/*
construct a subSchemaSubEntry
*/
static int construct_subschema_subentry(struct ldb_module *module,
struct ldb_message *msg, enum ldb_scope scope,
struct ldb_request *parent)
{
struct operational_data *data = talloc_get_type(ldb_module_get_private(module), struct operational_data);
char *subSchemaSubEntry;
/* We may be being called before the init function has finished */
if (!data) {
return LDB_SUCCESS;
}
/* Try and set this value up, if possible. Don't worry if it
* fails, we may not have the DB set up yet, and it's not
* really vital anyway */
if (!data->aggregate_dn) {
struct ldb_context *ldb = ldb_module_get_ctx(module);
data->aggregate_dn = samdb_aggregate_schema_dn(ldb, data);
}
if (data->aggregate_dn) {
subSchemaSubEntry = ldb_dn_alloc_linearized(msg, data->aggregate_dn);
return ldb_msg_add_steal_string(msg, "subSchemaSubEntry", subSchemaSubEntry);
}
return LDB_SUCCESS;
}
/*
construct a canonical name from a message
*/
static int construct_canonical_name(struct ldb_module *module, struct ldb_message *msg)
{
char *canonicalName;
canonicalName = ldb_dn_canonical_string(msg, msg->dn);
if (canonicalName == NULL) {
return -1;
}
return ldb_msg_add_steal_string(msg, "canonicalName", canonicalName);
}
static int prepare_modules_line(struct ldb_context *ldb,
TALLOC_CTX *mem_ctx,
const struct ldb_message *rootdse_msg,
struct ldb_message *msg, const char *backend_attr,
const char *backend_mod, const char **backend_mod_list)
{
int ret;
const char **backend_full_list;
const char *backend_dn;
char *mod_list_string;
char *full_string;
TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
if (!tmp_ctx) {
return ldb_oom(ldb);
}
if (backend_attr) {
backend_dn = ldb_msg_find_attr_as_string(rootdse_msg, backend_attr, NULL);
if (!backend_dn) {
ldb_asprintf_errstring(ldb,
"samba_dsdb_init: "
"unable to read %s from %s:%s",
backend_attr, ldb_dn_get_linearized(rootdse_msg->dn),
ldb_errstring(ldb));
return LDB_ERR_CONSTRAINT_VIOLATION;
}
} else {
backend_dn = "*";
}
if (backend_mod) {
backend_full_list = (const char **)str_list_make_single(tmp_ctx, backend_mod);
} else {
backend_full_list = (const char **)str_list_make_empty(tmp_ctx);
}
if (!backend_full_list) {
talloc_free(tmp_ctx);
return ldb_oom(ldb);
}
backend_full_list = str_list_append_const(backend_full_list, backend_mod_list);
if (!backend_full_list) {
talloc_free(tmp_ctx);
return ldb_oom(ldb);
}
mod_list_string = str_list_join(tmp_ctx, backend_full_list, ',');
if (!mod_list_string) {
talloc_free(tmp_ctx);
return ldb_oom(ldb);
}
full_string = talloc_asprintf(tmp_ctx, "%s:%s", backend_dn, mod_list_string);
ret = ldb_msg_add_steal_string(msg, "modules", full_string);
talloc_free(tmp_ctx);
return ret;
}
/*
construct a canonical name from a message
*/
static int construct_canonical_name(struct ldb_module *module,
struct ldb_message *msg, enum ldb_scope scope,
struct ldb_request *parent)
{
char *canonicalName;
canonicalName = ldb_dn_canonical_string(msg, msg->dn);
if (canonicalName == NULL) {
return ldb_operr(ldb_module_get_ctx(module));
}
return ldb_msg_add_steal_string(msg, "canonicalName", canonicalName);
}
/*
add a DN element to a message
WARNING: this uses the linearized string from the dn, and does not
copy the string.
