2 Unix SMB/CIFS implementation.
3 Samba utility functions
5 Copyright (C) Andrew Tridgell 2009
6 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2009
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #include "ldb_module.h"
25 #include "librpc/ndr/libndr.h"
26 #include "dsdb/samdb/ldb_modules/util.h"
27 #include "dsdb/samdb/samdb.h"
29 #include "libcli/security/security.h"
30 #include "libcli/security/session.h"
33 search for attrs on one DN, in the modules below
35 int dsdb_module_search_dn(struct ldb_module *module,
37 struct ldb_result **_res,
38 struct ldb_dn *basedn,
39 const char * const *attrs,
43 struct ldb_request *req;
45 struct ldb_result *res;
47 tmp_ctx = talloc_new(mem_ctx);
49 res = talloc_zero(tmp_ctx, struct ldb_result);
52 return ldb_oom(ldb_module_get_ctx(module));
55 ret = ldb_build_search_req(&req, ldb_module_get_ctx(module), tmp_ctx,
62 ldb_search_default_callback,
64 LDB_REQ_SET_LOCATION(req);
65 if (ret != LDB_SUCCESS) {
70 ret = dsdb_request_add_controls(req, dsdb_flags);
71 if (ret != LDB_SUCCESS) {
76 /* Run the new request */
77 if (dsdb_flags & DSDB_FLAG_NEXT_MODULE) {
78 ret = ldb_next_request(module, req);
79 } else if (dsdb_flags & DSDB_FLAG_TOP_MODULE) {
80 ret = ldb_request(ldb_module_get_ctx(module), req);
82 const struct ldb_module_ops *ops = ldb_module_get_ops(module);
83 SMB_ASSERT(dsdb_flags & DSDB_FLAG_OWN_MODULE);
84 ret = ops->search(module, req);
86 if (ret == LDB_SUCCESS) {
87 ret = ldb_wait(req->handle, LDB_WAIT_ALL);
90 if (ret != LDB_SUCCESS) {
95 if (res->count != 1) {
96 /* we may be reading a DB that does not have the 'check base on search' option... */
97 ret = LDB_ERR_NO_SUCH_OBJECT;
98 ldb_asprintf_errstring(ldb_module_get_ctx(module),
99 "dsdb_module_search_dn: did not find base dn %s (%d results)",
100 ldb_dn_get_linearized(basedn), res->count);
102 *_res = talloc_steal(mem_ctx, res);
104 talloc_free(tmp_ctx);
109 search for attrs in the modules below
111 int dsdb_module_search(struct ldb_module *module,
113 struct ldb_result **_res,
114 struct ldb_dn *basedn, enum ldb_scope scope,
115 const char * const *attrs,
117 const char *format, ...) _PRINTF_ATTRIBUTE(8, 9)
120 struct ldb_request *req;
122 struct ldb_result *res;
126 tmp_ctx = talloc_new(mem_ctx);
129 va_start(ap, format);
130 expression = talloc_vasprintf(tmp_ctx, format, ap);
134 talloc_free(tmp_ctx);
135 return ldb_oom(ldb_module_get_ctx(module));
141 res = talloc_zero(tmp_ctx, struct ldb_result);
143 talloc_free(tmp_ctx);
144 return ldb_oom(ldb_module_get_ctx(module));
147 ret = ldb_build_search_req(&req, ldb_module_get_ctx(module), tmp_ctx,
154 ldb_search_default_callback,
156 LDB_REQ_SET_LOCATION(req);
157 if (ret != LDB_SUCCESS) {
158 talloc_free(tmp_ctx);
162 ret = dsdb_request_add_controls(req, dsdb_flags);
163 if (ret != LDB_SUCCESS) {
164 talloc_free(tmp_ctx);
168 if (dsdb_flags & DSDB_FLAG_NEXT_MODULE) {
169 ret = ldb_next_request(module, req);
170 } else if (dsdb_flags & DSDB_FLAG_TOP_MODULE) {
171 ret = ldb_request(ldb_module_get_ctx(module), req);
