if (ldb_msg_find_attr_as_uint64(msg, "pwdLastSet", 0) == 0) { - if (set_pwdLastSet(ac->module, msg, 0) != LDB_SUCCESS) { - return LDB_ERR_OPERATIONS_ERROR; + if (io.g.lm_history_len > 0) { + ret = samdb_msg_add_hashes(ac, msg, + "lmPwdHistory", + io.g.lm_history, + io.g.lm_history_len); + if (ret != LDB_SUCCESS) { + return ret; } } - - /* don't touch it if a value is set. It could be an incoming samsync */ - if (!ldb_msg_find_element(msg, "msDS-KeyVersionNumber")) { - if (add_keyVersionNumber(ac->module, msg, 0) != LDB_SUCCESS) { - return LDB_ERR_OPERATIONS_ERROR; + if (io.g.supplemental.length > 0) { + ret = ldb_msg_add_value(msg, "supplementalCredentials", + &io.g.supplemental, NULL); + if (ret != LDB_SUCCESS) { + return ret; } } + ret = samdb_msg_add_uint64(ac->module->ldb, ac, msg, + "pwdLastSet", + io.g.last_set); + if (ret != LDB_SUCCESS) { + return ret; + } + ret = samdb_msg_add_uint(ac->module->ldb, ac, msg, + "msDs-KeyVersionNumber", + io.g.kvno); + if (ret != LDB_SUCCESS) { + return ret; + } h->state = LDB_ASYNC_INIT; h->status = LDB_SUCCESS; @@ -788,8 +1161,13 @@ static int password_hash_modify(struct ldb_module *module, struct ldb_request *r } /* nobody must touch password Histories */ - if (ldb_msg_find_element(req->op.mod.message, "ntPwdHistory") || - ldb_msg_find_element(req->op.mod.message, "lmPwdHistory")) { + if (ldb_msg_find_element(req->op.add.message, "ntPwdHistory")) { + return LDB_ERR_UNWILLING_TO_PERFORM; + } + if (ldb_msg_find_element(req->op.add.message, "lmPwdHistory")) { + return LDB_ERR_UNWILLING_TO_PERFORM; + } + if (ldb_msg_find_element(req->op.add.message, "supplementalCredentials")) { return LDB_ERR_UNWILLING_TO_PERFORM; } @@ -797,6 +1175,13 @@ static int password_hash_modify(struct ldb_module *module, struct ldb_request *r ntAttr = ldb_msg_find_element(req->op.mod.message, "unicodePwd"); lmAttr = ldb_msg_find_element(req->op.mod.message, "dBCSPwd"); + /* If no part of this touches the sambaPassword OR unicodePwd and/or dBCSPwd, then we don't + * need to make any changes. For password changes/set there should + * be a 'delete' or a 'modify' on this attribute. */ + if ((!sambaAttr) && (!ntAttr) && (!lmAttr)) { + return ldb_next_request(module, req); + } + /* check passwords are single valued here */ /* TODO: remove this when passwords will be single valued in schema */ if (sambaAttr && (sambaAttr->num_values > 1)) { @@ -809,17 +1194,6 @@ static int password_hash_modify(struct ldb_module *module, struct ldb_request *r return LDB_ERR_CONSTRAINT_VIOLATION; } - /* If no part of this touches the sambaPassword OR unicodePwd and/or dBCSPwd, then we don't - * need to make any changes. For password changes/set there should - * be a 'delete' or a 'modify' on this attribute. */ - /* If the only operation is the deletion of the passwords then go on */ - if ( ((!sambaAttr) || ((sambaAttr->flags & LDB_FLAG_MOD_MASK) == LDB_FLAG_MOD_DELETE)) - && ((!ntAttr) || ((ntAttr->flags & LDB_FLAG_MOD_MASK) == LDB_FLAG_MOD_DELETE)) - && ((!lmAttr) || ((lmAttr->flags & LDB_FLAG_MOD_MASK) == LDB_FLAG_MOD_DELETE)) ) { - - return ldb_next_request(module, req); - } - h = ph_init_handle(req, module, PH_MOD); if (!h) { return LDB_ERR_OPERATIONS_ERROR; @@ -906,8 +1280,9 @@ static int password_hash_mod_search_self(struct ldb_handle *h) { "ntPwdHistory", "objectSid", "msDS-KeyVersionNumber", "objectClass", "userPrincipalName", - "samAccountName", + "sAMAccountName", "dBCSPwd", "unicodePwd", + "supplementalCredentials", NULL }; ac = talloc_get_type(h->private_data, struct ph_context); @@ -968,11 +1343,11 @@ static int password_hash_mod_do_mod(struct ldb_handle *h) { struct ph_context *ac; struct domain_data *domain; struct smb_krb5_context *smb_krb5_context; - struct ldb_message_element *sambaAttr; struct ldb_message *msg; - int phlen; + struct ldb_message *orig_msg; + struct ldb_message *searched_msg; + struct setup_password_fields_io io; int ret; - BOOL added_hashes = False; ac = talloc_get_type(h->private_data, struct ph_context); @@ -1002,94 +1377,93 @@ static int password_hash_mod_do_mod(struct ldb_handle *h) { return LDB_ERR_OPERATIONS_ERROR; } - /* we are going to replace the existing krb5key or delete it */ - if (ldb_msg_add_empty(msg, "krb5key", LDB_FLAG_MOD_REPLACE, NULL) != 0) { - return LDB_ERR_OPERATIONS_ERROR; - } + orig_msg = discard_const(ac->orig_req->op.mod.message); + searched_msg = ac->search_res->message; - /* if we have sambaPassword in the original message add the operation on it here */ - sambaAttr = ldb_msg_find_element(ac->orig_req->op.mod.message, "sambaPassword"); - if (sambaAttr) { + ZERO_STRUCT(io); + io.ac = ac; + io.domain = domain; + io.smb_krb5_context = smb_krb5_context; - if (ldb_msg_add(msg, sambaAttr, sambaAttr->flags) != 0) { - return LDB_ERR_OPERATIONS_ERROR; - } + io.u.user_account_control = samdb_result_uint(searched_msg, "userAccountControl", 0); + io.u.sAMAccountName = samdb_result_string(searched_msg, "samAccountName", NULL); + io.u.user_principal_name = samdb_result_string(searched_msg, "userPrincipalName", NULL); + io.u.is_computer = ldb_msg_check_string_attribute(searched_msg, "objectClass", "computer"); - /* if we are actually settting a new unicode password, - * use it to generate the password hashes */ - if (((sambaAttr->flags & LDB_FLAG_MOD_MASK) != LDB_FLAG_MOD_DELETE) - && (sambaAttr->num_values == 1)) { - /* we can compute new password hashes from the unicode password */ - ret = add_password_hashes(ac->module, msg, 1); - if (ret != LDB_SUCCESS) { - return ret; - } - - added_hashes = True; - - /* now add krb5 keys based on unicode password */ - ret = add_krb5_keys_from_password(ac->module, msg, smb_krb5_context, domain, - ldb_msg_find_attr_as_string(ac->search_res->message, "samAccountName", NULL), - ldb_msg_find_attr_as_string(ac->search_res->message, "userPrincipalName", NULL), - ldb_msg_check_string_attribute(ac->search_res->message, "objectClass", "computer")); - - if (ret != LDB_SUCCESS) { - return ret; - } - - /* if the domain properties or the user account controls do not permit - * clear text passwords then wipe out the sambaPassword */ - if (domain->store_cleartext && - (ldb_msg_find_attr_as_uint(ac->search_res->message, "userAccountControl", 0) & UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED)) { - /* Keep sambaPassword attribute */ - } else { - ldb_msg_remove_attr(msg, "sambaPassword"); - } + io.n.cleartext = samdb_result_string(orig_msg, "sambaPassword", NULL); + io.n.nt_hash = samdb_result_hash(io.ac, orig_msg, "unicodePwd"); + io.n.lm_hash = samdb_result_hash(io.ac, orig_msg, "dBCSPwd"); - } + io.o.kvno = samdb_result_uint(searched_msg, "msDs-KeyVersionNumber", 0); + io.o.nt_history_len = samdb_result_hashes(io.ac, searched_msg, "ntPwdHistory", &io.o.nt_history); + io.o.lm_history_len = samdb_result_hashes(io.ac, searched_msg, "lmPwdHistory", &io.o.lm_history); + io.o.supplemental = ldb_msg_find_ldb_val(searched_msg, "supplementalCredentials"); + + ret = setup_password_fields(&io); + if (ret != LDB_SUCCESS) { + return ret; } - /* if we didn't create the hashes above, try using values supplied directly */ - if (!added_hashes) { - struct ldb_message_element *el; - - el = ldb_msg_find_element(ac->orig_req->op.mod.message, "unicodePwd"); - if (ldb_msg_add(msg, el, el->flags) != 0) { - return LDB_ERR_OPERATIONS_ERROR; - } - - el = ldb_msg_find_element(ac->orig_req->op.mod.message, "dBCSPwd"); - if (ldb_msg_add(msg, el, el->flags) != 0) { - return LDB_ERR_OPERATIONS_ERROR; + /* make sure we replace all the old attributes */ + ret = ldb_msg_add_empty(msg, "unicodePwd", LDB_FLAG_MOD_REPLACE, NULL); + ret = ldb_msg_add_empty(msg, "dBCSPwd", LDB_FLAG_MOD_REPLACE, NULL); + ret = ldb_msg_add_empty(msg, "ntPwdHistory", LDB_FLAG_MOD_REPLACE, NULL); + ret = ldb_msg_add_empty(msg, "lmPwdHistory", LDB_FLAG_MOD_REPLACE, NULL); + ret = ldb_msg_add_empty(msg, "supplementalCredentials", LDB_FLAG_MOD_REPLACE, NULL); + ret = ldb_msg_add_empty(msg, "pwdLastSet", LDB_FLAG_MOD_REPLACE, NULL); + ret = ldb_msg_add_empty(msg, "msDs-KeyVersionNumber", LDB_FLAG_MOD_REPLACE, NULL); + + if (io.g.nt_hash) { + ret = samdb_msg_add_hash(ac->module->ldb, ac, msg, + "unicodePwd", io.g.nt_hash); + if (ret != LDB_SUCCESS) { + return ret; } } - - /* add also krb5 keys based on NT the hash */ - if (add_krb5_keys_from_NThash(ac->module, msg, smb_krb5_context) != LDB_SUCCESS) { - return LDB_ERR_OPERATIONS_ERROR; + if (io.g.lm_hash) { + ret = samdb_msg_add_hash(ac->module->ldb, ac, msg, + "dBCSPwd", io.g.lm_hash); + if (ret != LDB_SUCCESS) { + return ret; + } } - - /* set change time */ - if (set_pwdLastSet(ac->module, msg, 1) != LDB_SUCCESS) { - return LDB_ERR_OPERATIONS_ERROR; + if (io.g.nt_history_len > 0) { + ret = samdb_msg_add_hashes(ac, msg, + "ntPwdHistory", + io.g.nt_history, + io.g.nt_history_len); + if (ret != LDB_SUCCESS) { + return ret; + } } - - /* don't touch it if a value is set. It could be an incoming samsync */ - if (!ldb_msg_find_element(ac->orig_req->op.mod.message, - "msDS-KeyVersionNumber")) { - if (add_keyVersionNumber(ac->module, msg, - ldb_msg_find_attr_as_uint(ac->search_res->message, - "msDS-KeyVersionNumber", 0) - ) != LDB_SUCCESS) { - return LDB_ERR_OPERATIONS_ERROR; + if (io.g.lm_history_len > 0) { + ret = samdb_msg_add_hashes(ac, msg, + "lmPwdHistory", + io.g.lm_history, + io.g.lm_history_len); + if (ret != LDB_SUCCESS) { + return ret; } } - - if ((phlen = samdb_result_uint(ac->dom_res->message, "pwdHistoryLength", 0)) > 0) { - if (setPwdHistory(ac->module, msg, ac->search_res->message, phlen) != LDB_SUCCESS) { - return LDB_ERR_OPERATIONS_ERROR; + if (io.g.supplemental.length > 0) { + ret = ldb_msg_add_value(msg, "supplementalCredentials", + &io.g.supplemental, NULL); + if (ret != LDB_SUCCESS) { + return ret; } } + ret = samdb_msg_add_uint64(ac->module->ldb, ac, msg, + "pwdLastSet", + io.g.last_set); + if (ret != LDB_SUCCESS) { + return ret; + } + ret = samdb_msg_add_uint(ac->module->ldb, ac, msg, + "msDs-KeyVersionNumber", + io.g.kvno); + if (ret != LDB_SUCCESS) { + return ret; + } h->state = LDB_ASYNC_INIT; h->status = LDB_SUCCESS; -- cgit From ad7e7249b6d6e2e37868ff13236a60cfbadb7ef0 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 19 Feb 2007 00:28:11 +0000 Subject: r21441: create a union for the PrimaryKerberosBlob content so that ndr_pull will fail if version isn't 3 and we notice if the format changes... metze (This used to be commit 91f7a094cfd04405c224b9579146d814cba507b3) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 80 +++++++++++++++----------- 1 file changed, 45 insertions(+), 35 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index a31486fdda..861e17e4d0 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -221,9 +221,10 @@ static int setup_primary_kerberos(struct setup_password_fields_io *io, krb5_salt salt; krb5_keyblock key; uint32_t k=0; + struct package_PrimaryKerberosCtr3 *pkb3 = &pkb->ctr.ctr3; struct supplementalCredentialsPackage *old_scp = NULL; struct package_PrimaryKerberosBlob _old_pkb; - struct package_PrimaryKerberosBlob *old_pkb = NULL; + struct package_PrimaryKerberosCtr3 *old_pkb3 = NULL; uint32_t i; NTSTATUS status; @@ -305,16 +306,16 @@ static int setup_primary_kerberos(struct setup_password_fields_io *io, return LDB_ERR_OPERATIONS_ERROR; } /* create a talloc copy */ - pkb->salt.string = talloc_strndup(io->ac, + pkb3->salt.string = talloc_strndup(io->ac, salt.saltvalue.data, salt.saltvalue.length); krb5_free_salt(io->smb_krb5_context->krb5_context, salt); - if (!pkb->salt.string) { + if (!pkb3->salt.string) { ldb_oom(io->ac->module->ldb); return LDB_ERR_OPERATIONS_ERROR; } - salt.saltvalue.data = discard_const(pkb->salt.string); - salt.saltvalue.length = strlen(pkb->salt.string); + salt.saltvalue.data = discard_const(pkb3->salt.string); + salt.saltvalue.length = strlen(pkb3->salt.string); /* * prepare generation of keys @@ -323,16 +324,16 @@ static int setup_primary_kerberos(struct setup_password_fields_io *io, * ENCTYPE_DES_CBC_MD5 * ENCTYPE_DES_CBC_CRC * - * NOTE: update num_keys1 when you add another enctype! + * NOTE: update num_keys when you add another enctype! */ - pkb->num_keys1 = 0; - pkb->keys1 = talloc_array(io->ac, struct package_PrimaryKerberosKey, 3); - if (!pkb->keys1) { + pkb3->num_keys = 3; + pkb3->keys = talloc_array(io->ac, struct package_PrimaryKerberosKey, pkb3->num_keys); + if (!pkb3->keys) { ldb_oom(io->ac->module->ldb); return LDB_ERR_OPERATIONS_ERROR; } - pkb->unknown3_1 = talloc_zero_array(io->ac, uint64_t, pkb->num_keys1); - if (!pkb->unknown3_1) { + pkb3->unknown3 = talloc_zero_array(io->ac, uint64_t, pkb3->num_keys); + if (!pkb3->unknown3) { ldb_oom(io->ac->module->ldb); return LDB_ERR_OPERATIONS_ERROR; } @@ -357,18 +358,18 @@ if (lp_parm_bool(-1, "password_hash", "create_aes_key", false)) { io->n.cleartext, salt, &key); - pkb->keys1[k].keytype = ENCTYPE_AES256_CTS_HMAC_SHA1_96; - pkb->keys1[k].value = talloc(pkb->keys1, DATA_BLOB); - if (!pkb->keys1[k].value) { + pkb3->keys[k].keytype = ENCTYPE_AES256_CTS_HMAC_SHA1_96; + pkb3->keys[k].value = talloc(pkb3->keys, DATA_BLOB); + if (!pkb3->keys[k].value) { krb5_free_keyblock_contents(io->smb_krb5_context->krb5_context, &key); ldb_oom(io->ac->module->ldb); return LDB_ERR_OPERATIONS_ERROR; } - *pkb->keys1[k].value = data_blob_talloc(pkb->keys1[k].value, + *pkb3->keys[k].value = data_blob_talloc(pkb3->keys[k].value, key.keyvalue.data, key.keyvalue.length); krb5_free_keyblock_contents(io->smb_krb5_context->krb5_context, &key); - if (!pkb->keys1[k].value->data) { + if (!pkb3->keys[k].value->data) { ldb_oom(io->ac->module->ldb); return LDB_ERR_OPERATIONS_ERROR; } @@ -384,18 +385,18 @@ if (lp_parm_bool(-1, "password_hash", "create_aes_key", false)) { io->n.cleartext, salt, &key); - pkb->keys1[k].keytype = ENCTYPE_DES_CBC_MD5; - pkb->keys1[k].value = talloc(pkb->keys1, DATA_BLOB); - if (!pkb->keys1[k].value) { + pkb3->keys[k].keytype = ENCTYPE_DES_CBC_MD5; + pkb3->keys[k].value = talloc(pkb3->keys, DATA_BLOB); + if (!pkb3->keys[k].value) { krb5_free_keyblock_contents(io->smb_krb5_context->krb5_context, &key); ldb_oom(io->ac->module->ldb); return LDB_ERR_OPERATIONS_ERROR; } - *pkb->keys1[k].value = data_blob_talloc(pkb->keys1[k].value, + *pkb3->keys[k].value = data_blob_talloc(pkb3->keys[k].value, key.keyvalue.data, key.keyvalue.length); krb5_free_keyblock_contents(io->smb_krb5_context->krb5_context, &key); - if (!pkb->keys1[k].value->data) { + if (!pkb3->keys[k].value->data) { ldb_oom(io->ac->module->ldb); return LDB_ERR_OPERATIONS_ERROR; } @@ -410,30 +411,30 @@ if (lp_parm_bool(-1, "password_hash", "create_aes_key", false)) { io->n.cleartext, salt, &key); - pkb->keys1[k].keytype = ENCTYPE_DES_CBC_CRC; - pkb->keys1[k].value = talloc(pkb->keys1, DATA_BLOB); - if (!pkb->keys1[k].value) { + pkb3->keys[k].keytype = ENCTYPE_DES_CBC_CRC; + pkb3->keys[k].value = talloc(pkb3->keys, DATA_BLOB); + if (!pkb3->keys[k].value) { krb5_free_keyblock_contents(io->smb_krb5_context->krb5_context, &key); ldb_oom(io->ac->module->ldb); return LDB_ERR_OPERATIONS_ERROR; } - *pkb->keys1[k].value = data_blob_talloc(pkb->keys1[k].value, + *pkb3->keys[k].value = data_blob_talloc(pkb3->keys[k].value, key.keyvalue.data, key.keyvalue.length); krb5_free_keyblock_contents(io->smb_krb5_context->krb5_context, &key); - if (!pkb->keys1[k].value->data) { + if (!pkb3->keys[k].value->data) { ldb_oom(io->ac->module->ldb); return LDB_ERR_OPERATIONS_ERROR; } k++; /* fix up key number */ - pkb->num_keys1 = k; + pkb3->num_keys = k; /* initialize the old keys to zero */ - pkb->num_keys2 = 0; - pkb->keys2 = NULL; - pkb->unknown3_2 = NULL; + pkb3->num_old_keys = 0; + pkb3->old_keys = NULL; + pkb3->unknown3_old = NULL; /* if there're no old keys, then we're done */ if (!old_scb) { @@ -477,18 +478,27 @@ if (lp_parm_bool(-1, "password_hash", "create_aes_key", false)) { nt_errstr(status)); return LDB_ERR_OPERATIONS_ERROR; } - old_pkb = &_old_pkb; + + if (_old_pkb.version != 3) { + ldb_asprintf_errstring(io->ac->module->ldb, + "setup_primary_kerberos: " + "package_PrimaryKerberosBlob version[%u] expected[3]", + _old_pkb.version); + return LDB_ERR_OPERATIONS_ERROR; + } + + old_pkb3 = &_old_pkb.ctr.ctr3; } /* if we didn't found the old keys we're done */ - if (!old_pkb) { + if (!old_pkb3) { return LDB_SUCCESS; } /* fill in the old keys */ - pkb->num_keys2 = old_pkb->num_keys1; - pkb->keys2 = old_pkb->keys1; - pkb->unknown3_2 = old_pkb->unknown3_1; + pkb3->num_old_keys = old_pkb3->num_keys; + pkb3->old_keys = old_pkb3->keys; + pkb3->unknown3_old = old_pkb3->unknown3; return LDB_SUCCESS; } -- cgit From e0b1a83dd6c177d7e61c899a2ce4dad11ded9c49 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 20 Feb 2007 14:56:45 +0000 Subject: r21465: the LDAP-UPTODATEVECTOR test shows that the replUpToDateVector doesn't contain an entry for the local invocation_id metze (This used to be commit 4bd0ddeb80b0a6695a457434594c0240c8880d9f) --- source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 48 ++++++------------------- 1 file changed, 11 insertions(+), 37 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index 78e7aca92f..51b6612236 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -1233,11 +1233,11 @@ static int replmd_replicated_uptodate_modify(struct replmd_replicated_request *a /* * the new uptodateness vector will at least - * contain 2 entries, one for the source_dsa and one the local server + * contain 1 entry, one for the source_dsa * * plus optional values from our old vector and the one from the source_dsa */ - nuv.ctr.ctr2.count = 2 + ouv.ctr.ctr2.count; + nuv.ctr.ctr2.count = 1 + ouv.ctr.ctr2.count; if (ruv) nuv.ctr.ctr2.count += ruv->count; nuv.ctr.ctr2.cursors = talloc_array(ar->sub.mem_ctx, struct drsuapi_DsReplicaCursor2, @@ -1250,10 +1250,19 @@ static int replmd_replicated_uptodate_modify(struct replmd_replicated_request *a ni++; } + /* get our invocation_id if we have one already attached to the ldb */ + our_invocation_id = samdb_ntds_invocation_id(ar->module->ldb); + /* merge in the source_dsa vector is available */ for (i=0; (ruv && i < ruv->count); i++) { found = false; + if (our_invocation_id && + GUID_equal(&ruv->cursors[i].source_dsa_invocation_id, + our_invocation_id)) { + continue; + } + for (j=0; j < ni; j++) { if (!GUID_equal(&ruv->cursors[i].source_dsa_invocation_id, &nuv.ctr.ctr2.cursors[j].source_dsa_invocation_id)) { @@ -1316,41 +1325,6 @@ static int replmd_replicated_uptodate_modify(struct replmd_replicated_request *a ni++; } - /* - * merge our own current values if we have a invocation_id already - * attached to the ldb - */ - our_invocation_id = samdb_ntds_invocation_id(ar->module->ldb); - if (our_invocation_id) { - found = false; - for (j=0; j < ni; j++) { - if (!GUID_equal(our_invocation_id, - &nuv.ctr.ctr2.cursors[j].source_dsa_invocation_id)) { - continue; - } - - found = true; - - /* - * here we update the highest_usn and last_sync_success time - * because it's our own entry - */ - nuv.ctr.ctr2.cursors[j].highest_usn = seq_num; - nuv.ctr.ctr2.cursors[j].last_sync_success = now; - break; - } - if (!found) { - /* - * here we update the highest_usn and last_sync_success time - * because it's our own entry - */ - nuv.ctr.ctr2.cursors[ni].source_dsa_invocation_id= *our_invocation_id; - nuv.ctr.ctr2.cursors[ni].highest_usn = seq_num; - nuv.ctr.ctr2.cursors[ni].last_sync_success = now; - ni++; - } - } - /* * finally correct the size of the cursors array */ -- cgit From b3ef5c0b92dc86aadd3d81e981edc17559ce0026 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 20 Feb 2007 16:22:50 +0000 Subject: r21470: generate Primary:WDigest blob with precalculated digest-md5 hashes: see http://technet2.microsoft.com/WindowsServer/en/library/717b450c-f4a0-4cc9-86f4-cc0633aae5f91033.mspx?mfr=true for how the hashes are supposed to be (but w2k3 doesn't to some correctly...) this is a verify nice tool to test the hash genaration, but you need to add support for "" realm strings... http://fresh.t-systems-sfr.com/unix/src/www/httpauth-0.6.tar.gz:a/httpauth-0.6/tools/mkha1.c metze (This used to be commit 26d51741b6aa54c47ee039ac14390f1f0ee51e30) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 389 ++++++++++++++++++++++++- 1 file changed, 383 insertions(+), 6 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 861e17e4d0..780dc69b23 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -4,6 +4,7 @@ Copyright (C) Simo Sorce 2004-2006 Copyright (C) Andrew Bartlett 2005-2006 Copyright (C) Andrew Tridgell 2004 + Copyright (C) Stefan Metzmacher 2007 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -28,6 +29,7 @@ * Description: correctly update hash values based on changes to sambaPassword and friends * * Author: Andrew Bartlett + * Author: Stefan Metzmacher */ #include "includes.h" @@ -47,6 +49,7 @@ #include "dsdb/samdb/ldb_modules/password_modules.h" #include "librpc/ndr/libndr.h" #include "librpc/gen_ndr/ndr_drsblobs.h" +#include "lib/crypto/crypto.h" /* If we have decided there is reason to work on this request, then * setup all the password hash types correctly. @@ -93,6 +96,7 @@ struct domain_data { BOOL store_cleartext; uint_t pwdProperties; uint_t pwdHistoryLength; + char *netbios_domain; char *dns_domain; char *realm; }; @@ -503,16 +507,349 @@ if (lp_parm_bool(-1, "password_hash", "create_aes_key", false)) { return LDB_SUCCESS; } +static int setup_primary_wdigest(struct setup_password_fields_io *io, + const struct supplementalCredentialsBlob *old_scb, + struct package_PrimaryWDigestBlob *pdb) +{ + DATA_BLOB sAMAccountName; + DATA_BLOB sAMAccountName_l; + DATA_BLOB sAMAccountName_u; + const char *user_principal_name = io->u.user_principal_name; + DATA_BLOB userPrincipalName; + DATA_BLOB userPrincipalName_l; + DATA_BLOB userPrincipalName_u; + DATA_BLOB netbios_domain; + DATA_BLOB netbios_domain_l; + DATA_BLOB netbios_domain_u; + DATA_BLOB dns_domain; + DATA_BLOB dns_domain_l; + DATA_BLOB dns_domain_u; + DATA_BLOB cleartext; + DATA_BLOB digest; + DATA_BLOB delim; + DATA_BLOB backslash; + uint8_t i; + struct { + DATA_BLOB *user; + DATA_BLOB *realm; + DATA_BLOB *nt4dom; + } wdigest[] = { + /* + * See + * http://technet2.microsoft.com/WindowsServer/en/library/717b450c-f4a0-4cc9-86f4-cc0633aae5f91033.mspx?mfr=true + * for what precalculated hashes are supposed to be stored... + * + * I can't reproduce all values which should contain "Digest" as realm, + * am I doing something wrong or is w2k3 just broken...? + * + * W2K3 fills in following for a user: + * + * dn: CN=NewUser,OU=newtop,DC=sub1,DC=w2k3,DC=vmnet1,DC=vm,DC=base + * sAMAccountName: NewUser2Sam + * userPrincipalName: NewUser2Princ@sub1.w2k3.vmnet1.vm.base + * + * 4279815024bda54fc074a5f8bd0a6e6f => NewUser2Sam:SUB1:TestPwd2007 + * b7ec9da91062199aee7d121e6710fe23 => newuser2sam:sub1:TestPwd2007 + * 17d290bc5c9f463fac54c37a8cea134d => NEWUSER2SAM:SUB1:TestPwd2007 + * 4279815024bda54fc074a5f8bd0a6e6f => NewUser2Sam:SUB1:TestPwd2007 + * 5d57e7823938348127322e08cd81bcb5 => NewUser2Sam:sub1:TestPwd2007 + * 07dd701bf8a011ece585de3d47237140 => NEWUSER2SAM:sub1:TestPwd2007 + * e14fb0eb401498d2cb33c9aae1cc7f37 => newuser2sam:SUB1:TestPwd2007 + * 8dadc90250f873d8b883f79d890bef82 => NewUser2Sam:sub1.w2k3.vmnet1.vm.base:TestPwd2007 + * f52da1266a6bdd290ffd48b2c823dda7 => newuser2sam:sub1.w2k3.vmnet1.vm.base:TestPwd2007 + * d2b42f171248cec37a3c5c6b55404062 => NEWUSER2SAM:SUB1.W2K3.VMNET1.VM.BASE:TestPwd2007 + * fff8d790ff6c152aaeb6ebe17b4021de => NewUser2Sam:SUB1.W2K3.VMNET1.VM.BASE:TestPwd2007 + * 8dadc90250f873d8b883f79d890bef82 => NewUser2Sam:sub1.w2k3.vmnet1.vm.base:TestPwd2007 + * 2a7563c3715bc418d626dabef378c008 => NEWUSER2SAM:sub1.w2k3.vmnet1.vm.base:TestPwd2007 + * c8e9557a87cd4200fda0c11d2fa03f96 => newuser2sam:SUB1.W2K3.VMNET1.VM.BASE:TestPwd2007 + * 221c55284451ae9b3aacaa2a3c86f10f => NewUser2Princ@sub1.w2k3.vmnet1.vm.base::TestPwd2007 + * 74e1be668853d4324d38c07e2acfb8ea => (w2k3 has a bug here!) newuser2princ@sub1.w2k3.vmnet1.vm.base::TestPwd2007 + * e1e244ab7f098e3ae1761be7f9229bbb => NEWUSER2PRINC@SUB1.W2K3.VMNET1.VM.BASE::TestPwd2007 + * 86db637df42513039920e605499c3af6 => SUB1\NewUser2Sam::TestPwd2007 + * f5e43474dfaf067fee8197a253debaa2 => sub1\newuser2sam::TestPwd2007 + * 2ecaa8382e2518e4b77a52422b279467 => SUB1\NEWUSER2SAM::TestPwd2007 + * 31dc704d3640335b2123d4ee28aa1f11 => ??? changes with NewUser2Sam => NewUser1Sam + * 36349f5cecd07320fb3bb0e119230c43 => ??? changes with NewUser2Sam => NewUser1Sam + * 12adf019d037fb535c01fd0608e78d9d => ??? changes with NewUser2Sam => NewUser1Sam + * 6feecf8e724906f3ee1105819c5105a1 => ??? changes with NewUser2Princ => NewUser1Princ + * 6c6911f3de6333422640221b9c51ff1f => ??? changes with NewUser2Princ => NewUser1Princ + * 4b279877e742895f9348ac67a8de2f69 => ??? changes with NewUser2Princ => NewUser1Princ + * db0c6bff069513e3ebb9870d29b57490 => ??? changes with NewUser2Sam => NewUser1Sam + * 45072621e56b1c113a4e04a8ff68cd0e => ??? changes with NewUser2Sam => NewUser1Sam + * 11d1220abc44a9c10cf91ef4a9c1de02 => ??? changes with NewUser2Sam => NewUser1Sam + * + * dn: CN=NewUser,OU=newtop,DC=sub1,DC=w2k3,DC=vmnet1,DC=vm,DC=base + * sAMAccountName: NewUser2Sam + * + * 4279815024bda54fc074a5f8bd0a6e6f => NewUser2Sam:SUB1:TestPwd2007 + * b7ec9da91062199aee7d121e6710fe23 => newuser2sam:sub1:TestPwd2007 + * 17d290bc5c9f463fac54c37a8cea134d => NEWUSER2SAM:SUB1:TestPwd2007 + * 4279815024bda54fc074a5f8bd0a6e6f => NewUser2Sam:SUB1:TestPwd2007 + * 5d57e7823938348127322e08cd81bcb5 => NewUser2Sam:sub1:TestPwd2007 + * 07dd701bf8a011ece585de3d47237140 => NEWUSER2SAM:sub1:TestPwd2007 + * e14fb0eb401498d2cb33c9aae1cc7f37 => newuser2sam:SUB1:TestPwd2007 + * 8dadc90250f873d8b883f79d890bef82 => NewUser2Sam:sub1.w2k3.vmnet1.vm.base:TestPwd2007 + * f52da1266a6bdd290ffd48b2c823dda7 => newuser2sam:sub1.w2k3.vmnet1.vm.base:TestPwd2007 + * d2b42f171248cec37a3c5c6b55404062 => NEWUSER2SAM:SUB1.W2K3.VMNET1.VM.BASE:TestPwd2007 + * fff8d790ff6c152aaeb6ebe17b4021de => NewUser2Sam:SUB1.W2K3.VMNET1.VM.BASE:TestPwd2007 + * 8dadc90250f873d8b883f79d890bef82 => NewUser2Sam:sub1.w2k3.vmnet1.vm.base:TestPwd2007 + * 2a7563c3715bc418d626dabef378c008 => NEWUSER2SAM:sub1.w2k3.vmnet1.vm.base:TestPwd2007 + * c8e9557a87cd4200fda0c11d2fa03f96 => newuser2sam:SUB1.W2K3.VMNET1.VM.BASE:TestPwd2007 + * 8a140d30b6f0a5912735dc1e3bc993b4 => NewUser2Sam@sub1.w2k3.vmnet1.vm.base::TestPwd2007 + * 86d95b2faae6cae4ec261e7fbaccf093 => (here w2k3 is correct) newuser2sam@sub1.w2k3.vmnet1.vm.base::TestPwd2007 + * dfeff1493110220efcdfc6362e5f5450 => NEWUSER2SAM@SUB1.W2K3.VMNET1.VM.BASE::TestPwd2007 + * 86db637df42513039920e605499c3af6 => SUB1\NewUser2Sam::TestPwd2007 + * f5e43474dfaf067fee8197a253debaa2 => sub1\newuser2sam::TestPwd2007 + * 2ecaa8382e2518e4b77a52422b279467 => SUB1\NEWUSER2SAM::TestPwd2007 + * 31dc704d3640335b2123d4ee28aa1f11 => ???M1 changes with NewUser2Sam => NewUser1Sam + * 36349f5cecd07320fb3bb0e119230c43 => ???M1.L changes with newuser2sam => newuser1sam + * 12adf019d037fb535c01fd0608e78d9d => ???M1.U changes with NEWUSER2SAM => NEWUSER1SAM + * 569b4533f2d9e580211dd040e5e360a8 => ???M2 changes with NewUser2Princ => NewUser1Princ + * 52528bddf310a587c5d7e6a9ae2cbb20 => ???M2.L changes with newuser2princ => newuser1princ + * 4f629a4f0361289ca4255ab0f658fcd5 => ???M3 changes with NewUser2Princ => NewUser1Princ (doesn't depend on case of userPrincipal ) + * db0c6bff069513e3ebb9870d29b57490 => ???M4 changes with NewUser2Sam => NewUser1Sam + * 45072621e56b1c113a4e04a8ff68cd0e => ???M5 changes with NewUser2Sam => NewUser1Sam (doesn't depend on case of sAMAccountName) + * 11d1220abc44a9c10cf91ef4a9c1de02 => ???M4.U changes with NEWUSER2SAM => NEWUSER1SAM + */ + + /* + * sAMAccountName, netbios_domain + */ + { + .user = &sAMAccountName, + .realm = &netbios_domain, + }, + { + .user = &sAMAccountName_l, + .realm = &netbios_domain_l, + }, + { + .user = &sAMAccountName_u, + .realm = &netbios_domain_u, + }, + { + .user = &sAMAccountName, + .realm = &netbios_domain_u, + }, + { + .user = &sAMAccountName, + .realm = &netbios_domain_l, + }, + { + .user = &sAMAccountName_u, + .realm = &netbios_domain_l, + }, + { + .user = &sAMAccountName_l, + .realm = &netbios_domain_u, + }, + /* + * sAMAccountName, dns_domain + */ + { + .user = &sAMAccountName, + .realm = &dns_domain, + }, + { + .user = &sAMAccountName_l, + .realm = &dns_domain_l, + }, + { + .user = &sAMAccountName_u, + .realm = &dns_domain_u, + }, + { + .user = &sAMAccountName, + .realm = &dns_domain_u, + }, + { + .user = &sAMAccountName, + .realm = &dns_domain_l, + }, + { + .user = &sAMAccountName_u, + .realm = &dns_domain_l, + }, + { + .user = &sAMAccountName_l, + .realm = &dns_domain_u, + }, + /* + * userPrincipalName, no realm + */ + { + .user = &userPrincipalName, + }, + { + /* + * NOTE: w2k3 messes this up, if the user has a real userPrincipalName, + * the fallback to the sAMAccountName based userPrincipalName is correct + */ + .user = &userPrincipalName_l, + }, + { + .user = &userPrincipalName_u, + }, + /* + * nt4dom\sAMAccountName, no realm + */ + { + .user = &sAMAccountName, + .nt4dom = &netbios_domain + }, + { + .user = &sAMAccountName_l, + .nt4dom = &netbios_domain_l + }, + { + .user = &sAMAccountName_u, + .nt4dom = &netbios_domain_u + }, + + /* + * the following ones are guessed depending on the technet2 article + * but not reproducable on a w2k3 server + */ + /* sAMAccountName with "Digest" realm */ + { + .user = &sAMAccountName, + .realm = &digest + }, + { + .user = &sAMAccountName_l, + .realm = &digest + }, + { + .user = &sAMAccountName_u, + .realm = &digest + }, + /* userPrincipalName with "Digest" realm */ + { + .user = &userPrincipalName, + .realm = &digest + }, + { + .user = &userPrincipalName_l, + .realm = &digest + }, + { + .user = &userPrincipalName_u, + .realm = &digest + }, + /* nt4dom\\sAMAccountName with "Digest" realm */ + { + .user = &sAMAccountName, + .nt4dom = &netbios_domain, + .realm = &digest + }, + { + .user = &sAMAccountName_l, + .nt4dom = &netbios_domain_l, + .realm = &digest + }, + { + .user = &sAMAccountName_u, + .nt4dom = &netbios_domain_u, + .realm = &digest + }, + }; + + /* prepare DATA_BLOB's used in the combinations array */ + sAMAccountName = data_blob_string_const(io->u.sAMAccountName); + sAMAccountName_l = data_blob_string_const(strlower_talloc(io->ac, io->u.sAMAccountName)); + if (!sAMAccountName_l.data) { + ldb_oom(io->ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + sAMAccountName_u = data_blob_string_const(strupper_talloc(io->ac, io->u.sAMAccountName)); + if (!sAMAccountName_u.data) { + ldb_oom(io->ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + /* if the user doesn't have a userPrincipalName, create one (with lower case realm) */ + if (!user_principal_name) { + user_principal_name = talloc_asprintf(io->ac, "%s@%s", + io->u.sAMAccountName, + io->domain->dns_domain); + if (!user_principal_name) { + ldb_oom(io->ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + } + userPrincipalName = data_blob_string_const(user_principal_name); + userPrincipalName_l = data_blob_string_const(strlower_talloc(io->ac, user_principal_name)); + if (!userPrincipalName_l.data) { + ldb_oom(io->ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + userPrincipalName_u = data_blob_string_const(strupper_talloc(io->ac, user_principal_name)); + if (!userPrincipalName_u.data) { + ldb_oom(io->ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + netbios_domain = data_blob_string_const(io->domain->netbios_domain); + netbios_domain_l = data_blob_string_const(strlower_talloc(io->ac, io->domain->netbios_domain)); + if (!netbios_domain_l.data) { + ldb_oom(io->ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + netbios_domain_u = data_blob_string_const(strupper_talloc(io->ac, io->domain->netbios_domain)); + if (!netbios_domain_u.data) { + ldb_oom(io->ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + dns_domain = data_blob_string_const(io->domain->dns_domain); + dns_domain_l = data_blob_string_const(io->domain->dns_domain); + dns_domain_u = data_blob_string_const(io->domain->realm); + + cleartext = data_blob_string_const(io->n.cleartext); + + digest = data_blob_string_const("Digest"); + + delim = data_blob_string_const(":"); + backslash = data_blob_string_const("\\"); + + pdb->num_hashes = ARRAY_SIZE(wdigest); + pdb->hashes = talloc_array(io->ac, struct package_PrimaryWDigestHash, pdb->num_hashes); + if (!pdb->hashes) { + ldb_oom(io->ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + for (i=0; i < ARRAY_SIZE(wdigest); i++) { + struct MD5Context md5; + MD5Init(&md5); + if (wdigest[i].nt4dom) { + MD5Update(&md5, wdigest[i].nt4dom->data, wdigest[i].nt4dom->length); + MD5Update(&md5, backslash.data, backslash.length); + } + MD5Update(&md5, wdigest[i].user->data, wdigest[i].user->length); + MD5Update(&md5, delim.data, delim.length); + if (wdigest[i].realm) { + MD5Update(&md5, wdigest[i].realm->data, wdigest[i].realm->length); + } + MD5Update(&md5, delim.data, delim.length); + MD5Update(&md5, cleartext.data, cleartext.length); + MD5Final(pdb->hashes[i].hash, &md5); + } + + return LDB_SUCCESS; +} + static int setup_supplemental_field(struct setup_password_fields_io *io) { struct supplementalCredentialsBlob scb; struct supplementalCredentialsBlob _old_scb; struct supplementalCredentialsBlob *old_scb = NULL; - /* Packages + (Kerberos and maybe CLEARTEXT) */ - uint32_t num_packages = 1 + 1; - struct supplementalCredentialsPackage packages[1+2]; + /* Packages + (Kerberos, WDigest and maybe CLEARTEXT) */ + uint32_t num_packages = 1 + 2; + struct supplementalCredentialsPackage packages[1+3]; struct supplementalCredentialsPackage *pp = &packages[0]; struct supplementalCredentialsPackage *pk = &packages[1]; + struct supplementalCredentialsPackage *pd = &packages[2]; struct supplementalCredentialsPackage *pc = NULL; struct package_PackagesBlob pb; DATA_BLOB pb_blob; @@ -520,6 +857,9 @@ static int setup_supplemental_field(struct setup_password_fields_io *io) struct package_PrimaryKerberosBlob pkb; DATA_BLOB pkb_blob; char *pkb_hexstr; + struct package_PrimaryWDigestBlob pdb; + DATA_BLOB pdb_blob; + char *pdb_hexstr; struct package_PrimaryCLEARTEXTBlob pcb; DATA_BLOB pcb_blob; char *pcb_hexstr; @@ -554,11 +894,11 @@ static int setup_supplemental_field(struct setup_password_fields_io *io) if (io->domain->store_cleartext && (io->u.user_account_control & UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED)) { - pc = &packages[2]; + pc = &packages[3]; num_packages++; } - /* Kerberos, CLEARTEXT and termination(counted by the Packages element) */ + /* Kerberos, WDigest, CLEARTEXT and termination(counted by the Packages element) */ pb.names = talloc_zero_array(io->ac, const char *, num_packages); /* @@ -600,11 +940,39 @@ static int setup_supplemental_field(struct setup_password_fields_io *io) pk->unknown1 = 1; pk->data = pkb_hexstr; + /* + * setup 'Primary:WDigest' element + */ + pb.names[1] = "WDigest"; + + ret = setup_primary_wdigest(io, old_scb, &pdb); + if (ret != LDB_SUCCESS) { + return ret; + } + + status = ndr_push_struct_blob(&pdb_blob, io->ac, &pdb, + (ndr_push_flags_fn_t)ndr_push_package_PrimaryWDigestBlob); + if (!NT_STATUS_IS_OK(status)) { + ldb_asprintf_errstring(io->ac->module->ldb, + "setup_supplemental_field: " + "failed to push package_PrimaryWDigestBlob: %s", + nt_errstr(status)); + return LDB_ERR_OPERATIONS_ERROR; + } + pdb_hexstr = data_blob_hex_string(io->ac, &pdb_blob); + if (!pdb_hexstr) { + ldb_oom(io->ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + pd->name = "Primary:WDigest"; + pd->unknown1 = 1; + pd->data = pdb_hexstr; + /* * setup 'Primary:CLEARTEXT' element */ if (pc) { - pb.names[1] = "CLEARTEXT"; + pb.names[2] = "CLEARTEXT"; pcb.cleartext = io->n.cleartext; @@ -915,6 +1283,15 @@ static struct domain_data *get_domain_data(struct ldb_module *module, void *ctx, ldb_debug(module->ldb, LDB_DEBUG_ERROR, "Out of memory!\n"); return NULL; } + p = strchr(tmp, '.'); + if (p) { + p[0] = '\0'; + } + data->netbios_domain = strupper_talloc(data, tmp); + if (data->netbios_domain == NULL) { + ldb_debug(module->ldb, LDB_DEBUG_ERROR, "Out of memory!\n"); + return NULL; + } } return data; -- cgit From 7dc7156bd76425df129102a42dd29a85fd8c7ebc Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 22 Feb 2007 01:54:40 +0000 Subject: r21496: A number of ldb control and LDAP changes, surrounding the 'phantom_root' flag in the search_options control - Add in support for LDB controls to the js layer - Test the behaviour - Implement support for the 'phantom_root' flag in the partitions module - Make the LDAP server set the 'phantom_root' flag in the search_options control - This replaces the global_catalog flag passed down as an opaque pointer - Rework the string-format control parsing function into ldb_parse_control_strings(), returning errors by ldb_errorstring() method, rather than with printf to stderr - Rework some of the ldb_control handling logic Andrew Bartlett (This used to be commit 2b3df7f38d7790358dbb4de1b8609bf794a351fb) --- source4/dsdb/samdb/ldb_modules/extended_dn.c | 2 +- source4/dsdb/samdb/ldb_modules/partition.c | 26 +++++++++++++++++++++---- source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 2 +- source4/dsdb/samdb/ldb_modules/show_deleted.c | 2 +- 4 files changed, 25 insertions(+), 7 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/extended_dn.c b/source4/dsdb/samdb/ldb_modules/extended_dn.c index a571857bbb..6a7492013b 100644 --- a/source4/dsdb/samdb/ldb_modules/extended_dn.c +++ b/source4/dsdb/samdb/ldb_modules/extended_dn.c @@ -215,7 +215,7 @@ static int extended_search(struct ldb_module *module, struct ldb_request *req) int ret; /* check if there's an extended dn control */ - control = get_control_from_list(req->controls, LDB_CONTROL_EXTENDED_DN_OID); + control = ldb_request_get_control(req, LDB_CONTROL_EXTENDED_DN_OID); if (control == NULL) { /* not found go on */ return ldb_next_request(module, req); diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index b23ceebf1b..bd037066ca 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -1,3 +1,4 @@ + /* Partitions ldb module @@ -219,16 +220,26 @@ static int partition_send_request(struct partition_context *ac, struct dsdb_cont ac->down_req = talloc_realloc(ac, ac->down_req, struct ldb_request *, ac->num_requests + 1); if (!ac->down_req) { - ldb_set_errstring(ac->module->ldb, "Out of Memory"); + ldb_oom(ac->module->ldb); return LDB_ERR_OPERATIONS_ERROR; } req = ac->down_req[ac->num_requests] = talloc(ac, struct ldb_request); if (req == NULL) { - ldb_set_errstring(ac->module->ldb, "Out of Memory"); + ldb_oom(ac->module->ldb); return LDB_ERR_OPERATIONS_ERROR; } - *ac->down_req[ac->num_requests] = *ac->orig_req; /* copy the request */ + *req = *ac->orig_req; /* copy the request */ + + if (ac->orig_req->controls) { + req->controls + = talloc_memdup(req, + ac->orig_req->controls, talloc_get_size(ac->orig_req->controls)); + if (req->controls == NULL) { + ldb_oom(ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + } if (req->operation == LDB_SEARCH) { /* If the search is for 'more' than this partition, @@ -350,7 +361,14 @@ static int partition_search(struct ldb_module *module, struct ldb_request *req) /* (later) consider if we should be searching multiple * partitions (for 'invisible' partition behaviour */ - if (ldb_get_opaque(module->ldb, "global_catalog")) { + struct ldb_control *search_control = ldb_request_get_control(req, LDB_CONTROL_SEARCH_OPTIONS_OID); + + struct ldb_search_options_control *search_options = NULL; + if (search_control) { + search_options = talloc_get_type(search_control->data, struct ldb_search_options_control); + } + + if (search_options && (search_options->search_options & LDB_SEARCH_OPTION_PHANTOM_ROOT)) { int ret, i; struct partition_context *ac; diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index 51b6612236..10f3da243b 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -260,7 +260,7 @@ static int replmd_prepare_originating(struct ldb_module *module, struct ldb_requ return LDB_ERR_CONSTRAINT_VIOLATION; } - partition_ctrl = get_control_from_list(req->controls, DSDB_CONTROL_CURRENT_PARTITION_OID); + partition_ctrl = ldb_request_get_control(req, DSDB_CONTROL_CURRENT_PARTITION_OID); if (!partition_ctrl) { ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, "%s: no current partition control found", diff --git a/source4/dsdb/samdb/ldb_modules/show_deleted.c b/source4/dsdb/samdb/ldb_modules/show_deleted.c index 9d624c9982..b94fe39c9a 100644 --- a/source4/dsdb/samdb/ldb_modules/show_deleted.c +++ b/source4/dsdb/samdb/ldb_modules/show_deleted.c @@ -96,7 +96,7 @@ static int show_deleted_search(struct ldb_module *module, struct ldb_request *re int ret; /* check if there's a show deleted control */ - control = get_control_from_list(req->controls, LDB_CONTROL_SHOW_DELETED_OID); + control = ldb_request_get_control(req, LDB_CONTROL_SHOW_DELETED_OID); /* copy the request for modification */ down_req = talloc(req, struct ldb_request); -- cgit From 3e697d5110653d22bebade0da8f0c6c3749a2d09 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 9 Mar 2007 10:09:37 +0000 Subject: r21773: fix typo orginating -> originating and use the struct member names in all cases metze (This used to be commit c543ee57454d006c545e3e9e20c9ac0114081d3d) --- source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index 10f3da243b..01f1979eb0 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -499,9 +499,9 @@ static int replmd_add_originating(struct ldb_module *module, m->attid = sa->attributeID_id; m->version = 1; - m->orginating_time = now; - m->orginating_invocation_id = *our_invocation_id; - m->orginating_usn = seq_num; + m->originating_change_time = now; + m->originating_invocation_id = *our_invocation_id; + m->originating_usn = seq_num; m->local_usn = seq_num; ni++; } @@ -821,16 +821,16 @@ static int replmd_replPropertyMetaData1_conflict_compare(struct replPropertyMeta return m1->version - m2->version; } - if (m1->orginating_time != m2->orginating_time) { - return m1->orginating_time - m2->orginating_time; + if (m1->originating_change_time != m2->originating_change_time) { + return m1->originating_change_time - m2->originating_change_time; } - ret = GUID_compare(&m1->orginating_invocation_id, &m2->orginating_invocation_id); + ret = GUID_compare(&m1->originating_invocation_id, &m2->originating_invocation_id); if (ret != 0) { return ret; } - return m1->orginating_usn - m2->orginating_usn; + return m1->originating_usn - m2->originating_usn; } static int replmd_replicated_apply_merge_callback(struct ldb_context *ldb, -- cgit From 9b03286b32a916dbef59f1459eefa01f0ebfeed3 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 13 Mar 2007 00:59:06 +0000 Subject: r21806: I've been working over the last week to fix up the LDAP backend for Samba4. This only broke on global catalog queries, which turned out to be due to changes in the partitions module that metze needed for his DRSUAPI work. I've reworked partitions.c to always include the 'problematic' control, and therefore demonstrated that this is the issue. This ensures consistency, and should help with finding issues like this in future. As this control (DSDB_CONTROL_CURRENT_PARTITION_OID) is not intended to be linearised, I've added logic to allow it to be skipped when creating network packets. I've likewise make our LDAP server skip unknown controls, when marked 'not critical' on it's input, rather than just dropping the entire request. I need some help to generate a correct error packet when it is marked critical. Further work could perhaps be to have the ldap_encode routine return a textual description of what failed to encode, as that would have saved me a lot of time... Andrew Bartlett (This used to be commit eef710668f91d1bbaa2d834d9e653e11c8aac817) --- source4/dsdb/samdb/ldb_modules/partition.c | 61 +++++++++++++++++++----------- 1 file changed, 38 insertions(+), 23 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index bd037066ca..614431c563 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -205,11 +205,13 @@ error: } -static int partition_send_request(struct partition_context *ac, struct dsdb_control_current_partition *partition) +static int partition_send_request(struct partition_context *ac, struct ldb_control *remove_control, + struct dsdb_control_current_partition *partition) { int ret; struct ldb_module *backend; struct ldb_request *req; + struct ldb_control **saved_controls; if (partition) { backend = make_module_for_next_request(ac, ac->module->ldb, partition->module); @@ -231,7 +233,7 @@ static int partition_send_request(struct partition_context *ac, struct dsdb_cont *req = *ac->orig_req; /* copy the request */ - if (ac->orig_req->controls) { + if (req->controls) { req->controls = talloc_memdup(req, ac->orig_req->controls, talloc_get_size(ac->orig_req->controls)); @@ -259,6 +261,12 @@ static int partition_send_request(struct partition_context *ac, struct dsdb_cont req->context = ac; } + /* Remove a control, so we don't confuse a backend server */ + if (remove_control && !save_controls(remove_control, req, &saved_controls)) { + ldb_oom(ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + if (partition) { ret = ldb_request_add_control(req, DSDB_CONTROL_CURRENT_PARTITION_OID, false, partition); if (ret != LDB_SUCCESS) { @@ -278,17 +286,19 @@ static int partition_send_request(struct partition_context *ac, struct dsdb_cont /* Send a request down to all the partitions */ static int partition_send_all(struct ldb_module *module, - struct partition_context *ac, struct ldb_request *req) + struct partition_context *ac, + struct ldb_control *remove_control, + struct ldb_request *req) { int i; struct partition_private_data *data = talloc_get_type(module->private_data, struct partition_private_data); - int ret = partition_send_request(ac, NULL); + int ret = partition_send_request(ac, remove_control, NULL); if (ret != LDB_SUCCESS) { return ret; } for (i=0; data && data->partitions && data->partitions[i]; i++) { - ret = partition_send_request(ac, data->partitions[i]); + ret = partition_send_request(ac, remove_control, data->partitions[i]); if (ret != LDB_SUCCESS) { return ret; } @@ -307,18 +317,20 @@ static int partition_replicate(struct ldb_module *module, struct ldb_request *re struct partition_private_data *data = talloc_get_type(module->private_data, struct partition_private_data); - /* Is this a special DN, we need to replicate to every backend? */ - for (i=0; data->replicate && data->replicate[i]; i++) { - if (ldb_dn_compare(data->replicate[i], - dn) == 0) { - struct partition_context *ac; - - ac = partition_init_handle(req, module); - if (!ac) { - return LDB_ERR_OPERATIONS_ERROR; + if (req->operation != LDB_SEARCH) { + /* Is this a special DN, we need to replicate to every backend? */ + for (i=0; data->replicate && data->replicate[i]; i++) { + if (ldb_dn_compare(data->replicate[i], + dn) == 0) { + struct partition_context *ac; + + ac = partition_init_handle(req, module); + if (!ac) { + return LDB_ERR_OPERATIONS_ERROR; + } + + return partition_send_all(module, ac, NULL, req); } - - return partition_send_all(module, ac, req); } } @@ -371,7 +383,11 @@ static int partition_search(struct ldb_module *module, struct ldb_request *req) if (search_options && (search_options->search_options & LDB_SEARCH_OPTION_PHANTOM_ROOT)) { int ret, i; struct partition_context *ac; - + struct ldb_control *remove_control = NULL; + if ((search_options->search_options & ~LDB_SEARCH_OPTION_PHANTOM_ROOT) == 0) { + /* We have processed this flag, so we are done with this control now */ + remove_control = search_control; + } ac = partition_init_handle(req, module); if (!ac) { return LDB_ERR_OPERATIONS_ERROR; @@ -379,12 +395,12 @@ static int partition_search(struct ldb_module *module, struct ldb_request *req) /* Search from the base DN */ if (!req->op.search.base || ldb_dn_is_null(req->op.search.base)) { - return partition_send_all(module, ac, req); + return partition_send_all(module, ac, remove_control, req); } for (i=0; data && data->partitions && data->partitions[i]; i++) { /* Find all partitions under the search base */ if (ldb_dn_compare_base(req->op.search.base, data->partitions[i]->dn) == 0) { - ret = partition_send_request(ac, data->partitions[i]); + ret = partition_send_request(ac, remove_control, data->partitions[i]); if (ret != LDB_SUCCESS) { return ret; } @@ -399,9 +415,8 @@ static int partition_search(struct ldb_module *module, struct ldb_request *req) return LDB_SUCCESS; } else { - struct ldb_module *backend = find_backend(module, req, req->op.search.base); - - return ldb_next_request(backend, req); + /* Handle this like all other requests */ + return partition_replicate(module, req, req->op.search.base); } } @@ -672,7 +687,7 @@ static int partition_extended(struct ldb_module *module, struct ldb_request *req return LDB_ERR_OPERATIONS_ERROR; } - return partition_send_all(module, ac, req); + return partition_send_all(module, ac, NULL, req); } static int sort_compare(void *void1, -- cgit From 97d2f1cc407bac02e57bed05090c227daa870c98 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 14 Mar 2007 12:07:56 +0000 Subject: r21838: generate no metadata for constructed attributes metze (This used to be commit 7e0620e524886a66dbdb16f35fee4f51f2867a2a) --- source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index 01f1979eb0..bbd8a1e8a2 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -492,8 +492,10 @@ static int replmd_add_originating(struct ldb_module *module, return LDB_ERR_NO_SUCH_ATTRIBUTE; } - if (sa->systemFlags & 0x00000001) { - /* attribute is not replicated so it has no meta data */ + if ((sa->systemFlags & 0x00000001) || (sa->systemFlags & 0x00000004)) { + /* if the attribute is not replicated (0x00000001) + * or constructed (0x00000004) it has no metadata + */ continue; } -- cgit From 41c545350748f79fd543e2ac914f63139cf0b9e7 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 14 Mar 2007 19:10:21 +0000 Subject: r21839: add my email address metze (This used to be commit e3be33c1d9f9e44ef37e6ef72a23576474f6e725) --- source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 2 +- source4/dsdb/samdb/ldb_modules/schema_fsmo.c | 2 +- source4/dsdb/samdb/ldb_modules/show_deleted.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index bbd8a1e8a2..8306f0d658 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -4,7 +4,7 @@ Copyright (C) Simo Sorce 2004-2006 Copyright (C) Andrew Bartlett 2005 Copyright (C) Andrew Tridgell 2005 - Copyright (C) Stefan Metzmacher 2007 + Copyright (C) Stefan Metzmacher 2007 ** NOTE! The following LGPL license applies to the ldb ** library. This does NOT imply that all of Samba is released diff --git a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c index 231042fe66..eb5d7e8e8e 100644 --- a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c +++ b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c @@ -4,7 +4,7 @@ The module that handles the Schema FSMO Role Owner checkings, it also loads the dsdb_schema. - Copyright (C) Stefan Metzmacher 2007 + Copyright (C) Stefan Metzmacher 2007 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff --git a/source4/dsdb/samdb/ldb_modules/show_deleted.c b/source4/dsdb/samdb/ldb_modules/show_deleted.c index b94fe39c9a..50e0e675c5 100644 --- a/source4/dsdb/samdb/ldb_modules/show_deleted.c +++ b/source4/dsdb/samdb/ldb_modules/show_deleted.c @@ -2,7 +2,7 @@ ldb database library Copyright (C) Simo Sorce 2005 - Copyright (C) Stefa Metzmacher 2007 + Copyright (C) Stefa Metzmacher 2007 ** NOTE! The following LGPL license applies to the ldb ** library. This does NOT imply that all of Samba is released -- cgit From d75526914145cd9ffcc07ac6f1d4fc99f56adb56 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 15 Mar 2007 07:22:49 +0000 Subject: r21842: fix typo in comment metze (This used to be commit 8fcd5209ae46823f7d99bddff6e61873e75dd24c) --- source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index 8306f0d658..fccd5725e8 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -700,7 +700,7 @@ static int replmd_replicated_apply_add_callback(struct ldb_context *ldb, void *private_data, struct ldb_reply *ares) { -#ifdef REPLMD_FULL_ASYNC /* TODO: active this code when ldb support full async code */ +#ifdef REPLMD_FULL_ASYNC /* TODO: activate this code when ldb support full async code */ struct replmd_replicated_request *ar = talloc_get_type(private_data, struct replmd_replicated_request); @@ -794,7 +794,7 @@ static int replmd_replicated_apply_add(struct replmd_replicated_request *ar) replmd_replicated_apply_add_callback); if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret); -#ifdef REPLMD_FULL_ASYNC /* TODO: active this code when ldb support full async code */ +#ifdef REPLMD_FULL_ASYNC /* TODO: activate this code when ldb support full async code */ return ldb_next_request(ar->module, ar->sub.change_req); #else ret = ldb_next_request(ar->module, ar->sub.change_req); @@ -839,7 +839,7 @@ static int replmd_replicated_apply_merge_callback(struct ldb_context *ldb, void *private_data, struct ldb_reply *ares) { -#ifdef REPLMD_FULL_ASYNC /* TODO: active this code when ldb support full async code */ +#ifdef REPLMD_FULL_ASYNC /* TODO: activate this code when ldb support full async code */ struct replmd_replicated_request *ar = talloc_get_type(private_data, struct replmd_replicated_request); @@ -1034,7 +1034,7 @@ static int replmd_replicated_apply_merge(struct replmd_replicated_request *ar) replmd_replicated_apply_merge_callback); if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret); -#ifdef REPLMD_FULL_ASYNC /* TODO: active this code when ldb support full async code */ +#ifdef REPLMD_FULL_ASYNC /* TODO: activate this code when ldb support full async code */ return ldb_next_request(ar->module, ar->sub.change_req); #else ret = ldb_next_request(ar->module, ar->sub.change_req); @@ -1077,7 +1077,7 @@ static int replmd_replicated_apply_search_callback(struct ldb_context *ldb, talloc_free(ares); -#ifdef REPLMD_FULL_ASYNC /* TODO: active this code when ldb support full async code */ +#ifdef REPLMD_FULL_ASYNC /* TODO: activate this code when ldb support full async code */ if (is_done) { ar->sub.search_ret = ldb_wait(ar->sub.search_req->handle, LDB_WAIT_ALL); if (ar->sub.search_ret != LDB_SUCCESS) { @@ -1117,7 +1117,7 @@ static int replmd_replicated_apply_search(struct replmd_replicated_request *ar) replmd_replicated_apply_search_callback); if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret); -#ifdef REPLMD_FULL_ASYNC /* TODO: active this code when ldb support full async code */ +#ifdef REPLMD_FULL_ASYNC /* TODO: activate this code when ldb support full async code */ return ldb_next_request(ar->module, ar->sub.search_req); #else ret = ldb_next_request(ar->module, ar->sub.search_req); @@ -1137,7 +1137,7 @@ static int replmd_replicated_apply_search(struct replmd_replicated_request *ar) static int replmd_replicated_apply_next(struct replmd_replicated_request *ar) { -#ifdef REPLMD_FULL_ASYNC /* TODO: active this code when ldb support full async code */ +#ifdef REPLMD_FULL_ASYNC /* TODO: activate this code when ldb support full async code */ if (ar->index_current >= ar->objs->num_objects) { return replmd_replicated_uptodate_vector(ar); } @@ -1153,7 +1153,7 @@ static int replmd_replicated_uptodate_modify_callback(struct ldb_context *ldb, void *private_data, struct ldb_reply *ares) { -#ifdef REPLMD_FULL_ASYNC /* TODO: active this code when ldb support full async code */ +#ifdef REPLMD_FULL_ASYNC /* TODO: activate this code when ldb support full async code */ struct replmd_replicated_request *ar = talloc_get_type(private_data, struct replmd_replicated_request); @@ -1453,7 +1453,7 @@ static int replmd_replicated_uptodate_modify(struct replmd_replicated_request *a replmd_replicated_uptodate_modify_callback); if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret); -#ifdef REPLMD_FULL_ASYNC /* TODO: active this code when ldb support full async code */ +#ifdef REPLMD_FULL_ASYNC /* TODO: activate this code when ldb support full async code */ return ldb_next_request(ar->module, ar->sub.change_req); #else ret = ldb_next_request(ar->module, ar->sub.change_req); @@ -1493,7 +1493,7 @@ static int replmd_replicated_uptodate_search_callback(struct ldb_context *ldb, talloc_free(ares); -#ifdef REPLMD_FULL_ASYNC /* TODO: active this code when ldb support full async code */ +#ifdef REPLMD_FULL_ASYNC /* TODO: activate this code when ldb support full async code */ if (is_done) { ar->sub.search_ret = ldb_wait(ar->sub.search_req->handle, LDB_WAIT_ALL); if (ar->sub.search_ret != LDB_SUCCESS) { @@ -1530,7 +1530,7 @@ static int replmd_replicated_uptodate_search(struct replmd_replicated_request *a replmd_replicated_uptodate_search_callback); if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret); -#ifdef REPLMD_FULL_ASYNC /* TODO: active this code when ldb support full async code */ +#ifdef REPLMD_FULL_ASYNC /* TODO: activate this code when ldb support full async code */ return ldb_next_request(ar->module, ar->sub.search_req); #else ret = ldb_next_request(ar->module, ar->sub.search_req); @@ -1580,7 +1580,7 @@ static int replmd_extended_replicated_objects(struct ldb_module *module, struct return LDB_ERR_OPERATIONS_ERROR; } -#ifdef REPLMD_FULL_ASYNC /* TODO: active this code when ldb support full async code */ +#ifdef REPLMD_FULL_ASYNC /* TODO: activate this code when ldb support full async code */ return replmd_replicated_apply_next(ar); #else while (ar->index_current < ar->objs->num_objects && -- cgit From 344cde462e460c5a6effa6651e039d6384681eea Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 20 Apr 2007 11:04:13 +0000 Subject: r22406: this dependencies should also be private metze (This used to be commit 7f07895cac3e933b39f81bf67812834352184af0) --- source4/dsdb/samdb/ldb_modules/config.mk | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index b50e275ebf..52945499ee 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -2,12 +2,10 @@ # Start MODULE ldb_objectguid [MODULE::ldb_objectguid] SUBSYSTEM = ldb -PRIVATE_DEPENDENCIES = LIBTALLOC +PRIVATE_DEPENDENCIES = LIBTALLOC LIBNDR NDR_MISC INIT_FUNCTION = objectguid_module_init OBJ_FILES = \ objectguid.o -PUBLIC_DEPENDENCIES = \ - LIBNDR NDR_MISC # End MODULE ldb_objectguid ################################################ @@ -152,13 +150,11 @@ OBJ_FILES = local_password.o ################################################ # Start MODULE ldb_kludge_acl [MODULE::ldb_kludge_acl] -PRIVATE_DEPENDENCIES = LIBTALLOC +PRIVATE_DEPENDENCIES = LIBTALLOC LIBSECURITY SUBSYSTEM = ldb INIT_FUNCTION = ldb_kludge_acl_init OBJ_FILES = \ kludge_acl.o -PUBLIC_DEPENDENCIES = \ - LIBSECURITY # # End MODULE ldb_kludge_acl ################################################ -- cgit From 47e0c78bac90f2c22410ee6609f802c9764e2109 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 23 Apr 2007 07:25:09 +0000 Subject: r22476: The OID match is used very oddly in AD, as it is often used for fields that contain attribute names and objectClasses. Make it a case insensitive string for now. Andrew Bartlett (This used to be commit 9908a05ef70c748c699b5a18178e7948f7814d7a) --- source4/dsdb/samdb/ldb_modules/entryUUID.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/entryUUID.c b/source4/dsdb/samdb/ldb_modules/entryUUID.c index 7cd79cb730..3196069fa8 100644 --- a/source4/dsdb/samdb/ldb_modules/entryUUID.c +++ b/source4/dsdb/samdb/ldb_modules/entryUUID.c @@ -360,6 +360,7 @@ const struct ldb_map_attribute entryUUID_attributes[] = } } }, +#if 0 { .local_name = "allowedChildClassesEffective", .type = MAP_CONVERT, @@ -371,6 +372,7 @@ const struct ldb_map_attribute entryUUID_attributes[] = }, }, }, +#endif { .local_name = "objectCategory", .type = MAP_CONVERT, @@ -508,6 +510,7 @@ const struct ldb_map_attribute nsuniqueid_attributes[] = } } }, +#if 0 { .local_name = "allowedChildClassesEffective", .type = MAP_CONVERT, @@ -519,6 +522,7 @@ const struct ldb_map_attribute nsuniqueid_attributes[] = }, }, }, +#endif { .local_name = "objectCategory", .type = MAP_CONVERT, -- cgit From 17078a46b899c8af2f38479391094a0b2b1a3d5b Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 24 Apr 2007 05:57:56 +0000 Subject: r22497: Support renaming objectclasses and attributes for the LDAP backend. OpenLDAP is fussy about operational attributes in user-supplied schema. Andrew Bartlett (This used to be commit d7cd4b768a7f56ced8ed94b9a63d01865ba7d10a) --- source4/dsdb/samdb/ldb_modules/entryUUID.c | 27 ++++++++++++++++++++++++--- 1 file changed, 24 insertions(+), 3 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/entryUUID.c b/source4/dsdb/samdb/ldb_modules/entryUUID.c index 3196069fa8..314e44111a 100644 --- a/source4/dsdb/samdb/ldb_modules/entryUUID.c +++ b/source4/dsdb/samdb/ldb_modules/entryUUID.c @@ -351,6 +351,15 @@ const struct ldb_map_attribute entryUUID_attributes[] = } } }, + { + .local_name = "objectClasses", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "sambaObjectClasses" + } + } + }, { .local_name = "sambaPassword", .type = MAP_RENAME, @@ -446,9 +455,21 @@ const struct ldb_map_attribute entryUUID_attributes[] = } }; +/* This objectClass conflicts with builtin classes on OpenLDAP */ +const struct ldb_map_objectclass entryUUID_objectclasses[] = +{ + { + .local_name = "subSchema", + .remote_name = "samba4SubSchema" + }, + { + .local_name = NULL + } +}; + /* These things do not show up in wildcard searches in OpenLDAP, but * we need them to show up in the AD-like view */ -const char * const wildcard_attributes[] = { +const char * const entryUUID_wildcard_attributes[] = { "objectGUID", "whenCreated", "whenChanged", @@ -471,7 +492,7 @@ const struct ldb_map_attribute nsuniqueid_attributes[] = }, }, }, - /* objectSid */ + /* objectSid */ { .local_name = "objectSid", .type = MAP_CONVERT, @@ -751,7 +772,7 @@ static int entryUUID_init(struct ldb_module *module) struct entryUUID_private *entryUUID_private; struct ldb_dn *schema_dn; - ret = ldb_map_init(module, entryUUID_attributes, NULL, wildcard_attributes, NULL); + ret = ldb_map_init(module, entryUUID_attributes, entryUUID_objectclasses, entryUUID_wildcard_attributes, NULL); if (ret != LDB_SUCCESS) return ret; -- cgit From 9aeaac2c2bf37431ed60cfe86f25dd9ee5505937 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 25 Apr 2007 16:36:15 +0000 Subject: r22521: Don't fail the module load just because we don't have a schema yet. This code to be replaced by metze's schema loader soon... Andrew Bartlett (This used to be commit a354ec282232c00d149304d90f9b8ef01c9a2e5f) --- source4/dsdb/samdb/ldb_modules/entryUUID.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/entryUUID.c b/source4/dsdb/samdb/ldb_modules/entryUUID.c index 314e44111a..605614f160 100644 --- a/source4/dsdb/samdb/ldb_modules/entryUUID.c +++ b/source4/dsdb/samdb/ldb_modules/entryUUID.c @@ -790,8 +790,8 @@ static int entryUUID_init(struct ldb_module *module) ret = fetch_objectclass_schema(module->ldb, schema_dn, entryUUID_private, &entryUUID_private->objectclass_res); if (ret != LDB_SUCCESS) { - ldb_asprintf_errstring(module->ldb, "Failed to fetch objectClass schema elements: %s\n", ldb_errstring(module->ldb)); - return ret; + /* Perhaps no schema yet */ + return LDB_SUCCESS; } ret = find_base_dns(module, entryUUID_private); @@ -825,8 +825,8 @@ static int nsuniqueid_init(struct ldb_module *module) ret = fetch_objectclass_schema(module->ldb, schema_dn, entryUUID_private, &entryUUID_private->objectclass_res); if (ret != LDB_SUCCESS) { - ldb_asprintf_errstring(module->ldb, "Failed to fetch objectClass schema elements: %s\n", ldb_errstring(module->ldb)); - return ret; + /* Perhaps no schema yet */ + return LDB_SUCCESS; } ret = find_base_dns(module, entryUUID_private); -- cgit From 4d23d4b21029c7958055cf8fac1052ad16f67752 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 27 Apr 2007 11:13:37 +0000 Subject: r22531: Fix up OpenLDAP schema map to almost pass 'make test'. Andrew Bartlett (This used to be commit ef9320ae5b0b01bd39b60c22ff4e3698ac0ae9a7) --- source4/dsdb/samdb/ldb_modules/entryUUID.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/entryUUID.c b/source4/dsdb/samdb/ldb_modules/entryUUID.c index 605614f160..397642c484 100644 --- a/source4/dsdb/samdb/ldb_modules/entryUUID.c +++ b/source4/dsdb/samdb/ldb_modules/entryUUID.c @@ -356,7 +356,25 @@ const struct ldb_map_attribute entryUUID_attributes[] = .type = MAP_RENAME, .u = { .rename = { - .remote_name = "sambaObjectClasses" + .remote_name = "samba4ObjectClasses" + } + } + }, + { + .local_name = "dITContentRules", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "samba4DITContentRules" + } + } + }, + { + .local_name = "attributeTypes", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "samba4AttributeTypes" } } }, -- cgit From f34c57f4fc1a1817735ddb653011e6deb0edf912 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 28 Apr 2007 15:18:25 +0000 Subject: r22557: Simo has long bugged me that the paths in the sam.ldb partitions were not relative to the location of the sam.ldb, but instead lp_private_dir(). This fixes that issue. Andrew Bartlett (This used to be commit c0fd6f63399d55a1938e31ae7b10689cc02ff2fa) --- source4/dsdb/samdb/ldb_modules/partition.c | 31 +++++++++++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index 614431c563..b301a98534 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -703,6 +703,33 @@ static int sort_compare(void *void1, return ldb_dn_compare(partition1->dn, partition2->dn); } +static const char *relative_path(struct ldb_module *module, + TALLOC_CTX *mem_ctx, + const char *name) +{ + const char *base_url = ldb_get_opaque(module->ldb, "ldb_url"); + char *path, *p, *full_name; + if (name == NULL) { + return NULL; + } + if (name[0] == 0 || name[0] == '/' || strstr(name, ":/")) { + return talloc_strdup(mem_ctx, name); + } + path = talloc_strdup(mem_ctx, base_url); + if (path == NULL) { + return NULL; + } + if ( (p = strrchr(path, '/')) != NULL) { + p[0] = '\0'; + } else { + talloc_free(path); + return NULL; + } + full_name = talloc_asprintf(mem_ctx, "%s/%s", path, name); + talloc_free(path); + return full_name; +} + static int partition_init(struct ldb_module *module) { int ret, i; @@ -791,7 +818,9 @@ static int partition_init(struct ldb_module *module) return LDB_ERR_CONSTRAINT_VIOLATION; } - data->partitions[i]->backend = private_path(data->partitions[i], p); + data->partitions[i]->backend = relative_path(module, + data->partitions[i], + p); ret = ldb_connect_backend(module->ldb, data->partitions[i]->backend, NULL, &data->partitions[i]->module); if (ret != LDB_SUCCESS) { talloc_free(mem_ctx); -- cgit From 52fb06edc25e8538c413df1aaabba18c859a00cf Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sat, 5 May 2007 18:50:56 +0000 Subject: r22681: Fix standalone ldb build when parent directory name != ldb. (This used to be commit 1093875d59f1ea9b8bd82277d4f9d8366e584952) --- source4/dsdb/samdb/ldb_modules/objectguid.c | 2 +- source4/dsdb/samdb/ldb_modules/partition.c | 2 +- source4/dsdb/samdb/ldb_modules/update_keytab.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/objectguid.c b/source4/dsdb/samdb/ldb_modules/objectguid.c index 76413ca56b..457440804b 100644 --- a/source4/dsdb/samdb/ldb_modules/objectguid.c +++ b/source4/dsdb/samdb/ldb_modules/objectguid.c @@ -35,7 +35,7 @@ */ #include "includes.h" -#include "ldb/include/includes.h" +#include "ldb/include/ldb_includes.h" #include "librpc/gen_ndr/ndr_misc.h" static struct ldb_message_element *objectguid_find_attribute(const struct ldb_message *msg, const char *name) diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index b301a98534..b0875d2965 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -36,7 +36,7 @@ */ #include "includes.h" -#include "ldb/include/includes.h" +#include "ldb/include/ldb_includes.h" #include "dsdb/samdb/samdb.h" struct partition_private_data { diff --git a/source4/dsdb/samdb/ldb_modules/update_keytab.c b/source4/dsdb/samdb/ldb_modules/update_keytab.c index 21c9539e91..7b74a77e54 100644 --- a/source4/dsdb/samdb/ldb_modules/update_keytab.c +++ b/source4/dsdb/samdb/ldb_modules/update_keytab.c @@ -29,7 +29,7 @@ */ #include "includes.h" -#include "ldb/include/includes.h" +#include "ldb/include/ldb_includes.h" #include "auth/credentials/credentials.h" #include "auth/credentials/credentials_krb5.h" #include "system/kerberos.h" -- cgit From cc26fe9b749d00bc7c002f6a5a24ff67af497c49 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 8 May 2007 21:17:58 +0000 Subject: r22762: Some ldb_map changes: * Change license to LGPL, so it can be used by non-Samba users of LDB (cleared with Martin as well). * Include ldb_map in standalone build. * Move ldb_map to its own directory (This used to be commit a90202abca26c0da5425a2f3dd8494077c3290fd) --- source4/dsdb/samdb/ldb_modules/config.mk | 38 ++++++++++++++++---------------- 1 file changed, 19 insertions(+), 19 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index 52945499ee..f49753586e 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -1,7 +1,7 @@ ################################################ # Start MODULE ldb_objectguid [MODULE::ldb_objectguid] -SUBSYSTEM = ldb +SUBSYSTEM = LIBLDB PRIVATE_DEPENDENCIES = LIBTALLOC LIBNDR NDR_MISC INIT_FUNCTION = objectguid_module_init OBJ_FILES = \ @@ -12,7 +12,7 @@ OBJ_FILES = \ ################################################ # Start MODULE ldb_repl_mata_data [MODULE::ldb_repl_meta_data] -SUBSYSTEM = ldb +SUBSYSTEM = LIBLDB PRIVATE_DEPENDENCIES = SAMDB LIBTALLOC LIBNDR NDR_MISC NDR_DRSUAPI NDR_DRSBLOBS INIT_FUNCTION = repl_meta_data_module_init OBJ_FILES = \ @@ -23,7 +23,7 @@ OBJ_FILES = \ ################################################ # Start MODULE ldb_dsdb_cache [MODULE::ldb_dsdb_cache] -SUBSYSTEM = ldb +SUBSYSTEM = LIBLDB PRIVATE_DEPENDENCIES = SAMDB LIBTALLOC INIT_FUNCTION = dsdb_cache_module_init OBJ_FILES = \ @@ -34,7 +34,7 @@ OBJ_FILES = \ ################################################ # Start MODULE ldb_schema_fsmo [MODULE::ldb_schema_fsmo] -SUBSYSTEM = ldb +SUBSYSTEM = LIBLDB PRIVATE_DEPENDENCIES = SAMDB LIBTALLOC INIT_FUNCTION = schema_fsmo_module_init OBJ_FILES = \ @@ -45,7 +45,7 @@ OBJ_FILES = \ ################################################ # Start MODULE ldb_naming_fsmo [MODULE::ldb_naming_fsmo] -SUBSYSTEM = ldb +SUBSYSTEM = LIBLDB PRIVATE_DEPENDENCIES = SAMDB LIBTALLOC INIT_FUNCTION = naming_fsmo_module_init OBJ_FILES = \ @@ -56,7 +56,7 @@ OBJ_FILES = \ ################################################ # Start MODULE ldb_pdc_fsmo [MODULE::ldb_pdc_fsmo] -SUBSYSTEM = ldb +SUBSYSTEM = LIBLDB PRIVATE_DEPENDENCIES = SAMDB LIBTALLOC INIT_FUNCTION = pdc_fsmo_module_init OBJ_FILES = \ @@ -67,7 +67,7 @@ OBJ_FILES = \ ################################################ # Start MODULE ldb_samldb [MODULE::ldb_samldb] -SUBSYSTEM = ldb +SUBSYSTEM = LIBLDB PRIVATE_DEPENDENCIES = LIBTALLOC INIT_FUNCTION = samldb_module_init OBJ_FILES = \ @@ -79,7 +79,7 @@ OBJ_FILES = \ ################################################ # Start MODULE ldb_samba3sam [MODULE::ldb_samba3sam] -SUBSYSTEM = ldb +SUBSYSTEM = LIBLDB INIT_FUNCTION = ldb_samba3sam_module_init PRIVATE_DEPENDENCIES = LIBTALLOC ldb_map SMBPASSWD OBJ_FILES = \ @@ -91,7 +91,7 @@ OBJ_FILES = \ ################################################ # Start MODULE ldb_entryUUID [MODULE::ldb_entryUUID] -SUBSYSTEM = ldb +SUBSYSTEM = LIBLDB INIT_FUNCTION = ldb_entryUUID_module_init PRIVATE_DEPENDENCIES = LIBTALLOC ENABLE = YES @@ -104,7 +104,7 @@ OBJ_FILES = \ # ################################################ # # Start MODULE ldb_proxy # [MODULE::ldb_proxy] -# SUBSYSTEM = ldb +# SUBSYSTEM = LIBLDB # INIT_FUNCTION = proxy_module_init # OBJ_FILES = \ # proxy.o @@ -116,7 +116,7 @@ OBJ_FILES = \ ################################################ # Start MODULE ldb_rootdse [MODULE::ldb_rootdse] -SUBSYSTEM = ldb +SUBSYSTEM = LIBLDB PRIVATE_DEPENDENCIES = LIBTALLOC INIT_FUNCTION = rootdse_module_init OBJ_FILES = \ @@ -128,7 +128,7 @@ OBJ_FILES = \ ################################################ # Start MODULE ldb_password_hash [MODULE::ldb_password_hash] -SUBSYSTEM = ldb +SUBSYSTEM = LIBLDB INIT_FUNCTION = password_hash_module_init OBJ_FILES = password_hash.o PRIVATE_DEPENDENCIES = HEIMDAL_HDB_KEYS LIBTALLOC HEIMDAL_KRB5 @@ -140,7 +140,7 @@ PRIVATE_DEPENDENCIES = HEIMDAL_HDB_KEYS LIBTALLOC HEIMDAL_KRB5 # Start MODULE ldb_local_password [MODULE::ldb_local_password] PRIVATE_DEPENDENCIES = LIBTALLOC -SUBSYSTEM = ldb +SUBSYSTEM = LIBLDB INIT_FUNCTION = local_password_module_init OBJ_FILES = local_password.o # @@ -151,7 +151,7 @@ OBJ_FILES = local_password.o # Start MODULE ldb_kludge_acl [MODULE::ldb_kludge_acl] PRIVATE_DEPENDENCIES = LIBTALLOC LIBSECURITY -SUBSYSTEM = ldb +SUBSYSTEM = LIBLDB INIT_FUNCTION = ldb_kludge_acl_init OBJ_FILES = \ kludge_acl.o @@ -162,7 +162,7 @@ OBJ_FILES = \ ################################################ # Start MODULE ldb_extended_dn [MODULE::ldb_extended_dn] -SUBSYSTEM = ldb +SUBSYSTEM = LIBLDB PRIVATE_DEPENDENCIES = LIBTALLOC INIT_FUNCTION = ldb_extended_dn_init OBJ_FILES = \ @@ -174,7 +174,7 @@ OBJ_FILES = \ ################################################ # Start MODULE ldb_show_deleted [MODULE::ldb_show_deleted] -SUBSYSTEM = ldb +SUBSYSTEM = LIBLDB PRIVATE_DEPENDENCIES = LIBTALLOC INIT_FUNCTION = ldb_show_deleted_init OBJ_FILES = \ @@ -186,7 +186,7 @@ OBJ_FILES = \ ################################################ # Start MODULE ldb_partition [MODULE::ldb_partition] -SUBSYSTEM = ldb +SUBSYSTEM = LIBLDB PRIVATE_DEPENDENCIES = LIBTALLOC INIT_FUNCTION = ldb_partition_init OBJ_FILES = \ @@ -198,7 +198,7 @@ OBJ_FILES = \ ################################################ # Start MODULE ldb_schema [MODULE::ldb_schema] -SUBSYSTEM = ldb +SUBSYSTEM = LIBLDB PRIVATE_DEPENDENCIES = LIBTALLOC INIT_FUNCTION = ldb_schema_init OBJ_FILES = \ @@ -210,7 +210,7 @@ OBJ_FILES = \ ################################################ # Start MODULE ldb_update_kt [MODULE::ldb_update_kt] -SUBSYSTEM = ldb +SUBSYSTEM = LIBLDB PRIVATE_DEPENDENCIES = LIBTALLOC CREDENTIALS_KRB5 #Also depends on credentials, but that would loop INIT_FUNCTION = ldb_update_kt_init -- cgit From cf4d161f15fd6c81764a1ae13d1f6211a94020c5 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 9 May 2007 11:51:39 +0000 Subject: r22769: Fix include location. (This used to be commit 74d51579aff73913cae31734bddc3b5a48cd32fa) --- source4/dsdb/samdb/ldb_modules/entryUUID.c | 2 +- source4/dsdb/samdb/ldb_modules/samba3sam.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/entryUUID.c b/source4/dsdb/samdb/ldb_modules/entryUUID.c index 397642c484..49967c3b88 100644 --- a/source4/dsdb/samdb/ldb_modules/entryUUID.c +++ b/source4/dsdb/samdb/ldb_modules/entryUUID.c @@ -31,7 +31,7 @@ #include "ldb/include/ldb.h" #include "ldb/include/ldb_private.h" #include "ldb/include/ldb_errors.h" -#include "ldb/modules/ldb_map.h" +#include "ldb/ldb_map/ldb_map.h" #include "librpc/gen_ndr/ndr_misc.h" #include "librpc/ndr/libndr.h" diff --git a/source4/dsdb/samdb/ldb_modules/samba3sam.c b/source4/dsdb/samdb/ldb_modules/samba3sam.c index 170b859584..d5a1045f93 100644 --- a/source4/dsdb/samdb/ldb_modules/samba3sam.c +++ b/source4/dsdb/samdb/ldb_modules/samba3sam.c @@ -9,7 +9,7 @@ #include "ldb/include/ldb.h" #include "ldb/include/ldb_private.h" #include "ldb/include/ldb_errors.h" -#include "ldb/modules/ldb_map.h" +#include "ldb/ldb_map/ldb_map.h" #include "system/passwd.h" #include "librpc/gen_ndr/ndr_security.h" -- cgit From c42219d7352bd2e7a6413f7ae1cd0fd5cded1d95 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 17 May 2007 08:47:04 +0000 Subject: r22969: fix some more places where we could end up with more than one event context. We now have an event context on the torture_context, and we can also get one from the cli_credentials structure (This used to be commit c0f65eb6562e13530337c23e3447a6aa6eb8fc17) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 780dc69b23..2db76f8439 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -1430,7 +1430,9 @@ static int password_hash_add_do_add(struct ldb_handle *h) { } /* Some operations below require kerberos contexts */ - if (smb_krb5_init_context(ac->down_req, &smb_krb5_context) != 0) { + if (smb_krb5_init_context(ac->down_req, + ldb_get_opaque(h->module->ldb, "EventContext"), + &smb_krb5_context) != 0) { return LDB_ERR_OPERATIONS_ERROR; } @@ -1760,7 +1762,9 @@ static int password_hash_mod_do_mod(struct ldb_handle *h) { msg->dn = ac->orig_req->op.mod.message->dn; /* Some operations below require kerberos contexts */ - if (smb_krb5_init_context(ac->mod_req, &smb_krb5_context) != 0) { + if (smb_krb5_init_context(ac->mod_req, + ldb_get_opaque(h->module->ldb, "EventContext"), + &smb_krb5_context) != 0) { return LDB_ERR_OPERATIONS_ERROR; } -- cgit From d863f65d93412f58d74c1960e72d0114df531118 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 18 May 2007 08:09:51 +0000 Subject: r22991: ignore '@foo' attributes in the repl_meta_data module metze (This used to be commit b592ac1c2c91a72a8aae8ed11d74cba3ce0778c5) --- source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index fccd5725e8..9dfd2ef822 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -483,6 +483,8 @@ static int replmd_add_originating(struct ldb_module *module, struct replPropertyMetaData1 *m = &nmd.ctr.ctr1.array[ni]; const struct dsdb_attribute *sa; + if (e->name[0] == '@') continue; + sa = dsdb_attribute_by_lDAPDisplayName(schema, e->name); if (!sa) { ldb_debug_set(module->ldb, LDB_DEBUG_ERROR, -- cgit From d43cb597ba110c837ff836804252a31bc5dac138 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 11 Jun 2007 03:45:56 +0000 Subject: r23412: We don't need hdb.h here any more (This used to be commit 1abda90f15bcfb56ac56b01fd2b7343fade3843c) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 1 - 1 file changed, 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 2db76f8439..5a5099c22e 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -45,7 +45,6 @@ #include "system/time.h" #include "dsdb/samdb/samdb.h" #include "dsdb/common/flags.h" -#include "hdb.h" #include "dsdb/samdb/ldb_modules/password_modules.h" #include "librpc/ndr/libndr.h" #include "librpc/gen_ndr/ndr_drsblobs.h" -- cgit From e9d19477e43b65f91bd152f5249b684dbefa5cc6 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 21 Jun 2007 10:18:20 +0000 Subject: r23560: - Activate metze's schema modules (from metze's schema-loading-13 patch). - samba3sam.js: rework the samba3sam test to not use objectCategory, as it's has special rules (dnsName a simple match) - ldap.js: Test the ordering of the objectClass attributes for the baseDN - schema_init.c: Load the mayContain and mustContain (and system...) attributes when reading the schema from ldb - To make the schema load not suck in terms of performance, write the schema into a static global variable - ldif_handlers.c: Match objectCategory for equality and canonicolisation based on the loaded schema, not simple tring manipuation - ldb_msg.c: don't duplicate attributes when adding attributes to a list - kludge_acl.c: return allowedAttributesEffective based on schema results and privilages Andrew Bartlett (This used to be commit dcff83ebe463bc7391841f55856d7915c204d000) --- source4/dsdb/samdb/ldb_modules/kludge_acl.c | 101 +++++++++++++++++++++++++-- source4/dsdb/samdb/ldb_modules/schema_fsmo.c | 4 ++ 2 files changed, 101 insertions(+), 4 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index ff0dd062fb..6b043aeb40 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -37,6 +37,7 @@ #include "ldb/include/ldb_private.h" #include "auth/auth.h" #include "libcli/security/security.h" +#include "dsdb/samdb/samdb.h" /* Kludge ACL rules: * @@ -105,13 +106,74 @@ struct kludge_acl_context { int (*up_callback)(struct ldb_context *, void *, struct ldb_reply *); enum user_is user_type; + bool allowedAttributes; + bool allowedAttributesEffective; + const char **attrs; }; +/* read all objectClasses */ + +static int kludge_acl_allowedAttributes(struct ldb_context *ldb, struct ldb_message *msg, + const char *attrName) +{ + struct ldb_message_element *oc_el = ldb_msg_find_element(msg, "objectClass"); + struct ldb_message_element *allowedAttributes; + const struct dsdb_schema *schema = dsdb_get_schema(ldb); + const struct dsdb_class *class; + int i, j, ret; + ret = ldb_msg_add_empty(msg, attrName, 0, &allowedAttributes); + if (ret != LDB_SUCCESS) { + return ret; + } + + for (i=0; i < oc_el->num_values; i++) { + class = dsdb_class_by_lDAPDisplayName(schema, (const char *)oc_el->values[i].data); + if (!class) { + /* We don't know this class? what is going on? */ + continue; + } + for (j=0; class->mayContain && class->mayContain[j]; j++) { + ldb_msg_add_string(msg, attrName, class->mayContain[j]); + } + for (j=0; class->mustContain && class->mustContain[j]; j++) { + ldb_msg_add_string(msg, attrName, class->mustContain[j]); + } + for (j=0; class->systemMayContain && class->systemMayContain[j]; j++) { + ldb_msg_add_string(msg, attrName, class->systemMayContain[j]); + } + for (j=0; class->systemMustContain && class->systemMustContain[j]; j++) { + ldb_msg_add_string(msg, attrName, class->systemMustContain[j]); + } + } + + if (allowedAttributes->num_values > 1) { + qsort(allowedAttributes->values, + allowedAttributes->num_values, + sizeof(*allowedAttributes->values), + data_blob_cmp); + + for (i=1 ; i < allowedAttributes->num_values; i++) { + struct ldb_val *val1 = &allowedAttributes->values[i-1]; + struct ldb_val *val2 = &allowedAttributes->values[i]; + if (data_blob_cmp(val1, val2) == 0) { + memmove(val1, val2, (allowedAttributes->num_values - i) * sizeof( struct ldb_val)); + allowedAttributes->num_values--; + i--; + } + } + } + + return 0; + +} + +/* find all attributes allowed by all these objectClasses */ + static int kludge_acl_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) { struct kludge_acl_context *ac; struct kludge_private_data *data; - int i; + int i, ret; if (!context || !ares) { ldb_set_errstring(ldb, "NULL Context or Result in callback"); @@ -121,12 +183,28 @@ static int kludge_acl_callback(struct ldb_context *ldb, void *context, struct ld ac = talloc_get_type(context, struct kludge_acl_context); data = talloc_get_type(ac->module->private_data, struct kludge_private_data); - if (ares->type == LDB_REPLY_ENTRY - && data && data->password_attrs) /* if we are not initialized just get through */ + if (ares->type != LDB_REPLY_ENTRY) { + return ac->up_callback(ldb, ac->up_context, ares); + } + + if (ac->allowedAttributes) { + ret = kludge_acl_allowedAttributes(ldb, ares->message, "allowedAttributes"); + if (ret != LDB_SUCCESS) { + return ret; + } + } + + if (data && data->password_attrs) /* if we are not initialized just get through */ { switch (ac->user_type) { case SYSTEM: case ADMINISTRATOR: + if (ac->allowedAttributesEffective) { + ret = kludge_acl_allowedAttributes(ldb, ares->message, "allowedAttributesEffective"); + if (ret != LDB_SUCCESS) { + return ret; + } + } break; default: /* remove password attributes */ @@ -136,6 +214,12 @@ static int kludge_acl_callback(struct ldb_context *ldb, void *context, struct ld } } + if ((ac->allowedAttributes || ac->allowedAttributesEffective) && + (!ldb_attr_in_list(ac->attrs, "objectClass") && + !ldb_attr_in_list(ac->attrs, "*"))) { + ldb_msg_remove_attr(ares->message, "objectClass"); + } + return ac->up_callback(ldb, ac->up_context, ares); error: @@ -163,6 +247,7 @@ static int kludge_acl_search(struct ldb_module *module, struct ldb_request *req) ac->up_context = req->context; ac->up_callback = req->callback; ac->user_type = what_is_user(module); + ac->attrs = req->op.search.attrs; down_req = talloc_zero(req, struct ldb_request); if (down_req == NULL) { @@ -174,7 +259,15 @@ static int kludge_acl_search(struct ldb_module *module, struct ldb_request *req) down_req->op.search.scope = req->op.search.scope; down_req->op.search.tree = req->op.search.tree; down_req->op.search.attrs = req->op.search.attrs; - + + ac->allowedAttributes = ldb_attr_in_list(req->op.search.attrs, "allowedAttributes"); + + ac->allowedAttributesEffective = ldb_attr_in_list(req->op.search.attrs, "allowedAttributesEffective"); + + if (ac->allowedAttributes || ac->allowedAttributesEffective) { + down_req->op.search.attrs + = ldb_attr_list_copy_add(down_req, down_req->op.search.attrs, "objectClass"); + } /* FIXME: I hink we should copy the tree and keep the original * unmodified. SSS */ diff --git a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c index eb5d7e8e8e..3df887acb6 100644 --- a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c +++ b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c @@ -54,6 +54,10 @@ static int schema_fsmo_init(struct ldb_module *module) NULL }; + if (dsdb_get_schema(module->ldb)) { + return ldb_next_init(module); + } + schema_dn = samdb_schema_dn(module->ldb); if (!schema_dn) { ldb_debug(module->ldb, LDB_DEBUG_WARNING, -- cgit From 2f269ed95463535b701851735a9b2d43d6b955c1 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 3 Jul 2007 08:01:34 +0000 Subject: r23679: invocationID is a GUID too. Andrew Bartlett (This used to be commit 645a8862a3d7c493020e432d76ad0e5da5ea77b5) --- source4/dsdb/samdb/ldb_modules/entryUUID.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/entryUUID.c b/source4/dsdb/samdb/ldb_modules/entryUUID.c index 49967c3b88..c445a0f82a 100644 --- a/source4/dsdb/samdb/ldb_modules/entryUUID.c +++ b/source4/dsdb/samdb/ldb_modules/entryUUID.c @@ -321,6 +321,18 @@ const struct ldb_map_attribute entryUUID_attributes[] = }, }, }, + /* invocationId */ + { + .local_name = "invocationId", + .type = MAP_CONVERT, + .u = { + .convert = { + .remote_name = "invocationId", + .convert_local = guid_always_string, + .convert_remote = encode_guid, + }, + }, + }, /* objectSid */ { .local_name = "objectSid", -- cgit From f5778d5f9e2aadb026860a8441ab7475bfa490dd Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 5 Jul 2007 03:06:59 +0000 Subject: r23718: Make Samba4 work against the LDAP backend again. When we set up the schema, we don't have a partitions container yet. The LDAP error differs from that given by LDB, so I think we still have some conformance work to do. Andrew Bartlett (This used to be commit 5ddbca73d4971a885c105c8d893e53598c5582b4) --- source4/dsdb/samdb/ldb_modules/naming_fsmo.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/naming_fsmo.c b/source4/dsdb/samdb/ldb_modules/naming_fsmo.c index ddd120caf2..d1c48f4125 100644 --- a/source4/dsdb/samdb/ldb_modules/naming_fsmo.c +++ b/source4/dsdb/samdb/ldb_modules/naming_fsmo.c @@ -69,10 +69,16 @@ static int naming_fsmo_init(struct ldb_module *module) LDB_SCOPE_BASE, NULL, naming_attrs, &naming_res); + if (ret == LDB_ERR_NO_SUCH_OBJECT) { + ldb_debug(module->ldb, LDB_DEBUG_WARNING, + "naming_fsmo_init: no partitions dn present: (skip loading of naming contexts details)\n"); + talloc_free(mem_ctx); + return ldb_next_init(module); + } if (ret != LDB_SUCCESS) { ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, - "naming_fsmo_init: failed to search the cross-ref container: %d:%s\n", - ret, ldb_strerror(ret)); + "naming_fsmo_init: failed to search the cross-ref container: %s: %s\n", + ldb_strerror(ret), ldb_errstring(module->ldb)); talloc_free(mem_ctx); return ret; } -- cgit From 2d2cde7d95e0871ea66ce8186a54c3b28834051b Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 9 Jul 2007 12:31:35 +0000 Subject: r23762: Fix DN renames over LDAP, and instrument the partition module. Add a test to prove the behaviour of LDAP renames etc. Fix LDB to return correct error code when failing to rename one DN onto another. Andrew Bartlett (This used to be commit 3f3da9c4710b7752ed97f55c2fc3d32a63d352af) --- source4/dsdb/samdb/ldb_modules/partition.c | 46 ++++++++++++++++-------------- 1 file changed, 24 insertions(+), 22 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index b0875d2965..73ee4ef3a6 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -120,25 +120,6 @@ static struct dsdb_control_current_partition *find_partition(struct partition_pr return NULL; }; -static struct ldb_module *find_backend(struct ldb_module *module, struct ldb_request *req, struct ldb_dn *dn) -{ - struct dsdb_control_current_partition *partition; - struct partition_private_data *data = talloc_get_type(module->private_data, - struct partition_private_data); - - /* Skip the lot if 'data' isn't here yet (initialistion) */ - if (!data) { - return module; - } - - partition = find_partition(data, dn); - if (!partition) { - return module; - } - - return make_module_for_next_request(req, module->ldb, partition->module); -}; - /* fire the caller's callback for every entry, but only send 'done' once. */ @@ -442,10 +423,31 @@ static int partition_delete(struct ldb_module *module, struct ldb_request *req) static int partition_rename(struct ldb_module *module, struct ldb_request *req) { /* Find backend */ - struct ldb_module *backend = find_backend(module, req, req->op.rename.olddn); - struct ldb_module *backend2 = find_backend(module, req, req->op.rename.newdn); + struct dsdb_control_current_partition *backend, *backend2; + + struct partition_private_data *data = talloc_get_type(module->private_data, + struct partition_private_data); + + /* Skip the lot if 'data' isn't here yet (initialistion) */ + if (!data) { + return LDB_ERR_OPERATIONS_ERROR; + } + + backend = find_partition(data, req->op.rename.olddn); + backend2 = find_partition(data, req->op.rename.newdn); + + if ((backend && !backend2) || (!backend && backend2)) { + return LDB_ERR_AFFECTS_MULTIPLE_DSAS; + } - if (backend->next != backend2->next) { + if (backend != backend2) { + ldb_asprintf_errstring(module->ldb, + "Cannot rename from %s in %s to %s in %s: %s", + ldb_dn_get_linearized(req->op.rename.olddn), + ldb_dn_get_linearized(backend->dn), + ldb_dn_get_linearized(req->op.rename.newdn), + ldb_dn_get_linearized(backend2->dn), + ldb_strerror(LDB_ERR_AFFECTS_MULTIPLE_DSAS)); return LDB_ERR_AFFECTS_MULTIPLE_DSAS; } -- cgit From 0479a2f1cbae51fcd8dbdc3c148c808421fb4d25 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Jul 2007 02:07:03 +0000 Subject: r23792: convert Samba4 to GPLv3 There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa) --- source4/dsdb/samdb/ldb_modules/dsdb_cache.c | 5 ++--- source4/dsdb/samdb/ldb_modules/entryUUID.c | 5 ++--- source4/dsdb/samdb/ldb_modules/kludge_acl.c | 5 ++--- source4/dsdb/samdb/ldb_modules/local_password.c | 5 ++--- source4/dsdb/samdb/ldb_modules/naming_fsmo.c | 5 ++--- source4/dsdb/samdb/ldb_modules/partition.c | 5 ++--- source4/dsdb/samdb/ldb_modules/password_hash.c | 5 ++--- source4/dsdb/samdb/ldb_modules/pdc_fsmo.c | 5 ++--- source4/dsdb/samdb/ldb_modules/rootdse.c | 5 ++--- source4/dsdb/samdb/ldb_modules/samldb.c | 5 ++--- source4/dsdb/samdb/ldb_modules/schema.c | 5 ++--- source4/dsdb/samdb/ldb_modules/schema_fsmo.c | 5 ++--- source4/dsdb/samdb/ldb_modules/schema_syntax.c | 5 ++--- source4/dsdb/samdb/ldb_modules/schema_syntax.h | 5 ++--- source4/dsdb/samdb/ldb_modules/update_keytab.c | 5 ++--- 15 files changed, 30 insertions(+), 45 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/dsdb_cache.c b/source4/dsdb/samdb/ldb_modules/dsdb_cache.c index 92de96915d..4ca8bbf463 100644 --- a/source4/dsdb/samdb/ldb_modules/dsdb_cache.c +++ b/source4/dsdb/samdb/ldb_modules/dsdb_cache.c @@ -8,7 +8,7 @@ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or + the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, @@ -17,8 +17,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + along with this program. If not, see . */ diff --git a/source4/dsdb/samdb/ldb_modules/entryUUID.c b/source4/dsdb/samdb/ldb_modules/entryUUID.c index c445a0f82a..4373863caf 100644 --- a/source4/dsdb/samdb/ldb_modules/entryUUID.c +++ b/source4/dsdb/samdb/ldb_modules/entryUUID.c @@ -8,7 +8,7 @@ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or + the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, @@ -17,8 +17,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + along with this program. If not, see . */ /* diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index 6b043aeb40..3aca12de5f 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -6,7 +6,7 @@ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or + the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, @@ -15,8 +15,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + along with this program. If not, see . */ /* diff --git a/source4/dsdb/samdb/ldb_modules/local_password.c b/source4/dsdb/samdb/ldb_modules/local_password.c index 1a49ed5847..97909c06b5 100644 --- a/source4/dsdb/samdb/ldb_modules/local_password.c +++ b/source4/dsdb/samdb/ldb_modules/local_password.c @@ -7,7 +7,7 @@ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or + the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, @@ -16,8 +16,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + along with this program. If not, see . */ /* diff --git a/source4/dsdb/samdb/ldb_modules/naming_fsmo.c b/source4/dsdb/samdb/ldb_modules/naming_fsmo.c index d1c48f4125..d87f4c90cc 100644 --- a/source4/dsdb/samdb/ldb_modules/naming_fsmo.c +++ b/source4/dsdb/samdb/ldb_modules/naming_fsmo.c @@ -8,7 +8,7 @@ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or + the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, @@ -17,8 +17,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + along with this program. If not, see . */ diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index 73ee4ef3a6..21eb9a74d7 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -11,7 +11,7 @@ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or + the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, @@ -20,8 +20,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + along with this program. If not, see . */ /* diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 5a5099c22e..718e0480af 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -8,7 +8,7 @@ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or + the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, @@ -17,8 +17,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + along with this program. If not, see . */ /* diff --git a/source4/dsdb/samdb/ldb_modules/pdc_fsmo.c b/source4/dsdb/samdb/ldb_modules/pdc_fsmo.c index 35a1636a4d..6a5a3bbc02 100644 --- a/source4/dsdb/samdb/ldb_modules/pdc_fsmo.c +++ b/source4/dsdb/samdb/ldb_modules/pdc_fsmo.c @@ -7,7 +7,7 @@ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or + the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, @@ -16,8 +16,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + along with this program. If not, see . */ diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index a698e0db43..0afc2dfb8e 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -8,7 +8,7 @@ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or + the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, @@ -17,8 +17,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + along with this program. If not, see . */ #include "includes.h" diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 1c1ff0ea6e..d4dc2b3d2b 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -10,7 +10,7 @@ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or + the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, @@ -19,8 +19,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + along with this program. If not, see . */ /* diff --git a/source4/dsdb/samdb/ldb_modules/schema.c b/source4/dsdb/samdb/ldb_modules/schema.c index f7bbb7b2c5..2de5e892ed 100644 --- a/source4/dsdb/samdb/ldb_modules/schema.c +++ b/source4/dsdb/samdb/ldb_modules/schema.c @@ -5,7 +5,7 @@ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or + the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, @@ -14,8 +14,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + along with this program. If not, see . */ /* diff --git a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c index 3df887acb6..51ef6c341f 100644 --- a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c +++ b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c @@ -8,7 +8,7 @@ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or + the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, @@ -17,8 +17,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + along with this program. If not, see . */ diff --git a/source4/dsdb/samdb/ldb_modules/schema_syntax.c b/source4/dsdb/samdb/ldb_modules/schema_syntax.c index f394c75047..f737cc6fdc 100644 --- a/source4/dsdb/samdb/ldb_modules/schema_syntax.c +++ b/source4/dsdb/samdb/ldb_modules/schema_syntax.c @@ -5,7 +5,7 @@ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or + the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, @@ -14,8 +14,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + along with this program. If not, see . */ /* diff --git a/source4/dsdb/samdb/ldb_modules/schema_syntax.h b/source4/dsdb/samdb/ldb_modules/schema_syntax.h index 39a5603cae..fa3fdbe5a2 100644 --- a/source4/dsdb/samdb/ldb_modules/schema_syntax.h +++ b/source4/dsdb/samdb/ldb_modules/schema_syntax.h @@ -5,7 +5,7 @@ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or + the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, @@ -14,8 +14,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + along with this program. If not, see . */ /* diff --git a/source4/dsdb/samdb/ldb_modules/update_keytab.c b/source4/dsdb/samdb/ldb_modules/update_keytab.c index 7b74a77e54..2b6a0152f5 100644 --- a/source4/dsdb/samdb/ldb_modules/update_keytab.c +++ b/source4/dsdb/samdb/ldb_modules/update_keytab.c @@ -5,7 +5,7 @@ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or + the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, @@ -14,8 +14,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + along with this program. If not, see . */ /* -- cgit From b8d69a7ea2505b706ff7c74d7c97bc89d82dfa07 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Jul 2007 02:46:15 +0000 Subject: r23795: more v2->v3 conversion (This used to be commit 84b468b2f8f2dffda89593f816e8bc6a8b6d42ac) --- source4/dsdb/samdb/ldb_modules/extended_dn.c | 2 +- source4/dsdb/samdb/ldb_modules/objectguid.c | 2 +- source4/dsdb/samdb/ldb_modules/proxy.c | 2 +- source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 2 +- source4/dsdb/samdb/ldb_modules/show_deleted.c | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/extended_dn.c b/source4/dsdb/samdb/ldb_modules/extended_dn.c index 6a7492013b..b184d5bb71 100644 --- a/source4/dsdb/samdb/ldb_modules/extended_dn.c +++ b/source4/dsdb/samdb/ldb_modules/extended_dn.c @@ -10,7 +10,7 @@ This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. + version 3 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/source4/dsdb/samdb/ldb_modules/objectguid.c b/source4/dsdb/samdb/ldb_modules/objectguid.c index 457440804b..25a01c2c1b 100644 --- a/source4/dsdb/samdb/ldb_modules/objectguid.c +++ b/source4/dsdb/samdb/ldb_modules/objectguid.c @@ -12,7 +12,7 @@ This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. + version 3 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/source4/dsdb/samdb/ldb_modules/proxy.c b/source4/dsdb/samdb/ldb_modules/proxy.c index 0dd5ee1e3d..e145068cfe 100644 --- a/source4/dsdb/samdb/ldb_modules/proxy.c +++ b/source4/dsdb/samdb/ldb_modules/proxy.c @@ -10,7 +10,7 @@ This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. + version 3 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index 9dfd2ef822..29fb8846b2 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -13,7 +13,7 @@ This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. + version 3 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/source4/dsdb/samdb/ldb_modules/show_deleted.c b/source4/dsdb/samdb/ldb_modules/show_deleted.c index 50e0e675c5..4942ea79c3 100644 --- a/source4/dsdb/samdb/ldb_modules/show_deleted.c +++ b/source4/dsdb/samdb/ldb_modules/show_deleted.c @@ -11,7 +11,7 @@ This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. + version 3 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of -- cgit From 6c973f4e8ccbcb6c9275f8a54e26abb19df7e15a Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Jul 2007 03:42:26 +0000 Subject: r23798: updated old Temple Place FSF addresses to new URL (This used to be commit 40c0919aaa9c1b14bbaebb95ecce53eb0380fdbb) --- source4/dsdb/samdb/ldb_modules/extended_dn.c | 3 +-- source4/dsdb/samdb/ldb_modules/objectguid.c | 3 +-- source4/dsdb/samdb/ldb_modules/proxy.c | 3 +-- source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 3 +-- source4/dsdb/samdb/ldb_modules/show_deleted.c | 3 +-- 5 files changed, 5 insertions(+), 10 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/extended_dn.c b/source4/dsdb/samdb/ldb_modules/extended_dn.c index b184d5bb71..0a3227a912 100644 --- a/source4/dsdb/samdb/ldb_modules/extended_dn.c +++ b/source4/dsdb/samdb/ldb_modules/extended_dn.c @@ -18,8 +18,7 @@ Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public - License along with this library; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + License along with this library; if not, see . */ /* diff --git a/source4/dsdb/samdb/ldb_modules/objectguid.c b/source4/dsdb/samdb/ldb_modules/objectguid.c index 25a01c2c1b..d7e74cf38d 100644 --- a/source4/dsdb/samdb/ldb_modules/objectguid.c +++ b/source4/dsdb/samdb/ldb_modules/objectguid.c @@ -20,8 +20,7 @@ Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public - License along with this library; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + License along with this library; if not, see . */ /* diff --git a/source4/dsdb/samdb/ldb_modules/proxy.c b/source4/dsdb/samdb/ldb_modules/proxy.c index e145068cfe..d50d971e2a 100644 --- a/source4/dsdb/samdb/ldb_modules/proxy.c +++ b/source4/dsdb/samdb/ldb_modules/proxy.c @@ -18,8 +18,7 @@ Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public - License along with this library; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + License along with this library; if not, see . */ /* diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index 29fb8846b2..42c91d03cc 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -21,8 +21,7 @@ Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public - License along with this library; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + License along with this library; if not, see . */ /* diff --git a/source4/dsdb/samdb/ldb_modules/show_deleted.c b/source4/dsdb/samdb/ldb_modules/show_deleted.c index 4942ea79c3..cbc9d50b06 100644 --- a/source4/dsdb/samdb/ldb_modules/show_deleted.c +++ b/source4/dsdb/samdb/ldb_modules/show_deleted.c @@ -19,8 +19,7 @@ Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public - License along with this library; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + License along with this library; if not, see . */ /* -- cgit From a87dea2a0894015cf4a3140995791f5468c40038 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 10 Jul 2007 11:37:30 +0000 Subject: r23810: Make things static, and remove unsued code. This includes some of the original ildap ldap client API. ldb provides a much easier abstraction on this to use, and doesn't use these functions. Andrew Bartlett (This used to be commit dc27a7e41c297472675e8c251bb14327a1af3902) --- source4/dsdb/samdb/ldb_modules/entryUUID.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/entryUUID.c b/source4/dsdb/samdb/ldb_modules/entryUUID.c index 4373863caf..51a2badfeb 100644 --- a/source4/dsdb/samdb/ldb_modules/entryUUID.c +++ b/source4/dsdb/samdb/ldb_modules/entryUUID.c @@ -306,7 +306,7 @@ static struct ldb_val timestamp_to_usn(struct ldb_module *module, TALLOC_CTX *ct } -const struct ldb_map_attribute entryUUID_attributes[] = +static const struct ldb_map_attribute entryUUID_attributes[] = { /* objectGUID */ { @@ -498,7 +498,7 @@ const struct ldb_map_objectclass entryUUID_objectclasses[] = /* These things do not show up in wildcard searches in OpenLDAP, but * we need them to show up in the AD-like view */ -const char * const entryUUID_wildcard_attributes[] = { +static const char * const entryUUID_wildcard_attributes[] = { "objectGUID", "whenCreated", "whenChanged", @@ -507,7 +507,7 @@ const char * const entryUUID_wildcard_attributes[] = { NULL }; -const struct ldb_map_attribute nsuniqueid_attributes[] = +static const struct ldb_map_attribute nsuniqueid_attributes[] = { /* objectGUID */ { @@ -648,7 +648,7 @@ const struct ldb_map_attribute nsuniqueid_attributes[] = /* These things do not show up in wildcard searches in OpenLDAP, but * we need them to show up in the AD-like view */ -const char * const nsuniqueid_wildcard_attributes[] = { +static const char * const nsuniqueid_wildcard_attributes[] = { "objectGUID", "whenCreated", "whenChanged", -- cgit From 62b56dc2db5285a55d1abc3a849db8fd96e0ac8f Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 21 Jul 2007 10:14:46 +0000 Subject: r23982: Fix use-after-realloc() found by valgrind and mwallnoefer@yahoo.de. Should fix bug #4804. Andrew Bartlett (This used to be commit 848336dc617b72d189fe82e10c0b08a518d6d073) --- source4/dsdb/samdb/ldb_modules/kludge_acl.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index 3aca12de5f..68ab3880e5 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -115,7 +115,7 @@ struct kludge_acl_context { static int kludge_acl_allowedAttributes(struct ldb_context *ldb, struct ldb_message *msg, const char *attrName) { - struct ldb_message_element *oc_el = ldb_msg_find_element(msg, "objectClass"); + struct ldb_message_element *oc_el; struct ldb_message_element *allowedAttributes; const struct dsdb_schema *schema = dsdb_get_schema(ldb); const struct dsdb_class *class; @@ -125,6 +125,10 @@ static int kludge_acl_allowedAttributes(struct ldb_context *ldb, struct ldb_mess return ret; } + /* To ensure that oc_el is valid, we must look for it after + we alter the element array in ldb_msg_add_empty() */ + oc_el = ldb_msg_find_element(msg, "objectClass"); + for (i=0; i < oc_el->num_values; i++) { class = dsdb_class_by_lDAPDisplayName(schema, (const char *)oc_el->values[i].data); if (!class) { -- cgit From 276436311fcae92609116732d5d7e864bedbb886 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 24 Jul 2007 06:01:30 +0000 Subject: r24010: Fix warning for the function paramter to qsort(). Andrew Bartlett (This used to be commit 51862c4c5299da02d3d781b3e9255823bc9b59af) --- source4/dsdb/samdb/ldb_modules/kludge_acl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index 68ab3880e5..1ce23d365a 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -153,7 +153,7 @@ static int kludge_acl_allowedAttributes(struct ldb_context *ldb, struct ldb_mess qsort(allowedAttributes->values, allowedAttributes->num_values, sizeof(*allowedAttributes->values), - data_blob_cmp); + (comparison_fn_t)data_blob_cmp); for (i=1 ; i < allowedAttributes->num_values; i++) { struct ldb_val *val1 = &allowedAttributes->values[i-1]; -- cgit From 4e697b288be11a195d493f2d6800ea8c1e251fee Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 27 Jul 2007 03:08:15 +0000 Subject: r24060: Fix bug #4806 by Matthias Wallnöfer : We need to include the attribute allowedChildClassesEffective for MMC to allow the creation of containers. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This may need further refinement, but it seems to work for now. Andrew Bartlett (This used to be commit d053b8e218767cb12e20a00fb18995e30869db11) --- source4/dsdb/samdb/ldb_modules/kludge_acl.c | 80 +++++++++++++++++++++++++++-- 1 file changed, 76 insertions(+), 4 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index 1ce23d365a..ed95d8112d 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -107,13 +107,15 @@ struct kludge_acl_context { enum user_is user_type; bool allowedAttributes; bool allowedAttributesEffective; + bool allowedChildClasses; + bool allowedChildClassesEffective; const char **attrs; }; /* read all objectClasses */ static int kludge_acl_allowedAttributes(struct ldb_context *ldb, struct ldb_message *msg, - const char *attrName) + const char *attrName) { struct ldb_message_element *oc_el; struct ldb_message_element *allowedAttributes; @@ -129,12 +131,13 @@ static int kludge_acl_allowedAttributes(struct ldb_context *ldb, struct ldb_mess we alter the element array in ldb_msg_add_empty() */ oc_el = ldb_msg_find_element(msg, "objectClass"); - for (i=0; i < oc_el->num_values; i++) { + for (i=0; oc_el && i < oc_el->num_values; i++) { class = dsdb_class_by_lDAPDisplayName(schema, (const char *)oc_el->values[i].data); if (!class) { /* We don't know this class? what is going on? */ continue; } + for (j=0; class->mayContain && class->mayContain[j]; j++) { ldb_msg_add_string(msg, attrName, class->mayContain[j]); } @@ -168,6 +171,57 @@ static int kludge_acl_allowedAttributes(struct ldb_context *ldb, struct ldb_mess return 0; +} +/* read all objectClasses */ + +static int kludge_acl_childClasses(struct ldb_context *ldb, struct ldb_message *msg, + const char *attrName) +{ + struct ldb_message_element *oc_el; + struct ldb_message_element *allowedClasses; + const struct dsdb_schema *schema = dsdb_get_schema(ldb); + const struct dsdb_class *class; + int i, j, ret; + ret = ldb_msg_add_empty(msg, attrName, 0, &allowedClasses); + if (ret != LDB_SUCCESS) { + return ret; + } + + /* To ensure that oc_el is valid, we must look for it after + we alter the element array in ldb_msg_add_empty() */ + oc_el = ldb_msg_find_element(msg, "objectClass"); + + for (i=0; oc_el && i < oc_el->num_values; i++) { + class = dsdb_class_by_lDAPDisplayName(schema, (const char *)oc_el->values[i].data); + if (!class) { + /* We don't know this class? what is going on? */ + continue; + } + + for (j=0; class->possibleInferiors && class->possibleInferiors[j]; j++) { + ldb_msg_add_string(msg, attrName, class->possibleInferiors[j]); + } + } + + if (allowedClasses->num_values > 1) { + qsort(allowedClasses->values, + allowedClasses->num_values, + sizeof(*allowedClasses->values), + (comparison_fn_t)data_blob_cmp); + + for (i=1 ; i < allowedClasses->num_values; i++) { + struct ldb_val *val1 = &allowedClasses->values[i-1]; + struct ldb_val *val2 = &allowedClasses->values[i]; + if (data_blob_cmp(val1, val2) == 0) { + memmove(val1, val2, (allowedClasses->num_values - i) * sizeof( struct ldb_val)); + allowedClasses->num_values--; + i--; + } + } + } + + return 0; + } /* find all attributes allowed by all these objectClasses */ @@ -192,6 +246,13 @@ static int kludge_acl_callback(struct ldb_context *ldb, void *context, struct ld if (ac->allowedAttributes) { ret = kludge_acl_allowedAttributes(ldb, ares->message, "allowedAttributes"); + if (ret != LDB_SUCCESS) { + return ret; + + } + } + if (ac->allowedChildClasses) { + ret = kludge_acl_childClasses(ldb, ares->message, "allowedChildClasses"); if (ret != LDB_SUCCESS) { return ret; } @@ -208,6 +269,12 @@ static int kludge_acl_callback(struct ldb_context *ldb, void *context, struct ld return ret; } } + if (ac->allowedChildClassesEffective) { + ret = kludge_acl_childClasses(ldb, ares->message, "allowedChildClassesEffective"); + if (ret != LDB_SUCCESS) { + return ret; + } + } break; default: /* remove password attributes */ @@ -217,7 +284,8 @@ static int kludge_acl_callback(struct ldb_context *ldb, void *context, struct ld } } - if ((ac->allowedAttributes || ac->allowedAttributesEffective) && + if ((ac->allowedAttributes || ac->allowedAttributesEffective + || ac->allowedChildClasses || ac->allowedChildClassesEffective) && (!ldb_attr_in_list(ac->attrs, "objectClass") && !ldb_attr_in_list(ac->attrs, "*"))) { ldb_msg_remove_attr(ares->message, "objectClass"); @@ -267,7 +335,11 @@ static int kludge_acl_search(struct ldb_module *module, struct ldb_request *req) ac->allowedAttributesEffective = ldb_attr_in_list(req->op.search.attrs, "allowedAttributesEffective"); - if (ac->allowedAttributes || ac->allowedAttributesEffective) { + ac->allowedChildClasses = ldb_attr_in_list(req->op.search.attrs, "allowedChildClasses"); + + ac->allowedChildClassesEffective = ldb_attr_in_list(req->op.search.attrs, "allowedChildClassesEffective"); + + if (ac->allowedAttributes || ac->allowedAttributesEffective || ac->allowedChildClasses || ac->allowedChildClassesEffective) { down_req->op.search.attrs = ldb_attr_list_copy_add(down_req, down_req->op.search.attrs, "objectClass"); } -- cgit From 85e197502221049085e2ed882a1011229a623811 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 6 Aug 2007 03:48:56 +0000 Subject: r24247: Remove extra newlines from ldb_debug() calls - it already adds one. Andrew Bartlett (This used to be commit e5fdcda2a1e97c587d48baf3521b18515277f6de) --- source4/dsdb/samdb/ldb_modules/naming_fsmo.c | 12 ++++++------ source4/dsdb/samdb/ldb_modules/pdc_fsmo.c | 10 +++++----- source4/dsdb/samdb/ldb_modules/schema_fsmo.c | 24 ++++++++++++------------ 3 files changed, 23 insertions(+), 23 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/naming_fsmo.c b/source4/dsdb/samdb/ldb_modules/naming_fsmo.c index d87f4c90cc..ddd357a4c6 100644 --- a/source4/dsdb/samdb/ldb_modules/naming_fsmo.c +++ b/source4/dsdb/samdb/ldb_modules/naming_fsmo.c @@ -52,7 +52,7 @@ static int naming_fsmo_init(struct ldb_module *module) naming_dn = samdb_partitions_dn(module->ldb, mem_ctx); if (!naming_dn) { ldb_debug(module->ldb, LDB_DEBUG_WARNING, - "naming_fsmo_init: no partitions dn present: (skip loading of naming contexts details)\n"); + "naming_fsmo_init: no partitions dn present: (skip loading of naming contexts details)"); talloc_free(mem_ctx); return ldb_next_init(module); } @@ -70,13 +70,13 @@ static int naming_fsmo_init(struct ldb_module *module) &naming_res); if (ret == LDB_ERR_NO_SUCH_OBJECT) { ldb_debug(module->ldb, LDB_DEBUG_WARNING, - "naming_fsmo_init: no partitions dn present: (skip loading of naming contexts details)\n"); + "naming_fsmo_init: no partitions dn present: (skip loading of naming contexts details)"); talloc_free(mem_ctx); return ldb_next_init(module); } if (ret != LDB_SUCCESS) { ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, - "naming_fsmo_init: failed to search the cross-ref container: %s: %s\n", + "naming_fsmo_init: failed to search the cross-ref container: %s: %s", ldb_strerror(ret), ldb_errstring(module->ldb)); talloc_free(mem_ctx); return ret; @@ -84,12 +84,12 @@ static int naming_fsmo_init(struct ldb_module *module) talloc_steal(mem_ctx, naming_res); if (naming_res->count == 0) { ldb_debug(module->ldb, LDB_DEBUG_WARNING, - "naming_fsmo_init: no cross-ref container present: (skip loading of naming contexts details)\n"); + "naming_fsmo_init: no cross-ref container present: (skip loading of naming contexts details)"); talloc_free(mem_ctx); return ldb_next_init(module); } else if (naming_res->count > 1) { ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, - "naming_fsmo_init: [%u] cross-ref containers found on a base search\n", + "naming_fsmo_init: [%u] cross-ref containers found on a base search", naming_res->count); talloc_free(mem_ctx); return LDB_ERR_CONSTRAINT_VIOLATION; @@ -110,7 +110,7 @@ static int naming_fsmo_init(struct ldb_module *module) talloc_steal(module, naming_fsmo); ldb_debug(module->ldb, LDB_DEBUG_TRACE, - "naming_fsmo_init: we are master: %s\n", + "naming_fsmo_init: we are master: %s", (naming_fsmo->we_are_master?"yes":"no")); talloc_free(mem_ctx); diff --git a/source4/dsdb/samdb/ldb_modules/pdc_fsmo.c b/source4/dsdb/samdb/ldb_modules/pdc_fsmo.c index 6a5a3bbc02..d78ba14ab4 100644 --- a/source4/dsdb/samdb/ldb_modules/pdc_fsmo.c +++ b/source4/dsdb/samdb/ldb_modules/pdc_fsmo.c @@ -51,7 +51,7 @@ static int pdc_fsmo_init(struct ldb_module *module) pdc_dn = samdb_base_dn(module->ldb); if (!pdc_dn) { ldb_debug(module->ldb, LDB_DEBUG_WARNING, - "pdc_fsmo_init: no domain dn present: (skip loading of domain details)\n"); + "pdc_fsmo_init: no domain dn present: (skip loading of domain details)"); talloc_free(mem_ctx); return ldb_next_init(module); } @@ -69,7 +69,7 @@ static int pdc_fsmo_init(struct ldb_module *module) &pdc_res); if (ret != LDB_SUCCESS) { ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, - "pdc_fsmo_init: failed to search the domain object: %d:%s\n", + "pdc_fsmo_init: failed to search the domain object: %d:%s", ret, ldb_strerror(ret)); talloc_free(mem_ctx); return ret; @@ -77,12 +77,12 @@ static int pdc_fsmo_init(struct ldb_module *module) talloc_steal(mem_ctx, pdc_res); if (pdc_res->count == 0) { ldb_debug(module->ldb, LDB_DEBUG_WARNING, - "pdc_fsmo_init: no domain object present: (skip loading of domain details)\n"); + "pdc_fsmo_init: no domain object present: (skip loading of domain details)"); talloc_free(mem_ctx); return ldb_next_init(module); } else if (pdc_res->count > 1) { ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, - "pdc_fsmo_init: [%u] domain objects found on a base search\n", + "pdc_fsmo_init: [%u] domain objects found on a base search", pdc_res->count); talloc_free(mem_ctx); return LDB_ERR_CONSTRAINT_VIOLATION; @@ -103,7 +103,7 @@ static int pdc_fsmo_init(struct ldb_module *module) talloc_steal(module, pdc_fsmo); ldb_debug(module->ldb, LDB_DEBUG_TRACE, - "pdc_fsmo_init: we are master: %s\n", + "pdc_fsmo_init: we are master: %s", (pdc_fsmo->we_are_master?"yes":"no")); talloc_free(mem_ctx); diff --git a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c index 51ef6c341f..a92f2646c4 100644 --- a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c +++ b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c @@ -60,7 +60,7 @@ static int schema_fsmo_init(struct ldb_module *module) schema_dn = samdb_schema_dn(module->ldb); if (!schema_dn) { ldb_debug(module->ldb, LDB_DEBUG_WARNING, - "schema_fsmo_init: no schema dn present: (skip schema loading)\n"); + "schema_fsmo_init: no schema dn present: (skip schema loading)"); return ldb_next_init(module); } @@ -92,7 +92,7 @@ static int schema_fsmo_init(struct ldb_module *module) &schema_res); if (ret != LDB_SUCCESS) { ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, - "schema_fsmo_init: failed to search the schema head: %d:%s\n", + "schema_fsmo_init: failed to search the schema head: %d:%s", ret, ldb_strerror(ret)); talloc_free(mem_ctx); return ret; @@ -100,12 +100,12 @@ static int schema_fsmo_init(struct ldb_module *module) talloc_steal(mem_ctx, schema_res); if (schema_res->count == 0) { ldb_debug(module->ldb, LDB_DEBUG_WARNING, - "schema_fsmo_init: no schema head present: (skip schema loading)\n"); + "schema_fsmo_init: no schema head present: (skip schema loading)"); talloc_free(mem_ctx); return ldb_next_init(module); } else if (schema_res->count > 1) { ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, - "schema_fsmo_init: [%u] schema heads found on a base search\n", + "schema_fsmo_init: [%u] schema heads found on a base search", schema_res->count); talloc_free(mem_ctx); return LDB_ERR_CONSTRAINT_VIOLATION; @@ -114,7 +114,7 @@ static int schema_fsmo_init(struct ldb_module *module) prefix_val = ldb_msg_find_ldb_val(schema_res->msgs[0], "prefixMap"); if (!prefix_val) { ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, - "schema_fsmo_init: no prefixMap attribute found\n"); + "schema_fsmo_init: no prefixMap attribute found"); talloc_free(mem_ctx); return LDB_ERR_CONSTRAINT_VIOLATION; } @@ -132,7 +132,7 @@ static int schema_fsmo_init(struct ldb_module *module) status = dsdb_load_oid_mappings_ldb(schema, prefix_val, info_val); if (!W_ERROR_IS_OK(status)) { ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, - "schema_fsmo_init: failed to load oid mappings: %s\n", + "schema_fsmo_init: failed to load oid mappings: %s", win_errstr(status)); talloc_free(mem_ctx); return LDB_ERR_CONSTRAINT_VIOLATION; @@ -147,7 +147,7 @@ static int schema_fsmo_init(struct ldb_module *module) &a_res); if (ret != LDB_SUCCESS) { ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, - "schema_fsmo_init: failed to search attributeSchema objects: %d:%s\n", + "schema_fsmo_init: failed to search attributeSchema objects: %d:%s", ret, ldb_strerror(ret)); talloc_free(mem_ctx); return ret; @@ -166,7 +166,7 @@ static int schema_fsmo_init(struct ldb_module *module) status = dsdb_attribute_from_ldb(schema, a_res->msgs[i], sa, sa); if (!W_ERROR_IS_OK(status)) { ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, - "schema_fsmo_init: failed to load attriute definition: %s:%s\n", + "schema_fsmo_init: failed to load attriute definition: %s:%s", ldb_dn_get_linearized(a_res->msgs[i]->dn), win_errstr(status)); talloc_free(mem_ctx); @@ -186,7 +186,7 @@ static int schema_fsmo_init(struct ldb_module *module) &c_res); if (ret != LDB_SUCCESS) { ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, - "schema_fsmo_init: failed to search classSchema objects: %d:%s\n", + "schema_fsmo_init: failed to search classSchema objects: %d:%s", ret, ldb_strerror(ret)); talloc_free(mem_ctx); return ret; @@ -205,7 +205,7 @@ static int schema_fsmo_init(struct ldb_module *module) status = dsdb_class_from_ldb(schema, c_res->msgs[i], sc, sc); if (!W_ERROR_IS_OK(status)) { ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, - "schema_fsmo_init: failed to load class definition: %s:%s\n", + "schema_fsmo_init: failed to load class definition: %s:%s", ldb_dn_get_linearized(c_res->msgs[i]->dn), win_errstr(status)); talloc_free(mem_ctx); @@ -220,7 +220,7 @@ static int schema_fsmo_init(struct ldb_module *module) ret = dsdb_set_schema(module->ldb, schema); if (ret != LDB_SUCCESS) { ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, - "schema_fsmo_init: dsdb_set_schema() failed: %d:%s\n", + "schema_fsmo_init: dsdb_set_schema() failed: %d:%s", ret, ldb_strerror(ret)); talloc_free(mem_ctx); return ret; @@ -241,7 +241,7 @@ static int schema_fsmo_init(struct ldb_module *module) talloc_steal(module, schema_fsmo); ldb_debug(module->ldb, LDB_DEBUG_TRACE, - "schema_fsmo_init: we are master: %s\n", + "schema_fsmo_init: we are master: %s", (schema_fsmo->we_are_master?"yes":"no")); talloc_free(mem_ctx); -- cgit From 1594b27db84bc4b3f34706b8f5dd96eefb989f50 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 6 Aug 2007 05:43:54 +0000 Subject: r24249: Thse generated attributes should not be pushed this far down the stack in any cse. Andrew Bartlett (This used to be commit 5f08a686a6b002a21803a0dd2f9ee0ae9ef928f5) --- source4/dsdb/samdb/ldb_modules/entryUUID.c | 69 ------------------------------ 1 file changed, 69 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/entryUUID.c b/source4/dsdb/samdb/ldb_modules/entryUUID.c index 51a2badfeb..751b073c80 100644 --- a/source4/dsdb/samdb/ldb_modules/entryUUID.c +++ b/source4/dsdb/samdb/ldb_modules/entryUUID.c @@ -172,49 +172,6 @@ static struct ldb_val objectCategory_always_dn(struct ldb_module *module, TALLOC return *val; } -static struct ldb_val class_to_oid(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) -{ - int i; - struct map_private *map_private; - struct entryUUID_private *entryUUID_private; - struct ldb_result *list; - - map_private = talloc_get_type(module->private_data, struct map_private); - - entryUUID_private = talloc_get_type(map_private->caller_private, struct entryUUID_private); - list = entryUUID_private->objectclass_res; - - for (i=0; list && (i < list->count); i++) { - if (ldb_attr_cmp((const char *)val->data, ldb_msg_find_attr_as_string(list->msgs[i], "lDAPDisplayName", NULL)) == 0) { - const char *oid = ldb_msg_find_attr_as_string(list->msgs[i], "governsID", NULL); - return data_blob_string_const(oid); - } - } - return *val; -} - -static struct ldb_val class_from_oid(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) -{ - int i; - struct map_private *map_private; - struct entryUUID_private *entryUUID_private; - struct ldb_result *list; - - map_private = talloc_get_type(module->private_data, struct map_private); - - entryUUID_private = talloc_get_type(map_private->caller_private, struct entryUUID_private); - list = entryUUID_private->objectclass_res; - - for (i=0; list && (i < list->count); i++) { - if (ldb_attr_cmp((const char *)val->data, ldb_msg_find_attr_as_string(list->msgs[i], "governsID", NULL)) == 0) { - const char *oc = ldb_msg_find_attr_as_string(list->msgs[i], "lDAPDisplayName", NULL); - return data_blob_string_const(oc); - } - } - return *val; -} - - static struct ldb_val normalise_to_signed32(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) { long long int signed_ll = strtoll((const char *)val->data, NULL, 10); @@ -398,19 +355,6 @@ static const struct ldb_map_attribute entryUUID_attributes[] = } } }, -#if 0 - { - .local_name = "allowedChildClassesEffective", - .type = MAP_CONVERT, - .u = { - .convert = { - .remote_name = "allowedChildClassesEffective", - .convert_local = class_to_oid, - .convert_remote = class_from_oid, - }, - }, - }, -#endif { .local_name = "objectCategory", .type = MAP_CONVERT, @@ -560,19 +504,6 @@ static const struct ldb_map_attribute nsuniqueid_attributes[] = } } }, -#if 0 - { - .local_name = "allowedChildClassesEffective", - .type = MAP_CONVERT, - .u = { - .convert = { - .remote_name = "allowedChildClassesEffective", - .convert_local = class_to_oid, - .convert_remote = class_from_oid, - }, - }, - }, -#endif { .local_name = "objectCategory", .type = MAP_CONVERT, -- cgit From 10c1480d166ec8ab3c15a4c3c4597506029980be Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 7 Aug 2007 03:33:26 +0000 Subject: r24259: Rework the objectclass module to use the new schema, rather than the ldb_subclass list. Next step will be to have this module also set the objectCategory and default ntSecurityDescriptor Andrew Bartlett (This used to be commit 0f7135a4685a1117a54c2f019df6c6de22b8dd32) --- source4/dsdb/samdb/ldb_modules/config.mk | 12 + source4/dsdb/samdb/ldb_modules/objectclass.c | 691 +++++++++++++++++++++++++++ 2 files changed, 703 insertions(+) create mode 100644 source4/dsdb/samdb/ldb_modules/objectclass.c (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index f49753586e..7b42123d0a 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -220,3 +220,15 @@ OBJ_FILES = \ # End MODULE ldb_update_kt ################################################ +################################################ +# Start MODULE ldb_objectclass +[MODULE::ldb_objectclass] +INIT_FUNCTION = ldb_objectclass_init +CFLAGS = -Ilib/ldb/include +PRIVATE_DEPENDENCIES = LIBTALLOC +SUBSYSTEM = LIBLDB +OBJ_FILES = \ + objectclass.o +# End MODULE ldb_objectclass +################################################ + diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c new file mode 100644 index 0000000000..ad11442035 --- /dev/null +++ b/source4/dsdb/samdb/ldb_modules/objectclass.c @@ -0,0 +1,691 @@ +/* + ldb database library + + Copyright (C) Simo Sorce 2006 + Copyright (C) Andrew Bartlett 2005-2007 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +/* + * Name: ldb + * + * Component: objectClass sorting module + * + * Description: sort the objectClass attribute into the class hierarchy + * + * Author: Andrew Bartlett + */ + + +#include "includes.h" +#include "ldb/include/ldb.h" +#include "ldb/include/ldb_errors.h" +#include "ldb/include/ldb_private.h" +#include "dsdb/samdb/samdb.h" +#include "lib/util/dlinklist.h" +struct oc_context { + + enum oc_step {OC_DO_REQ, OC_SEARCH_SELF, OC_DO_MOD} step; + + struct ldb_module *module; + struct ldb_request *orig_req; + + struct ldb_request *down_req; + + struct ldb_request *search_req; + struct ldb_reply *search_res; + + struct ldb_request *mod_req; +}; + +struct class_list { + struct class_list *prev, *next; + const char *objectclass; +}; + +static struct ldb_handle *oc_init_handle(struct ldb_request *req, struct ldb_module *module) +{ + struct oc_context *ac; + struct ldb_handle *h; + + h = talloc_zero(req, struct ldb_handle); + if (h == NULL) { + ldb_set_errstring(module->ldb, "Out of Memory"); + return NULL; + } + + h->module = module; + + ac = talloc_zero(h, struct oc_context); + if (ac == NULL) { + ldb_set_errstring(module->ldb, "Out of Memory"); + talloc_free(h); + return NULL; + } + + h->private_data = (void *)ac; + + h->state = LDB_ASYNC_INIT; + h->status = LDB_SUCCESS; + + ac->module = module; + ac->orig_req = req; + + return h; +} + +static int objectclass_sort(struct ldb_module *module, + TALLOC_CTX *mem_ctx, + struct ldb_message_element *objectclass_element, + struct class_list **sorted_out) +{ + int i; + int layer; + const struct dsdb_schema *schema = dsdb_get_schema(module->ldb); + struct class_list *sorted = NULL, *parent_class = NULL, + *subclass = NULL, *unsorted = NULL, *current, *poss_subclass; + /* DESIGN: + * + * We work on 4 different 'bins' (implemented here as linked lists): + * + * * sorted: the eventual list, in the order we wish to push + * into the database. This is the only ordered list. + * + * * parent_class: The current parent class 'bin' we are + * trying to find subclasses for + * + * * subclass: The subclasses we have found so far + * + * * unsorted: The remaining objectClasses + * + * The process is a matter of filtering objectClasses up from + * unsorted into sorted. Order is irrelevent in the later 3 'bins'. + * + * We start with 'top' (found and promoted to parent_class + * initially). Then we find (in unsorted) all the direct + * subclasses of 'top'. parent_classes is concatenated onto + * the end of 'sorted', and subclass becomes the list in + * parent_class. + * + * We then repeat, until we find no more subclasses. Any left + * over classes are added to the end. + * + */ + + /* Firstly, dump all the objectClass elements into the + * unsorted bin, except for 'top', which is special */ + for (i=0; i < objectclass_element->num_values; i++) { + current = talloc(mem_ctx, struct class_list); + if (!current) { + ldb_set_errstring(module->ldb, "objectclass: out of memory allocating objectclass list"); + talloc_free(mem_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + current->objectclass = (const char *)objectclass_element->values[i].data; + + /* this is the root of the tree. We will start + * looking for subclasses from here */ + if (ldb_attr_cmp("top", current->objectclass) == 0) { + DLIST_ADD_END(parent_class, current, struct class_list *); + } else { + DLIST_ADD_END(unsorted, current, struct class_list *); + } + } + + /* DEBUGGING aid: how many layers are we down now? */ + layer = 0; + do { + layer++; + /* Find all the subclasses of classes in the + * parent_classes. Push them onto the subclass list */ + + /* Ensure we don't bother if there are no unsorted entries left */ + for (current = parent_class; schema && unsorted && current; current = current->next) { + /* Walk the list of possible subclasses in unsorted */ + for (poss_subclass = unsorted; poss_subclass; ) { + const struct dsdb_class *class = dsdb_class_by_lDAPDisplayName(schema, poss_subclass->objectclass); + struct class_list *next; + + /* Save the next pointer, as the DLIST_ macros will change poss_subclass->next */ + next = poss_subclass->next; + + if (ldb_attr_cmp(class->subClassOf, current->objectclass) == 0) { + DLIST_REMOVE(unsorted, poss_subclass); + DLIST_ADD(subclass, poss_subclass); + + break; + } + poss_subclass = next; + } + } + + /* Now push the parent_classes as sorted, we are done with + these. Add to the END of the list by concatenation */ + DLIST_CONCATENATE(sorted, parent_class, struct class_list *); + + /* and now find subclasses of these */ + parent_class = subclass; + subclass = NULL; + + /* If we didn't find any subclasses we will fall out + * the bottom here */ + } while (parent_class); + + /* This shouldn't happen, and would break MMC, but we can't + * afford to loose objectClasses. Perhaps there was no 'top', + * or some other schema error? + * + * Detecting schema errors is the job of the schema module, so + * at this layer we just try not to loose data + */ + DLIST_CONCATENATE(sorted, unsorted, struct class_list *); + + *sorted_out = sorted; + return LDB_SUCCESS; +} + +static int objectclass_add(struct ldb_module *module, struct ldb_request *req) +{ + struct ldb_message_element *objectclass_element; + struct class_list *sorted, *current; + struct ldb_request *down_req; + struct ldb_message *msg; + int ret; + TALLOC_CTX *mem_ctx; + + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectclass_add\n"); + + if (ldb_dn_is_special(req->op.add.message->dn)) { /* do not manipulate our control entries */ + return ldb_next_request(module, req); + } + + objectclass_element = ldb_msg_find_element(req->op.add.message, "objectClass"); + + /* If no part of this add has an objectClass, then we don't + * need to make any changes. cn=rootdse doesn't have an objectClass */ + if (!objectclass_element) { + return ldb_next_request(module, req); + } + + mem_ctx = talloc_new(req); + if (mem_ctx == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + ret = objectclass_sort(module, mem_ctx, objectclass_element, &sorted); + if (ret != LDB_SUCCESS) { + return ret; + } + + /* prepare the first operation */ + down_req = talloc(req, struct ldb_request); + if (down_req == NULL) { + ldb_set_errstring(module->ldb, "Out of memory!"); + talloc_free(mem_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + + *down_req = *req; /* copy the request */ + + down_req->op.add.message = msg = ldb_msg_copy_shallow(down_req, req->op.add.message); + + if (down_req->op.add.message == NULL) { + talloc_free(mem_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + + ldb_msg_remove_attr(msg, "objectClass"); + ret = ldb_msg_add_empty(msg, "objectClass", 0, NULL); + + if (ret != LDB_SUCCESS) { + talloc_free(mem_ctx); + return ret; + } + + /* We must completely replace the existing objectClass entry, + * because we need it sorted */ + + /* Move from the linked list back into an ldb msg */ + for (current = sorted; current; current = current->next) { + ret = ldb_msg_add_string(msg, "objectClass", current->objectclass); + if (ret != LDB_SUCCESS) { + ldb_set_errstring(module->ldb, "objectclass: could not re-add sorted objectclass to modify msg"); + talloc_free(mem_ctx); + return ret; + } + } + + talloc_free(mem_ctx); + ret = ldb_msg_sanity_check(module->ldb, msg); + + if (ret != LDB_SUCCESS) { + return ret; + } + + /* go on with the call chain */ + ret = ldb_next_request(module, down_req); + + /* do not free down_req as the call results may be linked to it, + * it will be freed when the upper level request get freed */ + if (ret == LDB_SUCCESS) { + req->handle = down_req->handle; + } + return ret; +} + +static int objectclass_modify(struct ldb_module *module, struct ldb_request *req) +{ + struct ldb_message_element *objectclass_element; + struct ldb_message *msg; + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectclass_modify\n"); + + if (ldb_dn_is_special(req->op.mod.message->dn)) { /* do not manipulate our control entries */ + return ldb_next_request(module, req); + } + + objectclass_element = ldb_msg_find_element(req->op.mod.message, "objectClass"); + + /* If no part of this touches the objectClass, then we don't + * need to make any changes. */ + /* If the only operation is the deletion of the objectClass then go on */ + if (!objectclass_element) { + return ldb_next_request(module, req); + } + + switch (objectclass_element->flags & LDB_FLAG_MOD_MASK) { + case LDB_FLAG_MOD_DELETE: + /* Delete everything? Probably totally illigal, but hey! */ + if (objectclass_element->num_values == 0) { + return ldb_next_request(module, req); + } + break; + case LDB_FLAG_MOD_REPLACE: + { + struct ldb_request *down_req; + struct class_list *sorted, *current; + TALLOC_CTX *mem_ctx; + int ret; + mem_ctx = talloc_new(req); + if (mem_ctx == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + /* prepare the first operation */ + down_req = talloc(req, struct ldb_request); + if (down_req == NULL) { + ldb_set_errstring(module->ldb, "Out of memory!"); + talloc_free(mem_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + + *down_req = *req; /* copy the request */ + + down_req->op.mod.message = msg = ldb_msg_copy_shallow(down_req, req->op.mod.message); + + if (down_req->op.add.message == NULL) { + talloc_free(mem_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + + ret = objectclass_sort(module, mem_ctx, objectclass_element, &sorted); + if (ret != LDB_SUCCESS) { + return ret; + } + + /* We must completely replace the existing objectClass entry, + * because we need it sorted */ + + ldb_msg_remove_attr(msg, "objectClass"); + ret = ldb_msg_add_empty(msg, "objectClass", LDB_FLAG_MOD_REPLACE, NULL); + + if (ret != LDB_SUCCESS) { + talloc_free(mem_ctx); + return ret; + } + + /* Move from the linked list back into an ldb msg */ + for (current = sorted; current; current = current->next) { + ret = ldb_msg_add_string(msg, "objectClass", current->objectclass); + if (ret != LDB_SUCCESS) { + ldb_set_errstring(module->ldb, "objectclass: could not re-add sorted objectclass to modify msg"); + talloc_free(mem_ctx); + return ret; + } + } + + talloc_free(mem_ctx); + + ret = ldb_msg_sanity_check(module->ldb, msg); + if (ret != LDB_SUCCESS) { + talloc_free(mem_ctx); + return ret; + } + + /* go on with the call chain */ + ret = ldb_next_request(module, down_req); + + /* do not free down_req as the call results may be linked to it, + * it will be freed when the upper level request get freed */ + if (ret == LDB_SUCCESS) { + req->handle = down_req->handle; + } + return ret; + } + } + + { + struct ldb_handle *h; + struct oc_context *ac; + + h = oc_init_handle(req, module); + if (!h) { + return LDB_ERR_OPERATIONS_ERROR; + } + ac = talloc_get_type(h->private_data, struct oc_context); + + /* return or own handle to deal with this call */ + req->handle = h; + + /* prepare the first operation */ + ac->down_req = talloc(ac, struct ldb_request); + if (ac->down_req == NULL) { + ldb_set_errstring(module->ldb, "Out of memory!"); + return LDB_ERR_OPERATIONS_ERROR; + } + + *(ac->down_req) = *req; /* copy the request */ + + ac->down_req->context = NULL; + ac->down_req->callback = NULL; + ldb_set_timeout_from_prev_req(module->ldb, req, ac->down_req); + + ac->step = OC_DO_REQ; + + return ldb_next_request(module, ac->down_req); + } +} + +static int get_self_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +{ + struct oc_context *ac; + + if (!context || !ares) { + ldb_set_errstring(ldb, "NULL Context or Result in callback"); + return LDB_ERR_OPERATIONS_ERROR; + } + + ac = talloc_get_type(context, struct oc_context); + + /* we are interested only in the single reply (base search) we receive here */ + if (ares->type == LDB_REPLY_ENTRY) { + if (ac->search_res != NULL) { + ldb_set_errstring(ldb, "Too many results"); + talloc_free(ares); + return LDB_ERR_OPERATIONS_ERROR; + } + + ac->search_res = talloc_move(ac, &ares); + } else { + talloc_free(ares); + } + + return LDB_SUCCESS; +} + +static int objectclass_search_self(struct ldb_handle *h) { + + struct oc_context *ac; + static const char * const attrs[] = { "objectClass", NULL }; + + ac = talloc_get_type(h->private_data, struct oc_context); + + /* prepare the search operation */ + ac->search_req = talloc_zero(ac, struct ldb_request); + if (ac->search_req == NULL) { + ldb_debug(ac->module->ldb, LDB_DEBUG_ERROR, "Out of Memory!