# End MODULE ldb_samldb
################################################
-################################################
-# Start MODULE ldb_proxy
-[MODULE::ldb_proxy]
-SUBSYSTEM = ldb
-INIT_FUNCTION = proxy_module_init
-OBJ_FILES = \
- proxy.o
-#
-# End MODULE ldb_proxy
-################################################
+# ################################################
+# # Start MODULE ldb_proxy
+# [MODULE::ldb_proxy]
+# SUBSYSTEM = ldb
+# INIT_FUNCTION = proxy_module_init
+# OBJ_FILES = \
+# proxy.o
+#
+# # End MODULE ldb_proxy
+# ################################################
################################################
return True;
}
-/* search */
-static int extended_search(struct ldb_module *module, struct ldb_control *control, struct ldb_request *req)
-{
- struct ldb_result *extended_result;
- struct ldb_control **saved_controls;
- struct ldb_extended_dn_control *extended_ctrl;
- int i, ret;
- const char * const *saved_attrs = NULL;
- char **new_attrs;
- BOOL remove_guid = False;
- BOOL remove_sid = False;
-
- extended_ctrl = talloc_get_type(control->data, struct ldb_extended_dn_control);
- if (!extended_ctrl) {
- return LDB_ERR_PROTOCOL_ERROR;
- }
-
- /* save it locally and remove it from the list */
- if (!save_controls(control, req, &saved_controls)) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- /* check if attrs only is specified, in that case check wether we need to modify them */
- if (req->op.search.attrs) {
- if (! is_attr_in_list(req->op.search.attrs, "objectGUID")) {
- remove_guid = True;
- }
- if (! is_attr_in_list(req->op.search.attrs, "objectSID")) {
- remove_sid = True;
- }
- if (remove_guid || remove_sid) {
- new_attrs = copy_attrs(req, req->op.search.attrs);
- if (!new_attrs)
- return LDB_ERR_OPERATIONS_ERROR;
-
- saved_attrs = req->op.search.attrs;
-
- if (remove_guid) {
- if (!add_attrs(req, &new_attrs, "objectGUID"))
- return LDB_ERR_OPERATIONS_ERROR;
- }
- if (remove_sid) {
- if (!add_attrs(req, &new_attrs, "objectSID"))
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- req->op.search.attrs = (const char * const *)new_attrs;
- }
- }
-
- ret = ldb_next_request(module, req);
-
- /* put request back into original shape */
- /* TODO: build a new req and don't touch the original one */
-
- if (req->controls) talloc_free(req->controls);
- req->controls = saved_controls;
-
- if (saved_attrs) {
- talloc_free(new_attrs);
- req->op.search.attrs = saved_attrs;
- }
-
- if (ret != LDB_SUCCESS) {
- return ret;
- }
-
- extended_result = req->op.search.res;
-
- for (i = 0; i < extended_result->count; i++) {
- /* TODO: the following funtion updates only dn and
- * distinguishedName. We still need to address other
- * DN entries like objectCategory
- */
- if (!inject_extended_dn(extended_result->msgs[i],
- extended_ctrl->type,
- remove_guid, remove_sid)) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
- }
-
- return LDB_SUCCESS;
-}
-
/* search */
struct extended_async_context {
return ret;
}
-static int extended_request(struct ldb_module *module, struct ldb_request *req)
-{
- struct ldb_control *control;
-
- /* check if there's an extended dn control */
- control = get_control_from_list(req->controls, LDB_CONTROL_EXTENDED_DN_OID);
- if (control == NULL) {
- /* not found go on */
- return ldb_next_request(module, req);
- }
-
- switch (req->operation) {
-
- case LDB_REQ_SEARCH:
- return extended_search(module, control, req);
-
- default:
- return LDB_ERR_OPERATIONS_ERROR;
-
- }
-}
-
static int extended_init(struct ldb_module *module)
{
struct ldb_request *req;
static const struct ldb_module_ops extended_dn_ops = {
.name = "extended_dn",
.search = extended_search_async,
- .request = extended_request,
.init_context = extended_init
};
session_info->server_info->account_name);
}
-/* search */
-static int kludge_acl_search(struct ldb_module *module, struct ldb_request *req)
-{
- struct kludge_private_data *data = talloc_get_type(module->private_data, struct kludge_private_data);
- struct ldb_message *msg;
- enum user_is user_type;
- int i, j, ret;
-
- /* go down the path and wait for reply to filter out stuff if needed */
- ret = ldb_next_request(module, req);
-
- /* We may not be fully initialised yet, or we might have just
- * got an error */
- if (ret != LDB_SUCCESS || !data->password_attrs) {
- return ret;
- }
-
- user_type = what_is_user(module);
- switch (user_type) {
- case SYSTEM:
- case ADMINISTRATOR:
- return ret;
- default:
- /* For every message, remove password attributes */
- for (i=0; i < req->op.search.res->count; i++) {
- msg = req->op.search.res->msgs[i];
- for (j=0; data->password_attrs[j]; j++) {
- ldb_msg_remove_attr(msg, data->password_attrs[j]);
- }
- }
- }
- return ret;
-}
-
/* search */
struct kludge_acl_async_context {
return ldb_next_del_trans(module);
}
-static int kludge_acl_request(struct ldb_module *module, struct ldb_request *req)
-{
- switch (req->operation) {
-
- case LDB_REQ_ADD:
- case LDB_REQ_MODIFY:
- case LDB_REQ_DELETE:
- case LDB_REQ_RENAME:
- return kludge_acl_change(module, req);
-
- case LDB_REQ_SEARCH:
- return kludge_acl_search(module, req);
-
- case LDB_REQ_REGISTER:
- return ldb_next_request(module, req);
-
- default:
- /* anything else must be something new, let's throw an error */
- return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
- }
-}
-
static int kludge_acl_init(struct ldb_module *module)
{
int ret, i;
.modify = kludge_acl_change,
.del = kludge_acl_change,
.rename = kludge_acl_change,
- .request = kludge_acl_request,
.start_transaction = kludge_acl_start_trans,
.end_transaction = kludge_acl_end_trans,
.del_transaction = kludge_acl_del_trans,
/* add_record: add objectGUID attribute */
static int objectguid_add(struct ldb_module *module, struct ldb_request *req)
-{
- struct ldb_message *msg = req->op.add.message;
- struct ldb_val v;
- struct ldb_message *msg2;
- struct ldb_message_element *attribute;
- struct GUID guid;
- NTSTATUS nt_status;
- int ret, i;
-
- ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_add_record\n");
-
- if (ldb_dn_is_special(msg->dn)) { /* do not manipulate our control entries */
- return ldb_next_request(module, req);
- }
-
- if ((attribute = objectguid_find_attribute(msg, "objectGUID")) != NULL ) {
- return ldb_next_request(module, req);
- }
-
- msg2 = talloc(module, struct ldb_message);
- if (!msg2) {
- return -1;
- }
-
- msg2->dn = msg->dn;
- msg2->num_elements = msg->num_elements;
- msg2->private_data = msg->private_data;
- msg2->elements = talloc_array(msg2, struct ldb_message_element, msg2->num_elements);
- for (i = 0; i < msg2->num_elements; i++) {
- msg2->elements[i] = msg->elements[i];
- }
-
- /* a new GUID */
- guid = GUID_random();
-
- nt_status = ndr_push_struct_blob(&v, msg2, &guid,
- (ndr_push_flags_fn_t)ndr_push_GUID);
- if (!NT_STATUS_IS_OK(nt_status)) {
- return -1;
- }
-
- ret = ldb_msg_add_value(msg2, "objectGUID", &v);
- if (ret) {
- return ret;
- }
-
- req->op.add.message = msg2;
- ret = ldb_next_request(module, req);
- req->op.add.message = msg;
-
- talloc_free(msg2);
-
- return ret;
-}
-
-static int objectguid_add_async(struct ldb_module *module, struct ldb_request *req)
{
struct ldb_request *down_req;
struct ldb_message_element *attribute;
return ret;
}
-static int objectguid_request(struct ldb_module *module, struct ldb_request *req)
-{
- switch (req->operation) {
-
- case LDB_REQ_ADD:
- return objectguid_add(module, req);
-
- default:
- return ldb_next_request(module, req);
-
- }
-}
-
static const struct ldb_module_ops objectguid_ops = {
.name = "objectguid",
- .add = objectguid_add_async,
- .request = objectguid_request
+ .add = objectguid_add,
};
*
*/
-
-static int password_hash_handle(struct ldb_module *module, struct ldb_request *req,
- const struct ldb_message *msg)
-{
- int ret, old_ret = -1;
- uint_t pwdProperties, pwdHistoryLength;
- uint_t userAccountControl;
- const char *dnsDomain, *realm;
- const char *sambaPassword = NULL;
- struct samr_Password *sambaLMPwdHistory, *sambaNTPwdHistory;
- struct samr_Password *lmPwdHash, *ntPwdHash;
- struct samr_Password *lmOldHash = NULL, *ntOldHash = NULL;
- struct samr_Password *new_sambaLMPwdHistory, *new_sambaNTPwdHistory;
- struct samr_Password local_lmNewHash, local_ntNewHash;
- int sambaLMPwdHistory_len, sambaNTPwdHistory_len;
- uint_t kvno;
- struct dom_sid *domain_sid;
- time_t now = time(NULL);
- NTTIME now_nt;
- int i;
- krb5_error_code krb5_ret;
-
- struct smb_krb5_context *smb_krb5_context;
-
- struct ldb_message_element *attribute;
- struct ldb_dn *dn = msg->dn;
- struct ldb_message *msg2;
-
- struct ldb_request *search_request = NULL;
- struct ldb_request *modify_request;
- struct ldb_request *modified_orig_request;
- struct ldb_result *res, *dom_res, *old_res;
-
- struct ldb_message_element *objectclasses;
- struct ldb_val computer_val;
- struct ldb_val person_val;
- BOOL is_computer;
-
- struct ldb_message *modify_msg;
-
- const char *domain_expression;
- const char *old_user_attrs[] = { "lmPwdHash", "ntPwdHash", NULL };
- const char *user_attrs[] = { "userAccountControl", "sambaLMPwdHistory",
- "sambaNTPwdHistory",
- "ntPwdHash",
- "objectSid", "msDS-KeyVersionNumber",
- "objectClass", "userPrincipalName",
- "samAccountName",
- NULL };
- const char * const domain_attrs[] = { "pwdProperties", "pwdHistoryLength",
- "dnsDomain", NULL };
-
- TALLOC_CTX *mem_ctx;
-
- /* Do the original action */
-
- mem_ctx = talloc_new(module);
- if (!mem_ctx) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- if (req->operation == LDB_REQ_MODIFY) {
- search_request = talloc(mem_ctx, struct ldb_request);
- if (!search_request) {
- talloc_free(mem_ctx);
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- /* Look up the old ntPwdHash and lmPwdHash values, so
- * we can later place these into the password
- * history */
-
- search_request->operation = LDB_REQ_SEARCH;
- search_request->op.search.base = dn;
- search_request->op.search.scope = LDB_SCOPE_BASE;
- search_request->op.search.tree = ldb_parse_tree(module->ldb, NULL);
- search_request->op.search.attrs = old_user_attrs;
- search_request->controls = NULL;
-
- old_ret = ldb_next_request(module, search_request);
- }
-
- /* we can't change things untill we copy it */
- msg2 = ldb_msg_copy_shallow(mem_ctx, msg);
-
- /* look again, this time at the copied attribute */
- if (!msg2 || (attribute = ldb_msg_find_element(msg2, "sambaPassword")) == NULL ) {
- talloc_free(mem_ctx);
- /* Gah? where did it go? Oh well... */
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- /* Wipe out the sambaPassword attribute set, we will handle it in
- * the second modify. We might not want it written to disk */
-
- if (req->operation == LDB_REQ_ADD) {
- if (attribute->num_values > 1) {
- ldb_set_errstring(module->ldb,
- talloc_asprintf(mem_ctx, "sambaPassword_handle: "
- "attempted set of multiple sambaPassword attributes on %s rejected",
- ldb_dn_linearize(mem_ctx, dn)));
- talloc_free(mem_ctx);
- return LDB_ERR_CONSTRAINT_VIOLATION;
- }
-
- if (attribute->num_values == 1) {
- sambaPassword = (const char *)attribute->values[0].data;
- ldb_msg_remove_attr(msg2, "sambaPassword");
- }
- } else if (((attribute->flags & LDB_FLAG_MOD_MASK) == LDB_FLAG_MOD_ADD)
- || ((attribute->flags & LDB_FLAG_MOD_MASK) == LDB_FLAG_MOD_REPLACE)) {
- if (attribute->num_values > 1) {
- ldb_set_errstring(module->ldb,
- talloc_asprintf(mem_ctx, "sambaPassword_handle: "
- "attempted set of multiple sambaPassword attributes on %s rejected",
- ldb_dn_linearize(mem_ctx, dn)));
- talloc_free(mem_ctx);
- return LDB_ERR_CONSTRAINT_VIOLATION;
- }
-
- if (attribute->num_values == 1) {
- sambaPassword = (const char *)attribute->values[0].data;
- ldb_msg_remove_attr(msg2, "sambaPassword");
- }
- }
-
- modified_orig_request = talloc(mem_ctx, struct ldb_request);
- if (!modified_orig_request) {
- talloc_free(mem_ctx);
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- *modified_orig_request = *req;
- switch (modified_orig_request->operation) {
- case LDB_REQ_ADD:
- modified_orig_request->op.add.message = msg2;
- break;
- case LDB_REQ_MODIFY:
- modified_orig_request->op.mod.message = msg2;
- break;
- default:
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- /* Send the (modified) request of the original caller down to the database */
- ret = ldb_next_request(module, modified_orig_request);
- if (ret) {
- talloc_free(mem_ctx);
- return ret;
- }
-
- /* While we do the search first (for the old password hashes),
- * we don't want to override any error that the modify may
- * have returned. Now check the error */
- if (req->operation == LDB_REQ_MODIFY) {
- if (old_ret) {
- talloc_free(mem_ctx);
- return old_ret;
- }
-
- /* Find out the old passwords details of the user */
- old_res = search_request->op.search.res;
- talloc_steal(mem_ctx, old_res);
- talloc_free(search_request);
-
- if (old_res->count != 1) {
- ldb_set_errstring(module->ldb,
- talloc_asprintf(mem_ctx, "password_hash_handle: "
- "(pre) search for %s found %d != 1 objects, for entry we just modified",
- ldb_dn_linearize(mem_ctx, dn),
- old_res->count));
- /* What happend? The above add/modify worked... */
- talloc_free(mem_ctx);
- return LDB_ERR_NO_SUCH_OBJECT;
- }
-
- lmOldHash = samdb_result_hash(mem_ctx, old_res->msgs[0], "lmPwdHash");
- ntOldHash = samdb_result_hash(mem_ctx, old_res->msgs[0], "ntPwdHash");
- }
-
- /* Start finding out details we need for the second modify.
