/**
* Add an element to the schema (attribute or class) from an LDB message
*/
WERROR dsdb_schema_set_el_from_ldb_msg(struct ldb_context *ldb, struct dsdb_schema *schema,
struct ldb_message *msg)
{
static struct ldb_parse_tree *attr_tree, *class_tree;
if (!attr_tree) {
attr_tree = ldb_parse_tree(talloc_autofree_context(), "(objectClass=attributeSchema)");
if (!attr_tree) {
return WERR_NOMEM;
}
}
if (!class_tree) {
class_tree = ldb_parse_tree(talloc_autofree_context(), "(objectClass=classSchema)");
if (!class_tree) {
return WERR_NOMEM;
}
}
if (ldb_match_msg(ldb, msg, attr_tree, NULL, LDB_SCOPE_BASE)) {
return dsdb_attribute_from_ldb(ldb, schema, msg);
} else if (ldb_match_msg(ldb, msg, class_tree, NULL, LDB_SCOPE_BASE)) {
return dsdb_class_from_ldb(schema, msg);
}
/* Don't fail on things not classes or attributes */
return WERR_OK;
}
static NTSTATUS tcp_ldap_rootdse(void *data,
TALLOC_CTX *mem_ctx,
struct cldap_search *io)
{
struct ldap_connection *conn = talloc_get_type(data,
struct ldap_connection);
struct ldap_message *msg, *result;
struct ldap_request *req;
int i;
NTSTATUS status;
msg = new_ldap_message(mem_ctx);
if (!msg) {
return NT_STATUS_NO_MEMORY;
}
msg->type = LDAP_TAG_SearchRequest;
msg->r.SearchRequest.basedn = "";
msg->r.SearchRequest.scope = LDAP_SEARCH_SCOPE_BASE;
msg->r.SearchRequest.deref = LDAP_DEREFERENCE_NEVER;
msg->r.SearchRequest.timelimit = 0;
msg->r.SearchRequest.sizelimit = 0;
msg->r.SearchRequest.attributesonly = false;
msg->r.SearchRequest.tree = ldb_parse_tree(msg, io->in.filter);
msg->r.SearchRequest.num_attributes = str_list_length(io->in.attributes);
msg->r.SearchRequest.attributes = io->in.attributes;
req = ldap_request_send(conn, msg);
if (req == NULL) {
printf("Could not setup ldap search\n");
return NT_STATUS_UNSUCCESSFUL;
}
ZERO_STRUCT(io->out);
for (i = 0; i < 2; ++i) {
status = ldap_result_n(req, i, &result);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
switch (result->type) {
case LDAP_TAG_SearchResultEntry:
if (i != 0) {
return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR);
}
io->out.response = &result->r.SearchResultEntry;
break;
case LDAP_TAG_SearchResultDone:
io->out.result = &result->r.SearchResultDone;
if (io->out.result->resultcode != LDAP_SUCCESS) {
return NT_STATUS_LDAP(io->out.result->resultcode);
}
return NT_STATUS_OK;
default:
return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR);
}
}
return NT_STATUS_OK;
}
/* Build a request to search the local record by its DN. */
static int map_search_self_req(struct ldb_request **req,
struct map_context *ac,
struct ldb_dn *dn)
{
/* attrs[] is returned from this function in
* ac->search_req->op.search.attrs, so it must be static, as
* otherwise the compiler can put it on the stack */
static const char * const attrs[] = { IS_MAPPED, NULL };
struct ldb_parse_tree *tree;
/* Limit search to records with 'IS_MAPPED' present */
tree = ldb_parse_tree(ac, "(" IS_MAPPED "=*)");
if (tree == NULL) {
map_oom(ac->module);
return LDB_ERR_OPERATIONS_ERROR;
}
*req = map_search_base_req(ac, dn, attrs, tree,
ac, map_search_self_callback);
if (*req == NULL) {
return LDB_ERR_OPERATIONS_ERROR;
}
return LDB_SUCCESS;
}
static bool test_search_auth_empty_substring(struct ldap_connection *conn, const char *basedn)
{
bool ret = true;
struct ldap_message *msg, *result;
struct ldap_request *req;
NTSTATUS status;
struct ldap_Result *r;
printf("Testing authenticated base Search with objectclass= substring filter\n");
msg = new_ldap_message(conn);
if (!msg) {
return false;
}
msg->type = LDAP_TAG_SearchRequest;
msg->r.SearchRequest.basedn = basedn;
msg->r.SearchRequest.scope = LDAP_SEARCH_SCOPE_BASE;
msg->r.SearchRequest.deref = LDAP_DEREFERENCE_NEVER;
msg->r.SearchRequest.timelimit = 0;
msg->r.SearchRequest.sizelimit = 0;
msg->r.SearchRequest.attributesonly = false;
msg->r.SearchRequest.tree = ldb_parse_tree(msg, "(objectclass=*)");
