NTSTATUS crack_service_principal_name(struct ldb_context *sam_ctx,
TALLOC_CTX *mem_ctx,
const char *service_principal_name,
struct ldb_dn **user_dn,
struct ldb_dn **domain_dn)
{
WERROR werr;
struct drsuapi_DsNameInfo1 info1;
werr = DsCrackNameOneName(sam_ctx, mem_ctx, 0,
DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
service_principal_name,
&info1);
if (!W_ERROR_IS_OK(werr)) {
return werror_to_ntstatus(werr);
}
switch (info1.status) {
case DRSUAPI_DS_NAME_STATUS_OK:
break;
case DRSUAPI_DS_NAME_STATUS_NOT_FOUND:
case DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY:
case DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE:
return NT_STATUS_NO_SUCH_USER;
case DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR:
default:
return NT_STATUS_UNSUCCESSFUL;
}
*user_dn = ldb_dn_new(mem_ctx, sam_ctx, info1.result_name);
if (domain_dn) {
werr = DsCrackNameOneName(sam_ctx, mem_ctx, 0,
DRSUAPI_DS_NAME_FORMAT_CANONICAL,
DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
talloc_asprintf(mem_ctx, "%s/",
info1.dns_domain_name),
&info1);
if (!W_ERROR_IS_OK(werr)) {
return werror_to_ntstatus(werr);
}
switch (info1.status) {
case DRSUAPI_DS_NAME_STATUS_OK:
break;
case DRSUAPI_DS_NAME_STATUS_NOT_FOUND:
case DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY:
case DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE:
return NT_STATUS_NO_SUCH_USER;
case DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR:
default:
return NT_STATUS_UNSUCCESSFUL;
}
*domain_dn = ldb_dn_new(mem_ctx, sam_ctx, info1.result_name);
}
return NT_STATUS_OK;
}
WERROR dreplsrv_load_partitions(struct dreplsrv_service *s)
{
WERROR status;
struct ldb_dn *basedn;
struct ldb_result *r;
struct ldb_message_element *el;
static const char *attrs[] = { "namingContexts", NULL };
uint32_t i;
int ret;
basedn = ldb_dn_new(s, s->samdb, NULL);
W_ERROR_HAVE_NO_MEMORY(basedn);
ret = ldb_search(s->samdb, s, &r, basedn, LDB_SCOPE_BASE, attrs,
"(objectClass=*)");
talloc_free(basedn);
if (ret != LDB_SUCCESS) {
return WERR_FOOBAR;
} else if (r->count != 1) {
talloc_free(r);
return WERR_FOOBAR;
}
el = ldb_msg_find_element(r->msgs[0], "namingContexts");
if (!el) {
return WERR_FOOBAR;
}
for (i=0; el && i < el->num_values; i++) {
const char *v = (const char *)el->values[i].data;
struct ldb_dn *pdn;
struct dreplsrv_partition *p;
pdn = ldb_dn_new(s, s->samdb, v);
if (!ldb_dn_validate(pdn)) {
return WERR_FOOBAR;
}
p = talloc_zero(s, struct dreplsrv_partition);
W_ERROR_HAVE_NO_MEMORY(p);
p->dn = talloc_steal(p, pdn);
DLIST_ADD(s->partitions, p);
DEBUG(2, ("dreplsrv_partition[%s] loaded\n", v));
}
talloc_free(r);
status = dreplsrv_refresh_partitions(s);
W_ERROR_NOT_OK_RETURN(status);
return WERR_OK;
}
} END_TEST
// ^ Unit test ----------------------------------------------------------------
// v Suite definition ---------------------------------------------------------
static void create_ldb_from_ldif(const char *ldb_path, const char *ldif_path,
const char *default_context, const char *root_context)
{
FILE *f;
struct ldb_ldif *ldif;
struct ldb_context *ldb_ctx = NULL;
TALLOC_CTX *local_mem_ctx = talloc_new(NULL);
struct ldb_message *msg;
ldb_ctx = ldb_init(local_mem_ctx, NULL);
ldb_connect(ldb_ctx, ldb_path, 0, 0);
f = fopen(ldif_path, "r");
msg = ldb_msg_new(local_mem_ctx);
msg->dn = ldb_dn_new(msg, ldb_ctx, "@INDEXLIST");
ldb_msg_add_string(msg, "@IDXATTR", "cn");
ldb_msg_add_string(msg, "@IDXATTR", "oleguid");
ldb_msg_add_string(msg, "@IDXATTR", "mappedId");
msg->elements[0].flags = LDB_FLAG_MOD_ADD;
ldb_add(ldb_ctx, msg);
while ((ldif = ldb_ldif_read_file(ldb_ctx, f))) {
struct ldb_message *normalized_msg;
ldb_msg_normalize(ldb_ctx, local_mem_ctx, ldif->msg,
&normalized_msg);
ldb_add(ldb_ctx, normalized_msg);
talloc_free(normalized_msg);
ldb_ldif_read_free(ldb_ctx, ldif);
}
if (default_context && root_context) {
msg = ldb_msg_new(local_mem_ctx);
msg->dn = ldb_dn_new(msg, ldb_ctx, "@ROOTDSE");
ldb_msg_add_string(msg, "defaultNamingContext", default_context);
ldb_msg_add_string(msg, "rootDomainNamingContext", root_context);
msg->elements[0].flags = LDB_FLAG_MOD_REPLACE;
