WERROR dreplsrv_load_partitions(struct dreplsrv_service *s)
{
WERROR status;
static const char *attrs[] = { "namingContexts", NULL };
unsigned int i;
int ret;
TALLOC_CTX *tmp_ctx;
struct ldb_result *res;
struct ldb_message_element *el;
tmp_ctx = talloc_new(s);
W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
ret = ldb_search(s->samdb, tmp_ctx, &res,
ldb_dn_new(tmp_ctx, s->samdb, ""), LDB_SCOPE_BASE, attrs, NULL);
if (ret != LDB_SUCCESS) {
DEBUG(1,("Searching for namingContexts in rootDSE failed: %s\n", ldb_errstring(s->samdb)));
talloc_free(tmp_ctx);
return WERR_DS_DRA_INTERNAL_ERROR;
}
el = ldb_msg_find_element(res->msgs[0], "namingContexts");
if (!el) {
DEBUG(1,("Finding namingContexts element in root_res failed: %s\n",
ldb_errstring(s->samdb)));
talloc_free(tmp_ctx);
return WERR_DS_DRA_INTERNAL_ERROR;
}
for (i=0; i<el->num_values; i++) {
struct ldb_dn *pdn;
struct dreplsrv_partition *p;
pdn = ldb_dn_from_ldb_val(tmp_ctx, s->samdb, &el->values[i]);
if (pdn == NULL) {
talloc_free(tmp_ctx);
return WERR_DS_DRA_INTERNAL_ERROR;
}
if (!ldb_dn_validate(pdn)) {
return WERR_DS_DRA_INTERNAL_ERROR;
}
p = talloc_zero(s, struct dreplsrv_partition);
W_ERROR_HAVE_NO_MEMORY(p);
p->dn = talloc_steal(p, pdn);
DLIST_ADD(s->partitions, p);
DEBUG(2, ("dreplsrv_partition[%s] loaded\n", ldb_dn_get_linearized(p->dn)));
}
talloc_free(tmp_ctx);
status = dreplsrv_refresh_partitions(s);
W_ERROR_NOT_OK_RETURN(status);
return WERR_OK;
}
int ridalloc_new_own_pool(struct ldb_module *module, uint64_t *new_pool, struct ldb_request *parent)
{
TALLOC_CTX *tmp_ctx = talloc_new(module);
struct ldb_dn *rid_manager_dn, *fsmo_role_dn;
int ret;
struct ldb_context *ldb = ldb_module_get_ctx(module);
bool is_us;
/* work out who is the RID Manager */
ret = dsdb_module_rid_manager_dn(module, tmp_ctx, &rid_manager_dn, parent);
if (ret != LDB_SUCCESS) {
ldb_asprintf_errstring(ldb, "Failed to find RID Manager object - %s",
ldb_errstring(ldb));
talloc_free(tmp_ctx);
return ret;
}
/* find the DN of the RID Manager */
ret = dsdb_module_reference_dn(module, tmp_ctx, rid_manager_dn, "fSMORoleOwner", &fsmo_role_dn, parent);
if (ret != LDB_SUCCESS) {
ldb_asprintf_errstring(ldb, "Failed to find fSMORoleOwner in RID Manager object - %s",
ldb_errstring(ldb));
talloc_free(tmp_ctx);
return ret;
}
ret = samdb_dn_is_our_ntdsa(ldb, fsmo_role_dn, &is_us);
if (ret != LDB_SUCCESS) {
ldb_asprintf_errstring(ldb, "Failed to confirm if our ntdsDsa is %s: %s",
ldb_dn_get_linearized(fsmo_role_dn), ldb_errstring(ldb));
talloc_free(tmp_ctx);
return ret;
}
if (!is_us) {
ret = ridalloc_poke_rid_manager(module);
if (ret != LDB_SUCCESS) {
ldb_asprintf_errstring(ldb, "Request for remote refresh of RID Set allocation failed: %s",
ldb_errstring(ldb));
} else {
ldb_asprintf_errstring(ldb, "Remote RID Set refresh needed");
}
talloc_free(tmp_ctx);
return LDB_ERR_UNWILLING_TO_PERFORM;
}
/* grab a pool from the RID Manager object */
ret = ridalloc_rid_manager_allocate(module, rid_manager_dn, new_pool, parent);
if (ret != LDB_SUCCESS) {
talloc_free(tmp_ctx);
return ret;
}
talloc_free(tmp_ctx);
return ret;
}
int main(int argc, const char **argv)
{
struct ldb_context *ldb;
unsigned int i, count = 0;
int ret = LDB_SUCCESS;
TALLOC_CTX *mem_ctx = talloc_new(NULL);
ldb = ldb_init(mem_ctx, NULL);
if (ldb == NULL) {
return LDB_ERR_OPERATIONS_ERROR;
}
options = ldb_cmdline_process(ldb, argc, argv, usage);
ret = ldb_transaction_start(ldb);
if (ret != LDB_SUCCESS) {
printf("Failed to start transaction: %s\n", ldb_errstring(ldb));
return ret;
}
if (options->argc == 0) {
ret = process_file(ldb, stdin, &count);
} else {
for (i=0;i<options->argc;i++) {
const char *fname = options->argv[i];
FILE *f;
f = fopen(fname, "r");
if (!f) {
perror(fname);
return LDB_ERR_OPERATIONS_ERROR;
}
