static
DWORD
_VmGetHighestCommittedUSN(
PSTR* ppszHighestCommittedUSN
)
{
DWORD dwError = 0;
USN usn = 0;
USN nextUSN = 0;
VDIR_ENTRY_ARRAY entryArray = {0};
PSTR pszUSN = NULL;
VDIR_BACKEND_CTX beCtx = {0};
beCtx.pBE = VmDirBackendSelect(NULL);
assert(beCtx.pBE);
dwError = beCtx.pBE->pfnBEGetNextUSN(&beCtx, &nextUSN);
BAIL_ON_VMDIR_ERROR(dwError);
for (usn=nextUSN; usn > 1LL; usn--)
{
VMDIR_SAFE_FREE_MEMORY(pszUSN);
VmDirFreeEntryArrayContent(&entryArray);
dwError = VmDirAllocateStringPrintf(&pszUSN, "%" PRId64, usn);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirSimpleEqualFilterInternalSearch(
"", LDAP_SCOPE_SUBTREE, ATTR_USN_CHANGED, pszUSN, &entryArray);
BAIL_ON_VMDIR_ERROR(dwError);
if (entryArray.iSize == 1 )
{
break;
}
}
if (usn == 0)
{
BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_STATE);
}
*ppszHighestCommittedUSN = pszUSN;
pszUSN = NULL;
cleanup:
VMDIR_SAFE_FREE_MEMORY(pszUSN);
VmDirFreeEntryArrayContent(&entryArray);
VmDirBackendCtxContentFree(&beCtx);
return dwError;
error:
VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "error (%u), start USN %" PRId64, dwError, nextUSN);
goto cleanup;
}
static
int
_VmGetHighestCommittedUSN(
USN startUsn,
USN *hcUsn)
{
DWORD dwError = 0;
USN usn = 0;
VDIR_ENTRY_ARRAY entryArray = {0};
PSTR usnStr = NULL;
for (usn=startUsn; usn > 1LL; usn--)
{
VMDIR_SAFE_FREE_MEMORY(usnStr);
VmDirFreeEntryArrayContent(&entryArray);
dwError = VmDirAllocateStringPrintf(&usnStr, "%" PRId64, usn);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirSimpleEqualFilterInternalSearch(
"", LDAP_SCOPE_SUBTREE, ATTR_USN_CHANGED, usnStr, &entryArray);
BAIL_ON_VMDIR_ERROR(dwError);
if (entryArray.iSize == 1 )
{
*hcUsn = usn;
goto cleanup;
}
}
dwError = LDAP_OPERATIONS_ERROR;
goto error;
cleanup:
VMDIR_SAFE_FREE_MEMORY(usnStr);
VmDirFreeEntryArrayContent(&entryArray);
return dwError;
error:
VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "_VmGetHighestCommittedUSN: fail to find an entry with USN <= %" PRId64, startUsn);
goto cleanup;
}
/*
* Set vmwPasswordNeverExpires (if it doesn't have a value) to TRUE
* on the domain administrator's account.
*/
DWORD
VmDirSetAdministratorPasswordNeverExpires(
VOID
)
{
DWORD dwError = 0;
PCSTR pszDomainDn = NULL;
const CHAR szAdministrator[] = "cn=Administrator,cn=Users";
const CHAR szTrue[] = "TRUE";
PSTR pszAdministratorDn = NULL;
VDIR_OPERATION op = {0};
PSTR pszLocalErrMsg = NULL;
VDIR_ENTRY_ARRAY entryArray = {0};
PVDIR_ENTRY pEntry = NULL;
VDIR_BERVALUE bervBlob = VDIR_BERVALUE_INIT;
pszDomainDn = gVmdirServerGlobals.systemDomainDN.lberbv.bv_val;
if (pszDomainDn == NULL)
{
dwError = ERROR_INVALID_STATE;
BAIL_ON_VMDIR_ERROR(dwError);
}
dwError = VmDirAllocateStringPrintf(&pszAdministratorDn, "%s,%s", szAdministrator, pszDomainDn);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirSimpleEqualFilterInternalSearch(
pszDomainDn,
LDAP_SCOPE_SUBTREE,
ATTR_DN,
pszAdministratorDn,
&entryArray);
BAIL_ON_VMDIR_ERROR(dwError);
if (entryArray.iSize != 1)
{
dwError = VMDIR_ERROR_DATA_CONSTRAINT_VIOLATION;
BAIL_ON_VMDIR_ERROR(dwError);
}
pEntry = &(entryArray.pEntry[0]);
if (pEntry->allocType == ENTRY_STORAGE_FORMAT_PACK)
{
dwError = VmDirEntryUnpack( pEntry );
BAIL_ON_VMDIR_ERROR(dwError);
}
dwError = VmDirInitStackOperation( &op, VDIR_OPERATION_TYPE_INTERNAL, LDAP_REQ_MODIFY, NULL);
BAIL_ON_VMDIR_ERROR_WITH_MSG(dwError, pszLocalErrMsg, "VmDirSetAdministratorPasswordNeverExpire: VmDirInitStackOperation failed: %u", dwError);
op.pBEIF = VmDirBackendSelect(NULL);
assert(op.pBEIF);
op.reqDn.lberbv.bv_val = pEntry->dn.lberbv.bv_val;
op.reqDn.lberbv.bv_len = pEntry->dn.lberbv.bv_len;
op.request.modifyReq.dn.lberbv = op.reqDn.lberbv;
bervBlob.lberbv.bv_val = (PSTR) szTrue;
bervBlob.lberbv.bv_len = strlen(szTrue);
dwError = VmDirAppendAMod( &op,
MOD_OP_REPLACE,
ATTR_PASSWORD_NEVER_EXPIRES,
ATTR_PASSWORD_NEVER_EXPIRES_LEN,
bervBlob.lberbv_val,
bervBlob.lberbv_len);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirInternalModifyEntry(&op);
BAIL_ON_VMDIR_ERROR(dwError);
cleanup:
VmDirFreeEntryArrayContent(&entryArray);
VmDirFreeOperationContent(&op);
VMDIR_SAFE_FREE_STRINGA(pszAdministratorDn);
return dwError;
error:
VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
"VmDirSetAdministratorPasswordNeverExpires failed, (%u)", dwError);
goto cleanup;
}
/*
* Set SRP Identifier's secret on existing entry with Password set
*/
DWORD
VmDirSRPSetIdentityData(
PCSTR pszUPN,
PCSTR pszClearTextPassword
)
{
DWORD dwError = 0;
VDIR_OPERATION op = {0};
PSTR pszLocalErrMsg = NULL;
VDIR_ENTRY_ARRAY entryArray = {0};
PVDIR_ENTRY pEntry = NULL;
PVDIR_ATTRIBUTE pAttrSecret = NULL;
VDIR_BERVALUE bvUPN = VDIR_BERVALUE_INIT;
VDIR_BERVALUE bvClearTextPassword = VDIR_BERVALUE_INIT;
VDIR_BERVALUE bervSecretBlob = VDIR_BERVALUE_INIT;
if ( IsNullOrEmptyString(pszUPN) ||
IsNullOrEmptyString(pszClearTextPassword)
)
{
dwError = VMDIR_ERROR_INVALID_PARAMETER;
BAIL_ON_VMDIR_ERROR(dwError);
}
bvUPN.lberbv_val = (PSTR)pszUPN;
bvUPN.lberbv_len = VmDirStringLenA(pszUPN);
bvClearTextPassword.lberbv_val = (PSTR)pszClearTextPassword;
bvClearTextPassword.lberbv_len = VmDirStringLenA(pszClearTextPassword);
dwError = VmDirSimpleEqualFilterInternalSearch(
"",
LDAP_SCOPE_SUBTREE,
ATTR_KRB_UPN,
pszUPN,
&entryArray);
BAIL_ON_VMDIR_ERROR(dwError);
if (entryArray.iSize == 1)
{
pAttrSecret = VmDirFindAttrByName(&(entryArray.pEntry[0]), ATTR_SRP_SECRET);
if (pAttrSecret)
{
dwError = VMDIR_ERROR_ENTRY_ALREADY_EXIST;
BAIL_ON_VMDIR_ERROR(dwError);
}
}
else
{
dwError = VMDIR_ERROR_DATA_CONSTRAINT_VIOLATION;
BAIL_ON_VMDIR_ERROR(dwError);
}
pEntry = &(entryArray.pEntry[0]);
