LCOV - code coverage report
Current view: top level - source4/dsdb/samdb/ldb_modules - util.c (source / functions) Hit Total Coverage
Test: coverage report for master 98b443d9 Lines: 660 927 71.2 %
Date: 2024-05-31 13:13:24 Functions: 46 49 93.9 %

          Line data    Source code
       1             : /*
       2             :    Unix SMB/CIFS implementation.
       3             :    Samba utility functions
       4             : 
       5             :    Copyright (C) Andrew Tridgell 2009
       6             :    Copyright (C) Andrew Bartlett <abartlet@samba.org> 2009
       7             :    Copyright (C) Matthieu Patou <mat@matws.net> 2011
       8             : 
       9             :    This program is free software; you can redistribute it and/or modify
      10             :    it under the terms of the GNU General Public License as published by
      11             :    the Free Software Foundation; either version 3 of the License, or
      12             :    (at your option) any later version.
      13             : 
      14             :    This program is distributed in the hope that it will be useful,
      15             :    but WITHOUT ANY WARRANTY; without even the implied warranty of
      16             :    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      17             :    GNU General Public License for more details.
      18             : 
      19             :    You should have received a copy of the GNU General Public License
      20             :    along with this program.  If not, see <http://www.gnu.org/licenses/>.
      21             : */
      22             : 
      23             : #include "includes.h"
      24             : #include "ldb.h"
      25             : #include "ldb_module.h"
      26             : #include "librpc/ndr/libndr.h"
      27             : #include "dsdb/samdb/ldb_modules/util.h"
      28             : #include "dsdb/samdb/samdb.h"
      29             : #include "dsdb/common/util.h"
      30             : #include "libcli/security/security.h"
      31             : 
      32             : #undef strcasecmp
      33             : 
      34             : /*
      35             :   search for attrs on one DN, in the modules below
      36             :  */
      37    13595005 : int dsdb_module_search_dn(struct ldb_module *module,
      38             :                           TALLOC_CTX *mem_ctx,
      39             :                           struct ldb_result **_res,
      40             :                           struct ldb_dn *basedn,
      41             :                           const char * const *attrs,
      42             :                           uint32_t dsdb_flags,
      43             :                           struct ldb_request *parent)
      44             : {
      45      597711 :         int ret;
      46      597711 :         struct ldb_request *req;
      47      597711 :         TALLOC_CTX *tmp_ctx;
      48      597711 :         struct ldb_result *res;
      49             : 
      50    13595005 :         tmp_ctx = talloc_new(mem_ctx);
      51    13595005 :         if (tmp_ctx == NULL) {
      52           0 :                 return ldb_oom(ldb_module_get_ctx(module));
      53             :         }
      54             : 
      55    13595005 :         res = talloc_zero(tmp_ctx, struct ldb_result);
      56    13595005 :         if (!res) {
      57           0 :                 talloc_free(tmp_ctx);
      58           0 :                 return ldb_oom(ldb_module_get_ctx(module));
      59             :         }
      60             : 
      61    13595005 :         ret = ldb_build_search_req(&req, ldb_module_get_ctx(module), tmp_ctx,
      62             :                                    basedn,
      63             :                                    LDB_SCOPE_BASE,
      64             :                                    NULL,
      65             :                                    attrs,
      66             :                                    NULL,
      67             :                                    res,
      68             :                                    ldb_search_default_callback,
      69             :                                    parent);
      70    13595005 :         LDB_REQ_SET_LOCATION(req);
      71    13595005 :         if (ret != LDB_SUCCESS) {
      72           0 :                 talloc_free(tmp_ctx);
      73           0 :                 return ret;
      74             :         }
      75             : 
      76    13595005 :         ret = dsdb_request_add_controls(req, dsdb_flags);
      77    13595005 :         if (ret != LDB_SUCCESS) {
      78           0 :                 talloc_free(tmp_ctx);
      79           0 :                 return ret;
      80             :         }
      81             : 
      82    13595005 :         if (dsdb_flags & DSDB_FLAG_TRUSTED) {
      83           0 :                 ldb_req_mark_trusted(req);