173 const struct ldb_module_ops *ops = ldb_module_get_ops(module);
174 SMB_ASSERT(dsdb_flags & DSDB_FLAG_OWN_MODULE);
175 ret = ops->search(module, req);
177 if (ret == LDB_SUCCESS) {
178 ret = ldb_wait(req->handle, LDB_WAIT_ALL);
182 if (ret == LDB_SUCCESS) {
183 *_res = talloc_steal(mem_ctx, res);
185 talloc_free(tmp_ctx);
190 find a DN given a GUID. This searches across all partitions
192 int dsdb_module_dn_by_guid(struct ldb_module *module, TALLOC_CTX *mem_ctx,
193 const struct GUID *guid, struct ldb_dn **dn)
195 struct ldb_result *res;
196 const char *attrs[] = { NULL };
197 TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
200 ret = dsdb_module_search(module, tmp_ctx, &res, NULL, LDB_SCOPE_SUBTREE,
202 DSDB_FLAG_NEXT_MODULE |
203 DSDB_SEARCH_SHOW_RECYCLED |
204 DSDB_SEARCH_SEARCH_ALL_PARTITIONS |
205 DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT,
206 "objectGUID=%s", GUID_string(tmp_ctx, guid));
207 if (ret != LDB_SUCCESS) {
208 talloc_free(tmp_ctx);
211 if (res->count == 0) {
212 talloc_free(tmp_ctx);
213 return LDB_ERR_NO_SUCH_OBJECT;
215 if (res->count != 1) {
216 ldb_asprintf_errstring(ldb_module_get_ctx(module), "More than one object found matching objectGUID %s\n",
217 GUID_string(tmp_ctx, guid));
218 talloc_free(tmp_ctx);
219 return LDB_ERR_OPERATIONS_ERROR;
222 *dn = talloc_steal(mem_ctx, res->msgs[0]->dn);
224 talloc_free(tmp_ctx);
229 find a GUID given a DN.
231 int dsdb_module_guid_by_dn(struct ldb_module *module, struct ldb_dn *dn, struct GUID *guid)
233 const char *attrs[] = { NULL };
234 struct ldb_result *res;
235 TALLOC_CTX *tmp_ctx = talloc_new(module);
239 ret = dsdb_module_search_dn(module, tmp_ctx, &res, dn, attrs,
240 DSDB_FLAG_NEXT_MODULE |
241 DSDB_SEARCH_SHOW_RECYCLED |
242 DSDB_SEARCH_SHOW_EXTENDED_DN);
243 if (ret != LDB_SUCCESS) {
244 ldb_asprintf_errstring(ldb_module_get_ctx(module), "Failed to find GUID for %s",
245 ldb_dn_get_linearized(dn));
246 talloc_free(tmp_ctx);
250 status = dsdb_get_extended_dn_guid(res->msgs[0]->dn, guid, "GUID");
251 if (!NT_STATUS_IS_OK(status)) {
252 talloc_free(tmp_ctx);
253 return ldb_operr(ldb_module_get_ctx(module));
256 talloc_free(tmp_ctx);
261 a ldb_modify request operating on modules below the
264 int dsdb_module_modify(struct ldb_module *module,
265 const struct ldb_message *message,
268 struct ldb_request *mod_req;
270 struct ldb_context *ldb = ldb_module_get_ctx(module);
271 TALLOC_CTX *tmp_ctx = talloc_new(module);
272 struct ldb_result *res;
274 res = talloc_zero(tmp_ctx, struct ldb_result);
276 talloc_free(tmp_ctx);
277 return ldb_oom(ldb_module_get_ctx(module));
280 ret = ldb_build_mod_req(&mod_req, ldb, tmp_ctx,
284 ldb_modify_default_callback,
286 LDB_REQ_SET_LOCATION(mod_req);
287 if (ret != LDB_SUCCESS) {
288 talloc_free(tmp_ctx);
292 ret = dsdb_request_add_controls(mod_req, dsdb_flags);
293 if (ret != LDB_SUCCESS) {
294 talloc_free(tmp_ctx);
298 /* Run the new request */
299 if (dsdb_flags & DSDB_FLAG_NEXT_MODULE) {
300 ret = ldb_next_request(module, mod_req);
301 } else if (dsdb_flags & DSDB_FLAG_TOP_MODULE) {
