From 291ca9384345d8c674a96f3671d44ba09af8b787 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 24 Sep 2008 19:27:09 +0200 Subject: Use loadparm since it's required by some modules. --- source4/dsdb/samdb/ldb_modules/tests/samba3sam.py | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'source4') diff --git a/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py b/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py index 2ca5b80c67..882376cb09 100644 --- a/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py +++ b/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py @@ -26,7 +26,7 @@ import os import ldb from ldb import SCOPE_DEFAULT, SCOPE_BASE, SCOPE_SUBTREE from samba import Ldb, substitute_var -from samba.tests import LdbTestCase, TestCaseInTempDir +from samba.tests import LdbTestCase, TestCaseInTempDir, cmdline_loadparm datadir = os.path.join(os.path.dirname(__file__), "../../../../../testdata/samba3") @@ -76,7 +76,7 @@ class MapBaseTestCase(TestCaseInTempDir): self.url = "tdb://" + self.file self.basedn = basedn self.substvars = {"BASEDN": self.basedn} - self.db = Ldb() + self.db = Ldb(lp=cmdline_loadparm) self._dn = dn def dn(self, rdn): @@ -117,14 +117,14 @@ class Samba3SamTestCase(MapBaseTestCase): def setUp(self): super(Samba3SamTestCase, self).setUp() - ldb = Ldb(self.ldburl) + ldb = Ldb(self.ldburl, lp=cmdline_loadparm) self.samba3.setup_data("samba3.ldif") self.templates.setup_data("provision_samba3sam_templates.ldif") ldif = read_datafile("provision_samba3sam.ldif") ldb.add_ldif(self.samba4.subst(ldif)) self.setup_modules(ldb, self.samba3, self.samba4) del ldb - self.ldb = Ldb(self.ldburl) + self.ldb = Ldb(self.ldburl, lp=cmdline_loadparm) def test_search_non_mapped(self): """Looking up by non-mapped attribute""" @@ -287,13 +287,13 @@ class MapTestCase(MapBaseTestCase): def setUp(self): super(MapTestCase, self).setUp() - ldb = Ldb(self.ldburl) + ldb = Ldb(self.ldburl, lp=cmdline_loadparm) self.templates.setup_data("provision_samba3sam_templates.ldif") ldif = read_datafile("provision_samba3sam.ldif") ldb.add_ldif(self.samba4.subst(ldif)) self.setup_modules(ldb, self.samba3, self.samba4) del ldb - self.ldb = Ldb(self.ldburl) + self.ldb = Ldb(self.ldburl, lp=cmdline_loadparm) def test_map_search(self): """Running search tests on mapped data.""" -- cgit From cf1935817fce0d6c7f4d2797c18f8c116220abd4 Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Tue, 9 Sep 2008 17:06:13 +0200 Subject: Cosmetic corrections for the DSDB module This commit applies some cosmetic corrections for the DSDB (Directory Server Database). --- source4/dsdb/samdb/ldb_modules/kludge_acl.c | 4 ++-- source4/dsdb/samdb/ldb_modules/proxy.c | 12 ++++++------ source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 14 +++++++------- source4/dsdb/samdb/ldb_modules/schema_fsmo.c | 2 +- source4/lib/ldb-samba/ldif_handlers.c | 2 +- source4/lib/ldb_wrap.c | 2 +- 6 files changed, 18 insertions(+), 18 deletions(-) (limited to 'source4') diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index 6836f95873..11e2b7ade9 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -142,7 +142,7 @@ static int kludge_acl_allowedAttributes(struct ldb_context *ldb, struct ldb_mess ldb_msg_add_string(msg, attrName, attr_list[i]); } talloc_free(mem_ctx); - return 0; + return LDB_SUCCESS; } /* read all objectClasses */ @@ -201,7 +201,7 @@ static int kludge_acl_childClasses(struct ldb_context *ldb, struct ldb_message * } } - return 0; + return LDB_SUCCESS; } diff --git a/source4/dsdb/samdb/ldb_modules/proxy.c b/source4/dsdb/samdb/ldb_modules/proxy.c index d0a315e45a..7aa78e98a9 100644 --- a/source4/dsdb/samdb/ldb_modules/proxy.c +++ b/source4/dsdb/samdb/ldb_modules/proxy.c @@ -66,7 +66,7 @@ static int load_proxy_info(struct ldb_module *module) /* see if we have already loaded it */ if (proxy->upstream != NULL) { - return 0; + return LDB_SUCCESS; } dn = ldb_dn_new(proxy, module->ldb, "@PROXYINFO"); @@ -145,7 +145,7 @@ static int load_proxy_info(struct ldb_module *module) talloc_free(res); - return 0; + return LDB_SUCCESS; failed: talloc_free(res); @@ -153,7 +153,7 @@ failed: talloc_free(proxy->newdn); talloc_free(proxy->upstream); proxy->upstream = NULL; - return -1; + return LDB_ERR_OPERATIONS_ERROR; } @@ -259,7 +259,7 @@ static int proxy_search_bytree(struct ldb_module *module, struct ldb_request *re } if (load_proxy_info(module) != 0) { - return -1; + return LDB_ERR_OPERATIONS_ERROR; } /* see if the dn is within olddn */ @@ -269,7 +269,7 @@ static int proxy_search_bytree(struct ldb_module *module, struct ldb_request *re newreq = talloc(module, struct ldb_request); if (newreq == NULL) { - return -1; + return LDB_ERR_OPERATIONS_ERROR; } newreq->op.search.tree = proxy_convert_tree(module, req->op.search.tree); @@ -298,7 +298,7 @@ static int proxy_search_bytree(struct ldb_module *module, struct ldb_request *re if (ret != LDB_SUCCESS) { ldb_set_errstring(module->ldb, ldb_errstring(proxy->upstream)); talloc_free(newreq); - return -1; + return LDB_ERR_OPERATIONS_ERROR; } for (i = 0; i < newreq->op.search.res->count; i++) { diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index dd5faf837a..34e235aec7 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -124,16 +124,16 @@ static int add_time_element(struct ldb_message *msg, const char *attr, time_t t) char *s; if (ldb_msg_find_element(msg, attr) != NULL) { - return 0; + return LDB_SUCCESS; } s = ldb_timestring(msg, t); if (s == NULL) { - return -1; + return LDB_ERR_OPERATIONS_ERROR; } if (ldb_msg_add_string(msg, attr, s) != 0) { - return -1; + return LDB_ERR_OPERATIONS_ERROR; } el = ldb_msg_find_element(msg, attr); @@ -141,7 +141,7 @@ static int add_time_element(struct ldb_message *msg, const char *attr, time_t t) is ignored */ el->flags = LDB_FLAG_MOD_REPLACE; - return 0; + return LDB_SUCCESS; } /* @@ -152,11 +152,11 @@ static int add_uint64_element(struct ldb_message *msg, const char *attr, uint64_ struct ldb_message_element *el; if (ldb_msg_find_element(msg, attr) != NULL) { - return 0; + return LDB_SUCCESS; } if (ldb_msg_add_fmt(msg, attr, "%llu", (unsigned long long)v) != 0) { - return -1; + return LDB_ERR_OPERATIONS_ERROR; } el = ldb_msg_find_element(msg, attr); @@ -164,7 +164,7 @@ static int add_uint64_element(struct ldb_message *msg, const char *attr, uint64_ is ignored */ el->flags = LDB_FLAG_MOD_REPLACE; - return 0; + return LDB_SUCCESS; } static int replmd_replPropertyMetaData1_attid_sort(const struct replPropertyMetaData1 *m1, diff --git a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c index 968b19c038..7c6a6dd26f 100644 --- a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c +++ b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c @@ -307,7 +307,7 @@ static int generate_dITContentRules(struct ldb_context *ldb, struct ldb_message } } } - return 0; + return LDB_SUCCESS; } diff --git a/source4/lib/ldb-samba/ldif_handlers.c b/source4/lib/ldb-samba/ldif_handlers.c index a16582d294..46ea09554d 100644 --- a/source4/lib/ldb-samba/ldif_handlers.c +++ b/source4/lib/ldb-samba/ldif_handlers.c @@ -134,7 +134,7 @@ static int ldb_canonicalise_objectSid(struct ldb_context *ldb, void *mem_ctx, /* Perhaps not a string after all */ return ldb_handler_copy(ldb, mem_ctx, in, out); } - return 0; + return LDB_SUCCESS; } return ldb_handler_copy(ldb, mem_ctx, in, out); } diff --git a/source4/lib/ldb_wrap.c b/source4/lib/ldb_wrap.c index 6c683a1e33..8082f4fac5 100644 --- a/source4/lib/ldb_wrap.c +++ b/source4/lib/ldb_wrap.c @@ -84,7 +84,7 @@ static int ldb_wrap_destructor(struct ldb_context *ldb) smb_panic("probable memory leak in ldb"); #endif } - return 0; + return LDB_SUCCESS; } /* -- cgit From 9261fa997ccda8f89556b644ddd45cd86919ec2e Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Tue, 9 Sep 2008 17:36:14 +0200 Subject: Cosmetic corrections for the LDB backend modules This commit applies some cosmetic corrections for the LDB backend modules. --- source4/lib/ldb/ldb_ildap/ldb_ildap.c | 6 ++--- source4/lib/ldb/ldb_ldap/ldb_ldap.c | 18 ++++++------- source4/lib/ldb/ldb_sqlite3/ldb_sqlite3.c | 28 ++++++++++----------- source4/lib/ldb/ldb_tdb/ldb_cache.c | 22 ++++++++-------- source4/lib/ldb/ldb_tdb/ldb_pack.c | 12 ++++----- source4/lib/ldb/ldb_tdb/ldb_search.c | 42 +++++++++++++++---------------- source4/lib/ldb/ldb_tdb/ldb_tdb.c | 20 +++++++-------- source4/lib/ldb/ldb_tdb/ldb_tdb_wrap.c | 2 +- 8 files changed, 75 insertions(+), 75 deletions(-) (limited to 'source4') diff --git a/source4/lib/ldb/ldb_ildap/ldb_ildap.c b/source4/lib/ldb/ldb_ildap/ldb_ildap.c index 5ad671ea2e..3a5da89c41 100644 --- a/source4/lib/ldb/ldb_ildap/ldb_ildap.c +++ b/source4/lib/ldb/ldb_ildap/ldb_ildap.c @@ -753,7 +753,7 @@ static int ildb_connect(struct ldb_context *ldb, const char *url, module = talloc(ldb, struct ldb_module); if (!module) { ldb_oom(ldb); - return -1; + return LDB_ERR_OPERATIONS_ERROR; } talloc_set_name_const(module, "ldb_ildap backend"); module->ldb = ldb; @@ -819,11 +819,11 @@ static int ildb_connect(struct ldb_context *ldb, const char *url, } *_module = module; - return 0; + return LDB_SUCCESS; failed: talloc_free(module); - return -1; + return LDB_ERR_OPERATIONS_ERROR; } _PUBLIC_ const struct ldb_backend_ops ldb_ldap_backend_ops = { diff --git a/source4/lib/ldb/ldb_ldap/ldb_ldap.c b/source4/lib/ldb/ldb_ldap/ldb_ldap.c index a4534c549a..5026f9c006 100644 --- a/source4/lib/ldb/ldb_ldap/ldb_ldap.c +++ b/source4/lib/ldb/ldb_ldap/ldb_ldap.c @@ -180,14 +180,14 @@ static int lldb_add_msg_attr(struct ldb_context *ldb, count = ldap_count_values_len(bval); if (count <= 0) { - return -1; + return LDB_ERR_OPERATIONS_ERROR; } el = talloc_realloc(msg, msg->elements, struct ldb_message_element, msg->num_elements + 1); if (!el) { errno = ENOMEM; - return -1; + return LDB_ERR_OPERATIONS_ERROR; } msg->elements = el; @@ -197,7 +197,7 @@ static int lldb_add_msg_attr(struct ldb_context *ldb, el->name = talloc_strdup(msg->elements, attr); if (!el->name) { errno = ENOMEM; - return -1; + return LDB_ERR_OPERATIONS_ERROR; } el->flags = 0; @@ -205,7 +205,7 @@ static int lldb_add_msg_attr(struct ldb_context *ldb, el->values = talloc_array(msg->elements, struct ldb_val, count); if (!el->values) { errno = ENOMEM; - return -1; + return LDB_ERR_OPERATIONS_ERROR; } for (i=0;ivalues[i].data = talloc_size(el->values, bval[i]->bv_len+1); if (!el->values[i].data) { errno = ENOMEM; - return -1; + return LDB_ERR_OPERATIONS_ERROR; } memcpy(el->values[i].data, bval[i]->bv_val, bval[i]->bv_len); el->values[i].data[bval[i]->bv_len] = 0; @@ -224,7 +224,7 @@ static int lldb_add_msg_attr(struct ldb_context *ldb, msg->num_elements++; - return 0; + return LDB_SUCCESS; } /* @@ -785,7 +785,7 @@ static int lldb_connect(struct ldb_context *ldb, if (module == NULL) { ldb_oom(ldb); talloc_free(lldb); - return -1; + return LDB_ERR_OPERATIONS_ERROR; } talloc_set_name_const(module, "ldb_ldap backend"); module->ldb = ldb; @@ -819,11 +819,11 @@ static int lldb_connect(struct ldb_context *ldb, } *_module = module; - return 0; + return LDB_SUCCESS; failed: talloc_free(module); - return -1; + return LDB_ERR_OPERATIONS_ERROR; } const struct ldb_backend_ops ldb_ldap_backend_ops = { diff --git a/source4/lib/ldb/ldb_sqlite3/ldb_sqlite3.c b/source4/lib/ldb/ldb_sqlite3/ldb_sqlite3.c index a0e63c8da1..7e4fe1d08d 100644 --- a/source4/lib/ldb/ldb_sqlite3/ldb_sqlite3.c +++ b/source4/lib/ldb/ldb_sqlite3/ldb_sqlite3.c @@ -670,10 +670,10 @@ static int lsqlite3_safe_rollback(sqlite3 *sqlite) printf("lsqlite3_safe_rollback: Error: %s\n", errmsg); free(errmsg); } - return -1; + return SQLITE_ERROR; } - return 0; + return SQLITE_OK; } /* return an eid as result */ @@ -1440,13 +1440,13 @@ static int lsql_start_trans(struct ldb_module * module) printf("lsqlite3_start_trans: error: %s\n", errmsg); free(errmsg); } - return -1; + return SQLITE_ERROR; } }; lsqlite3->trans_count++; - return 0; + return SQLITE_OK; } static int lsql_end_trans(struct ldb_module *module) @@ -1457,7 +1457,7 @@ static int lsql_end_trans(struct ldb_module *module) if (lsqlite3->trans_count > 0) { lsqlite3->trans_count--; - } else return -1; + } else return SQLITE_ERROR; if (lsqlite3->trans_count == 0) { ret = sqlite3_exec(lsqlite3->sqlite, "COMMIT;", NULL, NULL, &errmsg); @@ -1466,11 +1466,11 @@ static int lsql_end_trans(struct ldb_module *module) printf("lsqlite3_end_trans: error: %s\n", errmsg); free(errmsg); } - return -1; + return SQLITE_ERROR; } } - return 0; + return SQLITE_OK; } static int lsql_del_trans(struct ldb_module *module) @@ -1479,13 +1479,13 @@ static int lsql_del_trans(struct ldb_module *module) if (lsqlite3->trans_count > 0) { lsqlite3->trans_count--; - } else return -1; + } else return SQLITE_ERROR; if (lsqlite3->trans_count == 0) { return lsqlite3_safe_rollback(lsqlite3->sqlite); } - return -1; + return SQLITE_ERROR; } static int destructor(struct lsqlite3_private *lsqlite3) @@ -1493,7 +1493,7 @@ static int destructor(struct lsqlite3_private *lsqlite3) if (lsqlite3->sqlite) { sqlite3_close(lsqlite3->sqlite); } - return 0; + return SQLITE_OK; } static int lsql_request(struct ldb_module *module, struct ldb_request *req) @@ -1540,7 +1540,7 @@ static int initialize(struct lsqlite3_private *lsqlite3, /* create a local ctx */ local_ctx = talloc_named(lsqlite3, 0, "lsqlite3_rename local context"); if (local_ctx == NULL) { - return -1; + return SQLITE_ERROR; } schema = lsqlite3_tprintf(local_ctx, @@ -1792,7 +1792,7 @@ static int initialize(struct lsqlite3_private *lsqlite3, failed: if (rollback) lsqlite3_safe_rollback(lsqlite3->sqlite); sqlite3_close(lsqlite3->sqlite); - return -1; + return SQLITE_ERROR; } /* @@ -1860,14 +1860,14 @@ static int lsqlite3_connect(struct ldb_context *ldb, } } - return 0; + return LDB_SUCCESS; failed: if (lsqlite3->sqlite != NULL) { (void) sqlite3_close(lsqlite3->sqlite); } talloc_free(lsqlite3); - return -1; + return LDB_ERR_OPERATIONS_ERROR; } const struct ldb_backend_ops ldb_sqlite3_backend_ops = { diff --git a/source4/lib/ldb/ldb_tdb/ldb_cache.c b/source4/lib/ldb/ldb_tdb/ldb_cache.c index 2576e2c7bd..e502f1e642 100644 --- a/source4/lib/ldb/ldb_tdb/ldb_cache.c +++ b/source4/lib/ldb/ldb_tdb/ldb_cache.c @@ -92,11 +92,11 @@ static int ltdb_attributes_flags(struct ldb_message_element *el, unsigned *v) } } if (ltdb_valid_attr_flags[j].name == NULL) { - return -1; + return LDB_ERR_OPERATIONS_ERROR; } } *v = value; - return 0; + return LDB_SUCCESS; } /* @@ -118,7 +118,7 @@ static int ltdb_attributes_load(struct ldb_module *module) goto failed; } if (r == LDB_ERR_NO_SUCH_OBJECT) { - return 0; + return LDB_SUCCESS; } /* mapping these flags onto ldap 'syntaxes' isn't strictly correct, but its close enough for now */ @@ -162,9 +162,9 @@ static int ltdb_attributes_load(struct ldb_module *module) } } - return 0; + return LDB_SUCCESS; failed: - return -1; + return LDB_ERR_OPERATIONS_ERROR; } @@ -258,7 +258,7 @@ int ltdb_cache_load(struct ldb_module *module) /* a very fast check to avoid extra database reads */ if (ltdb->cache != NULL && tdb_get_seqnum(ltdb->tdb) == ltdb->tdb_seqnum) { - return 0; + return LDB_SUCCESS; } if (ltdb->cache == NULL) { @@ -344,7 +344,7 @@ int ltdb_cache_load(struct ldb_module *module) goto failed; } - if (ltdb_attributes_load(module) == -1) { + if (ltdb_attributes_load(module) != LDB_SUCCESS) { goto failed; } @@ -353,14 +353,14 @@ done: talloc_free(baseinfo); talloc_free(baseinfo_dn); talloc_free(indexlist_dn); - return 0; + return LDB_SUCCESS; failed: talloc_free(options); talloc_free(baseinfo); talloc_free(baseinfo_dn); talloc_free(indexlist_dn); - return -1; + return LDB_ERR_OPERATIONS_ERROR; } @@ -449,10 +449,10 @@ int ltdb_check_at_attributes_values(const struct ldb_val *value) for (i = 0; ltdb_valid_attr_flags[i].name != NULL; i++) { if ((strcmp(ltdb_valid_attr_flags[i].name, (char *)value->data) == 0)) { - return 0; + return LDB_SUCCESS; } } - return -1; + return LDB_ERR_OPERATIONS_ERROR; } diff --git a/source4/lib/ldb/ldb_tdb/ldb_pack.c b/source4/lib/ldb/ldb_tdb/ldb_pack.c index afb07dcbca..d96e7590e7 100644 --- a/source4/lib/ldb/ldb_tdb/ldb_pack.c +++ b/source4/lib/ldb/ldb_tdb/ldb_pack.c @@ -89,7 +89,7 @@ int ltdb_pack_data(struct ldb_module *module, dn = ldb_dn_get_linearized(message->dn); if (dn == NULL) { errno = ENOMEM; - return -1; + return LDB_ERR_OPERATIONS_ERROR; } /* work out how big it needs to be */ @@ -114,7 +114,7 @@ int ltdb_pack_data(struct ldb_module *module, data->dptr = talloc_array(ldb, uint8_t, size); if (!data->dptr) { errno = ENOMEM; - return -1; + return LDB_ERR_OPERATIONS_ERROR; } data->dsize = size; @@ -147,7 +147,7 @@ int ltdb_pack_data(struct ldb_module *module, } } - return 0; + return LDB_SUCCESS; } /* @@ -207,7 +207,7 @@ int ltdb_unpack_data(struct ldb_module *module, if (message->num_elements == 0) { message->elements = NULL; - return 0; + return LDB_SUCCESS; } if (message->num_elements > remaining / 6) { @@ -281,9 +281,9 @@ int ltdb_unpack_data(struct ldb_module *module, "Error: %d bytes unread in ltdb_unpack_data\n", remaining); } - return 0; + return LDB_SUCCESS; failed: talloc_free(message->elements); - return -1; + return LDB_ERR_OPERATIONS_ERROR; } diff --git a/source4/lib/ldb/ldb_tdb/ldb_search.c b/source4/lib/ldb/ldb_tdb/ldb_search.c index da899c361e..ce7a90e3d5 100644 --- a/source4/lib/ldb/ldb_tdb/ldb_search.c +++ b/source4/lib/ldb/ldb_tdb/ldb_search.c @@ -262,7 +262,7 @@ int ltdb_search_dn1(struct ldb_module *module, struct ldb_dn *dn, struct ldb_mes ret = ltdb_unpack_data(module, &tdb_data, msg); free(tdb_data.dptr); - if (ret == -1) { + if (ret != LDB_SUCCESS) { return LDB_ERR_OPERATIONS_ERROR; } @@ -285,7 +285,7 @@ static int ltdb_lock_read(struct ldb_module *module) if (ltdb->in_transaction == 0) { return tdb_lockall_read(ltdb->tdb); } - return 0; + return LDB_SUCCESS; } /* @@ -297,7 +297,7 @@ static int ltdb_unlock_read(struct ldb_module *module) if (ltdb->in_transaction == 0) { return tdb_unlockall_read(ltdb->tdb); } - return 0; + return LDB_SUCCESS; } /* @@ -317,14 +317,14 @@ int ltdb_add_attr_results(struct ldb_module *module, /* pull the attributes that the user wants */ msg2 = ltdb_pull_attrs(module, mem_ctx, msg, attrs); if (!msg2) { - return -1; + return LDB_ERR_OPERATIONS_ERROR; } /* add to the results list */ res2 = talloc_realloc(mem_ctx, *res, struct ldb_message *, (*count)+2); if (!res2) { talloc_free(msg2); - return -1; + return LDB_ERR_OPERATIONS_ERROR; } (*res) = res2; @@ -333,7 +333,7 @@ int ltdb_add_attr_results(struct ldb_module *module, (*res)[(*count)+1] = NULL; (*count)++; - return 0; + return LDB_SUCCESS; } @@ -356,7 +356,7 @@ int ltdb_filter_attrs(struct ldb_message *msg, const char * const *attrs) if (ldb_attr_cmp(attrs[i], "distinguishedName") == 0) { if (msg_add_distinguished_name(msg) != 0) { - return -1; + return LDB_ERR_OPERATIONS_ERROR; } } } @@ -366,9 +366,9 @@ int ltdb_filter_attrs(struct ldb_message *msg, const char * const *attrs) if (keep_all) { if (msg_add_distinguished_name(msg) != 0) { - return -1; + return LDB_ERR_OPERATIONS_ERROR; } - return 0; + return LDB_SUCCESS; } for (i = 0; i < msg->num_elements; i++) { @@ -387,7 +387,7 @@ int ltdb_filter_attrs(struct ldb_message *msg, const char * const *attrs) } } - return 0; + return LDB_SUCCESS; } /* @@ -402,14 +402,14 @@ static int search_func(struct tdb_context *tdb, TDB_DATA key, TDB_DATA data, voi if (key.dsize < 4 || strncmp((char *)key.dptr, "DN=", 3) != 0) { - return 0; + return LDB_SUCCESS; } ares = talloc_zero(ac, struct ldb_reply); if (!ares) { handle->status = LDB_ERR_OPERATIONS_ERROR; handle->state = LDB_ASYNC_DONE; - return -1; + return LDB_ERR_OPERATIONS_ERROR; } ares->message = ldb_msg_new(ares); @@ -417,14 +417,14 @@ static int search_func(struct tdb_context *tdb, TDB_DATA key, TDB_DATA data, voi handle->status = LDB_ERR_OPERATIONS_ERROR; handle->state = LDB_ASYNC_DONE; talloc_free(ares); - return -1; + return LDB_ERR_OPERATIONS_ERROR; } /* unpack the record */ ret = ltdb_unpack_data(ac->module, &data, ares->message); - if (ret == -1) { + if (ret) { talloc_free(ares); - return -1; + return LDB_ERR_OPERATIONS_ERROR; } if (!ares->message->dn) { @@ -433,7 +433,7 @@ static int search_func(struct tdb_context *tdb, TDB_DATA key, TDB_DATA data, voi handle->status = LDB_ERR_OPERATIONS_ERROR; handle->state = LDB_ASYNC_DONE; talloc_free(ares); - return -1; + return LDB_ERR_OPERATIONS_ERROR; } } @@ -441,17 +441,17 @@ static int search_func(struct tdb_context *tdb, TDB_DATA key, TDB_DATA data, voi if (!ldb_match_msg(ac->module->ldb, ares->message, ac->tree, ac->base, ac->scope)) { talloc_free(ares); - return 0; + return LDB_SUCCESS; } /* filter the attributes that the user wants */ ret = ltdb_filter_attrs(ares->message, ac->attrs); - if (ret == -1) { + if (ret != LDB_SUCCESS) { handle->status = LDB_ERR_OPERATIONS_ERROR; handle->state = LDB_ASYNC_DONE; talloc_free(ares); - return -1; + return LDB_ERR_OPERATIONS_ERROR; } ares->type = LDB_REPLY_ENTRY; @@ -460,10 +460,10 @@ static int search_func(struct tdb_context *tdb, TDB_DATA key, TDB_DATA data, voi if (handle->status != LDB_SUCCESS) { /* don't try to free ares here, the callback is in charge of that */ - return -1; + return LDB_ERR_OPERATIONS_ERROR; } - return 0; + return LDB_SUCCESS; } diff --git a/source4/lib/ldb/ldb_tdb/ldb_tdb.c b/source4/lib/ldb/ldb_tdb/ldb_tdb.c index 01d570c89a..b711efd1fa 100644 --- a/source4/lib/ldb/ldb_tdb/ldb_tdb.c +++ b/source4/lib/ldb/ldb_tdb/ldb_tdb.c @@ -174,7 +174,7 @@ int ltdb_check_special_dn(struct ldb_module *module, if (! ldb_dn_is_special(msg->dn) || ! ldb_dn_check_special(msg->dn, LTDB_ATTRIBUTES)) { - return 0; + return LDB_SUCCESS; } /* we have @ATTRIBUTES, let's check attributes are fine */ @@ -188,7 +188,7 @@ int ltdb_check_special_dn(struct ldb_module *module, } } - return 0; + return LDB_SUCCESS; } @@ -231,7 +231,7 @@ int ltdb_store(struct ldb_module *module, const struct ldb_message *msg, int flg } ret = ltdb_pack_data(module, msg, &tdb_data); - if (ret == -1) { + if (ret != LDB_SUCCESS) { talloc_free(tdb_key.dptr); return LDB_ERR_OTHER; } @@ -626,7 +626,7 @@ int ltdb_modify_internal(struct ldb_module *module, } ret = ltdb_unpack_data(module, &tdb_data, msg2); - if (ret == -1) { + if (ret != LDB_SUCCESS) { ret = LDB_ERR_OTHER; goto failed; } @@ -1069,7 +1069,7 @@ static int ltdb_connect(struct ldb_context *ldb, const char *url, if (strncmp(url, "tdb://", 6) != 0) { ldb_debug(ldb, LDB_DEBUG_ERROR, "Invalid tdb URL '%s'", url); - return -1; + return LDB_ERR_OPERATIONS_ERROR; } path = url+6; } else { @@ -1097,7 +1097,7 @@ static int ltdb_connect(struct ldb_context *ldb, const char *url, ltdb = talloc_zero(ldb, struct ltdb_private); if (!ltdb) { ldb_oom(ldb); - return -1; + return LDB_ERR_OPERATIONS_ERROR; } /* note that we use quite a large default hash size */ @@ -1108,7 +1108,7 @@ static int ltdb_connect(struct ldb_context *ldb, const char *url, ldb_debug(ldb, LDB_DEBUG_ERROR, "Unable to open tdb '%s'\n", path); talloc_free(ltdb); - return -1; + return LDB_ERR_OPERATIONS_ERROR; } ltdb->sequence_number = 0; @@ -1117,7 +1117,7 @@ static int ltdb_connect(struct ldb_context *ldb, const char *url, if (!module) { ldb_oom(ldb); talloc_free(ltdb); - return -1; + return LDB_ERR_OPERATIONS_ERROR; } talloc_set_name_const(*module, "ldb_tdb backend"); (*module)->ldb = ldb; @@ -1128,10 +1128,10 @@ static int ltdb_connect(struct ldb_context *ldb, const char *url, if (ltdb_cache_load(*module) != 0) { talloc_free(*module); talloc_free(ltdb); - return -1; + return LDB_ERR_OPERATIONS_ERROR; } - return 0; + return LDB_SUCCESS; } const struct ldb_backend_ops ldb_tdb_backend_ops = { diff --git a/source4/lib/ldb/ldb_tdb/ldb_tdb_wrap.c b/source4/lib/ldb/ldb_tdb/ldb_tdb_wrap.c index 4fea43c8c8..9d856355be 100644 --- a/source4/lib/ldb/ldb_tdb/ldb_tdb_wrap.c +++ b/source4/lib/ldb/ldb_tdb/ldb_tdb_wrap.c @@ -53,7 +53,7 @@ static int ltdb_wrap_destructor(struct ltdb_wrap *w) if (w == tdb_list) { tdb_list = w->next; } - return 0; + return LDB_SUCCESS; } static void ltdb_log_fn(struct tdb_context *tdb, enum tdb_debug_level level, const char *fmt, ...) PRINTF_ATTRIBUTE(3, 4); -- cgit From 9d849c30bc5dfb4c3b27639c52ba8c2a54d07471 Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Tue, 9 Sep 2008 17:36:52 +0200 Subject: Cosmetic corrections for the LDB library This commit applies some cosmetic corrections for the LDB library. --- source4/lib/ldb/common/attrib_handlers.c | 22 +++++++++++----------- source4/lib/ldb/common/ldb_attributes.c | 8 ++++---- source4/lib/ldb/common/ldb_debug.c | 2 +- source4/lib/ldb/common/ldb_ldif.c | 18 +++++++++--------- source4/lib/ldb/common/ldb_modules.c | 6 +++--- source4/lib/ldb/modules/operational.c | 4 ++-- source4/lib/ldb/modules/paged_results.c | 2 +- source4/lib/ldb/modules/skel.c | 2 +- 8 files changed, 32 insertions(+), 32 deletions(-) (limited to 'source4') diff --git a/source4/lib/ldb/common/attrib_handlers.c b/source4/lib/ldb/common/attrib_handlers.c index fb57e2dadc..6f1b0815d7 100644 --- a/source4/lib/ldb/common/attrib_handlers.c +++ b/source4/lib/ldb/common/attrib_handlers.c @@ -38,9 +38,9 @@ int ldb_handler_copy(struct ldb_context *ldb, void *mem_ctx, *out = ldb_val_dup(mem_ctx, in); if (in->length > 0 && out->data == NULL) { ldb_oom(ldb); - return -1; + return LDB_ERR_OPERATIONS_ERROR; } - return 0; + return LDB_SUCCESS; } /* @@ -57,13 +57,13 @@ int ldb_handler_fold(struct ldb_context *ldb, void *mem_ctx, int l; if (!in || !out || !(in->data)) { - return -1; + return LDB_ERR_OPERATIONS_ERROR; } out->data = (uint8_t *)ldb_casefold(ldb, mem_ctx, (const char *)(in->data), in->length); if (out->data == NULL) { ldb_debug(ldb, LDB_DEBUG_ERROR, "ldb_handler_fold: unable to casefold string [%s]", in->data); - return -1; + return LDB_ERR_OPERATIONS_ERROR; } s = (char *)(out->data); @@ -96,7 +96,7 @@ int ldb_handler_fold(struct ldb_context *ldb, void *mem_ctx, } out->length = strlen((char *)out->data); - return 0; + return LDB_SUCCESS; } @@ -111,14 +111,14 @@ int ldb_canonicalise_Integer(struct ldb_context *ldb, void *mem_ctx, char *end; long long i = strtoll((char *)in->data, &end, 0); if (*end != 0) { - return -1; + return LDB_ERR_OPERATIONS_ERROR; } out->data = (uint8_t *)talloc_asprintf(mem_ctx, "%lld", i); if (out->data == NULL) { - return -1; + return LDB_ERR_OPERATIONS_ERROR; } out->length = strlen((char *)out->data); - return 0; + return LDB_SUCCESS; } /* @@ -251,7 +251,7 @@ int ldb_canonicalise_dn(struct ldb_context *ldb, void *mem_ctx, } out->length = strlen((char *)out->data); - ret = 0; + ret = LDB_SUCCESS; done: talloc_free(dn); @@ -305,10 +305,10 @@ int ldb_canonicalise_utctime(struct ldb_context *ldb, void *mem_ctx, time_t t = ldb_string_to_time((char *)in->data); out->data = (uint8_t *)ldb_timestring(mem_ctx, t); if (out->data == NULL) { - return -1; + return LDB_ERR_OPERATIONS_ERROR; } out->length = strlen((char *)out->data); - return 0; + return LDB_SUCCESS; } /* diff --git a/source4/lib/ldb/common/ldb_attributes.c b/source4/lib/ldb/common/ldb_attributes.c index 747f241781..0fbb5e2bfb 100644 --- a/source4/lib/ldb/common/ldb_attributes.c +++ b/source4/lib/ldb/common/ldb_attributes.c @@ -61,7 +61,7 @@ int ldb_schema_attribute_add_with_syntax(struct ldb_context *ldb, struct ldb_schema_attribute, n); if (a == NULL) { ldb_oom(ldb); - return -1; + return LDB_ERR_OPERATIONS_ERROR; } ldb->schema.attributes = a; @@ -70,7 +70,7 @@ int ldb_schema_attribute_add_with_syntax(struct ldb_context *ldb, if (cmp == 0) { /* silently ignore attempts to overwrite fixed attributes */ if (a[i].flags & LDB_ATTR_FLAG_FIXED) { - return 0; + return LDB_SUCCESS; } if (a[i].flags & LDB_ATTR_FLAG_ALLOCATED) { talloc_free(discard_const_p(char, a[i].name)); @@ -93,11 +93,11 @@ int ldb_schema_attribute_add_with_syntax(struct ldb_context *ldb, a[i].name = talloc_strdup(a, a[i].name); if (a[i].name == NULL) { ldb_oom(ldb); - return -1; + return LDB_ERR_OPERATIONS_ERROR; } } - return 0; + return LDB_SUCCESS; } static const struct ldb_schema_syntax ldb_syntax_default = { diff --git a/source4/lib/ldb/common/ldb_debug.c b/source4/lib/ldb/common/ldb_debug.c index 0f78e37c1c..8e1c491f12 100644 --- a/source4/lib/ldb/common/ldb_debug.c +++ b/source4/lib/ldb/common/ldb_debug.c @@ -43,7 +43,7 @@ int ldb_set_debug(struct ldb_context *ldb, { ldb->debug_ops.debug = debug; ldb->debug_ops.context = context; - return 0; + return LDB_SUCCESS; } /* diff --git a/source4/lib/ldb/common/ldb_ldif.c b/source4/lib/ldb/common/ldb_ldif.c index fb93e17c6c..6cbd30f377 100644 --- a/source4/lib/ldb/common/ldb_ldif.c +++ b/source4/lib/ldb/common/ldb_ldif.c @@ -191,19 +191,19 @@ int ldb_should_b64_encode(const struct ldb_val *val) uint8_t *p = val->data; if (val->length == 0) { - return 0; + return LDB_SUCCESS; } if (p[0] == ' ' || p[0] == ':') { - return 1; + return LDB_ERR_OPERATIONS_ERROR; } for (i=0; ilength; i++) { if (!isprint(p[i]) || p[i] == '\n') { - return 1; + return LDB_ERR_OPERATIONS_ERROR; } } - return 0; + return LDB_SUCCESS; } /* this macro is used to handle the return checking on fprintf_fn() */ @@ -444,12 +444,12 @@ static int next_attr(void *mem_ctx, char **s, const char **attr, struct ldb_val value->length = 0; *attr = "-"; *s += 2; - return 0; + return LDB_SUCCESS; } p = strchr(*s, ':'); if (!p) { - return -1; + return LDB_ERR_OPERATIONS_ERROR; } *p++ = 0; @@ -487,7 +487,7 @@ static int next_attr(void *mem_ctx, char **s, const char **attr, struct ldb_val int len = ldb_base64_decode((char *)value->data); if (len == -1) { /* it wasn't valid base64 data */ - return -1; + return LDB_ERR_OPERATIONS_ERROR; } value->length = len; } @@ -496,11 +496,11 @@ static int next_attr(void *mem_ctx, char **s, const char **attr, struct ldb_val int len = ldb_read_data_file(mem_ctx, value); if (len == -1) { /* an error occured hile trying to retrieve the file */ - return -1; + return LDB_ERR_OPERATIONS_ERROR; } } - return 0; + return LDB_SUCCESS; } diff --git a/source4/lib/ldb/common/ldb_modules.c b/source4/lib/ldb/common/ldb_modules.c index c0cd616a76..046d36edf1 100644 --- a/source4/lib/ldb/common/ldb_modules.c +++ b/source4/lib/ldb/common/ldb_modules.c @@ -279,16 +279,16 @@ int ldb_register_module(const struct ldb_module_ops *ops) struct ops_list_entry *entry = talloc(talloc_autofree_context(), struct ops_list_entry); if (ldb_find_module_ops(ops->name) != NULL) - return -1; + return LDB_ERR_OPERATIONS_ERROR; if (entry == NULL) - return -1; + return LDB_ERR_OPERATIONS_ERROR; entry->ops = ops; entry->next = registered_modules; registered_modules = entry; - return 0; + return LDB_SUCCESS; } void *ldb_dso_load_symbol(struct ldb_context *ldb, const char *name, diff --git a/source4/lib/ldb/modules/operational.c b/source4/lib/ldb/modules/operational.c index a59e81becd..716f34d660 100644 --- a/source4/lib/ldb/modules/operational.c +++ b/source4/lib/ldb/modules/operational.c @@ -158,13 +158,13 @@ static int operational_search_post_process(struct ldb_module *module, } } - return 0; + return LDB_SUCCESS; failed: ldb_debug_set(module->ldb, LDB_DEBUG_WARNING, "operational_search_post_process failed for attribute '%s'\n", attrs[a]); - return -1; + return LDB_ERR_OPERATIONS_ERROR; } diff --git a/source4/lib/ldb/modules/paged_results.c b/source4/lib/ldb/modules/paged_results.c index b62b1f92cb..c7296a1edf 100644 --- a/source4/lib/ldb/modules/paged_results.c +++ b/source4/lib/ldb/modules/paged_results.c @@ -86,7 +86,7 @@ int store_destructor(struct results_store *store) store->priv->store = NULL; } - return 0; + return LDB_SUCCESS; } static struct results_store *new_store(struct private_data *priv) diff --git a/source4/lib/ldb/modules/skel.c b/source4/lib/ldb/modules/skel.c index 0cd29ac4b7..15df46354b 100644 --- a/source4/lib/ldb/modules/skel.c +++ b/source4/lib/ldb/modules/skel.c @@ -90,7 +90,7 @@ static int skel_destructor(struct ldb_module *ctx) struct private_data *data = talloc_get_type(ctx->private_data, struct private_data); /* put your clean-up functions here */ if (data->some_private_data) talloc_free(data->some_private_data); - return 0; + return LDB_SUCCESS; } static int skel_request(struct ldb_module *module, struct ldb_request *req) -- cgit From 57edd24ca0fd91ae4d967666dc381147654e27f7 Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Tue, 9 Sep 2008 17:37:33 +0200 Subject: Cosmetic corrections for the KERBEROS library This commit applies some cosmetic corrections for the KERBEROS library. --- source4/auth/gensec/cyrus_sasl.c | 2 +- source4/auth/kerberos/kerberos.c | 4 ++-- source4/auth/kerberos/kerberos_util.c | 18 ++++++++---------- source4/auth/kerberos/krb5_init_context.c | 4 ++-- source4/kdc/hdb-ldb.c | 6 +++--- 5 files changed, 16 insertions(+), 18 deletions(-) (limited to 'source4') diff --git a/source4/auth/gensec/cyrus_sasl.c b/source4/auth/gensec/cyrus_sasl.c index 06a7b8a382..6f82de82fc 100644 --- a/source4/auth/gensec/cyrus_sasl.c +++ b/source4/auth/gensec/cyrus_sasl.c @@ -110,7 +110,7 @@ static int gensec_sasl_get_password(sasl_conn_t *conn, void *context, int id, static int gensec_sasl_dispose(struct gensec_sasl_state *gensec_sasl_state) { sasl_dispose(&gensec_sasl_state->conn); - return 0; + return SASL_OK; } static NTSTATUS gensec_sasl_client_start(struct gensec_security *gensec_security) diff --git a/source4/auth/kerberos/kerberos.c b/source4/auth/kerberos/kerberos.c index 2579ab20cc..d54664fe66 100644 --- a/source4/auth/kerberos/kerberos.c +++ b/source4/auth/kerberos/kerberos.c @@ -33,7 +33,7 @@ This version is built to use a keyblock, rather than needing the original password. */ - int kerberos_kinit_keyblock_cc(krb5_context ctx, krb5_ccache cc, + krb5_error_code kerberos_kinit_keyblock_cc(krb5_context ctx, krb5_ccache cc, krb5_principal principal, krb5_keyblock *keyblock, time_t *expire_time, time_t *kdc_time) { @@ -77,7 +77,7 @@ simulate a kinit, putting the tgt in the given credentials cache. Orignally by remus@snapserver.com */ - int kerberos_kinit_password_cc(krb5_context ctx, krb5_ccache cc, + krb5_error_code kerberos_kinit_password_cc(krb5_context ctx, krb5_ccache cc, krb5_principal principal, const char *password, time_t *expire_time, time_t *kdc_time) { diff --git a/source4/auth/kerberos/kerberos_util.c b/source4/auth/kerberos/kerberos_util.c index 9002715065..0567565d33 100644 --- a/source4/auth/kerberos/kerberos_util.c +++ b/source4/auth/kerberos/kerberos_util.c @@ -32,7 +32,7 @@ struct principal_container { krb5_principal principal; }; -static int free_principal(struct principal_container *pc) +static krb5_error_code free_principal(struct principal_container *pc) { /* current heimdal - 0.6.3, which we need anyway, fixes segfaults here */ krb5_free_principal(pc->smb_krb5_context->krb5_context, pc->principal); @@ -241,19 +241,17 @@ static krb5_error_code salt_principal_from_credentials(TALLOC_CTX *parent_ctx, return 0; } -static int free_keytab(struct keytab_container *ktc) +static krb5_error_code free_keytab(struct keytab_container *ktc) { - krb5_kt_close(ktc->smb_krb5_context->krb5_context, ktc->keytab); - - return 0; + return krb5_kt_close(ktc->smb_krb5_context->krb5_context, ktc->keytab); } -int smb_krb5_open_keytab(TALLOC_CTX *mem_ctx, +krb5_error_code smb_krb5_open_keytab(TALLOC_CTX *mem_ctx, struct smb_krb5_context *smb_krb5_context, const char *keytab_name, struct keytab_container **ktc) { krb5_keytab keytab; - int ret; + krb5_error_code ret; ret = krb5_kt_resolve(smb_krb5_context->krb5_context, keytab_name, &keytab); if (ret) { DEBUG(1,("failed to open krb5 keytab: %s\n", @@ -339,7 +337,7 @@ static krb5_error_code keytab_add_keys(TALLOC_CTX *parent_ctx, return 0; } -static int create_keytab(TALLOC_CTX *parent_ctx, +static krb5_error_code create_keytab(TALLOC_CTX *parent_ctx, struct cli_credentials *machine_account, struct smb_krb5_context *smb_krb5_context, const char **enctype_strings, @@ -603,7 +601,7 @@ static krb5_error_code remove_old_entries(TALLOC_CTX *parent_ctx, return ret; } -int smb_krb5_update_keytab(TALLOC_CTX *parent_ctx, +krb5_error_code smb_krb5_update_keytab(TALLOC_CTX *parent_ctx, struct cli_credentials *machine_account, struct smb_krb5_context *smb_krb5_context, const char **enctype_strings, @@ -635,7 +633,7 @@ int smb_krb5_update_keytab(TALLOC_CTX *parent_ctx, return ret; } -int smb_krb5_create_memory_keytab(TALLOC_CTX *parent_ctx, +krb5_error_code smb_krb5_create_memory_keytab(TALLOC_CTX *parent_ctx, struct cli_credentials *machine_account, struct smb_krb5_context *smb_krb5_context, const char **enctype_strings, diff --git a/source4/auth/kerberos/krb5_init_context.c b/source4/auth/kerberos/krb5_init_context.c index 82e42a4560..90b542c4c4 100644 --- a/source4/auth/kerberos/krb5_init_context.c +++ b/source4/auth/kerberos/krb5_init_context.c @@ -49,13 +49,13 @@ struct smb_krb5_socket { krb5_krbhst_info *hi; }; -static int smb_krb5_context_destroy_1(struct smb_krb5_context *ctx) +static krb5_error_code smb_krb5_context_destroy_1(struct smb_krb5_context *ctx) { krb5_free_context(ctx->krb5_context); return 0; } -static int smb_krb5_context_destroy_2(struct smb_krb5_context *ctx) +static krb5_error_code smb_krb5_context_destroy_2(struct smb_krb5_context *ctx) { /* Otherwise krb5_free_context will try and close what we have already free()ed */ krb5_set_warn_dest(ctx->krb5_context, NULL); diff --git a/source4/kdc/hdb-ldb.c b/source4/kdc/hdb-ldb.c index c5466f1acd..4fde75cf70 100644 --- a/source4/kdc/hdb-ldb.c +++ b/source4/kdc/hdb-ldb.c @@ -186,7 +186,7 @@ static HDBFlags uf2HDBFlags(krb5_context context, int userAccountControl, enum h return flags; } -static int hdb_ldb_destrutor(struct hdb_ldb_private *private) +static int hdb_ldb_destructor(struct hdb_ldb_private *private) { hdb_entry_ex *entry_ex = private->entry_ex; free_hdb_entry(&entry_ex->entry); @@ -542,7 +542,7 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db, private->iconv_convenience = lp_iconv_convenience(lp_ctx); private->netbios_name = lp_netbios_name(lp_ctx); - talloc_set_destructor(private, hdb_ldb_destrutor); + talloc_set_destructor(private, hdb_ldb_destructor); entry_ex->ctx = private; entry_ex->free_entry = hdb_ldb_free_entry; @@ -728,7 +728,7 @@ static krb5_error_code LDB_trust_message2entry(krb5_context context, HDB *db, private->iconv_convenience = lp_iconv_convenience(lp_ctx); private->netbios_name = lp_netbios_name(lp_ctx); - talloc_set_destructor(private, hdb_ldb_destrutor); + talloc_set_destructor(private, hdb_ldb_destructor); entry_ex->ctx = private; entry_ex->free_entry = hdb_ldb_free_entry; -- cgit From 79854dc48a6f5448e4a435261ad2d9e9a2bbc712 Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Thu, 18 Sep 2008 15:34:58 +0200 Subject: Kerberos cosmetic changes: Revert a part of the patch Reverts a part of the patch because it changes the function of the code (suggested by Jelmer). --- source4/auth/kerberos/kerberos_util.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/auth/kerberos/kerberos_util.c b/source4/auth/kerberos/kerberos_util.c index 0567565d33..4704f4805f 100644 --- a/source4/auth/kerberos/kerberos_util.c +++ b/source4/auth/kerberos/kerberos_util.c @@ -243,7 +243,9 @@ static krb5_error_code salt_principal_from_credentials(TALLOC_CTX *parent_ctx, static krb5_error_code free_keytab(struct keytab_container *ktc) { - return krb5_kt_close(ktc->smb_krb5_context->krb5_context, ktc->keytab); + krb5_kt_close(ktc->smb_krb5_context->krb5_context, ktc->keytab); + + return 0; } krb5_error_code smb_krb5_open_keytab(TALLOC_CTX *mem_ctx, -- cgit From b39b6099a44ef40fc79fc68c9df740e0ef722d19 Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Tue, 9 Sep 2008 17:37:33 +0200 Subject: Cosmetic corrections for the KERBEROS library This commit applies some cosmetic corrections for the KERBEROS library. --- source4/auth/kerberos/kerberos_util.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'source4') diff --git a/source4/auth/kerberos/kerberos_util.c b/source4/auth/kerberos/kerberos_util.c index 4704f4805f..0567565d33 100644 --- a/source4/auth/kerberos/kerberos_util.c +++ b/source4/auth/kerberos/kerberos_util.c @@ -243,9 +243,7 @@ static krb5_error_code salt_principal_from_credentials(TALLOC_CTX *parent_ctx, static krb5_error_code free_keytab(struct keytab_container *ktc) { - krb5_kt_close(ktc->smb_krb5_context->krb5_context, ktc->keytab); - - return 0; + return krb5_kt_close(ktc->smb_krb5_context->krb5_context, ktc->keytab); } krb5_error_code smb_krb5_open_keytab(TALLOC_CTX *mem_ctx, -- cgit From b0a95ad2f68cfc87822420c22216d83c0abf0690 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 24 Sep 2008 23:59:59 +0200 Subject: Revert LDB return code patches from Matthias. --- source4/dsdb/samdb/ldb_modules/kludge_acl.c | 4 +-- source4/dsdb/samdb/ldb_modules/proxy.c | 12 +++---- source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 14 ++++----- source4/dsdb/samdb/ldb_modules/schema_fsmo.c | 2 +- source4/lib/ldb-samba/ldif_handlers.c | 2 +- source4/lib/ldb/common/attrib_handlers.c | 22 ++++++------- source4/lib/ldb/common/ldb_attributes.c | 8 ++--- source4/lib/ldb/common/ldb_debug.c | 2 +- source4/lib/ldb/common/ldb_ldif.c | 18 +++++------ source4/lib/ldb/common/ldb_modules.c | 6 ++-- source4/lib/ldb/ldb_ildap/ldb_ildap.c | 6 ++-- source4/lib/ldb/ldb_ldap/ldb_ldap.c | 18 +++++------ source4/lib/ldb/ldb_sqlite3/ldb_sqlite3.c | 28 ++++++++--------- source4/lib/ldb/ldb_tdb/ldb_cache.c | 22 ++++++------- source4/lib/ldb/ldb_tdb/ldb_pack.c | 12 +++---- source4/lib/ldb/ldb_tdb/ldb_search.c | 42 ++++++++++++------------- source4/lib/ldb/ldb_tdb/ldb_tdb.c | 20 ++++++------ source4/lib/ldb/ldb_tdb/ldb_tdb_wrap.c | 2 +- source4/lib/ldb/modules/operational.c | 4 +-- source4/lib/ldb/modules/paged_results.c | 2 +- source4/lib/ldb/modules/skel.c | 2 +- source4/lib/ldb_wrap.c | 2 +- 22 files changed, 125 insertions(+), 125 deletions(-) (limited to 'source4') diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index 11e2b7ade9..6836f95873 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -142,7 +142,7 @@ static int kludge_acl_allowedAttributes(struct ldb_context *ldb, struct ldb_mess ldb_msg_add_string(msg, attrName, attr_list[i]); } talloc_free(mem_ctx); - return LDB_SUCCESS; + return 0; } /* read all objectClasses */ @@ -201,7 +201,7 @@ static int kludge_acl_childClasses(struct ldb_context *ldb, struct ldb_message * } } - return LDB_SUCCESS; + return 0; } diff --git a/source4/dsdb/samdb/ldb_modules/proxy.c b/source4/dsdb/samdb/ldb_modules/proxy.c index 7aa78e98a9..d0a315e45a 100644 --- a/source4/dsdb/samdb/ldb_modules/proxy.c +++ b/source4/dsdb/samdb/ldb_modules/proxy.c @@ -66,7 +66,7 @@ static int load_proxy_info(struct ldb_module *module) /* see if we have already loaded it */ if (proxy->upstream != NULL) { - return LDB_SUCCESS; + return 0; } dn = ldb_dn_new(proxy, module->ldb, "@PROXYINFO"); @@ -145,7 +145,7 @@ static int load_proxy_info(struct ldb_module *module) talloc_free(res); - return LDB_SUCCESS; + return 0; failed: talloc_free(res); @@ -153,7 +153,7 @@ failed: talloc_free(proxy->newdn); talloc_free(proxy->upstream); proxy->upstream = NULL; - return LDB_ERR_OPERATIONS_ERROR; + return -1; } @@ -259,7 +259,7 @@ static int proxy_search_bytree(struct ldb_module *module, struct ldb_request *re } if (load_proxy_info(module) != 0) { - return LDB_ERR_OPERATIONS_ERROR; + return -1; } /* see if the dn is within olddn */ @@ -269,7 +269,7 @@ static int proxy_search_bytree(struct ldb_module *module, struct ldb_request *re newreq = talloc(module, struct ldb_request); if (newreq == NULL) { - return LDB_ERR_OPERATIONS_ERROR; + return -1; } newreq->op.search.tree = proxy_convert_tree(module, req->op.search.tree); @@ -298,7 +298,7 @@ static int proxy_search_bytree(struct ldb_module *module, struct ldb_request *re if (ret != LDB_SUCCESS) { ldb_set_errstring(module->ldb, ldb_errstring(proxy->upstream)); talloc_free(newreq); - return LDB_ERR_OPERATIONS_ERROR; + return -1; } for (i = 0; i < newreq->op.search.res->count; i++) { diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index 34e235aec7..dd5faf837a 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -124,16 +124,16 @@ static int add_time_element(struct ldb_message *msg, const char *attr, time_t t) char *s; if (ldb_msg_find_element(msg, attr) != NULL) { - return LDB_SUCCESS; + return 0; } s = ldb_timestring(msg, t); if (s == NULL) { - return LDB_ERR_OPERATIONS_ERROR; + return -1; } if (ldb_msg_add_string(msg, attr, s) != 0) { - return LDB_ERR_OPERATIONS_ERROR; + return -1; } el = ldb_msg_find_element(msg, attr); @@ -141,7 +141,7 @@ static int add_time_element(struct ldb_message *msg, const char *attr, time_t t) is ignored */ el->flags = LDB_FLAG_MOD_REPLACE; - return LDB_SUCCESS; + return 0; } /* @@ -152,11 +152,11 @@ static int add_uint64_element(struct ldb_message *msg, const char *attr, uint64_ struct ldb_message_element *el; if (ldb_msg_find_element(msg, attr) != NULL) { - return LDB_SUCCESS; + return 0; } if (ldb_msg_add_fmt(msg, attr, "%llu", (unsigned long long)v) != 0) { - return LDB_ERR_OPERATIONS_ERROR; + return -1; } el = ldb_msg_find_element(msg, attr); @@ -164,7 +164,7 @@ static int add_uint64_element(struct ldb_message *msg, const char *attr, uint64_ is ignored */ el->flags = LDB_FLAG_MOD_REPLACE; - return LDB_SUCCESS; + return 0; } static int replmd_replPropertyMetaData1_attid_sort(const struct replPropertyMetaData1 *m1, diff --git a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c index 7c6a6dd26f..968b19c038 100644 --- a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c +++ b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c @@ -307,7 +307,7 @@ static int generate_dITContentRules(struct ldb_context *ldb, struct ldb_message } } } - return LDB_SUCCESS; + return 0; } diff --git a/source4/lib/ldb-samba/ldif_handlers.c b/source4/lib/ldb-samba/ldif_handlers.c index 46ea09554d..a16582d294 100644 --- a/source4/lib/ldb-samba/ldif_handlers.c +++ b/source4/lib/ldb-samba/ldif_handlers.c @@ -134,7 +134,7 @@ static int ldb_canonicalise_objectSid(struct ldb_context *ldb, void *mem_ctx, /* Perhaps not a string after all */ return ldb_handler_copy(ldb, mem_ctx, in, out); } - return LDB_SUCCESS; + return 0; } return ldb_handler_copy(ldb, mem_ctx, in, out); } diff --git a/source4/lib/ldb/common/attrib_handlers.c b/source4/lib/ldb/common/attrib_handlers.c index 6f1b0815d7..fb57e2dadc 100644 --- a/source4/lib/ldb/common/attrib_handlers.c +++ b/source4/lib/ldb/common/attrib_handlers.c @@ -38,9 +38,9 @@ int ldb_handler_copy(struct ldb_context *ldb, void *mem_ctx, *out = ldb_val_dup(mem_ctx, in); if (in->length > 0 && out->data == NULL) { ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; + return -1; } - return LDB_SUCCESS; + return 0; } /* @@ -57,13 +57,13 @@ int ldb_handler_fold(struct ldb_context *ldb, void *mem_ctx, int l; if (!in || !out || !(in->data)) { - return LDB_ERR_OPERATIONS_ERROR; + return -1; } out->data = (uint8_t *)ldb_casefold(ldb, mem_ctx, (const char *)(in->data), in->length); if (out->data == NULL) { ldb_debug(ldb, LDB_DEBUG_ERROR, "ldb_handler_fold: unable to casefold string [%s]", in->data); - return LDB_ERR_OPERATIONS_ERROR; + return -1; } s = (char *)(out->data); @@ -96,7 +96,7 @@ int ldb_handler_fold(struct ldb_context *ldb, void *mem_ctx, } out->length = strlen((char *)out->data); - return LDB_SUCCESS; + return 0; } @@ -111,14 +111,14 @@ int ldb_canonicalise_Integer(struct ldb_context *ldb, void *mem_ctx, char *end; long long i = strtoll((char *)in->data, &end, 0); if (*end != 0) { - return LDB_ERR_OPERATIONS_ERROR; + return -1; } out->data = (uint8_t *)talloc_asprintf(mem_ctx, "%lld", i); if (out->data == NULL) { - return LDB_ERR_OPERATIONS_ERROR; + return -1; } out->length = strlen((char *)out->data); - return LDB_SUCCESS; + return 0; } /* @@ -251,7 +251,7 @@ int ldb_canonicalise_dn(struct ldb_context *ldb, void *mem_ctx, } out->length = strlen((char *)out->data); - ret = LDB_SUCCESS; + ret = 0; done: talloc_free(dn); @@ -305,10 +305,10 @@ int ldb_canonicalise_utctime(struct ldb_context *ldb, void *mem_ctx, time_t t = ldb_string_to_time((char *)in->data); out->data = (uint8_t *)ldb_timestring(mem_ctx, t); if (out->data == NULL) { - return LDB_ERR_OPERATIONS_ERROR; + return -1; } out->length = strlen((char *)out->data); - return LDB_SUCCESS; + return 0; } /* diff --git a/source4/lib/ldb/common/ldb_attributes.c b/source4/lib/ldb/common/ldb_attributes.c index 0fbb5e2bfb..747f241781 100644 --- a/source4/lib/ldb/common/ldb_attributes.c +++ b/source4/lib/ldb/common/ldb_attributes.c @@ -61,7 +61,7 @@ int ldb_schema_attribute_add_with_syntax(struct ldb_context *ldb, struct ldb_schema_attribute, n); if (a == NULL) { ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; + return -1; } ldb->schema.attributes = a; @@ -70,7 +70,7 @@ int ldb_schema_attribute_add_with_syntax(struct ldb_context *ldb, if (cmp == 0) { /* silently ignore attempts to overwrite fixed attributes */ if (a[i].flags & LDB_ATTR_FLAG_FIXED) { - return LDB_SUCCESS; + return 0; } if (a[i].flags & LDB_ATTR_FLAG_ALLOCATED) { talloc_free(discard_const_p(char, a[i].name)); @@ -93,11 +93,11 @@ int ldb_schema_attribute_add_with_syntax(struct ldb_context *ldb, a[i].name = talloc_strdup(a, a[i].name); if (a[i].name == NULL) { ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; + return -1; } } - return LDB_SUCCESS; + return 0; } static const struct ldb_schema_syntax ldb_syntax_default = { diff --git a/source4/lib/ldb/common/ldb_debug.c b/source4/lib/ldb/common/ldb_debug.c index 8e1c491f12..0f78e37c1c 100644 --- a/source4/lib/ldb/common/ldb_debug.c +++ b/source4/lib/ldb/common/ldb_debug.c @@ -43,7 +43,7 @@ int ldb_set_debug(struct ldb_context *ldb, { ldb->debug_ops.debug = debug; ldb->debug_ops.context = context; - return LDB_SUCCESS; + return 0; } /* diff --git a/source4/lib/ldb/common/ldb_ldif.c b/source4/lib/ldb/common/ldb_ldif.c index 6cbd30f377..fb93e17c6c 100644 --- a/source4/lib/ldb/common/ldb_ldif.c +++ b/source4/lib/ldb/common/ldb_ldif.c @@ -191,19 +191,19 @@ int ldb_should_b64_encode(const struct ldb_val *val) uint8_t *p = val->data; if (val->length == 0) { - return LDB_SUCCESS; + return 0; } if (p[0] == ' ' || p[0] == ':') { - return LDB_ERR_OPERATIONS_ERROR; + return 1; } for (i=0; ilength; i++) { if (!isprint(p[i]) || p[i] == '\n') { - return LDB_ERR_OPERATIONS_ERROR; + return 1; } } - return LDB_SUCCESS; + return 0; } /* this macro is used to handle the return checking on fprintf_fn() */ @@ -444,12 +444,12 @@ static int next_attr(void *mem_ctx, char **s, const char **attr, struct ldb_val value->length = 0; *attr = "-"; *s += 2; - return LDB_SUCCESS; + return 0; } p = strchr(*s, ':'); if (!p) { - return LDB_ERR_OPERATIONS_ERROR; + return -1; } *p++ = 0; @@ -487,7 +487,7 @@ static int next_attr(void *mem_ctx, char **s, const char **attr, struct ldb_val int len = ldb_base64_decode((char *)value->data); if (len == -1) { /* it wasn't valid base64 data */ - return LDB_ERR_OPERATIONS_ERROR; + return -1; } value->length = len; } @@ -496,11 +496,11 @@ static int next_attr(void *mem_ctx, char **s, const char **attr, struct ldb_val int len = ldb_read_data_file(mem_ctx, value); if (len == -1) { /* an error occured hile trying to retrieve the file */ - return LDB_ERR_OPERATIONS_ERROR; + return -1; } } - return LDB_SUCCESS; + return 0; } diff --git a/source4/lib/ldb/common/ldb_modules.c b/source4/lib/ldb/common/ldb_modules.c index 046d36edf1..c0cd616a76 100644 --- a/source4/lib/ldb/common/ldb_modules.c +++ b/source4/lib/ldb/common/ldb_modules.c @@ -279,16 +279,16 @@ int ldb_register_module(const struct ldb_module_ops *ops) struct ops_list_entry *entry = talloc(talloc_autofree_context(), struct ops_list_entry); if (ldb_find_module_ops(ops->name) != NULL) - return LDB_ERR_OPERATIONS_ERROR; + return -1; if (entry == NULL) - return LDB_ERR_OPERATIONS_ERROR; + return -1; entry->ops = ops; entry->next = registered_modules; registered_modules = entry; - return LDB_SUCCESS; + return 0; } void *ldb_dso_load_symbol(struct ldb_context *ldb, const char *name, diff --git a/source4/lib/ldb/ldb_ildap/ldb_ildap.c b/source4/lib/ldb/ldb_ildap/ldb_ildap.c index 3a5da89c41..5ad671ea2e 100644 --- a/source4/lib/ldb/ldb_ildap/ldb_ildap.c +++ b/source4/lib/ldb/ldb_ildap/ldb_ildap.c @@ -753,7 +753,7 @@ static int ildb_connect(struct ldb_context *ldb, const char *url, module = talloc(ldb, struct ldb_module); if (!module) { ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; + return -1; } talloc_set_name_const(module, "ldb_ildap backend"); module->ldb = ldb; @@ -819,11 +819,11 @@ static int ildb_connect(struct ldb_context *ldb, const char *url, } *_module = module; - return LDB_SUCCESS; + return 0; failed: talloc_free(module); - return LDB_ERR_OPERATIONS_ERROR; + return -1; } _PUBLIC_ const struct ldb_backend_ops ldb_ldap_backend_ops = { diff --git a/source4/lib/ldb/ldb_ldap/ldb_ldap.c b/source4/lib/ldb/ldb_ldap/ldb_ldap.c index 5026f9c006..a4534c549a 100644 --- a/source4/lib/ldb/ldb_ldap/ldb_ldap.c +++ b/source4/lib/ldb/ldb_ldap/ldb_ldap.c @@ -180,14 +180,14 @@ static int lldb_add_msg_attr(struct ldb_context *ldb, count = ldap_count_values_len(bval); if (count <= 0) { - return LDB_ERR_OPERATIONS_ERROR; + return -1; } el = talloc_realloc(msg, msg->elements, struct ldb_message_element, msg->num_elements + 1); if (!el) { errno = ENOMEM; - return LDB_ERR_OPERATIONS_ERROR; + return -1; } msg->elements = el; @@ -197,7 +197,7 @@ static int lldb_add_msg_attr(struct ldb_context *ldb, el->name = talloc_strdup(msg->elements, attr); if (!el->name) { errno = ENOMEM; - return LDB_ERR_OPERATIONS_ERROR; + return -1; } el->flags = 0; @@ -205,7 +205,7 @@ static int lldb_add_msg_attr(struct ldb_context *ldb, el->values = talloc_array(msg->elements, struct ldb_val, count); if (!el->values) { errno = ENOMEM; - return LDB_ERR_OPERATIONS_ERROR; + return -1; } for (i=0;ivalues[i].data = talloc_size(el->values, bval[i]->bv_len+1); if (!el->values[i].data) { errno = ENOMEM; - return LDB_ERR_OPERATIONS_ERROR; + return -1; } memcpy(el->values[i].data, bval[i]->bv_val, bval[i]->bv_len); el->values[i].data[bval[i]->bv_len] = 0; @@ -224,7 +224,7 @@ static int lldb_add_msg_attr(struct ldb_context *ldb, msg->num_elements++; - return LDB_SUCCESS; + return 0; } /* @@ -785,7 +785,7 @@ static int lldb_connect(struct ldb_context *ldb, if (module == NULL) { ldb_oom(ldb); talloc_free(lldb); - return LDB_ERR_OPERATIONS_ERROR; + return -1; } talloc_set_name_const(module, "ldb_ldap backend"); module->ldb = ldb; @@ -819,11 +819,11 @@ static int lldb_connect(struct ldb_context *ldb, } *_module = module; - return LDB_SUCCESS; + return 0; failed: talloc_free(module); - return LDB_ERR_OPERATIONS_ERROR; + return -1; } const struct ldb_backend_ops ldb_ldap_backend_ops = { diff --git a/source4/lib/ldb/ldb_sqlite3/ldb_sqlite3.c b/source4/lib/ldb/ldb_sqlite3/ldb_sqlite3.c index 7e4fe1d08d..a0e63c8da1 100644 --- a/source4/lib/ldb/ldb_sqlite3/ldb_sqlite3.c +++ b/source4/lib/ldb/ldb_sqlite3/ldb_sqlite3.c @@ -670,10 +670,10 @@ static int lsqlite3_safe_rollback(sqlite3 *sqlite) printf("lsqlite3_safe_rollback: Error: %s\n", errmsg); free(errmsg); } - return SQLITE_ERROR; + return -1; } - return SQLITE_OK; + return 0; } /* return an eid as result */ @@ -1440,13 +1440,13 @@ static int lsql_start_trans(struct ldb_module * module) printf("lsqlite3_start_trans: error: %s\n", errmsg); free(errmsg); } - return SQLITE_ERROR; + return -1; } }; lsqlite3->trans_count++; - return SQLITE_OK; + return 0; } static int lsql_end_trans(struct ldb_module *module) @@ -1457,7 +1457,7 @@ static int lsql_end_trans(struct ldb_module *module) if (lsqlite3->trans_count > 0) { lsqlite3->trans_count--; - } else return SQLITE_ERROR; + } else return -1; if (lsqlite3->trans_count == 0) { ret = sqlite3_exec(lsqlite3->sqlite, "COMMIT;", NULL, NULL, &errmsg); @@ -1466,11 +1466,11 @@ static int lsql_end_trans(struct ldb_module *module) printf("lsqlite3_end_trans: error: %s\n", errmsg); free(errmsg); } - return SQLITE_ERROR; + return -1; } } - return SQLITE_OK; + return 0; } static int lsql_del_trans(struct ldb_module *module) @@ -1479,13 +1479,13 @@ static int lsql_del_trans(struct ldb_module *module) if (lsqlite3->trans_count > 0) { lsqlite3->trans_count--; - } else return SQLITE_ERROR; + } else return -1; if (lsqlite3->trans_count == 0) { return lsqlite3_safe_rollback(lsqlite3->sqlite); } - return SQLITE_ERROR; + return -1; } static int destructor(struct lsqlite3_private *lsqlite3) @@ -1493,7 +1493,7 @@ static int destructor(struct lsqlite3_private *lsqlite3) if (lsqlite3->sqlite) { sqlite3_close(lsqlite3->sqlite); } - return SQLITE_OK; + return 0; } static int lsql_request(struct ldb_module *module, struct ldb_request *req) @@ -1540,7 +1540,7 @@ static int initialize(struct lsqlite3_private *lsqlite3, /* create a local ctx */ local_ctx = talloc_named(lsqlite3, 0, "lsqlite3_rename local context"); if (local_ctx == NULL) { - return SQLITE_ERROR; + return -1; } schema = lsqlite3_tprintf(local_ctx, @@ -1792,7 +1792,7 @@ static int initialize(struct lsqlite3_private *lsqlite3, failed: if (rollback) lsqlite3_safe_rollback(lsqlite3->sqlite); sqlite3_close(lsqlite3->sqlite); - return SQLITE_ERROR; + return -1; } /* @@ -1860,14 +1860,14 @@ static int lsqlite3_connect(struct ldb_context *ldb, } } - return LDB_SUCCESS; + return 0; failed: if (lsqlite3->sqlite != NULL) { (void) sqlite3_close(lsqlite3->sqlite); } talloc_free(lsqlite3); - return LDB_ERR_OPERATIONS_ERROR; + return -1; } const struct ldb_backend_ops ldb_sqlite3_backend_ops = { diff --git a/source4/lib/ldb/ldb_tdb/ldb_cache.c b/source4/lib/ldb/ldb_tdb/ldb_cache.c index e502f1e642..2576e2c7bd 100644 --- a/source4/lib/ldb/ldb_tdb/ldb_cache.c +++ b/source4/lib/ldb/ldb_tdb/ldb_cache.c @@ -92,11 +92,11 @@ static int ltdb_attributes_flags(struct ldb_message_element *el, unsigned *v) } } if (ltdb_valid_attr_flags[j].name == NULL) { - return LDB_ERR_OPERATIONS_ERROR; + return -1; } } *v = value; - return LDB_SUCCESS; + return 0; } /* @@ -118,7 +118,7 @@ static int ltdb_attributes_load(struct ldb_module *module) goto failed; } if (r == LDB_ERR_NO_SUCH_OBJECT) { - return LDB_SUCCESS; + return 0; } /* mapping these flags onto ldap 'syntaxes' isn't strictly correct, but its close enough for now */ @@ -162,9 +162,9 @@ static int ltdb_attributes_load(struct ldb_module *module) } } - return LDB_SUCCESS; + return 0; failed: - return LDB_ERR_OPERATIONS_ERROR; + return -1; } @@ -258,7 +258,7 @@ int ltdb_cache_load(struct ldb_module *module) /* a very fast check to avoid extra database reads */ if (ltdb->cache != NULL && tdb_get_seqnum(ltdb->tdb) == ltdb->tdb_seqnum) { - return LDB_SUCCESS; + return 0; } if (ltdb->cache == NULL) { @@ -344,7 +344,7 @@ int ltdb_cache_load(struct ldb_module *module) goto failed; } - if (ltdb_attributes_load(module) != LDB_SUCCESS) { + if (ltdb_attributes_load(module) == -1) { goto failed; } @@ -353,14 +353,14 @@ done: talloc_free(baseinfo); talloc_free(baseinfo_dn); talloc_free(indexlist_dn); - return LDB_SUCCESS; + return 0; failed: talloc_free(options); talloc_free(baseinfo); talloc_free(baseinfo_dn); talloc_free(indexlist_dn); - return LDB_ERR_OPERATIONS_ERROR; + return -1; } @@ -449,10 +449,10 @@ int ltdb_check_at_attributes_values(const struct ldb_val *value) for (i = 0; ltdb_valid_attr_flags[i].name != NULL; i++) { if ((strcmp(ltdb_valid_attr_flags[i].name, (char *)value->data) == 0)) { - return LDB_SUCCESS; + return 0; } } - return LDB_ERR_OPERATIONS_ERROR; + return -1; } diff --git a/source4/lib/ldb/ldb_tdb/ldb_pack.c b/source4/lib/ldb/ldb_tdb/ldb_pack.c index d96e7590e7..afb07dcbca 100644 --- a/source4/lib/ldb/ldb_tdb/ldb_pack.c +++ b/source4/lib/ldb/ldb_tdb/ldb_pack.c @@ -89,7 +89,7 @@ int ltdb_pack_data(struct ldb_module *module, dn = ldb_dn_get_linearized(message->dn); if (dn == NULL) { errno = ENOMEM; - return LDB_ERR_OPERATIONS_ERROR; + return -1; } /* work out how big it needs to be */ @@ -114,7 +114,7 @@ int ltdb_pack_data(struct ldb_module *module, data->dptr = talloc_array(ldb, uint8_t, size); if (!data->dptr) { errno = ENOMEM; - return LDB_ERR_OPERATIONS_ERROR; + return -1; } data->dsize = size; @@ -147,7 +147,7 @@ int ltdb_pack_data(struct ldb_module *module, } } - return LDB_SUCCESS; + return 0; } /* @@ -207,7 +207,7 @@ int ltdb_unpack_data(struct ldb_module *module, if (message->num_elements == 0) { message->elements = NULL; - return LDB_SUCCESS; + return 0; } if (message->num_elements > remaining / 6) { @@ -281,9 +281,9 @@ int ltdb_unpack_data(struct ldb_module *module, "Error: %d bytes unread in ltdb_unpack_data\n", remaining); } - return LDB_SUCCESS; + return 0; failed: talloc_free(message->elements); - return LDB_ERR_OPERATIONS_ERROR; + return -1; } diff --git a/source4/lib/ldb/ldb_tdb/ldb_search.c b/source4/lib/ldb/ldb_tdb/ldb_search.c index ce7a90e3d5..da899c361e 100644 --- a/source4/lib/ldb/ldb_tdb/ldb_search.c +++ b/source4/lib/ldb/ldb_tdb/ldb_search.c @@ -262,7 +262,7 @@ int ltdb_search_dn1(struct ldb_module *module, struct ldb_dn *dn, struct ldb_mes ret = ltdb_unpack_data(module, &tdb_data, msg); free(tdb_data.dptr); - if (ret != LDB_SUCCESS) { + if (ret == -1) { return LDB_ERR_OPERATIONS_ERROR; } @@ -285,7 +285,7 @@ static int ltdb_lock_read(struct ldb_module *module) if (ltdb->in_transaction == 0) { return tdb_lockall_read(ltdb->tdb); } - return LDB_SUCCESS; + return 0; } /* @@ -297,7 +297,7 @@ static int ltdb_unlock_read(struct ldb_module *module) if (ltdb->in_transaction == 0) { return tdb_unlockall_read(ltdb->tdb); } - return LDB_SUCCESS; + return 0; } /* @@ -317,14 +317,14 @@ int ltdb_add_attr_results(struct ldb_module *module, /* pull the attributes that the user wants */ msg2 = ltdb_pull_attrs(module, mem_ctx, msg, attrs); if (!msg2) { - return LDB_ERR_OPERATIONS_ERROR; + return -1; } /* add to the results list */ res2 = talloc_realloc(mem_ctx, *res, struct ldb_message *, (*count)+2); if (!res2) { talloc_free(msg2); - return LDB_ERR_OPERATIONS_ERROR; + return -1; } (*res) = res2; @@ -333,7 +333,7 @@ int ltdb_add_attr_results(struct ldb_module *module, (*res)[(*count)+1] = NULL; (*count)++; - return LDB_SUCCESS; + return 0; } @@ -356,7 +356,7 @@ int ltdb_filter_attrs(struct ldb_message *msg, const char * const *attrs) if (ldb_attr_cmp(attrs[i], "distinguishedName") == 0) { if (msg_add_distinguished_name(msg) != 0) { - return LDB_ERR_OPERATIONS_ERROR; + return -1; } } } @@ -366,9 +366,9 @@ int ltdb_filter_attrs(struct ldb_message *msg, const char * const *attrs) if (keep_all) { if (msg_add_distinguished_name(msg) != 0) { - return LDB_ERR_OPERATIONS_ERROR; + return -1; } - return LDB_SUCCESS; + return 0; } for (i = 0; i < msg->num_elements; i++) { @@ -387,7 +387,7 @@ int ltdb_filter_attrs(struct ldb_message *msg, const char * const *attrs) } } - return LDB_SUCCESS; + return 0; } /* @@ -402,14 +402,14 @@ static int search_func(struct tdb_context *tdb, TDB_DATA key, TDB_DATA data, voi if (key.dsize < 4 || strncmp((char *)key.dptr, "DN=", 3) != 0) { - return LDB_SUCCESS; + return 0; } ares = talloc_zero(ac, struct ldb_reply); if (!ares) { handle->status = LDB_ERR_OPERATIONS_ERROR; handle->state = LDB_ASYNC_DONE; - return LDB_ERR_OPERATIONS_ERROR; + return -1; } ares->message = ldb_msg_new(ares); @@ -417,14 +417,14 @@ static int search_func(struct tdb_context *tdb, TDB_DATA key, TDB_DATA data, voi handle->status = LDB_ERR_OPERATIONS_ERROR; handle->state = LDB_ASYNC_DONE; talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; + return -1; } /* unpack the record */ ret = ltdb_unpack_data(ac->module, &data, ares->message); - if (ret) { + if (ret == -1) { talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; + return -1; } if (!ares->message->dn) { @@ -433,7 +433,7 @@ static int search_func(struct tdb_context *tdb, TDB_DATA key, TDB_DATA data, voi handle->status = LDB_ERR_OPERATIONS_ERROR; handle->state = LDB_ASYNC_DONE; talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; + return -1; } } @@ -441,17 +441,17 @@ static int search_func(struct tdb_context *tdb, TDB_DATA key, TDB_DATA data, voi if (!ldb_match_msg(ac->module->ldb, ares->message, ac->tree, ac->base, ac->scope)) { talloc_free(ares); - return LDB_SUCCESS; + return 0; } /* filter the attributes that the user wants */ ret = ltdb_filter_attrs(ares->message, ac->attrs); - if (ret != LDB_SUCCESS) { + if (ret == -1) { handle->status = LDB_ERR_OPERATIONS_ERROR; handle->state = LDB_ASYNC_DONE; talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; + return -1; } ares->type = LDB_REPLY_ENTRY; @@ -460,10 +460,10 @@ static int search_func(struct tdb_context *tdb, TDB_DATA key, TDB_DATA data, voi if (handle->status != LDB_SUCCESS) { /* don't try to free ares here, the callback is in charge of that */ - return LDB_ERR_OPERATIONS_ERROR; + return -1; } - return LDB_SUCCESS; + return 0; } diff --git a/source4/lib/ldb/ldb_tdb/ldb_tdb.c b/source4/lib/ldb/ldb_tdb/ldb_tdb.c index b711efd1fa..01d570c89a 100644 --- a/source4/lib/ldb/ldb_tdb/ldb_tdb.c +++ b/source4/lib/ldb/ldb_tdb/ldb_tdb.c @@ -174,7 +174,7 @@ int ltdb_check_special_dn(struct ldb_module *module, if (! ldb_dn_is_special(msg->dn) || ! ldb_dn_check_special(msg->dn, LTDB_ATTRIBUTES)) { - return LDB_SUCCESS; + return 0; } /* we have @ATTRIBUTES, let's check attributes are fine */ @@ -188,7 +188,7 @@ int ltdb_check_special_dn(struct ldb_module *module, } } - return LDB_SUCCESS; + return 0; } @@ -231,7 +231,7 @@ int ltdb_store(struct ldb_module *module, const struct ldb_message *msg, int flg } ret = ltdb_pack_data(module, msg, &tdb_data); - if (ret != LDB_SUCCESS) { + if (ret == -1) { talloc_free(tdb_key.dptr); return LDB_ERR_OTHER; } @@ -626,7 +626,7 @@ int ltdb_modify_internal(struct ldb_module *module, } ret = ltdb_unpack_data(module, &tdb_data, msg2); - if (ret != LDB_SUCCESS) { + if (ret == -1) { ret = LDB_ERR_OTHER; goto failed; } @@ -1069,7 +1069,7 @@ static int ltdb_connect(struct ldb_context *ldb, const char *url, if (strncmp(url, "tdb://", 6) != 0) { ldb_debug(ldb, LDB_DEBUG_ERROR, "Invalid tdb URL '%s'", url); - return LDB_ERR_OPERATIONS_ERROR; + return -1; } path = url+6; } else { @@ -1097,7 +1097,7 @@ static int ltdb_connect(struct ldb_context *ldb, const char *url, ltdb = talloc_zero(ldb, struct ltdb_private); if (!ltdb) { ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; + return -1; } /* note that we use quite a large default hash size */ @@ -1108,7 +1108,7 @@ static int ltdb_connect(struct ldb_context *ldb, const char *url, ldb_debug(ldb, LDB_DEBUG_ERROR, "Unable to open tdb '%s'\n", path); talloc_free(ltdb); - return LDB_ERR_OPERATIONS_ERROR; + return -1; } ltdb->sequence_number = 0; @@ -1117,7 +1117,7 @@ static int ltdb_connect(struct ldb_context *ldb, const char *url, if (!module) { ldb_oom(ldb); talloc_free(ltdb); - return LDB_ERR_OPERATIONS_ERROR; + return -1; } talloc_set_name_const(*module, "ldb_tdb backend"); (*module)->ldb = ldb; @@ -1128,10 +1128,10 @@ static int ltdb_connect(struct ldb_context *ldb, const char *url, if (ltdb_cache_load(*module) != 0) { talloc_free(*module); talloc_free(ltdb); - return LDB_ERR_OPERATIONS_ERROR; + return -1; } - return LDB_SUCCESS; + return 0; } const struct ldb_backend_ops ldb_tdb_backend_ops = { diff --git a/source4/lib/ldb/ldb_tdb/ldb_tdb_wrap.c b/source4/lib/ldb/ldb_tdb/ldb_tdb_wrap.c index 9d856355be..4fea43c8c8 100644 --- a/source4/lib/ldb/ldb_tdb/ldb_tdb_wrap.c +++ b/source4/lib/ldb/ldb_tdb/ldb_tdb_wrap.c @@ -53,7 +53,7 @@ static int ltdb_wrap_destructor(struct ltdb_wrap *w) if (w == tdb_list) { tdb_list = w->next; } - return LDB_SUCCESS; + return 0; } static void ltdb_log_fn(struct tdb_context *tdb, enum tdb_debug_level level, const char *fmt, ...) PRINTF_ATTRIBUTE(3, 4); diff --git a/source4/lib/ldb/modules/operational.c b/source4/lib/ldb/modules/operational.c index 716f34d660..a59e81becd 100644 --- a/source4/lib/ldb/modules/operational.c +++ b/source4/lib/ldb/modules/operational.c @@ -158,13 +158,13 @@ static int operational_search_post_process(struct ldb_module *module, } } - return LDB_SUCCESS; + return 0; failed: ldb_debug_set(module->ldb, LDB_DEBUG_WARNING, "operational_search_post_process failed for attribute '%s'\n", attrs[a]); - return LDB_ERR_OPERATIONS_ERROR; + return -1; } diff --git a/source4/lib/ldb/modules/paged_results.c b/source4/lib/ldb/modules/paged_results.c index c7296a1edf..b62b1f92cb 100644 --- a/source4/lib/ldb/modules/paged_results.c +++ b/source4/lib/ldb/modules/paged_results.c @@ -86,7 +86,7 @@ int store_destructor(struct results_store *store) store->priv->store = NULL; } - return LDB_SUCCESS; + return 0; } static struct results_store *new_store(struct private_data *priv) diff --git a/source4/lib/ldb/modules/skel.c b/source4/lib/ldb/modules/skel.c index 15df46354b..0cd29ac4b7 100644 --- a/source4/lib/ldb/modules/skel.c +++ b/source4/lib/ldb/modules/skel.c @@ -90,7 +90,7 @@ static int skel_destructor(struct ldb_module *ctx) struct private_data *data = talloc_get_type(ctx->private_data, struct private_data); /* put your clean-up functions here */ if (data->some_private_data) talloc_free(data->some_private_data); - return LDB_SUCCESS; + return 0; } static int skel_request(struct ldb_module *module, struct ldb_request *req) diff --git a/source4/lib/ldb_wrap.c b/source4/lib/ldb_wrap.c index 8082f4fac5..6c683a1e33 100644 --- a/source4/lib/ldb_wrap.c +++ b/source4/lib/ldb_wrap.c @@ -84,7 +84,7 @@ static int ldb_wrap_destructor(struct ldb_context *ldb) smb_panic("probable memory leak in ldb"); #endif } - return LDB_SUCCESS; + return 0; } /* -- cgit From ff542275c3e2bf432bcc303e95124374ada03675 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 23 Sep 2008 20:01:06 -0700 Subject: stricter checking of SMB2 echo body (per the spec) thanks to the bluearc test suite --- source4/smb_server/smb2/keepalive.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/smb_server/smb2/keepalive.c b/source4/smb_server/smb2/keepalive.c index f40bcc485c..d1a0ef3d72 100644 --- a/source4/smb_server/smb2/keepalive.c +++ b/source4/smb_server/smb2/keepalive.c @@ -54,11 +54,16 @@ void smb2srv_keepalive_recv(struct smb2srv_request *req) { uint16_t _pad; - if (req->in.body_size < 0x04) { + if (req->in.body_size != 0x04) { smb2srv_send_error(req, NT_STATUS_FOOBAR); return; } + if (SVAL(req->in.body, 0x00) != 0x04) { + smb2srv_send_error(req, NT_STATUS_INVALID_PARAMETER); + return; + } + _pad = SVAL(req->in.body, 0x02); req->status = smb2srv_keepalive_backend(req); -- cgit From 71ae732669d641cf8b3fd7f6fa73ead4634178f1 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 24 Sep 2008 08:58:16 -0700 Subject: fixed error code for bad keepalive --- source4/smb_server/smb2/keepalive.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/smb_server/smb2/keepalive.c b/source4/smb_server/smb2/keepalive.c index d1a0ef3d72..ff47d594f0 100644 --- a/source4/smb_server/smb2/keepalive.c +++ b/source4/smb_server/smb2/keepalive.c @@ -55,7 +55,7 @@ void smb2srv_keepalive_recv(struct smb2srv_request *req) uint16_t _pad; if (req->in.body_size != 0x04) { - smb2srv_send_error(req, NT_STATUS_FOOBAR); + smb2srv_send_error(req, NT_STATUS_INVALID_PARAMETER); return; } -- cgit From 9fcafbb42cbe759711db4a47c2969bd34229e4a0 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 24 Sep 2008 11:28:58 -0700 Subject: support NT_STATUS_XX:NT_STATUS_YY syntax in ignore files --- source4/torture/gentest.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/torture/gentest.c b/source4/torture/gentest.c index 176fc035e7..1b8f97596b 100644 --- a/source4/torture/gentest.c +++ b/source4/torture/gentest.c @@ -1165,6 +1165,8 @@ static void idle_func_smb2(struct smb2_transport *transport, void *private) */ static bool compare_status(NTSTATUS status1, NTSTATUS status2) { + char *s; + if (NT_STATUS_EQUAL(status1, status2)) return true; /* one code being an error and the other OK is always an error */ @@ -1178,6 +1180,18 @@ static bool compare_status(NTSTATUS status1, NTSTATUS status2) ignore_pattern(nt_errstr(status2))) { return true; } + + /* also support ignore patterns of the form NT_STATUS_XX:NT_STATUS_YY + meaning that the first server returns NT_STATUS_XX and the 2nd + returns NT_STATUS_YY */ + s = talloc_asprintf(current_op.mem_ctx, "%s:%s", + nt_errstr(status1), + nt_errstr(status2)); + printf("pattern: %s\n", s); + if (ignore_pattern(s)) { + return true; + } + current_op.mismatch = nt_errstr(status1); return false; } @@ -1348,7 +1362,7 @@ again: } \ current_op.status = status[0]; \ for (i=1;i Date: Wed, 24 Sep 2008 15:40:55 -0700 Subject: fixed uninitialised variable bug --- source4/libcli/clideltree.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source4') diff --git a/source4/libcli/clideltree.c b/source4/libcli/clideltree.c index d59a03f194..28563d918e 100644 --- a/source4/libcli/clideltree.c +++ b/source4/libcli/clideltree.c @@ -91,6 +91,7 @@ int smbcli_deltree(struct smbcli_tree *tree, const char *dname) dstate.failed = false; /* it might be a file */ + status = smbcli_unlink(tree, dname); if (NT_STATUS_IS_OK(smbcli_unlink(tree, dname))) { return 1; } -- cgit From 76835f103ec65bb00ff3ca11015176ea2f5ecb06 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 24 Sep 2008 17:17:41 -0700 Subject: fixed setpathinfo in gentest to not zero the filename/handle --- source4/torture/gentest.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) (limited to 'source4') diff --git a/source4/torture/gentest.c b/source4/torture/gentest.c index 1b8f97596b..fecdfda56e 100644 --- a/source4/torture/gentest.c +++ b/source4/torture/gentest.c @@ -1187,7 +1187,6 @@ static bool compare_status(NTSTATUS status1, NTSTATUS status2) s = talloc_asprintf(current_op.mem_ctx, "%s:%s", nt_errstr(status1), nt_errstr(status2)); - printf("pattern: %s\n", s); if (ignore_pattern(s)) { return true; } @@ -2393,9 +2392,8 @@ static bool handler_smb_spathinfo(int instance) union smb_setfileinfo parm[NSERVERS]; NTSTATUS status[NSERVERS]; - parm[0].generic.in.file.path = gen_fname_open(instance); - gen_setfileinfo(instance, &parm[0]); + parm[0].generic.in.file.path = gen_fname_open(instance); GEN_COPY_PARM; @@ -2764,9 +2762,8 @@ static bool handler_smb2_sfileinfo(int instance) union smb_setfileinfo parm[NSERVERS]; NTSTATUS status[NSERVERS]; - parm[0].generic.in.file.fnum = gen_fnum(instance); - gen_setfileinfo(instance, &parm[0]); + parm[0].generic.in.file.fnum = gen_fnum(instance); GEN_COPY_PARM; GEN_SET_FNUM_SMB2(generic.in.file.handle); -- cgit From 9a50009430e2da70d3753c36d66e4168c27029d9 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 24 Sep 2008 17:18:29 -0700 Subject: check error code for zero desired_access in SMB2 create --- source4/torture/smb2/create.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'source4') diff --git a/source4/torture/smb2/create.c b/source4/torture/smb2/create.c index 4d1b4a7ed0..124e244151 100644 --- a/source4/torture/smb2/create.c +++ b/source4/torture/smb2/create.c @@ -256,6 +256,13 @@ static bool test_create_gentest(struct torture_context *torture, struct smb2_tre status = smb2_getinfo_file(tree, tmp_ctx, &q); CHECK_STATUS(status, NT_STATUS_OK); CHECK_EQUAL(q.access_information.out.access_flags, io.in.desired_access); + + io.in.file_attributes = 0; + io.in.desired_access = 0; + io.in.query_maximal_access = false; + io.in.share_access = 0; + status = smb2_create(tree, tmp_ctx, &io); + CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED); talloc_free(tmp_ctx); -- cgit From 38e70dc47aae6b3bd7ddbcda61e0989f8d659f2b Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 24 Sep 2008 17:19:36 -0700 Subject: be friendlier in smb2_deltree to some of the SMB2 implementations that don't handle SEC_FLAG_MAXIMUM_ALLOWED --- source4/libcli/smb2/util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/libcli/smb2/util.c b/source4/libcli/smb2/util.c index b149b3d6ce..a360d8fbdf 100644 --- a/source4/libcli/smb2/util.c +++ b/source4/libcli/smb2/util.c @@ -138,7 +138,7 @@ int smb2_deltree(struct smb2_tree *tree, const char *dname) } ZERO_STRUCT(create_parm); - create_parm.in.desired_access = SEC_FLAG_MAXIMUM_ALLOWED; + create_parm.in.desired_access = SEC_FILE_READ_DATA; create_parm.in.share_access = NTCREATEX_SHARE_ACCESS_READ| NTCREATEX_SHARE_ACCESS_WRITE; -- cgit From 9cf3d82d6366e11d1ffee89d405083b7a577c6d6 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 24 Sep 2008 17:20:28 -0700 Subject: added the structure for LINK_INFORMATION setfileinfo call --- source4/libcli/raw/interfaces.h | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'source4') diff --git a/source4/libcli/raw/interfaces.h b/source4/libcli/raw/interfaces.h index 20ed441435..c2269cbbc2 100644 --- a/source4/libcli/raw/interfaces.h +++ b/source4/libcli/raw/interfaces.h @@ -904,6 +904,7 @@ enum smb_setfileinfo_level { RAW_SFILEINFO_UNIX_HLINK = SMB_SFILEINFO_UNIX_HLINK, RAW_SFILEINFO_BASIC_INFORMATION = SMB_SFILEINFO_BASIC_INFORMATION, RAW_SFILEINFO_RENAME_INFORMATION = SMB_SFILEINFO_RENAME_INFORMATION, + RAW_SFILEINFO_LINK_INFORMATION = SMB_SFILEINFO_LINK_INFORMATION, RAW_SFILEINFO_DISPOSITION_INFORMATION = SMB_SFILEINFO_DISPOSITION_INFORMATION, RAW_SFILEINFO_POSITION_INFORMATION = SMB_SFILEINFO_POSITION_INFORMATION, RAW_SFILEINFO_FULL_EA_INFORMATION = SMB_SFILEINFO_FULL_EA_INFORMATION, @@ -984,6 +985,7 @@ union smb_setfileinfo { NTTIME write_time; NTTIME change_time; uint32_t attrib; + uint32_t reserved; } in; } basic_info; @@ -1029,6 +1031,17 @@ union smb_setfileinfo { } in; } rename_information; + /* RAW_SFILEINFO_LINK_INFORMATION interface */ + struct { + enum smb_setfileinfo_level level; + struct { + union smb_handle_or_path file; + uint8_t overwrite; + uint64_t root_fid; + const char *new_name; + } in; + } link_information; + /* RAW_SFILEINFO_POSITION_INFORMATION interface */ struct { enum smb_setfileinfo_level level; -- cgit From b1f17b23fe58acba924ce11bb8ec700cd2a1bd7e Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 24 Sep 2008 17:26:42 -0700 Subject: - use the current dialect first, for servers that only look at the first dialect - allow override of SMB2 port in client code --- source4/libcli/smb2/connect.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) (limited to 'source4') diff --git a/source4/libcli/smb2/connect.c b/source4/libcli/smb2/connect.c index 43151943d3..e0b75a2542 100644 --- a/source4/libcli/smb2/connect.c +++ b/source4/libcli/smb2/connect.c @@ -27,6 +27,7 @@ #include "libcli/composite/composite.h" #include "libcli/resolve/resolve.h" #include "param/param.h" +#include "lib/cmdline/popt_common.h" struct smb2_connect_state { struct cli_credentials *credentials; @@ -184,8 +185,8 @@ static void continue_socket(struct composite_context *creq) } state->negprot.in.capabilities = 0; unix_to_nt_time(&state->negprot.in.start_time, time(NULL)); - dialects[0] = 0; - dialects[1] = SMB2_DIALECT_REVISION; + dialects[0] = SMB2_DIALECT_REVISION; + dialects[1] = 0; state->negprot.in.dialects = dialects; req = smb2_negprot_send(transport, &state->negprot); @@ -206,7 +207,13 @@ static void continue_resolve(struct composite_context *creq) struct smb2_connect_state *state = talloc_get_type(c->private_data, struct smb2_connect_state); const char *addr; - const char *ports[2] = { "445", NULL }; + const char **ports; + const char *default_ports[] = { "445", NULL }; + + ports = lp_parm_string_list(state, cmdline_lp_ctx, NULL, "smb2", "ports", NULL); + if (ports == NULL) { + ports = default_ports; + } c->status = resolve_name_recv(creq, state, &addr); if (!composite_is_ok(c)) return; -- cgit From 4904882fed1e3b72ba45052323c95c0fda301d64 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 24 Sep 2008 17:28:58 -0700 Subject: - SMB2 uses INVALID_PARAMETER not BUFFER_TOO_SMALL for buffer size errors - added a s32o16 buffer function --- source4/libcli/smb2/request.c | 54 +++++++++++++++++++++++++++++++------------ 1 file changed, 39 insertions(+), 15 deletions(-) (limited to 'source4') diff --git a/source4/libcli/smb2/request.c b/source4/libcli/smb2/request.c index 64d427f889..137e2f2f12 100644 --- a/source4/libcli/smb2/request.c +++ b/source4/libcli/smb2/request.c @@ -279,7 +279,7 @@ NTSTATUS smb2_pull_o16s16_blob(struct smb2_request_buffer *buf, TALLOC_CTX *mem_ { uint16_t ofs, size; if (smb2_oob(buf, ptr, 4)) { - return NT_STATUS_BUFFER_TOO_SMALL; + return NT_STATUS_INVALID_PARAMETER; } ofs = SVAL(ptr, 0); size = SVAL(ptr, 2); @@ -288,7 +288,7 @@ NTSTATUS smb2_pull_o16s16_blob(struct smb2_request_buffer *buf, TALLOC_CTX *mem_ return NT_STATUS_OK; } if (smb2_oob(buf, buf->hdr + ofs, size)) { - return NT_STATUS_BUFFER_TOO_SMALL; + return NT_STATUS_INVALID_PARAMETER; } *blob = data_blob_talloc(mem_ctx, buf->hdr + ofs, size); NT_STATUS_HAVE_NO_MEMORY(blob->data); @@ -315,12 +315,12 @@ NTSTATUS smb2_push_o16s16_blob(struct smb2_request_buffer *buf, /* we have only 16 bit for the size */ if (blob.length > 0xFFFF) { - return NT_STATUS_BUFFER_TOO_SMALL; + return NT_STATUS_INVALID_PARAMETER; } /* check if there're enough room for ofs and size */ if (smb2_oob(buf, ptr, 4)) { - return NT_STATUS_BUFFER_TOO_SMALL; + return NT_STATUS_INVALID_PARAMETER; } if (blob.data == NULL) { @@ -376,7 +376,7 @@ NTSTATUS smb2_push_o16s32_blob(struct smb2_request_buffer *buf, /* check if there're enough room for ofs and size */ if (smb2_oob(buf, ptr, 6)) { - return NT_STATUS_BUFFER_TOO_SMALL; + return NT_STATUS_INVALID_PARAMETER; } if (blob.data == NULL) { @@ -432,7 +432,7 @@ NTSTATUS smb2_push_o32s32_blob(struct smb2_request_buffer *buf, /* check if there're enough room for ofs and size */ if (smb2_oob(buf, ptr, 8)) { - return NT_STATUS_BUFFER_TOO_SMALL; + return NT_STATUS_INVALID_PARAMETER; } if (blob.data == NULL) { @@ -488,7 +488,7 @@ NTSTATUS smb2_push_s32o32_blob(struct smb2_request_buffer *buf, /* check if there're enough room for ofs and size */ if (smb2_oob(buf, ptr, 8)) { - return NT_STATUS_BUFFER_TOO_SMALL; + return NT_STATUS_INVALID_PARAMETER; } if (blob.data == NULL) { @@ -533,7 +533,7 @@ NTSTATUS smb2_pull_o16s32_blob(struct smb2_request_buffer *buf, TALLOC_CTX *mem_ uint32_t size; if (smb2_oob(buf, ptr, 6)) { - return NT_STATUS_BUFFER_TOO_SMALL; + return NT_STATUS_INVALID_PARAMETER; } ofs = SVAL(ptr, 0); size = IVAL(ptr, 2); @@ -542,7 +542,7 @@ NTSTATUS smb2_pull_o16s32_blob(struct smb2_request_buffer *buf, TALLOC_CTX *mem_ return NT_STATUS_OK; } if (smb2_oob(buf, buf->hdr + ofs, size)) { - return NT_STATUS_BUFFER_TOO_SMALL; + return NT_STATUS_INVALID_PARAMETER; } *blob = data_blob_talloc(mem_ctx, buf->hdr + ofs, size); NT_STATUS_HAVE_NO_MEMORY(blob->data); @@ -557,7 +557,7 @@ NTSTATUS smb2_pull_o32s32_blob(struct smb2_request_buffer *buf, TALLOC_CTX *mem_ { uint32_t ofs, size; if (smb2_oob(buf, ptr, 8)) { - return NT_STATUS_BUFFER_TOO_SMALL; + return NT_STATUS_INVALID_PARAMETER; } ofs = IVAL(ptr, 0); size = IVAL(ptr, 4); @@ -566,7 +566,7 @@ NTSTATUS smb2_pull_o32s32_blob(struct smb2_request_buffer *buf, TALLOC_CTX *mem_ return NT_STATUS_OK; } if (smb2_oob(buf, buf->hdr + ofs, size)) { - return NT_STATUS_BUFFER_TOO_SMALL; + return NT_STATUS_INVALID_PARAMETER; } *blob = data_blob_talloc(mem_ctx, buf->hdr + ofs, size); NT_STATUS_HAVE_NO_MEMORY(blob->data); @@ -584,7 +584,7 @@ NTSTATUS smb2_pull_o16As32_blob(struct smb2_request_buffer *buf, TALLOC_CTX *mem { uint32_t ofs, size; if (smb2_oob(buf, ptr, 8)) { - return NT_STATUS_BUFFER_TOO_SMALL; + return NT_STATUS_INVALID_PARAMETER; } ofs = SVAL(ptr, 0); size = IVAL(ptr, 4); @@ -593,7 +593,7 @@ NTSTATUS smb2_pull_o16As32_blob(struct smb2_request_buffer *buf, TALLOC_CTX *mem return NT_STATUS_OK; } if (smb2_oob(buf, buf->hdr + ofs, size)) { - return NT_STATUS_BUFFER_TOO_SMALL; + return NT_STATUS_INVALID_PARAMETER; } *blob = data_blob_talloc(mem_ctx, buf->hdr + ofs, size); NT_STATUS_HAVE_NO_MEMORY(blob->data); @@ -608,7 +608,7 @@ NTSTATUS smb2_pull_s32o32_blob(struct smb2_request_buffer *buf, TALLOC_CTX *mem_ { uint32_t ofs, size; if (smb2_oob(buf, ptr, 8)) { - return NT_STATUS_BUFFER_TOO_SMALL; + return NT_STATUS_INVALID_PARAMETER; } size = IVAL(ptr, 0); ofs = IVAL(ptr, 4); @@ -617,7 +617,31 @@ NTSTATUS smb2_pull_s32o32_blob(struct smb2_request_buffer *buf, TALLOC_CTX *mem_ return NT_STATUS_OK; } if (smb2_oob(buf, buf->hdr + ofs, size)) { - return NT_STATUS_BUFFER_TOO_SMALL; + return NT_STATUS_INVALID_PARAMETER; + } + *blob = data_blob_talloc(mem_ctx, buf->hdr + ofs, size); + NT_STATUS_HAVE_NO_MEMORY(blob->data); + return NT_STATUS_OK; +} + +/* + pull a uint32_t length/ uint16_t ofs/blob triple from a data blob + the ptr points to the start of the offset/length pair +*/ +NTSTATUS smb2_pull_s32o16_blob(struct smb2_request_buffer *buf, TALLOC_CTX *mem_ctx, uint8_t *ptr, DATA_BLOB *blob) +{ + uint32_t ofs, size; + if (smb2_oob(buf, ptr, 8)) { + return NT_STATUS_INVALID_PARAMETER; + } + size = IVAL(ptr, 0); + ofs = SVAL(ptr, 4); + if (ofs == 0) { + *blob = data_blob(NULL, 0); + return NT_STATUS_OK; + } + if (smb2_oob(buf, buf->hdr + ofs, size)) { + return NT_STATUS_INVALID_PARAMETER; } *blob = data_blob_talloc(mem_ctx, buf->hdr + ofs, size); NT_STATUS_HAVE_NO_MEMORY(blob->data); -- cgit From d3c6c71ff2d5499be152785a49ad128641330b40 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 24 Sep 2008 17:31:57 -0700 Subject: zero access mask should give ACCESS_DENIED --- source4/ntvfs/posix/pvfs_acl.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source4') diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index 57a463aba6..06a4e69004 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -511,6 +511,10 @@ NTSTATUS pvfs_access_check(struct pvfs_state *pvfs, NTSTATUS status; struct security_descriptor *sd; + if (*access_mask == 0) { + return NT_STATUS_ACCESS_DENIED; + } + if (pvfs_read_only(pvfs, *access_mask)) { return NT_STATUS_ACCESS_DENIED; } -- cgit From 7e57626d1d5a4497ecf5b4c741b8486e7ab97733 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 24 Sep 2008 17:32:47 -0700 Subject: the offset is 16 bits in SMB2 fileinfo --- source4/smb_server/smb2/fileinfo.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/smb_server/smb2/fileinfo.c b/source4/smb_server/smb2/fileinfo.c index 6c4b8f33d5..82b006c4a1 100644 --- a/source4/smb_server/smb2/fileinfo.c +++ b/source4/smb_server/smb2/fileinfo.c @@ -369,7 +369,7 @@ void smb2srv_setinfo_recv(struct smb2srv_request *req) SMB2SRV_SETUP_NTVFS_REQUEST(smb2srv_setinfo_send, NTVFS_ASYNC_STATE_MAY_ASYNC); info->in.level = SVAL(req->in.body, 0x02); - SMB2SRV_CHECK(smb2_pull_s32o32_blob(&req->in, info, req->in.body+0x04, &info->in.blob)); + SMB2SRV_CHECK(smb2_pull_s32o16_blob(&req->in, info, req->in.body+0x04, &info->in.blob)); info->in.flags = IVAL(req->in.body, 0x0C); info->in.file.ntvfs = smb2srv_pull_handle(req, req->in.body, 0x10); -- cgit From a3536c4c06d9725b2e96b9a3ddc1ab14e47f472c Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 24 Sep 2008 17:33:15 -0700 Subject: check for a 0 byte in the buffer in SMB2 read --- source4/smb_server/smb2/fileio.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'source4') diff --git a/source4/smb_server/smb2/fileio.c b/source4/smb_server/smb2/fileio.c index 2c322ea587..4f4402ba33 100644 --- a/source4/smb_server/smb2/fileio.c +++ b/source4/smb_server/smb2/fileio.c @@ -254,6 +254,12 @@ void smb2srv_read_recv(struct smb2srv_request *req) union smb_read *io; SMB2SRV_CHECK_BODY_SIZE(req, 0x30, true); + + /* MS-SMB2 2.2.19 read must have a single byte of zero */ + if (req->in.body_size - req->in.body_fixed < 1) { + smb2srv_send_error(req, NT_STATUS_INVALID_PARAMETER); + return; + } SMB2SRV_TALLOC_IO_PTR(io, union smb_read); SMB2SRV_SETUP_NTVFS_REQUEST(smb2srv_read_send, NTVFS_ASYNC_STATE_MAY_ASYNC); -- cgit From 49c80cea0bc00a88336fc9bd4bb332a7a399afd5 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 24 Sep 2008 17:34:04 -0700 Subject: cope with body_size zero in SMB2 receive --- source4/smb_server/smb2/smb2_server.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/smb_server/smb2/smb2_server.h b/source4/smb_server/smb2/smb2_server.h index d45e0861af..431add4ed9 100644 --- a/source4/smb_server/smb2/smb2_server.h +++ b/source4/smb_server/smb2/smb2_server.h @@ -75,7 +75,7 @@ struct smbsrv_request; /* useful way of catching field size errors with file and line number */ #define SMB2SRV_CHECK_BODY_SIZE(req, size, dynamic) do { \ size_t is_size = req->in.body_size; \ - uint16_t field_size = SVAL(req->in.body, 0); \ + uint16_t field_size; \ uint16_t want_size = ((dynamic)?(size)+1:(size)); \ if (is_size < (size)) { \ DEBUG(0,("%s: buffer too small 0x%x. Expected 0x%x\n", \ @@ -83,6 +83,7 @@ struct smbsrv_request; smb2srv_send_error(req, NT_STATUS_INVALID_PARAMETER); \ return; \ }\ + field_size = SVAL(req->in.body, 0); \ if (field_size != want_size) { \ DEBUG(0,("%s: unexpected fixed body size 0x%x. Expected 0x%x\n", \ __location__, (unsigned)field_size, (unsigned)want_size)); \ -- cgit From 59847fd6b6c208377f8b1bcb32347d7c4ab16911 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 24 Sep 2008 17:34:35 -0700 Subject: log stream termination --- source4/smbd/service_stream.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source4') diff --git a/source4/smbd/service_stream.c b/source4/smbd/service_stream.c index f27560f6ee..48eda46dc7 100644 --- a/source4/smbd/service_stream.c +++ b/source4/smbd/service_stream.c @@ -61,6 +61,8 @@ void stream_terminate_connection(struct stream_connection *srv_conn, const char if (!reason) reason = "unknown reason"; + DEBUG(3,("Terminating connection - '%s'\n", reason)); + srv_conn->terminate = reason; if (srv_conn->processing) { -- cgit From 63685c7d02f2364344fd8d4a3307ee36716e4a66 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 24 Sep 2008 17:34:58 -0700 Subject: record highest seq number in SMB2 to check for seqnum going backwards --- source4/smb_server/smb_server.h | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source4') diff --git a/source4/smb_server/smb_server.h b/source4/smb_server/smb_server.h index 4676fc3e9c..b3c3122765 100644 --- a/source4/smb_server/smb_server.h +++ b/source4/smb_server/smb_server.h @@ -386,6 +386,8 @@ struct smbsrv_connection { struct loadparm_context *lp_ctx; bool smb2_signing_required; + + uint64_t highest_smb2_seqnum; }; struct model_ops; -- cgit From 742a99e046313760a281da67eb3ba6e7fcfa8fa6 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 24 Sep 2008 17:36:24 -0700 Subject: - add reserved field in basic_information level - use INVALID_PARAMETER for info length mismatch to match windows behaviour - added parsing of LINK_INFORMATION level --- source4/smb_server/blob.c | 28 +++++++++++++++++++++++++--- 1 file changed, 25 insertions(+), 3 deletions(-) (limited to 'source4') diff --git a/source4/smb_server/blob.c b/source4/smb_server/blob.c index 368b81d18e..4f018a5143 100644 --- a/source4/smb_server/blob.c +++ b/source4/smb_server/blob.c @@ -35,7 +35,7 @@ #define BLOB_CHECK_MIN_SIZE(blob, size) do { \ if ((blob)->length < (size)) { \ - return NT_STATUS_INFO_LENGTH_MISMATCH; \ + return NT_STATUS_INVALID_PARAMETER; \ } \ } while (0) @@ -530,13 +530,14 @@ NTSTATUS smbsrv_pull_passthru_sfileinfo(TALLOC_CTX *mem_ctx, switch (level) { case SMB_SFILEINFO_BASIC_INFORMATION: - BLOB_CHECK_MIN_SIZE(blob, 36); + BLOB_CHECK_MIN_SIZE(blob, 40); st->basic_info.in.create_time = pull_nttime(blob->data, 0); st->basic_info.in.access_time = pull_nttime(blob->data, 8); st->basic_info.in.write_time = pull_nttime(blob->data, 16); st->basic_info.in.change_time = pull_nttime(blob->data, 24); - st->basic_info.in.attrib = IVAL(blob->data, 32); + st->basic_info.in.attrib = IVAL(blob->data, 32); + st->basic_info.in.reserved = IVAL(blob->data, 36); return NT_STATUS_OK; @@ -581,6 +582,27 @@ NTSTATUS smbsrv_pull_passthru_sfileinfo(TALLOC_CTX *mem_ctx, return NT_STATUS_OK; + + case RAW_SFILEINFO_LINK_INFORMATION: + if (!bufinfo) { + return NT_STATUS_INTERNAL_ERROR; + } + BLOB_CHECK_MIN_SIZE(blob, 20); + st->link_information.in.overwrite = CVAL(blob->data, 0); + st->link_information.in.root_fid = IVAL(blob->data, 8); + len = IVAL(blob->data, 16); + ofs = 20; + str_blob = *blob; + str_blob.length = MIN(str_blob.length, ofs+len); + smbsrv_blob_pull_string(bufinfo, &str_blob, ofs, + &st->link_information.in.new_name, + STR_UNICODE); + if (st->link_information.in.new_name == NULL) { + return NT_STATUS_FOOBAR; + } + + return NT_STATUS_OK; + case RAW_SFILEINFO_RENAME_INFORMATION_SMB2: /* SMB2 uses a different format for rename information */ if (!bufinfo) { -- cgit From 5a5e2df5694c5dc1be2692e8547370bcdfc58ad0 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 24 Sep 2008 17:41:36 -0700 Subject: for use in python we need to use global_loadparm --- source4/libcli/smb2/connect.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/libcli/smb2/connect.c b/source4/libcli/smb2/connect.c index e0b75a2542..db2f97bb94 100644 --- a/source4/libcli/smb2/connect.c +++ b/source4/libcli/smb2/connect.c @@ -210,7 +210,7 @@ static void continue_resolve(struct composite_context *creq) const char **ports; const char *default_ports[] = { "445", NULL }; - ports = lp_parm_string_list(state, cmdline_lp_ctx, NULL, "smb2", "ports", NULL); + ports = lp_parm_string_list(state, global_loadparm, NULL, "smb2", "ports", NULL); if (ports == NULL) { ports = default_ports; } -- cgit From eb5b3f50d17dfca198304d636033ad93410d570f Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 24 Sep 2008 17:45:48 -0700 Subject: we should terminate the connection on a bad negprot packet size --- source4/smb_server/smb2/negprot.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4') diff --git a/source4/smb_server/smb2/negprot.c b/source4/smb_server/smb2/negprot.c index d64b36d659..49a2d12ef4 100644 --- a/source4/smb_server/smb2/negprot.c +++ b/source4/smb_server/smb2/negprot.c @@ -192,7 +192,7 @@ void smb2srv_negprot_recv(struct smb2srv_request *req) enum ndr_err_code ndr_err; if (req->in.body_size < 0x26) { - smb2srv_send_error(req, NT_STATUS_FOOBAR); + smbsrv_terminate_connection(req->smb_conn, "Bad body size in SMB2 negprot"); return; } @@ -209,7 +209,7 @@ void smb2srv_negprot_recv(struct smb2srv_request *req) io->in.capabilities = IVAL(req->in.body, 0x08); ndr_err = smbcli_pull_guid(req->in.body, 0xC, &io->in.client_guid); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - smbsrv_terminate_connection(req->smb_conn, nt_errstr(NT_STATUS_FOOBAR)); + smbsrv_terminate_connection(req->smb_conn, "Bad GUID in SMB2 negprot"); talloc_free(req); return; } -- cgit From d2bdb8fb1685d7ab2f23a4c4169bcc2e5c97f675 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 24 Sep 2008 17:58:15 -0700 Subject: empty access mask is only denied on SMB2 --- source4/ntvfs/posix/pvfs_acl.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index 06a4e69004..d479f1e2ee 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -511,7 +511,9 @@ NTSTATUS pvfs_access_check(struct pvfs_state *pvfs, NTSTATUS status; struct security_descriptor *sd; - if (*access_mask == 0) { + /* on SMB2 a blank access mask is always denied */ + if (pvfs->ntvfs->ctx->protocol == PROTOCOL_SMB2 && + *access_mask == 0) { return NT_STATUS_ACCESS_DENIED; } -- cgit From bda97661ffd230a9b58527faebdc79f37bb8352b Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 24 Sep 2008 18:28:58 -0700 Subject: fixed expansion of $USERNAME in signing tests --- source4/selftest/samba4_tests.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/selftest/samba4_tests.sh b/source4/selftest/samba4_tests.sh index 36d52fff5a..667b21975f 100755 --- a/source4/selftest/samba4_tests.sh +++ b/source4/selftest/samba4_tests.sh @@ -326,7 +326,7 @@ for mech in \ "-k no --option=gensec:spengo=no"; do signoptions="$mech --signing=off" name="smb.signing on with $signoptions" - plantest "$name local-creds" member $VALGRIND $smb4torture //"\$NETBIOSNAME"/tmp $signoptions -U"\$NETBIOSNAME\\\\\$USERNAME"%"\$PASSWORD" BASE-XCOPY "$*" + plantest "$name local-creds" member $VALGRIND $smb4torture //"\$NETBIOSNAME"/tmp $signoptions -U"\$NETBIOSNAME/\$USERNAME"%"\$PASSWORD" BASE-XCOPY "$*" done plantest "--signing=yes anon" dc $VALGRIND $smb4torture //"\$NETBIOSNAME"/tmp -k no --signing=yes -U% BASE-XCOPY "$*" plantest "--signing=required anon" dc $VALGRIND $smb4torture //"\$NETBIOSNAME"/tmp -k no --signing=required -U% BASE-XCOPY "$*" -- cgit From 0cf717512659469a9b293685ba2a6db4742dcff7 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 24 Sep 2008 18:58:38 -0700 Subject: we need different error handling for truncated packets in NETPROT and other SMB2 operations. --- source4/libcli/smb2/smb2.h | 1 + source4/smb_server/smb2/receive.c | 41 +++++++++++++++++++++++++++++++++++++-- 2 files changed, 40 insertions(+), 2 deletions(-) (limited to 'source4') diff --git a/source4/libcli/smb2/smb2.h b/source4/libcli/smb2/smb2.h index f00107de60..9d63a4a95f 100644 --- a/source4/libcli/smb2/smb2.h +++ b/source4/libcli/smb2/smb2.h @@ -178,6 +178,7 @@ struct smb2_request { #define SMB2_MIN_SIZE 0x42 +#define SMB2_MIN_SIZE_NO_BODY 0x40 /* offsets into header elements for a sync SMB2 request */ #define SMB2_HDR_PROTOCOL_ID 0x00 diff --git a/source4/smb_server/smb2/receive.c b/source4/smb_server/smb2/receive.c index 1fe6f0b877..c3607f0a33 100644 --- a/source4/smb_server/smb2/receive.c +++ b/source4/smb_server/smb2/receive.c @@ -153,7 +153,7 @@ static void smb2srv_chain_reply(struct smb2srv_request *p_req) chain_offset = p_req->chain_offset; p_req->chain_offset = 0; - if (p_req->in.size < (NBT_HDR_SIZE + chain_offset + SMB2_MIN_SIZE)) { + if (p_req->in.size < (NBT_HDR_SIZE + chain_offset + SMB2_MIN_SIZE_NO_BODY)) { DEBUG(2,("Invalid SMB2 chained packet at offset 0x%X\n", chain_offset)); smbsrv_terminate_connection(p_req->smb_conn, "Invalid SMB2 chained packet"); @@ -184,6 +184,19 @@ static void smb2srv_chain_reply(struct smb2srv_request *p_req) req->in.body_size = req->in.size - (NBT_HDR_SIZE+ chain_offset + SMB2_HDR_BODY); req->in.dynamic = NULL; + req->seqnum = BVAL(req->in.hdr, SMB2_HDR_MESSAGE_ID); + + if (req->in.body_size < 2) { + /* error handling for this is different for negprot to + other packet types */ + uint16_t opcode = SVAL(req->in.hdr, SMB2_HDR_OPCODE); + if (opcode == SMB2_OP_NEGPROT) { + smbsrv_terminate_connection(req->smb_conn, "Bad body size in SMB2 negprot"); + } else { + smb2srv_send_error(req, NT_STATUS_INVALID_PARAMETER); + } + } + buffer_code = SVAL(req->in.body, 0); req->in.body_fixed = (buffer_code & ~1); dynamic_size = req->in.body_size - req->in.body_fixed; @@ -290,6 +303,10 @@ static NTSTATUS smb2srv_reply(struct smb2srv_request *req) uint64_t uid; uint32_t flags; + if (SVAL(req->in.hdr, SMB2_HDR_LENGTH) != SMB2_HDR_BODY) { + smbsrv_terminate_connection(req->smb_conn, "Invalid SMB2 header length"); + return NT_STATUS_INVALID_PARAMETER; + } opcode = SVAL(req->in.hdr, SMB2_HDR_OPCODE); req->chain_offset = IVAL(req->in.hdr, SMB2_HDR_NEXT_COMMAND); req->seqnum = BVAL(req->in.hdr, SMB2_HDR_MESSAGE_ID); @@ -297,6 +314,13 @@ static NTSTATUS smb2srv_reply(struct smb2srv_request *req) uid = BVAL(req->in.hdr, SMB2_HDR_SESSION_ID); flags = IVAL(req->in.hdr, SMB2_HDR_FLAGS); + if (req->smb_conn->highest_smb2_seqnum != 0 && + req->seqnum <= req->smb_conn->highest_smb2_seqnum) { + smbsrv_terminate_connection(req->smb_conn, "Invalid SMB2 sequence number"); + return NT_STATUS_INVALID_PARAMETER; + } + req->smb_conn->highest_smb2_seqnum = req->seqnum; + req->session = smbsrv_session_find(req->smb_conn, uid, req->request_time); req->tcon = smbsrv_smb2_tcon_find(req->session, tid, req->request_time); @@ -443,7 +467,7 @@ NTSTATUS smbsrv_recv_smb2_request(void *private, DATA_BLOB blob) return NT_STATUS_OK; } - if (blob.length < (NBT_HDR_SIZE + SMB2_MIN_SIZE)) { + if (blob.length < (NBT_HDR_SIZE + SMB2_MIN_SIZE_NO_BODY)) { DEBUG(2,("Invalid SMB2 packet length count %ld\n", (long)blob.length)); smbsrv_terminate_connection(smb_conn, "Invalid SMB2 packet"); return NT_STATUS_OK; @@ -470,6 +494,19 @@ NTSTATUS smbsrv_recv_smb2_request(void *private, DATA_BLOB blob) req->in.body_size = req->in.size - (SMB2_HDR_BODY+NBT_HDR_SIZE); req->in.dynamic = NULL; + req->seqnum = BVAL(req->in.hdr, SMB2_HDR_MESSAGE_ID); + + if (req->in.body_size < 2) { + /* error handling for this is different for negprot to + other packet types */ + uint16_t opcode = SVAL(req->in.hdr, SMB2_HDR_OPCODE); + if (opcode == SMB2_OP_NEGPROT) { + smbsrv_terminate_connection(req->smb_conn, "Bad body size in SMB2 negprot"); + } else { + smb2srv_send_error(req, NT_STATUS_INVALID_PARAMETER); + } + } + buffer_code = SVAL(req->in.body, 0); req->in.body_fixed = (buffer_code & ~1); dynamic_size = req->in.body_size - req->in.body_fixed; -- cgit From 857609732fa92a70ce35d85d775d03362056a6c2 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 26 Sep 2008 15:20:27 -0700 Subject: Add test to show you can open for delete a readonly file. Jeremy. --- source4/torture/raw/open.c | 59 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) (limited to 'source4') diff --git a/source4/torture/raw/open.c b/source4/torture/raw/open.c index f3494ea3d0..dd5ef0d0b9 100644 --- a/source4/torture/raw/open.c +++ b/source4/torture/raw/open.c @@ -1545,6 +1545,64 @@ static bool test_raw_open_multi(struct torture_context *tctx) return ret; } +/* + test opening for delete on a read-only attribute file. +*/ +static bool test_open_for_delete(struct smbcli_state *cli, struct torture_context *tctx) +{ + union smb_open io; + union smb_fileinfo finfo; + const char *fname = BASEDIR "\\torture_open_for_delete.txt"; + NTSTATUS status; + int fnum = -1; + bool ret = true; + + printf("Checking RAW_NTCREATEX for delete on a readonly file.\n"); + + /* reasonable default parameters */ + io.generic.level = RAW_OPEN_NTCREATEX; + io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED; + io.ntcreatex.in.root_fid = 0; + io.ntcreatex.in.alloc_size = 0; + io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL; + io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_READONLY; + io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE; + io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE; + io.ntcreatex.in.create_options = 0; + io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS; + io.ntcreatex.in.security_flags = 0; + io.ntcreatex.in.fname = fname; + + /* Create the readonly file. */ + + status = smb_raw_open(cli->tree, tctx, &io); + CHECK_STATUS(status, NT_STATUS_OK); + fnum = io.ntcreatex.out.file.fnum; + + CHECK_VAL(io.ntcreatex.out.oplock_level, 0); + io.ntcreatex.in.create_options = 0; + CHECK_VAL(io.ntcreatex.out.create_action, NTCREATEX_ACTION_CREATED); + CHECK_ALL_INFO(io.ntcreatex.out.attrib, attrib); + smbcli_close(cli->tree, fnum); + + /* Now try and open for delete only - should succeed. */ + io.ntcreatex.in.access_mask = SEC_STD_DELETE; + io.ntcreatex.in.file_attr = 0; + io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE | NTCREATEX_SHARE_ACCESS_DELETE; + io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN; + status = smb_raw_open(cli->tree, tctx, &io); + CHECK_STATUS(status, NT_STATUS_OK); + + smbcli_unlink(cli->tree, fname); + +done: + smbcli_close(cli->tree, fnum); + smbcli_unlink(cli->tree, fname); + + return ret; +} + + /* basic testing of all RAW_OPEN_* calls */ bool torture_raw_open(struct torture_context *torture, struct smbcli_state *cli) @@ -1567,6 +1625,7 @@ bool torture_raw_open(struct torture_context *torture, struct smbcli_state *cli) ret &= test_ctemp(cli, torture); ret &= test_chained(cli, torture); ret &= test_no_leading_slash(cli, torture); + ret &= test_open_for_delete(cli, torture); smb_raw_exit(cli->session); smbcli_deltree(cli->tree, BASEDIR); -- cgit From fae2fce47e28ccfe5f43744200ce2ae68da3a9aa Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sat, 27 Sep 2008 01:49:22 +0200 Subject: s4:provision: don't do the full provision in the become_dc metze --- source4/scripting/python/samba/provision.py | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source4') diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index 68f61532ad..427ca975b3 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -744,6 +744,8 @@ def setup_samdb(path, setup_path, session_info, credentials, lp, samdb = SamDB(path, session_info=session_info, credentials=credentials, lp=lp) + if fill == FILL_DRS: + return samdb message("Pre-loading the Samba 4 and AD schema") samdb.set_domain_sid(domainsid) -- cgit From ee2bcfacdf32b0c55c6a78ae1ad7b55699611d1b Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sat, 27 Sep 2008 02:27:54 +0200 Subject: s4:dsdb: passdown DSDB_CONTROL_REPLICATED_UPDATE_OID for replicated updates We need to make sure replicated updates are handled differently in some situations, e.g. we should bypass the schema checks. metze --- source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 27 ++++++++++++++++++++++--- source4/dsdb/samdb/ldb_modules/schema_fsmo.c | 10 +++++++++ source4/dsdb/samdb/samdb.h | 3 +++ source4/setup/schema_samba4.ldif | 2 ++ 4 files changed, 39 insertions(+), 3 deletions(-) (limited to 'source4') diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index dd5faf837a..fbaf461a3f 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -58,6 +58,9 @@ struct replmd_replicated_request { struct dsdb_extended_replicated_objects *objs; + /* the controls we pass down */ + struct ldb_control **controls; + uint32_t index_current; struct { @@ -700,7 +703,7 @@ static int replmd_replicated_apply_add(struct replmd_replicated_request *ar) ar->module->ldb, ar->sub.mem_ctx, msg, - NULL, + ar->controls, ar, replmd_replicated_apply_add_callback); if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret); @@ -951,7 +954,7 @@ static int replmd_replicated_apply_merge(struct replmd_replicated_request *ar) ar->module->ldb, ar->sub.mem_ctx, msg, - NULL, + ar->controls, ar, replmd_replicated_apply_merge_callback); if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret); @@ -1379,7 +1382,7 @@ static int replmd_replicated_uptodate_modify(struct replmd_replicated_request *a ar->module->ldb, ar->sub.mem_ctx, msg, - NULL, + ar->controls, ar, replmd_replicated_uptodate_modify_callback); if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret); @@ -1491,6 +1494,8 @@ static int replmd_extended_replicated_objects(struct ldb_module *module, struct { struct dsdb_extended_replicated_objects *objs; struct replmd_replicated_request *ar; + struct ldb_control **ctrls; + int ret; ldb_debug(module->ldb, LDB_DEBUG_TRACE, "replmd_extended_replicated_objects\n"); @@ -1511,6 +1516,22 @@ static int replmd_extended_replicated_objects(struct ldb_module *module, struct return LDB_ERR_OPERATIONS_ERROR; } + ctrls = req->controls; + + if (req->controls) { + req->controls = talloc_memdup(ar, req->controls, + talloc_get_size(req->controls)); + if (!req->controls) return replmd_replicated_request_werror(ar, WERR_NOMEM); + } + + ret = ldb_request_add_control(req, DSDB_CONTROL_REPLICATED_UPDATE_OID, false, NULL); + if (ret != LDB_SUCCESS) { + return ret; + } + + ar->controls = req->controls; + req->controls = ctrls; + #ifdef REPLMD_FULL_ASYNC /* TODO: activate this code when ldb support full async code */ return replmd_replicated_apply_next(ar); #else diff --git a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c index 968b19c038..4b6e9e1d47 100644 --- a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c +++ b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c @@ -152,6 +152,16 @@ static int schema_fsmo_add(struct ldb_module *module, struct ldb_request *req) uint32_t id32; WERROR status; + /* special objects should always go through */ + if (ldb_dn_is_special(req->op.add.message->dn)) { + return ldb_next_request(module, req); + } + + /* replicated update should always go through */ + if (ldb_request_get_control(req, DSDB_CONTROL_REPLICATED_UPDATE_OID)) { + return ldb_next_request(module, req); + } + schema = dsdb_get_schema(module->ldb); if (!schema) { return ldb_next_request(module, req); diff --git a/source4/dsdb/samdb/samdb.h b/source4/dsdb/samdb/samdb.h index f24a75fd8f..93068d66ef 100644 --- a/source4/dsdb/samdb/samdb.h +++ b/source4/dsdb/samdb/samdb.h @@ -56,6 +56,9 @@ struct dsdb_control_current_partition { struct ldb_module *module; }; +#define DSDB_CONTROL_REPLICATED_UPDATE_OID "1.3.6.1.4.1.7165.4.3.3" +/* DSDB_CONTROL_REPLICATED_UPDATE_OID has NULL data */ + #define DSDB_EXTENDED_REPLICATED_OBJECTS_OID "1.3.6.1.4.1.7165.4.4.1" struct dsdb_extended_replicated_object { struct ldb_message *msg; diff --git a/source4/setup/schema_samba4.ldif b/source4/setup/schema_samba4.ldif index 3e129e4f6b..2c007395fb 100644 --- a/source4/setup/schema_samba4.ldif +++ b/source4/setup/schema_samba4.ldif @@ -174,6 +174,8 @@ oMSyntax: 20 #Allocated: DSDB_CONTROL_CURRENT_PARTITION_OID 1.3.6.1.4.1.7165.4.3.2 +#Allocated: DSDB_CONTROL_REPLICATED_UPDATE_OID 1.3.6.1.4.1.7165.4.3.3 + #Allocated: DSDB_EXTENDED_REPLICATED_OBJECTS_OID 1.3.6.1.4.1.7165.4.4.1 #Allocated: (middleName) attributeID: 1.3.6.1.4.1.7165.4.255.1 -- cgit From eb935e08d388aab7e02f8ec0ce58b0a62808de5c Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sat, 27 Sep 2008 20:37:27 +0200 Subject: s4:configure: require tdb >= 1.1.3 from the system metze --- source4/configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/configure.ac b/source4/configure.ac index fa2d8d9950..611b8dd104 100644 --- a/source4/configure.ac +++ b/source4/configure.ac @@ -46,7 +46,7 @@ SMB_EXT_LIB_FROM_PKGCONFIG(LIBTALLOC, talloc >= 1.2.0, ] ) -SMB_EXT_LIB_FROM_PKGCONFIG(LIBTDB, tdb >= 1.1.0, +SMB_EXT_LIB_FROM_PKGCONFIG(LIBTDB, tdb >= 1.1.3, [], [ m4_include(../lib/tdb/libtdb.m4) -- cgit From 82153740911b16871cae043b6842810499b5cb55 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 11 Sep 2008 18:33:16 -0400 Subject: LDB ASYNC: Core files --- source4/lib/ldb/common/ldb.c | 304 +++++++++++++++++++++++----------- source4/lib/ldb/common/ldb_modules.c | 141 +++++++++++++++- source4/lib/ldb/include/ldb.h | 105 ++++++++---- source4/lib/ldb/include/ldb_private.h | 98 ++++++----- source4/lib/ldb/ldb.i | 5 +- 5 files changed, 489 insertions(+), 164 deletions(-) (limited to 'source4') diff --git a/source4/lib/ldb/common/ldb.c b/source4/lib/ldb/common/ldb.c index 3b73947b76..75c8109042 100644 --- a/source4/lib/ldb/common/ldb.c +++ b/source4/lib/ldb/common/ldb.c @@ -193,9 +193,6 @@ int ldb_connect(struct ldb_context *ldb, const char *url, return LDB_ERR_OTHER; } - /* TODO: get timeout from options if available there */ - ldb->default_timeout = 300; /* set default to 5 minutes */ - /* set the default base dn */ ldb_set_default_dns(ldb); @@ -396,24 +393,44 @@ static int ldb_autotransaction_request(struct ldb_context *ldb, int ldb_wait(struct ldb_handle *handle, enum ldb_wait_type type) { - int ret; + struct event_context *ev; + if (!handle) { - return LDB_SUCCESS; + return LDB_ERR_UNAVAILABLE; } - ret = handle->module->ops->wait(handle, type); - if (!ldb_errstring(handle->module->ldb)) { - /* Set a default error string, to place the blame somewhere */ - ldb_asprintf_errstring(handle->module->ldb, - "error waiting on module %s: %s (%d)", - handle->module->ops->name, - ldb_strerror(ret), ret); + if (handle->state == LDB_ASYNC_DONE) { + return handle->status; } - return ret; + + ev = ldb_get_event_context(handle->ldb); + if (NULL == ev) { + return LDB_ERR_OPERATIONS_ERROR; + } + + switch (type) { + case LDB_WAIT_NONE: + event_loop_once(ev); + if (handle->state == LDB_ASYNC_DONE || + handle->status != LDB_SUCCESS) { + return handle->status; + } + break; + + case LDB_WAIT_ALL: + while (handle->state != LDB_ASYNC_DONE) { + event_loop_once(ev); + if (handle->status != LDB_SUCCESS) { + return handle->status; + } + } + return handle->status; + } + + return LDB_SUCCESS; } /* set the specified timeout or, if timeout is 0 set the default timeout */ -/* timeout == -1 means no timeout */ int ldb_set_timeout(struct ldb_context *ldb, struct ldb_request *req, int timeout) @@ -435,20 +452,14 @@ int ldb_set_timeout_from_prev_req(struct ldb_context *ldb, struct ldb_request *oldreq, struct ldb_request *newreq) { - time_t now; - if (newreq == NULL) return LDB_ERR_OPERATIONS_ERROR; - now = time(NULL); - - if (oldreq == NULL) + if (oldreq == NULL) { return ldb_set_timeout(ldb, newreq, 0); - - if ((now - oldreq->starttime) > oldreq->timeout) { - return LDB_ERR_TIME_LIMIT_EXCEEDED; } + newreq->starttime = oldreq->starttime; - newreq->timeout = oldreq->timeout - (now - oldreq->starttime); + newreq->timeout = oldreq->timeout; return LDB_SUCCESS; } @@ -483,6 +494,11 @@ int ldb_request(struct ldb_context *ldb, struct ldb_request *req) struct ldb_module *module; int ret; + if (req->callback == NULL) { + ldb_set_errstring(ldb, "Requests MUST define callbacks"); + return LDB_ERR_UNWILLING_TO_PERFORM; + } + ldb_reset_err_string(ldb); /* call the first module in the chain */ @@ -524,6 +540,13 @@ int ldb_request(struct ldb_context *ldb, struct ldb_request *req) return ret; } +int ldb_request_done(struct ldb_request *req, int status) +{ + req->handle->state = LDB_ASYNC_DONE; + req->handle->status = status; + return status; +} + /* search the database given a LDAP-like search expression @@ -532,32 +555,27 @@ int ldb_request(struct ldb_context *ldb, struct ldb_request *req) Use talloc_free to free the ldb_message returned in 'res', if successful */ -int ldb_search_default_callback(struct ldb_context *ldb, - void *context, +int ldb_search_default_callback(struct ldb_request *req, struct ldb_reply *ares) { struct ldb_result *res; int n; - if (!context) { - ldb_set_errstring(ldb, "NULL Context in callback"); - return LDB_ERR_OPERATIONS_ERROR; - } + res = talloc_get_type(req->context, struct ldb_result); - res = talloc_get_type(context, struct ldb_result); - - if (!res || !ares) { - ldb_set_errstring(ldb, "NULL res or ares in callback"); - goto error; + if (!ares) { + return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_request_done(req, ares->error); } switch (ares->type) { case LDB_REPLY_ENTRY: res->msgs = talloc_realloc(res, res->msgs, - struct ldb_message *, - res->count + 2); + struct ldb_message *, res->count + 2); if (! res->msgs) { - goto error; + return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR); } res->msgs[res->count + 1] = NULL; @@ -565,6 +583,7 @@ int ldb_search_default_callback(struct ldb_context *ldb, res->msgs[res->count] = talloc_move(res->msgs, &ares->message); res->count++; break; + case LDB_REPLY_REFERRAL: if (res->refs) { for (n = 0; res->refs[n]; n++) /*noop*/ ; @@ -574,37 +593,63 @@ int ldb_search_default_callback(struct ldb_context *ldb, res->refs = talloc_realloc(res, res->refs, char *, n + 2); if (! res->refs) { - goto error; + return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR); } res->refs[n] = talloc_move(res->refs, &ares->referral); res->refs[n + 1] = NULL; break; - case LDB_REPLY_EXTENDED: + case LDB_REPLY_DONE: /* TODO: we should really support controls on entries * and referrals too! */ res->controls = talloc_move(res, &ares->controls); - break; + + /* this is the last message, and means the request is done */ + /* we have to signal and eventual ldb_wait() waiting that the + * async request operation was completed */ + return ldb_request_done(req, LDB_SUCCESS); } + talloc_free(ares); return LDB_SUCCESS; +} + +int ldb_op_default_callback(struct ldb_request *req, struct ldb_reply *ares) +{ + int ret; + + if (!ares) { + return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR); + } + + if (ares->error != LDB_SUCCESS) { + ret = ares->error; + talloc_free(ares); + return ldb_request_done(req, ret); + } + + if (ares->type != LDB_REPLY_DONE) { + talloc_free(ares); + ldb_set_errstring(req->handle->ldb, "Invalid reply type!"); + return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR); + } -error: talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; + return ldb_request_done(req, LDB_SUCCESS); } -int ldb_build_search_req(struct ldb_request **ret_req, +int ldb_build_search_req_ex(struct ldb_request **ret_req, struct ldb_context *ldb, void *mem_ctx, struct ldb_dn *base, enum ldb_scope scope, - const char *expression, + struct ldb_parse_tree *tree, const char * const *attrs, struct ldb_control **controls, void *context, - ldb_request_callback_t callback) + ldb_request_callback_t callback, + struct ldb_request *parent) { struct ldb_request *req; @@ -612,7 +657,7 @@ int ldb_build_search_req(struct ldb_request **ret_req, req = talloc(mem_ctx, struct ldb_request); if (req == NULL) { - ldb_set_errstring(ldb, "Out of Memory"); + ldb_oom(ldb); return LDB_ERR_OPERATIONS_ERROR; } @@ -624,9 +669,9 @@ int ldb_build_search_req(struct ldb_request **ret_req, } req->op.search.scope = scope; - req->op.search.tree = ldb_parse_tree(req, expression); + req->op.search.tree = tree; if (req->op.search.tree == NULL) { - ldb_set_errstring(ldb, "Unable to parse search expression"); + ldb_set_errstring(ldb, "'tree' can't be NULL"); talloc_free(req); return LDB_ERR_OPERATIONS_ERROR; } @@ -636,17 +681,56 @@ int ldb_build_search_req(struct ldb_request **ret_req, req->context = context; req->callback = callback; + ldb_set_timeout_from_prev_req(ldb, parent, req); + + req->handle = ldb_handle_new(req, ldb); + if (req->handle == NULL) { + ldb_oom(ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + *ret_req = req; return LDB_SUCCESS; } +int ldb_build_search_req(struct ldb_request **ret_req, + struct ldb_context *ldb, + void *mem_ctx, + struct ldb_dn *base, + enum ldb_scope scope, + const char *expression, + const char * const *attrs, + struct ldb_control **controls, + void *context, + ldb_request_callback_t callback, + struct ldb_request *parent) +{ + struct ldb_parse_tree *tree; + int ret; + + tree = ldb_parse_tree(mem_ctx, expression); + if (tree == NULL) { + ldb_set_errstring(ldb, "Unable to parse search expression"); + return LDB_ERR_OPERATIONS_ERROR; + } + + ret = ldb_build_search_req_ex(ret_req, ldb, mem_ctx, base, + scope, tree, attrs, controls, + context, callback, parent); + if (ret == LDB_SUCCESS) { + talloc_steal(*ret_req, tree); + } + return ret; +} + int ldb_build_add_req(struct ldb_request **ret_req, struct ldb_context *ldb, void *mem_ctx, const struct ldb_message *message, struct ldb_control **controls, void *context, - ldb_request_callback_t callback) + ldb_request_callback_t callback, + struct ldb_request *parent) { struct ldb_request *req; @@ -664,6 +748,14 @@ int ldb_build_add_req(struct ldb_request **ret_req, req->context = context; req->callback = callback; + ldb_set_timeout_from_prev_req(ldb, parent, req); + + req->handle = ldb_handle_new(req, ldb); + if (req->handle == NULL) { + ldb_oom(ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + *ret_req = req; return LDB_SUCCESS; @@ -675,7 +767,8 @@ int ldb_build_mod_req(struct ldb_request **ret_req, const struct ldb_message *message, struct ldb_control **controls, void *context, - ldb_request_callback_t callback) + ldb_request_callback_t callback, + struct ldb_request *parent) { struct ldb_request *req; @@ -693,6 +786,14 @@ int ldb_build_mod_req(struct ldb_request **ret_req, req->context = context; req->callback = callback; + ldb_set_timeout_from_prev_req(ldb, parent, req); + + req->handle = ldb_handle_new(req, ldb); + if (req->handle == NULL) { + ldb_oom(ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + *ret_req = req; return LDB_SUCCESS; @@ -704,7 +805,8 @@ int ldb_build_del_req(struct ldb_request **ret_req, struct ldb_dn *dn, struct ldb_control **controls, void *context, - ldb_request_callback_t callback) + ldb_request_callback_t callback, + struct ldb_request *parent) { struct ldb_request *req; @@ -722,6 +824,14 @@ int ldb_build_del_req(struct ldb_request **ret_req, req->context = context; req->callback = callback; + ldb_set_timeout_from_prev_req(ldb, parent, req); + + req->handle = ldb_handle_new(req, ldb); + if (req->handle == NULL) { + ldb_oom(ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + *ret_req = req; return LDB_SUCCESS; @@ -734,7 +844,8 @@ int ldb_build_rename_req(struct ldb_request **ret_req, struct ldb_dn *newdn, struct ldb_control **controls, void *context, - ldb_request_callback_t callback) + ldb_request_callback_t callback, + struct ldb_request *parent) { struct ldb_request *req; @@ -753,47 +864,46 @@ int ldb_build_rename_req(struct ldb_request **ret_req, req->context = context; req->callback = callback; + ldb_set_timeout_from_prev_req(ldb, parent, req); + + req->handle = ldb_handle_new(req, ldb); + if (req->handle == NULL) { + ldb_oom(ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + *ret_req = req; return LDB_SUCCESS; } -int ldb_extended_default_callback(struct ldb_context *ldb, - void *context, +int ldb_extended_default_callback(struct ldb_request *req, struct ldb_reply *ares) { struct ldb_result *res; - if (!context) { - ldb_set_errstring(ldb, "NULL Context in callback"); - return LDB_ERR_OPERATIONS_ERROR; - } + res = talloc_get_type(req->context, struct ldb_result); - res = talloc_get_type(context, struct ldb_result); - if (!res || !ares) { - ldb_set_errstring(ldb, "NULL res or ares in callback"); - goto error; + if (!ares) { + return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_request_done(req, ares->error); } - switch (ares->type) { - case LDB_REPLY_ENTRY: - case LDB_REPLY_REFERRAL: - case LDB_REPLY_DONE: - ldb_set_errstring(ldb, "invalid ares type in callback"); - goto error; - case LDB_REPLY_EXTENDED: - /* TODO: we should really support controls on entries and - * referrals too! */ + if (ares->type == LDB_REPLY_DONE) { + + /* TODO: we should really support controls on entries and referrals too! */ res->extended = talloc_move(res, &ares->response); res->controls = talloc_move(res, &ares->controls); - break; + + talloc_free(ares); + return ldb_request_done(req, LDB_SUCCESS); } - talloc_free(ares); - return LDB_SUCCESS; -error: talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; + ldb_set_errstring(req->handle->ldb, "Invalid reply type!"); + return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR); } int ldb_build_extended_req(struct ldb_request **ret_req, @@ -803,7 +913,8 @@ int ldb_build_extended_req(struct ldb_request **ret_req, void *data, struct ldb_control **controls, void *context, - ldb_request_callback_t callback) + ldb_request_callback_t callback, + struct ldb_request *parent) { struct ldb_request *req; @@ -822,6 +933,14 @@ int ldb_build_extended_req(struct ldb_request **ret_req, req->context = context; req->callback = callback; + ldb_set_timeout_from_prev_req(ldb, parent, req); + + req->handle = ldb_handle_new(req, ldb); + if (req->handle == NULL) { + ldb_oom(ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + *ret_req = req; return LDB_SUCCESS; @@ -845,7 +964,8 @@ int ldb_extended(struct ldb_context *ldb, ret = ldb_build_extended_req(&req, ldb, ldb, oid, data, NULL, - res, ldb_extended_default_callback); + res, ldb_extended_default_callback, + NULL); if (ret != LDB_SUCCESS) goto done; ldb_set_timeout(ldb, req, 0); /* use default timeout */ @@ -909,12 +1029,11 @@ int ldb_search(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, attrs, NULL, res, - ldb_search_default_callback); + ldb_search_default_callback, + NULL); if (ret != LDB_SUCCESS) goto done; - ldb_set_timeout(ldb, req, 0); /* use default timeout */ - ret = ldb_request(ldb, req); if (ret == LDB_SUCCESS) { @@ -935,8 +1054,8 @@ done: } /* - add a record to the database. Will fail if a record with the - given class and key already exists + add a record to the database. Will fail if a record with the given class + and key already exists */ int ldb_add(struct ldb_context *ldb, const struct ldb_message *message) @@ -953,12 +1072,11 @@ int ldb_add(struct ldb_context *ldb, message, NULL, NULL, + ldb_op_default_callback, NULL); if (ret != LDB_SUCCESS) return ret; - ldb_set_timeout(ldb, req, 0); /* use default timeout */ - /* do request and autostart a transaction */ ret = ldb_autotransaction_request(ldb, req); @@ -984,12 +1102,11 @@ int ldb_modify(struct ldb_context *ldb, message, NULL, NULL, + ldb_op_default_callback, NULL); if (ret != LDB_SUCCESS) return ret; - ldb_set_timeout(ldb, req, 0); /* use default timeout */ - /* do request and autostart a transaction */ ret = ldb_autotransaction_request(ldb, req); @@ -1010,12 +1127,11 @@ int ldb_delete(struct ldb_context *ldb, struct ldb_dn *dn) dn, NULL, NULL, + ldb_op_default_callback, NULL); if (ret != LDB_SUCCESS) return ret; - ldb_set_timeout(ldb, req, 0); /* use default timeout */ - /* do request and autostart a transaction */ ret = ldb_autotransaction_request(ldb, req); @@ -1037,12 +1153,11 @@ int ldb_rename(struct ldb_context *ldb, newdn, NULL, NULL, + ldb_op_default_callback, NULL); if (ret != LDB_SUCCESS) return ret; - ldb_set_timeout(ldb, req, 0); /* use default timeout */ - /* do request and autostart a transaction */ ret = ldb_autotransaction_request(ldb, req); @@ -1055,13 +1170,12 @@ int ldb_rename(struct ldb_context *ldb, return the global sequence number */ int ldb_sequence_number(struct ldb_context *ldb, - enum ldb_sequence_type type, - uint64_t *seq_num) + enum ldb_sequence_type type, uint64_t *seq_num) { struct ldb_request *req; int ret; - req = talloc(ldb, struct ldb_request); + req = talloc_zero(ldb, struct ldb_request); if (req == NULL) { ldb_set_errstring(ldb, "Out of Memory"); return LDB_ERR_OPERATIONS_ERROR; @@ -1070,7 +1184,7 @@ int ldb_sequence_number(struct ldb_context *ldb, req->operation = LDB_SEQUENCE_NUMBER; req->controls = NULL; req->context = NULL; - req->callback = NULL; + req->callback = ldb_op_default_callback; ldb_set_timeout(ldb, req, 0); /* use default timeout */ req->op.seq_num.type = type; diff --git a/source4/lib/ldb/common/ldb_modules.c b/source4/lib/ldb/common/ldb_modules.c index c0cd616a76..5cc8de29b4 100644 --- a/source4/lib/ldb/common/ldb_modules.c +++ b/source4/lib/ldb/common/ldb_modules.c @@ -1,7 +1,7 @@ /* ldb database library - Copyright (C) Simo Sorce 2004 + Copyright (C) Simo Sorce 2004-2008 ** NOTE! The following LGPL license applies to the ldb ** library. This does NOT imply that all of Samba is released @@ -486,6 +486,12 @@ int ldb_load_modules(struct ldb_context *ldb, const char *options[]) int ldb_next_request(struct ldb_module *module, struct ldb_request *request) { int ret; + + if (request->callback == NULL) { + ldb_set_errstring(module->ldb, "Requests MUST define callbacks"); + return LDB_ERR_UNWILLING_TO_PERFORM; + } + switch (request->operation) { case LDB_SEARCH: FIND_OP(module, search); @@ -555,6 +561,139 @@ int ldb_next_del_trans(struct ldb_module *module) return module->ops->del_transaction(module); } +struct ldb_handle *ldb_handle_new(TALLOC_CTX *mem_ctx, struct ldb_context *ldb) +{ + struct ldb_handle *h; + + h = talloc_zero(mem_ctx, struct ldb_handle); + if (h == NULL) { + ldb_set_errstring(ldb, "Out of Memory"); + return NULL; + } + + h->status = LDB_SUCCESS; + h->state = LDB_ASYNC_INIT; + h->ldb = ldb; + + return h; +} + +/* calls the request callback to send an entry + * + * params: + * req: the original request passed to your module + * msg: reply message (must be a talloc pointer, and it will be stolen + * on the ldb_reply that is sent to the callback) + */ + +int ldb_module_send_entry(struct ldb_request *req, + struct ldb_message *msg) +{ + struct ldb_reply *ares; + + ares = talloc_zero(req, struct ldb_reply); + if (!ares) { + ldb_oom(req->handle->ldb); + req->callback(req, NULL); + return LDB_ERR_OPERATIONS_ERROR; + } + ares->type = LDB_REPLY_ENTRY; + ares->message = talloc_steal(ares, msg); + ares->error = LDB_SUCCESS; + + return req->callback(req, ares); +} + +/* calls the request callback to send an referrals + * + * params: + * req: the original request passed to your module + * ref: referral string (must be a talloc pointeri, steal) + */ + +int ldb_module_send_referral(struct ldb_request *req, + char *ref) +{ + struct ldb_reply *ares; + + ares = talloc_zero(req, struct ldb_reply); + if (!ares) { + ldb_oom(req->handle->ldb); + req->callback(req, NULL); + return LDB_ERR_OPERATIONS_ERROR; + } + ares->type = LDB_REPLY_REFERRAL; + ares->referral = talloc_steal(ares, ref); + ares->error = LDB_SUCCESS; + + return req->callback(req, ares); +} + +/* calls the original request callback + * + * params: + * req: the original request passed to your module + * ctrls: controls to send in the reply (must be a talloc pointer, steal) + * response: results for extended request (steal) + * error: LDB_SUCCESS for a succesful return + * any other ldb error otherwise + */ +int ldb_module_done(struct ldb_request *req, + struct ldb_control **ctrls, + struct ldb_extended *response, + int error) +{ + struct ldb_reply *ares; + + ares = talloc_zero(req, struct ldb_reply); + if (!ares) { + ldb_oom(req->handle->ldb); + req->callback(req, NULL); + return LDB_ERR_OPERATIONS_ERROR; + } + ares->type = LDB_REPLY_DONE; + ares->controls = talloc_steal(ares, ctrls); + ares->response = talloc_steal(ares, response); + ares->error = error; + + req->callback(req, ares); + return error; +} + +/* to be used *only* in modules init functions. + * this function i synchronous and will register + * the requested OID in the rootdse module if present + * otherwise it will return an error */ +int ldb_mod_register_control(struct ldb_module *module, const char *oid) +{ + struct ldb_request *req; + int ret; + + req = talloc_zero(module, struct ldb_request); + if (req == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + req->operation = LDB_REQ_REGISTER_CONTROL; + req->op.reg_control.oid = oid; + req->callback = ldb_op_default_callback; + + ldb_set_timeout(module->ldb, req, 0); + + req->handle = ldb_handle_new(req, module->ldb); + if (req->handle == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + ret = ldb_request(module->ldb, req); + if (ret == LDB_SUCCESS) { + ret = ldb_wait(req->handle, LDB_WAIT_ALL); + } + talloc_free(req); + + return ret; +} + #ifndef STATIC_LIBLDB_MODULES #ifdef HAVE_LDB_LDAP diff --git a/source4/lib/ldb/include/ldb.h b/source4/lib/ldb/include/ldb.h index 645d7866c5..b1ce3ef70b 100644 --- a/source4/lib/ldb/include/ldb.h +++ b/source4/lib/ldb/include/ldb.h @@ -181,6 +181,7 @@ enum ldb_scope {LDB_SCOPE_DEFAULT=-1, LDB_SCOPE_SUBTREE=2}; struct ldb_context; +struct event_context; /* debugging uses one of the following levels */ enum ldb_debug_level {LDB_DEBUG_FATAL, LDB_DEBUG_ERROR, @@ -659,7 +660,6 @@ enum ldb_request_type { enum ldb_reply_type { LDB_REPLY_ENTRY, LDB_REPLY_REFERRAL, - LDB_REPLY_EXTENDED, LDB_REPLY_DONE }; @@ -693,14 +693,11 @@ struct ldb_reply { struct ldb_extended *response; char *referral; struct ldb_control **controls; + int error; }; -struct ldb_handle { - int status; - enum ldb_state state; - void *private_data; - struct ldb_module *module; -}; +struct ldb_request; +struct ldb_handle; struct ldb_search { struct ldb_dn *base; @@ -747,7 +744,8 @@ struct ldb_sequence_number { uint32_t flags; }; -typedef int (*ldb_request_callback_t)(struct ldb_context *, void *, struct ldb_reply *); +typedef int (*ldb_request_callback_t)(struct ldb_request *, struct ldb_reply *); + struct ldb_request { enum ldb_request_type operation; @@ -775,7 +773,10 @@ struct ldb_request { }; int ldb_request(struct ldb_context *ldb, struct ldb_request *request); +int ldb_request_done(struct ldb_request *req, int status); +bool ldb_request_is_done(struct ldb_request *req); +int ldb_modules_wait(struct ldb_handle *handle); int ldb_wait(struct ldb_handle *handle, enum ldb_wait_type type); int ldb_set_timeout(struct ldb_context *ldb, struct ldb_request *req, int timeout); @@ -831,6 +832,19 @@ struct ldb_context *ldb_init(TALLOC_CTX *mem_ctx, struct event_context *ev_ctx); (that is, with LDB_FLG_RDONLY). However in read-write mode, the database will be created if it does not exist. */ + +typedef void (*ldb_async_timeout_fn) (void *); +typedef bool (*ldb_async_callback_fn) (void *); +typedef int (*ldb_async_ctx_add_op_fn)(void *, time_t, void *, ldb_async_timeout_fn, ldb_async_callback_fn); +typedef int (*ldb_async_ctx_wait_op_fn)(void *); + +void ldb_async_ctx_set_private_data(struct ldb_context *ldb, + void *private_data); +void ldb_async_ctx_set_add_op(struct ldb_context *ldb, + ldb_async_ctx_add_op_fn add_op); +void ldb_async_ctx_set_wait_op(struct ldb_context *ldb, + ldb_async_ctx_wait_op_fn wait_op); + int ldb_connect(struct ldb_context *ldb, const char *url, unsigned int flags, const char *options[]); /* @@ -860,13 +874,12 @@ struct ldb_dn *ldb_get_default_basedn(struct ldb_context *ldb); /** The default async search callback function - \param ldb the context associated with the database (from ldb_init()) - \param context the callback context (struct ldb_result *) + \param req the request we are callback of \param ares a single reply from the async core \return result code (LDB_SUCCESS on success, or a failure code) - \note this function expects the context to always be an struct ldb_result pointer + \note this function expects req->context to always be an struct ldb_result pointer AND a talloc context, this function will steal on the context each message from the ares reply passed on by the async core so that in the end all the messages will be in the context (ldb_result) memory tree. @@ -875,7 +888,18 @@ struct ldb_dn *ldb_get_default_basedn(struct ldb_context *ldb); request that can be freed as sson as the search request is finished) */ -int ldb_search_default_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares); +int ldb_search_default_callback(struct ldb_request *req, struct ldb_reply *ares); + +/** + The default async extended operation callback function + + \param req the request we are callback of + \param ares a single reply from the async core + + \return result code (LDB_SUCCESS on success, or a failure code) +*/ +int ldb_op_default_callback(struct ldb_request *req, struct ldb_reply *ares); + /** Helper function to build a search request @@ -889,7 +913,8 @@ int ldb_search_default_callback(struct ldb_context *ldb, void *context, struct l \param attrs the search attributes for the query (pass NULL if none required) \param controls an array of controls \param context the callback function context - \param callback the callback function to handle the async replies + \param the callback function to handle the async replies + \param the parent request if any \return result code (LDB_SUCCESS on success, or a failure code) */ @@ -903,7 +928,20 @@ int ldb_build_search_req(struct ldb_request **ret_req, const char * const *attrs, struct ldb_control **controls, void *context, - ldb_request_callback_t callback); + ldb_request_callback_t callback, + struct ldb_request *parent); + +int ldb_build_search_req_ex(struct ldb_request **ret_req, + struct ldb_context *ldb, + TALLOC_CTX *mem_ctx, + struct ldb_dn *base, + enum ldb_scope scope, + struct ldb_parse_tree *tree, + const char * const *attrs, + struct ldb_control **controls, + void *context, + ldb_request_callback_t callback, + struct ldb_request *parent); /** Helper function to build an add request @@ -914,7 +952,8 @@ int ldb_build_search_req(struct ldb_request **ret_req, \param message contains the entry to be added \param controls an array of controls \param context the callback function context - \param callback the callback function to handle the async replies + \param the callback function to handle the async replies + \param the parent request if any \return result code (LDB_SUCCESS on success, or a failure code) */ @@ -925,7 +964,8 @@ int ldb_build_add_req(struct ldb_request **ret_req, const struct ldb_message *message, struct ldb_control **controls, void *context, - ldb_request_callback_t callback); + ldb_request_callback_t callback, + struct ldb_request *parent); /** Helper function to build a modify request @@ -936,7 +976,8 @@ int ldb_build_add_req(struct ldb_request **ret_req, \param message contains the entry to be modified \param controls an array of controls \param context the callback function context - \param callback the callback function to handle the async replies + \param the callback function to handle the async replies + \param the parent request if any \return result code (LDB_SUCCESS on success, or a failure code) */ @@ -947,7 +988,8 @@ int ldb_build_mod_req(struct ldb_request **ret_req, const struct ldb_message *message, struct ldb_control **controls, void *context, - ldb_request_callback_t callback); + ldb_request_callback_t callback, + struct ldb_request *parent); /** Helper function to build a delete request @@ -958,7 +1000,8 @@ int ldb_build_mod_req(struct ldb_request **ret_req, \param dn the DN to be deleted \param controls an array of controls \param context the callback function context - \param callback the callback function to handle the async replies + \param the callback function to handle the async replies + \param the parent request if any \return result code (LDB_SUCCESS on success, or a failure code) */ @@ -969,7 +1012,8 @@ int ldb_build_del_req(struct ldb_request **ret_req, struct ldb_dn *dn, struct ldb_control **controls, void *context, - ldb_request_callback_t callback); + ldb_request_callback_t callback, + struct ldb_request *parent); /** Helper function to build a rename request @@ -981,7 +1025,8 @@ int ldb_build_del_req(struct ldb_request **ret_req, \param newdn the new DN \param controls an array of controls \param context the callback function context - \param callback the callback function to handle the async replies + \param the callback function to handle the async replies + \param the parent request if any \return result code (LDB_SUCCESS on success, or a failure code) */ @@ -993,7 +1038,8 @@ int ldb_build_rename_req(struct ldb_request **ret_req, struct ldb_dn *newdn, struct ldb_control **controls, void *context, - ldb_request_callback_t callback); + ldb_request_callback_t callback, + struct ldb_request *parent); /** Add a ldb_control to a ldb_request @@ -1103,13 +1149,12 @@ int ldb_delete(struct ldb_context *ldb, struct ldb_dn *dn); /** The default async extended operation callback function - \param ldb the context associated with the database (from ldb_init()) - \param context the callback context (struct ldb_result *) + \param req the request we are callback of \param ares a single reply from the async core \return result code (LDB_SUCCESS on success, or a failure code) - \note this function expects the context to always be an struct ldb_result pointer + \note this function expects req->context to always be an struct ldb_result pointer AND a talloc context, this function will steal on the context each message from the ares reply passed on by the async core so that in the end all the messages will be in the context (ldb_result) memory tree. @@ -1117,7 +1162,9 @@ int ldb_delete(struct ldb_context *ldb, struct ldb_dn *dn); (the request need to be freed separately and the result doe not depend on the request that can be freed as sson as the search request is finished) */ -int ldb_extended_default_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares); + +int ldb_extended_default_callback(struct ldb_request *req, struct ldb_reply *ares); + /** Helper function to build a extended request @@ -1130,7 +1177,8 @@ int ldb_extended_default_callback(struct ldb_context *ldb, void *context, struct it needs to be NULL or a valid talloc pointer! talloc_get_type() will be used on it \param controls an array of controls \param context the callback function context - \param callback the callback function to handle the async replies + \param the callback function to handle the async replies + \param the parent request if any \return result code (LDB_SUCCESS on success, or a failure code) */ @@ -1141,7 +1189,8 @@ int ldb_build_extended_req(struct ldb_request **ret_req, void *data,/* NULL or a valid talloc pointer! talloc_get_type() will be used on it */ struct ldb_control **controls, void *context, - ldb_request_callback_t callback); + ldb_request_callback_t callback, + struct ldb_request *parent); /** call an extended operation diff --git a/source4/lib/ldb/include/ldb_private.h b/source4/lib/ldb/include/ldb_private.h index 30adadcfdc..a92549d9ce 100644 --- a/source4/lib/ldb/include/ldb_private.h +++ b/source4/lib/ldb/include/ldb_private.h @@ -43,6 +43,12 @@ struct ldb_module_ops; struct ldb_backend_ops; +struct ldb_handle { + int status; + enum ldb_state state; + struct ldb_context *ldb; +}; + /* basic module structure */ struct ldb_module { struct ldb_module *prev, *next; @@ -51,9 +57,8 @@ struct ldb_module { const struct ldb_module_ops *ops; }; -/* - these function pointers define the operations that a ldb module must perform - they correspond exactly to the ldb_*() interface +/* + these function pointers define the operations that a ldb module can intercept */ struct ldb_module_ops { const char *name; @@ -68,23 +73,10 @@ struct ldb_module_ops { int (*start_transaction)(struct ldb_module *); int (*end_transaction)(struct ldb_module *); int (*del_transaction)(struct ldb_module *); - int (*wait)(struct ldb_handle *, enum ldb_wait_type); int (*sequence_number)(struct ldb_module *, struct ldb_request *); void *private_data; }; - -typedef int (*ldb_connect_fn) (struct ldb_context *ldb, const char *url, unsigned int flags, const char *options[], - struct ldb_module **module); - - -struct ldb_backend_ops { - const char *name; - ldb_connect_fn connect_fn; -}; - -const char *ldb_default_modules_dir(void); - /* schema related information needed for matching rules */ @@ -146,27 +138,6 @@ int ldb_connect_backend(struct ldb_context *ldb, const char *url, const char *op struct ldb_module **backend_module); void ldb_set_default_dns(struct ldb_context *ldb); -/* The following definitions come from lib/ldb/common/ldb_modules.c */ - -const char **ldb_modules_list_from_string(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, const char *string); -int ldb_load_modules_list(struct ldb_context *ldb, const char **module_list, struct ldb_module *backend, struct ldb_module **out); -int ldb_load_modules(struct ldb_context *ldb, const char *options[]); -int ldb_init_module_chain(struct ldb_context *ldb, struct ldb_module *module); -int ldb_next_request(struct ldb_module *module, struct ldb_request *request); -int ldb_next_start_trans(struct ldb_module *module); -int ldb_next_end_trans(struct ldb_module *module); -int ldb_next_del_trans(struct ldb_module *module); -int ldb_next_init(struct ldb_module *module); - -void ldb_set_errstring(struct ldb_context *ldb, const char *err_string); -void ldb_asprintf_errstring(struct ldb_context *ldb, const char *format, ...) PRINTF_ATTRIBUTE(2,3); -void ldb_reset_err_string(struct ldb_context *ldb); - -int ldb_register_module(const struct ldb_module_ops *); -int ldb_register_backend(const char *url_prefix, ldb_connect_fn); -void *ldb_dso_load_symbol(struct ldb_context *ldb, const char *name, - const char *symbol); - /* The following definitions come from lib/ldb/common/ldb_debug.c */ void ldb_debug(struct ldb_context *ldb, enum ldb_debug_level level, const char *fmt, ...) PRINTF_ATTRIBUTE(3, 4); void ldb_debug_set(struct ldb_context *ldb, enum ldb_debug_level level, @@ -249,4 +220,57 @@ int ldb_sequence_number(struct ldb_context *ldb, enum ldb_sequence_type type, ui #define LDB_SEQ_TIMESTAMP_SEQUENCE 0x02 +/* MODULES specific headers -- SSS */ + +/* The following definitions come from lib/ldb/common/ldb_modules.c */ + +const char **ldb_modules_list_from_string(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, const char *string); +int ldb_load_modules_list(struct ldb_context *ldb, const char **module_list, struct ldb_module *backend, struct ldb_module **out); +int ldb_load_modules(struct ldb_context *ldb, const char *options[]); +int ldb_init_module_chain(struct ldb_context *ldb, struct ldb_module *module); +int ldb_next_request(struct ldb_module *module, struct ldb_request *request); +int ldb_next_start_trans(struct ldb_module *module); +int ldb_next_end_trans(struct ldb_module *module); +int ldb_next_del_trans(struct ldb_module *module); +int ldb_next_init(struct ldb_module *module); + +void ldb_set_errstring(struct ldb_context *ldb, const char *err_string); +void ldb_asprintf_errstring(struct ldb_context *ldb, const char *format, ...) PRINTF_ATTRIBUTE(2,3); +void ldb_reset_err_string(struct ldb_context *ldb); + +const char *ldb_default_modules_dir(void); + +int ldb_register_module(const struct ldb_module_ops *); + +typedef int (*ldb_connect_fn)(struct ldb_context *ldb, const char *url, + unsigned int flags, const char *options[], + struct ldb_module **module); + +struct ldb_backend_ops { + const char *name; + ldb_connect_fn connect_fn; +}; + +const char *ldb_default_modules_dir(void); + +int ldb_register_backend(const char *url_prefix, ldb_connect_fn); + +void *ldb_dso_load_symbol(struct ldb_context *ldb, const char *name, + const char *symbol); + +struct ldb_handle *ldb_handle_new(TALLOC_CTX *mem_ctx, struct ldb_context *ldb); + +int ldb_module_send_entry(struct ldb_request *req, + struct ldb_message *msg); + +int ldb_module_send_referral(struct ldb_request *req, + char *ref); + +int ldb_module_done(struct ldb_request *req, + struct ldb_control **ctrls, + struct ldb_extended *response, + int error); + +int ldb_mod_register_control(struct ldb_module *module, const char *oid); + #endif diff --git a/source4/lib/ldb/ldb.i b/source4/lib/ldb/ldb.i index 45978251f7..1e3a3169c8 100644 --- a/source4/lib/ldb/ldb.i +++ b/source4/lib/ldb/ldb.i @@ -737,15 +737,14 @@ typedef struct ldb_context { attrs, controls, res, - ldb_search_default_callback); + ldb_search_default_callback, + NULL); if (ret != LDB_SUCCESS) { talloc_free(res); return ret; } - ldb_set_timeout($self, req, 0); /* use default timeout */ - ret = ldb_request($self, req); if (ret == LDB_SUCCESS) { -- cgit From 0aeade2007ef789f5970efe2b69ff7fb83a12b83 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 11 Sep 2008 18:34:11 -0400 Subject: LDB ASYNC: ldb_tdb backend --- source4/lib/ldb/ldb_tdb/ldb_index.c | 61 +++--- source4/lib/ldb/ldb_tdb/ldb_search.c | 129 +++++-------- source4/lib/ldb/ldb_tdb/ldb_tdb.c | 353 +++++++++++++++++------------------ source4/lib/ldb/ldb_tdb/ldb_tdb.h | 14 +- 4 files changed, 242 insertions(+), 315 deletions(-) (limited to 'source4') diff --git a/source4/lib/ldb/ldb_tdb/ldb_index.c b/source4/lib/ldb/ldb_tdb/ldb_index.c index 269305a468..65711d9f4b 100644 --- a/source4/lib/ldb/ldb_tdb/ldb_index.c +++ b/source4/lib/ldb/ldb_tdb/ldb_index.c @@ -667,74 +667,58 @@ static int ltdb_index_dn(struct ldb_module *module, extracting just the given attributes */ static int ltdb_index_filter(const struct dn_list *dn_list, - struct ldb_handle *handle) + struct ltdb_context *ac) { - struct ltdb_context *ac = talloc_get_type(handle->private_data, struct ltdb_context); - struct ldb_reply *ares = NULL; + struct ldb_message *msg; unsigned int i; for (i = 0; i < dn_list->count; i++) { struct ldb_dn *dn; int ret; - ares = talloc_zero(ac, struct ldb_reply); - if (!ares) { - handle->status = LDB_ERR_OPERATIONS_ERROR; - handle->state = LDB_ASYNC_DONE; - return LDB_ERR_OPERATIONS_ERROR; - } - - ares->message = ldb_msg_new(ares); - if (!ares->message) { - handle->status = LDB_ERR_OPERATIONS_ERROR; - handle->state = LDB_ASYNC_DONE; - talloc_free(ares); + msg = ldb_msg_new(ac); + if (!msg) { return LDB_ERR_OPERATIONS_ERROR; } - - dn = ldb_dn_new(ares->message, ac->module->ldb, dn_list->dn[i]); + dn = ldb_dn_new(msg, ac->module->ldb, dn_list->dn[i]); if (dn == NULL) { - talloc_free(ares); + talloc_free(msg); return LDB_ERR_OPERATIONS_ERROR; } - ret = ltdb_search_dn1(ac->module, dn, ares->message); + ret = ltdb_search_dn1(ac->module, dn, msg); talloc_free(dn); if (ret == LDB_ERR_NO_SUCH_OBJECT) { /* the record has disappeared? yes, this can happen */ - talloc_free(ares); + talloc_free(msg); continue; } if (ret != LDB_SUCCESS && ret != LDB_ERR_NO_SUCH_OBJECT) { /* an internal error */ - talloc_free(ares); + talloc_free(msg); return LDB_ERR_OPERATIONS_ERROR; } - if (!ldb_match_msg(ac->module->ldb, ares->message, ac->tree, ac->base, ac->scope)) { - talloc_free(ares); + if (!ldb_match_msg(ac->module->ldb, msg, + ac->tree, ac->base, ac->scope)) { + talloc_free(msg); continue; } /* filter the attributes that the user wants */ - ret = ltdb_filter_attrs(ares->message, ac->attrs); + ret = ltdb_filter_attrs(msg, ac->attrs); if (ret == -1) { - handle->status = LDB_ERR_OPERATIONS_ERROR; - handle->state = LDB_ASYNC_DONE; - talloc_free(ares); + talloc_free(msg); return LDB_ERR_OPERATIONS_ERROR; } - ares->type = LDB_REPLY_ENTRY; - handle->state = LDB_ASYNC_PENDING; - handle->status = ac->callback(ac->module->ldb, ac->context, ares); - - if (handle->status != LDB_SUCCESS) { - handle->state = LDB_ASYNC_DONE; - return handle->status; + ret = ldb_module_send_entry(ac->req, msg); + if (ret != LDB_SUCCESS) { + ac->callback_failed = true; + return ret; } } @@ -746,9 +730,8 @@ static int ltdb_index_filter(const struct dn_list *dn_list, returns -1 if an indexed search is not possible, in which case the caller should call ltdb_search_full() */ -int ltdb_search_indexed(struct ldb_handle *handle) +int ltdb_search_indexed(struct ltdb_context *ac) { - struct ltdb_context *ac = talloc_get_type(handle->private_data, struct ltdb_context); struct ltdb_private *ltdb = talloc_get_type(ac->module->private_data, struct ltdb_private); struct dn_list *dn_list; int ret, idxattr, idxone; @@ -773,7 +756,7 @@ int ltdb_search_indexed(struct ldb_handle *handle) ret = LDB_ERR_OPERATIONS_ERROR; - dn_list = talloc_zero(handle, struct dn_list); + dn_list = talloc_zero(ac, struct dn_list); if (dn_list == NULL) { return LDB_ERR_OPERATIONS_ERROR; } @@ -810,9 +793,7 @@ int ltdb_search_indexed(struct ldb_handle *handle) if (ret == LDB_SUCCESS) { /* we've got a candidate list - now filter by the full tree and extract the needed attributes */ - ret = ltdb_index_filter(dn_list, handle); - handle->status = ret; - handle->state = LDB_ASYNC_DONE; + ret = ltdb_index_filter(dn_list, ac); } talloc_free(dn_list); diff --git a/source4/lib/ldb/ldb_tdb/ldb_search.c b/source4/lib/ldb/ldb_tdb/ldb_search.c index da899c361e..a220b4a628 100644 --- a/source4/lib/ldb/ldb_tdb/ldb_search.c +++ b/source4/lib/ldb/ldb_tdb/ldb_search.c @@ -395,71 +395,57 @@ int ltdb_filter_attrs(struct ldb_message *msg, const char * const *attrs) */ static int search_func(struct tdb_context *tdb, TDB_DATA key, TDB_DATA data, void *state) { - struct ldb_handle *handle = talloc_get_type(state, struct ldb_handle); - struct ltdb_context *ac = talloc_get_type(handle->private_data, struct ltdb_context); - struct ldb_reply *ares = NULL; + struct ltdb_context *ac; + struct ldb_message *msg; int ret; + ac = talloc_get_type(state, struct ltdb_context); + if (key.dsize < 4 || strncmp((char *)key.dptr, "DN=", 3) != 0) { return 0; } - ares = talloc_zero(ac, struct ldb_reply); - if (!ares) { - handle->status = LDB_ERR_OPERATIONS_ERROR; - handle->state = LDB_ASYNC_DONE; - return -1; - } - - ares->message = ldb_msg_new(ares); - if (!ares->message) { - handle->status = LDB_ERR_OPERATIONS_ERROR; - handle->state = LDB_ASYNC_DONE; - talloc_free(ares); + msg = ldb_msg_new(ac); + if (!msg) { return -1; } /* unpack the record */ - ret = ltdb_unpack_data(ac->module, &data, ares->message); + ret = ltdb_unpack_data(ac->module, &data, msg); if (ret == -1) { - talloc_free(ares); + talloc_free(msg); return -1; } - if (!ares->message->dn) { - ares->message->dn = ldb_dn_new(ares->message, ac->module->ldb, (char *)key.dptr + 3); - if (ares->message->dn == NULL) { - handle->status = LDB_ERR_OPERATIONS_ERROR; - handle->state = LDB_ASYNC_DONE; - talloc_free(ares); + if (!msg->dn) { + msg->dn = ldb_dn_new(msg, ac->module->ldb, + (char *)key.dptr + 3); + if (msg->dn == NULL) { + talloc_free(msg); return -1; } } /* see if it matches the given expression */ - if (!ldb_match_msg(ac->module->ldb, ares->message, ac->tree, - ac->base, ac->scope)) { - talloc_free(ares); + if (!ldb_match_msg(ac->module->ldb, msg, + ac->tree, ac->base, ac->scope)) { + talloc_free(msg); return 0; } /* filter the attributes that the user wants */ - ret = ltdb_filter_attrs(ares->message, ac->attrs); + ret = ltdb_filter_attrs(msg, ac->attrs); if (ret == -1) { - handle->status = LDB_ERR_OPERATIONS_ERROR; - handle->state = LDB_ASYNC_DONE; - talloc_free(ares); + talloc_free(msg); return -1; } - ares->type = LDB_REPLY_ENTRY; - handle->state = LDB_ASYNC_PENDING; - handle->status = ac->callback(ac->module->ldb, ac->context, ares); - - if (handle->status != LDB_SUCCESS) { - /* don't try to free ares here, the callback is in charge of that */ + ret = ldb_module_send_entry(ac->req, msg); + if (ret != LDB_SUCCESS) { + ac->callback_failed = true; + /* the callback failed, abort the operation */ return -1; } @@ -471,23 +457,21 @@ static int search_func(struct tdb_context *tdb, TDB_DATA key, TDB_DATA data, voi search the database with a LDAP-like expression. this is the "full search" non-indexed variant */ -static int ltdb_search_full(struct ldb_handle *handle) +static int ltdb_search_full(struct ltdb_context *ctx) { - struct ltdb_context *ac = talloc_get_type(handle->private_data, struct ltdb_context); - struct ltdb_private *ltdb = talloc_get_type(ac->module->private_data, struct ltdb_private); + struct ltdb_private *ltdb = talloc_get_type(ctx->module->private_data, struct ltdb_private); int ret; if (ltdb->in_transaction != 0) { - ret = tdb_traverse(ltdb->tdb, search_func, handle); + ret = tdb_traverse(ltdb->tdb, search_func, ctx); } else { - ret = tdb_traverse_read(ltdb->tdb, search_func, handle); + ret = tdb_traverse_read(ltdb->tdb, search_func, ctx); } if (ret == -1) { - handle->status = LDB_ERR_OPERATIONS_ERROR; + return LDB_ERR_OPERATIONS_ERROR; } - handle->state = LDB_ASYNC_DONE; return LDB_SUCCESS; } @@ -495,13 +479,15 @@ static int ltdb_search_full(struct ldb_handle *handle) search the database with a LDAP-like expression. choses a search method */ -int ltdb_search(struct ldb_module *module, struct ldb_request *req) +int ltdb_search(struct ltdb_context *ctx) { + struct ldb_module *module = ctx->module; + struct ldb_request *req = ctx->req; struct ltdb_private *ltdb = talloc_get_type(module->private_data, struct ltdb_private); - struct ltdb_context *ltdb_ac; - struct ldb_reply *ares; int ret; + req->handle->state = LDB_ASYNC_PENDING; + if (ltdb_lock_read(module) != 0) { return LDB_ERR_OPERATIONS_ERROR; } @@ -516,12 +502,6 @@ int ltdb_search(struct ldb_module *module, struct ldb_request *req) return LDB_ERR_OPERATIONS_ERROR; } - req->handle = init_ltdb_handle(ltdb, module, req); - if (req->handle == NULL) { - ltdb_unlock_read(module); - return LDB_ERR_OPERATIONS_ERROR; - } - if ((req->op.search.base == NULL) || (ldb_dn_is_null(req->op.search.base) == true)) { /* Check what we should do with a NULL dn */ @@ -564,53 +544,32 @@ int ltdb_search(struct ldb_module *module, struct ldb_request *req) ret = LDB_SUCCESS; } - ltdb_ac = talloc_get_type(req->handle->private_data, struct ltdb_context); - - ltdb_ac->tree = req->op.search.tree; - ltdb_ac->scope = req->op.search.scope; - ltdb_ac->base = req->op.search.base; - ltdb_ac->attrs = req->op.search.attrs; - + ctx->tree = req->op.search.tree; + ctx->scope = req->op.search.scope; + ctx->base = req->op.search.base; + ctx->attrs = req->op.search.attrs; if (ret == LDB_SUCCESS) { - ret = ltdb_search_indexed(req->handle); + ret = ltdb_search_indexed(ctx); if (ret == LDB_ERR_NO_SUCH_OBJECT) { /* Not in the index, therefore OK! */ ret = LDB_SUCCESS; - } else if (ret == LDB_ERR_OPERATIONS_ERROR) { + } + /* Check if we got just a normal error. + * In that case proceed to a full search unless we got a + * callback error */ + if ( ! ctx->callback_failed && ret != LDB_SUCCESS) { /* Not indexed, so we need to do a full scan */ - ret = ltdb_search_full(req->handle); + ret = ltdb_search_full(ctx); if (ret != LDB_SUCCESS) { ldb_set_errstring(module->ldb, "Indexed and full searches both failed!