dwError = VdirPasswordCheck(&bvClearTextPassword, pEntry);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirSRPCreateSecret(&bvUPN, &bvClearTextPassword, &bervSecretBlob);
BAIL_ON_VMDIR_ERROR(dwError);
if (pEntry->allocType == ENTRY_STORAGE_FORMAT_PACK)
{
dwError = VmDirEntryUnpack( pEntry );
BAIL_ON_VMDIR_ERROR(dwError);
}
dwError = VmDirInitStackOperation( &op, VDIR_OPERATION_TYPE_INTERNAL, LDAP_REQ_MODIFY, NULL);
BAIL_ON_VMDIR_ERROR_WITH_MSG(dwError, pszLocalErrMsg, "VmDirSRPSetIdentityData: VmDirInitStackOperation failed: %u", dwError);
op.pBEIF = VmDirBackendSelect(NULL);
assert(op.pBEIF);
op.reqDn.lberbv.bv_val = pEntry->dn.lberbv.bv_val;
op.reqDn.lberbv.bv_len = pEntry->dn.lberbv.bv_len;
op.request.modifyReq.dn.lberbv = op.reqDn.lberbv;
dwError = VmDirAppendAMod( &op,
MOD_OP_ADD,
ATTR_SRP_SECRET,
ATTR_SRP_SECRET_LEN,
bervSecretBlob.lberbv_val,
bervSecretBlob.lberbv_len);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirInternalModifyEntry(&op);
BAIL_ON_VMDIR_ERROR(dwError);
cleanup:
VmDirFreeBervalContent(&bervSecretBlob);
VmDirFreeEntryArrayContent(&entryArray);
VmDirFreeOperationContent(&op);
return dwError;
error:
VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
"VmDirSRPSetIdentityData (%s) failed, (%u)", VDIR_SAFE_STRING(pszUPN), dwError);
goto cleanup;
}
/*
* Retrieve SRP Identifier's secret and salt
*/
DWORD
VmDirSRPGetIdentityData(
PCSTR pszUPN,
PBYTE* ppByteSecret,
DWORD* pdwSecretLen
)
{
DWORD dwError = 0;
PVDIR_ATTRIBUTE pAttrSecret = NULL;
VDIR_ENTRY_ARRAY entryArray = {0};
PBYTE pLocalSecret = NULL;
if ( IsNullOrEmptyString(pszUPN) ||
ppByteSecret == NULL ||
pdwSecretLen == NULL
)
{
dwError = VMDIR_ERROR_INVALID_PARAMETER;
BAIL_ON_VMDIR_ERROR(dwError);
}
dwError = VmDirSimpleEqualFilterInternalSearch(
"",
LDAP_SCOPE_SUBTREE,
ATTR_KRB_UPN,
pszUPN,
&entryArray);
BAIL_ON_VMDIR_ERROR(dwError);
if (entryArray.iSize == 1)
{
pAttrSecret = VmDirFindAttrByName(&(entryArray.pEntry[0]), ATTR_SRP_SECRET);
if (!pAttrSecret)
{
dwError = VMDIR_ERROR_NO_SUCH_ATTRIBUTE;
BAIL_ON_VMDIR_ERROR(dwError);
}
dwError = VmDirAllocateAndCopyMemory( pAttrSecret->vals[0].lberbv_val,
pAttrSecret->vals[0].lberbv_len,
(PVOID*)&pLocalSecret);
BAIL_ON_VMDIR_ERROR(dwError);
}
else if (entryArray.iSize == 0)
{
dwError = VMDIR_ERROR_ENTRY_NOT_FOUND;
BAIL_ON_VMDIR_ERROR(dwError);
}
else
{
dwError = VMDIR_ERROR_DATA_CONSTRAINT_VIOLATION;
BAIL_ON_VMDIR_ERROR(dwError);
}
*ppByteSecret = pLocalSecret;
*pdwSecretLen = (DWORD) (pAttrSecret->vals[0].lberbv_len);
cleanup:
VmDirFreeEntryArrayContent(&entryArray);
return dwError;
error:
VMDIR_SAFE_FREE_MEMORY( pLocalSecret );
VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
"VmDirSRPGetIdentityData (%s) failed, (%u)", VDIR_SAFE_STRING(pszUPN), dwError);
goto cleanup;
}
/*
* Searches the direct group entry to confirm membership
* Set pAccessRoleBitmap based on getAccessInfo to avoid redundent internal search.