ret = process_file(ldb, f, &count);
fclose(f);
}
}
if (count != 0) {
ret = ldb_transaction_commit(ldb);
if (ret != LDB_SUCCESS) {
printf("Failed to commit transaction: %s\n", ldb_errstring(ldb));
return ret;
}
} else {
ldb_transaction_cancel(ldb);
}
talloc_free(mem_ctx);
if (ret) {
printf("Add failed after processing %u records\n", count);
} else {
printf("Added %u records successfully\n", count);
}
return ret;
}
/*
allocate a new range of RIDs in the RID Manager object
*/
static int ridalloc_rid_manager_allocate(struct ldb_module *module, struct ldb_dn *rid_manager_dn, uint64_t *new_pool,
struct ldb_request *parent)
{
int ret;
TALLOC_CTX *tmp_ctx = talloc_new(module);
const char *attrs[] = { "rIDAvailablePool", NULL };
uint64_t rid_pool, new_rid_pool, dc_pool;
uint32_t rid_pool_lo, rid_pool_hi;
struct ldb_result *res;
struct ldb_context *ldb = ldb_module_get_ctx(module);
const unsigned alloc_size = 500;
ret = dsdb_module_search_dn(module, tmp_ctx, &res, rid_manager_dn,
attrs, DSDB_FLAG_NEXT_MODULE, parent);
if (ret != LDB_SUCCESS) {
ldb_asprintf_errstring(ldb, "Failed to find rIDAvailablePool in %s - %s",
ldb_dn_get_linearized(rid_manager_dn), ldb_errstring(ldb));
talloc_free(tmp_ctx);
return ret;
}
rid_pool = ldb_msg_find_attr_as_uint64(res->msgs[0], "rIDAvailablePool", 0);
rid_pool_lo = rid_pool & 0xFFFFFFFF;
rid_pool_hi = rid_pool >> 32;
if (rid_pool_lo >= rid_pool_hi) {
ldb_asprintf_errstring(ldb, "Out of RIDs in RID Manager - rIDAvailablePool is %u-%u",
rid_pool_lo, rid_pool_hi);
talloc_free(tmp_ctx);
return ret;
}
/* lower part of new pool is the low part of the rIDAvailablePool */
dc_pool = rid_pool_lo;
/* allocate 500 RIDs to this DC */
rid_pool_lo = MIN(rid_pool_hi, rid_pool_lo + alloc_size);
/* work out upper part of new pool */
dc_pool |= (((uint64_t)rid_pool_lo-1)<<32);
/* and new rIDAvailablePool value */
new_rid_pool = rid_pool_lo | (((uint64_t)rid_pool_hi)<<32);
ret = dsdb_module_constrainted_update_uint64(module, rid_manager_dn, "rIDAvailablePool",
&rid_pool, &new_rid_pool, parent);
if (ret != LDB_SUCCESS) {
ldb_asprintf_errstring(ldb, "Failed to update rIDAvailablePool - %s",
ldb_errstring(ldb));
talloc_free(tmp_ctx);
return ret;
}
(*new_pool) = dc_pool;
talloc_free(tmp_ctx);
return LDB_SUCCESS;
}
/*
* add any missing repsFrom structures to our partitions
*/
static NTSTATUS kccsrv_add_repsFrom(struct kccsrv_service *s, TALLOC_CTX *mem_ctx,
struct repsFromToBlob *reps, uint32_t count)
{
struct kccsrv_partition *p;
/* update the repsFrom on all partitions */
for (p=s->partitions; p; p=p->next) {
struct repsFromToBlob *old_reps;
uint32_t old_count;
WERROR werr;
int i;
bool modified = false;
werr = dsdb_loadreps(s->samdb, mem_ctx, p->dn, "repsFrom", &old_reps, &old_count);
if (!W_ERROR_IS_OK(werr)) {
DEBUG(0,(__location__ ": Failed to load repsFrom from %s - %s\n",
ldb_dn_get_linearized(p->dn), ldb_errstring(s->samdb)));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
/* add any new ones */
for (i=0; i<count; i++) {
if (!reps_in_list(&reps[i], old_reps, old_count)) {
old_reps = talloc_realloc(mem_ctx, old_reps, struct repsFromToBlob, old_count+1);
NT_STATUS_HAVE_NO_MEMORY(old_reps);
old_reps[old_count] = reps[i];
old_count++;
modified = true;
}
}
/* remove any stale ones */
for (i=0; i<old_count; i++) {
if (!reps_in_list(&old_reps[i], reps, count)) {
memmove(&old_reps[i], &old_reps[i+1], (old_count-(i+1))*sizeof(old_reps[0]));
old_count--;
i--;
modified = true;
}
}
if (modified) {
werr = dsdb_savereps(s->samdb, mem_ctx, p->dn, "repsFrom", old_reps, old_count);
if (!W_ERROR_IS_OK(werr)) {
DEBUG(0,(__location__ ": Failed to save repsFrom to %s - %s\n",
ldb_dn_get_linearized(p->dn), ldb_errstring(s->samdb)));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
}
}
/*
refresh a RID Set object for the specified DC