302 ret = ldb_request(ldb_module_get_ctx(module), mod_req);
304 const struct ldb_module_ops *ops = ldb_module_get_ops(module);
305 SMB_ASSERT(dsdb_flags & DSDB_FLAG_OWN_MODULE);
306 ret = ops->modify(module, mod_req);
308 if (ret == LDB_SUCCESS) {
309 ret = ldb_wait(mod_req->handle, LDB_WAIT_ALL);
312 talloc_free(tmp_ctx);
319 a ldb_rename request operating on modules below the
322 int dsdb_module_rename(struct ldb_module *module,
323 struct ldb_dn *olddn, struct ldb_dn *newdn,
326 struct ldb_request *req;
328 struct ldb_context *ldb = ldb_module_get_ctx(module);
329 TALLOC_CTX *tmp_ctx = talloc_new(module);
330 struct ldb_result *res;
332 res = talloc_zero(tmp_ctx, struct ldb_result);
334 talloc_free(tmp_ctx);
335 return ldb_oom(ldb_module_get_ctx(module));
338 ret = ldb_build_rename_req(&req, ldb, tmp_ctx,
343 ldb_modify_default_callback,
345 LDB_REQ_SET_LOCATION(req);
346 if (ret != LDB_SUCCESS) {
347 talloc_free(tmp_ctx);
351 ret = dsdb_request_add_controls(req, dsdb_flags);
352 if (ret != LDB_SUCCESS) {
353 talloc_free(tmp_ctx);
357 /* Run the new request */
358 if (dsdb_flags & DSDB_FLAG_NEXT_MODULE) {
359 ret = ldb_next_request(module, req);
360 } else if (dsdb_flags & DSDB_FLAG_TOP_MODULE) {
361 ret = ldb_request(ldb_module_get_ctx(module), req);
363 const struct ldb_module_ops *ops = ldb_module_get_ops(module);
364 SMB_ASSERT(dsdb_flags & DSDB_FLAG_OWN_MODULE);
365 ret = ops->rename(module, req);
367 if (ret == LDB_SUCCESS) {
368 ret = ldb_wait(req->handle, LDB_WAIT_ALL);
371 talloc_free(tmp_ctx);
376 a ldb_add request operating on modules below the
379 int dsdb_module_add(struct ldb_module *module,
380 const struct ldb_message *message,
383 struct ldb_request *req;
385 struct ldb_context *ldb = ldb_module_get_ctx(module);
386 TALLOC_CTX *tmp_ctx = talloc_new(module);
387 struct ldb_result *res;
389 res = talloc_zero(tmp_ctx, struct ldb_result);
391 talloc_free(tmp_ctx);
392 return ldb_oom(ldb_module_get_ctx(module));
395 ret = ldb_build_add_req(&req, ldb, tmp_ctx,
399 ldb_modify_default_callback,
401 LDB_REQ_SET_LOCATION(req);
402 if (ret != LDB_SUCCESS) {
403 talloc_free(tmp_ctx);
407 ret = dsdb_request_add_controls(req, dsdb_flags);
408 if (ret != LDB_SUCCESS) {
409 talloc_free(tmp_ctx);
413 /* Run the new request */
414 if (dsdb_flags & DSDB_FLAG_NEXT_MODULE) {
415 ret = ldb_next_request(module, req);
416 } else if (dsdb_flags & DSDB_FLAG_TOP_MODULE) {
417 ret = ldb_request(ldb_module_get_ctx(module), req);
419 const struct ldb_module_ops *ops = ldb_module_get_ops(module);
420 SMB_ASSERT(dsdb_flags & DSDB_FLAG_OWN_MODULE);
421 ret = ops->add(module, req);
423 if (ret == LDB_SUCCESS) {
424 ret = ldb_wait(req->handle, LDB_WAIT_ALL);
427 talloc_free(tmp_ctx);
432 a ldb_delete request operating on modules below the
435 int dsdb_module_del(struct ldb_module *module,
439 struct ldb_request *req;
441 struct ldb_context *ldb = ldb_module_get_ctx(module);
442 TALLOC_CTX *tmp_ctx = talloc_new(module);
443 struct ldb_result *res;
445 res = talloc_zero(tmp_ctx, struct ldb_result);
447 talloc_free(tmp_ctx);
