/*
* GetUniqueFMID
*
* This function is a copy of original openchangedb_get_new_folderID from libproxy/openchangedb.C
*
* I extract this function because :
* - Function can be implemented directly in the backend
* -
*/
enum MAPISTATUS GetUniqueFMID(struct EasyLinuxContext *elContext, uint64_t *FMID)
{
int ret;
struct ldb_result *res;
struct ldb_message *msg;
const char * const attrs[] = { "*", NULL };
/* Get the current GlobalCount */
ret = ldb_search(elContext->LdbTable, elContext->mem_ctx, &res, ldb_get_root_basedn(elContext->LdbTable),
LDB_SCOPE_SUBTREE, attrs, "(objectClass=server)");
if( ret != LDB_SUCCESS || !res->count )
return MAPI_E_NOT_FOUND;
*FMID = ldb_msg_find_attr_as_uint64(res->msgs[0], "GlobalCount", 0);
/* Update GlobalCount value */
msg = ldb_msg_new(elContext->mem_ctx);
msg->dn = ldb_dn_copy(msg, ldb_msg_find_attr_as_dn(elContext->LdbTable, elContext->mem_ctx, res->msgs[0], "distinguishedName"));
ldb_msg_add_fmt(msg, "GlobalCount", "%llu", (long long unsigned int) ((*FMID) + 1));
msg->elements[0].flags = LDB_FLAG_MOD_REPLACE;
ret = ldb_modify(elContext->LdbTable, msg);
if( ret != LDB_SUCCESS || !res->count )
return MAPI_E_NOT_FOUND;
*FMID = (exchange_globcnt(*FMID) << 16) | 0x0001;
return MAPI_E_SUCCESS;
}
/*
get the stamp values for the linked attribute 'linked_attr_name' of the object 'dn'
*/
static WERROR get_linked_attribute_value_stamp(TALLOC_CTX *mem_ctx, struct ldb_context *samdb,
struct ldb_dn *dn, const char *linked_attr_name,
uint32_t *attr_version, NTTIME *attr_change_time, uint32_t *attr_orig_usn)
{
struct ldb_result *res;
int ret;
const char *attrs[2];
struct ldb_dn *attr_ext_dn;
NTSTATUS ntstatus;
attrs[0] = linked_attr_name;
attrs[1] = NULL;
ret = dsdb_search_dn(samdb, mem_ctx, &res, dn, attrs,
DSDB_SEARCH_SHOW_EXTENDED_DN | DSDB_SEARCH_REVEAL_INTERNALS);
if (ret != LDB_SUCCESS) {
DEBUG(0, (__location__ ": Failed search for attribute %s on %s",
linked_attr_name, ldb_dn_get_linearized(dn)));
return WERR_INTERNAL_ERROR;
}
attr_ext_dn = ldb_msg_find_attr_as_dn(samdb, mem_ctx, res->msgs[0], linked_attr_name);
if (!attr_ext_dn) {
DEBUG(0, (__location__ ": Failed search for attribute %s on %s",
linked_attr_name, ldb_dn_get_linearized(dn)));
return WERR_INTERNAL_ERROR;
}
DEBUG(0, ("linked_attr_name = %s, attr_ext_dn = %s", linked_attr_name,
ldb_dn_get_extended_linearized(mem_ctx, attr_ext_dn, 1)));
ntstatus = dsdb_get_extended_dn_uint32(attr_ext_dn, attr_version, "RMD_VERSION");
if (!NT_STATUS_IS_OK(ntstatus)) {
DEBUG(0, (__location__ ": Could not extract component %s from dn \"%s\"",
"RMD_VERSION", ldb_dn_get_extended_linearized(mem_ctx, attr_ext_dn, 1)));
return WERR_INTERNAL_ERROR;
}
ntstatus = dsdb_get_extended_dn_nttime(attr_ext_dn, attr_change_time, "RMD_CHANGETIME");
if (!NT_STATUS_IS_OK(ntstatus)) {
DEBUG(0, (__location__ ": Could not extract component %s from dn \"%s\"",
"RMD_CHANGETIME", ldb_dn_get_extended_linearized(mem_ctx, attr_ext_dn, 1)));
return WERR_INTERNAL_ERROR;
}
ntstatus = dsdb_get_extended_dn_uint32(attr_ext_dn, attr_version, "RMD_ORIGINATING_USN");
if (!NT_STATUS_IS_OK(ntstatus)) {
