/* Not sure what this has to be,
* and it does not seem to have any influence */
static bool object_in_list(struct GUID *object_list, struct GUID *object)
{
size_t i;
if (object_list == NULL) {
return true;
}
if (GUID_all_zero(object)) {
return true;
}
for (i=0; ; i++) {
if (GUID_all_zero(&object_list[i])) {
return false;
}
if (!GUID_equal(&object_list[i], object)) {
continue;
}
return true;
}
return false;
}
struct object_tree * insert_in_object_tree(TALLOC_CTX *mem_ctx,
const struct GUID *schemaGUIDID,
const struct GUID *attributeSecurityGUID,
uint32_t init_access,
struct object_tree *root)
{
struct object_tree * parent = NULL;
struct object_tree * new_node;
new_node = talloc(mem_ctx, struct object_tree);
if (!new_node)
return NULL;
memset(new_node, 0, sizeof(struct object_tree));
new_node->remaining_access = init_access;
if (!root){
memcpy(&new_node->guid, schemaGUIDID, sizeof(struct GUID));
return new_node;
}
if (attributeSecurityGUID && !GUID_all_zero(attributeSecurityGUID)){
parent = get_object_tree_by_GUID(root, attributeSecurityGUID);
memcpy(&new_node->guid, attributeSecurityGUID, sizeof(struct GUID));
}
else
memcpy(&new_node->guid, schemaGUIDID, sizeof(struct GUID));
if (!parent)
parent = root;
new_node->remaining_access = init_access;
DLIST_ADD(parent, new_node);
return new_node;
}
/*
form a binding string from a binding structure
*/
_PUBLIC_ char *dcerpc_binding_string(TALLOC_CTX *mem_ctx, const struct dcerpc_binding *b)
{
char *s = talloc_strdup(mem_ctx, "");
int i;
const char *t_name = NULL;
if (b->transport != NCA_UNKNOWN) {
t_name = derpc_transport_string_by_transport(b->transport);
if (!t_name) {
return NULL;
}
}
if (!GUID_all_zero(&b->object.uuid)) {
s = talloc_asprintf(s, "%s@",
GUID_string(mem_ctx, &b->object.uuid));
}
if (t_name != NULL) {
s = talloc_asprintf_append_buffer(s, "%s:", t_name);
if (s == NULL) {
return NULL;
}
}
if (b->host) {
s = talloc_asprintf_append_buffer(s, "%s", b->host);
}
if (!b->endpoint && !b->options && !b->flags) {
return s;
}
s = talloc_asprintf_append_buffer(s, "[");
if (b->endpoint) {
s = talloc_asprintf_append_buffer(s, "%s", b->endpoint);
}
/* this is a *really* inefficent way of dealing with strings,
but this is rarely called and the strings are always short,
so I don't care */
for (i=0;b->options && b->options[i];i++) {
s = talloc_asprintf_append_buffer(s, ",%s", b->options[i]);
if (!s) return NULL;
}
for (i=0;i<ARRAY_SIZE(ncacn_options);i++) {
if (b->flags & ncacn_options[i].flag) {
s = talloc_asprintf_append_buffer(s, ",%s", ncacn_options[i].name);
if (!s) return NULL;
}
}
s = talloc_asprintf_append_buffer(s, "]");
return s;
}
static enum winbindd_result dual_dsgetdcname(struct winbindd_domain *domain,
struct winbindd_cli_state *state)
{
NTSTATUS result;
struct netr_DsRGetDCNameInfo *info = NULL;
uint32_t ds_flags = 0;
struct GUID guid, *guid_ptr = NULL;
const char *guid_str = NULL;
state->request.data.dsgetdcname.domain_name
[sizeof(state->request.data.dsgetdcname.domain_name)-1] = '\0';
state->request.data.dsgetdcname.site_name
[sizeof(state->request.data.dsgetdcname.site_name)-1] = '\0';
state->request.data.dsgetdcname.domain_guid
[sizeof(state->request.data.dsgetdcname.domain_guid)-1] = '\0';
DEBUG(3, ("[%5lu]: dsgetdcname for %s\n", (unsigned long)state->pid,
state->request.data.dsgetdcname.domain_name));
ds_flags = get_dsgetdc_flags(state->request.flags);
result = GUID_from_string(state->request.data.dsgetdcname.domain_guid,
&guid);
if (NT_STATUS_IS_OK(result) && !GUID_all_zero(&guid)) {
guid_ptr = &guid;
}
result = dsgetdcname(state->mem_ctx,
winbind_messaging_context(),
state->request.data.dsgetdcname.domain_name,
guid_ptr,
state->request.data.dsgetdcname.site_name,
ds_flags,
&info);
if (!NT_STATUS_IS_OK(result)) {
return WINBINDD_ERROR;
}
guid_str = GUID_string(state->mem_ctx, &info->domain_guid);
if (!guid_str) {
return WINBINDD_ERROR;
}
fstrcpy(state->response.data.dsgetdcname.dc_unc, info->dc_unc);
fstrcpy(state->response.data.dsgetdcname.dc_address, info->dc_address);
state->response.data.dsgetdcname.dc_address_type = info->dc_address_type;
fstrcpy(state->response.data.dsgetdcname.domain_guid, guid_str);
fstrcpy(state->response.data.dsgetdcname.domain_name, info->domain_name);
fstrcpy(state->response.data.dsgetdcname.forest_name, info->forest_name);
state->response.data.dsgetdcname.dc_flags = info->dc_flags;
fstrcpy(state->response.data.dsgetdcname.dc_site_name, info->dc_site_name);
fstrcpy(state->response.data.dsgetdcname.client_site_name, info->client_site_name);
return WINBINDD_OK;
}
static bool createkey_out_check(struct torture_context *tctx,
struct winreg_CreateKey *r)
{
torture_assert(tctx, GUID_all_zero(&r->out.new_handle->uuid), "new_handle");
torture_assert(tctx, r->out.action_taken == NULL, "action_taken pointer");
torture_assert_werr_equal(tctx, r->out.result, WERR_INVALID_PARAM,
"return code");
return true;
}
static int acl_check_access_on_attribute(struct ldb_module *module,
TALLOC_CTX *mem_ctx,
struct security_descriptor *sd,
struct dom_sid *rp_sid,
uint32_t access,
struct dsdb_attribute *attr)
{
int ret;
NTSTATUS status;
uint32_t access_granted;
struct object_tree *root = NULL;
struct object_tree *new_node = NULL;
TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
struct security_token *token = acl_user_token(module);
if (attr) {
if (!GUID_all_zero(&attr->attributeSecurityGUID)) {
if (!insert_in_object_tree(tmp_ctx,
&attr->attributeSecurityGUID, access,
&root, &new_node)) {
DEBUG(10, ("acl_search: cannot add to object tree securityGUID\n"));
goto fail;
}
if (!insert_in_object_tree(tmp_ctx,
&attr->schemaIDGUID, access, &new_node, &new_node)) {
DEBUG(10, ("acl_search: cannot add to object tree attributeGUID\n"));
goto fail;
}
}
else {
if (!insert_in_object_tree(tmp_ctx,
&attr->schemaIDGUID, access, &root, &new_node)) {
DEBUG(10, ("acl_search: cannot add to object tree attributeGUID\n"));
goto fail;
}
}
}
status = sec_access_check_ds(sd, token,
access,
&access_granted,
root,
rp_sid);
if (!NT_STATUS_IS_OK(status)) {
ret = LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
}
else {
ret = LDB_SUCCESS;
}
return ret;
fail:
return LDB_ERR_OPERATIONS_ERROR;
}
/*
make sure we only add repsFrom entries for DCs who are masters for
the partition
*/
static bool check_MasterNC(struct kccsrv_partition *p, struct repsFromToBlob *r,
struct ldb_result *res)
{
struct repsFromTo1 *r1 = &r->ctr.ctr1;
struct GUID invocation_id = r1->source_dsa_invocation_id;
unsigned int i, j;
/* we are expecting only version 1 */
SMB_ASSERT(r->version == 1);
for (i=0; i<res->count; i++) {
struct ldb_message *msg = res->msgs[i];
struct ldb_message_element *el;
struct ldb_dn *dn;
struct GUID id2 = samdb_result_guid(msg, "invocationID");
if (GUID_all_zero(&id2) ||
!GUID_equal(&invocation_id, &id2)) {
continue;
}
el = ldb_msg_find_element(msg, "msDS-hasMasterNCs");
if (!el || el->num_values == 0) {
el = ldb_msg_find_element(msg, "hasMasterNCs");
if (!el || el->num_values == 0) {
continue;
}
}
for (j=0; j<el->num_values; j++) {
dn = ldb_dn_from_ldb_val(p, p->service->samdb, &el->values[j]);
if (!ldb_dn_validate(dn)) {
talloc_free(dn);
continue;
}
if (ldb_dn_compare(dn, p->dn) == 0) {
talloc_free(dn);
DEBUG(5,("%s %s match on %s in %s\n",
r1->other_info->dns_name,
el->name,
ldb_dn_get_linearized(dn),
ldb_dn_get_linearized(msg->dn)));
return true;
}
talloc_free(dn);
}
}
return false;
}
NTSTATUS smb2srv_open_lookup_replay_cache(struct smbXsrv_connection *conn,
const struct GUID *create_guid,
NTTIME now, /* TODO: needed ? */
struct smbXsrv_open **_open)
{
NTSTATUS status;
char *guid_string;
struct GUID_txt_buf buf;
uint32_t local_id = 0;
struct smbXsrv_open_table *table = conn->client->open_table;
struct db_context *db = table->local.replay_cache_db_ctx;
if (GUID_all_zero(create_guid)) {
return NT_STATUS_NOT_FOUND;
}
guid_string = GUID_buf_string(create_guid, &buf);
if (guid_string == NULL) {
return NT_STATUS_INVALID_PARAMETER;
}
status = dbwrap_fetch_uint32_bystring(db, guid_string, &local_id);
if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
return status;
}
if (!NT_STATUS_IS_OK(status)) {
DBG_ERR("failed to fetch local_id from replay cache: %s\n",
nt_errstr(status));
return status;
}
status = smbXsrv_open_local_lookup(table, local_id, 0, /* global_id */
now, _open);
if (!NT_STATUS_IS_OK(status)) {
DBG_ERR("smbXsrv_open_local_lookup failed for local_id %u\n",
(unsigned)local_id);
}
return status;
}
_PUBLIC_ NTSTATUS dcerpc_binding_set_object(struct dcerpc_binding *b,
struct GUID object)
{
char *tmp = discard_const_p(char, b->object_string);
if (GUID_all_zero(&object)) {
talloc_free(tmp);
b->object_string = NULL;
ZERO_STRUCT(b->object);
return NT_STATUS_OK;
}
b->object_string = GUID_string(b, &object);
if (b->object_string == NULL) {
b->object_string = tmp;
return NT_STATUS_NO_MEMORY;
}
talloc_free(tmp);
b->object = object;
return NT_STATUS_OK;
}
static PyObject *py_dsdb_set_ntds_invocation_id(PyObject *self, PyObject *args)
{
PyObject *py_ldb, *py_guid;
bool ret;
struct GUID guid;
struct ldb_context *ldb;
if (!PyArg_ParseTuple(args, "OO", &py_ldb, &py_guid))
return NULL;
PyErr_LDB_OR_RAISE(py_ldb, ldb);
GUID_from_string(PyString_AsString(py_guid), &guid);
if (GUID_all_zero(&guid)) {
PyErr_SetString(PyExc_RuntimeError, "set_ntds_invocation_id rejected due to all-zero invocation ID");
return NULL;
}
ret = samdb_set_ntds_invocation_id(ldb, &guid);
if (!ret) {
PyErr_SetString(PyExc_RuntimeError, "set_ntds_invocation_id failed");
return NULL;
}
Py_RETURN_NONE;
}
NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req)
{
struct smbXsrv_connection *xconn = req->xconn;
NTSTATUS status;
const uint8_t *inbody;
const uint8_t *indyn = NULL;
DATA_BLOB outbody;
DATA_BLOB outdyn;
DATA_BLOB negprot_spnego_blob;
uint16_t security_offset;
DATA_BLOB security_buffer;
size_t expected_dyn_size = 0;
size_t c;
uint16_t security_mode;
uint16_t dialect_count;
uint16_t in_security_mode;
uint32_t in_capabilities;
DATA_BLOB in_guid_blob;
struct GUID in_guid;
struct smb2_negotiate_contexts in_c = { .num_contexts = 0, };
struct smb2_negotiate_context *in_preauth = NULL;
struct smb2_negotiate_context *in_cipher = NULL;
struct smb2_negotiate_contexts out_c = { .num_contexts = 0, };
DATA_BLOB out_negotiate_context_blob = data_blob_null;
uint32_t out_negotiate_context_offset = 0;
uint16_t out_negotiate_context_count = 0;
uint16_t dialect = 0;
