/* find a value in an element assumes case sensitive comparison */ struct ldb_val *ldb_msg_find_val(const struct ldb_message_element *el, struct ldb_val *val) { unsigned int i; for (i=0;i<el->num_values;i++) { if (ldb_val_equal_exact(val, &el->values[i])) { return &el->values[i]; } } return NULL; }
/* Generate a local message with a mapped objectClass. */ static struct ldb_message_element *map_objectclass_generate_local(struct ldb_module *module, void *mem_ctx, const char *local_attr, const struct ldb_message *remote) { const struct ldb_map_context *data = map_get_context(module); struct ldb_context *ldb; struct ldb_message_element *el, *oc; struct ldb_val val; unsigned int i; ldb = ldb_module_get_ctx(module); /* Find old remote objectClass */ oc = ldb_msg_find_element(remote, "objectClass"); if (oc == NULL) { return NULL; } /* Prepare new element */ el = talloc_zero(mem_ctx, struct ldb_message_element); if (el == NULL) { ldb_oom(ldb); return NULL; } /* Copy remote objectClass element */ el->num_values = oc->num_values; el->values = talloc_array(el, struct ldb_val, el->num_values); if (el->values == NULL) { talloc_free(el); ldb_oom(ldb); return NULL; } /* Copy remote element name "objectClass" */ el->name = talloc_strdup(el, local_attr); /* Convert all remote objectClasses */ for (i = 0; i < el->num_values; i++) { el->values[i] = map_objectclass_convert_remote(module, el->values, &oc->values[i]); } val.data = (uint8_t *)talloc_strdup(el->values, data->add_objectclass); val.length = strlen((char *)val.data); /* Remove last value if it was the string in data->add_objectclass (eg samba4top, extensibleObject) */ if (ldb_val_equal_exact(&val, &el->values[i-1])) { el->num_values--; el->values = talloc_realloc(el, el->values, struct ldb_val, el->num_values); if (el->values == NULL) { talloc_free(el); ldb_oom(ldb); return NULL; } }
/* compare two ldb_message_element structures. Different ordering is considered a mismatch */ bool ldb_msg_element_equal_ordered(const struct ldb_message_element *el1, const struct ldb_message_element *el2) { unsigned i; if (el1->num_values != el2->num_values) { return false; } for (i=0;i<el1->num_values;i++) { if (ldb_val_equal_exact(&el1->values[i], &el2->values[i]) != 1) { return false; } } return true; }
static WERROR dsdb_convert_object_ex(struct ldb_context *ldb, const struct dsdb_schema *schema, const struct drsuapi_DsReplicaObjectListItemEx *in, const DATA_BLOB *gensec_skey, TALLOC_CTX *mem_ctx, struct dsdb_extended_replicated_object *out) { NTSTATUS nt_status; WERROR status; uint32_t i; struct ldb_message *msg; struct replPropertyMetaDataBlob *md; struct ldb_val guid_value; NTTIME whenChanged = 0; time_t whenChanged_t; const char *whenChanged_s; const char *rdn_name = NULL; const struct ldb_val *rdn_value = NULL; const struct dsdb_attribute *rdn_attr = NULL; uint32_t rdn_attid; struct drsuapi_DsReplicaAttribute *name_a = NULL; struct drsuapi_DsReplicaMetaData *name_d = NULL; struct replPropertyMetaData1 *rdn_m = NULL; struct dom_sid *sid = NULL; uint32_t rid = 0; int ret; if (!in->object.identifier) { return WERR_FOOBAR; } if (!in->object.identifier->dn || !in->object.identifier->dn[0]) { return WERR_FOOBAR; } if (in->object.attribute_ctr.num_attributes != 0 && !in->meta_data_ctr) { return WERR_FOOBAR; } if (in->object.attribute_ctr.num_attributes != in->meta_data_ctr->count) { return WERR_FOOBAR; } sid = &in->object.identifier->sid; if (sid->num_auths > 0) { rid = sid->sub_auths[sid->num_auths - 1]; } msg = ldb_msg_new(mem_ctx); W_ERROR_HAVE_NO_MEMORY(msg); msg->dn = ldb_dn_new(msg, ldb, in->object.identifier->dn); W_ERROR_HAVE_NO_MEMORY(msg->dn); rdn_name = ldb_dn_get_rdn_name(msg->dn); rdn_attr = dsdb_attribute_by_lDAPDisplayName(schema, rdn_name); if (!rdn_attr) { return WERR_FOOBAR; } rdn_attid = rdn_attr->attributeID_id; rdn_value = ldb_dn_get_rdn_val(msg->dn); msg->num_elements = in->object.attribute_ctr.num_attributes; msg->elements = talloc_array(msg, struct ldb_message_element, msg->num_elements); W_ERROR_HAVE_NO_MEMORY(msg->elements); md = talloc(mem_ctx, struct replPropertyMetaDataBlob); W_ERROR_HAVE_NO_MEMORY(md); md->version = 1; md->reserved = 0; md->ctr.ctr1.count = in->meta_data_ctr->count; md->ctr.ctr1.reserved = 0; md->ctr.ctr1.array = talloc_array(mem_ctx, struct replPropertyMetaData1, md->ctr.ctr1.count + 1); /* +1 because of the RDN attribute */ W_ERROR_HAVE_NO_MEMORY(md->ctr.ctr1.array); for (i=0; i < in->meta_data_ctr->count; i++) { struct drsuapi_DsReplicaAttribute *a; struct drsuapi_DsReplicaMetaData *d; struct replPropertyMetaData1 *m; struct ldb_message_element *e; int j; a = &in->object.attribute_ctr.attributes[i]; d = &in->meta_data_ctr->meta_data[i]; m = &md->ctr.ctr1.array[i]; e = &msg->elements[i]; for (j=0; j<a->value_ctr.num_values; j++) { status = drsuapi_decrypt_attribute(a->value_ctr.values[j].blob, gensec_skey, rid, a); W_ERROR_NOT_OK_RETURN(status); } status = dsdb_attribute_drsuapi_to_ldb(ldb, schema, a, msg->elements, e); if (!NT_STATUS_IS_OK(status) && a->value_ctr.num_values == 0) { /* w2k8-r2 occasionally sends bogus empty attributes with rubbish attribute IDs. The only think we can do is discard these */ DEBUG(0,(__location__ ": Discarding bogus empty DsReplicaAttribute with attid 0x%x\n", a->attid)); ZERO_STRUCTP(e); continue; } W_ERROR_NOT_OK_RETURN(status); m->attid = a->attid; m->version = d->version; m->originating_change_time = d->originating_change_time; m->originating_invocation_id = d->originating_invocation_id; m->originating_usn = d->originating_usn; m->local_usn = 0; if (d->originating_change_time > whenChanged) { whenChanged = d->originating_change_time; } if (a->attid == DRSUAPI_ATTRIBUTE_name) { name_a = a; name_d = d; rdn_m = &md->ctr.ctr1.array[md->ctr.ctr1.count]; } } /* delete any empty elements */ for (i=0; i < msg->num_elements; i++) { if (msg->elements[i].name == NULL) { ldb_msg_remove_element(msg, &msg->elements[i]); i--; } } if (rdn_m) { struct ldb_message_element *el; el = ldb_msg_find_element(msg, rdn_attr->lDAPDisplayName); if (!el) { ret = ldb_msg_add_value(msg, rdn_attr->lDAPDisplayName, rdn_value, NULL); if (ret != LDB_SUCCESS) { return WERR_FOOBAR; } } else { if (el->num_values != 1) { DEBUG(0,(__location__ ": Unexpected num_values=%u\n", el->num_values)); return WERR_FOOBAR; } if (!ldb_val_equal_exact(&el->values[0], rdn_value)) { DEBUG(0,(__location__ ": RDN value changed? '%*.