4 Copyright (C) Andrew Tridgell 2005
5 Copyright (C) Simo Sorce 2006-2008
6 Copyright (C) Matthias Dieter Wallnöfer 2009
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 handle operational attributes
27 createTimestamp: HIDDEN, searchable, ldaptime, alias for whenCreated
28 modifyTimestamp: HIDDEN, searchable, ldaptime, alias for whenChanged
30 for the above two, we do the search as normal, and if
31 createTimestamp or modifyTimestamp is asked for, then do
32 additional searches for whenCreated and whenChanged and fill in
35 we also need to replace these with the whenCreated/whenChanged
36 equivalent in the search expression trees
38 whenCreated: not-HIDDEN, CONSTRUCTED, SEARCHABLE
39 whenChanged: not-HIDDEN, CONSTRUCTED, SEARCHABLE
41 on init we need to setup attribute handlers for these so
42 comparisons are done correctly. The resolution is 1 second.
44 on add we need to add both the above, for current time
46 on modify we need to change whenChanged
48 structuralObjectClass: HIDDEN, CONSTRUCTED, not-searchable. always same as objectclass?
50 for this one we do the search as normal, then if requested ask
51 for objectclass, change the attribute name, and add it
53 primaryGroupToken: HIDDEN, CONSTRUCTED, SEARCHABLE
55 contains the RID of a certain group object
58 attributeTypes: in schema only
59 objectClasses: in schema only
60 matchingRules: in schema only
61 matchingRuleUse: in schema only
62 creatorsName: not supported by w2k3?
63 modifiersName: not supported by w2k3?
68 #include <ldb_module.h>
70 #include "librpc/gen_ndr/ndr_misc.h"
71 #include "librpc/gen_ndr/ndr_drsblobs.h"
72 #include "param/param.h"
73 #include "dsdb/samdb/samdb.h"
74 #include "dsdb/samdb/ldb_modules/util.h"
76 #include "auth/auth.h"
77 #include "libcli/security/security.h"
80 #define ARRAY_SIZE(a) (sizeof(a)/sizeof(a[0]))
83 struct operational_data {
84 struct ldb_dn *aggregate_dn;
88 construct a canonical name from a message
90 static int construct_canonical_name(struct ldb_module *module,
91 struct ldb_message *msg, enum ldb_scope scope)
94 canonicalName = ldb_dn_canonical_string(msg, msg->dn);
95 if (canonicalName == NULL) {
96 return ldb_operr(ldb_module_get_ctx(module));
98 return ldb_msg_add_steal_string(msg, "canonicalName", canonicalName);
102 construct a primary group token for groups from a message
104 static int construct_primary_group_token(struct ldb_module *module,
105 struct ldb_message *msg, enum ldb_scope scope)
107 struct ldb_context *ldb;
108 uint32_t primary_group_token;
110 ldb = ldb_module_get_ctx(module);
111 if (ldb_match_msg_objectclass(msg, "group") == 1) {
113 = samdb_result_rid_from_sid(msg, msg, "objectSid", 0);
114 if (primary_group_token == 0) {
118 return samdb_msg_add_int(ldb, msg, msg, "primaryGroupToken",
119 primary_group_token);
126 construct the token groups for SAM objects from a message
128 static int construct_token_groups(struct ldb_module *module,
129 struct ldb_message *msg, enum ldb_scope scope)
131 struct ldb_context *ldb = ldb_module_get_ctx(module);;
132 struct auth_context *auth_context;