ldb_add(ldb_ctx, msg);
}
fclose(f);
talloc_free(local_mem_ctx);
}
static BOOL test_search_rootDSE(struct ldb_context *ldb, struct test_rootDSE *root)
{
int ret;
struct ldb_message *msg;
struct ldb_result *r;
d_printf("Testing RootDSE Search\n");
ret = ldb_search(ldb, ldb_dn_new(ldb, ldb, NULL), LDB_SCOPE_BASE,
NULL, NULL, &r);
if (ret != LDB_SUCCESS) {
return False;
} else if (r->count != 1) {
talloc_free(r);
return False;
}
msg = r->msgs[0];
root->defaultdn = ldb_msg_find_attr_as_string(msg, "defaultNamingContext", NULL);
talloc_steal(ldb, root->defaultdn);
root->rootdn = ldb_msg_find_attr_as_string(msg, "rootDomainNamingContext", NULL);
talloc_steal(ldb, root->rootdn);
root->configdn = ldb_msg_find_attr_as_string(msg, "configurationNamingContext", NULL);
talloc_steal(ldb, root->configdn);
root->schemadn = ldb_msg_find_attr_as_string(msg, "schemaNamingContext", NULL);
talloc_steal(ldb, root->schemadn);
talloc_free(r);
return True;
}
static int construct_msds_isrodc_with_dn(struct ldb_module *module,
struct ldb_message *msg,
struct ldb_message_element *object_category)
{
struct ldb_context *ldb;
struct ldb_dn *dn;
const struct ldb_val *val;
ldb = ldb_module_get_ctx(module);
if (!ldb) {
DEBUG(4, (__location__ ": Failed to get ldb \n"));
return ldb_operr(ldb);
}
dn = ldb_dn_new(msg, ldb, (const char *)object_category->values[0].data);
if (!dn) {
DEBUG(4, (__location__ ": Failed to create dn from %s \n",
(const char *)object_category->values[0].data));
return ldb_operr(ldb);
}
val = ldb_dn_get_rdn_val(dn);
if (!val) {
DEBUG(4, (__location__ ": Failed to get rdn val from %s \n",
ldb_dn_get_linearized(dn)));
return ldb_operr(ldb);
}
if (strequal((const char *)val->data, "NTDS-DSA")) {
ldb_msg_add_string(msg, "msDS-isRODC", "FALSE");
} else {
ldb_msg_add_string(msg, "msDS-isRODC", "TRUE");
}
return LDB_SUCCESS;
}
static int confdb_purge(struct confdb_ctx *cdb)
{
int ret, i;
TALLOC_CTX *tmp_ctx;
struct ldb_result *res;
struct ldb_dn *dn;
const char *attrs[] = { "dn", NULL };
tmp_ctx = talloc_new(NULL);
dn = ldb_dn_new(tmp_ctx, cdb->ldb, "cn=config");
/* Get the list of all DNs */
ret = ldb_search(cdb->ldb, tmp_ctx, &res, dn,
LDB_SCOPE_SUBTREE, attrs, NULL);
if (ret != LDB_SUCCESS) {
ret = sysdb_error_to_errno(ret);
goto done;
}
for(i=0; i<res->count; i++) {
/* Delete this DN */
ret = ldb_delete(cdb->ldb, res->msgs[i]->dn);
if (ret != LDB_SUCCESS) {
ret = sysdb_error_to_errno(ret);
goto done;
}
}
done:
talloc_free(tmp_ctx);
return ret;
}
static NTSTATUS unbecomeDC_ldap_computer_object(struct libnet_UnbecomeDC_state *s)
{
int ret;
struct ldb_result *r;
struct ldb_dn *basedn;
static const char *attrs[] = {
"distinguishedName",
"userAccountControl",
NULL
};
basedn = ldb_dn_new(s, s->ldap.ldb, s->domain.dn_str);
NT_STATUS_HAVE_NO_MEMORY(basedn);
ret = ldb_search(s->ldap.ldb, s, &r, basedn, LDB_SCOPE_SUBTREE, attrs,
"(&(|(objectClass=user)(objectClass=computer))(sAMAccountName=%s$))",
s->dest_dsa.netbios_name);
talloc_free(basedn);
if (ret != LDB_SUCCESS) {
return NT_STATUS_LDAP(ret);
} else if (r->count != 1) {
talloc_free(r);
return NT_STATUS_INVALID_NETWORK_RESPONSE;
}
s->dest_dsa.computer_dn_str = ldb_msg_find_attr_as_string(r->msgs[0], "distinguishedName", NULL);
if (!s->dest_dsa.computer_dn_str) return NT_STATUS_INVALID_NETWORK_RESPONSE;
talloc_steal(s, s->dest_dsa.computer_dn_str);
s->dest_dsa.user_account_control = ldb_msg_find_attr_as_uint(r->msgs[0], "userAccountControl", 0);
talloc_free(r);
return NT_STATUS_OK;
}
static void cldapd_rootdse_fill(struct cldapd_server *cldapd,
TALLOC_CTX *mem_ctx,
struct ldap_SearchRequest *search,
struct ldap_SearchResEntry **response,
struct ldap_Result *result)
{
struct ldap_SearchResEntry *ent = NULL;
struct ldb_dn *basedn;
struct ldb_result *res = NULL;
struct ldb_request *lreq;
enum ldb_scope scope = LDB_SCOPE_DEFAULT;
const char **attrs = NULL;
const char *errstr = NULL;
int ret = 0;
int ldb_ret = -1;
basedn = ldb_dn_new(mem_ctx, cldapd->samctx, NULL);
if (basedn == NULL) goto nomem;
scope = LDB_SCOPE_BASE;
if (search->num_attributes >= 1) {
int i;
attrs = talloc_array(mem_ctx, const char *, search->num_attributes+1);