uint32_t capabilities;
DATA_BLOB out_guid_blob;
struct GUID out_guid;
enum protocol_types protocol = PROTOCOL_NONE;
uint32_t max_limit;
uint32_t max_trans = lp_smb2_max_trans();
uint32_t max_read = lp_smb2_max_read();
uint32_t max_write = lp_smb2_max_write();
NTTIME now = timeval_to_nttime(&req->request_time);
bool signing_required = true;
bool ok;
status = smbd_smb2_request_verify_sizes(req, 0x24);
if (!NT_STATUS_IS_OK(status)) {
return smbd_smb2_request_error(req, status);
}
inbody = SMBD_SMB2_IN_BODY_PTR(req);
dialect_count = SVAL(inbody, 0x02);
in_security_mode = SVAL(inbody, 0x04);
in_capabilities = IVAL(inbody, 0x08);
in_guid_blob = data_blob_const(inbody + 0x0C, 16);
if (dialect_count == 0) {
return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
}
status = GUID_from_ndr_blob(&in_guid_blob, &in_guid);
if (!NT_STATUS_IS_OK(status)) {
return smbd_smb2_request_error(req, status);
}
expected_dyn_size = dialect_count * 2;
if (SMBD_SMB2_IN_DYN_LEN(req) < expected_dyn_size) {
return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
}
indyn = SMBD_SMB2_IN_DYN_PTR(req);
protocol = smbd_smb2_protocol_dialect_match(indyn,
dialect_count,
&dialect);
for (c=0; protocol == PROTOCOL_NONE && c < dialect_count; c++) {
if (lp_server_max_protocol() < PROTOCOL_SMB2_10) {
break;
}
dialect = SVAL(indyn, c*2);
if (dialect == SMB2_DIALECT_REVISION_2FF) {
if (xconn->smb2.allow_2ff) {
xconn->smb2.allow_2ff = false;
protocol = PROTOCOL_SMB2_10;
break;
}
}
}
if (protocol == PROTOCOL_NONE) {
return smbd_smb2_request_error(req, NT_STATUS_NOT_SUPPORTED);
}
if (protocol >= PROTOCOL_SMB3_10) {
uint32_t in_negotiate_context_offset = 0;
uint16_t in_negotiate_context_count = 0;
DATA_BLOB in_negotiate_context_blob = data_blob_null;
size_t ofs;
in_negotiate_context_offset = IVAL(inbody, 0x1C);
in_negotiate_context_count = SVAL(inbody, 0x20);
ofs = SMB2_HDR_BODY;
ofs += SMBD_SMB2_IN_BODY_LEN(req);
ofs += expected_dyn_size;
if ((ofs % 8) != 0) {
ofs += 8 - (ofs % 8);
}
if (in_negotiate_context_offset != ofs) {
return smbd_smb2_request_error(req,
NT_STATUS_INVALID_PARAMETER);
}
ofs -= SMB2_HDR_BODY;
ofs -= SMBD_SMB2_IN_BODY_LEN(req);
if (SMBD_SMB2_IN_DYN_LEN(req) < ofs) {
return smbd_smb2_request_error(req,
NT_STATUS_INVALID_PARAMETER);
}
in_negotiate_context_blob = data_blob_const(indyn,
SMBD_SMB2_IN_DYN_LEN(req));
in_negotiate_context_blob.data += ofs;
in_negotiate_context_blob.length -= ofs;
status = smb2_negotiate_context_parse(req,
in_negotiate_context_blob, &in_c);
if (!NT_STATUS_IS_OK(status)) {
return smbd_smb2_request_error(req, status);
}
if (in_negotiate_context_count != in_c.num_contexts) {
return smbd_smb2_request_error(req,
NT_STATUS_INVALID_PARAMETER);
}
}
if ((dialect != SMB2_DIALECT_REVISION_2FF) &&
(protocol >= PROTOCOL_SMB2_10) &&
!GUID_all_zero(&in_guid))
{
ok = remote_arch_cache_update(&in_guid);
if (!ok) {
return smbd_smb2_request_error(
req, NT_STATUS_UNSUCCESSFUL);
}
}
switch (get_remote_arch()) {
case RA_VISTA:
case RA_SAMBA:
case RA_CIFSFS:
case RA_OSX:
break;
default:
set_remote_arch(RA_VISTA);
break;
}
fstr_sprintf(remote_proto, "SMB%X_%02X",
(dialect >> 8) & 0xFF, dialect & 0xFF);
reload_services(req->sconn, conn_snum_used, true);
DEBUG(3,("Selected protocol %s\n", remote_proto));
in_preauth = smb2_negotiate_context_find(&in_c,
SMB2_PREAUTH_INTEGRITY_CAPABILITIES);
if (protocol >= PROTOCOL_SMB3_10 && in_preauth == NULL) {
return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
}
in_cipher = smb2_negotiate_context_find(&in_c,
SMB2_ENCRYPTION_CAPABILITIES);
/* negprot_spnego() returns a the server guid in the first 16 bytes */
negprot_spnego_blob = negprot_spnego(req, xconn);
if (negprot_spnego_blob.data == NULL) {
return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
}
if (negprot_spnego_blob.length < 16) {
return smbd_smb2_request_error(req, NT_STATUS_INTERNAL_ERROR);
}
security_mode = SMB2_NEGOTIATE_SIGNING_ENABLED;
/*
* We use xconn->smb1.signing_state as that's already present
* and used lpcfg_server_signing_allowed() to get the correct
* defaults, e.g. signing_required for an ad_dc.
*/
signing_required = smb_signing_is_mandatory(xconn->smb1.signing_state);
if (signing_required) {
security_mode |= SMB2_NEGOTIATE_SIGNING_REQUIRED;
}
capabilities = 0;
if (lp_host_msdfs()) {
capabilities |= SMB2_CAP_DFS;
}
if (protocol >= PROTOCOL_SMB2_10 &&
lp_smb2_leases() &&
lp_oplocks(GLOBAL_SECTION_SNUM) &&
!lp_kernel_oplocks(GLOBAL_SECTION_SNUM))
{
capabilities |= SMB2_CAP_LEASING;
}
if ((protocol >= PROTOCOL_SMB2_24) &&
(lp_smb_encrypt(-1) != SMB_SIGNING_OFF) &&
(in_capabilities & SMB2_CAP_ENCRYPTION)) {
capabilities |= SMB2_CAP_ENCRYPTION;
}
/*
* 0x10000 (65536) is the maximum allowed message size
* for SMB 2.0
*/
max_limit = 0x10000;
if (protocol >= PROTOCOL_SMB2_10) {
int p = 0;
if (tsocket_address_is_inet(req->sconn->local_address, "ip")) {
p = tsocket_address_inet_port(req->sconn->local_address);
}
/* largeMTU is not supported over NBT (tcp port 139) */
if (p != NBT_SMB_PORT) {
capabilities |= SMB2_CAP_LARGE_MTU;
xconn->smb2.credits.multicredit = true;
/*
* We allow up to almost 16MB.
*
* The maximum PDU size is 0xFFFFFF (16776960)
* and we need some space for the header.