\n"); + return LDB_ERR_OPERATIONS_ERROR; + } + + ac->search_req->operation = LDB_SEARCH; + ac->search_req->op.search.base = ac->orig_req->op.mod.message->dn; + ac->search_req->op.search.scope = LDB_SCOPE_BASE; + ac->search_req->op.search.tree = ldb_parse_tree(ac->search_req, NULL); + if (ac->search_req->op.search.tree == NULL) { + ldb_set_errstring(ac->module->ldb, "objectclass: Internal error producing null search"); + return LDB_ERR_OPERATIONS_ERROR; + } + ac->search_req->op.search.attrs = attrs; + ac->search_req->controls = NULL; + ac->search_req->context = ac; + ac->search_req->callback = get_self_callback; + ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->search_req); + + ac->step = OC_SEARCH_SELF; + + return ldb_next_request(ac->module, ac->search_req); +} + +static int objectclass_do_mod(struct ldb_handle *h) { + + struct oc_context *ac; + struct ldb_message_element *objectclass_element; + struct ldb_message *msg; + TALLOC_CTX *mem_ctx; + struct class_list *sorted, *current; + int ret; + + ac = talloc_get_type(h->private_data, struct oc_context); + + mem_ctx = talloc_new(ac); + if (mem_ctx == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + ac->mod_req = talloc(ac, struct ldb_request); + if (ac->mod_req == NULL) { + talloc_free(mem_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + + ac->mod_req->operation = LDB_MODIFY; + ac->mod_req->controls = NULL; + ac->mod_req->context = ac; + ac->mod_req->callback = NULL; + ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->mod_req); + + /* use a new message structure */ + ac->mod_req->op.mod.message = msg = ldb_msg_new(ac->mod_req); + if (msg == NULL) { + ldb_set_errstring(ac->module->ldb, "objectclass: could not create new modify msg"); + talloc_free(mem_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + + /* This is now the objectClass list from the database */ + objectclass_element = ldb_msg_find_element(ac->search_res->message, + "objectClass"); + if (!objectclass_element) { + /* Where did it go? Move along now, nothing to see here */ + talloc_free(mem_ctx); + return LDB_SUCCESS; + } + + /* modify dn */ + msg->dn = ac->orig_req->op.mod.message->dn; + + ret = objectclass_sort(ac->module, mem_ctx, objectclass_element, &sorted); + if (ret != LDB_SUCCESS) { + return ret; + } + + /* We must completely replace the existing objectClass entry. + * We could do a constrained add/del, but we are meant to be + * in a transaction... */ + + ret = ldb_msg_add_empty(msg, "objectClass", LDB_FLAG_MOD_REPLACE, NULL); + if (ret != LDB_SUCCESS) { + ldb_set_errstring(ac->module->ldb, "objectclass: could not clear objectclass in modify msg"); + talloc_free(mem_ctx); + return ret; + } + + /* Move from the linked list back into an ldb msg */ + for (current = sorted; current; current = current->next) { + ret = ldb_msg_add_string(msg, "objectClass", current->objectclass); + if (ret != LDB_SUCCESS) { + ldb_set_errstring(ac->module->ldb, "objectclass: could not re-add sorted objectclass to modify msg"); + talloc_free(mem_ctx); + return ret; + } + } + + ret = ldb_msg_sanity_check(ac->module->ldb, msg); + if (ret != LDB_SUCCESS) { + talloc_free(mem_ctx); + return ret; + } + + + h->state = LDB_ASYNC_INIT; + h->status = LDB_SUCCESS; + + ac->step = OC_DO_MOD; + + talloc_free(mem_ctx); + /* perform the search */ + return ldb_next_request(ac->module, ac->mod_req); +} + +static int oc_wait(struct ldb_handle *handle) { + struct oc_context *ac; + int ret; + + if (!handle || !handle->private_data) { + return LDB_ERR_OPERATIONS_ERROR; + } + + if (handle->state == LDB_ASYNC_DONE) { + return handle->status; + } + + handle->state = LDB_ASYNC_PENDING; + handle->status = LDB_SUCCESS; + + ac = talloc_get_type(handle->private_data, struct oc_context); + + switch (ac->step) { + case OC_DO_REQ: + ret = ldb_wait(ac->down_req->handle, LDB_WAIT_NONE); + + if (ret != LDB_SUCCESS) { + handle->status = ret; + goto done; + } + if (ac->down_req->handle->status != LDB_SUCCESS) { + handle->status = ac->down_req->handle->status; + goto done; + } + + if (ac->down_req->handle->state != LDB_ASYNC_DONE) { + return LDB_SUCCESS; + } + + /* mods done, go on */ + return objectclass_search_self(handle); + + case OC_SEARCH_SELF: + ret = ldb_wait(ac->search_req->handle, LDB_WAIT_NONE); + + if (ret != LDB_SUCCESS) { + handle->status = ret; + goto done; + } + if (ac->search_req->handle->status != LDB_SUCCESS) { + handle->status = ac->search_req->handle->status; + goto done; + } + + if (ac->search_req->handle->state != LDB_ASYNC_DONE) { + return LDB_SUCCESS; + } + + /* self search done, go on */ + return objectclass_do_mod(handle); + + case OC_DO_MOD: + ret = ldb_wait(ac->mod_req->handle, LDB_WAIT_NONE); + + if (ret != LDB_SUCCESS) { + handle->status = ret; + goto done; + } + if (ac->mod_req->handle->status != LDB_SUCCESS) { + handle->status = ac->mod_req->handle->status; + goto done; + } + + if (ac->mod_req->handle->state != LDB_ASYNC_DONE) { + return LDB_SUCCESS; + } + + break; + + default: + ret = LDB_ERR_OPERATIONS_ERROR; + goto done; + } + + ret = LDB_SUCCESS; + +done: + handle->state = LDB_ASYNC_DONE; + return ret; +} + +static int oc_wait_all(struct ldb_handle *handle) { + + int ret; + + while (handle->state != LDB_ASYNC_DONE) { + ret = oc_wait(handle); + if (ret != LDB_SUCCESS) { + return ret; + } + } + + return handle->status; +} + +static int objectclass_wait(struct ldb_handle *handle, enum ldb_wait_type type) +{ + if (type == LDB_WAIT_ALL) { + return oc_wait_all(handle); + } else { + return oc_wait(handle); + } +} + +static const struct ldb_module_ops objectclass_ops = { + .name = "objectclass", + .add = objectclass_add, + .modify = objectclass_modify, + .wait = objectclass_wait +}; + +int ldb_objectclass_init(void) +{ + return ldb_register_module(&objectclass_ops); +} + -- cgit From 5fe53d6aced8682cb634bfbcf43f161d324b5a5e Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 7 Aug 2007 03:35:45 +0000 Subject: r24260: Ensure we always override any existing values for these generated attributes. Anything else leads to madness. Andrew Bartlett (This used to be commit af092a361df6b98e1890cbd3e2d1fed168701364) --- source4/dsdb/samdb/ldb_modules/kludge_acl.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index ed95d8112d..d26c8e3485 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -122,6 +122,8 @@ static int kludge_acl_allowedAttributes(struct ldb_context *ldb, struct ldb_mess const struct dsdb_schema *schema = dsdb_get_schema(ldb); const struct dsdb_class *class; int i, j, ret; + /* Must remove any existing attribute, or else confusion reins */ + ldb_msg_remove_attr(msg, attrName); ret = ldb_msg_add_empty(msg, attrName, 0, &allowedAttributes); if (ret != LDB_SUCCESS) { return ret; @@ -182,6 +184,8 @@ static int kludge_acl_childClasses(struct ldb_context *ldb, struct ldb_message * const struct dsdb_schema *schema = dsdb_get_schema(ldb); const struct dsdb_class *class; int i, j, ret; + /* Must remove any existing attribute, or else confusion reins */ + ldb_msg_remove_attr(msg, attrName); ret = ldb_msg_add_empty(msg, attrName, 0, &allowedClasses); if (ret != LDB_SUCCESS) { return ret; -- cgit From ae7819d715e80cfbd17c4bec1c93685198febe6a Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 7 Aug 2007 05:58:47 +0000 Subject: r24262: Set the objectCategory by default in the objectclass module, rather than using templates. Modify the samba3sam test to be less fussy, and not use the objectclass module (which requires proper schema stuff now). Andrew Bartlett (This used to be commit 53c248c2645e86fbc8720860aed92a479483b528) --- source4/dsdb/samdb/ldb_modules/objectclass.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c index ad11442035..259b963ce0 100644 --- a/source4/dsdb/samdb/ldb_modules/objectclass.c +++ b/source4/dsdb/samdb/ldb_modules/objectclass.c @@ -161,7 +161,7 @@ static int objectclass_sort(struct ldb_module *module, /* Save the next pointer, as the DLIST_ macros will change poss_subclass->next */ next = poss_subclass->next; - if (ldb_attr_cmp(class->subClassOf, current->objectclass) == 0) { + if (class && ldb_attr_cmp(class->subClassOf, current->objectclass) == 0) { DLIST_REMOVE(unsorted, poss_subclass); DLIST_ADD(subclass, poss_subclass); @@ -199,6 +199,7 @@ static int objectclass_sort(struct ldb_module *module, static int objectclass_add(struct ldb_module *module, struct ldb_request *req) { struct ldb_message_element *objectclass_element; + const struct dsdb_schema *schema = dsdb_get_schema(module->ldb); struct class_list *sorted, *current; struct ldb_request *down_req; struct ldb_message *msg; @@ -265,6 +266,14 @@ static int objectclass_add(struct ldb_module *module, struct ldb_request *req) talloc_free(mem_ctx); return ret; } + /* Last one */ + if (schema && !current->next && !ldb_msg_find_element(msg, "objectCategory")) { + const struct dsdb_class *objectclass + = dsdb_class_by_lDAPDisplayName(schema, current->objectclass); + if (objectclass) { + ldb_msg_add_string(msg, "objectCategory", objectclass->defaultObjectCategory); + } + } } talloc_free(mem_ctx); -- cgit From c4e5fcc349ae8648e50c5fa893fd3fd47336fed2 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 7 Aug 2007 09:01:08 +0000 Subject: r24263: Fix bug 4846 (unable to copy users in MMC Active Directory Users and Computers). We now generate a security descriptor for each object, when it is created. This seems to keep MMC happy. The next step is to honour it. Andrew Bartlett (This used to be commit 72f4ae82463c5c1f9f6b7f18f125c4c8fb56ae4f) --- source4/dsdb/samdb/ldb_modules/objectclass.c | 50 ++++++++++++++++++++++++++-- 1 file changed, 47 insertions(+), 3 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c index 259b963ce0..a9ef93cab1 100644 --- a/source4/dsdb/samdb/ldb_modules/objectclass.c +++ b/source4/dsdb/samdb/ldb_modules/objectclass.c @@ -35,6 +35,11 @@ #include "ldb/include/ldb_private.h" #include "dsdb/samdb/samdb.h" #include "lib/util/dlinklist.h" +#include "librpc/ndr/libndr.h" +#include "librpc/gen_ndr/ndr_security.h" +#include "libcli/security/security.h" +#include "auth/auth.h" + struct oc_context { enum oc_step {OC_DO_REQ, OC_SEARCH_SELF, OC_DO_MOD} step; @@ -196,6 +201,39 @@ static int objectclass_sort(struct ldb_module *module, return LDB_SUCCESS; } +DATA_BLOB *get_sd(struct ldb_module *module, TALLOC_CTX *mem_ctx, + const struct dsdb_class *objectclass) +{ + NTSTATUS status; + DATA_BLOB *linear_sd; + struct auth_session_info *session_info + = ldb_get_opaque(module->ldb, "sessionInfo"); + struct security_descriptor *sd = sddl_decode(mem_ctx, + objectclass->defaultSecurityDescriptor, + samdb_domain_sid(module->ldb)); + if (!session_info || !session_info->security_token) { + return NULL; + } + + sd->owner_sid = session_info->security_token->user_sid; + sd->group_sid = session_info->security_token->group_sid; + + linear_sd = talloc(mem_ctx, DATA_BLOB); + if (!linear_sd) { + return NULL; + } + + status = ndr_push_struct_blob(linear_sd, mem_ctx, sd, + (ndr_push_flags_fn_t)ndr_push_security_descriptor); + + if (!NT_STATUS_IS_OK(status)) { + return NULL; + } + + return linear_sd; + +} + static int objectclass_add(struct ldb_module *module, struct ldb_request *req) { struct ldb_message_element *objectclass_element; @@ -266,12 +304,18 @@ static int objectclass_add(struct ldb_module *module, struct ldb_request *req) talloc_free(mem_ctx); return ret; } - /* Last one */ - if (schema && !current->next && !ldb_msg_find_element(msg, "objectCategory")) { + /* Last one is the critical one */ + if (schema && !current->next) { const struct dsdb_class *objectclass = dsdb_class_by_lDAPDisplayName(schema, current->objectclass); if (objectclass) { - ldb_msg_add_string(msg, "objectCategory", objectclass->defaultObjectCategory); + if (!ldb_msg_find_element(msg, "objectCategory")) { + ldb_msg_add_string(msg, "objectCategory", objectclass->defaultObjectCategory); + } + if (!ldb_msg_find_element(msg, "ntSecurityDescriptor")) { + DATA_BLOB *sd = get_sd(module, mem_ctx, objectclass); + ldb_msg_add_steal_value(msg, "ntSecurityDescriptor", sd); + } } } } -- cgit From 9fd3416452ac82d27dac7b8c16f6ad89f5551f6b Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 8 Aug 2007 06:37:37 +0000 Subject: r24277: Tidyup as requested by metze. Andrew Bartlett (This used to be commit 43d62181f204fb32e487b7689729c1a91b8d23ad) --- source4/dsdb/samdb/ldb_modules/objectclass.c | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c index a9ef93cab1..0d55ef07db 100644 --- a/source4/dsdb/samdb/ldb_modules/objectclass.c +++ b/source4/dsdb/samdb/ldb_modules/objectclass.c @@ -201,16 +201,18 @@ static int objectclass_sort(struct ldb_module *module, return LDB_SUCCESS; } -DATA_BLOB *get_sd(struct ldb_module *module, TALLOC_CTX *mem_ctx, - const struct dsdb_class *objectclass) +static DATA_BLOB *get_sd(struct ldb_module *module, TALLOC_CTX *mem_ctx, + const struct dsdb_class *objectclass) { NTSTATUS status; DATA_BLOB *linear_sd; struct auth_session_info *session_info = ldb_get_opaque(module->ldb, "sessionInfo"); - struct security_descriptor *sd = sddl_decode(mem_ctx, - objectclass->defaultSecurityDescriptor, - samdb_domain_sid(module->ldb)); + struct security_descriptor *sd + = sddl_decode(mem_ctx, + objectclass->defaultSecurityDescriptor, + samdb_domain_sid(module->ldb)); + if (!session_info || !session_info->security_token) { return NULL; } @@ -300,17 +302,21 @@ static int objectclass_add(struct ldb_module *module, struct ldb_request *req) for (current = sorted; current; current = current->next) { ret = ldb_msg_add_string(msg, "objectClass", current->objectclass); if (ret != LDB_SUCCESS) { - ldb_set_errstring(module->ldb, "objectclass: could not re-add sorted objectclass to modify msg"); + ldb_set_errstring(module->ldb, + "objectclass: could not re-add sorted " + "objectclass to modify msg"); talloc_free(mem_ctx); return ret; } /* Last one is the critical one */ if (schema && !current->next) { const struct dsdb_class *objectclass - = dsdb_class_by_lDAPDisplayName(schema, current->objectclass); + = dsdb_class_by_lDAPDisplayName(schema, + current->objectclass); if (objectclass) { if (!ldb_msg_find_element(msg, "objectCategory")) { - ldb_msg_add_string(msg, "objectCategory", objectclass->defaultObjectCategory); + ldb_msg_add_string(msg, "objectCategory", + objectclass->defaultObjectCategory); } if (!ldb_msg_find_element(msg, "ntSecurityDescriptor")) { DATA_BLOB *sd = get_sd(module, mem_ctx, objectclass); -- cgit From 0eb3ee32049eb5b76308e8ef4dc6af3db544afbb Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 15 Aug 2007 13:14:38 +0000 Subject: r24459: Fix up ldap.js and test_ldb.sh to test the domain_scope control, and to test the behaviour of objectCategory=user searches. It turns out (thanks to a hint on http://blog.joeware.net/2005/12/08/147/) that objectCategory=user maps into objectCategory=CN=Person,... (by the defaultObjectCategory of that objectclass). Simplify the entryUUID module by using the fact that we now set the DN as the canoncical form of objectCategory. Andrew Bartlett (This used to be commit b474be9507df51982a604289215bb1868124fc24) --- source4/dsdb/samdb/ldb_modules/entryUUID.c | 116 ++------------------------- source4/dsdb/samdb/ldb_modules/objectclass.c | 4 +- 2 files changed, 8 insertions(+), 112 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/entryUUID.c b/source4/dsdb/samdb/ldb_modules/entryUUID.c index 751b073c80..6114e0f602 100644 --- a/source4/dsdb/samdb/ldb_modules/entryUUID.c +++ b/source4/dsdb/samdb/ldb_modules/entryUUID.c @@ -36,7 +36,6 @@ #include "librpc/ndr/libndr.h" struct entryUUID_private { - struct ldb_result *objectclass_res; struct ldb_dn **base_dns; }; @@ -148,28 +147,17 @@ static struct ldb_val sid_always_binary(struct ldb_module *module, TALLOC_CTX *c return out; } +/* Ensure we always convert objectCategory into a DN */ static struct ldb_val objectCategory_always_dn(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) { - int i; - struct map_private *map_private; - struct entryUUID_private *entryUUID_private; - struct ldb_result *list; + struct ldb_val out = data_blob(NULL, 0); + const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(module->ldb, "objectSid"); - if (ldb_dn_validate(ldb_dn_new(ctx, module->ldb, (const char *)val->data))) { - return *val; + if (a->syntax->canonicalise_fn(module->ldb, ctx, val, &out) != LDB_SUCCESS) { + return data_blob(NULL, 0); } - map_private = talloc_get_type(module->private_data, struct map_private); - entryUUID_private = talloc_get_type(map_private->caller_private, struct entryUUID_private); - list = entryUUID_private->objectclass_res; - - for (i=0; list && (i < list->count); i++) { - if (ldb_attr_cmp((const char *)val->data, ldb_msg_find_attr_as_string(list->msgs[i], "lDAPDisplayName", NULL)) == 0) { - char *dn = ldb_dn_alloc_linearized(ctx, list->msgs[i]->dn); - return data_blob_string_const(dn); - } - } - return *val; + return out; } static struct ldb_val normalise_to_signed32(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) @@ -588,70 +576,6 @@ static const char * const nsuniqueid_wildcard_attributes[] = { NULL }; -static struct ldb_dn *find_schema_dn(struct ldb_context *ldb, TALLOC_CTX *mem_ctx) -{ - const char *rootdse_attrs[] = {"schemaNamingContext", NULL}; - struct ldb_dn *schema_dn; - struct ldb_dn *basedn = ldb_dn_new(mem_ctx, ldb, NULL); - struct ldb_result *rootdse_res; - int ldb_ret; - if (!basedn) { - return NULL; - } - - /* Search for rootdse */ - ldb_ret = ldb_search(ldb, basedn, LDB_SCOPE_BASE, NULL, rootdse_attrs, &rootdse_res); - if (ldb_ret != LDB_SUCCESS) { - return NULL; - } - - talloc_steal(mem_ctx, rootdse_res); - - if (rootdse_res->count != 1) { - ldb_asprintf_errstring(ldb, "Failed to find rootDSE: count %d", rootdse_res->count); - return NULL; - } - - /* Locate schema */ - schema_dn = ldb_msg_find_attr_as_dn(ldb, mem_ctx, rootdse_res->msgs[0], "schemaNamingContext"); - if (!schema_dn) { - return NULL; - } - - talloc_free(rootdse_res); - return schema_dn; -} - -static int fetch_objectclass_schema(struct ldb_context *ldb, struct ldb_dn *schemadn, - TALLOC_CTX *mem_ctx, - struct ldb_result **objectclass_res) -{ - TALLOC_CTX *local_ctx = talloc_new(mem_ctx); - int ret; - const char *attrs[] = { - "lDAPDisplayName", - "governsID", - NULL - }; - - if (!local_ctx) { - return LDB_ERR_OPERATIONS_ERROR; - } - - /* Downlaod schema */ - ret = ldb_search(ldb, schemadn, LDB_SCOPE_SUBTREE, - "objectClass=classSchema", - attrs, objectclass_res); - if (ret != LDB_SUCCESS) { - return ret; - } - - talloc_steal(mem_ctx, objectclass_res); - - return ret; -} - - static int get_remote_rootdse(struct ldb_context *ldb, void *context, struct ldb_reply *ares) { @@ -730,7 +654,6 @@ static int entryUUID_init(struct ldb_module *module) int ret; struct map_private *map_private; struct entryUUID_private *entryUUID_private; - struct ldb_dn *schema_dn; ret = ldb_map_init(module, entryUUID_attributes, entryUUID_objectclasses, entryUUID_wildcard_attributes, NULL); if (ret != LDB_SUCCESS) @@ -741,19 +664,6 @@ static int entryUUID_init(struct ldb_module *module) entryUUID_private = talloc_zero(map_private, struct entryUUID_private); map_private->caller_private = entryUUID_private; - schema_dn = find_schema_dn(module->ldb, map_private); - if (!schema_dn) { - /* Perhaps no schema yet */ - return LDB_SUCCESS; - } - - ret = fetch_objectclass_schema(module->ldb, schema_dn, entryUUID_private, - &entryUUID_private->objectclass_res); - if (ret != LDB_SUCCESS) { - /* Perhaps no schema yet */ - return LDB_SUCCESS; - } - ret = find_base_dns(module, entryUUID_private); return ldb_next_init(module); @@ -765,7 +675,6 @@ static int nsuniqueid_init(struct ldb_module *module) int ret; struct map_private *map_private; struct entryUUID_private *entryUUID_private; - struct ldb_dn *schema_dn; ret = ldb_map_init(module, nsuniqueid_attributes, NULL, nsuniqueid_wildcard_attributes, NULL); if (ret != LDB_SUCCESS) @@ -776,19 +685,6 @@ static int nsuniqueid_init(struct ldb_module *module) entryUUID_private = talloc_zero(map_private, struct entryUUID_private); map_private->caller_private = entryUUID_private; - schema_dn = find_schema_dn(module->ldb, map_private); - if (!schema_dn) { - /* Perhaps no schema yet */ - return LDB_SUCCESS; - } - - ret = fetch_objectclass_schema(module->ldb, schema_dn, entryUUID_private, - &entryUUID_private->objectclass_res); - if (ret != LDB_SUCCESS) { - /* Perhaps no schema yet */ - return LDB_SUCCESS; - } - ret = find_base_dns(module, entryUUID_private); return ldb_next_init(module); diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c index 0d55ef07db..f7b2da9b83 100644 --- a/source4/dsdb/samdb/ldb_modules/objectclass.c +++ b/source4/dsdb/samdb/ldb_modules/objectclass.c @@ -318,9 +318,9 @@ static int objectclass_add(struct ldb_module *module, struct ldb_request *req) ldb_msg_add_string(msg, "objectCategory", objectclass->defaultObjectCategory); } - if (!ldb_msg_find_element(msg, "ntSecurityDescriptor")) { + if (!ldb_msg_find_element(msg, "nTSecurityDescriptor")) { DATA_BLOB *sd = get_sd(module, mem_ctx, objectclass); - ldb_msg_add_steal_value(msg, "ntSecurityDescriptor", sd); + ldb_msg_add_steal_value(msg, "nTSecurityDescriptor", sd); } } } -- cgit From 9de81dbae08ae5d560ebb1affeee916ae0b3c779 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 16 Aug 2007 01:58:56 +0000 Subject: r24479: Typo fix - this makes 'make test' pass against OpenLDAP again. The objectCategory canonicalise_fn makes everything a DN, which is exactly what we need here. Andrew Bartlett (This used to be commit f5ec369741661fdf7ef5f5183c0e1a996bd46d41) --- source4/dsdb/samdb/ldb_modules/entryUUID.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/entryUUID.c b/source4/dsdb/samdb/ldb_modules/entryUUID.c index 6114e0f602..f5de138b52 100644 --- a/source4/dsdb/samdb/ldb_modules/entryUUID.c +++ b/source4/dsdb/samdb/ldb_modules/entryUUID.c @@ -151,7 +151,7 @@ static struct ldb_val sid_always_binary(struct ldb_module *module, TALLOC_CTX *c static struct ldb_val objectCategory_always_dn(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) { struct ldb_val out = data_blob(NULL, 0); - const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(module->ldb, "objectSid"); + const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(module->ldb, "objectCategory"); if (a->syntax->canonicalise_fn(module->ldb, ctx, val, &out) != LDB_SUCCESS) { return data_blob(NULL, 0); -- cgit From 67729cf71fa6796c79cee576db461b4523bd75a7 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 24 Aug 2007 22:58:29 +0000 Subject: r24655: Fix bug 4919 reported by Matthias Wallnöfer : MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit > When you change to the SAMBA private directory on a shell (default > /usr/local/samba/private) and start there for example ldbedit with the sam.ldb, > the application crashes if you don't put the "./" before the filename. I've adapted Matthias's patch. Andrew Bartlett (This used to be commit ba82197e30da8e626419e877d224431703edc866) --- source4/dsdb/samdb/ldb_modules/partition.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index 21eb9a74d7..4c0c632139 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -722,11 +722,10 @@ static const char *relative_path(struct ldb_module *module, } if ( (p = strrchr(path, '/')) != NULL) { p[0] = '\0'; + full_name = talloc_asprintf(mem_ctx, "%s/%s", path, name); } else { - talloc_free(path); - return NULL; + full_name = talloc_asprintf(mem_ctx, "./%s", name); } - full_name = talloc_asprintf(mem_ctx, "%s/%s", path, name); talloc_free(path); return full_name; } -- cgit From 538e9842f6d2ee46ede3c5d25d2b69c17adffd3b Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 27 Aug 2007 00:31:14 +0000 Subject: r24690: Further fix to bug 4919: Ensure we don't supply a NULL URL argument to ldb_connect_backend(). Andrew Bartlett (This used to be commit d0595e7a3d15c40dd49062efa0ddc6864b6b9030) --- source4/dsdb/samdb/ldb_modules/partition.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index 4c0c632139..ae739f9b00 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -821,6 +821,11 @@ static int partition_init(struct ldb_module *module) data->partitions[i]->backend = relative_path(module, data->partitions[i], p); + if (!data->partitions[i]->backend) { + ldb_asprintf_errstring(module->ldb, + "partition_init: unable to determine an relative path for partition: %s", base); + talloc_free(mem_ctx); + } ret = ldb_connect_backend(module->ldb, data->partitions[i]->backend, NULL, &data->partitions[i]->module); if (ret != LDB_SUCCESS) { talloc_free(mem_ctx); -- cgit From 4b31fd4409cd9eca29469c09ce4b585c6d5f1a81 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 27 Aug 2007 02:26:24 +0000 Subject: r24696: Fix bug 4918 reported by Matthias Wallnöfer with a patch from Andrew Kroeger . MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The changes to samldb_fill_foreignSecurityPrincipal_object() look much larger then they are: We just skip all the objectSid generation if the SID is supplied. By providing a few more objects, standard dialogs on the clients are better behaved, for these 'well known' users. Andrew Bartlett (This used to be commit 35ee4aee719e69983d650602d1c6422a31600001) --- source4/dsdb/samdb/ldb_modules/samldb.c | 77 +++++++++++++++++---------------- 1 file changed, 40 insertions(+), 37 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index d4dc2b3d2b..d448e30b31 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -576,7 +576,7 @@ static int samldb_fill_foreignSecurityPrincipal_object(struct ldb_module *module /* build the new msg */ msg2 = ldb_msg_copy(mem_ctx, msg); if (!msg2) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_foreignSecurityPrincpal_object: ldb_msg_copy failed!\n"); + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_foreignSecurityPrincipal_object: ldb_msg_copy failed!\n"); talloc_free(mem_ctx); return LDB_ERR_OPERATIONS_ERROR; } @@ -601,47 +601,50 @@ static int samldb_fill_foreignSecurityPrincipal_object(struct ldb_module *module return LDB_ERR_CONSTRAINT_VIOLATION; } - /* Slightly different for the foreign sids. We don't want - * domain SIDs ending up there, it would cause all sorts of - * pain */ - - sid = dom_sid_parse_talloc(msg2, (const char *)ldb_dn_get_rdn_val(msg2->dn)->data); + sid = samdb_result_dom_sid(msg2, msg, "objectSid"); if (!sid) { - ldb_set_errstring(module->ldb, "No valid found SID in ForeignSecurityPrincipal CN!"); - talloc_free(mem_ctx); - return LDB_ERR_CONSTRAINT_VIOLATION; - } + /* Slightly different for the foreign sids. We don't want + * domain SIDs ending up there, it would cause all sorts of + * pain */ - if ( ! samldb_msg_add_sid(module, msg2, "objectSid", sid)) { - talloc_free(sid); - return LDB_ERR_OPERATIONS_ERROR; - } + sid = dom_sid_parse_talloc(msg2, (const char *)ldb_dn_get_rdn_val(msg2->dn)->data); + if (!sid) { + ldb_set_errstring(module->ldb, "No valid found SID in ForeignSecurityPrincipal CN!"); + talloc_free(mem_ctx); + return LDB_ERR_CONSTRAINT_VIOLATION; + } - dom_sid = dom_sid_dup(mem_ctx, sid); - if (!dom_sid) { - talloc_free(mem_ctx); - return LDB_ERR_OPERATIONS_ERROR; - } - /* get the domain component part of the provided SID */ - dom_sid->num_auths--; + if ( ! samldb_msg_add_sid(module, msg2, "objectSid", sid)) { + talloc_free(sid); + return LDB_ERR_OPERATIONS_ERROR; + } - /* find the domain DN */ + dom_sid = dom_sid_dup(mem_ctx, sid); + if (!dom_sid) { + talloc_free(mem_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + /* get the domain component part of the provided SID */ + dom_sid->num_auths--; - ret = gendb_search(module->ldb, - mem_ctx, NULL, &dom_msgs, dom_attrs, - "(&(objectSid=%s)(objectclass=domain))", - ldap_encode_ndr_dom_sid(mem_ctx, dom_sid)); - if (ret >= 1) { - /* We don't really like the idea of foreign sids that are not foreign, but it happens */ - const char *name = samdb_result_string(dom_msgs[0], "name", NULL); - ldb_debug(module->ldb, LDB_DEBUG_TRACE, "NOTE (strange but valid): Adding foreign SID record with SID %s, but this domian (%s) is already in the database", - dom_sid_string(mem_ctx, sid), name); - } else if (ret == -1) { - ldb_asprintf_errstring(module->ldb, - "samldb_fill_foreignSecurityPrincipal_object: error searching for a domain with this sid: %s\n", - dom_sid_string(mem_ctx, dom_sid)); - talloc_free(dom_msgs); - return LDB_ERR_OPERATIONS_ERROR; + /* find the domain DN */ + + ret = gendb_search(module->ldb, + mem_ctx, NULL, &dom_msgs, dom_attrs, + "(&(objectSid=%s)(objectclass=domain))", + ldap_encode_ndr_dom_sid(mem_ctx, dom_sid)); + if (ret >= 1) { + /* We don't really like the idea of foreign sids that are not foreign, but it happens */ + const char *name = samdb_result_string(dom_msgs[0], "name", NULL); + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "NOTE (strange but valid): Adding foreign SID record with SID %s, but this domian (%s) is already in the database", + dom_sid_string(mem_ctx, sid), name); + } else if (ret == -1) { + ldb_asprintf_errstring(module->ldb, + "samldb_fill_foreignSecurityPrincipal_object: error searching for a domain with this sid: %s\n", + dom_sid_string(mem_ctx, dom_sid)); + talloc_free(dom_msgs); + return LDB_ERR_OPERATIONS_ERROR; + } } /* This isn't an operation on a domain we know about, so just -- cgit From 714c5c92ef8e80b3510e222ce621401e55d05d7e Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 28 Aug 2007 05:43:26 +0000 Subject: r24731: Remove unused code - if we hit these error conditions, then we are dead anyway, and a segfault would leave us with more infomation. Andrew Bartlett (This used to be commit 62320616ff8795ff18c8f49029d81f12558c10ed) --- source4/dsdb/samdb/ldb_modules/extended_dn.c | 5 ----- source4/dsdb/samdb/ldb_modules/kludge_acl.c | 9 --------- source4/dsdb/samdb/ldb_modules/local_password.c | 18 ------------------ source4/dsdb/samdb/ldb_modules/objectclass.c | 5 ----- source4/dsdb/samdb/ldb_modules/partition.c | 16 ---------------- source4/dsdb/samdb/ldb_modules/password_hash.c | 10 ---------- source4/dsdb/samdb/ldb_modules/rootdse.c | 5 ----- source4/dsdb/samdb/ldb_modules/schema.c | 6 ------ source4/dsdb/samdb/ldb_modules/show_deleted.c | 8 -------- 9 files changed, 82 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/extended_dn.c b/source4/dsdb/samdb/ldb_modules/extended_dn.c index 0a3227a912..6f32d22d26 100644 --- a/source4/dsdb/samdb/ldb_modules/extended_dn.c +++ b/source4/dsdb/samdb/ldb_modules/extended_dn.c @@ -181,11 +181,6 @@ static int extended_callback(struct ldb_context *ldb, void *context, struct ldb_ { struct extended_context *ac; - if (!context || !ares) { - ldb_set_errstring(ldb, "NULL Context or Result in callback"); - goto error; - } - ac = talloc_get_type(context, struct extended_context); if (ares->type == LDB_REPLY_ENTRY) { diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index d26c8e3485..2d6d8a2d80 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -236,11 +236,6 @@ static int kludge_acl_callback(struct ldb_context *ldb, void *context, struct ld struct kludge_private_data *data; int i, ret; - if (!context || !ares) { - ldb_set_errstring(ldb, "NULL Context or Result in callback"); - goto error; - } - ac = talloc_get_type(context, struct kludge_acl_context); data = talloc_get_type(ac->module->private_data, struct kludge_private_data); @@ -296,10 +291,6 @@ static int kludge_acl_callback(struct ldb_context *ldb, void *context, struct ld } return ac->up_callback(ldb, ac->up_context, ares); - -error: - talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; } static int kludge_acl_search(struct ldb_module *module, struct ldb_request *req) diff --git a/source4/dsdb/samdb/ldb_modules/local_password.c b/source4/dsdb/samdb/ldb_modules/local_password.c index 97909c06b5..573d2e27b9 100644 --- a/source4/dsdb/samdb/ldb_modules/local_password.c +++ b/source4/dsdb/samdb/ldb_modules/local_password.c @@ -355,11 +355,6 @@ static int get_self_callback(struct ldb_context *ldb, void *context, struct ldb_ { struct lpdb_context *ac; - if (!context || !ares) { - ldb_set_errstring(ldb, "NULL Context or Result in callback"); - return LDB_ERR_OPERATIONS_ERROR; - } - ac = talloc_get_type(context, struct lpdb_context); /* we are interested only in the single reply (base search) we receive here */ @@ -461,11 +456,6 @@ static int lpdb_local_search_callback(struct ldb_context *ldb, void *context, st { struct lpdb_local_search_context *local_context; - if (!context || !ares) { - ldb_set_errstring(ldb, "NULL Context or Result in callback"); - return LDB_ERR_OPERATIONS_ERROR; - } - local_context = talloc_get_type(context, struct lpdb_local_search_context); /* we are interested only in the single reply (base search) we receive here */ @@ -529,11 +519,6 @@ static int lpdb_remote_search_callback(struct ldb_context *ldb, void *context, s { struct lpdb_context *ac; - if (!context || !ares) { - ldb_set_errstring(ldb, "NULL Context or Result in callback"); - goto error; - } - ac = talloc_get_type(context, struct lpdb_context); if (ares->type == LDB_REPLY_ENTRY) { @@ -610,9 +595,6 @@ static int lpdb_remote_search_callback(struct ldb_context *ldb, void *context, s } else { return ac->orig_req->callback(ldb, ac->orig_req->context, ares); } -error: - talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; } /* Search for passwords and other attributes. The passwords are diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c index f7b2da9b83..04cf8efdb2 100644 --- a/source4/dsdb/samdb/ldb_modules/objectclass.c +++ b/source4/dsdb/samdb/ldb_modules/objectclass.c @@ -480,11 +480,6 @@ static int get_self_callback(struct ldb_context *ldb, void *context, struct ldb_ { struct oc_context *ac; - if (!context || !ares) { - ldb_set_errstring(ldb, "NULL Context or Result in callback"); - return LDB_ERR_OPERATIONS_ERROR; - } - ac = talloc_get_type(context, struct oc_context); /* we are interested only in the single reply (base search) we receive here */ diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index ae739f9b00..0675f38c56 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -45,7 +45,6 @@ struct partition_private_data { struct partition_context { struct ldb_module *module; - struct ldb_handle *handle; struct ldb_request *orig_req; struct ldb_request **down_req; @@ -76,7 +75,6 @@ static struct partition_context *partition_init_handle(struct ldb_request *req, h->private_data = ac; ac->module = module; - ac->handle = h; ac->orig_req = req; req->handle = h; @@ -126,11 +124,6 @@ static int partition_search_callback(struct ldb_context *ldb, void *context, str { struct partition_context *ac; - if (!context || !ares) { - ldb_set_errstring(ldb, "partition_search_callback: NULL Context or Result in 'search' callback"); - goto error; - } - ac = talloc_get_type(context, struct partition_context); if (ares->type == LDB_REPLY_ENTRY) { @@ -144,9 +137,6 @@ static int partition_search_callback(struct ldb_context *ldb, void *context, str return LDB_SUCCESS; } } -error: - talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; } /* @@ -156,11 +146,6 @@ static int partition_other_callback(struct ldb_context *ldb, void *context, stru { struct partition_context *ac; - if (!context) { - ldb_set_errstring(ldb, "partition_other_callback: NULL Context in 'other' callback"); - goto error; - } - ac = talloc_get_type(context, struct partition_context); if (!ac->orig_req->callback) { @@ -179,7 +164,6 @@ static int partition_other_callback(struct ldb_context *ldb, void *context, stru return LDB_SUCCESS; } ldb_set_errstring(ldb, "partition_other_callback: Unknown reply type, only supports START_TLS"); -error: talloc_free(ares); return LDB_ERR_OPERATIONS_ERROR; } diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 718e0480af..61e9002439 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -1168,11 +1168,6 @@ static int get_domain_data_callback(struct ldb_context *ldb, void *context, stru { struct ph_context *ac; - if (!context || !ares) { - ldb_set_errstring(ldb, "NULL Context or Result in callback"); - return LDB_ERR_OPERATIONS_ERROR; - } - ac = talloc_get_type(context, struct ph_context); /* we are interested only in the single reply (base search) we receive here */ @@ -1629,11 +1624,6 @@ static int get_self_callback(struct ldb_context *ldb, void *context, struct ldb_ { struct ph_context *ac; - if (!context || !ares) { - ldb_set_errstring(ldb, "NULL Context or Result in callback"); - return LDB_ERR_OPERATIONS_ERROR; - } - ac = talloc_get_type(context, struct ph_context); /* we are interested only in the single reply (base search) we receive here */ diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index 0afc2dfb8e..a808d674e2 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -226,11 +226,6 @@ static int rootdse_callback(struct ldb_context *ldb, void *context, struct ldb_r { struct rootdse_context *ac; - if (!context || !ares) { - ldb_set_errstring(ldb, "NULL Context or Result in callback"); - goto error; - } - ac = talloc_get_type(context, struct rootdse_context); if (ares->type == LDB_REPLY_ENTRY) { diff --git a/source4/dsdb/samdb/ldb_modules/schema.c b/source4/dsdb/samdb/ldb_modules/schema.c index 2de5e892ed..21e93e1715 100644 --- a/source4/dsdb/samdb/ldb_modules/schema.c +++ b/source4/dsdb/samdb/ldb_modules/schema.c @@ -523,11 +523,6 @@ static int schema_add_check_parent(struct ldb_context *ldb, void *context, struc { struct schema_context *sctx; - if (!context || !ares) { - ldb_set_errstring(ldb, "NULL Context or Result in callback"); - return LDB_ERR_OPERATIONS_ERROR; - } - sctx = talloc_get_type(context, struct schema_context); /* we are interested only in the single reply (base search) we receive here */ @@ -883,7 +878,6 @@ static int schema_add_build_down_req(struct schema_context *sctx) { struct schema_class_dlist *temp; struct ldb_message *msg; - char *oc; int ret; sctx->down_req = talloc(sctx, struct ldb_request); diff --git a/source4/dsdb/samdb/ldb_modules/show_deleted.c b/source4/dsdb/samdb/ldb_modules/show_deleted.c index cbc9d50b06..19fa63fb6e 100644 --- a/source4/dsdb/samdb/ldb_modules/show_deleted.c +++ b/source4/dsdb/samdb/ldb_modules/show_deleted.c @@ -52,11 +52,6 @@ static int show_deleted_search_callback(struct ldb_context *ldb, void *context, { struct show_deleted_search_request *ar; - if (!context || !ares) { - ldb_set_errstring(ldb, "NULL Context or Result in callback"); - goto error; - } - ar = talloc_get_type(context, struct show_deleted_search_request); if (ares->type == LDB_REPLY_ENTRY) { @@ -78,9 +73,6 @@ static int show_deleted_search_callback(struct ldb_context *ldb, void *context, skip_deleted: talloc_free(ares); return LDB_SUCCESS; -error: - talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; } static int show_deleted_search(struct ldb_module *module, struct ldb_request *req) -- cgit From 4e1d0cc8e3b7bfb51845fbe836812f7558c30c10 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 29 Aug 2007 01:40:58 +0000 Subject: r24761: Permit subtree renames in Samba4. The module is scary: On a rename, it does a search for all entries under that entry (including itself), and fires off a seperate rename call for each result. This will fail miserably on an LDAP backend, but I'll need to work on using hdb for OpenLDAP, and hope Fedora DS can implement subtree renames at some point. Andrew Bartlett (This used to be commit 13908a8cb4dd810503213203efb8d51f77f1f379) --- source4/dsdb/samdb/ldb_modules/config.mk | 12 + source4/dsdb/samdb/ldb_modules/subtree_rename.c | 290 ++++++++++++++++++++++++ 2 files changed, 302 insertions(+) create mode 100644 source4/dsdb/samdb/ldb_modules/subtree_rename.c (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index 7b42123d0a..f35f26371b 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -232,3 +232,15 @@ OBJ_FILES = \ # End MODULE ldb_objectclass ################################################ +################################################ +# Start MODULE ldb_subtree_rename +[MODULE::ldb_subtree_rename] +INIT_FUNCTION = ldb_subtree_rename_init +CFLAGS = -Ilib/ldb/include +PRIVATE_DEPENDENCIES = LIBTALLOC +SUBSYSTEM = LIBLDB +OBJ_FILES = \ + subtree_rename.o +# End MODULE ldb_subtree_rename +################################################ + diff --git a/source4/dsdb/samdb/ldb_modules/subtree_rename.c b/source4/dsdb/samdb/ldb_modules/subtree_rename.c new file mode 100644 index 0000000000..993331216e --- /dev/null +++ b/source4/dsdb/samdb/ldb_modules/subtree_rename.c @@ -0,0 +1,290 @@ +/* + ldb database library + + Copyright (C) Andrew Bartlett 2006-2007 + Copyright (C) Stefan Metzmacher 2007 + + ** NOTE! The following LGPL license applies to the ldb + ** library. This does NOT imply that all of Samba is released + ** under the LGPL + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 3 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, see . +*/ + +/* + * Name: ldb + * + * Component: ldb subtree rename module + * + * Description: Rename a subtree in LDB + * + * Author: Andrew Bartlett + */ + +#include "ldb_includes.h" + +struct subtree_rename_context { + struct ldb_module *module; + struct ldb_handle *handle; + struct ldb_request *orig_req; + + struct ldb_request **down_req; + int num_requests; + int finished_requests; +}; + +struct subtree_rename_search_context { + struct ldb_module *module; + struct ldb_request *orig_req; + struct ldb_handle *handle; + + struct ldb_request **down_req; + int num_requests; + int finished_requests; +}; + +static struct subtree_rename_context *subtree_rename_init_handle(struct ldb_request *req, + struct ldb_module *module) +{ + struct subtree_rename_context *ac; + struct ldb_handle *h; + + h = talloc_zero(req, struct ldb_handle); + if (h == NULL) { + ldb_set_errstring(module->ldb, "Out of Memory"); + return NULL; + } + + h->module = module; + + ac = talloc_zero(h, struct subtree_rename_context); + if (ac == NULL) { + ldb_set_errstring(module->ldb, "Out of Memory"); + talloc_free(h); + return NULL; + } + + h->private_data = ac; + + ac->module = module; + ac->handle = h; + ac->orig_req = req; + + req->handle = h; + + return ac; +} + + +static int subtree_rename_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +{ + /* OK, we have one of *many* search results here: + + We should also get the entry we tried to rename. This + callback handles this and everything below it. + */ + + if (ares->type == LDB_REPLY_ENTRY) { + /* And it is an actual entry: now create a rename from it */ + struct subtree_rename_context *ac = talloc_get_type(context, struct subtree_rename_context); + struct ldb_request *req; + int ret; + + TALLOC_CTX *mem_ctx = talloc_new(ac); + + struct ldb_dn *newdn = ldb_dn_copy(mem_ctx, ares->message->dn); + if (!newdn) { + ldb_oom(ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + ldb_dn_remove_base_components(newdn, ldb_dn_get_comp_num(ac->orig_req->op.rename.olddn)); + + if (!ldb_dn_add_base(newdn, ac->orig_req->op.rename.newdn)) { + ldb_oom(ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + ret = ldb_build_rename_req(&req, ldb, mem_ctx, + ares->message->dn, + newdn, + NULL, + NULL, + NULL); + + if (ret != LDB_SUCCESS) return ret; + + talloc_steal(req, newdn); + + req->handle = ac->handle; + + ac->down_req = talloc_realloc(ac, ac->down_req, + struct ldb_request *, ac->num_requests + 1); + if (!ac->down_req) { + ldb_oom(ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + ac->down_req[ac->num_requests] = req; + + return ldb_next_request(ac->module, req); + + } else { + talloc_free(ares); + } + + return LDB_SUCCESS; + +} + +/* rename */ +static int subtree_rename(struct ldb_module *module, struct ldb_request *req) +{ + const char *attrs[] = { NULL }; + struct ldb_request *new_req; + struct subtree_rename_context *ac; + int ret; + struct ldb_search_options_control *search_options; + if (ldb_dn_is_special(req->op.mod.message->dn)) { /* do not manipulate our control entries */ + return ldb_next_request(module, req); + } + + /* This gets complex: We need to: + - Do a search for all entires under this entry + - Wait for these results to appear + - In the callback for each result, issue a modify request + - That will include this rename, we hope + - Wait for each modify result + - Regain our sainity + */ + + ac = subtree_rename_init_handle(req, module); + if (!ac) { + return LDB_ERR_OPERATIONS_ERROR; + } + + ret = ldb_build_search_req(&new_req, module->ldb, req, + req->op.rename.olddn, + LDB_SCOPE_SUBTREE, + "objectClass=*", + attrs, + req->controls, + ac, + subtree_rename_search_callback); + + /* We want to find any partitions under this entry. That way, + * if we try and rename a whole partition, the partitions + * module should cause us to fail the lot */ + search_options = talloc(ac, struct ldb_search_options_control); + if (!search_options) { + ldb_oom(ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + search_options->search_options = LDB_SEARCH_OPTION_PHANTOM_ROOT; + + ret = ldb_request_add_control(new_req, LDB_CONTROL_SEARCH_OPTIONS_OID, false, search_options); + if (ret != LDB_SUCCESS) { + return ret; + } + + new_req->handle = req->handle; + + ac->down_req = talloc_realloc(ac, ac->down_req, + struct ldb_request *, ac->num_requests + 1); + if (!ac->down_req) { + ldb_oom(ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + ac->down_req[ac->num_requests] = new_req; + if (req == NULL) { + ldb_oom(ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + return ldb_next_request(module, req); +} + +static int subtree_rename_wait_none(struct ldb_handle *handle) { + struct subtree_rename_context *ac; + int i, ret; + if (!handle || !handle->private_data) { + return LDB_ERR_OPERATIONS_ERROR; + } + + if (handle->state == LDB_ASYNC_DONE) { + return handle->status; + } + + handle->state = LDB_ASYNC_PENDING; + handle->status = LDB_SUCCESS; + + ac = talloc_get_type(handle->private_data, struct subtree_rename_context); + + for (i=0; i < ac->num_requests; i++) { + ret = ldb_wait(ac->down_req[i]->handle, LDB_WAIT_NONE); + + if (ret != LDB_SUCCESS) { + handle->status = ret; + goto done; + } + if (ac->down_req[i]->handle->status != LDB_SUCCESS) { + handle->status = ac->down_req[i]->handle->status; + goto done; + } + + if (ac->down_req[i]->handle->state != LDB_ASYNC_DONE) { + return LDB_SUCCESS; + } + } + + ret = LDB_SUCCESS; + +done: + handle->state = LDB_ASYNC_DONE; + return ret; + +} + +static int subtree_rename_wait_all(struct ldb_handle *handle) { + + int ret; + + while (handle->state != LDB_ASYNC_DONE) { + ret = subtree_rename_wait_none(handle); + if (ret != LDB_SUCCESS) { + return ret; + } + } + + return handle->status; +} + +static int subtree_rename_wait(struct ldb_handle *handle, enum ldb_wait_type type) +{ + if (type == LDB_WAIT_ALL) { + return subtree_rename_wait_all(handle); + } else { + return subtree_rename_wait_none(handle); + } +} + +static const struct ldb_module_ops subtree_rename_ops = { + .name = "subtree_rename", + .rename = subtree_rename, + .wait = subtree_rename_wait, +}; + +int ldb_subtree_rename_init(void) +{ + return ldb_register_module(&subtree_rename_ops); +} -- cgit From 0b91f3916430d0271eab867675d44c5439de40c2 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 29 Aug 2007 13:07:03 +0000 Subject: r24780: More work allowing libutil to be used by external users. (This used to be commit 31993cf67b816a184a4a4e92ef8ca2532c797190) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 61e9002439..98061570c8 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -924,8 +924,7 @@ static int setup_supplemental_field(struct setup_password_fields_io *io) * This is ugly, but we want to generate the same blob as * w2k and w2k3...we should handle this in the idl */ - status = data_blob_append(io->ac, &pkb_blob, zero16, sizeof(zero16)); - if (!NT_STATUS_IS_OK(status)) { + if (!data_blob_append(io->ac, &pkb_blob, zero16, sizeof(zero16))) { ldb_oom(io->ac->module->ldb); return LDB_ERR_OPERATIONS_ERROR; } -- cgit From 50017a00757b00a572fc42405f761cf42119b4a4 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 30 Aug 2007 00:25:47 +0000 Subject: r24793: The subtree_rename module is a work of fiction. An resemblance to a working module, live or dead, is purely co-incidental. Andrew Bartlett (This used to be commit 64cc31642fd2ded149631d07bc022213f19595b8) --- source4/dsdb/samdb/ldb_modules/subtree_rename.c | 23 +++++++---------------- 1 file changed, 7 insertions(+), 16 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/subtree_rename.c b/source4/dsdb/samdb/ldb_modules/subtree_rename.c index 993331216e..2cc83b308b 100644 --- a/source4/dsdb/samdb/ldb_modules/subtree_rename.c +++ b/source4/dsdb/samdb/ldb_modules/subtree_rename.c @@ -44,16 +44,6 @@ struct subtree_rename_context { int finished_requests; }; -struct subtree_rename_search_context { - struct ldb_module *module; - struct ldb_request *orig_req; - struct ldb_handle *handle; - - struct ldb_request **down_req; - int num_requests; - int finished_requests; -}; - static struct subtree_rename_context *subtree_rename_init_handle(struct ldb_request *req, struct ldb_module *module) { @@ -127,7 +117,9 @@ static int subtree_rename_search_callback(struct ldb_context *ldb, void *context talloc_steal(req, newdn); - req->handle = ac->handle; + talloc_steal(req, ares->message->dn); + + talloc_free(ares); ac->down_req = talloc_realloc(ac, ac->down_req, struct ldb_request *, ac->num_requests + 1); @@ -136,6 +128,7 @@ static int subtree_rename_search_callback(struct ldb_context *ldb, void *context return LDB_ERR_OPERATIONS_ERROR; } ac->down_req[ac->num_requests] = req; + ac->num_requests++; return ldb_next_request(ac->module, req); @@ -176,7 +169,7 @@ static int subtree_rename(struct ldb_module *module, struct ldb_request *req) ret = ldb_build_search_req(&new_req, module->ldb, req, req->op.rename.olddn, LDB_SCOPE_SUBTREE, - "objectClass=*", + "(objectClass=*)", attrs, req->controls, ac, @@ -197,8 +190,6 @@ static int subtree_rename(struct ldb_module *module, struct ldb_request *req) return ret; } - new_req->handle = req->handle; - ac->down_req = talloc_realloc(ac, ac->down_req, struct ldb_request *, ac->num_requests + 1); if (!ac->down_req) { @@ -210,8 +201,8 @@ static int subtree_rename(struct ldb_module *module, struct ldb_request *req) ldb_oom(ac->module->ldb); return LDB_ERR_OPERATIONS_ERROR; } - - return ldb_next_request(module, req); + ac->num_requests++; + return ldb_next_request(module, new_req); } static int subtree_rename_wait_none(struct ldb_handle *handle) { -- cgit From 8294016a1b72770f5c322decda9b705ed90fd40d Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 3 Sep 2007 02:51:24 +0000 Subject: r24914: In response to bug #4892 by Matthias Wallnöfer , allow the objectclass module to reconstruct the objectclass hierarchy, rather than using templates. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The issue being fixed in particular is that 'top' was not being set on containers. This should ensure we do this right for all objects. Andrew Bartlett (This used to be commit d17a0058ba8492b8b3f81b6f10fc34b3e45bb8a6) --- source4/dsdb/samdb/ldb_modules/objectclass.c | 46 +++++++++++++++++++++++----- source4/dsdb/samdb/ldb_modules/samldb.c | 21 +++---------- 2 files changed, 42 insertions(+), 25 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c index 04cf8efdb2..f2ca92638d 100644 --- a/source4/dsdb/samdb/ldb_modules/objectclass.c +++ b/source4/dsdb/samdb/ldb_modules/objectclass.c @@ -92,6 +92,7 @@ static struct ldb_handle *oc_init_handle(struct ldb_request *req, struct ldb_mod } static int objectclass_sort(struct ldb_module *module, + struct ldb_message *msg, /* so that when we create new elements, we put it on the right parent */ TALLOC_CTX *mem_ctx, struct ldb_message_element *objectclass_element, struct class_list **sorted_out) @@ -100,7 +101,7 @@ static int objectclass_sort(struct ldb_module *module, int layer; const struct dsdb_schema *schema = dsdb_get_schema(module->ldb); struct class_list *sorted = NULL, *parent_class = NULL, - *subclass = NULL, *unsorted = NULL, *current, *poss_subclass; + *subclass = NULL, *unsorted = NULL, *current, *poss_subclass, *poss_parent, *new_parent; /* DESIGN: * * We work on 4 different 'bins' (implemented here as linked lists): @@ -149,6 +150,34 @@ static int objectclass_sort(struct ldb_module *module, } } + if (parent_class == NULL) { + current = talloc(mem_ctx, struct class_list); + current->objectclass = talloc_strdup(msg, "top"); + DLIST_ADD_END(parent_class, current, struct class_list *); + } + + /* For each object: find parent chain */ + for (current = unsorted; schema && current; current = current->next) { + const struct dsdb_class *class = dsdb_class_by_lDAPDisplayName(schema, current->objectclass); + if (!class) { + ldb_asprintf_errstring(module->ldb, "objectclass %s is not a valid objectClass in schema", current->objectclass); + return LDB_ERR_OBJECT_CLASS_VIOLATION; + } + for (poss_parent = unsorted; poss_parent; poss_parent = poss_parent->next) { + if (ldb_attr_cmp(poss_parent->objectclass, class->subClassOf) == 0) { + break; + } + } + /* If we didn't get to the end of the list, we need to add this parent */ + if (poss_parent || (ldb_attr_cmp("top", class->subClassOf) == 0)) { + continue; + } + + new_parent = talloc(mem_ctx, struct class_list); + new_parent->objectclass = talloc_strdup(msg, class->subClassOf); + DLIST_ADD_END(unsorted, new_parent, struct class_list *); + } + /* DEBUGGING aid: how many layers are we down now? */ layer = 0; do { @@ -265,11 +294,6 @@ static int objectclass_add(struct ldb_module *module, struct ldb_request *req) return LDB_ERR_OPERATIONS_ERROR; } - ret = objectclass_sort(module, mem_ctx, objectclass_element, &sorted); - if (ret != LDB_SUCCESS) { - return ret; - } - /* prepare the first operation */ down_req = talloc(req, struct ldb_request); if (down_req == NULL) { @@ -287,6 +311,12 @@ static int objectclass_add(struct ldb_module *module, struct ldb_request *req) return LDB_ERR_OPERATIONS_ERROR; } + ret = objectclass_sort(module, msg, mem_ctx, objectclass_element, &sorted); + if (ret != LDB_SUCCESS) { + talloc_free(mem_ctx); + return ret; + } + ldb_msg_remove_attr(msg, "objectClass"); ret = ldb_msg_add_empty(msg, "objectClass", 0, NULL); @@ -398,7 +428,7 @@ static int objectclass_modify(struct ldb_module *module, struct ldb_request *req return LDB_ERR_OPERATIONS_ERROR; } - ret = objectclass_sort(module, mem_ctx, objectclass_element, &sorted); + ret = objectclass_sort(module, msg, mem_ctx, objectclass_element, &sorted); if (ret != LDB_SUCCESS) { return ret; } @@ -579,7 +609,7 @@ static int objectclass_do_mod(struct ldb_handle *h) { /* modify dn */ msg->dn = ac->orig_req->op.mod.message->dn; - ret = objectclass_sort(ac->module, mem_ctx, objectclass_element, &sorted); + ret = objectclass_sort(ac->module, msg, mem_ctx, objectclass_element, &sorted); if (ret != LDB_SUCCESS) { return ret; } diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index d448e30b31..5342c14967 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -411,7 +411,7 @@ static int samldb_fill_group_object(struct ldb_module *module, const struct ldb_ } ret = samdb_copy_template(module->ldb, msg2, - "(&(CN=TemplateGroup)(objectclass=groupTemplate))", + "group", &errstr); if (ret != 0) { @@ -476,7 +476,7 @@ static int samldb_fill_user_or_computer_object(struct ldb_module *module, const if (samdb_find_attribute(module->ldb, msg, "objectclass", "computer") != NULL) { ret = samdb_copy_template(module->ldb, msg2, - "(&(CN=TemplateComputer)(objectclass=userTemplate))", + "computer", &errstr); if (ret) { ldb_asprintf_errstring(module->ldb, @@ -486,22 +486,9 @@ static int samldb_fill_user_or_computer_object(struct ldb_module *module, const talloc_free(mem_ctx); return ret; } - - /* readd user and then computer objectclasses */ - ret = samdb_find_or_add_value(module->ldb, msg2, "objectclass", "user"); - if (ret) { - talloc_free(mem_ctx); - return ret; - } - ret = samdb_find_or_add_value(module->ldb, msg2, "objectclass", "computer"); - if (ret) { - talloc_free(mem_ctx); - return ret; - } - } else { ret = samdb_copy_template(module->ldb, msg2, - "(&(CN=TemplateUser)(objectclass=userTemplate))", + "user", &errstr); if (ret) { ldb_asprintf_errstring(module->ldb, @@ -582,7 +569,7 @@ static int samldb_fill_foreignSecurityPrincipal_object(struct ldb_module *module } ret = samdb_copy_template(module->ldb, msg2, - "(&(CN=TemplateForeignSecurityPrincipal)(objectclass=foreignSecurityPrincipalTemplate))", + "ForeignSecurityPrincipal", &errstr); if (ret != 0) { ldb_asprintf_errstring(module->ldb, -- cgit From cd962355abad90a2161765a7be7d26e63572cab7 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Fri, 7 Sep 2007 15:08:14 +0000 Subject: r25000: Fix some more C++ compatibility warnings. (This used to be commit 08bb1ef643ab906f1645cf6f32763dc73b1884e4) --- source4/dsdb/samdb/ldb_modules/entryUUID.c | 2 +- source4/dsdb/samdb/ldb_modules/kludge_acl.c | 4 ++-- source4/dsdb/samdb/ldb_modules/partition.c | 9 ++++++--- 3 files changed, 9 insertions(+), 6 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/entryUUID.c b/source4/dsdb/samdb/ldb_modules/entryUUID.c index f5de138b52..1a16cb8321 100644 --- a/source4/dsdb/samdb/ldb_modules/entryUUID.c +++ b/source4/dsdb/samdb/ldb_modules/entryUUID.c @@ -693,7 +693,7 @@ static int nsuniqueid_init(struct ldb_module *module) static int get_seq(struct ldb_context *ldb, void *context, struct ldb_reply *ares) { - unsigned long long *max_seq = context; + unsigned long long *max_seq = (unsigned long long *)context; unsigned long long seq; if (ares->type == LDB_REPLY_ENTRY) { struct ldb_message_element *el = ldb_msg_find_element(ares->message, "contextCSN"); diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index 2d6d8a2d80..27c13ddf60 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -60,7 +60,7 @@ struct kludge_private_data { static enum user_is what_is_user(struct ldb_module *module) { struct auth_session_info *session_info - = ldb_get_opaque(module->ldb, "sessionInfo"); + = (struct auth_session_info *)ldb_get_opaque(module->ldb, "sessionInfo"); if (!session_info) { return ANONYMOUS; } @@ -87,7 +87,7 @@ static enum user_is what_is_user(struct ldb_module *module) static const char *user_name(TALLOC_CTX *mem_ctx, struct ldb_module *module) { struct auth_session_info *session_info - = ldb_get_opaque(module->ldb, "sessionInfo"); + = (struct auth_session_info *)ldb_get_opaque(module->ldb, "sessionInfo"); if (!session_info) { return "UNKNOWN (NULL)"; } diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index 0675f38c56..76e8578573 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -678,8 +678,10 @@ static int partition_extended(struct ldb_module *module, struct ldb_request *req static int sort_compare(void *void1, void *void2, void *opaque) { - struct dsdb_control_current_partition **pp1 = void1; - struct dsdb_control_current_partition **pp2 = void2; + struct dsdb_control_current_partition **pp1 = + (struct dsdb_control_current_partition **)void1; + struct dsdb_control_current_partition **pp2 = + (struct dsdb_control_current_partition **)void2; struct dsdb_control_current_partition *partition1 = talloc_get_type(*pp1, struct dsdb_control_current_partition); struct dsdb_control_current_partition *partition2 = talloc_get_type(*pp2, @@ -692,7 +694,8 @@ static const char *relative_path(struct ldb_module *module, TALLOC_CTX *mem_ctx, const char *name) { - const char *base_url = ldb_get_opaque(module->ldb, "ldb_url"); + const char *base_url = + (const char *)ldb_get_opaque(module->ldb, "ldb_url"); char *path, *p, *full_name; if (name == NULL) { return NULL; -- cgit From 959915a8cbea0c598ef1f29ce666329a521ef2f6 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Fri, 7 Sep 2007 15:35:18 +0000 Subject: r25001: Fix more C++ and other warnings, fix some of the indentation with ts=4 lines that I accidently added earlier. (This used to be commit 0bcb21ed740fcec0f48ad36bbc2deee2948e8fc7) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 98061570c8..a275810b12 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -340,17 +340,17 @@ static int setup_primary_kerberos(struct setup_password_fields_io *io, return LDB_ERR_OPERATIONS_ERROR; } -if (lp_parm_bool(-1, "password_hash", "create_aes_key", false)) { -/* - * TODO: - * - * w2k and w2k3 doesn't support AES, so we'll not include - * the AES key here yet. - * - * Also we don't have an example supplementalCredentials blob - * from Windows Longhorn Server with AES support - * - */ + if (lp_parm_bool(-1, "password_hash", "create_aes_key", false)) { + /* + * TODO: + * + * w2k and w2k3 doesn't support AES, so we'll not include + * the AES key here yet. + * + * Also we don't have an example supplementalCredentials blob + * from Windows Longhorn Server with AES support + * + */ /* * create ENCTYPE_AES256_CTS_HMAC_SHA1_96 key out of * the salt and the cleartext password -- cgit From ffeee68e4b72dd94fee57366bd8d38b8c284c3d4 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sat, 8 Sep 2007 12:42:09 +0000 Subject: r25026: Move param/param.h out of includes.h (This used to be commit abe8349f9b4387961ff3665d8c589d61cd2edf31) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index a275810b12..22d04a5519 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -48,6 +48,7 @@ #include "librpc/ndr/libndr.h" #include "librpc/gen_ndr/ndr_drsblobs.h" #include "lib/crypto/crypto.h" +#include "param/param.h" /* If we have decided there is reason to work on this request, then * setup all the password hash types correctly. -- cgit From 98b57d5eb61094a9c88e2f7d90d3e21b7e74e9d8 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sat, 8 Sep 2007 16:46:30 +0000 Subject: r25035: Fix some more warnings, use service pointer rather than service number in more places. (This used to be commit df9cebcb97e20564359097148665bd519f31bc6f) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 22d04a5519..5f4317a646 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -341,7 +341,7 @@ static int setup_primary_kerberos(struct setup_password_fields_io *io, return LDB_ERR_OPERATIONS_ERROR; } - if (lp_parm_bool(-1, "password_hash", "create_aes_key", false)) { + if (lp_parm_bool(NULL, "password_hash", "create_aes_key", false)) { /* * TODO: * -- cgit From afb0849afe58e1ba43e84c342342d924c502001d Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 20 Sep 2007 07:51:08 +0000 Subject: r25249: Thanks to Andrew Kroeger for pointing out this silly typo (calling end_transaction in delete_tranaction would be very much the wrong thing to do) in the update_keytab module. Andrew Bartlett (This used to be commit aad9545ca12bc8a3aeaf5cc870d137d89c34bb39) --- source4/dsdb/samdb/ldb_modules/update_keytab.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/update_keytab.c b/source4/dsdb/samdb/ldb_modules/update_keytab.c index 2b6a0152f5..8fb1a0a25f 100644 --- a/source4/dsdb/samdb/ldb_modules/update_keytab.c +++ b/source4/dsdb/samdb/ldb_modules/update_keytab.c @@ -179,7 +179,7 @@ static int update_kt_del_trans(struct ldb_module *module) talloc_free(data->changed_dns); data->changed_dns = NULL; - return ldb_next_end_trans(module); + return ldb_next_del_trans(module); } static int update_kt_init(struct ldb_module *module) -- cgit From 37d53832a4623653f706e77985a79d84bd7c6694 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Fri, 28 Sep 2007 01:17:46 +0000 Subject: r25398: Parse loadparm context to all lp_*() functions. (This used to be commit 3fcc960839c6e5ca4de2c3c042f12f369ac5f238) --- source4/dsdb/samdb/ldb_modules/update_keytab.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/update_keytab.c b/source4/dsdb/samdb/ldb_modules/update_keytab.c index 8fb1a0a25f..27b50a453a 100644 --- a/source4/dsdb/samdb/ldb_modules/update_keytab.c +++ b/source4/dsdb/samdb/ldb_modules/update_keytab.c @@ -32,6 +32,7 @@ #include "auth/credentials/credentials.h" #include "auth/credentials/credentials_krb5.h" #include "system/kerberos.h" +#include "param/param.h" struct dn_list { struct cli_credentials *creds; @@ -88,7 +89,7 @@ static int add_modified(struct ldb_module *module, struct ldb_dn *dn, BOOL delet return LDB_ERR_OPERATIONS_ERROR; } - cli_credentials_set_conf(item->creds); + cli_credentials_set_conf(item->creds, global_loadparm); status = cli_credentials_set_secrets(item->creds, module->ldb, NULL, filter); talloc_free(filter); if (NT_STATUS_IS_OK(status)) { -- cgit From 60a1046c5c5783799bd64fe18e03534670f83d82 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sat, 29 Sep 2007 18:00:19 +0000 Subject: r25430: Add the loadparm context to all parametric options. (This used to be commit fd697d77c9fe67a00939a1f04b35c451316fff58) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 5f4317a646..646aab9c94 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -341,7 +341,7 @@ static int setup_primary_kerberos(struct setup_password_fields_io *io, return LDB_ERR_OPERATIONS_ERROR; } - if (lp_parm_bool(NULL, "password_hash", "create_aes_key", false)) { + if (lp_parm_bool(global_loadparm, NULL, "password_hash", "create_aes_key", false)) { /* * TODO: * -- cgit From 05e7c481465e3065effaf21b43636d6605d7c313 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sat, 6 Oct 2007 22:25:41 +0000 Subject: r25553: Convert to standard bool type. (This used to be commit b7371f1a191fb86834c0d586d094f39f0b04544b) --- source4/dsdb/samdb/ldb_modules/extended_dn.c | 46 ++++++++++++------------- source4/dsdb/samdb/ldb_modules/local_password.c | 8 ++--- source4/dsdb/samdb/ldb_modules/password_hash.c | 2 +- source4/dsdb/samdb/ldb_modules/samldb.c | 2 +- source4/dsdb/samdb/ldb_modules/schema.c | 6 ++-- source4/dsdb/samdb/ldb_modules/update_keytab.c | 10 +++--- 6 files changed, 37 insertions(+), 37 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/extended_dn.c b/source4/dsdb/samdb/ldb_modules/extended_dn.c index 6f32d22d26..d64673fdd5 100644 --- a/source4/dsdb/samdb/ldb_modules/extended_dn.c +++ b/source4/dsdb/samdb/ldb_modules/extended_dn.c @@ -41,16 +41,16 @@ #include -static BOOL is_attr_in_list(const char * const * attrs, const char *attr) +static bool is_attr_in_list(const char * const * attrs, const char *attr) { int i; for (i = 0; attrs[i]; i++) { if (strcasecmp(attrs[i], attr) == 0) - return True; + return true; } - return False; + return false; } static char **copy_attrs(void *mem_ctx, const char * const * attrs) @@ -75,7 +75,7 @@ static char **copy_attrs(void *mem_ctx, const char * const * attrs) return new; } -static BOOL add_attrs(void *mem_ctx, char ***attrs, const char *attr) +static bool add_attrs(void *mem_ctx, char ***attrs, const char *attr) { char **new; int num; @@ -83,23 +83,23 @@ static BOOL add_attrs(void *mem_ctx, char ***attrs, const char *attr) for (num = 0; (*attrs)[num]; num++); new = talloc_realloc(mem_ctx, *attrs, char *, num + 2); - if (!new) return False; + if (!new) return false; *attrs = new; new[num] = talloc_strdup(new, attr); - if (!new[num]) return False; + if (!new[num]) return false; new[num + 1] = NULL; - return True; + return true; } -static BOOL inject_extended_dn(struct ldb_message *msg, +static bool inject_extended_dn(struct ldb_message *msg, struct ldb_context *ldb, int type, - BOOL remove_guid, - BOOL remove_sid) + bool remove_guid, + bool remove_sid) { const struct ldb_val *val; struct GUID guid; @@ -112,7 +112,7 @@ static BOOL inject_extended_dn(struct ldb_message *msg, guid = samdb_result_guid(msg, "objectGUID"); object_guid = GUID_string(msg, &guid); if (!object_guid) - return False; + return false; if (remove_guid) ldb_msg_remove_attr(msg, "objectGUID"); @@ -123,7 +123,7 @@ static BOOL inject_extended_dn(struct ldb_message *msg, if (sid) { object_sid = dom_sid_string(msg, sid); if (!object_sid) - return False; + return false; if (remove_sid) ldb_msg_remove_attr(msg, "objectSID"); @@ -144,24 +144,24 @@ static BOOL inject_extended_dn(struct ldb_message *msg, } break; default: - return False; + return false; } if (!new_dn) - return False; + return false; msg->dn = ldb_dn_new(msg, ldb, new_dn); if (! ldb_dn_validate(msg->dn)) - return False; + return false; val = ldb_msg_find_ldb_val(msg, "distinguishedName"); if (val) { ldb_msg_remove_attr(msg, "distinguishedName"); if (ldb_msg_add_steal_string(msg, "distinguishedName", new_dn)) - return False; + return false; } - return True; + return true; } /* search */ @@ -172,8 +172,8 @@ struct extended_context { int (*up_callback)(struct ldb_context *, void *, struct ldb_reply *); const char * const *attrs; - BOOL remove_guid; - BOOL remove_sid; + bool remove_guid; + bool remove_sid; int extended_type; }; @@ -229,8 +229,8 @@ static int extended_search(struct ldb_module *module, struct ldb_request *req) ac->up_context = req->context; ac->up_callback = req->callback; ac->attrs = req->op.search.attrs; - ac->remove_guid = False; - ac->remove_sid = False; + ac->remove_guid = false; + ac->remove_sid = false; ac->extended_type = extended_ctrl->type; down_req = talloc_zero(req, struct ldb_request); @@ -246,10 +246,10 @@ static int extended_search(struct ldb_module *module, struct ldb_request *req) /* check if attrs only is specified, in that case check wether we need to modify them */ if (req->op.search.attrs) { if (! is_attr_in_list(req->op.search.attrs, "objectGUID")) { - ac->remove_guid = True; + ac->remove_guid = true; } if (! is_attr_in_list(req->op.search.attrs, "objectSID")) { - ac->remove_sid = True; + ac->remove_sid = true; } if (ac->remove_guid || ac->remove_sid) { new_attrs = copy_attrs(down_req, req->op.search.attrs); diff --git a/source4/dsdb/samdb/ldb_modules/local_password.c b/source4/dsdb/samdb/ldb_modules/local_password.c index 573d2e27b9..350434df51 100644 --- a/source4/dsdb/samdb/ldb_modules/local_password.c +++ b/source4/dsdb/samdb/ldb_modules/local_password.c @@ -75,8 +75,8 @@ struct lpdb_context { struct ldb_message *local_message; - BOOL added_objectGUID; - BOOL added_objectClass; + bool added_objectGUID; + bool added_objectClass; struct ldb_reply *search_res; }; @@ -660,7 +660,7 @@ static int local_password_search(struct ldb_module *module, struct ldb_request * if (req->op.search.attrs && !ldb_attr_in_list(req->op.search.attrs, "*")) { if (!ldb_attr_in_list(req->op.search.attrs, "objectGUID")) { search_attrs = ldb_attr_list_copy_add(req, req->op.search.attrs, "objectGUID"); - ac->added_objectGUID = True; + ac->added_objectGUID = true; if (!search_attrs) { return LDB_ERR_OPERATIONS_ERROR; } @@ -669,7 +669,7 @@ static int local_password_search(struct ldb_module *module, struct ldb_request * } if (!ldb_attr_in_list(search_attrs, "objectClass")) { search_attrs = ldb_attr_list_copy_add(req, search_attrs, "objectClass"); - ac->added_objectClass = True; + ac->added_objectClass = true; if (!search_attrs) { return LDB_ERR_OPERATIONS_ERROR; } diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 646aab9c94..090cce2719 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -92,7 +92,7 @@ struct ph_context { }; struct domain_data { - BOOL store_cleartext; + bool store_cleartext; uint_t pwdProperties; uint_t pwdHistoryLength; char *netbios_domain; diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 5342c14967..8f80b5cd55 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -44,7 +44,7 @@ int samldb_notice_sid(struct ldb_module *module, TALLOC_CTX *mem_ctx, const struct dom_sid *sid); -static BOOL samldb_msg_add_sid(struct ldb_module *module, struct ldb_message *msg, const char *name, const struct dom_sid *sid) +static bool samldb_msg_add_sid(struct ldb_module *module, struct ldb_message *msg, const char *name, const struct dom_sid *sid) { struct ldb_val v; NTSTATUS status; diff --git a/source4/dsdb/samdb/ldb_modules/schema.c b/source4/dsdb/samdb/ldb_modules/schema.c index 21e93e1715..cf923d673b 100644 --- a/source4/dsdb/samdb/ldb_modules/schema.c +++ b/source4/dsdb/samdb/ldb_modules/schema.c @@ -319,7 +319,7 @@ static int schema_init_attrs(struct ldb_module *module, struct schema_private_da data->attrs[i]->max = ldb_msg_find_attr_as_int(res->msgs[i], "rangeUpper", INT_MAX); data->attrs[i]->systemflag = ldb_msg_find_attr_as_int(res->msgs[i], "systemFlag", 0); data->attrs[i]->searchflag = ldb_msg_find_attr_as_int(res->msgs[i], "searchFlag", 0); - data->attrs[i]->isdefunct = ldb_msg_find_attr_as_bool(res->msgs[i], "isDefunct", False); + data->attrs[i]->isdefunct = ldb_msg_find_attr_as_bool(res->msgs[i], "isDefunct", false); } done: @@ -397,9 +397,9 @@ static int schema_init_classes(struct ldb_module *module, struct schema_private_ */ /* the following attributes are all optional */ - data->class[i]->systemOnly = ldb_msg_find_attr_as_bool(res->msgs[i], "systemOnly", False); + data->class[i]->systemOnly = ldb_msg_find_attr_as_bool(res->msgs[i], "systemOnly", false); data->class[i]->systemflag = ldb_msg_find_attr_as_int(res->msgs[i], "systemFlag", 0); - data->class[i]->isdefunct = ldb_msg_find_attr_as_bool(res->msgs[i], "isDefunct", False); + data->class[i]->isdefunct = ldb_msg_find_attr_as_bool(res->msgs[i], "isDefunct", false); /* attributes are loaded first, so we can just go an query the attributes repo */ diff --git a/source4/dsdb/samdb/ldb_modules/update_keytab.c b/source4/dsdb/samdb/ldb_modules/update_keytab.c index 27b50a453a..f193731900 100644 --- a/source4/dsdb/samdb/ldb_modules/update_keytab.c +++ b/source4/dsdb/samdb/ldb_modules/update_keytab.c @@ -43,7 +43,7 @@ struct update_kt_private { struct dn_list *changed_dns; }; -static int add_modified(struct ldb_module *module, struct ldb_dn *dn, BOOL delete) { +static int add_modified(struct ldb_module *module, struct ldb_dn *dn, bool delete) { struct update_kt_private *data = talloc_get_type(module->private_data, struct update_kt_private); struct dn_list *item; char *filter; @@ -113,7 +113,7 @@ static int update_kt_add(struct ldb_module *module, struct ldb_request *req) if (ret != LDB_SUCCESS) { return ret; } - return add_modified(module, req->op.add.message->dn, False); + return add_modified(module, req->op.add.message->dn, false); } /* modify */ @@ -124,7 +124,7 @@ static int update_kt_modify(struct ldb_module *module, struct ldb_request *req) if (ret != LDB_SUCCESS) { return ret; } - return add_modified(module, req->op.mod.message->dn, False); + return add_modified(module, req->op.mod.message->dn, false); } /* delete */ @@ -132,7 +132,7 @@ static int update_kt_delete(struct ldb_module *module, struct ldb_request *req) { int ret; /* Before we delete it, record the details */ - ret = add_modified(module, req->op.del.dn, True); + ret = add_modified(module, req->op.del.dn, true); if (ret != LDB_SUCCESS) { return ret; } @@ -147,7 +147,7 @@ static int update_kt_rename(struct ldb_module *module, struct ldb_request *req) if (ret != LDB_SUCCESS) { return ret; } - return add_modified(module, req->op.rename.newdn, False); + return add_modified(module, req->op.rename.newdn, false); } /* end a transaction */ -- cgit From 21c65d93eba74d615fa7727e684097f51cf568bc Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 18 Oct 2007 05:39:55 +0200 Subject: r25693: Implement the rest of subtree renames, now that tridge waved his magic over the ldb_tdb part of the problem. Andrew Bartlett (This used to be commit daca0cfd2fc2ec3344415d2d31f399ee3bf16151) --- source4/dsdb/samdb/ldb_modules/subtree_rename.c | 56 +++++++++++++++---------- 1 file changed, 34 insertions(+), 22 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/subtree_rename.c b/source4/dsdb/samdb/ldb_modules/subtree_rename.c index 2cc83b308b..267892cf58 100644 --- a/source4/dsdb/samdb/ldb_modules/subtree_rename.c +++ b/source4/dsdb/samdb/ldb_modules/subtree_rename.c @@ -79,20 +79,26 @@ static struct subtree_rename_context *subtree_rename_init_handle(struct ldb_requ static int subtree_rename_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) { + struct ldb_request *req; + struct subtree_rename_context *ac = talloc_get_type(context, struct subtree_rename_context); + TALLOC_CTX *mem_ctx = talloc_new(ac); + + if (!mem_ctx) { + ldb_oom(ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } /* OK, we have one of *many* search results here: We should also get the entry we tried to rename. This callback handles this and everything below it. */ - if (ares->type == LDB_REPLY_ENTRY) { + /* Only entries are interesting, and we handle the case of the parent seperatly */ + if (ares->type == LDB_REPLY_ENTRY + && ldb_dn_compare(ares->message->dn, ac->orig_req->op.rename.olddn) != 0) { /* And it is an actual entry: now create a rename from it */ - struct subtree_rename_context *ac = talloc_get_type(context, struct subtree_rename_context); - struct ldb_request *req; int ret; - TALLOC_CTX *mem_ctx = talloc_new(ac); - struct ldb_dn *newdn = ldb_dn_copy(mem_ctx, ares->message->dn); if (!newdn) { ldb_oom(ac->module->ldb); @@ -118,26 +124,30 @@ static int subtree_rename_search_callback(struct ldb_context *ldb, void *context talloc_steal(req, newdn); talloc_steal(req, ares->message->dn); - + talloc_free(ares); - - ac->down_req = talloc_realloc(ac, ac->down_req, - struct ldb_request *, ac->num_requests + 1); - if (!ac->down_req) { - ldb_oom(ac->module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - ac->down_req[ac->num_requests] = req; - ac->num_requests++; - return ldb_next_request(ac->module, req); + } else if (ares->type == LDB_REPLY_DONE) { + req = talloc(mem_ctx, struct ldb_request); + *req = *ac->orig_req; + talloc_free(ares); } else { talloc_free(ares); + return LDB_SUCCESS; } - - return LDB_SUCCESS; - + + ac->down_req = talloc_realloc(ac, ac->down_req, + struct ldb_request *, ac->num_requests + 1); + if (!ac->down_req) { + ldb_oom(ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + ac->down_req[ac->num_requests] = req; + ac->num_requests++; + + return ldb_next_request(ac->module, req); + } /* rename */ @@ -148,7 +158,7 @@ static int subtree_rename(struct ldb_module *module, struct ldb_request *req) struct subtree_rename_context *ac; int ret; struct ldb_search_options_control *search_options; - if (ldb_dn_is_special(req->op.mod.message->dn)) { /* do not manipulate our control entries */ + if (ldb_dn_is_special(req->op.rename.olddn)) { /* do not manipulate our control entries */ return ldb_next_request(module, req); } @@ -175,6 +185,10 @@ static int subtree_rename(struct ldb_module *module, struct ldb_request *req) ac, subtree_rename_search_callback); + if (ret != LDB_SUCCESS) { + return ret; + } + /* We want to find any partitions under this entry. That way, * if we try and rename a whole partition, the partitions * module should cause us to fail the lot */ @@ -238,8 +252,6 @@ static int subtree_rename_wait_none(struct ldb_handle *handle) { } } - ret = LDB_SUCCESS; - done: handle->state = LDB_ASYNC_DONE; return ret; -- cgit From 761997855344befecaf0c1c18809387f0e8c9e3a Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 19 Oct 2007 05:39:08 +0200 Subject: r25701: Clarify comment (This used to be commit cea496d2163db6dde371526dd5a79d4c090839ef) --- source4/dsdb/samdb/ldb_modules/partition.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index 76e8578573..6f60b25a4b 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -238,7 +238,7 @@ static int partition_send_request(struct partition_context *ac, struct ldb_contr } } - /* Spray off search requests to all backends */ + /* Spray off search requests the backend */ ret = ldb_next_request(backend, req); if (ret != LDB_SUCCESS) { return ret; -- cgit From c4ebf9587f66ce171f0c4778921c358eb5b94da3 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 19 Oct 2007 05:40:00 +0200 Subject: r25702: Clarify comments and make this module more strict on objectclasses. This is becoming the schema module... Andrew Bartlett (This used to be commit ecea817a3e793f8ac0187dd83a29e62a7d645868) --- source4/dsdb/samdb/ldb_modules/objectclass.c | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c index f2ca92638d..97eed3fc5b 100644 --- a/source4/dsdb/samdb/ldb_modules/objectclass.c +++ b/source4/dsdb/samdb/ldb_modules/objectclass.c @@ -217,16 +217,14 @@ static int objectclass_sort(struct ldb_module *module, * the bottom here */ } while (parent_class); - /* This shouldn't happen, and would break MMC, but we can't - * afford to loose objectClasses. Perhaps there was no 'top', - * or some other schema error? - * - * Detecting schema errors is the job of the schema module, so - * at this layer we just try not to loose data - */ - DLIST_CONCATENATE(sorted, unsorted, struct class_list *); - - *sorted_out = sorted; + if (unsorted) { + /* This shouldn't happen, and would break MMC, but we can't + * afford to loose objectClasses. Perhaps there was no 'top', + * or some other schema error? + */ + ldb_asprintf_errstring(module->ldb, "objectclass %s is not a valid objectClass in objectClass chain", unsorted->objectclass); + return LDB_ERR_OBJECT_CLASS_VIOLATION; + } return LDB_SUCCESS; } @@ -397,6 +395,7 @@ static int objectclass_modify(struct ldb_module *module, struct ldb_request *req case LDB_FLAG_MOD_DELETE: /* Delete everything? Probably totally illigal, but hey! */ if (objectclass_element->num_values == 0) { + return ldb_next_request(module, req); } break; @@ -474,6 +473,10 @@ static int objectclass_modify(struct ldb_module *module, struct ldb_request *req } } + /* This isn't the default branch of the switch, but a 'in any + * other case'. When a delete isn't for all objectClasses for + * example + */ { struct ldb_handle *h; struct oc_context *ac; -- cgit From 35dc4d9999b6d3284adba96bc408ba55faf3475a Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 19 Oct 2007 06:47:54 +0200 Subject: r25704: Handle the chicken-and-egg problem of setting up the LDB before we get a schema. perhaps i need to look into metze's 'load a schema from ldif' code. Andrew Bartlett (This used to be commit f350ef5f19ec755c93c6c09210cdf276d1b66877) --- source4/dsdb/samdb/ldb_modules/objectclass.c | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c index 97eed3fc5b..93c78fd163 100644 --- a/source4/dsdb/samdb/ldb_modules/objectclass.c +++ b/source4/dsdb/samdb/ldb_modules/objectclass.c @@ -217,15 +217,22 @@ static int objectclass_sort(struct ldb_module *module, * the bottom here */ } while (parent_class); - if (unsorted) { - /* This shouldn't happen, and would break MMC, but we can't - * afford to loose objectClasses. Perhaps there was no 'top', - * or some other schema error? - */ - ldb_asprintf_errstring(module->ldb, "objectclass %s is not a valid objectClass in objectClass chain", unsorted->objectclass); - return LDB_ERR_OBJECT_CLASS_VIOLATION; + if (!unsorted) { + return LDB_SUCCESS; } - return LDB_SUCCESS; + + if (!schema) { + /* If we don't have schema yet, then just merge the lists again */ + DLIST_CONCATENATE(sorted, unsorted, struct class_list *); + return LDB_SUCCESS; + } + + /* This shouldn't happen, and would break MMC, perhaps there + * was no 'top', a conflict in the objectClasses or some other + * schema error? + */ + ldb_asprintf_errstring(module->ldb, "objectclass %s is not a valid objectClass in objectClass chain", unsorted->objectclass); + return LDB_ERR_OBJECT_CLASS_VIOLATION; } static DATA_BLOB *get_sd(struct ldb_module *module, TALLOC_CTX *mem_ctx, -- cgit From c2e5cf6e31b099e1477113b9e11f760e2bdb5396 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 19 Oct 2007 06:57:19 +0200 Subject: r25705: Ensure we return the out value to the caller. Andrew Bartlett (This used to be commit 3434262ad74c366ac58319c70880ca50898fa78c) --- source4/dsdb/samdb/ldb_modules/objectclass.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c index 93c78fd163..452896d5a3 100644 --- a/source4/dsdb/samdb/ldb_modules/objectclass.c +++ b/source4/dsdb/samdb/ldb_modules/objectclass.c @@ -218,12 +218,14 @@ static int objectclass_sort(struct ldb_module *module, } while (parent_class); if (!unsorted) { + *sorted_out = sorted; return LDB_SUCCESS; } if (!schema) { /* If we don't have schema yet, then just merge the lists again */ DLIST_CONCATENATE(sorted, unsorted, struct class_list *); + *sorted_out = sorted; return LDB_SUCCESS; } -- cgit From 5cfa7732023e38b262b681efdb07c6d9f7d14cd7 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 24 Oct 2007 04:32:24 +0200 Subject: r25710: Finally fix subtree renames. Untested code is broken code and in this case an oddity of the javascript caused the test to 'pass'. For the same oddity, we have a failure in ldb's handling of spaces in DNs. We need to resolve that too. Andrew Bartlett (This used to be commit e8cbac1a46f4d3b083e6bb5a509ef1ba47bebff1) --- source4/dsdb/samdb/ldb_modules/partition.c | 17 +++++++++++++++++ source4/dsdb/samdb/ldb_modules/subtree_rename.c | 18 +----------------- 2 files changed, 18 insertions(+), 17 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index 6f60b25a4b..5d3663be33 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -405,6 +405,7 @@ static int partition_delete(struct ldb_module *module, struct ldb_request *req) /* rename */ static int partition_rename(struct ldb_module *module, struct ldb_request *req) { + int i, matched = -1; /* Find backend */ struct dsdb_control_current_partition *backend, *backend2; @@ -434,6 +435,22 @@ static int partition_rename(struct ldb_module *module, struct ldb_request *req) return LDB_ERR_AFFECTS_MULTIPLE_DSAS; } + for (i=0; data && data->partitions && data->partitions[i]; i++) { + if (ldb_dn_compare_base(req->op.rename.olddn, data->partitions[i]->dn) == 0) { + matched = i; + } + } + + if (matched > 0) { + ldb_asprintf_errstring(module->ldb, + "Cannot rename from %s to %s, subtree rename would cross partition %s: %s", + ldb_dn_get_linearized(req->op.rename.olddn), + ldb_dn_get_linearized(req->op.rename.newdn), + ldb_dn_get_linearized(data->partitions[matched]->dn), + ldb_strerror(LDB_ERR_AFFECTS_MULTIPLE_DSAS)); + return LDB_ERR_AFFECTS_MULTIPLE_DSAS; + } + return partition_replicate(module, req, req->op.rename.olddn); } diff --git a/source4/dsdb/samdb/ldb_modules/subtree_rename.c b/source4/dsdb/samdb/ldb_modules/subtree_rename.c index 267892cf58..8f15f9ed05 100644 --- a/source4/dsdb/samdb/ldb_modules/subtree_rename.c +++ b/source4/dsdb/samdb/ldb_modules/subtree_rename.c @@ -157,7 +157,6 @@ static int subtree_rename(struct ldb_module *module, struct ldb_request *req) struct ldb_request *new_req; struct subtree_rename_context *ac; int ret; - struct ldb_search_options_control *search_options; if (ldb_dn_is_special(req->op.rename.olddn)) { /* do not manipulate our control entries */ return ldb_next_request(module, req); } @@ -189,21 +188,6 @@ static int subtree_rename(struct ldb_module *module, struct ldb_request *req) return ret; } - /* We want to find any partitions under this entry. That way, - * if we try and rename a whole partition, the partitions - * module should cause us to fail the lot */ - search_options = talloc(ac, struct ldb_search_options_control); - if (!search_options) { - ldb_oom(ac->module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - search_options->search_options = LDB_SEARCH_OPTION_PHANTOM_ROOT; - - ret = ldb_request_add_control(new_req, LDB_CONTROL_SEARCH_OPTIONS_OID, false, search_options); - if (ret != LDB_SUCCESS) { - return ret; - } - ac->down_req = talloc_realloc(ac, ac->down_req, struct ldb_request *, ac->num_requests + 1); if (!ac->down_req) { @@ -221,7 +205,7 @@ static int subtree_rename(struct ldb_module *module, struct ldb_request *req) static int subtree_rename_wait_none(struct ldb_handle *handle) { struct subtree_rename_context *ac; - int i, ret; + int i, ret = LDB_ERR_OPERATIONS_ERROR; if (!handle || !handle->private_data) { return LDB_ERR_OPERATIONS_ERROR; } -- cgit From 1f680ef45d8ff95aca2834cd9005f03409019efd Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 25 Oct 2007 05:04:55 +0200 Subject: r25723: Add a check to prevent deletion of entries with children. Sadly MMC doesn't trigger it's recursive delete correctly, but the error return is correct (but perhaps needs a different LDAP wire format). Andrew Bartlett (This used to be commit 10ba3ae6990098e772683de9144b13b3f1d45a36) --- source4/dsdb/samdb/ldb_modules/subtree_rename.c | 113 +++++++++++++++++++++++- 1 file changed, 112 insertions(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/subtree_rename.c b/source4/dsdb/samdb/ldb_modules/subtree_rename.c index 8f15f9ed05..5b0916fdbf 100644 --- a/source4/dsdb/samdb/ldb_modules/subtree_rename.c +++ b/source4/dsdb/samdb/ldb_modules/subtree_rename.c @@ -42,6 +42,8 @@ struct subtree_rename_context { struct ldb_request **down_req; int num_requests; int finished_requests; + + int num_children; }; static struct subtree_rename_context *subtree_rename_init_handle(struct ldb_request *req, @@ -95,7 +97,7 @@ static int subtree_rename_search_callback(struct ldb_context *ldb, void *context /* Only entries are interesting, and we handle the case of the parent seperatly */ if (ares->type == LDB_REPLY_ENTRY - && ldb_dn_compare(ares->message->dn, ac->orig_req->op.rename.olddn) != 0) { + && ldb_dn_compare(ares->message->dn, ac->orig_req->op.rename.olddn) == 0) { /* And it is an actual entry: now create a rename from it */ int ret; @@ -203,6 +205,114 @@ static int subtree_rename(struct ldb_module *module, struct ldb_request *req) return ldb_next_request(module, new_req); } + +static int subtree_delete_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +{ + struct ldb_request *req; + struct subtree_rename_context *ac = talloc_get_type(context, struct subtree_rename_context); + TALLOC_CTX *mem_ctx = talloc_new(ac); + + if (!mem_ctx) { + ldb_oom(ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + /* OK, we have one of *many* search results here: + + We should also get the entry we tried to rename. This + callback handles this and everything below it. + */ + + /* Only entries are interesting, and we handle the case of the parent seperatly */ + if (ares->type == LDB_REPLY_ENTRY + && ldb_dn_compare(ares->message->dn, ac->orig_req->op.del.dn) != 0) { + /* And it is an actual entry: now object bitterly that we are not a leaf node */ + ac->num_children++; + talloc_free(ares); + return LDB_SUCCESS; + } else if (ares->type == LDB_REPLY_DONE) { + talloc_free(ares); + if (ac->num_children > 0) { + ldb_asprintf_errstring(ac->module->ldb, "Cannot delete %s, not a leaf node (has %d children)\n", + ldb_dn_get_linearized(ac->orig_req->op.del.dn), ac->num_children); + return LDB_ERR_NOT_ALLOWED_ON_NON_LEAF; + } else { + req = talloc(mem_ctx, struct ldb_request); + if (!req) { + ldb_oom(ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + *req = *ac->orig_req; + + ac->down_req = talloc_realloc(ac, ac->down_req, + struct ldb_request *, ac->num_requests + 1); + if (!ac->down_req) { + ldb_oom(ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + ac->down_req[ac->num_requests] = req; + ac->num_requests++; + + return ldb_next_request(ac->module, req); + } + } else { + talloc_free(ares); + return LDB_SUCCESS; + } +} + +/* rename */ +static int subtree_delete(struct ldb_module *module, struct ldb_request *req) +{ + const char *attrs[] = { NULL }; + struct ldb_request *new_req; + struct subtree_rename_context *ac; + int ret; + if (ldb_dn_is_special(req->op.rename.olddn)) { /* do not manipulate our control entries */ + return ldb_next_request(module, req); + } + + /* This gets complex: We need to: + - Do a search for all entires under this entry + - Wait for these results to appear + - In the callback for each result, issue a modify request + - That will include this rename, we hope + - Wait for each modify result + - Regain our sainity + */ + + ac = subtree_rename_init_handle(req, module); + if (!ac) { + return LDB_ERR_OPERATIONS_ERROR; + } + + ret = ldb_build_search_req(&new_req, module->ldb, req, + req->op.del.dn, + LDB_SCOPE_SUBTREE, + "(objectClass=*)", + attrs, + req->controls, + ac, + subtree_delete_search_callback); + + if (ret != LDB_SUCCESS) { + return ret; + } + + ac->down_req = talloc_realloc(ac, ac->down_req, + struct ldb_request *, ac->num_requests + 1); + if (!ac->down_req) { + ldb_oom(ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + ac->down_req[ac->num_requests] = new_req; + if (req == NULL) { + ldb_oom(ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + ac->num_requests++; + return ldb_next_request(module, new_req); +} + static int subtree_rename_wait_none(struct ldb_handle *handle) { struct subtree_rename_context *ac; int i, ret = LDB_ERR_OPERATIONS_ERROR; @@ -268,6 +378,7 @@ static int subtree_rename_wait(struct ldb_handle *handle, enum ldb_wait_type typ static const struct ldb_module_ops subtree_rename_ops = { .name = "subtree_rename", .rename = subtree_rename, + .del = subtree_delete, .wait = subtree_rename_wait, }; -- cgit From 33201d1df27c1ab6b1252b2de3c164a3330c9cf8 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 25 Oct 2007 11:07:30 +0200 Subject: r25729: Fix silly regression in the subtree_rename - I broke normal renames. Bug 5041 Andrew Bartlett (This used to be commit 7e68051bb7a9ac5f1b232c32b7614db61c3c1bc4) --- source4/dsdb/samdb/ldb_modules/subtree_rename.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/subtree_rename.c b/source4/dsdb/samdb/ldb_modules/subtree_rename.c index 5b0916fdbf..72857cb864 100644 --- a/source4/dsdb/samdb/ldb_modules/subtree_rename.c +++ b/source4/dsdb/samdb/ldb_modules/subtree_rename.c @@ -97,7 +97,7 @@ static int subtree_rename_search_callback(struct ldb_context *ldb, void *context /* Only entries are interesting, and we handle the case of the parent seperatly */ if (ares->type == LDB_REPLY_ENTRY - && ldb_dn_compare(ares->message->dn, ac->orig_req->op.rename.olddn) == 0) { + && ldb_dn_compare(ares->message->dn, ac->orig_req->op.rename.olddn) != 0) { /* And it is an actual entry: now create a rename from it */ int ret; -- cgit From 7c721a1f49d576e0a47c35e465206ade1c05d5a9 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 29 Oct 2007 10:54:06 +0100 Subject: r25747: Implement linked attributes, for add operations. Much more work is still required here, particularly to handle this better during the provision, and to handle modifies and deletes, but this is a start. Andrew Bartlett (This used to be commit 2ba99d58e9fe1f8e4b15a58a2fdfce6e876f99b4) --- source4/dsdb/samdb/ldb_modules/config.mk | 12 + source4/dsdb/samdb/ldb_modules/linked_attributes.c | 312 +++++++++++++++++++++ 2 files changed, 324 insertions(+) create mode 100644 source4/dsdb/samdb/ldb_modules/linked_attributes.c (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index f35f26371b..a93dea7db7 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -244,3 +244,15 @@ OBJ_FILES = \ # End MODULE ldb_subtree_rename ################################################ +################################################ +# Start MODULE ldb_linked_attributes +[MODULE::ldb_linked_attributes] +INIT_FUNCTION = ldb_linked_attributes_init +CFLAGS = -Ilib/ldb/include +PRIVATE_DEPENDENCIES = LIBTALLOC SAMDB +SUBSYSTEM = LIBLDB +OBJ_FILES = \ + linked_attributes.o +# End MODULE ldb_linked_attributes +################################################ + diff --git a/source4/dsdb/samdb/ldb_modules/linked_attributes.c b/source4/dsdb/samdb/ldb_modules/linked_attributes.c new file mode 100644 index 0000000000..f386795643 --- /dev/null +++ b/source4/dsdb/samdb/ldb_modules/linked_attributes.c @@ -0,0 +1,312 @@ +/* + ldb database library + + Copyright (C) Andrew Bartlett 2007 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +/* + * Name: ldb + * + * Component: ldb linked_attributes module + * + * Description: Module to ensure linked attribute pairs remain in sync + * + * Author: Andrew Bartlett + */ + +#include "includes.h" +#include "ldb/include/ldb.h" +#include "ldb/include/ldb_errors.h" +#include "ldb/include/ldb_private.h" +#include "dsdb/samdb/samdb.h" + +struct linked_attributes_context { + struct ldb_module *module; + struct ldb_handle *handle; + struct ldb_request *orig_req; + + struct ldb_request **down_req; + int num_requests; + int finished_requests; +}; + +static struct linked_attributes_context *linked_attributes_init_handle(struct ldb_request *req, + struct ldb_module *module) +{ + struct linked_attributes_context *ac; + struct ldb_handle *h; + + h = talloc_zero(req, struct ldb_handle); + if (h == NULL) { + ldb_set_errstring(module->ldb, "Out of Memory"); + return NULL; + } + + h->module = module; + + ac = talloc_zero(h, struct linked_attributes_context); + if (ac == NULL) { + ldb_set_errstring(module->ldb, "Out of Memory"); + talloc_free(h); + return NULL; + } + + h->private_data = ac; + + ac->module = module; + ac->handle = h; + ac->orig_req = req; + + req->handle = h; + + return ac; +} + +/* add */ +static int linked_attributes_add(struct ldb_module *module, struct ldb_request *req) +{ + int i, j, ret; + struct linked_attributes_context *ac; + + const struct dsdb_schema *schema = dsdb_get_schema(module->ldb); + if (!schema) { + /* without schema, this doesn't make any sense */ + return ldb_next_request(module, req); + } + + if (ldb_dn_is_special(req->op.mod.message->dn)) { + /* do not manipulate our control entries */ + return ldb_next_request(module, req); + } + + + ac = linked_attributes_init_handle(req, module); + if (!ac) { + return LDB_ERR_OPERATIONS_ERROR; + } + + /* prepare the first operation */ + ac->down_req = talloc_realloc(ac, ac->down_req, + struct ldb_request *, 1); + if (!ac->down_req) { + ldb_oom(ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + ac->down_req[0] = talloc(ac->down_req, struct ldb_request); + if (!ac->down_req[0]) { + ldb_oom(ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + *(ac->down_req[0]) = *req; /* copy the request */ + + ac->num_requests++; + + /* Run the original request */ + ret = ldb_next_request(module, req); + if (ret != LDB_SUCCESS) { + return ret; + } + + for (i=0; i < req->op.add.message->num_elements; i++) { + const struct dsdb_attribute *target_attr; + const struct ldb_message_element *el = &req->op.add.message->elements[i]; + const struct dsdb_attribute *schema_attr + = dsdb_attribute_by_lDAPDisplayName(schema, el->name); + if (!schema_attr) { + ldb_asprintf_errstring(module->ldb, + "attribute %s is not a valid attribute in schema", req->op.add.message->elements[i].name); + return LDB_ERR_OBJECT_CLASS_VIOLATION; + } + /* We have a valid attribute, not find out if it is linked */ + if (schema_attr->linkID == 0) { + continue; + } + + if ((schema_attr->linkID & 1) == 1) { + /* Odd is for the target. Illigal to modify */ + ldb_asprintf_errstring(module->ldb, + "attribute %s must not be modified directly, it is a linked attribute", req->op.add.message->elements[i].name); + return LDB_ERR_UNWILLING_TO_PERFORM; + } + + /* Even link IDs are for the originating attribute */ + + /* Now find the target attribute */ + target_attr = dsdb_attribute_by_linkID(schema, schema_attr->linkID + 1); + if (!target_attr) { + ldb_asprintf_errstring(module->ldb, + "attribute %s does not have valid link target", req->op.add.message->elements[i].name); + return LDB_ERR_OBJECT_CLASS_VIOLATION; + } + + /* Prepare the modify (add element) on the targets */ + + /* For each value being added, we need to setup the modify */ + for (j=0; j < el->num_values; j++) { + struct ldb_request *new_req; + /* Create the modify request */ + struct ldb_message *new_msg = ldb_msg_new(ac->down_req); + if (!new_msg) { + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + new_msg->dn = ldb_dn_new(new_msg, module->ldb, (char *)el->values[j].data); + if (!new_msg->dn) { + ldb_asprintf_errstring(module->ldb, + "attribute %s value %s was not a valid DN", req->op.add.message->elements[i].name, + el->values[j].data); + return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; + } + + ret = ldb_msg_add_empty(new_msg, target_attr->lDAPDisplayName, + LDB_FLAG_MOD_ADD, NULL); + if (ret != LDB_SUCCESS) { + return ret; + } + + ret = ldb_msg_add_string(new_msg, target_attr->lDAPDisplayName, + ldb_dn_get_linearized(ac->orig_req->op.add.message->dn)); + if (ret != LDB_SUCCESS) { + return ret; + } + + ret = ldb_build_mod_req(&new_req, module->ldb, ac->down_req, + new_msg, + NULL, + NULL, + NULL); + if (ret != LDB_SUCCESS) { + return ret; + } + + talloc_steal(new_req, new_msg); + + ldb_set_timeout_from_prev_req(module->ldb, req, new_req); + + /* Now add it to the list */ + ac->down_req = talloc_realloc(ac, ac->down_req, + struct ldb_request *, ac->num_requests + 1); + if (!ac->down_req) { + ldb_oom(ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + ac->down_req[ac->num_requests] = new_req; + ac->num_requests++; + + /* Run the new request */ + ret = ldb_next_request(module, new_req); + if (ret != LDB_SUCCESS) { + return ret; + } + } + } + return ret; +} + +/* modify */ +static int linked_attributes_modify(struct ldb_module *module, struct ldb_request *req) +{ + return ldb_next_request(module, req); +} + +/* delete */ +static int linked_attributes_delete(struct ldb_module *module, struct ldb_request *req) +{ + return ldb_next_request(module, req); +} + +/* rename */ +static int linked_attributes_rename(struct ldb_module *module, struct ldb_request *req) +{ + return ldb_next_request(module, req); +} + +static int linked_attributes_wait_none(struct ldb_handle *handle) { + struct linked_attributes_context *ac; + int i, ret = LDB_ERR_OPERATIONS_ERROR; + if (!handle || !handle->private_data) { + return LDB_ERR_OPERATIONS_ERROR; + } + + if (handle->state == LDB_ASYNC_DONE) { + return handle->status; + } + + handle->state = LDB_ASYNC_PENDING; + handle->status = LDB_SUCCESS; + + ac = talloc_get_type(handle->private_data, struct linked_attributes_context); + + for (i=0; i < ac->num_requests; i++) { + ret = ldb_wait(ac->down_req[i]->handle, LDB_WAIT_NONE); + + if (ret != LDB_SUCCESS) { + handle->status = ret; + goto done; + } + if (ac->down_req[i]->handle->status != LDB_SUCCESS) { + handle->status = ac->down_req[i]->handle->status; + goto done; + } + + if (ac->down_req[i]->handle->state != LDB_ASYNC_DONE) { + return LDB_SUCCESS; + } + } + +done: + handle->state = LDB_ASYNC_DONE; + return ret; + +} + +static int linked_attributes_wait_all(struct ldb_handle *handle) { + + int ret; + + while (handle->state != LDB_ASYNC_DONE) { + ret = linked_attributes_wait_none(handle); + if (ret != LDB_SUCCESS) { + return ret; + } + } + + return handle->status; +} + +static int linked_attributes_wait(struct ldb_handle *handle, enum ldb_wait_type type) +{ + if (type == LDB_WAIT_ALL) { + return linked_attributes_wait_all(handle); + } else { + return linked_attributes_wait_none(handle); + } +} + +static const struct ldb_module_ops linked_attributes_ops = { + .name = "linked_attributes", + .add = linked_attributes_add, + .modify = linked_attributes_modify, + .del = linked_attributes_delete, + .rename = linked_attributes_rename, + .wait = linked_attributes_wait, +}; + +int ldb_linked_attributes_init(void) +{ + return ldb_register_module(&linked_attributes_ops); +} -- cgit From fa5c16944e4e92c5d63f4a341f74bb1602c7603c Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 29 Oct 2007 10:58:29 +0100 Subject: r25748: Don't segfault if we don't have a schema yet. Andrew Bartlett (This used to be commit 388e15a4c1fab55d376be956c2a7168b946bc994) --- source4/dsdb/samdb/ldb_modules/kludge_acl.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index 27c13ddf60..97130495a3 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -122,6 +122,12 @@ static int kludge_acl_allowedAttributes(struct ldb_context *ldb, struct ldb_mess const struct dsdb_schema *schema = dsdb_get_schema(ldb); const struct dsdb_class *class; int i, j, ret; + + /* If we don't have a schema yet, we can't do anything... */ + if (schema == NULL) { + return LDB_SUCCESS; + } + /* Must remove any existing attribute, or else confusion reins */ ldb_msg_remove_attr(msg, attrName); ret = ldb_msg_add_empty(msg, attrName, 0, &allowedAttributes); @@ -184,6 +190,12 @@ static int kludge_acl_childClasses(struct ldb_context *ldb, struct ldb_message * const struct dsdb_schema *schema = dsdb_get_schema(ldb); const struct dsdb_class *class; int i, j, ret; + + /* If we don't have a schema yet, we can't do anything... */ + if (schema == NULL) { + return LDB_SUCCESS; + } + /* Must remove any existing attribute, or else confusion reins */ ldb_msg_remove_attr(msg, attrName); ret = ldb_msg_add_empty(msg, attrName, 0, &allowedClasses); -- cgit From 16d039504763139f1221c3ff4643d1a5cb2bdc87 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 29 Oct 2007 21:25:26 +0100 Subject: r25750: Update the objectclass module to improve consistency in Samba4. The aim here is to ensure that if we have CN=Users,DC=samba,DC=example,DC=com that we cannot have a DN of the form cn=admin ,cn=useRS,DC=samba,DC=example,DC=com This module pulls apart the DN, fixes up the relative DN part, and searches for the parent to copy the base from. I've used the objectclass module, as I intend to also validate the placement of child objects, by reading the allowedChildClasses virtual attribute. In the future, I'll also force the attribute names to be consistant (using the case from the schema). Andrew Bartlett (This used to be commit c0a0c69ac5a81cfcb7c7d5ba38db59f8686c30ab) --- source4/dsdb/samdb/ldb_modules/objectclass.c | 429 ++++++++++++++++++++++----- 1 file changed, 351 insertions(+), 78 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c index 452896d5a3..14dbe3b313 100644 --- a/source4/dsdb/samdb/ldb_modules/objectclass.c +++ b/source4/dsdb/samdb/ldb_modules/objectclass.c @@ -42,7 +42,9 @@ struct oc_context { - enum oc_step {OC_DO_REQ, OC_SEARCH_SELF, OC_DO_MOD} step; + enum oc_step {OC_DO_REQ, OC_SEARCH_SELF, OC_DO_MOD, + OC_SEARCH_ADD_PARENT, OC_DO_ADD, + OC_SEARCH_RENAME_PARENT, OC_DO_RENAME} step; struct ldb_module *module; struct ldb_request *orig_req; @@ -52,7 +54,9 @@ struct oc_context { struct ldb_request *search_req; struct ldb_reply *search_res; + struct ldb_request *add_req; struct ldb_request *mod_req; + struct ldb_request *rename_req; }; struct class_list { @@ -272,53 +276,186 @@ static DATA_BLOB *get_sd(struct ldb_module *module, TALLOC_CTX *mem_ctx, } +static int get_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +{ + struct oc_context *ac; + + ac = talloc_get_type(context, struct oc_context); + + /* we are interested only in the single reply (base search) we receive here */ + if (ares->type == LDB_REPLY_ENTRY) { + if (ac->search_res != NULL) { + ldb_set_errstring(ldb, "Too many results"); + talloc_free(ares); + return LDB_ERR_OPERATIONS_ERROR; + } + + ac->search_res = talloc_move(ac, &ares); + } else { + talloc_free(ares); + } + + return LDB_SUCCESS; +} + +/* Fix up the DN to be in the standard form, taking particular care to match the parent DN + + This should mean that if the parent is: + CN=Users,DC=samba,DC=example,DC=com + and a proposed child is + cn=Admins ,cn=USERS,dc=Samba,dc=example,dc=COM + + The resulting DN should be: + + CN=Admins,CN=Users,DC=samba,DC=example,DC=com + + */ +static int fix_dn(TALLOC_CTX *mem_ctx, + struct ldb_dn *newdn, struct ldb_dn *parent_dn, + struct ldb_dn **fixed_dn) +{ + char *upper_rdn_attr; + /* Fix up the DN to be in the standard form, taking particular care to match the parent DN */ + *fixed_dn = ldb_dn_copy(mem_ctx, parent_dn); + + /* We need the attribute name in upper case */ + upper_rdn_attr = strupper_talloc(*fixed_dn, + ldb_dn_get_rdn_name(newdn)); + if (!upper_rdn_attr) { + return LDB_ERR_OPERATIONS_ERROR; + } + + /* Create a new child */ + if (ldb_dn_add_child_fmt(*fixed_dn, "X=X") == false) { + return LDB_ERR_OPERATIONS_ERROR; + } + + /* And replace it with CN=foo (we need the attribute in upper case */ + return ldb_dn_set_component(*fixed_dn, 0, upper_rdn_attr, + *ldb_dn_get_rdn_val(newdn)); +} + static int objectclass_add(struct ldb_module *module, struct ldb_request *req) { - struct ldb_message_element *objectclass_element; - const struct dsdb_schema *schema = dsdb_get_schema(module->ldb); - struct class_list *sorted, *current; - struct ldb_request *down_req; - struct ldb_message *msg; - int ret; - TALLOC_CTX *mem_ctx; + static const char * const attrs[] = { NULL }; + + struct ldb_handle *h; + struct oc_context *ac; + struct ldb_dn *parent_dn; + int ret; + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectclass_add\n"); - if (ldb_dn_is_special(req->op.add.message->dn)) { /* do not manipulate our control entries */ + /* do not manipulate our control entries */ + if (ldb_dn_is_special(req->op.add.message->dn)) { return ldb_next_request(module, req); } - - objectclass_element = ldb_msg_find_element(req->op.add.message, "objectClass"); - /* If no part of this add has an objectClass, then we don't - * need to make any changes. cn=rootdse doesn't have an objectClass */ - if (!objectclass_element) { + /* Need to object to this, but cn=rootdse doesn't hae an objectClass... */ + if (ldb_msg_find_element(req->op.add.message, + "objectClass") == NULL) { return ldb_next_request(module, req); } - mem_ctx = talloc_new(req); + h = oc_init_handle(req, module); + if (!h) { + return LDB_ERR_OPERATIONS_ERROR; + } + ac = talloc_get_type(h->private_data, struct oc_context); + + /* return or own handle to deal with this call */ + req->handle = h; + + parent_dn = ldb_dn_get_parent(ac->search_req, ac->orig_req->op.mod.message->dn); + if (parent_dn == NULL) { + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + ret = ldb_build_search_req(&ac->search_req, module->ldb, + ac, parent_dn, LDB_SCOPE_BASE, + "(objectClass=*)", + attrs, NULL, + ac, get_search_callback); + if (ret != LDB_SUCCESS) { + return ret; + } + + ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->search_req); + + ac->step = OC_SEARCH_ADD_PARENT; + + return ldb_next_request(ac->module, ac->search_req); +} + +static int objectclass_do_add(struct ldb_handle *h) +{ + const struct dsdb_schema *schema; + struct oc_context *ac; + struct ldb_message_element *objectclass_element; + struct ldb_message *msg; + TALLOC_CTX *mem_ctx; + struct class_list *sorted, *current; + int ret; + + ac = talloc_get_type(h->private_data, struct oc_context); + schema = dsdb_get_schema(ac->module->ldb); + + mem_ctx = talloc_new(ac); if (mem_ctx == NULL) { return LDB_ERR_OPERATIONS_ERROR; } - /* prepare the first operation */ - down_req = talloc(req, struct ldb_request); - if (down_req == NULL) { - ldb_set_errstring(module->ldb, "Out of memory!"); + ac->add_req = talloc(ac, struct ldb_request); + if (ac->add_req == NULL) { talloc_free(mem_ctx); return LDB_ERR_OPERATIONS_ERROR; } - *down_req = *req; /* copy the request */ + *ac->add_req = *ac->orig_req; - down_req->op.add.message = msg = ldb_msg_copy_shallow(down_req, req->op.add.message); + ac->add_req->op.add.message = msg = ldb_msg_copy_shallow(ac->add_req, ac->orig_req->op.add.message); + + ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->add_req); + + /* Check we have a valid parent */ + if (ac->search_res == NULL) { + if (ldb_dn_get_comp_num(ac->orig_req->op.add.message->dn) <= 1) { + /* Allow cn=rootdse and cn=templates for now... */ + } else if (ldb_dn_compare(ldb_get_root_basedn(ac->module->ldb), ac->orig_req->op.add.message->dn) == 0) { + /* Allow the tree to be started */ + } else { + ldb_asprintf_errstring(ac->module->ldb, "objectclass: Cannot add %s, parent does not exist!", + ldb_dn_get_linearized(ac->orig_req->op.add.message->dn)); + return LDB_ERR_UNWILLING_TO_PERFORM; + } + } else { + + /* Fix up the DN to be in the standard form, taking particular care to match the parent DN */ + ret = fix_dn(msg, + ac->orig_req->op.add.message->dn, + ac->search_res->message->dn, + &msg->dn); + + if (ret != LDB_SUCCESS) { + return ret; + } + + /* TODO: Check this is a valid child to this parent, + * by reading the allowedChildClasses and + * allowedChildClasssesEffective attributes */ + + } + + /* This is now the objectClass list from the database */ + objectclass_element = ldb_msg_find_element(msg, "objectClass"); - if (down_req->op.add.message == NULL) { + if (!objectclass_element) { + /* Where did it go? bail now... */ talloc_free(mem_ctx); return LDB_ERR_OPERATIONS_ERROR; } - - ret = objectclass_sort(module, msg, mem_ctx, objectclass_element, &sorted); + ret = objectclass_sort(ac->module, msg, mem_ctx, objectclass_element, &sorted); if (ret != LDB_SUCCESS) { talloc_free(mem_ctx); return ret; @@ -339,7 +476,7 @@ static int objectclass_add(struct ldb_module *module, struct ldb_request *req) for (current = sorted; current; current = current->next) { ret = ldb_msg_add_string(msg, "objectClass", current->objectclass); if (ret != LDB_SUCCESS) { - ldb_set_errstring(module->ldb, + ldb_set_errstring(ac->module->ldb, "objectclass: could not re-add sorted " "objectclass to modify msg"); talloc_free(mem_ctx); @@ -356,7 +493,7 @@ static int objectclass_add(struct ldb_module *module, struct ldb_request *req) objectclass->defaultObjectCategory); } if (!ldb_msg_find_element(msg, "nTSecurityDescriptor")) { - DATA_BLOB *sd = get_sd(module, mem_ctx, objectclass); + DATA_BLOB *sd = get_sd(ac->module, mem_ctx, objectclass); ldb_msg_add_steal_value(msg, "nTSecurityDescriptor", sd); } } @@ -364,21 +501,19 @@ static int objectclass_add(struct ldb_module *module, struct ldb_request *req) } talloc_free(mem_ctx); - ret = ldb_msg_sanity_check(module->ldb, msg); + ret = ldb_msg_sanity_check(ac->module->ldb, msg); if (ret != LDB_SUCCESS) { return ret; } - /* go on with the call chain */ - ret = ldb_next_request(module, down_req); + h->state = LDB_ASYNC_INIT; + h->status = LDB_SUCCESS; - /* do not free down_req as the call results may be linked to it, - * it will be freed when the upper level request get freed */ - if (ret == LDB_SUCCESS) { - req->handle = down_req->handle; - } - return ret; + ac->step = OC_DO_ADD; + + /* perform the add */ + return ldb_next_request(ac->module, ac->add_req); } static int objectclass_modify(struct ldb_module *module, struct ldb_request *req) @@ -387,7 +522,8 @@ static int objectclass_modify(struct ldb_module *module, struct ldb_request *req struct ldb_message *msg; ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectclass_modify\n"); - if (ldb_dn_is_special(req->op.mod.message->dn)) { /* do not manipulate our control entries */ + /* do not manipulate our control entries */ + if (ldb_dn_is_special(req->op.mod.message->dn)) { return ldb_next_request(module, req); } @@ -518,54 +654,24 @@ static int objectclass_modify(struct ldb_module *module, struct ldb_request *req } } -static int get_self_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +static int objectclass_search_self(struct ldb_handle *h) { - struct oc_context *ac; - - ac = talloc_get_type(context, struct oc_context); - - /* we are interested only in the single reply (base search) we receive here */ - if (ares->type == LDB_REPLY_ENTRY) { - if (ac->search_res != NULL) { - ldb_set_errstring(ldb, "Too many results"); - talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; - } - - ac->search_res = talloc_move(ac, &ares); - } else { - talloc_free(ares); - } - - return LDB_SUCCESS; -} - -static int objectclass_search_self(struct ldb_handle *h) { - + int ret; struct oc_context *ac; static const char * const attrs[] = { "objectClass", NULL }; ac = talloc_get_type(h->private_data, struct oc_context); - /* prepare the search operation */ - ac->search_req = talloc_zero(ac, struct ldb_request); - if (ac->search_req == NULL) { - ldb_debug(ac->module->ldb, LDB_DEBUG_ERROR, "Out of Memory!