*/
DWORD
VmDirIsDirectMemberOf(
PSTR pszBindDN,
UINT32 getAccessInfo,
UINT32 *pAccessRoleBitmap,
PBOOLEAN pbIsMemberOf
)
{
DWORD dwError = 0;
BOOLEAN bIsMemberOf = FALSE;
VDIR_ENTRY_ARRAY entryResultArray = {0};
PSTR pszGroupDN = NULL;
if (!pbIsMemberOf || !pAccessRoleBitmap)
{
dwError = VMDIR_ERROR_INVALID_PARAMETER;
BAIL_ON_VMDIR_ERROR(dwError);
}
if (getAccessInfo == VDIR_ACCESS_DCGROUP_MEMBER_INFO)
{
if (*pAccessRoleBitmap & VDIR_ACCESS_DCGROUP_MEMBER_VALID_INFO)
{
*pbIsMemberOf = (*pAccessRoleBitmap & VDIR_ACCESS_IS_DCGROUP_MEMBER) != 0;
goto cleanup;
}
pszGroupDN = gVmdirServerGlobals.bvDCGroupDN.lberbv_val;
}
else if (getAccessInfo == VDIR_ACCESS_DCCLIENT_GROUP_MEMBER_INFO)
{
if (*pAccessRoleBitmap & VDIR_ACCESS_DCCLIENT_GROUP_MEMBER_VALID_INFO)
{
*pbIsMemberOf = (*pAccessRoleBitmap & VDIR_ACCESS_IS_DCCLIENT_GROUP_MEMBER) != 0;
goto cleanup;
}
pszGroupDN = gVmdirServerGlobals.bvDCClientGroupDN.lberbv_val;
}
else
{
dwError = VMDIR_ERROR_INVALID_PARAMETER;
BAIL_ON_VMDIR_ERROR(dwError);
}
if (pszGroupDN == NULL || pszBindDN == NULL)
{
*pbIsMemberOf = FALSE;
goto cleanup;
}
VMDIR_LOG_VERBOSE(VMDIR_LOG_MASK_ALL, "VmDirIsDirectMemberOf: internal search for dn %s op %d",
pszBindDN, getAccessInfo);
dwError = VmDirSimpleEqualFilterInternalSearch( pszGroupDN,
LDAP_SCOPE_BASE,
ATTR_MEMBER,
pszBindDN,
&entryResultArray);
BAIL_ON_VMDIR_ERROR(dwError);
if ( entryResultArray.iSize > 0)
{
bIsMemberOf = TRUE;
}
if (getAccessInfo == VDIR_ACCESS_DCGROUP_MEMBER_INFO)
{
*pAccessRoleBitmap |= VDIR_ACCESS_DCGROUP_MEMBER_VALID_INFO;
if (bIsMemberOf)
{
*pAccessRoleBitmap |= VDIR_ACCESS_IS_DCGROUP_MEMBER;
}
}
else
{
*pAccessRoleBitmap |= VDIR_ACCESS_DCCLIENT_GROUP_MEMBER_VALID_INFO;
if (bIsMemberOf)
{
*pAccessRoleBitmap |= VDIR_ACCESS_IS_DCCLIENT_GROUP_MEMBER;
}
}
*pbIsMemberOf = bIsMemberOf;
cleanup:
VmDirFreeEntryArrayContent(&entryResultArray);
return dwError;
error:
*pbIsMemberOf = FALSE;
goto cleanup;
}
/* This function re-instantiates the current vmdir instance with a
* foreign (MDB) database file. It is triggered by running vdcadmintool
* with option 8. Before this action, a foreign database files must be copied
* onto diretory mdb_home_dir/partner/ which may include mdb WAL files under
* xlogs/. See PR 1995325 for the functional spec and use cases.