133 struct auth_serversupplied_info *server_info;
134 struct auth_session_info *session_info;
135 TALLOC_CTX *tmp_ctx = talloc_new(msg);
141 if (scope != LDB_SCOPE_BASE) {
142 ldb_set_errstring(ldb, "Cannot provide tokenGroups attribute, this is not a BASE search");
143 return LDB_ERR_OPERATIONS_ERROR;
146 status = auth_context_create_from_ldb(tmp_ctx, ldb, &auth_context);
147 if (NT_STATUS_EQUAL(status, NT_STATUS_NO_MEMORY)) {
148 talloc_free(tmp_ctx);
149 return ldb_module_oom(module);
150 } else if (!NT_STATUS_IS_OK(status)) {
151 ldb_set_errstring(ldb, "Cannot provide tokenGroups attribute, could not create authContext");
152 talloc_free(tmp_ctx);
153 return LDB_ERR_OPERATIONS_ERROR;
156 status = auth_get_server_info_principal(tmp_ctx, auth_context, NULL, msg->dn, &server_info);
157 if (NT_STATUS_EQUAL(status, NT_STATUS_NO_MEMORY)) {
158 talloc_free(tmp_ctx);
159 return ldb_module_oom(module);
160 } else if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)) {
161 /* Not a user, we have no tokenGroups */
162 talloc_free(tmp_ctx);
164 } else if (!NT_STATUS_IS_OK(status)) {
165 talloc_free(tmp_ctx);
166 ldb_asprintf_errstring(ldb, "Cannot provide tokenGroups attribute: auth_get_server_info_principal failed: %s", nt_errstr(status));
167 return LDB_ERR_OPERATIONS_ERROR;
170 status = auth_generate_session_info(tmp_ctx, auth_context->lp_ctx, ldb, server_info, 0, &session_info);
171 if (NT_STATUS_EQUAL(status, NT_STATUS_NO_MEMORY)) {
172 talloc_free(tmp_ctx);
173 return ldb_module_oom(module);
174 } else if (!NT_STATUS_IS_OK(status)) {
175 talloc_free(tmp_ctx);
176 ldb_asprintf_errstring(ldb, "Cannot provide tokenGroups attribute: auth_generate_session_info failed: %s", nt_errstr(status));
177 return LDB_ERR_OPERATIONS_ERROR;
180 /* We start at 1, as the first SID is the user's SID, not included in the tokenGroups */
181 for (i = 1; i < session_info->security_token->num_sids; i++) {
182 ret = samdb_msg_add_dom_sid(ldb, msg, msg,
184 &session_info->security_token->sids[i]);
185 if (ret != LDB_SUCCESS) {
186 talloc_free(tmp_ctx);
195 construct the parent GUID for an entry from a message
197 static int construct_parent_guid(struct ldb_module *module,
198 struct ldb_message *msg, enum ldb_scope scope)
200 struct ldb_result *res, *parent_res;
201 const struct ldb_val *parent_guid;
202 const char *attrs[] = { "instanceType", NULL };
203 const char *attrs2[] = { "objectGUID", NULL };
204 uint32_t instanceType;
206 struct ldb_dn *parent_dn;
209 /* determine if the object is NC by instance type */
210 ret = dsdb_module_search_dn(module, msg, &res, msg->dn, attrs,
211 DSDB_FLAG_NEXT_MODULE |
212 DSDB_SEARCH_SHOW_RECYCLED);
214 instanceType = ldb_msg_find_attr_as_uint(res->msgs[0],
217 if (instanceType & INSTANCE_TYPE_IS_NC_HEAD) {
218 DEBUG(4,(__location__ ": Object %s is NC\n",
219 ldb_dn_get_linearized(msg->dn)));
222 parent_dn = ldb_dn_get_parent(msg, msg->dn);
224 if (parent_dn == NULL) {
225 DEBUG(4,(__location__ ": Failed to find parent for dn %s\n",
226 ldb_dn_get_linearized(msg->dn)));
