static int construct_msds_isrodc_with_dn(struct ldb_module *module,
struct ldb_message *msg,
struct ldb_message_element *object_category)
{
struct ldb_context *ldb;
struct ldb_dn *dn;
const struct ldb_val *val;
ldb = ldb_module_get_ctx(module);
if (!ldb) {
DEBUG(4, (__location__ ": Failed to get ldb \n"));
return ldb_operr(ldb);
}
dn = ldb_dn_new(msg, ldb, (const char *)object_category->values[0].data);
if (!dn) {
DEBUG(4, (__location__ ": Failed to create dn from %s \n",
(const char *)object_category->values[0].data));
return ldb_operr(ldb);
}
val = ldb_dn_get_rdn_val(dn);
if (!val) {
DEBUG(4, (__location__ ": Failed to get rdn val from %s \n",
ldb_dn_get_linearized(dn)));
return ldb_operr(ldb);
}
if (strequal((const char *)val->data, "NTDS-DSA")) {
ldb_msg_add_string(msg, "msDS-isRODC", "FALSE");
} else {
ldb_msg_add_string(msg, "msDS-isRODC", "TRUE");
}
return LDB_SUCCESS;
}
errno_t sysdb_get_rdn(struct sysdb_ctx *sysdb, TALLOC_CTX *mem_ctx,
const char *dn, char **_name, char **_val)
{
errno_t ret;
struct ldb_dn *ldb_dn;
const char *attr_name = NULL;
const struct ldb_val *val;
TALLOC_CTX *tmp_ctx;
/* We have to create a tmp_ctx here because
* ldb_dn_new_fmt() fails if mem_ctx is NULL
*/
tmp_ctx = talloc_new(NULL);
if (!tmp_ctx) {
return ENOMEM;
}
ldb_dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, "%s", dn);
if (ldb_dn == NULL) {
ret = ENOMEM;
goto done;
}
if (_name) {
attr_name = ldb_dn_get_rdn_name(ldb_dn);
if (attr_name == NULL) {
ret = EINVAL;
goto done;
}
*_name = talloc_strdup(mem_ctx, attr_name);
if (!*_name) {
ret = ENOMEM;
goto done;
}
}
val = ldb_dn_get_rdn_val(ldb_dn);
if (val == NULL) {
ret = EINVAL;
if (_name) talloc_free(*_name);
goto done;
}
*_val = talloc_strndup(mem_ctx, (char *) val->data, val->length);
if (!*_val) {
ret = ENOMEM;
if (_name) talloc_free(*_name);
goto done;
}
ret = EOK;
done:
talloc_zfree(tmp_ctx);
return ret;
}
/*==================Helper routines to process results================= */
const char *rdn_as_string(TALLOC_CTX *mem_ctx,
struct ldb_dn *dn)
{
const struct ldb_val *val;
val = ldb_dn_get_rdn_val(dn);
if (val == NULL) {
return NULL;
}
return ldb_dn_escape_value(mem_ctx, *val);
}
/*
rename a record
*/
static int lldb_rename(struct lldb_context *lldb_ac)
{
struct ldb_context *ldb;
struct lldb_private *lldb = lldb_ac->lldb;
struct ldb_module *module = lldb_ac->module;
struct ldb_request *req = lldb_ac->req;
const char *rdn_name;
const struct ldb_val *rdn_val;
char *old_dn;
char *newrdn;
char *parentdn;
int ret;
ldb = ldb_module_get_ctx(module);
ldb_request_set_state(req, LDB_ASYNC_PENDING);
old_dn = ldb_dn_alloc_linearized(lldb_ac, req->op.rename.olddn);
if (old_dn == NULL) {
return LDB_ERR_OPERATIONS_ERROR;
}
rdn_name = ldb_dn_get_rdn_name(req->op.rename.newdn);
rdn_val = ldb_dn_get_rdn_val(req->op.rename.newdn);
if ((rdn_name != NULL) && (rdn_val != NULL)) {
newrdn = talloc_asprintf(lldb_ac, "%s=%s", rdn_name,
rdn_val->length > 0 ? ldb_dn_escape_value(lldb, *rdn_val) : "");
} else {
newrdn = talloc_strdup(lldb_ac, "");
}
if (!newrdn) {