also returns the first RID for the new pool
*/
static int ridalloc_refresh_rid_set_ntds(struct ldb_module *module,
struct ldb_dn *rid_manager_dn,
struct ldb_dn *ntds_dn, uint64_t *new_pool)
{
TALLOC_CTX *tmp_ctx = talloc_new(module);
struct ldb_dn *server_dn, *machine_dn, *rid_set_dn;
struct ldb_context *ldb = ldb_module_get_ctx(module);
int ret;
/* grab a pool from the RID Manager object */
ret = ridalloc_rid_manager_allocate(module, rid_manager_dn, new_pool);
if (ret != LDB_SUCCESS) {
talloc_free(tmp_ctx);
return ret;
}
server_dn = ldb_dn_get_parent(tmp_ctx, ntds_dn);
if (!server_dn) {
ldb_module_oom(module);
talloc_free(tmp_ctx);
return LDB_ERR_OPERATIONS_ERROR;
}
ret = dsdb_module_reference_dn(module, tmp_ctx, server_dn, "serverReference", &machine_dn);
if (ret != LDB_SUCCESS) {
ldb_asprintf_errstring(ldb, "Failed to find serverReference in %s - %s",
ldb_dn_get_linearized(server_dn), ldb_errstring(ldb));
talloc_free(tmp_ctx);
return ret;
}
ret = dsdb_module_reference_dn(module, tmp_ctx, machine_dn, "rIDSetReferences", &rid_set_dn);
if (ret != LDB_SUCCESS) {
ldb_asprintf_errstring(ldb, "Failed to find rIDSetReferences in %s - %s",
ldb_dn_get_linearized(machine_dn), ldb_errstring(ldb));
talloc_free(tmp_ctx);
return ret;
}
ret = dsdb_module_set_integer(module, rid_set_dn, "rIDAllocationPool", *new_pool);
if (ret != LDB_SUCCESS) {
ldb_asprintf_errstring(ldb, "Failed to modify RID Set object %s - %s",
ldb_dn_get_linearized(rid_set_dn), ldb_errstring(ldb));
talloc_free(tmp_ctx);
return ret;
}
talloc_free(tmp_ctx);
return LDB_SUCCESS;
}
static int map_ldb_error(struct ldb_context *ldb, int err, const char **errstring)
{
*errstring = ldb_errstring(ldb);
/* its 1:1 for now */
return err;
}
/*
construct msDS-UserPasswordExpiryTimeComputed
*/
static int construct_msds_user_password_expiry_time_computed(struct ldb_module *module,
struct ldb_message *msg, enum ldb_scope scope,
struct ldb_request *parent)
{
struct ldb_context *ldb = ldb_module_get_ctx(module);
struct ldb_dn *nc_root;
int64_t password_expiry_time;
int ret;
ret = dsdb_find_nc_root(ldb, msg, msg->dn, &nc_root);
if (ret != 0) {
ldb_asprintf_errstring(ldb,
"Failed to find NC root of DN: %s: %s",
ldb_dn_get_linearized(msg->dn),
ldb_errstring(ldb));
return ret;
}
if (ldb_dn_compare(nc_root, ldb_get_default_basedn(ldb)) != 0) {
/* Only calculate this on our default NC */
return 0;
}
password_expiry_time
= get_msds_user_password_expiry_time_computed(module, msg,
nc_root);
return samdb_msg_add_int64(ldb,
msg->elements, msg,
"msDS-UserPasswordExpiryTimeComputed",
password_expiry_time);
}
/*
add records from an opened file
*/
static int process_file(struct ldb_context *ldb, FILE *f, int *count,
int *failures)
{
struct ldb_ldif *ldif;
int ret = LDB_SUCCESS;
while ((ldif = ldb_ldif_read_file(ldb, f))) {
if (ldif->changetype != LDB_CHANGETYPE_ADD &&
ldif->changetype != LDB_CHANGETYPE_NONE) {
fprintf(stderr, "Only CHANGETYPE_ADD records allowed\n");
break;
}
ldif->msg = ldb_msg_canonicalize(ldb, ldif->msg);
ret = ldb_add(ldb, ldif->msg);
if (ret != LDB_SUCCESS) {
fprintf(stderr, "ERR: \"%s\" on DN %s\n",
ldb_errstring(ldb), ldb_dn_linearize(ldb, ldif->msg->dn));
(*failures)++;
} else {
(*count)++;
}
ldb_ldif_read_free(ldb, ldif);
}
return ret;
}
static isc_result_t dlz_bind9_writeable_zone_hook(dns_view_t *view,
const char *zone_name)
{
struct torture_context *tctx = talloc_get_type((void *)view, struct torture_context);
struct ldb_context *samdb = samdb_connect_url(tctx, NULL, tctx->lp_ctx,
system_session(tctx->lp_ctx),
0, lpcfg_private_path(tctx, tctx->lp_ctx, "dns/sam.ldb"));
struct ldb_message *msg;
int ret;
const char *attrs[] = {
NULL
};
if (!samdb) {
torture_fail(tctx, "Failed to connect to samdb");
return ISC_R_FAILURE;
}
