/**
Table fields:
* Mandatory fields:
* `type` TINYINT(1)
* `propType` INT(10) unsigned
* `oleguid` VARCHAR(255)
* `mappedId` INT(10) unsigned
* Optional fields:
* `propId` INT(10) unsigned
* `propName` VARCHAR(255)
* `oom` VARCHAR(255)
* `canonical` VARCHAR(255)
*/
static bool insert_ldif_msg(MYSQL *conn, struct ldb_message *ldif)
{
const char *val = ldb_msg_find_attr_as_string(ldif, "objectClass", "");
if (strlen(val) < strlen("MNID_ID")) {
// It's not a valid entry, ignore it
return true;
}
TALLOC_CTX *mem_ctx = talloc_zero(NULL, TALLOC_CTX);
const char **fields = (const char **) str_list_make_empty(mem_ctx);
// Optional fields
add_field_from_ldif(mem_ctx, ldif, &fields, "propId", false);
add_field_from_ldif(mem_ctx, ldif, &fields, "propName", false);
add_field_from_ldif(mem_ctx, ldif, &fields, "oom", false);
add_field_from_ldif(mem_ctx, ldif, &fields, "canonical", false);
// Mandatory fields
// oleguid and mappedId
if (!add_field_from_ldif(mem_ctx, ldif, &fields, "oleguid", true) ||
!add_field_from_ldif(mem_ctx, ldif, &fields, "mappedId", true)) {
return false;
}
// type
int type;
if (strcmp(val, "MNID_STRING") == 0) {
type = MNID_STRING;
} else if (strcmp(val, "MNID_ID") == 0) {
type = MNID_ID;
} else {
DEBUG(0, ("Invalid objectClass %s", val));
return false;
}
fields = str_list_add(fields, talloc_asprintf(mem_ctx, "type=%d", type));
// propType: it could be either an integer or a constant PT_*, we have
// to store it as an integer
val = ldb_msg_find_attr_as_string(ldif, "propType", "");
if (strlen(val) == 0) {
DEBUG(0, ("propType value hasn't been found! malformed ldif?"));
return false;
}
int propType;
if (isalpha(val[0])) {
propType = mapistore_namedprops_prop_type_from_string(val);
if (propType == -1) {
DEBUG(0, ("Invalid propType %s", val));
return false;
}
} else {
propType = strtol(val, NULL, 10);
}
fields = str_list_add(fields,
talloc_asprintf(mem_ctx, "propType=%d", propType));
// Done, we have all fields on fields array
char *fields_sql = str_list_join(mem_ctx, fields, ',');
char *sql = talloc_asprintf(mem_ctx,
"INSERT INTO " NAMEDPROPS_MYSQL_TABLE " SET %s", fields_sql);
mysql_query(conn, sql);
talloc_free(mem_ctx);
return true;
}
/*
lookup a name for 1 SID
*/
static NTSTATUS dcesrv_lsa_lookup_sid(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx,
struct dom_sid *sid, const char *sid_str,
const char **authority_name,
const char **name, enum lsa_SidType *rtype)
{
NTSTATUS status;
int ret;
uint32_t atype;
struct ldb_message **res;
struct ldb_dn *domain_dn;
const char * const attrs[] = { "sAMAccountName", "sAMAccountType", "cn", NULL};
status = lookup_well_known_sids(mem_ctx, sid_str, authority_name, name, rtype);
if (NT_STATUS_IS_OK(status)) {
return status;
}
if (dom_sid_in_domain(state->domain_sid, sid)) {
*authority_name = state->domain_name;
domain_dn = state->domain_dn;
} else if (dom_sid_in_domain(state->builtin_sid, sid)) {
*authority_name = NAME_BUILTIN;
domain_dn = state->builtin_dn;
} else {
/* Not well known, our domain or built in */
/* In future, we must look at SID histories, and at trusted domains via winbind */
return NT_STATUS_NOT_FOUND;
}
ret = gendb_search(state->sam_ldb, mem_ctx, domain_dn, &res, attrs,
"objectSid=%s", ldap_encode_ndr_dom_sid(mem_ctx, sid));
if (ret == 1) {
*name = ldb_msg_find_attr_as_string(res[0], "sAMAccountName", NULL);
if (!*name) {
*name = ldb_msg_find_attr_as_string(res[0], "cn", NULL);
if (!*name) {
*name = talloc_strdup(mem_ctx, sid_str);
NT_STATUS_HAVE_NO_MEMORY(*name);
}
}
atype = samdb_result_uint(res[0], "sAMAccountType", 0);
*rtype = ds_atype_map(atype);
return NT_STATUS_OK;
}
/* need to re-add a check for an allocated sid */
return NT_STATUS_NOT_FOUND;
}
/* port functions */
static WERROR sptr_EnumPorts(struct ntptr_context *ntptr, TALLOC_CTX *mem_ctx,
struct spoolss_EnumPorts *r)
{
struct ldb_context *sptr_db = talloc_get_type(ntptr->private_data, struct ldb_context);
struct ldb_message **msgs;
int count;
int i;
union spoolss_PortInfo *info;
count = sptr_db_search(sptr_db, mem_ctx, NULL, &msgs, NULL,
"(&(objectclass=port))");
if (count == 0) return WERR_OK;
if (count < 0) return WERR_GENERAL_FAILURE;
info = talloc_array(mem_ctx, union spoolss_PortInfo, count);
W_ERROR_HAVE_NO_MEMORY(info);
switch (r->in.level) {
case 1:
for (i = 0; i < count; i++) {