*/
int ldb_msg_add_linearized_dn(struct ldb_message *msg, const char *attr_name,
struct ldb_dn *dn)
{
char *str = ldb_dn_alloc_linearized(msg, dn);
if (str == NULL) {
/* we don't want to have unknown DNs added */
return LDB_ERR_OPERATIONS_ERROR;
}
return ldb_msg_add_steal_string(msg, attr_name, str);
}
/*
add special SPNs needed for DRS replication to machine accounts when
an AddEntry is done to create a nTDSDSA object
*/
static WERROR drsuapi_add_SPNs(struct drsuapi_bind_state *b_state,
struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
const struct drsuapi_DsReplicaObjectListItem *first_object)
{
int ret;
const struct drsuapi_DsReplicaObjectListItem *obj;
const char *attrs[] = { "serverReference", "objectGUID", NULL };
for (obj = first_object; obj; obj=obj->next_object) {
const char *dn_string = obj->object.identifier->dn;
struct ldb_dn *dn = ldb_dn_new(mem_ctx, b_state->sam_ctx, dn_string);
struct ldb_result *res, *res2;
struct ldb_dn *ref_dn;
struct GUID ntds_guid;
struct ldb_message *msg;
struct ldb_message_element *el;
const char *ntds_guid_str;
const char *dom_string;
const char *attrs2[] = { "dNSHostName", "cn", NULL };
const char *dNSHostName, *cn;
DEBUG(6,(__location__ ": Adding SPNs for %s\n",
ldb_dn_get_linearized(dn)));
ret = ldb_search(b_state->sam_ctx, mem_ctx, &res,
dn, LDB_SCOPE_BASE, attrs,
"(objectClass=ntDSDSA)");
if (ret != LDB_SUCCESS) {
DEBUG(0,(__location__ ": Failed to find dn '%s'\n", dn_string));
return WERR_DS_DRA_INTERNAL_ERROR;
}
if (res->count < 1) {
/* we only add SPNs for nTDSDSA objects */
continue;
}
ref_dn = samdb_result_dn(b_state->sam_ctx, mem_ctx, res->msgs[0], "serverReference", NULL);
if (ref_dn == NULL) {
/* we only add SPNs for objects with a
serverReference */
continue;
}
DEBUG(6,(__location__ ": serverReference %s\n",
ldb_dn_get_linearized(ref_dn)));
ntds_guid = samdb_result_guid(res->msgs[0], "objectGUID");
ntds_guid_str = GUID_string(res, &ntds_guid);
dom_string = lpcfg_dnsdomain(dce_call->conn->dce_ctx->lp_ctx);
/* get the dNSHostName and cn */
ret = ldb_search(b_state->sam_ctx, mem_ctx, &res2,
ref_dn, LDB_SCOPE_BASE, attrs2, NULL);
if (ret != LDB_SUCCESS) {
DEBUG(0,(__location__ ": Failed to find ref_dn '%s'\n",
ldb_dn_get_linearized(ref_dn)));
return WERR_DS_DRA_INTERNAL_ERROR;
}
dNSHostName = ldb_msg_find_attr_as_string(res2->msgs[0], "dNSHostName", NULL);
cn = ldb_msg_find_attr_as_string(res2->msgs[0], "cn", NULL);
/*
* construct a modify request to add the new SPNs to
* the machine account
*/
msg = ldb_msg_new(mem_ctx);
if (msg == NULL) {
return WERR_NOT_ENOUGH_MEMORY;
}
msg->dn = ref_dn;
ret = ldb_msg_add_empty(msg, "servicePrincipalName",
LDB_FLAG_MOD_ADD, &el);
if (ret != LDB_SUCCESS) {
return WERR_NOT_ENOUGH_MEMORY;
}
ldb_msg_add_steal_string(msg, "servicePrincipalName",
talloc_asprintf(el->values,
"E3514235-4B06-11D1-AB04-00C04FC2DCD2/%s/%s",
ntds_guid_str, dom_string));
ldb_msg_add_steal_string(msg, "servicePrincipalName",
talloc_asprintf(el->values, "ldap/%s._msdcs.%s",
ntds_guid_str, dom_string));
if (cn) {
ldb_msg_add_steal_string(msg, "servicePrincipalName",
talloc_asprintf(el->values, "ldap/%s", cn));
}
if (dNSHostName) {
ldb_msg_add_steal_string(msg, "servicePrincipalName",
talloc_asprintf(el->values, "ldap/%s", dNSHostName));
}
if (el->num_values < 2) {
return WERR_NOT_ENOUGH_MEMORY;
}
ret = dsdb_modify(b_state->sam_ctx, msg, DSDB_MODIFY_PERMISSIVE);
if (ret != LDB_SUCCESS) {
DEBUG(0,(__location__ ": Failed to add SPNs - %s\n",
ldb_errstring(b_state->sam_ctx)));
return WERR_DS_DRA_INTERNAL_ERROR;
}
}
return WERR_OK;
}