ret = dsdb_search_one(samdb, tctx, &msg, NULL,
LDB_SCOPE_SUBTREE, attrs, DSDB_SEARCH_SEARCH_ALL_PARTITIONS,
"(&(objectClass=dnsZone)(name=%s))", zone_name);
if (ret != LDB_SUCCESS) {
torture_fail(tctx, talloc_asprintf(tctx, "Failed to search for %s: %s", zone_name, ldb_errstring(samdb)));
return ISC_R_FAILURE;
}
talloc_free(msg);
return ISC_R_SUCCESS;
}
static int ldb_delete_recursive(struct ldb_context *ldb, struct ldb_dn *dn)
{
int ret, i, total=0;
const char *attrs[] = { NULL };
struct ldb_result *res;
ret = ldb_search(ldb, ldb, &res, dn, LDB_SCOPE_SUBTREE, attrs, "distinguishedName=*");
if (ret != LDB_SUCCESS) return -1;
/* sort the DNs, deepest first */
qsort(res->msgs, res->count, sizeof(res->msgs[0]), dn_cmp);
for (i = 0; i < res->count; i++) {
if (ldb_delete(ldb, res->msgs[i]->dn) == 0) {
total++;
} else {
printf("Failed to delete '%s' - %s\n",
ldb_dn_get_linearized(res->msgs[i]->dn),
ldb_errstring(ldb));
}
}
talloc_free(res);
if (total == 0) {
return -1;
}
printf("Deleted %d records\n", total);
return 0;
}
static int prepare_modules_line(struct ldb_context *ldb,
TALLOC_CTX *mem_ctx,
const struct ldb_message *rootdse_msg,
struct ldb_message *msg, const char *backend_attr,
const char *backend_mod, const char **backend_mod_list)
{
int ret;
const char **backend_full_list;
const char *backend_dn;
char *mod_list_string;
char *full_string;
TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
if (!tmp_ctx) {
return ldb_oom(ldb);
}
if (backend_attr) {
backend_dn = ldb_msg_find_attr_as_string(rootdse_msg, backend_attr, NULL);
if (!backend_dn) {
ldb_asprintf_errstring(ldb,
"samba_dsdb_init: "
"unable to read %s from %s:%s",
backend_attr, ldb_dn_get_linearized(rootdse_msg->dn),
ldb_errstring(ldb));
return LDB_ERR_CONSTRAINT_VIOLATION;
}
} else {
backend_dn = "*";
}
if (backend_mod) {
char **b = str_list_make_single(tmp_ctx, backend_mod);
backend_full_list = discard_const_p(const char *, b);
} else {
/*
process modifies for one file
*/
static int process_file(struct ldb_context *ldb, FILE *f, int *count)
{
struct ldb_ldif *ldif;
int ret = LDB_SUCCESS;
while ((ldif = ldb_ldif_read_file(ldb, f))) {
switch (ldif->changetype) {
case LDB_CHANGETYPE_NONE:
case LDB_CHANGETYPE_ADD:
ret = ldb_add(ldb, ldif->msg);
break;
case LDB_CHANGETYPE_DELETE:
ret = ldb_delete(ldb, ldif->msg->dn);
break;
case LDB_CHANGETYPE_MODIFY:
ret = ldb_modify(ldb, ldif->msg);
break;
}
if (ret != LDB_SUCCESS) {
fprintf(stderr, "ERR: \"%s\" on DN %s\n",
ldb_errstring(ldb), ldb_dn_get_linearized(ldif->msg->dn));
failures++;
} else {
(*count)++;
}
ldb_ldif_read_free(ldb, ldif);
}
return ret;
}
int main(int argc, const char **argv)
{
struct ldb_context *ldb;
int ret;
struct ldb_cmdline *options;
const struct ldb_dn *dn1, *dn2;
ldb_global_init();
ldb = ldb_init(NULL);
options = ldb_cmdline_process(ldb, argc, argv, usage);
if (options->argc < 2) {
usage();
}
dn1 = ldb_dn_explode(ldb, options->argv[0]);
dn2 = ldb_dn_explode(ldb, options->argv[1]);
ret = ldb_rename(ldb, dn1, dn2);
if (ret == 0) {
printf("Renamed 1 record\n");
} else {
printf("rename of '%s' to '%s' failed - %s\n",
options->argv[0], options->argv[1], ldb_errstring(ldb));
}
talloc_free(ldb);
return ret;
}
static int samldb_allocate_next_rid(struct ldb_module *module, TALLOC_CTX *mem_ctx,
struct ldb_dn *dn, const struct dom_sid *dom_sid,
struct dom_sid **new_sid)
{
struct dom_sid *obj_sid;
uint32_t old_rid;
int ret;
ret = samldb_find_next_rid(module, mem_ctx, dn, &old_rid);
if (ret) {
return ret;
}
/* return the new object sid */
obj_sid = dom_sid_add_rid(mem_ctx, dom_sid, old_rid);
*new_sid = dom_sid_add_rid(mem_ctx, dom_sid, old_rid + 1);
if (!*new_sid) {
return LDB_ERR_OPERATIONS_ERROR;
}
ret = samldb_notice_sid(module, mem_ctx, *new_sid);
if (ret != 0) {
/* gah, there are conflicting sids.