\n"); } } } - if (ret != LDB_SUCCESS) { - req->handle->state = LDB_ASYNC_DONE; - req->handle->status = ret; - } - - /* Finally send an LDB_REPLY_DONE packet when searching is finished */ - - ares = talloc_zero(req, struct ldb_reply); - if (!ares) { - ltdb_unlock_read(module); - return LDB_ERR_OPERATIONS_ERROR; - } - - req->handle->state = LDB_ASYNC_DONE; - - if (ret == LDB_SUCCESS) { - ares->type = LDB_REPLY_DONE; - - ret = req->callback(module->ldb, req->context, ares); - req->handle->status = ret; - } - ltdb_unlock_read(module); - return LDB_SUCCESS; + return ret; } diff --git a/source4/lib/ldb/ldb_tdb/ldb_tdb.c b/source4/lib/ldb/ldb_tdb/ldb_tdb.c index 01d570c89a..0087f6c44d 100644 --- a/source4/lib/ldb/ldb_tdb/ldb_tdb.c +++ b/source4/lib/ldb/ldb_tdb/ldb_tdb.c @@ -3,7 +3,7 @@ Copyright (C) Andrew Tridgell 2004 Copyright (C) Stefan Metzmacher 2004 - Copyright (C) Simo Sorce 2006 + Copyright (C) Simo Sorce 2006-2008 ** NOTE! The following LGPL license applies to the ldb @@ -39,6 +39,10 @@ * - description: make the module use asyncronous calls * date: Feb 2006 * Author: Simo Sorce + * + * - description: make it possible to use event contexts + * date: Jan 2008 + * Author: Simo Sorce */ #include "ldb_includes.h" @@ -76,40 +80,6 @@ static int ltdb_err_map(enum TDB_ERROR tdb_code) } -struct ldb_handle *init_ltdb_handle(struct ltdb_private *ltdb, - struct ldb_module *module, - struct ldb_request *req) -{ - struct ltdb_context *ac; - struct ldb_handle *h; - - h = talloc_zero(req, struct ldb_handle); - if (h == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); - return NULL; - } - - h->module = module; - - ac = talloc_zero(h, struct ltdb_context); - if (ac == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); - talloc_free(h); - return NULL; - } - - h->private_data = (void *)ac; - - h->state = LDB_ASYNC_INIT; - h->status = LDB_SUCCESS; - - ac->module = module; - ac->context = req->context; - ac->callback = req->callback; - - return h; -} - /* form a TDB_DATA for a record key caller frees @@ -296,36 +266,20 @@ static int ltdb_add_internal(struct ldb_module *module, /* add a record to the database */ -static int ltdb_add(struct ldb_module *module, struct ldb_request *req) +static int ltdb_add(struct ltdb_context *ctx) { - struct ltdb_private *ltdb; - struct ltdb_context *ltdb_ac; - int tret, ret = LDB_SUCCESS; - - ltdb = talloc_get_type(module->private_data, struct ltdb_private); - - if (check_critical_controls(req->controls)) { - return LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION; - } + struct ldb_module *module = ctx->module; + struct ldb_request *req = ctx->req; + int tret; - req->handle = init_ltdb_handle(ltdb, module, req); - if (req->handle == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - ltdb_ac = talloc_get_type(req->handle->private_data, struct ltdb_context); + req->handle->state = LDB_ASYNC_PENDING; tret = ltdb_add_internal(module, req->op.add.message); if (tret != LDB_SUCCESS) { - req->handle->status = tret; - goto done; + return tret; } - if (ltdb_ac->callback) { - ret = ltdb_ac->callback(module->ldb, ltdb_ac->context, NULL); - } -done: - req->handle->state = LDB_ASYNC_DONE; - return ret; + return LDB_SUCCESS; } /* @@ -402,42 +356,24 @@ done: /* delete a record from the database */ -static int ltdb_delete(struct ldb_module *module, struct ldb_request *req) +static int ltdb_delete(struct ltdb_context *ctx) { - struct ltdb_private *ltdb; - struct ltdb_context *ltdb_ac; - int tret, ret = LDB_SUCCESS; - - ltdb = talloc_get_type(module->private_data, struct ltdb_private); - - if (check_critical_controls(req->controls)) { - return LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION; - } + struct ldb_module *module = ctx->module; + struct ldb_request *req = ctx->req; + int tret; - req->handle = NULL; + req->handle->state = LDB_ASYNC_PENDING; if (ltdb_cache_load(module) != 0) { return LDB_ERR_OPERATIONS_ERROR; } - req->handle = init_ltdb_handle(ltdb, module, req); - if (req->handle == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - ltdb_ac = talloc_get_type(req->handle->private_data, struct ltdb_context); - tret = ltdb_delete_internal(module, req->op.del.dn); if (tret != LDB_SUCCESS) { - req->handle->status = tret; - goto done; + return tret; } - if (ltdb_ac->callback) { - ret = ltdb_ac->callback(module->ldb, ltdb_ac->context, NULL); - } -done: - req->handle->state = LDB_ASYNC_DONE; - return ret; + return LDB_SUCCESS; } /* @@ -784,83 +720,50 @@ failed: /* modify a record */ -static int ltdb_modify(struct ldb_module *module, struct ldb_request *req) +static int ltdb_modify(struct ltdb_context *ctx) { - struct ltdb_private *ltdb; - struct ltdb_context *ltdb_ac; - int tret, ret = LDB_SUCCESS; - - ltdb = talloc_get_type(module->private_data, struct ltdb_private); - - if (check_critical_controls(req->controls)) { - return LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION; - } - - req->handle = NULL; + struct ldb_module *module = ctx->module; + struct ldb_request *req = ctx->req; + int tret; - req->handle = init_ltdb_handle(ltdb, module, req); - if (req->handle == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - ltdb_ac = talloc_get_type(req->handle->private_data, struct ltdb_context); + req->handle->state = LDB_ASYNC_PENDING; tret = ltdb_check_special_dn(module, req->op.mod.message); if (tret != LDB_SUCCESS) { - req->handle->status = tret; - goto done; + return tret; } if (ltdb_cache_load(module) != 0) { - ret = LDB_ERR_OPERATIONS_ERROR; - goto done; + return LDB_ERR_OPERATIONS_ERROR; } tret = ltdb_modify_internal(module, req->op.mod.message); if (tret != LDB_SUCCESS) { - req->handle->status = tret; - goto done; + return tret; } - if (ltdb_ac->callback) { - ret = ltdb_ac->callback(module->ldb, ltdb_ac->context, NULL); - } -done: - req->handle->state = LDB_ASYNC_DONE; - return ret; + return LDB_SUCCESS; } /* rename a record */ -static int ltdb_rename(struct ldb_module *module, struct ldb_request *req) +static int ltdb_rename(struct ltdb_context *ctx) { - struct ltdb_private *ltdb; - struct ltdb_context *ltdb_ac; + struct ldb_module *module = ctx->module; + struct ldb_request *req = ctx->req; struct ldb_message *msg; - int tret, ret = LDB_SUCCESS; - - ltdb = talloc_get_type(module->private_data, struct ltdb_private); - - if (check_critical_controls(req->controls)) { - return LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION; - } - - req->handle = NULL; + int tret; - if (ltdb_cache_load(module) != 0) { - return LDB_ERR_OPERATIONS_ERROR; - } + req->handle->state = LDB_ASYNC_PENDING; - req->handle = init_ltdb_handle(ltdb, module, req); - if (req->handle == NULL) { + if (ltdb_cache_load(ctx->module) != 0) { return LDB_ERR_OPERATIONS_ERROR; } - ltdb_ac = talloc_get_type(req->handle->private_data, struct ltdb_context); - msg = talloc(ltdb_ac, struct ldb_message); + msg = talloc(ctx, struct ldb_message); if (msg == NULL) { - ret = LDB_ERR_OPERATIONS_ERROR; - goto done; + return LDB_ERR_OPERATIONS_ERROR; } /* in case any attribute of the message was indexed, we need @@ -868,14 +771,12 @@ static int ltdb_rename(struct ldb_module *module, struct ldb_request *req) tret = ltdb_search_dn1(module, req->op.rename.olddn, msg); if (tret != LDB_SUCCESS) { /* not finding the old record is an error */ - req->handle->status = tret; - goto done; + return tret; } msg->dn = ldb_dn_copy(msg, req->op.rename.newdn); if (!msg->dn) { - ret = LDB_ERR_OPERATIONS_ERROR; - goto done; + return LDB_ERR_OPERATIONS_ERROR; } if (ldb_dn_compare(req->op.rename.olddn, req->op.rename.newdn) == 0) { @@ -886,38 +787,32 @@ static int ltdb_rename(struct ldb_module *module, struct ldb_request *req) The only drawback to this is that if the delete succeeds but the add fails, we rely on the transaction to roll this all back. */ - ret = ltdb_delete_internal(module, req->op.rename.olddn); - if (ret != LDB_SUCCESS) { - goto done; + tret = ltdb_delete_internal(module, req->op.rename.olddn); + if (tret != LDB_SUCCESS) { + return tret; } - ret = ltdb_add_internal(module, msg); - if (ret != LDB_SUCCESS) { - goto done; + tret = ltdb_add_internal(module, msg); + if (tret != LDB_SUCCESS) { + return tret; } } else { /* The rename operation is changing DNs. Try to add the new DN first to avoid clobbering another DN not related to this rename operation. */ - ret = ltdb_add_internal(module, msg); - if (ret != LDB_SUCCESS) { - goto done; + tret = ltdb_add_internal(module, msg); + if (tret != LDB_SUCCESS) { + return tret; } tret = ltdb_delete_internal(module, req->op.rename.olddn); if (tret != LDB_SUCCESS) { ltdb_delete_internal(module, req->op.rename.newdn); - ret = LDB_ERR_OPERATIONS_ERROR; - goto done; + return LDB_ERR_OPERATIONS_ERROR; } } - if (ltdb_ac->callback) { - ret = ltdb_ac->callback(module->ldb, ltdb_ac->context, NULL); - } -done: - req->handle->state = LDB_ASYNC_DONE; - return ret; + return LDB_SUCCESS; } static int ltdb_start_trans(struct ldb_module *module) @@ -962,24 +857,6 @@ static int ltdb_del_trans(struct ldb_module *module) return LDB_SUCCESS; } -static int ltdb_wait(struct ldb_handle *handle, enum ldb_wait_type type) -{ - return handle->status; -} - -static int ltdb_request(struct ldb_module *module, struct ldb_request *req) -{ - /* check for oustanding critical controls - * and return an error if found */ - if (check_critical_controls(req->controls)) { - return LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION; - } - - /* search, add, modify, delete, rename are handled by their own, - * no other op supported */ - return LDB_ERR_OPERATIONS_ERROR; -} - /* return sequenceNumber from @BASEINFO */ @@ -1013,7 +890,7 @@ static int ltdb_sequence_number(struct ldb_module *module, talloc_free(tmp_ctx); /* zero is as good as anything when we don't know */ req->op.seq_num.seq_num = 0; - return LDB_SUCCESS; + return tret; } switch (req->op.seq_num.type) { @@ -1034,22 +911,136 @@ static int ltdb_sequence_number(struct ldb_module *module, } break; } + talloc_free(tmp_ctx); + + return LDB_SUCCESS; +} + +void ltdb_request_done(struct ldb_request *req, int error) +{ + struct ldb_reply *ares; + + /* if we already returned an error just return */ + if (req->handle->status != LDB_SUCCESS) { + return; + } + + ares = talloc_zero(req, struct ldb_reply); + if (!ares) { + ldb_oom(req->handle->ldb); + req->callback(req, NULL); + return; + } + ares->type = LDB_REPLY_DONE; + ares->error = error; + + req->callback(req, ares); +} + +static void ltdb_timeout(struct event_context *ev, + struct timed_event *te, + struct timeval t, + void *private_data) +{ + struct ltdb_context *ctx; + ctx = talloc_get_type(private_data, struct ltdb_context); + + ltdb_request_done(ctx->req, LDB_ERR_TIME_LIMIT_EXCEEDED); +} + +static void ltdb_callback(struct event_context *ev, + struct timed_event *te, + struct timeval t, + void *private_data) +{ + struct ltdb_context *ctx; + int ret; + + ctx = talloc_get_type(private_data, struct ltdb_context); + + switch (ctx->req->operation) { + case LDB_SEARCH: + ret = ltdb_search(ctx); + break; + case LDB_ADD: + ret = ltdb_add(ctx); + break; + case LDB_MODIFY: + ret = ltdb_modify(ctx); + break; + case LDB_DELETE: + ret = ltdb_delete(ctx); + break; + case LDB_RENAME: + ret = ltdb_rename(ctx); + break; + default: + /* no other op supported */ + ret = LDB_ERR_UNWILLING_TO_PERFORM; + } + + if (!ctx->callback_failed) { + ltdb_request_done(ctx->req, ret); + } +} + +static int ltdb_handle_request(struct ldb_module *module, + struct ldb_request *req) +{ + struct event_context *ev; + struct ltdb_context *ac; + struct timed_event *te; + struct timeval tv; + + if (check_critical_controls(req->controls)) { + return LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION; + } + + if (req->starttime == 0 || req->timeout == 0) { + ldb_set_errstring(module->ldb, "Invalid timeout settings"); + return LDB_ERR_TIME_LIMIT_EXCEEDED; + } + + ev = ldb_get_event_context(module->ldb); + + ac = talloc_zero(req, struct ltdb_context); + if (ac == NULL) { + ldb_set_errstring(module->ldb, "Out of Memory"); + return LDB_ERR_OPERATIONS_ERROR; + } + + ac->module = module; + ac->req = req; + + tv.tv_sec = 0; + tv.tv_usec = 0; + te = event_add_timed(ev, ac, tv, ltdb_callback, ac); + if (NULL == te) { + return LDB_ERR_OPERATIONS_ERROR; + } + + + tv.tv_sec = req->starttime + req->timeout; + te = event_add_timed(ev, ac, tv, ltdb_timeout, ac); + if (NULL == te) { + return LDB_ERR_OPERATIONS_ERROR; + } + return LDB_SUCCESS; } static const struct ldb_module_ops ltdb_ops = { .name = "tdb", - .search = ltdb_search, - .add = ltdb_add, - .modify = ltdb_modify, - .del = ltdb_delete, - .rename = ltdb_rename, - .request = ltdb_request, + .search = ltdb_handle_request, + .add = ltdb_handle_request, + .modify = ltdb_handle_request, + .del = ltdb_handle_request, + .rename = ltdb_handle_request, +/* .request = ltdb_handle_request, */ .start_transaction = ltdb_start_trans, .end_transaction = ltdb_end_trans, .del_transaction = ltdb_del_trans, - .wait = ltdb_wait, .sequence_number = ltdb_sequence_number }; @@ -1114,7 +1105,7 @@ static int ltdb_connect(struct ldb_context *ldb, const char *url, ltdb->sequence_number = 0; *module = talloc(ldb, struct ldb_module); - if (!module) { + if ((*module) == NULL) { ldb_oom(ldb); talloc_free(ltdb); return -1; diff --git a/source4/lib/ldb/ldb_tdb/ldb_tdb.h b/source4/lib/ldb/ldb_tdb/ldb_tdb.h index 4beced30eb..223181ca0b 100644 --- a/source4/lib/ldb/ldb_tdb/ldb_tdb.h +++ b/source4/lib/ldb/ldb_tdb/ldb_tdb.h @@ -41,16 +41,15 @@ struct ltdb_private { */ struct ltdb_context { struct ldb_module *module; + struct ldb_request *req; + + bool callback_failed; /* search stuff */ const struct ldb_parse_tree *tree; struct ldb_dn *base; enum ldb_scope scope; const char * const *attrs; - - /* async stuff */ - void *context; - int (*callback)(struct ldb_context *, void *, struct ldb_reply *); }; /* special record types */ @@ -80,7 +79,7 @@ int ltdb_check_at_attributes_values(const struct ldb_val *value); struct ldb_parse_tree; -int ltdb_search_indexed(struct ldb_handle *handle); +int ltdb_search_indexed(struct ltdb_context *ctx); int ltdb_index_add(struct ldb_module *module, const struct ldb_message *msg); int ltdb_index_del(struct ldb_module *module, const struct ldb_message *msg); int ltdb_index_one(struct ldb_module *module, const struct ldb_message *msg, int add); @@ -110,11 +109,9 @@ int ltdb_add_attr_results(struct ldb_module *module, unsigned int *count, struct ldb_message ***res); int ltdb_filter_attrs(struct ldb_message *msg, const char * const *attrs); -int ltdb_search(struct ldb_module *module, struct ldb_request *req); +int ltdb_search(struct ltdb_context *ctx); /* The following definitions come from lib/ldb/ldb_tdb/ldb_tdb.c */ -struct ldb_handle *init_ltdb_handle(struct ltdb_private *ltdb, struct ldb_module *module, - struct ldb_request *req); struct TDB_DATA ltdb_key(struct ldb_module *module, struct ldb_dn *dn); int ltdb_store(struct ldb_module *module, const struct ldb_message *msg, int flgs); int ltdb_delete_noindex(struct ldb_module *module, struct ldb_dn *dn); @@ -127,4 +124,3 @@ struct tdb_context *ltdb_wrap_open(TALLOC_CTX *mem_ctx, const char *path, int hash_size, int tdb_flags, int open_flags, mode_t mode, struct ldb_context *ldb); - -- cgit From 9f7c2548d9da848397b4730f02c7c47f23e259dc Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 11 Sep 2008 18:34:56 -0400 Subject: LDB ASYNC: other backends --- source4/lib/ldb/ldb_ildap/ldb_ildap.c | 483 ++++++++++++------------ source4/lib/ldb/ldb_ldap/ldb_ldap.c | 588 ++++++++++++++++-------------- source4/lib/ldb/ldb_sqlite3/ldb_sqlite3.c | 130 ++++--- 3 files changed, 619 insertions(+), 582 deletions(-) (limited to 'source4') diff --git a/source4/lib/ldb/ldb_ildap/ldb_ildap.c b/source4/lib/ldb/ldb_ildap/ldb_ildap.c index 5ad671ea2e..4aa71e6036 100644 --- a/source4/lib/ldb/ldb_ildap/ldb_ildap.c +++ b/source4/lib/ldb/ldb_ildap/ldb_ildap.c @@ -53,17 +53,57 @@ struct ildb_private { struct ldap_connection *ldap; - struct ldb_module *module; + struct event_context *event_ctx; }; struct ildb_context { + struct ldb_module *module; + struct ldb_request *req; + struct ildb_private *ildb; - struct ldb_handle *handle; - struct ldap_request *req; - void *context; - int (*callback)(struct ldb_context *, void *, struct ldb_reply *); + struct ldap_request *ireq; + + bool done; + + struct ildb_destructor_ctx *dc; }; +static void ildb_request_done(struct ildb_context *ctx, + struct ldb_control **ctrls, int error) +{ + struct ldb_reply *ares; + + ctx->done = true; + + if (ctx->req == NULL) { + /* if the req has been freed already just return */ + return; + } + + ares = talloc_zero(ctx->req, struct ldb_reply); + if (!ares) { + ldb_oom(ctx->req->handle->ldb); + ctx->req->callback(ctx->req, NULL); + return; + } + ares->type = LDB_REPLY_DONE; + ares->controls = talloc_steal(ares, ctrls); + ares->error = error; + + ctx->req->callback(ctx->req, ares); +} + +static void ildb_auto_done_callback(struct event_context *ev, + struct timed_event *te, + struct timeval t, + void *private_data) +{ + struct ildb_context *ac; + + ac = talloc_get_type(private_data, struct ildb_context); + ildb_request_done(ac, NULL, LDB_SUCCESS); +} + /* convert a ldb_message structure to a list of ldap_mod structures ready for ildap_add() or ildap_modify() @@ -122,17 +162,19 @@ failed: /* map an ildap NTSTATUS to a ldb error code */ -static int ildb_map_error(struct ildb_private *ildb, NTSTATUS status) +static int ildb_map_error(struct ldb_module *module, NTSTATUS status) { + struct ildb_private *ildb = talloc_get_type(module->private_data, struct ildb_private); + TALLOC_CTX *mem_ctx = talloc_new(ildb); if (NT_STATUS_IS_OK(status)) { return LDB_SUCCESS; } if (!mem_ctx) { - ldb_oom(ildb->module->ldb); + ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } - ldb_set_errstring(ildb->module->ldb, + ldb_set_errstring(module->ldb, ldap_errstr(ildb->ldap, mem_ctx, status)); talloc_free(mem_ctx); if (NT_STATUS_IS_LDAP(status)) { @@ -141,47 +183,46 @@ static int ildb_map_error(struct ildb_private *ildb, NTSTATUS status) return LDB_ERR_OPERATIONS_ERROR; } -static void ildb_request_timeout(struct event_context *ev, - struct timed_event *te, +static void ildb_request_timeout(struct event_context *ev, struct timed_event *te, struct timeval t, void *private_data) { - struct ildb_context *ac; - struct ldb_handle *handle; - - ac = talloc_get_type(private_data, struct ildb_context); - handle = ac->handle; - - ac = talloc_get_type(private_data, struct ildb_context); + struct ildb_context *ac = talloc_get_type(private_data, struct ildb_context); - if (ac->req->state == LDAP_REQUEST_PENDING) { - DLIST_REMOVE(ac->req->conn->pending, ac->req); + if (ac->ireq->state == LDAP_REQUEST_PENDING) { + DLIST_REMOVE(ac->ireq->conn->pending, ac->ireq); } - handle->status = LDB_ERR_TIME_LIMIT_EXCEEDED; - - return; + ildb_request_done(ac, NULL, LDB_ERR_TIME_LIMIT_EXCEEDED); } static void ildb_callback(struct ldap_request *req) { struct ildb_context *ac; - struct ldb_handle *handle; - struct ildb_private *ildb; NTSTATUS status; + struct ldap_SearchResEntry *search; + struct ldap_message *msg; + struct ldb_control **controls; + struct ldb_message *ldbmsg; + char *referral; + bool callback_failed; + bool request_done; + int ret; int i; ac = talloc_get_type(req->async.private_data, struct ildb_context); - ildb = ac->ildb; - handle = ac->handle; - handle->status = LDB_SUCCESS; + callback_failed = false; + request_done = false; + controls = NULL; if (!NT_STATUS_IS_OK(req->status)) { - handle->status = ildb_map_error(ildb, req->status); + ret = ildb_map_error(ac->module, req->status); + ildb_request_done(ac, NULL, ret); return; } if (req->num_replies < 1) { - handle->status = LDB_ERR_OPERATIONS_ERROR; + ret = LDB_ERR_OPERATIONS_ERROR; + ildb_request_done(ac, NULL, ret); return; } @@ -189,140 +230,112 @@ static void ildb_callback(struct ldap_request *req) case LDAP_TAG_ModifyRequest: if (req->replies[0]->type != LDAP_TAG_ModifyResponse) { - handle->status = LDB_ERR_PROTOCOL_ERROR; - return; + ret = LDB_ERR_PROTOCOL_ERROR; + break; } - status = ldap_check_response(req->conn, &req->replies[0]->r.GeneralResult); - handle->status = ildb_map_error(ildb, status); - if (ac->callback && handle->status == LDB_SUCCESS) { - /* FIXME: build a corresponding ares to pass on */ - handle->status = ac->callback(ac->ildb->module->ldb, ac->context, NULL); - } - handle->state = LDB_ASYNC_DONE; + status = ldap_check_response(ac->ireq->conn, &req->replies[0]->r.GeneralResult); + ret = ildb_map_error(ac->module, status); + request_done = true; break; case LDAP_TAG_AddRequest: if (req->replies[0]->type != LDAP_TAG_AddResponse) { - handle->status = LDB_ERR_PROTOCOL_ERROR; + ret = LDB_ERR_PROTOCOL_ERROR; return; } - status = ldap_check_response(req->conn, &req->replies[0]->r.GeneralResult); - handle->status = ildb_map_error(ildb, status); - if (ac->callback && handle->status == LDB_SUCCESS) { - /* FIXME: build a corresponding ares to pass on */ - handle->status = ac->callback(ac->ildb->module->ldb, ac->context, NULL); - } - handle->state = LDB_ASYNC_DONE; + status = ldap_check_response(ac->ireq->conn, &req->replies[0]->r.GeneralResult); + ret = ildb_map_error(ac->module, status); + request_done = true; break; case LDAP_TAG_DelRequest: if (req->replies[0]->type != LDAP_TAG_DelResponse) { - handle->status = LDB_ERR_PROTOCOL_ERROR; + ret = LDB_ERR_PROTOCOL_ERROR; return; } - status = ldap_check_response(req->conn, &req->replies[0]->r.GeneralResult); - handle->status = ildb_map_error(ildb, status); - if (ac->callback && handle->status == LDB_SUCCESS) { - /* FIXME: build a corresponding ares to pass on */ - handle->status = ac->callback(ac->ildb->module->ldb, ac->context, NULL); - } - handle->state = LDB_ASYNC_DONE; + status = ldap_check_response(ac->ireq->conn, &req->replies[0]->r.GeneralResult); + ret = ildb_map_error(ac->module, status); + request_done = true; break; case LDAP_TAG_ModifyDNRequest: if (req->replies[0]->type != LDAP_TAG_ModifyDNResponse) { - handle->status = LDB_ERR_PROTOCOL_ERROR; + ret = LDB_ERR_PROTOCOL_ERROR; return; } - status = ldap_check_response(req->conn, &req->replies[0]->r.GeneralResult); - handle->status = ildb_map_error(ildb, status); - if (ac->callback && handle->status == LDB_SUCCESS) { - /* FIXME: build a corresponding ares to pass on */ - handle->status = ac->callback(ac->ildb->module->ldb, ac->context, NULL); - } - handle->state = LDB_ASYNC_DONE; + status = ldap_check_response(ac->ireq->conn, &req->replies[0]->r.GeneralResult); + ret = ildb_map_error(ac->module, status); + request_done = true; break; case LDAP_TAG_SearchRequest: /* loop over all messages */ for (i = 0; i < req->num_replies; i++) { - struct ldap_SearchResEntry *search; - struct ldb_reply *ares = NULL; - struct ldap_message *msg; - int ret; - - ares = talloc_zero(ac, struct ldb_reply); - if (!ares) { - handle->status = LDB_ERR_OPERATIONS_ERROR; - return; - } msg = req->replies[i]; switch (msg->type) { case LDAP_TAG_SearchResultDone: - status = ldap_check_response(req->conn, &msg->r.GeneralResult); + status = ldap_check_response(ac->ireq->conn, &msg->r.GeneralResult); if (!NT_STATUS_IS_OK(status)) { - handle->status = ildb_map_error(ildb, status); - return; + ret = ildb_map_error(ac->module, status); + break; } - ares->controls = talloc_move(ares, &msg->controls); + controls = talloc_steal(ac, msg->controls); if (msg->r.SearchResultDone.resultcode) { if (msg->r.SearchResultDone.errormessage) { - ldb_set_errstring(ac->ildb->module->ldb, msg->r.SearchResultDone.errormessage); + ldb_set_errstring(ac->module->ldb, msg->r.SearchResultDone.errormessage); } } - handle->status = msg->r.SearchResultDone.resultcode; - handle->state = LDB_ASYNC_DONE; - ares->type = LDB_REPLY_DONE; + ret = msg->r.SearchResultDone.resultcode; + request_done = true; break; case LDAP_TAG_SearchResultEntry: - - ares->message = ldb_msg_new(ares); - if (!ares->message) { - handle->status = LDB_ERR_OPERATIONS_ERROR; - return; + ldbmsg = ldb_msg_new(ac); + if (!ldbmsg) { + ret = LDB_ERR_OPERATIONS_ERROR; + break; } search = &(msg->r.SearchResultEntry); - ares->message->dn = ldb_dn_new(ares->message, ac->ildb->module->ldb, search->dn); - if ( ! ldb_dn_validate(ares->message->dn)) { - handle->status = LDB_ERR_OPERATIONS_ERROR; - return; + ldbmsg->dn = ldb_dn_new(ldbmsg, ac->module->ldb, search->dn); + if ( ! ldb_dn_validate(ldbmsg->dn)) { + ret = LDB_ERR_OPERATIONS_ERROR; + break; } - ares->message->num_elements = search->num_attributes; - ares->message->elements = talloc_move(ares->message, - &search->attributes); + ldbmsg->num_elements = search->num_attributes; + ldbmsg->elements = talloc_move(ldbmsg, &search->attributes); - handle->status = LDB_SUCCESS; - handle->state = LDB_ASYNC_PENDING; - ares->type = LDB_REPLY_ENTRY; + ret = ldb_module_send_entry(ac->req, ldbmsg); + if (ret != LDB_SUCCESS) { + callback_failed = true; + } break; case LDAP_TAG_SearchResultReference: - ares->referral = talloc_strdup(ares, msg->r.SearchResultReference.referral); + referral = talloc_strdup(ac, msg->r.SearchResultReference.referral); - handle->status = LDB_SUCCESS; - handle->state = LDB_ASYNC_PENDING; - ares->type = LDB_REPLY_REFERRAL; + ret = ldb_module_send_referral(ac->req, referral); + if (ret != LDB_SUCCESS) { + callback_failed = true; + } break; default: /* TAG not handled, fail ! */ - handle->status = LDB_ERR_PROTOCOL_ERROR; - return; + ret = LDB_ERR_PROTOCOL_ERROR; + break; } - ret = ac->callback(ac->ildb->module->ldb, ac->context, ares); - if (ret) { - handle->status = ret; + if (ret != LDB_SUCCESS) { + break; } } @@ -333,121 +346,81 @@ static void ildb_callback(struct ldap_request *req) break; default: - handle->status = LDB_ERR_PROTOCOL_ERROR; - return; + ret = LDB_ERR_PROTOCOL_ERROR; + break; } -} -static struct ildb_context *init_ildb_handle(struct ildb_private *ildb, - struct ldb_request *req) -{ - struct ildb_context *ildb_ac; - struct ldb_handle *h; + if (ret != LDB_SUCCESS) { - h = talloc_zero(req, struct ldb_handle); - if (h == NULL) { - ldb_set_errstring(ildb->module->ldb, "Out of Memory"); - return NULL; + /* if the callback failed the caller will have freed the + * request. Just return and don't try to use it */ + if ( ! callback_failed) { + request_done = true; + } } - h->module = ildb->module; - - ildb_ac = talloc(h, struct ildb_context); - if (ildb_ac == NULL) { - ldb_set_errstring(ildb->module->ldb, "Out of Memory"); - talloc_free(h); - return NULL; + if (request_done) { + ildb_request_done(ac, controls, ret); } - - h->private_data = ildb_ac; - - h->state = LDB_ASYNC_INIT; - h->status = LDB_SUCCESS; - - ildb_ac->ildb = ildb; - ildb_ac->handle = h; - ildb_ac->context = req->context; - ildb_ac->callback = req->callback; - - req->handle = h; - return ildb_ac; + return; } -static int ildb_request_send(struct ildb_private *ildb, struct ldap_message *msg, struct ldb_request *r) +static int ildb_request_send(struct ildb_context *ac, struct ldap_message *msg) { - struct ildb_context *ildb_ac = init_ildb_handle(ildb, r); struct ldap_request *req; - if (!ildb_ac) { + if (!ac) { return LDB_ERR_OPERATIONS_ERROR; } - req = ldap_request_send(ildb->ldap, msg); + req = ldap_request_send(ac->ildb->ldap, msg); if (req == NULL) { - ldb_set_errstring(ildb->module->ldb, "async send request failed"); + ldb_set_errstring(ac->module->ldb, "async send request failed"); return LDB_ERR_OPERATIONS_ERROR; } - ildb_ac->req = talloc_steal(ildb_ac, req); + ac->ireq = talloc_steal(ac, req); - if (!req->conn) { - ldb_set_errstring(ildb->module->ldb, "connection to remote LDAP server dropped?"); + if (!ac->ireq->conn) { + ldb_set_errstring(ac->module->ldb, "connection to remote LDAP server dropped?"); return LDB_ERR_OPERATIONS_ERROR; } talloc_free(req->time_event); req->time_event = NULL; - if (r->timeout) { - req->time_event = event_add_timed(req->conn->event.event_ctx, ildb_ac, - timeval_current_ofs(r->timeout, 0), - ildb_request_timeout, ildb_ac); + if (ac->req->timeout) { + req->time_event = event_add_timed(ac->ildb->event_ctx, ac, + timeval_current_ofs(ac->req->timeout, 0), + ildb_request_timeout, ac); } req->async.fn = ildb_callback; - req->async.private_data = ildb_ac; + req->async.private_data = ac; return LDB_SUCCESS; } -static int ildb_request_noop(struct ildb_private *ildb, struct ldb_request *req) -{ - struct ildb_context *ildb_ac = init_ildb_handle(ildb, req); - int ret = LDB_SUCCESS; - - if (!ildb_ac) { - return LDB_ERR_OPERATIONS_ERROR; - } - - if (ildb_ac->callback) { - ret = ildb_ac->callback(ildb->module->ldb, ildb_ac->context, NULL); - } - ildb_ac->handle->state = LDB_ASYNC_DONE; - return ret; -} - /* search for matching records using an asynchronous function */ -static int ildb_search(struct ldb_module *module, struct ldb_request *req) +static int ildb_search(struct ildb_context *ac) { - struct ildb_private *ildb = talloc_get_type(module->private_data, struct ildb_private); + struct ldb_request *req = ac->req; struct ldap_message *msg; int n; - req->handle = NULL; - if (!req->callback || !req->context) { - ldb_set_errstring(module->ldb, "Async interface called with NULL callback function or NULL context"); + ldb_set_errstring(ac->module->ldb, "Async interface called with NULL callback function or NULL context"); return LDB_ERR_OPERATIONS_ERROR; } if (req->op.search.tree == NULL) { - ldb_set_errstring(module->ldb, "Invalid expression parse tree"); + ldb_set_errstring(ac->module->ldb, "Invalid expression parse tree"); return LDB_ERR_OPERATIONS_ERROR; } msg = new_ldap_message(req); if (msg == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); + ldb_set_errstring(ac->module->ldb, "Out of Memory"); return LDB_ERR_OPERATIONS_ERROR; } @@ -459,7 +432,7 @@ static int ildb_search(struct ldb_module *module, struct ldb_request *req) msg->r.SearchRequest.basedn = ldb_dn_alloc_linearized(msg, req->op.search.base); } if (msg->r.SearchRequest.basedn == NULL) { - ldb_set_errstring(module->ldb, "Unable to determine baseDN"); + ldb_set_errstring(ac->module->ldb, "Unable to determine baseDN"); talloc_free(msg); return LDB_ERR_OPERATIONS_ERROR; } @@ -481,26 +454,19 @@ static int ildb_search(struct ldb_module *module, struct ldb_request *req) msg->r.SearchRequest.attributes = discard_const(req->op.search.attrs); msg->controls = req->controls; - return ildb_request_send(ildb, msg, req); + return ildb_request_send(ac, msg); } /* add a record */ -static int ildb_add(struct ldb_module *module, struct ldb_request *req) +static int ildb_add(struct ildb_context *ac) { - struct ildb_private *ildb = talloc_get_type(module->private_data, struct ildb_private); + struct ldb_request *req = ac->req; struct ldap_message *msg; struct ldap_mod **mods; int i,n; - req->handle = NULL; - - /* ignore ltdb specials */ - if (ldb_dn_is_special(req->op.add.message->dn)) { - return ildb_request_noop(ildb, req); - } - msg = new_ldap_message(req); if (msg == NULL) { return LDB_ERR_OPERATIONS_ERROR; @@ -531,26 +497,19 @@ static int ildb_add(struct ldb_module *module, struct ldb_request *req) msg->r.AddRequest.attributes[i] = mods[i]->attrib; } - return ildb_request_send(ildb, msg, req); + return ildb_request_send(ac, msg); } /* modify a record */ -static int ildb_modify(struct ldb_module *module, struct ldb_request *req) +static int ildb_modify(struct ildb_context *ac) { - struct ildb_private *ildb = talloc_get_type(module->private_data, struct ildb_private); + struct ldb_request *req = ac->req; struct ldap_message *msg; struct ldap_mod **mods; int i,n; - req->handle = NULL; - - /* ignore ltdb specials */ - if (ldb_dn_is_special(req->op.mod.message->dn)) { - return ildb_request_noop(ildb, req); - } - msg = new_ldap_message(req); if (msg == NULL) { return LDB_ERR_OPERATIONS_ERROR; @@ -581,24 +540,17 @@ static int ildb_modify(struct ldb_module *module, struct ldb_request *req) msg->r.ModifyRequest.mods[i] = *mods[i]; } - return ildb_request_send(ildb, msg, req); + return ildb_request_send(ac, msg); } /* delete a record */ -static int ildb_delete(struct ldb_module *module, struct ldb_request *req) +static int ildb_delete(struct ildb_context *ac) { - struct ildb_private *ildb = talloc_get_type(module->private_data, struct ildb_private); + struct ldb_request *req = ac->req; struct ldap_message *msg; - req->handle = NULL; - - /* ignore ltdb specials */ - if (ldb_dn_is_special(req->op.del.dn)) { - return ildb_request_noop(ildb, req); - } - msg = new_ldap_message(req); if (msg == NULL) { return LDB_ERR_OPERATIONS_ERROR; @@ -612,24 +564,17 @@ static int ildb_delete(struct ldb_module *module, struct ldb_request *req) return LDB_ERR_INVALID_DN_SYNTAX; } - return ildb_request_send(ildb, msg, req); + return ildb_request_send(ac, msg); } /* rename a record */ -static int ildb_rename(struct ldb_module *module, struct ldb_request *req) +static int ildb_rename(struct ildb_context *ac) { - struct ildb_private *ildb = talloc_get_type(module->private_data, struct ildb_private); + struct ldb_request *req = ac->req; struct ldap_message *msg; - req->handle = NULL; - - /* ignore ltdb specials */ - if (ldb_dn_is_special(req->op.rename.olddn) || ldb_dn_is_special(req->op.rename.newdn)) { - return ildb_request_noop(ildb, req); - } - msg = new_ldap_message(req); if (msg == NULL) { return LDB_ERR_OPERATIONS_ERROR; @@ -660,7 +605,7 @@ static int ildb_rename(struct ldb_module *module, struct ldb_request *req) msg->r.ModifyDNRequest.deleteolddn = true; - return ildb_request_send(ildb, msg, req); + return ildb_request_send(ac, msg); } static int ildb_start_trans(struct ldb_module *module) @@ -684,57 +629,105 @@ static int ildb_del_trans(struct ldb_module *module) return LDB_SUCCESS; } -static int ildb_request(struct ldb_module *module, struct ldb_request *req) +static bool ildb_dn_is_special(struct ldb_request *req) { - return LDB_ERR_OPERATIONS_ERROR; + struct ldb_dn *dn = NULL; + + switch (req->operation) { + case LDB_ADD: + dn = req->op.add.message->dn; + break; + case LDB_MODIFY: + dn = req->op.mod.message->dn; + break; + case LDB_DELETE: + dn = req->op.del.dn; + break; + case LDB_RENAME: + dn = req->op.rename.olddn; + break; + default: + break; + } + + if (dn && ldb_dn_is_special(dn)) { + return true; + } + return false; } -static int ildb_wait(struct ldb_handle *handle, enum ldb_wait_type type) +static int ildb_handle_request(struct ldb_module *module, struct ldb_request *req) { - struct ildb_context *ac = talloc_get_type(handle->private_data, struct ildb_context); + struct ildb_private *ildb; + struct ildb_context *ac; + struct timed_event *te; + int ret; + + ildb = talloc_get_type(module->private_data, struct ildb_private); - if (handle->state == LDB_ASYNC_DONE) { - return handle->status; + if (req->starttime == 0 || req->timeout == 0) { + ldb_set_errstring(module->ldb, "Invalid timeout settings"); + return LDB_ERR_TIME_LIMIT_EXCEEDED; } - if (!ac) { + ac = talloc_zero(req, struct ildb_context); + if (ac == NULL) { + ldb_set_errstring(module->ldb, "Out of Memory"); return LDB_ERR_OPERATIONS_ERROR; } - handle->state = LDB_ASYNC_INIT; + ac->module = module; + ac->req = req; + ac->ildb = ildb; + + if (ildb_dn_is_special(req)) { - switch(type) { - case LDB_WAIT_NONE: - if (event_loop_once(ac->req->conn->event.event_ctx) != 0) { - return LDB_ERR_OTHER; + te = event_add_timed(ac->ildb->event_ctx, + ac, timeval_zero(), + ildb_auto_done_callback, ac); + if (NULL == te) { + return LDB_ERR_OPERATIONS_ERROR; } + + return LDB_SUCCESS; + } + + switch (ac->req->operation) { + case LDB_SEARCH: + ret = ildb_search(ac); break; - case LDB_WAIT_ALL: - while (handle->status == LDB_SUCCESS && handle->state != LDB_ASYNC_DONE) { - if (event_loop_once(ac->req->conn->event.event_ctx) != 0) { - return LDB_ERR_OTHER; - } - } + case LDB_ADD: + ret = ildb_add(ac); + break; + case LDB_MODIFY: + ret = ildb_modify(ac); + break; + case LDB_DELETE: + ret = ildb_delete(ac); + break; + case LDB_RENAME: + ret = ildb_rename(ac); break; default: - return LDB_ERR_OPERATIONS_ERROR; + /* no other op supported */ + ret = LDB_ERR_OPERATIONS_ERROR; + break; } - return handle->status; + return ret; } static const struct ldb_module_ops ildb_ops = { .name = "ldap", - .search = ildb_search, - .add = ildb_add, - .modify = ildb_modify, - .del = ildb_delete, - .rename = ildb_rename, - .request = ildb_request, + .search = ildb_handle_request, + .add = ildb_handle_request, + .modify = ildb_handle_request, + .del = ildb_handle_request, + .rename = ildb_handle_request, +/* .request = ildb_handle_request, */ .start_transaction = ildb_start_trans, .end_transaction = ildb_end_trans, .del_transaction = ildb_del_trans, - .wait = ildb_wait }; /* @@ -748,7 +741,6 @@ static int ildb_connect(struct ldb_context *ldb, const char *url, struct ildb_private *ildb; NTSTATUS status; struct cli_credentials *creds; - struct event_context *event_ctx; module = talloc(ldb, struct ldb_module); if (!module) { @@ -758,7 +750,6 @@ static int ildb_connect(struct ldb_context *ldb, const char *url, talloc_set_name_const(module, "ldb_ildap backend"); module->ldb = ldb; module->prev = module->next = NULL; - module->private_data = NULL; module->ops = &ildb_ops; ildb = talloc(module, struct ildb_private); @@ -767,12 +758,12 @@ static int ildb_connect(struct ldb_context *ldb, const char *url, goto failed; } module->private_data = ildb; - ildb->module = module; - event_ctx = ldb_get_event_context(ldb); + ildb->event_ctx = ldb_get_event_context(ldb); + ildb->ldap = ldap4_new_connection(ildb, ldb_get_opaque(ldb, "loadparm"), - event_ctx); + ildb->event_ctx); if (!ildb->ldap) { ldb_oom(ldb); goto failed; diff --git a/source4/lib/ldb/ldb_ldap/ldb_ldap.c b/source4/lib/ldb/ldb_ldap/ldb_ldap.c index a4534c549a..7caee10b47 100644 --- a/source4/lib/ldb/ldb_ldap/ldb_ldap.c +++ b/source4/lib/ldb/ldb_ldap/ldb_ldap.c @@ -45,17 +45,16 @@ struct lldb_private { LDAP *ldap; - struct ldb_module *module; }; struct lldb_context { + struct ldb_module *module; + struct ldb_request *req; + struct lldb_private *lldb; - struct ldb_handle *handle; + + struct ldb_control **controls; int msgid; - int timeout; - time_t starttime; - void *context; - int (*callback)(struct ldb_context *, void *, struct ldb_reply *); }; static int lldb_ldap_to_ldb(int err) { @@ -63,42 +62,6 @@ static int lldb_ldap_to_ldb(int err) { return err; } -static struct lldb_context *init_lldb_handle(struct lldb_private *lldb, struct ldb_request *req) -{ - struct lldb_context *ac; - struct ldb_handle *h; - - h = talloc_zero(req, struct ldb_handle); - if (h == NULL) { - ldb_set_errstring(lldb->module->ldb, "Out of Memory"); - return NULL; - } - - h->module = lldb->module; - - ac = talloc(h, struct lldb_context); - if (ac == NULL) { - ldb_set_errstring(lldb->module->ldb, "Out of Memory"); - talloc_free(h); - return NULL; - } - - h->private_data = ac; - - h->state = LDB_ASYNC_INIT; - h->status = LDB_SUCCESS; - - ac->lldb = lldb; - ac->handle = h; - ac->context = req->context; - ac->callback = req->callback; - ac->timeout = req->timeout; - ac->starttime = req->starttime; - ac->msgid = 0; - - req->handle = h; - return ac; -} /* convert a ldb_message structure to a list of LDAPMod structures ready for ldap_add() or ldap_modify() @@ -230,10 +193,11 @@ static int lldb_add_msg_attr(struct ldb_context *ldb, /* search for matching records */ -static int lldb_search(struct ldb_module *module, struct ldb_request *req) +static int lldb_search(struct lldb_context *lldb_ac) { - struct lldb_private *lldb = talloc_get_type(module->private_data, struct lldb_private); - struct lldb_context *lldb_ac; + struct lldb_private *lldb = lldb_ac->lldb; + struct ldb_module *module = lldb_ac->module; + struct ldb_request *req = lldb_ac->req; struct timeval tv; int ldap_scope; char *search_base; @@ -254,10 +218,7 @@ static int lldb_search(struct ldb_module *module, struct ldb_request *req) ldb_debug(module->ldb, LDB_DEBUG_WARNING, "Controls are not yet supported by ldb_ldap backend!\n"); } - lldb_ac = init_lldb_handle(lldb, req); - if (lldb_ac == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } + req->handle->state = LDB_ASYNC_PENDING; search_base = ldb_dn_alloc_linearized(lldb_ac, req->op.search.base); if (req->op.search.base == NULL) { @@ -307,23 +268,16 @@ static int lldb_search(struct ldb_module *module, struct ldb_request *req) /* add a record */ -static int lldb_add(struct ldb_module *module, struct ldb_request *req) +static int lldb_add(struct lldb_context *lldb_ac) { - struct lldb_private *lldb = talloc_get_type(module->private_data, struct lldb_private); - struct lldb_context *lldb_ac; + struct lldb_private *lldb = lldb_ac->lldb; + struct ldb_module *module = lldb_ac->module; + struct ldb_request *req = lldb_ac->req; LDAPMod **mods; char *dn; int ret; - /* ltdb specials should not reach this point */ - if (ldb_dn_is_special(req->op.add.message->dn)) { - return LDB_ERR_INVALID_DN_SYNTAX; - } - - lldb_ac = init_lldb_handle(lldb, req); - if (lldb_ac == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } + req->handle->state = LDB_ASYNC_PENDING; mods = lldb_msg_to_mods(lldb_ac, req->op.add.message, 0); if (mods == NULL) { @@ -350,23 +304,16 @@ static int lldb_add(struct ldb_module *module, struct ldb_request *req) /* modify a record */ -static int lldb_modify(struct ldb_module *module, struct ldb_request *req) +static int lldb_modify(struct lldb_context *lldb_ac) { - struct lldb_private *lldb = talloc_get_type(module->private_data, struct lldb_private); - struct lldb_context *lldb_ac; + struct lldb_private *lldb = lldb_ac->lldb; + struct ldb_module *module = lldb_ac->module; + struct ldb_request *req = lldb_ac->req; LDAPMod **mods; char *dn; int ret; - /* ltdb specials should not reach this point */ - if (ldb_dn_is_special(req->op.mod.message->dn)) { - return LDB_ERR_INVALID_DN_SYNTAX; - } - - lldb_ac = init_lldb_handle(lldb, req); - if (req->handle == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } + req->handle->state = LDB_ASYNC_PENDING; mods = lldb_msg_to_mods(lldb_ac, req->op.mod.message, 1); if (mods == NULL) { @@ -393,22 +340,15 @@ static int lldb_modify(struct ldb_module *module, struct ldb_request *req) /* delete a record */ -static int lldb_delete(struct ldb_module *module, struct ldb_request *req) +static int lldb_delete(struct lldb_context *lldb_ac) { - struct lldb_private *lldb = talloc_get_type(module->private_data, struct lldb_private); - struct lldb_context *lldb_ac; + struct lldb_private *lldb = lldb_ac->lldb; + struct ldb_module *module = lldb_ac->module; + struct ldb_request *req = lldb_ac->req; char *dnstr; int ret; - - /* ltdb specials should not reach this point */ - if (ldb_dn_is_special(req->op.del.dn)) { - return LDB_ERR_INVALID_DN_SYNTAX; - } - lldb_ac = init_lldb_handle(lldb, req); - if (lldb_ac == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } + req->handle->state = LDB_ASYNC_PENDING; dnstr = ldb_dn_alloc_linearized(lldb_ac, req->op.del.dn); @@ -427,24 +367,17 @@ static int lldb_delete(struct ldb_module *module, struct ldb_request *req) /* rename a record */ -static int lldb_rename(struct ldb_module *module, struct ldb_request *req) +static int lldb_rename(struct lldb_context *lldb_ac) { - struct lldb_private *lldb = talloc_get_type(module->private_data, struct lldb_private); - struct lldb_context *lldb_ac; + struct lldb_private *lldb = lldb_ac->lldb; + struct ldb_module *module = lldb_ac->module; + struct ldb_request *req = lldb_ac->req; char *old_dn; char *newrdn; char *parentdn; int ret; - - /* ltdb specials should not reach this point */ - if (ldb_dn_is_special(req->op.rename.olddn) || ldb_dn_is_special(req->op.rename.newdn)) { - return LDB_ERR_INVALID_DN_SYNTAX; - } - lldb_ac = init_lldb_handle(lldb, req); - if (lldb_ac == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } + req->handle->state = LDB_ASYNC_PENDING; old_dn = ldb_dn_alloc_linearized(lldb_ac, req->op.rename.olddn); if (old_dn == NULL) { @@ -474,57 +407,99 @@ static int lldb_rename(struct ldb_module *module, struct ldb_request *req) return lldb_ldap_to_ldb(ret); } -static int lldb_parse_result(struct lldb_context *ac, LDAPMessage *result) +static int lldb_start_trans(struct ldb_module *module) +{ + /* TODO implement a local transaction mechanism here */ + + return LDB_SUCCESS; +} + +static int lldb_end_trans(struct ldb_module *module) +{ + /* TODO implement a local transaction mechanism here */ + + return LDB_SUCCESS; +} + +static int lldb_del_trans(struct ldb_module *module) +{ + /* TODO implement a local transaction mechanism here */ + + return LDB_SUCCESS; +} + +void lldb_request_done(struct ldb_request *req, + struct ldb_control **ctrls, int error) +{ + struct ldb_reply *ares; + + ares = talloc_zero(req, struct ldb_reply); + if (!ares) { + ldb_oom(req->handle->ldb); + req->callback(req, NULL); + return; + } + ares->type = LDB_REPLY_DONE; + ares->controls = talloc_steal(ares, ctrls); + ares->error = error; + + req->callback(req, ares); +} + +/* return false if the request is still in progress + * return true if the request is completed + */ +static bool lldb_parse_result(struct lldb_context *ac, LDAPMessage *result) { - struct ldb_handle *handle = ac->handle; struct lldb_private *lldb = ac->lldb; - struct ldb_reply *ares = NULL; - LDAPMessage *msg; - int type; + LDAPControl **serverctrlsp = NULL; + char **referralsp = NULL; char *matcheddnp = NULL; char *errmsgp = NULL; - char **referralsp = NULL; - LDAPControl **serverctrlsp = NULL; - int ret = LDB_SUCCESS; - - type = ldap_msgtype(result); + LDAPMessage *msg; + int type; + struct ldb_message *ldbmsg; + char *referral; + bool callback_failed; + bool request_done; + bool lret; + int ret; + int i; - handle->status = 0; + type = ldap_msgtype(result); + callback_failed = false; + request_done = false; switch (type) { - case LDAP_RES_SEARCH_ENTRY: + msg = ldap_first_entry(lldb->ldap, result); if (msg != NULL) { BerElement *berptr = NULL; char *attr, *dn; - ares = talloc_zero(ac, struct ldb_reply); - if (!ares) { - ret = LDB_ERR_OPERATIONS_ERROR; - goto error; - } - - ares->message = ldb_msg_new(ares); - if (!ares->message) { + ldbmsg = ldb_msg_new(ac); + if (!ldbmsg) { ret = LDB_ERR_OPERATIONS_ERROR; - goto error; + break; } dn = ldap_get_dn(lldb->ldap, msg); if (!dn) { + talloc_free(ldbmsg); ret = LDB_ERR_OPERATIONS_ERROR; - goto error; + break; } - ares->message->dn = ldb_dn_new(ares->message, ac->lldb->module->ldb, dn); - if ( ! ldb_dn_validate(ares->message->dn)) { + ldbmsg->dn = ldb_dn_new(ldbmsg, ac->module->ldb, dn); + if ( ! ldb_dn_validate(ldbmsg->dn)) { + talloc_free(ldbmsg); ret = LDB_ERR_OPERATIONS_ERROR; - goto error; + break; } ldap_memfree(dn); - ares->message->num_elements = 0; - ares->message->elements = NULL; + ldbmsg->num_elements = 0; + ldbmsg->elements = NULL; /* loop over all attributes */ for (attr=ldap_first_attribute(lldb->ldap, msg, &berptr); @@ -534,97 +509,104 @@ static int lldb_parse_result(struct lldb_context *ac, LDAPMessage *result) bval = ldap_get_values_len(lldb->ldap, msg, attr); if (bval) { - lldb_add_msg_attr(ac->lldb->module->ldb, ares->message, attr, bval); + lldb_add_msg_attr(ac->module->ldb, ldbmsg, attr, bval); ldap_value_free_len(bval); - } + } } if (berptr) ber_free(berptr, 0); + ret = ldb_module_send_entry(ac->req, ldbmsg); + if (ret != LDB_SUCCESS) { - ares->type = LDB_REPLY_ENTRY; - ret = ac->callback(ac->lldb->module->ldb, ac->context, ares); + callback_failed = true; + } } else { - handle->status = LDB_ERR_PROTOCOL_ERROR; - handle->state = LDB_ASYNC_DONE; + ret = LDB_ERR_OPERATIONS_ERROR; } break; case LDAP_RES_SEARCH_REFERENCE: - if (ldap_parse_result(lldb->ldap, result, &handle->status, + + if (ldap_parse_result(lldb->ldap, result, &ret, &matcheddnp, &errmsgp, &referralsp, &serverctrlsp, 0) != LDAP_SUCCESS) { ret = LDB_ERR_OPERATIONS_ERROR; - goto error; } - if (referralsp == NULL) { - handle->status = LDB_ERR_PROTOCOL_ERROR; - goto error; + if (ret != LDB_SUCCESS) { + break; } - - ares = talloc_zero(ac, struct ldb_reply); - if (!ares) { - ret = LDB_ERR_OPERATIONS_ERROR; - goto error; + if (referralsp == NULL) { + ret = LDB_ERR_PROTOCOL_ERROR; + break; } - ares->referral = talloc_strdup(ares, *referralsp); - ares->type = LDB_REPLY_REFERRAL; - ret = ac->callback(ac->lldb->module->ldb, ac->context, ares); + for (i = 0; referralsp[i]; i++) { + referral = talloc_strdup(ac, referralsp[i]); + ret = ldb_module_send_referral(ac->req, referral); + if (ret != LDB_SUCCESS) { + callback_failed = true; + break; + } + } break; case LDAP_RES_SEARCH_RESULT: - if (ldap_parse_result(lldb->ldap, result, &handle->status, + case LDAP_RES_MODIFY: + case LDAP_RES_ADD: + case LDAP_RES_DELETE: + case LDAP_RES_MODDN: + + if (ldap_parse_result(lldb->ldap, result, &ret, &matcheddnp, &errmsgp, &referralsp, &serverctrlsp, 0) != LDAP_SUCCESS) { - handle->status = LDB_ERR_OPERATIONS_ERROR; - goto error; - } - - ares = talloc_zero(ac, struct ldb_reply); - if (!ares) { ret = LDB_ERR_OPERATIONS_ERROR; - goto error; + } + if (ret != LDB_SUCCESS) { + break; } if (serverctrlsp != NULL) { /* FIXME: transform the LDAPControl list into an ldb_control one */ - ares->controls = NULL; + ac->controls = NULL; } - - ares->type = LDB_REPLY_DONE; - handle->state = LDB_ASYNC_DONE; - ret = ac->callback(ac->lldb->module->ldb, ac->context, ares); - - break; - case LDAP_RES_MODIFY: - case LDAP_RES_ADD: - case LDAP_RES_DELETE: - case LDAP_RES_MODDN: - if (ldap_parse_result(lldb->ldap, result, &handle->status, - &matcheddnp, &errmsgp, - &referralsp, &serverctrlsp, 0) != LDAP_SUCCESS) { - handle->status = LDB_ERR_OPERATIONS_ERROR; - goto error; - } - if (ac->callback && handle->status == LDB_SUCCESS) { - ares = NULL; /* FIXME: build a corresponding ares to pass on */ - ret = ac->callback(ac->lldb->module->ldb, ac->context, ares); - } - handle->state = LDB_ASYNC_DONE; + request_done = true; break; default: ret = LDB_ERR_PROTOCOL_ERROR; - goto error; + break; } + if (ret != LDB_SUCCESS) { + + /* if the callback failed the caller will have freed the + * request. Just return and don't try to use it */ + if (callback_failed) { + + /* tell lldb_wait to remove the request from the + * queue */ + lret = true; + goto free_and_return; + } + + request_done = true; + } + + if (request_done) { + lldb_request_done(ac->req, ac->controls, ret); + lret = true; + goto free_and_return; + } + + lret = false; + +free_and_return: + if (matcheddnp) ldap_memfree(matcheddnp); if (errmsgp && *errmsgp) { - ldb_set_errstring(ac->lldb->module->ldb, errmsgp); - } else if (handle->status) { - ldb_set_errstring(ac->lldb->module->ldb, ldap_err2string(handle->status)); + ldb_set_errstring(ac->module->ldb, errmsgp); } if (errmsgp) { ldap_memfree(errmsgp); @@ -633,131 +615,203 @@ static int lldb_parse_result(struct lldb_context *ac, LDAPMessage *result) if (serverctrlsp) ldap_controls_free(serverctrlsp); ldap_msgfree(result); - return lldb_ldap_to_ldb(handle->status); -error: - handle->state = LDB_ASYNC_DONE; - ldap_msgfree(result); - return ret; + return lret; } -static int lldb_wait(struct ldb_handle *handle, enum ldb_wait_type type) +static void lldb_timeout(struct event_context *ev, + struct timed_event *te, + struct timeval t, + void *private_data) { - struct lldb_context *ac = talloc_get_type(handle->private_data, struct lldb_context); - struct lldb_private *lldb = ac->lldb; - struct timeval timeout; + struct lldb_context *ac; + ac = talloc_get_type(private_data, struct lldb_context); + + lldb_request_done(ac->req, NULL, LDB_ERR_TIME_LIMIT_EXCEEDED); +} + +static void lldb_callback(struct event_context *ev, + struct timed_event *te, + struct timeval t, + void *private_data) +{ + struct lldb_context *ac; + struct timed_event *lte; + struct timeval tv; LDAPMessage *result; - int ret, lret; + int lret; + + ac = talloc_get_type(private_data, struct lldb_context); - if (handle->state == LDB_ASYNC_DONE) { - return handle->status; + if (!ac->msgid) { + lldb_request_done(ac->req, NULL, LDB_ERR_OPERATIONS_ERROR); + return; } - if (!ac || !ac->msgid) { - return LDB_ERR_OPERATIONS_ERROR; + tv.tv_sec = 0; + tv.tv_usec = 0; + lret = ldap_result(ac->lldb->ldap, ac->msgid, 0, &tv, &result); + if (lret == 0) { + goto respin; + } + if (lret == -1) { + lldb_request_done(ac->req, NULL, LDB_ERR_OPERATIONS_ERROR); + return; } - handle->state = LDB_ASYNC_PENDING; - handle->status = LDB_SUCCESS; + if ( ! lldb_parse_result(ac, result)) { + goto respin; + } - switch(type) { - case LDB_WAIT_NONE: + return; - if ((ac->timeout != -1) && - ((ac->starttime + ac->timeout) > time(NULL))) { - return LDB_ERR_TIME_LIMIT_EXCEEDED; - } +respin: + tv.tv_sec = 0; + tv.tv_usec = 100; + lte = event_add_timed(ev, ac, tv, lldb_callback, ac); + if (NULL == lte) { + lldb_request_done(ac->req, NULL, LDB_ERR_OPERATIONS_ERROR); + } +} - timeout.tv_sec = 0; - timeout.tv_usec = 0; +static bool lldb_dn_is_special(struct ldb_request *req) +{ + struct ldb_dn *dn = NULL; - lret = ldap_result(lldb->ldap, ac->msgid, 0, &timeout, &result); - if (lret == -1) { - return LDB_ERR_OPERATIONS_ERROR; - } - if (lret == 0) { - ret = LDB_SUCCESS; - goto done; - } + switch (req->operation) { + case LDB_ADD: + dn = req->op.add.message->dn; + break; + case LDB_MODIFY: + dn = req->op.mod.message->dn; + break; + case LDB_DELETE: + dn = req->op.del.dn; + break; + case LDB_RENAME: + dn = req->op.rename.olddn; + break; + default: + break; + } - return lldb_parse_result(ac, result); + if (dn && ldb_dn_is_special(dn)) { + return true; + } + return false; +} - case LDB_WAIT_ALL: - timeout.tv_usec = 0; - ret = LDB_ERR_OPERATIONS_ERROR; +static void lldb_auto_done_callback(struct event_context *ev, + struct timed_event *te, + struct timeval t, + void *private_data) +{ + struct lldb_context *ac; - while (handle->status == LDB_SUCCESS && handle->state != LDB_ASYNC_DONE) { + ac = talloc_get_type(private_data, struct lldb_context); + lldb_request_done(ac->req, NULL, LDB_SUCCESS); +} - if (ac->timeout == -1) { - lret = ldap_result(lldb->ldap, ac->msgid, 0, NULL, &result); - } else { - timeout.tv_sec = ac->timeout - (time(NULL) - ac->starttime); - if (timeout.tv_sec <= 0) - return LDB_ERR_TIME_LIMIT_EXCEEDED; - lret = ldap_result(lldb->ldap, ac->msgid, 0, &timeout, &result); - } - if (lret == -1) { - return LDB_ERR_OPERATIONS_ERROR; - } - if (lret == 0) { - return LDB_ERR_TIME_LIMIT_EXCEEDED; - } +static int lldb_handle_request(struct ldb_module *module, struct ldb_request *req) +{ + struct lldb_private *lldb; + struct lldb_context *ac; + struct event_context *ev; + struct timed_event *te; + struct timeval tv; + int ret; - ret = lldb_parse_result(ac, result); - if (ret != LDB_SUCCESS) { - return ret; - } + lldb = talloc_get_type(module->private_data, struct lldb_private); + + if (req->starttime == 0 || req->timeout == 0) { + ldb_set_errstring(module->ldb, "Invalid timeout settings"); + return LDB_ERR_TIME_LIMIT_EXCEEDED; + } + + ev = ldb_get_event_context(module->ldb); + if (NULL == ev) { + return LDB_ERR_OPERATIONS_ERROR; + } + + ac = talloc_zero(module->ldb, struct lldb_context); + if (ac == NULL) { + ldb_set_errstring(module->ldb, "Out of Memory"); + return LDB_ERR_OPERATIONS_ERROR; + } + + ac->module = module; + ac->req = req; + ac->lldb = lldb; + ac->msgid = 0; + + if (lldb_dn_is_special(req)) { + tv.tv_sec = 0; + tv.tv_usec = 0; + te = event_add_timed(ev, ac, tv, + lldb_auto_done_callback, ac); + if (NULL == te) { + return LDB_ERR_OPERATIONS_ERROR; } + return LDB_SUCCESS; + } + + switch (ac->req->operation) { + case LDB_SEARCH: + ret = lldb_search(ac); + break; + case LDB_ADD: + ret = lldb_add(ac); + break; + case LDB_MODIFY: + ret = lldb_modify(ac); + break; + case LDB_DELETE: + ret = lldb_delete(ac); + break; + case LDB_RENAME: + ret = lldb_rename(ac); break; - default: - handle->state = LDB_ASYNC_DONE; + /* no other op supported */ ret = LDB_ERR_OPERATIONS_ERROR; + break; } -done: - return ret; -} - -static int lldb_start_trans(struct ldb_module *module) -{ - /* TODO implement a local transaction mechanism here */ - - return LDB_SUCCESS; -} + if (ret != LDB_SUCCESS) { + lldb_request_done(req, NULL, ret); + return ret; + } -static int lldb_end_trans(struct ldb_module *module) -{ - /* TODO implement a local transaction mechanism here */ + tv.tv_sec = 0; + tv.tv_usec = 0; + te = event_add_timed(ev, ac, tv, lldb_callback, ac); + if (NULL == te) { + return LDB_ERR_OPERATIONS_ERROR; + } - return LDB_SUCCESS; -} -static int lldb_del_trans(struct ldb_module *module) -{ - /* TODO implement a local transaction mechanism here */ + tv.tv_sec = req->starttime + req->timeout; + tv.tv_usec = 0; + te = event_add_timed(ev, ac, tv, lldb_timeout, ac); + if (NULL == te) { + return LDB_ERR_OPERATIONS_ERROR; + } return LDB_SUCCESS; } -static int lldb_request(struct ldb_module *module, struct ldb_request *req) -{ - return LDB_ERR_OPERATIONS_ERROR; -} - static const struct ldb_module_ops lldb_ops = { .name = "ldap", - .search = lldb_search, - .add = lldb_add, - .modify = lldb_modify, - .del = lldb_delete, - .rename = lldb_rename, - .request = lldb_request, + .search = lldb_handle_request, + .add = lldb_handle_request, + .modify = lldb_handle_request, + .del = lldb_handle_request, + .rename = lldb_handle_request, + .request = lldb_handle_request, .start_transaction = lldb_start_trans, .end_transaction = lldb_end_trans, .del_transaction = lldb_del_trans, - .wait = lldb_wait }; @@ -771,8 +825,8 @@ static int lldb_destructor(struct lldb_private *lldb) connect to the database */ static int lldb_connect(struct ldb_context *ldb, - const char *url, - unsigned int flags, + const char *url, + unsigned int flags, const char *options[], struct ldb_module **_module) { @@ -790,7 +844,6 @@ static int lldb_connect(struct ldb_context *ldb, talloc_set_name_const(module, "ldb_ldap backend"); module->ldb = ldb; module->prev = module->next = NULL; - module->private_data = NULL; module->ops = &lldb_ops; lldb = talloc(module, struct lldb_private); @@ -799,7 +852,6 @@ static int lldb_connect(struct ldb_context *ldb, goto failed; } module->private_data = lldb; - lldb->module = module; lldb->ldap = NULL; ret = ldap_initialize(&lldb->ldap, url); diff --git a/source4/lib/ldb/ldb_sqlite3/ldb_sqlite3.c b/source4/lib/ldb/ldb_sqlite3/ldb_sqlite3.c index a0e63c8da1..be99c29d1e 100644 --- a/source4/lib/ldb/ldb_sqlite3/ldb_sqlite3.c +++ b/source4/lib/ldb/ldb_sqlite3/ldb_sqlite3.c @@ -44,51 +44,14 @@ struct lsqlite3_private { struct lsql_context { struct ldb_module *module; + struct ldb_request *req; /* search stuff */ long long current_eid; const char * const * attrs; struct ldb_reply *ares; - - /* async stuff */ - void *context; - int (*callback)(struct ldb_context *, void *, struct ldb_reply *); }; -static struct ldb_handle *init_handle(struct lsqlite3_private *lsqlite3, - struct ldb_module *module, - struct ldb_request *req) -{ - struct lsql_context *ac; - struct ldb_handle *h; - - h = talloc_zero(lsqlite3, struct ldb_handle); - if (h == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); - return NULL; - } - - h->module = module; - - ac = talloc(h, struct lsql_context); - if (ac == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); - talloc_free(h); - return NULL; - } - - h->private_data = (void *)ac; - - h->state = LDB_ASYNC_INIT; - h->status = LDB_SUCCESS; - - ac->module = module; - ac->context = req->context; - ac->callback = req->callback; - - return h; -} - /* * Macros used throughout */ @@ -835,11 +798,6 @@ int lsql_search(struct ldb_module *module, struct ldb_request *req) char *query = NULL; int ret; - req->handle = init_handle(lsqlite3, module, req); - if (req->handle == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - lsql_ac = talloc_get_type(req->handle->private_data, struct lsql_context); if ((( ! ldb_dn_is_valid(req->op.search.base)) || ldb_dn_is_null(req->op.search.base)) && @@ -1013,10 +971,6 @@ static int lsql_add(struct ldb_module *module, struct ldb_request *req) int i; int ret = LDB_SUCCESS; - req->handle = init_handle(lsqlite3, module, req); - if (req->handle == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } lsql_ac = talloc_get_type(req->handle->private_data, struct lsql_context); req->handle->state = LDB_ASYNC_DONE; req->handle->status = LDB_SUCCESS; @@ -1143,10 +1097,6 @@ static int lsql_modify(struct ldb_module *module, struct ldb_request *req) int i; int ret = LDB_SUCCESS; - req->handle = init_handle(lsqlite3, module, req); - if (req->handle == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } lsql_ac = talloc_get_type(req->handle->private_data, struct lsql_context); req->handle->state = LDB_ASYNC_DONE; req->handle->status = LDB_SUCCESS; @@ -1329,10 +1279,6 @@ static int lsql_delete(struct ldb_module *module, struct ldb_request *req) int ret = LDB_SUCCESS; - req->handle = init_handle(lsqlite3, module, req); - if (req->handle == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } lsql_ac = talloc_get_type(req->handle->private_data, struct lsql_context); req->handle->state = LDB_ASYNC_DONE; req->handle->status = LDB_SUCCESS; @@ -1382,10 +1328,6 @@ static int lsql_rename(struct ldb_module *module, struct ldb_request *req) char *query; int ret = LDB_SUCCESS; - req->handle = init_handle(lsqlite3, module, req); - if (req->handle == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } lsql_ac = talloc_get_type(req->handle->private_data, struct lsql_context); req->handle->state = LDB_ASYNC_DONE; req->handle->status = LDB_SUCCESS; @@ -1501,9 +1443,61 @@ static int lsql_request(struct ldb_module *module, struct ldb_request *req) return LDB_ERR_OPERATIONS_ERROR; } -static int lsql_wait(struct ldb_handle *handle, enum ldb_wait_type type) +static int lsql_run_request(struct ldb_module *module, struct ldb_request *req) +{ + switch (req->operation) { + case LDB_SEARCH: + return lsql_search(module, req); + break; + case LDB_ADD: + return lsql_add(module, req); + break; + case LDB_MODIFY: + return lsql_modify(module, req); + break; + case LDB_DELETE: + return lsql_delete(module, req); + break; + case LDB_RENAME: + return lsql_rename(module, req); + break; +/* TODO: + case LDB_SEQUENCE_NUMBER: + return lsql_sequence_number(module, req); + break; + */ + default: + return lsql_request(module, req); + break; + } + + return LDB_ERR_OPERATIONS_ERROR; +} + +static int lsql_handle_request(struct ldb_module *module, struct ldb_request *req) { - return handle->status; + struct lsql_context *ac; + + if (check_critical_controls(req->controls)) { + return LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION; + } + + ac = talloc_zero(req, struct lsql_context); + if (ac == NULL) { + ldb_set_errstring(module->ldb, "Out of Memory"); + return LDB_ERR_OPERATIONS_ERROR; + } + + ac->module = module; + ac->req = req; + + req->handle = ldb_handle_new(req, lsql_run_request, ac); + if (req->handle == NULL) { + talloc_free(ac); + return LDB_ERR_OPERATIONS_ERROR; + } + + return LDB_SUCCESS; } /* @@ -1511,16 +1505,16 @@ static int lsql_wait(struct ldb_handle *handle, enum ldb_wait_type type) */ static const struct ldb_module_ops lsqlite3_ops = { .name = "sqlite", - .search = lsql_search, - .add = lsql_add, - .modify = lsql_modify, - .del = lsql_delete, - .rename = lsql_rename, - .request = lsql_request, + .search = lsql_handle_request, + .add = lsql_handle_request, + .modify = lsql_handle_request, + .del = lsql_handle_request, + .rename = lsql_handle_request, + .request = lsql_handle_request, .start_transaction = lsql_start_trans, .end_transaction = lsql_end_trans, .del_transaction = lsql_del_trans, - .wait = lsql_wait, + /* TODO: .sequence_number = lsql_handle_request */ }; /* -- cgit From 4f40ee2b86007f7dc631e93e59f24f970bc25ea2 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 11 Sep 2008 18:35:38 -0400 Subject: LDB ASYNC: core modules --- source4/lib/ldb/ldb_map/ldb_map.c | 355 ++------------ source4/lib/ldb/ldb_map/ldb_map.h | 4 +- source4/lib/ldb/ldb_map/ldb_map_inbound.c | 754 ++++++++++++++++------------- source4/lib/ldb/ldb_map/ldb_map_outbound.c | 443 ++++++++++------- source4/lib/ldb/ldb_map/ldb_map_private.h | 88 ++-- source4/lib/ldb/modules/asq.c | 419 +++++++--------- source4/lib/ldb/modules/operational.c | 102 ++-- source4/lib/ldb/modules/paged_results.c | 493 +++++++------------ source4/lib/ldb/modules/paged_searches.c | 359 ++++++-------- source4/lib/ldb/modules/rdn_name.c | 300 ++++++------ source4/lib/ldb/modules/sort.c | 369 +++++--------- 11 files changed, 1534 insertions(+), 2152 deletions(-) (limited to 'source4') diff --git a/source4/lib/ldb/ldb_map/ldb_map.c b/source4/lib/ldb/ldb_map/ldb_map.c index e9129c812b..fafbb63b0a 100644 --- a/source4/lib/ldb/ldb_map/ldb_map.c +++ b/source4/lib/ldb/ldb_map/ldb_map.c @@ -3,6 +3,7 @@ Copyright (C) Jelmer Vernooij 2005 Copyright (C) Martin Kuehl 2006 + Copyright (C) Simo Sorce 2008 ** NOTE! The following LGPL license applies to the ldb ** library. This does NOT imply that all of Samba is released @@ -106,69 +107,23 @@ const struct ldb_map_context *map_get_context(struct ldb_module *module) } /* Create a generic request context. */ -static struct map_context *map_init_context(struct ldb_handle *h, struct ldb_request *req) +struct map_context *map_init_context(struct ldb_module *module, + struct ldb_request *req) { struct map_context *ac; - ac = talloc_zero(h, struct map_context); + ac = talloc_zero(req, struct map_context); if (ac == NULL) { - map_oom(h->module); + ldb_set_errstring(module->ldb, "Out of Memory"); return NULL; } - ac->module = h->module; - ac->orig_req = req; + ac->module = module; + ac->req = req; return ac; } -/* Create a search request context. */ -struct map_search_context *map_init_search_context(struct map_context *ac, struct ldb_reply *ares) -{ - struct map_search_context *sc; - - sc = talloc_zero(ac, struct map_search_context); - if (sc == NULL) { - map_oom(ac->module); - return NULL; - } - - sc->ac = ac; - sc->local_res = NULL; - sc->remote_res = ares; - - return sc; -} - -/* Create a request context and handle. */ -struct ldb_handle *map_init_handle(struct ldb_request *req, struct ldb_module *module) -{ - struct map_context *ac; - struct ldb_handle *h; - - h = talloc_zero(req, struct ldb_handle); - if (h == NULL) { - map_oom(module); - return NULL; - } - - h->module = module; - - ac = map_init_context(h, req); - if (ac == NULL) { - talloc_free(h); - return NULL; - } - - h->private_data = (void *)ac; - - h->state = LDB_ASYNC_INIT; - h->status = LDB_SUCCESS; - - return h; -} - - /* Dealing with DNs for different partitions * ========================================= */ @@ -888,113 +843,52 @@ static int map_objectclass_convert_operator(struct ldb_module *module, void *mem /* Auxiliary request construction * ============================== */ -/* Store the DN of a single search result in context. */ -static int map_search_self_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) -{ - struct map_context *ac; - - if (context == NULL || ares == NULL) { - ldb_set_errstring(ldb, talloc_asprintf(ldb, "NULL Context or Result in callback")); - return LDB_ERR_OPERATIONS_ERROR; - } - - ac = talloc_get_type(context, struct map_context); - - /* We are interested only in the single reply */ - if (ares->type != LDB_REPLY_ENTRY) { - talloc_free(ares); - return LDB_SUCCESS; - } - - /* We have already found a remote DN */ - if (ac->local_dn) { - ldb_set_errstring(ldb, talloc_asprintf(ldb, "Too many results to base search")); - talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; - } - - /* Store local DN */ - ac->local_dn = ares->message->dn; - - return LDB_SUCCESS; -} - /* Build a request to search a record by its DN. */ -struct ldb_request *map_search_base_req(struct map_context *ac, struct ldb_dn *dn, const char * const *attrs, const struct ldb_parse_tree *tree, void *context, ldb_search_callback callback) +struct ldb_request *map_search_base_req(struct map_context *ac, struct ldb_dn *dn, const char * const *attrs, const struct ldb_parse_tree *tree, void *context, ldb_map_callback_t callback) { + const struct ldb_parse_tree *search_tree; struct ldb_request *req; - - req = talloc_zero(ac, struct ldb_request); - if (req == NULL) { - map_oom(ac->module); - return NULL; - } - - req->operation = LDB_SEARCH; - req->op.search.base = dn; - req->op.search.scope = LDB_SCOPE_BASE; - req->op.search.attrs = attrs; + int ret; if (tree) { - req->op.search.tree = tree; + search_tree = tree; } else { - req->op.search.tree = ldb_parse_tree(req, NULL); - if (req->op.search.tree == NULL) { - talloc_free(req); + search_tree = ldb_parse_tree(ac, NULL); + if (search_tree == NULL) { return NULL; } } - req->controls = NULL; - req->context = context; - req->callback = callback; - ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, req); - - return req; -} - -/* Build a request to search the local record by its DN. */ -struct ldb_request *map_search_self_req(struct map_context *ac, struct ldb_dn *dn) -{ - /* attrs[] is returned from this function in - * ac->search_req->op.search.attrs, so it must be static, as - * otherwise the compiler can put it on the stack */ - static const char * const attrs[] = { IS_MAPPED, NULL }; - struct ldb_parse_tree *tree; - - /* Limit search to records with 'IS_MAPPED' present */ - /* TODO: `tree = ldb_parse_tree(ac, IS_MAPPED);' won't do. */ - tree = talloc_zero(ac, struct ldb_parse_tree); - if (tree == NULL) { - map_oom(ac->module); + ret = ldb_build_search_req_ex(&req, ac->module->ldb, ac, + dn, LDB_SCOPE_BASE, + search_tree, attrs, + NULL, + context, callback, + ac->req); + if (ret != LDB_SUCCESS) { return NULL; } - tree->operation = LDB_OP_PRESENT; - tree->u.present.attr = talloc_strdup(tree, IS_MAPPED); - - return map_search_base_req(ac, dn, attrs, tree, ac, map_search_self_callback); + return req; } /* Build a request to update the 'IS_MAPPED' attribute */ -struct ldb_request *map_build_fixup_req(struct map_context *ac, struct ldb_dn *olddn, struct ldb_dn *newdn) +struct ldb_request *map_build_fixup_req(struct map_context *ac, + struct ldb_dn *olddn, + struct ldb_dn *newdn, + void *context, + ldb_map_callback_t callback) { struct ldb_request *req; struct ldb_message *msg; const char *dn; - - /* Prepare request */ - req = talloc_zero(ac, struct ldb_request); - if (req == NULL) { - map_oom(ac->module); - return NULL; - } + int ret; /* Prepare message */ - msg = ldb_msg_new(req); + msg = ldb_msg_new(ac); if (msg == NULL) { map_oom(ac->module); - goto failed; + return NULL; } /* Update local 'IS_MAPPED' to the new remote DN */ @@ -1010,193 +904,22 @@ struct ldb_request *map_build_fixup_req(struct map_context *ac, struct ldb_dn *o goto failed; } - req->operation = LDB_MODIFY; - req->op.mod.message = msg; - req->controls = NULL; - req->handle = NULL; - req->context = NULL; - req->callback = NULL; + /* Prepare request */ + ret = ldb_build_mod_req(&req, ac->module->ldb, + ac, msg, NULL, + context, callback, + ac->req); + if (ret != LDB_SUCCESS) { + goto failed; + } + talloc_steal(req, msg); return req; - failed: - talloc_free(req); + talloc_free(msg); return NULL; } - -/* Asynchronous call structure - * =========================== */ - -/* Figure out which request is currently pending. */ -static struct ldb_request *map_get_req(struct map_context *ac) -{ - switch (ac->step) { - case MAP_SEARCH_SELF_MODIFY: - case MAP_SEARCH_SELF_DELETE: - case MAP_SEARCH_SELF_RENAME: - return ac->search_req; - - case MAP_ADD_REMOTE: - case MAP_MODIFY_REMOTE: - case MAP_DELETE_REMOTE: - case MAP_RENAME_REMOTE: - return ac->remote_req; - - case MAP_RENAME_FIXUP: - return ac->down_req; - - case MAP_ADD_LOCAL: - case MAP_MODIFY_LOCAL: - case MAP_DELETE_LOCAL: - case MAP_RENAME_LOCAL: - return ac->local_req; - - case MAP_SEARCH_REMOTE: - /* Can't happen */ - break; - } - - return NULL; /* unreachable; silences a warning */ -} - -typedef int (*map_next_function)(struct ldb_handle *handle); - -/* Figure out the next request to run. */ -static map_next_function map_get_next(struct map_context *ac) -{ - switch (ac->step) { - case MAP_SEARCH_REMOTE: - return NULL; - - case MAP_ADD_LOCAL: - return map_add_do_remote; - case MAP_ADD_REMOTE: - return NULL; - - case MAP_SEARCH_SELF_MODIFY: - return map_modify_do_local; - case MAP_MODIFY_LOCAL: - return map_modify_do_remote; - case MAP_MODIFY_REMOTE: - return NULL; - - case MAP_SEARCH_SELF_DELETE: - return map_delete_do_local; - case MAP_DELETE_LOCAL: - return map_delete_do_remote; - case MAP_DELETE_REMOTE: - return NULL; - - case MAP_SEARCH_SELF_RENAME: - return map_rename_do_local; - case MAP_RENAME_LOCAL: - return map_rename_do_fixup; - case MAP_RENAME_FIXUP: - return map_rename_do_remote; - case MAP_RENAME_REMOTE: - return NULL; - } - - return NULL; /* unreachable; silences a warning */ -} - -/* Wait for the current pending request to finish and continue with the next. */ -static int map_wait_next(struct ldb_handle *handle) -{ - struct map_context *ac; - struct ldb_request *req; - map_next_function next; - int ret; - - if (handle == NULL || handle->private_data == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - - if (handle->state == LDB_ASYNC_DONE) { - return handle->status; - } - - handle->state = LDB_ASYNC_PENDING; - handle->status = LDB_SUCCESS; - - ac = talloc_get_type(handle->private_data, struct map_context); - - if (ac->step == MAP_SEARCH_REMOTE) { - int i; - for (i = 0; i < ac->num_searches; i++) { - req = ac->search_reqs[i]; - ret = ldb_wait(req->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - if (req->handle->status != LDB_SUCCESS) { - handle->status = req->handle->status; - goto done; - } - if (req->handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - } - } else { - - req = map_get_req(ac); - - ret = ldb_wait(req->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - if (req->handle->status != LDB_SUCCESS) { - handle->status = req->handle->status; - goto done; - } - if (req->handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - - next = map_get_next(ac); - if (next) { - return next(handle); - } - } - - ret = LDB_SUCCESS; - -done: - handle->state = LDB_ASYNC_DONE; - return ret; -} - -/* Wait for all current pending requests to finish. */ -static int map_wait_all(struct ldb_handle *handle) -{ - int ret; - - while (handle->state != LDB_ASYNC_DONE) { - ret = map_wait_next(handle); - if (ret != LDB_SUCCESS) { - return ret; - } - } - - return handle->status; -} - -/* Wait for pending requests to finish. */ -int map_wait(struct ldb_handle *handle, enum ldb_wait_type type) -{ - if (type == LDB_WAIT_ALL) { - return map_wait_all(handle); - } else { - return map_wait_next(handle); - } -} - - /* Module initialization * ===================== */ diff --git a/source4/lib/ldb/ldb_map/ldb_map.h b/source4/lib/ldb/ldb_map/ldb_map.h index e40bb9cd7e..7f92c15b98 100644 --- a/source4/lib/ldb/ldb_map/ldb_map.h +++ b/source4/lib/ldb/ldb_map/ldb_map.h @@ -160,14 +160,12 @@ int map_search(struct ldb_module *module, struct ldb_request *req); int map_rename(struct ldb_module *module, struct ldb_request *req); int map_delete(struct ldb_module *module, struct ldb_request *req); int map_modify(struct ldb_module *module, struct ldb_request *req); -int map_wait(struct ldb_handle *handle, enum ldb_wait_type type); #define LDB_MAP_OPS \ .add = map_add, \ .modify = map_modify, \ .del = map_delete, \ .rename = map_rename, \ - .search = map_search, \ - .wait = map_wait, + .search = map_search, #endif /* __LDB_MAP_H__ */ diff --git a/source4/lib/ldb/ldb_map/ldb_map_inbound.c b/source4/lib/ldb/ldb_map/ldb_map_inbound.c index 7fc3ac4ed5..96605f23eb 100644 --- a/source4/lib/ldb/ldb_map/ldb_map_inbound.c +++ b/source4/lib/ldb/ldb_map/ldb_map_inbound.c @@ -3,6 +3,7 @@ Copyright (C) Jelmer Vernooij 2005 Copyright (C) Martin Kuehl 2006 + Copyright (C) Simo Sorce 2008 ** NOTE! The following LGPL license applies to the ldb ** library. This does NOT imply that all of Samba is released @@ -178,51 +179,181 @@ static int ldb_msg_partition(struct ldb_module *module, struct ldb_message *loca } -/* Inbound requests: add, modify, rename, delete - * ============================================= */ +static int map_add_do_local(struct map_context *ac); +static int map_modify_do_local(struct map_context *ac); +static int map_delete_do_local(struct map_context *ac); +static int map_rename_do_local(struct map_context *ac); +static int map_rename_do_fixup(struct map_context *ac); +static int map_rename_local_callback(struct ldb_request *req, + struct ldb_reply *ares); -/* Add the remote record. */ -int map_add_do_remote(struct ldb_handle *handle) + +/***************************************************************************** + * COMMON INBOUND functions +*****************************************************************************/ + +/* Store the DN of a single search result in context. */ +static int map_search_self_callback(struct ldb_request *req, struct ldb_reply *ares) { struct map_context *ac; + int ret; - ac = talloc_get_type(handle->private_data, struct map_context); + ac = talloc_get_type(req->context, struct map_context); - ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->remote_req); + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } - ac->step = MAP_ADD_REMOTE; + /* We are interested only in the single reply */ + switch(ares->type) { + case LDB_REPLY_ENTRY: + /* We have already found a remote DN */ + if (ac->local_dn) { + ldb_set_errstring(ac->module->ldb, + "Too many results!"); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } - handle->state = LDB_ASYNC_INIT; - handle->status = LDB_SUCCESS; + /* Store local DN */ + ac->local_dn = talloc_steal(ac, ares->message->dn); + break; - return ldb_next_remote_request(ac->module, ac->remote_req); + case LDB_REPLY_DONE: + + switch (ac->req->operation) { + case LDB_MODIFY: + ret = map_modify_do_local(ac); + break; + case LDB_DELETE: + ret = map_delete_do_local(ac); + break; + case LDB_RENAME: + ret = map_rename_do_local(ac); + break; + default: + /* if we get here we have definitely a problem */ + ret = LDB_ERR_OPERATIONS_ERROR; + } + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + + default: + /* ignore referrals */ + break; + } + + talloc_free(ares); + return LDB_SUCCESS; } -/* Add the local record. */ -int map_add_do_local(struct ldb_handle *handle) +/* Build a request to search the local record by its DN. */ +static int map_search_self_req(struct ldb_request **req, + struct map_context *ac, + struct ldb_dn *dn) +{ + /* attrs[] is returned from this function in + * ac->search_req->op.search.attrs, so it must be static, as + * otherwise the compiler can put it on the stack */ + static const char * const attrs[] = { IS_MAPPED, NULL }; + struct ldb_parse_tree *tree; + + /* Limit search to records with 'IS_MAPPED' present */ + tree = ldb_parse_tree(ac, "(" IS_MAPPED "=*)"); + if (tree == NULL) { + map_oom(ac->module); + return LDB_ERR_OPERATIONS_ERROR; + } + + *req = map_search_base_req(ac, dn, attrs, tree, + ac, map_search_self_callback); + if (*req == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + return LDB_SUCCESS; +} + +static int map_op_local_callback(struct ldb_request *req, + struct ldb_reply *ares) { struct map_context *ac; + int ret; - ac = talloc_get_type(handle->private_data, struct map_context); + ac = talloc_get_type(req->context, struct map_context); - ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->local_req); + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } - ac->step = MAP_ADD_LOCAL; + if (ares->type != LDB_REPLY_DONE) { + ldb_set_errstring(req->handle->ldb, "Invalid reply type!"); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } - handle->state = LDB_ASYNC_INIT; - handle->status = LDB_SUCCESS; + /* Do the remote request. */ + ret = ldb_next_remote_request(ac->module, ac->remote_req); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } - return ldb_next_request(ac->module, ac->local_req); + return LDB_SUCCESS; } +static int map_op_remote_callback(struct ldb_request *req, + struct ldb_reply *ares) +{ + struct map_context *ac; + + ac = talloc_get_type(req->context, struct map_context); + + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + + if (ares->type != LDB_REPLY_DONE) { + ldb_set_errstring(req->handle->ldb, "Invalid reply type!"); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); +} + + +/***************************************************************************** + * ADD operations +*****************************************************************************/ + + /* Add a record. */ int map_add(struct ldb_module *module, struct ldb_request *req) { const struct ldb_message *msg = req->op.add.message; - struct ldb_handle *h; struct map_context *ac; - struct ldb_message *local, *remote; + struct ldb_message *remote_msg; const char *dn; + int ret; /* Do not manipulate our control entries */ if (ldb_dn_is_special(msg->dn)) { @@ -240,141 +371,88 @@ int map_add(struct ldb_module *module, struct ldb_request *req) } /* Prepare context and handle */ - h = map_init_handle(req, module); - if (h == NULL) { + ac = map_init_context(module, req); + if (ac == NULL) { return LDB_ERR_OPERATIONS_ERROR; } - ac = talloc_get_type(h->private_data, struct map_context); - - /* Prepare the local operation */ - ac->local_req = talloc(ac, struct ldb_request); - if (ac->local_req == NULL) { - goto oom; - } - *(ac->local_req) = *req; /* copy the request */ - - ac->local_req->context = NULL; - ac->local_req->callback = NULL; - - /* Prepare the remote operation */ - ac->remote_req = talloc(ac, struct ldb_request); - if (ac->remote_req == NULL) { - goto oom; - } - - *(ac->remote_req) = *req; /* copy the request */ - - ac->remote_req->context = NULL; - ac->remote_req->callback = NULL; /* Prepare the local message */ - local = ldb_msg_new(ac->local_req); - if (local == NULL) { - goto oom; + ac->local_msg = ldb_msg_new(ac); + if (ac->local_msg == NULL) { + map_oom(module); + return LDB_ERR_OPERATIONS_ERROR; } - local->dn = msg->dn; + ac->local_msg->dn = msg->dn; /* Prepare the remote message */ - remote = ldb_msg_new(ac->remote_req); - if (remote == NULL) { - goto oom; + remote_msg = ldb_msg_new(ac); + if (remote_msg == NULL) { + map_oom(module); + return LDB_ERR_OPERATIONS_ERROR; } - remote->dn = ldb_dn_map_local(ac->module, remote, msg->dn); + remote_msg->dn = ldb_dn_map_local(ac->module, remote_msg, msg->dn); /* Split local from remote message */ - ldb_msg_partition(module, local, remote, msg); - ac->local_req->op.add.message = local; - ac->remote_req->op.add.message = remote; + ldb_msg_partition(module, ac->local_msg, remote_msg, msg); + + /* Prepare the remote operation */ + ret = ldb_build_add_req(&ac->remote_req, module->ldb, + ac, remote_msg, + req->controls, + ac, map_op_remote_callback, + req); + if (ret != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; + } - if ((local->num_elements == 0) || (!map_check_local_db(ac->module))) { + if ((ac->local_msg->num_elements == 0) || + ( ! map_check_local_db(ac->module))) { /* No local data or db, just run the remote request */ - talloc_free(ac->local_req); - req->handle = h; /* return our own handle to deal with this call */ - return map_add_do_remote(h); + return ldb_next_remote_request(ac->module, ac->remote_req); } /* Store remote DN in 'IS_MAPPED' */ /* TODO: use GUIDs here instead */ - dn = ldb_dn_alloc_linearized(local, remote->dn); - if (ldb_msg_add_string(local, IS_MAPPED, dn) != 0) { - goto failed; + dn = ldb_dn_alloc_linearized(ac->local_msg, remote_msg->dn); + if (ldb_msg_add_string(ac->local_msg, IS_MAPPED, dn) != 0) { + return LDB_ERR_OPERATIONS_ERROR; } - req->handle = h; /* return our own handle to deal with this call */ - return map_add_do_local(h); - -oom: - map_oom(module); -failed: - talloc_free(h); - return LDB_ERR_OPERATIONS_ERROR; -} - -/* Modify the remote record. */ -int map_modify_do_remote(struct ldb_handle *handle) -{ - struct map_context *ac; - - ac = talloc_get_type(handle->private_data, struct map_context); - - ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->remote_req); - - ac->step = MAP_MODIFY_REMOTE; - - handle->state = LDB_ASYNC_INIT; - handle->status = LDB_SUCCESS; - - return ldb_next_remote_request(ac->module, ac->remote_req); + return map_add_do_local(ac); } -/* Modify the local record. */ -int map_modify_do_local(struct ldb_handle *handle) +/* Add the local record. */ +static int map_add_do_local(struct map_context *ac) { - struct map_context *ac; - struct ldb_message *msg; - char *dn; - - ac = talloc_get_type(handle->private_data, struct map_context); - - if (ac->local_dn == NULL) { - /* No local record present, add it instead */ - msg = discard_const_p(struct ldb_message, ac->local_req->op.mod.message); - - /* Add local 'IS_MAPPED' */ - /* TODO: use GUIDs here instead */ - if (ldb_msg_add_empty(msg, IS_MAPPED, LDB_FLAG_MOD_ADD, NULL) != 0) { - return LDB_ERR_OPERATIONS_ERROR; - } - dn = ldb_dn_alloc_linearized(msg, ac->remote_req->op.mod.message->dn); - if (ldb_msg_add_string(msg, IS_MAPPED, dn) != 0) { - return LDB_ERR_OPERATIONS_ERROR; - } + struct ldb_request *local_req; + int ret; - /* Turn request into 'add' */ - ac->local_req->operation = LDB_ADD; - ac->local_req->op.add.message = msg; - /* TODO: Could I just leave msg in there? I think so, - * but it looks clearer this way. */ + /* Prepare the local operation */ + ret = ldb_build_add_req(&local_req, ac->module->ldb, ac, + ac->local_msg, + ac->req->controls, + ac, + map_op_local_callback, + ac->req); + if (ret != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; } - - ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->local_req); - - ac->step = MAP_MODIFY_LOCAL; - - handle->state = LDB_ASYNC_INIT; - handle->status = LDB_SUCCESS; - - return ldb_next_request(ac->module, ac->local_req); + return ldb_next_request(ac->module, local_req); } +/***************************************************************************** + * MODIFY operations +*****************************************************************************/ + /* Modify a record. */ int map_modify(struct ldb_module *module, struct ldb_request *req) { const struct ldb_message *msg = req->op.mod.message; - struct ldb_handle *h; + struct ldb_request *search_req; + struct ldb_message *remote_msg; struct map_context *ac; - struct ldb_message *local, *remote; + int ret; /* Do not manipulate our control entries */ if (ldb_dn_is_special(msg->dn)) { @@ -395,257 +473,200 @@ int map_modify(struct ldb_module *module, struct ldb_request *req) } /* Prepare context and handle */ - h = map_init_handle(req, module); - if (h == NULL) { + ac = map_init_context(module, req); + if (ac == NULL) { return LDB_ERR_OPERATIONS_ERROR; } - ac = talloc_get_type(h->private_data, struct map_context); - - /* Prepare the local operation */ - ac->local_req = talloc(ac, struct ldb_request); - if (ac->local_req == NULL) { - goto oom; - } - - *(ac->local_req) = *req; /* copy the request */ - - ac->local_req->context = NULL; - ac->local_req->callback = NULL; - - /* Prepare the remote operation */ - ac->remote_req = talloc(ac, struct ldb_request); - if (ac->remote_req == NULL) { - goto oom; - } - - *(ac->remote_req) = *req; /* copy the request */ - - ac->remote_req->context = NULL; - ac->remote_req->callback = NULL; /* Prepare the local message */ - local = ldb_msg_new(ac->local_req); - if (local == NULL) { - goto oom; + ac->local_msg = ldb_msg_new(ac); + if (ac->local_msg == NULL) { + map_oom(module); + return LDB_ERR_OPERATIONS_ERROR; } - local->dn = msg->dn; + ac->local_msg->dn = msg->dn; /* Prepare the remote message */ - remote = ldb_msg_new(ac->remote_req); - if (remote == NULL) { - goto oom; + remote_msg = ldb_msg_new(ac->remote_req); + if (remote_msg == NULL) { + map_oom(module); + return LDB_ERR_OPERATIONS_ERROR; } - remote->dn = ldb_dn_map_local(ac->module, remote, msg->dn); + remote_msg->dn = ldb_dn_map_local(ac->module, remote_msg, msg->dn); /* Split local from remote message */ - ldb_msg_partition(module, local, remote, msg); - ac->local_req->op.mod.message = local; - ac->remote_req->op.mod.message = remote; + ldb_msg_partition(module, ac->local_msg, remote_msg, msg); + + /* Prepare the remote operation */ + ret = ldb_build_mod_req(&ac->remote_req, module->ldb, + ac, remote_msg, + req->controls, + ac, map_op_remote_callback, + req); + if (ret != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; + } - if ((local->num_elements == 0) || (!map_check_local_db(ac->module))) { + if ((ac->local_msg->num_elements == 0) || + ( ! map_check_local_db(ac->module))) { /* No local data or db, just run the remote request */ - talloc_free(ac->local_req); - req->handle = h; /* return our own handle to deal with this call */ - return map_modify_do_remote(h); + return ldb_next_remote_request(ac->module, ac->remote_req); } /* prepare the search operation */ - ac->search_req = map_search_self_req(ac, msg->dn); - if (ac->search_req == NULL) { - goto failed; + ret = map_search_self_req(&search_req, ac, msg->dn); + if (ret != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; } - ac->step = MAP_SEARCH_SELF_MODIFY; - - req->handle = h; /* return our own handle to deal with this call */ - return ldb_next_request(module, ac->search_req); - -oom: - map_oom(module); -failed: - talloc_free(h); - return LDB_ERR_OPERATIONS_ERROR; -} - -/* Delete the remote record. */ -int map_delete_do_remote(struct ldb_handle *handle) -{ - struct map_context *ac; - - ac = talloc_get_type(handle->private_data, struct map_context); - - ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->remote_req); - - ac->step = MAP_DELETE_REMOTE; - - handle->state = LDB_ASYNC_INIT; - handle->status = LDB_SUCCESS; - - return ldb_next_remote_request(ac->module, ac->remote_req); + return ldb_next_request(module, search_req); } -/* Delete the local record. */ -int map_delete_do_local(struct ldb_handle *handle) +/* Modify the local record. */ +static int map_modify_do_local(struct map_context *ac) { - struct map_context *ac; - - ac = talloc_get_type(handle->private_data, struct map_context); + struct ldb_request *local_req; + char *dn; + int ret; - /* No local record, continue remotely */ if (ac->local_dn == NULL) { - return map_delete_do_remote(handle); - } - - ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->local_req); - - ac->step = MAP_DELETE_LOCAL; + /* No local record present, add it instead */ + /* Add local 'IS_MAPPED' */ + /* TODO: use GUIDs here instead */ + if (ldb_msg_add_empty(ac->local_msg, IS_MAPPED, + LDB_FLAG_MOD_ADD, NULL) != 0) { + return LDB_ERR_OPERATIONS_ERROR; + } + dn = ldb_dn_alloc_linearized(ac->local_msg, + ac->remote_req->op.mod.message->dn); + if (ldb_msg_add_string(ac->local_msg, IS_MAPPED, dn) != 0) { + return LDB_ERR_OPERATIONS_ERROR; + } - handle->state = LDB_ASYNC_INIT; - handle->status = LDB_SUCCESS; + /* Prepare the local operation */ + ret = ldb_build_add_req(&local_req, ac->module->ldb, ac, + ac->local_msg, + ac->req->controls, + ac, + map_op_local_callback, + ac->req); + if (ret != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; + } + } else { + /* Prepare the local operation */ + ret = ldb_build_mod_req(&local_req, ac->module->ldb, ac, + ac->local_msg, + ac->req->controls, + ac, + map_op_local_callback, + ac->req); + if (ret != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; + } + } - return ldb_next_request(ac->module, ac->local_req); + return ldb_next_request(ac->module, local_req); } +/***************************************************************************** + * DELETE operations +*****************************************************************************/ + /* Delete a record. */ int map_delete(struct ldb_module *module, struct ldb_request *req) { - struct ldb_handle *h; + struct ldb_request *search_req; struct map_context *ac; + int ret; /* Do not manipulate our control entries */ if (ldb_dn_is_special(req->op.del.dn)) { return ldb_next_request(module, req); } - /* No mapping requested (perhaps no DN mapping specified), skip to next module */ + /* No mapping requested (perhaps no DN mapping specified). + * Skip to next module */ if (!ldb_dn_check_local(module, req->op.del.dn)) { return ldb_next_request(module, req); } /* Prepare context and handle */ - h = map_init_handle(req, module); - if (h == NULL) { + ac = map_init_context(module, req); + if (ac == NULL) { return LDB_ERR_OPERATIONS_ERROR; } - ac = talloc_get_type(h->private_data, struct map_context); - - /* Prepare the local operation */ - ac->local_req = talloc(ac, struct ldb_request); - if (ac->local_req == NULL) { - goto oom; - } - - *(ac->local_req) = *req; /* copy the request */ - ac->local_req->op.del.dn = req->op.del.dn; - - ac->local_req->context = NULL; - ac->local_req->callback = NULL; /* Prepare the remote operation */ - ac->remote_req = talloc(ac, struct ldb_request); - if (ac->remote_req == NULL) { - goto oom; + ret = ldb_build_del_req(&ac->remote_req, module->ldb, ac, + ldb_dn_map_local(module, ac, req->op.del.dn), + req->controls, + ac, + map_op_remote_callback, + req); + if (ret != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; } - *(ac->remote_req) = *req; /* copy the request */ - ac->remote_req->op.del.dn = ldb_dn_map_local(module, ac->remote_req, req->op.del.dn); - /* No local db, just run the remote request */ if (!map_check_local_db(ac->module)) { - req->handle = h; /* return our own handle to deal with this call */ - return map_delete_do_remote(h); + /* Do the remote request. */ + return ldb_next_remote_request(ac->module, ac->remote_req); } - ac->remote_req->context = NULL; - ac->remote_req->callback = NULL; - /* Prepare the search operation */ - ac->search_req = map_search_self_req(ac, req->op.del.dn); - if (ac->search_req == NULL) { - goto failed; + ret = map_search_self_req(&search_req, ac, req->op.del.dn); + if (ret != LDB_SUCCESS) { + map_oom(module); + return LDB_ERR_OPERATIONS_ERROR; } - req->handle = h; /* return our own handle to deal with this call */ - - ac->step = MAP_SEARCH_SELF_DELETE; - - return ldb_next_request(module, ac->search_req); - -oom: - map_oom(module); -failed: - talloc_free(h); - return LDB_ERR_OPERATIONS_ERROR; + return ldb_next_request(module, search_req); } -/* Rename the remote record. */ -int map_rename_do_remote(struct ldb_handle *handle) -{ - struct map_context *ac; - - ac = talloc_get_type(handle->private_data, struct map_context); - - ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->remote_req); - - ac->step = MAP_RENAME_REMOTE; - - handle->state = LDB_ASYNC_INIT; - handle->status = LDB_SUCCESS; - - return ldb_next_remote_request(ac->module, ac->remote_req); -} - -/* Update the local 'IS_MAPPED' attribute. */ -int map_rename_do_fixup(struct ldb_handle *handle) -{ - struct map_context *ac; - - ac = talloc_get_type(handle->private_data, struct map_context); - - ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->down_req); - - ac->step = MAP_RENAME_FIXUP; - - handle->state = LDB_ASYNC_INIT; - handle->status = LDB_SUCCESS; - - return ldb_next_request(ac->module, ac->down_req); -} - -/* Rename the local record. */ -int map_rename_do_local(struct ldb_handle *handle) +/* Delete the local record. */ +static int map_delete_do_local(struct map_context *ac) { - struct map_context *ac; - - ac = talloc_get_type(handle->private_data, struct map_context); + struct ldb_request *local_req; + int ret; /* No local record, continue remotely */ if (ac->local_dn == NULL) { - return map_rename_do_remote(handle); + /* Do the remote request. */ + return ldb_next_remote_request(ac->module, ac->remote_req); } - ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->local_req); - - ac->step = MAP_RENAME_LOCAL; - - handle->state = LDB_ASYNC_INIT; - handle->status = LDB_SUCCESS; - - return ldb_next_request(ac->module, ac->local_req); + /* Prepare the local operation */ + ret = ldb_build_del_req(&local_req, ac->module->ldb, ac, + ac->req->op.del.dn, + ac->req->controls, + ac, + map_op_local_callback, + ac->req); + if (ret != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; + } + return ldb_next_request(ac->module, local_req); } +/***************************************************************************** + * RENAME operations +*****************************************************************************/ + /* Rename a record. */ int map_rename(struct ldb_module *module, struct ldb_request *req) { - struct ldb_handle *h; + struct ldb_request *search_req; struct map_context *ac; + int ret; /* Do not manipulate our control entries */ if (ldb_dn_is_special(req->op.rename.olddn)) { return ldb_next_request(module, req); } - /* No mapping requested (perhaps no DN mapping specified), skip to next module */ + /* No mapping requested (perhaps no DN mapping specified). + * Skip to next module */ if ((!ldb_dn_check_local(module, req->op.rename.olddn)) && (!ldb_dn_check_local(module, req->op.rename.newdn))) { return ldb_next_request(module, req); @@ -658,66 +679,113 @@ int map_rename(struct ldb_module *module, struct ldb_request *req) } /* Prepare context and handle */ - h = map_init_handle(req, module); - if (h == NULL) { + ac = map_init_context(module, req); + if (ac == NULL) { return LDB_ERR_OPERATIONS_ERROR; } - ac = talloc_get_type(h->private_data, struct map_context); - /* Prepare the local operation */ - ac->local_req = talloc(ac, struct ldb_request); - if (ac->local_req == NULL) { - goto oom; + /* Prepare the remote operation */ + ret = ldb_build_rename_req(&ac->remote_req, module->ldb, ac, + ldb_dn_map_local(module, ac, req->op.rename.olddn), + ldb_dn_map_local(module, ac, req->op.rename.newdn), + req->controls, + ac, map_op_remote_callback, + req); + if (ret != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; } - *(ac->local_req) = *req; /* copy the request */ - ac->local_req->op.rename.olddn = req->op.rename.olddn; - ac->local_req->op.rename.newdn = req->op.rename.newdn; + /* No local db, just run the remote request */ + if (!map_check_local_db(ac->module)) { + /* Do the remote request. */ + return ldb_next_remote_request(ac->module, ac->remote_req); + } - ac->local_req->context = NULL; - ac->local_req->callback = NULL; + /* Prepare the search operation */ + ret = map_search_self_req(&search_req, ac, req->op.rename.olddn); + if (ret != LDB_SUCCESS) { + map_oom(module); + return LDB_ERR_OPERATIONS_ERROR; + } - /* Prepare the remote operation */ - ac->remote_req = talloc(ac, struct ldb_request); - if (ac->remote_req == NULL) { - goto oom; + return ldb_next_request(module, search_req); +} + +/* Rename the local record. */ +static int map_rename_do_local(struct map_context *ac) +{ + struct ldb_request *local_req; + int ret; + + /* No local record, continue remotely */ + if (ac->local_dn == NULL) { + /* Do the remote request. */ + return ldb_next_remote_request(ac->module, ac->remote_req); } - *(ac->remote_req) = *req; /* copy the request */ - ac->remote_req->op.rename.olddn = ldb_dn_map_local(module, ac->remote_req, req->op.rename.olddn); - ac->remote_req->op.rename.newdn = ldb_dn_map_local(module, ac->remote_req, req->op.rename.newdn); + /* Prepare the local operation */ + ret = ldb_build_rename_req(&local_req, ac->module->ldb, ac, + ac->req->op.rename.olddn, + ac->req->op.rename.newdn, + ac->req->controls, + ac, + map_rename_local_callback, + ac->req); + if (ret != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; + } - ac->remote_req->context = NULL; - ac->remote_req->callback = NULL; + return ldb_next_request(ac->module, local_req); +} - /* No local db, just run the remote request */ - if (!map_check_local_db(ac->module)) { - req->handle = h; /* return our own handle to deal with this call */ - return map_rename_do_remote(h); +static int map_rename_local_callback(struct ldb_request *req, + struct ldb_reply *ares) +{ + struct map_context *ac; + int ret; + + ac = talloc_get_type(req->context, struct map_context); + + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); } - /* Prepare the fixup operation */ - /* TODO: use GUIDs here instead -- or skip it when GUIDs are used. */ - ac->down_req = map_build_fixup_req(ac, req->op.rename.newdn, ac->remote_req->op.rename.newdn); - if (ac->down_req == NULL) { - goto failed; + if (ares->type != LDB_REPLY_DONE) { + ldb_set_errstring(req->handle->ldb, "Invalid reply type!"); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } - /* Prepare the search operation */ - ac->search_req = map_search_self_req(ac, req->op.rename.olddn); - if (ac->search_req == NULL) { - goto failed; + /* proceed with next step */ + ret = map_rename_do_fixup(ac); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } - req->handle = h; /* return our own handle to deal with this call */ + return LDB_SUCCESS; +} - ac->step = MAP_SEARCH_SELF_RENAME; +/* Update the local 'IS_MAPPED' attribute. */ +static int map_rename_do_fixup(struct map_context *ac) +{ + struct ldb_request *local_req; - return ldb_next_request(module, ac->search_req); + /* Prepare the fixup operation */ + /* TODO: use GUIDs here instead -- or skip it when GUIDs are used. */ + local_req = map_build_fixup_req(ac, + ac->req->op.rename.newdn, + ac->remote_req->op.rename.newdn, + ac, + map_op_local_callback); + if (local_req == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } -oom: - map_oom(module); -failed: - talloc_free(h); - return LDB_ERR_OPERATIONS_ERROR; + return ldb_next_request(ac->module, local_req); } diff --git a/source4/lib/ldb/ldb_map/ldb_map_outbound.c b/source4/lib/ldb/ldb_map/ldb_map_outbound.c index fbc097f313..5f524a8be3 100644 --- a/source4/lib/ldb/ldb_map/ldb_map_outbound.c +++ b/source4/lib/ldb/ldb_map/ldb_map_outbound.c @@ -4,6 +4,7 @@ Copyright (C) Jelmer Vernooij 2005 Copyright (C) Martin Kuehl 2006 Copyright (C) Andrew Bartlett 2006 + Copyright (C) Simo Sorce 2008 ** NOTE! The following LGPL license applies to the ldb ** library. This does NOT imply that all of Samba is released @@ -905,7 +906,11 @@ static int map_subtree_collect_remote(struct ldb_module *module, void *mem_ctx, /* Split subtrees that query attributes in the local partition from * those that query the remote partition. */ -static int ldb_parse_tree_partition(struct ldb_module *module, void *local_ctx, void *remote_ctx, struct ldb_parse_tree **local_tree, struct ldb_parse_tree **remote_tree, const struct ldb_parse_tree *tree) +static int ldb_parse_tree_partition(struct ldb_module *module, + void *mem_ctx, + struct ldb_parse_tree **local_tree, + struct ldb_parse_tree **remote_tree, + const struct ldb_parse_tree *tree) { int ret; @@ -918,13 +923,13 @@ static int ldb_parse_tree_partition(struct ldb_module *module, void *local_ctx, } /* Generate local tree */ - ret = map_subtree_select_local(module, local_ctx, local_tree, tree); + ret = map_subtree_select_local(module, mem_ctx, local_tree, tree); if (ret) { return ret; } /* Generate remote tree */ - ret = map_subtree_collect_remote(module, remote_ctx, remote_tree, tree); + ret = map_subtree_collect_remote(module, mem_ctx, remote_tree, tree); if (ret) { talloc_free(*local_tree); return ret; @@ -1008,24 +1013,46 @@ oom: /* Outbound requests: search * ========================= */ -/* Pass a merged search result up the callback chain. */ -int map_up_callback(struct ldb_context *ldb, const struct ldb_request *req, struct ldb_reply *ares) +static int map_remote_search_callback(struct ldb_request *req, + struct ldb_reply *ares); +static int map_local_merge_callback(struct ldb_request *req, + struct ldb_reply *ares); +static int map_search_local(struct map_context *ac); + +static int map_save_entry(struct map_context *ac, struct ldb_reply *ares) { - int i; + struct map_reply *mr; - /* No callback registered, stop */ - if (req->callback == NULL) { - return LDB_SUCCESS; + mr = talloc_zero(ac, struct map_reply); + if (mr == NULL) { + map_oom(ac->module); + return LDB_ERR_OPERATIONS_ERROR; } - - /* Only records need special treatment */ - if (ares->type != LDB_REPLY_ENTRY) { - return req->callback(ldb, req->context, ares); + mr->remote = talloc_steal(mr, ares); + if (ac->r_current) { + ac->r_current->next = mr; + } else { + /* first entry */ + ac->r_list = mr; } + ac->r_current = mr; + + return LDB_SUCCESS; +} + +/* Pass a merged search result up the callback chain. */ +int map_return_entry(struct map_context *ac, struct ldb_reply *ares) +{ + struct ldb_message_element *el; + const char * const *attrs; + int i; /* Merged result doesn't match original query, skip */ - if (!ldb_match_msg(ldb, ares->message, req->op.search.tree, req->op.search.base, req->op.search.scope)) { - ldb_debug(ldb, LDB_DEBUG_TRACE, "ldb_map: " + if (!ldb_match_msg(ac->module->ldb, ares->message, + ac->req->op.search.tree, + ac->req->op.search.base, + ac->req->op.search.scope)) { + ldb_debug(ac->module->ldb, LDB_DEBUG_TRACE, "ldb_map: " "Skipping record '%s': " "doesn't match original search\n", ldb_dn_get_linearized(ares->message->dn)); @@ -1033,10 +1060,16 @@ int map_up_callback(struct ldb_context *ldb, const struct ldb_request *req, stru } /* Limit result to requested attrs */ - if ((req->op.search.attrs) && (!ldb_attr_in_list(req->op.search.attrs, "*"))) { - for (i = 0; i < ares->message->num_elements; ) { - struct ldb_message_element *el = &ares->message->elements[i]; - if (!ldb_attr_in_list(req->op.search.attrs, el->name)) { + if (ac->req->op.search.attrs && + (! ldb_attr_in_list(ac->req->op.search.attrs, "*"))) { + + attrs = ac->req->op.search.attrs; + i = 0; + + while (i < ares->message->num_elements) { + + el = &ares->message->elements[i]; + if ( ! ldb_attr_in_list(attrs, el->name)) { ldb_msg_remove_element(ares->message, el); } else { i++; @@ -1044,129 +1077,16 @@ int map_up_callback(struct ldb_context *ldb, const struct ldb_request *req, stru } } - return req->callback(ldb, req->context, ares); -} - -/* Merge the remote and local parts of a search result. */ -int map_local_merge_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) -{ - struct map_search_context *sc; - int ret; - - if (context == NULL || ares == NULL) { - ldb_set_errstring(ldb, talloc_asprintf(ldb, "ldb_map: " - "NULL Context or Result in `map_local_merge_callback`")); - return LDB_ERR_OPERATIONS_ERROR; - } - - sc = talloc_get_type(context, struct map_search_context); - - switch (ares->type) { - case LDB_REPLY_ENTRY: - /* We have already found a local record */ - if (sc->local_res) { - ldb_set_errstring(ldb, talloc_asprintf(ldb, "ldb_map: " - "Too many results to base search for local entry")); - talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; - } - - /* Store local result */ - sc->local_res = ares; - - /* Merge remote into local message */ - ret = ldb_msg_merge_local(sc->ac->module, ares->message, sc->remote_res->message); - if (ret) { - talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; - } - - return map_up_callback(ldb, sc->ac->orig_req, ares); - - case LDB_REPLY_DONE: - /* No local record found, continue with remote record */ - if (sc->local_res == NULL) { - return map_up_callback(ldb, sc->ac->orig_req, sc->remote_res); - } - return LDB_SUCCESS; - - default: - ldb_set_errstring(ldb, talloc_asprintf(ldb, "ldb_map: " - "Unexpected result type in base search for local entry")); - talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; - } -} - -/* Search the local part of a remote search result. */ -int map_remote_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) -{ - struct map_context *ac; - struct map_search_context *sc; - struct ldb_request *req; - int ret; - - if (context == NULL || ares == NULL) { - ldb_set_errstring(ldb, talloc_asprintf(ldb, "ldb_map: " - "NULL Context or Result in `map_remote_search_callback`")); - return LDB_ERR_OPERATIONS_ERROR; - } - - ac = talloc_get_type(context, struct map_context); - - /* It's not a record, stop searching */ - if (ares->type != LDB_REPLY_ENTRY) { - return map_up_callback(ldb, ac->orig_req, ares); - } - - /* Map result record into a local message */ - ret = map_reply_remote(ac, ares); - if (ret) { - talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; - } - - /* There is no local db, stop searching */ - if (!map_check_local_db(ac->module)) { - return map_up_callback(ldb, ac->orig_req, ares); - } - - /* Prepare local search context */ - sc = map_init_search_context(ac, ares); - if (sc == NULL) { - talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; - } - - /* Prepare local search request */ - /* TODO: use GUIDs here instead? */ - - ac->search_reqs = talloc_realloc(ac, ac->search_reqs, struct ldb_request *, ac->num_searches + 2); - if (ac->search_reqs == NULL) { - talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; - } - - ac->search_reqs[ac->num_searches] - = req = map_search_base_req(ac, ares->message->dn, - NULL, NULL, sc, map_local_merge_callback); - if (req == NULL) { - talloc_free(sc); - talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; - } - ac->num_searches++; - ac->search_reqs[ac->num_searches] = NULL; - - return ldb_next_request(ac->module, req); + return ldb_module_send_entry(ac->req, ares->message); } /* Search a record. */ int map_search(struct ldb_module *module, struct ldb_request *req) { - struct ldb_handle *h; + struct ldb_parse_tree *remote_tree; + struct ldb_parse_tree *local_tree; + struct ldb_request *remote_req; struct map_context *ac; - struct ldb_parse_tree *local_tree, *remote_tree; int ret; const char *wildcard[] = { "*", NULL }; @@ -1176,8 +1096,9 @@ int map_search(struct ldb_module *module, struct ldb_request *req) return ldb_next_request(module, req); /* Do not manipulate our control entries */ - if (ldb_dn_is_special(req->op.search.base)) + if (ldb_dn_is_special(req->op.search.base)) { return ldb_next_request(module, req); + } /* No mapping requested, skip to next module */ if ((req->op.search.base) && (!ldb_dn_check_local(module, req->op.search.base))) { @@ -1188,32 +1109,10 @@ int map_search(struct ldb_module *module, struct ldb_request *req) * targetting when there is no search base? */ /* Prepare context and handle */ - h = map_init_handle(req, module); - if (h == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - ac = talloc_get_type(h->private_data, struct map_context); - - ac->search_reqs = talloc_array(ac, struct ldb_request *, 2); - if (ac->search_reqs == NULL) { - talloc_free(h); + ac = map_init_context(module, req); + if (ac == NULL) { return LDB_ERR_OPERATIONS_ERROR; } - ac->num_searches = 1; - ac->search_reqs[1] = NULL; - - /* Prepare the remote operation */ - ac->search_reqs[0] = talloc(ac, struct ldb_request); - if (ac->search_reqs[0] == NULL) { - goto oom; - } - - *(ac->search_reqs[0]) = *req; /* copy the request */ - - ac->search_reqs[0]->handle = h; /* return our own handle to deal with this call */ - - ac->search_reqs[0]->context = ac; - ac->search_reqs[0]->callback = map_remote_search_callback; /* It is easier to deal with the two different ways of * expressing the wildcard in the same codepath */ @@ -1226,17 +1125,15 @@ int map_search(struct ldb_module *module, struct ldb_request *req) ret = map_attrs_collect_and_partition(module, ac, attrs, req->op.search.tree); if (ret) { - goto failed; + return LDB_ERR_OPERATIONS_ERROR; } - ac->search_reqs[0]->op.search.attrs = ac->remote_attrs; - /* Split local from remote tree */ - ret = ldb_parse_tree_partition(module, ac, ac->search_reqs[0], - &local_tree, &remote_tree, + ret = ldb_parse_tree_partition(module, ac, + &local_tree, &remote_tree, req->op.search.tree); if (ret) { - goto failed; + return LDB_ERR_OPERATIONS_ERROR; } if (((local_tree != NULL) && (remote_tree != NULL)) && @@ -1251,7 +1148,7 @@ int map_search(struct ldb_module *module, struct ldb_request *req) local_tree = talloc_zero(ac, struct ldb_parse_tree); if (local_tree == NULL) { map_oom(ac->module); - goto failed; + return LDB_ERR_OPERATIONS_ERROR; } local_tree->operation = LDB_OP_PRESENT; @@ -1259,31 +1156,209 @@ int map_search(struct ldb_module *module, struct ldb_request *req) } if (remote_tree == NULL) { /* Construct default remote parse tree */ - remote_tree = ldb_parse_tree(ac->search_reqs[0], NULL); + remote_tree = ldb_parse_tree(ac, NULL); if (remote_tree == NULL) { - goto failed; + return LDB_ERR_OPERATIONS_ERROR; } } ac->local_tree = local_tree; - ac->search_reqs[0]->op.search.tree = remote_tree; - ldb_set_timeout_from_prev_req(module->ldb, req, ac->search_reqs[0]); + /* Prepare the remote operation */ + ret = ldb_build_search_req_ex(&remote_req, module->ldb, ac, + req->op.search.base, + req->op.search.scope, + remote_tree, + ac->remote_attrs, + req->controls, + ac, map_remote_search_callback, + req); + if (ret != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; + } - h->state = LDB_ASYNC_INIT; - h->status = LDB_SUCCESS; + return ldb_next_remote_request(module, remote_req); +} + +/* Now, search the local part of a remote search result. */ +static int map_remote_search_callback(struct ldb_request *req, + struct ldb_reply *ares) +{ + struct map_context *ac; + int ret; - ac->step = MAP_SEARCH_REMOTE; + ac = talloc_get_type(req->context, struct map_context); - ret = ldb_next_remote_request(module, ac->search_reqs[0]); - if (ret == LDB_SUCCESS) { - req->handle = h; + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); } - return ret; -oom: - map_oom(module); -failed: - talloc_free(h); - return LDB_ERR_OPERATIONS_ERROR; + switch (ares->type) { + case LDB_REPLY_REFERRAL: + + /* ignore referrals */ + talloc_free(ares); + return LDB_SUCCESS; + + case LDB_REPLY_ENTRY: + + /* Map result record into a local message */ + ret = map_reply_remote(ac, ares); + if (ret) { + talloc_free(ares); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + + /* if we have no local db, then we can just return the reply to + * the upper layer, otherwise we must save it and process it + * when all replies ahve been gathered */ + if ( ! map_check_local_db(ac->module)) { + ret = map_return_entry(ac, ares); + } else { + ret = map_save_entry(ac,ares); + } + + if (ret != LDB_SUCCESS) { + talloc_free(ares); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + break; + + case LDB_REPLY_DONE: + + if ( ! map_check_local_db(ac->module)) { + return ldb_module_done(ac->req, ares->controls, + ares->response, LDB_SUCCESS); + } + + talloc_free(ares); + + /* reset the pointer to the start of the list */ + ac->r_current = ac->r_list; + + /* no entry just return */ + if (ac->r_current == NULL) { + return ldb_module_done(ac->req, ares->controls, + ares->response, LDB_SUCCESS); + } + + ret = map_search_local(ac); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } + } + + return LDB_SUCCESS; +} + +static int map_search_local(struct map_context *ac) +{ + struct ldb_request *search_req; + + if (ac->r_current == NULL || ac->r_current->remote == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + /* Prepare local search request */ + /* TODO: use GUIDs here instead? */ + search_req = map_search_base_req(ac, + ac->r_current->remote->message->dn, + NULL, NULL, + ac, map_local_merge_callback); + if (search_req == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + return ldb_next_request(ac->module, search_req); +} + +/* Merge the remote and local parts of a search result. */ +int map_local_merge_callback(struct ldb_request *req, struct ldb_reply *ares) +{ + struct map_context *ac; + int ret; + + ac = talloc_get_type(req->context, struct map_context); + + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + + switch (ares->type) { + case LDB_REPLY_ENTRY: + /* We have already found a local record */ + if (ac->r_current->local) { + talloc_free(ares); + ldb_set_errstring(ac->module->ldb, "ldb_map: Too many results!"); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + + /* Store local result */ + ac->r_current->local = talloc_steal(ac->r_current, ares); + + break; + + case LDB_REPLY_REFERRAL: + /* ignore referrals */ + talloc_free(ares); + break; + + case LDB_REPLY_DONE: + talloc_free(ares); + + /* No local record found, map and send remote record */ + if (ac->r_current->local != NULL) { + /* Merge remote into local message */ + ret = ldb_msg_merge_local(ac->module, + ac->r_current->local->message, + ac->r_current->remote->message); + if (ret == LDB_SUCCESS) { + ret = map_return_entry(ac, ac->r_current->local); + } + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + } else { + ret = map_return_entry(ac, ac->r_current->remote); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, + NULL, NULL, ret); + } + } + + if (ac->r_current->next != NULL) { + ac->r_current = ac->r_current->next; + if (ac->r_current->remote->type == LDB_REPLY_ENTRY) { + ret = map_search_local(ac); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, + NULL, NULL, ret); + } + break; + } + } + + /* ok we are done with all search, finally it is time to + * finish operations for this module */ + return ldb_module_done(ac->req, + ac->r_current->remote->controls, + ac->r_current->remote->response, + ac->r_current->remote->error); + } + + return LDB_SUCCESS; } diff --git a/source4/lib/ldb/ldb_map/ldb_map_private.h b/source4/lib/ldb/ldb_map/ldb_map_private.h index 58a9f2704e..5522125344 100644 --- a/source4/lib/ldb/ldb_map/ldb_map_private.h +++ b/source4/lib/ldb/ldb_map/ldb_map_private.h @@ -3,7 +3,7 @@ #define map_oom(module) ldb_set_errstring(module->ldb, talloc_asprintf(module, "Out of Memory")); /* The type of search callback functions */ -typedef int (*ldb_search_callback)(struct ldb_context *, void *, struct ldb_reply *); +typedef int (*ldb_map_callback_t)(struct ldb_request *, struct ldb_reply *); /* The special DN from which the local and remote base DNs are fetched */ #define MAP_DN_NAME "@MAP" @@ -13,25 +13,17 @@ typedef int (*ldb_search_callback)(struct ldb_context *, void *, struct ldb_repl /* Private data structures * ======================= */ +struct map_reply { + struct map_reply *next; + struct ldb_reply *remote; + struct ldb_reply *local; +}; + /* Context data for mapped requests */ struct map_context { - enum map_step { - MAP_SEARCH_REMOTE, - MAP_ADD_REMOTE, - MAP_ADD_LOCAL, - MAP_SEARCH_SELF_MODIFY, - MAP_MODIFY_REMOTE, - MAP_MODIFY_LOCAL, - MAP_SEARCH_SELF_DELETE, - MAP_DELETE_REMOTE, - MAP_DELETE_LOCAL, - MAP_SEARCH_SELF_RENAME, - MAP_RENAME_REMOTE, - MAP_RENAME_FIXUP, - MAP_RENAME_LOCAL - } step; struct ldb_module *module; + struct ldb_request *req; struct ldb_dn *local_dn; const struct ldb_parse_tree *local_tree; @@ -39,32 +31,20 @@ struct map_context { const char * const *remote_attrs; const char * const *all_attrs; - struct ldb_request *orig_req; - struct ldb_request *local_req; + struct ldb_message *local_msg; struct ldb_request *remote_req; - struct ldb_request *down_req; - struct ldb_request *search_req; - - /* for search, we may have a lot of contexts */ - int num_searches; - struct ldb_request **search_reqs; -}; -/* Context data for mapped search requests */ -struct map_search_context { - struct map_context *ac; - struct ldb_reply *local_res; - struct ldb_reply *remote_res; + struct map_reply *r_list; + struct map_reply *r_current; }; - /* Common operations * ================= */ /* The following definitions come from lib/ldb/modules/ldb_map.c */ const struct ldb_map_context *map_get_context(struct ldb_module *module); -struct map_search_context *map_init_search_context(struct map_context *ac, struct ldb_reply *ares); -struct ldb_handle *map_init_handle(struct ldb_request *req, struct ldb_module *module); +struct map_context *map_init_context(struct ldb_module *module, + struct ldb_request *req); int ldb_next_remote_request(struct ldb_module *module, struct ldb_request *request); @@ -86,25 +66,23 @@ struct ldb_dn *ldb_dn_map_local(struct ldb_module *module, void *mem_ctx, struct struct ldb_dn *ldb_dn_map_remote(struct ldb_module *module, void *mem_ctx, struct ldb_dn *dn); struct ldb_dn *ldb_dn_map_rebase_remote(struct ldb_module *module, void *mem_ctx, struct ldb_dn *dn); -struct ldb_request *map_search_base_req(struct map_context *ac, struct ldb_dn *dn, const char * const *attrs, const struct ldb_parse_tree *tree, void *context, ldb_search_callback callback); -struct ldb_request *map_search_self_req(struct map_context *ac, struct ldb_dn *dn); -struct ldb_request *map_build_fixup_req(struct map_context *ac, struct ldb_dn *olddn, struct ldb_dn *newdn); - -int map_subtree_collect_remote_simple(struct ldb_module *module, void *mem_ctx, struct ldb_parse_tree **new, const struct ldb_parse_tree *tree, const struct ldb_map_attribute *map); - -/* LDB Requests - * ============ */ - -/* The following definitions come from lib/ldb/modules/ldb_map_inbound.c */ -int map_add_do_remote(struct ldb_handle *handle); -int map_add_do_local(struct ldb_handle *handle); - -int map_modify_do_remote(struct ldb_handle *handle); -int map_modify_do_local(struct ldb_handle *handle); - -int map_delete_do_remote(struct ldb_handle *handle); -int map_delete_do_local(struct ldb_handle *handle); - -int map_rename_do_remote(struct ldb_handle *handle); -int map_rename_do_fixup(struct ldb_handle *handle); -int map_rename_do_local(struct ldb_handle *handle); +struct ldb_request *map_search_base_req(struct map_context *ac, + struct ldb_dn *dn, + const char * const *attrs, + const struct ldb_parse_tree *tree, + void *context, + ldb_map_callback_t callback); +struct ldb_request *map_build_fixup_req(struct map_context *ac, + struct ldb_dn *olddn, + struct ldb_dn *newdn, + void *context, + ldb_map_callback_t callback); +int map_subtree_collect_remote_simple(struct ldb_module *module, void *mem_ctx, + struct ldb_parse_tree **new, + const struct ldb_parse_tree *tree, + const struct ldb_map_attribute *map); +int map_return_fatal_error(struct ldb_request *req, + struct ldb_reply *ares); +int map_return_normal_error(struct ldb_request *req, + struct ldb_reply *ares, + int error); diff --git a/source4/lib/ldb/modules/asq.c b/source4/lib/ldb/modules/asq.c index eb27263b16..17896a006a 100644 --- a/source4/lib/ldb/modules/asq.c +++ b/source4/lib/ldb/modules/asq.c @@ -1,7 +1,7 @@ /* ldb database library - Copyright (C) Simo Sorce 2005 + Copyright (C) Simo Sorce 2005-2008 ** NOTE! The following LGPL license applies to the ldb ** library. This does NOT imply that all of Samba is released @@ -36,10 +36,10 @@ struct asq_context { - enum {ASQ_INIT, ASQ_SEARCH_BASE, ASQ_SEARCH_MULTI} step; + enum {ASQ_SEARCH_BASE, ASQ_SEARCH_MULTI} step; struct ldb_module *module; - struct ldb_request *orig_req; + struct ldb_request *req; struct ldb_asq_control *asq_ctrl; @@ -52,7 +52,6 @@ struct asq_context { ASQ_CTRL_AFFECTS_MULTIPLE_DSA = 71 } asq_ret; - struct ldb_request *base_req; struct ldb_reply *base_res; struct ldb_request **reqs; @@ -62,192 +61,200 @@ struct asq_context { struct ldb_control **controls; }; -static struct ldb_handle *init_handle(struct ldb_request *req, struct ldb_module *module) +static struct asq_context *asq_context_init(struct ldb_module *module, struct ldb_request *req) { struct asq_context *ac; - struct ldb_handle *h; - - h = talloc_zero(req, struct ldb_handle); - if (h == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); - return NULL; - } - h->module = module; - - ac = talloc_zero(h, struct asq_context); + ac = talloc_zero(req, struct asq_context); if (ac == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); - talloc_free(h); + ldb_oom(module->ldb); return NULL; } - h->private_data = (void *)ac; - - h->state = LDB_ASYNC_INIT; - h->status = LDB_SUCCESS; - - ac->step = ASQ_INIT; ac->module = module; - ac->orig_req = req; + ac->req = req; - return h; + return ac; } -static int asq_terminate(struct ldb_handle *handle) +static int asq_search_continue(struct asq_context *ac); + +static int asq_search_terminate(struct asq_context *ac) { - struct asq_context *ac; - struct ldb_reply *ares; struct ldb_asq_control *asq; int i; - ac = talloc_get_type(handle->private_data, struct asq_context); - if (ac == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - - handle->status = LDB_SUCCESS; - handle->state = LDB_ASYNC_DONE; - - ares = talloc_zero(ac, struct ldb_reply); - if (ares == NULL) - return LDB_ERR_OPERATIONS_ERROR; - - ares->type = LDB_REPLY_DONE; - if (ac->controls) { - for (i = 0; ac->controls[i]; i++); - ares->controls = talloc_move(ares, &ac->controls); + for (i = 0; ac->controls[i]; i++) /* count em */ ; } else { i = 0; } - ares->controls = talloc_realloc(ares, ares->controls, struct ldb_control *, i + 2); - - if (ares->controls == NULL) + ac->controls = talloc_realloc(ac, ac->controls, struct ldb_control *, i + 2); + + if (ac->controls == NULL) { return LDB_ERR_OPERATIONS_ERROR; + } - ares->controls[i] = talloc(ares->controls, struct ldb_control); - if (ares->controls[i] == NULL) + ac->controls[i] = talloc(ac->controls, struct ldb_control); + if (ac->controls[i] == NULL) { return LDB_ERR_OPERATIONS_ERROR; + } - ares->controls[i]->oid = LDB_CONTROL_ASQ_OID; - ares->controls[i]->critical = 0; + ac->controls[i]->oid = LDB_CONTROL_ASQ_OID; + ac->controls[i]->critical = 0; - asq = talloc_zero(ares->controls[i], struct ldb_asq_control); + asq = talloc_zero(ac->controls[i], struct ldb_asq_control); if (asq == NULL) return LDB_ERR_OPERATIONS_ERROR; asq->result = ac->asq_ret; - - ares->controls[i]->data = asq; - ares->controls[i + 1] = NULL; + ac->controls[i]->data = asq; - ac->orig_req->callback(ac->module->ldb, ac->orig_req->context, ares); + ac->controls[i + 1] = NULL; - return LDB_SUCCESS; + return ldb_module_done(ac->req, ac->controls, NULL, LDB_SUCCESS); } -static int asq_base_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +static int asq_base_callback(struct ldb_request *req, struct ldb_reply *ares) { struct asq_context *ac; + int ret; - if (!context || !ares) { - ldb_set_errstring(ldb, "NULL Context or Result in callback"); - goto error; - } + ac = talloc_get_type(req->context, struct asq_context); - ac = talloc_get_type(context, struct asq_context); - if (ac == NULL) { - goto error; + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); } - /* we are interested only in the single reply (base search) we receive here */ - if (ares->type == LDB_REPLY_ENTRY) { + switch (ares->type) { + case LDB_REPLY_ENTRY: ac->base_res = talloc_move(ac, &ares); - } else { + break; + + case LDB_REPLY_REFERRAL: + /* ignore referrals */ talloc_free(ares); - } + break; + case LDB_REPLY_DONE: + + talloc_free(ares); + + /* next step */ + ret = asq_search_continue(ac); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } + break; + + } return LDB_SUCCESS; -error: - talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; } -static int asq_reqs_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +static int asq_reqs_callback(struct ldb_request *req, struct ldb_reply *ares) { struct asq_context *ac; + int ret; - if (!context || !ares) { - ldb_set_errstring(ldb, "NULL Context or Result in callback"); - goto error; - } + ac = talloc_get_type(req->context, struct asq_context); - ac = talloc_get_type(context, struct asq_context); - if (ac == NULL) { - goto error; + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); } - /* we are interested only in the single reply (base search) we receive here */ - if (ares->type == LDB_REPLY_ENTRY) { - + switch (ares->type) { + case LDB_REPLY_ENTRY: /* pass the message up to the original callback as we * do not have to elaborate on it any further */ - return ac->orig_req->callback(ac->module->ldb, ac->orig_req->context, ares); - - } else { /* ignore any REFERRAL or DONE reply */ + ret = ldb_module_send_entry(ac->req, ares->message); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } + talloc_free(ares); + break; + + case LDB_REPLY_REFERRAL: + /* ignore referrals */ + talloc_free(ares); + break; + + case LDB_REPLY_DONE: + talloc_free(ares); + + ret = asq_search_continue(ac); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } + break; } return LDB_SUCCESS; -error: - talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; } -static int asq_build_first_request(struct asq_context *ac) +static int asq_build_first_request(struct asq_context *ac, struct ldb_request **base_req) { - char **base_attrs; + const char **base_attrs; + int ret; - ac->base_req = talloc_zero(ac, struct ldb_request); - if (ac->base_req == NULL) return LDB_ERR_OPERATIONS_ERROR; + ac->req_attrs = ac->req->op.search.attrs; + ac->req_attribute = talloc_strdup(ac, ac->asq_ctrl->source_attribute); + if (ac->req_attribute == NULL) + return LDB_ERR_OPERATIONS_ERROR; - ac->base_req->operation = ac->orig_req->operation; - ac->base_req->op.search.base = ac->orig_req->op.search.base; - ac->base_req->op.search.scope = LDB_SCOPE_BASE; - ac->base_req->op.search.tree = ac->orig_req->op.search.tree; - base_attrs = talloc_array(ac->base_req, char *, 2); + base_attrs = talloc_array(ac, const char *, 2); if (base_attrs == NULL) return LDB_ERR_OPERATIONS_ERROR; base_attrs[0] = talloc_strdup(base_attrs, ac->asq_ctrl->source_attribute); if (base_attrs[0] == NULL) return LDB_ERR_OPERATIONS_ERROR; base_attrs[1] = NULL; - ac->base_req->op.search.attrs = (const char * const *)base_attrs; - ac->base_req->context = ac; - ac->base_req->callback = asq_base_callback; - ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->base_req); + ret = ldb_build_search_req_ex(base_req, ac->module->ldb, ac, + ac->req->op.search.base, + LDB_SCOPE_BASE, + ac->req->op.search.tree, + (const char * const *)base_attrs, + NULL, + ac, asq_base_callback, + ac->req); + if (ret != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; + } return LDB_SUCCESS; } -static int asq_build_multiple_requests(struct asq_context *ac, struct ldb_handle *handle) +static int asq_build_multiple_requests(struct asq_context *ac, bool *terminated) { + struct ldb_control **saved_controls; + struct ldb_control *control; + struct ldb_dn *dn; struct ldb_message_element *el; - int i; + int ret, i; - /* look up the DNs */ if (ac->base_res == NULL) { return LDB_ERR_NO_SUCH_OBJECT; } + el = ldb_msg_find_element(ac->base_res->message, ac->req_attribute); /* no values found */ if (el == NULL) { ac->asq_ret = ASQ_CTRL_SUCCESS; - return asq_terminate(handle); + *terminated = true; + return asq_search_terminate(ac); } ac->num_reqs = el->num_values; @@ -259,144 +266,75 @@ static int asq_build_multiple_requests(struct asq_context *ac, struct ldb_handle for (i = 0; i < el->num_values; i++) { - ac->reqs[i] = talloc_zero(ac->reqs, struct ldb_request); - if (ac->reqs[i] == NULL) - return LDB_ERR_OPERATIONS_ERROR; - ac->reqs[i]->operation = LDB_SEARCH; - ac->reqs[i]->op.search.base = ldb_dn_new(ac->reqs[i], ac->module->ldb, (const char *)el->values[i].data); - if ( ! ldb_dn_validate(ac->reqs[i]->op.search.base)) { + dn = ldb_dn_new(ac, ac->module->ldb, + (const char *)el->values[i].data); + if ( ! ldb_dn_validate(dn)) { ac->asq_ret = ASQ_CTRL_INVALID_ATTRIBUTE_SYNTAX; - return asq_terminate(handle); + *terminated = true; + return asq_search_terminate(ac); + } + + ret = ldb_build_search_req_ex(&ac->reqs[i], + ac->module->ldb, ac, + dn, LDB_SCOPE_BASE, + ac->req->op.search.tree, + ac->req_attrs, + ac->req->controls, + ac, asq_reqs_callback, + ac->req); + if (ret != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; } - ac->reqs[i]->op.search.scope = LDB_SCOPE_BASE; - ac->reqs[i]->op.search.tree = ac->base_req->op.search.tree; - ac->reqs[i]->op.search.attrs = ac->req_attrs; - ac->reqs[i]->context = ac; - ac->reqs[i]->callback = asq_reqs_callback; - ldb_set_timeout_from_prev_req(ac->module->ldb, ac->base_req, ac->reqs[i]); + /* remove the ASQ control itself */ + control = ldb_request_get_control(ac->req, LDB_CONTROL_ASQ_OID); + if (!save_controls(control, ac->reqs[i], &saved_controls)) { + return LDB_ERR_OPERATIONS_ERROR; + } } return LDB_SUCCESS; } -static int asq_search_continue(struct ldb_handle *handle) +static int asq_search_continue(struct asq_context *ac) { - struct asq_context *ac; + bool terminated = false; int ret; - - if (!handle || !handle->private_data) { - return LDB_ERR_OPERATIONS_ERROR; - } - - if (handle->state == LDB_ASYNC_DONE) { - return handle->status; - } - - ac = talloc_get_type(handle->private_data, struct asq_context); - if (ac == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } switch (ac->step) { - case ASQ_INIT: - /* check the search is well formed */ - if (ac->orig_req->op.search.scope != LDB_SCOPE_BASE) { - ac->asq_ret = ASQ_CTRL_UNWILLING_TO_PERFORM; - return asq_terminate(handle); - } - - ac->req_attrs = ac->orig_req->op.search.attrs; - ac->req_attribute = talloc_strdup(ac, ac->asq_ctrl->source_attribute); - if (ac->req_attribute == NULL) - return LDB_ERR_OPERATIONS_ERROR; - - /* get the object to retrieve the DNs to search */ - ret = asq_build_first_request(ac); - if (ret != LDB_SUCCESS) { - return ret; - } - - ac->step = ASQ_SEARCH_BASE; - - handle->state = LDB_ASYNC_PENDING; - handle->status = LDB_SUCCESS; - - return ldb_request(ac->module->ldb, ac->base_req); - case ASQ_SEARCH_BASE: - ret = ldb_wait(ac->base_req->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - - if (ac->base_req->handle->status != LDB_SUCCESS) { - handle->status = ac->base_req->handle->status; - goto done; + /* build up the requests call chain */ + ret = asq_build_multiple_requests(ac, &terminated); + if (ret != LDB_SUCCESS || terminated) { + return ret; } - if (ac->base_req->handle->state == LDB_ASYNC_DONE) { + ac->step = ASQ_SEARCH_MULTI; - /* build up the requests call chain */ - ret = asq_build_multiple_requests(ac, handle); - if (ret != LDB_SUCCESS) { - return ret; - } - if (handle->state == LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - - ac->step = ASQ_SEARCH_MULTI; - - return ldb_request(ac->module->ldb, ac->reqs[ac->cur_req]); - } - - /* request still pending, return to cycle again */ - return LDB_SUCCESS; + return ldb_request(ac->module->ldb, ac->reqs[ac->cur_req]); case ASQ_SEARCH_MULTI: - ret = ldb_wait(ac->reqs[ac->cur_req]->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - if (ac->reqs[ac->cur_req]->handle->status != LDB_SUCCESS) { - handle->status = ac->reqs[ac->cur_req]->handle->status; - } - - if (ac->reqs[ac->cur_req]->handle->state == LDB_ASYNC_DONE) { - ac->cur_req++; + ac->cur_req++; - if (ac->cur_req < ac->num_reqs) { - return ldb_request(ac->module->ldb, ac->reqs[ac->cur_req]); - } - - return asq_terminate(handle); + if (ac->cur_req == ac->num_reqs) { + /* done */ + return asq_search_terminate(ac); } - /* request still pending, return to cycle again */ - return LDB_SUCCESS; - - default: - ret = LDB_ERR_OPERATIONS_ERROR; - break; + return ldb_request(ac->module->ldb, ac->reqs[ac->cur_req]); } -done: - handle->state = LDB_ASYNC_DONE; - return ret; + return LDB_ERR_OPERATIONS_ERROR; } static int asq_search(struct ldb_module *module, struct ldb_request *req) { + struct ldb_request *base_req; struct ldb_control *control; struct asq_context *ac; - struct ldb_handle *h; + int ret; /* check if there's a paged request control */ control = ldb_request_get_control(req, LDB_CONTROL_ASQ_OID); @@ -405,67 +343,37 @@ static int asq_search(struct ldb_module *module, struct ldb_request *req) return ldb_next_request(module, req); } - req->handle = NULL; - - if (!req->callback || !req->context) { - ldb_set_errstring(module->ldb, - "Async interface called with NULL callback function or NULL context"); + ac = asq_context_init(module, req); + if (!ac) { return LDB_ERR_OPERATIONS_ERROR; } - h = init_handle(req, module); - if (!h) { - return LDB_ERR_OPERATIONS_ERROR; + /* check the search is well formed */ + if (req->op.search.scope != LDB_SCOPE_BASE) { + ac->asq_ret = ASQ_CTRL_UNWILLING_TO_PERFORM; + return asq_search_terminate(ac); } - ac = talloc_get_type(h->private_data, struct asq_context); ac->asq_ctrl = talloc_get_type(control->data, struct ldb_asq_control); if (!ac->asq_ctrl) { return LDB_ERR_PROTOCOL_ERROR; } - req->handle = h; - - return asq_search_continue(h); -} - -static int asq_wait(struct ldb_handle *handle, enum ldb_wait_type type) -{ - int ret; - - if (!handle || !handle->private_data) { - return LDB_ERR_OPERATIONS_ERROR; + ret = asq_build_first_request(ac, &base_req); + if (ret != LDB_SUCCESS) { + return ret; } - if (type == LDB_WAIT_ALL) { - while (handle->state != LDB_ASYNC_DONE) { - ret = asq_search_continue(handle); - if (ret != LDB_SUCCESS) { - return ret; - } - } - - return handle->status; - } + ac->step = ASQ_SEARCH_BASE; - return asq_search_continue(handle); + return ldb_request(module->ldb, base_req); } static int asq_init(struct ldb_module *module) { - struct ldb_request *req; int ret; - req = talloc_zero(module, struct ldb_request); - if (req == NULL) { - ldb_debug(module->ldb, LDB_DEBUG_ERROR, "asq: Out of memory!\n"); - return LDB_ERR_OPERATIONS_ERROR; - } - - req->operation = LDB_REQ_REGISTER_CONTROL; - req->op.reg_control.oid = LDB_CONTROL_ASQ_OID; - - ret = ldb_request(module->ldb, req); + ret = ldb_mod_register_control(module, LDB_CONTROL_ASQ_OID); if (ret != LDB_SUCCESS) { ldb_debug(module->ldb, LDB_DEBUG_WARNING, "asq: Unable to register control with rootdse!\n"); } @@ -476,6 +384,5 @@ static int asq_init(struct ldb_module *module) const struct ldb_module_ops ldb_asq_module_ops = { .name = "asq", .search = asq_search, - .wait = asq_wait, .init_context = asq_init }; diff --git a/source4/lib/ldb/modules/operational.c b/source4/lib/ldb/modules/operational.c index a59e81becd..abb1d4ca1a 100644 --- a/source4/lib/ldb/modules/operational.c +++ b/source4/lib/ldb/modules/operational.c @@ -2,7 +2,7 @@ ldb database library Copyright (C) Andrew Tridgell 2005 - Copyright (C) Simo Sorce 2006 + Copyright (C) Simo Sorce 2006-2008 ** NOTE! The following LGPL license applies to the ldb ** library. This does NOT imply that all of Samba is released @@ -173,38 +173,53 @@ failed: */ struct operational_context { - struct ldb_module *module; - void *up_context; - int (*up_callback)(struct ldb_context *, void *, struct ldb_reply *); + struct ldb_request *req; const char * const *attrs; }; -static int operational_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +static int operational_callback(struct ldb_request *req, struct ldb_reply *ares) { struct operational_context *ac; + int ret; - if (!context || !ares) { - ldb_set_errstring(ldb, "NULL Context or Result in callback"); - goto error; - } + ac = talloc_get_type(req->context, struct operational_context); - ac = talloc_get_type(context, struct operational_context); + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } - if (ares->type == LDB_REPLY_ENTRY) { + switch (ares->type) { + case LDB_REPLY_ENTRY: /* for each record returned post-process to add any derived attributes that have been asked for */ - if (operational_search_post_process(ac->module, ares->message, ac->attrs) != 0) { - goto error; + ret = operational_search_post_process(ac->module, + ares->message, + ac->attrs); + if (ret != 0) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } - } + return ldb_module_send_entry(ac->req, ares->message); - return ac->up_callback(ldb, ac->up_context, ares); + case LDB_REPLY_REFERRAL: + /* ignore referrals */ + break; + + case LDB_REPLY_DONE: + + return ldb_module_done(ac->req, ares->controls, + ares->response, LDB_SUCCESS); + } -error: talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; + return LDB_SUCCESS; } static int operational_search(struct ldb_module *module, struct ldb_request *req) @@ -212,9 +227,8 @@ static int operational_search(struct ldb_module *module, struct ldb_request *req struct operational_context *ac; struct ldb_request *down_req; const char **search_attrs = NULL; - int i, a, ret; - - req->handle = NULL; + int i, a; + int ret; ac = talloc(req, struct operational_context); if (ac == NULL) { @@ -222,21 +236,10 @@ static int operational_search(struct ldb_module *module, struct ldb_request *req } ac->module = module; - ac->up_context = req->context; - ac->up_callback = req->callback; + ac->req = req; ac->attrs = req->op.search.attrs; - down_req = talloc_zero(req, struct ldb_request); - if (down_req == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - - down_req->operation = req->operation; - down_req->op.search.base = req->op.search.base; - down_req->op.search.scope = req->op.search.scope; - down_req->op.search.tree = req->op.search.tree; - - /* FIXME: I hink we should copy the tree and keep the original + /* FIXME: We must copy the tree and keep the original * unmodified. SSS */ /* replace any attributes in the parse tree that are searchable, but are stored using a different name in the @@ -264,27 +267,26 @@ static int operational_search(struct ldb_module *module, struct ldb_request *req } } } - - /* use new set of attrs if any */ - if (search_attrs) down_req->op.search.attrs = search_attrs; - else down_req->op.search.attrs = req->op.search.attrs; - - down_req->controls = req->controls; - - down_req->context = ac; - down_req->callback = operational_callback; - ldb_set_timeout_from_prev_req(module->ldb, req, down_req); - /* perform the search */ - ret = ldb_next_request(module, down_req); + /* use new set of attrs if any */ + if (search_attrs == NULL) { + search_attrs = req->op.search.attrs; + } - /* do not free down_req as the call results may be linked to it, - * it will be freed when the upper level request get freed */ - if (ret == LDB_SUCCESS) { - req->handle = down_req->handle; + ret = ldb_build_search_req_ex(&down_req, module->ldb, ac, + req->op.search.base, + req->op.search.scope, + req->op.search.tree, + (const char * const *)search_attrs, + req->controls, + ac, operational_callback, + req); + if (ret != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; } - return ret; + /* perform the search */ + return ldb_next_request(module, down_req); } static int operational_init(struct ldb_module *ctx) diff --git a/source4/lib/ldb/modules/paged_results.c b/source4/lib/ldb/modules/paged_results.c index b62b1f92cb..d3bb83bbcd 100644 --- a/source4/lib/ldb/modules/paged_results.c +++ b/source4/lib/ldb/modules/paged_results.c @@ -1,7 +1,7 @@ /* ldb database library - Copyright (C) Simo Sorce 2005-2006 + Copyright (C) Simo Sorce 2005-2008 ** NOTE! The following LGPL license applies to the ldb ** library. This does NOT imply that all of Samba is released @@ -51,9 +51,8 @@ struct results_store { char *cookie; time_t timestamp; - struct results_store *prev; struct results_store *next; - + struct message_store *first; struct message_store *last; int num_entries; @@ -62,8 +61,6 @@ struct results_store { struct message_store *last_ref; struct ldb_control **controls; - - struct ldb_request *req; }; struct private_data { @@ -73,20 +70,25 @@ struct private_data { }; -int store_destructor(struct results_store *store) +int store_destructor(struct results_store *del) { - if (store->prev) { - store->prev->next = store->next; - } - if (store->next) { - store->next->prev = store->prev; + struct private_data *priv = del->priv; + struct results_store *loop; + + if (priv->store == del) { + priv->store = del->next; + return 0; } - if (store == store->priv->store) { - store->priv->store = NULL; + for (loop = priv->store; loop; loop = loop->next) { + if (loop->next == del) { + loop->next = del->next; + return 0; + } } - return 0; + /* is not in list ? */ + return -1; } static struct results_store *new_store(struct private_data *priv) @@ -116,10 +118,7 @@ static struct results_store *new_store(struct private_data *priv) newr->first_ref = NULL; newr->controls = NULL; - /* put this entry as first */ - newr->prev = NULL; newr->next = priv->store; - if (priv->store != NULL) priv->store->prev = newr; priv->store = newr; talloc_set_destructor(newr, store_destructor); @@ -129,101 +128,164 @@ static struct results_store *new_store(struct private_data *priv) struct paged_context { struct ldb_module *module; - void *up_context; - int (*up_callback)(struct ldb_context *, void *, struct ldb_reply *); - - int size; + struct ldb_request *req; struct results_store *store; + int size; + struct ldb_control **controls; }; -static struct ldb_handle *init_handle(void *mem_ctx, struct ldb_module *module, - void *context, - int (*callback)(struct ldb_context *, void *, struct ldb_reply *)) +static int paged_results(struct paged_context *ac) { - struct paged_context *ac; - struct ldb_handle *h; + struct ldb_paged_control *paged; + struct message_store *msg; + int i, num_ctrls, ret; - h = talloc_zero(mem_ctx, struct ldb_handle); - if (h == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); - return NULL; + if (ac->store == NULL) { + return LDB_ERR_OPERATIONS_ERROR; } - h->module = module; + while (ac->store->num_entries > 0 && ac->size > 0) { + msg = ac->store->first; + ret = ldb_module_send_entry(ac->req, msg->r->message); + if (ret != LDB_SUCCESS) { + return ret; + } - ac = talloc_zero(h, struct paged_context); - if (ac == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); - talloc_free(h); - return NULL; + ac->store->first = msg->next; + talloc_free(msg); + ac->store->num_entries--; + ac->size--; } - h->private_data = (void *)ac; + while (ac->store->first_ref != NULL) { + msg = ac->store->first_ref; + ret = ldb_module_send_referral(ac->req, msg->r->referral); + if (ret != LDB_SUCCESS) { + return ret; + } - h->state = LDB_ASYNC_INIT; - h->status = LDB_SUCCESS; + ac->store->first_ref = msg->next; + talloc_free(msg); + } - ac->module = module; - ac->up_context = context; - ac->up_callback = callback; + /* return result done */ + num_ctrls = 1; + i = 0; + + if (ac->store->controls != NULL) { + while (ac->store->controls[i]) i++; /* counting */ + + num_ctrls += i; + } + + ac->controls = talloc_array(ac, struct ldb_control *, num_ctrls +1); + if (ac->controls == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + ac->controls[num_ctrls] = NULL; + + for (i = 0; i < (num_ctrls -1); i++) { + ac->controls[i] = talloc_reference(ac->controls, ac->store->controls[i]); + } + + ac->controls[i] = talloc(ac->controls, struct ldb_control); + if (ac->controls[i] == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } - return h; + ac->controls[i]->oid = talloc_strdup(ac->controls[i], + LDB_CONTROL_PAGED_RESULTS_OID); + if (ac->controls[i]->oid == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + ac->controls[i]->critical = 0; + + paged = talloc(ac->controls[i], struct ldb_paged_control); + if (paged == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + ac->controls[i]->data = paged; + + if (ac->size > 0) { + paged->size = 0; + paged->cookie = NULL; + paged->cookie_len = 0; + } else { + paged->size = ac->store->num_entries; + paged->cookie = talloc_strdup(paged, ac->store->cookie); + paged->cookie_len = strlen(paged->cookie) + 1; + } + + return LDB_SUCCESS; } -static int paged_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +static int paged_search_callback(struct ldb_request *req, struct ldb_reply *ares) { - struct paged_context *ac = NULL; + struct paged_context *ac ; + struct message_store *msg_store; + int ret; - if (!context || !ares) { - ldb_set_errstring(ldb, "NULL Context or Result in callback"); - goto error; + ac = talloc_get_type(req->context, struct paged_context); + + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); } - ac = talloc_get_type(context, struct paged_context); + switch (ares->type) { + case LDB_REPLY_ENTRY: + msg_store = talloc(ac->store, struct message_store); + if (msg_store == NULL) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + msg_store->next = NULL; + msg_store->r = talloc_steal(msg_store, ares); - if (ares->type == LDB_REPLY_ENTRY) { if (ac->store->first == NULL) { - ac->store->first = ac->store->last = talloc(ac->store, struct message_store); + ac->store->first = msg_store; } else { - ac->store->last->next = talloc(ac->store, struct message_store); - ac->store->last = ac->store->last->next; - } - if (ac->store->last == NULL) { - goto error; + ac->store->last->next = msg_store; } + ac->store->last = msg_store; ac->store->num_entries++; - ac->store->last->r = talloc_steal(ac->store->last, ares); - ac->store->last->next = NULL; - } + break; + + case LDB_REPLY_REFERRAL: + msg_store = talloc(ac->store, struct message_store); + if (msg_store == NULL) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + msg_store->next = NULL; + msg_store->r = talloc_steal(msg_store, ares); - if (ares->type == LDB_REPLY_REFERRAL) { if (ac->store->first_ref == NULL) { - ac->store->first_ref = ac->store->last_ref = talloc(ac->store, struct message_store); + ac->store->first_ref = msg_store; } else { - ac->store->last_ref->next = talloc(ac->store, struct message_store); - ac->store->last_ref = ac->store->last_ref->next; - } - if (ac->store->last_ref == NULL) { - goto error; + ac->store->last_ref->next = msg_store; } + ac->store->last_ref = msg_store; - ac->store->last_ref->r = talloc_steal(ac->store->last, ares); - ac->store->last_ref->next = NULL; - } + break; - if (ares->type == LDB_REPLY_DONE) { + case LDB_REPLY_DONE: ac->store->controls = talloc_move(ac->store, &ares->controls); - talloc_free(ares); + ret = paged_results(ac); + return ldb_module_done(ac->req, ac->controls, + ares->response, ret); } return LDB_SUCCESS; - -error: - talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; } static int paged_search(struct ldb_module *module, struct ldb_request *req) @@ -232,8 +294,8 @@ static int paged_search(struct ldb_module *module, struct ldb_request *req) struct private_data *private_data; struct ldb_paged_control *paged_ctrl; struct ldb_control **saved_controls; + struct ldb_request *search_req; struct paged_context *ac; - struct ldb_handle *h; int ret; /* check if there's a paged request control */ @@ -243,65 +305,57 @@ static int paged_search(struct ldb_module *module, struct ldb_request *req) return ldb_next_request(module, req); } - private_data = talloc_get_type(module->private_data, struct private_data); - - req->handle = NULL; - - if (!req->callback || !req->context) { - ldb_set_errstring(module->ldb, - "Async interface called with NULL callback function or NULL context"); - return LDB_ERR_OPERATIONS_ERROR; - } - paged_ctrl = talloc_get_type(control->data, struct ldb_paged_control); if (!paged_ctrl) { return LDB_ERR_PROTOCOL_ERROR; } - h = init_handle(req, module, req->context, req->callback); - if (!h) { + private_data = talloc_get_type(module->private_data, struct private_data); + + ac = talloc_zero(req, struct paged_context); + if (ac == NULL) { + ldb_set_errstring(module->ldb, "Out of Memory"); return LDB_ERR_OPERATIONS_ERROR; } - ac = talloc_get_type(h->private_data, struct paged_context); + ac->module = module; + ac->req = req; ac->size = paged_ctrl->size; /* check if it is a continuation search the store */ if (paged_ctrl->cookie_len == 0) { - - ac->store = new_store(private_data); - if (ac->store == NULL) { - talloc_free(h); - return LDB_ERR_UNWILLING_TO_PERFORM; + if (paged_ctrl->size == 0) { + return LDB_ERR_OPERATIONS_ERROR; } - ac->store->req = talloc(ac->store, struct ldb_request); - if (!ac->store->req) + ac->store = new_store(private_data); + if (ac->store == NULL) { return LDB_ERR_OPERATIONS_ERROR; + } - ac->store->req->operation = req->operation; - ac->store->req->op.search.base = req->op.search.base; - ac->store->req->op.search.scope = req->op.search.scope; - ac->store->req->op.search.tree = req->op.search.tree; - ac->store->req->op.search.attrs = req->op.search.attrs; - ac->store->req->controls = req->controls; + ret = ldb_build_search_req_ex(&search_req, module->ldb, ac, + req->op.search.base, + req->op.search.scope, + req->op.search.tree, + req->op.search.attrs, + req->controls, + ac, + paged_search_callback, + req); /* save it locally and remove it from the list */ /* we do not need to replace them later as we * are keeping the original req intact */ - if (!save_controls(control, ac->store->req, &saved_controls)) { + if (!save_controls(control, search_req, &saved_controls)) { return LDB_ERR_OPERATIONS_ERROR; } - ac->store->req->context = ac; - ac->store->req->callback = paged_search_callback; - ldb_set_timeout_from_prev_req(module->ldb, req, ac->store->req); - - ret = ldb_next_request(module, ac->store->req); + return ldb_next_request(module, search_req); } else { struct results_store *current = NULL; + /* TODO: age out old outstanding requests */ for (current = private_data->store; current; current = current->next) { if (strcmp(current->cookie, paged_ctrl->cookie) == 0) { current->timestamp = time(NULL); @@ -309,249 +363,52 @@ static int paged_search(struct ldb_module *module, struct ldb_request *req) } } if (current == NULL) { - talloc_free(h); return LDB_ERR_UNWILLING_TO_PERFORM; } ac->store = current; - ret = LDB_SUCCESS; - } - - req->handle = h; - - /* check if it is an abandon */ - if (ac->size == 0) { - talloc_free(ac->store); - h->status = LDB_SUCCESS; - h->state = LDB_ASYNC_DONE; - return LDB_SUCCESS; - } - - /* TODO: age out old outstanding requests */ - - return ret; - -} - -static int paged_results(struct ldb_handle *handle) -{ - struct paged_context *ac; - struct ldb_paged_control *paged; - struct ldb_reply *ares; - struct message_store *msg; - int i, num_ctrls, ret; - - ac = talloc_get_type(handle->private_data, struct paged_context); - - if (ac->store == NULL) - return LDB_ERR_OPERATIONS_ERROR; - while (ac->store->num_entries > 0 && ac->size > 0) { - msg = ac->store->first; - ret = ac->up_callback(ac->module->ldb, ac->up_context, msg->r); - if (ret != LDB_SUCCESS) { - handle->status = ret; - handle->state = LDB_ASYNC_DONE; - return ret; + /* check if it is an abandon */ + if (ac->size == 0) { + return ldb_module_done(req, NULL, NULL, + LDB_SUCCESS); } - ac->store->first = msg->next; - talloc_free(msg); - ac->store->num_entries--; - ac->size--; - } - - handle->state = LDB_ASYNC_DONE; - - while (ac->store->first_ref != NULL) { - msg = ac->store->first_ref; - ret = ac->up_callback(ac->module->ldb, ac->up_context, msg->r); + ret = paged_results(ac); if (ret != LDB_SUCCESS) { - handle->status = ret; - handle->state = LDB_ASYNC_DONE; - return ret; + return ldb_module_done(req, NULL, NULL, ret); } - - ac->store->first_ref = msg->next; - talloc_free(msg); - } - - ares = talloc_zero(ac->store, struct ldb_reply); - if (ares == NULL) { - handle->status = LDB_ERR_OPERATIONS_ERROR; - return handle->status; - } - num_ctrls = 2; - i = 0; - - if (ac->store->controls != NULL) { - ares->controls = ac->store->controls; - while (ares->controls[i]) i++; /* counting */ - - ares->controls = talloc_move(ares, &ac->store->controls); - num_ctrls += i; - } - - ares->controls = talloc_realloc(ares, ares->controls, struct ldb_control *, num_ctrls); - if (ares->controls == NULL) { - handle->status = LDB_ERR_OPERATIONS_ERROR; - return handle->status; + return ldb_module_done(req, ac->controls, NULL, + LDB_SUCCESS); } - - ares->controls[i] = talloc(ares->controls, struct ldb_control); - if (ares->controls[i] == NULL) { - handle->status = LDB_ERR_OPERATIONS_ERROR; - return handle->status; - } - - ares->controls[i]->oid = talloc_strdup(ares->controls[i], LDB_CONTROL_PAGED_RESULTS_OID); - if (ares->controls[i]->oid == NULL) { - handle->status = LDB_ERR_OPERATIONS_ERROR; - return handle->status; - } - - ares->controls[i]->critical = 0; - ares->controls[i + 1] = NULL; - - paged = talloc(ares->controls[i], struct ldb_paged_control); - if (paged == NULL) { - handle->status = LDB_ERR_OPERATIONS_ERROR; - return handle->status; - } - - ares->controls[i]->data = paged; - - if (ac->size > 0) { - paged->size = 0; - paged->cookie = NULL; - paged->cookie_len = 0; - } else { - paged->size = ac->store->num_entries; - paged->cookie = talloc_strdup(paged, ac->store->cookie); - paged->cookie_len = strlen(paged->cookie) + 1; - } - - ares->type = LDB_REPLY_DONE; - - ret = ac->up_callback(ac->module->ldb, ac->up_context, ares); - - handle->status = ret; - - return ret; -} - -static int paged_wait_once(struct ldb_handle *handle) { - struct paged_context *ac; - int ret; - - if (!handle || !handle->private_data) { - return LDB_ERR_OPERATIONS_ERROR; - } - - if (handle->state == LDB_ASYNC_DONE) { - return handle->status; - } - - handle->state = LDB_ASYNC_PENDING; - - ac = talloc_get_type(handle->private_data, struct paged_context); - - if (ac->store->req->handle->state == LDB_ASYNC_DONE) { - /* if lower level is finished we do not need to call it anymore */ - /* return all we have until size == 0 or we empty storage */ - ret = paged_results(handle); - - /* we are done, if num_entries is zero free the storage - * as that mean we delivered the last batch */ - if (ac->store->num_entries == 0) { - talloc_free(ac->store); - } - - return ret; - } - - ret = ldb_wait(ac->store->req->handle, LDB_WAIT_NONE); - if (ret != LDB_SUCCESS) { - handle->state = LDB_ASYNC_DONE; - handle->status = ret; - return ret; - } - - handle->status = ret; - - if (ac->store->num_entries >= ac->size || - ac->store->req->handle->state == LDB_ASYNC_DONE) { - - ret = paged_results(handle); - - /* we are done, if num_entries is zero free the storage - * as that mean we delivered the last batch */ - if (ac->store->num_entries == 0) { - talloc_free(ac->store); - } - } - - return ret; -} - -static int paged_wait(struct ldb_handle *handle, enum ldb_wait_type type) -{ - int ret; - - if (!handle || !handle->private_data) { - return LDB_ERR_OPERATIONS_ERROR; - } - - if (type == LDB_WAIT_ALL) { - while (handle->state != LDB_ASYNC_DONE) { - ret = paged_wait_once(handle); - if (ret != LDB_SUCCESS) { - return ret; - } - } - - return handle->status; - } - - return paged_wait_once(handle); } static int paged_request_init(struct ldb_module *module) { struct private_data *data; - struct ldb_request *req; int ret; data = talloc(module, struct private_data); if (data == NULL) { return LDB_ERR_OTHER; } - + data->next_free_id = 1; data->store = NULL; module->private_data = data; - req = talloc(module, struct ldb_request); - if (req == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - - req->operation = LDB_REQ_REGISTER_CONTROL; - req->op.reg_control.oid = LDB_CONTROL_PAGED_RESULTS_OID; - req->controls = NULL; - - ret = ldb_request(module->ldb, req); + ret = ldb_mod_register_control(module, LDB_CONTROL_PAGED_RESULTS_OID); if (ret != LDB_SUCCESS) { - ldb_debug(module->ldb, LDB_DEBUG_WARNING, "paged_request: Unable to register control with rootdse!