return LDB_ERR_OPERATIONS_ERROR;
}
parentdn = ldb_dn_alloc_linearized(lldb_ac, ldb_dn_get_parent(lldb_ac, req->op.rename.newdn));
if (!parentdn) {
return LDB_ERR_OPERATIONS_ERROR;
}
ret = ldap_rename(lldb->ldap, old_dn, newrdn, parentdn,
1, NULL, NULL,
&lldb_ac->msgid);
if (ret != LDAP_SUCCESS) {
ldb_set_errstring(ldb, ldap_err2string(ret));
}
return lldb_ldap_to_ldb(ret);
}
/*
perform a zone transfer
*/
_PUBLIC_ isc_result_t dlz_allnodes(const char *zone, void *dbdata,
dns_sdlzallnodes_t *allnodes)
{
struct dlz_bind9_data *state = talloc_get_type_abort(dbdata, struct dlz_bind9_data);
const char *attrs[] = { "dnsRecord", NULL };
int ret = LDB_SUCCESS, i, j;
struct ldb_dn *dn;
struct ldb_result *res;
TALLOC_CTX *tmp_ctx = talloc_new(state);
for (i=0; zone_prefixes[i]; i++) {
dn = ldb_dn_copy(tmp_ctx, ldb_get_default_basedn(state->samdb));
if (dn == NULL) {
talloc_free(tmp_ctx);
return ISC_R_NOMEMORY;
}
if (!ldb_dn_add_child_fmt(dn, "DC=%s,%s", zone, zone_prefixes[i])) {
talloc_free(tmp_ctx);
return ISC_R_NOMEMORY;
}
ret = ldb_search(state->samdb, tmp_ctx, &res, dn, LDB_SCOPE_SUBTREE,
attrs, "objectClass=dnsNode");
if (ret == LDB_SUCCESS) {
break;
}
}
if (ret != LDB_SUCCESS) {
talloc_free(tmp_ctx);
return ISC_R_NOTFOUND;
}
for (i=0; i<res->count; i++) {
struct ldb_message_element *el;
TALLOC_CTX *el_ctx = talloc_new(tmp_ctx);
const char *rdn, *name;
const struct ldb_val *v;
el = ldb_msg_find_element(res->msgs[i], "dnsRecord");
if (el == NULL || el->num_values == 0) {
state->log(ISC_LOG_INFO, "failed to find dnsRecord for %s",
ldb_dn_get_linearized(dn));
talloc_free(el_ctx);
continue;
}
v = ldb_dn_get_rdn_val(res->msgs[i]->dn);
if (v == NULL) {
state->log(ISC_LOG_INFO, "failed to find RDN for %s",
ldb_dn_get_linearized(dn));
talloc_free(el_ctx);
continue;
}
rdn = talloc_strndup(el_ctx, (char *)v->data, v->length);
if (rdn == NULL) {
talloc_free(tmp_ctx);
return ISC_R_NOMEMORY;
}
if (strcmp(rdn, "@") == 0) {
name = zone;
} else {
name = talloc_asprintf(el_ctx, "%s.%s", rdn, zone);
}
if (name == NULL) {
talloc_free(tmp_ctx);
return ISC_R_NOMEMORY;
}
for (j=0; j<el->num_values; j++) {
struct dnsp_DnssrvRpcRecord rec;
enum ndr_err_code ndr_err;
isc_result_t result;
ndr_err = ndr_pull_struct_blob(&el->values[j], el_ctx, &rec,
(ndr_pull_flags_fn_t)ndr_pull_dnsp_DnssrvRpcRecord);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
state->log(ISC_LOG_ERROR, "samba_dlz: failed to parse dnsRecord for %s",
ldb_dn_get_linearized(dn));
continue;
}
result = b9_putnamedrr(state, allnodes, name, &rec);
if (result != ISC_R_SUCCESS) {
continue;
}
}
}
talloc_free(tmp_ctx);
return ISC_R_SUCCESS;
}
static int samldb_fill_foreignSecurityPrincipal_object(struct ldb_module *module, const struct ldb_message *msg,
struct ldb_message **ret_msg)
{
struct ldb_message *msg2;
const char *rdn_name;
struct dom_sid *dom_sid;
struct dom_sid *sid;
const char *dom_attrs[] = { "name", NULL };
struct ldb_message **dom_msgs;
const char *errstr;
int ret;
TALLOC_CTX *mem_ctx = talloc_new(msg);
if (!mem_ctx) {