* This is a critical situation it means that someone messed up with
* the DB and nextRid is not returning free RIDs, report an error
* and refuse to create any user until the problem is fixed */
ldb_asprintf_errstring(module->ldb,
"Critical Error: unconsistent DB, unable to retireve an unique RID to generate a new SID: %s",
ldb_errstring(module->ldb));
return ret;
}
return ret;
}
/* search the domain related to the provided dn
allocate a new RID for the domain
return the new sid string
*/
static int samldb_get_new_sid(struct ldb_module *module,
TALLOC_CTX *mem_ctx, struct ldb_dn *obj_dn,
struct dom_sid **sid)
{
const char * const attrs[2] = { "objectSid", NULL };
struct ldb_result *res = NULL;
struct ldb_dn *dom_dn;
int ret;
struct dom_sid *dom_sid;
/* get the domain component part of the provided dn */
dom_dn = samldb_search_domain(module, mem_ctx, obj_dn);
if (dom_dn == NULL) {
ldb_asprintf_errstring(module->ldb,
"Invalid dn (%s) not child of a domain object!\n",
ldb_dn_get_linearized(obj_dn));
return LDB_ERR_CONSTRAINT_VIOLATION;
}
/* find the domain sid */
ret = ldb_search(module->ldb, dom_dn, LDB_SCOPE_BASE, "objectSid=*", attrs, &res);
if (ret != LDB_SUCCESS) {
ldb_asprintf_errstring(module->ldb,
"samldb_get_new_sid: error retrieving domain sid from %s: %s!\n",
ldb_dn_get_linearized(dom_dn),
ldb_errstring(module->ldb));
talloc_free(res);
return ret;
}
if (res->count != 1) {
ldb_asprintf_errstring(module->ldb,
"samldb_get_new_sid: error retrieving domain sid from %s: not found!\n",
ldb_dn_get_linearized(dom_dn));
talloc_free(res);
return LDB_ERR_CONSTRAINT_VIOLATION;
}
dom_sid = samdb_result_dom_sid(res, res->msgs[0], "objectSid");
if (dom_sid == NULL) {
ldb_set_errstring(module->ldb, "samldb_get_new_sid: error parsing domain sid!\n");
talloc_free(res);
return LDB_ERR_CONSTRAINT_VIOLATION;
}
/* allocate a new Rid for the domain */
ret = samldb_allocate_next_rid(module, mem_ctx, dom_dn, dom_sid, sid);
if (ret != 0) {
ldb_debug(module->ldb, LDB_DEBUG_FATAL, "Failed to increment nextRid of %s: %s\n", ldb_dn_get_linearized(dom_dn), ldb_errstring(module->ldb));
talloc_free(res);
return ret;
}
talloc_free(res);
return ret;
}
/*
construct msDS-User-Account-Control-Computed attr
*/
static int construct_msds_user_account_control_computed(struct ldb_module *module,
struct ldb_message *msg, enum ldb_scope scope,
struct ldb_request *parent)
{
uint32_t userAccountControl;
uint32_t msDS_User_Account_Control_Computed = 0;
struct ldb_context *ldb = ldb_module_get_ctx(module);
NTTIME now;
struct ldb_dn *nc_root;
int ret;
ret = dsdb_find_nc_root(ldb, msg, msg->dn, &nc_root);
if (ret != 0) {
ldb_asprintf_errstring(ldb,
"Failed to find NC root of DN: %s: %s",
ldb_dn_get_linearized(msg->dn),
ldb_errstring(ldb_module_get_ctx(module)));
return ret;
}
if (ldb_dn_compare(nc_root, ldb_get_default_basedn(ldb)) != 0) {
/* Only calculate this on our default NC */
return 0;
}
/* Test account expire time */
unix_to_nt_time(&now, time(NULL));
userAccountControl = ldb_msg_find_attr_as_uint(msg,
"userAccountControl",
0);
if (!(userAccountControl & _UF_TRUST_ACCOUNTS)) {
int64_t lockoutTime = ldb_msg_find_attr_as_int64(msg, "lockoutTime", 0);
if (lockoutTime != 0) {
int64_t lockoutDuration = samdb_search_int64(ldb,
msg, 0, nc_root,
"lockoutDuration", NULL);
if (lockoutDuration >= 0) {
msDS_User_Account_Control_Computed |= UF_LOCKOUT;
} else if (lockoutTime - lockoutDuration >= now) {
msDS_User_Account_Control_Computed |= UF_LOCKOUT;
}
}
}
if (!(userAccountControl & _UF_NO_EXPIRY_ACCOUNTS)) {
NTTIME must_change_time
= get_msds_user_password_expiry_time_computed(module,
msg, nc_root);
/* check for expired password */
if (must_change_time < now) {
msDS_User_Account_Control_Computed |= UF_PASSWORD_EXPIRED;
}
}
return samdb_msg_add_int64(ldb,
msg->elements, msg,
"msDS-User-Account-Control-Computed",
msDS_User_Account_Control_Computed);
}
static int prepare_modules_line(struct ldb_context *ldb,
TALLOC_CTX *mem_ctx,
const struct ldb_message *rootdse_msg,
struct ldb_message *msg, const char *backend_attr,
const char *backend_mod, const char **backend_mod_list)
{
int ret;
const char **backend_full_list;
const char *backend_dn;
char *mod_list_string;
char *full_string;
TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
if (!tmp_ctx) {
return ldb_oom(ldb);
}
if (backend_attr) {
backend_dn = ldb_msg_find_attr_as_string(rootdse_msg, backend_attr, NULL);
if (!backend_dn) {
ldb_asprintf_errstring(ldb,
"samba_dsdb_init: "
"unable to read %s from %s:%s",
backend_attr, ldb_dn_get_linearized(rootdse_msg->dn),
ldb_errstring(ldb));
return LDB_ERR_CONSTRAINT_VIOLATION;
}
} else {
backend_dn = "*";
}
if (backend_mod) {
backend_full_list = (const char **)str_list_make_single(tmp_ctx, backend_mod);
} else {
backend_full_list = (const char **)str_list_make_empty(tmp_ctx);
}
if (!backend_full_list) {
talloc_free(tmp_ctx);
return ldb_oom(ldb);
}
backend_full_list = str_list_append_const(backend_full_list, backend_mod_list);
if (!backend_full_list) {
talloc_free(tmp_ctx);
return ldb_oom(ldb);
}
mod_list_string = str_list_join(tmp_ctx, backend_full_list, ',');
if (!mod_list_string) {
talloc_free(tmp_ctx);
return ldb_oom(ldb);
}
full_string = talloc_asprintf(tmp_ctx, "%s:%s", backend_dn, mod_list_string);
ret = ldb_msg_add_steal_string(msg, "modules", full_string);
talloc_free(tmp_ctx);
return ret;
}
/*
* Initialize metadata. Load metadata.tdb.