if (attrs == NULL) goto nomem;
for (i=0; i < search->num_attributes; i++) {
attrs[i] = search->attributes[i];
}
attrs[i] = NULL;
}
static int local_db_check_number_of_secrets(TALLOC_CTX *mem_ctx,
struct local_context *lctx)
{
TALLOC_CTX *tmp_ctx;
static const char *attrs[] = { NULL };
struct ldb_result *res = NULL;
struct ldb_dn *dn;
int ret;
tmp_ctx = talloc_new(mem_ctx);
if (!tmp_ctx) return ENOMEM;
dn = ldb_dn_new(tmp_ctx, lctx->ldb, "cn=secrets");
if (!dn) {
ret = ENOMEM;
goto done;
}
ret = ldb_search(lctx->ldb, tmp_ctx, &res, dn, LDB_SCOPE_SUBTREE,
attrs, LOCAL_SIMPLE_FILTER);
if (res->count >= lctx->max_secrets) {
DEBUG(SSSDBG_OP_FAILURE,
"Cannot store any more secrets as the maximum allowed limit (%d) "
"has been reached\n", lctx->max_secrets);
ret = ERR_SEC_INVALID_TOO_MANY_SECRETS;
goto done;
}
ret = EOK;
done:
talloc_free(tmp_ctx);
return ret;
}
static int read_at_rootdse_record(struct ldb_context *ldb, struct ldb_module *module, TALLOC_CTX *mem_ctx,
struct ldb_message **msg, struct ldb_request *parent)
{
int ret;
static const char *rootdse_attrs[] = { "defaultNamingContext", "configurationNamingContext", "schemaNamingContext", NULL };
struct ldb_result *rootdse_res;
struct ldb_dn *rootdse_dn;
TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
if (!tmp_ctx) {
return ldb_oom(ldb);
}
rootdse_dn = ldb_dn_new(tmp_ctx, ldb, "@ROOTDSE");
if (!rootdse_dn) {
talloc_free(tmp_ctx);
return ldb_oom(ldb);
}
ret = dsdb_module_search_dn(module, tmp_ctx, &rootdse_res, rootdse_dn,
rootdse_attrs, DSDB_FLAG_NEXT_MODULE, parent);
if (ret != LDB_SUCCESS) {
talloc_free(tmp_ctx);
return ret;
}
talloc_steal(mem_ctx, rootdse_res->msgs);
*msg = rootdse_res->msgs[0];
talloc_free(tmp_ctx);
return ret;
}
/*
* Attempt to modify an objectSID DSDB_CONTROL_REPLICATED_UPDATE_OID set
* this should succeed
*/
static void test_modify_of_objectSID_replicated(void **state)
{
struct ldbtest_ctx *test_ctx =
talloc_get_type_abort(*state, struct ldbtest_ctx);
struct ldb_context *ldb = test_ctx->ldb;
struct ldb_message *msg = ldb_msg_new(test_ctx);
struct ldb_message_element *el = NULL;
struct ldb_request *request = NULL;
struct ldb_request *original_request = NULL;
int rc;
msg->dn = ldb_dn_new(msg, ldb, "dc=test");
add_sid(msg, LOCAL_SID);
rc = ldb_build_mod_req(
&request,
test_ctx->ldb,
test_ctx,
msg,
NULL,
NULL,
ldb_op_default_callback,
NULL);
assert_int_equal(rc, LDB_SUCCESS);
assert_non_null(request);
original_request = request;
rc = ldb_request_add_control(
request,
DSDB_CONTROL_REPLICATED_UPDATE_OID,
false,
NULL);
assert_int_equal(rc, LDB_SUCCESS);
rc = unique_object_sids_modify(test_ctx->module, request);
assert_int_equal(rc, LDB_SUCCESS);
/*
* Check that a copy of the request was passed to the next module
* and not the original request
*/
assert_ptr_not_equal(last_request, original_request);
/*
* Check the flag was set on the request passed to the next
* module
*/
el = ldb_msg_find_element(last_request->op.add.message, "objectSID");
assert_non_null(el);
assert_true(el->flags & LDB_FLAG_INTERNAL_FORCE_UNIQUE_INDEX);
/*
* Check the flag was not set on the original request
*/
el = ldb_msg_find_element(request->op.add.message, "objectSID");
assert_non_null(el);
assert_false(el->flags & LDB_FLAG_INTERNAL_FORCE_UNIQUE_INDEX);
}
/*
* Attempt to modify an objectSID DSDB_CONTROL_REPLICATED_UPDATE_OID not set
* this should fail with LDB_ERR_UNWILLING_TO_PERFORM
*/
static void test_modify_of_objectSID_not_replicated(void **state)
{
struct ldbtest_ctx *test_ctx =
talloc_get_type_abort(*state, struct ldbtest_ctx);
struct ldb_context *ldb = test_ctx->ldb;
struct ldb_message *msg = ldb_msg_new(test_ctx);
struct ldb_request *request = NULL;
int rc;
msg->dn = ldb_dn_new(msg, ldb, "dc=test");
add_sid(msg, LOCAL_SID);
rc = ldb_build_mod_req(
&request,
test_ctx->ldb,
test_ctx,
msg,
NULL,
NULL,
ldb_op_default_callback,
NULL);
assert_int_equal(rc, LDB_SUCCESS);
assert_non_null(request);
rc = unique_object_sids_modify(test_ctx->module, request);
assert_int_equal(rc, LDB_ERR_UNWILLING_TO_PERFORM);
}
/**
\details Get the organization name (like "First Organization") as a DN.