\n"); - return LDB_ERR_OPERATIONS_ERROR; - } + ret = ldb_build_search_req(&ac->search_req, ac->module->ldb, + ac, ac->orig_req->op.mod.message->dn, LDB_SCOPE_BASE, + "(objectClass=*)", + attrs, NULL, + ac, get_search_callback); - ac->search_req->operation = LDB_SEARCH; - ac->search_req->op.search.base = ac->orig_req->op.mod.message->dn; - ac->search_req->op.search.scope = LDB_SCOPE_BASE; - ac->search_req->op.search.tree = ldb_parse_tree(ac->search_req, NULL); - if (ac->search_req->op.search.tree == NULL) { - ldb_set_errstring(ac->module->ldb, "objectclass: Internal error producing null search"); - return LDB_ERR_OPERATIONS_ERROR; + if (ret != LDB_SUCCESS) { + return ret; } - ac->search_req->op.search.attrs = attrs; - ac->search_req->controls = NULL; - ac->search_req->context = ac; - ac->search_req->callback = get_self_callback; + ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->search_req); ac->step = OC_SEARCH_SELF; @@ -613,9 +719,9 @@ static int objectclass_do_mod(struct ldb_handle *h) { objectclass_element = ldb_msg_find_element(ac->search_res->message, "objectClass"); if (!objectclass_element) { - /* Where did it go? Move along now, nothing to see here */ + /* Where did it go? bail now... */ talloc_free(mem_ctx); - return LDB_SUCCESS; + return LDB_ERR_OPERATIONS_ERROR; } /* modify dn */ @@ -664,6 +770,98 @@ static int objectclass_do_mod(struct ldb_handle *h) { return ldb_next_request(ac->module, ac->mod_req); } +static int objectclass_rename(struct ldb_module *module, struct ldb_request *req) +{ + + static const char * const attrs[] = { NULL }; + + struct ldb_handle *h; + struct oc_context *ac; + struct ldb_dn *parent_dn; + int ret; + + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectclass_rename\n"); + + if (ldb_dn_is_special(req->op.rename.newdn)) { /* do not manipulate our control entries */ + return ldb_next_request(module, req); + } + + h = oc_init_handle(req, module); + if (!h) { + return LDB_ERR_OPERATIONS_ERROR; + } + ac = talloc_get_type(h->private_data, struct oc_context); + + /* return or own handle to deal with this call */ + req->handle = h; + + parent_dn = ldb_dn_get_parent(ac->search_req, ac->orig_req->op.rename.newdn); + if (parent_dn == NULL) { + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + ret = ldb_build_search_req(&ac->search_req, module->ldb, + ac, parent_dn, LDB_SCOPE_BASE, + "(objectClass=*)", + attrs, NULL, + ac, get_search_callback); + if (ret != LDB_SUCCESS) { + return ret; + } + + ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->search_req); + + ac->step = OC_SEARCH_RENAME_PARENT; + + return ldb_next_request(ac->module, ac->search_req); +} + +static int objectclass_do_rename(struct ldb_handle *h) +{ + struct oc_context *ac; + int ret; + + ac = talloc_get_type(h->private_data, struct oc_context); + + ac->rename_req = talloc(ac, struct ldb_request); + if (ac->rename_req == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + *ac->rename_req = *ac->orig_req; + + ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->rename_req); + + /* Check we have a valid parent */ + if (ac->search_res == NULL) { + ldb_asprintf_errstring(ac->module->ldb, "objectclass: Cannot rename %s, parent does not exist!", + ldb_dn_get_linearized(ac->orig_req->op.rename.newdn)); + return LDB_ERR_UNWILLING_TO_PERFORM; + } + + /* Fix up the DN to be in the standard form, taking particular care to match the parent DN */ + ret = fix_dn(ac->rename_req, + ac->orig_req->op.rename.newdn, + ac->search_res->message->dn, + &ac->rename_req->op.rename.newdn); + + if (ret != LDB_SUCCESS) { + return ret; + } + + /* TODO: Check this is a valid child to this parent, + * by reading the allowedChildClasses and + * allowedChildClasssesEffective attributes */ + + h->state = LDB_ASYNC_INIT; + h->status = LDB_SUCCESS; + + ac->step = OC_DO_RENAME; + + /* perform the rename */ + return ldb_next_request(ac->module, ac->rename_req); +} + static int oc_wait(struct ldb_handle *handle) { struct oc_context *ac; int ret; @@ -738,6 +936,80 @@ static int oc_wait(struct ldb_handle *handle) { break; + case OC_SEARCH_ADD_PARENT: + ret = ldb_wait(ac->search_req->handle, LDB_WAIT_NONE); + + if (ret != LDB_SUCCESS) { + handle->status = ret; + goto done; + } + if (ac->search_req->handle->status != LDB_SUCCESS) { + handle->status = ac->search_req->handle->status; + goto done; + } + + if (ac->search_req->handle->state != LDB_ASYNC_DONE) { + return LDB_SUCCESS; + } + + /* parent search done, go on */ + return objectclass_do_add(handle); + + case OC_DO_ADD: + ret = ldb_wait(ac->add_req->handle, LDB_WAIT_NONE); + + if (ret != LDB_SUCCESS) { + handle->status = ret; + goto done; + } + if (ac->add_req->handle->status != LDB_SUCCESS) { + handle->status = ac->add_req->handle->status; + goto done; + } + + if (ac->add_req->handle->state != LDB_ASYNC_DONE) { + return LDB_SUCCESS; + } + + break; + + case OC_SEARCH_RENAME_PARENT: + ret = ldb_wait(ac->search_req->handle, LDB_WAIT_NONE); + + if (ret != LDB_SUCCESS) { + handle->status = ret; + goto done; + } + if (ac->search_req->handle->status != LDB_SUCCESS) { + handle->status = ac->search_req->handle->status; + goto done; + } + + if (ac->search_req->handle->state != LDB_ASYNC_DONE) { + return LDB_SUCCESS; + } + + /* parent search done, go on */ + return objectclass_do_rename(handle); + + case OC_DO_RENAME: + ret = ldb_wait(ac->rename_req->handle, LDB_WAIT_NONE); + + if (ret != LDB_SUCCESS) { + handle->status = ret; + goto done; + } + if (ac->rename_req->handle->status != LDB_SUCCESS) { + handle->status = ac->rename_req->handle->status; + goto done; + } + + if (ac->rename_req->handle->state != LDB_ASYNC_DONE) { + return LDB_SUCCESS; + } + + break; + default: ret = LDB_ERR_OPERATIONS_ERROR; goto done; @@ -777,6 +1049,7 @@ static const struct ldb_module_ops objectclass_ops = { .name = "objectclass", .add = objectclass_add, .modify = objectclass_modify, + .rename = objectclass_rename, .wait = objectclass_wait }; -- cgit From 47f6988c6d51d245ecacf2ab5c638382a7fdaeb5 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 30 Oct 2007 21:01:07 +0100 Subject: r25753: Move cn=rootdse to @ROOTDSE to avoid being caught up in schema restrictions. Andrew Bartlett (This used to be commit f3390c9054244c0e4381007b36bbac9a17800570) --- source4/dsdb/samdb/ldb_modules/rootdse.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index a808d674e2..02f43d7076 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -280,8 +280,8 @@ static int rootdse_search(struct ldb_module *module, struct ldb_request *req) } down_req->operation = req->operation; - /* in our db we store the rootDSE with a DN of cn=rootDSE */ - down_req->op.search.base = ldb_dn_new(down_req, module->ldb, "cn=rootDSE"); + /* in our db we store the rootDSE with a DN of @ROOTDSE */ + down_req->op.search.base = ldb_dn_new(down_req, module->ldb, "@ROOTDSE"); down_req->op.search.scope = LDB_SCOPE_BASE; down_req->op.search.tree = ldb_parse_tree(down_req, NULL); if (down_req->op.search.base == NULL || down_req->op.search.tree == NULL) { -- cgit From 46210e11f14373a213ec6fa32a20e9e183d641bf Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 30 Oct 2007 21:03:54 +0100 Subject: r25754: More work on normal forms for ldb input. This patch is to ensure that all attributes are in the same case as the schema specifies. In the process, I ensure that all attributes are indeed in the schema. This ensures we use the schema case, not the user supplied case for future responses, which assists any (incorrect, but possible) case sensitive processing on a client. I've also removed more of the subtle 'schema &&' that metze objected to in the for loops, moving to a much more explicit 'if (schema)'. Andrew Bartlett (This used to be commit bfc96fff063e7cc278755c043b9da0ed4b75a615) --- source4/dsdb/samdb/ldb_modules/objectclass.c | 216 ++++++++++++++++++--------- 1 file changed, 147 insertions(+), 69 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c index 14dbe3b313..6d40759e7b 100644 --- a/source4/dsdb/samdb/ldb_modules/objectclass.c +++ b/source4/dsdb/samdb/ldb_modules/objectclass.c @@ -23,7 +23,11 @@ * * Component: objectClass sorting module * - * Description: sort the objectClass attribute into the class hierarchy + * Description: + * - sort the objectClass attribute into the class + * hierarchy, + * - fix DNs and attributes into 'standard' case + * - Add objectCategory and ntSecurityDescriptor defaults * * Author: Andrew Bartlett */ @@ -61,7 +65,7 @@ struct oc_context { struct class_list { struct class_list *prev, *next; - const char *objectclass; + const struct dsdb_class *objectclass; }; static struct ldb_handle *oc_init_handle(struct ldb_request *req, struct ldb_module *module) @@ -95,7 +99,12 @@ static struct ldb_handle *oc_init_handle(struct ldb_request *req, struct ldb_mod return h; } +/* Sort objectClasses into correct order, and validate that all + * objectClasses specified actually exist in the schema + */ + static int objectclass_sort(struct ldb_module *module, + const struct dsdb_schema *schema, struct ldb_message *msg, /* so that when we create new elements, we put it on the right parent */ TALLOC_CTX *mem_ctx, struct ldb_message_element *objectclass_element, @@ -103,7 +112,6 @@ static int objectclass_sort(struct ldb_module *module, { int i; int layer; - const struct dsdb_schema *schema = dsdb_get_schema(module->ldb); struct class_list *sorted = NULL, *parent_class = NULL, *subclass = NULL, *unsorted = NULL, *current, *poss_subclass, *poss_parent, *new_parent; /* DESIGN: @@ -143,11 +151,15 @@ static int objectclass_sort(struct ldb_module *module, talloc_free(mem_ctx); return LDB_ERR_OPERATIONS_ERROR; } - current->objectclass = (const char *)objectclass_element->values[i].data; + current->objectclass = dsdb_class_by_lDAPDisplayName(schema, (const char *)objectclass_element->values[i].data); + if (!current->objectclass) { + ldb_asprintf_errstring(module->ldb, "objectclass %s is not a valid objectClass in schema", (const char *)objectclass_element->values[i].data); + return LDB_ERR_OBJECT_CLASS_VIOLATION; + } /* this is the root of the tree. We will start * looking for subclasses from here */ - if (ldb_attr_cmp("top", current->objectclass) == 0) { + if (ldb_attr_cmp("top", current->objectclass->lDAPDisplayName) == 0) { DLIST_ADD_END(parent_class, current, struct class_list *); } else { DLIST_ADD_END(unsorted, current, struct class_list *); @@ -156,29 +168,24 @@ static int objectclass_sort(struct ldb_module *module, if (parent_class == NULL) { current = talloc(mem_ctx, struct class_list); - current->objectclass = talloc_strdup(msg, "top"); + current->objectclass = dsdb_class_by_lDAPDisplayName(schema, "top"); DLIST_ADD_END(parent_class, current, struct class_list *); } /* For each object: find parent chain */ for (current = unsorted; schema && current; current = current->next) { - const struct dsdb_class *class = dsdb_class_by_lDAPDisplayName(schema, current->objectclass); - if (!class) { - ldb_asprintf_errstring(module->ldb, "objectclass %s is not a valid objectClass in schema", current->objectclass); - return LDB_ERR_OBJECT_CLASS_VIOLATION; - } for (poss_parent = unsorted; poss_parent; poss_parent = poss_parent->next) { - if (ldb_attr_cmp(poss_parent->objectclass, class->subClassOf) == 0) { + if (ldb_attr_cmp(poss_parent->objectclass->lDAPDisplayName, current->objectclass->subClassOf) == 0) { break; } } /* If we didn't get to the end of the list, we need to add this parent */ - if (poss_parent || (ldb_attr_cmp("top", class->subClassOf) == 0)) { + if (poss_parent || (ldb_attr_cmp("top", current->objectclass->subClassOf) == 0)) { continue; } new_parent = talloc(mem_ctx, struct class_list); - new_parent->objectclass = talloc_strdup(msg, class->subClassOf); + new_parent->objectclass = dsdb_class_by_lDAPDisplayName(schema, current->objectclass->subClassOf); DLIST_ADD_END(unsorted, new_parent, struct class_list *); } @@ -193,13 +200,12 @@ static int objectclass_sort(struct ldb_module *module, for (current = parent_class; schema && unsorted && current; current = current->next) { /* Walk the list of possible subclasses in unsorted */ for (poss_subclass = unsorted; poss_subclass; ) { - const struct dsdb_class *class = dsdb_class_by_lDAPDisplayName(schema, poss_subclass->objectclass); struct class_list *next; /* Save the next pointer, as the DLIST_ macros will change poss_subclass->next */ next = poss_subclass->next; - if (class && ldb_attr_cmp(class->subClassOf, current->objectclass) == 0) { + if (ldb_attr_cmp(poss_subclass->objectclass->subClassOf, current->objectclass->lDAPDisplayName) == 0) { DLIST_REMOVE(unsorted, poss_subclass); DLIST_ADD(subclass, poss_subclass); @@ -237,7 +243,7 @@ static int objectclass_sort(struct ldb_module *module, * was no 'top', a conflict in the objectClasses or some other * schema error? */ - ldb_asprintf_errstring(module->ldb, "objectclass %s is not a valid objectClass in objectClass chain", unsorted->objectclass); + ldb_asprintf_errstring(module->ldb, "objectclass %s is not a valid objectClass in objectClass chain", unsorted->objectclass->lDAPDisplayName); return LDB_ERR_OBJECT_CLASS_VIOLATION; } @@ -335,6 +341,22 @@ static int fix_dn(TALLOC_CTX *mem_ctx, *ldb_dn_get_rdn_val(newdn)); } +/* Fix all attribute names to be in the correct case, and check they are all valid per the schema */ +static int fix_attributes(struct ldb_context *ldb, const struct dsdb_schema *schema, struct ldb_message *msg) +{ + int i; + for (i=0; i < msg->num_elements; i++) { + const struct dsdb_attribute *attribute = dsdb_attribute_by_lDAPDisplayName(schema, msg->elements[i].name); + if (!attribute) { + ldb_asprintf_errstring(ldb, "objectclass %s is not a valid objectClass in schema", msg->elements[i].name); + return LDB_ERR_UNDEFINED_ATTRIBUTE_TYPE; + } + msg->elements[i].name = attribute->lDAPDisplayName; + } + + return LDB_SUCCESS; +} + static int objectclass_add(struct ldb_module *module, struct ldb_request *req) { @@ -447,53 +469,56 @@ static int objectclass_do_add(struct ldb_handle *h) } - /* This is now the objectClass list from the database */ - objectclass_element = ldb_msg_find_element(msg, "objectClass"); - - if (!objectclass_element) { - /* Where did it go? bail now... */ - talloc_free(mem_ctx); - return LDB_ERR_OPERATIONS_ERROR; - } - ret = objectclass_sort(ac->module, msg, mem_ctx, objectclass_element, &sorted); - if (ret != LDB_SUCCESS) { - talloc_free(mem_ctx); - return ret; - } - - ldb_msg_remove_attr(msg, "objectClass"); - ret = ldb_msg_add_empty(msg, "objectClass", 0, NULL); - - if (ret != LDB_SUCCESS) { - talloc_free(mem_ctx); - return ret; - } - - /* We must completely replace the existing objectClass entry, - * because we need it sorted */ + if (schema) { + ret = fix_attributes(ac->module->ldb, schema, msg); + if (ret != LDB_SUCCESS) { + talloc_free(mem_ctx); + return ret; + } - /* Move from the linked list back into an ldb msg */ - for (current = sorted; current; current = current->next) { - ret = ldb_msg_add_string(msg, "objectClass", current->objectclass); + /* This is now the objectClass list from the database */ + objectclass_element = ldb_msg_find_element(msg, "objectClass"); + + if (!objectclass_element) { + /* Where did it go? bail now... */ + talloc_free(mem_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + ret = objectclass_sort(ac->module, schema, msg, mem_ctx, objectclass_element, &sorted); + if (ret != LDB_SUCCESS) { + talloc_free(mem_ctx); + return ret; + } + + ldb_msg_remove_attr(msg, "objectClass"); + ret = ldb_msg_add_empty(msg, "objectClass", 0, NULL); + if (ret != LDB_SUCCESS) { - ldb_set_errstring(ac->module->ldb, - "objectclass: could not re-add sorted " - "objectclass to modify msg"); talloc_free(mem_ctx); return ret; } - /* Last one is the critical one */ - if (schema && !current->next) { - const struct dsdb_class *objectclass - = dsdb_class_by_lDAPDisplayName(schema, - current->objectclass); - if (objectclass) { + + /* We must completely replace the existing objectClass entry, + * because we need it sorted */ + + /* Move from the linked list back into an ldb msg */ + for (current = sorted; current; current = current->next) { + ret = ldb_msg_add_string(msg, "objectClass", current->objectclass->lDAPDisplayName); + if (ret != LDB_SUCCESS) { + ldb_set_errstring(ac->module->ldb, + "objectclass: could not re-add sorted " + "objectclass to modify msg"); + talloc_free(mem_ctx); + return ret; + } + /* Last one is the critical one */ + if (!current->next) { if (!ldb_msg_find_element(msg, "objectCategory")) { ldb_msg_add_string(msg, "objectCategory", - objectclass->defaultObjectCategory); + current->objectclass->defaultObjectCategory); } if (!ldb_msg_find_element(msg, "nTSecurityDescriptor")) { - DATA_BLOB *sd = get_sd(ac->module, mem_ctx, objectclass); + DATA_BLOB *sd = get_sd(ac->module, mem_ctx, current->objectclass); ldb_msg_add_steal_value(msg, "nTSecurityDescriptor", sd); } } @@ -503,6 +528,7 @@ static int objectclass_do_add(struct ldb_handle *h) talloc_free(mem_ctx); ret = ldb_msg_sanity_check(ac->module->ldb, msg); + if (ret != LDB_SUCCESS) { return ret; } @@ -520,6 +546,9 @@ static int objectclass_modify(struct ldb_module *module, struct ldb_request *req { struct ldb_message_element *objectclass_element; struct ldb_message *msg; + const struct dsdb_schema *schema = dsdb_get_schema(module->ldb); + int ret; + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectclass_modify\n"); /* do not manipulate our control entries */ @@ -527,29 +556,57 @@ static int objectclass_modify(struct ldb_module *module, struct ldb_request *req return ldb_next_request(module, req); } + /* Without schema, there isn't much to do here */ + if (!schema) { + return ldb_next_request(module, req); + } objectclass_element = ldb_msg_find_element(req->op.mod.message, "objectClass"); /* If no part of this touches the objectClass, then we don't * need to make any changes. */ - /* If the only operation is the deletion of the objectClass then go on */ + + /* If the only operation is the deletion of the objectClass + * then go on with just fixing the attribute case */ if (!objectclass_element) { - return ldb_next_request(module, req); + struct ldb_request *down_req = talloc(req, struct ldb_request); + if (down_req == NULL) { + ldb_set_errstring(module->ldb, "Out of memory!"); + return LDB_ERR_OPERATIONS_ERROR; + } + + *down_req = *req; /* copy the request */ + + down_req->op.mod.message = msg = ldb_msg_copy_shallow(down_req, req->op.mod.message); + + if (down_req->op.mod.message == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + ret = fix_attributes(module->ldb, schema, msg); + if (ret != LDB_SUCCESS) { + return ret; + } + + /* go on with the call chain */ + ret = ldb_next_request(module, down_req); + + /* do not free down_req as the call results may be linked to it, + * it will be freed when the upper level request get freed */ + if (ret == LDB_SUCCESS) { + req->handle = down_req->handle; + } + return ret; } switch (objectclass_element->flags & LDB_FLAG_MOD_MASK) { case LDB_FLAG_MOD_DELETE: - /* Delete everything? Probably totally illigal, but hey! */ - if (objectclass_element->num_values == 0) { - - return ldb_next_request(module, req); - } + return LDB_ERR_OBJECT_CLASS_MODS_PROHIBITED; break; case LDB_FLAG_MOD_REPLACE: { struct ldb_request *down_req; struct class_list *sorted, *current; TALLOC_CTX *mem_ctx; - int ret; mem_ctx = talloc_new(req); if (mem_ctx == NULL) { return LDB_ERR_OPERATIONS_ERROR; @@ -567,12 +624,18 @@ static int objectclass_modify(struct ldb_module *module, struct ldb_request *req down_req->op.mod.message = msg = ldb_msg_copy_shallow(down_req, req->op.mod.message); - if (down_req->op.add.message == NULL) { + if (down_req->op.mod.message == NULL) { talloc_free(mem_ctx); return LDB_ERR_OPERATIONS_ERROR; } - ret = objectclass_sort(module, msg, mem_ctx, objectclass_element, &sorted); + ret = fix_attributes(module->ldb, schema, msg); + if (ret != LDB_SUCCESS) { + talloc_free(mem_ctx); + return ret; + } + + ret = objectclass_sort(module, schema, msg, mem_ctx, objectclass_element, &sorted); if (ret != LDB_SUCCESS) { return ret; } @@ -590,7 +653,7 @@ static int objectclass_modify(struct ldb_module *module, struct ldb_request *req /* Move from the linked list back into an ldb msg */ for (current = sorted; current; current = current->next) { - ret = ldb_msg_add_string(msg, "objectClass", current->objectclass); + ret = ldb_msg_add_string(msg, "objectClass", current->objectclass->lDAPDisplayName); if (ret != LDB_SUCCESS) { ldb_set_errstring(module->ldb, "objectclass: could not re-add sorted objectclass to modify msg"); talloc_free(mem_ctx); @@ -638,12 +701,25 @@ static int objectclass_modify(struct ldb_module *module, struct ldb_request *req /* prepare the first operation */ ac->down_req = talloc(ac, struct ldb_request); if (ac->down_req == NULL) { - ldb_set_errstring(module->ldb, "Out of memory!"); + ldb_oom(ac->module->ldb); return LDB_ERR_OPERATIONS_ERROR; } *(ac->down_req) = *req; /* copy the request */ + ac->down_req->op.mod.message = msg = ldb_msg_copy_shallow(ac->down_req, req->op.mod.message); + + if (ac->down_req->op.mod.message == NULL) { + ldb_oom(ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + ret = fix_attributes(ac->module->ldb, schema, msg); + if (ret != LDB_SUCCESS) { + ldb_oom(ac->module->ldb); + return ret; + } + ac->down_req->context = NULL; ac->down_req->callback = NULL; ldb_set_timeout_from_prev_req(module->ldb, req, ac->down_req); @@ -681,6 +757,7 @@ static int objectclass_search_self(struct ldb_handle *h) static int objectclass_do_mod(struct ldb_handle *h) { + const struct dsdb_schema *schema; struct oc_context *ac; struct ldb_message_element *objectclass_element; struct ldb_message *msg; @@ -689,6 +766,7 @@ static int objectclass_do_mod(struct ldb_handle *h) { int ret; ac = talloc_get_type(h->private_data, struct oc_context); + schema = dsdb_get_schema(ac->module->ldb); mem_ctx = talloc_new(ac); if (mem_ctx == NULL) { @@ -727,7 +805,7 @@ static int objectclass_do_mod(struct ldb_handle *h) { /* modify dn */ msg->dn = ac->orig_req->op.mod.message->dn; - ret = objectclass_sort(ac->module, msg, mem_ctx, objectclass_element, &sorted); + ret = objectclass_sort(ac->module, schema, msg, mem_ctx, objectclass_element, &sorted); if (ret != LDB_SUCCESS) { return ret; } @@ -745,7 +823,7 @@ static int objectclass_do_mod(struct ldb_handle *h) { /* Move from the linked list back into an ldb msg */ for (current = sorted; current; current = current->next) { - ret = ldb_msg_add_string(msg, "objectClass", current->objectclass); + ret = ldb_msg_add_string(msg, "objectClass", current->objectclass->lDAPDisplayName); if (ret != LDB_SUCCESS) { ldb_set_errstring(ac->module->ldb, "objectclass: could not re-add sorted objectclass to modify msg"); talloc_free(mem_ctx); -- cgit From 2de30ecd942e05e5416a9f14c91d58324a0bc6eb Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 30 Oct 2007 23:35:04 +0100 Subject: r25755: Fix a couple of memory leaks, in particular a new leak onto the NULL context caused by my objectclass module work. Andrew Bartlett (This used to be commit 2a835d900fee71e4461d5d18e39b4358fa6fdfba) --- source4/dsdb/samdb/ldb_modules/objectclass.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c index 6d40759e7b..12a6359037 100644 --- a/source4/dsdb/samdb/ldb_modules/objectclass.c +++ b/source4/dsdb/samdb/ldb_modules/objectclass.c @@ -389,7 +389,7 @@ static int objectclass_add(struct ldb_module *module, struct ldb_request *req) /* return or own handle to deal with this call */ req->handle = h; - parent_dn = ldb_dn_get_parent(ac->search_req, ac->orig_req->op.mod.message->dn); + parent_dn = ldb_dn_get_parent(ac, ac->orig_req->op.mod.message->dn); if (parent_dn == NULL) { ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; @@ -403,6 +403,8 @@ static int objectclass_add(struct ldb_module *module, struct ldb_request *req) return ret; } + talloc_steal(ac->search_req, parent_dn); + ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->search_req); ac->step = OC_SEARCH_ADD_PARENT; @@ -873,7 +875,7 @@ static int objectclass_rename(struct ldb_module *module, struct ldb_request *req /* return or own handle to deal with this call */ req->handle = h; - parent_dn = ldb_dn_get_parent(ac->search_req, ac->orig_req->op.rename.newdn); + parent_dn = ldb_dn_get_parent(ac, ac->orig_req->op.rename.newdn); if (parent_dn == NULL) { ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; @@ -886,7 +888,7 @@ static int objectclass_rename(struct ldb_module *module, struct ldb_request *req if (ret != LDB_SUCCESS) { return ret; } - + talloc_steal(ac->search_req, parent_dn); ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->search_req); ac->step = OC_SEARCH_RENAME_PARENT; -- cgit From 464dd2ada160002a888e3b2dd17cf0072fbcedf3 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 31 Oct 2007 03:56:13 +0100 Subject: r25761: Rename to be a DN to be a child of itself wasn't being checked for. This prevents CN=test,dc=samba,dc=example,dc=com being renamed into CN=test2,cn=test,dc=samba,dc=example,dc=com Andrew Bartlett (This used to be commit 958a92ed0c6bee19d8b86df7c66330d2bba23e46) --- source4/dsdb/samdb/ldb_modules/subtree_rename.c | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/subtree_rename.c b/source4/dsdb/samdb/ldb_modules/subtree_rename.c index 72857cb864..5c28723391 100644 --- a/source4/dsdb/samdb/ldb_modules/subtree_rename.c +++ b/source4/dsdb/samdb/ldb_modules/subtree_rename.c @@ -163,6 +163,14 @@ static int subtree_rename(struct ldb_module *module, struct ldb_request *req) return ldb_next_request(module, req); } + /* Firstly ensure we are not trying to rename it to be a child of itself */ + if ((ldb_dn_compare_base(req->op.rename.olddn, req->op.rename.newdn) == 0) + && (ldb_dn_compare(req->op.rename.olddn, req->op.rename.newdn) != 0)) { + ldb_asprintf_errstring(module->ldb, "Cannot rename %s to be a child of itself", + ldb_dn_get_linearized(req->op.rename.olddn)); + return LDB_ERR_UNWILLING_TO_PERFORM; + } + /* This gets complex: We need to: - Do a search for all entires under this entry - Wait for these results to appear -- cgit From a4c79f06ae84057cb635f8b9fbb280d865afce7b Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 31 Oct 2007 04:41:36 +0100 Subject: r25762: This test belongs best with the other checks for a valid parent, in the objectclass module. Andrew Bartlett (This used to be commit 16a292fcb134adec110cbc4c8f0fb03323750a45) --- source4/dsdb/samdb/ldb_modules/objectclass.c | 8 ++++++++ source4/dsdb/samdb/ldb_modules/subtree_rename.c | 8 -------- 2 files changed, 8 insertions(+), 8 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c index 12a6359037..0cd00e3834 100644 --- a/source4/dsdb/samdb/ldb_modules/objectclass.c +++ b/source4/dsdb/samdb/ldb_modules/objectclass.c @@ -865,6 +865,14 @@ static int objectclass_rename(struct ldb_module *module, struct ldb_request *req if (ldb_dn_is_special(req->op.rename.newdn)) { /* do not manipulate our control entries */ return ldb_next_request(module, req); } + + /* Firstly ensure we are not trying to rename it to be a child of itself */ + if ((ldb_dn_compare_base(req->op.rename.olddn, req->op.rename.newdn) == 0) + && (ldb_dn_compare(req->op.rename.olddn, req->op.rename.newdn) != 0)) { + ldb_asprintf_errstring(module->ldb, "Cannot rename %s to be a child of itself", + ldb_dn_get_linearized(req->op.rename.olddn)); + return LDB_ERR_UNWILLING_TO_PERFORM; + } h = oc_init_handle(req, module); if (!h) { diff --git a/source4/dsdb/samdb/ldb_modules/subtree_rename.c b/source4/dsdb/samdb/ldb_modules/subtree_rename.c index 5c28723391..72857cb864 100644 --- a/source4/dsdb/samdb/ldb_modules/subtree_rename.c +++ b/source4/dsdb/samdb/ldb_modules/subtree_rename.c @@ -163,14 +163,6 @@ static int subtree_rename(struct ldb_module *module, struct ldb_request *req) return ldb_next_request(module, req); } - /* Firstly ensure we are not trying to rename it to be a child of itself */ - if ((ldb_dn_compare_base(req->op.rename.olddn, req->op.rename.newdn) == 0) - && (ldb_dn_compare(req->op.rename.olddn, req->op.rename.newdn) != 0)) { - ldb_asprintf_errstring(module->ldb, "Cannot rename %s to be a child of itself", - ldb_dn_get_linearized(req->op.rename.olddn)); - return LDB_ERR_UNWILLING_TO_PERFORM; - } - /* This gets complex: We need to: - Do a search for all entires under this entry - Wait for these results to appear -- cgit From 3c5a71f7e5aec48a1a195e5402f7214d481942d2 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 31 Oct 2007 05:14:31 +0100 Subject: r25763: Handle modifies, in the easy case (add/delete of elements), for the linked attributes. Andrew Bartlett (This used to be commit c6a6246fbde996ec7e85cb66f060cfe8b90044dd) --- source4/dsdb/samdb/ldb_modules/linked_attributes.c | 152 ++++++++++++++++++++- 1 file changed, 151 insertions(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/linked_attributes.c b/source4/dsdb/samdb/ldb_modules/linked_attributes.c index f386795643..d3093dbd71 100644 --- a/source4/dsdb/samdb/ldb_modules/linked_attributes.c +++ b/source4/dsdb/samdb/ldb_modules/linked_attributes.c @@ -220,18 +220,168 @@ static int linked_attributes_add(struct ldb_module *module, struct ldb_request * /* modify */ static int linked_attributes_modify(struct ldb_module *module, struct ldb_request *req) { - return ldb_next_request(module, req); + /* Look over list of modifications */ + /* Find if any are for linked attributes */ + /* Determine the effect of the modification */ + /* Apply the modify to the linked entry */ + + int i, j, ret; + struct linked_attributes_context *ac; + + const struct dsdb_schema *schema = dsdb_get_schema(module->ldb); + if (!schema) { + /* without schema, this doesn't make any sense */ + return ldb_next_request(module, req); + } + + if (ldb_dn_is_special(req->op.mod.message->dn)) { + /* do not manipulate our control entries */ + return ldb_next_request(module, req); + } + + + ac = linked_attributes_init_handle(req, module); + if (!ac) { + return LDB_ERR_OPERATIONS_ERROR; + } + + /* prepare the first operation */ + ac->down_req = talloc_realloc(ac, ac->down_req, + struct ldb_request *, 1); + if (!ac->down_req) { + ldb_oom(ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + ac->down_req[0] = talloc(ac->down_req, struct ldb_request); + if (!ac->down_req[0]) { + ldb_oom(ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + *(ac->down_req[0]) = *req; /* copy the request */ + + ac->num_requests++; + + /* Run the original request */ + ret = ldb_next_request(module, req); + if (ret != LDB_SUCCESS) { + return ret; + } + + for (i=0; i < req->op.mod.message->num_elements; i++) { + const struct dsdb_attribute *target_attr; + const struct ldb_message_element *el = &req->op.mod.message->elements[i]; + const struct dsdb_attribute *schema_attr + = dsdb_attribute_by_lDAPDisplayName(schema, el->name); + if (!schema_attr) { + ldb_asprintf_errstring(module->ldb, + "attribute %s is not a valid attribute in schema", req->op.mod.message->elements[i].name); + return LDB_ERR_OBJECT_CLASS_VIOLATION; + } + /* We have a valid attribute, not find out if it is linked */ + if (schema_attr->linkID == 0) { + continue; + } + + if ((schema_attr->linkID & 1) == 1) { + /* Odd is for the target. Illigal to modify */ + ldb_asprintf_errstring(module->ldb, + "attribute %s must not be modified directly, it is a linked attribute", req->op.mod.message->elements[i].name); + return LDB_ERR_UNWILLING_TO_PERFORM; + } + + /* Even link IDs are for the originating attribute */ + + /* Now find the target attribute */ + target_attr = dsdb_attribute_by_linkID(schema, schema_attr->linkID + 1); + if (!target_attr) { + ldb_asprintf_errstring(module->ldb, + "attribute %s does not have valid link target", req->op.mod.message->elements[i].name); + return LDB_ERR_OBJECT_CLASS_VIOLATION; + } + + if ((el->flags & LDB_FLAG_MOD_MASK) == LDB_FLAG_MOD_REPLACE) { + ldb_asprintf_errstring(module->ldb, + "attribute %s may not be replaced, only added or deleted", req->op.mod.message->elements[i].name); + return LDB_ERR_UNWILLING_TO_PERFORM; + } + /* Prepare the modify (mod element) on the targets */ + + /* For each value being moded, we need to setup the modify */ + for (j=0; j < el->num_values; j++) { + struct ldb_request *new_req; + /* Create the modify request */ + struct ldb_message *new_msg = ldb_msg_new(ac->down_req); + if (!new_msg) { + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + new_msg->dn = ldb_dn_new(new_msg, module->ldb, (char *)el->values[j].data); + if (!new_msg->dn) { + ldb_asprintf_errstring(module->ldb, + "attribute %s value %s was not a valid DN", req->op.mod.message->elements[i].name, + el->values[j].data); + return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; + } + + ret = ldb_msg_add_empty(new_msg, target_attr->lDAPDisplayName, + el->flags & LDB_FLAG_MOD_MASK, NULL); + if (ret != LDB_SUCCESS) { + return ret; + } + + ret = ldb_msg_add_string(new_msg, target_attr->lDAPDisplayName, + ldb_dn_get_linearized(ac->orig_req->op.add.message->dn)); + if (ret != LDB_SUCCESS) { + return ret; + } + + ret = ldb_build_mod_req(&new_req, module->ldb, ac->down_req, + new_msg, + NULL, + NULL, + NULL); + if (ret != LDB_SUCCESS) { + return ret; + } + + talloc_steal(new_req, new_msg); + + ldb_set_timeout_from_prev_req(module->ldb, req, new_req); + + /* Now add it to the list */ + ac->down_req = talloc_realloc(ac, ac->down_req, + struct ldb_request *, ac->num_requests + 1); + if (!ac->down_req) { + ldb_oom(ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + ac->down_req[ac->num_requests] = new_req; + ac->num_requests++; + + /* Run the new request */ + ret = ldb_next_request(module, new_req); + if (ret != LDB_SUCCESS) { + return ret; + } + } + } + return ret; } /* delete */ static int linked_attributes_delete(struct ldb_module *module, struct ldb_request *req) { + /* Look up list of linked attributes */ + /* Search to see if any linked attributes are in this entry */ return ldb_next_request(module, req); } /* rename */ static int linked_attributes_rename(struct ldb_module *module, struct ldb_request *req) { + /* Look up list of linked attributes */ + /* Search to see if any linked attributes are in this entry */ return ldb_next_request(module, req); } -- cgit From 5df2dfa2fc0a15113f7d46fc70ab1f0ac2c40776 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 1 Nov 2007 11:43:00 +0100 Subject: r25780: fix bool return metze (This used to be commit 7b77210d3e2c644d28d6e3795e6c4423dc6ea4bf) --- source4/dsdb/samdb/ldb_modules/samldb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 8f80b5cd55..c054feadce 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -51,7 +51,7 @@ static bool samldb_msg_add_sid(struct ldb_module *module, struct ldb_message *ms status = ndr_push_struct_blob(&v, msg, sid, (ndr_push_flags_fn_t)ndr_push_dom_sid); if (!NT_STATUS_IS_OK(status)) { - return -1; + return false; } return (ldb_msg_add_value(msg, name, &v, NULL) == 0); } -- cgit From 8a8948a17a947bccf04df817f5011093c0c5c523 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 1 Nov 2007 12:34:06 +0100 Subject: r25781: Handle and test linked attribute renames. Andrew Bartlett (This used to be commit 56d9dd5140b6d7d7bbaa2f59ecdff7ee70c4faac) --- source4/dsdb/samdb/ldb_modules/linked_attributes.c | 317 ++++++++++++++++++++- 1 file changed, 310 insertions(+), 7 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/linked_attributes.c b/source4/dsdb/samdb/ldb_modules/linked_attributes.c index d3093dbd71..7721296b7c 100644 --- a/source4/dsdb/samdb/ldb_modules/linked_attributes.c +++ b/source4/dsdb/samdb/ldb_modules/linked_attributes.c @@ -41,6 +41,8 @@ struct linked_attributes_context { struct ldb_request **down_req; int num_requests; int finished_requests; + + const char **linked_attrs; }; static struct linked_attributes_context *linked_attributes_init_handle(struct ldb_request *req, @@ -369,22 +371,323 @@ static int linked_attributes_modify(struct ldb_module *module, struct ldb_reques return ret; } -/* delete */ -static int linked_attributes_delete(struct ldb_module *module, struct ldb_request *req) +static int setup_modifies(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, + struct linked_attributes_context *ac, + struct ldb_message *msg, + struct ldb_dn *olddn, struct ldb_dn *newdn) { - /* Look up list of linked attributes */ - /* Search to see if any linked attributes are in this entry */ - return ldb_next_request(module, req); + int i, j, ret = LDB_SUCCESS; + const struct dsdb_schema *schema = dsdb_get_schema(ldb); + /* Look up each of the returned attributes */ + /* Find their schema */ + /* And it is an actual entry: now create a series of modify requests */ + for (i=0; i < msg->num_elements; i++) { + int otherid; + const struct dsdb_attribute *target_attr; + const struct ldb_message_element *el = &msg->elements[i]; + const struct dsdb_attribute *schema_attr + = dsdb_attribute_by_lDAPDisplayName(schema, el->name); + if (!schema_attr) { + ldb_asprintf_errstring(ldb, + "attribute %s is not a valid attribute in schema", el->name); + return LDB_ERR_OBJECT_CLASS_VIOLATION; + } + /* We have a valid attribute, but if it's not linked they maybe we just got an extra return on our search... */ + if (schema_attr->linkID == 0) { + continue; + } + + /* Depending on which direction this link is in, we need to find it's partner */ + if ((schema_attr->linkID & 1) == 1) { + otherid = schema_attr->linkID - 1; + } else { + otherid = schema_attr->linkID + 1; + } + + /* Now find the target attribute */ + target_attr = dsdb_attribute_by_linkID(schema, otherid); + if (!target_attr) { + ldb_asprintf_errstring(ldb, + "attribute %s does not have valid link target", el->name); + return LDB_ERR_OBJECT_CLASS_VIOLATION; + } + + /* For each value being moded, we need to setup the modify */ + for (j=0; j < el->num_values; j++) { + struct ldb_message_element *ret_el; + struct ldb_request *new_req; + /* Create the modify request */ + struct ldb_message *new_msg = ldb_msg_new(ac->down_req); + if (!new_msg) { + ldb_oom(ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + new_msg->dn = ldb_dn_new(new_msg, ldb, (char *)el->values[j].data); + if (!new_msg->dn) { + ldb_asprintf_errstring(ldb, + "attribute %s value %s was not a valid DN", msg->elements[i].name, + el->values[j].data); + return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; + } + + if (olddn) { + ret = ldb_msg_add_empty(new_msg, target_attr->lDAPDisplayName, + LDB_FLAG_MOD_DELETE, &ret_el); + if (ret != LDB_SUCCESS) { + return ret; + } + ret_el->values = talloc_array(new_msg, struct ldb_val, 1); + if (!ret_el->values) { + ldb_oom(ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + ret_el->values[0] = data_blob_string_const(ldb_dn_get_linearized(olddn)); + ret_el->num_values = 1; + } + + if (newdn) { + ret = ldb_msg_add_empty(new_msg, target_attr->lDAPDisplayName, + LDB_FLAG_MOD_ADD, &ret_el); + if (ret != LDB_SUCCESS) { + return ret; + } + ret_el->values = talloc_array(new_msg, struct ldb_val, 1); + if (!ret_el->values) { + ldb_oom(ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + ret_el->values[0] = data_blob_string_const(ldb_dn_get_linearized(newdn)); + ret_el->num_values = 1; + } + + ret = ldb_build_mod_req(&new_req, ldb, ac->down_req, + new_msg, + NULL, + NULL, + NULL); + if (ret != LDB_SUCCESS) { + return ret; + } + + talloc_steal(new_req, new_msg); + + ldb_set_timeout_from_prev_req(ldb, ac->orig_req, new_req); + + /* Now add it to the list */ + ac->down_req = talloc_realloc(ac, ac->down_req, + struct ldb_request *, ac->num_requests + 1); + if (!ac->down_req) { + ldb_oom(ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + ac->down_req[ac->num_requests] = new_req; + ac->num_requests++; + + /* Run the new request */ + ret = ldb_next_request(ac->module, new_req); + if (ret != LDB_SUCCESS) { + return ret; + } + } + } + return ret; } +static int linked_attributes_rename_del_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +{ + struct ldb_request *req; + struct linked_attributes_context *ac = talloc_get_type(context, struct linked_attributes_context); + struct ldb_dn *olddn, *newdn; + TALLOC_CTX *mem_ctx = talloc_new(ac); + + if (!mem_ctx) { + ldb_oom(ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + switch (ac->orig_req->operation) { + case LDB_DELETE: + { + olddn = ac->orig_req->op.del.dn; + newdn = NULL; + break; + } + case LDB_RENAME: + { + olddn = ac->orig_req->op.rename.olddn; + newdn = ac->orig_req->op.rename.newdn; + break; + } + default: + return LDB_ERR_OPERATIONS_ERROR; + } + + + /* OK, we have one search result here: */ + + /* Only entries are interesting, and we only want the olddn */ + if (ares->type == LDB_REPLY_ENTRY + && ldb_dn_compare(ares->message->dn, olddn) == 0) { + /* only bother at all if there were some linked attributes found */ + if (ares->message->num_elements > 0) { + return setup_modifies(ldb, mem_ctx, ac, + ares->message, olddn, newdn); + } + talloc_free(ares); + return LDB_SUCCESS; + } else if (ares->type == LDB_REPLY_ENTRY) { + /* Guh? We only asked for this DN */ + return LDB_ERR_OPERATIONS_ERROR; + } else if (ares->type == LDB_REPLY_DONE) { + req = talloc(mem_ctx, struct ldb_request); + *req = *ac->orig_req; + talloc_free(ares); + + ac->down_req = talloc_realloc(ac, ac->down_req, + struct ldb_request *, ac->num_requests + 1); + if (!ac->down_req) { + ldb_oom(ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + ac->down_req[ac->num_requests] = req; + ac->num_requests++; + + return ldb_next_request(ac->module, req); + + } else { + talloc_free(ares); + return LDB_SUCCESS; + } + + +} /* rename */ static int linked_attributes_rename(struct ldb_module *module, struct ldb_request *req) { /* Look up list of linked attributes */ - /* Search to see if any linked attributes are in this entry */ - return ldb_next_request(module, req); + const char **attrs; + WERROR werr; + int ret; + struct linked_attributes_context *ac; + struct ldb_request *new_req; + const struct dsdb_schema *schema = dsdb_get_schema(module->ldb); + if (!schema) { + /* without schema, this doesn't make any sense */ + return ldb_next_request(module, req); + } + + /* This gets complex: We need to: + - Do a search for the entry + - Wait for these result to appear + - In the callback for the result, issue a modify request based on the linked attributes found + - Wait for each modify result + - Regain our sainity + */ + + ac = linked_attributes_init_handle(req, module); + if (!ac) { + return LDB_ERR_OPERATIONS_ERROR; + } + + werr = dsdb_linked_attribute_lDAPDisplayName_list(schema, ac, &attrs); + if (!W_ERROR_IS_OK(werr)) { + return LDB_ERR_OPERATIONS_ERROR; + } + + ret = ldb_build_search_req(&new_req, module->ldb, req, + req->op.rename.olddn, + LDB_SCOPE_BASE, + "(objectClass=*)", + attrs, + NULL, + ac, + linked_attributes_rename_del_search_callback); + + if (ret != LDB_SUCCESS) { + return ret; + } + + talloc_steal(new_req, attrs); + + ac->down_req = talloc_realloc(ac, ac->down_req, + struct ldb_request *, ac->num_requests + 1); + if (!ac->down_req) { + ldb_oom(ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + ac->down_req[ac->num_requests] = new_req; + if (req == NULL) { + ldb_oom(ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + ac->num_requests++; + return ldb_next_request(module, new_req); } +/* delete */ +static int linked_attributes_delete(struct ldb_module *module, struct ldb_request *req) +{ + /* Look up list of linked attributes */ + const char **attrs; + WERROR werr; + int ret; + struct ldb_request *new_req; + struct linked_attributes_context *ac; + const struct dsdb_schema *schema = dsdb_get_schema(module->ldb); + if (!schema) { + /* without schema, this doesn't make any sense */ + return ldb_next_request(module, req); + } + + /* This gets complex: We need to: + - Do a search for the entry + - Wait for these result to appear + - In the callback for the result, issue a modify request based on the linked attributes found + - Wait for each modify result + - Regain our sainity + */ + + ac = linked_attributes_init_handle(req, module); + if (!ac) { + return LDB_ERR_OPERATIONS_ERROR; + } + + werr = dsdb_linked_attribute_lDAPDisplayName_list(schema, ac, &attrs); + if (!W_ERROR_IS_OK(werr)) { + return LDB_ERR_OPERATIONS_ERROR; + }; + + ret = ldb_build_search_req(&new_req, module->ldb, req, + req->op.del.dn, + LDB_SCOPE_BASE, + "(objectClass=*)", + attrs, + NULL, + ac, + linked_attributes_rename_del_search_callback); + + if (ret != LDB_SUCCESS) { + return ret; + } + + talloc_steal(new_req, attrs); + + ac->down_req = talloc_realloc(ac, ac->down_req, + struct ldb_request *, ac->num_requests + 1); + if (!ac->down_req) { + ldb_oom(ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + ac->down_req[ac->num_requests] = new_req; + if (req == NULL) { + ldb_oom(ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + ac->num_requests++; + return ldb_next_request(module, new_req); +} + + static int linked_attributes_wait_none(struct ldb_handle *handle) { struct linked_attributes_context *ac; int i, ret = LDB_ERR_OPERATIONS_ERROR; -- cgit From b98169884b354741318ea1d1768d03215991f77f Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 2 Nov 2007 03:39:24 +0100 Subject: r25788: Use a single routine to handle the creation of modify requests in the linked_attributs code. This drasticly reduces the code duplication here. Andrew Bartlett (This used to be commit c66e188e6729a8e12854017d62067b4ae4a23af8) --- source4/dsdb/samdb/ldb_modules/linked_attributes.c | 334 ++++++++------------- 1 file changed, 132 insertions(+), 202 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/linked_attributes.c b/source4/dsdb/samdb/ldb_modules/linked_attributes.c index 7721296b7c..aea0a34ec2 100644 --- a/source4/dsdb/samdb/ldb_modules/linked_attributes.c +++ b/source4/dsdb/samdb/ldb_modules/linked_attributes.c @@ -77,10 +77,135 @@ static struct linked_attributes_context *linked_attributes_init_handle(struct ld return ac; } +/* Common routine to handle reading the attributes and creating a + * series of modify requests */ + +static int setup_modifies(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, + struct linked_attributes_context *ac, + struct ldb_message *msg, + struct ldb_dn *olddn, struct ldb_dn *newdn) +{ + int i, j, ret = LDB_SUCCESS; + const struct dsdb_schema *schema = dsdb_get_schema(ldb); + /* Look up each of the returned attributes */ + /* Find their schema */ + /* And it is an actual entry: now create a series of modify requests */ + for (i=0; i < msg->num_elements; i++) { + int otherid; + const struct dsdb_attribute *target_attr; + const struct ldb_message_element *el = &msg->elements[i]; + const struct dsdb_attribute *schema_attr + = dsdb_attribute_by_lDAPDisplayName(schema, el->name); + if (!schema_attr) { + ldb_asprintf_errstring(ldb, + "attribute %s is not a valid attribute in schema", el->name); + return LDB_ERR_OBJECT_CLASS_VIOLATION; + } + /* We have a valid attribute, but if it's not linked they maybe we just got an extra return on our search... */ + if (schema_attr->linkID == 0) { + continue; + } + + /* Depending on which direction this link is in, we need to find it's partner */ + if ((schema_attr->linkID & 1) == 1) { + otherid = schema_attr->linkID - 1; + } else { + otherid = schema_attr->linkID + 1; + } + + /* Now find the target attribute */ + target_attr = dsdb_attribute_by_linkID(schema, otherid); + if (!target_attr) { + ldb_asprintf_errstring(ldb, + "attribute %s does not have valid link target", el->name); + return LDB_ERR_OBJECT_CLASS_VIOLATION; + } + + /* For each value being moded, we need to setup the modify */ + for (j=0; j < el->num_values; j++) { + struct ldb_message_element *ret_el; + struct ldb_request *new_req; + /* Create the modify request */ + struct ldb_message *new_msg = ldb_msg_new(ac->down_req); + if (!new_msg) { + ldb_oom(ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + new_msg->dn = ldb_dn_new(new_msg, ldb, (char *)el->values[j].data); + if (!new_msg->dn) { + ldb_asprintf_errstring(ldb, + "attribute %s value %s was not a valid DN", msg->elements[i].name, + el->values[j].data); + return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; + } + + if (olddn) { + ret = ldb_msg_add_empty(new_msg, target_attr->lDAPDisplayName, + LDB_FLAG_MOD_DELETE, &ret_el); + if (ret != LDB_SUCCESS) { + return ret; + } + ret_el->values = talloc_array(new_msg, struct ldb_val, 1); + if (!ret_el->values) { + ldb_oom(ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + ret_el->values[0] = data_blob_string_const(ldb_dn_get_linearized(olddn)); + ret_el->num_values = 1; + } + + if (newdn) { + ret = ldb_msg_add_empty(new_msg, target_attr->lDAPDisplayName, + LDB_FLAG_MOD_ADD, &ret_el); + if (ret != LDB_SUCCESS) { + return ret; + } + ret_el->values = talloc_array(new_msg, struct ldb_val, 1); + if (!ret_el->values) { + ldb_oom(ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + ret_el->values[0] = data_blob_string_const(ldb_dn_get_linearized(newdn)); + ret_el->num_values = 1; + } + + ret = ldb_build_mod_req(&new_req, ldb, ac->down_req, + new_msg, + NULL, + NULL, + NULL); + if (ret != LDB_SUCCESS) { + return ret; + } + + talloc_steal(new_req, new_msg); + + ldb_set_timeout_from_prev_req(ldb, ac->orig_req, new_req); + + /* Now add it to the list */ + ac->down_req = talloc_realloc(ac, ac->down_req, + struct ldb_request *, ac->num_requests + 1); + if (!ac->down_req) { + ldb_oom(ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + ac->down_req[ac->num_requests] = new_req; + ac->num_requests++; + + /* Run the new request */ + ret = ldb_next_request(ac->module, new_req); + if (ret != LDB_SUCCESS) { + return ret; + } + } + } + return ret; +} + /* add */ static int linked_attributes_add(struct ldb_module *module, struct ldb_request *req) { - int i, j, ret; + int i, ret; struct linked_attributes_context *ac; const struct dsdb_schema *schema = dsdb_get_schema(module->ldb); @@ -123,8 +248,8 @@ static int linked_attributes_add(struct ldb_module *module, struct ldb_request * return ret; } + /* Need to ensure we only have forward links being specified */ for (i=0; i < req->op.add.message->num_elements; i++) { - const struct dsdb_attribute *target_attr; const struct ldb_message_element *el = &req->op.add.message->elements[i]; const struct dsdb_attribute *schema_attr = dsdb_attribute_by_lDAPDisplayName(schema, el->name); @@ -146,77 +271,10 @@ static int linked_attributes_add(struct ldb_module *module, struct ldb_request * } /* Even link IDs are for the originating attribute */ - - /* Now find the target attribute */ - target_attr = dsdb_attribute_by_linkID(schema, schema_attr->linkID + 1); - if (!target_attr) { - ldb_asprintf_errstring(module->ldb, - "attribute %s does not have valid link target", req->op.add.message->elements[i].name); - return LDB_ERR_OBJECT_CLASS_VIOLATION; - } - - /* Prepare the modify (add element) on the targets */ - - /* For each value being added, we need to setup the modify */ - for (j=0; j < el->num_values; j++) { - struct ldb_request *new_req; - /* Create the modify request */ - struct ldb_message *new_msg = ldb_msg_new(ac->down_req); - if (!new_msg) { - ldb_oom(module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - new_msg->dn = ldb_dn_new(new_msg, module->ldb, (char *)el->values[j].data); - if (!new_msg->dn) { - ldb_asprintf_errstring(module->ldb, - "attribute %s value %s was not a valid DN", req->op.add.message->elements[i].name, - el->values[j].data); - return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; - } - - ret = ldb_msg_add_empty(new_msg, target_attr->lDAPDisplayName, - LDB_FLAG_MOD_ADD, NULL); - if (ret != LDB_SUCCESS) { - return ret; - } - - ret = ldb_msg_add_string(new_msg, target_attr->lDAPDisplayName, - ldb_dn_get_linearized(ac->orig_req->op.add.message->dn)); - if (ret != LDB_SUCCESS) { - return ret; - } - - ret = ldb_build_mod_req(&new_req, module->ldb, ac->down_req, - new_msg, - NULL, - NULL, - NULL); - if (ret != LDB_SUCCESS) { - return ret; - } - - talloc_steal(new_req, new_msg); - - ldb_set_timeout_from_prev_req(module->ldb, req, new_req); - - /* Now add it to the list */ - ac->down_req = talloc_realloc(ac, ac->down_req, - struct ldb_request *, ac->num_requests + 1); - if (!ac->down_req) { - ldb_oom(ac->module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - ac->down_req[ac->num_requests] = new_req; - ac->num_requests++; - - /* Run the new request */ - ret = ldb_next_request(module, new_req); - if (ret != LDB_SUCCESS) { - return ret; - } - } } - return ret; + + /* Now call the common routine to setup the modifies across all the attributes */ + return setup_modifies(module->ldb, ac, ac, req->op.add.message, NULL, req->op.add.message->dn); } /* modify */ @@ -371,140 +429,12 @@ static int linked_attributes_modify(struct ldb_module *module, struct ldb_reques return ret; } -static int setup_modifies(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, - struct linked_attributes_context *ac, - struct ldb_message *msg, - struct ldb_dn *olddn, struct ldb_dn *newdn) -{ - int i, j, ret = LDB_SUCCESS; - const struct dsdb_schema *schema = dsdb_get_schema(ldb); - /* Look up each of the returned attributes */ - /* Find their schema */ - /* And it is an actual entry: now create a series of modify requests */ - for (i=0; i < msg->num_elements; i++) { - int otherid; - const struct dsdb_attribute *target_attr; - const struct ldb_message_element *el = &msg->elements[i]; - const struct dsdb_attribute *schema_attr - = dsdb_attribute_by_lDAPDisplayName(schema, el->name); - if (!schema_attr) { - ldb_asprintf_errstring(ldb, - "attribute %s is not a valid attribute in schema", el->name); - return LDB_ERR_OBJECT_CLASS_VIOLATION; - } - /* We have a valid attribute, but if it's not linked they maybe we just got an extra return on our search... */ - if (schema_attr->linkID == 0) { - continue; - } - - /* Depending on which direction this link is in, we need to find it's partner */ - if ((schema_attr->linkID & 1) == 1) { - otherid = schema_attr->linkID - 1; - } else { - otherid = schema_attr->linkID + 1; - } - - /* Now find the target attribute */ - target_attr = dsdb_attribute_by_linkID(schema, otherid); - if (!target_attr) { - ldb_asprintf_errstring(ldb, - "attribute %s does not have valid link target", el->name); - return LDB_ERR_OBJECT_CLASS_VIOLATION; - } - - /* For each value being moded, we need to setup the modify */ - for (j=0; j < el->num_values; j++) { - struct ldb_message_element *ret_el; - struct ldb_request *new_req; - /* Create the modify request */ - struct ldb_message *new_msg = ldb_msg_new(ac->down_req); - if (!new_msg) { - ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - new_msg->dn = ldb_dn_new(new_msg, ldb, (char *)el->values[j].data); - if (!new_msg->dn) { - ldb_asprintf_errstring(ldb, - "attribute %s value %s was not a valid DN", msg->elements[i].name, - el->values[j].data); - return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; - } - - if (olddn) { - ret = ldb_msg_add_empty(new_msg, target_attr->lDAPDisplayName, - LDB_FLAG_MOD_DELETE, &ret_el); - if (ret != LDB_SUCCESS) { - return ret; - } - ret_el->values = talloc_array(new_msg, struct ldb_val, 1); - if (!ret_el->values) { - ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - ret_el->values[0] = data_blob_string_const(ldb_dn_get_linearized(olddn)); - ret_el->num_values = 1; - } - - if (newdn) { - ret = ldb_msg_add_empty(new_msg, target_attr->lDAPDisplayName, - LDB_FLAG_MOD_ADD, &ret_el); - if (ret != LDB_SUCCESS) { - return ret; - } - ret_el->values = talloc_array(new_msg, struct ldb_val, 1); - if (!ret_el->values) { - ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - ret_el->values[0] = data_blob_string_const(ldb_dn_get_linearized(newdn)); - ret_el->num_values = 1; - } - - ret = ldb_build_mod_req(&new_req, ldb, ac->down_req, - new_msg, - NULL, - NULL, - NULL); - if (ret != LDB_SUCCESS) { - return ret; - } - - talloc_steal(new_req, new_msg); - - ldb_set_timeout_from_prev_req(ldb, ac->orig_req, new_req); - - /* Now add it to the list */ - ac->down_req = talloc_realloc(ac, ac->down_req, - struct ldb_request *, ac->num_requests + 1); - if (!ac->down_req) { - ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - ac->down_req[ac->num_requests] = new_req; - ac->num_requests++; - - /* Run the new request */ - ret = ldb_next_request(ac->module, new_req); - if (ret != LDB_SUCCESS) { - return ret; - } - } - } - return ret; -} - static int linked_attributes_rename_del_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) { struct ldb_request *req; struct linked_attributes_context *ac = talloc_get_type(context, struct linked_attributes_context); struct ldb_dn *olddn, *newdn; - TALLOC_CTX *mem_ctx = talloc_new(ac); - if (!mem_ctx) { - ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - switch (ac->orig_req->operation) { case LDB_DELETE: { @@ -530,7 +460,7 @@ static int linked_attributes_rename_del_search_callback(struct ldb_context *ldb, && ldb_dn_compare(ares->message->dn, olddn) == 0) { /* only bother at all if there were some linked attributes found */ if (ares->message->num_elements > 0) { - return setup_modifies(ldb, mem_ctx, ac, + return setup_modifies(ldb, ac, ac, ares->message, olddn, newdn); } talloc_free(ares); @@ -539,7 +469,7 @@ static int linked_attributes_rename_del_search_callback(struct ldb_context *ldb, /* Guh? We only asked for this DN */ return LDB_ERR_OPERATIONS_ERROR; } else if (ares->type == LDB_REPLY_DONE) { - req = talloc(mem_ctx, struct ldb_request); + req = talloc(ac, struct ldb_request); *req = *ac->orig_req; talloc_free(ares); -- cgit From 6ce86941de76b27772172717ba5de17ab6fb081d Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 5 Nov 2007 15:47:34 +0100 Subject: r25839: use nss_wrapper code in samba4 if --enable-nss-wrapper or --enable-developer is given metze (This used to be commit f8bc6b9ad0eec60bff7fdc5653397efd9a044a29) --- source4/dsdb/samdb/ldb_modules/config.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index a93dea7db7..48f2ad3813 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -81,7 +81,7 @@ OBJ_FILES = \ [MODULE::ldb_samba3sam] SUBSYSTEM = LIBLDB INIT_FUNCTION = ldb_samba3sam_module_init -PRIVATE_DEPENDENCIES = LIBTALLOC ldb_map SMBPASSWD +PRIVATE_DEPENDENCIES = LIBTALLOC ldb_map SMBPASSWD NSS_WRAPPER OBJ_FILES = \ samba3sam.o # -- cgit From e7cf933d4168fc9c9aafb57c532868162c48a70d Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 7 Nov 2007 01:32:25 +0100 Subject: r25887: Build Samba-specific ldb modules as dso's. (This used to be commit 9d73becbb24fbde2e319e18e84af35d9efaeefda) --- source4/dsdb/samdb/ldb_modules/config.mk | 25 +++++++++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index 48f2ad3813..808fb58048 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -2,6 +2,7 @@ # Start MODULE ldb_objectguid [MODULE::ldb_objectguid] SUBSYSTEM = LIBLDB +OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC LIBNDR NDR_MISC INIT_FUNCTION = objectguid_module_init OBJ_FILES = \ @@ -13,6 +14,7 @@ OBJ_FILES = \ # Start MODULE ldb_repl_mata_data [MODULE::ldb_repl_meta_data] SUBSYSTEM = LIBLDB +OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = SAMDB LIBTALLOC LIBNDR NDR_MISC NDR_DRSUAPI NDR_DRSBLOBS INIT_FUNCTION = repl_meta_data_module_init OBJ_FILES = \ @@ -24,6 +26,7 @@ OBJ_FILES = \ # Start MODULE ldb_dsdb_cache [MODULE::ldb_dsdb_cache] SUBSYSTEM = LIBLDB +OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = SAMDB LIBTALLOC INIT_FUNCTION = dsdb_cache_module_init OBJ_FILES = \ @@ -35,6 +38,7 @@ OBJ_FILES = \ # Start MODULE ldb_schema_fsmo [MODULE::ldb_schema_fsmo] SUBSYSTEM = LIBLDB +OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = SAMDB LIBTALLOC INIT_FUNCTION = schema_fsmo_module_init OBJ_FILES = \ @@ -46,6 +50,7 @@ OBJ_FILES = \ # Start MODULE ldb_naming_fsmo [MODULE::ldb_naming_fsmo] SUBSYSTEM = LIBLDB +OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = SAMDB LIBTALLOC INIT_FUNCTION = naming_fsmo_module_init OBJ_FILES = \ @@ -57,6 +62,7 @@ OBJ_FILES = \ # Start MODULE ldb_pdc_fsmo [MODULE::ldb_pdc_fsmo] SUBSYSTEM = LIBLDB +OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = SAMDB LIBTALLOC INIT_FUNCTION = pdc_fsmo_module_init OBJ_FILES = \ @@ -68,6 +74,7 @@ OBJ_FILES = \ # Start MODULE ldb_samldb [MODULE::ldb_samldb] SUBSYSTEM = LIBLDB +OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC INIT_FUNCTION = samldb_module_init OBJ_FILES = \ @@ -80,6 +87,7 @@ OBJ_FILES = \ # Start MODULE ldb_samba3sam [MODULE::ldb_samba3sam] SUBSYSTEM = LIBLDB +OUTPUT_TYPE = SHARED_LIBRARY INIT_FUNCTION = ldb_samba3sam_module_init PRIVATE_DEPENDENCIES = LIBTALLOC ldb_map SMBPASSWD NSS_WRAPPER OBJ_FILES = \ @@ -92,8 +100,9 @@ OBJ_FILES = \ # Start MODULE ldb_entryUUID [MODULE::ldb_entryUUID] SUBSYSTEM = LIBLDB +OUTPUT_TYPE = SHARED_LIBRARY INIT_FUNCTION = ldb_entryUUID_module_init -PRIVATE_DEPENDENCIES = LIBTALLOC +PRIVATE_DEPENDENCIES = LIBTALLOC ENABLE = YES OBJ_FILES = \ entryUUID.o @@ -118,6 +127,7 @@ OBJ_FILES = \ [MODULE::ldb_rootdse] SUBSYSTEM = LIBLDB PRIVATE_DEPENDENCIES = LIBTALLOC +OUTPUT_TYPE = SHARED_LIBRARY INIT_FUNCTION = rootdse_module_init OBJ_FILES = \ rootdse.o @@ -129,6 +139,7 @@ OBJ_FILES = \ # Start MODULE ldb_password_hash [MODULE::ldb_password_hash] SUBSYSTEM = LIBLDB +OUTPUT_TYPE = SHARED_LIBRARY INIT_FUNCTION = password_hash_module_init OBJ_FILES = password_hash.o PRIVATE_DEPENDENCIES = HEIMDAL_HDB_KEYS LIBTALLOC HEIMDAL_KRB5 @@ -140,6 +151,7 @@ PRIVATE_DEPENDENCIES = HEIMDAL_HDB_KEYS LIBTALLOC HEIMDAL_KRB5 # Start MODULE ldb_local_password [MODULE::ldb_local_password] PRIVATE_DEPENDENCIES = LIBTALLOC +OUTPUT_TYPE = SHARED_LIBRARY SUBSYSTEM = LIBLDB INIT_FUNCTION = local_password_module_init OBJ_FILES = local_password.o @@ -151,6 +163,7 @@ OBJ_FILES = local_password.o # Start MODULE ldb_kludge_acl [MODULE::ldb_kludge_acl] PRIVATE_DEPENDENCIES = LIBTALLOC LIBSECURITY +OUTPUT_TYPE = SHARED_LIBRARY SUBSYSTEM = LIBLDB INIT_FUNCTION = ldb_kludge_acl_init OBJ_FILES = \ @@ -163,6 +176,7 @@ OBJ_FILES = \ # Start MODULE ldb_extended_dn [MODULE::ldb_extended_dn] SUBSYSTEM = LIBLDB +OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC INIT_FUNCTION = ldb_extended_dn_init OBJ_FILES = \ @@ -175,6 +189,7 @@ OBJ_FILES = \ # Start MODULE ldb_show_deleted [MODULE::ldb_show_deleted] SUBSYSTEM = LIBLDB +OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC INIT_FUNCTION = ldb_show_deleted_init OBJ_FILES = \ @@ -187,6 +202,7 @@ OBJ_FILES = \ # Start MODULE ldb_partition [MODULE::ldb_partition] SUBSYSTEM = LIBLDB +OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC INIT_FUNCTION = ldb_partition_init OBJ_FILES = \ @@ -199,6 +215,7 @@ OBJ_FILES = \ # Start MODULE ldb_schema [MODULE::ldb_schema] SUBSYSTEM = LIBLDB +OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC INIT_FUNCTION = ldb_schema_init OBJ_FILES = \ @@ -209,8 +226,9 @@ OBJ_FILES = \ ################################################ # Start MODULE ldb_update_kt -[MODULE::ldb_update_kt] +[MODULE::ldb_update_keytab] SUBSYSTEM = LIBLDB +OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC CREDENTIALS_KRB5 #Also depends on credentials, but that would loop INIT_FUNCTION = ldb_update_kt_init @@ -224,6 +242,7 @@ OBJ_FILES = \ # Start MODULE ldb_objectclass [MODULE::ldb_objectclass] INIT_FUNCTION = ldb_objectclass_init +OUTPUT_TYPE = SHARED_LIBRARY CFLAGS = -Ilib/ldb/include PRIVATE_DEPENDENCIES = LIBTALLOC SUBSYSTEM = LIBLDB @@ -236,6 +255,7 @@ OBJ_FILES = \ # Start MODULE ldb_subtree_rename [MODULE::ldb_subtree_rename] INIT_FUNCTION = ldb_subtree_rename_init +OUTPUT_TYPE = SHARED_LIBRARY CFLAGS = -Ilib/ldb/include PRIVATE_DEPENDENCIES = LIBTALLOC SUBSYSTEM = LIBLDB @@ -249,6 +269,7 @@ OBJ_FILES = \ [MODULE::ldb_linked_attributes] INIT_FUNCTION = ldb_linked_attributes_init CFLAGS = -Ilib/ldb/include +OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC SAMDB SUBSYSTEM = LIBLDB OBJ_FILES = \ -- cgit From 27c9f6c235c3c625f4c4e60a73d8f2e86bd4a186 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 7 Nov 2007 05:35:16 +0100 Subject: r25891: Test that we get the correct return value when we attempt to reference invalid entries with a linked attribute. Make Samba4 pass that test, by fixing a silly bug in the linked_attributes module. (By passing down the 'original' request structure, tdb would override our handle, and therefore we would never be called for the 'wait', which collects the errors). Fix up the provision templates to handle the newly required referential integrity. Andrew Bartlett (This used to be commit 0377d85bbdcb2c4f110b0519005f0d1d10bc0c0b) --- source4/dsdb/samdb/ldb_modules/linked_attributes.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/linked_attributes.c b/source4/dsdb/samdb/ldb_modules/linked_attributes.c index aea0a34ec2..be5dd12d3b 100644 --- a/source4/dsdb/samdb/ldb_modules/linked_attributes.c +++ b/source4/dsdb/samdb/ldb_modules/linked_attributes.c @@ -243,7 +243,7 @@ static int linked_attributes_add(struct ldb_module *module, struct ldb_request * ac->num_requests++; /* Run the original request */ - ret = ldb_next_request(module, req); + ret = ldb_next_request(module, ac->down_req[0]); if (ret != LDB_SUCCESS) { return ret; } @@ -323,7 +323,7 @@ static int linked_attributes_modify(struct ldb_module *module, struct ldb_reques ac->num_requests++; /* Run the original request */ - ret = ldb_next_request(module, req); + ret = ldb_next_request(module, ac->down_req[0]); if (ret != LDB_SUCCESS) { return ret; } -- cgit From 529763a9aa192a6785ba878aceeb1683c2510913 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 9 Nov 2007 19:24:51 +0100 Subject: r25920: ndr: change NTSTAUS into enum ndr_err_code (samba4 callers) lib/messaging/ lib/registry/ lib/ldb-samba/ librpc/rpc/ auth/auth_winbind.c auth/gensec/ auth/kerberos/ dsdb/repl/ dsdb/samdb/ dsdb/schema/ torture/ cluster/ctdb/ kdc/ ntvfs/ipc/ torture/rap/ ntvfs/ utils/getntacl.c ntptr/ smb_server/ libcli/wrepl/ wrepl_server/ libcli/cldap/ libcli/dgram/ libcli/ldap/ libcli/raw/ libcli/nbt/ libnet/ winbind/ rpc_server/ metze (This used to be commit 6223c7fddc972687eb577e04fc1c8e0604c35435) --- source4/dsdb/samdb/ldb_modules/entryUUID.c | 31 ++++++----- source4/dsdb/samdb/ldb_modules/objectclass.c | 9 ++-- source4/dsdb/samdb/ldb_modules/objectguid.c | 8 +-- source4/dsdb/samdb/ldb_modules/password_hash.c | 53 +++++++++++-------- source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 70 ++++++++++++++----------- source4/dsdb/samdb/ldb_modules/samba3sam.c | 23 ++++---- source4/dsdb/samdb/ldb_modules/samldb.c | 9 ++-- 7 files changed, 110 insertions(+), 93 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/entryUUID.c b/source4/dsdb/samdb/ldb_modules/entryUUID.c index 1a16cb8321..f4231d20d3 100644 --- a/source4/dsdb/samdb/ldb_modules/entryUUID.c +++ b/source4/dsdb/samdb/ldb_modules/entryUUID.c @@ -43,14 +43,15 @@ static struct ldb_val encode_guid(struct ldb_module *module, TALLOC_CTX *ctx, co { struct GUID guid; NTSTATUS status = GUID_from_string((char *)val->data, &guid); + enum ndr_err_code ndr_err; struct ldb_val out = data_blob(NULL, 0); if (!NT_STATUS_IS_OK(status)) { return out; } - status = ndr_push_struct_blob(&out, ctx, &guid, - (ndr_push_flags_fn_t)ndr_push_GUID); - if (!NT_STATUS_IS_OK(status)) { + ndr_err = ndr_push_struct_blob(&out, ctx, &guid, + (ndr_push_flags_fn_t)ndr_push_GUID); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { return out; } @@ -60,18 +61,19 @@ static struct ldb_val encode_guid(struct ldb_module *module, TALLOC_CTX *ctx, co static struct ldb_val guid_always_string(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) { struct GUID *guid; - NTSTATUS status; struct ldb_val out = data_blob(NULL, 0); if (val->length >= 32 && val->data[val->length] == '\0') { ldb_handler_copy(module->ldb, ctx, val, &out); } else { + enum ndr_err_code ndr_err; + guid = talloc(ctx, struct GUID); if (guid == NULL) { return out; } - status = ndr_pull_struct_blob(val, guid, guid, - (ndr_pull_flags_fn_t)ndr_pull_GUID); - if (!NT_STATUS_IS_OK(status)) { + ndr_err = ndr_pull_struct_blob(val, guid, guid, + (ndr_pull_flags_fn_t)ndr_pull_GUID); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { talloc_free(guid); return out; } @@ -85,14 +87,15 @@ static struct ldb_val encode_ns_guid(struct ldb_module *module, TALLOC_CTX *ctx, { struct GUID guid; NTSTATUS status = NS_GUID_from_string((char *)val->data, &guid); + enum ndr_err_code ndr_err; struct ldb_val out = data_blob(NULL, 0); if (!NT_STATUS_IS_OK(status)) { return out; } - status = ndr_push_struct_blob(&out, ctx, &guid, - (ndr_push_flags_fn_t)ndr_push_GUID); - if (!NT_STATUS_IS_OK(status)) { + ndr_err = ndr_push_struct_blob(&out, ctx, &guid, + (ndr_push_flags_fn_t)ndr_push_GUID); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { return out; } @@ -101,21 +104,21 @@ static struct ldb_val encode_ns_guid(struct ldb_module *module, TALLOC_CTX *ctx, static struct ldb_val guid_ns_string(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) { - NTSTATUS status; struct ldb_val out = data_blob(NULL, 0); if (val->length >= 32 && val->data[val->length] == '\0') { struct GUID guid; GUID_from_string((char *)val->data, &guid); out = data_blob_string_const(NS_GUID_string(ctx, &guid)); } else { + enum ndr_err_code ndr_err; struct GUID *guid_p; guid_p = talloc(ctx, struct GUID); if (guid_p == NULL) { return out; } - status = ndr_pull_struct_blob(val, guid_p, guid_p, - (ndr_pull_flags_fn_t)ndr_pull_GUID); - if (!NT_STATUS_IS_OK(status)) { + ndr_err = ndr_pull_struct_blob(val, guid_p, guid_p, + (ndr_pull_flags_fn_t)ndr_pull_GUID); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { talloc_free(guid_p); return out; } diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c index 0cd00e3834..50ea2ec4e2 100644 --- a/source4/dsdb/samdb/ldb_modules/objectclass.c +++ b/source4/dsdb/samdb/ldb_modules/objectclass.c @@ -250,7 +250,7 @@ static int objectclass_sort(struct ldb_module *module, static DATA_BLOB *get_sd(struct ldb_module *module, TALLOC_CTX *mem_ctx, const struct dsdb_class *objectclass) { - NTSTATUS status; + enum ndr_err_code ndr_err; DATA_BLOB *linear_sd; struct auth_session_info *session_info = ldb_get_opaque(module->ldb, "sessionInfo"); @@ -271,10 +271,9 @@ static DATA_BLOB *get_sd(struct ldb_module *module, TALLOC_CTX *mem_ctx, return NULL; } - status = ndr_push_struct_blob(linear_sd, mem_ctx, sd, - (ndr_push_flags_fn_t)ndr_push_security_descriptor); - - if (!NT_STATUS_IS_OK(status)) { + ndr_err = ndr_push_struct_blob(linear_sd, mem_ctx, sd, + (ndr_push_flags_fn_t)ndr_push_security_descriptor); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { return NULL; } diff --git a/source4/dsdb/samdb/ldb_modules/objectguid.c b/source4/dsdb/samdb/ldb_modules/objectguid.c index d7e74cf38d..e9d699d59c 100644 --- a/source4/dsdb/samdb/ldb_modules/objectguid.c +++ b/source4/dsdb/samdb/ldb_modules/objectguid.c @@ -111,7 +111,7 @@ static int objectguid_add(struct ldb_module *module, struct ldb_request *req) struct ldb_val v; struct GUID guid; uint64_t seq_num; - NTSTATUS nt_status; + enum ndr_err_code ndr_err; int ret; time_t t = time(NULL); @@ -143,9 +143,9 @@ static int objectguid_add(struct ldb_module *module, struct ldb_request *req) /* a new GUID */ guid = GUID_random(); - nt_status = ndr_push_struct_blob(&v, msg, &guid, - (ndr_push_flags_fn_t)ndr_push_GUID); - if (!NT_STATUS_IS_OK(nt_status)) { + ndr_err = ndr_push_struct_blob(&v, msg, &guid, + (ndr_push_flags_fn_t)ndr_push_GUID); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { talloc_free(down_req); return LDB_ERR_OPERATIONS_ERROR; } diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 090cce2719..d0afae5395 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -229,7 +229,7 @@ static int setup_primary_kerberos(struct setup_password_fields_io *io, struct package_PrimaryKerberosBlob _old_pkb; struct package_PrimaryKerberosCtr3 *old_pkb3 = NULL; uint32_t i; - NTSTATUS status; + enum ndr_err_code ndr_err; /* Many, many thanks to lukeh@padl.com for this * algorithm, described in his Nov 10 2004 mail to @@ -472,9 +472,10 @@ static int setup_primary_kerberos(struct setup_password_fields_io *io, talloc_steal(io->ac, blob.data); /* TODO: use ndr_pull_struct_blob_all(), when the ndr layer handles it correct with relative pointers */ - status = ndr_pull_struct_blob(&blob, io->ac, &_old_pkb, - (ndr_pull_flags_fn_t)ndr_pull_package_PrimaryKerberosBlob); - if (!NT_STATUS_IS_OK(status)) { + ndr_err = ndr_pull_struct_blob(&blob, io->ac, &_old_pkb, + (ndr_pull_flags_fn_t)ndr_pull_package_PrimaryKerberosBlob); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + NTSTATUS status = ndr_map_error2ntstatus(ndr_err); ldb_asprintf_errstring(io->ac->module->ldb, "setup_primary_kerberos: " "failed to pull old package_PrimaryKerberosBlob: %s", @@ -863,7 +864,7 @@ static int setup_supplemental_field(struct setup_password_fields_io *io) DATA_BLOB pcb_blob; char *pcb_hexstr; int ret; - NTSTATUS status; + enum ndr_err_code ndr_err; uint8_t zero16[16]; ZERO_STRUCT(zero16); @@ -878,9 +879,10 @@ static int setup_supplemental_field(struct setup_password_fields_io *io) /* if there's an old supplementaCredentials blob then parse it */ if (io->o.supplemental) { - status = ndr_pull_struct_blob_all(io->o.supplemental, io->ac, &_old_scb, - (ndr_pull_flags_fn_t)ndr_pull_supplementalCredentialsBlob); - if (!NT_STATUS_IS_OK(status)) { + ndr_err = ndr_pull_struct_blob_all(io->o.supplemental, io->ac, &_old_scb, + (ndr_pull_flags_fn_t)ndr_pull_supplementalCredentialsBlob); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + NTSTATUS status = ndr_map_error2ntstatus(ndr_err); ldb_asprintf_errstring(io->ac->module->ldb, "setup_supplemental_field: " "failed to pull old supplementalCredentialsBlob: %s", @@ -910,9 +912,10 @@ static int setup_supplemental_field(struct setup_password_fields_io *io) return ret; } - status = ndr_push_struct_blob(&pkb_blob, io->ac, &pkb, - (ndr_push_flags_fn_t)ndr_push_package_PrimaryKerberosBlob); - if (!NT_STATUS_IS_OK(status)) { + ndr_err = ndr_push_struct_blob(&pkb_blob, io->ac, &pkb, + (ndr_push_flags_fn_t)ndr_push_package_PrimaryKerberosBlob); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + NTSTATUS status = ndr_map_error2ntstatus(ndr_err); ldb_asprintf_errstring(io->ac->module->ldb, "setup_supplemental_field: " "failed to push package_PrimaryKerberosBlob: %s", @@ -948,9 +951,10 @@ static int setup_supplemental_field(struct setup_password_fields_io *io) return ret; } - status = ndr_push_struct_blob(&pdb_blob, io->ac, &pdb, - (ndr_push_flags_fn_t)ndr_push_package_PrimaryWDigestBlob); - if (!NT_STATUS_IS_OK(status)) { + ndr_err = ndr_push_struct_blob(&pdb_blob, io->ac, &pdb, + (ndr_push_flags_fn_t)ndr_push_package_PrimaryWDigestBlob); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + NTSTATUS status = ndr_map_error2ntstatus(ndr_err); ldb_asprintf_errstring(io->ac->module->ldb, "setup_supplemental_field: " "failed to push package_PrimaryWDigestBlob: %s", @@ -974,9 +978,10 @@ static int setup_supplemental_field(struct setup_password_fields_io *io) pcb.cleartext = io->n.cleartext; - status = ndr_push_struct_blob(&pcb_blob, io->ac, &pcb, - (ndr_push_flags_fn_t)ndr_push_package_PrimaryCLEARTEXTBlob); - if (!NT_STATUS_IS_OK(status)) { + ndr_err = ndr_push_struct_blob(&pcb_blob, io->ac, &pcb, + (ndr_push_flags_fn_t)ndr_push_package_PrimaryCLEARTEXTBlob); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + NTSTATUS status = ndr_map_error2ntstatus(ndr_err); ldb_asprintf_errstring(io->ac->module->ldb, "setup_supplemental_field: " "failed to push package_PrimaryCLEARTEXTBlob: %s", @@ -996,9 +1001,10 @@ static int setup_supplemental_field(struct setup_password_fields_io *io) /* * setup 'Packages' element */ - status = ndr_push_struct_blob(&pb_blob, io->ac, &pb, - (ndr_push_flags_fn_t)ndr_push_package_PackagesBlob); - if (!NT_STATUS_IS_OK(status)) { + ndr_err = ndr_push_struct_blob(&pb_blob, io->ac, &pb, + (ndr_push_flags_fn_t)ndr_push_package_PackagesBlob); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + NTSTATUS status = ndr_map_error2ntstatus(ndr_err); ldb_asprintf_errstring(io->ac->module->ldb, "setup_supplemental_field: " "failed to push package_PackagesBlob: %s", @@ -1020,9 +1026,10 @@ static int setup_supplemental_field(struct setup_password_fields_io *io) scb.sub.num_packages = num_packages; scb.sub.packages = packages; - status = ndr_push_struct_blob(&io->g.supplemental, io->ac, &scb, - (ndr_push_flags_fn_t)ndr_push_supplementalCredentialsBlob); - if (!NT_STATUS_IS_OK(status)) { + ndr_err = ndr_push_struct_blob(&io->g.supplemental, io->ac, &scb, + (ndr_push_flags_fn_t)ndr_push_supplementalCredentialsBlob); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + NTSTATUS status = ndr_map_error2ntstatus(ndr_err); ldb_asprintf_errstring(io->ac->module->ldb, "setup_supplemental_field: " "failed to push supplementalCredentialsBlob: %s", diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index 42c91d03cc..497ee373de 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -291,7 +291,7 @@ static int replmd_add_originating(struct ldb_module *module, const struct dsdb_schema *schema, const struct dsdb_control_current_partition *partition) { - NTSTATUS nt_status; + enum ndr_err_code ndr_err; struct ldb_request *down_req; struct ldb_message *msg; uint32_t instance_type; @@ -518,16 +518,15 @@ static int replmd_add_originating(struct ldb_module *module, replmd_replPropertyMetaDataCtr1_sort(&nmd.ctr.ctr1, &rdn_attr->attributeID_id); /* generated NDR encoded values */ - nt_status = ndr_push_struct_blob(&guid_value, msg, &guid, - (ndr_push_flags_fn_t)ndr_push_GUID); - if (!NT_STATUS_IS_OK(nt_status)) { - talloc_free(down_req); + ndr_err = ndr_push_struct_blob(&guid_value, msg, &guid, + (ndr_push_flags_fn_t)ndr_push_GUID); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } - nt_status = ndr_push_struct_blob(&nmd_value, msg, &nmd, - (ndr_push_flags_fn_t)ndr_push_replPropertyMetaDataBlob); - if (!NT_STATUS_IS_OK(nt_status)) { + ndr_err = ndr_push_struct_blob(&nmd_value, msg, &nmd, + (ndr_push_flags_fn_t)ndr_push_replPropertyMetaDataBlob); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { talloc_free(down_req); ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; @@ -723,7 +722,7 @@ static int replmd_replicated_apply_add_callback(struct ldb_context *ldb, static int replmd_replicated_apply_add(struct replmd_replicated_request *ar) { - NTSTATUS nt_status; + enum ndr_err_code ndr_err; struct ldb_message *msg; struct replPropertyMetaDataBlob *md; struct ldb_val md_value; @@ -774,9 +773,10 @@ static int replmd_replicated_apply_add(struct replmd_replicated_request *ar) for (i=0; i < md->ctr.ctr1.count; i++) { md->ctr.ctr1.array[i].local_usn = seq_num; } - nt_status = ndr_push_struct_blob(&md_value, msg, md, - (ndr_push_flags_fn_t)ndr_push_replPropertyMetaDataBlob); - if (!NT_STATUS_IS_OK(nt_status)) { + ndr_err = ndr_push_struct_blob(&md_value, msg, md, + (ndr_push_flags_fn_t)ndr_push_replPropertyMetaDataBlob); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err); return replmd_replicated_request_werror(ar, ntstatus_to_werror(nt_status)); } ret = ldb_msg_add_value(msg, "replPropertyMetaData", &md_value, NULL); @@ -865,7 +865,7 @@ static int replmd_replicated_apply_merge_callback(struct ldb_context *ldb, static int replmd_replicated_apply_merge(struct replmd_replicated_request *ar) { - NTSTATUS nt_status; + enum ndr_err_code ndr_err; struct ldb_message *msg; struct replPropertyMetaDataBlob *rmd; struct replPropertyMetaDataBlob omd; @@ -902,9 +902,10 @@ static int replmd_replicated_apply_merge(struct replmd_replicated_request *ar) /* find existing meta data */ omd_value = ldb_msg_find_ldb_val(ar->sub.search_msg, "replPropertyMetaData"); if (omd_value) { - nt_status = ndr_pull_struct_blob(omd_value, ar->sub.mem_ctx, &omd, - (ndr_pull_flags_fn_t)ndr_pull_replPropertyMetaDataBlob); - if (!NT_STATUS_IS_OK(nt_status)) { + ndr_err = ndr_pull_struct_blob(omd_value, ar->sub.mem_ctx, &omd, + (ndr_pull_flags_fn_t)ndr_pull_replPropertyMetaDataBlob); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err); return replmd_replicated_request_werror(ar, ntstatus_to_werror(nt_status)); } @@ -984,9 +985,10 @@ static int replmd_replicated_apply_merge(struct replmd_replicated_request *ar) } /* create the meta data value */ - nt_status = ndr_push_struct_blob(&nmd_value, msg, &nmd, - (ndr_push_flags_fn_t)ndr_push_replPropertyMetaDataBlob); - if (!NT_STATUS_IS_OK(nt_status)) { + ndr_err = ndr_push_struct_blob(&nmd_value, msg, &nmd, + (ndr_push_flags_fn_t)ndr_push_replPropertyMetaDataBlob); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err); return replmd_replicated_request_werror(ar, ntstatus_to_werror(nt_status)); } @@ -1180,7 +1182,7 @@ static int replmd_drsuapi_DsReplicaCursor2_compare(const struct drsuapi_DsReplic static int replmd_replicated_uptodate_modify(struct replmd_replicated_request *ar) { - NTSTATUS nt_status; + enum ndr_err_code ndr_err; struct ldb_message *msg; struct replUpToDateVectorBlob ouv; const struct ldb_val *ouv_value; @@ -1223,9 +1225,10 @@ static int replmd_replicated_uptodate_modify(struct replmd_replicated_request *a */ ouv_value = ldb_msg_find_ldb_val(ar->sub.search_msg, "replUpToDateVector"); if (ouv_value) { - nt_status = ndr_pull_struct_blob(ouv_value, ar->sub.mem_ctx, &ouv, - (ndr_pull_flags_fn_t)ndr_pull_replUpToDateVectorBlob); - if (!NT_STATUS_IS_OK(nt_status)) { + ndr_err = ndr_pull_struct_blob(ouv_value, ar->sub.mem_ctx, &ouv, + (ndr_pull_flags_fn_t)ndr_pull_replUpToDateVectorBlob); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err); return replmd_replicated_request_werror(ar, ntstatus_to_werror(nt_status)); } @@ -1347,9 +1350,10 @@ static int replmd_replicated_uptodate_modify(struct replmd_replicated_request *a if (!msg) return replmd_replicated_request_werror(ar, WERR_NOMEM); msg->dn = ar->sub.search_msg->dn; - nt_status = ndr_push_struct_blob(&nuv_value, msg, &nuv, - (ndr_push_flags_fn_t)ndr_push_replUpToDateVectorBlob); - if (!NT_STATUS_IS_OK(nt_status)) { + ndr_err = ndr_push_struct_blob(&nuv_value, msg, &nuv, + (ndr_push_flags_fn_t)ndr_push_replUpToDateVectorBlob); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err); return replmd_replicated_request_werror(ar, ntstatus_to_werror(nt_status)); } ret = ldb_msg_add_value(msg, "replUpToDateVector", &nuv_value, &nuv_el); @@ -1383,9 +1387,10 @@ static int replmd_replicated_uptodate_modify(struct replmd_replicated_request *a trf = talloc(ar->sub.mem_ctx, struct repsFromToBlob); if (!trf) return replmd_replicated_request_werror(ar, WERR_NOMEM); - nt_status = ndr_pull_struct_blob(&orf_el->values[i], trf, trf, - (ndr_pull_flags_fn_t)ndr_pull_repsFromToBlob); - if (!NT_STATUS_IS_OK(nt_status)) { + ndr_err = ndr_pull_struct_blob(&orf_el->values[i], trf, trf, + (ndr_pull_flags_fn_t)ndr_pull_repsFromToBlob); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err); return replmd_replicated_request_werror(ar, ntstatus_to_werror(nt_status)); } @@ -1432,9 +1437,10 @@ static int replmd_replicated_uptodate_modify(struct replmd_replicated_request *a } /* we now fill the value which is already attached to ldb_message */ - nt_status = ndr_push_struct_blob(nrf_value, msg, &nrf, - (ndr_push_flags_fn_t)ndr_push_repsFromToBlob); - if (!NT_STATUS_IS_OK(nt_status)) { + ndr_err = ndr_push_struct_blob(nrf_value, msg, &nrf, + (ndr_push_flags_fn_t)ndr_push_repsFromToBlob); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err); return replmd_replicated_request_werror(ar, ntstatus_to_werror(nt_status)); } diff --git a/source4/dsdb/samdb/ldb_modules/samba3sam.c b/source4/dsdb/samdb/ldb_modules/samba3sam.c index d5a1045f93..0d4fead2b5 100644 --- a/source4/dsdb/samdb/ldb_modules/samba3sam.c +++ b/source4/dsdb/samdb/ldb_modules/samba3sam.c @@ -84,7 +84,7 @@ static void generate_sambaPrimaryGroupSID(struct ldb_module *module, const char const struct ldb_val *sidval; char *sidstring; struct dom_sid *sid; - NTSTATUS status; + enum ndr_err_code ndr_err; /* We need the domain, so we get it from the objectSid that we hope is here... */ sidval = ldb_msg_find_ldb_val(local, "objectSid"); @@ -96,8 +96,9 @@ static void generate_sambaPrimaryGroupSID(struct ldb_module *module, const char if (sid == NULL) { return; } - status = ndr_pull_struct_blob(sidval, sid, sid, (ndr_pull_flags_fn_t)ndr_pull_dom_sid); - if (!NT_STATUS_IS_OK(status)) { + + ndr_err = ndr_pull_struct_blob(sidval, sid, sid, (ndr_pull_flags_fn_t)ndr_pull_dom_sid); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { talloc_free(sid); return; } @@ -179,17 +180,17 @@ static struct ldb_val encode_sid(struct ldb_module *module, TALLOC_CTX *ctx, con { struct ldb_val out = data_blob(NULL, 0); struct dom_sid *sid; - NTSTATUS status; + enum ndr_err_code ndr_err; sid = dom_sid_parse_talloc(ctx, (char *)val->data); if (sid == NULL) { return out; } - status = ndr_push_struct_blob(&out, ctx, sid, - (ndr_push_flags_fn_t)ndr_push_dom_sid); + ndr_err = ndr_push_struct_blob(&out, ctx, sid, + (ndr_push_flags_fn_t)ndr_push_dom_sid); talloc_free(sid); - if (!NT_STATUS_IS_OK(status)) { + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { return out; } @@ -201,16 +202,16 @@ static struct ldb_val decode_sid(struct ldb_module *module, TALLOC_CTX *ctx, con { struct ldb_val out = data_blob(NULL, 0); struct dom_sid *sid; - NTSTATUS status; + enum ndr_err_code ndr_err; sid = talloc(ctx, struct dom_sid); if (sid == NULL) { return out; } - status = ndr_pull_struct_blob(val, sid, sid, - (ndr_pull_flags_fn_t)ndr_pull_dom_sid); - if (!NT_STATUS_IS_OK(status)) { + ndr_err = ndr_pull_struct_blob(val, sid, sid, + (ndr_pull_flags_fn_t)ndr_pull_dom_sid); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { goto done; } diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index c054feadce..128ec13242 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -47,10 +47,11 @@ int samldb_notice_sid(struct ldb_module *module, static bool samldb_msg_add_sid(struct ldb_module *module, struct ldb_message *msg, const char *name, const struct dom_sid *sid) { struct ldb_val v; - NTSTATUS status; - status = ndr_push_struct_blob(&v, msg, sid, - (ndr_push_flags_fn_t)ndr_push_dom_sid); - if (!NT_STATUS_IS_OK(status)) { + enum ndr_err_code ndr_err; + + ndr_err = ndr_push_struct_blob(&v, msg, sid, + (ndr_push_flags_fn_t)ndr_push_dom_sid); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { return false; } return (ldb_msg_add_value(msg, name, &v, NULL) == 0); -- cgit From 3f2ca10d2d86f0cd64822f9e5f95633f41263237 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 13 Nov 2007 22:38:55 +0100 Subject: r25940: Rework the samldb and templates handling. Templates just don't belong in the sam.ldb, as they don't obey any of the other rules. This moves them to a seperate templates.ldb. In samldb, this patch reworks the duplicate SID and Name detection code, to use ldb_search_exp_fmt() rather than gendb_search. This returns far more useful errors, which we now handle and report better. The call to samdb_search_for_parent_domain() has been moved in samldb, to allow both the account and SID uniqueness checks to be in the same domain. This function also returns better errors. dcesrv_drsuapi.c is updated for the new prototype of samdb_search_for_parent_domain() Andrew Bartlett (This used to be commit f1ab90c88c782c693b41795d70368650806543b5) --- source4/dsdb/samdb/ldb_modules/samldb.c | 83 +++++++++++++++++++-------------- 1 file changed, 48 insertions(+), 35 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 128ec13242..e2e914ee82 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -190,24 +190,16 @@ static int samldb_allocate_next_rid(struct ldb_module *module, TALLOC_CTX *mem_c */ static int samldb_get_new_sid(struct ldb_module *module, TALLOC_CTX *mem_ctx, struct ldb_dn *obj_dn, + struct ldb_dn *dom_dn, struct dom_sid **sid) { const char * const attrs[2] = { "objectSid", NULL }; struct ldb_result *res = NULL; - struct ldb_dn *dom_dn; int ret; struct dom_sid *dom_sid; /* get the domain component part of the provided dn */ - dom_dn = samdb_search_for_parent_domain(module->ldb, mem_ctx, obj_dn); - if (dom_dn == NULL) { - ldb_asprintf_errstring(module->ldb, - "Invalid dn (%s) not child of a domain object!\n", - ldb_dn_get_linearized(obj_dn)); - return LDB_ERR_CONSTRAINT_VIOLATION; - } - /* find the domain sid */ ret = ldb_search(module->ldb, dom_dn, LDB_SCOPE_BASE, "objectSid=*", attrs, &res); @@ -338,13 +330,14 @@ int samldb_notice_sid(struct ldb_module *module, } static int samldb_handle_sid(struct ldb_module *module, - TALLOC_CTX *mem_ctx, struct ldb_message *msg2) + TALLOC_CTX *mem_ctx, struct ldb_message *msg2, + struct ldb_dn *parent_dn) { int ret; struct dom_sid *sid = samdb_result_dom_sid(mem_ctx, msg2, "objectSid"); if (sid == NULL) { - ret = samldb_get_new_sid(module, msg2, msg2->dn, &sid); + ret = samldb_get_new_sid(module, msg2, msg2->dn, parent_dn, &sid); if (ret != 0) { return ret; } @@ -361,31 +354,35 @@ static int samldb_handle_sid(struct ldb_module *module, return ret; } -static char *samldb_generate_samAccountName(struct ldb_module *module, TALLOC_CTX *mem_ctx) +static int samldb_generate_samAccountName(struct ldb_module *module, TALLOC_CTX *mem_ctx, + struct ldb_dn *dom_dn, char **name) { - char *name; const char *attrs[] = { NULL }; - struct ldb_message **msgs; + struct ldb_result *res; int ret; /* Format: $000000-000000000000 */ do { - name = talloc_asprintf(mem_ctx, "$%.6X-%.6X%.6X", (unsigned int)random(), (unsigned int)random(), (unsigned int)random()); + *name = talloc_asprintf(mem_ctx, "$%.6X-%.6X%.6X", (unsigned int)random(), (unsigned int)random(), (unsigned int)random()); /* TODO: Figure out exactly what this is meant to conflict with */ - ret = gendb_search(module->ldb, - mem_ctx, NULL, &msgs, attrs, - "samAccountName=%s", - ldb_binary_encode_string(mem_ctx, name)); - if (ret == 0) { + ret = ldb_search_exp_fmt(module->ldb, + mem_ctx, &res, dom_dn, LDB_SCOPE_SUBTREE, attrs, + "samAccountName=%s", + ldb_binary_encode_string(mem_ctx, *name)); + if (ret != LDB_SUCCESS) { + ldb_asprintf_errstring(module->ldb, "samldb: Failure searching to determine if samAccountName %s is unique: %s", + *name, ldb_errstring(module->ldb)); + return ret; + } + + if (res->count == 0) { + talloc_free(res); /* Great. There are no conflicting users/groups/etc */ - return name; - } else if (ret == -1) { - /* Bugger, there is a problem, and we don't know what it is until gendb_search improves */ - return NULL; + return LDB_SUCCESS; } else { - talloc_free(name); - /* gah, there are conflicting sids, lets move around the loop again... */ + talloc_free(*name); + /* gah, there is a conflicting name, lets move around the loop again... */ } } while (1); } @@ -394,8 +391,9 @@ static int samldb_fill_group_object(struct ldb_module *module, const struct ldb_ struct ldb_message **ret_msg) { int ret; - const char *name; + char *name; struct ldb_message *msg2; + struct ldb_dn *dom_dn; const char *rdn_name; TALLOC_CTX *mem_ctx = talloc_new(msg); const char *errstr; @@ -428,12 +426,19 @@ static int samldb_fill_group_object(struct ldb_module *module, const struct ldb_ return LDB_ERR_CONSTRAINT_VIOLATION; } + ret = samdb_search_for_parent_domain(module->ldb, mem_ctx, msg2->dn, &dom_dn, &errstr); + if (ret != LDB_SUCCESS) { + ldb_asprintf_errstring(module->ldb, + "samldb_fill_group_object: %s", errstr); + return ret; + } + /* Generate a random name, if no samAccountName was supplied */ if (ldb_msg_find_element(msg2, "samAccountName") == NULL) { - name = samldb_generate_samAccountName(module, mem_ctx); - if (!name) { + ret = samldb_generate_samAccountName(module, mem_ctx, dom_dn, &name); + if (ret != LDB_SUCCESS) { talloc_free(mem_ctx); - return LDB_ERR_OPERATIONS_ERROR; + return ret; } ret = samdb_find_or_add_attribute(module->ldb, msg2, "sAMAccountName", name); if (ret) { @@ -443,7 +448,7 @@ static int samldb_fill_group_object(struct ldb_module *module, const struct ldb_ } /* Manage SID allocation, conflicts etc */ - ret = samldb_handle_sid(module, mem_ctx, msg2); + ret = samldb_handle_sid(module, mem_ctx, msg2, dom_dn); if (ret == LDB_SUCCESS) { talloc_steal(msg, msg2); @@ -459,6 +464,7 @@ static int samldb_fill_user_or_computer_object(struct ldb_module *module, const int ret; char *name; struct ldb_message *msg2; + struct ldb_dn *dom_dn; const char *rdn_name; TALLOC_CTX *mem_ctx = talloc_new(msg); const char *errstr; @@ -514,11 +520,18 @@ static int samldb_fill_user_or_computer_object(struct ldb_module *module, const return LDB_ERR_CONSTRAINT_VIOLATION; } + ret = samdb_search_for_parent_domain(module->ldb, mem_ctx, msg2->dn, &dom_dn, &errstr); + if (ret != LDB_SUCCESS) { + ldb_asprintf_errstring(module->ldb, + "samldb_fill_group_object: %s", errstr); + return ret; + } + if (ldb_msg_find_element(msg2, "samAccountName") == NULL) { - name = samldb_generate_samAccountName(module, mem_ctx); - if (!name) { + ret = samldb_generate_samAccountName(module, mem_ctx, dom_dn, &name); + if (ret != LDB_SUCCESS) { talloc_free(mem_ctx); - return LDB_ERR_OPERATIONS_ERROR; + return ret; } ret = samdb_find_or_add_attribute(module->ldb, msg2, "sAMAccountName", name); if (ret) { @@ -532,7 +545,7 @@ static int samldb_fill_user_or_computer_object(struct ldb_module *module, const */ /* Manage SID allocation, conflicts etc */ - ret = samldb_handle_sid(module, mem_ctx, msg2); + ret = samldb_handle_sid(module, mem_ctx, msg2, dom_dn); /* TODO: objectCategory, userAccountControl, badPwdCount, codePage, countryCode, badPasswordTime, lastLogoff, lastLogon, pwdLastSet, primaryGroupID, accountExpires, logonCount */ -- cgit From 7f18e15e3f48d92a4f8f2b929a6337761b26fc67 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 13 Nov 2007 22:40:42 +0100 Subject: r25941: Use samdb_relative_path() (new function in samdb.c) in the partitions module. Andrew Bartlett (This used to be commit c8d1ab30845fa1496c85630b138b1cb512c2b6aa) --- source4/dsdb/samdb/ldb_modules/partition.c | 33 +++--------------------------- 1 file changed, 3 insertions(+), 30 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index 5d3663be33..f40cf5ef42 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -707,33 +707,6 @@ static int sort_compare(void *void1, return ldb_dn_compare(partition1->dn, partition2->dn); } -static const char *relative_path(struct ldb_module *module, - TALLOC_CTX *mem_ctx, - const char *name) -{ - const char *base_url = - (const char *)ldb_get_opaque(module->ldb, "ldb_url"); - char *path, *p, *full_name; - if (name == NULL) { - return NULL; - } - if (name[0] == 0 || name[0] == '/' || strstr(name, ":/")) { - return talloc_strdup(mem_ctx, name); - } - path = talloc_strdup(mem_ctx, base_url); - if (path == NULL) { - return NULL; - } - if ( (p = strrchr(path, '/')) != NULL) { - p[0] = '\0'; - full_name = talloc_asprintf(mem_ctx, "%s/%s", path, name); - } else { - full_name = talloc_asprintf(mem_ctx, "./%s", name); - } - talloc_free(path); - return full_name; -} - static int partition_init(struct ldb_module *module) { int ret, i; @@ -822,9 +795,9 @@ static int partition_init(struct ldb_module *module) return LDB_ERR_CONSTRAINT_VIOLATION; } - data->partitions[i]->backend = relative_path(module, - data->partitions[i], - p); + data->partitions[i]->backend = samdb_relative_path(module->ldb, + data->partitions[i], + p); if (!data->partitions[i]->backend) { ldb_asprintf_errstring(module->ldb, "partition_init: unable to determine an relative path for partition: %s", base); -- cgit From 5d4f507a65144d8fe30b3fcd0b9cbcdc088146c6 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 13 Nov 2007 22:54:52 +0100 Subject: r25942: Make various ldb modules handle an LDB backend that enforces validity of Base DNs in searches (returning an error of LDB_ERR_NO_SUCH_ENTRY). We need to handle this if ldb_tdb is to behave correctly compared with LDAP, as well as if we are using an LDAP backend. In doing so, I realised that subtree_rename and subtree_delete (prevention) need rather different wait loops, so it seemed easier to split it out into it's own module. I've fixed the licence on both of these modules to be GPLv3. Andrew Bartlett (This used to be commit d3894c90f31fb45e038ab478cd9d7d34962d069b) --- source4/dsdb/samdb/ldb_modules/config.mk | 13 ++ source4/dsdb/samdb/ldb_modules/linked_attributes.c | 68 +++--- source4/dsdb/samdb/ldb_modules/objectclass.c | 29 ++- source4/dsdb/samdb/ldb_modules/pdc_fsmo.c | 7 +- source4/dsdb/samdb/ldb_modules/schema_fsmo.c | 7 +- source4/dsdb/samdb/ldb_modules/subtree_delete.c | 255 +++++++++++++++++++++ source4/dsdb/samdb/ldb_modules/subtree_rename.c | 132 +---------- 7 files changed, 348 insertions(+), 163 deletions(-) create mode 100644 source4/dsdb/samdb/ldb_modules/subtree_delete.c (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index 808fb58048..3c43d47cef 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -264,6 +264,19 @@ OBJ_FILES = \ # End MODULE ldb_subtree_rename ################################################ +################################################ +# Start MODULE ldb_subtree_rename +[MODULE::ldb_subtree_delete] +INIT_FUNCTION = ldb_subtree_delete_init +OUTPUT_TYPE = SHARED_LIBRARY +CFLAGS = -Ilib/ldb/include +PRIVATE_DEPENDENCIES = LIBTALLOC +SUBSYSTEM = LIBLDB +OBJ_FILES = \ + subtree_delete.o +# End MODULE ldb_subtree_rename +################################################ + ################################################ # Start MODULE ldb_linked_attributes [MODULE::ldb_linked_attributes] diff --git a/source4/dsdb/samdb/ldb_modules/linked_attributes.c b/source4/dsdb/samdb/ldb_modules/linked_attributes.c index be5dd12d3b..f3e66c5065 100644 --- a/source4/dsdb/samdb/ldb_modules/linked_attributes.c +++ b/source4/dsdb/samdb/ldb_modules/linked_attributes.c @@ -34,10 +34,12 @@ #include "dsdb/samdb/samdb.h" struct linked_attributes_context { + enum la_step {LA_SEARCH, LA_DO_OPS} step; struct ldb_module *module; struct ldb_handle *handle; struct ldb_request *orig_req; + struct ldb_request *search_req; struct ldb_request **down_req; int num_requests; int finished_requests; @@ -82,7 +84,7 @@ static struct linked_attributes_context *linked_attributes_init_handle(struct ld static int setup_modifies(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, struct linked_attributes_context *ac, - struct ldb_message *msg, + const struct ldb_message *msg, struct ldb_dn *olddn, struct ldb_dn *newdn) { int i, j, ret = LDB_SUCCESS; @@ -192,6 +194,7 @@ static int setup_modifies(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, ac->down_req[ac->num_requests] = new_req; ac->num_requests++; + /* Run the new request */ ret = ldb_next_request(ac->module, new_req); if (ret != LDB_SUCCESS) { @@ -272,6 +275,8 @@ static int linked_attributes_add(struct ldb_module *module, struct ldb_request * /* Even link IDs are for the originating attribute */ } + + ac->step = LA_DO_OPS; /* Now call the common routine to setup the modifies across all the attributes */ return setup_modifies(module->ldb, ac, ac, req->op.add.message, NULL, req->op.add.message->dn); @@ -322,6 +327,8 @@ static int linked_attributes_modify(struct ldb_module *module, struct ldb_reques ac->num_requests++; + ac->step = LA_DO_OPS; + /* Run the original request */ ret = ldb_next_request(module, ac->down_req[0]); if (ret != LDB_SUCCESS) { @@ -539,18 +546,8 @@ static int linked_attributes_rename(struct ldb_module *module, struct ldb_reques talloc_steal(new_req, attrs); - ac->down_req = talloc_realloc(ac, ac->down_req, - struct ldb_request *, ac->num_requests + 1); - if (!ac->down_req) { - ldb_oom(ac->module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - ac->down_req[ac->num_requests] = new_req; - if (req == NULL) { - ldb_oom(ac->module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - ac->num_requests++; + ac->search_req = new_req; + ac->step = LA_SEARCH; return ldb_next_request(module, new_req); } @@ -602,18 +599,8 @@ static int linked_attributes_delete(struct ldb_module *module, struct ldb_reques talloc_steal(new_req, attrs); - ac->down_req = talloc_realloc(ac, ac->down_req, - struct ldb_request *, ac->num_requests + 1); - if (!ac->down_req) { - ldb_oom(ac->module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - ac->down_req[ac->num_requests] = new_req; - if (req == NULL) { - ldb_oom(ac->module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - ac->num_requests++; + ac->search_req = new_req; + ac->step = LA_SEARCH; return ldb_next_request(module, new_req); } @@ -634,21 +621,42 @@ static int linked_attributes_wait_none(struct ldb_handle *handle) { ac = talloc_get_type(handle->private_data, struct linked_attributes_context); - for (i=0; i < ac->num_requests; i++) { - ret = ldb_wait(ac->down_req[i]->handle, LDB_WAIT_NONE); + switch (ac->step) { + case LA_SEARCH: + ret = ldb_wait(ac->search_req->handle, LDB_WAIT_NONE); if (ret != LDB_SUCCESS) { handle->status = ret; goto done; } - if (ac->down_req[i]->handle->status != LDB_SUCCESS) { - handle->status = ac->down_req[i]->handle->status; + if (ac->search_req->handle->status != LDB_SUCCESS) { + handle->status = ac->search_req->handle->status; goto done; } - if (ac->down_req[i]->handle->state != LDB_ASYNC_DONE) { + if (ac->search_req->handle->state != LDB_ASYNC_DONE) { return LDB_SUCCESS; } + ac->step = LA_DO_OPS; + return LDB_SUCCESS; + + case LA_DO_OPS: + for (i=0; i < ac->num_requests; i++) { + ret = ldb_wait(ac->down_req[i]->handle, LDB_WAIT_NONE); + + if (ret != LDB_SUCCESS) { + handle->status = ret; + goto done; + } + if (ac->down_req[i]->handle->status != LDB_SUCCESS) { + handle->status = ac->down_req[i]->handle->status; + goto done; + } + + if (ac->down_req[i]->handle->state != LDB_ASYNC_DONE) { + return LDB_SUCCESS; + } + } } done: diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c index 50ea2ec4e2..5626d9a891 100644 --- a/source4/dsdb/samdb/ldb_modules/objectclass.c +++ b/source4/dsdb/samdb/ldb_modules/objectclass.c @@ -68,6 +68,8 @@ struct class_list { const struct dsdb_class *objectclass; }; +static int objectclass_do_add(struct ldb_handle *h); + static struct ldb_handle *oc_init_handle(struct ldb_request *req, struct ldb_module *module) { struct oc_context *ac; @@ -388,11 +390,17 @@ static int objectclass_add(struct ldb_module *module, struct ldb_request *req) /* return or own handle to deal with this call */ req->handle = h; - parent_dn = ldb_dn_get_parent(ac, ac->orig_req->op.mod.message->dn); + /* If there isn't a parent, just go on to the add processing */ + if (ldb_dn_get_comp_num(ac->orig_req->op.add.message->dn) == 1) { + return objectclass_do_add(h); + } + + parent_dn = ldb_dn_get_parent(ac, ac->orig_req->op.add.message->dn); if (parent_dn == NULL) { ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } + ret = ldb_build_search_req(&ac->search_req, module->ldb, ac, parent_dn, LDB_SCOPE_BASE, "(objectClass=*)", @@ -443,9 +451,7 @@ static int objectclass_do_add(struct ldb_handle *h) /* Check we have a valid parent */ if (ac->search_res == NULL) { - if (ldb_dn_get_comp_num(ac->orig_req->op.add.message->dn) <= 1) { - /* Allow cn=rootdse and cn=templates for now... */ - } else if (ldb_dn_compare(ldb_get_root_basedn(ac->module->ldb), ac->orig_req->op.add.message->dn) == 0) { + if (ldb_dn_compare(ldb_get_root_basedn(ac->module->ldb), ac->orig_req->op.add.message->dn) == 0) { /* Allow the tree to be started */ } else { ldb_asprintf_errstring(ac->module->ldb, "objectclass: Cannot add %s, parent does not exist!", @@ -461,6 +467,8 @@ static int objectclass_do_add(struct ldb_handle *h) &msg->dn); if (ret != LDB_SUCCESS) { + ldb_asprintf_errstring(ac->module->ldb, "Could not munge DN %s into normal form", + ldb_dn_get_linearized(ac->orig_req->op.add.message->dn)); return ret; } @@ -601,7 +609,9 @@ static int objectclass_modify(struct ldb_module *module, struct ldb_request *req switch (objectclass_element->flags & LDB_FLAG_MOD_MASK) { case LDB_FLAG_MOD_DELETE: - return LDB_ERR_OBJECT_CLASS_MODS_PROHIBITED; + if (objectclass_element->num_values == 0) { + return LDB_ERR_OBJECT_CLASS_MODS_PROHIBITED; + } break; case LDB_FLAG_MOD_REPLACE: { @@ -1026,11 +1036,12 @@ static int oc_wait(struct ldb_handle *handle) { case OC_SEARCH_ADD_PARENT: ret = ldb_wait(ac->search_req->handle, LDB_WAIT_NONE); - if (ret != LDB_SUCCESS) { + if (ret != LDB_SUCCESS && ret != LDB_ERR_NO_SUCH_OBJECT) { handle->status = ret; goto done; } - if (ac->search_req->handle->status != LDB_SUCCESS) { + if (ac->search_req->handle->status != LDB_SUCCESS + && ac->search_req->handle->status != LDB_ERR_NO_SUCH_OBJECT) { handle->status = ac->search_req->handle->status; goto done; } @@ -1063,11 +1074,11 @@ static int oc_wait(struct ldb_handle *handle) { case OC_SEARCH_RENAME_PARENT: ret = ldb_wait(ac->search_req->handle, LDB_WAIT_NONE); - if (ret != LDB_SUCCESS) { + if (ret != LDB_SUCCESS && ret != LDB_ERR_NO_SUCH_OBJECT) { handle->status = ret; goto done; } - if (ac->search_req->handle->status != LDB_SUCCESS) { + if (ac->search_req->handle->status != LDB_SUCCESS && ac->search_req->handle->status != LDB_ERR_NO_SUCH_OBJECT) { handle->status = ac->search_req->handle->status; goto done; } diff --git a/source4/dsdb/samdb/ldb_modules/pdc_fsmo.c b/source4/dsdb/samdb/ldb_modules/pdc_fsmo.c index d78ba14ab4..ed9b554bb1 100644 --- a/source4/dsdb/samdb/ldb_modules/pdc_fsmo.c +++ b/source4/dsdb/samdb/ldb_modules/pdc_fsmo.c @@ -67,7 +67,12 @@ static int pdc_fsmo_init(struct ldb_module *module) LDB_SCOPE_BASE, NULL, pdc_attrs, &pdc_res); - if (ret != LDB_SUCCESS) { + if (ret == LDB_ERR_NO_SUCH_OBJECT) { + ldb_debug(module->ldb, LDB_DEBUG_WARNING, + "pdc_fsmo_init: no domain object present: (skip loading of domain details)"); + talloc_free(mem_ctx); + return ldb_next_init(module); + } else if (ret != LDB_SUCCESS) { ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, "pdc_fsmo_init: failed to search the domain object: %d:%s", ret, ldb_strerror(ret)); diff --git a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c index a92f2646c4..b10e3ac203 100644 --- a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c +++ b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c @@ -90,7 +90,12 @@ static int schema_fsmo_init(struct ldb_module *module) LDB_SCOPE_BASE, NULL, schema_attrs, &schema_res); - if (ret != LDB_SUCCESS) { + if (ret == LDB_ERR_NO_SUCH_OBJECT) { + ldb_debug(module->ldb, LDB_DEBUG_WARNING, + "schema_fsmo_init: no schema head present: (skip schema loading)"); + talloc_free(mem_ctx); + return ldb_next_init(module); + } else if (ret != LDB_SUCCESS) { ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, "schema_fsmo_init: failed to search the schema head: %d:%s", ret, ldb_strerror(ret)); diff --git a/source4/dsdb/samdb/ldb_modules/subtree_delete.c b/source4/dsdb/samdb/ldb_modules/subtree_delete.c new file mode 100644 index 0000000000..92f539457e --- /dev/null +++ b/source4/dsdb/samdb/ldb_modules/subtree_delete.c @@ -0,0 +1,255 @@ +/* + ldb database library + + Copyright (C) Andrew Bartlett 2006-2007 + Copyright (C) Stefan Metzmacher 2007 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +/* + * Name: ldb + * + * Component: ldb subtree delete (prevention) module + * + * Description: Prevent deletion of a subtree in LDB + * + * Author: Andrew Bartlett + */ + +#include "ldb_includes.h" + +struct subtree_delete_context { + enum sd_step {SD_SEARCH, SD_DO_DEL} step; + + struct ldb_module *module; + struct ldb_handle *handle; + struct ldb_request *orig_req; + + struct ldb_request *search_req; + struct ldb_request *down_req; + + int num_children; +}; + +static struct subtree_delete_context *subtree_delete_init_handle(struct ldb_request *req, + struct ldb_module *module) +{ + struct subtree_delete_context *ac; + struct ldb_handle *h; + + h = talloc_zero(req, struct ldb_handle); + if (h == NULL) { + ldb_set_errstring(module->ldb, "Out of Memory"); + return NULL; + } + + h->module = module; + + ac = talloc_zero(h, struct subtree_delete_context); + if (ac == NULL) { + ldb_set_errstring(module->ldb, "Out of Memory"); + talloc_free(h); + return NULL; + } + + h->private_data = ac; + + ac->module = module; + ac->handle = h; + ac->orig_req = req; + + req->handle = h; + + return ac; +} + +static int subtree_delete_check_for_children(struct subtree_delete_context *ac) +{ + if (ac->num_children > 0) { + ldb_asprintf_errstring(ac->module->ldb, "Cannot delete %s, not a leaf node (has %d children)\n", + ldb_dn_get_linearized(ac->orig_req->op.del.dn), ac->num_children); + return LDB_ERR_NOT_ALLOWED_ON_NON_LEAF; + } else { + struct ldb_request *req = talloc(ac, struct ldb_request); + if (!req) { + ldb_oom(ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + *req = *ac->orig_req; + + ac->down_req = req; + ac->step = SD_DO_DEL; + return ldb_next_request(ac->module, req); + } +} + +static int subtree_delete_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +{ + struct subtree_delete_context *ac = talloc_get_type(context, struct subtree_delete_context); + TALLOC_CTX *mem_ctx = talloc_new(ac); + + if (!mem_ctx) { + ldb_oom(ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + /* OK, we have one of *many* search results here: + + We should also get the entry we tried to rename. This + callback handles this and everything below it. + */ + + /* Only entries are interesting, and we handle the case of the parent seperatly */ + if (ares->type == LDB_REPLY_ENTRY + && ldb_dn_compare(ares->message->dn, ac->orig_req->op.del.dn) != 0) { + /* And it is an actual entry: now object bitterly that we are not a leaf node */ + ac->num_children++; + } + talloc_free(ares); + return LDB_SUCCESS; +} + +/* rename */ +static int subtree_delete(struct ldb_module *module, struct ldb_request *req) +{ + const char *attrs[] = { NULL }; + struct ldb_request *new_req; + struct subtree_delete_context *ac; + int ret; + if (ldb_dn_is_special(req->op.rename.olddn)) { /* do not manipulate our control entries */ + return ldb_next_request(module, req); + } + + /* This gets complex: We need to: + - Do a search for all entires under this entry + - Wait for these results to appear + - In the callback for each result, count the children (if any) + - return an error if there are any + */ + + ac = subtree_delete_init_handle(req, module); + if (!ac) { + return LDB_ERR_OPERATIONS_ERROR; + } + + ret = ldb_build_search_req(&new_req, module->ldb, req, + req->op.del.dn, + LDB_SCOPE_SUBTREE, + "(objectClass=*)", + attrs, + req->controls, + ac, + subtree_delete_search_callback); + + if (ret != LDB_SUCCESS) { + return ret; + } + + ac->search_req = new_req; + if (req == NULL) { + ldb_oom(ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + return ldb_next_request(module, new_req); +} + + +static int subtree_delete_wait_none(struct ldb_handle *handle) { + struct subtree_delete_context *ac; + int ret = LDB_ERR_OPERATIONS_ERROR; + if (!handle || !handle->private_data) { + return LDB_ERR_OPERATIONS_ERROR; + } + + if (handle->state == LDB_ASYNC_DONE) { + return handle->status; + } + + handle->state = LDB_ASYNC_PENDING; + handle->status = LDB_SUCCESS; + + ac = talloc_get_type(handle->private_data, struct subtree_delete_context); + + switch (ac->step) { + case SD_SEARCH: + ret = ldb_wait(ac->search_req->handle, LDB_WAIT_NONE); + + if (ret != LDB_SUCCESS && ret != LDB_ERR_NO_SUCH_OBJECT) { + handle->status = ret; + goto done; + } + if (ac->search_req->handle->status != LDB_SUCCESS + && ac->search_req->handle->status != LDB_ERR_NO_SUCH_OBJECT) { + handle->status = ac->search_req->handle->status; + goto done; + } + + return subtree_delete_check_for_children(ac); + + case SD_DO_DEL: + ret = ldb_wait(ac->down_req->handle, LDB_WAIT_NONE); + + if (ret != LDB_SUCCESS) { + handle->status = ret; + goto done; + } + if (ac->down_req->handle->status != LDB_SUCCESS) { + handle->status = ac->down_req->handle->status; + goto done; + } + + if (ac->down_req->handle->state != LDB_ASYNC_DONE) { + return LDB_SUCCESS; + } + + break; + } +done: + handle->state = LDB_ASYNC_DONE; + return ret; +} + +static int subtree_delete_wait_all(struct ldb_handle *handle) { + + int ret; + + while (handle->state != LDB_ASYNC_DONE) { + ret = subtree_delete_wait_none(handle); + if (ret != LDB_SUCCESS) { + return ret; + } + } + + return handle->status; +} + +static int subtree_delete_wait(struct ldb_handle *handle, enum ldb_wait_type type) +{ + if (type == LDB_WAIT_ALL) { + return subtree_delete_wait_all(handle); + } else { + return subtree_delete_wait_none(handle); + } +} + +static const struct ldb_module_ops subtree_delete_ops = { + .name = "subtree_delete", + .del = subtree_delete, + .wait = subtree_delete_wait, +}; + +int ldb_subtree_delete_init(void) +{ + return ldb_register_module(&subtree_delete_ops); +} diff --git a/source4/dsdb/samdb/ldb_modules/subtree_rename.c b/source4/dsdb/samdb/ldb_modules/subtree_rename.c index 72857cb864..0964c3fdcd 100644 --- a/source4/dsdb/samdb/ldb_modules/subtree_rename.c +++ b/source4/dsdb/samdb/ldb_modules/subtree_rename.c @@ -4,22 +4,18 @@ Copyright (C) Andrew Bartlett 2006-2007 Copyright (C) Stefan Metzmacher 2007 - ** NOTE! The following LGPL license applies to the ldb - ** library. This does NOT imply that all of Samba is released - ** under the LGPL + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 3 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with this library; if not, see . + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . */ /* @@ -206,113 +202,6 @@ static int subtree_rename(struct ldb_module *module, struct ldb_request *req) } -static int subtree_delete_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) -{ - struct ldb_request *req; - struct subtree_rename_context *ac = talloc_get_type(context, struct subtree_rename_context); - TALLOC_CTX *mem_ctx = talloc_new(ac); - - if (!mem_ctx) { - ldb_oom(ac->module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - /* OK, we have one of *many* search results here: - - We should also get the entry we tried to rename. This - callback handles this and everything below it. - */ - - /* Only entries are interesting, and we handle the case of the parent seperatly */ - if (ares->type == LDB_REPLY_ENTRY - && ldb_dn_compare(ares->message->dn, ac->orig_req->op.del.dn) != 0) { - /* And it is an actual entry: now object bitterly that we are not a leaf node */ - ac->num_children++; - talloc_free(ares); - return LDB_SUCCESS; - } else if (ares->type == LDB_REPLY_DONE) { - talloc_free(ares); - if (ac->num_children > 0) { - ldb_asprintf_errstring(ac->module->ldb, "Cannot delete %s, not a leaf node (has %d children)\n", - ldb_dn_get_linearized(ac->orig_req->op.del.dn), ac->num_children); - return LDB_ERR_NOT_ALLOWED_ON_NON_LEAF; - } else { - req = talloc(mem_ctx, struct ldb_request); - if (!req) { - ldb_oom(ac->module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - *req = *ac->orig_req; - - ac->down_req = talloc_realloc(ac, ac->down_req, - struct ldb_request *, ac->num_requests + 1); - if (!ac->down_req) { - ldb_oom(ac->module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - ac->down_req[ac->num_requests] = req; - ac->num_requests++; - - return ldb_next_request(ac->module, req); - } - } else { - talloc_free(ares); - return LDB_SUCCESS; - } -} - -/* rename */ -static int subtree_delete(struct ldb_module *module, struct ldb_request *req) -{ - const char *attrs[] = { NULL }; - struct ldb_request *new_req; - struct subtree_rename_context *ac; - int ret; - if (ldb_dn_is_special(req->op.rename.olddn)) { /* do not manipulate our control entries */ - return ldb_next_request(module, req); - } - - /* This gets complex: We need to: - - Do a search for all entires under this entry - - Wait for these results to appear - - In the callback for each result, issue a modify request - - That will include this rename, we hope - - Wait for each modify result - - Regain our sainity - */ - - ac = subtree_rename_init_handle(req, module); - if (!ac) { - return LDB_ERR_OPERATIONS_ERROR; - } - - ret = ldb_build_search_req(&new_req, module->ldb, req, - req->op.del.dn, - LDB_SCOPE_SUBTREE, - "(objectClass=*)", - attrs, - req->controls, - ac, - subtree_delete_search_callback); - - if (ret != LDB_SUCCESS) { - return ret; - } - - ac->down_req = talloc_realloc(ac, ac->down_req, - struct ldb_request *, ac->num_requests + 1); - if (!ac->down_req) { - ldb_oom(ac->module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - ac->down_req[ac->num_requests] = new_req; - if (req == NULL) { - ldb_oom(ac->module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - ac->num_requests++; - return ldb_next_request(module, new_req); -} - static int subtree_rename_wait_none(struct ldb_handle *handle) { struct subtree_rename_context *ac; int i, ret = LDB_ERR_OPERATIONS_ERROR; @@ -378,7 +267,6 @@ static int subtree_rename_wait(struct ldb_handle *handle, enum ldb_wait_type typ static const struct ldb_module_ops subtree_rename_ops = { .name = "subtree_rename", .rename = subtree_rename, - .del = subtree_delete, .wait = subtree_rename_wait, }; -- cgit From b34f286d3a0367acf18288e43323c4f88b11378d Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 14 Nov 2007 03:52:39 +0100 Subject: r25949: Make error messages clearer and more correct. Andrew Bartlett (This used to be commit f0a0d73f768434cb474b311d7c366d1f2a06c8f4) --- source4/dsdb/samdb/ldb_modules/samldb.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index e2e914ee82..b1366fd994 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -475,7 +475,7 @@ static int samldb_fill_user_or_computer_object(struct ldb_module *module, const /* build the new msg */ msg2 = ldb_msg_copy(mem_ctx, msg); if (!msg2) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_group_object: ldb_msg_copy failed!\n"); + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_user_or_computer_object: ldb_msg_copy failed!\n"); talloc_free(mem_ctx); return LDB_ERR_OPERATIONS_ERROR; } @@ -523,7 +523,7 @@ static int samldb_fill_user_or_computer_object(struct ldb_module *module, const ret = samdb_search_for_parent_domain(module->ldb, mem_ctx, msg2->dn, &dom_dn, &errstr); if (ret != LDB_SUCCESS) { ldb_asprintf_errstring(module->ldb, - "samldb_fill_group_object: %s", errstr); + "samldb_fill_user_or_computer_object: %s", errstr); return ret; } -- cgit From 579eca54b738fb2f78bc994cee8632dbf94c5a2d Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 16 Nov 2007 04:18:22 +0100 Subject: r25981: Don't create an ldb_request on NULL. A re-arrangment of the code due to the base DN checking meant that the ac->down_req array wasn't started, so was NULL Andrew Bartlett (This used to be commit 0a44b8e9f3e1a85c27d105cdd1572a0df936f612) --- source4/dsdb/samdb/ldb_modules/linked_attributes.