* If missing, create it and fill in sequence number
*/
int partition_metadata_init(struct ldb_module *module)
{
struct partition_private_data *data;
int ret;
data = talloc_get_type_abort(ldb_module_get_private(module),
struct partition_private_data);
data->metadata = talloc_zero(data, struct partition_metadata);
if (data->metadata == NULL) {
return ldb_module_oom(module);
}
ret = partition_metadata_open(module, false);
if (ret == LDB_SUCCESS) {
goto end;
}
/* metadata.tdb does not exist, create it */
DEBUG(2, ("partition_metadata: Migrating partition metadata: "
"open of metadata.tdb gave: %s\n",
ldb_errstring(ldb_module_get_ctx(module))));
ret = partition_metadata_open(module, true);
if (ret != LDB_SUCCESS) {
ldb_asprintf_errstring(ldb_module_get_ctx(module),
"partition_metadata: "
"Migrating partition metadata: "
"create of metadata.tdb gave: %s\n",
ldb_errstring(ldb_module_get_ctx(module)));
talloc_free(data->metadata);
data->metadata = NULL;
goto end;
}
ret = partition_metadata_set_sequence_number(module);
if (ret != LDB_SUCCESS) {
talloc_free(data->metadata);
data->metadata = NULL;
}
end:
return ret;
}
/*
get a new RID pool for ourselves
also returns the first rid for the new pool
*/
static int ridalloc_new_own_pool(struct ldb_module *module, uint64_t *new_pool, struct ldb_request *parent)
{
TALLOC_CTX *tmp_ctx = talloc_new(module);
struct ldb_dn *rid_manager_dn, *fsmo_role_dn;
int ret;
struct ldb_context *ldb = ldb_module_get_ctx(module);
/* work out who is the RID Manager */
ret = dsdb_module_rid_manager_dn(module, tmp_ctx, &rid_manager_dn, parent);
if (ret != LDB_SUCCESS) {
ldb_asprintf_errstring(ldb, "Failed to find RID Manager object - %s",
ldb_errstring(ldb));
talloc_free(tmp_ctx);
return ret;
}
/* find the DN of the RID Manager */
ret = dsdb_module_reference_dn(module, tmp_ctx, rid_manager_dn, "fSMORoleOwner", &fsmo_role_dn, parent);
if (ret != LDB_SUCCESS) {
ldb_asprintf_errstring(ldb, "Failed to find fSMORoleOwner in RID Manager object - %s",
ldb_errstring(ldb));
talloc_free(tmp_ctx);
return ret;
}
if (ldb_dn_compare(samdb_ntds_settings_dn(ldb), fsmo_role_dn) != 0) {
ridalloc_poke_rid_manager(module);
ldb_asprintf_errstring(ldb, "Remote RID Set allocation needs refresh");
talloc_free(tmp_ctx);
return LDB_ERR_UNWILLING_TO_PERFORM;
}
/* grab a pool from the RID Manager object */
ret = ridalloc_rid_manager_allocate(module, rid_manager_dn, new_pool, parent);
if (ret != LDB_SUCCESS) {
talloc_free(tmp_ctx);
return ret;
}
talloc_free(tmp_ctx);
return ret;
}
/*
search the sam for the specified attributes - va_list variant
*/
int gendb_search_v(struct ldb_context *ldb,
TALLOC_CTX *mem_ctx,
struct ldb_dn *basedn,
struct ldb_message ***msgs,
const char * const *attrs,
const char *format,
va_list ap)
{
enum ldb_scope scope = LDB_SCOPE_SUBTREE;
struct ldb_result *res;
char *expr = NULL;
int ret;
if (format) {
expr = talloc_vasprintf(mem_ctx, format, ap);
if (expr == NULL) {
return -1;
}
} else {
scope = LDB_SCOPE_BASE;
}
res = NULL;
ret = ldb_search(ldb, mem_ctx, &res, basedn, scope, attrs,
expr?"%s":NULL, expr);
if (ret == LDB_SUCCESS) {
talloc_steal(mem_ctx, res->msgs);
DEBUG(6,("gendb_search_v: %s %s -> %d\n",
basedn?ldb_dn_get_linearized(basedn):"NULL",
expr?expr:"NULL", res->count));
ret = res->count;
*msgs = res->msgs;
talloc_free(res);
} else if (scope == LDB_SCOPE_BASE && ret == LDB_ERR_NO_SUCH_OBJECT) {
ret = 0;
*msgs = NULL;
} else {
DEBUG(4,("gendb_search_v: search failed: %s\n",
ldb_errstring(ldb)));
ret = -1;
}
talloc_free(expr);
return ret;
}
static PyObject *py_dsdb_load_partition_usn(PyObject *self, PyObject *args)
