DWORD
_VdcAddCopiesToHashTable(
PLW_HASHMAP pHashMap,
PCSTR pszKey,
PCSTR pszValue
)
{
DWORD dwError = 0;
PSTR pszKeyCopy = NULL;
PSTR pszValueCopy = NULL;
dwError = VmDirAllocateStringA(pszKey, &pszKeyCopy);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirAllocateStringA(pszValue, &pszValueCopy);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = LwRtlHashMapInsert(pHashMap, pszKeyCopy, pszValueCopy, NULL);
BAIL_ON_VMDIR_ERROR(dwError);
cleanup:
return dwError;
error:
VMDIR_SAFE_FREE_STRINGA(pszKeyCopy);
VMDIR_SAFE_FREE_STRINGA(pszValueCopy);
goto cleanup;
}
DWORD
TryToWriteSD(
PVMDIR_TEST_STATE pState,
PCSTR pszContainer
)
{
DWORD dwError = 0;
PSTR ppszAttributeValues[] = { NULL, NULL };
PSTR pszUserName = NULL;
PSTR pszUserDn = NULL;
PSTR pszDomainSid = NULL;
dwError = VmDirTestGetGuid(&pszUserName);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirTestCreateUser(pState, pszContainer, pszUserName, NULL);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirAllocateStringPrintf(
&pszUserDn,
"cn=%s,cn=%s,%s",
pszUserName,
pszContainer,
pState->pszBaseDN);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirTestGetDomainSid(pState, pState->pszBaseDN, &pszDomainSid);
BAIL_ON_VMDIR_ERROR(dwError);
// Random SD. Actual values don't (entirely) matter.
dwError = VmDirAllocateStringPrintf(
&ppszAttributeValues[0],
"O:BAG:BAD:(A;;RCRPWPWDSD;;;%s-500)(A;;RCRPWPWDSD;;;%s-544)",
pszDomainSid,
pszDomainSid);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirTestReplaceAttributeValues(
pState->pLd,
pszUserDn,
ATTR_ACL_STRING,
(PCSTR*)ppszAttributeValues);
BAIL_ON_VMDIR_ERROR(dwError);
cleanup:
VMDIR_SAFE_FREE_STRINGA(ppszAttributeValues[0]);
VMDIR_SAFE_FREE_STRINGA(pszDomainSid);
VMDIR_SAFE_FREE_STRINGA(pszUserName);
VMDIR_SAFE_FREE_STRINGA(pszUserDn);
return dwError;
error:
goto cleanup;
}
DWORD
VmDirCreateTransientSecurityDescriptor(
BOOLEAN bAllowAnonymousRead,
PVMDIR_SECURITY_DESCRIPTOR pvsd
)
{
DWORD dwError = 0;
PSTR pszDomainDN = NULL;
PSTR pszAdminsGroupSid = NULL;
PSTR pszDomainAdminsGroupSid = NULL;
VMDIR_SECURITY_DESCRIPTOR SecDesc = {0};
pszDomainDN = BERVAL_NORM_VAL(gVmdirServerGlobals.systemDomainDN);
dwError = VmDirGenerateWellknownSid(
pszDomainDN, VMDIR_DOMAIN_ALIAS_RID_ADMINS, &pszAdminsGroupSid);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirGenerateWellknownSid(
pszDomainDN, VMDIR_DOMAIN_ADMINS_RID, &pszDomainAdminsGroupSid);
BAIL_ON_VMDIR_ERROR(dwError);
// Create default security descriptor for internally-created entries.