- * We do this after the first add/modify because other modules
- * will have filled in the templates, and we may have had
- * things like the username (affecting the salt) changed along
- * with the password. */
-
- /* Now find out what is on the entry after the above add/modify */
- search_request = talloc(mem_ctx, struct ldb_request);
- if (!search_request) {
- talloc_free(mem_ctx);
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- search_request->operation = LDB_REQ_SEARCH;
- search_request->op.search.base = dn;
- search_request->op.search.scope = LDB_SCOPE_BASE;
- search_request->op.search.tree = ldb_parse_tree(module->ldb, NULL);
- search_request->op.search.attrs = user_attrs;
- search_request->controls = NULL;
-
- ret = ldb_next_request(module, search_request);
- if (ret) {
- talloc_free(mem_ctx);
- return ret;
- }
-
- /* Find out the full details of the user */
- res = search_request->op.search.res;
- talloc_steal(mem_ctx, res);
- talloc_free(search_request);
-
- if (res->count != 1) {
- ldb_set_errstring(module->ldb,
- talloc_asprintf(mem_ctx, "password_hash_handle: "
- "search for %s found %d != 1 objects, for entry we just added/modified",
- ldb_dn_linearize(mem_ctx, dn),
- res->count));
- /* What happend? The above add/modify worked... */
- talloc_free(mem_ctx);
- return LDB_ERR_NO_SUCH_OBJECT;
- }
-
- userAccountControl = samdb_result_uint(res->msgs[0], "userAccountControl", 0);
- sambaLMPwdHistory_len = samdb_result_hashes(mem_ctx, res->msgs[0],
- "sambaLMPwdHistory", &sambaLMPwdHistory);
- sambaNTPwdHistory_len = samdb_result_hashes(mem_ctx, res->msgs[0],
- "sambaNTPwdHistory", &sambaNTPwdHistory);
- ntPwdHash = samdb_result_hash(mem_ctx, res->msgs[0], "ntPwdHash");
- kvno = samdb_result_uint(res->msgs[0], "msDS-KeyVersionNumber", 0);
-
- domain_sid = samdb_result_sid_prefix(mem_ctx, res->msgs[0], "objectSid");
-
-
- objectclasses = ldb_msg_find_element(res->msgs[0], "objectClass");
- person_val = data_blob_string_const("person");
-
- if (!objectclasses || !ldb_msg_find_val(objectclasses, &person_val)) {
- /* Not a 'person', so the rest of this doesn't make
- * sense. How we got a sambaPassword this far I don't
- * know... */
- ldb_set_errstring(module->ldb,
- talloc_asprintf(mem_ctx, "password_hash_handle: "
- "attempted set of sambaPassword on non-'person' object %s rejected",
- ldb_dn_linearize(mem_ctx, dn)));
- talloc_free(mem_ctx);
- return LDB_ERR_CONSTRAINT_VIOLATION;
- }
-
- computer_val = data_blob_string_const("computer");
-
- if (ldb_msg_find_val(objectclasses, &computer_val)) {
- is_computer = True;
- } else {
- is_computer = False;
- }
-
- domain_expression = talloc_asprintf(mem_ctx, "(&(objectSid=%s)(objectClass=domain))",
- ldap_encode_ndr_dom_sid(mem_ctx, domain_sid));
-
- /* Find the user's domain, then find out the domain password
- * properties */
- ret = ldb_search(module->ldb, NULL, LDB_SCOPE_SUBTREE, domain_expression,
- domain_attrs, &dom_res);
- if (ret) {
- talloc_free(mem_ctx);
- return ret;
- }
-
- if (dom_res->count != 1) {
- /* What happend? The user we are modifying must be odd... */
- ldb_set_errstring(module->ldb,
- talloc_asprintf(mem_ctx, "password_hash_handle: "
- "search for domain %s found %d != 1 objects",
- dom_sid_string(mem_ctx, domain_sid),
- dom_res->count));
- talloc_free(mem_ctx);
- return LDB_ERR_NO_SUCH_OBJECT;
- }
-
- pwdProperties = samdb_result_uint(dom_res->msgs[0], "pwdProperties", 0);
- pwdHistoryLength = samdb_result_uint(dom_res->msgs[0], "pwdHistoryLength", 0);
- dnsDomain = ldb_msg_find_string(dom_res->msgs[0], "dnsDomain", NULL);
- realm = strupper_talloc(mem_ctx, dnsDomain);
-
- /* Some operations below require kerberos contexts */
- if (smb_krb5_init_context(mem_ctx, &smb_krb5_context) != 0) {
- talloc_free(mem_ctx);
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- /* Prepare the modifications to set all the hash/key types */
- modify_msg = ldb_msg_new(req);
- modify_msg->dn = talloc_reference(modify_msg, dn);
-
-#define CHECK_RET(x) \
- do { \
- int check_ret = x; \
- if (check_ret != LDB_SUCCESS) { \
- talloc_free(mem_ctx); \
- return check_ret; \
- } \
- } while(0)
-
- /* Setup krb5Key (we want to either delete an existing value,
- * or replace with a new one). Both the unicode and NT hash
- * only branches append keys to this multivalued entry. */
- CHECK_RET(ldb_msg_add_empty(modify_msg, "krb5Key", LDB_FLAG_MOD_REPLACE));
-
- /* Yay, we can compute new password hashes from the unicode
- * password */
- if (sambaPassword) {
- Principal *salt_principal;
- const char *user_principal_name = ldb_msg_find_string(res->msgs[0], "userPrincipalName", NULL);
-
- Key *keys;
- size_t num_keys;
-
- /* compute the new nt and lm hashes */
- if (E_deshash(sambaPassword, local_lmNewHash.hash)) {
- lmPwdHash = &local_lmNewHash;
- } else {
- lmPwdHash = NULL;
- }
- E_md4hash(sambaPassword, local_ntNewHash.hash);
- ntPwdHash = &local_ntNewHash;
- CHECK_RET(ldb_msg_add_empty(modify_msg, "ntPwdHash",
- LDB_FLAG_MOD_REPLACE));
- CHECK_RET(samdb_msg_add_hash(module->ldb, req,
- modify_msg, "ntPwdHash",
- ntPwdHash));
- CHECK_RET(ldb_msg_add_empty(modify_msg, "lmPwdHash",
- LDB_FLAG_MOD_REPLACE));
- if (lmPwdHash) {
- CHECK_RET(samdb_msg_add_hash(module->ldb, req,
- modify_msg, "lmPwdHash",
- lmPwdHash));
- }
-
- /* Many, many thanks to lukeh@padl.com for this
- * algorithm, described in his Nov 10 2004 mail to
- * samba-technical@samba.org */
-
- if (is_computer) {
- /* Determine a salting principal */
- char *samAccountName = talloc_strdup(mem_ctx, ldb_msg_find_string(res->msgs[0], "samAccountName", NULL));
- char *saltbody;
- if (!samAccountName) {
- ldb_set_errstring(module->ldb,
- talloc_asprintf(mem_ctx, "password_hash_handle: "
- "generation of new kerberos keys failed: %s is a computer without a samAccountName",
- ldb_dn_linearize(mem_ctx, dn)));
- talloc_free(mem_ctx);
- return LDB_ERR_OPERATIONS_ERROR;
- }
- if (samAccountName[strlen(samAccountName)-1] == '$') {
- samAccountName[strlen(samAccountName)-1] = '\0';
- }
- saltbody = talloc_asprintf(mem_ctx, "%s.%s", samAccountName, dnsDomain);
-
- krb5_ret = krb5_make_principal(smb_krb5_context->krb5_context, &salt_principal, realm, "host", saltbody, NULL);
- } else if (user_principal_name) {
- char *p;
- user_principal_name = talloc_strdup(mem_ctx, user_principal_name);
- if (!user_principal_name) {
- talloc_free(mem_ctx);
- return LDB_ERR_OPERATIONS_ERROR;
- } else {
- p = strchr(user_principal_name, '@');
- if (p) {
- p[0] = '\0';
- }
- krb5_ret = krb5_make_principal(smb_krb5_context->krb5_context, &salt_principal, realm, user_principal_name, NULL);
- }
- } else {
- const char *samAccountName = ldb_msg_find_string(res->msgs[0], "samAccountName", NULL);
- if (!samAccountName) {
- ldb_set_errstring(module->ldb,
- talloc_asprintf(mem_ctx, "password_hash_handle: "
- "generation of new kerberos keys failed: %s has no samAccountName",
- ldb_dn_linearize(mem_ctx, dn)));
- talloc_free(mem_ctx);
- return LDB_ERR_OPERATIONS_ERROR;
- }
- krb5_ret = krb5_make_principal(smb_krb5_context->krb5_context, &salt_principal, realm, samAccountName, NULL);
- }
-
-
- if (krb5_ret) {
- ldb_set_errstring(module->ldb,
- talloc_asprintf(mem_ctx, "password_hash_handle: "
- "generation of a saltking principal failed: %s",
- smb_get_krb5_error_message(smb_krb5_context->krb5_context,
- krb5_ret, mem_ctx)));
- talloc_free(mem_ctx);
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- /* TODO: We may wish to control the encryption types chosen in future */
- krb5_ret = hdb_generate_key_set_password(smb_krb5_context->krb5_context,
- salt_principal, sambaPassword, &keys, &num_keys);
- krb5_free_principal(smb_krb5_context->krb5_context, salt_principal);
-
- if (krb5_ret) {
- ldb_set_errstring(module->ldb,
- talloc_asprintf(mem_ctx, "password_hash_handle: "
- "generation of new kerberos keys failed: %s",
- smb_get_krb5_error_message(smb_krb5_context->krb5_context,
- krb5_ret, mem_ctx)));
- talloc_free(mem_ctx);
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- /* Walking all the key types generated, transform each
- * key into an ASN.1 blob
- */
- for (i=0; i < num_keys; i++) {
- unsigned char *buf;
- size_t buf_size;
- size_t len;
- struct ldb_val val;
-
- if (keys[i].key.keytype == ETYPE_ARCFOUR_HMAC_MD5) {
- /* We might end up doing this below:
- * This ensures we get the unicode
- * conversion right. This should also
- * be fixed in the Heimdal libs */
- continue;
- }
- ASN1_MALLOC_ENCODE(Key, buf, buf_size, &keys[i], &len, krb5_ret);
- if (krb5_ret) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- val.data = talloc_memdup(req, buf, len);
- val.length = len;
- free(buf);
- if (!val.data || krb5_ret) {
- hdb_free_keys (smb_krb5_context->krb5_context, num_keys, keys);
- talloc_free(mem_ctx);
- return LDB_ERR_OPERATIONS_ERROR;
- }
- ret = ldb_msg_add_value(modify_msg, "krb5Key", &val);
- if (ret != LDB_SUCCESS) {
- hdb_free_keys (smb_krb5_context->krb5_context, num_keys, keys);
- talloc_free(mem_ctx);
- return ret;
- }
- }
-
- hdb_free_keys (smb_krb5_context->krb5_context, num_keys, keys);
- }
-
- /* Possibly kill off the cleartext or store it */
- CHECK_RET(ldb_msg_add_empty(modify_msg, "sambaPassword", LDB_FLAG_MOD_REPLACE));
-
- if (sambaPassword && (pwdProperties & DOMAIN_PASSWORD_STORE_CLEARTEXT) &&
- (userAccountControl & UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED)) {
- CHECK_RET(ldb_msg_add_string(modify_msg, "sambaPassword", sambaPassword));
- }
-
- /* Even if we didn't get a sambaPassword, we can still setup
- * krb5Key from the NT hash.