229 ret = dsdb_module_search_dn(module, msg, &parent_res, parent_dn, attrs2,
230 DSDB_FLAG_NEXT_MODULE |
231 DSDB_SEARCH_SHOW_RECYCLED);
232 talloc_free(parent_dn);
234 /* not NC, so the object should have a parent*/
235 if (ret == LDB_ERR_NO_SUCH_OBJECT) {
236 DEBUG(4,(__location__ ": Parent dn for %s does not exist \n",
237 ldb_dn_get_linearized(msg->dn)));
238 return ldb_operr(ldb_module_get_ctx(module));
239 } else if (ret != LDB_SUCCESS) {
243 parent_guid = ldb_msg_find_ldb_val(parent_res->msgs[0], "objectGUID");
245 talloc_free(parent_res);
249 v = data_blob_dup_talloc(parent_res, parent_guid);
251 talloc_free(parent_res);
252 return ldb_oom(ldb_module_get_ctx(module));
254 ret = ldb_msg_add_steal_value(msg, "parentGUID", &v);
255 talloc_free(parent_res);
260 construct a subSchemaSubEntry
262 static int construct_subschema_subentry(struct ldb_module *module,
263 struct ldb_message *msg, enum ldb_scope scope)
265 struct operational_data *data = talloc_get_type(ldb_module_get_private(module), struct operational_data);
266 char *subSchemaSubEntry;
268 /* We may be being called before the init function has finished */
273 /* Try and set this value up, if possible. Don't worry if it
274 * fails, we may not have the DB set up yet, and it's not
275 * really vital anyway */
276 if (!data->aggregate_dn) {
277 struct ldb_context *ldb = ldb_module_get_ctx(module);
278 data->aggregate_dn = samdb_aggregate_schema_dn(ldb, data);
281 if (data->aggregate_dn) {
282 subSchemaSubEntry = ldb_dn_alloc_linearized(msg, data->aggregate_dn);
283 return ldb_msg_add_steal_string(msg, "subSchemaSubEntry", subSchemaSubEntry);
289 static int construct_msds_isrodc_with_dn(struct ldb_module *module,
290 struct ldb_message *msg,
291 struct ldb_message_element *object_category)
293 struct ldb_context *ldb;
295 const struct ldb_val *val;
297 ldb = ldb_module_get_ctx(module);
299 DEBUG(4, (__location__ ": Failed to get ldb \n"));
300 return ldb_operr(ldb);
303 dn = ldb_dn_new(msg, ldb, (const char *)object_category->values[0].data);
305 DEBUG(4, (__location__ ": Failed to create dn from %s \n",
306 (const char *)object_category->values[0].data));
307 return ldb_operr(ldb);
310 val = ldb_dn_get_rdn_val(dn);
312 DEBUG(4, (__location__ ": Failed to get rdn val from %s \n",
313 ldb_dn_get_linearized(dn)));
314 return ldb_operr(ldb);
317 if (strequal((const char *)val->data, "NTDS-DSA")) {
318 ldb_msg_add_string(msg, "msDS-isRODC", "FALSE");
320 ldb_msg_add_string(msg, "msDS-isRODC", "TRUE");
325 static int construct_msds_isrodc_with_server_dn(struct ldb_module *module,
326 struct ldb_message *msg,
329 struct ldb_dn *server_dn;
330 const char *attr_obj_cat[] = { "objectCategory", NULL };
331 struct ldb_result *res;
332 struct ldb_message_element *object_category;
335 server_dn = ldb_dn_copy(msg, dn);
336 if (!ldb_dn_add_child_fmt(server_dn, "CN=NTDS Settings")) {
337 DEBUG(4, (__location__ ": Failed to add child to %s \n",
338 ldb_dn_get_linearized(server_dn)));
339 return ldb_operr(ldb_module_get_ctx(module));