      84             :         }
      85             : 
      86             :         /* Run the new request */
      87    13595005 :         if (dsdb_flags & DSDB_FLAG_NEXT_MODULE) {
      88    13594731 :                 ret = ldb_next_request(module, req);
      89         274 :         } else if (dsdb_flags & DSDB_FLAG_TOP_MODULE) {
      90         274 :                 ret = ldb_request(ldb_module_get_ctx(module), req);
      91             :         } else {
      92           0 :                 const struct ldb_module_ops *ops = ldb_module_get_ops(module);
      93           0 :                 SMB_ASSERT(dsdb_flags & DSDB_FLAG_OWN_MODULE);
      94           0 :                 ret = ops->search(module, req);
      95             :         }
      96    13595005 :         if (ret == LDB_SUCCESS) {
      97    13594984 :                 ret = ldb_wait(req->handle, LDB_WAIT_ALL);
      98             :         }
      99             : 
     100    13595005 :         if (ret != LDB_SUCCESS) {
     101      494827 :                 talloc_free(tmp_ctx);
     102      494827 :                 return ret;
     103             :         }
     104             : 
     105    13100178 :         if (res->count != 1) {
     106             :                 /* we may be reading a DB that does not have the 'check base on search' option... */
     107       21024 :                 ret = LDB_ERR_NO_SUCH_OBJECT;
     108       21024 :                 ldb_asprintf_errstring(ldb_module_get_ctx(module),
     109             :                                        "dsdb_module_search_dn: did not find base dn %s (%d results)",
     110             :                                        ldb_dn_get_linearized(basedn), res->count);
     111             :         } else {
     112    13079154 :                 *_res = talloc_steal(mem_ctx, res);
     113             :         }
     114    13100178 :         talloc_free(tmp_ctx);
     115    13100178 :         return ret;
     116             : }
     117             : 
     118    13378155 : int dsdb_module_search_tree(struct ldb_module *module,
     119             :                        TALLOC_CTX *mem_ctx,
     120             :                        struct ldb_result **_res,
     121             :                        struct ldb_dn *basedn,
     122             :                        enum ldb_scope scope,
     123             :                        struct ldb_parse_tree *tree,
     124             :                        const char * const *attrs,
     125             :                        int dsdb_flags,
     126             :                        struct ldb_request *parent)
     127             : {
     128      167755 :         int ret;
     129      167755 :         struct ldb_request *req;
     130      167755 :         TALLOC_CTX *tmp_ctx;
     131      167755 :         struct ldb_result *res;
     132             : 
     133    13378155 :         tmp_ctx = talloc_new(mem_ctx);
     134    13378155 :         if (tmp_ctx == NULL) {
     135           0 :                 return ldb_oom(ldb_module_get_ctx(module));
     136             :         }
     137             : 
     138             :         /* cross-partitions searches with a basedn break multi-domain support */
     139    13378155 :         SMB_ASSERT(basedn == NULL || (dsdb_flags & DSDB_SEARCH_SEARCH_ALL_PARTITIONS) == 0);
     140             : 
     141    13378155 :         res = talloc_zero(tmp_ctx, struct ldb_result);
     142    13378155 :         if (!res) {
     143           0 :                 talloc_free(tmp_ctx);
     144           0 :                 return ldb_oom(ldb_module_get_ctx(module));
     145             :         }
     146             : 
     147    13378155 :         ret = ldb_build_search_req_ex(&req, ldb_module_get_ctx(module), tmp_ctx,
     148             :                                    basedn,
     149             :                                    scope,
     150             :                                    tree,
     151             :                                    attrs,
     152             :                                    NULL,
     153             :                                    res,
     154             :                                    ldb_search_default_callback,
     155             :                                    parent);
     156    13378155 :         LDB_REQ_SET_LOCATION(req);
     157    13378155 :         if (ret != LDB_SUCCESS) {
     158           0 :                 talloc_free(tmp_ctx);
     159           0 :                 return ret;
     160             :         }
     161             : 
     162    13378155 :         ret = dsdb_request_add_controls(req, dsdb_flags);
     163    13378155 :         if (ret != LDB_SUCCESS) {
     164           0 :                 talloc_free(tmp_ctx);
     165           0 :                 return ret;
     166             :         }
