Exemple #1
0
BOOLEAN
VmDirEntryIsObjectclass(
    PVDIR_ENTRY     pEntry,
    PCSTR           pszOCName
    )
{
    BOOLEAN             bResult = FALSE;
    unsigned int        iCnt = 0;

    if (pEntry && pszOCName)
    {
        PVDIR_ATTRIBUTE     pAttrOC = VmDirFindAttrByName(pEntry, ATTR_OBJECT_CLASS);

        for (iCnt = 0; (pAttrOC != NULL) && (iCnt < pAttrOC->numVals); iCnt++)
        {
            if (VmDirStringCompareA( pAttrOC->vals[iCnt].lberbv.bv_val, pszOCName, FALSE) == 0)
            {
                bResult = TRUE;
                break;
            }
        }
    }

    return bResult;
}
Exemple #2
0
/*
 * Called during entry add
 *
 *  grouptype :
 *
        http://msdn.microsoft.com/en-us/library/windows/desktop/ms675935%28v=vs.85%29.aspx
        Value   Description
        1 (0x00000001)  Specifies a group that is created by the system.
        2 (0x00000002)  Specifies a group with global scope.
        4 (0x00000004)  Specifies a group with domain local scope.
        8 (0x00000008)  Specifies a group with universal scope.
        16 (0x00000010) Specifies an APP_BASIC group for Windows Server Authorization Manager.
        32 (0x00000020) Specifies an APP_QUERY group for Windows Server Authorization Manager.
        2147483648 (0x80000000) Specifies a security group. If this flag is not set, then the group is a distribution group.

    Currently, Lotus only supports global scope (2).
 */
DWORD
VmDirPluginGroupTypePreAdd(
    PVDIR_OPERATION  pOperation,
    PVDIR_ENTRY      pEntry,
    DWORD            dwPriorResult
    )
{
    DWORD               dwError = 0;
    PSTR                pszLocalErrorMsg = NULL;

    if ( pOperation->opType != VDIR_OPERATION_TYPE_REPL
         &&
         TRUE == VmDirIsEntryWithObjectclass(pEntry, OC_GROUP)
       )
    {
        PVDIR_ATTRIBUTE pAttrGroupType = VmDirFindAttrByName(pEntry, ATTR_GROUPTYPE);

        if (pAttrGroupType == NULL)
        {
            dwError = VmDirEntryAddSingleValueStrAttribute(pEntry, ATTR_GROUPTYPE, GROUPTYPE_GLOBAL_SCOPE);
            BAIL_ON_VMDIR_ERROR(dwError);
        }
        else
        {
            if ( pAttrGroupType->numVals != 1       // grouptype is a single value attribute
                 ||
                 VmDirStringCompareA( VDIR_SAFE_STRING( pAttrGroupType->vals[0].lberbv.bv_val),
                                       GROUPTYPE_GLOBAL_SCOPE, FALSE) != 0
               )
            {
                dwError = ERROR_INVALID_ENTRY;
                BAIL_ON_VMDIR_ERROR_WITH_MSG( dwError, pszLocalErrorMsg, "invalid or unsupported grouptype (%s)",
                                              VDIR_SAFE_STRING( pAttrGroupType->vals[0].lberbv.bv_val));
            }
        }
    }

cleanup:

    VMDIR_SAFE_FREE_MEMORY(pszLocalErrorMsg);

    return dwError;

error:

    VmDirLog( LDAP_DEBUG_ANY, "Group check: (%d)(%s)", dwError, VDIR_SAFE_STRING(pszLocalErrorMsg));

    VMDIR_APPEND_ERROR_MSG(pOperation->ldapResult.pszErrMsg, pszLocalErrorMsg);

    goto cleanup;
}
Exemple #3
0
/*
 * Set SRP Identifier's secret on existing entry with Password set
 */
DWORD
VmDirSRPSetIdentityData(
    PCSTR       pszUPN,
    PCSTR       pszClearTextPassword
    )
{
    DWORD               dwError = 0;
    VDIR_OPERATION      op = {0};
    PSTR                pszLocalErrMsg = NULL;
    VDIR_ENTRY_ARRAY    entryArray = {0};
    PVDIR_ENTRY         pEntry = NULL;
    PVDIR_ATTRIBUTE     pAttrSecret = NULL;
    VDIR_BERVALUE       bvUPN = VDIR_BERVALUE_INIT;
    VDIR_BERVALUE       bvClearTextPassword = VDIR_BERVALUE_INIT;
    VDIR_BERVALUE       bervSecretBlob = VDIR_BERVALUE_INIT;