342 ret = dsdb_module_search_dn(module, msg, &res, server_dn, attr_obj_cat,
343 DSDB_FLAG_NEXT_MODULE);
344 if (ret == LDB_ERR_NO_SUCH_OBJECT) {
345 DEBUG(4,(__location__ ": Can't get objectCategory for %s \n",
346 ldb_dn_get_linearized(server_dn)));
348 } else if (ret != LDB_SUCCESS) {
352 object_category = ldb_msg_find_element(res->msgs[0], "objectCategory");
353 if (!object_category) {
354 DEBUG(4,(__location__ ": Can't find objectCategory for %s \n",
355 ldb_dn_get_linearized(res->msgs[0]->dn)));
358 return construct_msds_isrodc_with_dn(module, msg, object_category);
361 static int construct_msds_isrodc_with_computer_dn(struct ldb_module *module,
362 struct ldb_message *msg)
364 struct ldb_context *ldb;
365 const char *attr[] = { "serverReferenceBL", NULL };
366 struct ldb_result *res;
368 struct ldb_dn *server_dn;
370 ret = dsdb_module_search_dn(module, msg, &res, msg->dn, attr,
371 DSDB_FLAG_NEXT_MODULE);
372 if (ret == LDB_ERR_NO_SUCH_OBJECT) {
373 DEBUG(4,(__location__ ": Can't get serverReferenceBL for %s \n",
374 ldb_dn_get_linearized(msg->dn)));
376 } else if (ret != LDB_SUCCESS) {
380 ldb = ldb_module_get_ctx(module);
385 server_dn = ldb_msg_find_attr_as_dn(ldb, msg, res->msgs[0], "serverReferenceBL");
387 DEBUG(4,(__location__ ": Can't find serverReferenceBL for %s \n",
388 ldb_dn_get_linearized(res->msgs[0]->dn)));
391 return construct_msds_isrodc_with_server_dn(module, msg, server_dn);
395 construct msDS-isRODC attr
397 static int construct_msds_isrodc(struct ldb_module *module,
398 struct ldb_message *msg, enum ldb_scope scope)
400 struct ldb_message_element * object_class;
401 struct ldb_message_element * object_category;
404 object_class = ldb_msg_find_element(msg, "objectClass");
406 DEBUG(4,(__location__ ": Can't get objectClass for %s \n",
407 ldb_dn_get_linearized(msg->dn)));
408 return ldb_operr(ldb_module_get_ctx(module));
411 for (i=0; i<object_class->num_values; i++) {
412 if (strequal((const char*)object_class->values[i].data, "nTDSDSA")) {
413 /* If TO!objectCategory equals the DN of the classSchema object for the nTDSDSA
414 * object class, then TO!msDS-isRODC is false. Otherwise, TO!msDS-isRODC is true.
416 object_category = ldb_msg_find_element(msg, "objectCategory");
417 if (!object_category) {
418 DEBUG(4,(__location__ ": Can't get objectCategory for %s \n",
419 ldb_dn_get_linearized(msg->dn)));
422 return construct_msds_isrodc_with_dn(module, msg, object_category);
424 if (strequal((const char*)object_class->values[i].data, "server")) {
425 /* Let TN be the nTDSDSA object whose DN is "CN=NTDS Settings," prepended to
426 * the DN of TO. Apply the previous rule for the "TO is an nTDSDSA object" case,
427 * substituting TN for TO.
429 return construct_msds_isrodc_with_server_dn(module, msg, msg->dn);
431 if (strequal((const char*)object_class->values[i].data, "computer")) {
432 /* Let TS be the server object named by TO!serverReferenceBL. Apply the previous
433 * rule for the "TO is a server object" case, substituting TS for TO.
435 return construct_msds_isrodc_with_computer_dn(module, msg);
