/* encode a NDR GUID as a ldap filter element */ char *ldap_encode_ndr_GUID(TALLOC_CTX *mem_ctx, const struct GUID *guid) { DATA_BLOB blob; NTSTATUS status; char *ret; status = GUID_to_ndr_blob(guid, mem_ctx, &blob); if (!NT_STATUS_IS_OK(status)) { return NULL; } ret = ldb_binary_encode(mem_ctx, blob); data_blob_free(&blob); return ret; }
/* push a guid onto the wire. The buffer must hold 16 bytes */ NTSTATUS smbcli_push_guid(void *base, uint16_t offset, const struct GUID *guid) { TALLOC_CTX *tmp_ctx = talloc_new(NULL); NTSTATUS status; DATA_BLOB blob; status = GUID_to_ndr_blob(guid, tmp_ctx, &blob); if (!NT_STATUS_IS_OK(status)) { talloc_free(tmp_ctx); return status; } memcpy(offset + (uint8_t *)base, blob.data, blob.length); talloc_free(tmp_ctx); return NT_STATUS_OK; }
/* convert a ldif formatted objectGUID to a NDR formatted blob */ static int ldif_read_objectGUID(struct ldb_context *ldb, void *mem_ctx, const struct ldb_val *in, struct ldb_val *out) { struct GUID guid; NTSTATUS status; status = GUID_from_data_blob(in, &guid); if (!NT_STATUS_IS_OK(status)) { return -1; } status = GUID_to_ndr_blob(&guid, mem_ctx, out); if (!NT_STATUS_IS_OK(status)) { return -1; } return 0; }
_PUBLIC_ char *GUID_hexstring(TALLOC_CTX *mem_ctx, const struct GUID *guid) { char *ret; DATA_BLOB guid_blob; TALLOC_CTX *tmp_mem; NTSTATUS status; tmp_mem = talloc_new(mem_ctx); if (!tmp_mem) { return NULL; } status = GUID_to_ndr_blob(guid, tmp_mem, &guid_blob); if (!NT_STATUS_IS_OK(status)) { talloc_free(tmp_mem); return NULL; } ret = data_blob_hex_string_upper(mem_ctx, &guid_blob); talloc_free(tmp_mem); return ret; }
/** * When loading the schema from LDIF files, we don't get the extended DNs. * * We need to set these up, so that from the moment we start the provision, * the defaultObjectCategory links are set up correctly. */ int dsdb_schema_fill_extended_dn(struct ldb_context *ldb, struct dsdb_schema *schema) { struct dsdb_class *cur; const struct dsdb_class *target_class; for (cur = schema->classes; cur; cur = cur->next) { const struct ldb_val *rdn; struct ldb_val guid; NTSTATUS status; struct ldb_dn *dn = ldb_dn_new(NULL, ldb, cur->defaultObjectCategory); if (!dn) { return LDB_ERR_INVALID_DN_SYNTAX; } rdn = ldb_dn_get_component_val(dn, 0); if (!rdn) { talloc_free(dn); return LDB_ERR_INVALID_DN_SYNTAX; } target_class = dsdb_class_by_cn_ldb_val(schema, rdn); if (!target_class) { talloc_free(dn); return LDB_ERR_CONSTRAINT_VIOLATION; } status = GUID_to_ndr_blob(&target_class->objectGUID, dn, &guid); if (!NT_STATUS_IS_OK(status)) { talloc_free(dn); return ldb_operr(ldb); } ldb_dn_set_extended_component(dn, "GUID", &guid); cur->defaultObjectCategory = ldb_dn_get_extended_linearized(cur, dn, 1); talloc_free(dn); } return LDB_SUCCESS; }
/* fill in the cldap netlogon union for a given version */ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx, const char *domain, const char *netbios_domain, struct dom_sid *domain_sid, const char *domain_guid, const char *user, uint32_t acct_control, const char *src_address, uint32_t version, struct loadparm_context *lp_ctx, struct netlogon_samlogon_response *netlogon, bool fill_on_blank_request) { const char *dom_attrs[] = {"objectGUID", NULL}; const char *none_attrs[] = {NULL}; struct ldb_result *dom_res = NULL, *user_res = NULL; int ret; const char **services = lpcfg_server_services(lp_ctx); uint32_t server_type; const char *pdc_name; struct GUID domain_uuid; const char *dns_domain; const char *forest_domain; const char *pdc_dns_name; const char *flatname; const char *server_site; const char *client_site; const char *pdc_ip; struct ldb_dn *domain_dn = NULL; struct interface *ifaces; bool user_known, am_rodc; NTSTATUS status; /* the domain parameter could have an optional trailing "." */ if (domain && domain[strlen(domain)-1] == '.') { domain = talloc_strndup(mem_ctx, domain, strlen(domain)-1); NT_STATUS_HAVE_NO_MEMORY(domain); } /* Lookup using long or short domainname */ if (domain && (strcasecmp_m(domain, lpcfg_dnsdomain(lp_ctx)) == 0)) { domain_dn = ldb_get_default_basedn(sam_ctx); } if (netbios_domain && (strcasecmp_m(netbios_domain, lpcfg_sam_name(lp_ctx)) == 0)) { domain_dn = ldb_get_default_basedn(sam_ctx); } if (domain_dn) { const char *domain_identifier = domain != NULL ? domain : netbios_domain; ret = ldb_search(sam_ctx, mem_ctx, &dom_res, domain_dn, LDB_SCOPE_BASE, dom_attrs, "objectClass=domain"); if (ret != LDB_SUCCESS) { DEBUG(2,("Error finding domain '%s'/'%s' in sam: %s\n", domain_identifier, ldb_dn_get_linearized(domain_dn), ldb_errstring(sam_ctx))); return NT_STATUS_NO_SUCH_DOMAIN; } if (dom_res->count != 1) { DEBUG(2,("Error finding domain '%s'/'%s' in sam\n", domain_identifier, ldb_dn_get_linearized(domain_dn))); return NT_STATUS_NO_SUCH_DOMAIN; } } /* Lookup using GUID or SID */ if ((dom_res == NULL) && (domain_guid || domain_sid)) { if (domain_guid) { struct GUID binary_guid; struct ldb_val guid_val; /* By this means, we ensure we don't have funny stuff in the GUID */ status = GUID_from_string(domain_guid, &binary_guid); if (!NT_STATUS_IS_OK(status)) { return status; } /* And this gets the result into the binary format we want anyway */ status = GUID_to_ndr_blob(&binary_guid, mem_ctx, &guid_val); if (!NT_STATUS_IS_OK(status)) { return status; } ret = ldb_search(sam_ctx, mem_ctx, &dom_res, NULL, LDB_SCOPE_SUBTREE, dom_attrs, "(&(objectCategory=DomainDNS)(objectGUID=%s))", ldb_binary_encode(mem_ctx, guid_val)); } else { /* domain_sid case */ ret = ldb_search(sam_ctx, mem_ctx, &dom_res, NULL, LDB_SCOPE_SUBTREE, dom_attrs, "(&(objectCategory=DomainDNS)(objectSid=%s))", dom_sid_string(mem_ctx, domain_sid)); } if (ret != LDB_SUCCESS) { DEBUG(2,("Unable to find a correct reference to GUID '%s' or SID '%s' in sam: %s\n", domain_guid, dom_sid_string(mem_ctx, domain_sid), ldb_errstring(sam_ctx))); return NT_STATUS_NO_SUCH_DOMAIN; } else if (dom_res->count == 1) { /* Ok, now just check it is our domain */ if (ldb_dn_compare(ldb_get_default_basedn(sam_ctx), dom_res->msgs[0]->dn) != 0) { DEBUG(2,("The GUID '%s' or SID '%s' doesn't identify our domain\n", domain_guid, dom_sid_string(mem_ctx, domain_sid))); return NT_STATUS_NO_SUCH_DOMAIN; } } else { DEBUG(2,("Unable to find a correct reference to GUID '%s' or SID '%s' in sam\n", domain_guid, dom_sid_string(mem_ctx, domain_sid))); return NT_STATUS_NO_SUCH_DOMAIN; } } if (dom_res == NULL && fill_on_blank_request) { /* blank inputs gives our domain - tested against w2k8r2. Without this ADUC on Win7 won't start */ domain_dn = ldb_get_default_basedn(sam_ctx); ret = ldb_search(sam_ctx, mem_ctx, &dom_res, domain_dn, LDB_SCOPE_BASE, dom_attrs, "objectClass=domain"); if (ret != LDB_SUCCESS) { DEBUG(2,("Error finding domain '%s'/'%s' in sam: %s\n", lpcfg_dnsdomain(lp_ctx), ldb_dn_get_linearized(domain_dn), ldb_errstring(sam_ctx))); return NT_STATUS_NO_SUCH_DOMAIN; } } if (dom_res == NULL) { DEBUG(2,(__location__ ": Unable to get domain information with no inputs\n")); return NT_STATUS_NO_SUCH_DOMAIN; } /* work around different inputs for not-specified users */ if (!user) { user = ""; } /* Enquire about any valid username with just a CLDAP packet - * if kerberos didn't also do this, the security folks would * scream... */ if (user[0]) { \ /* Only allow some bits to be enquired: [MS-ATDS] 7.3.3.2 */ if (acct_control == (uint32_t)-1) { acct_control = 0; } acct_control = acct_control & (ACB_TEMPDUP | ACB_NORMAL | ACB_DOMTRUST | ACB_WSTRUST | ACB_SVRTRUST); /* We must exclude disabled accounts, but otherwise do the bitwise match the client asked for */ ret = ldb_search(sam_ctx, mem_ctx, &user_res, dom_res->msgs[0]->dn, LDB_SCOPE_SUBTREE, none_attrs, "(&(objectClass=user)(samAccountName=%s)" "(!