    if ( IsNullOrEmptyString(pszUPN)    ||
         IsNullOrEmptyString(pszClearTextPassword)
        )
    {
        dwError = VMDIR_ERROR_INVALID_PARAMETER;
        BAIL_ON_VMDIR_ERROR(dwError);
    }

    bvUPN.lberbv_val = (PSTR)pszUPN;
    bvUPN.lberbv_len = VmDirStringLenA(pszUPN);

    bvClearTextPassword.lberbv_val = (PSTR)pszClearTextPassword;
    bvClearTextPassword.lberbv_len = VmDirStringLenA(pszClearTextPassword);

    dwError = VmDirSimpleEqualFilterInternalSearch(
                    "",
                    LDAP_SCOPE_SUBTREE,
                    ATTR_KRB_UPN,
                    pszUPN,
                    &entryArray);
    BAIL_ON_VMDIR_ERROR(dwError);

    if (entryArray.iSize == 1)
    {
        pAttrSecret = VmDirFindAttrByName(&(entryArray.pEntry[0]), ATTR_SRP_SECRET);
        if (pAttrSecret)
        {
            dwError = VMDIR_ERROR_ENTRY_ALREADY_EXIST;
            BAIL_ON_VMDIR_ERROR(dwError);
        }
    }
    else
    {
        dwError = VMDIR_ERROR_DATA_CONSTRAINT_VIOLATION;
        BAIL_ON_VMDIR_ERROR(dwError);
    }

    pEntry = &(entryArray.pEntry[0]);

    dwError = VdirPasswordCheck(&bvClearTextPassword, pEntry);
    BAIL_ON_VMDIR_ERROR(dwError);

    dwError = VmDirSRPCreateSecret(&bvUPN, &bvClearTextPassword, &bervSecretBlob);
    BAIL_ON_VMDIR_ERROR(dwError);


    if (pEntry->allocType == ENTRY_STORAGE_FORMAT_PACK)
    {
        dwError = VmDirEntryUnpack( pEntry );
        BAIL_ON_VMDIR_ERROR(dwError);
    }

    dwError = VmDirInitStackOperation( &op, VDIR_OPERATION_TYPE_INTERNAL, LDAP_REQ_MODIFY, NULL);
    BAIL_ON_VMDIR_ERROR_WITH_MSG(dwError, pszLocalErrMsg, "VmDirSRPSetIdentityData: VmDirInitStackOperation failed: %u", dwError);

    op.pBEIF = VmDirBackendSelect(NULL);
    assert(op.pBEIF);

    op.reqDn.lberbv.bv_val = pEntry->dn.lberbv.bv_val;
    op.reqDn.lberbv.bv_len = pEntry->dn.lberbv.bv_len;
    op.request.modifyReq.dn.lberbv = op.reqDn.lberbv;

    dwError = VmDirAppendAMod( &op,
                               MOD_OP_ADD,
                               ATTR_SRP_SECRET,
                               ATTR_SRP_SECRET_LEN,
                               bervSecretBlob.lberbv_val,
                               bervSecretBlob.lberbv_len);
    BAIL_ON_VMDIR_ERROR(dwError);

    dwError = VmDirInternalModifyEntry(&op);
    BAIL_ON_VMDIR_ERROR(dwError);

cleanup:

    VmDirFreeBervalContent(&bervSecretBlob);
    VmDirFreeEntryArrayContent(&entryArray);
    VmDirFreeOperationContent(&op);
    return dwError;

error:

    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
                     "VmDirSRPSetIdentityData (%s) failed, (%u)", VDIR_SAFE_STRING(pszUPN), dwError);
    goto cleanup;
}
Exemple #4
0
/*
 * Retrieve SRP Identifier's secret and salt
 */
DWORD
VmDirSRPGetIdentityData(
    PCSTR       pszUPN,
    PBYTE*      ppByteSecret,
    DWORD*      pdwSecretLen
    )
{
    DWORD               dwError = 0;
    PVDIR_ATTRIBUTE     pAttrSecret = NULL;
    VDIR_ENTRY_ARRAY    entryArray = {0};
    PBYTE               pLocalSecret = NULL;

    if ( IsNullOrEmptyString(pszUPN)    ||
         ppByteSecret == NULL           ||
         pdwSecretLen == NULL
        )
    {
        dwError = VMDIR_ERROR_INVALID_PARAMETER;
        BAIL_ON_VMDIR_ERROR(dwError);
    }