info[i].info1.port_name = ldb_msg_find_attr_as_string(msgs[i], "port-name", "");
W_ERROR_HAVE_NO_MEMORY(info[i].info1.port_name);
}
break;
case 2:
for (i=0; i < count; i++) {
info[i].info2.port_name = ldb_msg_find_attr_as_string(msgs[i], "port-name", "");
W_ERROR_HAVE_NO_MEMORY(info[i].info2.port_name);
info[i].info2.monitor_name = ldb_msg_find_attr_as_string(msgs[i], "monitor-name", "");
W_ERROR_HAVE_NO_MEMORY(info[i].info2.monitor_name);
info[i].info2.description = ldb_msg_find_attr_as_string(msgs[i], "description", "");
W_ERROR_HAVE_NO_MEMORY(info[i].info2.description);
info[i].info2.port_type = ldb_msg_find_attr_as_uint(msgs[i], "port-type", SPOOLSS_PORT_TYPE_WRITE);
info[i].info2.reserved = ldb_msg_find_attr_as_uint(msgs[i], "reserved", 0);
}
break;
default:
return WERR_UNKNOWN_LEVEL;
}
*r->out.info = info;
*r->out.count = count;
return WERR_OK;
}
static NTSTATUS unbecomeDC_ldap_computer_object(struct libnet_UnbecomeDC_state *s)
{
int ret;
struct ldb_result *r;
struct ldb_dn *basedn;
static const char *attrs[] = {
"distinguishedName",
"userAccountControl",
NULL
};
basedn = ldb_dn_new(s, s->ldap.ldb, s->domain.dn_str);
NT_STATUS_HAVE_NO_MEMORY(basedn);
ret = ldb_search(s->ldap.ldb, s, &r, basedn, LDB_SCOPE_SUBTREE, attrs,
"(&(|(objectClass=user)(objectClass=computer))(sAMAccountName=%s$))",
s->dest_dsa.netbios_name);
talloc_free(basedn);
if (ret != LDB_SUCCESS) {
return NT_STATUS_LDAP(ret);
} else if (r->count != 1) {
talloc_free(r);
return NT_STATUS_INVALID_NETWORK_RESPONSE;
}
s->dest_dsa.computer_dn_str = ldb_msg_find_attr_as_string(r->msgs[0], "distinguishedName", NULL);
if (!s->dest_dsa.computer_dn_str) return NT_STATUS_INVALID_NETWORK_RESPONSE;
talloc_steal(s, s->dest_dsa.computer_dn_str);
s->dest_dsa.user_account_control = ldb_msg_find_attr_as_uint(r->msgs[0], "userAccountControl", 0);
talloc_free(r);
return NT_STATUS_OK;
}
static bool add_field_from_ldif(TALLOC_CTX *mem_ctx, struct ldb_message *ldif,
const char ***fields, const char *field,
bool mandatory)
{
const char *val = ldb_msg_find_attr_as_string(ldif, field, "");
if (strlen(val) == 0) {
if (mandatory) {
DEBUG(0, ("%s value hasn't been found! malformed ldif?",
field));
}
return false;
}
char *end;
int intval = strtol(val, &end, 10);
if (end && strlen(val) == (end - val)) {
*fields = str_list_add(*fields,
talloc_asprintf(mem_ctx, "%s=%d", field,
intval));
} else {
*fields = str_list_add(*fields,
talloc_asprintf(mem_ctx, "%s='%s'",
field, val));
}
return true;
}
/*
allocate a new id, attempting to do it atomically
return 0 on failure, the id on success
*/
static int samldb_find_next_rid(struct ldb_module *module, TALLOC_CTX *mem_ctx,
struct ldb_dn *dn, uint32_t *old_rid)
{
const char * const attrs[2] = { "nextRid", NULL };
struct ldb_result *res = NULL;
int ret;
const char *str;
ret = ldb_search(module->ldb, dn, LDB_SCOPE_BASE, "nextRid=*", attrs, &res);
if (ret != LDB_SUCCESS) {
return ret;
}
if (res->count != 1) {
talloc_free(res);
return LDB_ERR_OPERATIONS_ERROR;
}
str = ldb_msg_find_attr_as_string(res->msgs[0], "nextRid", NULL);
if (str == NULL) {
ldb_asprintf_errstring(module->ldb,
"attribute nextRid not found in %s\n",
ldb_dn_get_linearized(dn));
talloc_free(res);
return LDB_ERR_OPERATIONS_ERROR;
}
*old_rid = strtol(str, NULL, 0);
talloc_free(res);
return LDB_SUCCESS;
}
static int prepare_modules_line(struct ldb_context *ldb,
TALLOC_CTX *mem_ctx,
const struct ldb_message *rootdse_msg,
struct ldb_message *msg, const char *backend_attr,
const char *backend_mod, const char **backend_mod_list)
{
int ret;
const char **backend_full_list;
const char *backend_dn;
char *mod_list_string;
char *full_string;
TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
if (!tmp_ctx) {
return ldb_oom(ldb);
}
if (backend_attr) {
backend_dn = ldb_msg_find_attr_as_string(rootdse_msg, backend_attr, NULL);
if (!backend_dn) {
ldb_asprintf_errstring(ldb,
"samba_dsdb_init: "
"unable to read %s from %s:%s",
backend_attr, ldb_dn_get_linearized(rootdse_msg->dn),
ldb_errstring(ldb));
return LDB_ERR_CONSTRAINT_VIOLATION;
}
} else {
backend_dn = "*";
}
if (backend_mod) {
char **b = str_list_make_single(tmp_ctx, backend_mod);
backend_full_list = discard_const_p(const char *, b);
} else {
/**
\details Get the organization name (like "First Organization") as a DN.
