/*
post process a search result record. For any search_sub[] attributes that were
asked for, we need to call the appropriate copy routine to copy the result
into the message, then remove any attributes that we added to the search but
were not asked for by the user
*/
static int operational_search_post_process(struct ldb_module *module,
struct ldb_message *msg,
const char * const *attrs)
{
struct ldb_context *ldb;
int i, a=0;
ldb = ldb_module_get_ctx(module);
for (a=0;attrs && attrs[a];a++) {
for (i=0;i<ARRAY_SIZE(search_sub);i++) {
if (ldb_attr_cmp(attrs[a], search_sub[i].attr) != 0) {
continue;
}
/* construct the new attribute, using either a supplied
constructor or a simple copy */
if (search_sub[i].constructor) {
if (search_sub[i].constructor(module, msg) != 0) {
goto failed;
}
} else if (ldb_msg_copy_attr(msg,
search_sub[i].replace,
search_sub[i].attr) != 0) {
goto failed;
}
/* remove the added search attribute, unless it was
asked for by the user */
if (search_sub[i].replace == NULL ||
ldb_attr_in_list(attrs, search_sub[i].replace) ||
ldb_attr_in_list(attrs, "*")) {
continue;
}
ldb_msg_remove_attr(msg, search_sub[i].replace);
}
}
return 0;
failed:
ldb_debug_set(ldb, LDB_DEBUG_WARNING,
"operational_search_post_process failed for attribute '%s'",
attrs[a]);
return -1;
}
static int wins_ldb_verify(struct ldb_module *module, struct ldb_request *req)
{
struct ldb_context *ldb = ldb_module_get_ctx(module);
struct winsdb_handle *h = talloc_get_type(ldb_get_opaque(ldb, "winsdb_handle"),
struct winsdb_handle);
const struct ldb_message *msg;
switch (req->operation) {
case LDB_ADD:
msg = req->op.add.message;
break;
case LDB_MODIFY:
msg = req->op.mod.message;
break;
default:
return ldb_next_request(module, req);
}
/* do not manipulate our control entries */
if (ldb_dn_is_special(msg->dn)) {
return ldb_next_request(module, req);
}
if (!h) {
ldb_debug_set(ldb, LDB_DEBUG_FATAL, "%s", "WINS_LDB: INTERNAL ERROR: no winsdb_handle present!");
return LDB_ERR_OTHER;
}
switch (h->caller) {
case WINSDB_HANDLE_CALLER_NBTD:
case WINSDB_HANDLE_CALLER_WREPL:
/* we trust our nbt and wrepl code ... */
return ldb_next_request(module, req);
case WINSDB_HANDLE_CALLER_ADMIN:
ldb_debug(ldb, LDB_DEBUG_WARNING, "%s\n", "WINS_LDB: TODO verify add/modify for WINSDB_HANDLE_CALLER_ADMIN");
return ldb_next_request(module, req);
}
return LDB_ERR_OTHER;
}
static int pdc_fsmo_init(struct ldb_module *module)
{
struct ldb_context *ldb;
TALLOC_CTX *mem_ctx;
struct ldb_dn *pdc_dn;
struct dsdb_pdc_fsmo *pdc_fsmo;
struct ldb_result *pdc_res;
int ret;
static const char *pdc_attrs[] = {
"fSMORoleOwner",
NULL
};
ldb = ldb_module_get_ctx(module);
mem_ctx = talloc_new(module);
if (!mem_ctx) {
return ldb_oom(ldb);
}
pdc_dn = ldb_get_default_basedn(ldb);
if (!pdc_dn) {
ldb_debug_set(ldb, LDB_DEBUG_FATAL,
"pdc_fsmo_init: could not determine default basedn");
talloc_free(mem_ctx);
return LDB_ERR_OPERATIONS_ERROR;
}
pdc_fsmo = talloc_zero(mem_ctx, struct dsdb_pdc_fsmo);
if (!pdc_fsmo) {
return ldb_oom(ldb);
}
ldb_module_set_private(module, pdc_fsmo);
ret = dsdb_module_search_dn(module, mem_ctx, &pdc_res,
pdc_dn,
