4 Copyright (C) Simo Sorce 2004
5 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
7 * NOTICE: this module is NOT released under the GNU LGPL license as
8 * other ldb code. This module is release under the GNU GPL v2 or
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 2 of the License, or
14 (at your option) any later version.
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
21 You should have received a copy of the GNU General Public License
22 along with this program; if not, write to the Free Software
23 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
29 * Component: ldb samldb module
31 * Description: add embedded user/group creation functionality
37 #include "libcli/ldap/ldap.h"
38 #include "lib/ldb/include/ldb_errors.h"
39 #include "lib/ldb/include/ldb_private.h"
40 #include "dsdb/samdb/samdb.h"
43 /* if value is not null also check for attribute to have exactly that value */
44 static struct ldb_message_element *samldb_find_attribute(const struct ldb_message *msg, const char *name, const char *value)
47 struct ldb_message_element *el = ldb_msg_find_element(msg, name);
56 for (j = 0; j < el->num_values; j++) {
58 (char *)el->values[j].data) == 0) {
66 static BOOL samldb_msg_add_string(struct ldb_module *module, struct ldb_message *msg, const char *name, const char *value)
68 char *aval = talloc_strdup(msg, value);
71 ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_msg_add_string: talloc_strdup failed!\n");
75 if (ldb_msg_add_string(msg, name, aval) != 0) {
82 static BOOL samldb_msg_add_sid(struct ldb_module *module, struct ldb_message *msg, const char *name, const struct dom_sid *sid)
86 status = ndr_push_struct_blob(&v, msg, sid,
87 (ndr_push_flags_fn_t)ndr_push_dom_sid);
88 if (!NT_STATUS_IS_OK(status)) {
91 return (ldb_msg_add_value(msg, name, &v) == 0);
94 static BOOL samldb_find_or_add_attribute(struct ldb_module *module, struct ldb_message *msg, const char *name, const char *value, const char *set_value)
96 if (samldb_find_attribute(msg, name, value) == NULL) {
97 return samldb_msg_add_string(module, msg, name, set_value);
103 allocate a new id, attempting to do it atomically
104 return 0 on failure, the id on success
106 static int samldb_set_next_rid(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
107 const struct ldb_dn *dn, uint32_t old_id, uint32_t new_id)
109 struct ldb_message msg;
111 struct ldb_val vals[2];
112 struct ldb_message_element els[2];
116 ldb_debug(ldb, LDB_DEBUG_FATAL, "Are we out of valid IDs ?\n");
117 return LDB_ERR_OPERATIONS_ERROR;
120 /* we do a delete and add as a single operation. That prevents
121 a race, in case we are not actually on a transaction db */
123 msg.dn = ldb_dn_copy(mem_ctx, dn);
125 return LDB_ERR_OPERATIONS_ERROR;
127 msg.num_elements = 2;
130 els[0].num_values = 1;
131 els[0].values = &vals[0];
132 els[0].flags = LDB_FLAG_MOD_DELETE;
133 els[0].name = talloc_strdup(mem_ctx, "nextRid");
135 return LDB_ERR_OPERATIONS_ERROR;
138 els[1].num_values = 1;
139 els[1].values = &vals[1];
140 els[1].flags = LDB_FLAG_MOD_ADD;
141 els[1].name = els[0].name;
143 vals[0].data = (uint8_t *)talloc_asprintf(mem_ctx, "%u", old_id);
145 return LDB_ERR_OPERATIONS_ERROR;
147 vals[0].length = strlen((char *)vals[0].data);
149 vals[1].data = (uint8_t *)talloc_asprintf(mem_ctx, "%u", new_id);
151 return LDB_ERR_OPERATIONS_ERROR;
153 vals[1].length = strlen((char *)vals[1].data);
155 ret = ldb_modify(ldb, &msg);
160 allocate a new id, attempting to do it atomically
161 return 0 on failure, the id on success