\param emsmdbp_ctx pointer to the EMSMDBP context
\param basedn pointer to the returned struct ldb_dn
\return MAPI_E_SUCCESS or an error if something happens
*/
_PUBLIC_ enum MAPISTATUS emsmdbp_get_org_dn(struct emsmdbp_context *emsmdbp_ctx, struct ldb_dn **basedn)
{
enum MAPISTATUS retval;
int ret;
struct ldb_result *res = NULL;
char *org_name;
OPENCHANGE_RETVAL_IF(!emsmdbp_ctx, MAPI_E_NOT_INITIALIZED, NULL);
OPENCHANGE_RETVAL_IF(!emsmdbp_ctx->samdb_ctx, MAPI_E_NOT_INITIALIZED, NULL);
OPENCHANGE_RETVAL_IF(!basedn, MAPI_E_INVALID_PARAMETER, NULL);
retval = emsmdbp_fetch_organizational_units(emsmdbp_ctx, emsmdbp_ctx, &org_name, NULL);
OPENCHANGE_RETVAL_IF(retval != MAPI_E_SUCCESS, retval, NULL);
ret = ldb_search(emsmdbp_ctx->samdb_ctx, emsmdbp_ctx, &res,
ldb_get_config_basedn(emsmdbp_ctx->samdb_ctx),
LDB_SCOPE_SUBTREE, NULL,
"(&(objectClass=msExchOrganizationContainer)(cn=%s))",
ldb_binary_encode_string(emsmdbp_ctx, org_name));
talloc_free(org_name);
/* If the search failed */
if (ret != LDB_SUCCESS) {
DEBUG(1, ("emsmdbp_get_org_dn ldb_search failure.\n"));
return MAPI_E_NOT_FOUND;
}
*basedn = ldb_dn_new(emsmdbp_ctx, emsmdbp_ctx->samdb_ctx,
ldb_msg_find_attr_as_string(res->msgs[0], "distinguishedName", NULL));
return MAPI_E_SUCCESS;
}
static errno_t krb5_auth_prepare_ccache_name(struct krb5child_req *kr,
struct ldb_message *user_msg,
struct be_ctx *be_ctx)
{
const char *ccname_template;
ccname_template = dp_opt_get_cstring(kr->krb5_ctx->opts, KRB5_CCNAME_TMPL);
kr->ccname = expand_ccname_template(kr, kr, ccname_template,
kr->krb5_ctx->illegal_path_re, true,
be_ctx->domain->case_sensitive);
if (kr->ccname == NULL) {
DEBUG(SSSDBG_CRIT_FAILURE, "expand_ccname_template failed.\n");
return ENOMEM;
}
kr->old_ccname = ldb_msg_find_attr_as_string(user_msg,
SYSDB_CCACHE_FILE, NULL);
if (kr->old_ccname == NULL) {
DEBUG(SSSDBG_TRACE_LIBS,
"No ccache file for user [%s] found.\n", kr->pd->user);
}
return EOK;
}
static NTSTATUS sldb_get_config(TALLOC_CTX *mem_ctx,
struct share_context *ctx,
const char *name,
struct share_config **scfg)
{
int ret;
struct share_config *s;
struct ldb_context *ldb;
struct ldb_result *res;
TALLOC_CTX *tmp_ctx;
tmp_ctx = talloc_new(mem_ctx);
if (!tmp_ctx) {
DEBUG(0,("ERROR: Out of memory!\n"));
return NT_STATUS_NO_MEMORY;
}
ldb = talloc_get_type(ctx->priv_data, struct ldb_context);
ret = ldb_search(ldb, tmp_ctx, &res,
ldb_dn_new(tmp_ctx, ldb, "CN=SHARES"), LDB_SCOPE_SUBTREE, NULL,
"(name=%s)", name);
if (ret != LDB_SUCCESS || res->count > 1) {
talloc_free(tmp_ctx);
return NT_STATUS_INTERNAL_DB_CORRUPTION;
} else if (res->count != 1) {
talloc_free(tmp_ctx);
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
s = talloc(tmp_ctx, struct share_config);
if (!s) {
DEBUG(0,("ERROR: Out of memory!\n"));
talloc_free(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
s->name = talloc_strdup(s, ldb_msg_find_attr_as_string(res->msgs[0], "name", NULL));
if (!s->name) {
DEBUG(0,("ERROR: Invalid share object!\n"));
talloc_free(tmp_ctx);
return NT_STATUS_UNSUCCESSFUL;
}
s->opaque = talloc_steal(s, res->msgs[0]);
if (!s->opaque) {
DEBUG(0,("ERROR: Invalid share object!\n"));
talloc_free(tmp_ctx);
return NT_STATUS_UNSUCCESSFUL;
}
s->ctx = ctx;
*scfg = talloc_steal(mem_ctx, s);
talloc_free(tmp_ctx);
return NT_STATUS_OK;
}
/*
work out the principal to use for DRS replication connections
*/
NTSTATUS dreplsrv_get_target_principal(struct dreplsrv_service *s,
TALLOC_CTX *mem_ctx,
const struct repsFromTo1 *rft,
const char **target_principal)
{
TALLOC_CTX *tmp_ctx;
struct ldb_result *res;
const char *attrs[] = { "dNSHostName", NULL };
int ret;
const char *hostname;
struct ldb_dn *dn;
*target_principal = NULL;
tmp_ctx = talloc_new(mem_ctx);
/* we need to find their hostname */
ret = dsdb_find_dn_by_guid(s->samdb, tmp_ctx, &rft->source_dsa_obj_guid, &dn);
if (ret != LDB_SUCCESS) {
talloc_free(tmp_ctx);
/* its OK for their NTDSDSA DN not to be in our database */
return NT_STATUS_OK;
}
/* strip off the NTDS Settings */
if (!ldb_dn_remove_child_components(dn, 1)) {
talloc_free(tmp_ctx);
return NT_STATUS_OK;
}