451 ret = ldb_build_del_req(&req, ldb, tmp_ctx,
455 ldb_modify_default_callback,
457 LDB_REQ_SET_LOCATION(req);
458 if (ret != LDB_SUCCESS) {
459 talloc_free(tmp_ctx);
463 ret = dsdb_request_add_controls(req, dsdb_flags);
464 if (ret != LDB_SUCCESS) {
465 talloc_free(tmp_ctx);
469 /* Run the new request */
470 if (dsdb_flags & DSDB_FLAG_NEXT_MODULE) {
471 ret = ldb_next_request(module, req);
472 } else if (dsdb_flags & DSDB_FLAG_TOP_MODULE) {
473 ret = ldb_request(ldb_module_get_ctx(module), req);
475 const struct ldb_module_ops *ops = ldb_module_get_ops(module);
476 SMB_ASSERT(dsdb_flags & DSDB_FLAG_OWN_MODULE);
477 ret = ops->del(module, req);
479 if (ret == LDB_SUCCESS) {
480 ret = ldb_wait(req->handle, LDB_WAIT_ALL);
483 talloc_free(tmp_ctx);
488 check if a single valued link has multiple non-deleted values
490 This is needed when we will be using the RELAX control to stop
491 ldb_tdb from checking single valued links
493 int dsdb_check_single_valued_link(const struct dsdb_attribute *attr,
494 const struct ldb_message_element *el)
496 bool found_active = false;
499 if (!(attr->ldb_schema_attribute->flags & LDB_ATTR_FLAG_SINGLE_VALUE) ||
500 el->num_values < 2) {
504 for (i=0; i<el->num_values; i++) {
505 if (!dsdb_dn_is_deleted_val(&el->values[i])) {
507 return LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
516 int dsdb_check_optional_feature(struct ldb_module *module, struct ldb_dn *scope,
517 struct GUID op_feature_guid, bool *feature_enabled)
520 struct ldb_context *ldb = ldb_module_get_ctx(module);
521 struct ldb_result *res;
522 struct ldb_dn *search_dn;
523 struct GUID search_guid;
524 const char *attrs[] = {"msDS-EnabledFeature", NULL};
527 struct ldb_message_element *el;
529 *feature_enabled = false;
531 tmp_ctx = talloc_new(ldb);
533 ret = ldb_search(ldb, tmp_ctx, &res,
534 scope, LDB_SCOPE_BASE, attrs,
536 if (ret != LDB_SUCCESS) {
537 ldb_asprintf_errstring(ldb,
538 "Could no find the scope object - dn: %s\n",
539 ldb_dn_get_linearized(scope));
540 talloc_free(tmp_ctx);
541 return LDB_ERR_OPERATIONS_ERROR;
543 if (res->msgs[0]->num_elements > 0) {
545 el = ldb_msg_find_element(res->msgs[0],"msDS-EnabledFeature");
547 attrs[0] = "msDS-OptionalFeatureGUID";
549 for (i=0; i<el->num_values; i++) {
550 search_dn = ldb_dn_from_ldb_val(tmp_ctx, ldb, &el->values[i]);
552 ret = ldb_search(ldb, tmp_ctx, &res,
553 search_dn, LDB_SCOPE_BASE, attrs,
555 if (ret != LDB_SUCCESS) {
556 ldb_asprintf_errstring(ldb,
557 "Could no find object dn: %s\n",
558 ldb_dn_get_linearized(search_dn));
559 talloc_free(tmp_ctx);
560 return LDB_ERR_OPERATIONS_ERROR;
563 search_guid = samdb_result_guid(res->msgs[0], "msDS-OptionalFeatureGUID");
565 if (GUID_compare(&search_guid, &op_feature_guid) == 0){
566 *feature_enabled = true;
571 talloc_free(tmp_ctx);
576 find a 'reference' DN that points at another object
577 (eg. serverReference, rIDManagerReference etc)
579 int dsdb_module_reference_dn(struct ldb_module *module, TALLOC_CTX *mem_ctx, struct ldb_dn *base,
580 const char *attribute, struct ldb_dn **dn)