dwError = VmDirSrvCreateSecurityDescriptor(
VMDIR_ENTRY_ALL_ACCESS_NO_DELETE_CHILD_BUT_DELETE_OBJECT,
BERVAL_NORM_VAL(gVmdirServerGlobals.bvDefaultAdminDN),
pszAdminsGroupSid,
pszDomainAdminsGroupSid,
FALSE,
bAllowAnonymousRead,
bAllowAnonymousRead,
FALSE,
FALSE,
&SecDesc);
BAIL_ON_VMDIR_ERROR(dwError);
pvsd->pSecDesc = SecDesc.pSecDesc;
pvsd->ulSecDesc = SecDesc.ulSecDesc;
pvsd->SecInfo = SecDesc.SecInfo;
cleanup:
VMDIR_SAFE_FREE_STRINGA(pszAdminsGroupSid);
VMDIR_SAFE_FREE_STRINGA(pszDomainAdminsGroupSid);
return dwError;
error:
goto cleanup;
}
static
DWORD
VmDirSetEnvironment(
VOID
)
{
DWORD dwError = 0;
PSTR pszKrb5Conf = NULL;
dwError = VmDirRegReadKrb5Conf(&pszKrb5Conf);
if (dwError) {
dwError = VmDirAllocateStringA(VMDIR_DEFAULT_KRB5_CONF,
&pszKrb5Conf);
BAIL_ON_VMDIR_ERROR(dwError);
}
if (-1 == setenv("KRB5_CONFIG", pszKrb5Conf, 1))
{
dwError = ERROR_NO_MEMORY;
BAIL_ON_VMDIR_ERROR(dwError);
}
cleanup:
VMDIR_SAFE_FREE_STRINGA(pszKrb5Conf);
return dwError;
error:
VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "VmDirSetEnvironment failed (%u)", dwError);
goto cleanup;
}
DWORD
VmDirTestConnectionFromUser(
PVMDIR_TEST_STATE pState,
PCSTR pszUserName,
LDAP **ppLd
)
{
DWORD dwError = 0;
PSTR pszUserUPN = NULL;
LDAP *pLd;
dwError = VmDirAllocateStringPrintf(
&pszUserUPN,
"%s@%s",
pszUserName,
pState->pszDomain);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirSafeLDAPBind(
&pLd,
pState->pszServerName,
pszUserUPN,
pState->pszPassword);
BAIL_ON_VMDIR_ERROR(dwError);
*ppLd = pLd;
cleanup:
VMDIR_SAFE_FREE_STRINGA(pszUserUPN);
return dwError;
error:
goto cleanup;
}
DWORD VmDirSetBaseDN(
PVMDIR_TEST_STATE pState
)
{
PSTR pszBaseDN = NULL;
DWORD dwError = 0;
PSTR pszDot = NULL;
pszDot = strchr(pState->pszDomain, '.');
if (pszDot == NULL)
{
BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
}
*pszDot = '\0';
dwError = VmDirAllocateStringPrintf(
&pszBaseDN,
"dc=%s,dc=%s",
pState->pszDomain,
pszDot + 1);
*pszDot = '.';
BAIL_ON_VMDIR_ERROR(dwError);
pState->pszBaseDN = pszBaseDN;
cleanup:
return dwError;
error:
VMDIR_SAFE_FREE_STRINGA(pszBaseDN);
goto cleanup;
}
DWORD
_VdcGetAttributeFromEntry(
LDAP *pLd,
LDAPMessage* pEntry,
PSTR pszAttributeName,
PSTR *ppszAttributeValue
)
{
DWORD dwError = 0;
PSTR pszAttributeValue = NULL;
BerValue** ppBerValues = NULL;
ppBerValues = ldap_get_values_len(pLd, pEntry, pszAttributeName);
if (ppBerValues != NULL && ldap_count_values_len(ppBerValues) > 0)
{
dwError = VmDirAllocateStringA(ppBerValues[0][0].bv_val, &pszAttributeValue);
BAIL_ON_VMDIR_ERROR(dwError);
}
*ppszAttributeValue = pszAttributeValue;
cleanup:
if (ppBerValues)
{
ldap_value_free_len(ppBerValues);
ppBerValues = NULL;
}
return dwError;
error:
VMDIR_SAFE_FREE_STRINGA(pszAttributeValue);
goto cleanup;
}
DWORD
VmDirTestCreateContainer(
PVMDIR_TEST_STATE pState,
PCSTR pszContainer,
PCSTR pszAcl /* OPTIONAL */
)
{
DWORD dwError = 0;
PCSTR valsCn[] = {pszContainer, NULL};
PCSTR valsClass[] = {"top", "container", NULL};
PCSTR valsAcl[] = {pszAcl, NULL};
PSTR pszDN = NULL;
LDAPMod mod[]={
{LDAP_MOD_ADD, ATTR_CN, {(PSTR*)valsCn}},
{LDAP_MOD_ADD, ATTR_OBJECT_CLASS, {(PSTR*)valsClass}},
{LDAP_MOD_ADD, ATTR_ACL_STRING, {(PSTR*)valsAcl}},
};
LDAPMod *attrs[] = {&mod[0], &mod[1], &mod[2], NULL};
if (IsNullOrEmptyString(pszContainer))
{
valsCn[0] = VmDirTestGetTestContainerCn(pState);