*/
max_limit = 0xFFFF00;
}
}
/*
* the defaults are 8MB, but we'll limit this to max_limit based on
* the dialect (64kb for SMB 2.0, 8MB for SMB >= 2.1 with LargeMTU)
*
* user configured values exceeding the limits will be overwritten,
* only smaller values will be accepted
*/
max_trans = MIN(max_limit, lp_smb2_max_trans());
max_read = MIN(max_limit, lp_smb2_max_read());
max_write = MIN(max_limit, lp_smb2_max_write());
if (in_preauth != NULL) {
size_t needed = 4;
uint16_t hash_count;
uint16_t salt_length;
uint16_t selected_preauth = 0;
const uint8_t *p;
uint8_t buf[38];
DATA_BLOB b;
size_t i;
if (in_preauth->data.length < needed) {
return smbd_smb2_request_error(req,
NT_STATUS_INVALID_PARAMETER);
}
hash_count = SVAL(in_preauth->data.data, 0);
salt_length = SVAL(in_preauth->data.data, 2);
if (hash_count == 0) {
return smbd_smb2_request_error(req,
NT_STATUS_INVALID_PARAMETER);
}
p = in_preauth->data.data + needed;
needed += hash_count * 2;
needed += salt_length;
if (in_preauth->data.length < needed) {
return smbd_smb2_request_error(req,
NT_STATUS_INVALID_PARAMETER);
}
for (i=0; i < hash_count; i++) {
uint16_t v;
v = SVAL(p, 0);
p += 2;
if (v == SMB2_PREAUTH_INTEGRITY_SHA512) {
selected_preauth = v;
break;
}
}
if (selected_preauth == 0) {
return smbd_smb2_request_error(req,
NT_STATUS_SMB_NO_PREAUTH_INTEGRITY_HASH_OVERLAP);
}
SSVAL(buf, 0, 1); /* HashAlgorithmCount */
SSVAL(buf, 2, 32); /* SaltLength */
SSVAL(buf, 4, selected_preauth);
generate_random_buffer(buf + 6, 32);
b = data_blob_const(buf, sizeof(buf));
status = smb2_negotiate_context_add(req, &out_c,
SMB2_PREAUTH_INTEGRITY_CAPABILITIES, b);
if (!NT_STATUS_IS_OK(status)) {
return smbd_smb2_request_error(req, status);
}
req->preauth = &req->xconn->smb2.preauth;
}
if (in_cipher != NULL) {
size_t needed = 2;
uint16_t cipher_count;
const uint8_t *p;
uint8_t buf[4];
DATA_BLOB b;
size_t i;
bool aes_128_ccm_supported = false;
bool aes_128_gcm_supported = false;
capabilities &= ~SMB2_CAP_ENCRYPTION;
if (in_cipher->data.length < needed) {
return smbd_smb2_request_error(req,
NT_STATUS_INVALID_PARAMETER);
}
cipher_count = SVAL(in_cipher->data.data, 0);
if (cipher_count == 0) {
return smbd_smb2_request_error(req,
NT_STATUS_INVALID_PARAMETER);
}
p = in_cipher->data.data + needed;
needed += cipher_count * 2;
if (in_cipher->data.length < needed) {
return smbd_smb2_request_error(req,
NT_STATUS_INVALID_PARAMETER);
}
for (i=0; i < cipher_count; i++) {
uint16_t v;
v = SVAL(p, 0);
p += 2;
if (v == SMB2_ENCRYPTION_AES128_GCM) {
aes_128_gcm_supported = true;
}
if (v == SMB2_ENCRYPTION_AES128_CCM) {
aes_128_ccm_supported = true;
}
}
/*
* For now we preferr CCM because our implementation
* is faster than GCM, see bug #11451.
*/
if (aes_128_ccm_supported) {
xconn->smb2.server.cipher = SMB2_ENCRYPTION_AES128_CCM;
} else if (aes_128_gcm_supported) {
xconn->smb2.server.cipher = SMB2_ENCRYPTION_AES128_GCM;
}
SSVAL(buf, 0, 1); /* ChiperCount */
SSVAL(buf, 2, xconn->smb2.server.cipher);
b = data_blob_const(buf, sizeof(buf));
status = smb2_negotiate_context_add(req, &out_c,
SMB2_ENCRYPTION_CAPABILITIES, b);
if (!NT_STATUS_IS_OK(status)) {
return smbd_smb2_request_error(req, status);
}
}
if (capabilities & SMB2_CAP_ENCRYPTION) {
xconn->smb2.server.cipher = SMB2_ENCRYPTION_AES128_CCM;
}
if (protocol >= PROTOCOL_SMB2_22 &&
xconn->client->server_multi_channel_enabled)
{
if (in_capabilities & SMB2_CAP_MULTI_CHANNEL) {
capabilities |= SMB2_CAP_MULTI_CHANNEL;
}
}
security_offset = SMB2_HDR_BODY + 0x40;
#if 1
/* Try SPNEGO auth... */
security_buffer = data_blob_const(negprot_spnego_blob.data + 16,
negprot_spnego_blob.length - 16);
#else
/* for now we want raw NTLMSSP */
security_buffer = data_blob_const(NULL, 0);
#endif
if (out_c.num_contexts != 0) {
status = smb2_negotiate_context_push(req,
&out_negotiate_context_blob,
out_c);
if (!NT_STATUS_IS_OK(status)) {
return smbd_smb2_request_error(req, status);
}
}
if (out_negotiate_context_blob.length != 0) {
static const uint8_t zeros[8];
size_t pad = 0;
size_t ofs;
outdyn = data_blob_dup_talloc(req, security_buffer);
if (outdyn.length != security_buffer.length) {
return smbd_smb2_request_error(req,
NT_STATUS_NO_MEMORY);
}
ofs = security_offset + security_buffer.length;
if ((ofs % 8) != 0) {
pad = 8 - (ofs % 8);
}
ofs += pad;
ok = data_blob_append(req, &outdyn, zeros, pad);
if (!ok) {
return smbd_smb2_request_error(req,
NT_STATUS_NO_MEMORY);
}
ok = data_blob_append(req, &outdyn,
out_negotiate_context_blob.data,
out_negotiate_context_blob.length);
if (!ok) {
return smbd_smb2_request_error(req,
NT_STATUS_NO_MEMORY);
}
out_negotiate_context_offset = ofs;
out_negotiate_context_count = out_c.num_contexts;
} else {
outdyn = security_buffer;
}
out_guid_blob = data_blob_const(negprot_spnego_blob.data, 16);
status = GUID_from_ndr_blob(&out_guid_blob, &out_guid);
if (!NT_STATUS_IS_OK(status)) {
return smbd_smb2_request_error(req, status);
}
outbody = smbd_smb2_generate_outbody(req, 0x40);
if (outbody.data == NULL) {
return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
}
SSVAL(outbody.data, 0x00, 0x40 + 1); /* struct size */
SSVAL(outbody.data, 0x02,
security_mode); /* security mode */
SSVAL(outbody.data, 0x04, dialect); /* dialect revision */
SSVAL(outbody.data, 0x06,
out_negotiate_context_count); /* reserved/NegotiateContextCount */
memcpy(outbody.data + 0x08,
out_guid_blob.data, 16); /* server guid */
SIVAL(outbody.data, 0x18,
capabilities); /* capabilities */
SIVAL(outbody.data, 0x1C, max_trans); /* max transact size */
SIVAL(outbody.data, 0x20, max_read); /* max read size */
SIVAL(outbody.data, 0x24, max_write); /* max write size */
SBVAL(outbody.data, 0x28, now); /* system time */
SBVAL(outbody.data, 0x30, 0); /* server start time */
SSVAL(outbody.data, 0x38,
security_offset); /* security buffer offset */
SSVAL(outbody.data, 0x3A,
security_buffer.length); /* security buffer length */
SIVAL(outbody.data, 0x3C,
out_negotiate_context_offset); /* reserved/NegotiateContextOffset */
req->sconn->using_smb2 = true;
if (dialect != SMB2_DIALECT_REVISION_2FF) {
struct smbXsrv_client_global0 *global0 = NULL;
status = smbXsrv_connection_init_tables(xconn, protocol);
if (!NT_STATUS_IS_OK(status)) {
return smbd_smb2_request_error(req, status);
}
xconn->smb2.client.capabilities = in_capabilities;
xconn->smb2.client.security_mode = in_security_mode;
xconn->smb2.client.guid = in_guid;
xconn->smb2.client.num_dialects = dialect_count;
xconn->smb2.client.dialects = talloc_array(xconn,
uint16_t,
dialect_count);
if (xconn->smb2.client.dialects == NULL) {
return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
}
for (c=0; c < dialect_count; c++) {
xconn->smb2.client.dialects[c] = SVAL(indyn, c*2);
}
xconn->smb2.server.capabilities = capabilities;
xconn->smb2.server.security_mode = security_mode;
xconn->smb2.server.guid = out_guid;
xconn->smb2.server.dialect = dialect;
xconn->smb2.server.max_trans = max_trans;
xconn->smb2.server.max_read = max_read;
xconn->smb2.server.max_write = max_write;
if (xconn->protocol < PROTOCOL_SMB2_10) {
/*
* SMB2_02 doesn't support client guids
*/
return smbd_smb2_request_done(req, outbody, &outdyn);
}
if (!xconn->client->server_multi_channel_enabled) {
/*
* Only deal with the client guid database
* if multi-channel is enabled.