\n"); + ldb_debug(module->ldb, LDB_DEBUG_WARNING, + "paged_request:" + "Unable to register control with rootdse!\n"); } - talloc_free(req); return ldb_next_init(module); } const struct ldb_module_ops ldb_paged_results_module_ops = { .name = "paged_results", .search = paged_search, - .wait = paged_wait, .init_context = paged_request_init }; diff --git a/source4/lib/ldb/modules/paged_searches.c b/source4/lib/ldb/modules/paged_searches.c index 40e87f70d6..7a728e3bb0 100644 --- a/source4/lib/ldb/modules/paged_searches.c +++ b/source4/lib/ldb/modules/paged_searches.c @@ -1,7 +1,7 @@ /* ldb database library - Copyright (C) Simo Sorce 2005-2006 + Copyright (C) Simo Sorce 2005-2008 ** NOTE! The following LGPL license applies to the ldb ** library. This does NOT imply that all of Samba is released @@ -46,12 +46,7 @@ struct private_data { struct ps_context { struct ldb_module *module; - void *up_context; - int (*up_callback)(struct ldb_context *, void *, struct ldb_reply *); - - struct ldb_request *orig_req; - - struct ldb_request *new_req; + struct ldb_request *req; bool pending; @@ -59,51 +54,13 @@ struct ps_context { int num_referrals; }; -static struct ldb_handle *init_handle(void *mem_ctx, struct ldb_module *module, - void *context, - int (*callback)(struct ldb_context *, void *, struct ldb_reply *)) +static int check_ps_continuation(struct ldb_request *req, struct ldb_reply *ares) { struct ps_context *ac; - struct ldb_handle *h; - - h = talloc_zero(mem_ctx, struct ldb_handle); - if (h == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); - return NULL; - } - - h->module = module; - - ac = talloc_zero(h, struct ps_context); - if (ac == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); - talloc_free(h); - return NULL; - } - - h->private_data = (void *)ac; - - h->state = LDB_ASYNC_INIT; - h->status = LDB_SUCCESS; - - ac->module = module; - ac->up_context = context; - ac->up_callback = callback; - - ac->pending = false; - - - - ac->saved_referrals = NULL; - ac->num_referrals = 0; - - return h; -} - -static int check_ps_continuation(struct ldb_reply *ares, struct ps_context *ac) -{ struct ldb_paged_control *rep_control, *req_control; + ac = talloc_get_type(req->context, struct ps_context); + /* look up our paged control */ if (!ares->controls || strcmp(LDB_CONTROL_PAGED_RESULTS_OID, ares->controls[0]->oid) != 0) { /* something wrong here */ @@ -122,12 +79,12 @@ static int check_ps_continuation(struct ldb_reply *ares, struct ps_context *ac) /* if there's a reply control we must find a request * control matching it */ - if (strcmp(LDB_CONTROL_PAGED_RESULTS_OID, ac->new_req->controls[0]->oid) != 0) { + if (strcmp(LDB_CONTROL_PAGED_RESULTS_OID, req->controls[0]->oid) != 0) { /* something wrong here */ return LDB_ERR_OPERATIONS_ERROR; } - req_control = talloc_get_type(ac->new_req->controls[0]->data, struct ldb_paged_control); + req_control = talloc_get_type(req->controls[0]->data, struct ldb_paged_control); if (req_control->cookie) { talloc_free(req_control->cookie); @@ -142,7 +99,7 @@ static int check_ps_continuation(struct ldb_reply *ares, struct ps_context *ac) return LDB_SUCCESS; } -static int store_referral(char *referral, struct ps_context *ac) +static int store_referral(struct ps_context *ac, char *referral) { ac->saved_referrals = talloc_realloc(ac, ac->saved_referrals, char *, ac->num_referrals + 2); if (!ac->saved_referrals) { @@ -160,13 +117,14 @@ static int store_referral(char *referral, struct ps_context *ac) return LDB_SUCCESS; } -static int send_referrals(struct ldb_context *ldb, struct ps_context *ac) +static int send_referrals(struct ps_context *ac) { struct ldb_reply *ares; + int ret; int i; for (i = 0; i < ac->num_referrals; i++) { - ares = talloc_zero(ac, struct ldb_reply); + ares = talloc_zero(ac->req, struct ldb_reply); if (!ares) { return LDB_ERR_OPERATIONS_ERROR; } @@ -174,69 +132,87 @@ static int send_referrals(struct ldb_context *ldb, struct ps_context *ac) ares->type = LDB_REPLY_REFERRAL; ares->referral = ac->saved_referrals[i]; - ac->up_callback(ldb, ac->up_context, ares); + ret = ldb_module_send_referral(ac->req, ares->referral); + if (ret != LDB_SUCCESS) { + return ret; + } } return LDB_SUCCESS; } -static int ps_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +static int ps_next_request(struct ps_context *ac); + +static int ps_callback(struct ldb_request *req, struct ldb_reply *ares) { - struct ps_context *ac = NULL; - int ret = LDB_ERR_OPERATIONS_ERROR; + struct ps_context *ac; + int ret; - if (!context || !ares) { - ldb_set_errstring(ldb, "NULL Context or Result in callback"); - goto error; - } + ac = talloc_get_type(req->context, struct ps_context); - ac = talloc_get_type(context, struct ps_context); + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } switch (ares->type) { case LDB_REPLY_ENTRY: - ac->up_callback(ldb, ac->up_context, ares); + ret = ldb_module_send_entry(ac->req, ares->message); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } break; case LDB_REPLY_REFERRAL: - ret = store_referral(ares->referral, ac); + ret = store_referral(ac, ares->referral); if (ret != LDB_SUCCESS) { - goto error; + return ldb_module_done(ac->req, NULL, NULL, ret); } break; case LDB_REPLY_DONE: - ret = check_ps_continuation(ares, ac); + + ret = check_ps_continuation(req, ares); if (ret != LDB_SUCCESS) { - goto error; + return ldb_module_done(ac->req, NULL, NULL, ret); } - if (!ac->pending) { + + if (ac->pending) { + + ret = ps_next_request(ac); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, + NULL, NULL, ret); + } + + } else { + /* send referrals */ - ret = send_referrals(ldb, ac); + ret = send_referrals(ac); if (ret != LDB_SUCCESS) { - goto error; + return ldb_module_done(ac->req, + NULL, NULL, ret); } /* send REPLY_DONE */ - ac->up_callback(ldb, ac->up_context, ares); + return ldb_module_done(ac->req, ares->controls, + ares->response, LDB_SUCCESS); } break; - default: - goto error; } - return LDB_SUCCESS; - -error: talloc_free(ares); - return ret; + return LDB_SUCCESS; } static int ps_search(struct ldb_module *module, struct ldb_request *req) { struct private_data *private_data; - struct ldb_paged_control *control; struct ps_context *ac; - struct ldb_handle *h; private_data = talloc_get_type(module->private_data, struct private_data); @@ -248,216 +224,151 @@ static int ps_search(struct ldb_module *module, struct ldb_request *req) return ldb_next_request(module, req); } - if (!req->callback || !req->context) { - ldb_set_errstring(module->ldb, - "Async interface called with NULL callback function or NULL context"); - return LDB_ERR_OPERATIONS_ERROR; - } - - h = init_handle(req, module, req->context, req->callback); - if (!h) { + ac = talloc_zero(req, struct ps_context); + if (ac == NULL) { + ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } - ac = talloc_get_type(h->private_data, struct ps_context); - - ac->new_req = talloc(ac, struct ldb_request); - if (!ac->new_req) return LDB_ERR_OPERATIONS_ERROR; - - ac->new_req->controls = talloc_array(ac->new_req, struct ldb_control *, 2); - if (!ac->new_req->controls) return LDB_ERR_OPERATIONS_ERROR; - - ac->new_req->controls[0] = talloc(ac->new_req->controls, struct ldb_control); - if (!ac->new_req->controls[0]) return LDB_ERR_OPERATIONS_ERROR; - - control = talloc(ac->new_req->controls[0], struct ldb_paged_control); - if (!control) return LDB_ERR_OPERATIONS_ERROR; - - control->size = PS_DEFAULT_PAGE_SIZE; - control->cookie = NULL; - control->cookie_len = 0; - - ac->new_req->controls[0]->oid = LDB_CONTROL_PAGED_RESULTS_OID; - ac->new_req->controls[0]->critical = 1; - ac->new_req->controls[0]->data = control; - - ac->new_req->controls[1] = NULL; - ac->new_req->operation = req->operation; - ac->new_req->op.search.base = req->op.search.base; - ac->new_req->op.search.scope = req->op.search.scope; - ac->new_req->op.search.tree = req->op.search.tree; - ac->new_req->op.search.attrs = req->op.search.attrs; - ac->new_req->context = ac; - ac->new_req->callback = ps_callback; - ldb_set_timeout_from_prev_req(module->ldb, req, ac->new_req); - - req->handle = h; + ac->module = module; + ac->req = req; + ac->pending = false; + ac->saved_referrals = NULL; + ac->num_referrals = 0; - return ldb_next_request(module, ac->new_req); + return ps_next_request(ac); } -static int ps_continuation(struct ldb_handle *handle) -{ - struct ps_context *ac; +static int ps_next_request(struct ps_context *ac) { - if (!handle || !handle->private_data) { + struct ldb_paged_control *control; + struct ldb_control **controls; + struct ldb_request *new_req; + int ret; + + controls = talloc_array(ac, struct ldb_control *, 2); + if (!controls) { return LDB_ERR_OPERATIONS_ERROR; } - ac = talloc_get_type(handle->private_data, struct ps_context); - - /* reset the requests handle */ - ac->new_req->handle = NULL; - - return ldb_next_request(handle->module, ac->new_req); -} - -static int ps_wait_once(struct ldb_handle *handle) -{ - struct ps_context *ac; - int ret; - - if (!handle || !handle->private_data) { + controls[0] = talloc(controls, struct ldb_control); + if (!controls[0]) { return LDB_ERR_OPERATIONS_ERROR; } - if (handle->state == LDB_ASYNC_DONE) { - return handle->status; + control = talloc(controls[0], struct ldb_paged_control); + if (!control) { + return LDB_ERR_OPERATIONS_ERROR; } - handle->state = LDB_ASYNC_PENDING; - handle->status = LDB_SUCCESS; - - ac = talloc_get_type(handle->private_data, struct ps_context); - - ret = ldb_wait(ac->new_req->handle, LDB_WAIT_NONE); + control->size = PS_DEFAULT_PAGE_SIZE; + control->cookie = NULL; + control->cookie_len = 0; + controls[0]->oid = LDB_CONTROL_PAGED_RESULTS_OID; + controls[0]->critical = 1; + controls[0]->data = control; + controls[1] = NULL; + + ret = ldb_build_search_req_ex(&new_req, ac->module->ldb, ac, + ac->req->op.search.base, + ac->req->op.search.scope, + ac->req->op.search.tree, + ac->req->op.search.attrs, + controls, + ac, + ps_callback, + ac->req); if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - - if (ac->new_req->handle->status != LDB_SUCCESS) { - handle->status = ac->new_req->handle->status; - goto done; - } - - if (ac->new_req->handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - - /* see if we need to send another request for the next batch */ - if (ac->pending) { - ret = ps_continuation(handle); - if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - - /* continue the search with the next request */ - return LDB_SUCCESS; + return ret; } + talloc_steal(new_req, controls); - ret = LDB_SUCCESS; - -done: - handle->state = LDB_ASYNC_DONE; - return ret; + return ldb_next_request(ac->module, new_req); } -static int ps_wait(struct ldb_handle *handle, enum ldb_wait_type type) +static int check_supported_paged(struct ldb_request *req, + struct ldb_reply *ares) { - int ret; - - if (!handle || !handle->private_data) { - return LDB_ERR_OPERATIONS_ERROR; - } + struct private_data *data; - if (type == LDB_WAIT_ALL) { - while (handle->state != LDB_ASYNC_DONE) { - ret = ps_wait_once(handle); - if (ret != LDB_SUCCESS) { - return ret; - } - } + data = talloc_get_type(req->context, struct private_data); - return handle->status; + if (!ares) { + return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR); } - return ps_wait_once(handle); -} -static int check_supported_paged(struct ldb_context *ldb, void *context, - struct ldb_reply *ares) -{ - struct private_data *data; - data = talloc_get_type(context, - struct private_data); - if (ares->type == LDB_REPLY_ENTRY) { + switch (ares->type) { + case LDB_REPLY_ENTRY: if (ldb_msg_check_string_attribute(ares->message, "supportedControl", LDB_CONTROL_PAGED_RESULTS_OID)) { data->paged_supported = true; } + break; + + case LDB_REPLY_REFERRAL: + /* ignore */ + break; + + case LDB_REPLY_DONE: + return ldb_request_done(req, LDB_SUCCESS); } + + talloc_free(ares); return LDB_SUCCESS; } - static int ps_init(struct ldb_module *module) { static const char *attrs[] = { "supportedControl", NULL }; struct private_data *data; + struct ldb_dn *base; int ret; struct ldb_request *req; data = talloc(module, struct private_data); if (data == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); - return LDB_ERR_OTHER; + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; } module->private_data = data; data->paged_supported = false; - req = talloc(module, struct ldb_request); - if (req == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); + base = ldb_dn_new(module, module->ldb, ""); + if (base == NULL) { + ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } - - req->operation = LDB_SEARCH; - req->op.search.base = ldb_dn_new(req, module->ldb, ""); - req->op.search.scope = LDB_SCOPE_BASE; - - req->op.search.tree = ldb_parse_tree(req, "objectClass=*"); - if (req->op.search.tree == NULL) { - ldb_set_errstring(module->ldb, "Unable to parse search expression"); - talloc_free(req); - return LDB_ERR_OPERATIONS_ERROR; + ret = ldb_build_search_req(&req, module->ldb, module, + base, LDB_SCOPE_BASE, + "(objectClass=*)", + attrs, NULL, + data, check_supported_paged, + NULL); + if (ret != LDB_SUCCESS) { + return ret; } - req->op.search.attrs = attrs; - req->controls = NULL; - req->context = data; - req->callback = check_supported_paged; - ldb_set_timeout(module->ldb, req, 0); /* use default timeout */ - ret = ldb_next_request(module, req); - if (ret == LDB_SUCCESS) { ret = ldb_wait(req->handle, LDB_WAIT_ALL); } - - talloc_free(req); if (ret != LDB_SUCCESS) { return ret; } + talloc_free(base); + talloc_free(req); + return ldb_next_init(module); } _PUBLIC_ const struct ldb_module_ops ldb_paged_searches_module_ops = { .name = "paged_searches", .search = ps_search, - .wait = ps_wait, .init_context = ps_init }; diff --git a/source4/lib/ldb/modules/rdn_name.c b/source4/lib/ldb/modules/rdn_name.c index 65c044c0f4..62b8ce5112 100644 --- a/source4/lib/ldb/modules/rdn_name.c +++ b/source4/lib/ldb/modules/rdn_name.c @@ -2,7 +2,7 @@ ldb database library Copyright (C) Andrew Bartlet 2005 - Copyright (C) Simo Sorce 2006 + Copyright (C) Simo Sorce 2006-2008 ** NOTE! The following LGPL license applies to the ldb ** library. This does NOT imply that all of Samba is released @@ -38,6 +38,14 @@ #include "ldb_includes.h" +struct rename_context { + + struct ldb_module *module; + struct ldb_request *req; + + struct ldb_reply *ares; +}; + static struct ldb_message_element *rdn_name_find_attribute(const struct ldb_message *msg, const char *name) { int i; @@ -51,11 +59,38 @@ static struct ldb_message_element *rdn_name_find_attribute(const struct ldb_mess return NULL; } +static int rdn_name_add_callback(struct ldb_request *req, + struct ldb_reply *ares) +{ + struct rename_context *ac; + + ac = talloc_get_type(req->context, struct rename_context); + + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + + if (ares->type != LDB_REPLY_DONE) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + + return ldb_module_done(ac->req, ares->controls, + ares->response, LDB_SUCCESS); +} + static int rdn_name_add(struct ldb_module *module, struct ldb_request *req) { struct ldb_request *down_req; + struct rename_context *ac; struct ldb_message *msg; struct ldb_message_element *attribute; + const struct ldb_schema_attribute *a; const char *rdn_name; struct ldb_val rdn_val; int i, ret; @@ -67,21 +102,22 @@ static int rdn_name_add(struct ldb_module *module, struct ldb_request *req) return ldb_next_request(module, req); } - down_req = talloc(req, struct ldb_request); - if (down_req == NULL) { + ac = talloc_zero(req, struct rename_context); + if (ac == NULL) { return LDB_ERR_OPERATIONS_ERROR; } - *down_req = *req; + ac->module = module; + ac->req = req; - down_req->op.add.message = msg = ldb_msg_copy_shallow(down_req, req->op.add.message); + msg = ldb_msg_copy_shallow(req, req->op.add.message); if (msg == NULL) { return LDB_ERR_OPERATIONS_ERROR; } rdn_name = ldb_dn_get_rdn_name(msg->dn); if (rdn_name == NULL) { - talloc_free(down_req); + talloc_free(ac); return LDB_ERR_OPERATIONS_ERROR; } @@ -93,7 +129,7 @@ static int rdn_name_add(struct ldb_module *module, struct ldb_request *req) } if (ldb_msg_add_value(msg, "name", &rdn_val, NULL) != 0) { - talloc_free(down_req); + talloc_free(ac); return LDB_ERR_OPERATIONS_ERROR; } @@ -101,14 +137,16 @@ static int rdn_name_add(struct ldb_module *module, struct ldb_request *req) if (!attribute) { if (ldb_msg_add_value(msg, rdn_name, &rdn_val, NULL) != 0) { - talloc_free(down_req); + talloc_free(ac); return LDB_ERR_OPERATIONS_ERROR; } } else { - const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(module->ldb, rdn_name); + a = ldb_schema_attribute_by_name(module->ldb, rdn_name); for (i = 0; i < attribute->num_values; i++) { - if (a->syntax->comparison_fn(module->ldb, msg, &rdn_val, &attribute->values[i]) == 0) { + ret = a->syntax->comparison_fn(module->ldb, msg, + &rdn_val, &attribute->values[i]); + if (ret == 0) { /* overwrite so it matches in case */ attribute->values[i] = rdn_val; break; @@ -118,218 +156,166 @@ static int rdn_name_add(struct ldb_module *module, struct ldb_request *req) ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, "RDN mismatch on %s: %s (%s)", ldb_dn_get_linearized(msg->dn), rdn_name, rdn_val.data); - talloc_free(down_req); + talloc_free(ac); /* Match AD's error here */ return LDB_ERR_INVALID_DN_SYNTAX; } } - /* go on with the call chain */ - ret = ldb_next_request(module, down_req); - - /* do not free down_req as the call results may be linked to it, - * it will be freed when the upper level request get freed */ - if (ret == LDB_SUCCESS) { - req->handle = down_req->handle; + ret = ldb_build_add_req(&down_req, module->ldb, req, + msg, + req->controls, + ac, rdn_name_add_callback, + req); + if (ret != LDB_SUCCESS) { + return ret; } - return ret; -} - -struct rename_context { + talloc_steal(down_req, msg); - enum {RENAME_RENAME, RENAME_MODIFY} step; - struct ldb_request *orig_req; - struct ldb_request *down_req; - struct ldb_request *mod_req; -}; + /* go on with the call chain */ + return ldb_next_request(module, down_req); +} -static int rdn_name_rename(struct ldb_module *module, struct ldb_request *req) +static int rdn_modify_callback(struct ldb_request *req, struct ldb_reply *ares) { - struct ldb_handle *h; struct rename_context *ac; - ldb_debug(module->ldb, LDB_DEBUG_TRACE, "rdn_name_rename\n"); + ac = talloc_get_type(req->context, struct rename_context); - /* do not manipulate our control entries */ - if (ldb_dn_is_special(req->op.rename.newdn)) { - return ldb_next_request(module, req); + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } - - h = talloc_zero(req, struct ldb_handle); - if (h == NULL) { - return LDB_ERR_OPERATIONS_ERROR; + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); } - h->module = module; - - ac = talloc_zero(h, struct rename_context); - if (ac == NULL) { - return LDB_ERR_OPERATIONS_ERROR; + /* the only supported reply right now is a LDB_REPLY_DONE */ + if (ares->type != LDB_REPLY_DONE) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } - h->private_data = (void *)ac; - - h->state = LDB_ASYNC_INIT; - h->status = LDB_SUCCESS; - - ac->orig_req = req; - ac->down_req = talloc(req, struct ldb_request); - if (ac->down_req == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - - *(ac->down_req) = *req; - - ac->step = RENAME_RENAME; - - req->handle = h; - - /* rename first, modify "name" if rename is ok */ - return ldb_next_request(module, ac->down_req); + /* send saved controls eventually */ + return ldb_module_done(ac->req, ac->ares->controls, + ac->ares->response, LDB_SUCCESS); } -static int rdn_name_rename_do_mod(struct ldb_handle *h) { - +static int rdn_rename_callback(struct ldb_request *req, struct ldb_reply *ares) +{ struct rename_context *ac; + struct ldb_request *mod_req; const char *rdn_name; struct ldb_val rdn_val; struct ldb_message *msg; + int ret; - ac = talloc_get_type(h->private_data, struct rename_context); + ac = talloc_get_type(req->context, struct rename_context); - ac->mod_req = talloc_zero(ac, struct ldb_request); + if (!ares) { + goto error; + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } - ac->mod_req->operation = LDB_MODIFY; - ac->mod_req->op.mod.message = msg = ldb_msg_new(ac->mod_req); - if (msg == NULL) { - return LDB_ERR_OPERATIONS_ERROR; + /* the only supported reply right now is a LDB_REPLY_DONE */ + if (ares->type != LDB_REPLY_DONE) { + goto error; } - msg->dn = ldb_dn_copy(msg, ac->orig_req->op.rename.newdn); + /* save reply for caller */ + ac->ares = talloc_steal(ac, ares); + + msg = ldb_msg_new(ac); + if (msg == NULL) { + goto error; + } + msg->dn = ldb_dn_copy(msg, ac->req->op.rename.newdn); if (msg->dn == NULL) { - return LDB_ERR_OPERATIONS_ERROR; + goto error; } - - rdn_name = ldb_dn_get_rdn_name(ac->orig_req->op.rename.newdn); + rdn_name = ldb_dn_get_rdn_name(ac->req->op.rename.newdn); if (rdn_name == NULL) { - return LDB_ERR_OPERATIONS_ERROR; + goto error; } - rdn_val = ldb_val_dup(msg, ldb_dn_get_rdn_val(ac->orig_req->op.rename.newdn)); + rdn_val = ldb_val_dup(msg, ldb_dn_get_rdn_val(ac->req->op.rename.newdn)); if (ldb_msg_add_empty(msg, rdn_name, LDB_FLAG_MOD_REPLACE, NULL) != 0) { - return LDB_ERR_OPERATIONS_ERROR; + goto error; } if (ldb_msg_add_value(msg, rdn_name, &rdn_val, NULL) != 0) { - return LDB_ERR_OPERATIONS_ERROR; + goto error; } if (ldb_msg_add_empty(msg, "name", LDB_FLAG_MOD_REPLACE, NULL) != 0) { - return LDB_ERR_OPERATIONS_ERROR; + goto error; } if (ldb_msg_add_value(msg, "name", &rdn_val, NULL) != 0) { - return LDB_ERR_OPERATIONS_ERROR; + goto error; } - ldb_set_timeout_from_prev_req(h->module->ldb, ac->orig_req, ac->mod_req); - - ac->step = RENAME_MODIFY; + ret = ldb_build_mod_req(&mod_req, ac->module->ldb, + ac, msg, NULL, + ac, rdn_modify_callback, + req); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } + talloc_steal(mod_req, msg); /* do the mod call */ - return ldb_request(h->module->ldb, ac->mod_req); + return ldb_request(ac->module->ldb, mod_req); + +error: + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } -static int rdn_name_wait_once(struct ldb_handle *handle) +static int rdn_name_rename(struct ldb_module *module, struct ldb_request *req) { struct rename_context *ac; + struct ldb_request *down_req; int ret; - - if (!handle || !handle->private_data) { - return LDB_ERR_OPERATIONS_ERROR; - } - - if (handle->state == LDB_ASYNC_DONE) { - return handle->status; - } - handle->state = LDB_ASYNC_PENDING; - handle->status = LDB_SUCCESS; - - ac = talloc_get_type(handle->private_data, struct rename_context); - - switch(ac->step) { - case RENAME_RENAME: - ret = ldb_wait(ac->down_req->handle, LDB_WAIT_NONE); - if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - if (ac->down_req->handle->status != LDB_SUCCESS) { - handle->status = ac->down_req->handle->status; - goto done; - } - - if (ac->down_req->handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - - /* rename operation done */ - return rdn_name_rename_do_mod(handle); - - case RENAME_MODIFY: - ret = ldb_wait(ac->mod_req->handle, LDB_WAIT_NONE); - if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - if (ac->mod_req->handle->status != LDB_SUCCESS) { - handle->status = ac->mod_req->handle->status; - goto done; - } - - if (ac->mod_req->handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - - break; + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "rdn_name_rename\n"); - default: - ret = LDB_ERR_OPERATIONS_ERROR; - goto done; + /* do not manipulate our control entries */ + if (ldb_dn_is_special(req->op.rename.newdn)) { + return ldb_next_request(module, req); } - ret = LDB_SUCCESS; - -done: - handle->state = LDB_ASYNC_DONE; - return ret; -} - -static int rdn_name_wait(struct ldb_handle *handle, enum ldb_wait_type type) -{ - int ret; - - if (!handle || !handle->private_data) { + ac = talloc_zero(req, struct rename_context); + if (ac == NULL) { return LDB_ERR_OPERATIONS_ERROR; } - if (type == LDB_WAIT_ALL) { - while (handle->state != LDB_ASYNC_DONE) { - ret = rdn_name_wait_once(handle); - if (ret != LDB_SUCCESS) { - return ret; - } - } + ac->module = module; + ac->req = req; - return handle->status; + ret = ldb_build_rename_req(&down_req, + module->ldb, + ac, + req->op.rename.olddn, + req->op.rename.newdn, + req->controls, + ac, + rdn_rename_callback, + req); + + if (ret != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; } - return rdn_name_wait_once(handle); + /* rename first, modify "name" if rename is ok */ + return ldb_next_request(module, down_req); } const struct ldb_module_ops ldb_rdn_name_module_ops = { .name = "rdn_name", .add = rdn_name_add, .rename = rdn_name_rename, - .wait = rdn_name_wait }; diff --git a/source4/lib/ldb/modules/sort.c b/source4/lib/ldb/modules/sort.c index 746befa559..64d60f370c 100644 --- a/source4/lib/ldb/modules/sort.c +++ b/source4/lib/ldb/modules/sort.c @@ -1,7 +1,7 @@ /* ldb database library - Copyright (C) Simo Sorce 2005 + Copyright (C) Simo Sorce 2005-2008 ** NOTE! The following LGPL license applies to the ldb ** library. This does NOT imply that all of Samba is released @@ -43,8 +43,6 @@ struct opaque { struct sort_context { struct ldb_module *module; - void *up_context; - int (*up_callback)(struct ldb_context *, void *, struct ldb_reply *); char *attributeName; char *orderingRule; @@ -53,7 +51,6 @@ struct sort_context { struct ldb_request *req; struct ldb_message **msgs; char **referrals; - struct ldb_control **controls; int num_msgs; int num_refs; @@ -61,40 +58,6 @@ struct sort_context { int sort_result; }; -static struct ldb_handle *init_handle(void *mem_ctx, struct ldb_module *module, - void *context, - int (*callback)(struct ldb_context *, void *, struct ldb_reply *)) -{ - struct sort_context *ac; - struct ldb_handle *h; - - h = talloc_zero(mem_ctx, struct ldb_handle); - if (h == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); - return NULL; - } - - h->module = module; - - ac = talloc_zero(h, struct sort_context); - if (ac == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); - talloc_free(h); - return NULL; - } - - h->private_data = (void *)ac; - - h->state = LDB_ASYNC_INIT; - h->status = LDB_SUCCESS; - - ac->module = module; - ac->up_context = context; - ac->up_callback = callback; - - return h; -} - static int build_response(void *mem_ctx, struct ldb_control ***ctrls, int result, const char *desc) { struct ldb_control **controls; @@ -142,7 +105,7 @@ static int sort_compare(struct ldb_message **msg1, struct ldb_message **msg2, vo struct sort_context *ac = talloc_get_type(opaque, struct sort_context); struct ldb_message_element *el1, *el2; - if (ac->sort_result != 0) { + if (!ac || ac->sort_result != 0) { /* an error occurred previously, * let's exit the sorting by returning always 0 */ return 0; @@ -154,7 +117,7 @@ static int sort_compare(struct ldb_message **msg1, struct ldb_message **msg2, vo if (!el1 || !el2) { /* the attribute was not found return and * set an error */ - ac->sort_result = 53; + ac->sort_result = LDB_ERR_UNWILLING_TO_PERFORM; return 0; } @@ -164,51 +127,111 @@ static int sort_compare(struct ldb_message **msg1, struct ldb_message **msg2, vo return ac->a->syntax->comparison_fn(ac->module->ldb, ac, &el1->values[0], &el2->values[0]); } -static int server_sort_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +static int server_sort_results(struct sort_context *ac) { - struct sort_context *ac = NULL; - - if (!context || !ares) { - ldb_set_errstring(ldb, "NULL Context or Result in callback"); - goto error; - } + struct ldb_reply *ares; + int i, ret; + + ac->a = ldb_schema_attribute_by_name(ac->module->ldb, ac->attributeName); + ac->sort_result = 0; + + ldb_qsort(ac->msgs, ac->num_msgs, + sizeof(struct ldb_message *), + ac, (ldb_qsort_cmp_fn_t)sort_compare); + + if (ac->sort_result != LDB_SUCCESS) { + return ac->sort_result; + } + + for (i = 0; i < ac->num_msgs; i++) { + ares = talloc_zero(ac, struct ldb_reply); + if (!ares) { + return LDB_ERR_OPERATIONS_ERROR; + } + + ares->type = LDB_REPLY_ENTRY; + ares->message = talloc_move(ares, &ac->msgs[i]); + + ret = ldb_module_send_entry(ac->req, ares->message); + if (ret != LDB_SUCCESS) { + return ret; + } + } + + for (i = 0; i < ac->num_refs; i++) { + ares = talloc_zero(ac, struct ldb_reply); + if (!ares) { + return LDB_ERR_OPERATIONS_ERROR; + } + + ares->type = LDB_REPLY_REFERRAL; + ares->referral = talloc_move(ares, &ac->referrals[i]); + + ret = ldb_module_send_referral(ac->req, ares->referral); + if (ret != LDB_SUCCESS) { + return ret; + } + } + + return LDB_SUCCESS; +} + +static int server_sort_search_callback(struct ldb_request *req, struct ldb_reply *ares) +{ + struct sort_context *ac; + int ret; - ac = talloc_get_type(context, struct sort_context); + ac = talloc_get_type(req->context, struct sort_context); - if (ares->type == LDB_REPLY_ENTRY) { + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + + switch (ares->type) { + case LDB_REPLY_ENTRY: ac->msgs = talloc_realloc(ac, ac->msgs, struct ldb_message *, ac->num_msgs + 2); if (! ac->msgs) { - goto error; + talloc_free(ares); + ldb_oom(ac->module->ldb); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } - ac->msgs[ac->num_msgs + 1] = NULL; - - ac->msgs[ac->num_msgs] = talloc_move(ac->msgs, &ares->message); + ac->msgs[ac->num_msgs] = talloc_steal(ac->msgs, ares->message); ac->num_msgs++; - } + ac->msgs[ac->num_msgs] = NULL; - if (ares->type == LDB_REPLY_REFERRAL) { + break; + + case LDB_REPLY_REFERRAL: ac->referrals = talloc_realloc(ac, ac->referrals, char *, ac->num_refs + 2); if (! ac->referrals) { - goto error; + talloc_free(ares); + ldb_oom(ac->module->ldb); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } - ac->referrals[ac->num_refs + 1] = NULL; - ac->referrals[ac->num_refs] = talloc_move(ac->referrals, &ares->referral); - + ac->referrals[ac->num_refs] = talloc_steal(ac->referrals, ares->referral); ac->num_refs++; - } + ac->referrals[ac->num_refs] = NULL; - if (ares->type == LDB_REPLY_DONE) { - ac->controls = talloc_move(ac, &ares->controls); + break; + + case LDB_REPLY_DONE: + + ret = server_sort_results(ac); + return ldb_module_done(ac->req, ares->controls, + ares->response, ret); } talloc_free(ares); return LDB_SUCCESS; - -error: - talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; } static int server_sort_search(struct ldb_module *module, struct ldb_request *req) @@ -216,8 +239,9 @@ static int server_sort_search(struct ldb_module *module, struct ldb_request *req struct ldb_control *control; struct ldb_server_sort_control **sort_ctrls; struct ldb_control **saved_controls; + struct ldb_control **controls; + struct ldb_request *down_req; struct sort_context *ac; - struct ldb_handle *h; int ret; /* check if there's a paged request control */ @@ -227,19 +251,14 @@ static int server_sort_search(struct ldb_module *module, struct ldb_request *req return ldb_next_request(module, req); } - req->handle = NULL; - - if (!req->callback || !req->context) { - ldb_set_errstring(module->ldb, - "Async interface called with NULL callback function or NULL context"); - return LDB_ERR_OPERATIONS_ERROR; - } - - h = init_handle(req, module, req->context, req->callback); - if (!h) { + ac = talloc_zero(req, struct sort_context); + if (ac == NULL) { + ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } - ac = talloc_get_type(h->private_data, struct sort_context); + + ac->module = module; + ac->req = req; sort_ctrls = talloc_get_type(control->data, struct ldb_server_sort_control *); if (!sort_ctrls) { @@ -251,26 +270,20 @@ static int server_sort_search(struct ldb_module *module, struct ldb_request *req if (sort_ctrls[1] != NULL) { if (control->critical) { - struct ldb_reply *ares; - - ares = talloc_zero(req, struct ldb_reply); - if (!ares) - return LDB_ERR_OPERATIONS_ERROR; - /* 53 = unwilling to perform */ - ares->type = LDB_REPLY_DONE; - if ((ret = build_response(ares, &ares->controls, 53, "sort control is not complete yet")) != LDB_SUCCESS) { - return ret; + /* callback immediately */ + ret = build_response(req, &controls, + LDB_ERR_UNWILLING_TO_PERFORM, + "sort control is not complete yet"); + if (ret != LDB_SUCCESS) { + return ldb_module_done(req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } - h->status = LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION; - h->state = LDB_ASYNC_DONE; - ret = ac->up_callback(module->ldb, ac->up_context, ares); - - return ret; + return ldb_module_done(req, controls, NULL, ret); } else { /* just pass the call down and don't do any sorting */ - ldb_next_request(module, req); + return ldb_next_request(module, req); } } @@ -278,181 +291,45 @@ static int server_sort_search(struct ldb_module *module, struct ldb_request *req ac->orderingRule = sort_ctrls[0]->orderingRule; ac->reverse = sort_ctrls[0]->reverse; - ac->req = talloc(req, struct ldb_request); - if (!ac->req) + ret = ldb_build_search_req_ex(&down_req, module->ldb, ac, + req->op.search.base, + req->op.search.scope, + req->op.search.tree, + req->op.search.attrs, + req->controls, + ac, + server_sort_search_callback, + req); + if (ret != LDB_SUCCESS) { return LDB_ERR_OPERATIONS_ERROR; - - ac->req->operation = req->operation; - ac->req->op.search.base = req->op.search.base; - ac->req->op.search.scope = req->op.search.scope; - ac->req->op.search.tree = req->op.search.tree; - ac->req->op.search.attrs = req->op.search.attrs; - ac->req->controls = req->controls; + } /* save it locally and remove it from the list */ /* we do not need to replace them later as we * are keeping the original req intact */ - if (!save_controls(control, ac->req, &saved_controls)) { + if (!save_controls(control, down_req, &saved_controls)) { return LDB_ERR_OPERATIONS_ERROR; } - ac->req->context = ac; - ac->req->callback = server_sort_search_callback; - ldb_set_timeout_from_prev_req(module->ldb, req, ac->req); - - req->handle = h; - - return ldb_next_request(module, ac->req); -} - -static int server_sort_results(struct ldb_handle *handle) -{ - struct sort_context *ac; - struct ldb_reply *ares; - int i, ret; - - ac = talloc_get_type(handle->private_data, struct sort_context); - - ac->a = ldb_schema_attribute_by_name(ac->module->ldb, ac->attributeName); - ac->sort_result = 0; - - ldb_qsort(ac->msgs, ac->num_msgs, - sizeof(struct ldb_message *), - ac, (ldb_qsort_cmp_fn_t)sort_compare); - - for (i = 0; i < ac->num_msgs; i++) { - ares = talloc_zero(ac, struct ldb_reply); - if (!ares) { - handle->status = LDB_ERR_OPERATIONS_ERROR; - return handle->status; - } - - ares->type = LDB_REPLY_ENTRY; - ares->message = talloc_move(ares, &ac->msgs[i]); - - handle->status = ac->up_callback(ac->module->ldb, ac->up_context, ares); - if (handle->status != LDB_SUCCESS) { - return handle->status; - } - } - - for (i = 0; i < ac->num_refs; i++) { - ares = talloc_zero(ac, struct ldb_reply); - if (!ares) { - handle->status = LDB_ERR_OPERATIONS_ERROR; - return handle->status; - } - - ares->type = LDB_REPLY_REFERRAL; - ares->referral = talloc_move(ares, &ac->referrals[i]); - - handle->status = ac->up_callback(ac->module->ldb, ac->up_context, ares); - if (handle->status != LDB_SUCCESS) { - return handle->status; - } - } - - ares = talloc_zero(ac, struct ldb_reply); - if (!ares) { - handle->status = LDB_ERR_OPERATIONS_ERROR; - return handle->status; - } - - ares->type = LDB_REPLY_DONE; - ares->controls = talloc_move(ares, &ac->controls); - - handle->status = ac->up_callback(ac->module->ldb, ac->up_context, ares); - if (handle->status != LDB_SUCCESS) { - return handle->status; - } - - if ((ret = build_response(ac, &ac->controls, ac->sort_result, "sort control is not complete yet")) != LDB_SUCCESS) { - return ret; - } - - return LDB_SUCCESS; -} - -static int server_sort_wait_once(struct ldb_handle *handle) -{ - struct sort_context *ac; - int ret; - - if (!handle || !handle->private_data) { - return LDB_ERR_OPERATIONS_ERROR; - } - - ac = talloc_get_type(handle->private_data, struct sort_context); - - ret = ldb_wait(ac->req->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS) { - handle->status = ret; - return ret; - } - - handle->state = ac->req->handle->state; - handle->status = ac->req->handle->status; - - if (handle->status != LDB_SUCCESS) { - return handle->status; - } - - if (handle->state == LDB_ASYNC_DONE) { - ret = server_sort_results(handle); - } - - return ret; -} - -static int server_sort_wait(struct ldb_handle *handle, enum ldb_wait_type type) -{ - int ret; - - if (!handle || !handle->private_data) { - return LDB_ERR_OPERATIONS_ERROR; - } - - if (type == LDB_WAIT_ALL) { - while (handle->state != LDB_ASYNC_DONE) { - ret = server_sort_wait_once(handle); - if (ret != LDB_SUCCESS) { - return ret; - } - } - - return handle->status; - } - - return server_sort_wait_once(handle); + return ldb_next_request(module, down_req); } static int server_sort_init(struct ldb_module *module) { - struct ldb_request *req; int ret; - req = talloc(module, struct ldb_request); - if (req == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - - req->operation = LDB_REQ_REGISTER_CONTROL; - req->op.reg_control.oid = LDB_CONTROL_SERVER_SORT_OID; - req->controls = NULL; - - ret = ldb_request(module->ldb, req); + ret = ldb_mod_register_control(module, LDB_CONTROL_SERVER_SORT_OID); if (ret != LDB_SUCCESS) { - ldb_debug(module->ldb, LDB_DEBUG_WARNING, "server_sort: Unable to register control with rootdse!\n"); + ldb_debug(module->ldb, LDB_DEBUG_WARNING, + "server_sort:" + "Unable to register control with rootdse!\n"); } - talloc_free(req); return ldb_next_init(module); } const struct ldb_module_ops ldb_server_sort_module_ops = { .name = "server_sort", .search = server_sort_search, - .wait = server_sort_wait, .init_context = server_sort_init }; -- cgit From 51baa8deec00244cc0a6e3d29c53932427800610 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 11 Sep 2008 18:36:28 -0400 Subject: LDB ASYNC: samba4 modules --- source4/dsdb/samdb/ldb_modules/anr.c | 176 ++- source4/dsdb/samdb/ldb_modules/extended_dn.c | 143 +- source4/dsdb/samdb/ldb_modules/instancetype.c | 66 +- source4/dsdb/samdb/ldb_modules/kludge_acl.c | 206 +-- source4/dsdb/samdb/ldb_modules/linked_attributes.c | 1315 ++++++++-------- source4/dsdb/samdb/ldb_modules/local_password.c | 1124 ++++++++------ source4/dsdb/samdb/ldb_modules/normalise.c | 150 +- source4/dsdb/samdb/ldb_modules/objectclass.c | 752 ++++----- source4/dsdb/samdb/ldb_modules/objectguid.c | 101 +- source4/dsdb/samdb/ldb_modules/partition.c | 595 +++---- source4/dsdb/samdb/ldb_modules/password_hash.c | 731 ++++----- source4/dsdb/samdb/ldb_modules/proxy.c | 136 +- source4/dsdb/samdb/ldb_modules/ranged_results.c | 165 +- source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 736 ++++----- source4/dsdb/samdb/ldb_modules/rootdse.c | 122 +- source4/dsdb/samdb/ldb_modules/samldb.c | 1633 +++++++++++++------- source4/dsdb/samdb/ldb_modules/schema_fsmo.c | 100 +- source4/dsdb/samdb/ldb_modules/show_deleted.c | 166 +- source4/dsdb/samdb/ldb_modules/simple_ldap_map.c | 53 +- source4/dsdb/samdb/ldb_modules/subtree_delete.c | 232 +-- source4/dsdb/samdb/ldb_modules/subtree_rename.c | 332 ++-- source4/dsdb/samdb/ldb_modules/update_keytab.c | 245 ++- 22 files changed, 4946 insertions(+), 4333 deletions(-) (limited to 'source4') diff --git a/source4/dsdb/samdb/ldb_modules/anr.c b/source4/dsdb/samdb/ldb_modules/anr.c index 4e2c527fe9..028df588d6 100644 --- a/source4/dsdb/samdb/ldb_modules/anr.c +++ b/source4/dsdb/samdb/ldb_modules/anr.c @@ -1,7 +1,8 @@ /* ldb database library - Copyright (C) Amdrew Bartlett 2007 + Copyright (C) Andrew Bartlett 2007 + Copyright (C) Simo Sorce 2008 Copyright (C) Andrew Tridgell 2004 This program is free software; you can redistribute it and/or modify @@ -99,6 +100,7 @@ struct ldb_parse_tree *make_match_tree(struct ldb_module *module, struct anr_context { bool found_anr; struct ldb_module *module; + struct ldb_request *req; }; /** @@ -106,39 +108,35 @@ struct anr_context { * parse tree with an 'or' of all the anr attributes in the schema. */ -typedef struct ldb_parse_tree *(*anr_parse_tree_callback_t)(TALLOC_CTX *mem_ctx, - const struct ldb_val *match, - void *context); - - /** - * Callback function to do the heavy lifting for the for the parse tree walker + * Callback function to do the heavy lifting for the parse tree walker */ -struct ldb_parse_tree *anr_replace_callback(TALLOC_CTX *mem_ctx, - const struct ldb_val *match, - void *context) +static int anr_replace_value(struct anr_context *ac, + TALLOC_CTX *mem_ctx, + const struct ldb_val *match, + struct ldb_parse_tree **ntree) { struct ldb_parse_tree *tree = NULL; - struct anr_context *anr_context = talloc_get_type(context, struct anr_context); - struct ldb_module *module = anr_context->module; + struct ldb_module *module = ac->module; struct ldb_parse_tree *match_tree; - uint8_t *p; - enum ldb_parse_op op; struct dsdb_attribute *cur; const struct dsdb_schema *schema = dsdb_get_schema(module->ldb); + uint8_t *p; + enum ldb_parse_op op; + if (!schema) { ldb_asprintf_errstring(module->ldb, "no schema with which to construct anr filter"); - return NULL; + return LDB_ERR_OPERATIONS_ERROR; } - anr_context->found_anr = true; + ac->found_anr = true; if (match->length > 1 && match->data[0] == '=') { - DATA_BLOB *match2 = talloc(tree, DATA_BLOB); + DATA_BLOB *match2 = talloc(mem_ctx, DATA_BLOB); *match2 = data_blob_const(match->data+1, match->length - 1); if (match2 == NULL){ ldb_oom(module->ldb); - return NULL; + return LDB_ERR_OPERATIONS_ERROR; } match = match2; op = LDB_OP_EQUALITY; @@ -154,7 +152,7 @@ struct ldb_parse_tree *anr_replace_callback(TALLOC_CTX *mem_ctx, tree = make_parse_list(module, mem_ctx, LDB_OP_OR, tree, match_tree); if (tree == NULL) { ldb_oom(module->ldb); - return NULL; + return LDB_ERR_OPERATIONS_ERROR; } } else { tree = match_tree; @@ -173,7 +171,7 @@ struct ldb_parse_tree *anr_replace_callback(TALLOC_CTX *mem_ctx, DATA_BLOB *second_match = talloc(tree, DATA_BLOB); if (!first_match || !second_match) { ldb_oom(module->ldb); - return NULL; + return LDB_ERR_OPERATIONS_ERROR; } *first_match = data_blob_const(match->data, p-match->data); *second_match = data_blob_const(p+1, match->length - (p-match->data) - 1); @@ -183,26 +181,26 @@ struct ldb_parse_tree *anr_replace_callback(TALLOC_CTX *mem_ctx, match_tree_1 = make_match_tree(module, mem_ctx, op, "givenName", first_match); match_tree_2 = make_match_tree(module, mem_ctx, op, "sn", second_match); - first_split_filter = make_parse_list(module, context, LDB_OP_AND, match_tree_1, match_tree_2); + first_split_filter = make_parse_list(module, ac, LDB_OP_AND, match_tree_1, match_tree_2); if (first_split_filter == NULL){ ldb_oom(module->ldb); - return NULL; + return LDB_ERR_OPERATIONS_ERROR; } match_tree_1 = make_match_tree(module, mem_ctx, op, "sn", first_match); match_tree_2 = make_match_tree(module, mem_ctx, op, "givenName", second_match); - second_split_filter = make_parse_list(module, context, LDB_OP_AND, match_tree_1, match_tree_2); + second_split_filter = make_parse_list(module, ac, LDB_OP_AND, match_tree_1, match_tree_2); if (second_split_filter == NULL){ ldb_oom(module->ldb); - return NULL; + return LDB_ERR_OPERATIONS_ERROR; } split_filters = make_parse_list(module, mem_ctx, LDB_OP_OR, first_split_filter, second_split_filter); if (split_filters == NULL) { ldb_oom(module->ldb); - return NULL; + return LDB_ERR_OPERATIONS_ERROR; } if (tree) { @@ -212,38 +210,46 @@ struct ldb_parse_tree *anr_replace_callback(TALLOC_CTX *mem_ctx, tree = split_filters; } } - return tree; + *ntree = tree; + return LDB_SUCCESS; } /* replace any occurances of an attribute with a new, generated attribute tree */ -struct ldb_parse_tree *anr_replace_subtrees(struct ldb_parse_tree *tree, - const char *attr, - anr_parse_tree_callback_t callback, - void *context) +static int anr_replace_subtrees(struct anr_context *ac, + struct ldb_parse_tree *tree, + const char *attr, + struct ldb_parse_tree **ntree) { + int ret; int i; - struct ldb_parse_tree *tmp; switch (tree->operation) { case LDB_OP_AND: case LDB_OP_OR: for (i=0;iu.list.num_elements;i++) { - tmp = anr_replace_subtrees(tree->u.list.elements[i], - attr, callback, context); - if (tmp) tree->u.list.elements[i] = tmp; + ret = anr_replace_subtrees(ac, tree->u.list.elements[i], + attr, &tree->u.list.elements[i]); + if (ret != LDB_SUCCESS) { + return ret; + } + *ntree = tree; } break; case LDB_OP_NOT: - tmp = anr_replace_subtrees(tree->u.isnot.child, attr, callback, context); - if (tmp) tree->u.isnot.child = tmp; + ret = anr_replace_subtrees(ac, tree->u.isnot.child, attr, &tree->u.isnot.child); + if (ret != LDB_SUCCESS) { + return ret; + } + *ntree = tree; break; case LDB_OP_EQUALITY: if (ldb_attr_cmp(tree->u.equality.attr, attr) == 0) { - tmp = callback(tree, &tree->u.equality.value, - context); - if (tmp) tree = tmp; + ret = anr_replace_value(ac, tree, &tree->u.equality.value, ntree); + if (ret != LDB_SUCCESS) { + return ret; + } } break; case LDB_OP_SUBSTRING: @@ -252,53 +258,97 @@ struct ldb_parse_tree *anr_replace_subtrees(struct ldb_parse_tree *tree, tree->u.substring.end_with_wildcard == 1 && tree->u.substring.chunks[0] != NULL && tree->u.substring.chunks[1] == NULL) { - tmp = callback(tree, tree->u.substring.chunks[0], context); - if (tmp) tree = tmp; + ret = anr_replace_value(ac, tree, tree->u.substring.chunks[0], ntree); + if (ret != LDB_SUCCESS) { + return ret; + } } } break; + default: + break; + } + + return LDB_SUCCESS; +} + +static int anr_search_callback(struct ldb_request *req, struct ldb_reply *ares) +{ + struct anr_context *ac; + + ac = talloc_get_type(req->context, struct anr_context); + + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + + switch (ares->type) { + case LDB_REPLY_ENTRY: + return ldb_module_send_entry(ac->req, ares->message); + + case LDB_REPLY_REFERRAL: + return ldb_module_send_referral(ac->req, ares->referral); + + case LDB_REPLY_DONE: + return ldb_module_done(ac->req, ares->controls, + ares->response, LDB_SUCCESS); + } - return tree; + return LDB_SUCCESS; } /* search */ static int anr_search(struct ldb_module *module, struct ldb_request *req) { struct ldb_parse_tree *anr_tree; - struct anr_context *context = talloc(req, struct anr_context); - if (!context) { + struct ldb_request *down_req; + struct anr_context *ac; + int ret; + + ac = talloc(req, struct anr_context); + if (!ac) { ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } - context->module = module; - context->found_anr = false; + ac->module = module; + ac->req = req; + ac->found_anr = false; #if 0 printf("oldanr : %s\n", ldb_filter_from_tree (0, req->op.search.tree)); #endif - /* Yes, this is a problem with req->op.search.tree being const... */ - anr_tree = anr_replace_subtrees(req->op.search.tree, "anr", anr_replace_callback, context); - if (!anr_tree) { - talloc_free(context); + ret = anr_replace_subtrees(ac, req->op.search.tree, "anr", &anr_tree); + if (ret != LDB_SUCCESS) { return LDB_ERR_OPERATIONS_ERROR; } - if (context->found_anr) { - /* The above function modifies the tree if it finds "anr", so no - * point just setting this on the down_req */ -#if 0 - printf("newtree: %s\n", ldb_filter_from_tree (0, anr_tree)); -#endif - req->op.search.tree = talloc_steal(req, anr_tree); - } else { - if (anr_tree != req->op.search.tree) { - talloc_free(anr_tree); - } - talloc_free(context); + if (!ac->found_anr) { + talloc_free(ac); + return ldb_next_request(module, req); } - return ldb_next_request(module, req); + + ret = ldb_build_search_req_ex(&down_req, + module->ldb, ac, + req->op.search.base, + req->op.search.scope, + anr_tree, + req->op.search.attrs, + req->controls, + ac, anr_search_callback, + req); + if (ret != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; + } + talloc_steal(down_req, anr_tree); + + return ldb_next_request(module, down_req); } _PUBLIC_ const struct ldb_module_ops ldb_anr_module_ops = { diff --git a/source4/dsdb/samdb/ldb_modules/extended_dn.c b/source4/dsdb/samdb/ldb_modules/extended_dn.c index 84bf5e4843..e40190e86f 100644 --- a/source4/dsdb/samdb/ldb_modules/extended_dn.c +++ b/source4/dsdb/samdb/ldb_modules/extended_dn.c @@ -1,7 +1,7 @@ /* ldb database library - Copyright (C) Simo Sorce 2005 + Copyright (C) Simo Sorce 2005-2008 ** NOTE! The following LGPL license applies to the ldb ** library. This does NOT imply that all of Samba is released @@ -95,7 +95,7 @@ static bool add_attrs(void *mem_ctx, char ***attrs, const char *attr) return true; } -static bool inject_extended_dn(struct ldb_message *msg, +static int inject_extended_dn(struct ldb_message *msg, struct ldb_context *ldb, int type, bool remove_guid, @@ -113,8 +113,9 @@ static bool inject_extended_dn(struct ldb_message *msg, guid_blob = ldb_msg_find_ldb_val(msg, "objectGUID"); sid_blob = ldb_msg_find_ldb_val(msg, "objectSID"); - if (!guid_blob) - return false; + if (!guid_blob) { + return LDB_ERR_OPERATIONS_ERROR; + } switch (type) { case 0: @@ -123,7 +124,7 @@ static bool inject_extended_dn(struct ldb_message *msg, const char *lower_guid_hex = strlower_talloc(msg, data_blob_hex_string(msg, guid_blob)); const char *lower_sid_hex = strlower_talloc(msg, data_blob_hex_string(msg, sid_blob)); if (!lower_guid_hex || !lower_sid_hex) { - return false; + return LDB_ERR_OPERATIONS_ERROR; } new_dn = talloc_asprintf(msg, ";;%s", lower_guid_hex, @@ -132,7 +133,7 @@ static bool inject_extended_dn(struct ldb_message *msg, } else { const char *lower_guid_hex = strlower_talloc(msg, data_blob_hex_string(msg, guid_blob)); if (!lower_guid_hex) { - return false; + return LDB_ERR_OPERATIONS_ERROR; } new_dn = talloc_asprintf(msg, ";%s", lower_guid_hex, @@ -151,8 +152,8 @@ static bool inject_extended_dn(struct ldb_message *msg, if (sid) { object_sid = dom_sid_string(msg, sid); if (!object_sid) - return false; - + return LDB_ERR_OPERATIONS_ERROR; + } /* Normal, sane format */ @@ -167,11 +168,11 @@ static bool inject_extended_dn(struct ldb_message *msg, } break; default: - return false; + return LDB_ERR_OPERATIONS_ERROR; } if (!new_dn) { - return false; + return LDB_ERR_OPERATIONS_ERROR; } if (remove_guid) { @@ -184,52 +185,70 @@ static bool inject_extended_dn(struct ldb_message *msg, msg->dn = ldb_dn_new(msg, ldb, new_dn); if (! ldb_dn_validate(msg->dn)) - return false; + return LDB_ERR_OPERATIONS_ERROR; val = ldb_msg_find_ldb_val(msg, "distinguishedName"); if (val) { ldb_msg_remove_attr(msg, "distinguishedName"); if (ldb_msg_add_steal_string(msg, "distinguishedName", new_dn)) - return false; + return LDB_ERR_OPERATIONS_ERROR; } - return true; + return LDB_SUCCESS; } /* search */ struct extended_context { struct ldb_module *module; - void *up_context; - int (*up_callback)(struct ldb_context *, void *, struct ldb_reply *); + struct ldb_request *req; - const char * const *attrs; bool remove_guid; bool remove_sid; int extended_type; }; -static int extended_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +static int extended_callback(struct ldb_request *req, struct ldb_reply *ares) { struct extended_context *ac; + int ret; - ac = talloc_get_type(context, struct extended_context); + ac = talloc_get_type(req->context, struct extended_context); - if (ares->type == LDB_REPLY_ENTRY) { + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + + switch (ares->type) { + case LDB_REPLY_ENTRY: /* for each record returned post-process to add any derived attributes that have been asked for */ - if (!inject_extended_dn(ares->message, ldb, ac->extended_type, ac->remove_guid, ac->remove_sid)) { - goto error; + ret = inject_extended_dn(ares->message, ac->module->ldb, + ac->extended_type, ac->remove_guid, + ac->remove_sid); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); } - } - return ac->up_callback(ldb, ac->up_context, ares); + return ldb_module_send_entry(ac->req, ares->message); -error: - talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; + case LDB_REPLY_REFERRAL: + return ldb_module_send_referral(ac->req, ares->referral); + + case LDB_REPLY_DONE: + return ldb_module_done(ac->req, ares->controls, + ares->response, LDB_SUCCESS); + + } + return LDB_SUCCESS; } + static int extended_search(struct ldb_module *module, struct ldb_request *req) { struct ldb_control *control; @@ -237,6 +256,7 @@ static int extended_search(struct ldb_module *module, struct ldb_request *req) struct ldb_control **saved_controls; struct extended_context *ac; struct ldb_request *down_req; + const char * const *cast_attrs = NULL; char **new_attrs; int ret; @@ -261,9 +281,7 @@ static int extended_search(struct ldb_module *module, struct ldb_request *req) } ac->module = module; - ac->up_context = req->context; - ac->up_callback = req->callback; - ac->attrs = req->op.search.attrs; + ac->req = req; ac->remove_guid = false; ac->remove_sid = false; if (extended_ctrl) { @@ -272,17 +290,6 @@ static int extended_search(struct ldb_module *module, struct ldb_request *req) ac->extended_type = 0; } - down_req = talloc_zero(req, struct ldb_request); - if (down_req == NULL) { - ldb_oom(module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - - down_req->operation = req->operation; - down_req->op.search.base = req->op.search.base; - down_req->op.search.scope = req->op.search.scope; - down_req->op.search.tree = req->op.search.tree; - /* check if attrs only is specified, in that case check wether we need to modify them */ if (req->op.search.attrs) { if (! is_attr_in_list(req->op.search.attrs, "objectGUID")) { @@ -292,26 +299,38 @@ static int extended_search(struct ldb_module *module, struct ldb_request *req) ac->remove_sid = true; } if (ac->remove_guid || ac->remove_sid) { - new_attrs = copy_attrs(down_req, req->op.search.attrs); + new_attrs = copy_attrs(ac, req->op.search.attrs); if (new_attrs == NULL) { ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } if (ac->remove_guid) { - if (!add_attrs(down_req, &new_attrs, "objectGUID")) + if (!add_attrs(ac, &new_attrs, "objectGUID")) return LDB_ERR_OPERATIONS_ERROR; } if (ac->remove_sid) { - if (!add_attrs(down_req, &new_attrs, "objectSID")) + if (!add_attrs(ac, &new_attrs, "objectSID")) return LDB_ERR_OPERATIONS_ERROR; } - - down_req->op.search.attrs = (const char * const *)new_attrs; + cast_attrs = (const char * const *)new_attrs; + } else { + cast_attrs = req->op.search.attrs; } } - down_req->controls = req->controls; + ret = ldb_build_search_req_ex(&down_req, + module->ldb, ac, + req->op.search.base, + req->op.search.scope, + req->op.search.tree, + cast_attrs, + req->controls, + ac, extended_callback, + req); + if (ret != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; + } /* save it locally and remove it from the list */ /* we do not need to replace them later as we @@ -320,45 +339,21 @@ static int extended_search(struct ldb_module *module, struct ldb_request *req) return LDB_ERR_OPERATIONS_ERROR; } - down_req->context = ac; - down_req->callback = extended_callback; - ldb_set_timeout_from_prev_req(module->ldb, req, down_req); - /* perform the search */ - ret = ldb_next_request(module, down_req); - - /* do not free down_req as the call results may be linked to it, - * it will be freed when the upper level request get freed */ - if (ret == LDB_SUCCESS) { - req->handle = down_req->handle; - } - - return ret; + return ldb_next_request(module, down_req); } static int extended_init(struct ldb_module *module) { - struct ldb_request *req; int ret; - req = talloc(module, struct ldb_request); - if (req == NULL) { - ldb_oom(module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - - req->operation = LDB_REQ_REGISTER_CONTROL; - req->op.reg_control.oid = LDB_CONTROL_EXTENDED_DN_OID; - req->controls = NULL; - - ret = ldb_request(module->ldb, req); + ret = ldb_mod_register_control(module, LDB_CONTROL_EXTENDED_DN_OID); if (ret != LDB_SUCCESS) { - ldb_debug(module->ldb, LDB_DEBUG_ERROR, "extended_dn: Unable to register control with rootdse!\n"); - talloc_free(req); + ldb_debug(module->ldb, LDB_DEBUG_ERROR, + "extended_dn: Unable to register control with rootdse!\n"); return LDB_ERR_OPERATIONS_ERROR; } - talloc_free(req); return ldb_next_init(module); } diff --git a/source4/dsdb/samdb/ldb_modules/instancetype.c b/source4/dsdb/samdb/ldb_modules/instancetype.c index fd5aa5e18a..492ef1c92b 100644 --- a/source4/dsdb/samdb/ldb_modules/instancetype.c +++ b/source4/dsdb/samdb/ldb_modules/instancetype.c @@ -1,7 +1,7 @@ /* ldb database library - Copyright (C) Simo Sorce 2004-2006 + Copyright (C) Simo Sorce 2004-2008 Copyright (C) Andrew Bartlett 2005 Copyright (C) Andrew Tridgell 2005 Copyright (C) Stefan Metzmacher 2007 @@ -41,11 +41,43 @@ #include "dsdb/samdb/samdb.h" #include "dsdb/common/flags.h" +struct it_context { + struct ldb_module *module; + struct ldb_request *req; +}; + +static int it_callback(struct ldb_request *req, struct ldb_reply *ares) +{ + struct it_context *ac; + + ac = talloc_get_type(req->context, struct it_context); + + + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + + if (ares->type != LDB_REPLY_DONE) { + ldb_set_errstring(req->handle->ldb, "Invalid reply type!"); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); +} + /* add_record: add instancetype attribute */ static int instancetype_add(struct ldb_module *module, struct ldb_request *req) { struct ldb_request *down_req; struct ldb_message *msg; + struct it_context *ac; uint32_t instance_type; int ret; const struct ldb_control *partition_ctrl; @@ -70,18 +102,16 @@ static int instancetype_add(struct ldb_module *module, struct ldb_request *req) struct dsdb_control_current_partition); SMB_ASSERT(partition && partition->version == DSDB_CONTROL_CURRENT_PARTITION_VERSION); - down_req = talloc(req, struct ldb_request); - if (down_req == NULL) { - ldb_oom(module->ldb); + ac = talloc(req, struct it_context); + if (ac == NULL) { return LDB_ERR_OPERATIONS_ERROR; } - - *down_req = *req; + ac->module = module; + ac->req = req; /* we have to copy the message as the caller might have it as a const */ - down_req->op.add.message = msg = ldb_msg_copy_shallow(down_req, req->op.add.message); + msg = ldb_msg_copy_shallow(ac, req->op.add.message); if (msg == NULL) { - talloc_free(down_req); ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } @@ -99,23 +129,21 @@ static int instancetype_add(struct ldb_module *module, struct ldb_request *req) ret = ldb_msg_add_fmt(msg, "instanceType", "%u", instance_type); if (ret != LDB_SUCCESS) { - talloc_free(down_req); ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } - ldb_set_timeout_from_prev_req(module->ldb, req, down_req); - - /* go on with the call chain */ - ret = ldb_next_request(module, down_req); - - /* do not free down_req as the call results may be linked to it, - * it will be freed when the upper level request get freed */ - if (ret == LDB_SUCCESS) { - req->handle = down_req->handle; + ret = ldb_build_add_req(&down_req, module->ldb, ac, + msg, + req->controls, + ac, it_callback, + req); + if (ret != LDB_SUCCESS) { + return ret; } - return ret; + /* go on with the call chain */ + return ldb_next_request(module, down_req); } _PUBLIC_ const struct ldb_module_ops ldb_instancetype_module_ops = { diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index 6836f95873..24527c36c9 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -2,7 +2,7 @@ ldb database library Copyright (C) Andrew Bartlett 2005 - Copyright (C) Simo Sorce 2006 + Copyright (C) Simo Sorce 2006-2008 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -74,15 +74,14 @@ static const char *user_name(TALLOC_CTX *mem_ctx, struct ldb_module *module) struct kludge_acl_context { struct ldb_module *module; - void *up_context; - int (*up_callback)(struct ldb_context *, void *, struct ldb_reply *); + struct ldb_request *req; enum security_user_level user_type; bool allowedAttributes; bool allowedAttributesEffective; bool allowedChildClasses; bool allowedChildClassesEffective; - const char **attrs; + const char * const *attrs; }; /* read all objectClasses */ @@ -191,6 +190,7 @@ static int kludge_acl_childClasses(struct ldb_context *ldb, struct ldb_message * (comparison_fn_t)data_blob_cmp); for (i=1 ; i < allowedClasses->num_values; i++) { + struct ldb_val *val1 = &allowedClasses->values[i-1]; struct ldb_val *val2 = &allowedClasses->values[i]; if (data_blob_cmp(val1, val2) == 0) { @@ -207,80 +207,111 @@ static int kludge_acl_childClasses(struct ldb_context *ldb, struct ldb_message * /* find all attributes allowed by all these objectClasses */ -static int kludge_acl_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +static int kludge_acl_callback(struct ldb_request *req, struct ldb_reply *ares) { struct kludge_acl_context *ac; struct kludge_private_data *data; int i, ret; - ac = talloc_get_type(context, struct kludge_acl_context); + ac = talloc_get_type(req->context, struct kludge_acl_context); data = talloc_get_type(ac->module->private_data, struct kludge_private_data); - if (ares->type != LDB_REPLY_ENTRY) { - return ac->up_callback(ldb, ac->up_context, ares); + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); } - if (ac->allowedAttributes) { - ret = kludge_acl_allowedAttributes(ldb, ares->message, "allowedAttributes"); - if (ret != LDB_SUCCESS) { - return ret; - + switch (ares->type) { + case LDB_REPLY_ENTRY: + if (ac->allowedAttributes) { + ret = kludge_acl_allowedAttributes(ac->module->ldb, + ares->message, + "allowedAttributes"); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } } - } - if (ac->allowedChildClasses) { - ret = kludge_acl_childClasses(ldb, ares->message, "allowedChildClasses"); - if (ret != LDB_SUCCESS) { - return ret; + if (ac->allowedChildClasses) { + ret = kludge_acl_childClasses(ac->module->ldb, + ares->message, + "allowedChildClasses"); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } } - } - if (data && data->password_attrs) /* if we are not initialized just get through */ - { - switch (ac->user_type) { - case SECURITY_SYSTEM: - if (ac->allowedAttributesEffective) { - ret = kludge_acl_allowedAttributes(ldb, ares->message, "allowedAttributesEffective"); - if (ret != LDB_SUCCESS) { - return ret; + if (data && data->password_attrs) /* if we are not initialized just get through */ + { + switch (ac->user_type) { + case SECURITY_SYSTEM: + if (ac->allowedAttributesEffective) { + ret = kludge_acl_allowedAttributes(ac->module->ldb, ares->message, + "allowedClassesAttributesEffective"); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } } - } - if (ac->allowedChildClassesEffective) { - ret = kludge_acl_childClasses(ldb, ares->message, "allowedChildClassesEffective"); - if (ret != LDB_SUCCESS) { - return ret; + if (ac->allowedChildClassesEffective) { + ret = kludge_acl_childClasses(ac->module->ldb, ares->message, + "allowedClassesChildClassesEffective"); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } } - } - break; - case SECURITY_ADMINISTRATOR: - if (ac->allowedAttributesEffective) { - ret = kludge_acl_allowedAttributes(ldb, ares->message, "allowedAttributesEffective"); - if (ret != LDB_SUCCESS) { - return ret; + break; + + case SECURITY_ADMINISTRATOR: + if (ac->allowedAttributesEffective) { + ret = kludge_acl_allowedAttributes(ac->module->ldb, ares->message, + "allowedClassesAttributesEffective"); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } } - } - if (ac->allowedChildClassesEffective) { - ret = kludge_acl_childClasses(ldb, ares->message, "allowedChildClassesEffective"); - if (ret != LDB_SUCCESS) { - return ret; + if (ac->allowedChildClassesEffective) { + ret = kludge_acl_childClasses(ac->module->ldb, ares->message, + "allowedClassesChildClassesEffective"); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } + } + /* fall through */ + default: + /* remove password attributes */ + for (i = 0; data->password_attrs[i]; i++) { + ldb_msg_remove_attr(ares->message, data->password_attrs[i]); } } - /* fall though */ - default: - /* remove password attributes */ - for (i = 0; data->password_attrs[i]; i++) { - ldb_msg_remove_attr(ares->message, data->password_attrs[i]); + } + + if (ac->allowedAttributes || + ac->allowedAttributesEffective || + ac->allowedChildClasses || + ac->allowedChildClassesEffective) { + + if (!ldb_attr_in_list(ac->attrs, "objectClass") && + !ldb_attr_in_list(ac->attrs, "*")) { + + ldb_msg_remove_attr(ares->message, + "objectClass"); } } - } - if ((ac->allowedAttributes || ac->allowedAttributesEffective - || ac->allowedChildClasses || ac->allowedChildClassesEffective) && - (!ldb_attr_in_list(ac->attrs, "objectClass") && - !ldb_attr_in_list(ac->attrs, "*"))) { - ldb_msg_remove_attr(ares->message, "objectClass"); - } + return ldb_module_send_entry(ac->req, ares->message); + + case LDB_REPLY_REFERRAL: + return ldb_module_send_referral(ac->req, ares->referral); - return ac->up_callback(ldb, ac->up_context, ares); + case LDB_REPLY_DONE: + return ldb_module_done(ac->req, ares->controls, + ares->response, LDB_SUCCESS); + + } + return LDB_SUCCESS; } static int kludge_acl_search(struct ldb_module *module, struct ldb_request *req) @@ -288,10 +319,9 @@ static int kludge_acl_search(struct ldb_module *module, struct ldb_request *req) struct kludge_acl_context *ac; struct ldb_request *down_req; struct kludge_private_data *data; + const char * const *attrs; int ret, i; - req->handle = NULL; - ac = talloc(req, struct kludge_acl_context); if (ac == NULL) { ldb_oom(module->ldb); @@ -301,23 +331,10 @@ static int kludge_acl_search(struct ldb_module *module, struct ldb_request *req) data = talloc_get_type(module->private_data, struct kludge_private_data); ac->module = module; - ac->up_context = req->context; - ac->up_callback = req->callback; + ac->req = req; ac->user_type = what_is_user(module); ac->attrs = req->op.search.attrs; - down_req = talloc_zero(req, struct ldb_request); - if (down_req == NULL) { - ldb_oom(module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - - down_req->operation = req->operation; - down_req->op.search.base = req->op.search.base; - down_req->op.search.scope = req->op.search.scope; - down_req->op.search.tree = req->op.search.tree; - down_req->op.search.attrs = req->op.search.attrs; - ac->allowedAttributes = ldb_attr_in_list(req->op.search.attrs, "allowedAttributes"); ac->allowedAttributesEffective = ldb_attr_in_list(req->op.search.attrs, "allowedAttributesEffective"); @@ -327,12 +344,11 @@ static int kludge_acl_search(struct ldb_module *module, struct ldb_request *req) ac->allowedChildClassesEffective = ldb_attr_in_list(req->op.search.attrs, "allowedChildClassesEffective"); if (ac->allowedAttributes || ac->allowedAttributesEffective || ac->allowedChildClasses || ac->allowedChildClassesEffective) { - down_req->op.search.attrs - = ldb_attr_list_copy_add(down_req, down_req->op.search.attrs, "objectClass"); + attrs = ldb_attr_list_copy_add(ac, req->op.search.attrs, "objectClass"); + } else { + attrs = req->op.search.attrs; } - /* FIXME: I hink we should copy the tree and keep the original - * unmodified. SSS */ /* replace any attributes in the parse tree that are private, so we don't allow a search for 'userPassword=penguin', just as we would not allow that attribute to be returned */ @@ -340,30 +356,34 @@ static int kludge_acl_search(struct ldb_module *module, struct ldb_request *req) case SECURITY_SYSTEM: break; default: + /* FIXME: We should copy the tree and keep the original unmodified. */ /* remove password attributes */ - for (i = 0; data && data->password_attrs && data->password_attrs[i]; i++) { - ldb_parse_tree_attr_replace(down_req->op.search.tree, + + if (!data || !data->password_attrs) { + break; + } + for (i = 0; data->password_attrs[i]; i++) { + ldb_parse_tree_attr_replace(req->op.search.tree, data->password_attrs[i], "kludgeACLredactedattribute"); } } - down_req->controls = req->controls; - - down_req->context = ac; - down_req->callback = kludge_acl_callback; - ldb_set_timeout_from_prev_req(module->ldb, req, down_req); - - /* perform the search */ - ret = ldb_next_request(module, down_req); - - /* do not free down_req as the call results may be linked to it, - * it will be freed when the upper level request get freed */ - if (ret == LDB_SUCCESS) { - req->handle = down_req->handle; + ret = ldb_build_search_req_ex(&down_req, + module->ldb, ac, + req->op.search.base, + req->op.search.scope, + req->op.search.tree, + attrs, + req->controls, + ac, kludge_acl_callback, + req); + if (ret != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; } - return ret; + /* perform the search */ + return ldb_next_request(module, down_req); } /* ANY change type */ diff --git a/source4/dsdb/samdb/ldb_modules/linked_attributes.c b/source4/dsdb/samdb/ldb_modules/linked_attributes.c index e64472432d..3b389afffb 100644 --- a/source4/dsdb/samdb/ldb_modules/linked_attributes.c +++ b/source4/dsdb/samdb/ldb_modules/linked_attributes.c @@ -2,6 +2,7 @@ ldb database library Copyright (C) Andrew Bartlett 2007 + Copyright (C) Simo Sorce 2008 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -33,234 +34,176 @@ #include "ldb/include/ldb_private.h" #include "dsdb/samdb/samdb.h" -struct linked_attributes_context { - enum la_step {LA_SEARCH, LA_DO_OPS, LA_DO_ORIG} step; - struct ldb_module *module; - struct ldb_handle *handle; - struct ldb_request *orig_req; - - struct ldb_request *search_req; - struct ldb_request **down_req; - struct ldb_request *orig_down_req; - - int num_requests; - int finished_requests; - - const char **linked_attrs; +struct la_op_store { + struct la_op_store *next; + enum la_op {LA_OP_ADD, LA_OP_DEL} op; + struct ldb_dn *dn; + char *name; + char *value; }; struct replace_context { - struct linked_attributes_context *ac; + struct la_context *ac; + unsigned int num_elements; struct ldb_message_element *el; }; -static int linked_attributes_rename_del_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares); - -static struct linked_attributes_context *linked_attributes_init_handle(struct ldb_request *req, - struct ldb_module *module) -{ - struct linked_attributes_context *ac; - struct ldb_handle *h; +struct la_context { + const struct dsdb_schema *schema; + struct ldb_module *module; + struct ldb_request *req; - h = talloc_zero(req, struct ldb_handle); - if (h == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); - return NULL; - } + struct replace_context *rc; + struct la_op_store *ops; + struct la_op_store *cur; +}; - h->module = module; +static struct la_context *linked_attributes_init(struct ldb_module *module, + struct ldb_request *req) +{ + struct la_context *ac; - ac = talloc_zero(h, struct linked_attributes_context); + ac = talloc_zero(req, struct la_context); if (ac == NULL) { ldb_set_errstring(module->ldb, "Out of Memory"); - talloc_free(h); return NULL; } - h->private_data = ac; - + ac->schema = dsdb_get_schema(module->ldb); ac->module = module; - ac->handle = h; - ac->orig_req = req; - - ac->orig_down_req = talloc(ac, struct ldb_request); - if (!ac->orig_down_req) { - ldb_oom(ac->module->ldb); - return NULL; - } - - *ac->orig_down_req = *req; - - req->handle = h; + ac->req = req; return ac; } /* Common routine to handle reading the attributes and creating a * series of modify requests */ - -static int setup_modifies(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, - struct linked_attributes_context *ac, - const struct ldb_message *msg, - struct ldb_dn *olddn, struct ldb_dn *newdn) +static int la_store_op(struct la_context *ac, + enum la_op op, char *dn, + const char *name, const char *value) { - int i, j, ret = LDB_SUCCESS; - const struct dsdb_schema *schema = dsdb_get_schema(ldb); - /* Look up each of the returned attributes */ - /* Find their schema */ - /* And it is an actual entry: now create a series of modify requests */ - for (i=0; i < msg->num_elements; i++) { - int otherid; - const struct dsdb_attribute *target_attr; - const struct ldb_message_element *el = &msg->elements[i]; - const struct dsdb_attribute *schema_attr - = dsdb_attribute_by_lDAPDisplayName(schema, el->name); - if (!schema_attr) { - ldb_asprintf_errstring(ldb, - "attribute %s is not a valid attribute in schema", el->name); - return LDB_ERR_OBJECT_CLASS_VIOLATION; - } - /* We have a valid attribute, but if it's not linked they maybe we just got an extra return on our search... */ - if (schema_attr->linkID == 0) { - continue; - } - - /* Depending on which direction this link is in, we need to find it's partner */ - if ((schema_attr->linkID & 1) == 1) { - otherid = schema_attr->linkID - 1; - } else { - otherid = schema_attr->linkID + 1; - } - - /* Now find the target attribute */ - target_attr = dsdb_attribute_by_linkID(schema, otherid); - if (!target_attr) { - ldb_asprintf_errstring(ldb, - "attribute %s does not have valid link target", el->name); - return LDB_ERR_OBJECT_CLASS_VIOLATION; - } - - /* For each value being moded, we need to setup the modify */ - for (j=0; j < el->num_values; j++) { - struct ldb_message_element *ret_el; - struct ldb_request *new_req; - struct ldb_message *new_msg; - - /* Create a spot in the list for the requests */ - ac->down_req = talloc_realloc(ac, ac->down_req, - struct ldb_request *, ac->num_requests + 1); - if (!ac->down_req) { - ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; - } + struct la_op_store *os, *tmp; + struct ldb_dn *op_dn; - /* Create the modify request */ - new_msg = ldb_msg_new(ac->down_req); - if (!new_msg) { - ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - new_msg->dn = ldb_dn_from_ldb_val(new_msg, ldb, &el->values[j]); - if (!new_msg->dn) { - ldb_asprintf_errstring(ldb, - "attribute %s value %s was not a valid DN", msg->elements[i].name, - el->values[j].data); - return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; - } - - if (olddn) { - ret = ldb_msg_add_empty(new_msg, target_attr->lDAPDisplayName, - LDB_FLAG_MOD_DELETE, &ret_el); - if (ret != LDB_SUCCESS) { - return ret; - } - ret_el->values = talloc_array(new_msg, struct ldb_val, 1); - if (!ret_el->values) { - ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - ret_el->values[0] = data_blob_string_const(ldb_dn_get_linearized(olddn)); - ret_el->num_values = 1; - } - - if (newdn) { - ret = ldb_msg_add_empty(new_msg, target_attr->lDAPDisplayName, - LDB_FLAG_MOD_ADD, &ret_el); - if (ret != LDB_SUCCESS) { - return ret; - } - ret_el->values = talloc_array(new_msg, struct ldb_val, 1); - if (!ret_el->values) { - ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; + op_dn = ldb_dn_new(ac, ac->module->ldb, dn); + if (!op_dn) { + return LDB_ERR_OPERATIONS_ERROR; + } + + /* optimize out del - add operations that would end up + * with no changes */ + if (ac->ops && op == LA_OP_DEL) { + /* do a linear search to find out if there is + * an equivalent add */ + os = ac->ops; + while (os->next) { + + tmp = os->next; + if (tmp->op == LA_OP_ADD) { + + if ((strcmp(name, tmp->name) == 0) && + (strcmp(value, tmp->value) == 0) && + (ldb_dn_compare(op_dn, tmp->dn) == 0)) { + + break; } - ret_el->values[0] = data_blob_string_const(ldb_dn_get_linearized(newdn)); - ret_el->num_values = 1; } + os = os->next; + } + if (os->next) { + /* pair found, remove it and return */ + os->next = tmp->next; + talloc_free(tmp); + talloc_free(op_dn); + return LDB_SUCCESS; + } + } - ret = ldb_build_mod_req(&new_req, ldb, ac->down_req, - new_msg, - NULL, - NULL, - NULL); - if (ret != LDB_SUCCESS) { - return ret; - } - - talloc_steal(new_req, new_msg); - - ldb_set_timeout_from_prev_req(ldb, ac->orig_req, new_req); - - ac->down_req[ac->num_requests] = new_req; - ac->num_requests++; - - - /* Run the new request */ - ret = ldb_next_request(ac->module, new_req); - if (ret != LDB_SUCCESS) { - return ret; - } + os = talloc_zero(ac, struct la_op_store); + if (!os) { + return LDB_ERR_OPERATIONS_ERROR; + } + + os->op = op; + + os->dn = talloc_steal(os, op_dn); + if (!os->dn) { + return LDB_ERR_OPERATIONS_ERROR; + } + + os->name = talloc_strdup(os, name); + if (!os->name) { + return LDB_ERR_OPERATIONS_ERROR; + } + + if ((op != LA_OP_DEL) && (value == NULL)) { + return LDB_ERR_OPERATIONS_ERROR; + } + if (value) { + os->value = talloc_strdup(os, value); + if (!os->value) { + return LDB_ERR_OPERATIONS_ERROR; } } - return ret; + + if (ac->ops) { + ac->cur->next = os; + } else { + ac->ops = os; + } + ac->cur = os; + + return LDB_SUCCESS; } +static int la_op_search_callback(struct ldb_request *req, + struct ldb_reply *ares); +static int la_do_mod_request(struct la_context *ac); +static int la_mod_callback(struct ldb_request *req, + struct ldb_reply *ares); +static int la_down_req(struct la_context *ac); +static int la_down_callback(struct ldb_request *req, + struct ldb_reply *ares); + + + /* add */ static int linked_attributes_add(struct ldb_module *module, struct ldb_request *req) { - int i; - struct linked_attributes_context *ac; - - const struct dsdb_schema *schema = dsdb_get_schema(module->ldb); - if (!schema) { - /* without schema, this doesn't make any sense */ - return ldb_next_request(module, req); - } + const struct dsdb_attribute *target_attr; + struct la_context *ac; + const char *attr_name; + const char *attr_val; + int ret; + int i, j; if (ldb_dn_is_special(req->op.mod.message->dn)) { /* do not manipulate our control entries */ return ldb_next_request(module, req); } - - ac = linked_attributes_init_handle(req, module); + ac = linked_attributes_init(module, req); if (!ac) { return LDB_ERR_OPERATIONS_ERROR; } - - ac->step = LA_DO_OPS; - + + if (!ac->schema) { + /* without schema, this doesn't make any sense */ + talloc_free(ac); + return ldb_next_request(module, req); + } + /* Need to ensure we only have forward links being specified */ for (i=0; i < req->op.add.message->num_elements; i++) { const struct ldb_message_element *el = &req->op.add.message->elements[i]; const struct dsdb_attribute *schema_attr - = dsdb_attribute_by_lDAPDisplayName(schema, el->name); + = dsdb_attribute_by_lDAPDisplayName(ac->schema, el->name); if (!schema_attr) { ldb_asprintf_errstring(module->ldb, - "attribute %s is not a valid attribute in schema", req->op.add.message->elements[i].name); + "attribute %s is not a valid attribute in schema", el->name); return LDB_ERR_OBJECT_CLASS_VIOLATION; } - /* We have a valid attribute, not find out if it is linked */ + /* We have a valid attribute, now find out if it is linked */ if (schema_attr->linkID == 0) { continue; } @@ -268,160 +211,134 @@ static int linked_attributes_add(struct ldb_module *module, struct ldb_request * if ((schema_attr->linkID & 1) == 1) { /* Odd is for the target. Illigal to modify */ ldb_asprintf_errstring(module->ldb, - "attribute %s must not be modified directly, it is a linked attribute", req->op.add.message->elements[i].name); + "attribute %s must not be modified directly, it is a linked attribute", el->name); return LDB_ERR_UNWILLING_TO_PERFORM; } /* Even link IDs are for the originating attribute */ + target_attr = dsdb_attribute_by_linkID(ac->schema, schema_attr->linkID + 1); + attr_name = target_attr->lDAPDisplayName; + attr_val = ldb_dn_get_linearized(ac->req->op.add.message->dn); + + for (j = 0; j < el->num_values; j++) { + ret = la_store_op(ac, LA_OP_ADD, + (char *)el->values[j].data, + attr_name, attr_val); + if (ret != LDB_SUCCESS) { + return ret; + } + } } - /* Now call the common routine to setup the modifies across all the attributes */ - return setup_modifies(module->ldb, ac, ac, req->op.add.message, NULL, req->op.add.message->dn); -} - -struct merge { - struct ldb_dn *dn; - bool add; - bool ignore; -}; - -static int merge_cmp(struct merge *merge1, struct merge *merge2) { - int ret; - ret = ldb_dn_compare(merge1->dn, merge2->dn); - if (ret == 0) { - if (merge1->add == merge2->add) { - return 0; - } - if (merge1->add == true) { - return 1; - } - return -1; + /* if no linked attributes are present continue */ + if (ac->ops == NULL) { + talloc_free(ac); + return ldb_next_request(module, req); } - return ret; + + /* start with the first one */ + return la_do_mod_request(ac); } -static int linked_attributes_mod_replace_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +static int la_mod_search_callback(struct ldb_request *req, struct ldb_reply *ares) { - struct replace_context *ac2 = talloc_get_type(context, struct replace_context); - struct linked_attributes_context *ac = ac2->ac; - - /* OK, we have one search result here: */ + const struct dsdb_attribute *schema_attr; + const struct dsdb_attribute *target_attr; + struct ldb_message_element *search_el; + struct replace_context *rc; + struct la_context *ac; + const char *attr_name; + const char *dn; + int i, j; + int ret = LDB_SUCCESS; - /* Only entries are interesting, and we only want the olddn */ - if (ares->type == LDB_REPLY_ENTRY - && ldb_dn_compare(ares->message->dn, ac->orig_req->op.mod.message->dn) == 0) { - /* only bother at all if there were some linked attributes found */ - struct ldb_message_element *search_el - = ldb_msg_find_element(ares->message, - ac2->el->name); - - /* See if this element already exists */ - if (search_el) { + ac = talloc_get_type(req->context, struct la_context); + rc = ac->rc; - struct merge *merged_list = NULL; + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } - int ret, size = 0, i; - struct ldb_message *msg = ldb_msg_new(ac); - if (!msg) { - ldb_oom(ac->module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } + /* Only entries are interesting, and we only want the olddn */ + switch (ares->type) { + case LDB_REPLY_ENTRY: + + if (ldb_dn_compare(ares->message->dn, ac->req->op.mod.message->dn) != 0) { + /* Guh? We only asked for this DN */ + ldb_oom(ac->module->ldb); + talloc_free(ares); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } - /* Add all the existing elements, marking as 'proposed for delete' by setting .add = false */ - for (i=0; i < search_el->num_values; i++) { - merged_list = talloc_realloc(ares, merged_list, struct merge, size + 1); - merged_list[size].dn = ldb_dn_from_ldb_val(merged_list, ldb, &search_el->values[i]); - merged_list[size].add = false; - merged_list[size].ignore = false; - size++; - } + dn = ldb_dn_get_linearized(ac->req->op.add.message->dn); - /* Add all the new replacement elements, marking as 'proposed for add' by setting .add = true */ - for (i=0; i < ac2->el->num_values; i++) { - merged_list = talloc_realloc(ares, merged_list, struct merge, size + 1); - merged_list[size].dn = ldb_dn_from_ldb_val(merged_list, ldb, &ac2->el->values[i]); - merged_list[size].add = true; - merged_list[size].ignore = false; - size++; - } + for (i = 0; i < rc->num_elements; i++) { - /* Sort the list, so we can pick out an add and delete for the same DN, and eliminate them */ - qsort(merged_list, size, - sizeof(*merged_list), - (comparison_fn_t)merge_cmp); - - /* Now things are sorted, it is trivial to mark pairs of DNs as 'ignore' */ - for (i=0; i + 1 < size; i++) { - if (ldb_dn_compare(merged_list[i].dn, - merged_list[i+1].dn) == 0 - /* Fortunetly the sort also sorts 'add == false' first */ - && merged_list[i].add == false - && merged_list[i+1].add == true) { - - /* Mark as ignore, so we include neither in the actual operations */ - merged_list[i].ignore = true; - merged_list[i+1].ignore = true; - } + schema_attr = dsdb_attribute_by_lDAPDisplayName(ac->schema, rc->el[i].name); + if (!schema_attr) { + ldb_asprintf_errstring(ac->module->ldb, + "attribute %s is not a valid attribute in schema", + rc->el[i].name); + talloc_free(ares); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OBJECT_CLASS_VIOLATION); } - /* Arrange to delete anything the search found that we don't re-add */ - for (i=0; i < size; i++) { - if (merged_list[i].ignore == false - && merged_list[i].add == false) { - ldb_msg_add_steal_string(msg, search_el->name, - ldb_dn_get_linearized(merged_list[i].dn)); - } - } + search_el = ldb_msg_find_element(ares->message, + rc->el[i].name); - /* The DN to set on the linked attributes is the original DN of the modify message */ - msg->dn = ac->orig_req->op.mod.message->dn; - - ret = setup_modifies(ac->module->ldb, ac2, ac, msg, ares->message->dn, NULL); - if (ret != LDB_SUCCESS) { - return ret; + /* See if this element already exists */ + /* otherwise just ignore as + * the add has already been scheduled */ + if ( ! search_el) { + continue; } - /* Now add links for all the actually new elements */ - for (i=0; i < size; i++) { - if (merged_list[i].ignore == false && merged_list[i].add == true) { - ldb_msg_add_steal_string(msg, search_el->name, - ldb_dn_get_linearized(merged_list[i].dn)); + target_attr = dsdb_attribute_by_linkID(ac->schema, schema_attr->linkID + 1); + attr_name = target_attr->lDAPDisplayName; + + /* make sure we manage each value */ + for (j = 0; j < search_el->num_values; j++) { + ret = la_store_op(ac, LA_OP_DEL, + (char *)search_el->values[j].data, + attr_name, dn); + if (ret != LDB_SUCCESS) { + talloc_free(ares); + return ldb_module_done(ac->req, + NULL, NULL, ret); } } + } - ret = setup_modifies(ac->module->ldb, ac2, ac, msg, NULL, ares->message->dn); - if (ret != LDB_SUCCESS) { - return ret; - } - - talloc_free(merged_list); + break; - } else { - /* Looks like it doesn't exist, process like an 'add' */ - struct ldb_message *msg = ldb_msg_new(ac); - if (!msg) { - ldb_oom(ac->module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - msg->num_elements = 1; - msg->elements = ac2->el; - msg->dn = ac->orig_req->op.mod.message->dn; + case LDB_REPLY_REFERRAL: + /* ignore */ + break; - return setup_modifies(ac->module->ldb, ac2, ac, msg, NULL, ac->orig_req->op.mod.message->dn); - } - talloc_free(ares); - return LDB_SUCCESS; - } else if (ares->type == LDB_REPLY_ENTRY) { - /* Guh? We only asked for this DN */ - return LDB_ERR_OPERATIONS_ERROR; + case LDB_REPLY_DONE: - } else { talloc_free(ares); + + /* All mods set up, start with the first one */ + ret = la_do_mod_request(ac); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } return LDB_SUCCESS; } - - + + talloc_free(ares); + return ret; } + + /* modify */ static int linked_attributes_modify(struct ldb_module *module, struct ldb_request *req) { @@ -431,523 +348,545 @@ static int linked_attributes_modify(struct ldb_module *module, struct ldb_reques /* Apply the modify to the linked entry */ int i, j; - struct linked_attributes_context *ac; - - const struct dsdb_schema *schema = dsdb_get_schema(module->ldb); - if (!schema) { - /* without schema, this doesn't make any sense */ - return ldb_next_request(module, req); - } + struct la_context *ac; + struct ldb_request *search_req; + int ret; if (ldb_dn_is_special(req->op.mod.message->dn)) { /* do not manipulate our control entries */ return ldb_next_request(module, req); } - - ac = linked_attributes_init_handle(req, module); + ac = linked_attributes_init(module, req); if (!ac) { return LDB_ERR_OPERATIONS_ERROR; } - - /* prepare the first operation */ - ac->step = LA_DO_OPS; + + if (!ac->schema) { + /* without schema, this doesn't make any sense */ + return ldb_next_request(module, req); + } + + ac->rc = NULL; for (i=0; i < req->op.mod.message->num_elements; i++) { - int ret; - struct ldb_request *new_req; + bool store_el = false; + const char *attr_name; + const char *attr_val; const struct dsdb_attribute *target_attr; const struct ldb_message_element *el = &req->op.mod.message->elements[i]; const struct dsdb_attribute *schema_attr - = dsdb_attribute_by_lDAPDisplayName(schema, el->name); + = dsdb_attribute_by_lDAPDisplayName(ac->schema, el->name); if (!schema_attr) { ldb_asprintf_errstring(module->ldb, - "attribute %s is not a valid attribute in schema", req->op.mod.message->elements[i].name); + "attribute %s is not a valid attribute in schema", el->name); return LDB_ERR_OBJECT_CLASS_VIOLATION; } - /* We have a valid attribute, not find out if it is linked */ + /* We have a valid attribute, now find out if it is linked */ if (schema_attr->linkID == 0) { continue; } if ((schema_attr->linkID & 1) == 1) { - /* Odd is for the target. Illigal to modify */ + /* Odd is for the target. Illegal to modify */ ldb_asprintf_errstring(module->ldb, - "attribute %s must not be modified directly, it is a linked attribute", req->op.mod.message->elements[i].name); + "attribute %s must not be modified directly, it is a linked attribute", el->name); return LDB_ERR_UNWILLING_TO_PERFORM; } /* Even link IDs are for the originating attribute */ /* Now find the target attribute */ - target_attr = dsdb_attribute_by_linkID(schema, schema_attr->linkID + 1); + target_attr = dsdb_attribute_by_linkID(ac->schema, schema_attr->linkID + 1); if (!target_attr) { ldb_asprintf_errstring(module->ldb, - "attribute %s does not have valid link target", req->op.mod.message->elements[i].name); + "attribute %s does not have valid link target", el->name); return LDB_ERR_OBJECT_CLASS_VIOLATION; } - /* Replace with new set of values */ - if (((el->flags & LDB_FLAG_MOD_MASK) == LDB_FLAG_MOD_REPLACE) - && el->num_values > 0) { - struct replace_context *ac2 = talloc(ac, struct replace_context); - const char **attrs = talloc_array(ac, const char *, 2); - if (!attrs || !ac2) { - ldb_oom(ac->module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - attrs[0] = el->name; - attrs[1] = NULL; - - ac2->ac = ac; - ac2->el = el; - - /* We need to setup a search, compare with the list, and then setup add/del as required */ - - /* The callback does all the hard work here */ - ret = ldb_build_search_req(&new_req, module->ldb, req, - req->op.mod.message->dn, - LDB_SCOPE_BASE, - "(objectClass=*)", - attrs, - NULL, - ac2, - linked_attributes_mod_replace_search_callback); - - if (ret != LDB_SUCCESS) { - return ret; - } - - talloc_steal(new_req, attrs); - - ret = ldb_set_timeout_from_prev_req(module->ldb, req, new_req); - - if (ret != LDB_SUCCESS) { - return ret; - } + attr_name = target_attr->lDAPDisplayName; + attr_val = ldb_dn_get_linearized(ac->req->op.mod.message->dn); - /* Create a spot in the list for the requests */ - ac->down_req = talloc_realloc(ac, ac->down_req, - struct ldb_request *, ac->num_requests + 1); - if (!ac->down_req) { - ldb_oom(ac->module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } + switch (el->flags & LDB_FLAG_MOD_MASK) { + case LDB_FLAG_MOD_REPLACE: + /* treat as just a normal add the delete part is handled by the callback */ + store_el = true; - ac->down_req[ac->num_requests] = talloc_steal(ac->down_req, new_req); - ac->num_requests++; + /* break intentionally missing */ - ret = ldb_next_request(module, new_req); - - if (ret != LDB_SUCCESS) { - return ret; - } - - continue; + case LDB_FLAG_MOD_ADD: - /* Delete all values case */ - } else if (((el->flags & LDB_FLAG_MOD_MASK) & (LDB_FLAG_MOD_DELETE|LDB_FLAG_MOD_REPLACE)) - && el->num_values == 0) { - const char **attrs = talloc_array(ac, const char *, 2); - if (!attrs) { - ldb_oom(ac->module->ldb); - return LDB_ERR_OPERATIONS_ERROR; + /* For each value being added, we need to setup the adds */ + for (j = 0; j < el->num_values; j++) { + ret = la_store_op(ac, LA_OP_ADD, + (char *)el->values[j].data, + attr_name, attr_val); + if (ret != LDB_SUCCESS) { + return ret; + } } - attrs[0] = el->name; - attrs[1] = NULL; - - /* We need to setup a search, and then setup del as required */ - - /* The callback does all the hard work here, acting identically to if we had delted the whole entry */ - ret = ldb_build_search_req(&new_req, module->ldb, req, - req->op.mod.message->dn, - LDB_SCOPE_BASE, - "(objectClass=*)", - attrs, - NULL, - ac, - linked_attributes_rename_del_search_callback); + break; - if (ret != LDB_SUCCESS) { - return ret; - } - - talloc_steal(new_req, attrs); - - ret = ldb_set_timeout_from_prev_req(module->ldb, req, new_req); - - if (ret != LDB_SUCCESS) { - return ret; - } + case LDB_FLAG_MOD_DELETE: - /* Create a spot in the list for the requests */ - ac->down_req = talloc_realloc(ac, ac->down_req, - struct ldb_request *, ac->num_requests + 1); - if (!ac->down_req) { - ldb_oom(ac->module->ldb); - return LDB_ERR_OPERATIONS_ERROR; + if (el->num_values) { + /* For each value being deleted, we need to setup the delete */ + for (j = 0; j < el->num_values; j++) { + ret = la_store_op(ac, LA_OP_DEL, + (char *)el->values[j].data, + attr_name, attr_val); + if (ret != LDB_SUCCESS) { + return ret; + } + } + } else { + store_el = true; } - ac->down_req[ac->num_requests] = talloc_steal(ac->down_req, new_req); - ac->num_requests++; - - ret = ldb_next_request(module, new_req); - - if (ret != LDB_SUCCESS) { - return ret; - } - - continue; + break; } - /* Prepare the modify (mod element) on the targets, for a normal modify request */ - - /* For each value being moded, we need to setup the modify */ - for (j=0; j < el->num_values; j++) { - /* Create the modify request */ - struct ldb_message *new_msg = ldb_msg_new(ac); - if (!new_msg) { - ldb_oom(module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - new_msg->dn = ldb_dn_from_ldb_val(new_msg, module->ldb, &el->values[j]); - if (!new_msg->dn) { - ldb_asprintf_errstring(module->ldb, - "attribute %s value %s was not a valid DN", req->op.mod.message->elements[i].name, - el->values[j].data); - return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; - } + if (store_el) { + struct ldb_message_element *search_el; - ret = ldb_msg_add_empty(new_msg, target_attr->lDAPDisplayName, - el->flags & LDB_FLAG_MOD_MASK, NULL); - if (ret != LDB_SUCCESS) { - return ret; - } - - ret = ldb_msg_add_string(new_msg, target_attr->lDAPDisplayName, - ldb_dn_get_linearized(ac->orig_req->op.add.message->dn)); - if (ret != LDB_SUCCESS) { - return ret; + if (!ac->rc) { + ac->rc = talloc_zero(ac, struct replace_context); + if (!ac->rc) { + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } } - ret = ldb_build_mod_req(&new_req, module->ldb, ac, - new_msg, - NULL, - NULL, - NULL); - if (ret != LDB_SUCCESS) { - return ret; - } - - talloc_steal(new_req, new_msg); - - ret = ldb_set_timeout_from_prev_req(module->ldb, req, new_req); - - if (ret != LDB_SUCCESS) { - return ret; - } - - /* Now add it to the list */ - ac->down_req = talloc_realloc(ac, ac->down_req, - struct ldb_request *, ac->num_requests + 1); - if (!ac->down_req) { - ldb_oom(ac->module->ldb); + search_el = talloc_realloc(ac->rc, ac->rc->el, + struct ldb_message_element, + ac->rc->num_elements +1); + if (!search_el) { + ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } - ac->down_req[ac->num_requests] = talloc_steal(ac->down_req, new_req); - ac->num_requests++; + ac->rc->el = search_el; - /* Run the new request */ - ret = ldb_next_request(module, new_req); - if (ret != LDB_SUCCESS) { - return ret; - } + ac->rc->el[ac->rc->num_elements] = *el; + ac->rc->num_elements++; } } - return LDB_SUCCESS; -} -static int linked_attributes_rename_del_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) -{ - struct linked_attributes_context *ac = talloc_get_type(context, struct linked_attributes_context); - struct ldb_dn *olddn, *newdn; - - switch (ac->orig_req->operation) { - case LDB_DELETE: - { - olddn = ac->orig_req->op.del.dn; - newdn = NULL; - break; - } - /* This isn't the general modify case, just the modify when we are asked to delete all values */ - case LDB_MODIFY: - { - olddn = ac->orig_req->op.mod.message->dn; - newdn = NULL; - break; - } - case LDB_RENAME: - { - olddn = ac->orig_req->op.rename.olddn; - newdn = ac->orig_req->op.rename.newdn; - break; - } - default: - return LDB_ERR_OPERATIONS_ERROR; - } - + /* both replace and delete without values are handled in the callback + * after the search on the entry to be modified is performed */ + if (ac->rc) { + const char **attrs; + + attrs = talloc_array(ac->rc, const char *, ac->rc->num_elements +1); + if (!attrs) { + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + for (i = 0; i < ac->rc->num_elements; i++) { + attrs[i] = ac->rc->el[i].name; + } + attrs[i] = NULL; - /* OK, we have one search result here: */ + /* The callback does all the hard work here */ + ret = ldb_build_search_req(&search_req, module->ldb, ac, + req->op.mod.message->dn, + LDB_SCOPE_BASE, + "(objectClass=*)", attrs, + NULL, + ac, la_mod_search_callback, + req); - /* Only entries are interesting, and we only want the olddn */ - if (ares->type == LDB_REPLY_ENTRY - && ldb_dn_compare(ares->message->dn, olddn) == 0) { - /* only bother at all if there were some linked attributes found */ - if (ares->message->num_elements > 0) { - return setup_modifies(ldb, ac, ac, - ares->message, olddn, newdn); + if (ret == LDB_SUCCESS) { + talloc_steal(search_req, attrs); + + ret = ldb_next_request(module, search_req); } - talloc_free(ares); - return LDB_SUCCESS; - } else if (ares->type == LDB_REPLY_ENTRY) { - /* Guh? We only asked for this DN */ - return LDB_ERR_OPERATIONS_ERROR; } else { - talloc_free(ares); - return LDB_SUCCESS; + if (ac->ops) { + /* start the mod requests chain */ + ret = la_do_mod_request(ac); + } else { + /* nothing to do for this module, proceed */ + talloc_free(ac); + ret = ldb_next_request(module, req); + } } - - + + return ret; } -/* rename */ -static int linked_attributes_rename(struct ldb_module *module, struct ldb_request *req) + +/* delete, rename */ +static int linked_attributes_op(struct ldb_module *module, struct ldb_request *req) { - /* Look up list of linked attributes */ + struct ldb_request *search_req; + struct ldb_dn *base_dn; + struct la_context *ac; const char **attrs; WERROR werr; int ret; - struct linked_attributes_context *ac; - struct ldb_request *new_req; - const struct dsdb_schema *schema = dsdb_get_schema(module->ldb); - if (!schema) { - /* without schema, this doesn't make any sense */ - return ldb_next_request(module, req); - } /* This gets complex: We need to: - - Do a search for the entry + - Do a search for the entry - Wait for these result to appear - - In the callback for the result, issue a modify request based on the linked attributes found + - In the callback for the result, issue a modify + request based on the linked attributes found - Wait for each modify result - - Regain our sainity + - Regain our sainity */ - ac = linked_attributes_init_handle(req, module); + switch (req->operation) { + case LDB_RENAME: + base_dn = req->op.rename.olddn; + break; + case LDB_DELETE: + base_dn = req->op.del.dn; + break; + default: + return LDB_ERR_OPERATIONS_ERROR; + } + + ac = linked_attributes_init(module, req); if (!ac) { return LDB_ERR_OPERATIONS_ERROR; } - - werr = dsdb_linked_attribute_lDAPDisplayName_list(schema, ac, &attrs); + + if (!ac->schema) { + /* without schema, this doesn't make any sense */ + return ldb_next_request(module, req); + } + + werr = dsdb_linked_attribute_lDAPDisplayName_list(ac->schema, ac, &attrs); if (!W_ERROR_IS_OK(werr)) { return LDB_ERR_OPERATIONS_ERROR; } - - ret = ldb_build_search_req(&new_req, module->ldb, req, - req->op.rename.olddn, - LDB_SCOPE_BASE, - "(objectClass=*)", - attrs, - NULL, - ac, - linked_attributes_rename_del_search_callback); + + ret = ldb_build_search_req(&search_req, module->ldb, req, + base_dn, LDB_SCOPE_BASE, + "(objectClass=*)", attrs, + NULL, + ac, la_op_search_callback, + req); if (ret != LDB_SUCCESS) { return ret; } - talloc_steal(new_req, attrs); + talloc_steal(search_req, attrs); + + return ldb_next_request(module, search_req); +} - ret = ldb_set_timeout_from_prev_req(module->ldb, req, new_req); +static int la_op_search_callback(struct ldb_request *req, + struct ldb_reply *ares) +{ + struct la_context *ac; + const struct dsdb_attribute *schema_attr; + const struct dsdb_attribute *target_attr; + const struct ldb_message_element *el; + const char *attr_name; + const char *deldn; + const char *adddn; + int i, j; + int ret; - if (ret != LDB_SUCCESS) { - return ret; + ac = talloc_get_type(req->context, struct la_context); + + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + + /* Only entries are interesting, and we only want the olddn */ + switch (ares->type) { + case LDB_REPLY_ENTRY: + ret = ldb_dn_compare(ares->message->dn, req->op.search.base); + if (ret != 0) { + /* Guh? We only asked for this DN */ + talloc_free(ares); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->message->num_elements == 0) { + /* only bother at all if there were some + * linked attributes found */ + talloc_free(ares); + return LDB_SUCCESS; + } + + switch (ac->req->operation) { + case LDB_DELETE: + deldn = ldb_dn_get_linearized(ac->req->op.del.dn); + adddn = NULL; + break; + case LDB_RENAME: + deldn = ldb_dn_get_linearized(ac->req->op.rename.olddn); + adddn = ldb_dn_get_linearized(ac->req->op.rename.newdn); + break; + default: + talloc_free(ares); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + + for (i = 0; i < ares->message->num_elements; i++) { + el = &ares->message->elements[i]; + + schema_attr = dsdb_attribute_by_lDAPDisplayName(ac->schema, el->name); + if (!schema_attr) { + ldb_asprintf_errstring(ac->module->ldb, + "attribute %s is not a valid attribute" + " in schema", el->name); + talloc_free(ares); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OBJECT_CLASS_VIOLATION); + } + + /* Valid attribute, now find out if it is linked */ + if (schema_attr->linkID == 0) { + /* Not a linked attribute, skip */ + continue; + } + + if ((schema_attr->linkID & 1) == 0) { + /* Odd is for the target. */ + target_attr = dsdb_attribute_by_linkID(ac->schema, schema_attr->linkID + 1); + attr_name = target_attr->lDAPDisplayName; + } else { + target_attr = dsdb_attribute_by_linkID(ac->schema, schema_attr->linkID - 1); + attr_name = target_attr->lDAPDisplayName; + } + for (j = 0; j < el->num_values; j++) { + ret = la_store_op(ac, LA_OP_DEL, + (char *)el->values[j].data, + attr_name, deldn); + if (ret != LDB_SUCCESS) { + talloc_free(ares); + return ldb_module_done(ac->req, + NULL, NULL, ret); + } + if (!adddn) continue; + ret = la_store_op(ac, LA_OP_ADD, + (char *)el->values[j].data, + attr_name, adddn); + if (ret != LDB_SUCCESS) { + talloc_free(ares); + return ldb_module_done(ac->req, + NULL, NULL, ret); + } + } + } + + break; + + case LDB_REPLY_REFERRAL: + /* ignore */ + break; + + case LDB_REPLY_DONE: + + talloc_free(ares); + + if (ac->ops) { + /* start the mod requests chain */ + ret = la_do_mod_request(ac); + } else { + ret = la_down_req(ac); + } + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } + return LDB_SUCCESS; } - ac->search_req = new_req; - ac->step = LA_SEARCH; - return ldb_next_request(module, new_req); + talloc_free(ares); + return LDB_SUCCESS; } -/* delete */ -static int linked_attributes_delete(struct ldb_module *module, struct ldb_request *req) +/* do a linked attributes modify request */ +static int la_do_mod_request(struct la_context *ac) { - /* Look up list of linked attributes */ - const char **attrs; - WERROR werr; + struct ldb_message_element *ret_el; + struct ldb_request *mod_req; + struct ldb_message *new_msg; + struct ldb_context *ldb; int ret; - struct ldb_request *new_req; - struct linked_attributes_context *ac; - const struct dsdb_schema *schema = dsdb_get_schema(module->ldb); - if (!schema) { - /* without schema, this doesn't make any sense */ - return ldb_next_request(module, req); - } - /* This gets complex: We need to: - - Do a search for the entry - - Wait for these result to appear - - In the callback for the result, issue a modify request based on the linked attributes found - - Wait for each modify result - - Regain our sainity - */ + ldb = ac->module->ldb; - ac = linked_attributes_init_handle(req, module); - if (!ac) { + /* Create the modify request */ + new_msg = ldb_msg_new(ac); + if (!new_msg) { + ldb_oom(ldb); return LDB_ERR_OPERATIONS_ERROR; } - - werr = dsdb_linked_attribute_lDAPDisplayName_list(schema, ac, &attrs); - if (!W_ERROR_IS_OK(werr)) { + new_msg->dn = ldb_dn_copy(new_msg, ac->ops->dn); + if (!new_msg->dn) { return LDB_ERR_OPERATIONS_ERROR; - }; - - ret = ldb_build_search_req(&new_req, module->ldb, req, - req->op.del.dn, - LDB_SCOPE_BASE, - "(objectClass=*)", - attrs, - NULL, - ac, - linked_attributes_rename_del_search_callback); + } + if (ac->ops->op == LA_OP_ADD) { + ret = ldb_msg_add_empty(new_msg, ac->ops->name, + LDB_FLAG_MOD_ADD, &ret_el); + } else { + ret = ldb_msg_add_empty(new_msg, ac->ops->name, + LDB_FLAG_MOD_DELETE, &ret_el); + } if (ret != LDB_SUCCESS) { return ret; } - - talloc_steal(new_req, attrs); - - ret = ldb_set_timeout_from_prev_req(module->ldb, req, new_req); - + ret_el->values = talloc_array(new_msg, struct ldb_val, 1); + if (!ret_el->values) { + ldb_oom(ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + ret_el->values[0] = data_blob_string_const(ac->ops->value); + ret_el->num_values = 1; + + /* use ac->ops as the mem_ctx so that the request will be freed + * in the callback as soon as completed */ + ret = ldb_build_mod_req(&mod_req, ldb, ac->ops, + new_msg, + NULL, + ac, la_mod_callback, + ac->req); if (ret != LDB_SUCCESS) { return ret; } + talloc_steal(mod_req, new_msg); - ac->search_req = new_req; - ac->step = LA_SEARCH; - return ldb_next_request(module, new_req); + /* Run the new request */ + return ldb_next_request(ac->module, mod_req); } +static int la_mod_callback(struct ldb_request *req, struct ldb_reply *ares) +{ + struct la_context *ac; + struct la_op_store *os; + int ret; -static int linked_attributes_wait_none(struct ldb_handle *handle) { - struct linked_attributes_context *ac; - int i, ret = LDB_ERR_OPERATIONS_ERROR; - if (!handle || !handle->private_data) { - return LDB_ERR_OPERATIONS_ERROR; - } + ac = talloc_get_type(req->context, struct la_context); - if (handle->state == LDB_ASYNC_DONE) { - return handle->status; + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); } - handle->state = LDB_ASYNC_PENDING; - handle->status = LDB_SUCCESS; - - ac = talloc_get_type(handle->private_data, struct linked_attributes_context); - - switch (ac->step) { - case LA_SEARCH: - ret = ldb_wait(ac->search_req->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - if (ac->search_req->handle->status != LDB_SUCCESS) { - handle->status = ac->search_req->handle->status; - goto done; - } - - if (ac->search_req->handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - ac->step = LA_DO_OPS; - return LDB_SUCCESS; + if (ares->type != LDB_REPLY_DONE) { + ldb_set_errstring(ac->module->ldb, + "invalid ldb_reply_type in callback"); + talloc_free(ares); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } - case LA_DO_OPS: - for (i=0; i < ac->num_requests; i++) { - ret = ldb_wait(ac->down_req[i]->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - if (ac->down_req[i]->handle->status != LDB_SUCCESS) { - handle->status = ac->down_req[i]->handle->status; - goto done; - } - - if (ac->down_req[i]->handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - } + talloc_free(ares); - /* Now run the original request */ - ac->step = LA_DO_ORIG; - return ldb_next_request(ac->module, ac->orig_down_req); + if (ac->ops) { + os = ac->ops; + ac->ops = os->next; - case LA_DO_ORIG: - ret = ldb_wait(ac->orig_down_req->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - if (ac->orig_down_req->handle->status != LDB_SUCCESS) { - handle->status = ac->orig_down_req->handle->status; - goto done; - } - - if (ac->orig_down_req->handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - ret = LDB_SUCCESS; + /* this frees the request too + * DO NOT access 'req' after this point */ + talloc_free(os); } -done: - handle->state = LDB_ASYNC_DONE; - return ret; + /* as last op run the original request */ + if (ac->ops) { + ret = la_do_mod_request(ac); + } else { + ret = la_down_req(ac); + } + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } + return LDB_SUCCESS; } -static int linked_attributes_wait_all(struct ldb_handle *handle) { - +static int la_down_req(struct la_context *ac) +{ + struct ldb_request *down_req; int ret; - while (handle->state != LDB_ASYNC_DONE) { - ret = linked_attributes_wait_none(handle); - if (ret != LDB_SUCCESS) { - return ret; - } + switch (ac->req->operation) { + case LDB_ADD: + ret = ldb_build_add_req(&down_req, ac->module->ldb, ac, + ac->req->op.add.message, + ac->req->controls, + ac, la_down_callback, + ac->req); + break; + case LDB_MODIFY: + ret = ldb_build_mod_req(&down_req, ac->module->ldb, ac, + ac->req->op.mod.message, + ac->req->controls, + ac, la_down_callback, + ac->req); + break; + case LDB_DELETE: + ret = ldb_build_del_req(&down_req, ac->module->ldb, ac, + ac->req->op.del.dn, + ac->req->controls, + ac, la_down_callback, + ac->req); + break; + case LDB_RENAME: + ret = ldb_build_rename_req(&down_req, ac->module->ldb, ac, + ac->req->op.rename.olddn, + ac->req->op.rename.newdn, + ac->req->controls, + ac, la_down_callback, + ac->req); + break; + default: + ret = LDB_ERR_OPERATIONS_ERROR; + } + if (ret != LDB_SUCCESS) { + return ret; } - return handle->status; + return ldb_next_request(ac->module, down_req); } -static int linked_attributes_wait(struct ldb_handle *handle, enum ldb_wait_type type) +static int la_down_callback(struct ldb_request *req, struct ldb_reply *ares) { - if (type == LDB_WAIT_ALL) { - return linked_attributes_wait_all(handle); - } else { - return linked_attributes_wait_none(handle); + struct la_context *ac; + + ac = talloc_get_type(req->context, struct la_context); + + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + + if (ares->type != LDB_REPLY_DONE) { + ldb_set_errstring(ac->module->ldb, + "invalid ldb_reply_type in callback"); + talloc_free(ares); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } + + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); } _PUBLIC_ const struct ldb_module_ops ldb_linked_attributes_module_ops = { .name = "linked_attributes", .add = linked_attributes_add, .modify = linked_attributes_modify, - .del = linked_attributes_delete, - .rename = linked_attributes_rename, - .wait = linked_attributes_wait, + .del = linked_attributes_op, + .rename = linked_attributes_op, }; diff --git a/source4/dsdb/samdb/ldb_modules/local_password.c b/source4/dsdb/samdb/ldb_modules/local_password.c index a411c01513..622e444166 100644 --- a/source4/dsdb/samdb/ldb_modules/local_password.c +++ b/source4/dsdb/samdb/ldb_modules/local_password.c @@ -1,7 +1,7 @@ /* ldb database module - Copyright (C) Simo Sorce 2004-2006 + Copyright (C) Simo Sorce 2004-2008 Copyright (C) Andrew Bartlett 2005-2006 Copyright (C) Andrew Tridgell 2004 @@ -44,7 +44,7 @@ This allows the password database to be syncronised in a multi-master fashion, seperate to the more difficult concerns of the main database. (With passwords, the last writer always wins) - + Each incoming add/modify is split into a remote, and a local request, done in that order. We maintain a list of attributes that are kept locally: @@ -62,73 +62,89 @@ static const char * const password_attrs[] = { /* And we merge them back into search requests when asked to do so */ -struct lpdb_context { +struct lpdb_reply { + struct lpdb_reply *next; + struct ldb_reply *remote; + struct ldb_dn *local_dn; +}; - enum lpdb_type {LPDB_ADD, LPDB_MOD, LPDB_SEARCH} type; - enum lpdb_step {LPDB_ADD_REMOTE, LPDB_MOD_REMOTE, LPDB_MOD_SEARCH_SELF, LPDB_LOCAL, LPDB_SEARCH_REMOTE} step; +struct lpdb_context { struct ldb_module *module; - struct ldb_request *orig_req; - struct ldb_request *remote_req; - struct ldb_request *search_req; - struct ldb_request *local_req; + struct ldb_request *req; struct ldb_message *local_message; + struct lpdb_reply *list; + struct lpdb_reply *current; + struct ldb_reply *remote_done; + struct ldb_reply *remote; + bool added_objectGUID; bool added_objectClass; - struct ldb_reply *search_res; -}; - -struct lpdb_local_search_context { - struct lpdb_context *ac; - struct ldb_reply *remote_res; - struct ldb_reply *local_res; }; -static struct ldb_handle *lpdb_init_handle(struct ldb_request *req, struct ldb_module *module, enum lpdb_type type) +static struct lpdb_context *lpdb_init_context(struct ldb_module *module, + struct ldb_request *req) { struct lpdb_context *ac; - struct ldb_handle *h; - h = talloc_zero(req, struct ldb_handle); - if (h == NULL) { + ac = talloc_zero(req, struct lpdb_context); + if (ac == NULL) { ldb_set_errstring(module->ldb, "Out of Memory"); return NULL; } - h->module = module; + ac->module = module; + ac->req = req; - ac = talloc_zero(h, struct lpdb_context); - if (ac == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); - talloc_free(h); - return NULL; - } + return ac; +} - h->private_data = (void *)ac; +static int lpdb_local_callback(struct ldb_request *req, struct ldb_reply *ares) +{ + struct lpdb_context *ac; - h->state = LDB_ASYNC_INIT; - h->status = LDB_SUCCESS; + ac = talloc_get_type(req->context, struct lpdb_context); - ac->type = type; - ac->module = module; - ac->orig_req = req; + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + + if (ares->type != LDB_REPLY_DONE) { + ldb_set_errstring(ac->module->ldb, "Unexpected reply type"); + talloc_free(ares); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } - return h; + talloc_free(ares); + return ldb_module_done(ac->req, + ac->remote_done->controls, + ac->remote_done->response, + ac->remote_done->error); } -/* Add a record, splitting password attributes from the user's main - * record */ +/***************************************************************************** + * ADD + ****************************************************************************/ + +static int lpdb_add_callback(struct ldb_request *req, + struct ldb_reply *ares); static int local_password_add(struct ldb_module *module, struct ldb_request *req) { - struct ldb_handle *h; - struct lpdb_context *ac; struct ldb_message *remote_message; - struct ldb_message *local_message; + struct ldb_request *remote_req; + struct lpdb_context *ac; struct GUID objectGUID; + int ret; int i; ldb_debug(module->ldb, LDB_DEBUG_TRACE, "local_password_add\n"); @@ -163,22 +179,12 @@ static int local_password_add(struct ldb_module *module, struct ldb_request *req } /* From here, we assume we have password attributes to split off */ - h = lpdb_init_handle(req, module, LPDB_ADD); - if (!h) { + ac = lpdb_init_context(module, req); + if (!ac) { return LDB_ERR_OPERATIONS_ERROR; } - ac = talloc_get_type(h->private_data, struct lpdb_context); - ac->orig_req = req; - - ac->remote_req = talloc(ac, struct ldb_request); - if (ac->remote_req == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - - *(ac->remote_req) = *(ac->orig_req); - - remote_message = ldb_msg_copy_shallow(ac->remote_req, ac->orig_req->op.add.message); + remote_message = ldb_msg_copy_shallow(remote_req, req->op.add.message); if (remote_message == NULL) { return LDB_ERR_OPERATIONS_ERROR; } @@ -188,81 +194,113 @@ static int local_password_add(struct ldb_module *module, struct ldb_request *req ldb_msg_remove_attr(remote_message, password_attrs[i]); } - ac->remote_req->op.add.message = remote_message; - - ac->remote_req->context = NULL; - ac->remote_req->callback = NULL; - - ac->local_req = talloc(ac, struct ldb_request); - if (ac->local_req == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } + /* Find the objectGUID to use as the key */ + objectGUID = samdb_result_guid(ac->req->op.add.message, "objectGUID"); - *(ac->local_req) = *(ac->orig_req); - local_message = ldb_msg_copy_shallow(ac->local_req, ac->orig_req->op.add.message); - if (local_message == NULL) { + ac->local_message = ldb_msg_copy_shallow(ac, req->op.add.message); + if (ac->local_message == NULL) { return LDB_ERR_OPERATIONS_ERROR; } /* Remove anything seen in the remote message from the local * message (leaving only password attributes) */ - for (i=0;iremote_req->op.add.message->num_elements;i++) { - ldb_msg_remove_attr(local_message, ac->remote_req->op.add.message->elements[i].name); + for (i=0; i < remote_message->num_elements; i++) { + ldb_msg_remove_attr(ac->local_message, remote_message->elements[i].name); } /* We must have an objectGUID already, or we don't know where * to add the password. This may be changed to an 'add and * search', to allow the directory to create the objectGUID */ - if (ldb_msg_find_ldb_val(ac->orig_req->op.add.message, "objectGUID") == NULL) { - ldb_set_errstring(module->ldb, - "no objectGUID found in search: local_password module must be configured below objectGUID module!\n"); + if (ldb_msg_find_ldb_val(req->op.add.message, "objectGUID") == NULL) { + ldb_set_errstring(module->ldb, + "no objectGUID found in search: " + "local_password module must be " + "onfigured below objectGUID module!\n"); return LDB_ERR_CONSTRAINT_VIOLATION; } - /* Find the objectGUID to use as the key */ - objectGUID = samdb_result_guid(ac->orig_req->op.add.message, "objectGUID"); - - local_message->dn = ldb_dn_new(local_message, module->ldb, LOCAL_BASE); - ldb_dn_add_child_fmt(local_message->dn, PASSWORD_GUID_ATTR "=%s", GUID_string(local_message, &objectGUID)); - - ac->local_req->op.add.message = local_message; - - ac->local_req->context = NULL; - ac->local_req->callback = NULL; - - ac->step = LPDB_ADD_REMOTE; + ac->local_message->dn = ldb_dn_new(ac->local_message, + module->ldb, LOCAL_BASE); + if ((ac->local_message->dn == NULL) || + ( ! ldb_dn_add_child_fmt(ac->local_message->dn, + PASSWORD_GUID_ATTR "=%s", + GUID_string(ac->local_message, + &objectGUID)))) { + return LDB_ERR_OPERATIONS_ERROR; + } - /* Return our own handle do deal with this call */ - req->handle = h; + ret = ldb_build_add_req(&remote_req, module->ldb, ac, + remote_message, + req->controls, + ac, lpdb_add_callback, + req); + if (ret != LDB_SUCCESS) { + return ret; + } - return ldb_next_request(module, ac->remote_req); + return ldb_next_request(module, remote_req); } -/* After adding the remote entry, add the local one */ -static int local_password_add_local(struct ldb_handle *h) { - +/* Add a record, splitting password attributes from the user's main + * record */ +static int lpdb_add_callback(struct ldb_request *req, + struct ldb_reply *ares) +{ + struct ldb_request *local_req; struct lpdb_context *ac; - ac = talloc_get_type(h->private_data, struct lpdb_context); + int ret; + + ac = talloc_get_type(req->context, struct lpdb_context); - h->state = LDB_ASYNC_INIT; - h->status = LDB_SUCCESS; + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } - ac->step = LPDB_LOCAL; + if (ares->type != LDB_REPLY_DONE) { + ldb_set_errstring(ac->module->ldb, "Unexpected reply type"); + talloc_free(ares); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } - ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->local_req); + ac->remote_done = talloc_steal(ac, ares); - /* perform the local add */ - return ldb_next_request(ac->module, ac->local_req); + ret = ldb_build_add_req(&local_req, ac->module->ldb, ac, + ac->local_message, + NULL, + ac, lpdb_local_callback, + ac->req); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } + + ret = ldb_next_request(ac->module, local_req); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } + return LDB_SUCCESS; } -static int local_password_mod_search_self(struct ldb_handle *h); +/***************************************************************************** + * MODIFY + ****************************************************************************/ + +static int lpdb_modify_callabck(struct ldb_request *req, + struct ldb_reply *ares); +static int lpdb_mod_search_callback(struct ldb_request *req, + struct ldb_reply *ares); static int local_password_modify(struct ldb_module *module, struct ldb_request *req) { - struct ldb_handle *h; struct lpdb_context *ac; struct ldb_message *remote_message; - struct ldb_message *local_message; + struct ldb_request *remote_req; + int ret; int i; ldb_debug(module->ldb, LDB_DEBUG_TRACE, "local_password_modify\n"); @@ -289,243 +327,565 @@ static int local_password_modify(struct ldb_module *module, struct ldb_request * } /* From here, we assume we have password attributes to split off */ - h = lpdb_init_handle(req, module, LPDB_MOD); - if (!h) { + ac = lpdb_init_context(module, req); + if (!ac) { return LDB_ERR_OPERATIONS_ERROR; } - ac = talloc_get_type(h->private_data, struct lpdb_context); - ac->orig_req = req; - - ac->remote_req = talloc(ac, struct ldb_request); - if (ac->remote_req == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - - *(ac->remote_req) = *(ac->orig_req); - remote_message = ldb_msg_copy_shallow(ac->remote_req, ac->orig_req->op.mod.message); + remote_message = ldb_msg_copy_shallow(ac, ac->req->op.mod.message); if (remote_message == NULL) { return LDB_ERR_OPERATIONS_ERROR; } - + /* Remove any password attributes from the remote message */ for (i=0; i < ARRAY_SIZE(password_attrs); i++) { ldb_msg_remove_attr(remote_message, password_attrs[i]); } - ac->remote_req->op.mod.message = remote_message; - - ac->remote_req->context = NULL; - ac->remote_req->callback = NULL; - - ac->local_req = talloc(ac, struct ldb_request); - if (ac->local_req == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - - *(ac->local_req) = *(ac->orig_req); - local_message = ldb_msg_copy_shallow(ac->local_req, ac->orig_req->op.mod.message); - if (local_message == NULL) { + ac->local_message = ldb_msg_copy_shallow(ac, ac->req->op.mod.message); + if (ac->local_message == NULL) { return LDB_ERR_OPERATIONS_ERROR; } /* Remove anything seen in the remote message from the local * message (leaving only password attributes) */ - for (i=0;iremote_req->op.mod.message->num_elements;i++) { - ldb_msg_remove_attr(local_message, ac->remote_req->op.mod.message->elements[i].name); + for (i=0; i < remote_message->num_elements;i++) { + ldb_msg_remove_attr(ac->local_message, remote_message->elements[i].name); } - ac->local_req->op.mod.message = local_message; - ac->local_message = local_message; + ret = ldb_build_mod_req(&remote_req, module->ldb, ac, + remote_message, + req->controls, + ac, lpdb_modify_callabck, + req); + if (ret != LDB_SUCCESS) { + return ret; + } - ac->local_req->context = NULL; - ac->local_req->callback = NULL; + return ldb_next_request(module, remote_req); +} - ac->step = LPDB_MOD_REMOTE; +/* On a modify, we don't have the objectGUID handy, so we need to + * search our DN for it */ +static int lpdb_modify_callabck(struct ldb_request *req, + struct ldb_reply *ares) +{ + static const char * const attrs[] = { "objectGUID", "objectClass", NULL }; + struct ldb_request *search_req; + struct lpdb_context *ac; + int ret; + + ac = talloc_get_type(req->context, struct lpdb_context); + + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + + if (ares->type != LDB_REPLY_DONE) { + ldb_set_errstring(ac->module->ldb, "Unexpected reply type"); + talloc_free(ares); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + + ac->remote_done = talloc_steal(ac, ares); - /* Return our own handle do deal with this call */ - req->handle = h; + /* prepare the search operation */ + ret = ldb_build_search_req(&search_req, ac->module->ldb, ac, + ac->req->op.mod.message->dn, LDB_SCOPE_BASE, + "(objectclass=*)", attrs, + NULL, + ac, lpdb_mod_search_callback, + ac->req); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } - return ldb_next_request(module, ac->remote_req); + ret = ldb_next_request(ac->module, search_req); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + return LDB_SUCCESS; } -/* Called when we search for our oen entry. Stores the one entry we +/* Called when we search for our own entry. Stores the one entry we * expect (as it is a base search) on the context pointer */ -static int get_self_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +static int lpdb_mod_search_callback(struct ldb_request *req, + struct ldb_reply *ares) { + struct ldb_request *local_req; struct lpdb_context *ac; + struct ldb_dn *local_dn; + struct GUID objectGUID; + int ret = LDB_SUCCESS; - ac = talloc_get_type(context, struct lpdb_context); + ac = talloc_get_type(req->context, struct lpdb_context); + + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } - /* we are interested only in the single reply (base search) we receive here */ - if (ares->type == LDB_REPLY_ENTRY) { - if (ac->search_res != NULL) { - ldb_set_errstring(ldb, "Too many results"); + switch (ares->type) { + case LDB_REPLY_ENTRY: + if (ac->remote != NULL) { + ldb_set_errstring(ac->module->ldb, "Too many results"); talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } - ac->search_res = talloc_steal(ac, ares); - } else { + ac->remote = talloc_steal(ac, ares); + break; + + case LDB_REPLY_REFERRAL: + + /* ignore */ + talloc_free(ares); + break; + + case LDB_REPLY_DONE: + /* After we find out the objectGUID for the entry, modify the local + * password database as required */ + talloc_free(ares); + + /* if it is not an entry of type person this is an error */ + /* TODO: remove this when sambaPassword will be in schema */ + if (ac->remote == NULL) { + ldb_asprintf_errstring(ac->module->ldb, + "entry just modified (%s) not found!", + ldb_dn_get_linearized(req->op.search.base)); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (!ldb_msg_check_string_attribute(ac->remote->message, + "objectClass", "person")) { + /* Not relevent to us */ + return ldb_module_done(ac->req, + ac->remote_done->controls, + ac->remote_done->response, + ac->remote_done->error); + } + + if (ldb_msg_find_ldb_val(ac->remote->message, + "objectGUID") == NULL) { + ldb_set_errstring(ac->module->ldb, + "no objectGUID found in search: " + "local_password module must be " + "configured below objectGUID " + "module!\n"); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OBJECT_CLASS_VIOLATION); + } + + objectGUID = samdb_result_guid(ac->remote->message, + "objectGUID"); + + local_dn = ldb_dn_new(ac, ac->module->ldb, LOCAL_BASE); + if ((local_dn == NULL) || + ( ! ldb_dn_add_child_fmt(local_dn, + PASSWORD_GUID_ATTR "=%s", + GUID_string(ac, &objectGUID)))) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + ac->local_message->dn = local_dn; + + ret = ldb_build_mod_req(&local_req, ac->module->ldb, ac, + ac->local_message, + NULL, + ac, lpdb_local_callback, + ac->req); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } + + /* perform the local update */ + ret = ldb_next_request(ac->module, local_req); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } } return LDB_SUCCESS; } -/* On a modify, we don't have the objectGUID handy, so we need to - * search our DN for it */ -static int local_password_mod_search_self(struct ldb_handle *h) { +/***************************************************************************** + * DELETE + ****************************************************************************/ +static int lpdb_delete_callabck(struct ldb_request *req, + struct ldb_reply *ares); +static int lpdb_del_search_callback(struct ldb_request *req, + struct ldb_reply *ares); + +static int local_password_delete(struct ldb_module *module, + struct ldb_request *req) +{ + struct ldb_request *remote_req; struct lpdb_context *ac; - static const char * const attrs[] = { "objectGUID", "objectClass", NULL }; + int ret; - ac = talloc_get_type(h->private_data, struct lpdb_context); + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "local_password_delete\n"); - /* prepare the search operation */ - ac->search_req = talloc_zero(ac, struct ldb_request); - if (ac->search_req == NULL) { - ldb_debug(ac->module->ldb, LDB_DEBUG_ERROR, "Out of Memory!\n"); - return LDB_ERR_OPERATIONS_ERROR; + /* do not manipulate our control entries */ + if (ldb_dn_is_special(req->op.mod.message->dn)) { + return ldb_next_request(module, req); + } + + /* If the caller is manipulating the local passwords directly, + * let them pass */ + if (ldb_dn_compare_base(ldb_dn_new(req, module->ldb, LOCAL_BASE), + req->op.del.dn) == 0) { + return ldb_next_request(module, req); } - ac->search_req->operation = LDB_SEARCH; - ac->search_req->op.search.base = ac->orig_req->op.mod.message->dn; - ac->search_req->op.search.scope = LDB_SCOPE_BASE; - ac->search_req->op.search.tree = ldb_parse_tree(ac->orig_req, NULL); - if (ac->search_req->op.search.tree == NULL) { - ldb_set_errstring(ac->module->ldb, "Invalid search filter"); + /* From here, we assume we have password attributes to split off */ + ac = lpdb_init_context(module, req); + if (!ac) { return LDB_ERR_OPERATIONS_ERROR; } - ac->search_req->op.search.attrs = attrs; - ac->search_req->controls = NULL; - ac->search_req->context = ac; - ac->search_req->callback = get_self_callback; - ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->search_req); - ac->step = LPDB_MOD_SEARCH_SELF; + ret = ldb_build_del_req(&remote_req, module->ldb, ac, + req->op.del.dn, + req->controls, + ac, lpdb_delete_callabck, + req); + if (ret != LDB_SUCCESS) { + return ret; + } - return ldb_next_request(ac->module, ac->search_req); + return ldb_next_request(module, remote_req); } -/* After we find out the objectGUID for the entry, modify the local - * password database as required */ -static int local_password_mod_local(struct ldb_handle *h) { +/* On a modify, we don't have the objectGUID handy, so we need to + * search our DN for it */ +static int lpdb_delete_callabck(struct ldb_request *req, + struct ldb_reply *ares) +{ + static const char * const attrs[] = { "objectGUID", "objectClass", NULL }; + struct ldb_request *search_req; + struct lpdb_context *ac; + int ret; + ac = talloc_get_type(req->context, struct lpdb_context); + + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + + if (ares->type != LDB_REPLY_DONE) { + ldb_set_errstring(ac->module->ldb, "Unexpected reply type"); + talloc_free(ares); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + + ac->remote_done = talloc_steal(ac, ares); + + /* prepare the search operation */ + ret = ldb_build_search_req(&search_req, ac->module->ldb, ac, + ac->req->op.del.dn, LDB_SCOPE_BASE, + "(objectclass=*)", attrs, + NULL, + ac, lpdb_del_search_callback, + ac->req); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + + ret = ldb_next_request(ac->module, search_req); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + return LDB_SUCCESS; +} + +/* Called when we search for our own entry. Stores the one entry we + * expect (as it is a base search) on the context pointer */ +static int lpdb_del_search_callback(struct ldb_request *req, + struct ldb_reply *ares) +{ + struct ldb_request *local_req; struct lpdb_context *ac; + struct ldb_dn *local_dn; struct GUID objectGUID; - ac = talloc_get_type(h->private_data, struct lpdb_context); - - /* if it is not an entry of type person this is an error */ - /* TODO: remove this when these things are checked in the schema */ - if (!ac->search_res) { - ldb_asprintf_errstring(ac->module->ldb, - "entry just modified (%s) not found!", - ldb_dn_get_linearized(ac->remote_req->op.mod.message->dn)); - return LDB_ERR_OPERATIONS_ERROR; - } - if (!ldb_msg_check_string_attribute(ac->search_res->message, "objectClass", "person")) { - /* Not relevent to us */ - return LDB_SUCCESS; + int ret = LDB_SUCCESS; + + ac = talloc_get_type(req->context, struct lpdb_context); + + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } - - if (ldb_msg_find_ldb_val(ac->search_res->message, "objectGUID") == NULL) { - ldb_set_errstring(ac->module->ldb, - "no objectGUID found in search: local_password module must be configured below objectGUID module!\n"); - return LDB_ERR_OBJECT_CLASS_VIOLATION; + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); } - - objectGUID = samdb_result_guid(ac->search_res->message, "objectGUID"); - ac->local_message->dn = ldb_dn_new(ac, ac->module->ldb, LOCAL_BASE); - ldb_dn_add_child_fmt(ac->local_message->dn, PASSWORD_GUID_ATTR "=%s", GUID_string(ac, &objectGUID)); + switch (ares->type) { + case LDB_REPLY_ENTRY: + if (ac->remote != NULL) { + ldb_set_errstring(ac->module->ldb, "Too many results"); + talloc_free(ares); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + + ac->remote = talloc_steal(ac, ares); + break; + + case LDB_REPLY_REFERRAL: - h->state = LDB_ASYNC_INIT; - h->status = LDB_SUCCESS; + /* ignore */ + talloc_free(ares); + break; - ac->step = LPDB_LOCAL; + case LDB_REPLY_DONE: + /* After we find out the objectGUID for the entry, modify the local + * password database as required */ - ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->local_req); + talloc_free(ares); + + /* if it is not an entry of type person this is NOT an error */ + /* TODO: remove this when sambaPassword will be in schema */ + if (ac->remote == NULL) { + return ldb_module_done(ac->req, + ac->remote_done->controls, + ac->remote_done->response, + ac->remote_done->error); + } + if (!ldb_msg_check_string_attribute(ac->remote->message, + "objectClass", "person")) { + /* Not relevent to us */ + return ldb_module_done(ac->req, + ac->remote_done->controls, + ac->remote_done->response, + ac->remote_done->error); + } + + if (ldb_msg_find_ldb_val(ac->remote->message, + "objectGUID") == NULL) { + ldb_set_errstring(ac->module->ldb, + "no objectGUID found in search: " + "local_password module must be " + "configured below objectGUID " + "module!\n"); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OBJECT_CLASS_VIOLATION); + } + + objectGUID = samdb_result_guid(ac->remote->message, + "objectGUID"); + + local_dn = ldb_dn_new(ac, ac->module->ldb, LOCAL_BASE); + if ((local_dn == NULL) || + ( ! ldb_dn_add_child_fmt(local_dn, + PASSWORD_GUID_ATTR "=%s", + GUID_string(ac, &objectGUID)))) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + + ret = ldb_build_del_req(&local_req, ac->module->ldb, ac, + local_dn, + NULL, + ac, lpdb_local_callback, + ac->req); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } - /* perform the local update */ - return ldb_next_request(ac->module, ac->local_req); + /* perform the local update */ + ret = ldb_next_request(ac->module, local_req); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } + } + + return LDB_SUCCESS; } -static int lpdb_local_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +/***************************************************************************** + * SEARCH + ****************************************************************************/ + +static int lpdb_local_search_callback(struct ldb_request *req, + struct ldb_reply *ares); + +static int lpdb_local_search(struct lpdb_context *ac) +{ + struct ldb_request *local_req; + int ret; + + ret = ldb_build_search_req(&local_req, ac->module->ldb, ac, + ac->current->local_dn, + LDB_SCOPE_BASE, + "(objectclass=*)", + ac->req->op.search.attrs, + NULL, + ac, lpdb_local_search_callback, + ac->req); + if (ret != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; + } + + return ldb_next_request(ac->module, local_req); +} + +static int lpdb_local_search_callback(struct ldb_request *req, + struct ldb_reply *ares) { - struct lpdb_local_search_context *local_context; + struct lpdb_context *ac; + struct ldb_reply *merge; + struct lpdb_reply *lr; + int ret; + int i; + + ac = talloc_get_type(req->context, struct lpdb_context); + + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } - local_context = talloc_get_type(context, struct lpdb_local_search_context); + lr = ac->current; - /* we are interested only in the single reply (base search) we receive here */ + /* we are interested only in a single reply (base search) */ switch (ares->type) { case LDB_REPLY_ENTRY: - { - int i; - if (local_context->local_res != NULL) { - ldb_set_errstring(ldb, "Too many results to base search for password entry!"); + + if (lr->remote == NULL) { + ldb_set_errstring(ac->module->ldb, + "Too many results for password entry search!"); talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } - - local_context->local_res = ares; - /* Make sure never to return the internal key attribute to the caller */ + merge = lr->remote; + lr->remote = NULL; + + /* steal the local results on the remote results to be + * returned all together */ + talloc_steal(merge, ares->message->elements); + + /* Make sure never to return the internal key attribute */ ldb_msg_remove_attr(ares->message, PASSWORD_GUID_ATTR); - talloc_steal(local_context->remote_res->message->elements, ares->message->elements); for (i=0; i < ares->message->num_elements; i++) { struct ldb_message_element *el; - el = ldb_msg_find_element(local_context->remote_res->message, + el = ldb_msg_find_element(merge->message, ares->message->elements[i].name); if (!el) { - if (ldb_msg_add_empty(local_context->remote_res->message, - ares->message->elements[i].name, 0, &el) != LDB_SUCCESS) { + ret = ldb_msg_add_empty(merge->message, + ares->message->elements[i].name, + 0, &el); + if (ret != LDB_SUCCESS) { talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; + return ldb_module_done(ac->req, + NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } *el = ares->message->elements[i]; } } - return local_context->ac->orig_req->callback(ldb, - local_context->ac->orig_req->context, - local_context->remote_res); - } - case LDB_REPLY_DONE: - { - /* Fire off the callback if there was no local entry, so we get the rest returned */ - if (local_context->local_res == NULL) { - return local_context->ac->orig_req->callback(ldb, - local_context->ac->orig_req->context, - local_context->remote_res); - } - return LDB_SUCCESS; + + /* free the rest */ + talloc_free(ares); + + return ldb_module_send_entry(ac->req, merge->message); + + case LDB_REPLY_REFERRAL: + /* ignore */ + talloc_free(ares); break; - } - default: - { + + case LDB_REPLY_DONE: + talloc_free(ares); - ldb_set_errstring(ldb, "Unexpected result type in base search for password entry!"); - return LDB_ERR_OPERATIONS_ERROR; - } + + /* if this entry was not returned yet, return it now */ + if (lr->remote) { + ret = ldb_module_send_entry(ac->req, ac->remote->message); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, + NULL, NULL, ret); + } + lr->remote = NULL; + } + + if (lr->next->remote->type == LDB_REPLY_DONE) { + /* this was the last one */ + return ldb_module_done(ac->req, + lr->next->remote->controls, + lr->next->remote->response, + lr->next->remote->error); + } else { + /* next one */ + ac->current = lr->next; + talloc_free(lr); + + ret = lpdb_local_search(ac); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, + NULL, NULL, ret); + } + } } + + return LDB_SUCCESS; } /* For each entry returned in a remote search, do a local base search, * based on the objectGUID we asked for as an additional attribute */ -static int lpdb_remote_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +static int lpdb_remote_search_callback(struct ldb_request *req, + struct ldb_reply *ares) { struct lpdb_context *ac; + struct ldb_dn *local_dn; + struct GUID objectGUID; + struct lpdb_reply *lr; + int ret; - ac = talloc_get_type(context, struct lpdb_context); + ac = talloc_get_type(req->context, struct lpdb_context); - if (ares->type == LDB_REPLY_ENTRY) { - struct ldb_request *req; - struct lpdb_local_search_context *local_context; - struct GUID objectGUID; + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + switch (ares->type) { + case LDB_REPLY_ENTRY: /* No point searching further if it's not a 'person' entry */ if (!ldb_msg_check_string_attribute(ares->message, "objectClass", "person")) { @@ -538,13 +898,14 @@ static int lpdb_remote_search_callback(struct ldb_context *ldb, void *context, s ldb_msg_remove_attr(ares->message, "objectClass"); } - return ac->orig_req->callback(ldb, ac->orig_req->context, ares); + return ldb_module_send_entry(ac->req, ares->message); } if (ldb_msg_find_ldb_val(ares->message, "objectGUID") == NULL) { ldb_set_errstring(ac->module->ldb, "no objectGUID found in search: local_password module must be configured below objectGUID module!\n"); - return LDB_ERR_OPERATIONS_ERROR; + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } objectGUID = samdb_result_guid(ares->message, "objectGUID"); @@ -557,44 +918,63 @@ static int lpdb_remote_search_callback(struct ldb_context *ldb, void *context, s ldb_msg_remove_attr(ares->message, "objectClass"); } - req = talloc_zero(ac, struct ldb_request); - if (!req) { - return LDB_ERR_OPERATIONS_ERROR; + local_dn = ldb_dn_new(ac, ac->module->ldb, LOCAL_BASE); + if ((local_dn == NULL) || + (! ldb_dn_add_child_fmt(local_dn, + PASSWORD_GUID_ATTR "=%s", + GUID_string(ac, &objectGUID)))) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + + lr = talloc_zero(ac, struct lpdb_reply); + if (lr == NULL) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } + lr->local_dn = talloc_steal(lr, local_dn); + lr->remote = talloc_steal(lr, ares); - local_context = talloc(ac, struct lpdb_local_search_context); - if (!local_context) { - return LDB_ERR_OPERATIONS_ERROR; + if (ac->list) { + ac->current->next = lr; + } else { + ac->list = lr; } - local_context->ac = ac; - local_context->remote_res = ares; - local_context->local_res = NULL; + ac->current= lr; + + break; - req->op.search.base = ldb_dn_new(ac, ac->module->ldb, LOCAL_BASE); - if ( ! ldb_dn_add_child_fmt(req->op.search.base, PASSWORD_GUID_ATTR "=%s", GUID_string(ac, &objectGUID))) { - return LDB_ERR_OPERATIONS_ERROR; + case LDB_REPLY_REFERRAL: + + return ldb_module_send_referral(ac->req, ares->referral); + + case LDB_REPLY_DONE: + + if (ac->list == NULL) { + /* found nothing */ + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); } - req->operation = LDB_SEARCH; - req->op.search.scope = LDB_SCOPE_BASE; - req->op.search.tree = ldb_parse_tree(req, NULL); - if (req->op.search.tree == NULL) { - ldb_set_errstring(ac->module->ldb, "Out of Memory"); - return LDB_ERR_OPERATIONS_ERROR; + + lr = talloc_zero(ac, struct lpdb_reply); + if (lr == NULL) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } - req->op.search.attrs = ac->orig_req->op.search.attrs; - req->controls = NULL; - req->context = ac; - req->callback = get_self_callback; + lr->remote = talloc_steal(lr, ares); - ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, req); - - req->context = local_context; - req->callback = lpdb_local_search_callback; + ac->current->next = lr; - return ldb_next_request(ac->module, req); - } else { - return ac->orig_req->callback(ldb, ac->orig_req->context, ares); + /* rewind current and start local searches */ + ac->current= ac->list; + + ret = lpdb_local_search(ac); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } } + + return LDB_SUCCESS; } /* Search for passwords and other attributes. The passwords are @@ -603,7 +983,7 @@ static int lpdb_remote_search_callback(struct ldb_context *ldb, void *context, s static int local_password_search(struct ldb_module *module, struct ldb_request *req) { - struct ldb_handle *h; + struct ldb_request *remote_req; struct lpdb_context *ac; int i; int ret; @@ -615,6 +995,8 @@ static int local_password_search(struct ldb_module *module, struct ldb_request * return ldb_next_request(module, req); } + search_attrs = NULL; + /* If the caller is searching for the local passwords directly, let them pass */ if (ldb_dn_compare_base(ldb_dn_new(req, module->ldb, LOCAL_BASE), req->op.search.base) == 0) { @@ -634,32 +1016,15 @@ static int local_password_search(struct ldb_module *module, struct ldb_request * } } - h = lpdb_init_handle(req, module, LPDB_SEARCH); - if (!h) { - return LDB_ERR_OPERATIONS_ERROR; - } - - ac = talloc_get_type(h->private_data, struct lpdb_context); - - ac->orig_req = req; - - ac->remote_req = talloc(ac, struct ldb_request); - if (ac->remote_req == NULL) { + ac = lpdb_init_context(module, req); + if (!ac) { return LDB_ERR_OPERATIONS_ERROR; } /* Remote search is for all attributes: if the remote LDAP server has these attributes, then it overrides the local database */ - *(ac->remote_req) = *(ac->orig_req); - - /* Return our own handle do deal with this call */ - ac->remote_req->handle = h; - - ac->remote_req->context = ac; - ac->remote_req->callback = lpdb_remote_search_callback; - if (req->op.search.attrs && !ldb_attr_in_list(req->op.search.attrs, "*")) { if (!ldb_attr_in_list(req->op.search.attrs, "objectGUID")) { - search_attrs = ldb_attr_list_copy_add(req, req->op.search.attrs, "objectGUID"); + search_attrs = ldb_attr_list_copy_add(ac, req->op.search.attrs, "objectGUID"); ac->added_objectGUID = true; if (!search_attrs) { return LDB_ERR_OPERATIONS_ERROR; @@ -668,7 +1033,7 @@ static int local_password_search(struct ldb_module *module, struct ldb_request * search_attrs = req->op.search.attrs; } if (!ldb_attr_in_list(search_attrs, "objectClass")) { - search_attrs = ldb_attr_list_copy_add(req, search_attrs, "objectClass"); + search_attrs = ldb_attr_list_copy_add(ac, search_attrs, "objectClass"); ac->added_objectClass = true; if (!search_attrs) { return LDB_ERR_OPERATIONS_ERROR; @@ -678,175 +1043,26 @@ static int local_password_search(struct ldb_module *module, struct ldb_request * search_attrs = req->op.search.attrs; } - ac->remote_req->op.search.attrs = search_attrs; - - ldb_set_timeout_from_prev_req(module->ldb, ac->orig_req, ac->remote_req); - - h->state = LDB_ASYNC_INIT; - h->status = LDB_SUCCESS; - - ac->step = LPDB_SEARCH_REMOTE; - - /* perform the search */ - ret = ldb_next_request(module, ac->remote_req); - - if (ret == LDB_SUCCESS) { - req->handle = ac->remote_req->handle; - } - - return ret; -} - -static int lpdb_wait(struct ldb_handle *handle) { - struct lpdb_context *ac; - int ret; - - if (!handle || !handle->private_data) { + ret = ldb_build_search_req_ex(&remote_req, module->ldb, ac, + req->op.search.base, + req->op.search.scope, + req->op.search.tree, + search_attrs, + req->controls, + ac, lpdb_remote_search_callback, + req); + if (ret != LDB_SUCCESS) { return LDB_ERR_OPERATIONS_ERROR; } - if (handle->state == LDB_ASYNC_DONE) { - return handle->status; - } - - handle->state = LDB_ASYNC_PENDING; - handle->status = LDB_SUCCESS; - - ac = talloc_get_type(handle->private_data, struct lpdb_context); - - switch (ac->step) { - case LPDB_ADD_REMOTE: - ret = ldb_wait(ac->remote_req->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - if (ac->remote_req->handle->status != LDB_SUCCESS) { - handle->status = ac->remote_req->handle->status; - goto done; - } - - if (ac->remote_req->handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - - /* original request done, go on */ - return local_password_add_local(handle); - - case LPDB_MOD_REMOTE: - ret = ldb_wait(ac->remote_req->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - if (ac->remote_req->handle->status != LDB_SUCCESS) { - handle->status = ac->remote_req->handle->status; - goto done; - } - - if (ac->remote_req->handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - - /* original request done, go on */ - return local_password_mod_search_self(handle); - - case LPDB_MOD_SEARCH_SELF: - ret = ldb_wait(ac->search_req->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - if (ac->search_req->handle->status != LDB_SUCCESS) { - handle->status = ac->search_req->handle->status; - goto done; - } - - if (ac->search_req->handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - - /* original request done, go on */ - return local_password_mod_local(handle); - - case LPDB_LOCAL: - ret = ldb_wait(ac->local_req->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - if (ac->local_req->handle->status != LDB_SUCCESS) { - handle->status = ac->local_req->handle->status; - goto done; - } - - if (ac->local_req->handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - - break; - - case LPDB_SEARCH_REMOTE: - ret = ldb_wait(ac->remote_req->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - if (ac->remote_req->handle->status != LDB_SUCCESS) { - handle->status = ac->remote_req->handle->status; - goto done; - } - - if (ac->remote_req->handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - - break; - - default: - ret = LDB_ERR_OPERATIONS_ERROR; - goto done; - } - - ret = LDB_SUCCESS; - -done: - handle->state = LDB_ASYNC_DONE; - return ret; -} - -static int lpdb_wait_all(struct ldb_handle *handle) { - - int ret; - - while (handle->state != LDB_ASYNC_DONE) { - ret = lpdb_wait(handle); - if (ret != LDB_SUCCESS) { - return ret; - } - } - - return handle->status; -} - -static int local_password_wait(struct ldb_handle *handle, enum ldb_wait_type type) -{ - if (type == LDB_WAIT_ALL) { - return lpdb_wait_all(handle); - } else { - return lpdb_wait(handle); - } + /* perform the search */ + return ldb_next_request(module, remote_req); } _PUBLIC_ const struct ldb_module_ops ldb_local_password_module_ops = { .name = "local_password", .add = local_password_add, .modify = local_password_modify, - .search = local_password_search, - .wait = local_password_wait + .del = local_password_delete, + .search = local_password_search }; diff --git a/source4/dsdb/samdb/ldb_modules/normalise.c b/source4/dsdb/samdb/ldb_modules/normalise.c index 3306fd3c33..70513bd644 100644 --- a/source4/dsdb/samdb/ldb_modules/normalise.c +++ b/source4/dsdb/samdb/ldb_modules/normalise.c @@ -45,6 +45,14 @@ CN=Admins,CN=Users,DC=samba,DC=example,DC=com */ + +struct norm_context { + struct ldb_module *module; + struct ldb_request *req; + + const struct dsdb_schema *schema; +}; + static int fix_dn(struct ldb_dn *dn) { int i, ret; @@ -69,93 +77,117 @@ static int fix_dn(struct ldb_dn *dn) return LDB_SUCCESS; } -static int normalise_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +static int normalize_search_callback(struct ldb_request *req, struct ldb_reply *ares) { - const struct dsdb_schema *schema = dsdb_get_schema(ldb); - struct ldb_request *orig_req = talloc_get_type(context, struct ldb_request); - TALLOC_CTX *mem_ctx; + struct ldb_message *msg; + struct norm_context *ac; int i, j, ret; - /* Only entries are interesting, and we handle the case of the parent seperatly */ - if (ares->type != LDB_REPLY_ENTRY) { - return orig_req->callback(ldb, orig_req->context, ares); - } + ac = talloc_get_type(req->context, struct norm_context); - if (!schema) { - return orig_req->callback(ldb, orig_req->context, ares); + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } - - mem_ctx = talloc_new(ares); - if (!mem_ctx) { - ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); } - /* OK, we have one of *many* search results passing by here, - * but we should get them one at a time */ + /* Only entries are interesting, and we handle the case of the parent seperatly */ - ret = fix_dn(ares->message->dn); - if (ret != LDB_SUCCESS) { - talloc_free(mem_ctx); - return ret; - } + switch (ares->type) { + case LDB_REPLY_ENTRY: - for (i = 0; i < ares->message->num_elements; i++) { - const struct dsdb_attribute *attribute = dsdb_attribute_by_lDAPDisplayName(schema, ares->message->elements[i].name); - if (!attribute) { - continue; - } - /* Look to see if this attributeSyntax is a DN */ - if (!