return LDB_ERR_OPERATIONS_ERROR;
}
/* build the new msg */
msg2 = ldb_msg_copy(mem_ctx, msg);
if (!msg2) {
ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_foreignSecurityPrincpal_object: ldb_msg_copy failed!\n");
talloc_free(mem_ctx);
return LDB_ERR_OPERATIONS_ERROR;
}
ret = samdb_copy_template(module->ldb, msg2,
"(&(CN=TemplateForeignSecurityPrincipal)(objectclass=foreignSecurityPrincipalTemplate))",
&errstr);
if (ret != 0) {
ldb_asprintf_errstring(module->ldb,
"samldb_fill_foreignSecurityPrincipal_object: "
"Error copying template: %s",
errstr);
talloc_free(mem_ctx);
return ret;
}
rdn_name = ldb_dn_get_rdn_name(msg2->dn);
if (strcasecmp(rdn_name, "cn") != 0) {
ldb_asprintf_errstring(module->ldb, "Bad RDN (%s=) for ForeignSecurityPrincipal, should be CN=!", rdn_name);
talloc_free(mem_ctx);
return LDB_ERR_CONSTRAINT_VIOLATION;
}
/* Slightly different for the foreign sids. We don't want
* domain SIDs ending up there, it would cause all sorts of
* pain */
sid = dom_sid_parse_talloc(msg2, (const char *)ldb_dn_get_rdn_val(msg2->dn)->data);
if (!sid) {
ldb_set_errstring(module->ldb, "No valid found SID in ForeignSecurityPrincipal CN!");
talloc_free(mem_ctx);
return LDB_ERR_CONSTRAINT_VIOLATION;
}
if ( ! samldb_msg_add_sid(module, msg2, "objectSid", sid)) {
talloc_free(sid);
return LDB_ERR_OPERATIONS_ERROR;
}
dom_sid = dom_sid_dup(mem_ctx, sid);
if (!dom_sid) {
talloc_free(mem_ctx);
return LDB_ERR_OPERATIONS_ERROR;
}
/* get the domain component part of the provided SID */
dom_sid->num_auths--;
/* find the domain DN */
ret = gendb_search(module->ldb,
mem_ctx, NULL, &dom_msgs, dom_attrs,
"(&(objectSid=%s)(objectclass=domain))",
ldap_encode_ndr_dom_sid(mem_ctx, dom_sid));
if (ret >= 1) {
/* We don't really like the idea of foreign sids that are not foreign, but it happens */
const char *name = samdb_result_string(dom_msgs[0], "name", NULL);
ldb_debug(module->ldb, LDB_DEBUG_TRACE, "NOTE (strange but valid): Adding foreign SID record with SID %s, but this domian (%s) is already in the database",
dom_sid_string(mem_ctx, sid), name);
} else if (ret == -1) {
ldb_asprintf_errstring(module->ldb,
"samldb_fill_foreignSecurityPrincipal_object: error searching for a domain with this sid: %s\n",
dom_sid_string(mem_ctx, dom_sid));
talloc_free(dom_msgs);
return LDB_ERR_OPERATIONS_ERROR;
}
/* This isn't an operation on a domain we know about, so just
* check for the SID, looking for duplicates via the common
* code */
ret = samldb_notice_sid(module, msg2, sid);
if (ret == 0) {
talloc_steal(msg, msg2);
*ret_msg = msg2;
}
return ret;
}
static WERROR dsdb_convert_object_ex(struct ldb_context *ldb,
const struct dsdb_schema *schema,
const struct drsuapi_DsReplicaObjectListItemEx *in,
const DATA_BLOB *gensec_skey,
TALLOC_CTX *mem_ctx,
struct dsdb_extended_replicated_object *out)
{
NTSTATUS nt_status;
WERROR status;
uint32_t i;
struct ldb_message *msg;
struct replPropertyMetaDataBlob *md;
struct ldb_val guid_value;
NTTIME whenChanged = 0;
time_t whenChanged_t;
const char *whenChanged_s;
const char *rdn_name = NULL;