(userAccountControl:" LDB_OID_COMPARATOR_AND ":=%u))" "(userAccountControl:" LDB_OID_COMPARATOR_OR ":=%u))", ldb_binary_encode_string(mem_ctx, user), UF_ACCOUNTDISABLE, ds_acb2uf(acct_control)); if (ret != LDB_SUCCESS) { DEBUG(2,("Unable to find reference to user '%s' with ACB 0x%8x under %s: %s\n", user, acct_control, ldb_dn_get_linearized(dom_res->msgs[0]->dn), ldb_errstring(sam_ctx))); return NT_STATUS_NO_SUCH_USER; } else if (user_res->count == 1) { user_known = true; } else { user_known = false; } } else { user_known = true; } server_type = DS_SERVER_DS | DS_SERVER_TIMESERV | DS_SERVER_GOOD_TIMESERV; if (samdb_is_pdc(sam_ctx)) { server_type |= DS_SERVER_PDC; } if (dsdb_functional_level(sam_ctx) >= DS_DOMAIN_FUNCTION_2008) { server_type |= DS_SERVER_FULL_SECRET_DOMAIN_6; } if (samdb_is_gc(sam_ctx)) { server_type |= DS_SERVER_GC; } if (str_list_check(services, "ldap")) { server_type |= DS_SERVER_LDAP; } if (str_list_check(services, "kdc")) { server_type |= DS_SERVER_KDC; } if (samdb_rodc(sam_ctx, &am_rodc) == LDB_SUCCESS && !am_rodc) { server_type |= DS_SERVER_WRITABLE; } pdc_name = talloc_asprintf(mem_ctx, "\\\\%s", lpcfg_netbios_name(lp_ctx)); NT_STATUS_HAVE_NO_MEMORY(pdc_name); domain_uuid = samdb_result_guid(dom_res->msgs[0], "objectGUID"); dns_domain = lpcfg_dnsdomain(lp_ctx); forest_domain = samdb_forest_name(sam_ctx, mem_ctx); NT_STATUS_HAVE_NO_MEMORY(forest_domain); pdc_dns_name = talloc_asprintf(mem_ctx, "%s.%s", strlower_talloc(mem_ctx, lpcfg_netbios_name(lp_ctx)), dns_domain); NT_STATUS_HAVE_NO_MEMORY(pdc_dns_name); flatname = lpcfg_workgroup(lp_ctx); server_site = samdb_server_site_name(sam_ctx, mem_ctx); NT_STATUS_HAVE_NO_MEMORY(server_site); client_site = samdb_client_site_name(sam_ctx, mem_ctx, src_address, NULL); NT_STATUS_HAVE_NO_MEMORY(client_site); if (strcasecmp(server_site, client_site) == 0) { server_type |= DS_SERVER_CLOSEST; } load_interface_list(mem_ctx, lp_ctx, &ifaces); if (src_address) { pdc_ip = iface_list_best_ip(ifaces, src_address); } else { pdc_ip = iface_list_first_v4(ifaces); } if (pdc_ip == NULL || !is_ipaddress_v4(pdc_ip)) { /* this matches windows behaviour */ pdc_ip = "127.0.0.1"; } ZERO_STRUCTP(netlogon); /* check if either of these bits is present */ if (version & (NETLOGON_NT_VERSION_5EX|NETLOGON_NT_VERSION_5EX_WITH_IP)) { uint32_t extra_flags = 0; netlogon->ntver = NETLOGON_NT_VERSION_5EX; /* could check if the user exists */ if (user_known) { netlogon->data.nt5_ex.command = LOGON_SAM_LOGON_RESPONSE_EX; } else { netlogon->data.nt5_ex.command = LOGON_SAM_LOGON_USER_UNKNOWN_EX; } netlogon->data.nt5_ex.pdc_name = pdc_name; netlogon->data.nt5_ex.user_name = user; netlogon->data.nt5_ex.domain_name = flatname; netlogon->data.nt5_ex.domain_uuid = domain_uuid; netlogon->data.nt5_ex.forest = forest_domain; netlogon->data.nt5_ex.dns_domain = dns_domain; netlogon->data.nt5_ex.pdc_dns_name = pdc_dns_name; netlogon->data.nt5_ex.server_site = server_site; netlogon->data.nt5_ex.client_site = client_site; if (version & NETLOGON_NT_VERSION_5EX_WITH_IP) { /* note that this is always a IPV4 address */ extra_flags = NETLOGON_NT_VERSION_5EX_WITH_IP; netlogon->data.nt5_ex.sockaddr.sockaddr_family = 2; netlogon->data.nt5_ex.sockaddr.pdc_ip = pdc_ip; netlogon->data.nt5_ex.sockaddr.remaining = data_blob_talloc_zero(mem_ctx, 8); } netlogon->data.nt5_ex.server_type = server_type; netlogon->data.nt5_ex.nt_version = NETLOGON_NT_VERSION_1|NETLOGON_NT_VERSION_5EX|extra_flags; netlogon->data.nt5_ex.lmnt_token = 0xFFFF; netlogon->data.nt5_ex.lm20_token = 0xFFFF; } else if (version & NETLOGON_NT_VERSION_5) { netlogon->ntver = NETLOGON_NT_VERSION_5; /* could check if the user exists */ if (user_known) { netlogon->data.nt5.command = LOGON_SAM_LOGON_RESPONSE; } else { netlogon->data.nt5.command = LOGON_SAM_LOGON_USER_UNKNOWN; } netlogon->data.nt5.pdc_name = pdc_name; netlogon->data.nt5.user_name = user; netlogon->data.nt5.domain_name = flatname; netlogon->data.nt5.domain_uuid = domain_uuid; netlogon->data.nt5.forest = forest_domain; netlogon->data.nt5.dns_domain = dns_domain; netlogon->data.nt5.pdc_dns_name = pdc_dns_name; netlogon->data.nt5.pdc_ip = pdc_ip; netlogon->data.nt5.server_type = server_type; netlogon->data.nt5.nt_version = NETLOGON_NT_VERSION_1|NETLOGON_NT_VERSION_5; netlogon->data.nt5.lmnt_token = 0xFFFF; netlogon->data.nt5.lm20_token = 0xFFFF; } else /* (version & NETLOGON_NT_VERSION_1) and all other cases */ { netlogon->ntver = NETLOGON_NT_VERSION_1; /* could check if the user exists */ if (user_known) { netlogon->data.nt4.command = LOGON_SAM_LOGON_RESPONSE; } else { netlogon->data.nt4.command = LOGON_SAM_LOGON_USER_UNKNOWN; } netlogon->data.nt4.pdc_name = pdc_name; netlogon->data.nt4.user_name = user; netlogon->data.nt4.domain_name = flatname; netlogon->data.nt4.nt_version = NETLOGON_NT_VERSION_1; netlogon->data.nt4.lmnt_token = 0xFFFF; netlogon->data.nt4.lm20_token = 0xFFFF; } return NT_STATUS_OK; }
static WERROR dsdb_convert_object_ex(struct ldb_context *ldb, const struct dsdb_schema *schema, const struct drsuapi_DsReplicaObjectListItemEx *in, const DATA_BLOB *gensec_skey, TALLOC_CTX *mem_ctx, struct dsdb_extended_replicated_object *out) { NTSTATUS nt_status; WERROR status; uint32_t i; struct ldb_message *msg; struct replPropertyMetaDataBlob *md; struct ldb_val guid_value; NTTIME whenChanged = 0; time_t whenChanged_t; const char *whenChanged_s; const char *rdn_name = NULL; const struct ldb_val *rdn_value = NULL; const struct dsdb_attribute *rdn_attr = NULL; uint32_t rdn_attid; struct drsuapi_DsReplicaAttribute *name_a = NULL; struct drsuapi_DsReplicaMetaData *name_d = NULL; struct replPropertyMetaData1 *rdn_m = NULL; struct dom_sid *sid = NULL; uint32_t rid = 0; int ret; if (!in->object.identifier) { return WERR_FOOBAR; } if (!in->object.identifier->dn || !in->object.identifier->dn[0]) { return WERR_FOOBAR; } if (in->object.attribute_ctr.num_attributes != 0 && !in->meta_data_ctr) { return WERR_FOOBAR; } if (in->object.attribute_ctr.num_attributes != in->meta_data_ctr->count) { return WERR_FOOBAR; } sid = &in->object.identifier->sid; if (sid->num_auths > 0) { rid = sid->sub_auths[sid->num_auths - 1]; } msg = ldb_msg_new(mem_ctx); W_ERROR_HAVE_NO_MEMORY(msg); msg->dn = ldb_dn_new(msg, ldb, in->object.identifier->dn); W_ERROR_HAVE_NO_MEMORY(msg->dn); rdn_name = ldb_dn_get_rdn_name(msg->dn); rdn_attr = dsdb_attribute_by_lDAPDisplayName(schema, rdn_name); if (!rdn_attr) { return WERR_FOOBAR; } rdn_attid = rdn_attr->attributeID_id; rdn_value = ldb_dn_get_rdn_val(msg->dn); msg->num_elements = in->object.attribute_ctr.num_attributes; msg->elements = talloc_array(msg, struct ldb_message_element, msg->num_elements); W_ERROR_HAVE_NO_MEMORY(msg->elements); md = talloc(mem_ctx, struct replPropertyMetaDataBlob); W_ERROR_HAVE_NO_MEMORY(md); md->version = 1; md->reserved = 0; md->ctr.ctr1.count = in->meta_data_ctr->count; md->ctr.ctr1.reserved = 0; md->ctr.ctr1.array = talloc_array(mem_ctx, struct replPropertyMetaData1, md->ctr.ctr1.count + 1); /* +1 because of the RDN attribute */ W_ERROR_HAVE_NO_MEMORY(md->ctr.ctr1.array); for (i=0; i < in->meta_data_ctr->count; i++) { struct drsuapi_DsReplicaAttribute *a; struct drsuapi_DsReplicaMetaData *d; struct replPropertyMetaData1 *m; struct ldb_message_element *e; int j; a = &in->object.attribute_ctr.attributes[i]; d = &in->meta_data_ctr->meta_data[i]; m = &md->ctr.ctr1.array[i]; e = &msg->elements[i]; for (j=0; j<a->value_ctr.num_values; j++) { status = drsuapi_decrypt_attribute(a->value_ctr.values[j].blob, gensec_skey, rid, a); W_ERROR_NOT_OK_RETURN(status); } status = dsdb_attribute_drsuapi_to_ldb(ldb, schema, a, msg->elements, e); if (!NT_STATUS_IS_OK(status) && a->value_ctr.num_values == 0) { /* w2k8-r2 occasionally sends bogus empty attributes with rubbish attribute IDs. The only think we can do is discard these */ DEBUG(0,(__location__ ": Discarding bogus empty DsReplicaAttribute with attid 0x%x\n", a->attid)); ZERO_STRUCTP(e); continue; } W_ERROR_NOT_OK_RETURN(status); m->attid = a->attid; m->version = d->version; m->originating_change_time = d->originating_change_time; m->originating_invocation_id = d->originating_invocation_id; m->originating_usn = d->originating_usn; m->local_usn = 0; if (d->originating_change_time > whenChanged) { whenChanged = d->originating_change_time; } if (a->attid == DRSUAPI_ATTRIBUTE_name) { name_a = a; name_d = d; rdn_m = &md->ctr.ctr1.array[md->ctr.ctr1.count]; } } /* delete any empty elements */ for (i=0; i < msg->num_elements; i++) { if (msg->elements[i].name == NULL) { ldb_msg_remove_element(msg, &msg->elements[i]); i--; } } if (rdn_m) { struct ldb_message_element *el; el = ldb_msg_find_element(msg, rdn_attr->lDAPDisplayName); if (!el) { ret = ldb_msg_add_value(msg, rdn_attr->lDAPDisplayName, rdn_value, NULL); if (ret != LDB_SUCCESS) { return WERR_FOOBAR; } } else { if (el->num_values != 1) { DEBUG(0,(__location__ ": Unexpected num_values=%u\n", el->num_values)); return WERR_FOOBAR; } if (!ldb_val_equal_exact(&el->values[0], rdn_value)) { DEBUG(0,(__location__ ": RDN value changed? '%*.*s' '%*.*s'\n", (int)el->values[0].length, (int)el->values[0].length, el->values[0].data, (int)rdn_value->length, (int)rdn_value->length, rdn_value->data)); return WERR_FOOBAR; } } rdn_m->attid = rdn_attid; rdn_m->version = name_d->version; rdn_m->originating_change_time = name_d->originating_change_time; rdn_m->originating_invocation_id = name_d->originating_invocation_id; rdn_m->originating_usn = name_d->originating_usn; rdn_m->local_usn = 0; md->ctr.ctr1.count++; } whenChanged_t = nt_time_to_unix(whenChanged); whenChanged_s = ldb_timestring(msg, whenChanged_t); W_ERROR_HAVE_NO_MEMORY(whenChanged_s); nt_status = GUID_to_ndr_blob(&in->object.identifier->guid, msg, &guid_value); if (!NT_STATUS_IS_OK(nt_status)) { return ntstatus_to_werror(nt_status); } out->msg = msg; out->guid_value = guid_value; out->when_changed = whenChanged_s; out->meta_data = md; return WERR_OK; }