163 static int samldb_find_next_rid(struct ldb_module *module, TALLOC_CTX *mem_ctx,
164 const struct ldb_dn *dn, uint32_t *old_rid)
166 const char * const attrs[2] = { "nextRid", NULL };
167 struct ldb_result *res = NULL;
171 ret = ldb_search(module->ldb, dn, LDB_SCOPE_BASE, "nextRid=*", attrs, &res);
172 if (ret != LDB_SUCCESS) {
175 talloc_steal(mem_ctx, res);
176 if (res->count != 1) {
181 str = ldb_msg_find_string(res->msgs[0], "nextRid", NULL);
183 ldb_set_errstring(module->ldb,
184 talloc_asprintf(mem_ctx, "attribute nextRid not found in %s\n",
185 ldb_dn_linearize(res, dn)));
190 *old_rid = strtol(str, NULL, 0);
195 static int samldb_allocate_next_rid(struct ldb_module *module, TALLOC_CTX *mem_ctx,
196 const struct ldb_dn *dn, const struct dom_sid *dom_sid,
197 struct dom_sid **new_sid)
199 struct dom_sid *obj_sid;
202 struct ldb_message **sid_msgs;
203 const char *sid_attrs[] = { NULL };
206 ret = samldb_find_next_rid(module, mem_ctx, dn, &old_rid);
211 /* return the new object sid */
212 obj_sid = dom_sid_add_rid(mem_ctx, dom_sid, old_rid);
214 ret = samldb_set_next_rid(module->ldb, mem_ctx, dn, old_rid, old_rid + 1);
219 *new_sid = dom_sid_add_rid(mem_ctx, dom_sid, old_rid + 1);
221 return LDB_ERR_OPERATIONS_ERROR;
224 ret = gendb_search(module->ldb,
225 mem_ctx, NULL, &sid_msgs, sid_attrs,
227 ldap_encode_ndr_dom_sid(mem_ctx, *new_sid));
229 /* Great. There are no conflicting users/groups/etc */
231 } else if (ret == -1) {
232 /* Bugger, there is a problem, and we don't know what it is until gendb_search improves */
235 /* gah, there are conflicting sids, lets move around the loop again... */
241 /* Find a domain object in the parents of a particular DN. */
242 static struct ldb_dn *samldb_search_domain(struct ldb_module *module, TALLOC_CTX *mem_ctx, const struct ldb_dn *dn)
244 TALLOC_CTX *local_ctx;
246 struct ldb_result *res = NULL;
249 local_ctx = talloc_new(mem_ctx);
250 if (local_ctx == NULL) return NULL;
252 sdn = ldb_dn_copy(local_ctx, dn);
254 ret = ldb_search(module->ldb, sdn, LDB_SCOPE_BASE, "objectClass=domain", NULL, &res);
255 talloc_steal(local_ctx, res);
256 if (ret == LDB_SUCCESS && res->count == 1)
258 } while ((sdn = ldb_dn_get_parent(local_ctx, sdn)));
260 if (ret != LDB_SUCCESS || res->count != 1) {
261 talloc_free(local_ctx);
265 talloc_steal(mem_ctx, sdn);
266 talloc_free(local_ctx);
271 /* search the domain related to the provided dn
272 allocate a new RID for the domain
273 return the new sid string
275 static struct dom_sid *samldb_get_new_sid(struct ldb_module *module,
276 TALLOC_CTX *mem_ctx, const struct ldb_dn *obj_dn)
278 const char * const attrs[2] = { "objectSid", NULL };
279 struct ldb_result *res = NULL;
280 const struct ldb_dn *dom_dn;
282 struct dom_sid *dom_sid, *obj_sid;
284 /* get the domain component part of the provided dn */
286 dom_dn = samldb_search_domain(module, mem_ctx, obj_dn);
287 if (dom_dn == NULL) {
288 ldb_debug(module->ldb, LDB_DEBUG_FATAL, "Invalid dn (%s) not child of a domain object!\n", ldb_dn_linearize(mem_ctx, obj_dn));
292 /* find the domain sid */
294 ret = ldb_search(module->ldb, dom_dn, LDB_SCOPE_BASE, "objectSid=*", attrs, &res);
295 if (ret != LDB_SUCCESS || res->count != 1) {
296 ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_get_new_sid: error retrieving domain sid!\n");
301 dom_sid = samdb_result_dom_sid(res, res->msgs[0], "objectSid");
302 if (dom_sid == NULL) {
303 ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_get_new_sid: error retrieving domain sid!\n");