dwError = VmDirAllocateStringPrintf(
&pszDN,
"cn=%s,%s",
VmDirTestGetTestContainerCn(pState),
pState->pszBaseDN);
BAIL_ON_VMDIR_ERROR(dwError);
}
else
{
dwError = VmDirAllocateStringPrintf(
&pszDN,
"cn=%s,cn=%s,%s",
pszContainer,
VmDirTestGetTestContainerCn(pState),
pState->pszBaseDN);
BAIL_ON_VMDIR_ERROR(dwError);
}
if (IsNullOrEmptyString(pszAcl))
{
attrs[2] = NULL;
}
dwError = ldap_add_ext_s(
pState->pLd, pszDN, attrs, NULL, NULL);
BAIL_ON_VMDIR_ERROR(dwError);
cleanup:
VMDIR_SAFE_FREE_STRINGA(pszDN);
return dwError;
error:
goto cleanup;
}
VOID
VmDirFreeConnCredContent(
PVMDIR_CONNECTION_CREDS pCreds
)
{
if (pCreds)
{
VMDIR_SAFE_FREE_STRINGA(pCreds->pszUPN);
VMDIR_SECURE_FREE_STRINGA(pCreds->pszPassword);
VMDIR_SECURE_FREE_STRINGA(pCreds->pszOldPassword);
}
}
VOID
VmDirFreeDCConnContent(
PVMDIR_DC_CONNECTION pDCConn
)
{
if (pDCConn)
{
VmDirFreeConnCredContent(&pDCConn->creds);
VMDIR_SAFE_FREE_STRINGA(pDCConn->pszRemoteDCHostName);
VDIR_SAFE_UNBIND_EXT_S(pDCConn->pLd);
}
}
DWORD
VmDirTestCreateObjectByDNPrefix(
PVMDIR_TEST_STATE pState,
PCSTR pszDNPrefix,
PCSTR pszClassName
)
{
DWORD dwError = 0;
PSTR pszCN = NULL;
PSTR pszDN = NULL;
PSTR valsCn[] = { NULL, NULL };
PSTR valsClass[] = { NULL, NULL };
LDAPMod mod[]=
{
{ LDAP_MOD_ADD, ATTR_CN, { valsCn } },
{ LDAP_MOD_ADD, ATTR_OBJECT_CLASS, { valsClass } },
};
LDAPMod *attrs[] = {&mod[0], &mod[1], NULL};
dwError = VmDirDnLastRDNToCn(pszDNPrefix, &pszCN);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirAllocateStringPrintf(
&pszDN, "%s,%s", pszDNPrefix, pState->pszBaseDN);
BAIL_ON_VMDIR_ERROR(dwError);
valsCn[0] = pszCN;
valsClass[0] = (PSTR)pszClassName;
dwError = ldap_add_ext_s(pState->pLd, pszDN, attrs, NULL, NULL);
BAIL_ON_VMDIR_ERROR(dwError);
cleanup:
VMDIR_SAFE_FREE_STRINGA(pszCN);
VMDIR_SAFE_FREE_STRINGA(pszDN);
return dwError;
error:
goto cleanup;
}
DWORD
TryToListObject(
PVMDIR_TEST_STATE pState,
PCSTR pszContainer
)
{
DWORD dwError = 0;
PSTR pszDn = NULL;
PSTR pszUserName = NULL;
dwError = VmDirTestGetGuid(&pszUserName);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirTestCreateUser(pState, pszContainer, pszUserName, NULL);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirAllocateStringPrintf(
&pszDn,
"cn=%s,cn=%s,%s",
pszUserName,
pszContainer,
pState->pszBaseDN);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = _VdcSearchForEntryAndAttribute(
pState->pLd,
pszDn,
NULL,
NULL);
BAIL_ON_VMDIR_ERROR(dwError);
cleanup:
VMDIR_SAFE_FREE_STRINGA(pszUserName);
VMDIR_SAFE_FREE_STRINGA(pszDn);
return dwError;
error:
goto cleanup;
}
DWORD
TryToReadSD(
PVMDIR_TEST_STATE pState,
PCSTR pszContainer
)
{
DWORD dwError = 0;
PSTR pszAttribute = NULL;
PSTR pszUserName = NULL;
PSTR pszUserDn = NULL;
dwError = VmDirTestGetGuid(&pszUserName);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirTestCreateUser(pState, pszContainer, pszUserName, NULL);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirAllocateStringPrintf(
&pszUserDn,
"cn=%s,cn=%s,%s",
pszUserName,
pszContainer,
pState->pszBaseDN);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = _VdcSearchForEntryAndAttribute(
pState->pLd,
pszUserDn,
ATTR_ACL_STRING,
&pszAttribute);
BAIL_ON_VMDIR_ERROR(dwError);
//
// Make sure there's data. We don't bother validating the contents of the
// SD as that's installation- and entry-specific.