\param emsmdbp_ctx pointer to the EMSMDBP context
\param basedn pointer to the returned struct ldb_dn
\return MAPI_E_SUCCESS or an error if something happens
*/
_PUBLIC_ enum MAPISTATUS emsmdbp_get_org_dn(struct emsmdbp_context *emsmdbp_ctx, struct ldb_dn **basedn)
{
enum MAPISTATUS retval;
int ret;
struct ldb_result *res = NULL;
char *org_name;
OPENCHANGE_RETVAL_IF(!emsmdbp_ctx, MAPI_E_NOT_INITIALIZED, NULL);
OPENCHANGE_RETVAL_IF(!emsmdbp_ctx->samdb_ctx, MAPI_E_NOT_INITIALIZED, NULL);
OPENCHANGE_RETVAL_IF(!basedn, MAPI_E_INVALID_PARAMETER, NULL);
retval = emsmdbp_fetch_organizational_units(emsmdbp_ctx, emsmdbp_ctx, &org_name, NULL);
OPENCHANGE_RETVAL_IF(retval != MAPI_E_SUCCESS, retval, NULL);
ret = ldb_search(emsmdbp_ctx->samdb_ctx, emsmdbp_ctx, &res,
ldb_get_config_basedn(emsmdbp_ctx->samdb_ctx),
LDB_SCOPE_SUBTREE, NULL,
"(&(objectClass=msExchOrganizationContainer)(cn=%s))",
ldb_binary_encode_string(emsmdbp_ctx, org_name));
talloc_free(org_name);
/* If the search failed */
if (ret != LDB_SUCCESS) {
DEBUG(1, ("emsmdbp_get_org_dn ldb_search failure.\n"));
return MAPI_E_NOT_FOUND;
}
*basedn = ldb_dn_new(emsmdbp_ctx, emsmdbp_ctx->samdb_ctx,
ldb_msg_find_attr_as_string(res->msgs[0], "distinguishedName", NULL));
return MAPI_E_SUCCESS;
}
WERROR dreplsrv_load_partitions(struct dreplsrv_service *s)
{
WERROR status;
static const char *attrs[] = { "namingContexts", NULL };
unsigned int i;
int ret;
TALLOC_CTX *tmp_ctx;
struct ldb_result *res;
struct ldb_message_element *el;
tmp_ctx = talloc_new(s);
W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
ret = ldb_search(s->samdb, tmp_ctx, &res,
ldb_dn_new(tmp_ctx, s->samdb, ""), LDB_SCOPE_BASE, attrs, NULL);
if (ret != LDB_SUCCESS) {
DEBUG(1,("Searching for namingContexts in rootDSE failed: %s\n", ldb_errstring(s->samdb)));
talloc_free(tmp_ctx);
return WERR_DS_DRA_INTERNAL_ERROR;
}
el = ldb_msg_find_element(res->msgs[0], "namingContexts");
if (!el) {
DEBUG(1,("Finding namingContexts element in root_res failed: %s\n",
ldb_errstring(s->samdb)));
talloc_free(tmp_ctx);
return WERR_DS_DRA_INTERNAL_ERROR;
}
for (i=0; i<el->num_values; i++) {
struct ldb_dn *pdn;
struct dreplsrv_partition *p;
pdn = ldb_dn_from_ldb_val(tmp_ctx, s->samdb, &el->values[i]);
if (pdn == NULL) {
talloc_free(tmp_ctx);
return WERR_DS_DRA_INTERNAL_ERROR;
}
if (!ldb_dn_validate(pdn)) {
return WERR_DS_DRA_INTERNAL_ERROR;
}
p = talloc_zero(s, struct dreplsrv_partition);
W_ERROR_HAVE_NO_MEMORY(p);
p->dn = talloc_steal(p, pdn);
DLIST_ADD(s->partitions, p);
DEBUG(2, ("dreplsrv_partition[%s] loaded\n", ldb_dn_get_linearized(p->dn)));
}
talloc_free(tmp_ctx);
status = dreplsrv_refresh_partitions(s);
W_ERROR_NOT_OK_RETURN(status);
return WERR_OK;
}
static NTSTATUS sldb_get_config(TALLOC_CTX *mem_ctx,
struct share_context *ctx,
const char *name,
struct share_config **scfg)
{
int ret;
struct share_config *s;
struct ldb_context *ldb;
struct ldb_result *res;
TALLOC_CTX *tmp_ctx;
tmp_ctx = talloc_new(mem_ctx);
if (!tmp_ctx) {
DEBUG(0,("ERROR: Out of memory!\n"));
return NT_STATUS_NO_MEMORY;
}
ldb = talloc_get_type(ctx->priv_data, struct ldb_context);
ret = ldb_search(ldb, tmp_ctx, &res,
ldb_dn_new(tmp_ctx, ldb, "CN=SHARES"), LDB_SCOPE_SUBTREE, NULL,
"(name=%s)", name);
if (ret != LDB_SUCCESS || res->count > 1) {
talloc_free(tmp_ctx);
return NT_STATUS_INTERNAL_DB_CORRUPTION;
} else if (res->count != 1) {
talloc_free(tmp_ctx);
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
s = talloc(tmp_ctx, struct share_config);
if (!s) {
DEBUG(0,("ERROR: Out of memory!\n"));
talloc_free(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
s->name = talloc_strdup(s, ldb_msg_find_attr_as_string(res->msgs[0], "name", NULL));
if (!s->name) {