*/
return smbd_smb2_request_done(req, outbody, &outdyn);
}
if (xconn->smb2.client.guid_verified) {
/*
* The connection was passed from another
* smbd process.
*/
return smbd_smb2_request_done(req, outbody, &outdyn);
}
status = smb2srv_client_lookup_global(xconn->client,
xconn->smb2.client.guid,
req, &global0);
/*
* TODO: check for races...
*/
if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECTID_NOT_FOUND)) {
/*
* This stores the new client information in
* smbXsrv_client_global.tdb
*/
xconn->client->global->client_guid =
xconn->smb2.client.guid;
status = smbXsrv_client_update(xconn->client);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
xconn->smb2.client.guid_verified = true;
} else if (NT_STATUS_IS_OK(status)) {
status = smb2srv_client_connection_pass(req,
global0);
if (!NT_STATUS_IS_OK(status)) {
return smbd_smb2_request_error(req, status);
}
smbd_server_connection_terminate(xconn,
"passed connection");
return NT_STATUS_OBJECTID_EXISTS;
} else {
return smbd_smb2_request_error(req, status);
}
}
return smbd_smb2_request_done(req, outbody, &outdyn);
}
uint32_t smbXsrv_open_hash(struct smbXsrv_open *_open)
{
uint8_t buf[8+8+8];
uint32_t ret;
TDB_DATA key;
SBVAL(buf, 0, _open->global->open_persistent_id);
SBVAL(buf, 8, _open->global->open_volatile_id);
SBVAL(buf, 16, _open->global->open_time);
key = (TDB_DATA) { .dptr = buf, .dsize = sizeof(buf) };
ret = tdb_jenkins_hash(&key);
if (ret == 0) {
ret = 1;
}
return ret;
}
static NTSTATUS smbXsrv_open_set_replay_cache(struct smbXsrv_open *op)
{
struct GUID *create_guid;
struct GUID_txt_buf buf;
char *guid_string;
struct db_context *db = op->table->local.replay_cache_db_ctx;
NTSTATUS status;
if (!(op->flags & SMBXSRV_OPEN_NEED_REPLAY_CACHE)) {
return NT_STATUS_OK;
}
if (op->flags & SMBXSRV_OPEN_HAVE_REPLAY_CACHE) {
return NT_STATUS_OK;
}
create_guid = &op->global->create_guid;
if (GUID_all_zero(create_guid)) {
return NT_STATUS_OK;
}
guid_string = GUID_buf_string(create_guid, &buf);
if (guid_string == NULL) {
return NT_STATUS_INVALID_PARAMETER;
}
status = dbwrap_store_uint32_bystring(db, guid_string, op->local_id);
if (NT_STATUS_IS_OK(status)) {
op->flags |= SMBXSRV_OPEN_HAVE_REPLAY_CACHE;
op->flags &= ~SMBXSRV_OPEN_NEED_REPLAY_CACHE;
}
return status;
}
static NTSTATUS smbXsrv_open_clear_replay_cache(struct smbXsrv_open *op)
{
struct GUID *create_guid;
struct GUID_txt_buf buf;
char *guid_string;
struct db_context *db;
NTSTATUS status;
if (op->table == NULL) {
return NT_STATUS_OK;
}
db = op->table->local.replay_cache_db_ctx;
if (!(op->flags & SMBXSRV_OPEN_HAVE_REPLAY_CACHE)) {
return NT_STATUS_OK;
}
create_guid = &op->global->create_guid;
if (GUID_all_zero(create_guid)) {
return NT_STATUS_OK;
}
guid_string = GUID_buf_string(create_guid, &buf);
if (guid_string == NULL) {
return NT_STATUS_INVALID_PARAMETER;
}
status = dbwrap_purge_bystring(db, guid_string);
if (NT_STATUS_IS_OK(status)) {
op->flags &= ~SMBXSRV_OPEN_HAVE_REPLAY_CACHE;
}
return status;
}
NTSTATUS smbXsrv_open_update(struct smbXsrv_open *op)
{
struct smbXsrv_open_table *table = op->table;
NTSTATUS status;
if (op->global->db_rec != NULL) {
DEBUG(0, ("smbXsrv_open_update(0x%08x): "
"Called with db_rec != NULL'\n",
op->global->open_global_id));
return NT_STATUS_INTERNAL_ERROR;
}
op->global->db_rec = smbXsrv_open_global_fetch_locked(
table->global.db_ctx,
op->global->open_global_id,
op->global /* TALLOC_CTX */);
if (op->global->db_rec == NULL) {
return NT_STATUS_INTERNAL_DB_ERROR;
}
status = smbXsrv_open_global_store(op->global);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("smbXsrv_open_update: "
"global_id (0x%08x) store failed - %s\n",
op->global->open_global_id,
nt_errstr(status)));
return status;
}
status = smbXsrv_open_set_replay_cache(op);
if (!NT_STATUS_IS_OK(status)) {
DBG_ERR("smbXsrv_open_set_replay_cache failed: %s\n",
nt_errstr(status));
return status;
}
if (CHECK_DEBUGLVL(10)) {
struct smbXsrv_openB open_blob;
ZERO_STRUCT(open_blob);
open_blob.version = SMBXSRV_VERSION_0;
open_blob.info.info0 = op;
DEBUG(10,("smbXsrv_open_update: global_id (0x%08x) stored\n",
op->global->open_global_id));
NDR_PRINT_DEBUG(smbXsrv_openB, &open_blob);
}
return NT_STATUS_OK;
}
NTSTATUS smbXsrv_open_close(struct smbXsrv_open *op, NTTIME now)
{
struct smbXsrv_open_table *table;
struct db_record *local_rec = NULL;
struct db_record *global_rec = NULL;
NTSTATUS status;
NTSTATUS error = NT_STATUS_OK;
error = smbXsrv_open_clear_replay_cache(op);
if (!NT_STATUS_IS_OK(error)) {
DBG_ERR("smbXsrv_open_clear_replay_cache failed: %s\n",
nt_errstr(error));
}
if (op->table == NULL) {
return error;
}
table = op->table;
op->table = NULL;
op->status = NT_STATUS_FILE_CLOSED;
op->global->disconnect_time = now;
server_id_set_disconnected(&op->global->server_id);
global_rec = op->global->db_rec;
op->global->db_rec = NULL;
if (global_rec == NULL) {
global_rec = smbXsrv_open_global_fetch_locked(
table->global.db_ctx,
op->global->open_global_id,
op->global /* TALLOC_CTX */);
if (global_rec == NULL) {
error = NT_STATUS_INTERNAL_ERROR;
}
}
if (global_rec != NULL && op->global->durable) {
/*
* If it is a durable open we need to update the global part
* instead of deleting it
*/
op->global->db_rec = global_rec;
status = smbXsrv_open_global_store(op->global);
if (NT_STATUS_IS_OK(status)) {
/*
* smbXsrv_open_global_store does the free