     167             : 
     168    13378155 :         if (dsdb_flags & DSDB_FLAG_TRUSTED) {
     169           0 :                 ldb_req_mark_trusted(req);
     170             :         }
     171             : 
     172    13378155 :         if (dsdb_flags & DSDB_FLAG_NEXT_MODULE) {
     173    13378152 :                 ret = ldb_next_request(module, req);
     174           3 :         } else if (dsdb_flags & DSDB_FLAG_TOP_MODULE) {
     175           3 :                 ret = ldb_request(ldb_module_get_ctx(module), req);
     176             :         } else {
     177           0 :                 const struct ldb_module_ops *ops = ldb_module_get_ops(module);
     178           0 :                 SMB_ASSERT(dsdb_flags & DSDB_FLAG_OWN_MODULE);
     179           0 :                 ret = ops->search(module, req);
     180             :         }
     181    13378155 :         if (ret == LDB_SUCCESS) {
     182    13378155 :                 ret = ldb_wait(req->handle, LDB_WAIT_ALL);
     183             :         }
     184             : 
     185    13378155 :         if (dsdb_flags & DSDB_SEARCH_ONE_ONLY) {
     186    10813446 :                 if (res->count == 0) {
     187        6672 :                         talloc_free(tmp_ctx);
     188        6672 :                         return ldb_error(ldb_module_get_ctx(module), LDB_ERR_NO_SUCH_OBJECT, __func__);
     189             :                 }
     190    10806774 :                 if (res->count != 1) {
     191           0 :                         talloc_free(tmp_ctx);
     192           0 :                         ldb_reset_err_string(ldb_module_get_ctx(module));
     193           0 :                         return LDB_ERR_CONSTRAINT_VIOLATION;
     194             :                 }
     195             :         }
     196             : 
     197    13371483 :         talloc_free(req);
     198    13371483 :         if (ret == LDB_SUCCESS) {
     199    13370429 :                 *_res = talloc_steal(mem_ctx, res);
     200             :         }
     201    13371483 :         talloc_free(tmp_ctx);
     202    13371483 :         return ret;
     203             : }
     204             : 
     205             : /*
     206             :   search for attrs in the modules below
     207             :  */
     208    13376603 : int dsdb_module_search(struct ldb_module *module,
     209             :                        TALLOC_CTX *mem_ctx,
     210             :                        struct ldb_result **_res,
     211             :                        struct ldb_dn *basedn, enum ldb_scope scope,
     212             :                        const char * const *attrs,
     213             :                        int dsdb_flags,
     214             :                        struct ldb_request *parent,
     215             :                        const char *format, ...) _PRINTF_ATTRIBUTE(9, 10)
     216             : {
     217      167755 :         int ret;
     218      167755 :         TALLOC_CTX *tmp_ctx;
     219      167755 :         va_list ap;
     220      167755 :         char *expression;
     221      167755 :         struct ldb_parse_tree *tree;
     222             : 
     223             :         /* cross-partitions searches with a basedn break multi-domain support */
     224    13376603 :         SMB_ASSERT(basedn == NULL || (dsdb_flags & DSDB_SEARCH_SEARCH_ALL_PARTITIONS) == 0);
     225             : 
     226    13376603 :         tmp_ctx = talloc_new(mem_ctx);
     227    13376603 :         if (tmp_ctx == NULL) {
     228           0 :                 return ldb_oom(ldb_module_get_ctx(module));
     229             :         }
     230             : 
     231    13376603 :         if (format) {
     232    12640201 :                 va_start(ap, format);
     233    12640201 :                 expression = talloc_vasprintf(tmp_ctx, format, ap);
     234    12640201 :                 va_end(ap);
     235             : 
     236    12640201 :                 if (!expression) {
     237           0 :                         talloc_free(tmp_ctx);
     238           0 :                         return ldb_oom(ldb_module_get_ctx(module));
     239             :                 }
     240             :         } else {
     241      711914 :                 expression = NULL;
     242             :         }
     243             : 
     244    13376603 :         tree = ldb_parse_tree(tmp_ctx, expression);
     245    13376603 :         if (tree == NULL) {
     246           0 :                 talloc_free(tmp_ctx);
     247           0 :                 ldb_set_errstring(ldb_module_get_ctx(module),
     248             :                                 "Unable to parse search expression");
     249           0 :                 return LDB_ERR_OPERATIONS_ERROR;
     250             :         }
     251             : 
     252    13376603 :         ret = dsdb_module_search_tree(module,
     253             :                        mem_ctx,