DEBUG(0,("ERROR: Invalid share object!\n"));
talloc_free(tmp_ctx);
return NT_STATUS_UNSUCCESSFUL;
}
s->opaque = talloc_steal(s, res->msgs[0]);
if (!s->opaque) {
DEBUG(0,("ERROR: Invalid share object!\n"));
talloc_free(tmp_ctx);
return NT_STATUS_UNSUCCESSFUL;
}
s->ctx = ctx;
*scfg = talloc_steal(mem_ctx, s);
talloc_free(tmp_ctx);
return NT_STATUS_OK;
}
static int ldif_canonicalise_objectCategory(struct ldb_context *ldb, void *mem_ctx,
const struct ldb_val *in, struct ldb_val *out)
{
struct ldb_dn *dn1 = NULL;
const struct dsdb_schema *schema = dsdb_get_schema(ldb, NULL);
const struct dsdb_class *sclass;
TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
if (!tmp_ctx) {
return LDB_ERR_OPERATIONS_ERROR;
}
if (!schema) {
talloc_free(tmp_ctx);
*out = data_blob_talloc(mem_ctx, in->data, in->length);
if (in->data && !out->data) {
return LDB_ERR_OPERATIONS_ERROR;
}
return LDB_SUCCESS;
}
dn1 = ldb_dn_from_ldb_val(tmp_ctx, ldb, in);
if ( ! ldb_dn_validate(dn1)) {
const char *lDAPDisplayName = talloc_strndup(tmp_ctx, (char *)in->data, in->length);
sclass = dsdb_class_by_lDAPDisplayName(schema, lDAPDisplayName);
if (sclass) {
struct ldb_dn *dn = ldb_dn_new(tmp_ctx, ldb,
sclass->defaultObjectCategory);
if (dn == NULL) {
talloc_free(tmp_ctx);
return LDB_ERR_OPERATIONS_ERROR;
}
*out = data_blob_string_const(ldb_dn_alloc_casefold(mem_ctx, dn));
talloc_free(tmp_ctx);
if (!out->data) {
return LDB_ERR_OPERATIONS_ERROR;
}
return LDB_SUCCESS;
} else {
*out = data_blob_talloc(mem_ctx, in->data, in->length);
talloc_free(tmp_ctx);
if (in->data && !out->data) {
return LDB_ERR_OPERATIONS_ERROR;
}
return LDB_SUCCESS;
}
}
*out = data_blob_string_const(ldb_dn_alloc_casefold(mem_ctx, dn1));
talloc_free(tmp_ctx);
if (!out->data) {
return LDB_ERR_OPERATIONS_ERROR;
}
return LDB_SUCCESS;
}
/*
convert a ldap result message to a ldb message. This allows us to
use the convenient ldif dump routines in ldb to print out cldap
search results
*/
static struct ldb_message *ldap_msg_to_ldb(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, struct ldap_SearchResEntry *res)
{
struct ldb_message *msg;
msg = ldb_msg_new(mem_ctx);
msg->dn = ldb_dn_new(msg, ldb, res->dn);
msg->num_elements = res->num_attributes;
msg->elements = talloc_steal(msg, res->attributes);
return msg;
}
int main(int argc, char *argv[])
{
bool emergency = false;
int c, rc;
char *fname;
struct ldb_dn *dn = NULL;
ldb = ldb_init(NULL, NULL);
if (ldb == NULL) {
fprintf(stderr, "ldb: ldb_init failed()");
exit(1);
}
rc = ldb_modules_hook(ldb, LDB_MODULE_HOOK_CMDLINE_PRECONNECT);
if (rc != LDB_SUCCESS) {
fprintf(stderr, "ldb: failed to run preconnect hooks (needed to get Samba LDIF handlers): %s\n", ldb_strerror(rc));
exit(1);
}
if (argc < 2) {
printf("Usage: ldbdump <fname>\n");
exit(1);
}
while ((c = getopt( argc, argv, "hd:ec")) != -1) {
switch (c) {
case 'h':
usage();
exit( 0);
case 'd':
dn = ldb_dn_new(ldb, ldb, optarg);
if (!dn) {
fprintf(stderr, "ldb failed to parse %s as a DN\n", optarg);
exit(1);
}
break;
case 'e':
emergency = true;
break;
case 'i':
show_index = true;
break;
case 'c':
validate_contents = true;
break;
default:
usage();
exit( 1);
}
}
fname = argv[optind];
return dump_tdb(fname, dn, emergency);
}
static NTSTATUS unbecomeDC_ldap_move_computer(struct libnet_UnbecomeDC_state *s)
{
int ret;
struct ldb_result *r;
struct ldb_dn *basedn;
struct ldb_dn *old_dn;
struct ldb_dn *new_dn;
static const char *_1_1_attrs[] = {
"1.1",
NULL
};
basedn = ldb_dn_new_fmt(s, s->ldap.ldb, "<WKGUID=aa312825768811d1aded00c04fd8d5cd,%s>",
s->domain.dn_str);
NT_STATUS_HAVE_NO_MEMORY(basedn);
ret = ldb_search(s->ldap.ldb, s, &r, basedn, LDB_SCOPE_BASE,
_1_1_attrs, "(objectClass=*)");