DEBUG(0, (__location__ ": Could not extract component %s from dn \"%s\"",
"RMD_ORIGINATING_USN", ldb_dn_get_extended_linearized(mem_ctx, attr_ext_dn, 1)));
return WERR_INTERNAL_ERROR;
}
return WERR_OK;
}
/*
Check if particular SPN exists for an account
*/
static bool dreplsrv_spn_exists(struct ldb_context *samdb, struct ldb_dn *ntds_dn,
const char *principal_name)
{
TALLOC_CTX *tmp_ctx;
const char *attrs[] = { "serverReference", NULL };
const char *attrs_empty[] = { NULL };
int ret;
struct ldb_result *res;
struct ldb_dn *account_dn;
tmp_ctx = talloc_new(samdb);
ret = dsdb_search_dn(samdb, tmp_ctx, &res, ntds_dn, attrs, 0);
if (ret != LDB_SUCCESS) {
talloc_free(tmp_ctx);
return false;
}
account_dn = ldb_msg_find_attr_as_dn(samdb, tmp_ctx, res->msgs[0], "serverReference");
if (account_dn == NULL) {
talloc_free(tmp_ctx);
return false;
}
talloc_free(res);
ret = dsdb_search(samdb, tmp_ctx, &res, account_dn, LDB_SCOPE_BASE, attrs_empty,
0, "servicePrincipalName=%s",
ldb_binary_encode_string(tmp_ctx, principal_name));
if (ret != LDB_SUCCESS || res->count != 1) {
talloc_free(tmp_ctx);
return false;
}
talloc_free(tmp_ctx);
return true;
}
static int pdc_fsmo_init(struct ldb_module *module)
{
struct ldb_context *ldb;
TALLOC_CTX *mem_ctx;
struct ldb_dn *pdc_dn;
struct dsdb_pdc_fsmo *pdc_fsmo;
struct ldb_result *pdc_res;
int ret;
static const char *pdc_attrs[] = {
"fSMORoleOwner",
NULL
};
ldb = ldb_module_get_ctx(module);
mem_ctx = talloc_new(module);
if (!mem_ctx) {
return ldb_oom(ldb);
}
pdc_dn = ldb_get_default_basedn(ldb);
if (!pdc_dn) {
ldb_debug_set(ldb, LDB_DEBUG_FATAL,
"pdc_fsmo_init: could not determine default basedn");
talloc_free(mem_ctx);
return LDB_ERR_OPERATIONS_ERROR;
}
pdc_fsmo = talloc_zero(mem_ctx, struct dsdb_pdc_fsmo);
if (!pdc_fsmo) {
return ldb_oom(ldb);
}
ldb_module_set_private(module, pdc_fsmo);
ret = dsdb_module_search_dn(module, mem_ctx, &pdc_res,
pdc_dn,
pdc_attrs,
DSDB_FLAG_NEXT_MODULE, NULL);
if (ret == LDB_ERR_NO_SUCH_OBJECT) {
ldb_debug(ldb, LDB_DEBUG_TRACE,
"pdc_fsmo_init: no domain object present: (skip loading of domain details)");
talloc_free(mem_ctx);
return ldb_next_init(module);
} else if (ret != LDB_SUCCESS) {
ldb_debug_set(ldb, LDB_DEBUG_FATAL,
"pdc_fsmo_init: failed to search the domain object: %d:%s: %s",
ret, ldb_strerror(ret), ldb_errstring(ldb));
talloc_free(mem_ctx);
return ret;
}
pdc_fsmo->master_dn = ldb_msg_find_attr_as_dn(ldb, mem_ctx, pdc_res->msgs[0], "fSMORoleOwner");
if (ldb_dn_compare(samdb_ntds_settings_dn(ldb), pdc_fsmo->master_dn) == 0) {
pdc_fsmo->we_are_master = true;
} else {
pdc_fsmo->we_are_master = false;
}
if (ldb_set_opaque(ldb, "dsdb_pdc_fsmo", pdc_fsmo) != LDB_SUCCESS) {
return ldb_oom(ldb);
}
talloc_steal(module, pdc_fsmo);
ldb_debug(ldb, LDB_DEBUG_TRACE,
"pdc_fsmo_init: we are master: %s\n",
(pdc_fsmo->we_are_master?"yes":"no"));
talloc_free(mem_ctx);
return ldb_next_init(module);
}
/*
drsuapi_DsGetDomainControllerInfo
*/
static WERROR dcesrv_drsuapi_DsGetDomainControllerInfo_1(struct drsuapi_bind_state *b_state,
TALLOC_CTX *mem_ctx,
struct drsuapi_DsGetDomainControllerInfo *r)
{
struct ldb_dn *sites_dn;