pdc_attrs,
DSDB_FLAG_NEXT_MODULE, NULL);
if (ret == LDB_ERR_NO_SUCH_OBJECT) {
ldb_debug(ldb, LDB_DEBUG_TRACE,
"pdc_fsmo_init: no domain object present: (skip loading of domain details)");
talloc_free(mem_ctx);
return ldb_next_init(module);
} else if (ret != LDB_SUCCESS) {
ldb_debug_set(ldb, LDB_DEBUG_FATAL,
"pdc_fsmo_init: failed to search the domain object: %d:%s: %s",
ret, ldb_strerror(ret), ldb_errstring(ldb));
talloc_free(mem_ctx);
return ret;
}
pdc_fsmo->master_dn = ldb_msg_find_attr_as_dn(ldb, mem_ctx, pdc_res->msgs[0], "fSMORoleOwner");
if (ldb_dn_compare(samdb_ntds_settings_dn(ldb), pdc_fsmo->master_dn) == 0) {
pdc_fsmo->we_are_master = true;
} else {
pdc_fsmo->we_are_master = false;
}
if (ldb_set_opaque(ldb, "dsdb_pdc_fsmo", pdc_fsmo) != LDB_SUCCESS) {
return ldb_oom(ldb);
}
talloc_steal(module, pdc_fsmo);
ldb_debug(ldb, LDB_DEBUG_TRACE,
"pdc_fsmo_init: we are master: %s\n",
(pdc_fsmo->we_are_master?"yes":"no"));
talloc_free(mem_ctx);
return ldb_next_init(module);
}
/*
post process a search result record. For any search_sub[] attributes that were
asked for, we need to call the appropriate copy routine to copy the result
into the message, then remove any attributes that we added to the search but
were not asked for by the user
*/
static int operational_search_post_process(struct ldb_module *module,
struct ldb_message *msg,
enum ldb_scope scope,
const char * const *attrs_from_user,
const char * const *attrs_searched_for,
struct op_controls_flags* controls_flags,
struct op_attributes_operations *list,
unsigned int list_size,
struct op_attributes_replace *list_replace,
unsigned int list_replace_size,
struct ldb_request *parent)
{
struct ldb_context *ldb;
unsigned int i, a = 0;
bool constructed_attributes = false;
ldb = ldb_module_get_ctx(module);
/* removed any attrs that should not be shown to the user */
for (i=0; i < list_size; i++) {
ldb_msg_remove_attr(msg, list[i].attr);
}
for (a=0; a < list_replace_size; a++) {
if (check_keep_control_for_attribute(controls_flags,
list_replace[a].attr)) {
continue;
}
/* construct the new attribute, using either a supplied
constructor or a simple copy */
constructed_attributes = true;
if (list_replace[a].constructor != NULL) {
if (list_replace[a].constructor(module, msg, scope, parent) != LDB_SUCCESS) {
goto failed;
}
} else if (ldb_msg_copy_attr(msg,
list_replace[a].replace,
list_replace[a].attr) != LDB_SUCCESS) {
goto failed;
}
}
/* Deletion of the search helper attributes are needed if:
* - we generated constructed attributes and
* - we aren't requesting all attributes
*/
if ((constructed_attributes) && (!ldb_attr_in_list(attrs_from_user, "*"))) {
for (i=0; i < list_replace_size; i++) {
/* remove the added search helper attributes, unless
* they were asked for by the user */
if (list_replace[i].replace != NULL &&
!ldb_attr_in_list(attrs_from_user, list_replace[i].replace)) {
ldb_msg_remove_attr(msg, list_replace[i].replace);
}
if (list_replace[i].extra_attr != NULL &&
!ldb_attr_in_list(attrs_from_user, list_replace[i].extra_attr)) {
ldb_msg_remove_attr(msg, list_replace[i].extra_attr);
}
}
}
return 0;
failed:
ldb_debug_set(ldb, LDB_DEBUG_WARNING,
"operational_search_post_process failed for attribute '%s' - %s",
attrs_from_user[a], ldb_errstring(ldb));
return -1;
}
/*
post process a search result record. For any search_sub[] attributes that were
asked for, we need to call the appropriate copy routine to copy the result
into the message, then remove any attributes that we added to the search but
were not asked for by the user
*/
static int operational_search_post_process(struct ldb_module *module,
struct ldb_message *msg,
enum ldb_scope scope,
const char * const *attrs_from_user,
const char * const *attrs_searched_for,
struct op_controls_flags* controls_flags,
struct ldb_request *parent)
{
struct ldb_context *ldb;
unsigned int i, a = 0;
bool constructed_attributes = false;
ldb = ldb_module_get_ctx(module);
/* removed any attrs that should not be shown to the user */
for (i=0; i<ARRAY_SIZE(operational_remove); i++) {
switch (operational_remove[i].op) {
case OPERATIONAL_REMOVE_UNASKED:
if (ldb_attr_in_list(attrs_from_user, operational_remove[i].attr)) {
continue;
}
if (ldb_attr_in_list(attrs_searched_for, operational_remove[i].attr)) {
continue;
}
case OPERATIONAL_REMOVE_ALWAYS:
ldb_msg_remove_attr(msg, operational_remove[i].attr);
break;
case OPERATIONAL_REMOVE_UNLESS_CONTROL:
if (!check_keep_control_for_attribute(controls_flags, operational_remove[i].attr)) {
ldb_msg_remove_attr(msg, operational_remove[i].attr);
break;
} else {
continue;
}
case OPERATIONAL_SD_FLAGS:
if (controls_flags->sd ||
ldb_attr_in_list(attrs_from_user, operational_remove[i].attr)) {
continue;
}
ldb_msg_remove_attr(msg, operational_remove[i].attr);
break;
}
}
for (a=0;attrs_from_user && attrs_from_user[a];a++) {
if (check_keep_control_for_attribute(controls_flags, attrs_from_user[a])) {
continue;
}
for (i=0;i<ARRAY_SIZE(search_sub);i++) {
if (ldb_attr_cmp(attrs_from_user[a], search_sub[i].attr) != 0) {
continue;
}
/* construct the new attribute, using either a supplied
constructor or a simple copy */
constructed_attributes = true;
if (search_sub[i].constructor != NULL) {
if (search_sub[i].constructor(module, msg, scope, parent) != LDB_SUCCESS) {
goto failed;
}
} else if (ldb_msg_copy_attr(msg,
search_sub[i].replace,
search_sub[i].attr) != LDB_SUCCESS) {
goto failed;
}
}
}
/* Deletion of the search helper attributes are needed if:
* - we generated constructed attributes and
* - we aren't requesting all attributes
*/
if ((constructed_attributes) && (!ldb_attr_in_list(attrs_from_user, "*"))) {
for (i=0;i<ARRAY_SIZE(search_sub);i++) {
/* remove the added search helper attributes, unless
* they were asked for by the user */
if (search_sub[i].replace != NULL &&
!ldb_attr_in_list(attrs_from_user, search_sub[i].replace)) {
ldb_msg_remove_attr(msg, search_sub[i].replace);
}
if (search_sub[i].extra_attr != NULL &&
!ldb_attr_in_list(attrs_from_user, search_sub[i].extra_attr)) {
ldb_msg_remove_attr(msg, search_sub[i].extra_attr);
}
}
}
return 0;
failed:
ldb_debug_set(ldb, LDB_DEBUG_WARNING,
"operational_search_post_process failed for attribute '%s' - %s",
attrs_from_user[a], ldb_errstring(ldb));
return -1;
}