- *
- * This is an append, so it works with the 'continue' in the
- * unicode loop above, to use Samba's NT hash function, which
- * is more correct than Heimdal's
- */
- if (ntPwdHash) {
- unsigned char *buf;
- size_t buf_size;
- size_t len;
- struct ldb_val val;
- Key key;
-
- key.mkvno = 0;
- key.salt = NULL; /* No salt for this enc type */
-
- krb5_ret = krb5_keyblock_init(smb_krb5_context->krb5_context,
- ETYPE_ARCFOUR_HMAC_MD5,
- ntPwdHash->hash, sizeof(ntPwdHash->hash),
- &key.key);
- if (krb5_ret) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
- ASN1_MALLOC_ENCODE(Key, buf, buf_size, &key, &len, krb5_ret);
- if (krb5_ret) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
- krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
- &key.key);
-
- val.data = talloc_memdup(req, buf, len);
- val.length = len;
- free(buf);
- if (!val.data || ret) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
- CHECK_RET(ldb_msg_add_value(modify_msg, "krb5Key", &val));
- }
-
- /* If the original caller did anything with pwdLastSet then skip this. It could be an incoming samsync */
- attribute = ldb_msg_find_element(msg, "pwdLastSet");
- if (attribute == NULL) {
- /* Update the password last set time */
- unix_to_nt_time(&now_nt, now);
- CHECK_RET(ldb_msg_add_empty(modify_msg, "pwdLastSet", LDB_FLAG_MOD_REPLACE));
- CHECK_RET(samdb_msg_add_uint64(module->ldb, mem_ctx, modify_msg, "pwdLastSet", now_nt));
- }
-
- /* If the original caller did anything with "msDS-KeyVersionNumber" then skip this. It could be an incoming samsync */
- attribute = ldb_msg_find_element(msg, "msDS-KeyVersionNumber");
- if (attribute == NULL) {
- if (kvno == 0) {
- CHECK_RET(ldb_msg_add_empty(modify_msg, "msDS-KeyVersionNumber",
- LDB_FLAG_MOD_REPLACE));
- CHECK_RET(samdb_msg_add_uint(module->ldb, mem_ctx, modify_msg, "msDS-KeyVersionNumber", kvno + 1));
- } else {
- /* While we should be in a transaction, go one extra
- * step in the dance for an 'atomic' increment. This
- * may be of value against remote LDAP servers. (Note
- * however that Mulitmaster replication stil offers no
- * such guarantee) */
-
- struct ldb_val old_kvno, new_kvno;
- old_kvno.data = (uint8_t *)talloc_asprintf(mem_ctx, "%u", kvno);
- if (!old_kvno.data) {
- return -1;
- }
- old_kvno.length = strlen((char *)old_kvno.data);
-
- new_kvno.data = (uint8_t *)talloc_asprintf(mem_ctx, "%u", kvno + 1);
- if (!new_kvno.data) {
- return -1;
- }
- new_kvno.length = strlen((char *)new_kvno.data);
-
- CHECK_RET(ldb_msg_add_empty(modify_msg, "msDS-KeyVersionNumber",
- LDB_FLAG_MOD_DELETE));
- CHECK_RET(ldb_msg_add_empty(modify_msg, "msDS-KeyVersionNumber",
- LDB_FLAG_MOD_ADD));
- modify_msg->elements[modify_msg->num_elements - 2].num_values = 1;
- modify_msg->elements[modify_msg->num_elements - 2].values = &old_kvno;
- modify_msg->elements[modify_msg->num_elements - 1].num_values = 1;
- modify_msg->elements[modify_msg->num_elements - 1].values = &new_kvno;
- }
- }
-
- CHECK_RET(ldb_msg_add_empty(modify_msg, "sambaLMPwdHistory",
- LDB_FLAG_MOD_REPLACE));
- CHECK_RET(ldb_msg_add_empty(modify_msg, "sambaNTPwdHistory",
- LDB_FLAG_MOD_REPLACE));
-
- /* If we have something to put into the history, or an old
- * history element to expire, update the history */
- if (pwdHistoryLength > 0 &&
- ((sambaNTPwdHistory_len > 0) || (sambaLMPwdHistory_len > 0)
- || lmOldHash || ntOldHash)) {
- /* store the password history */
- new_sambaLMPwdHistory = talloc_array(mem_ctx, struct samr_Password,
- pwdHistoryLength);
- if (!new_sambaLMPwdHistory) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
- new_sambaNTPwdHistory = talloc_array(mem_ctx, struct samr_Password,
- pwdHistoryLength);
- if (!new_sambaNTPwdHistory) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
- for (i=0;i<MIN(pwdHistoryLength-1, sambaLMPwdHistory_len);i++) {
- new_sambaLMPwdHistory[i+1] = sambaLMPwdHistory[i];
- }
- for (i=0;i<MIN(pwdHistoryLength-1, sambaNTPwdHistory_len);i++) {
- new_sambaNTPwdHistory[i+1] = sambaNTPwdHistory[i];
- }
-
- /* Don't store 'long' passwords in the LM history,
- but make sure to 'expire' one password off the other end */
- if (lmOldHash) {
- new_sambaLMPwdHistory[0] = *lmOldHash;
- } else {
- ZERO_STRUCT(new_sambaLMPwdHistory[0]);
- }
- sambaLMPwdHistory_len = MIN(sambaLMPwdHistory_len + 1, pwdHistoryLength);
-
- /* Likewise, we might not have an old NT password (lm
- * only password change function on previous change) */
- if (ntOldHash) {
- new_sambaNTPwdHistory[0] = *ntOldHash;
- } else {
- ZERO_STRUCT(new_sambaNTPwdHistory[0]);
- }
- sambaNTPwdHistory_len = MIN(sambaNTPwdHistory_len + 1, pwdHistoryLength);
-
- CHECK_RET(samdb_msg_add_hashes(mem_ctx, modify_msg,
- "sambaLMPwdHistory",
- new_sambaLMPwdHistory,
- sambaLMPwdHistory_len));
-
- CHECK_RET(samdb_msg_add_hashes(mem_ctx, modify_msg,
- "sambaNTPwdHistory",
- new_sambaNTPwdHistory,
- sambaNTPwdHistory_len));
- }
-
- /* Too much code above, we should check we got it close to reasonable */
- CHECK_RET(ldb_msg_sanity_check(modify_msg));
-
- modify_request = talloc(mem_ctx, struct ldb_request);
- if (!modify_request) {
- talloc_free(mem_ctx);
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- modify_request->operation = LDB_REQ_MODIFY;
- modify_request->op.mod.message = modify_msg;
- modify_request->controls = NULL;
-
- ret = ldb_next_request(module, modify_request);
-
- talloc_free(mem_ctx);
- return ret;
-}
-
-/* add_record: do things with the sambaPassword attribute */
-static int password_hash_add(struct ldb_module *module, struct ldb_request *req)
-{
- const struct ldb_message *msg = req->op.add.message;
-
- ldb_debug(module->ldb, LDB_DEBUG_TRACE, "password_hash_add_record\n");
-
- if (ldb_dn_is_special(msg->dn)) { /* do not manipulate our control entries */
- return ldb_next_request(module, req);
- }
-
- /* If no part of this touches the sambaPassword, then we don't
- * need to make any changes. For password changes/set there should
- * be a 'delete' or a 'modify' on this attribute. */
- if (ldb_msg_find_element(msg, "sambaPassword") == NULL ) {
- return ldb_next_request(module, req);
- }
-
- return password_hash_handle(module, req, msg);
-}
-
-/* modify_record: do things with the sambaPassword attribute */
-static int password_hash_modify(struct ldb_module *module, struct ldb_request *req)
-{
- const struct ldb_message *msg = req->op.mod.message;
-
- ldb_debug(module->ldb, LDB_DEBUG_TRACE, "password_hash_modify_record\n");
-
- if (ldb_dn_is_special(msg->dn)) { /* do not manipulate our control entries */
- return ldb_next_request(module, req);
- }
-
- /* If no part of this touches the sambaPassword, then we don't
- * need to make any changes. For password changes/set there should
- * be a 'delete' or a 'modify' on this attribute. */
- if (ldb_msg_find_element(msg, "sambaPassword") == NULL ) {
- return ldb_next_request(module, req);
- }
-
- return password_hash_handle(module, req, msg);
-}
-
-enum ph_type {PH_ADD, PH_MOD};
-enum ph_step {PH_ADD_SEARCH_DOM, PH_ADD_DO_ADD, PH_MOD_DO_REQ, PH_MOD_SEARCH_SELF, PH_MOD_SEARCH_DOM, PH_MOD_DO_MOD};
-
struct ph_async_context {
- enum ph_type type;
- enum ph_step step;
+ enum ph_type {PH_ADD, PH_MOD} type;
+ enum ph_step {PH_ADD_SEARCH_DOM, PH_ADD_DO_ADD, PH_MOD_DO_REQ, PH_MOD_SEARCH_SELF, PH_MOD_SEARCH_DOM, PH_MOD_DO_MOD} step;
struct ldb_module *module;
struct ldb_request *orig_req;
return data;
}
-static int password_hash_add_async(struct ldb_module *module, struct ldb_request *req)
+static int password_hash_add(struct ldb_module *module, struct ldb_request *req)
{
struct ldb_async_handle *h;
struct ph_async_context *ac;
struct dom_sid *domain_sid;
int ret;
- ldb_debug(module->ldb, LDB_DEBUG_TRACE, "password_hash_add_async\n");
+ ldb_debug(module->ldb, LDB_DEBUG_TRACE, "password_hash_add\n");
if (ldb_dn_is_special(req->op.add.message->dn)) { /* do not manipulate our control entries */
return ldb_next_request(module, req);
return ldb_next_request(module, ac->dom_req);
}
-static int password_hash_add_async_do_add(struct ldb_async_handle *h) {
+static int password_hash_add_do_add(struct ldb_async_handle *h) {
struct ph_async_context *ac;
struct domain_data *domain;
return ldb_next_request(ac->module, ac->down_req);
}
-static int password_hash_mod_async_search_self(struct ldb_async_handle *h);
+static int password_hash_mod_search_self(struct ldb_async_handle *h);
-static int password_hash_modify_async(struct ldb_module *module, struct ldb_request *req)
+static int password_hash_modify(struct ldb_module *module, struct ldb_request *req)
{
struct ldb_async_handle *h;
struct ph_async_context *ac;
struct ldb_message_element *ntAttr;
struct ldb_message_element *lmAttr;
- ldb_debug(module->ldb, LDB_DEBUG_TRACE, "password_hash_add_async\n");
+ ldb_debug(module->ldb, LDB_DEBUG_TRACE, "password_hash_modify\n");
if (ldb_dn_is_special(req->op.mod.message->dn)) { /* do not manipulate our control entries */
return ldb_next_request(module, req);
if (ac->down_req->op.mod.message->num_elements == 0) {
talloc_free(ac->down_req);
ac->down_req = NULL;
- return password_hash_mod_async_search_self(h);
+ return password_hash_mod_search_self(h);
}
ac->down_req->async.context = NULL;
return LDB_SUCCESS;
}
-static int password_hash_mod_async_search_self(struct ldb_async_handle *h) {
+static int password_hash_mod_search_self(struct ldb_async_handle *h) {
struct ph_async_context *ac;
return ldb_next_request(ac->module, ac->search_req);
}
-static int password_hash_mod_async_search_dom(struct ldb_async_handle *h) {
+static int password_hash_mod_search_dom(struct ldb_async_handle *h) {
struct ph_async_context *ac;
struct dom_sid *domain_sid;
return ldb_next_request(ac->module, ac->dom_req);
}
-static int password_hash_mod_async_do_mod(struct ldb_async_handle *h) {
+static int password_hash_mod_do_mod(struct ldb_async_handle *h) {
struct ph_async_context *ac;
struct domain_data *domain;
}
/* domain search done, go on */
- return password_hash_add_async_do_add(handle);
+ return password_hash_add_do_add(handle);
case PH_ADD_DO_ADD:
ret = ldb_async_wait(ac->down_req->async.handle, LDB_WAIT_NONE);
}
/* non-password mods done, go on */
- return password_hash_mod_async_search_self(handle);
+ return password_hash_mod_search_self(handle);
case PH_MOD_SEARCH_SELF:
ret = ldb_async_wait(ac->search_req->async.handle, LDB_WAIT_NONE);
}
/* self search done, go on */
- return password_hash_mod_async_search_dom(handle);
+ return password_hash_mod_search_dom(handle);
case PH_MOD_SEARCH_DOM:
ret = ldb_async_wait(ac->dom_req->async.handle, LDB_WAIT_NONE);
}
/* domain search done, go on */
- return password_hash_mod_async_do_mod(handle);
+ return password_hash_mod_do_mod(handle);
case PH_MOD_DO_MOD:
ret = ldb_async_wait(ac->mod_req->async.handle, LDB_WAIT_NONE);
}
}
-static int password_hash_request(struct ldb_module *module, struct ldb_request *req)
-{
- switch (req->operation) {
-
- case LDB_REQ_ADD:
- return password_hash_add(module, req);
-
- case LDB_REQ_MODIFY:
- return password_hash_modify(module, req);
-
- default:
- return ldb_next_request(module, req);
-
- }
-}
-
static const struct ldb_module_ops password_hash_ops = {
.name = "password_hash",
- .add = password_hash_add_async,
- .modify = password_hash_modify_async,
- .request = password_hash_request,
+ .add = password_hash_add,
+ .modify = password_hash_modify,
.async_wait = password_hash_async_wait
};
/*
handle search requests
*/
-static int rootdse_search_bytree(struct ldb_module *module, struct ldb_request *req)
-{
- struct ldb_search *s = &req->op.search;
- int ret;
- TALLOC_CTX *tmp_ctx;
-
- /* see if its for the rootDSE */
- if (s->scope != LDB_SCOPE_BASE ||
- (s->base && s->base->comp_num != 0)) {
- return ldb_next_request(module, req);
- }
-
- tmp_ctx = talloc_new(module);
-
- /* in our db we store the rootDSE with a DN of cn=rootDSE */
- s->base = ldb_dn_explode(tmp_ctx, "cn=rootDSE");
- s->tree = ldb_parse_tree(tmp_ctx, "dn=*");
- if (s->base == NULL || s->tree == NULL) {
- ldb_oom(module->ldb);
- talloc_free(tmp_ctx);
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- /* grab the static contents of the record */
- ret = ldb_next_request(module, req);
-
- req->op.search.res = s->res;
-
- if ((ret == LDB_SUCCESS) && (s->res->msgs != NULL)) {
- ret = rootdse_add_dynamic(module, s->res->msgs[0], s->attrs);
- }
-
- talloc_free(tmp_ctx);
-
- return ret;
-}
struct rootdse_async_context {
struct ldb_module *module;
return LDB_ERR_OPERATIONS_ERROR;
}
-static int rootdse_search_async(struct ldb_module *module, struct ldb_request *req)
+static int rootdse_search(struct ldb_module *module, struct ldb_request *req)
{
struct rootdse_async_context *ac;
struct ldb_request *down_req;
static int rootdse_request(struct ldb_module *module, struct ldb_request *req)
{
switch (req->operation) {
- case LDB_REQ_SEARCH:
- return rootdse_search_bytree(module, req);
case LDB_REQ_REGISTER:
return rootdse_register_control(module, req);
static const struct ldb_module_ops rootdse_ops = {
.name = "rootdse",
.init_context = rootdse_init,
- .search = rootdse_search_async,
+ .search = rootdse_search,
.request = rootdse_request
};
return LDB_ERR_OPERATIONS_ERROR;
}
+ /* remove objectclasses so that they will be added in the right order for MMC to be happy */
+ ldb_msg_remove_attr(msg, "objectclass");
+
if (samldb_find_attribute(msg, "objectclass", "computer") != NULL) {
+
ret = samldb_copy_template(module, msg2, "(&(CN=TemplateComputer)(objectclass=userTemplate))");
if (ret) {
ldb_debug(module->ldb, LDB_DEBUG_WARNING, "samldb_fill_user_or_computer_object: Error copying computer template!\n");
talloc_free(mem_ctx);
return ret;
}
+
+ /* readd user and then computer objectclasses */
+ if ( ! samldb_find_or_add_value(module, msg2, "objectclass", "user", "user")) {
+ talloc_free(mem_ctx);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+ if ( ! samldb_find_or_add_value(module, msg2, "objectclass", "computer", "computer")) {
+ talloc_free(mem_ctx);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
} else {
ret = samldb_copy_template(module, msg2, "(&(CN=TemplateUser)(objectclass=userTemplate))");
if (ret) {
talloc_free(mem_ctx);
return ret;
}
+ /* readd user objectclass */
+ if ( ! samldb_find_or_add_value(module, msg2, "objectclass", "user", "user")) {
+ talloc_free(mem_ctx);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
}
rdn = ldb_dn_get_rdn(msg2, msg2->dn);
return LDB_ERR_CONSTRAINT_VIOLATION;
}
- /* if the only attribute was: "objectclass: computer", then make sure we also add "user" objectclass */
- if ( ! samldb_find_or_add_value(module, msg2, "objectclass", "user", "user")) {
- talloc_free(mem_ctx);
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- /* meddle with objectclass */
-
if (ldb_msg_find_element(msg2, "samAccountName") == NULL) {
name = samldb_generate_samAccountName(module, mem_ctx);
if (!name) {
return ret;
}
-/* add_record */
-static int samldb_add(struct ldb_module *module, struct ldb_request *req)
-{
- struct ldb_message *msg = req->op.add.message;
- struct ldb_message *msg2 = NULL;
- int ret;
-
- ldb_debug(module->ldb, LDB_DEBUG_TRACE, "samldb_add_record\n");
-
-
- if (ldb_dn_is_special(msg->dn)) { /* do not manipulate our control entries */
- return ldb_next_request(module, req);
- }
-
- /* is user or computer? */
- if ((samldb_find_attribute(msg, "objectclass", "user") != NULL) ||
- (samldb_find_attribute(msg, "objectclass", "computer") != NULL)) {
- /* add all relevant missing objects */
- ret = samldb_fill_user_or_computer_object(module, msg, &msg2);
- if (ret) {
- return ret;
- }
- }
-
- /* is group? add all relevant missing objects */
- if ( ! msg2 ) {
- if (samldb_find_attribute(msg, "objectclass", "group") != NULL) {
- ret = samldb_fill_group_object(module, msg, &msg2);
- if (ret) {
- return ret;
- }
- }
- }
-
- /* perhaps a foreignSecurityPrincipal? */
- if ( ! msg2 ) {
- if (samldb_find_attribute(msg, "objectclass", "foreignSecurityPrincipal") != NULL) {
- ret = samldb_fill_foreignSecurityPrincipal_object(module, msg, &msg2);
- if (ret) {
- return ret;
- }
- }
- }
-
- if (msg2) {
- req->op.add.message = msg2;
- ret = ldb_next_request(module, req);
- req->op.add.message = msg;
- } else {
- ret = ldb_next_request(module, req);
- }
-
- return ret;
-}
-
/* add_record */
/*
* left SYNC for now until we think of a good solution.