*/
DWORD
VmDirSrvServerReset(
PDWORD pServerResetState
)
{
int i = 0;
DWORD dwError = 0;
VDIR_ENTRY_ARRAY entryArray = {0};
const char *dbHomeDir = VMDIR_DB_DIR;
PVDIR_SCHEMA_CTX pSchemaCtx = NULL;
BOOLEAN bWriteInvocationId = FALSE;
PSTR pszConfigurationContainerDn = NULL;
PSTR pszDomainControllerContainerDn = NULL;
PSTR pszManagedServiceAccountContainerDn = NULL;
DEQUE computers = {0};
PSTR pszComputer = NULL;
PVDIR_ATTRIBUTE pAttrUPN = NULL;
BOOLEAN bMdbWalEnable = FALSE;
VmDirGetMdbWalEnable(&bMdbWalEnable);
//swap current vmdir database file with the foriegn one under partner/
dwError = _VmDirSwapDB(dbHomeDir, bMdbWalEnable);
BAIL_ON_VMDIR_ERROR(dwError);
//Delete Computers (domain controller accounts) under Domain Controller container
dwError = VmDirAllocateStringPrintf(&pszDomainControllerContainerDn, "ou=%s,%s",
VMDIR_DOMAIN_CONTROLLERS_RDN_VAL, gVmdirServerGlobals.systemDomainDN.lberbv_val);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirSimpleEqualFilterInternalSearch(pszDomainControllerContainerDn, LDAP_SCOPE_ONE,
ATTR_OBJECT_CLASS, OC_COMPUTER, &entryArray);
BAIL_ON_VMDIR_ERROR(dwError);
if(entryArray.iSize > 0)
{
for (i = 0; i < entryArray.iSize; i++)
{
pAttrUPN = VmDirFindAttrByName(&entryArray.pEntry[i], ATTR_KRB_UPN);
if (pAttrUPN)
{
PSTR pPc = NULL;
dwError = VmDirAllocateStringA(pAttrUPN->vals[0].lberbv_val, &pPc);
dequePush(&computers, pPc);
}
dwError = VmDirDeleteEntry(&entryArray.pEntry[i]);
BAIL_ON_VMDIR_ERROR(dwError);
}
}
VmDirFreeEntryArrayContent(&entryArray);
/* Delete all entries in the subtree under Configuration container
* (e.g. under cn=Configuration,dc=vmware,dc=com).
* This will remove the old replication topology
*/
dwError = VmDirAllocateStringPrintf(&pszConfigurationContainerDn, "cn=%s,%s",
VMDIR_CONFIGURATION_CONTAINER_NAME, gVmdirServerGlobals.systemDomainDN.lberbv_val);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirSimpleEqualFilterInternalSearch(pszConfigurationContainerDn, LDAP_SCOPE_SUBTREE,
ATTR_OBJECT_CLASS, OC_DIR_SERVER, &entryArray);
BAIL_ON_VMDIR_ERROR(dwError);
if (entryArray.iSize > 0)
{
for (i = 0; i < entryArray.iSize; i++)
{
/* Delete all replication agreement entries for a server and
* the server it self under the configuration/site container
*/
dwError = VmDirInternalDeleteTree(entryArray.pEntry[i].dn.lberbv_val);
BAIL_ON_VMDIR_ERROR(dwError);
}
}
VmDirFreeEntryArrayContent(&entryArray);
//Delete ManagedServiceAccount entries that are associated with any of the domain controllers
dwError = VmDirAllocateStringPrintf(&pszManagedServiceAccountContainerDn, "cn=%s,%s",
VMDIR_MSAS_RDN_VAL, gVmdirServerGlobals.systemDomainDN.lberbv_val);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirSimpleEqualFilterInternalSearch(pszManagedServiceAccountContainerDn, LDAP_SCOPE_ONE,
ATTR_OBJECT_CLASS, OC_MANAGED_SERVICE_ACCOUNT, &entryArray);
BAIL_ON_VMDIR_ERROR(dwError);
if (entryArray.iSize > 0)
{
for (i = 0; i < entryArray.iSize; i++)
{
PDEQUE_NODE p = NULL;
pAttrUPN = VmDirFindAttrByName(&entryArray.pEntry[i], ATTR_KRB_UPN);
for(p = computers.pHead; p != NULL; p = p->pNext)
{
if (VmDirStringCaseStrA(pAttrUPN->vals[0].lberbv_val, p->pElement) != NULL)
{
dwError = VmDirDeleteEntry(&entryArray.pEntry[i]);
BAIL_ON_VMDIR_ERROR(dwError);
break;
}
}
}
}
dwError = VmDirSchemaCtxAcquire(&pSchemaCtx );
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirSrvCreateServerObj(pSchemaCtx);
BAIL_ON_VMDIR_ERROR(dwError);
//Create server and replication entries for the current instance
// on top of the (cleaned up) foreign database.
