#include "../lib/util/dlinklist.h"
#include "auth/credentials/credentials.h"
#include "auth/gensec/gensec.h"
+#include "auth/gensec/gensec_internal.h" /* TODO: remove this */
#include "param/param.h"
#include "smbd/service_stream.h"
#include "dsdb/samdb/samdb.h"
}
*errstring = talloc_asprintf(mem_ctx, "%08X: %s", W_ERROR_V(err),
- ldb_strerror(ldb_err));
- if (add_err_string != NULL) {
- *errstring = talloc_asprintf(mem_ctx, "%s - %s", *errstring,
- add_err_string);
- }
-
+ add_err_string != NULL ? add_err_string : ldb_strerror(ldb_err));
+
/* result is 1:1 for now */
return ldb_err;
}
if (conn->server_credentials) {
char **sasl_mechs = NULL;
- struct gensec_security_ops **backends = gensec_security_all();
- struct gensec_security_ops **ops
+ const struct gensec_security_ops * const *backends = gensec_security_all();
+ const struct gensec_security_ops **ops
= gensec_use_kerberos_mechs(conn, backends, conn->server_credentials);
unsigned int i, j = 0;
for (i = 0; ops && ops[i]; i++) {
ldb_set_opaque(conn->ldb, "supportedSASLMechanisms", sasl_mechs);
}
+ ldb_set_opaque(conn->ldb, "remoteAddress",
+ conn->connection->remote_address);
+
return NT_STATUS_OK;
}
void ldapsrv_queue_reply(struct ldapsrv_call *call, struct ldapsrv_reply *reply)
{
- DLIST_ADD_END(call->replies, reply, struct ldapsrv_reply *);
+ DLIST_ADD_END(call->replies, reply);
}
static NTSTATUS ldapsrv_unwilling(struct ldapsrv_call *call, int error)
static int ldapsrv_add_with_controls(struct ldapsrv_call *call,
const struct ldb_message *message,
struct ldb_control **controls,
- void *context)
+ struct ldb_result *res)
{
struct ldb_context *ldb = call->conn->ldb;
struct ldb_request *req;
ret = ldb_build_add_req(&req, ldb, ldb,
message,
controls,
- context,
+ res,
ldb_modify_default_callback,
NULL);
if (ret != LDB_SUCCESS) return ret;
+ if (call->conn->global_catalog) {
+ return ldb_error(ldb, LDB_ERR_UNWILLING_TO_PERFORM, "modify forbidden on global catalog port");
+ }
+ ldb_request_add_control(req, DSDB_CONTROL_NO_GLOBAL_CATALOG, false, NULL);
+
ret = ldb_transaction_start(ldb);
if (ret != LDB_SUCCESS) {
return ret;
static int ldapsrv_mod_with_controls(struct ldapsrv_call *call,
const struct ldb_message *message,
struct ldb_control **controls,
- void *context)
+ struct ldb_result *res)
{
struct ldb_context *ldb = call->conn->ldb;
struct ldb_request *req;
ret = ldb_build_mod_req(&req, ldb, ldb,
message,
controls,
- context,
+ res,
ldb_modify_default_callback,
NULL);
return ret;
}
+ if (call->conn->global_catalog) {
+ return ldb_error(ldb, LDB_ERR_UNWILLING_TO_PERFORM, "modify forbidden on global catalog port");
+ }
+ ldb_request_add_control(req, DSDB_CONTROL_NO_GLOBAL_CATALOG, false, NULL);
+
ret = ldb_transaction_start(ldb);
if (ret != LDB_SUCCESS) {
return ret;
static int ldapsrv_del_with_controls(struct ldapsrv_call *call,
struct ldb_dn *dn,
struct ldb_control **controls,
- void *context)
+ struct ldb_result *res)
{
struct ldb_context *ldb = call->conn->ldb;
struct ldb_request *req;
ret = ldb_build_del_req(&req, ldb, ldb,
dn,
controls,
- context,
+ res,
ldb_modify_default_callback,
NULL);
if (ret != LDB_SUCCESS) return ret;
+ if (call->conn->global_catalog) {
+ return ldb_error(ldb, LDB_ERR_UNWILLING_TO_PERFORM, "modify forbidden on global catalog port");
+ }
+ ldb_request_add_control(req, DSDB_CONTROL_NO_GLOBAL_CATALOG, false, NULL);
+
ret = ldb_transaction_start(ldb);
if (ret != LDB_SUCCESS) {
return ret;
struct ldb_dn *olddn,
struct ldb_dn *newdn,
struct ldb_control **controls,
- void *context)
+ struct ldb_result *res)
{
struct ldb_context *ldb = call->conn->ldb;
struct ldb_request *req;
ret = ldb_build_rename_req(&req, ldb, ldb,
olddn,
newdn,
- NULL,
- context,
+ controls,
+ res,
ldb_modify_default_callback,
NULL);
if (ret != LDB_SUCCESS) return ret;
+ if (call->conn->global_catalog) {
+ return ldb_error(ldb, LDB_ERR_UNWILLING_TO_PERFORM, "modify forbidden on global catalog port");
+ }
+ ldb_request_add_control(req, DSDB_CONTROL_NO_GLOBAL_CATALOG, false, NULL);
+
ret = ldb_transaction_start(ldb);
if (ret != LDB_SUCCESS) {
return ret;
search_options->search_options = LDB_SEARCH_OPTION_PHANTOM_ROOT;
ldb_request_add_control(lreq, LDB_CONTROL_SEARCH_OPTIONS_OID, false, search_options);
}
+ } else {
+ ldb_request_add_control(lreq, DSDB_CONTROL_NO_GLOBAL_CATALOG, false, NULL);
}
extended_dn_control = ldb_request_get_control(lreq, LDB_CONTROL_EXTENDED_DN_OID);
{
unsigned int i;
struct ldap_message *msg = call->request;
+ struct ldb_context *samdb = call->conn->ldb;
+ NTSTATUS status;
+ time_t *lastts;
/* Check for undecoded critical extensions */
for (i=0; msg->controls && msg->controls[i]; i++) {
if (!msg->controls_decoded[i] &&
case LDAP_TAG_SearchRequest:
return ldapsrv_SearchRequest(call);
case LDAP_TAG_ModifyRequest:
- return ldapsrv_ModifyRequest(call);
+ status = ldapsrv_ModifyRequest(call);
+ break;
case LDAP_TAG_AddRequest:
- return ldapsrv_AddRequest(call);
+ status = ldapsrv_AddRequest(call);
+ break;
case LDAP_TAG_DelRequest:
return ldapsrv_DelRequest(call);
case LDAP_TAG_ModifyDNRequest:
default:
return ldapsrv_unwilling(call, LDAP_PROTOCOL_ERROR);
}
+
+ if (NT_STATUS_IS_OK(status)) {
+ lastts = (time_t *)ldb_get_opaque(samdb, DSDB_OPAQUE_LAST_SCHEMA_UPDATE_MSG_OPAQUE_NAME);
+ if (lastts && !*lastts) {
+ DEBUG(10, ("Schema update now was requested, "
+ "fullfilling the request ts = %d\n",
+ (int)*lastts));
+ /*
+ * Just requesting the schema will do the trick
+ * as the delay for reload is experied, we will have a reload
+ * from the schema as expected as we are not yet in a transaction!
+ */
+ dsdb_get_schema(samdb, NULL);
+ *lastts = time(NULL);
+ ldb_set_opaque(samdb, DSDB_OPAQUE_LAST_SCHEMA_UPDATE_MSG_OPAQUE_NAME, lastts);
+ }
+ }
+ return status;
}