    dwError = VmDirSimpleEqualFilterInternalSearch(
                    "",
                    LDAP_SCOPE_SUBTREE,
                    ATTR_KRB_UPN,
                    pszUPN,
                    &entryArray);
    BAIL_ON_VMDIR_ERROR(dwError);

    if (entryArray.iSize == 1)
    {
        pAttrSecret = VmDirFindAttrByName(&(entryArray.pEntry[0]), ATTR_SRP_SECRET);
        if (!pAttrSecret)
        {
            dwError = VMDIR_ERROR_NO_SUCH_ATTRIBUTE;
            BAIL_ON_VMDIR_ERROR(dwError);
        }

        dwError = VmDirAllocateAndCopyMemory(   pAttrSecret->vals[0].lberbv_val,
                                                pAttrSecret->vals[0].lberbv_len,
                                                (PVOID*)&pLocalSecret);
        BAIL_ON_VMDIR_ERROR(dwError);
    }
    else if (entryArray.iSize == 0)
    {
        dwError = VMDIR_ERROR_ENTRY_NOT_FOUND;
        BAIL_ON_VMDIR_ERROR(dwError);
    }
    else
    {
        dwError = VMDIR_ERROR_DATA_CONSTRAINT_VIOLATION;
        BAIL_ON_VMDIR_ERROR(dwError);
    }

    *ppByteSecret = pLocalSecret;
    *pdwSecretLen = (DWORD) (pAttrSecret->vals[0].lberbv_len);

cleanup:

    VmDirFreeEntryArrayContent(&entryArray);

    return dwError;

error:

    VMDIR_SAFE_FREE_MEMORY( pLocalSecret );

    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
                     "VmDirSRPGetIdentityData (%s) failed, (%u)", VDIR_SAFE_STRING(pszUPN), dwError);
    goto cleanup;
}
Exemple #5
0
DWORD
VmDirEntryIsAttrAllowed(
    PVDIR_ENTRY pEntry,
    PSTR        pszAttrName,
    PBOOLEAN    pbMust,
    PBOOLEAN    pbMay
    )
{
    DWORD   dwError = 0;
    DWORD   i = 0;
    PVDIR_ATTRIBUTE         pAttrOC = NULL;
    PVDIR_SCHEMA_OC_DESC    pOCDesc = NULL;
    PLW_HASHMAP pAllMustAttrMap = NULL;
    PLW_HASHMAP pAllMayAttrMap = NULL;

    if (!pEntry || IsNullOrEmptyString(pszAttrName))
    {
        dwError = VMDIR_ERROR_INVALID_PARAMETER;
        BAIL_ON_VMDIR_ERROR(dwError);
    }

    dwError = LwRtlCreateHashMap(&pAllMustAttrMap,
            LwRtlHashDigestPstrCaseless,
            LwRtlHashEqualPstrCaseless,
            NULL);
    BAIL_ON_VMDIR_ERROR(dwError);

    dwError = LwRtlCreateHashMap(&pAllMayAttrMap,
            LwRtlHashDigestPstrCaseless,
            LwRtlHashEqualPstrCaseless,
            NULL);
    BAIL_ON_VMDIR_ERROR(dwError);

    pAttrOC = VmDirFindAttrByName(pEntry, ATTR_OBJECT_CLASS);

    for (i = 0; pAttrOC && i < pAttrOC->numVals; i++)
    {
        dwError = VmDirSchemaOCNameToDescriptor(
                pEntry->pSchemaCtx, pAttrOC->vals[i].lberbv.bv_val, &pOCDesc);
        BAIL_ON_VMDIR_ERROR(dwError);

        dwError = VmDirSchemaClassGetAllMustAttrs(
                pEntry->pSchemaCtx, pOCDesc, pAllMustAttrMap);
        BAIL_ON_VMDIR_ERROR(dwError);

        dwError = VmDirSchemaClassGetAllMayAttrs(
                pEntry->pSchemaCtx, pOCDesc, pAllMayAttrMap);
        BAIL_ON_VMDIR_ERROR(dwError);
    }

    if (pbMust)
    {
        *pbMust = FALSE;
        if (LwRtlHashMapFindKey(pAllMustAttrMap, NULL, pszAttrName) == 0)
        {
            *pbMust = TRUE;
        }
    }