*/
-static int samldb_add_async(struct ldb_module *module, struct ldb_request *req)
+static int samldb_add(struct ldb_module *module, struct ldb_request *req)
{
const struct ldb_message *msg = req->op.add.message;
struct ldb_message *msg2 = NULL;
return 0;
}
-static int samldb_request(struct ldb_module *module, struct ldb_request *req)
-{
- switch (req->operation) {
-
- case LDB_REQ_ADD:
- return samldb_add(module, req);
-
- default:
- return ldb_next_request(module, req);
-
- }
-}
-
static int samldb_init(struct ldb_module *module)
{
talloc_set_destructor(module, samldb_destructor);
static const struct ldb_module_ops samldb_ops = {
.name = "samldb",
.init_context = samldb_init,
- .add = samldb_add_async,
- .request = samldb_request
+ .add = samldb_add,
};
/*
start an ldb request
- autostarts a transacion if none active and the operation is not a search
- does not work for ASYNC operations
NOTE: the request must be a talloc context.
returns LDB_ERR_* on errors.
*/
int ldb_request(struct ldb_context *ldb, struct ldb_request *req)
{
struct ldb_module *module;
- int ret, started_transaction=0;
+ int ret;
ldb_reset_err_string(ldb);
- if (req->operation == LDB_REQ_SEARCH) {
- req->op.search.res = NULL;
- }
-
- /* start a transaction if SYNC and not search */
- if ((!ldb->transaction_active) &&
- (req->operation == LDB_REQ_ADD ||
- req->operation == LDB_REQ_MODIFY ||
- req->operation == LDB_REQ_DELETE ||
- req->operation == LDB_REQ_RENAME)) {
- ret = ldb_transaction_start(ldb);
- if (ret != LDB_SUCCESS) {
- return ret;
- }
- started_transaction = 1;
- }
-
/* call the first module in the chain */
switch (req->operation) {
case LDB_ASYNC_SEARCH:
break;
}
- if (started_transaction) {
- return ldb_op_finish(ldb, ret);
- }
-
return ret;
}
return ret;
}
+/* autostarts a transacion if none active */
static int ldb_autotransaction_request(struct ldb_context *ldb, struct ldb_request *req)
{
int ret, close_transaction;
# End MODULE ldb_operational
################################################
-################################################
-# Start MODULE ldb_objectclass
-[MODULE::ldb_objectclass]
-INIT_FUNCTION = ldb_objectclass_init
-SUBSYSTEM = ldb
-OBJ_FILES = \
- modules/objectclass.o
-# End MODULE ldb_objectclass
-################################################
+# ################################################
+# # Start MODULE ldb_objectclass
+# [MODULE::ldb_objectclass]
+# INIT_FUNCTION = ldb_objectclass_init
+# SUBSYSTEM = ldb
+# OBJ_FILES = \
+# modules/objectclass.o
+# # End MODULE ldb_objectclass
+# ################################################
################################################
# Start MODULE ldb_rdn_name
# End MODULE ldb_rdn_name
################################################
-################################################
-# Start MODULE ldb_schema
-[MODULE::ldb_schema]
-INIT_FUNCTION = ldb_schema_init
-SUBSYSTEM = ldb
-OBJ_FILES = \
- modules/schema.o
-# End MODULE ldb_schema
-################################################
+# ################################################
+# # Start MODULE ldb_schema
+# [MODULE::ldb_schema]
+# INIT_FUNCTION = ldb_schema_init
+# SUBSYSTEM = ldb
+# OBJ_FILES = \
+# modules/schema.o
+# # End MODULE ldb_schema
+# ################################################
################################################
# Start MODULE ldb_ildap
# End MODULE ldb_ildap
################################################
-################################################
-# Start MODULE ldb_map
-[SUBSYSTEM::ldb_map]
-PUBLIC_DEPENDENCIES = ldb
-OBJ_FILES = modules/ldb_map.o
-# End MODULE ldb_map
-################################################
+# ################################################
+# # Start MODULE ldb_map
+# [SUBSYSTEM::ldb_map]
+# PUBLIC_DEPENDENCIES = ldb
+# OBJ_FILES = modules/ldb_map.o
+# # End MODULE ldb_map
+# ################################################
################################################
# Start MODULE ldb_skel
};
enum ldb_request_type {
- LDB_REQ_SEARCH,
- LDB_REQ_ADD,
- LDB_REQ_MODIFY,
- LDB_REQ_DELETE,
- LDB_REQ_RENAME,
LDB_ASYNC_SEARCH,
LDB_ASYNC_ADD,
LDB_ASYNC_MODIFY,
return;
}
-static void ildb_async_callback(struct ldap_request *req)
+static void ildb_callback(struct ldap_request *req)
{
struct ldb_async_handle *handle = talloc_get_type(req->async.private_data, struct ldb_async_handle);
struct ildb_async_context *ac = talloc_get_type(handle->private_data, struct ildb_async_context);
ildb_ac->context = context;
ildb_ac->callback = callback;
- req->async.fn = ildb_async_callback;
+ req->async.fn = ildb_callback;
req->async.private_data = (void *)h;
talloc_free(req->time_event);
/*
search for matching records using an asynchronous function
*/
-static int ildb_search_async(struct ldb_module *module, struct ldb_request *req)
+static int ildb_search(struct ldb_module *module, struct ldb_request *req)
{
struct ildb_private *ildb = talloc_get_type(module->private_data, struct ildb_private);
struct ldap_message *msg;
return ildb_request_send(module, msg, req->async.context, req->async.callback, req->async.timeout, &(req->async.handle));
}
-static int ildb_search_sync_callback(struct ldb_context *ldb, void *context, struct ldb_async_result *ares)
-{
- struct ldb_result *res;
- int n;
-
- if (!context) {
- ldb_set_errstring(ldb, talloc_asprintf(ldb, "NULL Context in callback"));
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- res = *((struct ldb_result **)context);
-
- if (!res || !ares) {
- goto error;
- }
-
- if (ares->type == LDB_REPLY_ENTRY) {
- res->msgs = talloc_realloc(res, res->msgs, struct ldb_message *, res->count + 2);
- if (! res->msgs) {
- goto error;
- }
-
- res->msgs[res->count + 1] = NULL;
-
- res->msgs[res->count] = talloc_steal(res->msgs, ares->message);
- if (! res->msgs[res->count]) {
- goto error;
- }
-
- res->count++;
- }
-
- if (ares->type == LDB_REPLY_REFERRAL) {
- if (res->refs) {
- for (n = 0; res->refs[n]; n++) /*noop*/ ;
- } else {
- n = 0;
- }
-
- res->refs = talloc_realloc(res, res->refs, char *, n + 2);
- if (! res->refs) {
- goto error;
- }
-
- res->refs[n] = talloc_steal(res->refs, ares->referral);
- res->refs[n + 1] = NULL;
- }
-
- if (ares->controls) {
- res->controls = talloc_steal(res, ares->controls);
- if (! res->controls) {
- goto error;
- }
- }
-
- talloc_free(ares);
- return LDB_SUCCESS;
-
-error:
- talloc_free(ares);
- talloc_free(res);
- *((struct ldb_result **)context) = NULL;
- return LDB_ERR_OPERATIONS_ERROR;
-}
-
-/*
- search for matching records using a synchronous function
- */
-static int ildb_search_bytree(struct ldb_module *module, const struct ldb_dn *base,
- enum ldb_scope scope, struct ldb_parse_tree *tree,
- const char * const *attrs,
- struct ldb_control **control_req,
- struct ldb_result **res)
-{
- struct ildb_private *ildb = talloc_get_type(module->private_data, struct ildb_private);
- struct ldb_request *req;
- int ret;
-
- *res = talloc_zero(ildb, struct ldb_result);
- if (! *res) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- req = talloc_zero(ildb, struct ldb_request);
- if (! req) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- req->operation = LDB_ASYNC_SEARCH;
- req->op.search.base = base;
- req->op.search.scope = scope;
- req->op.search.tree = tree;
- req->op.search.attrs = attrs;
- req->controls = control_req;
- req->async.context = (void *)res;
- req->async.callback = ildb_search_sync_callback;
- req->async.timeout = ildb->ldap->timeout;
-
- ret = ildb_search_async(module, req);
-
- if (ret == LDB_SUCCESS) {
- ret = ldb_async_wait(req->async.handle, LDB_WAIT_ALL);
- talloc_free(req);
- }
-
- if (ret != LDB_SUCCESS) {
- talloc_free(*res);
- }
-
- return ret;
-}
-
/*
add a record
*/
-static int ildb_add_async(struct ldb_module *module, struct ldb_request *req)
+static int ildb_add(struct ldb_module *module, struct ldb_request *req)
{
struct ildb_private *ildb = talloc_get_type(module->private_data, struct ildb_private);
struct ldap_message *msg;
return ildb_request_send(module, msg, req->async.context, req->async.callback, req->async.timeout, &(req->async.handle));
}
-static int ildb_add(struct ldb_module *module, const struct ldb_message *msg)
-{
- struct ildb_private *ildb = talloc_get_type(module->private_data, struct ildb_private);
- struct ldb_request *req;
- int ret;
-
- req = talloc_zero(ildb, struct ldb_request);
- if (! req) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- req->operation = LDB_ASYNC_ADD;
- req->op.add.message = msg;
- req->controls = NULL;
- req->async.context = NULL;
- req->async.callback = NULL;
- req->async.timeout = ildb->ldap->timeout;
-
- ret = ildb_add_async(module, req);
-
- if (ret != LDB_SUCCESS) {
- talloc_free(req);
- return ret;
- }
-
- ret = ldb_async_wait(req->async.handle, LDB_WAIT_ALL);
-
- talloc_free(req);
- return ret;
-}
-
/*
modify a record
*/
-static int ildb_modify_async(struct ldb_module *module, struct ldb_request *req)
+static int ildb_modify(struct ldb_module *module, struct ldb_request *req)
{
struct ildb_private *ildb = talloc_get_type(module->private_data, struct ildb_private);
struct ldap_message *msg;
&(req->async.handle));
}
-static int ildb_modify(struct ldb_module *module, const struct ldb_message *msg)
-{
- struct ildb_private *ildb = talloc_get_type(module->private_data, struct ildb_private);
- struct ldb_request *req;
- int ret;
-
- req = talloc_zero(ildb, struct ldb_request);
- if (! req) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- req->operation = LDB_ASYNC_MODIFY;
- req->op.mod.message = msg;
- req->controls = NULL;
- req->async.context = NULL;
- req->async.callback = NULL;
- req->async.timeout = ildb->ldap->timeout;
-
- ret = ildb_modify_async(module, req);
-
- if (ret != LDB_SUCCESS) {
- talloc_free(req);
- return ret;
- }
-
- ret = ldb_async_wait(req->async.handle, LDB_WAIT_ALL);
-
- talloc_free(req);
- return ret;
-}
-
/*
delete a record
*/
-static int ildb_delete_async(struct ldb_module *module, struct ldb_request *req)
+static int ildb_delete(struct ldb_module *module, struct ldb_request *req)
{
struct ildb_private *ildb = talloc_get_type(module->private_data, struct ildb_private);
struct ldap_message *msg;
&(req->async.handle));
}
-static int ildb_delete(struct ldb_module *module, const struct ldb_dn *dn)
-{
- struct ildb_private *ildb = talloc_get_type(module->private_data, struct ildb_private);
- struct ldb_request *req;
- int ret;
-
- req = talloc_zero(ildb, struct ldb_request);
- if (! req) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- req->operation = LDB_ASYNC_DELETE;
- req->op.del.dn = dn;
- req->controls = NULL;
- req->async.context = NULL;
- req->async.callback = NULL;
- req->async.timeout = ildb->ldap->timeout;
-
- ret = ildb_delete_async(module, req);
-
- if (ret != LDB_SUCCESS) {
- talloc_free(req);
- return ret;
- }
-
- ret = ldb_async_wait(req->async.handle, LDB_WAIT_ALL);
-
- talloc_free(req);
- return ret;
-}
-
/*
rename a record
*/
-static int ildb_rename_async(struct ldb_module *module, struct ldb_request *req)
+static int ildb_rename(struct ldb_module *module, struct ldb_request *req)
{
struct ildb_private *ildb = talloc_get_type(module->private_data, struct ildb_private);
struct ldap_message *msg;
&(req->async.handle));
}
-static int ildb_rename(struct ldb_module *module, const struct ldb_dn *olddn, const struct ldb_dn *newdn)
-{
- struct ildb_private *ildb = talloc_get_type(module->private_data, struct ildb_private);
- struct ldb_request *req;
- int ret;
-
- req = talloc_zero(ildb, struct ldb_request);
- if (! req) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- req->operation = LDB_ASYNC_RENAME;
- req->op.rename.olddn = olddn;
- req->op.rename.newdn = newdn;
- req->controls = NULL;
- req->async.context = NULL;
- req->async.callback = NULL;
- req->async.timeout = ildb->ldap->timeout;
-
- ret = ildb_rename_async(module, req);
-
- if (ret != LDB_SUCCESS) {
- talloc_free(req);
- return ret;
- }
-
- ret = ldb_async_wait(req->async.handle, LDB_WAIT_ALL);
-
- talloc_free(req);
- return ret;
-}
-
static int ildb_start_trans(struct ldb_module *module)
{
/* TODO implement a local locking mechanism here */
- return 0;
+ return LDB_SUCCESS;
}
static int ildb_end_trans(struct ldb_module *module)
{
/* TODO implement a local transaction mechanism here */
- return 0;
+ return LDB_SUCCESS;
}
static int ildb_del_trans(struct ldb_module *module)
{
/* TODO implement a local locking mechanism here */
- return 0;
+ return LDB_SUCCESS;
}
static int ildb_request(struct ldb_module *module, struct ldb_request *req)
{
- switch (req->operation) {
-
- case LDB_REQ_SEARCH:
- return ildb_search_bytree(module,
- req->op.search.base,
- req->op.search.scope,
- req->op.search.tree,
- req->op.search.attrs,
- req->controls,
- &req->op.search.res);
-
- case LDB_REQ_ADD:
- return ildb_add(module, req->op.add.message);
-
- case LDB_REQ_MODIFY:
- return ildb_modify(module, req->op.mod.message);