308 /* allocate a new Rid for the domain */
309 ret = samldb_allocate_next_rid(module, mem_ctx, dom_dn, dom_sid, &obj_sid);
311 ldb_debug(module->ldb, LDB_DEBUG_FATAL, "Failed to increment nextRid of %s\n", ldb_dn_linearize(mem_ctx, dom_dn));
321 /* If we are adding new users/groups, we need to update the nextRid
322 * attribute to be 'above' all incoming users RIDs. This tries to
323 * avoid clashes in future */
325 int samldb_notice_sid(struct ldb_module *module,
326 TALLOC_CTX *mem_ctx, const struct dom_sid *sid)
329 struct ldb_dn *dom_dn;
330 struct dom_sid *dom_sid;
331 const char *dom_attrs[] = { NULL };
332 struct ldb_message **dom_msgs;
335 /* find the domain DN */
337 ret = gendb_search(module->ldb,
338 mem_ctx, NULL, &dom_msgs, dom_attrs,
340 ldap_encode_ndr_dom_sid(mem_ctx, sid));
342 ldb_set_errstring(module->ldb,
343 talloc_asprintf(mem_ctx,
344 "Attempt to add record with SID %s rejected,"
345 " because this SID is already in the database",
346 dom_sid_string(mem_ctx, sid)));
347 /* We have a duplicate SID, we must reject the add */
348 talloc_free(dom_msgs);
349 return LDB_ERR_CONSTRAINT_VIOLATION;
353 ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_get_new_sid: error searching for proposed sid!\n");
357 dom_sid = dom_sid_dup(mem_ctx, sid);
359 return LDB_ERR_OPERATIONS_ERROR;
361 /* get the domain component part of the provided SID */
362 dom_sid->num_auths--;
364 /* find the domain DN */
366 ret = gendb_search(module->ldb,
367 mem_ctx, NULL, &dom_msgs, dom_attrs,
368 "(&(objectSid=%s)(objectclass=domain))",
369 ldap_encode_ndr_dom_sid(mem_ctx, dom_sid));
371 /* This isn't an operation on a domain we know about, so nothing to update */
376 ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_get_new_sid: error retrieving domain from sid: duplicate domains!\n");
377 talloc_free(dom_msgs);
382 ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_get_new_sid: error retrieving domain sid!\n");
386 dom_dn = dom_msgs[0]->dn;
388 ret = samldb_find_next_rid(module, mem_ctx,
391 talloc_free(dom_msgs);
395 if (old_rid <= sid->sub_auths[sid->num_auths - 1]) {
396 ret = samldb_set_next_rid(module->ldb, mem_ctx, dom_dn, old_rid,
397 sid->sub_auths[sid->num_auths - 1] + 1);
399 talloc_free(dom_msgs);
403 static int samldb_handle_sid(struct ldb_module *module,
404 TALLOC_CTX *mem_ctx, struct ldb_message *msg2)
408 struct dom_sid *sid = samdb_result_dom_sid(mem_ctx, msg2, "objectSid");
410 sid = samldb_get_new_sid(module, msg2, msg2->dn);
412 ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_user_or_computer_object: internal error! Can't generate new sid\n");
413 return LDB_ERR_OPERATIONS_ERROR;
416 if ( ! samldb_msg_add_sid(module, msg2, "objectSid", sid)) {
418 return LDB_ERR_OPERATIONS_ERROR;
423 ret = samldb_notice_sid(module, msg2, sid);
428 static char *samldb_generate_samAccountName(struct ldb_module *module, TALLOC_CTX *mem_ctx)
431 const char *attrs[] = { NULL };
432 struct ldb_message **msgs;
435 /* Format: $000000-000000000000 */
438 name = talloc_asprintf(mem_ctx, "$%.6X-%.6X%.6X", (unsigned int)random(), (unsigned int)random(), (unsigned int)random());
439 /* TODO: Figure out exactly what this is meant to conflict with */
440 ret = gendb_search(module->ldb,
441 mem_ctx, NULL, &msgs, attrs,
443 ldb_binary_encode_string(mem_ctx, name));
445 /* Great. There are no conflicting users/groups/etc */
447 } else if (ret == -1) {
448 /* Bugger, there is a problem, and we don't know what it is until gendb_search improves */