     254             :                        _res,
     255             :                        basedn,
     256             :                        scope,
     257             :                        tree,
     258             :                        attrs,
     259             :                        dsdb_flags,
     260             :                        parent);
     261             : 
     262    13376603 :         talloc_free(tmp_ctx);
     263    13376603 :         return ret;
     264             : }
     265             : 
     266             : /*
     267             :   find an object given a GUID. This searches across all partitions
     268             :  */
     269       79809 : int dsdb_module_obj_by_guid(struct ldb_module *module,
     270             :                             TALLOC_CTX *mem_ctx,
     271             :                             struct ldb_message **_msg,
     272             :                             const struct GUID *guid,
     273             :                             const char * const *attrs,
     274             :                             struct ldb_request *parent)
     275             : {
     276        1602 :         struct ldb_result *res;
     277       79809 :         TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
     278        1602 :         int ret;
     279             : 
     280       79809 :         ret = dsdb_module_search(module, tmp_ctx, &res, NULL, LDB_SCOPE_SUBTREE,
     281             :                                  attrs,
     282             :                                  DSDB_FLAG_NEXT_MODULE |
     283             :                                  DSDB_SEARCH_SHOW_RECYCLED |
     284             :                                  DSDB_SEARCH_SEARCH_ALL_PARTITIONS |
     285             :                                  DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT,
     286             :                                  parent,
     287             :                                  "objectGUID=%s", GUID_string(tmp_ctx, guid));
     288       79809 :         if (ret != LDB_SUCCESS) {
     289           0 :                 talloc_free(tmp_ctx);
     290           0 :                 return ret;
     291             :         }
     292       79809 :         if (res->count == 0) {
     293          59 :                 talloc_free(tmp_ctx);
     294          59 :                 return ldb_error(ldb_module_get_ctx(module), LDB_ERR_NO_SUCH_OBJECT, __func__);
     295             :         }
     296       79750 :         if (res->count != 1) {
     297           0 :                 ldb_asprintf_errstring(ldb_module_get_ctx(module), "More than one object found matching objectGUID %s\n",
     298             :                                        GUID_string(tmp_ctx, guid));
     299           0 :                 talloc_free(tmp_ctx);
     300           0 :                 return LDB_ERR_OPERATIONS_ERROR;
     301             :         }
     302             : 
     303       79750 :         *_msg = talloc_steal(mem_ctx, res->msgs[0]);
     304             : 
     305       79750 :         talloc_free(tmp_ctx);
     306       79750 :         return LDB_SUCCESS;
     307             : }
     308             : 
     309             : /*
     310             :   find a DN given a GUID. This searches across all partitions
     311             :  */
     312        3381 : int dsdb_module_dn_by_guid(struct ldb_module *module, TALLOC_CTX *mem_ctx,
     313             :                            const struct GUID *guid, struct ldb_dn **dn,
     314             :                            struct ldb_request *parent)
     315             : {
     316        3381 :         struct ldb_message *msg = NULL;
     317           0 :         static const char * const attrs[] = { NULL };
     318        3381 :         TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
     319           0 :         int ret;
     320             : 
     321        3381 :         ret = dsdb_module_obj_by_guid(module,
     322             :                                       tmp_ctx,
     323             :                                       &msg,
     324             :                                       guid,
     325             :                                       attrs,
     326             :                                       parent);
     327        3381 :         if (ret != LDB_SUCCESS) {
     328          21 :                 talloc_free(tmp_ctx);
     329          21 :                 return ret;
     330             :         }
     331             : 
     332        3360 :         *dn = talloc_steal(mem_ctx, msg->dn);
     333             : 
     334        3360 :         talloc_free(tmp_ctx);
     335        3360 :         return LDB_SUCCESS;
     336             : }
     337             : 
     338             : /*
     339             :   find a GUID given a DN.