    if (pbMay)
    {
        *pbMay = FALSE;
        if (LwRtlHashMapFindKey(pAllMayAttrMap, NULL, pszAttrName) == 0)
        {
            *pbMay = TRUE;
        }
    }

cleanup:
    LwRtlHashMapClear(pAllMustAttrMap, VmDirNoopHashMapPairFree, NULL);
    LwRtlFreeHashMap(&pAllMustAttrMap);
    LwRtlHashMapClear(pAllMayAttrMap, VmDirNoopHashMapPairFree, NULL);
    LwRtlFreeHashMap(&pAllMayAttrMap);
    return dwError;

error:
    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
            "%s failed, error (%d)", __FUNCTION__, dwError );

    goto cleanup;
}
Exemple #6
0
/* This function re-instantiates the current vmdir instance with a
 * foreign (MDB) database file. It is triggered by running vdcadmintool
 * with option 8.  Before this action, a foreign database files must be copied
 * onto diretory mdb_home_dir/partner/ which may include mdb WAL files under
 * xlogs/. See PR 1995325 for the functional spec and use cases.
 */
DWORD
VmDirSrvServerReset(
    PDWORD pServerResetState
    )
{
    int i = 0;
    DWORD dwError = 0;
    VDIR_ENTRY_ARRAY entryArray = {0};
    const char  *dbHomeDir = VMDIR_DB_DIR;
    PVDIR_SCHEMA_CTX pSchemaCtx = NULL;
    BOOLEAN bWriteInvocationId = FALSE;
    PSTR pszConfigurationContainerDn = NULL;
    PSTR pszDomainControllerContainerDn = NULL;
    PSTR pszManagedServiceAccountContainerDn = NULL;
    DEQUE computers = {0};
    PSTR pszComputer = NULL;
    PVDIR_ATTRIBUTE pAttrUPN = NULL;
    BOOLEAN bMdbWalEnable = FALSE;

    VmDirGetMdbWalEnable(&bMdbWalEnable);

    //swap current vmdir database file with the foriegn one under partner/
    dwError = _VmDirSwapDB(dbHomeDir, bMdbWalEnable);
    BAIL_ON_VMDIR_ERROR(dwError);

    //Delete Computers (domain controller accounts) under Domain Controller container
    dwError = VmDirAllocateStringPrintf(&pszDomainControllerContainerDn, "ou=%s,%s",
                VMDIR_DOMAIN_CONTROLLERS_RDN_VAL, gVmdirServerGlobals.systemDomainDN.lberbv_val);
    BAIL_ON_VMDIR_ERROR(dwError);

    dwError = VmDirSimpleEqualFilterInternalSearch(pszDomainControllerContainerDn, LDAP_SCOPE_ONE,
                ATTR_OBJECT_CLASS, OC_COMPUTER, &entryArray);
    BAIL_ON_VMDIR_ERROR(dwError);

    if(entryArray.iSize > 0)
    {
        for (i = 0; i < entryArray.iSize; i++)
        {
            pAttrUPN = VmDirFindAttrByName(&entryArray.pEntry[i], ATTR_KRB_UPN);
            if (pAttrUPN)
            {
               PSTR pPc = NULL;
               dwError = VmDirAllocateStringA(pAttrUPN->vals[0].lberbv_val, &pPc);
               dequePush(&computers, pPc);
            }
            dwError = VmDirDeleteEntry(&entryArray.pEntry[i]);
            BAIL_ON_VMDIR_ERROR(dwError);
        }
    }
    VmDirFreeEntryArrayContent(&entryArray);

    /* Delete all entries in the subtree under Configuration container
     *  (e.g. under cn=Configuration,dc=vmware,dc=com).
     * This will remove the old replication topology
     */
    dwError = VmDirAllocateStringPrintf(&pszConfigurationContainerDn, "cn=%s,%s",
                VMDIR_CONFIGURATION_CONTAINER_NAME, gVmdirServerGlobals.systemDomainDN.lberbv_val);
    BAIL_ON_VMDIR_ERROR(dwError);

    dwError = VmDirSimpleEqualFilterInternalSearch(pszConfigurationContainerDn, LDAP_SCOPE_SUBTREE,
                ATTR_OBJECT_CLASS, OC_DIR_SERVER, &entryArray);
    BAIL_ON_VMDIR_ERROR(dwError);

    if (entryArray.iSize > 0)
    {
        for (i = 0; i < entryArray.iSize; i++)
        {
            /* Delete all replication agreement entries for a server and
             * the server it self under the configuration/site container
             */
            dwError = VmDirInternalDeleteTree(entryArray.pEntry[i].dn.lberbv_val);
            BAIL_ON_VMDIR_ERROR(dwError);
        }
    }
    VmDirFreeEntryArrayContent(&entryArray);