WERROR dsdb_convert_object_ex(struct ldb_context *ldb, const struct dsdb_schema *schema, const struct dsdb_schema_prefixmap *pfm_remote, const struct drsuapi_DsReplicaObjectListItemEx *in, const DATA_BLOB *gensec_skey, const uint32_t *ignore_attids, uint32_t dsdb_repl_flags, TALLOC_CTX *mem_ctx, struct dsdb_extended_replicated_object *out) { NTSTATUS nt_status; WERROR status = WERR_OK; uint32_t i; struct ldb_message *msg; struct replPropertyMetaDataBlob *md; int instanceType; struct ldb_message_element *instanceType_e = NULL; struct ldb_val guid_value; struct ldb_val parent_guid_value; NTTIME whenChanged = 0; time_t whenChanged_t; const char *whenChanged_s; struct drsuapi_DsReplicaAttribute *name_a = NULL; struct drsuapi_DsReplicaMetaData *name_d = NULL; struct replPropertyMetaData1 *rdn_m = NULL; struct dom_sid *sid = NULL; uint32_t rid = 0; uint32_t attr_count; int ret; if (!in->object.identifier) { return WERR_FOOBAR; } if (!in->object.identifier->dn || !in->object.identifier->dn[0]) { return WERR_FOOBAR; } if (in->object.attribute_ctr.num_attributes != 0 && !in->meta_data_ctr) { return WERR_FOOBAR; } if (in->object.attribute_ctr.num_attributes != in->meta_data_ctr->count) { return WERR_FOOBAR; } sid = &in->object.identifier->sid; if (sid->num_auths > 0) { rid = sid->sub_auths[sid->num_auths - 1]; } msg = ldb_msg_new(mem_ctx); W_ERROR_HAVE_NO_MEMORY(msg); msg->dn = ldb_dn_new(msg, ldb, in->object.identifier->dn); W_ERROR_HAVE_NO_MEMORY(msg->dn); msg->num_elements = in->object.attribute_ctr.num_attributes; msg->elements = talloc_array(msg, struct ldb_message_element, msg->num_elements + 1); /* +1 because of the RDN attribute */ W_ERROR_HAVE_NO_MEMORY(msg->elements); md = talloc(mem_ctx, struct replPropertyMetaDataBlob); W_ERROR_HAVE_NO_MEMORY(md); md->version = 1; md->reserved = 0; md->ctr.ctr1.count = in->meta_data_ctr->count; md->ctr.ctr1.reserved = 0; md->ctr.ctr1.array = talloc_array(mem_ctx, struct replPropertyMetaData1, md->ctr.ctr1.count + 1); /* +1 because of the RDN attribute */ W_ERROR_HAVE_NO_MEMORY(md->ctr.ctr1.array); for (i=0, attr_count=0; i < in->meta_data_ctr->count; i++, attr_count++) { struct drsuapi_DsReplicaAttribute *a; struct drsuapi_DsReplicaMetaData *d; struct replPropertyMetaData1 *m; struct ldb_message_element *e; uint32_t j; a = &in->object.attribute_ctr.attributes[i]; d = &in->meta_data_ctr->meta_data[i]; m = &md->ctr.ctr1.array[attr_count]; e = &msg->elements[attr_count]; if (dsdb_attid_in_list(ignore_attids, a->attid)) { attr_count--; continue; } if (GUID_all_zero(&d->originating_invocation_id)) { status = WERR_DS_SRC_GUID_MISMATCH; DEBUG(0, ("Refusing replication of object containing invalid zero invocationID on attribute %d of %s: %s\n", a->attid, ldb_dn_get_linearized(msg->dn), win_errstr(status))); return status; } if (a->attid == DRSUAPI_ATTID_instanceType) { if (instanceType_e != NULL) { return WERR_FOOBAR; } instanceType_e = e; } for (j=0; j<a->value_ctr.num_values; j++) { status = drsuapi_decrypt_attribute(a->value_ctr.values[j].blob, gensec_skey, rid, dsdb_repl_flags, a); if (!W_ERROR_IS_OK(status)) { break; } } if (W_ERROR_EQUAL(status, WERR_TOO_MANY_SECRETS)) { WERROR get_name_status = dsdb_attribute_drsuapi_to_ldb(ldb, schema, pfm_remote, a, msg->elements, e); if (W_ERROR_IS_OK(get_name_status)) { DEBUG(0, ("Unxpectedly got secret value %s on %s from DRS server\n", e->name, ldb_dn_get_linearized(msg->dn))); } else { DEBUG(0, ("Unxpectedly got secret value on %s from DRS server", ldb_dn_get_linearized(msg->dn))); } } else if (!W_ERROR_IS_OK(status)) { return status; } status = dsdb_attribute_drsuapi_to_ldb(ldb, schema, pfm_remote, a, msg->elements, e); W_ERROR_NOT_OK_RETURN(status); m->attid = a->attid; m->version = d->version; m->originating_change_time = d->originating_change_time; m->originating_invocation_id = d->originating_invocation_id; m->originating_usn = d->originating_usn; m->local_usn = 0; if (d->originating_change_time > whenChanged) { whenChanged = d->originating_change_time; } if (a->attid == DRSUAPI_ATTID_name) { name_a = a; name_d = d; } } msg->num_elements = attr_count; md->ctr.ctr1.count = attr_count; if (name_a) { rdn_m = &md->ctr.ctr1.array[md->ctr.ctr1.count]; } if (rdn_m) { struct ldb_message_element *el; const char *rdn_name = NULL; const struct ldb_val *rdn_value = NULL; const struct dsdb_attribute *rdn_attr = NULL; uint32_t rdn_attid; /* * We only need the schema calls for the RDN in this * codepath, and by doing this we avoid needing to * have the dsdb_attribute_by_lDAPDisplayName accessor * working during the schema load. */ rdn_name = ldb_dn_get_rdn_name(msg->dn); rdn_attr = dsdb_attribute_by_lDAPDisplayName(schema, rdn_name); if (!rdn_attr) { return WERR_FOOBAR; } rdn_attid = rdn_attr->attributeID_id; rdn_value = ldb_dn_get_rdn_val(msg->dn); el = ldb_msg_find_element(msg, rdn_attr->lDAPDisplayName); if (!el) { ret = ldb_msg_add_value(msg, rdn_attr->lDAPDisplayName, rdn_value, NULL); if (ret != LDB_SUCCESS) { return WERR_FOOBAR; } } else { if (el->num_values != 1) { DEBUG(0,(__location__ ": Unexpected num_values=%u\n", el->num_values)); return WERR_FOOBAR; } if (!ldb_val_equal_exact(&el->values[0], rdn_value)) { DEBUG(0,(__location__ ": RDN value changed? '%*.*s' '%*.*s'\n", (int)el->values[0].length, (int)el->values[0].length, el->values[0].data, (int)rdn_value->length, (int)rdn_value->length, rdn_value->data)); return WERR_FOOBAR; } } rdn_m->attid = rdn_attid; rdn_m->version = name_d->version; rdn_m->originating_change_time = name_d->originating_change_time; rdn_m->originating_invocation_id = name_d->originating_invocation_id; rdn_m->originating_usn = name_d->originating_usn; rdn_m->local_usn = 0; md->ctr.ctr1.count++; } if (instanceType_e == NULL) { return WERR_FOOBAR; } instanceType = ldb_msg_find_attr_as_int(msg, "instanceType", 0); if (dsdb_repl_flags & DSDB_REPL_FLAG_PARTIAL_REPLICA) { /* the instanceType type for partial_replica replication is sent via DRS with TYPE_WRITE set, but must be used on the client with TYPE_WRITE removed */ if (instanceType & INSTANCE_TYPE_WRITE) { /* * Make sure we do not change the order * of msg->elements! * * That's why we use * instanceType_e->num_values = 0 * instead of * ldb_msg_remove_attr(msg, "instanceType"); */ struct ldb_message_element *e; e = ldb_msg_find_element(msg, "instanceType"); if (e != instanceType_e) { DEBUG(0,("instanceType_e[%p] changed to e[%p]\n", instanceType_e, e)); return WERR_FOOBAR; } instanceType_e->num_values = 0; instanceType &= ~INSTANCE_TYPE_WRITE; if (ldb_msg_add_fmt(msg, "instanceType", "%d", instanceType) != LDB_SUCCESS) { return WERR_INTERNAL_ERROR; } } } else { if (!(instanceType & INSTANCE_TYPE_WRITE)) { DEBUG(0, ("Refusing to replicate %s from a read-only repilca into a read-write replica!\n", ldb_dn_get_linearized(msg->dn))); return WERR_DS_DRA_SOURCE_IS_PARTIAL_REPLICA; } } whenChanged_t = nt_time_to_unix(whenChanged); whenChanged_s = ldb_timestring(msg, whenChanged_t); W_ERROR_HAVE_NO_MEMORY(whenChanged_s); nt_status = GUID_to_ndr_blob(&in->object.identifier->guid, msg, &guid_value); if (!NT_STATUS_IS_OK(nt_status)) { return ntstatus_to_werror(nt_status); } if (in->parent_object_guid) { nt_status = GUID_to_ndr_blob(in->parent_object_guid, msg, &parent_guid_value); if (!NT_STATUS_IS_OK(nt_status)) { return ntstatus_to_werror(nt_status); } } else { parent_guid_value = data_blob_null; } out->msg = msg; out->guid_value = guid_value; out->parent_guid_value = parent_guid_value; out->when_changed = whenChanged_s; out->meta_data = md; return WERR_OK; }