     340             :  */
     341       27603 : int dsdb_module_guid_by_dn(struct ldb_module *module, struct ldb_dn *dn, struct GUID *guid,
     342             :                            struct ldb_request *parent)
     343             : {
     344          46 :         static const char * const attrs[] = { NULL };
     345          46 :         struct ldb_result *res;
     346       27603 :         TALLOC_CTX *tmp_ctx = talloc_new(module);
     347          46 :         int ret;
     348          46 :         NTSTATUS status;
     349             : 
     350       27603 :         ret = dsdb_module_search_dn(module, tmp_ctx, &res, dn, attrs,
     351             :                                     DSDB_FLAG_NEXT_MODULE |
     352             :                                     DSDB_SEARCH_SHOW_RECYCLED |
     353             :                                     DSDB_SEARCH_SHOW_EXTENDED_DN,
     354             :                                     parent);
     355       27603 :         if (ret != LDB_SUCCESS) {
     356           3 :                 ldb_asprintf_errstring(ldb_module_get_ctx(module), "Failed to find GUID for %s",
     357             :                                        ldb_dn_get_linearized(dn));
     358           3 :                 talloc_free(tmp_ctx);
     359           3 :                 return ret;
     360             :         }
     361             : 
     362       27600 :         status = dsdb_get_extended_dn_guid(res->msgs[0]->dn, guid, "GUID");
     363       27600 :         if (!NT_STATUS_IS_OK(status)) {
     364           0 :                 talloc_free(tmp_ctx);
     365           0 :                 return ldb_operr(ldb_module_get_ctx(module));
     366             :         }
     367             : 
     368       27600 :         talloc_free(tmp_ctx);
     369       27600 :         return LDB_SUCCESS;
     370             : }
     371             : 
     372             : 
     373             : /*
     374             :   a ldb_extended request operating on modules below the
     375             :   current module
     376             : 
     377             :   Note that this does not automatically start a transaction. If you
     378             :   need a transaction the caller needs to start it as needed.
     379             :  */
     380    19728428 : int dsdb_module_extended(struct ldb_module *module,
     381             :                          TALLOC_CTX *mem_ctx,
     382             :                          struct ldb_result **_res,
     383             :                          const char* oid, void* data,
     384             :                          uint32_t dsdb_flags,
     385             :                          struct ldb_request *parent)
     386             : {
     387     1128910 :         struct ldb_request *req;
     388     1128910 :         int ret;
     389    19728428 :         struct ldb_context *ldb = ldb_module_get_ctx(module);
     390    19728428 :         TALLOC_CTX *tmp_ctx = talloc_new(module);
     391     1128910 :         struct ldb_result *res;
     392             : 
     393    19728428 :         if (_res != NULL) {
     394    19356133 :                 (*_res) = NULL;
     395             :         }
     396             : 
     397    19728428 :         res = talloc_zero(tmp_ctx, struct ldb_result);
     398    19728428 :         if (!res) {
     399           0 :                 talloc_free(tmp_ctx);
     400           0 :                 return ldb_oom(ldb_module_get_ctx(module));
     401             :         }
     402             : 
     403    19728428 :         ret = ldb_build_extended_req(&req, ldb,
     404             :                         tmp_ctx,
     405             :                         oid,
     406             :                         data,
     407             :                         NULL,
     408             :                         res, ldb_extended_default_callback,
     409             :                         parent);
     410             : 
     411    19728428 :         LDB_REQ_SET_LOCATION(req);
     412    19728428 :         if (ret != LDB_SUCCESS) {
     413           0 :                 talloc_free(tmp_ctx);
     414           0 :                 return ret;
     415             :         }
     416             : 
     417    19728428 :         ret = dsdb_request_add_controls(req, dsdb_flags);
     418    19728428 :         if (ret != LDB_SUCCESS) {