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/linked_attributes.c b/source4/dsdb/samdb/ldb_modules/linked_attributes.c index f3e66c5065..fd36c16d56 100644 --- a/source4/dsdb/samdb/ldb_modules/linked_attributes.c +++ b/source4/dsdb/samdb/ldb_modules/linked_attributes.c @@ -127,8 +127,18 @@ static int setup_modifies(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, for (j=0; j < el->num_values; j++) { struct ldb_message_element *ret_el; struct ldb_request *new_req; + struct ldb_message *new_msg; + + /* Create a spot in the list for the requests */ + ac->down_req = talloc_realloc(ac, ac->down_req, + struct ldb_request *, ac->num_requests + 1); + if (!ac->down_req) { + ldb_oom(ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + /* Create the modify request */ - struct ldb_message *new_msg = ldb_msg_new(ac->down_req); + new_msg = ldb_msg_new(ac->down_req); if (!new_msg) { ldb_oom(ldb); return LDB_ERR_OPERATIONS_ERROR; @@ -184,13 +194,6 @@ static int setup_modifies(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, ldb_set_timeout_from_prev_req(ldb, ac->orig_req, new_req); - /* Now add it to the list */ - ac->down_req = talloc_realloc(ac, ac->down_req, - struct ldb_request *, ac->num_requests + 1); - if (!ac->down_req) { - ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; - } ac->down_req[ac->num_requests] = new_req; ac->num_requests++; -- cgit From ca0b72a1fdb7bd965065e833df34662afef0423e Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Fri, 16 Nov 2007 20:12:00 +0100 Subject: r26003: Split up DB_WRAP, as first step in an attempt to sanitize dependencies. (This used to be commit 56dfcb4f2f8e74c9d8b2fe3a0df043781188a555) --- source4/dsdb/samdb/ldb_modules/samldb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index b1366fd994..85ca1a7f4b 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -39,7 +39,7 @@ #include "dsdb/samdb/samdb.h" #include "libcli/security/security.h" #include "librpc/gen_ndr/ndr_security.h" -#include "db_wrap.h" +#include "util/util_ldb.h" int samldb_notice_sid(struct ldb_module *module, TALLOC_CTX *mem_ctx, const struct dom_sid *sid); -- cgit From adef944c4314daded57d21b8f1dd2a1b8156740e Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 27 Nov 2007 02:26:47 +0100 Subject: r26137: Rename the entryUUID module to better match it's purpose: being a simple ldap mapping (a complex mapping will follow). Fix the module to handle 'name' better, rather than using the 'name' attribute built into OpenLDAP, rename to samba4RDN. We need to see if this can be handled in the backend. Also rename the functions and inernal module name to entryuuid for consistancy. Andrew Bartlett (This used to be commit a7be80766f4270d63433bbd6a976ebf302ed3433) --- source4/dsdb/samdb/ldb_modules/config.mk | 13 +- source4/dsdb/samdb/ldb_modules/entryUUID.c | 824 ---------------------- source4/dsdb/samdb/ldb_modules/simple_ldap_map.c | 833 +++++++++++++++++++++++ 3 files changed, 840 insertions(+), 830 deletions(-) delete mode 100644 source4/dsdb/samdb/ldb_modules/entryUUID.c create mode 100644 source4/dsdb/samdb/ldb_modules/simple_ldap_map.c (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index 3c43d47cef..e9d9e18e6a 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -97,17 +97,18 @@ OBJ_FILES = \ ################################################ ################################################ -# Start MODULE ldb_entryUUID -[MODULE::ldb_entryUUID] +# Start MODULE ldb_simple_ldap_map +[MODULE::ldb_simple_ldap_map] SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY -INIT_FUNCTION = ldb_entryUUID_module_init -PRIVATE_DEPENDENCIES = LIBTALLOC +INIT_FUNCTION = ldb_simple_ldap_map_module_init +PRIVATE_DEPENDENCIES = LIBTALLOC ldb_map ENABLE = YES +ALIASES = entryuuid nsuniqueid OBJ_FILES = \ - entryUUID.o + simple_ldap_map.o # -# End MODULE ldb_entryUUID +# End MODULE ldb_entryuuid ################################################ # ################################################ diff --git a/source4/dsdb/samdb/ldb_modules/entryUUID.c b/source4/dsdb/samdb/ldb_modules/entryUUID.c deleted file mode 100644 index f4231d20d3..0000000000 --- a/source4/dsdb/samdb/ldb_modules/entryUUID.c +++ /dev/null @@ -1,824 +0,0 @@ -/* - ldb database module - - LDAP semantics mapping module - - Copyright (C) Jelmer Vernooij 2005 - Copyright (C) Andrew Bartlett 2006 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -/* - This module relies on ldb_map to do all the real work, but performs - some of the trivial mappings between AD semantics and that provided - by OpenLDAP and similar servers. -*/ - -#include "includes.h" -#include "ldb/include/ldb.h" -#include "ldb/include/ldb_private.h" -#include "ldb/include/ldb_errors.h" -#include "ldb/ldb_map/ldb_map.h" - -#include "librpc/gen_ndr/ndr_misc.h" -#include "librpc/ndr/libndr.h" - -struct entryUUID_private { - struct ldb_dn **base_dns; -}; - -static struct ldb_val encode_guid(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) -{ - struct GUID guid; - NTSTATUS status = GUID_from_string((char *)val->data, &guid); - enum ndr_err_code ndr_err; - struct ldb_val out = data_blob(NULL, 0); - - if (!NT_STATUS_IS_OK(status)) { - return out; - } - ndr_err = ndr_push_struct_blob(&out, ctx, &guid, - (ndr_push_flags_fn_t)ndr_push_GUID); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - return out; - } - - return out; -} - -static struct ldb_val guid_always_string(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) -{ - struct GUID *guid; - struct ldb_val out = data_blob(NULL, 0); - if (val->length >= 32 && val->data[val->length] == '\0') { - ldb_handler_copy(module->ldb, ctx, val, &out); - } else { - enum ndr_err_code ndr_err; - - guid = talloc(ctx, struct GUID); - if (guid == NULL) { - return out; - } - ndr_err = ndr_pull_struct_blob(val, guid, guid, - (ndr_pull_flags_fn_t)ndr_pull_GUID); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - talloc_free(guid); - return out; - } - out = data_blob_string_const(GUID_string(ctx, guid)); - talloc_free(guid); - } - return out; -} - -static struct ldb_val encode_ns_guid(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) -{ - struct GUID guid; - NTSTATUS status = NS_GUID_from_string((char *)val->data, &guid); - enum ndr_err_code ndr_err; - struct ldb_val out = data_blob(NULL, 0); - - if (!NT_STATUS_IS_OK(status)) { - return out; - } - ndr_err = ndr_push_struct_blob(&out, ctx, &guid, - (ndr_push_flags_fn_t)ndr_push_GUID); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - return out; - } - - return out; -} - -static struct ldb_val guid_ns_string(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) -{ - struct ldb_val out = data_blob(NULL, 0); - if (val->length >= 32 && val->data[val->length] == '\0') { - struct GUID guid; - GUID_from_string((char *)val->data, &guid); - out = data_blob_string_const(NS_GUID_string(ctx, &guid)); - } else { - enum ndr_err_code ndr_err; - struct GUID *guid_p; - guid_p = talloc(ctx, struct GUID); - if (guid_p == NULL) { - return out; - } - ndr_err = ndr_pull_struct_blob(val, guid_p, guid_p, - (ndr_pull_flags_fn_t)ndr_pull_GUID); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - talloc_free(guid_p); - return out; - } - out = data_blob_string_const(NS_GUID_string(ctx, guid_p)); - talloc_free(guid_p); - } - return out; -} - -/* The backend holds binary sids, so just copy them back */ -static struct ldb_val val_copy(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) -{ - struct ldb_val out = data_blob(NULL, 0); - ldb_handler_copy(module->ldb, ctx, val, &out); - - return out; -} - -/* Ensure we always convert sids into binary, so the backend doesn't have to know about both forms */ -static struct ldb_val sid_always_binary(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) -{ - struct ldb_val out = data_blob(NULL, 0); - const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(module->ldb, "objectSid"); - - if (a->syntax->canonicalise_fn(module->ldb, ctx, val, &out) != LDB_SUCCESS) { - return data_blob(NULL, 0); - } - - return out; -} - -/* Ensure we always convert objectCategory into a DN */ -static struct ldb_val objectCategory_always_dn(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) -{ - struct ldb_val out = data_blob(NULL, 0); - const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(module->ldb, "objectCategory"); - - if (a->syntax->canonicalise_fn(module->ldb, ctx, val, &out) != LDB_SUCCESS) { - return data_blob(NULL, 0); - } - - return out; -} - -static struct ldb_val normalise_to_signed32(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) -{ - long long int signed_ll = strtoll((const char *)val->data, NULL, 10); - if (signed_ll >= 0x80000000LL) { - union { - int32_t signed_int; - uint32_t unsigned_int; - } u = { - .unsigned_int = strtoul((const char *)val->data, NULL, 10) - }; - - struct ldb_val out = data_blob_string_const(talloc_asprintf(ctx, "%d", u.signed_int)); - return out; - } - return val_copy(module, ctx, val); -} - -static struct ldb_val usn_to_entryCSN(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) -{ - struct ldb_val out; - unsigned long long usn = strtoull((const char *)val->data, NULL, 10); - time_t t = (usn >> 24); - out = data_blob_string_const(talloc_asprintf(ctx, "%s#%06x#00#000000", ldb_timestring(ctx, t), (unsigned int)(usn & 0xFFFFFF))); - return out; -} - -static unsigned long long entryCSN_to_usn_int(TALLOC_CTX *ctx, const struct ldb_val *val) -{ - char *entryCSN = talloc_strdup(ctx, (const char *)val->data); - char *mod_per_sec; - time_t t; - unsigned long long usn; - char *p; - if (!entryCSN) { - return 0; - } - p = strchr(entryCSN, '#'); - if (!p) { - return 0; - } - p[0] = '\0'; - p++; - mod_per_sec = p; - - p = strchr(p, '#'); - if (!p) { - return 0; - } - p[0] = '\0'; - p++; - - usn = strtol(mod_per_sec, NULL, 16); - - t = ldb_string_to_time(entryCSN); - - usn = usn | ((unsigned long long)t <<24); - return usn; -} - -static struct ldb_val entryCSN_to_usn(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) -{ - struct ldb_val out; - unsigned long long usn = entryCSN_to_usn_int(ctx, val); - out = data_blob_string_const(talloc_asprintf(ctx, "%lld", usn)); - return out; -} - -static struct ldb_val usn_to_timestamp(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) -{ - struct ldb_val out; - unsigned long long usn = strtoull((const char *)val->data, NULL, 10); - time_t t = (usn >> 24); - out = data_blob_string_const(ldb_timestring(ctx, t)); - return out; -} - -static struct ldb_val timestamp_to_usn(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) -{ - struct ldb_val out; - time_t t; - unsigned long long usn; - - t = ldb_string_to_time((const char *)val->data); - - usn = ((unsigned long long)t <<24); - - out = data_blob_string_const(talloc_asprintf(ctx, "%lld", usn)); - return out; -} - - -static const struct ldb_map_attribute entryUUID_attributes[] = -{ - /* objectGUID */ - { - .local_name = "objectGUID", - .type = MAP_CONVERT, - .u = { - .convert = { - .remote_name = "entryUUID", - .convert_local = guid_always_string, - .convert_remote = encode_guid, - }, - }, - }, - /* invocationId */ - { - .local_name = "invocationId", - .type = MAP_CONVERT, - .u = { - .convert = { - .remote_name = "invocationId", - .convert_local = guid_always_string, - .convert_remote = encode_guid, - }, - }, - }, - /* objectSid */ - { - .local_name = "objectSid", - .type = MAP_CONVERT, - .u = { - .convert = { - .remote_name = "objectSid", - .convert_local = sid_always_binary, - .convert_remote = val_copy, - }, - }, - }, - { - .local_name = "whenCreated", - .type = MAP_RENAME, - .u = { - .rename = { - .remote_name = "createTimestamp" - } - } - }, - { - .local_name = "whenChanged", - .type = MAP_RENAME, - .u = { - .rename = { - .remote_name = "modifyTimestamp" - } - } - }, - { - .local_name = "objectClasses", - .type = MAP_RENAME, - .u = { - .rename = { - .remote_name = "samba4ObjectClasses" - } - } - }, - { - .local_name = "dITContentRules", - .type = MAP_RENAME, - .u = { - .rename = { - .remote_name = "samba4DITContentRules" - } - } - }, - { - .local_name = "attributeTypes", - .type = MAP_RENAME, - .u = { - .rename = { - .remote_name = "samba4AttributeTypes" - } - } - }, - { - .local_name = "sambaPassword", - .type = MAP_RENAME, - .u = { - .rename = { - .remote_name = "userPassword" - } - } - }, - { - .local_name = "objectCategory", - .type = MAP_CONVERT, - .u = { - .convert = { - .remote_name = "objectCategory", - .convert_local = objectCategory_always_dn, - .convert_remote = val_copy, - }, - }, - }, - { - .local_name = "distinguishedName", - .type = MAP_RENAME, - .u = { - .rename = { - .remote_name = "entryDN" - } - } - }, - { - .local_name = "groupType", - .type = MAP_CONVERT, - .u = { - .convert = { - .remote_name = "groupType", - .convert_local = normalise_to_signed32, - .convert_remote = val_copy, - }, - } - }, - { - .local_name = "sAMAccountType", - .type = MAP_CONVERT, - .u = { - .convert = { - .remote_name = "sAMAccountType", - .convert_local = normalise_to_signed32, - .convert_remote = val_copy, - }, - } - }, - { - .local_name = "usnChanged", - .type = MAP_CONVERT, - .u = { - .convert = { - .remote_name = "entryCSN", - .convert_local = usn_to_entryCSN, - .convert_remote = entryCSN_to_usn - }, - }, - }, - { - .local_name = "usnCreated", - .type = MAP_CONVERT, - .u = { - .convert = { - .remote_name = "createTimestamp", - .convert_local = usn_to_timestamp, - .convert_remote = timestamp_to_usn, - }, - }, - }, - { - .local_name = "*", - .type = MAP_KEEP, - }, - { - .local_name = NULL, - } -}; - -/* This objectClass conflicts with builtin classes on OpenLDAP */ -const struct ldb_map_objectclass entryUUID_objectclasses[] = -{ - { - .local_name = "subSchema", - .remote_name = "samba4SubSchema" - }, - { - .local_name = NULL - } -}; - -/* These things do not show up in wildcard searches in OpenLDAP, but - * we need them to show up in the AD-like view */ -static const char * const entryUUID_wildcard_attributes[] = { - "objectGUID", - "whenCreated", - "whenChanged", - "usnCreated", - "usnChanged", - NULL -}; - -static const struct ldb_map_attribute nsuniqueid_attributes[] = -{ - /* objectGUID */ - { - .local_name = "objectGUID", - .type = MAP_CONVERT, - .u = { - .convert = { - .remote_name = "nsuniqueid", - .convert_local = guid_ns_string, - .convert_remote = encode_ns_guid, - }, - }, - }, - /* objectSid */ - { - .local_name = "objectSid", - .type = MAP_CONVERT, - .u = { - .convert = { - .remote_name = "objectSid", - .convert_local = sid_always_binary, - .convert_remote = val_copy, - }, - }, - }, - { - .local_name = "whenCreated", - .type = MAP_RENAME, - .u = { - .rename = { - .remote_name = "createTimestamp" - } - } - }, - { - .local_name = "whenChanged", - .type = MAP_RENAME, - .u = { - .rename = { - .remote_name = "modifyTimestamp" - } - } - }, - { - .local_name = "sambaPassword", - .type = MAP_RENAME, - .u = { - .rename = { - .remote_name = "userPassword" - } - } - }, - { - .local_name = "objectCategory", - .type = MAP_CONVERT, - .u = { - .convert = { - .remote_name = "objectCategory", - .convert_local = objectCategory_always_dn, - .convert_remote = val_copy, - }, - }, - }, - { - .local_name = "distinguishedName", - .type = MAP_RENAME, - .u = { - .rename = { - .remote_name = "entryDN" - } - } - }, - { - .local_name = "groupType", - .type = MAP_CONVERT, - .u = { - .convert = { - .remote_name = "groupType", - .convert_local = normalise_to_signed32, - .convert_remote = val_copy, - }, - } - }, - { - .local_name = "sAMAccountType", - .type = MAP_CONVERT, - .u = { - .convert = { - .remote_name = "sAMAccountType", - .convert_local = normalise_to_signed32, - .convert_remote = val_copy, - }, - } - }, - { - .local_name = "usnChanged", - .type = MAP_CONVERT, - .u = { - .convert = { - .remote_name = "modifyTimestamp", - .convert_local = usn_to_timestamp, - .convert_remote = timestamp_to_usn, - }, - }, - }, - { - .local_name = "usnCreated", - .type = MAP_CONVERT, - .u = { - .convert = { - .remote_name = "createTimestamp", - .convert_local = usn_to_timestamp, - .convert_remote = timestamp_to_usn, - }, - }, - }, - { - .local_name = "*", - .type = MAP_KEEP, - }, - { - .local_name = NULL, - } -}; - -/* These things do not show up in wildcard searches in OpenLDAP, but - * we need them to show up in the AD-like view */ -static const char * const nsuniqueid_wildcard_attributes[] = { - "objectGUID", - "whenCreated", - "whenChanged", - "usnCreated", - "usnChanged", - NULL -}; - -static int get_remote_rootdse(struct ldb_context *ldb, void *context, - struct ldb_reply *ares) -{ - struct entryUUID_private *entryUUID_private; - entryUUID_private = talloc_get_type(context, - struct entryUUID_private); - if (ares->type == LDB_REPLY_ENTRY) { - int i; - struct ldb_message_element *el = ldb_msg_find_element(ares->message, "namingContexts"); - entryUUID_private->base_dns = talloc_realloc(entryUUID_private, entryUUID_private->base_dns, struct ldb_dn *, - el->num_values + 1); - for (i=0; i < el->num_values; i++) { - if (!entryUUID_private->base_dns) { - return LDB_ERR_OPERATIONS_ERROR; - } - entryUUID_private->base_dns[i] = ldb_dn_new(entryUUID_private->base_dns, ldb, (const char *)el->values[i].data); - if ( ! ldb_dn_validate(entryUUID_private->base_dns[i])) { - return LDB_ERR_OPERATIONS_ERROR; - } - } - entryUUID_private->base_dns[i] = NULL; - } - - return LDB_SUCCESS; -} - -static int find_base_dns(struct ldb_module *module, - struct entryUUID_private *entryUUID_private) -{ - int ret; - struct ldb_request *req; - const char *naming_context_attr[] = { - "namingContexts", - NULL - }; - req = talloc(entryUUID_private, struct ldb_request); - if (req == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); - return LDB_ERR_OPERATIONS_ERROR; - } - - req->operation = LDB_SEARCH; - req->op.search.base = ldb_dn_new(req, module->ldb, NULL); - req->op.search.scope = LDB_SCOPE_BASE; - - req->op.search.tree = ldb_parse_tree(req, "objectClass=*"); - if (req->op.search.tree == NULL) { - ldb_set_errstring(module->ldb, "Unable to parse search expression"); - talloc_free(req); - return LDB_ERR_OPERATIONS_ERROR; - } - - req->op.search.attrs = naming_context_attr; - req->controls = NULL; - req->context = entryUUID_private; - req->callback = get_remote_rootdse; - ldb_set_timeout(module->ldb, req, 0); /* use default timeout */ - - ret = ldb_next_request(module, req); - - if (ret == LDB_SUCCESS) { - ret = ldb_wait(req->handle, LDB_WAIT_ALL); - } - - talloc_free(req); - if (ret != LDB_SUCCESS) { - return ret; - } - - return LDB_SUCCESS; -} - -/* the context init function */ -static int entryUUID_init(struct ldb_module *module) -{ - int ret; - struct map_private *map_private; - struct entryUUID_private *entryUUID_private; - - ret = ldb_map_init(module, entryUUID_attributes, entryUUID_objectclasses, entryUUID_wildcard_attributes, NULL); - if (ret != LDB_SUCCESS) - return ret; - - map_private = talloc_get_type(module->private_data, struct map_private); - - entryUUID_private = talloc_zero(map_private, struct entryUUID_private); - map_private->caller_private = entryUUID_private; - - ret = find_base_dns(module, entryUUID_private); - - return ldb_next_init(module); -} - -/* the context init function */ -static int nsuniqueid_init(struct ldb_module *module) -{ - int ret; - struct map_private *map_private; - struct entryUUID_private *entryUUID_private; - - ret = ldb_map_init(module, nsuniqueid_attributes, NULL, nsuniqueid_wildcard_attributes, NULL); - if (ret != LDB_SUCCESS) - return ret; - - map_private = talloc_get_type(module->private_data, struct map_private); - - entryUUID_private = talloc_zero(map_private, struct entryUUID_private); - map_private->caller_private = entryUUID_private; - - ret = find_base_dns(module, entryUUID_private); - - return ldb_next_init(module); -} - -static int get_seq(struct ldb_context *ldb, void *context, - struct ldb_reply *ares) -{ - unsigned long long *max_seq = (unsigned long long *)context; - unsigned long long seq; - if (ares->type == LDB_REPLY_ENTRY) { - struct ldb_message_element *el = ldb_msg_find_element(ares->message, "contextCSN"); - if (el) { - seq = entryCSN_to_usn_int(ares, &el->values[0]); - *max_seq = MAX(seq, *max_seq); - } - } - - return LDB_SUCCESS; -} - -static int entryUUID_sequence_number(struct ldb_module *module, struct ldb_request *req) -{ - int i, ret; - struct map_private *map_private; - struct entryUUID_private *entryUUID_private; - unsigned long long max_seq = 0; - struct ldb_request *search_req; - map_private = talloc_get_type(module->private_data, struct map_private); - - entryUUID_private = talloc_get_type(map_private->caller_private, struct entryUUID_private); - - /* Search the baseDNs for a sequence number */ - for (i=0; entryUUID_private && - entryUUID_private->base_dns && - entryUUID_private->base_dns[i]; - i++) { - static const char *contextCSN_attr[] = { - "contextCSN", NULL - }; - search_req = talloc(req, struct ldb_request); - if (search_req == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); - return LDB_ERR_OPERATIONS_ERROR; - } - - search_req->operation = LDB_SEARCH; - search_req->op.search.base = entryUUID_private->base_dns[i]; - search_req->op.search.scope = LDB_SCOPE_BASE; - - search_req->op.search.tree = ldb_parse_tree(search_req, "objectClass=*"); - if (search_req->op.search.tree == NULL) { - ldb_set_errstring(module->ldb, "Unable to parse search expression"); - talloc_free(search_req); - return LDB_ERR_OPERATIONS_ERROR; - } - - search_req->op.search.attrs = contextCSN_attr; - search_req->controls = NULL; - search_req->context = &max_seq; - search_req->callback = get_seq; - ldb_set_timeout(module->ldb, search_req, 0); /* use default timeout */ - - ret = ldb_next_request(module, search_req); - - if (ret == LDB_SUCCESS) { - ret = ldb_wait(search_req->handle, LDB_WAIT_ALL); - } - - talloc_free(search_req); - if (ret != LDB_SUCCESS) { - return ret; - } - } - - switch (req->op.seq_num.type) { - case LDB_SEQ_HIGHEST_SEQ: - req->op.seq_num.seq_num = max_seq; - break; - case LDB_SEQ_NEXT: - req->op.seq_num.seq_num = max_seq; - req->op.seq_num.seq_num++; - break; - case LDB_SEQ_HIGHEST_TIMESTAMP: - { - req->op.seq_num.seq_num = (max_seq >> 24); - break; - } - } - req->op.seq_num.flags = 0; - req->op.seq_num.flags |= LDB_SEQ_TIMESTAMP_SEQUENCE; - req->op.seq_num.flags |= LDB_SEQ_GLOBAL_SEQUENCE; - return LDB_SUCCESS; -} - -static struct ldb_module_ops entryUUID_ops = { - .name = "entryUUID", - .init_context = entryUUID_init, - .sequence_number = entryUUID_sequence_number -}; - -static struct ldb_module_ops nsuniqueid_ops = { - .name = "nsuniqueid", - .init_context = nsuniqueid_init, - .sequence_number = entryUUID_sequence_number -}; - -/* the init function */ -int ldb_entryUUID_module_init(void) -{ - int ret; - struct ldb_module_ops ops = ldb_map_get_ops(); - entryUUID_ops.add = ops.add; - entryUUID_ops.modify = ops.modify; - entryUUID_ops.del = ops.del; - entryUUID_ops.rename = ops.rename; - entryUUID_ops.search = ops.search; - entryUUID_ops.wait = ops.wait; - ret = ldb_register_module(&entryUUID_ops); - - if (ret) { - return ret; - } - - nsuniqueid_ops.add = ops.add; - nsuniqueid_ops.modify = ops.modify; - nsuniqueid_ops.del = ops.del; - nsuniqueid_ops.rename = ops.rename; - nsuniqueid_ops.search = ops.search; - nsuniqueid_ops.wait = ops.wait; - ret = ldb_register_module(&nsuniqueid_ops); - - return ret; -} diff --git a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c new file mode 100644 index 0000000000..2b8b07f0b4 --- /dev/null +++ b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c @@ -0,0 +1,833 @@ +/* + ldb database module + + LDAP semantics mapping module + + Copyright (C) Jelmer Vernooij 2005 + Copyright (C) Andrew Bartlett 2006 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +/* + This module relies on ldb_map to do all the real work, but performs + some of the trivial mappings between AD semantics and that provided + by OpenLDAP and similar servers. +*/ + +#include "includes.h" +#include "ldb/include/ldb.h" +#include "ldb/include/ldb_private.h" +#include "ldb/include/ldb_errors.h" +#include "ldb/ldb_map/ldb_map.h" + +#include "librpc/gen_ndr/ndr_misc.h" +#include "librpc/ndr/libndr.h" + +struct entryuuid_private { + struct ldb_dn **base_dns; +}; + +static struct ldb_val encode_guid(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) +{ + struct GUID guid; + NTSTATUS status = GUID_from_string((char *)val->data, &guid); + enum ndr_err_code ndr_err; + struct ldb_val out = data_blob(NULL, 0); + + if (!NT_STATUS_IS_OK(status)) { + return out; + } + ndr_err = ndr_push_struct_blob(&out, ctx, &guid, + (ndr_push_flags_fn_t)ndr_push_GUID); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + return out; + } + + return out; +} + +static struct ldb_val guid_always_string(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) +{ + struct GUID *guid; + struct ldb_val out = data_blob(NULL, 0); + if (val->length >= 32 && val->data[val->length] == '\0') { + ldb_handler_copy(module->ldb, ctx, val, &out); + } else { + enum ndr_err_code ndr_err; + + guid = talloc(ctx, struct GUID); + if (guid == NULL) { + return out; + } + ndr_err = ndr_pull_struct_blob(val, guid, guid, + (ndr_pull_flags_fn_t)ndr_pull_GUID); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + talloc_free(guid); + return out; + } + out = data_blob_string_const(GUID_string(ctx, guid)); + talloc_free(guid); + } + return out; +} + +static struct ldb_val encode_ns_guid(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) +{ + struct GUID guid; + NTSTATUS status = NS_GUID_from_string((char *)val->data, &guid); + enum ndr_err_code ndr_err; + struct ldb_val out = data_blob(NULL, 0); + + if (!NT_STATUS_IS_OK(status)) { + return out; + } + ndr_err = ndr_push_struct_blob(&out, ctx, &guid, + (ndr_push_flags_fn_t)ndr_push_GUID); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + return out; + } + + return out; +} + +static struct ldb_val guid_ns_string(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) +{ + struct ldb_val out = data_blob(NULL, 0); + if (val->length >= 32 && val->data[val->length] == '\0') { + struct GUID guid; + GUID_from_string((char *)val->data, &guid); + out = data_blob_string_const(NS_GUID_string(ctx, &guid)); + } else { + enum ndr_err_code ndr_err; + struct GUID *guid_p; + guid_p = talloc(ctx, struct GUID); + if (guid_p == NULL) { + return out; + } + ndr_err = ndr_pull_struct_blob(val, guid_p, guid_p, + (ndr_pull_flags_fn_t)ndr_pull_GUID); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + talloc_free(guid_p); + return out; + } + out = data_blob_string_const(NS_GUID_string(ctx, guid_p)); + talloc_free(guid_p); + } + return out; +} + +/* The backend holds binary sids, so just copy them back */ +static struct ldb_val val_copy(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) +{ + struct ldb_val out = data_blob(NULL, 0); + ldb_handler_copy(module->ldb, ctx, val, &out); + + return out; +} + +/* Ensure we always convert sids into binary, so the backend doesn't have to know about both forms */ +static struct ldb_val sid_always_binary(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) +{ + struct ldb_val out = data_blob(NULL, 0); + const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(module->ldb, "objectSid"); + + if (a->syntax->canonicalise_fn(module->ldb, ctx, val, &out) != LDB_SUCCESS) { + return data_blob(NULL, 0); + } + + return out; +} + +/* Ensure we always convert objectCategory into a DN */ +static struct ldb_val objectCategory_always_dn(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) +{ + struct ldb_val out = data_blob(NULL, 0); + const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(module->ldb, "objectCategory"); + + if (a->syntax->canonicalise_fn(module->ldb, ctx, val, &out) != LDB_SUCCESS) { + return data_blob(NULL, 0); + } + + return out; +} + +static struct ldb_val normalise_to_signed32(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) +{ + long long int signed_ll = strtoll((const char *)val->data, NULL, 10); + if (signed_ll >= 0x80000000LL) { + union { + int32_t signed_int; + uint32_t unsigned_int; + } u = { + .unsigned_int = strtoul((const char *)val->data, NULL, 10) + }; + + struct ldb_val out = data_blob_string_const(talloc_asprintf(ctx, "%d", u.signed_int)); + return out; + } + return val_copy(module, ctx, val); +} + +static struct ldb_val usn_to_entryCSN(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) +{ + struct ldb_val out; + unsigned long long usn = strtoull((const char *)val->data, NULL, 10); + time_t t = (usn >> 24); + out = data_blob_string_const(talloc_asprintf(ctx, "%s#%06x#00#000000", ldb_timestring(ctx, t), (unsigned int)(usn & 0xFFFFFF))); + return out; +} + +static unsigned long long entryCSN_to_usn_int(TALLOC_CTX *ctx, const struct ldb_val *val) +{ + char *entryCSN = talloc_strdup(ctx, (const char *)val->data); + char *mod_per_sec; + time_t t; + unsigned long long usn; + char *p; + if (!entryCSN) { + return 0; + } + p = strchr(entryCSN, '#'); + if (!p) { + return 0; + } + p[0] = '\0'; + p++; + mod_per_sec = p; + + p = strchr(p, '#'); + if (!p) { + return 0; + } + p[0] = '\0'; + p++; + + usn = strtol(mod_per_sec, NULL, 16); + + t = ldb_string_to_time(entryCSN); + + usn = usn | ((unsigned long long)t <<24); + return usn; +} + +static struct ldb_val entryCSN_to_usn(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) +{ + struct ldb_val out; + unsigned long long usn = entryCSN_to_usn_int(ctx, val); + out = data_blob_string_const(talloc_asprintf(ctx, "%lld", usn)); + return out; +} + +static struct ldb_val usn_to_timestamp(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) +{ + struct ldb_val out; + unsigned long long usn = strtoull((const char *)val->data, NULL, 10); + time_t t = (usn >> 24); + out = data_blob_string_const(ldb_timestring(ctx, t)); + return out; +} + +static struct ldb_val timestamp_to_usn(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) +{ + struct ldb_val out; + time_t t; + unsigned long long usn; + + t = ldb_string_to_time((const char *)val->data); + + usn = ((unsigned long long)t <<24); + + out = data_blob_string_const(talloc_asprintf(ctx, "%lld", usn)); + return out; +} + + +static const struct ldb_map_attribute entryuuid_attributes[] = +{ + /* objectGUID */ + { + .local_name = "objectGUID", + .type = MAP_CONVERT, + .u = { + .convert = { + .remote_name = "entryUUID", + .convert_local = guid_always_string, + .convert_remote = encode_guid, + }, + }, + }, + /* invocationId */ + { + .local_name = "invocationId", + .type = MAP_CONVERT, + .u = { + .convert = { + .remote_name = "invocationId", + .convert_local = guid_always_string, + .convert_remote = encode_guid, + }, + }, + }, + /* objectSid */ + { + .local_name = "objectSid", + .type = MAP_CONVERT, + .u = { + .convert = { + .remote_name = "objectSid", + .convert_local = sid_always_binary, + .convert_remote = val_copy, + }, + }, + }, + { + .local_name = "name", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "samba4RDN" + } + } + }, + { + .local_name = "whenCreated", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "createTimestamp" + } + } + }, + { + .local_name = "whenChanged", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "modifyTimestamp" + } + } + }, + { + .local_name = "objectClasses", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "samba4ObjectClasses" + } + } + }, + { + .local_name = "dITContentRules", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "samba4DITContentRules" + } + } + }, + { + .local_name = "attributeTypes", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "samba4AttributeTypes" + } + } + }, + { + .local_name = "sambaPassword", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "userPassword" + } + } + }, + { + .local_name = "objectCategory", + .type = MAP_CONVERT, + .u = { + .convert = { + .remote_name = "objectCategory", + .convert_local = objectCategory_always_dn, + .convert_remote = val_copy, + }, + }, + }, + { + .local_name = "distinguishedName", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "entryDN" + } + } + }, + { + .local_name = "groupType", + .type = MAP_CONVERT, + .u = { + .convert = { + .remote_name = "groupType", + .convert_local = normalise_to_signed32, + .convert_remote = val_copy, + }, + } + }, + { + .local_name = "sAMAccountType", + .type = MAP_CONVERT, + .u = { + .convert = { + .remote_name = "sAMAccountType", + .convert_local = normalise_to_signed32, + .convert_remote = val_copy, + }, + } + }, + { + .local_name = "usnChanged", + .type = MAP_CONVERT, + .u = { + .convert = { + .remote_name = "entryCSN", + .convert_local = usn_to_entryCSN, + .convert_remote = entryCSN_to_usn + }, + }, + }, + { + .local_name = "usnCreated", + .type = MAP_CONVERT, + .u = { + .convert = { + .remote_name = "createTimestamp", + .convert_local = usn_to_timestamp, + .convert_remote = timestamp_to_usn, + }, + }, + }, + { + .local_name = "*", + .type = MAP_KEEP, + }, + { + .local_name = NULL, + } +}; + +/* This objectClass conflicts with builtin classes on OpenLDAP */ +const struct ldb_map_objectclass entryuuid_objectclasses[] = +{ + { + .local_name = "subSchema", + .remote_name = "samba4SubSchema" + }, + { + .local_name = NULL + } +}; + +/* These things do not show up in wildcard searches in OpenLDAP, but + * we need them to show up in the AD-like view */ +static const char * const entryuuid_wildcard_attributes[] = { + "objectGUID", + "whenCreated", + "whenChanged", + "usnCreated", + "usnChanged", + NULL +}; + +static const struct ldb_map_attribute nsuniqueid_attributes[] = +{ + /* objectGUID */ + { + .local_name = "objectGUID", + .type = MAP_CONVERT, + .u = { + .convert = { + .remote_name = "nsuniqueid", + .convert_local = guid_ns_string, + .convert_remote = encode_ns_guid, + }, + }, + }, + /* objectSid */ + { + .local_name = "objectSid", + .type = MAP_CONVERT, + .u = { + .convert = { + .remote_name = "objectSid", + .convert_local = sid_always_binary, + .convert_remote = val_copy, + }, + }, + }, + { + .local_name = "whenCreated", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "createTimestamp" + } + } + }, + { + .local_name = "whenChanged", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "modifyTimestamp" + } + } + }, + { + .local_name = "sambaPassword", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "userPassword" + } + } + }, + { + .local_name = "objectCategory", + .type = MAP_CONVERT, + .u = { + .convert = { + .remote_name = "objectCategory", + .convert_local = objectCategory_always_dn, + .convert_remote = val_copy, + }, + }, + }, + { + .local_name = "distinguishedName", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "entryDN" + } + } + }, + { + .local_name = "groupType", + .type = MAP_CONVERT, + .u = { + .convert = { + .remote_name = "groupType", + .convert_local = normalise_to_signed32, + .convert_remote = val_copy, + }, + } + }, + { + .local_name = "sAMAccountType", + .type = MAP_CONVERT, + .u = { + .convert = { + .remote_name = "sAMAccountType", + .convert_local = normalise_to_signed32, + .convert_remote = val_copy, + }, + } + }, + { + .local_name = "usnChanged", + .type = MAP_CONVERT, + .u = { + .convert = { + .remote_name = "modifyTimestamp", + .convert_local = usn_to_timestamp, + .convert_remote = timestamp_to_usn, + }, + }, + }, + { + .local_name = "usnCreated", + .type = MAP_CONVERT, + .u = { + .convert = { + .remote_name = "createTimestamp", + .convert_local = usn_to_timestamp, + .convert_remote = timestamp_to_usn, + }, + }, + }, + { + .local_name = "*", + .type = MAP_KEEP, + }, + { + .local_name = NULL, + } +}; + +/* These things do not show up in wildcard searches in OpenLDAP, but + * we need them to show up in the AD-like view */ +static const char * const nsuniqueid_wildcard_attributes[] = { + "objectGUID", + "whenCreated", + "whenChanged", + "usnCreated", + "usnChanged", + NULL +}; + +static int get_remote_rootdse(struct ldb_context *ldb, void *context, + struct ldb_reply *ares) +{ + struct entryuuid_private *entryuuid_private; + entryuuid_private = talloc_get_type(context, + struct entryuuid_private); + if (ares->type == LDB_REPLY_ENTRY) { + int i; + struct ldb_message_element *el = ldb_msg_find_element(ares->message, "namingContexts"); + entryuuid_private->base_dns = talloc_realloc(entryuuid_private, entryuuid_private->base_dns, struct ldb_dn *, + el->num_values + 1); + for (i=0; i < el->num_values; i++) { + if (!entryuuid_private->base_dns) { + return LDB_ERR_OPERATIONS_ERROR; + } + entryuuid_private->base_dns[i] = ldb_dn_new(entryuuid_private->base_dns, ldb, (const char *)el->values[i].data); + if ( ! ldb_dn_validate(entryuuid_private->base_dns[i])) { + return LDB_ERR_OPERATIONS_ERROR; + } + } + entryuuid_private->base_dns[i] = NULL; + } + + return LDB_SUCCESS; +} + +static int find_base_dns(struct ldb_module *module, + struct entryuuid_private *entryuuid_private) +{ + int ret; + struct ldb_request *req; + const char *naming_context_attr[] = { + "namingContexts", + NULL + }; + req = talloc(entryuuid_private, struct ldb_request); + if (req == NULL) { + ldb_set_errstring(module->ldb, "Out of Memory"); + return LDB_ERR_OPERATIONS_ERROR; + } + + req->operation = LDB_SEARCH; + req->op.search.base = ldb_dn_new(req, module->ldb, NULL); + req->op.search.scope = LDB_SCOPE_BASE; + + req->op.search.tree = ldb_parse_tree(req, "objectClass=*"); + if (req->op.search.tree == NULL) { + ldb_set_errstring(module->ldb, "Unable to parse search expression"); + talloc_free(req); + return LDB_ERR_OPERATIONS_ERROR; + } + + req->op.search.attrs = naming_context_attr; + req->controls = NULL; + req->context = entryuuid_private; + req->callback = get_remote_rootdse; + ldb_set_timeout(module->ldb, req, 0); /* use default timeout */ + + ret = ldb_next_request(module, req); + + if (ret == LDB_SUCCESS) { + ret = ldb_wait(req->handle, LDB_WAIT_ALL); + } + + talloc_free(req); + if (ret != LDB_SUCCESS) { + return ret; + } + + return LDB_SUCCESS; +} + +/* the context init function */ +static int entryuuid_init(struct ldb_module *module) +{ + int ret; + struct map_private *map_private; + struct entryuuid_private *entryuuid_private; + + ret = ldb_map_init(module, entryuuid_attributes, entryuuid_objectclasses, entryuuid_wildcard_attributes, NULL); + if (ret != LDB_SUCCESS) + return ret; + + map_private = talloc_get_type(module->private_data, struct map_private); + + entryuuid_private = talloc_zero(map_private, struct entryuuid_private); + map_private->caller_private = entryuuid_private; + + ret = find_base_dns(module, entryuuid_private); + + return ldb_next_init(module); +} + +/* the context init function */ +static int nsuniqueid_init(struct ldb_module *module) +{ + int ret; + struct map_private *map_private; + struct entryuuid_private *entryuuid_private; + + ret = ldb_map_init(module, nsuniqueid_attributes, NULL, nsuniqueid_wildcard_attributes, NULL); + if (ret != LDB_SUCCESS) + return ret; + + map_private = talloc_get_type(module->private_data, struct map_private); + + entryuuid_private = talloc_zero(map_private, struct entryuuid_private); + map_private->caller_private = entryuuid_private; + + ret = find_base_dns(module, entryuuid_private); + + return ldb_next_init(module); +} + +static int get_seq(struct ldb_context *ldb, void *context, + struct ldb_reply *ares) +{ + unsigned long long *max_seq = (unsigned long long *)context; + unsigned long long seq; + if (ares->type == LDB_REPLY_ENTRY) { + struct ldb_message_element *el = ldb_msg_find_element(ares->message, "contextCSN"); + if (el) { + seq = entryCSN_to_usn_int(ares, &el->values[0]); + *max_seq = MAX(seq, *max_seq); + } + } + + return LDB_SUCCESS; +} + +static int entryuuid_sequence_number(struct ldb_module *module, struct ldb_request *req) +{ + int i, ret; + struct map_private *map_private; + struct entryuuid_private *entryuuid_private; + unsigned long long max_seq = 0; + struct ldb_request *search_req; + map_private = talloc_get_type(module->private_data, struct map_private); + + entryuuid_private = talloc_get_type(map_private->caller_private, struct entryuuid_private); + + /* Search the baseDNs for a sequence number */ + for (i=0; entryuuid_private && + entryuuid_private->base_dns && + entryuuid_private->base_dns[i]; + i++) { + static const char *contextCSN_attr[] = { + "contextCSN", NULL + }; + search_req = talloc(req, struct ldb_request); + if (search_req == NULL) { + ldb_set_errstring(module->ldb, "Out of Memory"); + return LDB_ERR_OPERATIONS_ERROR; + } + + search_req->operation = LDB_SEARCH; + search_req->op.search.base = entryuuid_private->base_dns[i]; + search_req->op.search.scope = LDB_SCOPE_BASE; + + search_req->op.search.tree = ldb_parse_tree(search_req, "objectClass=*"); + if (search_req->op.search.tree == NULL) { + ldb_set_errstring(module->ldb, "Unable to parse search expression"); + talloc_free(search_req); + return LDB_ERR_OPERATIONS_ERROR; + } + + search_req->op.search.attrs = contextCSN_attr; + search_req->controls = NULL; + search_req->context = &max_seq; + search_req->callback = get_seq; + ldb_set_timeout(module->ldb, search_req, 0); /* use default timeout */ + + ret = ldb_next_request(module, search_req); + + if (ret == LDB_SUCCESS) { + ret = ldb_wait(search_req->handle, LDB_WAIT_ALL); + } + + talloc_free(search_req); + if (ret != LDB_SUCCESS) { + return ret; + } + } + + switch (req->op.seq_num.type) { + case LDB_SEQ_HIGHEST_SEQ: + req->op.seq_num.seq_num = max_seq; + break; + case LDB_SEQ_NEXT: + req->op.seq_num.seq_num = max_seq; + req->op.seq_num.seq_num++; + break; + case LDB_SEQ_HIGHEST_TIMESTAMP: + { + req->op.seq_num.seq_num = (max_seq >> 24); + break; + } + } + req->op.seq_num.flags = 0; + req->op.seq_num.flags |= LDB_SEQ_TIMESTAMP_SEQUENCE; + req->op.seq_num.flags |= LDB_SEQ_GLOBAL_SEQUENCE; + return LDB_SUCCESS; +} + +static struct ldb_module_ops entryuuid_ops = { + .name = "entryuuid", + .init_context = entryuuid_init, + .sequence_number = entryuuid_sequence_number +}; + +static struct ldb_module_ops nsuniqueid_ops = { + .name = "nsuniqueid", + .init_context = nsuniqueid_init, + .sequence_number = entryuuid_sequence_number +}; + +/* the init function */ +int ldb_simple_ldap_map_module_init(void) +{ + int ret; + struct ldb_module_ops ops = ldb_map_get_ops(); + entryuuid_ops.add = ops.add; + entryuuid_ops.modify = ops.modify; + entryuuid_ops.del = ops.del; + entryuuid_ops.rename = ops.rename; + entryuuid_ops.search = ops.search; + entryuuid_ops.wait = ops.wait; + ret = ldb_register_module(&entryuuid_ops); + + if (ret) { + return ret; + } + + nsuniqueid_ops.add = ops.add; + nsuniqueid_ops.modify = ops.modify; + nsuniqueid_ops.del = ops.del; + nsuniqueid_ops.rename = ops.rename; + nsuniqueid_ops.search = ops.search; + nsuniqueid_ops.wait = ops.wait; + ret = ldb_register_module(&nsuniqueid_ops); + + return ret; +} -- cgit From 470043bf7ae038e590a011e90bbf610c76d53767 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 27 Nov 2007 04:43:20 +0100 Subject: r26140: Add a new test for searches by distinguieshedName and dn, and implement these in the simple ldap mapping module. We still don't pass this test, because we must get linked attributes into OpenLDAP. Andrew Bartlett (This used to be commit d41f34e979bb119f71ab3cc2fdb3c08e4b92849c) --- source4/dsdb/samdb/ldb_modules/simple_ldap_map.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c index 2b8b07f0b4..7efcccc9ff 100644 --- a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c +++ b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c @@ -375,6 +375,15 @@ static const struct ldb_map_attribute entryuuid_attributes[] = } } }, + { + .local_name = "dn", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "entryDN" + } + } + }, { .local_name = "groupType", .type = MAP_CONVERT, @@ -524,6 +533,15 @@ static const struct ldb_map_attribute nsuniqueid_attributes[] = } } }, + { + .local_name = "dn", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "entryDN" + } + } + }, { .local_name = "groupType", .type = MAP_CONVERT, -- cgit From 37fdef233e3761d511c624ab79c8ef1587090fba Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 28 Nov 2007 04:24:12 +0100 Subject: r26182: Extend our linked attribute testsuite to cover many more possible modifications, and then extend our implementation to match. Andrew Bartlett (This used to be commit 65d17f0ad7ead438333abcccb0bd56b038ffb88e) --- source4/dsdb/samdb/ldb_modules/linked_attributes.c | 292 +++++++++++++++------ 1 file changed, 218 insertions(+), 74 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/linked_attributes.c b/source4/dsdb/samdb/ldb_modules/linked_attributes.c index fd36c16d56..803d24e34e 100644 --- a/source4/dsdb/samdb/ldb_modules/linked_attributes.c +++ b/source4/dsdb/samdb/ldb_modules/linked_attributes.c @@ -34,19 +34,28 @@ #include "dsdb/samdb/samdb.h" struct linked_attributes_context { - enum la_step {LA_SEARCH, LA_DO_OPS} step; + enum la_step {LA_SEARCH, LA_DO_OPS, LA_DO_ORIG} step; struct ldb_module *module; struct ldb_handle *handle; struct ldb_request *orig_req; struct ldb_request *search_req; struct ldb_request **down_req; + struct ldb_request *orig_down_req; + int num_requests; int finished_requests; const char **linked_attrs; }; +struct replace_context { + struct linked_attributes_context *ac; + struct ldb_message_element *el; +}; + +static int linked_attributes_rename_del_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares); + static struct linked_attributes_context *linked_attributes_init_handle(struct ldb_request *req, struct ldb_module *module) { @@ -73,6 +82,14 @@ static struct linked_attributes_context *linked_attributes_init_handle(struct ld ac->module = module; ac->handle = h; ac->orig_req = req; + + ac->orig_down_req = talloc(ac, struct ldb_request); + if (!ac->orig_down_req) { + ldb_oom(ac->module->ldb); + return NULL; + } + + *ac->orig_down_req = *req; req->handle = h; @@ -211,7 +228,7 @@ static int setup_modifies(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, /* add */ static int linked_attributes_add(struct ldb_module *module, struct ldb_request *req) { - int i, ret; + int i; struct linked_attributes_context *ac; const struct dsdb_schema *schema = dsdb_get_schema(module->ldb); @@ -231,29 +248,8 @@ static int linked_attributes_add(struct ldb_module *module, struct ldb_request * return LDB_ERR_OPERATIONS_ERROR; } - /* prepare the first operation */ - ac->down_req = talloc_realloc(ac, ac->down_req, - struct ldb_request *, 1); - if (!ac->down_req) { - ldb_oom(ac->module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - - ac->down_req[0] = talloc(ac->down_req, struct ldb_request); - if (!ac->down_req[0]) { - ldb_oom(ac->module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - *(ac->down_req[0]) = *req; /* copy the request */ - - ac->num_requests++; + ac->step = LA_DO_OPS; - /* Run the original request */ - ret = ldb_next_request(module, ac->down_req[0]); - if (ret != LDB_SUCCESS) { - return ret; - } - /* Need to ensure we only have forward links being specified */ for (i=0; i < req->op.add.message->num_elements; i++) { const struct ldb_message_element *el = &req->op.add.message->elements[i]; @@ -279,12 +275,77 @@ static int linked_attributes_add(struct ldb_module *module, struct ldb_request * /* Even link IDs are for the originating attribute */ } - ac->step = LA_DO_OPS; - /* Now call the common routine to setup the modifies across all the attributes */ return setup_modifies(module->ldb, ac, ac, req->op.add.message, NULL, req->op.add.message->dn); } +static int linked_attributes_mod_replace_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +{ + struct replace_context *ac2 = talloc_get_type(context, struct replace_context); + struct linked_attributes_context *ac = ac2->ac; + + /* OK, we have one search result here: */ + + /* Only entries are interesting, and we only want the olddn */ + if (ares->type == LDB_REPLY_ENTRY + && ldb_dn_compare(ares->message->dn, ac->orig_req->op.mod.message->dn) == 0) { + /* only bother at all if there were some linked attributes found */ + struct ldb_message_element *search_el + = ldb_msg_find_element(ares->message, + ac2->el->name); + + /* See if this element already exists */ + if (search_el) { + int ret; + struct ldb_message *msg = ldb_msg_new(ac); + if (!msg) { + ldb_oom(ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + /* Lazy option: Delete and add the elements on all members */ + msg->num_elements = 1; + msg->elements = search_el; + msg->dn = ac->orig_req->op.mod.message->dn; + + ret = setup_modifies(ac->module->ldb, ac2, ac, msg, ares->message->dn, NULL); + if (ret != LDB_SUCCESS) { + return ret; + } + + msg->elements = ac2->el; + + ret = setup_modifies(ac->module->ldb, ac2, ac, msg, NULL, ares->message->dn); + if (ret != LDB_SUCCESS) { + return ret; + } + + } else { + /* Looks like it doesn't exist, process like an 'add' */ + struct ldb_message *msg = ldb_msg_new(ac); + if (!msg) { + ldb_oom(ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + msg->num_elements = 1; + msg->elements = ac2->el; + msg->dn = ac->orig_req->op.mod.message->dn; + + return setup_modifies(ac->module->ldb, ac2, ac, msg, NULL, ac->orig_req->op.mod.message->dn); + } + talloc_free(ares); + return LDB_SUCCESS; + } else if (ares->type == LDB_REPLY_ENTRY) { + /* Guh? We only asked for this DN */ + return LDB_ERR_OPERATIONS_ERROR; + + } else { + talloc_free(ares); + return LDB_SUCCESS; + } + + +} /* modify */ static int linked_attributes_modify(struct ldb_module *module, struct ldb_request *req) { @@ -293,7 +354,7 @@ static int linked_attributes_modify(struct ldb_module *module, struct ldb_reques /* Determine the effect of the modification */ /* Apply the modify to the linked entry */ - int i, j, ret; + int i, j; struct linked_attributes_context *ac; const struct dsdb_schema *schema = dsdb_get_schema(module->ldb); @@ -314,31 +375,11 @@ static int linked_attributes_modify(struct ldb_module *module, struct ldb_reques } /* prepare the first operation */ - ac->down_req = talloc_realloc(ac, ac->down_req, - struct ldb_request *, 1); - if (!ac->down_req) { - ldb_oom(ac->module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - - ac->down_req[0] = talloc(ac->down_req, struct ldb_request); - if (!ac->down_req[0]) { - ldb_oom(ac->module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - *(ac->down_req[0]) = *req; /* copy the request */ - - ac->num_requests++; - ac->step = LA_DO_OPS; - /* Run the original request */ - ret = ldb_next_request(module, ac->down_req[0]); - if (ret != LDB_SUCCESS) { - return ret; - } - for (i=0; i < req->op.mod.message->num_elements; i++) { + int ret; + struct ldb_request *new_req; const struct dsdb_attribute *target_attr; const struct ldb_message_element *el = &req->op.mod.message->elements[i]; const struct dsdb_attribute *schema_attr @@ -370,18 +411,109 @@ static int linked_attributes_modify(struct ldb_module *module, struct ldb_reques return LDB_ERR_OBJECT_CLASS_VIOLATION; } - if ((el->flags & LDB_FLAG_MOD_MASK) == LDB_FLAG_MOD_REPLACE) { - ldb_asprintf_errstring(module->ldb, - "attribute %s may not be replaced, only added or deleted", req->op.mod.message->elements[i].name); - return LDB_ERR_UNWILLING_TO_PERFORM; + if (((el->flags & LDB_FLAG_MOD_MASK) == LDB_FLAG_MOD_REPLACE) + && el->num_values > 0) { + struct replace_context *ac2 = talloc(ac, struct replace_context); + const char **attrs = talloc_array(ac, const char *, 2); + if (!attrs || !ac2) { + ldb_oom(ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + attrs[0] = el->name; + attrs[1] = NULL; + + ac2->ac = ac; + ac2->el = el; + + /* We need to setup a search, compare with the list, and then setup add/del as required */ + + /* The callback does all the hard work here */ + ret = ldb_build_search_req(&new_req, module->ldb, req, + req->op.mod.message->dn, + LDB_SCOPE_BASE, + "(objectClass=*)", + attrs, + NULL, + ac2, + linked_attributes_mod_replace_search_callback); + + if (ret != LDB_SUCCESS) { + return ret; + } + + talloc_steal(new_req, attrs); + + /* Create a spot in the list for the requests */ + ac->down_req = talloc_realloc(ac, ac->down_req, + struct ldb_request *, ac->num_requests + 1); + if (!ac->down_req) { + ldb_oom(ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + ac->down_req[ac->num_requests] = talloc_steal(ac->down_req, new_req); + ac->num_requests++; + + ret = ldb_next_request(module, new_req); + + if (ret != LDB_SUCCESS) { + return ret; + } + + continue; + } else if (((el->flags & LDB_FLAG_MOD_MASK) & (LDB_FLAG_MOD_DELETE|LDB_FLAG_MOD_REPLACE)) + && el->num_values == 0) { + const char **attrs = talloc_array(ac, const char *, 2); + if (!attrs) { + ldb_oom(ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + attrs[0] = el->name; + attrs[1] = NULL; + + /* We need to setup a search, and then setup del as required */ + + /* The callback does all the hard work here, acting identically to if we had delted the whole entry */ + ret = ldb_build_search_req(&new_req, module->ldb, req, + req->op.mod.message->dn, + LDB_SCOPE_BASE, + "(objectClass=*)", + attrs, + NULL, + ac, + linked_attributes_rename_del_search_callback); + + if (ret != LDB_SUCCESS) { + return ret; + } + + talloc_steal(new_req, attrs); + + /* Create a spot in the list for the requests */ + ac->down_req = talloc_realloc(ac, ac->down_req, + struct ldb_request *, ac->num_requests + 1); + if (!ac->down_req) { + ldb_oom(ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + ac->down_req[ac->num_requests] = talloc_steal(ac->down_req, new_req); + ac->num_requests++; + + ret = ldb_next_request(module, new_req); + + if (ret != LDB_SUCCESS) { + return ret; + } + + continue; } /* Prepare the modify (mod element) on the targets */ /* For each value being moded, we need to setup the modify */ for (j=0; j < el->num_values; j++) { - struct ldb_request *new_req; /* Create the modify request */ - struct ldb_message *new_msg = ldb_msg_new(ac->down_req); + struct ldb_message *new_msg = ldb_msg_new(ac); if (!new_msg) { ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; @@ -406,7 +538,7 @@ static int linked_attributes_modify(struct ldb_module *module, struct ldb_reques return ret; } - ret = ldb_build_mod_req(&new_req, module->ldb, ac->down_req, + ret = ldb_build_mod_req(&new_req, module->ldb, ac, new_msg, NULL, NULL, @@ -426,7 +558,7 @@ static int linked_attributes_modify(struct ldb_module *module, struct ldb_reques ldb_oom(ac->module->ldb); return LDB_ERR_OPERATIONS_ERROR; } - ac->down_req[ac->num_requests] = new_req; + ac->down_req[ac->num_requests] = talloc_steal(ac->down_req, new_req); ac->num_requests++; /* Run the new request */ @@ -436,12 +568,11 @@ static int linked_attributes_modify(struct ldb_module *module, struct ldb_reques } } } - return ret; + return LDB_SUCCESS; } static int linked_attributes_rename_del_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) { - struct ldb_request *req; struct linked_attributes_context *ac = talloc_get_type(context, struct linked_attributes_context); struct ldb_dn *olddn, *newdn; @@ -452,6 +583,13 @@ static int linked_attributes_rename_del_search_callback(struct ldb_context *ldb, newdn = NULL; break; } + /* This isn't the general modify case, just the modify when we are asked to delete all values */ + case LDB_MODIFY: + { + olddn = ac->orig_req->op.mod.message->dn; + newdn = NULL; + break; + } case LDB_RENAME: { olddn = ac->orig_req->op.rename.olddn; @@ -478,21 +616,6 @@ static int linked_attributes_rename_del_search_callback(struct ldb_context *ldb, } else if (ares->type == LDB_REPLY_ENTRY) { /* Guh? We only asked for this DN */ return LDB_ERR_OPERATIONS_ERROR; - } else if (ares->type == LDB_REPLY_DONE) { - req = talloc(ac, struct ldb_request); - *req = *ac->orig_req; - talloc_free(ares); - - ac->down_req = talloc_realloc(ac, ac->down_req, - struct ldb_request *, ac->num_requests + 1); - if (!ac->down_req) { - ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - ac->down_req[ac->num_requests] = req; - ac->num_requests++; - - return ldb_next_request(ac->module, req); } else { talloc_free(ares); @@ -660,6 +783,27 @@ static int linked_attributes_wait_none(struct ldb_handle *handle) { return LDB_SUCCESS; } } + + /* Now run the original request */ + ac->step = LA_DO_ORIG; + return ldb_next_request(ac->module, ac->orig_down_req); + + case LA_DO_ORIG: + ret = ldb_wait(ac->orig_down_req->handle, LDB_WAIT_NONE); + + if (ret != LDB_SUCCESS) { + handle->status = ret; + goto done; + } + if (ac->orig_down_req->handle->status != LDB_SUCCESS) { + handle->status = ac->orig_down_req->handle->status; + goto done; + } + + if (ac->orig_down_req->handle->state != LDB_ASYNC_DONE) { + return LDB_SUCCESS; + } + ret = LDB_SUCCESS; } done: -- cgit From 364266e22a08e730f2442cf87ec385620cff2700 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 29 Nov 2007 08:00:04 +0100 Subject: r26192: Handle, test and implement the style of extended_dn requiest that MMC uses. It appears that the control value is optional, implying type 0 responses. Failing to parse this was causing LDAP disconnects with 'unavailable critical extension'. Andrew Bartlett (This used to be commit 833dfc2f2af84c45f954e428c9ea6babf100ba92) --- source4/dsdb/samdb/ldb_modules/extended_dn.c | 90 ++++++++++++++++++++-------- 1 file changed, 64 insertions(+), 26 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/extended_dn.c b/source4/dsdb/samdb/ldb_modules/extended_dn.c index d64673fdd5..b62e806398 100644 --- a/source4/dsdb/samdb/ldb_modules/extended_dn.c +++ b/source4/dsdb/samdb/ldb_modules/extended_dn.c @@ -104,35 +104,58 @@ static bool inject_extended_dn(struct ldb_message *msg, const struct ldb_val *val; struct GUID guid; struct dom_sid *sid; + const DATA_BLOB *guid_blob; + const DATA_BLOB *sid_blob; char *object_guid; char *object_sid; char *new_dn; - /* retrieve object_guid */ - guid = samdb_result_guid(msg, "objectGUID"); - object_guid = GUID_string(msg, &guid); - if (!object_guid) - return false; - - if (remove_guid) - ldb_msg_remove_attr(msg, "objectGUID"); + guid_blob = ldb_msg_find_ldb_val(msg, "objectGUID"); + sid_blob = ldb_msg_find_ldb_val(msg, "objectSID"); - /* retrieve object_sid */ - object_sid = NULL; - sid = samdb_result_dom_sid(msg, msg, "objectSID"); - if (sid) { - object_sid = dom_sid_string(msg, sid); - if (!object_sid) - return false; - - if (remove_sid) - ldb_msg_remove_attr(msg, "objectSID"); - } + if (!guid_blob) + return false; - /* TODO: handle type */ switch (type) { case 0: + /* return things in hexadecimal format */ + if (sid_blob) { + const char *lower_guid_hex = strlower_talloc(msg, data_blob_hex_string(msg, guid_blob)); + const char *lower_sid_hex = strlower_talloc(msg, data_blob_hex_string(msg, sid_blob)); + if (!lower_guid_hex || !lower_sid_hex) { + return false; + } + new_dn = talloc_asprintf(msg, ";;%s", + lower_guid_hex, + lower_sid_hex, + ldb_dn_get_linearized(msg->dn)); + } else { + const char *lower_guid_hex = strlower_talloc(msg, data_blob_hex_string(msg, guid_blob)); + if (!lower_guid_hex) { + return false; + } + new_dn = talloc_asprintf(msg, ";%s", + lower_guid_hex, + ldb_dn_get_linearized(msg->dn)); + } + + break; case 1: + /* retrieve object_guid */ + guid = samdb_result_guid(msg, "objectGUID"); + object_guid = GUID_string(msg, &guid); + + /* retrieve object_sid */ + object_sid = NULL; + sid = samdb_result_dom_sid(msg, msg, "objectSID"); + if (sid) { + object_sid = dom_sid_string(msg, sid); + if (!object_sid) + return false; + + } + + /* Normal, sane format */ if (object_sid) { new_dn = talloc_asprintf(msg, ";;%s", object_guid, object_sid, @@ -147,8 +170,17 @@ static bool inject_extended_dn(struct ldb_message *msg, return false; } - if (!new_dn) + if (!new_dn) { return false; + } + + if (remove_guid) { + ldb_msg_remove_attr(msg, "objectGUID"); + } + + if (sid_blob && remove_sid) { + ldb_msg_remove_attr(msg, "objectSID"); + } msg->dn = ldb_dn_new(msg, ldb, new_dn); if (! ldb_dn_validate(msg->dn)) @@ -201,7 +233,7 @@ error: static int extended_search(struct ldb_module *module, struct ldb_request *req) { struct ldb_control *control; - struct ldb_extended_dn_control *extended_ctrl; + struct ldb_extended_dn_control *extended_ctrl = NULL; struct ldb_control **saved_controls; struct extended_context *ac; struct ldb_request *down_req; @@ -215,9 +247,11 @@ static int extended_search(struct ldb_module *module, struct ldb_request *req) return ldb_next_request(module, req); } - extended_ctrl = talloc_get_type(control->data, struct ldb_extended_dn_control); - if (!extended_ctrl) { - return LDB_ERR_PROTOCOL_ERROR; + if (control->data) { + extended_ctrl = talloc_get_type(control->data, struct ldb_extended_dn_control); + if (!extended_ctrl) { + return LDB_ERR_PROTOCOL_ERROR; + } } ac = talloc(req, struct extended_context); @@ -231,7 +265,11 @@ static int extended_search(struct ldb_module *module, struct ldb_request *req) ac->attrs = req->op.search.attrs; ac->remove_guid = false; ac->remove_sid = false; - ac->extended_type = extended_ctrl->type; + if (extended_ctrl) { + ac->extended_type = extended_ctrl->type; + } else { + ac->extended_type = 0; + } down_req = talloc_zero(req, struct ldb_request); if (down_req == NULL) { -- cgit From cc04f143dcd35fb67884e385ffd3e6ed2d32a4c2 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sun, 2 Dec 2007 19:04:33 +0100 Subject: r26229: Set loadparm context as opaque pointer in ldb, remove more uses of global_loadparm. (This used to be commit 37d05fdc7b0e6b3211ba6ae56b1b5da30a6a392a) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 2 +- source4/dsdb/samdb/ldb_modules/update_keytab.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index d0afae5395..eecec6a55b 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -341,7 +341,7 @@ static int setup_primary_kerberos(struct setup_password_fields_io *io, return LDB_ERR_OPERATIONS_ERROR; } - if (lp_parm_bool(global_loadparm, NULL, "password_hash", "create_aes_key", false)) { + if (lp_parm_bool(ldb_get_opaque(io->ac->module->ldb, "loadparm"), NULL, "password_hash", "create_aes_key", false)) { /* * TODO: * diff --git a/source4/dsdb/samdb/ldb_modules/update_keytab.c b/source4/dsdb/samdb/ldb_modules/update_keytab.c index f193731900..87efa6a6f8 100644 --- a/source4/dsdb/samdb/ldb_modules/update_keytab.c +++ b/source4/dsdb/samdb/ldb_modules/update_keytab.c @@ -89,8 +89,8 @@ static int add_modified(struct ldb_module *module, struct ldb_dn *dn, bool delet return LDB_ERR_OPERATIONS_ERROR; } - cli_credentials_set_conf(item->creds, global_loadparm); - status = cli_credentials_set_secrets(item->creds, module->ldb, NULL, filter); + cli_credentials_set_conf(item->creds, ldb_get_opaque(module->ldb, "loadparm")); + status = cli_credentials_set_secrets(item->creds, ldb_get_opaque(module->ldb, "loadparm"), module->ldb, NULL, filter); talloc_free(filter); if (NT_STATUS_IS_OK(status)) { if (delete) { -- cgit From 120ecdb5cb7dbd7c650f3e9fbcefb925f695e0f2 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sun, 2 Dec 2007 20:56:26 +0100 Subject: r26233: Pass loadparm context when creating krb5 contexts. (This used to be commit 7780bf285fdfc30f89409d0436bad0d4b6de5cd4) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index eecec6a55b..529b1aa96f 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -1432,6 +1432,7 @@ static int password_hash_add_do_add(struct ldb_handle *h) { /* Some operations below require kerberos contexts */ if (smb_krb5_init_context(ac->down_req, ldb_get_opaque(h->module->ldb, "EventContext"), + (struct loadparm_context *)ldb_get_opaque(h->module->ldb, "loadparm"), &smb_krb5_context) != 0) { return LDB_ERR_OPERATIONS_ERROR; } @@ -1759,6 +1760,7 @@ static int password_hash_mod_do_mod(struct ldb_handle *h) { /* Some operations below require kerberos contexts */ if (smb_krb5_init_context(ac->mod_req, ldb_get_opaque(h->module->ldb, "EventContext"), + (struct loadparm_context *)ldb_get_opaque(h->module->ldb, "loadparm"), &smb_krb5_context) != 0) { return LDB_ERR_OPERATIONS_ERROR; } -- cgit From cd1f19d7d306e59df2d7b5db16d317206408babc Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 3 Dec 2007 05:49:06 +0100 Subject: r26244: Add a module (sans tests for the moment) that implements ranged results, as used particularly by MMC's Active Directory Users and Computers to list group members. This may be used on any attribute, but is useful to obtain attributes that may be lengthy in 'pages'. The implementation presumes that attributes will always be returned by the DB in the same order. Andrew Bartlett (This used to be commit c789a91e00b47b2f02513e97101b9606d00c6aaa) --- source4/dsdb/samdb/ldb_modules/config.mk | 13 ++ source4/dsdb/samdb/ldb_modules/ranged_results.c | 204 ++++++++++++++++++++++++ 2 files changed, 217 insertions(+) create mode 100644 source4/dsdb/samdb/ldb_modules/ranged_results.c (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index e9d9e18e6a..3dce205eb3 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -291,3 +291,16 @@ OBJ_FILES = \ # End MODULE ldb_linked_attributes ################################################ +################################################ +# Start MODULE ldb_ranged_results +[MODULE::ldb_ranged_results] +INIT_FUNCTION = ldb_ranged_results_init +CFLAGS = -Ilib/ldb/include +OUTPUT_TYPE = SHARED_LIBRARY +PRIVATE_DEPENDENCIES = LIBTALLOC +SUBSYSTEM = LIBLDB +OBJ_FILES = \ + ranged_results.o +# End MODULE ldb_ranged_results +################################################ + diff --git a/source4/dsdb/samdb/ldb_modules/ranged_results.c b/source4/dsdb/samdb/ldb_modules/ranged_results.c new file mode 100644 index 0000000000..8f368b6f14 --- /dev/null +++ b/source4/dsdb/samdb/ldb_modules/ranged_results.c @@ -0,0 +1,204 @@ +/* + ldb database library + + Copyright (C) Andrew Bartlett 2007 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +/* + * Name: ldb + * + * Component: ldb ranged results module + * + * Description: munge AD-style 'ranged results' requests into + * requests for all values in an attribute, then return the range to + * the client. + * + * Author: Andrew Bartlett + */ + +#include "ldb_includes.h" + +struct rr_context { + struct ldb_request *orig_req; + struct ldb_request *down_req; +}; + +static int rr_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +{ + struct rr_context *rr_context = talloc_get_type(context, struct rr_context); + struct ldb_request *orig_req = rr_context->orig_req; + int i, j, ret; + + if (ares->type != LDB_REPLY_ENTRY) { + return rr_context->orig_req->callback(ldb, rr_context->orig_req->context, ares); + } + + /* Find those that are range requests from the attribute list */ + for (i = 0; orig_req->op.search.attrs[i]; i++) { + char *p, *new_attr; + const char *end_str; + unsigned int start, end, orig_num_values; + struct ldb_message_element *el; + struct ldb_val *orig_values; + p = strchr(orig_req->op.search.attrs[i], ';'); + if (!p) { + continue; + } + if (strncasecmp(p, ";range=", strlen(";range=")) != 0) { + continue; + } + if (sscanf(p, ";range=%u-*", &start) == 1) { + end = (unsigned int)-1; + } else if (sscanf(p, ";range=%u-%u", &start, &end) != 2) { + continue; + } + new_attr = talloc_strndup(orig_req, + orig_req->op.search.attrs[i], + (unsigned int)(p-orig_req->op.search.attrs[i])); + + if (!new_attr) { + ldb_oom(ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + el = ldb_msg_find_element(ares->message, new_attr); + talloc_free(new_attr); + if (!el) { + continue; + } + if (start > end) { + ldb_asprintf_errstring(ldb, "range request error: start must not be greater than end"); + return LDB_ERR_UNWILLING_TO_PERFORM; + } + if (end >= el->num_values) { + /* Need to leave the requested attribute in + * there (so add an empty one to match) */ + end_str = "*"; + end = el->num_values; + ret = ldb_msg_add_empty(ares->message, orig_req->op.search.attrs[i], + 0, NULL); + if (ret != LDB_SUCCESS) { + return ret; + } + } else { + end_str = talloc_asprintf(el, "%u", end); + } + orig_values = el->values; + orig_num_values = el->num_values; + + if ((start + end < start) || (start + end < end)) { + ldb_asprintf_errstring(ldb, "range request error: start or end would overflow!"); + return LDB_ERR_UNWILLING_TO_PERFORM; + } + + el->values = talloc_array(el, struct ldb_val, end - start); + el->num_values = 0; + + if (!el->values) { + ldb_oom(ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + for (j=start; j < end; j++) { + el->values[el->num_values] = orig_values[j]; + el->num_values++; + } + el->name = talloc_asprintf(el, "%s;Range=%u-%s", el->name, start, end_str); + if (!el->name) { + ldb_oom(ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + } + + return rr_context->orig_req->callback(ldb, rr_context->orig_req->context, ares); + +} + +/* search */ +static int rr_search(struct ldb_module *module, struct ldb_request *req) +{ + int i; + unsigned int start, end; + const char **new_attrs = NULL; + struct rr_context *context; + bool found_rr = false; + + /* Strip the range request from the attribute */ + for (i = 0; req->op.search.attrs && req->op.search.attrs[i]; i++) { + char *p; + new_attrs = talloc_realloc(req, new_attrs, const char *, i+2); + new_attrs[i] = req->op.search.attrs[i]; + new_attrs[i+1] = NULL; + p = strchr(req->op.search.attrs[i], ';'); + if (!p) { + continue; + } + if (strncasecmp(p, ";range=", strlen(";range=")) != 0) { + continue; + } + if (sscanf(p, ";range=%u-*", &start) == 1) { + } else if (sscanf(p, ";range=%u-%u", &start, &end) != 2) { + ldb_asprintf_errstring(module->ldb, "range request error: range requst malformed"); + return LDB_ERR_UNWILLING_TO_PERFORM; + } + if (start > end) { + ldb_asprintf_errstring(module->ldb, "range request error: start must not be greater than end"); + return LDB_ERR_UNWILLING_TO_PERFORM; + } + + found_rr = true; + new_attrs[i] = talloc_strndup(new_attrs, + req->op.search.attrs[i], + (unsigned int)(p-req->op.search.attrs[i])); + + if (!new_attrs[i]) { + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + } + + if (found_rr) { + int ret; + context = talloc(req, struct rr_context); + context->orig_req = req; + context->down_req = talloc(context, struct ldb_request); + *context->down_req = *req; + + context->down_req->op.search.attrs = new_attrs; + + context->down_req->callback = rr_search_callback; + context->down_req->context = context; + + ret = ldb_next_request(module, context->down_req); + + /* We don't need to implement our own 'wait' function, so pass the handle along */ + if (ret == LDB_SUCCESS) { + req->handle = context->down_req->handle; + } + return ret; + } + + /* No change, just run the original request as if we were never here */ + return ldb_next_request(module, req); +} + +static const struct ldb_module_ops rr_ops = { + .name = "ranged_results", + .search = rr_search, +}; + +int ldb_ranged_results_init(void) +{ + return ldb_register_module(&rr_ops); +} -- cgit From 5b357ca8774d97e85153151552bc052cfaf26c1b Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 3 Dec 2007 23:33:09 +0100 Subject: r26270: Require specifying the loadparm_context or NULL to cli_credentials_guess(). (This used to be commit e52710d6794a25ba697f8c26b43784226964f9cb) --- source4/dsdb/samdb/ldb_modules/proxy.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/proxy.c b/source4/dsdb/samdb/ldb_modules/proxy.c index d50d971e2a..435422ae17 100644 --- a/source4/dsdb/samdb/ldb_modules/proxy.c +++ b/source4/dsdb/samdb/ldb_modules/proxy.c @@ -129,7 +129,7 @@ static int load_proxy_info(struct ldb_module *module) ldb_oom(module->ldb); goto failed; } - cli_credentials_guess(creds); + cli_credentials_guess(creds, NULL); cli_credentials_set_username(creds, username, CRED_SPECIFIED); cli_credentials_set_password(creds, password, CRED_SPECIFIED); -- cgit From da0f222f432c4fc8bf5da80baf849ca32b315ca0 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 3 Dec 2007 23:33:16 +0100 Subject: r26271: Remove some more uses of global_loadparm. (This used to be commit e9875fcd56de0748ed78d7e3c9cdb4919cd96d3c) --- source4/dsdb/samdb/ldb_modules/proxy.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/proxy.c b/source4/dsdb/samdb/ldb_modules/proxy.c index 435422ae17..5f22982b8d 100644 --- a/source4/dsdb/samdb/ldb_modules/proxy.c +++ b/source4/dsdb/samdb/ldb_modules/proxy.c @@ -129,7 +129,7 @@ static int load_proxy_info(struct ldb_module *module) ldb_oom(module->ldb); goto failed; } - cli_credentials_guess(creds, NULL); + cli_credentials_guess(creds, global_loadparm); cli_credentials_set_username(creds, username, CRED_SPECIFIED); cli_credentials_set_password(creds, password, CRED_SPECIFIED); -- cgit From d4fbd381fa5f75a76870531fe15bace4550e0f01 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 4 Dec 2007 03:37:41 +0100 Subject: r26282: These modules expect errors, but if we don't wipe the error string, we get phony error strings at the caller, which is very confusing. Andrew Bartlett (This used to be commit 9ac7f4f6098b392dbe4a883a802d2417e074586a) --- source4/dsdb/samdb/ldb_modules/objectclass.c | 3 +++ source4/dsdb/samdb/ldb_modules/subtree_delete.c | 4 ++++ 2 files changed, 7 insertions(+) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c index 5626d9a891..b996f05250 100644 --- a/source4/dsdb/samdb/ldb_modules/objectclass.c +++ b/source4/dsdb/samdb/ldb_modules/objectclass.c @@ -453,6 +453,9 @@ static int objectclass_do_add(struct ldb_handle *h) if (ac->search_res == NULL) { if (ldb_dn_compare(ldb_get_root_basedn(ac->module->ldb), ac->orig_req->op.add.message->dn) == 0) { /* Allow the tree to be started */ + + /* but don't keep any error string, it's meaningless */ + ldb_set_errstring(ac->module->ldb, NULL); } else { ldb_asprintf_errstring(ac->module->ldb, "objectclass: Cannot add %s, parent does not exist!", ldb_dn_get_linearized(ac->orig_req->op.add.message->dn)); diff --git a/source4/dsdb/samdb/ldb_modules/subtree_delete.c b/source4/dsdb/samdb/ldb_modules/subtree_delete.c index 92f539457e..f8064a4967 100644 --- a/source4/dsdb/samdb/ldb_modules/subtree_delete.c +++ b/source4/dsdb/samdb/ldb_modules/subtree_delete.c @@ -89,6 +89,10 @@ static int subtree_delete_check_for_children(struct subtree_delete_context *ac) } *req = *ac->orig_req; + /* Ensure any (io) errors during the search for + * children don't propgate back in the error string */ + ldb_set_errstr(ac->module->ldb, NULL); + ac->down_req = req; ac->step = SD_DO_DEL; return ldb_next_request(ac->module, req); -- cgit From 9bdc1194dadd91aa6368549e6e99ec6d33dd8948 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 4 Dec 2007 03:38:35 +0100 Subject: r26283: fix typo (This used to be commit 7d1169b52b583abee48f4dafac01f5887060002e) --- source4/dsdb/samdb/ldb_modules/subtree_delete.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/subtree_delete.c b/source4/dsdb/samdb/ldb_modules/subtree_delete.c index f8064a4967..e84bf60b32 100644 --- a/source4/dsdb/samdb/ldb_modules/subtree_delete.c +++ b/source4/dsdb/samdb/ldb_modules/subtree_delete.c @@ -91,7 +91,7 @@ static int subtree_delete_check_for_children(struct subtree_delete_context *ac) /* Ensure any (io) errors during the search for * children don't propgate back in the error string */ - ldb_set_errstr(ac->module->ldb, NULL); + ldb_set_errstring(ac->module->ldb, NULL); ac->down_req = req; ac->step = SD_DO_DEL; -- cgit From 19b00d57f4ea0826bce1b615f23f6e182fdd14af Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 4 Dec 2007 05:32:23 +0100 Subject: r26284: Rather than just debug, push the error back up the stack as the error string, if we fail to load the schema. Andrew Bartlett (This used to be commit 1dc771f903dd613a4d6494f7fd45d35c4d282a33) --- source4/dsdb/samdb/ldb_modules/schema_fsmo.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c index b10e3ac203..28853f3e34 100644 --- a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c +++ b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c @@ -54,7 +54,7 @@ static int schema_fsmo_init(struct ldb_module *module) }; if (dsdb_get_schema(module->ldb)) { - return ldb_next_init(module); + return ldb_next_init(module); } schema_dn = samdb_schema_dn(module->ldb); @@ -96,9 +96,9 @@ static int schema_fsmo_init(struct ldb_module *module) talloc_free(mem_ctx); return ldb_next_init(module); } else if (ret != LDB_SUCCESS) { - ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, - "schema_fsmo_init: failed to search the schema head: %d:%s", - ret, ldb_strerror(ret)); + ldb_asprintf_errstring(module->ldb, + "schema_fsmo_init: failed to search the schema head: %s", + ldb_errstring(module->ldb)); talloc_free(mem_ctx); return ret; } @@ -151,9 +151,9 @@ static int schema_fsmo_init(struct ldb_module *module) "(objectClass=attributeSchema)", NULL, &a_res); if (ret != LDB_SUCCESS) { - ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, - "schema_fsmo_init: failed to search attributeSchema objects: %d:%s", - ret, ldb_strerror(ret)); + ldb_asprintf_errstring(module->ldb, + "schema_fsmo_init: failed to search attributeSchema objects: %s", + ldb_errstring(module->ldb)); talloc_free(mem_ctx); return ret; } @@ -190,9 +190,9 @@ static int schema_fsmo_init(struct ldb_module *module) "(objectClass=classSchema)", NULL, &c_res); if (ret != LDB_SUCCESS) { - ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, - "schema_fsmo_init: failed to search classSchema objects: %d:%s", - ret, ldb_strerror(ret)); + ldb_asprintf_errstring(module->ldb, + "schema_fsmo_init: failed to search classSchema objects: %s", + ldb_errstring(module->ldb)); talloc_free(mem_ctx); return ret; } -- cgit From 6d2f6f1aae2fd20dec9ed37019de26c7b33b7d2c Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 5 Dec 2007 00:35:19 +0100 Subject: r26297: Correct error message. This function verifies attributes, not objectclasses. Andrew Bartlett (This used to be commit 47422b5e59027461efd7bc45534f9da8e37e3f48) --- source4/dsdb/samdb/ldb_modules/objectclass.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c index b996f05250..da5cae1c65 100644 --- a/source4/dsdb/samdb/ldb_modules/objectclass.c +++ b/source4/dsdb/samdb/ldb_modules/objectclass.c @@ -349,7 +349,7 @@ static int fix_attributes(struct ldb_context *ldb, const struct dsdb_schema *sch for (i=0; i < msg->num_elements; i++) { const struct dsdb_attribute *attribute = dsdb_attribute_by_lDAPDisplayName(schema, msg->elements[i].name); if (!attribute) { - ldb_asprintf_errstring(ldb, "objectclass %s is not a valid objectClass in schema", msg->elements[i].name); + ldb_asprintf_errstring(ldb, "attribute %s is not a valid attribute in schema", msg->elements[i].name); return LDB_ERR_UNDEFINED_ATTRIBUTE_TYPE; } msg->elements[i].name = attribute->lDAPDisplayName; -- cgit From 41db2ab12cea20b271d690be554ab8e6095c2b4e Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 6 Dec 2007 21:39:49 +0100 Subject: r26319: Split encoding functions out of libcli_ldap. (This used to be commit 95a6ef7fc8757ccfd90dbf0d6c9b5098f10b10b6) --- source4/dsdb/samdb/ldb_modules/config.mk | 4 ++-- source4/dsdb/samdb/ldb_modules/password_hash.c | 3 ++- source4/dsdb/samdb/ldb_modules/samldb.c | 3 ++- 3 files changed, 6 insertions(+), 4 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index 3dce205eb3..b585d0da7f 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -75,7 +75,7 @@ OBJ_FILES = \ [MODULE::ldb_samldb] SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY -PRIVATE_DEPENDENCIES = LIBTALLOC +PRIVATE_DEPENDENCIES = LIBTALLOC LDAP_ENCODE INIT_FUNCTION = samldb_module_init OBJ_FILES = \ samldb.o @@ -143,7 +143,7 @@ SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY INIT_FUNCTION = password_hash_module_init OBJ_FILES = password_hash.o -PRIVATE_DEPENDENCIES = HEIMDAL_HDB_KEYS LIBTALLOC HEIMDAL_KRB5 +PRIVATE_DEPENDENCIES = HEIMDAL_HDB_KEYS LIBTALLOC HEIMDAL_KRB5 LDAP_ENCODE # # End MODULE ldb_password_hash ################################################ diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 529b1aa96f..d139cc23a4 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -32,8 +32,9 @@ */ #include "includes.h" -#include "libcli/ldap/ldap.h" +#include "libcli/ldap/ldap_ndr.h" #include "ldb/include/ldb_errors.h" +#include "ldb/include/ldb.h" #include "ldb/include/ldb_private.h" #include "librpc/gen_ndr/misc.h" #include "librpc/gen_ndr/samr.h" diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 85ca1a7f4b..3638b91799 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -33,8 +33,9 @@ */ #include "includes.h" -#include "libcli/ldap/ldap.h" +#include "libcli/ldap/ldap_ndr.h" #include "lib/ldb/include/ldb_errors.h" +#include "lib/ldb/include/ldb.h" #include "lib/ldb/include/ldb_private.h" #include "dsdb/samdb/samdb.h" #include "libcli/security/security.h" -- cgit From bca631be1f4cefeec3d64cd552ec6d9ee9cc1971 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Fri, 7 Dec 2007 03:01:41 +0100 Subject: r26329: Fix more loadparm_context references. Only about a 100 left now. (This used to be commit ddf233346d848e91bc6a6a572f0f6120540503b7) --- source4/dsdb/samdb/ldb_modules/proxy.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/proxy.c b/source4/dsdb/samdb/ldb_modules/proxy.c index 5f22982b8d..37ee7f9fce 100644 --- a/source4/dsdb/samdb/ldb_modules/proxy.c +++ b/source4/dsdb/samdb/ldb_modules/proxy.c @@ -129,7 +129,7 @@ static int load_proxy_info(struct ldb_module *module) ldb_oom(module->ldb); goto failed; } - cli_credentials_guess(creds, global_loadparm); + cli_credentials_guess(creds, ldb_get_opaque(module->ldb, "loadparm")); cli_credentials_set_username(creds, username, CRED_SPECIFIED); cli_credentials_set_password(creds, password, CRED_SPECIFIED); -- cgit From 2e1f142ab03d9accbf4c61b0b11986bc1cb33d12 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 10 Dec 2007 04:33:39 +0100 Subject: r26360: Add some const. (This used to be commit 3616ced29ed2385300f7268a742a9090840b626f) --- source4/dsdb/samdb/ldb_modules/partition.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index f40cf5ef42..bf4421ab0d 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -711,7 +711,7 @@ static int partition_init(struct ldb_module *module) { int ret, i; TALLOC_CTX *mem_ctx = talloc_new(module); - static const char *attrs[] = { "partition", "replicateEntries", "modules", NULL }; + const char *attrs[] = { "partition", "replicateEntries", "modules", NULL }; struct ldb_result *res; struct ldb_message *msg; struct ldb_message_element *partition_attributes; -- cgit From 9d4d41f65dc8380d3c3ce19fceefbe3d00bd4e07 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 13 Dec 2007 03:07:38 +0100 Subject: r26419: Add a module to implement 'ambigious name resolution' by munging the incoming LDAP filter. Warning: Any anr search will perform a full index search. Untill ldb gets substring indexes, this is unavoidable. Also implement a testsutie to show we match AD behaviour for this important extension (used in the Active Directory Users and Computers MMC plugin, as a genereral 'find'). This will also be useful to OpenChange, as their server needs to implement this. Andrew Bartlett (This used to be commit 044b50947254ccd516c21cb156ab60ab9e3a582d) --- source4/dsdb/samdb/ldb_modules/anr.c | 311 +++++++++++++++++++++++++++++++ source4/dsdb/samdb/ldb_modules/config.mk | 13 ++ 2 files changed, 324 insertions(+) create mode 100644 source4/dsdb/samdb/ldb_modules/anr.c (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/anr.c b/source4/dsdb/samdb/ldb_modules/anr.c new file mode 100644 index 0000000000..44b47aafdd --- /dev/null +++ b/source4/dsdb/samdb/ldb_modules/anr.c @@ -0,0 +1,311 @@ +/* + ldb database library + + Copyright (C) Amdrew Bartlett 2007 + Copyright (C) Andrew Tridgell 2004 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +/* + * Name: ldb + * + * Component: ldb anr module + * + * Description: module to implement 'ambiguous name resolution' + * + * Author: Andrew Bartlett + */ + +#include "includes.h" +#include "ldb_includes.h" +#include "dsdb/samdb/samdb.h" + +/** + * Make a and 'and' or 'or' tree from the two supplied elements + */ +struct ldb_parse_tree *make_parse_list(struct ldb_module *module, + TALLOC_CTX *mem_ctx, enum ldb_parse_op op, + struct ldb_parse_tree *first_arm, struct ldb_parse_tree *second_arm) +{ + struct ldb_parse_tree *list; + + list = talloc(mem_ctx, struct ldb_parse_tree); + if (list == NULL){ + ldb_oom(module->ldb); + return NULL; + } + list->operation = op; + + list->u.list.num_elements = 2; + list->u.list.elements = talloc_array(list, struct ldb_parse_tree *, 2); + if (!list->u.list.elements) { + ldb_oom(module->ldb); + return NULL; + } + list->u.list.elements[0] = talloc_steal(list, first_arm); + list->u.list.elements[1] = talloc_steal(list, second_arm); + return list; +} + +/** + * Make an equality or prefix match tree, from the attribute, operation and matching value supplied + */ +struct ldb_parse_tree *make_match_tree(struct ldb_module *module, + TALLOC_CTX *mem_ctx, enum ldb_parse_op op, + const char *attr, const DATA_BLOB *match) +{ + struct ldb_parse_tree *match_tree; + + match_tree = talloc(mem_ctx, struct ldb_parse_tree); + + /* Depending on what type of match was selected, fill in the right part of the union */ + + match_tree->operation = op; + switch (op) { + case LDB_OP_SUBSTRING: + match_tree->u.substring.attr = attr; + + match_tree->u.substring.start_with_wildcard = 0; + match_tree->u.substring.end_with_wildcard = 1; + match_tree->u.substring.chunks = talloc_array(match_tree, struct ldb_val *, 2); + + if (match_tree->u.substring.chunks == NULL){ + ldb_oom(module->ldb); + return NULL; + } + match_tree->u.substring.chunks[0] = match; + match_tree->u.substring.chunks[1] = NULL; + break; + case LDB_OP_EQUALITY: + match_tree->u.equality.attr = attr; + match_tree->u.equality.value = *match; + break; + } + return match_tree; +} + +struct anr_context { + bool found_anr; + struct ldb_module *module; +}; + +/** + * Given the match for an 'ambigious name resolution' query, create a + * parse tree with an 'or' of all the anr attributes in the schema. + */ + +typedef struct ldb_parse_tree *(*anr_parse_tree_callback_t)(TALLOC_CTX *mem_ctx, + const struct ldb_val *match, + void *context); + + +/** + * Callback function to do the heavy lifting for the for the parse tree walker + */ +struct ldb_parse_tree *anr_replace_callback(TALLOC_CTX *mem_ctx, + const struct ldb_val *match, + void *context) +{ + struct ldb_parse_tree *tree = NULL; + struct anr_context *anr_context = talloc_get_type(context, struct anr_context); + struct ldb_module *module = anr_context->module; + struct ldb_parse_tree *match_tree; + uint8_t *p; + enum ldb_parse_op op; + struct dsdb_attribute *cur; + const struct dsdb_schema *schema = dsdb_get_schema(module->ldb); + if (!schema) { + ldb_asprintf_errstring(module->ldb, "no schema with which to construct anr filter"); + return NULL; + } + + anr_context->found_anr = true; + + if (match->length > 1 && match->data[0] == '=') { + DATA_BLOB *match2 = talloc(tree, DATA_BLOB); + *match2 = data_blob_const(match->data+1, match->length - 1); + if (match2 == NULL){ + ldb_oom(module->ldb); + return NULL; + } + match = match2; + op = LDB_OP_EQUALITY; + } else { + op = LDB_OP_SUBSTRING; + } + for (cur = schema->attributes; cur; cur = cur->next) { + if (!(cur->searchFlags & 0x4)) continue; + match_tree = make_match_tree(module, mem_ctx, op, cur->lDAPDisplayName, match); + + if (tree) { + /* Inject an 'or' with the current tree */ + tree = make_parse_list(module, mem_ctx, LDB_OP_OR, tree, match_tree); + if (tree == NULL) { + ldb_oom(module->ldb); + return NULL; + } + } else { + tree = match_tree; + } + } + + + /* If the search term has a space in it, + split it up at the first space. */ + + p = memchr(match->data, ' ', match->length); + + if (p) { + struct ldb_parse_tree *first_split_filter, *second_split_filter, *split_filters, *match_tree_1, *match_tree_2; + DATA_BLOB *first_match = talloc(tree, DATA_BLOB); + DATA_BLOB *second_match = talloc(tree, DATA_BLOB); + if (!first_match || !second_match) { + ldb_oom(module->ldb); + return NULL; + } + *first_match = data_blob_const(match->data, p-match->data); + *second_match = data_blob_const(p+1, match->length - (p-match->data) - 1); + + /* Add (|(&(givenname=first)(sn=second))(&(givenname=second)(sn=first))) */ + + match_tree_1 = make_match_tree(module, mem_ctx, op, "givenName", first_match); + match_tree_2 = make_match_tree(module, mem_ctx, op, "sn", second_match); + + first_split_filter = make_parse_list(module, context, LDB_OP_AND, match_tree_1, match_tree_2); + if (first_split_filter == NULL){ + ldb_oom(module->ldb); + return NULL; + } + + match_tree_1 = make_match_tree(module, mem_ctx, op, "sn", first_match); + match_tree_2 = make_match_tree(module, mem_ctx, op, "givenName", second_match); + + second_split_filter = make_parse_list(module, context, LDB_OP_AND, match_tree_1, match_tree_2); + if (second_split_filter == NULL){ + ldb_oom(module->ldb); + return NULL; + } + + split_filters = make_parse_list(module, mem_ctx, LDB_OP_OR, + first_split_filter, second_split_filter); + if (split_filters == NULL) { + ldb_oom(module->ldb); + return NULL; + } + + if (tree) { + /* Inject an 'or' with the current tree */ + tree = make_parse_list(module, mem_ctx, LDB_OP_OR, tree, split_filters); + } else { + tree = split_filters; + } + } + return tree; +} + +/* + replace any occurances of an attribute with a new, generated attribute tree +*/ +struct ldb_parse_tree *anr_replace_subtrees(struct ldb_parse_tree *tree, + const char *attr, + anr_parse_tree_callback_t callback, + void *context) +{ + int i; + switch (tree->operation) { + case LDB_OP_AND: + case LDB_OP_OR: + for (i=0;iu.list.num_elements;i++) { + tree->u.list.elements[i] = anr_replace_subtrees(tree->u.list.elements[i], + attr, callback, context); + if (!tree->u.list.elements[i]) { + return NULL; + } + } + break; + case LDB_OP_NOT: + tree->u.isnot.child = anr_replace_subtrees(tree->u.isnot.child, attr, callback, context); + if (!tree->u.isnot.child) { + return NULL; + } + break; + case LDB_OP_EQUALITY: + if (ldb_attr_cmp(tree->u.equality.attr, attr) == 0) { + tree = callback(tree, &tree->u.equality.value, + context); + if (!tree) { + return NULL; + } + } + break; + case LDB_OP_SUBSTRING: + if (ldb_attr_cmp(tree->u.substring.attr, attr) == 0) { + if (tree->u.substring.start_with_wildcard == 0 && + tree->u.substring.end_with_wildcard == 1 && + tree->u.substring.chunks[0] != NULL && + tree->u.substring.chunks[1] == NULL) { + tree = callback(tree, tree->u.substring.chunks[0], context); + if (!tree) { + return NULL; + } + } + } + break; + } + return tree; +} + +/* search */ +static int anr_search(struct ldb_module *module, struct ldb_request *req) +{ + struct ldb_parse_tree *anr_tree; + struct anr_context *context = talloc(req, struct anr_context); + if (!context) { + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + context->module = module; + context->found_anr = false; + + /* Yes, this is a problem with req->op.search.tree being const... */ + anr_tree = anr_replace_subtrees(req->op.search.tree, "anr", anr_replace_callback, context); + if (!anr_tree) { + return LDB_ERR_OPERATIONS_ERROR; + } + + if (context->found_anr) { + /* The above function modifies the tree if it finds "anr", so no + * point just setting this on the down_req */ + req->op.search.tree = talloc_steal(req, anr_tree); + + DEBUG(0, ("anr: %s\n", ldb_filter_from_tree(req, anr_tree))); + } + + /* TODO: Add a callback, and ensure we retry the search with surname and given name if we fail to match */ + + return ldb_next_request(module, req); +} + +static const struct ldb_module_ops anr_ops = { + .name = "anr", + .search = anr_search +}; + +int ldb_anr_init(void) +{ + return ldb_register_module(&anr_ops); +} + diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index b585d0da7f..8350b77b29 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -304,3 +304,16 @@ OBJ_FILES = \ # End MODULE ldb_ranged_results ################################################ +################################################ +# Start MODULE ldb_anr +[MODULE::ldb_anr] +INIT_FUNCTION = ldb_anr_init +CFLAGS = -Ilib/ldb/include +OUTPUT_TYPE = SHARED_LIBRARY +PRIVATE_DEPENDENCIES = LIBTALLOC +SUBSYSTEM = LIBLDB +OBJ_FILES = \ + anr.o +# End MODULE ldb_anr +################################################ + -- cgit From a2cea02584256e2cf59da5420e8e080e70c66939 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 13 Dec 2007 22:46:17 +0100 Subject: r26430: require explicit specification of loadparm context. (This used to be commit 1b947fe0e6e16318e5a8127bb4932d6b5d20bcf6) --- source4/dsdb/samdb/ldb_modules/update_keytab.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/update_keytab.c b/source4/dsdb/samdb/ldb_modules/update_keytab.c index 87efa6a6f8..a18efd757a 100644 --- a/source4/dsdb/samdb/ldb_modules/update_keytab.c +++ b/source4/dsdb/samdb/ldb_modules/update_keytab.c @@ -158,7 +158,7 @@ static int update_kt_end_trans(struct ldb_module *module) struct dn_list *p; for (p=data->changed_dns; p; p = p->next) { int kret; - kret = cli_credentials_update_keytab(p->creds); + kret = cli_credentials_update_keytab(p->creds, ldb_get_opaque(module->ldb, "loadparm")); if (kret != 0) { talloc_free(data->changed_dns); data->changed_dns = NULL; -- cgit From 71e2cafe96f4755b67d01ced497bf5b63aad30f6 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 17 Dec 2007 04:22:44 +0100 Subject: r26483: Merge ldb module dependency fixes, fix auth python module. (This used to be commit 85eeecf997a071ca7e7ad0247e8d34d49b7ffcbb) --- source4/dsdb/samdb/ldb_modules/config.mk | 35 ++++++++++++++++-------------- source4/dsdb/samdb/ldb_modules/partition.c | 22 +++++++++++-------- source4/dsdb/samdb/ldb_modules/schema.c | 4 ++-- 3 files changed, 34 insertions(+), 27 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index 8350b77b29..95bb7de06c 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -11,11 +11,12 @@ OBJ_FILES = \ ################################################ ################################################ -# Start MODULE ldb_repl_mata_data +# Start MODULE ldb_repl_meta_data [MODULE::ldb_repl_meta_data] SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY -PRIVATE_DEPENDENCIES = SAMDB LIBTALLOC LIBNDR NDR_MISC NDR_DRSUAPI NDR_DRSBLOBS +PRIVATE_DEPENDENCIES = SAMDB LIBTALLOC LIBNDR NDR_MISC NDR_DRSUAPI \ + NDR_DRSBLOBS LIBNDR INIT_FUNCTION = repl_meta_data_module_init OBJ_FILES = \ repl_meta_data.o @@ -75,7 +76,7 @@ OBJ_FILES = \ [MODULE::ldb_samldb] SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY -PRIVATE_DEPENDENCIES = LIBTALLOC LDAP_ENCODE +PRIVATE_DEPENDENCIES = LIBTALLOC LDAP_ENCODE NDR_MISC SAMDB INIT_FUNCTION = samldb_module_init OBJ_FILES = \ samldb.o @@ -89,7 +90,8 @@ OBJ_FILES = \ SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY INIT_FUNCTION = ldb_samba3sam_module_init -PRIVATE_DEPENDENCIES = LIBTALLOC ldb_map SMBPASSWD NSS_WRAPPER +PRIVATE_DEPENDENCIES = LIBTALLOC ldb_map SMBPASSWD NSS_WRAPPER LIBSECURITY \ + NDR_SECURITY OBJ_FILES = \ samba3sam.o # @@ -102,7 +104,7 @@ OBJ_FILES = \ SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY INIT_FUNCTION = ldb_simple_ldap_map_module_init -PRIVATE_DEPENDENCIES = LIBTALLOC ldb_map +PRIVATE_DEPENDENCIES = LIBTALLOC ldb_map LIBNDR NDR_MISC ENABLE = YES ALIASES = entryuuid nsuniqueid OBJ_FILES = \ @@ -127,7 +129,7 @@ OBJ_FILES = \ # Start MODULE ldb_rootdse [MODULE::ldb_rootdse] SUBSYSTEM = LIBLDB -PRIVATE_DEPENDENCIES = LIBTALLOC +PRIVATE_DEPENDENCIES = LIBTALLOC SAMDB OUTPUT_TYPE = SHARED_LIBRARY INIT_FUNCTION = rootdse_module_init OBJ_FILES = \ @@ -143,7 +145,8 @@ SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY INIT_FUNCTION = password_hash_module_init OBJ_FILES = password_hash.o -PRIVATE_DEPENDENCIES = HEIMDAL_HDB_KEYS LIBTALLOC HEIMDAL_KRB5 LDAP_ENCODE +PRIVATE_DEPENDENCIES = HEIMDAL_HDB_KEYS LIBTALLOC HEIMDAL_KRB5 LDAP_ENCODE \ + LIBCLI_AUTH NDR_DRSBLOBS KERBEROS SAMDB # # End MODULE ldb_password_hash ################################################ @@ -151,7 +154,7 @@ PRIVATE_DEPENDENCIES = HEIMDAL_HDB_KEYS LIBTALLOC HEIMDAL_KRB5 LDAP_ENCODE ################################################ # Start MODULE ldb_local_password [MODULE::ldb_local_password] -PRIVATE_DEPENDENCIES = LIBTALLOC +PRIVATE_DEPENDENCIES = LIBTALLOC LIBNDR SAMDB OUTPUT_TYPE = SHARED_LIBRARY SUBSYSTEM = LIBLDB INIT_FUNCTION = local_password_module_init @@ -163,7 +166,7 @@ OBJ_FILES = local_password.o ################################################ # Start MODULE ldb_kludge_acl [MODULE::ldb_kludge_acl] -PRIVATE_DEPENDENCIES = LIBTALLOC LIBSECURITY +PRIVATE_DEPENDENCIES = LIBTALLOC LIBSECURITY SAMDB OUTPUT_TYPE = SHARED_LIBRARY SUBSYSTEM = LIBLDB INIT_FUNCTION = ldb_kludge_acl_init @@ -178,7 +181,7 @@ OBJ_FILES = \ [MODULE::ldb_extended_dn] SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY -PRIVATE_DEPENDENCIES = LIBTALLOC +PRIVATE_DEPENDENCIES = LIBTALLOC LIBNDR LIBSECURITY SAMDB INIT_FUNCTION = ldb_extended_dn_init OBJ_FILES = \ extended_dn.o @@ -204,7 +207,7 @@ OBJ_FILES = \ [MODULE::ldb_partition] SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY -PRIVATE_DEPENDENCIES = LIBTALLOC +PRIVATE_DEPENDENCIES = LIBTALLOC SAMDB INIT_FUNCTION = ldb_partition_init OBJ_FILES = \ partition.o @@ -217,7 +220,7 @@ OBJ_FILES = \ [MODULE::ldb_schema] SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY -PRIVATE_DEPENDENCIES = LIBTALLOC +PRIVATE_DEPENDENCIES = LIBTALLOC LIBLDB INIT_FUNCTION = ldb_schema_init OBJ_FILES = \ schema.o schema_syntax.o @@ -230,7 +233,7 @@ OBJ_FILES = \ [MODULE::ldb_update_keytab] SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY -PRIVATE_DEPENDENCIES = LIBTALLOC CREDENTIALS_KRB5 +PRIVATE_DEPENDENCIES = LIBTALLOC CREDENTIALS #Also depends on credentials, but that would loop INIT_FUNCTION = ldb_update_kt_init OBJ_FILES = \ @@ -245,7 +248,7 @@ OBJ_FILES = \ INIT_FUNCTION = ldb_objectclass_init OUTPUT_TYPE = SHARED_LIBRARY CFLAGS = -Ilib/ldb/include -PRIVATE_DEPENDENCIES = LIBTALLOC +PRIVATE_DEPENDENCIES = LIBTALLOC LIBSECURITY NDR_SECURITY SAMDB SUBSYSTEM = LIBLDB OBJ_FILES = \ objectclass.o @@ -284,7 +287,7 @@ OBJ_FILES = \ INIT_FUNCTION = ldb_linked_attributes_init CFLAGS = -Ilib/ldb/include OUTPUT_TYPE = SHARED_LIBRARY -PRIVATE_DEPENDENCIES = LIBTALLOC SAMDB +PRIVATE_DEPENDENCIES = LIBTALLOC SAMDB SUBSYSTEM = LIBLDB OBJ_FILES = \ linked_attributes.o @@ -310,7 +313,7 @@ OBJ_FILES = \ INIT_FUNCTION = ldb_anr_init CFLAGS = -Ilib/ldb/include OUTPUT_TYPE = SHARED_LIBRARY -PRIVATE_DEPENDENCIES = LIBTALLOC +PRIVATE_DEPENDENCIES = LIBTALLOC LIBSAMBA-UTIL SAMDB SUBSYSTEM = LIBLDB OBJ_FILES = \ anr.o diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index bf4421ab0d..4586810d96 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -117,9 +117,9 @@ static struct dsdb_control_current_partition *find_partition(struct partition_pr return NULL; }; -/* - fire the caller's callback for every entry, but only send 'done' once. -*/ +/** + * fire the caller's callback for every entry, but only send 'done' once. + */ static int partition_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) { struct partition_context *ac; @@ -139,9 +139,9 @@ static int partition_search_callback(struct ldb_context *ldb, void *context, str } } -/* - only fire the 'last' callback, and only for START-TLS for now -*/ +/** + * only fire the 'last' callback, and only for START-TLS for now + */ static int partition_other_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) { struct partition_context *ac; @@ -248,7 +248,9 @@ static int partition_send_request(struct partition_context *ac, struct ldb_contr return LDB_SUCCESS; } -/* Send a request down to all the partitions */ +/** + * Send a request down to all the partitions + */ static int partition_send_all(struct ldb_module *module, struct partition_context *ac, struct ldb_control *remove_control, @@ -270,8 +272,10 @@ static int partition_send_all(struct ldb_module *module, return LDB_SUCCESS; } -/* Figure out which backend a request needs to be aimed at. Some - * requests must be replicated to all backends */ +/** + * Figure out which backend a request needs to be aimed at. Some + * requests must be replicated to all backends + */ static int partition_replicate(struct ldb_module *module, struct ldb_request *req, struct ldb_dn *dn) { unsigned i; diff --git a/source4/dsdb/samdb/ldb_modules/schema.c b/source4/dsdb/samdb/ldb_modules/schema.c index cf923d673b..525193ac8c 100644 --- a/source4/dsdb/samdb/ldb_modules/schema.c +++ b/source4/dsdb/samdb/ldb_modules/schema.c @@ -329,7 +329,7 @@ done: static int schema_init_classes(struct ldb_module *module, struct schema_private_data *data) { - static const char *schema_attrs[] = { "governsID", + const char *schema_attrs[] = { "governsID", "lDAPDisplayName", "objectClassCategory", "defaultObjectCategory", @@ -542,7 +542,7 @@ static int schema_add_check_parent(struct ldb_context *ldb, void *context, struc static int schema_add_build_parent_req(struct schema_context *sctx) { - static const char * const parent_attrs[] = { "objectClass", NULL }; + const char * const parent_attrs[] = { "objectClass", NULL }; int ret; sctx->parent_req = talloc_zero(sctx, struct ldb_request); -- cgit From 9fcafcae06a2bf98fc5400c9bdb7cbb7c8f89dc3 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 17 Dec 2007 05:19:48 +0100 Subject: r26485: Fix indent, remove left-over debug. Andrew Bartlett (This used to be commit 2277f2d88716e0911d5f35bd4c979b2fc2f9473b) --- source4/dsdb/samdb/ldb_modules/anr.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/anr.c b/source4/dsdb/samdb/ldb_modules/anr.c index 44b47aafdd..901215e972 100644 --- a/source4/dsdb/samdb/ldb_modules/anr.c +++ b/source4/dsdb/samdb/ldb_modules/anr.c @@ -229,7 +229,7 @@ struct ldb_parse_tree *anr_replace_subtrees(struct ldb_parse_tree *tree, case LDB_OP_OR: for (i=0;iu.list.num_elements;i++) { tree->u.list.elements[i] = anr_replace_subtrees(tree->u.list.elements[i], - attr, callback, context); + attr, callback, context); if (!tree->u.list.elements[i]) { return NULL; } @@ -291,7 +291,6 @@ static int anr_search(struct ldb_module *module, struct ldb_request *req) * point just setting this on the down_req */ req->op.search.tree = talloc_steal(req, anr_tree); - DEBUG(0, ("anr: %s\n", ldb_filter_from_tree(req, anr_tree))); } /* TODO: Add a callback, and ensure we retry the search with surname and given name if we fail to match */ -- cgit From dfc27ff863baa7fff6f0c039f48c9a336a0632fc Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 17 Dec 2007 05:56:42 +0100 Subject: r26488: Implement tests for the ranged_results module. Untested code is broken code, so rework the module until it passes... It turns out that AD puts search attributes onto the wire in the reverse order to what Samba does. This complicates exact value matching, so this is skipped for now. Andrew Bartlett (This used to be commit 91bcb60d31d54e52128d5bd107df4ceb87389889) --- source4/dsdb/samdb/ldb_modules/ranged_results.c | 62 ++++++++++++++----------- 1 file changed, 34 insertions(+), 28 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/ranged_results.c b/source4/dsdb/samdb/ldb_modules/ranged_results.c index 8f368b6f14..affc01d413 100644 --- a/source4/dsdb/samdb/ldb_modules/ranged_results.c +++ b/source4/dsdb/samdb/ldb_modules/ranged_results.c @@ -60,9 +60,10 @@ static int rr_search_callback(struct ldb_context *ldb, void *context, struct ldb if (strncasecmp(p, ";range=", strlen(";range=")) != 0) { continue; } - if (sscanf(p, ";range=%u-*", &start) == 1) { + if (sscanf(p, ";range=%u-%u", &start, &end) == 2) { + } else if (sscanf(p, ";range=%u-*", &start) == 1) { end = (unsigned int)-1; - } else if (sscanf(p, ";range=%u-%u", &start, &end) != 2) { + } else { continue; } new_attr = talloc_strndup(orig_req, @@ -82,39 +83,44 @@ static int rr_search_callback(struct ldb_context *ldb, void *context, struct ldb ldb_asprintf_errstring(ldb, "range request error: start must not be greater than end"); return LDB_ERR_UNWILLING_TO_PERFORM; } - if (end >= el->num_values) { + if (end >= (el->num_values - 1)) { /* Need to leave the requested attribute in * there (so add an empty one to match) */ end_str = "*"; - end = el->num_values; - ret = ldb_msg_add_empty(ares->message, orig_req->op.search.attrs[i], - 0, NULL); - if (ret != LDB_SUCCESS) { - return ret; - } + end = el->num_values - 1; } else { end_str = talloc_asprintf(el, "%u", end); + if (!end_str) { + ldb_oom(ldb); + return LDB_ERR_OPERATIONS_ERROR; + } } - orig_values = el->values; - orig_num_values = el->num_values; - - if ((start + end < start) || (start + end < end)) { - ldb_asprintf_errstring(ldb, "range request error: start or end would overflow!"); - return LDB_ERR_UNWILLING_TO_PERFORM; - } - - el->values = talloc_array(el, struct ldb_val, end - start); - el->num_values = 0; - - if (!el->values) { - ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - for (j=start; j < end; j++) { - el->values[el->num_values] = orig_values[j]; - el->num_values++; + /* If start is greater then where we noe find the end to be */ + if (start > end) { + el->num_values = 0; + el->values = NULL; + } else { + orig_values = el->values; + orig_num_values = el->num_values; + + if ((start + end < start) || (start + end < end)) { + ldb_asprintf_errstring(ldb, "range request error: start or end would overflow!"); + return LDB_ERR_UNWILLING_TO_PERFORM; + } + + el->num_values = 0; + + el->values = talloc_array(el, struct ldb_val, (end - start) + 1); + if (!el->values) { + ldb_oom(ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + for (j=start; j <= end; j++) { + el->values[el->num_values] = orig_values[j]; + el->num_values++; + } } - el->name = talloc_asprintf(el, "%s;Range=%u-%s", el->name, start, end_str); + el->name = talloc_asprintf(el, "%s;range=%u-%s", el->name, start, end_str); if (!el->name) { ldb_oom(ldb); return LDB_ERR_OPERATIONS_ERROR; -- cgit From 2fef113e82c1f324dc5b5474100eb537f0c98f80 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 18 Dec 2007 02:21:24 +0100 Subject: r26521: Fix newlines. (This used to be commit 174aa1583791a4c305bc49cf78f8f10d42701bc9) --- source4/dsdb/samdb/ldb_modules/naming_fsmo.c | 8 ++++---- source4/dsdb/samdb/ldb_modules/pdc_fsmo.c | 8 ++++---- source4/dsdb/samdb/ldb_modules/schema_fsmo.c | 8 ++++---- 3 files changed, 12 insertions(+), 12 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/naming_fsmo.c b/source4/dsdb/samdb/ldb_modules/naming_fsmo.c index ddd357a4c6..d6b6a24287 100644 --- a/source4/dsdb/samdb/ldb_modules/naming_fsmo.c +++ b/source4/dsdb/samdb/ldb_modules/naming_fsmo.c @@ -52,7 +52,7 @@ static int naming_fsmo_init(struct ldb_module *module) naming_dn = samdb_partitions_dn(module->ldb, mem_ctx); if (!naming_dn) { ldb_debug(module->ldb, LDB_DEBUG_WARNING, - "naming_fsmo_init: no partitions dn present: (skip loading of naming contexts details)"); + "naming_fsmo_init: no partitions dn present: (skip loading of naming contexts details)\n"); talloc_free(mem_ctx); return ldb_next_init(module); } @@ -70,7 +70,7 @@ static int naming_fsmo_init(struct ldb_module *module) &naming_res); if (ret == LDB_ERR_NO_SUCH_OBJECT) { ldb_debug(module->ldb, LDB_DEBUG_WARNING, - "naming_fsmo_init: no partitions dn present: (skip loading of naming contexts details)"); + "naming_fsmo_init: no partitions dn present: (skip loading of naming contexts details)\n"); talloc_free(mem_ctx); return ldb_next_init(module); } @@ -84,7 +84,7 @@ static int naming_fsmo_init(struct ldb_module *module) talloc_steal(mem_ctx, naming_res); if (naming_res->count == 0) { ldb_debug(module->ldb, LDB_DEBUG_WARNING, - "naming_fsmo_init: no cross-ref container present: (skip loading of naming contexts details)"); + "naming_fsmo_init: no cross-ref container present: (skip loading of naming contexts details)\n"); talloc_free(mem_ctx); return ldb_next_init(module); } else if (naming_res->count > 1) { @@ -110,7 +110,7 @@ static int naming_fsmo_init(struct ldb_module *module) talloc_steal(module, naming_fsmo); ldb_debug(module->ldb, LDB_DEBUG_TRACE, - "naming_fsmo_init: we are master: %s", + "naming_fsmo_init: we are master: %s\n", (naming_fsmo->we_are_master?"yes":"no")); talloc_free(mem_ctx); diff --git a/source4/dsdb/samdb/ldb_modules/pdc_fsmo.c b/source4/dsdb/samdb/ldb_modules/pdc_fsmo.c index ed9b554bb1..0f3293ed1d 100644 --- a/source4/dsdb/samdb/ldb_modules/pdc_fsmo.c +++ b/source4/dsdb/samdb/ldb_modules/pdc_fsmo.c @@ -51,7 +51,7 @@ static int pdc_fsmo_init(struct ldb_module *module) pdc_dn = samdb_base_dn(module->ldb); if (!pdc_dn) { ldb_debug(module->ldb, LDB_DEBUG_WARNING, - "pdc_fsmo_init: no domain dn present: (skip loading of domain details)"); + "pdc_fsmo_init: no domain dn present: (skip loading of domain details)\n"); talloc_free(mem_ctx); return ldb_next_init(module); } @@ -69,7 +69,7 @@ static int pdc_fsmo_init(struct ldb_module *module) &pdc_res); if (ret == LDB_ERR_NO_SUCH_OBJECT) { ldb_debug(module->ldb, LDB_DEBUG_WARNING, - "pdc_fsmo_init: no domain object present: (skip loading of domain details)"); + "pdc_fsmo_init: no domain object present: (skip loading of domain details)\n"); talloc_free(mem_ctx); return ldb_next_init(module); } else if (ret != LDB_SUCCESS) { @@ -82,7 +82,7 @@ static int pdc_fsmo_init(struct ldb_module *module) talloc_steal(mem_ctx, pdc_res); if (pdc_res->count == 0) { ldb_debug(module->ldb, LDB_DEBUG_WARNING, - "pdc_fsmo_init: no domain object present: (skip loading of domain details)"); + "pdc_fsmo_init: no domain object present: (skip loading of domain details)\n"); talloc_free(mem_ctx); return ldb_next_init(module); } else if (pdc_res->count > 1) { @@ -108,7 +108,7 @@ static int pdc_fsmo_init(struct ldb_module *module) talloc_steal(module, pdc_fsmo); ldb_debug(module->ldb, LDB_DEBUG_TRACE, - "pdc_fsmo_init: we are master: %s", + "pdc_fsmo_init: we are master: %s\n", (pdc_fsmo->we_are_master?"yes":"no")); talloc_free(mem_ctx); diff --git a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c index 28853f3e34..559c91bd2d 100644 --- a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c +++ b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c @@ -60,7 +60,7 @@ static int schema_fsmo_init(struct ldb_module *module) schema_dn = samdb_schema_dn(module->ldb); if (!schema_dn) { ldb_debug(module->ldb, LDB_DEBUG_WARNING, - "schema_fsmo_init: no schema dn present: (skip schema loading)"); + "schema_fsmo_init: no schema dn present: (skip schema loading)\n"); return ldb_next_init(module); } @@ -92,7 +92,7 @@ static int schema_fsmo_init(struct ldb_module *module) &schema_res); if (ret == LDB_ERR_NO_SUCH_OBJECT) { ldb_debug(module->ldb, LDB_DEBUG_WARNING, - "schema_fsmo_init: no schema head present: (skip schema loading)"); + "schema_fsmo_init: no schema head present: (skip schema loading)\n"); talloc_free(mem_ctx); return ldb_next_init(module); } else if (ret != LDB_SUCCESS) { @@ -105,7 +105,7 @@ static int schema_fsmo_init(struct ldb_module *module) talloc_steal(mem_ctx, schema_res); if (schema_res->count == 0) { ldb_debug(module->ldb, LDB_DEBUG_WARNING, - "schema_fsmo_init: no schema head present: (skip schema loading)"); + "schema_fsmo_init: no schema head present: (skip schema loading)\n"); talloc_free(mem_ctx); return ldb_next_init(module); } else if (schema_res->count > 1) { @@ -246,7 +246,7 @@ static int schema_fsmo_init(struct ldb_module *module) talloc_steal(module, schema_fsmo); ldb_debug(module->ldb, LDB_DEBUG_TRACE, - "schema_fsmo_init: we are master: %s", + "schema_fsmo_init: we are master: %s\n", (schema_fsmo->we_are_master?"yes":"no")); talloc_free(mem_ctx); -- cgit From 3e75f222bcdf114238cc4f2bcc61332dc059135f Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 19 Dec 2007 23:27:42 +0100 Subject: r26539: Remove unnecessary statics. (This used to be commit e53e79eebef3ece6978f0a2b4a1ee0a0814bb5d2) --- source4/dsdb/samdb/ldb_modules/kludge_acl.c | 2 +- source4/dsdb/samdb/ldb_modules/local_password.c | 2 +- source4/dsdb/samdb/ldb_modules/naming_fsmo.c | 2 +- source4/dsdb/samdb/ldb_modules/objectclass.c | 6 +++--- source4/dsdb/samdb/ldb_modules/password_hash.c | 4 ++-- source4/dsdb/samdb/ldb_modules/pdc_fsmo.c | 2 +- source4/dsdb/samdb/ldb_modules/ranged_results.c | 2 +- source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 2 +- source4/dsdb/samdb/ldb_modules/schema.c | 4 ++-- source4/dsdb/samdb/ldb_modules/schema_fsmo.c | 2 +- source4/dsdb/samdb/ldb_modules/simple_ldap_map.c | 2 +- 11 files changed, 15 insertions(+), 15 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index 97130495a3..9a05c866c5 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -408,7 +408,7 @@ static int kludge_acl_init(struct ldb_module *module) { int ret, i; TALLOC_CTX *mem_ctx = talloc_new(module); - static const char *attrs[] = { "passwordAttribute", NULL }; + const char *attrs[] = { "passwordAttribute", NULL }; struct ldb_result *res; struct ldb_message *msg; struct ldb_message_element *password_attributes; diff --git a/source4/dsdb/samdb/ldb_modules/local_password.c b/source4/dsdb/samdb/ldb_modules/local_password.c index 350434df51..bbbbbd71c8 100644 --- a/source4/dsdb/samdb/ldb_modules/local_password.c +++ b/source4/dsdb/samdb/ldb_modules/local_password.c @@ -378,7 +378,7 @@ static int get_self_callback(struct ldb_context *ldb, void *context, struct ldb_ static int local_password_mod_search_self(struct ldb_handle *h) { struct lpdb_context *ac; - static const char * const attrs[] = { "objectGUID", "objectClass", NULL }; + const char * const attrs[] = { "objectGUID", "objectClass", NULL }; ac = talloc_get_type(h->private_data, struct lpdb_context); diff --git a/source4/dsdb/samdb/ldb_modules/naming_fsmo.c b/source4/dsdb/samdb/ldb_modules/naming_fsmo.c index d6b6a24287..41d35dffc1 100644 --- a/source4/dsdb/samdb/ldb_modules/naming_fsmo.c +++ b/source4/dsdb/samdb/ldb_modules/naming_fsmo.c @@ -38,7 +38,7 @@ static int naming_fsmo_init(struct ldb_module *module) struct dsdb_naming_fsmo *naming_fsmo; struct ldb_result *naming_res; int ret; - static const char *naming_attrs[] = { + const char *naming_attrs[] = { "fSMORoleOwner", NULL }; diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c index da5cae1c65..44a940f97b 100644 --- a/source4/dsdb/samdb/ldb_modules/objectclass.c +++ b/source4/dsdb/samdb/ldb_modules/objectclass.c @@ -361,7 +361,7 @@ static int fix_attributes(struct ldb_context *ldb, const struct dsdb_schema *sch static int objectclass_add(struct ldb_module *module, struct ldb_request *req) { - static const char * const attrs[] = { NULL }; + const char * const attrs[] = { NULL }; struct ldb_handle *h; struct oc_context *ac; @@ -748,7 +748,7 @@ static int objectclass_search_self(struct ldb_handle *h) { int ret; struct oc_context *ac; - static const char * const attrs[] = { "objectClass", NULL }; + const char * const attrs[] = { "objectClass", NULL }; ac = talloc_get_type(h->private_data, struct oc_context); @@ -865,7 +865,7 @@ static int objectclass_do_mod(struct ldb_handle *h) { static int objectclass_rename(struct ldb_module *module, struct ldb_request *req) { - static const char * const attrs[] = { NULL }; + const char * const attrs[] = { NULL }; struct ldb_handle *h; struct oc_context *ac; diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index d139cc23a4..03c2bbc7ae 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -1198,7 +1198,7 @@ static int build_domain_data_request(struct ph_context *ac) /* attrs[] is returned from this function in ac->dom_req->op.search.attrs, so it must be static, as otherwise the compiler can put it on the stack */ - static const char * const attrs[] = { "pwdProperties", "pwdHistoryLength", NULL }; + const char * const attrs[] = { "pwdProperties", "pwdHistoryLength", NULL }; char *filter; ac->dom_req = talloc_zero(ac, struct ldb_request); @@ -1662,7 +1662,7 @@ static int get_self_callback(struct ldb_context *ldb, void *context, struct ldb_ static int password_hash_mod_search_self(struct ldb_handle *h) { struct ph_context *ac; - static const char * const attrs[] = { "userAccountControl", "lmPwdHistory", + const char * const attrs[] = { "userAccountControl", "lmPwdHistory", "ntPwdHistory", "objectSid", "msDS-KeyVersionNumber", "objectClass", "userPrincipalName", diff --git a/source4/dsdb/samdb/ldb_modules/pdc_fsmo.c b/source4/dsdb/samdb/ldb_modules/pdc_fsmo.c index 0f3293ed1d..d27b0c12f7 100644 --- a/source4/dsdb/samdb/ldb_modules/pdc_fsmo.c +++ b/source4/dsdb/samdb/ldb_modules/pdc_fsmo.c @@ -37,7 +37,7 @@ static int pdc_fsmo_init(struct ldb_module *module) struct dsdb_pdc_fsmo *pdc_fsmo; struct ldb_result *pdc_res; int ret; - static const char *pdc_attrs[] = { + const char *pdc_attrs[] = { "fSMORoleOwner", NULL }; diff --git a/source4/dsdb/samdb/ldb_modules/ranged_results.c b/source4/dsdb/samdb/ldb_modules/ranged_results.c index affc01d413..345b8b8440 100644 --- a/source4/dsdb/samdb/ldb_modules/ranged_results.c +++ b/source4/dsdb/samdb/ldb_modules/ranged_results.c @@ -40,7 +40,7 @@ static int rr_search_callback(struct ldb_context *ldb, void *context, struct ldb { struct rr_context *rr_context = talloc_get_type(context, struct rr_context); struct ldb_request *orig_req = rr_context->orig_req; - int i, j, ret; + int i, j; if (ares->type != LDB_REPLY_ENTRY) { return rr_context->orig_req->callback(ldb, rr_context->orig_req->context, ares); diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index 497ee373de..b37ac49b28 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -1519,7 +1519,7 @@ static int replmd_replicated_uptodate_search_callback(struct ldb_context *ldb, static int replmd_replicated_uptodate_search(struct replmd_replicated_request *ar) { int ret; - static const char *attrs[] = { + const char *attrs[] = { "replUpToDateVector", "repsFrom", NULL diff --git a/source4/dsdb/samdb/ldb_modules/schema.c b/source4/dsdb/samdb/ldb_modules/schema.c index 525193ac8c..5c7b72c12c 100644 --- a/source4/dsdb/samdb/ldb_modules/schema.c +++ b/source4/dsdb/samdb/ldb_modules/schema.c @@ -235,7 +235,7 @@ struct schema_attribute **schema_get_attrs_list(struct ldb_module *module, static int schema_init_attrs(struct ldb_module *module, struct schema_private_data *data) { - static const char *schema_attrs[] = { "attributeID", + const char *schema_attrs[] = { "attributeID", "lDAPDisplayName", "attributeSyntax", "oMSyntax", @@ -1156,7 +1156,7 @@ static int schema_wait(struct ldb_handle *handle, enum ldb_wait_type type) static int schema_init(struct ldb_module *module) { - static const char *schema_attrs[] = { "schemaNamingContext", NULL }; + const char *schema_attrs[] = { "schemaNamingContext", NULL }; struct schema_private_data *data; struct ldb_result *res; int ret; diff --git a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c index 559c91bd2d..ade576ac99 100644 --- a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c +++ b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c @@ -46,7 +46,7 @@ static int schema_fsmo_init(struct ldb_module *module) struct ldb_result *c_res; uint32_t i; int ret; - static const char *schema_attrs[] = { + const char *schema_attrs[] = { "prefixMap", "schemaInfo", "fSMORoleOwner", diff --git a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c index 7efcccc9ff..a5a3ba6aef 100644 --- a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c +++ b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c @@ -752,7 +752,7 @@ static int entryuuid_sequence_number(struct ldb_module *module, struct ldb_reque entryuuid_private->base_dns && entryuuid_private->base_dns[i]; i++) { - static const char *contextCSN_attr[] = { + const char *contextCSN_attr[] = { "contextCSN", NULL }; search_req = talloc(req, struct ldb_request); -- cgit From 0500b87092540d300b4e021a0fb95ce16a44fbd2 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 20 Dec 2007 00:02:15 +0100 Subject: r26540: Revert my previous commit after concerns raised by Andrew. (This used to be commit 6ac86f8be7d9a8c5ab396a93e6d1e6819e11f173) --- source4/dsdb/samdb/ldb_modules/kludge_acl.c | 2 +- source4/dsdb/samdb/ldb_modules/local_password.c | 2 +- source4/dsdb/samdb/ldb_modules/naming_fsmo.c | 2 +- source4/dsdb/samdb/ldb_modules/objectclass.c | 6 +++--- source4/dsdb/samdb/ldb_modules/password_hash.c | 4 ++-- source4/dsdb/samdb/ldb_modules/pdc_fsmo.c | 2 +- source4/dsdb/samdb/ldb_modules/ranged_results.c | 2 +- source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 2 +- source4/dsdb/samdb/ldb_modules/schema.c | 4 ++-- source4/dsdb/samdb/ldb_modules/schema_fsmo.c | 2 +- source4/dsdb/samdb/ldb_modules/simple_ldap_map.c | 2 +- 11 files changed, 15 insertions(+), 15 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index 9a05c866c5..97130495a3 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -408,7 +408,7 @@ static int kludge_acl_init(struct ldb_module *module) { int ret, i; TALLOC_CTX *mem_ctx = talloc_new(module); - const char *attrs[] = { "passwordAttribute", NULL }; + static const char *attrs[] = { "passwordAttribute", NULL }; struct ldb_result *res; struct ldb_message *msg; struct ldb_message_element *password_attributes; diff --git a/source4/dsdb/samdb/ldb_modules/local_password.c b/source4/dsdb/samdb/ldb_modules/local_password.c index bbbbbd71c8..350434df51 100644 --- a/source4/dsdb/samdb/ldb_modules/local_password.c +++ b/source4/dsdb/samdb/ldb_modules/local_password.c @@ -378,7 +378,7 @@ static int get_self_callback(struct ldb_context *ldb, void *context, struct ldb_ static int local_password_mod_search_self(struct ldb_handle *h) { struct lpdb_context *ac; - const char * const attrs[] = { "objectGUID", "objectClass", NULL }; + static const char * const attrs[] = { "objectGUID", "objectClass", NULL }; ac = talloc_get_type(h->private_data, struct lpdb_context); diff --git a/source4/dsdb/samdb/ldb_modules/naming_fsmo.c b/source4/dsdb/samdb/ldb_modules/naming_fsmo.c index 41d35dffc1..d6b6a24287 100644 --- a/source4/dsdb/samdb/ldb_modules/naming_fsmo.c +++ b/source4/dsdb/samdb/ldb_modules/naming_fsmo.c @@ -38,7 +38,7 @@ static int naming_fsmo_init(struct ldb_module *module) struct dsdb_naming_fsmo *naming_fsmo; struct ldb_result *naming_res; int ret; - const char *naming_attrs[] = { + static const char *naming_attrs[] = { "fSMORoleOwner", NULL }; diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c index 44a940f97b..da5cae1c65 100644 --- a/source4/dsdb/samdb/ldb_modules/objectclass.c +++ b/source4/dsdb/samdb/ldb_modules/objectclass.c @@ -361,7 +361,7 @@ static int fix_attributes(struct ldb_context *ldb, const struct dsdb_schema *sch static int objectclass_add(struct ldb_module *module, struct ldb_request *req) { - const char * const attrs[] = { NULL }; + static const char * const attrs[] = { NULL }; struct ldb_handle *h; struct oc_context *ac; @@ -748,7 +748,7 @@ static int objectclass_search_self(struct ldb_handle *h) { int ret; struct oc_context *ac; - const char * const attrs[] = { "objectClass", NULL }; + static const char * const attrs[] = { "objectClass", NULL }; ac = talloc_get_type(h->private_data, struct oc_context); @@ -865,7 +865,7 @@ static int objectclass_do_mod(struct ldb_handle *h) { static int objectclass_rename(struct ldb_module *module, struct ldb_request *req) { - const char * const attrs[] = { NULL }; + static const char * const attrs[] = { NULL }; struct ldb_handle *h; struct oc_context *ac; diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 03c2bbc7ae..d139cc23a4 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -1198,7 +1198,7 @@ static int build_domain_data_request(struct ph_context *ac) /* attrs[] is returned from this function in ac->dom_req->op.search.attrs, so it must be static, as otherwise the compiler can put it on the stack */ - const char * const attrs[] = { "pwdProperties", "pwdHistoryLength", NULL }; + static const char * const attrs[] = { "pwdProperties", "pwdHistoryLength", NULL }; char *filter; ac->dom_req = talloc_zero(ac, struct ldb_request); @@ -1662,7 +1662,7 @@ static int get_self_callback(struct ldb_context *ldb, void *context, struct ldb_ static int password_hash_mod_search_self(struct ldb_handle *h) { struct ph_context *ac; - const char * const attrs[] = { "userAccountControl", "lmPwdHistory", + static const char * const attrs[] = { "userAccountControl", "lmPwdHistory", "ntPwdHistory", "objectSid", "msDS-KeyVersionNumber", "objectClass", "userPrincipalName", diff --git a/source4/dsdb/samdb/ldb_modules/pdc_fsmo.c b/source4/dsdb/samdb/ldb_modules/pdc_fsmo.c index d27b0c12f7..0f3293ed1d 100644 --- a/source4/dsdb/samdb/ldb_modules/pdc_fsmo.c +++ b/source4/dsdb/samdb/ldb_modules/pdc_fsmo.c @@ -37,7 +37,7 @@ static int pdc_fsmo_init(struct ldb_module *module) struct dsdb_pdc_fsmo *pdc_fsmo; struct ldb_result *pdc_res; int ret; - const char *pdc_attrs[] = { + static const char *pdc_attrs[] = { "fSMORoleOwner", NULL }; diff --git a/source4/dsdb/samdb/ldb_modules/ranged_results.c b/source4/dsdb/samdb/ldb_modules/ranged_results.c index 345b8b8440..affc01d413 100644 --- a/source4/dsdb/samdb/ldb_modules/ranged_results.c +++ b/source4/dsdb/samdb/ldb_modules/ranged_results.c @@ -40,7 +40,7 @@ static int rr_search_callback(struct ldb_context *ldb, void *context, struct ldb { struct rr_context *rr_context = talloc_get_type(context, struct rr_context); struct ldb_request *orig_req = rr_context->orig_req; - int i, j; + int i, j, ret; if (ares->type != LDB_REPLY_ENTRY) { return rr_context->orig_req->callback(ldb, rr_context->orig_req->context, ares); diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index b37ac49b28..497ee373de 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -1519,7 +1519,7 @@ static int replmd_replicated_uptodate_search_callback(struct ldb_context *ldb, static int replmd_replicated_uptodate_search(struct replmd_replicated_request *ar) { int ret; - const char *attrs[] = { + static const char *attrs[] = { "replUpToDateVector", "repsFrom", NULL diff --git a/source4/dsdb/samdb/ldb_modules/schema.c b/source4/dsdb/samdb/ldb_modules/schema.c index 5c7b72c12c..525193ac8c 100644 --- a/source4/dsdb/samdb/ldb_modules/schema.c +++ b/source4/dsdb/samdb/ldb_modules/schema.c @@ -235,7 +235,7 @@ struct schema_attribute **schema_get_attrs_list(struct ldb_module *module, static int schema_init_attrs(struct ldb_module *module, struct schema_private_data *data) { - const char *schema_attrs[] = { "attributeID", + static const char *schema_attrs[] = { "attributeID", "lDAPDisplayName", "attributeSyntax", "oMSyntax", @@ -1156,7 +1156,7 @@ static int schema_wait(struct ldb_handle *handle, enum ldb_wait_type type) static int schema_init(struct ldb_module *module) { - const char *schema_attrs[] = { "schemaNamingContext", NULL }; + static const char *schema_attrs[] = { "schemaNamingContext", NULL }; struct schema_private_data *data; struct ldb_result *res; int ret; diff --git a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c index ade576ac99..559c91bd2d 100644 --- a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c +++ b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c @@ -46,7 +46,7 @@ static int schema_fsmo_init(struct ldb_module *module) struct ldb_result *c_res; uint32_t i; int ret; - const char *schema_attrs[] = { + static const char *schema_attrs[] = { "prefixMap", "schemaInfo", "fSMORoleOwner", diff --git a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c index a5a3ba6aef..7efcccc9ff 100644 --- a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c +++ b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c @@ -752,7 +752,7 @@ static int entryuuid_sequence_number(struct ldb_module *module, struct ldb_reque entryuuid_private->base_dns && entryuuid_private->base_dns[i]; i++) { - const char *contextCSN_attr[] = { + static const char *contextCSN_attr[] = { "contextCSN", NULL }; search_req = talloc(req, struct ldb_request); -- cgit From aa0a06f13c44e0eca0b3f2f0c34f0f7995b87159 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sun, 23 Dec 2007 19:19:41 -0600 Subject: r26570: - Trim size of the swig-generated Python bindings by removing a bunch of {}'s. - Start working on Python equivalents for various EJS tests. - Fix regression in argument order for reg_diff_apply() in EJS bindings. (This used to be commit c550c03372cb260b78f6a6c132e70571bc4cb852) --- source4/dsdb/samdb/ldb_modules/tests/samba3sam.py | 1067 +++++++++++++++++++++ 1 file changed, 1067 insertions(+) create mode 100644 source4/dsdb/samdb/ldb_modules/tests/samba3sam.py (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py b/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py new file mode 100644 index 0000000000..6a4935bf4d --- /dev/null +++ b/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py @@ -0,0 +1,1067 @@ +#!