ret = dsdb_search_dn(s->samdb, tmp_ctx, &res, dn, attrs, 0);
if (ret != LDB_SUCCESS) {
talloc_free(tmp_ctx);
/* its OK for their account DN not to be in our database */
return NT_STATUS_OK;
}
hostname = ldb_msg_find_attr_as_string(res->msgs[0], "dNSHostName", NULL);
if (hostname == NULL) {
talloc_free(tmp_ctx);
/* its OK to not have a dnshostname */
return NT_STATUS_OK;
}
/* All DCs have the GC/hostname/realm name, but if some of the
* preconditions are not satisfied, then we will fall back to
* the
* E3514235-4B06-11D1-AB04-00C04FC2DCD2/${NTDSGUID}/${DNSDOMAIN}
* name. This means that if a AD server has a dnsHostName set
* on it's record, it must also have GC/hostname/realm
* servicePrincipalName */
*target_principal = talloc_asprintf(mem_ctx, "GC/%s/%s",
hostname,
lpcfg_dnsdomain(s->task->lp_ctx));
talloc_free(tmp_ctx);
return NT_STATUS_OK;
}
/* monitor functions */
static WERROR sptr_EnumMonitors(struct ntptr_context *ntptr, TALLOC_CTX *mem_ctx,
struct spoolss_EnumMonitors *r)
{
struct ldb_context *sptr_db = talloc_get_type(ntptr->private_data, struct ldb_context);
struct ldb_message **msgs;
int count;
int i;
union spoolss_MonitorInfo *info;
count = sptr_db_search(sptr_db, mem_ctx, NULL, &msgs, NULL,
"(&(objectclass=monitor))");
if (count == 0) return WERR_OK;
if (count < 0) return WERR_GENERAL_FAILURE;
info = talloc_array(mem_ctx, union spoolss_MonitorInfo, count);
W_ERROR_HAVE_NO_MEMORY(info);
switch (r->in.level) {
case 1:
for (i = 0; i < count; i++) {
info[i].info1.monitor_name = ldb_msg_find_attr_as_string(msgs[i], "monitor-name", "");
W_ERROR_HAVE_NO_MEMORY(info[i].info1.monitor_name);
}
break;
case 2:
for (i=0; i < count; i++) {
info[i].info2.monitor_name = ldb_msg_find_attr_as_string(msgs[i], "monitor-name", "");
W_ERROR_HAVE_NO_MEMORY(info[i].info2.monitor_name);
info[i].info2.environment = ldb_msg_find_attr_as_string(msgs[i], "environment", "");
W_ERROR_HAVE_NO_MEMORY(info[i].info2.environment);
info[i].info2.dll_name = ldb_msg_find_attr_as_string(msgs[i], "dll-name", "");
W_ERROR_HAVE_NO_MEMORY(info[i].info2.dll_name);
}
break;
default:
return WERR_UNKNOWN_LEVEL;
}
*r->out.info = info;
*r->out.count = count;
return WERR_OK;
}
static int prepare_modules_line(struct ldb_context *ldb,
TALLOC_CTX *mem_ctx,
const struct ldb_message *rootdse_msg,
struct ldb_message *msg, const char *backend_attr,
const char *backend_mod, const char **backend_mod_list)
{
int ret;
const char **backend_full_list;
const char *backend_dn;
char *mod_list_string;
char *full_string;
TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
if (!tmp_ctx) {
return ldb_oom(ldb);
}
if (backend_attr) {
backend_dn = ldb_msg_find_attr_as_string(rootdse_msg, backend_attr, NULL);
if (!backend_dn) {
ldb_asprintf_errstring(ldb,
"samba_dsdb_init: "
"unable to read %s from %s:%s",
backend_attr, ldb_dn_get_linearized(rootdse_msg->dn),
ldb_errstring(ldb));
return LDB_ERR_CONSTRAINT_VIOLATION;
}
} else {
backend_dn = "*";
}
if (backend_mod) {
backend_full_list = (const char **)str_list_make_single(tmp_ctx, backend_mod);
} else {
backend_full_list = (const char **)str_list_make_empty(tmp_ctx);
}
if (!backend_full_list) {
talloc_free(tmp_ctx);
return ldb_oom(ldb);
}
backend_full_list = str_list_append_const(backend_full_list, backend_mod_list);
if (!backend_full_list) {
talloc_free(tmp_ctx);
return ldb_oom(ldb);
}
mod_list_string = str_list_join(tmp_ctx, backend_full_list, ',');
if (!mod_list_string) {
talloc_free(tmp_ctx);
return ldb_oom(ldb);
}
full_string = talloc_asprintf(tmp_ctx, "%s:%s", backend_dn, mod_list_string);
ret = ldb_msg_add_steal_string(msg, "modules", full_string);
talloc_free(tmp_ctx);
return ret;
}
errno_t find_or_guess_upn(TALLOC_CTX *mem_ctx, struct ldb_message *msg,
struct krb5_ctx *krb5_ctx,
struct sss_domain_info *dom, const char *user,
const char *user_dom, char **_upn)
{
const char *upn = NULL;
int ret;
if (krb5_ctx == NULL || dom == NULL || user == NULL || _upn == NULL) {
return EINVAL;
}
if (msg != NULL) {
upn = ldb_msg_find_attr_as_string(msg, SYSDB_CANONICAL_UPN, NULL);
if (upn != NULL) {
ret = EOK;
goto done;
}
upn = ldb_msg_find_attr_as_string(msg, SYSDB_UPN, NULL);