((strcmp(attribute->attributeSyntax_oid, "2.5.5.1") == 0) || - (strcmp(attribute->attributeSyntax_oid, "2.5.5.7") == 0))) { - continue; + /* OK, we have one of *many* search results passing by here, + * but we should get them one at a time */ + msg = ares->message; + + ret = fix_dn(msg->dn); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); } - for (j = 0; j < ares->message->elements[i].num_values; j++) { - const char *dn_str; - struct ldb_dn *dn = ldb_dn_from_ldb_val(mem_ctx, ldb, &ares->message->elements[i].values[j]); - if (!dn) { - talloc_free(mem_ctx); - return LDB_ERR_OPERATIONS_ERROR; + + for (i = 0; i < msg->num_elements; i++) { + const struct dsdb_attribute *attribute = dsdb_attribute_by_lDAPDisplayName(ac->schema, msg->elements[i].name); + if (!attribute) { + continue; } - ret = fix_dn(dn); - if (ret != LDB_SUCCESS) { - talloc_free(mem_ctx); - return ret; + /* Look to see if this attributeSyntax is a DN */ + if (!((strcmp(attribute->attributeSyntax_oid, "2.5.5.1") == 0) || + (strcmp(attribute->attributeSyntax_oid, "2.5.5.7") == 0))) { + continue; + } + for (j = 0; j < msg->elements[i].num_values; j++) { + const char *dn_str; + struct ldb_dn *dn = ldb_dn_new(ac, ac->module->ldb, (const char *)msg->elements[i].values[j].data); + if (!dn) { + return ldb_module_done(ac->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); + } + ret = fix_dn(dn); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } + dn_str = talloc_steal(msg->elements[i].values, ldb_dn_get_linearized(dn)); + msg->elements[i].values[j] = data_blob_string_const(dn_str); + talloc_free(dn); } - dn_str = talloc_steal(ares->message->elements[i].values, ldb_dn_get_linearized(dn)); - ares->message->elements[i].values[j] = data_blob_string_const(dn_str); - talloc_free(dn); } + + return ldb_module_send_entry(ac->req, msg); + + case LDB_REPLY_REFERRAL: + + return ldb_module_send_referral(ac->req, ares->referral); + + case LDB_REPLY_DONE: + + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); } - talloc_free(mem_ctx); - return orig_req->callback(ldb, orig_req->context, ares); + + return LDB_SUCCESS; } /* search */ static int normalise_search(struct ldb_module *module, struct ldb_request *req) { + struct ldb_request *down_req; + struct norm_context *ac; int ret; - struct ldb_request *down_req = talloc(req, struct ldb_request); - if (!down_req) { - ldb_oom(module->ldb); + + ac = talloc(req, struct norm_context); + if (ac == NULL) { return LDB_ERR_OPERATIONS_ERROR; } - - *down_req = *req; - down_req->context = req; - down_req->callback = normalise_search_callback; - ret = ldb_next_request(module, down_req); + ac->module = module; + ac->req = req; - /* do not free down_req as the call results may be linked to it, - * it will be freed when the upper level request get freed */ - if (ret == LDB_SUCCESS) { - req->handle = down_req->handle; + /* if schema not yet present just skip over */ + ac->schema = dsdb_get_schema(ac->module->ldb); + if (ac->schema == NULL) { + talloc_free(ac); + return ldb_next_request(module, req); } - return ret; + + ret = ldb_build_search_req_ex(&down_req, module->ldb, ac, + req->op.search.base, + req->op.search.scope, + req->op.search.tree, + req->op.search.attrs, + req->controls, + ac, normalize_search_callback, + req); + if (ret != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; + } + + return ldb_next_request(module, down_req); } + _PUBLIC_ const struct ldb_module_ops ldb_normalise_module_ops = { .name = "normalise", .search = normalise_search, diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c index b048a8d8e1..2c242d47c6 100644 --- a/source4/dsdb/samdb/ldb_modules/objectclass.c +++ b/source4/dsdb/samdb/ldb_modules/objectclass.c @@ -1,7 +1,7 @@ /* ldb database library - Copyright (C) Simo Sorce 2006 + Copyright (C) Simo Sorce 2006-2008 Copyright (C) Andrew Bartlett 2005-2007 This program is free software; you can redistribute it and/or modify @@ -47,21 +47,12 @@ struct oc_context { - enum oc_step {OC_DO_REQ, OC_SEARCH_SELF, OC_DO_MOD, - OC_SEARCH_ADD_PARENT, OC_DO_ADD, - OC_SEARCH_RENAME_PARENT, OC_DO_RENAME} step; - struct ldb_module *module; - struct ldb_request *orig_req; - - struct ldb_request *down_req; + struct ldb_request *req; - struct ldb_request *search_req; struct ldb_reply *search_res; - struct ldb_request *add_req; - struct ldb_request *mod_req; - struct ldb_request *rename_req; + int (*step_fn)(struct oc_context *); }; struct class_list { @@ -69,46 +60,31 @@ struct class_list { const struct dsdb_class *objectclass; }; -static int objectclass_do_add(struct ldb_handle *h); - -static struct ldb_handle *oc_init_handle(struct ldb_request *req, struct ldb_module *module) +static struct oc_context *oc_init_context(struct ldb_module *module, + struct ldb_request *req) { struct oc_context *ac; - struct ldb_handle *h; - h = talloc_zero(req, struct ldb_handle); - if (h == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); - return NULL; - } - - h->module = module; - - ac = talloc_zero(h, struct oc_context); + ac = talloc_zero(req, struct oc_context); if (ac == NULL) { ldb_set_errstring(module->ldb, "Out of Memory"); - talloc_free(h); return NULL; } - h->private_data = (void *)ac; - - h->state = LDB_ASYNC_INIT; - h->status = LDB_SUCCESS; - ac->module = module; - ac->orig_req = req; + ac->req = req; - return h; + return ac; } +static int objectclass_do_add(struct oc_context *ac); + /* Sort objectClasses into correct order, and validate that all * objectClasses specified actually exist in the schema */ static int objectclass_sort(struct ldb_module *module, const struct dsdb_schema *schema, - struct ldb_message *msg, /* so that when we create new elements, we put it on the right parent */ TALLOC_CTX *mem_ctx, struct ldb_message_element *objectclass_element, struct class_list **sorted_out) @@ -117,6 +93,7 @@ static int objectclass_sort(struct ldb_module *module, int layer; struct class_list *sorted = NULL, *parent_class = NULL, *subclass = NULL, *unsorted = NULL, *current, *poss_subclass, *poss_parent, *new_parent; + /* DESIGN: * * We work on 4 different 'bins' (implemented here as linked lists): @@ -150,8 +127,7 @@ static int objectclass_sort(struct ldb_module *module, for (i=0; i < objectclass_element->num_values; i++) { current = talloc(mem_ctx, struct class_list); if (!current) { - ldb_set_errstring(module->ldb, "objectclass: out of memory allocating objectclass list"); - talloc_free(mem_ctx); + ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } current->objectclass = dsdb_class_by_lDAPDisplayName(schema, (const char *)objectclass_element->values[i].data); @@ -258,7 +234,7 @@ static DATA_BLOB *get_sd(struct ldb_module *module, TALLOC_CTX *mem_ctx, struct auth_session_info *session_info = ldb_get_opaque(module->ldb, "sessionInfo"); struct security_descriptor *sd; - struct dom_sid *domain_sid = samdb_domain_sid(module->ldb); + const struct dom_sid *domain_sid = samdb_domain_sid(module->ldb); if (!objectclass->defaultSecurityDescriptor || !domain_sid) { return NULL; @@ -292,28 +268,77 @@ static DATA_BLOB *get_sd(struct ldb_module *module, TALLOC_CTX *mem_ctx, } -static int get_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +static int get_search_callback(struct ldb_request *req, struct ldb_reply *ares) { struct oc_context *ac; + int ret; - ac = talloc_get_type(context, struct oc_context); + ac = talloc_get_type(req->context, struct oc_context); - /* we are interested only in the single reply (base search) we receive here */ - if (ares->type == LDB_REPLY_ENTRY) { + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS && + ares->error != LDB_ERR_NO_SUCH_OBJECT) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + + switch (ares->type) { + case LDB_REPLY_ENTRY: if (ac->search_res != NULL) { - ldb_set_errstring(ldb, "Too many results"); + ldb_set_errstring(ac->module->ldb, "Too many results"); talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } - ac->search_res = talloc_move(ac, &ares); - } else { + ac->search_res = talloc_steal(ac, ares); + break; + + case LDB_REPLY_REFERRAL: + /* ignore */ + talloc_free(ares); + break; + + case LDB_REPLY_DONE: talloc_free(ares); + ret = ac->step_fn(ac); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } + break; } return LDB_SUCCESS; } +static int oc_op_callback(struct ldb_request *req, struct ldb_reply *ares) +{ + struct oc_context *ac; + + ac = talloc_get_type(req->context, struct oc_context); + + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + + if (ares->type != LDB_REPLY_DONE) { + talloc_free(ares); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); +} + /* Fix up the DN to be in the standard form, taking particular care to match the parent DN This should mean that if the parent is: @@ -367,12 +392,11 @@ static int fix_attributes(struct ldb_context *ldb, const struct dsdb_schema *sch return LDB_SUCCESS; } +static int objectclass_do_add(struct oc_context *ac); + static int objectclass_add(struct ldb_module *module, struct ldb_request *req) { - - static const char * const attrs[] = { NULL }; - - struct ldb_handle *h; + struct ldb_request *search_req; struct oc_context *ac; struct ldb_dn *parent_dn; int ret; @@ -384,61 +408,56 @@ static int objectclass_add(struct ldb_module *module, struct ldb_request *req) return ldb_next_request(module, req); } - /* Need to object to this, but cn=rootdse doesn't hae an objectClass... */ + /* Need to object to this, but cn=rootdse doesn't have an objectClass... */ if (ldb_msg_find_element(req->op.add.message, "objectClass") == NULL) { return ldb_next_request(module, req); } - h = oc_init_handle(req, module); - if (!h) { + ac = oc_init_context(module, req); + if (ac == NULL) { return LDB_ERR_OPERATIONS_ERROR; } - ac = talloc_get_type(h->private_data, struct oc_context); - - /* return or own handle to deal with this call */ - req->handle = h; /* If there isn't a parent, just go on to the add processing */ - if (ldb_dn_get_comp_num(ac->orig_req->op.add.message->dn) == 1) { - return objectclass_do_add(h); + if (ldb_dn_get_comp_num(ac->req->op.add.message->dn) == 1) { + return objectclass_do_add(ac); } - parent_dn = ldb_dn_get_parent(ac, ac->orig_req->op.add.message->dn); + /* get copy of parent DN */ + parent_dn = ldb_dn_get_parent(ac, ac->req->op.add.message->dn); if (parent_dn == NULL) { ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } - ret = ldb_build_search_req(&ac->search_req, module->ldb, + ret = ldb_build_search_req(&search_req, module->ldb, ac, parent_dn, LDB_SCOPE_BASE, - "(objectClass=*)", - attrs, NULL, - ac, get_search_callback); + "(objectClass=*)", NULL, + NULL, + ac, get_search_callback, + req); if (ret != LDB_SUCCESS) { return ret; } + talloc_steal(search_req, parent_dn); - talloc_steal(ac->search_req, parent_dn); - - ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->search_req); + ac->step_fn = objectclass_do_add; - ac->step = OC_SEARCH_ADD_PARENT; - - return ldb_next_request(ac->module, ac->search_req); + return ldb_next_request(ac->module, search_req); } -static int objectclass_do_add(struct ldb_handle *h) +static int objectclass_do_add(struct oc_context *ac) { const struct dsdb_schema *schema; - struct oc_context *ac; + struct ldb_request *add_req; + char *value; struct ldb_message_element *objectclass_element; struct ldb_message *msg; TALLOC_CTX *mem_ctx; struct class_list *sorted, *current; int ret; - - ac = talloc_get_type(h->private_data, struct oc_context); + schema = dsdb_get_schema(ac->module->ldb); mem_ctx = talloc_new(ac); @@ -446,41 +465,34 @@ static int objectclass_do_add(struct ldb_handle *h) return LDB_ERR_OPERATIONS_ERROR; } - ac->add_req = talloc(ac, struct ldb_request); - if (ac->add_req == NULL) { - talloc_free(mem_ctx); - return LDB_ERR_OPERATIONS_ERROR; - } + msg = ldb_msg_copy_shallow(ac, ac->req->op.add.message); - *ac->add_req = *ac->orig_req; - - ac->add_req->op.add.message = msg = ldb_msg_copy_shallow(ac->add_req, ac->orig_req->op.add.message); - - ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->add_req); - /* Check we have a valid parent */ if (ac->search_res == NULL) { - if (ldb_dn_compare(ldb_get_root_basedn(ac->module->ldb), ac->orig_req->op.add.message->dn) == 0) { + if (ldb_dn_compare(ldb_get_root_basedn(ac->module->ldb), + msg->dn) == 0) { /* Allow the tree to be started */ /* but don't keep any error string, it's meaningless */ ldb_set_errstring(ac->module->ldb, NULL); } else { ldb_asprintf_errstring(ac->module->ldb, "objectclass: Cannot add %s, parent does not exist!", - ldb_dn_get_linearized(ac->orig_req->op.add.message->dn)); + ldb_dn_get_linearized(msg->dn)); + talloc_free(mem_ctx); return LDB_ERR_UNWILLING_TO_PERFORM; } } else { /* Fix up the DN to be in the standard form, taking particular care to match the parent DN */ ret = fix_dn(msg, - ac->orig_req->op.add.message->dn, + ac->req->op.add.message->dn, ac->search_res->message->dn, &msg->dn); if (ret != LDB_SUCCESS) { ldb_asprintf_errstring(ac->module->ldb, "Could not munge DN %s into normal form", - ldb_dn_get_linearized(ac->orig_req->op.add.message->dn)); + ldb_dn_get_linearized(ac->req->op.add.message->dn)); + talloc_free(mem_ctx); return ret; } @@ -505,7 +517,7 @@ static int objectclass_do_add(struct ldb_handle *h) talloc_free(mem_ctx); return LDB_ERR_OPERATIONS_ERROR; } - ret = objectclass_sort(ac->module, schema, msg, mem_ctx, objectclass_element, &sorted); + ret = objectclass_sort(ac->module, schema, mem_ctx, objectclass_element, &sorted); if (ret != LDB_SUCCESS) { talloc_free(mem_ctx); return ret; @@ -524,7 +536,13 @@ static int objectclass_do_add(struct ldb_handle *h) /* Move from the linked list back into an ldb msg */ for (current = sorted; current; current = current->next) { - ret = ldb_msg_add_string(msg, "objectClass", current->objectclass->lDAPDisplayName); + value = talloc_strdup(msg, current->objectclass->lDAPDisplayName); + if (value == NULL) { + ldb_oom(ac->module->ldb); + talloc_free(mem_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + ret = ldb_msg_add_string(msg, "objectClass", value); if (ret != LDB_SUCCESS) { ldb_set_errstring(ac->module->ldb, "objectclass: could not re-add sorted " @@ -537,8 +555,13 @@ static int objectclass_do_add(struct ldb_handle *h) struct ldb_message_element *el; int32_t systemFlags = 0; if (!ldb_msg_find_element(msg, "objectCategory")) { - ldb_msg_add_string(msg, "objectCategory", - current->objectclass->defaultObjectCategory); + value = talloc_strdup(msg, current->objectclass->defaultObjectCategory); + if (value == NULL) { + ldb_oom(ac->module->ldb); + talloc_free(mem_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + ldb_msg_add_string(msg, "objectCategory", value); } if (!ldb_msg_find_element(msg, "showInAdvancedViewOnly") && (current->objectclass->defaultHidingValue == true)) { ldb_msg_add_string(msg, "showInAdvancedViewOnly", @@ -597,20 +620,33 @@ static int objectclass_do_add(struct ldb_handle *h) return ret; } - h->state = LDB_ASYNC_INIT; - h->status = LDB_SUCCESS; - - ac->step = OC_DO_ADD; + ret = ldb_build_add_req(&add_req, ac->module->ldb, ac, + msg, + ac->req->controls, + ac, oc_op_callback, + ac->req); + if (ret != LDB_SUCCESS) { + return ret; + } /* perform the add */ - return ldb_next_request(ac->module, ac->add_req); + return ldb_next_request(ac->module, add_req); } +static int oc_modify_callback(struct ldb_request *req, + struct ldb_reply *ares); +static int objectclass_do_mod(struct oc_context *ac); + static int objectclass_modify(struct ldb_module *module, struct ldb_request *req) { struct ldb_message_element *objectclass_element; struct ldb_message *msg; const struct dsdb_schema *schema = dsdb_get_schema(module->ldb); + struct class_list *sorted, *current; + struct ldb_request *down_req; + struct oc_context *ac; + TALLOC_CTX *mem_ctx; + char *value; int ret; ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectclass_modify\n"); @@ -626,23 +662,19 @@ static int objectclass_modify(struct ldb_module *module, struct ldb_request *req } objectclass_element = ldb_msg_find_element(req->op.mod.message, "objectClass"); + ac = oc_init_context(module, req); + if (ac == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + /* If no part of this touches the objectClass, then we don't * need to make any changes. */ /* If the only operation is the deletion of the objectClass * then go on with just fixing the attribute case */ if (!objectclass_element) { - struct ldb_request *down_req = talloc(req, struct ldb_request); - if (down_req == NULL) { - ldb_set_errstring(module->ldb, "Out of memory!"); - return LDB_ERR_OPERATIONS_ERROR; - } - - *down_req = *req; /* copy the request */ - - down_req->op.mod.message = msg = ldb_msg_copy_shallow(down_req, req->op.mod.message); - - if (down_req->op.mod.message == NULL) { + msg = ldb_msg_copy_shallow(ac, req->op.mod.message); + if (msg == NULL) { return LDB_ERR_OPERATIONS_ERROR; } @@ -651,15 +683,17 @@ static int objectclass_modify(struct ldb_module *module, struct ldb_request *req return ret; } - /* go on with the call chain */ - ret = ldb_next_request(module, down_req); - - /* do not free down_req as the call results may be linked to it, - * it will be freed when the upper level request get freed */ - if (ret == LDB_SUCCESS) { - req->handle = down_req->handle; + ret = ldb_build_mod_req(&down_req, module->ldb, ac, + msg, + req->controls, + ac, oc_op_callback, + req); + if (ret != LDB_SUCCESS) { + return ret; } - return ret; + + /* go on with the call chain */ + return ldb_next_request(module, down_req); } switch (objectclass_element->flags & LDB_FLAG_MOD_MASK) { @@ -668,41 +702,28 @@ static int objectclass_modify(struct ldb_module *module, struct ldb_request *req return LDB_ERR_OBJECT_CLASS_MODS_PROHIBITED; } break; + case LDB_FLAG_MOD_REPLACE: - { - struct ldb_request *down_req; - struct class_list *sorted, *current; - TALLOC_CTX *mem_ctx; - mem_ctx = talloc_new(req); + mem_ctx = talloc_new(ac); if (mem_ctx == NULL) { return LDB_ERR_OPERATIONS_ERROR; } - /* prepare the first operation */ - down_req = talloc(req, struct ldb_request); - if (down_req == NULL) { - ldb_set_errstring(module->ldb, "Out of memory!"); + msg = ldb_msg_copy_shallow(ac, req->op.mod.message); + if (msg == NULL) { talloc_free(mem_ctx); return LDB_ERR_OPERATIONS_ERROR; } - - *down_req = *req; /* copy the request */ - - down_req->op.mod.message = msg = ldb_msg_copy_shallow(down_req, req->op.mod.message); - - if (down_req->op.mod.message == NULL) { - talloc_free(mem_ctx); - return LDB_ERR_OPERATIONS_ERROR; - } - + ret = fix_attributes(module->ldb, schema, msg); if (ret != LDB_SUCCESS) { talloc_free(mem_ctx); return ret; } - ret = objectclass_sort(module, schema, msg, mem_ctx, objectclass_element, &sorted); + ret = objectclass_sort(module, schema, mem_ctx, objectclass_element, &sorted); if (ret != LDB_SUCCESS) { + talloc_free(mem_ctx); return ret; } @@ -719,9 +740,21 @@ static int objectclass_modify(struct ldb_module *module, struct ldb_request *req /* Move from the linked list back into an ldb msg */ for (current = sorted; current; current = current->next) { - ret = ldb_msg_add_string(msg, "objectClass", current->objectclass->lDAPDisplayName); + /* copy the value as this string is on the schema + * context and we can't rely on it not changing + * before the operation is over */ + value = talloc_strdup(msg, + current->objectclass->lDAPDisplayName); + if (value == NULL) { + ldb_oom(module->ldb); + talloc_free(mem_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + ret = ldb_msg_add_string(msg, "objectClass", value); if (ret != LDB_SUCCESS) { - ldb_set_errstring(module->ldb, "objectclass: could not re-add sorted objectclass to modify msg"); + ldb_set_errstring(module->ldb, + "objectclass: could not re-add sorted " + "objectclass to modify msg"); talloc_free(mem_ctx); return ret; } @@ -731,130 +764,121 @@ static int objectclass_modify(struct ldb_module *module, struct ldb_request *req ret = ldb_msg_sanity_check(module->ldb, msg); if (ret != LDB_SUCCESS) { - talloc_free(mem_ctx); return ret; } - - /* go on with the call chain */ - ret = ldb_next_request(module, down_req); - - /* do not free down_req as the call results may be linked to it, - * it will be freed when the upper level request get freed */ - if (ret == LDB_SUCCESS) { - req->handle = down_req->handle; + + ret = ldb_build_mod_req(&down_req, module->ldb, ac, + msg, + req->controls, + ac, oc_op_callback, + req); + if (ret != LDB_SUCCESS) { + return ret; } - return ret; - } + + /* go on with the call chain */ + return ldb_next_request(module, down_req); } /* This isn't the default branch of the switch, but a 'in any * other case'. When a delete isn't for all objectClasses for * example */ - { - struct ldb_handle *h; - struct oc_context *ac; - - h = oc_init_handle(req, module); - if (!h) { - return LDB_ERR_OPERATIONS_ERROR; - } - ac = talloc_get_type(h->private_data, struct oc_context); - - /* return or own handle to deal with this call */ - req->handle = h; - - /* prepare the first operation */ - ac->down_req = talloc(ac, struct ldb_request); - if (ac->down_req == NULL) { - ldb_oom(ac->module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - - *(ac->down_req) = *req; /* copy the request */ - - ac->down_req->op.mod.message = msg = ldb_msg_copy_shallow(ac->down_req, req->op.mod.message); - - if (ac->down_req->op.mod.message == NULL) { - ldb_oom(ac->module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - - ret = fix_attributes(ac->module->ldb, schema, msg); - if (ret != LDB_SUCCESS) { - ldb_oom(ac->module->ldb); - return ret; - } - ac->down_req->context = NULL; - ac->down_req->callback = NULL; - ldb_set_timeout_from_prev_req(module->ldb, req, ac->down_req); - - ac->step = OC_DO_REQ; + msg = ldb_msg_copy_shallow(ac, req->op.mod.message); + if (msg == NULL) { + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } - return ldb_next_request(module, ac->down_req); + ret = fix_attributes(module->ldb, schema, msg); + if (ret != LDB_SUCCESS) { + ldb_oom(ac->module->ldb); + return ret; + } + + ret = ldb_build_mod_req(&down_req, module->ldb, ac, + msg, + req->controls, + ac, oc_modify_callback, + req); + if (ret != LDB_SUCCESS) { + return ret; } + + return ldb_next_request(module, down_req); } -static int objectclass_search_self(struct ldb_handle *h) +static int oc_modify_callback(struct ldb_request *req, struct ldb_reply *ares) { - int ret; - struct oc_context *ac; static const char * const attrs[] = { "objectClass", NULL }; + struct ldb_request *search_req; + struct oc_context *ac; + int ret; - ac = talloc_get_type(h->private_data, struct oc_context); + ac = talloc_get_type(req->context, struct oc_context); - ret = ldb_build_search_req(&ac->search_req, ac->module->ldb, - ac, ac->orig_req->op.mod.message->dn, LDB_SCOPE_BASE, + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + + if (ares->type != LDB_REPLY_DONE) { + talloc_free(ares); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + + ret = ldb_build_search_req(&search_req, ac->module->ldb, ac, + ac->req->op.mod.message->dn, LDB_SCOPE_BASE, "(objectClass=*)", attrs, NULL, - ac, get_search_callback); - + ac, get_search_callback, + ac->req); if (ret != LDB_SUCCESS) { - return ret; + return ldb_module_done(ac->req, NULL, NULL, ret); } - ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->search_req); - - ac->step = OC_SEARCH_SELF; + ac->step_fn = objectclass_do_mod; - return ldb_next_request(ac->module, ac->search_req); + ret = ldb_next_request(ac->module, search_req); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } + return LDB_SUCCESS; } -static int objectclass_do_mod(struct ldb_handle *h) { +static int objectclass_do_mod(struct oc_context *ac) +{ const struct dsdb_schema *schema; - struct oc_context *ac; + struct ldb_request *mod_req; + char *value; struct ldb_message_element *objectclass_element; struct ldb_message *msg; TALLOC_CTX *mem_ctx; struct class_list *sorted, *current; int ret; - - ac = talloc_get_type(h->private_data, struct oc_context); - schema = dsdb_get_schema(ac->module->ldb); - mem_ctx = talloc_new(ac); - if (mem_ctx == NULL) { + if (ac->search_res == NULL) { return LDB_ERR_OPERATIONS_ERROR; } + schema = dsdb_get_schema(ac->module->ldb); - ac->mod_req = talloc(ac, struct ldb_request); - if (ac->mod_req == NULL) { - talloc_free(mem_ctx); + mem_ctx = talloc_new(ac); + if (mem_ctx == NULL) { return LDB_ERR_OPERATIONS_ERROR; } - ac->mod_req->operation = LDB_MODIFY; - ac->mod_req->controls = NULL; - ac->mod_req->context = ac; - ac->mod_req->callback = NULL; - ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->mod_req); - /* use a new message structure */ - ac->mod_req->op.mod.message = msg = ldb_msg_new(ac->mod_req); + msg = ldb_msg_new(ac); if (msg == NULL) { - ldb_set_errstring(ac->module->ldb, "objectclass: could not create new modify msg"); + ldb_set_errstring(ac->module->ldb, + "objectclass: could not create new modify msg"); talloc_free(mem_ctx); return LDB_ERR_OPERATIONS_ERROR; } @@ -869,9 +893,9 @@ static int objectclass_do_mod(struct ldb_handle *h) { } /* modify dn */ - msg->dn = ac->orig_req->op.mod.message->dn; + msg->dn = ac->req->op.mod.message->dn; - ret = objectclass_sort(ac->module, schema, msg, mem_ctx, objectclass_element, &sorted); + ret = objectclass_sort(ac->module, schema, mem_ctx, objectclass_element, &sorted); if (ret != LDB_SUCCESS) { return ret; } @@ -889,7 +913,12 @@ static int objectclass_do_mod(struct ldb_handle *h) { /* Move from the linked list back into an ldb msg */ for (current = sorted; current; current = current->next) { - ret = ldb_msg_add_string(msg, "objectClass", current->objectclass->lDAPDisplayName); + value = talloc_strdup(msg, current->objectclass->lDAPDisplayName); + if (value == NULL) { + ldb_oom(ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + ret = ldb_msg_add_string(msg, "objectClass", value); if (ret != LDB_SUCCESS) { ldb_set_errstring(ac->module->ldb, "objectclass: could not re-add sorted objectclass to modify msg"); talloc_free(mem_ctx); @@ -903,33 +932,38 @@ static int objectclass_do_mod(struct ldb_handle *h) { return ret; } - - h->state = LDB_ASYNC_INIT; - h->status = LDB_SUCCESS; - - ac->step = OC_DO_MOD; + ret = ldb_build_mod_req(&mod_req, ac->module->ldb, ac, + msg, + ac->req->controls, + ac, oc_op_callback, + ac->req); + if (ret != LDB_SUCCESS) { + talloc_free(mem_ctx); + return ret; + } talloc_free(mem_ctx); - /* perform the search */ - return ldb_next_request(ac->module, ac->mod_req); + /* perform the modify */ + return ldb_next_request(ac->module, mod_req); } +static int objectclass_do_rename(struct oc_context *ac); + static int objectclass_rename(struct ldb_module *module, struct ldb_request *req) { - static const char * const attrs[] = { NULL }; - struct ldb_handle *h; + struct ldb_request *search_req; struct oc_context *ac; struct ldb_dn *parent_dn; int ret; - + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectclass_rename\n"); if (ldb_dn_is_special(req->op.rename.newdn)) { /* do not manipulate our control entries */ return ldb_next_request(module, req); } - + /* Firstly ensure we are not trying to rename it to be a child of itself */ if ((ldb_dn_compare_base(req->op.rename.olddn, req->op.rename.newdn) == 0) && (ldb_dn_compare(req->op.rename.olddn, req->op.rename.newdn) != 0)) { @@ -938,65 +972,50 @@ static int objectclass_rename(struct ldb_module *module, struct ldb_request *req return LDB_ERR_UNWILLING_TO_PERFORM; } - h = oc_init_handle(req, module); - if (!h) { + ac = oc_init_context(module, req); + if (ac == NULL) { return LDB_ERR_OPERATIONS_ERROR; } - ac = talloc_get_type(h->private_data, struct oc_context); - - /* return or own handle to deal with this call */ - req->handle = h; - parent_dn = ldb_dn_get_parent(ac, ac->orig_req->op.rename.newdn); + parent_dn = ldb_dn_get_parent(ac, req->op.rename.newdn); if (parent_dn == NULL) { ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } - ret = ldb_build_search_req(&ac->search_req, module->ldb, + ret = ldb_build_search_req(&search_req, module->ldb, ac, parent_dn, LDB_SCOPE_BASE, "(objectClass=*)", attrs, NULL, - ac, get_search_callback); + ac, get_search_callback, + req); if (ret != LDB_SUCCESS) { return ret; } - talloc_steal(ac->search_req, parent_dn); - ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->search_req); - ac->step = OC_SEARCH_RENAME_PARENT; + ac->step_fn = objectclass_do_rename; - return ldb_next_request(ac->module, ac->search_req); + return ldb_next_request(ac->module, search_req); } -static int objectclass_do_rename(struct ldb_handle *h) +static int objectclass_do_rename(struct oc_context *ac) { - struct oc_context *ac; + struct ldb_request *rename_req; + struct ldb_dn *fixed_dn; int ret; - - ac = talloc_get_type(h->private_data, struct oc_context); - ac->rename_req = talloc(ac, struct ldb_request); - if (ac->rename_req == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - - *ac->rename_req = *ac->orig_req; - - ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->rename_req); - /* Check we have a valid parent */ if (ac->search_res == NULL) { ldb_asprintf_errstring(ac->module->ldb, "objectclass: Cannot rename %s, parent does not exist!", - ldb_dn_get_linearized(ac->orig_req->op.rename.newdn)); + ldb_dn_get_linearized(ac->req->op.rename.newdn)); return LDB_ERR_UNWILLING_TO_PERFORM; } - /* Fix up the DN to be in the standard form, taking particular care to match the parent DN */ - ret = fix_dn(ac->rename_req, - ac->orig_req->op.rename.newdn, - ac->search_res->message->dn, - &ac->rename_req->op.rename.newdn); - + /* Fix up the DN to be in the standard form, + * taking particular care to match the parent DN */ + ret = fix_dn(ac, + ac->req->op.rename.newdn, + ac->search_res->message->dn, + &fixed_dn); if (ret != LDB_SUCCESS) { return ret; } @@ -1005,197 +1024,17 @@ static int objectclass_do_rename(struct ldb_handle *h) * by reading the allowedChildClasses and * allowedChildClasssesEffective attributes */ - h->state = LDB_ASYNC_INIT; - h->status = LDB_SUCCESS; - - ac->step = OC_DO_RENAME; - - /* perform the rename */ - return ldb_next_request(ac->module, ac->rename_req); -} - -static int oc_wait(struct ldb_handle *handle) { - struct oc_context *ac; - int ret; - - if (!handle || !handle->private_data) { - return LDB_ERR_OPERATIONS_ERROR; - } - - if (handle->state == LDB_ASYNC_DONE) { - return handle->status; - } - - handle->state = LDB_ASYNC_PENDING; - handle->status = LDB_SUCCESS; - - ac = talloc_get_type(handle->private_data, struct oc_context); - - switch (ac->step) { - case OC_DO_REQ: - ret = ldb_wait(ac->down_req->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - if (ac->down_req->handle->status != LDB_SUCCESS) { - handle->status = ac->down_req->handle->status; - goto done; - } - - if (ac->down_req->handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - - /* mods done, go on */ - return objectclass_search_self(handle); - - case OC_SEARCH_SELF: - ret = ldb_wait(ac->search_req->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - if (ac->search_req->handle->status != LDB_SUCCESS) { - handle->status = ac->search_req->handle->status; - goto done; - } - - if (ac->search_req->handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - - /* self search done, go on */ - return objectclass_do_mod(handle); - - case OC_DO_MOD: - ret = ldb_wait(ac->mod_req->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - if (ac->mod_req->handle->status != LDB_SUCCESS) { - handle->status = ac->mod_req->handle->status; - goto done; - } - - if (ac->mod_req->handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - - break; - - case OC_SEARCH_ADD_PARENT: - ret = ldb_wait(ac->search_req->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS && ret != LDB_ERR_NO_SUCH_OBJECT) { - handle->status = ret; - goto done; - } - if (ac->search_req->handle->status != LDB_SUCCESS - && ac->search_req->handle->status != LDB_ERR_NO_SUCH_OBJECT) { - handle->status = ac->search_req->handle->status; - goto done; - } - - if (ac->search_req->handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - - /* parent search done, go on */ - return objectclass_do_add(handle); - - case OC_DO_ADD: - ret = ldb_wait(ac->add_req->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - if (ac->add_req->handle->status != LDB_SUCCESS) { - handle->status = ac->add_req->handle->status; - goto done; - } - - if (ac->add_req->handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - - break; - - case OC_SEARCH_RENAME_PARENT: - ret = ldb_wait(ac->search_req->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS && ret != LDB_ERR_NO_SUCH_OBJECT) { - handle->status = ret; - goto done; - } - if (ac->search_req->handle->status != LDB_SUCCESS && ac->search_req->handle->status != LDB_ERR_NO_SUCH_OBJECT) { - handle->status = ac->search_req->handle->status; - goto done; - } - - if (ac->search_req->handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - - /* parent search done, go on */ - return objectclass_do_rename(handle); - - case OC_DO_RENAME: - ret = ldb_wait(ac->rename_req->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - if (ac->rename_req->handle->status != LDB_SUCCESS) { - handle->status = ac->rename_req->handle->status; - goto done; - } - - if (ac->rename_req->handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - - break; - - default: - ret = LDB_ERR_OPERATIONS_ERROR; - goto done; - } - - ret = LDB_SUCCESS; - -done: - handle->state = LDB_ASYNC_DONE; - return ret; -} - -static int oc_wait_all(struct ldb_handle *handle) { - - int ret; - - while (handle->state != LDB_ASYNC_DONE) { - ret = oc_wait(handle); - if (ret != LDB_SUCCESS) { - return ret; - } + ret = ldb_build_rename_req(&rename_req, ac->module->ldb, ac, + ac->req->op.rename.olddn, fixed_dn, + ac->req->controls, + ac, oc_op_callback, + ac->req); + if (ret != LDB_SUCCESS) { + return ret; } - return handle->status; -} - -static int objectclass_wait(struct ldb_handle *handle, enum ldb_wait_type type) -{ - if (type == LDB_WAIT_ALL) { - return oc_wait_all(handle); - } else { - return oc_wait(handle); - } + /* perform the rename */ + return ldb_next_request(ac->module, rename_req); } _PUBLIC_ const struct ldb_module_ops ldb_objectclass_module_ops = { @@ -1203,5 +1042,4 @@ _PUBLIC_ const struct ldb_module_ops ldb_objectclass_module_ops = { .add = objectclass_add, .modify = objectclass_modify, .rename = objectclass_rename, - .wait = objectclass_wait }; diff --git a/source4/dsdb/samdb/ldb_modules/objectguid.c b/source4/dsdb/samdb/ldb_modules/objectguid.c index f62839389d..054905992d 100644 --- a/source4/dsdb/samdb/ldb_modules/objectguid.c +++ b/source4/dsdb/samdb/ldb_modules/objectguid.c @@ -1,9 +1,9 @@ /* ldb database library - Copyright (C) Simo Sorce 2004-2006 Copyright (C) Andrew Bartlett 2005 Copyright (C) Andrew Tridgell 2005 + Copyright (C) Simo Sorce 2004-2008 ** NOTE! The following LGPL license applies to the ldb ** library. This does NOT imply that all of Samba is released @@ -103,6 +103,36 @@ static int add_uint64_element(struct ldb_message *msg, const char *attr, uint64_ return 0; } +struct og_context { + struct ldb_module *module; + struct ldb_request *req; +}; + +static int og_op_callback(struct ldb_request *req, struct ldb_reply *ares) +{ + struct og_context *ac; + + ac = talloc_get_type(req->context, struct og_context); + + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + + if (ares->type != LDB_REPLY_DONE) { + talloc_free(ares); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); +} + /* add_record: add objectGUID attribute */ static int objectguid_add(struct ldb_module *module, struct ldb_request *req) { @@ -115,6 +145,7 @@ static int objectguid_add(struct ldb_module *module, struct ldb_request *req) enum ndr_err_code ndr_err; int ret; time_t t = time(NULL); + struct og_context *ac; ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_add_record\n"); @@ -127,15 +158,15 @@ static int objectguid_add(struct ldb_module *module, struct ldb_request *req) return ldb_next_request(module, req); } - down_req = talloc(req, struct ldb_request); - if (down_req == NULL) { + ac = talloc(req, struct og_context); + if (ac == NULL) { return LDB_ERR_OPERATIONS_ERROR; } - - *down_req = *req; + ac->module = module; + ac->req = req; /* we have to copy the message as the caller might have it as a const */ - down_req->op.add.message = msg = ldb_msg_copy_shallow(down_req, req->op.add.message); + msg = ldb_msg_copy_shallow(ac, req->op.add.message); if (msg == NULL) { talloc_free(down_req); return LDB_ERR_OPERATIONS_ERROR; @@ -149,44 +180,41 @@ static int objectguid_add(struct ldb_module *module, struct ldb_request *req) &guid, (ndr_push_flags_fn_t)ndr_push_GUID); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - talloc_free(down_req); return LDB_ERR_OPERATIONS_ERROR; } ret = ldb_msg_add_value(msg, "objectGUID", &v, NULL); if (ret) { - talloc_free(down_req); return ret; } if (add_time_element(msg, "whenCreated", t) != 0 || add_time_element(msg, "whenChanged", t) != 0) { - talloc_free(down_req); return LDB_ERR_OPERATIONS_ERROR; } /* Get a sequence number from the backend */ + /* FIXME: ldb_sequence_number is still SYNC now, when this changes, + * make sure this function is split and a callback is used */ ret = ldb_sequence_number(module->ldb, LDB_SEQ_NEXT, &seq_num); if (ret == LDB_SUCCESS) { if (add_uint64_element(msg, "uSNCreated", seq_num) != 0 || add_uint64_element(msg, "uSNChanged", seq_num) != 0) { - talloc_free(down_req); return LDB_ERR_OPERATIONS_ERROR; } } - ldb_set_timeout_from_prev_req(module->ldb, req, down_req); - - /* go on with the call chain */ - ret = ldb_next_request(module, down_req); - - /* do not free down_req as the call results may be linked to it, - * it will be freed when the upper level request get freed */ - if (ret == LDB_SUCCESS) { - req->handle = down_req->handle; + ret = ldb_build_add_req(&down_req, module->ldb, ac, + msg, + req->controls, + ac, og_op_callback, + req); + if (ret != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; } - return ret; + /* go on with the call chain */ + return ldb_next_request(module, down_req); } /* modify_record: update timestamps */ @@ -197,6 +225,7 @@ static int objectguid_modify(struct ldb_module *module, struct ldb_request *req) int ret; time_t t = time(NULL); uint64_t seq_num; + struct og_context *ac; ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_add_record\n"); @@ -205,22 +234,20 @@ static int objectguid_modify(struct ldb_module *module, struct ldb_request *req) return ldb_next_request(module, req); } - down_req = talloc(req, struct ldb_request); - if (down_req == NULL) { + ac = talloc(req, struct og_context); + if (ac == NULL) { return LDB_ERR_OPERATIONS_ERROR; } - - *down_req = *req; + ac->module = module; + ac->req = req; /* we have to copy the message as the caller might have it as a const */ - down_req->op.mod.message = msg = ldb_msg_copy_shallow(down_req, req->op.mod.message); + msg = ldb_msg_copy_shallow(ac, req->op.mod.message); if (msg == NULL) { - talloc_free(down_req); return LDB_ERR_OPERATIONS_ERROR; } if (add_time_element(msg, "whenChanged", t) != 0) { - talloc_free(down_req); return LDB_ERR_OPERATIONS_ERROR; } @@ -228,23 +255,21 @@ static int objectguid_modify(struct ldb_module *module, struct ldb_request *req) ret = ldb_sequence_number(module->ldb, LDB_SEQ_NEXT, &seq_num); if (ret == LDB_SUCCESS) { if (add_uint64_element(msg, "uSNChanged", seq_num) != 0) { - talloc_free(down_req); return LDB_ERR_OPERATIONS_ERROR; } } - ldb_set_timeout_from_prev_req(module->ldb, req, down_req); - - /* go on with the call chain */ - ret = ldb_next_request(module, down_req); - - /* do not free down_req as the call results may be linked to it, - * it will be freed when the upper level request get freed */ - if (ret == LDB_SUCCESS) { - req->handle = down_req->handle; + ret = ldb_build_mod_req(&down_req, module->ldb, ac, + msg, + req->controls, + ac, og_op_callback, + req); + if (ret != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; } - return ret; + /* go on with the call chain */ + return ldb_next_request(module, down_req); } _PUBLIC_ const struct ldb_module_ops ldb_objectguid_module_ops = { diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index 0cd0baf625..ad2901c308 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -1,4 +1,3 @@ - /* Partitions ldb module @@ -43,61 +42,98 @@ struct partition_private_data { struct ldb_dn **replicate; }; +struct part_request { + struct ldb_module *module; + struct ldb_request *req; +}; + struct partition_context { struct ldb_module *module; - struct ldb_request *orig_req; + struct ldb_request *req; - struct ldb_request **down_req; + struct part_request *part_req; int num_requests; int finished_requests; }; -static struct partition_context *partition_init_handle(struct ldb_request *req, struct ldb_module *module) +static struct partition_context *partition_init_ctx(struct ldb_module *module, struct ldb_request *req) { struct partition_context *ac; - struct ldb_handle *h; - h = talloc_zero(req, struct ldb_handle); - if (h == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); - return NULL; - } - - h->module = module; - - ac = talloc_zero(h, struct partition_context); + ac = talloc_zero(req, struct partition_context); if (ac == NULL) { ldb_set_errstring(module->ldb, "Out of Memory"); - talloc_free(h); return NULL; } - h->private_data = ac; - ac->module = module; - ac->orig_req = req; - - req->handle = h; + ac->req = req; return ac; } -static struct ldb_module *make_module_for_next_request(TALLOC_CTX *mem_ctx, - struct ldb_context *ldb, - struct ldb_module *module) +#define PARTITION_FIND_OP(module, op) do { \ + struct ldb_context *ldbctx = module->ldb; \ + while (module && module->ops->op == NULL) module = module->next; \ + if (module == NULL) { \ + ldb_asprintf_errstring(ldbctx, \ + "Unable to find backend operation for " #op ); \ + return LDB_ERR_OPERATIONS_ERROR; \ + } \ +} while (0) + +/* + * helper functions to call the next module in chain + * */ + +int partition_request(struct ldb_module *module, struct ldb_request *request) { - struct ldb_module *current; - static const struct ldb_module_ops ops; /* zero */ - current = talloc_zero(mem_ctx, struct ldb_module); - if (current == NULL) { - return module; + int ret; + switch (request->operation) { + case LDB_SEARCH: + PARTITION_FIND_OP(module, search); + ret = module->ops->search(module, request); + break; + case LDB_ADD: + PARTITION_FIND_OP(module, add); + ret = module->ops->add(module, request); + break; + case LDB_MODIFY: + PARTITION_FIND_OP(module, modify); + ret = module->ops->modify(module, request); + break; + case LDB_DELETE: + PARTITION_FIND_OP(module, del); + ret = module->ops->del(module, request); + break; + case LDB_RENAME: + PARTITION_FIND_OP(module, rename); + ret = module->ops->rename(module, request); + break; + case LDB_EXTENDED: + PARTITION_FIND_OP(module, extended); + ret = module->ops->extended(module, request); + break; + case LDB_SEQUENCE_NUMBER: + PARTITION_FIND_OP(module, sequence_number); + ret = module->ops->sequence_number(module, request); + break; + default: + PARTITION_FIND_OP(module, request); + ret = module->ops->request(module, request); + break; } - - current->ldb = ldb; - current->ops = &ops; - current->prev = NULL; - current->next = module; - return current; + if (ret == LDB_SUCCESS) { + return ret; + } + if (!ldb_errstring(module->ldb)) { + /* Set a default error string, to place the blame somewhere */ + ldb_asprintf_errstring(module->ldb, + "error in module %s: %s (%d)", + module->ops->name, + ldb_strerror(ret), ret); + } + return ret; } static struct dsdb_control_current_partition *find_partition(struct partition_private_data *data, @@ -120,127 +156,201 @@ static struct dsdb_control_current_partition *find_partition(struct partition_pr /** * fire the caller's callback for every entry, but only send 'done' once. */ -static int partition_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +static int partition_req_callback(struct ldb_request *req, + struct ldb_reply *ares) { struct partition_context *ac; + struct ldb_module *module; + struct ldb_request *nreq; + int ret; - ac = talloc_get_type(context, struct partition_context); + ac = talloc_get_type(req->context, struct partition_context); - if (ares->type == LDB_REPLY_ENTRY) { - return ac->orig_req->callback(ldb, ac->orig_req->context, ares); - } else { - ac->finished_requests++; - if (ac->finished_requests == ac->num_requests) { - return ac->orig_req->callback(ldb, ac->orig_req->context, ares); - } else { - talloc_free(ares); - return LDB_SUCCESS; - } + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); } -} - -/** - * only fire the 'last' callback, and only for START-TLS for now - */ -static int partition_other_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) -{ - struct partition_context *ac; - ac = talloc_get_type(context, struct partition_context); + switch (ares->type) { + case LDB_REPLY_REFERRAL: + /* ignore referrals for now */ + break; - if (!ac->orig_req->callback) { - talloc_free(ares); - return LDB_SUCCESS; - } + case LDB_REPLY_ENTRY: + if (ac->req->operation != LDB_SEARCH) { + ldb_set_errstring(ac->module->ldb, + "partition_req_callback:" + " Unsupported reply type for this request"); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + return ldb_module_send_entry(ac->req, ares->message); + + case LDB_REPLY_DONE: + if (ac->req->operation == LDB_EXTENDED) { + /* FIXME: check for ares->response, replmd does not fill it ! */ + if (ares->response) { + if (strcmp(ares->response->oid, LDB_EXTENDED_START_TLS_OID) != 0) { + ldb_set_errstring(ac->module->ldb, + "partition_req_callback:" + " Unknown extended reply, " + "only supports START_TLS"); + talloc_free(ares); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + } + } - if (!ares - || (ares->type == LDB_REPLY_EXTENDED - && strcmp(ares->response->oid, LDB_EXTENDED_START_TLS_OID))) { ac->finished_requests++; if (ac->finished_requests == ac->num_requests) { - return ac->orig_req->callback(ldb, ac->orig_req->context, ares); + /* this was the last one, call callback */ + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); } - talloc_free(ares); - return LDB_SUCCESS; + + /* not the last, now call the next one */ + module = ac->part_req[ac->finished_requests].module; + nreq = ac->part_req[ac->finished_requests].req; + + ret = partition_request(module, nreq); + if (ret != LDB_SUCCESS) { + talloc_free(ares); + return ldb_module_done(ac->req, NULL, NULL, ret); + } + + break; } - ldb_set_errstring(ldb, "partition_other_callback: Unknown reply type, only supports START_TLS"); + talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; + return LDB_SUCCESS; } - -static int partition_send_request(struct partition_context *ac, +static int partition_prep_request(struct partition_context *ac, struct dsdb_control_current_partition *partition) { int ret; - struct ldb_module *backend; struct ldb_request *req; - if (partition) { - backend = make_module_for_next_request(ac, ac->module->ldb, partition->module); - } else { - backend = ac->module; - } - - ac->down_req = talloc_realloc(ac, ac->down_req, - struct ldb_request *, ac->num_requests + 1); - if (!ac->down_req) { + ac->part_req = talloc_realloc(ac, ac->part_req, + struct part_request, + ac->num_requests + 1); + if (ac->part_req == NULL) { ldb_oom(ac->module->ldb); return LDB_ERR_OPERATIONS_ERROR; } - req = ac->down_req[ac->num_requests] = talloc(ac, struct ldb_request); - if (req == NULL) { - ldb_oom(ac->module->ldb); - return LDB_ERR_OPERATIONS_ERROR; + + switch (ac->req->operation) { + case LDB_SEARCH: + ret = ldb_build_search_req_ex(&req, ac->module->ldb, + ac->part_req, + ac->req->op.search.base, + ac->req->op.search.scope, + ac->req->op.search.tree, + ac->req->op.search.attrs, + ac->req->controls, + ac, partition_req_callback, + ac->req); + break; + case LDB_ADD: + ret = ldb_build_add_req(&req, ac->module->ldb, ac->part_req, + ac->req->op.add.message, + ac->req->controls, + ac, partition_req_callback, + ac->req); + break; + case LDB_MODIFY: + ret = ldb_build_mod_req(&req, ac->module->ldb, ac->part_req, + ac->req->op.mod.message, + ac->req->controls, + ac, partition_req_callback, + ac->req); + break; + case LDB_DELETE: + ret = ldb_build_del_req(&req, ac->module->ldb, ac->part_req, + ac->req->op.del.dn, + ac->req->controls, + ac, partition_req_callback, + ac->req); + break; + case LDB_RENAME: + ret = ldb_build_rename_req(&req, ac->module->ldb, ac->part_req, + ac->req->op.rename.olddn, + ac->req->op.rename.newdn, + ac->req->controls, + ac, partition_req_callback, + ac->req); + break; + case LDB_EXTENDED: + ret = ldb_build_extended_req(&req, ac->module->ldb, + ac->part_req, + ac->req->op.extended.oid, + ac->req->op.extended.data, + ac->req->controls, + ac, partition_req_callback, + ac->req); + break; + default: + ldb_set_errstring(ac->module->ldb, + "Unsupported request type!"); + ret = LDB_ERR_UNWILLING_TO_PERFORM; } - - *req = *ac->orig_req; /* copy the request */ - if (req->controls) { - req->controls - = talloc_memdup(req, - ac->orig_req->controls, talloc_get_size(ac->orig_req->controls)); + if (ret != LDB_SUCCESS) { + return ret; + } + + ac->part_req[ac->num_requests].req = req; + + if (ac->req->controls) { + req->controls = talloc_memdup(req, ac->req->controls, + talloc_get_size(ac->req->controls)); if (req->controls == NULL) { ldb_oom(ac->module->ldb); return LDB_ERR_OPERATIONS_ERROR; } } - if (req->operation == LDB_SEARCH) { - /* If the search is for 'more' than this partition, - * then change the basedn, so a remote LDAP server - * doesn't object */ - if (partition) { - if (ldb_dn_compare_base(partition->dn, req->op.search.base) != 0) { - req->op.search.base = partition->dn; - } - } else { - req->op.search.base = NULL; - } - req->callback = partition_search_callback; - req->context = ac; - } else { - req->callback = partition_other_callback; - req->context = ac; - } - if (partition) { - ret = ldb_request_add_control(req, DSDB_CONTROL_CURRENT_PARTITION_OID, false, partition); + ac->part_req[ac->num_requests].module = partition->module; + + ret = ldb_request_add_control(req, + DSDB_CONTROL_CURRENT_PARTITION_OID, + false, partition); if (ret != LDB_SUCCESS) { return ret; } - } - /* Spray off search requests the backend */ - ret = ldb_next_request(backend, req); - if (ret != LDB_SUCCESS) { - return ret; + if (req->operation == LDB_SEARCH) { + /* If the search is for 'more' than this partition, + * then change the basedn, so a remote LDAP server + * doesn't object */ + if (ldb_dn_compare_base(partition->dn, + req->op.search.base) != 0) { + req->op.search.base = partition->dn; + } + } + + } else { + /* make sure you put the NEXT module here, or + * partition_request() will simply loop forever on itself */ + ac->part_req[ac->num_requests].module = ac->module->next; } ac->num_requests++; + return LDB_SUCCESS; } +static int partition_call_first(struct partition_context *ac) +{ + return partition_request(ac->part_req[0].module, ac->part_req[0].req); +} + /** * Send a request down to all the partitions */ @@ -251,17 +361,19 @@ static int partition_send_all(struct ldb_module *module, int i; struct partition_private_data *data = talloc_get_type(module->private_data, struct partition_private_data); - int ret = partition_send_request(ac, NULL); + int ret = partition_prep_request(ac, NULL); if (ret != LDB_SUCCESS) { return ret; } for (i=0; data && data->partitions && data->partitions[i]; i++) { - ret = partition_send_request(ac, data->partitions[i]); + ret = partition_prep_request(ac, data->partitions[i]); if (ret != LDB_SUCCESS) { return ret; } } - return LDB_SUCCESS; + + /* fire the first one */ + return partition_call_first(ac); } /** @@ -270,21 +382,23 @@ static int partition_send_all(struct ldb_module *module, */ static int partition_replicate(struct ldb_module *module, struct ldb_request *req, struct ldb_dn *dn) { + struct partition_context *ac; unsigned i; int ret; struct dsdb_control_current_partition *partition; - struct ldb_module *backend; struct partition_private_data *data = talloc_get_type(module->private_data, struct partition_private_data); + if (!data || !data->partitions) { + return ldb_next_request(module, req); + } if (req->operation != LDB_SEARCH) { /* Is this a special DN, we need to replicate to every backend? */ for (i=0; data->replicate && data->replicate[i]; i++) { if (ldb_dn_compare(data->replicate[i], dn) == 0) { - struct partition_context *ac; - ac = partition_init_handle(req, module); + ac = partition_init_ctx(module, req); if (!ac) { return LDB_ERR_OPERATIONS_ERROR; } @@ -310,18 +424,19 @@ static int partition_replicate(struct ldb_module *module, struct ldb_request *re return ldb_next_request(module, req); } - backend = make_module_for_next_request(req, module->ldb, partition->module); - if (!backend) { + ac = partition_init_ctx(module, req); + if (!ac) { return LDB_ERR_OPERATIONS_ERROR; } - ret = ldb_request_add_control(req, DSDB_CONTROL_CURRENT_PARTITION_OID, false, partition); + /* we need to add a control but we never touch the original request */ + ret = partition_prep_request(ac, partition); if (ret != LDB_SUCCESS) { return ret; } - /* issue request */ - return ldb_next_request(backend, req); + /* fire the first one */ + return partition_call_first(ac); } /* search */ @@ -336,6 +451,7 @@ static int partition_search(struct ldb_module *module, struct ldb_request *req) /* (later) consider if we should be searching multiple * partitions (for 'invisible' partition behaviour */ + struct ldb_control *search_control = ldb_request_get_control(req, LDB_CONTROL_SEARCH_OPTIONS_OID); struct ldb_control *domain_scope_control = ldb_request_get_control(req, LDB_CONTROL_DOMAIN_SCOPE_OID); @@ -366,7 +482,7 @@ static int partition_search(struct ldb_module *module, struct ldb_request *req) return LDB_ERR_OPERATIONS_ERROR; } } - ac = partition_init_handle(req, module); + ac = partition_init_ctx(module, req); if (!ac) { return LDB_ERR_OPERATIONS_ERROR; } @@ -378,7 +494,7 @@ static int partition_search(struct ldb_module *module, struct ldb_request *req) for (i=0; data && data->partitions && data->partitions[i]; i++) { /* Find all partitions under the search base */ if (ldb_dn_compare_base(req->op.search.base, data->partitions[i]->dn) == 0) { - ret = partition_send_request(ac, data->partitions[i]); + ret = partition_prep_request(ac, data->partitions[i]); if (ret != LDB_SUCCESS) { return ret; } @@ -390,8 +506,10 @@ static int partition_search(struct ldb_module *module, struct ldb_request *req) talloc_free(ac); return ldb_next_request(module, req); } - - return LDB_SUCCESS; + + /* fire the first one */ + return partition_call_first(ac); + } else { /* Handle this like all other requests */ if (search_control && (search_options->search_options & ~LDB_SEARCH_OPTION_PHANTOM_ROOT) == 0) { @@ -436,7 +554,7 @@ static int partition_rename(struct ldb_module *module, struct ldb_request *req) struct partition_private_data *data = talloc_get_type(module->private_data, struct partition_private_data); - /* Skip the lot if 'data' isn't here yet (initialistion) */ + /* Skip the lot if 'data' isn't here yet (initialization) */ if (!data) { return LDB_ERR_OPERATIONS_ERROR; } @@ -486,24 +604,26 @@ static int partition_start_trans(struct ldb_module *module) struct partition_private_data); /* Look at base DN */ /* Figure out which partition it is under */ - /* Skip the lot if 'data' isn't here yet (initialistion) */ + /* Skip the lot if 'data' isn't here yet (initialization) */ ret = ldb_next_start_trans(module); if (ret != LDB_SUCCESS) { return ret; } for (i=0; data && data->partitions && data->partitions[i]; i++) { - struct ldb_module *next = make_module_for_next_request(module, module->ldb, data->partitions[i]->module); + struct ldb_module *next = data->partitions[i]->module; + PARTITION_FIND_OP(next, start_transaction); - ret = ldb_next_start_trans(next); - talloc_free(next); + ret = next->ops->start_transaction(next); if (ret != LDB_SUCCESS) { /* Back it out, if it fails on one */ for (i--; i >= 0; i--) { - next = make_module_for_next_request(module, module->ldb, data->partitions[i]->module); - ldb_next_del_trans(next); - talloc_free(next); + next = data->partitions[i]->module; + PARTITION_FIND_OP(next, del_transaction); + + next->ops->del_transaction(next); } + ldb_next_del_trans(module); return ret; } } @@ -513,7 +633,7 @@ static int partition_start_trans(struct ldb_module *module) /* end a transaction */ static int partition_end_trans(struct ldb_module *module) { - int i, ret, ret2 = LDB_SUCCESS; + int i, ret; struct partition_private_data *data = talloc_get_type(module->private_data, struct partition_private_data); ret = ldb_next_end_trans(module); @@ -525,24 +645,24 @@ static int partition_end_trans(struct ldb_module *module) /* Figure out which partition it is under */ /* Skip the lot if 'data' isn't here yet (initialistion) */ for (i=0; data && data->partitions && data->partitions[i]; i++) { - struct ldb_module *next = make_module_for_next_request(module, module->ldb, data->partitions[i]->module); - - ret = ldb_next_end_trans(next); - talloc_free(next); + struct ldb_module *next = data->partitions[i]->module; + PARTITION_FIND_OP(next, end_transaction); + + ret = next->ops->end_transaction(next); if (ret != LDB_SUCCESS) { - ret2 = ret; - } - } + /* Back it out, if it fails on one */ + for (i--; i >= 0; i--) { + next = data->partitions[i]->module; + PARTITION_FIND_OP(next, del_transaction); - if (ret != LDB_SUCCESS) { - /* Back it out, if it fails on one */ - for (i=0; data && data->partitions && data->partitions[i]; i++) { - struct ldb_module *next = make_module_for_next_request(module, module->ldb, data->partitions[i]->module); - ldb_next_del_trans(next); - talloc_free(next); + next->ops->del_transaction(next); + } + ldb_next_del_trans(module); + return ret; } } - return ret; + + return LDB_SUCCESS; } /* delete a transaction */ @@ -560,10 +680,10 @@ static int partition_del_trans(struct ldb_module *module) /* Figure out which partition it is under */ /* Skip the lot if 'data' isn't here yet (initialistion) */ for (i=0; data && data->partitions && data->partitions[i]; i++) { - struct ldb_module *next = make_module_for_next_request(module, module->ldb, data->partitions[i]->module); - - ret = ldb_next_del_trans(next); - talloc_free(next); + struct ldb_module *next = data->partitions[i]->module; + PARTITION_FIND_OP(next, del_transaction); + + ret = next->ops->del_transaction(next); if (ret != LDB_SUCCESS) { ret2 = ret; } @@ -571,6 +691,9 @@ static int partition_del_trans(struct ldb_module *module) return ret2; } +/* NOTE: ldb_sequence_number is still a completely SYNCHRONOUS call + * implemented only in ldb_rdb. It does not require ldb_wait() to be + * called after a request is made */ static int partition_sequence_number(struct ldb_module *module, struct ldb_request *req) { int i, ret; @@ -593,19 +716,29 @@ static int partition_sequence_number(struct ldb_module *module, struct ldb_reque seq_number = seq_number + req->op.seq_num.seq_num; } + /* gross hack part1 */ + ret = ldb_request_add_control(req, + DSDB_CONTROL_CURRENT_PARTITION_OID, + false, NULL); + if (ret != LDB_SUCCESS) { + return ret; + } + /* Look at base DN */ /* Figure out which partition it is under */ /* Skip the lot if 'data' isn't here yet (initialistion) */ for (i=0; data && data->partitions && data->partitions[i]; i++) { - struct ldb_module *next = make_module_for_next_request(req, module->ldb, data->partitions[i]->module); - - ret = ldb_request_add_control(req, DSDB_CONTROL_CURRENT_PARTITION_OID, false, data->partitions[i]); - if (ret != LDB_SUCCESS) { - return ret; + + /* gross hack part2 */ + int j; + for (j=0; req->controls[j]; j++) { + if (strcmp(req->controls[j]->oid, DSDB_CONTROL_CURRENT_PARTITION_OID) == 0) { + req->controls[j]->data = data->partitions[i]; + break; + } } - ret = ldb_next_request(next, req); - talloc_free(next); + ret = partition_request(data->partitions[i]->module, req); if (ret != LDB_SUCCESS) { return ret; } @@ -630,15 +763,13 @@ static int partition_sequence_number(struct ldb_module *module, struct ldb_reque return ret; } timestamp = date_req->op.seq_num.seq_num; - + /* Look at base DN */ /* Figure out which partition it is under */ /* Skip the lot if 'data' isn't here yet (initialistion) */ for (i=0; data && data->partitions && data->partitions[i]; i++) { - struct ldb_module *next = make_module_for_next_request(req, module->ldb, data->partitions[i]->module); - - ret = ldb_next_request(next, date_req); - talloc_free(next); + + ret = partition_request(data->partitions[i]->module, req); if (ret != LDB_SUCCESS) { return ret; } @@ -651,7 +782,7 @@ static int partition_sequence_number(struct ldb_module *module, struct ldb_reque switch (req->op.seq_num.flags) { case LDB_SEQ_NEXT: case LDB_SEQ_HIGHEST_SEQ: - + req->op.seq_num.flags = 0; /* Has someone above set a timebase sequence? */ @@ -705,7 +836,6 @@ static int partition_extended_schema_update_now(struct ldb_module *module, struc struct partition_private_data *data; struct ldb_dn *schema_dn; struct partition_context *ac; - struct ldb_module *backend; int ret; schema_dn = talloc_get_type(req->op.extended.data, struct ldb_dn); @@ -724,30 +854,33 @@ static int partition_extended_schema_update_now(struct ldb_module *module, struc return ldb_next_request(module, req); } - ac = partition_init_handle(req, module); + ac = partition_init_ctx(module, req); if (!ac) { return LDB_ERR_OPERATIONS_ERROR; } - backend = make_module_for_next_request(req, module->ldb, partition->module); - if (!backend) { - return LDB_ERR_OPERATIONS_ERROR; - } - - ret = ldb_request_add_control(req, DSDB_CONTROL_CURRENT_PARTITION_OID, false, partition); + /* we need to add a control but we never touch the original request */ + ret = partition_prep_request(ac, partition); if (ret != LDB_SUCCESS) { return ret; } - return ldb_next_request(backend, req); + /* fire the first one */ + return partition_call_first(ac); } /* extended */ static int partition_extended(struct ldb_module *module, struct ldb_request *req) { + struct partition_private_data *data; struct partition_context *ac; + data = talloc_get_type(module->private_data, struct partition_private_data); + if (!data || !data->partitions) { + return ldb_next_request(module, req); + } + if (strcmp(req->op.extended.oid, DSDB_EXTENDED_REPLICATED_OBJECTS_OID) == 0) { return partition_extended_replicated_objects(module, req); } @@ -762,27 +895,23 @@ static int partition_extended(struct ldb_module *module, struct ldb_request *req * we need to send it to all partitions */ - ac = partition_init_handle(req, module); + ac = partition_init_ctx(module, req); if (!ac) { return LDB_ERR_OPERATIONS_ERROR; } - + return partition_send_all(module, ac, req); } -static int sort_compare(void *void1, - void *void2, void *opaque) +static int partition_sort_compare(const void *v1, const void *v2) { - struct dsdb_control_current_partition **pp1 = - (struct dsdb_control_current_partition **)void1; - struct dsdb_control_current_partition **pp2 = - (struct dsdb_control_current_partition **)void2; - struct dsdb_control_current_partition *partition1 = talloc_get_type(*pp1, - struct dsdb_control_current_partition); - struct dsdb_control_current_partition *partition2 = talloc_get_type(*pp2, - struct dsdb_control_current_partition); - - return ldb_dn_compare(partition1->dn, partition2->dn); + struct dsdb_control_current_partition *p1; + struct dsdb_control_current_partition *p2; + + p1 = *((struct dsdb_control_current_partition **)v1); + p2 = *((struct dsdb_control_current_partition **)v2); + + return ldb_dn_compare(p1->dn, p2->dn); } static int partition_init(struct ldb_module *module) @@ -888,8 +1017,8 @@ static int partition_init(struct ldb_module *module) data->partitions[i] = NULL; /* sort these into order, most to least specific */ - ldb_qsort(data->partitions, partition_attributes->num_values, sizeof(*data->partitions), - module->ldb, sort_compare); + qsort(data->partitions, partition_attributes->num_values, + sizeof(*data->partitions), partition_sort_compare); for (i=0; data->partitions[i]; i++) { struct ldb_request *req; @@ -902,8 +1031,19 @@ static int partition_init(struct ldb_module *module) req->operation = LDB_REQ_REGISTER_PARTITION; req->op.reg_partition.dn = data->partitions[i]->dn; + req->callback = ldb_op_default_callback; + + ldb_set_timeout(module->ldb, req, 0); + + req->handle = ldb_handle_new(req, module->ldb); + if (req->handle == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } ret = ldb_request(module->ldb, req); + if (ret == LDB_SUCCESS) { + ret = ldb_wait(req->handle, LDB_WAIT_ALL); + } if (ret != LDB_SUCCESS) { ldb_debug(module->ldb, LDB_DEBUG_ERROR, "partition: Unable to register partition with rootdse!\n"); talloc_free(mem_ctx); @@ -921,7 +1061,7 @@ static int partition_init(struct ldb_module *module) talloc_free(mem_ctx); return LDB_ERR_OPERATIONS_ERROR; } - + for (i=0; i < replicate_attributes->num_values; i++) { data->replicate[i] = ldb_dn_from_ldb_val(data->replicate, module->ldb, &replicate_attributes->values[i]); if (!ldb_dn_validate(data->replicate[i])) { @@ -1016,72 +1156,6 @@ static int partition_init(struct ldb_module *module) return ldb_next_init(module); } -static int partition_wait_none(struct ldb_handle *handle) { - struct partition_context *ac; - int ret; - int i; - - if (!handle || !handle->private_data) { - return LDB_ERR_OPERATIONS_ERROR; - } - - if (handle->state == LDB_ASYNC_DONE) { - return handle->status; - } - - handle->state = LDB_ASYNC_PENDING; - handle->status = LDB_SUCCESS; - - ac = talloc_get_type(handle->private_data, struct partition_context); - - for (i=0; i < ac->num_requests; i++) { - ret = ldb_wait(ac->down_req[i]->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - if (ac->down_req[i]->handle->status != LDB_SUCCESS) { - handle->status = ac->down_req[i]->handle->status; - goto done; - } - - if (ac->down_req[i]->handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - } - - ret = LDB_SUCCESS; - -done: - handle->state = LDB_ASYNC_DONE; - return ret; -} - - -static int partition_wait_all(struct ldb_handle *handle) { - - int ret; - - while (handle->state != LDB_ASYNC_DONE) { - ret = partition_wait_none(handle); - if (ret != LDB_SUCCESS) { - return ret; - } - } - - return handle->status; -} - -static int partition_wait(struct ldb_handle *handle, enum ldb_wait_type type) -{ - if (type == LDB_WAIT_ALL) { - return partition_wait_all(handle); - } else { - return partition_wait_none(handle); - } -} - _PUBLIC_ const struct ldb_module_ops ldb_partition_module_ops = { .name = "partition", .init_context = partition_init, @@ -1095,5 +1169,4 @@ _PUBLIC_ const struct ldb_module_ops ldb_partition_module_ops = { .start_transaction = partition_start_trans, .end_transaction = partition_end_trans, .del_transaction = partition_del_trans, - .wait = partition_wait }; diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 6faef63c3d..e36de3c5c4 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -1,7 +1,7 @@ /* ldb database module - Copyright (C) Simo Sorce 2004-2006 + Copyright (C) Simo Sorce 2004-2008 Copyright (C) Andrew Bartlett 2005-2006 Copyright (C) Andrew Tridgell 2004 Copyright (C) Stefan Metzmacher 2007 @@ -73,23 +73,16 @@ struct ph_context { - enum ph_type {PH_ADD, PH_MOD} type; - enum ph_step {PH_ADD_SEARCH_DOM, PH_ADD_DO_ADD, PH_MOD_DO_REQ, PH_MOD_SEARCH_SELF, PH_MOD_SEARCH_DOM, PH_MOD_DO_MOD} step; - struct ldb_module *module; - struct ldb_request *orig_req; + struct ldb_request *req; struct ldb_request *dom_req; struct ldb_reply *dom_res; - struct ldb_request *down_req; - - struct ldb_request *search_req; struct ldb_reply *search_res; - struct ldb_request *mod_req; - struct dom_sid *domain_sid; + struct domain_data *domain; }; struct domain_data { @@ -1378,168 +1371,193 @@ static int setup_password_fields(struct setup_password_fields_io *io) return LDB_SUCCESS; } -static struct ldb_handle *ph_init_handle(struct ldb_request *req, struct ldb_module *module, enum ph_type type) +static struct ph_context *ph_init_context(struct ldb_module *module, + struct ldb_request *req) { struct ph_context *ac; - struct ldb_handle *h; - h = talloc_zero(req, struct ldb_handle); - if (h == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); - return NULL; - } - - h->module = module; - - ac = talloc_zero(h, struct ph_context); + ac = talloc_zero(req, struct ph_context); if (ac == NULL) { ldb_set_errstring(module->ldb, "Out of Memory"); - talloc_free(h); return NULL; } - h->private_data = (void *)ac; - - h->state = LDB_ASYNC_INIT; - h->status = LDB_SUCCESS; - - ac->type = type; ac->module = module; - ac->orig_req = req; + ac->req = req; - return h; + return ac; } -static int get_domain_data_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +static int ph_op_callback(struct ldb_request *req, struct ldb_reply *ares) { struct ph_context *ac; - ac = talloc_get_type(context, struct ph_context); + ac = talloc_get_type(req->context, struct ph_context); - /* we are interested only in the single reply (base search) we receive here */ - if (ares->type == LDB_REPLY_ENTRY) { - if (ac->dom_res != NULL) { - ldb_set_errstring(ldb, "Too many results"); - talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; - } - ac->dom_res = talloc_steal(ac, ares); - } else { - talloc_free(ares); + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } - - return LDB_SUCCESS; -} - -static int build_domain_data_request(struct ph_context *ac) -{ - /* attrs[] is returned from this function in - ac->dom_req->op.search.attrs, so it must be static, as - otherwise the compiler can put it on the stack */ - static const char * const attrs[] = { "pwdProperties", "pwdHistoryLength", NULL }; - char *filter; - - ac->dom_req = talloc_zero(ac, struct ldb_request); - if (ac->dom_req == NULL) { - ldb_debug(ac->module->ldb, LDB_DEBUG_ERROR, "Out of Memory!\n"); - return LDB_ERR_OPERATIONS_ERROR; + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); } - ac->dom_req->operation = LDB_SEARCH; - ac->dom_req->op.search.base = ldb_get_default_basedn(ac->module->ldb); - ac->dom_req->op.search.scope = LDB_SCOPE_SUBTREE; - filter = talloc_asprintf(ac->dom_req, - "(&(objectSid=%s)(|(|(objectClass=domain)(objectClass=builtinDomain))(objectClass=samba4LocalDomain)))", - ldap_encode_ndr_dom_sid(ac->dom_req, ac->domain_sid)); - if (filter == NULL) { - ldb_debug(ac->module->ldb, LDB_DEBUG_ERROR, "Out of Memory!\n"); - talloc_free(ac->dom_req); - return LDB_ERR_OPERATIONS_ERROR; - } - - ac->dom_req->op.search.tree = ldb_parse_tree(ac->dom_req, filter); - if (ac->dom_req->op.search.tree == NULL) { - ldb_set_errstring(ac->module->ldb, "Invalid search filter"); - talloc_free(ac->dom_req); - return LDB_ERR_OPERATIONS_ERROR; + if (ares->type != LDB_REPLY_DONE) { + talloc_free(ares); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } - ac->dom_req->op.search.attrs = attrs; - ac->dom_req->controls = NULL; - ac->dom_req->context = ac; - ac->dom_req->callback = get_domain_data_callback; - ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->dom_req); - return LDB_SUCCESS; + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); } -static struct domain_data *get_domain_data(struct ldb_module *module, void *ctx, struct ldb_reply *res) +static int password_hash_add_do_add(struct ph_context *ac); +static int ph_modify_callback(struct ldb_request *req, struct ldb_reply *ares); +static int password_hash_mod_search_self(struct ph_context *ac); +static int ph_mod_search_callback(struct ldb_request *req, struct ldb_reply *ares); +static int password_hash_mod_do_mod(struct ph_context *ac); + +static int get_domain_data_callback(struct ldb_request *req, + struct ldb_reply *ares) { struct domain_data *data; - const char *tmp; struct ph_context *ac; + int ret; + char *tmp; char *p; - ac = talloc_get_type(ctx, struct ph_context); + ac = talloc_get_type(req->context, struct ph_context); - data = talloc_zero(ac, struct domain_data); - if (data == NULL) { - return NULL; + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } - - if (res == NULL) { - ldb_debug(module->ldb, LDB_DEBUG_ERROR, "Could not find this user's domain: %s!\n", dom_sid_string(data, ac->domain_sid)); - talloc_free(data); - return NULL; + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); } - data->pwdProperties= samdb_result_uint(res->message, "pwdProperties", 0); - data->store_cleartext = data->pwdProperties & DOMAIN_PASSWORD_STORE_CLEARTEXT; - data->pwdHistoryLength = samdb_result_uint(res->message, "pwdHistoryLength", 0); + switch (ares->type) { + case LDB_REPLY_ENTRY: + if (ac->domain != NULL) { + ldb_set_errstring(ac->module->ldb, "Too many results"); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } - /* For a domain DN, this puts things in dotted notation */ - /* For builtin domains, this will give details for the host, - * but that doesn't really matter, as it's just used for salt - * and kerberos principals, which don't exist here */ + data = talloc_zero(ac, struct domain_data); + if (data == NULL) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } - tmp = ldb_dn_canonical_string(ctx, res->message->dn); - if (!tmp) { - return NULL; - } - - /* But it puts a trailing (or just before 'builtin') / on things, so kill that */ - p = strchr(tmp, '/'); - if (p) { - p[0] = '\0'; - } + data->pwdProperties = samdb_result_uint(ares->message, "pwdProperties", 0); + data->store_cleartext = data->pwdProperties & DOMAIN_PASSWORD_STORE_CLEARTEXT; + data->pwdHistoryLength = samdb_result_uint(ares->message, "pwdHistoryLength", 0); + + /* For a domain DN, this puts things in dotted notation */ + /* For builtin domains, this will give details for the host, + * but that doesn't really matter, as it's just used for salt + * and kerberos principals, which don't exist here */ + + tmp = ldb_dn_canonical_string(data, ares->message->dn); + if (!tmp) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + + /* But it puts a trailing (or just before 'builtin') / on things, so kill that */ + p = strchr(tmp, '/'); + if (p) { + p[0] = '\0'; + } - if (tmp != NULL) { data->dns_domain = strlower_talloc(data, tmp); if (data->dns_domain == NULL) { - ldb_debug(module->ldb, LDB_DEBUG_ERROR, "Out of memory!\n"); - return NULL; + ldb_oom(ac->module->ldb); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } data->realm = strupper_talloc(data, tmp); if (data->realm == NULL) { - ldb_debug(module->ldb, LDB_DEBUG_ERROR, "Out of memory!\n"); - return NULL; + ldb_oom(ac->module->ldb); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } + /* FIXME: NetbIOS name is *always* the first domain component ?? -SSS */ p = strchr(tmp, '.'); if (p) { p[0] = '\0'; } data->netbios_domain = strupper_talloc(data, tmp); if (data->netbios_domain == NULL) { - ldb_debug(module->ldb, LDB_DEBUG_ERROR, "Out of memory!\n"); - return NULL; + ldb_oom(ac->module->ldb); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + + talloc_free(tmp); + ac->domain = data; + break; + + case LDB_REPLY_DONE: + + /* call the next step */ + switch (ac->req->operation) { + case LDB_ADD: + ret = password_hash_add_do_add(ac); + break; + + case LDB_MODIFY: + ret = password_hash_mod_do_mod(ac); + break; + + default: + ret = LDB_ERR_OPERATIONS_ERROR; + break; + } + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); } + + case LDB_REPLY_REFERRAL: + /* ignore */ + break; } - return data; + talloc_free(ares); + return LDB_SUCCESS; +} + +static int build_domain_data_request(struct ph_context *ac) +{ + /* attrs[] is returned from this function in + ac->dom_req->op.search.attrs, so it must be static, as + otherwise the compiler can put it on the stack */ + static const char * const attrs[] = { "pwdProperties", "pwdHistoryLength", NULL }; + char *filter; + + filter = talloc_asprintf(ac, + "(&(objectSid=%s)(|(|(objectClass=domain)(objectClass=builtinDomain))(objectClass=samba4LocalDomain)))", + ldap_encode_ndr_dom_sid(ac, ac->domain_sid)); + if (filter == NULL) { + ldb_oom(ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + return ldb_build_search_req(&ac->dom_req, ac->module->ldb, ac, + ldb_get_default_basedn(ac->module->ldb), + LDB_SCOPE_SUBTREE, + filter, attrs, + NULL, + ac, get_domain_data_callback, + ac->req); } static int password_hash_add(struct ldb_module *module, struct ldb_request *req) { - struct ldb_handle *h; struct ph_context *ac; struct ldb_message_element *sambaAttr; struct ldb_message_element *ntAttr; @@ -1558,7 +1576,7 @@ static int password_hash_add(struct ldb_module *module, struct ldb_request *req) return ldb_next_request(module, req); } - /* nobody must touch this fields */ + /* nobody must touch these fields */ if (ldb_msg_find_element(req->op.add.message, "ntPwdHistory")) { return LDB_ERR_UNWILLING_TO_PERFORM; } @@ -1617,16 +1635,16 @@ static int password_hash_add(struct ldb_module *module, struct ldb_request *req) return LDB_ERR_CONSTRAINT_VIOLATION; } - h = ph_init_handle(req, module, PH_ADD); - if (!h) { + ac = ph_init_context(module, req); + if (ac == NULL) { return LDB_ERR_OPERATIONS_ERROR; } - ac = talloc_get_type(h->private_data, struct ph_context); /* get user domain data */ ac->domain_sid = samdb_result_sid_prefix(ac, req->op.add.message, "objectSid"); if (ac->domain_sid == NULL) { - ldb_debug(module->ldb, LDB_DEBUG_ERROR, "can't handle entry with missing objectSid!\n"); + ldb_debug(module->ldb, LDB_DEBUG_ERROR, + "can't handle entry with missing objectSid!\n"); return LDB_ERR_OPERATIONS_ERROR; } @@ -1635,51 +1653,33 @@ static int password_hash_add(struct ldb_module *module, struct ldb_request *req) return ret; } - ac->step = PH_ADD_SEARCH_DOM; - - req->handle = h; - return ldb_next_request(module, ac->dom_req); } -static int password_hash_add_do_add(struct ldb_handle *h) { +static int password_hash_add_do_add(struct ph_context *ac) { - struct ph_context *ac; - struct domain_data *domain; + struct ldb_request *down_req; struct smb_krb5_context *smb_krb5_context; struct ldb_message *msg; struct setup_password_fields_io io; int ret; - ac = talloc_get_type(h->private_data, struct ph_context); - - domain = get_domain_data(ac->module, ac, ac->dom_res); - if (domain == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - - ac->down_req = talloc(ac, struct ldb_request); - if (ac->down_req == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - - *(ac->down_req) = *(ac->orig_req); - ac->down_req->op.add.message = msg = ldb_msg_copy_shallow(ac->down_req, ac->orig_req->op.add.message); - if (ac->down_req->op.add.message == NULL) { + msg = ldb_msg_copy_shallow(ac, ac->req->op.add.message); + if (msg == NULL) { return LDB_ERR_OPERATIONS_ERROR; } /* Some operations below require kerberos contexts */ - if (smb_krb5_init_context(ac->down_req, - ldb_get_opaque(h->module->ldb, "EventContext"), - (struct loadparm_context *)ldb_get_opaque(h->module->ldb, "loadparm"), + if (smb_krb5_init_context(ac, + ldb_get_event_context(ac->module->ldb), + (struct loadparm_context *)ldb_get_opaque(ac->module->ldb, "loadparm"), &smb_krb5_context) != 0) { return LDB_ERR_OPERATIONS_ERROR; } ZERO_STRUCT(io); io.ac = ac; - io.domain = domain; + io.domain = ac->domain; io.smb_krb5_context = smb_krb5_context; io.u.user_account_control = samdb_result_uint(msg, "userAccountControl", 0); @@ -1756,27 +1756,27 @@ static int password_hash_add_do_add(struct ldb_handle *h) { return ret; } - h->state = LDB_ASYNC_INIT; - h->status = LDB_SUCCESS; - - ac->step = PH_ADD_DO_ADD; - - ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->down_req); + ret = ldb_build_add_req(&down_req, ac->module->ldb, ac, + msg, + ac->req->controls, + ac, ph_op_callback, + ac->req); + if (ret != LDB_SUCCESS) { + return ret; + } - /* perform the operation */ - return ldb_next_request(ac->module, ac->down_req); + return ldb_next_request(ac->module, down_req); } -static int password_hash_mod_search_self(struct ldb_handle *h); - static int password_hash_modify(struct ldb_module *module, struct ldb_request *req) { - struct ldb_handle *h; struct ph_context *ac; struct ldb_message_element *sambaAttr; struct ldb_message_element *ntAttr; struct ldb_message_element *lmAttr; struct ldb_message *msg; + struct ldb_request *down_req; + int ret; ldb_debug(module->ldb, LDB_DEBUG_TRACE, "password_hash_modify\n"); @@ -1824,83 +1824,143 @@ static int password_hash_modify(struct ldb_module *module, struct ldb_request *r return LDB_ERR_CONSTRAINT_VIOLATION; } - h = ph_init_handle(req, module, PH_MOD); - if (!h) { + ac = ph_init_context(module, req); + if (!ac) { return LDB_ERR_OPERATIONS_ERROR; } - ac = talloc_get_type(h->private_data, struct ph_context); - /* return or own handle to deal with this call */ - req->handle = h; - - /* prepare the first operation */ - ac->down_req = talloc_zero(ac, struct ldb_request); - if (ac->down_req == NULL) { - ldb_set_errstring(module->ldb, "Out of memory!"); + /* use a new message structure so that we can modify it */ + msg = ldb_msg_copy_shallow(ac, req->op.mod.message); + if (msg == NULL) { + ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } - *(ac->down_req) = *req; /* copy the request */ - - /* use a new message structure so that we can modify it */ - ac->down_req->op.mod.message = msg = ldb_msg_copy_shallow(ac->down_req, req->op.mod.message); - - /* - remove any imodification to the password from the first commit + /* - remove any modification to the password from the first commit * we will make the real modification later */ if (sambaAttr) ldb_msg_remove_attr(msg, "userPassword"); if (ntAttr) ldb_msg_remove_attr(msg, "unicodePwd"); if (lmAttr) ldb_msg_remove_attr(msg, "dBCSPwd"); - /* if there was nothing else to be modify skip to next step */ + /* if there was nothing else to be modified skip to next step */ if (msg->num_elements == 0) { - talloc_free(ac->down_req); - ac->down_req = NULL; - return password_hash_mod_search_self(h); + return password_hash_mod_search_self(ac); } - - ac->down_req->context = NULL; - ac->down_req->callback = NULL; - ac->step = PH_MOD_DO_REQ; + ret = ldb_build_mod_req(&down_req, module->ldb, ac, + msg, + req->controls, + ac, ph_modify_callback, + req); + if (ret != LDB_SUCCESS) { + return ret; + } - ldb_set_timeout_from_prev_req(module->ldb, req, ac->down_req); + return ldb_next_request(module, down_req); +} - return ldb_next_request(module, ac->down_req); +static int ph_modify_callback(struct ldb_request *req, struct ldb_reply *ares) +{ + struct ph_context *ac; + int ret; + + ac = talloc_get_type(req->context, struct ph_context); + + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + + if (ares->type != LDB_REPLY_DONE) { + talloc_free(ares); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + + ret = password_hash_mod_search_self(ac); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } + + talloc_free(ares); + return LDB_SUCCESS; } -static int get_self_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +static int ph_mod_search_callback(struct ldb_request *req, struct ldb_reply *ares) { struct ph_context *ac; + int ret; + + ac = talloc_get_type(req->context, struct ph_context); - ac = talloc_get_type(context, struct ph_context); + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + + /* we are interested only in the single reply (base search) */ + switch (ares->type) { + case LDB_REPLY_ENTRY: - /* we are interested only in the single reply (base search) we receive here */ - if (ares->type == LDB_REPLY_ENTRY) { if (ac->search_res != NULL) { - ldb_set_errstring(ldb, "Too many results"); + ldb_set_errstring(ac->module->ldb, "Too many results"); talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } /* if it is not an entry of type person this is an error */ - /* TODO: remove this when userPassword will be in schema */ + /* TODO: remove this when sambaPassword will be in schema */ if (!ldb_msg_check_string_attribute(ares->message, "objectClass", "person")) { - ldb_set_errstring(ldb, "Object class violation"); + ldb_set_errstring(ac->module->ldb, "Object class violation"); talloc_free(ares); - return LDB_ERR_OBJECT_CLASS_VIOLATION; + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OBJECT_CLASS_VIOLATION); } ac->search_res = talloc_steal(ac, ares); - } else { - talloc_free(ares); + return LDB_SUCCESS; + + case LDB_REPLY_DONE: + + /* get object domain sid */ + ac->domain_sid = samdb_result_sid_prefix(ac, + ac->search_res->message, + "objectSid"); + if (ac->domain_sid == NULL) { + ldb_debug(ac->module->ldb, LDB_DEBUG_ERROR, + "can't handle entry without objectSid!\n"); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + + /* get user domain data */ + ret = build_domain_data_request(ac); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL,ret); + } + + return ldb_next_request(ac->module, ac->dom_req); + + case LDB_REPLY_REFERRAL: + /*ignore anything else for now */ + break; } + talloc_free(ares); return LDB_SUCCESS; } -static int password_hash_mod_search_self(struct ldb_handle *h) { +static int password_hash_mod_search_self(struct ph_context *ac) { - struct ph_context *ac; static const char * const attrs[] = { "userAccountControl", "lmPwdHistory", "ntPwdHistory", "objectSid", "msDS-KeyVersionNumber", @@ -1909,64 +1969,28 @@ static int password_hash_mod_search_self(struct ldb_handle *h) { "dBCSPwd", "unicodePwd", "supplementalCredentials", NULL }; - - ac = talloc_get_type(h->private_data, struct ph_context); - - /* prepare the search operation */ - ac->search_req = talloc_zero(ac, struct ldb_request); - if (ac->search_req == NULL) { - ldb_debug(ac->module->ldb, LDB_DEBUG_ERROR, "Out of Memory!\n"); - return LDB_ERR_OPERATIONS_ERROR; - } - - ac->search_req->operation = LDB_SEARCH; - ac->search_req->op.search.base = ac->orig_req->op.mod.message->dn; - ac->search_req->op.search.scope = LDB_SCOPE_BASE; - ac->search_req->op.search.tree = ldb_parse_tree(ac->search_req, NULL); - if (ac->search_req->op.search.tree == NULL) { - ldb_set_errstring(ac->module->ldb, "Invalid search filter"); - return LDB_ERR_OPERATIONS_ERROR; - } - ac->search_req->op.search.attrs = attrs; - ac->search_req->controls = NULL; - ac->search_req->context = ac; - ac->search_req->callback = get_self_callback; - ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->search_req); - - ac->step = PH_MOD_SEARCH_SELF; - - return ldb_next_request(ac->module, ac->search_req); -} - -static int password_hash_mod_search_dom(struct ldb_handle *h) { - - struct ph_context *ac; + struct ldb_request *search_req; int ret; - ac = talloc_get_type(h->private_data, struct ph_context); + ret = ldb_build_search_req(&search_req, ac->module->ldb, ac, + ac->req->op.mod.message->dn, + LDB_SCOPE_BASE, + "(objectclass=*)", + attrs, + NULL, + ac, ph_mod_search_callback, + ac->req); - /* get object domain sid */ - ac->domain_sid = samdb_result_sid_prefix(ac, ac->search_res->message, "objectSid"); - if (ac->domain_sid == NULL) { - ldb_debug(ac->module->ldb, LDB_DEBUG_ERROR, "can't handle entry with missing objectSid!\n"); - return LDB_ERR_OPERATIONS_ERROR; - } - - /* get user domain data */ - ret = build_domain_data_request(ac); if (ret != LDB_SUCCESS) { return ret; } - ac->step = PH_MOD_SEARCH_DOM; - - return ldb_next_request(ac->module, ac->dom_req); + return ldb_next_request(ac->module, search_req); } -static int password_hash_mod_do_mod(struct ldb_handle *h) { +static int password_hash_mod_do_mod(struct ph_context *ac) { - struct ph_context *ac; - struct domain_data *domain; + struct ldb_request *mod_req; struct smb_krb5_context *smb_krb5_context; struct ldb_message *msg; struct ldb_message *orig_msg; @@ -1974,43 +1998,29 @@ static int password_hash_mod_do_mod(struct ldb_handle *h) { struct setup_password_fields_io io; int ret; - ac = talloc_get_type(h->private_data, struct ph_context); - - domain = get_domain_data(ac->module, ac, ac->dom_res); - if (domain == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - - ac->mod_req = talloc(ac, struct ldb_request); - if (ac->mod_req == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - - *(ac->mod_req) = *(ac->orig_req); - /* use a new message structure so that we can modify it */ - ac->mod_req->op.mod.message = msg = ldb_msg_new(ac->mod_req); + msg = ldb_msg_new(ac); if (msg == NULL) { return LDB_ERR_OPERATIONS_ERROR; } /* modify dn */ - msg->dn = ac->orig_req->op.mod.message->dn; + msg->dn = ac->req->op.mod.message->dn; /* Some operations below require kerberos contexts */ - if (smb_krb5_init_context(ac->mod_req, - ldb_get_opaque(h->module->ldb, "EventContext"), - (struct loadparm_context *)ldb_get_opaque(h->module->ldb, "loadparm"), + if (smb_krb5_init_context(ac, + ldb_get_event_context(ac->module->ldb), + (struct loadparm_context *)ldb_get_opaque(ac->module->ldb, "loadparm"), &smb_krb5_context) != 0) { return LDB_ERR_OPERATIONS_ERROR; } - orig_msg = discard_const(ac->orig_req->op.mod.message); + orig_msg = discard_const(ac->req->op.mod.message); searched_msg = ac->search_res->message; ZERO_STRUCT(io); io.ac = ac; - io.domain = domain; + io.domain = ac->domain; io.smb_krb5_context = smb_krb5_context; io.u.user_account_control = samdb_result_uint(searched_msg, "userAccountControl", 0); @@ -2093,189 +2103,20 @@ static int password_hash_mod_do_mod(struct ldb_handle *h) { return ret; } - h->state = LDB_ASYNC_INIT; - h->status = LDB_SUCCESS; - - ac->step = PH_MOD_DO_MOD; - - ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->mod_req); - - /* perform the search */ - return ldb_next_request(ac->module, ac->mod_req); -} - -static int ph_wait(struct ldb_handle *handle) { - struct ph_context *ac; - int ret; - - if (!handle || !handle->private_data) { - return LDB_ERR_OPERATIONS_ERROR; - } - - if (handle->state == LDB_ASYNC_DONE) { - return handle->status; - } - - handle->state = LDB_ASYNC_PENDING; - handle->status = LDB_SUCCESS; - - ac = talloc_get_type(handle->private_data, struct ph_context); - - switch (ac->step) { - case PH_ADD_SEARCH_DOM: - ret = ldb_wait(ac->dom_req->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - if (ac->dom_req->handle->status != LDB_SUCCESS) { - handle->status = ac->dom_req->handle->status; - goto done; - } - - if (ac->dom_req->handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - - /* domain search done, go on */ - return password_hash_add_do_add(handle); - - case PH_ADD_DO_ADD: - ret = ldb_wait(ac->down_req->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - if (ac->down_req->handle->status != LDB_SUCCESS) { - handle->status = ac->down_req->handle->status; - goto done; - } - - if (ac->down_req->handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - - break; - - case PH_MOD_DO_REQ: - ret = ldb_wait(ac->down_req->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - if (ac->down_req->handle->status != LDB_SUCCESS) { - handle->status = ac->down_req->handle->status; - goto done; - } - - if (ac->down_req->handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - - /* non-password mods done, go on */ - return password_hash_mod_search_self(handle); - - case PH_MOD_SEARCH_SELF: - ret = ldb_wait(ac->search_req->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - if (ac->search_req->handle->status != LDB_SUCCESS) { - handle->status = ac->search_req->handle->status; - goto done; - } - - if (ac->search_req->handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - - if (ac->search_res == NULL) { - return LDB_ERR_NO_SUCH_OBJECT; - } - - /* self search done, go on */ - return password_hash_mod_search_dom(handle); - - case PH_MOD_SEARCH_DOM: - ret = ldb_wait(ac->dom_req->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - if (ac->dom_req->handle->status != LDB_SUCCESS) { - handle->status = ac->dom_req->handle->status; - goto done; - } - - if (ac->dom_req->handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - - /* domain search done, go on */ - return password_hash_mod_do_mod(handle); - - case PH_MOD_DO_MOD: - ret = ldb_wait(ac->mod_req->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - if (ac->mod_req->handle->status != LDB_SUCCESS) { - handle->status = ac->mod_req->handle->status; - goto done; - } - - if (ac->mod_req->handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - - break; - - default: - ret = LDB_ERR_OPERATIONS_ERROR; - goto done; - } - - ret = LDB_SUCCESS; - -done: - handle->state = LDB_ASYNC_DONE; - return ret; -} - -static int ph_wait_all(struct ldb_handle *handle) { - - int ret; - - while (handle->state != LDB_ASYNC_DONE) { - ret = ph_wait(handle); - if (ret != LDB_SUCCESS) { - return ret; - } + ret = ldb_build_mod_req(&mod_req, ac->module->ldb, ac, + msg, + ac->req->controls, + ac, ph_op_callback, + ac->req); + if (ret != LDB_SUCCESS) { + return ret; } - return handle->status; -} - -static int password_hash_wait(struct ldb_handle *handle, enum ldb_wait_type type) -{ - if (type == LDB_WAIT_ALL) { - return ph_wait_all(handle); - } else { - return ph_wait(handle); - } + return ldb_next_request(ac->module, mod_req); } _PUBLIC_ const struct ldb_module_ops ldb_password_hash_module_ops = { .name = "password_hash", .add = password_hash_add, .modify = password_hash_modify, - .wait = password_hash_wait }; diff --git a/source4/dsdb/samdb/ldb_modules/proxy.c b/source4/dsdb/samdb/ldb_modules/proxy.c index d0a315e45a..171832bbb4 100644 --- a/source4/dsdb/samdb/ldb_modules/proxy.c +++ b/source4/dsdb/samdb/ldb_modules/proxy.c @@ -50,6 +50,14 @@ struct proxy_data { const char **newstr; }; +struct proxy_ctx { + struct ldb_module *module; + struct ldb_request *req; + +#ifdef DEBUG_PROXY + int count; +#endif +}; /* load the @PROXYINFO record @@ -62,7 +70,6 @@ static int load_proxy_info(struct ldb_module *module) int ret; const char *olddn, *newdn, *url, *username, *password, *oldstr, *newstr; struct cli_credentials *creds; - /* see if we have already loaded it */ if (proxy->upstream != NULL) { @@ -105,7 +112,7 @@ static int load_proxy_info(struct ldb_module *module) goto failed; } - proxy->upstream = ldb_init(proxy); + proxy->upstream = ldb_init(proxy, ldb_get_event_context(ldb)); if (proxy->upstream == NULL) { ldb_oom(module->ldb); goto failed; @@ -180,10 +187,10 @@ static void proxy_convert_blob(TALLOC_CTX *mem_ctx, struct ldb_val *v, /* convert a returned value */ -static void proxy_convert_value(struct ldb_module *module, struct ldb_message *msg, struct ldb_val *v) +static void proxy_convert_value(struct proxy_data *proxy, struct ldb_message *msg, struct ldb_val *v) { - struct proxy_data *proxy = talloc_get_type(module->private_data, struct proxy_data); int i; + for (i=0;proxy->oldstr[i];i++) { char *p = strcasestr((char *)v->data, proxy->oldstr[i]); if (p == NULL) continue; @@ -195,20 +202,21 @@ static void proxy_convert_value(struct ldb_module *module, struct ldb_message *m /* convert a returned value */ -static struct ldb_parse_tree *proxy_convert_tree(struct ldb_module *module, +static struct ldb_parse_tree *proxy_convert_tree(TALLOC_CTX *mem_ctx, + struct proxy_data *proxy, struct ldb_parse_tree *tree) { - struct proxy_data *proxy = talloc_get_type(module->private_data, struct proxy_data); int i; - char *expression = ldb_filter_from_tree(module, tree); + char *expression = ldb_filter_from_tree(mem_ctx, tree); + for (i=0;proxy->newstr[i];i++) { struct ldb_val v; char *p = strcasestr(expression, proxy->newstr[i]); if (p == NULL) continue; v.data = (uint8_t *)expression; v.length = strlen(expression)+1; - proxy_convert_blob(module, &v, proxy->newstr[i], proxy->oldstr[i]); - return ldb_parse_tree(module, (const char *)v.data); + proxy_convert_blob(mem_ctx, &v, proxy->newstr[i], proxy->oldstr[i]); + return ldb_parse_tree(mem_ctx, (const char *)v.data); } return tree; } @@ -218,13 +226,14 @@ static struct ldb_parse_tree *proxy_convert_tree(struct ldb_module *module, /* convert a returned record */ -static void proxy_convert_record(struct ldb_module *module, struct ldb_message *msg) +static void proxy_convert_record(struct ldb_context *ldb, + struct proxy_data *proxy, + struct ldb_message *msg) { - struct proxy_data *proxy = talloc_get_type(module->private_data, struct proxy_data); int attr, v; - + /* fix the message DN */ - if (ldb_dn_compare_base(module->ldb, proxy->olddn, msg->dn) == 0) { + if (ldb_dn_compare_base(ldb, proxy->olddn, msg->dn) == 0) { ldb_dn_remove_base_components(msg->dn, ldb_dn_get_comp_num(proxy->olddn)); ldb_dn_add_base(msg->dn, proxy->newdn); } @@ -232,21 +241,71 @@ static void proxy_convert_record(struct ldb_module *module, struct ldb_message * /* fix any attributes */ for (attr=0;attrnum_elements;attr++) { for (v=0;velements[attr].num_values;v++) { - proxy_convert_value(module, msg, &msg->elements[attr].values[v]); + proxy_convert_value(proxy, msg, &msg->elements[attr].values[v]); } } /* fix any DN components */ for (attr=0;attrnum_elements;attr++) { for (v=0;velements[attr].num_values;v++) { - proxy_convert_value(module, msg, &msg->elements[attr].values[v]); + proxy_convert_value(proxy, msg, &msg->elements[attr].values[v]); } } } +static int proxy_search_callback(struct ldb_request *req, + struct ldb_reply *ares) +{ + struct proxy_data *proxy; + struct proxy_ctx *ac; + int ret; + + ac = talloc_get_type(req->context, struct proxy_ctx); + proxy = talloc_get_type(ac->module->private_data, struct proxy_data); + + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + + /* Only entries are interesting, and we only want the olddn */ + switch (ares->type) { + case LDB_REPLY_ENTRY: + +#ifdef DEBUG_PROXY + ac->count++; +#endif + proxy_convert_record(ac->module->ldb, proxy, ares->message); + ret = ldb_module_send_entry(ac->req, ares->message); + break; + + case LDB_REPLY_REFERRAL: + + /* ignore remote referrals */ + break; + + case LDB_REPLY_DONE: + +#ifdef DEBUG_PROXY + printf("# record %d\n", ac->count+1); +#endif + + return ldb_module_done(ac->req, NULL, NULL, LDB_SUCCESS); + } + + talloc_free(ares); + return ret; +} + /* search */ static int proxy_search_bytree(struct ldb_module *module, struct ldb_request *req) { + struct proxy_ctx *ac; + struct ldb_parse_tree *newtree; struct proxy_data *proxy = talloc_get_type(module->private_data, struct proxy_data); struct ldb_request *newreq; struct ldb_dn *base; @@ -259,7 +318,7 @@ static int proxy_search_bytree(struct ldb_module *module, struct ldb_request *re } if (load_proxy_info(module) != 0) { - return -1; + return LDB_ERR_OPERATIONS_ERROR; } /* see if the dn is within olddn */ @@ -267,47 +326,50 @@ static int proxy_search_bytree(struct ldb_module *module, struct ldb_request *re goto passthru; } - newreq = talloc(module, struct ldb_request); - if (newreq == NULL) { - return -1; + ac = talloc(req, struct proxy_ctx); + if (ac == NULL) { + return LDB_ERR_OPERATIONS_ERROR; } - newreq->op.search.tree = proxy_convert_tree(module, req->op.search.tree); + ac->module = module; + ac->req = req; +#ifdef DEBUG_PROXY + ac->count = 0; +#endif + + newtree = proxy_convert_tree(ac, proxy, req->op.search.tree); /* convert the basedn of this search */ - base = ldb_dn_copy(proxy, req->op.search.base); + base = ldb_dn_copy(ac, req->op.search.base); if (base == NULL) { - talloc_free(newreq); goto failed; } ldb_dn_remove_base_components(base, ldb_dn_get_comp_num(proxy->newdn)); ldb_dn_add_base(base, proxy->olddn); ldb_debug(module->ldb, LDB_DEBUG_FATAL, "proxying: '%s' with dn '%s' \n", - ldb_filter_from_tree(proxy, newreq->op.search.tree), ldb_dn_get_linearized(newreq->op.search.base)); + ldb_filter_from_tree(ac, newreq->op.search.tree), ldb_dn_get_linearized(newreq->op.search.base)); for (i = 0; req->op.search.attrs && req->op.search.attrs[i]; i++) { ldb_debug(module->ldb, LDB_DEBUG_FATAL, "attr: '%s'\n", req->op.search.attrs[i]); } - newreq->op.search.base = base; - newreq->op.search.scope = req->op.search.scope; - newreq->op.search.attrs = req->op.search.attrs; - newreq->op.search.res = req->op.search.res; - newreq->controls = req->controls; + ret = ldb_build_search_req_ex(&newreq, module->ldb, ac, + base, req->op.search.scope, + newtree, req->op.search.attrs, + req->controls, + ac, proxy_search_callback, + req); + + /* FIXME: warning, need a real event system hooked up for this to work properly, + * for now this makes the module *not* ASYNC */ ret = ldb_request(proxy->upstream, newreq); if (ret != LDB_SUCCESS) { ldb_set_errstring(module->ldb, ldb_errstring(proxy->upstream)); - talloc_free(newreq); - return -1; } - - for (i = 0; i < newreq->op.search.res->count; i++) { - printf("# record %d\n", i+1); - - proxy_convert_record(module, newreq->op.search.res->msgs[i]); + ret = ldb_wait(newreq->handle, LDB_WAIT_ALL); + if (ret != LDB_SUCCESS) { + ldb_set_errstring(module->ldb, ldb_errstring(proxy->upstream)); } - - talloc_free(newreq); return ret; failed: diff --git a/source4/dsdb/samdb/ldb_modules/ranged_results.c b/source4/dsdb/samdb/ldb_modules/ranged_results.c index c6ebea1044..b8e43a7e88 100644 --- a/source4/dsdb/samdb/ldb_modules/ranged_results.c +++ b/source4/dsdb/samdb/ldb_modules/ranged_results.c @@ -32,57 +32,89 @@ #include "ldb_includes.h" struct rr_context { - struct ldb_request *orig_req; - struct ldb_request *down_req; + struct ldb_module *module; + struct ldb_request *req; }; -static int rr_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +static struct rr_context *rr_init_context(struct ldb_module *module, + struct ldb_request *req) { - struct rr_context *rr_context = talloc_get_type(context, struct rr_context); - struct ldb_request *orig_req = rr_context->orig_req; + struct rr_context *ac; + + ac = talloc_zero(req, struct rr_context); + if (ac == NULL) { + ldb_set_errstring(module->ldb, "Out of Memory"); + return NULL; + } + + ac->module = module; + ac->req = req; + + return ac; +} + +static int rr_search_callback(struct ldb_request *req, struct ldb_reply *ares) +{ + struct rr_context *ac; int i, j; - - if (ares->type != LDB_REPLY_ENTRY) { - return rr_context->orig_req->callback(ldb, rr_context->orig_req->context, ares); + + ac = talloc_get_type(req->context, struct rr_context); + + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + + if (ares->type == LDB_REPLY_REFERRAL) { + return ldb_module_send_referral(ac->req, ares->referral); } + if (ares->type == LDB_REPLY_DONE) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + + /* LDB_REPLY_ENTRY */ + /* Find those that are range requests from the attribute list */ - for (i = 0; orig_req->op.search.attrs[i]; i++) { + for (i = 0; ac->req->op.search.attrs[i]; i++) { char *p, *new_attr; const char *end_str; unsigned int start, end, orig_num_values; struct ldb_message_element *el; struct ldb_val *orig_values; - p = strchr(orig_req->op.search.attrs[i], ';'); + p = strchr(ac->req->op.search.attrs[i], ';'); if (!p) { continue; } if (strncasecmp(p, ";range=", strlen(";range=")) != 0) { continue; } - if (sscanf(p, ";range=%u-%u", &start, &end) == 2) { - } else if (sscanf(p, ";range=%u-*", &start) == 1) { - end = (unsigned int)-1; - } else { - continue; + if (sscanf(p, ";range=%u-%u", &start, &end) != 2) { + if (sscanf(p, ";range=%u-*", &start) == 1) { + end = (unsigned int)-1; + } else { + continue; + } } - new_attr = talloc_strndup(orig_req, - orig_req->op.search.attrs[i], - (unsigned int)(p-orig_req->op.search.attrs[i])); + new_attr = talloc_strndup(ac->req, + ac->req->op.search.attrs[i], + (size_t)(p - ac->req->op.search.attrs[i])); if (!new_attr) { - ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; + ldb_oom(ac->module->ldb); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } el = ldb_msg_find_element(ares->message, new_attr); talloc_free(new_attr); if (!el) { continue; } - if (start > end) { - ldb_asprintf_errstring(ldb, "range request error: start must not be greater than end"); - return LDB_ERR_UNWILLING_TO_PERFORM; - } if (end >= (el->num_values - 1)) { /* Need to leave the requested attribute in * there (so add an empty one to match) */ @@ -91,11 +123,12 @@ static int rr_search_callback(struct ldb_context *ldb, void *context, struct ldb } else { end_str = talloc_asprintf(el, "%u", end); if (!end_str) { - ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; + ldb_oom(ac->module->ldb); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } } - /* If start is greater then where we noe find the end to be */ + /* If start is greater then where we are find the end to be */ if (start > end) { el->num_values = 0; el->values = NULL; @@ -104,16 +137,19 @@ static int rr_search_callback(struct ldb_context *ldb, void *context, struct ldb orig_num_values = el->num_values; if ((start + end < start) || (start + end < end)) { - ldb_asprintf_errstring(ldb, "range request error: start or end would overflow!"); - return LDB_ERR_UNWILLING_TO_PERFORM; + ldb_asprintf_errstring(ac->module->ldb, + "range request error: start or end would overflow!"); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_UNWILLING_TO_PERFORM); } el->num_values = 0; el->values = talloc_array(el, struct ldb_val, (end - start) + 1); if (!el->values) { - ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; + ldb_oom(ac->module->ldb); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } for (j=start; j <= end; j++) { el->values[el->num_values] = orig_values[j]; @@ -122,13 +158,13 @@ static int rr_search_callback(struct ldb_context *ldb, void *context, struct ldb } el->name = talloc_asprintf(el, "%s;range=%u-%s", el->name, start, end_str); if (!el->name) { - ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; + ldb_oom(ac->module->ldb); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } } - return rr_context->orig_req->callback(ldb, rr_context->orig_req->context, ares); - + return ldb_module_send_entry(ac->req, ares->message); } /* search */ @@ -137,8 +173,10 @@ static int rr_search(struct ldb_module *module, struct ldb_request *req) int i; unsigned int start, end; const char **new_attrs = NULL; - struct rr_context *context; bool found_rr = false; + struct ldb_request *down_req; + struct rr_context *ac; + int ret; /* Strip the range request from the attribute */ for (i = 0; req->op.search.attrs && req->op.search.attrs[i]; i++) { @@ -146,19 +184,21 @@ static int rr_search(struct ldb_module *module, struct ldb_request *req) new_attrs = talloc_realloc(req, new_attrs, const char *, i+2); new_attrs[i] = req->op.search.attrs[i]; new_attrs[i+1] = NULL; - p = strchr(req->op.search.attrs[i], ';'); + p = strchr(new_attrs[i], ';'); if (!p) { continue; } if (strncasecmp(p, ";range=", strlen(";range=")) != 0) { continue; } - if (sscanf(p, ";range=%u-%u", &start, &end) == 2) { - } else if (sscanf(p, ";range=%u-*", &start) == 1) { - end = (unsigned int)-1; - } else { - ldb_asprintf_errstring(module->ldb, "range request error: range requst malformed"); - return LDB_ERR_UNWILLING_TO_PERFORM; + end = (unsigned int)-1; + if (sscanf(p, ";range=%u-*", &start) != 1) { + if (sscanf(p, ";range=%u-%u", &start, &end) != 2) { + ldb_asprintf_errstring(module->ldb, + "range request error: " + "range request malformed"); + return LDB_ERR_UNWILLING_TO_PERFORM; + } } if (start > end) { ldb_asprintf_errstring(module->ldb, "range request error: start must not be greater than end"); @@ -166,9 +206,8 @@ static int rr_search(struct ldb_module *module, struct ldb_request *req) } found_rr = true; - new_attrs[i] = talloc_strndup(new_attrs, - req->op.search.attrs[i], - (unsigned int)(p-req->op.search.attrs[i])); + new_attrs[i] = talloc_strndup(new_attrs, new_attrs[i], + (size_t)(p - new_attrs[i])); if (!new_attrs[i]) { ldb_oom(module->ldb); @@ -177,27 +216,27 @@ static int rr_search(struct ldb_module *module, struct ldb_request *req) } if (found_rr) { - int ret; - context = talloc(req, struct rr_context); - context->orig_req = req; - context->down_req = talloc(context, struct ldb_request); - *context->down_req = *req; - - context->down_req->op.search.attrs = new_attrs; - - context->down_req->callback = rr_search_callback; - context->down_req->context = context; - - ret = ldb_next_request(module, context->down_req); - - /* We don't need to implement our own 'wait' function, so pass the handle along */ - if (ret == LDB_SUCCESS) { - req->handle = context->down_req->handle; + ac = rr_init_context(module, req); + if (!ac) { + return LDB_ERR_OPERATIONS_ERROR; + } + + ret = ldb_build_search_req_ex(&down_req, module->ldb, ac, + req->op.search.base, + req->op.search.scope, + req->op.search.tree, + new_attrs, + req->controls, + ac, rr_search_callback, + req); + if (ret != LDB_SUCCESS) { + return ret; } - return ret; + return ldb_next_request(module, down_req); } /* No change, just run the original request as if we were never here */ + talloc_free(new_attrs); return ldb_next_request(module, req); } diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index fbaf461a3f..13a979b6f8 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -1,7 +1,7 @@ /* ldb database library - Copyright (C) Simo Sorce 2004-2006 + Copyright (C) Simo Sorce 2004-2008 Copyright (C) Andrew Bartlett 2005 Copyright (C) Andrew Tridgell 2005 Copyright (C) Stefan Metzmacher 2007 @@ -51,8 +51,7 @@ struct replmd_replicated_request { struct ldb_module *module; - struct ldb_handle *handle; - struct ldb_request *orig_req; + struct ldb_request *req; const struct dsdb_schema *schema; @@ -63,59 +62,23 @@ struct replmd_replicated_request { uint32_t index_current; - struct { - TALLOC_CTX *mem_ctx; - struct ldb_request *search_req; - struct ldb_message *search_msg; - int search_ret; - struct ldb_request *change_req; - int change_ret; - } sub; + struct ldb_message *search_msg; }; -static struct replmd_replicated_request *replmd_replicated_init_handle(struct ldb_module *module, - struct ldb_request *req, - struct dsdb_extended_replicated_objects *objs) +static struct replmd_replicated_request *replmd_ctx_init(struct ldb_module *module, + struct ldb_request *req) { - struct replmd_replicated_request *ar; - struct ldb_handle *h; - const struct dsdb_schema *schema; - - schema = dsdb_get_schema(module->ldb); - if (!schema) { - ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, - "replmd_replicated_init_handle: no loaded schema found\n"); - return NULL; - } + struct replmd_replicated_request *ac; - h = talloc_zero(req, struct ldb_handle); - if (h == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); - return NULL; - } - - h->module = module; - h->state = LDB_ASYNC_PENDING; - h->status = LDB_SUCCESS; - - ar = talloc_zero(h, struct replmd_replicated_request); - if (ar == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); - talloc_free(h); + ac = talloc_zero(req, struct replmd_replicated_request); + if (ac == NULL) { + ldb_oom(module->ldb); return NULL; } - h->private_data = ar; - - ar->module = module; - ar->handle = h; - ar->orig_req = req; - ar->schema = schema; - ar->objs = objs; - - req->handle = h; - - return ar; + ac->module = module; + ac->req = req; + return ac; } /* @@ -239,34 +202,37 @@ static void replmd_ldb_message_sort(struct ldb_message *msg, discard_const_p(void, schema), (ldb_qsort_cmp_fn_t)replmd_ldb_message_element_attid_sort); } -static int replmd_prepare_originating(struct ldb_module *module, struct ldb_request *req, - struct ldb_dn *dn, const char *fn_name, - int (*fn)(struct ldb_module *, - struct ldb_request *, - const struct dsdb_schema *)) +static int replmd_op_callback(struct ldb_request *req, struct ldb_reply *ares) { - const struct dsdb_schema *schema; - - /* do not manipulate our control entries */ - if (ldb_dn_is_special(dn)) { - return ldb_next_request(module, req); + struct replmd_replicated_request *ac; + + ac = talloc_get_type(req->context, struct replmd_replicated_request); + + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); } - schema = dsdb_get_schema(module->ldb); - if (!schema) { - ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, - "%s: no dsdb_schema loaded", - fn_name); - return LDB_ERR_CONSTRAINT_VIOLATION; + if (ares->type != LDB_REPLY_DONE) { + ldb_set_errstring(ac->module->ldb, + "invalid ldb_reply_type in callback"); + talloc_free(ares); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } - return fn(module, req, schema); + return ldb_module_done(ac->req, ares->controls, + ares->response, LDB_SUCCESS); } -static int replmd_add_originating(struct ldb_module *module, - struct ldb_request *req, - const struct dsdb_schema *schema) +static int replmd_add(struct ldb_module *module, struct ldb_request *req) { + struct replmd_replicated_request *ac; + const struct dsdb_schema *schema; enum ndr_err_code ndr_err; struct ldb_request *down_req; struct ldb_message *msg; @@ -283,11 +249,30 @@ static int replmd_add_originating(struct ldb_module *module, int ret; uint32_t i, ni=0; - ldb_debug(module->ldb, LDB_DEBUG_TRACE, "replmd_add_originating\n"); + /* do not manipulate our control entries */ + if (ldb_dn_is_special(req->op.add.message->dn)) { + return ldb_next_request(module, req); + } + + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "replmd_add\n"); + + schema = dsdb_get_schema(module->ldb); + if (!schema) { + ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, + "replmd_modify: no dsdb_schema loaded"); + return LDB_ERR_CONSTRAINT_VIOLATION; + } + + ac = replmd_ctx_init(module, req); + if (!ac) { + return LDB_ERR_OPERATIONS_ERROR; + } + + ac->schema = schema; if (ldb_msg_find_element(req->op.add.message, "objectGUID")) { ldb_debug_set(module->ldb, LDB_DEBUG_ERROR, - "replmd_add_originating: it's not allowed to add an object with objectGUID\n"); + "replmd_add: it's not allowed to add an object with objectGUID\n"); return LDB_ERR_UNWILLING_TO_PERFORM; } @@ -304,22 +289,13 @@ static int replmd_add_originating(struct ldb_module *module, our_invocation_id = samdb_ntds_invocation_id(module->ldb); if (!our_invocation_id) { ldb_debug_set(module->ldb, LDB_DEBUG_ERROR, - "replmd_add_originating: unable to find invocationId\n"); - return LDB_ERR_OPERATIONS_ERROR; - } - - /* create a copy of the request */ - down_req = talloc(req, struct ldb_request); - if (down_req == NULL) { - ldb_oom(module->ldb); + "replmd_add: unable to find invocationId\n"); return LDB_ERR_OPERATIONS_ERROR; } - *down_req = *req; /* we have to copy the message as the caller might have it as a const */ - down_req->op.add.message = msg = ldb_msg_copy_shallow(down_req, req->op.add.message); + msg = ldb_msg_copy_shallow(ac, req->op.add.message); if (msg == NULL) { - talloc_free(down_req); ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } @@ -328,7 +304,6 @@ static int replmd_add_originating(struct ldb_module *module, unix_to_nt_time(&now, t); time_str = ldb_timestring(msg, t); if (!time_str) { - talloc_free(down_req); return LDB_ERR_OPERATIONS_ERROR; } @@ -346,7 +321,6 @@ static int replmd_add_originating(struct ldb_module *module, */ ret = ldb_msg_add_string(msg, "whenCreated", time_str); if (ret != LDB_SUCCESS) { - talloc_free(down_req); ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } @@ -359,7 +333,6 @@ static int replmd_add_originating(struct ldb_module *module, struct replPropertyMetaData1, nmd.ctr.ctr1.count); if (!nmd.ctr.ctr1.array) { - talloc_free(down_req); ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } @@ -374,9 +347,8 @@ static int replmd_add_originating(struct ldb_module *module, sa = dsdb_attribute_by_lDAPDisplayName(schema, e->name); if (!sa) { ldb_debug_set(module->ldb, LDB_DEBUG_ERROR, - "replmd_add_originating: attribute '%s' not defined in schema\n", + "replmd_add: attribute '%s' not defined in schema\n", e->name); - talloc_free(down_req); return LDB_ERR_NO_SUCH_ATTRIBUTE; } @@ -422,7 +394,6 @@ static int replmd_add_originating(struct ldb_module *module, &nmd, (ndr_push_flags_fn_t)ndr_push_replPropertyMetaDataBlob); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - talloc_free(down_req); ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } @@ -432,31 +403,26 @@ static int replmd_add_originating(struct ldb_module *module, */ ret = ldb_msg_add_value(msg, "objectGUID", &guid_value, NULL); if (ret != LDB_SUCCESS) { - talloc_free(down_req); ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } ret = ldb_msg_add_string(msg, "whenChanged", time_str); if (ret != LDB_SUCCESS) { - talloc_free(down_req); ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } ret = samdb_msg_add_uint64(module->ldb, msg, msg, "uSNCreated", seq_num); if (ret != LDB_SUCCESS) { - talloc_free(down_req); ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } ret = samdb_msg_add_uint64(module->ldb, msg, msg, "uSNChanged", seq_num); if (ret != LDB_SUCCESS) { - talloc_free(down_req); ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } ret = ldb_msg_add_value(msg, "replPropertyMetaData", &nmd_value, NULL); if (ret != LDB_SUCCESS) { - talloc_free(down_req); ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } @@ -466,49 +432,54 @@ static int replmd_add_originating(struct ldb_module *module, */ replmd_ldb_message_sort(msg, schema); - ldb_set_timeout_from_prev_req(module->ldb, req, down_req); - - /* go on with the call chain */ - ret = ldb_next_request(module, down_req); - - /* do not free down_req as the call results may be linked to it, - * it will be freed when the upper level request get freed */ - if (ret == LDB_SUCCESS) { - req->handle = down_req->handle; + ret = ldb_build_add_req(&down_req, module->ldb, ac, + msg, + req->controls, + ac, replmd_op_callback, + req); + if (ret != LDB_SUCCESS) { + return ret; } - return ret; -} - -static int replmd_add(struct ldb_module *module, struct ldb_request *req) -{ - return replmd_prepare_originating(module, req, req->op.add.message->dn, - "replmd_add", replmd_add_originating); + /* go on with the call chain */ + return ldb_next_request(module, down_req); } -static int replmd_modify_originating(struct ldb_module *module, - struct ldb_request *req, - const struct dsdb_schema *schema) +static int replmd_modify(struct ldb_module *module, struct ldb_request *req) { + struct replmd_replicated_request *ac; + const struct dsdb_schema *schema; struct ldb_request *down_req; struct ldb_message *msg; int ret; time_t t = time(NULL); uint64_t seq_num; - ldb_debug(module->ldb, LDB_DEBUG_TRACE, "replmd_modify_originating\n"); + /* do not manipulate our control entries */ + if (ldb_dn_is_special(req->op.mod.message->dn)) { + return ldb_next_request(module, req); + } + + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "replmd_modify\n"); + + schema = dsdb_get_schema(module->ldb); + if (!schema) { + ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, + "replmd_modify: no dsdb_schema loaded"); + return LDB_ERR_CONSTRAINT_VIOLATION; + } - down_req = talloc(req, struct ldb_request); - if (down_req == NULL) { + ac = replmd_ctx_init(module, req); + if (!ac) { return LDB_ERR_OPERATIONS_ERROR; } - *down_req = *req; + ac->schema = schema; /* we have to copy the message as the caller might have it as a const */ - down_req->op.mod.message = msg = ldb_msg_copy_shallow(down_req, req->op.mod.message); + msg = ldb_msg_copy_shallow(ac, req->op.mod.message); if (msg == NULL) { - talloc_free(down_req); + talloc_free(ac); return LDB_ERR_OPERATIONS_ERROR; } @@ -525,7 +496,7 @@ static int replmd_modify_originating(struct ldb_module *module, */ if (add_time_element(msg, "whenChanged", t) != 0) { - talloc_free(down_req); + talloc_free(ac); return LDB_ERR_OPERATIONS_ERROR; } @@ -533,7 +504,7 @@ static int replmd_modify_originating(struct ldb_module *module, ret = ldb_sequence_number(module->ldb, LDB_SEQ_NEXT, &seq_num); if (ret == LDB_SUCCESS) { if (add_uint64_element(msg, "uSNChanged", seq_num) != 0) { - talloc_free(down_req); + talloc_free(ac); return LDB_ERR_OPERATIONS_ERROR; } } @@ -543,96 +514,71 @@ static int replmd_modify_originating(struct ldb_module *module, * - replace the old object with the newly constructed one */ - ldb_set_timeout_from_prev_req(module->ldb, req, down_req); - - /* go on with the call chain */ - ret = ldb_next_request(module, down_req); - - /* do not free down_req as the call results may be linked to it, - * it will be freed when the upper level request get freed */ - if (ret == LDB_SUCCESS) { - req->handle = down_req->handle; - } - - return ret; -} - -static int replmd_modify(struct ldb_module *module, struct ldb_request *req) -{ - return replmd_prepare_originating(module, req, req->op.mod.message->dn, - "replmd_modify", replmd_modify_originating); -} - -static int replmd_replicated_request_reply_helper(struct replmd_replicated_request *ar, int ret) -{ - struct ldb_reply *ares = NULL; - - ar->handle->status = ret; - ar->handle->state = LDB_ASYNC_DONE; - - if (!ar->orig_req->callback) { - return LDB_SUCCESS; - } - - /* we're done and need to report the success to the caller */ - ares = talloc_zero(ar, struct ldb_reply); - if (!ares) { - ar->handle->status = LDB_ERR_OPERATIONS_ERROR; - ar->handle->state = LDB_ASYNC_DONE; - return LDB_ERR_OPERATIONS_ERROR; + ret = ldb_build_mod_req(&down_req, module->ldb, ac, + msg, + req->controls, + ac, replmd_op_callback, + req); + if (ret != LDB_SUCCESS) { + return ret; } + talloc_steal(down_req, msg); - ares->type = LDB_REPLY_EXTENDED; - ares->response = NULL; - - return ar->orig_req->callback(ar->module->ldb, ar->orig_req->context, ares); -} - -static int replmd_replicated_request_done(struct replmd_replicated_request *ar) -{ - return replmd_replicated_request_reply_helper(ar, LDB_SUCCESS); + /* go on with the call chain */ + return ldb_next_request(module, down_req); } static int replmd_replicated_request_error(struct replmd_replicated_request *ar, int ret) { - return replmd_replicated_request_reply_helper(ar, ret); + return ret; } static int replmd_replicated_request_werror(struct replmd_replicated_request *ar, WERROR status) { int ret = LDB_ERR_OTHER; /* TODO: do some error mapping */ - return replmd_replicated_request_reply_helper(ar, ret); + return ret; } static int replmd_replicated_apply_next(struct replmd_replicated_request *ar); -static int replmd_replicated_apply_add_callback(struct ldb_context *ldb, - void *private_data, +static int replmd_replicated_apply_add_callback(struct ldb_request *req, struct ldb_reply *ares) { -#ifdef REPLMD_FULL_ASYNC /* TODO: activate this code when ldb support full async code */ - struct replmd_replicated_request *ar = talloc_get_type(private_data, + struct replmd_replicated_request *ar = talloc_get_type(req->context, struct replmd_replicated_request); + int ret; - ar->sub.change_ret = ldb_wait(ar->sub.search_req->handle, LDB_WAIT_ALL); - if (ar->sub.change_ret != LDB_SUCCESS) { - return replmd_replicated_request_error(ar, ar->sub.change_ret); + + if (!ares) { + return ldb_module_done(ar->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ar->req, ares->controls, + ares->response, ares->error); } - talloc_free(ar->sub.mem_ctx); - ZERO_STRUCT(ar->sub); + if (ares->type != LDB_REPLY_DONE) { + ldb_set_errstring(ar->module->ldb, "Invalid reply type\n!"); + return ldb_module_done(ar->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + talloc_free(ares); ar->index_current++; - return replmd_replicated_apply_next(ar); -#else + ret = replmd_replicated_apply_next(ar); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ar->req, NULL, NULL, ret); + } + return LDB_SUCCESS; -#endif } static int replmd_replicated_apply_add(struct replmd_replicated_request *ar) { + struct ldb_request *change_req; enum ndr_err_code ndr_err; struct ldb_message *msg; struct replPropertyMetaDataBlob *md; @@ -699,39 +645,17 @@ static int replmd_replicated_apply_add(struct replmd_replicated_request *ar) replmd_ldb_message_sort(msg, ar->schema); - ret = ldb_build_add_req(&ar->sub.change_req, + ret = ldb_build_add_req(&change_req, ar->module->ldb, - ar->sub.mem_ctx, + ar, msg, ar->controls, ar, - replmd_replicated_apply_add_callback); + replmd_replicated_apply_add_callback, + ar->req); if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret); -#ifdef REPLMD_FULL_ASYNC /* TODO: activate this code when ldb support full async code */ - return ldb_next_request(ar->module, ar->sub.change_req); -#else - ret = ldb_next_request(ar->module, ar->sub.change_req); - if (ret != LDB_SUCCESS) { - ldb_asprintf_errstring(ar->module->ldb, "Failed to add replicated object %s: %s", ldb_dn_get_linearized(ar->sub.change_req->op.add.message->dn), - ldb_errstring(ar->module->ldb)); - return replmd_replicated_request_error(ar, ret); - } - - ar->sub.change_ret = ldb_wait(ar->sub.change_req->handle, LDB_WAIT_ALL); - if (ar->sub.change_ret != LDB_SUCCESS) { - ldb_asprintf_errstring(ar->module->ldb, "Failed while waiting on add replicated object %s: %s", ldb_dn_get_linearized(ar->sub.change_req->op.add.message->dn), - ldb_errstring(ar->module->ldb)); - return replmd_replicated_request_error(ar, ar->sub.change_ret); - } - - talloc_free(ar->sub.mem_ctx); - ZERO_STRUCT(ar->sub); - - ar->index_current++; - - return LDB_SUCCESS; -#endif + return ldb_next_request(ar->module, change_req); } static int replmd_replPropertyMetaData1_conflict_compare(struct replPropertyMetaData1 *m1, @@ -755,35 +679,42 @@ static int replmd_replPropertyMetaData1_conflict_compare(struct replPropertyMeta return m1->originating_usn - m2->originating_usn; } -static int replmd_replicated_apply_merge_callback(struct ldb_context *ldb, - void *private_data, +static int replmd_replicated_apply_merge_callback(struct ldb_request *req, struct ldb_reply *ares) { -#ifdef REPLMD_FULL_ASYNC /* TODO: activate this code when ldb support full async code */ - struct replmd_replicated_request *ar = talloc_get_type(private_data, + struct replmd_replicated_request *ar = talloc_get_type(req->context, struct replmd_replicated_request); + int ret; - ret = ldb_next_request(ar->module, ar->sub.change_req); - if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret); - - ar->sub.change_ret = ldb_wait(ar->sub.search_req->handle, LDB_WAIT_ALL); - if (ar->sub.change_ret != LDB_SUCCESS) { - return replmd_replicated_request_error(ar, ar->sub.change_ret); + if (!ares) { + return ldb_module_done(ar->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ar->req, ares->controls, + ares->response, ares->error); } - talloc_free(ar->sub.mem_ctx); - ZERO_STRUCT(ar->sub); + if (ares->type != LDB_REPLY_DONE) { + ldb_set_errstring(ar->module->ldb, "Invalid reply type\n!"); + return ldb_module_done(ar->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + talloc_free(ares); ar->index_current++; + ret = replmd_replicated_apply_next(ar); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ar->req, NULL, NULL, ret); + } + return LDB_SUCCESS; -#else - return LDB_SUCCESS; -#endif } static int replmd_replicated_apply_merge(struct replmd_replicated_request *ar) { + struct ldb_request *change_req; enum ndr_err_code ndr_err; struct ldb_message *msg; struct replPropertyMetaDataBlob *rmd; @@ -804,11 +735,11 @@ static int replmd_replicated_apply_merge(struct replmd_replicated_request *ar) /* * TODO: add rename conflict handling */ - if (ldb_dn_compare(msg->dn, ar->sub.search_msg->dn) != 0) { + if (ldb_dn_compare(msg->dn, ar->search_msg->dn) != 0) { ldb_debug_set(ar->module->ldb, LDB_DEBUG_FATAL, "replmd_replicated_apply_merge[%u]: rename not supported", ar->index_current); ldb_debug(ar->module->ldb, LDB_DEBUG_FATAL, "%s => %s\n", - ldb_dn_get_linearized(ar->sub.search_msg->dn), + ldb_dn_get_linearized(ar->search_msg->dn), ldb_dn_get_linearized(msg->dn)); return replmd_replicated_request_werror(ar, WERR_NOT_SUPPORTED); } @@ -819,9 +750,9 @@ static int replmd_replicated_apply_merge(struct replmd_replicated_request *ar) } /* find existing meta data */ - omd_value = ldb_msg_find_ldb_val(ar->sub.search_msg, "replPropertyMetaData"); + omd_value = ldb_msg_find_ldb_val(ar->search_msg, "replPropertyMetaData"); if (omd_value) { - ndr_err = ndr_pull_struct_blob(omd_value, ar->sub.mem_ctx, + ndr_err = ndr_pull_struct_blob(omd_value, ar, lp_iconv_convenience(ldb_get_opaque(ar->module->ldb, "loadparm")), &omd, (ndr_pull_flags_fn_t)ndr_pull_replPropertyMetaDataBlob); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { @@ -837,7 +768,7 @@ static int replmd_replicated_apply_merge(struct replmd_replicated_request *ar) ZERO_STRUCT(nmd); nmd.version = 1; nmd.ctr.ctr1.count = omd.ctr.ctr1.count + rmd->ctr.ctr1.count; - nmd.ctr.ctr1.array = talloc_array(ar->sub.mem_ctx, + nmd.ctr.ctr1.array = talloc_array(ar, struct replPropertyMetaData1, nmd.ctr.ctr1.count); if (!nmd.ctr.ctr1.array) return replmd_replicated_request_werror(ar, WERR_NOMEM); @@ -920,14 +851,16 @@ static int replmd_replicated_apply_merge(struct replmd_replicated_request *ar) if (msg->num_elements == 0) { ldb_debug(ar->module->ldb, LDB_DEBUG_TRACE, "replmd_replicated_apply_merge[%u]: skip replace\n", ar->index_current); - goto next_object; + + ar->index_current++; + return replmd_replicated_apply_next(ar); } ldb_debug(ar->module->ldb, LDB_DEBUG_TRACE, "replmd_replicated_apply_merge[%u]: replace %u attributes\n", ar->index_current, msg->num_elements); /* - * when we now that we'll modify the record, add the whenChanged, uSNChanged + * when we know that we'll modify the record, add the whenChanged, uSNChanged * and replPopertyMetaData attributes */ ret = ldb_msg_add_string(msg, "whenChanged", ar->objs->objects[ar->index_current].when_changed); @@ -950,150 +883,123 @@ static int replmd_replicated_apply_merge(struct replmd_replicated_request *ar) msg->elements[i].flags = LDB_FLAG_MOD_REPLACE; } - ret = ldb_build_mod_req(&ar->sub.change_req, + ret = ldb_build_mod_req(&change_req, ar->module->ldb, - ar->sub.mem_ctx, + ar, msg, ar->controls, ar, - replmd_replicated_apply_merge_callback); + replmd_replicated_apply_merge_callback, + ar->req); if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret); -#ifdef REPLMD_FULL_ASYNC /* TODO: activate this code when ldb support full async code */ - return ldb_next_request(ar->module, ar->sub.change_req); -#else - ret = ldb_next_request(ar->module, ar->sub.change_req); - if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret); - - ar->sub.change_ret = ldb_wait(ar->sub.change_req->handle, LDB_WAIT_ALL); - if (ar->sub.change_ret != LDB_SUCCESS) { - return replmd_replicated_request_error(ar, ar->sub.change_ret); - } - -next_object: - talloc_free(ar->sub.mem_ctx); - ZERO_STRUCT(ar->sub); - - ar->index_current++; - - return LDB_SUCCESS; -#endif + return ldb_next_request(ar->module, change_req); } -static int replmd_replicated_apply_search_callback(struct ldb_context *ldb, - void *private_data, +static int replmd_replicated_apply_search_callback(struct ldb_request *req, struct ldb_reply *ares) { - struct replmd_replicated_request *ar = talloc_get_type(private_data, + struct replmd_replicated_request *ar = talloc_get_type(req->context, struct replmd_replicated_request); - bool is_done = false; + int ret; + + if (!ares) { + return ldb_module_done(ar->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS && + ares->error != LDB_ERR_NO_SUCH_OBJECT) { + return ldb_module_done(ar->req, ares->controls, + ares->response, ares->error); + } switch (ares->type) { case LDB_REPLY_ENTRY: - ar->sub.search_msg = talloc_steal(ar->sub.mem_ctx, ares->message); + ar->search_msg = talloc_steal(ar, ares->message); break; + case LDB_REPLY_REFERRAL: /* we ignore referrals */ break; - case LDB_REPLY_EXTENDED: - case LDB_REPLY_DONE: - is_done = true; - } - talloc_free(ares); - -#ifdef REPLMD_FULL_ASYNC /* TODO: activate this code when ldb support full async code */ - if (is_done) { - ar->sub.search_ret = ldb_wait(ar->sub.search_req->handle, LDB_WAIT_ALL); - if (ar->sub.search_ret != LDB_SUCCESS) { - return replmd_replicated_request_error(ar, ar->sub.search_ret); + case LDB_REPLY_DONE: + if (ar->search_msg != NULL) { + ret = replmd_replicated_apply_merge(ar); + } else { + ret = replmd_replicated_apply_add(ar); } - if (ar->sub.search_msg) { - return replmd_replicated_apply_merge(ar); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ar->req, NULL, NULL, ret); } - return replmd_replicated_apply_add(ar); } -#endif + + talloc_free(ares); return LDB_SUCCESS; } -static int replmd_replicated_apply_search(struct replmd_replicated_request *ar) +static int replmd_replicated_uptodate_vector(struct replmd_replicated_request *ar); + +static int replmd_replicated_apply_next(struct replmd_replicated_request *ar) { int ret; char *tmp_str; char *filter; + struct ldb_request *search_req; - tmp_str = ldb_binary_encode(ar->sub.mem_ctx, ar->objs->objects[ar->index_current].guid_value); + if (ar->index_current >= ar->objs->num_objects) { + /* done with it, go to the last op */ + return replmd_replicated_uptodate_vector(ar); + } + + ar->search_msg = NULL; + + tmp_str = ldb_binary_encode(ar, ar->objs->objects[ar->index_current].guid_value); if (!tmp_str) return replmd_replicated_request_werror(ar, WERR_NOMEM); - filter = talloc_asprintf(ar->sub.mem_ctx, "(objectGUID=%s)", tmp_str); + filter = talloc_asprintf(ar, "(objectGUID=%s)", tmp_str); if (!filter) return replmd_replicated_request_werror(ar, WERR_NOMEM); talloc_free(tmp_str); - ret = ldb_build_search_req(&ar->sub.search_req, + ret = ldb_build_search_req(&search_req, ar->module->ldb, - ar->sub.mem_ctx, + ar, ar->objs->partition_dn, LDB_SCOPE_SUBTREE, filter, NULL, NULL, ar, - replmd_replicated_apply_search_callback); - if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret); - -#ifdef REPLMD_FULL_ASYNC /* TODO: activate this code when ldb support full async code */ - return ldb_next_request(ar->module, ar->sub.search_req); -#else - ret = ldb_next_request(ar->module, ar->sub.search_req); + replmd_replicated_apply_search_callback, + ar->req); if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret); - ar->sub.search_ret = ldb_wait(ar->sub.search_req->handle, LDB_WAIT_ALL); - if (ar->sub.search_ret != LDB_SUCCESS && ar->sub.search_ret != LDB_ERR_NO_SUCH_OBJECT) { - return replmd_replicated_request_error(ar, ar->sub.search_ret); - } - if (ar->sub.search_msg) { - return replmd_replicated_apply_merge(ar); - } - - return replmd_replicated_apply_add(ar); -#endif + return ldb_next_request(ar->module, search_req); } -static int replmd_replicated_apply_next(struct replmd_replicated_request *ar) -{ -#ifdef REPLMD_FULL_ASYNC /* TODO: activate this code when ldb support full async code */ - if (ar->index_current >= ar->objs->num_objects) { - return replmd_replicated_uptodate_vector(ar); - } -#endif - - ar->sub.mem_ctx = talloc_new(ar); - if (!ar->sub.mem_ctx) return replmd_replicated_request_werror(ar, WERR_NOMEM); - - return replmd_replicated_apply_search(ar); -} - -static int replmd_replicated_uptodate_modify_callback(struct ldb_context *ldb, - void *private_data, +static int replmd_replicated_uptodate_modify_callback(struct ldb_request *req, struct ldb_reply *ares) { -#ifdef REPLMD_FULL_ASYNC /* TODO: activate this code when ldb support full async code */ - struct replmd_replicated_request *ar = talloc_get_type(private_data, + struct replmd_replicated_request *ar = talloc_get_type(req->context, struct replmd_replicated_request); - ar->sub.change_ret = ldb_wait(ar->sub.search_req->handle, LDB_WAIT_ALL); - if (ar->sub.change_ret != LDB_SUCCESS) { - return replmd_replicated_request_error(ar, ar->sub.change_ret); + if (!ares) { + return ldb_module_done(ar->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ar->req, ares->controls, + ares->response, ares->error); } - talloc_free(ar->sub.mem_ctx); - ZERO_STRUCT(ar->sub); + if (ares->type != LDB_REPLY_DONE) { + ldb_set_errstring(ar->module->ldb, "Invalid reply type\n!"); + return ldb_module_done(ar->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } - return replmd_replicated_request_done(ar); -#else - return LDB_SUCCESS; -#endif + talloc_free(ares); + + return ldb_module_done(ar->req, NULL, NULL, LDB_SUCCESS); } static int replmd_drsuapi_DsReplicaCursor2_compare(const struct drsuapi_DsReplicaCursor2 *c1, @@ -1104,6 +1010,7 @@ static int replmd_drsuapi_DsReplicaCursor2_compare(const struct drsuapi_DsReplic static int replmd_replicated_uptodate_modify(struct replmd_replicated_request *ar) { + struct ldb_request *change_req; enum ndr_err_code ndr_err; struct ldb_message *msg; struct replUpToDateVectorBlob ouv; @@ -1145,9 +1052,9 @@ static int replmd_replicated_uptodate_modify(struct replmd_replicated_request *a /* * first create the new replUpToDateVector */ - ouv_value = ldb_msg_find_ldb_val(ar->sub.search_msg, "replUpToDateVector"); + ouv_value = ldb_msg_find_ldb_val(ar->search_msg, "replUpToDateVector"); if (ouv_value) { - ndr_err = ndr_pull_struct_blob(ouv_value, ar->sub.mem_ctx, + ndr_err = ndr_pull_struct_blob(ouv_value, ar, lp_iconv_convenience(ldb_get_opaque(ar->module->ldb, "loadparm")), &ouv, (ndr_pull_flags_fn_t)ndr_pull_replUpToDateVectorBlob); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { @@ -1168,7 +1075,7 @@ static int replmd_replicated_uptodate_modify(struct replmd_replicated_request *a */ nuv.ctr.ctr2.count = 1 + ouv.ctr.ctr2.count; if (ruv) nuv.ctr.ctr2.count += ruv->count; - nuv.ctr.ctr2.cursors = talloc_array(ar->sub.mem_ctx, + nuv.ctr.ctr2.cursors = talloc_array(ar, struct drsuapi_DsReplicaCursor2, nuv.ctr.ctr2.count); if (!nuv.ctr.ctr2.cursors) return replmd_replicated_request_werror(ar, WERR_NOMEM); @@ -1269,9 +1176,9 @@ static int replmd_replicated_uptodate_modify(struct replmd_replicated_request *a /* * create the change ldb_message */ - msg = ldb_msg_new(ar->sub.mem_ctx); + msg = ldb_msg_new(ar); if (!msg) return replmd_replicated_request_werror(ar, WERR_NOMEM); - msg->dn = ar->sub.search_msg->dn; + msg->dn = ar->search_msg->dn; ndr_err = ndr_push_struct_blob(&nuv_value, msg, lp_iconv_convenience(ldb_get_opaque(ar->module->ldb, "loadparm")), @@ -1304,12 +1211,12 @@ static int replmd_replicated_uptodate_modify(struct replmd_replicated_request *a * first see if we already have a repsFrom value for the current source dsa * if so we'll later replace this value */ - orf_el = ldb_msg_find_element(ar->sub.search_msg, "repsFrom"); + orf_el = ldb_msg_find_element(ar->search_msg, "repsFrom"); if (orf_el) { for (i=0; i < orf_el->num_values; i++) { struct repsFromToBlob *trf; - trf = talloc(ar->sub.mem_ctx, struct repsFromToBlob); + trf = talloc(ar, struct repsFromToBlob); if (!trf) return replmd_replicated_request_werror(ar, WERR_NOMEM); ndr_err = ndr_pull_struct_blob(&orf_el->values[i], trf, lp_iconv_convenience(ldb_get_opaque(ar->module->ldb, "loadparm")), trf, @@ -1378,72 +1285,62 @@ static int replmd_replicated_uptodate_modify(struct replmd_replicated_request *a nrf_el->flags = LDB_FLAG_MOD_REPLACE; /* prepare the ldb_modify() request */ - ret = ldb_build_mod_req(&ar->sub.change_req, + ret = ldb_build_mod_req(&change_req, ar->module->ldb, - ar->sub.mem_ctx, + ar, msg, ar->controls, ar, - replmd_replicated_uptodate_modify_callback); + replmd_replicated_uptodate_modify_callback, + ar->req); if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret); -#ifdef REPLMD_FULL_ASYNC /* TODO: activate this code when ldb support full async code */ - return ldb_next_request(ar->module, ar->sub.change_req); -#else - ret = ldb_next_request(ar->module, ar->sub.change_req); - if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret); - - ar->sub.change_ret = ldb_wait(ar->sub.search_req->handle, LDB_WAIT_ALL); - if (ar->sub.change_ret != LDB_SUCCESS) { - return replmd_replicated_request_error(ar, ar->sub.change_ret); - } - - talloc_free(ar->sub.mem_ctx); - ZERO_STRUCT(ar->sub); - - return replmd_replicated_request_done(ar); -#endif + return ldb_next_request(ar->module, change_req); } -static int replmd_replicated_uptodate_search_callback(struct ldb_context *ldb, - void *private_data, +static int replmd_replicated_uptodate_search_callback(struct ldb_request *req, struct ldb_reply *ares) { - struct replmd_replicated_request *ar = talloc_get_type(private_data, + struct replmd_replicated_request *ar = talloc_get_type(req->context, struct replmd_replicated_request); - bool is_done = false; + int ret; + + if (!ares) { + return ldb_module_done(ar->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS && + ares->error != LDB_ERR_NO_SUCH_OBJECT) { + return ldb_module_done(ar->req, ares->controls, + ares->response, ares->error); + } switch (ares->type) { case LDB_REPLY_ENTRY: - ar->sub.search_msg = talloc_steal(ar->sub.mem_ctx, ares->message); + ar->search_msg = talloc_steal(ar, ares->message); break; + case LDB_REPLY_REFERRAL: /* we ignore referrals */ break; - case LDB_REPLY_EXTENDED: - case LDB_REPLY_DONE: - is_done = true; - } - - talloc_free(ares); -#ifdef REPLMD_FULL_ASYNC /* TODO: activate this code when ldb support full async code */ - if (is_done) { - ar->sub.search_ret = ldb_wait(ar->sub.search_req->handle, LDB_WAIT_ALL); - if (ar->sub.search_ret != LDB_SUCCESS) { - return replmd_replicated_request_error(ar, ar->sub.search_ret); + case LDB_REPLY_DONE: + if (ar->search_msg == NULL) { + ret = replmd_replicated_request_werror(ar, WERR_DS_DRA_INTERNAL_ERROR); + } else { + ret = replmd_replicated_uptodate_modify(ar); } - if (!ar->sub.search_msg) { - return replmd_replicated_request_werror(ar, WERR_DS_DRA_INTERNAL_ERROR); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ar->req, NULL, NULL, ret); } - - return replmd_replicated_uptodate_modify(ar); } -#endif + + talloc_free(ares); return LDB_SUCCESS; } -static int replmd_replicated_uptodate_search(struct replmd_replicated_request *ar) + +static int replmd_replicated_uptodate_vector(struct replmd_replicated_request *ar) { int ret; static const char *attrs[] = { @@ -1451,43 +1348,24 @@ static int replmd_replicated_uptodate_search(struct replmd_replicated_request *a "repsFrom", NULL }; + struct ldb_request *search_req; + + ar->search_msg = NULL; - ret = ldb_build_search_req(&ar->sub.search_req, + ret = ldb_build_search_req(&search_req, ar->module->ldb, - ar->sub.mem_ctx, + ar, ar->objs->partition_dn, LDB_SCOPE_BASE, "(objectClass=*)", attrs, NULL, ar, - replmd_replicated_uptodate_search_callback); - if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret); - -#ifdef REPLMD_FULL_ASYNC /* TODO: activate this code when ldb support full async code */ - return ldb_next_request(ar->module, ar->sub.search_req); -#else - ret = ldb_next_request(ar->module, ar->sub.search_req); + replmd_replicated_uptodate_search_callback, + ar->req); if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret); - ar->sub.search_ret = ldb_wait(ar->sub.search_req->handle, LDB_WAIT_ALL); - if (ar->sub.search_ret != LDB_SUCCESS) { - return replmd_replicated_request_error(ar, ar->sub.search_ret); - } - if (!ar->sub.search_msg) { - return replmd_replicated_request_werror(ar, WERR_DS_DRA_INTERNAL_ERROR); - } - - return replmd_replicated_uptodate_modify(ar); -#endif -} - -static int replmd_replicated_uptodate_vector(struct replmd_replicated_request *ar) -{ - ar->sub.mem_ctx = talloc_new(ar); - if (!ar->sub.mem_ctx) return replmd_replicated_request_werror(ar, WERR_NOMEM); - - return replmd_replicated_uptodate_search(ar); + return ldb_next_request(ar->module, search_req); } static int replmd_extended_replicated_objects(struct ldb_module *module, struct ldb_request *req) @@ -1511,9 +1389,16 @@ static int replmd_extended_replicated_objects(struct ldb_module *module, struct return LDB_ERR_PROTOCOL_ERROR; } - ar = replmd_replicated_init_handle(module, req, objs); - if (!ar) { + ar = replmd_ctx_init(module, req); + if (!ar) return LDB_ERR_OPERATIONS_ERROR; + + ar->objs = objs; + ar->schema = dsdb_get_schema(module->ldb); + if (!ar->schema) { + ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, "replmd_ctx_init: no loaded schema found\n"); + talloc_free(ar); + return LDB_ERR_CONSTRAINT_VIOLATION; } ctrls = req->controls; @@ -1532,20 +1417,7 @@ static int replmd_extended_replicated_objects(struct ldb_module *module, struct ar->controls = req->controls; req->controls = ctrls; -#ifdef REPLMD_FULL_ASYNC /* TODO: activate this code when ldb support full async code */ return replmd_replicated_apply_next(ar); -#else - while (ar->index_current < ar->objs->num_objects && - req->handle->state != LDB_ASYNC_DONE) { - replmd_replicated_apply_next(ar); - } - - if (req->handle->state != LDB_ASYNC_DONE) { - replmd_replicated_uptodate_vector(ar); - } - - return LDB_SUCCESS; -#endif } static int replmd_extended(struct ldb_module *module, struct ldb_request *req) @@ -1557,53 +1429,9 @@ static int replmd_extended(struct ldb_module *module, struct ldb_request *req) return ldb_next_request(module, req); } -static int replmd_wait_none(struct ldb_handle *handle) { - struct replmd_replicated_request *ar; - - if (!handle || !handle->private_data) { - return LDB_ERR_OPERATIONS_ERROR; - } - - ar = talloc_get_type(handle->private_data, struct replmd_replicated_request); - if (!ar) { - return LDB_ERR_OPERATIONS_ERROR; - } - - /* we do only sync calls */ - if (handle->state != LDB_ASYNC_DONE) { - return LDB_ERR_OPERATIONS_ERROR; - } - - return handle->status; -} - -static int replmd_wait_all(struct ldb_handle *handle) { - - int ret; - - while (handle->state != LDB_ASYNC_DONE) { - ret = replmd_wait_none(handle); - if (ret != LDB_SUCCESS) { - return ret; - } - } - - return handle->status; -} - -static int replmd_wait(struct ldb_handle *handle, enum ldb_wait_type type) -{ - if (type == LDB_WAIT_ALL) { - return replmd_wait_all(handle); - } else { - return replmd_wait_none(handle); - } -} - _PUBLIC_ const struct ldb_module_ops ldb_repl_meta_data_module_ops = { .name = "repl_meta_data", .add = replmd_add, .modify = replmd_modify, .extended = replmd_extended, - .wait = replmd_wait }; diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index ebc90d4cf3..0d14a54464 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -4,7 +4,7 @@ rootDSE ldb module Copyright (C) Andrew Tridgell 2005 - Copyright (C) Simo Sorce 2005 + Copyright (C) Simo Sorce 2005-2008 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -221,40 +221,77 @@ failed: struct rootdse_context { struct ldb_module *module; - void *up_context; - int (*up_callback)(struct ldb_context *, void *, struct ldb_reply *); - - const char * const * attrs; + struct ldb_request *req; }; -static int rootdse_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +static struct rootdse_context *rootdse_init_context(struct ldb_module *module, + struct ldb_request *req) +{ + struct rootdse_context *ac; + + ac = talloc_zero(req, struct rootdse_context); + if (ac == NULL) { + ldb_set_errstring(module->ldb, "Out of Memory"); + return NULL; + } + + ac->module = module; + ac->req = req; + + return ac; +} + +static int rootdse_callback(struct ldb_request *req, struct ldb_reply *ares) { struct rootdse_context *ac; + int ret; + + ac = talloc_get_type(req->context, struct rootdse_context); - ac = talloc_get_type(context, struct rootdse_context); + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } - if (ares->type == LDB_REPLY_ENTRY) { + switch (ares->type) { + case LDB_REPLY_ENTRY: /* * if the client explicit asks for the 'netlogon' attribute * the reply_entry needs to be skipped */ - if (ac->attrs && ldb_attr_in_list(ac->attrs, "netlogon")) { + if (ac->req->op.search.attrs && + ldb_attr_in_list(ac->req->op.search.attrs, "netlogon")) { talloc_free(ares); return LDB_SUCCESS; } /* for each record returned post-process to add any dynamic attributes that have been asked for */ - if (rootdse_add_dynamic(ac->module, ares->message, ac->attrs) != LDB_SUCCESS) { - goto error; + ret = rootdse_add_dynamic(ac->module, ares->message, + ac->req->op.search.attrs); + if (ret != LDB_SUCCESS) { + talloc_free(ares); + return ldb_module_done(ac->req, NULL, NULL, ret); } - } - return ac->up_callback(ldb, ac->up_context, ares); + return ldb_module_send_entry(ac->req, ares->message); + + case LDB_REPLY_REFERRAL: + /* should we allow the backend to return referrals in this case + * ?? */ + break; + + case LDB_REPLY_DONE: + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } -error: talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; + return LDB_SUCCESS; } static int rootdse_search(struct ldb_module *module, struct ldb_request *req) @@ -270,48 +307,25 @@ static int rootdse_search(struct ldb_module *module, struct ldb_request *req) return ldb_next_request(module, req); } - ac = talloc(req, struct rootdse_context); + ac = rootdse_init_context(module, req); if (ac == NULL) { return LDB_ERR_OPERATIONS_ERROR; } - ac->module = module; - ac->up_context = req->context; - ac->up_callback = req->callback; - ac->attrs = req->op.search.attrs; - - down_req = talloc_zero(req, struct ldb_request); - if (down_req == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - - down_req->operation = req->operation; /* in our db we store the rootDSE with a DN of @ROOTDSE */ - down_req->op.search.base = ldb_dn_new(down_req, module->ldb, "@ROOTDSE"); - down_req->op.search.scope = LDB_SCOPE_BASE; - down_req->op.search.tree = ldb_parse_tree(down_req, NULL); - if (down_req->op.search.base == NULL || down_req->op.search.tree == NULL) { - ldb_oom(module->ldb); - talloc_free(down_req); - return LDB_ERR_OPERATIONS_ERROR; - } - down_req->op.search.attrs = req->op.search.attrs; - down_req->controls = req->controls; - - down_req->context = ac; - down_req->callback = rootdse_callback; - ldb_set_timeout_from_prev_req(module->ldb, req, down_req); - - /* perform the search */ - ret = ldb_next_request(module, down_req); - - /* do not free down_req as the call results may be linked to it, - * it will be freed when the upper level request get freed */ - if (ret == LDB_SUCCESS) { - req->handle = down_req->handle; + ret = ldb_build_search_req(&down_req, module->ldb, ac, + ldb_dn_new(ac, module->ldb, "@ROOTDSE"), + LDB_SCOPE_BASE, + NULL, + req->op.search.attrs, + req->controls, + ac, rootdse_callback, + req); + if (ret != LDB_SUCCESS) { + return ret; } - return ret; + return ldb_next_request(module, down_req); } static int rootdse_register_control(struct ldb_module *module, struct ldb_request *req) @@ -332,9 +346,9 @@ static int rootdse_register_control(struct ldb_module *module, struct ldb_reques priv->num_controls += 1; priv->controls = list; - return LDB_SUCCESS; + return ldb_module_done(req, NULL, NULL, LDB_SUCCESS); } - + static int rootdse_register_partition(struct ldb_module *module, struct ldb_request *req) { struct private_data *priv = talloc_get_type(module->private_data, struct private_data); @@ -353,9 +367,9 @@ static int rootdse_register_partition(struct ldb_module *module, struct ldb_requ priv->num_partitions += 1; priv->partitions = list; - return LDB_SUCCESS; + return ldb_module_done(req, NULL, NULL, LDB_SUCCESS); } - + static int rootdse_request(struct ldb_module *module, struct ldb_request *req) { diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index cf720669b9..e4fc4908a4 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -1,8 +1,8 @@ -/* +/* SAM ldb module - Copyright (C) Simo Sorce 2004 Copyright (C) Andrew Bartlett 2005 + Copyright (C) Simo Sorce 2004-2008 * NOTICE: this module is NOT released under the GNU LGPL license as * other ldb code. This module is release under the GNU GPL v3 or @@ -12,12 +12,12 @@ it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see . */ @@ -37,728 +37,1305 @@ #include "lib/ldb/include/ldb_errors.h" #include "lib/ldb/include/ldb.h" #include "lib/ldb/include/ldb_private.h" +#include "lib/events/events.h" #include "dsdb/samdb/samdb.h" #include "libcli/security/security.h" #include "librpc/gen_ndr/ndr_security.h" #include "util/util_ldb.h" +#include "ldb_wrap.h" + +struct samldb_ctx; + +typedef int (*samldb_step_fn_t)(struct samldb_ctx *); + +struct samldb_step { + struct samldb_step *next; + samldb_step_fn_t fn; +}; + +struct samldb_ctx { + struct ldb_module *module; + struct ldb_request *req; -int samldb_notice_sid(struct ldb_module *module, - TALLOC_CTX *mem_ctx, const struct dom_sid *sid); + /* the resulting message */ + struct ldb_message *msg; + + /* used to apply templates */ + const char *type; + + /* used to find parent domain */ + struct ldb_dn *check_dn; + struct ldb_dn *domain_dn; + struct dom_sid *domain_sid; + uint32_t next_rid; + + /* generic storage, remember to zero it before use */ + struct ldb_reply *ares; + + /* holds the entry SID */ + struct dom_sid *sid; + + /* all the async steps necessary to complete the operation */ + struct samldb_step *steps; + struct samldb_step *curstep; +}; -static bool samldb_msg_add_sid(struct ldb_module *module, struct ldb_message *msg, const char *name, const struct dom_sid *sid) +struct samldb_ctx *samldb_ctx_init(struct ldb_module *module, + struct ldb_request *req) { - struct ldb_val v; - enum ndr_err_code ndr_err; + struct samldb_ctx *ac; - ndr_err = ndr_push_struct_blob(&v, msg, NULL, sid, - (ndr_push_flags_fn_t)ndr_push_dom_sid); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - return false; + ac = talloc_zero(req, struct samldb_ctx); + if (ac == NULL) { + ldb_oom(module->ldb); + return NULL; } - return (ldb_msg_add_value(msg, name, &v, NULL) == 0); + + ac->module = module; + ac->req = req; + + return ac; } -/* - allocate a new id, attempting to do it atomically - return 0 on failure, the id on success -*/ -static int samldb_set_next_rid(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, - struct ldb_dn *dn, uint32_t old_id, uint32_t new_id) +static int samldb_add_step(struct samldb_ctx *ac, samldb_step_fn_t fn) { - struct ldb_message msg; - int ret; - struct ldb_val vals[2]; - struct ldb_message_element els[2]; + struct samldb_step *step; - if (new_id == 0) { - /* out of IDs ! */ - ldb_set_errstring(ldb, "Are we out of valid IDs ?