452 /* gah, there are conflicting sids, lets move around the loop again... */
457 static int samldb_copy_template(struct ldb_module *module, struct ldb_message *msg, const char *filter)
459 struct ldb_result *res;
460 struct ldb_message *t;
464 /* pull the template record */
465 ret = ldb_search(module->ldb, NULL, LDB_SCOPE_SUBTREE, filter, NULL, &res);
466 if (ret != LDB_SUCCESS || res->count != 1) {
467 ldb_debug(module->ldb, LDB_DEBUG_WARNING, "samldb: ERROR: template '%s' matched too many records\n", filter);
472 for (i = 0; i < t->num_elements; i++) {
473 struct ldb_message_element *el = &t->elements[i];
474 /* some elements should not be copied from the template */
475 if (strcasecmp(el->name, "cn") == 0 ||
476 strcasecmp(el->name, "name") == 0 ||
477 strcasecmp(el->name, "sAMAccountName") == 0 ||
478 strcasecmp(el->name, "objectGUID") == 0) {
481 for (j = 0; j < el->num_values; j++) {
482 if (strcasecmp(el->name, "objectClass") == 0) {
483 if (strcasecmp((char *)el->values[j].data, "Template") == 0 ||
484 strcasecmp((char *)el->values[j].data, "userTemplate") == 0 ||
485 strcasecmp((char *)el->values[j].data, "groupTemplate") == 0 ||
486 strcasecmp((char *)el->values[j].data, "foreignSecurityPrincipalTemplate") == 0 ||
487 strcasecmp((char *)el->values[j].data, "aliasTemplate") == 0 ||
488 strcasecmp((char *)el->values[j].data, "trustedDomainTemplate") == 0 ||
489 strcasecmp((char *)el->values[j].data, "secretTemplate") == 0) {
492 if ( ! samldb_find_or_add_attribute(module, msg, el->name,
493 (char *)el->values[j].data,
494 (char *)el->values[j].data)) {
495 ldb_debug(module->ldb, LDB_DEBUG_FATAL, "Attribute adding failed...\n");
500 if ( ! samldb_find_or_add_attribute(module, msg, el->name,
502 (char *)el->values[j].data)) {
503 ldb_debug(module->ldb, LDB_DEBUG_FATAL, "Attribute adding failed...\n");
516 static int samldb_fill_group_object(struct ldb_module *module, const struct ldb_message *msg,
517 struct ldb_message **ret_msg)
521 struct ldb_message *msg2;
522 struct ldb_dn_component *rdn;
523 TALLOC_CTX *mem_ctx = talloc_new(msg);
525 return LDB_ERR_OPERATIONS_ERROR;
528 /* build the new msg */
529 msg2 = ldb_msg_copy(mem_ctx, msg);
531 ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_group_object: ldb_msg_copy failed!\n");
532 talloc_free(mem_ctx);
533 return LDB_ERR_OPERATIONS_ERROR;
536 ret = samldb_copy_template(module, msg2, "(&(CN=TemplateGroup)(objectclass=groupTemplate))");
538 ldb_debug(module->ldb, LDB_DEBUG_WARNING, "samldb_fill_group_object: Error copying template!\n");
539 talloc_free(mem_ctx);
543 rdn = ldb_dn_get_rdn(msg2, msg2->dn);
545 if (strcasecmp(rdn->name, "cn") != 0) {
546 ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_group_object: Bad RDN (%s) for group!\n", rdn->name);
547 talloc_free(mem_ctx);
548 return LDB_ERR_CONSTRAINT_VIOLATION;
551 /* Generate a random name, if no samAccountName was supplied */
552 if (ldb_msg_find_element(msg2, "samAccountName") == NULL) {
553 name = samldb_generate_samAccountName(module, mem_ctx);
555 talloc_free(mem_ctx);
556 return LDB_ERR_OPERATIONS_ERROR;
558 if ( ! samldb_find_or_add_attribute(module, msg2, "sAMAccountName", NULL, name)) {
559 talloc_free(mem_ctx);
560 return LDB_ERR_OPERATIONS_ERROR;
564 /* Manage SID allocation, conflicts etc */
565 ret = samldb_handle_sid(module, mem_ctx, msg2);
568 talloc_steal(msg, msg2);
571 talloc_free(mem_ctx);
575 static int samldb_fill_user_or_computer_object(struct ldb_module *module, const struct ldb_message *msg,