const struct ldb_val *rdn_value = NULL;
const struct dsdb_attribute *rdn_attr = NULL;
uint32_t rdn_attid;
struct drsuapi_DsReplicaAttribute *name_a = NULL;
struct drsuapi_DsReplicaMetaData *name_d = NULL;
struct replPropertyMetaData1 *rdn_m = NULL;
struct dom_sid *sid = NULL;
uint32_t rid = 0;
int ret;
if (!in->object.identifier) {
return WERR_FOOBAR;
}
if (!in->object.identifier->dn || !in->object.identifier->dn[0]) {
return WERR_FOOBAR;
}
if (in->object.attribute_ctr.num_attributes != 0 && !in->meta_data_ctr) {
return WERR_FOOBAR;
}
if (in->object.attribute_ctr.num_attributes != in->meta_data_ctr->count) {
return WERR_FOOBAR;
}
sid = &in->object.identifier->sid;
if (sid->num_auths > 0) {
rid = sid->sub_auths[sid->num_auths - 1];
}
msg = ldb_msg_new(mem_ctx);
W_ERROR_HAVE_NO_MEMORY(msg);
msg->dn = ldb_dn_new(msg, ldb, in->object.identifier->dn);
W_ERROR_HAVE_NO_MEMORY(msg->dn);
rdn_name = ldb_dn_get_rdn_name(msg->dn);
rdn_attr = dsdb_attribute_by_lDAPDisplayName(schema, rdn_name);
if (!rdn_attr) {
return WERR_FOOBAR;
}
rdn_attid = rdn_attr->attributeID_id;
rdn_value = ldb_dn_get_rdn_val(msg->dn);
msg->num_elements = in->object.attribute_ctr.num_attributes;
msg->elements = talloc_array(msg, struct ldb_message_element,
msg->num_elements);
W_ERROR_HAVE_NO_MEMORY(msg->elements);
md = talloc(mem_ctx, struct replPropertyMetaDataBlob);
W_ERROR_HAVE_NO_MEMORY(md);
md->version = 1;
md->reserved = 0;
md->ctr.ctr1.count = in->meta_data_ctr->count;
md->ctr.ctr1.reserved = 0;
md->ctr.ctr1.array = talloc_array(mem_ctx,
struct replPropertyMetaData1,
md->ctr.ctr1.count + 1); /* +1 because of the RDN attribute */
W_ERROR_HAVE_NO_MEMORY(md->ctr.ctr1.array);
for (i=0; i < in->meta_data_ctr->count; i++) {
struct drsuapi_DsReplicaAttribute *a;
struct drsuapi_DsReplicaMetaData *d;
struct replPropertyMetaData1 *m;
struct ldb_message_element *e;
int j;
a = &in->object.attribute_ctr.attributes[i];
d = &in->meta_data_ctr->meta_data[i];
m = &md->ctr.ctr1.array[i];
e = &msg->elements[i];
for (j=0; j<a->value_ctr.num_values; j++) {
status = drsuapi_decrypt_attribute(a->value_ctr.values[j].blob, gensec_skey, rid, a);
W_ERROR_NOT_OK_RETURN(status);
}
status = dsdb_attribute_drsuapi_to_ldb(ldb, schema, a, msg->elements, e);
if (!NT_STATUS_IS_OK(status) && a->value_ctr.num_values == 0) {
/* w2k8-r2 occasionally sends bogus empty
attributes with rubbish attribute IDs. The
only think we can do is discard these */
DEBUG(0,(__location__ ": Discarding bogus empty DsReplicaAttribute with attid 0x%x\n",
a->attid));
ZERO_STRUCTP(e);
continue;
}
W_ERROR_NOT_OK_RETURN(status);
m->attid = a->attid;
m->version = d->version;
m->originating_change_time = d->originating_change_time;
m->originating_invocation_id = d->originating_invocation_id;
m->originating_usn = d->originating_usn;
m->local_usn = 0;
if (d->originating_change_time > whenChanged) {
whenChanged = d->originating_change_time;
}
if (a->attid == DRSUAPI_ATTRIBUTE_name) {
name_a = a;
name_d = d;
rdn_m = &md->ctr.ctr1.array[md->ctr.ctr1.count];
}
}
/* delete any empty elements */