     419           0 :                 talloc_free(tmp_ctx);
     420           0 :                 return ret;
     421             :         }
     422             : 
     423    19728428 :         if (dsdb_flags & DSDB_FLAG_TRUSTED) {
     424      372295 :                 ldb_req_mark_trusted(req);
     425             :         }
     426             : 
     427             :         /* Run the new request */
     428    19728428 :         if (dsdb_flags & DSDB_FLAG_NEXT_MODULE) {
     429    19356133 :                 ret = ldb_next_request(module, req);
     430      372295 :         } else if (dsdb_flags & DSDB_FLAG_TOP_MODULE) {
     431      372295 :                 ret = ldb_request(ldb_module_get_ctx(module), req);
     432             :         } else {
     433           0 :                 const struct ldb_module_ops *ops = ldb_module_get_ops(module);
     434           0 :                 SMB_ASSERT(dsdb_flags & DSDB_FLAG_OWN_MODULE);
     435           0 :                 ret = ops->extended(module, req);
     436             :         }
     437    19728428 :         if (ret == LDB_SUCCESS) {
     438    19728428 :                 ret = ldb_wait(req->handle, LDB_WAIT_ALL);
     439             :         }
     440             : 
     441    19728428 :         if (_res != NULL && ret == LDB_SUCCESS) {
     442    19356133 :                 (*_res) = talloc_steal(mem_ctx, res);
     443             :         }
     444             : 
     445    19728428 :         talloc_free(tmp_ctx);
     446    19728428 :         return ret;
     447             : }
     448             : 
     449             : 
     450             : /*
     451             :   a ldb_modify request operating on modules below the
     452             :   current module
     453             :  */
     454      410775 : int dsdb_module_modify(struct ldb_module *module,
     455             :                        const struct ldb_message *message,
     456             :                        uint32_t dsdb_flags,
     457             :                        struct ldb_request *parent)
     458             : {
     459        8038 :         struct ldb_request *mod_req;
     460        8038 :         int ret;
     461      410775 :         struct ldb_context *ldb = ldb_module_get_ctx(module);
     462      410775 :         TALLOC_CTX *tmp_ctx = talloc_new(module);
     463        8038 :         struct ldb_result *res;
     464             : 
     465      410775 :         res = talloc_zero(tmp_ctx, struct ldb_result);
     466      410775 :         if (!res) {
     467           0 :                 talloc_free(tmp_ctx);
     468           0 :                 return ldb_oom(ldb_module_get_ctx(module));
     469             :         }
     470             : 
     471      410775 :         ret = ldb_build_mod_req(&mod_req, ldb, tmp_ctx,
     472             :                                 message,
     473             :                                 NULL,
     474             :                                 res,
     475             :                                 ldb_modify_default_callback,
     476             :                                 parent);
     477      410775 :         LDB_REQ_SET_LOCATION(mod_req);
     478      410775 :         if (ret != LDB_SUCCESS) {
     479           0 :                 talloc_free(tmp_ctx);
     480           0 :                 return ret;
     481             :         }
     482             : 
     483      410775 :         ret = dsdb_request_add_controls(mod_req, dsdb_flags);
     484      410775 :         if (ret != LDB_SUCCESS) {
     485           0 :                 talloc_free(tmp_ctx);
     486           0 :                 return ret;
     487             :         }
     488             : 
     489      410775 :         if (dsdb_flags & DSDB_FLAG_TRUSTED) {
     490           0 :                 ldb_req_mark_trusted(mod_req);
     491             :         }
     492             : 
     493             :         /* Run the new request */
     494      410775 :         if (dsdb_flags & DSDB_FLAG_NEXT_MODULE) {
     495      161430 :                 ret = ldb_next_request(module, mod_req);
     496      249345 :         } else if (dsdb_flags & DSDB_FLAG_TOP_MODULE) {
     497           2 :                 ret = ldb_request(ldb_module_get_ctx(module), mod_req);
     498             :         } else {