/usr/bin/python + +# Unix SMB/CIFS implementation. +# Copyright (C) Jelmer Vernooij 2005-2007 +# Copyright (C) Martin Kuehl 2006 +# +# This is a Python port of the original in testprogs/ejs/samba3sam.js +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +import os +import sys +import samba +import ldb +from samba import Ldb, substitute_var +from samba.tests import LdbTestCase, TestCaseInTempDir + +datadir = sys.argv[2] + +class Samba3SamTestCase(TestCaseInTempDir): + def setup_data(self, obj, ldif): + self.assertTrue(ldif is not None) + obj.db.add_ldif(substitute_var(ldif, obj.substvars)) + + def setup_modules(self, ldb, s3, s4, ldif): + self.assertTrue(ldif is not None) + ldb.add_ldif(substitute_var(ldif, s4.substvars)) + + ldif = """ +dn: @MAP=samba3sam +@FROM: """ + s4.substvars["BASEDN"] + """ +@TO: sambaDomainName=TESTS,""" + s3.substvars["BASEDN"] + """ + +dn: @MODULES +@LIST: rootdse,paged_results,server_sort,extended_dn,asq,samldb,password_hash,operational,objectguid,rdn_name,samba3sam,partition + +dn: @PARTITION +partition: """ + s4.substvars["BASEDN"] + ":" + s4.url + """ +partition: """ + s3.substvars["BASEDN"] + ":" + s3.url + """ +replicateEntries: @SUBCLASSES +replicateEntries: @ATTRIBUTES +replicateEntries: @INDEXLIST +""" + ldb.add_ldif(ldif) + + def test_s3sam_search(self, ldb): + print "Looking up by non-mapped attribute" + msg = ldb.search(expression="(cn=Administrator)") + self.assertEquals(len(msg), 1) + self.assertEquals(msg[0]["cn"], "Administrator") + + print "Looking up by mapped attribute" + msg = ldb.search(expression="(name=Backup Operators)") + self.assertEquals(len(msg), 1) + self.assertEquals(msg[0]["name"], "Backup Operators") + + print "Looking up by old name of renamed attribute" + msg = ldb.search(expression="(displayName=Backup Operators)") + self.assertEquals(len(msg), 0) + + print "Looking up mapped entry containing SID" + msg = ldb.search(expression="(cn=Replicator)") + self.assertEquals(len(msg), 1) + print msg[0].dn + self.assertEquals(str(msg[0].dn), "cn=Replicator,ou=Groups,dc=vernstok,dc=nl") + self.assertEquals(msg[0]["objectSid"], "S-1-5-21-4231626423-2410014848-2360679739-552") + + print "Checking mapping of objectClass" + oc = set(msg[0]["objectClass"]) + self.assertTrue(oc is not None) + for i in oc: + self.assertEquals(oc[i] == "posixGroup" or oc[i], "group") + + print "Looking up by objectClass" + msg = ldb.search(expression="(|(objectClass=user)(cn=Administrator))") + self.assertEquals(len(msg), 2) + for i in range(len(msg)): + self.assertEquals((str(msg[i].dn), "unixName=Administrator,ou=Users,dc=vernstok,dc=nl") or + (str(msg[i].dn) == "unixName=nobody,ou=Users,dc=vernstok,dc=nl")) + + + def test_s3sam_modify(ldb, s3): + print "Adding a record that will be fallbacked" + ldb.add_ldif(""" +dn: cn=Foo +foo: bar +blah: Blie +cn: Foo +showInAdvancedViewOnly: TRUE + """) + + print "Checking for existence of record (local)" + # TODO: This record must be searched in the local database, which is currently only supported for base searches + # msg = ldb.search(expression="(cn=Foo)", ['foo','blah','cn','showInAdvancedViewOnly')] + # TODO: Actually, this version should work as well but doesn't... + # + # + attrs = ['foo','blah','cn','showInAdvancedViewOnly'] + msg = ldb.search(expression="(cn=Foo)", base="cn=Foo", scope=ldb.LDB_SCOPE_BASE, attrs=attrs) + self.assertEquals(len(msg), 1) + self.assertEquals(msg[0]["showInAdvancedViewOnly"], "TRUE") + self.assertEquals(msg[0]["foo"], "bar") + self.assertEquals(msg[0]["blah"], "Blie") + + print "Adding record that will be mapped" + ldb.add_ldif(""" +dn: cn=Niemand,cn=Users,dc=vernstok,dc=nl +objectClass: user +unixName: bin +sambaUnicodePwd: geheim +cn: Niemand +""") + + print "Checking for existence of record (remote)" + msg = ldb.search(expression="(unixName=bin)", attrs=['unixName','cn','dn', 'sambaUnicodePwd']) + self.assertEquals(len(msg), 1) + self.assertEquals(msg[0]["cn"], "Niemand") + self.assertEquals(msg[0]["sambaUnicodePwd"], "geheim") + + print "Checking for existence of record (local && remote)" + msg = ldb.search(expression="(&(unixName=bin)(sambaUnicodePwd=geheim))", + attrs=['unixName','cn','dn', 'sambaUnicodePwd']) + self.assertEquals(len(msg), 1) # TODO: should check with more records + self.assertEquals(msg[0]["cn"], "Niemand") + self.assertEquals(msg[0]["unixName"], "bin") + self.assertEquals(msg[0]["sambaUnicodePwd"], "geheim") + + print "Checking for existence of record (local || remote)" + msg = ldb.search(expression="(|(unixName=bin)(sambaUnicodePwd=geheim))", + attrs=['unixName','cn','dn', 'sambaUnicodePwd']) + print "got " + len(msg) + " replies" + self.assertEquals(len(msg), 1) # TODO: should check with more records + self.assertEquals(msg[0]["cn"], "Niemand") + self.assertEquals(msg[0]["unixName"] == "bin" or msg[0]["sambaUnicodePwd"], "geheim") + + print "Checking for data in destination database" + msg = s3.db.search("(cn=Niemand)") + self.assertTrue(len(msg) >= 1) + self.assertEquals(msg[0]["sambaSID"], "S-1-5-21-4231626423-2410014848-2360679739-2001") + self.assertEquals(msg[0]["displayName"], "Niemand") + + print "Adding attribute..." + ldb.modify_ldif(""" +dn: cn=Niemand,cn=Users,dc=vernstok,dc=nl +changetype: modify +add: description +description: Blah +""") + + print "Checking whether changes are still there..." + msg = ldb.search(expression="(cn=Niemand)") + self.assertTrue(len(msg) >= 1) + self.assertEquals(msg[0]["cn"], "Niemand") + self.assertEquals(msg[0]["description"], "Blah") + + print "Modifying attribute..." + ldb.modify_ldif(""" +dn: cn=Niemand,cn=Users,dc=vernstok,dc=nl +changetype: modify +replace: description +description: Blie +""") + + print "Checking whether changes are still there..." + msg = ldb.search(expression="(cn=Niemand)") + self.assertTrue(len(msg) >= 1) + self.assertEquals(msg[0]["description"], "Blie") + + print "Deleting attribute..." + ldb.modify_ldif(""" +dn: cn=Niemand,cn=Users,dc=vernstok,dc=nl +changetype: modify +delete: description +""") + + print "Checking whether changes are no longer there..." + msg = ldb.search(expression="(cn=Niemand)") + self.assertTrue(len(msg) >= 1) + self.assertEquals(msg[0]["description"], undefined) + + print "Renaming record..." + ldb.rename("cn=Niemand,cn=Users,dc=vernstok,dc=nl", "cn=Niemand2,cn=Users,dc=vernstok,dc=nl") + + print "Checking whether DN has changed..." + msg = ldb.search(expression="(cn=Niemand2)") + self.assertEquals(len(msg), 1) + self.assertEquals(str(msg[0].dn), "cn=Niemand2,cn=Users,dc=vernstok,dc=nl") + + print "Deleting record..." + ldb.delete("cn=Niemand2,cn=Users,dc=vernstok,dc=nl") + + print "Checking whether record is gone..." + msg = ldb.search(expression="(cn=Niemand2)") + self.assertEquals(len(msg), 0) + + def test_map_search(ldb, s3, s4): + print "Running search tests on mapped data" + ldif = """ +dn: """ + "sambaDomainName=TESTS,""" + s3.substvars["BASEDN"] + """ +objectclass: sambaDomain +objectclass: top +sambaSID: S-1-5-21-4231626423-2410014848-2360679739 +sambaNextRid: 2000 +sambaDomainName: TESTS""" + self.assertTrue(ldif is not None) + s3.db.add_ldif(substitute_var(ldif, s3.substvars)) + + print "Add a set of split records" + ldif = """ +dn: """ + s4.dn("cn=X") + """ +objectClass: user +cn: X +codePage: x +revision: x +dnsHostName: x +nextRid: y +lastLogon: x +description: x +objectSid: S-1-5-21-4231626423-2410014848-2360679739-552 +primaryGroupID: 1-5-21-4231626423-2410014848-2360679739-512 + +dn: """ + s4.dn("cn=Y") + """ +objectClass: top +cn: Y +codePage: x +revision: x +dnsHostName: y +nextRid: y +lastLogon: y +description: x + +dn: """ + s4.dn("cn=Z") + """ +objectClass: top +cn: Z +codePage: x +revision: y +dnsHostName: z +nextRid: y +lastLogon: z +description: y +""" + + self.assertTrue(ldif is not None) + ldb.add_ldif(substitute_var(ldif, s4.substvars)) + + print "Add a set of remote records" + + ldif = """ +dn: """ + s3.dn("cn=A") + """ +objectClass: posixAccount +cn: A +sambaNextRid: x +sambaBadPasswordCount: x +sambaLogonTime: x +description: x +sambaSID: S-1-5-21-4231626423-2410014848-2360679739-552 +sambaPrimaryGroupSID: S-1-5-21-4231626423-2410014848-2360679739-512 + +dn: """ + s3.dn("cn=B") + """ +objectClass: top +cn:B +sambaNextRid: x +sambaBadPasswordCount: x +sambaLogonTime: y +description: x + +dn: """ + s3.dn("cn=C") + """ +objectClass: top +cn: C +sambaNextRid: x +sambaBadPasswordCount: y +sambaLogonTime: z +description: y +""" + self.assertTrue(ldif is not None) + s3.add_ldif(substitute_var(ldif, s3.substvars)) + + print "Testing search by DN" + + # Search remote record by local DN + dn = s4.dn("cn=A") + attrs = ["dnsHostName", "lastLogon"] + res = ldb.search(dn, scope=ldb.SCOPE_BASE, attrs=attrs) + self.assertEquals(len(res), 1) + self.assertEquals(str(str(res[0].dn)), dn) + self.assertEquals(res[0]["dnsHostName"], undefined) + self.assertEquals(res[0]["lastLogon"], "x") + + # Search remote record by remote DN + dn = s3.dn("cn=A") + attrs = ["dnsHostName", "lastLogon", "sambaLogonTime"] + res = s3.db.search(dn, scope=ldb.SCOPE_BASE, attrs=attrs) + self.assertEquals(len(res), 1) + self.assertEquals(str(str(res[0].dn)), dn) + self.assertEquals(res[0]["dnsHostName"], undefined) + self.assertEquals(res[0]["lastLogon"], undefined) + self.assertEquals(res[0]["sambaLogonTime"], "x") + + # Search split record by local DN + dn = s4.dn("cn=X") + attrs = ["dnsHostName", "lastLogon"] + res = ldb.search(dn, scope=ldb.SCOPE_BASE, attrs=attrs) + self.assertEquals(len(res), 1) + self.assertEquals(str(str(res[0].dn)), dn) + self.assertEquals(res[0]["dnsHostName"], "x") + self.assertEquals(res[0]["lastLogon"], "x") + + # Search split record by remote DN + dn = s3.dn("cn=X") + attrs = ["dnsHostName", "lastLogon", "sambaLogonTime"] + res = s3.db.search(dn, scope=ldb.SCOPE_BASE, attrs=attrs) + self.assertEquals(len(res), 1) + self.assertEquals(str(str(res[0].dn)), dn) + self.assertEquals(res[0]["dnsHostName"], undefined) + self.assertEquals(res[0]["lastLogon"], undefined) + self.assertEquals(res[0]["sambaLogonTime"], "x") + + print "Testing search by attribute" + + # Search by ignored attribute + attrs = ["dnsHostName", "lastLogon"] + res = ldb.search(expression="(revision=x)", scope=ldb.SCOPE_DEFAULT, attrs=attrs) + self.assertEquals(len(res), 2) + self.assertEquals(str(str(res[0].dn)), s4.dn("cn=Y")) + self.assertEquals(res[0]["dnsHostName"], "y") + self.assertEquals(res[0]["lastLogon"], "y") + self.assertEquals(str(str(res[1].dn)), s4.dn("cn=X")) + self.assertEquals(res[1]["dnsHostName"], "x") + self.assertEquals(res[1]["lastLogon"], "x") + + # Search by kept attribute + attrs = ["dnsHostName", "lastLogon"] + res = ldb.search(expression="(description=y)", scope=ldb.SCOPE_DEFAULT, attrs=attrs) + self.assertEquals(len(res), 2) + self.assertEquals(str(str(res[0].dn)), s4.dn("cn=Z")) + self.assertEquals(res[0]["dnsHostName"], "z") + self.assertEquals(res[0]["lastLogon"], "z") + self.assertEquals(str(str(res[1].dn)), s4.dn("cn=C")) + self.assertEquals(res[1]["dnsHostName"], undefined) + self.assertEquals(res[1]["lastLogon"], "z") + + # Search by renamed attribute + attrs = ["dnsHostName", "lastLogon"] + res = ldb.search(expression="(badPwdCount=x)", scope=ldb.SCOPE_DEFAULT, attrs=attrs) + self.assertEquals(len(res), 2) + self.assertEquals(str(res[0].dn), s4.dn("cn=B")) + self.assertEquals(res[0]["dnsHostName"], undefined) + self.assertEquals(res[0]["lastLogon"], "y") + self.assertEquals(str(res[1].dn), s4.dn("cn=A")) + self.assertEquals(res[1]["dnsHostName"], undefined) + self.assertEquals(res[1]["lastLogon"], "x") + + # Search by converted attribute + attrs = ["dnsHostName", "lastLogon", "objectSid"] + # TODO: + # Using the SID directly in the parse tree leads to conversion + # errors, letting the search fail with no results. + #res = ldb.search("(objectSid=S-1-5-21-4231626423-2410014848-2360679739-552)", NULL, ldb. SCOPE_DEFAULT, attrs) + res = ldb.search(expression="(objectSid=*)", attrs=attrs) + self.assertEquals(len(res), 3) + self.assertEquals(str(res[0].dn), s4.dn("cn=X")) + self.assertEquals(res[0]["dnsHostName"], "x") + self.assertEquals(res[0]["lastLogon"], "x") + self.assertEquals(res[0]["objectSid"], "S-1-5-21-4231626423-2410014848-2360679739-552") + self.assertEquals(str(res[1].dn), s4.dn("cn=A")) + self.assertEquals(res[1]["dnsHostName"], undefined) + self.assertEquals(res[1]["lastLogon"], "x") + self.assertEquals(res[1]["objectSid"], "S-1-5-21-4231626423-2410014848-2360679739-552") + + # Search by generated attribute + # In most cases, this even works when the mapping is missing + # a `convert_operator' by enumerating the remote db. + attrs = ["dnsHostName", "lastLogon", "primaryGroupID"] + res = ldb.search(expression="(primaryGroupID=512)", attrs=attrs) + self.assertEquals(len(res), 1) + self.assertEquals(str(res[0].dn), s4.dn("cn=A")) + self.assertEquals(res[0]["dnsHostName"], undefined) + self.assertEquals(res[0]["lastLogon"], "x") + self.assertEquals(res[0]["primaryGroupID"], "512") + + # TODO: There should actually be two results, A and X. The + # primaryGroupID of X seems to get corrupted somewhere, and the + # objectSid isn't available during the generation of remote (!) data, + # which can be observed with the following search. Also note that Xs + # objectSid seems to be fine in the previous search for objectSid... */ + #res = ldb.search(expression="(primaryGroupID=*)", NULL, ldb. SCOPE_DEFAULT, attrs) + #print len(res) + " results found" + #for i in range(len(res)): + # for (obj in res[i]) { + # print obj + ": " + res[i][obj] + # } + # print "---" + # + + # Search by remote name of renamed attribute */ + attrs = ["dnsHostName", "lastLogon"] + res = ldb.search(expression="(sambaBadPasswordCount=*)", attrs=attrs) + self.assertEquals(len(res), 0) + + # Search by objectClass + attrs = ["dnsHostName", "lastLogon", "objectClass"] + res = ldb.search(expression="(objectClass=user)", attrs=attrs) + self.assertEquals(len(res), 2) + self.assertEquals(str(res[0].dn), s4.dn("cn=X")) + self.assertEquals(res[0]["dnsHostName"], "x") + self.assertEquals(res[0]["lastLogon"], "x") + self.assertTrue(res[0]["objectClass"] is not None) + self.assertEquals(res[0]["objectClass"][0], "user") + self.assertEquals(str(res[1].dn), s4.dn("cn=A")) + self.assertEquals(res[1]["dnsHostName"], undefined) + self.assertEquals(res[1]["lastLogon"], "x") + self.assertTrue(res[1]["objectClass"] is not None) + self.assertEquals(res[1]["objectClass"][0], "user") + + # Prove that the objectClass is actually used for the search + res = ldb.search(expression="(|(objectClass=user)(badPwdCount=x))", attrs=attrs) + self.assertEquals(len(res), 3) + self.assertEquals(str(res[0].dn), s4.dn("cn=B")) + self.assertEquals(res[0]["dnsHostName"], undefined) + self.assertEquals(res[0]["lastLogon"], "y") + self.assertTrue(res[0]["objectClass"] is not None) + for oc in set(res[0]["objectClass"]): + self.assertEquals(oc, "user") + self.assertEquals(str(res[1].dn), s4.dn("cn=X")) + self.assertEquals(res[1]["dnsHostName"], "x") + self.assertEquals(res[1]["lastLogon"], "x") + self.assertTrue(res[1]["objectClass"] is not None) + self.assertEquals(res[1]["objectClass"][0], "user") + self.assertEquals(str(res[2].dn), s4.dn("cn=A")) + self.assertEquals(res[2]["dnsHostName"], undefined) + self.assertEquals(res[2]["lastLogon"], "x") + self.assertTrue(res[2]["objectClass"] is not None) + self.assertEquals(res[2]["objectClass"][0], "user") + + print "Testing search by parse tree" + + # Search by conjunction of local attributes + attrs = ["dnsHostName", "lastLogon"] + res = ldb.search(expression="(&(codePage=x)(revision=x))", attrs=attrs) + self.assertEquals(len(res), 2) + self.assertEquals(str(res[0].dn), s4.dn("cn=Y")) + self.assertEquals(res[0]["dnsHostName"], "y") + self.assertEquals(res[0]["lastLogon"], "y") + self.assertEquals(str(res[1].dn), s4.dn("cn=X")) + self.assertEquals(res[1]["dnsHostName"], "x") + self.assertEquals(res[1]["lastLogon"], "x") + + # Search by conjunction of remote attributes + attrs = ["dnsHostName", "lastLogon"] + res = ldb.search(expression="(&(lastLogon=x)(description=x))", attrs=attrs) + self.assertEquals(len(res), 2) + self.assertEquals(str(res[0].dn), s4.dn("cn=X")) + self.assertEquals(res[0]["dnsHostName"], "x") + self.assertEquals(res[0]["lastLogon"], "x") + self.assertEquals(str(res[1].dn), s4.dn("cn=A")) + self.assertEquals(res[1]["dnsHostName"], undefined) + self.assertEquals(res[1]["lastLogon"], "x") + + # Search by conjunction of local and remote attribute + attrs = ["dnsHostName", "lastLogon"] + res = ldb.search(expression="(&(codePage=x)(description=x))", attrs=attrs) + self.assertEquals(len(res), 2) + self.assertEquals(str(res[0].dn), s4.dn("cn=Y")) + self.assertEquals(res[0]["dnsHostName"], "y") + self.assertEquals(res[0]["lastLogon"], "y") + self.assertEquals(str(res[1].dn), s4.dn("cn=X")) + self.assertEquals(res[1]["dnsHostName"], "x") + self.assertEquals(res[1]["lastLogon"], "x") + + # Search by conjunction of local and remote attribute w/o match + attrs = ["dnsHostName", "lastLogon"] + res = ldb.search(expression="(&(codePage=x)(nextRid=x))", attrs=attrs) + self.assertEquals(len(res), 0) + res = ldb.search(expression="(&(revision=x)(lastLogon=z))", attrs=attrs) + self.assertEquals(len(res), 0) + + # Search by disjunction of local attributes + attrs = ["dnsHostName", "lastLogon"] + res = ldb.search(expression="(|(revision=x)(dnsHostName=x))", attrs=attrs) + self.assertEquals(len(res), 2) + self.assertEquals(str(res[0].dn), s4.dn("cn=Y")) + self.assertEquals(res[0]["dnsHostName"], "y") + self.assertEquals(res[0]["lastLogon"], "y") + self.assertEquals(str(res[1].dn), s4.dn("cn=X")) + self.assertEquals(res[1]["dnsHostName"], "x") + self.assertEquals(res[1]["lastLogon"], "x") + + # Search by disjunction of remote attributes + attrs = ["dnsHostName", "lastLogon"] + res = ldb.search(expression="(|(badPwdCount=x)(lastLogon=x))", attrs=attrs) + self.assertEquals(len(res), 3) + self.assertEquals(str(res[0].dn), s4.dn("cn=B")) + self.assertEquals(res[0]["dnsHostName"], undefined) + self.assertEquals(res[0]["lastLogon"], "y") + self.assertEquals(str(res[1].dn), s4.dn("cn=X")) + self.assertEquals(res[1]["dnsHostName"], "x") + self.assertEquals(res[1]["lastLogon"], "x") + self.assertEquals(str(res[2].dn), s4.dn("cn=A")) + self.assertEquals(res[2]["dnsHostName"], undefined) + self.assertEquals(res[2]["lastLogon"], "x") + + # Search by disjunction of local and remote attribute + attrs = ["dnsHostName", "lastLogon"] + res = ldb.search(expression="(|(revision=x)(lastLogon=y))", attrs=attrs) + self.assertEquals(len(res), 3) + self.assertEquals(str(res[0].dn), s4.dn("cn=Y")) + self.assertEquals(res[0]["dnsHostName"], "y") + self.assertEquals(res[0]["lastLogon"], "y") + self.assertEquals(str(res[1].dn), s4.dn("cn=B")) + self.assertEquals(res[1]["dnsHostName"], undefined) + self.assertEquals(res[1]["lastLogon"], "y") + self.assertEquals(str(res[2].dn), s4.dn("cn=X")) + self.assertEquals(res[2]["dnsHostName"], "x") + self.assertEquals(res[2]["lastLogon"], "x") + + # Search by disjunction of local and remote attribute w/o match + attrs = ["dnsHostName", "lastLogon"] + res = ldb.search(expression="(|(codePage=y)(nextRid=z))", attrs=attrs) + self.assertEquals(len(res), 0) + + # Search by negated local attribute + attrs = ["dnsHostName", "lastLogon"] + res = ldb.search(expression="(!(revision=x))", attrs=attrs) + self.assertEquals(len(res), 5) + self.assertEquals(str(res[0].dn), s4.dn("cn=B")) + self.assertEquals(res[0]["dnsHostName"], undefined) + self.assertEquals(res[0]["lastLogon"], "y") + self.assertEquals(str(res[1].dn), s4.dn("cn=A")) + self.assertEquals(res[1]["dnsHostName"], undefined) + self.assertEquals(res[1]["lastLogon"], "x") + self.assertEquals(str(res[2].dn), s4.dn("cn=Z")) + self.assertEquals(res[2]["dnsHostName"], "z") + self.assertEquals(res[2]["lastLogon"], "z") + self.assertEquals(str(res[3].dn), s4.dn("cn=C")) + self.assertEquals(res[3]["dnsHostName"], undefined) + self.assertEquals(res[3]["lastLogon"], "z") + + # Search by negated remote attribute + attrs = ["dnsHostName", "lastLogon"] + res = ldb.search(expression="(!(description=x))", attrs=attrs) + self.assertEquals(len(res), 3) + self.assertEquals(str(res[0].dn), s4.dn("cn=Z")) + self.assertEquals(res[0]["dnsHostName"], "z") + self.assertEquals(res[0]["lastLogon"], "z") + self.assertEquals(str(res[1].dn), s4.dn("cn=C")) + self.assertEquals(res[1]["dnsHostName"], undefined) + self.assertEquals(res[1]["lastLogon"], "z") + + # Search by negated conjunction of local attributes + attrs = ["dnsHostName", "lastLogon"] + res = ldb.search(expression="(!(&(codePage=x)(revision=x)))", attrs=attrs) + self.assertEquals(len(res), 5) + self.assertEquals(str(res[0].dn), s4.dn("cn=B")) + self.assertEquals(res[0]["dnsHostName"], undefined) + self.assertEquals(res[0]["lastLogon"], "y") + self.assertEquals(str(res[1].dn), s4.dn("cn=A")) + self.assertEquals(res[1]["dnsHostName"], undefined) + self.assertEquals(res[1]["lastLogon"], "x") + self.assertEquals(str(res[2].dn), s4.dn("cn=Z")) + self.assertEquals(res[2]["dnsHostName"], "z") + self.assertEquals(res[2]["lastLogon"], "z") + self.assertEquals(str(res[3].dn), s4.dn("cn=C")) + self.assertEquals(res[3]["dnsHostName"], undefined) + self.assertEquals(res[3]["lastLogon"], "z") + + # Search by negated conjunction of remote attributes + attrs = ["dnsHostName", "lastLogon"] + res = ldb.search(expression="(!(&(lastLogon=x)(description=x)))", attrs=attrs) + self.assertEquals(len(res), 5) + self.assertEquals(str(res[0].dn), s4.dn("cn=Y")) + self.assertEquals(res[0]["dnsHostName"], "y") + self.assertEquals(res[0]["lastLogon"], "y") + self.assertEquals(str(res[1].dn), s4.dn("cn=B")) + self.assertEquals(res[1]["dnsHostName"], undefined) + self.assertEquals(res[1]["lastLogon"], "y") + self.assertEquals(str(res[2].dn), s4.dn("cn=Z")) + self.assertEquals(res[2]["dnsHostName"], "z") + self.assertEquals(res[2]["lastLogon"], "z") + self.assertEquals(str(res[3].dn), s4.dn("cn=C")) + self.assertEquals(res[3]["dnsHostName"], undefined) + self.assertEquals(res[3]["lastLogon"], "z") + + # Search by negated conjunction of local and remote attribute + attrs = ["dnsHostName", "lastLogon"] + res = ldb.search(expression="(!(&(codePage=x)(description=x)))", attrs=attrs) + self.assertEquals(len(res), 5) + self.assertEquals(str(res[0].dn), s4.dn("cn=B")) + self.assertEquals(res[0]["dnsHostName"], undefined) + self.assertEquals(res[0]["lastLogon"], "y") + self.assertEquals(str(res[1].dn), s4.dn("cn=A")) + self.assertEquals(res[1]["dnsHostName"], undefined) + self.assertEquals(res[1]["lastLogon"], "x") + self.assertEquals(str(res[2].dn), s4.dn("cn=Z")) + self.assertEquals(res[2]["dnsHostName"], "z") + self.assertEquals(res[2]["lastLogon"], "z") + self.assertEquals(str(res[3].dn), s4.dn("cn=C")) + self.assertEquals(res[3]["dnsHostName"], undefined) + self.assertEquals(res[3]["lastLogon"], "z") + + # Search by negated disjunction of local attributes + attrs = ["dnsHostName", "lastLogon"] + res = ldb.search(expression="(!(|(revision=x)(dnsHostName=x)))", attrs=attrs) + self.assertEquals(str(res[0].dn), s4.dn("cn=B")) + self.assertEquals(res[0]["dnsHostName"], undefined) + self.assertEquals(res[0]["lastLogon"], "y") + self.assertEquals(str(res[1].dn), s4.dn("cn=A")) + self.assertEquals(res[1]["dnsHostName"], undefined) + self.assertEquals(res[1]["lastLogon"], "x") + self.assertEquals(str(res[2].dn), s4.dn("cn=Z")) + self.assertEquals(res[2]["dnsHostName"], "z") + self.assertEquals(res[2]["lastLogon"], "z") + self.assertEquals(str(res[3].dn), s4.dn("cn=C")) + self.assertEquals(res[3]["dnsHostName"], undefined) + self.assertEquals(res[3]["lastLogon"], "z") + + # Search by negated disjunction of remote attributes + attrs = ["dnsHostName", "lastLogon"] + res = ldb.search(expression="(!(|(badPwdCount=x)(lastLogon=x)))", attrs=attrs) + self.assertEquals(len(res), 4) + self.assertEquals(str(res[0].dn), s4.dn("cn=Y")) + self.assertEquals(res[0]["dnsHostName"], "y") + self.assertEquals(res[0]["lastLogon"], "y") + self.assertEquals(str(res[1].dn), s4.dn("cn=Z")) + self.assertEquals(res[1]["dnsHostName"], "z") + self.assertEquals(res[1]["lastLogon"], "z") + self.assertEquals(str(res[2].dn), s4.dn("cn=C")) + self.assertEquals(res[2]["dnsHostName"], undefined) + self.assertEquals(res[2]["lastLogon"], "z") + + # Search by negated disjunction of local and remote attribute + attrs = ["dnsHostName", "lastLogon"] + res = ldb.search(expression="(!(|(revision=x)(lastLogon=y)))", attrs=attrs) + self.assertEquals(len(res), 4) + self.assertEquals(str(res[0].dn), s4.dn("cn=A")) + self.assertEquals(res[0]["dnsHostName"], undefined) + self.assertEquals(res[0]["lastLogon"], "x") + self.assertEquals(str(res[1].dn), s4.dn("cn=Z")) + self.assertEquals(res[1]["dnsHostName"], "z") + self.assertEquals(res[1]["lastLogon"], "z") + self.assertEquals(str(res[2].dn), s4.dn("cn=C")) + self.assertEquals(res[2]["dnsHostName"], undefined) + self.assertEquals(res[2]["lastLogon"], "z") + + print "Search by complex parse tree" + attrs = ["dnsHostName", "lastLogon"] + res = ldb.search(expression="(|(&(revision=x)(dnsHostName=x))(!(&(description=x)(nextRid=y)))(badPwdCount=y))", attrs=attrs) + self.assertEquals(len(res), 6) + self.assertEquals(str(res[0].dn), s4.dn("cn=B")) + self.assertEquals(res[0]["dnsHostName"], undefined) + self.assertEquals(res[0]["lastLogon"], "y") + self.assertEquals(str(res[1].dn), s4.dn("cn=X")) + self.assertEquals(res[1]["dnsHostName"], "x") + self.assertEquals(res[1]["lastLogon"], "x") + self.assertEquals(str(res[2].dn), s4.dn("cn=A")) + self.assertEquals(res[2]["dnsHostName"], undefined) + self.assertEquals(res[2]["lastLogon"], "x") + self.assertEquals(str(res[3].dn), s4.dn("cn=Z")) + self.assertEquals(res[3]["dnsHostName"], "z") + self.assertEquals(res[3]["lastLogon"], "z") + self.assertEquals(str(res[4].dn), s4.dn("cn=C")) + self.assertEquals(res[4]["dnsHostName"], undefined) + self.assertEquals(res[4]["lastLogon"], "z") + + # Clean up + dns = [s4.dn("cn=%s" % n) for n in ["A","B","C","X","Y","Z"]] + for dn in dns: + ldb.delete(dn) + + def test_map_modify(self, ldb, s3, s4): + print "Running modification tests on mapped data" + + print "Testing modification of local records" + + # Add local record + dn = "cn=test,dc=idealx,dc=org" + ldif = """ +dn: """ + dn + """ +cn: test +foo: bar +revision: 1 +description: test +""" + ldb.add_ldif(ldif) + # Check it's there + attrs = ["foo", "revision", "description"] + res = ldb.search(dn, scope=ldb.SCOPE_BASE, attrs=attrs) + self.assertEquals(len(res), 1) + self.assertEquals(str(res[0].dn), dn) + self.assertEquals(res[0]["foo"], "bar") + self.assertEquals(res[0]["revision"], "1") + self.assertEquals(res[0]["description"], "test") + # Check it's not in the local db + res = s4.db.search("(cn=test)", NULL, ldb.SCOPE_DEFAULT, attrs) + self.assertEquals(len(res), 0) + # Check it's not in the remote db + res = s3.db.search("(cn=test)", NULL, ldb.SCOPE_DEFAULT, attrs) + self.assertEquals(len(res), 0) + + # Modify local record + ldif = """ +dn: """ + dn + """ +replace: foo +foo: baz +replace: description +description: foo +""" + ldb.modify_ldif(ldif) + # Check in local db + res = ldb.search(dn, scope=ldb.SCOPE_BASE, attrs=attrs) + self.assertEquals(len(res), 1) + self.assertEquals(str(res[0].dn), dn) + self.assertEquals(res[0]["foo"], "baz") + self.assertEquals(res[0]["revision"], "1") + self.assertEquals(res[0]["description"], "foo") + + # Rename local record + dn2 = "cn=toast,dc=idealx,dc=org" + ldb.rename(dn, dn2) + # Check in local db + res = ldb.search(dn2, scope=ldb.SCOPE_BASE, attrs=attrs) + self.assertEquals(len(res), 1) + self.assertEquals(str(res[0].dn), dn2) + self.assertEquals(res[0]["foo"], "baz") + self.assertEquals(res[0]["revision"], "1") + self.assertEquals(res[0]["description"], "foo") + + # Delete local record + ldb.delete(dn2) + # Check it's gone + res = ldb.search(dn2, scope=ldb.SCOPE_BASE) + self.assertEquals(len(res), 0) + + print "Testing modification of remote records" + + # Add remote record + dn = s4.dn("cn=test") + dn2 = s3.dn("cn=test") + ldif = """ +dn: """ + dn2 + """ +cn: test +description: foo +sambaBadPasswordCount: 3 +sambaNextRid: 1001 +""" + s3.db.add_ldif(ldif) + # Check it's there + attrs = ["description", "sambaBadPasswordCount", "sambaNextRid"] + res = s3.db.search("", dn2, ldb.SCOPE_BASE, attrs) + self.assertEquals(len(res), 1) + self.assertEquals(str(res[0].dn), dn2) + self.assertEquals(res[0]["description"], "foo") + self.assertEquals(res[0]["sambaBadPasswordCount"], "3") + self.assertEquals(res[0]["sambaNextRid"], "1001") + # Check in mapped db + attrs = ["description", "badPwdCount", "nextRid"] + res = ldb.search(dn, scope=ldb.SCOPE_BASE, attrs=attrs) + self.assertEquals(len(res), 1) + self.assertEquals(str(res[0].dn), dn) + self.assertEquals(res[0]["description"], "foo") + self.assertEquals(res[0]["badPwdCount"], "3") + self.assertEquals(res[0]["nextRid"], "1001") + # Check in local db + res = s4.db.search("", dn, ldb.SCOPE_BASE, attrs) + self.assertEquals(len(res), 0) + + # Modify remote data of remote record + ldif = """ +dn: """ + dn + """ +replace: description +description: test +replace: badPwdCount +badPwdCount: 4 +""" + ldb.modify_ldif(ldif) + # Check in mapped db + attrs = ["description", "badPwdCount", "nextRid"] + res = ldb.search(dn, scope=ldb.SCOPE_BASE, attrs=attrs) + self.assertEquals(len(res), 1) + self.assertEquals(str(res[0].dn), dn) + self.assertEquals(res[0]["description"], "test") + self.assertEquals(res[0]["badPwdCount"], "4") + self.assertEquals(res[0]["nextRid"], "1001") + # Check in remote db + attrs = ["description", "sambaBadPasswordCount", "sambaNextRid"] + res = s3.db.search("", dn2, ldb.SCOPE_BASE, attrs) + self.assertEquals(len(res), 1) + self.assertEquals(str(res[0].dn), dn2) + self.assertEquals(res[0]["description"], "test") + self.assertEquals(res[0]["sambaBadPasswordCount"], "4") + self.assertEquals(res[0]["sambaNextRid"], "1001") + + # Rename remote record + dn2 = s4.dn("cn=toast") + ldb.rename(dn, dn2) + # Check in mapped db + dn = dn2 + attrs = ["description", "badPwdCount", "nextRid"] + res = ldb.search(dn, scope=ldb.SCOPE_BASE, attrs=attrs) + self.assertEquals(len(res), 1) + self.assertEquals(str(res[0].dn), dn) + self.assertEquals(res[0]["description"], "test") + self.assertEquals(res[0]["badPwdCount"], "4") + self.assertEquals(res[0]["nextRid"], "1001") + # Check in remote db + dn2 = s3.dn("cn=toast") + attrs = ["description", "sambaBadPasswordCount", "sambaNextRid"] + res = s3.db.search("", dn2, ldb.SCOPE_BASE, attrs) + self.assertEquals(len(res), 1) + self.assertEquals(str(res[0].dn), dn2) + self.assertEquals(res[0]["description"], "test") + self.assertEquals(res[0]["sambaBadPasswordCount"], "4") + self.assertEquals(res[0]["sambaNextRid"], "1001") + + # Delete remote record + ldb.delete(dn) + # Check in mapped db + res = ldb.search(dn, scope=ldb.SCOPE_BASE) + self.assertEquals(len(res), 0) + # Check in remote db + res = s3.db.search("", dn2, ldb.SCOPE_BASE) + self.assertEquals(len(res), 0) + + # Add remote record (same as before) + dn = s4.dn("cn=test") + dn2 = s3.dn("cn=test") + ldif = """ +dn: """ + dn2 + """ +cn: test +description: foo +sambaBadPasswordCount: 3 +sambaNextRid: 1001 +""" + s3.db.add_ldif(ldif) + + # Modify local data of remote record + ldif = """ +dn: """ + dn + """ +add: revision +revision: 1 +replace: description +description: test +""" + ldb.modify_ldif(ldif) + # Check in mapped db + attrs = ["revision", "description"] + res = ldb.search(dn, scope=ldb.SCOPE_BASE, attrs=attrs) + self.assertEquals(len(res), 1) + self.assertEquals(str(res[0].dn), dn) + self.assertEquals(res[0]["description"], "test") + self.assertEquals(res[0]["revision"], "1") + # Check in remote db + res = s3.db.search("", dn2, ldb.SCOPE_BASE, attrs) + self.assertEquals(len(res), 1) + self.assertEquals(str(res[0].dn), dn2) + self.assertEquals(res[0]["description"], "test") + self.assertEquals(res[0]["revision"], undefined) + # Check in local db + res = s4.db.search("", dn, ldb.SCOPE_BASE, attrs) + self.assertEquals(len(res), 1) + self.assertEquals(str(res[0].dn), dn) + self.assertEquals(res[0]["description"], undefined) + self.assertEquals(res[0]["revision"], "1") + + # Delete (newly) split record + ldb.delete(dn) + + print "Testing modification of split records" + + # Add split record + dn = s4.dn("cn=test") + dn2 = s3.dn("cn=test") + ldif = """ +dn: """ + dn + """ +cn: test +description: foo +badPwdCount: 3 +nextRid: 1001 +revision: 1 +""" + ldb.add_ldif(ldif) + # Check it's there + attrs = ["description", "badPwdCount", "nextRid", "revision"] + res = ldb.search(dn, scope=ldb.SCOPE_BASE, attrs=attrs) + self.assertEquals(len(res), 1) + self.assertEquals(str(res[0].dn), dn) + self.assertEquals(res[0]["description"], "foo") + self.assertEquals(res[0]["badPwdCount"], "3") + self.assertEquals(res[0]["nextRid"], "1001") + self.assertEquals(res[0]["revision"], "1") + # Check in local db + res = s4.db.search("", dn, ldb.SCOPE_BASE, attrs) + self.assertEquals(len(res), 1) + self.assertEquals(str(res[0].dn), dn) + self.assertEquals(res[0]["description"], undefined) + self.assertEquals(res[0]["badPwdCount"], undefined) + self.assertEquals(res[0]["nextRid"], undefined) + self.assertEquals(res[0]["revision"], "1") + # Check in remote db + attrs = ["description", "sambaBadPasswordCount", "sambaNextRid", "revision"] + res = s3.db.search("", dn2, ldb.SCOPE_BASE, attrs) + self.assertEquals(len(res), 1) + self.assertEquals(str(res[0].dn), dn2) + self.assertEquals(res[0]["description"], "foo") + self.assertEquals(res[0]["sambaBadPasswordCount"], "3") + self.assertEquals(res[0]["sambaNextRid"], "1001") + self.assertEquals(res[0]["revision"], undefined) + + # Modify of split record + ldif = """ +dn: """ + dn + """ +replace: description +description: test +replace: badPwdCount +badPwdCount: 4 +replace: revision +revision: 2 +""" + ldb.modify_ldif(ldif) + # Check in mapped db + attrs = ["description", "badPwdCount", "nextRid", "revision"] + res = ldb.search(dn, scope=ldb.SCOPE_BASE, attrs=attrs) + self.assertEquals(len(res), 1) + self.assertEquals(str(res[0].dn), dn) + self.assertEquals(res[0]["description"], "test") + self.assertEquals(res[0]["badPwdCount"], "4") + self.assertEquals(res[0]["nextRid"], "1001") + self.assertEquals(res[0]["revision"], "2") + # Check in local db + res = s4.db.search("", dn, ldb.SCOPE_BASE, attrs) + self.assertEquals(len(res), 1) + self.assertEquals(str(res[0].dn), dn) + self.assertEquals(res[0]["description"], undefined) + self.assertEquals(res[0]["badPwdCount"], undefined) + self.assertEquals(res[0]["nextRid"], undefined) + self.assertEquals(res[0]["revision"], "2") + # Check in remote db + attrs = ["description", "sambaBadPasswordCount", "sambaNextRid", "revision"] + res = s3.db.search("", dn2, ldb.SCOPE_BASE, attrs) + self.assertEquals(len(res), 1) + self.assertEquals(str(res[0].dn), dn2) + self.assertEquals(res[0]["description"], "test") + self.assertEquals(res[0]["sambaBadPasswordCount"], "4") + self.assertEquals(res[0]["sambaNextRid"], "1001") + self.assertEquals(res[0]["revision"], undefined) + + # Rename split record + dn2 = s4.dn("cn=toast") + ldb.rename(dn, dn2) + # Check in mapped db + dn = dn2 + attrs = ["description", "badPwdCount", "nextRid", "revision"] + res = ldb.search(dn, scope=ldb.SCOPE_BASE, attrs=attrs) + self.assertEquals(len(res), 1) + self.assertEquals(str(res[0].dn), dn) + self.assertEquals(res[0]["description"], "test") + self.assertEquals(res[0]["badPwdCount"], "4") + self.assertEquals(res[0]["nextRid"], "1001") + self.assertEquals(res[0]["revision"], "2") + # Check in local db + res = s4.db.search("", dn, ldb.SCOPE_BASE, attrs) + self.assertEquals(len(res), 1) + self.assertEquals(str(res[0].dn), dn) + self.assertEquals(res[0]["description"], undefined) + self.assertEquals(res[0]["badPwdCount"], undefined) + self.assertEquals(res[0]["nextRid"], undefined) + self.assertEquals(res[0]["revision"], "2") + # Check in remote db + dn2 = s3.dn("cn=toast") + attrs = ["description", "sambaBadPasswordCount", "sambaNextRid", "revision"] + res = s3.db.search("", dn2, ldb.SCOPE_BASE, attrs) + self.assertEquals(len(res), 1) + self.assertEquals(str(res[0].dn), dn2) + self.assertEquals(res[0]["description"], "test") + self.assertEquals(res[0]["sambaBadPasswordCount"], "4") + self.assertEquals(res[0]["sambaNextRid"], "1001") + self.assertEquals(res[0]["revision"], undefined) + + # Delete split record + ldb.delete(dn) + # Check in mapped db + res = ldb.search(dn, scope=ldb.SCOPE_BASE) + self.assertEquals(len(res), 0) + # Check in local db + res = s4.db.search("", dn, ldb.SCOPE_BASE) + self.assertEquals(len(res), 0) + # Check in remote db + res = s3.db.search("", dn2, ldb.SCOPE_BASE) + self.assertEquals(len(res), 0) + + def setUp(self): + super(Samba3SamTestCase, self).setUp() + + def make_dn(rdn): + return rdn + ",sambaDomainName=TESTS," + this.substvars["BASEDN"] + + def make_s4dn(rdn): + return rdn + "," + this.substvars["BASEDN"] + + ldb = Ldb() + + ldbfile = os.path.join(self.tempdir, "test.ldb") + ldburl = "tdb://" + ldbfile + + tempdir = self.tempdir + + class Target: + def __init__(self, file, basedn, dn): + self.file = os.path.join(tempdir, file) + self.url = "tdb://" + self.file + self.substvars = {"BASEDN": basedn} + self.db = Ldb() + self.dn = dn + + samba4 = Target("samba4.ldb", "dc=vernstok,dc=nl", make_s4dn) + samba3 = Target("samba3.ldb", "cn=Samba3Sam", make_dn) + templates = Target("templates.ldb", "cn=templates", None) + + ldb.connect(ldburl) + samba3.db.connect(samba3.url) + templates.db.connect(templates.url) + samba4.db.connect(samba4.url) + + self.setup_data(samba3, open(os.path.join(datadir, "samba3.ldif"), 'r').read()) + self.setup_data(templates, open(os.path.join(datadir, "provision_samba3sam_templates.ldif"), 'r').read()) + self.setup_modules(ldb, samba3, samba4, open(os.path.join(datadir, "provision_samba3sam.ldif"), 'r').read()) + + ldb = Ldb() + ldb.connect(ldburl) + + self.test_s3sam_search(ldb) + self.test_s3sam_modify(ldb, samba3) + + os.unlink(ldbfile) + os.unlink(samba3.file) + os.unlink(templates.file) + os.unlink(samba4.file) + + ldb = Ldb() + ldb.connect(ldburl) + samba3.db = Ldb() + samba3.db.connect(samba3.url) + templates.db = Ldb() + templates.db.connect(templates.url) + samba4.db = Ldb() + samba4.db.connect(samba4.url) + + self.setup_data(templates, open(os.path.join(datadir, "provision_samba3sam_templates.ldif"), 'r').read()) + self.setup_modules(ldb, samba3, samba4, open(os.path.join(datadir, "provision_samba3sam.ldif"), 'r').read()) + + ldb = Ldb() + ldb.connect(ldburl) + + test_map_search(ldb, samba3, samba4) + test_map_modify(ldb, samba3, samba4) + -- cgit From de9c8930a679fcff1d0f0632d4f5b03e6b54722d Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sun, 23 Dec 2007 21:27:58 -0600 Subject: r26573: Fix warnings. (This used to be commit 874f0ac0561e38a8c0ceda983f6c88c75ee29e9c) --- source4/dsdb/samdb/ldb_modules/ranged_results.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/ranged_results.c b/source4/dsdb/samdb/ldb_modules/ranged_results.c index affc01d413..345b8b8440 100644 --- a/source4/dsdb/samdb/ldb_modules/ranged_results.c +++ b/source4/dsdb/samdb/ldb_modules/ranged_results.c @@ -40,7 +40,7 @@ static int rr_search_callback(struct ldb_context *ldb, void *context, struct ldb { struct rr_context *rr_context = talloc_get_type(context, struct rr_context); struct ldb_request *orig_req = rr_context->orig_req; - int i, j, ret; + int i, j; if (ares->type != LDB_REPLY_ENTRY) { return rr_context->orig_req->callback(ldb, rr_context->orig_req->context, ares); -- cgit From 7c146c42d2cf51e891b9f29d3b61a40f173a3b23 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 25 Dec 2007 16:36:31 -0600 Subject: r26593: - More work on the python versions of samba3dump and the samba3sam tests. - Initial work converting the upgrade code to Python. - Removed the old EJS upgrade code because it has been broken for a long time. (This used to be commit 150cf39fbd4fe088546870fb0d8f20c0d9eb4aca) --- source4/dsdb/samdb/ldb_modules/tests/samba3sam.py | 127 +++++++++++----------- 1 file changed, 63 insertions(+), 64 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py b/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py index 6a4935bf4d..8ca92e152e 100644 --- a/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py +++ b/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py @@ -27,35 +27,33 @@ import ldb from samba import Ldb, substitute_var from samba.tests import LdbTestCase, TestCaseInTempDir -datadir = sys.argv[2] +datadir = os.path.join(os.path.dirname(__file__), "../../../../../testdata/samba3") class Samba3SamTestCase(TestCaseInTempDir): def setup_data(self, obj, ldif): self.assertTrue(ldif is not None) obj.db.add_ldif(substitute_var(ldif, obj.substvars)) - def setup_modules(self, ldb, s3, s4, ldif): - self.assertTrue(ldif is not None) - ldb.add_ldif(substitute_var(ldif, s4.substvars)) + def setup_modules(self, ldb, s3, s4): ldif = """ dn: @MAP=samba3sam -@FROM: """ + s4.substvars["BASEDN"] + """ -@TO: sambaDomainName=TESTS,""" + s3.substvars["BASEDN"] + """ +@FROM: """ + s4.basedn + """ +@TO: sambaDomainName=TESTS,""" + s3.basedn + """ dn: @MODULES @LIST: rootdse,paged_results,server_sort,extended_dn,asq,samldb,password_hash,operational,objectguid,rdn_name,samba3sam,partition dn: @PARTITION -partition: """ + s4.substvars["BASEDN"] + ":" + s4.url + """ -partition: """ + s3.substvars["BASEDN"] + ":" + s3.url + """ +partition: """ + s4.basedn + ":" + s4.url + """ +partition: """ + s3.basedn + ":" + s3.url + """ replicateEntries: @SUBCLASSES replicateEntries: @ATTRIBUTES replicateEntries: @INDEXLIST """ ldb.add_ldif(ldif) - def test_s3sam_search(self, ldb): + def _test_s3sam_search(self, ldb): print "Looking up by non-mapped attribute" msg = ldb.search(expression="(cn=Administrator)") self.assertEquals(len(msg), 1) @@ -91,7 +89,7 @@ replicateEntries: @INDEXLIST (str(msg[i].dn) == "unixName=nobody,ou=Users,dc=vernstok,dc=nl")) - def test_s3sam_modify(ldb, s3): + def _test_s3sam_modify(ldb, s3): print "Adding a record that will be fallbacked" ldb.add_ldif(""" dn: cn=Foo @@ -205,16 +203,15 @@ delete: description msg = ldb.search(expression="(cn=Niemand2)") self.assertEquals(len(msg), 0) - def test_map_search(ldb, s3, s4): + def _test_map_search(self, ldb, s3, s4): print "Running search tests on mapped data" ldif = """ -dn: """ + "sambaDomainName=TESTS,""" + s3.substvars["BASEDN"] + """ +dn: """ + "sambaDomainName=TESTS,""" + s3.basedn + """ objectclass: sambaDomain objectclass: top sambaSID: S-1-5-21-4231626423-2410014848-2360679739 sambaNextRid: 2000 sambaDomainName: TESTS""" - self.assertTrue(ldif is not None) s3.db.add_ldif(substitute_var(ldif, s3.substvars)) print "Add a set of split records" @@ -252,7 +249,6 @@ lastLogon: z description: y """ - self.assertTrue(ldif is not None) ldb.add_ldif(substitute_var(ldif, s4.substvars)) print "Add a set of remote records" @@ -284,7 +280,6 @@ sambaBadPasswordCount: y sambaLogonTime: z description: y """ - self.assertTrue(ldif is not None) s3.add_ldif(substitute_var(ldif, s3.substvars)) print "Testing search by DN" @@ -678,7 +673,7 @@ description: y for dn in dns: ldb.delete(dn) - def test_map_modify(self, ldb, s3, s4): + def _test_map_modify(self, ldb, s3, s4): print "Running modification tests on mapped data" print "Testing modification of local records" @@ -1002,66 +997,70 @@ revision: 2 def setUp(self): super(Samba3SamTestCase, self).setUp() - def make_dn(rdn): - return rdn + ",sambaDomainName=TESTS," + this.substvars["BASEDN"] - - def make_s4dn(rdn): - return rdn + "," + this.substvars["BASEDN"] + def make_dn(basedn, rdn): + return rdn + ",sambaDomainName=TESTS," + basedn - ldb = Ldb() + def make_s4dn(basedn, rdn): + return rdn + "," + basedn - ldbfile = os.path.join(self.tempdir, "test.ldb") - ldburl = "tdb://" + ldbfile + self.ldbfile = os.path.join(self.tempdir, "test.ldb") + self.ldburl = "tdb://" + self.ldbfile tempdir = self.tempdir + print tempdir class Target: + """Simple helper class that contains data for a specific SAM connection.""" def __init__(self, file, basedn, dn): self.file = os.path.join(tempdir, file) self.url = "tdb://" + self.file - self.substvars = {"BASEDN": basedn} + self.basedn = basedn + self.substvars = {"BASEDN": self.basedn} self.db = Ldb() - self.dn = dn - - samba4 = Target("samba4.ldb", "dc=vernstok,dc=nl", make_s4dn) - samba3 = Target("samba3.ldb", "cn=Samba3Sam", make_dn) - templates = Target("templates.ldb", "cn=templates", None) - - ldb.connect(ldburl) - samba3.db.connect(samba3.url) - templates.db.connect(templates.url) - samba4.db.connect(samba4.url) - - self.setup_data(samba3, open(os.path.join(datadir, "samba3.ldif"), 'r').read()) - self.setup_data(templates, open(os.path.join(datadir, "provision_samba3sam_templates.ldif"), 'r').read()) - self.setup_modules(ldb, samba3, samba4, open(os.path.join(datadir, "provision_samba3sam.ldif"), 'r').read()) - - ldb = Ldb() - ldb.connect(ldburl) - - self.test_s3sam_search(ldb) - self.test_s3sam_modify(ldb, samba3) - - os.unlink(ldbfile) - os.unlink(samba3.file) - os.unlink(templates.file) - os.unlink(samba4.file) + self._dn = dn + + def dn(self, rdn): + return self._dn(rdn, self.basedn) + + def connect(self): + return self.db.connect(self.url) + + self.samba4 = Target("samba4.ldb", "dc=vernstok,dc=nl", make_s4dn) + self.samba3 = Target("samba3.ldb", "cn=Samba3Sam", make_dn) + self.templates = Target("templates.ldb", "cn=templates", None) + + self.samba3.connect() + self.templates.connect() + self.samba4.connect() + + def tearDown(self): + super(Samba3SamTestCase, self).tearDown() + os.unlink(self.ldbfile) + os.unlink(self.samba3.file) + os.unlink(self.templates.file) + os.unlink(self.samba4.file) + + def test_s3sam(self): + ldb = Ldb(self.ldburl) + self.setup_data(self.samba3, open(os.path.join(datadir, "samba3.ldif"), 'r').read()) + self.setup_data(self.templates, open(os.path.join(datadir, "provision_samba3sam_templates.ldif"), 'r').read()) + ldif = open(os.path.join(datadir, "provision_samba3sam.ldif"), 'r').read() + ldb.add_ldif(substitute_var(ldif, s4.substvars)) + self.setup_modules(ldb, self.samba3, self.samba4) - ldb = Ldb() - ldb.connect(ldburl) - samba3.db = Ldb() - samba3.db.connect(samba3.url) - templates.db = Ldb() - templates.db.connect(templates.url) - samba4.db = Ldb() - samba4.db.connect(samba4.url) + ldb = Ldb(self.ldburl) - self.setup_data(templates, open(os.path.join(datadir, "provision_samba3sam_templates.ldif"), 'r').read()) - self.setup_modules(ldb, samba3, samba4, open(os.path.join(datadir, "provision_samba3sam.ldif"), 'r').read()) + self._test_s3sam_search(ldb) + self._test_s3sam_modify(ldb, self.samba3) - ldb = Ldb() - ldb.connect(ldburl) + def test_map(self): + ldb = Ldb(self.ldburl) + self.setup_data(self.templates, open(os.path.join(datadir, "provision_samba3sam_templates.ldif"), 'r').read()) + ldif = open(os.path.join(datadir, "provision_samba3sam.ldif"), 'r').read() + ldb.add_ldif(substitute_var(ldif, s4.substvars)) + self.setup_modules(ldb, self.samba3, self.samba4) - test_map_search(ldb, samba3, samba4) - test_map_modify(ldb, samba3, samba4) + ldb = Ldb(self.ldburl) + self._test_map_search(ldb, self.samba3, self.samba4) + self._test_map_modify(ldb, self.samba3, self.samba4) -- cgit From 43a03b0fb48ceb528539a16b0023fb5b30b7a79e Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 25 Dec 2007 16:36:53 -0600 Subject: r26598: Simplify the way Python tests are run. (This used to be commit d649f73431fc993e31522e7fc8e1e35e0a4421d8) --- source4/dsdb/samdb/ldb_modules/tests/samba3sam.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py b/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py index 8ca92e152e..b083b68da6 100644 --- a/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py +++ b/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py @@ -1034,18 +1034,18 @@ revision: 2 self.samba4.connect() def tearDown(self): - super(Samba3SamTestCase, self).tearDown() os.unlink(self.ldbfile) os.unlink(self.samba3.file) os.unlink(self.templates.file) os.unlink(self.samba4.file) + super(Samba3SamTestCase, self).tearDown() def test_s3sam(self): ldb = Ldb(self.ldburl) self.setup_data(self.samba3, open(os.path.join(datadir, "samba3.ldif"), 'r').read()) self.setup_data(self.templates, open(os.path.join(datadir, "provision_samba3sam_templates.ldif"), 'r').read()) ldif = open(os.path.join(datadir, "provision_samba3sam.ldif"), 'r').read() - ldb.add_ldif(substitute_var(ldif, s4.substvars)) + ldb.add_ldif(substitute_var(ldif, self.samba4.substvars)) self.setup_modules(ldb, self.samba3, self.samba4) ldb = Ldb(self.ldburl) @@ -1057,7 +1057,7 @@ revision: 2 ldb = Ldb(self.ldburl) self.setup_data(self.templates, open(os.path.join(datadir, "provision_samba3sam_templates.ldif"), 'r').read()) ldif = open(os.path.join(datadir, "provision_samba3sam.ldif"), 'r').read() - ldb.add_ldif(substitute_var(ldif, s4.substvars)) + ldb.add_ldif(substitute_var(ldif, self.samba4.substvars)) self.setup_modules(ldb, self.samba3, self.samba4) ldb = Ldb(self.ldburl) -- cgit From f5bc88d40be1b01c319c4db30ada8de1ffd9f3f1 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 27 Dec 2007 07:45:22 -0600 Subject: r26612: Tests show that we don't need to use a callback. Andrew Bartlett (This used to be commit 66cb9601e75935c35fb432655e840a0d9022cbe1) --- source4/dsdb/samdb/ldb_modules/anr.c | 3 --- 1 file changed, 3 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/anr.c b/source4/dsdb/samdb/ldb_modules/anr.c index 901215e972..908d9b088c 100644 --- a/source4/dsdb/samdb/ldb_modules/anr.c +++ b/source4/dsdb/samdb/ldb_modules/anr.c @@ -292,9 +292,6 @@ static int anr_search(struct ldb_module *module, struct ldb_request *req) req->op.search.tree = talloc_steal(req, anr_tree); } - - /* TODO: Add a callback, and ensure we retry the search with surname and given name if we fail to match */ - return ldb_next_request(module, req); } -- cgit From 870d20cf50a7f33c6b4cbd91f4c57406cb9d52b5 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sun, 30 Dec 2007 16:46:05 -0600 Subject: r26630: Split up big tests into various smaller functions, making it easier to debug. (This used to be commit 4be116133724ac52f9df8adb3feeb93ea616a990) --- source4/dsdb/samdb/ldb_modules/tests/samba3sam.py | 368 +++++++++++----------- 1 file changed, 185 insertions(+), 183 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py b/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py index b083b68da6..16135c1681 100644 --- a/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py +++ b/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py @@ -20,40 +20,96 @@ # along with this program. If not, see . # +"""Tests for the samba3sam LDB module, which maps Samba3 LDAP to AD LDAP.""" + import os import sys import samba import ldb +from ldb import SCOPE_DEFAULT, SCOPE_BASE from samba import Ldb, substitute_var from samba.tests import LdbTestCase, TestCaseInTempDir datadir = os.path.join(os.path.dirname(__file__), "../../../../../testdata/samba3") -class Samba3SamTestCase(TestCaseInTempDir): +class MapBaseTestCase(TestCaseInTempDir): def setup_data(self, obj, ldif): self.assertTrue(ldif is not None) obj.db.add_ldif(substitute_var(ldif, obj.substvars)) def setup_modules(self, ldb, s3, s4): + ldb.add({"dn": "@MAP=samba3sam", + "@FROM": s4.basedn, + "@TO": "sambaDomainName=TESTS," + s3.basedn}) - ldif = """ -dn: @MAP=samba3sam -@FROM: """ + s4.basedn + """ -@TO: sambaDomainName=TESTS,""" + s3.basedn + """ - -dn: @MODULES -@LIST: rootdse,paged_results,server_sort,extended_dn,asq,samldb,password_hash,operational,objectguid,rdn_name,samba3sam,partition - -dn: @PARTITION -partition: """ + s4.basedn + ":" + s4.url + """ -partition: """ + s3.basedn + ":" + s3.url + """ -replicateEntries: @SUBCLASSES -replicateEntries: @ATTRIBUTES -replicateEntries: @INDEXLIST -""" - ldb.add_ldif(ldif) + ldb.add({"dn": "@MODULES", + "@LIST": "rootdse,paged_results,server_sort,extended_dn,asq,samldb,password_hash,operational,objectguid,rdn_name,samba3sam,partition"}) + + ldb.add({"dn": "@PARTITION", + "partition": [s4.basedn + ":" + s4.url, s3.basedn + ":" + s3.url], + "replicateEntries": ["@SUBCLASSES", "@ATTRIBUTES", "@INDEXLIST"]}) + + def setUp(self): + super(MapBaseTestCase, self).setUp() + + def make_dn(basedn, rdn): + return rdn + ",sambaDomainName=TESTS," + basedn + + def make_s4dn(basedn, rdn): + return rdn + "," + basedn + + self.ldbfile = os.path.join(self.tempdir, "test.ldb") + self.ldburl = "tdb://" + self.ldbfile - def _test_s3sam_search(self, ldb): + tempdir = self.tempdir + print tempdir + + class Target: + """Simple helper class that contains data for a specific SAM connection.""" + def __init__(self, file, basedn, dn): + self.file = os.path.join(tempdir, file) + self.url = "tdb://" + self.file + self.basedn = basedn + self.substvars = {"BASEDN": self.basedn} + self.db = Ldb() + self._dn = dn + + def dn(self, rdn): + return self._dn(rdn, self.basedn) + + def connect(self): + return self.db.connect(self.url) + + self.samba4 = Target("samba4.ldb", "dc=vernstok,dc=nl", make_s4dn) + self.samba3 = Target("samba3.ldb", "cn=Samba3Sam", make_dn) + self.templates = Target("templates.ldb", "cn=templates", None) + + self.samba3.connect() + self.templates.connect() + self.samba4.connect() + + def tearDown(self): + os.unlink(self.ldbfile) + os.unlink(self.samba3.file) + os.unlink(self.templates.file) + os.unlink(self.samba4.file) + super(MapBaseTestCase, self).tearDown() + + +class Samba3SamTestCase(MapBaseTestCase): + def setUp(self): + super(Samba3SamTestCase, self).setUp() + ldb = Ldb(self.ldburl) + self.setup_data(self.samba3, open(os.path.join(datadir, "samba3.ldif"), 'r').read()) + self.setup_data(self.templates, open(os.path.join(datadir, "provision_samba3sam_templates.ldif"), 'r').read()) + ldif = open(os.path.join(datadir, "provision_samba3sam.ldif"), 'r').read() + ldb.add_ldif(substitute_var(ldif, self.samba4.substvars)) + self.setup_modules(ldb, self.samba3, self.samba4) + + self.ldb = Ldb(self.ldburl) + + def test_s3sam_search(self): + ldb = self.ldb print "Looking up by non-mapped attribute" msg = ldb.search(expression="(cn=Administrator)") self.assertEquals(len(msg), 1) @@ -89,15 +145,16 @@ replicateEntries: @INDEXLIST (str(msg[i].dn) == "unixName=nobody,ou=Users,dc=vernstok,dc=nl")) - def _test_s3sam_modify(ldb, s3): + def test_s3sam_modify(self): + ldb = self.ldb + s3 = self.samba3 print "Adding a record that will be fallbacked" - ldb.add_ldif(""" -dn: cn=Foo -foo: bar -blah: Blie -cn: Foo -showInAdvancedViewOnly: TRUE - """) + ldb.add({"dn": "cn=Foo", + "foo": "bar", + "blah": "Blie", + "cn": "Foo", + "showInAdvancedViewOnly": "TRUE"} + ) print "Checking for existence of record (local)" # TODO: This record must be searched in the local database, which is currently only supported for base searches @@ -105,21 +162,18 @@ showInAdvancedViewOnly: TRUE # TODO: Actually, this version should work as well but doesn't... # # - attrs = ['foo','blah','cn','showInAdvancedViewOnly'] - msg = ldb.search(expression="(cn=Foo)", base="cn=Foo", scope=ldb.LDB_SCOPE_BASE, attrs=attrs) + msg = ldb.search(expression="(cn=Foo)", base="cn=Foo", scope=LDB_SCOPE_BASE, attrs=['foo','blah','cn','showInAdvancedViewOnly']) self.assertEquals(len(msg), 1) self.assertEquals(msg[0]["showInAdvancedViewOnly"], "TRUE") self.assertEquals(msg[0]["foo"], "bar") self.assertEquals(msg[0]["blah"], "Blie") print "Adding record that will be mapped" - ldb.add_ldif(""" -dn: cn=Niemand,cn=Users,dc=vernstok,dc=nl -objectClass: user -unixName: bin -sambaUnicodePwd: geheim -cn: Niemand -""") + ldb.add({"dn": "cn=Niemand,cn=Users,dc=vernstok,dc=nl", + "objectClass": "user", + "unixName": "bin", + "sambaUnicodePwd": "geheim", + "cn": "Niemand"}) print "Checking for existence of record (remote)" msg = ldb.search(expression="(unixName=bin)", attrs=['unixName','cn','dn', 'sambaUnicodePwd']) @@ -203,7 +257,22 @@ delete: description msg = ldb.search(expression="(cn=Niemand2)") self.assertEquals(len(msg), 0) - def _test_map_search(self, ldb, s3, s4): + + +class MapTestCase(MapBaseTestCase): + def setUp(self): + super(MapTestCase, self).setUp() + ldb = Ldb(self.ldburl) + self.setup_data(self.templates, open(os.path.join(datadir, "provision_samba3sam_templates.ldif"), 'r').read()) + ldif = open(os.path.join(datadir, "provision_samba3sam.ldif"), 'r').read() + ldb.add_ldif(substitute_var(ldif, self.samba4.substvars)) + self.setup_modules(ldb, self.samba3, self.samba4) + self.ldb = Ldb(self.ldburl) + + def test_map_search(self): + s3 = self.samba3 + ldb = self.ldb + s4 = self.samba4 print "Running search tests on mapped data" ldif = """ dn: """ + "sambaDomainName=TESTS,""" + s3.basedn + """ @@ -287,7 +356,7 @@ description: y # Search remote record by local DN dn = s4.dn("cn=A") attrs = ["dnsHostName", "lastLogon"] - res = ldb.search(dn, scope=ldb.SCOPE_BASE, attrs=attrs) + res = ldb.search(dn, scope=SCOPE_BASE, attrs=attrs) self.assertEquals(len(res), 1) self.assertEquals(str(str(res[0].dn)), dn) self.assertEquals(res[0]["dnsHostName"], undefined) @@ -296,7 +365,7 @@ description: y # Search remote record by remote DN dn = s3.dn("cn=A") attrs = ["dnsHostName", "lastLogon", "sambaLogonTime"] - res = s3.db.search(dn, scope=ldb.SCOPE_BASE, attrs=attrs) + res = s3.db.search(dn, scope=SCOPE_BASE, attrs=attrs) self.assertEquals(len(res), 1) self.assertEquals(str(str(res[0].dn)), dn) self.assertEquals(res[0]["dnsHostName"], undefined) @@ -306,7 +375,7 @@ description: y # Search split record by local DN dn = s4.dn("cn=X") attrs = ["dnsHostName", "lastLogon"] - res = ldb.search(dn, scope=ldb.SCOPE_BASE, attrs=attrs) + res = ldb.search(dn, scope=SCOPE_BASE, attrs=attrs) self.assertEquals(len(res), 1) self.assertEquals(str(str(res[0].dn)), dn) self.assertEquals(res[0]["dnsHostName"], "x") @@ -315,7 +384,7 @@ description: y # Search split record by remote DN dn = s3.dn("cn=X") attrs = ["dnsHostName", "lastLogon", "sambaLogonTime"] - res = s3.db.search(dn, scope=ldb.SCOPE_BASE, attrs=attrs) + res = s3.db.search(dn, scope=SCOPE_BASE, attrs=attrs) self.assertEquals(len(res), 1) self.assertEquals(str(str(res[0].dn)), dn) self.assertEquals(res[0]["dnsHostName"], undefined) @@ -326,7 +395,7 @@ description: y # Search by ignored attribute attrs = ["dnsHostName", "lastLogon"] - res = ldb.search(expression="(revision=x)", scope=ldb.SCOPE_DEFAULT, attrs=attrs) + res = ldb.search(expression="(revision=x)", scope=SCOPE_DEFAULT, attrs=attrs) self.assertEquals(len(res), 2) self.assertEquals(str(str(res[0].dn)), s4.dn("cn=Y")) self.assertEquals(res[0]["dnsHostName"], "y") @@ -337,7 +406,7 @@ description: y # Search by kept attribute attrs = ["dnsHostName", "lastLogon"] - res = ldb.search(expression="(description=y)", scope=ldb.SCOPE_DEFAULT, attrs=attrs) + res = ldb.search(expression="(description=y)", scope=SCOPE_DEFAULT, attrs=attrs) self.assertEquals(len(res), 2) self.assertEquals(str(str(res[0].dn)), s4.dn("cn=Z")) self.assertEquals(res[0]["dnsHostName"], "z") @@ -348,7 +417,7 @@ description: y # Search by renamed attribute attrs = ["dnsHostName", "lastLogon"] - res = ldb.search(expression="(badPwdCount=x)", scope=ldb.SCOPE_DEFAULT, attrs=attrs) + res = ldb.search(expression="(badPwdCount=x)", scope=SCOPE_DEFAULT, attrs=attrs) self.assertEquals(len(res), 2) self.assertEquals(str(res[0].dn), s4.dn("cn=B")) self.assertEquals(res[0]["dnsHostName"], undefined) @@ -673,34 +742,32 @@ description: y for dn in dns: ldb.delete(dn) - def _test_map_modify(self, ldb, s3, s4): - print "Running modification tests on mapped data" - - print "Testing modification of local records" + def test_map_modify_local(self): + """Modification of local records.""" + s3 = self.samba3 + ldb = self.ldb + s4 = self.samba4 # Add local record dn = "cn=test,dc=idealx,dc=org" - ldif = """ -dn: """ + dn + """ -cn: test -foo: bar -revision: 1 -description: test -""" - ldb.add_ldif(ldif) + ldb.add({"dn": dn, + "cn": "test", + "foo": "bar", + "revision": "1", + "description": "test"}) # Check it's there attrs = ["foo", "revision", "description"] - res = ldb.search(dn, scope=ldb.SCOPE_BASE, attrs=attrs) + res = ldb.search(dn, scope=SCOPE_BASE, attrs=attrs) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn) self.assertEquals(res[0]["foo"], "bar") self.assertEquals(res[0]["revision"], "1") self.assertEquals(res[0]["description"], "test") # Check it's not in the local db - res = s4.db.search("(cn=test)", NULL, ldb.SCOPE_DEFAULT, attrs) + res = s4.db.search(expression="(cn=test)", scope=SCOPE_DEFAULT, attrs=attrs) self.assertEquals(len(res), 0) # Check it's not in the remote db - res = s3.db.search("(cn=test)", NULL, ldb.SCOPE_DEFAULT, attrs) + res = s3.db.search(expression="(cn=test)", scope=SCOPE_DEFAULT, attrs=attrs) self.assertEquals(len(res), 0) # Modify local record @@ -713,7 +780,7 @@ description: foo """ ldb.modify_ldif(ldif) # Check in local db - res = ldb.search(dn, scope=ldb.SCOPE_BASE, attrs=attrs) + res = ldb.search(dn, scope=SCOPE_BASE, attrs=attrs) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn) self.assertEquals(res[0]["foo"], "baz") @@ -724,7 +791,7 @@ description: foo dn2 = "cn=toast,dc=idealx,dc=org" ldb.rename(dn, dn2) # Check in local db - res = ldb.search(dn2, scope=ldb.SCOPE_BASE, attrs=attrs) + res = ldb.search(dn2, scope=SCOPE_BASE, attrs=attrs) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn2) self.assertEquals(res[0]["foo"], "baz") @@ -734,25 +801,26 @@ description: foo # Delete local record ldb.delete(dn2) # Check it's gone - res = ldb.search(dn2, scope=ldb.SCOPE_BASE) + res = ldb.search(dn2, scope=SCOPE_BASE) self.assertEquals(len(res), 0) - print "Testing modification of remote records" + def test_map_modify_remote_remote(self): + """Modification of remote data of remote records""" + s3 = self.samba3 + ldb = self.ldb + s4 = self.samba4 # Add remote record dn = s4.dn("cn=test") dn2 = s3.dn("cn=test") - ldif = """ -dn: """ + dn2 + """ -cn: test -description: foo -sambaBadPasswordCount: 3 -sambaNextRid: 1001 -""" - s3.db.add_ldif(ldif) + s3.db.add({"dn": dn2, + "cn": "test", + "description": "foo", + "sambaBadPasswordCount": "3", + "sambaNextRid": "1001"}) # Check it's there attrs = ["description", "sambaBadPasswordCount", "sambaNextRid"] - res = s3.db.search("", dn2, ldb.SCOPE_BASE, attrs) + res = s3.db.search("", dn2, SCOPE_BASE, attrs) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn2) self.assertEquals(res[0]["description"], "foo") @@ -760,14 +828,14 @@ sambaNextRid: 1001 self.assertEquals(res[0]["sambaNextRid"], "1001") # Check in mapped db attrs = ["description", "badPwdCount", "nextRid"] - res = ldb.search(dn, scope=ldb.SCOPE_BASE, attrs=attrs) + res = ldb.search(dn, scope=SCOPE_BASE, attrs=attrs) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn) self.assertEquals(res[0]["description"], "foo") self.assertEquals(res[0]["badPwdCount"], "3") self.assertEquals(res[0]["nextRid"], "1001") # Check in local db - res = s4.db.search("", dn, ldb.SCOPE_BASE, attrs) + res = s4.db.search("", dn, SCOPE_BASE, attrs) self.assertEquals(len(res), 0) # Modify remote data of remote record @@ -781,7 +849,7 @@ badPwdCount: 4 ldb.modify_ldif(ldif) # Check in mapped db attrs = ["description", "badPwdCount", "nextRid"] - res = ldb.search(dn, scope=ldb.SCOPE_BASE, attrs=attrs) + res = ldb.search(dn, scope=SCOPE_BASE, attrs=attrs) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn) self.assertEquals(res[0]["description"], "test") @@ -789,7 +857,7 @@ badPwdCount: 4 self.assertEquals(res[0]["nextRid"], "1001") # Check in remote db attrs = ["description", "sambaBadPasswordCount", "sambaNextRid"] - res = s3.db.search("", dn2, ldb.SCOPE_BASE, attrs) + res = s3.db.search("", dn2, SCOPE_BASE, attrs) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn2) self.assertEquals(res[0]["description"], "test") @@ -802,7 +870,7 @@ badPwdCount: 4 # Check in mapped db dn = dn2 attrs = ["description", "badPwdCount", "nextRid"] - res = ldb.search(dn, scope=ldb.SCOPE_BASE, attrs=attrs) + res = ldb.search(dn, scope=SCOPE_BASE, attrs=attrs) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn) self.assertEquals(res[0]["description"], "test") @@ -811,7 +879,7 @@ badPwdCount: 4 # Check in remote db dn2 = s3.dn("cn=toast") attrs = ["description", "sambaBadPasswordCount", "sambaNextRid"] - res = s3.db.search("", dn2, ldb.SCOPE_BASE, attrs) + res = s3.db.search("", dn2, SCOPE_BASE, attrs) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn2) self.assertEquals(res[0]["description"], "test") @@ -821,23 +889,26 @@ badPwdCount: 4 # Delete remote record ldb.delete(dn) # Check in mapped db - res = ldb.search(dn, scope=ldb.SCOPE_BASE) + res = ldb.search(dn, scope=SCOPE_BASE) self.assertEquals(len(res), 0) # Check in remote db - res = s3.db.search("", dn2, ldb.SCOPE_BASE) + res = s3.db.search("", dn2, SCOPE_BASE) self.assertEquals(len(res), 0) + def test_map_modify_remote_local(self): + """Modification of local data of remote records""" + s3 = self.samba3 + ldb = self.ldb + s4 = self.samba4 + # Add remote record (same as before) dn = s4.dn("cn=test") dn2 = s3.dn("cn=test") - ldif = """ -dn: """ + dn2 + """ -cn: test -description: foo -sambaBadPasswordCount: 3 -sambaNextRid: 1001 -""" - s3.db.add_ldif(ldif) + s3.db.add({"dn": dn2, + "cn": "test", + "description": "foo", + "sambaBadPasswordCount": "3", + "sambaNextRid": "1001"}) # Modify local data of remote record ldif = """ @@ -850,19 +921,19 @@ description: test ldb.modify_ldif(ldif) # Check in mapped db attrs = ["revision", "description"] - res = ldb.search(dn, scope=ldb.SCOPE_BASE, attrs=attrs) + res = ldb.search(dn, scope=SCOPE_BASE, attrs=attrs) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn) self.assertEquals(res[0]["description"], "test") self.assertEquals(res[0]["revision"], "1") # Check in remote db - res = s3.db.search("", dn2, ldb.SCOPE_BASE, attrs) + res = s3.db.search("", dn2, SCOPE_BASE, attrs) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn2) self.assertEquals(res[0]["description"], "test") self.assertEquals(res[0]["revision"], undefined) # Check in local db - res = s4.db.search("", dn, ldb.SCOPE_BASE, attrs) + res = s4.db.search("", dn, SCOPE_BASE, attrs) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn) self.assertEquals(res[0]["description"], undefined) @@ -871,23 +942,25 @@ description: test # Delete (newly) split record ldb.delete(dn) - print "Testing modification of split records" + def test_map_modify_split(self): + """Testing modification of split records""" + s3 = self.samba3 + ldb = self.ldb + s4 = self.samba4 # Add split record dn = s4.dn("cn=test") dn2 = s3.dn("cn=test") - ldif = """ -dn: """ + dn + """ -cn: test -description: foo -badPwdCount: 3 -nextRid: 1001 -revision: 1 -""" - ldb.add_ldif(ldif) + ldb.add({ + "dn": dn, + "cn": "test", + "description": "foo", + "badPwdCount": "3", + "nextRid": "1001", + "revision": "1"}) # Check it's there attrs = ["description", "badPwdCount", "nextRid", "revision"] - res = ldb.search(dn, scope=ldb.SCOPE_BASE, attrs=attrs) + res = ldb.search(dn, scope=SCOPE_BASE, attrs=attrs) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn) self.assertEquals(res[0]["description"], "foo") @@ -895,7 +968,7 @@ revision: 1 self.assertEquals(res[0]["nextRid"], "1001") self.assertEquals(res[0]["revision"], "1") # Check in local db - res = s4.db.search("", dn, ldb.SCOPE_BASE, attrs) + res = s4.db.search("", dn, SCOPE_BASE, attrs) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn) self.assertEquals(res[0]["description"], undefined) @@ -904,7 +977,7 @@ revision: 1 self.assertEquals(res[0]["revision"], "1") # Check in remote db attrs = ["description", "sambaBadPasswordCount", "sambaNextRid", "revision"] - res = s3.db.search("", dn2, ldb.SCOPE_BASE, attrs) + res = s3.db.search("", dn2, SCOPE_BASE, attrs) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn2) self.assertEquals(res[0]["description"], "foo") @@ -925,7 +998,7 @@ revision: 2 ldb.modify_ldif(ldif) # Check in mapped db attrs = ["description", "badPwdCount", "nextRid", "revision"] - res = ldb.search(dn, scope=ldb.SCOPE_BASE, attrs=attrs) + res = ldb.search(dn, scope=SCOPE_BASE, attrs=attrs) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn) self.assertEquals(res[0]["description"], "test") @@ -933,7 +1006,7 @@ revision: 2 self.assertEquals(res[0]["nextRid"], "1001") self.assertEquals(res[0]["revision"], "2") # Check in local db - res = s4.db.search("", dn, ldb.SCOPE_BASE, attrs) + res = s4.db.search("", dn, SCOPE_BASE, attrs) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn) self.assertEquals(res[0]["description"], undefined) @@ -942,7 +1015,7 @@ revision: 2 self.assertEquals(res[0]["revision"], "2") # Check in remote db attrs = ["description", "sambaBadPasswordCount", "sambaNextRid", "revision"] - res = s3.db.search("", dn2, ldb.SCOPE_BASE, attrs) + res = s3.db.search("", dn2, SCOPE_BASE, attrs) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn2) self.assertEquals(res[0]["description"], "test") @@ -956,7 +1029,7 @@ revision: 2 # Check in mapped db dn = dn2 attrs = ["description", "badPwdCount", "nextRid", "revision"] - res = ldb.search(dn, scope=ldb.SCOPE_BASE, attrs=attrs) + res = ldb.search(dn, scope=SCOPE_BASE, attrs=attrs) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn) self.assertEquals(res[0]["description"], "test") @@ -964,7 +1037,7 @@ revision: 2 self.assertEquals(res[0]["nextRid"], "1001") self.assertEquals(res[0]["revision"], "2") # Check in local db - res = s4.db.search("", dn, ldb.SCOPE_BASE, attrs) + res = s4.db.search("", dn, SCOPE_BASE, attrs) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn) self.assertEquals(res[0]["description"], undefined) @@ -974,7 +1047,7 @@ revision: 2 # Check in remote db dn2 = s3.dn("cn=toast") attrs = ["description", "sambaBadPasswordCount", "sambaNextRid", "revision"] - res = s3.db.search("", dn2, ldb.SCOPE_BASE, attrs) + res = s3.db.search("", dn2, SCOPE_BASE, attrs) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn2) self.assertEquals(res[0]["description"], "test") @@ -985,82 +1058,11 @@ revision: 2 # Delete split record ldb.delete(dn) # Check in mapped db - res = ldb.search(dn, scope=ldb.SCOPE_BASE) + res = ldb.search(dn, scope=SCOPE_BASE) self.assertEquals(len(res), 0) # Check in local db - res = s4.db.search("", dn, ldb.SCOPE_BASE) + res = s4.db.search("", dn, SCOPE_BASE) self.assertEquals(len(res), 0) # Check in remote db - res = s3.db.search("", dn2, ldb.SCOPE_BASE) + res = s3.db.search("", dn2, SCOPE_BASE) self.assertEquals(len(res), 0) - - def setUp(self): - super(Samba3SamTestCase, self).setUp() - - def make_dn(basedn, rdn): - return rdn + ",sambaDomainName=TESTS," + basedn - - def make_s4dn(basedn, rdn): - return rdn + "," + basedn - - self.ldbfile = os.path.join(self.tempdir, "test.ldb") - self.ldburl = "tdb://" + self.ldbfile - - tempdir = self.tempdir - print tempdir - - class Target: - """Simple helper class that contains data for a specific SAM connection.""" - def __init__(self, file, basedn, dn): - self.file = os.path.join(tempdir, file) - self.url = "tdb://" + self.file - self.basedn = basedn - self.substvars = {"BASEDN": self.basedn} - self.db = Ldb() - self._dn = dn - - def dn(self, rdn): - return self._dn(rdn, self.basedn) - - def connect(self): - return self.db.connect(self.url) - - self.samba4 = Target("samba4.ldb", "dc=vernstok,dc=nl", make_s4dn) - self.samba3 = Target("samba3.ldb", "cn=Samba3Sam", make_dn) - self.templates = Target("templates.ldb", "cn=templates", None) - - self.samba3.connect() - self.templates.connect() - self.samba4.connect() - - def tearDown(self): - os.unlink(self.ldbfile) - os.unlink(self.samba3.file) - os.unlink(self.templates.file) - os.unlink(self.samba4.file) - super(Samba3SamTestCase, self).tearDown() - - def test_s3sam(self): - ldb = Ldb(self.ldburl) - self.setup_data(self.samba3, open(os.path.join(datadir, "samba3.ldif"), 'r').read()) - self.setup_data(self.templates, open(os.path.join(datadir, "provision_samba3sam_templates.ldif"), 'r').read()) - ldif = open(os.path.join(datadir, "provision_samba3sam.ldif"), 'r').read() - ldb.add_ldif(substitute_var(ldif, self.samba4.substvars)) - self.setup_modules(ldb, self.samba3, self.samba4) - - ldb = Ldb(self.ldburl) - - self._test_s3sam_search(ldb) - self._test_s3sam_modify(ldb, self.samba3) - - def test_map(self): - ldb = Ldb(self.ldburl) - self.setup_data(self.templates, open(os.path.join(datadir, "provision_samba3sam_templates.ldif"), 'r').read()) - ldif = open(os.path.join(datadir, "provision_samba3sam.ldif"), 'r').read() - ldb.add_ldif(substitute_var(ldif, self.samba4.substvars)) - self.setup_modules(ldb, self.samba3, self.samba4) - - ldb = Ldb(self.ldburl) - self._test_map_search(ldb, self.samba3, self.samba4) - self._test_map_modify(ldb, self.samba3, self.samba4) - -- cgit From cf80a01591d57d346e42a0a0f9d662cc24ddff51 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 1 Jan 2008 22:04:57 -0600 Subject: r26637: More work converting to Python. (This used to be commit 84f1e82d8fe5ecca75e2d7048d1b8b409abcb9b7) --- source4/dsdb/samdb/ldb_modules/tests/samba3sam.py | 32 +++++++++++------------ 1 file changed, 16 insertions(+), 16 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py b/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py index 16135c1681..86b94fb8ec 100644 --- a/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py +++ b/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py @@ -162,7 +162,7 @@ class Samba3SamTestCase(MapBaseTestCase): # TODO: Actually, this version should work as well but doesn't... # # - msg = ldb.search(expression="(cn=Foo)", base="cn=Foo", scope=LDB_SCOPE_BASE, attrs=['foo','blah','cn','showInAdvancedViewOnly']) + msg = ldb.search(expression="(cn=Foo)", base="cn=Foo", scope=SCOPE_BASE, attrs=['foo','blah','cn','showInAdvancedViewOnly']) self.assertEquals(len(msg), 1) self.assertEquals(msg[0]["showInAdvancedViewOnly"], "TRUE") self.assertEquals(msg[0]["foo"], "bar") @@ -820,7 +820,7 @@ description: foo "sambaNextRid": "1001"}) # Check it's there attrs = ["description", "sambaBadPasswordCount", "sambaNextRid"] - res = s3.db.search("", dn2, SCOPE_BASE, attrs) + res = s3.db.search(dn2, scope=SCOPE_BASE, attrs=attrs) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn2) self.assertEquals(res[0]["description"], "foo") @@ -835,7 +835,7 @@ description: foo self.assertEquals(res[0]["badPwdCount"], "3") self.assertEquals(res[0]["nextRid"], "1001") # Check in local db - res = s4.db.search("", dn, SCOPE_BASE, attrs) + res = s4.db.search(dn, scope=SCOPE_BASE, attrs=attrs) self.assertEquals(len(res), 0) # Modify remote data of remote record @@ -857,7 +857,7 @@ badPwdCount: 4 self.assertEquals(res[0]["nextRid"], "1001") # Check in remote db attrs = ["description", "sambaBadPasswordCount", "sambaNextRid"] - res = s3.db.search("", dn2, SCOPE_BASE, attrs) + res = s3.db.search(dn2, scope=SCOPE_BASE, attrs=attrs) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn2) self.assertEquals(res[0]["description"], "test") @@ -879,7 +879,7 @@ badPwdCount: 4 # Check in remote db dn2 = s3.dn("cn=toast") attrs = ["description", "sambaBadPasswordCount", "sambaNextRid"] - res = s3.db.search("", dn2, SCOPE_BASE, attrs) + res = s3.db.search(dn2, scope=SCOPE_BASE, attrs=attrs) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn2) self.assertEquals(res[0]["description"], "test") @@ -892,7 +892,7 @@ badPwdCount: 4 res = ldb.search(dn, scope=SCOPE_BASE) self.assertEquals(len(res), 0) # Check in remote db - res = s3.db.search("", dn2, SCOPE_BASE) + res = s3.db.search(dn2, scope=SCOPE_BASE) self.assertEquals(len(res), 0) def test_map_modify_remote_local(self): @@ -927,13 +927,13 @@ description: test self.assertEquals(res[0]["description"], "test") self.assertEquals(res[0]["revision"], "1") # Check in remote db - res = s3.db.search("", dn2, SCOPE_BASE, attrs) + res = s3.db.search(dn2, scope=SCOPE_BASE, attrs=attrs) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn2) self.assertEquals(res[0]["description"], "test") self.assertEquals(res[0]["revision"], undefined) # Check in local db - res = s4.db.search("", dn, SCOPE_BASE, attrs) + res = s4.db.search(dn, scope=SCOPE_BASE, attrs=attrs) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn) self.assertEquals(res[0]["description"], undefined) @@ -968,7 +968,7 @@ description: test self.assertEquals(res[0]["nextRid"], "1001") self.assertEquals(res[0]["revision"], "1") # Check in local db - res = s4.db.search("", dn, SCOPE_BASE, attrs) + res = s4.db.search(dn, scope=SCOPE_BASE, attrs=attrs) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn) self.assertEquals(res[0]["description"], undefined) @@ -977,7 +977,7 @@ description: test self.assertEquals(res[0]["revision"], "1") # Check in remote db attrs = ["description", "sambaBadPasswordCount", "sambaNextRid", "revision"] - res = s3.db.search("", dn2, SCOPE_BASE, attrs) + res = s3.db.search(dn2, scope=SCOPE_BASE, attrs=attrs) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn2) self.assertEquals(res[0]["description"], "foo") @@ -1006,7 +1006,7 @@ revision: 2 self.assertEquals(res[0]["nextRid"], "1001") self.assertEquals(res[0]["revision"], "2") # Check in local db - res = s4.db.search("", dn, SCOPE_BASE, attrs) + res = s4.db.search(dn, scope=SCOPE_BASE, attrs=attrs) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn) self.assertEquals(res[0]["description"], undefined) @@ -1015,7 +1015,7 @@ revision: 2 self.assertEquals(res[0]["revision"], "2") # Check in remote db attrs = ["description", "sambaBadPasswordCount", "sambaNextRid", "revision"] - res = s3.db.search("", dn2, SCOPE_BASE, attrs) + res = s3.db.search(dn2, scope=SCOPE_BASE, attrs=attrs) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn2) self.assertEquals(res[0]["description"], "test") @@ -1037,7 +1037,7 @@ revision: 2 self.assertEquals(res[0]["nextRid"], "1001") self.assertEquals(res[0]["revision"], "2") # Check in local db - res = s4.db.search("", dn, SCOPE_BASE, attrs) + res = s4.db.search(dn, scope=SCOPE_BASE, attrs=attrs) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn) self.assertEquals(res[0]["description"], undefined) @@ -1047,7 +1047,7 @@ revision: 2 # Check in remote db dn2 = s3.dn("cn=toast") attrs = ["description", "sambaBadPasswordCount", "sambaNextRid", "revision"] - res = s3.db.search("", dn2, SCOPE_BASE, attrs) + res = s3.db.search(dn2, scope=SCOPE_BASE, attrs=attrs) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn2) self.assertEquals(res[0]["description"], "test") @@ -1061,8 +1061,8 @@ revision: 2 res = ldb.search(dn, scope=SCOPE_BASE) self.assertEquals(len(res), 0) # Check in local db - res = s4.db.search("", dn, SCOPE_BASE) + res = s4.db.search(dn, scope=SCOPE_BASE) self.assertEquals(len(res), 0) # Check in remote db - res = s3.db.search("", dn2, SCOPE_BASE) + res = s3.db.search(dn2, scope=SCOPE_BASE) self.assertEquals(len(res), 0) -- cgit From 86dc05e99f124db47f2743d1fc23117a7f5145ab Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 1 Jan 2008 22:05:05 -0600 Subject: r26638: libndr: Require explicitly specifying iconv_convenience for ndr_struct_push_blob(). (This used to be commit 61ad78ac98937ef7a9aa32075a91a1c95b7606b3) --- source4/dsdb/samdb/ldb_modules/objectclass.c | 5 ++++- source4/dsdb/samdb/ldb_modules/objectguid.c | 5 ++++- source4/dsdb/samdb/ldb_modules/password_hash.c | 20 ++++++++++++++----- source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 25 ++++++++++++++++++------ source4/dsdb/samdb/ldb_modules/samba3sam.c | 5 +++-- source4/dsdb/samdb/ldb_modules/samldb.c | 2 +- source4/dsdb/samdb/ldb_modules/simple_ldap_map.c | 4 ++-- 7 files changed, 48 insertions(+), 18 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c index da5cae1c65..d3beedc689 100644 --- a/source4/dsdb/samdb/ldb_modules/objectclass.c +++ b/source4/dsdb/samdb/ldb_modules/objectclass.c @@ -43,6 +43,7 @@ #include "librpc/gen_ndr/ndr_security.h" #include "libcli/security/security.h" #include "auth/auth.h" +#include "param/param.h" struct oc_context { @@ -273,7 +274,9 @@ static DATA_BLOB *get_sd(struct ldb_module *module, TALLOC_CTX *mem_ctx, return NULL; } - ndr_err = ndr_push_struct_blob(linear_sd, mem_ctx, sd, + ndr_err = ndr_push_struct_blob(linear_sd, mem_ctx, + lp_iconv_convenience(ldb_get_opaque(module->ldb, "loadparm")), + sd, (ndr_push_flags_fn_t)ndr_push_security_descriptor); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { return NULL; diff --git a/source4/dsdb/samdb/ldb_modules/objectguid.c b/source4/dsdb/samdb/ldb_modules/objectguid.c index e9d699d59c..bf57f5c21b 100644 --- a/source4/dsdb/samdb/ldb_modules/objectguid.c +++ b/source4/dsdb/samdb/ldb_modules/objectguid.c @@ -36,6 +36,7 @@ #include "includes.h" #include "ldb/include/ldb_includes.h" #include "librpc/gen_ndr/ndr_misc.h" +#include "param/param.h" static struct ldb_message_element *objectguid_find_attribute(const struct ldb_message *msg, const char *name) { @@ -143,7 +144,9 @@ static int objectguid_add(struct ldb_module *module, struct ldb_request *req) /* a new GUID */ guid = GUID_random(); - ndr_err = ndr_push_struct_blob(&v, msg, &guid, + ndr_err = ndr_push_struct_blob(&v, msg, + lp_iconv_convenience(ldb_get_opaque(module->ldb, "loadparm")), + &guid, (ndr_push_flags_fn_t)ndr_push_GUID); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { talloc_free(down_req); diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index d139cc23a4..a69459cfef 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -913,7 +913,9 @@ static int setup_supplemental_field(struct setup_password_fields_io *io) return ret; } - ndr_err = ndr_push_struct_blob(&pkb_blob, io->ac, &pkb, + ndr_err = ndr_push_struct_blob(&pkb_blob, io->ac, + lp_iconv_convenience(ldb_get_opaque(io->ac->module->ldb, "loadparm")), + &pkb, (ndr_push_flags_fn_t)ndr_push_package_PrimaryKerberosBlob); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { NTSTATUS status = ndr_map_error2ntstatus(ndr_err); @@ -952,7 +954,9 @@ static int setup_supplemental_field(struct setup_password_fields_io *io) return ret; } - ndr_err = ndr_push_struct_blob(&pdb_blob, io->ac, &pdb, + ndr_err = ndr_push_struct_blob(&pdb_blob, io->ac, + lp_iconv_convenience(ldb_get_opaque(io->ac->module->ldb, "loadparm")), + &pdb, (ndr_push_flags_fn_t)ndr_push_package_PrimaryWDigestBlob); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { NTSTATUS status = ndr_map_error2ntstatus(ndr_err); @@ -979,7 +983,9 @@ static int setup_supplemental_field(struct setup_password_fields_io *io) pcb.cleartext = io->n.cleartext; - ndr_err = ndr_push_struct_blob(&pcb_blob, io->ac, &pcb, + ndr_err = ndr_push_struct_blob(&pcb_blob, io->ac, + lp_iconv_convenience(ldb_get_opaque(io->ac->module->ldb, "loadparm")), + &pcb, (ndr_push_flags_fn_t)ndr_push_package_PrimaryCLEARTEXTBlob); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { NTSTATUS status = ndr_map_error2ntstatus(ndr_err); @@ -1002,7 +1008,9 @@ static int setup_supplemental_field(struct setup_password_fields_io *io) /* * setup 'Packages' element */ - ndr_err = ndr_push_struct_blob(&pb_blob, io->ac, &pb, + ndr_err = ndr_push_struct_blob(&pb_blob, io->ac, + lp_iconv_convenience(ldb_get_opaque(io->ac->module->ldb, "loadparm")), + &pb, (ndr_push_flags_fn_t)ndr_push_package_PackagesBlob); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { NTSTATUS status = ndr_map_error2ntstatus(ndr_err); @@ -1027,7 +1035,9 @@ static int setup_supplemental_field(struct setup_password_fields_io *io) scb.sub.num_packages = num_packages; scb.sub.packages = packages; - ndr_err = ndr_push_struct_blob(&io->g.supplemental, io->ac, &scb, + ndr_err = ndr_push_struct_blob(&io->g.supplemental, io->ac, + lp_iconv_convenience(ldb_get_opaque(io->ac->module->ldb, "loadparm")), + &scb, (ndr_push_flags_fn_t)ndr_push_supplementalCredentialsBlob); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { NTSTATUS status = ndr_map_error2ntstatus(ndr_err); diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index 497ee373de..87b9302139 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -47,6 +47,7 @@ #include "librpc/gen_ndr/ndr_misc.h" #include "librpc/gen_ndr/ndr_drsuapi.h" #include "librpc/gen_ndr/ndr_drsblobs.h" +#include "param/param.h" struct replmd_replicated_request { struct ldb_module *module; @@ -518,13 +519,17 @@ static int replmd_add_originating(struct ldb_module *module, replmd_replPropertyMetaDataCtr1_sort(&nmd.ctr.ctr1, &rdn_attr->attributeID_id); /* generated NDR encoded values */ - ndr_err = ndr_push_struct_blob(&guid_value, msg, &guid, + ndr_err = ndr_push_struct_blob(&guid_value, msg, + NULL, + &guid, (ndr_push_flags_fn_t)ndr_push_GUID); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } - ndr_err = ndr_push_struct_blob(&nmd_value, msg, &nmd, + ndr_err = ndr_push_struct_blob(&nmd_value, msg, + lp_iconv_convenience(ldb_get_opaque(module->ldb, "loadparm")), + &nmd, (ndr_push_flags_fn_t)ndr_push_replPropertyMetaDataBlob); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { talloc_free(down_req); @@ -773,7 +778,9 @@ static int replmd_replicated_apply_add(struct replmd_replicated_request *ar) for (i=0; i < md->ctr.ctr1.count; i++) { md->ctr.ctr1.array[i].local_usn = seq_num; } - ndr_err = ndr_push_struct_blob(&md_value, msg, md, + ndr_err = ndr_push_struct_blob(&md_value, msg, + lp_iconv_convenience(global_loadparm), + md, (ndr_push_flags_fn_t)ndr_push_replPropertyMetaDataBlob); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err); @@ -985,7 +992,9 @@ static int replmd_replicated_apply_merge(struct replmd_replicated_request *ar) } /* create the meta data value */ - ndr_err = ndr_push_struct_blob(&nmd_value, msg, &nmd, + ndr_err = ndr_push_struct_blob(&nmd_value, msg, + lp_iconv_convenience(global_loadparm), + &nmd, (ndr_push_flags_fn_t)ndr_push_replPropertyMetaDataBlob); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err); @@ -1350,7 +1359,9 @@ static int replmd_replicated_uptodate_modify(struct replmd_replicated_request *a if (!msg) return replmd_replicated_request_werror(ar, WERR_NOMEM); msg->dn = ar->sub.search_msg->dn; - ndr_err = ndr_push_struct_blob(&nuv_value, msg, &nuv, + ndr_err = ndr_push_struct_blob(&nuv_value, msg, + lp_iconv_convenience(global_loadparm), + &nuv, (ndr_push_flags_fn_t)ndr_push_replUpToDateVectorBlob); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err); @@ -1437,7 +1448,9 @@ static int replmd_replicated_uptodate_modify(struct replmd_replicated_request *a } /* we now fill the value which is already attached to ldb_message */ - ndr_err = ndr_push_struct_blob(nrf_value, msg, &nrf, + ndr_err = ndr_push_struct_blob(nrf_value, msg, + lp_iconv_convenience(global_loadparm), + &nrf, (ndr_push_flags_fn_t)ndr_push_repsFromToBlob); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err); diff --git a/source4/dsdb/samdb/ldb_modules/samba3sam.c b/source4/dsdb/samdb/ldb_modules/samba3sam.c index 0d4fead2b5..c8266a5f46 100644 --- a/source4/dsdb/samdb/ldb_modules/samba3sam.c +++ b/source4/dsdb/samdb/ldb_modules/samba3sam.c @@ -187,8 +187,9 @@ static struct ldb_val encode_sid(struct ldb_module *module, TALLOC_CTX *ctx, con return out; } - ndr_err = ndr_push_struct_blob(&out, ctx, sid, - (ndr_push_flags_fn_t)ndr_push_dom_sid); + ndr_err = ndr_push_struct_blob(&out, ctx, + NULL, + sid, (ndr_push_flags_fn_t)ndr_push_dom_sid); talloc_free(sid); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { return out; diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 3638b91799..8a80260a69 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -50,7 +50,7 @@ static bool samldb_msg_add_sid(struct ldb_module *module, struct ldb_message *ms struct ldb_val v; enum ndr_err_code ndr_err; - ndr_err = ndr_push_struct_blob(&v, msg, sid, + ndr_err = ndr_push_struct_blob(&v, msg, NULL, sid, (ndr_push_flags_fn_t)ndr_push_dom_sid); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { return false; diff --git a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c index 7efcccc9ff..070ce6ae69 100644 --- a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c +++ b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c @@ -49,7 +49,7 @@ static struct ldb_val encode_guid(struct ldb_module *module, TALLOC_CTX *ctx, co if (!NT_STATUS_IS_OK(status)) { return out; } - ndr_err = ndr_push_struct_blob(&out, ctx, &guid, + ndr_err = ndr_push_struct_blob(&out, ctx, NULL, &guid, (ndr_push_flags_fn_t)ndr_push_GUID); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { return out; @@ -93,7 +93,7 @@ static struct ldb_val encode_ns_guid(struct ldb_module *module, TALLOC_CTX *ctx, if (!NT_STATUS_IS_OK(status)) { return out; } - ndr_err = ndr_push_struct_blob(&out, ctx, &guid, + ndr_err = ndr_push_struct_blob(&out, ctx, NULL, &guid, (ndr_push_flags_fn_t)ndr_push_GUID); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { return out; -- cgit From 7d5f0e0893d42b56145a3ffa34e3b4b9906cbd91 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 1 Jan 2008 22:05:13 -0600 Subject: r26639: librpc: Pass iconv convenience on from RPC connection to NDR library, so it can be overridden by OpenChange. (This used to be commit 2f29f80e07adef1f020173f2cd6d947d0ef505ce) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 4 ++-- source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 8 +++++--- source4/dsdb/samdb/ldb_modules/samba3sam.c | 4 ++-- source4/dsdb/samdb/ldb_modules/simple_ldap_map.c | 4 ++-- 4 files changed, 11 insertions(+), 9 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index a69459cfef..61bd391d67 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -473,7 +473,7 @@ static int setup_primary_kerberos(struct setup_password_fields_io *io, talloc_steal(io->ac, blob.data); /* TODO: use ndr_pull_struct_blob_all(), when the ndr layer handles it correct with relative pointers */ - ndr_err = ndr_pull_struct_blob(&blob, io->ac, &_old_pkb, + ndr_err = ndr_pull_struct_blob(&blob, io->ac, lp_iconv_convenience(global_loadparm), &_old_pkb, (ndr_pull_flags_fn_t)ndr_pull_package_PrimaryKerberosBlob); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { NTSTATUS status = ndr_map_error2ntstatus(ndr_err); @@ -880,7 +880,7 @@ static int setup_supplemental_field(struct setup_password_fields_io *io) /* if there's an old supplementaCredentials blob then parse it */ if (io->o.supplemental) { - ndr_err = ndr_pull_struct_blob_all(io->o.supplemental, io->ac, &_old_scb, + ndr_err = ndr_pull_struct_blob_all(io->o.supplemental, io->ac, lp_iconv_convenience(ldb_get_opaque(io->ac->module->ldb, "loadparm")), &_old_scb, (ndr_pull_flags_fn_t)ndr_pull_supplementalCredentialsBlob); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { NTSTATUS status = ndr_map_error2ntstatus(ndr_err); diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index 87b9302139..55b7b18d89 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -909,7 +909,8 @@ static int replmd_replicated_apply_merge(struct replmd_replicated_request *ar) /* find existing meta data */ omd_value = ldb_msg_find_ldb_val(ar->sub.search_msg, "replPropertyMetaData"); if (omd_value) { - ndr_err = ndr_pull_struct_blob(omd_value, ar->sub.mem_ctx, &omd, + ndr_err = ndr_pull_struct_blob(omd_value, ar->sub.mem_ctx, + lp_iconv_convenience(ldb_get_opaque(ar->module->ldb, "loadparm")), &omd, (ndr_pull_flags_fn_t)ndr_pull_replPropertyMetaDataBlob); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err); @@ -1234,7 +1235,8 @@ static int replmd_replicated_uptodate_modify(struct replmd_replicated_request *a */ ouv_value = ldb_msg_find_ldb_val(ar->sub.search_msg, "replUpToDateVector"); if (ouv_value) { - ndr_err = ndr_pull_struct_blob(ouv_value, ar->sub.mem_ctx, &ouv, + ndr_err = ndr_pull_struct_blob(ouv_value, ar->sub.mem_ctx, + lp_iconv_convenience(ldb_get_opaque(ar->module->ldb, "loadparm")), &ouv, (ndr_pull_flags_fn_t)ndr_pull_replUpToDateVectorBlob); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err); @@ -1398,7 +1400,7 @@ static int replmd_replicated_uptodate_modify(struct replmd_replicated_request *a trf = talloc(ar->sub.mem_ctx, struct repsFromToBlob); if (!trf) return replmd_replicated_request_werror(ar, WERR_NOMEM); - ndr_err = ndr_pull_struct_blob(&orf_el->values[i], trf, trf, + ndr_err = ndr_pull_struct_blob(&orf_el->values[i], trf, lp_iconv_convenience(ldb_get_opaque(ar->module->ldb, "loadparm")), trf, (ndr_pull_flags_fn_t)ndr_pull_repsFromToBlob); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err); diff --git a/source4/dsdb/samdb/ldb_modules/samba3sam.c b/source4/dsdb/samdb/ldb_modules/samba3sam.c index c8266a5f46..0bfc9a3dae 100644 --- a/source4/dsdb/samdb/ldb_modules/samba3sam.c +++ b/source4/dsdb/samdb/ldb_modules/samba3sam.c @@ -97,7 +97,7 @@ static void generate_sambaPrimaryGroupSID(struct ldb_module *module, const char return; } - ndr_err = ndr_pull_struct_blob(sidval, sid, sid, (ndr_pull_flags_fn_t)ndr_pull_dom_sid); + ndr_err = ndr_pull_struct_blob(sidval, sid, NULL, sid, (ndr_pull_flags_fn_t)ndr_pull_dom_sid); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { talloc_free(sid); return; @@ -210,7 +210,7 @@ static struct ldb_val decode_sid(struct ldb_module *module, TALLOC_CTX *ctx, con return out; } - ndr_err = ndr_pull_struct_blob(val, sid, sid, + ndr_err = ndr_pull_struct_blob(val, sid, NULL, sid, (ndr_pull_flags_fn_t)ndr_pull_dom_sid); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { goto done; diff --git a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c index 070ce6ae69..91001d43d7 100644 --- a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c +++ b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c @@ -71,7 +71,7 @@ static struct ldb_val guid_always_string(struct ldb_module *module, TALLOC_CTX * if (guid == NULL) { return out; } - ndr_err = ndr_pull_struct_blob(val, guid, guid, + ndr_err = ndr_pull_struct_blob(val, guid, NULL, guid, (ndr_pull_flags_fn_t)ndr_pull_GUID); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { talloc_free(guid); @@ -116,7 +116,7 @@ static struct ldb_val guid_ns_string(struct ldb_module *module, TALLOC_CTX *ctx, if (guid_p == NULL) { return out; } - ndr_err = ndr_pull_struct_blob(val, guid_p, guid_p, + ndr_err = ndr_pull_struct_blob(val, guid_p, NULL, guid_p, (ndr_pull_flags_fn_t)ndr_pull_GUID); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { talloc_free(guid_p); -- cgit From 9d136bc0a323171b13ec047816033ae4fac9e9d4 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 2 Jan 2008 01:52:18 -0600 Subject: r26640: Janitorial: Remove some more uses of global_loadparm. (This used to be commit c863f4ebde8efa1a695b4469142d6719e30bc419) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 2 +- source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 61bd391d67..57c053d961 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -473,7 +473,7 @@ static int setup_primary_kerberos(struct setup_password_fields_io *io, talloc_steal(io->ac, blob.data); /* TODO: use ndr_pull_struct_blob_all(), when the ndr layer handles it correct with relative pointers */ - ndr_err = ndr_pull_struct_blob(&blob, io->ac, lp_iconv_convenience(global_loadparm), &_old_pkb, + ndr_err = ndr_pull_struct_blob(&blob, io->ac, lp_iconv_convenience(ldb_get_opaque(io->ac->module->ldb, "loadparm")), &_old_pkb, (ndr_pull_flags_fn_t)ndr_pull_package_PrimaryKerberosBlob); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { NTSTATUS status = ndr_map_error2ntstatus(ndr_err); diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index 55b7b18d89..5a3cc4bef4 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -779,7 +779,7 @@ static int replmd_replicated_apply_add(struct replmd_replicated_request *ar) md->ctr.ctr1.array[i].local_usn = seq_num; } ndr_err = ndr_push_struct_blob(&md_value, msg, - lp_iconv_convenience(global_loadparm), + lp_iconv_convenience(ldb_get_opaque(ar->module->ldb, "loadparm")), md, (ndr_push_flags_fn_t)ndr_push_replPropertyMetaDataBlob); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { @@ -994,7 +994,7 @@ static int replmd_replicated_apply_merge(struct replmd_replicated_request *ar) /* create the meta data value */ ndr_err = ndr_push_struct_blob(&nmd_value, msg, - lp_iconv_convenience(global_loadparm), + lp_iconv_convenience(ldb_get_opaque(ar->module->ldb, "loadparm")), &nmd, (ndr_push_flags_fn_t)ndr_push_replPropertyMetaDataBlob); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { @@ -1362,7 +1362,7 @@ static int replmd_replicated_uptodate_modify(struct replmd_replicated_request *a msg->dn = ar->sub.search_msg->dn; ndr_err = ndr_push_struct_blob(&nuv_value, msg, - lp_iconv_convenience(global_loadparm), + lp_iconv_convenience(ldb_get_opaque(ar->module->ldb, "loadparm")), &nuv, (ndr_push_flags_fn_t)ndr_push_replUpToDateVectorBlob); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { @@ -1451,7 +1451,7 @@ static int replmd_replicated_uptodate_modify(struct replmd_replicated_request *a /* we now fill the value which is already attached to ldb_message */ ndr_err = ndr_push_struct_blob(nrf_value, msg, - lp_iconv_convenience(global_loadparm), + lp_iconv_convenience(ldb_get_opaque(ar->module->ldb, "loadparm")), &nrf, (ndr_push_flags_fn_t)ndr_push_repsFromToBlob); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { -- cgit From 5e03b921825ffe177bf9d00ed1e12de02728da75 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 2 Jan 2008 01:52:31 -0600 Subject: r26642: samba3sam.py: Remove more EJS-specific code. (This used to be commit 7d14b657b3d59924b15f4f84bbd5745cd7f759ef) --- source4/dsdb/samdb/ldb_modules/tests/samba3sam.py | 500 +++++++++++----------- 1 file changed, 239 insertions(+), 261 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py b/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py index 86b94fb8ec..7c408d0436 100644 --- a/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py +++ b/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py @@ -26,7 +26,7 @@ import os import sys import samba import ldb -from ldb import SCOPE_DEFAULT, SCOPE_BASE +from ldb import SCOPE_DEFAULT, SCOPE_BASE, SCOPE_SUBTREE from samba import Ldb, substitute_var from samba.tests import LdbTestCase, TestCaseInTempDir @@ -105,27 +105,25 @@ class Samba3SamTestCase(MapBaseTestCase): ldif = open(os.path.join(datadir, "provision_samba3sam.ldif"), 'r').read() ldb.add_ldif(substitute_var(ldif, self.samba4.substvars)) self.setup_modules(ldb, self.samba3, self.samba4) - self.ldb = Ldb(self.ldburl) def test_s3sam_search(self): - ldb = self.ldb print "Looking up by non-mapped attribute" - msg = ldb.search(expression="(cn=Administrator)") + msg = self.ldb.search(expression="(cn=Administrator)") self.assertEquals(len(msg), 1) self.assertEquals(msg[0]["cn"], "Administrator") print "Looking up by mapped attribute" - msg = ldb.search(expression="(name=Backup Operators)") + msg = self.ldb.search(expression="(name=Backup Operators)") self.assertEquals(len(msg), 1) self.assertEquals(msg[0]["name"], "Backup Operators") print "Looking up by old name of renamed attribute" - msg = ldb.search(expression="(displayName=Backup Operators)") + msg = self.ldb.search(expression="(displayName=Backup Operators)") self.assertEquals(len(msg), 0) print "Looking up mapped entry containing SID" - msg = ldb.search(expression="(cn=Replicator)") + msg = self.ldb.search(expression="(cn=Replicator)") self.assertEquals(len(msg), 1) print msg[0].dn self.assertEquals(str(msg[0].dn), "cn=Replicator,ou=Groups,dc=vernstok,dc=nl") @@ -138,7 +136,7 @@ class Samba3SamTestCase(MapBaseTestCase): self.assertEquals(oc[i] == "posixGroup" or oc[i], "group") print "Looking up by objectClass" - msg = ldb.search(expression="(|(objectClass=user)(cn=Administrator))") + msg = self.ldb.search(expression="(|(objectClass=user)(cn=Administrator))") self.assertEquals(len(msg), 2) for i in range(len(msg)): self.assertEquals((str(msg[i].dn), "unixName=Administrator,ou=Users,dc=vernstok,dc=nl") or @@ -146,10 +144,8 @@ class Samba3SamTestCase(MapBaseTestCase): def test_s3sam_modify(self): - ldb = self.ldb - s3 = self.samba3 print "Adding a record that will be fallbacked" - ldb.add({"dn": "cn=Foo", + self.ldb.add({"dn": "cn=Foo", "foo": "bar", "blah": "Blie", "cn": "Foo", @@ -162,27 +158,28 @@ class Samba3SamTestCase(MapBaseTestCase): # TODO: Actually, this version should work as well but doesn't... # # - msg = ldb.search(expression="(cn=Foo)", base="cn=Foo", scope=SCOPE_BASE, attrs=['foo','blah','cn','showInAdvancedViewOnly']) + msg = self.ldb.search(expression="(cn=Foo)", base="cn=Foo", scope=SCOPE_BASE, attrs=['foo','blah','cn','showInAdvancedViewOnly']) self.assertEquals(len(msg), 1) self.assertEquals(msg[0]["showInAdvancedViewOnly"], "TRUE") self.assertEquals(msg[0]["foo"], "bar") self.assertEquals(msg[0]["blah"], "Blie") print "Adding record that will be mapped" - ldb.add({"dn": "cn=Niemand,cn=Users,dc=vernstok,dc=nl", + self.ldb.add({"dn": "cn=Niemand,cn=Users,dc=vernstok,dc=nl", "objectClass": "user", "unixName": "bin", "sambaUnicodePwd": "geheim", "cn": "Niemand"}) print "Checking for existence of record (remote)" - msg = ldb.search(expression="(unixName=bin)", attrs=['unixName','cn','dn', 'sambaUnicodePwd']) + msg = self.ldb.search(expression="(unixName=bin)", + attrs=['unixName','cn','dn', 'sambaUnicodePwd']) self.assertEquals(len(msg), 1) self.assertEquals(msg[0]["cn"], "Niemand") self.assertEquals(msg[0]["sambaUnicodePwd"], "geheim") print "Checking for existence of record (local && remote)" - msg = ldb.search(expression="(&(unixName=bin)(sambaUnicodePwd=geheim))", + msg = self.ldb.search(expression="(&(unixName=bin)(sambaUnicodePwd=geheim))", attrs=['unixName','cn','dn', 'sambaUnicodePwd']) self.assertEquals(len(msg), 1) # TODO: should check with more records self.assertEquals(msg[0]["cn"], "Niemand") @@ -190,7 +187,7 @@ class Samba3SamTestCase(MapBaseTestCase): self.assertEquals(msg[0]["sambaUnicodePwd"], "geheim") print "Checking for existence of record (local || remote)" - msg = ldb.search(expression="(|(unixName=bin)(sambaUnicodePwd=geheim))", + msg = self.ldb.search(expression="(|(unixName=bin)(sambaUnicodePwd=geheim))", attrs=['unixName','cn','dn', 'sambaUnicodePwd']) print "got " + len(msg) + " replies" self.assertEquals(len(msg), 1) # TODO: should check with more records @@ -204,7 +201,7 @@ class Samba3SamTestCase(MapBaseTestCase): self.assertEquals(msg[0]["displayName"], "Niemand") print "Adding attribute..." - ldb.modify_ldif(""" + self.ldb.modify_ldif(""" dn: cn=Niemand,cn=Users,dc=vernstok,dc=nl changetype: modify add: description @@ -212,13 +209,13 @@ description: Blah """) print "Checking whether changes are still there..." - msg = ldb.search(expression="(cn=Niemand)") + msg = self.ldb.search(expression="(cn=Niemand)") self.assertTrue(len(msg) >= 1) self.assertEquals(msg[0]["cn"], "Niemand") self.assertEquals(msg[0]["description"], "Blah") print "Modifying attribute..." - ldb.modify_ldif(""" + self.ldb.modify_ldif(""" dn: cn=Niemand,cn=Users,dc=vernstok,dc=nl changetype: modify replace: description @@ -226,35 +223,35 @@ description: Blie """) print "Checking whether changes are still there..." - msg = ldb.search(expression="(cn=Niemand)") + msg = self.ldb.search(expression="(cn=Niemand)") self.assertTrue(len(msg) >= 1) self.assertEquals(msg[0]["description"], "Blie") print "Deleting attribute..." - ldb.modify_ldif(""" + self.ldb.modify_ldif(""" dn: cn=Niemand,cn=Users,dc=vernstok,dc=nl changetype: modify delete: description """) print "Checking whether changes are no longer there..." - msg = ldb.search(expression="(cn=Niemand)") + msg = self.ldb.search(expression="(cn=Niemand)") self.assertTrue(len(msg) >= 1) - self.assertEquals(msg[0]["description"], undefined) + self.assertTrue(not "description" in res[0]) print "Renaming record..." - ldb.rename("cn=Niemand,cn=Users,dc=vernstok,dc=nl", "cn=Niemand2,cn=Users,dc=vernstok,dc=nl") + self.ldb.rename("cn=Niemand,cn=Users,dc=vernstok,dc=nl", "cn=Niemand2,cn=Users,dc=vernstok,dc=nl") print "Checking whether DN has changed..." - msg = ldb.search(expression="(cn=Niemand2)") + msg = self.ldb.search(expression="(cn=Niemand2)") self.assertEquals(len(msg), 1) self.assertEquals(str(msg[0].dn), "cn=Niemand2,cn=Users,dc=vernstok,dc=nl") print "Deleting record..." - ldb.delete("cn=Niemand2,cn=Users,dc=vernstok,dc=nl") + self.ldb.delete("cn=Niemand2,cn=Users,dc=vernstok,dc=nl") print "Checking whether record is gone..." - msg = ldb.search(expression="(cn=Niemand2)") + msg = self.ldb.search(expression="(cn=Niemand2)") self.assertEquals(len(msg), 0) @@ -270,22 +267,19 @@ class MapTestCase(MapBaseTestCase): self.ldb = Ldb(self.ldburl) def test_map_search(self): - s3 = self.samba3 - ldb = self.ldb - s4 = self.samba4 print "Running search tests on mapped data" ldif = """ -dn: """ + "sambaDomainName=TESTS,""" + s3.basedn + """ +dn: """ + "sambaDomainName=TESTS,""" + self.samba3.basedn + """ objectclass: sambaDomain objectclass: top sambaSID: S-1-5-21-4231626423-2410014848-2360679739 sambaNextRid: 2000 sambaDomainName: TESTS""" - s3.db.add_ldif(substitute_var(ldif, s3.substvars)) + self.samba3.db.add_ldif(substitute_var(ldif, self.samba3.substvars)) print "Add a set of split records" ldif = """ -dn: """ + s4.dn("cn=X") + """ +dn: """ + self.samba4.dn("cn=X") + """ objectClass: user cn: X codePage: x @@ -297,7 +291,7 @@ description: x objectSid: S-1-5-21-4231626423-2410014848-2360679739-552 primaryGroupID: 1-5-21-4231626423-2410014848-2360679739-512 -dn: """ + s4.dn("cn=Y") + """ +dn: """ + self.samba4.dn("cn=Y") + """ objectClass: top cn: Y codePage: x @@ -307,7 +301,7 @@ nextRid: y lastLogon: y description: x -dn: """ + s4.dn("cn=Z") + """ +dn: """ + self.samba4.dn("cn=Z") + """ objectClass: top cn: Z codePage: x @@ -318,12 +312,12 @@ lastLogon: z description: y """ - ldb.add_ldif(substitute_var(ldif, s4.substvars)) + self.ldb.add_ldif(substitute_var(ldif, self.samba4.substvars)) print "Add a set of remote records" ldif = """ -dn: """ + s3.dn("cn=A") + """ +dn: """ + self.samba3.dn("cn=A") + """ objectClass: posixAccount cn: A sambaNextRid: x @@ -333,7 +327,7 @@ description: x sambaSID: S-1-5-21-4231626423-2410014848-2360679739-552 sambaPrimaryGroupSID: S-1-5-21-4231626423-2410014848-2360679739-512 -dn: """ + s3.dn("cn=B") + """ +dn: """ + self.samba3.dn("cn=B") + """ objectClass: top cn:B sambaNextRid: x @@ -341,7 +335,7 @@ sambaBadPasswordCount: x sambaLogonTime: y description: x -dn: """ + s3.dn("cn=C") + """ +dn: """ + self.samba3.dn("cn=C") + """ objectClass: top cn: C sambaNextRid: x @@ -349,81 +343,81 @@ sambaBadPasswordCount: y sambaLogonTime: z description: y """ - s3.add_ldif(substitute_var(ldif, s3.substvars)) + self.samba3.add_ldif(substitute_var(ldif, self.samba3.substvars)) print "Testing search by DN" # Search remote record by local DN - dn = s4.dn("cn=A") + dn = self.samba4.dn("cn=A") attrs = ["dnsHostName", "lastLogon"] - res = ldb.search(dn, scope=SCOPE_BASE, attrs=attrs) + res = self.ldb.search(dn, scope=SCOPE_BASE, attrs=attrs) self.assertEquals(len(res), 1) self.assertEquals(str(str(res[0].dn)), dn) - self.assertEquals(res[0]["dnsHostName"], undefined) + self.assertTrue(not "dnsHostName" in res[0]) self.assertEquals(res[0]["lastLogon"], "x") # Search remote record by remote DN - dn = s3.dn("cn=A") + dn = self.samba3.dn("cn=A") attrs = ["dnsHostName", "lastLogon", "sambaLogonTime"] - res = s3.db.search(dn, scope=SCOPE_BASE, attrs=attrs) + res = self.samba3.db.search(dn, scope=SCOPE_BASE, attrs=attrs) self.assertEquals(len(res), 1) self.assertEquals(str(str(res[0].dn)), dn) - self.assertEquals(res[0]["dnsHostName"], undefined) - self.assertEquals(res[0]["lastLogon"], undefined) + self.assertTrue(not "dnsHostName" in res[0]) + self.assertTrue(not "lastLogon" in res[0]) self.assertEquals(res[0]["sambaLogonTime"], "x") # Search split record by local DN - dn = s4.dn("cn=X") + dn = self.samba4.dn("cn=X") attrs = ["dnsHostName", "lastLogon"] - res = ldb.search(dn, scope=SCOPE_BASE, attrs=attrs) + res = self.ldb.search(dn, scope=SCOPE_BASE, attrs=attrs) self.assertEquals(len(res), 1) self.assertEquals(str(str(res[0].dn)), dn) self.assertEquals(res[0]["dnsHostName"], "x") self.assertEquals(res[0]["lastLogon"], "x") # Search split record by remote DN - dn = s3.dn("cn=X") + dn = self.samba3.dn("cn=X") attrs = ["dnsHostName", "lastLogon", "sambaLogonTime"] - res = s3.db.search(dn, scope=SCOPE_BASE, attrs=attrs) + res = self.samba3.db.search(dn, scope=SCOPE_BASE, attrs=attrs) self.assertEquals(len(res), 1) self.assertEquals(str(str(res[0].dn)), dn) - self.assertEquals(res[0]["dnsHostName"], undefined) - self.assertEquals(res[0]["lastLogon"], undefined) + self.assertTrue(not "dnsHostName" in res[0]) + self.assertTrue(not "lastLogon" in res[0]) self.assertEquals(res[0]["sambaLogonTime"], "x") print "Testing search by attribute" # Search by ignored attribute attrs = ["dnsHostName", "lastLogon"] - res = ldb.search(expression="(revision=x)", scope=SCOPE_DEFAULT, attrs=attrs) + res = self.ldb.search(expression="(revision=x)", scope=SCOPE_DEFAULT, attrs=attrs) self.assertEquals(len(res), 2) - self.assertEquals(str(str(res[0].dn)), s4.dn("cn=Y")) + self.assertEquals(str(str(res[0].dn)), self.samba4.dn("cn=Y")) self.assertEquals(res[0]["dnsHostName"], "y") self.assertEquals(res[0]["lastLogon"], "y") - self.assertEquals(str(str(res[1].dn)), s4.dn("cn=X")) + self.assertEquals(str(str(res[1].dn)), self.samba4.dn("cn=X")) self.assertEquals(res[1]["dnsHostName"], "x") self.assertEquals(res[1]["lastLogon"], "x") # Search by kept attribute attrs = ["dnsHostName", "lastLogon"] - res = ldb.search(expression="(description=y)", scope=SCOPE_DEFAULT, attrs=attrs) + res = self.ldb.search(expression="(description=y)", scope=SCOPE_DEFAULT, attrs=attrs) self.assertEquals(len(res), 2) - self.assertEquals(str(str(res[0].dn)), s4.dn("cn=Z")) + self.assertEquals(str(str(res[0].dn)), self.samba4.dn("cn=Z")) self.assertEquals(res[0]["dnsHostName"], "z") self.assertEquals(res[0]["lastLogon"], "z") - self.assertEquals(str(str(res[1].dn)), s4.dn("cn=C")) - self.assertEquals(res[1]["dnsHostName"], undefined) + self.assertEquals(str(str(res[1].dn)), self.samba4.dn("cn=C")) + self.assertTrue(not "dnsHostName" in res[1]) self.assertEquals(res[1]["lastLogon"], "z") # Search by renamed attribute attrs = ["dnsHostName", "lastLogon"] - res = ldb.search(expression="(badPwdCount=x)", scope=SCOPE_DEFAULT, attrs=attrs) + res = self.ldb.search(expression="(badPwdCount=x)", scope=SCOPE_DEFAULT, attrs=attrs) self.assertEquals(len(res), 2) - self.assertEquals(str(res[0].dn), s4.dn("cn=B")) - self.assertEquals(res[0]["dnsHostName"], undefined) + self.assertEquals(str(res[0].dn), self.samba4.dn("cn=B")) + self.assertTrue(not "dnsHostName" in res[0]) self.assertEquals(res[0]["lastLogon"], "y") - self.assertEquals(str(res[1].dn), s4.dn("cn=A")) - self.assertEquals(res[1]["dnsHostName"], undefined) + self.assertEquals(str(res[1].dn), self.samba4.dn("cn=A")) + self.assertTrue(not "dnsHostName" in res[1]) self.assertEquals(res[1]["lastLogon"], "x") # Search by converted attribute @@ -431,15 +425,15 @@ description: y # TODO: # Using the SID directly in the parse tree leads to conversion # errors, letting the search fail with no results. - #res = ldb.search("(objectSid=S-1-5-21-4231626423-2410014848-2360679739-552)", NULL, ldb. SCOPE_DEFAULT, attrs) - res = ldb.search(expression="(objectSid=*)", attrs=attrs) + #res = self.ldb.search("(objectSid=S-1-5-21-4231626423-2410014848-2360679739-552)", scope=SCOPE_DEFAULT, attrs) + res = self.ldb.search(expression="(objectSid=*)", attrs=attrs) self.assertEquals(len(res), 3) - self.assertEquals(str(res[0].dn), s4.dn("cn=X")) + self.assertEquals(str(res[0].dn), self.samba4.dn("cn=X")) self.assertEquals(res[0]["dnsHostName"], "x") self.assertEquals(res[0]["lastLogon"], "x") self.assertEquals(res[0]["objectSid"], "S-1-5-21-4231626423-2410014848-2360679739-552") - self.assertEquals(str(res[1].dn), s4.dn("cn=A")) - self.assertEquals(res[1]["dnsHostName"], undefined) + self.assertEquals(str(res[1].dn), self.samba4.dn("cn=A")) + self.assertTrue(not "dnsHostName" in res[1]) self.assertEquals(res[1]["lastLogon"], "x") self.assertEquals(res[1]["objectSid"], "S-1-5-21-4231626423-2410014848-2360679739-552") @@ -447,10 +441,10 @@ description: y # In most cases, this even works when the mapping is missing # a `convert_operator' by enumerating the remote db. attrs = ["dnsHostName", "lastLogon", "primaryGroupID"] - res = ldb.search(expression="(primaryGroupID=512)", attrs=attrs) + res = self.ldb.search(expression="(primaryGroupID=512)", attrs=attrs) self.assertEquals(len(res), 1) - self.assertEquals(str(res[0].dn), s4.dn("cn=A")) - self.assertEquals(res[0]["dnsHostName"], undefined) + self.assertEquals(str(res[0].dn), self.samba4.dn("cn=A")) + self.assertTrue(not "dnsHostName" in res[0]) self.assertEquals(res[0]["lastLogon"], "x") self.assertEquals(res[0]["primaryGroupID"], "512") @@ -470,40 +464,40 @@ description: y # Search by remote name of renamed attribute */ attrs = ["dnsHostName", "lastLogon"] - res = ldb.search(expression="(sambaBadPasswordCount=*)", attrs=attrs) + res = self.ldb.search(expression="(sambaBadPasswordCount=*)", attrs=attrs) self.assertEquals(len(res), 0) # Search by objectClass attrs = ["dnsHostName", "lastLogon", "objectClass"] - res = ldb.search(expression="(objectClass=user)", attrs=attrs) + res = self.ldb.search(expression="(objectClass=user)", attrs=attrs) self.assertEquals(len(res), 2) - self.assertEquals(str(res[0].dn), s4.dn("cn=X")) + self.assertEquals(str(res[0].dn), self.samba4.dn("cn=X")) self.assertEquals(res[0]["dnsHostName"], "x") self.assertEquals(res[0]["lastLogon"], "x") self.assertTrue(res[0]["objectClass"] is not None) self.assertEquals(res[0]["objectClass"][0], "user") - self.assertEquals(str(res[1].dn), s4.dn("cn=A")) - self.assertEquals(res[1]["dnsHostName"], undefined) + self.assertEquals(str(res[1].dn), self.samba4.dn("cn=A")) + self.assertTrue(not "dnsHostName" in res[1]) self.assertEquals(res[1]["lastLogon"], "x") self.assertTrue(res[1]["objectClass"] is not None) self.assertEquals(res[1]["objectClass"][0], "user") # Prove that the objectClass is actually used for the search - res = ldb.search(expression="(|(objectClass=user)(badPwdCount=x))", attrs=attrs) + res = self.ldb.search(expression="(|(objectClass=user)(badPwdCount=x))", attrs=attrs) self.assertEquals(len(res), 3) - self.assertEquals(str(res[0].dn), s4.dn("cn=B")) - self.assertEquals(res[0]["dnsHostName"], undefined) + self.assertEquals(str(res[0].dn), self.samba4.dn("cn=B")) + self.assertTrue(not "dnsHostName" in res[0]) self.assertEquals(res[0]["lastLogon"], "y") self.assertTrue(res[0]["objectClass"] is not None) for oc in set(res[0]["objectClass"]): self.assertEquals(oc, "user") - self.assertEquals(str(res[1].dn), s4.dn("cn=X")) + self.assertEquals(str(res[1].dn), self.samba4.dn("cn=X")) self.assertEquals(res[1]["dnsHostName"], "x") self.assertEquals(res[1]["lastLogon"], "x") self.assertTrue(res[1]["objectClass"] is not None) self.assertEquals(res[1]["objectClass"][0], "user") - self.assertEquals(str(res[2].dn), s4.dn("cn=A")) - self.assertEquals(res[2]["dnsHostName"], undefined) + self.assertEquals(str(res[2].dn), self.samba4.dn("cn=A")) + self.assertTrue(not "dnsHostName" in res[2]) self.assertEquals(res[2]["lastLogon"], "x") self.assertTrue(res[2]["objectClass"] is not None) self.assertEquals(res[2]["objectClass"][0], "user") @@ -512,262 +506,258 @@ description: y # Search by conjunction of local attributes attrs = ["dnsHostName", "lastLogon"] - res = ldb.search(expression="(&(codePage=x)(revision=x))", attrs=attrs) + res = self.ldb.search(expression="(&(codePage=x)(revision=x))", attrs=attrs) self.assertEquals(len(res), 2) - self.assertEquals(str(res[0].dn), s4.dn("cn=Y")) + self.assertEquals(str(res[0].dn), self.samba4.dn("cn=Y")) self.assertEquals(res[0]["dnsHostName"], "y") self.assertEquals(res[0]["lastLogon"], "y") - self.assertEquals(str(res[1].dn), s4.dn("cn=X")) + self.assertEquals(str(res[1].dn), self.samba4.dn("cn=X")) self.assertEquals(res[1]["dnsHostName"], "x") self.assertEquals(res[1]["lastLogon"], "x") # Search by conjunction of remote attributes attrs = ["dnsHostName", "lastLogon"] - res = ldb.search(expression="(&(lastLogon=x)(description=x))", attrs=attrs) + res = self.ldb.search(expression="(&(lastLogon=x)(description=x))", attrs=attrs) self.assertEquals(len(res), 2) - self.assertEquals(str(res[0].dn), s4.dn("cn=X")) + self.assertEquals(str(res[0].dn), self.samba4.dn("cn=X")) self.assertEquals(res[0]["dnsHostName"], "x") self.assertEquals(res[0]["lastLogon"], "x") - self.assertEquals(str(res[1].dn), s4.dn("cn=A")) - self.assertEquals(res[1]["dnsHostName"], undefined) + self.assertEquals(str(res[1].dn), self.samba4.dn("cn=A")) + self.assertTrue(not "dnsHostName" in res[1]) self.assertEquals(res[1]["lastLogon"], "x") # Search by conjunction of local and remote attribute attrs = ["dnsHostName", "lastLogon"] - res = ldb.search(expression="(&(codePage=x)(description=x))", attrs=attrs) + res = self.ldb.search(expression="(&(codePage=x)(description=x))", attrs=attrs) self.assertEquals(len(res), 2) - self.assertEquals(str(res[0].dn), s4.dn("cn=Y")) + self.assertEquals(str(res[0].dn), self.samba4.dn("cn=Y")) self.assertEquals(res[0]["dnsHostName"], "y") self.assertEquals(res[0]["lastLogon"], "y") - self.assertEquals(str(res[1].dn), s4.dn("cn=X")) + self.assertEquals(str(res[1].dn), self.samba4.dn("cn=X")) self.assertEquals(res[1]["dnsHostName"], "x") self.assertEquals(res[1]["lastLogon"], "x") # Search by conjunction of local and remote attribute w/o match attrs = ["dnsHostName", "lastLogon"] - res = ldb.search(expression="(&(codePage=x)(nextRid=x))", attrs=attrs) + res = self.ldb.search(expression="(&(codePage=x)(nextRid=x))", attrs=attrs) self.assertEquals(len(res), 0) - res = ldb.search(expression="(&(revision=x)(lastLogon=z))", attrs=attrs) + res = self.ldb.search(expression="(&(revision=x)(lastLogon=z))", attrs=attrs) self.assertEquals(len(res), 0) # Search by disjunction of local attributes attrs = ["dnsHostName", "lastLogon"] - res = ldb.search(expression="(|(revision=x)(dnsHostName=x))", attrs=attrs) + res = self.ldb.search(expression="(|(revision=x)(dnsHostName=x))", attrs=attrs) self.assertEquals(len(res), 2) - self.assertEquals(str(res[0].dn), s4.dn("cn=Y")) + self.assertEquals(str(res[0].dn), self.samba4.dn("cn=Y")) self.assertEquals(res[0]["dnsHostName"], "y") self.assertEquals(res[0]["lastLogon"], "y") - self.assertEquals(str(res[1].dn), s4.dn("cn=X")) + self.assertEquals(str(res[1].dn), self.samba4.dn("cn=X")) self.assertEquals(res[1]["dnsHostName"], "x") self.assertEquals(res[1]["lastLogon"], "x") # Search by disjunction of remote attributes attrs = ["dnsHostName", "lastLogon"] - res = ldb.search(expression="(|(badPwdCount=x)(lastLogon=x))", attrs=attrs) + res = self.ldb.search(expression="(|(badPwdCount=x)(lastLogon=x))", attrs=attrs) self.assertEquals(len(res), 3) - self.assertEquals(str(res[0].dn), s4.dn("cn=B")) - self.assertEquals(res[0]["dnsHostName"], undefined) + self.assertEquals(str(res[0].dn), self.samba4.dn("cn=B")) + self.assertTrue("dnsHostName" in res[0]) self.assertEquals(res[0]["lastLogon"], "y") - self.assertEquals(str(res[1].dn), s4.dn("cn=X")) + self.assertEquals(str(res[1].dn), self.samba4.dn("cn=X")) self.assertEquals(res[1]["dnsHostName"], "x") self.assertEquals(res[1]["lastLogon"], "x") - self.assertEquals(str(res[2].dn), s4.dn("cn=A")) - self.assertEquals(res[2]["dnsHostName"], undefined) + self.assertEquals(str(res[2].dn), self.samba4.dn("cn=A")) + self.assertTrue("dnsHostName" in res[2]) self.assertEquals(res[2]["lastLogon"], "x") # Search by disjunction of local and remote attribute attrs = ["dnsHostName", "lastLogon"] - res = ldb.search(expression="(|(revision=x)(lastLogon=y))", attrs=attrs) + res = self.ldb.search(expression="(|(revision=x)(lastLogon=y))", attrs=attrs) self.assertEquals(len(res), 3) - self.assertEquals(str(res[0].dn), s4.dn("cn=Y")) + self.assertEquals(str(res[0].dn), self.samba4.dn("cn=Y")) self.assertEquals(res[0]["dnsHostName"], "y") self.assertEquals(res[0]["lastLogon"], "y") - self.assertEquals(str(res[1].dn), s4.dn("cn=B")) - self.assertEquals(res[1]["dnsHostName"], undefined) + self.assertEquals(str(res[1].dn), self.samba4.dn("cn=B")) + self.assertTrue("dnsHostName" in res[1]) self.assertEquals(res[1]["lastLogon"], "y") - self.assertEquals(str(res[2].dn), s4.dn("cn=X")) + self.assertEquals(str(res[2].dn), self.samba4.dn("cn=X")) self.assertEquals(res[2]["dnsHostName"], "x") self.assertEquals(res[2]["lastLogon"], "x") # Search by disjunction of local and remote attribute w/o match attrs = ["dnsHostName", "lastLogon"] - res = ldb.search(expression="(|(codePage=y)(nextRid=z))", attrs=attrs) + res = self.ldb.search(expression="(|(codePage=y)(nextRid=z))", attrs=attrs) self.assertEquals(len(res), 0) # Search by negated local attribute attrs = ["dnsHostName", "lastLogon"] - res = ldb.search(expression="(!(revision=x))", attrs=attrs) + res = self.ldb.search(expression="(!(revision=x))", attrs=attrs) self.assertEquals(len(res), 5) - self.assertEquals(str(res[0].dn), s4.dn("cn=B")) - self.assertEquals(res[0]["dnsHostName"], undefined) + self.assertEquals(str(res[0].dn), self.samba4.dn("cn=B")) + self.assertTrue(not "dnsHostName" in res[0]) self.assertEquals(res[0]["lastLogon"], "y") - self.assertEquals(str(res[1].dn), s4.dn("cn=A")) - self.assertEquals(res[1]["dnsHostName"], undefined) + self.assertEquals(str(res[1].dn), self.samba4.dn("cn=A")) + self.assertTrue(not "dnsHostName" in res[1]) self.assertEquals(res[1]["lastLogon"], "x") - self.assertEquals(str(res[2].dn), s4.dn("cn=Z")) + self.assertEquals(str(res[2].dn), self.samba4.dn("cn=Z")) self.assertEquals(res[2]["dnsHostName"], "z") self.assertEquals(res[2]["lastLogon"], "z") - self.assertEquals(str(res[3].dn), s4.dn("cn=C")) - self.assertEquals(res[3]["dnsHostName"], undefined) + self.assertEquals(str(res[3].dn), self.samba4.dn("cn=C")) + self.assertTrue(not "dnsHostName" in res[3]) self.assertEquals(res[3]["lastLogon"], "z") # Search by negated remote attribute attrs = ["dnsHostName", "lastLogon"] - res = ldb.search(expression="(!(description=x))", attrs=attrs) + res = self.ldb.search(expression="(!(description=x))", attrs=attrs) self.assertEquals(len(res), 3) - self.assertEquals(str(res[0].dn), s4.dn("cn=Z")) + self.assertEquals(str(res[0].dn), self.samba4.dn("cn=Z")) self.assertEquals(res[0]["dnsHostName"], "z") self.assertEquals(res[0]["lastLogon"], "z") - self.assertEquals(str(res[1].dn), s4.dn("cn=C")) - self.assertEquals(res[1]["dnsHostName"], undefined) + self.assertEquals(str(res[1].dn), self.samba4.dn("cn=C")) + self.assertTrue(not "dnsHostName" in res[1]) self.assertEquals(res[1]["lastLogon"], "z") # Search by negated conjunction of local attributes attrs = ["dnsHostName", "lastLogon"] - res = ldb.search(expression="(!(&(codePage=x)(revision=x)))", attrs=attrs) + res = self.ldb.search(expression="(!(&(codePage=x)(revision=x)))", attrs=attrs) self.assertEquals(len(res), 5) - self.assertEquals(str(res[0].dn), s4.dn("cn=B")) - self.assertEquals(res[0]["dnsHostName"], undefined) + self.assertEquals(str(res[0].dn), self.samba4.dn("cn=B")) + self.assertTrue(not "dnsHostName" in res[0]) self.assertEquals(res[0]["lastLogon"], "y") - self.assertEquals(str(res[1].dn), s4.dn("cn=A")) - self.assertEquals(res[1]["dnsHostName"], undefined) + self.assertEquals(str(res[1].dn), self.samba4.dn("cn=A")) + self.assertTrue(not "dnsHostName" in res[1]) self.assertEquals(res[1]["lastLogon"], "x") - self.assertEquals(str(res[2].dn), s4.dn("cn=Z")) + self.assertEquals(str(res[2].dn), self.samba4.dn("cn=Z")) self.assertEquals(res[2]["dnsHostName"], "z") self.assertEquals(res[2]["lastLogon"], "z") - self.assertEquals(str(res[3].dn), s4.dn("cn=C")) - self.assertEquals(res[3]["dnsHostName"], undefined) + self.assertEquals(str(res[3].dn), self.samba4.dn("cn=C")) + self.assertTrue(not "dnsHostName" in res[3]) self.assertEquals(res[3]["lastLogon"], "z") # Search by negated conjunction of remote attributes attrs = ["dnsHostName", "lastLogon"] - res = ldb.search(expression="(!(&(lastLogon=x)(description=x)))", attrs=attrs) + res = self.ldb.search(expression="(!(&(lastLogon=x)(description=x)))", attrs=attrs) self.assertEquals(len(res), 5) - self.assertEquals(str(res[0].dn), s4.dn("cn=Y")) + self.assertEquals(str(res[0].dn), self.samba4.dn("cn=Y")) self.assertEquals(res[0]["dnsHostName"], "y") self.assertEquals(res[0]["lastLogon"], "y") - self.assertEquals(str(res[1].dn), s4.dn("cn=B")) - self.assertEquals(res[1]["dnsHostName"], undefined) + self.assertEquals(str(res[1].dn), self.samba4.dn("cn=B")) + self.assertTrue(not "dnsHostName" in res[1]) self.assertEquals(res[1]["lastLogon"], "y") - self.assertEquals(str(res[2].dn), s4.dn("cn=Z")) + self.assertEquals(str(res[2].dn), self.samba4.dn("cn=Z")) self.assertEquals(res[2]["dnsHostName"], "z") self.assertEquals(res[2]["lastLogon"], "z") - self.assertEquals(str(res[3].dn), s4.dn("cn=C")) - self.assertEquals(res[3]["dnsHostName"], undefined) + self.assertEquals(str(res[3].dn), self.samba4.dn("cn=C")) + self.assertTrue(not "dnsHostName" in res[3]) self.assertEquals(res[3]["lastLogon"], "z") # Search by negated conjunction of local and remote attribute attrs = ["dnsHostName", "lastLogon"] - res = ldb.search(expression="(!(&(codePage=x)(description=x)))", attrs=attrs) + res = self.ldb.search(expression="(!(&(codePage=x)(description=x)))", attrs=attrs) self.assertEquals(len(res), 5) - self.assertEquals(str(res[0].dn), s4.dn("cn=B")) - self.assertEquals(res[0]["dnsHostName"], undefined) + self.assertEquals(str(res[0].dn), self.samba4.dn("cn=B")) + self.assertTrue(not "dnsHostName" in res[0]) self.assertEquals(res[0]["lastLogon"], "y") - self.assertEquals(str(res[1].dn), s4.dn("cn=A")) - self.assertEquals(res[1]["dnsHostName"], undefined) + self.assertEquals(str(res[1].dn), self.samba4.dn("cn=A")) + self.assertTrue(not "dnsHostName" in res[1]) self.assertEquals(res[1]["lastLogon"], "x") - self.assertEquals(str(res[2].dn), s4.dn("cn=Z")) + self.assertEquals(str(res[2].dn), self.samba4.dn("cn=Z")) self.assertEquals(res[2]["dnsHostName"], "z") self.assertEquals(res[2]["lastLogon"], "z") - self.assertEquals(str(res[3].dn), s4.dn("cn=C")) - self.assertEquals(res[3]["dnsHostName"], undefined) + self.assertEquals(str(res[3].dn), self.samba4.dn("cn=C")) + self.assertTrue(not "dnsHostName" in res[3]) self.assertEquals(res[3]["lastLogon"], "z") # Search by negated disjunction of local attributes attrs = ["dnsHostName", "lastLogon"] - res = ldb.search(expression="(!(|(revision=x)(dnsHostName=x)))", attrs=attrs) - self.assertEquals(str(res[0].dn), s4.dn("cn=B")) - self.assertEquals(res[0]["dnsHostName"], undefined) + res = self.ldb.search(expression="(!(|(revision=x)(dnsHostName=x)))", attrs=attrs) + self.assertEquals(str(res[0].dn), self.samba4.dn("cn=B")) + self.assertTrue(not "dnsHostName" in res[0]) self.assertEquals(res[0]["lastLogon"], "y") - self.assertEquals(str(res[1].dn), s4.dn("cn=A")) - self.assertEquals(res[1]["dnsHostName"], undefined) + self.assertEquals(str(res[1].dn), self.samba4.dn("cn=A")) + self.assertTrue(not "dnsHostName" in res[1]) self.assertEquals(res[1]["lastLogon"], "x") - self.assertEquals(str(res[2].dn), s4.dn("cn=Z")) + self.assertEquals(str(res[2].dn), self.samba4.dn("cn=Z")) self.assertEquals(res[2]["dnsHostName"], "z") self.assertEquals(res[2]["lastLogon"], "z") - self.assertEquals(str(res[3].dn), s4.dn("cn=C")) - self.assertEquals(res[3]["dnsHostName"], undefined) + self.assertEquals(str(res[3].dn), self.samba4.dn("cn=C")) + self.assertTrue(not "dnsHostName" in res[3]) self.assertEquals(res[3]["lastLogon"], "z") # Search by negated disjunction of remote attributes attrs = ["dnsHostName", "lastLogon"] - res = ldb.search(expression="(!(|(badPwdCount=x)(lastLogon=x)))", attrs=attrs) + res = self.ldb.search(expression="(!(|(badPwdCount=x)(lastLogon=x)))", attrs=attrs) self.assertEquals(len(res), 4) - self.assertEquals(str(res[0].dn), s4.dn("cn=Y")) + self.assertEquals(str(res[0].dn), self.samba4.dn("cn=Y")) self.assertEquals(res[0]["dnsHostName"], "y") self.assertEquals(res[0]["lastLogon"], "y") - self.assertEquals(str(res[1].dn), s4.dn("cn=Z")) + self.assertEquals(str(res[1].dn), self.samba4.dn("cn=Z")) self.assertEquals(res[1]["dnsHostName"], "z") self.assertEquals(res[1]["lastLogon"], "z") - self.assertEquals(str(res[2].dn), s4.dn("cn=C")) - self.assertEquals(res[2]["dnsHostName"], undefined) + self.assertEquals(str(res[2].dn), self.samba4.dn("cn=C")) + self.assertTrue(not "dnsHostName" in res[2]) self.assertEquals(res[2]["lastLogon"], "z") # Search by negated disjunction of local and remote attribute attrs = ["dnsHostName", "lastLogon"] - res = ldb.search(expression="(!(|(revision=x)(lastLogon=y)))", attrs=attrs) + res = self.ldb.search(expression="(!(|(revision=x)(lastLogon=y)))", attrs=attrs) self.assertEquals(len(res), 4) - self.assertEquals(str(res[0].dn), s4.dn("cn=A")) - self.assertEquals(res[0]["dnsHostName"], undefined) + self.assertEquals(str(res[0].dn), self.samba4.dn("cn=A")) + self.assertTrue(not "dnsHostName" in res[0]) self.assertEquals(res[0]["lastLogon"], "x") - self.assertEquals(str(res[1].dn), s4.dn("cn=Z")) + self.assertEquals(str(res[1].dn), self.samba4.dn("cn=Z")) self.assertEquals(res[1]["dnsHostName"], "z") self.assertEquals(res[1]["lastLogon"], "z") - self.assertEquals(str(res[2].dn), s4.dn("cn=C")) - self.assertEquals(res[2]["dnsHostName"], undefined) + self.assertEquals(str(res[2].dn), self.samba4.dn("cn=C")) + self.assertTrue(not "dnsHostName" in res[2]) self.assertEquals(res[2]["lastLogon"], "z") print "Search by complex parse tree" attrs = ["dnsHostName", "lastLogon"] - res = ldb.search(expression="(|(&(revision=x)(dnsHostName=x))(!