for (i=0; i < msg->num_elements; i++) {
if (msg->elements[i].name == NULL) {
ldb_msg_remove_element(msg, &msg->elements[i]);
i--;
}
}
if (rdn_m) {
struct ldb_message_element *el;
el = ldb_msg_find_element(msg, rdn_attr->lDAPDisplayName);
if (!el) {
ret = ldb_msg_add_value(msg, rdn_attr->lDAPDisplayName, rdn_value, NULL);
if (ret != LDB_SUCCESS) {
return WERR_FOOBAR;
}
} else {
if (el->num_values != 1) {
DEBUG(0,(__location__ ": Unexpected num_values=%u\n",
el->num_values));
return WERR_FOOBAR;
}
if (!ldb_val_equal_exact(&el->values[0], rdn_value)) {
DEBUG(0,(__location__ ": RDN value changed? '%*.*s' '%*.*s'\n",
(int)el->values[0].length, (int)el->values[0].length, el->values[0].data,
(int)rdn_value->length, (int)rdn_value->length, rdn_value->data));
return WERR_FOOBAR;
}
}
rdn_m->attid = rdn_attid;
rdn_m->version = name_d->version;
rdn_m->originating_change_time = name_d->originating_change_time;
rdn_m->originating_invocation_id = name_d->originating_invocation_id;
rdn_m->originating_usn = name_d->originating_usn;
rdn_m->local_usn = 0;
md->ctr.ctr1.count++;
}
whenChanged_t = nt_time_to_unix(whenChanged);
whenChanged_s = ldb_timestring(msg, whenChanged_t);
W_ERROR_HAVE_NO_MEMORY(whenChanged_s);
nt_status = GUID_to_ndr_blob(&in->object.identifier->guid, msg, &guid_value);
if (!NT_STATUS_IS_OK(nt_status)) {
return ntstatus_to_werror(nt_status);
}
out->msg = msg;
out->guid_value = guid_value;
out->when_changed = whenChanged_s;
out->meta_data = md;
return WERR_OK;
}
WERROR dsdb_convert_object_ex(struct ldb_context *ldb,
const struct dsdb_schema *schema,
const struct dsdb_schema_prefixmap *pfm_remote,
const struct drsuapi_DsReplicaObjectListItemEx *in,
const DATA_BLOB *gensec_skey,
const uint32_t *ignore_attids,
uint32_t dsdb_repl_flags,
TALLOC_CTX *mem_ctx,
struct dsdb_extended_replicated_object *out)
{
NTSTATUS nt_status;
WERROR status = WERR_OK;
uint32_t i;
struct ldb_message *msg;
struct replPropertyMetaDataBlob *md;
int instanceType;
struct ldb_message_element *instanceType_e = NULL;
struct ldb_val guid_value;
struct ldb_val parent_guid_value;
NTTIME whenChanged = 0;
time_t whenChanged_t;
const char *whenChanged_s;
struct drsuapi_DsReplicaAttribute *name_a = NULL;
struct drsuapi_DsReplicaMetaData *name_d = NULL;
struct replPropertyMetaData1 *rdn_m = NULL;
struct dom_sid *sid = NULL;
uint32_t rid = 0;
uint32_t attr_count;
int ret;
if (!in->object.identifier) {
return WERR_FOOBAR;
}
if (!in->object.identifier->dn || !in->object.identifier->dn[0]) {
return WERR_FOOBAR;
}
if (in->object.attribute_ctr.num_attributes != 0 && !in->meta_data_ctr) {
return WERR_FOOBAR;
}
if (in->object.attribute_ctr.num_attributes != in->meta_data_ctr->count) {
return WERR_FOOBAR;
}
sid = &in->object.identifier->sid;
if (sid->num_auths > 0) {
rid = sid->sub_auths[sid->num_auths - 1];
}
msg = ldb_msg_new(mem_ctx);
W_ERROR_HAVE_NO_MEMORY(msg);
msg->dn = ldb_dn_new(msg, ldb, in->object.identifier->dn);
W_ERROR_HAVE_NO_MEMORY(msg->dn);
msg->num_elements = in->object.attribute_ctr.num_attributes;