-
- case LDB_REQ_DELETE:
- return ildb_delete(module, req->op.del.dn);
-
- case LDB_REQ_RENAME:
- return ildb_rename(module,
- req->op.rename.olddn,
- req->op.rename.newdn);
-
- default:
- return -1;
-
- }
+ return LDB_ERR_OPERATIONS_ERROR;
}
static int ildb_async_wait(struct ldb_async_handle *handle, enum ldb_async_wait_type type)
return LDB_SUCCESS;
}
+static int ildb_rootdse_callback(struct ldb_context *ldb, void *context, struct ldb_async_result *ares)
+{
+ struct ildb_private *ildb;
+
+ if (!context || !ares) {
+ ldb_set_errstring(ldb, talloc_asprintf(ldb, "NULL Context or Result in callback"));
+ goto error;
+ }
+
+ ildb = talloc_get_type(context, struct ildb_private);
+
+ if (ildb->rootDSE != NULL) {
+ /* what ? more than one rootdse entry ?! */
+ goto error;
+ }
+
+ /* we are interested only in the single reply (rootdse) we receive here */
+ if (ares->type == LDB_REPLY_ENTRY) {
+ ildb->rootDSE = talloc_steal(ildb, ares->message);
+ }
+
+ talloc_free(ares);
+ return LDB_SUCCESS;
+
+error:
+ talloc_free(ares);
+ return LDB_ERR_OPERATIONS_ERROR;
+}
+
/*
fetch the rootDSE for later use
*/
static int ildb_init(struct ldb_module *module)
{
struct ildb_private *ildb = talloc_get_type(module->private_data, struct ildb_private);
- struct ldb_result *res = NULL;
- struct ldb_dn *empty_dn = ldb_dn_new(ildb);
+ struct ldb_request *req;
int ret;
- ret = ildb_search_bytree(module, empty_dn, LDB_SCOPE_BASE,
- ldb_parse_tree(empty_dn, "dn=dc=rootDSE"),
- NULL, NULL, &res);
- if (ret == LDB_SUCCESS && res->count == 1) {
- ildb->rootDSE = talloc_steal(ildb, res->msgs[0]);
+
+ req = talloc(ildb, struct ldb_request);
+ if (req == NULL) {
+ return LDB_ERR_OPERATIONS_ERROR;
}
- if (ret == LDB_SUCCESS) talloc_free(res);
- talloc_free(empty_dn);
- return LDB_SUCCESS;
+ ildb->rootDSE = NULL;
+
+ req->operation = LDB_ASYNC_SEARCH;
+ req->op.search.base = ldb_dn_new(req);
+ req->op.search.scope = LDB_SCOPE_BASE;
+ req->op.search.tree = ldb_parse_tree(req, "dn=dc=rootDSE");
+ req->op.search.attrs = NULL;
+ req->controls = NULL;
+ req->async.context = ildb;
+ req->async.callback = ildb_rootdse_callback;
+ req->async.timeout = 60;
+
+ ret = ildb_search(module, req);
+ if (ret != LDB_SUCCESS) {
+ talloc_free(req);
+ return ret;
+ }
+
+ ret = ildb_async_wait(req->async.handle, LDB_WAIT_ALL);
+
+ talloc_free(req);
+ return ret;
}
static const struct ldb_module_ops ildb_ops = {
.name = "ldap",
- .search = ildb_search_async,
- .add = ildb_add_async,
- .modify = ildb_modify_async,
- .del = ildb_delete_async,
- .rename = ildb_rename_async,
+ .search = ildb_search,
+ .add = ildb_add,
+ .modify = ildb_modify,
+ .del = ildb_delete,
+ .rename = ildb_rename,
.request = ildb_request,
.start_transaction = ildb_start_trans,
.end_transaction = ildb_end_trans,
/*
search for matching records
*/
-static int lldb_search_async(struct ldb_module *module, struct ldb_request *req)
+static int lldb_search(struct ldb_module *module, struct ldb_request *req)
{
struct lldb_private *lldb = talloc_get_type(module->private_data, struct lldb_private);
struct lldb_async_context *lldb_ac;
return lldb_ldap_to_ldb(ret);
}
-static int lldb_search_sync_callback(struct ldb_context *ldb, void *context, struct ldb_async_result *ares)
-{
- struct ldb_result *res;
- int n;
-
- if (!context) {
- ldb_set_errstring(ldb, talloc_asprintf(ldb, "NULL Context in callback"));
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- res = *((struct ldb_result **)context);
-
- if (!res || !ares) {
- goto error;
- }
-
- if (ares->type == LDB_REPLY_ENTRY) {
- res->msgs = talloc_realloc(res, res->msgs, struct ldb_message *, res->count + 2);
- if (! res->msgs) {
- goto error;
- }
-
- res->msgs[res->count + 1] = NULL;
-
- res->msgs[res->count] = talloc_steal(res->msgs, ares->message);
- if (! res->msgs[res->count]) {
- goto error;
- }
-
- res->count++;
- }
-
- if (ares->type == LDB_REPLY_REFERRAL) {
- if (res->refs) {
- for (n = 0; res->refs[n]; n++) /*noop*/ ;
- } else {
- n = 0;
- }
-
- res->refs = talloc_realloc(res, res->refs, char *, n + 2);
- if (! res->refs) {
- goto error;
- }
-
- res->refs[n] = talloc_steal(res->refs, ares->referral);
- res->refs[n + 1] = NULL;
- }
-
- if (ares->type == LDB_REPLY_DONE) {
- if (ares->controls) {
- res->controls = talloc_steal(res, ares->controls);
- if (! res->controls) {
- goto error;
- }
- }
- }
-
- talloc_free(ares);
- return LDB_SUCCESS;
-
-error:
- talloc_free(ares);
- talloc_free(res);
- *((struct ldb_result **)context) = NULL;
- return LDB_ERR_OPERATIONS_ERROR;
-}
-
-/*
- search for matching records using a synchronous function
- */
-static int lldb_search_bytree(struct ldb_module *module, const struct ldb_dn *base,
- enum ldb_scope scope, struct ldb_parse_tree *tree,
- const char * const *attrs,
- struct ldb_control **control_req,
- struct ldb_result **res)
-{
- struct lldb_private *lldb = talloc_get_type(module->private_data, struct lldb_private);
- struct ldb_request *req;
- int ret;
-
- *res = talloc_zero(lldb, struct ldb_result);
- if (! *res) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- req = talloc_zero(lldb, struct ldb_request);
- if (! req) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- req->operation = LDB_ASYNC_SEARCH;
- req->op.search.base = base;
- req->op.search.scope = scope;
- req->op.search.tree = tree;
- req->op.search.attrs = attrs;
- req->controls = control_req;
- req->async.context = (void *)res;
- req->async.callback = lldb_search_sync_callback;
- req->async.timeout = lldb->timeout;
-
- ret = lldb_search_async(module, req);
-
- if (ret == LDB_SUCCESS) {
- ret = ldb_async_wait(req->async.handle, LDB_WAIT_ALL);
- talloc_free(req);
- }
-
- if (ret != LDB_SUCCESS) {
- talloc_free(*res);
- }
-
- return ret;
-}
-
/*
add a record
*/
-static int lldb_add_async(struct ldb_module *module, struct ldb_request *req)
+static int lldb_add(struct ldb_module *module, struct ldb_request *req)
{
struct lldb_private *lldb = talloc_get_type(module->private_data, struct lldb_private);
struct lldb_async_context *lldb_ac;
return lldb_ldap_to_ldb(ret);
}
-static int lldb_add(struct ldb_module *module, const struct ldb_message *msg)
-{
- struct lldb_private *lldb = talloc_get_type(module->private_data, struct lldb_private);
- struct ldb_request *req;
- int ret;
-
- req = talloc_zero(lldb, struct ldb_request);
- if (! req) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- req->operation = LDB_ASYNC_ADD;
- req->op.add.message = msg;
- req->controls = NULL;
- req->async.context = NULL;
- req->async.callback = NULL;
- req->async.timeout = lldb->timeout;
-
- ret = lldb_add_async(module, req);
-
- if (ret != LDB_SUCCESS) {
- talloc_free(req);
- return ret;
- }
-
- ret = ldb_async_wait(req->async.handle, LDB_WAIT_ALL);
-
- talloc_free(req);
- return ret;
-}
-
-
/*
modify a record
*/
-static int lldb_modify_async(struct ldb_module *module, struct ldb_request *req)
+static int lldb_modify(struct ldb_module *module, struct ldb_request *req)
{
struct lldb_private *lldb = talloc_get_type(module->private_data, struct lldb_private);
struct lldb_async_context *lldb_ac;
return lldb_ldap_to_ldb(ret);
}
-static int lldb_modify(struct ldb_module *module, const struct ldb_message *msg)
-{
- struct lldb_private *lldb = talloc_get_type(module->private_data, struct lldb_private);
- struct ldb_request *req;
- int ret;
-
- req = talloc_zero(lldb, struct ldb_request);
- if (! req) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- req->operation = LDB_ASYNC_MODIFY;
- req->op.mod.message = msg;
- req->controls = NULL;
- req->async.context = NULL;
- req->async.callback = NULL;
- req->async.timeout = lldb->timeout;
-
- ret = lldb_modify_async(module, req);
-
- if (ret != LDB_SUCCESS) {
- talloc_free(req);
- return ret;
- }
-
- ret = ldb_async_wait(req->async.handle, LDB_WAIT_ALL);
-
- talloc_free(req);
- return ret;
-}
-
/*
delete a record
*/
-static int lldb_delete_async(struct ldb_module *module, struct ldb_request *req)
+static int lldb_delete(struct ldb_module *module, struct ldb_request *req)
{
struct lldb_private *lldb = talloc_get_type(module->private_data, struct lldb_private);
struct lldb_async_context *lldb_ac;
return lldb_ldap_to_ldb(ret);
}
-static int lldb_delete(struct ldb_module *module, const struct ldb_dn *dn)
-{
- struct lldb_private *lldb = talloc_get_type(module->private_data, struct lldb_private);
- struct ldb_request *req;
- int ret;
-
- req = talloc_zero(lldb, struct ldb_request);
- if (! req) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- req->operation = LDB_ASYNC_DELETE;
- req->op.del.dn = dn;
- req->controls = NULL;
- req->async.context = NULL;
- req->async.callback = NULL;
- req->async.timeout = lldb->timeout;
-
- ret = lldb_delete_async(module, req);
-
- if (ret != LDB_SUCCESS) {
- talloc_free(req);
- return ret;
- }
-
- ret = ldb_async_wait(req->async.handle, LDB_WAIT_ALL);
-
- talloc_free(req);
- return ret;
-}
-
/*
rename a record
*/
-static int lldb_rename_async(struct ldb_module *module, struct ldb_request *req)
+static int lldb_rename(struct ldb_module *module, struct ldb_request *req)
{
struct lldb_private *lldb = talloc_get_type(module->private_data, struct lldb_private);
struct lldb_async_context *lldb_ac;
return lldb_ldap_to_ldb(ret);
}
-static int lldb_rename(struct ldb_module *module, const struct ldb_dn *olddn, const struct ldb_dn *newdn)
-{
- struct lldb_private *lldb = talloc_get_type(module->private_data, struct lldb_private);
- struct ldb_request *req;
- int ret;
-
- req = talloc_zero(lldb, struct ldb_request);
- if (! req) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- req->operation = LDB_ASYNC_RENAME;
- req->op.rename.olddn = olddn;
- req->op.rename.newdn = newdn;
- req->controls = NULL;
- req->async.context = NULL;
- req->async.callback = NULL;
- req->async.timeout = lldb->timeout;
-
- ret = lldb_rename_async(module, req);
-
- if (ret != LDB_SUCCESS) {
- talloc_free(req);
- return ret;
- }
-
- ret = ldb_async_wait(req->async.handle, LDB_WAIT_ALL);
-
- talloc_free(req);
- return ret;
-}
-
static int lldb_parse_result(struct ldb_async_handle *handle, LDAPMessage *result)
{
struct lldb_async_context *ac = talloc_get_type(handle->private_data, struct lldb_async_context);
{
/* TODO implement a local transaction mechanism here */
- return 0;
+ return LDB_SUCCESS;
}
static int lldb_end_trans(struct ldb_module *module)
{
/* TODO implement a local transaction mechanism here */
- return 0;
+ return LDB_SUCCESS;
}
static int lldb_del_trans(struct ldb_module *module)
{
/* TODO implement a local transaction mechanism here */
- return 0;
+ return LDB_SUCCESS;
}
static int lldb_request(struct ldb_module *module, struct ldb_request *req)
{
- switch (req->operation) {
-
- case LDB_REQ_SEARCH:
- return lldb_search_bytree(module,
- req->op.search.base,
- req->op.search.scope,
- req->op.search.tree,
- req->op.search.attrs,
- req->controls,
- &req->op.search.res);
-
- case LDB_REQ_ADD:
- return lldb_add(module, req->op.add.message);
-
- case LDB_REQ_MODIFY:
- return lldb_modify(module, req->op.mod.message);
-
- case LDB_REQ_DELETE:
- return lldb_delete(module, req->op.del.dn);
-
- case LDB_REQ_RENAME:
- return lldb_rename(module,
- req->op.rename.olddn,
- req->op.rename.newdn);
-
- default:
- return -1;
-
- }
+ return LDB_ERR_OPERATIONS_ERROR;
}
static const struct ldb_module_ops lldb_ops = {
.name = "ldap",
- .search = lldb_search_async,
- .add = lldb_add_async,
- .modify = lldb_modify_async,
- .del = lldb_delete_async,
- .rename = lldb_rename_async,
+ .search = lldb_search,
+ .add = lldb_add,
+ .modify = lldb_modify,
+ .del = lldb_delete,
+ .rename = lldb_rename,
.request = lldb_request,
.start_transaction = lldb_start_trans,
.end_transaction = lldb_end_trans,
return LDB_SUCCESS;
}
-static int ltdb_search_sync_callback(struct ldb_context *ldb, void *context, struct ldb_async_result *ares)
-{
- struct ldb_result *res = NULL;
-
- if (!context) {
- ldb_set_errstring(ldb, talloc_strdup(ldb, "NULL Context in callback"));
- goto error;
- }
-
- res = *((struct ldb_result **)context);
-
- if (!res || !ares) {
- goto error;
- }
-
- if (ares->type == LDB_REPLY_ENTRY) {
- res->msgs = talloc_realloc(res, res->msgs, struct ldb_message *, res->count + 2);
- if (! res->msgs) {
- goto error;
- }
-
- res->msgs[res->count + 1] = NULL;
-
- res->msgs[res->count] = talloc_steal(res->msgs, ares->message);
- if (! res->msgs[res->count]) {
- goto error;
- }
-
- res->count++;
- } else {
- ldb_debug(ldb, LDB_DEBUG_ERROR, "unrecognized async reply in ltdb_search_sync_callback!\n");
- goto error;
- }
-
- talloc_free(ares);
- return LDB_SUCCESS;
-
-error:
- if (ares) talloc_free(ares);
- if (res) talloc_free(res);
- if (context) *((struct ldb_result **)context) = NULL;
- return LDB_ERR_OPERATIONS_ERROR;
-}
-
-int ltdb_search_async(struct ldb_module *module, struct ldb_request *req)
+/*
+ search the database with a LDAP-like expression.