* of op->global->db_rec
*/
global_rec = NULL;
}
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("smbXsrv_open_close(0x%08x)"
"smbXsrv_open_global_store() failed - %s\n",
op->global->open_global_id,
nt_errstr(status)));
error = status;
}
if (NT_STATUS_IS_OK(status) && CHECK_DEBUGLVL(10)) {
struct smbXsrv_openB open_blob;
ZERO_STRUCT(open_blob);
open_blob.version = SMBXSRV_VERSION_0;
open_blob.info.info0 = op;
DEBUG(10,("smbXsrv_open_close(0x%08x): "
"stored disconnect\n",
op->global->open_global_id));
NDR_PRINT_DEBUG(smbXsrv_openB, &open_blob);
}
}
if (global_rec != NULL) {
status = dbwrap_record_delete(global_rec);
if (!NT_STATUS_IS_OK(status)) {
TDB_DATA key = dbwrap_record_get_key(global_rec);
DEBUG(0, ("smbXsrv_open_close(0x%08x): "
"failed to delete global key '%s': %s\n",
op->global->open_global_id,
hex_encode_talloc(global_rec, key.dptr,
key.dsize),
nt_errstr(status)));
error = status;
}
}
TALLOC_FREE(global_rec);
local_rec = op->db_rec;
if (local_rec == NULL) {
local_rec = smbXsrv_open_local_fetch_locked(table->local.db_ctx,
op->local_id,
op /* TALLOC_CTX*/);
if (local_rec == NULL) {
error = NT_STATUS_INTERNAL_ERROR;
}
}
if (local_rec != NULL) {
status = dbwrap_record_delete(local_rec);
if (!NT_STATUS_IS_OK(status)) {
TDB_DATA key = dbwrap_record_get_key(local_rec);
DEBUG(0, ("smbXsrv_open_close(0x%08x): "
"failed to delete local key '%s': %s\n",
op->global->open_global_id,
hex_encode_talloc(local_rec, key.dptr,
key.dsize),
nt_errstr(status)));
error = status;
}
table->local.num_opens -= 1;
}
if (op->db_rec == NULL) {
TALLOC_FREE(local_rec);
}
op->db_rec = NULL;
if (op->compat) {
op->compat->op = NULL;
file_free(NULL, op->compat);
op->compat = NULL;
}
return error;
}
NTSTATUS smb1srv_open_table_init(struct smbXsrv_connection *conn)
{
uint32_t max_opens;
/*
* Allow a range from 1..65534.
*
* With real_max_open_files possible ids,
* truncated to the SMB1 limit of 16-bit.
*
* 0 and 0xFFFF are no valid ids.
*/
max_opens = conn->client->sconn->real_max_open_files;
max_opens = MIN(max_opens, UINT16_MAX - 1);
return smbXsrv_open_table_init(conn, 1, UINT16_MAX - 1, max_opens);
}
_PUBLIC_ BOOL policy_handle_empty(struct policy_handle *h)
{
return (h->handle_type == 0 && GUID_all_zero(&h->uuid));
}
static bool openkey_out_check(struct torture_context *tctx, struct winreg_OpenKey *r)
{
torture_assert(tctx, GUID_all_zero(&r->out.handle->uuid), "handle");
torture_assert_werr_equal(tctx, r->out.result, WERR_BADFILE, "return code");
return true;
}
/*
DsReplicaSync messages from the DRSUAPI server are forwarded here
*/
static NTSTATUS drepl_replica_sync(struct irpc_message *msg,
struct drsuapi_DsReplicaSync *r)
{
WERROR werr;
struct dreplsrv_partition *p;
struct drepl_replica_sync_cb_data *cb_data;
struct dreplsrv_partition_source_dsa *dsa;
struct drsuapi_DsReplicaSyncRequest1 *req1;
struct drsuapi_DsReplicaObjectIdentifier *nc;
struct dreplsrv_service *service = talloc_get_type(msg->private_data,
struct dreplsrv_service);
#define REPLICA_SYNC_FAIL(_msg, _werr) do {\
if (!W_ERROR_IS_OK(_werr)) { \
DEBUG(0,(__location__ ": Failure - %s. werr = %s\n", \
_msg, win_errstr(_werr))); \
NDR_PRINT_IN_DEBUG(drsuapi_DsReplicaSync, r); \
} \
r->out.result = _werr; \
goto done;\
} while(0)
if (r->in.level != 1) {
REPLICA_SYNC_FAIL("Unsupported level",
WERR_DS_DRA_INVALID_PARAMETER);
}
req1 = &r->in.req->req1;
nc = req1->naming_context;
/* Check input parameters */
if (!nc) {
REPLICA_SYNC_FAIL("Invalid Naming Context",
WERR_DS_DRA_INVALID_PARAMETER);
}
/* Find Naming context to be synchronized */
werr = dreplsrv_partition_find_for_nc(service,
&nc->guid, &nc->sid, nc->dn,
&p);
if (!W_ERROR_IS_OK(werr)) {
REPLICA_SYNC_FAIL("Failed to find requested Naming Context",
werr);
}
/* should we process it asynchronously? */
if (req1->options & DRSUAPI_DRS_ASYNC_OP) {
cb_data = NULL;
} else {
cb_data = talloc_zero(msg, struct drepl_replica_sync_cb_data);
if (!cb_data) {
REPLICA_SYNC_FAIL("Not enough memory",
WERR_DS_DRA_INTERNAL_ERROR);
}
cb_data->msg = msg;
cb_data->r = r;
cb_data->werr_last_failure = WERR_OK;
}
/* collect source DSAs to sync with */
if (req1->options & DRSUAPI_DRS_SYNC_ALL) {
for (dsa = p->sources; dsa; dsa = dsa->next) {
/* schedule replication item */
werr = _drepl_schedule_replication(service, dsa, nc,
req1->options, cb_data, msg);
if (!W_ERROR_IS_OK(werr)) {
REPLICA_SYNC_FAIL("_drepl_schedule_replication() failed",
werr);
}
}
} else {
if (req1->options & DRSUAPI_DRS_SYNC_BYNAME) {
/* client should pass at least valid string */
if (!req1->source_dsa_dns) {
REPLICA_SYNC_FAIL("'source_dsa_dns' is not valid",
WERR_DS_DRA_INVALID_PARAMETER);
}
werr = dreplsrv_partition_source_dsa_by_dns(p,
req1->source_dsa_dns,
&dsa);
} else {
/* client should pass at least some GUID */
if (GUID_all_zero(&req1->source_dsa_guid)) {
REPLICA_SYNC_FAIL("'source_dsa_guid' is not valid",
WERR_DS_DRA_INVALID_PARAMETER);
}
werr = dreplsrv_partition_source_dsa_by_guid(p,
&req1->source_dsa_guid,
&dsa);
if (W_ERROR_EQUAL(werr, WERR_DS_DRA_NO_REPLICA)) {
/* we don't have this source setup as
a replication partner. Create a
temporary dsa structure for this
replication */
werr = dreplsrv_partition_source_dsa_temporary(p,
msg,
&req1->source_dsa_guid,
&dsa);
}
}
if (!W_ERROR_IS_OK(werr)) {
REPLICA_SYNC_FAIL("Failed to locate source DSA for given NC",