msg->elements = talloc_array(msg, struct ldb_message_element,
msg->num_elements + 1); /* +1 because of the RDN attribute */
W_ERROR_HAVE_NO_MEMORY(msg->elements);
md = talloc(mem_ctx, struct replPropertyMetaDataBlob);
W_ERROR_HAVE_NO_MEMORY(md);
md->version = 1;
md->reserved = 0;
md->ctr.ctr1.count = in->meta_data_ctr->count;
md->ctr.ctr1.reserved = 0;
md->ctr.ctr1.array = talloc_array(mem_ctx,
struct replPropertyMetaData1,
md->ctr.ctr1.count + 1); /* +1 because of the RDN attribute */
W_ERROR_HAVE_NO_MEMORY(md->ctr.ctr1.array);
for (i=0, attr_count=0; i < in->meta_data_ctr->count; i++, attr_count++) {
struct drsuapi_DsReplicaAttribute *a;
struct drsuapi_DsReplicaMetaData *d;
struct replPropertyMetaData1 *m;
struct ldb_message_element *e;
uint32_t j;
a = &in->object.attribute_ctr.attributes[i];
d = &in->meta_data_ctr->meta_data[i];
m = &md->ctr.ctr1.array[attr_count];
e = &msg->elements[attr_count];
if (dsdb_attid_in_list(ignore_attids, a->attid)) {
attr_count--;
continue;
}
if (GUID_all_zero(&d->originating_invocation_id)) {
status = WERR_DS_SRC_GUID_MISMATCH;
DEBUG(0, ("Refusing replication of object containing invalid zero invocationID on attribute %d of %s: %s\n",
a->attid,
ldb_dn_get_linearized(msg->dn),
win_errstr(status)));
return status;
}
if (a->attid == DRSUAPI_ATTID_instanceType) {
if (instanceType_e != NULL) {
return WERR_FOOBAR;
}
instanceType_e = e;
}
for (j=0; j<a->value_ctr.num_values; j++) {
status = drsuapi_decrypt_attribute(a->value_ctr.values[j].blob,
gensec_skey, rid,
dsdb_repl_flags, a);
if (!W_ERROR_IS_OK(status)) {
break;
}
}
if (W_ERROR_EQUAL(status, WERR_TOO_MANY_SECRETS)) {
WERROR get_name_status = dsdb_attribute_drsuapi_to_ldb(ldb, schema, pfm_remote,
a, msg->elements, e);
if (W_ERROR_IS_OK(get_name_status)) {
DEBUG(0, ("Unxpectedly got secret value %s on %s from DRS server\n",
e->name, ldb_dn_get_linearized(msg->dn)));
} else {
DEBUG(0, ("Unxpectedly got secret value on %s from DRS server",
ldb_dn_get_linearized(msg->dn)));
}
} else if (!W_ERROR_IS_OK(status)) {
return status;
}
status = dsdb_attribute_drsuapi_to_ldb(ldb, schema, pfm_remote,
a, msg->elements, e);
W_ERROR_NOT_OK_RETURN(status);
m->attid = a->attid;
m->version = d->version;
m->originating_change_time = d->originating_change_time;
m->originating_invocation_id = d->originating_invocation_id;
m->originating_usn = d->originating_usn;
m->local_usn = 0;
if (d->originating_change_time > whenChanged) {
whenChanged = d->originating_change_time;
}
if (a->attid == DRSUAPI_ATTID_name) {
name_a = a;
name_d = d;
}
}
msg->num_elements = attr_count;
md->ctr.ctr1.count = attr_count;
if (name_a) {
rdn_m = &md->ctr.ctr1.array[md->ctr.ctr1.count];
}
if (rdn_m) {
struct ldb_message_element *el;
const char *rdn_name = NULL;
const struct ldb_val *rdn_value = NULL;
const struct dsdb_attribute *rdn_attr = NULL;
uint32_t rdn_attid;
/*
* We only need the schema calls for the RDN in this
* codepath, and by doing this we avoid needing to
* have the dsdb_attribute_by_lDAPDisplayName accessor
* working during the schema load.