*s' '%*.*s'\n", (int)el->values[0].length, (int)el->values[0].length, el->values[0].data, (int)rdn_value->length, (int)rdn_value->length, rdn_value->data)); return WERR_FOOBAR; } } rdn_m->attid = rdn_attid; rdn_m->version = name_d->version; rdn_m->originating_change_time = name_d->originating_change_time; rdn_m->originating_invocation_id = name_d->originating_invocation_id; rdn_m->originating_usn = name_d->originating_usn; rdn_m->local_usn = 0; md->ctr.ctr1.count++; } whenChanged_t = nt_time_to_unix(whenChanged); whenChanged_s = ldb_timestring(msg, whenChanged_t); W_ERROR_HAVE_NO_MEMORY(whenChanged_s); nt_status = GUID_to_ndr_blob(&in->object.identifier->guid, msg, &guid_value); if (!NT_STATUS_IS_OK(nt_status)) { return ntstatus_to_werror(nt_status); } out->msg = msg; out->guid_value = guid_value; out->when_changed = whenChanged_s; out->meta_data = md; return WERR_OK; }
WERROR dsdb_convert_object_ex(struct ldb_context *ldb, const struct dsdb_schema *schema, const struct dsdb_schema_prefixmap *pfm_remote, const struct drsuapi_DsReplicaObjectListItemEx *in, const DATA_BLOB *gensec_skey, const uint32_t *ignore_attids, uint32_t dsdb_repl_flags, TALLOC_CTX *mem_ctx, struct dsdb_extended_replicated_object *out) { NTSTATUS nt_status; WERROR status = WERR_OK; uint32_t i; struct ldb_message *msg; struct replPropertyMetaDataBlob *md; int instanceType; struct ldb_message_element *instanceType_e = NULL; struct ldb_val guid_value; struct ldb_val parent_guid_value; NTTIME whenChanged = 0; time_t whenChanged_t; const char *whenChanged_s; struct drsuapi_DsReplicaAttribute *name_a = NULL; struct drsuapi_DsReplicaMetaData *name_d = NULL; struct replPropertyMetaData1 *rdn_m = NULL; struct dom_sid *sid = NULL; uint32_t rid = 0; uint32_t attr_count; int ret; if (!in->object.identifier) { return WERR_FOOBAR; } if (!in->object.identifier->dn || !in->object.identifier->dn[0]) { return WERR_FOOBAR; } if (in->object.attribute_ctr.num_attributes != 0 && !in->meta_data_ctr) { return WERR_FOOBAR; } if (in->object.attribute_ctr.num_attributes != in->meta_data_ctr->count) { return WERR_FOOBAR; } sid = &in->object.identifier->sid; if (sid->num_auths > 0) { rid = sid->sub_auths[sid->num_auths - 1]; } msg = ldb_msg_new(mem_ctx); W_ERROR_HAVE_NO_MEMORY(msg); msg->dn = ldb_dn_new(msg, ldb, in->object.identifier->dn); W_ERROR_HAVE_NO_MEMORY(msg->dn); msg->num_elements = in->object.attribute_ctr.num_attributes; msg->elements = talloc_array(msg, struct ldb_message_element, msg->num_elements + 1); /* +1 because of the RDN attribute */ W_ERROR_HAVE_NO_MEMORY(msg->elements); md = talloc(mem_ctx, struct replPropertyMetaDataBlob); W_ERROR_HAVE_NO_MEMORY(md); md->version = 1; md->reserved = 0; md->ctr.ctr1.count = in->meta_data_ctr->count; md->ctr.ctr1.reserved = 0; md->ctr.ctr1.array = talloc_array(mem_ctx, struct replPropertyMetaData1, md->ctr.ctr1.count + 1); /* +1 because of the RDN attribute */ W_ERROR_HAVE_NO_MEMORY(md->ctr.ctr1.array); for (i=0, attr_count=0; i < in->meta_data_ctr->count; i++, attr_count++) { struct