struct ldb_result *res;
const char *attrs_account_1[] = { "cn", "dnsHostName", NULL };
const char *attrs_account_2[] = { "cn", "dnsHostName", "objectGUID", NULL };
const char *attrs_none[] = { NULL };
const char *attrs_site[] = { "objectGUID", NULL };
const char *attrs_ntds[] = { "options", "objectGUID", NULL };
const char *attrs_1[] = { "serverReference", "cn", "dnsHostName", NULL };
const char *attrs_2[] = { "serverReference", "cn", "dnsHostName", "objectGUID", NULL };
const char **attrs;
struct drsuapi_DsGetDCInfoCtr1 *ctr1;
struct drsuapi_DsGetDCInfoCtr2 *ctr2;
int ret, i;
*r->out.level_out = r->in.req->req1.level;
r->out.ctr = talloc(mem_ctx, union drsuapi_DsGetDCInfoCtr);
W_ERROR_HAVE_NO_MEMORY(r->out.ctr);
sites_dn = samdb_sites_dn(b_state->sam_ctx, mem_ctx);
if (!sites_dn) {
return WERR_DS_OBJ_NOT_FOUND;
}
switch (*r->out.level_out) {
case -1:
/* this level is not like the others */
return WERR_UNKNOWN_LEVEL;
case 1:
attrs = attrs_1;
break;
case 2:
attrs = attrs_2;
break;
default:
return WERR_UNKNOWN_LEVEL;
}
ret = ldb_search(b_state->sam_ctx, mem_ctx, &res, sites_dn, LDB_SCOPE_SUBTREE, attrs,
"objectClass=server");
if (ret) {
DEBUG(1, ("searching for servers in sites DN %s failed: %s\n",
ldb_dn_get_linearized(sites_dn), ldb_errstring(b_state->sam_ctx)));
return WERR_GENERAL_FAILURE;
}
switch (*r->out.level_out) {
case 1:
ctr1 = &r->out.ctr->ctr1;
ctr1->count = res->count;
ctr1->array = talloc_zero_array(mem_ctx,
struct drsuapi_DsGetDCInfo1,
res->count);
for (i=0; i < res->count; i++) {
struct ldb_dn *domain_dn;
struct ldb_result *res_domain;
struct ldb_result *res_account;
struct ldb_dn *ntds_dn = ldb_dn_copy(mem_ctx, res->msgs[i]->dn);
struct ldb_dn *ref_dn
= ldb_msg_find_attr_as_dn(b_state->sam_ctx,
mem_ctx, res->msgs[i],
"serverReference");
if (!ntds_dn || !ldb_dn_add_child_fmt(ntds_dn, "CN=NTDS Settings")) {
return WERR_NOMEM;
}
ret = ldb_search(b_state->sam_ctx, mem_ctx, &res_account, ref_dn,
LDB_SCOPE_BASE, attrs_account_1, "objectClass=computer");
if (ret == LDB_SUCCESS && res_account->count == 1) {
const char *errstr;
ctr1->array[i].dns_name
= ldb_msg_find_attr_as_string(res_account->msgs[0], "dNSHostName", NULL);
ctr1->array[i].netbios_name
= ldb_msg_find_attr_as_string(res_account->msgs[0], "cn", NULL);
ctr1->array[i].computer_dn
= ldb_dn_get_linearized(res_account->msgs[0]->dn);
/* Determine if this is the PDC */
ret = samdb_search_for_parent_domain(b_state->sam_ctx,
mem_ctx, res_account->msgs[0]->dn,
&domain_dn, &errstr);
if (ret == LDB_SUCCESS) {
ret = ldb_search(b_state->sam_ctx, mem_ctx, &res_domain, domain_dn,
LDB_SCOPE_BASE, attrs_none, "fSMORoleOwner=%s",
ldb_dn_get_linearized(ntds_dn));
if (ret) {
return WERR_GENERAL_FAILURE;
}
if (res_domain->count == 1) {
ctr1->array[i].is_pdc = true;
}
}
}
if ((ret != LDB_SUCCESS) && (ret != LDB_ERR_NO_SUCH_OBJECT)) {
DEBUG(5, ("warning: searching for computer DN %s failed: %s\n",
ldb_dn_get_linearized(ref_dn), ldb_errstring(b_state->sam_ctx)));
}
/* Look at server DN and extract site component */
ctr1->array[i].site_name = result_site_name(res->msgs[i]->dn);