\n"); + step = talloc_zero(ac, struct samldb_step); + if (step == NULL) { return LDB_ERR_OPERATIONS_ERROR; } - /* we do a delete and add as a single operation. That prevents - a race, in case we are not actually on a transaction db */ - ZERO_STRUCT(msg); - msg.dn = ldb_dn_copy(mem_ctx, dn); - if (!msg.dn) { - ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; + if (ac->steps == NULL) { + ac->steps = step; + ac->curstep = step; + } else { + ac->curstep->next = step; + ac->curstep = step; } - msg.num_elements = 2; - msg.elements = els; - els[0].num_values = 1; - els[0].values = &vals[0]; - els[0].flags = LDB_FLAG_MOD_DELETE; - els[0].name = talloc_strdup(mem_ctx, "nextRid"); - if (!els[0].name) { - ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; - } + step->fn = fn; - els[1].num_values = 1; - els[1].values = &vals[1]; - els[1].flags = LDB_FLAG_MOD_ADD; - els[1].name = els[0].name; + return LDB_SUCCESS; +} - vals[0].data = (uint8_t *)talloc_asprintf(mem_ctx, "%u", old_id); - if (!vals[0].data) { - ldb_oom(ldb); +static int samldb_first_step(struct samldb_ctx *ac) +{ + if (ac->steps == NULL) { return LDB_ERR_OPERATIONS_ERROR; } - vals[0].length = strlen((char *)vals[0].data); - vals[1].data = (uint8_t *)talloc_asprintf(mem_ctx, "%u", new_id); - if (!vals[1].data) { - ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; + ac->curstep = ac->steps; + return ac->curstep->fn(ac); +} + +static int samldb_next_step(struct samldb_ctx *ac) +{ + if (ac->curstep->next) { + ac->curstep = ac->curstep->next; + return ac->curstep->fn(ac); } - vals[1].length = strlen((char *)vals[1].data); - ret = ldb_modify(ldb, &msg); - return ret; + /* it is an error if the last step does not properly + * return to the upper module by itself */ + return LDB_ERR_OPERATIONS_ERROR; } -/* - allocate a new id, attempting to do it atomically - return 0 on failure, the id on success -*/ -static int samldb_find_next_rid(struct ldb_module *module, TALLOC_CTX *mem_ctx, - struct ldb_dn *dn, uint32_t *old_rid) +static int samldb_search_template_callback(struct ldb_request *req, + struct ldb_reply *ares) { - const char * const attrs[2] = { "nextRid", NULL }; - struct ldb_result *res = NULL; + struct samldb_ctx *ac; int ret; - const char *str; - ret = ldb_search(module->ldb, mem_ctx, &res, dn, LDB_SCOPE_BASE, attrs, "nextRid=*"); - if (ret != LDB_SUCCESS) { - return ret; + ac = talloc_get_type(req->context, struct samldb_ctx); + + if (!ares) { + ret = LDB_ERR_OPERATIONS_ERROR; + goto done; } - if (res->count != 1) { - talloc_free(res); - return LDB_ERR_OPERATIONS_ERROR; + if (ares->error != LDB_SUCCESS) { +#ifdef REAL_EVENT_SYSTEM_HOOKED_UP + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); +#else + return ldb_request_done(req, ares->error); +#endif } - str = ldb_msg_find_attr_as_string(res->msgs[0], "nextRid", NULL); - if (str == NULL) { - ldb_asprintf_errstring(module->ldb, - "attribute nextRid not found in %s\n", - ldb_dn_get_linearized(dn)); - talloc_free(res); - return LDB_ERR_OPERATIONS_ERROR; + switch (ares->type) { + case LDB_REPLY_ENTRY: + /* save entry */ + if (ac->ares != NULL) { + /* one too many! */ + ldb_set_errstring(ac->module->ldb, + "Invalid number of results while searching " + "for template objects"); + ret = LDB_ERR_OPERATIONS_ERROR; + goto done; + } + + ac->ares = talloc_steal(ac, ares); + ret = LDB_SUCCESS; + break; + + case LDB_REPLY_REFERRAL: + /* ignore */ + talloc_free(ares); + ret = LDB_SUCCESS; + break; + + case LDB_REPLY_DONE: + + talloc_free(ares); +#ifdef REAL_EVENT_SYSTEM_HOOKED_UP + ret = samldb_next_step(ac); +#else + return ldb_request_done(req, LDB_SUCCESS); +#endif + break; + } + +done: + if (ret != LDB_SUCCESS) { +#ifdef REAL_EVENT_SYSTEM_HOOKED_UP + return ldb_module_done(ac->req, NULL, NULL, ret); +#else + return ldb_request_done(req, ret); +#endif } - *old_rid = strtol(str, NULL, 0); - talloc_free(res); return LDB_SUCCESS; } -static int samldb_allocate_next_rid(struct ldb_module *module, TALLOC_CTX *mem_ctx, - struct ldb_dn *dn, const struct dom_sid *dom_sid, - struct dom_sid **new_sid) +static int samldb_search_template(struct samldb_ctx *ac) { - struct dom_sid *obj_sid; - uint32_t old_rid; + struct event_context *ev; + struct loadparm_context *lparm_ctx; + struct ldb_context *templates_ldb; + char *templates_ldb_path; + struct ldb_request *req; + struct ldb_dn *basedn; + void *opaque; int ret; - - ret = samldb_find_next_rid(module, mem_ctx, dn, &old_rid); - if (ret) { - return ret; + + opaque = ldb_get_opaque(ac->module->ldb, "loadparm"); + lparm_ctx = talloc_get_type(opaque, struct loadparm_context); + if (lparm_ctx == NULL) { + ldb_set_errstring(ac->module->ldb, + "Unable to find loadparm context\n"); + return LDB_ERR_OPERATIONS_ERROR; } - - /* return the new object sid */ - obj_sid = dom_sid_add_rid(mem_ctx, dom_sid, old_rid); - - *new_sid = dom_sid_add_rid(mem_ctx, dom_sid, old_rid + 1); - if (!*new_sid) { + + opaque = ldb_get_opaque(ac->module->ldb, "templates_ldb"); + templates_ldb = talloc_get_type(opaque, struct ldb_context); + + /* make sure we have the templates ldb */ + if (!templates_ldb) { + templates_ldb_path = samdb_relative_path(ac->module->ldb, ac, + "templates.ldb"); + if (!templates_ldb_path) { + ldb_set_errstring(ac->module->ldb, + "samldb_init_template: ERROR: Failed " + "to contruct path for template db"); + return LDB_ERR_OPERATIONS_ERROR; + } + + /* NOTE: this is a request on a different database! + * + * Therefore we need to do a bloody sync call + * otherwise the fake event queue will never call it + * as it runs on the main ldb context and knows + * nothing about the templates_ldb one */ +#ifdef REAL_EVENT_SYSTEM_HOOKED_UP + ev = ldb_get_event_context(ac->module->ldb); +#else + ev = event_context_init(NULL); +#endif + if (!talloc_reference(templates_ldb, ev)) { + return LDB_ERR_OPERATIONS_ERROR; + } + + templates_ldb = ldb_wrap_connect(ac->module->ldb, ev, + lparm_ctx, templates_ldb_path, + NULL, NULL, 0, NULL); + talloc_free(templates_ldb_path); + + if (!templates_ldb) { + return LDB_ERR_OPERATIONS_ERROR; + } + + ret = ldb_set_opaque(ac->module->ldb, + "templates_ldb", templates_ldb); + if (ret != LDB_SUCCESS) { + return ret; + } + } + + /* search template */ + basedn = ldb_dn_new_fmt(ac, templates_ldb, + "cn=Template%s,cn=Templates", ac->type); + if (basedn == NULL) { + ldb_set_errstring(ac->module->ldb, + "samldb_init_template: ERROR: Failed " + "to contruct DN for template"); return LDB_ERR_OPERATIONS_ERROR; } - ret = samldb_notice_sid(module, mem_ctx, *new_sid); - if (ret != 0) { - /* gah, there are conflicting sids. - * This is a critical situation it means that someone messed up with - * the DB and nextRid is not returning free RIDs, report an error - * and refuse to create any user until the problem is fixed */ - ldb_asprintf_errstring(module->ldb, - "Critical Error: unconsistent DB, unable to retireve an unique RID to generate a new SID: %s", - ldb_errstring(module->ldb)); + /* pull the template record */ + ret = ldb_build_search_req(&req, templates_ldb, ac, + basedn, LDB_SCOPE_BASE, + "(distinguishedName=*)", NULL, + NULL, + ac, samldb_search_template_callback, + ac->req); + if (ret != LDB_SUCCESS) { return ret; } - return ret; + + talloc_steal(req, basedn); + ac->ares = NULL; + + /* NOTE: this is a request on a different database! + * Therefore we need to do a bloody sync call + * otherwise the fake event queue will never call it + * as it runs on the main ldb context and knows + * nothing about the templates_ldb one */ +#ifdef REAL_EVENT_SYSTEM_HOOKED_UP + return ldb_request(templates_ldb, req); +#else + ret = ldb_request(templates_ldb, req); + if (ret != LDB_SUCCESS) { + return ret; + } + ret = ldb_wait(req->handle, LDB_WAIT_ALL); + if (ret != LDB_SUCCESS) { + return ret; + } + + return samldb_next_step(ac); +#endif } -/* search the domain related to the provided dn - allocate a new RID for the domain - return the new sid string -*/ -static int samldb_get_new_sid(struct ldb_module *module, - TALLOC_CTX *mem_ctx, struct ldb_dn *obj_dn, - struct ldb_dn *dom_dn, - struct dom_sid **sid) +static int samldb_apply_template(struct samldb_ctx *ac) +{ + struct ldb_message_element *el; + struct ldb_message *msg; + int i, j; + int ret; + + msg = ac->ares->message; + + for (i = 0; i < msg->num_elements; i++) { + el = &msg->elements[i]; + /* some elements should not be copied */ + if (ldb_attr_cmp(el->name, "cn") == 0 || + ldb_attr_cmp(el->name, "name") == 0 || + ldb_attr_cmp(el->name, "objectClass") == 0 || + ldb_attr_cmp(el->name, "sAMAccountName") == 0 || + ldb_attr_cmp(el->name, "sAMAccountName") == 0 || + ldb_attr_cmp(el->name, "distinguishedName") == 0 || + ldb_attr_cmp(el->name, "objectGUID") == 0) { + continue; + } + for (j = 0; j < el->num_values; j++) { + ret = samdb_find_or_add_attribute( + ac->module->ldb, ac->msg, el->name, + (char *)el->values[j].data); + if (ret != LDB_SUCCESS) { + ldb_set_errstring(ac->module->ldb, + "Failed adding template attribute\n"); + return LDB_ERR_OPERATIONS_ERROR; + } + } + } + + return samldb_next_step(ac); +} + +static int samldb_get_parent_domain(struct samldb_ctx *ac); + +static int samldb_get_parent_domain_callback(struct ldb_request *req, + struct ldb_reply *ares) { - const char * const attrs[2] = { "objectSid", NULL }; - struct ldb_result *res = NULL; + struct samldb_ctx *ac; + const char *nextRid; int ret; - struct dom_sid *dom_sid; - /* get the domain component part of the provided dn */ + ac = talloc_get_type(req->context, struct samldb_ctx); + + if (!ares) { + ret = LDB_ERR_OPERATIONS_ERROR; + goto done; + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + + switch (ares->type) { + case LDB_REPLY_ENTRY: + /* save entry */ + if (ac->domain_dn != NULL) { + /* one too many! */ + ldb_set_errstring(ac->module->ldb, + "Invalid number of results while searching " + "for domain object"); + ret = LDB_ERR_OPERATIONS_ERROR; + break; + } + + nextRid = ldb_msg_find_attr_as_string(ares->message, + "nextRid", NULL); + if (nextRid == NULL) { + ldb_asprintf_errstring(ac->module->ldb, + "attribute nextRid not found in %s\n", + ldb_dn_get_linearized(ares->message->dn)); + ret = LDB_ERR_OPERATIONS_ERROR; + break;; + } + + ac->next_rid = strtol(nextRid, NULL, 0); + + ac->domain_sid = samdb_result_dom_sid(ac, ares->message, + "objectSid"); + if (ac->domain_sid == NULL) { + ldb_set_errstring(ac->module->ldb, + "error retrieving parent domain domain sid!\n"); + ret = LDB_ERR_CONSTRAINT_VIOLATION; + break; + } + ac->domain_dn = talloc_steal(ac, ares->message->dn); + + talloc_free(ares); + ret = LDB_SUCCESS; + break; + + case LDB_REPLY_REFERRAL: + /* ignore */ + talloc_free(ares); + ret = LDB_SUCCESS; + break; + + case LDB_REPLY_DONE: - /* find the domain sid */ + talloc_free(ares); + if (ac->domain_dn == NULL) { + /* search again */ + ret = samldb_get_parent_domain(ac); + } else { + /* found, go on */ + ret = samldb_next_step(ac); + } + break; + } - ret = ldb_search(module->ldb, mem_ctx, &res, dom_dn, LDB_SCOPE_BASE, attrs, "objectSid=*"); +done: if (ret != LDB_SUCCESS) { - ldb_asprintf_errstring(module->ldb, - "samldb_get_new_sid: error retrieving domain sid from %s: %s!\n", - ldb_dn_get_linearized(dom_dn), - ldb_errstring(module->ldb)); - talloc_free(res); - return ret; + return ldb_module_done(ac->req, NULL, NULL, ret); } - if (res->count != 1) { - ldb_asprintf_errstring(module->ldb, - "samldb_get_new_sid: error retrieving domain sid from %s: not found!\n", - ldb_dn_get_linearized(dom_dn)); - talloc_free(res); - return LDB_ERR_CONSTRAINT_VIOLATION; + return LDB_SUCCESS; +} + +/* Find a domain object in the parents of a particular DN. */ +static int samldb_get_parent_domain(struct samldb_ctx *ac) +{ + static const char * const attrs[3] = { "objectSid", "nextRid", NULL }; + struct ldb_request *req; + struct ldb_dn *dn; + int ret; + + if (ac->check_dn == NULL) { + return LDB_ERR_OPERATIONS_ERROR; } - dom_sid = samdb_result_dom_sid(res, res->msgs[0], "objectSid"); - if (dom_sid == NULL) { - ldb_set_errstring(module->ldb, "samldb_get_new_sid: error parsing domain sid!\n"); - talloc_free(res); + dn = ldb_dn_get_parent(ac, ac->check_dn); + if (dn == NULL) { + ldb_set_errstring(ac->module->ldb, + "Unable to find parent domain object"); return LDB_ERR_CONSTRAINT_VIOLATION; } - /* allocate a new Rid for the domain */ - ret = samldb_allocate_next_rid(module, mem_ctx, dom_dn, dom_sid, sid); - if (ret != 0) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "Failed to increment nextRid of %s: %s\n", ldb_dn_get_linearized(dom_dn), ldb_errstring(module->ldb)); - talloc_free(res); + ac->check_dn = dn; + + ret = ldb_build_search_req(&req, ac->module->ldb, ac, + dn, LDB_SCOPE_BASE, + "(|(objectClass=domain)" + "(objectClass=builtinDomain)" + "(objectClass=samba4LocalDomain))", + attrs, + NULL, + ac, samldb_get_parent_domain_callback, + ac->req); + + if (ret != LDB_SUCCESS) { return ret; } - talloc_free(res); + return ldb_next_request(ac->module, req); +} - return ret; +static int samldb_generate_samAccountName(struct ldb_message *msg) +{ + char *name; + + /* Format: $000000-000000000000 */ + + name = talloc_asprintf(msg, "$%.6X-%.6X%.6X", + (unsigned int)generate_random(), + (unsigned int)generate_random(), + (unsigned int)generate_random()); + if (name == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + return ldb_msg_add_steal_string(msg, "samAccountName", name); } -/* If we are adding new users/groups, we need to update the nextRid - * attribute to be 'above' all incoming users RIDs. This tries to - * avoid clashes in future */ +static int samldb_check_samAccountName_callback(struct ldb_request *req, + struct ldb_reply *ares) +{ + struct samldb_ctx *ac; + int ret; + + ac = talloc_get_type(req->context, struct samldb_ctx); + + if (!ares) { + ret = LDB_ERR_OPERATIONS_ERROR; + goto done; + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + + switch (ares->type) { + case LDB_REPLY_ENTRY: + + /* if we get an entry it means this samAccountName + * already exists */ + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_ENTRY_ALREADY_EXISTS); + + case LDB_REPLY_REFERRAL: + /* ignore */ + talloc_free(ares); + ret = LDB_SUCCESS; + break; + + case LDB_REPLY_DONE: + + /* not found, go on */ + talloc_free(ares); + ret = samldb_next_step(ac); + break; + } + +done: + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } -int samldb_notice_sid(struct ldb_module *module, - TALLOC_CTX *mem_ctx, const struct dom_sid *sid) + return LDB_SUCCESS; +} + +static int samldb_check_samAccountName(struct samldb_ctx *ac) { + struct ldb_request *req; + const char *name; + char *filter; int ret; - struct ldb_dn *dom_dn; - struct dom_sid *dom_sid; - const char *attrs[] = { NULL }; - struct ldb_result *dom_res; - struct ldb_result *res; - uint32_t old_rid; - - /* find if this SID already exists */ - ret = ldb_search(module->ldb, mem_ctx, &res, - NULL, LDB_SCOPE_SUBTREE, attrs, - "(objectSid=%s)", ldap_encode_ndr_dom_sid(mem_ctx, sid)); - if (ret == LDB_SUCCESS) { - if (res->count > 0) { - talloc_free(res); - ldb_asprintf_errstring(module->ldb, - "Attempt to add record with SID %s rejected," - " because this SID is already in the database", - dom_sid_string(mem_ctx, sid)); - /* We have a duplicate SID, we must reject the add */ - return LDB_ERR_CONSTRAINT_VIOLATION; + + if (ldb_msg_find_element(ac->msg, "samAccountName") == NULL) { + ret = samldb_generate_samAccountName(ac->msg); + if (ret != LDB_SUCCESS) { + return ret; } - talloc_free(res); - } else { - ldb_asprintf_errstring(module->ldb, - "samldb_notice_sid: error searching to see if sid %s is in use: %s\n", - dom_sid_string(mem_ctx, sid), - ldb_errstring(module->ldb)); - return ret; } - dom_sid = dom_sid_dup(mem_ctx, sid); - if (!dom_sid) { + name = ldb_msg_find_attr_as_string(ac->msg, "samAccountName", NULL); + if (name == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + filter = talloc_asprintf(ac, "samAccountName=%s", name); + if (filter == NULL) { return LDB_ERR_OPERATIONS_ERROR; } - /* get the domain component part of the provided SID */ - dom_sid->num_auths--; - - /* find the domain DN */ - ret = ldb_search(module->ldb, mem_ctx, &dom_res, - NULL, LDB_SCOPE_SUBTREE, attrs, - "(&(objectSid=%s)(|(|(objectClass=domain)(objectClass=builtinDomain))(objectClass=samba4LocalDomain)))", - ldap_encode_ndr_dom_sid(mem_ctx, dom_sid)); - if (ret == LDB_SUCCESS) { - if (dom_res->count == 0) { - talloc_free(dom_res); - /* This isn't an operation on a domain we know about, so nothing to update */ - return LDB_SUCCESS; - } - if (dom_res->count > 1) { - talloc_free(dom_res); - ldb_asprintf_errstring(module->ldb, - "samldb_notice_sid: error retrieving domain from sid: duplicate (found %d) domain: %s!\n", - dom_res->count, dom_sid_string(dom_res, dom_sid)); - return LDB_ERR_OPERATIONS_ERROR; - } - } else { - ldb_asprintf_errstring(module->ldb, - "samldb_notice_sid: error retrieving domain from sid: %s: %s\n", - dom_sid_string(dom_res, dom_sid), - ldb_errstring(module->ldb)); + ret = ldb_build_search_req(&req, ac->module->ldb, ac, + ac->domain_dn, LDB_SCOPE_SUBTREE, + filter, NULL, + NULL, + ac, samldb_check_samAccountName_callback, + ac->req); + talloc_free(filter); + if (ret != LDB_SUCCESS) { return ret; } + ac->ares = NULL; + return ldb_next_request(ac->module, req); +} - dom_dn = dom_res->msgs[0]->dn; +static int samldb_check_samAccountType(struct samldb_ctx *ac) +{ + unsigned int account_type; + unsigned int group_type; + unsigned int uac; + int ret; - ret = samldb_find_next_rid(module, mem_ctx, - dom_dn, &old_rid); - if (ret) { - talloc_free(dom_res); - return ret; + /* make sure sAMAccountType is not specified */ + if (ldb_msg_find_element(ac->msg, "sAMAccountType") != NULL) { + ldb_asprintf_errstring(ac->module->ldb, + "sAMAccountType must not be specified"); + return LDB_ERR_UNWILLING_TO_PERFORM; } - if (old_rid <= sid->sub_auths[sid->num_auths - 1]) { - ret = samldb_set_next_rid(module->ldb, mem_ctx, dom_dn, old_rid, - sid->sub_auths[sid->num_auths - 1] + 1); + if (strcmp("user", ac->type) == 0) { + uac = samdb_result_uint(ac->msg, "userAccountControl", 0); + if (uac == 0) { + ldb_asprintf_errstring(ac->module->ldb, + "userAccountControl invalid"); + return LDB_ERR_UNWILLING_TO_PERFORM; + } else { + account_type = samdb_uf2atype(uac); + ret = samdb_msg_add_uint(ac->module->ldb, + ac->msg, ac->msg, + "sAMAccountType", + account_type); + if (ret != LDB_SUCCESS) { + return ret; + } + } + } else + if (strcmp("group", ac->type) == 0) { + + group_type = samdb_result_uint(ac->msg, "groupType", 0); + if (group_type == 0) { + ldb_asprintf_errstring(ac->module->ldb, + "groupType invalid"); + return LDB_ERR_UNWILLING_TO_PERFORM; + } else { + account_type = samdb_gtype2atype(group_type); + ret = samdb_msg_add_uint(ac->module->ldb, + ac->msg, ac->msg, + "sAMAccountType", + account_type); + if (ret != LDB_SUCCESS) { + return ret; + } + } } - talloc_free(dom_res); - return ret; + + return samldb_next_step(ac); } -static int samldb_handle_sid(struct ldb_module *module, - TALLOC_CTX *mem_ctx, struct ldb_message *msg2, - struct ldb_dn *parent_dn) +static int samldb_get_sid_domain_callback(struct ldb_request *req, + struct ldb_reply *ares) { + struct samldb_ctx *ac; + const char *nextRid; int ret; - - struct dom_sid *sid = samdb_result_dom_sid(mem_ctx, msg2, "objectSid"); - if (sid == NULL) { - ret = samldb_get_new_sid(module, msg2, msg2->dn, parent_dn, &sid); - if (ret != 0) { - return ret; + + ac = talloc_get_type(req->context, struct samldb_ctx); + + if (!ares) { + ret = LDB_ERR_OPERATIONS_ERROR; + goto done; + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + + switch (ares->type) { + case LDB_REPLY_ENTRY: + /* save entry */ + if (ac->next_rid != 0) { + /* one too many! */ + ldb_set_errstring(ac->module->ldb, + "Invalid number of results while searching " + "for domain object"); + ret = LDB_ERR_OPERATIONS_ERROR; + break; } - if ( ! samldb_msg_add_sid(module, msg2, "objectSid", sid)) { - talloc_free(sid); - return LDB_ERR_OPERATIONS_ERROR; + nextRid = ldb_msg_find_attr_as_string(ares->message, + "nextRid", NULL); + if (nextRid == NULL) { + ldb_asprintf_errstring(ac->module->ldb, + "attribute nextRid not found in %s\n", + ldb_dn_get_linearized(ares->message->dn)); + ret = LDB_ERR_OPERATIONS_ERROR; + break; } - talloc_free(sid); + + ac->next_rid = strtol(nextRid, NULL, 0); + + ac->domain_dn = talloc_steal(ac, ares->message->dn); + + talloc_free(ares); ret = LDB_SUCCESS; - } else { - ret = samldb_notice_sid(module, msg2, sid); + break; + + case LDB_REPLY_REFERRAL: + /* ignore */ + talloc_free(ares); + ret = LDB_SUCCESS; + break; + + case LDB_REPLY_DONE: + + if (ac->next_rid == 0) { + ldb_asprintf_errstring(ac->module->ldb, + "Unable to get nextRid from domain entry\n"); + ret = LDB_ERR_OPERATIONS_ERROR; + break; + } + + /* found, go on */ + ret = samldb_next_step(ac); + break; + } + +done: + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); } - return ret; + + return LDB_SUCCESS; } -static int samldb_generate_samAccountName(struct ldb_module *module, TALLOC_CTX *mem_ctx, - struct ldb_dn *dom_dn, char **name) +/* Find a domain object in the parents of a particular DN. */ +static int samldb_get_sid_domain(struct samldb_ctx *ac) { - const char *attrs[] = { NULL }; - struct ldb_result *res; + static const char * const attrs[2] = { "nextRid", NULL }; + struct ldb_request *req; + char *filter; int ret; - - /* Format: $000000-000000000000 */ - - do { - *name = talloc_asprintf(mem_ctx, "$%.6X-%.6X%.6X", (unsigned int)generate_random(), (unsigned int)generate_random(), (unsigned int)generate_random()); - /* TODO: Figure out exactly what this is meant to conflict with */ - ret = ldb_search(module->ldb, - mem_ctx, &res, dom_dn, LDB_SCOPE_SUBTREE, attrs, - "samAccountName=%s", - ldb_binary_encode_string(mem_ctx, *name)); - if (ret != LDB_SUCCESS) { - ldb_asprintf_errstring(module->ldb, "samldb: Failure searching to determine if samAccountName %s is unique: %s", - *name, ldb_errstring(module->ldb)); - return ret; - } - if (res->count == 0) { - talloc_free(res); - /* Great. There are no conflicting users/groups/etc */ - return LDB_SUCCESS; - } else { - talloc_free(*name); - /* gah, there is a conflicting name, lets move around the loop again... */ - } - } while (1); + if (ac->sid == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + ac->domain_sid = dom_sid_dup(ac, ac->sid); + if (!ac->domain_sid) { + return LDB_ERR_OPERATIONS_ERROR; + } + /* get the domain component part of the provided SID */ + ac->domain_sid->num_auths--; + + filter = talloc_asprintf(ac, "(&(objectSid=%s)" + "(|(objectClass=domain)" + "(objectClass=builtinDomain)" + "(objectClass=samba4LocalDomain)))", + ldap_encode_ndr_dom_sid(ac, ac->domain_sid)); + if (filter == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + ret = ldb_build_search_req(&req, ac->module->ldb, ac, + ldb_get_default_basedn(ac->module->ldb), + LDB_SCOPE_SUBTREE, + filter, attrs, + NULL, + ac, samldb_get_sid_domain_callback, + ac->req); + + if (ret != LDB_SUCCESS) { + return ret; + } + + ac->next_rid = 0; + return ldb_next_request(ac->module, req); } -static int samldb_fill_group_object(struct ldb_module *module, const struct ldb_message *msg, - struct ldb_message **ret_msg) +static bool samldb_msg_add_sid(struct ldb_message *msg, + const char *name, + const struct dom_sid *sid) { - int ret; - unsigned int group_type; - char *name; - struct ldb_message *msg2; - struct ldb_dn *dom_dn; - const char *rdn_name; - TALLOC_CTX *mem_ctx = talloc_new(msg); - const char *errstr; - if (!mem_ctx) { + struct ldb_val v; + enum ndr_err_code ndr_err; + + ndr_err = ndr_push_struct_blob(&v, msg, NULL, sid, + (ndr_push_flags_fn_t)ndr_push_dom_sid); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + return false; + } + return (ldb_msg_add_value(msg, name, &v, NULL) == 0); +} + +static int samldb_new_sid(struct samldb_ctx *ac) +{ + + if (ac->domain_sid == NULL || ac->next_rid == 0) { return LDB_ERR_OPERATIONS_ERROR; } - /* build the new msg */ - msg2 = ldb_msg_copy(mem_ctx, msg); - if (!msg2) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_group_object: ldb_msg_copy failed!\n"); - talloc_free(mem_ctx); + ac->sid = dom_sid_add_rid(ac, ac->domain_sid, ac->next_rid + 1); + if (ac->sid == NULL) { return LDB_ERR_OPERATIONS_ERROR; } - ret = samdb_copy_template(module->ldb, msg2, - "group", - &errstr); - if (ret != 0) { - - talloc_free(mem_ctx); - return ret; + if ( ! samldb_msg_add_sid(ac->msg, "objectSid", ac->sid)) { + return LDB_ERR_OPERATIONS_ERROR; } - rdn_name = ldb_dn_get_rdn_name(msg2->dn); + return samldb_next_step(ac); +} - if (strcasecmp(rdn_name, "cn") != 0) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_group_object: Bad RDN (%s) for group!\n", rdn_name); - talloc_free(mem_ctx); - return LDB_ERR_CONSTRAINT_VIOLATION; +static int samldb_check_sid_callback(struct ldb_request *req, + struct ldb_reply *ares) +{ + struct samldb_ctx *ac; + int ret; + + ac = talloc_get_type(req->context, struct samldb_ctx); + + if (!ares) { + ret = LDB_ERR_OPERATIONS_ERROR; + goto done; + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + + switch (ares->type) { + case LDB_REPLY_ENTRY: + + /* if we get an entry it means an object with the + * requested sid exists */ + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_CONSTRAINT_VIOLATION); + + case LDB_REPLY_REFERRAL: + /* ignore */ + talloc_free(ares); + break; + + case LDB_REPLY_DONE: + + /* not found, go on */ + talloc_free(ares); + ret = samldb_next_step(ac); + break; } - ret = samdb_search_for_parent_domain(module->ldb, mem_ctx, msg2->dn, &dom_dn, &errstr); +done: + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } + + return LDB_SUCCESS; +} + +static int samldb_check_sid(struct samldb_ctx *ac) +{ + const char *const attrs[2] = { "objectSid", NULL }; + struct ldb_request *req; + char *filter; + int ret; + + if (ac->sid == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + filter = talloc_asprintf(ac, "(objectSid=%s)", + ldap_encode_ndr_dom_sid(ac, ac->sid)); + if (filter == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + ret = ldb_build_search_req(&req, ac->module->ldb, ac, + ldb_get_default_basedn(ac->module->ldb), + LDB_SCOPE_SUBTREE, + filter, attrs, + NULL, + ac, samldb_check_sid_callback, + ac->req); + if (ret != LDB_SUCCESS) { - ldb_asprintf_errstring(module->ldb, - "samldb_fill_group_object: %s", errstr); return ret; } - /* Generate a random name, if no samAccountName was supplied */ - if (ldb_msg_find_element(msg2, "samAccountName") == NULL) { - ret = samldb_generate_samAccountName(module, mem_ctx, dom_dn, &name); - if (ret != LDB_SUCCESS) { - talloc_free(mem_ctx); - return ret; - } - ret = samdb_find_or_add_attribute(module->ldb, msg2, "sAMAccountName", name); - if (ret) { - talloc_free(mem_ctx); - return ret; - } + return ldb_next_request(ac->module, req); +} + +static int samldb_notice_sid_callback(struct ldb_request *req, + struct ldb_reply *ares) +{ + struct samldb_ctx *ac; + int ret; + + ac = talloc_get_type(req->context, struct samldb_ctx); + + if (!ares) { + ret = LDB_ERR_OPERATIONS_ERROR; + goto done; } - - if (ldb_msg_find_element(msg2, "sAMAccountType") != NULL) { - ldb_asprintf_errstring(module->ldb, "sAMAccountType must not be specified"); - talloc_free(mem_ctx); - return LDB_ERR_UNWILLING_TO_PERFORM; + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); } - group_type = samdb_result_uint(msg2, "groupType", 0); - if (group_type == 0) { - ldb_asprintf_errstring(module->ldb, "groupType invalid"); - talloc_free(mem_ctx); - return LDB_ERR_UNWILLING_TO_PERFORM; - } else { - unsigned int account_type = samdb_gtype2atype(group_type); - ret = samdb_msg_add_uint(module->ldb, msg2, msg2, - "sAMAccountType", - account_type); - if (ret != LDB_SUCCESS) { - return ret; - } + if (ares->type != LDB_REPLY_DONE) { + ldb_set_errstring(ac->module->ldb, + "Invalid reply type!\n"); + ret = LDB_ERR_OPERATIONS_ERROR; + goto done; } - /* Manage SID allocation, conflicts etc */ - ret = samldb_handle_sid(module, mem_ctx, msg2, dom_dn); + ret = samldb_next_step(ac); - if (ret == LDB_SUCCESS) { - talloc_steal(msg, msg2); - *ret_msg = msg2; +done: + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); } - talloc_free(mem_ctx); - return ret; + + return LDB_SUCCESS; } -static int samldb_fill_user_or_computer_object(struct ldb_module *module, const struct ldb_message *msg, struct ldb_message **ret_msg) +/* If we are adding new users/groups, we need to update the nextRid + * attribute to be 'above' the new/incoming RID. Attempt to do it + *atomically. */ +static int samldb_notice_sid(struct samldb_ctx *ac) { + uint32_t old_id, new_id; + struct ldb_request *req; + struct ldb_message *msg; + struct ldb_message_element *els; + struct ldb_val *vals; int ret; - char *name; - struct ldb_message *msg2; - struct ldb_dn *dom_dn; - const char *rdn_name; - TALLOC_CTX *mem_ctx = talloc_new(msg); - const char *errstr; - unsigned int user_account_control; - if (!mem_ctx) { + + old_id = ac->next_rid; + new_id = ac->sid->sub_auths[ac->sid->num_auths - 1]; + + if (old_id >= new_id) { + /* no need to update the domain nextRid attribute */ + return samldb_next_step(ac); + } + + /* we do a delete and add as a single operation. That prevents + a race, in case we are not actually on a transaction db */ + msg = talloc_zero(ac, struct ldb_message); + if (msg == NULL) { + ldb_oom(ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + els = talloc_array(msg, struct ldb_message_element, 2); + if (els == NULL) { + ldb_oom(ac->module->ldb); return LDB_ERR_OPERATIONS_ERROR; } + vals = talloc_array(msg, struct ldb_val, 2); + if (vals == NULL) { + ldb_oom(ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + msg->dn = ac->domain_dn; + msg->num_elements = 2; + msg->elements = els; - /* build the new msg */ - msg2 = ldb_msg_copy(mem_ctx, msg); - if (!msg2) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_user_or_computer_object: ldb_msg_copy failed!\n"); - talloc_free(mem_ctx); + els[0].num_values = 1; + els[0].values = &vals[0]; + els[0].flags = LDB_FLAG_MOD_DELETE; + els[0].name = talloc_strdup(msg, "nextRid"); + if (!els[0].name) { + ldb_oom(ac->module->ldb); return LDB_ERR_OPERATIONS_ERROR; } - ret = samdb_copy_template(module->ldb, msg2, - "user", - &errstr); - if (ret) { - ldb_asprintf_errstring(module->ldb, - "samldb_fill_user_or_computer_object: Error copying user template: %s\n", - errstr); - talloc_free(mem_ctx); + els[1].num_values = 1; + els[1].values = &vals[1]; + els[1].flags = LDB_FLAG_MOD_ADD; + els[1].name = els[0].name; + + vals[0].data = (uint8_t *)talloc_asprintf(vals, "%u", old_id); + if (!vals[0].data) { + ldb_oom(ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + vals[0].length = strlen((char *)vals[0].data); + + vals[1].data = (uint8_t *)talloc_asprintf(vals, "%u", new_id); + if (!vals[1].data) { + ldb_oom(ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + vals[1].length = strlen((char *)vals[1].data); + + ret = ldb_build_mod_req(&req, ac->module->ldb, ac, + msg, NULL, + ac, samldb_notice_sid_callback, + ac->req); + if (ret != LDB_SUCCESS) { return ret; } - rdn_name = ldb_dn_get_rdn_name(msg2->dn); + return ldb_next_request(ac->module, req); +} - if (strcasecmp(rdn_name, "cn") != 0) { - ldb_asprintf_errstring(module->ldb, "Bad RDN (%s=) for user/computer, should be CN=!\n", rdn_name); - talloc_free(mem_ctx); - return LDB_ERR_CONSTRAINT_VIOLATION; +static int samldb_add_entry_callback(struct ldb_request *req, + struct ldb_reply *ares) +{ + struct samldb_ctx *ac; + + ac = talloc_get_type(req->context, struct samldb_ctx); + + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); } + if (ares->type != LDB_REPLY_DONE) { + ldb_set_errstring(ac->module->ldb, + "Invalid reply type!\n"); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + + /* we exit the samldb module here */ + return ldb_module_done(ac->req, ares->controls, + ares->response, LDB_SUCCESS); +} - ret = samdb_search_for_parent_domain(module->ldb, mem_ctx, msg2->dn, &dom_dn, &errstr); +static int samldb_add_entry(struct samldb_ctx *ac) +{ + struct ldb_request *req; + int ret; + + ret = ldb_build_add_req(&req, ac->module->ldb, ac, + ac->msg, + ac->req->controls, + ac, samldb_add_entry_callback, + ac->req); if (ret != LDB_SUCCESS) { - ldb_asprintf_errstring(module->ldb, - "samldb_fill_user_or_computer_object: %s", errstr); return ret; } - if (ldb_msg_find_element(msg2, "samAccountName") == NULL) { - ret = samldb_generate_samAccountName(module, mem_ctx, dom_dn, &name); - if (ret != LDB_SUCCESS) { - talloc_free(mem_ctx); - return ret; - } - ret = samdb_find_or_add_attribute(module->ldb, msg2, "sAMAccountName", name); - if (ret) { - talloc_free(mem_ctx); - return ret; - } + return ldb_next_request(ac->module, req); +} + +static int samldb_fill_object(struct samldb_ctx *ac, const char *type) +{ + int ret; + + /* first look for the template */ + ac->type = type; + ret = samldb_add_step(ac, samldb_search_template); + if (ret != LDB_SUCCESS) return ret; + + /* then apply it */ + ret = samldb_add_step(ac, samldb_apply_template); + if (ret != LDB_SUCCESS) return ret; + + /* search for a parent domain objet */ + ac->check_dn = ac->req->op.add.message->dn; + ret = samldb_add_step(ac, samldb_get_parent_domain); + if (ret != LDB_SUCCESS) return ret; + + /* check if we have a valid samAccountName */ + ret = samldb_add_step(ac, samldb_check_samAccountName); + if (ret != LDB_SUCCESS) return ret; + + /* check account_type/group_type */ + ret = samldb_add_step(ac, samldb_check_samAccountType); + if (ret != LDB_SUCCESS) return ret; + + /* check if we have a valid SID */ + ac->sid = samdb_result_dom_sid(ac, ac->msg, "objectSid"); + if ( ! ac->sid) { + ret = samldb_add_step(ac, samldb_new_sid); + if (ret != LDB_SUCCESS) return ret; + } else { + ret = samldb_add_step(ac, samldb_get_sid_domain); + if (ret != LDB_SUCCESS) return ret; } - if (ldb_msg_find_element(msg2, "sAMAccountType") != NULL) { - ldb_asprintf_errstring(module->ldb, "sAMAccountType must not be specified"); - talloc_free(mem_ctx); - return LDB_ERR_UNWILLING_TO_PERFORM; + ret = samldb_add_step(ac, samldb_check_sid); + if (ret != LDB_SUCCESS) return ret; + + ret = samldb_add_step(ac, samldb_notice_sid); + if (ret != LDB_SUCCESS) return ret; + + /* finally proceed with adding the entry */ + ret = samldb_add_step(ac, samldb_add_entry); + if (ret != LDB_SUCCESS) return ret; + + return samldb_first_step(ac); + + /* TODO: userAccountControl, badPwdCount, codePage, + * countryCode, badPasswordTime, lastLogoff, lastLogon, + * pwdLastSet, primaryGroupID, accountExpires, logonCount */ + +} + +static int samldb_foreign_notice_sid_callback(struct ldb_request *req, + struct ldb_reply *ares) +{ + struct samldb_ctx *ac; + const char *nextRid; + const char *name; + int ret; + + ac = talloc_get_type(req->context, struct samldb_ctx); + + if (!ares) { + ret = LDB_ERR_OPERATIONS_ERROR; + goto done; } - user_account_control = samdb_result_uint(msg2, "userAccountControl", 0); - if (user_account_control == 0) { - ldb_asprintf_errstring(module->ldb, "userAccountControl invalid"); - talloc_free(mem_ctx); - return LDB_ERR_UNWILLING_TO_PERFORM; - } else { - unsigned int account_type = samdb_uf2atype(user_account_control); - ret = samdb_msg_add_uint(module->ldb, msg2, msg2, - "sAMAccountType", - account_type); - if (ret != LDB_SUCCESS) { - return ret; - } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); } - /* Manage SID allocation, conflicts etc */ - ret = samldb_handle_sid(module, mem_ctx, msg2, dom_dn); + switch (ares->type) { + case LDB_REPLY_ENTRY: + /* save entry */ + if (ac->next_rid != 0) { + /* one too many! */ + ldb_set_errstring(ac->module->ldb, + "Invalid number of results while searching " + "for domain object"); + ret = LDB_ERR_OPERATIONS_ERROR; + break; + } + + nextRid = ldb_msg_find_attr_as_string(ares->message, + "nextRid", NULL); + if (nextRid == NULL) { + ldb_asprintf_errstring(ac->module->ldb, + "attribute nextRid not found in %s\n", + ldb_dn_get_linearized(ares->message->dn)); + ret = LDB_ERR_OPERATIONS_ERROR; + break; + } + + ac->next_rid = strtol(nextRid, NULL, 0); + + ac->domain_dn = talloc_steal(ac, ares->message->dn); + + name = samdb_result_string(ares->message, "name", NULL); + ldb_debug(ac->module->ldb, LDB_DEBUG_TRACE, + "NOTE (strange but valid): Adding foreign SID " + "record with SID %s, but this domain (%s) is " + "not foreign in the database", + dom_sid_string(ares, ac->sid), name); + + talloc_free(ares); + break; + + case LDB_REPLY_REFERRAL: + /* ignore */ + talloc_free(ares); + break; - /* TODO: userAccountControl, badPwdCount, codePage, countryCode, badPasswordTime, lastLogoff, lastLogon, pwdLastSet, primaryGroupID, accountExpires, logonCount */ + case LDB_REPLY_DONE: - if (ret == 0) { - *ret_msg = msg2; - talloc_steal(msg, msg2); + /* if this is a fake foreign SID, notice the SID */ + if (ac->domain_dn) { + ret = samldb_notice_sid(ac); + break; + } + + /* found, go on */ + ret = samldb_next_step(ac); + break; } - talloc_free(mem_ctx); - return ret; + +done: + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } + + return LDB_SUCCESS; } - -static int samldb_fill_foreignSecurityPrincipal_object(struct ldb_module *module, const struct ldb_message *msg, - struct ldb_message **ret_msg) + +/* Find a domain object in the parents of a particular DN. */ +static int samldb_foreign_notice_sid(struct samldb_ctx *ac) { - struct ldb_message *msg2; - const char *rdn_name; - struct dom_sid *dom_sid; - struct dom_sid *sid; - const char *dom_attrs[] = { "name", NULL }; - struct ldb_message **dom_msgs; - const char *errstr; + static const char * const attrs[3] = { "nextRid", "name", NULL }; + struct ldb_request *req; + char *filter; int ret; - TALLOC_CTX *mem_ctx = talloc_new(msg); - if (!mem_ctx) { + if (ac->sid == NULL) { return LDB_ERR_OPERATIONS_ERROR; } - /* build the new msg */ - msg2 = ldb_msg_copy(mem_ctx, msg); - if (!msg2) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_foreignSecurityPrincipal_object: ldb_msg_copy failed!\n"); - talloc_free(mem_ctx); + ac->domain_sid = dom_sid_dup(ac, ac->sid); + if (!ac->domain_sid) { return LDB_ERR_OPERATIONS_ERROR; } + /* get the domain component part of the provided SID */ + ac->domain_sid->num_auths--; - ret = samdb_copy_template(module->ldb, msg2, - "ForeignSecurityPrincipal", - &errstr); - if (ret != 0) { - ldb_asprintf_errstring(module->ldb, - "samldb_fill_foreignSecurityPrincipal_object: " - "Error copying template: %s", - errstr); - talloc_free(mem_ctx); - return ret; + filter = talloc_asprintf(ac, "(&(objectSid=%s)(objectclass=domain))", + ldap_encode_ndr_dom_sid(ac, ac->domain_sid)); + if (filter == NULL) { + return LDB_ERR_OPERATIONS_ERROR; } - rdn_name = ldb_dn_get_rdn_name(msg2->dn); + ret = ldb_build_search_req(&req, ac->module->ldb, ac, + ldb_get_default_basedn(ac->module->ldb), + LDB_SCOPE_SUBTREE, + filter, attrs, + NULL, + ac, samldb_foreign_notice_sid_callback, + ac->req); - if (strcasecmp(rdn_name, "cn") != 0) { - ldb_asprintf_errstring(module->ldb, "Bad RDN (%s=) for ForeignSecurityPrincipal, should be CN=!", rdn_name); - talloc_free(mem_ctx); - return LDB_ERR_CONSTRAINT_VIOLATION; + if (ret != LDB_SUCCESS) { + return ret; } - sid = samdb_result_dom_sid(msg2, msg, "objectSid"); - if (!sid) { - /* Slightly different for the foreign sids. We don't want - * domain SIDs ending up there, it would cause all sorts of - * pain */ - - sid = dom_sid_parse_talloc(msg2, (const char *)ldb_dn_get_rdn_val(msg2->dn)->data); - if (!sid) { - ldb_set_errstring(module->ldb, "No valid found SID in ForeignSecurityPrincipal CN!"); - talloc_free(mem_ctx); - return LDB_ERR_CONSTRAINT_VIOLATION; - } + ac->next_rid = 0; + return ldb_next_request(ac->module, req); +} - if ( ! samldb_msg_add_sid(module, msg2, "objectSid", sid)) { - talloc_free(sid); - return LDB_ERR_OPERATIONS_ERROR; - } +static int samldb_fill_foreignSecurityPrincipal_object(struct samldb_ctx *ac) +{ + int ret; - dom_sid = dom_sid_dup(mem_ctx, sid); - if (!dom_sid) { - talloc_free(mem_ctx); - return LDB_ERR_OPERATIONS_ERROR; + ac->sid = samdb_result_dom_sid(ac->msg, ac->msg, "objectSid"); + if (ac->sid == NULL) { + ac->sid = dom_sid_parse_talloc(ac->msg, + (const char *)ldb_dn_get_rdn_val(ac->msg->dn)->data); + if (!ac->sid) { + ldb_set_errstring(ac->module->ldb, + "No valid found SID in " + "ForeignSecurityPrincipal CN!"); + talloc_free(ac); + return LDB_ERR_CONSTRAINT_VIOLATION; } - /* get the domain component part of the provided SID */ - dom_sid->num_auths--; - - /* find the domain DN */ - - ret = gendb_search(module->ldb, - mem_ctx, NULL, &dom_msgs, dom_attrs, - "(&(objectSid=%s)(objectclass=domain))", - ldap_encode_ndr_dom_sid(mem_ctx, dom_sid)); - if (ret >= 1) { - /* We don't really like the idea of foreign sids that are not foreign, but it happens */ - const char *name = samdb_result_string(dom_msgs[0], "name", NULL); - ldb_debug(module->ldb, LDB_DEBUG_TRACE, "NOTE (strange but valid): Adding foreign SID record with SID %s, but this domian (%s) is already in the database", - dom_sid_string(mem_ctx, sid), name); - } else if (ret == -1) { - ldb_asprintf_errstring(module->ldb, - "samldb_fill_foreignSecurityPrincipal_object: error searching for a domain with this sid: %s\n", - dom_sid_string(mem_ctx, dom_sid)); - talloc_free(dom_msgs); + if ( ! samldb_msg_add_sid(ac->msg, "objectSid", ac->sid)) { + talloc_free(ac); return LDB_ERR_OPERATIONS_ERROR; } } - /* This isn't an operation on a domain we know about, so just - * check for the SID, looking for duplicates via the common - * code */ - ret = samldb_notice_sid(module, msg2, sid); - if (ret == 0) { - talloc_steal(msg, msg2); - *ret_msg = msg2; - } - - return ret; + /* first look for the template */ + ac->type = "foreignSecurityPrincipal"; + ret = samldb_add_step(ac, samldb_search_template); + if (ret != LDB_SUCCESS) return ret; + + /* then apply it */ + ret = samldb_add_step(ac, samldb_apply_template); + if (ret != LDB_SUCCESS) return ret; + + /* check we do not already have this SID */ + ret = samldb_add_step(ac, samldb_check_sid); + if (ret != LDB_SUCCESS) return ret; + + /* check if we need to notice this SID */ + ret = samldb_add_step(ac, samldb_foreign_notice_sid); + if (ret != LDB_SUCCESS) return ret; + + /* finally proceed with adding the entry */ + ret = samldb_add_step(ac, samldb_add_entry); + if (ret != LDB_SUCCESS) return ret; + + return samldb_first_step(ac); } -/* add_record */ +static int samldb_check_rdn(struct ldb_module *module, struct ldb_dn *dn) +{ + const char *rdn_name; -/* - * FIXME - * - * Actually this module is not async at all as it does a number of sync searches - * in the process. It still to be decided how to deal with it properly so it is - * left SYNC for now until we think of a good solution. - */ + rdn_name = ldb_dn_get_rdn_name(dn); + + if (strcasecmp(rdn_name, "cn") != 0) { + ldb_asprintf_errstring(module->ldb, + "Bad RDN (%s=) for samldb object, " + "should be CN=!\n", rdn_name); + return LDB_ERR_CONSTRAINT_VIOLATION; + } + return LDB_SUCCESS; +} + +/* add_record */ static int samldb_add(struct ldb_module *module, struct ldb_request *req) { - const struct ldb_message *msg = req->op.add.message; - struct ldb_message *msg2 = NULL; - struct ldb_request *down_req; + struct samldb_ctx *ac; int ret; ldb_debug(module->ldb, LDB_DEBUG_TRACE, "samldb_add_record\n"); - if (ldb_dn_is_special(msg->dn)) { /* do not manipulate our control entries */ + /* do not manipulate our control entries */ + if (ldb_dn_is_special(req->op.add.message->dn)) { return ldb_next_request(module, req); } - /* is user or computer? */ - if ((samdb_find_attribute(module->ldb, msg, "objectclass", "user") != NULL) || - (samdb_find_attribute(module->ldb, msg, "objectclass", "computer") != NULL)) { - /* add all relevant missing objects */ - ret = samldb_fill_user_or_computer_object(module, msg, &msg2); - if (ret) { - return ret; - } + ac = samldb_ctx_init(module, req); + if (ac == NULL) { + return LDB_ERR_OPERATIONS_ERROR; } - /* is group? add all relevant missing objects */ - if ( ! msg2 ) { - if (samdb_find_attribute(module->ldb, msg, "objectclass", "group") != NULL) { - ret = samldb_fill_group_object(module, msg, &msg2); - if (ret) { - return ret; - } - } + /* build the new msg */ + ac->msg = ldb_msg_copy(ac, ac->req->op.add.message); + if (!ac->msg) { + talloc_free(ac); + ldb_debug(ac->module->ldb, LDB_DEBUG_FATAL, + "samldb_add: ldb_msg_copy failed!\n"); + return LDB_ERR_OPERATIONS_ERROR; } - /* perhaps a foreignSecurityPrincipal? */ - if ( ! msg2 ) { - if (samdb_find_attribute(module->ldb, msg, "objectclass", "foreignSecurityPrincipal") != NULL) { - ret = samldb_fill_foreignSecurityPrincipal_object(module, msg, &msg2); - if (ret) { - return ret; - } + if (samdb_find_attribute(module->ldb, ac->msg, + "objectclass", "computer") != NULL) { + + /* make sure the computer object also has the 'user' + * objectclass so it will be handled by the next call */ + ret = samdb_find_or_add_value(module->ldb, ac->msg, + "objectclass", "user"); + if (ret != LDB_SUCCESS) { + talloc_free(ac); + return ret; } } - if (msg2 == NULL) { - return ldb_next_request(module, req); - } + if (samdb_find_attribute(module->ldb, ac->msg, + "objectclass", "user") != NULL) { - down_req = talloc(req, struct ldb_request); - if (down_req == NULL) { - return LDB_ERR_OPERATIONS_ERROR; + ret = samldb_check_rdn(module, ac->req->op.add.message->dn); + if (ret != LDB_SUCCESS) { + talloc_free(ac); + return ret; + } + + return samldb_fill_object(ac, "user"); } - *down_req = *req; - - down_req->op.add.message = talloc_steal(down_req, msg2); + if (samdb_find_attribute(module->ldb, ac->msg, + "objectclass", "group") != NULL) { + + ret = samldb_check_rdn(module, ac->req->op.add.message->dn); + if (ret != LDB_SUCCESS) { + talloc_free(ac); + return ret; + } - ldb_set_timeout_from_prev_req(module->ldb, req, down_req); + return samldb_fill_object(ac, "group"); + } - /* go on with the call chain */ - ret = ldb_next_request(module, down_req); + /* perhaps a foreignSecurityPrincipal? */ + if (samdb_find_attribute(module->ldb, ac->msg, + "objectclass", + "foreignSecurityPrincipal") != NULL) { - /* do not free down_req as the call results may be linked to it, - * it will be freed when the upper level request get freed */ - if (ret == LDB_SUCCESS) { - req->handle = down_req->handle; + ret = samldb_check_rdn(module, ac->req->op.add.message->dn); + if (ret != LDB_SUCCESS) { + talloc_free(ac); + return ret; + } + + return samldb_fill_foreignSecurityPrincipal_object(ac); } - return ret; + talloc_free(ac); + + /* nothing matched, go on */ + return ldb_next_request(module, req); } /* modify */ @@ -777,6 +1354,8 @@ static int samldb_modify(struct ldb_module *module, struct ldb_request *req) return LDB_ERR_UNWILLING_TO_PERFORM; } + /* TODO: do not modify original request, create a new one */ + el = ldb_msg_find_element(req->op.mod.message, "groupType"); if (el && el->flags & (LDB_FLAG_MOD_ADD|LDB_FLAG_MOD_REPLACE) && el->num_values == 1) { req->op.mod.message = msg = ldb_msg_copy_shallow(req, req->op.mod.message); diff --git a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c index 4b6e9e1d47..56d24a2962 100644 --- a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c +++ b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c @@ -62,8 +62,10 @@ struct schema_fsmo_private_data { }; struct schema_fsmo_search_data { - struct schema_fsmo_private_data *module_context; - struct ldb_request *orig_req; + struct ldb_module *module; + struct ldb_request *req; + + const struct dsdb_schema *schema; }; static int schema_fsmo_init(struct ldb_module *module) @@ -325,41 +327,54 @@ static int generate_dITContentRules(struct ldb_context *ldb, struct ldb_message /* Add objectClasses, attributeTypes and dITContentRules from the schema object (they are not stored in the database) */ -static int schema_fsmo_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +static int schema_fsmo_search_callback(struct ldb_request *req, struct ldb_reply *ares) { - const struct dsdb_schema *schema = dsdb_get_schema(ldb); - struct schema_fsmo_search_data *search_data = talloc_get_type(context, struct schema_fsmo_search_data); - struct ldb_request *orig_req = search_data->orig_req; - TALLOC_CTX *mem_ctx; + struct schema_fsmo_search_data *ac; + struct schema_fsmo_private_data *mc; int i, ret; - /* Only entries are interesting, and we handle the case of the parent seperatly */ - if (ares->type != LDB_REPLY_ENTRY) { - return orig_req->callback(ldb, orig_req->context, ares); - } + ac = talloc_get_type(req->context, struct schema_fsmo_search_data); + mc = talloc_get_type(ac->module->private_data, struct schema_fsmo_private_data); - if (ldb_dn_compare(ares->message->dn, search_data->module_context->aggregate_dn) != 0) { - talloc_free(mem_ctx); - return orig_req->callback(ldb, orig_req->context, ares); + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } - - mem_ctx = talloc_new(ares); - if (!mem_ctx) { - ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); } + /* Only entries are interesting, and we handle the case of the parent seperatly */ - for (i=0; i < ARRAY_SIZE(generated_attrs); i++) { - if (ldb_attr_in_list(orig_req->op.search.attrs, generated_attrs[i].attr)) { - ret = generated_attrs[i].fn(ldb, ares->message, schema); - if (ret != LDB_SUCCESS) { - return ret; + switch (ares->type) { + case LDB_REPLY_ENTRY: + + if (ldb_dn_compare(ares->message->dn, mc->aggregate_dn) != 0) { + return ldb_module_send_entry(ac->req, ares->message); + } + + for (i=0; i < ARRAY_SIZE(generated_attrs); i++) { + if (ldb_attr_in_list(ac->req->op.search.attrs, generated_attrs[i].attr)) { + ret = generated_attrs[i].fn(ac->module->ldb, ares->message, ac->schema); + if (ret != LDB_SUCCESS) { + return ret; + } } } + + return ldb_module_send_entry(ac->req, ares->message); + + case LDB_REPLY_REFERRAL: + + return ldb_module_send_referral(ac->req, ares->referral); + + case LDB_REPLY_DONE: + + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); } - talloc_free(mem_ctx); - return orig_req->callback(ldb, orig_req->context, ares); + return LDB_SUCCESS; } /* search */ @@ -390,27 +405,24 @@ static int schema_fsmo_search(struct ldb_module *module, struct ldb_request *req ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } - down_req = talloc(req, struct ldb_request); - if (!down_req) { - ldb_oom(module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - - *down_req = *req; - search_context->orig_req = req; - search_context->module_context = talloc_get_type(module->private_data, struct schema_fsmo_private_data); - down_req->context = search_context; - - down_req->callback = schema_fsmo_search_callback; - ret = ldb_next_request(module, down_req); + search_context->module = module; + search_context->req = req; + search_context->schema = schema; - /* do not free down_req as the call results may be linked to it, - * it will be freed when the upper level request get freed */ - if (ret == LDB_SUCCESS) { - req->handle = down_req->handle; + ret = ldb_build_search_req_ex(&down_req, module->ldb, search_context, + req->op.search.base, + req->op.search.scope, + req->op.search.tree, + req->op.search.attrs, + req->controls, + search_context, schema_fsmo_search_callback, + req); + if (ret != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; } - return ret; + + return ldb_next_request(module, down_req); } diff --git a/source4/dsdb/samdb/ldb_modules/show_deleted.c b/source4/dsdb/samdb/ldb_modules/show_deleted.c index 361cf226dc..0e3b46debe 100644 --- a/source4/dsdb/samdb/ldb_modules/show_deleted.c +++ b/source4/dsdb/samdb/ldb_modules/show_deleted.c @@ -27,7 +27,7 @@ * * Component: ldb deleted objects control module * - * Description: this module hides deleted objects, and returns them if the control is there + * Description: this module hides deleted objects, and returns them if the right control is there * * Author: Stefan Metzmacher */ @@ -42,36 +42,38 @@ struct show_deleted_search_request { struct ldb_module *module; - void *up_context; - int (*up_callback)(struct ldb_context *, void *, struct ldb_reply *); - - bool remove_from_msg; + struct ldb_request *req; }; -static int show_deleted_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +static int show_deleted_search_callback(struct ldb_request *req, + struct ldb_reply *ares) { struct show_deleted_search_request *ar; - ar = talloc_get_type(context, struct show_deleted_search_request); + ar = talloc_get_type(req->context, struct show_deleted_search_request); - if (ares->type == LDB_REPLY_ENTRY) { - bool isDeleted; + if (!ares) { + return ldb_module_done(ar->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ar->req, ares->controls, + ares->response, ares->error); + } - isDeleted = ldb_msg_find_attr_as_bool(ares->message, "isDeleted", false); + switch (ares->type) { + case LDB_REPLY_ENTRY: - if (isDeleted) { - goto skip_deleted; - } + return ldb_module_send_entry(ar->req, ares->message); - if (ar->remove_from_msg) { - ldb_msg_remove_attr(ares->message, "isDeleted"); - } - } + case LDB_REPLY_REFERRAL: + return ldb_module_send_referral(ar->req, ares->referral); - return ar->up_callback(ldb, ar->up_context, ares); + case LDB_REPLY_DONE: + return ldb_module_done(ar->req, ares->controls, + ares->response, LDB_SUCCESS); -skip_deleted: - talloc_free(ares); + } return LDB_SUCCESS; } @@ -81,116 +83,68 @@ static int show_deleted_search(struct ldb_module *module, struct ldb_request *re struct ldb_control **saved_controls; struct show_deleted_search_request *ar; struct ldb_request *down_req; - char **new_attrs; - uint32_t num_attrs = 0; - uint32_t i; + char *old_filter; + char *new_filter; int ret; - /* check if there's a show deleted control */ - control = ldb_request_get_control(req, LDB_CONTROL_SHOW_DELETED_OID); - - /* copy the request for modification */ - down_req = talloc(req, struct ldb_request); - if (down_req == NULL) { - ldb_oom(module->ldb); + ar = talloc_zero(req, struct show_deleted_search_request); + if (ar == NULL) { return LDB_ERR_OPERATIONS_ERROR; } + ar->module = module; + ar->req = req; - /* copy the request */ - *down_req = *req; + /* check if there's a show deleted control */ + control = ldb_request_get_control(req, LDB_CONTROL_SHOW_DELETED_OID); - /* if a control is there remove if from the modified request */ - if (control && !save_controls(control, down_req, &saved_controls)) { - return LDB_ERR_OPERATIONS_ERROR; - } + if ( ! control) { + old_filter = ldb_filter_from_tree(ar, req->op.search.tree); + new_filter = talloc_asprintf(ar, "(&(!(isDeleted=TRUE))%s)", + old_filter); - /* if we had a control, then just go on to the next request as we have nothing to hide */ - if (control) { - goto next_request; - } + ret = ldb_build_search_req(&down_req, module->ldb, ar, + req->op.search.base, + req->op.search.scope, + new_filter, + req->op.search.attrs, + req->controls, + ar, show_deleted_search_callback, + req); - ar = talloc(down_req, struct show_deleted_search_request); - if (ar == NULL) { - ldb_oom(module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - - ar->module = module; - ar->up_context = req->context; - ar->up_callback = req->callback; - ar->remove_from_msg = true; - - /* check if attrs only is specified, in that case check wether we need to modify them */ - if (down_req->op.search.attrs) { - for (i=0; (down_req->op.search.attrs && down_req->op.search.attrs[i]); i++) { - num_attrs++; - if (strcasecmp(down_req->op.search.attrs[i], "*") == 0) { - ar->remove_from_msg = false; - } else if (strcasecmp(down_req->op.search.attrs[i], "isDeleted") == 0) { - ar->remove_from_msg = false; - } - } } else { - ar->remove_from_msg = false; + ret = ldb_build_search_req_ex(&down_req, module->ldb, ar, + req->op.search.base, + req->op.search.scope, + req->op.search.tree, + req->op.search.attrs, + req->controls, + ar, show_deleted_search_callback, + req); } - - if (ar->remove_from_msg) { - new_attrs = talloc_array(down_req, char *, num_attrs + 2); - if (!new_attrs) { - ldb_oom(module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - for (i=0; i < num_attrs; i++) { - new_attrs[i] = discard_const_p(char, down_req->op.search.attrs[i]); - } - new_attrs[i] = talloc_strdup(new_attrs, "isDeleted"); - if (!new_attrs[i]) { - ldb_oom(module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - new_attrs[i+1] = NULL; - down_req->op.search.attrs = (const char * const *)new_attrs; + if (ret != LDB_SUCCESS) { + return ret; } - down_req->context = ar; - down_req->callback = show_deleted_search_callback; - ldb_set_timeout_from_prev_req(module->ldb, req, down_req); - -next_request: - /* perform the search */ - ret = ldb_next_request(module, down_req); - - /* do not free down_req as the call results may be linked to it, - * it will be freed when the upper level request get freed */ - if (ret == LDB_SUCCESS) { - req->handle = down_req->handle; + /* if a control is there remove if from the modified request */ + if (control && !save_controls(control, down_req, &saved_controls)) { + return LDB_ERR_OPERATIONS_ERROR; } - return ret; + /* perform the search */ + return ldb_next_request(module, down_req); } static int show_deleted_init(struct ldb_module *module) { - struct ldb_request *req; int ret; - req = talloc(module, struct ldb_request); - if (req == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - - req->operation = LDB_REQ_REGISTER_CONTROL; - req->op.reg_control.oid = LDB_CONTROL_SHOW_DELETED_OID; - req->controls = NULL; - - ret = ldb_request(module->ldb, req); + ret = ldb_mod_register_control(module, LDB_CONTROL_SHOW_DELETED_OID); if (ret != LDB_SUCCESS) { - ldb_debug(module->ldb, LDB_DEBUG_ERROR, "show_deleted: Unable to register control with rootdse!\n"); - talloc_free(req); + ldb_debug(module->ldb, LDB_DEBUG_ERROR, + "extended_dn: Unable to register control with rootdse!\n"); return LDB_ERR_OPERATIONS_ERROR; } - talloc_free(req); return ldb_next_init(module); } diff --git a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c index 8f92995145..d15e85ad41 100644 --- a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c +++ b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c @@ -36,6 +36,11 @@ #include "librpc/ndr/libndr.h" #include "dsdb/samdb/samdb.h" +struct entryuuid_private { + struct ldb_context *ldb; + struct ldb_dn **base_dns; +}; + static struct ldb_val encode_guid(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) { struct GUID guid; @@ -598,10 +603,10 @@ static int nsuniqueid_init(struct ldb_module *module) return ldb_next_init(module); } -static int get_seq(struct ldb_context *ldb, void *context, - struct ldb_reply *ares) +static int get_seq(struct ldb_request *req, + struct ldb_reply *ares) { - unsigned long long *seq = (unsigned long long *)context; + unsigned long long *seq = (unsigned long long *)req->context; if (ares->type == LDB_REPLY_ENTRY) { struct ldb_message_element *el = ldb_msg_find_element(ares->message, "contextCSN"); if (el) { @@ -609,6 +614,10 @@ static int get_seq(struct ldb_context *ldb, void *context, } } + if (ares->type == LDB_REPLY_DONE) { + return ldb_request_done(req, LDB_SUCCESS); + } + return LDB_SUCCESS; } @@ -635,7 +644,7 @@ static int entryuuid_sequence_number(struct ldb_module *module, struct ldb_reque partition_ctrl = ldb_request_get_control(req, DSDB_CONTROL_CURRENT_PARTITION_OID); if (!partition_ctrl) { ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, - "instancetype_add: no current partition control found"); + "entryuuid_sequence_number: no current partition control found"); return LDB_ERR_CONSTRAINT_VIOLATION; } @@ -643,39 +652,21 @@ static int entryuuid_sequence_number(struct ldb_module *module, struct ldb_reque struct dsdb_control_current_partition); SMB_ASSERT(partition && partition->version == DSDB_CONTROL_CURRENT_PARTITION_VERSION); - search_req = talloc(req, struct ldb_request); - if (search_req == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); - return LDB_ERR_OPERATIONS_ERROR; + ret = ldb_build_search_req(&search_req, module->ldb, req, + partition->dn, LDB_SCOPE_BASE, + NULL, contextCSN_attr, NULL, + &seq, get_seq, + NULL); + if (ret != LDB_SUCCESS) { + return ret; } - - /* Finally, we have it. This saves searching over more - * partitions than we expose to the client, such as a cn=samba - * configuration partition */ - search_req->operation = LDB_SEARCH; - search_req->op.search.base = partition->dn; - search_req->op.search.scope = LDB_SCOPE_BASE; - - search_req->op.search.tree = ldb_parse_tree(search_req, "objectClass=*"); - if (search_req->op.search.tree == NULL) { - ldb_set_errstring(module->ldb, "Unable to parse search expression"); - talloc_free(search_req); - return LDB_ERR_OPERATIONS_ERROR; - } - - search_req->op.search.attrs = contextCSN_attr; - search_req->controls = NULL; - search_req->context = &seq; - search_req->callback = get_seq; - ldb_set_timeout(module->ldb, search_req, 0); /* use default timeout */ - ret = ldb_next_request(module, search_req); - + if (ret == LDB_SUCCESS) { ret = ldb_wait(search_req->handle, LDB_WAIT_ALL); } - + talloc_free(search_req); if (ret != LDB_SUCCESS) { return ret; diff --git a/source4/dsdb/samdb/ldb_modules/subtree_delete.c b/source4/dsdb/samdb/ldb_modules/subtree_delete.c index 9c332d2969..10e2dc25ce 100644 --- a/source4/dsdb/samdb/ldb_modules/subtree_delete.c +++ b/source4/dsdb/samdb/ldb_modules/subtree_delete.c @@ -3,6 +3,7 @@ Copyright (C) Andrew Bartlett 2006-2007 Copyright (C) Stefan Metzmacher 2007 + Copyright (C) Simo Sorce 2008 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -31,104 +32,88 @@ #include "ldb_includes.h" struct subtree_delete_context { - enum sd_step {SD_SEARCH, SD_DO_DEL} step; - struct ldb_module *module; - struct ldb_handle *handle; - struct ldb_request *orig_req; - - struct ldb_request *search_req; - struct ldb_request *down_req; + struct ldb_request *req; int num_children; }; -static struct subtree_delete_context *subtree_delete_init_handle(struct ldb_request *req, - struct ldb_module *module) +static struct subtree_delete_context *subdel_ctx_init(struct ldb_module *module, + struct ldb_request *req) { struct subtree_delete_context *ac; - struct ldb_handle *h; - - h = talloc_zero(req, struct ldb_handle); - if (h == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); - return NULL; - } - - h->module = module; - ac = talloc_zero(h, struct subtree_delete_context); + ac = talloc_zero(req, struct subtree_delete_context); if (ac == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); - talloc_free(h); + ldb_oom(module->ldb); return NULL; } - h->private_data = ac; - ac->module = module; - ac->handle = h; - ac->orig_req = req; - - req->handle = h; + ac->req = req; return ac; } -static int subtree_delete_check_for_children(struct subtree_delete_context *ac) +static int subtree_delete_search_callback(struct ldb_request *req, + struct ldb_reply *ares) { - if (ac->num_children > 0) { - ldb_asprintf_errstring(ac->module->ldb, "Cannot delete %s, not a leaf node (has %d children)\n", - ldb_dn_get_linearized(ac->orig_req->op.del.dn), ac->num_children); - return LDB_ERR_NOT_ALLOWED_ON_NON_LEAF; - } else { - struct ldb_request *req = talloc(ac, struct ldb_request); - if (!req) { - ldb_oom(ac->module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - *req = *ac->orig_req; - - /* Ensure any (io) errors during the search for - * children don't propgate back in the error string */ - ldb_set_errstring(ac->module->ldb, NULL); + struct subtree_delete_context *ac; + int ret; - ac->down_req = req; - ac->step = SD_DO_DEL; - return ldb_next_request(ac->module, req); - } -} + ac = talloc_get_type(req->context, struct subtree_delete_context); -static int subtree_delete_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) -{ - struct subtree_delete_context *ac = talloc_get_type(context, struct subtree_delete_context); - TALLOC_CTX *mem_ctx = talloc_new(ac); - - if (!mem_ctx) { - ldb_oom(ac->module->ldb); - return LDB_ERR_OPERATIONS_ERROR; + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); } - /* OK, we have one of *many* search results here: - We should also get the entry we tried to rename. This - callback handles this and everything below it. - */ + switch (ares->type) { + case LDB_REPLY_ENTRY: - /* Only entries are interesting, and we handle the case of the parent seperatly */ - if (ares->type == LDB_REPLY_ENTRY - && ldb_dn_compare(ares->message->dn, ac->orig_req->op.del.dn) != 0) { - /* And it is an actual entry: now object bitterly that we are not a leaf node */ + talloc_free(ares); ac->num_children++; + break; + + case LDB_REPLY_REFERRAL: + + /* ignore */ + talloc_free(ares); + break; + + case LDB_REPLY_DONE: + + if (ac->num_children > 0) { + talloc_free(ares); + ldb_asprintf_errstring(ac->module->ldb, + "Cannot delete %s, not a leaf node " + "(has %d children)\n", + ldb_dn_get_linearized(ac->req->op.del.dn), + ac->num_children); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_NOT_ALLOWED_ON_NON_LEAF); + } + + /* ok no children, let the original request through */ + ret = ldb_next_request(ac->module, ac->req); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } + + /* free our own context we are not going to be called back */ + talloc_free(ac); } - talloc_free(ares); return LDB_SUCCESS; } -/* rename */ static int subtree_delete(struct ldb_module *module, struct ldb_request *req) { - const char *attrs[] = { NULL }; - struct ldb_request *new_req; + static const char * const attrs[2] = { "distinguishedName", NULL }; + struct ldb_request *search_req; struct subtree_delete_context *ac; int ret; if (ldb_dn_is_special(req->op.rename.olddn)) { /* do not manipulate our control entries */ @@ -142,119 +127,28 @@ static int subtree_delete(struct ldb_module *module, struct ldb_request *req) - return an error if there are any */ - ac = subtree_delete_init_handle(req, module); + ac = subdel_ctx_init(module, req); if (!ac) { return LDB_ERR_OPERATIONS_ERROR; } - ret = ldb_build_search_req(&new_req, module->ldb, req, - req->op.del.dn, - LDB_SCOPE_SUBTREE, - "(objectClass=*)", - attrs, + /* we do not really need to find all descendents, + * if there is even one single direct child, that's + * enough to bail out */ + ret = ldb_build_search_req(&search_req, module->ldb, ac, + req->op.del.dn, LDB_SCOPE_ONELEVEL, + "(objectClass=*)", attrs, req->controls, - ac, - subtree_delete_search_callback); - + ac, subtree_delete_search_callback, + req); if (ret != LDB_SUCCESS) { return ret; } - ret = ldb_set_timeout_from_prev_req(module->ldb, req, new_req); - - if (ret != LDB_SUCCESS) { - return ret; - } - - ac->search_req = new_req; - if (req == NULL) { - ldb_oom(ac->module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - return ldb_next_request(module, new_req); -} - - -static int subtree_delete_wait_none(struct ldb_handle *handle) { - struct subtree_delete_context *ac; - int ret = LDB_ERR_OPERATIONS_ERROR; - if (!handle || !handle->private_data) { - return LDB_ERR_OPERATIONS_ERROR; - } - - if (handle->state == LDB_ASYNC_DONE) { - return handle->status; - } - - handle->state = LDB_ASYNC_PENDING; - handle->status = LDB_SUCCESS; - - ac = talloc_get_type(handle->private_data, struct subtree_delete_context); - - switch (ac->step) { - case SD_SEARCH: - ret = ldb_wait(ac->search_req->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS && ret != LDB_ERR_NO_SUCH_OBJECT) { - handle->status = ret; - goto done; - } - if (ac->search_req->handle->status != LDB_SUCCESS - && ac->search_req->handle->status != LDB_ERR_NO_SUCH_OBJECT) { - handle->status = ac->search_req->handle->status; - goto done; - } - - return subtree_delete_check_for_children(ac); - - case SD_DO_DEL: - ret = ldb_wait(ac->down_req->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - if (ac->down_req->handle->status != LDB_SUCCESS) { - handle->status = ac->down_req->handle->status; - goto done; - } - - if (ac->down_req->handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - - break; - } -done: - handle->state = LDB_ASYNC_DONE; - return ret; -} - -static int subtree_delete_wait_all(struct ldb_handle *handle) { - - int ret; - - while (handle->state != LDB_ASYNC_DONE) { - ret = subtree_delete_wait_none(handle); - if (ret != LDB_SUCCESS) { - return ret; - } - } - - return handle->status; -} - -static int subtree_delete_wait(struct ldb_handle *handle, enum ldb_wait_type type) -{ - if (type == LDB_WAIT_ALL) { - return subtree_delete_wait_all(handle); - } else { - return subtree_delete_wait_none(handle); - } + return ldb_next_request(module, search_req); } const struct ldb_module_ops ldb_subtree_delete_module_ops = { .name = "subtree_delete", .del = subtree_delete, - .wait = subtree_delete_wait, }; diff --git a/source4/dsdb/samdb/ldb_modules/subtree_rename.c b/source4/dsdb/samdb/ldb_modules/subtree_rename.c index fd1388d416..d3ceb8ad97 100644 --- a/source4/dsdb/samdb/ldb_modules/subtree_rename.c +++ b/source4/dsdb/samdb/ldb_modules/subtree_rename.c @@ -30,137 +30,182 @@ #include "ldb_includes.h" +struct subren_msg_store { + struct subren_msg_store *next; + struct ldb_dn *olddn; + struct ldb_dn *newdn; +}; + struct subtree_rename_context { struct ldb_module *module; - struct ldb_handle *handle; - struct ldb_request *orig_req; - - struct ldb_request **down_req; - int num_requests; - int finished_requests; + struct ldb_request *req; - int num_children; + struct subren_msg_store *list; + struct subren_msg_store *current; }; -static struct subtree_rename_context *subtree_rename_init_handle(struct ldb_request *req, - struct ldb_module *module) +static struct subtree_rename_context *subren_ctx_init(struct ldb_module *module, + struct ldb_request *req) { struct subtree_rename_context *ac; - struct ldb_handle *h; - h = talloc_zero(req, struct ldb_handle); - if (h == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); + ac = talloc_zero(req, struct subtree_rename_context); + if (ac == NULL) { + ldb_oom(module->ldb); return NULL; } - h->module = module; + ac->module = module; + ac->req = req; - ac = talloc_zero(h, struct subtree_rename_context); - if (ac == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); - talloc_free(h); - return NULL; + return ac; +} + +static int subtree_rename_next_request(struct subtree_rename_context *ac); + +static int subtree_rename_callback(struct ldb_request *req, + struct ldb_reply *ares) +{ + struct subtree_rename_context *ac; + int ret; + + ac = talloc_get_type(req->context, struct subtree_rename_context); + + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } - h->private_data = ac; + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } - ac->module = module; - ac->handle = h; - ac->orig_req = req; + if (ares->type != LDB_REPLY_DONE) { + ldb_set_errstring(ac->module->ldb, "Invalid reply type!\n"); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } - req->handle = h; + if (ac->current == NULL) { + /* this was the last one */ + return ldb_module_done(ac->req, ares->controls, + ares->response, LDB_SUCCESS); + } - return ac; -} + ret = subtree_rename_next_request(ac); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } + talloc_free(ares); + return LDB_SUCCESS; +} -static int subtree_rename_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +static int subtree_rename_next_request(struct subtree_rename_context *ac) { struct ldb_request *req; - struct subtree_rename_context *ac = talloc_get_type(context, struct subtree_rename_context); - TALLOC_CTX *mem_ctx = talloc_new(ac); - - if (!mem_ctx) { - ldb_oom(ac->module->ldb); + int ret; + + if (ac->current == NULL) { return LDB_ERR_OPERATIONS_ERROR; } - /* OK, we have one of *many* search results here: - - We should also get the entry we tried to rename. This - callback handles this and everything below it. - */ - - /* Only entries are interesting, and we handle the case of the parent seperatly */ - if (ares->type == LDB_REPLY_ENTRY - && ldb_dn_compare(ares->message->dn, ac->orig_req->op.rename.olddn) != 0) { - /* And it is an actual entry: now create a rename from it */ - int ret; - - struct ldb_dn *newdn = ldb_dn_copy(mem_ctx, ares->message->dn); - if (!newdn) { - ldb_oom(ac->module->ldb); - return LDB_ERR_OPERATIONS_ERROR; + + ret = ldb_build_rename_req(&req, ac->module->ldb, ac->current, + ac->current->olddn, + ac->current->newdn, + ac->req->controls, + ac, subtree_rename_callback, + ac->req); + if (ret != LDB_SUCCESS) { + return ret; + } + + ac->current = ac->current->next; + + return ldb_next_request(ac->module, req); +} + +static int subtree_rename_search_callback(struct ldb_request *req, + struct ldb_reply *ares) +{ + struct subren_msg_store *store; + struct subtree_rename_context *ac; + int ret; + + ac = talloc_get_type(req->context, struct subtree_rename_context); + + if (!ares || !ac->current) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + + switch (ares->type) { + case LDB_REPLY_ENTRY: + + if (ldb_dn_compare(ares->message->dn, ac->list->olddn) == 0) { + /* this was already stored by the + * subtree_rename_search() */ + talloc_free(ares); + return LDB_SUCCESS; } - - ldb_dn_remove_base_components(newdn, ldb_dn_get_comp_num(ac->orig_req->op.rename.olddn)); - if (!ldb_dn_add_base(newdn, ac->orig_req->op.rename.newdn)) { - ldb_oom(ac->module->ldb); - return LDB_ERR_OPERATIONS_ERROR; + store = talloc_zero(ac, struct subren_msg_store); + if (store == NULL) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } + ac->current->next = store; + ac->current = store; - ret = ldb_build_rename_req(&req, ldb, mem_ctx, - ares->message->dn, - newdn, - NULL, - NULL, - NULL); - - if (ret != LDB_SUCCESS) { - return ret; + /* the first list element contains the base for the rename */ + store->olddn = talloc_steal(store, ares->message->dn); + store->newdn = ldb_dn_copy(store, store->olddn); + + if ( ! ldb_dn_remove_base_components(store->newdn, + ldb_dn_get_comp_num(ac->list->olddn))) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } - ret = ldb_set_timeout_from_prev_req(ldb, ac->orig_req, req); - - if (ret != LDB_SUCCESS) { - return ret; + if ( ! ldb_dn_add_base(store->newdn, ac->list->newdn)) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } - talloc_steal(req, newdn); + break; - talloc_steal(req, ares->message->dn); - - talloc_free(ares); - - } else if (ares->type == LDB_REPLY_DONE) { - req = talloc(mem_ctx, struct ldb_request); - *req = *ac->orig_req; - talloc_free(ares); + case LDB_REPLY_REFERRAL: + /* ignore */ + break; - } else { - talloc_free(ares); - return LDB_SUCCESS; - } - - ac->down_req = talloc_realloc(ac, ac->down_req, - struct ldb_request *, ac->num_requests + 1); - if (!ac->down_req) { - ldb_oom(ac->module->ldb); - return LDB_ERR_OPERATIONS_ERROR; + case LDB_REPLY_DONE: + + /* rewind ac->current */ + ac->current = ac->list; + + /* All dns set up, start with the first one */ + ret = subtree_rename_next_request(ac); + + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } + break; } - ac->down_req[ac->num_requests] = req; - ac->num_requests++; - - return ldb_next_request(ac->module, req); - + + talloc_free(ares); + return LDB_SUCCESS; } /* rename */ static int subtree_rename(struct ldb_module *module, struct ldb_request *req) { - const char *attrs[] = { NULL }; - struct ldb_request *new_req; + static const char *attrs[2] = { "distinguishedName", NULL }; + struct ldb_request *search_req; struct subtree_rename_context *ac; int ret; if (ldb_dn_is_special(req->op.rename.olddn)) { /* do not manipulate our control entries */ @@ -176,110 +221,37 @@ static int subtree_rename(struct ldb_module *module, struct ldb_request *req) - Regain our sainity */ - ac = subtree_rename_init_handle(req, module); + ac = subren_ctx_init(module, req); if (!ac) { return LDB_ERR_OPERATIONS_ERROR; } - ret = ldb_build_search_req(&new_req, module->ldb, req, + /* add this entry as the first to do */ + ac->current = talloc_zero(ac, struct subren_msg_store); + if (ac->current == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + ac->current->olddn = req->op.rename.olddn; + ac->current->newdn = req->op.rename.newdn; + ac->list = ac->current; + + ret = ldb_build_search_req(&search_req, module->ldb, ac, req->op.rename.olddn, LDB_SCOPE_SUBTREE, "(objectClass=*)", attrs, - req->controls, + NULL, ac, - subtree_rename_search_callback); - - if (ret != LDB_SUCCESS) { - return ret; - } - - ret = ldb_set_timeout_from_prev_req(module->ldb, req, new_req); - + subtree_rename_search_callback, + req); if (ret != LDB_SUCCESS) { return ret; } - ac->down_req = talloc_realloc(ac, ac->down_req, - struct ldb_request *, ac->num_requests + 1); - if (!ac->down_req) { - ldb_oom(ac->module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - ac->down_req[ac->num_requests] = new_req; - if (req == NULL) { - ldb_oom(ac->module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - ac->num_requests++; - return ldb_next_request(module, new_req); -} - - -static int subtree_rename_wait_none(struct ldb_handle *handle) { - struct subtree_rename_context *ac; - int i, ret = LDB_ERR_OPERATIONS_ERROR; - if (!handle || !handle->private_data) { - return LDB_ERR_OPERATIONS_ERROR; - } - - if (handle->state == LDB_ASYNC_DONE) { - return handle->status; - } - - handle->state = LDB_ASYNC_PENDING; - handle->status = LDB_SUCCESS; - - ac = talloc_get_type(handle->private_data, struct subtree_rename_context); - - for (i=0; i < ac->num_requests; i++) { - ret = ldb_wait(ac->down_req[i]->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - if (ac->down_req[i]->handle->status != LDB_SUCCESS) { - handle->status = ac->down_req[i]->handle->status; - goto done; - } - - if (ac->down_req[i]->handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - } - -done: - handle->state = LDB_ASYNC_DONE; - return ret; - -} - -static int subtree_rename_wait_all(struct ldb_handle *handle) { - - int ret; - - while (handle->state != LDB_ASYNC_DONE) { - ret = subtree_rename_wait_none(handle); - if (ret != LDB_SUCCESS) { - return ret; - } - } - - return handle->status; -} - -static int subtree_rename_wait(struct ldb_handle *handle, enum ldb_wait_type type) -{ - if (type == LDB_WAIT_ALL) { - return subtree_rename_wait_all(handle); - } else { - return subtree_rename_wait_none(handle); - } + return ldb_next_request(module, search_req); } const struct ldb_module_ops ldb_subtree_rename_module_ops = { .name = "subtree_rename", .rename = subtree_rename, - .wait = subtree_rename_wait, }; diff --git a/source4/dsdb/samdb/ldb_modules/update_keytab.c b/source4/dsdb/samdb/ldb_modules/update_keytab.c index 68973124eb..2c6cb102d9 100644 --- a/source4/dsdb/samdb/ldb_modules/update_keytab.c +++ b/source4/dsdb/samdb/ldb_modules/update_keytab.c @@ -43,6 +43,39 @@ struct update_kt_private { struct dn_list *changed_dns; }; +struct update_kt_ctx { + struct ldb_module *module; + struct ldb_request *req; + + struct ldb_dn *dn; + bool delete; + + struct ldb_reply *op_reply; + bool found; +}; + +struct update_kt_ctx *update_kt_ctx_init(struct ldb_module *module, + struct ldb_request *req) +{ + struct update_kt_ctx *ac; + + ac = talloc_zero(req, struct update_kt_ctx); + if (ac == NULL) { + ldb_oom(module->ldb); + return NULL; + } + + ac->module = module; + ac->req = req; + + return ac; +} + +/* FIXME: too many semi-async searches here for my taste, direct and indirect as + * cli_credentials_set_secrets() performs a sync ldb search. + * Just hope we are lucky and nothing breaks (using the tdb backend masks a lot + * of async issues). -SSS + */ static int add_modified(struct ldb_module *module, struct ldb_dn *dn, bool delete) { struct update_kt_private *data = talloc_get_type(module->private_data, struct update_kt_private); struct dn_list *item; @@ -80,7 +113,7 @@ static int add_modified(struct ldb_module *module, struct ldb_dn *dn, bool delet ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } - + item->creds = cli_credentials_init(item); if (!item->creds) { DEBUG(1, ("cli_credentials_init failed!")); @@ -90,7 +123,7 @@ static int add_modified(struct ldb_module *module, struct ldb_dn *dn, bool delet } cli_credentials_set_conf(item->creds, ldb_get_opaque(module->ldb, "loadparm")); - status = cli_credentials_set_secrets(item->creds, ldb_get_opaque(module->ldb, "EventContext"), ldb_get_opaque(module->ldb, "loadparm"), module->ldb, NULL, filter); + status = cli_credentials_set_secrets(item->creds, ldb_get_event_context(module->ldb), ldb_get_opaque(module->ldb, "loadparm"), module->ldb, NULL, filter); talloc_free(filter); if (NT_STATUS_IS_OK(status)) { if (delete) { @@ -105,60 +138,237 @@ static int add_modified(struct ldb_module *module, struct ldb_dn *dn, bool delet return LDB_SUCCESS; } +static int ukt_search_modified(struct update_kt_ctx *ac); + +static int update_kt_op_callback(struct ldb_request *req, + struct ldb_reply *ares) +{ + struct update_kt_ctx *ac; + int ret; + + ac = talloc_get_type(req->context, struct update_kt_ctx); + + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + + if (ares->type != LDB_REPLY_DONE) { + ldb_set_errstring(ac->module->ldb, "Invalid request type!\n"); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + + if (ac->delete) { + return ldb_module_done(ac->req, ares->controls, + ares->response, LDB_SUCCESS); + } + + ac->op_reply = talloc_steal(ac, ares); + + ret = ukt_search_modified(ac); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } + + return LDB_SUCCESS; +} + +static int ukt_del_op(struct update_kt_ctx *ac) +{ + struct ldb_request *down_req; + int ret; + + ret = ldb_build_del_req(&down_req, ac->module->ldb, ac, + ac->dn, + ac->req->controls, + ac, update_kt_op_callback, + ac->req); + if (ret != LDB_SUCCESS) { + return ret; + } + return ldb_next_request(ac->module, down_req); +} + +static int ukt_search_modified_callback(struct ldb_request *req, + struct ldb_reply *ares) +{ + struct update_kt_ctx *ac; + int ret; + + ac = talloc_get_type(req->context, struct update_kt_ctx); + + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + + switch (ares->type) { + case LDB_REPLY_ENTRY: + + ac->found = true; + break; + + case LDB_REPLY_REFERRAL: + /* ignore */ + break; + + case LDB_REPLY_DONE: + + if (ac->found) { + /* do the dirty sync job here :/ */ + ret = add_modified(ac->module, ac->dn, ac->delete); + } + + if (ac->delete) { + ret = ukt_del_op(ac); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, + NULL, NULL, ret); + } + break; + } + + return ldb_module_done(ac->req, ac->op_reply->controls, + ac->op_reply->response, LDB_SUCCESS); + } + + talloc_free(ares); + return LDB_SUCCESS; +} + +static int ukt_search_modified(struct update_kt_ctx *ac) +{ + static const char * const attrs[] = { "distinguishedName", NULL }; + struct ldb_request *search_req; + int ret; + + ret = ldb_build_search_req(&search_req, ac->module->ldb, ac, + ac->dn, LDB_SCOPE_BASE, + "(&(objectClass=kerberosSecret)" + "(privateKeytab=*))", attrs, + NULL, + ac, ukt_search_modified_callback, + ac->req); + if (ret != LDB_SUCCESS) { + return ret; + } + return ldb_next_request(ac->module, search_req); +} + + /* add */ static int update_kt_add(struct ldb_module *module, struct ldb_request *req) { + struct update_kt_ctx *ac; + struct ldb_request *down_req; int ret; - ret = ldb_next_request(module, req); + + ac = update_kt_ctx_init(module, req); + if (ac == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + ac->dn = req->op.add.message->dn; + + ret = ldb_build_add_req(&down_req, module->ldb, ac, + req->op.add.message, + req->controls, + ac, update_kt_op_callback, + req); if (ret != LDB_SUCCESS) { return ret; } - return add_modified(module, req->op.add.message->dn, false); + + return ldb_next_request(module, down_req); } /* modify */ static int update_kt_modify(struct ldb_module *module, struct ldb_request *req) { + struct update_kt_ctx *ac; + struct ldb_request *down_req; int ret; - ret = ldb_next_request(module, req); + + ac = update_kt_ctx_init(module, req); + if (ac == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + ac->dn = req->op.mod.message->dn; + + ret = ldb_build_mod_req(&down_req, module->ldb, ac, + req->op.mod.message, + req->controls, + ac, update_kt_op_callback, + req); if (ret != LDB_SUCCESS) { return ret; } - return add_modified(module, req->op.mod.message->dn, false); + + return ldb_next_request(module, down_req); } /* delete */ static int update_kt_delete(struct ldb_module *module, struct ldb_request *req) { - int ret; - /* Before we delete it, record the details */ - ret = add_modified(module, req->op.del.dn, true); - if (ret != LDB_SUCCESS) { - return ret; + struct update_kt_ctx *ac; + + ac = update_kt_ctx_init(module, req); + if (ac == NULL) { + return LDB_ERR_OPERATIONS_ERROR; } - return ldb_next_request(module, req); + + ac->dn = req->op.del.dn; + ac->delete = true; + + return ukt_search_modified(ac); } /* rename */ static int update_kt_rename(struct ldb_module *module, struct ldb_request *req) { + struct update_kt_ctx *ac; + struct ldb_request *down_req; int ret; - ret = ldb_next_request(module, req); + + ac = update_kt_ctx_init(module, req); + if (ac == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + ac->dn = req->op.rename.newdn; + + ret = ldb_build_rename_req(&down_req, module->ldb, ac, + req->op.rename.olddn, + req->op.rename.newdn, + req->controls, + ac, update_kt_op_callback, + req); if (ret != LDB_SUCCESS) { return ret; } - return add_modified(module, req->op.rename.newdn, false); + + return ldb_next_request(module, down_req); } /* end a transaction */ static int update_kt_end_trans(struct ldb_module *module) { struct update_kt_private *data = talloc_get_type(module->private_data, struct update_kt_private); - struct dn_list *p; + for (p=data->changed_dns; p; p = p->next) { int kret; - kret = cli_credentials_update_keytab(p->creds, ldb_get_opaque(module->ldb, "EventContext"), ldb_get_opaque(module->ldb, "loadparm")); + kret = cli_credentials_update_keytab(p->creds, ldb_get_event_context(module->ldb), ldb_get_opaque(module->ldb, "loadparm")); if (kret != 0) { talloc_free(data->changed_dns); data->changed_dns = NULL; @@ -169,6 +379,7 @@ static int update_kt_end_trans(struct ldb_module *module) talloc_free(data->changed_dns); data->changed_dns = NULL; + return ldb_next_end_trans(module); } @@ -176,7 +387,7 @@ static int update_kt_end_trans(struct ldb_module *module) static int update_kt_del_trans(struct ldb_module *module) { struct update_kt_private *data = talloc_get_type(module->private_data, struct update_kt_private); - + talloc_free(data->changed_dns); data->changed_dns = NULL; -- cgit From f14a2b3386e9f44111cee010f6864602e5b833cd Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 12 Sep 2008 13:27:15 -0400 Subject: LDB ASYNC: ldb misc changes --- source4/lib/ldb/ldb_wrap.c | 22 ++---------- source4/lib/ldb/tools/ldbsearch.c | 76 +++++++++++++++++++++------------------ 2 files changed, 44 insertions(+), 54 deletions(-) (limited to 'source4') diff --git a/source4/lib/ldb/ldb_wrap.c b/source4/lib/ldb/ldb_wrap.c index c15fd2b9ae..cc8099f27f 100644 --- a/source4/lib/ldb/ldb_wrap.c +++ b/source4/lib/ldb/ldb_wrap.c @@ -3156,15 +3156,14 @@ SWIGINTERN ldb_error ldb_search_ex(ldb *self,TALLOC_CTX *mem_ctx,ldb_dn *base,en attrs, controls, res, - ldb_search_default_callback); + ldb_search_default_callback, + NULL); if (ret != 0) { talloc_free(res); return ret; } - ldb_set_timeout(self, req, 0); /* use default timeout */ - ret = ldb_request(self, req); if (ret == 0) { @@ -3506,22 +3505,6 @@ int py_module_del_transaction(struct ldb_module *mod) return LDB_SUCCESS; } -int py_module_wait(struct ldb_handle *mod, enum ldb_wait_type wait_type) -{ - PyObject *py_ldb = mod->private_data; - PyObject *py_result; - - py_result = PyObject_CallMethod(py_ldb, "wait", "i", wait_type); - - if (py_result == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - - Py_DECREF(py_result); - - return LDB_SUCCESS; -} - int py_module_sequence_number(struct ldb_module *mod, struct ldb_request *req) { PyObject *py_ldb = mod->private_data; @@ -6665,7 +6648,6 @@ SWIGINTERN PyObject *_wrap_register_module(PyObject *SWIGUNUSEDPARM(self), PyObj arg1->start_transaction = py_module_start_transaction; arg1->end_transaction = py_module_end_transaction; arg1->del_transaction = py_module_del_transaction; - arg1->wait = py_module_wait; arg1->sequence_number = py_module_sequence_number; result = ldb_register_module((struct ldb_module_ops const *)arg1); if (result != 0) { diff --git a/source4/lib/ldb/tools/ldbsearch.c b/source4/lib/ldb/tools/ldbsearch.c index b3d1f934a6..ceabd5cd78 100644 --- a/source4/lib/ldb/tools/ldbsearch.c +++ b/source4/lib/ldb/tools/ldbsearch.c @@ -56,6 +56,7 @@ static int do_compare_msg(struct ldb_message **el1, } struct search_context { + struct ldb_context *ldb; struct ldb_control **req_ctrls; int sort; @@ -101,7 +102,7 @@ static int store_referral(char *referral, struct search_context *sctx) { return 0; } -static int display_message(struct ldb_context *ldb, struct ldb_message *msg, struct search_context *sctx) { +static int display_message(struct ldb_message *msg, struct search_context *sctx) { struct ldb_ldif ldif; sctx->entries++; @@ -119,7 +120,7 @@ static int display_message(struct ldb_context *ldb, struct ldb_message *msg, str ldb_msg_sort_elements(ldif.msg); } - ldb_ldif_write_file(ldb, stdout, &ldif); + ldb_ldif_write_file(sctx->ldb, stdout, &ldif); return 0; } @@ -133,18 +134,26 @@ static int display_referral(char *referral, struct search_context *sctx) return 0; } -static int search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +static int search_callback(struct ldb_request *req, struct ldb_reply *ares) { - struct search_context *sctx = talloc_get_type(context, struct search_context); + struct search_context *sctx; int ret; + + sctx = talloc_get_type(req->context, struct search_context); + + if (!ares) { + return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_request_done(req, ares->error); + } switch (ares->type) { - case LDB_REPLY_ENTRY: if (sctx->sort) { ret = store_message(ares->message, sctx); } else { - ret = display_message(ldb, ares->message, sctx); + ret = display_message(ares->message, sctx); } break; @@ -154,6 +163,9 @@ static int search_callback(struct ldb_context *ldb, void *context, struct ldb_re } else { ret = display_referral(ares->referral, sctx); } + if (ret) { + return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR); + } break; case LDB_REPLY_DONE: @@ -161,22 +173,13 @@ static int search_callback(struct ldb_context *ldb, void *context, struct ldb_re if (handle_controls_reply(ares->controls, sctx->req_ctrls) == 1) sctx->pending = 1; } - ret = 0; - break; - - default: - fprintf(stderr, "unknown Reply Type\n"); - return LDB_ERR_OTHER; - } - - if (talloc_free(ares) == -1) { - fprintf(stderr, "talloc_free failed\n"); - sctx->pending = 0; - return LDB_ERR_OPERATIONS_ERROR; + talloc_free(ares); + return ldb_request_done(req, LDB_SUCCESS); } + talloc_free(ares); if (ret) { - return LDB_ERR_OPERATIONS_ERROR; + return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR); } return LDB_SUCCESS; @@ -192,12 +195,12 @@ static int do_search(struct ldb_context *ldb, struct search_context *sctx; int ret; - req = talloc(ldb, struct ldb_request); - if (!req) return -1; + req = NULL; - sctx = talloc(req, struct search_context); + sctx = talloc(ldb, struct search_context); if (!sctx) return -1; + sctx->ldb = ldb; sctx->sort = options->sorted; sctx->num_stored = 0; sctx->refs_stored = 0; @@ -214,18 +217,22 @@ static int do_search(struct ldb_context *ldb, basedn = ldb_get_default_basedn(ldb); } - req->operation = LDB_SEARCH; - req->op.search.base = basedn; - req->op.search.scope = options->scope; - req->op.search.tree = ldb_parse_tree(req, expression); - if (req->op.search.tree == NULL) return -1; - req->op.search.attrs = attrs; - req->controls = sctx->req_ctrls; - req->context = sctx; - req->callback = &search_callback; - ldb_set_timeout(ldb, req, 0); /* TODO: make this settable by command line */ - again: + /* free any previous requests */ + if (req) talloc_free(req); + + ret = ldb_build_search_req(&req, ldb, ldb, + basedn, options->scope, + expression, attrs, + sctx->req_ctrls, + sctx, search_callback, + NULL); + if (ret != LDB_SUCCESS) { + talloc_free(sctx); + printf("allocating request failed: %s\n", ldb_errstring(ldb)); + return -1; + } + sctx->pending = 0; ret = ldb_request(ldb, req); @@ -251,7 +258,7 @@ again: ldb, (ldb_qsort_cmp_fn_t)do_compare_msg); } for (i = 0; i < sctx->num_stored; i++) { - display_message(ldb, sctx->store[i], sctx); + display_message(sctx->store[i], sctx); } for (i = 0; i < sctx->refs_stored; i++) { @@ -262,6 +269,7 @@ again: printf("# returned %d records\n# %d entries\n# %d referrals\n", sctx->entries + sctx->refs, sctx->entries, sctx->refs); + talloc_free(sctx); talloc_free(req); return 0; -- cgit From b2901da479f5e711986de48df4910910460fe7db Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 11 Sep 2008 18:38:40 -0400 Subject: LDB ASYNC: misc changes --- source4/cldap_server/rootdse.c | 21 ++++++------- source4/dsdb/samdb/cracknames.c | 5 ++- source4/ldap_server/ldap_backend.c | 35 ++++++++++----------- source4/lib/ldb_wrap.c | 13 +------- source4/libcli/ldap/ldap_client.c | 2 +- source4/torture/ldap/schema.c | 64 ++++++++++++++++++++++---------------- 6 files changed, 67 insertions(+), 73 deletions(-) (limited to 'source4') diff --git a/source4/cldap_server/rootdse.c b/source4/cldap_server/rootdse.c index 4ff71c0863..65786e6708 100644 --- a/source4/cldap_server/rootdse.c +++ b/source4/cldap_server/rootdse.c @@ -66,22 +66,19 @@ static void cldapd_rootdse_fill(struct cldapd_server *cldapd, attrs[i] = NULL; } - lreq = talloc(mem_ctx, struct ldb_request); - if (lreq == NULL) goto nomem; - res = talloc_zero(mem_ctx, struct ldb_result); if (res == NULL) goto nomem; - lreq->operation = LDB_SEARCH; - lreq->op.search.base = basedn; - lreq->op.search.scope = scope; - lreq->op.search.tree = search->tree; - lreq->op.search.attrs = attrs; - - lreq->controls = NULL; + ldb_ret = ldb_build_search_req_ex(&lreq, cldapd->samctx, mem_ctx, + basedn, scope, + search->tree, attrs, + NULL, + res, ldb_search_default_callback, + NULL); - lreq->context = res; - lreq->callback = ldb_search_default_callback; + if (ldb_ret != LDB_SUCCESS) { + goto reply; + } /* Copy the timeout from the incoming call */ ldb_set_timeout(cldapd->samctx, lreq, search->timelimit); diff --git a/source4/dsdb/samdb/cracknames.c b/source4/dsdb/samdb/cracknames.c index 7324d898a6..e02e8d81a6 100644 --- a/source4/dsdb/samdb/cracknames.c +++ b/source4/dsdb/samdb/cracknames.c @@ -797,7 +797,8 @@ static WERROR DsCrackNameOneFilter(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ result_attrs, NULL, res, - ldb_search_default_callback); + ldb_search_default_callback, + NULL); if (ret == LDB_SUCCESS) { struct ldb_search_options_control *search_options; search_options = talloc(req, struct ldb_search_options_control); @@ -812,8 +813,6 @@ static WERROR DsCrackNameOneFilter(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ return WERR_OK; } - ldb_set_timeout(sam_ctx, req, 0); /* use default timeout */ - ret = ldb_request(sam_ctx, req); if (ret == LDB_SUCCESS) { diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c index b954038b80..ffbef3d92f 100644 --- a/source4/ldap_server/ldap_backend.c +++ b/source4/ldap_server/ldap_backend.c @@ -158,6 +158,8 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call) struct ldb_dn *basedn; struct ldb_result *res = NULL; struct ldb_request *lreq; + struct ldb_control *search_control; + struct ldb_search_options_control *search_options; enum ldb_scope scope = LDB_SCOPE_DEFAULT; const char **attrs = NULL; const char *scope_str, *errstr = NULL; @@ -216,21 +218,24 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call) DEBUG(5,("ldb_request %s dn=%s filter=%s\n", scope_str, req->basedn, ldb_filter_from_tree(call, req->tree))); - lreq = talloc(local_ctx, struct ldb_request); - NT_STATUS_HAVE_NO_MEMORY(lreq); + res = talloc_zero(local_ctx, struct ldb_result); + NT_STATUS_HAVE_NO_MEMORY(res); - lreq->operation = LDB_SEARCH; - lreq->op.search.base = basedn; - lreq->op.search.scope = scope; - lreq->op.search.tree = req->tree; - lreq->op.search.attrs = attrs; + ldb_ret = ldb_build_search_req_ex(&lreq, samdb, local_ctx, + basedn, scope, + req->tree, attrs, + call->request->controls, + res, ldb_search_default_callback, + NULL); - lreq->controls = call->request->controls; + if (ldb_ret != LDB_SUCCESS) { + goto reply; + } if (call->conn->global_catalog) { - struct ldb_control *search_control = ldb_request_get_control(lreq, LDB_CONTROL_SEARCH_OPTIONS_OID); - - struct ldb_search_options_control *search_options = NULL; + search_control = ldb_request_get_control(lreq, LDB_CONTROL_SEARCH_OPTIONS_OID); + + search_options = NULL; if (search_control) { search_options = talloc_get_type(search_control->data, struct ldb_search_options_control); search_options->search_options |= LDB_SEARCH_OPTION_PHANTOM_ROOT; @@ -241,14 +246,6 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call) ldb_request_add_control(lreq, LDB_CONTROL_SEARCH_OPTIONS_OID, false, search_options); } } - - res = talloc_zero(lreq, struct ldb_result); - NT_STATUS_HAVE_NO_MEMORY(res); - - lreq->context = res; - lreq->callback = ldb_search_default_callback; - - /* Copy the timeout from the incoming call */ ldb_set_timeout(samdb, lreq, req->timelimit); ldb_ret = ldb_request(samdb, lreq); diff --git a/source4/lib/ldb_wrap.c b/source4/lib/ldb_wrap.c index 6c683a1e33..617371333f 100644 --- a/source4/lib/ldb_wrap.c +++ b/source4/lib/ldb_wrap.c @@ -71,6 +71,7 @@ static void ldb_wrap_debug(void *context, enum ldb_debug_level level, static int ldb_wrap_destructor(struct ldb_context *ldb) { size_t *startup_blocks = (size_t *)ldb_get_opaque(ldb, "startup_blocks"); + if (startup_blocks && talloc_total_blocks(ldb) > *startup_blocks + 400) { DEBUG(0,("WARNING: probable memory leak in ldb %s - %lu blocks (startup %lu) %lu bytes\n", @@ -124,15 +125,6 @@ struct ldb_context *ldb_wrap_connect(TALLOC_CTX *mem_ctx, "%s/ldb", lp_modulesdir(lp_ctx))); -#if 0 - if (ev) { - ldb_event_sys_op_init(ldb, ev); - } else { - talloc_free(ldb); - return NULL; - } -#endif - if (ldb_set_opaque(ldb, "sessionInfo", session_info)) { talloc_free(ldb); return NULL; @@ -198,6 +190,3 @@ struct ldb_context *ldb_wrap_connect(TALLOC_CTX *mem_ctx, return ldb; } - - - diff --git a/source4/libcli/ldap/ldap_client.c b/source4/libcli/ldap/ldap_client.c index d7960f901a..fc5863b671 100644 --- a/source4/libcli/ldap/ldap_client.c +++ b/source4/libcli/ldap/ldap_client.c @@ -435,7 +435,7 @@ static void ldap_connect_got_sock(struct composite_context *ctx, packet_set_error_handler(conn->packet, ldap_error_handler); packet_set_event_context(conn->packet, conn->event.event_ctx); packet_set_fde(conn->packet, conn->event.fde); - packet_set_serialise(conn->packet); +/* packet_set_serialise(conn->packet); */ composite_done(ctx); } diff --git a/source4/torture/ldap/schema.c b/source4/torture/ldap/schema.c index dd1d2de331..fdb4251c15 100644 --- a/source4/torture/ldap/schema.c +++ b/source4/torture/ldap/schema.c @@ -41,6 +41,8 @@ struct test_rootDSE { }; struct test_schema_ctx { + struct ldb_context *ldb; + struct ldb_paged_control *ctrl; uint32_t count; bool pending; @@ -82,15 +84,24 @@ static bool test_search_rootDSE(struct ldb_context *ldb, struct test_rootDSE *ro return true; } -static int test_schema_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +static int test_schema_search_callback(struct ldb_request *req, struct ldb_reply *ares) { - struct test_schema_ctx *actx = talloc_get_type(context, struct test_schema_ctx); + struct test_schema_ctx *actx; int ret = LDB_SUCCESS; + actx = talloc_get_type(req->context, struct test_schema_ctx); + + if (!ares) { + return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_request_done(req, ares->error); + } + switch (ares->type) { case LDB_REPLY_ENTRY: actx->count++; - ret = actx->callback(actx->private_data, ldb, ares->message); + ret = actx->callback(actx->private_data, actx->ldb, ares->message); break; case LDB_REPLY_REFERRAL: @@ -118,21 +129,22 @@ static int test_schema_search_callback(struct ldb_context *ldb, void *context, s actx->pending = true; } } - break; - + talloc_free(ares); + return ldb_request_done(req, LDB_SUCCESS); + default: d_printf("%s: unknown Reply Type %u\n", __location__, ares->type); - return LDB_ERR_OTHER; + return ldb_request_done(req, LDB_ERR_OTHER); } if (talloc_free(ares) == -1) { d_printf("talloc_free failed\n"); actx->pending = 0; - return LDB_ERR_OPERATIONS_ERROR; + return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR); } if (ret) { - return LDB_ERR_OPERATIONS_ERROR; + return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR); } return LDB_SUCCESS; @@ -149,10 +161,12 @@ static bool test_create_schema_type(struct ldb_context *ldb, struct test_rootDSE int ret; struct test_schema_ctx *actx; - req = talloc(ldb, struct ldb_request); - actx = talloc(req, struct test_schema_ctx); + actx = talloc(ldb, struct test_schema_ctx); + actx->ldb = ldb; + actx->private_data = private_data; + actx->callback= callback; - ctrl = talloc_array(req, struct ldb_control *, 2); + ctrl = talloc_array(actx, struct ldb_control *, 2); ctrl[0] = talloc(ctrl, struct ldb_control); ctrl[0]->oid = LDB_CONTROL_PAGED_RESULTS_OID; ctrl[0]->critical = true; @@ -163,33 +177,30 @@ static bool test_create_schema_type(struct ldb_context *ldb, struct test_rootDSE ctrl[0]->data = control; ctrl[1] = NULL; - req->operation = LDB_SEARCH; - req->op.search.base = ldb_dn_new(req, ldb, root->schemadn); - req->op.search.scope = LDB_SCOPE_SUBTREE; - req->op.search.tree = ldb_parse_tree(req, filter); - if (req->op.search.tree == NULL) return -1; - req->op.search.attrs = NULL; - req->controls = ctrl; - req->context = actx; - req->callback = test_schema_search_callback; - ldb_set_timeout(ldb, req, 0); - - actx->count = 0; - actx->ctrl = control; - actx->callback = callback; - actx->private_data = private_data; + ret = ldb_build_search_req(&req, ldb, actx, + ldb_dn_new(actx, ldb, root->schemadn), + LDB_SCOPE_SUBTREE, + filter, NULL, + ctrl, + actx, test_schema_search_callback, + NULL); + + actx->ctrl = control; + actx->count = 0; again: actx->pending = false; ret = ldb_request(ldb, req); if (ret != LDB_SUCCESS) { d_printf("search failed - %s\n", ldb_errstring(ldb)); + talloc_free(actx); return false; } ret = ldb_wait(req->handle, LDB_WAIT_ALL); if (ret != LDB_SUCCESS) { d_printf("search error - %s\n", ldb_errstring(ldb)); + talloc_free(actx); return false; } @@ -197,6 +208,7 @@ again: goto again; d_printf("filter[%s] count[%u]\n", filter, actx->count); + talloc_free(actx); return true; } -- cgit From cd9f993ec45c6d95e83f759ffd6bccffd90250b6 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sat, 27 Sep 2008 21:36:18 +0200 Subject: s4:lib/ldb: disable sqlite3 backend always as it doesn't compile anymore metze --- source4/lib/ldb/libldb.m4 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source4') diff --git a/source4/lib/ldb/libldb.m4 b/source4/lib/ldb/libldb.m4 index 77ebcc5ff4..5653794a88 100644 --- a/source4/lib/ldb/libldb.m4 +++ b/source4/lib/ldb/libldb.m4 @@ -2,6 +2,6 @@ # disable ldb_sqlite3 by default SMB_ENABLE(ldb_sqlite3, NO) -if test x"$with_sqlite3_support" = x"yes"; then - SMB_ENABLE(ldb_sqlite3, YES) -fi +#if test x"$with_sqlite3_support" = x"yes"; then +# SMB_ENABLE(ldb_sqlite3, YES) +#fi -- cgit From 95940d75ec51d2f519a1b657e587a77304eaed08 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 29 Sep 2008 07:43:50 +0200 Subject: s4:libcli/smb2: remove unused header This hopefully fixes the build with internal popt. metze --- source4/libcli/smb2/connect.c | 1 - 1 file changed, 1 deletion(-) (limited to 'source4') diff --git a/source4/libcli/smb2/connect.c b/source4/libcli/smb2/connect.c index db2f97bb94..bbfcf010ae 100644 --- a/source4/libcli/smb2/connect.c +++ b/source4/libcli/smb2/connect.c @@ -27,7 +27,6 @@ #include "libcli/composite/composite.h" #include "libcli/resolve/resolve.h" #include "param/param.h" -#include "lib/cmdline/popt_common.h" struct smb2_connect_state { struct cli_credentials *credentials; -- cgit From 59c3df814a4357d4358e6bcd3bd5d3ff6a18d995 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 29 Sep 2008 08:42:03 +0200 Subject: s4:samldb: use the code path with async ldb This removes the event_context leak that caused NT_STATUS_TOO_MANY_OPENED_FILES in the server, because of all the epool fds metze --- source4/dsdb/samdb/ldb_modules/samldb.c | 47 +++------------------------------ 1 file changed, 4 insertions(+), 43 deletions(-) (limited to 'source4') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index e4fc4908a4..a71ffff618 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -154,12 +154,8 @@ static int samldb_search_template_callback(struct ldb_request *req, goto done; } if (ares->error != LDB_SUCCESS) { -#ifdef REAL_EVENT_SYSTEM_HOOKED_UP return ldb_module_done(ac->req, ares->controls, ares->response, ares->error); -#else - return ldb_request_done(req, ares->error); -#endif } switch (ares->type) { @@ -187,21 +183,13 @@ static int samldb_search_template_callback(struct ldb_request *req, case LDB_REPLY_DONE: talloc_free(ares); -#ifdef REAL_EVENT_SYSTEM_HOOKED_UP ret = samldb_next_step(ac); -#else - return ldb_request_done(req, LDB_SUCCESS); -#endif break; } done: if (ret != LDB_SUCCESS) { -#ifdef REAL_EVENT_SYSTEM_HOOKED_UP return ldb_module_done(ac->req, NULL, NULL, ret); -#else - return ldb_request_done(req, ret); -#endif } return LDB_SUCCESS; @@ -240,20 +228,7 @@ static int samldb_search_template(struct samldb_ctx *ac) return LDB_ERR_OPERATIONS_ERROR; } - /* NOTE: this is a request on a different database! - * - * Therefore we need to do a bloody sync call - * otherwise the fake event queue will never call it - * as it runs on the main ldb context and knows - * nothing about the templates_ldb one */ -#ifdef REAL_EVENT_SYSTEM_HOOKED_UP ev = ldb_get_event_context(ac->module->ldb); -#else - ev = event_context_init(NULL); -#endif - if (!talloc_reference(templates_ldb, ev)) { - return LDB_ERR_OPERATIONS_ERROR; - } templates_ldb = ldb_wrap_connect(ac->module->ldb, ev, lparm_ctx, templates_ldb_path, @@ -264,6 +239,10 @@ static int samldb_search_template(struct samldb_ctx *ac) return LDB_ERR_OPERATIONS_ERROR; } + if (!talloc_reference(templates_ldb, ev)) { + return LDB_ERR_OPERATIONS_ERROR; + } + ret = ldb_set_opaque(ac->module->ldb, "templates_ldb", templates_ldb); if (ret != LDB_SUCCESS) { @@ -295,25 +274,7 @@ static int samldb_search_template(struct samldb_ctx *ac) talloc_steal(req, basedn); ac->ares = NULL; - /* NOTE: this is a request on a different database! - * Therefore we need to do a bloody sync call - * otherwise the fake event queue will never call it - * as it runs on the main ldb context and knows - * nothing about the templates_ldb one */ -#ifdef REAL_EVENT_SYSTEM_HOOKED_UP return ldb_request(templates_ldb, req); -#else - ret = ldb_request(templates_ldb, req); - if (ret != LDB_SUCCESS) { - return ret; - } - ret = ldb_wait(req->handle, LDB_WAIT_ALL); - if (ret != LDB_SUCCESS) { - return ret; - } - - return samldb_next_step(ac); -#endif } static int samldb_apply_template(struct samldb_ctx *ac) -- cgit From f22f04f76beba755ed5fcc7385de7b366b71032c Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Mon, 29 Sep 2008 22:47:07 +0200 Subject: Stop creating symlinks to libraries without sonames. (caused recursive symlinks overwriting the original file). --- source4/script/installlib.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/script/installlib.sh b/source4/script/installlib.sh index 962c9562b1..cc9ff0b9ea 100755 --- a/source4/script/installlib.sh +++ b/source4/script/installlib.sh @@ -15,7 +15,9 @@ for p in $*; do mv $LIBDIR/$p2 $LIBDIR/$p2.old fi cp $p $LIBDIR/ - ln -sf $p2 $LIBDIR/$lnname + if [ $p2 != $lnname ]; then + ln -sf $p2 $LIBDIR/$lnname + fi done cat << EOF -- cgit From 744667b3a9bc9d4d48e842378612b40b3539840a Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 29 Sep 2008 22:57:16 +0200 Subject: Consistently use lower case variable names for path variables. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Patch by Matthias Dieter Wallnöfer and me. --- source4/Makefile | 32 ++++++++++++++++---------------- source4/dynconfig/config.mk | 12 ++++++------ 2 files changed, 22 insertions(+), 22 deletions(-) (limited to 'source4') diff --git a/source4/Makefile b/source4/Makefile index 813f0cedd4..cb4aa0e916 100644 --- a/source4/Makefile +++ b/source4/Makefile @@ -10,11 +10,11 @@ include mkconfig.mk pidldir := $(srcdir)/../pidl -BASEDIR = $(prefix) -TORTUREDIR = $(libdir)/torture -SWATDIR = $(datadir)/swat -SETUPDIR = $(datadir)/setup -NCALRPCDIR = $(localstatedir)/ncalrpc +basedir = $(prefix) +torturedir = $(libdir)/torture +swatdir = $(datadir)/swat +setupdir = $(datadir)/setup +ncalrpcdir = $(localstatedir)/ncalrpc BNLD = $(LD) BNLD_FLAGS = $(LDFLAGS) $(SYS_LDFLAGS) @@ -133,7 +133,7 @@ include $(srcdir)/static_deps.mk endif clean:: - @find ../lib ../libcli -name '*.o' -o -name '*.hd' | xargs rm -f + @find ../lib ../libcli -name '*.o' -o -name '*.hd' | xargs rm -f DEFAULT_HEADERS = $(srcdir)/lib/util/dlinklist.h \ $(srcdir)/version.h @@ -155,7 +155,7 @@ testsuite:: bin/smbclient bin/cifsdd bin/smbtorture bin/nmblookup showlayout:: @echo 'Samba will be installed into:' - @echo ' basedir: $(BASEDIR)' + @echo ' basedir: $(basedir)' @echo ' bindir: $(bindir)' @echo ' sbindir: $(sbindir)' @echo ' libdir: $(libdir)' @@ -166,10 +166,10 @@ showlayout:: @echo ' piddir: $(piddir)' @echo ' lockdir: $(lockdir)' @echo ' logfilebase: $(logfilebase)' - @echo ' setupdir: $(SETUPDIR)' - @echo ' swatdir: $(SWATDIR)' + @echo ' setupdir: $(setupdir)' + @echo ' swatdir: $(swatdir)' @echo ' mandir: $(mandir)' - @echo ' torturedir: $(TORTUREDIR)' + @echo ' torturedir: $(torturedir)' @echo ' datadir: $(datadir)' @echo ' winbindd_socket_dir: $(winbindd_socket_dir)' @echo ' ntp_signd_socket_dir: $(ntp_signd_socket_dir)' @@ -194,10 +194,10 @@ install:: showlayout everything installbin installsbin installdat installswat in installdirs:: @$(SHELL) $(srcdir)/script/installdirs.sh \ - $(DESTDIR)$(BASEDIR) \ + $(DESTDIR)$(basedir) \ $(DESTDIR)$(bindir) \ $(DESTDIR)$(sbindir) \ - $(DESTDIR)$(TORTUREDIR) \ + $(DESTDIR)$(torturedir) \ $(DESTDIR)$(libdir) \ $(DESTDIR)$(modulesdir) \ $(DESTDIR)$(mandir) \ @@ -211,7 +211,7 @@ installdirs:: $(DESTDIR)$(logfilebase) \ $(DESTDIR)$(privatedir)/tls \ $(DESTDIR)$(includedir) \ - $(DESTDIR)$(PKGCONFIGDIR) \ + $(DESTDIR)$(pkgconfigdir) \ $(DESTDIR)$(sysconfdir) installbin:: installdirs @@ -230,16 +230,16 @@ installdat:: installdirs installswat:: installdirs #SWAT has been disabled until further notice -# @$(SHELL) $(srcdir)/script/installswat.sh $(DESTDIR)$(SWATDIR) $(srcdir) +# @$(SHELL) $(srcdir)/script/installswat.sh $(DESTDIR)$(swatdir) $(srcdir) installman:: manpages installdirs @$(SHELL) $(srcdir)/script/installman.sh $(DESTDIR)$(mandir) $(MANPAGES) installmisc:: installdirs - @$(SHELL) $(srcdir)/script/installmisc.sh $(srcdir) $(DESTDIR)$(SETUPDIR) $(DESTDIR)$(bindir) + @$(SHELL) $(srcdir)/script/installmisc.sh $(srcdir) $(DESTDIR)$(setupdir) $(DESTDIR)$(bindir) installpc:: installdirs - @$(SHELL) $(srcdir)/script/installpc.sh $(builddir) $(DESTDIR)$(PKGCONFIGDIR) $(PC_FILES) + @$(SHELL) $(srcdir)/script/installpc.sh $(builddir) $(DESTDIR)$(pkgconfigdir) $(PC_FILES) uninstall:: uninstallbin uninstallman uninstallmisc uninstalllib uninstallheader \ uninstallplugins diff --git a/source4/dynconfig/config.mk b/source4/dynconfig/config.mk index 699c30e764..f79cdb8e75 100644 --- a/source4/dynconfig/config.mk +++ b/source4/dynconfig/config.mk @@ -6,19 +6,19 @@ DYNCONFIG_OBJ_FILES = $(dynconfigsrcdir)/dynconfig.o # These can be overridden by command line switches (see samba(8)) # or in smb.conf (see smb.conf(5)) CONFIG4FILE = $(sysconfdir)/smb.conf -PKGCONFIGDIR = $(libdir)/pkgconfig +pkgconfigdir = $(libdir)/pkgconfig LMHOSTSFILE4 = $(sysconfdir)/lmhosts $(dynconfigsrcdir)/dynconfig.o: CFLAGS+=-DCONFIGFILE=\"$(CONFIG4FILE)\" -DBINDIR=\"$(bindir)\" \ -DLMHOSTSFILE=\"$(LMHOSTSFILE4)\" \ -DLOCKDIR=\"$(lockdir)\" -DPIDDIR=\"$(piddir)\" -DDATADIR=\"$(datadir)\" \ -DLOGFILEBASE=\"$(logfilebase)\" \ - -DCONFIGDIR=\"$(sysconfdir)\" -DNCALRPCDIR=\"$(NCALRPCDIR)\" \ - -DSWATDIR=\"$(SWATDIR)\" \ + -DCONFIGDIR=\"$(sysconfdir)\" -DNCALRPCDIR=\"$(ncalrpcdir)\" \ + -DSWATDIR=\"$(swatdir)\" \ -DPRIVATE_DIR=\"$(privatedir)\" \ - -DMODULESDIR=\"$(modulesdir)\" -DJSDIR=\"$(JSDIR)\" \ - -DTORTUREDIR=\"$(TORTUREDIR)\" \ - -DSETUPDIR=\"$(SETUPDIR)\" \ + -DMODULESDIR=\"$(modulesdir)\" \ + -DTORTUREDIR=\"$(torturedir)\" \ + -DSETUPDIR=\"$(setupdir)\" \ -DWINBINDD_PRIVILEGED_SOCKET_DIR=\"$(winbindd_privileged_socket_dir)\" \ -DWINBINDD_SOCKET_DIR=\"$(winbindd_socket_dir)\" \ -DNTP_SIGND_SOCKET_DIR=\"$(ntp_signd_socket_dir)\" -- cgit From a270ddb6e3d5bd5b72558809877d27c3c344797d Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 29 Sep 2008 14:04:48 -0700 Subject: make the schannel creentials persistent this makes testing with the WSPP test suite much easier over samba restarts --- source4/auth/gensec/schannel_state.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/auth/gensec/schannel_state.c b/source4/auth/gensec/schannel_state.c index 0388b3caf6..64c21d0c3e 100644 --- a/source4/auth/gensec/schannel_state.c +++ b/source4/auth/gensec/schannel_state.c @@ -44,7 +44,7 @@ struct ldb_context *schannel_db_connect(TALLOC_CTX *mem_ctx, struct event_contex "computerName: CASE_INSENSITIVE\n" \ "flatname: CASE_INSENSITIVE\n"; - path = smbd_tmp_path(mem_ctx, lp_ctx, "schannel.ldb"); + path = private_path(mem_ctx, lp_ctx, "schannel.ldb"); if (!path) { return NULL; } -- cgit From dd4d309cac42c353c118d50e2f47ed0d27f429fb Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Mon, 29 Sep 2008 23:34:05 +0200 Subject: Patch by Matthias that removes old SWAT support and fixes uninstall. --- source4/Makefile | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) (limited to 'source4') diff --git a/source4/Makefile b/source4/Makefile index cb4aa0e916..8f31979f21 100644 --- a/source4/Makefile +++ b/source4/Makefile @@ -181,7 +181,7 @@ showflags:: # The permissions to give the executables INSTALLPERMS = 0755 -install:: showlayout everything installbin installsbin installdat installswat installmisc \ +install:: showlayout everything installbin installsbin installdat installmisc \ installlib installheader installpc installplugins # DESTDIR is used here to prevent packagers wasting their time @@ -228,10 +228,6 @@ installheader:: headers installdirs installdat:: installdirs @$(SHELL) $(srcdir)/script/installdat.sh $(DESTDIR)$(datadir) $(srcdir) -installswat:: installdirs -#SWAT has been disabled until further notice -# @$(SHELL) $(srcdir)/script/installswat.sh $(DESTDIR)$(swatdir) $(srcdir) - installman:: manpages installdirs @$(SHELL) $(srcdir)/script/installman.sh $(DESTDIR)$(mandir) $(MANPAGES) @@ -241,11 +237,12 @@ installmisc:: installdirs installpc:: installdirs @$(SHELL) $(srcdir)/script/installpc.sh $(builddir) $(DESTDIR)$(pkgconfigdir) $(PC_FILES) -uninstall:: uninstallbin uninstallman uninstallmisc uninstalllib uninstallheader \ - uninstallplugins +uninstall:: uninstallbin uninstallsbin uninstalldat uninstallmisc uninstalllib uninstallheader \ + uninstallman uninstallpc uninstallplugins uninstallmisc:: - #FIXME + @echo "Removing MISC files" + @cd $(DESTDIR)$(bindir); rm -f $(notdir $(miscbinfiles)) $(DESTDIR)$(bindir)/%: bin/% installdirs @mkdir -p $(@D) @@ -261,19 +258,27 @@ $(DESTDIR)$(sbindir)/%: bin/% installdirs @cp $< $@ @chmod $(INSTALLPERMS) $@ +uninstalldat:: + @echo "Removing DAT files" + @rm -fr $(DESTDIR)$(datadir)/* + uninstallbin:: uninstalllib:: + @echo "Removing libraries" @$(SHELL) $(srcdir)/script/uninstalllib.sh $(DESTDIR)$(libdir) $(SHARED_LIBS) - #@$(SHELL) $(srcdir)/script/uninstalllib.sh $(DESTDIR)$(libdir) $(STATIC_LIBS) uninstallheader:: - @$(SHELL) $(srcdir)/script/uninstallheader.sh $(DESTDIR)$(includedir) $(PUBLIC_HEADERS) + @echo "Removing headers" + @rm -fr $(DESTDIR)$(includedir)/* uninstallman:: + @echo "Removing manpages" @$(SHELL) $(srcdir)/script/uninstallman.sh $(DESTDIR)$(mandir) $(MANPAGES) -uninstallplugins:: +uninstallpc:: + @echo "Removing package configurations" + @cd $(DESTDIR)$(pkgconfigdir); rm -f $(notdir $(PC_FILES)) config.status: @echo "config.status does not exist. Please run ./configure." -- cgit From 2ed71ce6bc97cbb9b854bb24ab49001910eda36d Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 30 Sep 2008 00:28:06 +0200 Subject: Remove ldb_module_wait implementation - ldb_module.wait() is gone. --- source4/lib/ldb/ldb.i | 17 ----------------- 1 file changed, 17 deletions(-) (limited to 'source4') diff --git a/source4/lib/ldb/ldb.i b/source4/lib/ldb/ldb.i index 1e3a3169c8..024ba1959a 100644 --- a/source4/lib/ldb/ldb.i +++ b/source4/lib/ldb/ldb.i @@ -1219,22 +1219,6 @@ int py_module_del_transaction(struct ldb_module *mod) return LDB_SUCCESS; } -int py_module_wait(struct ldb_handle *mod, enum ldb_wait_type wait_type) -{ - PyObject *py_ldb = mod->private_data; - PyObject *py_result; - - py_result = PyObject_CallMethod(py_ldb, "wait", "i", wait_type); - - if (py_result == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - - Py_DECREF(py_result); - - return LDB_SUCCESS; -} - int py_module_sequence_number(struct ldb_module *mod, struct ldb_request *req) { PyObject *py_ldb = mod->private_data; @@ -1308,7 +1292,6 @@ int py_module_init (struct ldb_module *mod) $1->start_transaction = py_module_start_transaction; $1->end_transaction = py_module_end_transaction; $1->del_transaction = py_module_del_transaction; - $1->wait = py_module_wait; $1->sequence_number = py_module_sequence_number; } -- cgit From f379f67dd287292e3bb7b606f1bdc3fe7a8db59c Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 30 Sep 2008 00:29:03 +0200 Subject: Fix installation of misc files. --- source4/Makefile | 13 +++++++++++-- source4/dynconfig/dynconfig.c | 3 --- source4/script/installmisc.sh | 6 ------ 3 files changed, 11 insertions(+), 11 deletions(-) (limited to 'source4') diff --git a/source4/Makefile b/source4/Makefile index 8f31979f21..71529305b4 100644 --- a/source4/Makefile +++ b/source4/Makefile @@ -107,6 +107,15 @@ comsrcdir := $(srcdir)/lib/com include data.mk +$(foreach SCRIPT,$(wildcard scripting/bin/*),$(eval $(call binary_install_template,$(SCRIPT)))) + +$(DESTDIR)$(bindir)/%: scripting/bin/% installdirs + @mkdir -p $(@D) + @echo Installing $(@F) as $@ + @if test -f $@; then echo -n ""; rm -f $@.old; mv $@ $@.old; fi + @cp $< $@ + @chmod $(INSTALLPERMS) $@ + pythonmods:: $(PYTHON_PYS) $(PYTHON_SO) DEP_FILES = $(patsubst %.ho,%.hd,$(patsubst %.o,%.d,$(ALL_OBJS))) \ @@ -232,7 +241,7 @@ installman:: manpages installdirs @$(SHELL) $(srcdir)/script/installman.sh $(DESTDIR)$(mandir) $(MANPAGES) installmisc:: installdirs - @$(SHELL) $(srcdir)/script/installmisc.sh $(srcdir) $(DESTDIR)$(setupdir) $(DESTDIR)$(bindir) + @$(SHELL) $(srcdir)/script/installmisc.sh $(srcdir) $(DESTDIR)$(setupdir) installpc:: installdirs @$(SHELL) $(srcdir)/script/installpc.sh $(builddir) $(DESTDIR)$(pkgconfigdir) $(PC_FILES) @@ -242,7 +251,7 @@ uninstall:: uninstallbin uninstallsbin uninstalldat uninstallmisc uninstalllib u uninstallmisc:: @echo "Removing MISC files" - @cd $(DESTDIR)$(bindir); rm -f $(notdir $(miscbinfiles)) + @rm -rf $(DESTDIR)$(setupdir)/* $(DESTDIR)$(bindir)/%: bin/% installdirs @mkdir -p $(@D) diff --git a/source4/dynconfig/dynconfig.c b/source4/dynconfig/dynconfig.c index 507570318d..e0cabef317 100644 --- a/source4/dynconfig/dynconfig.c +++ b/source4/dynconfig/dynconfig.c @@ -79,9 +79,6 @@ _PUBLIC_ const char *dyn_SWATDIR = SWATDIR; /** SETUP files (source files used by the provision) */ _PUBLIC_ const char *dyn_SETUPDIR = SETUPDIR; -/** EJS Javascript library includes */ -_PUBLIC_ const char *dyn_JSDIR = JSDIR; - /** Where to find the winbindd socket */ _PUBLIC_ const char *dyn_WINBINDD_SOCKET_DIR = WINBINDD_SOCKET_DIR; diff --git a/source4/script/installmisc.sh b/source4/script/installmisc.sh index eb347307ba..2bd34b119f 100755 --- a/source4/script/installmisc.sh +++ b/source4/script/installmisc.sh @@ -3,7 +3,6 @@ SRCDIR="$1" SETUPDIR="$2" -BINDIR="$3" cd $SRCDIR || exit 1 @@ -25,9 +24,4 @@ cp setup/provision.smb.conf.dc $SETUPDIR || exit 1 cp setup/provision.smb.conf.member $SETUPDIR || exit 1 cp setup/provision.smb.conf.standalone $SETUPDIR || exit 1 -echo "Installing script tools" -mkdir -p "$BINDIR" -rm -f scripting/bin/*~ -cp scripting/bin/* $BINDIR/ || exit 1 - exit 0 -- cgit From 257fe87efd079ccc085e67d04c7797dbf2e84c51 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 30 Sep 2008 00:32:20 +0200 Subject: Re-add uninstallplugins, there has to be at least one instance of this. --- source4/Makefile | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source4') diff --git a/source4/Makefile b/source4/Makefile index 71529305b4..74383b1a59 100644 --- a/source4/Makefile +++ b/source4/Makefile @@ -285,6 +285,8 @@ uninstallman:: @echo "Removing manpages" @$(SHELL) $(srcdir)/script/uninstallman.sh $(DESTDIR)$(mandir) $(MANPAGES) +uninstallplugins:: + uninstallpc:: @echo "Removing package configurations" @cd $(DESTDIR)$(pkgconfigdir); rm -f $(notdir $(PC_FILES)) -- cgit From 21df9532f54ad15c308630672f3b8a6dc4ce6294 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 30 Sep 2008 00:48:13 +0200 Subject: Remove unused uninstallheader script. --- source4/script/uninstallheader.sh | 35 ----------------------------------- 1 file changed, 35 deletions(-) delete mode 100755 source4/script/uninstallheader.sh (limited to 'source4') diff --git a/source4/script/uninstallheader.sh b/source4/script/uninstallheader.sh deleted file mode 100755 index cb491f071a..0000000000 --- a/source4/script/uninstallheader.sh +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/sh -# based on uninstallbin.sh: -# 4 July 96 Dan.Shearer@UniSA.edu.au - -INCLUDEDIR=$1 -shift - -if [ ! -d $INCLUDEDIR ]; then - echo Directory $INCLUDEDIR does not exist! - echo Do a "make installbin" or "make install" first. - exit 1 -fi - -for p in $*; do - p2=`basename $p` - if [ -f $INCLUDEDIR/$p2 ]; then - echo Removing $INCLUDEDIR/$p2 - rm -f $INCLUDEDIR/$p2 - if [ -f $INCLUDEDIR/$p2 ]; then - echo Cannot remove $INCLUDEDIR/$p2 ... does $USER have privileges? - fi - fi -done - - -cat << EOF -====================================================================== -The headers have been uninstalled. You may restore the headers using -the command "make installheader" or "make install" to install binaries, -man pages, modules and shell scripts. You can restore a previous -version of the headers (if there were any) using "make revert". -====================================================================== -EOF - -exit 0 -- cgit From 750a848d0dbae8ea66a9f265294d7f95556c0c27 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 29 Sep 2008 16:01:07 -0700 Subject: added some more well known SIDs - thanks to the WSPP LSAT test suite --- source4/librpc/idl/security.idl | 6 ++++ source4/rpc_server/lsa/lsa_lookup.c | 43 +++++++++++++++++++++++++- source4/setup/provision_users.ldif | 60 +++++++++++++++++++++++++++++++++++++ 3 files changed, 108 insertions(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/librpc/idl/security.idl b/source4/librpc/idl/security.idl index 80efe46453..ac7641c0af 100644 --- a/source4/librpc/idl/security.idl +++ b/source4/librpc/idl/security.idl @@ -153,6 +153,7 @@ interface security const string SID_CREATOR_OWNER_DOMAIN = "S-1-3"; const string SID_CREATOR_OWNER = "S-1-3-0"; const string SID_CREATOR_GROUP = "S-1-3-1"; + const string SID_OWNER_RIGHTS = "S-1-3-4"; /* SECURITY_NT_AUTHORITY */ const string NAME_NT_AUTHORITY = "NT AUTHORITY"; @@ -172,9 +173,14 @@ interface security const string SID_NT_TERMINAL_SERVER_USERS = "S-1-5-13"; const string SID_NT_REMOTE_INTERACTIVE = "S-1-5-14"; const string SID_NT_THIS_ORGANISATION = "S-1-5-15"; + const string SID_NT_IUSR = "S-1-5-17"; const string SID_NT_SYSTEM = "S-1-5-18"; const string SID_NT_LOCAL_SERVICE = "S-1-5-19"; const string SID_NT_NETWORK_SERVICE = "S-1-5-20"; + const string SID_NT_DIGEST_AUTHENTICATION = "S-1-5-64-21"; + const string SID_NT_NTLM_AUTHENTICATION = "S-1-5-64-10"; + const string SID_NT_SCHANNEL_AUTHENTICATION = "S-1-5-64-14"; + const string SID_NT_OTHER_ORGANISATION = "S-1-5-1000"; /* SECURITY_BUILTIN_DOMAIN_RID */ const string NAME_BUILTIN = "BUILTIN"; diff --git a/source4/rpc_server/lsa/lsa_lookup.c b/source4/rpc_server/lsa/lsa_lookup.c index 30bceb8139..acd3164b69 100644 --- a/source4/rpc_server/lsa/lsa_lookup.c +++ b/source4/rpc_server/lsa/lsa_lookup.c @@ -43,6 +43,11 @@ static const struct { .sid = SID_CREATOR_GROUP, .rtype = SID_NAME_WKN_GRP, }, + { + .name = "Owner Rights", + .sid = SID_OWNER_RIGHTS, + .rtype = SID_NAME_WKN_GRP, + }, { .domain = "NT AUTHORITY", .name = "Dialup", @@ -111,7 +116,7 @@ static const struct { }, { .domain = "NT AUTHORITY", - .name = "Termainal Server User", + .name = "Terminal Server User", .sid = SID_NT_TERMINAL_SERVER_USERS, .rtype = SID_NAME_WKN_GRP, }, @@ -145,6 +150,42 @@ static const struct { .sid = SID_NT_NETWORK_SERVICE, .rtype = SID_NAME_WKN_GRP, }, + { + .domain = "NT AUTHORITY", + .name = "Digest Authentication", + .sid = SID_NT_DIGEST_AUTHENTICATION, + .rtype = SID_NAME_WKN_GRP, + }, + { + .domain = "NT AUTHORITY", + .name = "Enterprise Domain Controllers", + .sid = SID_NT_ENTERPRISE_DCS, + .rtype = SID_NAME_WKN_GRP, + }, + { + .domain = "NT AUTHORITY", + .name = "NTLM Authentication", + .sid = SID_NT_NTLM_AUTHENTICATION, + .rtype = SID_NAME_WKN_GRP, + }, + { + .domain = "NT AUTHORITY", + .name = "Other Organization", + .sid = SID_NT_OTHER_ORGANISATION, + .rtype = SID_NAME_WKN_GRP, + }, + { + .domain = "NT AUTHORITY", + .name = "SChannel Authentication", + .sid = SID_NT_SCHANNEL_AUTHENTICATION, + .rtype = SID_NAME_WKN_GRP, + }, + { + .domain = "NT AUTHORITY", + .name = "IUSR", + .sid = SID_NT_IUSR, + .rtype = SID_NAME_WKN_GRP, + }, { .sid = NULL, } diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif index 854c42d07c..c61cb805c4 100644 --- a/source4/setup/provision_users.ldif +++ b/source4/setup/provision_users.ldif @@ -137,6 +137,66 @@ sAMAccountName: RAS and IAS Servers groupType: -2147483644 isCriticalSystemObject: TRUE +dn: CN=Read-Only Domain Controllers,CN=Users,${DOMAINDN} +objectClass: top +objectClass: group +cn: Read-Only Domain Controllers +description: read-only domain controllers +objectSid: ${DOMAINSID}-521 +sAMAccountName: Read-Only Domain Controllers +groupType: -2147483644 +isCriticalSystemObject: TRUE + +dn: CN=Enterprise Read-Only Domain Controllers,CN=Users,${DOMAINDN} +objectClass: top +objectClass: group +cn: Enterprise Read-Only Domain Controllers +description: enterprise read-only domain controllers +objectSid: ${DOMAINSID}-498 +sAMAccountName: Enterprise Read-Only Domain Controllers +groupType: -2147483644 +isCriticalSystemObject: TRUE + +dn: CN=Certificate Service DCOM Access,CN=Users,${DOMAINDN} +objectClass: top +objectClass: group +cn: Certificate Service DCOM Access +description: Certificate Service DCOM Access +objectSid: ${DOMAINSID}-574 +sAMAccountName: Certificate Service DCOM Access +groupType: -2147483644 +isCriticalSystemObject: TRUE + +dn: CN=Cryptographic Operators,CN=Users,${DOMAINDN} +objectClass: top +objectClass: group +cn: Cryptographic Operators +description: Cryptographic Operators +objectSid: ${DOMAINSID}-569 +sAMAccountName: Cryptographic Operators +groupType: -2147483644 +isCriticalSystemObject: TRUE + +dn: CN=Event Log Readers,CN=Users,${DOMAINDN} +objectClass: top +objectClass: group +cn: Event Log Readers +description: Event Log Readers +objectSid: ${DOMAINSID}-573 +sAMAccountName: Event Log Readers +groupType: -2147483644 +isCriticalSystemObject: TRUE + +dn: CN=IIS_IUSRS,CN=Users,${DOMAINDN} +objectClass: top +objectClass: group +cn: IIS_IUSRS +description: IIS_IUSRS +objectSid: ${DOMAINSID}-568 +sAMAccountName: IIS_IUSRS +groupType: -2147483644 +isCriticalSystemObject: TRUE + dn: CN=Administrators,CN=Builtin,${DOMAINDN} objectClass: top objectClass: group -- cgit From 385015f8f2ea44e8f846e72c7bc74d4c489ae49e Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 29 Sep 2008 16:10:54 -0700 Subject: unmapped SIDs should be rid 0 not rid -1 --- source4/rpc_server/lsa/lsa_lookup.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/rpc_server/lsa/lsa_lookup.c b/source4/rpc_server/lsa/lsa_lookup.c index acd3164b69..5f080e6da2 100644 --- a/source4/rpc_server/lsa/lsa_lookup.c +++ b/source4/rpc_server/lsa/lsa_lookup.c @@ -892,7 +892,10 @@ NTSTATUS dcesrv_lsa_LookupNames2(struct dcesrv_call_state *dce_call, r->out.sids->count++; r->out.sids->sids[i].sid_type = SID_NAME_UNKNOWN; - r->out.sids->sids[i].rid = 0xFFFFFFFF; + /* MS-LSAT 3.1.4.7 - rid zero is considered equivalent + to sid NULL - so we should return 0 rid for + unmapped entries */ + r->out.sids->sids[i].rid = 0; r->out.sids->sids[i].sid_index = 0xFFFFFFFF; r->out.sids->sids[i].unknown = 0; -- cgit From c8a19f0b8373bec27f4d3638bb731963896f3ff5 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 30 Sep 2008 01:29:53 +0200 Subject: Pass options struct into session initialization functions rather than using global_loadparm. --- source4/libcli/cliconnect.c | 6 +++++- source4/libcli/raw/clisession.c | 7 +++---- source4/libcli/smb_composite/connect.c | 5 ++++- source4/param/loadparm.c | 8 ++++++++ source4/param/param.h | 3 +++ source4/torture/basic/secleak.c | 5 ++++- source4/torture/raw/context.c | 26 ++++++++++++++++++-------- source4/torture/raw/lock.c | 5 ++++- source4/torture/rpc/samba3rpc.c | 8 ++++++-- 9 files changed, 55 insertions(+), 18 deletions(-) (limited to 'source4') diff --git a/source4/libcli/cliconnect.c b/source4/libcli/cliconnect.c index c20a7fd935..6fb9f130a9 100644 --- a/source4/libcli/cliconnect.c +++ b/source4/libcli/cliconnect.c @@ -73,8 +73,12 @@ NTSTATUS smbcli_session_setup(struct smbcli_state *cli, { struct smb_composite_sesssetup setup; NTSTATUS status; + struct smbcli_session_options options; - cli->session = smbcli_session_init(cli->transport, cli, true); + lp_smbcli_session_options(global_loadparm, &options); + + cli->session = smbcli_session_init(cli->transport, cli, true, + options); if (!cli->session) return NT_STATUS_UNSUCCESSFUL; setup.in.sesskey = cli->transport->negotiate.sesskey; diff --git a/source4/libcli/raw/clisession.c b/source4/libcli/raw/clisession.c index ad4ca7b471..38d8f700f2 100644 --- a/source4/libcli/raw/clisession.c +++ b/source4/libcli/raw/clisession.c @@ -35,7 +35,8 @@ Initialize the session context ****************************************************************************/ struct smbcli_session *smbcli_session_init(struct smbcli_transport *transport, - TALLOC_CTX *parent_ctx, bool primary) + TALLOC_CTX *parent_ctx, bool primary, + struct smbcli_session_options options) { struct smbcli_session *session; uint16_t flags2; @@ -53,9 +54,7 @@ struct smbcli_session *smbcli_session_init(struct smbcli_transport *transport, } session->pid = (uint16_t)getpid(); session->vuid = UID_FIELD_INVALID; - session->options.lanman_auth = lp_client_lanman_auth(global_loadparm); - session->options.ntlmv2_auth = lp_client_ntlmv2_auth(global_loadparm); - session->options.plaintext_auth = lp_client_plaintext_auth(global_loadparm); + session->options = options; capabilities = transport->negotiate.capabilities; diff --git a/source4/libcli/smb_composite/connect.c b/source4/libcli/smb_composite/connect.c index e56339f96b..5f651f4865 100644 --- a/source4/libcli/smb_composite/connect.c +++ b/source4/libcli/smb_composite/connect.c @@ -229,12 +229,15 @@ static NTSTATUS connect_negprot(struct composite_context *c, { struct connect_state *state = talloc_get_type(c->private_data, struct connect_state); NTSTATUS status; + struct smbcli_session_options options; + + lp_smbcli_session_options(global_loadparm, &options); status = smb_raw_negotiate_recv(state->req); NT_STATUS_NOT_OK_RETURN(status); /* next step is a session setup */ - state->session = smbcli_session_init(state->transport, state, true); + state->session = smbcli_session_init(state->transport, state, true, options); NT_STATUS_HAVE_NO_MEMORY(state->session); /* setup for a tconx (or at least have the structure ready to diff --git a/source4/param/loadparm.c b/source4/param/loadparm.c index 15edbd1f89..0042dbd876 100644 --- a/source4/param/loadparm.c +++ b/source4/param/loadparm.c @@ -2629,3 +2629,11 @@ void lp_smbcli_options(struct loadparm_context *lp_ctx, options->use_oplocks = true; options->use_level2_oplocks = true; } + +void lp_smbcli_session_options(struct loadparm_context *lp_ctx, + struct smbcli_session_options *options) +{ + options->lanman_auth = lp_client_lanman_auth(lp_ctx); + options->ntlmv2_auth = lp_client_ntlmv2_auth(lp_ctx); + options->plaintext_auth = lp_client_plaintext_auth(lp_ctx); +} diff --git a/source4/param/param.h b/source4/param/param.h index 4ed2654692..4c6e8b79a2 100644 --- a/source4/param/param.h +++ b/source4/param/param.h @@ -60,6 +60,7 @@ enum announce_as {/* Types of machine we can announce as. */ struct loadparm_context; struct loadparm_service; struct smbcli_options; +struct smbcli_session_options; void reload_charcnv(struct loadparm_context *lp_ctx); @@ -318,6 +319,8 @@ int lp_maxprintjobs(struct loadparm_service *service, struct loadparm_service *s struct smb_iconv_convenience *lp_iconv_convenience(struct loadparm_context *lp_ctx); void lp_smbcli_options(struct loadparm_context *lp_ctx, struct smbcli_options *options); +void lp_smbcli_session_options(struct loadparm_context *lp_ctx, + struct smbcli_session_options *options); /* The following definitions come from param/generic.c */ diff --git a/source4/torture/basic/secleak.c b/source4/torture/basic/secleak.c index 4caeee72a4..ca1fd444d9 100644 --- a/source4/torture/basic/secleak.c +++ b/source4/torture/basic/secleak.c @@ -36,8 +36,11 @@ static bool try_failed_login(struct torture_context *tctx, struct smbcli_state * NTSTATUS status; struct smb_composite_sesssetup setup; struct smbcli_session *session; + struct smbcli_session_options options; - session = smbcli_session_init(cli->transport, cli, false); + lp_smbcli_session_options(tctx->lp_ctx, &options); + + session = smbcli_session_init(cli->transport, cli, false, options); setup.in.sesskey = cli->transport->negotiate.sesskey; setup.in.capabilities = cli->transport->negotiate.capabilities; setup.in.workgroup = lp_workgroup(tctx->lp_ctx); diff --git a/source4/torture/raw/context.c b/source4/torture/raw/context.c index 15e736fff5..450ad0f260 100644 --- a/source4/torture/raw/context.c +++ b/source4/torture/raw/context.c @@ -81,6 +81,7 @@ static bool test_session(struct smbcli_state *cli, struct torture_context *tctx) const char *fname = BASEDIR "\\test.txt"; uint8_t c = 1; int i; + struct smbcli_session_options options; printf("TESTING SESSION HANDLING\n"); @@ -89,7 +90,10 @@ static bool test_session(struct smbcli_state *cli, struct torture_context *tctx) } printf("create a second security context on the same transport\n"); - session = smbcli_session_init(cli->transport, tctx, false); + + lp_smbcli_session_options(tctx->lp_ctx, &options); + + session = smbcli_session_init(cli->transport, tctx, false, options); setup.in.sesskey = cli->transport->negotiate.sesskey; setup.in.capabilities = cli->transport->negotiate.capabilities; /* ignored in secondary session setup, except by our libs, which care about the extended security bit */ @@ -103,7 +107,7 @@ static bool test_session(struct smbcli_state *cli, struct torture_context *tctx) session->vuid = setup.out.vuid; printf("create a third security context on the same transport, with vuid set\n"); - session2 = smbcli_session_init(cli->transport, tctx, false); + session2 = smbcli_session_init(cli->transport, tctx, false, options); session2->vuid = session->vuid; setup.in.sesskey = cli->transport->negotiate.sesskey; @@ -130,7 +134,7 @@ static bool test_session(struct smbcli_state *cli, struct torture_context *tctx) if (cli->transport->negotiate.capabilities & CAP_EXTENDED_SECURITY) { printf("create a fourth security context on the same transport, without extended security\n"); - session3 = smbcli_session_init(cli->transport, tctx, false); + session3 = smbcli_session_init(cli->transport, tctx, false, options); session3->vuid = session->vuid; setup.in.sesskey = cli->transport->negotiate.sesskey; @@ -144,7 +148,7 @@ static bool test_session(struct smbcli_state *cli, struct torture_context *tctx) CHECK_STATUS(status, NT_STATUS_LOGON_FAILURE); printf("create a fouth anonymous security context on the same transport, without extended security\n"); - session4 = smbcli_session_init(cli->transport, tctx, false); + session4 = smbcli_session_init(cli->transport, tctx, false, options); session4->vuid = session->vuid; setup.in.sesskey = cli->transport->negotiate.sesskey; @@ -230,7 +234,7 @@ static bool test_session(struct smbcli_state *cli, struct torture_context *tctx) setups[i].in.credentials = cmdline_credentials; - sessions[i] = smbcli_session_init(cli->transport, tctx, false); + sessions[i] = smbcli_session_init(cli->transport, tctx, false, options); composite_contexts[i] = smb_composite_sesssetup_send(sessions[i], &setups[i]); } @@ -379,6 +383,7 @@ static bool test_tree_ulogoff(struct smbcli_state *cli, struct torture_context * const char *fname1 = BASEDIR "\\test1.txt"; const char *fname2 = BASEDIR "\\test2.txt"; uint8_t c = 1; + struct smbcli_session_options options; printf("TESTING TREE with ulogoff\n"); @@ -389,8 +394,10 @@ static bool test_tree_ulogoff(struct smbcli_state *cli, struct torture_context * share = torture_setting_string(tctx, "share", NULL); host = torture_setting_string(tctx, "host", NULL); + lp_smbcli_session_options(tctx->lp_ctx, &options); + printf("create the first new sessions\n"); - session1 = smbcli_session_init(cli->transport, tctx, false); + session1 = smbcli_session_init(cli->transport, tctx, false, options); setup.in.sesskey = cli->transport->negotiate.sesskey; setup.in.capabilities = cli->transport->negotiate.capabilities; setup.in.workgroup = lp_workgroup(tctx->lp_ctx); @@ -446,7 +453,7 @@ static bool test_tree_ulogoff(struct smbcli_state *cli, struct torture_context * CHECK_STATUS(status, NT_STATUS_OK); printf("create the second new sessions\n"); - session2 = smbcli_session_init(cli->transport, tctx, false); + session2 = smbcli_session_init(cli->transport, tctx, false, options); setup.in.sesskey = cli->transport->negotiate.sesskey; setup.in.capabilities = cli->transport->negotiate.capabilities; setup.in.workgroup = lp_workgroup(tctx->lp_ctx); @@ -634,6 +641,7 @@ static bool test_pid_2sess(struct smbcli_state *cli, struct torture_context *tct const char *fname = BASEDIR "\\test.txt"; uint8_t c = 1; uint16_t vuid1, vuid2; + struct smbcli_session_options options; printf("TESTING PID HANDLING WITH 2 SESSIONS\n"); @@ -641,8 +649,10 @@ static bool test_pid_2sess(struct smbcli_state *cli, struct torture_context *tct return false; } + lp_smbcli_session_options(tctx->lp_ctx, &options); + printf("create a second security context on the same transport\n"); - session = smbcli_session_init(cli->transport, tctx, false); + session = smbcli_session_init(cli->transport, tctx, false, options); setup.in.sesskey = cli->transport->negotiate.sesskey; setup.in.capabilities = cli->transport->negotiate.capabilities; /* ignored in secondary session setup, except by our libs, which care about the extended security bit */ diff --git a/source4/torture/raw/lock.c b/source4/torture/raw/lock.c index cd8d606795..dbe071c9ad 100644 --- a/source4/torture/raw/lock.c +++ b/source4/torture/raw/lock.c @@ -456,11 +456,14 @@ static bool test_async(struct torture_context *tctx, const char *fname = BASEDIR "\\test.txt"; time_t t; struct smbcli_request *req; + struct smbcli_session_options options; if (!torture_setup_dir(cli, BASEDIR)) { return false; } + lp_smbcli_session_options(tctx->lp_ctx, &options); + printf("Testing LOCKING_ANDX_CANCEL_LOCK\n"); io.generic.level = RAW_LOCK_LOCKX; @@ -590,7 +593,7 @@ static bool test_async(struct torture_context *tctx, } printf("create a new sessions\n"); - session = smbcli_session_init(cli->transport, tctx, false); + session = smbcli_session_init(cli->transport, tctx, false, options); setup.in.sesskey = cli->transport->negotiate.sesskey; setup.in.capabilities = cli->transport->negotiate.capabilities; setup.in.workgroup = lp_workgroup(tctx->lp_ctx); diff --git a/source4/torture/rpc/samba3rpc.c b/source4/torture/rpc/samba3rpc.c index 3bbf6cf223..e030b972f8 100644 --- a/source4/torture/rpc/samba3rpc.c +++ b/source4/torture/rpc/samba3rpc.c @@ -74,6 +74,7 @@ bool torture_bind_authcontext(struct torture_context *torture) struct cli_credentials *anon_creds; struct smb_composite_sesssetup setup; struct smbcli_options options; + struct smbcli_session_options session_options; mem_ctx = talloc_init("torture_bind_authcontext"); @@ -83,6 +84,7 @@ bool torture_bind_authcontext(struct torture_context *torture) } lp_smbcli_options(torture->lp_ctx, &options); + lp_smbcli_session_options(torture->lp_ctx, &session_options); status = smbcli_full_connection(mem_ctx, &cli, torture_setting_string(torture, "host", NULL), @@ -142,7 +144,7 @@ bool torture_bind_authcontext(struct torture_context *torture) goto done; } - session2 = smbcli_session_init(cli->transport, mem_ctx, false); + session2 = smbcli_session_init(cli->transport, mem_ctx, false, session_options); if (session2 == NULL) { d_printf("smbcli_session_init failed\n"); goto done; @@ -1670,12 +1672,14 @@ bool torture_samba3_rpc_getusername(struct torture_context *torture) struct cli_credentials *user_creds; char *domain_name; struct smbcli_options options; + struct smbcli_session_options session_options; if (!(mem_ctx = talloc_new(torture))) { return false; } lp_smbcli_options(torture->lp_ctx, &options); + lp_smbcli_session_options(torture->lp_ctx, &session_options); status = smbcli_full_connection( mem_ctx, &cli, torture_setting_string(torture, "host", NULL), @@ -1762,7 +1766,7 @@ bool torture_samba3_rpc_getusername(struct torture_context *torture) struct smb_composite_sesssetup setup; struct smbcli_tree *tree; - session2 = smbcli_session_init(cli->transport, mem_ctx, false); + session2 = smbcli_session_init(cli->transport, mem_ctx, false, session_options); if (session2 == NULL) { d_printf("(%s) smbcli_session_init failed\n", __location__); -- cgit From 83183bf38190b867ca4bb7ebda1136803e36f777 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 30 Sep 2008 01:38:51 +0200 Subject: Explicitly pass on session options to session setup function. --- source4/client/smbmount.c | 19 ++++++++++++++----- source4/libcli/cliconnect.c | 6 ++---- 2 files changed, 16 insertions(+), 9 deletions(-) (limited to 'source4') diff --git a/source4/client/smbmount.c b/source4/client/smbmount.c index 9ab6c375f2..37c9eaadc4 100644 --- a/source4/client/smbmount.c +++ b/source4/client/smbmount.c @@ -111,7 +111,8 @@ static void usr1_handler(int x) /***************************************************** return a connection to a server *******************************************************/ -static struct smbcli_state *do_connection(const char *the_service, bool unicode, int maxprotocol) +static struct smbcli_state *do_connection(const char *the_service, bool unicode, int maxprotocol, + struct smbcli_session_options session_options) { struct smbcli_state *c; struct nmb_name called, calling; @@ -210,11 +211,12 @@ static struct smbcli_state *do_connection(const char *the_service, bool unicode, if (!smbcli_session_setup(c, username, password, strlen(password), password, strlen(password), - workgroup)) { + workgroup, session_options)) { /* if a password was not supplied then try again with a null username */ if (password[0] || !username[0] || - !smbcli_session_setup(c, "", "", 0, "", 0, workgroup)) { + !smbcli_session_setup(c, "", "", 0, "", 0, workgroup, + session_options)) { DEBUG(0,("%d: session setup failed: %s\n", sys_getpid(), smbcli_errstr(c))); talloc_free(c); @@ -329,6 +331,9 @@ static void send_fs_socket(struct loadparm_context *lp_ctx, int fd, closed = 0, res = 1; pid_t parentpid = getppid(); struct smb_conn_opt conn_options; + struct smbcli_session_options session_options; + + lp_smbcli_session_options(lp_ctx, &session_options); memset(&conn_options, 0, sizeof(conn_options)); @@ -409,7 +414,8 @@ static void send_fs_socket(struct loadparm_context *lp_ctx, DEBUG(2,("mount.smbfs[%d]: got signal, getting new socket\n", sys_getpid())); c = do_connection(the_service, lp_unicode(lp_ctx), - lp_cli_maxprotocol(lp_ctx)); + lp_cli_maxprotocol(lp_ctx), + session_options); } } @@ -430,14 +436,17 @@ static void init_mount(struct loadparm_context *lp_ctx) struct smbcli_state *c; char *args[20]; int i, status; + struct smbcli_session_options session_options; if (realpath(mpoint, mount_point) == NULL) { fprintf(stderr, "Could not resolve mount point %s\n", mpoint); return; } + lp_smbcli_session_options(lp_ctx, &session_options); - c = do_connection(service, lp_unicode(lp_ctx), lp_cli_maxprotocol(lp_ctx)); + c = do_connection(service, lp_unicode(lp_ctx), lp_cli_maxprotocol(lp_ctx), + session_options); if (!c) { fprintf(stderr,"SMB connection failed\n"); exit(1); diff --git a/source4/libcli/cliconnect.c b/source4/libcli/cliconnect.c index 6fb9f130a9..3b1c3c5314 100644 --- a/source4/libcli/cliconnect.c +++ b/source4/libcli/cliconnect.c @@ -69,13 +69,11 @@ NTSTATUS smbcli_negprot(struct smbcli_state *cli, bool unicode, int maxprotocol) /* wrapper around smb_raw_sesssetup() */ NTSTATUS smbcli_session_setup(struct smbcli_state *cli, struct cli_credentials *credentials, - const char *workgroup) + const char *workgroup, + struct smbcli_session_options options) { struct smb_composite_sesssetup setup; NTSTATUS status; - struct smbcli_session_options options; - - lp_smbcli_session_options(global_loadparm, &options); cli->session = smbcli_session_init(cli->transport, cli, true, options); -- cgit From 40fa4c4154aa572f39fddf16b2fefbe370910360 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 29 Sep 2008 16:50:46 -0700 Subject: we need to return NT_STATUS_INVALID_PARAMETER for bad levels in lsalookupnames2 --- source4/rpc_server/lsa/lsa_lookup.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'source4') diff --git a/source4/rpc_server/lsa/lsa_lookup.c b/source4/rpc_server/lsa/lsa_lookup.c index 5f080e6da2..7bf7d849b7 100644 --- a/source4/rpc_server/lsa/lsa_lookup.c +++ b/source4/rpc_server/lsa/lsa_lookup.c @@ -862,6 +862,11 @@ NTSTATUS dcesrv_lsa_LookupNames2(struct dcesrv_call_state *dce_call, DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY); + if (r->in.level < LSA_LOOKUP_NAMES_ALL || + r->in.level > LSA_LOOKUP_NAMES_RODC_REFERRAL_TO_FULL_DC) { + return NT_STATUS_INVALID_PARAMETER; + } + state = h->data; r->out.domains = talloc_zero(mem_ctx, struct lsa_RefDomainList); -- cgit From 28482efa5ceebdea821b9368a2761e93ee2fff59 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 29 Sep 2008 16:51:05 -0700 Subject: WSPP docs say we need to check that root_dir is NULL --- source4/rpc_server/lsa/lsa_init.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'source4') diff --git a/source4/rpc_server/lsa/lsa_init.c b/source4/rpc_server/lsa/lsa_init.c index e5e31c74f8..a95cb10f9f 100644 --- a/source4/rpc_server/lsa/lsa_init.c +++ b/source4/rpc_server/lsa/lsa_init.c @@ -199,6 +199,12 @@ NTSTATUS dcesrv_lsa_OpenPolicy2(struct dcesrv_call_state *dce_call, TALLOC_CTX * ZERO_STRUCTP(r->out.handle); + if (r->in.attr == NULL || + r->in.attr->root_dir != NULL) { + /* MS-LSAD 3.1.4.4.1 */ + return NT_STATUS_INVALID_PARAMETER; + } + status = dcesrv_lsa_get_policy_state(dce_call, mem_ctx, &state); if (!NT_STATUS_IS_OK(status)) { return status; -- cgit From c951a881da60b51e06a5182c5ad9fb32482b0ab5 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 29 Sep 2008 16:51:21 -0700 Subject: added new level for lsalookupnames2 --- source4/librpc/idl/lsa.idl | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/librpc/idl/lsa.idl b/source4/librpc/idl/lsa.idl index 9a6e4a202c..eed713f71c 100644 --- a/source4/librpc/idl/lsa.idl +++ b/source4/librpc/idl/lsa.idl @@ -387,7 +387,8 @@ import "misc.idl", "security.idl"; LSA_LOOKUP_NAMES_PRIMARY_DOMAIN_ONLY = 3, LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY = 4, LSA_LOOKUP_NAMES_FOREST_TRUSTS_ONLY = 5, - LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY2 = 6 + LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY2 = 6, + LSA_LOOKUP_NAMES_RODC_REFERRAL_TO_FULL_DC = 7 } lsa_LookupNamesLevel; [public] NTSTATUS lsa_LookupNames ( -- cgit From 9de1472bd1848363dfce1644ce7b971486551ec3 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 30 Sep 2008 01:58:06 +0200 Subject: Remove redundant call. --- source4/librpc/rpc/dcerpc_connect.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/librpc/rpc/dcerpc_connect.c b/source4/librpc/rpc/dcerpc_connect.c index 318b8fe36d..7bdca2d986 100644 --- a/source4/librpc/rpc/dcerpc_connect.c +++ b/source4/librpc/rpc/dcerpc_connect.c @@ -137,7 +137,7 @@ static struct composite_context *dcerpc_pipe_connect_ncacn_np_smb_send(TALLOC_CT /* send smb connect request */ conn_req = smb_composite_connect_send(conn, s->io.pipe->conn, - lp_resolve_context(lp_ctx), + s->io.resolve_ctx, s->io.pipe->conn->event_ctx); if (composite_nomem(conn_req, c)) return c; -- cgit From 43d944e6d6b66cf67ee857a62a439296738d3a59 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 30 Sep 2008 01:59:10 +0200 Subject: Remove global_loadparm instance. --- source4/libnet/libnet_site.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/libnet/libnet_site.c b/source4/libnet/libnet_site.c index bb65de1f54..5647a93b8d 100644 --- a/source4/libnet/libnet_site.c +++ b/source4/libnet/libnet_site.c @@ -56,7 +56,7 @@ NTSTATUS libnet_FindSite(TALLOC_CTX *ctx, struct libnet_context *lctx, struct li search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX; search.in.map_response = true; - cldap = cldap_socket_init(tmp_ctx, lctx->event_ctx, lp_iconv_convenience(global_loadparm)); + cldap = cldap_socket_init(tmp_ctx, lctx->event_ctx, lp_iconv_convenience(lctx->lp_ctx)); status = cldap_netlogon(cldap, tmp_ctx, &search); if (!NT_STATUS_IS_OK(status) || !search.out.netlogon.nt5_ex.client_site) { /* -- cgit From 755ad80e2932f2114941adeb13f8879010484ff8 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 30 Sep 2008 02:07:14 +0200 Subject: Remove uses of global_loadparm. --- source4/torture/rpc/samlogon.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'source4') diff --git a/source4/torture/rpc/samlogon.c b/source4/torture/rpc/samlogon.c index 4fbffee41e..b7028e6609 100644 --- a/source4/torture/rpc/samlogon.c +++ b/source4/torture/rpc/samlogon.c @@ -53,7 +53,9 @@ struct samlogon_state { const char *comment; const char *account_name; const char *account_domain; + const char *netbios_name; const char *password; + const char *workgroup; struct dcerpc_pipe *p; int function_level; uint32_t parameter_control; @@ -593,7 +595,7 @@ static bool test_lmv2_ntlmv2_broken(struct samlogon_state *samlogon_state, DATA_BLOB lmv2_response = data_blob(NULL, 0); DATA_BLOB lmv2_session_key = data_blob(NULL, 0); DATA_BLOB ntlmv2_session_key = data_blob(NULL, 0); - DATA_BLOB names_blob = NTLMv2_generate_names_blob(samlogon_state->mem_ctx, samlogon_state->iconv_convenience, TEST_MACHINE_NAME, lp_workgroup(global_loadparm)); + DATA_BLOB names_blob = NTLMv2_generate_names_blob(samlogon_state->mem_ctx, samlogon_state->iconv_convenience, TEST_MACHINE_NAME, samlogon_state->workgroup); uint8_t lm_session_key[8]; uint8_t user_session_key[16]; @@ -741,7 +743,7 @@ static bool test_lmv2_ntlm_broken(struct samlogon_state *samlogon_state, DATA_BLOB lmv2_response = data_blob(NULL, 0); DATA_BLOB lmv2_session_key = data_blob(NULL, 0); DATA_BLOB ntlmv2_session_key = data_blob(NULL, 0); - DATA_BLOB names_blob = NTLMv2_generate_names_blob(samlogon_state->mem_ctx, samlogon_state->iconv_convenience, lp_netbios_name(global_loadparm), lp_workgroup(global_loadparm)); + DATA_BLOB names_blob = NTLMv2_generate_names_blob(samlogon_state->mem_ctx, samlogon_state->iconv_convenience, samlogon_state->netbios_name, samlogon_state->workgroup); DATA_BLOB ntlm_response = data_blob_talloc(samlogon_state->mem_ctx, NULL, 24); DATA_BLOB ntlm_session_key = data_blob_talloc(samlogon_state->mem_ctx, NULL, 16); @@ -1337,6 +1339,8 @@ static bool test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, samlogon_state.account_name = account_name; samlogon_state.account_domain = account_domain; samlogon_state.password = plain_pass; + samlogon_state.workgroup = lp_workgroup(tctx->lp_ctx); + samlogon_state.netbios_name = lp_netbios_name(tctx->lp_ctx); samlogon_state.p = p; samlogon_state.creds = creds; samlogon_state.expected_error = expected_error; -- cgit From 4e8cb60222ea13295eaff477625164dfd61e288f Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 30 Sep 2008 02:11:55 +0200 Subject: Remove global_loadparm instance. --- source4/libcli/smb_composite/fsinfo.c | 10 ++++++---- source4/torture/raw/composite.c | 2 +- 2 files changed, 7 insertions(+), 5 deletions(-) (limited to 'source4') diff --git a/source4/libcli/smb_composite/fsinfo.c b/source4/libcli/smb_composite/fsinfo.c index 270d71f518..cd6e98547b 100644 --- a/source4/libcli/smb_composite/fsinfo.c +++ b/source4/libcli/smb_composite/fsinfo.c @@ -127,7 +127,8 @@ static void fsinfo_composite_handler(struct composite_context *creq) composite fsinfo call - connects to a tree and queries a file system information */ struct composite_context *smb_composite_fsinfo_send(struct smbcli_tree *tree, - struct smb_composite_fsinfo *io) + struct smb_composite_fsinfo *io, + struct resolve_context *resolve_ctx) { struct composite_context *c; struct fsinfo_state *state; @@ -160,7 +161,7 @@ struct composite_context *smb_composite_fsinfo_send(struct smbcli_tree *tree, c->private_data = state; state->creq = smb_composite_connect_send(state->connect, state, - lp_resolve_context(global_loadparm), c->event_ctx); + resolve_ctx, c->event_ctx); if (state->creq == NULL) goto failed; @@ -197,9 +198,10 @@ NTSTATUS smb_composite_fsinfo_recv(struct composite_context *c, TALLOC_CTX *mem_ */ NTSTATUS smb_composite_fsinfo(struct smbcli_tree *tree, TALLOC_CTX *mem_ctx, - struct smb_composite_fsinfo *io) + struct smb_composite_fsinfo *io, + struct resolve_context *resolve_ctx) { - struct composite_context *c = smb_composite_fsinfo_send(tree, io); + struct composite_context *c = smb_composite_fsinfo_send(tree, io, resolve_ctx); return smb_composite_fsinfo_recv(c, mem_ctx); } diff --git a/source4/torture/raw/composite.c b/source4/torture/raw/composite.c index d73ac1327e..a151854e59 100644 --- a/source4/torture/raw/composite.c +++ b/source4/torture/raw/composite.c @@ -358,7 +358,7 @@ static bool test_fsinfo(struct smbcli_state *cli, struct torture_context *tctx) c = talloc_array(tctx, struct composite_context *, torture_numops); for (i=0; itree,&io1); + c[i] = smb_composite_fsinfo_send(cli->tree, &io1, lp_resolve_context(tctx->lp_ctx)); c[i]->async.fn = loadfile_complete; c[i]->async.private_data = count; } -- cgit From cef80957c49c972e82a634724590b5fd5d6ca78f Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 30 Sep 2008 02:19:15 +0200 Subject: Remove global_loadparm instance, discard_const_p. --- source4/libnet/libnet_samdump_keytab.