werr);
}
/* schedule replication item */
werr = _drepl_schedule_replication(service, dsa, nc,
req1->options, cb_data, msg);
if (!W_ERROR_IS_OK(werr)) {
REPLICA_SYNC_FAIL("_drepl_schedule_replication() failed",
werr);
}
}
/* if we got here, everything is OK */
r->out.result = WERR_OK;
/*
* schedule replication event to force
* replication as soon as possible
*/
dreplsrv_pendingops_schedule_pull_now(service);
done:
return NT_STATUS_OK;
}
/*
form a binding string from a binding structure
*/
_PUBLIC_ char *dcerpc_binding_string(TALLOC_CTX *mem_ctx, const struct dcerpc_binding *b)
{
char *s = talloc_strdup(mem_ctx, "");
char *o = s;
int i;
const char *t_name = NULL;
bool option_section = false;
const char *target_hostname = NULL;
if (b->transport != NCA_UNKNOWN) {
t_name = derpc_transport_string_by_transport(b->transport);
if (!t_name) {
talloc_free(o);
return NULL;
}
}
if (!GUID_all_zero(&b->object)) {
o = s;
s = talloc_asprintf_append_buffer(s, "%s@",
GUID_string(mem_ctx, &b->object));
if (s == NULL) {
talloc_free(o);
return NULL;
}
}
if (t_name != NULL) {
o = s;
s = talloc_asprintf_append_buffer(s, "%s:", t_name);
if (s == NULL) {
talloc_free(o);
return NULL;
}
}
if (b->host) {
o = s;
s = talloc_asprintf_append_buffer(s, "%s", b->host);
if (s == NULL) {
talloc_free(o);
return NULL;
}
}
target_hostname = b->target_hostname;
if (target_hostname != NULL && b->host != NULL) {
if (strcmp(target_hostname, b->host) == 0) {
target_hostname = NULL;
}
}
if (b->endpoint) {
option_section = true;
} else if (target_hostname) {
option_section = true;
} else if (b->target_principal) {
option_section = true;
} else if (b->assoc_group_id != 0) {
option_section = true;
} else if (b->options) {
option_section = true;
} else if (b->flags) {
option_section = true;
}
if (!option_section) {
return s;
}
o = s;
s = talloc_asprintf_append_buffer(s, "[");
if (s == NULL) {
talloc_free(o);
return NULL;
}
if (b->endpoint) {
o = s;
s = talloc_asprintf_append_buffer(s, "%s", b->endpoint);
if (s == NULL) {
talloc_free(o);
return NULL;
}
}
for (i=0;i<ARRAY_SIZE(ncacn_options);i++) {
if (!(b->flags & ncacn_options[i].flag)) {
continue;
}
o = s;
s = talloc_asprintf_append_buffer(s, ",%s", ncacn_options[i].name);
if (s == NULL) {
talloc_free(o);
return NULL;
}
}
if (target_hostname) {
o = s;
s = talloc_asprintf_append_buffer(s, ",target_hostname=%s",
b->target_hostname);
if (s == NULL) {
talloc_free(o);
return NULL;
}
}
if (b->target_principal) {
o = s;
s = talloc_asprintf_append_buffer(s, ",target_principal=%s",
b->target_principal);
if (s == NULL) {
talloc_free(o);
return NULL;
}
}
if (b->assoc_group_id != 0) {
o = s;
s = talloc_asprintf_append_buffer(s, ",assoc_group_id=0x%08x",
b->assoc_group_id);
if (s == NULL) {
talloc_free(o);
return NULL;
}
}
for (i=0;b->options && b->options[i];i++) {
o = s;
s = talloc_asprintf_append_buffer(s, ",%s", b->options[i]);
if (s == NULL) {
talloc_free(o);
return NULL;
}
}
o = s;
s = talloc_asprintf_append_buffer(s, "]");
if (s == NULL) {
talloc_free(o);
return NULL;
}
return s;
}
WERROR dsdb_convert_object_ex(struct ldb_context *ldb,
const struct dsdb_schema *schema,
const struct dsdb_schema_prefixmap *pfm_remote,
const struct drsuapi_DsReplicaObjectListItemEx *in,
const DATA_BLOB *gensec_skey,
const uint32_t *ignore_attids,
uint32_t dsdb_repl_flags,
TALLOC_CTX *mem_ctx,
struct dsdb_extended_replicated_object *out)
{
NTSTATUS nt_status;
WERROR status = WERR_OK;
uint32_t i;
struct ldb_message *msg;
struct replPropertyMetaDataBlob *md;
int instanceType;
struct ldb_message_element *instanceType_e = NULL;
struct ldb_val guid_value;
struct ldb_val parent_guid_value;
NTTIME whenChanged = 0;
time_t whenChanged_t;
const char *whenChanged_s;
struct drsuapi_DsReplicaAttribute *name_a = NULL;
struct drsuapi_DsReplicaMetaData *name_d = NULL;
struct replPropertyMetaData1 *rdn_m = NULL;
struct dom_sid *sid = NULL;
uint32_t rid = 0;
uint32_t attr_count;
int ret;
if (!in->object.identifier) {
return WERR_FOOBAR;
}
if (!in->object.identifier->dn || !in->object.identifier->dn[0]) {
return WERR_FOOBAR;
}
if (in->object.attribute_ctr.num_attributes != 0 && !in->meta_data_ctr) {
return WERR_FOOBAR;
}
if (in->object.attribute_ctr.num_attributes != in->meta_data_ctr->count) {
return WERR_FOOBAR;
}
sid = &in->object.identifier->sid;
if (sid->num_auths > 0) {
rid = sid->sub_auths[sid->num_auths - 1];
}
msg = ldb_msg_new(mem_ctx);
W_ERROR_HAVE_NO_MEMORY(msg);
msg->dn = ldb_dn_new(msg, ldb, in->object.identifier->dn);
W_ERROR_HAVE_NO_MEMORY(msg->dn);
msg->num_elements = in->object.attribute_ctr.num_attributes;
msg->elements = talloc_array(msg, struct ldb_message_element,
msg->num_elements + 1); /* +1 because of the RDN attribute */
W_ERROR_HAVE_NO_MEMORY(msg->elements);
md = talloc(mem_ctx, struct replPropertyMetaDataBlob);
W_ERROR_HAVE_NO_MEMORY(md);
md->version = 1;
md->reserved = 0;
md->ctr.ctr1.count = in->meta_data_ctr->count;
md->ctr.ctr1.reserved = 0;
md->ctr.ctr1.array = talloc_array(mem_ctx,
struct replPropertyMetaData1,
md->ctr.ctr1.count + 1); /* +1 because of the RDN attribute */
W_ERROR_HAVE_NO_MEMORY(md->ctr.ctr1.array);
for (i=0, attr_count=0; i < in->meta_data_ctr->count; i++, attr_count++) {
struct drsuapi_DsReplicaAttribute *a;
struct drsuapi_DsReplicaMetaData *d;
struct replPropertyMetaData1 *m;