//
if (strlen(pszAttribute) == 0)
{
BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_DATA_CONSTRAINT_VIOLATION);
}
cleanup:
VMDIR_SAFE_FREE_STRINGA(pszAttribute);
return dwError;
error:
goto cleanup;
}
DWORD
VmDirUTDVectorCacheAdd(
PVMDIR_UTDVECTOR_CACHE pUTDVector,
PCSTR pszInvocationId,
PCSTR pszUsn
)
{
DWORD dwError = 0;
BOOLEAN bInLock = FALSE;
PSTR pszDupKey = NULL;
USN Usn = 0;
LW_HASHMAP_PAIR pair = {0};
if (IsNullOrEmptyString(pszInvocationId) || !pUTDVector)
{
BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
}
dwError = VmDirAllocateStringA(pszInvocationId, &pszDupKey);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirStringToINT64(pszUsn, NULL, &Usn);
BAIL_ON_VMDIR_ERROR(dwError);
VMDIR_RWLOCK_READLOCK(bInLock, pUTDVector->pUtdVectorLock, 0);
dwError = LwRtlHashMapInsert(pUTDVector->pUtdVectorMap, pszDupKey, (PVOID)Usn, &pair);
BAIL_ON_VMDIR_ERROR(dwError);
VmDirSimpleHashMapPairFreeKeyOnly(&pair, NULL);
pszDupKey = NULL;
VMDIR_SAFE_FREE_STRINGA(pUTDVector->pszUtdVector);
dwError = VmDirVectorToStr(pUTDVector->pUtdVectorMap, _VmDirUTDVectorPairToStr, &pUTDVector->pszUtdVector);
BAIL_ON_VMDIR_ERROR(dwError);
cleanup:
VMDIR_RWLOCK_UNLOCK(bInLock, pUTDVector->pUtdVectorLock);
VMDIR_SAFE_FREE_MEMORY(pszDupKey);
return dwError;
error:
VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "failed, error (%d)", dwError);
goto cleanup;
}
DWORD
TestInfrastructureInitialize(
PVMDIR_TEST_STATE pState
)
{
DWORD dwError = 0;
PSTR pszLdapUri = NULL;
pState->pfnCleanupCallback = TestInfrastructureCleanup;
pState->pszTestContainerName = DEFAULT_TEST_CONTAINER_NAME;
pState->pszInternalUserName = DEFAULT_INTERNAL_USER_NAME;
dwError = VmDirSetBaseDN(pState);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirSafeLDAPBind(
&pState->pLd,
pState->pszServerName,
pState->pszUserUPN,
pState->pszPassword);
BAIL_ON_VMDIR_ERROR(dwError);
//
// Cleanup any leftover state from a previous run.
//
(VOID)VmDirTestDeleteContainer(pState, NULL);
dwError = VmDirTestCreateAnonymousConnection(
pState->pszServerName,
&pState->pLdAnonymous);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = _VmDirTestCreateLimitedUserAndConnection(pState);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = _VmDirTestCreateTestContainer(pState);
BAIL_ON_VMDIR_ERROR(dwError);
cleanup:
return dwError;
error:
VMDIR_SAFE_FREE_STRINGA(pszLdapUri);
goto cleanup;
}
static
DWORD
VmDirRegConfigGetString(
PVMDIR_CONFIG_CONNECTION_HANDLE pCfgHandle,
PCSTR pszSubKey,
PCSTR pszKeyName,
PSTR *ppszValue)
{
DWORD dwError = 0;
char szValue[VMDIR_MAX_CONFIG_VALUE_LENGTH] = {0};
DWORD dwszValueSize = sizeof(szValue);
PSTR pszValue = NULL;
dwError = RegGetValueA(
#ifndef _WIN32
pCfgHandle->hConnection,
#endif
pCfgHandle->hKey,
pszSubKey,
pszKeyName,
RRF_RT_REG_SZ,
NULL,
szValue,
&dwszValueSize);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirAllocateStringA(szValue, &pszValue);
BAIL_ON_VMDIR_ERROR(dwError);
*ppszValue = pszValue;
cleanup:
return dwError;
error:
*ppszValue = NULL;
VMDIR_SAFE_FREE_STRINGA(pszValue);
goto cleanup;
}
DWORD
VmDirTestCreateClass(
PVMDIR_TEST_STATE pState,
PCSTR pszClassName
)
{
DWORD dwError = 0;
PCSTR valsCn[] = {pszClassName, NULL};
PCSTR valsClass[] = {"classschema", NULL};
PCSTR valsSubclass[] = {OC_TOP, NULL};
PCSTR valsGovernsId[] = {"111.111.4.001", NULL};
PCSTR valsCategory[] = {"1", NULL};