576 struct ldb_message **ret_msg)
580 struct ldb_message *msg2;
581 struct ldb_dn_component *rdn;
582 TALLOC_CTX *mem_ctx = talloc_new(msg);
584 return LDB_ERR_OPERATIONS_ERROR;
587 /* build the new msg */
588 msg2 = ldb_msg_copy(mem_ctx, msg);
590 ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_group_object: ldb_msg_copy failed!\n");
591 talloc_free(mem_ctx);
592 return LDB_ERR_OPERATIONS_ERROR;
595 if (samldb_find_attribute(msg, "objectclass", "computer") != NULL) {
596 ret = samldb_copy_template(module, msg2, "(&(CN=TemplateComputer)(objectclass=userTemplate))");
598 ldb_debug(module->ldb, LDB_DEBUG_WARNING, "samldb_fill_user_or_computer_object: Error copying computer template!\n");
599 talloc_free(mem_ctx);
603 ret = samldb_copy_template(module, msg2, "(&(CN=TemplateUser)(objectclass=userTemplate))");
605 ldb_debug(module->ldb, LDB_DEBUG_WARNING, "samldb_fill_user_or_computer_object: Error copying user template!\n");
606 talloc_free(mem_ctx);
611 rdn = ldb_dn_get_rdn(msg2, msg2->dn);
613 if (strcasecmp(rdn->name, "cn") != 0) {
614 ldb_set_errstring(module->ldb, talloc_asprintf(module, "Bad RDN (%s=) for user/computer, should be CN=!\n", rdn->name));
615 talloc_free(mem_ctx);
616 return LDB_ERR_CONSTRAINT_VIOLATION;
619 /* if the only attribute was: "objectclass: computer", then make sure we also add "user" objectclass */
620 if ( ! samldb_find_or_add_attribute(module, msg2, "objectclass", "user", "user")) {
621 talloc_free(mem_ctx);
622 return LDB_ERR_OPERATIONS_ERROR;
625 /* meddle with objectclass */
627 if (ldb_msg_find_element(msg2, "samAccountName") == NULL) {
628 name = samldb_generate_samAccountName(module, mem_ctx);
630 talloc_free(mem_ctx);
631 return LDB_ERR_OPERATIONS_ERROR;
633 if ( ! samldb_find_or_add_attribute(module, msg2, "sAMAccountName", NULL, name)) {
634 talloc_free(mem_ctx);
635 return LDB_ERR_OPERATIONS_ERROR;
640 TODO: useraccountcontrol: setting value 0 gives 0x200 for users
643 /* Manage SID allocation, conflicts etc */
644 ret = samldb_handle_sid(module, mem_ctx, msg2);
646 /* TODO: objectCategory, userAccountControl, badPwdCount, codePage, countryCode, badPasswordTime, lastLogoff, lastLogon, pwdLastSet, primaryGroupID, accountExpires, logonCount */
650 talloc_steal(msg, msg2);
652 talloc_free(mem_ctx);
656 static int samldb_fill_foreignSecurityPrincipal_object(struct ldb_module *module, const struct ldb_message *msg,
657 struct ldb_message **ret_msg)
659 struct ldb_message *msg2;
660 struct ldb_dn_component *rdn;
661 struct dom_sid *dom_sid;
663 const char *dom_attrs[] = { "name", NULL };
664 struct ldb_message **dom_msgs;
667 TALLOC_CTX *mem_ctx = talloc_new(msg);
669 return LDB_ERR_OPERATIONS_ERROR;
672 /* build the new msg */
673 msg2 = ldb_msg_copy(mem_ctx, msg);
675 ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_foreignSecurityPrincpal_object: ldb_msg_copy failed!\n");
676 talloc_free(mem_ctx);
677 return LDB_ERR_OPERATIONS_ERROR;
680 ret = samldb_copy_template(module, msg2, "(&(CN=TemplateForeignSecurityPrincipal)(objectclass=foreignSecurityPrincipalTemplate))");
682 ldb_debug(module->ldb, LDB_DEBUG_WARNING, "samldb_fill_foreignSecurityPrincipal_object: Error copying template!\n");
683 talloc_free(mem_ctx);
687 rdn = ldb_dn_get_rdn(msg2, msg2->dn);
689 if (strcasecmp(rdn->name, "cn") != 0) {
690 ldb_set_errstring(module->ldb, talloc_asprintf(module, "Bad RDN (%s=) for ForeignSecurityPrincipal, should be CN=!", rdn->name));
691 talloc_free(mem_ctx);
692 return LDB_ERR_CONSTRAINT_VIOLATION;