ctr1->array[i].server_dn = ldb_dn_get_linearized(res->msgs[i]->dn);
ctr1->array[i].is_enabled = true;
}
break;
case 2:
ctr2 = &r->out.ctr->ctr2;
ctr2->count = res->count;
ctr2->array = talloc_zero_array(mem_ctx,
struct drsuapi_DsGetDCInfo2,
res->count);
for (i=0; i < res->count; i++) {
struct ldb_dn *domain_dn;
struct ldb_result *res_domain;
struct ldb_result *res_account;
struct ldb_dn *ntds_dn = ldb_dn_copy(mem_ctx, res->msgs[i]->dn);
struct ldb_result *res_ntds;
struct ldb_dn *site_dn = ldb_dn_copy(mem_ctx, res->msgs[i]->dn);
struct ldb_result *res_site;
struct ldb_dn *ref_dn
= ldb_msg_find_attr_as_dn(b_state->sam_ctx,
mem_ctx, res->msgs[i],
"serverReference");
if (!ntds_dn || !ldb_dn_add_child_fmt(ntds_dn, "CN=NTDS Settings")) {
return WERR_NOMEM;
}
/* Format is cn=<NETBIOS name>,cn=Servers,cn=<site>,cn=sites.... */
if (!site_dn || !ldb_dn_remove_child_components(site_dn, 2)) {
return WERR_NOMEM;
}
ret = ldb_search(b_state->sam_ctx, mem_ctx, &res_ntds, ntds_dn,
LDB_SCOPE_BASE, attrs_ntds, "objectClass=nTDSDSA");
if (ret == LDB_SUCCESS && res_ntds->count == 1) {
ctr2->array[i].is_gc
= (ldb_msg_find_attr_as_int(res_ntds->msgs[0], "options", 0) == 1);
ctr2->array[i].ntds_guid
= samdb_result_guid(res_ntds->msgs[0], "objectGUID");
ctr2->array[i].ntds_dn = ldb_dn_get_linearized(res_ntds->msgs[0]->dn);
}
if ((ret != LDB_SUCCESS) && (ret != LDB_ERR_NO_SUCH_OBJECT)) {
DEBUG(5, ("warning: searching for NTDS DN %s failed: %s\n",
ldb_dn_get_linearized(ntds_dn), ldb_errstring(b_state->sam_ctx)));
}
ret = ldb_search(b_state->sam_ctx, mem_ctx, &res_site, site_dn,
LDB_SCOPE_BASE, attrs_site, "objectClass=site");
if (ret == LDB_SUCCESS && res_site->count == 1) {
ctr2->array[i].site_guid
= samdb_result_guid(res_site->msgs[0], "objectGUID");
ctr2->array[i].site_dn = ldb_dn_get_linearized(res_site->msgs[0]->dn);
}
if ((ret != LDB_SUCCESS) && (ret != LDB_ERR_NO_SUCH_OBJECT)) {
DEBUG(5, ("warning: searching for site DN %s failed: %s\n",
ldb_dn_get_linearized(site_dn), ldb_errstring(b_state->sam_ctx)));
}
ret = ldb_search(b_state->sam_ctx, mem_ctx, &res_account, ref_dn,
LDB_SCOPE_BASE, attrs_account_2, "objectClass=computer");
if (ret == LDB_SUCCESS && res_account->count == 1) {
const char *errstr;
ctr2->array[i].dns_name
= ldb_msg_find_attr_as_string(res_account->msgs[0], "dNSHostName", NULL);
ctr2->array[i].netbios_name
= ldb_msg_find_attr_as_string(res_account->msgs[0], "cn", NULL);
ctr2->array[i].computer_dn = ldb_dn_get_linearized(res_account->msgs[0]->dn);
ctr2->array[i].computer_guid
= samdb_result_guid(res_account->msgs[0], "objectGUID");
/* Determine if this is the PDC */
ret = samdb_search_for_parent_domain(b_state->sam_ctx,
mem_ctx, res_account->msgs[0]->dn,
&domain_dn, &errstr);
if (ret == LDB_SUCCESS) {
ret = ldb_search(b_state->sam_ctx, mem_ctx, &res_domain, domain_dn,
LDB_SCOPE_BASE, attrs_none, "fSMORoleOwner=%s",
ldb_dn_get_linearized(ntds_dn));
if (ret == LDB_SUCCESS && res_domain->count == 1) {
ctr2->array[i].is_pdc = true;
}
if ((ret != LDB_SUCCESS) && (ret != LDB_ERR_NO_SUCH_OBJECT)) {
DEBUG(5, ("warning: searching for domain DN %s failed: %s\n",