PSTR pszDN = NULL;
LDAPMod mod[]={
{LDAP_MOD_ADD, ATTR_CN, {(PSTR*)valsCn}},
{LDAP_MOD_ADD, ATTR_OBJECT_CLASS, {(PSTR*)valsClass}},
{LDAP_MOD_ADD, "governsid", {(PSTR*)valsGovernsId}},
{LDAP_MOD_ADD, "objectclasscategory", {(PSTR*)valsCategory}},
{LDAP_MOD_ADD, "subclassof", {(PSTR*)valsSubclass}},
};
LDAPMod *attrs[] = {&mod[0], &mod[1], &mod[2], &mod[3], &mod[4], NULL};
dwError = VmDirAllocateStringPrintf(
&pszDN,
"cn=%s,cn=schemacontext",
pszClassName);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = ldap_add_ext_s(
pState->pLd,
pszDN,
attrs,
NULL,
NULL);
BAIL_ON_VMDIR_ERROR(dwError);
cleanup:
VMDIR_SAFE_FREE_STRINGA(pszDN);
return dwError;
error:
goto cleanup;
}
DWORD
TryToReadProperties(
PVMDIR_TEST_STATE pState,
PCSTR pszContainer
)
{
DWORD dwError = 0;
PSTR pszAttribute = NULL;
PSTR pszUserName = NULL;
PSTR pszUserDn = NULL;
dwError = VmDirTestGetGuid(&pszUserName);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirTestCreateUser(pState, pszContainer, pszUserName, NULL);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirAllocateStringPrintf(
&pszUserDn,
"cn=%s,cn=%s,%s",
pszUserName,
pszContainer,
pState->pszBaseDN);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = _VdcSearchForEntryAndAttribute(
pState->pLd,
pszUserDn,
ATTR_SAM_ACCOUNT_NAME,
&pszAttribute);
BAIL_ON_VMDIR_ERROR(dwError);
if (strcmp(pszAttribute, pszUserName) != 0)
{
BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_DATA_CONSTRAINT_VIOLATION);
}
cleanup:
VMDIR_SAFE_FREE_STRINGA(pszAttribute);
return dwError;
error:
goto cleanup;
}
/*
* Bind to a host with the handle to be used later
*/
DWORD
VmDirConnectLDAPServerWithMachineAccount(
PCSTR pszHostName,
PCSTR pszDomain,
LDAP** ppLd
)
{
DWORD dwError = 0;
PSTR pszDCAccount = NULL;
PSTR pszDCAccountPassword = NULL;
char bufUPN[VMDIR_MAX_UPN_LEN] = {0};
LDAP* pLd = NULL;
dwError = VmDirRegReadDCAccount( &pszDCAccount);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirReadDCAccountPassword( &pszDCAccountPassword);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirStringPrintFA( bufUPN, sizeof(bufUPN)-1, "%s@%s", pszDCAccount, pszDomain);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirSafeLDAPBindExt1(
&pLd,
pszHostName,
bufUPN,
pszDCAccountPassword,
MAX_LDAP_CONNECT_NETWORK_TIMEOUT);
BAIL_ON_VMDIR_ERROR(dwError);
*ppLd = pLd;
cleanup:
VMDIR_SAFE_FREE_STRINGA(pszDCAccount);
VMDIR_SECURE_FREE_STRINGA(pszDCAccountPassword);
return dwError;
error:
goto cleanup;
}
/*
* Caller release schema ctx
*/
VOID
VmDirSchemaCtxRelease(
PVDIR_SCHEMA_CTX pCtx
)
{
BOOLEAN bInLock = FALSE;
USHORT usRefCnt = 0;
USHORT usSelfRef = 0;
if ( pCtx )
{
if ( pCtx->pSchema )
{
VMDIR_LOCK_MUTEX(bInLock, pCtx->pSchema->mutex);
pCtx->pSchema->usRefCount--;
usRefCnt = pCtx->pSchema->usRefCount;
usSelfRef = pCtx->pSchema->usNumSelfRef;
VMDIR_UNLOCK_MUTEX(bInLock, pCtx->pSchema->mutex);
if (usRefCnt == usSelfRef)
{ // only self reference within pSchema exists, free pSchema itself.
// self references are established during init before normal references.
VMDIR_LOG_VERBOSE( VMDIR_LOG_MASK_ALL,
"Free unreferenced schema instance (%p)",
pCtx->pSchema);
#if 0 /* BUGBUG - reenable this when Purify report is clean */
VdirSchemaInstanceFree(pCtx->pSchema);
#endif
}
}
VMDIR_SAFE_FREE_STRINGA(pCtx->pszErrorMsg);
VMDIR_SAFE_FREE_MEMORY(pCtx);
}
return;
}
DWORD
_VmDirTestCreateLimitedUserAndConnection(