dwError = VmDirSrvCreateReplAgrsContainer(pSchemaCtx);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = _VmDirPatchDSERoot(pSchemaCtx);
BAIL_ON_VMDIR_ERROR(dwError);
VmDirSchemaCtxRelease(pSchemaCtx);
pSchemaCtx = NULL;
dwError = LoadServerGlobals(&bWriteInvocationId);
BAIL_ON_VMDIR_ERROR(dwError);
cleanup:
if (pSchemaCtx)
{
VmDirSchemaCtxRelease(pSchemaCtx);
}
VmDirFreeEntryArrayContent(&entryArray);
VMDIR_SAFE_FREE_MEMORY(pszConfigurationContainerDn);
VMDIR_SAFE_FREE_MEMORY(pszDomainControllerContainerDn);
while(!dequeIsEmpty(&computers))
{
dequePopLeft(&computers, (PVOID*)&pszComputer);
VMDIR_SAFE_FREE_MEMORY(pszComputer);
}
return dwError;
error:
goto cleanup;
}
static
DWORD
_VmKdcGetKrbUPNKey(
PSTR pszUpnName,
PBYTE* ppKeyBlob,
DWORD* pSize
)
{
DWORD dwError = 0;
PVDIR_ATTRIBUTE pKrbUPNKey = NULL;
PBYTE pRetUPNKey = NULL;
VDIR_ENTRY_ARRAY entryArray = {0};
if (IsNullOrEmptyString(pszUpnName)
|| !ppKeyBlob
|| !pSize
)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMKDC_ERROR(dwError);
}
dwError = VmDirSimpleEqualFilterInternalSearch(
"",
LDAP_SCOPE_SUBTREE,
ATTR_KRB_UPN,
pszUpnName,
&entryArray);
BAIL_ON_VMKDC_ERROR(dwError);
if (entryArray.iSize == 1)
{
pKrbUPNKey = VmDirFindAttrByName(&(entryArray.pEntry[0]), ATTR_KRB_PRINCIPAL_KEY);
if (!pKrbUPNKey)
{
dwError = ERROR_NO_PRINC;
BAIL_ON_VMKDC_ERROR(dwError);
}
dwError = VmDirAllocateAndCopyMemory(
pKrbUPNKey->vals[0].lberbv.bv_val,
pKrbUPNKey->vals[0].lberbv.bv_len,
(PVOID*)& pRetUPNKey
);
BAIL_ON_VMKDC_ERROR(dwError);
*ppKeyBlob = pRetUPNKey;
*pSize = (DWORD) pKrbUPNKey->vals[0].lberbv.bv_len;
pRetUPNKey = NULL;
}
else
{
dwError = ERROR_NO_PRINC;
BAIL_ON_VMKDC_ERROR(dwError);
}
cleanup:
VmDirFreeEntryArrayContent(&entryArray);
return dwError;
error:
VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "_VmKdcGetKrbUPNKey: failed (%u)(%s)", dwError, VDIR_SAFE_STRING(pszUpnName));
VMKDC_SAFE_FREE_MEMORY(pRetUPNKey);
// keep error code space to KDC specific
dwError = ERROR_NO_PRINC;
goto cleanup;
}
DWORD
VmDirGetKrbUPNKey(
PSTR pszUpnName,
PBYTE* ppKeyBlob,
DWORD* pSize
)
{
DWORD dwError = 0;
PVDIR_ATTRIBUTE pKrbUPNKey = NULL;
PBYTE pRetUPNKey = NULL;
VDIR_ENTRY_ARRAY entryArray = {0};
if (IsNullOrEmptyString(pszUpnName)
|| !ppKeyBlob
|| !pSize
)
{
dwError = VMDIR_ERROR_INVALID_PARAMETER;
BAIL_ON_VMDIR_ERROR(dwError);
}
dwError = VmDirSimpleEqualFilterInternalSearch(
"",
LDAP_SCOPE_SUBTREE,
ATTR_KRB_UPN,
pszUpnName,
&entryArray);
BAIL_ON_VMDIR_ERROR(dwError);
if (entryArray.iSize == 1)
{
pKrbUPNKey = VmDirFindAttrByName(&(entryArray.pEntry[0]), ATTR_KRB_PRINCIPAL_KEY);
if (!pKrbUPNKey)
{
dwError = VMDIR_ERROR_NO_SUCH_ATTRIBUTE;
BAIL_ON_VMDIR_ERROR(dwError);
}
dwError = VmDirAllocateMemory(