*/
rdn_name = ldb_dn_get_rdn_name(msg->dn);
rdn_attr = dsdb_attribute_by_lDAPDisplayName(schema, rdn_name);
if (!rdn_attr) {
return WERR_FOOBAR;
}
rdn_attid = rdn_attr->attributeID_id;
rdn_value = ldb_dn_get_rdn_val(msg->dn);
el = ldb_msg_find_element(msg, rdn_attr->lDAPDisplayName);
if (!el) {
ret = ldb_msg_add_value(msg, rdn_attr->lDAPDisplayName, rdn_value, NULL);
if (ret != LDB_SUCCESS) {
return WERR_FOOBAR;
}
} else {
if (el->num_values != 1) {
DEBUG(0,(__location__ ": Unexpected num_values=%u\n",
el->num_values));
return WERR_FOOBAR;
}
if (!ldb_val_equal_exact(&el->values[0], rdn_value)) {
DEBUG(0,(__location__ ": RDN value changed? '%*.*s' '%*.*s'\n",
(int)el->values[0].length, (int)el->values[0].length, el->values[0].data,
(int)rdn_value->length, (int)rdn_value->length, rdn_value->data));
return WERR_FOOBAR;
}
}
rdn_m->attid = rdn_attid;
rdn_m->version = name_d->version;
rdn_m->originating_change_time = name_d->originating_change_time;
rdn_m->originating_invocation_id = name_d->originating_invocation_id;
rdn_m->originating_usn = name_d->originating_usn;
rdn_m->local_usn = 0;
md->ctr.ctr1.count++;
}
if (instanceType_e == NULL) {
return WERR_FOOBAR;
}
instanceType = ldb_msg_find_attr_as_int(msg, "instanceType", 0);
if (dsdb_repl_flags & DSDB_REPL_FLAG_PARTIAL_REPLICA) {
/* the instanceType type for partial_replica
replication is sent via DRS with TYPE_WRITE set, but
must be used on the client with TYPE_WRITE removed
*/
if (instanceType & INSTANCE_TYPE_WRITE) {
/*
* Make sure we do not change the order
* of msg->elements!
*
* That's why we use
* instanceType_e->num_values = 0
* instead of
* ldb_msg_remove_attr(msg, "instanceType");
*/
struct ldb_message_element *e;
e = ldb_msg_find_element(msg, "instanceType");
if (e != instanceType_e) {
DEBUG(0,("instanceType_e[%p] changed to e[%p]\n",
instanceType_e, e));
return WERR_FOOBAR;
}
instanceType_e->num_values = 0;
instanceType &= ~INSTANCE_TYPE_WRITE;
if (ldb_msg_add_fmt(msg, "instanceType", "%d", instanceType) != LDB_SUCCESS) {
return WERR_INTERNAL_ERROR;
}
}
} else {
if (!(instanceType & INSTANCE_TYPE_WRITE)) {
DEBUG(0, ("Refusing to replicate %s from a read-only repilca into a read-write replica!\n",
ldb_dn_get_linearized(msg->dn)));
return WERR_DS_DRA_SOURCE_IS_PARTIAL_REPLICA;
}
}
whenChanged_t = nt_time_to_unix(whenChanged);
whenChanged_s = ldb_timestring(msg, whenChanged_t);
W_ERROR_HAVE_NO_MEMORY(whenChanged_s);
nt_status = GUID_to_ndr_blob(&in->object.identifier->guid, msg, &guid_value);
if (!NT_STATUS_IS_OK(nt_status)) {
return ntstatus_to_werror(nt_status);
}
if (in->parent_object_guid) {
nt_status = GUID_to_ndr_blob(in->parent_object_guid, msg, &parent_guid_value);
if (!NT_STATUS_IS_OK(nt_status)) {
return ntstatus_to_werror(nt_status);
}
} else {
parent_guid_value = data_blob_null;
}
out->msg = msg;
out->guid_value = guid_value;
out->parent_guid_value = parent_guid_value;
out->when_changed = whenChanged_s;
out->meta_data = md;
return WERR_OK;
}
static int rdn_name_add(struct ldb_module *module, struct ldb_request *req)
{
struct ldb_context *ldb;
struct ldb_request *down_req;
struct rename_context *ac;
struct ldb_message *msg;
struct ldb_message_element *attribute;
const struct ldb_schema_attribute *a;
const char *rdn_name;
struct ldb_val rdn_val;
int i, ret;
ldb = ldb_module_get_ctx(module);
/* do not manipulate our control entries */
if (ldb_dn_is_special(req->op.add.message->dn)) {
return ldb_next_request(module, req);
}