talloc_free(basedn);
if (ret != LDB_SUCCESS) {
return NT_STATUS_LDAP(ret);
} else if (r->count != 1) {
talloc_free(r);
return NT_STATUS_INVALID_NETWORK_RESPONSE;
}
old_dn = ldb_dn_new(r, s->ldap.ldb, s->dest_dsa.computer_dn_str);
NT_STATUS_HAVE_NO_MEMORY(old_dn);
new_dn = r->msgs[0]->dn;
if (!ldb_dn_add_child_fmt(new_dn, "CN=%s", s->dest_dsa.netbios_name)) {
talloc_free(r);
return NT_STATUS_NO_MEMORY;
}
if (ldb_dn_compare(old_dn, new_dn) == 0) {
/* we don't need to rename if the old and new dn match */
talloc_free(r);
return NT_STATUS_OK;
}
ret = ldb_rename(s->ldap.ldb, old_dn, new_dn);
if (ret != LDB_SUCCESS) {
talloc_free(r);
return NT_STATUS_LDAP(ret);
}
s->dest_dsa.computer_dn_str = ldb_dn_alloc_linearized(s, new_dn);
NT_STATUS_HAVE_NO_MEMORY(s->dest_dsa.computer_dn_str);
talloc_free(r);
return NT_STATUS_OK;
}
/*
initialise the baseinfo record
*/
static int ltdb_baseinfo_init(struct ldb_module *module)
{
struct ldb_context *ldb;
void *data = ldb_module_get_private(module);
struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
struct ldb_message *msg;
struct ldb_message_element el;
struct ldb_val val;
int ret;
/* the initial sequence number must be different from the one
set in ltdb_cache_free(). Thanks to Jon for pointing this
out. */
const char *initial_sequence_number = "1";
ldb = ldb_module_get_ctx(module);
ltdb->sequence_number = atof(initial_sequence_number);
msg = ldb_msg_new(ltdb);
if (msg == NULL) {
goto failed;
}
msg->num_elements = 1;
msg->elements = ⪙
msg->dn = ldb_dn_new(msg, ldb, LTDB_BASEINFO);
if (!msg->dn) {
goto failed;
}
el.name = talloc_strdup(msg, LTDB_SEQUENCE_NUMBER);
if (!el.name) {
goto failed;
}
el.values = &val;
el.num_values = 1;
el.flags = 0;
val.data = (uint8_t *)talloc_strdup(msg, initial_sequence_number);
if (!val.data) {
goto failed;
}
val.length = 1;
ret = ltdb_store(module, msg, TDB_INSERT);
talloc_free(msg);
return ret;
failed:
talloc_free(msg);
errno = ENOMEM;
return LDB_ERR_OPERATIONS_ERROR;
}
/*
drsuapi_DsRemoveDSServer
*/
static WERROR dcesrv_drsuapi_DsRemoveDSServer(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct drsuapi_DsRemoveDSServer *r)
{
struct drsuapi_bind_state *b_state;
struct dcesrv_handle *h;
struct ldb_dn *ntds_dn;
int ret;
bool ok;
WERROR status;
ZERO_STRUCT(r->out.res);
*r->out.level_out = 1;
status = drs_security_level_check(dce_call, "DsRemoveDSServer");
if (!W_ERROR_IS_OK(status)) {
return status;
}
DCESRV_PULL_HANDLE_WERR(h, r->in.bind_handle, DRSUAPI_BIND_HANDLE);
b_state = h->data;
switch (r->in.level) {
case 1:
ntds_dn = ldb_dn_new(mem_ctx, b_state->sam_ctx, r->in.req->req1.server_dn);
W_ERROR_HAVE_NO_MEMORY(ntds_dn);
ok = ldb_dn_validate(ntds_dn);
if (!ok) {
return WERR_FOOBAR;
}
/* TODO: it's likely that we need more checks here */
ok = ldb_dn_add_child_fmt(ntds_dn, "CN=NTDS Settings");
if (!ok) {
return WERR_FOOBAR;
}
if (r->in.req->req1.commit) {
ret = ldb_delete(b_state->sam_ctx, ntds_dn);
if (ret != LDB_SUCCESS) {
return WERR_FOOBAR;
}
}
return WERR_OK;
default:
break;
}
return WERR_FOOBAR;
}
ADS_STATUS ads_search_dn(ADS_STRUCT *ads, LDAPMessage **res,
const char *dn, const char **attrs)
{
ADS_STATUS status;
status.err.rc = ldb_search(ads->ldbctx, ads, res,
ldb_dn_new(ads, ads->ldbctx, dn),
LDB_SCOPE_BASE,
attrs,
"(objectclass=*)");
status.error_type = ENUM_ADS_ERROR_LDAP;
return status;
}
int main(int argc, const char **argv)
{
struct ldb_context *ldb;
int ret;
struct ldb_cmdline *options;
struct ldb_dn *dn1, *dn2;
TALLOC_CTX *mem_ctx = talloc_new(NULL);
ldb = ldb_init(mem_ctx, NULL);
if (ldb == NULL) {
return LDB_ERR_OPERATIONS_ERROR;
}
options = ldb_cmdline_process(ldb, argc, argv, usage);
if (options->argc < 2) {
usage(ldb);
}