ldb_dn_get_linearized(domain_dn), ldb_errstring(b_state->sam_ctx)));
}
}
}
if ((ret != LDB_SUCCESS) && (ret != LDB_ERR_NO_SUCH_OBJECT)) {
DEBUG(5, ("warning: searching for computer account DN %s failed: %s\n",
ldb_dn_get_linearized(ref_dn), ldb_errstring(b_state->sam_ctx)));
}
/* Look at server DN and extract site component */
ctr2->array[i].site_name = result_site_name(res->msgs[i]->dn);
ctr2->array[i].server_dn = ldb_dn_get_linearized(res->msgs[i]->dn);
ctr2->array[i].server_guid
= samdb_result_guid(res->msgs[i], "objectGUID");
ctr2->array[i].is_enabled = true;
}
break;
}
return WERR_OK;
}
/*
work out the principal to use for DRS replication connections
*/
NTSTATUS dreplsrv_get_target_principal(struct dreplsrv_service *s,
TALLOC_CTX *mem_ctx,
const struct repsFromTo1 *rft,
const char **target_principal)
{
TALLOC_CTX *tmp_ctx;
struct ldb_result *res;
const char *attrs_server[] = { "dNSHostName", NULL };
const char *attrs_ntds[] = { "msDS-HasDomainNCs", "hasMasterNCs", NULL };
int ret;
const char *hostname, *dnsdomain=NULL;
struct ldb_dn *ntds_dn, *server_dn;
struct ldb_dn *forest_dn, *nc_dn;
*target_principal = NULL;
tmp_ctx = talloc_new(mem_ctx);
/* we need to find their hostname */
ret = dsdb_find_dn_by_guid(s->samdb, tmp_ctx, &rft->source_dsa_obj_guid, &ntds_dn);
if (ret != LDB_SUCCESS) {
talloc_free(tmp_ctx);
/* its OK for their NTDSDSA DN not to be in our database */
return NT_STATUS_OK;
}
server_dn = ldb_dn_copy(tmp_ctx, ntds_dn);
if (server_dn == NULL) {
talloc_free(tmp_ctx);
return NT_STATUS_OK;
}
/* strip off the NTDS Settings */
if (!ldb_dn_remove_child_components(server_dn, 1)) {
talloc_free(tmp_ctx);
return NT_STATUS_OK;
}
ret = dsdb_search_dn(s->samdb, tmp_ctx, &res, server_dn, attrs_server, 0);
if (ret != LDB_SUCCESS) {
talloc_free(tmp_ctx);
/* its OK for their server DN not to be in our database */
return NT_STATUS_OK;
}
forest_dn = ldb_get_root_basedn(s->samdb);
if (forest_dn == NULL) {
talloc_free(tmp_ctx);
return NT_STATUS_OK;
}
hostname = ldb_msg_find_attr_as_string(res->msgs[0], "dNSHostName", NULL);
if (hostname != NULL) {
char *local_principal;
/*
if we have the dNSHostName attribute then we can use
the GC/hostname/realm SPN. All DCs should have this SPN
Windows DC may set up it's dNSHostName before setting up
GC/xx/xx SPN. So make sure it exists, before using it.
*/
local_principal = talloc_asprintf(mem_ctx, "GC/%s/%s",
hostname,
samdb_dn_to_dns_domain(tmp_ctx, forest_dn));
if (dreplsrv_spn_exists(s->samdb, ntds_dn, local_principal)) {
*target_principal = local_principal;
talloc_free(tmp_ctx);
return NT_STATUS_OK;
}
talloc_free(local_principal);
}
/*
if we can't find the dNSHostName then we will try for the
E3514235-4B06-11D1-AB04-00C04FC2DCD2/${NTDSGUID}/${DNSDOMAIN}
SPN. To use that we need the DNS domain name of the target
DC. We find that by first looking for the msDS-HasDomainNCs
in the NTDSDSA object of the DC, and if we don't find that,
then we look for the hasMasterNCs attribute, and eliminate
the known schema and configuruation DNs. Despite how
bizarre this seems, Hongwei tells us that this is in fact
what windows does to find the SPN!!