PVMDIR_TEST_STATE pState
)
{
DWORD dwError = 0;
PSTR pszUserUPN = NULL;
LDAP *pLd;
dwError = VmDirTestCreateUser(
pState,
NULL,
VmDirTestGetInternalUserCn(pState),
NULL);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirAllocateStringPrintf(
&pszUserUPN,
"%s@%s",
VmDirTestGetInternalUserCn(pState),
pState->pszDomain);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirSafeLDAPBind(
&pLd,
pState->pszServerName,
pszUserUPN,
pState->pszPassword);
BAIL_ON_VMDIR_ERROR(dwError);
pState->pLdLimited = pLd;
cleanup:
VMDIR_SAFE_FREE_STRINGA(pszUserUPN);
return dwError;
error:
printf("%s failed with error %d\n", __FUNCTION__, dwError);
goto cleanup;
}
DWORD
VmDirTestDeleteContainer(
PVMDIR_TEST_STATE pState,
PCSTR pszContainer
)
{
DWORD dwError = 0;
PSTR pszDN = NULL;
if (IsNullOrEmptyString(pszContainer))
{
dwError = VmDirAllocateStringPrintf(
&pszDN,
"cn=%s,%s",
VmDirTestGetTestContainerCn(pState),
pState->pszBaseDN);
BAIL_ON_VMDIR_ERROR(dwError);
}
else
{
dwError = VmDirAllocateStringPrintf(
&pszDN,
"cn=%s,cn=%s,%s",
pszContainer,
VmDirTestGetTestContainerCn(pState),
pState->pszBaseDN);
BAIL_ON_VMDIR_ERROR(dwError);
}
dwError = VmDirTestDeleteContainerByDn(pState->pLd, pszDN);
BAIL_ON_VMDIR_ERROR(dwError);
cleanup:
VMDIR_SAFE_FREE_STRINGA(pszDN);
return dwError;
error:
goto cleanup;
}
static
VOID
VmDirRegConfigTableFreeContents(
PVMDIR_CONFIG_ENTRY pCfgTable,
DWORD dwNumEntries
)
{
DWORD iEntry = 0;
for (; iEntry < dwNumEntries; iEntry++)
{
PVMDIR_CONFIG_ENTRY pEntry = &pCfgTable[iEntry];
if (pEntry->Type == VMDIR_CONFIG_VALUE_TYPE_STRING)
{
VMDIR_SAFE_FREE_STRINGA(pEntry->pszValue);
}
else if (pEntry->Type == VMDIR_CONFIG_VALUE_TYPE_MULTISTRING)
{
VMDIR_SAFE_FREE_MEMORY(pEntry->pszValue);
}
}
}
DWORD
VmDirTestDeleteObjectByDNPrefix(
PVMDIR_TEST_STATE pState,
PCSTR pszDNPrefix
)
{
DWORD dwError = 0;
PSTR pszDN = NULL;
dwError = VmDirAllocateStringPrintf(
&pszDN, "%s,%s", pszDNPrefix, pState->pszBaseDN);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = ldap_delete_ext_s(pState->pLd, pszDN, NULL, NULL);
BAIL_ON_VMDIR_ERROR(dwError);
cleanup:
VMDIR_SAFE_FREE_STRINGA(pszDN);
return dwError;
error:
goto cleanup;
}
DWORD
VmDirTestCreateObject(
PVMDIR_TEST_STATE pState,
PCSTR pszContainer,
PCSTR pszClassName,
PCSTR pszObjectName
)
{
DWORD dwError = 0;
PCSTR valsCn[] = {pszObjectName, NULL};
PCSTR valsClass[] = {"classschema", NULL};
PSTR pszDN = NULL;
LDAPMod mod[]={
{LDAP_MOD_ADD, ATTR_CN, {(PSTR*)valsCn}},
{LDAP_MOD_ADD, ATTR_OBJECT_CLASS, {(PSTR*)valsClass}},
};
LDAPMod *attrs[] = {&mod[0], &mod[1], NULL};
dwError = VmDirAllocateStringPrintf(
&pszDN,
"cn=%s,cn=%s,cn=%s,%s",
pszClassName,
pszContainer,
VmDirTestGetTestContainerCn(pState),
pState->pszBaseDN);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = ldap_add_ext_s(pState->pLd, pszDN, attrs, NULL, NULL);
BAIL_ON_VMDIR_ERROR(dwError);
cleanup:
VMDIR_SAFE_FREE_STRINGA(pszDN);
return dwError;
error:
goto cleanup;
}
DWORD
TryToDeleteObject(
PVMDIR_TEST_STATE pState,
PCSTR pszContainer // TODO
)
{
DWORD dwError = 0;
PSTR pszUserName = NULL;
dwError = VmDirTestGetGuid(&pszUserName);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirTestCreateUser(pState, pszContainer, pszUserName, NULL);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirTestDeleteUser(pState, pszContainer, pszUserName);
BAIL_ON_VMDIR_ERROR(dwError);
cleanup:
VMDIR_SAFE_FREE_STRINGA(pszUserName);
return dwError;
error:
goto cleanup;
}
/* Replace attribute on all matched entries */
DWORD
VdcLdapReplaceAttrOnEntries(
LDAP *pLd,
PCSTR pszBase,
int ldapScope,
PCSTR pszFilter,
PCSTR pAttrName,
PCSTR pAttrVal
)
{
DWORD dwError = 0;
LDAPMessage *pResult = NULL;
PSTR pszDn = NULL;
PCSTR ppszAttrs[] = {ATTR_DN, NULL};
LDAPMod mod = {0};
LDAPMod* mods[2] = {&mod, NULL};
PSTR vals[2] = {0};
int totalCnt = 0;
int failedCnt = 0;
int alreadyUpdatedCnt = 0;
PSTR oldAttrVal = NULL;
mod.mod_op = LDAP_MOD_REPLACE;
mod.mod_type = (PSTR)pAttrName;
vals[0] = (PSTR)pAttrVal;
vals[1] = NULL;
mod.mod_vals.modv_strvals = vals;
dwError = ldap_search_ext_s(
pLd,
pszBase,
ldapScope,
pszFilter ? pszFilter : "",
(PSTR*)ppszAttrs,
0,
NULL,
NULL,
NULL,
-1,
&pResult);
BAIL_ON_VMDIR_ERROR(dwError);
if (ldap_count_entries(pLd, pResult) > 0)
{
LDAPMessage* pEntry = ldap_first_entry(pLd, pResult);
for (; pEntry != NULL; pEntry = ldap_next_entry(pLd, pEntry))
{
if (pszDn)
{
ldap_memfree(pszDn);
pszDn = NULL;
}
pszDn = ldap_get_dn(pLd, pEntry);
VMDIR_SAFE_FREE_STRINGA(oldAttrVal);
dwError = VdcLdapGetAttributeValue( pLd,
pszDn,
pAttrName,
&oldAttrVal);
if (dwError == LDAP_SUCCESS && VmDirStringCompareA(oldAttrVal, pAttrVal, FALSE)==0)
{
totalCnt++;
alreadyUpdatedCnt++;
continue;
}
dwError = ldap_modify_ext_s( pLd, pszDn, mods, NULL, NULL);
if (dwError != LDAP_SUCCESS)
{
failedCnt++;
}
totalCnt++;
}
}
cleanup:
if (pResult)
{
ldap_msgfree(pResult);
pResult = NULL;
}
if (pszDn)
{
ldap_memfree(pszDn);
pszDn = NULL;
}
VMDIR_SAFE_FREE_STRINGA(oldAttrVal);
return dwError;
error:
goto cleanup;
}
DWORD
_VmDirTestCreateTestContainer(
PVMDIR_TEST_STATE pState
)
{
DWORD dwError = 0;
PCSTR valsCn[] = {DEFAULT_TEST_CONTAINER_NAME, NULL};
PCSTR valsClass[] = {OC_TOP, OC_CONTAINER, NULL};
PCSTR valsAcl[] = {NULL, NULL};
PSTR pszDN = NULL;
PSTR pszDomainSid = NULL;
PSTR pszAclString = NULL;
PSTR pszLimitedUserSid = NULL;
LDAPMod mod[] = {
{LDAP_MOD_ADD, ATTR_CN, {(PSTR*)valsCn}},
{LDAP_MOD_ADD, ATTR_OBJECT_CLASS, {(PSTR*)valsClass}},
{LDAP_MOD_ADD, ATTR_ACL_STRING, {(PSTR*)valsAcl}},
};
LDAPMod *attrs[] = {&mod[0], &mod[1], &mod[2], NULL};
dwError = VmDirAllocateStringPrintf(
&pszDN,
"cn=%s,%s",
DEFAULT_TEST_CONTAINER_NAME,
pState->pszBaseDN);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirTestGetDomainSid(pState, pState->pszBaseDN, &pszDomainSid);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirTestGetUserSid(pState, VmDirTestGetInternalUserCn(pState), NULL, &pszLimitedUserSid);
BAIL_ON_VMDIR_ERROR(dwError);
// O:%s-500G:BAD:(A;;RPWP;;;S-1-7-32-666)(A;;GXNRNWGXCCDCRPWP;;;BA)(A;;GXNRNWGXCCDCRPWP;;;%s-500)",
dwError = VmDirAllocateStringPrintf(
&pszAclString,
"O:%s-500G:BAD:(A;;CCDCRPWP;;;BA)(A;;CCDCRPWP;;;%s-500)(A;;CCRPWP;;;%s)",
pszDomainSid,
pszDomainSid,
pszLimitedUserSid);
BAIL_ON_VMDIR_ERROR(dwError);
valsAcl[0] = pszAclString;
dwError = ldap_add_ext_s(
pState->pLd,
pszDN,
attrs,
NULL,
NULL);
BAIL_ON_VMDIR_ERROR(dwError);
cleanup:
VMDIR_SAFE_FREE_STRINGA(pszAclString);
VMDIR_SAFE_FREE_STRINGA(pszLimitedUserSid);
VMDIR_SAFE_FREE_STRINGA(pszDomainSid);
VMDIR_SAFE_FREE_STRINGA(pszDN);
return dwError;
error:
printf("%s failed with error %d\n", __FUNCTION__, dwError);
goto cleanup;
}
/*
* Set vmwPasswordNeverExpires (if it doesn't have a value) to TRUE
* on the domain administrator's account.