(&(description=x)(nextRid=y)))(badPwdCount=y))", attrs=attrs) + res = self.ldb.search(expression="(|(&(revision=x)(dnsHostName=x))(!(&(description=x)(nextRid=y)))(badPwdCount=y))", attrs=attrs) self.assertEquals(len(res), 6) - self.assertEquals(str(res[0].dn), s4.dn("cn=B")) - self.assertEquals(res[0]["dnsHostName"], undefined) + self.assertEquals(str(res[0].dn), self.samba4.dn("cn=B")) + self.assertTrue(not "dnsHostName" in res[0]) self.assertEquals(res[0]["lastLogon"], "y") - self.assertEquals(str(res[1].dn), s4.dn("cn=X")) + self.assertEquals(str(res[1].dn), self.samba4.dn("cn=X")) self.assertEquals(res[1]["dnsHostName"], "x") self.assertEquals(res[1]["lastLogon"], "x") - self.assertEquals(str(res[2].dn), s4.dn("cn=A")) - self.assertEquals(res[2]["dnsHostName"], undefined) + self.assertEquals(str(res[2].dn), self.samba4.dn("cn=A")) + self.assertTrue(not "dnsHostName" in res[2]) self.assertEquals(res[2]["lastLogon"], "x") - self.assertEquals(str(res[3].dn), s4.dn("cn=Z")) + self.assertEquals(str(res[3].dn), self.samba4.dn("cn=Z")) self.assertEquals(res[3]["dnsHostName"], "z") self.assertEquals(res[3]["lastLogon"], "z") - self.assertEquals(str(res[4].dn), s4.dn("cn=C")) - self.assertEquals(res[4]["dnsHostName"], undefined) + self.assertEquals(str(res[4].dn), self.samba4.dn("cn=C")) + self.assertTrue(not "dnsHostName" in res[4]) self.assertEquals(res[4]["lastLogon"], "z") # Clean up - dns = [s4.dn("cn=%s" % n) for n in ["A","B","C","X","Y","Z"]] + dns = [self.samba4.dn("cn=%s" % n) for n in ["A","B","C","X","Y","Z"]] for dn in dns: - ldb.delete(dn) + self.ldb.delete(dn) def test_map_modify_local(self): """Modification of local records.""" - s3 = self.samba3 - ldb = self.ldb - s4 = self.samba4 - # Add local record dn = "cn=test,dc=idealx,dc=org" - ldb.add({"dn": dn, + self.ldb.add({"dn": dn, "cn": "test", "foo": "bar", "revision": "1", "description": "test"}) # Check it's there attrs = ["foo", "revision", "description"] - res = ldb.search(dn, scope=SCOPE_BASE, attrs=attrs) + res = self.ldb.search(dn, scope=SCOPE_BASE, attrs=attrs) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn) self.assertEquals(res[0]["foo"], "bar") self.assertEquals(res[0]["revision"], "1") self.assertEquals(res[0]["description"], "test") # Check it's not in the local db - res = s4.db.search(expression="(cn=test)", scope=SCOPE_DEFAULT, attrs=attrs) + res = self.samba4.db.search(expression="(cn=test)", scope=SCOPE_DEFAULT, attrs=attrs) self.assertEquals(len(res), 0) # Check it's not in the remote db - res = s3.db.search(expression="(cn=test)", scope=SCOPE_DEFAULT, attrs=attrs) + res = self.samba3.db.search(expression="(cn=test)", scope=SCOPE_DEFAULT, attrs=attrs) self.assertEquals(len(res), 0) # Modify local record @@ -778,9 +768,9 @@ foo: baz replace: description description: foo """ - ldb.modify_ldif(ldif) + self.ldb.modify_ldif(ldif) # Check in local db - res = ldb.search(dn, scope=SCOPE_BASE, attrs=attrs) + res = self.ldb.search(dn, scope=SCOPE_BASE, attrs=attrs) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn) self.assertEquals(res[0]["foo"], "baz") @@ -789,9 +779,9 @@ description: foo # Rename local record dn2 = "cn=toast,dc=idealx,dc=org" - ldb.rename(dn, dn2) + self.ldb.rename(dn, dn2) # Check in local db - res = ldb.search(dn2, scope=SCOPE_BASE, attrs=attrs) + res = self.ldb.search(dn2, scope=SCOPE_BASE, attrs=attrs) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn2) self.assertEquals(res[0]["foo"], "baz") @@ -799,28 +789,24 @@ description: foo self.assertEquals(res[0]["description"], "foo") # Delete local record - ldb.delete(dn2) + self.ldb.delete(dn2) # Check it's gone - res = ldb.search(dn2, scope=SCOPE_BASE) + res = self.ldb.search(dn2, scope=SCOPE_BASE) self.assertEquals(len(res), 0) def test_map_modify_remote_remote(self): """Modification of remote data of remote records""" - s3 = self.samba3 - ldb = self.ldb - s4 = self.samba4 - # Add remote record - dn = s4.dn("cn=test") - dn2 = s3.dn("cn=test") - s3.db.add({"dn": dn2, + dn = self.samba4.dn("cn=test") + dn2 = self.samba3.dn("cn=test") + self.samba3.db.add({"dn": dn2, "cn": "test", "description": "foo", "sambaBadPasswordCount": "3", "sambaNextRid": "1001"}) # Check it's there attrs = ["description", "sambaBadPasswordCount", "sambaNextRid"] - res = s3.db.search(dn2, scope=SCOPE_BASE, attrs=attrs) + res = self.samba3.db.search(dn2, scope=SCOPE_BASE, attrs=attrs) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn2) self.assertEquals(res[0]["description"], "foo") @@ -828,14 +814,14 @@ description: foo self.assertEquals(res[0]["sambaNextRid"], "1001") # Check in mapped db attrs = ["description", "badPwdCount", "nextRid"] - res = ldb.search(dn, scope=SCOPE_BASE, attrs=attrs) + res = self.ldb.search(dn, scope=SCOPE_BASE, attrs=attrs) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn) self.assertEquals(res[0]["description"], "foo") self.assertEquals(res[0]["badPwdCount"], "3") self.assertEquals(res[0]["nextRid"], "1001") # Check in local db - res = s4.db.search(dn, scope=SCOPE_BASE, attrs=attrs) + res = self.samba4.db.search(dn, scope=SCOPE_BASE, attrs=attrs) self.assertEquals(len(res), 0) # Modify remote data of remote record @@ -846,10 +832,10 @@ description: test replace: badPwdCount badPwdCount: 4 """ - ldb.modify_ldif(ldif) + self.ldb.modify_ldif(ldif) # Check in mapped db attrs = ["description", "badPwdCount", "nextRid"] - res = ldb.search(dn, scope=SCOPE_BASE, attrs=attrs) + res = self.ldb.search(dn, scope=SCOPE_BASE, attrs=attrs) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn) self.assertEquals(res[0]["description"], "test") @@ -857,7 +843,7 @@ badPwdCount: 4 self.assertEquals(res[0]["nextRid"], "1001") # Check in remote db attrs = ["description", "sambaBadPasswordCount", "sambaNextRid"] - res = s3.db.search(dn2, scope=SCOPE_BASE, attrs=attrs) + res = self.samba3.db.search(dn2, scope=SCOPE_BASE, attrs=attrs) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn2) self.assertEquals(res[0]["description"], "test") @@ -865,21 +851,21 @@ badPwdCount: 4 self.assertEquals(res[0]["sambaNextRid"], "1001") # Rename remote record - dn2 = s4.dn("cn=toast") - ldb.rename(dn, dn2) + dn2 = self.samba4.dn("cn=toast") + self.ldb.rename(dn, dn2) # Check in mapped db dn = dn2 attrs = ["description", "badPwdCount", "nextRid"] - res = ldb.search(dn, scope=SCOPE_BASE, attrs=attrs) + res = self.ldb.search(dn, scope=SCOPE_BASE, attrs=attrs) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn) self.assertEquals(res[0]["description"], "test") self.assertEquals(res[0]["badPwdCount"], "4") self.assertEquals(res[0]["nextRid"], "1001") # Check in remote db - dn2 = s3.dn("cn=toast") + dn2 = self.samba3.dn("cn=toast") attrs = ["description", "sambaBadPasswordCount", "sambaNextRid"] - res = s3.db.search(dn2, scope=SCOPE_BASE, attrs=attrs) + res = self.samba3.db.search(dn2, scope=SCOPE_BASE, attrs=attrs) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn2) self.assertEquals(res[0]["description"], "test") @@ -887,24 +873,20 @@ badPwdCount: 4 self.assertEquals(res[0]["sambaNextRid"], "1001") # Delete remote record - ldb.delete(dn) + self.ldb.delete(dn) # Check in mapped db - res = ldb.search(dn, scope=SCOPE_BASE) + res = self.ldb.search(dn, scope=SCOPE_BASE) self.assertEquals(len(res), 0) # Check in remote db - res = s3.db.search(dn2, scope=SCOPE_BASE) + res = self.samba3.db.search(dn2, scope=SCOPE_BASE) self.assertEquals(len(res), 0) def test_map_modify_remote_local(self): """Modification of local data of remote records""" - s3 = self.samba3 - ldb = self.ldb - s4 = self.samba4 - # Add remote record (same as before) - dn = s4.dn("cn=test") - dn2 = s3.dn("cn=test") - s3.db.add({"dn": dn2, + dn = self.samba4.dn("cn=test") + dn2 = self.samba3.dn("cn=test") + self.samba3.db.add({"dn": dn2, "cn": "test", "description": "foo", "sambaBadPasswordCount": "3", @@ -918,40 +900,36 @@ revision: 1 replace: description description: test """ - ldb.modify_ldif(ldif) + self.ldb.modify_ldif(ldif) # Check in mapped db attrs = ["revision", "description"] - res = ldb.search(dn, scope=SCOPE_BASE, attrs=attrs) + res = self.ldb.search(dn, scope=SCOPE_BASE, attrs=attrs) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn) self.assertEquals(res[0]["description"], "test") self.assertEquals(res[0]["revision"], "1") # Check in remote db - res = s3.db.search(dn2, scope=SCOPE_BASE, attrs=attrs) + res = self.samba3.db.search(dn2, scope=SCOPE_BASE, attrs=attrs) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn2) self.assertEquals(res[0]["description"], "test") - self.assertEquals(res[0]["revision"], undefined) + self.assertTrue(not "revision" in res[0]) # Check in local db - res = s4.db.search(dn, scope=SCOPE_BASE, attrs=attrs) + res = self.samba4.db.search(dn, scope=SCOPE_BASE, attrs=attrs) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn) - self.assertEquals(res[0]["description"], undefined) + self.assertTrue(not "description" in res[0]) self.assertEquals(res[0]["revision"], "1") # Delete (newly) split record - ldb.delete(dn) + self.ldb.delete(dn) def test_map_modify_split(self): """Testing modification of split records""" - s3 = self.samba3 - ldb = self.ldb - s4 = self.samba4 - # Add split record - dn = s4.dn("cn=test") - dn2 = s3.dn("cn=test") - ldb.add({ + dn = self.samba4.dn("cn=test") + dn2 = self.samba3.dn("cn=test") + self.ldb.add({ "dn": dn, "cn": "test", "description": "foo", @@ -960,7 +938,7 @@ description: test "revision": "1"}) # Check it's there attrs = ["description", "badPwdCount", "nextRid", "revision"] - res = ldb.search(dn, scope=SCOPE_BASE, attrs=attrs) + res = self.ldb.search(dn, scope=SCOPE_BASE, attrs=attrs) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn) self.assertEquals(res[0]["description"], "foo") @@ -968,22 +946,22 @@ description: test self.assertEquals(res[0]["nextRid"], "1001") self.assertEquals(res[0]["revision"], "1") # Check in local db - res = s4.db.search(dn, scope=SCOPE_BASE, attrs=attrs) + res = self.samba4.db.search(dn, scope=SCOPE_BASE, attrs=attrs) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn) - self.assertEquals(res[0]["description"], undefined) - self.assertEquals(res[0]["badPwdCount"], undefined) - self.assertEquals(res[0]["nextRid"], undefined) + self.assertTrue(not "description" in res[0]) + self.assertTrue(not "badPwdCount" in res[0]) + self.assertTrue(not "nextRid" in res[0]) self.assertEquals(res[0]["revision"], "1") # Check in remote db attrs = ["description", "sambaBadPasswordCount", "sambaNextRid", "revision"] - res = s3.db.search(dn2, scope=SCOPE_BASE, attrs=attrs) + res = self.samba3.db.search(dn2, scope=SCOPE_BASE, attrs=attrs) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn2) self.assertEquals(res[0]["description"], "foo") self.assertEquals(res[0]["sambaBadPasswordCount"], "3") self.assertEquals(res[0]["sambaNextRid"], "1001") - self.assertEquals(res[0]["revision"], undefined) + self.assertTrue(not "revision" in res[0]) # Modify of split record ldif = """ @@ -995,10 +973,10 @@ badPwdCount: 4 replace: revision revision: 2 """ - ldb.modify_ldif(ldif) + self.ldb.modify_ldif(ldif) # Check in mapped db attrs = ["description", "badPwdCount", "nextRid", "revision"] - res = ldb.search(dn, scope=SCOPE_BASE, attrs=attrs) + res = self.ldb.search(dn, scope=SCOPE_BASE, attrs=attrs) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn) self.assertEquals(res[0]["description"], "test") @@ -1006,30 +984,30 @@ revision: 2 self.assertEquals(res[0]["nextRid"], "1001") self.assertEquals(res[0]["revision"], "2") # Check in local db - res = s4.db.search(dn, scope=SCOPE_BASE, attrs=attrs) + res = self.samba4.db.search(dn, scope=SCOPE_BASE, attrs=attrs) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn) - self.assertEquals(res[0]["description"], undefined) - self.assertEquals(res[0]["badPwdCount"], undefined) - self.assertEquals(res[0]["nextRid"], undefined) + self.assertTrue(not "description" in res[0]) + self.assertTrue(not "badPwdCount" in res[0]) + self.assertTrue(not "nextRid" in res[0]) self.assertEquals(res[0]["revision"], "2") # Check in remote db attrs = ["description", "sambaBadPasswordCount", "sambaNextRid", "revision"] - res = s3.db.search(dn2, scope=SCOPE_BASE, attrs=attrs) + res = self.samba3.db.search(dn2, scope=SCOPE_BASE, attrs=attrs) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn2) self.assertEquals(res[0]["description"], "test") self.assertEquals(res[0]["sambaBadPasswordCount"], "4") self.assertEquals(res[0]["sambaNextRid"], "1001") - self.assertEquals(res[0]["revision"], undefined) + self.assertTrue(not "revision" in res[0]) # Rename split record - dn2 = s4.dn("cn=toast") - ldb.rename(dn, dn2) + dn2 = self.samba4.dn("cn=toast") + self.ldb.rename(dn, dn2) # Check in mapped db dn = dn2 attrs = ["description", "badPwdCount", "nextRid", "revision"] - res = ldb.search(dn, scope=SCOPE_BASE, attrs=attrs) + res = self.ldb.search(dn, scope=SCOPE_BASE, attrs=attrs) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn) self.assertEquals(res[0]["description"], "test") @@ -1037,32 +1015,32 @@ revision: 2 self.assertEquals(res[0]["nextRid"], "1001") self.assertEquals(res[0]["revision"], "2") # Check in local db - res = s4.db.search(dn, scope=SCOPE_BASE, attrs=attrs) + res = self.samba4.db.search(dn, scope=SCOPE_BASE, attrs=attrs) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn) - self.assertEquals(res[0]["description"], undefined) - self.assertEquals(res[0]["badPwdCount"], undefined) - self.assertEquals(res[0]["nextRid"], undefined) + self.assertTrue(not "description" in res[0]) + self.assertTrue(not "badPwdCount" in res[0]) + self.assertTrue(not "nextRid" in res[0]) self.assertEquals(res[0]["revision"], "2") # Check in remote db - dn2 = s3.dn("cn=toast") + dn2 = self.samba3.dn("cn=toast") attrs = ["description", "sambaBadPasswordCount", "sambaNextRid", "revision"] - res = s3.db.search(dn2, scope=SCOPE_BASE, attrs=attrs) + res = self.samba3.db.search(dn2, scope=SCOPE_BASE, attrs=attrs) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn2) self.assertEquals(res[0]["description"], "test") self.assertEquals(res[0]["sambaBadPasswordCount"], "4") self.assertEquals(res[0]["sambaNextRid"], "1001") - self.assertEquals(res[0]["revision"], undefined) + self.assertTrue(not "revision" in res[0]) # Delete split record - ldb.delete(dn) + self.ldb.delete(dn) # Check in mapped db - res = ldb.search(dn, scope=SCOPE_BASE) + res = self.ldb.search(dn, scope=SCOPE_BASE) self.assertEquals(len(res), 0) # Check in local db - res = s4.db.search(dn, scope=SCOPE_BASE) + res = self.samba4.db.search(dn, scope=SCOPE_BASE) self.assertEquals(len(res), 0) # Check in remote db - res = s3.db.search(dn2, scope=SCOPE_BASE) + res = self.samba3.db.search(dn2, scope=SCOPE_BASE) self.assertEquals(len(res), 0) -- cgit From 3f7ec9bf191f2179c2112191d0c909e309411c29 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 11 Jan 2008 10:44:49 +1100 Subject: Add in new module to normalise DNs being returned from OpenLDAP. This fixes the case of the attribute in teh DN. Fix option spelling for example re-provision Andrew Bartlett (This used to be commit e3a76be04760a81a9c1b7ad9b139f088decc9ee6) --- source4/dsdb/samdb/ldb_modules/config.mk | 13 +++ source4/dsdb/samdb/ldb_modules/normalise.c | 166 +++++++++++++++++++++++++++++ 2 files changed, 179 insertions(+) create mode 100644 source4/dsdb/samdb/ldb_modules/normalise.c (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index 95bb7de06c..a41a29b5dd 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -320,3 +320,16 @@ OBJ_FILES = \ # End MODULE ldb_anr ################################################ +################################################ +# Start MODULE ldb_normalise +[MODULE::ldb_normalise] +INIT_FUNCTION = ldb_normalise_init +CFLAGS = -Ilib/ldb/include +OUTPUT_TYPE = SHARED_LIBRARY +PRIVATE_DEPENDENCIES = LIBTALLOC LIBSAMBA-UTIL SAMDB +SUBSYSTEM = LIBLDB +OBJ_FILES = \ + normalise.o +# End MODULE ldb_normalise +################################################ + diff --git a/source4/dsdb/samdb/ldb_modules/normalise.c b/source4/dsdb/samdb/ldb_modules/normalise.c new file mode 100644 index 0000000000..efc9bb29e8 --- /dev/null +++ b/source4/dsdb/samdb/ldb_modules/normalise.c @@ -0,0 +1,166 @@ +/* + ldb database library + + Copyright (C) Amdrew Bartlett 2007-2008 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +/* + * Name: ldb + * + * Component: ldb normalisation module + * + * Description: module to ensure all DNs and attribute names are normalised + * + * Author: Andrew Bartlett + */ + +#include "includes.h" +#include "ldb/include/ldb.h" +#include "ldb/include/ldb_errors.h" +#include "ldb/include/ldb_private.h" +#include "dsdb/samdb/samdb.h" + +/* Fix up the DN to be in the standard form, taking particular care to match the parent DN + + This should mean that if the parent is: + CN=Users,DC=samba,DC=example,DC=com + and a proposed child is + cn=Admins ,cn=USERS,dc=Samba,dc=example,dc=COM + + The resulting DN should be: + + CN=Admins,CN=Users,DC=samba,DC=example,DC=com + + */ +static int fix_dn(struct ldb_dn *dn) +{ + int i, ret; + char *upper_rdn_attr; + + for (i=0; i < ldb_dn_get_comp_num(dn); i++) { + /* We need the attribute name in upper case */ + upper_rdn_attr = strupper_talloc(dn, + ldb_dn_get_component_name(dn, i)); + if (!upper_rdn_attr) { + return LDB_ERR_OPERATIONS_ERROR; + } + + /* And replace it with CN=foo (we need the attribute in upper case */ + ret = ldb_dn_set_component(dn, i, upper_rdn_attr, + *ldb_dn_get_component_val(dn, i)); + talloc_free(upper_rdn_attr); + if (ret != LDB_SUCCESS) { + return ret; + } + } + return LDB_SUCCESS; +} + +static int normalise_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +{ + const struct dsdb_schema *schema = dsdb_get_schema(ldb); + struct ldb_request *orig_req = talloc_get_type(context, struct ldb_request); + TALLOC_CTX *mem_ctx; + int i, j, ret; + + /* Only entries are interesting, and we handle the case of the parent seperatly */ + if (ares->type != LDB_REPLY_ENTRY) { + return orig_req->callback(ldb, orig_req->context, ares); + } + + if (!schema) { + return orig_req->callback(ldb, orig_req->context, ares); + } + + mem_ctx = talloc_new(ares); + if (!mem_ctx) { + ldb_oom(ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + /* OK, we have one of *many* search results passing by here, + * but we should get them one at a time */ + + ret = fix_dn(ares->message->dn); + if (ret != LDB_SUCCESS) { + talloc_free(mem_ctx); + return ret; + } + + for (i = 0; i < ares->message->num_elements; i++) { + const struct dsdb_attribute *attribute = dsdb_attribute_by_lDAPDisplayName(schema, ares->message->elements[i].name); + if (!attribute) { + continue; + } + if ((strcmp(attribute->attributeSyntax_oid, "2.5.5.1") != 0) && + (strcmp(attribute->attributeSyntax_oid, "2.5.5.7") != 0)) { + continue; + } + for (j = 0; j < ares->message->elements[i].num_values; j++) { + const char *dn_str; + struct ldb_dn *dn = ldb_dn_new(mem_ctx, ldb, (const char *)ares->message->elements[i].values[j].data); + if (!dn) { + talloc_free(mem_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + ret = fix_dn(ares->message->dn); + if (ret != LDB_SUCCESS) { + talloc_free(mem_ctx); + return ret; + } + dn_str = talloc_steal(ares->message->elements[i].values, ldb_dn_get_linearized(dn)); + ares->message->elements[i].values[j] = data_blob_string_const(dn_str); + talloc_free(dn); + } + } + talloc_free(mem_ctx); + return orig_req->callback(ldb, orig_req->context, ares); +} + +/* search */ +static int normalise_search(struct ldb_module *module, struct ldb_request *req) +{ + int ret; + struct ldb_request *down_req = talloc(req, struct ldb_request); + if (!down_req) { + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + *down_req = *req; + down_req->context = req; + down_req->callback = normalise_search_callback; + + ret = ldb_next_request(module, down_req); + + /* do not free down_req as the call results may be linked to it, + * it will be freed when the upper level request get freed */ + if (ret == LDB_SUCCESS) { + req->handle = down_req->handle; + } + return ret; +} + + +static const struct ldb_module_ops normalise_ops = { + .name = "normalise", + .search = normalise_search, +}; + +int ldb_normalise_init(void) +{ + return ldb_register_module(&normalise_ops); +} -- cgit From ac4810f1bb8984971a98d30c6a3b0b29367d1e2e Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 11 Jan 2008 15:19:27 +1100 Subject: Remove 'dn' from mapping, it isn't a valid attribute in AD, and causes problems with ldap.js test with OpenLDAP as the backend. Likewise, remove it from the template lookup (for consistancy). TODO: see if it can be removed from ldb Andrew Bartlett (This used to be commit 47a1b76f7fff30229d3f23c6723f047923faf196) --- source4/dsdb/samdb/ldb_modules/simple_ldap_map.c | 18 ------------------ 1 file changed, 18 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c index 91001d43d7..970106787b 100644 --- a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c +++ b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c @@ -375,15 +375,6 @@ static const struct ldb_map_attribute entryuuid_attributes[] = } } }, - { - .local_name = "dn", - .type = MAP_RENAME, - .u = { - .rename = { - .remote_name = "entryDN" - } - } - }, { .local_name = "groupType", .type = MAP_CONVERT, @@ -533,15 +524,6 @@ static const struct ldb_map_attribute nsuniqueid_attributes[] = } } }, - { - .local_name = "dn", - .type = MAP_RENAME, - .u = { - .rename = { - .remote_name = "entryDN" - } - } - }, { .local_name = "groupType", .type = MAP_CONVERT, -- cgit From 483164e1eb2a5b863cdd8adb515f4e4925f33a25 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 16 Jan 2008 08:49:54 +1100 Subject: Rework control handling to remove the 'domain_scope' control Also remove the search_options control earlier, before, rather than after duplicating the request. When we generate referalls in the partition module, the domain_scope control with suppress them. Andrew Bartlett (This used to be commit fc57a119f53a7bc0a0eb76b868bbd7386b3c5008) --- source4/dsdb/samdb/ldb_modules/partition.c | 54 ++++++++++++++++++++---------- 1 file changed, 37 insertions(+), 17 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index 4586810d96..61b64441a7 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -169,13 +169,12 @@ static int partition_other_callback(struct ldb_context *ldb, void *context, stru } -static int partition_send_request(struct partition_context *ac, struct ldb_control *remove_control, +static int partition_send_request(struct partition_context *ac, struct dsdb_control_current_partition *partition) { int ret; struct ldb_module *backend; struct ldb_request *req; - struct ldb_control **saved_controls; if (partition) { backend = make_module_for_next_request(ac, ac->module->ldb, partition->module); @@ -225,12 +224,6 @@ static int partition_send_request(struct partition_context *ac, struct ldb_contr req->context = ac; } - /* Remove a control, so we don't confuse a backend server */ - if (remove_control && !save_controls(remove_control, req, &saved_controls)) { - ldb_oom(ac->module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - if (partition) { ret = ldb_request_add_control(req, DSDB_CONTROL_CURRENT_PARTITION_OID, false, partition); if (ret != LDB_SUCCESS) { @@ -253,18 +246,17 @@ static int partition_send_request(struct partition_context *ac, struct ldb_contr */ static int partition_send_all(struct ldb_module *module, struct partition_context *ac, - struct ldb_control *remove_control, struct ldb_request *req) { int i; struct partition_private_data *data = talloc_get_type(module->private_data, struct partition_private_data); - int ret = partition_send_request(ac, remove_control, NULL); + int ret = partition_send_request(ac, NULL); if (ret != LDB_SUCCESS) { return ret; } for (i=0; data && data->partitions && data->partitions[i]; i++) { - ret = partition_send_request(ac, remove_control, data->partitions[i]); + ret = partition_send_request(ac, data->partitions[i]); if (ret != LDB_SUCCESS) { return ret; } @@ -297,7 +289,7 @@ static int partition_replicate(struct ldb_module *module, struct ldb_request *re return LDB_ERR_OPERATIONS_ERROR; } - return partition_send_all(module, ac, NULL, req); + return partition_send_all(module, ac, req); } } } @@ -314,6 +306,7 @@ static int partition_replicate(struct ldb_module *module, struct ldb_request *re * TODO: we should maybe return an error here * if it's not a special dn */ + return ldb_next_request(module, req); } @@ -334,6 +327,8 @@ static int partition_replicate(struct ldb_module *module, struct ldb_request *re /* search */ static int partition_search(struct ldb_module *module, struct ldb_request *req) { + struct ldb_control **saved_controls; + /* Find backend */ struct partition_private_data *data = talloc_get_type(module->private_data, struct partition_private_data); @@ -342,19 +337,34 @@ static int partition_search(struct ldb_module *module, struct ldb_request *req) /* (later) consider if we should be searching multiple * partitions (for 'invisible' partition behaviour */ struct ldb_control *search_control = ldb_request_get_control(req, LDB_CONTROL_SEARCH_OPTIONS_OID); + struct ldb_control *domain_scope_control = ldb_request_get_control(req, LDB_CONTROL_DOMAIN_SCOPE_OID); struct ldb_search_options_control *search_options = NULL; if (search_control) { search_options = talloc_get_type(search_control->data, struct ldb_search_options_control); } + /* Remove the domain_scope control, so we don't confuse a backend server */ + if (domain_scope_control && !save_controls(domain_scope_control, req, &saved_controls)) { + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + /* TODO: + Generate referrals (look for a partition under this DN) if we don't have the above control specified + */ + if (search_options && (search_options->search_options & LDB_SEARCH_OPTION_PHANTOM_ROOT)) { int ret, i; struct partition_context *ac; - struct ldb_control *remove_control = NULL; if ((search_options->search_options & ~LDB_SEARCH_OPTION_PHANTOM_ROOT) == 0) { /* We have processed this flag, so we are done with this control now */ - remove_control = search_control; + + /* Remove search control, so we don't confuse a backend server */ + if (search_control && !save_controls(search_control, req, &saved_controls)) { + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } } ac = partition_init_handle(req, module); if (!ac) { @@ -363,12 +373,12 @@ static int partition_search(struct ldb_module *module, struct ldb_request *req) /* Search from the base DN */ if (!req->op.search.base || ldb_dn_is_null(req->op.search.base)) { - return partition_send_all(module, ac, remove_control, req); + return partition_send_all(module, ac, req); } for (i=0; data && data->partitions && data->partitions[i]; i++) { /* Find all partitions under the search base */ if (ldb_dn_compare_base(req->op.search.base, data->partitions[i]->dn) == 0) { - ret = partition_send_request(ac, remove_control, data->partitions[i]); + ret = partition_send_request(ac, data->partitions[i]); if (ret != LDB_SUCCESS) { return ret; } @@ -384,6 +394,16 @@ static int partition_search(struct ldb_module *module, struct ldb_request *req) return LDB_SUCCESS; } else { /* Handle this like all other requests */ + if (search_control && (search_options->search_options & ~LDB_SEARCH_OPTION_PHANTOM_ROOT) == 0) { + /* We have processed this flag, so we are done with this control now */ + + /* Remove search control, so we don't confuse a backend server */ + if (search_control && !save_controls(search_control, req, &saved_controls)) { + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + } + return partition_replicate(module, req, req->op.search.base); } } @@ -693,7 +713,7 @@ static int partition_extended(struct ldb_module *module, struct ldb_request *req return LDB_ERR_OPERATIONS_ERROR; } - return partition_send_all(module, ac, NULL, req); + return partition_send_all(module, ac, req); } static int sort_compare(void *void1, -- cgit From e72760b218e60acfc04c6c22a43820683172df09 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 16 Jan 2008 15:14:05 +1100 Subject: Rework linked_attributes module for the REPLACE case. This moves to a smarter 'find the delta' based operation of the linked attributes module, when the caller asks for a 'replace' of the link source. Previously we would spray operations all over the database, even if the net result was just to modify one record. This also means we need the transaction safety less, which may be useful for some LDAP backends that don't provide this functionality on the LDAP server. Andrew Bartlett (This used to be commit 8c88e4eb1c0a606e7899091525260e8d6558ffd0) --- source4/dsdb/samdb/ldb_modules/linked_attributes.c | 92 ++++++++++++++++++++-- 1 file changed, 86 insertions(+), 6 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/linked_attributes.c b/source4/dsdb/samdb/ldb_modules/linked_attributes.c index 803d24e34e..b3fdffe566 100644 --- a/source4/dsdb/samdb/ldb_modules/linked_attributes.c +++ b/source4/dsdb/samdb/ldb_modules/linked_attributes.c @@ -279,6 +279,27 @@ static int linked_attributes_add(struct ldb_module *module, struct ldb_request * return setup_modifies(module->ldb, ac, ac, req->op.add.message, NULL, req->op.add.message->dn); } +struct merge { + struct ldb_dn *dn; + bool add; + bool ignore; +}; + +static int merge_cmp(struct merge *merge1, struct merge *merge2) { + int ret; + ret = ldb_dn_compare(merge1->dn, merge2->dn); + if (ret == 0) { + if (merge1->add == merge2->add) { + return 0; + } + if (merge1->add == true) { + return 1; + } + return -1; + } + return ret; +} + static int linked_attributes_mod_replace_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) { struct replace_context *ac2 = talloc_get_type(context, struct replace_context); @@ -296,16 +317,63 @@ static int linked_attributes_mod_replace_search_callback(struct ldb_context *ldb /* See if this element already exists */ if (search_el) { - int ret; + + struct merge *merged_list = NULL; + + int ret, size = 0, i; struct ldb_message *msg = ldb_msg_new(ac); if (!msg) { ldb_oom(ac->module->ldb); return LDB_ERR_OPERATIONS_ERROR; } - /* Lazy option: Delete and add the elements on all members */ - msg->num_elements = 1; - msg->elements = search_el; + /* Add all the existing elements, marking as 'proposed for delete' by setting .add = false */ + for (i=0; i < search_el->num_values; i++) { + merged_list = talloc_realloc(ares, merged_list, struct merge, size + 1); + merged_list[size].dn = ldb_dn_new(merged_list, ldb, (char *)search_el->values[i].data); + merged_list[size].add = false; + merged_list[size].ignore = false; + size++; + } + + /* Add all the new replacement elements, marking as 'proposed for add' by setting .add = true */ + for (i=0; i < ac2->el->num_values; i++) { + merged_list = talloc_realloc(ares, merged_list, struct merge, size + 1); + merged_list[size].dn = ldb_dn_new(merged_list, ldb, (char *)ac2->el->values[i].data); + merged_list[size].add = true; + merged_list[size].ignore = false; + size++; + } + + /* Sort the list, so we can pick out an add and delete for the same DN, and eliminate them */ + qsort(merged_list, size, + sizeof(*merged_list), + (comparison_fn_t)merge_cmp); + + /* Now things are sorted, it is trivial to mark pairs of DNs as 'ignore' */ + for (i=0; i + 1 < size; i++) { + if (ldb_dn_compare(merged_list[i].dn, + merged_list[i+1].dn) == 0 + /* Fortunetly the sort also sorts 'add == false' first */ + && merged_list[i].add == false + && merged_list[i+1].add == true) { + + /* Mark as ignore, so we include neither in the actual operations */ + merged_list[i].ignore = true; + merged_list[i+1].ignore = true; + } + } + + /* Arrange to delete anything the search found that we don't re-add */ + for (i=0; i < size; i++) { + if (merged_list[i].ignore == false + && merged_list[i].add == false) { + ldb_msg_add_steal_string(msg, search_el->name, + ldb_dn_get_linearized(merged_list[i].dn)); + } + } + + /* The DN to set on the linked attributes is the original DN of the modify message */ msg->dn = ac->orig_req->op.mod.message->dn; ret = setup_modifies(ac->module->ldb, ac2, ac, msg, ares->message->dn, NULL); @@ -313,13 +381,21 @@ static int linked_attributes_mod_replace_search_callback(struct ldb_context *ldb return ret; } - msg->elements = ac2->el; + /* Now add links for all the actually new elements */ + for (i=0; i < size; i++) { + if (merged_list[i].ignore == false && merged_list[i].add == true) { + ldb_msg_add_steal_string(msg, search_el->name, + ldb_dn_get_linearized(merged_list[i].dn)); + } + } ret = setup_modifies(ac->module->ldb, ac2, ac, msg, NULL, ares->message->dn); if (ret != LDB_SUCCESS) { return ret; } + talloc_free(merged_list); + } else { /* Looks like it doesn't exist, process like an 'add' */ struct ldb_message *msg = ldb_msg_new(ac); @@ -411,6 +487,7 @@ static int linked_attributes_modify(struct ldb_module *module, struct ldb_reques return LDB_ERR_OBJECT_CLASS_VIOLATION; } + /* Replace with new set of values */ if (((el->flags & LDB_FLAG_MOD_MASK) == LDB_FLAG_MOD_REPLACE) && el->num_values > 0) { struct replace_context *ac2 = talloc(ac, struct replace_context); @@ -461,6 +538,8 @@ static int linked_attributes_modify(struct ldb_module *module, struct ldb_reques } continue; + + /* Delete all values case */ } else if (((el->flags & LDB_FLAG_MOD_MASK) & (LDB_FLAG_MOD_DELETE|LDB_FLAG_MOD_REPLACE)) && el->num_values == 0) { const char **attrs = talloc_array(ac, const char *, 2); @@ -508,7 +587,8 @@ static int linked_attributes_modify(struct ldb_module *module, struct ldb_reques continue; } - /* Prepare the modify (mod element) on the targets */ + + /* Prepare the modify (mod element) on the targets, for a normal modify request */ /* For each value being moded, we need to setup the modify */ for (j=0; j < el->num_values; j++) { -- cgit From d5fd15005c0cad9e9018e81ab5c30b87cb2f605a Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 17 Jan 2008 08:53:18 +1100 Subject: ldb_map objectClass munging: Don't hard-code 'extensibleObject'. This allows objectClass munging to be removed, or modified to not include adding an objectClass, or for that objectClass to be something different. Andrew Bartlett (This used to be commit ee93b4e2ee1dd1cd38bcf14b2bb62556a13cec4a) --- source4/dsdb/samdb/ldb_modules/samba3sam.c | 2 +- source4/dsdb/samdb/ldb_modules/simple_ldap_map.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samba3sam.c b/source4/dsdb/samdb/ldb_modules/samba3sam.c index 0bfc9a3dae..3a666b5380 100644 --- a/source4/dsdb/samdb/ldb_modules/samba3sam.c +++ b/source4/dsdb/samdb/ldb_modules/samba3sam.c @@ -918,7 +918,7 @@ static int samba3sam_init(struct ldb_module *module) { int ret; - ret = ldb_map_init(module, samba3_attributes, samba3_objectclasses, NULL, "samba3sam"); + ret = ldb_map_init(module, samba3_attributes, samba3_objectclasses, NULL, NULL, "samba3sam"); if (ret != LDB_SUCCESS) return ret; diff --git a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c index 970106787b..6e66d0783a 100644 --- a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c +++ b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c @@ -667,7 +667,7 @@ static int entryuuid_init(struct ldb_module *module) struct map_private *map_private; struct entryuuid_private *entryuuid_private; - ret = ldb_map_init(module, entryuuid_attributes, entryuuid_objectclasses, entryuuid_wildcard_attributes, NULL); + ret = ldb_map_init(module, entryuuid_attributes, entryuuid_objectclasses, entryuuid_wildcard_attributes, "extensibleObject", NULL); if (ret != LDB_SUCCESS) return ret; @@ -688,7 +688,7 @@ static int nsuniqueid_init(struct ldb_module *module) struct map_private *map_private; struct entryuuid_private *entryuuid_private; - ret = ldb_map_init(module, nsuniqueid_attributes, NULL, nsuniqueid_wildcard_attributes, NULL); + ret = ldb_map_init(module, nsuniqueid_attributes, NULL, nsuniqueid_wildcard_attributes, "extensibleObject", NULL); if (ret != LDB_SUCCESS) return ret; -- cgit From 8d36d43e5258aa80855a9baa707a9fcad77a0d03 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 18 Jan 2008 10:13:43 +1100 Subject: Add in a new module to handle instanceType This code raided from the repl_meta_data module, which probably needs to be downsized to just handling the replication data. Andrew Bartlett (This used to be commit 2a418f33705a792d9d16cf1d4aa3dcda467e6e04) --- source4/dsdb/samdb/ldb_modules/config.mk | 13 +++ source4/dsdb/samdb/ldb_modules/instancetype.c | 128 ++++++++++++++++++++++++++ 2 files changed, 141 insertions(+) create mode 100644 source4/dsdb/samdb/ldb_modules/instancetype.c (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index a41a29b5dd..dc407fbd8a 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -333,3 +333,16 @@ OBJ_FILES = \ # End MODULE ldb_normalise ################################################ +################################################ +# Start MODULE ldb_instancetype +[MODULE::ldb_instancetype] +INIT_FUNCTION = ldb_instancetype_init +CFLAGS = -Ilib/ldb/include +OUTPUT_TYPE = SHARED_LIBRARY +PRIVATE_DEPENDENCIES = LIBTALLOC +SUBSYSTEM = LIBLDB +OBJ_FILES = \ + instancetype.o +# End MODULE ldb_instancetype +################################################ + diff --git a/source4/dsdb/samdb/ldb_modules/instancetype.c b/source4/dsdb/samdb/ldb_modules/instancetype.c new file mode 100644 index 0000000000..ee1f2ff7ba --- /dev/null +++ b/source4/dsdb/samdb/ldb_modules/instancetype.c @@ -0,0 +1,128 @@ +/* + ldb database library + + Copyright (C) Simo Sorce 2004-2006 + Copyright (C) Andrew Bartlett 2005 + Copyright (C) Andrew Tridgell 2005 + Copyright (C) Stefan Metzmacher 2007 + + ** NOTE! The following LGPL license applies to the ldb + ** library. This does NOT imply that all of Samba is released + ** under the LGPL + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 3 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, see . +*/ + +/* + * Name: ldb + * + * Component: ldb instancetype module + * + * Description: add an instanceType onto every new record + * + * Author: Simo Sorce + */ + +#include "includes.h" +#include "ldb/include/ldb_includes.h" +#include "librpc/gen_ndr/ndr_misc.h" +#include "param/param.h" +#include "dsdb/samdb/samdb.h" +#include "dsdb/common/flags.h" + +/* add_record: add instancetype attribute */ +static int instancetype_add(struct ldb_module *module, struct ldb_request *req) +{ + struct ldb_request *down_req; + struct ldb_message *msg; + uint32_t instance_type; + int ret; + const struct ldb_control *partition_ctrl; + const struct dsdb_control_current_partition *partition; + + + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "instancetype_add_record\n"); + + /* do not manipulate our control entries */ + if (ldb_dn_is_special(req->op.add.message->dn)) { + return ldb_next_request(module, req); + } + + partition_ctrl = ldb_request_get_control(req, DSDB_CONTROL_CURRENT_PARTITION_OID); + if (!partition_ctrl) { + ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, + "instancetype_add: no current partition control found"); + return LDB_ERR_CONSTRAINT_VIOLATION; + } + + partition = talloc_get_type(partition_ctrl->data, + struct dsdb_control_current_partition); + SMB_ASSERT(partition && partition->version == DSDB_CONTROL_CURRENT_PARTITION_VERSION); + + down_req = talloc(req, struct ldb_request); + if (down_req == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + *down_req = *req; + + /* we have to copy the message as the caller might have it as a const */ + down_req->op.add.message = msg = ldb_msg_copy_shallow(down_req, req->op.add.message); + if (msg == NULL) { + talloc_free(down_req); + return LDB_ERR_OPERATIONS_ERROR; + } + + /* + * TODO: calculate correct instance type + */ + instance_type = INSTANCE_TYPE_WRITE; + if (ldb_dn_compare(partition->dn, msg->dn) == 0) { + instance_type |= INSTANCE_TYPE_IS_NC_HEAD; + if (ldb_dn_compare(msg->dn, samdb_base_dn(module->ldb)) != 0) { + instance_type |= INSTANCE_TYPE_NC_ABOVE; + } + } + + ret = ldb_msg_add_fmt(msg, "instanceType", "%u", instance_type); + if (ret != LDB_SUCCESS) { + talloc_free(down_req); + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + ldb_set_timeout_from_prev_req(module->ldb, req, down_req); + + /* go on with the call chain */ + ret = ldb_next_request(module, down_req); + + /* do not free down_req as the call results may be linked to it, + * it will be freed when the upper level request get freed */ + if (ret == LDB_SUCCESS) { + req->handle = down_req->handle; + } + + return ret; +} + +static const struct ldb_module_ops instancetype_ops = { + .name = "instancetype", + .add = instancetype_add, +}; + + +int ldb_instancetype_init(void) +{ + return ldb_register_module(&instancetype_ops); +} -- cgit From 564e021ed974b4bb3472ec3fc091746663808afd Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 18 Jan 2008 12:16:27 +1100 Subject: Correct authorship of instanceType module Andrew Bartlett (This used to be commit d427cf4fa67e84ccdece9a3fb31d8e89379a86e7) --- source4/dsdb/samdb/ldb_modules/instancetype.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/instancetype.c b/source4/dsdb/samdb/ldb_modules/instancetype.c index ee1f2ff7ba..064c28ec65 100644 --- a/source4/dsdb/samdb/ldb_modules/instancetype.c +++ b/source4/dsdb/samdb/ldb_modules/instancetype.c @@ -31,7 +31,7 @@ * * Description: add an instanceType onto every new record * - * Author: Simo Sorce + * Author: Andrew Bartlett */ #include "includes.h" -- cgit From f106e67599a02426d5eaf87e9d76bec486427add Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 18 Jan 2008 13:27:05 +1100 Subject: Search for memberOf when clients ask for a wildcard against OpenLDAP The memberOf module in OpenLDAP make this attribute operational, so we need to add it here or clients won't get it when using *. Andrew Bartlett (This used to be commit 35148fd51f22d81fe9f590b7d6f13285c35656a7) --- source4/dsdb/samdb/ldb_modules/simple_ldap_map.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c index 6e66d0783a..acf2fd622c 100644 --- a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c +++ b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c @@ -448,6 +448,7 @@ static const char * const entryuuid_wildcard_attributes[] = { "whenChanged", "usnCreated", "usnChanged", + "memberOf", NULL }; -- cgit From 391f089d71b4b51a130819ab681dcd1253f16b8c Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 18 Jan 2008 16:56:41 +1100 Subject: Add showInAdvancedViewOnly to every new object Unless already set, the default value for this comes from the defaultHidingValue in the schema. Andrew Bartlett (This used to be commit 673f1805006f879fa5302aab8411767a22488e64) --- source4/dsdb/samdb/ldb_modules/objectclass.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c index d3beedc689..871c38476b 100644 --- a/source4/dsdb/samdb/ldb_modules/objectclass.c +++ b/source4/dsdb/samdb/ldb_modules/objectclass.c @@ -532,6 +532,10 @@ static int objectclass_do_add(struct ldb_handle *h) ldb_msg_add_string(msg, "objectCategory", current->objectclass->defaultObjectCategory); } + if (!ldb_msg_find_element(msg, "showInAdvancedViewOnly")) { + ldb_msg_add_string(msg, "showInAdvancedViewOnly", + current->objectclass->defaultHidingValue ? "TRUE" : "FALSE"); + } if (!ldb_msg_find_element(msg, "nTSecurityDescriptor")) { DATA_BLOB *sd = get_sd(ac->module, mem_ctx, current->objectclass); ldb_msg_add_steal_value(msg, "nTSecurityDescriptor", sd); -- cgit From 7e2ea67b2118d31d11ed668d081568f7ef2243ae Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 18 Jan 2008 18:08:49 +1100 Subject: Only set showOnlyInAdvancedView: TRUE when adding default values. False is the default, so only set this when the schema requires the hiding behaviour. Andrew Bartlett (This used to be commit 45f6ccefda39e8f0a9820ba55b1924b7cfb12262) --- source4/dsdb/samdb/ldb_modules/objectclass.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c index 871c38476b..737475ca78 100644 --- a/source4/dsdb/samdb/ldb_modules/objectclass.c +++ b/source4/dsdb/samdb/ldb_modules/objectclass.c @@ -532,9 +532,9 @@ static int objectclass_do_add(struct ldb_handle *h) ldb_msg_add_string(msg, "objectCategory", current->objectclass->defaultObjectCategory); } - if (!ldb_msg_find_element(msg, "showInAdvancedViewOnly")) { + if (!ldb_msg_find_element(msg, "showInAdvancedViewOnly") && (current->objectclass->defaultHidingValue == true)) { ldb_msg_add_string(msg, "showInAdvancedViewOnly", - current->objectclass->defaultHidingValue ? "TRUE" : "FALSE"); + "TRUE"); } if (!ldb_msg_find_element(msg, "nTSecurityDescriptor")) { DATA_BLOB *sd = get_sd(ac->module, mem_ctx, current->objectclass); -- cgit From 593e6fc40372747806f23105757d0395f9c33377 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 23 Jan 2008 08:57:16 +1100 Subject: ranged_results: fix use of uninitialised variable (end) This matches the range parsing in the search and callback - end was uninitilaised, causing occasional failures in make test. Andrew Bartlett (This used to be commit 669f137f0ecad10248a51b337c8f115d14d55b05) --- source4/dsdb/samdb/ldb_modules/ranged_results.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/ranged_results.c b/source4/dsdb/samdb/ldb_modules/ranged_results.c index 345b8b8440..c527afc6db 100644 --- a/source4/dsdb/samdb/ldb_modules/ranged_results.c +++ b/source4/dsdb/samdb/ldb_modules/ranged_results.c @@ -153,8 +153,10 @@ static int rr_search(struct ldb_module *module, struct ldb_request *req) if (strncasecmp(p, ";range=", strlen(";range=")) != 0) { continue; } - if (sscanf(p, ";range=%u-*", &start) == 1) { - } else if (sscanf(p, ";range=%u-%u", &start, &end) != 2) { + if (sscanf(p, ";range=%u-%u", &start, &end) == 2) { + } else if (sscanf(p, ";range=%u-*", &start) == 1) { + end = (unsigned int)-1; + } else { ldb_asprintf_errstring(module->ldb, "range request error: range requst malformed"); return LDB_ERR_UNWILLING_TO_PERFORM; } -- cgit From 4172e09c5395b7004ada0d4a9e786bba6c159bc9 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 23 Jan 2008 15:43:14 +1100 Subject: Fix DRSUAPI replication test - NET-API-BECOME-DC. The main change here is to work with the current module stack, replacing only the objectGUID module, rather than a number of modules. However, two changes were key: - Fixing a typo search_req->handle -> change_req->handle - Allowing an error of NO_SUCH_OBJECT - it is quite valid for the object not to exist when being replicated in. Other small changes were required to the ejs provision to match changes in that code. Andrew Bartlett (This used to be commit 7b87a58502a052de391f4e1c56ac78a8d35b4e34) --- source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 140 +++--------------------- 1 file changed, 14 insertions(+), 126 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index 5a3cc4bef4..a21cf250cb 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -240,12 +240,9 @@ static int replmd_prepare_originating(struct ldb_module *module, struct ldb_requ struct ldb_dn *dn, const char *fn_name, int (*fn)(struct ldb_module *, struct ldb_request *, - const struct dsdb_schema *, - const struct dsdb_control_current_partition *)) + const struct dsdb_schema *)) { const struct dsdb_schema *schema; - const struct ldb_control *partition_ctrl; - const struct dsdb_control_current_partition *partition; /* do not manipulate our control entries */ if (ldb_dn_is_special(dn)) { @@ -260,46 +257,16 @@ static int replmd_prepare_originating(struct ldb_module *module, struct ldb_requ return LDB_ERR_CONSTRAINT_VIOLATION; } - partition_ctrl = ldb_request_get_control(req, DSDB_CONTROL_CURRENT_PARTITION_OID); - if (!partition_ctrl) { - ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, - "%s: no current partition control found", - fn_name); - return LDB_ERR_CONSTRAINT_VIOLATION; - } - - partition = talloc_get_type(partition_ctrl->data, - struct dsdb_control_current_partition); - if (!partition) { - ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, - "%s: current partition control contains invalid data", - fn_name); - return LDB_ERR_CONSTRAINT_VIOLATION; - } - - if (partition->version != DSDB_CONTROL_CURRENT_PARTITION_VERSION) { - ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, - "%s: current partition control contains invalid version [%u != %u]\n", - fn_name, partition->version, DSDB_CONTROL_CURRENT_PARTITION_VERSION); - return LDB_ERR_CONSTRAINT_VIOLATION; - } - - return fn(module, req, schema, partition); + return fn(module, req, schema); } static int replmd_add_originating(struct ldb_module *module, struct ldb_request *req, - const struct dsdb_schema *schema, - const struct dsdb_control_current_partition *partition) + const struct dsdb_schema *schema) { enum ndr_err_code ndr_err; struct ldb_request *down_req; struct ldb_message *msg; - uint32_t instance_type; - struct ldb_dn *new_dn; - const char *rdn_name; - const char *rdn_name_upper; - const struct ldb_val *rdn_value = NULL; const struct dsdb_attribute *rdn_attr = NULL; struct GUID guid; struct ldb_val guid_value; @@ -321,12 +288,6 @@ static int replmd_add_originating(struct ldb_module *module, return LDB_ERR_UNWILLING_TO_PERFORM; } - if (ldb_msg_find_element(req->op.add.message, "instanceType")) { - ldb_debug_set(module->ldb, LDB_DEBUG_ERROR, - "replmd_add_originating: it's not allowed to add an object with instanceType\n"); - return LDB_ERR_UNWILLING_TO_PERFORM; - } - /* Get a sequence number from the backend */ ret = ldb_sequence_number(module->ldb, LDB_SEQ_NEXT, &seq_num); if (ret != LDB_SUCCESS) { @@ -368,102 +329,24 @@ static int replmd_add_originating(struct ldb_module *module, return LDB_ERR_OPERATIONS_ERROR; } - /* - * get details of the rdn name - */ - rdn_name = ldb_dn_get_rdn_name(msg->dn); - if (!rdn_name) { - talloc_free(down_req); - ldb_oom(module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - rdn_attr = dsdb_attribute_by_lDAPDisplayName(schema, rdn_name); - if (!rdn_attr) { - talloc_free(down_req); - return LDB_ERR_OPERATIONS_ERROR; - } - rdn_value = ldb_dn_get_rdn_val(msg->dn); - if (!rdn_value) { - talloc_free(down_req); - ldb_oom(module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - /* * remove autogenerated attributes */ - ldb_msg_remove_attr(msg, rdn_name); - ldb_msg_remove_attr(msg, "name"); ldb_msg_remove_attr(msg, "whenCreated"); ldb_msg_remove_attr(msg, "whenChanged"); ldb_msg_remove_attr(msg, "uSNCreated"); ldb_msg_remove_attr(msg, "uSNChanged"); ldb_msg_remove_attr(msg, "replPropertyMetaData"); - /* - * TODO: construct a new DN out of: - * - the parent DN - * - the upper case of rdn_attr->LDAPDisplayName - * - rdn_value - */ - new_dn = ldb_dn_copy(msg, msg->dn); - if (!new_dn) { - talloc_free(down_req); - ldb_oom(module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - rdn_name_upper = strupper_talloc(msg, rdn_attr->lDAPDisplayName); - if (!rdn_name_upper) { - talloc_free(down_req); - ldb_oom(module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - ret = ldb_dn_set_component(new_dn, 0, rdn_name_upper, *rdn_value); - if (ret != LDB_SUCCESS) { - talloc_free(down_req); - ldb_oom(module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - msg->dn = new_dn; - - /* - * TODO: calculate correct instance type - */ - instance_type = INSTANCE_TYPE_WRITE; - if (ldb_dn_compare(partition->dn, msg->dn) == 0) { - instance_type |= INSTANCE_TYPE_IS_NC_HEAD; - if (ldb_dn_compare(msg->dn, samdb_base_dn(module->ldb)) != 0) { - instance_type |= INSTANCE_TYPE_NC_ABOVE; - } - } - /* * readd replicated attributes */ - ret = ldb_msg_add_value(msg, rdn_attr->lDAPDisplayName, rdn_value, NULL); - if (ret != LDB_SUCCESS) { - talloc_free(down_req); - ldb_oom(module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - ret = ldb_msg_add_value(msg, "name", rdn_value, NULL); - if (ret != LDB_SUCCESS) { - talloc_free(down_req); - ldb_oom(module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } ret = ldb_msg_add_string(msg, "whenCreated", time_str); if (ret != LDB_SUCCESS) { talloc_free(down_req); ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } - ret = ldb_msg_add_fmt(msg, "instanceType", "%u", instance_type); - if (ret != LDB_SUCCESS) { - talloc_free(down_req); - ldb_oom(module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } /* build the replication meta_data */ ZERO_STRUCT(nmd); @@ -598,8 +481,7 @@ static int replmd_add(struct ldb_module *module, struct ldb_request *req) static int replmd_modify_originating(struct ldb_module *module, struct ldb_request *req, - const struct dsdb_schema *schema, - const struct dsdb_control_current_partition *partition) + const struct dsdb_schema *schema) { struct ldb_request *down_req; struct ldb_message *msg; @@ -806,10 +688,16 @@ static int replmd_replicated_apply_add(struct replmd_replicated_request *ar) return ldb_next_request(ar->module, ar->sub.change_req); #else ret = ldb_next_request(ar->module, ar->sub.change_req); - if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret); + if (ret != LDB_SUCCESS) { + ldb_asprintf_errstring(ar->module->ldb, "Failed to add replicated object %s: %s", ldb_dn_get_linearized(ar->sub.change_req->op.add.message->dn), + ldb_errstring(ar->module->ldb)); + return replmd_replicated_request_error(ar, ret); + } - ar->sub.change_ret = ldb_wait(ar->sub.search_req->handle, LDB_WAIT_ALL); + ar->sub.change_ret = ldb_wait(ar->sub.change_req->handle, LDB_WAIT_ALL); if (ar->sub.change_ret != LDB_SUCCESS) { + ldb_asprintf_errstring(ar->module->ldb, "Failed while waiting on add replicated object %s: %s", ldb_dn_get_linearized(ar->sub.change_req->op.add.message->dn), + ldb_errstring(ar->module->ldb)); return replmd_replicated_request_error(ar, ar->sub.change_ret); } @@ -1053,7 +941,7 @@ static int replmd_replicated_apply_merge(struct replmd_replicated_request *ar) ret = ldb_next_request(ar->module, ar->sub.change_req); if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret); - ar->sub.change_ret = ldb_wait(ar->sub.search_req->handle, LDB_WAIT_ALL); + ar->sub.change_ret = ldb_wait(ar->sub.change_req->handle, LDB_WAIT_ALL); if (ar->sub.change_ret != LDB_SUCCESS) { return replmd_replicated_request_error(ar, ar->sub.change_ret); } @@ -1137,7 +1025,7 @@ static int replmd_replicated_apply_search(struct replmd_replicated_request *ar) if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret); ar->sub.search_ret = ldb_wait(ar->sub.search_req->handle, LDB_WAIT_ALL); - if (ar->sub.search_ret != LDB_SUCCESS) { + if (ar->sub.search_ret != LDB_SUCCESS && ar->sub.search_ret != LDB_ERR_NO_SUCH_OBJECT) { return replmd_replicated_request_error(ar, ar->sub.search_ret); } if (ar->sub.search_msg) { -- cgit From a2d7a3b627842b70cfe2aa8318ce5b7353989261 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 24 Jan 2008 14:28:25 +1100 Subject: Use the repl_meta_data module by default. This means that, except when we back onto LDAP, when it will be replaced with the mapping backend, we will keep this codepath tested. Andrew Bartlett (This used to be commit e8fb5da5a18c1c3bd788b1ab3f814ffb847b00fd) --- source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index a21cf250cb..5100b7cb7c 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -391,6 +391,10 @@ static int replmd_add_originating(struct ldb_module *module, m->originating_usn = seq_num; m->local_usn = seq_num; ni++; + + if (ldb_attr_cmp(e->name, ldb_dn_get_rdn_name(msg->dn))) { + rdn_attr = sa; + } } /* fix meta data count */ -- cgit From b0e286a5be6137a0c5cd4029cdb3ae7abbd48b25 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 25 Jan 2008 08:08:33 +0100 Subject: repl_meta_data: add some TODOs to replmd_modify_originating() metze (This used to be commit ba495f9d19e7c7cfc9135a5d40e1050dd8f9ebc6) --- source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index 5100b7cb7c..441dbc9598 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -509,6 +509,18 @@ static int replmd_modify_originating(struct ldb_module *module, return LDB_ERR_OPERATIONS_ERROR; } + /* TODO: + * - get the whole old object + * - if the old object doesn't exist report an error + * - give an error when a readonly attribute should + * be modified + * - merge the changed into the old object + * if the caller set values to the same value + * ignore the attribute, return success when no + * attribute was changed + * - calculate the new replPropertyMetaData attribute + */ + if (add_time_element(msg, "whenChanged", t) != 0) { talloc_free(down_req); return LDB_ERR_OPERATIONS_ERROR; @@ -523,6 +535,11 @@ static int replmd_modify_originating(struct ldb_module *module, } } + /* TODO: + * - sort the attributes by attid with replmd_ldb_message_sort() + * - replace the old object with the newly constructed one + */ + ldb_set_timeout_from_prev_req(module->ldb, req, down_req); /* go on with the call chain */ -- cgit From 9ad04b695b7b9b35eae37da375be07bd23d7fa8c Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sat, 26 Jan 2008 23:49:33 +0100 Subject: ldb: Add ldb_oom() calls in a couple of places. (This used to be commit 1163c2ad54b122487fa25960b8989f0f6d0b8c64) --- source4/dsdb/samdb/ldb_modules/extended_dn.c | 7 ++++++- source4/dsdb/samdb/ldb_modules/instancetype.c | 2 ++ source4/dsdb/samdb/ldb_modules/kludge_acl.c | 5 +++++ source4/dsdb/samdb/ldb_modules/samldb.c | 6 +++++- 4 files changed, 18 insertions(+), 2 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/extended_dn.c b/source4/dsdb/samdb/ldb_modules/extended_dn.c index b62e806398..802f86570b 100644 --- a/source4/dsdb/samdb/ldb_modules/extended_dn.c +++ b/source4/dsdb/samdb/ldb_modules/extended_dn.c @@ -256,6 +256,7 @@ static int extended_search(struct ldb_module *module, struct ldb_request *req) ac = talloc(req, struct extended_context); if (ac == NULL) { + ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } @@ -273,6 +274,7 @@ static int extended_search(struct ldb_module *module, struct ldb_request *req) down_req = talloc_zero(req, struct ldb_request); if (down_req == NULL) { + ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } @@ -291,8 +293,10 @@ static int extended_search(struct ldb_module *module, struct ldb_request *req) } if (ac->remove_guid || ac->remove_sid) { new_attrs = copy_attrs(down_req, req->op.search.attrs); - if (new_attrs == NULL) + if (new_attrs == NULL) { + ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; + } if (ac->remove_guid) { if (!add_attrs(down_req, &new_attrs, "objectGUID")) @@ -339,6 +343,7 @@ static int extended_init(struct ldb_module *module) req = talloc(module, struct ldb_request); if (req == NULL) { + ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } diff --git a/source4/dsdb/samdb/ldb_modules/instancetype.c b/source4/dsdb/samdb/ldb_modules/instancetype.c index 064c28ec65..65df294e90 100644 --- a/source4/dsdb/samdb/ldb_modules/instancetype.c +++ b/source4/dsdb/samdb/ldb_modules/instancetype.c @@ -72,6 +72,7 @@ static int instancetype_add(struct ldb_module *module, struct ldb_request *req) down_req = talloc(req, struct ldb_request); if (down_req == NULL) { + ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } @@ -81,6 +82,7 @@ static int instancetype_add(struct ldb_module *module, struct ldb_request *req) down_req->op.add.message = msg = ldb_msg_copy_shallow(down_req, req->op.add.message); if (msg == NULL) { talloc_free(down_req); + ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index 97130495a3..ea33548b91 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -316,6 +316,7 @@ static int kludge_acl_search(struct ldb_module *module, struct ldb_request *req) ac = talloc(req, struct kludge_acl_context); if (ac == NULL) { + ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } @@ -329,6 +330,7 @@ static int kludge_acl_search(struct ldb_module *module, struct ldb_request *req) down_req = talloc_zero(req, struct ldb_request); if (down_req == NULL) { + ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } @@ -417,6 +419,7 @@ static int kludge_acl_init(struct ldb_module *module) data = talloc(module, struct kludge_private_data); if (data == NULL) { + ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } @@ -424,6 +427,7 @@ static int kludge_acl_init(struct ldb_module *module) module->private_data = data; if (!mem_ctx) { + ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } @@ -453,6 +457,7 @@ static int kludge_acl_init(struct ldb_module *module) data->password_attrs = talloc_array(data, const char *, password_attributes->num_values + 1); if (!data->password_attrs) { talloc_free(mem_ctx); + ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } for (i=0; i < password_attributes->num_values; i++) { diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 8a80260a69..baf419c750 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -72,7 +72,7 @@ static int samldb_set_next_rid(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, if (new_id == 0) { /* out of IDs ! */ - ldb_debug(ldb, LDB_DEBUG_FATAL, "Are we out of valid IDs ?\n"); + ldb_set_errstring(ldb, "Are we out of valid IDs ?\n"); return LDB_ERR_OPERATIONS_ERROR; } @@ -81,6 +81,7 @@ static int samldb_set_next_rid(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, ZERO_STRUCT(msg); msg.dn = ldb_dn_copy(mem_ctx, dn); if (!msg.dn) { + ldb_oom(ldb); return LDB_ERR_OPERATIONS_ERROR; } msg.num_elements = 2; @@ -91,6 +92,7 @@ static int samldb_set_next_rid(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, els[0].flags = LDB_FLAG_MOD_DELETE; els[0].name = talloc_strdup(mem_ctx, "nextRid"); if (!els[0].name) { + ldb_oom(ldb); return LDB_ERR_OPERATIONS_ERROR; } @@ -101,12 +103,14 @@ static int samldb_set_next_rid(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, vals[0].data = (uint8_t *)talloc_asprintf(mem_ctx, "%u", old_id); if (!vals[0].data) { + ldb_oom(ldb); return LDB_ERR_OPERATIONS_ERROR; } vals[0].length = strlen((char *)vals[0].data); vals[1].data = (uint8_t *)talloc_asprintf(mem_ctx, "%u", new_id); if (!vals[1].data) { + ldb_oom(ldb); return LDB_ERR_OPERATIONS_ERROR; } vals[1].length = strlen((char *)vals[1].data); -- cgit From 5153c6726784d64e9892e2c9c6efdcc01330c7ff Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 8 Feb 2008 17:09:49 +1100 Subject: Reset error strings Avoid leaking error strings up to the application, when we are ignoring them. (This used to be commit 57b4b43b6548d1cd81cfaebc5ea8abc88aaca989) --- source4/dsdb/samdb/ldb_modules/schema_fsmo.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c index 559c91bd2d..f9dd131fd4 100644 --- a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c +++ b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c @@ -59,6 +59,7 @@ static int schema_fsmo_init(struct ldb_module *module) schema_dn = samdb_schema_dn(module->ldb); if (!schema_dn) { + ldb_reset_err_string(module->ldb); ldb_debug(module->ldb, LDB_DEBUG_WARNING, "schema_fsmo_init: no schema dn present: (skip schema loading)\n"); return ldb_next_init(module); @@ -91,6 +92,7 @@ static int schema_fsmo_init(struct ldb_module *module) NULL, schema_attrs, &schema_res); if (ret == LDB_ERR_NO_SUCH_OBJECT) { + ldb_reset_err_string(module->ldb); ldb_debug(module->ldb, LDB_DEBUG_WARNING, "schema_fsmo_init: no schema head present: (skip schema loading)\n"); talloc_free(mem_ctx); -- cgit From 0fbf1de763ed0a90fb9e73c563cf7025c4bffb62 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 19 Feb 2008 09:36:56 +1100 Subject: Explain that these OIDs are DNs Andrew Bartlett (This used to be commit 69af290c91c61cdaf821750d0d2dddf9cb1b8255) --- source4/dsdb/samdb/ldb_modules/normalise.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/normalise.c b/source4/dsdb/samdb/ldb_modules/normalise.c index efc9bb29e8..7e3b63a145 100644 --- a/source4/dsdb/samdb/ldb_modules/normalise.c +++ b/source4/dsdb/samdb/ldb_modules/normalise.c @@ -105,6 +105,7 @@ static int normalise_search_callback(struct ldb_context *ldb, void *context, str if (!attribute) { continue; } + /* Look to see if this attributeSyntax is a DN */ if ((strcmp(attribute->attributeSyntax_oid, "2.5.5.1") != 0) && (strcmp(attribute->attributeSyntax_oid, "2.5.5.7") != 0)) { continue; -- cgit From 16109a40c0abd8c30a5eb9bf9ef692bfae9dfc7d Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 20 Feb 2008 01:54:32 +0100 Subject: Use struct-based rather than function-based initialization for ldb modules everywhere. (This used to be commit 85c96a325867f7bcdb412ebc53f8a47dbf7cd89b) --- source4/dsdb/samdb/ldb_modules/anr.c | 8 +---- source4/dsdb/samdb/ldb_modules/dsdb_cache.c | 7 +--- source4/dsdb/samdb/ldb_modules/extended_dn.c | 7 +--- source4/dsdb/samdb/ldb_modules/instancetype.c | 8 +---- source4/dsdb/samdb/ldb_modules/kludge_acl.c | 7 +--- source4/dsdb/samdb/ldb_modules/linked_attributes.c | 7 +--- source4/dsdb/samdb/ldb_modules/local_password.c | 8 +---- source4/dsdb/samdb/ldb_modules/naming_fsmo.c | 7 +--- source4/dsdb/samdb/ldb_modules/normalise.c | 7 +--- source4/dsdb/samdb/ldb_modules/objectclass.c | 8 +---- source4/dsdb/samdb/ldb_modules/objectguid.c | 8 +---- source4/dsdb/samdb/ldb_modules/partition.c | 7 +--- source4/dsdb/samdb/ldb_modules/password_hash.c | 8 +---- source4/dsdb/samdb/ldb_modules/pdc_fsmo.c | 7 +--- source4/dsdb/samdb/ldb_modules/proxy.c | 7 +--- source4/dsdb/samdb/ldb_modules/ranged_results.c | 7 +--- source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 7 +--- source4/dsdb/samdb/ldb_modules/rootdse.c | 8 +---- source4/dsdb/samdb/ldb_modules/samba3sam.c | 17 ++-------- source4/dsdb/samdb/ldb_modules/samldb.c | 8 +---- source4/dsdb/samdb/ldb_modules/schema.c | 7 +--- source4/dsdb/samdb/ldb_modules/schema_fsmo.c | 7 +--- source4/dsdb/samdb/ldb_modules/show_deleted.c | 7 +--- source4/dsdb/samdb/ldb_modules/simple_ldap_map.c | 38 ++++------------------ source4/dsdb/samdb/ldb_modules/subtree_delete.c | 7 +--- source4/dsdb/samdb/ldb_modules/subtree_rename.c | 7 +--- source4/dsdb/samdb/ldb_modules/update_keytab.c | 7 +--- 27 files changed, 33 insertions(+), 205 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/anr.c b/source4/dsdb/samdb/ldb_modules/anr.c index 908d9b088c..dd730c9b01 100644 --- a/source4/dsdb/samdb/ldb_modules/anr.c +++ b/source4/dsdb/samdb/ldb_modules/anr.c @@ -295,13 +295,7 @@ static int anr_search(struct ldb_module *module, struct ldb_request *req) return ldb_next_request(module, req); } -static const struct ldb_module_ops anr_ops = { +const struct ldb_module_ops ldb_anr_module_ops = { .name = "anr", .search = anr_search }; - -int ldb_anr_init(void) -{ - return ldb_register_module(&anr_ops); -} - diff --git a/source4/dsdb/samdb/ldb_modules/dsdb_cache.c b/source4/dsdb/samdb/ldb_modules/dsdb_cache.c index 4ca8bbf463..e73803ab38 100644 --- a/source4/dsdb/samdb/ldb_modules/dsdb_cache.c +++ b/source4/dsdb/samdb/ldb_modules/dsdb_cache.c @@ -36,12 +36,7 @@ static int dsdb_cache_init(struct ldb_module *module) return ldb_next_init(module); } -static const struct ldb_module_ops dsdb_cache_ops = { +const struct ldb_module_ops ldb_dsdb_cache_module_ops = { .name = "dsdb_cache", .init_context = dsdb_cache_init }; - -int dsdb_cache_module_init(void) -{ - return ldb_register_module(&dsdb_cache_ops); -} diff --git a/source4/dsdb/samdb/ldb_modules/extended_dn.c b/source4/dsdb/samdb/ldb_modules/extended_dn.c index 802f86570b..85b99800e9 100644 --- a/source4/dsdb/samdb/ldb_modules/extended_dn.c +++ b/source4/dsdb/samdb/ldb_modules/extended_dn.c @@ -362,13 +362,8 @@ static int extended_init(struct ldb_module *module) return ldb_next_init(module); } -static const struct ldb_module_ops extended_dn_ops = { +const struct ldb_module_ops ldb_extended_dn_module_ops = { .name = "extended_dn", .search = extended_search, .init_context = extended_init }; - -int ldb_extended_dn_init(void) -{ - return ldb_register_module(&extended_dn_ops); -} diff --git a/source4/dsdb/samdb/ldb_modules/instancetype.c b/source4/dsdb/samdb/ldb_modules/instancetype.c index 65df294e90..c0f8852503 100644 --- a/source4/dsdb/samdb/ldb_modules/instancetype.c +++ b/source4/dsdb/samdb/ldb_modules/instancetype.c @@ -118,13 +118,7 @@ static int instancetype_add(struct ldb_module *module, struct ldb_request *req) return ret; } -static const struct ldb_module_ops instancetype_ops = { +const struct ldb_module_ops ldb_instancetype_module_ops = { .name = "instancetype", .add = instancetype_add, }; - - -int ldb_instancetype_init(void) -{ - return ldb_register_module(&instancetype_ops); -} diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index ea33548b91..6395ebe2ed 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -471,7 +471,7 @@ done: return ldb_next_init(module); } -static const struct ldb_module_ops kludge_acl_ops = { +const struct ldb_module_ops ldb_kludge_acl_module_ops = { .name = "kludge_acl", .search = kludge_acl_search, .add = kludge_acl_change, @@ -481,8 +481,3 @@ static const struct ldb_module_ops kludge_acl_ops = { .extended = kludge_acl_change, .init_context = kludge_acl_init }; - -int ldb_kludge_acl_init(void) -{ - return ldb_register_module(&kludge_acl_ops); -} diff --git a/source4/dsdb/samdb/ldb_modules/linked_attributes.c b/source4/dsdb/samdb/ldb_modules/linked_attributes.c index b3fdffe566..d6e9d3da4f 100644 --- a/source4/dsdb/samdb/ldb_modules/linked_attributes.c +++ b/source4/dsdb/samdb/ldb_modules/linked_attributes.c @@ -915,7 +915,7 @@ static int linked_attributes_wait(struct ldb_handle *handle, enum ldb_wait_type } } -static const struct ldb_module_ops linked_attributes_ops = { +const struct ldb_module_ops ldb_linked_attributes_module_ops = { .name = "linked_attributes", .add = linked_attributes_add, .modify = linked_attributes_modify, @@ -923,8 +923,3 @@ static const struct ldb_module_ops linked_attributes_ops = { .rename = linked_attributes_rename, .wait = linked_attributes_wait, }; - -int ldb_linked_attributes_init(void) -{ - return ldb_register_module(&linked_attributes_ops); -} diff --git a/source4/dsdb/samdb/ldb_modules/local_password.c b/source4/dsdb/samdb/ldb_modules/local_password.c index 350434df51..f34acd5349 100644 --- a/source4/dsdb/samdb/ldb_modules/local_password.c +++ b/source4/dsdb/samdb/ldb_modules/local_password.c @@ -843,16 +843,10 @@ static int local_password_wait(struct ldb_handle *handle, enum ldb_wait_type typ } } -static const struct ldb_module_ops local_password_ops = { +const struct ldb_module_ops ldb_local_password_module_ops = { .name = "local_password", .add = local_password_add, .modify = local_password_modify, .search = local_password_search, .wait = local_password_wait }; - - -int local_password_module_init(void) -{ - return ldb_register_module(&local_password_ops); -} diff --git a/source4/dsdb/samdb/ldb_modules/naming_fsmo.c b/source4/dsdb/samdb/ldb_modules/naming_fsmo.c index d6b6a24287..94bef197e9 100644 --- a/source4/dsdb/samdb/ldb_modules/naming_fsmo.c +++ b/source4/dsdb/samdb/ldb_modules/naming_fsmo.c @@ -117,12 +117,7 @@ static int naming_fsmo_init(struct ldb_module *module) return ldb_next_init(module); } -static const struct ldb_module_ops naming_fsmo_ops = { +const struct ldb_module_ops ldb_naming_fsmo_module_ops = { .name = "naming_fsmo", .init_context = naming_fsmo_init }; - -int naming_fsmo_module_init(void) -{ - return ldb_register_module(&naming_fsmo_ops); -} diff --git a/source4/dsdb/samdb/ldb_modules/normalise.c b/source4/dsdb/samdb/ldb_modules/normalise.c index 7e3b63a145..2a713a52ff 100644 --- a/source4/dsdb/samdb/ldb_modules/normalise.c +++ b/source4/dsdb/samdb/ldb_modules/normalise.c @@ -156,12 +156,7 @@ static int normalise_search(struct ldb_module *module, struct ldb_request *req) } -static const struct ldb_module_ops normalise_ops = { +const struct ldb_module_ops ldb_normalise_module_ops = { .name = "normalise", .search = normalise_search, }; - -int ldb_normalise_init(void) -{ - return ldb_register_module(&normalise_ops); -} diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c index 737475ca78..98eeed7cde 100644 --- a/source4/dsdb/samdb/ldb_modules/objectclass.c +++ b/source4/dsdb/samdb/ldb_modules/objectclass.c @@ -1153,16 +1153,10 @@ static int objectclass_wait(struct ldb_handle *handle, enum ldb_wait_type type) } } -static const struct ldb_module_ops objectclass_ops = { +const struct ldb_module_ops ldb_objectclass_module_ops = { .name = "objectclass", .add = objectclass_add, .modify = objectclass_modify, .rename = objectclass_rename, .wait = objectclass_wait }; - -int ldb_objectclass_init(void) -{ - return ldb_register_module(&objectclass_ops); -} - diff --git a/source4/dsdb/samdb/ldb_modules/objectguid.c b/source4/dsdb/samdb/ldb_modules/objectguid.c index bf57f5c21b..99dc46bc1f 100644 --- a/source4/dsdb/samdb/ldb_modules/objectguid.c +++ b/source4/dsdb/samdb/ldb_modules/objectguid.c @@ -247,14 +247,8 @@ static int objectguid_modify(struct ldb_module *module, struct ldb_request *req) return ret; } -static const struct ldb_module_ops objectguid_ops = { +const struct ldb_module_ops ldb_objectguid_module_ops = { .name = "objectguid", .add = objectguid_add, .modify = objectguid_modify, }; - - -int objectguid_module_init(void) -{ - return ldb_register_module(&objectguid_ops); -} diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index 61b64441a7..62dd0da8a1 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -1030,7 +1030,7 @@ static int partition_wait(struct ldb_handle *handle, enum ldb_wait_type type) } } -static const struct ldb_module_ops partition_ops = { +const struct ldb_module_ops ldb_partition_module_ops = { .name = "partition", .init_context = partition_init, .search = partition_search, @@ -1045,8 +1045,3 @@ static const struct ldb_module_ops partition_ops = { .del_transaction = partition_del_trans, .wait = partition_wait }; - -int ldb_partition_init(void) -{ - return ldb_register_module(&partition_ops); -} diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 57c053d961..380045c1cf 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -2044,15 +2044,9 @@ static int password_hash_wait(struct ldb_handle *handle, enum ldb_wait_type type } } -static const struct ldb_module_ops password_hash_ops = { +const struct ldb_module_ops ldb_password_hash_module_ops = { .name = "password_hash", .add = password_hash_add, .modify = password_hash_modify, .wait = password_hash_wait }; - - -int password_hash_module_init(void) -{ - return ldb_register_module(&password_hash_ops); -} diff --git a/source4/dsdb/samdb/ldb_modules/pdc_fsmo.c b/source4/dsdb/samdb/ldb_modules/pdc_fsmo.c index 0f3293ed1d..270e79ecd8 100644 --- a/source4/dsdb/samdb/ldb_modules/pdc_fsmo.c +++ b/source4/dsdb/samdb/ldb_modules/pdc_fsmo.c @@ -115,12 +115,7 @@ static int pdc_fsmo_init(struct ldb_module *module) return ldb_next_init(module); } -static const struct ldb_module_ops pdc_fsmo_ops = { +const struct ldb_module_ops ldb_pdc_fsmo_module_ops = { .name = "pdc_fsmo", .init_context = pdc_fsmo_init }; - -int pdc_fsmo_module_init(void) -{ - return ldb_register_module(&pdc_fsmo_ops); -} diff --git a/source4/dsdb/samdb/ldb_modules/proxy.c b/source4/dsdb/samdb/ldb_modules/proxy.c index 37ee7f9fce..a7704ef413 100644 --- a/source4/dsdb/samdb/ldb_modules/proxy.c +++ b/source4/dsdb/samdb/ldb_modules/proxy.c @@ -331,12 +331,7 @@ static int proxy_request(struct ldb_module *module, struct ldb_request *req) } } -static const struct ldb_module_ops proxy_ops = { +const struct ldb_module_ops ldb_proxy_module_ops = { .name = "proxy", .request = proxy_request }; - -int proxy_module_init(void) -{ - return ldb_register_module(&proxy_ops); -} diff --git a/source4/dsdb/samdb/ldb_modules/ranged_results.c b/source4/dsdb/samdb/ldb_modules/ranged_results.c index c527afc6db..c6ebea1044 100644 --- a/source4/dsdb/samdb/ldb_modules/ranged_results.c +++ b/source4/dsdb/samdb/ldb_modules/ranged_results.c @@ -201,12 +201,7 @@ static int rr_search(struct ldb_module *module, struct ldb_request *req) return ldb_next_request(module, req); } -static const struct ldb_module_ops rr_ops = { +const struct ldb_module_ops ldb_ranged_results_module_ops = { .name = "ranged_results", .search = rr_search, }; - -int ldb_ranged_results_init(void) -{ - return ldb_register_module(&rr_ops); -} diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index 441dbc9598..9184a8c0b2 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -1579,15 +1579,10 @@ static int replmd_wait(struct ldb_handle *handle, enum ldb_wait_type type) } } -static const struct ldb_module_ops replmd_ops = { +const struct ldb_module_ops ldb_repl_meta_data_module_ops = { .name = "repl_meta_data", .add = replmd_add, .modify = replmd_modify, .extended = replmd_extended, .wait = replmd_wait }; - -int repl_meta_data_module_init(void) -{ - return ldb_register_module(&replmd_ops); -} diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index 02f43d7076..80173084ec 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -386,15 +386,9 @@ static int rootdse_init(struct ldb_module *module) return ldb_next_init(module); } -static const struct ldb_module_ops rootdse_ops = { +const struct ldb_module_ops ldb_rootdse_module_ops = { .name = "rootdse", .init_context = rootdse_init, .search = rootdse_search, .request = rootdse_request }; - -int rootdse_module_init(void) -{ - return ldb_register_module(&rootdse_ops); -} - diff --git a/source4/dsdb/samdb/ldb_modules/samba3sam.c b/source4/dsdb/samdb/ldb_modules/samba3sam.c index 3a666b5380..4b1d432932 100644 --- a/source4/dsdb/samdb/ldb_modules/samba3sam.c +++ b/source4/dsdb/samdb/ldb_modules/samba3sam.c @@ -925,21 +925,8 @@ static int samba3sam_init(struct ldb_module *module) return ldb_next_init(module); } -static struct ldb_module_ops samba3sam_ops = { +const struct ldb_module_ops ldb_samba3sam_module_ops = { + LDB_MAP_OPS .name = "samba3sam", .init_context = samba3sam_init, }; - -/* the init function */ -int ldb_samba3sam_module_init(void) -{ - struct ldb_module_ops ops = ldb_map_get_ops(); - samba3sam_ops.add = ops.add; - samba3sam_ops.modify = ops.modify; - samba3sam_ops.del = ops.del; - samba3sam_ops.rename = ops.rename; - samba3sam_ops.search = ops.search; - samba3sam_ops.wait = ops.wait; - - return ldb_register_module(&samba3sam_ops); -} diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index baf419c750..44776f5956 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -750,14 +750,8 @@ static int samldb_init(struct ldb_module *module) return ldb_next_init(module); } -static const struct ldb_module_ops samldb_ops = { +const struct ldb_module_ops ldb_samldb_module_ops = { .name = "samldb", .init_context = samldb_init, .add = samldb_add, }; - - -int samldb_module_init(void) -{ - return ldb_register_module(&samldb_ops); -} diff --git a/source4/dsdb/samdb/ldb_modules/schema.c b/source4/dsdb/samdb/ldb_modules/schema.c index 525193ac8c..b6eb5ffb84 100644 --- a/source4/dsdb/samdb/ldb_modules/schema.c +++ b/source4/dsdb/samdb/ldb_modules/schema.c @@ -1221,7 +1221,7 @@ static int schema_init(struct ldb_module *module) return LDB_SUCCESS; } -static const struct ldb_module_ops schema_ops = { +const struct ldb_module_ops ldb_schema_module_ops = { .name = "schema", .init_context = schema_init, .add = schema_add, @@ -1230,8 +1230,3 @@ static const struct ldb_module_ops schema_ops = { .rename = schema_rename, .wait = schema_wait }; - -int ldb_schema_init(void) -{ - return ldb_register_module(&schema_ops); -} diff --git a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c index f9dd131fd4..9c87747527 100644 --- a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c +++ b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c @@ -255,12 +255,7 @@ static int schema_fsmo_init(struct ldb_module *module) return ldb_next_init(module); } -static const struct ldb_module_ops schema_fsmo_ops = { +const struct ldb_module_ops ldb_schema_fsmo_module_ops = { .name = "schema_fsmo", .init_context = schema_fsmo_init }; - -int schema_fsmo_module_init(void) -{ - return ldb_register_module(&schema_fsmo_ops); -} diff --git a/source4/dsdb/samdb/ldb_modules/show_deleted.c b/source4/dsdb/samdb/ldb_modules/show_deleted.c index 19fa63fb6e..5e6b967b47 100644 --- a/source4/dsdb/samdb/ldb_modules/show_deleted.c +++ b/source4/dsdb/samdb/ldb_modules/show_deleted.c @@ -194,13 +194,8 @@ static int show_deleted_init(struct ldb_module *module) return ldb_next_init(module); } -static const struct ldb_module_ops show_deleted_ops = { +const struct ldb_module_ops ldb_show_deleted_module_ops = { .name = "show_deleted", .search = show_deleted_search, .init_context = show_deleted_init }; - -int ldb_show_deleted_init(void) -{ - return ldb_register_module(&show_deleted_ops); -} diff --git a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c index acf2fd622c..dbb58856a0 100644 --- a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c +++ b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c @@ -793,42 +793,16 @@ static int entryuuid_sequence_number(struct ldb_module *module, struct ldb_reque return LDB_SUCCESS; } -static struct ldb_module_ops entryuuid_ops = { +const struct ldb_module_ops ldb_entryuuid_module_ops = { .name = "entryuuid", .init_context = entryuuid_init, - .sequence_number = entryuuid_sequence_number + .sequence_number = entryuuid_sequence_number, + LDB_MAP_OPS }; -static struct ldb_module_ops nsuniqueid_ops = { +const struct ldb_module_ops ldb_nsuniqueid_module_ops = { .name = "nsuniqueid", .init_context = nsuniqueid_init, - .sequence_number = entryuuid_sequence_number + .sequence_number = entryuuid_sequence_number, + LDB_MAP_OPS }; - -/* the init function */ -int ldb_simple_ldap_map_module_init(void) -{ - int ret; - struct ldb_module_ops ops = ldb_map_get_ops(); - entryuuid_ops.add = ops.add; - entryuuid_ops.modify = ops.modify; - entryuuid_ops.del = ops.del; - entryuuid_ops.rename = ops.rename; - entryuuid_ops.search = ops.search; - entryuuid_ops.wait = ops.wait; - ret = ldb_register_module(&entryuuid_ops); - - if (ret) { - return ret; - } - - nsuniqueid_ops.add = ops.add; - nsuniqueid_ops.modify = ops.modify; - nsuniqueid_ops.del = ops.del; - nsuniqueid_ops.rename = ops.rename; - nsuniqueid_ops.search = ops.search; - nsuniqueid_ops.wait = ops.wait; - ret = ldb_register_module(&nsuniqueid_ops); - - return ret; -} diff --git a/source4/dsdb/samdb/ldb_modules/subtree_delete.c b/source4/dsdb/samdb/ldb_modules/subtree_delete.c index e84bf60b32..56ae7b239a 100644 --- a/source4/dsdb/samdb/ldb_modules/subtree_delete.c +++ b/source4/dsdb/samdb/ldb_modules/subtree_delete.c @@ -247,13 +247,8 @@ static int subtree_delete_wait(struct ldb_handle *handle, enum ldb_wait_type typ } } -static const struct ldb_module_ops subtree_delete_ops = { +const struct ldb_module_ops ldb_subtree_delete_module_ops = { .name = "subtree_delete", .del = subtree_delete, .wait = subtree_delete_wait, }; - -int ldb_subtree_delete_init(void) -{ - return ldb_register_module(&subtree_delete_ops); -} diff --git a/source4/dsdb/samdb/ldb_modules/subtree_rename.c b/source4/dsdb/samdb/ldb_modules/subtree_rename.c index 0964c3fdcd..bf8124e253 100644 --- a/source4/dsdb/samdb/ldb_modules/subtree_rename.c +++ b/source4/dsdb/samdb/ldb_modules/subtree_rename.c @@ -264,13 +264,8 @@ static int subtree_rename_wait(struct ldb_handle *handle, enum ldb_wait_type typ } } -static const struct ldb_module_ops subtree_rename_ops = { +const struct ldb_module_ops ldb_subtree_rename_module_ops = { .name = "subtree_rename", .rename = subtree_rename, .wait = subtree_rename_wait, }; - -int ldb_subtree_rename_init(void) -{ - return ldb_register_module(&subtree_rename_ops); -} diff --git a/source4/dsdb/samdb/ldb_modules/update_keytab.c b/source4/dsdb/samdb/ldb_modules/update_keytab.c index a18efd757a..614f05f752 100644 --- a/source4/dsdb/samdb/ldb_modules/update_keytab.c +++ b/source4/dsdb/samdb/ldb_modules/update_keytab.c @@ -199,7 +199,7 @@ static int update_kt_init(struct ldb_module *module) return ldb_next_init(module); } -static const struct ldb_module_ops update_kt_ops = { +const struct ldb_module_ops ldb_update_keytab_module_ops = { .name = "update_keytab", .init_context = update_kt_init, .add = update_kt_add, @@ -209,8 +209,3 @@ static const struct ldb_module_ops update_kt_ops = { .end_transaction = update_kt_end_trans, .del_transaction = update_kt_del_trans, }; - -int ldb_update_kt_init(void) -{ - return ldb_register_module(&update_kt_ops); -} -- cgit From 39a817d310964f8e9a63cfb096b3ad24fa03bd5e Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 20 Feb 2008 04:33:43 +0100 Subject: Fix use of some modules (needed _PUBLIC_). (This used to be commit ce332130ea77159832da23bab760fa26921719e2) --- source4/dsdb/samdb/ldb_modules/anr.c | 2 +- source4/dsdb/samdb/ldb_modules/config.mk | 57 ++++++++++------------ source4/dsdb/samdb/ldb_modules/dsdb_cache.c | 2 +- source4/dsdb/samdb/ldb_modules/extended_dn.c | 2 +- source4/dsdb/samdb/ldb_modules/instancetype.c | 2 +- source4/dsdb/samdb/ldb_modules/kludge_acl.c | 2 +- source4/dsdb/samdb/ldb_modules/linked_attributes.c | 2 +- source4/dsdb/samdb/ldb_modules/local_password.c | 2 +- source4/dsdb/samdb/ldb_modules/naming_fsmo.c | 2 +- source4/dsdb/samdb/ldb_modules/normalise.c | 2 +- source4/dsdb/samdb/ldb_modules/objectclass.c | 2 +- source4/dsdb/samdb/ldb_modules/objectguid.c | 2 +- source4/dsdb/samdb/ldb_modules/partition.c | 4 +- source4/dsdb/samdb/ldb_modules/password_hash.c | 2 +- source4/dsdb/samdb/ldb_modules/pdc_fsmo.c | 2 +- source4/dsdb/samdb/ldb_modules/proxy.c | 2 +- source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 2 +- source4/dsdb/samdb/ldb_modules/rootdse.c | 2 +- source4/dsdb/samdb/ldb_modules/samba3sam.c | 2 +- source4/dsdb/samdb/ldb_modules/samldb.c | 2 +- source4/dsdb/samdb/ldb_modules/schema.c | 2 +- source4/dsdb/samdb/ldb_modules/schema_fsmo.c | 2 +- source4/dsdb/samdb/ldb_modules/show_deleted.c | 2 +- source4/dsdb/samdb/ldb_modules/simple_ldap_map.c | 4 +- source4/dsdb/samdb/ldb_modules/update_keytab.c | 2 +- 25 files changed, 53 insertions(+), 56 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/anr.c b/source4/dsdb/samdb/ldb_modules/anr.c index dd730c9b01..1252c9ee42 100644 --- a/source4/dsdb/samdb/ldb_modules/anr.c +++ b/source4/dsdb/samdb/ldb_modules/anr.c @@ -295,7 +295,7 @@ static int anr_search(struct ldb_module *module, struct ldb_request *req) return ldb_next_request(module, req); } -const struct ldb_module_ops ldb_anr_module_ops = { +_PUBLIC_ const struct ldb_module_ops ldb_anr_module_ops = { .name = "anr", .search = anr_search }; diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index dc407fbd8a..de93b5638d 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -4,7 +4,7 @@ SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC LIBNDR NDR_MISC -INIT_FUNCTION = objectguid_module_init +INIT_FUNCTION = objectguid_module_module_ops OBJ_FILES = \ objectguid.o # End MODULE ldb_objectguid @@ -17,7 +17,7 @@ SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = SAMDB LIBTALLOC LIBNDR NDR_MISC NDR_DRSUAPI \ NDR_DRSBLOBS LIBNDR -INIT_FUNCTION = repl_meta_data_module_init +INIT_FUNCTION = repl_meta_data_module_module_ops OBJ_FILES = \ repl_meta_data.o # End MODULE ldb_repl_meta_data @@ -29,7 +29,7 @@ OBJ_FILES = \ SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = SAMDB LIBTALLOC -INIT_FUNCTION = dsdb_cache_module_init +INIT_FUNCTION = dsdb_cache_module_module_ops OBJ_FILES = \ dsdb_cache.o # End MODULE ldb_dsdb_cache @@ -41,7 +41,7 @@ OBJ_FILES = \ SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = SAMDB LIBTALLOC -INIT_FUNCTION = schema_fsmo_module_init +INIT_FUNCTION = schema_fsmo_module_module_ops OBJ_FILES = \ schema_fsmo.o # End MODULE ldb_schema_fsmo @@ -53,7 +53,7 @@ OBJ_FILES = \ SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = SAMDB LIBTALLOC -INIT_FUNCTION = naming_fsmo_module_init +INIT_FUNCTION = naming_fsmo_module_module_ops OBJ_FILES = \ naming_fsmo.o # End MODULE ldb_naming_fsmo @@ -65,7 +65,7 @@ OBJ_FILES = \ SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = SAMDB LIBTALLOC -INIT_FUNCTION = pdc_fsmo_module_init +INIT_FUNCTION = pdc_fsmo_module_module_ops OBJ_FILES = \ pdc_fsmo.o # End MODULE ldb_pdc_fsmo @@ -77,7 +77,7 @@ OBJ_FILES = \ SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC LDAP_ENCODE NDR_MISC SAMDB -INIT_FUNCTION = samldb_module_init +INIT_FUNCTION = samldb_module_module_ops OBJ_FILES = \ samldb.o # @@ -89,7 +89,7 @@ OBJ_FILES = \ [MODULE::ldb_samba3sam] SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY -INIT_FUNCTION = ldb_samba3sam_module_init +INIT_FUNCTION = &ldb_samba3sam_module_module_ops PRIVATE_DEPENDENCIES = LIBTALLOC ldb_map SMBPASSWD NSS_WRAPPER LIBSECURITY \ NDR_SECURITY OBJ_FILES = \ @@ -103,7 +103,7 @@ OBJ_FILES = \ [MODULE::ldb_simple_ldap_map] SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY -INIT_FUNCTION = ldb_simple_ldap_map_module_init +INIT_FUNCTION = &ldb_simple_ldap_map_module_module_ops PRIVATE_DEPENDENCIES = LIBTALLOC ldb_map LIBNDR NDR_MISC ENABLE = YES ALIASES = entryuuid nsuniqueid @@ -117,7 +117,7 @@ OBJ_FILES = \ # # Start MODULE ldb_proxy # [MODULE::ldb_proxy] # SUBSYSTEM = LIBLDB -# INIT_FUNCTION = proxy_module_init +# INIT_FUNCTION = proxy_module_module_ops # OBJ_FILES = \ # proxy.o # @@ -131,7 +131,7 @@ OBJ_FILES = \ SUBSYSTEM = LIBLDB PRIVATE_DEPENDENCIES = LIBTALLOC SAMDB OUTPUT_TYPE = SHARED_LIBRARY -INIT_FUNCTION = rootdse_module_init +INIT_FUNCTION = rootdse_module_module_ops OBJ_FILES = \ rootdse.o # @@ -143,7 +143,7 @@ OBJ_FILES = \ [MODULE::ldb_password_hash] SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY -INIT_FUNCTION = password_hash_module_init +INIT_FUNCTION = password_hash_module_module_ops OBJ_FILES = password_hash.o PRIVATE_DEPENDENCIES = HEIMDAL_HDB_KEYS LIBTALLOC HEIMDAL_KRB5 LDAP_ENCODE \ LIBCLI_AUTH NDR_DRSBLOBS KERBEROS SAMDB @@ -157,7 +157,7 @@ PRIVATE_DEPENDENCIES = HEIMDAL_HDB_KEYS LIBTALLOC HEIMDAL_KRB5 LDAP_ENCODE \ PRIVATE_DEPENDENCIES = LIBTALLOC LIBNDR SAMDB OUTPUT_TYPE = SHARED_LIBRARY SUBSYSTEM = LIBLDB -INIT_FUNCTION = local_password_module_init +INIT_FUNCTION = local_password_module_module_ops OBJ_FILES = local_password.o # # End MODULE ldb_local_password @@ -169,7 +169,7 @@ OBJ_FILES = local_password.o PRIVATE_DEPENDENCIES = LIBTALLOC LIBSECURITY SAMDB OUTPUT_TYPE = SHARED_LIBRARY SUBSYSTEM = LIBLDB -INIT_FUNCTION = ldb_kludge_acl_init +INIT_FUNCTION = &ldb_kludge_acl_module_ops OBJ_FILES = \ kludge_acl.o # @@ -182,7 +182,7 @@ OBJ_FILES = \ SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC LIBNDR LIBSECURITY SAMDB -INIT_FUNCTION = ldb_extended_dn_init +INIT_FUNCTION = &ldb_extended_dn_module_ops OBJ_FILES = \ extended_dn.o # @@ -195,7 +195,7 @@ OBJ_FILES = \ SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC -INIT_FUNCTION = ldb_show_deleted_init +INIT_FUNCTION = &ldb_show_deleted_module_ops OBJ_FILES = \ show_deleted.o # @@ -208,7 +208,7 @@ OBJ_FILES = \ SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC SAMDB -INIT_FUNCTION = ldb_partition_init +INIT_FUNCTION = &ldb_partition_module_ops OBJ_FILES = \ partition.o # @@ -221,7 +221,7 @@ OBJ_FILES = \ SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC LIBLDB -INIT_FUNCTION = ldb_schema_init +INIT_FUNCTION = &ldb_schema_module_ops OBJ_FILES = \ schema.o schema_syntax.o # @@ -235,7 +235,7 @@ SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC CREDENTIALS #Also depends on credentials, but that would loop -INIT_FUNCTION = ldb_update_kt_init +INIT_FUNCTION = &ldb_update_kt_module_ops OBJ_FILES = \ update_keytab.o # @@ -245,7 +245,7 @@ OBJ_FILES = \ ################################################ # Start MODULE ldb_objectclass [MODULE::ldb_objectclass] -INIT_FUNCTION = ldb_objectclass_init +INIT_FUNCTION = &ldb_objectclass_module_ops OUTPUT_TYPE = SHARED_LIBRARY CFLAGS = -Ilib/ldb/include PRIVATE_DEPENDENCIES = LIBTALLOC LIBSECURITY NDR_SECURITY SAMDB @@ -258,8 +258,7 @@ OBJ_FILES = \ ################################################ # Start MODULE ldb_subtree_rename [MODULE::ldb_subtree_rename] -INIT_FUNCTION = ldb_subtree_rename_init -OUTPUT_TYPE = SHARED_LIBRARY +INIT_FUNCTION = &ldb_subtree_rename_module_ops CFLAGS = -Ilib/ldb/include PRIVATE_DEPENDENCIES = LIBTALLOC SUBSYSTEM = LIBLDB @@ -271,8 +270,7 @@ OBJ_FILES = \ ################################################ # Start MODULE ldb_subtree_rename [MODULE::ldb_subtree_delete] -INIT_FUNCTION = ldb_subtree_delete_init -OUTPUT_TYPE = SHARED_LIBRARY +INIT_FUNCTION = &ldb_subtree_delete_module_ops CFLAGS = -Ilib/ldb/include PRIVATE_DEPENDENCIES = LIBTALLOC SUBSYSTEM = LIBLDB @@ -284,7 +282,7 @@ OBJ_FILES = \ ################################################ # Start MODULE ldb_linked_attributes [MODULE::ldb_linked_attributes] -INIT_FUNCTION = ldb_linked_attributes_init +INIT_FUNCTION = &ldb_linked_attributes_module_ops CFLAGS = -Ilib/ldb/include OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC SAMDB @@ -297,9 +295,8 @@ OBJ_FILES = \ ################################################ # Start MODULE ldb_ranged_results [MODULE::ldb_ranged_results] -INIT_FUNCTION = ldb_ranged_results_init +INIT_FUNCTION = &ldb_ranged_results_module_ops CFLAGS = -Ilib/ldb/include -OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC SUBSYSTEM = LIBLDB OBJ_FILES = \ @@ -310,7 +307,7 @@ OBJ_FILES = \ ################################################ # Start MODULE ldb_anr [MODULE::ldb_anr] -INIT_FUNCTION = ldb_anr_init +INIT_FUNCTION = &ldb_anr_module_ops CFLAGS = -Ilib/ldb/include OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC LIBSAMBA-UTIL SAMDB @@ -323,7 +320,7 @@ OBJ_FILES = \ ################################################ # Start MODULE ldb_normalise [MODULE::ldb_normalise] -INIT_FUNCTION = ldb_normalise_init +INIT_FUNCTION = &ldb_normalise_module_ops CFLAGS = -Ilib/ldb/include OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC LIBSAMBA-UTIL SAMDB @@ -336,7 +333,7 @@ OBJ_FILES = \ ################################################ # Start MODULE ldb_instancetype [MODULE::ldb_instancetype] -INIT_FUNCTION = ldb_instancetype_init +INIT_FUNCTION = &ldb_instancetype_module_ops CFLAGS = -Ilib/ldb/include OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC diff --git a/source4/dsdb/samdb/ldb_modules/dsdb_cache.c b/source4/dsdb/samdb/ldb_modules/dsdb_cache.c index e73803ab38..e60605dce1 100644 --- a/source4/dsdb/samdb/ldb_modules/dsdb_cache.c +++ b/source4/dsdb/samdb/ldb_modules/dsdb_cache.c @@ -36,7 +36,7 @@ static int dsdb_cache_init(struct ldb_module *module) return ldb_next_init(module); } -const struct ldb_module_ops ldb_dsdb_cache_module_ops = { +_PUBLIC_ const struct ldb_module_ops ldb_dsdb_cache_module_ops = { .name = "dsdb_cache", .init_context = dsdb_cache_init }; diff --git a/source4/dsdb/samdb/ldb_modules/extended_dn.c b/source4/dsdb/samdb/ldb_modules/extended_dn.c index 85b99800e9..84bf5e4843 100644 --- a/source4/dsdb/samdb/ldb_modules/extended_dn.c +++ b/source4/dsdb/samdb/ldb_modules/extended_dn.c @@ -362,7 +362,7 @@ static int extended_init(struct ldb_module *module) return ldb_next_init(module); } -const struct ldb_module_ops ldb_extended_dn_module_ops = { +_PUBLIC_ const struct ldb_module_ops ldb_extended_dn_module_ops = { .name = "extended_dn", .search = extended_search, .init_context = extended_init diff --git a/source4/dsdb/samdb/ldb_modules/instancetype.c b/source4/dsdb/samdb/ldb_modules/instancetype.c index c0f8852503..fd5aa5e18a 100644 --- a/source4/dsdb/samdb/ldb_modules/instancetype.c +++ b/source4/dsdb/samdb/ldb_modules/instancetype.c @@ -118,7 +118,7 @@ static int instancetype_add(struct ldb_module *module, struct ldb_request *req) return ret; } -const struct ldb_module_ops ldb_instancetype_module_ops = { +_PUBLIC_ const struct ldb_module_ops ldb_instancetype_module_ops = { .name = "instancetype", .add = instancetype_add, }; diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index 6395ebe2ed..e3e1f7ac88 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -471,7 +471,7 @@ done: return ldb_next_init(module); } -const struct ldb_module_ops ldb_kludge_acl_module_ops = { +_PUBLIC_ const struct ldb_module_ops ldb_kludge_acl_module_ops = { .name = "kludge_acl", .search = kludge_acl_search, .add = kludge_acl_change, diff --git a/source4/dsdb/samdb/ldb_modules/linked_attributes.c b/source4/dsdb/samdb/ldb_modules/linked_attributes.c index d6e9d3da4f..8685c722aa 100644 --- a/source4/dsdb/samdb/ldb_modules/linked_attributes.c +++ b/source4/dsdb/samdb/ldb_modules/linked_attributes.c @@ -915,7 +915,7 @@ static int linked_attributes_wait(struct ldb_handle *handle, enum ldb_wait_type } } -const struct ldb_module_ops ldb_linked_attributes_module_ops = { +_PUBLIC_ const struct ldb_module_ops ldb_linked_attributes_module_ops = { .name = "linked_attributes", .add = linked_attributes_add, .modify = linked_attributes_modify, diff --git a/source4/dsdb/samdb/ldb_modules/local_password.c b/source4/dsdb/samdb/ldb_modules/local_password.c index f34acd5349..dfa98ef0af 100644 --- a/source4/dsdb/samdb/ldb_modules/local_password.c +++ b/source4/dsdb/samdb/ldb_modules/local_password.c @@ -843,7 +843,7 @@ static int local_password_wait(struct ldb_handle *handle, enum ldb_wait_type typ } } -const struct ldb_module_ops ldb_local_password_module_ops = { +_PUBLIC_ const struct ldb_module_ops ldb_local_password_module_ops = { .name = "local_password", .add = local_password_add, .modify = local_password_modify, diff --git a/source4/dsdb/samdb/ldb_modules/naming_fsmo.c b/source4/dsdb/samdb/ldb_modules/naming_fsmo.c index 94bef197e9..084540f68d 100644 --- a/source4/dsdb/samdb/ldb_modules/naming_fsmo.c +++ b/source4/dsdb/samdb/ldb_modules/naming_fsmo.c @@ -117,7 +117,7 @@ static int naming_fsmo_init(struct ldb_module *module) return ldb_next_init(module); } -const struct ldb_module_ops ldb_naming_fsmo_module_ops = { +_PUBLIC_ const struct ldb_module_ops ldb_naming_fsmo_module_ops = { .name = "naming_fsmo", .init_context = naming_fsmo_init }; diff --git a/source4/dsdb/samdb/ldb_modules/normalise.c b/source4/dsdb/samdb/ldb_modules/normalise.c index 2a713a52ff..695393d4e8 100644 --- a/source4/dsdb/samdb/ldb_modules/normalise.c +++ b/source4/dsdb/samdb/ldb_modules/normalise.c @@ -156,7 +156,7 @@ static int normalise_search(struct ldb_module *module, struct ldb_request *req) } -const struct ldb_module_ops ldb_normalise_module_ops = { +_PUBLIC_ const struct ldb_module_ops ldb_normalise_module_ops = { .name = "normalise", .search = normalise_search, }; diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c index 98eeed7cde..e63ad4de56 100644 --- a/source4/dsdb/samdb/ldb_modules/objectclass.c +++ b/source4/dsdb/samdb/ldb_modules/objectclass.c @@ -1153,7 +1153,7 @@ static int objectclass_wait(struct ldb_handle *handle, enum ldb_wait_type type) } } -const struct ldb_module_ops ldb_objectclass_module_ops = { +_PUBLIC_ const struct ldb_module_ops ldb_objectclass_module_ops = { .name = "objectclass", .add = objectclass_add, .modify = objectclass_modify, diff --git a/source4/dsdb/samdb/ldb_modules/objectguid.c b/source4/dsdb/samdb/ldb_modules/objectguid.c index 99dc46bc1f..f62839389d 100644 --- a/source4/dsdb/samdb/ldb_modules/objectguid.c +++ b/source4/dsdb/samdb/ldb_modules/objectguid.c @@ -247,7 +247,7 @@ static int objectguid_modify(struct ldb_module *module, struct ldb_request *req) return ret; } -const struct ldb_module_ops ldb_objectguid_module_ops = { +_PUBLIC_ const struct ldb_module_ops ldb_objectguid_module_ops = { .name = "objectguid", .add = objectguid_add, .modify = objectguid_modify, diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index 62dd0da8a1..78b5a09f78 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -87,7 +87,7 @@ static struct ldb_module *make_module_for_next_request(TALLOC_CTX *mem_ctx, struct ldb_module *module) { struct ldb_module *current; - static const struct ldb_module_ops ops; /* zero */ +_PUBLIC_ static const struct ldb_module_ops ops; /* zero */ current = talloc_zero(mem_ctx, struct ldb_module); if (current == NULL) { return module; @@ -1030,7 +1030,7 @@ static int partition_wait(struct ldb_handle *handle, enum ldb_wait_type type) } } -const struct ldb_module_ops ldb_partition_module_ops = { +_PUBLIC_ const struct ldb_module_ops ldb_partition_module_ops = { .name = "partition", .init_context = partition_init, .search = partition_search, diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 380045c1cf..aa64700f2f 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -2044,7 +2044,7 @@ static int password_hash_wait(struct ldb_handle *handle, enum ldb_wait_type type } } -const struct ldb_module_ops ldb_password_hash_module_ops = { +_PUBLIC_ const struct ldb_module_ops ldb_password_hash_module_ops = { .name = "password_hash", .add = password_hash_add, .modify = password_hash_modify, diff --git a/source4/dsdb/samdb/ldb_modules/pdc_fsmo.c b/source4/dsdb/samdb/ldb_modules/pdc_fsmo.c index 270e79ecd8..09d56d77c9 100644 --- a/source4/dsdb/samdb/ldb_modules/pdc_fsmo.c +++ b/source4/dsdb/samdb/ldb_modules/pdc_fsmo.c @@ -115,7 +115,7 @@ static int pdc_fsmo_init(struct ldb_module *module) return ldb_next_init(module); } -const struct ldb_module_ops ldb_pdc_fsmo_module_ops = { +_PUBLIC_ const struct ldb_module_ops ldb_pdc_fsmo_module_ops = { .name = "pdc_fsmo", .init_context = pdc_fsmo_init }; diff --git a/source4/dsdb/samdb/ldb_modules/proxy.c b/source4/dsdb/samdb/ldb_modules/proxy.c index a7704ef413..0d065425ca 100644 --- a/source4/dsdb/samdb/ldb_modules/proxy.c +++ b/source4/dsdb/samdb/ldb_modules/proxy.c @@ -331,7 +331,7 @@ static int proxy_request(struct ldb_module *module, struct ldb_request *req) } } -const struct ldb_module_ops ldb_proxy_module_ops = { +_PUBLIC_ const struct ldb_module_ops ldb_proxy_module_ops = { .name = "proxy", .request = proxy_request }; diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index 9184a8c0b2..dd5faf837a 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -1579,7 +1579,7 @@ static int replmd_wait(struct ldb_handle *handle, enum ldb_wait_type type) } } -const struct ldb_module_ops ldb_repl_meta_data_module_ops = { +_PUBLIC_ const struct ldb_module_ops ldb_repl_meta_data_module_ops = { .name = "repl_meta_data", .add = replmd_add, .modify = replmd_modify, diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index 80173084ec..3235b24ef9 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -386,7 +386,7 @@ static int rootdse_init(struct ldb_module *module) return ldb_next_init(module); } -const struct ldb_module_ops ldb_rootdse_module_ops = { +_PUBLIC_ const struct ldb_module_ops ldb_rootdse_module_ops = { .name = "rootdse", .init_context = rootdse_init, .search = rootdse_search, diff --git a/source4/dsdb/samdb/ldb_modules/samba3sam.c b/source4/dsdb/samdb/ldb_modules/samba3sam.c index 4b1d432932..88b04b1bb6 100644 --- a/source4/dsdb/samdb/ldb_modules/samba3sam.c +++ b/source4/dsdb/samdb/ldb_modules/samba3sam.c @@ -925,7 +925,7 @@ static int samba3sam_init(struct ldb_module *module) return ldb_next_init(module); } -const struct ldb_module_ops ldb_samba3sam_module_ops = { +_PUBLIC_ const struct ldb_module_ops ldb_samba3sam_module_ops = { LDB_MAP_OPS .name = "samba3sam", .init_context = samba3sam_init, diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 44776f5956..178149a886 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -750,7 +750,7 @@ static int samldb_init(struct ldb_module *module) return ldb_next_init(module); } -const struct ldb_module_ops ldb_samldb_module_ops = { +_PUBLIC_ const struct ldb_module_ops ldb_samldb_module_ops = { .name = "samldb", .init_context = samldb_init, .add = samldb_add, diff --git a/source4/dsdb/samdb/ldb_modules/schema.c b/source4/dsdb/samdb/ldb_modules/schema.c index b6eb5ffb84..ff9530ca92 100644 --- a/source4/dsdb/samdb/ldb_modules/schema.c +++ b/source4/dsdb/samdb/ldb_modules/schema.c @@ -1221,7 +1221,7 @@ static int schema_init(struct ldb_module *module) return LDB_SUCCESS; } -const struct ldb_module_ops ldb_schema_module_ops = { +_PUBLIC_ const struct ldb_module_ops ldb_schema_module_ops = { .name = "schema", .init_context = schema_init, .add = schema_add, diff --git a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c index 9c87747527..729fd15202 100644 --- a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c +++ b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c @@ -255,7 +255,7 @@ static int schema_fsmo_init(struct ldb_module *module) return ldb_next_init(module); } -const struct ldb_module_ops ldb_schema_fsmo_module_ops = { +_PUBLIC_ const struct ldb_module_ops ldb_schema_fsmo_module_ops = { .name = "schema_fsmo", .init_context = schema_fsmo_init }; diff --git a/source4/dsdb/samdb/ldb_modules/show_deleted.c b/source4/dsdb/samdb/ldb_modules/show_deleted.c index 5e6b967b47..361cf226dc 100644 --- a/source4/dsdb/samdb/ldb_modules/show_deleted.c +++ b/source4/dsdb/samdb/ldb_modules/show_deleted.c @@ -194,7 +194,7 @@ static int show_deleted_init(struct ldb_module *module) return ldb_next_init(module); } -const struct ldb_module_ops ldb_show_deleted_module_ops = { +_PUBLIC_ const struct ldb_module_ops ldb_show_deleted_module_ops = { .name = "show_deleted", .search = show_deleted_search, .init_context = show_deleted_init diff --git a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c index dbb58856a0..3f4c19d285 100644 --- a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c +++ b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c @@ -793,14 +793,14 @@ static int entryuuid_sequence_number(struct ldb_module *module, struct ldb_reque return LDB_SUCCESS; } -const struct ldb_module_ops ldb_entryuuid_module_ops = { +_PUBLIC_ const struct ldb_module_ops ldb_entryuuid_module_ops = { .name = "entryuuid", .init_context = entryuuid_init, .sequence_number = entryuuid_sequence_number, LDB_MAP_OPS }; -const struct ldb_module_ops ldb_nsuniqueid_module_ops = { +_PUBLIC_ const struct ldb_module_ops ldb_nsuniqueid_module_ops = { .name = "nsuniqueid", .init_context = nsuniqueid_init, .sequence_number = entryuuid_sequence_number, diff --git a/source4/dsdb/samdb/ldb_modules/update_keytab.c b/source4/dsdb/samdb/ldb_modules/update_keytab.c index 614f05f752..54362dcfd4 100644 --- a/source4/dsdb/samdb/ldb_modules/update_keytab.c +++ b/source4/dsdb/samdb/ldb_modules/update_keytab.c @@ -199,7 +199,7 @@ static int update_kt_init(struct ldb_module *module) return ldb_next_init(module); } -const struct ldb_module_ops ldb_update_keytab_module_ops = { +_PUBLIC_ const struct ldb_module_ops ldb_update_keytab_module_ops = { .name = "update_keytab", .init_context = update_kt_init, .add = update_kt_add, -- cgit From b5bd6636907c76f6bb562b62abca78a7aeed83d8 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 25 Feb 2008 20:40:37 +0100 Subject: Fix use of realpath, fix init functions for ldb. (This used to be commit ca510136d2c4cae8f520c76df6aaadb5d412bea1) --- source4/dsdb/samdb/ldb_modules/config.mk | 54 ++++++++++++++++---------------- 1 file changed, 27 insertions(+), 27 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index de93b5638d..62fbe75c80 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -4,7 +4,7 @@ SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC LIBNDR NDR_MISC -INIT_FUNCTION = objectguid_module_module_ops +INIT_FUNCTION = LDB_MODULE(objectguid) OBJ_FILES = \ objectguid.o # End MODULE ldb_objectguid @@ -17,7 +17,7 @@ SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = SAMDB LIBTALLOC LIBNDR NDR_MISC NDR_DRSUAPI \ NDR_DRSBLOBS LIBNDR -INIT_FUNCTION = repl_meta_data_module_module_ops +INIT_FUNCTION = LDB_MODULE(repl_meta_data) OBJ_FILES = \ repl_meta_data.o # End MODULE ldb_repl_meta_data @@ -29,7 +29,7 @@ OBJ_FILES = \ SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = SAMDB LIBTALLOC -INIT_FUNCTION = dsdb_cache_module_module_ops +INIT_FUNCTION = LDB_MODULE(dsdb_cache) OBJ_FILES = \ dsdb_cache.o # End MODULE ldb_dsdb_cache @@ -41,7 +41,7 @@ OBJ_FILES = \ SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = SAMDB LIBTALLOC -INIT_FUNCTION = schema_fsmo_module_module_ops +INIT_FUNCTION = LDB_MODULE(schema_fsmo) OBJ_FILES = \ schema_fsmo.o # End MODULE ldb_schema_fsmo @@ -53,7 +53,7 @@ OBJ_FILES = \ SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = SAMDB LIBTALLOC -INIT_FUNCTION = naming_fsmo_module_module_ops +INIT_FUNCTION = LDB_MODULE(naming_fsmo) OBJ_FILES = \ naming_fsmo.o # End MODULE ldb_naming_fsmo @@ -65,7 +65,7 @@ OBJ_FILES = \ SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = SAMDB LIBTALLOC -INIT_FUNCTION = pdc_fsmo_module_module_ops +INIT_FUNCTION = LDB_MODULE(pdc_fsmo) OBJ_FILES = \ pdc_fsmo.o # End MODULE ldb_pdc_fsmo @@ -77,7 +77,7 @@ OBJ_FILES = \ SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC LDAP_ENCODE NDR_MISC SAMDB -INIT_FUNCTION = samldb_module_module_ops +INIT_FUNCTION = LDB_MODULE(samldb) OBJ_FILES = \ samldb.o # @@ -89,7 +89,7 @@ OBJ_FILES = \ [MODULE::ldb_samba3sam] SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY -INIT_FUNCTION = &ldb_samba3sam_module_module_ops +INIT_FUNCTION = LDB_MODULE(samba3sam) PRIVATE_DEPENDENCIES = LIBTALLOC ldb_map SMBPASSWD NSS_WRAPPER LIBSECURITY \ NDR_SECURITY OBJ_FILES = \ @@ -103,7 +103,7 @@ OBJ_FILES = \ [MODULE::ldb_simple_ldap_map] SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY -INIT_FUNCTION = &ldb_simple_ldap_map_module_module_ops +INIT_FUNCTION = LDB_MODULE(simple_ldap_map) PRIVATE_DEPENDENCIES = LIBTALLOC ldb_map LIBNDR NDR_MISC ENABLE = YES ALIASES = entryuuid nsuniqueid @@ -117,7 +117,7 @@ OBJ_FILES = \ # # Start MODULE ldb_proxy # [MODULE::ldb_proxy] # SUBSYSTEM = LIBLDB -# INIT_FUNCTION = proxy_module_module_ops +# INIT_FUNCTION = LDB_MODULE(proxy) # OBJ_FILES = \ # proxy.o # @@ -131,7 +131,7 @@ OBJ_FILES = \ SUBSYSTEM = LIBLDB PRIVATE_DEPENDENCIES = LIBTALLOC SAMDB OUTPUT_TYPE = SHARED_LIBRARY -INIT_FUNCTION = rootdse_module_module_ops +INIT_FUNCTION = LDB_MODULE(rootdse) OBJ_FILES = \ rootdse.o # @@ -143,7 +143,7 @@ OBJ_FILES = \ [MODULE::ldb_password_hash] SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY -INIT_FUNCTION = password_hash_module_module_ops +INIT_FUNCTION = LDB_MODULE(password_hash) OBJ_FILES = password_hash.o PRIVATE_DEPENDENCIES = HEIMDAL_HDB_KEYS LIBTALLOC HEIMDAL_KRB5 LDAP_ENCODE \ LIBCLI_AUTH NDR_DRSBLOBS KERBEROS SAMDB @@ -157,7 +157,7 @@ PRIVATE_DEPENDENCIES = HEIMDAL_HDB_KEYS LIBTALLOC HEIMDAL_KRB5 LDAP_ENCODE \ PRIVATE_DEPENDENCIES = LIBTALLOC LIBNDR SAMDB OUTPUT_TYPE = SHARED_LIBRARY SUBSYSTEM = LIBLDB -INIT_FUNCTION = local_password_module_module_ops +INIT_FUNCTION = LDB_MODULE(local_password) OBJ_FILES = local_password.o # # End MODULE ldb_local_password @@ -169,7 +169,7 @@ OBJ_FILES = local_password.o PRIVATE_DEPENDENCIES = LIBTALLOC LIBSECURITY SAMDB OUTPUT_TYPE = SHARED_LIBRARY SUBSYSTEM = LIBLDB -INIT_FUNCTION = &ldb_kludge_acl_module_ops +INIT_FUNCTION = LDB_MODULE(kludge_acl) OBJ_FILES = \ kludge_acl.o # @@ -182,7 +182,7 @@ OBJ_FILES = \ SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC LIBNDR LIBSECURITY SAMDB -INIT_FUNCTION = &ldb_extended_dn_module_ops +INIT_FUNCTION = LDB_MODULE(extended_dn) OBJ_FILES = \ extended_dn.o # @@ -195,7 +195,7 @@ OBJ_FILES = \ SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC -INIT_FUNCTION = &ldb_show_deleted_module_ops +INIT_FUNCTION = LDB_MODULE(show_deleted) OBJ_FILES = \ show_deleted.o # @@ -208,7 +208,7 @@ OBJ_FILES = \ SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC SAMDB -INIT_FUNCTION = &ldb_partition_module_ops +INIT_FUNCTION = LDB_MODULE(partition) OBJ_FILES = \ partition.o # @@ -221,7 +221,7 @@ OBJ_FILES = \ SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC LIBLDB -INIT_FUNCTION = &ldb_schema_module_ops +INIT_FUNCTION = LDB_MODULE(schema) OBJ_FILES = \ schema.o schema_syntax.o # @@ -235,7 +235,7 @@ SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC CREDENTIALS #Also depends on credentials, but that would loop -INIT_FUNCTION = &ldb_update_kt_module_ops +INIT_FUNCTION = LDB_MODULE(update_kt) OBJ_FILES = \ update_keytab.o # @@ -245,7 +245,7 @@ OBJ_FILES = \ ################################################ # Start MODULE ldb_objectclass [MODULE::ldb_objectclass] -INIT_FUNCTION = &ldb_objectclass_module_ops +INIT_FUNCTION = LDB_MODULE(objectclass) OUTPUT_TYPE = SHARED_LIBRARY CFLAGS = -Ilib/ldb/include PRIVATE_DEPENDENCIES = LIBTALLOC LIBSECURITY NDR_SECURITY SAMDB @@ -258,7 +258,7 @@ OBJ_FILES = \ ################################################ # Start MODULE ldb_subtree_rename [MODULE::ldb_subtree_rename] -INIT_FUNCTION = &ldb_subtree_rename_module_ops +INIT_FUNCTION = LDB_MODULE(subtree_rename) CFLAGS = -Ilib/ldb/include PRIVATE_DEPENDENCIES = LIBTALLOC SUBSYSTEM = LIBLDB @@ -270,7 +270,7 @@ OBJ_FILES = \ ################################################ # Start MODULE ldb_subtree_rename [MODULE::ldb_subtree_delete] -INIT_FUNCTION = &ldb_subtree_delete_module_ops +INIT_FUNCTION = LDB_MODULE(subtree_delete) CFLAGS = -Ilib/ldb/include PRIVATE_DEPENDENCIES = LIBTALLOC SUBSYSTEM = LIBLDB @@ -282,7 +282,7 @@ OBJ_FILES = \ ################################################ # Start MODULE ldb_linked_attributes [MODULE::ldb_linked_attributes] -INIT_FUNCTION = &ldb_linked_attributes_module_ops +INIT_FUNCTION = LDB_MODULE(linked_attributes) CFLAGS = -Ilib/ldb/include OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC SAMDB @@ -295,7 +295,7 @@ OBJ_FILES = \ ################################################ # Start MODULE ldb_ranged_results [MODULE::ldb_ranged_results] -INIT_FUNCTION = &ldb_ranged_results_module_ops +INIT_FUNCTION = LDB_MODULE(ranged_results) CFLAGS = -Ilib/ldb/include PRIVATE_DEPENDENCIES = LIBTALLOC SUBSYSTEM = LIBLDB @@ -307,7 +307,7 @@ OBJ_FILES = \ ################################################ # Start MODULE ldb_anr [MODULE::ldb_anr] -INIT_FUNCTION = &ldb_anr_module_ops +INIT_FUNCTION = LDB_MODULE(anr) CFLAGS = -Ilib/ldb/include OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC LIBSAMBA-UTIL SAMDB @@ -320,7 +320,7 @@ OBJ_FILES = \ ################################################ # Start MODULE ldb_normalise [MODULE::ldb_normalise] -INIT_FUNCTION = &ldb_normalise_module_ops +INIT_FUNCTION = LDB_MODULE(normalise) CFLAGS = -Ilib/ldb/include OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC LIBSAMBA-UTIL SAMDB @@ -333,7 +333,7 @@ OBJ_FILES = \ ################################################ # Start MODULE ldb_instancetype [MODULE::ldb_instancetype] -INIT_FUNCTION = &ldb_instancetype_module_ops +INIT_FUNCTION = LDB_MODULE(instancetype) CFLAGS = -Ilib/ldb/include OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC -- cgit From 446fb38765c8b3d0e8cf3f74442029cabca3a41b Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 28 Feb 2008 08:43:10 +1100 Subject: Users and computers now share the same template. Slowly work away at the samldb module again, it is clear that AD does not use much of a templating system. samAccountType is managed, as far as I can tell, when groupType or userAccountControl changes. Andrew Bartlett (This used to be commit 447d5a795441aa6beab2f057c5ac1bc3c04e08c4) --- source4/dsdb/samdb/ldb_modules/samldb.c | 135 +++++++++++++++++++++++--------- 1 file changed, 100 insertions(+), 35 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 178149a886..905cd4a995 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -396,6 +396,7 @@ static int samldb_fill_group_object(struct ldb_module *module, const struct ldb_ struct ldb_message **ret_msg) { int ret; + unsigned int group_type; char *name; struct ldb_message *msg2; struct ldb_dn *dom_dn; @@ -452,6 +453,26 @@ static int samldb_fill_group_object(struct ldb_module *module, const struct ldb_ } } + if (ldb_msg_find_element(msg2, "sAMAccountType") != NULL) { + ldb_asprintf_errstring(module->ldb, "sAMAccountType must not be specified"); + talloc_free(mem_ctx); + return LDB_ERR_UNWILLING_TO_PERFORM; + } + group_type = samdb_result_uint(msg2, "groupType", 0); + if (group_type == 0) { + ldb_asprintf_errstring(module->ldb, "groupType invalid"); + talloc_free(mem_ctx); + return LDB_ERR_UNWILLING_TO_PERFORM; + } else { + unsigned int account_type = samdb_gtype2atype(group_type); + ret = samdb_msg_add_uint(module->ldb, msg2, msg2, + "sAMAccountType", + account_type); + if (ret != LDB_SUCCESS) { + return ret; + } + } + /* Manage SID allocation, conflicts etc */ ret = samldb_handle_sid(module, mem_ctx, msg2, dom_dn); @@ -473,6 +494,7 @@ static int samldb_fill_user_or_computer_object(struct ldb_module *module, const const char *rdn_name; TALLOC_CTX *mem_ctx = talloc_new(msg); const char *errstr; + unsigned int user_account_control; if (!mem_ctx) { return LDB_ERR_OPERATIONS_ERROR; } @@ -485,36 +507,15 @@ static int samldb_fill_user_or_computer_object(struct ldb_module *module, const return LDB_ERR_OPERATIONS_ERROR; } - if (samdb_find_attribute(module->ldb, msg, "objectclass", "computer") != NULL) { - - ret = samdb_copy_template(module->ldb, msg2, - "computer", - &errstr); - if (ret) { - ldb_asprintf_errstring(module->ldb, - "samldb_fill_user_or_computer_object: " - "Error copying computer template: %s", - errstr); - talloc_free(mem_ctx); - return ret; - } - } else { - ret = samdb_copy_template(module->ldb, msg2, - "user", - &errstr); - if (ret) { - ldb_asprintf_errstring(module->ldb, - "samldb_fill_user_or_computer_object: Error copying user template: %s\n", - errstr); - talloc_free(mem_ctx); - return ret; - } - /* readd user objectclass */ - ret = samdb_find_or_add_value(module->ldb, msg2, "objectclass", "user"); - if (ret) { - talloc_free(mem_ctx); - return ret; - } + ret = samdb_copy_template(module->ldb, msg2, + "user", + &errstr); + if (ret) { + ldb_asprintf_errstring(module->ldb, + "samldb_fill_user_or_computer_object: Error copying user template: %s\n", + errstr); + talloc_free(mem_ctx); + return ret; } rdn_name = ldb_dn_get_rdn_name(msg2->dn); @@ -545,14 +546,30 @@ static int samldb_fill_user_or_computer_object(struct ldb_module *module, const } } - /* - TODO: useraccountcontrol: setting value 0 gives 0x200 for users - */ + if (ldb_msg_find_element(msg2, "sAMAccountType") != NULL) { + ldb_asprintf_errstring(module->ldb, "sAMAccountType must not be specified"); + talloc_free(mem_ctx); + return LDB_ERR_UNWILLING_TO_PERFORM; + } + user_account_control = samdb_result_uint(msg2, "userAccountControl", 0); + if (user_account_control == 0) { + ldb_asprintf_errstring(module->ldb, "userAccountControl invalid"); + talloc_free(mem_ctx); + return LDB_ERR_UNWILLING_TO_PERFORM; + } else { + unsigned int account_type = samdb_uf2atype(user_account_control); + ret = samdb_msg_add_uint(module->ldb, msg2, msg2, + "sAMAccountType", + account_type); + if (ret != LDB_SUCCESS) { + return ret; + } + } /* Manage SID allocation, conflicts etc */ ret = samldb_handle_sid(module, mem_ctx, msg2, dom_dn); - /* TODO: objectCategory, userAccountControl, badPwdCount, codePage, countryCode, badPasswordTime, lastLogoff, lastLogon, pwdLastSet, primaryGroupID, accountExpires, logonCount */ + /* TODO: userAccountControl, badPwdCount, codePage, countryCode, badPasswordTime, lastLogoff, lastLogon, pwdLastSet, primaryGroupID, accountExpires, logonCount */ if (ret == 0) { *ret_msg = msg2; @@ -689,7 +706,7 @@ static int samldb_add(struct ldb_module *module, struct ldb_request *req) } /* is user or computer? */ - if ((samdb_find_attribute(module->ldb, msg, "objectclass", "user") != NULL) || + if ((samdb_find_attribute(module->ldb, msg, "objectclass", "user") != NULL) || (samdb_find_attribute(module->ldb, msg, "objectclass", "computer") != NULL)) { /* add all relevant missing objects */ ret = samldb_fill_user_or_computer_object(module, msg, &msg2); @@ -745,6 +762,53 @@ static int samldb_add(struct ldb_module *module, struct ldb_request *req) return ret; } +/* modify */ +static int samldb_modify(struct ldb_module *module, struct ldb_request *req) +{ + struct ldb_message *msg; + struct ldb_message_element *el, *el2; + int ret; + unsigned int group_type, user_account_control, account_type; + if (ldb_msg_find_element(req->op.mod.message, "sAMAccountType") != NULL) { + ldb_asprintf_errstring(module->ldb, "sAMAccountType must not be specified"); + return LDB_ERR_UNWILLING_TO_PERFORM; + } + + el = ldb_msg_find_element(req->op.mod.message, "groupType"); + if (el && el->flags & (LDB_FLAG_MOD_ADD|LDB_FLAG_MOD_REPLACE) && el->num_values == 1) { + req->op.mod.message = msg = ldb_msg_copy_shallow(req, req->op.mod.message); + + group_type = strtoul((const char *)el->values[0].data, NULL, 0); + account_type = samdb_gtype2atype(group_type); + ret = samdb_msg_add_uint(module->ldb, msg, msg, + "sAMAccountType", + account_type); + if (ret != LDB_SUCCESS) { + return ret; + } + el2 = ldb_msg_find_element(msg, "sAMAccountType"); + el2->flags = LDB_FLAG_MOD_REPLACE; + } + + el = ldb_msg_find_element(req->op.mod.message, "userAccountControl"); + if (el && el->flags & (LDB_FLAG_MOD_ADD|LDB_FLAG_MOD_REPLACE) && el->num_values == 1) { + req->op.mod.message = msg = ldb_msg_copy_shallow(req, req->op.mod.message); + + user_account_control = strtoul((const char *)el->values[0].data, NULL, 0); + account_type = samdb_uf2atype(user_account_control); + ret = samdb_msg_add_uint(module->ldb, msg, msg, + "sAMAccountType", + account_type); + if (ret != LDB_SUCCESS) { + return ret; + } + el2 = ldb_msg_find_element(msg, "sAMAccountType"); + el2->flags = LDB_FLAG_MOD_REPLACE; + } + return ldb_next_request(module, req); +} + + static int samldb_init(struct ldb_module *module) { return ldb_next_init(module); @@ -754,4 +818,5 @@ _PUBLIC_ const struct ldb_module_ops ldb_samldb_module_ops = { .name = "samldb", .init_context = samldb_init, .add = samldb_add, + .modify = samldb_modify }; -- cgit From b29d47edcf2767d7f9e9f63332079c6e8e89946c Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 3 Mar 2008 18:25:28 +0100 Subject: Move object file lists to the Makefile. (This used to be commit a7e6d2a1832db388fdafa1279f84c9a8bbfc87d6) --- source4/dsdb/samdb/ldb_modules/config.mk | 115 ++++++++++++++----------------- 1 file changed, 53 insertions(+), 62 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index 62fbe75c80..a0d8a537b4 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -5,11 +5,11 @@ SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC LIBNDR NDR_MISC INIT_FUNCTION = LDB_MODULE(objectguid) -OBJ_FILES = \ - objectguid.o # End MODULE ldb_objectguid ################################################ +ldb_objectguid_OBJ_FILES = dsdb/samdb/ldb_modules/objectguid.o + ################################################ # Start MODULE ldb_repl_meta_data [MODULE::ldb_repl_meta_data] @@ -18,11 +18,11 @@ OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = SAMDB LIBTALLOC LIBNDR NDR_MISC NDR_DRSUAPI \ NDR_DRSBLOBS LIBNDR INIT_FUNCTION = LDB_MODULE(repl_meta_data) -OBJ_FILES = \ - repl_meta_data.o # End MODULE ldb_repl_meta_data ################################################ +ldb_repl_meta_data_OBJ_FILES = dsdb/samdb/ldb_modules/repl_meta_data.o + ################################################ # Start MODULE ldb_dsdb_cache [MODULE::ldb_dsdb_cache] @@ -30,11 +30,11 @@ SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = SAMDB LIBTALLOC INIT_FUNCTION = LDB_MODULE(dsdb_cache) -OBJ_FILES = \ - dsdb_cache.o # End MODULE ldb_dsdb_cache ################################################ +ldb_dsdb_cache_OBJ_FILES = dsdb/samdb/ldb_modules/dsdb_cache.o + ################################################ # Start MODULE ldb_schema_fsmo [MODULE::ldb_schema_fsmo] @@ -42,11 +42,11 @@ SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = SAMDB LIBTALLOC INIT_FUNCTION = LDB_MODULE(schema_fsmo) -OBJ_FILES = \ - schema_fsmo.o # End MODULE ldb_schema_fsmo ################################################ +ldb_schema_fsmo_OBJ_FILES = dsdb/samdb/ldb_modules/schema_fsmo.o + ################################################ # Start MODULE ldb_naming_fsmo [MODULE::ldb_naming_fsmo] @@ -54,11 +54,11 @@ SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = SAMDB LIBTALLOC INIT_FUNCTION = LDB_MODULE(naming_fsmo) -OBJ_FILES = \ - naming_fsmo.o # End MODULE ldb_naming_fsmo ################################################ +ldb_naming_fsmo_OBJ_FILES = dsdb/samdb/ldb_modules/naming_fsmo.o + ################################################ # Start MODULE ldb_pdc_fsmo [MODULE::ldb_pdc_fsmo] @@ -66,11 +66,11 @@ SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = SAMDB LIBTALLOC INIT_FUNCTION = LDB_MODULE(pdc_fsmo) -OBJ_FILES = \ - pdc_fsmo.o # End MODULE ldb_pdc_fsmo ################################################ +ldb_pdc_fsmo_OBJ_FILES = dsdb/samdb/ldb_modules/pdc_fsmo.o + ################################################ # Start MODULE ldb_samldb [MODULE::ldb_samldb] @@ -78,12 +78,11 @@ SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC LDAP_ENCODE NDR_MISC SAMDB INIT_FUNCTION = LDB_MODULE(samldb) -OBJ_FILES = \ - samldb.o -# # End MODULE ldb_samldb ################################################ +ldb_samldb_OBJ_FILES = dsdb/samdb/ldb_modules/samldb.o + ################################################ # Start MODULE ldb_samba3sam [MODULE::ldb_samba3sam] @@ -92,12 +91,11 @@ OUTPUT_TYPE = SHARED_LIBRARY INIT_FUNCTION = LDB_MODULE(samba3sam) PRIVATE_DEPENDENCIES = LIBTALLOC ldb_map SMBPASSWD NSS_WRAPPER LIBSECURITY \ NDR_SECURITY -OBJ_FILES = \ - samba3sam.o -# # End MODULE ldb_samldb ################################################ +ldb_samba3sam_OBJ_FILES = dsdb/samdb/ldb_modules/samba3sam.o + ################################################ # Start MODULE ldb_simple_ldap_map [MODULE::ldb_simple_ldap_map] @@ -107,12 +105,11 @@ INIT_FUNCTION = LDB_MODULE(simple_ldap_map) PRIVATE_DEPENDENCIES = LIBTALLOC ldb_map LIBNDR NDR_MISC ENABLE = YES ALIASES = entryuuid nsuniqueid -OBJ_FILES = \ - simple_ldap_map.o -# # End MODULE ldb_entryuuid ################################################ +ldb_simple_ldap_map_OBJ_FILES = dsdb/samdb/ldb_modules/simple_ldap_map.o + # ################################################ # # Start MODULE ldb_proxy # [MODULE::ldb_proxy] @@ -132,25 +129,24 @@ SUBSYSTEM = LIBLDB PRIVATE_DEPENDENCIES = LIBTALLOC SAMDB OUTPUT_TYPE = SHARED_LIBRARY INIT_FUNCTION = LDB_MODULE(rootdse) -OBJ_FILES = \ - rootdse.o -# # End MODULE ldb_rootdse ################################################ +ldb_rootdse_OBJ_FILES = dsdb/samdb/ldb_modules/rootdse.o + ################################################ # Start MODULE ldb_password_hash [MODULE::ldb_password_hash] SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY INIT_FUNCTION = LDB_MODULE(password_hash) -OBJ_FILES = password_hash.o PRIVATE_DEPENDENCIES = HEIMDAL_HDB_KEYS LIBTALLOC HEIMDAL_KRB5 LDAP_ENCODE \ LIBCLI_AUTH NDR_DRSBLOBS KERBEROS SAMDB -# # End MODULE ldb_password_hash ################################################ +ldb_password_hash_OBJ_FILES = dsdb/samdb/ldb_modules/password_hash.o + ################################################ # Start MODULE ldb_local_password [MODULE::ldb_local_password] @@ -158,11 +154,11 @@ PRIVATE_DEPENDENCIES = LIBTALLOC LIBNDR SAMDB OUTPUT_TYPE = SHARED_LIBRARY SUBSYSTEM = LIBLDB INIT_FUNCTION = LDB_MODULE(local_password) -OBJ_FILES = local_password.o -# # End MODULE ldb_local_password ################################################ +ldb_local_password_OBJ_FILES = dsdb/samdb/ldb_modules/local_password.o + ################################################ # Start MODULE ldb_kludge_acl [MODULE::ldb_kludge_acl] @@ -170,12 +166,12 @@ PRIVATE_DEPENDENCIES = LIBTALLOC LIBSECURITY SAMDB OUTPUT_TYPE = SHARED_LIBRARY SUBSYSTEM = LIBLDB INIT_FUNCTION = LDB_MODULE(kludge_acl) -OBJ_FILES = \ - kludge_acl.o -# + # End MODULE ldb_kludge_acl ################################################ +ldb_kludge_acl_OBJ_FILES = dsdb/samdb/ldb_modules/kludge_acl.o + ################################################ # Start MODULE ldb_extended_dn [MODULE::ldb_extended_dn] @@ -183,12 +179,11 @@ SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC LIBNDR LIBSECURITY SAMDB INIT_FUNCTION = LDB_MODULE(extended_dn) -OBJ_FILES = \ - extended_dn.o -# # End MODULE ldb_extended_dn ################################################ +ldb_extended_dn_OBJ_FILES = dsdb/samdb/ldb_modules/extended_dn.o + ################################################ # Start MODULE ldb_show_deleted [MODULE::ldb_show_deleted] @@ -196,12 +191,11 @@ SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC INIT_FUNCTION = LDB_MODULE(show_deleted) -OBJ_FILES = \ - show_deleted.o -# # End MODULE ldb_show_deleted ################################################ +ldb_show_deleted_OBJ_FILES = dsdb/samdb/ldb_modules/show_deleted.o + ################################################ # Start MODULE ldb_partition [MODULE::ldb_partition] @@ -209,12 +203,11 @@ SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC SAMDB INIT_FUNCTION = LDB_MODULE(partition) -OBJ_FILES = \ - partition.o -# # End MODULE ldb_partition ################################################ +ldb_partition_OBJ_FILES = dsdb/samdb/ldb_modules/partition.o + ################################################ # Start MODULE ldb_schema [MODULE::ldb_schema] @@ -222,12 +215,11 @@ SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC LIBLDB INIT_FUNCTION = LDB_MODULE(schema) -OBJ_FILES = \ - schema.o schema_syntax.o -# # End MODULE ldb_schema ################################################ +ldb_schema_OBJ_FILES = $(addprefix dsdb/samdb/ldb_modules/, schema.o schema_syntax.o) + ################################################ # Start MODULE ldb_update_kt [MODULE::ldb_update_keytab] @@ -236,12 +228,11 @@ OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC CREDENTIALS #Also depends on credentials, but that would loop INIT_FUNCTION = LDB_MODULE(update_kt) -OBJ_FILES = \ - update_keytab.o -# # End MODULE ldb_update_kt ################################################ +ldb_update_keytab_OBJ_FILES = dsdb/samdb/ldb_modules/update_keytab.o + ################################################ # Start MODULE ldb_objectclass [MODULE::ldb_objectclass] @@ -250,11 +241,11 @@ OUTPUT_TYPE = SHARED_LIBRARY CFLAGS = -Ilib/ldb/include PRIVATE_DEPENDENCIES = LIBTALLOC LIBSECURITY NDR_SECURITY SAMDB SUBSYSTEM = LIBLDB -OBJ_FILES = \ - objectclass.o # End MODULE ldb_objectclass ################################################ +ldb_objectclass_OBJ_FILES = dsdb/samdb/ldb_modules/objectclass.o + ################################################ # Start MODULE ldb_subtree_rename [MODULE::ldb_subtree_rename] @@ -262,11 +253,11 @@ INIT_FUNCTION = LDB_MODULE(subtree_rename) CFLAGS = -Ilib/ldb/include PRIVATE_DEPENDENCIES = LIBTALLOC SUBSYSTEM = LIBLDB -OBJ_FILES = \ - subtree_rename.o # End MODULE ldb_subtree_rename ################################################ +ldb_subtree_rename_OBJ_FILES = dsdb/samdb/ldb_modules/subtree_rename.o + ################################################ # Start MODULE ldb_subtree_rename [MODULE::ldb_subtree_delete] @@ -274,11 +265,11 @@ INIT_FUNCTION = LDB_MODULE(subtree_delete) CFLAGS = -Ilib/ldb/include PRIVATE_DEPENDENCIES = LIBTALLOC SUBSYSTEM = LIBLDB -OBJ_FILES = \ - subtree_delete.o # End MODULE ldb_subtree_rename ################################################ +ldb_subtree_delete_OBJ_FILES = subtree_delete.o + ################################################ # Start MODULE ldb_linked_attributes [MODULE::ldb_linked_attributes] @@ -287,11 +278,11 @@ CFLAGS = -Ilib/ldb/include OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC SAMDB SUBSYSTEM = LIBLDB -OBJ_FILES = \ - linked_attributes.o # End MODULE ldb_linked_attributes ################################################ +ldb_linked_attributes_OBJ_FILES = dsdb/samdb/ldb_modules/linked_attributes.o + ################################################ # Start MODULE ldb_ranged_results [MODULE::ldb_ranged_results] @@ -299,11 +290,11 @@ INIT_FUNCTION = LDB_MODULE(ranged_results) CFLAGS = -Ilib/ldb/include PRIVATE_DEPENDENCIES = LIBTALLOC SUBSYSTEM = LIBLDB -OBJ_FILES = \ - ranged_results.o # End MODULE ldb_ranged_results ################################################ +ldb_ranged_results_OBJ_FILES = dsdb/samdb/ldb_modules/ranged_results.o + ################################################ # Start MODULE ldb_anr [MODULE::ldb_anr] @@ -312,11 +303,11 @@ CFLAGS = -Ilib/ldb/include OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC LIBSAMBA-UTIL SAMDB SUBSYSTEM = LIBLDB -OBJ_FILES = \ - anr.o # End MODULE ldb_anr ################################################ +ldb_anr_OBJ_FILES = dsdb/samdb/ldb_modules/anr.o + ################################################ # Start MODULE ldb_normalise [MODULE::ldb_normalise] @@ -325,11 +316,11 @@ CFLAGS = -Ilib/ldb/include OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC LIBSAMBA-UTIL SAMDB SUBSYSTEM = LIBLDB -OBJ_FILES = \ - normalise.o # End MODULE ldb_normalise ################################################ +ldb_normalise_OBJ_FILES = dsdb/samdb/ldb_modules/normalise.o + ################################################ # Start MODULE ldb_instancetype [MODULE::ldb_instancetype] @@ -338,8 +329,8 @@ CFLAGS = -Ilib/ldb/include OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC SUBSYSTEM = LIBLDB -OBJ_FILES = \ - instancetype.o # End MODULE ldb_instancetype ################################################ +ldb_instancetype_OBJ_FILES = dsdb/samdb/ldb_modules/instancetype.o + -- cgit From a69acf7cb96bf41bafce303a2cf21c31f1366328 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 4 Mar 2008 01:37:18 +0100 Subject: Deal with subsystems with no settings, several other minor fixes. (This used to be commit 10cf48591e8d6bfb750a6ff187f04ea24a1f8cd7) --- source4/dsdb/samdb/ldb_modules/config.