*/
ret = dsdb_search_dn(s->samdb, tmp_ctx, &res, ntds_dn, attrs_ntds, 0);
if (ret != LDB_SUCCESS) {
talloc_free(tmp_ctx);
return NT_STATUS_OK;
}
nc_dn = ldb_msg_find_attr_as_dn(s->samdb, tmp_ctx, res->msgs[0], "msDS-HasDomainNCs");
if (nc_dn != NULL) {
dnsdomain = samdb_dn_to_dns_domain(tmp_ctx, nc_dn);
}
if (dnsdomain == NULL) {
struct ldb_message_element *el;
int i;
el = ldb_msg_find_element(res->msgs[0], "hasMasterNCs");
for (i=0; el && i<el->num_values; i++) {
nc_dn = ldb_dn_from_ldb_val(tmp_ctx, s->samdb, &el->values[i]);
if (nc_dn == NULL ||
ldb_dn_compare(ldb_get_config_basedn(s->samdb), nc_dn) == 0 ||
ldb_dn_compare(ldb_get_schema_basedn(s->samdb), nc_dn) == 0) {
continue;
}
/* it must be a domain DN, get the equivalent
DNS domain name */
dnsdomain = samdb_dn_to_dns_domain(tmp_ctx, nc_dn);
break;
}
}
if (dnsdomain != NULL) {
*target_principal = talloc_asprintf(mem_ctx,
"E3514235-4B06-11D1-AB04-00C04FC2DCD2/%s/%s",
GUID_string(tmp_ctx, &rft->source_dsa_obj_guid),
dnsdomain);
}
talloc_free(tmp_ctx);
return NT_STATUS_OK;
}
int dsdb_schema_from_ldb_results(TALLOC_CTX *mem_ctx, struct ldb_context *ldb,
struct ldb_result *schema_res,
struct ldb_result *attrs_class_res,
struct dsdb_schema **schema_out,
char **error_string)
{
WERROR status;
const struct ldb_val *prefix_val;
const struct ldb_val *info_val;
struct ldb_val info_val_default;
struct dsdb_schema *schema;
struct loadparm_context *lp_ctx = NULL;
int ret;
schema = dsdb_new_schema(mem_ctx);
if (!schema) {
dsdb_oom(error_string, mem_ctx);
return ldb_operr(ldb);
}
schema->base_dn = talloc_steal(schema, schema_res->msgs[0]->dn);
prefix_val = ldb_msg_find_ldb_val(schema_res->msgs[0], "prefixMap");
if (!prefix_val) {
*error_string = talloc_asprintf(mem_ctx,
"schema_fsmo_init: no prefixMap attribute found");
DEBUG(0,(__location__ ": %s\n", *error_string));
return LDB_ERR_CONSTRAINT_VIOLATION;
}
info_val = ldb_msg_find_ldb_val(schema_res->msgs[0], "schemaInfo");
if (!info_val) {
status = dsdb_schema_info_blob_new(mem_ctx, &info_val_default);
if (!W_ERROR_IS_OK(status)) {
*error_string = talloc_asprintf(mem_ctx,
"schema_fsmo_init: dsdb_schema_info_blob_new() failed - %s",
win_errstr(status));
DEBUG(0,(__location__ ": %s\n", *error_string));
return ldb_operr(ldb);
}
info_val = &info_val_default;
}
status = dsdb_load_oid_mappings_ldb(schema, prefix_val, info_val);
if (!W_ERROR_IS_OK(status)) {
*error_string = talloc_asprintf(mem_ctx,
"schema_fsmo_init: failed to load oid mappings: %s",
win_errstr(status));
DEBUG(0,(__location__ ": %s\n", *error_string));
return LDB_ERR_CONSTRAINT_VIOLATION;
}
ret = dsdb_load_ldb_results_into_schema(mem_ctx, ldb, schema, attrs_class_res, error_string);
if (ret != LDB_SUCCESS) {
return ret;
}
schema->fsmo.master_dn = ldb_msg_find_attr_as_dn(ldb, schema, schema_res->msgs[0], "fSMORoleOwner");
if (ldb_dn_compare(samdb_ntds_settings_dn(ldb), schema->fsmo.master_dn) == 0) {
schema->fsmo.we_are_master = true;
} else {
schema->fsmo.we_are_master = false;
}
lp_ctx = talloc_get_type(ldb_get_opaque(ldb, "loadparm"),
struct loadparm_context);
if (lp_ctx) {
bool allowed = lpcfg_parm_bool(lp_ctx, NULL,
"dsdb", "schema update allowed",
false);
schema->fsmo.update_allowed = allowed;
} else {
schema->fsmo.update_allowed = false;
}
DEBUG(5, ("schema_fsmo_init: we are master[%s] updates allowed[%s]\n",
(schema->fsmo.we_are_master?"yes":"no"),
(schema->fsmo.update_allowed?"yes":"no")));
*schema_out = schema;
return LDB_SUCCESS;
}
int dsdb_schema_from_ldb_results(TALLOC_CTX *mem_ctx, struct ldb_context *ldb,
struct ldb_result *schema_res,
struct ldb_result *attrs_res, struct ldb_result *objectclass_res,
struct dsdb_schema **schema_out,