    //Delete ManagedServiceAccount entries that are associated with any of the domain controllers

    dwError = VmDirAllocateStringPrintf(&pszManagedServiceAccountContainerDn, "cn=%s,%s",
                VMDIR_MSAS_RDN_VAL, gVmdirServerGlobals.systemDomainDN.lberbv_val);
    BAIL_ON_VMDIR_ERROR(dwError);

    dwError = VmDirSimpleEqualFilterInternalSearch(pszManagedServiceAccountContainerDn, LDAP_SCOPE_ONE,
                ATTR_OBJECT_CLASS, OC_MANAGED_SERVICE_ACCOUNT, &entryArray);
    BAIL_ON_VMDIR_ERROR(dwError);

    if (entryArray.iSize > 0)
    {
        for (i = 0; i < entryArray.iSize; i++)
        {
            PDEQUE_NODE p = NULL;
            pAttrUPN = VmDirFindAttrByName(&entryArray.pEntry[i], ATTR_KRB_UPN);
            for(p = computers.pHead; p != NULL; p = p->pNext)
            {
                if (VmDirStringCaseStrA(pAttrUPN->vals[0].lberbv_val, p->pElement) != NULL)
                {
                    dwError = VmDirDeleteEntry(&entryArray.pEntry[i]);
                    BAIL_ON_VMDIR_ERROR(dwError);
                    break;
                }
            }
        }
    }

    dwError = VmDirSchemaCtxAcquire(&pSchemaCtx );
    BAIL_ON_VMDIR_ERROR(dwError);

    dwError = VmDirSrvCreateServerObj(pSchemaCtx);
    BAIL_ON_VMDIR_ERROR(dwError);

    //Create server and replication entries for the current instance
    // on top of the (cleaned up) foreign database.
    dwError = VmDirSrvCreateReplAgrsContainer(pSchemaCtx);
    BAIL_ON_VMDIR_ERROR(dwError);

    dwError = _VmDirPatchDSERoot(pSchemaCtx);
    BAIL_ON_VMDIR_ERROR(dwError);

    VmDirSchemaCtxRelease(pSchemaCtx);
    pSchemaCtx = NULL;

    dwError = LoadServerGlobals(&bWriteInvocationId);
    BAIL_ON_VMDIR_ERROR(dwError);

cleanup:
    if (pSchemaCtx)
    {
        VmDirSchemaCtxRelease(pSchemaCtx);
    }

    VmDirFreeEntryArrayContent(&entryArray);

    VMDIR_SAFE_FREE_MEMORY(pszConfigurationContainerDn);
    VMDIR_SAFE_FREE_MEMORY(pszDomainControllerContainerDn);

    while(!dequeIsEmpty(&computers))
    {
        dequePopLeft(&computers, (PVOID*)&pszComputer);
        VMDIR_SAFE_FREE_MEMORY(pszComputer);
    }
    return dwError;

error:
    goto cleanup;
}
/*
 * Tweak indices entry to append building flag to newly added values.
 * e.g. user add a new index attribute "myuid eq unique"
 * we want to save it as "myuid eq unique (buildingflag)" instead.
 */
DWORD
VdirIndexingEntryAppendFlag(
    VDIR_MODIFICATION*   pMods,
    PVDIR_ENTRY          pEntry)
{
    DWORD   dwError = 0;
    DWORD   dwCnt = 0;
    PSTR    pszNewStr = NULL;
    PVDIR_ATTRIBUTE  pAttr = NULL;

    assert(pMods && pEntry && pEntry->allocType == ENTRY_STORAGE_FORMAT_NORMAL);


    // unpack entry, so we can manipulate its contents.
    dwError = VmDirEntryUnpack(pEntry);
    BAIL_ON_VMDIR_ERROR(dwError);

    pAttr = VmDirFindAttrByName(pEntry, ATTR_INDEX_DESC);
    if (!pAttr)
    {
        dwError = ERROR_INVALID_ENTRY;
        BAIL_ON_VMDIR_ERROR(dwError);
    }

    for (dwCnt = 0; dwCnt < pAttr->numVals; dwCnt++)
    {
        DWORD iIdx = 0;
        for (iIdx = 0; iIdx < pMods->attr.numVals; iIdx++)
        {
            if (0 == VmDirStringCompareA(pAttr->vals[dwCnt].lberbv.bv_val, pMods->attr.vals[iIdx].lberbv.bv_val, FALSE))
            {
                dwError = VmDirAllocateStringAVsnprintf(
                              &pszNewStr,
                              "%s %s",
                              pAttr->vals[dwCnt].lberbv.bv_val,
                              ATTR_INDEX_BUILDING_FLAG);
                BAIL_ON_VMDIR_ERROR(dwError);