+ choses a search method
+*/
+int ltdb_search(struct ldb_module *module, struct ldb_request *req)
{
struct ltdb_private *ltdb = talloc_get_type(module->private_data, struct ltdb_private);
struct ltdb_async_context *ltdb_ac;
return LDB_SUCCESS;
}
-/*
- search the database with a LDAP-like expression.
- choses a search method
-*/
-int ltdb_search_bytree(struct ldb_module *module, const struct ldb_dn *base,
- enum ldb_scope scope, struct ldb_parse_tree *tree,
- const char * const attrs[], struct ldb_result **res)
-{
- struct ldb_request *req;
- int ret;
-
- *res = talloc_zero(module, struct ldb_result);
- if (! *res) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- req = talloc_zero(module, struct ldb_request);
- if (! req) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- req->operation = LDB_ASYNC_SEARCH;
- req->op.search.base = base;
- req->op.search.scope = scope;
- req->op.search.tree = tree;
- req->op.search.attrs = attrs;
- req->controls = NULL;
- req->async.context = (void *)res;
- req->async.callback = ltdb_search_sync_callback;
-
- ret = ltdb_search_async(module, req);
-
- if (ret == LDB_SUCCESS) {
- ret = ldb_async_wait(req->async.handle, LDB_WAIT_ALL);
- talloc_free(req);
- }
-
- if (ret != LDB_SUCCESS) {
- talloc_free(*res);
- }
-
- return ret;
-}
-
-
}
+static int ltdb_add_internal(struct ldb_module *module, struct ldb_message *msg)
+{
+ int ret;
+
+ ret = ltdb_check_special_dn(module, msg);
+ if (ret != LDB_SUCCESS) {
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ if (ltdb_cache_load(module) != 0) {
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ ret = ltdb_store(module, msg, TDB_INSERT);
+
+ if (ret != LDB_SUCCESS) {
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ ltdb_modified(module, msg->dn);
+
+ return LDB_SUCCESS;
+}
+
/*
add a record to the database
*/
-static int ltdb_add_async(struct ldb_module *module, struct ldb_request *req)
+static int ltdb_add(struct ldb_module *module, struct ldb_request *req)
{
struct ltdb_private *ltdb = talloc_get_type(module->private_data, struct ltdb_private);
struct ltdb_async_context *ltdb_ac;
int tret, ret = LDB_SUCCESS;
+ if (req->controls != NULL) {
+ ldb_debug(module->ldb, LDB_DEBUG_WARNING, "Controls should not reach the ldb_tdb backend!\n");
+ if (check_critical_controls(req->controls)) {
+ return LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION;
+ }
+ }
+
req->async.handle = init_ltdb_handle(ltdb, module, req->async.context, req->async.callback);
if (req->async.handle == NULL) {
return LDB_ERR_OPERATIONS_ERROR;
}
ltdb_ac = talloc_get_type(req->async.handle->private_data, struct ltdb_async_context);
- tret = ltdb_check_special_dn(module, req->op.add.message);
+ tret = ltdb_add_internal(module, req->op.add.message);
if (tret != LDB_SUCCESS) {
req->async.handle->status = tret;
goto done;
}
- if (ltdb_cache_load(module) != 0) {
- ret = LDB_ERR_OTHER;
- goto done;
- }
-
- tret = ltdb_store(module, req->op.add.message, TDB_INSERT);
-
- if (tret != LDB_SUCCESS) {
- req->async.handle->status = tret;
- goto done;
- }
-
- ltdb_modified(module, req->op.add.message->dn);
-
if (ltdb_ac->callback) {
ret = ltdb_ac->callback(module->ldb, ltdb_ac->context, NULL);
}
return ret;
}
-static int ltdb_add(struct ldb_module *module, const struct ldb_message *msg)
-{
- struct ldb_request *req;
- int ret;
-
- req = talloc_zero(module, struct ldb_request);
- if (! req) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- req->operation = LDB_ASYNC_ADD;
- req->op.add.message = msg;
- req->controls = NULL;
- req->async.context = NULL;
- req->async.callback = NULL;
-
- ret = ltdb_add_async(module, req);
-
- if (ret != LDB_SUCCESS) {
- talloc_free(req);
- return ret;
- }
-
- ret = ldb_async_wait(req->async.handle, LDB_WAIT_ALL);
-
- talloc_free(req);
- return ret;
-}
-
/*
delete a record from the database, not updating indexes (used for deleting
index records)
return ret;
}
+static int ltdb_delete_internal(struct ldb_module *module, struct ldb_dn *dn)
+{
+ struct ldb_message *msg;
+ int ret;
+
+ msg = talloc(module, struct ldb_message);
+ if (msg == NULL) {
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ /* in case any attribute of the message was indexed, we need
+ to fetch the old record */
+ ret = ltdb_search_dn1(module, dn, msg);
+ if (ret != 1) {
+ /* not finding the old record is an error */
+ talloc_free(msg);
+ return LDB_ERR_NO_SUCH_OBJECT;
+ }
+
+ ret = ltdb_delete_noindex(module, dn);
+ if (ret != LDB_SUCCESS) {
+ talloc_free(msg);
+ return LDB_ERR_NO_SUCH_OBJECT;
+ }
+
+ /* remove any indexed attributes */
+ ret = ltdb_index_del(module, msg);
+ if (ret != LDB_SUCCESS) {
+ talloc_free(msg);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+ ltdb_modified(module, dn);
+
+ talloc_free(msg);
+ return LDB_SUCCESS;
+}
+
/*
delete a record from the database
*/
-static int ltdb_delete_async(struct ldb_module *module, struct ldb_request *req)
+static int ltdb_delete(struct ldb_module *module, struct ldb_request *req)
{
struct ltdb_private *ltdb = talloc_get_type(module->private_data, struct ltdb_private);
struct ltdb_async_context *ltdb_ac;
- struct ldb_message *msg;
int tret, ret = LDB_SUCCESS;
+ if (req->controls != NULL) {
+ ldb_debug(module->ldb, LDB_DEBUG_WARNING, "Controls should not reach the ldb_tdb backend!\n");
+ if (check_critical_controls(req->controls)) {
+ return LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION;
+ }
+ }
+
req->async.handle = NULL;
if (ltdb_cache_load(module) != 0) {
}
ltdb_ac = talloc_get_type(req->async.handle->private_data, struct ltdb_async_context);
- msg = talloc(ltdb_ac, struct ldb_message);
- if (msg == NULL) {
- ret = LDB_ERR_OPERATIONS_ERROR;
- goto done;
- }
-
- /* in case any attribute of the message was indexed, we need
- to fetch the old record */
- tret = ltdb_search_dn1(module, req->op.del.dn, msg);
- if (tret != 1) {
- /* not finding the old record is an error */
- req->async.handle->status = LDB_ERR_NO_SUCH_OBJECT;
- goto done;
- }
-
- tret = ltdb_delete_noindex(module, req->op.del.dn);
- if (tret != LDB_SUCCESS) {
- req->async.handle->status = LDB_ERR_NO_SUCH_OBJECT;
- goto done;
- }
-
- /* remove any indexed attributes */
- tret = ltdb_index_del(module, msg);
+ tret = ltdb_delete_internal(module, req->op.del.dn);
if (tret != LDB_SUCCESS) {
- req->async.handle->status = LDB_ERR_NO_SUCH_OBJECT;
+ req->async.handle->status = tret;
goto done;
}
- ltdb_modified(module, req->op.del.dn);
if (ltdb_ac->callback)
ret = ltdb_ac->callback(module->ldb, ltdb_ac->context, NULL);
return ret;
}
-static int ltdb_delete(struct ldb_module *module, const struct ldb_dn *dn)
-{
- struct ldb_request *req;
- int ret;
-
- req = talloc_zero(module, struct ldb_request);
- if (! req) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- req->operation = LDB_ASYNC_DELETE;
- req->op.del.dn = dn;
- req->controls = NULL;
- req->async.context = NULL;
- req->async.callback = NULL;
-
- ret = ltdb_delete_async(module, req);
-
- if (ret != LDB_SUCCESS) {
- talloc_free(req);
- return ret;
- }
-
- ret = ldb_async_wait(req->async.handle, LDB_WAIT_ALL);
-
- talloc_free(req);
- return ret;
-}
-
-
/*
find an element by attribute name. At the moment this does a linear search, it should
be re-coded to use a binary search once all places that modify records guarantee
/*
modify a record
*/
-static int ltdb_modify_async(struct ldb_module *module, struct ldb_request *req)
+static int ltdb_modify(struct ldb_module *module, struct ldb_request *req)
{
struct ltdb_private *ltdb = talloc_get_type(module->private_data, struct ltdb_private);
struct ltdb_async_context *ltdb_ac;
int tret, ret = LDB_SUCCESS;
+ if (req->controls != NULL) {
+ ldb_debug(module->ldb, LDB_DEBUG_WARNING, "Controls should not reach the ldb_tdb backend!\n");
+ if (check_critical_controls(req->controls)) {
+ return LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION;
+ }
+ }
+
req->async.handle = NULL;
req->async.handle = init_ltdb_handle(ltdb, module, req->async.context, req->async.callback);
return ret;
}
-static int ltdb_modify(struct ldb_module *module, const struct ldb_message *msg)
-{
- struct ldb_request *req;
- int ret;
-
- req = talloc_zero(module, struct ldb_request);
- if (! req) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- req->operation = LDB_ASYNC_MODIFY;
- req->op.mod.message = msg;
- req->controls = NULL;
- req->async.context = NULL;
- req->async.callback = NULL;
-
- ret = ltdb_modify_async(module, req);
-
- if (ret != LDB_SUCCESS) {
- talloc_free(req);
- return ret;
- }
-
- ret = ldb_async_wait(req->async.handle, LDB_WAIT_ALL);
-
- talloc_free(req);
- return ret;
-}
-
/*
rename a record
*/
-static int ltdb_rename_async(struct ldb_module *module, struct ldb_request *req)
+static int ltdb_rename(struct ldb_module *module, struct ldb_request *req)
{
struct ltdb_private *ltdb = talloc_get_type(module->private_data, struct ltdb_private);
struct ltdb_async_context *ltdb_ac;
struct ldb_message *msg;
int tret, ret = LDB_SUCCESS;
+ if (req->controls != NULL) {
+ ldb_debug(module->ldb, LDB_DEBUG_WARNING, "Controls should not reach the ldb_tdb backend!\n");
+ if (check_critical_controls(req->controls)) {
+ return LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION;
+ }
+ }
+
req->async.handle = NULL;
if (ltdb_cache_load(module) != 0) {
goto done;
}
- tret = ltdb_add(module, msg);
+ tret = ltdb_add_internal(module, msg);
if (tret != LDB_SUCCESS) {
ret = LDB_ERR_OPERATIONS_ERROR;
goto done;
}
- tret = ltdb_delete(module, req->op.rename.olddn);
+ tret = ltdb_delete_internal(module, req->op.rename.olddn);
if (tret != LDB_SUCCESS) {
- ltdb_delete(module, req->op.rename.newdn);
+ ltdb_delete_internal(module, req->op.rename.newdn);
ret = LDB_ERR_OPERATIONS_ERROR;
goto done;
}
return ret;
}
-static int ltdb_rename(struct ldb_module *module, const struct ldb_dn *olddn, const struct ldb_dn *newdn)
-{
- struct ldb_request *req;
- int ret;
-
- req = talloc_zero(module, struct ldb_request);
- if (! req) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- req->operation = LDB_ASYNC_RENAME;
- req->op.rename.olddn = olddn;
- req->op.rename.newdn = newdn;
- req->controls = NULL;
- req->async.context = NULL;
- req->async.callback = NULL;
-
- ret = ltdb_rename_async(module, req);
-
- if (ret != LDB_SUCCESS) {
- talloc_free(req);
- return ret;
- }
-
- ret = ldb_async_wait(req->async.handle, LDB_WAIT_ALL);
-
- talloc_free(req);
- return ret;
-}
-
static int ltdb_start_trans(struct ldb_module *module)
{
struct ltdb_private *ltdb = module->private_data;
static int ltdb_request(struct ldb_module *module, struct ldb_request *req)
{
/* check for oustanding critical controls and return an error if found */
-
if (req->controls != NULL) {
ldb_debug(module->ldb, LDB_DEBUG_WARNING, "Controls should not reach the ldb_tdb backend!\n");
- }
-
- if (check_critical_controls(req->controls)) {
- return LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION;
+ if (check_critical_controls(req->controls)) {
+ return LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION;
+ }
}
- switch (req->operation) {
-
- case LDB_REQ_SEARCH:
- return ltdb_search_bytree(module,
- req->op.search.base,
- req->op.search.scope,
- req->op.search.tree,
- req->op.search.attrs,
- &req->op.search.res);
-
- case LDB_REQ_ADD:
- return ltdb_add(module, req->op.add.message);
-
- case LDB_REQ_MODIFY:
- return ltdb_modify(module, req->op.mod.message);
-
- case LDB_REQ_DELETE:
- return ltdb_delete(module, req->op.del.dn);
-
- case LDB_REQ_RENAME:
- return ltdb_rename(module,
- req->op.rename.olddn,
- req->op.rename.newdn);
-
- default:
- return LDB_ERR_OPERATIONS_ERROR;
-
- }
+ /* search, add, modify, delete, rename are handled by their own, no other op supported */
+ return LDB_ERR_OPERATIONS_ERROR;
}
/*