char **error_string)
{
WERROR status;
unsigned int i;
const struct ldb_val *prefix_val;
const struct ldb_val *info_val;
struct ldb_val info_val_default;
struct dsdb_schema *schema;
schema = dsdb_new_schema(mem_ctx);
if (!schema) {
dsdb_oom(error_string, mem_ctx);
return ldb_operr(ldb);
}
schema->base_dn = talloc_steal(schema, schema_res->msgs[0]->dn);
prefix_val = ldb_msg_find_ldb_val(schema_res->msgs[0], "prefixMap");
if (!prefix_val) {
*error_string = talloc_asprintf(mem_ctx,
"schema_fsmo_init: no prefixMap attribute found");
DEBUG(0,(__location__ ": %s\n", *error_string));
return LDB_ERR_CONSTRAINT_VIOLATION;
}
info_val = ldb_msg_find_ldb_val(schema_res->msgs[0], "schemaInfo");
if (!info_val) {
status = dsdb_schema_info_blob_new(mem_ctx, &info_val_default);
if (!W_ERROR_IS_OK(status)) {
*error_string = talloc_asprintf(mem_ctx,
"schema_fsmo_init: dsdb_schema_info_blob_new() failed - %s",
win_errstr(status));
DEBUG(0,(__location__ ": %s\n", *error_string));
return ldb_operr(ldb);
}
info_val = &info_val_default;
}
status = dsdb_load_oid_mappings_ldb(schema, prefix_val, info_val);
if (!W_ERROR_IS_OK(status)) {
*error_string = talloc_asprintf(mem_ctx,
"schema_fsmo_init: failed to load oid mappings: %s",
win_errstr(status));
DEBUG(0,(__location__ ": %s\n", *error_string));
return LDB_ERR_CONSTRAINT_VIOLATION;
}
for (i=0; i < attrs_res->count; i++) {
status = dsdb_attribute_from_ldb(ldb, schema, attrs_res->msgs[i]);
if (!W_ERROR_IS_OK(status)) {
*error_string = talloc_asprintf(mem_ctx,
"schema_fsmo_init: failed to load attribute definition: %s:%s",
ldb_dn_get_linearized(attrs_res->msgs[i]->dn),
win_errstr(status));
DEBUG(0,(__location__ ": %s\n", *error_string));
return LDB_ERR_CONSTRAINT_VIOLATION;
}
}
for (i=0; i < objectclass_res->count; i++) {
status = dsdb_class_from_ldb(schema, objectclass_res->msgs[i]);
if (!W_ERROR_IS_OK(status)) {
*error_string = talloc_asprintf(mem_ctx,
"schema_fsmo_init: failed to load class definition: %s:%s",
ldb_dn_get_linearized(objectclass_res->msgs[i]->dn),
win_errstr(status));
DEBUG(0,(__location__ ": %s\n", *error_string));
return LDB_ERR_CONSTRAINT_VIOLATION;
}
}
schema->fsmo.master_dn = ldb_msg_find_attr_as_dn(ldb, schema, schema_res->msgs[0], "fSMORoleOwner");
if (ldb_dn_compare(samdb_ntds_settings_dn(ldb), schema->fsmo.master_dn) == 0) {
schema->fsmo.we_are_master = true;
} else {
schema->fsmo.we_are_master = false;
}
DEBUG(5, ("schema_fsmo_init: we are master: %s\n",
(schema->fsmo.we_are_master?"yes":"no")));
*schema_out = schema;
return LDB_SUCCESS;
}
static int ldapsrv_load_limits(struct ldapsrv_connection *conn)
{
TALLOC_CTX *tmp_ctx;
const char *attrs[] = { "configurationNamingContext", NULL };
const char *attrs2[] = { "lDAPAdminLimits", NULL };
struct ldb_message_element *el;
struct ldb_result *res = NULL;
struct ldb_dn *basedn;
struct ldb_dn *conf_dn;
struct ldb_dn *policy_dn;
int i,ret;
/* set defaults limits in case of failure */
conn->limits.initial_timeout = 120;
conn->limits.conn_idle_time = 900;
conn->limits.max_page_size = 1000;
conn->limits.search_timeout = 120;
tmp_ctx = talloc_new(conn);
if (tmp_ctx == NULL) {
return -1;
}
basedn = ldb_dn_new(tmp_ctx, conn->ldb, NULL);
if ( ! ldb_dn_validate(basedn)) {
goto failed;
}
ret = ldb_search(conn->ldb, tmp_ctx, &res, basedn, LDB_SCOPE_BASE, attrs, NULL);
if (ret != LDB_SUCCESS) {
goto failed;
}
if (res->count != 1) {
goto failed;
}
conf_dn = ldb_msg_find_attr_as_dn(conn->ldb, tmp_ctx, res->msgs[0], "configurationNamingContext");
if (conf_dn == NULL) {
goto failed;
}
policy_dn = ldb_dn_copy(tmp_ctx, conf_dn);
ldb_dn_add_child_fmt(policy_dn, "CN=Default Query Policy,CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services");