if (upn != NULL) {
ret = EOK;
goto done;
}
}
ret = krb5_get_simple_upn(mem_ctx, krb5_ctx, dom, user,
user_dom, _upn);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, "krb5_get_simple_upn failed.\n");
return ret;
}
done:
if (ret == EOK && upn != NULL) {
*_upn = talloc_strdup(mem_ctx, upn);
if (*_upn == NULL) {
DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
return ENOMEM;
}
}
return ret;
}
/*
unpack a ldb message into a GROUP_MAP structure
*/
static bool msg_to_group_map(struct ldb_message *msg, GROUP_MAP *map)
{
const char *sidstr;
map->gid = ldb_msg_find_attr_as_int(msg, "gidNumber", -1);
map->sid_name_use = ldb_msg_find_attr_as_int(msg, "sidNameUse", -1);
fstrcpy(map->nt_name, ldb_msg_find_attr_as_string(msg, "ntName", NULL));
fstrcpy(map->comment, ldb_msg_find_attr_as_string(msg, "comment", NULL));
sidstr = ldb_msg_find_attr_as_string(msg, "sid", NULL);
if (!string_to_sid(&map->sid, sidstr) ||
map->gid == (gid_t)-1 ||
map->sid_name_use == (enum lsa_SidType)-1) {
DEBUG(0,("Unable to unpack group mapping\n"));
return False;
}
return True;
}
errno_t update_dn_list(struct dn_item *dn_list, const size_t count,
struct ldb_message **res, bool *all_resolved)
{
struct dn_item *dn_item;
size_t c;
const char *dn;
const char *cn;
bool not_resolved = false;
*all_resolved = false;
DLIST_FOR_EACH(dn_item, dn_list) {
if (dn_item->cn != NULL) {
continue;
}
for(c = 0; c < count; c++) {
dn = ldb_msg_find_attr_as_string(res[c], SYSDB_ORIG_DN, NULL);
if (dn == NULL) {
DEBUG(1, ("Missing original DN.\n"));
return EINVAL;
}
if (strcmp(dn, dn_item->dn) == 0) {
DEBUG(9, ("Found matching entry for [%s].\n", dn_item->dn));
cn = ldb_msg_find_attr_as_string(res[c], SYSDB_NAME, NULL);
if (cn == NULL) {
DEBUG(1, ("Missing name.\n"));
return EINVAL;
}
dn_item->cn = talloc_strdup(dn_item, cn);
break;
}
}
if (dn_item->cn == NULL) {
not_resolved = true;
}
}
*all_resolved = !not_resolved;
return EOK;
}
static NTSTATUS unbecomeDC_ldap_rootdse(struct libnet_UnbecomeDC_state *s)
{
int ret;
struct ldb_result *r;
struct ldb_dn *basedn;
static const char *attrs[] = {
"defaultNamingContext",
"configurationNamingContext",
NULL
};
basedn = ldb_dn_new(s, s->ldap.ldb, NULL);
NT_STATUS_HAVE_NO_MEMORY(basedn);
ret = ldb_search(s->ldap.ldb, s, &r, basedn, LDB_SCOPE_BASE, attrs,
"(objectClass=*)");
talloc_free(basedn);
if (ret != LDB_SUCCESS) {
return NT_STATUS_LDAP(ret);
} else if (r->count != 1) {
talloc_free(r);
return NT_STATUS_INVALID_NETWORK_RESPONSE;
}
s->domain.dn_str = ldb_msg_find_attr_as_string(r->msgs[0], "defaultNamingContext", NULL);
if (!s->domain.dn_str) return NT_STATUS_INVALID_NETWORK_RESPONSE;
talloc_steal(s, s->domain.dn_str);
s->forest.config_dn_str = ldb_msg_find_attr_as_string(r->msgs[0], "configurationNamingContext", NULL);
if (!s->forest.config_dn_str) return NT_STATUS_INVALID_NETWORK_RESPONSE;
talloc_steal(s, s->forest.config_dn_str);
s->dest_dsa.server_dn_str = talloc_asprintf(s, "CN=%s,CN=Servers,CN=%s,CN=Sites,%s",
s->dest_dsa.netbios_name,
s->dest_dsa.site_name,
s->forest.config_dn_str);
NT_STATUS_HAVE_NO_MEMORY(s->dest_dsa.server_dn_str);
talloc_free(r);
return NT_STATUS_OK;
}
static bool
is_posix(const struct ldb_message *group)
{
const char *val;
val = ldb_msg_find_attr_as_string(group, SYSDB_POSIX, NULL);
if (!val || /* Groups are posix by default */
strcasecmp(val, "TRUE") == 0) {
return true;
}
return false;
}
/* Printer Form functions */
static WERROR sptr_GetPrinterForm(struct ntptr_GenericHandle *printer, TALLOC_CTX *mem_ctx,
struct spoolss_GetForm *r)
{
struct ldb_context *sptr_db = talloc_get_type(printer->ntptr->private_data, struct ldb_context);
struct ldb_message **msgs;
struct ldb_dn *base_dn;
int count;
union spoolss_FormInfo *info;
/* TODO: do checks access here
* if (!(printer->access_mask & desired_access)) {
* return WERR_FOOBAR;
* }
*/
base_dn = ldb_dn_new_fmt(mem_ctx, sptr_db, "CN=Forms,CN=%s,CN=Printers", printer->object_name);
W_ERROR_HAVE_NO_MEMORY(base_dn);
count = sptr_db_search(sptr_db, mem_ctx, base_dn, &msgs, NULL,
"(&(form-name=%s)(objectClass=form))",
r->in.form_name);
if (count == 0) return WERR_FOOBAR;