582 const char *attrs[2];
583 struct ldb_result *res;
586 attrs[0] = attribute;
589 ret = dsdb_module_search_dn(module, mem_ctx, &res, base, attrs,
590 DSDB_FLAG_NEXT_MODULE);
591 if (ret != LDB_SUCCESS) {
595 *dn = ldb_msg_find_attr_as_dn(ldb_module_get_ctx(module),
596 mem_ctx, res->msgs[0], attribute);
598 ldb_reset_err_string(ldb_module_get_ctx(module));
600 return LDB_ERR_NO_SUCH_ATTRIBUTE;
608 find the RID Manager$ DN via the rIDManagerReference attribute in the
611 int dsdb_module_rid_manager_dn(struct ldb_module *module, TALLOC_CTX *mem_ctx, struct ldb_dn **dn)
613 return dsdb_module_reference_dn(module, mem_ctx,
614 ldb_get_default_basedn(ldb_module_get_ctx(module)),
615 "rIDManagerReference", dn);
619 used to chain to the callers callback
621 int dsdb_next_callback(struct ldb_request *req, struct ldb_reply *ares)
623 struct ldb_request *up_req = talloc_get_type(req->context, struct ldb_request);
625 talloc_steal(up_req, req);
626 return up_req->callback(up_req, ares);
630 load the uSNHighest and the uSNUrgent attributes from the @REPLCHANGED
631 object for a partition
633 int dsdb_module_load_partition_usn(struct ldb_module *module, struct ldb_dn *dn,
634 uint64_t *uSN, uint64_t *urgent_uSN)
636 struct ldb_context *ldb = ldb_module_get_ctx(module);
637 struct ldb_request *req;
639 TALLOC_CTX *tmp_ctx = talloc_new(module);
640 struct dsdb_control_current_partition *p_ctrl;
641 struct ldb_result *res;
643 res = talloc_zero(tmp_ctx, struct ldb_result);
645 talloc_free(tmp_ctx);
646 return ldb_module_oom(module);
649 ret = ldb_build_search_req(&req, ldb, tmp_ctx,
650 ldb_dn_new(tmp_ctx, ldb, "@REPLCHANGED"),
654 res, ldb_search_default_callback,
656 LDB_REQ_SET_LOCATION(req);
657 if (ret != LDB_SUCCESS) {
658 talloc_free(tmp_ctx);
662 p_ctrl = talloc(req, struct dsdb_control_current_partition);
663 if (p_ctrl == NULL) {
664 talloc_free(tmp_ctx);
665 return ldb_module_oom(module);
667 p_ctrl->version = DSDB_CONTROL_CURRENT_PARTITION_VERSION;
671 ret = ldb_request_add_control(req,
672 DSDB_CONTROL_CURRENT_PARTITION_OID,
674 if (ret != LDB_SUCCESS) {
675 talloc_free(tmp_ctx);
679 /* Run the new request */
680 ret = ldb_next_request(module, req);
682 if (ret == LDB_SUCCESS) {
683 ret = ldb_wait(req->handle, LDB_WAIT_ALL);
686 if (ret == LDB_ERR_NO_SUCH_OBJECT || ret == LDB_ERR_INVALID_DN_SYNTAX) {
687 /* it hasn't been created yet, which means
688 an implicit value of zero */
690 talloc_free(tmp_ctx);
691 ldb_reset_err_string(ldb);
695 if (ret != LDB_SUCCESS) {
696 talloc_free(tmp_ctx);
700 if (res->count != 1) {
706 *uSN = ldb_msg_find_attr_as_uint64(res->msgs[0], "uSNHighest", 0);
708 *urgent_uSN = ldb_msg_find_attr_as_uint64(res->msgs[0], "uSNUrgent", 0);
712 talloc_free(tmp_ctx);
718 save uSNHighest and uSNUrgent attributes in the @REPLCHANGED object for a
721 int dsdb_module_save_partition_usn(struct ldb_module *module, struct ldb_dn *dn,
722 uint64_t uSN, uint64_t urgent_uSN)
724 struct ldb_context *ldb = ldb_module_get_ctx(module);
725 struct ldb_request *req;
726 struct ldb_message *msg;