444 construct msDS-keyVersionNumber attr
446 TODO: Make this based on the 'win2k' DS huristics bit...
449 static int construct_msds_keyversionnumber(struct ldb_module *module,
450 struct ldb_message *msg,
451 enum ldb_scope scope)
454 enum ndr_err_code ndr_err;
455 const struct ldb_val *omd_value;
456 struct replPropertyMetaDataBlob *omd;
459 omd_value = ldb_msg_find_ldb_val(msg, "replPropertyMetaData");
461 /* We can't make up a key version number without meta data */
468 omd = talloc(msg, struct replPropertyMetaDataBlob);
470 ldb_module_oom(module);
474 ndr_err = ndr_pull_struct_blob(omd_value, omd, omd,
475 (ndr_pull_flags_fn_t)ndr_pull_replPropertyMetaDataBlob);
476 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
477 DEBUG(0,(__location__ ": Failed to parse replPropertyMetaData for %s when trying to add msDS-KeyVersionNumber\n",
478 ldb_dn_get_linearized(msg->dn)));
479 return ldb_operr(ldb_module_get_ctx(module));
482 if (omd->version != 1) {
483 DEBUG(0,(__location__ ": bad version %u in replPropertyMetaData for %s when trying to add msDS-KeyVersionNumber\n",
484 omd->version, ldb_dn_get_linearized(msg->dn)));
488 for (i=0; i<omd->ctr.ctr1.count; i++) {
489 if (omd->ctr.ctr1.array[i].attid == DRSUAPI_ATTID_unicodePwd) {
490 ret = samdb_msg_add_uint(ldb_module_get_ctx(module),
492 "msDS-KeyVersionNumber",
493 omd->ctr.ctr1.array[i].version);
494 if (ret != LDB_SUCCESS) {
505 struct op_controls_flags {
507 bool bypassoperational;
510 static bool check_keep_control_for_attribute(struct op_controls_flags* controls_flags, const char* attr) {
511 if (ldb_attr_cmp(attr, "msDS-KeyVersionNumber") == 0 && controls_flags->bypassoperational) {
518 a list of attribute names that should be substituted in the parse
519 tree before the search is done
521 static const struct {
524 } parse_tree_sub[] = {
525 { "createTimestamp", "whenCreated" },
526 { "modifyTimestamp", "whenChanged" }
531 a list of attribute names that are hidden, but can be searched for
532 using another (non-hidden) name to produce the correct result
534 static const struct {
537 const char *extra_attr;
538 int (*constructor)(struct ldb_module *, struct ldb_message *, enum ldb_scope);
540 { "createTimestamp", "whenCreated", NULL , NULL },
541 { "modifyTimestamp", "whenChanged", NULL , NULL },
542 { "structuralObjectClass", NULL, NULL , NULL },
543 { "canonicalName", NULL, NULL , construct_canonical_name },
544 { "primaryGroupToken", "objectClass", "objectSid", construct_primary_group_token },
545 { "tokenGroups", "objectClass", NULL, construct_token_groups },
546 { "parentGUID", NULL, NULL, construct_parent_guid },
547 { "subSchemaSubEntry", NULL, NULL, construct_subschema_subentry },
548 { "msDS-isRODC", "objectClass", "objectCategory", construct_msds_isrodc },
549 { "msDS-KeyVersionNumber", "replPropertyMetaData", NULL, construct_msds_keyversionnumber }
554 OPERATIONAL_REMOVE_ALWAYS, /* remove always */
555 OPERATIONAL_REMOVE_UNASKED,/* remove if not requested */
556 OPERATIONAL_SD_FLAGS, /* show if SD_FLAGS_OID set, or asked for */
557 OPERATIONAL_REMOVE_UNLESS_CONTROL /* remove always unless an adhoc control has been specified */
561 a list of attributes that may need to be removed from the
564 Some of these are attributes that were once stored, but are now calculated
566 static const struct {
569 } operational_remove[] = {
570 { "nTSecurityDescriptor", OPERATIONAL_SD_FLAGS },
571 { "msDS-KeyVersionNumber", OPERATIONAL_REMOVE_UNLESS_CONTROL },
572 { "parentGUID", OPERATIONAL_REMOVE_ALWAYS },
573 { "replPropertyMetaData", OPERATIONAL_REMOVE_UNASKED },
574 #define _SEP ,OPERATIONAL_REMOVE_UNASKED},{
575 { DSDB_SECRET_ATTRIBUTES_EX(_SEP), OPERATIONAL_REMOVE_UNASKED }