pKrbUPNKey->vals[0].lberbv.bv_len,
(PVOID*)&pRetUPNKey
);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirCopyMemory(
pRetUPNKey,
pKrbUPNKey->vals[0].lberbv.bv_len,
pKrbUPNKey->vals[0].lberbv.bv_val,
pKrbUPNKey->vals[0].lberbv.bv_len
);
BAIL_ON_VMDIR_ERROR(dwError);
*ppKeyBlob = pRetUPNKey;
*pSize = (DWORD) pKrbUPNKey->vals[0].lberbv.bv_len;
pRetUPNKey = NULL;
}
else
{
dwError = VMDIR_ERROR_ENTRY_NOT_FOUND;
BAIL_ON_VMDIR_ERROR(dwError);
}
cleanup:
VmDirFreeEntryArrayContent(&entryArray);
return dwError;
error:
VMDIR_LOG_ERROR( LDAP_DEBUG_RPC, "VmDirGetKrbUPNKey failed. (%u)(%s)",
dwError, VDIR_SAFE_STRING(pszUpnName));
VMDIR_SAFE_FREE_MEMORY(pRetUPNKey);
goto cleanup;
}
DWORD
VmDirGetUPNMemberships(
PCSTR pszUpnName,
PSTR **pppszMemberships,
PDWORD pdwMemberships
)
{
DWORD dwError = 0;
VDIR_ENTRY_ARRAY entryArray = {0};
VDIR_OPERATION searchOp = {0};
BOOLEAN bHasTxn = FALSE;
PVDIR_ATTRIBUTE pMemberOf = NULL;
PSTR *ppszMemberships = NULL;
DWORD dwMemberships = 0;
DWORD i = 0;
if (IsNullOrEmptyString(pszUpnName) ||
pppszMemberships == NULL ||
pdwMemberships == NULL)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMDIR_ERROR(dwError);
}
dwError = VmDirSimpleEqualFilterInternalSearch(
"",
LDAP_SCOPE_SUBTREE,
ATTR_KRB_UPN,
pszUpnName,
&entryArray);
BAIL_ON_VMDIR_ERROR(dwError);
if (entryArray.iSize == 0)
{
dwError = VMDIR_ERROR_ENTRY_NOT_FOUND;
BAIL_ON_VMDIR_ERROR(dwError);
}
else if (entryArray.iSize > 1)
{
dwError = VMDIR_ERROR_DATA_CONSTRAINT_VIOLATION;
BAIL_ON_VMDIR_ERROR(dwError);
}
dwError = VmDirInitStackOperation(&searchOp, VDIR_OPERATION_TYPE_INTERNAL, LDAP_REQ_SEARCH, NULL);
BAIL_ON_VMDIR_ERROR(dwError);
searchOp.pBEIF = VmDirBackendSelect(NULL);
dwError = searchOp.pBEIF->pfnBETxnBegin(searchOp.pBECtx, VDIR_BACKEND_TXN_READ);
BAIL_ON_VMDIR_ERROR(dwError);
bHasTxn = TRUE;
dwError = VmDirBuildMemberOfAttribute(&searchOp, entryArray.pEntry, &pMemberOf);
BAIL_ON_VMDIR_ERROR(dwError);
if (pMemberOf)
{
dwMemberships = pMemberOf->numVals;
}
if (dwMemberships)
{
dwError = VmDirAllocateMemory(dwMemberships * sizeof(PSTR), (PVOID)&ppszMemberships);
BAIL_ON_VMDIR_ERROR(dwError);
for (i = 0; i < dwMemberships; i++)
{
PCSTR pszMemberOf = pMemberOf->vals[i].lberbv.bv_val;
dwError = VmDirAllocateStringA(pszMemberOf, &ppszMemberships[i]);
BAIL_ON_VMDIR_ERROR(dwError);
}
}
*pppszMemberships = ppszMemberships;
*pdwMemberships = dwMemberships;
cleanup:
if (pMemberOf)
{
VmDirFreeAttribute(pMemberOf);
}
if (bHasTxn)
{
searchOp.pBEIF->pfnBETxnCommit(searchOp.pBECtx);
}
VmDirFreeOperationContent(&searchOp);
VmDirFreeEntryArrayContent(&entryArray);
return dwError;
error:
VmDirFreeMemberships(ppszMemberships, dwMemberships);
goto cleanup;
}