if (policy_dn == NULL) {
goto failed;
}
ret = ldb_search(conn->ldb, tmp_ctx, &res, policy_dn, LDB_SCOPE_BASE, attrs2, NULL);
if (ret != LDB_SUCCESS) {
goto failed;
}
if (res->count != 1) {
goto failed;
}
el = ldb_msg_find_element(res->msgs[0], "lDAPAdminLimits");
if (el == NULL) {
goto failed;
}
for (i = 0; i < el->num_values; i++) {
char policy_name[256];
int policy_value, s;
s = sscanf((const char *)el->values[i].data, "%255[^=]=%d", policy_name, &policy_value);
if (ret != 2 || policy_value == 0)
continue;
if (strcasecmp("InitRecvTimeout", policy_name) == 0) {
conn->limits.initial_timeout = policy_value;
continue;
}
if (strcasecmp("MaxConnIdleTime", policy_name) == 0) {
conn->limits.conn_idle_time = policy_value;
continue;
}
if (strcasecmp("MaxPageSize", policy_name) == 0) {
conn->limits.max_page_size = policy_value;
continue;
}
if (strcasecmp("MaxQueryDuration", policy_name) == 0) {
conn->limits.search_timeout = policy_value;
continue;
}
}
return 0;
failed:
DEBUG(0, ("Failed to load ldap server query policies\n"));
talloc_free(tmp_ctx);
return -1;
}
WERROR dcesrv_drsuapi_ListInfoServer(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx,
const struct drsuapi_DsNameRequest1 *req1,
struct drsuapi_DsNameCtr1 **_ctr1)
{
struct drsuapi_DsNameInfo1 *names;
struct ldb_result *res;
struct ldb_dn *server_dn, *dn;
struct drsuapi_DsNameCtr1 *ctr1;
int ret, i;
const char *str;
const char *attrs[] = {
"dn",
"dNSHostName",
"serverReference",
NULL
};
*_ctr1 = NULL;
ctr1 = talloc_zero(mem_ctx, struct drsuapi_DsNameCtr1);
W_ERROR_HAVE_NO_MEMORY(ctr1);
/*
* No magic value here, we have to return 3 entries according to the
* MS-DRSR.pdf
*/
ctr1->count = 3;
names = talloc_zero_array(ctr1, struct drsuapi_DsNameInfo1,
ctr1->count);
W_ERROR_HAVE_NO_MEMORY(names);
ctr1->array = names;
for (i=0; i < ctr1->count; i++) {
names[i].status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
}
*_ctr1 = ctr1;
if (req1->count != 1) {
DEBUG(1, ("Expected a count of 1 for the ListInfoServer crackname \n"));
return WERR_OK;
}
if (req1->names[0].str == NULL) {
return WERR_OK;
}
server_dn = ldb_dn_new(mem_ctx, sam_ctx, req1->names[0].str);
W_ERROR_HAVE_NO_MEMORY(server_dn);
ret = ldb_search(sam_ctx, mem_ctx, &res, server_dn, LDB_SCOPE_ONELEVEL,
NULL, "(objectClass=nTDSDSA)");
if (ret != LDB_SUCCESS) {
DEBUG(1, ("Search for objectClass=nTDSDSA "
"returned less than 1 objects\n"));
return WERR_OK;
}
if (res->count != 1) {
DEBUG(1, ("Search for objectClass=nTDSDSA "
"returned less than 1 objects\n"));
return WERR_OK;
}
if (res->msgs[0]->dn) {
names[0].result_name = ldb_dn_alloc_linearized(names, res->msgs[0]->dn);
W_ERROR_HAVE_NO_MEMORY(names[0].result_name);
names[0].status = DRSUAPI_DS_NAME_STATUS_OK;
}
talloc_free(res);
ret = ldb_search(sam_ctx, mem_ctx, &res, server_dn, LDB_SCOPE_BASE,
attrs, "(objectClass=*)");
if (ret != LDB_SUCCESS) {
DEBUG(1, ("Search for objectClass=* on dn %s"
"returned %s\n", req1->names[0].str,
ldb_strerror(ret)));
return WERR_OK;
}
if (res->count != 1) {
DEBUG(1, ("Search for objectClass=* on dn %s"
"returned less than 1 objects\n", req1->names[0].str));
return WERR_OK;
}
str = ldb_msg_find_attr_as_string(res->msgs[0], "dNSHostName", NULL);
if (str != NULL) {
names[1].result_name = talloc_strdup(names, str);
W_ERROR_HAVE_NO_MEMORY(names[1].result_name);
names[1].status = DRSUAPI_DS_NAME_STATUS_OK;
}
dn = ldb_msg_find_attr_as_dn(sam_ctx, mem_ctx, res->msgs[0], "serverReference");
if (dn != NULL) {
names[2].result_name = ldb_dn_alloc_linearized(names, dn);
W_ERROR_HAVE_NO_MEMORY(names[2].result_name);
names[2].status = DRSUAPI_DS_NAME_STATUS_OK;
}
talloc_free(dn);
talloc_free(res);
return WERR_OK;
}