580 post process a search result record. For any search_sub[] attributes that were
581 asked for, we need to call the appropriate copy routine to copy the result
582 into the message, then remove any attributes that we added to the search but
583 were not asked for by the user
585 static int operational_search_post_process(struct ldb_module *module,
586 struct ldb_message *msg,
587 enum ldb_scope scope,
588 const char * const *attrs_from_user,
589 const char * const *attrs_searched_for,
590 struct op_controls_flags* controls_flags)
592 struct ldb_context *ldb;
593 unsigned int i, a = 0;
594 bool constructed_attributes = false;
596 ldb = ldb_module_get_ctx(module);
598 /* removed any attrs that should not be shown to the user */
599 for (i=0; i<ARRAY_SIZE(operational_remove); i++) {
600 switch (operational_remove[i].op) {
601 case OPERATIONAL_REMOVE_UNASKED:
602 if (ldb_attr_in_list(attrs_from_user, operational_remove[i].attr)) {
605 if (ldb_attr_in_list(attrs_searched_for, operational_remove[i].attr)) {
608 case OPERATIONAL_REMOVE_ALWAYS:
609 ldb_msg_remove_attr(msg, operational_remove[i].attr);
611 case OPERATIONAL_REMOVE_UNLESS_CONTROL:
612 if (!check_keep_control_for_attribute(controls_flags, operational_remove[i].attr)) {
613 ldb_msg_remove_attr(msg, operational_remove[i].attr);
618 case OPERATIONAL_SD_FLAGS:
619 if (controls_flags->sd ||
620 ldb_attr_in_list(attrs_from_user, operational_remove[i].attr)) {
623 ldb_msg_remove_attr(msg, operational_remove[i].attr);
628 for (a=0;attrs_from_user && attrs_from_user[a];a++) {
629 if (check_keep_control_for_attribute(controls_flags, attrs_from_user[a])) {
632 for (i=0;i<ARRAY_SIZE(search_sub);i++) {
633 if (ldb_attr_cmp(attrs_from_user[a], search_sub[i].attr) != 0) {
637 /* construct the new attribute, using either a supplied
638 constructor or a simple copy */
639 constructed_attributes = true;
640 if (search_sub[i].constructor != NULL) {
641 if (search_sub[i].constructor(module, msg, scope) != LDB_SUCCESS) {
644 } else if (ldb_msg_copy_attr(msg,
646 search_sub[i].replace) != LDB_SUCCESS) {
652 /* Deletion of the search helper attributes are needed if:
653 * - we generated constructed attributes and
654 * - we aren't requesting all attributes
656 if ((constructed_attributes) && (!ldb_attr_in_list(attrs_from_user, "*"))) {
657 for (i=0;i<ARRAY_SIZE(search_sub);i++) {
658 /* remove the added search helper attributes, unless
659 * they were asked for by the user */
660 if (search_sub[i].replace != NULL &&
661 !ldb_attr_in_list(attrs_from_user, search_sub[i].replace)) {
662 ldb_msg_remove_attr(msg, search_sub[i].replace);
664 if (search_sub[i].extra_attr != NULL &&
665 !ldb_attr_in_list(attrs_from_user, search_sub[i].extra_attr)) {
666 ldb_msg_remove_attr(msg, search_sub[i].extra_attr);
674 ldb_debug_set(ldb, LDB_DEBUG_WARNING,
675 "operational_search_post_process failed for attribute '%s' - %s",
676 attrs_from_user[a], ldb_errstring(ldb));
681 hook search operations
684 struct operational_context {
685 struct ldb_module *module;
686 struct ldb_request *req;
687 enum ldb_scope scope;
688 const char * const *attrs;
689 struct op_controls_flags* controls_flags;
692 static int operational_callback(struct ldb_request *req, struct ldb_reply *ares)
694 struct operational_context *ac;
697 ac = talloc_get_type(req->context, struct operational_context);
700 return ldb_module_done(ac->req, NULL, NULL,
701 LDB_ERR_OPERATIONS_ERROR);
703 if (ares->error != LDB_SUCCESS) {
704 return ldb_module_done(ac->req, ares->controls,
705 ares->response, ares->error);
708 switch (ares->type) {
709 case LDB_REPLY_ENTRY:
710 /* for each record returned post-process to add any derived
711 attributes that have been asked for */
712 ret = operational_search_post_process(ac->module,