static const struct ldb_module_ops ltdb_ops = {
.name = "tdb",
- .search = ltdb_search_async,
- .add = ltdb_add_async,
- .modify = ltdb_modify_async,
- .del = ltdb_delete_async,
- .rename = ltdb_rename_async,
+ .search = ltdb_search,
+ .add = ltdb_add,
+ .modify = ltdb_modify,
+ .del = ltdb_delete,
+ .rename = ltdb_rename,
.request = ltdb_request,
.start_transaction = ltdb_start_trans,
.end_transaction = ltdb_end_trans,
unsigned int *count,
struct ldb_message ***res);
int ltdb_filter_attrs(struct ldb_message *msg, const char * const *attrs);
-int ltdb_search_async(struct ldb_module *module, struct ldb_request *req);
-int ltdb_search_bytree(struct ldb_module *module, const struct ldb_dn *base,
- enum ldb_scope scope, struct ldb_parse_tree *tree,
- const char * const attrs[], struct ldb_result **res);
-
+int ltdb_search(struct ldb_module *module, struct ldb_request *req);
/* The following definitions come from lib/ldb/ldb_tdb/ldb_tdb.c */
struct ldb_async_handle *init_ltdb_handle(struct ltdb_private *ltdb, struct ldb_module *module,
#define ASQ_CTRL_UNWILLING_TO_PERFORM 53
#define ASQ_CTRL_AFFECTS_MULTIPLE_DSA 71
-static int build_response(struct ldb_result *res, int result)
-{
- struct ldb_asq_control *asq;
- int i;
-
- if (res->controls) {
- for (i = 0; res->controls[i]; i++);
- res->controls = talloc_realloc(res, res->controls, struct ldb_control *, i + 2);
- } else {
- i = 0;
- res->controls = talloc_array(res, struct ldb_control *, 2);
- }
- if (res->controls == NULL)
- return LDB_ERR_OPERATIONS_ERROR;
-
- res->controls[i] = talloc(res->controls, struct ldb_control);
- if (res->controls[i] == NULL)
- return LDB_ERR_OPERATIONS_ERROR;
-
- res->controls[i]->oid = LDB_CONTROL_ASQ_OID;
- res->controls[i]->critical = 0;
-
- asq = talloc_zero(res->controls[i], struct ldb_asq_control);
- if (asq == NULL)
- return LDB_ERR_OPERATIONS_ERROR;
-
- asq->result = result;
-
- res->controls[i]->data = asq;
-
- res->controls[i + 1] = NULL;
-
- return LDB_SUCCESS;
-}
-
-/* search */
-static int asq_search_sync(struct ldb_module *module, struct ldb_control *control, struct ldb_request *req)
-{
- struct ldb_asq_control *asq_ctrl;
- struct ldb_request *base_req;
- struct ldb_message_element *el;
- struct ldb_result *res;
- char **base_attrs;
- int i, c, ret;
-
- /* pre-allocate a clean result structure */
- req->op.search.res = res = talloc_zero(req, struct ldb_result);
- if (res == NULL)
- return LDB_ERR_OPERATIONS_ERROR;
-
- /* check the search is well formed */
- if (req->op.search.scope != LDB_SCOPE_BASE) {
- return build_response(res, ASQ_CTRL_UNWILLING_TO_PERFORM);
- }
-
- asq_ctrl = talloc_get_type(control->data, struct ldb_asq_control);
- if (!asq_ctrl) {
- return LDB_ERR_PROTOCOL_ERROR;
- }
-
- /* get the object to retrieve the DNs to search */
- base_req = talloc_zero(req, struct ldb_request);
- if (base_req == NULL)
- return LDB_ERR_OPERATIONS_ERROR;
- base_req->operation = LDB_REQ_SEARCH;
- base_req->op.search.base = req->op.search.base;
- base_req->op.search.scope = LDB_SCOPE_BASE;
- base_req->op.search.tree = req->op.search.tree;
- base_attrs = talloc_array(base_req, char *, 2);
- if (base_attrs == NULL)
- return LDB_ERR_OPERATIONS_ERROR;
- base_attrs[0] = talloc_strdup(base_attrs, asq_ctrl->source_attribute);
- if (base_attrs[0] == NULL)
- return LDB_ERR_OPERATIONS_ERROR;
- base_attrs[1] = NULL;
- base_req->op.search.attrs = (const char * const *)base_attrs;
-
- ret = ldb_request(module->ldb, base_req);
-
- if (ret != LDB_SUCCESS) {
- talloc_free(base_req);
- return ret;
- }
-
- if (base_req->op.search.res->count == 0) {
- talloc_free(base_req);
- return build_response(res, ASQ_CTRL_SUCCESS);
- }
-
- /* look up the DNs */
- el = ldb_msg_find_element(base_req->op.search.res->msgs[0],
- asq_ctrl->source_attribute);
- /* no values found */
- if (el == NULL) {
- talloc_free(base_req);
- return build_response(res, ASQ_CTRL_SUCCESS);
- }
-
- for (i = 0, c = 0; i < el->num_values; i++) {
- struct ldb_request *exp_req;
-
- exp_req = talloc_zero(req, struct ldb_request);
- if (exp_req == NULL)
- return LDB_ERR_OPERATIONS_ERROR;
- exp_req->operation = LDB_REQ_SEARCH;
- exp_req->op.search.base = ldb_dn_explode(exp_req, (const char *)el->values[i].data);
- if (exp_req->op.search.base == NULL) {
- return build_response(res, ASQ_CTRL_INVALID_ATTRIBUTE_SYNTAX);
- }
- exp_req->op.search.scope = LDB_SCOPE_BASE;
- exp_req->op.search.tree = req->op.search.tree;
- exp_req->op.search.attrs = req->op.search.attrs;
-
- ret = ldb_request(module->ldb, exp_req);
-
- if (ret != LDB_SUCCESS)
- return ret;
-
- if (exp_req->op.search.res && exp_req->op.search.res->count != 0) {
- if (res->msgs == NULL) {
- res->msgs = talloc_array(res,
- struct ldb_message *, 2);
- } else {
- res->msgs = talloc_realloc(res, res->msgs,
- struct ldb_message *, c + 2);
- }
- if (res->msgs == NULL)
- return LDB_ERR_OPERATIONS_ERROR;
-
- res->msgs[c] = talloc_steal(res->msgs, exp_req->op.search.res->msgs[0]);
- c++;
- }
-
- if (res->msgs) {
- res->msgs[c] = NULL;
- res->count = c;
- }
-
- talloc_free(exp_req);
- }
-
- talloc_free(base_req);
-
- return build_response(res, ASQ_CTRL_SUCCESS);
-}
-
struct asq_async_context {
enum {ASQ_SEARCH_BASE, ASQ_SEARCH_MULTI} step;
}
}
-static int asq(struct ldb_module *module, struct ldb_request *req)
-{
- struct ldb_control *control;
-
- /* check if there's a paged request control */
- control = get_control_from_list(req->controls, LDB_CONTROL_ASQ_OID);
- if (control == NULL) {
- /* not found go on */
- return ldb_next_request(module, req);
- }
-
- switch (req->operation) {
-
- case LDB_REQ_SEARCH:
- return asq_search_sync(module, control, req);
-
- default:
- return LDB_ERR_PROTOCOL_ERROR;
-
- }
-}
-
static int asq_init(struct ldb_module *module)
{
struct ldb_request request;
static const struct ldb_module_ops asq_ops = {
.name = "asq",
.search = asq_search,
- .request = asq,
.async_wait = asq_async_wait,
.init_context = asq_init
};
return -1;
}
-/*
- hook search operations
-*/
-static int operational_search_bytree(struct ldb_module *module, struct ldb_request *req)
-{
- int i, r, a;
- int ret;
- const char * const *attrs = req->op.search.attrs;
- const char **search_attrs = NULL;
-
- req->op.search.res = NULL;
-
- /* replace any attributes in the parse tree that are
- searchable, but are stored using a different name in the
- backend */
- for (i=0;i<ARRAY_SIZE(parse_tree_sub);i++) {
- ldb_parse_tree_attr_replace(req->op.search.tree,
- parse_tree_sub[i].attr,
- parse_tree_sub[i].replace);
- }
-
- /* in the list of attributes we are looking for, rename any
- attributes to the alias for any hidden attributes that can
- be fetched directly using non-hidden names */
- for (a=0;attrs && attrs[a];a++) {
- for (i=0;i<ARRAY_SIZE(search_sub);i++) {
- if (ldb_attr_cmp(attrs[a], search_sub[i].attr) == 0 &&
- search_sub[i].replace) {
- if (!search_attrs) {
- search_attrs = ldb_attr_list_copy(req, attrs);
- if (search_attrs == NULL) {
- goto failed;
- }
- }
- search_attrs[a] = search_sub[i].replace;
- }
- }
- }
-
- /* use new set of attrs if any */
- if (search_attrs) req->op.search.attrs = search_attrs;
- /* perform the search */
- ret = ldb_next_request(module, req);
- /* set back saved attrs if needed */
- if (search_attrs) req->op.search.attrs = attrs;
-
- /* check operation result */
- if (ret != LDB_SUCCESS) {
- return ret;
- }
-
- /* for each record returned post-process to add any derived
- attributes that have been asked for */
- for (r = 0; r < req->op.search.res->count; r++) {
- if (operational_search_post_process(module, req->op.search.res->msgs[r], attrs) != 0) {
- goto failed;
- }
- }
-
- /* all done */
- talloc_free(search_attrs);
- return ret;
-
-failed:
- talloc_free(search_attrs);
- talloc_free(req->op.search.res);
- ldb_oom(module->ldb);
- return LDB_ERR_OTHER;
-}
-
/*
add a time element to a record
*/
}
-/*
- hook add record ops
-*/
-static int operational_add_sync(struct ldb_module *module, struct ldb_request *req)
-{
- const struct ldb_message *msg = req->op.add.message;
- time_t t = time(NULL);
- struct ldb_message *msg2;
- int ret;
-
- if (ldb_dn_is_special(msg->dn)) {
- return ldb_next_request(module, req);
- }
-
- /* we have to copy the message as the caller might have it as a const */
- msg2 = ldb_msg_copy_shallow(module, msg);
- if (msg2 == NULL) {
- return -1;
- }
- if (add_time_element(msg2, "whenCreated", t) != 0 ||
- add_time_element(msg2, "whenChanged", t) != 0) {
- talloc_free(msg2);
- return -1;
- }
-
- /* see if the backend can give us the USN */
- if (module->ldb->sequence_number != NULL) {
- uint64_t seq_num = module->ldb->sequence_number(module->ldb);
- if (add_uint64_element(msg2, "uSNCreated", seq_num) != 0 ||
- add_uint64_element(msg2, "uSNChanged", seq_num) != 0) {
- talloc_free(msg2);
- return -1;
- }
- }
-
- /* use the new structure for the call chain below this point */
- req->op.add.message = msg2;
- /* go on with the call chain */
- ret = ldb_next_request(module, req);
- /* put back saved message */
- req->op.add.message = msg;
- /* free temproary compy */
- talloc_free(msg2);
- return ret;
-}
-
-/*
- hook modify record ops
-*/
-static int operational_modify_sync(struct ldb_module *module, struct ldb_request *req)
-{
- const struct ldb_message *msg = req->op.mod.message;
- time_t t = time(NULL);
- struct ldb_message *msg2;
- int ret;
-
- if (ldb_dn_is_special(msg->dn)) {
- return ldb_next_request(module, req);
- }
-
- /* we have to copy the message as the caller might have it as a const */
- msg2 = ldb_msg_copy_shallow(module, msg);
- if (msg2 == NULL) {
- return -1;
- }
- if (add_time_element(msg2, "whenChanged", t) != 0) {
- talloc_free(msg2);
- return -1;
- }
-
- /* update the records USN if possible */
- if (module->ldb->sequence_number != NULL &&
- add_uint64_element(msg2, "uSNChanged",
- module->ldb->sequence_number(module->ldb)) != 0) {
- talloc_free(msg2);
- return -1;
- }
-
- /* use the new structure for the call chain below this point */
- req->op.mod.message = msg2;
- /* go on with the call chain */
- ret = ldb_next_request(module, req);
- /* put back saved message */
- req->op.mod.message = msg;
- /* free temproary compy */
- talloc_free(msg2);
- return ret;
-}
-
/*
hook search operations
*/
return ret;
}
-
-static int operational_request(struct ldb_module *module, struct ldb_request *req)
-{
- switch (req->operation) {
-
- case LDB_REQ_SEARCH:
- return operational_search_bytree(module, req);
-
- case LDB_REQ_ADD:
- return operational_add_sync(module, req);
-
- case LDB_REQ_MODIFY:
- return operational_modify_sync(module, req);
-
- default:
- return ldb_next_request(module, req);
-
- }
-}
-
static int operational_init(struct ldb_module *ctx)
{
/* setup some standard attribute handlers */
.search = operational_search,
.add = operational_add,
.modify = operational_modify,
- .request = operational_request,
.init_context = operational_init
};
return new;
}
-/* search */
-static int paged_search_sync(struct ldb_module *module, struct ldb_control *control, struct ldb_request *req)
-{
- struct private_data *private_data = talloc_get_type(module->private_data, struct private_data);
- struct results_store *current = NULL;
- struct ldb_result *paged_result;
- struct ldb_control **saved_controls;
- struct ldb_paged_control *paged_ctrl;
- struct ldb_paged_control *paged_ret;
- int i, ret;
-
- paged_ctrl = talloc_get_type(control->data, struct ldb_paged_control);
- if (!paged_ctrl) {
- return LDB_ERR_PROTOCOL_ERROR;
- }
-
- /* check if it is a continuation search the store */
- if (paged_ctrl->cookie_len != 0) {
- for (current = private_data->store; current; current = current->next) {
- if (strcmp(current->cookie, paged_ctrl->cookie) == 0) {
- current->timestamp = time(NULL);
- break;
- }
- }
- if (current == NULL) {
- return LDB_ERR_UNWILLING_TO_PERFORM;