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) (limited to 'source4') diff --git a/source4/libnet/libnet_samdump_keytab.c b/source4/libnet/libnet_samdump_keytab.c index 0c4d3e5c59..4b71b0c24d 100644 --- a/source4/libnet/libnet_samdump_keytab.c +++ b/source4/libnet/libnet_samdump_keytab.c @@ -68,6 +68,11 @@ static NTSTATUS samdump_keytab_handle_user(TALLOC_CTX *mem_ctx, return NT_STATUS_OK; } +struct libnet_samdump_keytab_data { + const char *keytab_name; + struct loadparm_context *lp_ctx; +}; + static NTSTATUS libnet_samdump_keytab_fn(TALLOC_CTX *mem_ctx, void *private, enum netr_SamDatabaseID database, @@ -75,8 +80,7 @@ static NTSTATUS libnet_samdump_keytab_fn(TALLOC_CTX *mem_ctx, char **error_string) { NTSTATUS nt_status = NT_STATUS_OK; - const char *keytab_name = private; - + struct libnet_samdump_keytab_data *data = private; *error_string = NULL; switch (delta->delta_type) { case NETR_DELTA_USER: @@ -85,8 +89,8 @@ static NTSTATUS libnet_samdump_keytab_fn(TALLOC_CTX *mem_ctx, if (database == SAM_DATABASE_DOMAIN) { nt_status = samdump_keytab_handle_user(mem_ctx, event_context_find(mem_ctx), - global_loadparm, - keytab_name, + data->lp_ctx, + data->keytab_name, delta); break; } @@ -101,14 +105,18 @@ static NTSTATUS libnet_samdump_keytab_fn(TALLOC_CTX *mem_ctx, NTSTATUS libnet_SamDump_keytab(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_SamDump_keytab *r) { NTSTATUS nt_status; + struct libnet_samdump_keytab_data data; struct libnet_SamSync r2; + data.keytab_name = r->in.keytab_name; + data.lp_ctx = ctx->lp_ctx; + r2.out.error_string = NULL; r2.in.binding_string = r->in.binding_string; r2.in.rid_crypt = true; r2.in.init_fn = NULL; r2.in.delta_fn = libnet_samdump_keytab_fn; - r2.in.fn_ctx = discard_const(r->in.keytab_name); + r2.in.fn_ctx = &data; r2.in.machine_account = r->in.machine_account; nt_status = libnet_SamSync_netlogon(ctx, mem_ctx, &r2); r->out.error_string = r2.out.error_string; -- cgit From 181ee01da67985f5db684500247d655ce72fe611 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 30 Sep 2008 02:47:19 +0200 Subject: Pass session options around; saves another use of global_loadparm. --- source4/auth/ntlm/auth_server.c | 1 + source4/libcli/raw/clitree.c | 4 +++- source4/libcli/smb_composite/connect.c | 5 +---- source4/libcli/smb_composite/fetchfile.c | 1 + source4/libcli/smb_composite/fsinfo.c | 1 + source4/libcli/smb_composite/smb_composite.h | 2 ++ source4/librpc/rpc/dcerpc_connect.c | 1 + source4/ntvfs/cifs/vfs_cifs.c | 1 + source4/torture/basic/misc.c | 1 + source4/torture/raw/composite.c | 1 + source4/torture/raw/lockbench.c | 1 + source4/torture/raw/openbench.c | 1 + 12 files changed, 15 insertions(+), 5 deletions(-) (limited to 'source4') diff --git a/source4/auth/ntlm/auth_server.c b/source4/auth/ntlm/auth_server.c index bb8773e75e..539ae6aa80 100644 --- a/source4/auth/ntlm/auth_server.c +++ b/source4/auth/ntlm/auth_server.c @@ -80,6 +80,7 @@ static NTSTATUS server_get_challenge(struct auth_method_context *ctx, TALLOC_CTX io.in.workgroup = ""; /* only used with SPNEGO, disabled above */ io.in.options = smb_options; + lp_smbcli_session_options(ctx->auth_ctx->lp_ctx, &io.in.session_options); status = smb_composite_connect(&io, mem_ctx, lp_resolve_context(ctx->auth_ctx->lp_ctx), ctx->auth_ctx->event_ctx); diff --git a/source4/libcli/raw/clitree.c b/source4/libcli/raw/clitree.c index 15cd70833c..4b5d2dc397 100644 --- a/source4/libcli/raw/clitree.c +++ b/source4/libcli/raw/clitree.c @@ -177,7 +177,8 @@ NTSTATUS smbcli_tree_full_connection(TALLOC_CTX *parent_ctx, struct cli_credentials *credentials, struct resolve_context *resolve_ctx, struct event_context *ev, - struct smbcli_options *options) + struct smbcli_options *options, + struct smbcli_session_options *session_options) { struct smb_composite_connect io; NTSTATUS status; @@ -200,6 +201,7 @@ NTSTATUS smbcli_tree_full_connection(TALLOC_CTX *parent_ctx, * is complete -- abartlet 2008-04-28 */ io.in.workgroup = lp_workgroup(global_loadparm); io.in.options = *options; + io.in.session_options = *session_options; status = smb_composite_connect(&io, parent_ctx, resolve_ctx, ev); if (NT_STATUS_IS_OK(status)) { diff --git a/source4/libcli/smb_composite/connect.c b/source4/libcli/smb_composite/connect.c index 5f651f4865..a4137290bb 100644 --- a/source4/libcli/smb_composite/connect.c +++ b/source4/libcli/smb_composite/connect.c @@ -229,15 +229,12 @@ static NTSTATUS connect_negprot(struct composite_context *c, { struct connect_state *state = talloc_get_type(c->private_data, struct connect_state); NTSTATUS status; - struct smbcli_session_options options; - - lp_smbcli_session_options(global_loadparm, &options); status = smb_raw_negotiate_recv(state->req); NT_STATUS_NOT_OK_RETURN(status); /* next step is a session setup */ - state->session = smbcli_session_init(state->transport, state, true, options); + state->session = smbcli_session_init(state->transport, state, true, io->in.session_options); NT_STATUS_HAVE_NO_MEMORY(state->session); /* setup for a tconx (or at least have the structure ready to diff --git a/source4/libcli/smb_composite/fetchfile.c b/source4/libcli/smb_composite/fetchfile.c index 9cd02a51f4..ff4f0e7930 100644 --- a/source4/libcli/smb_composite/fetchfile.c +++ b/source4/libcli/smb_composite/fetchfile.c @@ -147,6 +147,7 @@ struct composite_context *smb_composite_fetchfile_send(struct smb_composite_fetc state->connect->in.workgroup = io->in.workgroup; state->connect->in.options = io->in.options; + state->connect->in.session_options = io->in.session_options; state->creq = smb_composite_connect_send(state->connect, state, io->in.resolve_ctx, event_ctx); diff --git a/source4/libcli/smb_composite/fsinfo.c b/source4/libcli/smb_composite/fsinfo.c index cd6e98547b..dc5327a29c 100644 --- a/source4/libcli/smb_composite/fsinfo.c +++ b/source4/libcli/smb_composite/fsinfo.c @@ -155,6 +155,7 @@ struct composite_context *smb_composite_fsinfo_send(struct smbcli_tree *tree, state->connect->in.workgroup = io->in.workgroup; state->connect->in.options = tree->session->transport->options; + state->connect->in.session_options = tree->session->options; c->state = COMPOSITE_STATE_IN_PROGRESS; state->stage = FSINFO_CONNECT; diff --git a/source4/libcli/smb_composite/smb_composite.h b/source4/libcli/smb_composite/smb_composite.h index 7f4b9d73e4..08ca40c833 100644 --- a/source4/libcli/smb_composite/smb_composite.h +++ b/source4/libcli/smb_composite/smb_composite.h @@ -57,6 +57,7 @@ struct smb_composite_fetchfile { const char *workgroup; const char *filename; struct smbcli_options options; + struct smbcli_session_options session_options; struct resolve_context *resolve_ctx; } in; struct { @@ -98,6 +99,7 @@ struct smb_composite_connect { bool fallback_to_anonymous; const char *workgroup; struct smbcli_options options; + struct smbcli_session_options session_options; } in; struct { struct smbcli_tree *tree; diff --git a/source4/librpc/rpc/dcerpc_connect.c b/source4/librpc/rpc/dcerpc_connect.c index 7bdca2d986..b117a98270 100644 --- a/source4/librpc/rpc/dcerpc_connect.c +++ b/source4/librpc/rpc/dcerpc_connect.c @@ -121,6 +121,7 @@ static struct composite_context *dcerpc_pipe_connect_ncacn_np_smb_send(TALLOC_CT conn->in.workgroup = lp_workgroup(lp_ctx); lp_smbcli_options(lp_ctx, &conn->in.options); + lp_smbcli_session_options(lp_ctx, &conn->in.session_options); /* * provide proper credentials - user supplied, but allow a diff --git a/source4/ntvfs/cifs/vfs_cifs.c b/source4/ntvfs/cifs/vfs_cifs.c index 844fa11cc5..9bc36a1762 100644 --- a/source4/ntvfs/cifs/vfs_cifs.c +++ b/source4/ntvfs/cifs/vfs_cifs.c @@ -206,6 +206,7 @@ static NTSTATUS cvfs_connect(struct ntvfs_module_context *ntvfs, io.in.service = remote_share; io.in.service_type = "?????"; lp_smbcli_options(ntvfs->ctx->lp_ctx, &io.in.options); + lp_smbcli_session_options(ntvfs->ctx->lp_ctx, &io.in.session_options); if (!(ntvfs->ctx->client_caps & NTVFS_CLIENT_CAP_LEVEL_II_OPLOCKS)) { io.in.options.use_level2_oplocks = false; diff --git a/source4/torture/basic/misc.c b/source4/torture/basic/misc.c index 24e0324bc3..c129fd586b 100644 --- a/source4/torture/basic/misc.c +++ b/source4/torture/basic/misc.c @@ -823,6 +823,7 @@ static struct composite_context *torture_connect_async( smb->in.fallback_to_anonymous=false; smb->in.workgroup=workgroup; lp_smbcli_options(tctx->lp_ctx, &smb->in.options); + lp_smbcli_session_options(tctx->lp_ctx, &smb->in.session_options); return smb_composite_connect_send(smb,mem_ctx, lp_resolve_context(tctx->lp_ctx),ev); diff --git a/source4/torture/raw/composite.c b/source4/torture/raw/composite.c index a151854e59..7f1f5943e1 100644 --- a/source4/torture/raw/composite.c +++ b/source4/torture/raw/composite.c @@ -164,6 +164,7 @@ static bool test_fetchfile(struct smbcli_state *cli, struct torture_context *tct io2.in.filename = fname; io2.in.resolve_ctx = lp_resolve_context(tctx->lp_ctx); lp_smbcli_options(tctx->lp_ctx, &io2.in.options); + lp_smbcli_session_options(tctx->lp_ctx, &io2.in.session_options); printf("testing parallel fetchfile with %d ops\n", torture_numops); diff --git a/source4/torture/raw/lockbench.c b/source4/torture/raw/lockbench.c index 21541d003b..26fad4235e 100644 --- a/source4/torture/raw/lockbench.c +++ b/source4/torture/raw/lockbench.c @@ -195,6 +195,7 @@ static void reopen_connection(struct event_context *ev, struct timed_event *te, io->in.fallback_to_anonymous = false; io->in.workgroup = lp_workgroup(state->tctx->lp_ctx); lp_smbcli_options(state->tctx->lp_ctx, &io->in.options); + lp_smbcli_session_options(state->tctx->lp_ctx, &io->in.session_options); /* kill off the remnants of the old connection */ talloc_free(state->tree); diff --git a/source4/torture/raw/openbench.c b/source4/torture/raw/openbench.c index 26b862c33f..ec94637445 100644 --- a/source4/torture/raw/openbench.c +++ b/source4/torture/raw/openbench.c @@ -137,6 +137,7 @@ static void reopen_connection(struct event_context *ev, struct timed_event *te, io->in.fallback_to_anonymous = false; io->in.workgroup = lp_workgroup(state->tctx->lp_ctx); lp_smbcli_options(state->tctx->lp_ctx, &io->in.options); + lp_smbcli_session_options(state->tctx->lp_ctx, &io->in.session_options); /* kill off the remnants of the old connection */ talloc_free(state->tree); -- cgit From 235b729309a17fa44fecf743db5fe6552f67f577 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 30 Sep 2008 03:07:08 +0200 Subject: Cope with API changes. --- source4/client/cifsdd.c | 15 ++++++++++----- source4/client/cifsdd.h | 4 +++- source4/client/cifsddio.c | 17 +++++++++++------ source4/client/client.c | 9 ++++++--- source4/libcli/cliconnect.c | 6 ++++-- source4/torture/gentest.c | 5 ++++- source4/torture/locktest.c | 4 +++- source4/torture/locktest2.c | 19 ++++++++++++------- source4/torture/masktest.c | 9 ++++++--- source4/torture/raw/oplock.c | 5 +++-- source4/torture/raw/tconrate.c | 4 +++- source4/torture/rpc/join.c | 6 ++++-- source4/torture/rpc/samba3rpc.c | 18 ++++++++++++------ source4/torture/unix/unix_info2.c | 4 +++- source4/torture/unix/whoami.c | 4 +++- source4/torture/util_smb.c | 4 +++- 16 files changed, 90 insertions(+), 43 deletions(-) (limited to 'source4') diff --git a/source4/client/cifsdd.c b/source4/client/cifsdd.c index 141b165ad4..5f07826d06 100644 --- a/source4/client/cifsdd.c +++ b/source4/client/cifsdd.c @@ -357,7 +357,8 @@ static void print_transfer_stats(void) static struct dd_iohandle * open_file(struct resolve_context *resolve_ctx, struct event_context *ev, const char * which, const char **ports, - struct smbcli_options *smb_options) + struct smbcli_options *smb_options, + struct smbcli_session_options *smb_session_options) { int options = 0; const char * path = NULL; @@ -379,13 +380,13 @@ static struct dd_iohandle * open_file(struct resolve_context *resolve_ctx, path = check_arg_pathname("if"); handle = dd_open_path(resolve_ctx, ev, path, ports, check_arg_numeric("ibs"), options, - smb_options); + smb_options, smb_session_options); } else if (strcmp(which, "of") == 0) { options |= DD_WRITE; path = check_arg_pathname("of"); handle = dd_open_path(resolve_ctx, ev, path, ports, check_arg_numeric("obs"), options, - smb_options); + smb_options, smb_session_options); } else { SMB_ASSERT(0); return(NULL); @@ -412,12 +413,14 @@ static int copy_files(struct event_context *ev, struct loadparm_context *lp_ctx) struct dd_iohandle * ofile; struct smbcli_options options; + struct smbcli_session_options session_options; ibs = check_arg_numeric("ibs"); obs = check_arg_numeric("obs"); count = check_arg_numeric("count"); lp_smbcli_options(lp_ctx, &options); + lp_smbcli_session_options(lp_ctx, &session_options); /* Allocate IO buffer. We need more than the max IO size because we * could accumulate a remainder if ibs and obs don't match. @@ -436,12 +439,14 @@ static int copy_files(struct event_context *ev, struct loadparm_context *lp_ctx) (unsigned long long)iomax, options.max_xmit)); if (!(ifile = open_file(lp_resolve_context(lp_ctx), ev, "if", - lp_smb_ports(lp_ctx), &options))) { + lp_smb_ports(lp_ctx), &options, + &session_options))) { return(FILESYS_EXIT_CODE); } if (!(ofile = open_file(lp_resolve_context(lp_ctx), ev, "of", - lp_smb_ports(lp_ctx), &options))) { + lp_smb_ports(lp_ctx), &options, + &session_options))) { return(FILESYS_EXIT_CODE); } diff --git a/source4/client/cifsdd.h b/source4/client/cifsdd.h index 21a4ad4882..3195e4334f 100644 --- a/source4/client/cifsdd.h +++ b/source4/client/cifsdd.h @@ -89,6 +89,7 @@ struct dd_iohandle #define DD_OPLOCK 0x00000008 struct smbcli_options; +struct smbcli_session_options; struct event_context; struct dd_iohandle * dd_open_path(struct resolve_context *resolve_ctx, @@ -96,7 +97,8 @@ struct dd_iohandle * dd_open_path(struct resolve_context *resolve_ctx, const char * path, const char **ports, uint64_t io_size, int options, - struct smbcli_options *smb_options); + struct smbcli_options *smb_options, + struct smbcli_session_options *smb_session_options); bool dd_fill_block(struct dd_iohandle * h, uint8_t * buf, uint64_t * buf_size, uint64_t need_size, uint64_t block_size); bool dd_flush_block(struct dd_iohandle * h, uint8_t * buf, diff --git a/source4/client/cifsddio.c b/source4/client/cifsddio.c index 4297c30012..25194a621a 100644 --- a/source4/client/cifsddio.c +++ b/source4/client/cifsddio.c @@ -225,7 +225,8 @@ static struct smbcli_state * init_smb_session(struct resolve_context *resolve_ct const char * host, const char **ports, const char * share, - struct smbcli_options *options) + struct smbcli_options *options, + struct smbcli_session_options *session_options) { NTSTATUS ret; struct smbcli_state * cli = NULL; @@ -236,7 +237,8 @@ static struct smbcli_state * init_smb_session(struct resolve_context *resolve_ct ret = smbcli_full_connection(NULL, &cli, host, ports, share, NULL /* devtype */, cmdline_credentials, resolve_ctx, - ev, options); + ev, options, + session_options); if (!NT_STATUS_IS_OK(ret)) { fprintf(stderr, "%s: connecting to //%s/%s: %s\n", @@ -302,7 +304,8 @@ static struct dd_iohandle * open_cifs_handle(struct resolve_context *resolve_ctx const char * path, uint64_t io_size, int options, - struct smbcli_options *smb_options) + struct smbcli_options *smb_options, + struct smbcli_session_options *smb_session_options) { struct cifs_handle * smbh; @@ -323,7 +326,7 @@ static struct dd_iohandle * open_cifs_handle(struct resolve_context *resolve_ctx smbh->h.io_seek = smb_seek_func; if ((smbh->cli = init_smb_session(resolve_ctx, ev, host, ports, share, - smb_options)) == NULL) { + smb_options, smb_session_options)) == NULL) { return(NULL); } @@ -344,7 +347,8 @@ struct dd_iohandle * dd_open_path(struct resolve_context *resolve_ctx, const char **ports, uint64_t io_size, int options, - struct smbcli_options *smb_options) + struct smbcli_options *smb_options, + struct smbcli_session_options *smb_session_options) { if (file_exist(path)) { return(open_fd_handle(path, io_size, options)); @@ -361,7 +365,8 @@ struct dd_iohandle * dd_open_path(struct resolve_context *resolve_ctx, return(open_cifs_handle(resolve_ctx, ev, host, ports, share, remain, - io_size, options, smb_options)); + io_size, options, smb_options, + smb_session_options)); } return(open_fd_handle(path, io_size, options)); diff --git a/source4/client/client.c b/source4/client/client.c index e05e195372..266bd67025 100644 --- a/source4/client/client.c +++ b/source4/client/client.c @@ -3032,7 +3032,8 @@ static bool do_connect(struct smbclient_context *ctx, const char *specified_server, const char **ports, const char *specified_share, struct cli_credentials *cred, - struct smbcli_options *options) + struct smbcli_options *options, + struct smbcli_session_options *session_options) { NTSTATUS status; char *server, *share; @@ -3051,7 +3052,7 @@ static bool do_connect(struct smbclient_context *ctx, status = smbcli_full_connection(ctx, &ctx->cli, server, ports, share, NULL, cred, resolve_ctx, - ev_ctx, options); + ev_ctx, options, session_options); if (!NT_STATUS_IS_OK(status)) { d_printf("Connection to \\\\%s\\%s failed - %s\n", server, share, nt_errstr(status)); @@ -3138,6 +3139,7 @@ static int do_message_op(const char *netbios_name, const char *desthost, struct smbclient_context *ctx; const char *cmdstr = NULL; struct smbcli_options smb_options; + struct smbcli_session_options smb_session_options; struct poptOption long_options[] = { POPT_AUTOHELP @@ -3227,6 +3229,7 @@ static int do_message_op(const char *netbios_name, const char *desthost, poptFreeContext(pc); lp_smbcli_options(cmdline_lp_ctx, &smb_options); + lp_smbcli_session_options(cmdline_lp_ctx, &smb_session_options); ev_ctx = s4_event_context_init(talloc_autofree_context()); @@ -3255,7 +3258,7 @@ static int do_message_op(const char *netbios_name, const char *desthost, if (!do_connect(ctx, ev_ctx, lp_resolve_context(cmdline_lp_ctx), desthost, lp_smb_ports(cmdline_lp_ctx), service, - cmdline_credentials, &smb_options)) + cmdline_credentials, &smb_options, &smb_session_options)) return 1; if (base_directory) diff --git a/source4/libcli/cliconnect.c b/source4/libcli/cliconnect.c index 3b1c3c5314..e42b04cdc5 100644 --- a/source4/libcli/cliconnect.c +++ b/source4/libcli/cliconnect.c @@ -146,7 +146,8 @@ NTSTATUS smbcli_full_connection(TALLOC_CTX *parent_ctx, struct cli_credentials *credentials, struct resolve_context *resolve_ctx, struct event_context *ev, - struct smbcli_options *options) + struct smbcli_options *options, + struct smbcli_session_options *session_options) { struct smbcli_tree *tree; NTSTATUS status; @@ -157,7 +158,8 @@ NTSTATUS smbcli_full_connection(TALLOC_CTX *parent_ctx, &tree, host, ports, sharename, devtype, credentials, resolve_ctx, ev, - options); + options, + session_options); if (!NT_STATUS_IS_OK(status)) { goto done; } diff --git a/source4/torture/gentest.c b/source4/torture/gentest.c index fecdfda56e..3bf3ad8b1b 100644 --- a/source4/torture/gentest.c +++ b/source4/torture/gentest.c @@ -214,7 +214,9 @@ static bool connect_servers(struct event_context *ev, for (j=0;jlp_ctx, &options); + lp_smbcli_session_options(tctx->lp_ctx, &session_options); options.use_level2_oplocks = false; @@ -188,7 +189,7 @@ static bool open_connection_no_level2_oplocks(struct torture_context *tctx, torture_setting_string(tctx, "share", NULL), NULL, cmdline_credentials, lp_resolve_context(tctx->lp_ctx), - tctx->ev, &options); + tctx->ev, &options, &session_options); if (!NT_STATUS_IS_OK(status)) { printf("Failed to open connection - %s\n", nt_errstr(status)); return false; diff --git a/source4/torture/raw/tconrate.c b/source4/torture/raw/tconrate.c index 6f0ba0d617..66ef2ae2dd 100644 --- a/source4/torture/raw/tconrate.c +++ b/source4/torture/raw/tconrate.c @@ -69,8 +69,10 @@ static int fork_tcon_client(struct torture_context *tctx, struct timeval end; struct timeval now; struct smbcli_options options; + struct smbcli_session_options session_options; lp_smbcli_options(tctx->lp_ctx, &options); + lp_smbcli_session_options(tctx->lp_ctx, &session_options); child = fork(); if (child == -1) { @@ -100,7 +102,7 @@ static int fork_tcon_client(struct torture_context *tctx, host, lp_smb_ports(tctx->lp_ctx), share, NULL, cmdline_credentials, lp_resolve_context(tctx->lp_ctx), - tctx->ev, &options); + tctx->ev, &options, &session_options); if (!NT_STATUS_IS_OK(status)) { printf("failed to connect to //%s/%s: %s\n", diff --git a/source4/torture/rpc/join.c b/source4/torture/rpc/join.c index 77da32d572..ee0c05360f 100644 --- a/source4/torture/rpc/join.c +++ b/source4/torture/rpc/join.c @@ -19,6 +19,7 @@ bool torture_rpc_join(struct torture_context *torture) struct smbcli_state *cli; const char *host = torture_setting_string(torture, "host", NULL); struct smbcli_options options; + struct smbcli_session_options session_options; /* Join domain as a member server. */ tj = torture_join_domain(torture, @@ -33,13 +34,14 @@ bool torture_rpc_join(struct torture_context *torture) } lp_smbcli_options(torture->lp_ctx, &options); + lp_smbcli_session_options(torture->lp_ctx, &session_options); status = smbcli_full_connection(tj, &cli, host, lp_smb_ports(torture->lp_ctx), "IPC$", NULL, machine_account, lp_resolve_context(torture->lp_ctx), - torture->ev, &options); + torture->ev, &options, &session_options); if (!NT_STATUS_IS_OK(status)) { DEBUG(0, ("%s failed to connect to IPC$ with workstation credentials\n", TORTURE_NETBIOS_NAME)); @@ -65,7 +67,7 @@ bool torture_rpc_join(struct torture_context *torture) "IPC$", NULL, machine_account, lp_resolve_context(torture->lp_ctx), - torture->ev, &options); + torture->ev, &options, &session_options); if (!NT_STATUS_IS_OK(status)) { DEBUG(0, ("%s failed to connect to IPC$ with workstation credentials\n", TORTURE_NETBIOS_NAME)); diff --git a/source4/torture/rpc/samba3rpc.c b/source4/torture/rpc/samba3rpc.c index e030b972f8..260c1cc149 100644 --- a/source4/torture/rpc/samba3rpc.c +++ b/source4/torture/rpc/samba3rpc.c @@ -91,7 +91,7 @@ bool torture_bind_authcontext(struct torture_context *torture) lp_smb_ports(torture->lp_ctx), "IPC$", NULL, cmdline_credentials, lp_resolve_context(torture->lp_ctx), - torture->ev, &options); + torture->ev, &options, &session_options); if (!NT_STATUS_IS_OK(status)) { d_printf("smbcli_full_connection failed: %s\n", nt_errstr(status)); @@ -290,6 +290,7 @@ bool torture_bind_samba3(struct torture_context *torture) bool ret = false; struct smbcli_state *cli; struct smbcli_options options; + struct smbcli_session_options session_options; mem_ctx = talloc_init("torture_bind_authcontext"); @@ -299,13 +300,14 @@ bool torture_bind_samba3(struct torture_context *torture) } lp_smbcli_options(torture->lp_ctx, &options); + lp_smbcli_session_options(torture->lp_ctx, &session_options); status = smbcli_full_connection(mem_ctx, &cli, torture_setting_string(torture, "host", NULL), lp_smb_ports(torture->lp_ctx), "IPC$", NULL, cmdline_credentials, lp_resolve_context(torture->lp_ctx), - torture->ev, &options); + torture->ev, &options, &session_options); if (!NT_STATUS_IS_OK(status)) { d_printf("smbcli_full_connection failed: %s\n", nt_errstr(status)); @@ -1197,6 +1199,7 @@ bool torture_netlogon_samba3(struct torture_context *torture) const char *wks_name; int i; struct smbcli_options options; + struct smbcli_session_options session_options; wks_name = torture_setting_string(torture, "wksname", NULL); if (wks_name == NULL) { @@ -1216,13 +1219,14 @@ bool torture_netlogon_samba3(struct torture_context *torture) } lp_smbcli_options(torture->lp_ctx, &options); + lp_smbcli_session_options(torture->lp_ctx, &session_options); status = smbcli_full_connection(mem_ctx, &cli, torture_setting_string(torture, "host", NULL), lp_smb_ports(torture->lp_ctx), "IPC$", NULL, anon_creds, lp_resolve_context(torture->lp_ctx), - torture->ev, &options); + torture->ev, &options, &session_options); if (!NT_STATUS_IS_OK(status)) { d_printf("smbcli_full_connection failed: %s\n", nt_errstr(status)); @@ -1301,15 +1305,17 @@ static bool test_join3(struct torture_context *tctx, struct smbcli_state *cli; struct cli_credentials *wks_creds; struct smbcli_options options; + struct smbcli_session_options session_options; lp_smbcli_options(tctx->lp_ctx, &options); + lp_smbcli_session_options(tctx->lp_ctx, &session_options); status = smbcli_full_connection(tctx, &cli, torture_setting_string(tctx, "host", NULL), lp_smb_ports(tctx->lp_ctx), "IPC$", NULL, smb_creds, lp_resolve_context(tctx->lp_ctx), - tctx->ev, &options); + tctx->ev, &options, &session_options); if (!NT_STATUS_IS_OK(status)) { d_printf("smbcli_full_connection failed: %s\n", nt_errstr(status)); @@ -1686,7 +1692,7 @@ bool torture_samba3_rpc_getusername(struct torture_context *torture) lp_smb_ports(torture->lp_ctx), "IPC$", NULL, cmdline_credentials, lp_resolve_context(torture->lp_ctx), - torture->ev, &options); + torture->ev, &options, &session_options); if (!NT_STATUS_IS_OK(status)) { d_printf("(%s) smbcli_full_connection failed: %s\n", __location__, nt_errstr(status)); @@ -1713,7 +1719,7 @@ bool torture_samba3_rpc_getusername(struct torture_context *torture) lp_smb_ports(torture->lp_ctx), "IPC$", NULL, anon_creds, lp_resolve_context(torture->lp_ctx), - torture->ev, &options); + torture->ev, &options, &session_options); if (!NT_STATUS_IS_OK(status)) { d_printf("(%s) anon smbcli_full_connection failed: %s\n", __location__, nt_errstr(status)); diff --git a/source4/torture/unix/unix_info2.c b/source4/torture/unix/unix_info2.c index d7482ddcf1..3bddde2a97 100644 --- a/source4/torture/unix/unix_info2.c +++ b/source4/torture/unix/unix_info2.c @@ -56,15 +56,17 @@ static struct smbcli_state *connect_to_server(struct torture_context *tctx) const char *host = torture_setting_string(tctx, "host", NULL); const char *share = torture_setting_string(tctx, "share", NULL); struct smbcli_options options; + struct smbcli_session_options session_options; lp_smbcli_options(tctx->lp_ctx, &options); + lp_smbcli_session_options(tctx->lp_ctx, &session_options); status = smbcli_full_connection(tctx, &cli, host, lp_smb_ports(tctx->lp_ctx), share, NULL, cmdline_credentials, lp_resolve_context(tctx->lp_ctx), - tctx->ev, &options); + tctx->ev, &options, &session_options); if (!NT_STATUS_IS_OK(status)) { printf("failed to connect to //%s/%s: %s\n", diff --git a/source4/torture/unix/whoami.c b/source4/torture/unix/whoami.c index 39d0a12ab1..d742e23e82 100644 --- a/source4/torture/unix/whoami.c +++ b/source4/torture/unix/whoami.c @@ -77,14 +77,16 @@ static struct smbcli_state *connect_to_server(struct torture_context *tctx, const char *host = torture_setting_string(tctx, "host", NULL); const char *share = torture_setting_string(tctx, "share", NULL); struct smbcli_options options; + struct smbcli_session_options session_options; lp_smbcli_options(tctx->lp_ctx, &options); + lp_smbcli_session_options(tctx->lp_ctx, &session_options); status = smbcli_full_connection(tctx, &cli, host, lp_smb_ports(tctx->lp_ctx), share, NULL, creds, lp_resolve_context(tctx->lp_ctx), - tctx->ev, &options); + tctx->ev, &options, &session_options); if (!NT_STATUS_IS_OK(status)) { printf("failed to connect to //%s/%s: %s\n", diff --git a/source4/torture/util_smb.c b/source4/torture/util_smb.c index 938e7d6c03..32e4453aca 100644 --- a/source4/torture/util_smb.c +++ b/source4/torture/util_smb.c @@ -475,8 +475,10 @@ _PUBLIC_ bool torture_open_connection_share(TALLOC_CTX *mem_ctx, NTSTATUS status; struct smbcli_options options; + struct smbcli_session_options session_options; lp_smbcli_options(tctx->lp_ctx, &options); + lp_smbcli_session_options(tctx->lp_ctx, &session_options); options.use_oplocks = torture_setting_bool(tctx, "use_oplocks", true); options.use_level2_oplocks = torture_setting_bool(tctx, "use_level2_oplocks", true); @@ -486,7 +488,7 @@ _PUBLIC_ bool torture_open_connection_share(TALLOC_CTX *mem_ctx, sharename, NULL, cmdline_credentials, lp_resolve_context(tctx->lp_ctx), - ev, &options); + ev, &options, &session_options); if (!NT_STATUS_IS_OK(status)) { printf("Failed to open connection - %s\n", nt_errstr(status)); return false; -- cgit From 2ba4a79210f35df526a72c740ada5de34d6f45f4 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 30 Sep 2008 03:20:46 +0200 Subject: Eliminate another global_loadparm. --- source4/smbd/process_model.h | 3 ++- source4/smbd/process_prefork.c | 2 +- source4/smbd/process_single.c | 2 +- source4/smbd/process_standard.c | 5 +++-- source4/smbd/process_thread.c | 2 +- source4/smbd/service_stream.c | 2 +- source4/smbd/service_task.c | 2 +- 7 files changed, 10 insertions(+), 8 deletions(-) (limited to 'source4') diff --git a/source4/smbd/process_model.h b/source4/smbd/process_model.h index a9b33a4725..6afb66ff20 100644 --- a/source4/smbd/process_model.h +++ b/source4/smbd/process_model.h @@ -63,7 +63,8 @@ struct model_ops { void *); /* function to terminate a connection or task */ - void (*terminate)(struct event_context *, const char *reason); + void (*terminate)(struct event_context *, struct loadparm_context *lp_ctx, + const char *reason); /* function to set a title for the connection or task */ void (*set_title)(struct event_context *, const char *title); diff --git a/source4/smbd/process_prefork.c b/source4/smbd/process_prefork.c index 0d17e5301d..1b369613ff 100644 --- a/source4/smbd/process_prefork.c +++ b/source4/smbd/process_prefork.c @@ -189,7 +189,7 @@ static void prefork_new_task(struct event_context *ev, /* called when a task goes down */ -_NORETURN_ static void prefork_terminate(struct event_context *ev, const char *reason) +_NORETURN_ static void prefork_terminate(struct event_context *ev, struct loadparm_context *lp_ctx, const char *reason) { DEBUG(2,("prefork_terminate: reason[%s]\n",reason)); } diff --git a/source4/smbd/process_single.c b/source4/smbd/process_single.c index a7a27ef9e0..26afff9930 100644 --- a/source4/smbd/process_single.c +++ b/source4/smbd/process_single.c @@ -95,7 +95,7 @@ static void single_new_task(struct event_context *ev, /* called when a task goes down */ -static void single_terminate(struct event_context *ev, const char *reason) +static void single_terminate(struct event_context *ev, struct loadparm_context *lp_ctx, const char *reason) { DEBUG(2,("single_terminate: reason[%s]\n",reason)); } diff --git a/source4/smbd/process_standard.c b/source4/smbd/process_standard.c index c8f90209b6..0a864dabb2 100644 --- a/source4/smbd/process_standard.c +++ b/source4/smbd/process_standard.c @@ -196,13 +196,14 @@ static void standard_new_task(struct event_context *ev, /* called when a task goes down */ -_NORETURN_ static void standard_terminate(struct event_context *ev, const char *reason) +_NORETURN_ static void standard_terminate(struct event_context *ev, struct loadparm_context *lp_ctx, + const char *reason) { DEBUG(2,("standard_terminate: reason[%s]\n",reason)); /* this reload_charcnv() has the effect of freeing the iconv context memory, which makes leak checking easier */ - reload_charcnv(global_loadparm); + reload_charcnv(lp_ctx); talloc_free(ev); diff --git a/source4/smbd/process_thread.c b/source4/smbd/process_thread.c index 540d956420..597cf587f1 100644 --- a/source4/smbd/process_thread.c +++ b/source4/smbd/process_thread.c @@ -188,7 +188,7 @@ static void thread_new_task(struct event_context *ev, } /* called when a task goes down */ -static void thread_terminate(struct event_context *event_ctx, const char *reason) +static void thread_terminate(struct event_context *event_ctx, struct loadparm_context *lp_ctx, const char *reason) { DEBUG(10,("thread_terminate: reason[%s]\n",reason)); diff --git a/source4/smbd/service_stream.c b/source4/smbd/service_stream.c index 48eda46dc7..1240382944 100644 --- a/source4/smbd/service_stream.c +++ b/source4/smbd/service_stream.c @@ -79,7 +79,7 @@ void stream_terminate_connection(struct stream_connection *srv_conn, const char talloc_free(srv_conn->event.fde); srv_conn->event.fde = NULL; talloc_free(srv_conn); - model_ops->terminate(event_ctx, reason); + model_ops->terminate(event_ctx, srv_conn->lp_ctx, reason); } /** diff --git a/source4/smbd/service_task.c b/source4/smbd/service_task.c index 2274685059..9a2903e281 100644 --- a/source4/smbd/service_task.c +++ b/source4/smbd/service_task.c @@ -35,7 +35,7 @@ void task_server_terminate(struct task_server *task, const char *reason) struct event_context *event_ctx = task->event_ctx; const struct model_ops *model_ops = task->model_ops; DEBUG(0,("task_server_terminate: [%s]\n", reason)); - model_ops->terminate(event_ctx, reason); + model_ops->terminate(event_ctx, task->lp_ctx, reason); /* don't free this above, it might contain the 'reason' being printed */ talloc_free(task); -- cgit From 5bbd73c0ff64ec5da337d327d4f6ed1de2132ed4 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 30 Sep 2008 04:01:47 +0200 Subject: Remove two more uses of global loadparm by remember required details for secondary DCE/RPC connections. --- source4/librpc/rpc/dcerpc_secondary.c | 7 +++--- source4/librpc/rpc/dcerpc_sock.c | 40 +++++++++++++++++++++++------------ 2 files changed, 31 insertions(+), 16 deletions(-) (limited to 'source4') diff --git a/source4/librpc/rpc/dcerpc_secondary.c b/source4/librpc/rpc/dcerpc_secondary.c index abc67ad38b..b4d5d05b61 100644 --- a/source4/librpc/rpc/dcerpc_secondary.c +++ b/source4/librpc/rpc/dcerpc_secondary.c @@ -95,13 +95,14 @@ _PUBLIC_ struct composite_context* dcerpc_secondary_connection_send(struct dcerp s->binding->host, s->binding->target_hostname, atoi(s->binding->endpoint), - lp_resolve_context(global_loadparm)); + dcerpc_resolve_ctx(s->pipe->conn)); composite_continue(c, pipe_tcp_req, continue_open_tcp, c); return c; case NCALRPC: - pipe_ncalrpc_req = dcerpc_pipe_open_pipe_send(s->pipe2->conn, lp_ncalrpc_dir(global_loadparm), - s->binding->endpoint); + case NCACN_UNIX_STREAM: + pipe_ncalrpc_req = dcerpc_pipe_open_unix_stream_send(s->pipe2->conn, + dcerpc_unix_socket_path(s->pipe->conn)); composite_continue(c, pipe_ncalrpc_req, continue_open_pipe, c); return c; diff --git a/source4/librpc/rpc/dcerpc_sock.c b/source4/librpc/rpc/dcerpc_sock.c index 7480beae33..1e2b4cde48 100644 --- a/source4/librpc/rpc/dcerpc_sock.c +++ b/source4/librpc/rpc/dcerpc_sock.c @@ -39,6 +39,9 @@ struct sock_private { struct packet_context *packet; uint32_t pending_reads; + + struct resolve_context *resolve_ctx; + const char *path; /* For ncacn_unix_sock and ncalrpc */ }; @@ -307,6 +310,7 @@ static struct composite_context *dcerpc_pipe_open_socket_send(TALLOC_CTX *mem_ct struct resolve_context *resolve_context, struct socket_address *server, const char *target_hostname, + const char *full_path, enum dcerpc_transport_t transport) { struct composite_context *c; @@ -334,6 +338,9 @@ static struct composite_context *dcerpc_pipe_open_socket_send(TALLOC_CTX *mem_ct talloc_steal(s->sock, s->socket_ctx); + s->sock->resolve_ctx = resolve_context; + s->sock->path = talloc_reference(s->sock, full_path); + conn_req = socket_connect_send(s->socket_ctx, NULL, s->server, 0, resolve_context, c->event_ctx); @@ -386,6 +393,7 @@ static void continue_ip_resolve_name(struct composite_context *ctx) sock_ipv4_req = dcerpc_pipe_open_socket_send(c, s->conn, s->resolve_ctx, s->srvaddr, s->target_hostname, + NULL, NCACN_IP_TCP); composite_continue(c, sock_ipv4_req, continue_ipv4_open_socket, c); } @@ -561,6 +569,7 @@ struct composite_context *dcerpc_pipe_open_unix_stream_send(struct dcerpc_connec sock_unix_req = dcerpc_pipe_open_socket_send(c, s->conn, NULL, s->srvaddr, NULL, + s->path, NCALRPC); composite_continue(c, sock_unix_req, continue_unix_open_socket, c); return c; @@ -579,13 +588,6 @@ NTSTATUS dcerpc_pipe_open_unix_stream_recv(struct composite_context *c) } -struct pipe_np_state { - char *full_path; - struct socket_address *srvaddr; - struct dcerpc_connection *conn; -}; - - /* Stage 2 of dcerpc_pipe_open_pipe_send: receive socket open request */ @@ -612,13 +614,13 @@ struct composite_context* dcerpc_pipe_open_pipe_send(struct dcerpc_connection *c struct composite_context *c; struct composite_context *sock_np_req; - struct pipe_np_state *s; + struct pipe_unix_state *s; /* composite context allocation and setup */ c = composite_create(conn, conn->event_ctx); if (c == NULL) return NULL; - s = talloc_zero(c, struct pipe_np_state); + s = talloc_zero(c, struct pipe_unix_state); if (composite_nomem(s, c)) return c; c->private_data = s; @@ -628,15 +630,15 @@ struct composite_context* dcerpc_pipe_open_pipe_send(struct dcerpc_connection *c s->conn = conn; string_replace(canon, '/', '\\'); - s->full_path = talloc_asprintf(canon, "%s/%s", ncalrpc_dir, canon); - if (composite_nomem(s->full_path, c)) return c; + s->path = talloc_asprintf(canon, "%s/%s", ncalrpc_dir, canon); + if (composite_nomem(s->path, c)) return c; /* prepare server address using path and transport name */ - s->srvaddr = socket_address_from_strings(conn, "unix", s->full_path, 0); + s->srvaddr = socket_address_from_strings(conn, "unix", s->path, 0); if (composite_nomem(s->srvaddr, c)) return c; /* send socket open request */ - sock_np_req = dcerpc_pipe_open_socket_send(c, s->conn, NULL, s->srvaddr, NULL, NCALRPC); + sock_np_req = dcerpc_pipe_open_socket_send(c, s->conn, NULL, s->srvaddr, NULL, s->path, NCALRPC); composite_continue(c, sock_np_req, continue_np_open_socket, c); return c; } @@ -662,3 +664,15 @@ NTSTATUS dcerpc_pipe_open_pipe(struct dcerpc_connection *conn, const char *ncalr struct composite_context *c = dcerpc_pipe_open_pipe_send(conn, ncalrpc_dir, identifier); return dcerpc_pipe_open_pipe_recv(c); } + +const char *dcerpc_unix_socket_path(struct dcerpc_connection *p) +{ + struct sock_private *sock = (struct sock_private *)p->transport.private_data; + return sock->path; +} + +struct resolve_context *dcerpc_resolve_ctx(struct dcerpc_connection *p) +{ + struct sock_private *sock = (struct sock_private *)p->transport.private_data; + return sock->resolve_ctx; +} -- cgit From 4a1dabd8361c8480261d89b4ea39236ff0431897 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 30 Sep 2008 04:22:24 +0200 Subject: wmi: Use cli_credentials. --- source4/lib/wmi/wmi.h | 2 +- source4/lib/wmi/wmicore.c | 14 +------------- 2 files changed, 2 insertions(+), 14 deletions(-) (limited to 'source4') diff --git a/source4/lib/wmi/wmi.h b/source4/lib/wmi/wmi.h index 32543a8ca7..46c9b70cdb 100644 --- a/source4/lib/wmi/wmi.h +++ b/source4/lib/wmi/wmi.h @@ -27,7 +27,7 @@ /** FIXME: Use credentials struct rather than user/password here */ WERROR WBEM_ConnectServer(struct com_context *ctx, const char *server, const char *nspace, - const char *user, const char *password, + struct cli_credentials *credentials, const char *locale, uint32_t flags, const char *authority, struct IWbemContext* wbem_ctx, struct IWbemServices** services); const char *wmi_errstr(WERROR werror); diff --git a/source4/lib/wmi/wmicore.c b/source4/lib/wmi/wmicore.c index 49c1e03312..3ac6c89292 100644 --- a/source4/lib/wmi/wmicore.c +++ b/source4/lib/wmi/wmicore.c @@ -51,7 +51,7 @@ void wmi_init(struct com_context **ctx, struct cli_credentials *credentials) /** FIXME: Use credentials struct rather than user/password here */ WERROR WBEM_ConnectServer(struct com_context *ctx, const char *server, const uint16_t *nspace, - const char *user, const char *password, + struct cli_credentials *credentials, const char *locale, uint32_t flags, const char *authority, struct IWbemContext* wbem_ctx, struct IWbemServices** services) { @@ -61,18 +61,6 @@ WERROR WBEM_ConnectServer(struct com_context *ctx, const char *server, const uin struct IUnknown **mqi; struct IWbemLevel1Login *pL; - if (user) { - char *cred; - struct cli_credentials *cc; - - cred = talloc_asprintf(NULL, "%s%%%s", user, password); - cc = cli_credentials_init(cred); - cli_credentials_set_conf(cc, global_loadparm); - cli_credentials_parse_string(cc, cred, CRED_SPECIFIED); - dcom_add_server_credentials(ctx, server, cc); - talloc_free(cred); - } - GUID_from_string(CLSID_WBEMLEVEL1LOGIN, &clsid); GUID_from_string(COM_IWBEMLEVEL1LOGIN_UUID, &iid); result = dcom_create_object(ctx, &clsid, server, 1, &iid, &mqi, &coresult); -- cgit From 2400b1fea2a07ad3972ee8133e37eaf2f91499d0 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 30 Sep 2008 04:22:54 +0200 Subject: Fix segfault. --- source4/smbd/service_stream.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/smbd/service_stream.c b/source4/smbd/service_stream.c index 1240382944..ce5b6519a1 100644 --- a/source4/smbd/service_stream.c +++ b/source4/smbd/service_stream.c @@ -78,8 +78,8 @@ void stream_terminate_connection(struct stream_connection *srv_conn, const char talloc_free(srv_conn->event.fde); srv_conn->event.fde = NULL; - talloc_free(srv_conn); model_ops->terminate(event_ctx, srv_conn->lp_ctx, reason); + talloc_free(srv_conn); } /** -- cgit From 454122ab091715edf02c26e0a408141c7374b693 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 30 Sep 2008 06:05:05 +0200 Subject: make sure dcerpc is always initialized. --- source4/librpc/rpc/dcerpc.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'source4') diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c index 5bbcc5e91c..5cee9f27ad 100644 --- a/source4/librpc/rpc/dcerpc.c +++ b/source4/librpc/rpc/dcerpc.c @@ -33,9 +33,7 @@ _PUBLIC_ NTSTATUS dcerpc_init(void) { - gensec_init(global_loadparm); - - return NT_STATUS_OK; + return gensec_init(global_loadparm); } static void dcerpc_connection_dead(struct dcerpc_connection *conn, NTSTATUS status); -- cgit From ac5e69a999c4dcd337c5b8467aba3018df50126b Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 30 Sep 2008 06:10:32 +0200 Subject: dcesrv: Remove use of global_loadparm. --- source4/rpc_server/service_rpc.c | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) (limited to 'source4') diff --git a/source4/rpc_server/service_rpc.c b/source4/rpc_server/service_rpc.c index b68cec4c7d..2ef8591c32 100644 --- a/source4/rpc_server/service_rpc.c +++ b/source4/rpc_server/service_rpc.c @@ -436,6 +436,25 @@ static void dcesrv_task_init(struct task_server *task) NTSTATUS status; struct dcesrv_context *dce_ctx; struct dcesrv_endpoint *e; + extern NTSTATUS dcerpc_server_wkssvc_init(void); + extern NTSTATUS dcerpc_server_drsuapi_init(void); + extern NTSTATUS dcerpc_server_winreg_init(void); + extern NTSTATUS dcerpc_server_spoolss_init(void); + extern NTSTATUS dcerpc_server_epmapper_init(void); + extern NTSTATUS dcerpc_server_srvsvc_init(void); + extern NTSTATUS dcerpc_server_netlogon_init(void); + extern NTSTATUS dcerpc_server_rpcecho_init(void); + extern NTSTATUS dcerpc_server_unixinfo_init(void); + extern NTSTATUS dcerpc_server_samr_init(void); + extern NTSTATUS dcerpc_server_remote_init(void); + extern NTSTATUS dcerpc_server_lsa_init(void); + init_module_fn static_init[] = { STATIC_DCESRV_MODULES }; + init_module_fn *shared_init = load_samba_modules(NULL, task->lp_ctx, "dcerpc_server"); + + run_init_functions(static_init); + run_init_functions(shared_init); + + talloc_free(shared_init); task_server_set_title(task, "task[dcesrv]"); @@ -462,25 +481,6 @@ failed: NTSTATUS server_service_rpc_init(void) { - extern NTSTATUS dcerpc_server_wkssvc_init(void); - extern NTSTATUS dcerpc_server_drsuapi_init(void); - extern NTSTATUS dcerpc_server_winreg_init(void); - extern NTSTATUS dcerpc_server_spoolss_init(void); - extern NTSTATUS dcerpc_server_epmapper_init(void); - extern NTSTATUS dcerpc_server_srvsvc_init(void); - extern NTSTATUS dcerpc_server_netlogon_init(void); - extern NTSTATUS dcerpc_server_rpcecho_init(void); - extern NTSTATUS dcerpc_server_unixinfo_init(void); - extern NTSTATUS dcerpc_server_samr_init(void); - extern NTSTATUS dcerpc_server_remote_init(void); - extern NTSTATUS dcerpc_server_lsa_init(void); - init_module_fn static_init[] = { STATIC_DCESRV_MODULES }; - init_module_fn *shared_init = load_samba_modules(NULL, global_loadparm, "dcerpc_server"); - run_init_functions(static_init); - run_init_functions(shared_init); - - talloc_free(shared_init); - return register_server_service("rpc", dcesrv_task_init); } -- cgit From 3ff298c37be5daa015006fe5cede3980b26e570e Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 30 Sep 2008 06:43:32 +0200 Subject: s4:selftest: add "smb.signing" to anon signing tests metze --- source4/selftest/samba4_tests.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source4') diff --git a/source4/selftest/samba4_tests.sh b/source4/selftest/samba4_tests.sh index 667b21975f..af8c3e94c1 100755 --- a/source4/selftest/samba4_tests.sh +++ b/source4/selftest/samba4_tests.sh @@ -328,9 +328,9 @@ for mech in \ name="smb.signing on with $signoptions" plantest "$name local-creds" member $VALGRIND $smb4torture //"\$NETBIOSNAME"/tmp $signoptions -U"\$NETBIOSNAME/\$USERNAME"%"\$PASSWORD" BASE-XCOPY "$*" done -plantest "--signing=yes anon" dc $VALGRIND $smb4torture //"\$NETBIOSNAME"/tmp -k no --signing=yes -U% BASE-XCOPY "$*" -plantest "--signing=required anon" dc $VALGRIND $smb4torture //"\$NETBIOSNAME"/tmp -k no --signing=required -U% BASE-XCOPY "$*" -plantest "--signing=no anon" member $VALGRIND $smb4torture //"\$NETBIOSNAME"/tmp -k no --signing=no -U% BASE-XCOPY "$*" +plantest "smb.signing --signing=yes anon" dc $VALGRIND $smb4torture //"\$NETBIOSNAME"/tmp -k no --signing=yes -U% BASE-XCOPY "$*" +plantest "smb.signing --signing=required anon" dc $VALGRIND $smb4torture //"\$NETBIOSNAME"/tmp -k no --signing=required -U% BASE-XCOPY "$*" +plantest "smb.signing --signing=no anon" member $VALGRIND $smb4torture //"\$NETBIOSNAME"/tmp -k no --signing=no -U% BASE-XCOPY "$*" NBT_TESTS=`$smb4torture --list | grep "^NBT-" | xargs` -- cgit From abe0af4ab417086d413f02cadf7315a8f801a0f8 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 30 Sep 2008 04:59:24 +0200 Subject: dcerpc.idl: add DCERPC_PFC_OFFSET metze --- source4/librpc/idl/dcerpc.idl | 1 + 1 file changed, 1 insertion(+) (limited to 'source4') diff --git a/source4/librpc/idl/dcerpc.idl b/source4/librpc/idl/dcerpc.idl index 1c6574b11b..a78329d990 100644 --- a/source4/librpc/idl/dcerpc.idl +++ b/source4/librpc/idl/dcerpc.idl @@ -261,6 +261,7 @@ interface dcerpc const uint8 DCERPC_PFC_FLAG_OBJECT_UUID = 0x80; /* on valid guid is in the optional object field */ /* these offsets are needed by the signing code */ + const uint8 DCERPC_PFC_OFFSET = 3; const uint8 DCERPC_DREP_OFFSET = 4; const uint8 DCERPC_FRAG_LEN_OFFSET = 8; const uint8 DCERPC_AUTH_LEN_OFFSET = 10; -- cgit From eb1de4f0ed149dd2b348d756f091809d934309a1 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 30 Sep 2008 04:59:56 +0200 Subject: s4:librpc/rpc: correctly sign or seal rpc request with an object guid metze --- source4/librpc/rpc/dcerpc.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'source4') diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c index 5bbcc5e91c..c1e3e26ee9 100644 --- a/source4/librpc/rpc/dcerpc.c +++ b/source4/librpc/rpc/dcerpc.c @@ -334,6 +334,7 @@ static NTSTATUS ncacn_push_request_sign(struct dcerpc_connection *c, DATA_BLOB creds2; size_t payload_length; enum ndr_err_code ndr_err; + size_t hdr_size = DCERPC_REQUEST_LENGTH; /* non-signed packets are simpler */ if (sig_size == 0) { @@ -367,6 +368,7 @@ static NTSTATUS ncacn_push_request_sign(struct dcerpc_connection *c, if (pkt->pfc_flags & DCERPC_PFC_FLAG_OBJECT_UUID) { ndr->flags |= LIBNDR_FLAG_OBJECT_PRESENT; + hdr_size += 16; } ndr_err = ndr_push_ncacn_packet(ndr, NDR_SCALARS|NDR_BUFFERS, pkt); @@ -415,7 +417,7 @@ static NTSTATUS ncacn_push_request_sign(struct dcerpc_connection *c, case DCERPC_AUTH_LEVEL_PRIVACY: status = gensec_seal_packet(c->security_state.generic_state, mem_ctx, - blob->data + DCERPC_REQUEST_LENGTH, + blob->data + hdr_size, payload_length, blob->data, blob->length, @@ -428,7 +430,7 @@ static NTSTATUS ncacn_push_request_sign(struct dcerpc_connection *c, case DCERPC_AUTH_LEVEL_INTEGRITY: status = gensec_sign_packet(c->security_state.generic_state, mem_ctx, - blob->data + DCERPC_REQUEST_LENGTH, + blob->data + hdr_size, payload_length, blob->data, blob->length, -- cgit From 844b331d257b02c073cc0dc4a6e229e6b9645949 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 30 Sep 2008 05:01:19 +0200 Subject: s4:rpc_server: correctly handle dcerpc requests with object uuids metze --- source4/rpc_server/dcerpc_server.c | 8 ++++---- source4/rpc_server/dcesrv_auth.c | 10 ++++++++-- 2 files changed, 12 insertions(+), 6 deletions(-) (limited to 'source4') diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c index e5f59d0cf9..893055d3b1 100644 --- a/source4/rpc_server/dcerpc_server.c +++ b/source4/rpc_server/dcerpc_server.c @@ -870,10 +870,6 @@ static NTSTATUS dcesrv_request(struct dcesrv_call_state *call) call->context = context; call->ndr_pull = pull; - if (call->pkt.pfc_flags & DCERPC_PFC_FLAG_OBJECT_UUID) { - pull->flags |= LIBNDR_FLAG_OBJECT_PRESENT; - } - if (!(call->pkt.drep[0] & DCERPC_DREP_LE)) { pull->flags |= LIBNDR_FLAG_BIGENDIAN; } @@ -1112,6 +1108,10 @@ NTSTATUS dcesrv_input_process(struct dcesrv_connection *dce_conn) ndr->flags |= LIBNDR_FLAG_BIGENDIAN; } + if (CVAL(blob.data, DCERPC_PFC_OFFSET) & DCERPC_PFC_FLAG_OBJECT_UUID) { + ndr->flags |= LIBNDR_FLAG_OBJECT_PRESENT; + } + ndr_err = ndr_pull_ncacn_packet(ndr, NDR_SCALARS|NDR_BUFFERS, &call->pkt); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { talloc_free(dce_conn->partial_input.data); diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/dcesrv_auth.c index 16bf4eb7ed..52d5631cfd 100644 --- a/source4/rpc_server/dcesrv_auth.c +++ b/source4/rpc_server/dcesrv_auth.c @@ -287,6 +287,7 @@ bool dcesrv_auth_request(struct dcesrv_call_state *call, DATA_BLOB *full_packet) struct ndr_pull *ndr; NTSTATUS status; enum ndr_err_code ndr_err; + size_t hdr_size = DCERPC_REQUEST_LENGTH; if (!dce_conn->auth_state.auth_info || !dce_conn->auth_state.gensec_security) { @@ -335,6 +336,11 @@ bool dcesrv_auth_request(struct dcesrv_call_state *call, DATA_BLOB *full_packet) ndr->flags |= LIBNDR_FLAG_BIGENDIAN; } + if (pkt->pfc_flags & DCERPC_PFC_FLAG_OBJECT_UUID) { + ndr->flags |= LIBNDR_FLAG_OBJECT_PRESENT; + hdr_size += 16; + } + ndr_err = ndr_pull_dcerpc_auth(ndr, NDR_SCALARS|NDR_BUFFERS, &auth); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { talloc_free(ndr); @@ -346,13 +352,13 @@ bool dcesrv_auth_request(struct dcesrv_call_state *call, DATA_BLOB *full_packet) case DCERPC_AUTH_LEVEL_PRIVACY: status = gensec_unseal_packet(dce_conn->auth_state.gensec_security, call, - full_packet->data + DCERPC_REQUEST_LENGTH, + full_packet->data + hdr_size, pkt->u.request.stub_and_verifier.length, full_packet->data, full_packet->length-auth.credentials.length, &auth.credentials); memcpy(pkt->u.request.stub_and_verifier.data, - full_packet->data + DCERPC_REQUEST_LENGTH, + full_packet->data + hdr_size, pkt->u.request.stub_and_verifier.length); break; -- cgit From 40e7769959e29eccf1f0f14142828c9d0b7880b6 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 30 Sep 2008 06:40:15 +0200 Subject: s4:torture/rpc: add RPC-OBJECTUUID This test shows that object uuids should be ignored if they're present in a dcerpc request. metze --- source4/torture/config.mk | 2 +- source4/torture/rpc/object_uuid.c | 87 +++++++++++++++++++++++++++++++++++++++ source4/torture/rpc/rpc.c | 1 + 3 files changed, 89 insertions(+), 1 deletion(-) create mode 100644 source4/torture/rpc/object_uuid.c (limited to 'source4') diff --git a/source4/torture/config.mk b/source4/torture/config.mk index 96da10b5df..211d09756d 100644 --- a/source4/torture/config.mk +++ b/source4/torture/config.mk @@ -116,7 +116,7 @@ torture_rpc_OBJ_FILES = $(addprefix $(torturesrcdir)/rpc/, \ eventlog.o epmapper.o winreg.o initshutdown.o oxidresolve.o remact.o mgmt.o \ scanner.o autoidl.o countcalls.o testjoin.o schannel.o netlogon.o remote_pac.o samlogon.o \ samsync.o bind.o dssetup.o alter_context.o bench.o samba3rpc.o rpc.o async_bind.o \ - handles.o frsapi.o) + handles.o frsapi.o object_uuid.o) $(eval $(call proto_header_template,$(torturesrcdir)/rpc/proto.h,$(torture_rpc_OBJ_FILES:.o=.c))) diff --git a/source4/torture/rpc/object_uuid.c b/source4/torture/rpc/object_uuid.c new file mode 100644 index 0000000000..5a77bd1c29 --- /dev/null +++ b/source4/torture/rpc/object_uuid.c @@ -0,0 +1,87 @@ +/* + Unix SMB/CIFS implementation. + + test suite for behaviour of object uuids in rpc requests + + Copyright (C) Stefan Metzmacher 2008 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include "includes.h" +#include "torture/torture.h" +#include "librpc/gen_ndr/ndr_dssetup.h" +#include "librpc/gen_ndr/ndr_dssetup_c.h" +#include "librpc/gen_ndr/ndr_lsa.h" +#include "librpc/gen_ndr/ndr_lsa_c.h" +#include "torture/rpc/rpc.h" + +/* + this tests the send object uuids in the dcerpc request +*/ + +static bool test_random_uuid(struct torture_context *torture) +{ + NTSTATUS status; + struct dcerpc_pipe *p1, *p2; + struct rpc_request *req; + struct GUID uuid; + struct dssetup_DsRoleGetPrimaryDomainInformation r1; + struct lsa_GetUserName r2; + struct lsa_StringPointer authority_name_p; + + torture_comment(torture, "RPC-OBJECTUUID-RANDOM\n"); + + status = torture_rpc_connection(torture, &p1, &ndr_table_dssetup); + torture_assert_ntstatus_ok(torture, status, "opening dsetup pipe1"); + + status = torture_rpc_connection(torture, &p2, &ndr_table_lsarpc); + torture_assert_ntstatus_ok(torture, status, "opening lsa pipe1"); + + uuid = GUID_random(); + + r1.in.level = DS_ROLE_BASIC_INFORMATION; + req = dcerpc_ndr_request_send(p1, &uuid, + &ndr_table_dssetup, + NDR_DSSETUP_DSROLEGETPRIMARYDOMAININFORMATION, + torture, &r1); + status = dcerpc_ndr_request_recv(req); + torture_assert_ntstatus_ok(torture, status, "DsRoleGetPrimaryDomainInformation failed"); + torture_assert_werr_ok(torture, r1.out.result, "DsRoleGetPrimaryDomainInformation failed"); + + uuid = GUID_random(); + + r2.in.system_name = "\\"; + r2.in.account_name = NULL; + r2.in.authority_name = &authority_name_p; + authority_name_p.string = NULL; + + req = dcerpc_ndr_request_send(p2, &uuid, + &ndr_table_lsarpc, + NDR_LSA_GETUSERNAME, + torture, &r2); + status = dcerpc_ndr_request_recv(req); + torture_assert_ntstatus_ok(torture, status, "lsaClose failed"); + torture_assert_ntstatus_ok(torture, r2.out.result, "lsaClose failed"); + + return true; +} + +struct torture_suite *torture_rpc_object_uuid(TALLOC_CTX *mem_ctx) +{ + struct torture_suite *suite; + suite = torture_suite_create(mem_ctx, "OBJECTUUID"); + torture_suite_add_simple_test(suite, "random-uuid", test_random_uuid); + return suite; +} diff --git a/source4/torture/rpc/rpc.c b/source4/torture/rpc/rpc.c index 85f7bde16c..c35f93e3f9 100644 --- a/source4/torture/rpc/rpc.c +++ b/source4/torture/rpc/rpc.c @@ -387,6 +387,7 @@ NTSTATUS torture_rpc_init(void) torture_suite_add_suite(suite, torture_rpc_atsvc(suite)); torture_suite_add_suite(suite, torture_rpc_wkssvc(suite)); torture_suite_add_suite(suite, torture_rpc_handles(suite)); + torture_suite_add_suite(suite, torture_rpc_object_uuid(suite)); torture_suite_add_suite(suite, torture_rpc_winreg(suite)); torture_suite_add_simple_test(suite, "SPOOLSS", torture_rpc_spoolss); torture_suite_add_suite(suite, torture_rpc_spoolss_notify(suite)); -- cgit From 45645426c2ae541fc2c3a112cde5a7f1d857938b Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 30 Sep 2008 06:42:53 +0200 Subject: s4:selftest: make sure we test RPC-OBJECTUUID with seal metze --- source4/selftest/samba4_tests.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/selftest/samba4_tests.sh b/source4/selftest/samba4_tests.sh index af8c3e94c1..bfe386af69 100755 --- a/source4/selftest/samba4_tests.sh +++ b/source4/selftest/samba4_tests.sh @@ -91,7 +91,7 @@ plantest "ldb" none TEST_DATA_PREFIX=\$PREFIX $LDBDIR/tests/test-tdb.sh # that they stay passing ncacn_np_tests="RPC-SCHANNEL RPC-JOIN RPC-LSA RPC-DSSETUP RPC-ALTERCONTEXT RPC-MULTIBIND RPC-NETLOGON RPC-HANDLES RPC-SAMSYNC RPC-SAMBA3SESSIONKEY RPC-SAMBA3-GETUSERNAME RPC-SAMBA3-LSA RPC-BINDSAMBA3 RPC-NETLOGSAMBA3 RPC-ASYNCBIND RPC-LSALOOKUP RPC-LSA-GETUSER RPC-SCHANNEL2 RPC-AUTHCONTEXT" ncalrpc_tests="RPC-SCHANNEL RPC-JOIN RPC-LSA RPC-DSSETUP RPC-ALTERCONTEXT RPC-MULTIBIND RPC-NETLOGON RPC-DRSUAPI RPC-ASYNCBIND RPC-LSALOOKUP RPC-LSA-GETUSER RPC-SCHANNEL2 RPC-AUTHCONTEXT" -ncacn_ip_tcp_tests="RPC-SCHANNEL RPC-JOIN RPC-LSA RPC-DSSETUP RPC-ALTERCONTEXT RPC-MULTIBIND RPC-NETLOGON RPC-HANDLES RPC-DSSYNC RPC-ASYNCBIND RPC-LSALOOKUP RPC-LSA-GETUSER RPC-SCHANNEL2 RPC-AUTHCONTEXT" +ncacn_ip_tcp_tests="RPC-SCHANNEL RPC-JOIN RPC-LSA RPC-DSSETUP RPC-ALTERCONTEXT RPC-MULTIBIND RPC-NETLOGON RPC-HANDLES RPC-DSSYNC RPC-ASYNCBIND RPC-LSALOOKUP RPC-LSA-GETUSER RPC-SCHANNEL2 RPC-AUTHCONTEXT RPC-OBJECTUUID" slow_ncacn_np_tests="RPC-SAMLOGON RPC-SAMR RPC-SAMR-USERS RPC-SAMR-PASSWORDS" slow_ncalrpc_tests="RPC-SAMR RPC-SAMR-PASSWORDS" slow_ncacn_ip_tcp_tests="RPC-SAMR RPC-SAMR-PASSWORDS RPC-CRACKNAMES" -- cgit From 8104968004a3a7fcfe4febb9918ecbf37ba948ac Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 29 Sep 2008 21:59:04 -0700 Subject: return a more useful error message when no name resolution methods are available --- source4/libcli/resolve/resolve.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source4') diff --git a/source4/libcli/resolve/resolve.c b/source4/libcli/resolve/resolve.c index d89b50e430..2b14591d68 100644 --- a/source4/libcli/resolve/resolve.c +++ b/source4/libcli/resolve/resolve.c @@ -165,6 +165,10 @@ struct composite_context *resolve_name_send(struct resolve_context *ctx, } state->method = ctx->methods; + if (state->method == NULL) { + composite_error(c, NT_STATUS_HOST_UNREACHABLE); + return c; + } state->creq = setup_next_method(c); if (composite_nomem(state->creq, c)) return c; -- cgit From d87e9ba56b00962be6b797464e77619bc6f0ba2c Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 29 Sep 2008 21:59:50 -0700 Subject: setup the loadparm context for ldb in testjoin --- source4/torture/rpc/testjoin.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source4') diff --git a/source4/torture/rpc/testjoin.c b/source4/torture/rpc/testjoin.c index 21542e9b16..3408a1924c 100644 --- a/source4/torture/rpc/testjoin.c +++ b/source4/torture/rpc/testjoin.c @@ -472,6 +472,7 @@ static NTSTATUS torture_leave_ads_domain(struct torture_context *torture, } ldb_set_opaque(ldb_ctx, "credentials", cmdline_credentials); + ldb_set_opaque(ldb_ctx, "loadparm", cmdline_lp_ctx); rtn = ldb_connect(ldb_ctx, remote_ldb_url, 0, NULL); if (rtn != 0) { -- cgit From 8dd35fabbb4732cf601a93abbe0373fd53e661a1 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 24 Sep 2008 11:20:45 -0700 Subject: NetApp found that we never set the smb signing flags2. This was found during testing at the CIFS plugfest. No other client seems to honour or use this bit, but it is quite ligitimately required by the spec. Andrew Bartlett --- source4/smb_server/smb/request.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source4') diff --git a/source4/smb_server/smb/request.c b/source4/smb_server/smb/request.c index c7fa2d7d8a..eb3e100b96 100644 --- a/source4/smb_server/smb/request.c +++ b/source4/smb_server/smb/request.c @@ -140,6 +140,10 @@ void smbsrv_setup_reply(struct smbsrv_request *req, uint_t wct, size_t buflen) flags2 |= FLAGS2_32_BIT_ERROR_CODES; } + if (req->smb_conn->signing.allow_smb_signing || req->smb_conn->signing.mandatory_signing) { + flags2 |= FLAGS2_SMB_SECURITY_SIGNATURES; + } + req->out.hdr = req->out.buffer + NBT_HDR_SIZE; req->out.vwv = req->out.hdr + HDR_VWV; req->out.wct = wct; -- cgit From 6ad78f01a5982666c83025a94ce4ff3729d5db6f Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 24 Sep 2008 12:53:10 -0700 Subject: Rename hdb_ldb to hdb_samba4 and load as a plugin into the kdc. This avoids one more custom patch to the Heimdal code, and provides a more standard way to produce hdb plugins in future. I've renamed from hdb_ldb to hdb_samba4 as it really is not generic ldb. Andrew Bartlett --- source4/heimdal/lib/hdb/hdb.c | 42 +- source4/heimdal/lib/hdb/hdb.h | 6 + source4/kdc/config.mk | 8 +- source4/kdc/hdb-ldb.c | 1550 ----------------------------------------- source4/kdc/hdb-samba4.c | 1550 +++++++++++++++++++++++++++++++++++++++++ source4/kdc/kdc.c | 17 +- 6 files changed, 1604 insertions(+), 1569 deletions(-) delete mode 100644 source4/kdc/hdb-ldb.c create mode 100644 source4/kdc/hdb-samba4.c (limited to 'source4') diff --git a/source4/heimdal/lib/hdb/hdb.c b/source4/heimdal/lib/hdb/hdb.c index 3fddabb2d0..19c170767d 100644 --- a/source4/heimdal/lib/hdb/hdb.c +++ b/source4/heimdal/lib/hdb/hdb.c @@ -31,34 +31,27 @@ * SUCH DAMAGE. */ +#include "krb5.h" +#include "krb5_locl.h" #include "hdb_locl.h" - RCSID("$Id$"); #ifdef HAVE_DLFCN_H #include #endif -struct hdb_method { - const char *prefix; - krb5_error_code (*create)(krb5_context, HDB **, const char *filename); -}; - static struct hdb_method methods[] = { #if HAVE_DB1 || HAVE_DB3 - {"db:", hdb_db_create}, + {HDB_INTERFACE_VERSION, "db:", hdb_db_create}, #endif #if HAVE_NDBM - {"ndbm:", hdb_ndbm_create}, + {HDB_INTERFACE_VERSION, "ndbm:", hdb_ndbm_create}, #endif #if defined(OPENLDAP) && !defined(OPENLDAP_MODULE) - {"ldap:", hdb_ldap_create}, - {"ldapi:", hdb_ldapi_create}, -#endif -#ifdef HAVE_LDB /* Used for integrated samba build */ - {"ldb:", hdb_ldb_create}, + {HDB_INTERFACE_VERSION, "ldap:", hdb_ldap_create}, + {HDB_INTERFACE_VERSION, "ldapi:", hdb_ldapi_create}, #endif - {NULL, NULL} + {0, NULL, NULL} }; #if HAVE_DB1 || HAVE_DB3 @@ -398,11 +391,32 @@ hdb_create(krb5_context context, HDB **db, const char *filename) { const struct hdb_method *h; const char *residual; + krb5_error_code ret; + struct krb5_plugin *list = NULL, *e; if(filename == NULL) filename = HDB_DEFAULT_DB; krb5_add_et_list(context, initialize_hdb_error_table_r); h = find_method (filename, &residual); + + if (h == NULL) { + ret = _krb5_plugin_find(context, PLUGIN_TYPE_DATA, "hdb", &list); + if(ret == 0 && list != NULL) { + for (e = list; e != NULL; e = _krb5_plugin_get_next(e)) { + h = _krb5_plugin_get_symbol(e); + if (strncmp (filename, h->prefix, strlen(h->prefix)) == 0 + && h->interface_version == HDB_INTERFACE_VERSION) { + residual = filename + strlen(h->prefix); + break; + } + } + if (e == NULL) { + h = NULL; + _krb5_plugin_free(list); + } + } + } + #ifdef HAVE_DLOPEN if (h == NULL) h = find_dynamic_method (context, filename, &residual); diff --git a/source4/heimdal/lib/hdb/hdb.h b/source4/heimdal/lib/hdb/hdb.h index bc1b744015..5c2097ea59 100644 --- a/source4/heimdal/lib/hdb/hdb.h +++ b/source4/heimdal/lib/hdb/hdb.h @@ -139,6 +139,12 @@ typedef krb5_error_code (*hdb_foreach_func_t)(krb5_context, HDB*, hdb_entry_ex*, void*); extern krb5_kt_ops hdb_kt_ops; +struct hdb_method { + int interface_version; + const char *prefix; + krb5_error_code (*create)(krb5_context, HDB **, const char *filename); +}; + #include #endif /* __HDB_H__ */ diff --git a/source4/kdc/config.mk b/source4/kdc/config.mk index b3e5bfdb92..dfd2879bd6 100644 --- a/source4/kdc/config.mk +++ b/source4/kdc/config.mk @@ -6,7 +6,7 @@ INIT_FUNCTION = server_service_kdc_init SUBSYSTEM = samba PRIVATE_DEPENDENCIES = \ - HEIMDAL_KDC HDB_LDB + HEIMDAL_KDC HDB_SAMBA4 # End SUBSYSTEM KDC ####################### @@ -14,7 +14,7 @@ KDC_OBJ_FILES = $(addprefix $(kdcsrcdir)/, kdc.o kpasswdd.o) ####################### # Start SUBSYSTEM KDC -[SUBSYSTEM::HDB_LDB] +[SUBSYSTEM::HDB_SAMBA4] CFLAGS = -Iheimdal/kdc -Iheimdal/lib/hdb PRIVATE_DEPENDENCIES = \ LIBLDB auth_sam auth_sam_reply CREDENTIALS \ @@ -22,5 +22,5 @@ PRIVATE_DEPENDENCIES = \ # End SUBSYSTEM KDC ####################### -HDB_LDB_OBJ_FILES = $(addprefix $(kdcsrcdir)/, hdb-ldb.o pac-glue.o) -$(eval $(call proto_header_template,$(kdcsrcdir)/pac_glue.h,$(HDB_LDB_OBJ_FILES:.o=.c))) +HDB_SAMBA4_OBJ_FILES = $(addprefix $(kdcsrcdir)/, hdb-samba4.o pac-glue.o) +$(eval $(call proto_header_template,$(kdcsrcdir)/pac_glue.h,$(HDB_SAMBA4_OBJ_FILES:.o=.c))) diff --git a/source4/kdc/hdb-ldb.c b/source4/kdc/hdb-ldb.c deleted file mode 100644 index 4fde75cf70..0000000000 --- a/source4/kdc/hdb-ldb.c +++ /dev/null @@ -1,1550 +0,0 @@ -/* - * Copyright (c) 1999-2001, 2003, PADL Software Pty Ltd. - * Copyright (c) 2004, Andrew Bartlett . - * Copyright (c) 2004, Stefan Metzmacher - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of PADL Software nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "includes.h" -#include "system/time.h" -#include "dsdb/common/flags.h" -#include "lib/ldb/include/ldb.h" -#include "lib/ldb/include/ldb_errors.h" -#include "librpc/gen_ndr/netlogon.h" -#include "auth/auth.h" -#include "auth/credentials/credentials.h" -#include "auth/auth_sam.h" -#include "util/util_ldb.h" -#include "dsdb/samdb/samdb.h" -#include "librpc/ndr/libndr.h" -#include "librpc/gen_ndr/ndr_drsblobs.h" -#include "librpc/gen_ndr/lsa.h" -#include "libcli/auth/libcli_auth.h" -#include "param/param.h" -#include "events/events.h" -#include "kdc/kdc.h" -#include "../lib/crypto/md4.h" - -enum hdb_ldb_ent_type -{ HDB_LDB_ENT_TYPE_CLIENT, HDB_LDB_ENT_TYPE_SERVER, - HDB_LDB_ENT_TYPE_KRBTGT, HDB_LDB_ENT_TYPE_TRUST, HDB_LDB_ENT_TYPE_ANY }; - -enum trust_direction { - UNKNOWN = 0, - INBOUND = LSA_TRUST_DIRECTION_INBOUND, - OUTBOUND = LSA_TRUST_DIRECTION_OUTBOUND -}; - -static const char *realm_ref_attrs[] = { - "nCName", - "dnsRoot", - NULL -}; - -static const char *trust_attrs[] = { - "trustPartner", - "trustAuthIncoming", - "trustAuthOutgoing", - "whenCreated", - "msDS-SupportedEncryptionTypes", - "trustAttributes", - "trustDirection", - "trustType", - NULL -}; - -static KerberosTime ldb_msg_find_krb5time_ldap_time(struct ldb_message *msg, const char *attr, KerberosTime default_val) -{ - const char *tmp; - const char *gentime; - struct tm tm; - - gentime = ldb_msg_find_attr_as_string(msg, attr, NULL); - if (!gentime) - return default_val; - - tmp = strptime(gentime, "%Y%m%d%H%M%SZ", &tm); - if (tmp == NULL) { - return default_val; - } - - return timegm(&tm); -} - -static HDBFlags uf2HDBFlags(krb5_context context, int userAccountControl, enum hdb_ldb_ent_type ent_type) -{ - HDBFlags flags = int2HDBFlags(0); - - /* we don't allow kadmin deletes */ - flags.immutable = 1; - - /* mark the principal as invalid to start with */ - flags.invalid = 1; - - flags.renewable = 1; - - /* All accounts are servers, but this may be disabled again in the caller */ - flags.server = 1; - - /* Account types - clear the invalid bit if it turns out to be valid */ - if (userAccountControl & UF_NORMAL_ACCOUNT) { - if (ent_type == HDB_LDB_ENT_TYPE_CLIENT || ent_type == HDB_LDB_ENT_TYPE_ANY) { - flags.client = 1; - } - flags.invalid = 0; - } - - if (userAccountControl & UF_INTERDOMAIN_TRUST_ACCOUNT) { - if (ent_type == HDB_LDB_ENT_TYPE_CLIENT || ent_type == HDB_LDB_ENT_TYPE_ANY) { - flags.client = 1; - } - flags.invalid = 0; - } - if (userAccountControl & UF_WORKSTATION_TRUST_ACCOUNT) { - if (ent_type == HDB_LDB_ENT_TYPE_CLIENT || ent_type == HDB_LDB_ENT_TYPE_ANY) { - flags.client = 1; - } - flags.invalid = 0; - } - if (userAccountControl & UF_SERVER_TRUST_ACCOUNT) { - if (ent_type == HDB_LDB_ENT_TYPE_CLIENT || ent_type == HDB_LDB_ENT_TYPE_ANY) { - flags.client = 1; - } - flags.invalid = 0; - } - - /* Not permitted to act as a client if disabled */ - if (userAccountControl & UF_ACCOUNTDISABLE) { - flags.client = 0; - } - if (userAccountControl & UF_LOCKOUT) { - flags.invalid = 1; - } -/* - if (userAccountControl & UF_PASSWORD_NOTREQD) { - flags.invalid = 1; - } -*/ -/* - UF_PASSWORD_CANT_CHANGE and UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED are irrelevent -*/ - if (userAccountControl & UF_TEMP_DUPLICATE_ACCOUNT) { - flags.invalid = 1; - } - -/* UF_DONT_EXPIRE_PASSWD and UF_USE_DES_KEY_ONLY handled in LDB_message2entry() */ - -/* - if (userAccountControl & UF_MNS_LOGON_ACCOUNT) { - flags.invalid = 1; - } -*/ - if (userAccountControl & UF_SMARTCARD_REQUIRED) { - flags.require_hwauth = 1; - } - if (userAccountControl & UF_TRUSTED_FOR_DELEGATION) { - flags.ok_as_delegate = 1; - } - if (!(userAccountControl & UF_NOT_DELEGATED)) { - flags.forwardable = 1; - flags.proxiable = 1; - } - - if (userAccountControl & UF_DONT_REQUIRE_PREAUTH) { - flags.require_preauth = 0; - } else { - flags.require_preauth = 1; - - } - return flags; -} - -static int hdb_ldb_destructor(struct hdb_ldb_private *private) -{ - hdb_entry_ex *entry_ex = private->entry_ex; - free_hdb_entry(&entry_ex->entry); - return 0; -} - -static void hdb_ldb_free_entry(krb5_context context, hdb_entry_ex *entry_ex) -{ - talloc_free(entry_ex->ctx); -} - -static krb5_error_code LDB_message2entry_keys(krb5_context context, - struct smb_iconv_convenience *iconv_convenience, - TALLOC_CTX *mem_ctx, - struct ldb_message *msg, - unsigned int userAccountControl, - hdb_entry_ex *entry_ex) -{ - krb5_error_code ret = 0; - enum ndr_err_code ndr_err; - struct samr_Password *hash; - const struct ldb_val *sc_val; - struct supplementalCredentialsBlob scb; - struct supplementalCredentialsPackage *scpk = NULL; - bool newer_keys = false; - struct package_PrimaryKerberosBlob _pkb; - struct package_PrimaryKerberosCtr3 *pkb3 = NULL; - struct package_PrimaryKerberosCtr4 *pkb4 = NULL; - uint32_t i; - uint32_t allocated_keys = 0; - - entry_ex->entry.keys.val = NULL; - entry_ex->entry.keys.len = 0; - - entry_ex->entry.kvno = ldb_msg_find_attr_as_int(msg, "msDS-KeyVersionNumber", 0); - - /* Get keys from the db */ - - hash = samdb_result_hash(mem_ctx, msg, "unicodePwd"); - sc_val = ldb_msg_find_ldb_val(msg, "supplementalCredentials"); - - /* unicodePwd for enctype 0x17 (23) if present */ - if (hash) { - allocated_keys++; - } - - /* supplementalCredentials if present */ - if (sc_val) { - ndr_err = ndr_pull_struct_blob_all(sc_val, mem_ctx, iconv_convenience, &scb, - (ndr_pull_flags_fn_t)ndr_pull_supplementalCredentialsBlob); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - dump_data(0, sc_val->data, sc_val->length); - ret = EINVAL; - goto out; - } - - if (scb.sub.signature != SUPPLEMENTAL_CREDENTIALS_SIGNATURE) { - NDR_PRINT_DEBUG(supplementalCredentialsBlob, &scb); - ret = EINVAL; - goto out; - } - - for (i=0; i < scb.sub.num_packages; i++) { - if (strcmp("Primary:Kerberos-Newer-Keys", scb.sub.packages[i].name) == 0) { - scpk = &scb.sub.packages[i]; - if (!scpk->data || !scpk->data[0]) { - scpk = NULL; - continue; - } - newer_keys = true; - break; - } else if (strcmp("Primary:Kerberos", scb.sub.packages[i].name) == 0) { - scpk = &scb.sub.packages[i]; - if (!scpk->data || !scpk->data[0]) { - scpk = NULL; - } - /* - * we don't break here in hope to find - * a Kerberos-Newer-Keys package - */ - } - } - } - /* - * Primary:Kerberos-Newer-Keys or Primary:Kerberos element - * of supplementalCredentials - */ - if (scpk) { - DATA_BLOB blob; - - blob = strhex_to_data_blob(scpk->data); - if (!blob.data) { - ret = ENOMEM; - goto out; - } - talloc_steal(mem_ctx, blob.data); - - /* we cannot use ndr_pull_struct_blob_all() here, as w2k and w2k3 add padding bytes */ - ndr_err = ndr_pull_struct_blob(&blob, mem_ctx, iconv_convenience, &_pkb, - (ndr_pull_flags_fn_t)ndr_pull_package_PrimaryKerberosBlob); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - krb5_set_error_string(context, "LDB_message2entry_keys: could not parse package_PrimaryKerberosBlob"); - krb5_warnx(context, "LDB_message2entry_keys: could not parse package_PrimaryKerberosBlob"); - ret = EINVAL; - goto out; - } - - if (newer_keys && _pkb.version != 4) { - krb5_set_error_string(context, "LDB_message2entry_keys: Primary:Kerberos-Newer-Keys not version 4"); - krb5_warnx(context, "LDB_message2entry_keys: Primary:Kerberos-Newer-Keys not version 4"); - ret = EINVAL; - goto out; - } - - if (!newer_keys && _pkb.version != 3) { - krb5_set_error_string(context, "LDB_message2entry_keys: could not parse Primary:Kerberos not version 3"); - krb5_warnx(context, "LDB_message2entry_keys: could not parse Primary:Kerberos not version 3"); - ret = EINVAL; - goto out; - } - - if (_pkb.version == 4) { - pkb4 = &_pkb.ctr.ctr4; - allocated_keys += pkb4->num_keys; - } else if (_pkb.version == 3) { - pkb3 = &_pkb.ctr.ctr3; - allocated_keys += pkb3->num_keys; - } - } - - if (allocated_keys == 0) { - /* oh, no password. Apparently (comment in - * hdb-ldap.c) this violates the ASN.1, but this - * allows an entry with no keys (yet). */ - return 0; - } - - /* allocate space to decode into */ - entry_ex->entry.keys.len = 0; - entry_ex->entry.keys.val = calloc(allocated_keys, sizeof(Key)); - if (entry_ex->entry.keys.val == NULL) { - ret = ENOMEM; - goto out; - } - - if (hash && !(userAccountControl & UF_USE_DES_KEY_ONLY)) { - Key key; - - key.mkvno = 0; - key.salt = NULL; /* No salt for this enc type */ - - ret = krb5_keyblock_init(context, - ENCTYPE_ARCFOUR_HMAC_MD5, - hash->hash, sizeof(hash->hash), - &key.key); - if (ret) { - goto out; - } - - entry_ex->entry.keys.val[entry_ex->entry.keys.len] = key; - entry_ex->entry.keys.len++; - } - - if (pkb4) { - for (i=0; i < pkb4->num_keys; i++) { - bool use = true; - Key key; - - if (!pkb4->keys[i].value) continue; - - if (userAccountControl & UF_USE_DES_KEY_ONLY) { - switch (pkb4->keys[i].keytype) { - case ENCTYPE_DES_CBC_CRC: - case ENCTYPE_DES_CBC_MD5: - break; - default: - use = false; - break; - } - } - - if (!use) continue; - - key.mkvno = 0; - key.salt = NULL; - - if (pkb4->salt.string) { - DATA_BLOB salt; - - salt = data_blob_string_const(pkb4->salt.string); - - key.salt = calloc(1, sizeof(*key.salt)); - if (key.salt == NULL) { - ret = ENOMEM; - goto out; - } - - key.salt->type = hdb_pw_salt; - - ret = krb5_data_copy(&key.salt->salt, salt.data, salt.length); - if (ret) { - free(key.salt); - key.salt = NULL; - goto out; - } - } - - /* TODO: maybe pass the iteration_count somehow... */ - - ret = krb5_keyblock_init(context, - pkb4->keys[i].keytype, - pkb4->keys[i].value->data, - pkb4->keys[i].value->length, - &key.key); - if (ret) { - if (key.salt) { - free_Salt(key.salt); - free(key.salt); - key.salt = NULL; - } - goto out; - } - - entry_ex->entry.keys.val[entry_ex->entry.keys.len] = key; - entry_ex->entry.keys.len++; - } - } else if (pkb3) { - for (i=0; i < pkb3->num_keys; i++) { - bool use = true; - Key key; - - if (!pkb3->keys[i].value) continue; - - if (userAccountControl & UF_USE_DES_KEY_ONLY) { - switch (pkb3->keys[i].keytype) { - case ENCTYPE_DES_CBC_CRC: - case ENCTYPE_DES_CBC_MD5: - break; - default: - use = false; - break; - } - } - - if (!use) continue; - - key.mkvno = 0; - key.salt = NULL; - - if (pkb3->salt.string) { - DATA_BLOB salt; - - salt = data_blob_string_const(pkb3->salt.string); - - key.salt = calloc(1, sizeof(*key.salt)); - if (key.salt == NULL) { - ret = ENOMEM; - goto out; - } - - key.salt->type = hdb_pw_salt; - - ret = krb5_data_copy(&key.salt->salt, salt.data, salt.length); - if (ret) { - free(key.salt); - key.salt = NULL; - goto out; - } - } - - ret = krb5_keyblock_init(context, - pkb3->keys[i].keytype, - pkb3->keys[i].value->data, - pkb3->keys[i].value->length, - &key.key); - if (ret) { - if (key.salt) { - free_Salt(key.salt); - free(key.salt); - key.salt = NULL; - } - goto out; - } - - entry_ex->entry.keys.val[entry_ex->entry.keys.len] = key; - entry_ex->entry.keys.len++; - } - } - -out: - if (ret != 0) { - entry_ex->entry.keys.len = 0; - } - if (entry_ex->entry.keys.len == 0 && entry_ex->entry.keys.val) { - free(entry_ex->entry.keys.val); - entry_ex->entry.keys.val = NULL; - } - return ret; -} - -/* - * Construct an hdb_entry from a directory entry. - */ -static krb5_error_code LDB_message2entry(krb5_context context, HDB *db, - TALLOC_CTX *mem_ctx, krb5_const_principal principal, - enum hdb_ldb_ent_type ent_type, - struct ldb_message *msg, - struct ldb_message *realm_ref_msg, - hdb_entry_ex *entry_ex) -{ - unsigned int userAccountControl; - int i; - krb5_error_code ret = 0; - krb5_boolean is_computer = FALSE; - const char *dnsdomain = ldb_msg_find_attr_as_string(realm_ref_msg, "dnsRoot", NULL); - char *realm = strupper_talloc(mem_ctx, dnsdomain); - struct loadparm_context *lp_ctx = ldb_get_opaque((struct ldb_context *)db->hdb_db, "loadparm"); - struct ldb_dn *domain_dn = samdb_result_dn((struct ldb_context *)db->hdb_db, - mem_ctx, - realm_ref_msg, - "nCName", - ldb_dn_new(mem_ctx, (struct ldb_context *)db->hdb_db, NULL)); - - struct hdb_ldb_private *private; - NTTIME acct_expiry; - - struct ldb_message_element *objectclasses; - struct ldb_val computer_val; - computer_val.data = discard_const_p(uint8_t,"computer"); - computer_val.length = strlen((const char *)computer_val.data); - - objectclasses = ldb_msg_find_element(msg, "objectClass"); - - if (objectclasses && ldb_msg_find_val(objectclasses, &computer_val)) { - is_computer = TRUE; - } - - memset(entry_ex, 0, sizeof(*entry_ex)); - - if (!realm) { - krb5_set_error_string(context, "talloc_strdup: out of memory"); - ret = ENOMEM; - goto out; - } - - private = talloc(mem_ctx, struct hdb_ldb_private); - if (!private) { - ret = ENOMEM; - goto out; - } - - private->entry_ex = entry_ex; - private->iconv_convenience = lp_iconv_convenience(lp_ctx); - private->netbios_name = lp_netbios_name(lp_ctx); - - talloc_set_destructor(private, hdb_ldb_destructor); - - entry_ex->ctx = private; - entry_ex->free_entry = hdb_ldb_free_entry; - - userAccountControl = ldb_msg_find_attr_as_uint(msg, "userAccountControl", 0); - - - entry_ex->entry.principal = malloc(sizeof(*(entry_ex->entry.principal))); - if (ent_type == HDB_LDB_ENT_TYPE_ANY && principal == NULL) { - const char *samAccountName = ldb_msg_find_attr_as_string(msg, "samAccountName", NULL); - if (!samAccountName) { - krb5_set_error_string(context, "LDB_message2entry: no samAccountName present"); - ret = ENOENT; - goto out; - } - samAccountName = ldb_msg_find_attr_as_string(msg, "samAccountName", NULL); - krb5_make_principal(context, &entry_ex->entry.principal, realm, samAccountName, NULL); - } else { - char *strdup_realm; - ret = copy_Principal(principal, entry_ex->entry.principal); - if (ret) { - krb5_clear_error_string(context); - goto out; - } - - /* While we have copied the client principal, tests - * show that Win2k3 returns the 'corrected' realm, not - * the client-specified realm. This code attempts to - * replace the client principal's realm with the one - * we determine from our records */ - - /* this has to be with malloc() */ - strdup_realm = strdup(realm); - if (!strdup_realm) { - ret = ENOMEM; - krb5_clear_error_string(context); - goto out; - } - free(*krb5_princ_realm(context, entry_ex->entry.principal)); - krb5_princ_set_realm(context, entry_ex->entry.principal, &strdup_realm); - } - - entry_ex->entry.flags = uf2HDBFlags(context, userAccountControl, ent_type); - - if (ent_type == HDB_LDB_ENT_TYPE_KRBTGT) { - entry_ex->entry.flags.invalid = 0; - entry_ex->entry.flags.server = 1; - entry_ex->entry.flags.forwardable = 1; - entry_ex->entry.flags.ok_as_delegate = 1; - } - - if (lp_parm_bool(lp_ctx, NULL, "kdc", "require spn for service", true)) { - if (!is_computer && !ldb_msg_find_attr_as_string(msg, "servicePrincipalName", NULL)) { - entry_ex->entry.flags.server = 0; - } - } - - /* use 'whenCreated' */ - entry_ex->entry.created_by.time = ldb_msg_find_krb5time_ldap_time(msg, "whenCreated", 0); - /* use '???' */ - entry_ex->entry.created_by.principal = NULL; - - entry_ex->entry.modified_by = (Event *) malloc(sizeof(Event)); - if (entry_ex->entry.modified_by == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - ret = ENOMEM; - goto out; - } - - /* use 'whenChanged' */ - entry_ex->entry.modified_by->time = ldb_msg_find_krb5time_ldap_time(msg, "whenChanged", 0); - /* use '???' */ - entry_ex->entry.modified_by->principal = NULL; - - entry_ex->entry.valid_start = NULL; - - acct_expiry = samdb_result_account_expires(msg); - if (acct_expiry == 0x7FFFFFFFFFFFFFFFULL) { - entry_ex->entry.valid_end = NULL; - } else { - entry_ex->entry.valid_end = malloc(sizeof(*entry_ex->entry.valid_end)); - if (entry_ex->entry.valid_end == NULL) { - ret = ENOMEM; - goto out; - } - *entry_ex->entry.valid_end = nt_time_to_unix(acct_expiry); - } - - if (ent_type != HDB_LDB_ENT_TYPE_KRBTGT) { - NTTIME must_change_time - = samdb_result_force_password_change((struct ldb_context *)db->hdb_db, mem_ctx, - domain_dn, msg); - if (must_change_time == 0x7FFFFFFFFFFFFFFFULL) { - entry_ex->entry.pw_end = NULL; - } else { - entry_ex->entry.pw_end = malloc(sizeof(*entry_ex->entry.pw_end)); - if (entry_ex->entry.pw_end == NULL) { - ret = ENOMEM; - goto out; - } - *entry_ex->entry.pw_end = nt_time_to_unix(must_change_time); - } - } else { - entry_ex->entry.pw_end = NULL; - } - - entry_ex->entry.max_life = NULL; - - entry_ex->entry.max_renew = NULL; - - entry_ex->entry.generation = NULL; - - /* Get keys from the db */ - ret = LDB_message2entry_keys(context, private->iconv_convenience, private, msg, userAccountControl, entry_ex); - if (ret) { - /* Could be bougus data in the entry, or out of memory */ - goto out; - } - - entry_ex->entry.etypes = malloc(sizeof(*(entry_ex->entry.etypes))); - if (entry_ex->entry.etypes == NULL) { - krb5_clear_error_string(context); - ret = ENOMEM; - goto out; - } - entry_ex->entry.etypes->len = entry_ex->entry.keys.len; - entry_ex->entry.etypes->val = calloc(entry_ex->entry.etypes->len, sizeof(int)); - if (entry_ex->entry.etypes->val == NULL) { - krb5_clear_error_string(context); - ret = ENOMEM; - goto out; - } - for (i=0; i < entry_ex->entry.etypes->len; i++) { - entry_ex->entry.etypes->val[i] = entry_ex->entry.keys.val[i].key.keytype; - } - - - private->msg = talloc_steal(private, msg); - private->realm_ref_msg = talloc_steal(private, realm_ref_msg); - private->samdb = (struct ldb_context *)db->hdb_db; - -out: - if (ret != 0) { - /* This doesn't free ent itself, that is for the eventual caller to do */ - hdb_free_entry(context, entry_ex); - } else { - talloc_steal(db, entry_ex->ctx); - } - - return ret; -} - -/* - * Construct an hdb_entry from a directory entry. - */ -static krb5_error_code LDB_trust_message2entry(krb5_context context, HDB *db, - struct loadparm_context *lp_ctx, - TALLOC_CTX *mem_ctx, krb5_const_principal principal, - enum trust_direction direction, - struct ldb_message *msg, - hdb_entry_ex *entry_ex) -{ - - const char *dnsdomain; - char *realm; - char *strdup_realm; - DATA_BLOB password_utf16; - struct samr_Password password_hash; - const struct ldb_val *password_val; - struct trustAuthInOutBlob password_blob; - struct hdb_ldb_private *private; - - enum ndr_err_code ndr_err; - int i, ret, trust_direction_flags; - - private = talloc(mem_ctx, struct hdb_ldb_private); - if (!private) { - ret = ENOMEM; - goto out; - } - - private->entry_ex = entry_ex; - private->iconv_convenience = lp_iconv_convenience(lp_ctx); - private->netbios_name = lp_netbios_name(lp_ctx); - - talloc_set_destructor(private, hdb_ldb_destructor); - - entry_ex->ctx = private; - entry_ex->free_entry = hdb_ldb_free_entry; - - /* use 'whenCreated' */ - entry_ex->entry.created_by.time = ldb_msg_find_krb5time_ldap_time(msg, "whenCreated", 0); - /* use '???' */ - entry_ex->entry.created_by.principal = NULL; - - entry_ex->entry.valid_start = NULL; - - trust_direction_flags = ldb_msg_find_attr_as_int(msg, "trustDirection", 0); - - if (direction == INBOUND) { - realm = strupper_talloc(mem_ctx, lp_realm(lp_ctx)); - password_val = ldb_msg_find_ldb_val(msg, "trustAuthIncoming"); - - } else { /* OUTBOUND */ - dnsdomain = ldb_msg_find_attr_as_string(msg, "trustPartner", NULL); - realm = strupper_talloc(mem_ctx, dnsdomain); - password_val = ldb_msg_find_ldb_val(msg, "trustAuthOutgoing"); - } - - if (!password_val || !(trust_direction_flags & direction)) { - ret = ENOENT; - goto out; - } - - ndr_err = ndr_pull_struct_blob_all(password_val, mem_ctx, private->iconv_convenience, &password_blob, - (ndr_pull_flags_fn_t)ndr_pull_trustAuthInOutBlob); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - ret = EINVAL; - goto out; - } - - for (i=0; i < password_blob.count; i++) { - if (password_blob.current->array[i].AuthType == TRUST_AUTH_TYPE_CLEAR) { - password_utf16 = data_blob_const(password_blob.current->array[i].AuthInfo.clear.password, - password_blob.current->array[i].AuthInfo.clear.size); - /* In the future, generate all sorts of - * hashes, but for now we can't safely convert - * the random strings windows uses into - * utf8 */ - - /* but as it is utf16 already, we can get the NT password/arcfour-hmac-md5 key */ - mdfour(password_hash.hash, password_utf16.data, password_utf16.length); - break; - } else if (password_blob.current->array[i].AuthType == TRUST_AUTH_TYPE_NT4OWF) { - password_hash = password_blob.current->array[i].AuthInfo.nt4owf.password; - break; - } - } - entry_ex->entry.keys.len = 0; - entry_ex->entry.keys.val = NULL; - - if (i < password_blob.count) { - Key key; - /* Must have found a cleartext or MD4 password */ - entry_ex->entry.keys.val = calloc(1, sizeof(Key)); - - key.mkvno = 0; - key.salt = NULL; /* No salt for this enc type */ - - if (entry_ex->entry.keys.val == NULL) { - ret = ENOMEM; - goto out; - } - - ret = krb5_keyblock_init(context, - ENCTYPE_ARCFOUR_HMAC_MD5, - password_hash.hash, sizeof(password_hash.hash), - &key.key); - - entry_ex->entry.keys.val[entry_ex->entry.keys.len] = key; - entry_ex->entry.keys.len++; - } - - ret = copy_Principal(principal, entry_ex->entry.principal); - if (ret) { - krb5_clear_error_string(context); - goto out; - } - - /* While we have copied the client principal, tests - * show that Win2k3 returns the 'corrected' realm, not - * the client-specified realm. This code attempts to - * replace the client principal's realm with the one - * we determine from our records */ - - /* this has to be with malloc() */ - strdup_realm = strdup(realm); - if (!strdup_realm) { - ret = ENOMEM; - krb5_clear_error_string(context); - goto out; - } - free(*krb5_princ_realm(context, entry_ex->entry.principal)); - krb5_princ_set_realm(context, entry_ex->entry.principal, &strdup_realm); - - entry_ex->entry.flags = int2HDBFlags(0); - entry_ex->entry.flags.immutable = 1; - entry_ex->entry.flags.invalid = 0; - entry_ex->entry.flags.server = 1; - entry_ex->entry.flags.require_preauth = 1; - - entry_ex->entry.pw_end = NULL; - - entry_ex->entry.max_life = NULL; - - entry_ex->entry.max_renew = NULL; - - entry_ex->entry.generation = NULL; - - entry_ex->entry.etypes = malloc(sizeof(*(entry_ex->entry.etypes))); - if (entry_ex->entry.etypes == NULL) { - krb5_clear_error_string(context); - ret = ENOMEM; - goto out; - } - entry_ex->entry.etypes->len = entry_ex->entry.keys.len; - entry_ex->entry.etypes->val = calloc(entry_ex->entry.etypes->len, sizeof(int)); - if (entry_ex->entry.etypes->val == NULL) { - krb5_clear_error_string(context); - ret = ENOMEM; - goto out; - } - for (i=0; i < entry_ex->entry.etypes->len; i++) { - entry_ex->entry.etypes->val[i] = entry_ex->entry.keys.val[i].key.keytype; - } - - - private->msg = talloc_steal(private, msg); - private->realm_ref_msg = NULL; - private->samdb = (struct ldb_context *)db->hdb_db; - -out: - if (ret != 0) { - /* This doesn't free ent itself, that is for the eventual caller to do */ - hdb_free_entry(context, entry_ex); - } else { - talloc_steal(db, entry_ex->ctx); - } - - return ret; - -} - -static krb5_error_code LDB_lookup_principal(krb5_context context, struct ldb_context *ldb_ctx, - TALLOC_CTX *mem_ctx, - krb5_const_principal principal, - enum hdb_ldb_ent_type ent_type, - struct ldb_dn *realm_dn, - struct ldb_message ***pmsg) -{ - krb5_error_code ret; - int lret; - char *filter = NULL; - const char * const *princ_attrs = user_attrs; - - char *short_princ; - char *short_princ_talloc; - - struct ldb_result *res = NULL; - - ret = krb5_unparse_name_flags(context, principal, KRB5_PRINCIPAL_UNPARSE_NO_REALM, &short_princ); - - if (ret != 0) { - krb5_set_error_string(context, "LDB_lookup_principal: could not parse principal"); - krb5_warnx(context, "LDB_lookup_principal: could not parse principal"); - return ret; - } - - short_princ_talloc = talloc_strdup(mem_ctx, short_princ); - free(short_princ); - if (!short_princ_talloc) { - krb5_set_error_string(context, "LDB_lookup_principal: talloc_strdup() failed!"); - return ENOMEM; - } - - switch (ent_type) { - case HDB_LDB_ENT_TYPE_CLIENT: - case HDB_LDB_ENT_TYPE_TRUST: - case HDB_LDB_ENT_TYPE_ANY: - /* Can't happen */ - return EINVAL; - case HDB_LDB_ENT_TYPE_KRBTGT: - filter = talloc_asprintf(mem_ctx, "(&(objectClass=user)(samAccountName=%s))", - KRB5_TGS_NAME); - break; - case HDB_LDB_ENT_TYPE_SERVER: - filter = talloc_asprintf(mem_ctx, "(&(objectClass=user)(samAccountName=%s))", - short_princ_talloc); - break; - } - - if (!filter) { - krb5_set_error_string(context, "talloc_asprintf: out of memory"); - return ENOMEM; - } - - lret = ldb_search(ldb_ctx, mem_ctx, &res, realm_dn, - LDB_SCOPE_SUBTREE, princ_attrs, "%s", filter); - if (lret != LDB_SUCCESS) { - DEBUG(3, ("Failed to search for %s: %s\n", filter, ldb_errstring(ldb_ctx))); - return HDB_ERR_NOENTRY; - } else if (res->count == 0 || res->count > 1) { - DEBUG(3, ("Failed find a single entry for %s: got %d\n", filter, res->count)); - talloc_free(res); - return HDB_ERR_NOENTRY; - } - talloc_steal(mem_ctx, res->msgs); - *pmsg = res->msgs; - talloc_free(res); - return 0; -} - -static krb5_error_code LDB_lookup_trust(krb5_context context, struct ldb_context *ldb_ctx, - TALLOC_CTX *mem_ctx, - const char *realm, - struct ldb_dn *realm_dn, - struct ldb_message ***pmsg) -{ - int lret; - char *filter = NULL; - const char * const *attrs = trust_attrs; - - struct ldb_result *res = NULL; - filter = talloc_asprintf(mem_ctx, "(&(objectClass=trustedDomain)(|(flatname=%s)(trustPartner=%s)))", realm, realm); - - if (!filter) { - krb5_set_error_string(context, "talloc_asprintf: out of memory"); - return ENOMEM; - } - - lret = ldb_search(ldb_ctx, mem_ctx, &res, - ldb_get_default_basedn(ldb_ctx), - LDB_SCOPE_SUBTREE, attrs, "%s", filter); - if (lret != LDB_SUCCESS) { - DEBUG(3, ("Failed to search for %s: %s\n", filter, ldb_errstring(ldb_ctx))); - return HDB_ERR_NOENTRY; - } else if (res->count == 0 || res->count > 1) { - DEBUG(3, ("Failed find a single entry for %s: got %d\n", filter, res->count)); - talloc_free(res); - return HDB_ERR_NOENTRY; - } - talloc_steal(mem_ctx, res->msgs); - *pmsg = res->msgs; - talloc_free(res); - return 0; -} - -static krb5_error_code LDB_lookup_realm(krb5_context context, struct ldb_context *ldb_ctx, - TALLOC_CTX *mem_ctx, - const char *realm, - struct ldb_message ***pmsg) -{ - int ret; - struct ldb_result *cross_ref_res; - struct ldb_dn *partitions_basedn = samdb_partitions_dn(ldb_ctx, mem_ctx); - - ret = ldb_search(ldb_ctx, mem_ctx, &cross_ref_res, - partitions_basedn, LDB_SCOPE_SUBTREE, realm_ref_attrs, - "(&(&(|(&(dnsRoot=%s)(nETBIOSName=*))(nETBIOSName=%s))(objectclass=crossRef))(ncName=*))", - realm, realm); - - if (ret != LDB_SUCCESS) { - DEBUG(3, ("Failed to search to lookup realm(%s): %s\n", realm, ldb_errstring(ldb_ctx))); - talloc_free(cross_ref_res); - return HDB_ERR_NOENTRY; - } else if (cross_ref_res->count == 0 || cross_ref_res->count > 1) { - DEBUG(3, ("Failed find a single entry for realm %s: got %d\n", realm, cross_ref_res->count)); - talloc_free(cross_ref_res); - return HDB_ERR_NOENTRY; - } - - if (pmsg) { - *pmsg = cross_ref_res->msgs; - talloc_steal(mem_ctx, cross_ref_res->msgs); - } - talloc_free(cross_ref_res); - - return 0; -} - - -static krb5_error_code LDB_open(krb5_context context, HDB *db, int flags, mode_t mode) -{ - if (db->hdb_master_key_set) { - krb5_warnx(context, "LDB_open: use of a master key incompatible with LDB\n"); - krb5_set_error_string(context, "LDB_open: use of a master key incompatible with LDB\n"); - return HDB_ERR_NOENTRY; - } - - return 0; -} - -static krb5_error_code LDB_close(krb5_context context, HDB *db) -{ - return 0; -} - -static krb5_error_code LDB_lock(krb5_context context, HDB *db, int operation) -{ - return 0; -} - -static krb5_error_code LDB_unlock(krb5_context context, HDB *db) -{ - return 0; -} - -static krb5_error_code LDB_rename(krb5_context context, HDB *db, const char *new_name) -{ - return HDB_ERR_DB_INUSE; -} - -static krb5_error_code LDB_fetch_client(krb5_context context, HDB *db, - TALLOC_CTX *mem_ctx, - krb5_const_principal principal, - unsigned flags, - hdb_entry_ex *entry_ex) { - NTSTATUS nt_status; - char *principal_string; - krb5_error_code ret; - struct ldb_message **msg = NULL; - struct ldb_message **realm_ref_msg = NULL; - - ret = krb5_unparse_name(context, principal, &principal_string); - - if (ret != 0) { - return ret; - } - - nt_status = sam_get_results_principal((struct ldb_context *)db->hdb_db, - mem_ctx, principal_string, - &msg, &realm_ref_msg); - free(principal_string); - if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER)) { - return HDB_ERR_NOENTRY; - } else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_MEMORY)) { - return ENOMEM; - } else if (!NT_STATUS_IS_OK(nt_status)) { - return EINVAL; - } - - ret = LDB_message2entry(context, db, mem_ctx, - principal, HDB_LDB_ENT_TYPE_CLIENT, - msg[0], realm_ref_msg[0], entry_ex); - return ret; -} - -static krb5_error_code LDB_fetch_krbtgt(krb5_context context, HDB *db, - TALLOC_CTX *mem_ctx, - krb5_const_principal principal, - unsigned flags, - hdb_entry_ex *entry_ex) -{ - krb5_error_code ret; - struct ldb_message **msg = NULL; - struct ldb_message **realm_ref_msg_1 = NULL; - struct ldb_message **realm_ref_msg_2 = NULL; - struct ldb_dn *realm_dn; - const char *realm; - - krb5_principal alloc_principal = NULL; - if (principal->name.name_string.len != 2 - || (strcmp(principal->name.name_string.val[0], KRB5_TGS_NAME) != 0)) { - /* Not a krbtgt */ - return HDB_ERR_NOENTRY; - } - - /* krbtgt case. Either us or a trusted realm */ - - if ((LDB_lookup_realm(context, (struct ldb_context *)db->hdb_db, - mem_ctx, principal->realm, &realm_ref_msg_1) == 0) - && (LDB_lookup_realm(context, (struct ldb_context *)db->hdb_db, - mem_ctx, principal->name.name_string.val[1], &realm_ref_msg_2) == 0) - && (ldb_dn_compare(realm_ref_msg_1[0]->dn, realm_ref_msg_1[0]->dn) == 0)) { - /* us */ - /* Cludge, cludge cludge. If the realm part of krbtgt/realm, - * is in our db, then direct the caller at our primary - * krbtgt */ - - const char *dnsdomain = ldb_msg_find_attr_as_string(realm_ref_msg_1[0], "dnsRoot", NULL); - char *realm_fixed = strupper_talloc(mem_ctx, dnsdomain); - if (!realm_fixed) { - krb5_set_error_string(context, "strupper_talloc: out of memory"); - return ENOMEM; - } - - ret = krb5_copy_principal(context, principal, &alloc_principal); - if (ret) { - return ret; - } - - free(alloc_principal->name.name_string.val[1]); - alloc_principal->name.name_string.val[1] = strdup(realm_fixed); - talloc_free(realm_fixed); - if (!alloc_principal->name.name_string.val[1]) { - krb5_set_error_string(context, "LDB_fetch: strdup() failed!"); - return ENOMEM; - } - principal = alloc_principal; - realm_dn = samdb_result_dn((struct ldb_context *)db->hdb_db, mem_ctx, realm_ref_msg_1[0], "nCName", NULL); - - ret = LDB_lookup_principal(context, (struct ldb_context *)db->hdb_db, - mem_ctx, - principal, HDB_LDB_ENT_TYPE_KRBTGT, realm_dn, &msg); - - if (ret != 0) { - krb5_warnx(context, "LDB_fetch: could not find principal in DB"); - krb5_set_error_string(context, "LDB_fetch: could not find principal in DB"); - return ret; - } - - ret = LDB_message2entry(context, db, mem_ctx, - principal, HDB_LDB_ENT_TYPE_KRBTGT, - msg[0], realm_ref_msg_1[0], entry_ex); - if (ret != 0) { - krb5_warnx(context, "LDB_fetch: message2entry failed"); - } - return ret; - - } else { - enum trust_direction direction = UNKNOWN; - - struct loadparm_context *lp_ctx = talloc_get_type(ldb_get_opaque(db->hdb_db, "loadparm"), struct loadparm_context); - /* Either an inbound or outbound trust */ - - if (strcasecmp(lp_realm(lp_ctx), principal->realm) == 0) { - /* look for inbound trust */ - direction = INBOUND; - realm = principal->name.name_string.val[1]; - } - - if (strcasecmp(lp_realm(lp_ctx), principal->name.name_string.val[1]) == 0) { - /* look for outbound trust */ - direction = OUTBOUND; - realm = principal->realm; - } - - /* Trusted domains are under CN=system */ - - ret = LDB_lookup_trust(context, (struct ldb_context *)db->hdb_db, - mem_ctx, - realm, realm_dn, &msg); - - if (ret != 0) { - krb5_warnx(context, "LDB_fetch: could not find principal in DB"); - krb5_set_error_string(context, "LDB_fetch: could not find principal in DB"); - return ret; - } - - ret = LDB_trust_message2entry(context, db, lp_ctx, mem_ctx, - principal, direction, - msg[0], entry_ex); - if (ret != 0) { - krb5_warnx(context, "LDB_fetch: message2entry failed"); - } - return ret; - - - /* we should lookup trusted domains */ - return HDB_ERR_NOENTRY; - } - -} - -static krb5_error_code LDB_fetch_server(krb5_context context, HDB *db, - TALLOC_CTX *mem_ctx, - krb5_const_principal principal, - unsigned flags, - hdb_entry_ex *entry_ex) -{ - krb5_error_code ret; - const char *realm; - struct ldb_message **msg = NULL; - struct ldb_message **realm_ref_msg = NULL; - struct ldb_dn *partitions_basedn = samdb_partitions_dn(db->hdb_db, mem_ctx); - if (principal->name.name_string.len >= 2) { - /* 'normal server' case */ - int ldb_ret; - NTSTATUS nt_status; - struct ldb_dn *user_dn, *domain_dn; - char *principal_string; - - ret = krb5_unparse_name_flags(context, principal, - KRB5_PRINCIPAL_UNPARSE_NO_REALM, - &principal_string); - if (ret != 0) { - return ret; - } - - /* At this point we may find the host is known to be - * in a different realm, so we should generate a - * referral instead */ - nt_status = crack_service_principal_name((struct ldb_context *)db->hdb_db, - mem_ctx, principal_string, - &user_dn, &domain_dn); - free(principal_string); - - if (!NT_STATUS_IS_OK(nt_status)) { - return HDB_ERR_NOENTRY; - } - - ldb_ret = gendb_search_dn((struct ldb_context *)db->hdb_db, - mem_ctx, user_dn, &msg, user_attrs); - - if (ldb_ret != 1) { - return HDB_ERR_NOENTRY; - } - - ldb_ret = gendb_search((struct ldb_context *)db->hdb_db, - mem_ctx, partitions_basedn, &realm_ref_msg, realm_ref_attrs, - "ncName=%s", ldb_dn_get_linearized(domain_dn)); - - if (ldb_ret != 1) { - return HDB_ERR_NOENTRY; - } - - } else { - struct ldb_dn *realm_dn; - /* server as client principal case, but we must not lookup userPrincipalNames */ - - realm = krb5_principal_get_realm(context, principal); - - ret = LDB_lookup_realm(context, (struct ldb_context *)db->hdb_db, - mem_ctx, realm, &realm_ref_msg); - if (ret != 0) { - return HDB_ERR_NOENTRY; - } - - realm_dn = samdb_result_dn((struct ldb_context *)db->hdb_db, mem_ctx, realm_ref_msg[0], "nCName", NULL); - - ret = LDB_lookup_principal(context, (struct ldb_context *)db->hdb_db, - mem_ctx, - principal, HDB_LDB_ENT_TYPE_SERVER, realm_dn, &msg); - - if (ret != 0) { - return ret; - } - } - - ret = LDB_message2entry(context, db, mem_ctx, - principal, HDB_LDB_ENT_TYPE_SERVER, - msg[0], realm_ref_msg[0], entry_ex); - if (ret != 0) { - krb5_warnx(context, "LDB_fetch: message2entry failed"); - } - - return ret; -} - -static krb5_error_code LDB_fetch(krb5_context context, HDB *db, - krb5_const_principal principal, - unsigned flags, - hdb_entry_ex *entry_ex) -{ - krb5_error_code ret = HDB_ERR_NOENTRY; - - TALLOC_CTX *mem_ctx = talloc_named(db, 0, "LDB_fetch context"); - - if (!mem_ctx) { - krb5_set_error_string(context, "LDB_fetch: talloc_named() failed!"); - return ENOMEM; - } - - if (flags & HDB_F_GET_CLIENT) { - ret = LDB_fetch_client(context, db, mem_ctx, principal, flags, entry_ex); - if (ret != HDB_ERR_NOENTRY) goto done; - } - if (flags & HDB_F_GET_SERVER) { - /* krbtgt fits into this situation for trusted realms, and for resolving different versions of our own realm name */ - ret = LDB_fetch_krbtgt(context, db, mem_ctx, principal, flags, entry_ex); - if (ret != HDB_ERR_NOENTRY) goto done; - - /* We return 'no entry' if it does not start with krbtgt/, so move to the common case quickly */ - ret = LDB_fetch_server(context, db, mem_ctx, principal, flags, entry_ex); - if (ret != HDB_ERR_NOENTRY) goto done; - } - if (flags & HDB_F_GET_KRBTGT) { - ret = LDB_fetch_krbtgt(context, db, mem_ctx, principal, flags, entry_ex); - if (ret != HDB_ERR_NOENTRY) goto done; - } - -done: - talloc_free(mem_ctx); - return ret; -} - -static krb5_error_code LDB_store(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry) -{ - return HDB_ERR_DB_INUSE; -} - -static krb5_error_code LDB_remove(krb5_context context, HDB *db, krb5_const_principal principal) -{ - return HDB_ERR_DB_INUSE; -} - -struct hdb_ldb_seq { - struct ldb_context *ctx; - int index; - int count; - struct ldb_message **msgs; - struct ldb_message **realm_ref_msgs; -}; - -static krb5_error_code LDB_seq(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry) -{ - krb5_error_code ret; - struct hdb_ldb_seq *priv = (struct hdb_ldb_seq *)db->hdb_dbc; - TALLOC_CTX *mem_ctx; - hdb_entry_ex entry_ex; - memset(&entry_ex, '\0', sizeof(entry_ex)); - - if (!priv) { - return HDB_ERR_NOENTRY; - } - - mem_ctx = talloc_named(priv, 0, "LDB_seq context"); - - if (!mem_ctx) { - krb5_set_error_string(context, "LDB_seq: talloc_named() failed!"); - return ENOMEM; - } - - if (priv->index < priv->count) { - ret = LDB_message2entry(context, db, mem_ctx, - NULL, HDB_LDB_ENT_TYPE_ANY, - priv->msgs[priv->index++], - priv->realm_ref_msgs[0], entry); - } else { - ret = HDB_ERR_NOENTRY; - } - - if (ret != 0) { - talloc_free(priv); - db->hdb_dbc = NULL; - } else { - talloc_free(mem_ctx); - } - - return ret; -} - -static krb5_error_code LDB_firstkey(krb5_context context, HDB *db, unsigned flags, - hdb_entry_ex *entry) -{ - struct ldb_context *ldb_ctx = (struct ldb_context *)db->hdb_db; - struct hdb_ldb_seq *priv = (struct hdb_ldb_seq *)db->hdb_dbc; - char *realm; - struct ldb_dn *realm_dn = NULL; - struct ldb_result *res = NULL; - struct ldb_message **realm_ref_msgs = NULL; - krb5_error_code ret; - TALLOC_CTX *mem_ctx; - int lret; - - if (priv) { - talloc_free(priv); - db->hdb_dbc = NULL; - } - - priv = (struct hdb_ldb_seq *) talloc(db, struct hdb_ldb_seq); - if (!priv) { - krb5_set_error_string(context, "talloc: out of memory"); - return ENOMEM; - } - - priv->ctx = ldb_ctx; - priv->index = 0; - priv->msgs = NULL; - priv->realm_ref_msgs = NULL; - priv->count = 0; - - mem_ctx = talloc_named(priv, 0, "LDB_firstkey context"); - - if (!mem_ctx) { - krb5_set_error_string(context, "LDB_firstkey: talloc_named() failed!"); - return ENOMEM; - } - - ret = krb5_get_default_realm(context, &realm); - if (ret != 0) { - talloc_free(priv); - return ret; - } - - ret = LDB_lookup_realm(context, (struct ldb_context *)db->hdb_db, - mem_ctx, realm, &realm_ref_msgs); - - free(realm); - - if (ret != 0) { - talloc_free(priv); - krb5_warnx(context, "LDB_firstkey: could not find realm\n"); - return HDB_ERR_NOENTRY; - } - - realm_dn = samdb_result_dn((struct ldb_context *)db->hdb_db, mem_ctx, realm_ref_msgs[0], "nCName", NULL); - - priv->realm_ref_msgs = talloc_steal(priv, realm_ref_msgs); - - lret = ldb_search(ldb_ctx, priv, &res, - realm_dn, LDB_SCOPE_SUBTREE, user_attrs, - "(objectClass=user)"); - - if (lret != LDB_SUCCESS) { - talloc_free(priv); - return HDB_ERR_NOENTRY; - } - - priv->count = res->count; - priv->msgs = talloc_steal(priv, res->msgs); - talloc_free(res); - - db->hdb_dbc = priv; - - ret = LDB_seq(context, db, flags, entry); - - if (ret != 0) { - talloc_free(priv); - db->hdb_dbc = NULL; - } else { - talloc_free(mem_ctx); - } - return ret; -} - -static krb5_error_code LDB_nextkey(krb5_context context, HDB *db, unsigned flags, - hdb_entry_ex *entry) -{ - return LDB_seq(context, db, flags, entry); -} - -static krb5_error_code LDB_destroy(krb5_context context, HDB *db) -{ - talloc_free(db); - return 0; -} - -/* This interface is to be called by the KDC, which is expecting Samba - * calling conventions. It is also called by a wrapper - * (hdb_ldb_create) from the kpasswdd -> krb5 -> keytab_hdb -> hdb - * code */ - -NTSTATUS kdc_hdb_ldb_create(TALLOC_CTX *mem_ctx, - struct event_context *ev_ctx, - struct loadparm_context *lp_ctx, - krb5_context context, struct HDB **db, const char *arg) -{ - NTSTATUS nt_status; - struct auth_session_info *session_info; - *db = talloc(mem_ctx, HDB); - if (!*db) { - krb5_set_error_string(context, "malloc: out of memory"); - return NT_STATUS_NO_MEMORY; - } - - (*db)->hdb_master_key_set = 0; - (*db)->hdb_db = NULL; - - nt_status = auth_system_session_info(*db, lp_ctx, &session_info); - if (!NT_STATUS_IS_OK(nt_status)) { - return nt_status; - } - - /* The idea here is very simple. Using Kerberos to - * authenticate the KDC to the LDAP server is higly likely to - * be circular. - * - * In future we may set this up to use EXERNAL and SSL - * certificates, for now it will almost certainly be NTLMSSP - */ - - cli_credentials_set_kerberos_state(session_info->credentials, - CRED_DONT_USE_KERBEROS); - - /* Setup the link to LDB */ - (*db)->hdb_db = samdb_connect(*db, ev_ctx, lp_ctx, session_info); - if ((*db)->hdb_db == NULL) { - DEBUG(1, ("hdb_ldb_create: Cannot open samdb for KDC backend!")); - return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; - } - - (*db)->hdb_dbc = NULL; - (*db)->hdb_open = LDB_open; - (*db)->hdb_close = LDB_close; - (*db)->hdb_fetch = LDB_fetch; - (*db)->hdb_store = LDB_store; - (*db)->hdb_remove = LDB_remove; - (*db)->hdb_firstkey = LDB_firstkey; - (*db)->hdb_nextkey = LDB_nextkey; - (*db)->hdb_lock = LDB_lock; - (*db)->hdb_unlock = LDB_unlock; - (*db)->hdb_rename = LDB_rename; - /* we don't implement these, as we are not a lockable database */ - (*db)->hdb__get = NULL; - (*db)->hdb__put = NULL; - /* kadmin should not be used for deletes - use other tools instead */ - (*db)->hdb__del = NULL; - (*db)->hdb_destroy = LDB_destroy; - - return NT_STATUS_OK; -} - -krb5_error_code hdb_ldb_create(krb5_context context, struct HDB **db, const char *arg) -{ - NTSTATUS nt_status; - /* The global kdc_mem_ctx and kdc_lp_ctx, Disgusting, ugly hack, but it means one less private hook */ - nt_status = kdc_hdb_ldb_create(kdc_mem_ctx, event_context_find(kdc_mem_ctx), kdc_lp_ctx, - context, db, arg); - - if (NT_STATUS_IS_OK(nt_status)) { - return 0; - } - return EINVAL; -} diff --git a/source4/kdc/hdb-samba4.c b/source4/kdc/hdb-samba4.c new file mode 100644 index 0000000000..d7317f17d4 --- /dev/null +++ b/source4/kdc/hdb-samba4.c @@ -0,0 +1,1550 @@ +/* + * Copyright (c) 1999-2001, 2003, PADL Software Pty Ltd. + * Copyright (c) 2004, Andrew Bartlett . + * Copyright (c) 2004, Stefan Metzmacher + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of PADL Software nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "includes.h" +#include "system/time.h" +#include "dsdb/common/flags.h" +#include "lib/ldb/include/ldb.h" +#include "lib/ldb/include/ldb_errors.h" +#include "librpc/gen_ndr/netlogon.h" +#include "auth/auth.h" +#include "auth/credentials/credentials.h" +#include "auth/auth_sam.h" +#include "util/util_ldb.h" +#include "dsdb/samdb/samdb.h" +#include "librpc/ndr/libndr.h" +#include "librpc/gen_ndr/ndr_drsblobs.h" +#include "librpc/gen_ndr/lsa.h" +#include "libcli/auth/libcli_auth.h" +#include "param/param.h" +#include "events/events.h" +#include "kdc/kdc.h" +#include "../lib/crypto/md4.h" + +enum hdb_ldb_ent_type +{ HDB_SAMBA4_ENT_TYPE_CLIENT, HDB_SAMBA4_ENT_TYPE_SERVER, + HDB_SAMBA4_ENT_TYPE_KRBTGT, HDB_SAMBA4_ENT_TYPE_TRUST, HDB_SAMBA4_ENT_TYPE_ANY }; + +enum trust_direction { + UNKNOWN = 0, + INBOUND = LSA_TRUST_DIRECTION_INBOUND, + OUTBOUND = LSA_TRUST_DIRECTION_OUTBOUND +}; + +static const char *realm_ref_attrs[] = { + "nCName", + "dnsRoot", + NULL +}; + +static const char *trust_attrs[] = { + "trustPartner", + "trustAuthIncoming", + "trustAuthOutgoing", + "whenCreated", + "msDS-SupportedEncryptionTypes", + "trustAttributes", + "trustDirection", + "trustType", + NULL +}; + +static KerberosTime ldb_msg_find_krb5time_ldap_time(struct ldb_message *msg, const char *attr, KerberosTime default_val) +{ + const char *tmp; + const char *gentime; + struct tm tm; + + gentime = ldb_msg_find_attr_as_string(msg, attr, NULL); + if (!gentime) + return default_val; + + tmp = strptime(gentime, "%Y%m%d%H%M%SZ", &tm); + if (tmp == NULL) { + return default_val; + } + + return timegm(&tm); +} + +static HDBFlags uf2HDBFlags(krb5_context context, int userAccountControl, enum hdb_ldb_ent_type ent_type) +{ + HDBFlags flags = int2HDBFlags(0); + + /* we don't allow kadmin deletes */ + flags.immutable = 1; + + /* mark the principal as invalid to start with */ + flags.invalid = 1; + + flags.renewable = 1; + + /* All accounts are servers, but this may be disabled again in the caller */ + flags.server = 1; + + /* Account types - clear the invalid bit if it turns out to be valid */ + if (userAccountControl & UF_NORMAL_ACCOUNT) { + if (ent_type == HDB_SAMBA4_ENT_TYPE_CLIENT || ent_type == HDB_SAMBA4_ENT_TYPE_ANY) { + flags.client = 1; + } + flags.invalid = 0; + } + + if (userAccountControl & UF_INTERDOMAIN_TRUST_ACCOUNT) { + if (ent_type == HDB_SAMBA4_ENT_TYPE_CLIENT || ent_type == HDB_SAMBA4_ENT_TYPE_ANY) { + flags.client = 1; + } + flags.invalid = 0; + } + if (userAccountControl & UF_WORKSTATION_TRUST_ACCOUNT) { + if (ent_type == HDB_SAMBA4_ENT_TYPE_CLIENT || ent_type == HDB_SAMBA4_ENT_TYPE_ANY) { + flags.client = 1; + } + flags.invalid = 0; + } + if (userAccountControl & UF_SERVER_TRUST_ACCOUNT) { + if (ent_type == HDB_SAMBA4_ENT_TYPE_CLIENT || ent_type == HDB_SAMBA4_ENT_TYPE_ANY) { + flags.client = 1; + } + flags.invalid = 0; + } + + /* Not permitted to act as a client if disabled */ + if (userAccountControl & UF_ACCOUNTDISABLE) { + flags.client = 0; + } + if (userAccountControl & UF_LOCKOUT) { + flags.invalid = 1; + } +/* + if (userAccountControl & UF_PASSWORD_NOTREQD) { + flags.invalid = 1; + } +*/ +/* + UF_PASSWORD_CANT_CHANGE and UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED are irrelevent +*/ + if (userAccountControl & UF_TEMP_DUPLICATE_ACCOUNT) { + flags.invalid = 1; + } + +/* UF_DONT_EXPIRE_PASSWD and UF_USE_DES_KEY_ONLY handled in LDB_message2entry() */ + +/* + if (userAccountControl & UF_MNS_LOGON_ACCOUNT) { + flags.invalid = 1; + } +*/ + if (userAccountControl & UF_SMARTCARD_REQUIRED) { + flags.require_hwauth = 1; + } + if (userAccountControl & UF_TRUSTED_FOR_DELEGATION) { + flags.ok_as_delegate = 1; + } + if (!(userAccountControl & UF_NOT_DELEGATED)) { + flags.forwardable = 1; + flags.proxiable = 1; + } + + if (userAccountControl & UF_DONT_REQUIRE_PREAUTH) { + flags.require_preauth = 0; + } else { + flags.require_preauth = 1; + + } + return flags; +} + +static int hdb_ldb_destructor(struct hdb_ldb_private *private) +{ + hdb_entry_ex *entry_ex = private->entry_ex; + free_hdb_entry(&entry_ex->entry); + return 0; +} + +static void hdb_ldb_free_entry(krb5_context context, hdb_entry_ex *entry_ex) +{ + talloc_free(entry_ex->ctx); +} + +static krb5_error_code LDB_message2entry_keys(krb5_context context, + struct smb_iconv_convenience *iconv_convenience, + TALLOC_CTX *mem_ctx, + struct ldb_message *msg, + unsigned int userAccountControl, + hdb_entry_ex *entry_ex) +{ + krb5_error_code ret = 0; + enum ndr_err_code ndr_err; + struct samr_Password *hash; + const struct ldb_val *sc_val; + struct supplementalCredentialsBlob scb; + struct supplementalCredentialsPackage *scpk = NULL; + bool newer_keys = false; + struct package_PrimaryKerberosBlob _pkb; + struct package_PrimaryKerberosCtr3 *pkb3 = NULL; + struct package_PrimaryKerberosCtr4 *pkb4 = NULL; + uint32_t i; + uint32_t allocated_keys = 0; + + entry_ex->entry.keys.val = NULL; + entry_ex->entry.keys.len = 0; + + entry_ex->entry.kvno = ldb_msg_find_attr_as_int(msg, "msDS-KeyVersionNumber", 0); + + /* Get keys from the db */ + + hash = samdb_result_hash(mem_ctx, msg, "unicodePwd"); + sc_val = ldb_msg_find_ldb_val(msg, "supplementalCredentials"); + + /* unicodePwd for enctype 0x17 (23) if present */ + if (hash) { + allocated_keys++; + } + + /* supplementalCredentials if present */ + if (sc_val) { + ndr_err = ndr_pull_struct_blob_all(sc_val, mem_ctx, iconv_convenience, &scb, + (ndr_pull_flags_fn_t)ndr_pull_supplementalCredentialsBlob); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + dump_data(0, sc_val->data, sc_val->length); + ret = EINVAL; + goto out; + } + + if (scb.sub.signature != SUPPLEMENTAL_CREDENTIALS_SIGNATURE) { + NDR_PRINT_DEBUG(supplementalCredentialsBlob, &scb); + ret = EINVAL; + goto out; + } + + for (i=0; i < scb.sub.num_packages; i++) { + if (strcmp("Primary:Kerberos-Newer-Keys", scb.sub.packages[i].name) == 0) { + scpk = &scb.sub.packages[i]; + if (!scpk->data || !scpk->data[0]) { + scpk = NULL; + continue; + } + newer_keys = true; + break; + } else if (strcmp("Primary:Kerberos", scb.sub.packages[i].name) == 0) { + scpk = &scb.sub.packages[i]; + if (!scpk->data || !scpk->data[0]) { + scpk = NULL; + } + /* + * we don't break here in hope to find + * a Kerberos-Newer-Keys package + */ + } + } + } + /* + * Primary:Kerberos-Newer-Keys or Primary:Kerberos element + * of supplementalCredentials + */ + if (scpk) { + DATA_BLOB blob; + + blob = strhex_to_data_blob(scpk->data); + if (!blob.data) { + ret = ENOMEM; + goto out; + } + talloc_steal(mem_ctx, blob.data); + + /* we cannot use ndr_pull_struct_blob_all() here, as w2k and w2k3 add padding bytes */ + ndr_err = ndr_pull_struct_blob(&blob, mem_ctx, iconv_convenience, &_pkb, + (ndr_pull_flags_fn_t)ndr_pull_package_PrimaryKerberosBlob); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + krb5_set_error_string(context, "LDB_message2entry_keys: could not parse package_PrimaryKerberosBlob"); + krb5_warnx(context, "LDB_message2entry_keys: could not parse package_PrimaryKerberosBlob"); + ret = EINVAL; + goto out; + } + + if (newer_keys && _pkb.version != 4) { + krb5_set_error_string(context, "LDB_message2entry_keys: Primary:Kerberos-Newer-Keys not version 4"); + krb5_warnx(context, "LDB_message2entry_keys: Primary:Kerberos-Newer-Keys not version 4"); + ret = EINVAL; + goto out; + } + + if (!newer_keys && _pkb.version != 3) { + krb5_set_error_string(context, "LDB_message2entry_keys: could not parse Primary:Kerberos not version 3"); + krb5_warnx(context, "LDB_message2entry_keys: could not parse Primary:Kerberos not version 3"); + ret = EINVAL; + goto out; + } + + if (_pkb.version == 4) { + pkb4 = &_pkb.ctr.ctr4; + allocated_keys += pkb4->num_keys; + } else if (_pkb.version == 3) { + pkb3 = &_pkb.ctr.ctr3; + allocated_keys += pkb3->num_keys; + } + } + + if (allocated_keys == 0) { + /* oh, no password. Apparently (comment in + * hdb-ldap.c) this violates the ASN.1, but this + * allows an entry with no keys (yet). */ + return 0; + } + + /* allocate space to decode into */ + entry_ex->entry.keys.len = 0; + entry_ex->entry.keys.val = calloc(allocated_keys, sizeof(Key)); + if (entry_ex->entry.keys.val == NULL) { + ret = ENOMEM; + goto out; + } + + if (hash && !(userAccountControl & UF_USE_DES_KEY_ONLY)) { + Key key; + + key.mkvno = 0; + key.salt = NULL; /* No salt for this enc type */ + + ret = krb5_keyblock_init(context, + ENCTYPE_ARCFOUR_HMAC_MD5, + hash->hash, sizeof(hash->hash), + &key.key); + if (ret) { + goto out; + } + + entry_ex->entry.keys.val[entry_ex->entry.keys.len] = key; + entry_ex->entry.keys.len++; + } + + if (pkb4) { + for (i=0; i < pkb4->num_keys; i++) { + bool use = true; + Key key; + + if (!pkb4->keys[i].value) continue; + + if (userAccountControl & UF_USE_DES_KEY_ONLY) { + switch (pkb4->keys[i].keytype) { + case ENCTYPE_DES_CBC_CRC: + case ENCTYPE_DES_CBC_MD5: + break; + default: + use = false; + break; + } + } + + if (!use) continue; + + key.mkvno = 0; + key.salt = NULL; + + if (pkb4->salt.string) { + DATA_BLOB salt; + + salt = data_blob_string_const(pkb4->salt.string); + + key.salt = calloc(1, sizeof(*key.salt)); + if (key.salt == NULL) { + ret = ENOMEM; + goto out; + } + + key.salt->type = hdb_pw_salt; + + ret = krb5_data_copy(&key.salt->salt, salt.data, salt.length); + if (ret) { + free(key.salt); + key.salt = NULL; + goto out; + } + } + + /* TODO: maybe pass the iteration_count somehow... */ + + ret = krb5_keyblock_init(context, + pkb4->keys[i].keytype, + pkb4->keys[i].value->data, + pkb4->keys[i].value->length, + &key.key); + if (ret) { + if (key.salt) { + free_Salt(key.salt); + free(key.salt); + key.salt = NULL; + } + goto out; + } + + entry_ex->entry.keys.val[entry_ex->entry.keys.len] = key; + entry_ex->entry.keys.len++; + } + } else if (pkb3) { + for (i=0; i < pkb3->num_keys; i++) { + bool use = true; + Key key; + + if (!pkb3->keys[i].value) continue; + + if (userAccountControl & UF_USE_DES_KEY_ONLY) { + switch (pkb3->keys[i].keytype) { + case ENCTYPE_DES_CBC_CRC: + case ENCTYPE_DES_CBC_MD5: + break; + default: + use = false; + break; + } + } + + if (!use) continue; + + key.mkvno = 0; + key.salt = NULL; + + if (pkb3->salt.string) { + DATA_BLOB salt; + + salt = data_blob_string_const(pkb3->salt.string); + + key.salt = calloc(1, sizeof(*key.salt)); + if (key.salt == NULL) { + ret = ENOMEM; + goto out; + } + + key.salt->type = hdb_pw_salt; + + ret = krb5_data_copy(&key.salt->salt, salt.data, salt.length); + if (ret) { + free(key.salt); + key.salt = NULL; + goto out; + } + } + + ret = krb5_keyblock_init(context, + pkb3->keys[i].keytype, + pkb3->keys[i].value->data, + pkb3->keys[i].value->length, + &key.key); + if (ret) { + if (key.salt) { + free_Salt(key.salt); + free(key.salt); + key.salt = NULL; + } + goto out; + } + + entry_ex->entry.keys.val[entry_ex->entry.keys.len] = key; + entry_ex->entry.keys.len++; + } + } + +out: + if (ret != 0) { + entry_ex->entry.keys.len = 0; + } + if (entry_ex->entry.keys.len == 0 && entry_ex->entry.keys.val) { + free(entry_ex->entry.keys.val); + entry_ex->entry.keys.val = NULL; + } + return ret; +} + +/* + * Construct an hdb_entry from a directory entry. + */ +static krb5_error_code LDB_message2entry(krb5_context context, HDB *db, + TALLOC_CTX *mem_ctx, krb5_const_principal principal, + enum hdb_ldb_ent_type ent_type, + struct ldb_message *msg, + struct ldb_message *realm_ref_msg, + hdb_entry_ex *entry_ex) +{ + unsigned int userAccountControl; + int i; + krb5_error_code ret = 0; + krb5_boolean is_computer = FALSE; + const char *dnsdomain = ldb_msg_find_attr_as_string(realm_ref_msg, "dnsRoot", NULL); + char *realm = strupper_talloc(mem_ctx, dnsdomain); + struct loadparm_context *lp_ctx = ldb_get_opaque((struct ldb_context *)db->hdb_db, "loadparm"); + struct ldb_dn *domain_dn = samdb_result_dn((struct ldb_context *)db->hdb_db, + mem_ctx, + realm_ref_msg, + "nCName", + ldb_dn_new(mem_ctx, (struct ldb_context *)db->hdb_db, NULL)); + + struct hdb_ldb_private *private; + NTTIME acct_expiry; + + struct ldb_message_element *objectclasses; + struct ldb_val computer_val; + computer_val.data = discard_const_p(uint8_t,"computer"); + computer_val.length = strlen((const char *)computer_val.data); + + objectclasses = ldb_msg_find_element(msg, "objectClass"); + + if (objectclasses && ldb_msg_find_val(objectclasses, &computer_val)) { + is_computer = TRUE; + } + + memset(entry_ex, 0, sizeof(*entry_ex)); + + if (!realm) { + krb5_set_error_string(context, "talloc_strdup: out of memory"); + ret = ENOMEM; + goto out; + } + + private = talloc(mem_ctx, struct hdb_ldb_private); + if (!private) { + ret = ENOMEM; + goto out; + } + + private->entry_ex = entry_ex; + private->iconv_convenience = lp_iconv_convenience(lp_ctx); + private->netbios_name = lp_netbios_name(lp_ctx); + + talloc_set_destructor(private, hdb_ldb_destructor); + + entry_ex->ctx = private; + entry_ex->free_entry = hdb_ldb_free_entry; + + userAccountControl = ldb_msg_find_attr_as_uint(msg, "userAccountControl", 0); + + + entry_ex->entry.principal = malloc(sizeof(*(entry_ex->entry.principal))); + if (ent_type == HDB_SAMBA4_ENT_TYPE_ANY && principal == NULL) { + const char *samAccountName = ldb_msg_find_attr_as_string(msg, "samAccountName", NULL); + if (!samAccountName) { + krb5_set_error_string(context, "LDB_message2entry: no samAccountName present"); + ret = ENOENT; + goto out; + } + samAccountName = ldb_msg_find_attr_as_string(msg, "samAccountName", NULL); + krb5_make_principal(context, &entry_ex->entry.principal, realm, samAccountName, NULL); + } else { + char *strdup_realm; + ret = copy_Principal(principal, entry_ex->entry.principal); + if (ret) { + krb5_clear_error_string(context); + goto out; + } + + /* While we have copied the client principal, tests + * show that Win2k3 returns the 'corrected' realm, not + * the client-specified realm. This code attempts to + * replace the client principal's realm with the one + * we determine from our records */ + + /* this has to be with malloc() */ + strdup_realm = strdup(realm); + if (!strdup_realm) { + ret = ENOMEM; + krb5_clear_error_string(context); + goto out; + } + free(*krb5_princ_realm(context, entry_ex->entry.principal)); + krb5_princ_set_realm(context, entry_ex->entry.principal, &strdup_realm); + } + + entry_ex->entry.flags = uf2HDBFlags(context, userAccountControl, ent_type); + + if (ent_type == HDB_SAMBA4_ENT_TYPE_KRBTGT) { + entry_ex->entry.flags.invalid = 0; + entry_ex->entry.flags.server = 1; + entry_ex->entry.flags.forwardable = 1; + entry_ex->entry.flags.ok_as_delegate = 1; + } + + if (lp_parm_bool(lp_ctx, NULL, "kdc", "require spn for service", true)) { + if (!is_computer && !ldb_msg_find_attr_as_string(msg, "servicePrincipalName", NULL)) { + entry_ex->entry.flags.server = 0; + } + } + + /* use 'whenCreated' */ + entry_ex->entry.created_by.time = ldb_msg_find_krb5time_ldap_time(msg, "whenCreated", 0); + /* use '???' */ + entry_ex->entry.created_by.principal = NULL; + + entry_ex->entry.modified_by = (Event *) malloc(sizeof(Event)); + if (entry_ex->entry.modified_by == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + ret = ENOMEM; + goto out; + } + + /* use 'whenChanged' */ + entry_ex->entry.modified_by->time = ldb_msg_find_krb5time_ldap_time(msg, "whenChanged", 0); + /* use '???' */ + entry_ex->entry.modified_by->principal = NULL; + + entry_ex->entry.valid_start = NULL; + + acct_expiry = samdb_result_account_expires(msg); + if (acct_expiry == 0x7FFFFFFFFFFFFFFFULL) { + entry_ex->entry.valid_end = NULL; + } else { + entry_ex->entry.valid_end = malloc(sizeof(*entry_ex->entry.valid_end)); + if (entry_ex->entry.valid_end == NULL) { + ret = ENOMEM; + goto out; + } + *entry_ex->entry.valid_end = nt_time_to_unix(acct_expiry); + } + + if (ent_type != HDB_SAMBA4_ENT_TYPE_KRBTGT) { + NTTIME must_change_time + = samdb_result_force_password_change((struct ldb_context *)db->hdb_db, mem_ctx, + domain_dn, msg); + if (must_change_time == 0x7FFFFFFFFFFFFFFFULL) { + entry_ex->entry.pw_end = NULL; + } else { + entry_ex->entry.pw_end = malloc(sizeof(*entry_ex->entry.pw_end)); + if (entry_ex->entry.pw_end == NULL) { + ret = ENOMEM; + goto out; + } + *entry_ex->entry.pw_end = nt_time_to_unix(must_change_time); + } + } else { + entry_ex->entry.pw_end = NULL; + } + + entry_ex->entry.max_life = NULL; + + entry_ex->entry.max_renew = NULL; + + entry_ex->entry.generation = NULL; + + /* Get keys from the db */ + ret = LDB_message2entry_keys(context, private->iconv_convenience, private, msg, userAccountControl, entry_ex); + if (ret) { + /* Could be bougus data in the entry, or out of memory */ + goto out; + } + + entry_ex->entry.etypes = malloc(sizeof(*(entry_ex->entry.etypes))); + if (entry_ex->entry.etypes == NULL) { + krb5_clear_error_string(context); + ret = ENOMEM; + goto out; + } + entry_ex->entry.etypes->len = entry_ex->entry.keys.len; + entry_ex->entry.etypes->val = calloc(entry_ex->entry.etypes->len, sizeof(int)); + if (entry_ex->entry.etypes->val == NULL) { + krb5_clear_error_string(context); + ret = ENOMEM; + goto out; + } + for (i=0; i < entry_ex->entry.etypes->len; i++) { + entry_ex->entry.etypes->val[i] = entry_ex->entry.keys.val[i].key.keytype; + } + + + private->msg = talloc_steal(private, msg); + private->realm_ref_msg = talloc_steal(private, realm_ref_msg); + private->samdb = (struct ldb_context *)db->hdb_db; + +out: + if (ret != 0) { + /* This doesn't free ent itself, that is for the eventual caller to do */ + hdb_free_entry(context, entry_ex); + } else { + talloc_steal(db, entry_ex->ctx); + } + + return ret; +} + +/* + * Construct an hdb_entry from a directory entry. + */ +static krb5_error_code LDB_trust_message2entry(krb5_context context, HDB *db, + struct loadparm_context *lp_ctx, + TALLOC_CTX *mem_ctx, krb5_const_principal principal, + enum trust_direction direction, + struct ldb_message *msg, + hdb_entry_ex *entry_ex) +{ + + const char *dnsdomain; + char *realm; + char *strdup_realm; + DATA_BLOB password_utf16; + struct samr_Password password_hash; + const struct ldb_val *password_val; + struct trustAuthInOutBlob password_blob; + struct hdb_ldb_private *private; + + enum ndr_err_code ndr_err; + int i, ret, trust_direction_flags; + + private = talloc(mem_ctx, struct hdb_ldb_private); + if (!private) { + ret = ENOMEM; + goto out; + } + + private->entry_ex = entry_ex; + private->iconv_convenience = lp_iconv_convenience(lp_ctx); + private->netbios_name = lp_netbios_name(lp_ctx); + + talloc_set_destructor(private, hdb_ldb_destructor); + + entry_ex->ctx = private; + entry_ex->free_entry = hdb_ldb_free_entry; + + /* use 'whenCreated' */ + entry_ex->entry.created_by.time = ldb_msg_find_krb5time_ldap_time(msg, "whenCreated", 0); + /* use '???' */ + entry_ex->entry.created_by.principal = NULL; + + entry_ex->entry.valid_start = NULL; + + trust_direction_flags = ldb_msg_find_attr_as_int(msg, "trustDirection", 0); + + if (direction == INBOUND) { + realm = strupper_talloc(mem_ctx, lp_realm(lp_ctx)); + password_val = ldb_msg_find_ldb_val(msg, "trustAuthIncoming"); + + } else { /* OUTBOUND */ + dnsdomain = ldb_msg_find_attr_as_string(msg, "trustPartner", NULL); + realm = strupper_talloc(mem_ctx, dnsdomain); + password_val = ldb_msg_find_ldb_val(msg, "trustAuthOutgoing"); + } + + if (!password_val || !(trust_direction_flags & direction)) { + ret = ENOENT; + goto out; + } + + ndr_err = ndr_pull_struct_blob_all(password_val, mem_ctx, private->iconv_convenience, &password_blob, + (ndr_pull_flags_fn_t)ndr_pull_trustAuthInOutBlob); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + ret = EINVAL; + goto out; + } + + for (i=0; i < password_blob.count; i++) { + if (password_blob.current->array[i].AuthType == TRUST_AUTH_TYPE_CLEAR) { + password_utf16 = data_blob_const(password_blob.current->array[i].AuthInfo.clear.password, + password_blob.current->array[i].AuthInfo.clear.size); + /* In the future, generate all sorts of + * hashes, but for now we can't safely convert + * the random strings windows uses into + * utf8 */ + + /* but as it is utf16 already, we can get the NT password/arcfour-hmac-md5 key */ + mdfour(password_hash.hash, password_utf16.data, password_utf16.length); + break; + } else if (password_blob.current->array[i].AuthType == TRUST_AUTH_TYPE_NT4OWF) { + password_hash = password_blob.current->array[i].AuthInfo.nt4owf.password; + break; + } + } + entry_ex->entry.keys.len = 0; + entry_ex->entry.keys.val = NULL; + + if (i < password_blob.count) { + Key key; + /* Must have found a cleartext or MD4 password */ + entry_ex->entry.keys.val = calloc(1, sizeof(Key)); + + key.mkvno = 0; + key.salt = NULL; /* No salt for this enc type */ + + if (entry_ex->entry.keys.val == NULL) { + ret = ENOMEM; + goto out; + } + + ret = krb5_keyblock_init(context, + ENCTYPE_ARCFOUR_HMAC_MD5, + password_hash.hash, sizeof(password_hash.hash), + &key.key); + + entry_ex->entry.keys.val[entry_ex->entry.keys.len] = key; + entry_ex->entry.keys.len++; + } + + ret = copy_Principal(principal, entry_ex->entry.principal); + if (ret) { + krb5_clear_error_string(context); + goto out; + } + + /* While we have copied the client principal, tests + * show that Win2k3 returns the 'corrected' realm, not + * the client-specified realm. This code attempts to + * replace the client principal's realm with the one + * we determine from our records */ + + /* this has to be with malloc() */ + strdup_realm = strdup(realm); + if (!strdup_realm) { + ret = ENOMEM; + krb5_clear_error_string(context); + goto out; + } + free(*krb5_princ_realm(context, entry_ex->entry.principal)); + krb5_princ_set_realm(context, entry_ex->entry.principal, &strdup_realm); + + entry_ex->entry.flags = int2HDBFlags(0); + entry_ex->entry.flags.immutable = 1; + entry_ex->entry.flags.invalid = 0; + entry_ex->entry.flags.server = 1; + entry_ex->entry.flags.require_preauth = 1; + + entry_ex->entry.pw_end = NULL; + + entry_ex->entry.max_life = NULL; + + entry_ex->entry.max_renew = NULL; + + entry_ex->entry.generation = NULL; + + entry_ex->entry.etypes = malloc(sizeof(*(entry_ex->entry.etypes))); + if (entry_ex->entry.etypes == NULL) { + krb5_clear_error_string(context); + ret = ENOMEM; + goto out; + } + entry_ex->entry.etypes->len = entry_ex->entry.keys.len; + entry_ex->entry.etypes->val = calloc(entry_ex->entry.etypes->len, sizeof(int)); + if (entry_ex->entry.etypes->val == NULL) { + krb5_clear_error_string(context); + ret = ENOMEM; + goto out; + } + for (i=0; i < entry_ex->entry.etypes->len; i++) { + entry_ex->entry.etypes->val[i] = entry_ex->entry.keys.val[i].key.keytype; + } + + + private->msg = talloc_steal(private, msg); + private->realm_ref_msg = NULL; + private->samdb = (struct ldb_context *)db->hdb_db; + +out: + if (ret != 0) { + /* This doesn't free ent itself, that is for the eventual caller to do */ + hdb_free_entry(context, entry_ex); + } else { + talloc_steal(db, entry_ex->ctx); + } + + return ret; + +} + +static krb5_error_code LDB_lookup_principal(krb5_context context, struct ldb_context *ldb_ctx, + TALLOC_CTX *mem_ctx, + krb5_const_principal principal, + enum hdb_ldb_ent_type ent_type, + struct ldb_dn *realm_dn, + struct ldb_message ***pmsg) +{ + krb5_error_code ret; + int lret; + char *filter = NULL; + const char * const *princ_attrs = user_attrs; + + char *short_princ; + char *short_princ_talloc; + + struct ldb_result *res = NULL; + + ret = krb5_unparse_name_flags(context, principal, KRB5_PRINCIPAL_UNPARSE_NO_REALM, &short_princ); + + if (ret != 0) { + krb5_set_error_string(context, "LDB_lookup_principal: could not parse principal"); + krb5_warnx(context, "LDB_lookup_principal: could not parse principal"); + return ret; + } + + short_princ_talloc = talloc_strdup(mem_ctx, short_princ); + free(short_princ); + if (!short_princ_talloc) { + krb5_set_error_string(context, "LDB_lookup_principal: talloc_strdup() failed!"); + return ENOMEM; + } + + switch (ent_type) { + case HDB_SAMBA4_ENT_TYPE_CLIENT: + case HDB_SAMBA4_ENT_TYPE_TRUST: + case HDB_SAMBA4_ENT_TYPE_ANY: + /* Can't happen */ + return EINVAL; + case HDB_SAMBA4_ENT_TYPE_KRBTGT: + filter = talloc_asprintf(mem_ctx, "(&(objectClass=user)(samAccountName=%s))", + KRB5_TGS_NAME); + break; + case HDB_SAMBA4_ENT_TYPE_SERVER: + filter = talloc_asprintf(mem_ctx, "(&(objectClass=user)(samAccountName=%s))", + short_princ_talloc); + break; + } + + if (!filter) { + krb5_set_error_string(context, "talloc_asprintf: out of memory"); + return ENOMEM; + } + + lret = ldb_search(ldb_ctx, mem_ctx, &res, realm_dn, + LDB_SCOPE_SUBTREE, princ_attrs, "%s", filter); + if (lret != LDB_SUCCESS) { + DEBUG(3, ("Failed to search for %s: %s\n", filter, ldb_errstring(ldb_ctx))); + return HDB_ERR_NOENTRY; + } else if (res->count == 0 || res->count > 1) { + DEBUG(3, ("Failed find a single entry for %s: got %d\n", filter, res->count)); + talloc_free(res); + return HDB_ERR_NOENTRY; + } + talloc_steal(mem_ctx, res->msgs); + *pmsg = res->msgs; + talloc_free(res); + return 0; +} + +static krb5_error_code LDB_lookup_trust(krb5_context context, struct ldb_context *ldb_ctx, + TALLOC_CTX *mem_ctx, + const char *realm, + struct ldb_dn *realm_dn, + struct ldb_message ***pmsg) +{ + int lret; + char *filter = NULL; + const char * const *attrs = trust_attrs; + + struct ldb_result *res = NULL; + filter = talloc_asprintf(mem_ctx, "(&(objectClass=trustedDomain)(|(flatname=%s)(trustPartner=%s)))", realm, realm); + + if (!filter) { + krb5_set_error_string(context, "talloc_asprintf: out of memory"); + return ENOMEM; + } + + lret = ldb_search(ldb_ctx, mem_ctx, &res, + ldb_get_default_basedn(ldb_ctx), + LDB_SCOPE_SUBTREE, attrs, "%s", filter); + if (lret != LDB_SUCCESS) { + DEBUG(3, ("Failed to search for %s: %s\n", filter, ldb_errstring(ldb_ctx))); + return HDB_ERR_NOENTRY; + } else if (res->count == 0 || res->count > 1) { + DEBUG(3, ("Failed find a single entry for %s: got %d\n", filter, res->count)); + talloc_free(res); + return HDB_ERR_NOENTRY; + } + talloc_steal(mem_ctx, res->msgs); + *pmsg = res->msgs; + talloc_free(res); + return 0; +} + +static krb5_error_code LDB_lookup_realm(krb5_context context, struct ldb_context *ldb_ctx, + TALLOC_CTX *mem_ctx, + const char *realm, + struct ldb_message ***pmsg) +{ + int ret; + struct ldb_result *cross_ref_res; + struct ldb_dn *partitions_basedn = samdb_partitions_dn(ldb_ctx, mem_ctx); + + ret = ldb_search(ldb_ctx, mem_ctx, &cross_ref_res, + partitions_basedn, LDB_SCOPE_SUBTREE, realm_ref_attrs, + "(&(&(|(&(dnsRoot=%s)(nETBIOSName=*))(nETBIOSName=%s))(objectclass=crossRef))(ncName=*))", + realm, realm); + + if (ret != LDB_SUCCESS) { + DEBUG(3, ("Failed to search to lookup realm(%s): %s\n", realm, ldb_errstring(ldb_ctx))); + talloc_free(cross_ref_res); + return HDB_ERR_NOENTRY; + } else if (cross_ref_res->count == 0 || cross_ref_res->count > 1) { + DEBUG(3, ("Failed find a single entry for realm %s: got %d\n", realm, cross_ref_res->count)); + talloc_free(cross_ref_res); + return HDB_ERR_NOENTRY; + } + + if (pmsg) { + *pmsg = cross_ref_res->msgs; + talloc_steal(mem_ctx, cross_ref_res->msgs); + } + talloc_free(cross_ref_res); + + return 0; +} + + +static krb5_error_code LDB_open(krb5_context context, HDB *db, int flags, mode_t mode) +{ + if (db->hdb_master_key_set) { + krb5_warnx(context, "LDB_open: use of a master key incompatible with LDB\n"); + krb5_set_error_string(context, "LDB_open: use of a master key incompatible with LDB\n"); + return HDB_ERR_NOENTRY; + } + + return 0; +} + +static krb5_error_code LDB_close(krb5_context context, HDB *db) +{ + return 0; +} + +static krb5_error_code LDB_lock(krb5_context context, HDB *db, int operation) +{ + return 0; +} + +static krb5_error_code LDB_unlock(krb5_context context, HDB *db) +{ + return 0; +} + +static krb5_error_code LDB_rename(krb5_context context, HDB *db, const char *new_name) +{ + return HDB_ERR_DB_INUSE; +} + +static krb5_error_code LDB_fetch_client(krb5_context context, HDB *db, + TALLOC_CTX *mem_ctx, + krb5_const_principal principal, + unsigned flags, + hdb_entry_ex *entry_ex) { + NTSTATUS nt_status; + char *principal_string; + krb5_error_code ret; + struct ldb_message **msg = NULL; + struct ldb_message **realm_ref_msg = NULL; + + ret = krb5_unparse_name(context, principal, &principal_string); + + if (ret != 0) { + return ret; + } + + nt_status = sam_get_results_principal((struct ldb_context *)db->hdb_db, + mem_ctx, principal_string, + &msg, &realm_ref_msg); + free(principal_string); + if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER)) { + return HDB_ERR_NOENTRY; + } else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_MEMORY)) { + return ENOMEM; + } else if (!NT_STATUS_IS_OK(nt_status)) { + return EINVAL; + } + + ret = LDB_message2entry(context, db, mem_ctx, + principal, HDB_SAMBA4_ENT_TYPE_CLIENT, + msg[0], realm_ref_msg[0], entry_ex); + return ret; +} + +static krb5_error_code LDB_fetch_krbtgt(krb5_context context, HDB *db, + TALLOC_CTX *mem_ctx, + krb5_const_principal principal, + unsigned flags, + hdb_entry_ex *entry_ex) +{ + krb5_error_code ret; + struct ldb_message **msg = NULL; + struct ldb_message **realm_ref_msg_1 = NULL; + struct ldb_message **realm_ref_msg_2 = NULL; + struct ldb_dn *realm_dn; + const char *realm; + + krb5_principal alloc_principal = NULL; + if (principal->name.name_string.len != 2 + || (strcmp(principal->name.name_string.val[0], KRB5_TGS_NAME) != 0)) { + /* Not a krbtgt */ + return HDB_ERR_NOENTRY; + } + + /* krbtgt case. Either us or a trusted realm */ + + if ((LDB_lookup_realm(context, (struct ldb_context *)db->hdb_db, + mem_ctx, principal->realm, &realm_ref_msg_1) == 0) + && (LDB_lookup_realm(context, (struct ldb_context *)db->hdb_db, + mem_ctx, principal->name.name_string.val[1], &realm_ref_msg_2) == 0) + && (ldb_dn_compare(realm_ref_msg_1[0]->dn, realm_ref_msg_1[0]->dn) == 0)) { + /* us */ + /* Cludge, cludge cludge. If the realm part of krbtgt/realm, + * is in our db, then direct the caller at our primary + * krbtgt */ + + const char *dnsdomain = ldb_msg_find_attr_as_string(realm_ref_msg_1[0], "dnsRoot", NULL); + char *realm_fixed = strupper_talloc(mem_ctx, dnsdomain); + if (!realm_fixed) { + krb5_set_error_string(context, "strupper_talloc: out of memory"); + return ENOMEM; + } + + ret = krb5_copy_principal(context, principal, &alloc_principal); + if (ret) { + return ret; + } + + free(alloc_principal->name.name_string.val[1]); + alloc_principal->name.name_string.val[1] = strdup(realm_fixed); + talloc_free(realm_fixed); + if (!alloc_principal->name.name_string.val[1]) { + krb5_set_error_string(context, "LDB_fetch: strdup() failed!"); + return ENOMEM; + } + principal = alloc_principal; + realm_dn = samdb_result_dn((struct ldb_context *)db->hdb_db, mem_ctx, realm_ref_msg_1[0], "nCName", NULL); + + ret = LDB_lookup_principal(context, (struct ldb_context *)db->hdb_db, + mem_ctx, + principal, HDB_SAMBA4_ENT_TYPE_KRBTGT, realm_dn, &msg); + + if (ret != 0) { + krb5_warnx(context, "LDB_fetch: could not find principal in DB"); + krb5_set_error_string(context, "LDB_fetch: could not find principal in DB"); + return ret; + } + + ret = LDB_message2entry(context, db, mem_ctx, + principal, HDB_SAMBA4_ENT_TYPE_KRBTGT, + msg[0], realm_ref_msg_1[0], entry_ex); + if (ret != 0) { + krb5_warnx(context, "LDB_fetch: message2entry failed"); + } + return ret; + + } else { + enum trust_direction direction = UNKNOWN; + + struct loadparm_context *lp_ctx = talloc_get_type(ldb_get_opaque(db->hdb_db, "loadparm"), struct loadparm_context); + /* Either an inbound or outbound trust */ + + if (strcasecmp(lp_realm(lp_ctx), principal->realm) == 0) { + /* look for inbound trust */ + direction = INBOUND; + realm = principal->name.name_string.val[1]; + } + + if (strcasecmp(lp_realm(lp_ctx), principal->name.name_string.val[1]) == 0) { + /* look for outbound trust */ + direction = OUTBOUND; + realm = principal->realm; + } + + /* Trusted domains are under CN=system */ + + ret = LDB_lookup_trust(context, (struct ldb_context *)db->hdb_db, + mem_ctx, + realm, realm_dn, &msg); + + if (ret != 0) { + krb5_warnx(context, "LDB_fetch: could not find principal in DB"); + krb5_set_error_string(context, "LDB_fetch: could not find principal in DB"); + return ret; + } + + ret = LDB_trust_message2entry(context, db, lp_ctx, mem_ctx, + principal, direction, + msg[0], entry_ex); + if (ret != 0) { + krb5_warnx(context, "LDB_fetch: message2entry failed"); + } + return ret; + + + /* we should lookup trusted domains */ + return HDB_ERR_NOENTRY; + } + +} + +static krb5_error_code LDB_fetch_server(krb5_context context, HDB *db, + TALLOC_CTX *mem_ctx, + krb5_const_principal principal, + unsigned flags, + hdb_entry_ex *entry_ex) +{ + krb5_error_code ret; + const char *realm; + struct ldb_message **msg = NULL; + struct ldb_message **realm_ref_msg = NULL; + struct ldb_dn *partitions_basedn = samdb_partitions_dn(db->hdb_db, mem_ctx); + if (principal->name.name_string.len >= 2) { + /* 'normal server' case */ + int ldb_ret; + NTSTATUS nt_status; + struct ldb_dn *user_dn, *domain_dn; + char *principal_string; + + ret = krb5_unparse_name_flags(context, principal, + KRB5_PRINCIPAL_UNPARSE_NO_REALM, + &principal_string); + if (ret != 0) { + return ret; + } + + /* At this point we may find the host is known to be + * in a different realm, so we should generate a + * referral instead */ + nt_status = crack_service_principal_name((struct ldb_context *)db->hdb_db, + mem_ctx, principal_string, + &user_dn, &domain_dn); + free(principal_string); + + if (!NT_STATUS_IS_OK(nt_status)) { + return HDB_ERR_NOENTRY; + } + + ldb_ret = gendb_search_dn((struct ldb_context *)db->hdb_db, + mem_ctx, user_dn, &msg, user_attrs); + + if (ldb_ret != 1) { + return HDB_ERR_NOENTRY; + } + + ldb_ret = gendb_search((struct ldb_context *)db->hdb_db, + mem_ctx, partitions_basedn, &realm_ref_msg, realm_ref_attrs, + "ncName=%s", ldb_dn_get_linearized(domain_dn)); + + if (ldb_ret != 1) { + return HDB_ERR_NOENTRY; + } + + } else { + struct ldb_dn *realm_dn; + /* server as client principal case, but we must not lookup userPrincipalNames */ + + realm = krb5_principal_get_realm(context, principal); + + ret = LDB_lookup_realm(context, (struct ldb_context *)db->hdb_db, + mem_ctx, realm, &realm_ref_msg); + if (ret != 0) { + return HDB_ERR_NOENTRY; + } + + realm_dn = samdb_result_dn((struct ldb_context *)db->hdb_db, mem_ctx, realm_ref_msg[0], "nCName", NULL); + + ret = LDB_lookup_principal(context, (struct ldb_context *)db->hdb_db, + mem_ctx, + principal, HDB_SAMBA4_ENT_TYPE_SERVER, realm_dn, &msg); + + if (ret != 0) { + return ret; + } + } + + ret = LDB_message2entry(context, db, mem_ctx, + principal, HDB_SAMBA4_ENT_TYPE_SERVER, + msg[0], realm_ref_msg[0], entry_ex); + if (ret != 0) { + krb5_warnx(context, "LDB_fetch: message2entry failed"); + } + + return ret; +} + +static krb5_error_code LDB_fetch(krb5_context context, HDB *db, + krb5_const_principal principal, + unsigned flags, + hdb_entry_ex *entry_ex) +{ + krb5_error_code ret = HDB_ERR_NOENTRY; + + TALLOC_CTX *mem_ctx = talloc_named(db, 0, "LDB_fetch context"); + + if (!mem_ctx) { + krb5_set_error_string(context, "LDB_fetch: talloc_named() failed!"); + return ENOMEM; + } + + if (flags & HDB_F_GET_CLIENT) { + ret = LDB_fetch_client(context, db, mem_ctx, principal, flags, entry_ex); + if (ret != HDB_ERR_NOENTRY) goto done; + } + if (flags & HDB_F_GET_SERVER) { + /* krbtgt fits into this situation for trusted realms, and for resolving different versions of our own realm name */ + ret = LDB_fetch_krbtgt(context, db, mem_ctx, principal, flags, entry_ex); + if (ret != HDB_ERR_NOENTRY) goto done; + + /* We return 'no entry' if it does not start with krbtgt/, so move to the common case quickly */ + ret = LDB_fetch_server(context, db, mem_ctx, principal, flags, entry_ex); + if (ret != HDB_ERR_NOENTRY) goto done; + } + if (flags & HDB_F_GET_KRBTGT) { + ret = LDB_fetch_krbtgt(context, db, mem_ctx, principal, flags, entry_ex); + if (ret != HDB_ERR_NOENTRY) goto done; + } + +done: + talloc_free(mem_ctx); + return ret; +} + +static krb5_error_code LDB_store(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry) +{ + return HDB_ERR_DB_INUSE; +} + +static krb5_error_code LDB_remove(krb5_context context, HDB *db, krb5_const_principal principal) +{ + return HDB_ERR_DB_INUSE; +} + +struct hdb_ldb_seq { + struct ldb_context *ctx; + int index; + int count; + struct ldb_message **msgs; + struct ldb_message **realm_ref_msgs; +}; + +static krb5_error_code LDB_seq(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry) +{ + krb5_error_code ret; + struct hdb_ldb_seq *priv = (struct hdb_ldb_seq *)db->hdb_dbc; + TALLOC_CTX *mem_ctx; + hdb_entry_ex entry_ex; + memset(&entry_ex, '\0', sizeof(entry_ex)); + + if (!priv) { + return HDB_ERR_NOENTRY; + } + + mem_ctx = talloc_named(priv, 0, "LDB_seq context"); + + if (!mem_ctx) { + krb5_set_error_string(context, "LDB_seq: talloc_named() failed!"); + return ENOMEM; + } + + if (priv->index < priv->count) { + ret = LDB_message2entry(context, db, mem_ctx, + NULL, HDB_SAMBA4_ENT_TYPE_ANY, + priv->msgs[priv->index++], + priv->realm_ref_msgs[0], entry); + } else { + ret = HDB_ERR_NOENTRY; + } + + if (ret != 0) { + talloc_free(priv); + db->hdb_dbc = NULL; + } else { + talloc_free(mem_ctx); + } + + return ret; +} + +static krb5_error_code LDB_firstkey(krb5_context context, HDB *db, unsigned flags, + hdb_entry_ex *entry) +{ + struct ldb_context *ldb_ctx = (struct ldb_context *)db->hdb_db; + struct hdb_ldb_seq *priv = (struct hdb_ldb_seq *)db->hdb_dbc; + char *realm; + struct ldb_dn *realm_dn = NULL; + struct ldb_result *res = NULL; + struct ldb_message **realm_ref_msgs = NULL; + krb5_error_code ret; + TALLOC_CTX *mem_ctx; + int lret; + + if (priv) { + talloc_free(priv); + db->hdb_dbc = NULL; + } + + priv = (struct hdb_ldb_seq *) talloc(db, struct hdb_ldb_seq); + if (!priv) { + krb5_set_error_string(context, "talloc: out of memory"); + return ENOMEM; + } + + priv->ctx = ldb_ctx; + priv->index = 0; + priv->msgs = NULL; + priv->realm_ref_msgs = NULL; + priv->count = 0; + + mem_ctx = talloc_named(priv, 0, "LDB_firstkey context"); + + if (!mem_ctx) { + krb5_set_error_string(context, "LDB_firstkey: talloc_named() failed!"); + return ENOMEM; + } + + ret = krb5_get_default_realm(context, &realm); + if (ret != 0) { + talloc_free(priv); + return ret; + } + + ret = LDB_lookup_realm(context, (struct ldb_context *)db->hdb_db, + mem_ctx, realm, &realm_ref_msgs); + + free(realm); + + if (ret != 0) { + talloc_free(priv); + krb5_warnx(context, "LDB_firstkey: could not find realm\n"); + return HDB_ERR_NOENTRY; + } + + realm_dn = samdb_result_dn((struct ldb_context *)db->hdb_db, mem_ctx, realm_ref_msgs[0], "nCName", NULL); + + priv->realm_ref_msgs = talloc_steal(priv, realm_ref_msgs); + + lret = ldb_search(ldb_ctx, priv, &res, + realm_dn, LDB_SCOPE_SUBTREE, user_attrs, + "(objectClass=user)"); + + if (lret != LDB_SUCCESS) { + talloc_free(priv); + return HDB_ERR_NOENTRY; + } + + priv->count = res->count; + priv->msgs = talloc_steal(priv, res->msgs); + talloc_free(res); + + db->hdb_dbc = priv; + + ret = LDB_seq(context, db, flags, entry); + + if (ret != 0) { + talloc_free(priv); + db->hdb_dbc = NULL; + } else { + talloc_free(mem_ctx); + } + return ret; +} + +static krb5_error_code LDB_nextkey(krb5_context context, HDB *db, unsigned flags, + hdb_entry_ex *entry) +{ + return LDB_seq(context, db, flags, entry); +} + +static krb5_error_code LDB_destroy(krb5_context context, HDB *db) +{ + talloc_free(db); + return 0; +} + +/* This interface is to be called by the KDC, which is expecting Samba + * calling conventions. It is also called by a wrapper + * (hdb_ldb_create) from the kpasswdd -> krb5 -> keytab_hdb -> hdb + * code */ + +NTSTATUS kdc_hdb_samba4_create(TALLOC_CTX *mem_ctx, + struct event_context *ev_ctx, + struct loadparm_context *lp_ctx, + krb5_context context, struct HDB **db, const char *arg) +{ + NTSTATUS nt_status; + struct auth_session_info *session_info; + *db = talloc(mem_ctx, HDB); + if (!*db) { + krb5_set_error_string(context, "malloc: out of memory"); + return NT_STATUS_NO_MEMORY; + } + + (*db)->hdb_master_key_set = 0; + (*db)->hdb_db = NULL; + + nt_status = auth_system_session_info(*db, lp_ctx, &session_info); + if (!NT_STATUS_IS_OK(nt_status)) { + return nt_status; + } + + /* The idea here is very simple. Using Kerberos to + * authenticate the KDC to the LDAP server is higly likely to + * be circular. + * + * In future we may set this up to use EXERNAL and SSL + * certificates, for now it will almost certainly be NTLMSSP + */ + + cli_credentials_set_kerberos_state(session_info->credentials, + CRED_DONT_USE_KERBEROS); + + /* Setup the link to LDB */ + (*db)->hdb_db = samdb_connect(*db, ev_ctx, lp_ctx, session_info); + if ((*db)->hdb_db == NULL) { + DEBUG(1, ("hdb_ldb_create: Cannot open samdb for KDC backend!")); + return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; + } + + (*db)->hdb_dbc = NULL; + (*db)->hdb_open = LDB_open; + (*db)->hdb_close = LDB_close; + (*db)->hdb_fetch = LDB_fetch; + (*db)->hdb_store = LDB_store; + (*db)->hdb_remove = LDB_remove; + (*db)->hdb_firstkey = LDB_firstkey; + (*db)->hdb_nextkey = LDB_nextkey; + (*db)->hdb_lock = LDB_lock; + (*db)->hdb_unlock = LDB_unlock; + (*db)->hdb_rename = LDB_rename; + /* we don't implement these, as we are not a lockable database */ + (*db)->hdb__get = NULL; + (*db)->hdb__put = NULL; + /* kadmin should not be used for deletes - use other tools instead */ + (*db)->hdb__del = NULL; + (*db)->hdb_destroy = LDB_destroy; + + return NT_STATUS_OK; +} + +krb5_error_code hdb_samba4_create(krb5_context context, struct HDB **db, const char *arg) +{ + NTSTATUS nt_status; + /* The global kdc_mem_ctx and kdc_lp_ctx, Disgusting, ugly hack, but it means one less private hook */ + nt_status = kdc_hdb_samba4_create(kdc_mem_ctx, event_context_find(kdc_mem_ctx), kdc_lp_ctx, + context, db, arg); + + if (NT_STATUS_IS_OK(nt_status)) { + return 0; + } + return EINVAL; +} diff --git a/source4/kdc/kdc.c b/source4/kdc/kdc.c index 030eb23c10..83c6f1c2ee 100644 --- a/source4/kdc/kdc.c +++ b/source4/kdc/kdc.c @@ -667,6 +667,11 @@ static void kdc_task_init(struct task_server *task) NTSTATUS status; krb5_error_code ret; struct interface *ifaces; + struct hdb_method hdb_samba4 = { + .interface_version = HDB_INTERFACE_VERSION, + .prefix = "samba4:", + .create = hdb_samba4_create + }; switch (lp_server_role(task->lp_ctx)) { case ROLE_STANDALONE: @@ -724,7 +729,7 @@ static void kdc_task_init(struct task_server *task) } kdc->config->num_db = 1; - status = kdc_hdb_ldb_create(kdc, task->event_ctx, task->lp_ctx, + status = kdc_hdb_samba4_create(kdc, task->event_ctx, task->lp_ctx, kdc->smb_krb5_context->krb5_context, &kdc->config->db[0], NULL); if (!NT_STATUS_IS_OK(status)) { @@ -732,6 +737,16 @@ static void kdc_task_init(struct task_server *task) return; } + + /* Register hdb-samba4 hooks */ + ret = krb5_plugin_register(kdc->smb_krb5_context->krb5_context, + PLUGIN_TYPE_DATA, "hdb", + &hdb_samba4); + if(ret) { + task_server_terminate(task, "kdc: failed to register hdb keytab"); + return; + } + ret = krb5_kt_register(kdc->smb_krb5_context->krb5_context, &hdb_kt_ops); if(ret) { task_server_terminate(task, "kdc: failed to register hdb keytab"); -- cgit From 15b686198120cca0aaa305edc0a5e3242b4fa869 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 24 Sep 2008 12:53:40 -0700 Subject: Use the new 'samba4' name for our internal hdb plugin. --- source4/setup/secrets_dc.ldif | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/setup/secrets_dc.ldif b/source4/setup/secrets_dc.ldif index abc5860cf7..8ae5578e6b 100644 --- a/source4/setup/secrets_dc.ldif +++ b/source4/setup/secrets_dc.ldif @@ -22,7 +22,7 @@ realm: ${REALM} sAMAccountName: krbtgt objectSid: ${DOMAINSID} servicePrincipalName: kadmin/changepw -krb5Keytab: HDB:ldb:${SAM_LDB}: +krb5Keytab: HDB:samba4:${SAM_LDB}: #The trailing : here is a HACK, but it matches the Heimdal format. # A hook from our credentials system into HDB, as we must be on a KDC, -- cgit From 64195b72be6c251412500984c2a5c103e376d3c6 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 29 Sep 2008 21:36:21 -0700 Subject: Fix parsing of the trust passwords in LSA CreateTrustedDomainEx* --- source4/libcli/config.mk | 8 -- source4/libcli/drsblobs.c | 179 ------------------------------ source4/librpc/config.mk | 4 +- source4/librpc/idl/drsblobs.idl | 25 +++-- source4/librpc/ndr/ndr_drsblobs.c | 213 ++++++++++++++++++++++++++++++++++++ source4/rpc_server/lsa/dcesrv_lsa.c | 8 +- source4/torture/rpc/lsa.c | 6 +- 7 files changed, 239 insertions(+), 204 deletions(-) delete mode 100644 source4/libcli/drsblobs.c create mode 100644 source4/librpc/ndr/ndr_drsblobs.c (limited to 'source4') diff --git a/source4/libcli/config.mk b/source4/libcli/config.mk index 2f81d7cff0..d68a2a2ce3 100644 --- a/source4/libcli/config.mk +++ b/source4/libcli/config.mk @@ -67,14 +67,6 @@ PUBLIC_DEPENDENCIES = LIBSAMBA-UTIL LIBCLI_NDR_NETLOGON LIBCLI_NETLOGON_OBJ_FILES = $(addprefix $(libclinbtsrcdir)/, \ netlogon.o) -[SUBSYSTEM::LIBCLI_DRSBLOBS] -PUBLIC_DEPENDENCIES = LIBNDR - -LIBCLI_DRSBLOBS_OBJ_FILES = $(addprefix $(libclisrcdir)/, \ - drsblobs.o) - -$(eval $(call proto_header_template,$(libclisrcdir)/drsblobs_proto.h,$(LIBCLI_DRSBLOBS_OBJ_FILES:.o=.c))) - [PYTHON::python_netbios] LIBRARY_REALNAME = samba/netbios.