*/
DWORD
VmDirSetAdministratorPasswordNeverExpires(
VOID
)
{
DWORD dwError = 0;
PCSTR pszDomainDn = NULL;
const CHAR szAdministrator[] = "cn=Administrator,cn=Users";
const CHAR szTrue[] = "TRUE";
PSTR pszAdministratorDn = NULL;
VDIR_OPERATION op = {0};
PSTR pszLocalErrMsg = NULL;
VDIR_ENTRY_ARRAY entryArray = {0};
PVDIR_ENTRY pEntry = NULL;
VDIR_BERVALUE bervBlob = VDIR_BERVALUE_INIT;
pszDomainDn = gVmdirServerGlobals.systemDomainDN.lberbv.bv_val;
if (pszDomainDn == NULL)
{
dwError = ERROR_INVALID_STATE;
BAIL_ON_VMDIR_ERROR(dwError);
}
dwError = VmDirAllocateStringPrintf(&pszAdministratorDn, "%s,%s", szAdministrator, pszDomainDn);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirSimpleEqualFilterInternalSearch(
pszDomainDn,
LDAP_SCOPE_SUBTREE,
ATTR_DN,
pszAdministratorDn,
&entryArray);
BAIL_ON_VMDIR_ERROR(dwError);
if (entryArray.iSize != 1)
{
dwError = VMDIR_ERROR_DATA_CONSTRAINT_VIOLATION;
BAIL_ON_VMDIR_ERROR(dwError);
}
pEntry = &(entryArray.pEntry[0]);
if (pEntry->allocType == ENTRY_STORAGE_FORMAT_PACK)
{
dwError = VmDirEntryUnpack( pEntry );
BAIL_ON_VMDIR_ERROR(dwError);
}
dwError = VmDirInitStackOperation( &op, VDIR_OPERATION_TYPE_INTERNAL, LDAP_REQ_MODIFY, NULL);
BAIL_ON_VMDIR_ERROR_WITH_MSG(dwError, pszLocalErrMsg, "VmDirSetAdministratorPasswordNeverExpire: VmDirInitStackOperation failed: %u", dwError);
op.pBEIF = VmDirBackendSelect(NULL);
assert(op.pBEIF);
op.reqDn.lberbv.bv_val = pEntry->dn.lberbv.bv_val;
op.reqDn.lberbv.bv_len = pEntry->dn.lberbv.bv_len;
op.request.modifyReq.dn.lberbv = op.reqDn.lberbv;
bervBlob.lberbv.bv_val = (PSTR) szTrue;
bervBlob.lberbv.bv_len = strlen(szTrue);
dwError = VmDirAppendAMod( &op,
MOD_OP_REPLACE,
ATTR_PASSWORD_NEVER_EXPIRES,
ATTR_PASSWORD_NEVER_EXPIRES_LEN,
bervBlob.lberbv_val,
bervBlob.lberbv_len);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirInternalModifyEntry(&op);
BAIL_ON_VMDIR_ERROR(dwError);
cleanup:
VmDirFreeEntryArrayContent(&entryArray);
VmDirFreeOperationContent(&op);
VMDIR_SAFE_FREE_STRINGA(pszAdministratorDn);
return dwError;
error:
VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
"VmDirSetAdministratorPasswordNeverExpires failed, (%u)", dwError);
goto cleanup;
}
int
VmDirCreateSyncRequestControl(
PCSTR pszInvocationId,
USN lastLocalUsnProcessed,
PCSTR pszUtdVector,
LDAPControl * syncReqCtrl
)
{
int retVal = LDAP_SUCCESS;
BerElement * ber = NULL;
PSTR pszLastLocalUsnProcessed = NULL;
if (syncReqCtrl == NULL)
{
retVal = LDAP_OPERATIONS_ERROR;
BAIL_ON_SIMPLE_LDAP_ERROR(retVal);
}
if ((ber = ber_alloc()) == NULL)
{
retVal = LDAP_OPERATIONS_ERROR;
BAIL_ON_SIMPLE_LDAP_ERROR(retVal);
}
if (VmDirAllocateStringPrintf(&pszLastLocalUsnProcessed, "%lld", lastLocalUsnProcessed))
{
retVal = LDAP_OPERATIONS_ERROR;
BAIL_ON_SIMPLE_LDAP_ERROR(retVal);
}
if ( ber_printf( ber, "{i{sss}}", LDAP_SYNC_REFRESH_ONLY,
pszInvocationId,
pszLastLocalUsnProcessed,
pszUtdVector ) == -1)
{
VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "VmDirCreateSyncRequestControl: ber_printf failed." );
retVal = LDAP_OPERATIONS_ERROR;
BAIL_ON_SIMPLE_LDAP_ERROR( retVal );
}
memset( syncReqCtrl, 0, sizeof( LDAPControl ));
syncReqCtrl->ldctl_oid = LDAP_CONTROL_SYNC;
syncReqCtrl->ldctl_iscritical = '1';
if (ber_flatten2(ber, &syncReqCtrl->ldctl_value, 1))
{
retVal = LDAP_OPERATIONS_ERROR;
BAIL_ON_SIMPLE_LDAP_ERROR(retVal);
}
cleanup:
VMDIR_SAFE_FREE_STRINGA(pszLastLocalUsnProcessed);
if (ber)
{
ber_free(ber, 1);
}
return retVal;
ldaperror:
ber_bvfree(&syncReqCtrl->ldctl_value);
goto cleanup;
}
