#include "libcli/ldap/ldap_client.h"
#include "auth/auth.h"
#include "auth/credentials/credentials.h"
+#include "dsdb/common/util.h"
struct ildb_private {
struct ldap_connection *ldap;
/* caller can optionally setup credentials using the opaque token 'credentials' */
creds = talloc_get_type(ldb_get_opaque(ldb, "credentials"), struct cli_credentials);
if (creds == NULL) {
- struct auth_session_info *session_info = talloc_get_type(ldb_get_opaque(ldb, "sessionInfo"), struct auth_session_info);
+ struct auth_session_info *session_info = talloc_get_type(
+ ldb_get_opaque(ldb, DSDB_SESSION_INFO),
+ struct auth_session_info);
if (session_info) {
creds = session_info->credentials;
}
}
session_info
- = talloc_get_type(ldb_get_opaque(ldb, "sessionInfo"),
+ = talloc_get_type(ldb_get_opaque(ldb, DSDB_SESSION_INFO),
struct auth_session_info);
if (security_session_user_level(session_info, NULL) != SECURITY_SYSTEM) {
return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
#include "lib/ldb-samba/ldif_handlers.h"
#include "ldb_wrap.h"
#include "dsdb/samdb/samdb.h"
+#include "dsdb/common/util.h"
#include "param/param.h"
#include "../lib/util/dlinklist.h"
#include "lib/util/util_paths.h"
ldb_set_utf8_fns(ldb, NULL, wrap_casefold);
if (session_info) {
- if (ldb_set_opaque(ldb, "sessionInfo", session_info)) {
+ if (ldb_set_opaque(ldb, DSDB_SESSION_INFO, session_info)) {
talloc_free(ldb);
return NULL;
}
#include "ldb_wrap.h"
#include "lib/ldb-samba/ldif_handlers.h"
#include "auth/pyauth.h"
+#include "source4/dsdb/common/util.h"
static PyObject *pyldb_module;
info = PyAuthSession_AsSession(py_session_info);
- ldb_set_opaque(ldb, "sessionInfo", info);
+ ldb_set_opaque(ldb, DSDB_SESSION_INFO, info);
Py_RETURN_NONE;
}
#include "auth/auth.h"
#include "param/param.h"
#include "dsdb/samdb/samdb.h"
+#include "dsdb/common/util.h"
#include "ldb_wrap.h"
#include "popt.h"
}
gensec_init();
- if (ldb_set_opaque(ldb, "sessionInfo", system_session(cmdline_lp_ctx))) {
+ if (ldb_set_opaque(
+ ldb,
+ DSDB_SESSION_INFO,
+ system_session(cmdline_lp_ctx))) {
+
return ldb_operr(ldb);
}
if (ldb_set_opaque(ldb, "credentials",
return true;
}
- ret = ldb_set_opaque(state->samdb, "sessionInfo", state->session_info);
+ ret = ldb_set_opaque(
+ state->samdb,
+ DSDB_SESSION_INFO,
+ state->session_info);
if (ret != LDB_SUCCESS) {
state->log(ISC_LOG_ERROR, "samba_dlz: unable to set session info");
return false;
*/
static void b9_reset_session_info(struct dlz_bind9_data *state)
{
- ldb_set_opaque(state->samdb, "sessionInfo", system_session(state->lp));
+ ldb_set_opaque(
+ state->samdb,
+ DSDB_SESSION_INFO,
+ system_session(state->lp));
}
/*
TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
if (tkey != NULL) {
- ret = ldb_set_opaque(dns->samdb, "sessionInfo", tkey->session_info);
+ ret = ldb_set_opaque(
+ dns->samdb,
+ DSDB_SESSION_INFO,
+ tkey->session_info);
if (ret != LDB_SUCCESS) {
DEBUG(1, ("unable to set session info\n"));
werror = DNS_ERR(SERVER_FAILURE);
TALLOC_FREE(tmp_ctx);
if (tkey != NULL) {
- ldb_set_opaque(dns->samdb, "sessionInfo",
- system_session(dns->task->lp_ctx));
+ ldb_set_opaque(
+ dns->samdb,
+ DSDB_SESSION_INFO,
+ system_session(dns->task->lp_ctx));
}
return WERR_OK;
ldb_transaction_cancel(dns->samdb);
if (tkey != NULL) {