if (count > 1) return WERR_FOOBAR;
if (count < 0) return WERR_GENERAL_FAILURE;
info = talloc(mem_ctx, union spoolss_FormInfo);
W_ERROR_HAVE_NO_MEMORY(info);
switch (r->in.level) {
case 1:
info->info1.flags = ldb_msg_find_attr_as_uint(msgs[0], "flags", SPOOLSS_FORM_BUILTIN);
info->info1.form_name = ldb_msg_find_attr_as_string(msgs[0], "form-name", NULL);
W_ERROR_HAVE_NO_MEMORY(info->info1.form_name);
info->info1.size.width = ldb_msg_find_attr_as_uint(msgs[0], "size-width", 0);
info->info1.size.height = ldb_msg_find_attr_as_uint(msgs[0], "size-height", 0);
info->info1.area.left = ldb_msg_find_attr_as_uint(msgs[0], "area-left", 0);
info->info1.area.top = ldb_msg_find_attr_as_uint(msgs[0], "area-top", 0);
info->info1.area.right = ldb_msg_find_attr_as_uint(msgs[0], "area-right", 0);
info->info1.area.bottom = ldb_msg_find_attr_as_uint(msgs[0], "area-bottom", 0);
break;
default:
return WERR_UNKNOWN_LEVEL;
}
r->out.info = info;
return WERR_OK;
}
/**
* Find out user's samAccountName for given
* user RDN. We need samAccountName value
* when deleting users.
*/
static bool _get_account_name_for_user_rdn(struct torture_context *tctx,
const char *user_rdn,
TALLOC_CTX *mem_ctx,
const char **_account_name)
{
const char *url;
struct ldb_context *ldb;
TALLOC_CTX *tmp_ctx;
bool test_res = true;
const char *hostname = torture_setting_string(tctx, "host", NULL);
int ldb_ret;
struct ldb_result *ldb_res;
const char *account_name = NULL;
static const char *attrs[] = {
"samAccountName",
NULL
};
torture_assert(tctx, hostname != NULL, "Failed to get hostname");
tmp_ctx = talloc_new(tctx);
torture_assert(tctx, tmp_ctx != NULL, "Failed to create temporary mem context");
url = talloc_asprintf(tmp_ctx, "ldap://%s/", hostname);
torture_assert_goto(tctx, url != NULL, test_res, done, "Failed to allocate URL for ldb");
ldb = ldb_wrap_connect(tmp_ctx,
tctx->ev, tctx->lp_ctx,
url, NULL, cmdline_credentials, 0);
torture_assert_goto(tctx, ldb != NULL, test_res, done, "Failed to make LDB connection");
ldb_ret = ldb_search(ldb, tmp_ctx, &ldb_res,
ldb_get_default_basedn(ldb), LDB_SCOPE_SUBTREE,
attrs,
"(&(objectClass=user)(name=%s))", user_rdn);
if (LDB_SUCCESS == ldb_ret && 1 == ldb_res->count) {
account_name = ldb_msg_find_attr_as_string(ldb_res->msgs[0], "samAccountName", NULL);
}
/* return user_rdn by default */
if (!account_name) {
account_name = user_rdn;
}
/* duplicate memory in parent context */
*_account_name = talloc_strdup(mem_ctx, account_name);
done:
talloc_free(tmp_ctx);
return test_res;
}
char *keytab_name_from_msg(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, struct ldb_message *msg)
{
const char *krb5keytab = ldb_msg_find_attr_as_string(msg, "krb5Keytab", NULL);
if (krb5keytab) {
return talloc_strdup(mem_ctx, krb5keytab);
} else {
char *file_keytab;
char *relative_path;
const char *privateKeytab = ldb_msg_find_attr_as_string(msg, "privateKeytab", NULL);
if (!privateKeytab) {
return NULL;
}
relative_path = ldb_relative_path(ldb, mem_ctx, privateKeytab);
if (!relative_path) {
return NULL;
}
file_keytab = talloc_asprintf(mem_ctx, "FILE:%s", relative_path);
talloc_free(relative_path);
return file_keytab;
}
return NULL;
}
char * ifp_groups_build_path_from_msg(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
struct ldb_message *msg)
{
const char *gid;
gid = ldb_msg_find_attr_as_string(msg, SYSDB_GIDNUM, NULL);
if (gid == NULL) {
return NULL;
}
return sbus_opath_compose(mem_ctx, IFP_PATH_GROUPS, domain->name, gid);
}
static void do_pam_acct_mgmt(struct LOCAL_request *lreq)
{
const char *disabled;
struct pam_data *pd;
pd = lreq->preq->pd;
disabled = ldb_msg_find_attr_as_string(lreq->res->msgs[0],
SYSDB_DISABLED, NULL);
if ((disabled != NULL) &&
(strncasecmp(disabled, "false",5) != 0) &&
(strncasecmp(disabled, "no",2) != 0) ) {
pd->pam_status = PAM_PERM_DENIED;
}
}
/**
\details Initialize and open a message object
\param mem_ctx pointer to the memory context to use for allocation
\param ldb_ctx pointer to the ldb context
\param messageID the identifier of the message to open
\param folderID the identifier of the folder where the message is stored