- }
- }
-
- /* is this a brand new paged request ? */
- if (current == NULL) {
-
- /* save controls list and remove this one from the list */
- if (!save_controls(control, req, &saved_controls)) {
- return LDB_ERR_OTHER;
- }
-
- /* perform the search */
- ret = ldb_next_request(module, req);
-
- /* restore original controls list */
- if (req->controls) talloc_free(req->controls);
- req->controls = saved_controls;
-
- if (ret != LDB_SUCCESS) {
- return ret;
- }
-
- /* create a new entry in the cache */
- current = new_store(private_data);
- if (!current) {
- return LDB_ERR_OTHER;
- }
-
- /* steal the search result */
- current->result = talloc_steal(current, req->op.search.res);
- req->op.search.res = NULL;
- }
-
- /* create a container for the next batch of results */
- paged_result = talloc(current, struct ldb_result);
- if (!paged_result) {
- return LDB_ERR_OTHER;
- }
- paged_result->count = 0;
- paged_result->msgs = NULL;
- paged_result->controls = NULL;
-
- /* check if it is an abandon */
- if (paged_ctrl->size == 0) {
- req->op.search.res = talloc_steal(private_data, paged_result);
- talloc_free(current);
- return LDB_SUCCESS;
- }
-
- /* return a batch of results */
-
- paged_result->controls = talloc_array(paged_result, struct ldb_control *, 2);
- if (!paged_result->controls) {
- talloc_free(paged_result);
- return LDB_ERR_OTHER;
- }
-
- paged_result->controls[0] = talloc(paged_result->controls, struct ldb_control);
- if (!paged_result->controls[0]) {
- talloc_free(paged_result);
- return LDB_ERR_OTHER;
- }
- paged_result->controls[0]->oid = talloc_strdup(paged_result->controls[0], LDB_CONTROL_PAGED_RESULTS_OID);
- paged_result->controls[0]->critical = 0;
- paged_result->controls[1] = NULL;
-
- paged_ret = talloc(paged_result->controls[0], struct ldb_paged_control);
- if (!paged_ret) {
- talloc_free(paged_result);
- return LDB_ERR_OTHER;
- }
- paged_result->controls[0]->data = paged_ret;
-
- if (paged_ctrl->size >= current->result->count) {
- paged_ret->size = 0;
- paged_ret->cookie = NULL;
- paged_ret->cookie_len = 0;
- paged_result->count = current->result->count;
- current->result->count = 0;
- } else {
- paged_ret->size = current->result->count;
- paged_ret->cookie = talloc_strdup(paged_ret, current->cookie);
- paged_ret->cookie_len = strlen(paged_ret->cookie) + 1;
- paged_result->count = paged_ctrl->size;
- current->result->count -= paged_ctrl->size;
- }
-
- paged_result->msgs = talloc_array(paged_result, struct ldb_message *, paged_result->count + 1);
- if (!paged_result->msgs) {
- talloc_free(paged_result);
- return LDB_ERR_OTHER;
- }
- for (i = 0; i < paged_result->count; i++) {
- paged_result->msgs[i] = talloc_steal(paged_result->msgs, current->result->msgs[current->num_sent + i]);
- }
- current->num_sent += paged_result->count;
- paged_result->msgs[paged_result->count] = NULL;
-
- req->op.search.res = paged_result;
-
- return LDB_SUCCESS;
-}
-
struct paged_async_context {
struct ldb_module *module;
void *up_context;
return ret;
}
-static int paged_request(struct ldb_module *module, struct ldb_request *req)
-{
- struct ldb_control *control;
-
- /* check if there's a paged request control */
- control = get_control_from_list(req->controls, LDB_CONTROL_PAGED_RESULTS_OID);
- if (control == NULL) {
- /* not found go on */
- return ldb_next_request(module, req);
- }
-
- switch (req->operation) {
-
- case LDB_REQ_SEARCH:
- return paged_search_sync(module, control, req);
-
- default:
- return LDB_ERR_PROTOCOL_ERROR;
-
- }
-}
-
static int paged_request_init(struct ldb_module *module)
{
struct private_data *data;
static const struct ldb_module_ops paged_ops = {
.name = "paged_results",
.search = paged_search,
- .request = paged_request,
.async_wait = paged_async_wait,
.init_context = paged_request_init
};
return NULL;
}
-static int rdn_name_add_sync(struct ldb_module *module, struct ldb_request *req)
-{
- const struct ldb_message *msg = req->op.add.message;
- struct ldb_message *msg2;
- struct ldb_message_element *attribute;
- struct ldb_dn_component *rdn;
- int i, ret;
-
- ldb_debug(module->ldb, LDB_DEBUG_TRACE, "rdn_name_add_record\n");
-
- /* do not manipulate our control entries */
- if (ldb_dn_is_special(msg->dn)) {
- return ldb_next_request(module, req);
- }
-
- msg2 = talloc(module, struct ldb_message);
- if (!msg2) {
- return -1;
- }
-
- msg2->dn = msg->dn;
- msg2->num_elements = msg->num_elements;
- msg2->private_data = msg->private_data;
- msg2->elements = talloc_array(msg2, struct ldb_message_element, msg2->num_elements);
- for (i = 0; i < msg2->num_elements; i++) {
- msg2->elements[i] = msg->elements[i];
- }
-
- rdn = ldb_dn_get_rdn(msg2, msg2->dn);
- if (!rdn) {
- talloc_free(msg2);
- return -1;
- }
-
- /* Perhaps someone above us tried to set this? */
- if ((attribute = rdn_name_find_attribute(msg, "name")) != NULL ) {
- attribute->num_values = 0;
- }
-
- if (ldb_msg_add_value(msg2, "name", &rdn->value) != 0) {
- talloc_free(msg2);
- return -1;
- }
-
- attribute = rdn_name_find_attribute(msg2, rdn->name);
-
- if (!attribute) {
- if (ldb_msg_add_value(msg2, rdn->name, &rdn->value) != 0) {
- talloc_free(msg2);
- return -1;
- }
- } else {
- const struct ldb_attrib_handler *handler
- = ldb_attrib_handler(module->ldb, rdn->name);
- for (i=0; i < attribute->num_values; i++) {
- if (handler->comparison_fn(module->ldb, msg2, &rdn->value, &attribute->values[i]) == 0) {
- /* overwrite so it matches in case */
- attribute->values[i] = rdn->value;
- break;
- }
- }
- if (i == attribute->num_values) {
- ldb_debug_set(module->ldb, LDB_DEBUG_FATAL,
- "RDN mismatch on %s: %s",
- ldb_dn_linearize(msg2, msg2->dn), rdn->name);
- talloc_free(msg2);
- return -1;
- }
- }
-
- req->op.add.message = msg2;
- ret = ldb_next_request(module, req);
- req->op.add.message = msg;
-
- talloc_free(msg2);
-
- return ret;
-}
-
static int rdn_name_add(struct ldb_module *module, struct ldb_request *req)
{
struct ldb_request *down_req;
}
}
-static int rdn_name_request(struct ldb_module *module, struct ldb_request *req)
-{
- switch (req->operation) {
-
- case LDB_REQ_ADD:
- return rdn_name_add_sync(module, req);
-
- default:
- return ldb_next_request(module, req);
-
- }
-}
-
static const struct ldb_module_ops rdn_name_ops = {
.name = "rdn_name",
.add = rdn_name_add,
.rename = rdn_name_rename,
- .request = rdn_name_request,
.async_wait = rdn_name_async_wait
};
return ac->h->comparison_fn(ac->module->ldb, ac, &el1->values[0], &el2->values[0]);
}
-/* search */
-static int server_sort_search(struct ldb_module *module, struct ldb_control *control, struct ldb_request *req)
-{
- struct ldb_result *sort_result = NULL;
- struct ldb_control **saved_controls;
- struct ldb_server_sort_control **sort_ctrls;
- int ret, result = 0;
- int do_sort = 1;
-
- sort_ctrls = talloc_get_type(control->data, struct ldb_server_sort_control *);
- if (!sort_ctrls) {
- return LDB_ERR_PROTOCOL_ERROR;
- }
-
- /* FIXME: we do not support more than one attribute for sorting right now */
- /* FIXME: we need to check if the attribute type exist or return an error */
- if (sort_ctrls[1] != NULL)
- do_sort = 0;
-
- if (!do_sort && control->critical) {
- sort_result = talloc_zero(req, struct ldb_result);
- if (!sort_result)
- return LDB_ERR_OPERATIONS_ERROR;
-
- req->op.search.res = sort_result;
-
- /* 53 = unwilling to perform */
- if ((ret = build_response(sort_result, &sort_result->controls, 53, "sort control is not complete yet")) != LDB_SUCCESS) {
- return ret;
- }
-
- return LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION;
- }
-
- /* save it locally and remove it from the list */
- if (!save_controls(control, req, &saved_controls)) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- ret = ldb_next_request(module, req);
-
- if (req->controls) talloc_free(req->controls);
- req->controls = saved_controls;
-
- if (ret != LDB_SUCCESS) {
- return ret;
- }
-
- sort_result = req->op.search.res;
-
- /* SORT HERE */
- if (do_sort) {
- struct opaque *data;
-
- data = talloc(module, struct opaque);
- if (!data)
- return LDB_ERR_OPERATIONS_ERROR;
-
- data->attribute = sort_ctrls[0]->attributeName;
- data->reverse = sort_ctrls[0]->reverse;
- data->ldb = module->ldb;
- data->h = ldb_attrib_handler(data->ldb, data->attribute);
- data->result = 0;
-
- ldb_qsort(sort_result->msgs,
- sort_result->count,
- sizeof(struct ldb_message *),
- data,
- (ldb_qsort_cmp_fn_t)sort_compare);
-
- result = data->result;
-
- talloc_free(data);
- } else {
- result = 53;
- }
-
- if ((ret = build_response(sort_result, &sort_result->controls, result, "sort control is not complete yet")) != LDB_SUCCESS) {
- return ret;
- }
-
- return LDB_SUCCESS;
-}
-
-static int server_sort_search_async_callback(struct ldb_context *ldb, void *context, struct ldb_async_result *ares)
+static int server_sort_search_callback(struct ldb_context *ldb, void *context, struct ldb_async_result *ares)
{
struct sort_async_context *ac = NULL;
return LDB_ERR_OPERATIONS_ERROR;
}
-static int server_sort_search_async(struct ldb_module *module, struct ldb_request *req)
+static int server_sort_search(struct ldb_module *module, struct ldb_request *req)
{
struct ldb_control *control;
struct ldb_server_sort_control **sort_ctrls;
}
ac->req->async.context = ac;
- ac->req->async.callback = server_sort_search_async_callback;
+ ac->req->async.callback = server_sort_search_callback;
ac->req->async.timeout = req->async.timeout;
req->async.handle = h;
return ldb_next_request(module, ac->req);
}
-static int server_sort_async_results(struct ldb_async_handle *handle)
+static int server_sort_results(struct ldb_async_handle *handle)
{
struct sort_async_context *ac;
struct ldb_async_result *ares;
}
if (handle->state == LDB_ASYNC_DONE) {
- ret = server_sort_async_results(handle);
+ ret = server_sort_results(handle);
}
return ret;
}
-static int server_sort(struct ldb_module *module, struct ldb_request *req)
-{
- struct ldb_control *control;
-
- /* check if there's a paged request control */
- control = get_control_from_list(req->controls, LDB_CONTROL_SERVER_SORT_OID);
- if (control == NULL) {
- /* not found go on */
- return ldb_next_request(module, req);
- }
-
- switch (req->operation) {
-
- case LDB_REQ_SEARCH:
- return server_sort_search(module, control, req);
-
- default:
- return LDB_ERR_PROTOCOL_ERROR;
-
- }
-}
-
static int server_sort_init(struct ldb_module *module)
{
struct ldb_request *req;
static const struct ldb_module_ops server_sort_ops = {
.name = "server_sort",
- .search = server_sort_search_async,
- .request = server_sort,
+ .search = server_sort_search,
.async_wait = server_sort_async_wait,
.init_context = server_sort_init
};
char *error = NULL;
switch (req->operation) {
- case LDB_REQ_ADD:
case LDB_ASYNC_ADD:
msg = req->op.add.message;
break;
- case LDB_REQ_MODIFY:
case LDB_ASYNC_MODIFY:
msg = req->op.mod.message;
break;
return LDB_ERR_OTHER;
}
-static int wins_ldb_request(struct ldb_module *module, struct ldb_request *req)
-{
- switch (req->operation) {
- case LDB_REQ_ADD:
- case LDB_REQ_MODIFY:
- return wins_ldb_verify(module, req);
- default:
- return ldb_next_request(module, req);
- }
-}
-
-
static int wins_ldb_init(struct ldb_module *ctx)
{
struct winsdb_handle *h;
.name = "wins_ldb",
.add = wins_ldb_verify,
.modify = wins_ldb_verify,
- .request = wins_ldb_request,
.init_context = wins_ldb_init
};
# - samldb must be before password_hash, because password_hash checks that the objectclass is of type person (filled in by samldb)
dn: @MODULES
-@LIST: rootdse,kludge_acl,paged_results,server_sort,extended_dn,asq,samldb,password_hash,operational,objectguid,rdn_name,objectclass
+@LIST: rootdse,kludge_acl,paged_results,server_sort,extended_dn,asq,samldb,password_hash,operational,objectguid,rdn_name
git.samba.org / jelmer / samba4-debian.git / commitdiff