716 req->op.search.attrs,
719 return ldb_module_done(ac->req, NULL, NULL,
720 LDB_ERR_OPERATIONS_ERROR);
722 return ldb_module_send_entry(ac->req, ares->message, ares->controls);
724 case LDB_REPLY_REFERRAL:
725 return ldb_module_send_referral(ac->req, ares->referral);
729 return ldb_module_done(ac->req, ares->controls,
730 ares->response, LDB_SUCCESS);
737 static int operational_search(struct ldb_module *module, struct ldb_request *req)
739 struct ldb_context *ldb;
740 struct operational_context *ac;
741 struct ldb_request *down_req;
742 const char **search_attrs = NULL;
746 /* There are no operational attributes on special DNs */
747 if (ldb_dn_is_special(req->op.search.base)) {
748 return ldb_next_request(module, req);
751 ldb = ldb_module_get_ctx(module);
753 ac = talloc(req, struct operational_context);
760 ac->scope = req->op.search.scope;
761 ac->attrs = req->op.search.attrs;
763 /* FIXME: We must copy the tree and keep the original
765 /* replace any attributes in the parse tree that are
766 searchable, but are stored using a different name in the
768 for (i=0;i<ARRAY_SIZE(parse_tree_sub);i++) {
769 ldb_parse_tree_attr_replace(req->op.search.tree,
770 parse_tree_sub[i].attr,
771 parse_tree_sub[i].replace);
774 ac->controls_flags = talloc(ac, struct op_controls_flags);
775 /* remember if the SD_FLAGS_OID was set */
776 ac->controls_flags->sd = (ldb_request_get_control(req, LDB_CONTROL_SD_FLAGS_OID) != NULL);
777 /* remember if the LDB_CONTROL_BYPASS_OPERATIONAL_OID */
778 ac->controls_flags->bypassoperational =
779 (ldb_request_get_control(req, LDB_CONTROL_BYPASS_OPERATIONAL_OID) != NULL);
781 /* in the list of attributes we are looking for, rename any
782 attributes to the alias for any hidden attributes that can
783 be fetched directly using non-hidden names */
784 for (a=0;ac->attrs && ac->attrs[a];a++) {
785 if (check_keep_control_for_attribute(ac->controls_flags, ac->attrs[a])) {
788 for (i=0;i<ARRAY_SIZE(search_sub);i++) {
789 if (ldb_attr_cmp(ac->attrs[a], search_sub[i].attr) == 0 &&
790 search_sub[i].replace) {
792 if (search_sub[i].extra_attr) {
793 const char **search_attrs2;
794 /* Only adds to the end of the list */
795 search_attrs2 = ldb_attr_list_copy_add(req, search_attrs
798 search_sub[i].extra_attr);
799 if (search_attrs2 == NULL) {
800 return ldb_operr(ldb);
802 /* may be NULL, talloc_free() doesn't mind */
803 talloc_free(search_attrs);
804 search_attrs = search_attrs2;
808 search_attrs = ldb_attr_list_copy(req, ac->attrs);
809 if (search_attrs == NULL) {
810 return ldb_operr(ldb);
813 /* Despite the ldb_attr_list_copy_add, this is safe as that fn only adds to the end */
814 search_attrs[a] = search_sub[i].replace;
819 ret = ldb_build_search_req_ex(&down_req, ldb, ac,
821 req->op.search.scope,
823 /* use new set of attrs if any */
824 search_attrs == NULL?req->op.search.attrs:search_attrs,
826 ac, operational_callback,
828 LDB_REQ_SET_LOCATION(down_req);
829 if (ret != LDB_SUCCESS) {
830 return ldb_operr(ldb);
833 /* perform the search */
834 return ldb_next_request(module, down_req);
837 static int operational_init(struct ldb_module *ctx)
839 struct operational_data *data;
843 ret = ldb_next_init(ctx);
845 if (ret != LDB_SUCCESS) {
849 data = talloc_zero(ctx, struct operational_data);
851 return ldb_module_oom(ctx);
854 ldb_module_set_private(ctx, data);
859 static const struct ldb_module_ops ldb_operational_module_ops = {
860 .name = "operational",
861 .search = operational_search,
862 .init_context = operational_init
865 int ldb_operational_module_init(const char *version)
867 LDB_MODULE_CHECK_VERSION(version);
868 return ldb_register_module(&ldb_operational_module_ops);
git.samba.org / samba.git / blob