\param message_object pointer on pointer to the message object to return
\param msgp pointer on pointer to the mapistore message to return
\return MAPI_E_SUCCESS on success, otherwise MAPISTORE error
*/
_PUBLIC_ enum MAPISTATUS openchangedb_message_open(TALLOC_CTX *mem_ctx, struct ldb_context *ldb_ctx,
uint64_t messageID, uint64_t folderID,
void **message_object, void **msgp)
{
struct mapistore_message *mmsg;
struct openchangedb_message *msg;
const char * const attrs[] = { "*", NULL };
int ret;
char *ldb_filter;
/* Sanity checks */
OPENCHANGE_RETVAL_IF(!ldb_ctx, MAPI_E_NOT_INITIALIZED, NULL);
OPENCHANGE_RETVAL_IF(!message_object, MAPI_E_NOT_INITIALIZED, NULL);
msg = talloc_zero(mem_ctx, struct openchangedb_message);
if (!msg) {
return MAPI_E_NOT_ENOUGH_MEMORY;
}
printf("openchangedb_message_open: folderID=%"PRIu64" messageID=%"PRIu64"\n", folderID, messageID);
msg->status = OPENCHANGEDB_MESSAGE_OPEN;
msg->folderID = folderID;
msg->messageID = messageID;
msg->ldb_ctx = ldb_ctx;
msg->msg = NULL;
msg->res = NULL;
/* Open the message and load results */
ldb_filter = talloc_asprintf(mem_ctx, "(&(PidTagParentFolderId=%"PRIu64")(PidTagMessageId=%"PRIu64"))", folderID, messageID);
ret = ldb_search(ldb_ctx, (TALLOC_CTX *)msg, &msg->res, ldb_get_default_basedn(ldb_ctx),
LDB_SCOPE_SUBTREE, attrs, ldb_filter, NULL);
printf("We have found: %d messages for ldb_filter = %s\n", msg->res->count, ldb_filter);
talloc_free(ldb_filter);
OPENCHANGE_RETVAL_IF(ret != LDB_SUCCESS || !msg->res->count, MAPI_E_NOT_FOUND, msg);
*message_object = (void *)msg;
if (msgp) {
mmsg = talloc_zero(mem_ctx, struct mapistore_message);
mmsg->subject_prefix = NULL;
mmsg->normalized_subject = (char *)ldb_msg_find_attr_as_string(msg->res->msgs[0], "PidTagNormalizedSubject", NULL);
mmsg->columns = NULL;
mmsg->recipients_count = 0;
mmsg->recipients = NULL;
*msgp = (void *)mmsg;
}
return MAPI_E_SUCCESS;
}
static NTSTATUS sldb_list_all(TALLOC_CTX *mem_ctx,
struct share_context *ctx,
int *count,
const char ***names)
{
int ret, i, j;
const char **n;
struct ldb_context *ldb;
struct ldb_result *res;
TALLOC_CTX *tmp_ctx;
tmp_ctx = talloc_new(mem_ctx);
if (!tmp_ctx) {
DEBUG(0,("ERROR: Out of memory!\n"));
return NT_STATUS_NO_MEMORY;
}
ldb = talloc_get_type(ctx->priv_data, struct ldb_context);
ret = ldb_search(ldb, tmp_ctx, &res, ldb_dn_new(tmp_ctx, ldb, "CN=SHARES"),
LDB_SCOPE_SUBTREE, NULL, "(name=*)");
if (ret != LDB_SUCCESS) {
talloc_free(tmp_ctx);
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
n = talloc_array(mem_ctx, const char *, res->count);
if (!n) {
DEBUG(0,("ERROR: Out of memory!\n"));
talloc_free(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
for (i = 0, j = 0; i < res->count; i++) {
n[j] = talloc_strdup(n, ldb_msg_find_attr_as_string(res->msgs[i], "name", NULL));
if (!n[j]) {
DEBUG(0,("WARNING: Malformed share object in share database\n!"));
continue;
}
j++;
}
*names = n;
*count = j;
talloc_free(tmp_ctx);
return NT_STATUS_OK;
}
static errno_t krb5_auth_prepare_ccache_name(struct krb5child_req *kr,
struct ldb_message *user_msg,
struct be_ctx *be_ctx)
{
const char *ccname_template;
switch (kr->dom->type) {
case DOM_TYPE_POSIX:
ccname_template = dp_opt_get_cstring(kr->krb5_ctx->opts, KRB5_CCNAME_TMPL);
kr->ccname = expand_ccname_template(kr, kr, ccname_template,
kr->krb5_ctx->illegal_path_re, true,
be_ctx->domain->case_sensitive);
if (kr->ccname == NULL) {
DEBUG(SSSDBG_CRIT_FAILURE, "expand_ccname_template failed.\n");
return ENOMEM;
}
kr->old_ccname = ldb_msg_find_attr_as_string(user_msg,
SYSDB_CCACHE_FILE, NULL);
if (kr->old_ccname == NULL) {
DEBUG(SSSDBG_TRACE_LIBS,
"No ccache file for user [%s] found.\n", kr->pd->user);
}
break;
case DOM_TYPE_APPLICATION:
DEBUG(SSSDBG_TRACE_FUNC,
"Domain type application, will use in-memory ccache\n");
/* We don't care about using cryptographic randomness, just
* a non-predictable ccname, so using rand() here is fine
*/
kr->ccname = talloc_asprintf(kr,
NON_POSIX_CCNAME_FMT,
rand() % UINT_MAX);
if (kr->ccname == NULL) {
DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n");
return ENOMEM;
}
break;