dn1 = ldb_dn_new(ldb, ldb, options->argv[0]);
dn2 = ldb_dn_new(ldb, ldb, options->argv[1]);
if ((dn1 == NULL) || (dn2 == NULL)) {
return LDB_ERR_OPERATIONS_ERROR;
}
ret = ldb_rename(ldb, dn1, dn2);
if (ret == LDB_SUCCESS) {
printf("Renamed 1 record\n");
} else {
printf("rename of '%s' to '%s' failed - %s\n",
options->argv[0], options->argv[1], ldb_errstring(ldb));
}
talloc_free(mem_ctx);
return ret;
}
static NTSTATUS sldb_list_all(TALLOC_CTX *mem_ctx,
struct share_context *ctx,
int *count,
const char ***names)
{
int ret, i, j;
const char **n;
struct ldb_context *ldb;
struct ldb_result *res;
TALLOC_CTX *tmp_ctx;
tmp_ctx = talloc_new(mem_ctx);
if (!tmp_ctx) {
DEBUG(0,("ERROR: Out of memory!\n"));
return NT_STATUS_NO_MEMORY;
}
ldb = talloc_get_type(ctx->priv_data, struct ldb_context);
ret = ldb_search(ldb, tmp_ctx, &res, ldb_dn_new(tmp_ctx, ldb, "CN=SHARES"),
LDB_SCOPE_SUBTREE, NULL, "(name=*)");
if (ret != LDB_SUCCESS) {
talloc_free(tmp_ctx);
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
n = talloc_array(mem_ctx, const char *, res->count);
if (!n) {
DEBUG(0,("ERROR: Out of memory!\n"));
talloc_free(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
for (i = 0, j = 0; i < res->count; i++) {
n[j] = talloc_strdup(n, ldb_msg_find_attr_as_string(res->msgs[i], "name", NULL));
if (!n[j]) {
DEBUG(0,("WARNING: Malformed share object in share database\n!"));
continue;
}
j++;
}
*names = n;
*count = j;
talloc_free(tmp_ctx);
return NT_STATUS_OK;
}
errno_t
sysdb_del_autofsentry(struct sysdb_ctx *sysdb_ctx,
const char *entry_dn)
{
struct ldb_dn *dn;
errno_t ret;
dn = ldb_dn_new(NULL, sysdb_ctx_get_ldb(sysdb_ctx), entry_dn);
if (!dn) {
return ENOMEM;
}
ret = sysdb_delete_entry(sysdb_ctx, dn, true);
talloc_free(dn);
return ret;
}
static int local_db_dn(TALLOC_CTX *mem_ctx,
struct ldb_context *ldb,
const char *req_path,
struct ldb_dn **req_dn)
{
struct ldb_dn *dn;
const char *s, *e;
int ret;
dn = ldb_dn_new(mem_ctx, ldb, "cn=secrets");
if (!dn) {
ret = ENOMEM;
goto done;
}
s = req_path;
while (s && *s) {
e = strchr(s, '/');
if (e) {
if (e == s) {
s++;
continue;
}
if (!ldb_dn_add_child_fmt(dn, "cn=%.*s", (int)(e - s), s)) {
ret = ENOMEM;
goto done;
}
s = e + 1;
} else {
if (!ldb_dn_add_child_fmt(dn, "cn=%s", s)) {
ret = ENOMEM;
goto done;
}
s = NULL;
}
}
DEBUG(SSSDBG_TRACE_INTERNAL,
"Local path for [%s] is [%s]\n",
req_path, ldb_dn_get_linearized(dn));
*req_dn = dn;
ret = EOK;
done:
return ret;
}
static WERROR dsdb_origin_object_convert(struct ldb_context *ldb,
const struct dsdb_schema *schema,
const struct drsuapi_DsReplicaObjectListItem *in,
TALLOC_CTX *mem_ctx,
struct ldb_message **_msg)
{
WERROR status;
unsigned int i;
struct ldb_message *msg;
if (!in->object.identifier) {
return WERR_FOOBAR;
}
if (!in->object.identifier->dn || !in->object.identifier->dn[0]) {
return WERR_FOOBAR;
}
msg = ldb_msg_new(mem_ctx);
W_ERROR_HAVE_NO_MEMORY(msg);
msg->dn = ldb_dn_new(msg, ldb, in->object.identifier->dn);
W_ERROR_HAVE_NO_MEMORY(msg->dn);
msg->num_elements = in->object.attribute_ctr.num_attributes;
msg->elements = talloc_array(msg, struct ldb_message_element,
msg->num_elements);
W_ERROR_HAVE_NO_MEMORY(msg->elements);
for (i=0; i < msg->num_elements; i++) {
struct drsuapi_DsReplicaAttribute *a;
struct ldb_message_element *e;
a = &in->object.attribute_ctr.attributes[i];
e = &msg->elements[i];
status = dsdb_attribute_drsuapi_to_ldb(ldb, schema, schema->prefixmap,
a, msg->elements, e);
W_ERROR_NOT_OK_RETURN(status);
}
*_msg = msg;
return WERR_OK;
}
/*
return the default DN for a ldap server given a connected RPC pipe to the
server
*/
static const char *torture_get_ldap_base_dn(struct torture_context *tctx, struct dcerpc_pipe *p)
{
const char *hostname = p->binding->host;