drsuapi_DsReplicaAttribute *a; struct drsuapi_DsReplicaMetaData *d; struct replPropertyMetaData1 *m; struct ldb_message_element *e; uint32_t j; a = &in->object.attribute_ctr.attributes[i]; d = &in->meta_data_ctr->meta_data[i]; m = &md->ctr.ctr1.array[attr_count]; e = &msg->elements[attr_count]; if (dsdb_attid_in_list(ignore_attids, a->attid)) { attr_count--; continue; } if (GUID_all_zero(&d->originating_invocation_id)) { status = WERR_DS_SRC_GUID_MISMATCH; DEBUG(0, ("Refusing replication of object containing invalid zero invocationID on attribute %d of %s: %s\n", a->attid, ldb_dn_get_linearized(msg->dn), win_errstr(status))); return status; } if (a->attid == DRSUAPI_ATTID_instanceType) { if (instanceType_e != NULL) { return WERR_FOOBAR; } instanceType_e = e; } for (j=0; j<a->value_ctr.num_values; j++) { status = drsuapi_decrypt_attribute(a->value_ctr.values[j].blob, gensec_skey, rid, dsdb_repl_flags, a); if (!W_ERROR_IS_OK(status)) { break; } } if (W_ERROR_EQUAL(status, WERR_TOO_MANY_SECRETS)) { WERROR get_name_status = dsdb_attribute_drsuapi_to_ldb(ldb, schema, pfm_remote, a, msg->elements, e); if (W_ERROR_IS_OK(get_name_status)) { DEBUG(0, ("Unxpectedly got secret value %s on %s from DRS server\n", e->name, ldb_dn_get_linearized(msg->dn))); } else { DEBUG(0, ("Unxpectedly got secret value on %s from DRS server", ldb_dn_get_linearized(msg->dn))); } } else if (!W_ERROR_IS_OK(status)) { return status; } status = dsdb_attribute_drsuapi_to_ldb(ldb, schema, pfm_remote, a, msg->elements, e); W_ERROR_NOT_OK_RETURN(status); m->attid = a->attid; m->version = d->version; m->originating_change_time = d->originating_change_time; m->originating_invocation_id = d->originating_invocation_id; m->originating_usn = d->originating_usn; m->local_usn = 0; if (d->originating_change_time > whenChanged) { whenChanged = d->originating_change_time; } if (a->attid == DRSUAPI_ATTID_name) { name_a = a; name_d = d; } } msg->num_elements = attr_count; md->ctr.ctr1.count = attr_count; if (name_a) { rdn_m = &md->ctr.ctr1.array[md->ctr.ctr1.count]; } if (rdn_m) { struct ldb_message_element *el; const char *rdn_name = NULL; const struct ldb_val *rdn_value = NULL; const struct dsdb_attribute *rdn_attr = NULL; uint32_t rdn_attid; /* * We only need the schema calls for the RDN in this * codepath, and by doing this we avoid needing to * have the dsdb_attribute_by_lDAPDisplayName accessor * working during the schema load. */ rdn_name = ldb_dn_get_rdn_name(msg->dn); rdn_attr = dsdb_attribute_by_lDAPDisplayName(schema, rdn_name); if (!rdn_attr) { return WERR_FOOBAR; } rdn_attid = rdn_attr->attributeID_id; rdn_value = ldb_dn_get_rdn_val(msg->dn); el = ldb_msg_find_element(msg, rdn_attr->lDAPDisplayName); if (!el) { ret = ldb_msg_add_value(msg, rdn_attr->lDAPDisplayName, rdn_value, NULL); if (ret != LDB_SUCCESS) { return WERR_FOOBAR; } } else { if (el->num_values != 1) { DEBUG(0,(__location__ ": Unexpected num_values=%u\n", el->num_values)); return WERR_FOOBAR; } if (!ldb_val_equal_exact(&el->values[0], rdn_value)) { DEBUG(0,(__location__ ": RDN value changed? '%*.*s' '%*.