727 struct dsdb_control_current_partition *p_ctrl;
729 struct ldb_result *res;
731 msg = ldb_msg_new(module);
733 return ldb_module_oom(module);
736 msg->dn = ldb_dn_new(msg, ldb, "@REPLCHANGED");
737 if (msg->dn == NULL) {
739 return ldb_operr(ldb_module_get_ctx(module));
742 res = talloc_zero(msg, struct ldb_result);
745 return ldb_module_oom(module);
748 ret = samdb_msg_add_uint64(ldb, msg, msg, "uSNHighest", uSN);
749 if (ret != LDB_SUCCESS) {
753 msg->elements[0].flags = LDB_FLAG_MOD_REPLACE;
755 /* urgent_uSN is optional so may not be stored */
757 ret = samdb_msg_add_uint64(ldb, msg, msg, "uSNUrgent",
759 if (ret != LDB_SUCCESS) {
763 msg->elements[1].flags = LDB_FLAG_MOD_REPLACE;
767 p_ctrl = talloc(msg, struct dsdb_control_current_partition);
768 if (p_ctrl == NULL) {
772 p_ctrl->version = DSDB_CONTROL_CURRENT_PARTITION_VERSION;
774 ret = ldb_build_mod_req(&req, ldb, msg,
778 ldb_modify_default_callback,
780 LDB_REQ_SET_LOCATION(req);
782 if (ret != LDB_SUCCESS) {
787 ret = ldb_request_add_control(req,
788 DSDB_CONTROL_CURRENT_PARTITION_OID,
790 if (ret != LDB_SUCCESS) {
795 /* Run the new request */
796 ret = ldb_next_request(module, req);
798 if (ret == LDB_SUCCESS) {
799 ret = ldb_wait(req->handle, LDB_WAIT_ALL);
801 if (ret == LDB_ERR_NO_SUCH_OBJECT) {
802 ret = ldb_build_add_req(&req, ldb, msg,
806 ldb_modify_default_callback,
808 LDB_REQ_SET_LOCATION(req);
817 bool dsdb_module_am_system(struct ldb_module *module)
819 struct ldb_context *ldb = ldb_module_get_ctx(module);
820 struct auth_session_info *session_info
821 = talloc_get_type(ldb_get_opaque(ldb, "sessionInfo"), struct auth_session_info);
822 return security_session_user_level(session_info, NULL) == SECURITY_SYSTEM;
825 bool dsdb_module_am_administrator(struct ldb_module *module)
827 struct ldb_context *ldb = ldb_module_get_ctx(module);
828 struct auth_session_info *session_info
829 = talloc_get_type(ldb_get_opaque(ldb, "sessionInfo"), struct auth_session_info);
830 return security_session_user_level(session_info, NULL) == SECURITY_ADMINISTRATOR;
834 check if the recyclebin is enabled
836 int dsdb_recyclebin_enabled(struct ldb_module *module, bool *enabled)
838 struct ldb_context *ldb = ldb_module_get_ctx(module);
839 struct ldb_dn *partitions_dn;
840 struct GUID recyclebin_guid;
843 partitions_dn = samdb_partitions_dn(ldb, module);
845 GUID_from_string(DS_GUID_FEATURE_RECYCLE_BIN, &recyclebin_guid);
847 ret = dsdb_check_optional_feature(module, partitions_dn, recyclebin_guid, enabled);
848 if (ret != LDB_SUCCESS) {
849 ldb_asprintf_errstring(ldb, "Could not verify if Recycle Bin is enabled \n");
850 talloc_free(partitions_dn);
851 return LDB_ERR_UNWILLING_TO_PERFORM;
854 talloc_free(partitions_dn);
858 int dsdb_msg_constrainted_update_int32(struct ldb_module *module,
859 struct ldb_message *msg,
861 const int32_t *old_val,
862 const int32_t *new_val)
864 struct ldb_message_element *el;
869 ret = ldb_msg_add_empty(msg, attr, LDB_FLAG_MOD_DELETE, &el);
870 if (ret != LDB_SUCCESS) {
874 el->values = talloc_array(msg, struct ldb_val, el->num_values);