NTSTATUS smbsrv_push_passthru_fsinfo(TALLOC_CTX *mem_ctx, DATA_BLOB *blob, enum smb_fsinfo_level level, union smb_fsinfo *fsinfo, int default_str_flags) { unsigned int i; DATA_BLOB guid_blob; switch (level) { case RAW_QFS_VOLUME_INFORMATION: BLOB_CHECK(smbsrv_blob_grow_data(mem_ctx, blob, 18)); push_nttime(blob->data, 0, fsinfo->volume_info.out.create_time); SIVAL(blob->data, 8, fsinfo->volume_info.out.serial_number); SSVAL(blob->data, 16, 0); /* padding */ BLOB_CHECK(smbsrv_blob_append_string(mem_ctx, blob, fsinfo->volume_info.out.volume_name.s, 12, default_str_flags, STR_UNICODE)); return NT_STATUS_OK; case RAW_QFS_SIZE_INFORMATION: BLOB_CHECK(smbsrv_blob_grow_data(mem_ctx, blob, 24)); SBVAL(blob->data, 0, fsinfo->size_info.out.total_alloc_units); SBVAL(blob->data, 8, fsinfo->size_info.out.avail_alloc_units); SIVAL(blob->data, 16, fsinfo->size_info.out.sectors_per_unit); SIVAL(blob->data, 20, fsinfo->size_info.out.bytes_per_sector); return NT_STATUS_OK; case RAW_QFS_DEVICE_INFORMATION: BLOB_CHECK(smbsrv_blob_grow_data(mem_ctx, blob, 8)); SIVAL(blob->data, 0, fsinfo->device_info.out.device_type); SIVAL(blob->data, 4, fsinfo->device_info.out.characteristics); return NT_STATUS_OK; case RAW_QFS_ATTRIBUTE_INFORMATION: BLOB_CHECK(smbsrv_blob_grow_data(mem_ctx, blob, 12)); SIVAL(blob->data, 0, fsinfo->attribute_info.out.fs_attr); SIVAL(blob->data, 4, fsinfo->attribute_info.out.max_file_component_length); /* this must not be null terminated or win98 gets confused! also note that w2k3 returns this as unicode even when ascii is negotiated */ BLOB_CHECK(smbsrv_blob_append_string(mem_ctx, blob, fsinfo->attribute_info.out.fs_type.s, 8, default_str_flags, STR_UNICODE)); return NT_STATUS_OK; case RAW_QFS_QUOTA_INFORMATION: BLOB_CHECK(smbsrv_blob_grow_data(mem_ctx, blob, 48)); SBVAL(blob->data, 0, fsinfo->quota_information.out.unknown[0]); SBVAL(blob->data, 8, fsinfo->quota_information.out.unknown[1]); SBVAL(blob->data, 16, fsinfo->quota_information.out.unknown[2]); SBVAL(blob->data, 24, fsinfo->quota_information.out.quota_soft); SBVAL(blob->data, 32, fsinfo->quota_information.out.quota_hard); SBVAL(blob->data, 40, fsinfo->quota_information.out.quota_flags); return NT_STATUS_OK; case RAW_QFS_FULL_SIZE_INFORMATION: BLOB_CHECK(smbsrv_blob_grow_data(mem_ctx, blob, 32)); SBVAL(blob->data, 0, fsinfo->full_size_information.out.total_alloc_units); SBVAL(blob->data, 8, fsinfo->full_size_information.out.call_avail_alloc_units); SBVAL(blob->data, 16, fsinfo->full_size_information.out.actual_avail_alloc_units); SIVAL(blob->data, 24, fsinfo->full_size_information.out.sectors_per_unit); SIVAL(blob->data, 28, fsinfo->full_size_information.out.bytes_per_sector); return NT_STATUS_OK; case RAW_QFS_OBJECTID_INFORMATION: { NTSTATUS status; BLOB_CHECK(smbsrv_blob_grow_data(mem_ctx, blob, 64)); status = GUID_to_ndr_blob(&fsinfo->objectid_information.out.guid, mem_ctx, &guid_blob); if (!NT_STATUS_IS_OK(status)) { BLOB_CHECK(status); } memcpy(blob->data, guid_blob.data, guid_blob.length); for (i=0;i<6;i++) { SBVAL(blob->data, 16 + 8*i, fsinfo->objectid_information.out.unknown[i]); } return NT_STATUS_OK; } default: return NT_STATUS_INVALID_LEVEL; } }
* has the same result as integer comparison between the uint32_t * values. * * TODO: implement string based key */ #define SMBXSRV_CLIENT_GLOBAL_TDB_KEY_SIZE 16 static TDB_DATA smbXsrv_client_global_id_to_key(const struct GUID *client_guid, uint8_t *key_buf) { TDB_DATA key = { .dsize = 0, }; NTSTATUS status; DATA_BLOB b; status = GUID_to_ndr_blob(client_guid, talloc_tos(), &b); if (!NT_STATUS_IS_OK(status)) { return key; } memcpy(key_buf, b.data, SMBXSRV_CLIENT_GLOBAL_TDB_KEY_SIZE); data_blob_free(&b); key = make_tdb_data(key_buf, SMBXSRV_CLIENT_GLOBAL_TDB_KEY_SIZE); return key; } static struct db_record *smbXsrv_client_global_fetch_locked( struct db_context *db, const struct GUID *client_guid, TALLOC_CTX *mem_ctx)