msg->r.SearchRequest.tree->operation = LDB_OP_SUBSTRING;
msg->r.SearchRequest.tree->u.substring.attr = "objectclass";
msg->r.SearchRequest.tree->u.substring.start_with_wildcard = 1;
msg->r.SearchRequest.tree->u.substring.end_with_wildcard = 1;
msg->r.SearchRequest.tree->u.substring.chunks = NULL;
msg->r.SearchRequest.num_attributes = 0;
msg->r.SearchRequest.attributes = NULL;
req = ldap_request_send(conn, msg);
if (req == NULL) {
printf("Could not setup ldap search\n");
return false;
}
status = ldap_result_one(req, &result, LDAP_TAG_SearchResultDone);
if (!NT_STATUS_IS_OK(status)) {
printf("looking for search result done failed - %s\n", nt_errstr(status));
return false;
}
printf("received %d replies\n", req->num_replies);
r = &result->r.SearchResultDone;
if (r->resultcode != LDAP_SUCCESS) {
printf("search result done gave error - %s\n", ldb_strerror(r->resultcode));
return false;
}
return ret;
}
ADS_STATUS ads_do_search_all_sd_flags (ADS_STRUCT *ads, const char *dn, int scope,
const char *filter, const char **attrs,
uint32_t sd_flags, LDAPMessage **res)
{
int rv;
struct ldb_request *req;
struct ldb_control **controls;
struct ldb_parse_tree *tree;
struct ldb_dn *ldb_dn;
controls = talloc_zero_array(ads, struct ldb_control *, 2);
controls[0] = talloc(ads, struct ldb_control);
controls[0]->oid = LDB_CONTROL_SD_FLAGS_OID;
controls[0]->data = &sd_flags;
controls[0]->critical = 1;
tree = ldb_parse_tree(ads, filter);
ldb_dn = ldb_dn_new(ads, ads->ldbctx, dn);
rv = ldb_build_search_req_ex(&req, ads->ldbctx, (TALLOC_CTX *)res, ldb_dn, scope, tree, attrs, controls,
res, ldb_search_default_callback, NULL);
if (rv != LDB_SUCCESS) {
talloc_free(*res);
talloc_free(req);
talloc_free(tree);
return ADS_ERROR(rv);
}
rv = ldb_request(ads->ldbctx, req);
if (rv == LDB_SUCCESS) {
rv = ldb_wait(req->handle, LDB_WAIT_ALL);
}
talloc_free(req);
talloc_free(tree);
return ADS_ERROR(rv);
}
static bool test_search_rootDSE(struct ldap_connection *conn, const char **basedn,
const char ***partitions)
{
bool ret = true;
struct ldap_message *msg, *result;
struct ldap_request *req;
int i;
struct ldap_SearchResEntry *r;
NTSTATUS status;
printf("Testing RootDSE Search\n");
*basedn = NULL;
if (partitions != NULL) {
*partitions = const_str_list(str_list_make_empty(conn));
}
msg = new_ldap_message(conn);
if (!msg) {
return false;
}
msg->type = LDAP_TAG_SearchRequest;
msg->r.SearchRequest.basedn = "";
msg->r.SearchRequest.scope = LDAP_SEARCH_SCOPE_BASE;
msg->r.SearchRequest.deref = LDAP_DEREFERENCE_NEVER;
msg->r.SearchRequest.timelimit = 0;
msg->r.SearchRequest.sizelimit = 0;
msg->r.SearchRequest.attributesonly = false;
msg->r.SearchRequest.tree = ldb_parse_tree(msg, "(objectclass=*)");
msg->r.SearchRequest.num_attributes = 0;
msg->r.SearchRequest.attributes = NULL;
req = ldap_request_send(conn, msg);
if (req == NULL) {
printf("Could not setup ldap search\n");
return false;
}
status = ldap_result_one(req, &result, LDAP_TAG_SearchResultEntry);
if (!NT_STATUS_IS_OK(status)) {
printf("search failed - %s\n", nt_errstr(status));
return false;
}
printf("received %d replies\n", req->num_replies);
r = &result->r.SearchResultEntry;
DEBUG(1,("\tdn: %s\n", r->dn));
for (i=0; i<r->num_attributes; i++) {
int j;
for (j=0; j<r->attributes[i].num_values; j++) {
DEBUG(1,("\t%s: %d %.*s\n", r->attributes[i].name,
(int)r->attributes[i].values[j].length,
(int)r->attributes[i].values[j].length,
(char *)r->attributes[i].values[j].data));
if (!(*basedn) &&
strcasecmp("defaultNamingContext",r->attributes[i].name)==0) {
*basedn = talloc_asprintf(conn, "%.*s",
(int)r->attributes[i].values[j].length,
(char *)r->attributes[i].values[j].data);
}
if ((partitions != NULL) &&
(strcasecmp("namingContexts", r->attributes[i].name) == 0)) {
char *entry = talloc_asprintf(conn, "%.*s",
(int)r->attributes[i].values[j].length,
(char *)r->attributes[i].values[j].data);
*partitions = str_list_add(*partitions, entry);
}
}
}
return ret;
}