$(SHLIBEXT) PUBLIC_DEPENDENCIES = LIBCLI_NBT DYNCONFIG LIBSAMBA-HOSTCONFIG diff --git a/source4/libcli/drsblobs.c b/source4/libcli/drsblobs.c deleted file mode 100644 index 126f2ccc40..0000000000 --- a/source4/libcli/drsblobs.c +++ /dev/null @@ -1,179 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Manually parsed structures found in the DRS protocol - - Copyright (C) Andrew Bartlett 2008 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -#include "includes.h" -#include "libcli/drsblobs.h" - -/* parser auto-generated by pidl, then hand-modified by abartlet */ - -/* Modified to have 'count' specified */ -static enum ndr_err_code ndr_push_AuthenticationInformationArray_with_count(struct ndr_push *ndr, int ndr_flags, int count, - const struct AuthenticationInformationArray *r) -{ - uint32_t cntr_array_0; - if (ndr_flags & NDR_SCALARS) { - NDR_CHECK(ndr_push_align(ndr, 4)); - for (cntr_array_0 = 0; cntr_array_0 < count; cntr_array_0++) { - NDR_CHECK(ndr_push_AuthenticationInformation(ndr, NDR_SCALARS, &r->array[cntr_array_0])); - } - } - if (ndr_flags & NDR_BUFFERS) { - for (cntr_array_0 = 0; cntr_array_0 < count; cntr_array_0++) { - NDR_CHECK(ndr_push_AuthenticationInformation(ndr, NDR_BUFFERS, &r->array[cntr_array_0])); - } - } - return NDR_ERR_SUCCESS; -} - -/* Modified to have 'count' specified, and to allocate the array */ -static enum ndr_err_code ndr_pull_AuthenticationInformationArray_with_count(struct ndr_pull *ndr, int ndr_flags, int count, struct AuthenticationInformationArray *r) -{ - uint32_t cntr_array_0; - TALLOC_CTX *_mem_save_array_0; - if (ndr_flags & NDR_SCALARS) { - NDR_CHECK(ndr_pull_align(ndr, 4)); - NDR_PULL_ALLOC_N(ndr, r->array, count); - _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); - NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < count; cntr_array_0++) { - NDR_CHECK(ndr_pull_AuthenticationInformation(ndr, NDR_SCALARS, &r->array[cntr_array_0])); - } - NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); - } - if (ndr_flags & NDR_BUFFERS) { - for (cntr_array_0 = 0; cntr_array_0 < count; cntr_array_0++) { - NDR_CHECK(ndr_pull_AuthenticationInformation(ndr, NDR_BUFFERS, &r->array[cntr_array_0])); - } - } - return NDR_ERR_SUCCESS; -} - -/* Modified to have 'count' specified */ -_PUBLIC_ void ndr_print_AuthenticationInformationArray_with_count(struct ndr_print *ndr, const char *name, int count, const struct AuthenticationInformationArray *r) -{ - uint32_t cntr_array_0; - ndr_print_struct(ndr, name, "AuthenticationInformationArray"); - ndr->depth++; - ndr->print(ndr, "%s: ARRAY(%d)", "array", (int)1); - ndr->depth++; - for (cntr_array_0=0;cntr_array_0array[cntr_array_0]); - free(idx_0); - } - } - ndr->depth--; - ndr->depth--; -} - -/* Modified to call AuthenticationInformationArray with 'count' specified */ -_PUBLIC_ enum ndr_err_code ndr_push_trustAuthInOutBlob(struct ndr_push *ndr, int ndr_flags, const struct trustAuthInOutBlob *r) -{ - if (ndr_flags & NDR_SCALARS) { - NDR_CHECK(ndr_push_align(ndr, 4)); - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->count)); - NDR_CHECK(ndr_push_relative_ptr1(ndr, r->current)); - NDR_CHECK(ndr_push_relative_ptr1(ndr, r->previous)); - } - if (ndr_flags & NDR_BUFFERS) { - if (r->current) { - NDR_CHECK(ndr_push_relative_ptr2(ndr, r->current)); - NDR_CHECK(ndr_push_AuthenticationInformationArray_with_count(ndr, NDR_SCALARS|NDR_BUFFERS, r->count, r->current)); - } - if (r->previous) { - NDR_CHECK(ndr_push_relative_ptr2(ndr, r->previous)); - NDR_CHECK(ndr_push_AuthenticationInformationArray_with_count(ndr, NDR_SCALARS|NDR_BUFFERS, r->count, r->previous)); - } - } - return NDR_ERR_SUCCESS; -} - -_PUBLIC_ enum ndr_err_code ndr_pull_trustAuthInOutBlob(struct ndr_pull *ndr, int ndr_flags, struct trustAuthInOutBlob *r) -{ - uint32_t _ptr_current; - TALLOC_CTX *_mem_save_current_0; - uint32_t _ptr_previous; - TALLOC_CTX *_mem_save_previous_0; - if (ndr_flags & NDR_SCALARS) { - NDR_CHECK(ndr_pull_align(ndr, 4)); - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); - NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_current)); - if (_ptr_current) { - NDR_PULL_ALLOC(ndr, r->current); - NDR_CHECK(ndr_pull_relative_ptr1(ndr, r->current, _ptr_current)); - } else { - r->current = NULL; - } - NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_previous)); - if (_ptr_previous) { - NDR_PULL_ALLOC(ndr, r->previous); - NDR_CHECK(ndr_pull_relative_ptr1(ndr, r->previous, _ptr_previous)); - } else { - r->previous = NULL; - } - } - if (ndr_flags & NDR_BUFFERS) { - if (r->current) { - uint32_t _relative_save_offset; - _relative_save_offset = ndr->offset; - NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->current)); - _mem_save_current_0 = NDR_PULL_GET_MEM_CTX(ndr); - NDR_PULL_SET_MEM_CTX(ndr, r->current, 0); - NDR_CHECK(ndr_pull_AuthenticationInformationArray_with_count(ndr, NDR_SCALARS|NDR_BUFFERS, r->count, r->current)); - NDR_PULL_SET_MEM_CTX(ndr, _mem_save_current_0, 0); - ndr->offset = _relative_save_offset; - } - if (r->previous) { - uint32_t _relative_save_offset; - _relative_save_offset = ndr->offset; - NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->previous)); - _mem_save_previous_0 = NDR_PULL_GET_MEM_CTX(ndr); - NDR_PULL_SET_MEM_CTX(ndr, r->previous, 0); - NDR_CHECK(ndr_pull_AuthenticationInformationArray_with_count(ndr, NDR_SCALARS|NDR_BUFFERS, r->count, r->previous)); - NDR_PULL_SET_MEM_CTX(ndr, _mem_save_previous_0, 0); - ndr->offset = _relative_save_offset; - } - } - return NDR_ERR_SUCCESS; -} - -_PUBLIC_ void ndr_print_trustAuthInOutBlob(struct ndr_print *ndr, const char *name, const struct trustAuthInOutBlob *r) -{ - ndr_print_struct(ndr, name, "trustAuthInOutBlob"); - ndr->depth++; - ndr_print_uint32(ndr, "count", r->count); - ndr_print_ptr(ndr, "current", r->current); - ndr->depth++; - if (r->current) { - ndr_print_AuthenticationInformationArray_with_count(ndr, "current", r->count, r->current); - } - ndr->depth--; - ndr_print_ptr(ndr, "previous", r->previous); - ndr->depth++; - if (r->previous) { - ndr_print_AuthenticationInformationArray_with_count(ndr, "previous", r->count, r->previous); - } - ndr->depth--; - ndr->depth--; -} - - diff --git a/source4/librpc/config.mk b/source4/librpc/config.mk index cf41f9884a..41dd17e428 100644 --- a/source4/librpc/config.mk +++ b/source4/librpc/config.mk @@ -144,9 +144,9 @@ PUBLIC_DEPENDENCIES = LIBNDR NDR_COMPRESSION NDR_SECURITY NDR_SAMR ASN1_UTIL NDR_DRSUAPI_OBJ_FILES = $(gen_ndrsrcdir)/ndr_drsuapi.o $(ndrsrcdir)/ndr_drsuapi.o [SUBSYSTEM::NDR_DRSBLOBS] -PUBLIC_DEPENDENCIES = LIBNDR NDR_MISC NDR_DRSUAPI LIBCLI_DRSBLOBS +PUBLIC_DEPENDENCIES = LIBNDR NDR_MISC NDR_DRSUAPI -NDR_DRSBLOBS_OBJ_FILES = $(gen_ndrsrcdir)/ndr_drsblobs.o +NDR_DRSBLOBS_OBJ_FILES = $(gen_ndrsrcdir)/ndr_drsblobs.o $(ndrsrcdir)/ndr_drsblobs.o [SUBSYSTEM::NDR_SASL_HELPERS] PUBLIC_DEPENDENCIES = LIBNDR diff --git a/source4/librpc/idl/drsblobs.idl b/source4/librpc/idl/drsblobs.idl index 6b1f649ff5..31fe8a359e 100644 --- a/source4/librpc/idl/drsblobs.idl +++ b/source4/librpc/idl/drsblobs.idl @@ -415,18 +415,27 @@ interface drsblobs { [relative] AuthenticationInformationArray *previous; } trustAuthInOutBlob; - typedef [public] struct { - uint8 confounder[512]; - trustAuthInOutBlob outgoing; - trustAuthInOutBlob incoming; - [value(ndr_size_trustAuthInOutBlob(&outgoing, ndr->flags))] uint32 outgoing_size; - [value(ndr_size_trustAuthInOutBlob(&incoming, ndr->flags))] uint32 incoming_size; - } trustAuthInAndOutBlob; - + typedef [public,gensize] struct { + uint32 count; + [relative] AuthenticationInformation *current[count]; + } trustCurrentPasswords; + void decode_trustAuthInOut( [in] trustAuthInOutBlob blob ); + typedef [public,nopull] struct { + uint8 confounder[512]; + [subcontext(0),subcontext_size(outgoing_size)] trustCurrentPasswords outgoing; + [subcontext(0),subcontext_size(incoming_size)] trustCurrentPasswords incoming; + [value(ndr_size_trustCurrentPasswords(&outgoing, ndr->flags))] uint32 outgoing_size; + [value(ndr_size_trustCurrentPasswords(&incoming, ndr->flags))] uint32 incoming_size; + } trustDomainPasswords; + + void decode_trustDomainPasswords( + [in] trustDomainPasswords blob + ); + typedef [public] struct { uint32 marker; DATA_BLOB data; diff --git a/source4/librpc/ndr/ndr_drsblobs.c b/source4/librpc/ndr/ndr_drsblobs.c new file mode 100644 index 0000000000..47a6bb60c9 --- /dev/null +++ b/source4/librpc/ndr/ndr_drsblobs.c @@ -0,0 +1,213 @@ +/* + Unix SMB/CIFS implementation. + + Manually parsed structures found in the DRS protocol + + Copyright (C) Andrew Bartlett 2008 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include "includes.h" +#include "libcli/drsblobs.h" + +/* parser auto-generated by pidl, then hand-modified by abartlet */ + +/* Modified to have 'count' specified */ +static enum ndr_err_code ndr_push_AuthenticationInformationArray_with_count(struct ndr_push *ndr, int ndr_flags, int count, + const struct AuthenticationInformationArray *r) +{ + uint32_t cntr_array_0; + if (ndr_flags & NDR_SCALARS) { + NDR_CHECK(ndr_push_align(ndr, 4)); + for (cntr_array_0 = 0; cntr_array_0 < count; cntr_array_0++) { + NDR_CHECK(ndr_push_AuthenticationInformation(ndr, NDR_SCALARS, &r->array[cntr_array_0])); + } + } + if (ndr_flags & NDR_BUFFERS) { + for (cntr_array_0 = 0; cntr_array_0 < count; cntr_array_0++) { + NDR_CHECK(ndr_push_AuthenticationInformation(ndr, NDR_BUFFERS, &r->array[cntr_array_0])); + } + } + return NDR_ERR_SUCCESS; +} + +/* Modified to have 'count' specified, and to allocate the array */ +static enum ndr_err_code ndr_pull_AuthenticationInformationArray_with_count(struct ndr_pull *ndr, int ndr_flags, int count, struct AuthenticationInformationArray *r) +{ + uint32_t cntr_array_0; + TALLOC_CTX *_mem_save_array_0; + if (ndr_flags & NDR_SCALARS) { + NDR_CHECK(ndr_pull_align(ndr, 4)); + NDR_PULL_ALLOC_N(ndr, r->array, count); + _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); + for (cntr_array_0 = 0; cntr_array_0 < count; cntr_array_0++) { + NDR_CHECK(ndr_pull_AuthenticationInformation(ndr, NDR_SCALARS, &r->array[cntr_array_0])); + } + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); + } + if (ndr_flags & NDR_BUFFERS) { + for (cntr_array_0 = 0; cntr_array_0 < count; cntr_array_0++) { + NDR_CHECK(ndr_pull_AuthenticationInformation(ndr, NDR_BUFFERS, &r->array[cntr_array_0])); + } + } + return NDR_ERR_SUCCESS; +} + +/* Modified to have 'count' specified */ +_PUBLIC_ void ndr_print_AuthenticationInformationArray_with_count(struct ndr_print *ndr, const char *name, int count, const struct AuthenticationInformationArray *r) +{ + uint32_t cntr_array_0; + ndr_print_struct(ndr, name, "AuthenticationInformationArray"); + ndr->depth++; + ndr->print(ndr, "%s: ARRAY(%d)", "array", (int)1); + ndr->depth++; + for (cntr_array_0=0;cntr_array_0array[cntr_array_0]); + free(idx_0); + } + } + ndr->depth--; + ndr->depth--; +} + +/* Modified to call AuthenticationInformationArray with 'count' specified */ +_PUBLIC_ enum ndr_err_code ndr_push_trustAuthInOutBlob(struct ndr_push *ndr, int ndr_flags, const struct trustAuthInOutBlob *r) +{ + if (ndr_flags & NDR_SCALARS) { + NDR_CHECK(ndr_push_align(ndr, 4)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->count)); + NDR_CHECK(ndr_push_relative_ptr1(ndr, r->current)); + NDR_CHECK(ndr_push_relative_ptr1(ndr, r->previous)); + } + if (ndr_flags & NDR_BUFFERS) { + if (r->current) { + NDR_CHECK(ndr_push_relative_ptr2(ndr, r->current)); + NDR_CHECK(ndr_push_AuthenticationInformationArray_with_count(ndr, NDR_SCALARS|NDR_BUFFERS, r->count, r->current)); + } + if (r->previous) { + NDR_CHECK(ndr_push_relative_ptr2(ndr, r->previous)); + NDR_CHECK(ndr_push_AuthenticationInformationArray_with_count(ndr, NDR_SCALARS|NDR_BUFFERS, r->count, r->previous)); + } + } + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ enum ndr_err_code ndr_pull_trustAuthInOutBlob(struct ndr_pull *ndr, int ndr_flags, struct trustAuthInOutBlob *r) +{ + uint32_t _ptr_current; + TALLOC_CTX *_mem_save_current_0; + uint32_t _ptr_previous; + TALLOC_CTX *_mem_save_previous_0; + if (ndr_flags & NDR_SCALARS) { + NDR_CHECK(ndr_pull_align(ndr, 4)); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); + NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_current)); + if (_ptr_current) { + NDR_PULL_ALLOC(ndr, r->current); + NDR_CHECK(ndr_pull_relative_ptr1(ndr, r->current, _ptr_current)); + } else { + r->current = NULL; + } + NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_previous)); + if (_ptr_previous) { + NDR_PULL_ALLOC(ndr, r->previous); + NDR_CHECK(ndr_pull_relative_ptr1(ndr, r->previous, _ptr_previous)); + } else { + r->previous = NULL; + } + } + if (ndr_flags & NDR_BUFFERS) { + if (r->current) { + uint32_t _relative_save_offset; + _relative_save_offset = ndr->offset; + NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->current)); + _mem_save_current_0 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, r->current, 0); + NDR_CHECK(ndr_pull_AuthenticationInformationArray_with_count(ndr, NDR_SCALARS|NDR_BUFFERS, r->count, r->current)); + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_current_0, 0); + ndr->offset = _relative_save_offset; + } + if (r->previous) { + uint32_t _relative_save_offset; + _relative_save_offset = ndr->offset; + NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->previous)); + _mem_save_previous_0 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, r->previous, 0); + NDR_CHECK(ndr_pull_AuthenticationInformationArray_with_count(ndr, NDR_SCALARS|NDR_BUFFERS, r->count, r->previous)); + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_previous_0, 0); + ndr->offset = _relative_save_offset; + } + } + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ void ndr_print_trustAuthInOutBlob(struct ndr_print *ndr, const char *name, const struct trustAuthInOutBlob *r) +{ + ndr_print_struct(ndr, name, "trustAuthInOutBlob"); + ndr->depth++; + ndr_print_uint32(ndr, "count", r->count); + ndr_print_ptr(ndr, "current", r->current); + ndr->depth++; + if (r->current) { + ndr_print_AuthenticationInformationArray_with_count(ndr, "current", r->count, r->current); + } + ndr->depth--; + ndr_print_ptr(ndr, "previous", r->previous); + ndr->depth++; + if (r->previous) { + ndr_print_AuthenticationInformationArray_with_count(ndr, "previous", r->count, r->previous); + } + ndr->depth--; + ndr->depth--; +} + +_PUBLIC_ enum ndr_err_code ndr_pull_trustDomainPasswords(struct ndr_pull *ndr, int ndr_flags, struct trustDomainPasswords *r) +{ + if (ndr_flags & NDR_SCALARS) { + uint32_t offset; + NDR_PULL_ALIGN(ndr, 4); + NDR_PULL_NEED_BYTES(ndr, 8); + + offset = ndr->offset; + ndr->offset = ndr->data_size - 8; + + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->outgoing_size)); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->incoming_size)); + + ndr->offset = offset; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->confounder, 512)); + { + struct ndr_pull *_ndr_outgoing; + NDR_CHECK(ndr_pull_subcontext_start(ndr, &_ndr_outgoing, 0, r->outgoing_size)); + NDR_CHECK(ndr_pull_trustCurrentPasswords(_ndr_outgoing, NDR_SCALARS|NDR_BUFFERS, &r->outgoing)); + NDR_CHECK(ndr_pull_subcontext_end(ndr, _ndr_outgoing, 0, r->outgoing_size)); + } + { + struct ndr_pull *_ndr_incoming; + NDR_CHECK(ndr_pull_subcontext_start(ndr, &_ndr_incoming, 0, r->incoming_size)); + NDR_CHECK(ndr_pull_trustCurrentPasswords(_ndr_incoming, NDR_SCALARS|NDR_BUFFERS, &r->incoming)); + NDR_CHECK(ndr_pull_subcontext_end(ndr, _ndr_incoming, 0, r->incoming_size)); + } + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->outgoing_size)); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->incoming_size)); + } + if (ndr_flags & NDR_BUFFERS) { + } + return NDR_ERR_SUCCESS; +} + diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c index 3b70f3e934..4c3c708d4a 100644 --- a/source4/rpc_server/lsa/dcesrv_lsa.c +++ b/source4/rpc_server/lsa/dcesrv_lsa.c @@ -626,7 +626,7 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc const char *name; DATA_BLOB session_key = data_blob(NULL, 0); DATA_BLOB trustAuthIncoming, trustAuthOutgoing, auth_blob; - struct trustAuthInAndOutBlob auth_struct; + struct trustDomainPasswords auth_struct; int ret; NTSTATUS nt_status; enum ndr_err_code ndr_err; @@ -679,7 +679,7 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc ndr_err = ndr_pull_struct_blob(&auth_blob, mem_ctx, lp_iconv_convenience(dce_call->conn->dce_ctx->lp_ctx), &auth_struct, - (ndr_pull_flags_fn_t)ndr_pull_trustAuthInAndOutBlob); + (ndr_pull_flags_fn_t)ndr_pull_trustDomainPasswords); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { return NT_STATUS_INVALID_PARAMETER; } @@ -689,7 +689,7 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc ndr_err = ndr_push_struct_blob(&trustAuthIncoming, mem_ctx, lp_iconv_convenience(dce_call->conn->dce_ctx->lp_ctx), &auth_struct.incoming, - (ndr_push_flags_fn_t)ndr_push_trustAuthInOutBlob); + (ndr_push_flags_fn_t)ndr_push_trustDomainPasswords); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { return NT_STATUS_INVALID_PARAMETER; } @@ -701,7 +701,7 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc ndr_err = ndr_push_struct_blob(&trustAuthOutgoing, mem_ctx, lp_iconv_convenience(dce_call->conn->dce_ctx->lp_ctx), &auth_struct.outgoing, - (ndr_push_flags_fn_t)ndr_push_trustAuthInOutBlob); + (ndr_push_flags_fn_t)ndr_push_trustDomainPasswords); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { return NT_STATUS_INVALID_PARAMETER; } diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c index 69bf33352b..af5ee4f6e1 100644 --- a/source4/torture/rpc/lsa.c +++ b/source4/torture/rpc/lsa.c @@ -2077,7 +2077,7 @@ static bool test_CreateTrustedDomainEx2(struct dcerpc_pipe *p, struct lsa_CreateTrustedDomainEx2 r; struct lsa_TrustDomainInfoInfoEx trustinfo; struct lsa_TrustDomainInfoAuthInfoInternal authinfo; - struct trustAuthInAndOutBlob auth_struct; + struct trustDomainPasswords auth_struct; DATA_BLOB auth_blob; struct dom_sid *domsid[12]; struct policy_handle trustdom_handle[12]; @@ -2125,9 +2125,9 @@ static bool test_CreateTrustedDomainEx2(struct dcerpc_pipe *p, auth_struct.incoming.count = 0; ndr_err = ndr_push_struct_blob(&auth_blob, mem_ctx, lp_iconv_convenience(tctx->lp_ctx), &auth_struct, - (ndr_push_flags_fn_t)ndr_push_trustAuthInAndOutBlob); + (ndr_push_flags_fn_t)ndr_push_trustDomainPasswords); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - printf("ndr_push_struct_blob of trustAuthInAndOutBlob structure failed"); + printf("ndr_push_struct_blob of trustDomainPasswords structure failed"); ret = false; } -- cgit From 04edf11bee9f248241c46ce809870163a16d3ba0 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 29 Sep 2008 22:34:30 -0700 Subject: Rework to match new trustDomainPasswords IDL --- source4/rpc_server/lsa/dcesrv_lsa.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'source4') diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c index 4c3c708d4a..7b15241b96 100644 --- a/source4/rpc_server/lsa/dcesrv_lsa.c +++ b/source4/rpc_server/lsa/dcesrv_lsa.c @@ -859,11 +859,11 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc if (auth_struct.incoming.count) { int i; for (i=0; i < auth_struct.incoming.count; i++ ) { - if (auth_struct.incoming.current->array[i].AuthType == TRUST_AUTH_TYPE_NT4OWF) { + if (auth_struct.incoming.current[i]->AuthType == TRUST_AUTH_TYPE_NT4OWF) { samdb_msg_add_hash(trusted_domain_state->policy->sam_ldb, mem_ctx, msg_user, "unicodePwd", - &auth_struct.incoming.current->array[i].AuthInfo.nt4owf.password); - } else if (auth_struct.incoming.current->array[i].AuthType == TRUST_AUTH_TYPE_CLEAR) { + &auth_struct.incoming.current[i]->AuthInfo.nt4owf.password); + } else if (auth_struct.incoming.current[i]->AuthType == TRUST_AUTH_TYPE_CLEAR) { struct samr_Password hash; /* . We cannot do this, as windows chooses to send in random passwords here, that won't convert to UTF8 @@ -871,8 +871,8 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc mem_ctx, msg_user, "userPassword", auth_struct.incoming.current->array[i].AuthInfo.clear.password); */ - mdfour(hash.hash, auth_struct.incoming.current->array[i].AuthInfo.clear.password, - auth_struct.incoming.current->array[i].AuthInfo.clear.size); + mdfour(hash.hash, auth_struct.incoming.current[i]->AuthInfo.clear.password, + auth_struct.incoming.current[i]->AuthInfo.clear.size); samdb_msg_add_hash(trusted_domain_state->policy->sam_ldb, mem_ctx, msg_user, "unicodePwd", &hash); -- cgit From e622325155a13fd9f6f85a767d345344f18eca41 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 30 Sep 2008 08:41:16 +0200 Subject: s4:smb_server/smb: FLAGS2_SMB_SECURITY_SIGNATURES should only be echoed, not set always metze --- source4/smb_server/smb/request.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'source4') diff --git a/source4/smb_server/smb/request.c b/source4/smb_server/smb/request.c index eb3e100b96..241c262857 100644 --- a/source4/smb_server/smb/request.c +++ b/source4/smb_server/smb/request.c @@ -135,15 +135,16 @@ void smbsrv_setup_reply(struct smbsrv_request *req, uint_t wct, size_t buflen) flags2 = FLAGS2_LONG_PATH_COMPONENTS | FLAGS2_EXTENDED_ATTRIBUTES | FLAGS2_IS_LONG_NAME; - flags2 |= (req->flags2 & (FLAGS2_UNICODE_STRINGS|FLAGS2_EXTENDED_SECURITY)); +#define _SMB_FLAGS2_ECHOED_FLAGS ( \ + FLAGS2_UNICODE_STRINGS | \ + FLAGS2_EXTENDED_SECURITY | \ + FLAGS2_SMB_SECURITY_SIGNATURES \ +) + flags2 |= (req->flags2 & _SMB_FLAGS2_ECHOED_FLAGS); if (req->smb_conn->negotiate.client_caps & CAP_STATUS32) { flags2 |= FLAGS2_32_BIT_ERROR_CODES; } - if (req->smb_conn->signing.allow_smb_signing || req->smb_conn->signing.mandatory_signing) { - flags2 |= FLAGS2_SMB_SECURITY_SIGNATURES; - } - req->out.hdr = req->out.buffer + NBT_HDR_SIZE; req->out.vwv = req->out.hdr + HDR_VWV; req->out.wct = wct; -- cgit From 394f24b374e1fda8dc8222b71ce164a1a79efde6 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 30 Sep 2008 09:04:52 +0200 Subject: s4:drsblob: fix the build metze --- source4/libcli/drsblobs.h | 28 ---------------------------- source4/librpc/ndr/ndr_drsblobs.c | 2 +- 2 files changed, 1 insertion(+), 29 deletions(-) delete mode 100644 source4/libcli/drsblobs.h (limited to 'source4') diff --git a/source4/libcli/drsblobs.h b/source4/libcli/drsblobs.h deleted file mode 100644 index 8fee4114be..0000000000 --- a/source4/libcli/drsblobs.h +++ /dev/null @@ -1,28 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Manually parsed structures found in the DRS protocol - - Copyright (C) Andrew Bartlett 2008 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -#ifndef __LIBCLI_DRSBLOBS_H__ -#define __LIBCLI_DRSBLOBS_H__ - -#include "librpc/gen_ndr/ndr_drsblobs.h" - -#include "libcli/drsblobs_proto.h" -#endif /* __CLDAP_SERVER_PROTO_H__ */ diff --git a/source4/librpc/ndr/ndr_drsblobs.c b/source4/librpc/ndr/ndr_drsblobs.c index 47a6bb60c9..aecb0c3b16 100644 --- a/source4/librpc/ndr/ndr_drsblobs.c +++ b/source4/librpc/ndr/ndr_drsblobs.c @@ -20,7 +20,7 @@ */ #include "includes.h" -#include "libcli/drsblobs.h" +#include "librpc/gen_ndr/ndr_drsblobs.h" /* parser auto-generated by pidl, then hand-modified by abartlet */ -- cgit From 7f1c02cd7a8f4238041406acab061f34c587c69a Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 30 Sep 2008 15:24:46 +0200 Subject: Enable winreg Python tests - authentication works now. --- source4/samba4-skip | 1 - source4/scripting/python/samba/tests/dcerpc/rpcecho.py | 3 ++- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'source4') diff --git a/source4/samba4-skip b/source4/samba4-skip index 5fa40ee706..e3e2d2d525 100644 --- a/source4/samba4-skip +++ b/source4/samba4-skip @@ -59,4 +59,3 @@ samba4.ntvfs.cifs.raw. ^samba4.net.api.become.dc.*$ # Fails nss.test # Fails raw.offline # Samba 4 doesn't have much offline support yet -winreg* #Does not authenticate against the target server diff --git a/source4/scripting/python/samba/tests/dcerpc/rpcecho.py b/source4/scripting/python/samba/tests/dcerpc/rpcecho.py index 12638e2397..06790736b8 100644 --- a/source4/scripting/python/samba/tests/dcerpc/rpcecho.py +++ b/source4/scripting/python/samba/tests/dcerpc/rpcecho.py @@ -25,7 +25,8 @@ from samba.tests import RpcInterfaceTestCase class RpcEchoTests(RpcInterfaceTestCase): def setUp(self): - self.conn = echo.rpcecho("ncalrpc:", self.get_loadparm()) + self.conn = echo.rpcecho("ncalrpc:", self.get_loadparm(), + self.get_credentials()) def test_two_contexts(self): self.conn2 = echo.rpcecho("ncalrpc:", self.get_loadparm(), basis_connection=self.conn) -- cgit From a36b6c5a42212e175ece8e9f5aa74f2741ec8868 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 30 Sep 2008 16:02:09 +0200 Subject: Make Sid member variables accessible from Python. --- source4/libcli/security/security.i | 6 ++ source4/libcli/security/security.py | 4 ++ source4/libcli/security/security_wrap.c | 118 ++++++++++++++++++++++++++++++++ 3 files changed, 128 insertions(+) (limited to 'source4') diff --git a/source4/libcli/security/security.i b/source4/libcli/security/security.i index 6ba106bb5f..420439d147 100644 --- a/source4/libcli/security/security.i +++ b/source4/libcli/security/security.i @@ -105,6 +105,12 @@ typedef struct security_descriptor { %talloctype(dom_sid); typedef struct dom_sid { + %immutable; + uint8_t sid_rev_num; + int8_t num_auths;/* [range(0,15)] */ + uint8_t id_auth[6]; + uint32_t *sub_auths; + %mutable; %extend { dom_sid(TALLOC_CTX *mem_ctx, const char *text) { return dom_sid_parse_talloc(mem_ctx, text); diff --git a/source4/libcli/security/security.py b/source4/libcli/security/security.py index c310dde56b..8afb3eda61 100644 --- a/source4/libcli/security/security.py +++ b/source4/libcli/security/security.py @@ -147,6 +147,10 @@ security_descriptor_swigregister(security_descriptor) class Sid(object): thisown = _swig_property(lambda x: x.this.own(), lambda x, v: x.this.own(v), doc='The membership flag') __repr__ = _swig_repr + sid_rev_num = _swig_property(_security.Sid_sid_rev_num_get) + num_auths = _swig_property(_security.Sid_num_auths_get) + id_auth = _swig_property(_security.Sid_id_auth_get) + sub_auths = _swig_property(_security.Sid_sub_auths_get) def __init__(self, *args, **kwargs): _security.Sid_swiginit(self,_security.new_Sid(*args, **kwargs)) def __repr__(self): diff --git a/source4/libcli/security/security_wrap.c b/source4/libcli/security/security_wrap.c index b7d66b5aec..f7e3c2fb21 100644 --- a/source4/libcli/security/security_wrap.c +++ b/source4/libcli/security/security_wrap.c @@ -2712,6 +2712,28 @@ SWIGINTERN void delete_security_token(security_token *self){ talloc_free(self); SWIGINTERN security_descriptor *new_security_descriptor(TALLOC_CTX *mem_ctx){ return security_descriptor_initialise(mem_ctx); } SWIGINTERN void delete_security_descriptor(security_descriptor *self){ talloc_free(self); } +SWIGINTERNINLINE PyObject* +SWIG_From_unsigned_SS_long (unsigned long value) +{ + return (value > LONG_MAX) ? + PyLong_FromUnsignedLong(value) : PyInt_FromLong((long)(value)); +} + + +SWIGINTERNINLINE PyObject * +SWIG_From_unsigned_SS_char (unsigned char value) +{ + return SWIG_From_unsigned_SS_long (value); +} + + +SWIGINTERNINLINE PyObject * +SWIG_From_signed_SS_char (signed char value) +{ + return SWIG_From_long (value); +} + + SWIGINTERN swig_type_info* SWIG_pchar_descriptor(void) { @@ -3337,6 +3359,98 @@ SWIGINTERN PyObject *security_descriptor_swiginit(PyObject *SWIGUNUSEDPARM(self) return SWIG_Python_InitShadowInstance(args); } +SWIGINTERN PyObject *_wrap_Sid_sid_rev_num_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + dom_sid *arg1 = (dom_sid *) 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject *swig_obj[1] ; + uint8_t result; + + if (!args) SWIG_fail; + swig_obj[0] = args; + res1 = SWIG_ConvertPtr(swig_obj[0], &argp1,SWIGTYPE_p_dom_sid, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "Sid_sid_rev_num_get" "', argument " "1"" of type '" "dom_sid *""'"); + } + arg1 = (dom_sid *)(argp1); + result = (uint8_t) ((arg1)->sid_rev_num); + resultobj = SWIG_From_unsigned_SS_char((unsigned char)(result)); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_Sid_num_auths_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + dom_sid *arg1 = (dom_sid *) 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject *swig_obj[1] ; + int8_t result; + + if (!args) SWIG_fail; + swig_obj[0] = args; + res1 = SWIG_ConvertPtr(swig_obj[0], &argp1,SWIGTYPE_p_dom_sid, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "Sid_num_auths_get" "', argument " "1"" of type '" "dom_sid *""'"); + } + arg1 = (dom_sid *)(argp1); + result = (int8_t) ((arg1)->num_auths); + resultobj = SWIG_From_signed_SS_char((signed char)(result)); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_Sid_id_auth_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + dom_sid *arg1 = (dom_sid *) 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject *swig_obj[1] ; + uint8_t *result = 0 ; + + if (!args) SWIG_fail; + swig_obj[0] = args; + res1 = SWIG_ConvertPtr(swig_obj[0], &argp1,SWIGTYPE_p_dom_sid, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "Sid_id_auth_get" "', argument " "1"" of type '" "dom_sid *""'"); + } + arg1 = (dom_sid *)(argp1); + result = (uint8_t *)(uint8_t *) ((arg1)->id_auth); + resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_unsigned_char, 0 | 0 ); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_Sid_sub_auths_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + dom_sid *arg1 = (dom_sid *) 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject *swig_obj[1] ; + uint32_t *result = 0 ; + + if (!args) SWIG_fail; + swig_obj[0] = args; + res1 = SWIG_ConvertPtr(swig_obj[0], &argp1,SWIGTYPE_p_dom_sid, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "Sid_sub_auths_get" "', argument " "1"" of type '" "dom_sid *""'"); + } + arg1 = (dom_sid *)(argp1); + result = (uint32_t *) ((arg1)->sub_auths); + resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_unsigned_int, 0 | 0 ); + return resultobj; +fail: + return NULL; +} + + SWIGINTERN PyObject *_wrap_new_Sid(PyObject *SWIGUNUSEDPARM(self), PyObject *args, PyObject *kwargs) { PyObject *resultobj = 0; TALLOC_CTX *arg1 = (TALLOC_CTX *) 0 ; @@ -3561,6 +3675,10 @@ static PyMethodDef SwigMethods[] = { { (char *)"delete_security_descriptor", (PyCFunction)_wrap_delete_security_descriptor, METH_O, NULL}, { (char *)"security_descriptor_swigregister", security_descriptor_swigregister, METH_VARARGS, NULL}, { (char *)"security_descriptor_swiginit", security_descriptor_swiginit, METH_VARARGS, NULL}, + { (char *)"Sid_sid_rev_num_get", (PyCFunction)_wrap_Sid_sid_rev_num_get, METH_O, NULL}, + { (char *)"Sid_num_auths_get", (PyCFunction)_wrap_Sid_num_auths_get, METH_O, NULL}, + { (char *)"Sid_id_auth_get", (PyCFunction)_wrap_Sid_id_auth_get, METH_O, NULL}, + { (char *)"Sid_sub_auths_get", (PyCFunction)_wrap_Sid_sub_auths_get, METH_O, NULL}, { (char *)"new_Sid", (PyCFunction) _wrap_new_Sid, METH_VARARGS | METH_KEYWORDS, NULL}, { (char *)"Sid___str__", (PyCFunction)_wrap_Sid___str__, METH_O, NULL}, { (char *)"Sid___eq__", (PyCFunction) _wrap_Sid___eq__, METH_VARARGS | METH_KEYWORDS, NULL}, -- cgit From 3d8323fbff85709ab64ea039044a555975821b7f Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 30 Sep 2008 16:02:21 +0200 Subject: Compare sids in samba3sam tests. --- source4/dsdb/samdb/ldb_modules/tests/samba3sam.py | 32 +++++++++++++++-------- 1 file changed, 21 insertions(+), 11 deletions(-) (limited to 'source4') diff --git a/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py b/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py index 882376cb09..1fc531902d 100644 --- a/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py +++ b/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py @@ -27,6 +27,9 @@ import ldb from ldb import SCOPE_DEFAULT, SCOPE_BASE, SCOPE_SUBTREE from samba import Ldb, substitute_var from samba.tests import LdbTestCase, TestCaseInTempDir, cmdline_loadparm +import samba.dcerpc.security +import samba.security +import samba.ndr datadir = os.path.join(os.path.dirname(__file__), "../../../../../testdata/samba3") @@ -112,6 +115,18 @@ class MapBaseTestCase(TestCaseInTempDir): os.unlink(self.samba4.file) super(MapBaseTestCase, self).tearDown() + def assertSidEquals(self, text, ndr_sid): + sid_obj1 = samba.ndr.ndr_unpack(samba.dcerpc.security.dom_sid, + str(ndr_sid[0])) + sid_obj2 = samba.security.Sid(text) + # For now, this is the only way we can compare these since the + # classes are in different places. Should reconcile that at some point. + self.assertEquals(sid_obj1.sid_rev_num, sid_obj2.sid_rev_num) + self.assertEquals(sid_obj1.num_auths, sid_obj2.num_auths) + # FIXME: self.assertEquals(sid_obj1.id_auth, sid_obj2.id_auth) + # FIXME: self.assertEquals(sid_obj1.sub_auths[:sid_obj1.num_auths], + # sid_obj2.sub_auths[:sid_obj2.num_auths]) + class Samba3SamTestCase(MapBaseTestCase): @@ -150,10 +165,8 @@ class Samba3SamTestCase(MapBaseTestCase): self.assertEquals(str(msg[0].dn), "cn=Replicator,ou=Groups,dc=vernstok,dc=nl") self.assertTrue("objectSid" in msg[0]) - # FIXME: NDR unpack msg[0]["objectSid"] before comparing: - # self.assertEquals(msg[0]["objectSid"], - # "S-1-5-21-4231626423-2410014848-2360679739-552") - # Check mapping of objectClass + self.assertSidEquals("S-1-5-21-4231626423-2410014848-2360679739-552", + msg[0]["objectSid"]) oc = set(msg[0]["objectClass"]) self.assertEquals(oc, set(["group"])) @@ -459,17 +472,14 @@ primaryGroupID: 1-5-21-4231626423-2410014848-2360679739-512 self.assertEquals(str(res[0].dn), self.samba4.dn("cn=X")) self.assertEquals(res[0]["dnsHostName"], "x") self.assertEquals(res[0]["lastLogon"], "x") - # FIXME:Properly compare sid,requires converting between NDR encoding - # and string - #self.assertEquals(res[0]["objectSid"], - # "S-1-5-21-4231626423-2410014848-2360679739-552") + self.assertSidEquals("S-1-5-21-4231626423-2410014848-2360679739-552", + res[0]["objectSid"]) self.assertTrue("objectSid" in res[0]) self.assertEquals(str(res[1].dn), self.samba4.dn("cn=A")) self.assertTrue(not "dnsHostName" in res[1]) self.assertEquals(res[1]["lastLogon"], "x") - # FIXME: Properly compare sid,see above - #self.assertEquals(res[1]["objectSid"], - # "S-1-5-21-4231626423-2410014848-2360679739-552") + self.assertSidEquals("S-1-5-21-4231626423-2410014848-2360679739-552", + res[1]["objectSid"]) self.assertTrue("objectSid" in res[1]) # Search by generated attribute -- cgit From 717b36c672441f8cd86bf550ab0fabc52a3a3821 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 30 Sep 2008 07:14:31 -0700 Subject: merged a bugfix for the idtree code from the Linux kernel. This matches commit 7aae6dd80e265aa9402ed507caaff4a5dba55069 in the kernel. Many thanks to Jim Houston for pointing out this fix to us --- source4/lib/util/idtree.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/lib/util/idtree.c b/source4/lib/util/idtree.c index 1e2cc2976a..392f4e81f8 100644 --- a/source4/lib/util/idtree.c +++ b/source4/lib/util/idtree.c @@ -105,12 +105,13 @@ static int sub_alloc(struct idr_context *idp, void *ptr, int *starting_id) int n, m, sh; struct idr_layer *p, *new; struct idr_layer *pa[MAX_LEVEL]; - int l, id; + int l, id, oid; uint32_t bm; memset(pa, 0, sizeof(pa)); id = *starting_id; +restart: p = idp->top; l = idp->layers; pa[l--] = NULL; @@ -124,12 +125,23 @@ static int sub_alloc(struct idr_context *idp, void *ptr, int *starting_id) if (m == IDR_SIZE) { /* no space available go back to previous layer. */ l++; + oid = id; id = (id | ((1 << (IDR_BITS*l))-1)) + 1; + + /* if already at the top layer, we need to grow */ if (!(p = pa[l])) { *starting_id = id; return -2; } + + /* If we need to go up one layer, continue the + * loop; otherwise, restart from the top. + */ + sh = IDR_BITS * (l + 1); + if (oid >> sh == id >> sh) continue; + else + goto restart; } if (m != n) { sh = IDR_BITS*l; -- cgit From 4f07894c29996eb3e30fc79287d224ec2dbd80ee Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 30 Sep 2008 07:17:02 -0700 Subject: The author of the upstream code asked for this code to be GPLv2+ not GPLv3 --- source4/lib/util/idtree.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/lib/util/idtree.c b/source4/lib/util/idtree.c index 392f4e81f8..193922973f 100644 --- a/source4/lib/util/idtree.c +++ b/source4/lib/util/idtree.c @@ -12,7 +12,7 @@ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or + the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, -- cgit From e0af9601e1535b847e3c82e334d6a9de2ff3580d Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 30 Sep 2008 16:41:21 +0200 Subject: Fix FHS flag, rename to --enable-fhs since it's a feature flag and doesn't take any arguments. --- source4/build/m4/check_path.m4 | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) (limited to 'source4') diff --git a/source4/build/m4/check_path.m4 b/source4/build/m4/check_path.m4 index 51d5daa913..666dd3b0ae 100644 --- a/source4/build/m4/check_path.m4 +++ b/source4/build/m4/check_path.m4 @@ -23,13 +23,13 @@ winbindd_socket_dir="${localstatedir}/run/winbindd" winbindd_privileged_socket_dir="${localstatedir}/lib/winbindd_privileged" ntp_signd_socket_dir="${localstatedir}/run/ntp_signd" -# Check to prevent installing directly under /usr without the FHS -AS_IF([test ${prefix} == /usr],[ - AC_MSG_ERROR([Don't install directly under "/usr" without using the FHS option (--with-fhs). This could lead to file loss!]) -]) +AC_ARG_ENABLE(fhs, +[AS_HELP_STRING([--enable-fhs],[Use FHS-compliant paths (default=no)])], +[fhs=$enableval], +[fhs=no] +) -AC_ARG_WITH(fhs, -[AS_HELP_STRING([--with-fhs],[Use FHS-compliant paths (default=no)])], +if test x$fhs = xyes; then lockdir="${localstatedir}/lib/samba" piddir="${localstatedir}/run/samba" logfilebase="${localstatedir}/log/samba" @@ -41,7 +41,12 @@ AC_ARG_WITH(fhs, ntp_signd_socket_dir="${localstatedir}/run/samba/ntp_signd" winbindd_socket_dir="${localstatedir}/run/samba/winbindd" winbindd_privileged_socket_dir="${localstatedir}/lib/samba/winbindd_privileged" -) +else + # Check to prevent installing directly under /usr without the FHS + AS_IF([test $prefix == /usr || $prefix == /usr/local],[ + AC_MSG_ERROR([Don't install directly under "/usr" or "/usr/local" without using the FHS option (--enable-fhs). This could lead to file loss!]) + ]) +fi ################################################# # set private directory location -- cgit From 40a6a28170881e567d130c10bec700441423d1e8 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 30 Sep 2008 17:11:39 +0200 Subject: Move Samba4-specific files into source4/ --- source4/BUGS | 24 +++ source4/NEWS | 508 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ source4/TODO | 278 ++++++++++++++++++++++++++++++++ 3 files changed, 810 insertions(+) create mode 100644 source4/BUGS create mode 100644 source4/NEWS create mode 100644 source4/TODO (limited to 'source4') diff --git a/source4/BUGS b/source4/BUGS new file mode 100644 index 0000000000..1a9790ddd9 --- /dev/null +++ b/source4/BUGS @@ -0,0 +1,24 @@ +Samba4 alpha4 is not a final Samba release. That is more a reference +to Samba4's lack of the features we expect you will need than a +statement of code quality, but clearly it hasn't seen a broad +deployment yet. If you were to upgrade Samba3 (or indeed Windows) to +Samba4, you would find many things work, but that other key features +you may have relied on simply are not there yet. + +For example, while Samba 3.0 is an excellent member of a Active +Directory domain, Samba4 is happier as a domain controller, and it is +in this role where it has seen deployment into production. + +Samba4 is subjected to an awesome battery of tests on an +automated basis, we have found Samba4 to be very stable in it's +behaviour. We have to recommend against upgrading production servers +from Samba 3 to Samba 4 at this stage, because there may be the features on +which you may rely that are not present, or the mapping of +your configuration and user database may not be complete. + +If you are upgrading, or looking to develop, test or deploy Samba4, you should +backup all configuration and data. + +We welcome your testing, please file bug reports at +https://bugzilla.samba.org/, product: Samba4. Please include as much +information as possible, such as GIT revision number and backtraces. diff --git a/source4/NEWS b/source4/NEWS new file mode 100644 index 0000000000..8a63719a0e --- /dev/null +++ b/source4/NEWS @@ -0,0 +1,508 @@ +This file aims to document the major changes since the latest released version +of Samba, 3.0. Samba 4.0 contains rewrites of several subsystems +and uses a different internal format for most data. Since this +file is an initial draft, please update missing items. + +One of the main goals of Samba 4 was Active Directory Domain Controller +support. This means Samba now implements several protocols that are required +by AD such as Kerberos and DNS. + +An (experimental) upgrade script that performs a one-way upgrade +from Samba 3 is available in source/setup/upgrade. + +Removal of nmbd and introduction of process models +================================================== +smbd now implements several network protocols other than just CIFS and +DCE/RPC. nmbd's functionality has been merged into smbd. smbd supports +various 'process models' that specify how concurrent connections are +handled (when to fork, use threads, etc). + +Introduction of LDB +=================== +Samba now stores most of its persistent data in a LDAP-like database +called LDB (see ldb(7) for more info). + +Removed SWAT +================== +Unlike previous versions, Samba4 does not provide a web interface at this time. + +Built-in KDC +============ +Samba4 ships with an integrated KDC (Kerberos Key Distribution +Center). Backed directly onto our main internal database, and +integrated with custom code to handle the PAC, Samba4's KDC is an +integral part of our support for AD logon protocols. + +Built-in LDAP Server +==================== +Like the situation with the KDC, Samba4 ships with it's own LDAP +server, included to provide simple, built-in LDAP services in an AD +(rather than distinctly standards) matching manner. The database is +LDB, and it shares that in common with the rest of Samba. + +Changed configuration options +============================= +Several configuration options have been removed in Samba4 while others have +been introduced. This section contains a summary of changes to smb.conf and +where these settings moved. Configuration options that have disappeared may be +re-added later when the functionality that uses them gets reimplemented in +Samba 4. + +The 'security' parameter has been split up. It is now only used to choose +between the 'user' and 'share' security levels (the latter is not supported +in Samba 4 yet). The other values of this option and the 'domain master' and +'domain logons' parameters have been merged into a 'server role' parameter +that can be either 'domain controller', 'member server' or 'standalone'. Note that +member server support does not work yet. + +The following parameters have been removed: +- passdb backend: accounts are now stored in a LDB-based SAM database, + see 'sam database' below. +- update encrypted +- public +- guest ok +- client schannel +- server schannel +- allow trusted domains +- hosts equiv +- map to guest +- smb passwd file +- algorithmic rid base +- root directory +- root dir +- root +- guest account +- enable privileges +- pam password change +- passwd program +- passwd chat debug +- passwd chat timeout +- check password script +- username map +- username level +- unix password sync +- restrict anonymous +- username +- user +- users +- invalid users +- valid users +- admin users +- read list +- write list +- printer admin +- force user +- force group +- group +- write ok +- writeable +- writable +- acl check permissions +- acl group control +- acl map full control +- create mask +- create mode +- force create mode +- security mask +- force security mode +- directory mask +- directory mode +- force directory mode +- directory security mask +- force directory security mode +- force unknown acl user +- inherit permissions +- inherit acls +- inherit owner +- guest only +- only guest +- only user +- allow hosts +- deny hosts +- preload modules +- use kerberos keytab +- syslog +- syslog only +- max log size +- debug timestamp +- timestamp logs +- debug hires timestamp +- debug pid +- debug uid +- allocation roundup size +- aio read size +- aio write size +- aio write behind +- large readwrite +- protocol +- read bmpx +- reset on zero vc +- acl compatibility +- defer sharing violations +- ea support +- nt acl support +- nt pipe support +- profile acls +- map acl inherit +- afs share +- max ttl +- client use spnego +- enable asu support +- svcctl list +- block size +- change notify timeout +- deadtime +- getwd cache +- keepalive +- kernel change notify +- lpq cache time +- max smbd processes +- max disk size +- max open files +- min print space +- strict allocate +- sync always +- use mmap +- use sendfile +- hostname lookups +- write cache size +- name cache timeout +- max reported print jobs +- load printers +- printcap cache time +- printcap name +- printcap +- printing +- cups options +- cups server +- iprint server +- print command +- disable spoolss +- enable spoolss +- lpq command +- lprm command +- lppause command +- lpresume command +- queuepause command +- queueresume command +- enumports command +- addprinter command +- deleteprinter command +- show add printer wizard +- os2 driver map +- use client driver +- default devmode +- force printername +- mangling method +- mangle prefix +- default case +- case sensitive +- casesignames +- preserve case +- short preserve case +- mangling char +- hide dot files +- hide special files +- hide unreadable +- hide unwriteable files +- delete veto files +- veto files +- hide files +- veto oplock files +- map readonly +- mangled names +- mangled map +- max stat cache size +- stat cache +- store dos attributes +- machine password timeout +- add user script +- rename user script +- delete user script +- add group script +- delete group script +- add user to group script +- delete user from group script +- set primary group script +- add machine script +- shutdown script +- abort shutdown script +- username map script +- logon script +- logon path +- logon drive +- logon home +- domain logons +- os level +- lm announce +- lm interval +- domain master +- browse list +- enhanced browsing +- wins proxy +- wins hook +- wins partners +- blocking locks +- fake oplocks +- kernel oplocks +- locking +- lock spin count +- lock spin time +- level2 oplocks +- oplock break wait time +- oplock contention limit +- posix locking +- share modes +- ldap server +- ldap port +- ldap admin dn +- ldap delete dn +- ldap group suffix +- ldap idmap suffix +- ldap machine suffix +- ldap passwd sync +- ldap password sync +- ldap replication sleep +- ldap suffix +- ldap ssl +- ldap timeout +- ldap page size +- ldap user suffix +- add share command +- change share command +- delete share command +- eventlog list +- utmp directory +- wtmp directory +- utmp +- default service +- default +- message command +- dfree cache time +- dfree command +- get quota command +- set quota command +- remote announce +- remote browse sync +- homedir map +- afs username map +- afs token lifetime +- log nt token command +- time offset +- NIS homedir +- preexec +- exec +- preexec close +- postexec +- root preexec +- root preexec close +- root postexec +- set directory +- wide links +- follow symlinks +- dont descend +- magic script +- magic output +- delete readonly +- dos filemode +- dos filetimes +- dos filetime resolution +- fake directory create times +- panic action +- vfs objects +- vfs object +- msdfs root +- msdfs proxy +- host msdfs +- enable rid algorithm +- passdb expand explicit +- idmap backend +- idmap uid +- winbind uid +- idmap gid +- winbind gid +- template homedir +- template shell +- winbind separator +- winbind cache time +- winbind enum users +- winbind enum groups +- winbind use default domain +- winbind trusted domains only +- winbind nested groups +- winbind max idle children +- winbind nss info + +The following parameters have been added: ++ rpc big endian (G) + Make Samba fake it is running on a bigendian machine when using DCE/RPC. + Useful for debugging. + + Default: no + ++ case insensitive filesystem (S) + Set to true if this share is located on a case-insensitive filesystem. + This disables looking for a filename by trying all possible combinations of + uppercase/lowercase characters and thus speeds up operations when a + file cannot be found. + + Default: no + ++ js include (G) + Path to JavaScript library. + + Default: Set at compile-time + ++ setup directory + Path to data used by provisioning script. + + Default: Set at compile-time + ++ ncalrpc dir + Directory to use for UNIX sockets used by the 'ncalrpc' DCE/RPC transport. + + Default: Set at compile-time + ++ ntvfs handler + Backend to the NT VFS to use (more than one can be specified). Available + backends include: + + - posix: + Maps POSIX FS semantics to NT semantics + + - simple: + Very simple backend (original testing backend). + + - unixuid: + Sets up user credentials based on POSIX gid/uid. + + - cifs: + Proxies a remote CIFS FS. Mainly useful for testing. + + - nbench: + Filter module that saves data useful to the nbench benchmark suite. + + - ipc: + Allows using SMB for inter process communication. Only used for + the IPC$ share. + + - print: + Allows printing over SMB. This is LANMAN-style printing (?), not + the be confused with the spoolss DCE/RPC interface used by later + versions of Windows. + + Default: unixuid default + ++ ntptr providor + FIXME + ++ dcerpc endpoint servers + What DCE/RPC servers to start. + + Default: epmapper srvsvc wkssvc rpcecho samr netlogon lsarpc spoolss drsuapi winreg dssetup + ++ server services + Services Samba should provide. + + Default: smb rpc nbt wrepl ldap cldap web kdc + ++ sam database + Location of the SAM (account database) database. This should be a + LDB URL. + + Default: set at compile-time + ++ spoolss database + Spoolss (printer) DCE/RPC server database. This should be a LDB URL. + + Default: set at compile-time + ++ wins config database + WINS configuration database location. This should be a LDB URL. + + Default: set at compile-time + ++ wins database + WINS database location. This should be a LDB URL. + + Default: set at compile-time + ++ client use spnego principal + Tells the client to use the Kerberos service principal specified by the + server during the security protocol negotation rather than + looking up the principal itself (cifs/hostname). + + Default: false + ++ nbt port + TCP/IP Port used by the NetBIOS over TCP/IP (NBT) implementation. + + Default: 137 + ++ dgram port + UDP/IP port used by the NetBIOS over TCP/IP (NBT) implementation. + + Default: 138 + ++ cldap port + UDP/IP port used by the CLDAP protocol. + + Default: 389 + ++ krb5 port + IP port used by the kerberos KDC. + + Default: 88 + ++ kpasswd port + IP port used by the kerberos password change protocol. + + Default: 464 + ++ web port + TCP/IP port SWAT should listen on. + + Default: 901 + ++ tls enabled + Enable TLS support for SWAT + + Default: true + ++ tls keyfile + Path to TLS key file (PEM format) to be used by SWAT. If no + path is specified, Samba will create a key. + + Default: none + ++ tls certfile + Path to TLS certificate file (PEM format) to be used by SWAT. If no + path is specified, Samba will create a certificate. + + Default: none + ++ tls cafile + Path to CA authority file Samba will use to sign TLS keys it generates. If + no path is specified, Samba will create a self-signed CA certificate. + + Default: none + ++ tls crlfile + Path to TLS certificate revocation lists file. + + Default: none + ++ swat directory + SWAT data directory. + + Default: set at compile-time + ++ large readwrite + Indicate the CIFS server is able to do large reads/writes. + + Default: true + ++ unicode + Enable/disable unicode support in the protocol. + + Default: true diff --git a/source4/TODO b/source4/TODO new file mode 100644 index 0000000000..5efebed1b3 --- /dev/null +++ b/source4/TODO @@ -0,0 +1,278 @@ +build/smb_build/TODO +lib/registry/TODO +lib/tdr/TODO +pidl/TODO + +- seperate adminlog mechanism (as opposed to the current DEBUG log, + which is not really aimed at administrators but more at developers) + Perhaps similar to eventlog so we can also use eventlog to retrieve the data? + +- testsuite for the 'net' tool + +- and a lot of other stuff + +Configuration options +===================== + +The following options don't exist in Samba4 yet +or are not converted by the upgrade script +or will be removed: + +- update encrypted +- public +- guest ok +- client schannel +- server schannel +- allow trusted domains +- hosts equiv +- map to guest +- algorithmic rid base +- root directory +- root dir +- root +- guest account +- enable privileges +- pam password change +- passwd program +- passwd chat debug +- passwd chat timeout +- check password script +- username map +- username level +- unix password sync +- restrict anonymous +- username +- user +- users +- invalid users +- valid users +- admin users +- read list +- write list +- printer admin +- force user +- force group +- group +- write ok +- writeable +- writable +- acl check permissions +- acl group control +- acl map full control +- create mask +- create mode +- force create mode +- security mask +- force security mode +- directory mask +- directory mode +- force directory mode +- directory security mask +- force directory security mode +- force unknown acl user +- inherit permissions +- inherit acls +- inherit owner +- guest only +- only guest +- only user +- allow hosts +- deny hosts +- preload modules +- use kerberos keytab +- syslog +- syslog only +- max log size +- debug timestamp +- timestamp logs +- debug hires timestamp +- debug pid +- debug uid +- allocation roundup size +- aio read size +- aio write size +- aio write behind +- large readwrite +- protocol +- read bmpx +- reset on zero vc +- acl compatibility +- defer sharing violations +- ea support +- nt acl support +- nt pipe support +- profile acls +- map acl inherit +- afs share +- max ttl +- client use spnego +- enable asu support +- svcctl list +- block size +- change notify timeout +- deadtime +- getwd cache +- keepalive +- kernel change notify +- lpq cache time +- max smbd processes +- max disk size +- max open files +- min print space +- strict allocate +- sync always +- use mmap +- use sendfile +- hostname lookups +- write cache size +- name cache timeout +- max reported print jobs +- load printers +- printcap cache time +- printcap name +- printcap +- printing +- cups options +- cups server +- iprint server +- print command +- disable spoolss +- enable spoolss +- lpq command +- lprm command +- lppause command +- lpresume command +- queuepause command +- queueresume command +- enumports command +- addprinter command +- deleteprinter command +- show add printer wizard +- os2 driver map +- use client driver +- default devmode +- force printername +- mangling method +- mangle prefix +- default case +- case sensitive +- casesignames +- preserve case +- short preserve case +- mangling char +- hide dot files +- hide special files +- hide unreadable +- hide unwriteable files +- delete veto files +- veto files +- hide files +- veto oplock files +- map readonly +- mangled names +- mangled map +- max stat cache size +- stat cache +- store dos attributes +- machine password timeout +- add user script +- rename user script +- delete user script +- add group script +- delete group script +- add user to group script +- delete user from group script +- set primary group script +- add machine script +- shutdown script +- abort shutdown script +- username map script +- logon script +- logon path +- logon drive +- logon home +- domain logons +- os level +- lm announce +- lm interval +- domain master +- browse list +- enhanced browsing +- wins proxy +- blocking locks +- fake oplocks +- kernel oplocks +- locking +- lock spin count +- lock spin time +- oplocks +- level2 oplocks +- oplock break wait time +- oplock contention limit +- posix locking +- share modes +- add share command +- change share command +- delete share command +- eventlog list +- utmp directory +- wtmp directory +- utmp +- default service +- default +- message command +- dfree cache time +- dfree command +- get quota command +- set quota command +- remote announce +- remote browse sync +- homedir map +- afs username map +- afs token lifetime +- log nt token command +- time offset +- NIS homedir +- preexec +- exec +- preexec close +- postexec +- root preexec +- root preexec close +- root postexec +- set directory +- wide links +- follow symlinks +- dont descend +- magic script +- magic output +- delete readonly +- dos filemode +- dos filetimes +- dos filetime resolution +- fake directory create times +- panic action +- vfs objects +- vfs object +- msdfs root +- msdfs proxy +- host msdfs +- enable rid algorithm +- passdb expand explicit +- idmap backend +- idmap uid +- winbind uid +- idmap gid +- winbind gid +- template homedir +- template shell +- winbind separator +- winbind cache time +- winbind enum users +- winbind enum groups +- winbind use default domain +- winbind trusted domains only +- winbind nested groups +- winbind max idle children +- winbind nss info + -- cgit From be050125b60028ab05dfd685291d2163c2e5903a Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 30 Sep 2008 08:42:12 -0700 Subject: - make bcast name resolution match other name resolution modules for host not found errors - when we have no resolve context return NT_STATUS_OBJECT_NAME_NOT_FOUND --- source4/libcli/resolve/bcast.c | 8 +++++++- source4/libcli/resolve/resolve.c | 2 +- 2 files changed, 8 insertions(+), 2 deletions(-) (limited to 'source4') diff --git a/source4/libcli/resolve/bcast.c b/source4/libcli/resolve/bcast.c index 2e2eb05397..ca78a2ce43 100644 --- a/source4/libcli/resolve/bcast.c +++ b/source4/libcli/resolve/bcast.c @@ -75,7 +75,13 @@ struct composite_context *resolve_name_bcast_send(TALLOC_CTX *mem_ctx, NTSTATUS resolve_name_bcast_recv(struct composite_context *c, TALLOC_CTX *mem_ctx, const char **reply_addr) { - return resolve_name_nbtlist_recv(c, mem_ctx, reply_addr); + NTSTATUS status = resolve_name_nbtlist_recv(c, mem_ctx, reply_addr); + if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) { + /* this makes much more sense for a bcast name resolution + timeout */ + status = NT_STATUS_OBJECT_NAME_NOT_FOUND; + } + return status; } /* diff --git a/source4/libcli/resolve/resolve.c b/source4/libcli/resolve/resolve.c index 2b14591d68..dbc4a2ede7 100644 --- a/source4/libcli/resolve/resolve.c +++ b/source4/libcli/resolve/resolve.c @@ -166,7 +166,7 @@ struct composite_context *resolve_name_send(struct resolve_context *ctx, state->method = ctx->methods; if (state->method == NULL) { - composite_error(c, NT_STATUS_HOST_UNREACHABLE); + composite_error(c, NT_STATUS_BAD_NETWORK_NAME); return c; } state->creq = setup_next_method(c); -- cgit From dab5d4abbce7fc54427e5eb130e36860ffa74685 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 30 Sep 2008 08:44:06 -0700 Subject: cope with NULL attr --- source4/rpc_server/lsa/lsa_init.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/rpc_server/lsa/lsa_init.c b/source4/rpc_server/lsa/lsa_init.c index a95cb10f9f..8d8417109f 100644 --- a/source4/rpc_server/lsa/lsa_init.c +++ b/source4/rpc_server/lsa/lsa_init.c @@ -199,7 +199,7 @@ NTSTATUS dcesrv_lsa_OpenPolicy2(struct dcesrv_call_state *dce_call, TALLOC_CTX * ZERO_STRUCTP(r->out.handle); - if (r->in.attr == NULL || + if (r->in.attr != NULL && r->in.attr->root_dir != NULL) { /* MS-LSAD 3.1.4.4.1 */ return NT_STATUS_INVALID_PARAMETER; @@ -217,6 +217,8 @@ NTSTATUS dcesrv_lsa_OpenPolicy2(struct dcesrv_call_state *dce_call, TALLOC_CTX * handle->data = talloc_steal(handle, state); + /* need to check the access mask against - need ACLs - fails + WSPP test */ state->access_mask = r->in.access_mask; state->handle = handle; *r->out.handle = handle->wire_handle; -- cgit From ef6fc37add1fd9164eb143c953fde0d5a9fc584a Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 30 Sep 2008 08:44:31 -0700 Subject: check call status not rpc fault code when calling to different levels of calls --- source4/rpc_server/lsa/lsa_lookup.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source4') diff --git a/source4/rpc_server/lsa/lsa_lookup.c b/source4/rpc_server/lsa/lsa_lookup.c index 7bf7d849b7..a71bd57516 100644 --- a/source4/rpc_server/lsa/lsa_lookup.c +++ b/source4/rpc_server/lsa/lsa_lookup.c @@ -649,7 +649,7 @@ NTSTATUS dcesrv_lsa_LookupSids3(struct dcesrv_call_state *dce_call, r2.out.names = r->out.names; status = dcesrv_lsa_LookupSids2(dce_call, mem_ctx, &r2); - if (dce_call->fault_code != 0) { + if (NT_STATUS_IS_ERR(status)) { return status; } @@ -682,7 +682,7 @@ NTSTATUS dcesrv_lsa_LookupSids(struct dcesrv_call_state *dce_call, TALLOC_CTX *m r2.out.names = NULL; status = dcesrv_lsa_LookupSids2(dce_call, mem_ctx, &r2); - if (dce_call->fault_code != 0) { + if (NT_STATUS_IS_ERR(status)) { return status; } @@ -836,7 +836,7 @@ NTSTATUS dcesrv_lsa_LookupNames4(struct dcesrv_call_state *dce_call, TALLOC_CTX r2.out.count = r->out.count; status = dcesrv_lsa_LookupNames3(dce_call, mem_ctx, &r2); - if (dce_call->fault_code != 0) { + if (NT_STATUS_IS_ERR(status)) { return status; } @@ -955,7 +955,7 @@ NTSTATUS dcesrv_lsa_LookupNames(struct dcesrv_call_state *dce_call, TALLOC_CTX * r2.out.count = r->out.count; status = dcesrv_lsa_LookupNames2(dce_call, mem_ctx, &r2); - if (dce_call->fault_code != 0) { + if (NT_STATUS_IS_ERR(status)) { return status; } -- cgit From ee97097783aa146b0b2f88c15f3764a420797e1a Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Tue, 30 Sep 2008 18:10:04 +0200 Subject: Use UTF8 rather than the possibly different UNIX charset. --- source4/lib/registry/tests/generic.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source4') diff --git a/source4/lib/registry/tests/generic.c b/source4/lib/registry/tests/generic.c index 6eae26bc46..2b7eb838ba 100644 --- a/source4/lib/registry/tests/generic.c +++ b/source4/lib/registry/tests/generic.c @@ -53,7 +53,7 @@ static bool test_reg_val_data_string_dword(struct torture_context *ctx) static bool test_reg_val_data_string_sz(struct torture_context *ctx) { DATA_BLOB db; - db.length = convert_string_talloc(ctx, lp_iconv_convenience(ctx->lp_ctx), CH_UNIX, CH_UTF16, + db.length = convert_string_talloc(ctx, lp_iconv_convenience(ctx->lp_ctx), CH_UTF8, CH_UTF16, "bla", 3, (void **)&db.data); torture_assert_str_equal(ctx, "bla", reg_val_data_string(ctx, lp_iconv_convenience(ctx->lp_ctx), REG_SZ, db), @@ -88,7 +88,7 @@ static bool test_reg_val_data_string_empty(struct torture_context *ctx) static bool test_reg_val_description(struct torture_context *ctx) { DATA_BLOB data; - data.length = convert_string_talloc(ctx, lp_iconv_convenience(ctx->lp_ctx), CH_UNIX, CH_UTF16, + data.length = convert_string_talloc(ctx, lp_iconv_convenience(ctx->lp_ctx), CH_UTF8, CH_UTF16, "stationary traveller", strlen("stationary traveller"), (void **)&data.data); @@ -102,7 +102,7 @@ static bool test_reg_val_description(struct torture_context *ctx) static bool test_reg_val_description_nullname(struct torture_context *ctx) { DATA_BLOB data; - data.length = convert_string_talloc(ctx, lp_iconv_convenience(ctx->lp_ctx), CH_UNIX, CH_UTF16, + data.length = convert_string_talloc(ctx, lp_iconv_convenience(ctx->lp_ctx), CH_UTF8, CH_UTF16, "west berlin", strlen("west berlin"), (void **)&data.data); -- cgit From a238f17e2785da4f11411c6a4dd20fdcb3c349b6 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 30 Sep 2008 12:33:00 -0700 Subject: Add in test name visible on the wire or in debug logs so you can see when particular tests start. Jeremy. --- source4/torture/raw/notify.c | 33 +++++++++++++++++---------------- 1 file changed, 17 insertions(+), 16 deletions(-) (limited to 'source4') diff --git a/source4/torture/raw/notify.c b/source4/torture/raw/notify.c index 25c91eb88b..14ee23158a 100644 --- a/source4/torture/raw/notify.c +++ b/source4/torture/raw/notify.c @@ -583,7 +583,8 @@ static bool test_notify_mask(struct smbcli_state *cli, struct torture_context *t notify.nttrans.in.buffer_size = 1000; notify.nttrans.in.recursive = true; -#define NOTIFY_MASK_TEST(setup, op, cleanup, Action, expected, nchanges) \ +#define NOTIFY_MASK_TEST(test_name, setup, op, cleanup, Action, expected, nchanges) \ + smbcli_unlink(cli->tree, test_name); \ do { for (mask=i=0;i<32;i++) { \ struct smbcli_request *req; \ status = smb_raw_open(cli->tree, tctx, &io); \ @@ -643,21 +644,21 @@ static bool test_notify_mask(struct smbcli_state *cli, struct torture_context *t } while (0) printf("testing mkdir\n"); - NOTIFY_MASK_TEST(;, + NOTIFY_MASK_TEST("testing mkdir",;, smbcli_mkdir(cli->tree, BASEDIR "\\tname1");, smbcli_rmdir(cli->tree, BASEDIR "\\tname1");, NOTIFY_ACTION_ADDED, FILE_NOTIFY_CHANGE_DIR_NAME, 1); printf("testing create file\n"); - NOTIFY_MASK_TEST(;, + NOTIFY_MASK_TEST("testing create file",;, smbcli_close(cli->tree, smbcli_open(cli->tree, BASEDIR "\\tname1", O_CREAT, 0));, smbcli_unlink(cli->tree, BASEDIR "\\tname1");, NOTIFY_ACTION_ADDED, FILE_NOTIFY_CHANGE_FILE_NAME, 1); printf("testing unlink\n"); - NOTIFY_MASK_TEST( + NOTIFY_MASK_TEST("testing unlink", smbcli_close(cli->tree, smbcli_open(cli->tree, BASEDIR "\\tname1", O_CREAT, 0));, smbcli_unlink(cli->tree, BASEDIR "\\tname1");, ;, @@ -665,7 +666,7 @@ static bool test_notify_mask(struct smbcli_state *cli, struct torture_context *t FILE_NOTIFY_CHANGE_FILE_NAME, 1); printf("testing rmdir\n"); - NOTIFY_MASK_TEST( + NOTIFY_MASK_TEST("testing rmdir", smbcli_mkdir(cli->tree, BASEDIR "\\tname1");, smbcli_rmdir(cli->tree, BASEDIR "\\tname1");, ;, @@ -673,7 +674,7 @@ static bool test_notify_mask(struct smbcli_state *cli, struct torture_context *t FILE_NOTIFY_CHANGE_DIR_NAME, 1); printf("testing rename file\n"); - NOTIFY_MASK_TEST( + NOTIFY_MASK_TEST("testing rename file", smbcli_close(cli->tree, smbcli_open(cli->tree, BASEDIR "\\tname1", O_CREAT, 0));, smbcli_rename(cli->tree, BASEDIR "\\tname1", BASEDIR "\\tname2");, smbcli_unlink(cli->tree, BASEDIR "\\tname2");, @@ -681,7 +682,7 @@ static bool test_notify_mask(struct smbcli_state *cli, struct torture_context *t FILE_NOTIFY_CHANGE_FILE_NAME|FILE_NOTIFY_CHANGE_ATTRIBUTES|FILE_NOTIFY_CHANGE_CREATION, 2); printf("testing rename dir\n"); - NOTIFY_MASK_TEST( + NOTIFY_MASK_TEST("testing rename dir", smbcli_mkdir(cli->tree, BASEDIR "\\tname1");, smbcli_rename(cli->tree, BASEDIR "\\tname1", BASEDIR "\\tname2");, smbcli_rmdir(cli->tree, BASEDIR "\\tname2");, @@ -689,7 +690,7 @@ static bool test_notify_mask(struct smbcli_state *cli, struct torture_context *t FILE_NOTIFY_CHANGE_DIR_NAME, 2); printf("testing set path attribute\n"); - NOTIFY_MASK_TEST( + NOTIFY_MASK_TEST("testing set path attribute", smbcli_close(cli->tree, smbcli_open(cli->tree, BASEDIR "\\tname1", O_CREAT, 0));, smbcli_setatr(cli->tree, BASEDIR "\\tname1", FILE_ATTRIBUTE_HIDDEN, 0);, smbcli_unlink(cli->tree, BASEDIR "\\tname1");, @@ -697,7 +698,7 @@ static bool test_notify_mask(struct smbcli_state *cli, struct torture_context *t FILE_NOTIFY_CHANGE_ATTRIBUTES, 1); printf("testing set path write time\n"); - NOTIFY_MASK_TEST( + NOTIFY_MASK_TEST("testing set path write time", smbcli_close(cli->tree, smbcli_open(cli->tree, BASEDIR "\\tname1", O_CREAT, 0));, smbcli_setatr(cli->tree, BASEDIR "\\tname1", FILE_ATTRIBUTE_NORMAL, 1000);, smbcli_unlink(cli->tree, BASEDIR "\\tname1");, @@ -705,7 +706,7 @@ static bool test_notify_mask(struct smbcli_state *cli, struct torture_context *t FILE_NOTIFY_CHANGE_LAST_WRITE, 1); printf("testing set file attribute\n"); - NOTIFY_MASK_TEST( + NOTIFY_MASK_TEST("testing set file attribute", fnum2 = create_complex_file(cli, tctx, BASEDIR "\\tname1");, smbcli_fsetatr(cli->tree, fnum2, FILE_ATTRIBUTE_HIDDEN, 0, 0, 0, 0);, (smbcli_close(cli->tree, fnum2), smbcli_unlink(cli->tree, BASEDIR "\\tname1"));, @@ -718,7 +719,7 @@ static bool test_notify_mask(struct smbcli_state *cli, struct torture_context *t } else { printf("testing set file create time\n"); - NOTIFY_MASK_TEST( + NOTIFY_MASK_TEST("testing set file create time", fnum2 = create_complex_file(cli, tctx, BASEDIR "\\tname1");, smbcli_fsetatr(cli->tree, fnum2, 0, t, 0, 0, 0);, @@ -729,7 +730,7 @@ static bool test_notify_mask(struct smbcli_state *cli, struct torture_context *t } printf("testing set file access time\n"); - NOTIFY_MASK_TEST( + NOTIFY_MASK_TEST("testing set file access time", fnum2 = create_complex_file(cli, tctx, BASEDIR "\\tname1");, smbcli_fsetatr(cli->tree, fnum2, 0, 0, t, 0, 0);, (smbcli_close(cli->tree, fnum2), smbcli_unlink(cli->tree, BASEDIR "\\tname1"));, @@ -737,7 +738,7 @@ static bool test_notify_mask(struct smbcli_state *cli, struct torture_context *t FILE_NOTIFY_CHANGE_LAST_ACCESS, 1); printf("testing set file write time\n"); - NOTIFY_MASK_TEST( + NOTIFY_MASK_TEST("testing set file write time", fnum2 = create_complex_file(cli, tctx, BASEDIR "\\tname1");, smbcli_fsetatr(cli->tree, fnum2, 0, 0, 0, t, 0);, (smbcli_close(cli->tree, fnum2), smbcli_unlink(cli->tree, BASEDIR "\\tname1"));, @@ -745,7 +746,7 @@ static bool test_notify_mask(struct smbcli_state *cli, struct torture_context *t FILE_NOTIFY_CHANGE_LAST_WRITE, 1); printf("testing set file change time\n"); - NOTIFY_MASK_TEST( + NOTIFY_MASK_TEST("testing set file change time", fnum2 = create_complex_file(cli, tctx, BASEDIR "\\tname1");, smbcli_fsetatr(cli->tree, fnum2, 0, 0, 0, 0, t);, (smbcli_close(cli->tree, fnum2), smbcli_unlink(cli->tree, BASEDIR "\\tname1"));, @@ -754,7 +755,7 @@ static bool test_notify_mask(struct smbcli_state *cli, struct torture_context *t printf("testing write\n"); - NOTIFY_MASK_TEST( + NOTIFY_MASK_TEST("testing write", fnum2 = create_complex_file(cli, tctx, BASEDIR "\\tname1");, smbcli_write(cli->tree, fnum2, 1, &c, 10000, 1);, (smbcli_close(cli->tree, fnum2), smbcli_unlink(cli->tree, BASEDIR "\\tname1"));, @@ -762,7 +763,7 @@ static bool test_notify_mask(struct smbcli_state *cli, struct torture_context *t 0, 1); printf("testing truncate\n"); - NOTIFY_MASK_TEST( + NOTIFY_MASK_TEST("testing truncate", fnum2 = create_complex_file(cli, tctx, BASEDIR "\\tname1");, smbcli_ftruncate(cli->tree, fnum2, 10000);, (smbcli_close(cli->tree, fnum2), smbcli_unlink(cli->tree, BASEDIR "\\tname1"));, -- cgit From 687ce0b60a3913b0f2eca2365a5ab56e78523ab5 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 30 Sep 2008 12:44:24 -0700 Subject: Use a getatr instead to make things cleaner. Jeremy. --- source4/torture/raw/notify.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'source4') diff --git a/source4/torture/raw/notify.c b/source4/torture/raw/notify.c index 14ee23158a..d7541b7c71 100644 --- a/source4/torture/raw/notify.c +++ b/source4/torture/raw/notify.c @@ -584,7 +584,8 @@ static bool test_notify_mask(struct smbcli_state *cli, struct torture_context *t notify.nttrans.in.recursive = true; #define NOTIFY_MASK_TEST(test_name, setup, op, cleanup, Action, expected, nchanges) \ - smbcli_unlink(cli->tree, test_name); \ + do { \ + smbcli_getatr(cli->tree, test_name, NULL, NULL, NULL); \ do { for (mask=i=0;i<32;i++) { \ struct smbcli_request *req; \ status = smb_raw_open(cli->tree, tctx, &io); \ @@ -641,7 +642,8 @@ static bool test_notify_mask(struct smbcli_state *cli, struct torture_context *t mask, expected); \ } \ } \ - } while (0) + } while (0); \ + } while (0); printf("testing mkdir\n"); NOTIFY_MASK_TEST("testing mkdir",;, -- cgit From 69fe3a5ddd6af872bc686ff2161b9b6a5e5c62a2 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 30 Sep 2008 13:42:30 -0700 Subject: fixed a number of places in our LSA server where we should return the sid/name array even when all are unmapped. If we don't fill in the array then the windows client runtime crashes --- source4/librpc/idl/lsa.idl | 2 +- source4/rpc_server/lsa/lsa_lookup.c | 24 +++++++++++++----------- 2 files changed, 14 insertions(+), 12 deletions(-) (limited to 'source4') diff --git a/source4/librpc/idl/lsa.idl b/source4/librpc/idl/lsa.idl index eed713f71c..e1c4499022 100644 --- a/source4/librpc/idl/lsa.idl +++ b/source4/librpc/idl/lsa.idl @@ -1052,7 +1052,7 @@ import "misc.idl", "security.idl"; lsa_SidType sid_type; dom_sid2 *sid; uint32 sid_index; - uint32 unknown; + uint32 flags; } lsa_TranslatedSid3; typedef struct { diff --git a/source4/rpc_server/lsa/lsa_lookup.c b/source4/rpc_server/lsa/lsa_lookup.c index a71bd57516..0ffb0572ee 100644 --- a/source4/rpc_server/lsa/lsa_lookup.c +++ b/source4/rpc_server/lsa/lsa_lookup.c @@ -620,6 +620,8 @@ NTSTATUS dcesrv_lsa_LookupSids3(struct dcesrv_call_state *dce_call, NTSTATUS status; struct dcesrv_handle *h; + ZERO_STRUCT(r2); + /* No policy handle on the wire, so make one up here */ r2.in.handle = talloc(mem_ctx, struct policy_handle); if (!r2.in.handle) { @@ -649,9 +651,6 @@ NTSTATUS dcesrv_lsa_LookupSids3(struct dcesrv_call_state *dce_call, r2.out.names = r->out.names; status = dcesrv_lsa_LookupSids2(dce_call, mem_ctx, &r2); - if (NT_STATUS_IS_ERR(status)) { - return status; - } r->out.domains = r2.out.domains; r->out.names = r2.out.names; @@ -671,6 +670,8 @@ NTSTATUS dcesrv_lsa_LookupSids(struct dcesrv_call_state *dce_call, TALLOC_CTX *m NTSTATUS status; int i; + ZERO_STRUCT(r2); + r2.in.handle = r->in.handle; r2.in.sids = r->in.sids; r2.in.names = NULL; @@ -761,7 +762,7 @@ NTSTATUS dcesrv_lsa_LookupNames3(struct dcesrv_call_state *dce_call, r->out.sids->sids[i].sid_type = SID_NAME_UNKNOWN; r->out.sids->sids[i].sid = NULL; r->out.sids->sids[i].sid_index = 0xFFFFFFFF; - r->out.sids->sids[i].unknown = 0; + r->out.sids->sids[i].flags = 0; status2 = dcesrv_lsa_lookup_name(dce_call->event_ctx, lp_ctx, policy_state, mem_ctx, name, &authority_name, &sid, &rtype); if (!NT_STATUS_IS_OK(status2) || sid->num_auths == 0) { @@ -771,13 +772,13 @@ NTSTATUS dcesrv_lsa_LookupNames3(struct dcesrv_call_state *dce_call, status2 = dcesrv_lsa_authority_list(policy_state, mem_ctx, rtype, authority_name, sid, r->out.domains, &sid_index); if (!NT_STATUS_IS_OK(status2)) { - return status2; + continue; } r->out.sids->sids[i].sid_type = rtype; r->out.sids->sids[i].sid = sid; r->out.sids->sids[i].sid_index = sid_index; - r->out.sids->sids[i].unknown = 0; + r->out.sids->sids[i].flags = 0; (*r->out.count)++; } @@ -806,6 +807,8 @@ NTSTATUS dcesrv_lsa_LookupNames4(struct dcesrv_call_state *dce_call, TALLOC_CTX NTSTATUS status; struct dcesrv_handle *h; + ZERO_STRUCT(r2); + /* No policy handle on the wire, so make one up here */ r2.in.handle = talloc(mem_ctx, struct policy_handle); if (!r2.in.handle) { @@ -836,9 +839,6 @@ NTSTATUS dcesrv_lsa_LookupNames4(struct dcesrv_call_state *dce_call, TALLOC_CTX r2.out.count = r->out.count; status = dcesrv_lsa_LookupNames3(dce_call, mem_ctx, &r2); - if (NT_STATUS_IS_ERR(status)) { - return status; - } r->out.domains = r2.out.domains; r->out.sids = r2.out.sids; @@ -913,7 +913,7 @@ NTSTATUS dcesrv_lsa_LookupNames2(struct dcesrv_call_state *dce_call, status2 = dcesrv_lsa_authority_list(state, mem_ctx, rtype, authority_name, sid, r->out.domains, &sid_index); if (!NT_STATUS_IS_OK(status2)) { - return status2; + continue; } r->out.sids->sids[i].sid_type = rtype; @@ -944,6 +944,8 @@ NTSTATUS dcesrv_lsa_LookupNames(struct dcesrv_call_state *dce_call, TALLOC_CTX * NTSTATUS status; int i; + ZERO_STRUCT(r2); + r2.in.handle = r->in.handle; r2.in.num_names = r->in.num_names; r2.in.names = r->in.names; @@ -955,7 +957,7 @@ NTSTATUS dcesrv_lsa_LookupNames(struct dcesrv_call_state *dce_call, TALLOC_CTX * r2.out.count = r->out.count; status = dcesrv_lsa_LookupNames2(dce_call, mem_ctx, &r2); - if (NT_STATUS_IS_ERR(status)) { + if (r2.out.sids == NULL) { return status; } -- cgit From 2c978bbfa92b7fe29c17e40ad6d8059814b78399 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 30 Sep 2008 13:57:23 -0700 Subject: handle NULL strings in strchr_m() and strrchr_m() This is needed for the LSA server code which needs to cope with a NULL names passed to lsa_LookupNames3() --- source4/lib/charset/util_unistr.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'source4') diff --git a/source4/lib/charset/util_unistr.c b/source4/lib/charset/util_unistr.c index a8ff88423a..5f3b2c53f1 100644 --- a/source4/lib/charset/util_unistr.c +++ b/source4/lib/charset/util_unistr.c @@ -386,6 +386,9 @@ _PUBLIC_ size_t strlen_m_term(const char *s) **/ _PUBLIC_ char *strchr_m(const char *s, char c) { + if (s == NULL) { + return NULL; + } /* characters below 0x3F are guaranteed to not appear in non-initial position in multi-byte charsets */ if ((c & 0xC0) == 0) { @@ -411,6 +414,10 @@ _PUBLIC_ char *strrchr_m(const char *s, char c) { char *ret = NULL; + if (s == NULL) { + return NULL; + } + /* characters below 0x3F are guaranteed to not appear in non-initial position in multi-byte charsets */ if ((c & 0xC0) == 0) { -- cgit From 14378d7c4cfff171e7c005c210abe253a2d7dea3 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 30 Sep 2008 14:03:01 -0700 Subject: add a test for a LSA lookupnames with a NULL string --- source4/torture/rpc/lsa.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'source4') diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c index af5ee4f6e1..45f67afd69 100644 --- a/source4/torture/rpc/lsa.c +++ b/source4/torture/rpc/lsa.c @@ -222,12 +222,13 @@ static bool test_LookupNames_bogus(struct dcerpc_pipe *p, NTSTATUS status; int i; - struct lsa_TranslatedName name; + struct lsa_TranslatedName name[2]; struct lsa_TransNameArray tnames; - tnames.names = &name; - tnames.count = 1; - name.name.string = "NT AUTHORITY\\BOGUS"; + tnames.names = name; + tnames.count = 2; + name[0].name.string = "NT AUTHORITY\\BOGUS"; + name[1].name.string = NULL; printf("\nTesting LookupNames with bogus names\n"); -- cgit From af1c802791e3c9f54220d8c80c3de79ef422d726 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 2 Oct 2008 08:09:25 +0200 Subject: The IRIX compiler does not like embedded unnamed unions --- source4/cldap_server/netlogon.c | 80 ++++++++++++++++----------------- source4/libnet/libnet_become_dc.c | 2 +- source4/libnet/libnet_site.c | 5 ++- source4/libnet/libnet_unbecome_dc.c | 2 +- source4/nbt_server/dgram/netlogon.c | 4 +- source4/nbt_server/irpc.c | 9 ++-- source4/torture/ldap/cldap.c | 88 ++++++++++++++++++------------------- source4/torture/nbt/dgram.c | 42 +++++++++--------- source4/torture/rpc/dssync.c | 6 +-- 9 files changed, 120 insertions(+), 118 deletions(-) (limited to 'source4') diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index 7dccd81fad..aac74f5d77 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -331,68 +331,68 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, /* could check if the user exists */ if (user_known) { - netlogon->nt5_ex.command = LOGON_SAM_LOGON_RESPONSE_EX; + netlogon->data.nt5_ex.command = LOGON_SAM_LOGON_RESPONSE_EX; } else { - netlogon->nt5_ex.command = LOGON_SAM_LOGON_USER_UNKNOWN_EX; + netlogon->data.nt5_ex.command = LOGON_SAM_LOGON_USER_UNKNOWN_EX; } - netlogon->nt5_ex.server_type = server_type; - netlogon->nt5_ex.domain_uuid = domain_uuid; - netlogon->nt5_ex.forest = realm; - netlogon->nt5_ex.dns_domain = dns_domain; - netlogon->nt5_ex.pdc_dns_name = pdc_dns_name; - netlogon->nt5_ex.domain = flatname; - netlogon->nt5_ex.pdc_name = lp_netbios_name(lp_ctx); - netlogon->nt5_ex.user_name = user; - netlogon->nt5_ex.server_site = server_site; - netlogon->nt5_ex.client_site = client_site; + netlogon->data.nt5_ex.server_type = server_type; + netlogon->data.nt5_ex.domain_uuid = domain_uuid; + netlogon->data.nt5_ex.forest = realm; + netlogon->data.nt5_ex.dns_domain = dns_domain; + netlogon->data.nt5_ex.pdc_dns_name = pdc_dns_name; + netlogon->data.nt5_ex.domain = flatname; + netlogon->data.nt5_ex.pdc_name = lp_netbios_name(lp_ctx); + netlogon->data.nt5_ex.user_name = user; + netlogon->data.nt5_ex.server_site = server_site; + netlogon->data.nt5_ex.client_site = client_site; if (version & NETLOGON_NT_VERSION_5EX_WITH_IP) { /* Clearly this needs to be fixed up for IPv6 */ extra_flags = NETLOGON_NT_VERSION_5EX_WITH_IP; - netlogon->nt5_ex.sockaddr.sa_family = 2; - netlogon->nt5_ex.sockaddr.pdc_ip = pdc_ip; - netlogon->nt5_ex.sockaddr.remaining = data_blob_talloc_zero(mem_ctx, 8); + netlogon->data.nt5_ex.sockaddr.sa_family = 2; + netlogon->data.nt5_ex.sockaddr.pdc_ip = pdc_ip; + netlogon->data.nt5_ex.sockaddr.remaining = data_blob_talloc_zero(mem_ctx, 8); } - netlogon->nt5_ex.nt_version = NETLOGON_NT_VERSION_1|NETLOGON_NT_VERSION_5EX|extra_flags; - netlogon->nt5_ex.lmnt_token = 0xFFFF; - netlogon->nt5_ex.lm20_token = 0xFFFF; + netlogon->data.nt5_ex.nt_version = NETLOGON_NT_VERSION_1|NETLOGON_NT_VERSION_5EX|extra_flags; + netlogon->data.nt5_ex.lmnt_token = 0xFFFF; + netlogon->data.nt5_ex.lm20_token = 0xFFFF; } else if (version & NETLOGON_NT_VERSION_5) { netlogon->ntver = NETLOGON_NT_VERSION_5; /* could check if the user exists */ if (user_known) { - netlogon->nt5.command = LOGON_SAM_LOGON_RESPONSE; + netlogon->data.nt5.command = LOGON_SAM_LOGON_RESPONSE; } else { - netlogon->nt5.command = LOGON_SAM_LOGON_USER_UNKNOWN; + netlogon->data.nt5.command = LOGON_SAM_LOGON_USER_UNKNOWN; } - netlogon->nt5.pdc_name = pdc_name; - netlogon->nt5.user_name = user; - netlogon->nt5.domain_name = flatname; - netlogon->nt5.domain_uuid = domain_uuid; - netlogon->nt5.forest = realm; - netlogon->nt5.dns_domain = dns_domain; - netlogon->nt5.pdc_dns_name = pdc_dns_name; - netlogon->nt5.pdc_ip = pdc_ip; - netlogon->nt5.server_type = server_type; - netlogon->nt5.nt_version = NETLOGON_NT_VERSION_1|NETLOGON_NT_VERSION_5; - netlogon->nt5.lmnt_token = 0xFFFF; - netlogon->nt5.lm20_token = 0xFFFF; + netlogon->data.nt5.pdc_name = pdc_name; + netlogon->data.nt5.user_name = user; + netlogon->data.nt5.domain_name = flatname; + netlogon->data.nt5.domain_uuid = domain_uuid; + netlogon->data.nt5.forest = realm; + netlogon->data.nt5.dns_domain = dns_domain; + netlogon->data.nt5.pdc_dns_name = pdc_dns_name; + netlogon->data.nt5.pdc_ip = pdc_ip; + netlogon->data.nt5.server_type = server_type; + netlogon->data.nt5.nt_version = NETLOGON_NT_VERSION_1|NETLOGON_NT_VERSION_5; + netlogon->data.nt5.lmnt_token = 0xFFFF; + netlogon->data.nt5.lm20_token = 0xFFFF; } else /* (version & NETLOGON_NT_VERSION_1) and all other cases */ { netlogon->ntver = NETLOGON_NT_VERSION_1; /* could check if the user exists */ if (user_known) { - netlogon->nt4.command = LOGON_SAM_LOGON_RESPONSE; + netlogon->data.nt4.command = LOGON_SAM_LOGON_RESPONSE; } else { - netlogon->nt4.command = LOGON_SAM_LOGON_USER_UNKNOWN; + netlogon->data.nt4.command = LOGON_SAM_LOGON_USER_UNKNOWN; } - netlogon->nt4.server = pdc_name; - netlogon->nt4.user_name = user; - netlogon->nt4.domain = flatname; - netlogon->nt4.nt_version = NETLOGON_NT_VERSION_1; - netlogon->nt4.lmnt_token = 0xFFFF; - netlogon->nt4.lm20_token = 0xFFFF; + netlogon->data.nt4.server = pdc_name; + netlogon->data.nt4.user_name = user; + netlogon->data.nt4.domain = flatname; + netlogon->data.nt4.nt_version = NETLOGON_NT_VERSION_1; + netlogon->data.nt4.lmnt_token = 0xFFFF; + netlogon->data.nt4.lm20_token = 0xFFFF; } return NT_STATUS_OK; diff --git a/source4/libnet/libnet_become_dc.c b/source4/libnet/libnet_become_dc.c index b9071d5eb1..4cbebbf6d0 100644 --- a/source4/libnet/libnet_become_dc.c +++ b/source4/libnet/libnet_become_dc.c @@ -770,7 +770,7 @@ static void becomeDC_recv_cldap(struct cldap_request *req) c->status = cldap_netlogon_recv(req, s, &s->cldap.io); if (!composite_is_ok(c)) return; - s->cldap.netlogon = s->cldap.io.out.netlogon.nt5_ex; + s->cldap.netlogon = s->cldap.io.out.netlogon.data.nt5_ex; s->domain.dns_name = s->cldap.netlogon.dns_domain; s->domain.netbios_name = s->cldap.netlogon.domain; diff --git a/source4/libnet/libnet_site.c b/source4/libnet/libnet_site.c index 5647a93b8d..4a32ab92ed 100644 --- a/source4/libnet/libnet_site.c +++ b/source4/libnet/libnet_site.c @@ -58,7 +58,8 @@ NTSTATUS libnet_FindSite(TALLOC_CTX *ctx, struct libnet_context *lctx, struct li cldap = cldap_socket_init(tmp_ctx, lctx->event_ctx, lp_iconv_convenience(lctx->lp_ctx)); status = cldap_netlogon(cldap, tmp_ctx, &search); - if (!NT_STATUS_IS_OK(status) || !search.out.netlogon.nt5_ex.client_site) { + if (!NT_STATUS_IS_OK(status) + || !search.out.netlogon.data.nt5_ex.client_site) { /* If cldap_netlogon() returns in error, default to using Default-First-Site-Name. @@ -72,7 +73,7 @@ NTSTATUS libnet_FindSite(TALLOC_CTX *ctx, struct libnet_context *lctx, struct li } } else { site_name_str = talloc_asprintf(tmp_ctx, "%s", - search.out.netlogon.nt5_ex.client_site); + search.out.netlogon.data.nt5_ex.client_site); if (!site_name_str) { r->out.error_string = NULL; talloc_free(tmp_ctx); diff --git a/source4/libnet/libnet_unbecome_dc.c b/source4/libnet/libnet_unbecome_dc.c index 4eeaf1b80c..3a9a5cebd8 100644 --- a/source4/libnet/libnet_unbecome_dc.c +++ b/source4/libnet/libnet_unbecome_dc.c @@ -289,7 +289,7 @@ static void unbecomeDC_recv_cldap(struct cldap_request *req) c->status = cldap_netlogon_recv(req, s, &s->cldap.io); if (!composite_is_ok(c)) return; - s->cldap.netlogon = s->cldap.io.out.netlogon.nt5_ex; + s->cldap.netlogon = s->cldap.io.out.netlogon.data.nt5_ex; s->domain.dns_name = s->cldap.netlogon.dns_domain; s->domain.netbios_name = s->cldap.netlogon.domain; diff --git a/source4/nbt_server/dgram/netlogon.c b/source4/nbt_server/dgram/netlogon.c index 5e95270b7d..1bc3e2b62f 100644 --- a/source4/nbt_server/dgram/netlogon.c +++ b/source4/nbt_server/dgram/netlogon.c @@ -77,7 +77,7 @@ static void nbtd_netlogon_getdc(struct dgram_mailslot_handler *dgmslot, /* setup a GETDC reply */ ZERO_STRUCT(netlogon_response); netlogon_response.response_type = NETLOGON_GET_PDC; - pdc = &netlogon_response.get_pdc; + pdc = &netlogon_response.data.get_pdc; pdc->command = NETLOGON_RESPONSE_FROM_PDC; pdc->pdc_name = lp_netbios_name(iface->nbtsrv->task->lp_ctx); @@ -132,7 +132,7 @@ static void nbtd_netlogon_samlogon(struct dgram_mailslot_handler *dgmslot, status = fill_netlogon_samlogon_response(samctx, packet, NULL, name->name, sid, NULL, netlogon->req.logon.user_name, netlogon->req.logon.acct_control, src->addr, - netlogon->req.logon.nt_version, iface->nbtsrv->task->lp_ctx, &netlogon_response.samlogon); + netlogon->req.logon.nt_version, iface->nbtsrv->task->lp_ctx, &netlogon_response.data.samlogon); if (!NT_STATUS_IS_OK(status)) { DEBUG(2,("NBT netlogon query failed domain=%s sid=%s version=%d - %s\n", name->name, dom_sid_string(packet, sid), netlogon->req.logon.nt_version, nt_errstr(status))); diff --git a/source4/nbt_server/irpc.c b/source4/nbt_server/irpc.c index 8f1f74afcf..fc61372ead 100644 --- a/source4/nbt_server/irpc.c +++ b/source4/nbt_server/irpc.c @@ -79,16 +79,17 @@ static void getdc_recv_netlogon_reply(struct dgram_mailslot_handler *dgmslot, /* We asked for version 1 only */ if (netlogon.response_type == NETLOGON_SAMLOGON - && netlogon.samlogon.ntver != NETLOGON_NT_VERSION_1) { + && netlogon.data.samlogon.ntver != NETLOGON_NT_VERSION_1) { status = NT_STATUS_INVALID_NETWORK_RESPONSE; goto done; } - p = netlogon.samlogon.nt4.server; + p = netlogon.data.samlogon.data.nt4.server; DEBUG(10, ("NTLOGON_SAM_LOGON_REPLY: server: %s, user: %s, " - "domain: %s\n", p, netlogon.samlogon.nt4.user_name, - netlogon.samlogon.nt4.domain)); + "domain: %s\n", p, + netlogon.data.samlogon.data.nt4.user_name, + netlogon.data.samlogon.data.nt4.domain)); if (*p == '\\') p += 1; if (*p == '\\') p += 1; diff --git a/source4/torture/ldap/cldap.c b/source4/torture/ldap/cldap.c index 3730193c86..23b0554c4f 100644 --- a/source4/torture/ldap/cldap.c +++ b/source4/torture/ldap/cldap.c @@ -64,7 +64,7 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) n1 = search.out.netlogon; search.in.user = "Administrator"; - search.in.realm = n1.nt5_ex.dns_domain; + search.in.realm = n1.data.nt5_ex.dns_domain; search.in.host = "__cldap_torture__"; printf("Scanning for netlogon levels\n"); @@ -93,8 +93,8 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) search.in.user = NULL; status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_STRING(search.out.netlogon.nt5_ex.user_name, ""); - CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); + CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, ""); + CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); printf("Trying with User=Administrator\n"); @@ -102,8 +102,8 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_STRING(search.out.netlogon.nt5_ex.user_name, search.in.user); - CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX); + CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user); + CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX); search.in.version = NETLOGON_NT_VERSION_5; status = cldap_netlogon(cldap, tctx, &search); @@ -114,8 +114,8 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) search.in.user = NULL; status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_STRING(search.out.netlogon.nt5_ex.user_name, ""); - CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE); + CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, ""); + CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE); printf("Trying with User=Administrator\n"); @@ -123,18 +123,18 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_STRING(search.out.netlogon.nt5_ex.user_name, search.in.user); - CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN); + CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user); + CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN); search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX; printf("Trying with a GUID\n"); search.in.realm = NULL; - search.in.domain_guid = GUID_string(tctx, &n1.nt5_ex.domain_uuid); + search.in.domain_guid = GUID_string(tctx, &n1.data.nt5_ex.domain_uuid); status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX); - CHECK_STRING(GUID_string(tctx, &search.out.netlogon.nt5_ex.domain_uuid), search.in.domain_guid); + CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX); + CHECK_STRING(GUID_string(tctx, &search.out.netlogon.data.nt5_ex.domain_uuid), search.in.domain_guid); printf("Trying with a incorrect GUID\n"); guid = GUID_random(); @@ -145,53 +145,53 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) printf("Trying with a AAC\n"); search.in.acct_control = ACB_WSTRUST|ACB_SVRTRUST; - search.in.realm = n1.nt5_ex.dns_domain; + search.in.realm = n1.data.nt5_ex.dns_domain; status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); - CHECK_STRING(search.out.netlogon.nt5_ex.user_name, ""); + CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); + CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, ""); printf("Trying with a zero AAC\n"); search.in.acct_control = 0x0; - search.in.realm = n1.nt5_ex.dns_domain; + search.in.realm = n1.data.nt5_ex.dns_domain; status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); - CHECK_STRING(search.out.netlogon.nt5_ex.user_name, ""); + CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); + CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, ""); printf("Trying with a zero AAC and user=Administrator\n"); search.in.acct_control = 0x0; search.in.user = "Administrator"; - search.in.realm = n1.nt5_ex.dns_domain; + search.in.realm = n1.data.nt5_ex.dns_domain; status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX); - CHECK_STRING(search.out.netlogon.nt5_ex.user_name, "Administrator"); + CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX); + CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "Administrator"); printf("Trying with a bad AAC\n"); search.in.user = NULL; search.in.acct_control = 0xFF00FF00; - search.in.realm = n1.nt5_ex.dns_domain; + search.in.realm = n1.data.nt5_ex.dns_domain; status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); - CHECK_STRING(search.out.netlogon.nt5_ex.user_name, ""); + CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); + CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, ""); printf("Trying with a user only\n"); search = empty_search; search.in.user = "Administrator"; status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_STRING(search.out.netlogon.nt5_ex.dns_domain, n1.nt5_ex.dns_domain); - CHECK_STRING(search.out.netlogon.nt5_ex.user_name, search.in.user); + CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain); + CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user); printf("Trying with just a bad username\n"); search.in.user = "___no_such_user___"; status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_STRING(search.out.netlogon.nt5_ex.user_name, search.in.user); - CHECK_STRING(search.out.netlogon.nt5_ex.dns_domain, n1.nt5_ex.dns_domain); - CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX); + CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user); + CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain); + CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX); printf("Trying with just a bad domain\n"); search = empty_search; @@ -200,29 +200,29 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) CHECK_STATUS(status, NT_STATUS_NOT_FOUND); printf("Trying with a incorrect domain and correct guid\n"); - search.in.domain_guid = GUID_string(tctx, &n1.nt5_ex.domain_uuid); + search.in.domain_guid = GUID_string(tctx, &n1.data.nt5_ex.domain_uuid); status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_STRING(search.out.netlogon.nt5_ex.dns_domain, n1.nt5_ex.dns_domain); - CHECK_STRING(search.out.netlogon.nt5_ex.user_name, ""); - CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); + CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain); + CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, ""); + CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); printf("Trying with a incorrect domain and incorrect guid\n"); search.in.domain_guid = GUID_string(tctx, &guid); status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_NOT_FOUND); - CHECK_STRING(search.out.netlogon.nt5_ex.dns_domain, n1.nt5_ex.dns_domain); - CHECK_STRING(search.out.netlogon.nt5_ex.user_name, ""); - CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); + CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain); + CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, ""); + CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); printf("Trying with a incorrect GUID and correct domain\n"); search.in.domain_guid = GUID_string(tctx, &guid); - search.in.realm = n1.nt5_ex.dns_domain; + search.in.realm = n1.data.nt5_ex.dns_domain; status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_STRING(search.out.netlogon.nt5_ex.dns_domain, n1.nt5_ex.dns_domain); - CHECK_STRING(search.out.netlogon.nt5_ex.user_name, ""); - CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); + CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain); + CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, ""); + CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); return true; } @@ -255,9 +255,9 @@ static bool test_cldap_netlogon_flags(struct torture_context *tctx, n1 = search.out.netlogon; if (n1.ntver == NETLOGON_NT_VERSION_5) - server_type = n1.nt5.server_type; + server_type = n1.data.nt5.server_type; else if (n1.ntver == NETLOGON_NT_VERSION_5EX) - server_type = n1.nt5_ex.server_type; + server_type = n1.data.nt5_ex.server_type; printf("The word is: %i\n", server_type); if (server_type & NBT_SERVER_PDC) @@ -366,9 +366,9 @@ static bool test_cldap_netlogon_flag_ds_dns_forest(struct torture_context *tctx, n1 = search.out.netlogon; if (n1.ntver == NETLOGON_NT_VERSION_5) - server_type = n1.nt5.server_type; + server_type = n1.data.nt5.server_type; else if (n1.ntver == NETLOGON_NT_VERSION_5EX) - server_type = n1.nt5_ex.server_type; + server_type = n1.data.nt5_ex.server_type; if (server_type & NBT_SERVER_DS_DNS_FOREST) { struct cldap_search search2; diff --git a/source4/torture/nbt/dgram.c b/source4/torture/nbt/dgram.c index eac2b1fe30..5d26d65e0c 100644 --- a/source4/torture/nbt/dgram.c +++ b/source4/torture/nbt/dgram.c @@ -148,7 +148,7 @@ static bool nbt_test_netlogon(struct torture_context *tctx) torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet"); torture_assert(tctx, response->response_type == NETLOGON_GET_PDC, "Got incorrect type of netlogon response"); - torture_assert(tctx, response->get_pdc.command == NETLOGON_RESPONSE_FROM_PDC, "Got incorrect netlogon response command"); + torture_assert(tctx, response->data.get_pdc.command == NETLOGON_RESPONSE_FROM_PDC, "Got incorrect netlogon response command"); return true; } @@ -243,10 +243,10 @@ static bool nbt_test_netlogon2(struct torture_context *tctx) torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet"); torture_assert_int_equal(tctx, response->response_type, NETLOGON_SAMLOGON, "Got incorrect type of netlogon response"); - map_netlogon_samlogon_response(&response->samlogon); + map_netlogon_samlogon_response(&response->data.samlogon); - torture_assert_int_equal(tctx, response->samlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX, "Got incorrect netlogon response command"); - torture_assert_int_equal(tctx, response->samlogon.nt5_ex.nt_version, NETLOGON_NT_VERSION_5EX_WITH_IP|NETLOGON_NT_VERSION_5EX|NETLOGON_NT_VERSION_1, "Got incorrect netlogon response command"); + torture_assert_int_equal(tctx, response->data.samlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX, "Got incorrect netlogon response command"); + torture_assert_int_equal(tctx, response->data.samlogon.data.nt5_ex.nt_version, NETLOGON_NT_VERSION_5EX_WITH_IP|NETLOGON_NT_VERSION_5EX|NETLOGON_NT_VERSION_1, "Got incorrect netlogon response command"); /* setup (another) temporary mailslot listener for replies */ dgmslot = dgram_mailslot_temp(dgmsock, NBT_MAILSLOT_GETDC, @@ -282,11 +282,11 @@ static bool nbt_test_netlogon2(struct torture_context *tctx) torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet"); torture_assert_int_equal(tctx, response->response_type, NETLOGON_SAMLOGON, "Got incorrect type of netlogon response"); - map_netlogon_samlogon_response(&response->samlogon); + map_netlogon_samlogon_response(&response->data.samlogon); - torture_assert_int_equal(tctx, response->samlogon.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN, "Got incorrect netlogon response command"); + torture_assert_int_equal(tctx, response->data.samlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN, "Got incorrect netlogon response command"); - torture_assert_str_equal(tctx, response->samlogon.nt5_ex.user_name, TEST_NAME"$", "Got incorrect user in netlogon response"); + torture_assert_str_equal(tctx, response->data.samlogon.data.nt5_ex.user_name, TEST_NAME"$", "Got incorrect user in netlogon response"); join_ctx = torture_join_domain(tctx, TEST_NAME, ACB_WSTRUST, &machine_credentials); @@ -333,9 +333,9 @@ static bool nbt_test_netlogon2(struct torture_context *tctx) torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet"); torture_assert_int_equal(tctx, response->response_type, NETLOGON_SAMLOGON, "Got incorrect type of netlogon response"); - map_netlogon_samlogon_response(&response->samlogon); + map_netlogon_samlogon_response(&response->data.samlogon); - torture_assert_int_equal(tctx, response->samlogon.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN, "Got incorrect netlogon response command"); + torture_assert_int_equal(tctx, response->data.samlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN, "Got incorrect netlogon response command"); /* setup (another) temporary mailslot listener for replies */ dgmslot = dgram_mailslot_temp(dgmsock, NBT_MAILSLOT_GETDC, @@ -374,9 +374,9 @@ static bool nbt_test_netlogon2(struct torture_context *tctx) torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet"); torture_assert_int_equal(tctx, response->response_type, NETLOGON_SAMLOGON, "Got incorrect type of netlogon response"); - map_netlogon_samlogon_response(&response->samlogon); + map_netlogon_samlogon_response(&response->data.samlogon); - torture_assert_int_equal(tctx, response->samlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE, "Got incorrect netlogon response command"); + torture_assert_int_equal(tctx, response->data.samlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE, "Got incorrect netlogon response command"); dgmslot->private = NULL; @@ -413,9 +413,9 @@ static bool nbt_test_netlogon2(struct torture_context *tctx) torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet"); torture_assert_int_equal(tctx, response->response_type, NETLOGON_SAMLOGON, "Got incorrect type of netlogon response"); - map_netlogon_samlogon_response(&response->samlogon); + map_netlogon_samlogon_response(&response->data.samlogon); - torture_assert_int_equal(tctx, response->samlogon.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN, "Got incorrect netlogon response command"); + torture_assert_int_equal(tctx, response->data.samlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN, "Got incorrect netlogon response command"); torture_leave_domain(tctx, join_ctx); return true; @@ -522,11 +522,11 @@ static bool nbt_test_ntlogon(struct torture_context *tctx) torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet"); torture_assert_int_equal(tctx, response->response_type, NETLOGON_SAMLOGON, "Got incorrect type of netlogon response"); - map_netlogon_samlogon_response(&response->samlogon); + map_netlogon_samlogon_response(&response->data.samlogon); - torture_assert_int_equal(tctx, response->samlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE, "Got incorrect netlogon response command"); + torture_assert_int_equal(tctx, response->data.samlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE, "Got incorrect netlogon response command"); - torture_assert_str_equal(tctx, response->samlogon.nt5_ex.user_name, TEST_NAME"$", "Got incorrect user in netlogon response"); + torture_assert_str_equal(tctx, response->data.samlogon.data.nt5_ex.user_name, TEST_NAME"$", "Got incorrect user in netlogon response"); /* setup a temporary mailslot listener for replies */ @@ -566,11 +566,11 @@ static bool nbt_test_ntlogon(struct torture_context *tctx) torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet"); torture_assert_int_equal(tctx, response->response_type, NETLOGON_SAMLOGON, "Got incorrect type of netlogon response"); - map_netlogon_samlogon_response(&response->samlogon); + map_netlogon_samlogon_response(&response->data.samlogon); - torture_assert_int_equal(tctx, response->samlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE, "Got incorrect netlogon response command"); + torture_assert_int_equal(tctx, response->data.samlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE, "Got incorrect netlogon response command"); - torture_assert_str_equal(tctx, response->samlogon.nt5_ex.user_name, TEST_NAME"$", "Got incorrect user in netlogon response"); + torture_assert_str_equal(tctx, response->data.samlogon.data.nt5_ex.user_name, TEST_NAME"$", "Got incorrect user in netlogon response"); /* setup (another) temporary mailslot listener for replies */ @@ -606,7 +606,7 @@ static bool nbt_test_ntlogon(struct torture_context *tctx) torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet"); torture_assert_int_equal(tctx, response->response_type, NETLOGON_GET_PDC, "Got incorrect type of ntlogon response"); - torture_assert_int_equal(tctx, response->get_pdc.command, NETLOGON_RESPONSE_FROM_PDC, "Got incorrect ntlogon response command"); + torture_assert_int_equal(tctx, response->data.get_pdc.command, NETLOGON_RESPONSE_FROM_PDC, "Got incorrect ntlogon response command"); torture_leave_domain(tctx, join_ctx); @@ -643,7 +643,7 @@ static bool nbt_test_ntlogon(struct torture_context *tctx) torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet"); torture_assert_int_equal(tctx, response->response_type, NETLOGON_GET_PDC, "Got incorrect type of ntlogon response"); - torture_assert_int_equal(tctx, response->get_pdc.command, NETLOGON_RESPONSE_FROM_PDC, "Got incorrect ntlogon response command"); + torture_assert_int_equal(tctx, response->data.get_pdc.command, NETLOGON_RESPONSE_FROM_PDC, "Got incorrect ntlogon response command"); return true; diff --git a/source4/torture/rpc/dssync.c b/source4/torture/rpc/dssync.c index df16c860cb..41bb168619 100644 --- a/source4/torture/rpc/dssync.c +++ b/source4/torture/rpc/dssync.c @@ -310,14 +310,14 @@ static bool test_GetInfo(struct torture_context *tctx, struct DsSyncTest *ctx) ctx->site_name = talloc_asprintf(ctx, "%s", "Default-First-Site-Name"); printf("cldap_netlogon() returned %s. Defaulting to Site-Name: %s\n", errstr, ctx->site_name); } else { - ctx->site_name = talloc_steal(ctx, search.out.netlogon.nt5_ex.client_site); + ctx->site_name = talloc_steal(ctx, search.out.netlogon.data.nt5_ex.client_site); printf("cldap_netlogon() returned Client Site-Name: %s.\n",ctx->site_name); - printf("cldap_netlogon() returned Server Site-Name: %s.\n",search.out.netlogon.nt5_ex.server_site); + printf("cldap_netlogon() returned Server Site-Name: %s.\n",search.out.netlogon.data.nt5_ex.server_site); } if (!ctx->domain_dn) { struct ldb_context *ldb = ldb_init(ctx, tctx->ev); - struct ldb_dn *dn = samdb_dns_domain_to_dn(ldb, ctx, search.out.netlogon.nt5_ex.dns_domain); + struct ldb_dn *dn = samdb_dns_domain_to_dn(ldb, ctx, search.out.netlogon.data.nt5_ex.dns_domain); ctx->domain_dn = ldb_dn_alloc_linearized(ctx, dn); talloc_free(dn); talloc_free(ldb); -- cgit From 5fc7fb48a0d7da8c4d0eec580c37b8a503faecce Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 2 Oct 2008 11:23:21 +0200 Subject: s4:lib/ldb: fix stupid dn parsing bugs metze --- source4/lib/ldb/common/ldb_dn.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4') diff --git a/source4/lib/ldb/common/ldb_dn.c b/source4/lib/ldb/common/ldb_dn.c index c0d36cfbf3..e36aea4e69 100644 --- a/source4/lib/ldb/common/ldb_dn.c +++ b/source4/lib/ldb/common/ldb_dn.c @@ -91,7 +91,7 @@ struct ldb_dn *ldb_dn_from_ldb_val(void *mem_ctx, struct ldb_context *ldb, const * exploded_dn control is used */ dn->special = true; /* FIXME: add a GUID string to ldb_dn structure */ - } else if (strdn->length >= 8 && strncasecmp((const char *)strdn->data, "length >= 5 && strncasecmp((const char *)strdn->data, "special = true; @@ -150,7 +150,7 @@ struct ldb_dn *ldb_dn_new_fmt(void *mem_ctx, struct ldb_context *ldb, const char * exploded_dn control is used */ dn->special = true; /* FIXME: add a GUID string to ldb_dn structure */ - } else if (strncasecmp(strdn, "basedn = NULL; + break; + } + + for (i=0; i < el->num_values; i++) { + valstr = talloc_strndup(ac, + (const char *)el->values[i].data, + el->values[i].length); + if (!valstr) { + ldb_oom(ac->module->ldb); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + + if (strncasecmp(valstr, ac->wellknown_object, wkn_len) != 0) { + talloc_free(valstr); + continue; + } + + found = &valstr[wkn_len]; + break; + } + + if (!found) { + break; + } + + ac->basedn = ldb_dn_new(ac, ac->module->ldb, found); + talloc_free(valstr); + if (!ac->basedn) { + ldb_oom(ac->module->ldb); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + + break; + + case LDB_REPLY_REFERRAL: + break; + + case LDB_REPLY_DONE: + + if (!ac->basedn) { + const char *str = talloc_asprintf(req, "Base-DN '%s' not found", + ldb_dn_get_linearized(ac->req->op.search.base)); + ldb_set_errstring(ac->module->ldb, str); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_NO_SUCH_OBJECT); + } + + ret = ldb_build_search_req_ex(&down_req, + ac->module->ldb, ac, + ac->basedn, + ac->req->op.search.scope, + ac->req->op.search.tree, + ac->cast_attrs, + ac->req->controls, + ac, extended_callback, + ac->req); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); + } + + if (ac->control) { + /* save it locally and remove it from the list */ + /* we do not need to replace them later as we + * are keeping the original req intact */ + if (!save_controls(ac->control, down_req, &saved_controls)) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + } + + /* perform the search */ + return ldb_next_request(ac->module, down_req); + } + return LDB_SUCCESS; +} static int extended_search(struct ldb_module *module, struct ldb_request *req) { @@ -256,25 +374,190 @@ static int extended_search(struct ldb_module *module, struct ldb_request *req) struct ldb_control **saved_controls; struct extended_context *ac; struct ldb_request *down_req; - const char * const *cast_attrs = NULL; char **new_attrs; int ret; + struct ldb_dn *base_dn = NULL; + enum ldb_scope base_dn_scope = LDB_SCOPE_BASE; + const char *base_dn_filter = NULL; + const char * const *base_dn_attrs = NULL; + char *wellknown_object = NULL; + static const char *dnattr[] = { + "distinguishedName", + NULL + }; + static const char *wkattr[] = { + "wellKnownObjects", + NULL + }; + + if (ldb_dn_is_special(req->op.search.base)) { + char *dn; + + dn = ldb_dn_alloc_linearized(req, req->op.search.base); + if (!dn) { + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + if (strncasecmp(dn, "'); + if (!p) { + return LDB_ERR_INVALID_DN_SYNTAX; + } + p[0] = '\0'; + + if (strncasecmp(str, "S-", 2) == 0) { + valstr = str; + } else { + DATA_BLOB binary; + binary = strhex_to_data_blob(str); + if (!binary.data) { + ldb_oom(ac->module->ldb); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + valstr = ldb_binary_encode(req, binary); + data_blob_free(&binary); + if (!valstr) { + ldb_oom(ac->module->ldb); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + } + + /* TODO: do a search over all partitions */ + base_dn = ldb_get_default_basedn(module->ldb); + base_dn_filter = talloc_asprintf(req, "(objectSid=%s)", valstr); + if (!base_dn_filter) { + ldb_oom(ac->module->ldb); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + base_dn_scope = LDB_SCOPE_SUBTREE; + base_dn_attrs = dnattr; + } else if (strncasecmp(dn, "'); + if (!p) { + return LDB_ERR_INVALID_DN_SYNTAX; + } + p[0] = '\0'; + + if (strchr(str, '-')) { + valstr = str; + } else { + DATA_BLOB binary; + binary = strhex_to_data_blob(str); + if (!binary.data) { + ldb_oom(ac->module->ldb); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + valstr = ldb_binary_encode(req, binary); + data_blob_free(&binary); + if (!valstr) { + ldb_oom(ac->module->ldb); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + } + + /* TODO: do a search over all partitions */ + base_dn = ldb_get_default_basedn(module->ldb); + base_dn_filter = talloc_asprintf(req, "(objectGUID=%s)", valstr); + if (!base_dn_filter) { + ldb_oom(ac->module->ldb); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + base_dn_scope = LDB_SCOPE_SUBTREE; + base_dn_attrs = dnattr; + } else if (strncasecmp(dn, "module->ldb); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + + tail_str = p; + p = strchr(tail_str, '>'); + if (!p) { + return LDB_ERR_INVALID_DN_SYNTAX; + } + p[0] = '\0'; + + base_dn = ldb_dn_new(req, module->ldb, tail_str); + if (!base_dn) { + ldb_oom(ac->module->ldb); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + base_dn_filter = talloc_strdup(req, "(objectClass=*)"); + if (!base_dn_filter) { + ldb_oom(ac->module->ldb); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + base_dn_scope = LDB_SCOPE_BASE; + base_dn_attrs = wkattr; + } + talloc_free(dn); + } /* check if there's an extended dn control */ control = ldb_request_get_control(req, LDB_CONTROL_EXTENDED_DN_OID); - if (control == NULL) { + if (control == NULL && base_dn_filter == NULL) { /* not found go on */ return ldb_next_request(module, req); } - if (control->data) { + if (control && control->data) { extended_ctrl = talloc_get_type(control->data, struct ldb_extended_dn_control); if (!extended_ctrl) { return LDB_ERR_PROTOCOL_ERROR; } } - ac = talloc(req, struct extended_context); + ac = talloc_zero(req, struct extended_context); if (ac == NULL) { ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; @@ -282,49 +565,75 @@ static int extended_search(struct ldb_module *module, struct ldb_request *req) ac->module = module; ac->req = req; + ac->control = control; + ac->basedn = NULL; + ac->wellknown_object = wellknown_object; + ac->inject = false; ac->remove_guid = false; ac->remove_sid = false; - if (extended_ctrl) { - ac->extended_type = extended_ctrl->type; - } else { - ac->extended_type = 0; - } - /* check if attrs only is specified, in that case check wether we need to modify them */ - if (req->op.search.attrs) { - if (! is_attr_in_list(req->op.search.attrs, "objectGUID")) { - ac->remove_guid = true; - } - if (! is_attr_in_list(req->op.search.attrs, "objectSID")) { - ac->remove_sid = true; + if (control) { + ac->inject = true; + if (extended_ctrl) { + ac->extended_type = extended_ctrl->type; + } else { + ac->extended_type = 0; } - if (ac->remove_guid || ac->remove_sid) { - new_attrs = copy_attrs(ac, req->op.search.attrs); - if (new_attrs == NULL) { - ldb_oom(module->ldb); - return LDB_ERR_OPERATIONS_ERROR; + + /* check if attrs only is specified, in that case check wether we need to modify them */ + if (req->op.search.attrs) { + if (! is_attr_in_list(req->op.search.attrs, "objectGUID")) { + ac->remove_guid = true; } - - if (ac->remove_guid) { - if (!add_attrs(ac, &new_attrs, "objectGUID")) - return LDB_ERR_OPERATIONS_ERROR; + if (! is_attr_in_list(req->op.search.attrs, "objectSID")) { + ac->remove_sid = true; } - if (ac->remove_sid) { - if (!add_attrs(ac, &new_attrs, "objectSID")) + if (ac->remove_guid || ac->remove_sid) { + new_attrs = copy_attrs(ac, req->op.search.attrs); + if (new_attrs == NULL) { + ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; + } + + if (ac->remove_guid) { + if (!add_attrs(ac, &new_attrs, "objectGUID")) + return LDB_ERR_OPERATIONS_ERROR; + } + if (ac->remove_sid) { + if (!add_attrs(ac, &new_attrs, "objectSID")) + return LDB_ERR_OPERATIONS_ERROR; + } + ac->cast_attrs = (const char * const *)new_attrs; + } else { + ac->cast_attrs = req->op.search.attrs; } - cast_attrs = (const char * const *)new_attrs; - } else { - cast_attrs = req->op.search.attrs; } } + if (base_dn) { + ret = ldb_build_search_req(&down_req, + module->ldb, ac, + base_dn, + base_dn_scope, + base_dn_filter, + base_dn_attrs, + NULL, + ac, extended_base_callback, + req); + if (ret != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; + } + + /* perform the search */ + return ldb_next_request(module, down_req); + } + ret = ldb_build_search_req_ex(&down_req, module->ldb, ac, req->op.search.base, req->op.search.scope, req->op.search.tree, - cast_attrs, + ac->cast_attrs, req->controls, ac, extended_callback, req); @@ -332,11 +641,13 @@ static int extended_search(struct ldb_module *module, struct ldb_request *req) return LDB_ERR_OPERATIONS_ERROR; } - /* save it locally and remove it from the list */ - /* we do not need to replace them later as we - * are keeping the original req intact */ - if (!save_controls(control, down_req, &saved_controls)) { - return LDB_ERR_OPERATIONS_ERROR; + if (ac->control) { + /* save it locally and remove it from the list */ + /* we do not need to replace them later as we + * are keeping the original req intact */ + if (!save_controls(control, down_req, &saved_controls)) { + return LDB_ERR_OPERATIONS_ERROR; + } } /* perform the search */ -- cgit From 8aff4430308b36ae1a1a6629d67bba87eebb0dde Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 2 Oct 2008 02:44:25 +0200 Subject: s4:kludge_acl: just fake support for the SD_FLAGS control metze --- source4/dsdb/samdb/ldb_modules/kludge_acl.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) (limited to 'source4') diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index 24527c36c9..6e6da5581d 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -321,6 +321,8 @@ static int kludge_acl_search(struct ldb_module *module, struct ldb_request *req) struct kludge_private_data *data; const char * const *attrs; int ret, i; + struct ldb_control *sd_control; + struct ldb_control **sd_saved_controls; ac = talloc(req, struct kludge_acl_context); if (ac == NULL) { @@ -382,6 +384,17 @@ static int kludge_acl_search(struct ldb_module *module, struct ldb_request *req) return LDB_ERR_OPERATIONS_ERROR; } + /* check if there's an SD_FLAGS control */ + sd_control = ldb_request_get_control(down_req, LDB_CONTROL_SD_FLAGS_OID); + if (sd_control) { + /* save it locally and remove it from the list */ + /* we do not need to replace them later as we + * are keeping the original req intact */ + if (!save_controls(sd_control, down_req, &sd_saved_controls)) { + return LDB_ERR_OPERATIONS_ERROR; + } + } + /* perform the search */ return ldb_next_request(module, down_req); } @@ -462,6 +475,13 @@ static int kludge_acl_init(struct ldb_module *module) } data->password_attrs[i] = NULL; + ret = ldb_mod_register_control(module, LDB_CONTROL_SD_FLAGS_OID); + if (ret != LDB_SUCCESS) { + ldb_debug(module->ldb, LDB_DEBUG_ERROR, + "partition: Unable to register control with rootdse!\n"); + return LDB_ERR_OPERATIONS_ERROR; + } + done: talloc_free(mem_ctx); return ldb_next_init(module); -- cgit From 3ebf3f316b003000b77499f494cf4d017ef870ad Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 2 Oct 2008 11:05:02 +0200 Subject: s4:linked_attributes: fix a crash bug when the definition of a target attribute is missing Windows 2003 has a broken schema where the definition of msDS-IsDomainFor is missing (which is supposed to be the backlink of the msDS-HasDomainNCs attribute. Our schema is extracted from windows 2003, so we have the problem. As the NET-API-BECOME-DC test triggers this bug, windows 2003 seems to just skip creating a backlink. metze --- source4/dsdb/samdb/ldb_modules/linked_attributes.c | 38 ++++++++++++++++++++-- 1 file changed, 35 insertions(+), 3 deletions(-) (limited to 'source4') diff --git a/source4/dsdb/samdb/ldb_modules/linked_attributes.c b/source4/dsdb/samdb/ldb_modules/linked_attributes.c index 3b389afffb..14fd107d81 100644 --- a/source4/dsdb/samdb/ldb_modules/linked_attributes.c +++ b/source4/dsdb/samdb/ldb_modules/linked_attributes.c @@ -217,6 +217,17 @@ static int linked_attributes_add(struct ldb_module *module, struct ldb_request * /* Even link IDs are for the originating attribute */ target_attr = dsdb_attribute_by_linkID(ac->schema, schema_attr->linkID + 1); + if (!target_attr) { + /* + * windows 2003 has a broken schema where + * the definition of msDS-IsDomainFor + * is missing (which is supposed to be + * the backlink of the msDS-HasDomainNCs + * attribute + */ + continue; + } + attr_name = target_attr->lDAPDisplayName; attr_val = ldb_dn_get_linearized(ac->req->op.add.message->dn); @@ -301,6 +312,16 @@ static int la_mod_search_callback(struct ldb_request *req, struct ldb_reply *are } target_attr = dsdb_attribute_by_linkID(ac->schema, schema_attr->linkID + 1); + if (!target_attr) { + /* + * windows 2003 has a broken schema where + * the definition of msDS-IsDomainFor + * is missing (which is supposed to be + * the backlink of the msDS-HasDomainNCs + * attribute + */ + continue; + } attr_name = target_attr->lDAPDisplayName; /* make sure we manage each value */ @@ -399,9 +420,14 @@ static int linked_attributes_modify(struct ldb_module *module, struct ldb_reques /* Now find the target attribute */ target_attr = dsdb_attribute_by_linkID(ac->schema, schema_attr->linkID + 1); if (!target_attr) { - ldb_asprintf_errstring(module->ldb, - "attribute %s does not have valid link target", el->name); - return LDB_ERR_OBJECT_CLASS_VIOLATION; + /* + * windows 2003 has a broken schema where + * the definition of msDS-IsDomainFor + * is missing (which is supposed to be + * the backlink of the msDS-HasDomainNCs + * attribute + */ + continue; } attr_name = target_attr->lDAPDisplayName; @@ -654,9 +680,15 @@ static int la_op_search_callback(struct ldb_request *req, if ((schema_attr->linkID & 1) == 0) { /* Odd is for the target. */ target_attr = dsdb_attribute_by_linkID(ac->schema, schema_attr->linkID + 1); + if (!target_attr) { + continue; + } attr_name = target_attr->lDAPDisplayName; } else { target_attr = dsdb_attribute_by_linkID(ac->schema, schema_attr->linkID - 1); + if (!target_attr) { + continue; + } attr_name = target_attr->lDAPDisplayName; } for (j = 0; j < el->num_values; j++) { -- cgit From 551bbd853c87002fe068b5fb2a044c424ab7e874 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 2 Oct 2008 11:11:14 +0200 Subject: s4:partition: pass down the SEARCH_OPTIONS control as uncritical metze --- source4/dsdb/samdb/ldb_modules/partition.c | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'source4') diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index ad2901c308..ad3518e6b2 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -466,6 +466,14 @@ static int partition_search(struct ldb_module *module, struct ldb_request *req) return LDB_ERR_OPERATIONS_ERROR; } + /* + * for now pass down the LDB_CONTROL_SEARCH_OPTIONS_OID control + * down as uncritical to make windows 2008 dcpromo happy. + */ + if (search_control) { + search_control->critical = 0; + } + /* TODO: Generate referrals (look for a partition under this DN) if we don't have the above control specified */ -- cgit From 81b3358f2a61c38ddd9d10accea8a4fe432f3085 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 2 Oct 2008 11:22:33 +0200 Subject: s4:partition: register DOMAIN_SCOPE and SEARCH_OPTIONS controls metze --- source4/dsdb/samdb/ldb_modules/partition.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'source4') diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index ad3518e6b2..f600c72748 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -1160,6 +1160,20 @@ static int partition_init(struct ldb_module *module) } } + ret = ldb_mod_register_control(module, LDB_CONTROL_DOMAIN_SCOPE_OID); + if (ret != LDB_SUCCESS) { + ldb_debug(module->ldb, LDB_DEBUG_ERROR, + "partition: Unable to register control with rootdse!\n"); + return LDB_ERR_OPERATIONS_ERROR; + } + + ret = ldb_mod_register_control(module, LDB_CONTROL_SEARCH_OPTIONS_OID); + if (ret != LDB_SUCCESS) { + ldb_debug(module->ldb, LDB_DEBUG_ERROR, + "partition: Unable to register control with rootdse!\n"); + return LDB_ERR_OPERATIONS_ERROR; + } + talloc_free(mem_ctx); return ldb_next_init(module); } -- cgit From 1e24fd3ba20ace6e8f7e974dd7b7fc1738ade8be Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 2 Oct 2008 11:20:10 +0200 Subject: s4:rootdse: for now don't pass down controls for the rootdse search metze --- source4/dsdb/samdb/ldb_modules/rootdse.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index 0d14a54464..b38e182cf7 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -318,7 +318,7 @@ static int rootdse_search(struct ldb_module *module, struct ldb_request *req) LDB_SCOPE_BASE, NULL, req->op.search.attrs, - req->controls, + NULL,/* for now skip the controls from the client */ ac, rootdse_callback, req); if (ret != LDB_SUCCESS) { -- cgit From 3c9f3c32d1290b8e6c438a197602afe3e96ae828 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 2 Oct 2008 11:25:13 +0200 Subject: s4:drsuapi.idl: fix some fields in drsuapi_DsRemoveDSServer() metze --- source4/libnet/libnet_unbecome_dc.c | 7 +------ source4/librpc/idl/drsuapi.idl | 4 ++-- 2 files changed, 3 insertions(+), 8 deletions(-) (limited to 'source4') diff --git a/source4/libnet/libnet_unbecome_dc.c b/source4/libnet/libnet_unbecome_dc.c index 3a9a5cebd8..2ee3c641b2 100644 --- a/source4/libnet/libnet_unbecome_dc.c +++ b/source4/libnet/libnet_unbecome_dc.c @@ -641,7 +641,7 @@ static void unbecomeDC_drsuapi_remove_ds_server_send(struct libnet_UnbecomeDC_st r->in.level = 1; r->in.req.req1.server_dn= s->dest_dsa.server_dn_str; r->in.req.req1.domain_dn= s->domain.dn_str; - r->in.req.req1.unknown = 0x00000001; + r->in.req.req1.commit = true; req = dcerpc_drsuapi_DsRemoveDSServer_send(s->drsuapi.pipe, s, r); composite_continue_rpc(c, req, unbecomeDC_drsuapi_remove_ds_server_recv, s); @@ -666,11 +666,6 @@ static void unbecomeDC_drsuapi_remove_ds_server_recv(struct rpc_request *req) composite_error(c, NT_STATUS_INVALID_NETWORK_RESPONSE); return; } - - if (!W_ERROR_IS_OK(r->out.res.res1.status)) { - composite_error(c, werror_to_ntstatus(r->out.res.res1.status)); - return; - } composite_done(c); } diff --git a/source4/librpc/idl/drsuapi.idl b/source4/librpc/idl/drsuapi.idl index 0a5a081dd7..76858b2d5c 100644 --- a/source4/librpc/idl/drsuapi.idl +++ b/source4/librpc/idl/drsuapi.idl @@ -970,7 +970,7 @@ interface drsuapi typedef struct { [charset(UTF16),string] uint16 *server_dn; [charset(UTF16),string] uint16 *domain_dn; - uint32 unknown; /* 0x000000001 */ + boolean32 commit; } drsuapi_DsRemoveDSServerRequest1; typedef [switch_type(int32)] union { @@ -978,7 +978,7 @@ interface drsuapi } drsuapi_DsRemoveDSServerRequest; typedef struct { - WERROR status; + boolean32 last_dc_in_domain; } drsuapi_DsRemoveDSServerResult1; typedef [switch_type(int32)] union { -- cgit From 05994005a35b940efc9cd8d1b3b0eebf2d2e38d7 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 2 Oct 2008 11:56:12 +0200 Subject: s4:setup: add wellknownObjects to the domain object metze --- source4/setup/provision_basedn_modify.ldif | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'source4') diff --git a/source4/setup/provision_basedn_modify.ldif b/source4/setup/provision_basedn_modify.ldif index 63332e937b..a7b501e8a8 100644 --- a/source4/setup/provision_basedn_modify.ldif +++ b/source4/setup/provision_basedn_modify.ldif @@ -77,4 +77,12 @@ subRefs: ${SCHEMADN} replace: gPLink gPLink: [LDAP://CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN};0] - +replace: wellKnownObjects +wellKnownObjects: B:32:22b70c67d56e4efb91e9300fca3dc1aa:CN=ForeignSecurityPrincipals,${DOMAINDN} +wellKnownObjects: B:32:2fbac1870ade11d297c400c04fd8d5cd:CN=Infrastructure,${DOMAINDN} +wellKnownObjects: B:32:ab1d30f3768811d1aded00c04fd8d5cd:CN=System,${DOMAINDN} +wellKnownObjects: B:32:a361b2ffffd211d1aa4b00c04fd7d83a:OU=Domain Controllers,${DOMAINDN} +wellKnownObjects: B:32:aa312825768811d1aded00c04fd8d5cd:CN=Computers,${DOMAINDN} +wellKnownObjects: B:32:a9d1ca15768811d1aded00c04fd8d5cd:CN=Users,${DOMAINDN} +- ${DOMAINGUID_MOD} -- cgit From b174765d54c202eb507b1caaed95c33bcd54d243 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 2 Oct 2008 17:15:00 -0400 Subject: Fix crash bugs in error paths: ac is not yet initialized here, and we don't need to call ldb_module_done in the main module functions, we can directly return an error. ldb_module_done() is for callbacks --- source4/dsdb/samdb/ldb_modules/extended_dn.c | 45 +++++++++++----------------- 1 file changed, 18 insertions(+), 27 deletions(-) (limited to 'source4') diff --git a/source4/dsdb/samdb/ldb_modules/extended_dn.c b/source4/dsdb/samdb/ldb_modules/extended_dn.c index 6a7ed4e7c6..88a8887056 100644 --- a/source4/dsdb/samdb/ldb_modules/extended_dn.c +++ b/source4/dsdb/samdb/ldb_modules/extended_dn.c @@ -426,16 +426,14 @@ static int extended_search(struct ldb_module *module, struct ldb_request *req) DATA_BLOB binary; binary = strhex_to_data_blob(str); if (!binary.data) { - ldb_oom(ac->module->ldb); - return ldb_module_done(ac->req, NULL, NULL, - LDB_ERR_OPERATIONS_ERROR); + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; } valstr = ldb_binary_encode(req, binary); data_blob_free(&binary); if (!valstr) { - ldb_oom(ac->module->ldb); - return ldb_module_done(ac->req, NULL, NULL, - LDB_ERR_OPERATIONS_ERROR); + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; } } @@ -443,9 +441,8 @@ static int extended_search(struct ldb_module *module, struct ldb_request *req) base_dn = ldb_get_default_basedn(module->ldb); base_dn_filter = talloc_asprintf(req, "(objectSid=%s)", valstr); if (!base_dn_filter) { - ldb_oom(ac->module->ldb); - return ldb_module_done(ac->req, NULL, NULL, - LDB_ERR_OPERATIONS_ERROR); + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; } base_dn_scope = LDB_SCOPE_SUBTREE; base_dn_attrs = dnattr; @@ -476,16 +473,14 @@ static int extended_search(struct ldb_module *module, struct ldb_request *req) DATA_BLOB binary; binary = strhex_to_data_blob(str); if (!binary.data) { - ldb_oom(ac->module->ldb); - return ldb_module_done(ac->req, NULL, NULL, - LDB_ERR_OPERATIONS_ERROR); + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; } valstr = ldb_binary_encode(req, binary); data_blob_free(&binary); if (!valstr) { - ldb_oom(ac->module->ldb); - return ldb_module_done(ac->req, NULL, NULL, - LDB_ERR_OPERATIONS_ERROR); + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; } } @@ -493,9 +488,8 @@ static int extended_search(struct ldb_module *module, struct ldb_request *req) base_dn = ldb_get_default_basedn(module->ldb); base_dn_filter = talloc_asprintf(req, "(objectGUID=%s)", valstr); if (!base_dn_filter) { - ldb_oom(ac->module->ldb); - return ldb_module_done(ac->req, NULL, NULL, - LDB_ERR_OPERATIONS_ERROR); + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; } base_dn_scope = LDB_SCOPE_SUBTREE; base_dn_attrs = dnattr; @@ -513,9 +507,8 @@ static int extended_search(struct ldb_module *module, struct ldb_request *req) wellknown_object = talloc_asprintf(req, "B:32:%s:", &dn[8]); if (!wellknown_object) { - ldb_oom(ac->module->ldb); - return ldb_module_done(ac->req, NULL, NULL, - LDB_ERR_OPERATIONS_ERROR); + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; } tail_str = p; @@ -527,15 +520,13 @@ static int extended_search(struct ldb_module *module, struct ldb_request *req) base_dn = ldb_dn_new(req, module->ldb, tail_str); if (!base_dn) { - ldb_oom(ac->module->ldb); - return ldb_module_done(ac->req, NULL, NULL, - LDB_ERR_OPERATIONS_ERROR); + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; } base_dn_filter = talloc_strdup(req, "(objectClass=*)"); if (!base_dn_filter) { - ldb_oom(ac->module->ldb); - return ldb_module_done(ac->req, NULL, NULL, - LDB_ERR_OPERATIONS_ERROR); + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; } base_dn_scope = LDB_SCOPE_BASE; base_dn_attrs = wkattr; -- cgit From 89a67bb60c3b88d5054a81085fb400930cfd5c55 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 2 Oct 2008 21:55:26 -0700 Subject: we need to listen on all interfaces in the CLDAP server as the windows CDLAP client ignores replies from the wrong IP --- source4/cldap_server/cldap_server.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) (limited to 'source4') diff --git a/source4/cldap_server/cldap_server.c b/source4/cldap_server/cldap_server.c index 310fb564e0..240f2b1dc2 100644 --- a/source4/cldap_server/cldap_server.c +++ b/source4/cldap_server/cldap_server.c @@ -127,6 +127,7 @@ static NTSTATUS cldapd_startup_interfaces(struct cldapd_server *cldapd, struct l int num_interfaces; TALLOC_CTX *tmp_ctx = talloc_new(cldapd); NTSTATUS status; + int i; num_interfaces = iface_count(ifaces); @@ -135,14 +136,14 @@ static NTSTATUS cldapd_startup_interfaces(struct cldapd_server *cldapd, struct l if (!lp_bind_interfaces_only(lp_ctx)) { status = cldapd_add_socket(cldapd, lp_ctx, "0.0.0.0"); NT_STATUS_NOT_OK_RETURN(status); - } else { - int i; - - for (i=0; i Date: Thu, 2 Oct 2008 21:57:27 -0700 Subject: fixed a talloc error in the rpc handle desctructor - destructors should not try to free the ptr they are given --- source4/rpc_server/handles.c | 1 - 1 file changed, 1 deletion(-) (limited to 'source4') diff --git a/source4/rpc_server/handles.c b/source4/rpc_server/handles.c index 47174b6eeb..4831fb063d 100644 --- a/source4/rpc_server/handles.c +++ b/source4/rpc_server/handles.c @@ -29,7 +29,6 @@ static int dcesrv_handle_destructor(struct dcesrv_handle *h) { DLIST_REMOVE(h->context->handles, h); - talloc_free(h); return 0; } -- cgit From c5fdb82d3280a0c94c9b15be0090c08675338159 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 2 Oct 2008 21:58:46 -0700 Subject: fixed the sense of ldb base dn comparisons in two places, and use a direct comparison instead of a sub-tree comparison in another this fixes basedn searches on the global catalog port --- source4/cldap_server/netlogon.c | 2 +- source4/dsdb/samdb/ldb_modules/partition.c | 4 ++-- source4/dsdb/samdb/ldb_modules/proxy.c | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) (limited to 'source4') diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index 7dccd81fad..b31e89b7a5 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -301,7 +301,7 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, server_type |= NBT_SERVER_KDC; } - if (!ldb_dn_compare_base(ldb_get_root_basedn(sam_ctx), ldb_get_default_basedn(sam_ctx))) { + if (ldb_dn_compare(ldb_get_root_basedn(sam_ctx), ldb_get_default_basedn(sam_ctx)) == 0) { server_type |= NBT_SERVER_DS_DNS_FOREST; } diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index ad2901c308..7cc19a1012 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -493,7 +493,7 @@ static int partition_search(struct ldb_module *module, struct ldb_request *req) } for (i=0; data && data->partitions && data->partitions[i]; i++) { /* Find all partitions under the search base */ - if (ldb_dn_compare_base(req->op.search.base, data->partitions[i]->dn) == 0) { + if (ldb_dn_compare_base(data->partitions[i]->dn, req->op.search.base) == 0) { ret = partition_prep_request(ac, data->partitions[i]); if (ret != LDB_SUCCESS) { return ret; @@ -578,7 +578,7 @@ static int partition_rename(struct ldb_module *module, struct ldb_request *req) } for (i=0; data && data->partitions && data->partitions[i]; i++) { - if (ldb_dn_compare_base(req->op.rename.olddn, data->partitions[i]->dn) == 0) { + if (ldb_dn_compare_base(data->partitions[i]->dn, req->op.rename.olddn) == 0) { matched = i; } } diff --git a/source4/dsdb/samdb/ldb_modules/proxy.c b/source4/dsdb/samdb/ldb_modules/proxy.c index 171832bbb4..18b0649dda 100644 --- a/source4/dsdb/samdb/ldb_modules/proxy.c +++ b/source4/dsdb/samdb/ldb_modules/proxy.c @@ -233,7 +233,7 @@ static void proxy_convert_record(struct ldb_context *ldb, int attr, v; /* fix the message DN */ - if (ldb_dn_compare_base(ldb, proxy->olddn, msg->dn) == 0) { + if (ldb_dn_compare_base(proxy->olddn, msg->dn) == 0) { ldb_dn_remove_base_components(msg->dn, ldb_dn_get_comp_num(proxy->olddn)); ldb_dn_add_base(msg->dn, proxy->newdn); } @@ -322,7 +322,7 @@ static int proxy_search_bytree(struct ldb_module *module, struct ldb_request *re } /* see if the dn is within olddn */ - if (ldb_dn_compare_base(module->ldb, proxy->newdn, req->op.search.base) != 0) { + if (ldb_dn_compare_base(proxy->newdn, req->op.search.base) != 0) { goto passthru; } -- cgit From 63e908e4b4b07455e14ac04d8efb3c4a3d043692 Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Fri, 3 Oct 2008 14:29:47 +0200 Subject: Fix regressions in patchfile after last patch, several other minor fixes. --- source4/lib/registry/patchfile.c | 42 +++++++++++++++++++--------------------- 1 file changed, 20 insertions(+), 22 deletions(-) (limited to 'source4') diff --git a/source4/lib/registry/patchfile.c b/source4/lib/registry/patchfile.c index d49d46250d..a6f947ee78 100644 --- a/source4/lib/registry/patchfile.c +++ b/source4/lib/registry/patchfile.c @@ -69,7 +69,7 @@ WERROR reg_generate_diff_key(struct registry_key *oldkey, old_num_values = 0; } - /* Subkeys that were deleted */ + /* Subkeys that were changed or deleted */ for (i = 0; i < old_num_subkeys; i++) { error1 = reg_key_get_subkey_by_index(mem_ctx, oldkey, i, &keyname1, NULL, NULL); @@ -81,24 +81,23 @@ WERROR reg_generate_diff_key(struct registry_key *oldkey, if (newkey != NULL) { error2 = reg_open_key(mem_ctx, newkey, keyname1, &t2); - - if (W_ERROR_IS_OK(error2)) - continue; } else { error2 = WERR_BADFILE; t2 = NULL; } - if (!W_ERROR_EQUAL(error2, WERR_BADFILE)) { + if (!W_ERROR_IS_OK(error2) && !W_ERROR_EQUAL(error2, WERR_BADFILE)) { DEBUG(0, ("Error occured while getting subkey by name: %s\n", win_errstr(error2))); talloc_free(mem_ctx); return error2; } - /* newkey didn't have such a subkey, add del diff */ + /* if "error2" is going to be "WERR_BADFILE", then newkey */ + /* didn't have such a subkey and therefore add a del diff */ tmppath = talloc_asprintf(mem_ctx, "%s\\%s", path, keyname1); - callbacks->del_key(callback_data, tmppath); + if (!W_ERROR_IS_OK(error2)) + callbacks->del_key(callback_data, tmppath); /* perform here also the recursive invocation */ error1 = reg_open_key(mem_ctx, oldkey, keyname1, &t1); @@ -385,14 +384,13 @@ static WERROR reg_diff_apply_add_key(void *_ctx, const char *key_name) static WERROR reg_diff_apply_del_key(void *_ctx, const char *key_name) { struct registry_context *ctx = (struct registry_context *)_ctx; - WERROR error; - error = reg_key_del_abs(ctx, key_name); + /* We can't proof here for success, because a common superkey could */ + /* have been deleted before the subkey's (diff order). This removed */ + /* therefore all childs recursively and the "WERR_BADFILE" result is */ + /* expected. */ - if(!W_ERROR_IS_OK(error)) { - DEBUG(0, ("Unable to delete key '%s'\n", key_name)); - return error; - } + reg_key_del_abs(ctx, key_name); return WERR_OK; } @@ -454,8 +452,7 @@ static WERROR reg_diff_apply_del_all_values(void *_ctx, const char *key_name) struct registry_context *ctx = (struct registry_context *)_ctx; struct registry_key *key; WERROR error; - int i; - uint32_t num_values; + const char* value_name; error = reg_open_key_abs(ctx, ctx, key_name, &key); @@ -465,14 +462,15 @@ static WERROR reg_diff_apply_del_all_values(void *_ctx, const char *key_name) } W_ERROR_NOT_OK_RETURN(reg_key_get_info(ctx, key, NULL, - NULL, &num_values, NULL, NULL, NULL, NULL)); + NULL, NULL, NULL, NULL, NULL, NULL)); - for (i = 0; i < num_values; i++) { - const char *name; - W_ERROR_NOT_OK_RETURN(reg_key_get_value_by_index(ctx, key, i, - &name, - NULL, NULL)); - W_ERROR_NOT_OK_RETURN(reg_del_value(key, name)); + while (W_ERROR_IS_OK(reg_key_get_value_by_index( + ctx, key, 0, &value_name, NULL, NULL))) { + error = reg_del_value(key, value_name); + if (!W_ERROR_IS_OK(error)) { + DEBUG(0, ("Error deleting value '%s'\n", value_name)); + return error; + } } return WERR_OK; -- cgit From 163fa1d25ae2104b634ba37ed97d51fe033cbc1f Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 3 Oct 2008 12:21:53 -0700 Subject: fixed the partition module and the GC handling - when multiple partitions are searched, consider the search a success if any of the partitions return success - only search the right subset of partitions, looking at the scope and basedn of the search This fixes several errors with GC searches --- source4/dsdb/samdb/ldb_modules/partition.c | 42 +++++++++++++++++++++++++++--- 1 file changed, 38 insertions(+), 4 deletions(-) (limited to 'source4') diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index 7cc19a1012..1274061e77 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -50,6 +50,7 @@ struct part_request { struct partition_context { struct ldb_module *module; struct ldb_request *req; + bool got_success; struct part_request *part_req; int num_requests; @@ -170,7 +171,8 @@ static int partition_req_callback(struct ldb_request *req, return ldb_module_done(ac->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); } - if (ares->error != LDB_SUCCESS) { + + if (ares->error != LDB_SUCCESS && !ac->got_success) { return ldb_module_done(ac->req, ares->controls, ares->response, ares->error); } @@ -191,6 +193,9 @@ static int partition_req_callback(struct ldb_request *req, return ldb_module_send_entry(ac->req, ares->message); case LDB_REPLY_DONE: + if (ares->error == LDB_SUCCESS) { + ac->got_success = true; + } if (ac->req->operation == LDB_EXTENDED) { /* FIXME: check for ares->response, replmd does not fill it ! */ if (ares->response) { @@ -210,7 +215,8 @@ static int partition_req_callback(struct ldb_request *req, if (ac->finished_requests == ac->num_requests) { /* this was the last one, call callback */ return ldb_module_done(ac->req, ares->controls, - ares->response, ares->error); + ares->response, + ac->got_success?LDB_SUCCESS:ares->error); } /* not the last, now call the next one */ @@ -492,13 +498,41 @@ static int partition_search(struct ldb_module *module, struct ldb_request *req) return partition_send_all(module, ac, req); } for (i=0; data && data->partitions && data->partitions[i]; i++) { - /* Find all partitions under the search base */ - if (ldb_dn_compare_base(data->partitions[i]->dn, req->op.search.base) == 0) { + bool match = false, stop = false; + /* Find all partitions under the search base + + we match if: + + 1) the DN we are looking for exactly matches the partition + or + 2) the DN we are looking for is a parent of the partition and it isn't + a scope base search + or + 3) the DN we are looking for is a child of the partition + */ + if (ldb_dn_compare(data->partitions[i]->dn, req->op.search.base) == 0) { + match = true; + if (req->op.search.scope == LDB_SCOPE_BASE) { + stop = true; + } + } + if (!match && + (ldb_dn_compare_base(req->op.search.base, data->partitions[i]->dn) == 0 && + req->op.search.scope != LDB_SCOPE_BASE)) { + match = true; + } + if (!match && + ldb_dn_compare_base(data->partitions[i]->dn, req->op.search.base) == 0) { + match = true; + stop = true; /* note that this relies on partition ordering */ + } + if (match) { ret = partition_prep_request(ac, data->partitions[i]); if (ret != LDB_SUCCESS) { return ret; } } + if (stop) break; } /* Perhaps we didn't match any partitions. Try the main partition, only */ -- cgit From 025ff92f59512fd530f4f68306fea77b26061682 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 3 Oct 2008 17:10:53 -0700 Subject: expanded the netlogon test to better simulate the WSPP NRPC test that we had some trouble with --- source4/torture/rpc/netlogon.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c index 2522062696..3d4c594d05 100644 --- a/source4/torture/rpc/netlogon.c +++ b/source4/torture/rpc/netlogon.c @@ -1397,7 +1397,14 @@ static bool test_GetDomainInfo(struct torture_context *tctx, q1.blob2.data = NULL; q1.product.string = "product string"; - torture_comment(tctx, "Testing netr_uogonGetDomainInfo\n"); + torture_comment(tctx, "Testing netr_LogonGetDomainInfo\n"); + + status = dcerpc_netr_LogonGetDomainInfo(p, tctx, &r); + torture_assert_ntstatus_ok(tctx, status, "netr_LogonGetDomainInfo"); + torture_assert(tctx, creds_client_check(creds, &a.cred), "Credential chaining failed"); + + torture_comment(tctx, "Testing netr_LogonGetDomainInfo 2nd call\n"); + creds_client_authenticator(creds, &a); status = dcerpc_netr_LogonGetDomainInfo(p, tctx, &r); torture_assert_ntstatus_ok(tctx, status, "netr_LogonGetDomainInfo"); @@ -1581,6 +1588,7 @@ struct torture_suite *torture_rpc_netlogon(TALLOC_CTX *mem_ctx) tcase = torture_suite_add_machine_rpc_iface_tcase(suite, "netlogon", &ndr_table_netlogon, TEST_MACHINE_NAME); + torture_rpc_tcase_add_test(tcase, "LogonUasLogon", test_LogonUasLogon); torture_rpc_tcase_add_test(tcase, "LogonUasLogoff", test_LogonUasLogoff); torture_rpc_tcase_add_test_creds(tcase, "SamLogon", test_SamLogon); -- cgit From ba5ef49f831dbbfec1a360cd4644999de822e2bc Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 3 Oct 2008 17:52:59 -0700 Subject: updated the LSA and NETLOGON servers with fixes resulting from the AD plugfest in Redmond --- source4/librpc/idl/lsa.idl | 39 ++++++++++------- source4/librpc/idl/netlogon.idl | 61 +++++++++++++++++++++------ source4/rpc_server/lsa/dcesrv_lsa.c | 57 ++++++++++++++++++++++--- source4/rpc_server/lsa/lsa_lookup.c | 32 ++++++++++---- source4/rpc_server/netlogon/dcerpc_netlogon.c | 44 ++++++++++++++++--- source4/torture/ndr/lsa.c | 8 ++-- source4/torture/rpc/lsa.c | 30 +++++++++---- 7 files changed, 211 insertions(+), 60 deletions(-) (limited to 'source4') diff --git a/source4/librpc/idl/lsa.idl b/source4/librpc/idl/lsa.idl index e1c4499022..4dce6d6d1e 100644 --- a/source4/librpc/idl/lsa.idl +++ b/source4/librpc/idl/lsa.idl @@ -140,12 +140,11 @@ import "misc.idl", "security.idl"; typedef struct { uint32 percent_full; - uint32 log_size; - NTTIME retention_time; + uint32 maximum_log_size; + hyper retention_time; uint8 shutdown_in_progress; - NTTIME time_to_shutdown; + hyper time_to_shutdown; uint32 next_audit_record; - uint32 unknown; } lsa_AuditLogInfo; typedef [v1_enum] enum { @@ -183,9 +182,13 @@ import "misc.idl", "security.idl"; lsa_String name; } lsa_PDAccountInfo; + typedef [v1_enum] enum { + LSA_ROLE_BACKUP=2, + LSA_ROLE_PRIMARY=3 + } lsa_Role; + typedef struct { - uint16 unknown; /* an midl padding bug? */ - uint16 role; + lsa_Role role; } lsa_ServerRole; typedef struct { @@ -204,7 +207,7 @@ import "misc.idl", "security.idl"; typedef struct { hyper modified_id; - NTTIME db_create_time; + NTTIME_hyper db_create_time; } lsa_ModificationInfo; typedef struct { @@ -212,7 +215,6 @@ import "misc.idl", "security.idl"; } lsa_AuditFullSetInfo; typedef struct { - uint16 unknown; /* an midl padding bug? */ uint8 shutdown_on_full; uint8 log_is_full; } lsa_AuditFullQueryInfo; @@ -243,7 +245,8 @@ import "misc.idl", "security.idl"; LSA_POLICY_INFO_DB=9, LSA_POLICY_INFO_AUDIT_FULL_SET=10, LSA_POLICY_INFO_AUDIT_FULL_QUERY=11, - LSA_POLICY_INFO_DNS=12 + LSA_POLICY_INFO_DNS=12, + LSA_POLICY_INFO_DNS_INT=13 } lsa_PolicyInfo; typedef [switch_type(uint16)] union { @@ -259,6 +262,7 @@ import "misc.idl", "security.idl"; [case(LSA_POLICY_INFO_AUDIT_FULL_SET)] lsa_AuditFullSetInfo auditfullset; [case(LSA_POLICY_INFO_AUDIT_FULL_QUERY)] lsa_AuditFullQueryInfo auditfullquery; [case(LSA_POLICY_INFO_DNS)] lsa_DnsDomainInfo dns; + [case(LSA_POLICY_INFO_DNS_INT)] lsa_DnsDomainInfo dns; } lsa_PolicyInformation; NTSTATUS lsa_QueryInfoPolicy ( @@ -1009,8 +1013,8 @@ import "misc.idl", "security.idl"; [in,out] lsa_TransSidArray2 *sids, [in] lsa_LookupNamesLevel level, [in,out] uint32 *count, - [in] uint32 unknown1, - [in] uint32 unknown2 + [in] uint32 lookup_options, + [in] uint32 client_revision /* LSA_CLIENT_REVISION* */ ); /* Function 0x3b */ @@ -1068,8 +1072,8 @@ import "misc.idl", "security.idl"; [in,out] lsa_TransSidArray3 *sids, [in] lsa_LookupNamesLevel level, [in,out] uint32 *count, - [in] uint32 unknown1, - [in] uint32 unknown2 + [in] uint32 lookup_options, + [in] uint32 client_revision /* LSA_CLIENT_REVISION* */ ); /* Function 0x45 */ @@ -1148,6 +1152,11 @@ import "misc.idl", "security.idl"; [in] uint32 unknown2 ); + const int LSA_CLIENT_REVISION_NO_DNS = 0x00000001; + const int LSA_CLIENT_REVISION_DNS = 0x00000002; + + const int LSA_LOOKUP_OPTIONS_NO_ISOLATED = 0x80000000; + /* Function 0x4d */ NTSTATUS lsa_LookupNames4( [in,range(0,1000)] uint32 num_names, @@ -1156,8 +1165,8 @@ import "misc.idl", "security.idl"; [in,out] lsa_TransSidArray3 *sids, [in] lsa_LookupNamesLevel level, [in,out] uint32 *count, - [in] uint32 unknown1, - [in] uint32 unknown2 + [in] uint32 lookup_options, + [in] uint32 client_revision /* LSA_CLIENT_REVISION* */ ); /* Function 0x4e */ diff --git a/source4/librpc/idl/netlogon.idl b/source4/librpc/idl/netlogon.idl index 8a36922fdd..22e90878e7 100644 --- a/source4/librpc/idl/netlogon.idl +++ b/source4/librpc/idl/netlogon.idl @@ -1100,6 +1100,16 @@ interface netlogon /****************/ /* Function 0x1d */ + typedef [bitmap32bit] bitmap { + NETR_TRUST_FLAG_IN_FOREST = 0x00000001, + NETR_TRUST_FLAG_OUTBOUND = 0x00000002, + NETR_TRUST_FLAG_TREEROOT = 0x00000004, + NETR_TRUST_FLAG_PRIMARY = 0x00000008, + NETR_TRUST_FLAG_NATIVE = 0x00000010, + NETR_TRUST_FLAG_INBOUND = 0x00000020, + NETR_TRUST_FLAG_MIT_KRB5 = 0x00000080, + NETR_TRUST_FLAG_AES = 0x00000100 + } netr_TrustFlags; typedef [flag(NDR_PAHEX)] struct { uint16 length; @@ -1127,26 +1137,61 @@ interface netlogon [case(2)] netr_DomainQuery1 *query1; } netr_DomainQuery; + typedef struct { + /* these first 3 values come from the fact windows + actually encodes this structure as a UNICODE_STRING + - see MS-NRPC section 2.2.1.3.9 */ + [value(8)] uint32 length; + [value(0)] uint32 dummy; + [value(8)] uint32 size; + netr_TrustFlags flags; + uint32 parent_index; + uint32 trust_type; + uint32 trust_attributes; + } netr_trust_extension; + + typedef struct { + uint16 length; /* value is 16 when info != NULL, otherwise 0 */ + [value(length)] uint16 size; /* value is 16 when info != NULL, otherwise 0 */ + netr_trust_extension *info; + } netr_trust_extension_container; + typedef struct { lsa_String domainname; lsa_String fulldomainname; lsa_String forest; GUID guid; dom_sid2 *sid; - netr_BinaryString unknown1[4]; - uint32 unknown[4]; + netr_trust_extension_container trust_extension; + lsa_String dummystring[3]; + uint32 dummy[4]; } netr_DomainTrustInfo; + typedef struct { + uint32 policy_size; + [size_is(policy_size)] uint8 *policy; + } netr_LsaPolicyInfo; + + typedef [public,bitmap32bit] bitmap { + NETR_WS_FLAG_HANDLES_INBOUND_TRUSTS = 0x00000001, + NETR_WS_FLAG_HANDLES_SPN_UPDATE = 0x00000002 + } netr_WorkstationFlags; + typedef struct { netr_DomainTrustInfo domaininfo; uint32 num_trusts; [size_is(num_trusts)] netr_DomainTrustInfo *trusts; - uint32 unknown[14]; /* room for expansion? */ + netr_LsaPolicyInfo lsa_policy; + lsa_String dns_hostname; + lsa_String dummystring[3]; + netr_WorkstationFlags workstation_flags; + uint32 supported_enc_types; + uint32 dummy[2]; } netr_DomainInfo1; typedef union { [case(1)] netr_DomainInfo1 *info1; - [case(2)] netr_DomainInfo1 *info1; + [case(2)] netr_DomainInfo1 *info2; } netr_DomainInfo; NTSTATUS netr_LogonGetDomainInfo( @@ -1230,14 +1275,6 @@ interface netlogon /****************/ /* Function 0x24 */ - typedef [bitmap32bit] bitmap { - NETR_TRUST_FLAG_IN_FOREST = 0x00000001, - NETR_TRUST_FLAG_OUTBOUND = 0x00000002, - NETR_TRUST_FLAG_TREEROOT = 0x00000004, - NETR_TRUST_FLAG_PRIMARY = 0x00000008, - NETR_TRUST_FLAG_NATIVE = 0x00000010, - NETR_TRUST_FLAG_INBOUND = 0x00000020 - } netr_TrustFlags; typedef [v1_enum] enum { NETR_TRUST_TYPE_DOWNLEVEL = 1, diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c index 7b15241b96..5e3be84cc5 100644 --- a/source4/rpc_server/lsa/dcesrv_lsa.c +++ b/source4/rpc_server/lsa/dcesrv_lsa.c @@ -1,3 +1,5 @@ +/* need access mask/acl implementation */ + /* Unix SMB/CIFS implementation. @@ -141,7 +143,8 @@ static NTSTATUS dcesrv_lsa_DeleteObject(struct dcesrv_call_state *dce_call, TALL return NT_STATUS_OK; } else if (h->wire_handle.handle_type == LSA_HANDLE_TRUSTED_DOMAIN) { - struct lsa_trusted_domain_state *trusted_domain_state = h->data; + struct lsa_trusted_domain_state *trusted_domain_state = + talloc_get_type(h->data, struct lsa_trusted_domain_state); ret = ldb_transaction_start(trusted_domain_state->policy->sam_ldb); if (ret != 0) { return NT_STATUS_INTERNAL_DB_CORRUPTION; @@ -187,6 +190,9 @@ static NTSTATUS dcesrv_lsa_DeleteObject(struct dcesrv_call_state *dce_call, TALL r2.in.sid = astate->account_sid; r2.out.rights = rights; + /* dcesrv_lsa_EnumAccountRights takes a LSA_HANDLE_POLICY, + but we have a LSA_HANDLE_ACCOUNT here, so this call + will always fail */ status = dcesrv_lsa_EnumAccountRights(dce_call, mem_ctx, &r2); if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) { return NT_STATUS_OK; @@ -444,18 +450,46 @@ static NTSTATUS dcesrv_lsa_QueryInfoPolicy2(struct dcesrv_call_state *dce_call, ZERO_STRUCTP(r->out.info); switch (r->in.level) { + case LSA_POLICY_INFO_AUDIT_LOG: + /* we don't need to fill in any of this */ + ZERO_STRUCT(r->out.info->audit_log); + return NT_STATUS_OK; + case LSA_POLICY_INFO_AUDIT_EVENTS: + /* we don't need to fill in any of this */ + ZERO_STRUCT(r->out.info->audit_events); + return NT_STATUS_OK; + case LSA_POLICY_INFO_PD: + /* we don't need to fill in any of this */ + ZERO_STRUCT(r->out.info->pd); + return NT_STATUS_OK; case LSA_POLICY_INFO_DOMAIN: case LSA_POLICY_INFO_ACCOUNT_DOMAIN: return dcesrv_lsa_info_AccountDomain(state, mem_ctx, &r->out.info->account_domain); + case LSA_POLICY_INFO_ROLE: + r->out.info->role.role = LSA_ROLE_PRIMARY; + return NT_STATUS_OK; case LSA_POLICY_INFO_DNS: + case LSA_POLICY_INFO_DNS_INT: return dcesrv_lsa_info_DNS(state, mem_ctx, &r->out.info->dns); - case LSA_POLICY_INFO_DB: + + case LSA_POLICY_INFO_REPLICA: + ZERO_STRUCT(r->out.info->replica); + return NT_STATUS_OK; + + case LSA_POLICY_INFO_QUOTA: + ZERO_STRUCT(r->out.info->quota); + return NT_STATUS_OK; + case LSA_POLICY_INFO_AUDIT_FULL_SET: + case LSA_POLICY_INFO_DB: case LSA_POLICY_INFO_AUDIT_FULL_QUERY: + /* windows gives INVALID_PARAMETER */ + r->out.info = NULL; return NT_STATUS_INVALID_PARAMETER; } + r->out.info = NULL; return NT_STATUS_INVALID_INFO_CLASS; } @@ -468,6 +502,8 @@ static NTSTATUS dcesrv_lsa_QueryInfoPolicy(struct dcesrv_call_state *dce_call, T struct lsa_QueryInfoPolicy2 r2; NTSTATUS status; + ZERO_STRUCT(r2); + r2.in.handle = r->in.handle; r2.in.level = r->in.level; @@ -484,6 +520,7 @@ static NTSTATUS dcesrv_lsa_QueryInfoPolicy(struct dcesrv_call_state *dce_call, T static NTSTATUS dcesrv_lsa_SetInfoPolicy(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct lsa_SetInfoPolicy *r) { + /* need to support this */ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); } @@ -502,6 +539,13 @@ static NTSTATUS dcesrv_lsa_ClearAuditLog(struct dcesrv_call_state *dce_call, TAL lsa_CreateAccount This call does not seem to have any long-term effects, hence no database operations + + we need to talk to the MS product group to find out what this account database means! + + answer is that the lsa database is totally separate from the SAM and + ldap databases. We are going to need a separate ldb to store these + accounts. The SIDs on this account bear no relation to the SIDs in + AD */ static NTSTATUS dcesrv_lsa_CreateAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct lsa_CreateAccount *r) @@ -648,7 +692,7 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc dns_name = r->in.info->domain_name.string; - trusted_domain_state = talloc(mem_ctx, struct lsa_trusted_domain_state); + trusted_domain_state = talloc_zero(mem_ctx, struct lsa_trusted_domain_state); if (!trusted_domain_state) { return NT_STATUS_NO_MEMORY; } @@ -1004,7 +1048,7 @@ static NTSTATUS dcesrv_lsa_OpenTrustedDomain(struct dcesrv_call_state *dce_call, ZERO_STRUCTP(r->out.trustdom_handle); policy_state = policy_handle->data; - trusted_domain_state = talloc(mem_ctx, struct lsa_trusted_domain_state); + trusted_domain_state = talloc_zero(mem_ctx, struct lsa_trusted_domain_state); if (!trusted_domain_state) { return NT_STATUS_NO_MEMORY; } @@ -1088,7 +1132,7 @@ static NTSTATUS dcesrv_lsa_OpenTrustedDomainByName(struct dcesrv_call_state *dce return NT_STATUS_INVALID_PARAMETER; } - trusted_domain_state = talloc(mem_ctx, struct lsa_trusted_domain_state); + trusted_domain_state = talloc_zero(mem_ctx, struct lsa_trusted_domain_state); if (!trusted_domain_state) { return NT_STATUS_NO_MEMORY; } @@ -1228,7 +1272,7 @@ static NTSTATUS dcesrv_lsa_QueryTrustedDomainInfo(struct dcesrv_call_state *dce_ DCESRV_PULL_HANDLE(h, r->in.trustdom_handle, LSA_HANDLE_TRUSTED_DOMAIN); - trusted_domain_state = h->data; + trusted_domain_state = talloc_get_type(h->data, struct lsa_trusted_domain_state); /* pull all the user attributes */ ret = gendb_search_dn(trusted_domain_state->policy->sam_ldb, mem_ctx, @@ -2786,6 +2830,7 @@ static NTSTATUS dcesrv_lsa_SetInfoPolicy2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct lsa_SetInfoPolicy2 *r) { + /* need to support these */ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); } diff --git a/source4/rpc_server/lsa/lsa_lookup.c b/source4/rpc_server/lsa/lsa_lookup.c index 0ffb0572ee..2375a6d27a 100644 --- a/source4/rpc_server/lsa/lsa_lookup.c +++ b/source4/rpc_server/lsa/lsa_lookup.c @@ -525,8 +525,19 @@ NTSTATUS dcesrv_lsa_LookupSids2(struct dcesrv_call_state *dce_call, int i; NTSTATUS status = NT_STATUS_OK; + if (r->in.level < LSA_LOOKUP_NAMES_ALL || + r->in.level > LSA_LOOKUP_NAMES_RODC_REFERRAL_TO_FULL_DC) { + return NT_STATUS_INVALID_PARAMETER; + } + r->out.domains = NULL; + /* NOTE: the WSPP test suite tries SIDs with invalid revision numbers, + and expects NT_STATUS_INVALID_PARAMETER back - we just treat it as + an unknown SID. We could add a SID validator here. (tridge) + MS-DTYP 2.4.2 + */ + status = dcesrv_lsa_get_policy_state(dce_call, mem_ctx, &state); if (!NT_STATUS_IS_OK(status)) { return status; @@ -583,7 +594,7 @@ NTSTATUS dcesrv_lsa_LookupSids2(struct dcesrv_call_state *dce_call, authority_name, sid, r->out.domains, &sid_index); if (!NT_STATUS_IS_OK(status2)) { - return status2; + continue; } r->out.names->names[i].sid_type = rtype; @@ -683,9 +694,8 @@ NTSTATUS dcesrv_lsa_LookupSids(struct dcesrv_call_state *dce_call, TALLOC_CTX *m r2.out.names = NULL; status = dcesrv_lsa_LookupSids2(dce_call, mem_ctx, &r2); - if (NT_STATUS_IS_ERR(status)) { - return status; - } + /* we deliberately don't check for error from the above, + as even on error we are supposed to return the names */ r->out.domains = r2.out.domains; if (!r2.out.names) { @@ -727,6 +737,11 @@ NTSTATUS dcesrv_lsa_LookupNames3(struct dcesrv_call_state *dce_call, DCESRV_PULL_HANDLE(policy_handle, r->in.handle, LSA_HANDLE_POLICY); + if (r->in.level < LSA_LOOKUP_NAMES_ALL || + r->in.level > LSA_LOOKUP_NAMES_RODC_REFERRAL_TO_FULL_DC) { + return NT_STATUS_INVALID_PARAMETER; + } + policy_state = policy_handle->data; r->out.domains = NULL; @@ -830,10 +845,11 @@ NTSTATUS dcesrv_lsa_LookupNames4(struct dcesrv_call_state *dce_call, TALLOC_CTX r2.in.num_names = r->in.num_names; r2.in.names = r->in.names; + r2.in.level = r->in.level; r2.in.sids = r->in.sids; r2.in.count = r->in.count; - r2.in.unknown1 = r->in.unknown1; - r2.in.unknown2 = r->in.unknown2; + r2.in.lookup_options = r->in.lookup_options; + r2.in.client_revision = r->in.client_revision; r2.out.domains = r->out.domains; r2.out.sids = r->out.sids; r2.out.count = r->out.count; @@ -952,8 +968,8 @@ NTSTATUS dcesrv_lsa_LookupNames(struct dcesrv_call_state *dce_call, TALLOC_CTX * r2.in.sids = NULL; r2.in.level = r->in.level; r2.in.count = r->in.count; - r2.in.unknown1 = 0; - r2.in.unknown2 = 0; + r2.in.lookup_options = 0; + r2.in.client_revision = 0; r2.out.count = r->out.count; status = dcesrv_lsa_LookupNames2(dce_call, mem_ctx, &r2); diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index cceb2a62ac..beb1c4eb06 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -36,6 +36,7 @@ #include "param/param.h" #include "lib/messaging/irpc.h" #include "librpc/gen_ndr/ndr_irpc.h" +#include "librpc/gen_ndr/ndr_netlogon.h" struct server_pipe_state { struct netr_Credential client_challenge; @@ -898,20 +899,36 @@ static NTSTATUS fill_domain_trust_info(TALLOC_CTX *mem_ctx, struct ldb_message *res, struct ldb_message *ref_res, struct netr_DomainTrustInfo *info, - bool is_local) + bool is_local, bool is_trust_list) { ZERO_STRUCTP(info); + info->trust_extension.info = talloc_zero(mem_ctx, struct netr_trust_extension); + info->trust_extension.length = 16; + info->trust_extension.info->flags = + NETR_TRUST_FLAG_TREEROOT | + NETR_TRUST_FLAG_IN_FOREST | + NETR_TRUST_FLAG_PRIMARY; + info->trust_extension.info->parent_index = 0; /* should be index into array + of parent */ + info->trust_extension.info->trust_type = LSA_TRUST_TYPE_UPLEVEL; /* should be based on ldb search for trusts */ + info->trust_extension.info->trust_attributes = LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE; /* needs to be based on ldb search */ + + if (is_trust_list) { + /* MS-NRPC 3.5.4.3.9 - must be set to NULL for trust list */ + info->forest.string = NULL; + } else { + info->forest.string = "bludom.tridgell.net"; /* need ldb search */ + } + if (is_local) { info->domainname.string = samdb_result_string(ref_res, "nETBIOSName", NULL); info->fulldomainname.string = samdb_result_string(ref_res, "dnsRoot", NULL); - info->forest.string = NULL; info->guid = samdb_result_guid(res, "objectGUID"); info->sid = samdb_result_dom_sid(mem_ctx, res, "objectSid"); } else { info->domainname.string = samdb_result_string(res, "flatName", NULL); info->fulldomainname.string = samdb_result_string(res, "trustPartner", NULL); - info->forest.string = NULL; info->guid = samdb_result_guid(res, "objectGUID"); info->sid = samdb_result_dom_sid(mem_ctx, res, "securityIdentifier"); } @@ -942,11 +959,16 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal const char *local_domain; + NDR_PRINT_IN_DEBUG(netr_LogonGetDomainInfo, r); + status = dcesrv_netr_creds_server_step_check(dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, r->in.computer_name, mem_ctx, r->in.credential, r->out.return_authenticator, NULL); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0,(__location__ " Bad credentials - error\n")); + } NT_STATUS_NOT_OK_RETURN(status); sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, dce_call->conn->auth_state.session_info); @@ -992,19 +1014,29 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal info1->num_trusts); NT_STATUS_HAVE_NO_MEMORY(info1->trusts); - status = fill_domain_trust_info(mem_ctx, res1[0], ref_res[0], &info1->domaininfo, true); + status = fill_domain_trust_info(mem_ctx, res1[0], ref_res[0], &info1->domaininfo, + true, false); NT_STATUS_NOT_OK_RETURN(status); for (i=0;itrusts[i], false); + status = fill_domain_trust_info(mem_ctx, res2[i], NULL, &info1->trusts[i], + false, true); NT_STATUS_NOT_OK_RETURN(status); } - status = fill_domain_trust_info(mem_ctx, res1[0], ref_res[0], &info1->trusts[i], true); + status = fill_domain_trust_info(mem_ctx, res1[0], ref_res[0], &info1->trusts[i], + true, true); NT_STATUS_NOT_OK_RETURN(status); + info1->dns_hostname.string = "blu.bludom.tridgell.net"; + info1->workstation_flags = + NETR_WS_FLAG_HANDLES_INBOUND_TRUSTS | NETR_WS_FLAG_HANDLES_SPN_UPDATE; + info1->supported_enc_types = 0; /* w2008 gives this 0 */ + r->out.info.info1 = info1; + NDR_PRINT_OUT_DEBUG(netr_LogonGetDomainInfo, r); + return NT_STATUS_OK; } diff --git a/source4/torture/ndr/lsa.c b/source4/torture/ndr/lsa.c index a72a03fa38..0d6d786882 100644 --- a/source4/torture/ndr/lsa.c +++ b/source4/torture/ndr/lsa.c @@ -1538,8 +1538,8 @@ static bool lsarlookupnames2_in_check(struct torture_context *tctx, torture_assert_str_equal(tctx, r->in.names[1].string, "Administrators", "names[1]"); torture_assert_int_equal(tctx, r->in.level, 1, "level"); - torture_assert_int_equal(tctx, r->in.unknown1, 0, "unknown 1"); - torture_assert_int_equal(tctx, r->in.unknown2, 0, "unknown 2"); + torture_assert_int_equal(tctx, r->in.lookup_options, 0, "lookup_options"); + torture_assert_int_equal(tctx, r->in.client_revision, 0, "client_revision"); torture_assert_int_equal(tctx, *r->in.count, 0, "count"); torture_assert_int_equal(tctx, r->in.sids->count, 0, "sids count"); torture_assert(tctx, r->in.sids->sids == NULL, "sids sids"); @@ -1637,8 +1637,8 @@ static bool lsarlookupnames3_in_check(struct torture_context *tctx, torture_assert_str_equal(tctx, r->in.names[1].string, "Administrators", "names[1]"); torture_assert_int_equal(tctx, r->in.level, 1, "level"); - torture_assert_int_equal(tctx, r->in.unknown1, 0, "unknown 1"); - torture_assert_int_equal(tctx, r->in.unknown2, 0, "unknown 2"); + torture_assert_int_equal(tctx, r->in.lookup_options, 0, "lookup_options"); + torture_assert_int_equal(tctx, r->in.client_revision, 0, "client_revision"); torture_assert_int_equal(tctx, *r->in.count, 0, "count"); torture_assert_int_equal(tctx, r->in.sids->count, 0, "sids count"); torture_assert(tctx, r->in.sids->sids == NULL, "sids sids"); diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c index 45f67afd69..efbdecab13 100644 --- a/source4/torture/rpc/lsa.c +++ b/source4/torture/rpc/lsa.c @@ -338,8 +338,8 @@ static bool test_LookupNames2(struct dcerpc_pipe *p, r.in.sids = &sids; r.in.level = 1; r.in.count = &count; - r.in.unknown1 = 0; - r.in.unknown2 = 0; + r.in.lookup_options = 0; + r.in.client_revision = 0; r.out.count = &count; r.out.sids = &sids; @@ -383,8 +383,8 @@ static bool test_LookupNames3(struct dcerpc_pipe *p, r.in.sids = &sids; r.in.level = 1; r.in.count = &count; - r.in.unknown1 = 0; - r.in.unknown2 = 0; + r.in.lookup_options = 0; + r.in.client_revision = 0; r.out.count = &count; r.out.sids = &sids; @@ -425,8 +425,8 @@ static bool test_LookupNames4(struct dcerpc_pipe *p, r.in.sids = &sids; r.in.level = 1; r.in.count = &count; - r.in.unknown1 = 0; - r.in.unknown2 = 0; + r.in.lookup_options = 0; + r.in.client_revision = 0; r.out.count = &count; r.out.sids = &sids; @@ -2243,7 +2243,7 @@ static bool test_QueryInfoPolicy(struct dcerpc_pipe *p, bool ret = true; printf("\nTesting QueryInfoPolicy\n"); - for (i=1;i<13;i++) { + for (i=1;i<=13;i++) { r.in.handle = handle; r.in.level = i; @@ -2262,7 +2262,14 @@ static bool test_QueryInfoPolicy(struct dcerpc_pipe *p, break; case LSA_POLICY_INFO_DOMAIN: case LSA_POLICY_INFO_ACCOUNT_DOMAIN: + case LSA_POLICY_INFO_DNS_INT: case LSA_POLICY_INFO_DNS: + case LSA_POLICY_INFO_REPLICA: + case LSA_POLICY_INFO_QUOTA: + case LSA_POLICY_INFO_ROLE: + case LSA_POLICY_INFO_AUDIT_LOG: + case LSA_POLICY_INFO_AUDIT_EVENTS: + case LSA_POLICY_INFO_PD: if (!NT_STATUS_IS_OK(status)) { printf("QueryInfoPolicy failed - %s\n", nt_errstr(status)); ret = false; @@ -2352,7 +2359,14 @@ static bool test_QueryInfoPolicy2(struct dcerpc_pipe *p, break; case LSA_POLICY_INFO_DOMAIN: case LSA_POLICY_INFO_ACCOUNT_DOMAIN: + case LSA_POLICY_INFO_DNS_INT: case LSA_POLICY_INFO_DNS: + case LSA_POLICY_INFO_REPLICA: + case LSA_POLICY_INFO_QUOTA: + case LSA_POLICY_INFO_ROLE: + case LSA_POLICY_INFO_AUDIT_LOG: + case LSA_POLICY_INFO_AUDIT_EVENTS: + case LSA_POLICY_INFO_PD: if (!NT_STATUS_IS_OK(status)) { printf("QueryInfoPolicy2 failed - %s\n", nt_errstr(status)); ret = false; @@ -2458,7 +2472,6 @@ bool torture_rpc_lsa(struct torture_context *tctx) if (!join) { ret = false; } - if (!test_LookupNames_wellknown(p, tctx, handle)) { ret = false; } @@ -2482,7 +2495,6 @@ bool torture_rpc_lsa(struct torture_context *tctx) if (!test_CreateSecret(p, tctx, handle)) { ret = false; } - if (!test_CreateTrustedDomain(p, tctx, handle)) { ret = false; } -- cgit From fe67306fc626333da4f03f6f2a823de9cc2b6cc2 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 5 Oct 2008 08:17:16 +1100 Subject: removed some debug lines I left in the last commit --- source4/rpc_server/netlogon/dcerpc_netlogon.c | 4 ---- 1 file changed, 4 deletions(-) (limited to 'source4') diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index beb1c4eb06..64d0f77303 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -959,8 +959,6 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal const char *local_domain; - NDR_PRINT_IN_DEBUG(netr_LogonGetDomainInfo, r); - status = dcesrv_netr_creds_server_step_check(dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, r->in.computer_name, mem_ctx, r->in.credential, @@ -1035,8 +1033,6 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal r->out.info.info1 = info1; - NDR_PRINT_OUT_DEBUG(netr_LogonGetDomainInfo, r); - return NT_STATUS_OK; } -- cgit From de5edb1d0c0d60b337d2cbb7151db47d31bfa8d4 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 5 Oct 2008 15:48:46 +1100 Subject: remove dependencies on my home domain (in other words, don't do commits in airports) --- source4/rpc_server/netlogon/dcerpc_netlogon.