{
PyObject *py_dn, *py_ldb, *result;
struct ldb_dn *dn;
uint64_t highest_uSN, urgent_uSN;
struct ldb_context *ldb;
TALLOC_CTX *mem_ctx;
int ret;
if (!PyArg_ParseTuple(args, "OO", &py_ldb, &py_dn)) {
return NULL;
}
PyErr_LDB_OR_RAISE(py_ldb, ldb);
mem_ctx = talloc_new(NULL);
if (mem_ctx == NULL) {
PyErr_NoMemory();
return NULL;
}
if (!pyldb_Object_AsDn(mem_ctx, py_dn, ldb, &dn)) {
talloc_free(mem_ctx);
return NULL;
}
ret = dsdb_load_partition_usn(ldb, dn, &highest_uSN, &urgent_uSN);
if (ret != LDB_SUCCESS) {
PyErr_Format(PyExc_RuntimeError,
"Failed to load partition [%s] uSN - %s",
ldb_dn_get_linearized(dn),
ldb_errstring(ldb));
talloc_free(mem_ctx);
return NULL;
}
talloc_free(mem_ctx);
result = PyDict_New();
PyDict_SetItemString(result, "uSNHighest", PyInt_FromLong((uint64_t)highest_uSN));
PyDict_SetItemString(result, "uSNUrgent", PyInt_FromLong((uint64_t)urgent_uSN));
return result;
}
int confdb_create_base(struct confdb_ctx *cdb)
{
int ret;
struct ldb_ldif *ldif;
const char *base_ldif = CONFDB_BASE_LDIF;
while ((ldif = ldb_ldif_read_string(cdb->ldb, &base_ldif))) {
ret = ldb_add(cdb->ldb, ldif->msg);
if (ret != LDB_SUCCESS) {
DEBUG(0, ("Failed to initialize DB (%d,[%s]), aborting!\n",
ret, ldb_errstring(cdb->ldb)));
return EIO;
}
ldb_ldif_read_free(cdb->ldb, ldif);
}
return EOK;
}
int main(int argc, const char **argv)
{
struct ldb_context *ldb;
int ret = 0, i;
struct ldb_cmdline *options;
ldb = ldb_init(NULL, NULL);
options = ldb_cmdline_process(ldb, argc, argv, usage);
if (options->argc < 1) {
usage();
exit(1);
}
for (i=0;i<options->argc;i++) {
struct ldb_dn *dn;
dn = ldb_dn_new(ldb, ldb, options->argv[i]);
if ( ! ldb_dn_validate(dn)) {
printf("Invalid DN format\n");
exit(1);
}
if (options->recursive) {
ret = ldb_delete_recursive(ldb, dn);
} else {
ret = ldb_delete(ldb, dn);
if (ret == 0) {
printf("Deleted 1 record\n");
}
}
if (ret != 0) {
printf("delete of '%s' failed - %s\n",
ldb_dn_get_linearized(dn),
ldb_errstring(ldb));
}
}
talloc_free(ldb);
return ret;
}
/*
return the dn key to be used for an index
caller frees
*/
static struct ldb_dn *ltdb_index_key(struct ldb_context *ldb,
const char *attr, const struct ldb_val *value)
{
struct ldb_dn *ret;
struct ldb_val v;
const struct ldb_schema_attribute *a;
char *attr_folded;
int r;
attr_folded = ldb_attr_casefold(ldb, attr);
if (!attr_folded) {
return NULL;
}
a = ldb_schema_attribute_by_name(ldb, attr);
r = a->syntax->canonicalise_fn(ldb, ldb, value, &v);
if (r != LDB_SUCCESS) {
const char *errstr = ldb_errstring(ldb);
/* canonicalisation can be refused. For example,
a attribute that takes wildcards will refuse to canonicalise
if the value contains a wildcard */
ldb_asprintf_errstring(ldb, "Failed to create index key for attribute '%s':%s%s%s",
attr, ldb_strerror(r), (errstr?":":""), (errstr?errstr:""));
talloc_free(attr_folded);
return NULL;
}
if (ldb_should_b64_encode(&v)) {
char *vstr = ldb_base64_encode(ldb, (char *)v.data, v.length);
if (!vstr) return NULL;
ret = ldb_dn_new_fmt(ldb, ldb, "%s:%s::%s", LTDB_INDEX, attr_folded, vstr);
talloc_free(vstr);
} else {
ret = ldb_dn_new_fmt(ldb, ldb, "%s:%s:%.*s", LTDB_INDEX, attr_folded, (int)v.length, (char *)v.data);
}
if (v.data != value->data) {
talloc_free(v.data);
}
talloc_free(attr_folded);
return ret;
}
/*
call into samdb_rodc()
*/
static PyObject *py_dsdb_am_rodc(PyObject *self, PyObject *args)
{
PyObject *py_ldb;
struct ldb_context *ldb;
int ret;
bool am_rodc;
if (!PyArg_ParseTuple(args, "O", &py_ldb))
return NULL;
PyErr_LDB_OR_RAISE(py_ldb, ldb);
ret = samdb_rodc(ldb, &am_rodc);
