static DWORD _VmGetHighestCommittedUSN( PSTR* ppszHighestCommittedUSN ) { DWORD dwError = 0; USN usn = 0; USN nextUSN = 0; VDIR_ENTRY_ARRAY entryArray = {0}; PSTR pszUSN = NULL; VDIR_BACKEND_CTX beCtx = {0}; beCtx.pBE = VmDirBackendSelect(NULL); assert(beCtx.pBE); dwError = beCtx.pBE->pfnBEGetNextUSN(&beCtx, &nextUSN); BAIL_ON_VMDIR_ERROR(dwError); for (usn=nextUSN; usn > 1LL; usn--) { VMDIR_SAFE_FREE_MEMORY(pszUSN); VmDirFreeEntryArrayContent(&entryArray); dwError = VmDirAllocateStringPrintf(&pszUSN, "%" PRId64, usn); BAIL_ON_VMDIR_ERROR(dwError); dwError = VmDirSimpleEqualFilterInternalSearch( "", LDAP_SCOPE_SUBTREE, ATTR_USN_CHANGED, pszUSN, &entryArray); BAIL_ON_VMDIR_ERROR(dwError); if (entryArray.iSize == 1 ) { break; } } if (usn == 0) { BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_STATE); } *ppszHighestCommittedUSN = pszUSN; pszUSN = NULL; cleanup: VMDIR_SAFE_FREE_MEMORY(pszUSN); VmDirFreeEntryArrayContent(&entryArray); VmDirBackendCtxContentFree(&beCtx); return dwError; error: VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "error (%u), start USN %" PRId64, dwError, nextUSN); goto cleanup; }
static int _VmGetHighestCommittedUSN( USN startUsn, USN *hcUsn) { DWORD dwError = 0; USN usn = 0; VDIR_ENTRY_ARRAY entryArray = {0}; PSTR usnStr = NULL; for (usn=startUsn; usn > 1LL; usn--) { VMDIR_SAFE_FREE_MEMORY(usnStr); VmDirFreeEntryArrayContent(&entryArray); dwError = VmDirAllocateStringPrintf(&usnStr, "%" PRId64, usn); BAIL_ON_VMDIR_ERROR(dwError); dwError = VmDirSimpleEqualFilterInternalSearch( "", LDAP_SCOPE_SUBTREE, ATTR_USN_CHANGED, usnStr, &entryArray); BAIL_ON_VMDIR_ERROR(dwError); if (entryArray.iSize == 1 ) { *hcUsn = usn; goto cleanup; } } dwError = LDAP_OPERATIONS_ERROR; goto error; cleanup: VMDIR_SAFE_FREE_MEMORY(usnStr); VmDirFreeEntryArrayContent(&entryArray); return dwError; error: VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "_VmGetHighestCommittedUSN: fail to find an entry with USN <= %" PRId64, startUsn); goto cleanup; }
/* * Set vmwPasswordNeverExpires (if it doesn't have a value) to TRUE * on the domain administrator's account. */ DWORD VmDirSetAdministratorPasswordNeverExpires( VOID ) { DWORD dwError = 0; PCSTR pszDomainDn = NULL; const CHAR szAdministrator[] = "cn=Administrator,cn=Users"; const CHAR szTrue[] = "TRUE"; PSTR pszAdministratorDn = NULL; VDIR_OPERATION op = {0}; PSTR pszLocalErrMsg = NULL; VDIR_ENTRY_ARRAY entryArray = {0}; PVDIR_ENTRY pEntry = NULL; VDIR_BERVALUE bervBlob = VDIR_BERVALUE_INIT; pszDomainDn = gVmdirServerGlobals.systemDomainDN.lberbv.bv_val; if (pszDomainDn == NULL) { dwError = ERROR_INVALID_STATE; BAIL_ON_VMDIR_ERROR(dwError); } dwError = VmDirAllocateStringPrintf(&pszAdministratorDn, "%s,%s", szAdministrator, pszDomainDn); BAIL_ON_VMDIR_ERROR(dwError); dwError = VmDirSimpleEqualFilterInternalSearch( pszDomainDn, LDAP_SCOPE_SUBTREE, ATTR_DN, pszAdministratorDn, &entryArray); BAIL_ON_VMDIR_ERROR(dwError); if (entryArray.iSize != 1) { dwError = VMDIR_ERROR_DATA_CONSTRAINT_VIOLATION; BAIL_ON_VMDIR_ERROR(dwError); } pEntry = &(entryArray.pEntry[0]); if (pEntry->allocType == ENTRY_STORAGE_FORMAT_PACK) { dwError = VmDirEntryUnpack( pEntry ); BAIL_ON_VMDIR_ERROR(dwError); } dwError = VmDirInitStackOperation( &op, VDIR_OPERATION_TYPE_INTERNAL, LDAP_REQ_MODIFY, NULL); BAIL_ON_VMDIR_ERROR_WITH_MSG(dwError, pszLocalErrMsg, "VmDirSetAdministratorPasswordNeverExpire: VmDirInitStackOperation failed: %u", dwError); op.pBEIF = VmDirBackendSelect(NULL); assert(op.pBEIF); op.reqDn.lberbv.bv_val = pEntry->dn.lberbv.bv_val; op.reqDn.lberbv.bv_len = pEntry->dn.lberbv.bv_len; op.request.modifyReq.dn.lberbv = op.reqDn.lberbv; bervBlob.lberbv.bv_val = (PSTR) szTrue; bervBlob.lberbv.bv_len = strlen(szTrue); dwError = VmDirAppendAMod( &op, MOD_OP_REPLACE, ATTR_PASSWORD_NEVER_EXPIRES, ATTR_PASSWORD_NEVER_EXPIRES_LEN, bervBlob.lberbv_val, bervBlob.lberbv_len); BAIL_ON_VMDIR_ERROR(dwError); dwError = VmDirInternalModifyEntry(&op); BAIL_ON_VMDIR_ERROR(dwError); cleanup: VmDirFreeEntryArrayContent(&entryArray); VmDirFreeOperationContent(&op); VMDIR_SAFE_FREE_STRINGA(pszAdministratorDn); return dwError; error: VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "VmDirSetAdministratorPasswordNeverExpires failed, (%u)", dwError); goto cleanup; }
/* * Set SRP Identifier's secret on existing entry with Password set */ DWORD VmDirSRPSetIdentityData( PCSTR pszUPN, PCSTR pszClearTextPassword ) { DWORD dwError = 0; VDIR_OPERATION op = {0}; PSTR pszLocalErrMsg = NULL; VDIR_ENTRY_ARRAY entryArray = {0}; PVDIR_ENTRY pEntry = NULL; PVDIR_ATTRIBUTE pAttrSecret = NULL; VDIR_BERVALUE bvUPN = VDIR_BERVALUE_INIT; VDIR_BERVALUE bvClearTextPassword = VDIR_BERVALUE_INIT; VDIR_BERVALUE bervSecretBlob = VDIR_BERVALUE_INIT; if ( IsNullOrEmptyString(pszUPN) || IsNullOrEmptyString(pszClearTextPassword) ) { dwError = VMDIR_ERROR_INVALID_PARAMETER; BAIL_ON_VMDIR_ERROR(dwError); } bvUPN.lberbv_val = (PSTR)pszUPN; bvUPN.lberbv_len = VmDirStringLenA(pszUPN); bvClearTextPassword.lberbv_val = (PSTR)pszClearTextPassword; bvClearTextPassword.lberbv_len = VmDirStringLenA(pszClearTextPassword); dwError = VmDirSimpleEqualFilterInternalSearch( "", LDAP_SCOPE_SUBTREE, ATTR_KRB_UPN, pszUPN, &entryArray); BAIL_ON_VMDIR_ERROR(dwError); if (entryArray.iSize == 1) { pAttrSecret = VmDirFindAttrByName(&(entryArray.pEntry[0]), ATTR_SRP_SECRET); if (pAttrSecret) { dwError = VMDIR_ERROR_ENTRY_ALREADY_EXIST; BAIL_ON_VMDIR_ERROR(dwError); } } else { dwError = VMDIR_ERROR_DATA_CONSTRAINT_VIOLATION; BAIL_ON_VMDIR_ERROR(dwError); } pEntry = &(entryArray.pEntry[0]); dwError = VdirPasswordCheck(&bvClearTextPassword, pEntry); BAIL_ON_VMDIR_ERROR(dwError); dwError = VmDirSRPCreateSecret(&bvUPN, &bvClearTextPassword, &bervSecretBlob); BAIL_ON_VMDIR_ERROR(dwError); if (pEntry->allocType == ENTRY_STORAGE_FORMAT_PACK) { dwError = VmDirEntryUnpack( pEntry ); BAIL_ON_VMDIR_ERROR(dwError); } dwError = VmDirInitStackOperation( &op, VDIR_OPERATION_TYPE_INTERNAL, LDAP_REQ_MODIFY, NULL); BAIL_ON_VMDIR_ERROR_WITH_MSG(dwError, pszLocalErrMsg, "VmDirSRPSetIdentityData: VmDirInitStackOperation failed: %u", dwError); op.pBEIF = VmDirBackendSelect(NULL); assert(op.pBEIF); op.reqDn.lberbv.bv_val = pEntry->dn.lberbv.bv_val; op.reqDn.lberbv.bv_len = pEntry->dn.lberbv.bv_len; op.request.modifyReq.dn.lberbv = op.reqDn.lberbv; dwError = VmDirAppendAMod( &op, MOD_OP_ADD, ATTR_SRP_SECRET, ATTR_SRP_SECRET_LEN, bervSecretBlob.lberbv_val, bervSecretBlob.lberbv_len); BAIL_ON_VMDIR_ERROR(dwError); dwError = VmDirInternalModifyEntry(&op); BAIL_ON_VMDIR_ERROR(dwError); cleanup: VmDirFreeBervalContent(&bervSecretBlob); VmDirFreeEntryArrayContent(&entryArray); VmDirFreeOperationContent(&op); return dwError; error: VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "VmDirSRPSetIdentityData (%s) failed, (%u)", VDIR_SAFE_STRING(pszUPN), dwError); goto cleanup; }
/* * Retrieve SRP Identifier's secret and salt */ DWORD VmDirSRPGetIdentityData( PCSTR pszUPN, PBYTE* ppByteSecret, DWORD* pdwSecretLen ) { DWORD dwError = 0; PVDIR_ATTRIBUTE pAttrSecret = NULL; VDIR_ENTRY_ARRAY entryArray = {0}; PBYTE pLocalSecret = NULL; if ( IsNullOrEmptyString(pszUPN) || ppByteSecret == NULL || pdwSecretLen == NULL ) { dwError = VMDIR_ERROR_INVALID_PARAMETER; BAIL_ON_VMDIR_ERROR(dwError); } dwError = VmDirSimpleEqualFilterInternalSearch( "", LDAP_SCOPE_SUBTREE, ATTR_KRB_UPN, pszUPN, &entryArray); BAIL_ON_VMDIR_ERROR(dwError); if (entryArray.iSize == 1) { pAttrSecret = VmDirFindAttrByName(&(entryArray.pEntry[0]), ATTR_SRP_SECRET); if (!pAttrSecret) { dwError = VMDIR_ERROR_NO_SUCH_ATTRIBUTE; BAIL_ON_VMDIR_ERROR(dwError); } dwError = VmDirAllocateAndCopyMemory( pAttrSecret->vals[0].lberbv_val, pAttrSecret->vals[0].lberbv_len, (PVOID*)&pLocalSecret); BAIL_ON_VMDIR_ERROR(dwError); } else if (entryArray.iSize == 0) { dwError = VMDIR_ERROR_ENTRY_NOT_FOUND; BAIL_ON_VMDIR_ERROR(dwError); } else { dwError = VMDIR_ERROR_DATA_CONSTRAINT_VIOLATION; BAIL_ON_VMDIR_ERROR(dwError); } *ppByteSecret = pLocalSecret; *pdwSecretLen = (DWORD) (pAttrSecret->vals[0].lberbv_len); cleanup: VmDirFreeEntryArrayContent(&entryArray); return dwError; error: VMDIR_SAFE_FREE_MEMORY( pLocalSecret ); VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "VmDirSRPGetIdentityData (%s) failed, (%u)", VDIR_SAFE_STRING(pszUPN), dwError); goto cleanup; }