876 return ldb_module_oom(module);
878 vstring = talloc_asprintf(el->values, "%ld", (long)*old_val);
880 return ldb_module_oom(module);
882 *el->values = data_blob_string_const(vstring);
886 ret = ldb_msg_add_empty(msg, attr, LDB_FLAG_MOD_ADD, &el);
887 if (ret != LDB_SUCCESS) {
891 el->values = talloc_array(msg, struct ldb_val, el->num_values);
893 return ldb_module_oom(module);
895 vstring = talloc_asprintf(el->values, "%ld", (long)*new_val);
897 return ldb_module_oom(module);
899 *el->values = data_blob_string_const(vstring);
905 int dsdb_msg_constrainted_update_uint32(struct ldb_module *module,
906 struct ldb_message *msg,
908 const uint32_t *old_val,
909 const uint32_t *new_val)
911 return dsdb_msg_constrainted_update_int32(module, msg, attr,
912 (const int32_t *)old_val,
913 (const int32_t *)new_val);
916 int dsdb_msg_constrainted_update_int64(struct ldb_module *module,
917 struct ldb_message *msg,
919 const int64_t *old_val,
920 const int64_t *new_val)
922 struct ldb_message_element *el;
927 ret = ldb_msg_add_empty(msg, attr, LDB_FLAG_MOD_DELETE, &el);
928 if (ret != LDB_SUCCESS) {
932 el->values = talloc_array(msg, struct ldb_val, el->num_values);
934 return ldb_module_oom(module);
936 vstring = talloc_asprintf(el->values, "%lld", (long long)*old_val);
938 return ldb_module_oom(module);
940 *el->values = data_blob_string_const(vstring);
944 ret = ldb_msg_add_empty(msg, attr, LDB_FLAG_MOD_ADD, &el);
945 if (ret != LDB_SUCCESS) {
949 el->values = talloc_array(msg, struct ldb_val, el->num_values);
951 return ldb_module_oom(module);
953 vstring = talloc_asprintf(el->values, "%lld", (long long)*new_val);
955 return ldb_module_oom(module);
957 *el->values = data_blob_string_const(vstring);
963 int dsdb_msg_constrainted_update_uint64(struct ldb_module *module,
964 struct ldb_message *msg,
966 const uint64_t *old_val,
967 const uint64_t *new_val)
969 return dsdb_msg_constrainted_update_int64(module, msg, attr,
970 (const int64_t *)old_val,
971 (const int64_t *)new_val);
975 update an int32 attribute safely via a constrained delete/add
977 int dsdb_module_constrainted_update_int32(struct ldb_module *module,
980 const int32_t *old_val,
981 const int32_t *new_val)
983 struct ldb_message *msg;
986 msg = ldb_msg_new(module);
989 ret = dsdb_msg_constrainted_update_int32(module,
993 if (ret != LDB_SUCCESS) {
998 ret = dsdb_module_modify(module, msg, DSDB_FLAG_NEXT_MODULE);
1003 int dsdb_module_constrainted_update_uint32(struct ldb_module *module,
1006 const uint32_t *old_val,
1007 const uint32_t *new_val)
1009 return dsdb_module_constrainted_update_int32(module, dn, attr,
1010 (const int32_t *)old_val,
1011 (const int32_t *)new_val);
1015 update an int64 attribute safely via a constrained delete/add
1017 int dsdb_module_constrainted_update_int64(struct ldb_module *module,
1020 const int64_t *old_val,
1021 const int64_t *new_val)
1023 struct ldb_message *msg;
1026 msg = ldb_msg_new(module);
1029 ret = dsdb_msg_constrainted_update_int64(module,
1033 if (ret != LDB_SUCCESS) {