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index a0d8a537b4..1708c66d44 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -268,7 +268,7 @@ SUBSYSTEM = LIBLDB # End MODULE ldb_subtree_rename ################################################ -ldb_subtree_delete_OBJ_FILES = subtree_delete.o +ldb_subtree_delete_OBJ_FILES = dsdb/samdb/ldb_modules/subtree_delete.o ################################################ # Start MODULE ldb_linked_attributes -- cgit From 8a10979e6b5baaf9d4ef1703f056cdae6a81cf0e Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 4 Mar 2008 13:40:50 +1100 Subject: The DN in objectCategory should, if possible, be returned pretty... This avoids going via the canonicalise_fn(), which will upper case the DN Andrew Bartlett (This used to be commit cdff1b0802437d713652b89f4522d3cce97c30ec) --- source4/dsdb/samdb/ldb_modules/normalise.c | 4 ++-- source4/dsdb/samdb/ldb_modules/simple_ldap_map.c | 8 ++++++++ 2 files changed, 10 insertions(+), 2 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/normalise.c b/source4/dsdb/samdb/ldb_modules/normalise.c index 695393d4e8..a0eff43534 100644 --- a/source4/dsdb/samdb/ldb_modules/normalise.c +++ b/source4/dsdb/samdb/ldb_modules/normalise.c @@ -106,8 +106,8 @@ static int normalise_search_callback(struct ldb_context *ldb, void *context, str continue; } /* Look to see if this attributeSyntax is a DN */ - if ((strcmp(attribute->attributeSyntax_oid, "2.5.5.1") != 0) && - (strcmp(attribute->attributeSyntax_oid, "2.5.5.7") != 0)) { + if (!((strcmp(attribute->attributeSyntax_oid, "2.5.5.1") == 0) || + (strcmp(attribute->attributeSyntax_oid, "2.5.5.7") == 0))) { continue; } for (j = 0; j < ares->message->elements[i].num_values; j++) { diff --git a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c index 3f4c19d285..91896d7247 100644 --- a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c +++ b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c @@ -153,9 +153,17 @@ static struct ldb_val sid_always_binary(struct ldb_module *module, TALLOC_CTX *c /* Ensure we always convert objectCategory into a DN */ static struct ldb_val objectCategory_always_dn(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) { + struct ldb_dn *dn; struct ldb_val out = data_blob(NULL, 0); const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(module->ldb, "objectCategory"); + dn = ldb_dn_new(ctx, module->ldb, val->data); + if (dn && ldb_dn_is_valid(dn)) { + talloc_free(dn); + return val_copy(module, ctx, val); + } + talloc_free(dn); + if (a->syntax->canonicalise_fn(module->ldb, ctx, val, &out) != LDB_SUCCESS) { return data_blob(NULL, 0); } -- cgit From 7e0ef3fd0ef4dba827f331cbe43fa0524be91130 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 6 Mar 2008 21:55:26 +1100 Subject: Make Samba4 pass the NET-API-BECOMEDC test against Win2k3 (again). To make Samba4, using the python provision system, pass this test required some major rework. Untested code is broken code, and some of the refactoring for a seperate provision test (which also now passes) broke things. Similarly, the iconv work has compiled, but these codepaths have never been run (NULL pointer de-reference). In working to use a local, rather than global, loadparm context, and to support using a target directory, a few things needed to be reworked, particularly around path handling. Andrew Bartlett (This used to be commit 1169e8d7bee20477b0efbfea3534ac63c83fb3d6) --- source4/dsdb/samdb/ldb_modules/schema_fsmo.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c index 729fd15202..8ceeba9804 100644 --- a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c +++ b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c @@ -30,6 +30,7 @@ #include "librpc/gen_ndr/ndr_drsuapi.h" #include "librpc/gen_ndr/ndr_drsblobs.h" #include "lib/util/dlinklist.h" +#include "param/param.h" static int schema_fsmo_init(struct ldb_module *module) { @@ -78,7 +79,7 @@ static int schema_fsmo_init(struct ldb_module *module) } module->private_data = schema_fsmo; - schema = talloc_zero(mem_ctx, struct dsdb_schema); + schema = dsdb_new_schema(mem_ctx, lp_iconv_convenience(ldb_get_opaque(module->ldb, "loadparm"))); if (!schema) { ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; -- cgit From 58edd6d17951553cb6b693b37ce88454668b1c50 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 13 Mar 2008 10:27:09 +1100 Subject: Don't segfault on invalid objectClass input. If the objectClass found does not include a defaultSecurityDescriptor, then we should not segfault in the SDDL parser. Andrew Bartlett (This used to be commit 5a92771fb55149fcf24f21f30e4c6a622bef44f8) --- source4/dsdb/samdb/ldb_modules/objectclass.c | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c index e63ad4de56..537a56045d 100644 --- a/source4/dsdb/samdb/ldb_modules/objectclass.c +++ b/source4/dsdb/samdb/ldb_modules/objectclass.c @@ -257,12 +257,17 @@ static DATA_BLOB *get_sd(struct ldb_module *module, TALLOC_CTX *mem_ctx, DATA_BLOB *linear_sd; struct auth_session_info *session_info = ldb_get_opaque(module->ldb, "sessionInfo"); - struct security_descriptor *sd - = sddl_decode(mem_ctx, - objectclass->defaultSecurityDescriptor, - samdb_domain_sid(module->ldb)); + struct security_descriptor *sd; - if (!session_info || !session_info->security_token) { + if (!objectclass->defaultSecurityDescriptor) { + return NULL; + } + + sd = sddl_decode(mem_ctx, + objectclass->defaultSecurityDescriptor, + samdb_domain_sid(module->ldb)); + + if (!sd || !session_info || !session_info->security_token) { return NULL; } @@ -538,7 +543,9 @@ static int objectclass_do_add(struct ldb_handle *h) } if (!ldb_msg_find_element(msg, "nTSecurityDescriptor")) { DATA_BLOB *sd = get_sd(ac->module, mem_ctx, current->objectclass); - ldb_msg_add_steal_value(msg, "nTSecurityDescriptor", sd); + if (sd) { + ldb_msg_add_steal_value(msg, "nTSecurityDescriptor", sd); + } } } } -- cgit From 0c882402360a10b19a038bce9f87e241051c9ba8 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 13 Mar 2008 11:36:58 +1100 Subject: Rework to have member server 'domains' be CN=NETBIOSNAME This reworks quite a few parts of our provision system to use CN=NETBIOSNAME as the domain for member servers. This makes it clear that these domains are not in the DNS structure, while complying with our own schema (found by OpenLDAP's schema validation). Andrew Bartlett (This used to be commit bda6a38b055fed2394e65cdc0b308a1442116402) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index aa64700f2f..ec19e0d49e 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -1220,7 +1220,7 @@ static int build_domain_data_request(struct ph_context *ac) ac->dom_req->op.search.base = ldb_get_default_basedn(ac->module->ldb); ac->dom_req->op.search.scope = LDB_SCOPE_SUBTREE; - filter = talloc_asprintf(ac->dom_req, "(&(objectSid=%s)(|(objectClass=domain)(objectClass=builtinDomain)))", + filter = talloc_asprintf(ac->dom_req, "(&(objectSid=%s)(|(|(objectClass=domain)(objectClass=builtinDomain))(objectClass=samba4LocalDomain)))", ldap_encode_ndr_dom_sid(ac->dom_req, ac->domain_sid)); if (filter == NULL) { ldb_debug(ac->module->ldb, LDB_DEBUG_ERROR, "Out of Memory!\n"); -- cgit From e50d666bf9b2e5f18d19f6e1b9388d1ea7be0ff2 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 13 Mar 2008 14:12:18 +1100 Subject: Correctly normalise records against OpenLDAP. Fixing this simple typo allows more of the ldap.js test to pass. Andrew Bartlett (This used to be commit 7c80cd18d5cd9cbf32dac15a4734f5a3c67cd0e7) --- source4/dsdb/samdb/ldb_modules/normalise.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/normalise.c b/source4/dsdb/samdb/ldb_modules/normalise.c index a0eff43534..8de9e33002 100644 --- a/source4/dsdb/samdb/ldb_modules/normalise.c +++ b/source4/dsdb/samdb/ldb_modules/normalise.c @@ -117,7 +117,7 @@ static int normalise_search_callback(struct ldb_context *ldb, void *context, str talloc_free(mem_ctx); return LDB_ERR_OPERATIONS_ERROR; } - ret = fix_dn(ares->message->dn); + ret = fix_dn(dn); if (ret != LDB_SUCCESS) { talloc_free(mem_ctx); return ret; -- cgit From 4a2ba0c047249fa6f7f4c78313b3b221d9a5bcc7 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 13 Mar 2008 14:12:50 +1100 Subject: Bail out, rather than segfault on no domain sid. Andrew Bartlett (This used to be commit 7e85f318b571d1a909dffad0ecd661468ed497ca) --- source4/dsdb/samdb/ldb_modules/objectclass.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c index 537a56045d..4d4ef585cb 100644 --- a/source4/dsdb/samdb/ldb_modules/objectclass.c +++ b/source4/dsdb/samdb/ldb_modules/objectclass.c @@ -258,14 +258,15 @@ static DATA_BLOB *get_sd(struct ldb_module *module, TALLOC_CTX *mem_ctx, struct auth_session_info *session_info = ldb_get_opaque(module->ldb, "sessionInfo"); struct security_descriptor *sd; + struct dom_sid *domain_sid = samdb_domain_sid(module->ldb); - if (!objectclass->defaultSecurityDescriptor) { + if (!objectclass->defaultSecurityDescriptor || !domain_sid) { return NULL; } sd = sddl_decode(mem_ctx, objectclass->defaultSecurityDescriptor, - samdb_domain_sid(module->ldb)); + domain_sid); if (!sd || !session_info || !session_info->security_token) { return NULL; -- cgit From de9b3af624833be8f5c3520d5ac99fba14b8032f Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 14 Mar 2008 12:32:07 +1100 Subject: Allow more 'domain' objects when looking for a unqiue SID. Andrew Bartlett (This used to be commit db3b5f16ec8d9b83d8a82a535a4847dce5923663) --- source4/dsdb/samdb/ldb_modules/samldb.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 905cd4a995..5407db9956 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -293,7 +293,7 @@ int samldb_notice_sid(struct ldb_module *module, /* find the domain DN */ ret = ldb_search_exp_fmt(module->ldb, mem_ctx, &dom_res, NULL, LDB_SCOPE_SUBTREE, attrs, - "(&(objectSid=%s)(objectclass=domain))", + "(&(objectSid=%s)(|(|(objectClass=domain)(objectClass=builtinDomain))(objectClass=samba4LocalDomain)))", ldap_encode_ndr_dom_sid(mem_ctx, dom_sid)); if (ret == LDB_SUCCESS) { if (dom_res->count == 0) { @@ -369,7 +369,7 @@ static int samldb_generate_samAccountName(struct ldb_module *module, TALLOC_CTX /* Format: $000000-000000000000 */ do { - *name = talloc_asprintf(mem_ctx, "$%.6X-%.6X%.6X", (unsigned int)random(), (unsigned int)random(), (unsigned int)random()); + *name = talloc_asprintf(mem_ctx, "$%.6X-%.6X%.6X", (unsigned int)generate_random(), (unsigned int)generate_random(), (unsigned int)generate_random()); /* TODO: Figure out exactly what this is meant to conflict with */ ret = ldb_search_exp_fmt(module->ldb, mem_ctx, &res, dom_dn, LDB_SCOPE_SUBTREE, attrs, -- cgit From 79a25a648debf0aba77185a5b2b1ee979210359c Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 19 Mar 2008 12:06:37 +1100 Subject: Indent Andrew Bartlett (This used to be commit d2b5f40d80008ca3269118915409333755b6eac3) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index ec19e0d49e..1d2bdd988e 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -1220,7 +1220,8 @@ static int build_domain_data_request(struct ph_context *ac) ac->dom_req->op.search.base = ldb_get_default_basedn(ac->module->ldb); ac->dom_req->op.search.scope = LDB_SCOPE_SUBTREE; - filter = talloc_asprintf(ac->dom_req, "(&(objectSid=%s)(|(|(objectClass=domain)(objectClass=builtinDomain))(objectClass=samba4LocalDomain)))", + filter = talloc_asprintf(ac->dom_req, + "(&(objectSid=%s)(|(|(objectClass=domain)(objectClass=builtinDomain))(objectClass=samba4LocalDomain)))", ldap_encode_ndr_dom_sid(ac->dom_req, ac->domain_sid)); if (filter == NULL) { ldb_debug(ac->module->ldb, LDB_DEBUG_ERROR, "Out of Memory!\n"); -- cgit From 9a1bec08013dda77597369387da0193081a7a6e2 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 20 Mar 2008 12:12:10 +1100 Subject: More kludge ACLs! Rather than killing off the nasty 'kludge ACLs' stuff, this patch extends it, to ensure that LSA secrets and the registry are also protected. Andrew Bartlett (This used to be commit 2f2b110fb870132099bad1d4c16ed8962affb3ce) --- source4/dsdb/samdb/ldb_modules/kludge_acl.c | 45 ++++++----------------------- 1 file changed, 9 insertions(+), 36 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index e3e1f7ac88..e418031271 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -46,42 +46,15 @@ * */ -enum user_is { - ANONYMOUS, - USER, - ADMINISTRATOR, - SYSTEM -}; - struct kludge_private_data { const char **password_attrs; }; -static enum user_is what_is_user(struct ldb_module *module) +static enum security_user_level what_is_user(struct ldb_module *module) { struct auth_session_info *session_info = (struct auth_session_info *)ldb_get_opaque(module->ldb, "sessionInfo"); - if (!session_info) { - return ANONYMOUS; - } - - if (security_token_is_system(session_info->security_token)) { - return SYSTEM; - } - - if (security_token_is_anonymous(session_info->security_token)) { - return ANONYMOUS; - } - - if (security_token_has_builtin_administrators(session_info->security_token)) { - return ADMINISTRATOR; - } - - if (security_token_has_nt_authenticated_users(session_info->security_token)) { - return USER; - } - - return ANONYMOUS; + return security_session_user_level(session_info); } static const char *user_name(TALLOC_CTX *mem_ctx, struct ldb_module *module) @@ -104,7 +77,7 @@ struct kludge_acl_context { void *up_context; int (*up_callback)(struct ldb_context *, void *, struct ldb_reply *); - enum user_is user_type; + enum security_user_level user_type; bool allowedAttributes; bool allowedAttributesEffective; bool allowedChildClasses; @@ -272,8 +245,8 @@ static int kludge_acl_callback(struct ldb_context *ldb, void *context, struct ld if (data && data->password_attrs) /* if we are not initialized just get through */ { switch (ac->user_type) { - case SYSTEM: - case ADMINISTRATOR: + case SECURITY_SYSTEM: + case SECURITY_ADMINISTRATOR: if (ac->allowedAttributesEffective) { ret = kludge_acl_allowedAttributes(ldb, ares->message, "allowedAttributesEffective"); if (ret != LDB_SUCCESS) { @@ -359,7 +332,7 @@ static int kludge_acl_search(struct ldb_module *module, struct ldb_request *req) so we don't allow a search for 'sambaPassword=penguin', just as we would not allow that attribute to be returned */ switch (ac->user_type) { - case SYSTEM: + case SECURITY_SYSTEM: break; default: /* remove password attributes */ @@ -391,10 +364,10 @@ static int kludge_acl_search(struct ldb_module *module, struct ldb_request *req) /* ANY change type */ static int kludge_acl_change(struct ldb_module *module, struct ldb_request *req) { - enum user_is user_type = what_is_user(module); + enum security_user_level user_type = what_is_user(module); switch (user_type) { - case SYSTEM: - case ADMINISTRATOR: + case SECURITY_SYSTEM: + case SECURITY_ADMINISTRATOR: return ldb_next_request(module, req); default: ldb_asprintf_errstring(module->ldb, -- cgit From 8f8c56bfbcbfe8f80afb09eb1d481a108b252bee Mon Sep 17 00:00:00 2001 From: Andrew Kroeger Date: Fri, 28 Mar 2008 01:08:49 -0500 Subject: Convert some more files to GPLv3. (This used to be commit ebe5e8399422eb7e2ff4deb546338823e2718907) --- source4/dsdb/samdb/ldb_modules/partition.c | 2 +- source4/dsdb/samdb/ldb_modules/samldb.c | 2 +- source4/dsdb/samdb/ldb_modules/schema.c | 2 -- source4/dsdb/samdb/ldb_modules/schema_syntax.c | 2 -- source4/dsdb/samdb/ldb_modules/schema_syntax.h | 2 -- 5 files changed, 2 insertions(+), 8 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index 78b5a09f78..56b05691bb 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -6,7 +6,7 @@ Copyright (C) Stefan Metzmacher 2007 * NOTICE: this module is NOT released under the GNU LGPL license as - * other ldb code. This module is release under the GNU GPL v2 or + * other ldb code. This module is release under the GNU GPL v3 or * later license. This program is free software; you can redistribute it and/or modify diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 5407db9956..3b67ca19d3 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -5,7 +5,7 @@ Copyright (C) Andrew Bartlett 2005 * NOTICE: this module is NOT released under the GNU LGPL license as - * other ldb code. This module is release under the GNU GPL v2 or + * other ldb code. This module is release under the GNU GPL v3 or * later license. This program is free software; you can redistribute it and/or modify diff --git a/source4/dsdb/samdb/ldb_modules/schema.c b/source4/dsdb/samdb/ldb_modules/schema.c index ff9530ca92..f2c4d38305 100644 --- a/source4/dsdb/samdb/ldb_modules/schema.c +++ b/source4/dsdb/samdb/ldb_modules/schema.c @@ -25,8 +25,6 @@ * Description: add schema check functionality * * Author: Simo Sorce - * - * License: GNU GPL v2 or Later */ #include "includes.h" diff --git a/source4/dsdb/samdb/ldb_modules/schema_syntax.c b/source4/dsdb/samdb/ldb_modules/schema_syntax.c index f737cc6fdc..d800e4b6d2 100644 --- a/source4/dsdb/samdb/ldb_modules/schema_syntax.c +++ b/source4/dsdb/samdb/ldb_modules/schema_syntax.c @@ -25,8 +25,6 @@ * Description: add schema syntax functionality * * Author: Simo Sorce - * - * License: GNU GPL v2 or Later */ #include "includes.h" diff --git a/source4/dsdb/samdb/ldb_modules/schema_syntax.h b/source4/dsdb/samdb/ldb_modules/schema_syntax.h index fa3fdbe5a2..37f7584d41 100644 --- a/source4/dsdb/samdb/ldb_modules/schema_syntax.h +++ b/source4/dsdb/samdb/ldb_modules/schema_syntax.h @@ -25,8 +25,6 @@ * Description: add schema syntax functionality * * Author: Simo Sorce - * - * License: GNU GPL v2 or Later */ -- cgit From e0c90d613121432700ea44011fda51e623de996c Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 29 Mar 2008 11:18:00 +1100 Subject: Fix some valgrind issues. These small changes seem to fix some of the early issues in 'make valgrindtest' Previously, the subtree_delete code didn't pass on the timeout, leaving it uninitialised. The ldap_server/ldap_backend.c change tidies up the talloc hierarchy a bit. Andrew Bartlett (This used to be commit 95314f29a9cf83db71d37e68728bfb5009fce60d) --- source4/dsdb/samdb/ldb_modules/subtree_delete.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/subtree_delete.c b/source4/dsdb/samdb/ldb_modules/subtree_delete.c index 56ae7b239a..9c332d2969 100644 --- a/source4/dsdb/samdb/ldb_modules/subtree_delete.c +++ b/source4/dsdb/samdb/ldb_modules/subtree_delete.c @@ -160,6 +160,12 @@ static int subtree_delete(struct ldb_module *module, struct ldb_request *req) return ret; } + ret = ldb_set_timeout_from_prev_req(module->ldb, req, new_req); + + if (ret != LDB_SUCCESS) { + return ret; + } + ac->search_req = new_req; if (req == NULL) { ldb_oom(ac->module->ldb); -- cgit From 1c1c6fca660c304630672e87c20819daf8e008fc Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 29 Mar 2008 13:32:15 +1100 Subject: Fix more valgrind issues. This passes down the timeout more consistantly, and ensures that no matter how the modules screw up, we don't free() the memory we are going to write into the ASN1 packet until we actually write it out. Andrew Bartlett (This used to be commit eefd46289b90967ce6b4cd385fb1f7e1d6f9b343) --- source4/dsdb/samdb/ldb_modules/linked_attributes.c | 30 +++++++++++++++++++++- source4/dsdb/samdb/ldb_modules/subtree_rename.c | 16 +++++++++++- 2 files changed, 44 insertions(+), 2 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/linked_attributes.c b/source4/dsdb/samdb/ldb_modules/linked_attributes.c index 8685c722aa..04b9987071 100644 --- a/source4/dsdb/samdb/ldb_modules/linked_attributes.c +++ b/source4/dsdb/samdb/ldb_modules/linked_attributes.c @@ -520,6 +520,12 @@ static int linked_attributes_modify(struct ldb_module *module, struct ldb_reques talloc_steal(new_req, attrs); + ret = ldb_set_timeout_from_prev_req(module->ldb, req, new_req); + + if (ret != LDB_SUCCESS) { + return ret; + } + /* Create a spot in the list for the requests */ ac->down_req = talloc_realloc(ac, ac->down_req, struct ldb_request *, ac->num_requests + 1); @@ -568,6 +574,12 @@ static int linked_attributes_modify(struct ldb_module *module, struct ldb_reques talloc_steal(new_req, attrs); + ret = ldb_set_timeout_from_prev_req(module->ldb, req, new_req); + + if (ret != LDB_SUCCESS) { + return ret; + } + /* Create a spot in the list for the requests */ ac->down_req = talloc_realloc(ac, ac->down_req, struct ldb_request *, ac->num_requests + 1); @@ -629,7 +641,11 @@ static int linked_attributes_modify(struct ldb_module *module, struct ldb_reques talloc_steal(new_req, new_msg); - ldb_set_timeout_from_prev_req(module->ldb, req, new_req); + ret = ldb_set_timeout_from_prev_req(module->ldb, req, new_req); + + if (ret != LDB_SUCCESS) { + return ret; + } /* Now add it to the list */ ac->down_req = talloc_realloc(ac, ac->down_req, @@ -752,6 +768,12 @@ static int linked_attributes_rename(struct ldb_module *module, struct ldb_reques talloc_steal(new_req, attrs); + ret = ldb_set_timeout_from_prev_req(module->ldb, req, new_req); + + if (ret != LDB_SUCCESS) { + return ret; + } + ac->search_req = new_req; ac->step = LA_SEARCH; return ldb_next_request(module, new_req); @@ -805,6 +827,12 @@ static int linked_attributes_delete(struct ldb_module *module, struct ldb_reques talloc_steal(new_req, attrs); + ret = ldb_set_timeout_from_prev_req(module->ldb, req, new_req); + + if (ret != LDB_SUCCESS) { + return ret; + } + ac->search_req = new_req; ac->step = LA_SEARCH; return ldb_next_request(module, new_req); diff --git a/source4/dsdb/samdb/ldb_modules/subtree_rename.c b/source4/dsdb/samdb/ldb_modules/subtree_rename.c index bf8124e253..fd1388d416 100644 --- a/source4/dsdb/samdb/ldb_modules/subtree_rename.c +++ b/source4/dsdb/samdb/ldb_modules/subtree_rename.c @@ -117,7 +117,15 @@ static int subtree_rename_search_callback(struct ldb_context *ldb, void *context NULL, NULL); - if (ret != LDB_SUCCESS) return ret; + if (ret != LDB_SUCCESS) { + return ret; + } + + ret = ldb_set_timeout_from_prev_req(ldb, ac->orig_req, req); + + if (ret != LDB_SUCCESS) { + return ret; + } talloc_steal(req, newdn); @@ -186,6 +194,12 @@ static int subtree_rename(struct ldb_module *module, struct ldb_request *req) return ret; } + ret = ldb_set_timeout_from_prev_req(module->ldb, req, new_req); + + if (ret != LDB_SUCCESS) { + return ret; + } + ac->down_req = talloc_realloc(ac, ac->down_req, struct ldb_request *, ac->num_requests + 1); if (!ac->down_req) { -- cgit From afe3e8172ddaa5e4aa811faceecda4f943d6e2ef Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 2 Apr 2008 04:53:27 +0200 Subject: Install public header files again and include required prototypes. (This used to be commit 47ffbbf67435904754469544390b67d34c958343) --- source4/dsdb/samdb/ldb_modules/partition.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index 56b05691bb..7f136338be 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -87,7 +87,7 @@ static struct ldb_module *make_module_for_next_request(TALLOC_CTX *mem_ctx, struct ldb_module *module) { struct ldb_module *current; -_PUBLIC_ static const struct ldb_module_ops ops; /* zero */ + static const struct ldb_module_ops ops; /* zero */ current = talloc_zero(mem_ctx, struct ldb_module); if (current == NULL) { return module; -- cgit From c764791100079ed447c07ca6b99d33f9695255c3 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 4 Apr 2008 12:25:19 +1100 Subject: Clean up provision and rootdse module to hard-code less stuff. In particular, allow for the server DN to be in a different site (possible outcome of a DRS replication). Andrew Bartlett (This used to be commit 9ee4e39fe178317f42fd9a0adceea24b55dfe0f1) --- source4/dsdb/samdb/ldb_modules/rootdse.c | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index 3235b24ef9..50f333d095 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -26,6 +26,7 @@ #include "lib/ldb/include/ldb_private.h" #include "system/time.h" #include "dsdb/samdb/samdb.h" +#include "version.h" struct private_data { int num_controls; @@ -202,6 +203,13 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms } } + if (schema && do_attribute_explicit(attrs, "vendorVersion")) { + if (ldb_msg_add_fmt(msg, "vendorVersion", + "%s", SAMBA_VERSION_STRING) != 0) { + goto failed; + } + } + /* TODO: lots more dynamic attributes should be added here */ return LDB_SUCCESS; -- cgit From ffc5cbfe803326a1c3bf55684717af910d091c5a Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 14 Apr 2008 16:53:00 +0200 Subject: Move object files lists to makefile rather than smb_build. (This used to be commit 5628d58990144463fd87f8c847c9384ac2193681) --- source4/dsdb/samdb/ldb_modules/config.mk | 120 ++++++++++++++++--------------- 1 file changed, 61 insertions(+), 59 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index de93b5638d..dd1c8b10db 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -5,11 +5,11 @@ SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC LIBNDR NDR_MISC INIT_FUNCTION = objectguid_module_module_ops -OBJ_FILES = \ - objectguid.o # End MODULE ldb_objectguid ################################################ +ldb_objectguid_OBJ_FILES = dsdb/samdb/ldb_modules/objectguid.o + ################################################ # Start MODULE ldb_repl_meta_data [MODULE::ldb_repl_meta_data] @@ -18,11 +18,12 @@ OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = SAMDB LIBTALLOC LIBNDR NDR_MISC NDR_DRSUAPI \ NDR_DRSBLOBS LIBNDR INIT_FUNCTION = repl_meta_data_module_module_ops -OBJ_FILES = \ - repl_meta_data.o # End MODULE ldb_repl_meta_data ################################################ +ldb_repl_meta_data_OBJ_FILES = \ + repl_meta_data.o + ################################################ # Start MODULE ldb_dsdb_cache [MODULE::ldb_dsdb_cache] @@ -30,11 +31,12 @@ SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = SAMDB LIBTALLOC INIT_FUNCTION = dsdb_cache_module_module_ops -OBJ_FILES = \ - dsdb_cache.o # End MODULE ldb_dsdb_cache ################################################ +ldb_dsdb_cache_OBJ_FILES = \ + dsdb_cache.o + ################################################ # Start MODULE ldb_schema_fsmo [MODULE::ldb_schema_fsmo] @@ -42,11 +44,12 @@ SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = SAMDB LIBTALLOC INIT_FUNCTION = schema_fsmo_module_module_ops -OBJ_FILES = \ - schema_fsmo.o # End MODULE ldb_schema_fsmo ################################################ +ldb_schema_fsmo_OBJ_FILES = \ + schema_fsmo.o + ################################################ # Start MODULE ldb_naming_fsmo [MODULE::ldb_naming_fsmo] @@ -54,11 +57,12 @@ SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = SAMDB LIBTALLOC INIT_FUNCTION = naming_fsmo_module_module_ops -OBJ_FILES = \ - naming_fsmo.o # End MODULE ldb_naming_fsmo ################################################ +ldb_naming_fsmo_OBJ_FILES = \ + naming_fsmo.o + ################################################ # Start MODULE ldb_pdc_fsmo [MODULE::ldb_pdc_fsmo] @@ -66,11 +70,12 @@ SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = SAMDB LIBTALLOC INIT_FUNCTION = pdc_fsmo_module_module_ops -OBJ_FILES = \ - pdc_fsmo.o # End MODULE ldb_pdc_fsmo ################################################ +ldb_pdc_fsmo_OBJ_FILES = \ + pdc_fsmo.o + ################################################ # Start MODULE ldb_samldb [MODULE::ldb_samldb] @@ -78,12 +83,13 @@ SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC LDAP_ENCODE NDR_MISC SAMDB INIT_FUNCTION = samldb_module_module_ops -OBJ_FILES = \ - samldb.o # # End MODULE ldb_samldb ################################################ +ldb_samldb_OBJ_FILES = \ + samldb.o + ################################################ # Start MODULE ldb_samba3sam [MODULE::ldb_samba3sam] @@ -92,12 +98,13 @@ OUTPUT_TYPE = SHARED_LIBRARY INIT_FUNCTION = &ldb_samba3sam_module_module_ops PRIVATE_DEPENDENCIES = LIBTALLOC ldb_map SMBPASSWD NSS_WRAPPER LIBSECURITY \ NDR_SECURITY -OBJ_FILES = \ - samba3sam.o # # End MODULE ldb_samldb ################################################ +ldb_samba3sam_OBJ_FILES = \ + samba3sam.o + ################################################ # Start MODULE ldb_simple_ldap_map [MODULE::ldb_simple_ldap_map] @@ -107,12 +114,13 @@ INIT_FUNCTION = &ldb_simple_ldap_map_module_module_ops PRIVATE_DEPENDENCIES = LIBTALLOC ldb_map LIBNDR NDR_MISC ENABLE = YES ALIASES = entryuuid nsuniqueid -OBJ_FILES = \ - simple_ldap_map.o # # End MODULE ldb_entryuuid ################################################ +ldb_simple_ldap_map_OBJ_FILES = \ + simple_ldap_map.o + # ################################################ # # Start MODULE ldb_proxy # [MODULE::ldb_proxy] @@ -132,25 +140,24 @@ SUBSYSTEM = LIBLDB PRIVATE_DEPENDENCIES = LIBTALLOC SAMDB OUTPUT_TYPE = SHARED_LIBRARY INIT_FUNCTION = rootdse_module_module_ops -OBJ_FILES = \ - rootdse.o -# # End MODULE ldb_rootdse ################################################ +ldb_rootdse_OBJ_FILES = dsdb/samdb/ldb_modules/rootdse.o + ################################################ # Start MODULE ldb_password_hash [MODULE::ldb_password_hash] SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY INIT_FUNCTION = password_hash_module_module_ops -OBJ_FILES = password_hash.o PRIVATE_DEPENDENCIES = HEIMDAL_HDB_KEYS LIBTALLOC HEIMDAL_KRB5 LDAP_ENCODE \ LIBCLI_AUTH NDR_DRSBLOBS KERBEROS SAMDB -# # End MODULE ldb_password_hash ################################################ +ldb_password_hash_OBJ_FILES = dsdb/samdb/ldb_modules/password_hash.o + ################################################ # Start MODULE ldb_local_password [MODULE::ldb_local_password] @@ -158,11 +165,11 @@ PRIVATE_DEPENDENCIES = LIBTALLOC LIBNDR SAMDB OUTPUT_TYPE = SHARED_LIBRARY SUBSYSTEM = LIBLDB INIT_FUNCTION = local_password_module_module_ops -OBJ_FILES = local_password.o -# # End MODULE ldb_local_password ################################################ +ldb_local_password_OBJ_FILES = dsdb/samdb/ldb_modules/local_password.o + ################################################ # Start MODULE ldb_kludge_acl [MODULE::ldb_kludge_acl] @@ -170,12 +177,12 @@ PRIVATE_DEPENDENCIES = LIBTALLOC LIBSECURITY SAMDB OUTPUT_TYPE = SHARED_LIBRARY SUBSYSTEM = LIBLDB INIT_FUNCTION = &ldb_kludge_acl_module_ops -OBJ_FILES = \ - kludge_acl.o -# + # End MODULE ldb_kludge_acl ################################################ +ldb_kludge_acl_OBJ_FILES = dsdb/samdb/ldb_modules/kludge_acl.o + ################################################ # Start MODULE ldb_extended_dn [MODULE::ldb_extended_dn] @@ -183,12 +190,11 @@ SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC LIBNDR LIBSECURITY SAMDB INIT_FUNCTION = &ldb_extended_dn_module_ops -OBJ_FILES = \ - extended_dn.o -# # End MODULE ldb_extended_dn ################################################ +ldb_extended_dn_OBJ_FILES = dsdb/samdb/ldb_modules/extended_dn.o + ################################################ # Start MODULE ldb_show_deleted [MODULE::ldb_show_deleted] @@ -196,12 +202,11 @@ SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC INIT_FUNCTION = &ldb_show_deleted_module_ops -OBJ_FILES = \ - show_deleted.o -# # End MODULE ldb_show_deleted ################################################ +ldb_show_deleted_OBJ_FILES = dsdb/samdb/ldb_modules/show_deleted.o + ################################################ # Start MODULE ldb_partition [MODULE::ldb_partition] @@ -209,12 +214,11 @@ SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC SAMDB INIT_FUNCTION = &ldb_partition_module_ops -OBJ_FILES = \ - partition.o -# # End MODULE ldb_partition ################################################ +ldb_partition_OBJ_FILES = dsdb/samdb/ldb_modules/partition.o + ################################################ # Start MODULE ldb_schema [MODULE::ldb_schema] @@ -222,12 +226,11 @@ SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC LIBLDB INIT_FUNCTION = &ldb_schema_module_ops -OBJ_FILES = \ - schema.o schema_syntax.o -# # End MODULE ldb_schema ################################################ +ldb_schema_OBJ_FILES = $(addprefix dsdb/samdb/ldb_modules/, schema.o schema_syntax.o) + ################################################ # Start MODULE ldb_update_kt [MODULE::ldb_update_keytab] @@ -236,12 +239,11 @@ OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC CREDENTIALS #Also depends on credentials, but that would loop INIT_FUNCTION = &ldb_update_kt_module_ops -OBJ_FILES = \ - update_keytab.o -# # End MODULE ldb_update_kt ################################################ +ldb_update_keytab_OBJ_FILES = dsdb/samdb/ldb_modules/update_keytab.o + ################################################ # Start MODULE ldb_objectclass [MODULE::ldb_objectclass] @@ -250,11 +252,11 @@ OUTPUT_TYPE = SHARED_LIBRARY CFLAGS = -Ilib/ldb/include PRIVATE_DEPENDENCIES = LIBTALLOC LIBSECURITY NDR_SECURITY SAMDB SUBSYSTEM = LIBLDB -OBJ_FILES = \ - objectclass.o # End MODULE ldb_objectclass ################################################ +ldb_objectclass_OBJ_FILES = dsdb/samdb/ldb_modules/objectclass.o + ################################################ # Start MODULE ldb_subtree_rename [MODULE::ldb_subtree_rename] @@ -262,11 +264,11 @@ INIT_FUNCTION = &ldb_subtree_rename_module_ops CFLAGS = -Ilib/ldb/include PRIVATE_DEPENDENCIES = LIBTALLOC SUBSYSTEM = LIBLDB -OBJ_FILES = \ - subtree_rename.o # End MODULE ldb_subtree_rename ################################################ +ldb_subtree_rename_OBJ_FILES = dsdb/samdb/ldb_modules/subtree_rename.o + ################################################ # Start MODULE ldb_subtree_rename [MODULE::ldb_subtree_delete] @@ -274,11 +276,11 @@ INIT_FUNCTION = &ldb_subtree_delete_module_ops CFLAGS = -Ilib/ldb/include PRIVATE_DEPENDENCIES = LIBTALLOC SUBSYSTEM = LIBLDB -OBJ_FILES = \ - subtree_delete.o # End MODULE ldb_subtree_rename ################################################ +ldb_subtree_delete_OBJ_FILES = dsdb/samdb/ldb_modules/subtree_delete.o + ################################################ # Start MODULE ldb_linked_attributes [MODULE::ldb_linked_attributes] @@ -287,11 +289,11 @@ CFLAGS = -Ilib/ldb/include OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC SAMDB SUBSYSTEM = LIBLDB -OBJ_FILES = \ - linked_attributes.o # End MODULE ldb_linked_attributes ################################################ +ldb_linked_attributes_OBJ_FILES = dsdb/samdb/ldb_modules/linked_attributes.o + ################################################ # Start MODULE ldb_ranged_results [MODULE::ldb_ranged_results] @@ -299,11 +301,11 @@ INIT_FUNCTION = &ldb_ranged_results_module_ops CFLAGS = -Ilib/ldb/include PRIVATE_DEPENDENCIES = LIBTALLOC SUBSYSTEM = LIBLDB -OBJ_FILES = \ - ranged_results.o # End MODULE ldb_ranged_results ################################################ +ldb_ranged_results_OBJ_FILES = dsdb/samdb/ldb_modules/ranged_results.o + ################################################ # Start MODULE ldb_anr [MODULE::ldb_anr] @@ -312,11 +314,11 @@ CFLAGS = -Ilib/ldb/include OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC LIBSAMBA-UTIL SAMDB SUBSYSTEM = LIBLDB -OBJ_FILES = \ - anr.o # End MODULE ldb_anr ################################################ +ldb_anr_OBJ_FILES = dsdb/samdb/ldb_modules/anr.o + ################################################ # Start MODULE ldb_normalise [MODULE::ldb_normalise] @@ -325,11 +327,11 @@ CFLAGS = -Ilib/ldb/include OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC LIBSAMBA-UTIL SAMDB SUBSYSTEM = LIBLDB -OBJ_FILES = \ - normalise.o # End MODULE ldb_normalise ################################################ +ldb_normalise_OBJ_FILES = dsdb/samdb/ldb_modules/normalise.o + ################################################ # Start MODULE ldb_instancetype [MODULE::ldb_instancetype] @@ -338,8 +340,8 @@ CFLAGS = -Ilib/ldb/include OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC SUBSYSTEM = LIBLDB -OBJ_FILES = \ - instancetype.o # End MODULE ldb_instancetype ################################################ +ldb_instancetype_OBJ_FILES = dsdb/samdb/ldb_modules/instancetype.o + -- cgit From a15b6f1606e1c761c2c4037b734137e97f00489f Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 14 Apr 2008 20:00:04 +0200 Subject: Fix unresolved symbols. (This used to be commit 8573e828d1b68c47b3c1754e9be230b2e78d9d52) --- source4/dsdb/samdb/ldb_modules/config.mk | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index dd1c8b10db..414b449ba8 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -22,7 +22,7 @@ INIT_FUNCTION = repl_meta_data_module_module_ops ################################################ ldb_repl_meta_data_OBJ_FILES = \ - repl_meta_data.o + dsdb/samdb/ldb_modules/repl_meta_data.o ################################################ # Start MODULE ldb_dsdb_cache @@ -35,7 +35,7 @@ INIT_FUNCTION = dsdb_cache_module_module_ops ################################################ ldb_dsdb_cache_OBJ_FILES = \ - dsdb_cache.o + dsdb/samdb/ldb_modules/dsdb_cache.o ################################################ # Start MODULE ldb_schema_fsmo @@ -48,7 +48,7 @@ INIT_FUNCTION = schema_fsmo_module_module_ops ################################################ ldb_schema_fsmo_OBJ_FILES = \ - schema_fsmo.o + dsdb/samdb/ldb_modules/schema_fsmo.o ################################################ # Start MODULE ldb_naming_fsmo @@ -61,7 +61,7 @@ INIT_FUNCTION = naming_fsmo_module_module_ops ################################################ ldb_naming_fsmo_OBJ_FILES = \ - naming_fsmo.o + dsdb/samdb/ldb_modules/naming_fsmo.o ################################################ # Start MODULE ldb_pdc_fsmo @@ -74,7 +74,7 @@ INIT_FUNCTION = pdc_fsmo_module_module_ops ################################################ ldb_pdc_fsmo_OBJ_FILES = \ - pdc_fsmo.o + dsdb/samdb/ldb_modules/pdc_fsmo.o ################################################ # Start MODULE ldb_samldb @@ -88,7 +88,7 @@ INIT_FUNCTION = samldb_module_module_ops ################################################ ldb_samldb_OBJ_FILES = \ - samldb.o + dsdb/samdb/ldb_modules/samldb.o ################################################ # Start MODULE ldb_samba3sam @@ -103,7 +103,7 @@ PRIVATE_DEPENDENCIES = LIBTALLOC ldb_map SMBPASSWD NSS_WRAPPER LIBSECURITY \ ################################################ ldb_samba3sam_OBJ_FILES = \ - samba3sam.o + dsdb/samdb/ldb_modules/samba3sam.o ################################################ # Start MODULE ldb_simple_ldap_map @@ -119,7 +119,7 @@ ALIASES = entryuuid nsuniqueid ################################################ ldb_simple_ldap_map_OBJ_FILES = \ - simple_ldap_map.o + dsdb/samdb/ldb_modules/simple_ldap_map.o # ################################################ # # Start MODULE ldb_proxy -- cgit From 1efbd5fbf6b0f606ed29a763e2adfa6f99c6beac Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 17 Apr 2008 01:03:18 +0200 Subject: Remove event context tracking from the credentials struct. (This used to be commit 4d7fc946b2ec50e774689c9036423b6feef99b8e) --- source4/dsdb/samdb/ldb_modules/update_keytab.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/update_keytab.c b/source4/dsdb/samdb/ldb_modules/update_keytab.c index 54362dcfd4..3096ce8dd9 100644 --- a/source4/dsdb/samdb/ldb_modules/update_keytab.c +++ b/source4/dsdb/samdb/ldb_modules/update_keytab.c @@ -90,7 +90,7 @@ static int add_modified(struct ldb_module *module, struct ldb_dn *dn, bool delet } cli_credentials_set_conf(item->creds, ldb_get_opaque(module->ldb, "loadparm")); - status = cli_credentials_set_secrets(item->creds, ldb_get_opaque(module->ldb, "loadparm"), module->ldb, NULL, filter); + status = cli_credentials_set_secrets(item->creds, ldb_get_opaque(module->ldb, "event_ctx"), ldb_get_opaque(module->ldb, "loadparm"), module->ldb, NULL, filter); talloc_free(filter); if (NT_STATUS_IS_OK(status)) { if (delete) { @@ -158,7 +158,7 @@ static int update_kt_end_trans(struct ldb_module *module) struct dn_list *p; for (p=data->changed_dns; p; p = p->next) { int kret; - kret = cli_credentials_update_keytab(p->creds, ldb_get_opaque(module->ldb, "loadparm")); + kret = cli_credentials_update_keytab(p->creds, ldb_get_opaque(module->ldb, "event_ctx"), ldb_get_opaque(module->ldb, "loadparm")); if (kret != 0) { talloc_free(data->changed_dns); data->changed_dns = NULL; -- cgit From 21fc7673780aa1d7c0caab7b17ff9171238913ba Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 17 Apr 2008 12:23:44 +0200 Subject: Specify event_context to ldb_wrap_connect explicitly. (This used to be commit b4e1ae07a284c044704322446c94351c2decff91) --- source4/dsdb/samdb/ldb_modules/samldb.c | 3 +-- source4/dsdb/samdb/ldb_modules/update_keytab.c | 4 ++-- 2 files changed, 3 insertions(+), 4 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 3b67ca19d3..88590f306b 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -484,8 +484,7 @@ static int samldb_fill_group_object(struct ldb_module *module, const struct ldb_ return ret; } -static int samldb_fill_user_or_computer_object(struct ldb_module *module, const struct ldb_message *msg, - struct ldb_message **ret_msg) +static int samldb_fill_user_or_computer_object(struct ldb_module *module, const struct ldb_message *msg, struct ldb_message **ret_msg) { int ret; char *name; diff --git a/source4/dsdb/samdb/ldb_modules/update_keytab.c b/source4/dsdb/samdb/ldb_modules/update_keytab.c index 3096ce8dd9..b36c2c9b71 100644 --- a/source4/dsdb/samdb/ldb_modules/update_keytab.c +++ b/source4/dsdb/samdb/ldb_modules/update_keytab.c @@ -90,7 +90,7 @@ static int add_modified(struct ldb_module *module, struct ldb_dn *dn, bool delet } cli_credentials_set_conf(item->creds, ldb_get_opaque(module->ldb, "loadparm")); - status = cli_credentials_set_secrets(item->creds, ldb_get_opaque(module->ldb, "event_ctx"), ldb_get_opaque(module->ldb, "loadparm"), module->ldb, NULL, filter); + status = cli_credentials_set_secrets(item->creds, ldb_get_opaque(module->ldb, "EventContext"), ldb_get_opaque(module->ldb, "loadparm"), module->ldb, NULL, filter); talloc_free(filter); if (NT_STATUS_IS_OK(status)) { if (delete) { @@ -158,7 +158,7 @@ static int update_kt_end_trans(struct ldb_module *module) struct dn_list *p; for (p=data->changed_dns; p; p = p->next) { int kret; - kret = cli_credentials_update_keytab(p->creds, ldb_get_opaque(module->ldb, "event_ctx"), ldb_get_opaque(module->ldb, "loadparm")); + kret = cli_credentials_update_keytab(p->creds, ldb_get_opaque(module->ldb, "EventContext"), ldb_get_opaque(module->ldb, "loadparm")); if (kret != 0) { talloc_free(data->changed_dns); data->changed_dns = NULL; -- cgit From 6267dd78539863a5ec75b6cadba39184a2efc9b5 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sat, 10 May 2008 20:59:17 +0200 Subject: Clean up some git merges gone wrong. (This used to be commit 42eb6b33462228467e65a51bbf624c481802b090) --- source4/dsdb/samdb/ldb_modules/config.mk | 4 ---- 1 file changed, 4 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index 69bfa14da0..5161d0fcf8 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -4,11 +4,7 @@ SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC LIBNDR NDR_MISC -<<<<<<< HEAD:source/dsdb/samdb/ldb_modules/config.mk INIT_FUNCTION = LDB_MODULE(objectguid) -======= -INIT_FUNCTION = objectguid_module_module_ops ->>>>>>> 5f3a70f285ad8a412105c0e498e486f93fc279bc:source/dsdb/samdb/ldb_modules/config.mk # End MODULE ldb_objectguid ################################################ -- cgit From b48e2e4c4103e7b6065bce61af39f09ebfb83af2 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sun, 11 May 2008 02:15:32 +0200 Subject: Merge ldb_map into LIBLDB. (This used to be commit 4d7925f953bc9d1fcffb4a4dd268b763c18ceae6) --- source4/dsdb/samdb/ldb_modules/config.mk | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index 5161d0fcf8..a5f5bc4895 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -96,7 +96,7 @@ ldb_samldb_OBJ_FILES = \ SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY INIT_FUNCTION = LDB_MODULE(samba3sam) -PRIVATE_DEPENDENCIES = LIBTALLOC ldb_map SMBPASSWD NSS_WRAPPER LIBSECURITY \ +PRIVATE_DEPENDENCIES = LIBTALLOC SMBPASSWD NSS_WRAPPER LIBSECURITY \ NDR_SECURITY # End MODULE ldb_samldb ################################################ @@ -110,7 +110,7 @@ ldb_samba3sam_OBJ_FILES = \ SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY INIT_FUNCTION = LDB_MODULE(simple_ldap_map) -PRIVATE_DEPENDENCIES = LIBTALLOC ldb_map LIBNDR NDR_MISC +PRIVATE_DEPENDENCIES = LIBTALLOC LIBNDR NDR_MISC ENABLE = YES ALIASES = entryuuid nsuniqueid # End MODULE ldb_entryuuid -- cgit From af61219f365ae94f3c797b7450d0ea0e00ad0b11 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 21 May 2008 12:38:47 +0200 Subject: Fix dependencies for ldb instancetype module. (This used to be commit 17c41a6c3e71102e3516e6926f7e7d1ab5c97563) --- source4/dsdb/samdb/ldb_modules/config.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index a5f5bc4895..eae190a85f 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -336,7 +336,7 @@ ldb_normalise_OBJ_FILES = dsdb/samdb/ldb_modules/normalise.o INIT_FUNCTION = LDB_MODULE(instancetype) CFLAGS = -Ilib/ldb/include OUTPUT_TYPE = SHARED_LIBRARY -PRIVATE_DEPENDENCIES = LIBTALLOC +PRIVATE_DEPENDENCIES = LIBTALLOC LIBSAMBA-UTIL SAMDB SUBSYSTEM = LIBLDB # End MODULE ldb_instancetype ################################################ -- cgit From fbf83882458c2e34c8ed89d50867c7d418d90bbf Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 28 May 2008 03:00:14 +0200 Subject: Use variables for directories in dsdb ldb modules. (This used to be commit 82db5d3d56f9faefea47160ad2c983393131382a) --- source4/dsdb/samdb/ldb_modules/config.mk | 52 ++++++++++++++++---------------- 1 file changed, 26 insertions(+), 26 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index eae190a85f..388b67c6d1 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -8,7 +8,7 @@ INIT_FUNCTION = LDB_MODULE(objectguid) # End MODULE ldb_objectguid ################################################ -ldb_objectguid_OBJ_FILES = dsdb/samdb/ldb_modules/objectguid.o +ldb_objectguid_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/objectguid.o ################################################ # Start MODULE ldb_repl_meta_data @@ -22,7 +22,7 @@ INIT_FUNCTION = LDB_MODULE(repl_meta_data) ################################################ ldb_repl_meta_data_OBJ_FILES = \ - dsdb/samdb/ldb_modules/repl_meta_data.o + $(dsdbsrcdir)/samdb/ldb_modules/repl_meta_data.o ################################################ # Start MODULE ldb_dsdb_cache @@ -35,7 +35,7 @@ INIT_FUNCTION = LDB_MODULE(dsdb_cache) ################################################ ldb_dsdb_cache_OBJ_FILES = \ - dsdb/samdb/ldb_modules/dsdb_cache.o + $(dsdbsrcdir)/samdb/ldb_modules/dsdb_cache.o ################################################ # Start MODULE ldb_schema_fsmo @@ -48,7 +48,7 @@ INIT_FUNCTION = LDB_MODULE(schema_fsmo) ################################################ ldb_schema_fsmo_OBJ_FILES = \ - dsdb/samdb/ldb_modules/schema_fsmo.o + $(dsdbsrcdir)/samdb/ldb_modules/schema_fsmo.o ################################################ # Start MODULE ldb_naming_fsmo @@ -61,7 +61,7 @@ INIT_FUNCTION = LDB_MODULE(naming_fsmo) ################################################ ldb_naming_fsmo_OBJ_FILES = \ - dsdb/samdb/ldb_modules/naming_fsmo.o + $(dsdbsrcdir)/samdb/ldb_modules/naming_fsmo.o ################################################ # Start MODULE ldb_pdc_fsmo @@ -74,7 +74,7 @@ INIT_FUNCTION = LDB_MODULE(pdc_fsmo) ################################################ ldb_pdc_fsmo_OBJ_FILES = \ - dsdb/samdb/ldb_modules/pdc_fsmo.o + $(dsdbsrcdir)/samdb/ldb_modules/pdc_fsmo.o ################################################ # Start MODULE ldb_samldb @@ -88,7 +88,7 @@ INIT_FUNCTION = LDB_MODULE(samldb) ################################################ ldb_samldb_OBJ_FILES = \ - dsdb/samdb/ldb_modules/samldb.o + $(dsdbsrcdir)/samdb/ldb_modules/samldb.o ################################################ # Start MODULE ldb_samba3sam @@ -102,7 +102,7 @@ PRIVATE_DEPENDENCIES = LIBTALLOC SMBPASSWD NSS_WRAPPER LIBSECURITY \ ################################################ ldb_samba3sam_OBJ_FILES = \ - dsdb/samdb/ldb_modules/samba3sam.o + $(dsdbsrcdir)/samdb/ldb_modules/samba3sam.o ################################################ # Start MODULE ldb_simple_ldap_map @@ -117,7 +117,7 @@ ALIASES = entryuuid nsuniqueid ################################################ ldb_simple_ldap_map_OBJ_FILES = \ - dsdb/samdb/ldb_modules/simple_ldap_map.o + $(dsdbsrcdir)/samdb/ldb_modules/simple_ldap_map.o # ################################################ # # Start MODULE ldb_proxy @@ -141,7 +141,7 @@ INIT_FUNCTION = LDB_MODULE(rootdse) # End MODULE ldb_rootdse ################################################ -ldb_rootdse_OBJ_FILES = dsdb/samdb/ldb_modules/rootdse.o +ldb_rootdse_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/rootdse.o ################################################ # Start MODULE ldb_password_hash @@ -154,7 +154,7 @@ PRIVATE_DEPENDENCIES = HEIMDAL_HDB_KEYS LIBTALLOC HEIMDAL_KRB5 LDAP_ENCODE \ # End MODULE ldb_password_hash ################################################ -ldb_password_hash_OBJ_FILES = dsdb/samdb/ldb_modules/password_hash.o +ldb_password_hash_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/password_hash.o ################################################ # Start MODULE ldb_local_password @@ -166,7 +166,7 @@ INIT_FUNCTION = LDB_MODULE(local_password) # End MODULE ldb_local_password ################################################ -ldb_local_password_OBJ_FILES = dsdb/samdb/ldb_modules/local_password.o +ldb_local_password_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/local_password.o ################################################ # Start MODULE ldb_kludge_acl @@ -179,7 +179,7 @@ INIT_FUNCTION = LDB_MODULE(kludge_acl) # End MODULE ldb_kludge_acl ################################################ -ldb_kludge_acl_OBJ_FILES = dsdb/samdb/ldb_modules/kludge_acl.o +ldb_kludge_acl_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/kludge_acl.o ################################################ # Start MODULE ldb_extended_dn @@ -191,7 +191,7 @@ INIT_FUNCTION = LDB_MODULE(extended_dn) # End MODULE ldb_extended_dn ################################################ -ldb_extended_dn_OBJ_FILES = dsdb/samdb/ldb_modules/extended_dn.o +ldb_extended_dn_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/extended_dn.o ################################################ # Start MODULE ldb_show_deleted @@ -203,7 +203,7 @@ INIT_FUNCTION = LDB_MODULE(show_deleted) # End MODULE ldb_show_deleted ################################################ -ldb_show_deleted_OBJ_FILES = dsdb/samdb/ldb_modules/show_deleted.o +ldb_show_deleted_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/show_deleted.o ################################################ # Start MODULE ldb_partition @@ -215,7 +215,7 @@ INIT_FUNCTION = LDB_MODULE(partition) # End MODULE ldb_partition ################################################ -ldb_partition_OBJ_FILES = dsdb/samdb/ldb_modules/partition.o +ldb_partition_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/partition.o ################################################ # Start MODULE ldb_schema @@ -227,7 +227,7 @@ INIT_FUNCTION = LDB_MODULE(schema) # End MODULE ldb_schema ################################################ -ldb_schema_OBJ_FILES = $(addprefix dsdb/samdb/ldb_modules/, schema.o schema_syntax.o) +ldb_schema_OBJ_FILES = $(addprefix $(dsdbsrcdir)/samdb/ldb_modules/, schema.o schema_syntax.o) ################################################ # Start MODULE ldb_update_kt @@ -240,7 +240,7 @@ INIT_FUNCTION = LDB_MODULE(update_kt) # End MODULE ldb_update_kt ################################################ -ldb_update_keytab_OBJ_FILES = dsdb/samdb/ldb_modules/update_keytab.o +ldb_update_keytab_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/update_keytab.o ################################################ # Start MODULE ldb_objectclass @@ -253,7 +253,7 @@ SUBSYSTEM = LIBLDB # End MODULE ldb_objectclass ################################################ -ldb_objectclass_OBJ_FILES = dsdb/samdb/ldb_modules/objectclass.o +ldb_objectclass_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/objectclass.o ################################################ # Start MODULE ldb_subtree_rename @@ -265,7 +265,7 @@ SUBSYSTEM = LIBLDB # End MODULE ldb_subtree_rename ################################################ -ldb_subtree_rename_OBJ_FILES = dsdb/samdb/ldb_modules/subtree_rename.o +ldb_subtree_rename_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/subtree_rename.o ################################################ # Start MODULE ldb_subtree_rename @@ -277,7 +277,7 @@ SUBSYSTEM = LIBLDB # End MODULE ldb_subtree_rename ################################################ -ldb_subtree_delete_OBJ_FILES = dsdb/samdb/ldb_modules/subtree_delete.o +ldb_subtree_delete_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/subtree_delete.o ################################################ # Start MODULE ldb_linked_attributes @@ -290,7 +290,7 @@ SUBSYSTEM = LIBLDB # End MODULE ldb_linked_attributes ################################################ -ldb_linked_attributes_OBJ_FILES = dsdb/samdb/ldb_modules/linked_attributes.o +ldb_linked_attributes_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/linked_attributes.o ################################################ # Start MODULE ldb_ranged_results @@ -302,7 +302,7 @@ SUBSYSTEM = LIBLDB # End MODULE ldb_ranged_results ################################################ -ldb_ranged_results_OBJ_FILES = dsdb/samdb/ldb_modules/ranged_results.o +ldb_ranged_results_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/ranged_results.o ################################################ # Start MODULE ldb_anr @@ -315,7 +315,7 @@ SUBSYSTEM = LIBLDB # End MODULE ldb_anr ################################################ -ldb_anr_OBJ_FILES = dsdb/samdb/ldb_modules/anr.o +ldb_anr_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/anr.o ################################################ # Start MODULE ldb_normalise @@ -328,7 +328,7 @@ SUBSYSTEM = LIBLDB # End MODULE ldb_normalise ################################################ -ldb_normalise_OBJ_FILES = dsdb/samdb/ldb_modules/normalise.o +ldb_normalise_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/normalise.o ################################################ # Start MODULE ldb_instancetype @@ -341,5 +341,5 @@ SUBSYSTEM = LIBLDB # End MODULE ldb_instancetype ################################################ -ldb_instancetype_OBJ_FILES = dsdb/samdb/ldb_modules/instancetype.o +ldb_instancetype_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/instancetype.o -- cgit From 39f50afc579f208300c3c1fcc612ca9b69bb76e3 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Fri, 30 May 2008 02:07:28 +0200 Subject: Move CFLAGS handling out of smb_build. (This used to be commit e2b71a0ecbf10a78a59a8ec6371bdee57b1bfa6c) --- source4/dsdb/samdb/ldb_modules/config.mk | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index 388b67c6d1..facf7be722 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -155,6 +155,7 @@ PRIVATE_DEPENDENCIES = HEIMDAL_HDB_KEYS LIBTALLOC HEIMDAL_KRB5 LDAP_ENCODE \ ################################################ ldb_password_hash_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/password_hash.o +$(ldb_password_hash_OBJ_FILES): CFLAGS+=$(KRB5_CFLAGS) ################################################ # Start MODULE ldb_local_password @@ -241,49 +242,49 @@ INIT_FUNCTION = LDB_MODULE(update_kt) ################################################ ldb_update_keytab_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/update_keytab.o +$(ldb_update_keytab_OBJ_FILES): CFLAGS+=$(KRB5_CFLAGS) $(GSSAPI_CFLAGS) ################################################ # Start MODULE ldb_objectclass [MODULE::ldb_objectclass] INIT_FUNCTION = LDB_MODULE(objectclass) OUTPUT_TYPE = SHARED_LIBRARY -CFLAGS = -Ilib/ldb/include PRIVATE_DEPENDENCIES = LIBTALLOC LIBSECURITY NDR_SECURITY SAMDB SUBSYSTEM = LIBLDB # End MODULE ldb_objectclass ################################################ ldb_objectclass_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/objectclass.o +$(ldb_objectclass_OBJ_FILES): CFLAGS+=-Ilib/ldb/include ################################################ # Start MODULE ldb_subtree_rename [MODULE::ldb_subtree_rename] INIT_FUNCTION = LDB_MODULE(subtree_rename) -CFLAGS = -Ilib/ldb/include PRIVATE_DEPENDENCIES = LIBTALLOC SUBSYSTEM = LIBLDB # End MODULE ldb_subtree_rename ################################################ ldb_subtree_rename_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/subtree_rename.o +$(ldb_subtree_rename_OBJ_FILES): CFLAGS+=-Ilib/ldb/include ################################################ # Start MODULE ldb_subtree_rename [MODULE::ldb_subtree_delete] INIT_FUNCTION = LDB_MODULE(subtree_delete) -CFLAGS = -Ilib/ldb/include PRIVATE_DEPENDENCIES = LIBTALLOC SUBSYSTEM = LIBLDB # End MODULE ldb_subtree_rename ################################################ ldb_subtree_delete_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/subtree_delete.o +$(ldb_subtree_delete_OBJ_FILES): CFLAGS+=-Ilib/ldb/include ################################################ # Start MODULE ldb_linked_attributes [MODULE::ldb_linked_attributes] INIT_FUNCTION = LDB_MODULE(linked_attributes) -CFLAGS = -Ilib/ldb/include OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC SAMDB SUBSYSTEM = LIBLDB @@ -291,24 +292,24 @@ SUBSYSTEM = LIBLDB ################################################ ldb_linked_attributes_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/linked_attributes.o +$(ldb_linked_attributes_OBJ_FILES): CFLAGS+=-Ilib/ldb/include ################################################ # Start MODULE ldb_ranged_results [MODULE::ldb_ranged_results] INIT_FUNCTION = LDB_MODULE(ranged_results) -CFLAGS = -Ilib/ldb/include PRIVATE_DEPENDENCIES = LIBTALLOC SUBSYSTEM = LIBLDB # End MODULE ldb_ranged_results ################################################ ldb_ranged_results_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/ranged_results.o +$(ldb_ranged_results_OBJ_FILES): CFLAGS+=-Ilib/ldb/include ################################################ # Start MODULE ldb_anr [MODULE::ldb_anr] INIT_FUNCTION = LDB_MODULE(anr) -CFLAGS = -Ilib/ldb/include OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC LIBSAMBA-UTIL SAMDB SUBSYSTEM = LIBLDB @@ -316,12 +317,12 @@ SUBSYSTEM = LIBLDB ################################################ ldb_anr_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/anr.o +$(ldb_anr_OBJ_FILES): CFLAGS+=-Ilib/ldb/include ################################################ # Start MODULE ldb_normalise [MODULE::ldb_normalise] INIT_FUNCTION = LDB_MODULE(normalise) -CFLAGS = -Ilib/ldb/include OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC LIBSAMBA-UTIL SAMDB SUBSYSTEM = LIBLDB @@ -329,12 +330,12 @@ SUBSYSTEM = LIBLDB ################################################ ldb_normalise_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/normalise.o +$(ldb_normalise_OBJ_FILES): CFLAGS+=-Ilib/ldb/include ################################################ # Start MODULE ldb_instancetype [MODULE::ldb_instancetype] INIT_FUNCTION = LDB_MODULE(instancetype) -CFLAGS = -Ilib/ldb/include OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC LIBSAMBA-UTIL SAMDB SUBSYSTEM = LIBLDB @@ -342,4 +343,5 @@ SUBSYSTEM = LIBLDB ################################################ ldb_instancetype_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/instancetype.o +$(ldb_instancetype_OBJ_FILES): CFLAGS+=-Ilib/ldb/include -- cgit From be14efbdf9de964d36b1fdbc8dec909ad1d2601f Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 31 May 2008 08:35:55 +1000 Subject: Revert Jelmer's CFLAGS commit e2b71a0ecbf10a78a59a8ec6371bdee57b1bfa6c This commit broke the build, because not all files (libreplace, popt) were updated. Andrew Bartlett (This used to be commit 3faacf4351d68a10aea78b53768571d2059772ae) --- source4/dsdb/samdb/ldb_modules/config.mk | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index facf7be722..388b67c6d1 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -155,7 +155,6 @@ PRIVATE_DEPENDENCIES = HEIMDAL_HDB_KEYS LIBTALLOC HEIMDAL_KRB5 LDAP_ENCODE \ ################################################ ldb_password_hash_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/password_hash.o -$(ldb_password_hash_OBJ_FILES): CFLAGS+=$(KRB5_CFLAGS) ################################################ # Start MODULE ldb_local_password @@ -242,49 +241,49 @@ INIT_FUNCTION = LDB_MODULE(update_kt) ################################################ ldb_update_keytab_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/update_keytab.o -$(ldb_update_keytab_OBJ_FILES): CFLAGS+=$(KRB5_CFLAGS) $(GSSAPI_CFLAGS) ################################################ # Start MODULE ldb_objectclass [MODULE::ldb_objectclass] INIT_FUNCTION = LDB_MODULE(objectclass) OUTPUT_TYPE = SHARED_LIBRARY +CFLAGS = -Ilib/ldb/include PRIVATE_DEPENDENCIES = LIBTALLOC LIBSECURITY NDR_SECURITY SAMDB SUBSYSTEM = LIBLDB # End MODULE ldb_objectclass ################################################ ldb_objectclass_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/objectclass.o -$(ldb_objectclass_OBJ_FILES): CFLAGS+=-Ilib/ldb/include ################################################ # Start MODULE ldb_subtree_rename [MODULE::ldb_subtree_rename] INIT_FUNCTION = LDB_MODULE(subtree_rename) +CFLAGS = -Ilib/ldb/include PRIVATE_DEPENDENCIES = LIBTALLOC SUBSYSTEM = LIBLDB # End MODULE ldb_subtree_rename ################################################ ldb_subtree_rename_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/subtree_rename.o -$(ldb_subtree_rename_OBJ_FILES): CFLAGS+=-Ilib/ldb/include ################################################ # Start MODULE ldb_subtree_rename [MODULE::ldb_subtree_delete] INIT_FUNCTION = LDB_MODULE(subtree_delete) +CFLAGS = -Ilib/ldb/include PRIVATE_DEPENDENCIES = LIBTALLOC SUBSYSTEM = LIBLDB # End MODULE ldb_subtree_rename ################################################ ldb_subtree_delete_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/subtree_delete.o -$(ldb_subtree_delete_OBJ_FILES): CFLAGS+=-Ilib/ldb/include ################################################ # Start MODULE ldb_linked_attributes [MODULE::ldb_linked_attributes] INIT_FUNCTION = LDB_MODULE(linked_attributes) +CFLAGS = -Ilib/ldb/include OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC SAMDB SUBSYSTEM = LIBLDB @@ -292,24 +291,24 @@ SUBSYSTEM = LIBLDB ################################################ ldb_linked_attributes_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/linked_attributes.o -$(ldb_linked_attributes_OBJ_FILES): CFLAGS+=-Ilib/ldb/include ################################################ # Start MODULE ldb_ranged_results [MODULE::ldb_ranged_results] INIT_FUNCTION = LDB_MODULE(ranged_results) +CFLAGS = -Ilib/ldb/include PRIVATE_DEPENDENCIES = LIBTALLOC SUBSYSTEM = LIBLDB # End MODULE ldb_ranged_results ################################################ ldb_ranged_results_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/ranged_results.o -$(ldb_ranged_results_OBJ_FILES): CFLAGS+=-Ilib/ldb/include ################################################ # Start MODULE ldb_anr [MODULE::ldb_anr] INIT_FUNCTION = LDB_MODULE(anr) +CFLAGS = -Ilib/ldb/include OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC LIBSAMBA-UTIL SAMDB SUBSYSTEM = LIBLDB @@ -317,12 +316,12 @@ SUBSYSTEM = LIBLDB ################################################ ldb_anr_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/anr.o -$(ldb_anr_OBJ_FILES): CFLAGS+=-Ilib/ldb/include ################################################ # Start MODULE ldb_normalise [MODULE::ldb_normalise] INIT_FUNCTION = LDB_MODULE(normalise) +CFLAGS = -Ilib/ldb/include OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC LIBSAMBA-UTIL SAMDB SUBSYSTEM = LIBLDB @@ -330,12 +329,12 @@ SUBSYSTEM = LIBLDB ################################################ ldb_normalise_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/normalise.o -$(ldb_normalise_OBJ_FILES): CFLAGS+=-Ilib/ldb/include ################################################ # Start MODULE ldb_instancetype [MODULE::ldb_instancetype] INIT_FUNCTION = LDB_MODULE(instancetype) +CFLAGS = -Ilib/ldb/include OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC LIBSAMBA-UTIL SAMDB SUBSYSTEM = LIBLDB @@ -343,5 +342,4 @@ SUBSYSTEM = LIBLDB ################################################ ldb_instancetype_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/instancetype.o -$(ldb_instancetype_OBJ_FILES): CFLAGS+=-Ilib/ldb/include -- cgit From 929adc9efa5cf985f0585214d30d18521aa1a821 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sat, 14 Jun 2008 11:24:17 -0400 Subject: Make up the right dependencies now that ldb depends on libevents (This used to be commit 3b8eec7ca334528cad3cdcd5e3fc5ee555d8d0e0) --- source4/dsdb/samdb/ldb_modules/config.mk | 60 +++++++++++++++++--------------- 1 file changed, 31 insertions(+), 29 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index 388b67c6d1..d8dc0516f6 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -3,7 +3,7 @@ [MODULE::ldb_objectguid] SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY -PRIVATE_DEPENDENCIES = LIBTALLOC LIBNDR NDR_MISC +PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS LIBNDR NDR_MISC INIT_FUNCTION = LDB_MODULE(objectguid) # End MODULE ldb_objectguid ################################################ @@ -15,8 +15,9 @@ ldb_objectguid_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/objectguid.o [MODULE::ldb_repl_meta_data] SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY -PRIVATE_DEPENDENCIES = SAMDB LIBTALLOC LIBNDR NDR_MISC NDR_DRSUAPI \ - NDR_DRSBLOBS LIBNDR +PRIVATE_DEPENDENCIES = SAMDB LIBTALLOC LIBEVENTS \ + LIBNDR NDR_MISC NDR_DRSUAPI \ + NDR_DRSBLOBS LIBNDR INIT_FUNCTION = LDB_MODULE(repl_meta_data) # End MODULE ldb_repl_meta_data ################################################ @@ -29,7 +30,7 @@ ldb_repl_meta_data_OBJ_FILES = \ [MODULE::ldb_dsdb_cache] SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY -PRIVATE_DEPENDENCIES = SAMDB LIBTALLOC +PRIVATE_DEPENDENCIES = SAMDB LIBTALLOC LIBEVENTS INIT_FUNCTION = LDB_MODULE(dsdb_cache) # End MODULE ldb_dsdb_cache ################################################ @@ -42,7 +43,7 @@ ldb_dsdb_cache_OBJ_FILES = \ [MODULE::ldb_schema_fsmo] SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY -PRIVATE_DEPENDENCIES = SAMDB LIBTALLOC +PRIVATE_DEPENDENCIES = SAMDB LIBTALLOC LIBEVENTS INIT_FUNCTION = LDB_MODULE(schema_fsmo) # End MODULE ldb_schema_fsmo ################################################ @@ -55,7 +56,7 @@ ldb_schema_fsmo_OBJ_FILES = \ [MODULE::ldb_naming_fsmo] SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY -PRIVATE_DEPENDENCIES = SAMDB LIBTALLOC +PRIVATE_DEPENDENCIES = SAMDB LIBTALLOC LIBEVENTS INIT_FUNCTION = LDB_MODULE(naming_fsmo) # End MODULE ldb_naming_fsmo ################################################ @@ -68,7 +69,7 @@ ldb_naming_fsmo_OBJ_FILES = \ [MODULE::ldb_pdc_fsmo] SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY -PRIVATE_DEPENDENCIES = SAMDB LIBTALLOC +PRIVATE_DEPENDENCIES = SAMDB LIBTALLOC LIBEVENTS INIT_FUNCTION = LDB_MODULE(pdc_fsmo) # End MODULE ldb_pdc_fsmo ################################################ @@ -81,7 +82,7 @@ ldb_pdc_fsmo_OBJ_FILES = \ [MODULE::ldb_samldb] SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY -PRIVATE_DEPENDENCIES = LIBTALLOC LDAP_ENCODE NDR_MISC SAMDB +PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS LDAP_ENCODE NDR_MISC SAMDB INIT_FUNCTION = LDB_MODULE(samldb) # # End MODULE ldb_samldb @@ -96,8 +97,8 @@ ldb_samldb_OBJ_FILES = \ SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY INIT_FUNCTION = LDB_MODULE(samba3sam) -PRIVATE_DEPENDENCIES = LIBTALLOC SMBPASSWD NSS_WRAPPER LIBSECURITY \ - NDR_SECURITY +PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS SMBPASSWD \ + NSS_WRAPPER LIBSECURITY NDR_SECURITY # End MODULE ldb_samldb ################################################ @@ -110,7 +111,7 @@ ldb_samba3sam_OBJ_FILES = \ SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY INIT_FUNCTION = LDB_MODULE(simple_ldap_map) -PRIVATE_DEPENDENCIES = LIBTALLOC LIBNDR NDR_MISC +PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS LIBNDR NDR_MISC ENABLE = YES ALIASES = entryuuid nsuniqueid # End MODULE ldb_entryuuid @@ -135,7 +136,7 @@ ldb_simple_ldap_map_OBJ_FILES = \ # Start MODULE ldb_rootdse [MODULE::ldb_rootdse] SUBSYSTEM = LIBLDB -PRIVATE_DEPENDENCIES = LIBTALLOC SAMDB +PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS SAMDB OUTPUT_TYPE = SHARED_LIBRARY INIT_FUNCTION = LDB_MODULE(rootdse) # End MODULE ldb_rootdse @@ -149,8 +150,9 @@ ldb_rootdse_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/rootdse.o SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY INIT_FUNCTION = LDB_MODULE(password_hash) -PRIVATE_DEPENDENCIES = HEIMDAL_HDB_KEYS LIBTALLOC HEIMDAL_KRB5 LDAP_ENCODE \ - LIBCLI_AUTH NDR_DRSBLOBS KERBEROS SAMDB +PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS SAMDB LDAP_ENCODE \ + LIBCLI_AUTH NDR_DRSBLOBS KERBEROS \ + HEIMDAL_HDB_KEYS HEIMDAL_KRB5 # End MODULE ldb_password_hash ################################################ @@ -159,7 +161,7 @@ ldb_password_hash_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/password_hash.o ################################################ # Start MODULE ldb_local_password [MODULE::ldb_local_password] -PRIVATE_DEPENDENCIES = LIBTALLOC LIBNDR SAMDB +PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS LIBNDR SAMDB OUTPUT_TYPE = SHARED_LIBRARY SUBSYSTEM = LIBLDB INIT_FUNCTION = LDB_MODULE(local_password) @@ -171,7 +173,7 @@ ldb_local_password_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/local_password.o ################################################ # Start MODULE ldb_kludge_acl [MODULE::ldb_kludge_acl] -PRIVATE_DEPENDENCIES = LIBTALLOC LIBSECURITY SAMDB +PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS LIBSECURITY SAMDB OUTPUT_TYPE = SHARED_LIBRARY SUBSYSTEM = LIBLDB INIT_FUNCTION = LDB_MODULE(kludge_acl) @@ -186,7 +188,7 @@ ldb_kludge_acl_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/kludge_acl.o [MODULE::ldb_extended_dn] SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY -PRIVATE_DEPENDENCIES = LIBTALLOC LIBNDR LIBSECURITY SAMDB +PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS LIBNDR LIBSECURITY SAMDB INIT_FUNCTION = LDB_MODULE(extended_dn) # End MODULE ldb_extended_dn ################################################ @@ -198,7 +200,7 @@ ldb_extended_dn_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/extended_dn.o [MODULE::ldb_show_deleted] SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY -PRIVATE_DEPENDENCIES = LIBTALLOC +PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS INIT_FUNCTION = LDB_MODULE(show_deleted) # End MODULE ldb_show_deleted ################################################ @@ -210,7 +212,7 @@ ldb_show_deleted_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/show_deleted.o [MODULE::ldb_partition] SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY -PRIVATE_DEPENDENCIES = LIBTALLOC SAMDB +PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS SAMDB INIT_FUNCTION = LDB_MODULE(partition) # End MODULE ldb_partition ################################################ @@ -222,7 +224,7 @@ ldb_partition_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/partition.o [MODULE::ldb_schema] SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY -PRIVATE_DEPENDENCIES = LIBTALLOC LIBLDB +PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS LIBLDB INIT_FUNCTION = LDB_MODULE(schema) # End MODULE ldb_schema ################################################ @@ -234,7 +236,7 @@ ldb_schema_OBJ_FILES = $(addprefix $(dsdbsrcdir)/samdb/ldb_modules/, schema.o sc [MODULE::ldb_update_keytab] SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY -PRIVATE_DEPENDENCIES = LIBTALLOC CREDENTIALS +PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS CREDENTIALS #Also depends on credentials, but that would loop INIT_FUNCTION = LDB_MODULE(update_kt) # End MODULE ldb_update_kt @@ -248,7 +250,7 @@ ldb_update_keytab_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/update_keytab.o INIT_FUNCTION = LDB_MODULE(objectclass) OUTPUT_TYPE = SHARED_LIBRARY CFLAGS = -Ilib/ldb/include -PRIVATE_DEPENDENCIES = LIBTALLOC LIBSECURITY NDR_SECURITY SAMDB +PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS LIBSECURITY NDR_SECURITY SAMDB SUBSYSTEM = LIBLDB # End MODULE ldb_objectclass ################################################ @@ -260,7 +262,7 @@ ldb_objectclass_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/objectclass.o [MODULE::ldb_subtree_rename] INIT_FUNCTION = LDB_MODULE(subtree_rename) CFLAGS = -Ilib/ldb/include -PRIVATE_DEPENDENCIES = LIBTALLOC +PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS SUBSYSTEM = LIBLDB # End MODULE ldb_subtree_rename ################################################ @@ -272,7 +274,7 @@ ldb_subtree_rename_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/subtree_rename.o [MODULE::ldb_subtree_delete] INIT_FUNCTION = LDB_MODULE(subtree_delete) CFLAGS = -Ilib/ldb/include -PRIVATE_DEPENDENCIES = LIBTALLOC +PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS SUBSYSTEM = LIBLDB # End MODULE ldb_subtree_rename ################################################ @@ -285,7 +287,7 @@ ldb_subtree_delete_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/subtree_delete.o INIT_FUNCTION = LDB_MODULE(linked_attributes) CFLAGS = -Ilib/ldb/include OUTPUT_TYPE = SHARED_LIBRARY -PRIVATE_DEPENDENCIES = LIBTALLOC SAMDB +PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS SAMDB SUBSYSTEM = LIBLDB # End MODULE ldb_linked_attributes ################################################ @@ -297,7 +299,7 @@ ldb_linked_attributes_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/linked_attribu [MODULE::ldb_ranged_results] INIT_FUNCTION = LDB_MODULE(ranged_results) CFLAGS = -Ilib/ldb/include -PRIVATE_DEPENDENCIES = LIBTALLOC +PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS SUBSYSTEM = LIBLDB # End MODULE ldb_ranged_results ################################################ @@ -310,7 +312,7 @@ ldb_ranged_results_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/ranged_results.o INIT_FUNCTION = LDB_MODULE(anr) CFLAGS = -Ilib/ldb/include OUTPUT_TYPE = SHARED_LIBRARY -PRIVATE_DEPENDENCIES = LIBTALLOC LIBSAMBA-UTIL SAMDB +PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS LIBSAMBA-UTIL SAMDB SUBSYSTEM = LIBLDB # End MODULE ldb_anr ################################################ @@ -323,7 +325,7 @@ ldb_anr_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/anr.o INIT_FUNCTION = LDB_MODULE(normalise) CFLAGS = -Ilib/ldb/include OUTPUT_TYPE = SHARED_LIBRARY -PRIVATE_DEPENDENCIES = LIBTALLOC LIBSAMBA-UTIL SAMDB +PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS LIBSAMBA-UTIL SAMDB SUBSYSTEM = LIBLDB # End MODULE ldb_normalise ################################################ @@ -336,7 +338,7 @@ ldb_normalise_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/normalise.o INIT_FUNCTION = LDB_MODULE(instancetype) CFLAGS = -Ilib/ldb/include OUTPUT_TYPE = SHARED_LIBRARY -PRIVATE_DEPENDENCIES = LIBTALLOC LIBSAMBA-UTIL SAMDB +PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS LIBSAMBA-UTIL SAMDB SUBSYSTEM = LIBLDB # End MODULE ldb_instancetype ################################################ -- cgit From b388f932ba14078697878567956c2f16ad8abc68 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 19 Jun 2008 18:06:35 +1000 Subject: Change detection of objectCategory short fomm To actually validate the DN, we load and call the validation fucntion, not just check the 'ldb_dn_is_valid()' function. Andrew Bartlett (This used to be commit 5fb5a4e13db3a03da414876efa717c3de44ca77c) --- source4/dsdb/samdb/ldb_modules/simple_ldap_map.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c index 91896d7247..101ca67dee 100644 --- a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c +++ b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c @@ -158,7 +158,7 @@ static struct ldb_val objectCategory_always_dn(struct ldb_module *module, TALLOC const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(module->ldb, "objectCategory"); dn = ldb_dn_new(ctx, module->ldb, val->data); - if (dn && ldb_dn_is_valid(dn)) { + if (dn && ldb_dn_validate(dn)) { talloc_free(dn); return val_copy(module, ctx, val); } -- cgit From d7ac45f8b851352867fa0f039d3a99bbc7016a68 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sat, 28 Jun 2008 10:49:49 +0200 Subject: ldb: fix the init function names for some modules metze (This used to be commit a485a363c3dc1b6b4d12410ed8e390b4d64a739f) --- source4/dsdb/samdb/ldb_modules/config.mk | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index d8dc0516f6..997b692416 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -110,7 +110,7 @@ ldb_samba3sam_OBJ_FILES = \ [MODULE::ldb_simple_ldap_map] SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY -INIT_FUNCTION = LDB_MODULE(simple_ldap_map) +INIT_FUNCTION = LDB_MODULE(entryuuid),LDB_MODULE(nsuniqueid) PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS LIBNDR NDR_MISC ENABLE = YES ALIASES = entryuuid nsuniqueid @@ -238,7 +238,7 @@ SUBSYSTEM = LIBLDB OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS CREDENTIALS #Also depends on credentials, but that would loop -INIT_FUNCTION = LDB_MODULE(update_kt) +INIT_FUNCTION = LDB_MODULE(update_keytab) # End MODULE ldb_update_kt ################################################ -- cgit From db0c0327adc37cc6e6887b1c06a9933230a3c513 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 27 Jun 2008 15:34:31 +0200 Subject: dsdb: don't force the build of ldb modules as shared_module metze (This used to be commit 3379630a91bd96a34f99ed24ac92380bd97ccb07) --- source4/dsdb/samdb/ldb_modules/config.mk | 23 ----------------------- 1 file changed, 23 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index 997b692416..830f7c9fa1 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -2,7 +2,6 @@ # Start MODULE ldb_objectguid [MODULE::ldb_objectguid] SUBSYSTEM = LIBLDB -OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS LIBNDR NDR_MISC INIT_FUNCTION = LDB_MODULE(objectguid) # End MODULE ldb_objectguid @@ -14,7 +13,6 @@ ldb_objectguid_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/objectguid.o # Start MODULE ldb_repl_meta_data [MODULE::ldb_repl_meta_data] SUBSYSTEM = LIBLDB -OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = SAMDB LIBTALLOC LIBEVENTS \ LIBNDR NDR_MISC NDR_DRSUAPI \ NDR_DRSBLOBS LIBNDR @@ -29,7 +27,6 @@ ldb_repl_meta_data_OBJ_FILES = \ # Start MODULE ldb_dsdb_cache [MODULE::ldb_dsdb_cache] SUBSYSTEM = LIBLDB -OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = SAMDB LIBTALLOC LIBEVENTS INIT_FUNCTION = LDB_MODULE(dsdb_cache) # End MODULE ldb_dsdb_cache @@ -42,7 +39,6 @@ ldb_dsdb_cache_OBJ_FILES = \ # Start MODULE ldb_schema_fsmo [MODULE::ldb_schema_fsmo] SUBSYSTEM = LIBLDB -OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = SAMDB LIBTALLOC LIBEVENTS INIT_FUNCTION = LDB_MODULE(schema_fsmo) # End MODULE ldb_schema_fsmo @@ -55,7 +51,6 @@ ldb_schema_fsmo_OBJ_FILES = \ # Start MODULE ldb_naming_fsmo [MODULE::ldb_naming_fsmo] SUBSYSTEM = LIBLDB -OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = SAMDB LIBTALLOC LIBEVENTS INIT_FUNCTION = LDB_MODULE(naming_fsmo) # End MODULE ldb_naming_fsmo @@ -68,7 +63,6 @@ ldb_naming_fsmo_OBJ_FILES = \ # Start MODULE ldb_pdc_fsmo [MODULE::ldb_pdc_fsmo] SUBSYSTEM = LIBLDB -OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = SAMDB LIBTALLOC LIBEVENTS INIT_FUNCTION = LDB_MODULE(pdc_fsmo) # End MODULE ldb_pdc_fsmo @@ -81,7 +75,6 @@ ldb_pdc_fsmo_OBJ_FILES = \ # Start MODULE ldb_samldb [MODULE::ldb_samldb] SUBSYSTEM = LIBLDB -OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS LDAP_ENCODE NDR_MISC SAMDB INIT_FUNCTION = LDB_MODULE(samldb) # @@ -95,7 +88,6 @@ ldb_samldb_OBJ_FILES = \ # Start MODULE ldb_samba3sam [MODULE::ldb_samba3sam] SUBSYSTEM = LIBLDB -OUTPUT_TYPE = SHARED_LIBRARY INIT_FUNCTION = LDB_MODULE(samba3sam) PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS SMBPASSWD \ NSS_WRAPPER LIBSECURITY NDR_SECURITY @@ -109,7 +101,6 @@ ldb_samba3sam_OBJ_FILES = \ # Start MODULE ldb_simple_ldap_map [MODULE::ldb_simple_ldap_map] SUBSYSTEM = LIBLDB -OUTPUT_TYPE = SHARED_LIBRARY INIT_FUNCTION = LDB_MODULE(entryuuid),LDB_MODULE(nsuniqueid) PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS LIBNDR NDR_MISC ENABLE = YES @@ -137,7 +128,6 @@ ldb_simple_ldap_map_OBJ_FILES = \ [MODULE::ldb_rootdse] SUBSYSTEM = LIBLDB PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS SAMDB -OUTPUT_TYPE = SHARED_LIBRARY INIT_FUNCTION = LDB_MODULE(rootdse) # End MODULE ldb_rootdse ################################################ @@ -148,7 +138,6 @@ ldb_rootdse_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/rootdse.o # Start MODULE ldb_password_hash [MODULE::ldb_password_hash] SUBSYSTEM = LIBLDB -OUTPUT_TYPE = SHARED_LIBRARY INIT_FUNCTION = LDB_MODULE(password_hash) PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS SAMDB LDAP_ENCODE \ LIBCLI_AUTH NDR_DRSBLOBS KERBEROS \ @@ -162,7 +151,6 @@ ldb_password_hash_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/password_hash.o # Start MODULE ldb_local_password [MODULE::ldb_local_password] PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS LIBNDR SAMDB -OUTPUT_TYPE = SHARED_LIBRARY SUBSYSTEM = LIBLDB INIT_FUNCTION = LDB_MODULE(local_password) # End MODULE ldb_local_password @@ -174,7 +162,6 @@ ldb_local_password_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/local_password.o # Start MODULE ldb_kludge_acl [MODULE::ldb_kludge_acl] PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS LIBSECURITY SAMDB -OUTPUT_TYPE = SHARED_LIBRARY SUBSYSTEM = LIBLDB INIT_FUNCTION = LDB_MODULE(kludge_acl) @@ -187,7 +174,6 @@ ldb_kludge_acl_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/kludge_acl.o # Start MODULE ldb_extended_dn [MODULE::ldb_extended_dn] SUBSYSTEM = LIBLDB -OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS LIBNDR LIBSECURITY SAMDB INIT_FUNCTION = LDB_MODULE(extended_dn) # End MODULE ldb_extended_dn @@ -199,7 +185,6 @@ ldb_extended_dn_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/extended_dn.o # Start MODULE ldb_show_deleted [MODULE::ldb_show_deleted] SUBSYSTEM = LIBLDB -OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS INIT_FUNCTION = LDB_MODULE(show_deleted) # End MODULE ldb_show_deleted @@ -211,7 +196,6 @@ ldb_show_deleted_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/show_deleted.o # Start MODULE ldb_partition [MODULE::ldb_partition] SUBSYSTEM = LIBLDB -OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS SAMDB INIT_FUNCTION = LDB_MODULE(partition) # End MODULE ldb_partition @@ -223,7 +207,6 @@ ldb_partition_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/partition.o # Start MODULE ldb_schema [MODULE::ldb_schema] SUBSYSTEM = LIBLDB -OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS LIBLDB INIT_FUNCTION = LDB_MODULE(schema) # End MODULE ldb_schema @@ -235,7 +218,6 @@ ldb_schema_OBJ_FILES = $(addprefix $(dsdbsrcdir)/samdb/ldb_modules/, schema.o sc # Start MODULE ldb_update_kt [MODULE::ldb_update_keytab] SUBSYSTEM = LIBLDB -OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS CREDENTIALS #Also depends on credentials, but that would loop INIT_FUNCTION = LDB_MODULE(update_keytab) @@ -248,7 +230,6 @@ ldb_update_keytab_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/update_keytab.o # Start MODULE ldb_objectclass [MODULE::ldb_objectclass] INIT_FUNCTION = LDB_MODULE(objectclass) -OUTPUT_TYPE = SHARED_LIBRARY CFLAGS = -Ilib/ldb/include PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS LIBSECURITY NDR_SECURITY SAMDB SUBSYSTEM = LIBLDB @@ -286,7 +267,6 @@ ldb_subtree_delete_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/subtree_delete.o [MODULE::ldb_linked_attributes] INIT_FUNCTION = LDB_MODULE(linked_attributes) CFLAGS = -Ilib/ldb/include -OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS SAMDB SUBSYSTEM = LIBLDB # End MODULE ldb_linked_attributes @@ -311,7 +291,6 @@ ldb_ranged_results_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/ranged_results.o [MODULE::ldb_anr] INIT_FUNCTION = LDB_MODULE(anr) CFLAGS = -Ilib/ldb/include -OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS LIBSAMBA-UTIL SAMDB SUBSYSTEM = LIBLDB # End MODULE ldb_anr @@ -324,7 +303,6 @@ ldb_anr_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/anr.o [MODULE::ldb_normalise] INIT_FUNCTION = LDB_MODULE(normalise) CFLAGS = -Ilib/ldb/include -OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS LIBSAMBA-UTIL SAMDB SUBSYSTEM = LIBLDB # End MODULE ldb_normalise @@ -337,7 +315,6 @@ ldb_normalise_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/normalise.o [MODULE::ldb_instancetype] INIT_FUNCTION = LDB_MODULE(instancetype) CFLAGS = -Ilib/ldb/include -OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS LIBSAMBA-UTIL SAMDB SUBSYSTEM = LIBLDB # End MODULE ldb_instancetype -- cgit From 5767b578a0ad9db91bb5f4ca5e74615c663034a7 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 30 Jun 2008 17:15:49 +0200 Subject: schema_fsmo: only set module->private_data in case we keep the struct for a long time metze (This used to be commit 82940f6ca120026378e6deb49a07becb2d581f45) --- source4/dsdb/samdb/ldb_modules/schema_fsmo.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c index 8ceeba9804..bc1e60abb2 100644 --- a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c +++ b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c @@ -54,6 +54,8 @@ static int schema_fsmo_init(struct ldb_module *module) NULL }; + module->private_data = NULL; + if (dsdb_get_schema(module->ldb)) { return ldb_next_init(module); } @@ -77,7 +79,6 @@ static int schema_fsmo_init(struct ldb_module *module) ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } - module->private_data = schema_fsmo; schema = dsdb_new_schema(mem_ctx, lp_iconv_convenience(ldb_get_opaque(module->ldb, "loadparm"))); if (!schema) { @@ -246,7 +247,7 @@ static int schema_fsmo_init(struct ldb_module *module) return LDB_ERR_OPERATIONS_ERROR; } - talloc_steal(module, schema_fsmo); + module->private_data = talloc_steal(module, schema_fsmo); ldb_debug(module->ldb, LDB_DEBUG_TRACE, "schema_fsmo_init: we are master: %s\n", -- cgit From db0a105aae2ba32be4aa5658fc8963ba28933a6b Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 1 Jul 2008 16:35:13 +0200 Subject: schema_fsmo: move fsmo info into struct dsdb_schema metze (This used to be commit 8538d305c803268c712a90879f29a2a74ba0ef03) --- source4/dsdb/samdb/ldb_modules/rootdse.c | 5 +---- source4/dsdb/samdb/ldb_modules/schema_fsmo.c | 32 +++++++--------------------- 2 files changed, 9 insertions(+), 28 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index 50f333d095..75f99a139d 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -164,14 +164,11 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms } if (do_attribute_explicit(attrs, "validFSMOs")) { - const struct dsdb_schema_fsmo *schema_fsmo; const struct dsdb_naming_fsmo *naming_fsmo; const struct dsdb_pdc_fsmo *pdc_fsmo; const char *dn_str; - schema_fsmo = talloc_get_type(ldb_get_opaque(module->ldb, "dsdb_schema_fsmo"), - struct dsdb_schema_fsmo); - if (schema_fsmo && schema_fsmo->we_are_master) { + if (schema && schema->fsmo.we_are_master) { dn_str = ldb_dn_get_linearized(samdb_schema_dn(module->ldb)); if (dn_str && dn_str[0]) { if (ldb_msg_add_fmt(msg, "validFSMOs", "%s", dn_str) != 0) { diff --git a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c index bc1e60abb2..0fcda0a430 100644 --- a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c +++ b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c @@ -38,7 +38,6 @@ static int schema_fsmo_init(struct ldb_module *module) TALLOC_CTX *mem_ctx; struct ldb_dn *schema_dn; struct dsdb_schema *schema; - struct dsdb_schema_fsmo *schema_fsmo; struct ldb_result *schema_res; const struct ldb_val *prefix_val; const struct ldb_val *info_val; @@ -54,8 +53,6 @@ static int schema_fsmo_init(struct ldb_module *module) NULL }; - module->private_data = NULL; - if (dsdb_get_schema(module->ldb)) { return ldb_next_init(module); } @@ -74,12 +71,6 @@ static int schema_fsmo_init(struct ldb_module *module) return LDB_ERR_OPERATIONS_ERROR; } - schema_fsmo = talloc_zero(mem_ctx, struct dsdb_schema_fsmo); - if (!schema_fsmo) { - ldb_oom(module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - schema = dsdb_new_schema(mem_ctx, lp_iconv_convenience(ldb_get_opaque(module->ldb, "loadparm"))); if (!schema) { ldb_oom(module->ldb); @@ -225,6 +216,13 @@ static int schema_fsmo_init(struct ldb_module *module) } talloc_free(c_res); + schema->fsmo.master_dn = ldb_msg_find_attr_as_dn(module->ldb, schema, schema_res->msgs[0], "fSMORoleOwner"); + if (ldb_dn_compare(samdb_ntds_settings_dn(module->ldb), schema->fsmo.master_dn) == 0) { + schema->fsmo.we_are_master = true; + } else { + schema->fsmo.we_are_master = false; + } + /* dsdb_set_schema() steal schema into the ldb_context */ ret = dsdb_set_schema(module->ldb, schema); if (ret != LDB_SUCCESS) { @@ -235,23 +233,9 @@ static int schema_fsmo_init(struct ldb_module *module) return ret; } - schema_fsmo->master_dn = ldb_msg_find_attr_as_dn(module->ldb, schema_fsmo, schema_res->msgs[0], "fSMORoleOwner"); - if (ldb_dn_compare(samdb_ntds_settings_dn(module->ldb), schema_fsmo->master_dn) == 0) { - schema_fsmo->we_are_master = true; - } else { - schema_fsmo->we_are_master = false; - } - - if (ldb_set_opaque(module->ldb, "dsdb_schema_fsmo", schema_fsmo) != LDB_SUCCESS) { - ldb_oom(module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - - module->private_data = talloc_steal(module, schema_fsmo); - ldb_debug(module->ldb, LDB_DEBUG_TRACE, "schema_fsmo_init: we are master: %s\n", - (schema_fsmo->we_are_master?"yes":"no")); + (schema->fsmo.we_are_master?"yes":"no")); talloc_free(mem_ctx); return ldb_next_init(module); -- cgit From 2a918a353f3d0e5dc64ac89ad3e32a564aa094c9 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 30 Jun 2008 17:17:24 +0200 Subject: schema_fsmo: prepare auto allocation of schema oid prefixes This implements the logic in the schema_fsmo_add() function, but it only calls a dummy dsdb_create_prefix_mapping() yet. metze (This used to be commit 9018b85e834de6714a78304ba1c7018838e30a61) --- source4/dsdb/samdb/ldb_modules/schema_fsmo.c | 60 +++++++++++++++++++++++++++- 1 file changed, 59 insertions(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c index 0fcda0a430..01108605ec 100644 --- a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c +++ b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c @@ -241,7 +241,65 @@ static int schema_fsmo_init(struct ldb_module *module) return ldb_next_init(module); } +static int schema_fsmo_add(struct ldb_module *module, struct ldb_request *req) +{ + struct dsdb_schema *schema; + const char *attributeID = NULL; + const char *governsID = NULL; + const char *oid_attr = NULL; + const char *oid = NULL; + uint32_t id32; + WERROR status; + + schema = dsdb_get_schema(module->ldb); + if (!schema) { + return ldb_next_request(module, req); + } + + if (!schema->fsmo.we_are_master) { + ldb_debug_set(module->ldb, LDB_DEBUG_ERROR, + "schema_fsmo_add: we are not master: reject request\n"); + return LDB_ERR_UNWILLING_TO_PERFORM; + } + + attributeID = samdb_result_string(req->op.add.message, "attributeID", NULL); + governsID = samdb_result_string(req->op.add.message, "governsID", NULL); + + if (attributeID) { + oid_attr = "attributeID"; + oid = attributeID; + } else if (governsID) { + oid_attr = "governsID"; + oid = governsID; + } + + if (!oid) { + return ldb_next_request(module, req); + } + + status = dsdb_map_oid2int(schema, oid, &id32); + if (W_ERROR_IS_OK(status)) { + return ldb_next_request(module, req); + } else if (!W_ERROR_EQUAL(WERR_DS_NO_MSDS_INTID, status)) { + ldb_debug_set(module->ldb, LDB_DEBUG_ERROR, + "schema_fsmo_add: failed to map %s[%s]: %s\n", + oid_attr, oid, win_errstr(status)); + return LDB_ERR_UNWILLING_TO_PERFORM; + } + + status = dsdb_create_prefix_mapping(module->ldb, schema, oid); + if (!W_ERROR_IS_OK(status)) { + ldb_debug_set(module->ldb, LDB_DEBUG_ERROR, + "schema_fsmo_add: failed to create prefix mapping for %s[%s]: %s\n", + oid_attr, oid, win_errstr(status)); + return LDB_ERR_UNWILLING_TO_PERFORM; + } + + return ldb_next_request(module, req); +} + _PUBLIC_ const struct ldb_module_ops ldb_schema_fsmo_module_ops = { .name = "schema_fsmo", - .init_context = schema_fsmo_init + .init_context = schema_fsmo_init, + .add = schema_fsmo_add }; -- cgit From 7e851ada55bcdbd1ad19587e5dd6779c74c361e1 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 2 Jul 2008 21:30:08 +1000 Subject: Move ad2oLschema and oLschema2ldif into Samba4, out of LDB LDB does not know about nor process the AD schema, so it makes no sense to have this tool there. I've been changing it anyway, to use a common schema manipulation library, and will enhance these links in the future. Andrew Bartlett (This used to be commit c7704805b9a3541e4c8768278c8289b0aa6ed5e3) --- source4/dsdb/samdb/ldb_modules/schema_fsmo.c | 105 +++------------------------ 1 file changed, 11 insertions(+), 94 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c index 01108605ec..6f65c199ba 100644 --- a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c +++ b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c @@ -34,17 +34,13 @@ static int schema_fsmo_init(struct ldb_module *module) { - WERROR status; TALLOC_CTX *mem_ctx; struct ldb_dn *schema_dn; struct dsdb_schema *schema; struct ldb_result *schema_res; - const struct ldb_val *prefix_val; - const struct ldb_val *info_val; - struct ldb_val info_val_default; struct ldb_result *a_res; struct ldb_result *c_res; - uint32_t i; + char *error_string = NULL; int ret; static const char *schema_attrs[] = { "prefixMap", @@ -71,12 +67,6 @@ static int schema_fsmo_init(struct ldb_module *module) return LDB_ERR_OPERATIONS_ERROR; } - schema = dsdb_new_schema(mem_ctx, lp_iconv_convenience(ldb_get_opaque(module->ldb, "loadparm"))); - if (!schema) { - ldb_oom(module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - /* * setup the prefix mappings and schema info */ @@ -111,33 +101,6 @@ static int schema_fsmo_init(struct ldb_module *module) return LDB_ERR_CONSTRAINT_VIOLATION; } - prefix_val = ldb_msg_find_ldb_val(schema_res->msgs[0], "prefixMap"); - if (!prefix_val) { - ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, - "schema_fsmo_init: no prefixMap attribute found"); - talloc_free(mem_ctx); - return LDB_ERR_CONSTRAINT_VIOLATION; - } - info_val = ldb_msg_find_ldb_val(schema_res->msgs[0], "schemaInfo"); - if (!info_val) { - info_val_default = strhex_to_data_blob("FF0000000000000000000000000000000000000000"); - if (!info_val_default.data) { - ldb_oom(module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - talloc_steal(mem_ctx, info_val_default.data); - info_val = &info_val_default; - } - - status = dsdb_load_oid_mappings_ldb(schema, prefix_val, info_val); - if (!W_ERROR_IS_OK(status)) { - ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, - "schema_fsmo_init: failed to load oid mappings: %s", - win_errstr(status)); - talloc_free(mem_ctx); - return LDB_ERR_CONSTRAINT_VIOLATION; - } - /* * load the attribute definitions */ @@ -154,29 +117,6 @@ static int schema_fsmo_init(struct ldb_module *module) } talloc_steal(mem_ctx, a_res); - for (i=0; i < a_res->count; i++) { - struct dsdb_attribute *sa; - - sa = talloc_zero(schema, struct dsdb_attribute); - if (!sa) { - ldb_oom(module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - - status = dsdb_attribute_from_ldb(schema, a_res->msgs[i], sa, sa); - if (!W_ERROR_IS_OK(status)) { - ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, - "schema_fsmo_init: failed to load attriute definition: %s:%s", - ldb_dn_get_linearized(a_res->msgs[i]->dn), - win_errstr(status)); - talloc_free(mem_ctx); - return LDB_ERR_CONSTRAINT_VIOLATION; - } - - DLIST_ADD_END(schema->attributes, sa, struct dsdb_attribute *); - } - talloc_free(a_res); - /* * load the objectClass definitions */ @@ -193,36 +133,17 @@ static int schema_fsmo_init(struct ldb_module *module) } talloc_steal(mem_ctx, c_res); - for (i=0; i < c_res->count; i++) { - struct dsdb_class *sc; - - sc = talloc_zero(schema, struct dsdb_class); - if (!sc) { - ldb_oom(module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - - status = dsdb_class_from_ldb(schema, c_res->msgs[i], sc, sc); - if (!W_ERROR_IS_OK(status)) { - ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, - "schema_fsmo_init: failed to load class definition: %s:%s", - ldb_dn_get_linearized(c_res->msgs[i]->dn), - win_errstr(status)); - talloc_free(mem_ctx); - return LDB_ERR_CONSTRAINT_VIOLATION; - } - - DLIST_ADD_END(schema->classes, sc, struct dsdb_class *); - } - talloc_free(c_res); - - schema->fsmo.master_dn = ldb_msg_find_attr_as_dn(module->ldb, schema, schema_res->msgs[0], "fSMORoleOwner"); - if (ldb_dn_compare(samdb_ntds_settings_dn(module->ldb), schema->fsmo.master_dn) == 0) { - schema->fsmo.we_are_master = true; - } else { - schema->fsmo.we_are_master = false; + ret = dsdb_schema_from_ldb_results(mem_ctx, module->ldb, + lp_iconv_convenience(ldb_get_opaque(module->ldb, "loadparm")), + schema_res, a_res, c_res, &schema, &error_string); + if (ret != LDB_SUCCESS) { + ldb_asprintf_errstring(module->ldb, + "schema_fsmo_init: dsdb_schema load failed: %s", + error_string); + talloc_free(mem_ctx); + return ret; } - + /* dsdb_set_schema() steal schema into the ldb_context */ ret = dsdb_set_schema(module->ldb, schema); if (ret != LDB_SUCCESS) { @@ -233,10 +154,6 @@ static int schema_fsmo_init(struct ldb_module *module) return ret; } - ldb_debug(module->ldb, LDB_DEBUG_TRACE, - "schema_fsmo_init: we are master: %s\n", - (schema->fsmo.we_are_master?"yes":"no")); - talloc_free(mem_ctx); return ldb_next_init(module); } -- cgit From 83d90d6cd6029446f836774d7c68bc13ce9cd360 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 10 Jul 2008 15:52:44 +1000 Subject: Make ad2oLschema even simpler, by moving the heavy work into dsdb. This will allow the kludge_acl and schema code to leverage the same work. (We might even get schema validation soon! :-) Andrew Bartlett (This used to be commit cecd04ce1f8ce2af2fb654b3abc1499092405d60) --- source4/dsdb/samdb/ldb_modules/schema_fsmo.c | 77 ++-------------------------- 1 file changed, 5 insertions(+), 72 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c index 6f65c199ba..a397228723 100644 --- a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c +++ b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c @@ -37,17 +37,8 @@ static int schema_fsmo_init(struct ldb_module *module) TALLOC_CTX *mem_ctx; struct ldb_dn *schema_dn; struct dsdb_schema *schema; - struct ldb_result *schema_res; - struct ldb_result *a_res; - struct ldb_result *c_res; char *error_string = NULL; int ret; - static const char *schema_attrs[] = { - "prefixMap", - "schemaInfo", - "fSMORoleOwner", - NULL - }; if (dsdb_get_schema(module->ldb)) { return ldb_next_init(module); @@ -67,83 +58,25 @@ static int schema_fsmo_init(struct ldb_module *module) return LDB_ERR_OPERATIONS_ERROR; } - /* - * setup the prefix mappings and schema info - */ - ret = ldb_search(module->ldb, schema_dn, - LDB_SCOPE_BASE, - NULL, schema_attrs, - &schema_res); + ret = dsdb_schema_from_schema_dn(mem_ctx, module->ldb, + lp_iconv_convenience(ldb_get_opaque(module->ldb, "loadparm")), + schema_dn, &schema, &error_string); + if (ret == LDB_ERR_NO_SUCH_OBJECT) { ldb_reset_err_string(module->ldb); ldb_debug(module->ldb, LDB_DEBUG_WARNING, "schema_fsmo_init: no schema head present: (skip schema loading)\n"); talloc_free(mem_ctx); return ldb_next_init(module); - } else if (ret != LDB_SUCCESS) { - ldb_asprintf_errstring(module->ldb, - "schema_fsmo_init: failed to search the schema head: %s", - ldb_errstring(module->ldb)); - talloc_free(mem_ctx); - return ret; - } - talloc_steal(mem_ctx, schema_res); - if (schema_res->count == 0) { - ldb_debug(module->ldb, LDB_DEBUG_WARNING, - "schema_fsmo_init: no schema head present: (skip schema loading)\n"); - talloc_free(mem_ctx); - return ldb_next_init(module); - } else if (schema_res->count > 1) { - ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, - "schema_fsmo_init: [%u] schema heads found on a base search", - schema_res->count); - talloc_free(mem_ctx); - return LDB_ERR_CONSTRAINT_VIOLATION; - } - - /* - * load the attribute definitions - */ - ret = ldb_search(module->ldb, schema_dn, - LDB_SCOPE_ONELEVEL, - "(objectClass=attributeSchema)", NULL, - &a_res); - if (ret != LDB_SUCCESS) { - ldb_asprintf_errstring(module->ldb, - "schema_fsmo_init: failed to search attributeSchema objects: %s", - ldb_errstring(module->ldb)); - talloc_free(mem_ctx); - return ret; - } - talloc_steal(mem_ctx, a_res); - - /* - * load the objectClass definitions - */ - ret = ldb_search(module->ldb, schema_dn, - LDB_SCOPE_ONELEVEL, - "(objectClass=classSchema)", NULL, - &c_res); - if (ret != LDB_SUCCESS) { - ldb_asprintf_errstring(module->ldb, - "schema_fsmo_init: failed to search classSchema objects: %s", - ldb_errstring(module->ldb)); - talloc_free(mem_ctx); - return ret; } - talloc_steal(mem_ctx, c_res); - ret = dsdb_schema_from_ldb_results(mem_ctx, module->ldb, - lp_iconv_convenience(ldb_get_opaque(module->ldb, "loadparm")), - schema_res, a_res, c_res, &schema, &error_string); if (ret != LDB_SUCCESS) { ldb_asprintf_errstring(module->ldb, "schema_fsmo_init: dsdb_schema load failed: %s", error_string); talloc_free(mem_ctx); - return ret; } - + /* dsdb_set_schema() steal schema into the ldb_context */ ret = dsdb_set_schema(module->ldb, schema); if (ret != LDB_SUCCESS) { -- cgit From a5e3c5e236794aef2ccc332449824f4e9a18b09d Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 10 Jul 2008 17:54:43 +1000 Subject: Avoid the use of extensibleObject in ldap mapping backend. Instead of extensibleObject, we use the new (more correct) ad2oLschema tool, and a new objectClass called 'samba4Top', which we add and remove in the same way we did extensibleObject. Andrew Bartlett (This used to be commit 5ab20aa8b43415751f77602fff3a3008bf2186db) --- source4/dsdb/samdb/ldb_modules/simple_ldap_map.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c index 101ca67dee..e5541ea255 100644 --- a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c +++ b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c @@ -676,7 +676,7 @@ static int entryuuid_init(struct ldb_module *module) struct map_private *map_private; struct entryuuid_private *entryuuid_private; - ret = ldb_map_init(module, entryuuid_attributes, entryuuid_objectclasses, entryuuid_wildcard_attributes, "extensibleObject", NULL); + ret = ldb_map_init(module, entryuuid_attributes, entryuuid_objectclasses, entryuuid_wildcard_attributes, "samba4Top", NULL); if (ret != LDB_SUCCESS) return ret; @@ -697,7 +697,7 @@ static int nsuniqueid_init(struct ldb_module *module) struct map_private *map_private; struct entryuuid_private *entryuuid_private; - ret = ldb_map_init(module, nsuniqueid_attributes, NULL, nsuniqueid_wildcard_attributes, "extensibleObject", NULL); + ret = ldb_map_init(module, nsuniqueid_attributes, NULL, nsuniqueid_wildcard_attributes, "samba4Top", NULL); if (ret != LDB_SUCCESS) return ret; -- cgit From b4691ad5601a9d3e3f8ff8b42314d5e2cb462cd2 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 11 Jul 2008 15:11:32 +1000 Subject: Use common code to fill in allowedAttributes in kludge_acl. This code is now in common with ad2oLschema. Andrew Bartlett (This used to be commit 0a797388ca442c3ad4809888897b1c63b65a7fdf) --- source4/dsdb/samdb/ldb_modules/kludge_acl.c | 64 +++++++++++++---------------- 1 file changed, 28 insertions(+), 36 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index e418031271..bc30fbc36d 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -93,8 +93,9 @@ static int kludge_acl_allowedAttributes(struct ldb_context *ldb, struct ldb_mess struct ldb_message_element *oc_el; struct ldb_message_element *allowedAttributes; const struct dsdb_schema *schema = dsdb_get_schema(ldb); - const struct dsdb_class *class; - int i, j, ret; + TALLOC_CTX *mem_ctx; + char **objectclass_list, **attr_list; + int i, ret; /* If we don't have a schema yet, we can't do anything... */ if (schema == NULL) { @@ -108,48 +109,39 @@ static int kludge_acl_allowedAttributes(struct ldb_context *ldb, struct ldb_mess return ret; } + mem_ctx = talloc_new(msg); + if (!mem_ctx) { + ldb_oom(ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + /* To ensure that oc_el is valid, we must look for it after we alter the element array in ldb_msg_add_empty() */ oc_el = ldb_msg_find_element(msg, "objectClass"); + + objectclass_list = talloc_array(mem_ctx, char *, oc_el->num_values + 1); + if (!objectclass_list) { + ldb_oom(ldb); + talloc_free(mem_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } for (i=0; oc_el && i < oc_el->num_values; i++) { - class = dsdb_class_by_lDAPDisplayName(schema, (const char *)oc_el->values[i].data); - if (!class) { - /* We don't know this class? what is going on? */ - continue; - } - - for (j=0; class->mayContain && class->mayContain[j]; j++) { - ldb_msg_add_string(msg, attrName, class->mayContain[j]); - } - for (j=0; class->mustContain && class->mustContain[j]; j++) { - ldb_msg_add_string(msg, attrName, class->mustContain[j]); - } - for (j=0; class->systemMayContain && class->systemMayContain[j]; j++) { - ldb_msg_add_string(msg, attrName, class->systemMayContain[j]); - } - for (j=0; class->systemMustContain && class->systemMustContain[j]; j++) { - ldb_msg_add_string(msg, attrName, class->systemMustContain[j]); - } + objectclass_list[i] = (char *)oc_el->values[i].data; } - - if (allowedAttributes->num_values > 1) { - qsort(allowedAttributes->values, - allowedAttributes->num_values, - sizeof(*allowedAttributes->values), - (comparison_fn_t)data_blob_cmp); - - for (i=1 ; i < allowedAttributes->num_values; i++) { - struct ldb_val *val1 = &allowedAttributes->values[i-1]; - struct ldb_val *val2 = &allowedAttributes->values[i]; - if (data_blob_cmp(val1, val2) == 0) { - memmove(val1, val2, (allowedAttributes->num_values - i) * sizeof( struct ldb_val)); - allowedAttributes->num_values--; - i--; - } - } + objectclass_list[i] = NULL; + + attr_list = dsdb_full_attribute_list(mem_ctx, schema, (const char **)objectclass_list, DSDB_SCHEMA_ALL); + if (!attr_list) { + ldb_asprintf_errstring(ldb, "kludge_acl: Failed to get list of attributes create %s attribute", attrName); + talloc_free(mem_ctx); + return LDB_ERR_OPERATIONS_ERROR; } + for (i=0; attr_list && attr_list[i]; i++) { + ldb_msg_add_string(msg, attrName, attr_list[i]); + } + talloc_free(mem_ctx); return 0; } -- cgit From 44ea6a26fd088f0f8c86817510ebe5a6cddf9158 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 12 Jul 2008 15:26:42 +1000 Subject: rename sambaPassword -> userPassword. This attribute is used in a very similar way (virtual attribute updating the password) in AD on Win2003, so eliminate the difference. This should not cause a problem for on-disk passwords, as by default we do not store the plaintext at all. Andrew Bartlett (This used to be commit 1cf0d751493b709ef6b2234ec8847a7499f48ab3) --- source4/dsdb/samdb/ldb_modules/kludge_acl.c | 2 +- source4/dsdb/samdb/ldb_modules/local_password.c | 6 ++--- source4/dsdb/samdb/ldb_modules/password_hash.c | 32 ++++++++++++------------ source4/dsdb/samdb/ldb_modules/samba3sam.c | 4 +-- source4/dsdb/samdb/ldb_modules/simple_ldap_map.c | 18 ------------- 5 files changed, 22 insertions(+), 40 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index bc30fbc36d..2c01594722 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -321,7 +321,7 @@ static int kludge_acl_search(struct ldb_module *module, struct ldb_request *req) /* FIXME: I hink we should copy the tree and keep the original * unmodified. SSS */ /* replace any attributes in the parse tree that are private, - so we don't allow a search for 'sambaPassword=penguin', + so we don't allow a search for 'userPassword=penguin', just as we would not allow that attribute to be returned */ switch (ac->user_type) { case SECURITY_SYSTEM: diff --git a/source4/dsdb/samdb/ldb_modules/local_password.c b/source4/dsdb/samdb/ldb_modules/local_password.c index dfa98ef0af..a411c01513 100644 --- a/source4/dsdb/samdb/ldb_modules/local_password.c +++ b/source4/dsdb/samdb/ldb_modules/local_password.c @@ -24,7 +24,7 @@ * * Component: ldb local_password module * - * Description: correctly update hash values based on changes to sambaPassword and friends + * Description: correctly update hash values based on changes to userPassword and friends * * Author: Andrew Bartlett */ @@ -154,7 +154,7 @@ static int local_password_add(struct ldb_module *module, struct ldb_request *req return ldb_next_request(module, req); } - /* TODO: remove this when sambaPassword will be in schema */ + /* TODO: remove this when userPassword will be in schema */ if (!ldb_msg_check_string_attribute(req->op.add.message, "objectClass", "person")) { ldb_asprintf_errstring(module->ldb, "Cannot relocate a password on entry: %s, does not have objectClass 'person'", @@ -417,7 +417,7 @@ static int local_password_mod_local(struct ldb_handle *h) { ac = talloc_get_type(h->private_data, struct lpdb_context); /* if it is not an entry of type person this is an error */ - /* TODO: remove this when sambaPassword will be in schema */ + /* TODO: remove this when these things are checked in the schema */ if (!ac->search_res) { ldb_asprintf_errstring(ac->module->ldb, "entry just modified (%s) not found!", diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 1d2bdd988e..3e442b6341 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -25,7 +25,7 @@ * * Component: ldb password_hash module * - * Description: correctly update hash values based on changes to sambaPassword and friends + * Description: correctly update hash values based on changes to userPassword and friends * * Author: Andrew Bartlett * Author: Stefan Metzmacher @@ -54,7 +54,7 @@ /* If we have decided there is reason to work on this request, then * setup all the password hash types correctly. * - * If the administrator doesn't want the sambaPassword stored (set in the + * If the administrator doesn't want the userPassword stored (set in the * domain and per-account policies) then we must strip that out before * we do the first operation. * @@ -1341,10 +1341,10 @@ static int password_hash_add(struct ldb_module *module, struct ldb_request *req) return LDB_ERR_UNWILLING_TO_PERFORM; } - /* If no part of this ADD touches the sambaPassword, or the NT + /* If no part of this ADD touches the userPassword, or the NT * or LM hashes, then we don't need to make any changes. */ - sambaAttr = ldb_msg_find_element(req->op.mod.message, "sambaPassword"); + sambaAttr = ldb_msg_find_element(req->op.mod.message, "userPassword"); ntAttr = ldb_msg_find_element(req->op.mod.message, "unicodePwd"); lmAttr = ldb_msg_find_element(req->op.mod.message, "dBCSPwd"); @@ -1353,16 +1353,16 @@ static int password_hash_add(struct ldb_module *module, struct ldb_request *req) } /* if it is not an entry of type person its an error */ - /* TODO: remove this when sambaPassword will be in schema */ + /* TODO: remove this when userPassword will be in schema */ if (!ldb_msg_check_string_attribute(req->op.add.message, "objectClass", "person")) { ldb_set_errstring(module->ldb, "Cannot set a password on entry that does not have objectClass 'person'"); return LDB_ERR_OBJECT_CLASS_VIOLATION; } - /* check sambaPassword is single valued here */ - /* TODO: remove this when sambaPassword will be single valued in schema */ + /* check userPassword is single valued here */ + /* TODO: remove this when userPassword will be single valued in schema */ if (sambaAttr && sambaAttr->num_values > 1) { - ldb_set_errstring(module->ldb, "mupltiple values for sambaPassword not allowed!\n"); + ldb_set_errstring(module->ldb, "mupltiple values for userPassword not allowed!\n"); return LDB_ERR_CONSTRAINT_VIOLATION; } @@ -1376,7 +1376,7 @@ static int password_hash_add(struct ldb_module *module, struct ldb_request *req) } if (sambaAttr && sambaAttr->num_values == 0) { - ldb_set_errstring(module->ldb, "sambaPassword must have a value!\n"); + ldb_set_errstring(module->ldb, "userPassword must have a value!\n"); return LDB_ERR_CONSTRAINT_VIOLATION; } @@ -1459,12 +1459,12 @@ static int password_hash_add_do_add(struct ldb_handle *h) { io.u.user_principal_name = samdb_result_string(msg, "userPrincipalName", NULL); io.u.is_computer = ldb_msg_check_string_attribute(msg, "objectClass", "computer"); - io.n.cleartext = samdb_result_string(msg, "sambaPassword", NULL); + io.n.cleartext = samdb_result_string(msg, "userPassword", NULL); io.n.nt_hash = samdb_result_hash(io.ac, msg, "unicodePwd"); io.n.lm_hash = samdb_result_hash(io.ac, msg, "dBCSPwd"); /* remove attributes */ - if (io.n.cleartext) ldb_msg_remove_attr(msg, "sambaPassword"); + if (io.n.cleartext) ldb_msg_remove_attr(msg, "userPassword"); if (io.n.nt_hash) ldb_msg_remove_attr(msg, "unicodePwd"); if (io.n.lm_hash) ldb_msg_remove_attr(msg, "dBCSPwd"); ldb_msg_remove_attr(msg, "pwdLastSet"); @@ -1573,11 +1573,11 @@ static int password_hash_modify(struct ldb_module *module, struct ldb_request *r return LDB_ERR_UNWILLING_TO_PERFORM; } - sambaAttr = ldb_msg_find_element(req->op.mod.message, "sambaPassword"); + sambaAttr = ldb_msg_find_element(req->op.mod.message, "userPassword"); ntAttr = ldb_msg_find_element(req->op.mod.message, "unicodePwd"); lmAttr = ldb_msg_find_element(req->op.mod.message, "dBCSPwd"); - /* If no part of this touches the sambaPassword OR unicodePwd and/or dBCSPwd, then we don't + /* If no part of this touches the userPassword OR unicodePwd and/or dBCSPwd, then we don't * need to make any changes. For password changes/set there should * be a 'delete' or a 'modify' on this attribute. */ if ((!sambaAttr) && (!ntAttr) && (!lmAttr)) { @@ -1619,7 +1619,7 @@ static int password_hash_modify(struct ldb_module *module, struct ldb_request *r /* - remove any imodification to the password from the first commit * we will make the real modification later */ - if (sambaAttr) ldb_msg_remove_attr(msg, "sambaPassword"); + if (sambaAttr) ldb_msg_remove_attr(msg, "userPassword"); if (ntAttr) ldb_msg_remove_attr(msg, "unicodePwd"); if (lmAttr) ldb_msg_remove_attr(msg, "dBCSPwd"); @@ -1655,7 +1655,7 @@ static int get_self_callback(struct ldb_context *ldb, void *context, struct ldb_ } /* if it is not an entry of type person this is an error */ - /* TODO: remove this when sambaPassword will be in schema */ + /* TODO: remove this when userPassword will be in schema */ if (!ldb_msg_check_string_attribute(ares->message, "objectClass", "person")) { ldb_set_errstring(ldb, "Object class violation"); talloc_free(ares); @@ -1790,7 +1790,7 @@ static int password_hash_mod_do_mod(struct ldb_handle *h) { io.u.user_principal_name = samdb_result_string(searched_msg, "userPrincipalName", NULL); io.u.is_computer = ldb_msg_check_string_attribute(searched_msg, "objectClass", "computer"); - io.n.cleartext = samdb_result_string(orig_msg, "sambaPassword", NULL); + io.n.cleartext = samdb_result_string(orig_msg, "userPassword", NULL); io.n.nt_hash = samdb_result_hash(io.ac, orig_msg, "unicodePwd"); io.n.lm_hash = samdb_result_hash(io.ac, orig_msg, "dBCSPwd"); diff --git a/source4/dsdb/samdb/ldb_modules/samba3sam.c b/source4/dsdb/samdb/ldb_modules/samba3sam.c index 88b04b1bb6..7a123c818f 100644 --- a/source4/dsdb/samdb/ldb_modules/samba3sam.c +++ b/source4/dsdb/samdb/ldb_modules/samba3sam.c @@ -848,9 +848,9 @@ const struct ldb_map_attribute samba3_attributes[] = .type = MAP_IGNORE, }, - /* sambaPassword */ + /* userPassword */ { - .local_name = "sambaPassword", + .local_name = "userPassword", .type = MAP_IGNORE, }, diff --git a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c index e5541ea255..05f11003c4 100644 --- a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c +++ b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c @@ -354,15 +354,6 @@ static const struct ldb_map_attribute entryuuid_attributes[] = } } }, - { - .local_name = "sambaPassword", - .type = MAP_RENAME, - .u = { - .rename = { - .remote_name = "userPassword" - } - } - }, { .local_name = "objectCategory", .type = MAP_CONVERT, @@ -504,15 +495,6 @@ static const struct ldb_map_attribute nsuniqueid_attributes[] = } } }, - { - .local_name = "sambaPassword", - .type = MAP_RENAME, - .u = { - .rename = { - .remote_name = "userPassword" - } - } - }, { .local_name = "objectCategory", .type = MAP_CONVERT, -- cgit From cc44b10c240e22a7db83c641a9015dad3ec2e0de Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 15 Jul 2008 20:26:04 +1000 Subject: Revert Fedrora DS backend to use extensibleObject. Until I create a samba4openldaptop and samba4fedoratop... Andrew Bartlett (This used to be commit 6e232c4ae6dc4151599ab4e57add2ec232d4ac13) --- source4/dsdb/samdb/ldb_modules/simple_ldap_map.