- ldb_set_opaque(dns->samdb, "sessionInfo",
- system_session(dns->task->lp_ctx));
+ ldb_set_opaque(
+ dns->samdb,
+ DSDB_SESSION_INFO,
+ system_session(dns->task->lp_ctx));
}
TALLOC_FREE(tmp_ctx);
"unicodePwd", \
"dBCSPwd"
+/*
+ * ldb opaque values used to pass the user session information to ldb modules
+ */
+#define DSDB_SESSION_INFO "sessionInfo"
+#define DSDB_NETWORK_SESSION_INFO "networkSessionInfo"
+
struct GUID;
char *NS_GUID_string(TALLOC_CTX *mem_ctx, const struct GUID *guid);
{
struct ldb_context *ldb = ldb_module_get_ctx(module);
struct auth_session_info *session_info
- = (struct auth_session_info *)ldb_get_opaque(ldb, "sessionInfo");
+ = (struct auth_session_info *)ldb_get_opaque(
+ ldb,
+ DSDB_SESSION_INFO);
if(!session_info) {
return NULL;
}
};
struct ldb_context *ldb = ldb_module_get_ctx(module);
struct auth_session_info *session_info
- = (struct auth_session_info *)ldb_get_opaque(ldb, "sessionInfo");
+ = (struct auth_session_info *)ldb_get_opaque(
+ ldb,
+ DSDB_SESSION_INFO);
if(!session_info) {
return ldb_operr(ldb);
}
{
struct ldb_context *ldb = ldb_module_get_ctx(module);
struct auth_session_info *session_info
- = (struct auth_session_info *)ldb_get_opaque(ldb, "sessionInfo");
+ = (struct auth_session_info *)ldb_get_opaque(
+ ldb,
+ DSDB_SESSION_INFO);
if (!session_info) {
return "UNKNOWN (NULL)";
}
struct auth_session_info *session = NULL;
struct security_token *user_token = NULL;
- opaque_session = ldb_get_opaque(ldb, "networkSessionInfo");
+ opaque_session = ldb_get_opaque(ldb, DSDB_NETWORK_SESSION_INFO);
if (opaque_session == NULL) {
return NULL;
}
struct auth_session_info *session_info
= (struct auth_session_info *)ldb_get_opaque(
ldb,
- "sessionInfo");
+ DSDB_SESSION_INFO);
if(!session_info) {
return NULL;
}
struct auth_session_info *session_info
= (struct auth_session_info *)ldb_get_opaque(
ldb,
- "networkSessionInfo");
+ DSDB_NETWORK_SESSION_INFO);
if(!session_info) {
return NULL;
}
enum ndr_err_code ndr_err;
struct ldb_context *ldb = ldb_module_get_ctx(module);
struct auth_session_info *session_info
- = ldb_get_opaque(ldb, "sessionInfo");
+ = ldb_get_opaque(ldb, DSDB_SESSION_INFO);
const struct dom_sid *domain_sid = samdb_domain_sid(ldb);
char *sddl_sd;
struct dom_sid *default_owner;
if (do_attribute_explicit(attrs, "tokenGroups")) {
/* Obtain the user's session_info */
struct auth_session_info *session_info
- = (struct auth_session_info *)ldb_get_opaque(ldb, "sessionInfo");
+ = (struct auth_session_info *)ldb_get_opaque(
+ ldb,
+ DSDB_SESSION_INFO);
if (session_info && session_info->security_token) {
/* The list of groups this user is in */
for (i = 0; i < session_info->security_token->num_sids; i++) {
return LDB_SUCCESS;
}
- session_info = (struct auth_session_info *)ldb_get_opaque(ldb_module_get_ctx(module), "sessionInfo");
+ session_info = (struct auth_session_info *)ldb_get_opaque(
+ ldb_module_get_ctx(module),
+ DSDB_SESSION_INFO);
if (session_info) {
is_anonymous = security_token_is_anonymous(session_info->security_token);
}
struct ldb_dn *op_feature_scope_dn;
struct ldb_message *op_feature_msg;
struct auth_session_info *session_info =
- (struct auth_session_info *)ldb_get_opaque(ldb, "sessionInfo");
+ (struct auth_session_info *)ldb_get_opaque(
+ ldb,
+ DSDB_SESSION_INFO);
TALLOC_CTX *tmp_ctx = talloc_new(ldb);