default:
DEBUG(SSSDBG_FATAL_FAILURE, "Unsupported domain type\n");
return EINVAL;
}
return EOK;
}
int sysdb_getgrnam_sync(TALLOC_CTX *mem_ctx,
const char *name,
struct ops_ctx *out)
{
struct ldb_result *res;
const char *str;
int ret;
out->sysdb_fqname = sss_create_internal_fqname(out, name,
out->domain->name);
if (out->sysdb_fqname == NULL) {
return ENOMEM;
}
ret = sysdb_getgrnam(mem_ctx, out->domain, out->sysdb_fqname, &res);
if (ret) {
return ret;
}
switch (res->count) {
case 0:
DEBUG(SSSDBG_CRIT_FAILURE, "No result for sysdb_getgrnam call\n");
return ENOENT;
case 1:
/* fill ops_ctx */
out->gid = ldb_msg_find_attr_as_uint64(res->msgs[0], SYSDB_GIDNUM, 0);
str = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_NAME, NULL);
ret = sss_parse_internal_fqname(out, str, &out->name, NULL);
if (ret != EOK) {
return ENOMEM;
}
if (out->name == NULL) {
return ENOMEM;
}
break;
default:
DEBUG(SSSDBG_CRIT_FAILURE,
"More than one result for sysdb_getgrnam call\n");
return EIO;
}
return EOK;
}
static KerberosTime ldb_msg_find_krb5time_ldap_time(struct ldb_message *msg, const char *attr, KerberosTime default_val)
{
const char *tmp;
const char *gentime;
struct tm tm;
gentime = ldb_msg_find_attr_as_string(msg, attr, NULL);
if (!gentime)
return default_val;
tmp = strptime(gentime, "%Y%m%d%H%M%SZ", &tm);
if (tmp == NULL) {
return default_val;
}
return timegm(&tm);
}
/*
return the default DN for a ldap server given a connected RPC pipe to the
server
*/
static const char *torture_get_ldap_base_dn(struct torture_context *tctx, struct dcerpc_pipe *p)
{
const char *hostname = p->binding->host;
struct ldb_context *ldb;
const char *ldap_url = talloc_asprintf(p, "ldap://%s", hostname);
const char *attrs[] = { "defaultNamingContext", NULL };
const char *dnstr;
TALLOC_CTX *tmp_ctx = talloc_new(tctx);
int ret;
struct ldb_result *res;
ldb = ldb_init(tmp_ctx, tctx->ev);
if (ldb == NULL) {
talloc_free(tmp_ctx);
return NULL;
}
if (ldb_set_opaque(ldb, "loadparm", tctx->lp_ctx)) {
talloc_free(ldb);
return NULL;
}
ldb_set_modules_dir(ldb,
modules_path(ldb, "ldb"));
ret = ldb_connect(ldb, ldap_url, 0, NULL);
if (ret != LDB_SUCCESS) {
torture_comment(tctx, "Failed to make LDB connection to target");
talloc_free(tmp_ctx);
return NULL;
}
ret = dsdb_search_dn(ldb, tmp_ctx, &res, ldb_dn_new(tmp_ctx, ldb, ""),
attrs, 0);
if (ret != LDB_SUCCESS) {
torture_comment(tctx, "Failed to get defaultNamingContext");
talloc_free(tmp_ctx);
return NULL;
}
dnstr = ldb_msg_find_attr_as_string(res->msgs[0], "defaultNamingContext", NULL);
dnstr = talloc_strdup(tctx, dnstr);
talloc_free(tmp_ctx);
return dnstr;
}
/* PrintServer Form functions */
static WERROR sptr_EnumPrintServerForms(struct ntptr_GenericHandle *server, TALLOC_CTX *mem_ctx,
struct spoolss_EnumForms *r)
{
struct ldb_context *sptr_db = talloc_get_type(server->ntptr->private_data, struct ldb_context);
struct ldb_message **msgs;
int count;
int i;
union spoolss_FormInfo *info;
count = sptr_db_search(sptr_db, mem_ctx,
ldb_dn_new(mem_ctx, sptr_db, "CN=Forms,CN=PrintServer"),
&msgs, NULL, "(&(objectClass=form))");
if (count == 0) return WERR_OK;
if (count < 0) return WERR_GENERAL_FAILURE;
info = talloc_array(mem_ctx, union spoolss_FormInfo, count);
W_ERROR_HAVE_NO_MEMORY(info);
switch (r->in.level) {
case 1:
for (i=0; i < count; i++) {
info[i].info1.flags = ldb_msg_find_attr_as_uint(msgs[i], "flags", SPOOLSS_FORM_BUILTIN);
info[i].info1.form_name = ldb_msg_find_attr_as_string(msgs[i], "form-name", NULL);
W_ERROR_HAVE_NO_MEMORY(info[i].info1.form_name);
info[i].info1.size.width = ldb_msg_find_attr_as_uint(msgs[i], "size-width", 0);
info[i].info1.size.height = ldb_msg_find_attr_as_uint(msgs[i], "size-height", 0);
info[i].info1.area.left = ldb_msg_find_attr_as_uint(msgs[i], "area-left", 0);
info[i].info1.area.top = ldb_msg_find_attr_as_uint(msgs[i], "area-top", 0);
info[i].info1.area.right = ldb_msg_find_attr_as_uint(msgs[i], "area-right", 0);
info[i].info1.area.bottom = ldb_msg_find_attr_as_uint(msgs[i], "area-bottom", 0);
}
break;
default:
return WERR_UNKNOWN_LEVEL;
}
*r->out.info = info;
*r->out.count = count;
return WERR_OK;
}