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c index 05f11003c4..1830e8be7b 100644 --- a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c +++ b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c @@ -679,7 +679,7 @@ static int nsuniqueid_init(struct ldb_module *module) struct map_private *map_private; struct entryuuid_private *entryuuid_private; - ret = ldb_map_init(module, nsuniqueid_attributes, NULL, nsuniqueid_wildcard_attributes, "samba4Top", NULL); + ret = ldb_map_init(module, nsuniqueid_attributes, NULL, nsuniqueid_wildcard_attributes, "extensibleObject", NULL); if (ret != LDB_SUCCESS) return ret; -- cgit From c46afc8c447e3edb1dc81777700753b98aaa0f93 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 15 Jul 2008 22:10:42 +1000 Subject: Simplify the contextCSN determination. We only ever have one backend partition per Samba partition. Andrew Bartlett (This used to be commit 316a9b312a2d4a4ea5a5c70946fb06b61fab1a7d) --- source4/dsdb/samdb/ldb_modules/partition.c | 5 + source4/dsdb/samdb/ldb_modules/simple_ldap_map.c | 208 +++++++---------------- 2 files changed, 68 insertions(+), 145 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index 7f136338be..22826e4f33 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -599,6 +599,11 @@ static int partition_sequence_number(struct ldb_module *module, struct ldb_reque for (i=0; data && data->partitions && data->partitions[i]; i++) { struct ldb_module *next = make_module_for_next_request(req, module->ldb, data->partitions[i]->module); + ret = ldb_request_add_control(req, DSDB_CONTROL_CURRENT_PARTITION_OID, false, data->partitions[i]); + if (ret != LDB_SUCCESS) { + return ret; + } + ret = ldb_next_request(next, req); talloc_free(next); if (ret != LDB_SUCCESS) { diff --git a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c index 05f11003c4..5da321b9e5 100644 --- a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c +++ b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c @@ -34,10 +34,7 @@ #include "librpc/gen_ndr/ndr_misc.h" #include "librpc/ndr/libndr.h" - -struct entryuuid_private { - struct ldb_dn **base_dns; -}; +#include "dsdb/samdb/samdb.h" static struct ldb_val encode_guid(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) { @@ -579,96 +576,14 @@ static const char * const nsuniqueid_wildcard_attributes[] = { NULL }; -static int get_remote_rootdse(struct ldb_context *ldb, void *context, - struct ldb_reply *ares) -{ - struct entryuuid_private *entryuuid_private; - entryuuid_private = talloc_get_type(context, - struct entryuuid_private); - if (ares->type == LDB_REPLY_ENTRY) { - int i; - struct ldb_message_element *el = ldb_msg_find_element(ares->message, "namingContexts"); - entryuuid_private->base_dns = talloc_realloc(entryuuid_private, entryuuid_private->base_dns, struct ldb_dn *, - el->num_values + 1); - for (i=0; i < el->num_values; i++) { - if (!entryuuid_private->base_dns) { - return LDB_ERR_OPERATIONS_ERROR; - } - entryuuid_private->base_dns[i] = ldb_dn_new(entryuuid_private->base_dns, ldb, (const char *)el->values[i].data); - if ( ! ldb_dn_validate(entryuuid_private->base_dns[i])) { - return LDB_ERR_OPERATIONS_ERROR; - } - } - entryuuid_private->base_dns[i] = NULL; - } - - return LDB_SUCCESS; -} - -static int find_base_dns(struct ldb_module *module, - struct entryuuid_private *entryuuid_private) -{ - int ret; - struct ldb_request *req; - const char *naming_context_attr[] = { - "namingContexts", - NULL - }; - req = talloc(entryuuid_private, struct ldb_request); - if (req == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); - return LDB_ERR_OPERATIONS_ERROR; - } - - req->operation = LDB_SEARCH; - req->op.search.base = ldb_dn_new(req, module->ldb, NULL); - req->op.search.scope = LDB_SCOPE_BASE; - - req->op.search.tree = ldb_parse_tree(req, "objectClass=*"); - if (req->op.search.tree == NULL) { - ldb_set_errstring(module->ldb, "Unable to parse search expression"); - talloc_free(req); - return LDB_ERR_OPERATIONS_ERROR; - } - - req->op.search.attrs = naming_context_attr; - req->controls = NULL; - req->context = entryuuid_private; - req->callback = get_remote_rootdse; - ldb_set_timeout(module->ldb, req, 0); /* use default timeout */ - - ret = ldb_next_request(module, req); - - if (ret == LDB_SUCCESS) { - ret = ldb_wait(req->handle, LDB_WAIT_ALL); - } - - talloc_free(req); - if (ret != LDB_SUCCESS) { - return ret; - } - - return LDB_SUCCESS; -} - /* the context init function */ static int entryuuid_init(struct ldb_module *module) { int ret; - struct map_private *map_private; - struct entryuuid_private *entryuuid_private; - ret = ldb_map_init(module, entryuuid_attributes, entryuuid_objectclasses, entryuuid_wildcard_attributes, "samba4Top", NULL); if (ret != LDB_SUCCESS) return ret; - map_private = talloc_get_type(module->private_data, struct map_private); - - entryuuid_private = talloc_zero(map_private, struct entryuuid_private); - map_private->caller_private = entryuuid_private; - - ret = find_base_dns(module, entryuuid_private); - return ldb_next_init(module); } @@ -676,33 +591,21 @@ static int entryuuid_init(struct ldb_module *module) static int nsuniqueid_init(struct ldb_module *module) { int ret; - struct map_private *map_private; - struct entryuuid_private *entryuuid_private; - ret = ldb_map_init(module, nsuniqueid_attributes, NULL, nsuniqueid_wildcard_attributes, "samba4Top", NULL); if (ret != LDB_SUCCESS) return ret; - map_private = talloc_get_type(module->private_data, struct map_private); - - entryuuid_private = talloc_zero(map_private, struct entryuuid_private); - map_private->caller_private = entryuuid_private; - - ret = find_base_dns(module, entryuuid_private); - return ldb_next_init(module); } static int get_seq(struct ldb_context *ldb, void *context, struct ldb_reply *ares) { - unsigned long long *max_seq = (unsigned long long *)context; - unsigned long long seq; + unsigned long long *seq = (unsigned long long *)context; if (ares->type == LDB_REPLY_ENTRY) { struct ldb_message_element *el = ldb_msg_find_element(ares->message, "contextCSN"); if (el) { - seq = entryCSN_to_usn_int(ares, &el->values[0]); - *max_seq = MAX(seq, *max_seq); + *seq = entryCSN_to_usn_int(ares, &el->values[0]); } } @@ -711,69 +614,84 @@ static int get_seq(struct ldb_context *ldb, void *context, static int entryuuid_sequence_number(struct ldb_module *module, struct ldb_request *req) { - int i, ret; + int ret; struct map_private *map_private; struct entryuuid_private *entryuuid_private; - unsigned long long max_seq = 0; + unsigned long long seq = 0; struct ldb_request *search_req; + + const struct ldb_control *partition_ctrl; + const struct dsdb_control_current_partition *partition; + + static const char *contextCSN_attr[] = { + "contextCSN", NULL + }; + map_private = talloc_get_type(module->private_data, struct map_private); entryuuid_private = talloc_get_type(map_private->caller_private, struct entryuuid_private); - /* Search the baseDNs for a sequence number */ - for (i=0; entryuuid_private && - entryuuid_private->base_dns && - entryuuid_private->base_dns[i]; - i++) { - static const char *contextCSN_attr[] = { - "contextCSN", NULL - }; - search_req = talloc(req, struct ldb_request); - if (search_req == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); - return LDB_ERR_OPERATIONS_ERROR; - } - - search_req->operation = LDB_SEARCH; - search_req->op.search.base = entryuuid_private->base_dns[i]; - search_req->op.search.scope = LDB_SCOPE_BASE; - - search_req->op.search.tree = ldb_parse_tree(search_req, "objectClass=*"); - if (search_req->op.search.tree == NULL) { - ldb_set_errstring(module->ldb, "Unable to parse search expression"); - talloc_free(search_req); - return LDB_ERR_OPERATIONS_ERROR; - } - - search_req->op.search.attrs = contextCSN_attr; - search_req->controls = NULL; - search_req->context = &max_seq; - search_req->callback = get_seq; - ldb_set_timeout(module->ldb, search_req, 0); /* use default timeout */ - - ret = ldb_next_request(module, search_req); - - if (ret == LDB_SUCCESS) { - ret = ldb_wait(search_req->handle, LDB_WAIT_ALL); - } - + /* All this to get the DN of the parition, so we can search the right thing */ + partition_ctrl = ldb_request_get_control(req, DSDB_CONTROL_CURRENT_PARTITION_OID); + if (!partition_ctrl) { + ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, + "instancetype_add: no current partition control found"); + return LDB_ERR_CONSTRAINT_VIOLATION; + } + + partition = talloc_get_type(partition_ctrl->data, + struct dsdb_control_current_partition); + SMB_ASSERT(partition && partition->version == DSDB_CONTROL_CURRENT_PARTITION_VERSION); + + search_req = talloc(req, struct ldb_request); + if (search_req == NULL) { + ldb_set_errstring(module->ldb, "Out of Memory"); + return LDB_ERR_OPERATIONS_ERROR; + } + + /* Finally, we have it. This saves searching over more + * partitions than we expose to the client, such as a cn=samba + * configuration partition */ + + search_req->operation = LDB_SEARCH; + search_req->op.search.base = partition->dn; + search_req->op.search.scope = LDB_SCOPE_BASE; + + search_req->op.search.tree = ldb_parse_tree(search_req, "objectClass=*"); + if (search_req->op.search.tree == NULL) { + ldb_set_errstring(module->ldb, "Unable to parse search expression"); talloc_free(search_req); - if (ret != LDB_SUCCESS) { - return ret; - } + return LDB_ERR_OPERATIONS_ERROR; + } + + search_req->op.search.attrs = contextCSN_attr; + search_req->controls = NULL; + search_req->context = &seq; + search_req->callback = get_seq; + ldb_set_timeout(module->ldb, search_req, 0); /* use default timeout */ + + ret = ldb_next_request(module, search_req); + + if (ret == LDB_SUCCESS) { + ret = ldb_wait(search_req->handle, LDB_WAIT_ALL); + } + + talloc_free(search_req); + if (ret != LDB_SUCCESS) { + return ret; } switch (req->op.seq_num.type) { case LDB_SEQ_HIGHEST_SEQ: - req->op.seq_num.seq_num = max_seq; + req->op.seq_num.seq_num = seq; break; case LDB_SEQ_NEXT: - req->op.seq_num.seq_num = max_seq; + req->op.seq_num.seq_num = seq; req->op.seq_num.seq_num++; break; case LDB_SEQ_HIGHEST_TIMESTAMP: { - req->op.seq_num.seq_num = (max_seq >> 24); + req->op.seq_num.seq_num = (seq >> 24); break; } } -- cgit From bcb0db3634680fdaf1d037545fafe7509ed72ad9 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 22 Jul 2008 18:31:45 +0200 Subject: password_hash: don't add zero padding as w2k8 also don't add it metze (This used to be commit 26e9169d454349795ad0bc64d7f65059541ab89e) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 10 ---------- 1 file changed, 10 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 3e442b6341..2dddb26550 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -925,16 +925,6 @@ static int setup_supplemental_field(struct setup_password_fields_io *io) nt_errstr(status)); return LDB_ERR_OPERATIONS_ERROR; } - /* - * TODO: - * - * This is ugly, but we want to generate the same blob as - * w2k and w2k3...we should handle this in the idl - */ - if (!data_blob_append(io->ac, &pkb_blob, zero16, sizeof(zero16))) { - ldb_oom(io->ac->module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } pkb_hexstr = data_blob_hex_string(io->ac, &pkb_blob); if (!pkb_hexstr) { ldb_oom(io->ac->module->ldb); -- cgit From 69d3f0e602893875118878a4b11c2a65f9d4090c Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 23 Jul 2008 12:00:42 +0200 Subject: password_hash: ignore reserved value, but still set it like windows does metze (This used to be commit 5b860572686167d0291161f6597f143e538e2f3a) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 2dddb26550..e149009948 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -446,10 +446,6 @@ static int setup_primary_kerberos(struct setup_password_fields_io *io, } for (i=0; i < old_scb->sub.num_packages; i++) { - if (old_scb->sub.packages[i].unknown1 != 0x00000001) { - continue; - } - if (strcmp("Primary:Kerberos", old_scb->sub.packages[i].name) != 0) { continue; } @@ -931,7 +927,7 @@ static int setup_supplemental_field(struct setup_password_fields_io *io) return LDB_ERR_OPERATIONS_ERROR; } pk->name = "Primary:Kerberos"; - pk->unknown1 = 1; + pk->reserved = 1; pk->data = pkb_hexstr; /* @@ -962,7 +958,7 @@ static int setup_supplemental_field(struct setup_password_fields_io *io) return LDB_ERR_OPERATIONS_ERROR; } pd->name = "Primary:WDigest"; - pd->unknown1 = 1; + pd->reserved = 1; pd->data = pdb_hexstr; /* @@ -991,7 +987,7 @@ static int setup_supplemental_field(struct setup_password_fields_io *io) return LDB_ERR_OPERATIONS_ERROR; } pc->name = "Primary:CLEARTEXT"; - pc->unknown1 = 1; + pc->reserved = 1; pc->data = pcb_hexstr; } @@ -1016,7 +1012,7 @@ static int setup_supplemental_field(struct setup_password_fields_io *io) return LDB_ERR_OPERATIONS_ERROR; } pp->name = "Packages"; - pp->unknown1 = 2; + pp->reserved = 2; pp->data = pb_hexstr; /* -- cgit From fbea02accfa8f92d84d0f2cb17847dac1519aa87 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 23 Jul 2008 13:31:14 +0200 Subject: password_hash: check the SUPPLEMENTAL_CREDENTIALS_SIGNATURE metze (This used to be commit 19b8c8e37bafab050ab61266c35006efada2947c) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index e149009948..59ec18e546 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -876,7 +876,9 @@ static int setup_supplemental_field(struct setup_password_fields_io *io) /* if there's an old supplementaCredentials blob then parse it */ if (io->o.supplemental) { - ndr_err = ndr_pull_struct_blob_all(io->o.supplemental, io->ac, lp_iconv_convenience(ldb_get_opaque(io->ac->module->ldb, "loadparm")), &_old_scb, + ndr_err = ndr_pull_struct_blob_all(io->o.supplemental, io->ac, + lp_iconv_convenience(ldb_get_opaque(io->ac->module->ldb, "loadparm")), + &_old_scb, (ndr_pull_flags_fn_t)ndr_pull_supplementalCredentialsBlob); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { NTSTATUS status = ndr_map_error2ntstatus(ndr_err); @@ -887,7 +889,14 @@ static int setup_supplemental_field(struct setup_password_fields_io *io) return LDB_ERR_OPERATIONS_ERROR; } - old_scb = &_old_scb; + if (_old_scb.sub.signature == SUPPLEMENTAL_CREDENTIALS_SIGNATURE) { + old_scb = &_old_scb; + } else { + ldb_debug(io->ac->module->ldb, LDB_DEBUG_ERROR, + "setup_supplemental_field: " + "supplementalCredentialsBlob signature[0x%04X] expected[0x%04X]", + _old_scb.sub.signature, SUPPLEMENTAL_CREDENTIALS_SIGNATURE); + } } if (io->domain->store_cleartext && -- cgit From e0f04e36ad415d7396fea7d43eb1d0db53d53a69 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 23 Jul 2008 10:05:43 +0200 Subject: password_hash: fix callers after idl change for package_PrimaryKerberos metze (This used to be commit 1bf552856f3a930c4716ceb73d9ba9adf7502d3d) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 7 ------- 1 file changed, 7 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 59ec18e546..5bbae2c164 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -336,11 +336,6 @@ static int setup_primary_kerberos(struct setup_password_fields_io *io, ldb_oom(io->ac->module->ldb); return LDB_ERR_OPERATIONS_ERROR; } - pkb3->unknown3 = talloc_zero_array(io->ac, uint64_t, pkb3->num_keys); - if (!pkb3->unknown3) { - ldb_oom(io->ac->module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } if (lp_parm_bool(ldb_get_opaque(io->ac->module->ldb, "loadparm"), NULL, "password_hash", "create_aes_key", false)) { /* @@ -438,7 +433,6 @@ static int setup_primary_kerberos(struct setup_password_fields_io *io, /* initialize the old keys to zero */ pkb3->num_old_keys = 0; pkb3->old_keys = NULL; - pkb3->unknown3_old = NULL; /* if there're no old keys, then we're done */ if (!old_scb) { @@ -499,7 +493,6 @@ static int setup_primary_kerberos(struct setup_password_fields_io *io, /* fill in the old keys */ pkb3->num_old_keys = old_pkb3->num_keys; pkb3->old_keys = old_pkb3->keys; - pkb3->unknown3_old = old_pkb3->unknown3; return LDB_SUCCESS; } -- cgit From b783b28d70d787d7524e8afd54c24ef6f3f8bf54 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 22 Jul 2008 18:32:49 +0200 Subject: password_hash: simplify the logic if we have cleartext we always generate the hashes metze (This used to be commit 5edff84429ef0d03b47a438e18861d26c97e17b6) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 5bbae2c164..8dd4e1e76b 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -1071,7 +1071,7 @@ static int setup_password_fields(struct setup_password_fields_io *io) return LDB_ERR_UNWILLING_TO_PERFORM; } - if (io->n.cleartext && !io->n.nt_hash) { + if (io->n.cleartext) { struct samr_Password *hash; hash = talloc(io->ac, struct samr_Password); @@ -1092,7 +1092,7 @@ static int setup_password_fields(struct setup_password_fields_io *io) } } - if (io->n.cleartext && !io->n.lm_hash) { + if (io->n.cleartext) { struct samr_Password *hash; hash = talloc(io->ac, struct samr_Password); -- cgit From 12ac4c5666d56dc806a613584fa72e7c2f29c34e Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 22 Jul 2008 18:27:36 +0200 Subject: password_hash: split the generation of krb5 keys into a different function metze (This used to be commit 4ad73a0bf8952783d3d9a7339c0c4fd8ca28981a) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 161 +++++++++++-------------- 1 file changed, 69 insertions(+), 92 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 8dd4e1e76b..9996e89cc6 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -140,6 +140,9 @@ struct setup_password_fields_io { struct samr_Password *nt_history; uint32_t lm_history_len; struct samr_Password *lm_history; + const char *salt; + DATA_BLOB des_md5; + DATA_BLOB des_crc; struct ldb_val supplemental; NTTIME last_set; uint32_t kvno; @@ -216,21 +219,12 @@ static int setup_lm_fields(struct setup_password_fields_io *io) return LDB_SUCCESS; } -static int setup_primary_kerberos(struct setup_password_fields_io *io, - const struct supplementalCredentialsBlob *old_scb, - struct package_PrimaryKerberosBlob *pkb) +static int setup_kerberos_keys(struct setup_password_fields_io *io) { krb5_error_code krb5_ret; Principal *salt_principal; krb5_salt salt; krb5_keyblock key; - uint32_t k=0; - struct package_PrimaryKerberosCtr3 *pkb3 = &pkb->ctr.ctr3; - struct supplementalCredentialsPackage *old_scp = NULL; - struct package_PrimaryKerberosBlob _old_pkb; - struct package_PrimaryKerberosCtr3 *old_pkb3 = NULL; - uint32_t i; - enum ndr_err_code ndr_err; /* Many, many thanks to lukeh@padl.com for this * algorithm, described in his Nov 10 2004 mail to @@ -290,7 +284,7 @@ static int setup_primary_kerberos(struct setup_password_fields_io *io, } if (krb5_ret) { ldb_asprintf_errstring(io->ac->module->ldb, - "setup_primary_kerberos: " + "setup_kerberos_keys: " "generation of a salting principal failed: %s", smb_get_krb5_error_message(io->smb_krb5_context->krb5_context, krb5_ret, io->ac)); return LDB_ERR_OPERATIONS_ERROR; @@ -304,131 +298,107 @@ static int setup_primary_kerberos(struct setup_password_fields_io *io, krb5_free_principal(io->smb_krb5_context->krb5_context, salt_principal); if (krb5_ret) { ldb_asprintf_errstring(io->ac->module->ldb, - "setup_primary_kerberos: " + "setup_kerberos_keys: " "generation of krb5_salt failed: %s", smb_get_krb5_error_message(io->smb_krb5_context->krb5_context, krb5_ret, io->ac)); return LDB_ERR_OPERATIONS_ERROR; } /* create a talloc copy */ - pkb3->salt.string = talloc_strndup(io->ac, - salt.saltvalue.data, - salt.saltvalue.length); + io->g.salt = talloc_strndup(io->ac, + salt.saltvalue.data, + salt.saltvalue.length); krb5_free_salt(io->smb_krb5_context->krb5_context, salt); - if (!pkb3->salt.string) { - ldb_oom(io->ac->module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - salt.saltvalue.data = discard_const(pkb3->salt.string); - salt.saltvalue.length = strlen(pkb3->salt.string); - - /* - * prepare generation of keys - * - * ENCTYPE_AES256_CTS_HMAC_SHA1_96 (disabled by default) - * ENCTYPE_DES_CBC_MD5 - * ENCTYPE_DES_CBC_CRC - * - * NOTE: update num_keys when you add another enctype! - */ - pkb3->num_keys = 3; - pkb3->keys = talloc_array(io->ac, struct package_PrimaryKerberosKey, pkb3->num_keys); - if (!pkb3->keys) { + if (!io->g.salt) { ldb_oom(io->ac->module->ldb); return LDB_ERR_OPERATIONS_ERROR; } + salt.saltvalue.data = discard_const(io->g.salt); + salt.saltvalue.length = strlen(io->g.salt); - if (lp_parm_bool(ldb_get_opaque(io->ac->module->ldb, "loadparm"), NULL, "password_hash", "create_aes_key", false)) { - /* - * TODO: - * - * w2k and w2k3 doesn't support AES, so we'll not include - * the AES key here yet. - * - * Also we don't have an example supplementalCredentials blob - * from Windows Longhorn Server with AES support - * - */ /* - * create ENCTYPE_AES256_CTS_HMAC_SHA1_96 key out of + * create ENCTYPE_DES_CBC_MD5 key out of * the salt and the cleartext password */ krb5_ret = krb5_string_to_key_salt(io->smb_krb5_context->krb5_context, - ENCTYPE_AES256_CTS_HMAC_SHA1_96, + ENCTYPE_DES_CBC_MD5, io->n.cleartext, salt, &key); - pkb3->keys[k].keytype = ENCTYPE_AES256_CTS_HMAC_SHA1_96; - pkb3->keys[k].value = talloc(pkb3->keys, DATA_BLOB); - if (!pkb3->keys[k].value) { - krb5_free_keyblock_contents(io->smb_krb5_context->krb5_context, &key); - ldb_oom(io->ac->module->ldb); + if (krb5_ret) { + ldb_asprintf_errstring(io->ac->module->ldb, + "setup_kerberos_keys: " + "generation of a des-cbc-md5 key failed: %s", + smb_get_krb5_error_message(io->smb_krb5_context->krb5_context, krb5_ret, io->ac)); return LDB_ERR_OPERATIONS_ERROR; } - *pkb3->keys[k].value = data_blob_talloc(pkb3->keys[k].value, - key.keyvalue.data, - key.keyvalue.length); + io->g.des_md5 = data_blob_talloc(io->ac, + key.keyvalue.data, + key.keyvalue.length); krb5_free_keyblock_contents(io->smb_krb5_context->krb5_context, &key); - if (!pkb3->keys[k].value->data) { + if (!io->g.des_md5.data) { ldb_oom(io->ac->module->ldb); return LDB_ERR_OPERATIONS_ERROR; } - k++; -} /* - * create ENCTYPE_DES_CBC_MD5 key out of + * create ENCTYPE_DES_CBC_CRC key out of * the salt and the cleartext password */ krb5_ret = krb5_string_to_key_salt(io->smb_krb5_context->krb5_context, - ENCTYPE_DES_CBC_MD5, + ENCTYPE_DES_CBC_CRC, io->n.cleartext, salt, &key); - pkb3->keys[k].keytype = ENCTYPE_DES_CBC_MD5; - pkb3->keys[k].value = talloc(pkb3->keys, DATA_BLOB); - if (!pkb3->keys[k].value) { - krb5_free_keyblock_contents(io->smb_krb5_context->krb5_context, &key); - ldb_oom(io->ac->module->ldb); + if (krb5_ret) { + ldb_asprintf_errstring(io->ac->module->ldb, + "setup_kerberos_keys: " + "generation of a des-cbc-crc key failed: %s", + smb_get_krb5_error_message(io->smb_krb5_context->krb5_context, krb5_ret, io->ac)); return LDB_ERR_OPERATIONS_ERROR; } - *pkb3->keys[k].value = data_blob_talloc(pkb3->keys[k].value, - key.keyvalue.data, - key.keyvalue.length); + io->g.des_crc = data_blob_talloc(io->ac, + key.keyvalue.data, + key.keyvalue.length); krb5_free_keyblock_contents(io->smb_krb5_context->krb5_context, &key); - if (!pkb3->keys[k].value->data) { + if (!io->g.des_crc.data) { ldb_oom(io->ac->module->ldb); return LDB_ERR_OPERATIONS_ERROR; } - k++; + + return LDB_SUCCESS; +} + +static int setup_primary_kerberos(struct setup_password_fields_io *io, + const struct supplementalCredentialsBlob *old_scb, + struct package_PrimaryKerberosBlob *pkb) +{ + struct package_PrimaryKerberosCtr3 *pkb3 = &pkb->ctr.ctr3; + struct supplementalCredentialsPackage *old_scp = NULL; + struct package_PrimaryKerberosBlob _old_pkb; + struct package_PrimaryKerberosCtr3 *old_pkb3 = NULL; + uint32_t i; + enum ndr_err_code ndr_err; /* - * create ENCTYPE_DES_CBC_CRC key out of - * the salt and the cleartext password + * prepare generation of keys + * + * ENCTYPE_DES_CBC_MD5 + * ENCTYPE_DES_CBC_CRC */ - krb5_ret = krb5_string_to_key_salt(io->smb_krb5_context->krb5_context, - ENCTYPE_DES_CBC_CRC, - io->n.cleartext, - salt, - &key); - pkb3->keys[k].keytype = ENCTYPE_DES_CBC_CRC; - pkb3->keys[k].value = talloc(pkb3->keys, DATA_BLOB); - if (!pkb3->keys[k].value) { - krb5_free_keyblock_contents(io->smb_krb5_context->krb5_context, &key); - ldb_oom(io->ac->module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - *pkb3->keys[k].value = data_blob_talloc(pkb3->keys[k].value, - key.keyvalue.data, - key.keyvalue.length); - krb5_free_keyblock_contents(io->smb_krb5_context->krb5_context, &key); - if (!pkb3->keys[k].value->data) { + pkb3->salt.string = io->g.salt; + pkb3->num_keys = 2; + pkb3->keys = talloc_array(io->ac, + struct package_PrimaryKerberosKey, + pkb3->num_keys); + if (!pkb3->keys) { ldb_oom(io->ac->module->ldb); return LDB_ERR_OPERATIONS_ERROR; } - k++; - /* fix up key number */ - pkb3->num_keys = k; + pkb3->keys[0].keytype = ENCTYPE_DES_CBC_MD5; + pkb3->keys[0].value = &io->g.des_md5; + pkb3->keys[1].keytype = ENCTYPE_DES_CBC_CRC; + pkb3->keys[1].value = &io->g.des_crc; /* initialize the old keys to zero */ pkb3->num_old_keys = 0; @@ -1110,6 +1080,13 @@ static int setup_password_fields(struct setup_password_fields_io *io) } } + if (io->n.cleartext) { + ret = setup_kerberos_keys(io); + if (ret != 0) { + return ret; + } + } + ret = setup_nt_fields(io); if (ret != 0) { return ret; -- cgit From b3d6c5ee31bed1a921ddb3387892d7e82808592d Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 22 Jul 2008 18:54:21 +0200 Subject: password_hash: order the supplementalCredentials Packages in the same order like windows metze (This used to be commit ca9cd81a1798fb15195566422b3cad7c282fce89) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 68 +++++++++++++++++++++----- 1 file changed, 55 insertions(+), 13 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 9996e89cc6..8d63aed0f5 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -804,30 +804,41 @@ static int setup_supplemental_field(struct setup_password_fields_io *io) struct supplementalCredentialsBlob scb; struct supplementalCredentialsBlob _old_scb; struct supplementalCredentialsBlob *old_scb = NULL; - /* Packages + (Kerberos, WDigest and maybe CLEARTEXT) */ - uint32_t num_packages = 1 + 2; + /* Packages + (Kerberos, WDigest and CLEARTEXT) */ + uint32_t num_names = 0; + const char *names[1+3]; + uint32_t num_packages = 0; struct supplementalCredentialsPackage packages[1+3]; - struct supplementalCredentialsPackage *pp = &packages[0]; - struct supplementalCredentialsPackage *pk = &packages[1]; - struct supplementalCredentialsPackage *pd = &packages[2]; - struct supplementalCredentialsPackage *pc = NULL; + /* Packages */ + struct supplementalCredentialsPackage *pp = NULL; struct package_PackagesBlob pb; DATA_BLOB pb_blob; char *pb_hexstr; + /* Primary:Kerberos */ + const char **nk = NULL; + struct supplementalCredentialsPackage *pk = NULL; struct package_PrimaryKerberosBlob pkb; DATA_BLOB pkb_blob; char *pkb_hexstr; + /* Primary:WDigest */ + const char **nd = NULL; + struct supplementalCredentialsPackage *pd = NULL; struct package_PrimaryWDigestBlob pdb; DATA_BLOB pdb_blob; char *pdb_hexstr; + /* Primary:CLEARTEXT */ + const char **nc = NULL; + struct supplementalCredentialsPackage *pc = NULL; struct package_PrimaryCLEARTEXTBlob pcb; DATA_BLOB pcb_blob; char *pcb_hexstr; int ret; enum ndr_err_code ndr_err; uint8_t zero16[16]; + bool do_cleartext = false; ZERO_STRUCT(zero16); + ZERO_STRUCT(names); if (!io->n.cleartext) { /* @@ -864,17 +875,46 @@ static int setup_supplemental_field(struct setup_password_fields_io *io) if (io->domain->store_cleartext && (io->u.user_account_control & UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED)) { - pc = &packages[3]; - num_packages++; + do_cleartext = true; } - /* Kerberos, WDigest, CLEARTEXT and termination(counted by the Packages element) */ - pb.names = talloc_zero_array(io->ac, const char *, num_packages); + /* + * The ordering is this + * + * Primary:Kerberos + * Primary:WDigest + * Primary:CLEARTEXT (optional) + * + * And the 'Packages' package is insert before the last + * other package. + */ + + /* Primary:Kerberos */ + nk = &names[num_names++]; + pk = &packages[num_packages++]; + + if (!do_cleartext) { + /* Packages */ + pp = &packages[num_packages++]; + } + + /* Primary:WDigest */ + nd = &names[num_names++]; + pd = &packages[num_packages++]; + + if (do_cleartext) { + /* Packages */ + pp = &packages[num_packages++]; + + /* Primary:CLEARTEXT */ + nc = &names[num_names++]; + pc = &packages[num_packages++]; + } /* * setup 'Primary:Kerberos' element */ - pb.names[0] = "Kerberos"; + *nk = "Kerberos"; ret = setup_primary_kerberos(io, old_scb, &pkb); if (ret != LDB_SUCCESS) { @@ -905,7 +945,7 @@ static int setup_supplemental_field(struct setup_password_fields_io *io) /* * setup 'Primary:WDigest' element */ - pb.names[1] = "WDigest"; + *nd = "WDigest"; ret = setup_primary_wdigest(io, old_scb, &pdb); if (ret != LDB_SUCCESS) { @@ -937,7 +977,7 @@ static int setup_supplemental_field(struct setup_password_fields_io *io) * setup 'Primary:CLEARTEXT' element */ if (pc) { - pb.names[2] = "CLEARTEXT"; + *nc = "CLEARTEXT"; pcb.cleartext = io->n.cleartext; @@ -966,6 +1006,7 @@ static int setup_supplemental_field(struct setup_password_fields_io *io) /* * setup 'Packages' element */ + pb.names = names; ndr_err = ndr_push_struct_blob(&pb_blob, io->ac, lp_iconv_convenience(ldb_get_opaque(io->ac->module->ldb, "loadparm")), &pb, @@ -990,6 +1031,7 @@ static int setup_supplemental_field(struct setup_password_fields_io *io) /* * setup 'supplementalCredentials' value */ + ZERO_STRUCT(scb); scb.sub.num_packages = num_packages; scb.sub.packages = packages; -- cgit From 34b10077f9ca742b72ad37c86357d0f16ed68ee7 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 23 Jul 2008 09:35:19 +0200 Subject: password_hash: add generation of the Primary:Kerberos-Newer-Keys blob But it's still of by default until we now what triggers this generation. It could be that the value is always generated but the KDC only uses it when in a specific funtional level, but it could also be that it's only generated in a specific functional level. metze (This used to be commit 08618bbd508ede0bb9e1922fae562cffdca41cbd) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 219 ++++++++++++++++++++++++- 1 file changed, 216 insertions(+), 3 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 8d63aed0f5..413ec12479 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -141,6 +141,8 @@ struct setup_password_fields_io { uint32_t lm_history_len; struct samr_Password *lm_history; const char *salt; + DATA_BLOB aes_256; + DATA_BLOB aes_128; DATA_BLOB des_md5; DATA_BLOB des_crc; struct ldb_val supplemental; @@ -315,6 +317,56 @@ static int setup_kerberos_keys(struct setup_password_fields_io *io) salt.saltvalue.data = discard_const(io->g.salt); salt.saltvalue.length = strlen(io->g.salt); + /* + * create ENCTYPE_AES256_CTS_HMAC_SHA1_96 key out of + * the salt and the cleartext password + */ + krb5_ret = krb5_string_to_key_salt(io->smb_krb5_context->krb5_context, + ENCTYPE_AES256_CTS_HMAC_SHA1_96, + io->n.cleartext, + salt, + &key); + if (krb5_ret) { + ldb_asprintf_errstring(io->ac->module->ldb, + "setup_kerberos_keys: " + "generation of a aes256-cts-hmac-sha1-96 key failed: %s", + smb_get_krb5_error_message(io->smb_krb5_context->krb5_context, krb5_ret, io->ac)); + return LDB_ERR_OPERATIONS_ERROR; + } + io->g.aes_256 = data_blob_talloc(io->ac, + key.keyvalue.data, + key.keyvalue.length); + krb5_free_keyblock_contents(io->smb_krb5_context->krb5_context, &key); + if (!io->g.aes_256.data) { + ldb_oom(io->ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + /* + * create ENCTYPE_AES128_CTS_HMAC_SHA1_96 key out of + * the salt and the cleartext password + */ + krb5_ret = krb5_string_to_key_salt(io->smb_krb5_context->krb5_context, + ENCTYPE_AES128_CTS_HMAC_SHA1_96, + io->n.cleartext, + salt, + &key); + if (krb5_ret) { + ldb_asprintf_errstring(io->ac->module->ldb, + "setup_kerberos_keys: " + "generation of a aes128-cts-hmac-sha1-96 key failed: %s", + smb_get_krb5_error_message(io->smb_krb5_context->krb5_context, krb5_ret, io->ac)); + return LDB_ERR_OPERATIONS_ERROR; + } + io->g.aes_128 = data_blob_talloc(io->ac, + key.keyvalue.data, + key.keyvalue.length); + krb5_free_keyblock_contents(io->smb_krb5_context->krb5_context, &key); + if (!io->g.aes_128.data) { + ldb_oom(io->ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + /* * create ENCTYPE_DES_CBC_MD5 key out of * the salt and the cleartext password @@ -467,6 +519,117 @@ static int setup_primary_kerberos(struct setup_password_fields_io *io, return LDB_SUCCESS; } +static int setup_primary_kerberos_newer(struct setup_password_fields_io *io, + const struct supplementalCredentialsBlob *old_scb, + struct package_PrimaryKerberosNewerBlob *pkb) +{ + struct package_PrimaryKerberosNewerCtr4 *pkb4 = &pkb->ctr.ctr4; + struct supplementalCredentialsPackage *old_scp = NULL; + struct package_PrimaryKerberosNewerBlob _old_pkb; + struct package_PrimaryKerberosNewerCtr4 *old_pkb4 = NULL; + uint32_t i; + enum ndr_err_code ndr_err; + + /* + * prepare generation of keys + * + * ENCTYPE_AES256_CTS_HMAC_SHA1_96 + * ENCTYPE_AES128_CTS_HMAC_SHA1_96 + * ENCTYPE_DES_CBC_MD5 + * ENCTYPE_DES_CBC_CRC + */ + pkb4->salt.string = io->g.salt; + pkb4->num_keys = 4; + pkb4->keys = talloc_array(io->ac, + struct package_PrimaryKerberosNewerKey, + pkb4->num_keys); + if (!pkb4->keys) { + ldb_oom(io->ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + pkb4->keys[0].keytype = ENCTYPE_AES256_CTS_HMAC_SHA1_96; + pkb4->keys[0].value = &io->g.aes_256; + pkb4->keys[1].keytype = ENCTYPE_AES128_CTS_HMAC_SHA1_96; + pkb4->keys[1].value = &io->g.aes_128; + pkb4->keys[2].keytype = ENCTYPE_DES_CBC_MD5; + pkb4->keys[2].value = &io->g.des_md5; + pkb4->keys[3].keytype = ENCTYPE_DES_CBC_CRC; + pkb4->keys[3].value = &io->g.des_crc; + + /* initialize the old keys to zero */ + pkb4->num_old_keys1 = 0; + pkb4->old_keys1 = NULL; + pkb4->num_old_keys2 = 0; + pkb4->old_keys2 = NULL; + + /* if there're no old keys, then we're done */ + if (!old_scb) { + return LDB_SUCCESS; + } + + for (i=0; i < old_scb->sub.num_packages; i++) { + if (strcmp("Primary:Kerberos-Newer-Keys", old_scb->sub.packages[i].name) != 0) { + continue; + } + + if (!old_scb->sub.packages[i].data || !old_scb->sub.packages[i].data[0]) { + continue; + } + + old_scp = &old_scb->sub.packages[i]; + break; + } + /* Primary:Kerberos element of supplementalCredentials */ + if (old_scp) { + DATA_BLOB blob; + + blob = strhex_to_data_blob(old_scp->data); + if (!blob.data) { + ldb_oom(io->ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + talloc_steal(io->ac, blob.data); + + /* TODO: use ndr_pull_struct_blob_all(), when the ndr layer handles it correct with relative pointers */ + ndr_err = ndr_pull_struct_blob(&blob, io->ac, + lp_iconv_convenience(ldb_get_opaque(io->ac->module->ldb, "loadparm")), + &_old_pkb, + (ndr_pull_flags_fn_t)ndr_pull_package_PrimaryKerberosNewerBlob); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + NTSTATUS status = ndr_map_error2ntstatus(ndr_err); + ldb_asprintf_errstring(io->ac->module->ldb, + "setup_primary_kerberos_newer: " + "failed to pull old package_PrimaryKerberosNewerBlob: %s", + nt_errstr(status)); + return LDB_ERR_OPERATIONS_ERROR; + } + + if (_old_pkb.version != 4) { + ldb_asprintf_errstring(io->ac->module->ldb, + "setup_primary_kerberos: " + "package_PrimaryKerberosNewerBlob version[%u] expected[4]", + _old_pkb.version); + return LDB_ERR_OPERATIONS_ERROR; + } + + old_pkb4 = &_old_pkb.ctr.ctr4; + } + + /* if we didn't found the old keys we're done */ + if (!old_pkb4) { + return LDB_SUCCESS; + } + + /* fill in the old keys */ + pkb4->num_old_keys1 = old_pkb4->num_keys; + pkb4->old_keys1 = old_pkb4->keys; + pkb4->num_old_keys2 = old_pkb4->num_old_keys1; + pkb4->old_keys2 = old_pkb4->old_keys1; + + return LDB_SUCCESS; +} + static int setup_primary_wdigest(struct setup_password_fields_io *io, const struct supplementalCredentialsBlob *old_scb, struct package_PrimaryWDigestBlob *pdb) @@ -804,16 +967,22 @@ static int setup_supplemental_field(struct setup_password_fields_io *io) struct supplementalCredentialsBlob scb; struct supplementalCredentialsBlob _old_scb; struct supplementalCredentialsBlob *old_scb = NULL; - /* Packages + (Kerberos, WDigest and CLEARTEXT) */ + /* Packages + (Kerberos-Newer-Keys, Kerberos, WDigest and CLEARTEXT) */ uint32_t num_names = 0; - const char *names[1+3]; + const char *names[1+4]; uint32_t num_packages = 0; - struct supplementalCredentialsPackage packages[1+3]; + struct supplementalCredentialsPackage packages[1+4]; /* Packages */ struct supplementalCredentialsPackage *pp = NULL; struct package_PackagesBlob pb; DATA_BLOB pb_blob; char *pb_hexstr; + /* Primary:Kerberos-Newer-Keys */ + const char **nkn = NULL; + struct supplementalCredentialsPackage *pkn = NULL; + struct package_PrimaryKerberosNewerBlob pknb; + DATA_BLOB pknb_blob; + char *pknb_hexstr; /* Primary:Kerberos */ const char **nk = NULL; struct supplementalCredentialsPackage *pk = NULL; @@ -835,6 +1004,7 @@ static int setup_supplemental_field(struct setup_password_fields_io *io) int ret; enum ndr_err_code ndr_err; uint8_t zero16[16]; + bool do_newer_keys = false; bool do_cleartext = false; ZERO_STRUCT(zero16); @@ -873,6 +1043,10 @@ static int setup_supplemental_field(struct setup_password_fields_io *io) } } + /* TODO: do the correct check for this, it maybe depends on the functional level? */ + do_newer_keys = lp_parm_bool(ldb_get_opaque(io->ac->module->ldb, "loadparm"), + NULL, "password_hash", "create_aes_key", false); + if (io->domain->store_cleartext && (io->u.user_account_control & UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED)) { do_cleartext = true; @@ -881,6 +1055,7 @@ static int setup_supplemental_field(struct setup_password_fields_io *io) /* * The ordering is this * + * Primary:Kerberos-Newer-Keys (optional) * Primary:Kerberos * Primary:WDigest * Primary:CLEARTEXT (optional) @@ -888,6 +1063,11 @@ static int setup_supplemental_field(struct setup_password_fields_io *io) * And the 'Packages' package is insert before the last * other package. */ + if (do_newer_keys) { + /* Primary:Kerberos-Newer-Keys */ + nkn = &names[num_names++]; + pkn = &packages[num_packages++]; + } /* Primary:Kerberos */ nk = &names[num_names++]; @@ -911,6 +1091,39 @@ static int setup_supplemental_field(struct setup_password_fields_io *io) pc = &packages[num_packages++]; } + if (pkn) { + /* + * setup 'Primary:Kerberos-Newer-Keys' element + */ + *nkn = "Kerberos-Newer-Keys"; + + ret = setup_primary_kerberos_newer(io, old_scb, &pknb); + if (ret != LDB_SUCCESS) { + return ret; + } + + ndr_err = ndr_push_struct_blob(&pknb_blob, io->ac, + lp_iconv_convenience(ldb_get_opaque(io->ac->module->ldb, "loadparm")), + &pknb, + (ndr_push_flags_fn_t)ndr_push_package_PrimaryKerberosNewerBlob); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + NTSTATUS status = ndr_map_error2ntstatus(ndr_err); + ldb_asprintf_errstring(io->ac->module->ldb, + "setup_supplemental_field: " + "failed to push package_PrimaryKerberosNeverBlob: %s", + nt_errstr(status)); + return LDB_ERR_OPERATIONS_ERROR; + } + pknb_hexstr = data_blob_hex_string(io->ac, &pknb_blob); + if (!pknb_hexstr) { + ldb_oom(io->ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + pkn->name = "Primary:Kerberos-Newer-Keys"; + pkn->reserved = 1; + pkn->data = pknb_hexstr; + } + /* * setup 'Primary:Kerberos' element */ -- cgit From f619e08f8be7c3a20a71b679e73a7b7f57247f82 Mon Sep 17 00:00:00 2001 From: Anatoliy Atanasov Date: Wed, 23 Jul 2008 09:59:17 +0300 Subject: Handle schema reloading request. The ldif for that operation looks like this: dn: changetype: Modify add: schemaUpdateNow schemaUpdateNow: 1 It uses the rootdse's object functional attribute schemaUpdateNow. In rootdse_modify() this command is being recognized and it is send as extended operation with DSDB_EXTENDED_SCHEMA_UPDATE_NOW_OID. In the partition module its dispatched to the schema_fsmo module. The request is processed in the schema_fsmo module by schema_fsmo_extended(). (This used to be commit 39f9184ddf215f2b512319211c0a05702218ef87) --- source4/dsdb/samdb/ldb_modules/partition.c | 49 +++++++++++++++++++++ source4/dsdb/samdb/ldb_modules/rootdse.c | 47 ++++++++++++++++++-- source4/dsdb/samdb/ldb_modules/schema_fsmo.c | 64 +++++++++++++++++++++++++++- 3 files changed, 156 insertions(+), 4 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index 22826e4f33..9285d6d0d8 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -699,6 +699,50 @@ static int partition_extended_replicated_objects(struct ldb_module *module, stru return partition_replicate(module, req, ext->partition_dn); } +static int partition_extended_schema_update_now(struct ldb_module *module, struct ldb_request *req) +{ + struct dsdb_control_current_partition *partition; + struct partition_private_data *data; + struct ldb_dn *schema_dn; + struct partition_context *ac; + struct ldb_module *backend; + int ret; + + schema_dn = talloc_get_type(req->op.extended.data, struct ldb_dn); + if (!schema_dn) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "partition_extended: invalid extended data\n"); + return LDB_ERR_PROTOCOL_ERROR; + } + + data = talloc_get_type(module->private_data, struct partition_private_data); + if (!data) { + return LDB_ERR_OPERATIONS_ERROR; + } + + partition = find_partition( data, schema_dn ); + if (!partition) { + return ldb_next_request(module, req); + } + + ac = partition_init_handle(req, module); + if (!ac) { + return LDB_ERR_OPERATIONS_ERROR; + } + + backend = make_module_for_next_request(req, module->ldb, partition->module); + if (!backend) { + return LDB_ERR_OPERATIONS_ERROR; + } + + ret = ldb_request_add_control(req, DSDB_CONTROL_CURRENT_PARTITION_OID, false, partition); + if (ret != LDB_SUCCESS) { + return ret; + } + + return ldb_next_request(backend, req); +} + + /* extended */ static int partition_extended(struct ldb_module *module, struct ldb_request *req) { @@ -708,6 +752,11 @@ static int partition_extended(struct ldb_module *module, struct ldb_request *req return partition_extended_replicated_objects(module, req); } + /* forward schemaUpdateNow operation to schema_fsmo module*/ + if (strcmp(req->op.extended.oid, DSDB_EXTENDED_SCHEMA_UPDATE_NOW_OID) == 0) { + return partition_extended_schema_update_now( module, req ); + } + /* * as the extended operation has no dn * we need to send it to all partitions diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index 75f99a139d..97491a2ae3 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -391,9 +391,50 @@ static int rootdse_init(struct ldb_module *module) return ldb_next_init(module); } +static int rootdse_modify(struct ldb_module *module, struct ldb_request *req) +{ + struct ldb_result *ext_res; + int ret; + struct ldb_dn *schema_dn; + struct ldb_message_element *schemaUpdateNowAttr; + + /* + If dn is not "" we should let it pass through + */ + if (!ldb_dn_is_null(req->op.mod.message->dn)) { + return ldb_next_request(module, req); + } + + /* + dn is empty so check for schemaUpdateNow attribute + "The type of modification and values specified in the LDAP modify operation do not matter." MSDN + */ + schemaUpdateNowAttr = ldb_msg_find_element(req->op.mod.message, "schemaUpdateNow"); + if (!schemaUpdateNowAttr) { + return LDB_ERR_OPERATIONS_ERROR; + } + + schema_dn = samdb_schema_dn(module->ldb); + if (!schema_dn) { + ldb_reset_err_string(module->ldb); + ldb_debug(module->ldb, LDB_DEBUG_WARNING, + "rootdse_modify: no schema dn present: (skip ldb_extended call)\n"); + return ldb_next_request(module, req); + } + + ret = ldb_extended(module->ldb, DSDB_EXTENDED_SCHEMA_UPDATE_NOW_OID, schema_dn, &ext_res); + if (ret != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; + } + + talloc_free(ext_res); + return ret; +} + _PUBLIC_ const struct ldb_module_ops ldb_rootdse_module_ops = { .name = "rootdse", - .init_context = rootdse_init, - .search = rootdse_search, - .request = rootdse_request + .init_context = rootdse_init, + .search = rootdse_search, + .request = rootdse_request, + .modify = rootdse_modify }; diff --git a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c index a397228723..2acc5c0af4 100644 --- a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c +++ b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c @@ -148,8 +148,70 @@ static int schema_fsmo_add(struct ldb_module *module, struct ldb_request *req) return ldb_next_request(module, req); } +static int schema_fsmo_extended(struct ldb_module *module, struct ldb_request *req) +{ + WERROR status; + struct ldb_dn *schema_dn; + struct dsdb_schema *schema; + char *error_string = NULL; + int ret; + TALLOC_CTX *mem_ctx; + + if (strcmp(req->op.extended.oid, DSDB_EXTENDED_SCHEMA_UPDATE_NOW_OID) != 0) { + return ldb_next_request(module, req); + } + + schema_dn = samdb_schema_dn(module->ldb); + if (!schema_dn) { + ldb_reset_err_string(module->ldb); + ldb_debug(module->ldb, LDB_DEBUG_WARNING, + "schema_fsmo_extended: no schema dn present: (skip schema loading)\n"); + return ldb_next_request(module, req); + } + + mem_ctx = talloc_new(module); + if (!mem_ctx) { + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + ret = dsdb_schema_from_schema_dn(mem_ctx, module->ldb, + lp_iconv_convenience(ldb_get_opaque(module->ldb, "loadparm")), + schema_dn, &schema, &error_string); + + if (ret == LDB_ERR_NO_SUCH_OBJECT) { + ldb_reset_err_string(module->ldb); + ldb_debug(module->ldb, LDB_DEBUG_WARNING, + "schema_fsmo_extended: no schema head present: (skip schema loading)\n"); + talloc_free(mem_ctx); + return ldb_next_request(module, req); + } + + if (ret != LDB_SUCCESS) { + ldb_asprintf_errstring(module->ldb, + "schema_fsmo_extended: dsdb_schema load failed: %s", + error_string); + talloc_free(mem_ctx); + return ldb_next_request(module, req); + } + + /* Replace the old schema*/ + ret = dsdb_set_schema(module->ldb, schema); + if (ret != LDB_SUCCESS) { + ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, + "schema_fsmo_extended: dsdb_set_schema() failed: %d:%s", + ret, ldb_strerror(ret)); + talloc_free(mem_ctx); + return ret; + } + + talloc_free(mem_ctx); + return LDB_SUCCESS; +} + _PUBLIC_ const struct ldb_module_ops ldb_schema_fsmo_module_ops = { .name = "schema_fsmo", .init_context = schema_fsmo_init, - .add = schema_fsmo_add + .add = schema_fsmo_add, + .extended = schema_fsmo_extended }; -- cgit From 0c8fb9361e524639cc35efda2f6a4d48098c76a7 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 24 Jul 2008 08:22:23 +0200 Subject: password_hash: fix the callers after drsblobs.idl changes metze (This used to be commit fac7c79afae05a88ecc2a63c8eb9f2fd53ab7ce6) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 74 ++++++++++++++------------ 1 file changed, 41 insertions(+), 33 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 413ec12479..69783aefa8 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -437,10 +437,11 @@ static int setup_primary_kerberos(struct setup_password_fields_io *io, * ENCTYPE_DES_CBC_MD5 * ENCTYPE_DES_CBC_CRC */ + pkb->version = 3; pkb3->salt.string = io->g.salt; pkb3->num_keys = 2; pkb3->keys = talloc_array(io->ac, - struct package_PrimaryKerberosKey, + struct package_PrimaryKerberosKey3, pkb3->num_keys); if (!pkb3->keys) { ldb_oom(io->ac->module->ldb); @@ -521,12 +522,12 @@ static int setup_primary_kerberos(struct setup_password_fields_io *io, static int setup_primary_kerberos_newer(struct setup_password_fields_io *io, const struct supplementalCredentialsBlob *old_scb, - struct package_PrimaryKerberosNewerBlob *pkb) + struct package_PrimaryKerberosBlob *pkb) { - struct package_PrimaryKerberosNewerCtr4 *pkb4 = &pkb->ctr.ctr4; + struct package_PrimaryKerberosCtr4 *pkb4 = &pkb->ctr.ctr4; struct supplementalCredentialsPackage *old_scp = NULL; - struct package_PrimaryKerberosNewerBlob _old_pkb; - struct package_PrimaryKerberosNewerCtr4 *old_pkb4 = NULL; + struct package_PrimaryKerberosBlob _old_pkb; + struct package_PrimaryKerberosCtr4 *old_pkb4 = NULL; uint32_t i; enum ndr_err_code ndr_err; @@ -538,30 +539,37 @@ static int setup_primary_kerberos_newer(struct setup_password_fields_io *io, * ENCTYPE_DES_CBC_MD5 * ENCTYPE_DES_CBC_CRC */ - pkb4->salt.string = io->g.salt; - pkb4->num_keys = 4; - pkb4->keys = talloc_array(io->ac, - struct package_PrimaryKerberosNewerKey, - pkb4->num_keys); + pkb->version = 4; + pkb4->salt.string = io->g.salt; + pkb4->default_iteration_count = 4096; + pkb4->num_keys = 4; + + pkb4->keys = talloc_array(io->ac, + struct package_PrimaryKerberosKey4, + pkb4->num_keys); if (!pkb4->keys) { ldb_oom(io->ac->module->ldb); return LDB_ERR_OPERATIONS_ERROR; } - pkb4->keys[0].keytype = ENCTYPE_AES256_CTS_HMAC_SHA1_96; - pkb4->keys[0].value = &io->g.aes_256; - pkb4->keys[1].keytype = ENCTYPE_AES128_CTS_HMAC_SHA1_96; - pkb4->keys[1].value = &io->g.aes_128; - pkb4->keys[2].keytype = ENCTYPE_DES_CBC_MD5; - pkb4->keys[2].value = &io->g.des_md5; - pkb4->keys[3].keytype = ENCTYPE_DES_CBC_CRC; - pkb4->keys[3].value = &io->g.des_crc; + pkb4->keys[0].iteration_count = 4096; + pkb4->keys[0].keytype = ENCTYPE_AES256_CTS_HMAC_SHA1_96; + pkb4->keys[0].value = &io->g.aes_256; + pkb4->keys[1].iteration_count = 4096; + pkb4->keys[1].keytype = ENCTYPE_AES128_CTS_HMAC_SHA1_96; + pkb4->keys[1].value = &io->g.aes_128; + pkb4->keys[2].iteration_count = 4096; + pkb4->keys[2].keytype = ENCTYPE_DES_CBC_MD5; + pkb4->keys[2].value = &io->g.des_md5; + pkb4->keys[3].iteration_count = 4096; + pkb4->keys[3].keytype = ENCTYPE_DES_CBC_CRC; + pkb4->keys[3].value = &io->g.des_crc; /* initialize the old keys to zero */ - pkb4->num_old_keys1 = 0; - pkb4->old_keys1 = NULL; - pkb4->num_old_keys2 = 0; - pkb4->old_keys2 = NULL; + pkb4->num_old_keys = 0; + pkb4->old_keys = NULL; + pkb4->num_older_keys = 0; + pkb4->older_keys = NULL; /* if there're no old keys, then we're done */ if (!old_scb) { @@ -580,7 +588,7 @@ static int setup_primary_kerberos_newer(struct setup_password_fields_io *io, old_scp = &old_scb->sub.packages[i]; break; } - /* Primary:Kerberos element of supplementalCredentials */ + /* Primary:Kerberos-Newer-Keys element of supplementalCredentials */ if (old_scp) { DATA_BLOB blob; @@ -595,20 +603,20 @@ static int setup_primary_kerberos_newer(struct setup_password_fields_io *io, ndr_err = ndr_pull_struct_blob(&blob, io->ac, lp_iconv_convenience(ldb_get_opaque(io->ac->module->ldb, "loadparm")), &_old_pkb, - (ndr_pull_flags_fn_t)ndr_pull_package_PrimaryKerberosNewerBlob); + (ndr_pull_flags_fn_t)ndr_pull_package_PrimaryKerberosBlob); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { NTSTATUS status = ndr_map_error2ntstatus(ndr_err); ldb_asprintf_errstring(io->ac->module->ldb, "setup_primary_kerberos_newer: " - "failed to pull old package_PrimaryKerberosNewerBlob: %s", + "failed to pull old package_PrimaryKerberosBlob: %s", nt_errstr(status)); return LDB_ERR_OPERATIONS_ERROR; } if (_old_pkb.version != 4) { ldb_asprintf_errstring(io->ac->module->ldb, - "setup_primary_kerberos: " - "package_PrimaryKerberosNewerBlob version[%u] expected[4]", + "setup_primary_kerberos_newer: " + "package_PrimaryKerberosBlob version[%u] expected[4]", _old_pkb.version); return LDB_ERR_OPERATIONS_ERROR; } @@ -622,10 +630,10 @@ static int setup_primary_kerberos_newer(struct setup_password_fields_io *io, } /* fill in the old keys */ - pkb4->num_old_keys1 = old_pkb4->num_keys; - pkb4->old_keys1 = old_pkb4->keys; - pkb4->num_old_keys2 = old_pkb4->num_old_keys1; - pkb4->old_keys2 = old_pkb4->old_keys1; + pkb4->num_old_keys = old_pkb4->num_keys; + pkb4->old_keys = old_pkb4->keys; + pkb4->num_older_keys = old_pkb4->num_old_keys; + pkb4->older_keys = old_pkb4->old_keys; return LDB_SUCCESS; } @@ -980,7 +988,7 @@ static int setup_supplemental_field(struct setup_password_fields_io *io) /* Primary:Kerberos-Newer-Keys */ const char **nkn = NULL; struct supplementalCredentialsPackage *pkn = NULL; - struct package_PrimaryKerberosNewerBlob pknb; + struct package_PrimaryKerberosBlob pknb; DATA_BLOB pknb_blob; char *pknb_hexstr; /* Primary:Kerberos */ @@ -1105,7 +1113,7 @@ static int setup_supplemental_field(struct setup_password_fields_io *io) ndr_err = ndr_push_struct_blob(&pknb_blob, io->ac, lp_iconv_convenience(ldb_get_opaque(io->ac->module->ldb, "loadparm")), &pknb, - (ndr_push_flags_fn_t)ndr_push_package_PrimaryKerberosNewerBlob); + (ndr_push_flags_fn_t)ndr_push_package_PrimaryKerberosBlob); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { NTSTATUS status = ndr_map_error2ntstatus(ndr_err); ldb_asprintf_errstring(io->ac->module->ldb, -- cgit From d65f89f7b9ba749691c04a9c95e3c8eac77c492c Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 25 Jul 2008 08:44:00 +1000 Subject: Clarify how we are doing the 'this is a rootdse query' check. (This used to be commit 8dfba3160cc4bc518f3ad8570d104e5baae784ca) --- source4/dsdb/samdb/ldb_modules/rootdse.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index 75f99a139d..7414d36973 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -263,9 +263,10 @@ static int rootdse_search(struct ldb_module *module, struct ldb_request *req) struct ldb_request *down_req; int ret; - /* see if its for the rootDSE */ + /* see if its for the rootDSE - only a base search on the "" DN qualifies */ if (req->op.search.scope != LDB_SCOPE_BASE || ( ! ldb_dn_is_null(req->op.search.base))) { + /* Otherwise, pass down to the rest of the stack */ return ldb_next_request(module, req); } -- cgit From da9ab5756e1256a9c6e1188f7510ca5d84cbe4f9 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 28 Jul 2008 08:04:43 +1000 Subject: Remove unused variable (This used to be commit 31a303c099e26423160010c48b305434d4cbea25) --- source4/dsdb/samdb/ldb_modules/schema_fsmo.c | 1 - 1 file changed, 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c index 2acc5c0af4..87ada855d3 100644 --- a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c +++ b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c @@ -150,7 +150,6 @@ static int schema_fsmo_add(struct ldb_module *module, struct ldb_request *req) static int schema_fsmo_extended(struct ldb_module *module, struct ldb_request *req) { - WERROR status; struct ldb_dn *schema_dn; struct dsdb_schema *schema; char *error_string = NULL; -- cgit From 16112762e70879b50f1dfc49452d6d278bd256cf Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 15 Aug 2008 20:40:57 +1000 Subject: Generate the subSchema in cn=Aggregate This reads the schema from the in-memory structure, when the magic attributes are requested. The code is a modified version of that used in the ad2oLschema tool (now shared). The schema_fsmo module handles the insertion of the generated result. As such, this commit also removes these entries from the setup/schema.ldif Metze's previous stub of this functionality is also removed. Andrew Bartlett (This used to be commit c7c32ec7b42bdf0f7b669644516438c71b364e60) --- source4/dsdb/samdb/ldb_modules/schema_fsmo.c | 206 ++++++++++++++++++++++++++- 1 file changed, 201 insertions(+), 5 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c index 87ada855d3..706b7b18b7 100644 --- a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c +++ b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c @@ -32,6 +32,40 @@ #include "lib/util/dlinklist.h" #include "param/param.h" +static int generate_objectClasses(struct ldb_context *ldb, struct ldb_message *msg, + const struct dsdb_schema *schema); +static int generate_attributeTypes(struct ldb_context *ldb, struct ldb_message *msg, + const struct dsdb_schema *schema); +static int generate_dITContentRules(struct ldb_context *ldb, struct ldb_message *msg, + const struct dsdb_schema *schema); + +static const struct { + const char *attr; + int (*fn)(struct ldb_context *, struct ldb_message *, const struct dsdb_schema *); +} generated_attrs[] = { + { + .attr = "objectClasses", + .fn = generate_objectClasses + }, + { + .attr = "attributeTypes", + .fn = generate_attributeTypes + }, + { + .attr = "dITContentRules", + .fn = generate_dITContentRules + } +}; + +struct schema_fsmo_private_data { + struct ldb_dn *aggregate_dn; +}; + +struct schema_fsmo_search_data { + struct schema_fsmo_private_data *module_context; + struct ldb_request *orig_req; +}; + static int schema_fsmo_init(struct ldb_module *module) { TALLOC_CTX *mem_ctx; @@ -39,10 +73,7 @@ static int schema_fsmo_init(struct ldb_module *module) struct dsdb_schema *schema; char *error_string = NULL; int ret; - - if (dsdb_get_schema(module->ldb)) { - return ldb_next_init(module); - } + struct schema_fsmo_private_data *data; schema_dn = samdb_schema_dn(module->ldb); if (!schema_dn) { @@ -52,6 +83,25 @@ static int schema_fsmo_init(struct ldb_module *module) return ldb_next_init(module); } + data = talloc(module, struct schema_fsmo_private_data); + if (data == NULL) { + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + /* Check to see if this is a result on the CN=Aggregate schema */ + data->aggregate_dn = ldb_dn_copy(data, schema_dn); + if (!ldb_dn_add_child_fmt(data->aggregate_dn, "CN=Aggregate")) { + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + module->private_data = data; + + if (dsdb_get_schema(module->ldb)) { + return ldb_next_init(module); + } + mem_ctx = talloc_new(module); if (!mem_ctx) { ldb_oom(module->ldb); @@ -208,9 +258,155 @@ static int schema_fsmo_extended(struct ldb_module *module, struct ldb_request *r return LDB_SUCCESS; } +static int generate_objectClasses(struct ldb_context *ldb, struct ldb_message *msg, + const struct dsdb_schema *schema) +{ + const struct dsdb_class *class; + int ret; + + for (class = schema->classes; class; class = class->next) { + ret = ldb_msg_add_string(msg, "objectClasses", schema_class_to_description(msg, class)); + if (ret != LDB_SUCCESS) { + return ret; + } + } + return LDB_SUCCESS; +} +static int generate_attributeTypes(struct ldb_context *ldb, struct ldb_message *msg, + const struct dsdb_schema *schema) +{ + const struct dsdb_attribute *attribute; + int ret; + + for (attribute = schema->attributes; attribute; attribute = attribute->next) { + ret = ldb_msg_add_string(msg, "attributeTypes", schema_attribute_to_description(msg, attribute)); + if (ret != LDB_SUCCESS) { + return ret; + } + } + return LDB_SUCCESS; +} + +static int generate_dITContentRules(struct ldb_context *ldb, struct ldb_message *msg, + const struct dsdb_schema *schema) +{ + const struct dsdb_class *class; + int ret; + + for (class = schema->classes; class; class = class->next) { + if (class->auxiliaryClass || class->systemAuxiliaryClass) { + char *ditcontentrule = schema_class_to_dITContentRule(msg, class, schema); + if (!ditcontentrule) { + ldb_oom(ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + ret = ldb_msg_add_steal_string(msg, "dITContentRules", ditcontentrule); + if (ret != LDB_SUCCESS) { + return ret; + } + } + } + return 0; +} + + + +/* Add objectClasses, attributeTypes and dITContentRules from the + schema object (they are not stored in the database) + */ +static int schema_fsmo_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +{ + const struct dsdb_schema *schema = dsdb_get_schema(ldb); + struct schema_fsmo_search_data *search_data = talloc_get_type(context, struct schema_fsmo_search_data); + struct ldb_request *orig_req = search_data->orig_req; + TALLOC_CTX *mem_ctx; + int i, ret; + + /* Only entries are interesting, and we handle the case of the parent seperatly */ + if (ares->type != LDB_REPLY_ENTRY) { + return orig_req->callback(ldb, orig_req->context, ares); + } + + if (ldb_dn_compare(ares->message->dn, search_data->module_context->aggregate_dn) != 0) { + talloc_free(mem_ctx); + return orig_req->callback(ldb, orig_req->context, ares); + } + + mem_ctx = talloc_new(ares); + if (!mem_ctx) { + ldb_oom(ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + for (i=0; i < ARRAY_SIZE(generated_attrs); i++) { + if (ldb_attr_in_list(orig_req->op.search.attrs, generated_attrs[i].attr)) { + ret = generated_attrs[i].fn(ldb, ares->message, schema); + if (ret != LDB_SUCCESS) { + return ret; + } + } + } + + talloc_free(mem_ctx); + return orig_req->callback(ldb, orig_req->context, ares); +} + +/* search */ +static int schema_fsmo_search(struct ldb_module *module, struct ldb_request *req) +{ + int i, ret; + struct schema_fsmo_search_data *search_context; + struct ldb_request *down_req; + struct dsdb_schema *schema = dsdb_get_schema(module->ldb); + + if (!schema || !module->private_data) { + /* If there is no schema, there is little we can do */ + return ldb_next_request(module, req); + } + for (i=0; i < ARRAY_SIZE(generated_attrs); i++) { + if (ldb_attr_in_list(req->op.search.attrs, generated_attrs[i].attr)) { + break; + } + } + if (i == ARRAY_SIZE(generated_attrs)) { + /* No request for a generated attr found, nothing to + * see here, move along... */ + return ldb_next_request(module, req); + } + + search_context = talloc(req, struct schema_fsmo_search_data); + if (!search_context) { + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + down_req = talloc(req, struct ldb_request); + if (!down_req) { + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + *down_req = *req; + search_context->orig_req = req; + search_context->module_context = talloc_get_type(module->private_data, struct schema_fsmo_private_data); + down_req->context = search_context; + + down_req->callback = schema_fsmo_search_callback; + + ret = ldb_next_request(module, down_req); + + /* do not free down_req as the call results may be linked to it, + * it will be freed when the upper level request get freed */ + if (ret == LDB_SUCCESS) { + req->handle = down_req->handle; + } + return ret; +} + + _PUBLIC_ const struct ldb_module_ops ldb_schema_fsmo_module_ops = { .name = "schema_fsmo", .init_context = schema_fsmo_init, .add = schema_fsmo_add, - .extended = schema_fsmo_extended + .extended = schema_fsmo_extended, + .search = schema_fsmo_search }; -- cgit From 5c6364ba0655316294833f192281d49a4de63b0c Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 18 Aug 2008 12:01:27 +1000 Subject: Remove references to the unused @SUBCLASS feature. This was removed from ldb_tdb a while ago Andrew Bartlett (This used to be commit fcb87e77860b449ac3483ccec5e6b5ed087540f2) --- source4/dsdb/samdb/ldb_modules/tests/samba3sam.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py b/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py index 7c408d0436..428e6b4d4b 100644 --- a/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py +++ b/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py @@ -47,7 +47,7 @@ class MapBaseTestCase(TestCaseInTempDir): ldb.add({"dn": "@PARTITION", "partition": [s4.basedn + ":" + s4.url, s3.basedn + ":" + s3.url], - "replicateEntries": ["@SUBCLASSES", "@ATTRIBUTES", "@INDEXLIST"]}) + "replicateEntries": ["@ATTRIBUTES", "@INDEXLIST"]}) def setUp(self): super(MapBaseTestCase, self).setUp() -- cgit From 4c18073b139ddccf5593401b08e55eda937db3e6 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 18 Aug 2008 15:12:08 +1000 Subject: Ensure we fail to proceed if the schema won't load. (This used to be commit 07107c45c35a11979bf68a14b2c4df9415880fcb) --- source4/dsdb/samdb/ldb_modules/schema_fsmo.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c index 706b7b18b7..968b19c038 100644 --- a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c +++ b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c @@ -125,6 +125,7 @@ static int schema_fsmo_init(struct ldb_module *module) "schema_fsmo_init: dsdb_schema load failed: %s", error_string); talloc_free(mem_ctx); + return ret; } /* dsdb_set_schema() steal schema into the ldb_context */ -- cgit From b4ba27d7dbda31819e38ca5b87ff718c3b417963 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 20 Aug 2008 16:18:44 +1000 Subject: Use the new SEARCH_FLAG_ANR define (This used to be commit 07d122ce2c255124dfb3acf71a3afdf52f06e1b1) --- source4/dsdb/samdb/ldb_modules/anr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/anr.c b/source4/dsdb/samdb/ldb_modules/anr.c index 1252c9ee42..bd494c841b 100644 --- a/source4/dsdb/samdb/ldb_modules/anr.c +++ b/source4/dsdb/samdb/ldb_modules/anr.c @@ -146,7 +146,7 @@ struct ldb_parse_tree *anr_replace_callback(TALLOC_CTX *mem_ctx, op = LDB_OP_SUBSTRING; } for (cur = schema->attributes; cur; cur = cur->next) { - if (!(cur->searchFlags & 0x4)) continue; + if (!(cur->searchFlags & SEARCH_FLAG_ANR)) continue; match_tree = make_match_tree(module, mem_ctx, op, cur->lDAPDisplayName, match); if (tree) { -- cgit From c06e928580702f1290eb475f71932b2c550ad7ff Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 21 Aug 2008 12:50:22 +1000 Subject: Don't maniplate control entries in samldb (This used to be commit 8003ee9abf474de534677283fc499f9a3d992b20) --- source4/dsdb/samdb/ldb_modules/samldb.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 88590f306b..bd491bd011 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -768,6 +768,10 @@ static int samldb_modify(struct ldb_module *module, struct ldb_request *req) struct ldb_message_element *el, *el2; int ret; unsigned int group_type, user_account_control, account_type; + if (ldb_dn_is_special(req->op.mod.message->dn)) { /* do not manipulate our control entries */ + return ldb_next_request(module, req); + } + if (ldb_msg_find_element(req->op.mod.message, "sAMAccountType") != NULL) { ldb_asprintf_errstring(module->ldb, "sAMAccountType must not be specified"); return LDB_ERR_UNWILLING_TO_PERFORM; -- cgit From 4ad97a1d0593b3401a352407009a99ead23f21f2 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 21 Aug 2008 19:24:58 +1000 Subject: Don't walk past the end of ldb values. This is a partial fix towards bugs due to us walking past the end of what we think are strings in ldb. There is much more work to do in this area. Andrew Bartlett (This used to be commit 5805a9a8f35fd90fa4f718f73534817fa3bbdfd2) --- source4/dsdb/samdb/ldb_modules/linked_attributes.c | 8 ++++---- source4/dsdb/samdb/ldb_modules/normalise.c | 2 +- source4/dsdb/samdb/ldb_modules/partition.c | 2 +- source4/dsdb/samdb/ldb_modules/schema_syntax.c | 2 +- source4/dsdb/samdb/ldb_modules/simple_ldap_map.c | 2 +- 5 files changed, 8 insertions(+), 8 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/linked_attributes.c b/source4/dsdb/samdb/ldb_modules/linked_attributes.c index 04b9987071..e64472432d 100644 --- a/source4/dsdb/samdb/ldb_modules/linked_attributes.c +++ b/source4/dsdb/samdb/ldb_modules/linked_attributes.c @@ -160,7 +160,7 @@ static int setup_modifies(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, ldb_oom(ldb); return LDB_ERR_OPERATIONS_ERROR; } - new_msg->dn = ldb_dn_new(new_msg, ldb, (char *)el->values[j].data); + new_msg->dn = ldb_dn_from_ldb_val(new_msg, ldb, &el->values[j]); if (!new_msg->dn) { ldb_asprintf_errstring(ldb, "attribute %s value %s was not a valid DN", msg->elements[i].name, @@ -330,7 +330,7 @@ static int linked_attributes_mod_replace_search_callback(struct ldb_context *ldb /* Add all the existing elements, marking as 'proposed for delete' by setting .add = false */ for (i=0; i < search_el->num_values; i++) { merged_list = talloc_realloc(ares, merged_list, struct merge, size + 1); - merged_list[size].dn = ldb_dn_new(merged_list, ldb, (char *)search_el->values[i].data); + merged_list[size].dn = ldb_dn_from_ldb_val(merged_list, ldb, &search_el->values[i]); merged_list[size].add = false; merged_list[size].ignore = false; size++; @@ -339,7 +339,7 @@ static int linked_attributes_mod_replace_search_callback(struct ldb_context *ldb /* Add all the new replacement elements, marking as 'proposed for add' by setting .add = true */ for (i=0; i < ac2->el->num_values; i++) { merged_list = talloc_realloc(ares, merged_list, struct merge, size + 1); - merged_list[size].dn = ldb_dn_new(merged_list, ldb, (char *)ac2->el->values[i].data); + merged_list[size].dn = ldb_dn_from_ldb_val(merged_list, ldb, &ac2->el->values[i]); merged_list[size].add = true; merged_list[size].ignore = false; size++; @@ -610,7 +610,7 @@ static int linked_attributes_modify(struct ldb_module *module, struct ldb_reques ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } - new_msg->dn = ldb_dn_new(new_msg, module->ldb, (char *)el->values[j].data); + new_msg->dn = ldb_dn_from_ldb_val(new_msg, module->ldb, &el->values[j]); if (!new_msg->dn) { ldb_asprintf_errstring(module->ldb, "attribute %s value %s was not a valid DN", req->op.mod.message->elements[i].name, diff --git a/source4/dsdb/samdb/ldb_modules/normalise.c b/source4/dsdb/samdb/ldb_modules/normalise.c index 8de9e33002..3306fd3c33 100644 --- a/source4/dsdb/samdb/ldb_modules/normalise.c +++ b/source4/dsdb/samdb/ldb_modules/normalise.c @@ -112,7 +112,7 @@ static int normalise_search_callback(struct ldb_context *ldb, void *context, str } for (j = 0; j < ares->message->elements[i].num_values; j++) { const char *dn_str; - struct ldb_dn *dn = ldb_dn_new(mem_ctx, ldb, (const char *)ares->message->elements[i].values[j].data); + struct ldb_dn *dn = ldb_dn_from_ldb_val(mem_ctx, ldb, &ares->message->elements[i].values[j]); if (!dn) { talloc_free(mem_ctx); return LDB_ERR_OPERATIONS_ERROR; diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index 9285d6d0d8..9cae6ab7b5 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -925,7 +925,7 @@ static int partition_init(struct ldb_module *module) } for (i=0; i < replicate_attributes->num_values; i++) { - data->replicate[i] = ldb_dn_new(data->replicate, module->ldb, (const char *)replicate_attributes->values[i].data); + data->replicate[i] = ldb_dn_from_ldb_val(data->replicate, module->ldb, &replicate_attributes->values[i]); if (!ldb_dn_validate(data->replicate[i])) { ldb_asprintf_errstring(module->ldb, "partition_init: " diff --git a/source4/dsdb/samdb/ldb_modules/schema_syntax.c b/source4/dsdb/samdb/ldb_modules/schema_syntax.c index d800e4b6d2..ab9f32c913 100644 --- a/source4/dsdb/samdb/ldb_modules/schema_syntax.c +++ b/source4/dsdb/samdb/ldb_modules/schema_syntax.c @@ -248,7 +248,7 @@ static int schema_validate_dn(struct ldb_context *ldb, struct ldb_val *val, int struct ldb_dn *dn; int ret = LDB_SUCCESS; - dn = ldb_dn_new(ldb, ldb, (const char *)val->data); + dn = ldb_dn_from_ldb_val(ldb, ldb, val); if ( ! ldb_dn_validate(dn)) { ret = LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; } diff --git a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c index 6e967aab2f..8f92995145 100644 --- a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c +++ b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c @@ -154,7 +154,7 @@ static struct ldb_val objectCategory_always_dn(struct ldb_module *module, TALLOC struct ldb_val out = data_blob(NULL, 0); const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(module->ldb, "objectCategory"); - dn = ldb_dn_new(ctx, module->ldb, val->data); + dn = ldb_dn_from_ldb_val(ctx, module->ldb, val); if (dn && ldb_dn_validate(dn)) { talloc_free(dn); return val_copy(module, ctx, val); -- cgit From a83bb07016032bd29e36c8de5a3205bbe318167e Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 22 Aug 2008 14:32:27 +1000 Subject: fixed error handling in ANR code when we can't process an ANR request we need to continue with the parse tree we were given, not a NULL tree (This used to be commit ed66feb80aac7432049fe9fd86a9232984587e17) --- source4/dsdb/samdb/ldb_modules/anr.c | 42 ++++++++++++++++++++---------------- 1 file changed, 24 insertions(+), 18 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/anr.c b/source4/dsdb/samdb/ldb_modules/anr.c index bd494c841b..4e2c527fe9 100644 --- a/source4/dsdb/samdb/ldb_modules/anr.c +++ b/source4/dsdb/samdb/ldb_modules/anr.c @@ -224,30 +224,26 @@ struct ldb_parse_tree *anr_replace_subtrees(struct ldb_parse_tree *tree, void *context) { int i; + struct ldb_parse_tree *tmp; + switch (tree->operation) { case LDB_OP_AND: case LDB_OP_OR: for (i=0;iu.list.num_elements;i++) { - tree->u.list.elements[i] = anr_replace_subtrees(tree->u.list.elements[i], - attr, callback, context); - if (!tree->u.list.elements[i]) { - return NULL; - } + tmp = anr_replace_subtrees(tree->u.list.elements[i], + attr, callback, context); + if (tmp) tree->u.list.elements[i] = tmp; } break; case LDB_OP_NOT: - tree->u.isnot.child = anr_replace_subtrees(tree->u.isnot.child, attr, callback, context); - if (!tree->u.isnot.child) { - return NULL; - } + tmp = anr_replace_subtrees(tree->u.isnot.child, attr, callback, context); + if (tmp) tree->u.isnot.child = tmp; break; case LDB_OP_EQUALITY: if (ldb_attr_cmp(tree->u.equality.attr, attr) == 0) { - tree = callback(tree, &tree->u.equality.value, + tmp = callback(tree, &tree->u.equality.value, context); - if (!tree) { - return NULL; - } + if (tmp) tree = tmp; } break; case LDB_OP_SUBSTRING: @@ -256,10 +252,8 @@ struct ldb_parse_tree *anr_replace_subtrees(struct ldb_parse_tree *tree, tree->u.substring.end_with_wildcard == 1 && tree->u.substring.chunks[0] != NULL && tree->u.substring.chunks[1] == NULL) { - tree = callback(tree, tree->u.substring.chunks[0], context); - if (!tree) { - return NULL; - } + tmp = callback(tree, tree->u.substring.chunks[0], context); + if (tmp) tree = tmp; } } break; @@ -280,17 +274,29 @@ static int anr_search(struct ldb_module *module, struct ldb_request *req) context->module = module; context->found_anr = false; +#if 0 + printf("oldanr : %s\n", ldb_filter_from_tree (0, req->op.search.tree)); +#endif + /* Yes, this is a problem with req->op.search.tree being const... */ anr_tree = anr_replace_subtrees(req->op.search.tree, "anr", anr_replace_callback, context); if (!anr_tree) { + talloc_free(context); return LDB_ERR_OPERATIONS_ERROR; } if (context->found_anr) { /* The above function modifies the tree if it finds "anr", so no * point just setting this on the down_req */ +#if 0 + printf("newtree: %s\n", ldb_filter_from_tree (0, anr_tree)); +#endif req->op.search.tree = talloc_steal(req, anr_tree); - + } else { + if (anr_tree != req->op.search.tree) { + talloc_free(anr_tree); + } + talloc_free(context); } return ldb_next_request(module, req); } -- cgit From 4c386ce366cfa08e670f58e5560bf1253b8b6c29 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 8 Sep 2008 11:09:02 +1000 Subject: Don't expose passwords, even to the administrator. This ensures they don't leak over LDAP, but does not prevent access, as ldbsearch locally still bypasses these controls. Andrew Bartlett (This used to be commit fa3f3bab33001770a9d7e33875bf212636f6c128) --- source4/dsdb/samdb/ldb_modules/kludge_acl.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index 2c01594722..bc998a835a 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -238,7 +238,6 @@ static int kludge_acl_callback(struct ldb_context *ldb, void *context, struct ld { switch (ac->user_type) { case SECURITY_SYSTEM: - case SECURITY_ADMINISTRATOR: if (ac->allowedAttributesEffective) { ret = kludge_acl_allowedAttributes(ldb, ares->message, "allowedAttributesEffective"); if (ret != LDB_SUCCESS) { @@ -252,6 +251,20 @@ static int kludge_acl_callback(struct ldb_context *ldb, void *context, struct ld } } break; + case SECURITY_ADMINISTRATOR: + if (ac->allowedAttributesEffective) { + ret = kludge_acl_allowedAttributes(ldb, ares->message, "allowedAttributesEffective"); + if (ret != LDB_SUCCESS) { + return ret; + } + } + if (ac->allowedChildClassesEffective) { + ret = kludge_acl_childClasses(ldb, ares->message, "allowedChildClassesEffective"); + if (ret != LDB_SUCCESS) { + return ret; + } + } + /* fall though */ default: /* remove password attributes */ for (i = 0; data->password_attrs[i]; i++) { -- cgit From c222f8196ab018c53579ceb3ffeeb1a9b3e77b6b Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 8 Sep 2008 11:10:24 +1000 Subject: Try to implement the right logic for systemFlags The MS-ADTS document has quite detailed instrucitons on how these flags should be processed. This change also causes the correct sign-wrapping to occour, as these are declared as signed integers. Andrew Bartlett (This used to be commit 5c3d237a6d721dc75166bdc5ac0c6e76a4495bf7) --- source4/dsdb/samdb/ldb_modules/objectclass.c | 37 ++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c index 4d4ef585cb..b048a8d8e1 100644 --- a/source4/dsdb/samdb/ldb_modules/objectclass.c +++ b/source4/dsdb/samdb/ldb_modules/objectclass.c @@ -534,6 +534,8 @@ static int objectclass_do_add(struct ldb_handle *h) } /* Last one is the critical one */ if (!current->next) { + struct ldb_message_element *el; + int32_t systemFlags = 0; if (!ldb_msg_find_element(msg, "objectCategory")) { ldb_msg_add_string(msg, "objectCategory", current->objectclass->defaultObjectCategory); @@ -548,6 +550,41 @@ static int objectclass_do_add(struct ldb_handle *h) ldb_msg_add_steal_value(msg, "nTSecurityDescriptor", sd); } } + + /* There are very special rules for systemFlags, see MS-ADTS 3.1.1.5.2.4 */ + el = ldb_msg_find_element(msg, "systemFlags"); + + systemFlags = ldb_msg_find_attr_as_int(msg, "systemFlags", 0); + + if (el) { + /* Only these flags may be set by a client, but we can't tell between a client and our provision at this point */ + /* systemFlags &= ( SYSTEM_FLAG_CONFIG_ALLOW_RENAME | SYSTEM_FLAG_CONFIG_ALLOW_MOVE | SYSTEM_FLAG_CONFIG_LIMITED_MOVE); */ + ldb_msg_remove_element(msg, el); + } + + /* This flag is only allowed on attributeSchema objects */ + if (ldb_attr_cmp(current->objectclass->lDAPDisplayName, "attributeSchema") == 0) { + systemFlags &= ~SYSTEM_FLAG_ATTR_IS_RDN; + } + + if (ldb_attr_cmp(current->objectclass->lDAPDisplayName, "server") == 0) { + systemFlags |= (int32_t)(SYSTEM_FLAG_DISALLOW_MOVE_ON_DELETE | SYSTEM_FLAG_CONFIG_ALLOW_RENAME | SYSTEM_FLAG_CONFIG_ALLOW_LIMITED_MOVE); + } else if (ldb_attr_cmp(current->objectclass->lDAPDisplayName, "site") == 0 + || ldb_attr_cmp(current->objectclass->lDAPDisplayName, "serverContainer") == 0 + || ldb_attr_cmp(current->objectclass->lDAPDisplayName, "ntDSDSA") == 0) { + systemFlags |= (int32_t)(SYSTEM_FLAG_DISALLOW_MOVE_ON_DELETE); + + } else if (ldb_attr_cmp(current->objectclass->lDAPDisplayName, "siteLink") == 0 + || ldb_attr_cmp(current->objectclass->lDAPDisplayName, "siteLinkBridge") == 0 + || ldb_attr_cmp(current->objectclass->lDAPDisplayName, "nTDSConnection") == 0) { + systemFlags |= (int32_t)(SYSTEM_FLAG_CONFIG_ALLOW_RENAME); + } + + /* TODO: If parent object is site or subnet, also add (SYSTEM_FLAG_CONFIG_ALLOW_RENAME) */ + + if (el || systemFlags != 0) { + samdb_msg_add_int(ac->module->ldb, msg, msg, "systemFlags", systemFlags); + } } } } -- cgit From e4412a0470b18ea9e605f2afb00c23609102d59c Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 12 Sep 2008 13:57:50 -0400 Subject: Remove ancient remains of first experimentations about supporting a schema (This used to be commit 53b57300c799a079b4d64815243fe6120e0a9fa2) --- source4/dsdb/samdb/ldb_modules/config.mk | 11 - source4/dsdb/samdb/ldb_modules/schema.c | 1230 ------------------------ source4/dsdb/samdb/ldb_modules/schema_syntax.c | 469 --------- source4/dsdb/samdb/ldb_modules/schema_syntax.h | 71 -- 4 files changed, 1781 deletions(-) delete mode 100644 source4/dsdb/samdb/ldb_modules/schema.c delete mode 100644 source4/dsdb/samdb/ldb_modules/schema_syntax.c delete mode 100644 source4/dsdb/samdb/ldb_modules/schema_syntax.h (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index 830f7c9fa1..00e4f1af92 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -203,17 +203,6 @@ INIT_FUNCTION = LDB_MODULE(partition) ldb_partition_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/partition.o -################################################ -# Start MODULE ldb_schema -[MODULE::ldb_schema] -SUBSYSTEM = LIBLDB -PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS LIBLDB -INIT_FUNCTION = LDB_MODULE(schema) -# End MODULE ldb_schema -################################################ - -ldb_schema_OBJ_FILES = $(addprefix $(dsdbsrcdir)/samdb/ldb_modules/, schema.o schema_syntax.o) - ################################################ # Start MODULE ldb_update_kt [MODULE::ldb_update_keytab] diff --git a/source4/dsdb/samdb/ldb_modules/schema.c b/source4/dsdb/samdb/ldb_modules/schema.c deleted file mode 100644 index f2c4d38305..0000000000 --- a/source4/dsdb/samdb/ldb_modules/schema.c +++ /dev/null @@ -1,1230 +0,0 @@ -/* - ldb database library - - Copyright (C) Simo Sorce 2004-2006 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -/* - * Name: ldb - * - * Component: ldb schema module - * - * Description: add schema check functionality - * - * Author: Simo Sorce - */ - -#include "includes.h" -#include "libcli/ldap/ldap.h" -#include "ldb/include/ldb_errors.h" -#include "ldb/include/ldb_private.h" -#include "lib/util/dlinklist.h" -#include "schema_syntax.h" - -/* Syntax-Table - - see ldap_server/devdocs/AD-syntaxes.txt -*/ - -enum schema_class_type { - SCHEMA_CT_88 = 0, - SCHEMA_CT_STRUCTURAL = 1, - SCHEMA_CT_ABSTRACT = 2, - SCHEMA_CT_AUXILIARY = 3 -}; - -struct schema_attribute { - char *OID; /* attributeID */ - char *name; /* lDAPDisplayName */ - enum schema_internal_syntax syntax; /* generated from attributeSyntax, oMSyntax, oMObjectClass */ - bool single; /* isSingleValued */ - int min; /* rangeLower */ - int max; /* rangeUpper */ - int systemflag; /* systemFlag */ - int searchflag; /* searchFlag */ - bool isdefunct; /* isDefunct */ -}; - -struct schema_class { - char *OID; /* governsID */ - char *name; /* lDAPDisplayName */ - enum schema_class_type type; /* objectClassCategory */ - bool systemOnly; /* systemOnly */ - bool isdefunct; /* isDefunct */ - int systemflag; /* systemFlag */ - char *defobjcat; /* defaultObjectCategory */ - struct schema_class *parent; /* subClassOf */ - struct schema_class **sysaux; /* systemAuxiliaryClass */ - struct schema_class **aux; /* auxiliaryClass */ - struct schema_class **sysposssup; /* systemPossSuperiors */ - struct schema_class **posssup; /* possSuperiors */ - struct schema_class **possinf; /* possibleInferiors */ - struct schema_attribute **sysmust; /* systemMustContain */ - struct schema_attribute **must; /* MustContain */ - struct schema_attribute **sysmay; /* systemMayContain */ - struct schema_attribute **may; /* MayContain */ -}; - -/* TODO: ditcontentrules */ - -struct schema_private_data { - struct ldb_dn *schema_dn; - struct schema_attribute **attrs; - struct schema_store *attrs_store; - int num_attributes; - struct schema_class **class; - struct schema_store *class_store; - int num_classes; -}; - -struct schema_class_dlist { - struct schema_class *class; - struct schema_class_dlist *prev; - struct schema_class_dlist *next; - enum schema_class_type role; -}; - -struct schema_context { - - enum sc_op { SC_ADD, SC_MOD, SC_DEL, SC_RENAME } op; - enum sc_step { SC_INIT, SC_ADD_CHECK_PARENT, SC_ADD_TEMP, SC_DEL_CHECK_CHILDREN } step; - - struct schema_private_data *data; - - struct ldb_module *module; - struct ldb_request *orig_req; - struct ldb_request *down_req; - - struct ldb_request *parent_req; - struct ldb_reply *parent_res; - - struct schema_class_dlist *class_list; - struct schema_class **sup_list; - struct schema_class **aux_list; -}; - -/* FIXME: I'd really like to use an hash table here */ -struct schema_link { - const char *name; - void *object; -}; - -struct schema_store { - struct schema_link *store; - int num_links; -}; - -static struct schema_store *schema_store_new(TALLOC_CTX *mem_ctx) -{ - struct schema_store *ht; - - ht = talloc(mem_ctx, struct schema_store); - if (!ht) return NULL; - - ht->store = NULL; - ht->num_links = 0; - - return ht; -} - -static int schema_store_add(struct schema_store *ht, const char *key, void *object) -{ - ht->store = talloc_realloc(ht, ht->store, struct schema_link, ht->num_links + 1); - if (!ht->store) return LDB_ERR_OPERATIONS_ERROR; - - ht->store[ht->num_links].name = key; - ht->store[ht->num_links].object = object; - - ht->num_links++; - - return LDB_SUCCESS; -} - -static void *schema_store_find(struct schema_store *ht, const char *key) -{ - int i; - - for (i = 0; i < ht->num_links; i++) { - if (strcasecmp(ht->store[i].name, key) == 0) { - return ht->store[i].object; - } - } - - return NULL; -} - -#define SCHEMA_CHECK_VALUE(mem, val, mod) \ - do { if (mem == val) { \ - ret = LDB_ERR_OPERATIONS_ERROR; \ - ldb_asprintf_errstring(mod->ldb, \ - "schema module: Memory allocation or attribute error on %s", #mem); \ - goto done; } } while(0) - -struct schema_class **schema_get_class_list(struct ldb_module *module, - struct schema_private_data *data, - struct ldb_message_element *el) -{ - struct schema_class **list; - int i; - - list = talloc_array(data, struct schema_class *, el->num_values + 1); - if (!list) { - ldb_debug(module->ldb, LDB_DEBUG_ERROR, "Out of Memory"); - return NULL; - } - - for (i = 0; i < el->num_values; i++) { - list[i] = (struct schema_class *)schema_store_find(data->class_store, - (char *)el->values[i].data); - if (!list[i]) { - ldb_debug_set(module->ldb, - LDB_DEBUG_ERROR, - "Class %s referenced but not found in schema\n", - (char *)el->values[i].data); - return NULL; - } - } - list[i] = NULL; - - return list; -} - -struct schema_attribute **schema_get_attrs_list(struct ldb_module *module, - struct schema_private_data *data, - struct ldb_message_element *el) -{ - struct schema_attribute **list; - int i; - - list = talloc_array(data, struct schema_attribute *, el->num_values + 1); - if (!list) { - ldb_debug(module->ldb, LDB_DEBUG_ERROR, "Out of Memory"); - return NULL; - } - - for (i = 0; i < el->num_values; i++) { - list[i] = (struct schema_attribute *)schema_store_find(data->attrs_store, - (char *)el->values[i].data); - if (!list[i]) { - ldb_debug_set(module->ldb, - LDB_DEBUG_ERROR, - "Attriobute %s referenced but not found in schema\n", - (char *)el->values[i].data); - return NULL; - } - } - list[i] = NULL; - - return list; -} - -static int schema_init_attrs(struct ldb_module *module, struct schema_private_data *data) -{ - static const char *schema_attrs[] = { "attributeID", - "lDAPDisplayName", - "attributeSyntax", - "oMSyntax", - "oMObjectClass", - "isSingleValued", - "rangeLower", - "rangeUpper", - "searchFlag", - "systemFlag", - "isDefunct", - NULL }; - struct ldb_result *res; - int ret, i; - - ret = ldb_search(module->ldb, - data->schema_dn, - LDB_SCOPE_SUBTREE, - "(objectClass=attributeSchema)", - schema_attrs, - &res); - - if (ret != LDB_SUCCESS) { - goto done; - } - - data->num_attributes = res->count; - data->attrs = talloc_array(data, struct schema_attribute *, res->count); - SCHEMA_CHECK_VALUE(data->attrs, NULL, module); - - data->attrs_store = schema_store_new(data); - SCHEMA_CHECK_VALUE(data->attrs_store, NULL, module); - - for (i = 0; i < res->count; i++) { - const char *tmp_single; - const char *attr_syntax; - uint32_t om_syntax; - const struct ldb_val *om_class; - - data->attrs[i] = talloc(data->attrs, struct schema_attribute); - SCHEMA_CHECK_VALUE(data->attrs[i], NULL, module); - - data->attrs[i]->OID = talloc_strdup(data->attrs[i], - ldb_msg_find_attr_as_string(res->msgs[i], "attributeID", NULL)); - SCHEMA_CHECK_VALUE(data->attrs[i]->OID, NULL, module); - - data->attrs[i]->name = talloc_strdup(data->attrs[i], - ldb_msg_find_attr_as_string(res->msgs[i], "lDAPDisplayName", NULL)); - SCHEMA_CHECK_VALUE(data->attrs[i]->name, NULL, module); - - /* once we have both the OID and the attribute name, add the pointer to the store */ - schema_store_add(data->attrs_store, data->attrs[i]->OID, data->attrs[i]); - schema_store_add(data->attrs_store, data->attrs[i]->name, data->attrs[i]); - - attr_syntax = ldb_msg_find_attr_as_string(res->msgs[i], "attributeSyntax", NULL); - SCHEMA_CHECK_VALUE(attr_syntax, NULL, module); - - om_syntax = ldb_msg_find_attr_as_uint(res->msgs[i], "oMSyntax", 0); - /* 0 is not a valid oMSyntax */ - SCHEMA_CHECK_VALUE(om_syntax, 0, module); - - om_class = ldb_msg_find_ldb_val(res->msgs[i], "oMObjectClass"); - - ret = map_schema_syntax(om_syntax, attr_syntax, om_class, &data->attrs[i]->syntax); - if (ret != LDB_SUCCESS) { - ldb_asprintf_errstring(module->ldb, - "schema module: invalid om syntax value on %s", - data->attrs[i]->name); - goto done; - } - - tmp_single = ldb_msg_find_attr_as_string(res->msgs[i], "isSingleValued", NULL); - SCHEMA_CHECK_VALUE(tmp_single, NULL, module); - if (strcmp(tmp_single, "TRUE") == 0) { - data->attrs[i]->single = 1; - } else { - data->attrs[i]->single = 0; - } - - /* the following are optional */ - data->attrs[i]->min = ldb_msg_find_attr_as_int(res->msgs[i], "rangeLower", INT_MIN); - data->attrs[i]->max = ldb_msg_find_attr_as_int(res->msgs[i], "rangeUpper", INT_MAX); - data->attrs[i]->systemflag = ldb_msg_find_attr_as_int(res->msgs[i], "systemFlag", 0); - data->attrs[i]->searchflag = ldb_msg_find_attr_as_int(res->msgs[i], "searchFlag", 0); - data->attrs[i]->isdefunct = ldb_msg_find_attr_as_bool(res->msgs[i], "isDefunct", false); - } - -done: - talloc_free(res); - return ret; -} - -static int schema_init_classes(struct ldb_module *module, struct schema_private_data *data) -{ - const char *schema_attrs[] = { "governsID", - "lDAPDisplayName", - "objectClassCategory", - "defaultObjectCategory", - "systemOnly", - "systemFlag", - "isDefunct", - "subClassOf", - "systemAuxiliaryClass", - "auxiliaryClass", - "systemPossSuperiors", - "possSuperiors", - "possibleInferiors", - "systemMustContain", - "MustContain", - "systemMayContain", - "MayContain", - NULL }; - struct ldb_result *res; - int ret, i; - - ret = ldb_search(module->ldb, - data->schema_dn, - LDB_SCOPE_SUBTREE, - "(objectClass=classSchema)", - schema_attrs, - &res); - - if (ret != LDB_SUCCESS) { - goto done; - } - - data->num_classes = res->count; - data->class = talloc_array(data, struct schema_class *, res->count); - SCHEMA_CHECK_VALUE(data->class, NULL, module); - - data->class_store = schema_store_new(data); - SCHEMA_CHECK_VALUE(data->class_store, NULL, module); - - for (i = 0; i < res->count; i++) { - struct ldb_message_element *el; - - data->class[i] = talloc(data->class, struct schema_class); - SCHEMA_CHECK_VALUE(data->class[i], NULL, module); - - data->class[i]->OID = talloc_strdup(data->class[i], - ldb_msg_find_attr_as_string(res->msgs[i], "governsID", NULL)); - SCHEMA_CHECK_VALUE(data->class[i]->OID, NULL, module); - - data->class[i]->name = talloc_strdup(data->class[i], - ldb_msg_find_attr_as_string(res->msgs[i], "lDAPDisplayName", NULL)); - SCHEMA_CHECK_VALUE(data->class[i]->name, NULL, module); - - /* once we have both the OID and the class name, add the pointer to the store */ - schema_store_add(data->class_store, data->class[i]->OID, data->class[i]); - schema_store_add(data->class_store, data->class[i]->name, data->class[i]); - - data->class[i]->type = ldb_msg_find_attr_as_int(res->msgs[i], "objectClassCategory", -1); - /* 0 should not be a valid value, but turn out it is so test with -1 */ - SCHEMA_CHECK_VALUE(data->class[i]->type, -1, module); - - data->class[i]->defobjcat = talloc_strdup(data->class[i], - ldb_msg_find_attr_as_string(res->msgs[i], - "defaultObjectCategory", NULL)); -/* SCHEMA_CHECK_VALUE(data->class[i]->defobjcat, NULL, module); -*/ - /* the following attributes are all optional */ - - data->class[i]->systemOnly = ldb_msg_find_attr_as_bool(res->msgs[i], "systemOnly", false); - data->class[i]->systemflag = ldb_msg_find_attr_as_int(res->msgs[i], "systemFlag", 0); - data->class[i]->isdefunct = ldb_msg_find_attr_as_bool(res->msgs[i], "isDefunct", false); - - /* attributes are loaded first, so we can just go an query the attributes repo */ - - el = ldb_msg_find_element(res->msgs[i], "systemMustContain"); - if (el) { - data->class[i]->sysmust = schema_get_attrs_list(module, data, el); - SCHEMA_CHECK_VALUE(data->class[i]->sysmust, NULL, module); - } - - el = ldb_msg_find_element(res->msgs[i], "MustContain"); - if (el) { - data->class[i]->must = schema_get_attrs_list(module, data, el); - SCHEMA_CHECK_VALUE(data->class[i]->must, NULL, module); - } - - el = ldb_msg_find_element(res->msgs[i], "systemMayContain"); - if (el) { - data->class[i]->sysmay = schema_get_attrs_list(module, data, el); - SCHEMA_CHECK_VALUE(data->class[i]->sysmay, NULL, module); - } - - el = ldb_msg_find_element(res->msgs[i], "MayContain"); - if (el) { - data->class[i]->may = schema_get_attrs_list(module, data, el); - SCHEMA_CHECK_VALUE(data->class[i]->may, NULL, module); - } - - } - - /* subClassOf, systemAuxiliaryClass, auxiliaryClass, systemPossSuperiors - * must be filled in a second loop, when all class objects are allocated - * or we may not find a class that has not yet been parsed */ - for (i = 0; i < res->count; i++) { - struct ldb_message_element *el; - const char *attr; - - /* this is single valued anyway */ - attr = ldb_msg_find_attr_as_string(res->msgs[i], "subClassOf", NULL); - SCHEMA_CHECK_VALUE(attr, NULL, module); - data->class[i]->parent = schema_store_find(data->class_store, attr); - SCHEMA_CHECK_VALUE(data->class[i]->parent, NULL, module); - - /* the following attributes are all optional */ - - data->class[i]->sysaux = NULL; - el = ldb_msg_find_element(res->msgs[i], "systemAuxiliaryClass"); - if (el) { - data->class[i]->sysaux = schema_get_class_list(module, data, el); - SCHEMA_CHECK_VALUE(data->class[i]->sysaux, NULL, module); - } - - data->class[i]->aux = NULL; - el = ldb_msg_find_element(res->msgs[i], "auxiliaryClass"); - if (el) { - data->class[i]->aux = schema_get_class_list(module, data, el); - SCHEMA_CHECK_VALUE(data->class[i]->aux, NULL, module); - } - - data->class[i]->sysposssup = NULL; - el = ldb_msg_find_element(res->msgs[i], "systemPossSuperiors"); - if (el) { - data->class[i]->sysposssup = schema_get_class_list(module, data, el); - SCHEMA_CHECK_VALUE(data->class[i]->sysposssup, NULL, module); - } - - data->class[i]->posssup = NULL; - el = ldb_msg_find_element(res->msgs[i], "possSuperiors"); - if (el) { - data->class[i]->posssup = schema_get_class_list(module, data, el); - SCHEMA_CHECK_VALUE(data->class[i]->posssup, NULL, module); - } - - data->class[i]->possinf = NULL; - el = ldb_msg_find_element(res->msgs[i], "possibleInferiors"); - if (el) { - data->class[i]->possinf = schema_get_class_list(module, data, el); - SCHEMA_CHECK_VALUE(data->class[i]->possinf, NULL, module); - } - } - -done: - talloc_free(res); - return ret; -} - -static struct ldb_handle *schema_init_handle(struct ldb_request *req, struct ldb_module *module, enum sc_op op) -{ - struct schema_context *sctx; - struct ldb_handle *h; - - h = talloc_zero(req, struct ldb_handle); - if (h == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); - return NULL; - } - - h->module = module; - - sctx = talloc_zero(h, struct schema_context); - if (sctx == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); - talloc_free(h); - return NULL; - } - - h->private_data = (void *)sctx; - - h->state = LDB_ASYNC_INIT; - h->status = LDB_SUCCESS; - - sctx->op = op; - sctx->step = SC_INIT; - sctx->data = module->private_data; - sctx->module = module; - sctx->orig_req = req; - - return h; -} - -static int schema_add_check_parent(struct ldb_context *ldb, void *context, struct ldb_reply *ares) -{ - struct schema_context *sctx; - - sctx = talloc_get_type(context, struct schema_context); - - /* we are interested only in the single reply (base search) we receive here */ - if (ares->type == LDB_REPLY_ENTRY) { - if (sctx->parent_res != NULL) { - ldb_set_errstring(ldb, "Too many results"); - talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; - } - sctx->parent_res = talloc_steal(sctx, ares); - } else { - talloc_free(ares); - } - - return LDB_SUCCESS; -} - -static int schema_add_build_parent_req(struct schema_context *sctx) -{ - const char * const parent_attrs[] = { "objectClass", NULL }; - int ret; - - sctx->parent_req = talloc_zero(sctx, struct ldb_request); - if (sctx->parent_req == NULL) { - ldb_debug(sctx->module->ldb, LDB_DEBUG_ERROR, "Out of Memory!\n"); - return LDB_ERR_OPERATIONS_ERROR; - } - - sctx->parent_req->operation = LDB_SEARCH; - sctx->parent_req->op.search.scope = LDB_SCOPE_BASE; - sctx->parent_req->op.search.base = ldb_dn_get_parent(sctx->parent_req, sctx->orig_req->op.add.message->dn); - sctx->parent_req->op.search.tree = ldb_parse_tree(sctx->parent_req, "(objectClass=*)"); - sctx->parent_req->op.search.attrs = parent_attrs; - sctx->parent_req->controls = NULL; - sctx->parent_req->context = sctx; - sctx->parent_req->callback = schema_add_check_parent; - ret = ldb_set_timeout_from_prev_req(sctx->module->ldb, sctx->orig_req, sctx->parent_req); - - return ret; -} - -static struct schema_class_dlist *schema_add_get_dlist_entry_with_class(struct schema_class_dlist *list, struct schema_class *class) -{ - struct schema_class_dlist *temp; - - for (temp = list; temp && (temp->class != class); temp = temp->next) /* noop */ ; - return temp; -} - -static int schema_add_class_to_dlist(struct schema_class_dlist *list, struct schema_class *class, enum schema_class_type role) -{ - struct schema_class_dlist *entry; - struct schema_class_dlist *temp; - int ret; - - /* see if this class is usable */ - if (class->isdefunct) { - return LDB_ERR_NO_SUCH_ATTRIBUTE; - } - - /* see if this class already exist in the class list */ - if (schema_add_get_dlist_entry_with_class(list, class)) { - return LDB_SUCCESS; - } - - /* this is a new class go on and add to the list */ - entry = talloc_zero(list, struct schema_class_dlist); - if (!entry) return LDB_ERR_OPERATIONS_ERROR; - entry->class = class; - entry->role = class->type; - - /* If parent is top (list is guaranteed to start always with top) */ - if (class->parent == list->class) { - /* if the hierarchy role is structural try to add it just after top */ - if (role == SCHEMA_CT_STRUCTURAL) { - /* but check no other class at after top has a structural role */ - if (list->next && (list->next->role == SCHEMA_CT_STRUCTURAL)) { - return LDB_ERR_OBJECT_CLASS_VIOLATION; - } - DLIST_ADD_AFTER(list, entry, list); - } else { - DLIST_ADD_END(list, entry, struct schema_class_dlist *); - } - return LDB_SUCCESS; - } - - /* search if parent has already been added */ - temp = schema_add_get_dlist_entry_with_class(list->next, class->parent); - if (temp == NULL) { - ret = schema_add_class_to_dlist(list, class->parent, role); - if (ret != LDB_SUCCESS) { - return ret; - } - temp = schema_add_get_dlist_entry_with_class(list->next, class->parent); - } - if (!temp) { /* parent not found !? */ - return LDB_ERR_OPERATIONS_ERROR; - } - - DLIST_ADD_AFTER(list, entry, temp); - if (role == SCHEMA_CT_STRUCTURAL || role == SCHEMA_CT_AUXILIARY) { - temp = entry; - do { - temp->role = role; - temp = temp->prev; - /* stop when hierarchy base is met or when base class parent is top */ - } while (temp->class == temp->next->class->parent && - temp->next->class->parent != list->class); - - /* if we have not reached the head of the list - * and role is structural */ - if (temp != list && role == SCHEMA_CT_STRUCTURAL) { - struct schema_class_dlist *hfirst, *hlast; - - /* check if the list second entry is structural */ - if (list->next->role == SCHEMA_CT_STRUCTURAL) { - /* we have a confilict here */ - return LDB_ERR_OBJECT_CLASS_VIOLATION; - } - /* we have to move this hierarchy of classes - * so that the base of the structural hierarchy is right after top */ - - hfirst = temp->next; - hlast = entry; - /* now hfirst - hlast are the boundaries of the structural hierarchy */ - - /* extract the structural hierachy from the list */ - hfirst->prev->next = hlast->next; - if (hlast->next) hlast->next->prev = hfirst->prev; - - /* insert the structural hierarchy just after top */ - list->next->prev = hlast; - hlast->next = list->next; - list->next = hfirst; - hfirst->prev = list; - } - } - - return LDB_SUCCESS; -} - -/* merge source list into dest list and remove duplicates */ -static int schema_merge_class_list(TALLOC_CTX *mem_ctx, struct schema_class ***dest, struct schema_class **source) -{ - struct schema_class **list = *dest; - int i, j, n, f; - - n = 0; - if (list) for (n = 0; list[n]; n++) /* noop */ ; - f = n; - - for (i = 0; source[i]; i++) { - for (j = 0; j < f; j++) { - if (list[j] == source[i]) { - break; - } - } - if (j < f) { /* duplicate found */ - continue; - } - - list = talloc_realloc(mem_ctx, list, struct schema_class *, n + 2); - if (!list) { - return LDB_ERR_OPERATIONS_ERROR; - } - list[n] = source[i]; - n++; - list[n] = NULL; - } - - *dest = list; - - return LDB_SUCCESS; -} - -/* validate and modify the objectclass attribute to sort and add parents */ -static int schema_add_build_objectclass_list(struct schema_context *sctx) -{ - struct schema_class_dlist *temp; - struct ldb_message_element * el; - struct schema_class *class; - int ret, i, an; - - /* First of all initialize list, it must start with class top */ - sctx->class_list = talloc_zero(sctx, struct schema_class_dlist); - if (!sctx->class_list) return LDB_ERR_OPERATIONS_ERROR; - - sctx->class_list->class = schema_store_find(sctx->data->class_store, "top"); - if (!sctx->class_list->class) return LDB_ERR_OPERATIONS_ERROR; - - el = ldb_msg_find_element(sctx->orig_req->op.add.message, "objectClass"); - if (!el) { - return LDB_ERR_OBJECT_CLASS_VIOLATION; - } - - for (i = 0; i < el->num_values; i++) { - - class = schema_store_find(sctx->data->class_store, (char *)el->values[i].data); - if (!class) { - return LDB_ERR_NO_SUCH_ATTRIBUTE; - } - - ret = schema_add_class_to_dlist(sctx->class_list, class, class->type); - if (ret != LDB_SUCCESS) { - return ret; - } - } - - /* now check if there is any class role that is still not STRUCTURAL or AUXILIARY */ - /* build also the auxiliary class list and the possible superiors list */ - temp = sctx->class_list->next; /* top is special, skip it */ - an = 0; - - while (temp) { - if (temp->role == SCHEMA_CT_ABSTRACT || temp->role == SCHEMA_CT_88) { - return LDB_ERR_OBJECT_CLASS_VIOLATION; - } - if (temp->class->sysaux) { - ret = schema_merge_class_list(sctx, &sctx->aux_list, temp->class->sysaux); - if (ret != LDB_SUCCESS) { - return LDB_ERR_OPERATIONS_ERROR; - } - } - if (temp->class->aux) { - ret = schema_merge_class_list(sctx, &sctx->aux_list, temp->class->aux); - if (ret != LDB_SUCCESS) { - return LDB_ERR_OPERATIONS_ERROR; - } - } - if (temp->class->sysposssup) { - ret = schema_merge_class_list(sctx, &sctx->sup_list, temp->class->sysposssup); - if (ret != LDB_SUCCESS) { - return LDB_ERR_OPERATIONS_ERROR; - } - } - if (temp->class->posssup) { - ret = schema_merge_class_list(sctx, &sctx->sup_list, temp->class->posssup); - if (ret != LDB_SUCCESS) { - return LDB_ERR_OPERATIONS_ERROR; - } - } - temp = temp->next; - } - - /* complete sup_list with material from the aux classes */ - for (i = 0; sctx->aux_list && sctx->aux_list[i]; i++) { - if (sctx->aux_list[i]->sysposssup) { - ret = schema_merge_class_list(sctx, &sctx->sup_list, sctx->aux_list[i]->sysposssup); - if (ret != LDB_SUCCESS) { - return LDB_ERR_OPERATIONS_ERROR; - } - } - if (sctx->aux_list[i]->posssup) { - ret = schema_merge_class_list(sctx, &sctx->sup_list, sctx->aux_list[i]->posssup); - if (ret != LDB_SUCCESS) { - return LDB_ERR_OPERATIONS_ERROR; - } - } - } - - if (!sctx->sup_list) return LDB_ERR_NAMING_VIOLATION; - - return LDB_SUCCESS; -} - -static int schema_add_check_container_constraints(struct schema_context *sctx) -{ - struct schema_class **parent_possinf = NULL; - struct schema_class **parent_classes; - struct schema_class_dlist *temp; - struct ldb_message_element *el; - int i, j, ret; - - el = ldb_msg_find_element(sctx->parent_res->message, "objectClass"); - if (!el) { - /* what the .. */ - return LDB_ERR_OPERATIONS_ERROR; - } - - parent_classes = talloc_array(sctx, struct schema_class *, el->num_values + 1); - - for (i = 0; i < el->num_values; i++) { - - parent_classes[i] = schema_store_find(sctx->data->class_store, (const char *)el->values[i].data); - if (!parent_classes[i]) { /* should not be possible */ - return LDB_ERR_OPERATIONS_ERROR; - } - - if (parent_classes[i]->possinf) { - ret = schema_merge_class_list(sctx, &parent_possinf, parent_classes[i]->possinf); - if (ret != LDB_SUCCESS) { - return LDB_ERR_OPERATIONS_ERROR; - } - } - - /* check also embedded auxiliary classes possinf */ - for (j = 0; parent_classes[i]->sysaux && parent_classes[i]->sysaux[j]; j++) { - if (parent_classes[i]->sysaux[j]->possinf) { - ret = schema_merge_class_list(sctx, &parent_possinf, parent_classes[i]->sysaux[j]->possinf); - if (ret != LDB_SUCCESS) { - return LDB_ERR_OPERATIONS_ERROR; - } - } - } - for (j = 0; parent_classes[i]->aux && parent_classes[i]->aux[j]; j++) { - if (parent_classes[i]->aux[j]->possinf) { - ret = schema_merge_class_list(sctx, &parent_possinf, parent_classes[i]->aux[j]->possinf); - if (ret != LDB_SUCCESS) { - return LDB_ERR_OPERATIONS_ERROR; - } - } - } - } - - /* foreach parent objectclass, - * check parent possible inferiors match all of the child objectclasses - * and that - * poss Superiors of the child objectclasses mathes one of the parent classes - */ - - temp = sctx->class_list->next; /* skip top it is special */ - while (temp) { - - for (i = 0; parent_possinf[i]; i++) { - if (temp->class == parent_possinf[i]) { - break; - } - } - if (parent_possinf[i] == NULL) { - /* class not found in possible inferiors */ - return LDB_ERR_NAMING_VIOLATION; - } - - temp = temp->next; - } - - for (i = 0; parent_classes[i]; i++) { - for (j = 0; sctx->sup_list[j]; j++) { - if (sctx->sup_list[j] == parent_classes[i]) { - break; - } - } - if (sctx->sup_list[j]) { /* possible Superiors match one of the parent classes */ - return LDB_SUCCESS; - } - } - - /* no parent classes matched superiors */ - return LDB_ERR_NAMING_VIOLATION; -} - -static int schema_add_build_down_req(struct schema_context *sctx) -{ - struct schema_class_dlist *temp; - struct ldb_message *msg; - int ret; - - sctx->down_req = talloc(sctx, struct ldb_request); - if (!sctx->down_req) { - ldb_set_errstring(sctx->module->ldb, "Out of memory!"); - return LDB_ERR_OPERATIONS_ERROR; - } - - *(sctx->down_req) = *(sctx->orig_req); /* copy the request */ - msg = ldb_msg_copy_shallow(sctx->down_req, sctx->orig_req->op.add.message); - if (!msg) { - ldb_set_errstring(sctx->module->ldb, "Out of memory!"); - return LDB_ERR_OPERATIONS_ERROR; - } - - /* rebuild the objectclass list */ - ldb_msg_remove_attr(msg, "objectClass"); - ret = ldb_msg_add_empty(msg, "objectClass", 0, NULL); - if (ret != LDB_SUCCESS) { - return ret; - } - - /* Add the complete list of classes back to the message */ - for (temp = sctx->class_list; temp; temp = temp->next) { - ret = ldb_msg_add_string(msg, "objectClass", temp->class->name); - if (ret != LDB_SUCCESS) { - return ret; - } - } - - /* objectCategory can be set only by the system */ - if (ldb_msg_find_element(msg, "objectCategory")) { - return LDB_ERR_CONSTRAINT_VIOLATION; - } - - /* the OC is mandatory, every class defines it */ - /* use the one defined in the structural class that defines the object */ - for (temp = sctx->class_list->next; temp; temp = temp->next) { - if (!temp->next) break; - if (temp->next->role != SCHEMA_CT_STRUCTURAL) break; - } -/* oc = talloc_strdup(msg, temp->class->defobjcat); - ret = ldb_msg_add_string(msg, "objectCategory", oc); -*/ - sctx->down_req->op.add.message = msg; - - return LDB_SUCCESS; -} - -static int schema_check_attributes_syntax(struct schema_context *sctx) -{ - struct ldb_message *msg; - struct schema_attribute *attr; - int i, ret; - - msg = sctx->orig_req->op.add.message; - for (i = 0; i < msg->num_elements; i++) { - attr = schema_store_find(sctx->data->attrs_store, msg->elements[i].name); - if (attr == NULL) { - return LDB_ERR_NO_SUCH_ATTRIBUTE; - } - ret = schema_validate(sctx->module->ldb, &msg->elements[i], attr->syntax, attr->single, attr->min, attr->max); - if (ret != LDB_SUCCESS) { - return ret; - } - } - - return LDB_SUCCESS; -} - -static int schema_add_continue(struct ldb_handle *h) -{ - struct schema_context *sctx; - int ret; - - sctx = talloc_get_type(h->private_data, struct schema_context); - - switch (sctx->step) { - case SC_INIT: - - /* First of all check that a parent exists for this entry */ - ret = schema_add_build_parent_req(sctx); - if (ret != LDB_SUCCESS) { - break; - } - - sctx->step = SC_ADD_CHECK_PARENT; - return ldb_next_request(sctx->module, sctx->parent_req); - - case SC_ADD_CHECK_PARENT: - - /* parent search done, check result and go on */ - if (sctx->parent_res == NULL) { - /* we must have a parent */ - ret = LDB_ERR_NO_SUCH_OBJECT; - break; - } - - /* Check objectclasses are ok */ - ret = schema_add_build_objectclass_list(sctx); - if (ret != LDB_SUCCESS) { - break; - } - - /* check the parent is of the right type for this object */ - ret = schema_add_check_container_constraints(sctx); - if (ret != LDB_SUCCESS) { - break; - } - - /* check attributes syntax */ - - ret = schema_check_attributes_syntax(sctx); - if (ret != LDB_SUCCESS) { - break; - } - - ret = schema_add_build_down_req(sctx); - if (ret != LDB_SUCCESS) { - break; - } - sctx->step = SC_ADD_TEMP; - - return ldb_next_request(sctx->module, sctx->down_req); - - default: - ret = LDB_ERR_OPERATIONS_ERROR; - break; - } - - /* this is reached only in case of error */ - /* FIXME: fire an async reply ? */ - h->status = ret; - h->state = LDB_ASYNC_DONE; - return ret; -} - -static int schema_add(struct ldb_module *module, struct ldb_request *req) -{ - struct schema_context *sctx; - struct ldb_handle *h; - - if (ldb_dn_is_special(req->op.add.message->dn)) { /* do not manipulate our control entries */ - return ldb_next_request(module, req); - } - - h = schema_init_handle(req, module, SC_ADD); - if (!h) { - return LDB_ERR_OPERATIONS_ERROR; - } - - sctx = talloc_get_type(h->private_data, struct schema_context); - sctx->orig_req->handle = h; - return schema_add_continue(h); -} - - -static int schema_modify(struct ldb_module *module, struct ldb_request *req) -{ - if (ldb_dn_is_special(req->op.mod.message->dn)) { /* do not manipulate our control entries */ - return ldb_next_request(module, req); - } - - return ldb_next_request(module, req); -} - -static int schema_delete(struct ldb_module *module, struct ldb_request *req) -{ - if (ldb_dn_is_special(req->op.del.dn)) { /* do not manipulate our control entries */ - return ldb_next_request(module, req); - } - - /* First of all check no children exists for this entry */ - - return ldb_next_request(module, req); -} - -static int schema_rename(struct ldb_module *module, struct ldb_request *req) -{ - if (ldb_dn_is_special(req->op.rename.olddn) && - ldb_dn_is_special(req->op.rename.newdn)) { /* do not manipulate our control entries */ - return ldb_next_request(module, req); - } - - return ldb_next_request(module, req); -} - -static int schema_wait_loop(struct ldb_handle *handle) { - struct schema_context *sctx; - int ret; - - if (!handle || !handle->private_data) { - return LDB_ERR_OPERATIONS_ERROR; - } - - if (handle->state == LDB_ASYNC_DONE) { - return handle->status; - } - - handle->state = LDB_ASYNC_PENDING; - handle->status = LDB_SUCCESS; - - sctx = talloc_get_type(handle->private_data, struct schema_context); - - switch (sctx->step) { - case SC_ADD_CHECK_PARENT: - ret = ldb_wait(sctx->parent_req->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - if (sctx->parent_req->handle->status != LDB_SUCCESS) { - handle->status = sctx->parent_req->handle->status; - goto done; - } - - if (sctx->parent_req->handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - - return schema_add_continue(handle); - - case SC_ADD_TEMP: - ret = ldb_wait(sctx->down_req->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - if (sctx->down_req->handle->status != LDB_SUCCESS) { - handle->status = sctx->down_req->handle->status; - goto done; - } - - if (sctx->down_req->handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - - break; - - default: - ret = LDB_ERR_OPERATIONS_ERROR; - goto done; - } - - ret = LDB_SUCCESS; - -done: - handle->state = LDB_ASYNC_DONE; - return ret; -} - -static int schema_wait_all(struct ldb_handle *handle) { - - int ret; - - while (handle->state != LDB_ASYNC_DONE) { - ret = schema_wait_loop(handle); - if (ret != LDB_SUCCESS) { - return ret; - } - } - - return handle->status; -} - -static int schema_wait(struct ldb_handle *handle, enum ldb_wait_type type) -{ - if (type == LDB_WAIT_ALL) { - return schema_wait_all(handle); - } else { - return schema_wait_loop(handle); - } -} - -static int schema_init(struct ldb_module *module) -{ - static const char *schema_attrs[] = { "schemaNamingContext", NULL }; - struct schema_private_data *data; - struct ldb_result *res; - int ret; - - /* need to let the partition module to register first */ - ret = ldb_next_init(module); - if (ret != LDB_SUCCESS) { - return ret; - } - - data = ldb_get_opaque(module->ldb, "schema_instance"); - if (data) { - module->private_data = data; - return LDB_SUCCESS; - } - - data = talloc_zero(module->ldb, struct schema_private_data); - if (data == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - - /* find the schema partition */ - ret = ldb_search(module->ldb, - ldb_dn_new(module, module->ldb, NULL), - LDB_SCOPE_BASE, - "(objectClass=*)", - schema_attrs, - &res); - - if (res->count != 1) { - /* FIXME: return a clear error string */ - talloc_free(data); - talloc_free(res); - return LDB_ERR_OPERATIONS_ERROR; - } - - data->schema_dn = ldb_msg_find_attr_as_dn(module->ldb, data, res->msgs[0], "schemaNamingContext"); - if (data->schema_dn == NULL) { - /* FIXME: return a clear error string */ - talloc_free(data); - talloc_free(res); - return LDB_ERR_OPERATIONS_ERROR; - } - - talloc_free(res); - - ret = schema_init_attrs(module, data); - if (ret != LDB_SUCCESS) { - talloc_free(data); - return ret; - } - - ret = schema_init_classes(module, data); - if (ret != LDB_SUCCESS) { - talloc_free(data); - return ret; - } - - module->private_data = data; - ldb_set_opaque(module->ldb, "schema_instance", data); - - return LDB_SUCCESS; -} - -_PUBLIC_ const struct ldb_module_ops ldb_schema_module_ops = { - .name = "schema", - .init_context = schema_init, - .add = schema_add, - .modify = schema_modify, - .del = schema_delete, - .rename = schema_rename, - .wait = schema_wait -}; diff --git a/source4/dsdb/samdb/ldb_modules/schema_syntax.c b/source4/dsdb/samdb/ldb_modules/schema_syntax.c deleted file mode 100644 index ab9f32c913..0000000000 --- a/source4/dsdb/samdb/ldb_modules/schema_syntax.c +++ /dev/null @@ -1,469 +0,0 @@ -/* - ldb database library - - Copyright (C) Simo Sorce 2004-2006 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -/* - * Name: ldb - * - * Component: ldb schema module - * - * Description: add schema syntax functionality - * - * Author: Simo Sorce - */ - -#include "includes.h" -#include "ldb/include/ldb.h" -#include "ldb/include/ldb_errors.h" -#include "schema_syntax.h" - -int map_schema_syntax(uint32_t om_syntax, const char *attr_syntax, const struct ldb_val *om_class, enum schema_internal_syntax *syntax) -{ - int ret; - - ret = LDB_SUCCESS; - - switch(om_syntax) { - case 1: - *syntax = SCHEMA_AS_BOOLEAN; - break; - case 2: - *syntax = SCHEMA_AS_INTEGER; - break; - case 4: - if (strcmp(attr_syntax, "2.5.5.10") == 0) { - *syntax = SCHEMA_AS_OCTET_STRING; - break; - } - if (strcmp(attr_syntax, "2.5.5.17") == 0) { - *syntax = SCHEMA_AS_SID; - break; - } - ret = LDB_ERR_OPERATIONS_ERROR; - break; - case 6: - *syntax = SCHEMA_AS_OID; - break; - case 10: - *syntax = SCHEMA_AS_ENUMERATION; - break; - case 18: - *syntax = SCHEMA_AS_NUMERIC_STRING; - break; - case 19: - *syntax = SCHEMA_AS_PRINTABLE_STRING; - break; - case 20: - *syntax = SCHEMA_AS_CASE_IGNORE_STRING; - break; - case 22: - *syntax = SCHEMA_AS_IA5_STRING; - break; - case 23: - *syntax = SCHEMA_AS_UTC_TIME; - break; - case 24: - *syntax = SCHEMA_AS_GENERALIZED_TIME; - break; - case 27: - *syntax = SCHEMA_AS_CASE_SENSITIVE_STRING; - break; - case 64: - *syntax = SCHEMA_AS_DIRECTORY_STRING; - break; - case 65: - *syntax = SCHEMA_AS_LARGE_INTEGER; - break; - case 66: - *syntax = SCHEMA_AS_OBJECT_SECURITY_DESCRIPTOR; - break; - case 127: - if (!om_class) { - ret = LDB_ERR_OPERATIONS_ERROR; - break; - } - - if (memcmp(om_class->data, "\x2b\x0c\x02\x87\x73\x1c\x00\x85\x4a\x00", MIN(om_class->length, 10)) == 0) { - *syntax = SCHEMA_AS_DN; - break; - } - if (memcmp(om_class->data, "\x2a\x86\x48\x86\xf7\x14\x01\x01\x01\x0b", MIN(om_class->length, 10)) == 0) { - *syntax = SCHEMA_AS_DN_BINARY; - break; - } - if (memcmp(om_class->data, "\x56\x06\x01\x02\x05\x0b\x1d\x00\x00\x00", MIN(om_class->length, 10)) == 0) { - *syntax = SCHEMA_AS_OR_NAME; - break; - } - if (memcmp(om_class->data, "\x2a\x86\x48\x86\xf7\x14\x01\x01\x01\x06", MIN(om_class->length, 10)) == 0) { - *syntax = SCHEMA_AS_REPLICA_LINK; - break; - } - if (memcmp(om_class->data, "\x2b\x0c\x02\x87\x73\x1c\x00\x85\x5c\x00", MIN(om_class->length, 10)) == 0) { - *syntax = SCHEMA_AS_PRESENTATION_ADDRESS; - break; - } - if (memcmp(om_class->data, "\x2b\x0c\x02\x87\x73\x1c\x00\x85\x3e\x00", MIN(om_class->length, 10)) == 0) { - *syntax = SCHEMA_AS_ACCESS_POINT; - break; - } - if (memcmp(om_class->data, "\x2a\x86\x48\x86\xf7\x14\x01\x01\x01\x0c", MIN(om_class->length, 10)) == 0) { - *syntax = SCHEMA_AS_DN_STRING; - break; - } - /* not found will error in default: */ - default: - ret = LDB_ERR_OPERATIONS_ERROR; - } - - return ret; -} - -static int schema_validate_boolean(struct ldb_context *ldb, struct ldb_val *val, int min, int max) -{ - - if ((strncmp("TRUE", (const char *)val->data, val->length) != 0) && - (strncmp("FALSE", (const char *)val->data, val->length) != 0)) { - return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; - } - - return LDB_SUCCESS; -} - -static int schema_validate_integer(struct ldb_context *ldb, struct ldb_val *val, int min, int max) -{ - int value; - char *endptr; - - errno = 0; - value = strtol((const char *)val->data, &endptr, 0); - if (errno) return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; - if (endptr[0] != '\0') return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; - if ((min > INT_MIN) && (value < min)) return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; - if ((max < INT_MAX) && (value > max)) return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; - - return LDB_SUCCESS; -} - -static int schema_validate_binary_blob(struct ldb_context *ldb, struct ldb_val *val, int min, int max) -{ - /* is there anythign we should check in a binary blob ? */ - return LDB_SUCCESS; -} - -static int schema_validate_sid(struct ldb_context *ldb, struct ldb_val *val, int min, int max) -{ - /* TODO: validate binary form of objectSid */ - return LDB_SUCCESS; -} - -static int schema_validate_oid(struct ldb_context *ldb, struct ldb_val *val, int min, int max) -{ - if (strspn((const char *)val->data, "0123456789.") != val->length) - return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; - - return LDB_SUCCESS; -} - -static int schema_validate_numeric_string(struct ldb_context *ldb, struct ldb_val *val, int min, int max) -{ - if (strspn((const char *)val->data, "0123456789") != val->length) - return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; - - return LDB_SUCCESS; -} - -static int schema_validate_printable_string(struct ldb_context *ldb, struct ldb_val *val, int min, int max) -{ - /* TODO: find out what constitutes the printable character set */ - return LDB_SUCCESS; -} - -static int schema_validate_teletext_string(struct ldb_context *ldb, struct ldb_val *val, int min, int max) -{ - /* TODO: find out what constitutes the teletext character set */ - return LDB_SUCCESS; -} - -static int schema_validate_ia5_string(struct ldb_context *ldb, struct ldb_val *val, int min, int max) -{ - /* TODO: find out what constitutes the IA5 character set */ - return LDB_SUCCESS; -} - -static int schema_validate_utc_time(struct ldb_context *ldb, struct ldb_val *val, int min, int max) -{ - /* TODO: validate syntax of UTC Time string */ - return LDB_SUCCESS; -} - -static int schema_validate_generalized_time(struct ldb_context *ldb, struct ldb_val *val, int min, int max) -{ - /* TODO: validate syntax of Generalized Time string */ - return LDB_SUCCESS; -} - -/* NOTE: not a single attribute has this syntax in the basic w2k3 schema */ -static int schema_validate_sensitive_string(struct ldb_context *ldb, struct ldb_val *val, int min, int max) -{ - /* TODO: find out what constitutes a "case sensitive string" */ - return LDB_SUCCESS; -} - -static int schema_validate_unicode_string(struct ldb_context *ldb, struct ldb_val *val, int min, int max) -{ - /* TODO: validate utf8 string */ - return LDB_SUCCESS; -} - -static int schema_validate_large_integer(struct ldb_context *ldb, struct ldb_val *val, int min, int max) -{ - /* TODO: validate large integer/interval */ - return LDB_SUCCESS; -} - -static int schema_validate_object_sd(struct ldb_context *ldb, struct ldb_val *val, int min, int max) -{ - /* TODO: validate object Security Descriptor */ - return LDB_SUCCESS; -} - -static int schema_validate_dn(struct ldb_context *ldb, struct ldb_val *val, int min, int max) -{ - struct ldb_dn *dn; - int ret = LDB_SUCCESS; - - dn = ldb_dn_from_ldb_val(ldb, ldb, val); - if ( ! ldb_dn_validate(dn)) { - ret = LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; - } - - talloc_free(dn); - return ret; -} - -static int schema_validate_binary_plus_dn(struct ldb_context *ldb, struct ldb_val *val, int min, int max) -{ - int ret = LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; - TALLOC_CTX *memctx; - struct ldb_dn *dn; - char *str, *p; - char *endptr; - int num; - - memctx = talloc_new(NULL); - if (!memctx) return LDB_ERR_OPERATIONS_ERROR; - - str = talloc_strdup(memctx, (const char *)val->data); - if (!str) { - ret = LDB_ERR_OPERATIONS_ERROR; - goto done; - } - if (strncasecmp(str, "B:", 2) != 0) { - goto done; - } - - /* point at the number of chars in the string */ - str = strchr(&str[2], ':'); - if (!str) { - goto done; - } - str++; - - errno = 0; - num = strtol(str, &endptr, 0); - if (errno) return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; - if (endptr[0] != ':') return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; - if ((min > INT_MIN) && (num < min)) return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; - if ((max < INT_MAX) && (num > max)) return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; - - /* point at the string */ - str = strchr(str, ':'); - if (!str) { - goto done; - } - str++; - - /* terminate the string */ - p = strchr(str, ':'); - if (!p) { - goto done; - } - *p = '\0'; - - if (strlen(str) != 2*num) { - goto done; - } - - str = p + 1; - - dn = ldb_dn_new(memctx, ldb, str); - if (ldb_dn_validate(dn)) { - ret = LDB_SUCCESS; - } - -done: - talloc_free(memctx); - return ret; -} - -static int schema_validate_x400_or_name(struct ldb_context *ldb, struct ldb_val *val, int min, int max) -{ - /* TODO: find out what is the syntax of an X400 OR NAME */ - return LDB_SUCCESS; -} - -static int schema_validate_presentation_address(struct ldb_context *ldb, struct ldb_val *val, int min, int max) -{ - /* TODO: find out what is the syntax of a presentation address */ - return LDB_SUCCESS; -} - -static int schema_validate_x400_access_point(struct ldb_context *ldb, struct ldb_val *val, int min, int max) -{ - /* TODO: find out what is the syntax of an X400 Access Point */ - return LDB_SUCCESS; -} - -/* NOTE: seem there isn't a single attribute defined like this in the base w2k3 schema */ -static int schema_validate_string_plus_dn(struct ldb_context *ldb, struct ldb_val *val, int min, int max) -{ - int ret = LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; - TALLOC_CTX *memctx; - struct ldb_dn *dn; - char *str, *p; - char *endptr; - int num; - - memctx = talloc_new(NULL); - if (!memctx) return LDB_ERR_OPERATIONS_ERROR; - - str = talloc_strdup(memctx, (const char *)val->data); - if (!str) { - ret = LDB_ERR_OPERATIONS_ERROR; - goto done; - } - if (strncasecmp(str, "S:", 2) != 0) { - goto done; - } - - /* point at the number of chars in the string */ - str = strchr(&str[2], ':'); - if (!str) { - goto done; - } - str++; - - errno = 0; - num = strtol(str, &endptr, 0); - if (errno) return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; - if (endptr[0] != ':') return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; - if ((min > INT_MIN) && (num < min)) return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; - if ((max < INT_MAX) && (num > max)) return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; - - /* point at the string */ - str = strchr(str, ':'); - if (!str) { - goto done; - } - str++; - - /* terminate the string */ - p = strchr(str, ':'); - if (!p) { - goto done; - } - *p = '\0'; - - if (strlen(str) != num) { - goto done; - } - - str = p + 1; - - dn = ldb_dn_new(memctx, ldb, str); - if (ldb_dn_validate(dn)) { - ret = LDB_SUCCESS; - } - -done: - talloc_free(memctx); - return ret; -} - -struct schema_syntax_validator { - enum schema_internal_syntax type; - int (*validate)(struct ldb_context *ldb, struct ldb_val *, int, int); -}; - -struct schema_syntax_validator schema_syntax_validators[] = { - { SCHEMA_AS_BOOLEAN, schema_validate_boolean }, - { SCHEMA_AS_INTEGER, schema_validate_integer }, - { SCHEMA_AS_OCTET_STRING, schema_validate_binary_blob }, - { SCHEMA_AS_SID, schema_validate_sid }, - { SCHEMA_AS_OID, schema_validate_oid }, - { SCHEMA_AS_ENUMERATION, schema_validate_integer }, - { SCHEMA_AS_NUMERIC_STRING, schema_validate_numeric_string }, - { SCHEMA_AS_PRINTABLE_STRING, schema_validate_printable_string }, - { SCHEMA_AS_CASE_IGNORE_STRING, schema_validate_teletext_string }, - { SCHEMA_AS_IA5_STRING, schema_validate_ia5_string }, - { SCHEMA_AS_UTC_TIME, schema_validate_utc_time }, - { SCHEMA_AS_GENERALIZED_TIME, schema_validate_generalized_time }, - { SCHEMA_AS_CASE_SENSITIVE_STRING, schema_validate_sensitive_string }, - { SCHEMA_AS_DIRECTORY_STRING, schema_validate_unicode_string }, - { SCHEMA_AS_LARGE_INTEGER, schema_validate_large_integer }, - { SCHEMA_AS_OBJECT_SECURITY_DESCRIPTOR, schema_validate_object_sd }, - { SCHEMA_AS_DN, schema_validate_dn }, - { SCHEMA_AS_DN_BINARY, schema_validate_binary_plus_dn }, - { SCHEMA_AS_OR_NAME, schema_validate_x400_or_name }, - { SCHEMA_AS_REPLICA_LINK, schema_validate_binary_blob }, - { SCHEMA_AS_PRESENTATION_ADDRESS, schema_validate_presentation_address }, /* see rfc1278 ? */ - { SCHEMA_AS_ACCESS_POINT, schema_validate_x400_access_point }, - { SCHEMA_AS_DN_STRING, schema_validate_string_plus_dn }, - { -1, NULL } -}; - -int schema_validate(struct ldb_context *ldb, - struct ldb_message_element *el, - enum schema_internal_syntax type, - bool single, int min, int max) -{ - struct schema_syntax_validator *v; - int i, ret; - - if (single && (el->num_values > 1)) { - return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; - } - - for (i = 0; schema_syntax_validators[i].type != 0; i++) { - if (schema_syntax_validators[i].type == type) - break; - } - if (schema_syntax_validators[i].type == 0) { - return LDB_ERR_OPERATIONS_ERROR; - } - v = &schema_syntax_validators[i]; - - for (i = 0; i < el->num_values; i++) { - ret = v->validate(ldb, &el->values[i], min, max); - } - - return LDB_SUCCESS; -} - - diff --git a/source4/dsdb/samdb/ldb_modules/schema_syntax.h b/source4/dsdb/samdb/ldb_modules/schema_syntax.h deleted file mode 100644 index 37f7584d41..0000000000 --- a/source4/dsdb/samdb/ldb_modules/schema_syntax.h +++ /dev/null @@ -1,71 +0,0 @@ -/* - ldb database library - - Copyright (C) Simo Sorce 2004-2006 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -/* - * Name: ldb - * - * Component: ldb schema module - * - * Description: add schema syntax functionality - * - * Author: Simo Sorce - */ - - -/* Syntax-Table - - see ldap_server/devdocs/AD-syntaxes.txt -*/ - -enum schema_internal_syntax { - SCHEMA_AS_BOOLEAN = 1, - SCHEMA_AS_INTEGER = 2, - SCHEMA_AS_OCTET_STRING = 3, - SCHEMA_AS_SID = 4, - SCHEMA_AS_OID = 5, - SCHEMA_AS_ENUMERATION = 6, - SCHEMA_AS_NUMERIC_STRING = 7, - SCHEMA_AS_PRINTABLE_STRING = 8, - SCHEMA_AS_CASE_IGNORE_STRING = 9, - SCHEMA_AS_IA5_STRING = 10, - SCHEMA_AS_UTC_TIME = 11, - SCHEMA_AS_GENERALIZED_TIME = 12, - SCHEMA_AS_CASE_SENSITIVE_STRING = 13, - SCHEMA_AS_DIRECTORY_STRING = 14, - SCHEMA_AS_LARGE_INTEGER = 15, - SCHEMA_AS_OBJECT_SECURITY_DESCRIPTOR = 16, - SCHEMA_AS_DN = 17, - SCHEMA_AS_DN_BINARY = 18, - SCHEMA_AS_OR_NAME = 19, - SCHEMA_AS_REPLICA_LINK = 20, - SCHEMA_AS_PRESENTATION_ADDRESS = 21, - SCHEMA_AS_ACCESS_POINT = 22, - SCHEMA_AS_DN_STRING = 23 -}; - -int map_schema_syntax(uint32_t om_syntax, - const char *attr_syntax, - const struct ldb_val *om_class, - enum schema_internal_syntax *syntax); - -int schema_validate(struct ldb_context *ldb, - struct ldb_message_element *el, - enum schema_internal_syntax type, - bool single, int min, int max); - -- cgit