From ccba16c4b8de285f55683011c1527af3f6f48460 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Thu, 11 Aug 2011 15:44:32 +1000
Subject: s4-dsdb: expand dsServiceName from GUID form at runtime

this allows dsServiceName to be stored as an extended DN or GUID form
in @ROOTDSE, and its string form will be found at runtime.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
---
 source4/dsdb/samdb/ldb_modules/rootdse.c | 60 ++++++++++++++++++++++++++++----
 1 file changed, 54 insertions(+), 6 deletions(-)

(limited to 'source4/dsdb')

diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c
index cfd75e8c43..9813fe8b07 100644
--- a/source4/dsdb/samdb/ldb_modules/rootdse.c
+++ b/source4/dsdb/samdb/ldb_modules/rootdse.c
@@ -217,13 +217,17 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms
 	const char *dn_attrs[] = {
 		"configurationNamingContext",
 		"defaultNamingContext",
-		"dsServiceName",
 		"rootDomainNamingContext",
 		"schemaNamingContext",
 		"serverName",
 		"validFSMOs",
 		NULL
 	};
+	const char *guid_attrs[] = {
+		"dsServiceName",
+		NULL
+	};
+	unsigned int i;
 
 	ldb = ldb_module_get_ctx(module);
 	schema = dsdb_get_schema(ldb, NULL);
@@ -290,7 +294,6 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms
 	}
 
 	if (priv && do_attribute(attrs, "supportedControl")) {
-		unsigned int i;
 		for (i = 0; i < priv->num_controls; i++) {
 			char *control = talloc_strdup(msg, priv->controls[i]);
 			if (!control) {
@@ -304,7 +307,6 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms
  	}
 
 	if (priv && do_attribute(attrs, "namingContexts")) {
-		unsigned int i;
 		for (i = 0; i < priv->num_partitions; i++) {
 			struct ldb_dn *dn = priv->partitions[i];
 			if (ldb_msg_add_steal_string(msg, "namingContexts",
@@ -317,7 +319,6 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms
 	server_sasl = talloc_get_type(ldb_get_opaque(ldb, "supportedSASLMechanisms"),
 				       char *);
 	if (server_sasl && do_attribute(attrs, "supportedSASLMechanisms")) {
-		unsigned int i;
 		for (i = 0; server_sasl && server_sasl[i]; i++) {
 			char *sasl_name = talloc_strdup(msg, server_sasl[i]);
 			if (!sasl_name) {
@@ -441,7 +442,6 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms
 	}
 
 	if (do_attribute_explicit(attrs, "tokenGroups")) {
-		unsigned int i;
 		/* Obtain the user's session_info */
 		struct auth_session_info *session_info
 			= (struct auth_session_info *)ldb_get_opaque(ldb, "sessionInfo");
@@ -461,11 +461,59 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms
 
 	edn_control = ldb_request_get_control(req, LDB_CONTROL_EXTENDED_DN_OID);
 
+	/* convert any GUID attributes to be in the right form */
+	for (i=0; guid_attrs[i]; i++) {
+		struct ldb_result *res;
+		struct ldb_message_element *el;
+		struct ldb_dn *attr_dn;
+		const char *no_attrs[] = { NULL };
+		int ret;
+
+		if (!do_attribute(attrs, guid_attrs[i])) continue;
+
+		attr_dn = ldb_msg_find_attr_as_dn(ldb, req, msg, guid_attrs[i]);
+		if (attr_dn == NULL) {
+			continue;
+		}
+
+		ret = dsdb_module_search_dn(module, req, &res,
+					    attr_dn, no_attrs,
+					    DSDB_FLAG_NEXT_MODULE | DSDB_SEARCH_SHOW_EXTENDED_DN,
+					    req);
+		if (ret != LDB_SUCCESS) {
+			return ldb_operr(ldb);
+		}
+
+		el = ldb_msg_find_element(msg, guid_attrs[i]);
+		if (el == NULL) {
+			return ldb_operr(ldb);
+		}
+
+		talloc_steal(el->values, res->msgs[0]->dn);
+		if (edn_control) {
+			struct ldb_extended_dn_control *edn;
+			int edn_type = 0;
+			edn = talloc_get_type(edn_control->data, struct ldb_extended_dn_control);
+			if (edn != NULL) {
+				edn_type = edn->type;
+			}
+			el->values[0].data  = (uint8_t *)ldb_dn_get_extended_linearized(el->values,
+											res->msgs[0]->dn,
+											edn_type);
+		} else {
+			el->values[0].data  = (uint8_t *)talloc_strdup(el->values,
+								       ldb_dn_get_linearized(res->msgs[0]->dn));
+		}
+		if (el->values[0].data == NULL) {
+			return ldb_oom(ldb);
+		}
+		el->values[0].length = strlen((const char *)el->values[0].data);
+	}
+
 	/* if the client sent us the EXTENDED_DN control then we need
 	   to expand the DNs to have GUID and SID. W2K8 join relies on
 	   this */
 	if (edn_control) {
-		unsigned int i;
 		int ret;
 		for (i=0; dn_attrs[i]; i++) {
 			if (!do_attribute(attrs, dn_attrs[i])) continue;
-- 
cgit