int ret;
const char *guid_string;
struct fsmo_transfer_state *fsmo;
struct tevent_req *treq;
- session_info = (struct auth_session_info *)ldb_get_opaque(ldb_module_get_ctx(module), "sessionInfo");
+ session_info = (struct auth_session_info *)ldb_get_opaque(
+ ldb_module_get_ctx(module),
+ DSDB_SESSION_INFO);
level = security_session_user_level(session_info, NULL);
if (level < SECURITY_ADMINISTRATOR) {
return ldb_error(ldb, LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS, "Denied rootDSE modify for non-administrator");
sess->security_token = token;
GUID_from_string(SESSION, &session_id);
sess->unique_session_token = session_id;
- ldb_set_opaque(ldb, "sessionInfo", sess);
+ ldb_set_opaque(ldb, DSDB_SESSION_INFO, sess);
msg = talloc_zero(ctx, struct ldb_message);
dn = ldb_dn_new(ctx, ldb, DN);
sess->security_token = token;
GUID_from_string(SESSION, &session_id);
sess->unique_session_token = session_id;
- ldb_set_opaque(ldb, "networkSessionInfo", sess);
+ ldb_set_opaque(ldb, DSDB_NETWORK_SESSION_INFO, sess);
sys_sess = talloc_zero(ctx, struct auth_session_info);
sys_token = talloc_zero(ctx, struct security_token);
sys_sess->security_token = sys_token;
GUID_from_string(SYS_SESSION, &sys_session_id);
sess->unique_session_token = sys_session_id;
- ldb_set_opaque(ldb, "sessionInfo", sys_sess);
+ ldb_set_opaque(ldb, DSDB_SESSION_INFO, sys_sess);
msg = talloc_zero(ctx, struct ldb_message);
dn = ldb_dn_new(ctx, ldb, DN);
sess->security_token = token;
GUID_from_string(SESSION, &session_id);
sess->unique_session_token = session_id;
- ldb_set_opaque(ldb, "sessionInfo", sess);
+ ldb_set_opaque(ldb, DSDB_SESSION_INFO, sess);
msg = talloc_zero(ctx, struct ldb_message);
dn = ldb_dn_new(ctx, ldb, DN);
sess->security_token = token;
GUID_from_string(SESSION, &session_id);
sess->unique_session_token = session_id;
- ldb_set_opaque(ldb, "sessionInfo", sess);
+ ldb_set_opaque(ldb, DSDB_SESSION_INFO, sess);
msg = talloc_zero(ctx, struct ldb_message);
dn = ldb_dn_new(ctx, ldb, DN);
sess->security_token = token;
GUID_from_string(SESSION, &session_id);
sess->unique_session_token = session_id;
- ldb_set_opaque(ldb, "networkSessionInfo", sess);
+ ldb_set_opaque(ldb, DSDB_NETWORK_SESSION_INFO, sess);
sys_sess = talloc_zero(ctx, struct auth_session_info);
sys_token = talloc_zero(ctx, struct security_token);
sys_sess->security_token = sys_token;
GUID_from_string(SYS_SESSION, &sys_session_id);
sess->unique_session_token = sys_session_id;
- ldb_set_opaque(ldb, "sessionInfo", sys_sess);
+ ldb_set_opaque(ldb, DSDB_SESSION_INFO, sys_sess);
msg = talloc_zero(ctx, struct ldb_message);
dn = ldb_dn_new(ctx, ldb, DN);
sess->security_token = token;
GUID_from_string(SESSION, &session_id);
sess->unique_session_token = session_id;
- ldb_set_opaque(ldb, "sessionInfo", sess);
+ ldb_set_opaque(ldb, DSDB_SESSION_INFO, sess);
msg = talloc_zero(ctx, struct ldb_message);
dn = ldb_dn_new(ctx, ldb, DN);
/*
* Now add a NULL session info
*/
- ldb_set_opaque(ldb, "sessionInfo", NULL);
+ ldb_set_opaque(ldb, DSDB_SESSION_INFO, sess);
sid = dsdb_audit_get_user_sid(module);
assert_null(sid);
* Now add a session info with no user sid
*/
sess = talloc_zero(ctx, struct auth_session_info);
- ldb_set_opaque(ldb, "sessionInfo", sess);