struct ldb_context *ldb;
const char *ldap_url = talloc_asprintf(p, "ldap://%s", hostname);
const char *attrs[] = { "defaultNamingContext", NULL };
const char *dnstr;
TALLOC_CTX *tmp_ctx = talloc_new(tctx);
int ret;
struct ldb_result *res;
ldb = ldb_init(tmp_ctx, tctx->ev);
if (ldb == NULL) {
talloc_free(tmp_ctx);
return NULL;
}
if (ldb_set_opaque(ldb, "loadparm", tctx->lp_ctx)) {
talloc_free(ldb);
return NULL;
}
ldb_set_modules_dir(ldb,
modules_path(ldb, "ldb"));
ret = ldb_connect(ldb, ldap_url, 0, NULL);
if (ret != LDB_SUCCESS) {
torture_comment(tctx, "Failed to make LDB connection to target");
talloc_free(tmp_ctx);
return NULL;
}
ret = dsdb_search_dn(ldb, tmp_ctx, &res, ldb_dn_new(tmp_ctx, ldb, ""),
attrs, 0);
if (ret != LDB_SUCCESS) {
torture_comment(tctx, "Failed to get defaultNamingContext");
talloc_free(tmp_ctx);
return NULL;
}
dnstr = ldb_msg_find_attr_as_string(res->msgs[0], "defaultNamingContext", NULL);
dnstr = talloc_strdup(tctx, dnstr);
talloc_free(tmp_ctx);
return dnstr;
}
/*
* The object is not in the current local domain so it should NOT have
* DB_FLAG_INTERNAL_UNIQUE_VALUE set
*/
static void test_objectSID_not_in_domain(void **state)
{
struct ldbtest_ctx *test_ctx =
talloc_get_type_abort(*state, struct ldbtest_ctx);
struct ldb_context *ldb = test_ctx->ldb;
struct ldb_message *msg = ldb_msg_new(test_ctx);
struct ldb_message_element *el = NULL;
struct ldb_request *request = NULL;
struct ldb_request *original_request = NULL;
int rc;
msg->dn = ldb_dn_new(msg, ldb, "dc=test");
add_sid(msg, FOREIGN_SID);
rc = ldb_build_add_req(
&request,
test_ctx->ldb,
test_ctx,
msg,
NULL,
NULL,
ldb_op_default_callback,
NULL);
assert_int_equal(rc, LDB_SUCCESS);
assert_non_null(request);
original_request = request;
rc = unique_object_sids_add(test_ctx->module, request);
assert_int_equal(rc, LDB_SUCCESS);
/*
* Check that the original request was passed to the next module
* and not a copy
*/
assert_ptr_equal(last_request, original_request);
/*
* Check that the flag was not set on the objectSID element
*/
el = ldb_msg_find_element(msg, "objectSID");
assert_non_null(el);
assert_false(el->flags & LDB_FLAG_INTERNAL_FORCE_UNIQUE_INDEX);
}
/* PrintServer Form functions */
static WERROR sptr_EnumPrintServerForms(struct ntptr_GenericHandle *server, TALLOC_CTX *mem_ctx,
struct spoolss_EnumForms *r)
{
struct ldb_context *sptr_db = talloc_get_type(server->ntptr->private_data, struct ldb_context);
struct ldb_message **msgs;
int count;
int i;
union spoolss_FormInfo *info;
count = sptr_db_search(sptr_db, mem_ctx,
ldb_dn_new(mem_ctx, sptr_db, "CN=Forms,CN=PrintServer"),
&msgs, NULL, "(&(objectClass=form))");
if (count == 0) return WERR_OK;
if (count < 0) return WERR_GENERAL_FAILURE;
info = talloc_array(mem_ctx, union spoolss_FormInfo, count);
W_ERROR_HAVE_NO_MEMORY(info);
switch (r->in.level) {
case 1:
for (i=0; i < count; i++) {
info[i].info1.flags = ldb_msg_find_attr_as_uint(msgs[i], "flags", SPOOLSS_FORM_BUILTIN);
info[i].info1.form_name = ldb_msg_find_attr_as_string(msgs[i], "form-name", NULL);
W_ERROR_HAVE_NO_MEMORY(info[i].info1.form_name);
info[i].info1.size.width = ldb_msg_find_attr_as_uint(msgs[i], "size-width", 0);
info[i].info1.size.height = ldb_msg_find_attr_as_uint(msgs[i], "size-height", 0);
info[i].info1.area.left = ldb_msg_find_attr_as_uint(msgs[i], "area-left", 0);
info[i].info1.area.top = ldb_msg_find_attr_as_uint(msgs[i], "area-top", 0);
info[i].info1.area.right = ldb_msg_find_attr_as_uint(msgs[i], "area-right", 0);
info[i].info1.area.bottom = ldb_msg_find_attr_as_uint(msgs[i], "area-bottom", 0);
}
break;
default:
return WERR_UNKNOWN_LEVEL;
}
*r->out.info = info;
*r->out.count = count;
return WERR_OK;
}