1038 ret = dsdb_module_modify(module, msg, DSDB_FLAG_NEXT_MODULE);
1043 int dsdb_module_constrainted_update_uint64(struct ldb_module *module,
1046 const uint64_t *old_val,
1047 const uint64_t *new_val)
1049 return dsdb_module_constrainted_update_int64(module, dn, attr,
1050 (const int64_t *)old_val,
1051 (const int64_t *)new_val);
1055 const struct ldb_val *dsdb_module_find_dsheuristics(struct ldb_module *module,
1056 TALLOC_CTX *mem_ctx)
1059 struct ldb_dn *new_dn;
1060 struct ldb_context *ldb = ldb_module_get_ctx(module);
1061 static const char *attrs[] = { "dSHeuristics", NULL };
1062 struct ldb_result *res;
1064 new_dn = ldb_dn_copy(mem_ctx, ldb_get_config_basedn(ldb));
1065 if (!ldb_dn_add_child_fmt(new_dn,
1066 "CN=Directory Service,CN=Windows NT,CN=Services")) {
1067 talloc_free(new_dn);
1070 ret = dsdb_module_search_dn(module, mem_ctx, &res,
1073 DSDB_FLAG_NEXT_MODULE);
1074 if (ret == LDB_SUCCESS && res->count == 1) {
1075 talloc_free(new_dn);
1076 return ldb_msg_find_ldb_val(res->msgs[0],
1079 talloc_free(new_dn);
1083 bool dsdb_block_anonymous_ops(struct ldb_module *module)
1085 TALLOC_CTX *tmp_ctx = talloc_new(module);
1087 const struct ldb_val *hr_val = dsdb_module_find_dsheuristics(module,
1089 if (hr_val == NULL || hr_val->length < DS_HR_BLOCK_ANONYMOUS_OPS) {
1091 } else if (hr_val->data[DS_HR_BLOCK_ANONYMOUS_OPS -1] == '2') {
1097 talloc_free(tmp_ctx);
1101 bool dsdb_user_password_support(struct ldb_module *module,
1102 TALLOC_CTX *mem_ctx)
1104 TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
1106 const struct ldb_val *hr_val = dsdb_module_find_dsheuristics(module,
1108 if (hr_val == NULL || hr_val->length < DS_HR_USER_PASSWORD_SUPPORT) {
1110 } else if ((hr_val->data[DS_HR_USER_PASSWORD_SUPPORT -1] == '2') ||
1111 (hr_val->data[DS_HR_USER_PASSWORD_SUPPORT -1] == '0')) {
1117 talloc_free(tmp_ctx);
1122 show the chain of requests, useful for debugging async requests
1124 void dsdb_req_chain_debug(struct ldb_request *req, int level)
1126 char *s = ldb_module_call_chain(req, req);
1127 DEBUG(level, ("%s\n", s));
1132 * Gets back a single-valued attribute by the rules of the DSDB triggers when
1133 * performing a modify operation.
1135 * In order that the constraint checking by the "objectclass_attrs" LDB module
1136 * does work properly, the change request should remain similar or only be
1137 * enhanced (no other modifications as deletions, variations).
1139 struct ldb_message_element *dsdb_get_single_valued_attr(const struct ldb_message *msg,
1140 const char *attr_name,
1141 enum ldb_request_type operation)
1143 struct ldb_message_element *el = NULL;
1146 /* We've to walk over all modification entries and consider the last
1147 * non-delete one which belongs to "attr_name".
1149 * If "el" is NULL afterwards then that means there was no interesting
1151 for (i = 0; i < msg->num_elements; i++) {
1152 if (ldb_attr_cmp(msg->elements[i].name, attr_name) == 0) {
1153 if ((operation == LDB_MODIFY) &&
1154 (LDB_FLAG_MOD_TYPE(msg->elements[i].flags)
1155 == LDB_FLAG_MOD_DELETE)) {
1158 el = &msg->elements[i];