+ ldb_set_opaque(ldb, DSDB_SESSION_INFO, sess);
sid = dsdb_audit_get_user_sid(module);
assert_null(sid);
/*
* Now add a NULL session info
*/
- ldb_set_opaque(ldb, "networkSessionInfo", NULL);
+ ldb_set_opaque(ldb, DSDB_NETWORK_SESSION_INFO, NULL);
sid = dsdb_audit_get_actual_sid(ldb);
assert_null(sid);
* Now add a session info with no user sid
*/
sess = talloc_zero(ctx, struct auth_session_info);
- ldb_set_opaque(ldb, "networkSessionInfo", sess);
+ ldb_set_opaque(ldb, DSDB_NETWORK_SESSION_INFO, sess);
sid = dsdb_audit_get_actual_sid(ldb);
assert_null(sid);
/*
* Now add a NULL session info
*/
- ldb_set_opaque(ldb, "sessionInfo", NULL);
+ ldb_set_opaque(ldb, DSDB_SESSION_INFO, NULL);
assert_false(dsdb_audit_is_system_session(module));
/*
* Now add a session info with no user sid
*/
sess = talloc_zero(ctx, struct auth_session_info);
- ldb_set_opaque(ldb, "sessionInfo", sess);
+ ldb_set_opaque(ldb, DSDB_SESSION_INFO, sess);
assert_false(dsdb_audit_is_system_session(module));
/*
/*
* Now add a NULL session info
*/
- ldb_set_opaque(ldb, "sessionInfo", NULL);
+ ldb_set_opaque(ldb, DSDB_SESSION_INFO, NULL);
guid = dsdb_audit_get_unique_session_token(module);
assert_null(guid);
* probably off.
*/
sess = talloc_zero(ctx, struct auth_session_info);
- ldb_set_opaque(ldb, "sessionInfo", sess);
+ ldb_set_opaque(ldb, DSDB_SESSION_INFO, sess);
guid = dsdb_audit_get_unique_session_token(module);
/*
* We will get a GUID, but it's contents will be undefined
/*
* Now add a NULL session info
*/
- ldb_set_opaque(ldb, "networkSessionInfo", NULL);
+ ldb_set_opaque(ldb, DSDB_NETWORK_SESSION_INFO, NULL);
guid = dsdb_audit_get_actual_unique_session_token(ldb);
assert_null(guid);
* probably off.
*/
sess = talloc_zero(ctx, struct auth_session_info);
- ldb_set_opaque(ldb, "networkSessionInfo", sess);
+ ldb_set_opaque(ldb, DSDB_NETWORK_SESSION_INFO, sess);
guid = dsdb_audit_get_actual_unique_session_token(ldb);
/*
* We will get a GUID, but it's contents will be undefined
sess->security_token = token;
GUID_from_string(session, &session_id);
sess->unique_session_token = session_id;
- ldb_set_opaque(ldb, "sessionInfo", sess);
+ ldb_set_opaque(ldb, DSDB_SESSION_INFO, sess);
}
static void test_get_transaction_id(void **state)
{
struct ldb_context *ldb = ldb_module_get_ctx(module);
struct auth_session_info *session_info
- = talloc_get_type(ldb_get_opaque(ldb, "sessionInfo"), struct auth_session_info);
+ = talloc_get_type(
+ ldb_get_opaque(ldb, DSDB_SESSION_INFO),
+ struct auth_session_info);
return security_session_user_level(session_info, NULL) == SECURITY_SYSTEM;
}
{
struct ldb_context *ldb = ldb_module_get_ctx(module);
struct auth_session_info *session_info
- = talloc_get_type(ldb_get_opaque(ldb, "sessionInfo"), struct auth_session_info);
+ = talloc_get_type(
+ ldb_get_opaque(ldb, DSDB_SESSION_INFO),
+ struct auth_session_info);
return security_session_user_level(session_info, NULL) == SECURITY_ADMINISTRATOR;
}
#include "librpc/gen_ndr/srvsvc.h"
#include "rpc_server/dcerpc_server.h"
#include "dsdb/samdb/samdb.h"
+#include "dsdb/common/util.h"
#include "auth/auth.h"
#include "param/param.h"
#include "rpc_server/common/common.h"
if (samdb) {
ldb_set_opaque(
samdb,
- "networkSessionInfo",
+ DSDB_NETWORK_SESSION_INFO,
dce_call->conn->auth_state.session_info);
}
return samdb;