                VmDirFreeBervalArrayContent(&pAttr->vals[dwCnt], 1);

                pAttr->vals[dwCnt].lberbv.bv_val = pszNewStr;
                pszNewStr = NULL;
                pAttr->vals[dwCnt].bOwnBvVal = TRUE;
                pAttr->vals[dwCnt].lberbv.bv_len = VmDirStringLenA(pAttr->vals[dwCnt].lberbv.bv_val);

                dwError = VmDirSchemaBervalNormalize(
                              pEntry->pSchemaCtx,
                              pAttr->pATDesc,
                              &pAttr->vals[dwCnt]);
                BAIL_ON_VMDIR_ERROR(dwError);
            }
        }
    }

cleanup:

    return dwError;

error:

    VMDIR_SAFE_FREE_MEMORY(pszNewStr);

    goto cleanup;
}
Exemple #8
0
static
DWORD
_VmKdcGetKrbUPNKey(
    PSTR        pszUpnName,
    PBYTE*      ppKeyBlob,
    DWORD*      pSize
    )
{
    DWORD               dwError = 0;
    PVDIR_ATTRIBUTE     pKrbUPNKey = NULL;
    PBYTE               pRetUPNKey = NULL;
    VDIR_ENTRY_ARRAY    entryArray = {0};

    if (IsNullOrEmptyString(pszUpnName)
        || !ppKeyBlob
        || !pSize
       )
    {
        dwError = ERROR_INVALID_PARAMETER;
        BAIL_ON_VMKDC_ERROR(dwError);
    }

    dwError = VmDirSimpleEqualFilterInternalSearch(
                    "",
                    LDAP_SCOPE_SUBTREE,
                    ATTR_KRB_UPN,
                    pszUpnName,
                    &entryArray);
    BAIL_ON_VMKDC_ERROR(dwError);

    if (entryArray.iSize == 1)
    {
        pKrbUPNKey = VmDirFindAttrByName(&(entryArray.pEntry[0]), ATTR_KRB_PRINCIPAL_KEY);

        if (!pKrbUPNKey)
        {
            dwError = ERROR_NO_PRINC;
            BAIL_ON_VMKDC_ERROR(dwError);
        }

        dwError = VmDirAllocateAndCopyMemory(
                        pKrbUPNKey->vals[0].lberbv.bv_val,
                        pKrbUPNKey->vals[0].lberbv.bv_len,
                        (PVOID*)& pRetUPNKey
                        );
        BAIL_ON_VMKDC_ERROR(dwError);

        *ppKeyBlob = pRetUPNKey;
        *pSize     = (DWORD) pKrbUPNKey->vals[0].lberbv.bv_len;
        pRetUPNKey = NULL;
    }
    else
    {
        dwError = ERROR_NO_PRINC;
        BAIL_ON_VMKDC_ERROR(dwError);
    }

cleanup:

    VmDirFreeEntryArrayContent(&entryArray);

    return dwError;

error:

    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "_VmKdcGetKrbUPNKey: failed (%u)(%s)", dwError, VDIR_SAFE_STRING(pszUpnName));

    VMKDC_SAFE_FREE_MEMORY(pRetUPNKey);

    // keep error code space to KDC specific
    dwError = ERROR_NO_PRINC;

    goto cleanup;

}
Exemple #9
0
DWORD
VmDirGetKrbUPNKey(
    PSTR        pszUpnName,
    PBYTE*      ppKeyBlob,
    DWORD*      pSize
)
{
    DWORD               dwError = 0;
    PVDIR_ATTRIBUTE     pKrbUPNKey = NULL;
    PBYTE               pRetUPNKey = NULL;
    VDIR_ENTRY_ARRAY    entryArray = {0};

    if (IsNullOrEmptyString(pszUpnName)
        || !ppKeyBlob
        || !pSize
       )
    {
        dwError = VMDIR_ERROR_INVALID_PARAMETER;
        BAIL_ON_VMDIR_ERROR(dwError);
    }