ac = talloc_zero(req, struct rename_context);
if (ac == NULL) {
return LDB_ERR_OPERATIONS_ERROR;
}
ac->module = module;
ac->req = req;
msg = ldb_msg_copy_shallow(req, req->op.add.message);
if (msg == NULL) {
return LDB_ERR_OPERATIONS_ERROR;
}
rdn_name = ldb_dn_get_rdn_name(msg->dn);
if (rdn_name == NULL) {
return LDB_ERR_OPERATIONS_ERROR;
}
rdn_val = ldb_val_dup(msg, ldb_dn_get_rdn_val(msg->dn));
/* Perhaps someone above us tried to set this? */
if ((attribute = rdn_name_find_attribute(msg, "name")) != NULL ) {
attribute->num_values = 0;
}
if (ldb_msg_add_value(msg, "name", &rdn_val, NULL) != 0) {
return LDB_ERR_OPERATIONS_ERROR;
}
attribute = rdn_name_find_attribute(msg, rdn_name);
if (!attribute) {
if (ldb_msg_add_value(msg, rdn_name, &rdn_val, NULL) != 0) {
return LDB_ERR_OPERATIONS_ERROR;
}
} else {
a = ldb_schema_attribute_by_name(ldb, rdn_name);
for (i = 0; i < attribute->num_values; i++) {
ret = a->syntax->comparison_fn(ldb, msg,
&rdn_val, &attribute->values[i]);
if (ret == 0) {
/* overwrite so it matches in case */
attribute->values[i] = rdn_val;
break;
}
}
if (i == attribute->num_values) {
char *rdn_errstring = talloc_asprintf(ac,
"RDN mismatch on %s: %s (%.*s) should match one of:",
ldb_dn_get_linearized(msg->dn), rdn_name,
(int)rdn_val.length, (const char *)rdn_val.data);
for (i = 0; i < attribute->num_values; i++) {
rdn_errstring = talloc_asprintf_append(
rdn_errstring, " (%.*s)",
(int)attribute->values[i].length,
(const char *)attribute->values[i].data);
}
ldb_set_errstring(ldb, rdn_errstring);
/* Match AD's error here */
return LDB_ERR_INVALID_DN_SYNTAX;
}
}
ret = ldb_build_add_req(&down_req, ldb, req,
msg,
req->controls,
ac, rdn_name_add_callback,
req);
if (ret != LDB_SUCCESS) {
return ret;
}
talloc_steal(down_req, msg);
/* go on with the call chain */
return ldb_next_request(module, down_req);
}
static int rdn_rename_callback(struct ldb_request *req, struct ldb_reply *ares)
{
struct ldb_context *ldb;
struct rename_context *ac;
struct ldb_request *mod_req;
const char *rdn_name;
struct ldb_val rdn_val;
struct ldb_message *msg;
int ret;
ac = talloc_get_type(req->context, struct rename_context);
ldb = ldb_module_get_ctx(ac->module);
if (!ares) {
goto error;
}
if (ares->error != LDB_SUCCESS) {
return ldb_module_done(ac->req, ares->controls,
ares->response, ares->error);
}
/* the only supported reply right now is a LDB_REPLY_DONE */
if (ares->type != LDB_REPLY_DONE) {
goto error;
}
/* save reply for caller */
ac->ares = talloc_steal(ac, ares);
msg = ldb_msg_new(ac);
if (msg == NULL) {
goto error;
}
msg->dn = ldb_dn_copy(msg, ac->req->op.rename.newdn);
if (msg->dn == NULL) {
goto error;
}
rdn_name = ldb_dn_get_rdn_name(ac->req->op.rename.newdn);
if (rdn_name == NULL) {
goto error;
}
rdn_val = ldb_val_dup(msg, ldb_dn_get_rdn_val(ac->req->op.rename.newdn));
if (ldb_msg_add_empty(msg, rdn_name, LDB_FLAG_MOD_REPLACE, NULL) != 0) {
goto error;
}
if (ldb_msg_add_value(msg, rdn_name, &rdn_val, NULL) != 0) {
goto error;
}
if (ldb_msg_add_empty(msg, "name", LDB_FLAG_MOD_REPLACE, NULL) != 0) {
goto error;
}
if (ldb_msg_add_value(msg, "name", &rdn_val, NULL) != 0) {
goto error;
}
ret = ldb_build_mod_req(&mod_req, ldb,
ac, msg, NULL,
ac, rdn_modify_callback,
req);
if (ret != LDB_SUCCESS) {
return ldb_module_done(ac->req, NULL, NULL, ret);
}
talloc_steal(mod_req, msg);
/* go on with the call chain */
return ldb_next_request(ac->module, mod_req);
error:
return ldb_module_done(ac->req, NULL, NULL,
LDB_ERR_OPERATIONS_ERROR);
}