if (ret != LDB_SUCCESS) {
PyErr_SetString(PyExc_RuntimeError, ldb_errstring(ldb));
return NULL;
}
return PyBool_FromLong(am_rodc);
}
static int confdb_write_ldif(struct confdb_ctx *cdb,
const char *config_ldif,
bool replace_whole_db)
{
int ret;
struct ldb_ldif *ldif;
while ((ldif = ldb_ldif_read_string(cdb->ldb, &config_ldif))) {
if (ldif->changetype == LDB_CHANGETYPE_DELETE) {
/* We should remove this section */
ret = ldb_delete(cdb->ldb, ldif->msg->dn);
if (ret == LDB_ERR_NO_SUCH_OBJECT) {
/* Removing a non-existing section is not an error */
ret = LDB_SUCCESS;
}
} else {
ret = ldb_add(cdb->ldb, ldif->msg);
if (ret != LDB_SUCCESS && replace_whole_db == false) {
/* This section already existed, remove and re-add it. We
* really want to replace the whole thing instead of messing
* around with changetypes and flags on individual elements
*/
ret = ldb_delete(cdb->ldb, ldif->msg->dn);
if (ret == LDB_SUCCESS) {
ret = ldb_add(cdb->ldb, ldif->msg);
}
}
}
if (ret != LDB_SUCCESS) {
DEBUG(SSSDBG_FATAL_FAILURE,
"Failed to initialize DB (%d,[%s]), aborting!\n",
ret, ldb_errstring(cdb->ldb));
return EIO;
}
ldb_ldif_read_free(cdb->ldb, ldif);
}
return EOK;
}
/**
* Writes schema_info structure into schemaInfo
* attribute on SCHEMA partition
*
* @param dsdb_flags DSDB_FLAG_... flag of 0
*/
int dsdb_module_schema_info_blob_write(struct ldb_module *ldb_module,
uint32_t dsdb_flags,
struct ldb_val *schema_info_blob,
struct ldb_request *parent)
{
int ldb_err;
struct ldb_message *msg;
TALLOC_CTX *temp_ctx;
temp_ctx = talloc_new(ldb_module);
if (temp_ctx == NULL) {
return ldb_module_oom(ldb_module);
}
/* write serialized schemaInfo into LDB */
ldb_err = dsdb_schema_info_write_prepare(ldb_module_get_ctx(ldb_module),
schema_info_blob,
temp_ctx, &msg);
if (ldb_err != LDB_SUCCESS) {
talloc_free(temp_ctx);
return ldb_err;
}
ldb_err = dsdb_module_modify(ldb_module, msg, dsdb_flags, parent);
talloc_free(temp_ctx);
if (ldb_err != LDB_SUCCESS) {
ldb_asprintf_errstring(ldb_module_get_ctx(ldb_module),
"dsdb_module_schema_info_blob_write: dsdb_replace failed: %s (%s)\n",
ldb_strerror(ldb_err),
ldb_errstring(ldb_module_get_ctx(ldb_module)));
return ldb_err;
}
return LDB_SUCCESS;
}
errno_t
sysdb_svc_remove_alias(struct sysdb_ctx *sysdb,
struct ldb_dn *dn,
const char *alias)
{
errno_t ret;
struct ldb_message *msg;
int lret;
msg = ldb_msg_new(NULL);
if (!msg) {
ret = ENOMEM;
goto done;
}
msg->dn = dn;
ret = add_string(msg, SYSDB_MOD_DEL,
SYSDB_NAME_ALIAS, alias);
if (ret != EOK) goto done;
lret = ldb_modify(sysdb->ldb, msg);
if (lret != LDB_SUCCESS) {
DEBUG(SSSDBG_MINOR_FAILURE,
"ldb_modify failed: [%s](%d)[%s]\n",
ldb_strerror(lret), lret, ldb_errstring(sysdb->ldb));
}
ret = sysdb_error_to_errno(lret);
done:
if (ret) {
DEBUG(SSSDBG_TRACE_INTERNAL,
"Error: %d (%s)\n", ret, strerror(ret));
}
talloc_zfree(msg);
return ret;
}
int main(int argc, const char **argv)
{
struct ldb_context *ldb;
int ret;
struct ldb_cmdline *options;
struct ldb_dn *dn1, *dn2;
TALLOC_CTX *mem_ctx = talloc_new(NULL);
ldb = ldb_init(mem_ctx, NULL);
if (ldb == NULL) {
return LDB_ERR_OPERATIONS_ERROR;
}
options = ldb_cmdline_process(ldb, argc, argv, usage);
if (options->argc < 2) {
usage(ldb);
}
dn1 = ldb_dn_new(ldb, ldb, options->argv[0]);
dn2 = ldb_dn_new(ldb, ldb, options->argv[1]);
if ((dn1 == NULL) || (dn2 == NULL)) {
return LDB_ERR_OPERATIONS_ERROR;
}
ret = ldb_rename(ldb, dn1, dn2);
if (ret == LDB_SUCCESS) {
printf("Renamed 1 record\n");
} else {
printf("rename of '%s' to '%s' failed - %s\n",
options->argv[0], options->argv[1], ldb_errstring(ldb));
}
talloc_free(mem_ctx);
return ret;
}