*s'\n", (int)el->values[0].length, (int)el->values[0].length, el->values[0].data, (int)rdn_value->length, (int)rdn_value->length, rdn_value->data)); return WERR_FOOBAR; } } rdn_m->attid = rdn_attid; rdn_m->version = name_d->version; rdn_m->originating_change_time = name_d->originating_change_time; rdn_m->originating_invocation_id = name_d->originating_invocation_id; rdn_m->originating_usn = name_d->originating_usn; rdn_m->local_usn = 0; md->ctr.ctr1.count++; } if (instanceType_e == NULL) { return WERR_FOOBAR; } instanceType = ldb_msg_find_attr_as_int(msg, "instanceType", 0); if (dsdb_repl_flags & DSDB_REPL_FLAG_PARTIAL_REPLICA) { /* the instanceType type for partial_replica replication is sent via DRS with TYPE_WRITE set, but must be used on the client with TYPE_WRITE removed */ if (instanceType & INSTANCE_TYPE_WRITE) { /* * Make sure we do not change the order * of msg->elements! * * That's why we use * instanceType_e->num_values = 0 * instead of * ldb_msg_remove_attr(msg, "instanceType"); */ struct ldb_message_element *e; e = ldb_msg_find_element(msg, "instanceType"); if (e != instanceType_e) { DEBUG(0,("instanceType_e[%p] changed to e[%p]\n", instanceType_e, e)); return WERR_FOOBAR; } instanceType_e->num_values = 0; instanceType &= ~INSTANCE_TYPE_WRITE; if (ldb_msg_add_fmt(msg, "instanceType", "%d", instanceType) != LDB_SUCCESS) { return WERR_INTERNAL_ERROR; } } } else { if (!(instanceType & INSTANCE_TYPE_WRITE)) { DEBUG(0, ("Refusing to replicate %s from a read-only repilca into a read-write replica!\n", ldb_dn_get_linearized(msg->dn))); return WERR_DS_DRA_SOURCE_IS_PARTIAL_REPLICA; } } whenChanged_t = nt_time_to_unix(whenChanged); whenChanged_s = ldb_timestring(msg, whenChanged_t); W_ERROR_HAVE_NO_MEMORY(whenChanged_s); nt_status = GUID_to_ndr_blob(&in->object.identifier->guid, msg, &guid_value); if (!NT_STATUS_IS_OK(nt_status)) { return ntstatus_to_werror(nt_status); } if (in->parent_object_guid) { nt_status = GUID_to_ndr_blob(in->parent_object_guid, msg, &parent_guid_value); if (!NT_STATUS_IS_OK(nt_status)) { return ntstatus_to_werror(nt_status); } } else { parent_guid_value = data_blob_null; } out->msg = msg; out->guid_value = guid_value; out->parent_guid_value = parent_guid_value; out->when_changed = whenChanged_s; out->meta_data = md; return WERR_OK; }
int ldb_msg_find_common_values(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, struct ldb_message_element *el, struct ldb_message_element *el2, uint32_t options) { struct ldb_val *values; struct ldb_val *values2; unsigned int i, j, k, n_values; bool remove_duplicates = options & LDB_MSG_FIND_COMMON_REMOVE_DUPLICATES; if ((options & ~LDB_MSG_FIND_COMMON_REMOVE_DUPLICATES) != 0) { return LDB_ERR_OPERATIONS_ERROR; } if (strcmp(el->name, el2->name) != 0) { return LDB_ERR_INAPPROPRIATE_MATCHING; } if (el->num_values == 0 || el2->num_values == 0) { return LDB_SUCCESS; } /* With few values, it is better to do the brute-force search than the clever search involving tallocs, memcpys, sorts, etc. */ if (MIN(el->num_values, el2->num_values) == 1 || MAX(el->num_values, el2->num_values) < LDB_DUP_QUADRATIC_THRESHOLD) { for (i = 0; i < el2->num_values; i++) { for (j = 0; j < el->num_values; j++) { if (ldb_val_equal_exact(&el->values[j], &el2->values[i])) { if (! remove_duplicates) { return \ LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS; } /* With the remove_duplicates flag, we resolve the intersection by removing the offending one from el. */ el->num_values--; for (k = j; k < el->num_values; k++) { el->values[k] = \ el->values[k + 1]; } j--; /* rewind */ } } } return LDB_SUCCESS; } values = talloc_array(mem_ctx, struct ldb_val, el->num_values); if (values == NULL) { return LDB_ERR_OPERATIONS_ERROR; } values2 = talloc_array(mem_ctx, struct ldb_val, el2->num_values); if (values2 == NULL) { return LDB_ERR_OPERATIONS_ERROR; } memcpy(values, el->values, el->num_values * sizeof(struct ldb_val)); memcpy(values2, el2->values, el2->num_values * sizeof(struct ldb_val)); TYPESAFE_QSORT(values, el->num_values, ldb_val_cmp); TYPESAFE_QSORT(values2, el2->num_values, ldb_val_cmp); /* el->n_values may diverge from the number of values in the sorted list when the remove_duplicates flag is used. */ n_values = el->num_values; i = 0; j = 0; while (i != n_values && j < el2->num_values) { int ret = ldb_val_cmp(&values[i], &values2[j]); if (ret < 0) { i++; } else if (ret > 0) { j++; } else { /* we have a collision */ if (! remove_duplicates) { TALLOC_FREE(values); TALLOC_FREE(values2); return LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS; } /* With the remove_duplicates flag we need to find this in the original list and remove it, which is inefficient but hopefully rare. */ for (k = 0; k < el->num_values; k++) { if (ldb_val_equal_exact(&el->values[k], &values[i])) { break; } } el->num_values--; for (; k < el->num_values; k++) { el->values[k] = el->values[k + 1]; } i++; } } TALLOC_FREE(values); TALLOC_FREE(values2); return LDB_SUCCESS; }
int ldb_msg_find_duplicate_val(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, const struct ldb_message_element *el, struct ldb_val **duplicate, uint32_t options) { unsigned int i, j; struct ldb_val *val; if (options != 0) { return LDB_ERR_OPERATIONS_ERROR; } *duplicate = NULL; /* If there are not many values, it is best to avoid the talloc overhead and just do a brute force search. */ if (el->num_values < LDB_DUP_QUADRATIC_THRESHOLD) { for (j = 0; j < el->num_values; j++) { val = &el->values[j]; for ( i = j + 1; i < el->num_values; i++) { if (ldb_val_equal_exact(val, &el->values[i])) { *duplicate = val; return LDB_SUCCESS; } } } } else { struct ldb_val *values; values = talloc_array(mem_ctx, struct ldb_val, el->num_values); if (values == NULL) { return LDB_ERR_OPERATIONS_ERROR; } memcpy(values, el->values, el->num_values * sizeof(struct ldb_val)); TYPESAFE_QSORT(values, el->num_values, ldb_val_cmp); for (i = 1; i < el->num_values; i++) { if (ldb_val_equal_exact(&values[i], &values[i - 1])) { /* find the original location */ for (j = 0; j < el->num_values; j++) { if (ldb_val_equal_exact(&values[i], &el->values[j]) ) { *duplicate = &el->values[j]; break; } } talloc_free(values); if (*duplicate == NULL) { /* how we got here, I don't know */ return LDB_ERR_OPERATIONS_ERROR; } return LDB_SUCCESS; } } talloc_free(values); } return LDB_SUCCESS; }