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'source4') diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index 64d0f77303..d5f7d2afae 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -918,7 +918,8 @@ static NTSTATUS fill_domain_trust_info(TALLOC_CTX *mem_ctx, /* MS-NRPC 3.5.4.3.9 - must be set to NULL for trust list */ info->forest.string = NULL; } else { - info->forest.string = "bludom.tridgell.net"; /* need ldb search */ + /* TODO: we need a common function for pulling the forest */ + info->forest.string = samdb_result_string(ref_res, "dnsRoot", NULL); } if (is_local) { @@ -1026,7 +1027,7 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal true, true); NT_STATUS_NOT_OK_RETURN(status); - info1->dns_hostname.string = "blu.bludom.tridgell.net"; + info1->dns_hostname.string = samdb_result_string(ref_res[0], "dnsRoot", NULL); info1->workstation_flags = NETR_WS_FLAG_HANDLES_INBOUND_TRUSTS | NETR_WS_FLAG_HANDLES_SPN_UPDATE; info1->supported_enc_types = 0; /* w2008 gives this 0 */ -- cgit From 9542b2fe60482382459d387294fb92c182f35d64 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 5 Oct 2008 16:09:18 +0200 Subject: Re-enable build of smb_samba3.c after the rename smbd->samba --- source4/smb_server/config.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/smb_server/config.mk b/source4/smb_server/config.mk index 8ed03b17fe..6a1a50ffbf 100644 --- a/source4/smb_server/config.mk +++ b/source4/smb_server/config.mk @@ -13,7 +13,7 @@ $(eval $(call proto_header_template,$(smb_serversrcdir)/service_smb_proto.h,$(SE # [MODULE::SERVICE_SAMBA3_SMB] INIT_FUNCTION = server_service_samba3_smb_init -SUBSYSTEM = smbd +SUBSYSTEM = samba SERVICE_SAMBA3_SMB_OBJ_FILES = $(smb_serversrcdir)/smb_samba3.o -- cgit From 1a228b442e9382167872fb863529001ac71d7567 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 5 Oct 2008 20:47:00 +0200 Subject: smbd3 is unhappy if stderr is not open --- source4/smb_server/smb_samba3.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/smb_server/smb_samba3.c b/source4/smb_server/smb_samba3.c index 7b3229892f..259d29039d 100644 --- a/source4/smb_server/smb_samba3.c +++ b/source4/smb_server/smb_samba3.c @@ -52,7 +52,8 @@ static void samba3_smb_accept(struct stream_connection *conn) close(1); dup2(fd, 0); dup2(fd, 1); - for (i=2;i<256;i++) { + dup2(fd, 2); + for (i=3;i<256;i++) { close(i); } -- cgit From 999b69d176a967aad8b6a871632d1869757181aa Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 1 Oct 2008 02:27:09 +0200 Subject: s4:gensec: pass down want_features to the spnego backend mech metze --- source4/auth/gensec/gensec.c | 8 +++++++- source4/auth/gensec/gensec.h | 2 ++ source4/auth/gensec/spnego.c | 15 +++++++++++++++ 3 files changed, 24 insertions(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/auth/gensec/gensec.c b/source4/auth/gensec/gensec.c index 0edb34d740..5d57383d2a 100644 --- a/source4/auth/gensec/gensec.c +++ b/source4/auth/gensec/gensec.c @@ -490,6 +490,7 @@ static NTSTATUS gensec_start(TALLOC_CTX *mem_ctx, NT_STATUS_HAVE_NO_MEMORY(*gensec_security); (*gensec_security)->ops = NULL; + (*gensec_security)->private_data = NULL; ZERO_STRUCT((*gensec_security)->target); ZERO_STRUCT((*gensec_security)->peer_addr); @@ -525,6 +526,7 @@ _PUBLIC_ NTSTATUS gensec_subcontext_start(TALLOC_CTX *mem_ctx, (*gensec_security)->private_data = NULL; (*gensec_security)->subcontext = true; + (*gensec_security)->want_features = parent->want_features; (*gensec_security)->event_ctx = parent->event_ctx; (*gensec_security)->msg_ctx = parent->msg_ctx; (*gensec_security)->lp_ctx = parent->lp_ctx; @@ -1015,7 +1017,11 @@ _PUBLIC_ NTSTATUS gensec_update_recv(struct gensec_update_request *req, TALLOC_C _PUBLIC_ void gensec_want_feature(struct gensec_security *gensec_security, uint32_t feature) { - gensec_security->want_features |= feature; + if (!gensec_security->ops || !gensec_security->ops->want_feature) { + gensec_security->want_features |= feature; + return; + } + gensec_security->ops->want_feature(gensec_security, feature); } /** diff --git a/source4/auth/gensec/gensec.h b/source4/auth/gensec/gensec.h index 84fc26d127..0b31882ddd 100644 --- a/source4/auth/gensec/gensec.h +++ b/source4/auth/gensec/gensec.h @@ -133,6 +133,8 @@ struct gensec_security_ops { NTSTATUS (*session_key)(struct gensec_security *gensec_security, DATA_BLOB *session_key); NTSTATUS (*session_info)(struct gensec_security *gensec_security, struct auth_session_info **session_info); + void (*want_feature)(struct gensec_security *gensec_security, + uint32_t feature); bool (*have_feature)(struct gensec_security *gensec_security, uint32_t feature); bool enabled; diff --git a/source4/auth/gensec/spnego.c b/source4/auth/gensec/spnego.c index 1855e0583d..bf991616bd 100644 --- a/source4/auth/gensec/spnego.c +++ b/source4/auth/gensec/spnego.c @@ -1094,6 +1094,20 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA return NT_STATUS_INVALID_PARAMETER; } +static void gensec_spnego_want_feature(struct gensec_security *gensec_security, + uint32_t feature) +{ + struct spnego_state *spnego_state = (struct spnego_state *)gensec_security->private_data; + + if (!spnego_state || !spnego_state->sub_sec_security) { + gensec_security->want_features |= feature; + return; + } + + gensec_want_feature(spnego_state->sub_sec_security, + feature); +} + static bool gensec_spnego_have_feature(struct gensec_security *gensec_security, uint32_t feature) { @@ -1133,6 +1147,7 @@ static const struct gensec_security_ops gensec_spnego_security_ops = { .unwrap_packets = gensec_spnego_unwrap_packets, .session_key = gensec_spnego_session_key, .session_info = gensec_spnego_session_info, + .want_feature = gensec_spnego_want_feature, .have_feature = gensec_spnego_have_feature, .enabled = true, .priority = GENSEC_SPNEGO -- cgit From 9e492b1ba2ccf2d7c62ef7295b33260687e3aeae Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 6 Oct 2008 19:39:53 +0200 Subject: s4:rpc_server: tell the gensec layer that we want to do header signing Note: header signing is still off by default, as the gensec backends don't support it together with seal yet. metze --- source4/rpc_server/dcesrv_auth.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source4') diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/dcesrv_auth.c index 52d5631cfd..bef7e4be78 100644 --- a/source4/rpc_server/dcesrv_auth.c +++ b/source4/rpc_server/dcesrv_auth.c @@ -95,6 +95,10 @@ bool dcesrv_auth_bind(struct dcesrv_call_state *call) return false; } + if (call->conn->state_flags & DCESRV_CALL_STATE_FLAG_HEADER_SIGNING) { + gensec_want_feature(auth->gensec_security, GENSEC_FEATURE_SIGN_PKT_HEADER); + } + return true; } -- cgit From c412a930ad19da866503e6d8ccb71fb3191fc6d2 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 3 Oct 2008 16:25:59 -0700 Subject: Fix Domain Trust creation with Windows 2008 (and many other tools) A dITConentRules attribute (unlike objectClasses) must not contain a 'SUP'. The ADSI layer in Windows would download the whole schema, and validate it. Thanks to the team at Microsoft for very long debugging session to find this. Andrew Bartlett --- source4/dsdb/schema/schema_description.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/dsdb/schema/schema_description.c b/source4/dsdb/schema/schema_description.c index 6884c5284e..e152f44b97 100644 --- a/source4/dsdb/schema/schema_description.c +++ b/source4/dsdb/schema/schema_description.c @@ -309,7 +309,11 @@ char *schema_class_to_dITContentRule(TALLOC_CTX *mem_ctx, const struct dsdb_clas class->lDAPDisplayName, (const char **)aux_class_list, NULL, - class->subClassOf, + NULL, /* Must not specify a + * SUP (subclass) in + * ditContentRules + * per MS-ADTS + * 3.1.1.3.1.1.1 */ -1, must_attr_list, may_attr_list); talloc_free(tmp_ctx); return schema_description; -- cgit From 7d9f18609b25463d306c0c150fe0da7f065860fd Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 3 Oct 2008 16:36:04 -0700 Subject: Remove DESCRIPTION from generated schema lines. This is not permitted in the AD aggregate schema, and more trouble than it is worth in the OpenLDAP schema due to escaping issues. Andrew Bartlett --- source4/dsdb/schema/schema_description.c | 21 +-------------------- source4/utils/ad2oLschema.c | 14 ++++++++++---- 2 files changed, 11 insertions(+), 24 deletions(-) (limited to 'source4') diff --git a/source4/dsdb/schema/schema_description.c b/source4/dsdb/schema/schema_description.c index e152f44b97..c3c37b4653 100644 --- a/source4/dsdb/schema/schema_description.c +++ b/source4/dsdb/schema/schema_description.c @@ -33,7 +33,6 @@ char *schema_attribute_description(TALLOC_CTX *mem_ctx, const char *seperator, const char *oid, const char *name, - const char *description, const char *equality, const char *substring, const char *syntax, @@ -46,15 +45,6 @@ char *schema_attribute_description(TALLOC_CTX *mem_ctx, "NAME '%s'%s", name, seperator); IF_NULL_FAIL_RET(schema_entry); - if (description) { -#if 0 - /* Need a way to escape ' characters from the description */ - schema_entry = talloc_asprintf_append(schema_entry, - "DESC '%s'%s", description, seperator); - IF_NULL_FAIL_RET(schema_entry); -#endif - } - if (equality) { schema_entry = talloc_asprintf_append(schema_entry, "EQUALITY %s%s", equality, seperator); @@ -104,7 +94,7 @@ char *schema_attribute_to_description(TALLOC_CTX *mem_ctx, const struct dsdb_att " ", attribute->attributeID_oid, attribute->lDAPDisplayName, - NULL, NULL, NULL, talloc_asprintf(tmp_ctx, "'%s'", syntax), + NULL, NULL, talloc_asprintf(tmp_ctx, "'%s'", syntax), attribute->isSingleValued, attribute->systemOnly); talloc_free(tmp_ctx); @@ -149,7 +139,6 @@ char *schema_class_description(TALLOC_CTX *mem_ctx, const char *oid, const char *name, const char **auxillary_classes, - const char *description, const char *subClassOf, int objectClassCategory, char **must, @@ -164,12 +153,6 @@ char *schema_class_description(TALLOC_CTX *mem_ctx, "NAME '%s'%s", name, seperator); IF_NULL_FAIL_RET(schema_entry); - if (description) { - schema_entry = talloc_asprintf_append(schema_entry, - "DESC '%s'%s", description, seperator); - IF_NULL_FAIL_RET(schema_entry); - } - if (auxillary_classes) { schema_entry = talloc_asprintf_append(schema_entry, "AUX ( "); @@ -262,7 +245,6 @@ char *schema_class_to_description(TALLOC_CTX *mem_ctx, const struct dsdb_class * " ", class->governsID_oid, class->lDAPDisplayName, - NULL, NULL, class->subClassOf, class->objectClassCategory, @@ -308,7 +290,6 @@ char *schema_class_to_dITContentRule(TALLOC_CTX *mem_ctx, const struct dsdb_clas class->governsID_oid, class->lDAPDisplayName, (const char **)aux_class_list, - NULL, NULL, /* Must not specify a * SUP (subclass) in * ditContentRules diff --git a/source4/utils/ad2oLschema.c b/source4/utils/ad2oLschema.c index 3c2ffe7a00..c579112b45 100644 --- a/source4/utils/ad2oLschema.c +++ b/source4/utils/ad2oLschema.c @@ -221,7 +221,6 @@ static struct schema_conv process_convert(struct ldb_context *ldb, enum dsdb_sch for (attribute=schema->attributes; attribute; attribute = attribute->next) { const char *name = attribute->lDAPDisplayName; - const char *description = attribute->adminDescription; const char *oid = attribute->attributeID_oid; const char *syntax = attribute->attributeSyntax_oid; const char *equality = NULL, *substring = NULL; @@ -270,7 +269,16 @@ static struct schema_conv process_convert(struct ldb_context *ldb, enum dsdb_sch } } - schema_entry = schema_attribute_description(mem_ctx, target, seperator, oid, name, description, equality, substring, syntax, single_value, false); + schema_entry = schema_attribute_description(mem_ctx, + target, + seperator, + oid, + name, + equality, + substring, + syntax, + single_value, + false); if (schema_entry == NULL) { ret.failures++; @@ -291,7 +299,6 @@ static struct schema_conv process_convert(struct ldb_context *ldb, enum dsdb_sch /* This is already sorted to have 'top' and similar classes first */ for (objectclass=schema->classes; objectclass; objectclass = objectclass->next) { const char *name = objectclass->lDAPDisplayName; - const char *description = objectclass->adminDescription; const char *oid = objectclass->governsID_oid; const char *subClassOf = objectclass->subClassOf; int objectClassCategory = objectclass->objectClassCategory; @@ -356,7 +363,6 @@ static struct schema_conv process_convert(struct ldb_context *ldb, enum dsdb_sch oid, name, NULL, - description, subClassOf, objectClassCategory, must, -- cgit From c0240d78351e489c5aca7e729aac045157080088 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 4 Oct 2008 10:25:46 -0700 Subject: Remove compleatly bogus rename test in partitions module. --- source4/dsdb/samdb/ldb_modules/partition.c | 17 ----------------- 1 file changed, 17 deletions(-) (limited to 'source4') diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index 8e4483a78e..b452b66d56 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -589,7 +589,6 @@ static int partition_delete(struct ldb_module *module, struct ldb_request *req) /* rename */ static int partition_rename(struct ldb_module *module, struct ldb_request *req) { - int i, matched = -1; /* Find backend */ struct dsdb_control_current_partition *backend, *backend2; @@ -619,22 +618,6 @@ static int partition_rename(struct ldb_module *module, struct ldb_request *req) return LDB_ERR_AFFECTS_MULTIPLE_DSAS; } - for (i=0; data && data->partitions && data->partitions[i]; i++) { - if (ldb_dn_compare_base(data->partitions[i]->dn, req->op.rename.olddn) == 0) { - matched = i; - } - } - - if (matched > 0) { - ldb_asprintf_errstring(module->ldb, - "Cannot rename from %s to %s, subtree rename would cross partition %s: %s", - ldb_dn_get_linearized(req->op.rename.olddn), - ldb_dn_get_linearized(req->op.rename.newdn), - ldb_dn_get_linearized(data->partitions[matched]->dn), - ldb_strerror(LDB_ERR_AFFECTS_MULTIPLE_DSAS)); - return LDB_ERR_AFFECTS_MULTIPLE_DSAS; - } - return partition_replicate(module, req, req->op.rename.olddn); } -- cgit From 8256717c766fb8e145c2f4b5acb3502f4d7c57d9 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 30 Sep 2008 14:24:58 -0700 Subject: Implement 'type unknown' names in the CrackNames code. This guesses the type by running each of the possible options. Andrew Bartlett --- source4/dsdb/samdb/cracknames.c | 58 ++++++++++++++++++++++++++------ source4/librpc/idl/drsuapi.idl | 2 +- source4/torture/rpc/drsuapi_cracknames.c | 1 + 3 files changed, 50 insertions(+), 11 deletions(-) (limited to 'source4') diff --git a/source4/dsdb/samdb/cracknames.c b/source4/dsdb/samdb/cracknames.c index e02e8d81a6..ca87159c58 100644 --- a/source4/dsdb/samdb/cracknames.c +++ b/source4/dsdb/samdb/cracknames.c @@ -356,15 +356,7 @@ WERROR DsCrackNameOneName(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx, const char *result_filter = NULL; struct ldb_dn *name_dn = NULL; - struct smb_krb5_context *smb_krb5_context; - ret = smb_krb5_init_context(mem_ctx, - ldb_get_event_context(sam_ctx), - (struct loadparm_context *)ldb_get_opaque(sam_ctx, "loadparm"), - &smb_krb5_context); - - if (ret) { - return WERR_NOMEM; - } + struct smb_krb5_context *smb_krb5_context = NULL; info1->status = DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR; info1->dns_domain_name = NULL; @@ -380,6 +372,30 @@ WERROR DsCrackNameOneName(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx, /* here we need to set the domain_filter and/or the result_filter */ switch (format_offered) { + case DRSUAPI_DS_NAME_FORMAT_UNKNOWN: + { + int i; + enum drsuapi_DsNameFormat formats[] = { + DRSUAPI_DS_NAME_FORMAT_FQDN_1779, DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL, + DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT, DRSUAPI_DS_NAME_FORMAT_CANONICAL, + DRSUAPI_DS_NAME_FORMAT_GUID, DRSUAPI_DS_NAME_FORMAT_DISPLAY, + DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL, + DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY, + DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX + }; + WERROR werr; + for (i=0; i < ARRAY_SIZE(formats); i++) { + werr = DsCrackNameOneName(sam_ctx, mem_ctx, format_flags, formats[i], format_desired, name, info1); + if (!W_ERROR_IS_OK(werr)) { + return werr; + } + if (info1->status != DRSUAPI_DS_NAME_STATUS_NOT_FOUND) { + return werr; + } + } + return werr; + } + case DRSUAPI_DS_NAME_FORMAT_CANONICAL: case DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX: { @@ -534,6 +550,16 @@ WERROR DsCrackNameOneName(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx, case DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL: { krb5_principal principal; char *unparsed_name; + + ret = smb_krb5_init_context(mem_ctx, + ldb_get_event_context(sam_ctx), + (struct loadparm_context *)ldb_get_opaque(sam_ctx, "loadparm"), + &smb_krb5_context); + + if (ret) { + return WERR_NOMEM; + } + ret = krb5_parse_name(smb_krb5_context->krb5_context, name, &principal); if (ret) { info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND; @@ -560,6 +586,16 @@ WERROR DsCrackNameOneName(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx, krb5_principal principal; char *unparsed_name_short; char *service; + + ret = smb_krb5_init_context(mem_ctx, + ldb_get_event_context(sam_ctx), + (struct loadparm_context *)ldb_get_opaque(sam_ctx, "loadparm"), + &smb_krb5_context); + + if (ret) { + return WERR_NOMEM; + } + ret = krb5_parse_name(smb_krb5_context->krb5_context, name, &principal); if (ret == 0 && principal->name.name_string.len < 2) { info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND; @@ -1265,7 +1301,7 @@ NTSTATUS crack_auto_name_to_nt4_name(TALLOC_CTX *mem_ctx, const char **nt4_domain, const char **nt4_account) { - uint32_t format_offered = DRSUAPI_DS_NAME_FORMAT_UKNOWN; + uint32_t format_offered = DRSUAPI_DS_NAME_FORMAT_UNKNOWN; /* Handle anonymous bind */ if (!name || !*name) { @@ -1282,6 +1318,8 @@ NTSTATUS crack_auto_name_to_nt4_name(TALLOC_CTX *mem_ctx, format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT; } else if (strchr_m(name, '/')) { format_offered = DRSUAPI_DS_NAME_FORMAT_CANONICAL; + } else { + return NT_STATUS_NO_SUCH_USER; } return crack_name_to_nt4_name(mem_ctx, ev_ctx, lp_ctx, format_offered, name, nt4_domain, nt4_account); diff --git a/source4/librpc/idl/drsuapi.idl b/source4/librpc/idl/drsuapi.idl index 76858b2d5c..a41bc9cf19 100644 --- a/source4/librpc/idl/drsuapi.idl +++ b/source4/librpc/idl/drsuapi.idl @@ -877,7 +877,7 @@ interface drsuapi } drsuapi_DsNameFlags; typedef [v1_enum] enum { - DRSUAPI_DS_NAME_FORMAT_UKNOWN = 0, + DRSUAPI_DS_NAME_FORMAT_UNKNOWN = 0, DRSUAPI_DS_NAME_FORMAT_FQDN_1779 = 1, DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT = 2, DRSUAPI_DS_NAME_FORMAT_DISPLAY = 3, diff --git a/source4/torture/rpc/drsuapi_cracknames.c b/source4/torture/rpc/drsuapi_cracknames.c index fbda69df57..a9a614953d 100644 --- a/source4/torture/rpc/drsuapi_cracknames.c +++ b/source4/torture/rpc/drsuapi_cracknames.c @@ -39,6 +39,7 @@ static bool test_DsCrackNamesMatrix(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, bool ret = true; struct drsuapi_DsCrackNames r; enum drsuapi_DsNameFormat formats[] = { + DRSUAPI_DS_NAME_FORMAT_UNKNOWN, DRSUAPI_DS_NAME_FORMAT_FQDN_1779, DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT, DRSUAPI_DS_NAME_FORMAT_DISPLAY, -- cgit From 8cdb3ebe27814629cb17d2a438c89780c5cecfdf Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 1 Oct 2008 13:10:11 -0700 Subject: Clarify use of manual parsers in trustInOutBlob (drsblobs.idl) --- source4/librpc/idl/drsblobs.idl | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'source4') diff --git a/source4/librpc/idl/drsblobs.idl b/source4/librpc/idl/drsblobs.idl index 31fe8a359e..4274d2000a 100644 --- a/source4/librpc/idl/drsblobs.idl +++ b/source4/librpc/idl/drsblobs.idl @@ -409,21 +409,23 @@ interface drsblobs { [size_is(1)] AuthenticationInformation array[]; } AuthenticationInformationArray; + /* This is nopull,nopush because we pass count down to the + * manual parser of AuthenticationInformationArray */ typedef [public,nopull,nopush,noprint,gensize] struct { uint32 count; [relative] AuthenticationInformationArray *current; [relative] AuthenticationInformationArray *previous; } trustAuthInOutBlob; + void decode_trustAuthInOut( + [in] trustAuthInOutBlob blob + ); + typedef [public,gensize] struct { uint32 count; [relative] AuthenticationInformation *current[count]; } trustCurrentPasswords; - void decode_trustAuthInOut( - [in] trustAuthInOutBlob blob - ); - typedef [public,nopull] struct { uint8 confounder[512]; [subcontext(0),subcontext_size(outgoing_size)] trustCurrentPasswords outgoing; -- cgit From 8e1c0470d72ca85d837bbdd4aec0ca2f27a7a29f Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 1 Oct 2008 13:10:35 -0700 Subject: Add in secure channel type used by AD trusts --- source4/librpc/idl/misc.idl | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'source4') diff --git a/source4/librpc/idl/misc.idl b/source4/librpc/idl/misc.idl index 8331977398..791b86466c 100644 --- a/source4/librpc/idl/misc.idl +++ b/source4/librpc/idl/misc.idl @@ -30,9 +30,11 @@ interface misc /* Only SEC_CHAN_WKSTA can forward requests to other domains. */ typedef [public] enum { - SEC_CHAN_WKSTA = 2, - SEC_CHAN_DOMAIN = 4, - SEC_CHAN_BDC = 6 + SEC_CHAN_NULL = 0, + SEC_CHAN_WKSTA = 2, + SEC_CHAN_DNS_DOMAIN = 3, + SEC_CHAN_DOMAIN = 4, + SEC_CHAN_BDC = 6 } netr_SchannelType; /* SAM database types */ -- cgit From 99d0eb4fb701c500f0175ca9a38482160bdb08e4 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 1 Oct 2008 13:11:11 -0700 Subject: Make RPC-LSA test for enumeration conditions more strict --- source4/torture/rpc/lsa.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) (limited to 'source4') diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c index efbdecab13..245ed1e41b 100644 --- a/source4/torture/rpc/lsa.c +++ b/source4/torture/rpc/lsa.c @@ -1899,7 +1899,11 @@ static bool test_EnumTrustDom(struct dcerpc_pipe *p, /* NO_MORE_ENTRIES is allowed */ if (NT_STATUS_EQUAL(enum_status, NT_STATUS_NO_MORE_ENTRIES)) { - return true; + if (domains.count == 0) { + return true; + } + printf("EnumTrustDom failed - should have returned 0 trusted domains with 'NT_STATUS_NO_MORE_ENTRIES'\n"); + return false; } else if (NT_STATUS_EQUAL(enum_status, STATUS_MORE_ENTRIES)) { /* Windows 2003 gets this off by one on the first run */ if (r.out.domains->count < 3 || r.out.domains->count > 4) { @@ -1950,7 +1954,11 @@ static bool test_EnumTrustDom(struct dcerpc_pipe *p, /* NO_MORE_ENTRIES is allowed */ if (NT_STATUS_EQUAL(enum_status, NT_STATUS_NO_MORE_ENTRIES)) { - return true; + if (domains_ex.count == 0) { + return true; + } + printf("EnumTrustDomainsEx failed - should have returned 0 trusted domains with 'NT_STATUS_NO_MORE_ENTRIES'\n"); + return false; } else if (NT_STATUS_EQUAL(enum_status, STATUS_MORE_ENTRIES)) { /* Windows 2003 gets this off by one on the first run */ if (r_ex.out.domains->count < 3 || r_ex.out.domains->count > 4) { @@ -2115,7 +2123,7 @@ static bool test_CreateTrustedDomainEx2(struct dcerpc_pipe *p, /* Try different trust types too */ - /* 1 == downleven (NT4), 2 == uplevel (ADS), 3 == MIT (kerberos but not AD) */ + /* 1 == downlevel (NT4), 2 == uplevel (ADS), 3 == MIT (kerberos but not AD) */ trustinfo.trust_type = (((i / 3) + 1) % 3) + 1; trustinfo.trust_attributes = LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION; @@ -2160,6 +2168,7 @@ static bool test_CreateTrustedDomainEx2(struct dcerpc_pipe *p, printf("QueryTrustedDomainInfo level 1 failed - %s\n", nt_errstr(status)); ret = false; } else if (!q.out.info) { + printf("QueryTrustedDomainInfo level 1 failed to return an info pointer\n"); ret = false; } else { if (strcmp(q.out.info->info_ex.netbios_name.string, trustinfo.netbios_name.string) != 0) { @@ -2188,11 +2197,13 @@ static bool test_CreateTrustedDomainEx2(struct dcerpc_pipe *p, /* now that we have some domains to look over, we can test the enum calls */ if (!test_EnumTrustDom(p, mem_ctx, handle)) { + printf("test_EnumTrustDom failed\n"); ret = false; } for (i=0; i<12; i++) { if (!test_DeleteTrustedDomainBySid(p, mem_ctx, handle, domsid[i])) { + printf("test_DeleteTrustedDomainBySid failed\n"); ret = false; } } -- cgit From 1a29fd1cf5436c850c7de180668a7a33f9b034d8 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 1 Oct 2008 13:12:15 -0700 Subject: Store trusted domain passwords in the LSA server --- source4/rpc_server/lsa/dcesrv_lsa.c | 68 ++++++++++++++++++++++++++++++++++--- 1 file changed, 64 insertions(+), 4 deletions(-) (limited to 'source4') diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c index 5e3be84cc5..836fd8dc62 100644 --- a/source4/rpc_server/lsa/dcesrv_lsa.c +++ b/source4/rpc_server/lsa/dcesrv_lsa.c @@ -727,13 +727,46 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { return NT_STATUS_INVALID_PARAMETER; } + + if (op == NDR_LSA_CREATETRUSTEDDOMAINEX) { + if (auth_struct.incoming.count > 1) { + return NT_STATUS_INVALID_PARAMETER; + } + } } if (auth_struct.incoming.count) { + int i; + struct trustAuthInOutBlob incoming; + + incoming.count = auth_struct.incoming.count; + incoming.current = talloc(mem_ctx, struct AuthenticationInformationArray); + if (!incoming.current) { + return NT_STATUS_NO_MEMORY; + } + + incoming.current->array = *auth_struct.incoming.current; + if (!incoming.current->array) { + return NT_STATUS_NO_MEMORY; + } + + incoming.previous = talloc(mem_ctx, struct AuthenticationInformationArray); + if (!incoming.previous) { + return NT_STATUS_NO_MEMORY; + } + incoming.previous->array = talloc_array(mem_ctx, struct AuthenticationInformation, incoming.count); + if (!incoming.previous->array) { + return NT_STATUS_NO_MEMORY; + } + + for (i = 0; i < incoming.count; i++) { + incoming.previous->array[i].LastUpdateTime = 0; + incoming.previous->array[i].AuthType = 0; + } ndr_err = ndr_push_struct_blob(&trustAuthIncoming, mem_ctx, lp_iconv_convenience(dce_call->conn->dce_ctx->lp_ctx), - &auth_struct.incoming, - (ndr_push_flags_fn_t)ndr_push_trustDomainPasswords); + &incoming, + (ndr_push_flags_fn_t)ndr_push_trustAuthInOutBlob); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { return NT_STATUS_INVALID_PARAMETER; } @@ -742,10 +775,37 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc } if (auth_struct.outgoing.count) { + int i; + struct trustAuthInOutBlob outgoing; + + outgoing.count = auth_struct.outgoing.count; + outgoing.current = talloc(mem_ctx, struct AuthenticationInformationArray); + if (!outgoing.current) { + return NT_STATUS_NO_MEMORY; + } + + outgoing.current->array = *auth_struct.outgoing.current; + if (!outgoing.current->array) { + return NT_STATUS_NO_MEMORY; + } + + outgoing.previous = talloc(mem_ctx, struct AuthenticationInformationArray); + if (!outgoing.previous) { + return NT_STATUS_NO_MEMORY; + } + outgoing.previous->array = talloc_array(mem_ctx, struct AuthenticationInformation, outgoing.count); + if (!outgoing.previous->array) { + return NT_STATUS_NO_MEMORY; + } + + for (i = 0; i < outgoing.count; i++) { + outgoing.previous->array[i].LastUpdateTime = 0; + outgoing.previous->array[i].AuthType = 0; + } ndr_err = ndr_push_struct_blob(&trustAuthOutgoing, mem_ctx, lp_iconv_convenience(dce_call->conn->dce_ctx->lp_ctx), - &auth_struct.outgoing, - (ndr_push_flags_fn_t)ndr_push_trustDomainPasswords); + &outgoing, + (ndr_push_flags_fn_t)ndr_push_trustAuthInOutBlob); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { return NT_STATUS_INVALID_PARAMETER; } -- cgit From 320d402180ac2d8505aec2664feaddbd63e5b17e Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 1 Oct 2008 13:31:22 -0700 Subject: Start implementing AD-style trusted domains in Samba4's NETLOGON server --- source4/rpc_server/netlogon/dcerpc_netlogon.c | 52 +++++++++++++++++++++++++-- 1 file changed, 50 insertions(+), 2 deletions(-) (limited to 'source4') diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index d5f7d2afae..b948d1210e 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -87,6 +87,9 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_ca const char *attrs[] = {"unicodePwd", "userAccountControl", "objectSid", NULL}; + const char *trust_dom_attrs[] = {"flatname", NULL}; + const char *account_name; + ZERO_STRUCTP(r->out.credentials); *r->out.rid = 0; *r->out.negotiate_flags = *r->in.negotiate_flags; @@ -101,10 +104,54 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_ca if (sam_ctx == NULL) { return NT_STATUS_INVALID_SYSTEM_SERVICE; } + + if (r->in.secure_channel_type == SEC_CHAN_DNS_DOMAIN) { + char *encoded_account = ldb_binary_encode_string(mem_ctx, r->in.account_name); + char *flatname; + if (!encoded_account) { + return NT_STATUS_NO_MEMORY; + } + + /* Kill the trailing dot */ + if (encoded_account[strlen(encoded_account)-1] == '.') { + encoded_account[strlen(encoded_account)-1] = '\0'; + } + + /* pull the user attributes */ + num_records = gendb_search(sam_ctx, mem_ctx, NULL, &msgs, trust_dom_attrs, + "(&(trustPartner=%s)(objectclass=trustedDomain))", + encoded_account); + + if (num_records == 0) { + DEBUG(3,("Couldn't find trust [%s] in samdb.\n", + encoded_account)); + return NT_STATUS_ACCESS_DENIED; + } + + if (num_records > 1) { + DEBUG(0,("Found %d records matching user [%s]\n", num_records, r->in.account_name)); + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } + + flatname = ldb_msg_find_attr_as_string(msgs[0], "flatname", NULL); + if (!flatname) { + /* No flatname for this trust - we can't proceed */ + return NT_STATUS_ACCESS_DENIED; + } + account_name = talloc_asprintf(mem_ctx, "%s$", flatname); + + if (!account_name) { + return NT_STATUS_NO_MEMORY; + } + + } else { + account_name = r->in.account_name; + } + /* pull the user attributes */ num_records = gendb_search(sam_ctx, mem_ctx, NULL, &msgs, attrs, "(&(sAMAccountName=%s)(objectclass=user))", - r->in.account_name); + ldb_binary_encode_string(mem_ctx, account_name)); if (num_records == 0) { DEBUG(3,("Couldn't find user [%s] in samdb.\n", @@ -130,7 +177,8 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_ca DEBUG(1, ("Client asked for a workstation secure channel, but is not a workstation (member server) acb flags: 0x%x\n", user_account_control)); return NT_STATUS_ACCESS_DENIED; } - } else if (r->in.secure_channel_type == SEC_CHAN_DOMAIN) { + } else if (r->in.secure_channel_type == SEC_CHAN_DOMAIN || + r->in.secure_channel_type == SEC_CHAN_DNS_DOMAIN) { if (!(user_account_control & UF_INTERDOMAIN_TRUST_ACCOUNT)) { DEBUG(1, ("Client asked for a trusted domain secure channel, but is not a trusted domain: acb flags: 0x%x\n", user_account_control)); -- cgit From 912209ac84395ef0e2fca0556b1e4bec34367b5c Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 1 Oct 2008 16:00:33 -0700 Subject: Use the trust password version as kvno for trusts in Kerberos. --- source4/kdc/hdb-samba4.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'source4') diff --git a/source4/kdc/hdb-samba4.c b/source4/kdc/hdb-samba4.c index d7317f17d4..818c4a12fd 100644 --- a/source4/kdc/hdb-samba4.c +++ b/source4/kdc/hdb-samba4.c @@ -717,6 +717,7 @@ static krb5_error_code LDB_trust_message2entry(krb5_context context, HDB *db, enum ndr_err_code ndr_err; int i, ret, trust_direction_flags; + uint32_t kvno; private = talloc(mem_ctx, struct hdb_ldb_private); if (!private) { @@ -764,6 +765,12 @@ static krb5_error_code LDB_trust_message2entry(krb5_context context, HDB *db, goto out; } + for (i=0; i < password_blob.count; i++) { + if (password_blob.current->array[i].AuthType == TRUST_AUTH_TYPE_VERSION) { + entry_ex->entry.kvno = password_blob.current->array[i].AuthInfo.version.version; + } + } + for (i=0; i < password_blob.count; i++) { if (password_blob.current->array[i].AuthType == TRUST_AUTH_TYPE_CLEAR) { password_utf16 = data_blob_const(password_blob.current->array[i].AuthInfo.clear.password, -- cgit From 6a5547742f0b87017e4d21c80ec8facece6688d0 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 2 Oct 2008 11:29:34 -0700 Subject: Allow the PAC to be passed along during cross-realm authentication --- source4/heimdal/kdc/krb5tgs.c | 34 ++++++++++++++++------------------ 1 file changed, 16 insertions(+), 18 deletions(-) (limited to 'source4') diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c index 19dff5e01d..d557da2a5b 100644 --- a/source4/heimdal/kdc/krb5tgs.c +++ b/source4/heimdal/kdc/krb5tgs.c @@ -1393,6 +1393,8 @@ tgs_build_reply(krb5_context context, char opt_str[128]; int signedpath = 0; + Key *tkey; + memset(&sessionkey, 0, sizeof(sessionkey)); memset(&adtkt, 0, sizeof(adtkt)); krb5_data_zero(&rspac); @@ -1630,26 +1632,22 @@ server_lookup: } /* check PAC if not cross realm and if there is one */ - if (!cross_realm) { - Key *tkey; - - ret = hdb_enctype2key(context, &krbtgt->entry, - krbtgt_etype, &tkey); - if(ret) { - kdc_log(context, config, 0, + ret = hdb_enctype2key(context, &krbtgt->entry, + krbtgt_etype, &tkey); + if(ret) { + kdc_log(context, config, 0, "Failed to find key for krbtgt PAC check"); - goto out; - } + goto out; + } - ret = check_PAC(context, config, cp, - client, server, ekey, &tkey->key, - tgt, &rspac, &signedpath); - if (ret) { - kdc_log(context, config, 0, - "Verify PAC failed for %s (%s) from %s with %s", - spn, cpn, from, krb5_get_err_text(context, ret)); - goto out; - } + ret = check_PAC(context, config, cp, + client, server, ekey, &tkey->key, + tgt, &rspac, &signedpath); + if (ret) { + kdc_log(context, config, 0, + "Verify PAC failed for %s (%s) from %s with %s", + spn, cpn, from, krb5_get_err_text(context, ret)); + goto out; } /* also check the krbtgt for signature */ -- cgit From c3b28c7a81c04a0f019b6c1e543a65d6d48b0b2c Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 2 Oct 2008 11:30:14 -0700 Subject: Fix cross-realm authentication in Samba4's KDC. --- source4/kdc/hdb-samba4.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'source4') diff --git a/source4/kdc/hdb-samba4.c b/source4/kdc/hdb-samba4.c index 818c4a12fd..5b7f55822e 100644 --- a/source4/kdc/hdb-samba4.c +++ b/source4/kdc/hdb-samba4.c @@ -758,7 +758,7 @@ static krb5_error_code LDB_trust_message2entry(krb5_context context, HDB *db, goto out; } - ndr_err = ndr_pull_struct_blob_all(password_val, mem_ctx, private->iconv_convenience, &password_blob, + ndr_err = ndr_pull_struct_blob(password_val, mem_ctx, private->iconv_convenience, &password_blob, (ndr_pull_flags_fn_t)ndr_pull_trustAuthInOutBlob); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { ret = EINVAL; @@ -813,6 +813,8 @@ static krb5_error_code LDB_trust_message2entry(krb5_context context, HDB *db, entry_ex->entry.keys.len++; } + entry_ex->entry.principal = malloc(sizeof(*(entry_ex->entry.principal))); + ret = copy_Principal(principal, entry_ex->entry.principal); if (ret) { krb5_clear_error_string(context); @@ -1155,7 +1157,7 @@ static krb5_error_code LDB_fetch_krbtgt(krb5_context context, HDB *db, principal, HDB_SAMBA4_ENT_TYPE_KRBTGT, msg[0], realm_ref_msg_1[0], entry_ex); if (ret != 0) { - krb5_warnx(context, "LDB_fetch: message2entry failed"); + krb5_warnx(context, "LDB_fetch: self krbtgt message2entry failed"); } return ret; @@ -1193,7 +1195,7 @@ static krb5_error_code LDB_fetch_krbtgt(krb5_context context, HDB *db, principal, direction, msg[0], entry_ex); if (ret != 0) { - krb5_warnx(context, "LDB_fetch: message2entry failed"); + krb5_warnx(context, "LDB_fetch: trust_message2entry failed"); } return ret; -- cgit From e0a4d7f467d9727563adaaa97961edd06886490e Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 3 Oct 2008 16:36:49 -0700 Subject: Set default trust kvno to -1 --- source4/kdc/hdb-samba4.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/kdc/hdb-samba4.c b/source4/kdc/hdb-samba4.c index 5b7f55822e..51f464cd09 100644 --- a/source4/kdc/hdb-samba4.c +++ b/source4/kdc/hdb-samba4.c @@ -717,7 +717,6 @@ static krb5_error_code LDB_trust_message2entry(krb5_context context, HDB *db, enum ndr_err_code ndr_err; int i, ret, trust_direction_flags; - uint32_t kvno; private = talloc(mem_ctx, struct hdb_ldb_private); if (!private) { @@ -765,6 +764,7 @@ static krb5_error_code LDB_trust_message2entry(krb5_context context, HDB *db, goto out; } + entry_ex->entry.kvno = -1; for (i=0; i < password_blob.count; i++) { if (password_blob.current->array[i].AuthType == TRUST_AUTH_TYPE_VERSION) { entry_ex->entry.kvno = password_blob.current->array[i].AuthInfo.version.version; -- cgit From c024fb7d5745dbca96b969c88284b70ac7c520e4 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 6 Oct 2008 16:00:10 +0200 Subject: Allow 'make testenv-dc', 'make testenv-member', etc. --- source4/selftest/config.mk | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source4') diff --git a/source4/selftest/config.mk b/source4/selftest/config.mk index 2fcb71eb7a..e4bb2df0ad 100644 --- a/source4/selftest/config.mk +++ b/source4/selftest/config.mk @@ -49,6 +49,9 @@ quicktestone:: all testenv:: everything $(SELFTEST) $(SELFTEST_NOSLOW_OPTS) --socket-wrapper --testenv +testenv-%:: everything + SELFTEST_TESTENV=$* $(SELFTEST) $(SELFTEST_NOSLOW_OPTS) --socket-wrapper --testenv + valgrindtest:: valgrindtest-all valgrindtest-quick:: all -- cgit From 8da78b732554a88bee0f1dd547e329fe8d82b7f9 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 8 Oct 2008 01:48:44 +0200 Subject: Move subunit helper utility to specific subunit directory. --- source4/script/harness2subunit.pl | 36 ------------------------------------ source4/selftest/samba4_tests.sh | 2 +- 2 files changed, 1 insertion(+), 37 deletions(-) delete mode 100755 source4/script/harness2subunit.pl (limited to 'source4') diff --git a/source4/script/harness2subunit.pl b/source4/script/harness2subunit.pl deleted file mode 100755 index 45f515540b..0000000000 --- a/source4/script/harness2subunit.pl +++ /dev/null @@ -1,36 +0,0 @@ -#!/usr/bin/perl -# Simple script that converts Perl test harness output to -# Subunit -# Copyright (C) 2008 Jelmer Vernooij -# Published under the GNU GPL, v3 or later - -my $firstline = 1; -my $error = 0; -while() { - if ($firstline) { - $firstline = 0; - next; - } - if (/^not ok (\d+) - (.*)$/) { - print "test: $2\n"; - print "failure: $2\n"; - $error = 1; - } elsif (/^ok (\d+) - (.*)$/) { - print "test: $2\n"; - print "success: $2\n"; - } elsif (/^ok (\d+)$/) { - print "test: $1\n"; - print "success: $1\n"; - } elsif (/^ok (\d+) # skip (.*)$/) { - print "test: $1\n"; - print "skip: $1 [\n$2\n]\n"; - } elsif (/^not ok (\d+)$/) { - print "test: $1\n"; - print "failure: $1\n"; - $error = 1; - } else { - print; - } -} -exit $error; - diff --git a/source4/selftest/samba4_tests.sh b/source4/selftest/samba4_tests.sh index bfe386af69..7ddaf9f996 100755 --- a/source4/selftest/samba4_tests.sh +++ b/source4/selftest/samba4_tests.sh @@ -252,7 +252,7 @@ if test x"${PIDL_TESTS_SKIP}" = x"yes"; then echo "Skipping pidl tests - PIDL_TESTS_SKIP=yes" elif $PERL -e 'eval require Test::More;' > /dev/null 2>&1; then for f in $samba4srcdir/../pidl/tests/*.pl; do - plantest "pidl.`basename $f .pl`" none $PERL $f "|" $samba4srcdir/script/harness2subunit.pl + plantest "pidl.`basename $f .pl`" none $PERL $f "|" $samba4srcdir/../lib/subunit/harness2subunit.pl done else echo "Skipping pidl tests - Test::More not installed" -- cgit From 3ecde315d3ef6d13ea3811d34deb51f87cdeaa6d Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 8 Oct 2008 01:58:42 +0200 Subject: Import tests for subunit python module. --- source4/scripting/python/subunit/tests/TestUtil.py | 80 +++ source4/scripting/python/subunit/tests/__init__.py | 25 + .../python/subunit/tests/sample-script.py | 11 + .../python/subunit/tests/sample-two-script.py | 7 + .../python/subunit/tests/test_test_protocol.py | 730 +++++++++++++++++++++ source4/selftest/samba4_tests.sh | 1 + 6 files changed, 854 insertions(+) create mode 100644 source4/scripting/python/subunit/tests/TestUtil.py create mode 100644 source4/scripting/python/subunit/tests/__init__.py create mode 100755 source4/scripting/python/subunit/tests/sample-script.py create mode 100755 source4/scripting/python/subunit/tests/sample-two-script.py create mode 100644 source4/scripting/python/subunit/tests/test_test_protocol.py (limited to 'source4') diff --git a/source4/scripting/python/subunit/tests/TestUtil.py b/source4/scripting/python/subunit/tests/TestUtil.py new file mode 100644 index 0000000000..1b5ba9c293 --- /dev/null +++ b/source4/scripting/python/subunit/tests/TestUtil.py @@ -0,0 +1,80 @@ +# Copyright (c) 2004 Canonical Limited +# Author: Robert Collins +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# + +import sys +import logging +import unittest + + +class LogCollector(logging.Handler): + def __init__(self): + logging.Handler.__init__(self) + self.records=[] + def emit(self, record): + self.records.append(record.getMessage()) + + +def makeCollectingLogger(): + """I make a logger instance that collects its logs for programmatic analysis + -> (logger, collector)""" + logger=logging.Logger("collector") + handler=LogCollector() + handler.setFormatter(logging.Formatter("%(levelname)s: %(message)s")) + logger.addHandler(handler) + return logger, handler + + +def visitTests(suite, visitor): + """A foreign method for visiting the tests in a test suite.""" + for test in suite._tests: + #Abusing types to avoid monkey patching unittest.TestCase. + # Maybe that would be better? + try: + test.visit(visitor) + except AttributeError: + if isinstance(test, unittest.TestCase): + visitor.visitCase(test) + elif isinstance(test, unittest.TestSuite): + visitor.visitSuite(test) + visitTests(test, visitor) + else: + print "unvisitable non-unittest.TestCase element %r (%r)" % (test, test.__class__) + + +class TestSuite(unittest.TestSuite): + """I am an extended TestSuite with a visitor interface. + This is primarily to allow filtering of tests - and suites or + more in the future. An iterator of just tests wouldn't scale...""" + + def visit(self, visitor): + """visit the composite. Visiting is depth-first. + current callbacks are visitSuite and visitCase.""" + visitor.visitSuite(self) + visitTests(self, visitor) + + +class TestLoader(unittest.TestLoader): + """Custome TestLoader to set the right TestSuite class.""" + suiteClass = TestSuite + +class TestVisitor(object): + """A visitor for Tests""" + def visitSuite(self, aTestSuite): + pass + def visitCase(self, aTestCase): + pass diff --git a/source4/scripting/python/subunit/tests/__init__.py b/source4/scripting/python/subunit/tests/__init__.py new file mode 100644 index 0000000000..544d0e704f --- /dev/null +++ b/source4/scripting/python/subunit/tests/__init__.py @@ -0,0 +1,25 @@ +# +# subunit: extensions to python unittest to get test results from subprocesses. +# Copyright (C) 2005 Robert Collins +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# + +from subunit.tests import TestUtil, test_test_protocol + +def test_suite(): + result = TestUtil.TestSuite() + result.addTest(test_test_protocol.test_suite()) + return result diff --git a/source4/scripting/python/subunit/tests/sample-script.py b/source4/scripting/python/subunit/tests/sample-script.py new file mode 100755 index 0000000000..223d2f5d9f --- /dev/null +++ b/source4/scripting/python/subunit/tests/sample-script.py @@ -0,0 +1,11 @@ +#!/usr/bin/env python +import sys +print "test old mcdonald" +print "success old mcdonald" +print "test bing crosby" +print "failure bing crosby [" +print "foo.c:53:ERROR invalid state" +print "]" +print "test an error" +print "error an error" +sys.exit(0) diff --git a/source4/scripting/python/subunit/tests/sample-two-script.py b/source4/scripting/python/subunit/tests/sample-two-script.py new file mode 100755 index 0000000000..d5550842bf --- /dev/null +++ b/source4/scripting/python/subunit/tests/sample-two-script.py @@ -0,0 +1,7 @@ +#!/usr/bin/env python +import sys +print "test old mcdonald" +print "success old mcdonald" +print "test bing crosby" +print "success bing crosby" +sys.exit(0) diff --git a/source4/scripting/python/subunit/tests/test_test_protocol.py b/source4/scripting/python/subunit/tests/test_test_protocol.py new file mode 100644 index 0000000000..af31584a97 --- /dev/null +++ b/source4/scripting/python/subunit/tests/test_test_protocol.py @@ -0,0 +1,730 @@ +# +# subunit: extensions to python unittest to get test results from subprocesses. +# Copyright (C) 2005 Robert Collins +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# + +import unittest +from StringIO import StringIO +import os +import subunit +import sys + +try: + class MockTestProtocolServerClient(object): + """A mock protocol server client to test callbacks.""" + + def __init__(self): + self.end_calls = [] + self.error_calls = [] + self.failure_calls = [] + self.start_calls = [] + self.success_calls = [] + super(MockTestProtocolServerClient, self).__init__() + + def addError(self, test, error): + self.error_calls.append((test, error)) + + def addFailure(self, test, error): + self.failure_calls.append((test, error)) + + def addSuccess(self, test): + self.success_calls.append(test) + + def stopTest(self, test): + self.end_calls.append(test) + + def startTest(self, test): + self.start_calls.append(test) + +except AttributeError: + MockTestProtocolServer = None + + +class TestMockTestProtocolServer(unittest.TestCase): + + def test_start_test(self): + protocol = MockTestProtocolServerClient() + protocol.startTest(subunit.RemotedTestCase("test old mcdonald")) + self.assertEqual(protocol.start_calls, + [subunit.RemotedTestCase("test old mcdonald")]) + self.assertEqual(protocol.end_calls, []) + self.assertEqual(protocol.error_calls, []) + self.assertEqual(protocol.failure_calls, []) + self.assertEqual(protocol.success_calls, []) + + def test_add_error(self): + protocol = MockTestProtocolServerClient() + protocol.addError(subunit.RemotedTestCase("old mcdonald"), + subunit.RemoteError("omg it works")) + self.assertEqual(protocol.start_calls, []) + self.assertEqual(protocol.end_calls, []) + self.assertEqual(protocol.error_calls, [( + subunit.RemotedTestCase("old mcdonald"), + subunit.RemoteError("omg it works"))]) + self.assertEqual(protocol.failure_calls, []) + self.assertEqual(protocol.success_calls, []) + + def test_add_failure(self): + protocol = MockTestProtocolServerClient() + protocol.addFailure(subunit.RemotedTestCase("old mcdonald"), + subunit.RemoteError("omg it works")) + self.assertEqual(protocol.start_calls, []) + self.assertEqual(protocol.end_calls, []) + self.assertEqual(protocol.error_calls, []) + self.assertEqual(protocol.failure_calls, [ + (subunit.RemotedTestCase("old mcdonald"), + subunit.RemoteError("omg it works"))]) + self.assertEqual(protocol.success_calls, []) + + def test_add_success(self): + protocol = MockTestProtocolServerClient() + protocol.addSuccess(subunit.RemotedTestCase("test old mcdonald")) + self.assertEqual(protocol.start_calls, []) + self.assertEqual(protocol.end_calls, []) + self.assertEqual(protocol.error_calls, []) + self.assertEqual(protocol.failure_calls, []) + self.assertEqual(protocol.success_calls, + [subunit.RemotedTestCase("test old mcdonald")]) + + def test_end_test(self): + protocol = MockTestProtocolServerClient() + protocol.stopTest(subunit.RemotedTestCase("test old mcdonald")) + self.assertEqual(protocol.end_calls, + [subunit.RemotedTestCase("test old mcdonald")]) + self.assertEqual(protocol.error_calls, []) + self.assertEqual(protocol.failure_calls, []) + self.assertEqual(protocol.success_calls, []) + self.assertEqual(protocol.start_calls, []) + + +class TestTestImports(unittest.TestCase): + + def test_imports(self): + from subunit import TestProtocolServer + from subunit import RemotedTestCase + from subunit import RemoteError + from subunit import ExecTestCase + from subunit import IsolatedTestCase + from subunit import TestProtocolClient + + +class TestTestProtocolServerPipe(unittest.TestCase): + + def test_story(self): + client = unittest.TestResult() + protocol = subunit.TestProtocolServer(client) + pipe = StringIO("test old mcdonald\n" + "success old mcdonald\n" + "test bing crosby\n" + "failure bing crosby [\n" + "foo.c:53:ERROR invalid state\n" + "]\n" + "test an error\n" + "error an error\n") + protocol.readFrom(pipe) + mcdonald = subunit.RemotedTestCase("old mcdonald") + bing = subunit.RemotedTestCase("bing crosby") + an_error = subunit.RemotedTestCase("an error") + self.assertEqual(client.errors, + [(an_error, 'RemoteException: \n\n')]) + self.assertEqual( + client.failures, + [(bing, "RemoteException: foo.c:53:ERROR invalid state\n\n")]) + self.assertEqual(client.testsRun, 3) + + +class TestTestProtocolServerStartTest(unittest.TestCase): + + def setUp(self): + self.client = MockTestProtocolServerClient() + self.protocol = subunit.TestProtocolServer(self.client) + + def test_start_test(self): + self.protocol.lineReceived("test old mcdonald\n") + self.assertEqual(self.client.start_calls, + [subunit.RemotedTestCase("old mcdonald")]) + + def test_start_testing(self): + self.protocol.lineReceived("testing old mcdonald\n") + self.assertEqual(self.client.start_calls, + [subunit.RemotedTestCase("old mcdonald")]) + + def test_start_test_colon(self): + self.protocol.lineReceived("test: old mcdonald\n") + self.assertEqual(self.client.start_calls, + [subunit.RemotedTestCase("old mcdonald")]) + + def test_start_testing_colon(self): + self.protocol.lineReceived("testing: old mcdonald\n") + self.assertEqual(self.client.start_calls, + [subunit.RemotedTestCase("old mcdonald")]) + + +class TestTestProtocolServerPassThrough(unittest.TestCase): + + def setUp(self): + from StringIO import StringIO + self.stdout = StringIO() + self.test = subunit.RemotedTestCase("old mcdonald") + self.client = MockTestProtocolServerClient() + self.protocol = subunit.TestProtocolServer(self.client, self.stdout) + + def keywords_before_test(self): + self.protocol.lineReceived("failure a\n") + self.protocol.lineReceived("failure: a\n") + self.protocol.lineReceived("error a\n") + self.protocol.lineReceived("error: a\n") + self.protocol.lineReceived("success a\n") + self.protocol.lineReceived("success: a\n") + self.protocol.lineReceived("successful a\n") + self.protocol.lineReceived("successful: a\n") + self.protocol.lineReceived("]\n") + self.assertEqual(self.stdout.getvalue(), "failure a\n" + "failure: a\n" + "error a\n" + "error: a\n" + "success a\n" + "success: a\n" + "successful a\n" + "successful: a\n" + "]\n") + + def test_keywords_before_test(self): + self.keywords_before_test() + self.assertEqual(self.client.start_calls, []) + self.assertEqual(self.client.error_calls, []) + self.assertEqual(self.client.failure_calls, []) + self.assertEqual(self.client.success_calls, []) + + def test_keywords_after_error(self): + self.protocol.lineReceived("test old mcdonald\n") + self.protocol.lineReceived("error old mcdonald\n") + self.keywords_before_test() + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, + [(self.test, subunit.RemoteError(""))]) + self.assertEqual(self.client.failure_calls, []) + self.assertEqual(self.client.success_calls, []) + + def test_keywords_after_failure(self): + self.protocol.lineReceived("test old mcdonald\n") + self.protocol.lineReceived("failure old mcdonald\n") + self.keywords_before_test() + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, []) + self.assertEqual(self.client.failure_calls, + [(self.test, subunit.RemoteError())]) + self.assertEqual(self.client.success_calls, []) + + def test_keywords_after_success(self): + self.protocol.lineReceived("test old mcdonald\n") + self.protocol.lineReceived("success old mcdonald\n") + self.keywords_before_test() + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, []) + self.assertEqual(self.client.failure_calls, []) + self.assertEqual(self.client.success_calls, [self.test]) + + def test_keywords_after_test(self): + self.protocol.lineReceived("test old mcdonald\n") + self.protocol.lineReceived("test old mcdonald\n") + self.protocol.lineReceived("failure a\n") + self.protocol.lineReceived("failure: a\n") + self.protocol.lineReceived("error a\n") + self.protocol.lineReceived("error: a\n") + self.protocol.lineReceived("success a\n") + self.protocol.lineReceived("success: a\n") + self.protocol.lineReceived("successful a\n") + self.protocol.lineReceived("successful: a\n") + self.protocol.lineReceived("]\n") + self.protocol.lineReceived("failure old mcdonald\n") + self.assertEqual(self.stdout.getvalue(), "test old mcdonald\n" + "failure a\n" + "failure: a\n" + "error a\n" + "error: a\n" + "success a\n" + "success: a\n" + "successful a\n" + "successful: a\n" + "]\n") + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.failure_calls, + [(self.test, subunit.RemoteError())]) + self.assertEqual(self.client.error_calls, []) + self.assertEqual(self.client.success_calls, []) + + def test_keywords_during_failure(self): + self.protocol.lineReceived("test old mcdonald\n") + self.protocol.lineReceived("failure: old mcdonald [\n") + self.protocol.lineReceived("test old mcdonald\n") + self.protocol.lineReceived("failure a\n") + self.protocol.lineReceived("failure: a\n") + self.protocol.lineReceived("error a\n") + self.protocol.lineReceived("error: a\n") + self.protocol.lineReceived("success a\n") + self.protocol.lineReceived("success: a\n") + self.protocol.lineReceived("successful a\n") + self.protocol.lineReceived("successful: a\n") + self.protocol.lineReceived(" ]\n") + self.protocol.lineReceived("]\n") + self.assertEqual(self.stdout.getvalue(), "") + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.failure_calls, + [(self.test, subunit.RemoteError("test old mcdonald\n" + "failure a\n" + "failure: a\n" + "error a\n" + "error: a\n" + "success a\n" + "success: a\n" + "successful a\n" + "successful: a\n" + "]\n"))]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, []) + self.assertEqual(self.client.success_calls, []) + + def test_stdout_passthrough(self): + """Lines received which cannot be interpreted as any protocol action + should be passed through to sys.stdout. + """ + bytes = "randombytes\n" + self.protocol.lineReceived(bytes) + self.assertEqual(self.stdout.getvalue(), bytes) + + +class TestTestProtocolServerLostConnection(unittest.TestCase): + + def setUp(self): + self.client = MockTestProtocolServerClient() + self.protocol = subunit.TestProtocolServer(self.client) + self.test = subunit.RemotedTestCase("old mcdonald") + + def test_lost_connection_no_input(self): + self.protocol.lostConnection() + self.assertEqual(self.client.start_calls, []) + self.assertEqual(self.client.error_calls, []) + self.assertEqual(self.client.failure_calls, []) + self.assertEqual(self.client.success_calls, []) + + def test_lost_connection_after_start(self): + self.protocol.lineReceived("test old mcdonald\n") + self.protocol.lostConnection() + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, [ + (self.test, subunit.RemoteError("lost connection during " + "test 'old mcdonald'"))]) + self.assertEqual(self.client.failure_calls, []) + self.assertEqual(self.client.success_calls, []) + + def test_lost_connected_after_error(self): + self.protocol.lineReceived("test old mcdonald\n") + self.protocol.lineReceived("error old mcdonald\n") + self.protocol.lostConnection() + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.failure_calls, []) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, [ + (self.test, subunit.RemoteError(""))]) + self.assertEqual(self.client.success_calls, []) + + def test_lost_connection_during_error(self): + self.protocol.lineReceived("test old mcdonald\n") + self.protocol.lineReceived("error old mcdonald [\n") + self.protocol.lostConnection() + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, [ + (self.test, subunit.RemoteError("lost connection during error " + "report of test 'old mcdonald'"))]) + self.assertEqual(self.client.failure_calls, []) + self.assertEqual(self.client.success_calls, []) + + def test_lost_connected_after_failure(self): + self.protocol.lineReceived("test old mcdonald\n") + self.protocol.lineReceived("failure old mcdonald\n") + self.protocol.lostConnection() + test = subunit.RemotedTestCase("old mcdonald") + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, []) + self.assertEqual(self.client.failure_calls, + [(self.test, subunit.RemoteError())]) + self.assertEqual(self.client.success_calls, []) + + def test_lost_connection_during_failure(self): + self.protocol.lineReceived("test old mcdonald\n") + self.protocol.lineReceived("failure old mcdonald [\n") + self.protocol.lostConnection() + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, + [(self.test, + subunit.RemoteError("lost connection during " + "failure report" + " of test 'old mcdonald'"))]) + self.assertEqual(self.client.failure_calls, []) + self.assertEqual(self.client.success_calls, []) + + def test_lost_connection_after_success(self): + self.protocol.lineReceived("test old mcdonald\n") + self.protocol.lineReceived("success old mcdonald\n") + self.protocol.lostConnection() + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, []) + self.assertEqual(self.client.failure_calls, []) + self.assertEqual(self.client.success_calls, [self.test]) + + +class TestTestProtocolServerAddError(unittest.TestCase): + + def setUp(self): + self.client = MockTestProtocolServerClient() + self.protocol = subunit.TestProtocolServer(self.client) + self.protocol.lineReceived("test mcdonalds farm\n") + self.test = subunit.RemotedTestCase("mcdonalds farm") + + def simple_error_keyword(self, keyword): + self.protocol.lineReceived("%s mcdonalds farm\n" % keyword) + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, [ + (self.test, subunit.RemoteError(""))]) + self.assertEqual(self.client.failure_calls, []) + + def test_simple_error(self): + self.simple_error_keyword("error") + + def test_simple_error_colon(self): + self.simple_error_keyword("error:") + + def test_error_empty_message(self): + self.protocol.lineReceived("error mcdonalds farm [\n") + self.protocol.lineReceived("]\n") + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, [ + (self.test, subunit.RemoteError(""))]) + self.assertEqual(self.client.failure_calls, []) + + def error_quoted_bracket(self, keyword): + self.protocol.lineReceived("%s mcdonalds farm [\n" % keyword) + self.protocol.lineReceived(" ]\n") + self.protocol.lineReceived("]\n") + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, [ + (self.test, subunit.RemoteError("]\n"))]) + self.assertEqual(self.client.failure_calls, []) + + def test_error_quoted_bracket(self): + self.error_quoted_bracket("error") + + def test_error_colon_quoted_bracket(self): + self.error_quoted_bracket("error:") + + +class TestTestProtocolServerAddFailure(unittest.TestCase): + + def setUp(self): + self.client = MockTestProtocolServerClient() + self.protocol = subunit.TestProtocolServer(self.client) + self.protocol.lineReceived("test mcdonalds farm\n") + self.test = subunit.RemotedTestCase("mcdonalds farm") + + def simple_failure_keyword(self, keyword): + self.protocol.lineReceived("%s mcdonalds farm\n" % keyword) + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, []) + self.assertEqual(self.client.failure_calls, + [(self.test, subunit.RemoteError())]) + + def test_simple_failure(self): + self.simple_failure_keyword("failure") + + def test_simple_failure_colon(self): + self.simple_failure_keyword("failure:") + + def test_failure_empty_message(self): + self.protocol.lineReceived("failure mcdonalds farm [\n") + self.protocol.lineReceived("]\n") + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, []) + self.assertEqual(self.client.failure_calls, + [(self.test, subunit.RemoteError())]) + + def failure_quoted_bracket(self, keyword): + self.protocol.lineReceived("%s mcdonalds farm [\n" % keyword) + self.protocol.lineReceived(" ]\n") + self.protocol.lineReceived("]\n") + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, []) + self.assertEqual(self.client.failure_calls, + [(self.test, subunit.RemoteError("]\n"))]) + + def test_failure_quoted_bracket(self): + self.failure_quoted_bracket("failure") + + def test_failure_colon_quoted_bracket(self): + self.failure_quoted_bracket("failure:") + + +class TestTestProtocolServerAddSuccess(unittest.TestCase): + + def setUp(self): + self.client = MockTestProtocolServerClient() + self.protocol = subunit.TestProtocolServer(self.client) + self.protocol.lineReceived("test mcdonalds farm\n") + self.test = subunit.RemotedTestCase("mcdonalds farm") + + def simple_success_keyword(self, keyword): + self.protocol.lineReceived("%s mcdonalds farm\n" % keyword) + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, []) + self.assertEqual(self.client.success_calls, [self.test]) + + def test_simple_success(self): + self.simple_success_keyword("failure") + + def test_simple_success_colon(self): + self.simple_success_keyword("failure:") + + def test_simple_success(self): + self.simple_success_keyword("successful") + + def test_simple_success_colon(self): + self.simple_success_keyword("successful:") + + +class TestRemotedTestCase(unittest.TestCase): + + def test_simple(self): + test = subunit.RemotedTestCase("A test description") + self.assertRaises(NotImplementedError, test.setUp) + self.assertRaises(NotImplementedError, test.tearDown) + self.assertEqual("A test description", + test.shortDescription()) + self.assertEqual("subunit.RemotedTestCase.A test description", + test.id()) + self.assertEqual("A test description (subunit.RemotedTestCase)", "%s" % test) + self.assertEqual("", "%r" % test) + result = unittest.TestResult() + test.run(result) + self.assertEqual([(test, "RemoteException: " + "Cannot run RemotedTestCases.\n\n")], + result.errors) + self.assertEqual(1, result.testsRun) + another_test = subunit.RemotedTestCase("A test description") + self.assertEqual(test, another_test) + different_test = subunit.RemotedTestCase("ofo") + self.assertNotEqual(test, different_test) + self.assertNotEqual(another_test, different_test) + + +class TestRemoteError(unittest.TestCase): + + def test_eq(self): + error = subunit.RemoteError("Something went wrong") + another_error = subunit.RemoteError("Something went wrong") + different_error = subunit.RemoteError("boo!") + self.assertEqual(error, another_error) + self.assertNotEqual(error, different_error) + self.assertNotEqual(different_error, another_error) + + def test_empty_constructor(self): + self.assertEqual(subunit.RemoteError(), subunit.RemoteError("")) + + +class TestExecTestCase(unittest.TestCase): + + class SampleExecTestCase(subunit.ExecTestCase): + + def test_sample_method(self): + """sample-script.py""" + # the sample script runs three tests, one each + # that fails, errors and succeeds + + + def test_construct(self): + test = self.SampleExecTestCase("test_sample_method") + self.assertEqual(test.script, + subunit.join_dir(__file__, 'sample-script.py')) + + def test_run(self): + runner = MockTestProtocolServerClient() + test = self.SampleExecTestCase("test_sample_method") + test.run(runner) + mcdonald = subunit.RemotedTestCase("old mcdonald") + bing = subunit.RemotedTestCase("bing crosby") + an_error = subunit.RemotedTestCase("an error") + self.assertEqual(runner.error_calls, + [(an_error, subunit.RemoteError())]) + self.assertEqual(runner.failure_calls, + [(bing, + subunit.RemoteError( + "foo.c:53:ERROR invalid state\n"))]) + self.assertEqual(runner.start_calls, [mcdonald, bing, an_error]) + self.assertEqual(runner.end_calls, [mcdonald, bing, an_error]) + + def test_debug(self): + test = self.SampleExecTestCase("test_sample_method") + test.debug() + + def test_count_test_cases(self): + """TODO run the child process and count responses to determine the count.""" + + def test_join_dir(self): + sibling = subunit.join_dir(__file__, 'foo') + expected = '%s/foo' % (os.path.split(__file__)[0],) + self.assertEqual(sibling, expected) + + +class DoExecTestCase(subunit.ExecTestCase): + + def test_working_script(self): + """sample-two-script.py""" + + +class TestIsolatedTestCase(unittest.TestCase): + + class SampleIsolatedTestCase(subunit.IsolatedTestCase): + + SETUP = False + TEARDOWN = False + TEST = False + + def setUp(self): + TestIsolatedTestCase.SampleIsolatedTestCase.SETUP = True + + def tearDown(self): + TestIsolatedTestCase.SampleIsolatedTestCase.TEARDOWN = True + + def test_sets_global_state(self): + TestIsolatedTestCase.SampleIsolatedTestCase.TEST = True + + + def test_construct(self): + test = self.SampleIsolatedTestCase("test_sets_global_state") + + def test_run(self): + result = unittest.TestResult() + test = self.SampleIsolatedTestCase("test_sets_global_state") + test.run(result) + self.assertEqual(result.testsRun, 1) + self.assertEqual(self.SampleIsolatedTestCase.SETUP, False) + self.assertEqual(self.SampleIsolatedTestCase.TEARDOWN, False) + self.assertEqual(self.SampleIsolatedTestCase.TEST, False) + + def test_debug(self): + pass + #test = self.SampleExecTestCase("test_sample_method") + #test.debug() + + +class TestIsolatedTestSuite(unittest.TestCase): + + class SampleTestToIsolate(unittest.TestCase): + + SETUP = False + TEARDOWN = False + TEST = False + + def setUp(self): + TestIsolatedTestSuite.SampleTestToIsolate.SETUP = True + + def tearDown(self): + TestIsolatedTestSuite.SampleTestToIsolate.TEARDOWN = True + + def test_sets_global_state(self): + TestIsolatedTestSuite.SampleTestToIsolate.TEST = True + + + def test_construct(self): + suite = subunit.IsolatedTestSuite() + + def test_run(self): + result = unittest.TestResult() + suite = subunit.IsolatedTestSuite() + sub_suite = unittest.TestSuite() + sub_suite.addTest(self.SampleTestToIsolate("test_sets_global_state")) + sub_suite.addTest(self.SampleTestToIsolate("test_sets_global_state")) + suite.addTest(sub_suite) + suite.addTest(self.SampleTestToIsolate("test_sets_global_state")) + suite.run(result) + self.assertEqual(result.testsRun, 3) + self.assertEqual(self.SampleTestToIsolate.SETUP, False) + self.assertEqual(self.SampleTestToIsolate.TEARDOWN, False) + self.assertEqual(self.SampleTestToIsolate.TEST, False) + + +class TestTestProtocolClient(unittest.TestCase): + + def setUp(self): + self.io = StringIO() + self.protocol = subunit.TestProtocolClient(self.io) + self.test = TestTestProtocolClient("test_start_test") + + + def test_start_test(self): + """Test startTest on a TestProtocolClient.""" + self.protocol.startTest(self.test) + self.assertEqual(self.io.getvalue(), "test: %s\n" % self.test.id()) + + def test_stop_test(self): + """Test stopTest on a TestProtocolClient.""" + self.protocol.stopTest(self.test) + self.assertEqual(self.io.getvalue(), "") + + def test_add_success(self): + """Test addSuccess on a TestProtocolClient.""" + self.protocol.addSuccess(self.test) + self.assertEqual( + self.io.getvalue(), "successful: %s\n" % self.test.id()) + + def test_add_failure(self): + """Test addFailure on a TestProtocolClient.""" + self.protocol.addFailure(self.test, subunit.RemoteError("boo")) + self.assertEqual( + self.io.getvalue(), + 'failure: %s [\nRemoteException: boo\n]\n' % self.test.id()) + + def test_add_error(self): + """Test stopTest on a TestProtocolClient.""" + self.protocol.addError(self.test, subunit.RemoteError("phwoar")) + self.assertEqual( + self.io.getvalue(), + 'error: %s [\n' + "RemoteException: phwoar\n" + "]\n" % self.test.id()) + + +def test_suite(): + loader = subunit.tests.TestUtil.TestLoader() + result = loader.loadTestsFromName(__name__) + return result diff --git a/source4/selftest/samba4_tests.sh b/source4/selftest/samba4_tests.sh index 7ddaf9f996..9fc71a104f 100755 --- a/source4/selftest/samba4_tests.sh +++ b/source4/selftest/samba4_tests.sh @@ -381,6 +381,7 @@ plantest "samdb.python" none $SUBUNITRUN samba.tests.samdb plantest "events.python" none PYTHONPATH="$PYTHONPATH:lib/events" $SUBUNITRUN tests plantest "messaging.python" none PYTHONPATH="$PYTHONPATH:lib/messaging/tests" $SUBUNITRUN bindings plantest "samba3sam.python" none PYTHONPATH="$PYTHONPATH:dsdb/samdb/ldb_modules/tests" $SUBUNITRUN samba3sam +plantest "subunit.python" none $SUBUNITRUN subunit plantest "rpcecho.python" dc $SUBUNITRUN samba.tests.dcerpc.rpcecho plantest "winreg.python" dc $SUBUNITRUN -U\$USERNAME%\$PASSWORD samba.tests.dcerpc.registry plantest "ldap.python" dc $PYTHON $samba4srcdir/lib/ldb/tests/python/ldap.py $CONFIGURATION \$SERVER -U\$USERNAME%\$PASSWORD -W \$DOMAIN -- cgit From 68837ff597bd39ff215ef30b4616692d2e31b1b4 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 7 Oct 2008 01:23:34 +0200 Subject: Fix syntax errors in minschema. --- source4/scripting/bin/minschema | 36 ++++++++++++++++-------------------- 1 file changed, 16 insertions(+), 20 deletions(-) (limited to 'source4') diff --git a/source4/scripting/bin/minschema b/source4/scripting/bin/minschema index 111557126d..e7d7ed4979 100755 --- a/source4/scripting/bin/minschema +++ b/source4/scripting/bin/minschema @@ -11,7 +11,8 @@ import os, sys sys.path.insert(0, "bin/python") import samba -from samba import getopt as options +from samba import getopt as options, Ldb +from ldb import SCOPE_SUBTREE, SCOPE_BASE, LdbError import sys parser = optparse.OptionParser("minschema ") @@ -50,7 +51,9 @@ if len(args) != 2: (url, classfile) = args -creds = credopts.get_credentials() +lp_ctx = sambaopts.get_loadparm() + +creds = credopts.get_credentials(lp_ctx) ldb = Ldb(url, credentials=creds) objectclasses = [] @@ -131,17 +134,10 @@ attrib_attrs = ["objectClass", # 2: abstract # 3: auxiliary -# -# print only if verbose is set -# -def dprintf(text): - if verbose is not None: - print text - def get_object_cn(ldb, name): attrs = ["cn"] - res = ldb.search("(ldapDisplayName=%s)" % name, rootDse["schemaNamingContext"], ldb.SCOPE_SUBTREE, attrs) + res = ldb.search("(ldapDisplayName=%s)" % name, rootDse["schemaNamingContext"], SCOPE_SUBTREE, attrs) assert len(res) == 1 return res[0]["cn"] @@ -229,7 +225,7 @@ def find_objectclass_properties(ldb, o): """the properties of an objectclass""" res = ldb.search( expression="(ldapDisplayName=%s)" % o.name, - basedn=rootDse["schemaNamingContext"], scope=ldb.SCOPE_SUBTREE, attrs=class_attrs) + base=rootDse["schemaNamingContext"], scope=SCOPE_SUBTREE, attrs=class_attrs) assert(len(res) == 1) msg = res[0] for a in msg: @@ -239,7 +235,7 @@ def find_attribute_properties(ldb, o): """find the properties of an attribute""" res = ldb.search( expression="(ldapDisplayName=%s)" % o.name, - basedn=rootDse["schemaNamingContext"], scope=ldb.SCOPE_SUBTREE, + base=rootDse["schemaNamingContext"], scope=SCOPE_SUBTREE, attrs=attrib_attrs) assert(len(res) == 1) msg = res[0] @@ -269,7 +265,7 @@ def find_objectclass_auto(ldb, o): print "%s\n" % ldif return - res = ldb.search("", testdn, ldb.SCOPE_BASE) + res = ldb.search(base=testdn, scope=ldb.SCOPE_BASE) ldb.delete(testdn) for a in res.msgs[0]: @@ -284,7 +280,7 @@ def expand_objectclass(ldb, o): "subClassOf"] res = ldb.search( expression="(&(objectClass=classSchema)(ldapDisplayName=%s))" % o.name, - basedn=rootDse["schemaNamingContext"], scope=ldb.SCOPE_SUBTREE, + base=rootDse["schemaNamingContext"], scope=SCOPE_SUBTREE, attrs=attrs) print "Expanding class %s\n" % o.name assert(len(res) == 1) @@ -322,13 +318,13 @@ def walk_dn(ldb, dn): # get a list of all possible attributes for this object attrs = ["allowedAttributes"] try: - res = ldb.search("objectClass=*", dn, ldb.SCOPE_BASE, attrs) + res = ldb.search("objectClass=*", dn, SCOPE_BASE, attrs) except LdbError, e: print "Unable to fetch allowedAttributes for '%s' - %r\n" % (dn, e) return allattrs = res[0]["allowedAttributes"] try: - res = ldb.search("objectClass=*", dn, ldb.SCOPE_BASE, allattrs) + res = ldb.search("objectClass=*", dn, SCOPE_BASE, allattrs) except LdbError, e: print "Unable to fetch all attributes for '%s' - %s\n" % (dn, e) return @@ -340,7 +336,7 @@ def walk_dn(ldb, dn): def walk_naming_context(ldb, namingContext): """walk a naming context, looking for all records""" try: - res = ldb.search("objectClass=*", namingContext, ldb.SCOPE_DEFAULT, + res = ldb.search("objectClass=*", namingContext, SCOPE_DEFAULT, ["objectClass"]) except LdbError, e: print "Unable to fetch objectClasses for '%s' - %s\n" % (namingContext, e) @@ -398,7 +394,7 @@ def build_objectclass(ldb, name): try: res = ldb.search( expression="(&(objectClass=classSchema)(ldapDisplayName=%s))" % name, - basedn=rootDse["schemaNamingContext"], scope=ldb.SCOPE_SUBTREE, + base=rootDse["schemaNamingContext"], scope=SCOPE_SUBTREE, attrs=attrs) except LdbError, e: print "unknown class '%s'\n" % name @@ -503,10 +499,10 @@ objectCategory: CN=SubSchema,${SCHEMADN} def load_list(file): """load a list from a file""" - return open(file, 'r').splitlines() + return open(file, 'r').readlines() # get the rootDSE -res = ldb.search("", "", ldb.SCOPE_BASE) +res = ldb.search(base="", expression="", scope=SCOPE_BASE, attrs=["schemaNamingContext"]) rootDse = res[0] # load the list of classes we are interested in -- cgit From f9facb51207713d1f294038e68909ba7701c61e4 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 8 Oct 2008 02:17:47 +0200 Subject: Move all subunit files to lib directory. --- source4/scripting/bin/subunitrun | 1 + source4/scripting/python/config.mk | 4 +- source4/scripting/python/subunit/__init__.py | 388 ----------- source4/scripting/python/subunit/tests/TestUtil.py | 80 --- source4/scripting/python/subunit/tests/__init__.py | 25 - .../python/subunit/tests/sample-script.py | 11 - .../python/subunit/tests/sample-two-script.py | 7 - .../python/subunit/tests/test_test_protocol.py | 730 --------------------- 8 files changed, 3 insertions(+), 1243 deletions(-) delete mode 100644 source4/scripting/python/subunit/__init__.py delete mode 100644 source4/scripting/python/subunit/tests/TestUtil.py delete mode 100644 source4/scripting/python/subunit/tests/__init__.py delete mode 100755 source4/scripting/python/subunit/tests/sample-script.py delete mode 100755 source4/scripting/python/subunit/tests/sample-two-script.py delete mode 100644 source4/scripting/python/subunit/tests/test_test_protocol.py (limited to 'source4') diff --git a/source4/scripting/bin/subunitrun b/source4/scripting/bin/subunitrun index 6f1086ad37..bc35c7ce22 100755 --- a/source4/scripting/bin/subunitrun +++ b/source4/scripting/bin/subunitrun @@ -21,6 +21,7 @@ import sys # Find right directory when running from source tree sys.path.insert(0, "bin/python") +sys.path.insert(0, "../lib/subunit/python") from subunit import SubunitTestRunner from unittest import TestProgram diff --git a/source4/scripting/python/config.mk b/source4/scripting/python/config.mk index b494ee6e8d..c88728a9fd 100644 --- a/source4/scripting/python/config.mk +++ b/source4/scripting/python/config.mk @@ -23,7 +23,7 @@ python_misc_OBJ_FILES = $(pyscriptsrcdir)/misc_wrap.o $(python_misc_OBJ_FILES): CFLAGS+=$(CFLAG_NO_UNUSED_MACROS) $(CFLAG_NO_CAST_QUAL) -_PY_FILES = $(shell find $(pyscriptsrcdir)/samba $(pyscriptsrcdir)/subunit -name "*.py") +_PY_FILES = $(shell find $(pyscriptsrcdir)/samba ../lib/subunit/python -name "*.py") $(foreach pyfile, $(_PY_FILES),$(eval $(call python_py_module_template,$(patsubst $(pyscriptsrcdir)/%,%,$(pyfile)),$(pyfile)))) @@ -32,6 +32,6 @@ $(eval $(call python_py_module_template,samba/misc.py,$(pyscriptsrcdir)/misc.py) EPYDOC_OPTIONS = --no-private --url http://www.samba.org/ --no-sourcecode epydoc:: pythonmods - PYTHONPATH=$(pythonbuilddir) epydoc $(EPYDOC_OPTIONS) samba tdb ldb subunit + PYTHONPATH=$(pythonbuilddir):../lib/subunit/python epydoc $(EPYDOC_OPTIONS) samba tdb ldb subunit install:: installpython diff --git a/source4/scripting/python/subunit/__init__.py b/source4/scripting/python/subunit/__init__.py deleted file mode 100644 index 406cd8765b..0000000000 --- a/source4/scripting/python/subunit/__init__.py +++ /dev/null @@ -1,388 +0,0 @@ -# -# subunit: extensions to python unittest to get test results from subprocesses. -# Copyright (C) 2005 Robert Collins -# Copyright (C) 2007 Jelmer Vernooij -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -# - -import os -from StringIO import StringIO -import sys -import unittest - -def test_suite(): - import subunit.tests - return subunit.tests.test_suite() - - -def join_dir(base_path, path): - """ - Returns an absolute path to C{path}, calculated relative to the parent - of C{base_path}. - - @param base_path: A path to a file or directory. - @param path: An absolute path, or a path relative to the containing - directory of C{base_path}. - - @return: An absolute path to C{path}. - """ - return os.path.join(os.path.dirname(os.path.abspath(base_path)), path) - - -class TestProtocolServer(object): - """A class for receiving results from a TestProtocol client.""" - - OUTSIDE_TEST = 0 - TEST_STARTED = 1 - READING_FAILURE = 2 - READING_ERROR = 3 - - def __init__(self, client, stream=sys.stdout): - """Create a TestProtocol server instance. - - client should be an object that provides - - startTest - - addSuccess - - addFailure - - addError - - stopTest - methods, i.e. a TestResult. - """ - self.state = TestProtocolServer.OUTSIDE_TEST - self.client = client - self._stream = stream - - def _addError(self, offset, line): - if (self.state == TestProtocolServer.TEST_STARTED and - self.current_test_description == line[offset:-1]): - self.state = TestProtocolServer.OUTSIDE_TEST - self.current_test_description = None - self.client.addError(self._current_test, RemoteError("")) - self.client.stopTest(self._current_test) - self._current_test = None - elif (self.state == TestProtocolServer.TEST_STARTED and - self.current_test_description + " [" == line[offset:-1]): - self.state = TestProtocolServer.READING_ERROR - self._message = "" - else: - self.stdOutLineReceived(line) - - def _addFailure(self, offset, line): - if (self.state == TestProtocolServer.TEST_STARTED and - self.current_test_description == line[offset:-1]): - self.state = TestProtocolServer.OUTSIDE_TEST - self.current_test_description = None - self.client.addFailure(self._current_test, RemoteError()) - self.client.stopTest(self._current_test) - elif (self.state == TestProtocolServer.TEST_STARTED and - self.current_test_description + " [" == line[offset:-1]): - self.state = TestProtocolServer.READING_FAILURE - self._message = "" - else: - self.stdOutLineReceived(line) - - def _addSuccess(self, offset, line): - if (self.state == TestProtocolServer.TEST_STARTED and - self.current_test_description == line[offset:-1]): - self.client.addSuccess(self._current_test) - self.client.stopTest(self._current_test) - self.current_test_description = None - self._current_test = None - self.state = TestProtocolServer.OUTSIDE_TEST - else: - self.stdOutLineReceived(line) - - def _appendMessage(self, line): - if line[0:2] == " ]": - # quoted ] start - self._message += line[1:] - else: - self._message += line - - def endQuote(self, line): - if self.state == TestProtocolServer.READING_FAILURE: - self.state = TestProtocolServer.OUTSIDE_TEST - self.current_test_description = None - self.client.addFailure(self._current_test, - RemoteError(self._message)) - self.client.stopTest(self._current_test) - elif self.state == TestProtocolServer.READING_ERROR: - self.state = TestProtocolServer.OUTSIDE_TEST - self.current_test_description = None - self.client.addError(self._current_test, - RemoteError(self._message)) - self.client.stopTest(self._current_test) - else: - self.stdOutLineReceived(line) - - def lineReceived(self, line): - """Call the appropriate local method for the received line.""" - if line == "]\n": - self.endQuote(line) - elif (self.state == TestProtocolServer.READING_FAILURE or - self.state == TestProtocolServer.READING_ERROR): - self._appendMessage(line) - else: - parts = line.split(None, 1) - if len(parts) == 2: - cmd, rest = parts - offset = len(cmd) + 1 - cmd = cmd.strip(':') - if cmd in ('test', 'testing'): - self._startTest(offset, line) - elif cmd == 'error': - self._addError(offset, line) - elif cmd == 'failure': - self._addFailure(offset, line) - elif cmd in ('success', 'successful'): - self._addSuccess(offset, line) - else: - self.stdOutLineReceived(line) - else: - self.stdOutLineReceived(line) - - def lostConnection(self): - """The input connection has finished.""" - if self.state == TestProtocolServer.TEST_STARTED: - self.client.addError(self._current_test, - RemoteError("lost connection during test '%s'" - % self.current_test_description)) - self.client.stopTest(self._current_test) - elif self.state == TestProtocolServer.READING_ERROR: - self.client.addError(self._current_test, - RemoteError("lost connection during " - "error report of test " - "'%s'" % - self.current_test_description)) - self.client.stopTest(self._current_test) - elif self.state == TestProtocolServer.READING_FAILURE: - self.client.addError(self._current_test, - RemoteError("lost connection during " - "failure report of test " - "'%s'" % - self.current_test_description)) - self.client.stopTest(self._current_test) - - def readFrom(self, pipe): - for line in pipe.readlines(): - self.lineReceived(line) - self.lostConnection() - - def _startTest(self, offset, line): - """Internal call to change state machine. Override startTest().""" - if self.state == TestProtocolServer.OUTSIDE_TEST: - self.state = TestProtocolServer.TEST_STARTED - self._current_test = RemotedTestCase(line[offset:-1]) - self.current_test_description = line[offset:-1] - self.client.startTest(self._current_test) - else: - self.stdOutLineReceived(line) - - def stdOutLineReceived(self, line): - self._stream.write(line) - - -class RemoteException(Exception): - """An exception that occured remotely to python.""" - - def __eq__(self, other): - try: - return self.args == other.args - except AttributeError: - return False - - -class TestProtocolClient(unittest.TestResult): - """A class that looks like a TestResult and informs a TestProtocolServer.""" - - def __init__(self, stream): - super(TestProtocolClient, self).__init__() - self._stream = stream - - def addError(self, test, error): - """Report an error in test test.""" - self._stream.write("error: %s [\n" % (test.shortDescription() or str(test))) - for line in self._exc_info_to_string(error, test).splitlines(): - self._stream.write("%s\n" % line) - self._stream.write("]\n") - super(TestProtocolClient, self).addError(test, error) - - def addFailure(self, test, error): - """Report a failure in test test.""" - self._stream.write("failure: %s [\n" % (test.shortDescription() or str(test))) - for line in self._exc_info_to_string(error, test).splitlines(): - self._stream.write("%s\n" % line) - self._stream.write("]\n") - super(TestProtocolClient, self).addFailure(test, error) - - def addSuccess(self, test): - """Report a success in a test.""" - self._stream.write("successful: %s\n" % (test.shortDescription() or str(test))) - super(TestProtocolClient, self).addSuccess(test) - - def startTest(self, test): - """Mark a test as starting its test run.""" - self._stream.write("test: %s\n" % (test.shortDescription() or str(test))) - super(TestProtocolClient, self).startTest(test) - - -def RemoteError(description=""): - if description == "": - description = "\n" - return (RemoteException, RemoteException(description), None) - - -class RemotedTestCase(unittest.TestCase): - """A class to represent test cases run in child processes.""" - - def __eq__ (self, other): - try: - return self.__description == other.__description - except AttributeError: - return False - - def __init__(self, description): - """Create a psuedo test case with description description.""" - self.__description = description - - def error(self, label): - raise NotImplementedError("%s on RemotedTestCases is not permitted." % - label) - - def setUp(self): - self.error("setUp") - - def tearDown(self): - self.error("tearDown") - - def shortDescription(self): - return self.__description - - def id(self): - return "%s.%s" % (self._strclass(), self.__description) - - def __str__(self): - return "%s (%s)" % (self.__description, self._strclass()) - - def __repr__(self): - return "<%s description='%s'>" % \ - (self._strclass(), self.__description) - - def run(self, result=None): - if result is None: result = self.defaultTestResult() - result.startTest(self) - result.addError(self, RemoteError("Cannot run RemotedTestCases.\n")) - result.stopTest(self) - - def _strclass(self): - cls = self.__class__ - return "%s.%s" % (cls.__module__, cls.__name__) - - -class ExecTestCase(unittest.TestCase): - """A test case which runs external scripts for test fixtures.""" - - def __init__(self, methodName='runTest'): - """Create an instance of the class that will use the named test - method when executed. Raises a ValueError if the instance does - not have a method with the specified name. - """ - unittest.TestCase.__init__(self, methodName) - testMethod = getattr(self, methodName) - self.script = join_dir(sys.modules[self.__class__.__module__].__file__, - testMethod.__doc__) - - def countTestCases(self): - return 1 - - def run(self, result=None): - if result is None: result = self.defaultTestResult() - self._run(result) - - def debug(self): - """Run the test without collecting errors in a TestResult""" - self._run(unittest.TestResult()) - - def _run(self, result): - protocol = TestProtocolServer(result) - output = os.popen(self.script, mode='r') - protocol.readFrom(output) - - -class IsolatedTestCase(unittest.TestCase): - """A TestCase which runs its tests in a forked process.""" - - def run(self, result=None): - if result is None: result = self.defaultTestResult() - run_isolated(unittest.TestCase, self, result) - - -class IsolatedTestSuite(unittest.TestSuite): - """A TestCase which runs its tests in a forked process.""" - - def run(self, result=None): - if result is None: result = unittest.TestResult() - run_isolated(unittest.TestSuite, self, result) - - -def run_isolated(klass, self, result): - """Run a test suite or case in a subprocess, using the run method on klass. - """ - c2pread, c2pwrite = os.pipe() - # fixme - error -> result - # now fork - pid = os.fork() - if pid == 0: - # Child - # Close parent's pipe ends - os.close(c2pread) - # Dup fds for child - os.dup2(c2pwrite, 1) - # Close pipe fds. - os.close(c2pwrite) - - # at this point, sys.stdin is redirected, now we want - # to filter it to escape ]'s. - ### XXX: test and write that bit. - - result = TestProtocolClient(sys.stdout) - klass.run(self, result) - sys.stdout.flush() - sys.stderr.flush() - # exit HARD, exit NOW. - os._exit(0) - else: - # Parent - # Close child pipe ends - os.close(c2pwrite) - # hookup a protocol engine - protocol = TestProtocolServer(result) - protocol.readFrom(os.fdopen(c2pread, 'rU')) - os.waitpid(pid, 0) - # TODO return code evaluation. - return result - - -class SubunitTestRunner(object): - def __init__(self, stream=sys.stdout): - self.stream = stream - - def run(self, test): - "Run the given test case or test suite." - result = TestProtocolClient(self.stream) - test(result) - return result - diff --git a/source4/scripting/python/subunit/tests/TestUtil.py b/source4/scripting/python/subunit/tests/TestUtil.py deleted file mode 100644 index 1b5ba9c293..0000000000 --- a/source4/scripting/python/subunit/tests/TestUtil.py +++ /dev/null @@ -1,80 +0,0 @@ -# Copyright (c) 2004 Canonical Limited -# Author: Robert Collins -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -# - -import sys -import logging -import unittest - - -class LogCollector(logging.Handler): - def __init__(self): - logging.Handler.__init__(self) - self.records=[] - def emit(self, record): - self.records.append(record.getMessage()) - - -def makeCollectingLogger(): - """I make a logger instance that collects its logs for programmatic analysis - -> (logger, collector)""" - logger=logging.Logger("collector") - handler=LogCollector() - handler.setFormatter(logging.Formatter("%(levelname)s: %(message)s")) - logger.addHandler(handler) - return logger, handler - - -def visitTests(suite, visitor): - """A foreign method for visiting the tests in a test suite.""" - for test in suite._tests: - #Abusing types to avoid monkey patching unittest.TestCase. - # Maybe that would be better? - try: - test.visit(visitor) - except AttributeError: - if isinstance(test, unittest.TestCase): - visitor.visitCase(test) - elif isinstance(test, unittest.TestSuite): - visitor.visitSuite(test) - visitTests(test, visitor) - else: - print "unvisitable non-unittest.TestCase element %r (%r)" % (test, test.__class__) - - -class TestSuite(unittest.TestSuite): - """I am an extended TestSuite with a visitor interface. - This is primarily to allow filtering of tests - and suites or - more in the future. An iterator of just tests wouldn't scale...""" - - def visit(self, visitor): - """visit the composite. Visiting is depth-first. - current callbacks are visitSuite and visitCase.""" - visitor.visitSuite(self) - visitTests(self, visitor) - - -class TestLoader(unittest.TestLoader): - """Custome TestLoader to set the right TestSuite class.""" - suiteClass = TestSuite - -class TestVisitor(object): - """A visitor for Tests""" - def visitSuite(self, aTestSuite): - pass - def visitCase(self, aTestCase): - pass diff --git a/source4/scripting/python/subunit/tests/__init__.py b/source4/scripting/python/subunit/tests/__init__.py deleted file mode 100644 index 544d0e704f..0000000000 --- a/source4/scripting/python/subunit/tests/__init__.py +++ /dev/null @@ -1,25 +0,0 @@ -# -# subunit: extensions to python unittest to get test results from subprocesses. -# Copyright (C) 2005 Robert Collins -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -# - -from subunit.tests import TestUtil, test_test_protocol - -def test_suite(): - result = TestUtil.TestSuite() - result.addTest(test_test_protocol.test_suite()) - return result diff --git a/source4/scripting/python/subunit/tests/sample-script.py b/source4/scripting/python/subunit/tests/sample-script.py deleted file mode 100755 index 223d2f5d9f..0000000000 --- a/source4/scripting/python/subunit/tests/sample-script.py +++ /dev/null @@ -1,11 +0,0 @@ -#!/usr/bin/env python -import sys -print "test old mcdonald" -print "success old mcdonald" -print "test bing crosby" -print "failure bing crosby [" -print "foo.c:53:ERROR invalid state" -print "]" -print "test an error" -print "error an error" -sys.exit(0) diff --git a/source4/scripting/python/subunit/tests/sample-two-script.py b/source4/scripting/python/subunit/tests/sample-two-script.py deleted file mode 100755 index d5550842bf..0000000000 --- a/source4/scripting/python/subunit/tests/sample-two-script.py +++ /dev/null @@ -1,7 +0,0 @@ -#!/usr/bin/env python -import sys -print "test old mcdonald" -print "success old mcdonald" -print "test bing crosby" -print "success bing crosby" -sys.exit(0) diff --git a/source4/scripting/python/subunit/tests/test_test_protocol.py b/source4/scripting/python/subunit/tests/test_test_protocol.py deleted file mode 100644 index af31584a97..0000000000 --- a/source4/scripting/python/subunit/tests/test_test_protocol.py +++ /dev/null @@ -1,730 +0,0 @@ -# -# subunit: extensions to python unittest to get test results from subprocesses. -# Copyright (C) 2005 Robert Collins -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -# - -import unittest -from StringIO import StringIO -import os -import subunit -import sys - -try: - class MockTestProtocolServerClient(object): - """A mock protocol server client to test callbacks.""" - - def __init__(self): - self.end_calls = [] - self.error_calls = [] - self.failure_calls = [] - self.start_calls = [] - self.success_calls = [] - super(MockTestProtocolServerClient, self).__init__() - - def addError(self, test, error): - self.error_calls.append((test, error)) - - def addFailure(self, test, error): - self.failure_calls.append((test, error)) - - def addSuccess(self, test): - self.success_calls.append(test) - - def stopTest(self, test): - self.end_calls.append(test) - - def startTest(self, test): - self.start_calls.append(test) - -except AttributeError: - MockTestProtocolServer = None - - -class TestMockTestProtocolServer(unittest.TestCase): - - def test_start_test(self): - protocol = MockTestProtocolServerClient() - protocol.startTest(subunit.RemotedTestCase("test old mcdonald")) - self.assertEqual(protocol.start_calls, - [subunit.RemotedTestCase("test old mcdonald")]) - self.assertEqual(protocol.end_calls, []) - self.assertEqual(protocol.error_calls, []) - self.assertEqual(protocol.failure_calls, []) - self.assertEqual(protocol.success_calls, []) - - def test_add_error(self): - protocol = MockTestProtocolServerClient() - protocol.addError(subunit.RemotedTestCase("old mcdonald"), - subunit.RemoteError("omg it works")) - self.assertEqual(protocol.start_calls, []) - self.assertEqual(protocol.end_calls, []) - self.assertEqual(protocol.error_calls, [( - subunit.RemotedTestCase("old mcdonald"), - subunit.RemoteError("omg it works"))]) - self.assertEqual(protocol.failure_calls, []) - self.assertEqual(protocol.success_calls, []) - - def test_add_failure(self): - protocol = MockTestProtocolServerClient() - protocol.addFailure(subunit.RemotedTestCase("old mcdonald"), - subunit.RemoteError("omg it works")) - self.assertEqual(protocol.start_calls, []) - self.assertEqual(protocol.end_calls, []) - self.assertEqual(protocol.error_calls, []) - self.assertEqual(protocol.failure_calls, [ - (subunit.RemotedTestCase("old mcdonald"), - subunit.RemoteError("omg it works"))]) - self.assertEqual(protocol.success_calls, []) - - def test_add_success(self): - protocol = MockTestProtocolServerClient() - protocol.addSuccess(subunit.RemotedTestCase("test old mcdonald")) - self.assertEqual(protocol.start_calls, []) - self.assertEqual(protocol.end_calls, []) - self.assertEqual(protocol.error_calls, []) - self.assertEqual(protocol.failure_calls, []) - self.assertEqual(protocol.success_calls, - [subunit.RemotedTestCase("test old mcdonald")]) - - def test_end_test(self): - protocol = MockTestProtocolServerClient() - protocol.stopTest(subunit.RemotedTestCase("test old mcdonald")) - self.assertEqual(protocol.end_calls, - [subunit.RemotedTestCase("test old mcdonald")]) - self.assertEqual(protocol.error_calls, []) - self.assertEqual(protocol.failure_calls, []) - self.assertEqual(protocol.success_calls, []) - self.assertEqual(protocol.start_calls, []) - - -class TestTestImports(unittest.TestCase): - - def test_imports(self): - from subunit import TestProtocolServer - from subunit import RemotedTestCase - from subunit import RemoteError - from subunit import ExecTestCase - from subunit import IsolatedTestCase - from subunit import TestProtocolClient - - -class TestTestProtocolServerPipe(unittest.TestCase): - - def test_story(self): - client = unittest.TestResult() - protocol = subunit.TestProtocolServer(client) - pipe = StringIO("test old mcdonald\n" - "success old mcdonald\n" - "test bing crosby\n" - "failure bing crosby [\n" - "foo.c:53:ERROR invalid state\n" - "]\n" - "test an error\n" - "error an error\n") - protocol.readFrom(pipe) - mcdonald = subunit.RemotedTestCase("old mcdonald") - bing = subunit.RemotedTestCase("bing crosby") - an_error = subunit.RemotedTestCase("an error") - self.assertEqual(client.errors, - [(an_error, 'RemoteException: \n\n')]) - self.assertEqual( - client.failures, - [(bing, "RemoteException: foo.c:53:ERROR invalid state\n\n")]) - self.assertEqual(client.testsRun, 3) - - -class TestTestProtocolServerStartTest(unittest.TestCase): - - def setUp(self): - self.client = MockTestProtocolServerClient() - self.protocol = subunit.TestProtocolServer(self.client) - - def test_start_test(self): - self.protocol.lineReceived("test old mcdonald\n") - self.assertEqual(self.client.start_calls, - [subunit.RemotedTestCase("old mcdonald")]) - - def test_start_testing(self): - self.protocol.lineReceived("testing old mcdonald\n") - self.assertEqual(self.client.start_calls, - [subunit.RemotedTestCase("old mcdonald")]) - - def test_start_test_colon(self): - self.protocol.lineReceived("test: old mcdonald\n") - self.assertEqual(self.client.start_calls, - [subunit.RemotedTestCase("old mcdonald")]) - - def test_start_testing_colon(self): - self.protocol.lineReceived("testing: old mcdonald\n") - self.assertEqual(self.client.start_calls, - [subunit.RemotedTestCase("old mcdonald")]) - - -class TestTestProtocolServerPassThrough(unittest.TestCase): - - def setUp(self): - from StringIO import StringIO - self.stdout = StringIO() - self.test = subunit.RemotedTestCase("old mcdonald") - self.client = MockTestProtocolServerClient() - self.protocol = subunit.TestProtocolServer(self.client, self.stdout) - - def keywords_before_test(self): - self.protocol.lineReceived("failure a\n") - self.protocol.lineReceived("failure: a\n") - self.protocol.lineReceived("error a\n") - self.protocol.lineReceived("error: a\n") - self.protocol.lineReceived("success a\n") - self.protocol.lineReceived("success: a\n") - self.protocol.lineReceived("successful a\n") - self.protocol.lineReceived("successful: a\n") - self.protocol.lineReceived("]\n") - self.assertEqual(self.stdout.getvalue(), "failure a\n" - "failure: a\n" - "error a\n" - "error: a\n" - "success a\n" - "success: a\n" - "successful a\n" - "successful: a\n" - "]\n") - - def test_keywords_before_test(self): - self.keywords_before_test() - self.assertEqual(self.client.start_calls, []) - self.assertEqual(self.client.error_calls, []) - self.assertEqual(self.client.failure_calls, []) - self.assertEqual(self.client.success_calls, []) - - def test_keywords_after_error(self): - self.protocol.lineReceived("test old mcdonald\n") - self.protocol.lineReceived("error old mcdonald\n") - self.keywords_before_test() - self.assertEqual(self.client.start_calls, [self.test]) - self.assertEqual(self.client.end_calls, [self.test]) - self.assertEqual(self.client.error_calls, - [(self.test, subunit.RemoteError(""))]) - self.assertEqual(self.client.failure_calls, []) - self.assertEqual(self.client.success_calls, []) - - def test_keywords_after_failure(self): - self.protocol.lineReceived("test old mcdonald\n") - self.protocol.lineReceived("failure old mcdonald\n") - self.keywords_before_test() - self.assertEqual(self.client.start_calls, [self.test]) - self.assertEqual(self.client.end_calls, [self.test]) - self.assertEqual(self.client.error_calls, []) - self.assertEqual(self.client.failure_calls, - [(self.test, subunit.RemoteError())]) - self.assertEqual(self.client.success_calls, []) - - def test_keywords_after_success(self): - self.protocol.lineReceived("test old mcdonald\n") - self.protocol.lineReceived("success old mcdonald\n") - self.keywords_before_test() - self.assertEqual(self.client.start_calls, [self.test]) - self.assertEqual(self.client.end_calls, [self.test]) - self.assertEqual(self.client.error_calls, []) - self.assertEqual(self.client.failure_calls, []) - self.assertEqual(self.client.success_calls, [self.test]) - - def test_keywords_after_test(self): - self.protocol.lineReceived("test old mcdonald\n") - self.protocol.lineReceived("test old mcdonald\n") - self.protocol.lineReceived("failure a\n") - self.protocol.lineReceived("failure: a\n") - self.protocol.lineReceived("error a\n") - self.protocol.lineReceived("error: a\n") - self.protocol.lineReceived("success a\n") - self.protocol.lineReceived("success: a\n") - self.protocol.lineReceived("successful a\n") - self.protocol.lineReceived("successful: a\n") - self.protocol.lineReceived("]\n") - self.protocol.lineReceived("failure old mcdonald\n") - self.assertEqual(self.stdout.getvalue(), "test old mcdonald\n" - "failure a\n" - "failure: a\n" - "error a\n" - "error: a\n" - "success a\n" - "success: a\n" - "successful a\n" - "successful: a\n" - "]\n") - self.assertEqual(self.client.start_calls, [self.test]) - self.assertEqual(self.client.end_calls, [self.test]) - self.assertEqual(self.client.failure_calls, - [(self.test, subunit.RemoteError())]) - self.assertEqual(self.client.error_calls, []) - self.assertEqual(self.client.success_calls, []) - - def test_keywords_during_failure(self): - self.protocol.lineReceived("test old mcdonald\n") - self.protocol.lineReceived("failure: old mcdonald [\n") - self.protocol.lineReceived("test old mcdonald\n") - self.protocol.lineReceived("failure a\n") - self.protocol.lineReceived("failure: a\n") - self.protocol.lineReceived("error a\n") - self.protocol.lineReceived("error: a\n") - self.protocol.lineReceived("success a\n") - self.protocol.lineReceived("success: a\n") - self.protocol.lineReceived("successful a\n") - self.protocol.lineReceived("successful: a\n") - self.protocol.lineReceived(" ]\n") - self.protocol.lineReceived("]\n") - self.assertEqual(self.stdout.getvalue(), "") - self.assertEqual(self.client.start_calls, [self.test]) - self.assertEqual(self.client.failure_calls, - [(self.test, subunit.RemoteError("test old mcdonald\n" - "failure a\n" - "failure: a\n" - "error a\n" - "error: a\n" - "success a\n" - "success: a\n" - "successful a\n" - "successful: a\n" - "]\n"))]) - self.assertEqual(self.client.end_calls, [self.test]) - self.assertEqual(self.client.error_calls, []) - self.assertEqual(self.client.success_calls, []) - - def test_stdout_passthrough(self): - """Lines received which cannot be interpreted as any protocol action - should be passed through to sys.stdout. - """ - bytes = "randombytes\n" - self.protocol.lineReceived(bytes) - self.assertEqual(self.stdout.getvalue(), bytes) - - -class TestTestProtocolServerLostConnection(unittest.TestCase): - - def setUp(self): - self.client = MockTestProtocolServerClient() - self.protocol = subunit.TestProtocolServer(self.client) - self.test = subunit.RemotedTestCase("old mcdonald") - - def test_lost_connection_no_input(self): - self.protocol.lostConnection() - self.assertEqual(self.client.start_calls, []) - self.assertEqual(self.client.error_calls, []) - self.assertEqual(self.client.failure_calls, []) - self.assertEqual(self.client.success_calls, []) - - def test_lost_connection_after_start(self): - self.protocol.lineReceived("test old mcdonald\n") - self.protocol.lostConnection() - self.assertEqual(self.client.start_calls, [self.test]) - self.assertEqual(self.client.end_calls, [self.test]) - self.assertEqual(self.client.error_calls, [ - (self.test, subunit.RemoteError("lost connection during " - "test 'old mcdonald'"))]) - self.assertEqual(self.client.failure_calls, []) - self.assertEqual(self.client.success_calls, []) - - def test_lost_connected_after_error(self): - self.protocol.lineReceived("test old mcdonald\n") - self.protocol.lineReceived("error old mcdonald\n") - self.protocol.lostConnection() - self.assertEqual(self.client.start_calls, [self.test]) - self.assertEqual(self.client.failure_calls, []) - self.assertEqual(self.client.end_calls, [self.test]) - self.assertEqual(self.client.error_calls, [ - (self.test, subunit.RemoteError(""))]) - self.assertEqual(self.client.success_calls, []) - - def test_lost_connection_during_error(self): - self.protocol.lineReceived("test old mcdonald\n") - self.protocol.lineReceived("error old mcdonald [\n") - self.protocol.lostConnection() - self.assertEqual(self.client.start_calls, [self.test]) - self.assertEqual(self.client.end_calls, [self.test]) - self.assertEqual(self.client.error_calls, [ - (self.test, subunit.RemoteError("lost connection during error " - "report of test 'old mcdonald'"))]) - self.assertEqual(self.client.failure_calls, []) - self.assertEqual(self.client.success_calls, []) - - def test_lost_connected_after_failure(self): - self.protocol.lineReceived("test old mcdonald\n") - self.protocol.lineReceived("failure old mcdonald\n") - self.protocol.lostConnection() - test = subunit.RemotedTestCase("old mcdonald") - self.assertEqual(self.client.start_calls, [self.test]) - self.assertEqual(self.client.end_calls, [self.test]) - self.assertEqual(self.client.error_calls, []) - self.assertEqual(self.client.failure_calls, - [(self.test, subunit.RemoteError())]) - self.assertEqual(self.client.success_calls, []) - - def test_lost_connection_during_failure(self): - self.protocol.lineReceived("test old mcdonald\n") - self.protocol.lineReceived("failure old mcdonald [\n") - self.protocol.lostConnection() - self.assertEqual(self.client.start_calls, [self.test]) - self.assertEqual(self.client.end_calls, [self.test]) - self.assertEqual(self.client.error_calls, - [(self.test, - subunit.RemoteError("lost connection during " - "failure report" - " of test 'old mcdonald'"))]) - self.assertEqual(self.client.failure_calls, []) - self.assertEqual(self.client.success_calls, []) - - def test_lost_connection_after_success(self): - self.protocol.lineReceived("test old mcdonald\n") - self.protocol.lineReceived("success old mcdonald\n") - self.protocol.lostConnection() - self.assertEqual(self.client.start_calls, [self.test]) - self.assertEqual(self.client.end_calls, [self.test]) - self.assertEqual(self.client.error_calls, []) - self.assertEqual(self.client.failure_calls, []) - self.assertEqual(self.client.success_calls, [self.test]) - - -class TestTestProtocolServerAddError(unittest.TestCase): - - def setUp(self): - self.client = MockTestProtocolServerClient() - self.protocol = subunit.TestProtocolServer(self.client) - self.protocol.lineReceived("test mcdonalds farm\n") - self.test = subunit.RemotedTestCase("mcdonalds farm") - - def simple_error_keyword(self, keyword): - self.protocol.lineReceived("%s mcdonalds farm\n" % keyword) - self.assertEqual(self.client.start_calls, [self.test]) - self.assertEqual(self.client.end_calls, [self.test]) - self.assertEqual(self.client.error_calls, [ - (self.test, subunit.RemoteError(""))]) - self.assertEqual(self.client.failure_calls, []) - - def test_simple_error(self): - self.simple_error_keyword("error") - - def test_simple_error_colon(self): - self.simple_error_keyword("error:") - - def test_error_empty_message(self): - self.protocol.lineReceived("error mcdonalds farm [\n") - self.protocol.lineReceived("]\n") - self.assertEqual(self.client.start_calls, [self.test]) - self.assertEqual(self.client.end_calls, [self.test]) - self.assertEqual(self.client.error_calls, [ - (self.test, subunit.RemoteError(""))]) - self.assertEqual(self.client.failure_calls, []) - - def error_quoted_bracket(self, keyword): - self.protocol.lineReceived("%s mcdonalds farm [\n" % keyword) - self.protocol.lineReceived(" ]\n") - self.protocol.lineReceived("]\n") - self.assertEqual(self.client.start_calls, [self.test]) - self.assertEqual(self.client.end_calls, [self.test]) - self.assertEqual(self.client.error_calls, [ - (self.test, subunit.RemoteError("]\n"))]) - self.assertEqual(self.client.failure_calls, []) - - def test_error_quoted_bracket(self): - self.error_quoted_bracket("error") - - def test_error_colon_quoted_bracket(self): - self.error_quoted_bracket("error:") - - -class TestTestProtocolServerAddFailure(unittest.TestCase): - - def setUp(self): - self.client = MockTestProtocolServerClient() - self.protocol = subunit.TestProtocolServer(self.client) - self.protocol.lineReceived("test mcdonalds farm\n") - self.test = subunit.RemotedTestCase("mcdonalds farm") - - def simple_failure_keyword(self, keyword): - self.protocol.lineReceived("%s mcdonalds farm\n" % keyword) - self.assertEqual(self.client.start_calls, [self.test]) - self.assertEqual(self.client.end_calls, [self.test]) - self.assertEqual(self.client.error_calls, []) - self.assertEqual(self.client.failure_calls, - [(self.test, subunit.RemoteError())]) - - def test_simple_failure(self): - self.simple_failure_keyword("failure") - - def test_simple_failure_colon(self): - self.simple_failure_keyword("failure:") - - def test_failure_empty_message(self): - self.protocol.lineReceived("failure mcdonalds farm [\n") - self.protocol.lineReceived("]\n") - self.assertEqual(self.client.start_calls, [self.test]) - self.assertEqual(self.client.end_calls, [self.test]) - self.assertEqual(self.client.error_calls, []) - self.assertEqual(self.client.failure_calls, - [(self.test, subunit.RemoteError())]) - - def failure_quoted_bracket(self, keyword): - self.protocol.lineReceived("%s mcdonalds farm [\n" % keyword) - self.protocol.lineReceived(" ]\n") - self.protocol.lineReceived("]\n") - self.assertEqual(self.client.start_calls, [self.test]) - self.assertEqual(self.client.end_calls, [self.test]) - self.assertEqual(self.client.error_calls, []) - self.assertEqual(self.client.failure_calls, - [(self.test, subunit.RemoteError("]\n"))]) - - def test_failure_quoted_bracket(self): - self.failure_quoted_bracket("failure") - - def test_failure_colon_quoted_bracket(self): - self.failure_quoted_bracket("failure:") - - -class TestTestProtocolServerAddSuccess(unittest.TestCase): - - def setUp(self): - self.client = MockTestProtocolServerClient() - self.protocol = subunit.TestProtocolServer(self.client) - self.protocol.lineReceived("test mcdonalds farm\n") - self.test = subunit.RemotedTestCase("mcdonalds farm") - - def simple_success_keyword(self, keyword): - self.protocol.lineReceived("%s mcdonalds farm\n" % keyword) - self.assertEqual(self.client.start_calls, [self.test]) - self.assertEqual(self.client.end_calls, [self.test]) - self.assertEqual(self.client.error_calls, []) - self.assertEqual(self.client.success_calls, [self.test]) - - def test_simple_success(self): - self.simple_success_keyword("failure") - - def test_simple_success_colon(self): - self.simple_success_keyword("failure:") - - def test_simple_success(self): - self.simple_success_keyword("successful") - - def test_simple_success_colon(self): - self.simple_success_keyword("successful:") - - -class TestRemotedTestCase(unittest.TestCase): - - def test_simple(self): - test = subunit.RemotedTestCase("A test description") - self.assertRaises(NotImplementedError, test.setUp) - self.assertRaises(NotImplementedError, test.tearDown) - self.assertEqual("A test description", - test.shortDescription()) - self.assertEqual("subunit.RemotedTestCase.A test description", - test.id()) - self.assertEqual("A test description (subunit.RemotedTestCase)", "%s" % test) - self.assertEqual("", "%r" % test) - result = unittest.TestResult() - test.run(result) - self.assertEqual([(test, "RemoteException: " - "Cannot run RemotedTestCases.\n\n")], - result.errors) - self.assertEqual(1, result.testsRun) - another_test = subunit.RemotedTestCase("A test description") - self.assertEqual(test, another_test) - different_test = subunit.RemotedTestCase("ofo") - self.assertNotEqual(test, different_test) - self.assertNotEqual(another_test, different_test) - - -class TestRemoteError(unittest.TestCase): - - def test_eq(self): - error = subunit.RemoteError("Something went wrong") - another_error = subunit.RemoteError("Something went wrong") - different_error = subunit.RemoteError("boo!") - self.assertEqual(error, another_error) - self.assertNotEqual(error, different_error) - self.assertNotEqual(different_error, another_error) - - def test_empty_constructor(self): - self.assertEqual(subunit.RemoteError(), subunit.RemoteError("")) - - -class TestExecTestCase(unittest.TestCase): - - class SampleExecTestCase(subunit.ExecTestCase): - - def test_sample_method(self): - """sample-script.py""" - # the sample script runs three tests, one each - # that fails, errors and succeeds - - - def test_construct(self): - test = self.SampleExecTestCase("test_sample_method") - self.assertEqual(test.script, - subunit.join_dir(__file__, 'sample-script.py')) - - def test_run(self): - runner = MockTestProtocolServerClient() - test = self.SampleExecTestCase("test_sample_method") - test.run(runner) - mcdonald = subunit.RemotedTestCase("old mcdonald") - bing = subunit.RemotedTestCase("bing crosby") - an_error = subunit.RemotedTestCase("an error") - self.assertEqual(runner.error_calls, - [(an_error, subunit.RemoteError())]) - self.assertEqual(runner.failure_calls, - [(bing, - subunit.RemoteError( - "foo.c:53:ERROR invalid state\n"))]) - self.assertEqual(runner.start_calls, [mcdonald, bing, an_error]) - self.assertEqual(runner.end_calls, [mcdonald, bing, an_error]) - - def test_debug(self): - test = self.SampleExecTestCase("test_sample_method") - test.debug() - - def test_count_test_cases(self): - """TODO run the child process and count responses to determine the count.""" - - def test_join_dir(self): - sibling = subunit.join_dir(__file__, 'foo') - expected = '%s/foo' % (os.path.split(__file__)[0],) - self.assertEqual(sibling, expected) - - -class DoExecTestCase(subunit.ExecTestCase): - - def test_working_script(self): - """sample-two-script.py""" - - -class TestIsolatedTestCase(unittest.TestCase): - - class SampleIsolatedTestCase(subunit.IsolatedTestCase): - - SETUP = False - TEARDOWN = False - TEST = False - - def setUp(self): - TestIsolatedTestCase.SampleIsolatedTestCase.SETUP = True - - def tearDown(self): - TestIsolatedTestCase.SampleIsolatedTestCase.TEARDOWN = True - - def test_sets_global_state(self): - TestIsolatedTestCase.SampleIsolatedTestCase.TEST = True - - - def test_construct(self): - test = self.SampleIsolatedTestCase("test_sets_global_state") - - def test_run(self): - result = unittest.TestResult() - test = self.SampleIsolatedTestCase("test_sets_global_state") - test.run(result) - self.assertEqual(result.testsRun, 1) - self.assertEqual(self.SampleIsolatedTestCase.SETUP, False) - self.assertEqual(self.SampleIsolatedTestCase.TEARDOWN, False) - self.assertEqual(self.SampleIsolatedTestCase.TEST, False) - - def test_debug(self): - pass - #test = self.SampleExecTestCase("test_sample_method") - #test.debug() - - -class TestIsolatedTestSuite(unittest.TestCase): - - class SampleTestToIsolate(unittest.TestCase): - - SETUP = False - TEARDOWN = False - TEST = False - - def setUp(self): - TestIsolatedTestSuite.SampleTestToIsolate.SETUP = True - - def tearDown(self): - TestIsolatedTestSuite.SampleTestToIsolate.TEARDOWN = True - - def test_sets_global_state(self): - TestIsolatedTestSuite.SampleTestToIsolate.TEST = True - - - def test_construct(self): - suite = subunit.IsolatedTestSuite() - - def test_run(self): - result = unittest.TestResult() - suite = subunit.IsolatedTestSuite() - sub_suite = unittest.TestSuite() - sub_suite.addTest(self.SampleTestToIsolate("test_sets_global_state")) - sub_suite.addTest(self.SampleTestToIsolate("test_sets_global_state")) - suite.addTest(sub_suite) - suite.addTest(self.SampleTestToIsolate("test_sets_global_state")) - suite.run(result) - self.assertEqual(result.testsRun, 3) - self.assertEqual(self.SampleTestToIsolate.SETUP, False) - self.assertEqual(self.SampleTestToIsolate.TEARDOWN, False) - self.assertEqual(self.SampleTestToIsolate.TEST, False) - - -class TestTestProtocolClient(unittest.TestCase): - - def setUp(self): - self.io = StringIO() - self.protocol = subunit.TestProtocolClient(self.io) - self.test = TestTestProtocolClient("test_start_test") - - - def test_start_test(self): - """Test startTest on a TestProtocolClient.""" - self.protocol.startTest(self.test) - self.assertEqual(self.io.getvalue(), "test: %s\n" % self.test.id()) - - def test_stop_test(self): - """Test stopTest on a TestProtocolClient.""" - self.protocol.stopTest(self.test) - self.assertEqual(self.io.getvalue(), "") - - def test_add_success(self): - """Test addSuccess on a TestProtocolClient.""" - self.protocol.addSuccess(self.test) - self.assertEqual( - self.io.getvalue(), "successful: %s\n" % self.test.id()) - - def test_add_failure(self): - """Test addFailure on a TestProtocolClient.""" - self.protocol.addFailure(self.test, subunit.RemoteError("boo")) - self.assertEqual( - self.io.getvalue(), - 'failure: %s [\nRemoteException: boo\n]\n' % self.test.id()) - - def test_add_error(self): - """Test stopTest on a TestProtocolClient.""" - self.protocol.addError(self.test, subunit.RemoteError("phwoar")) - self.assertEqual( - self.io.getvalue(), - 'error: %s [\n' - "RemoteException: phwoar\n" - "]\n" % self.test.id()) - - -def test_suite(): - loader = subunit.tests.TestUtil.TestLoader() - result = loader.loadTestsFromName(__name__) - return result -- cgit From f8a02a1a804fdb8640989595e2b57df86281c0f7 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 8 Oct 2008 03:33:38 +0200 Subject: Fix subunit files location after cherrypicks. --- source4/lib/ldb/tests/python/ldap.py | 1 + source4/scripting/bin/subunitrun | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/lib/ldb/tests/python/ldap.py b/source4/lib/ldb/tests/python/ldap.py index 6c910b63f1..e2cc658521 100755 --- a/source4/lib/ldb/tests/python/ldap.py +++ b/source4/lib/ldb/tests/python/ldap.py @@ -8,6 +8,7 @@ import sys import time sys.path.append("bin/python") +sys.path.append("../lib/subunit/python") import samba.getopt as options diff --git a/source4/scripting/bin/subunitrun b/source4/scripting/bin/subunitrun index bc35c7ce22..e7737bdbec 100755 --- a/source4/scripting/bin/subunitrun +++ b/source4/scripting/bin/subunitrun @@ -21,7 +21,7 @@ import sys # Find right directory when running from source tree sys.path.insert(0, "bin/python") -sys.path.insert(0, "../lib/subunit/python") +sys.path.insert(1, "../lib/subunit/python") from subunit import SubunitTestRunner from unittest import TestProgram -- cgit From 6e493fc631647c1c4d19f77dd9f625202bd889f2 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 8 Oct 2008 11:56:46 +0200 Subject: Add manpage for nmblookup, move nmblookup closer to nbt library. --- source4/libcli/config.mk | 14 ++ source4/libcli/nbt/man/nmblookup.1.xml | 223 +++++++++++++++++++ source4/libcli/nbt/tools/nmblookup.c | 381 +++++++++++++++++++++++++++++++++ source4/utils/config.mk | 17 -- source4/utils/nmblookup.c | 381 --------------------------------- 5 files changed, 618 insertions(+), 398 deletions(-) create mode 100644 source4/libcli/nbt/man/nmblookup.1.xml create mode 100644 source4/libcli/nbt/tools/nmblookup.c delete mode 100644 source4/utils/nmblookup.c (limited to 'source4') diff --git a/source4/libcli/config.mk b/source4/libcli/config.mk index d68a2a2ce3..8e8587ffa4 100644 --- a/source4/libcli/config.mk +++ b/source4/libcli/config.mk @@ -55,6 +55,20 @@ LIBCLI_NBT_OBJ_FILES = $(addprefix $(libclinbtsrcdir)/nbt/, \ namerefresh.o \ namerelease.o) +[BINARY::nmblookup] +INSTALLDIR = BINDIR +PRIVATE_DEPENDENCIES = \ + LIBSAMBA-HOSTCONFIG \ + LIBSAMBA-UTIL \ + LIBCLI_NBT \ + LIBPOPT \ + POPT_SAMBA \ + LIBNETIF \ + LIBCLI_RESOLVE + +nmblookup_OBJ_FILES = $(libclinbtsrcdir)/tools/nmblookup.o +MANPAGES += $(libclinbtsrcdir)/man/nmblookup.1 + [SUBSYSTEM::LIBCLI_NDR_NETLOGON] PUBLIC_DEPENDENCIES = LIBNDR \ NDR_SECURITY diff --git a/source4/libcli/nbt/man/nmblookup.1.xml b/source4/libcli/nbt/man/nmblookup.1.xml new file mode 100644 index 0000000000..85640da033 --- /dev/null +++ b/source4/libcli/nbt/man/nmblookup.1.xml @@ -0,0 +1,223 @@ + + + + + + nmblookup + 1 + Samba + User Commands + 3.2 + + + + + nmblookup + NetBIOS over TCP/IP client used to lookup NetBIOS + names + + + + + nmblookup + -M + -R + -S + -r + -A + -h + -B <broadcast address> + -U <unicast address> + -d <debug level> + -s <smb config file> + -i <NetBIOS scope> + -T + -f + name + + + + + DESCRIPTION + + This tool is part of the samba + 7 suite. + + nmblookup is used to query NetBIOS names + and map them to IP addresses in a network using NetBIOS over TCP/IP + queries. The options allow the name queries to be directed at a + particular IP broadcast area or to a particular machine. All queries + are done over UDP. + + + + OPTIONS + + + + -M + Searches for a master browser by looking + up the NetBIOS name name with a + type of 0x1d. If + name is "-" then it does a lookup on the special name + __MSBROWSE__. Please note that in order to + use the name "-", you need to make sure "-" isn't parsed as an + argument, e.g. use : + nmblookup -M -- -. + + + + -R + Set the recursion desired bit in the packet + to do a recursive lookup. This is used when sending a name + query to a machine running a WINS server and the user wishes + to query the names in the WINS server. If this bit is unset + the normal (broadcast responding) NetBIOS processing code + on a machine is used instead. See RFC1001, RFC1002 for details. + + + + + -S + Once the name query has returned an IP + address then do a node status query as well. A node status + query returns the NetBIOS names registered by a host. + + + + + + -r + Try and bind to UDP port 137 to send and receive UDP + datagrams. The reason for this option is a bug in Windows 95 + where it ignores the source port of the requesting packet + and only replies to UDP port 137. Unfortunately, on most UNIX + systems root privilege is needed to bind to this port, and + in addition, if the nmbd + 8 daemon is running on this machine it also binds to this port. + + + + + + -A + Interpret name as + an IP Address and do a node status query on this address. + + + + + + &popt.common.connection; + &stdarg.help; + + + -B <broadcast address> + Send the query to the given broadcast address. Without + this option the default behavior of nmblookup is to send the + query to the broadcast address of the network interfaces as + either auto-detected or defined in the interfaces + parameter of the smb.conf + 5 file. + + + + + + + -U <unicast address> + Do a unicast query to the specified address or + host unicast address. This option + (along with the -R option) is needed to + query a WINS server. + + + &stdarg.server.debug; + &popt.common.samba; + + + -T + This causes any IP addresses found in the + lookup to be looked up via a reverse DNS lookup into a + DNS name, and printed out before each + + IP address .... NetBIOS name + + pair that is the normal output. + + + + -f + + Show which flags apply to the name that has been looked up. Possible + answers are zero or more of: Response, Authoritative, + Truncated, Recursion_Desired, Recursion_Available, Broadcast. + + + + + + name + This is the NetBIOS name being queried. Depending + upon the previous options this may be a NetBIOS name or IP address. + If a NetBIOS name then the different name types may be specified + by appending '#<type>' to the name. This name may also be + '*', which will return all registered names within a broadcast + area. + + + + + + + EXAMPLES + + nmblookup can be used to query + a WINS server (in the same way nslookup is + used to query DNS servers). To query a WINS server, nmblookup + must be called like this: + + nmblookup -U server -R 'name' + + For example, running : + + nmblookup -U samba.org -R 'IRIX#1B' + + would query the WINS server samba.org for the domain + master browser (1B name type) for the IRIX workgroup. + + + + VERSION + + This man page is correct for version 3 of + the Samba suite. + + + + SEE ALSO + nmbd + 8, samba + 7, and smb.conf + 5. + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter. The conversion to DocBook + XML 4.2 for Samba 3.0 was done by Alexander Bokovoy. + + + diff --git a/source4/libcli/nbt/tools/nmblookup.c b/source4/libcli/nbt/tools/nmblookup.c new file mode 100644 index 0000000000..0d98cb99de --- /dev/null +++ b/source4/libcli/nbt/tools/nmblookup.c @@ -0,0 +1,381 @@ +/* + Unix SMB/CIFS implementation. + + NBT client - used to lookup netbios names + + Copyright (C) Andrew Tridgell 1994-2005 + Copyright (C) Jelmer Vernooij 2003 (Conversion to popt) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . + +*/ + +#include "includes.h" +#include "lib/cmdline/popt_common.h" +#include "lib/socket/socket.h" +#include "lib/events/events.h" +#include "system/network.h" +#include "system/locale.h" +#include "lib/socket/netif.h" +#include "librpc/gen_ndr/nbt.h" +#include "../libcli/nbt/libnbt.h" +#include "param/param.h" + +/* command line options */ +static struct { + const char *broadcast_address; + const char *unicast_address; + bool find_master; + bool wins_lookup; + bool node_status; + bool root_port; + bool lookup_by_ip; + bool case_sensitive; +} options; + +/* + clean any binary from a node name +*/ +static const char *clean_name(TALLOC_CTX *mem_ctx, const char *name) +{ + char *ret = talloc_strdup(mem_ctx, name); + int i; + for (i=0;ret[i];i++) { + if (!isprint((unsigned char)ret[i])) ret[i] = '.'; + } + return ret; +} + +/* + turn a node status flags field into a string +*/ +static char *node_status_flags(TALLOC_CTX *mem_ctx, uint16_t flags) +{ + char *ret; + const char *group = " "; + const char *type = "B"; + + if (flags & NBT_NM_GROUP) { + group = ""; + } + + switch (flags & NBT_NM_OWNER_TYPE) { + case NBT_NODE_B: + type = "B"; + break; + case NBT_NODE_P: + type = "P"; + break; + case NBT_NODE_M: + type = "M"; + break; + case NBT_NODE_H: + type = "H"; + break; + } + + ret = talloc_asprintf(mem_ctx, "%s %s", group, type); + + if (flags & NBT_NM_DEREGISTER) { + ret = talloc_asprintf_append_buffer(ret, " "); + } + if (flags & NBT_NM_CONFLICT) { + ret = talloc_asprintf_append_buffer(ret, " "); + } + if (flags & NBT_NM_ACTIVE) { + ret = talloc_asprintf_append_buffer(ret, " "); + } + if (flags & NBT_NM_PERMANENT) { + ret = talloc_asprintf_append_buffer(ret, " "); + } + + return ret; +} + +/* do a single node status */ +static bool do_node_status(struct nbt_name_socket *nbtsock, + const char *addr, uint16_t port) +{ + struct nbt_name_status io; + NTSTATUS status; + + io.in.name.name = "*"; + io.in.name.type = NBT_NAME_CLIENT; + io.in.name.scope = NULL; + io.in.dest_addr = addr; + io.in.dest_port = port; + io.in.timeout = 1; + io.in.retries = 2; + + status = nbt_name_status(nbtsock, nbtsock, &io); + if (NT_STATUS_IS_OK(status)) { + int i; + printf("Node status reply from %s\n", + io.out.reply_from); + for (i=0;i %s\n", + clean_name(nbtsock, io.out.status.names[i].name), + io.out.status.names[i].type, + node_status_flags(nbtsock, io.out.status.names[i].nb_flags)); + } + printf("\n\tMAC Address = %02X-%02X-%02X-%02X-%02X-%02X\n", + io.out.status.statistics.unit_id[0], + io.out.status.statistics.unit_id[1], + io.out.status.statistics.unit_id[2], + io.out.status.statistics.unit_id[3], + io.out.status.statistics.unit_id[4], + io.out.status.statistics.unit_id[5]); + return true; + } + + return false; +} + +/* do a single node query */ +static NTSTATUS do_node_query(struct nbt_name_socket *nbtsock, + const char *addr, + uint16_t port, + const char *node_name, + enum nbt_name_type node_type, + bool broadcast) +{ + struct nbt_name_query io; + NTSTATUS status; + int i; + + io.in.name.name = node_name; + io.in.name.type = node_type; + io.in.name.scope = NULL; + io.in.dest_addr = addr; + io.in.dest_port = port; + io.in.broadcast = broadcast; + io.in.wins_lookup = options.wins_lookup; + io.in.timeout = 1; + io.in.retries = 2; + + status = nbt_name_query(nbtsock, nbtsock, &io); + NT_STATUS_NOT_OK_RETURN(status); + + for (i=0;i\n", + io.out.reply_addrs[i], + io.out.name.name, + io.out.name.type); + } + if (options.node_status && io.out.num_addrs > 0) { + do_node_status(nbtsock, io.out.reply_addrs[0], port); + } + + return status; +} + + +static bool process_one(struct loadparm_context *lp_ctx, struct event_context *ev, + struct interface *ifaces, const char *name, int nbt_port) +{ + TALLOC_CTX *tmp_ctx = talloc_new(NULL); + enum nbt_name_type node_type = NBT_NAME_CLIENT; + char *node_name, *p; + struct socket_address *all_zero_addr; + struct nbt_name_socket *nbtsock; + NTSTATUS status = NT_STATUS_OK; + bool ret = true; + + if (!options.case_sensitive) { + name = strupper_talloc(tmp_ctx, name); + } + + if (options.find_master) { + node_type = NBT_NAME_MASTER; + if (*name == '-' || *name == '_') { + name = "\01\02__MSBROWSE__\02"; + node_type = NBT_NAME_MS; + } + } + + p = strchr(name, '#'); + if (p) { + node_name = talloc_strndup(tmp_ctx, name, PTR_DIFF(p,name)); + node_type = (enum nbt_name_type)strtol(p+1, NULL, 16); + } else { + node_name = talloc_strdup(tmp_ctx, name); + } + + nbtsock = nbt_name_socket_init(tmp_ctx, ev, lp_iconv_convenience(lp_ctx)); + + if (options.root_port) { + all_zero_addr = socket_address_from_strings(tmp_ctx, nbtsock->sock->backend_name, + "0.0.0.0", NBT_NAME_SERVICE_PORT); + + if (!all_zero_addr) { + talloc_free(tmp_ctx); + return false; + } + + status = socket_listen(nbtsock->sock, all_zero_addr, 0, 0); + if (!NT_STATUS_IS_OK(status)) { + printf("Failed to bind to local port 137 - %s\n", nt_errstr(status)); + talloc_free(tmp_ctx); + return false; + } + } + + if (options.lookup_by_ip) { + ret = do_node_status(nbtsock, name, nbt_port); + talloc_free(tmp_ctx); + return ret; + } + + if (options.broadcast_address) { + status = do_node_query(nbtsock, options.broadcast_address, nbt_port, + node_name, node_type, true); + } else if (options.unicast_address) { + status = do_node_query(nbtsock, options.unicast_address, + nbt_port, node_name, node_type, false); + } else { + int i, num_interfaces; + + num_interfaces = iface_count(ifaces); + for (i=0;i as an IP Address", NULL }, + + { "case-sensitive", 0, POPT_ARG_NONE, NULL, OPT_CASE_SENSITIVE, + "Don't uppercase the name before sending", NULL }, + + POPT_COMMON_SAMBA + { 0, 0, 0, 0 } + }; + + pc = poptGetContext("nmblookup", argc, argv, long_options, + POPT_CONTEXT_KEEP_FIRST); + + poptSetOtherOptionHelp(pc, " ..."); + + while ((opt = poptGetNextOpt(pc)) != -1) { + switch(opt) { + case OPT_BROADCAST_ADDRESS: + options.broadcast_address = poptGetOptArg(pc); + break; + case OPT_UNICAST_ADDRESS: + options.unicast_address = poptGetOptArg(pc); + break; + case OPT_FIND_MASTER: + options.find_master = true; + break; + case OPT_WINS_LOOKUP: + options.wins_lookup = true; + break; + case OPT_NODE_STATUS: + options.node_status = true; + break; + case OPT_ROOT_PORT: + options.root_port = true; + break; + case OPT_LOOKUP_BY_IP: + options.lookup_by_ip = true; + break; + case OPT_CASE_SENSITIVE: + options.case_sensitive = true; + break; + } + } + + /* swallow argv[0] */ + poptGetArg(pc); + + if(!poptPeekArg(pc)) { + poptPrintUsage(pc, stderr, 0); + exit(1); + } + + load_interfaces(NULL, lp_interfaces(cmdline_lp_ctx), &ifaces); + + ev = s4_event_context_init(talloc_autofree_context()); + + while (poptPeekArg(pc)) { + const char *name = poptGetArg(pc); + + ret &= process_one(cmdline_lp_ctx, ev, ifaces, name, lp_nbt_port(cmdline_lp_ctx)); + } + + talloc_free(ev); + + talloc_free(ifaces); + + poptFreeContext(pc); + + if (!ret) { + return 1; + } + + return 0; +} diff --git a/source4/utils/config.mk b/source4/utils/config.mk index 37a19077f1..0b98dcfa85 100644 --- a/source4/utils/config.mk +++ b/source4/utils/config.mk @@ -61,23 +61,6 @@ PRIVATE_DEPENDENCIES = setnttoken_OBJ_FILES = $(utilssrcdir)/setnttoken.o -################################# -# Start BINARY nmblookup -[BINARY::nmblookup] -INSTALLDIR = BINDIR -PRIVATE_DEPENDENCIES = \ - LIBSAMBA-HOSTCONFIG \ - LIBSAMBA-UTIL \ - LIBCLI_NBT \ - LIBPOPT \ - POPT_SAMBA \ - LIBNETIF \ - LIBCLI_RESOLVE -# End BINARY nmblookup -################################# - -nmblookup_OBJ_FILES = $(utilssrcdir)/nmblookup.o - ################################# # Start BINARY testparm [BINARY::testparm] diff --git a/source4/utils/nmblookup.c b/source4/utils/nmblookup.c deleted file mode 100644 index 0d98cb99de..0000000000 --- a/source4/utils/nmblookup.c +++ /dev/null @@ -1,381 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - NBT client - used to lookup netbios names - - Copyright (C) Andrew Tridgell 1994-2005 - Copyright (C) Jelmer Vernooij 2003 (Conversion to popt) - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . - -*/ - -#include "includes.h" -#include "lib/cmdline/popt_common.h" -#include "lib/socket/socket.h" -#include "lib/events/events.h" -#include "system/network.h" -#include "system/locale.h" -#include "lib/socket/netif.h" -#include "librpc/gen_ndr/nbt.h" -#include "../libcli/nbt/libnbt.h" -#include "param/param.h" - -/* command line options */ -static struct { - const char *broadcast_address; - const char *unicast_address; - bool find_master; - bool wins_lookup; - bool node_status; - bool root_port; - bool lookup_by_ip; - bool case_sensitive; -} options; - -/* - clean any binary from a node name -*/ -static const char *clean_name(TALLOC_CTX *mem_ctx, const char *name) -{ - char *ret = talloc_strdup(mem_ctx, name); - int i; - for (i=0;ret[i];i++) { - if (!isprint((unsigned char)ret[i])) ret[i] = '.'; - } - return ret; -} - -/* - turn a node status flags field into a string -*/ -static char *node_status_flags(TALLOC_CTX *mem_ctx, uint16_t flags) -{ - char *ret; - const char *group = " "; - const char *type = "B"; - - if (flags & NBT_NM_GROUP) { - group = ""; - } - - switch (flags & NBT_NM_OWNER_TYPE) { - case NBT_NODE_B: - type = "B"; - break; - case NBT_NODE_P: - type = "P"; - break; - case NBT_NODE_M: - type = "M"; - break; - case NBT_NODE_H: - type = "H"; - break; - } - - ret = talloc_asprintf(mem_ctx, "%s %s", group, type); - - if (flags & NBT_NM_DEREGISTER) { - ret = talloc_asprintf_append_buffer(ret, " "); - } - if (flags & NBT_NM_CONFLICT) { - ret = talloc_asprintf_append_buffer(ret, " "); - } - if (flags & NBT_NM_ACTIVE) { - ret = talloc_asprintf_append_buffer(ret, " "); - } - if (flags & NBT_NM_PERMANENT) { - ret = talloc_asprintf_append_buffer(ret, " "); - } - - return ret; -} - -/* do a single node status */ -static bool do_node_status(struct nbt_name_socket *nbtsock, - const char *addr, uint16_t port) -{ - struct nbt_name_status io; - NTSTATUS status; - - io.in.name.name = "*"; - io.in.name.type = NBT_NAME_CLIENT; - io.in.name.scope = NULL; - io.in.dest_addr = addr; - io.in.dest_port = port; - io.in.timeout = 1; - io.in.retries = 2; - - status = nbt_name_status(nbtsock, nbtsock, &io); - if (NT_STATUS_IS_OK(status)) { - int i; - printf("Node status reply from %s\n", - io.out.reply_from); - for (i=0;i %s\n", - clean_name(nbtsock, io.out.status.names[i].name), - io.out.status.names[i].type, - node_status_flags(nbtsock, io.out.status.names[i].nb_flags)); - } - printf("\n\tMAC Address = %02X-%02X-%02X-%02X-%02X-%02X\n", - io.out.status.statistics.unit_id[0], - io.out.status.statistics.unit_id[1], - io.out.status.statistics.unit_id[2], - io.out.status.statistics.unit_id[3], - io.out.status.statistics.unit_id[4], - io.out.status.statistics.unit_id[5]); - return true; - } - - return false; -} - -/* do a single node query */ -static NTSTATUS do_node_query(struct nbt_name_socket *nbtsock, - const char *addr, - uint16_t port, - const char *node_name, - enum nbt_name_type node_type, - bool broadcast) -{ - struct nbt_name_query io; - NTSTATUS status; - int i; - - io.in.name.name = node_name; - io.in.name.type = node_type; - io.in.name.scope = NULL; - io.in.dest_addr = addr; - io.in.dest_port = port; - io.in.broadcast = broadcast; - io.in.wins_lookup = options.wins_lookup; - io.in.timeout = 1; - io.in.retries = 2; - - status = nbt_name_query(nbtsock, nbtsock, &io); - NT_STATUS_NOT_OK_RETURN(status); - - for (i=0;i\n", - io.out.reply_addrs[i], - io.out.name.name, - io.out.name.type); - } - if (options.node_status && io.out.num_addrs > 0) { - do_node_status(nbtsock, io.out.reply_addrs[0], port); - } - - return status; -} - - -static bool process_one(struct loadparm_context *lp_ctx, struct event_context *ev, - struct interface *ifaces, const char *name, int nbt_port) -{ - TALLOC_CTX *tmp_ctx = talloc_new(NULL); - enum nbt_name_type node_type = NBT_NAME_CLIENT; - char *node_name, *p; - struct socket_address *all_zero_addr; - struct nbt_name_socket *nbtsock; - NTSTATUS status = NT_STATUS_OK; - bool ret = true; - - if (!options.case_sensitive) { - name = strupper_talloc(tmp_ctx, name); - } - - if (options.find_master) { - node_type = NBT_NAME_MASTER; - if (*name == '-' || *name == '_') { - name = "\01\02__MSBROWSE__\02"; - node_type = NBT_NAME_MS; - } - } - - p = strchr(name, '#'); - if (p) { - node_name = talloc_strndup(tmp_ctx, name, PTR_DIFF(p,name)); - node_type = (enum nbt_name_type)strtol(p+1, NULL, 16); - } else { - node_name = talloc_strdup(tmp_ctx, name); - } - - nbtsock = nbt_name_socket_init(tmp_ctx, ev, lp_iconv_convenience(lp_ctx)); - - if (options.root_port) { - all_zero_addr = socket_address_from_strings(tmp_ctx, nbtsock->sock->backend_name, - "0.0.0.0", NBT_NAME_SERVICE_PORT); - - if (!all_zero_addr) { - talloc_free(tmp_ctx); - return false; - } - - status = socket_listen(nbtsock->sock, all_zero_addr, 0, 0); - if (!NT_STATUS_IS_OK(status)) { - printf("Failed to bind to local port 137 - %s\n", nt_errstr(status)); - talloc_free(tmp_ctx); - return false; - } - } - - if (options.lookup_by_ip) { - ret = do_node_status(nbtsock, name, nbt_port); - talloc_free(tmp_ctx); - return ret; - } - - if (options.broadcast_address) { - status = do_node_query(nbtsock, options.broadcast_address, nbt_port, - node_name, node_type, true); - } else if (options.unicast_address) { - status = do_node_query(nbtsock, options.unicast_address, - nbt_port, node_name, node_type, false); - } else { - int i, num_interfaces; - - num_interfaces = iface_count(ifaces); - for (i=0;i as an IP Address", NULL }, - - { "case-sensitive", 0, POPT_ARG_NONE, NULL, OPT_CASE_SENSITIVE, - "Don't uppercase the name before sending", NULL }, - - POPT_COMMON_SAMBA - { 0, 0, 0, 0 } - }; - - pc = poptGetContext("nmblookup", argc, argv, long_options, - POPT_CONTEXT_KEEP_FIRST); - - poptSetOtherOptionHelp(pc, " ..."); - - while ((opt = poptGetNextOpt(pc)) != -1) { - switch(opt) { - case OPT_BROADCAST_ADDRESS: - options.broadcast_address = poptGetOptArg(pc); - break; - case OPT_UNICAST_ADDRESS: - options.unicast_address = poptGetOptArg(pc); - break; - case OPT_FIND_MASTER: - options.find_master = true; - break; - case OPT_WINS_LOOKUP: - options.wins_lookup = true; - break; - case OPT_NODE_STATUS: - options.node_status = true; - break; - case OPT_ROOT_PORT: - options.root_port = true; - break; - case OPT_LOOKUP_BY_IP: - options.lookup_by_ip = true; - break; - case OPT_CASE_SENSITIVE: - options.case_sensitive = true; - break; - } - } - - /* swallow argv[0] */ - poptGetArg(pc); - - if(!poptPeekArg(pc)) { - poptPrintUsage(pc, stderr, 0); - exit(1); - } - - load_interfaces(NULL, lp_interfaces(cmdline_lp_ctx), &ifaces); - - ev = s4_event_context_init(talloc_autofree_context()); - - while (poptPeekArg(pc)) { - const char *name = poptGetArg(pc); - - ret &= process_one(cmdline_lp_ctx, ev, ifaces, name, lp_nbt_port(cmdline_lp_ctx)); - } - - talloc_free(ev); - - talloc_free(ifaces); - - poptFreeContext(pc); - - if (!ret) { - return 1; - } - - return 0; -} -- cgit From 08223692c69963bdb47b1687dc5be760e0c7ad7b Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 8 Oct 2008 12:03:45 +0200 Subject: fix libclinbtsrcdir variable. --- source4/Makefile | 2 +- source4/libcli/config.mk | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) (limited to 'source4') diff --git a/source4/Makefile b/source4/Makefile index 74383b1a59..cab82674d2 100644 --- a/source4/Makefile +++ b/source4/Makefile @@ -97,7 +97,7 @@ ntvfssrcdir := ntvfs ntptrsrcdir := ntptr librpcsrcdir := librpc libclisrcdir := libcli -libclinbtsrcdir := ../libcli +libclinbtsrcdir := ../libcli/nbt pyscriptsrcdir := $(srcdir)/scripting/python kdcsrcdir := kdc ntp_signdsrcdir := ntp_signd diff --git a/source4/libcli/config.mk b/source4/libcli/config.mk index 8e8587ffa4..8d9a1f5fa8 100644 --- a/source4/libcli/config.mk +++ b/source4/libcli/config.mk @@ -40,15 +40,15 @@ $(eval $(call proto_header_template,$(libclisrcdir)/smb_composite/proto.h,$(LIBC [SUBSYSTEM::NDR_NBT_BUF] -NDR_NBT_BUF_OBJ_FILES = $(libclinbtsrcdir)/nbt/nbtname.o +NDR_NBT_BUF_OBJ_FILES = $(libclinbtsrcdir)/nbtname.o -$(eval $(call proto_header_template,$(libclinbtsrcdir)/nbt/nbtname.h,$(NDR_NBT_BUF_OBJ_FILES:.o=.c))) +$(eval $(call proto_header_template,$(libclinbtsrcdir)/nbtname.h,$(NDR_NBT_BUF_OBJ_FILES:.o=.c))) [SUBSYSTEM::LIBCLI_NBT] PUBLIC_DEPENDENCIES = LIBNDR NDR_NBT LIBCLI_COMPOSITE LIBEVENTS \ NDR_SECURITY samba-socket LIBSAMBA-UTIL -LIBCLI_NBT_OBJ_FILES = $(addprefix $(libclinbtsrcdir)/nbt/, \ +LIBCLI_NBT_OBJ_FILES = $(addprefix $(libclinbtsrcdir)/, \ nbtsocket.o \ namequery.o \ nameregister.o \ @@ -73,19 +73,19 @@ MANPAGES += $(libclinbtsrcdir)/man/nmblookup.1 PUBLIC_DEPENDENCIES = LIBNDR \ NDR_SECURITY -LIBCLI_NDR_NETLOGON_OBJ_FILES = $(addprefix $(libclinbtsrcdir)/, ndr_netlogon.o) +LIBCLI_NDR_NETLOGON_OBJ_FILES = $(addprefix $(libclinbtsrcdir)/../, ndr_netlogon.o) [SUBSYSTEM::LIBCLI_NETLOGON] PUBLIC_DEPENDENCIES = LIBSAMBA-UTIL LIBCLI_NDR_NETLOGON LIBCLI_NETLOGON_OBJ_FILES = $(addprefix $(libclinbtsrcdir)/, \ - netlogon.o) + ../netlogon.o) [PYTHON::python_netbios] LIBRARY_REALNAME = samba/netbios.$(SHLIBEXT) PUBLIC_DEPENDENCIES = LIBCLI_NBT DYNCONFIG LIBSAMBA-HOSTCONFIG -python_netbios_OBJ_FILES = $(libclinbtsrcdir)/nbt/pynbt.o +python_netbios_OBJ_FILES = $(libclinbtsrcdir)/pynbt.o $(python_libcli_nbt_OBJ_FILES): CFLAGS+=$(CFLAG_NO_UNUSED_MACROS) $(CFLAG_NO_CAST_QUAL) -- cgit From 71ef7ae824b1e8d411590a9a7dbd1f5b86b9df5e Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 8 Oct 2008 12:08:52 +0200 Subject: Remove duplicate copy of manual page. --- source4/utils/man/ndrdump.1.xml | 83 ----------------------------------------- 1 file changed, 83 deletions(-) delete mode 100644 source4/utils/man/ndrdump.1.xml (limited to 'source4') diff --git a/source4/utils/man/ndrdump.1.xml b/source4/utils/man/ndrdump.1.xml deleted file mode 100644 index 9d66102682..0000000000 --- a/source4/utils/man/ndrdump.1.xml +++ /dev/null @@ -1,83 +0,0 @@ - - - - - - ndrdump - 1 - - - - - ndrdump - DCE/RPC Packet Parser and Dumper - - - - - ndrdump - -c context - pipe - function - in|out - filename - - - ndrdump - pipe - - - ndrdump - - - - - DESCRIPTION - - ndrdump tries to parse the specified filename - using Samba's parser for the specified pipe and function. The - third argument should be - either in or out, depending - on whether the data should be parsed as a request or a reply. - - Running ndrdump without arguments will list the pipes for which - parsers are available. - - Running ndrdump with one argument will list the functions that - Samba can parse for the specified pipe. - - The primary function of ndrdump is debugging Samba's internal - DCE/RPC parsing functions. The file being parsed is usually - one exported by wiresharks Export selected packet bytes - function. - - The context argument can be used to load context data from the request - packet when parsing reply packets (such as array lengths). - - - - - VERSION - - This man page is correct for version 4.0 of the Samba suite. - - - - SEE ALSO - - wireshark, pidl - - - - - AUTHOR - - This utility is part of the Samba suite, which is developed by the global Samba Team. - - ndrdump was written by Andrew Tridgell. - - This manpage was written by Jelmer Vernooij. - - - - -- cgit From 9b331df4124118f3957c281023fe8dd11edd44be Mon Sep 17 00:00:00 2001 From: Tim Prouty Date: Wed, 8 Oct 2008 11:48:01 -0700 Subject: Add support for autogen to take a --version-file argument --- source4/autogen.sh | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/autogen.sh b/source4/autogen.sh index a56c5a2238..9984712caf 100755 --- a/source4/autogen.sh +++ b/source4/autogen.sh @@ -2,6 +2,18 @@ # Run this script to build samba from git. +while true; do + case $1 in + (--version-file) + VERSION_FILE=$2 + shift 2 + ;; + (*) + break + ;; + esac +done + ## insert all possible names (only works with ## autoconf 2.x) TESTAUTOHEADER="autoheader autoheader-2.53 autoheader2.50 autoheader259 autoheader253" @@ -48,7 +60,7 @@ if test "$AUTOCONFFOUND" = "0" -o "$AUTOHEADERFOUND" = "0"; then fi echo "$0: running script/mkversion.sh" -./script/mkversion.sh || exit 1 +./script/mkversion.sh $VERSION_FILE || exit 1 rm -rf autom4te*.cache rm -f configure include/config_tmp.h* -- cgit From 63291018df809296479147a91c055e296b9ce772 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 8 Oct 2008 17:19:46 +0200 Subject: Use const. --- source4/torture/raw/chkpath.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'source4') diff --git a/source4/torture/raw/chkpath.c b/source4/torture/raw/chkpath.c index 2ed83d308c..68ef8e226d 100644 --- a/source4/torture/raw/chkpath.c +++ b/source4/torture/raw/chkpath.c @@ -147,11 +147,11 @@ static bool test_chkpath(struct smbcli_state *cli, struct torture_context *tctx) } ret &= test_path_ex(cli, tctx, BASEDIR, BASEDIR, NT_STATUS_OK, NT_STATUS_OK); - ret &= test_path_ex(cli, tctx, ((char *)BASEDIR) + 1, BASEDIR, NT_STATUS_OK, NT_STATUS_OK); - ret &= test_path_ex(cli, tctx, ((char *)BASEDIR"\\\\") + 1, BASEDIR, NT_STATUS_OK, NT_STATUS_OK); - ret &= test_path_ex(cli, tctx, ((char *)BASEDIR"\\foo\\..") + 1, BASEDIR, NT_STATUS_OK, NT_STATUS_OK); - ret &= test_path_ex(cli, tctx, ((char *)BASEDIR"\\f\\o\\o\\..\\..\\..") + 1, BASEDIR, NT_STATUS_OK, NT_STATUS_OK); - ret &= test_path_ex(cli, tctx, ((char *)BASEDIR"\\foo\\\\..\\\\") + 1, BASEDIR, NT_STATUS_OK, NT_STATUS_OK); + ret &= test_path_ex(cli, tctx, ((const char *)BASEDIR) + 1, BASEDIR, NT_STATUS_OK, NT_STATUS_OK); + ret &= test_path_ex(cli, tctx, ((const char *)BASEDIR"\\\\") + 1, BASEDIR, NT_STATUS_OK, NT_STATUS_OK); + ret &= test_path_ex(cli, tctx, ((const char *)BASEDIR"\\foo\\..") + 1, BASEDIR, NT_STATUS_OK, NT_STATUS_OK); + ret &= test_path_ex(cli, tctx, ((const char *)BASEDIR"\\f\\o\\o\\..\\..\\..") + 1, BASEDIR, NT_STATUS_OK, NT_STATUS_OK); + ret &= test_path_ex(cli, tctx, ((const char *)BASEDIR"\\foo\\\\..\\\\") + 1, BASEDIR, NT_STATUS_OK, NT_STATUS_OK); ret &= test_path_ex(cli, tctx, BASEDIR"\\", BASEDIR, NT_STATUS_OK, NT_STATUS_OK); ret &= test_path_ex(cli, tctx, BASEDIR"\\\\..\\"BASEDIR, BASEDIR, NT_STATUS_OK, NT_STATUS_OK); ret &= test_path_ex(cli, tctx, BASEDIR"\\\\\\", BASEDIR, NT_STATUS_OK, NT_STATUS_OK); -- cgit