    dwError = VmDirSimpleEqualFilterInternalSearch(
                    "",
                    LDAP_SCOPE_SUBTREE,
                    ATTR_KRB_UPN,
                    pszUpnName,
                    &entryArray);
    BAIL_ON_VMDIR_ERROR(dwError);

    if (entryArray.iSize == 1)
    {
        pKrbUPNKey = VmDirFindAttrByName(&(entryArray.pEntry[0]), ATTR_KRB_PRINCIPAL_KEY);

        if (!pKrbUPNKey)
        {
            dwError = VMDIR_ERROR_NO_SUCH_ATTRIBUTE;
            BAIL_ON_VMDIR_ERROR(dwError);
        }

        dwError = VmDirAllocateMemory(
                            pKrbUPNKey->vals[0].lberbv.bv_len,
                            (PVOID*)&pRetUPNKey
                            );
        BAIL_ON_VMDIR_ERROR(dwError);

        dwError = VmDirCopyMemory(
                        pRetUPNKey,
                        pKrbUPNKey->vals[0].lberbv.bv_len,
                        pKrbUPNKey->vals[0].lberbv.bv_val,
                        pKrbUPNKey->vals[0].lberbv.bv_len
                        );
        BAIL_ON_VMDIR_ERROR(dwError);

        *ppKeyBlob = pRetUPNKey;
        *pSize     = (DWORD) pKrbUPNKey->vals[0].lberbv.bv_len;
        pRetUPNKey = NULL;
    }
    else
    {
        dwError = VMDIR_ERROR_ENTRY_NOT_FOUND;
        BAIL_ON_VMDIR_ERROR(dwError);
    }

cleanup:

    VmDirFreeEntryArrayContent(&entryArray);

    return dwError;

error:

    VMDIR_LOG_ERROR( LDAP_DEBUG_RPC, "VmDirGetKrbUPNKey failed. (%u)(%s)",
                                     dwError, VDIR_SAFE_STRING(pszUpnName));
    VMDIR_SAFE_FREE_MEMORY(pRetUPNKey);

    goto cleanup;

}
Exemple #10
0
int
VmDirApplyModsToEntryStruct(
    PVDIR_SCHEMA_CTX    pSchemaCtx,
    ModifyReq *         modReq,
    PVDIR_ENTRY         pEntry,
    PBOOLEAN            pbDnModified,
    PSTR*               ppszErrorMsg
    )
{
    int                 retVal = LDAP_SUCCESS;
    VDIR_MODIFICATION * currMod = NULL;
    VDIR_MODIFICATION * prevMod = NULL;
    PSTR                pszLocalErrorMsg = NULL;

    if (pSchemaCtx == NULL || modReq == NULL || pEntry == NULL || ppszErrorMsg == NULL)
    {
        retVal = VMDIR_ERROR_INVALID_PARAMETER;
        BAIL_ON_VMDIR_ERROR(retVal);
    }

    if (pEntry->allocType == ENTRY_STORAGE_FORMAT_PACK)
    {
        retVal = VmDirEntryUnpack(pEntry);
        BAIL_ON_VMDIR_ERROR_WITH_MSG(retVal, (pszLocalErrorMsg),
                                        "EntryUnpack failed failed (%s)",
                                        VDIR_SAFE_STRING(pEntry->dn.lberbv.bv_val));
    }

    for (currMod = modReq->mods; currMod != NULL; )
    {
        switch (currMod->operation)
        {
            case MOD_OP_ADD:
            {
                PVDIR_ATTRIBUTE attr = VmDirFindAttrByName(pEntry, currMod->attr.type.lberbv.bv_val);

                if (attr == NULL) // New attribute case
                {
                    retVal = AddAttrToEntryStruct(pEntry, &(currMod->attr));
                    BAIL_ON_VMDIR_ERROR_WITH_MSG(retVal, (pszLocalErrorMsg),
                                                    "AddAttrToEntryStruct failed (%s)",
                                                    VDIR_SAFE_STRING(currMod->attr.type.lberbv.bv_val));
                }
                else // Add values to an existing attribute case.
                {
                    retVal = CheckIfAnAttrValAlreadyExists(pSchemaCtx, attr, &(currMod->attr), &pszLocalErrorMsg);
                    BAIL_ON_VMDIR_ERROR(retVal);