/* * Searches the direct group entry to confirm membership * Set pAccessRoleBitmap based on getAccessInfo to avoid redundent internal search. */ DWORD VmDirIsDirectMemberOf( PSTR pszBindDN, UINT32 getAccessInfo, UINT32 *pAccessRoleBitmap, PBOOLEAN pbIsMemberOf ) { DWORD dwError = 0; BOOLEAN bIsMemberOf = FALSE; VDIR_ENTRY_ARRAY entryResultArray = {0}; PSTR pszGroupDN = NULL; if (!pbIsMemberOf || !pAccessRoleBitmap) { dwError = VMDIR_ERROR_INVALID_PARAMETER; BAIL_ON_VMDIR_ERROR(dwError); } if (getAccessInfo == VDIR_ACCESS_DCGROUP_MEMBER_INFO) { if (*pAccessRoleBitmap & VDIR_ACCESS_DCGROUP_MEMBER_VALID_INFO) { *pbIsMemberOf = (*pAccessRoleBitmap & VDIR_ACCESS_IS_DCGROUP_MEMBER) != 0; goto cleanup; } pszGroupDN = gVmdirServerGlobals.bvDCGroupDN.lberbv_val; } else if (getAccessInfo == VDIR_ACCESS_DCCLIENT_GROUP_MEMBER_INFO) { if (*pAccessRoleBitmap & VDIR_ACCESS_DCCLIENT_GROUP_MEMBER_VALID_INFO) { *pbIsMemberOf = (*pAccessRoleBitmap & VDIR_ACCESS_IS_DCCLIENT_GROUP_MEMBER) != 0; goto cleanup; } pszGroupDN = gVmdirServerGlobals.bvDCClientGroupDN.lberbv_val; } else { dwError = VMDIR_ERROR_INVALID_PARAMETER; BAIL_ON_VMDIR_ERROR(dwError); } if (pszGroupDN == NULL || pszBindDN == NULL) { *pbIsMemberOf = FALSE; goto cleanup; } VMDIR_LOG_VERBOSE(VMDIR_LOG_MASK_ALL, "VmDirIsDirectMemberOf: internal search for dn %s op %d", pszBindDN, getAccessInfo); dwError = VmDirSimpleEqualFilterInternalSearch( pszGroupDN, LDAP_SCOPE_BASE, ATTR_MEMBER, pszBindDN, &entryResultArray); BAIL_ON_VMDIR_ERROR(dwError); if ( entryResultArray.iSize > 0) { bIsMemberOf = TRUE; } if (getAccessInfo == VDIR_ACCESS_DCGROUP_MEMBER_INFO) { *pAccessRoleBitmap |= VDIR_ACCESS_DCGROUP_MEMBER_VALID_INFO; if (bIsMemberOf) { *pAccessRoleBitmap |= VDIR_ACCESS_IS_DCGROUP_MEMBER; } } else { *pAccessRoleBitmap |= VDIR_ACCESS_DCCLIENT_GROUP_MEMBER_VALID_INFO; if (bIsMemberOf) { *pAccessRoleBitmap |= VDIR_ACCESS_IS_DCCLIENT_GROUP_MEMBER; } } *pbIsMemberOf = bIsMemberOf; cleanup: VmDirFreeEntryArrayContent(&entryResultArray); return dwError; error: *pbIsMemberOf = FALSE; goto cleanup; }
/* This function re-instantiates the current vmdir instance with a * foreign (MDB) database file. It is triggered by running vdcadmintool * with option 8. Before this action, a foreign database files must be copied * onto diretory mdb_home_dir/partner/ which may include mdb WAL files under * xlogs/. See PR 1995325 for the functional spec and use cases. */ DWORD VmDirSrvServerReset( PDWORD pServerResetState ) { int i = 0; DWORD dwError = 0; VDIR_ENTRY_ARRAY entryArray = {0}; const char *dbHomeDir = VMDIR_DB_DIR; PVDIR_SCHEMA_CTX pSchemaCtx = NULL; BOOLEAN bWriteInvocationId = FALSE; PSTR pszConfigurationContainerDn = NULL; PSTR pszDomainControllerContainerDn = NULL; PSTR pszManagedServiceAccountContainerDn = NULL; DEQUE computers = {0}; PSTR pszComputer = NULL; PVDIR_ATTRIBUTE pAttrUPN = NULL; BOOLEAN bMdbWalEnable = FALSE; VmDirGetMdbWalEnable(&bMdbWalEnable); //swap current vmdir database file with the foriegn one under partner/ dwError = _VmDirSwapDB(dbHomeDir, bMdbWalEnable); BAIL_ON_VMDIR_ERROR(dwError); //Delete Computers (domain controller accounts) under Domain Controller container dwError = VmDirAllocateStringPrintf(&pszDomainControllerContainerDn, "ou=%s,%s", VMDIR_DOMAIN_CONTROLLERS_RDN_VAL, gVmdirServerGlobals.systemDomainDN.lberbv_val); BAIL_ON_VMDIR_ERROR(dwError); dwError = VmDirSimpleEqualFilterInternalSearch(pszDomainControllerContainerDn, LDAP_SCOPE_ONE, ATTR_OBJECT_CLASS, OC_COMPUTER, &entryArray); BAIL_ON_VMDIR_ERROR(dwError); if(entryArray.iSize > 0) { for (i = 0; i < entryArray.iSize; i++) { pAttrUPN = VmDirFindAttrByName(&entryArray.pEntry[i], ATTR_KRB_UPN); if (pAttrUPN) { PSTR pPc = NULL; dwError = VmDirAllocateStringA(pAttrUPN->vals[0].lberbv_val, &pPc); dequePush(&computers, pPc); } dwError = VmDirDeleteEntry(&entryArray.pEntry[i]); BAIL_ON_VMDIR_ERROR(dwError); } } VmDirFreeEntryArrayContent(&entryArray); /* Delete all entries in the subtree under Configuration container * (e.g. under cn=Configuration,dc=vmware,dc=com). * This will remove the old replication topology */ dwError = VmDirAllocateStringPrintf(&pszConfigurationContainerDn, "cn=%s,%s", VMDIR_CONFIGURATION_CONTAINER_NAME, gVmdirServerGlobals.systemDomainDN.lberbv_val); BAIL_ON_VMDIR_ERROR(dwError); dwError = VmDirSimpleEqualFilterInternalSearch(pszConfigurationContainerDn, LDAP_SCOPE_SUBTREE, ATTR_OBJECT_CLASS, OC_DIR_SERVER, &entryArray); BAIL_ON_VMDIR_ERROR(dwError); if (entryArray.iSize > 0) { for (i = 0; i < entryArray.iSize; i++) { /* Delete all replication agreement entries for a server and * the server it self under the configuration/site container */ dwError = VmDirInternalDeleteTree(entryArray.pEntry[i].dn.lberbv_val); BAIL_ON_VMDIR_ERROR(dwError); } } VmDirFreeEntryArrayContent(&entryArray); //Delete ManagedServiceAccount entries that are associated with any of the domain controllers dwError = VmDirAllocateStringPrintf(&pszManagedServiceAccountContainerDn, "cn=%s,%s", VMDIR_MSAS_RDN_VAL, gVmdirServerGlobals.systemDomainDN.lberbv_val); BAIL_ON_VMDIR_ERROR(dwError); dwError = VmDirSimpleEqualFilterInternalSearch(pszManagedServiceAccountContainerDn, LDAP_SCOPE_ONE, ATTR_OBJECT_CLASS, OC_MANAGED_SERVICE_ACCOUNT, &entryArray); BAIL_ON_VMDIR_ERROR(dwError); if (entryArray.iSize > 0) { for (i = 0; i < entryArray.iSize; i++) { PDEQUE_NODE p = NULL; pAttrUPN = VmDirFindAttrByName(&entryArray.pEntry[i], ATTR_KRB_UPN); for(p = computers.pHead; p != NULL; p = p->pNext) { if (VmDirStringCaseStrA(pAttrUPN->vals[0].lberbv_val, p->pElement) != NULL) { dwError = VmDirDeleteEntry(&entryArray.pEntry[i]); BAIL_ON_VMDIR_ERROR(dwError); break; } } } } dwError = VmDirSchemaCtxAcquire(&pSchemaCtx ); BAIL_ON_VMDIR_ERROR(dwError); dwError = VmDirSrvCreateServerObj(pSchemaCtx); BAIL_ON_VMDIR_ERROR(dwError); //Create server and replication entries for the current instance // on top of the (cleaned up) foreign database. dwError = VmDirSrvCreateReplAgrsContainer(pSchemaCtx); BAIL_ON_VMDIR_ERROR(dwError); dwError = _VmDirPatchDSERoot(pSchemaCtx); BAIL_ON_VMDIR_ERROR(dwError); VmDirSchemaCtxRelease(pSchemaCtx); pSchemaCtx = NULL; dwError = LoadServerGlobals(&bWriteInvocationId); BAIL_ON_VMDIR_ERROR(dwError); cleanup: if (pSchemaCtx) { VmDirSchemaCtxRelease(pSchemaCtx); } VmDirFreeEntryArrayContent(&entryArray); VMDIR_SAFE_FREE_MEMORY(pszConfigurationContainerDn); VMDIR_SAFE_FREE_MEMORY(pszDomainControllerContainerDn); while(!dequeIsEmpty(&computers)) { dequePopLeft(&computers, (PVOID*)&pszComputer); VMDIR_SAFE_FREE_MEMORY(pszComputer); } return dwError; error: goto cleanup; }
static DWORD _VmKdcGetKrbUPNKey( PSTR pszUpnName, PBYTE* ppKeyBlob, DWORD* pSize ) { DWORD dwError = 0; PVDIR_ATTRIBUTE pKrbUPNKey = NULL; PBYTE pRetUPNKey = NULL; VDIR_ENTRY_ARRAY entryArray = {0}; if (IsNullOrEmptyString(pszUpnName) || !ppKeyBlob || !pSize ) { dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMKDC_ERROR(dwError); } dwError = VmDirSimpleEqualFilterInternalSearch( "", LDAP_SCOPE_SUBTREE, ATTR_KRB_UPN, pszUpnName, &entryArray); BAIL_ON_VMKDC_ERROR(dwError); if (entryArray.iSize == 1) { pKrbUPNKey = VmDirFindAttrByName(&(entryArray.pEntry[0]), ATTR_KRB_PRINCIPAL_KEY); if (!pKrbUPNKey) { dwError = ERROR_NO_PRINC; BAIL_ON_VMKDC_ERROR(dwError); } dwError = VmDirAllocateAndCopyMemory( pKrbUPNKey->vals[0].lberbv.bv_val, pKrbUPNKey->vals[0].lberbv.bv_len, (PVOID*)& pRetUPNKey ); BAIL_ON_VMKDC_ERROR(dwError); *ppKeyBlob = pRetUPNKey; *pSize = (DWORD) pKrbUPNKey->vals[0].lberbv.bv_len; pRetUPNKey = NULL; } else { dwError = ERROR_NO_PRINC; BAIL_ON_VMKDC_ERROR(dwError); } cleanup: VmDirFreeEntryArrayContent(&entryArray); return dwError; error: VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "_VmKdcGetKrbUPNKey: failed (%u)(%s)", dwError, VDIR_SAFE_STRING(pszUpnName)); VMKDC_SAFE_FREE_MEMORY(pRetUPNKey); // keep error code space to KDC specific dwError = ERROR_NO_PRINC; goto cleanup; }
DWORD VmDirGetKrbUPNKey( PSTR pszUpnName, PBYTE* ppKeyBlob, DWORD* pSize ) { DWORD dwError = 0; PVDIR_ATTRIBUTE pKrbUPNKey = NULL; PBYTE pRetUPNKey = NULL; VDIR_ENTRY_ARRAY entryArray = {0}; if (IsNullOrEmptyString(pszUpnName) || !ppKeyBlob || !pSize ) { dwError = VMDIR_ERROR_INVALID_PARAMETER; BAIL_ON_VMDIR_ERROR(dwError); } dwError = VmDirSimpleEqualFilterInternalSearch( "", LDAP_SCOPE_SUBTREE, ATTR_KRB_UPN, pszUpnName, &entryArray); BAIL_ON_VMDIR_ERROR(dwError); if (entryArray.iSize == 1) { pKrbUPNKey = VmDirFindAttrByName(&(entryArray.pEntry[0]), ATTR_KRB_PRINCIPAL_KEY); if (!pKrbUPNKey) { dwError = VMDIR_ERROR_NO_SUCH_ATTRIBUTE; BAIL_ON_VMDIR_ERROR(dwError); } dwError = VmDirAllocateMemory( pKrbUPNKey->vals[0].lberbv.bv_len, (PVOID*)&pRetUPNKey ); BAIL_ON_VMDIR_ERROR(dwError); dwError = VmDirCopyMemory( pRetUPNKey, pKrbUPNKey->vals[0].lberbv.bv_len, pKrbUPNKey->vals[0].lberbv.bv_val, pKrbUPNKey->vals[0].lberbv.bv_len ); BAIL_ON_VMDIR_ERROR(dwError); *ppKeyBlob = pRetUPNKey; *pSize = (DWORD) pKrbUPNKey->vals[0].lberbv.bv_len; pRetUPNKey = NULL; } else { dwError = VMDIR_ERROR_ENTRY_NOT_FOUND; BAIL_ON_VMDIR_ERROR(dwError); } cleanup: VmDirFreeEntryArrayContent(&entryArray); return dwError; error: VMDIR_LOG_ERROR( LDAP_DEBUG_RPC, "VmDirGetKrbUPNKey failed. (%u)(%s)", dwError, VDIR_SAFE_STRING(pszUpnName)); VMDIR_SAFE_FREE_MEMORY(pRetUPNKey); goto cleanup; }
DWORD VmDirGetUPNMemberships( PCSTR pszUpnName, PSTR **pppszMemberships, PDWORD pdwMemberships ) { DWORD dwError = 0; VDIR_ENTRY_ARRAY entryArray = {0}; VDIR_OPERATION searchOp = {0}; BOOLEAN bHasTxn = FALSE; PVDIR_ATTRIBUTE pMemberOf = NULL; PSTR *ppszMemberships = NULL; DWORD dwMemberships = 0; DWORD i = 0; if (IsNullOrEmptyString(pszUpnName) || pppszMemberships == NULL || pdwMemberships == NULL) { dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMDIR_ERROR(dwError); } dwError = VmDirSimpleEqualFilterInternalSearch( "", LDAP_SCOPE_SUBTREE, ATTR_KRB_UPN, pszUpnName, &entryArray); BAIL_ON_VMDIR_ERROR(dwError); if (entryArray.iSize == 0) { dwError = VMDIR_ERROR_ENTRY_NOT_FOUND; BAIL_ON_VMDIR_ERROR(dwError); } else if (entryArray.iSize > 1) { dwError = VMDIR_ERROR_DATA_CONSTRAINT_VIOLATION; BAIL_ON_VMDIR_ERROR(dwError); } dwError = VmDirInitStackOperation(&searchOp, VDIR_OPERATION_TYPE_INTERNAL, LDAP_REQ_SEARCH, NULL); BAIL_ON_VMDIR_ERROR(dwError); searchOp.pBEIF = VmDirBackendSelect(NULL); dwError = searchOp.pBEIF->pfnBETxnBegin(searchOp.pBECtx, VDIR_BACKEND_TXN_READ); BAIL_ON_VMDIR_ERROR(dwError); bHasTxn = TRUE; dwError = VmDirBuildMemberOfAttribute(&searchOp, entryArray.pEntry, &pMemberOf); BAIL_ON_VMDIR_ERROR(dwError); if (pMemberOf) { dwMemberships = pMemberOf->numVals; } if (dwMemberships) { dwError = VmDirAllocateMemory(dwMemberships * sizeof(PSTR), (PVOID)&ppszMemberships); BAIL_ON_VMDIR_ERROR(dwError); for (i = 0; i < dwMemberships; i++) { PCSTR pszMemberOf = pMemberOf->vals[i].lberbv.bv_val; dwError = VmDirAllocateStringA(pszMemberOf, &ppszMemberships[i]); BAIL_ON_VMDIR_ERROR(dwError); } } *pppszMemberships = ppszMemberships; *pdwMemberships = dwMemberships; cleanup: if (pMemberOf) { VmDirFreeAttribute(pMemberOf); } if (bHasTxn) { searchOp.pBEIF->pfnBETxnCommit(searchOp.pBECtx); } VmDirFreeOperationContent(&searchOp); VmDirFreeEntryArrayContent(&entryArray); return dwError; error: VmDirFreeMemberships(ppszMemberships, dwMemberships); goto cleanup; }