struct ldb_message_element *e;
uint32_t j;
a = &in->object.attribute_ctr.attributes[i];
d = &in->meta_data_ctr->meta_data[i];
m = &md->ctr.ctr1.array[attr_count];
e = &msg->elements[attr_count];
if (dsdb_attid_in_list(ignore_attids, a->attid)) {
attr_count--;
continue;
}
if (GUID_all_zero(&d->originating_invocation_id)) {
status = WERR_DS_SRC_GUID_MISMATCH;
DEBUG(0, ("Refusing replication of object containing invalid zero invocationID on attribute %d of %s: %s\n",
a->attid,
ldb_dn_get_linearized(msg->dn),
win_errstr(status)));
return status;
}
if (a->attid == DRSUAPI_ATTID_instanceType) {
if (instanceType_e != NULL) {
return WERR_FOOBAR;
}
instanceType_e = e;
}
for (j=0; j<a->value_ctr.num_values; j++) {
status = drsuapi_decrypt_attribute(a->value_ctr.values[j].blob,
gensec_skey, rid,
dsdb_repl_flags, a);
if (!W_ERROR_IS_OK(status)) {
break;
}
}
if (W_ERROR_EQUAL(status, WERR_TOO_MANY_SECRETS)) {
WERROR get_name_status = dsdb_attribute_drsuapi_to_ldb(ldb, schema, pfm_remote,
a, msg->elements, e);
if (W_ERROR_IS_OK(get_name_status)) {
DEBUG(0, ("Unxpectedly got secret value %s on %s from DRS server\n",
e->name, ldb_dn_get_linearized(msg->dn)));
} else {
DEBUG(0, ("Unxpectedly got secret value on %s from DRS server",
ldb_dn_get_linearized(msg->dn)));
}
} else if (!W_ERROR_IS_OK(status)) {
return status;
}
status = dsdb_attribute_drsuapi_to_ldb(ldb, schema, pfm_remote,
a, msg->elements, e);
W_ERROR_NOT_OK_RETURN(status);
m->attid = a->attid;
m->version = d->version;
m->originating_change_time = d->originating_change_time;
m->originating_invocation_id = d->originating_invocation_id;
m->originating_usn = d->originating_usn;
m->local_usn = 0;
if (d->originating_change_time > whenChanged) {
whenChanged = d->originating_change_time;
}
if (a->attid == DRSUAPI_ATTID_name) {
name_a = a;
name_d = d;
}
}
msg->num_elements = attr_count;
md->ctr.ctr1.count = attr_count;
if (name_a) {
rdn_m = &md->ctr.ctr1.array[md->ctr.ctr1.count];
}
if (rdn_m) {
struct ldb_message_element *el;
const char *rdn_name = NULL;
const struct ldb_val *rdn_value = NULL;
const struct dsdb_attribute *rdn_attr = NULL;
uint32_t rdn_attid;
/*
* We only need the schema calls for the RDN in this
* codepath, and by doing this we avoid needing to
* have the dsdb_attribute_by_lDAPDisplayName accessor
* working during the schema load.
*/
rdn_name = ldb_dn_get_rdn_name(msg->dn);
rdn_attr = dsdb_attribute_by_lDAPDisplayName(schema, rdn_name);
if (!rdn_attr) {
return WERR_FOOBAR;
}
rdn_attid = rdn_attr->attributeID_id;
rdn_value = ldb_dn_get_rdn_val(msg->dn);
el = ldb_msg_find_element(msg, rdn_attr->lDAPDisplayName);
if (!el) {
ret = ldb_msg_add_value(msg, rdn_attr->lDAPDisplayName, rdn_value, NULL);
if (ret != LDB_SUCCESS) {
return WERR_FOOBAR;
}
} else {
if (el->num_values != 1) {
DEBUG(0,(__location__ ": Unexpected num_values=%u\n",
el->num_values));
return WERR_FOOBAR;
}
if (!ldb_val_equal_exact(&el->values[0], rdn_value)) {
DEBUG(0,(__location__ ": RDN value changed? '%*.*s' '%*.*s'\n",
(int)el->values[0].length, (int)el->values[0].length, el->values[0].data,
(int)rdn_value->length, (int)rdn_value->length, rdn_value->data));
return WERR_FOOBAR;
}
}
rdn_m->attid = rdn_attid;
rdn_m->version = name_d->version;
rdn_m->originating_change_time = name_d->originating_change_time;
rdn_m->originating_invocation_id = name_d->originating_invocation_id;
rdn_m->originating_usn = name_d->originating_usn;
rdn_m->local_usn = 0;
md->ctr.ctr1.count++;
}
if (instanceType_e == NULL) {
return WERR_FOOBAR;
}
instanceType = ldb_msg_find_attr_as_int(msg, "instanceType", 0);
if (dsdb_repl_flags & DSDB_REPL_FLAG_PARTIAL_REPLICA) {
/* the instanceType type for partial_replica
replication is sent via DRS with TYPE_WRITE set, but
must be used on the client with TYPE_WRITE removed
*/
if (instanceType & INSTANCE_TYPE_WRITE) {
/*
* Make sure we do not change the order
* of msg->elements!
*
* That's why we use
* instanceType_e->num_values = 0
* instead of
* ldb_msg_remove_attr(msg, "instanceType");
*/
struct ldb_message_element *e;
e = ldb_msg_find_element(msg, "instanceType");
if (e != instanceType_e) {
DEBUG(0,("instanceType_e[%p] changed to e[%p]\n",
instanceType_e, e));
return WERR_FOOBAR;
}
instanceType_e->num_values = 0;
instanceType &= ~INSTANCE_TYPE_WRITE;
if (ldb_msg_add_fmt(msg, "instanceType", "%d", instanceType) != LDB_SUCCESS) {
return WERR_INTERNAL_ERROR;
}
}
} else {
if (!(instanceType & INSTANCE_TYPE_WRITE)) {
DEBUG(0, ("Refusing to replicate %s from a read-only repilca into a read-write replica!\n",
ldb_dn_get_linearized(msg->dn)));
return WERR_DS_DRA_SOURCE_IS_PARTIAL_REPLICA;
}
}
whenChanged_t = nt_time_to_unix(whenChanged);
whenChanged_s = ldb_timestring(msg, whenChanged_t);
W_ERROR_HAVE_NO_MEMORY(whenChanged_s);
nt_status = GUID_to_ndr_blob(&in->object.identifier->guid, msg, &guid_value);
if (!NT_STATUS_IS_OK(nt_status)) {
return ntstatus_to_werror(nt_status);
}
if (in->parent_object_guid) {
nt_status = GUID_to_ndr_blob(in->parent_object_guid, msg, &parent_guid_value);
if (!NT_STATUS_IS_OK(nt_status)) {
return ntstatus_to_werror(nt_status);
}
} else {
parent_guid_value = data_blob_null;
}
out->msg = msg;
out->guid_value = guid_value;
out->parent_guid_value = parent_guid_value;
out->when_changed = whenChanged_s;
out->meta_data = md;
return WERR_OK;
}