                    retVal = AddAttrValsToEntryStruct(pEntry, attr, &(currMod->attr), &pszLocalErrorMsg);
                    BAIL_ON_VMDIR_ERROR(retVal);
                }
                prevMod = currMod;
                currMod = currMod->next;
                break;
            }
            case MOD_OP_DELETE:
            {
                PVDIR_ATTRIBUTE attr = VmDirFindAttrByName(pEntry, currMod->attr.type.lberbv.bv_val);
                if (attr == NULL) // Attribute to be deleted does not exist in the entry
                {
                    if (currMod->attr.numVals == 0) // If whole attribute is to be deleted, ignore this mod.
                    {
                        currMod->ignore = TRUE;
                    }
                    else // If some specific attribute values are to be deleted from the attribute => error case
                    {
                        retVal = VMDIR_ERROR_NO_SUCH_ATTRIBUTE;
                        BAIL_ON_VMDIR_ERROR_WITH_MSG(retVal, (pszLocalErrorMsg),
                                                        "Attribute (%s) being deleted does not exists.",
                                                        VDIR_SAFE_STRING(currMod->attr.type.lberbv.bv_val));
                    }
                }
                else
                {
                    retVal = DelAttrValsFromEntryStruct(pSchemaCtx, pEntry, &(currMod->attr), &pszLocalErrorMsg);
                    if ((retVal == VMDIR_ERROR_NO_SUCH_ATTRIBUTE) &&
                        (VmDirStringCompareA(currMod->attr.type.lberbv.bv_val, ATTR_USER_PASSWORD, FALSE) == 0))
                    {   // for user password change, the old password supplied != existing record
                        retVal = VMDIR_ERROR_USER_INVALID_CREDENTIAL;
                    }
                    BAIL_ON_VMDIR_ERROR(retVal);
                }
                prevMod = currMod;
                currMod = currMod->next;
                break;
            }
            case MOD_OP_REPLACE:
            {
                // RFC 4511: Section 4.6:
                //  replace: replace all existing values of the modification attribute with the new values listed,
                //  creating the attribute if it did not already exist. A replace with no value will delete the entire
                // attribute if it exists, and it is ignored if the attribute does not exist.

                if (currMod->attr.numVals == 0)
                {
                    currMod->operation = MOD_OP_DELETE;
                    continue; // re-process the current altered modification
                }
                else
                {
                    VDIR_MODIFICATION * newDelMod = NULL;
                    PVDIR_ATTRIBUTE attr = VmDirFindAttrByName(pEntry, currMod->attr.type.lberbv.bv_val);

                    if (attr == NULL) // New attribute case
                    {
                        currMod->operation = MOD_OP_ADD;
                        continue; // re-process the current altered modification
                    }
                    else // Real replace attribute values case
                    {
                        // If DN is being modified, may need to re-parent
                        if (VmDirStringCompareA(attr->type.lberbv.bv_val, ATTR_DN, FALSE) == 0)
                        {
                            if (pbDnModified)
                            {
                                *pbDnModified = TRUE;
                            }

                            retVal = GenerateNewParent(pEntry, &(currMod->attr));
                            BAIL_ON_VMDIR_ERROR(retVal);
                        }

                        // Setup Delete attribute and Add attribute mods. Change currMod->operation to ADD, and
                        // insert a DELETE mod for this attribute before this mod.

                        currMod->operation = MOD_OP_ADD;

                        retVal = VmDirAllocateMemory(sizeof(VDIR_MODIFICATION), (PVOID *)&newDelMod);
                        BAIL_ON_VMDIR_ERROR_WITH_MSG(retVal, (pszLocalErrorMsg), "no memory");

                        newDelMod->operation = MOD_OP_DELETE;
                        newDelMod->attr.pATDesc = currMod->attr.pATDesc;
                        newDelMod->attr.type.lberbv.bv_val = currMod->attr.type.lberbv.bv_val;
                        newDelMod->attr.type.lberbv.bv_len = currMod->attr.type.lberbv.bv_len;
                        newDelMod->next = currMod;

                        currMod = newDelMod;

                        if (prevMod == NULL)
                        {
                            modReq->mods = currMod;
                        }
                        else
                        {
                            prevMod->next = currMod;
                        }
                        continue;
                    }
                }
                break;
            }
            default:
                assert(FALSE);
        }
    }

cleanup:

    if (ppszErrorMsg)
    {
        *ppszErrorMsg = pszLocalErrorMsg;
    }
    else
    {
        VMDIR_SAFE_FREE_MEMORY(pszLocalErrorMsg);
    }

    return retVal;

error:

    goto cleanup;
}