695 /* Slightly different for the foreign sids. We don't want
696 * domain SIDs ending up there, it would cause all sorts of
699 sid = dom_sid_parse_talloc(msg2, (const char *)rdn->value.data);
701 ldb_set_errstring(module->ldb, talloc_asprintf(module, "No valid found SID in ForeignSecurityPrincipal CN!"));
702 talloc_free(mem_ctx);
703 return LDB_ERR_CONSTRAINT_VIOLATION;
706 if ( ! samldb_msg_add_sid(module, msg2, "objectSid", sid)) {
708 return LDB_ERR_OPERATIONS_ERROR;
711 dom_sid = dom_sid_dup(mem_ctx, sid);
713 talloc_free(mem_ctx);
714 return LDB_ERR_OPERATIONS_ERROR;
716 /* get the domain component part of the provided SID */
717 dom_sid->num_auths--;
719 /* find the domain DN */
721 ret = gendb_search(module->ldb,
722 mem_ctx, NULL, &dom_msgs, dom_attrs,
723 "(&(objectSid=%s)(objectclass=domain))",
724 ldap_encode_ndr_dom_sid(mem_ctx, dom_sid));
726 const char *name = samdb_result_string(dom_msgs[0], "name", NULL);
727 ldb_set_errstring(module->ldb, talloc_asprintf(mem_ctx, "Attempt to add foreign SID record with SID %s rejected, because this domian (%s) is already in the database", dom_sid_string(mem_ctx, sid), name));
728 /* We don't really like the idea of foreign sids that are not foreign */
729 return LDB_ERR_CONSTRAINT_VIOLATION;
730 } else if (ret == -1) {
731 ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_foreignSecurityPrincipal_object: error searching for a domain with this sid: %s\n", dom_sid_string(mem_ctx, dom_sid));
732 talloc_free(dom_msgs);
736 /* This isn't an operation on a domain we know about, so just
737 * check for the SID, looking for duplicates via the common
739 ret = samldb_notice_sid(module, msg2, sid);
741 talloc_steal(msg, msg2);
749 static int samldb_add(struct ldb_module *module, struct ldb_request *req)
751 const struct ldb_message *msg = req->op.add.message;
752 struct ldb_message *msg2 = NULL;
755 ldb_debug(module->ldb, LDB_DEBUG_TRACE, "samldb_add_record\n");
758 if (ldb_dn_is_special(msg->dn)) { /* do not manipulate our control entries */
759 return ldb_next_request(module, req);
762 /* is user or computer? add all relevant missing objects */
763 if ((samldb_find_attribute(msg, "objectclass", "user") != NULL) ||
764 (samldb_find_attribute(msg, "objectclass", "computer") != NULL)) {
765 ret = samldb_fill_user_or_computer_object(module, msg, &msg2);
771 /* is group? add all relevant missing objects */
773 if (samldb_find_attribute(msg, "objectclass", "group") != NULL) {
774 ret = samldb_fill_group_object(module, msg, &msg2);
781 /* perhaps a foreignSecurityPrincipal? */
783 if (samldb_find_attribute(msg, "objectclass", "foreignSecurityPrincipal") != NULL) {
784 ret = samldb_fill_foreignSecurityPrincipal_object(module, msg, &msg2);
792 req->op.add.message = msg2;
793 ret = ldb_next_request(module, req);
794 req->op.add.message = msg;
796 ret = ldb_next_request(module, req);
802 static int samldb_destructor(void *module_ctx)
804 /* struct ldb_module *ctx = module_ctx; */
805 /* put your clean-up functions here */
809 static int samldb_request(struct ldb_module *module, struct ldb_request *req)
811 switch (req->operation) {
814 return samldb_add(module, req);
817 return ldb_next_request(module, req);
822 static int samldb_init(struct ldb_module *module)
824 talloc_set_destructor(module, samldb_destructor);
825 return ldb_next_init(module);
828 static const struct ldb_module_ops samldb_ops = {
830 .init_context = samldb_init,
831 .request = samldb_request
835 int samldb_module_init(void)
837 return ldb_register_module(&samldb_ops);