     499      249343 :                 const struct ldb_module_ops *ops = ldb_module_get_ops(module);
     500      249343 :                 SMB_ASSERT(dsdb_flags & DSDB_FLAG_OWN_MODULE);
     501      249343 :                 ret = ops->modify(module, mod_req);
     502             :         }
     503      410775 :         if (ret == LDB_SUCCESS) {
     504      410775 :                 ret = ldb_wait(mod_req->handle, LDB_WAIT_ALL);
     505             :         }
     506             : 
     507      410775 :         talloc_free(tmp_ctx);
     508      410775 :         return ret;
     509             : }
     510             : 
     511             : 
     512             : 
     513             : /*
     514             :   a ldb_rename request operating on modules below the
     515             :   current module
     516             :  */
     517      164822 : int dsdb_module_rename(struct ldb_module *module,
     518             :                        struct ldb_dn *olddn, struct ldb_dn *newdn,
     519             :                        uint32_t dsdb_flags,
     520             :                        struct ldb_request *parent)
     521             : {
     522         297 :         struct ldb_request *req;
     523         297 :         int ret;
     524      164822 :         struct ldb_context *ldb = ldb_module_get_ctx(module);
     525      164822 :         TALLOC_CTX *tmp_ctx = talloc_new(module);
     526         297 :         struct ldb_result *res;
     527             : 
     528      164822 :         res = talloc_zero(tmp_ctx, struct ldb_result);
     529      164822 :         if (!res) {
     530           0 :                 talloc_free(tmp_ctx);
     531           0 :                 return ldb_oom(ldb_module_get_ctx(module));
     532             :         }
     533             : 
     534      164822 :         ret = ldb_build_rename_req(&req, ldb, tmp_ctx,
     535             :                                    olddn,
     536             :                                    newdn,
     537             :                                    NULL,
     538             :                                    res,
     539             :                                    ldb_modify_default_callback,
     540             :                                    parent);
     541      164822 :         LDB_REQ_SET_LOCATION(req);
     542      164822 :         if (ret != LDB_SUCCESS) {
     543           0 :                 talloc_free(tmp_ctx);
     544           0 :                 return ret;
     545             :         }
     546             : 
     547      164822 :         ret = dsdb_request_add_controls(req, dsdb_flags);
     548      164822 :         if (ret != LDB_SUCCESS) {
     549           0 :                 talloc_free(tmp_ctx);
     550           0 :                 return ret;
     551             :         }
     552             : 
     553      164822 :         if (dsdb_flags & DSDB_FLAG_TRUSTED) {
     554           0 :                 ldb_req_mark_trusted(req);
     555             :         }
     556             : 
     557             :         /* Run the new request */
     558      164822 :         if (dsdb_flags & DSDB_FLAG_NEXT_MODULE) {
     559      164248 :                 ret = ldb_next_request(module, req);
     560         574 :         } else if (dsdb_flags & DSDB_FLAG_TOP_MODULE) {
     561           0 :                 ret = ldb_request(ldb_module_get_ctx(module), req);
     562             :         } else {
     563         574 :                 const struct ldb_module_ops *ops = ldb_module_get_ops(module);
     564         574 :                 SMB_ASSERT(dsdb_flags & DSDB_FLAG_OWN_MODULE);
     565         574 :                 ret = ops->rename(module, req);
     566             :         }
     567      164822 :         if (ret == LDB_SUCCESS) {
     568      164820 :                 ret = ldb_wait(req->handle, LDB_WAIT_ALL);
     569             :         }
     570             : 
     571      164822 :         talloc_free(tmp_ctx);
     572      164822 :         return ret;
     573             : }
     574             : 
     575             : /*
     576             :   a ldb_add request operating on modules below the
     577             :   current module
     578             :  */
     579        1411 : int dsdb_module_add(struct ldb_module *module,
     580             :                     const struct ldb_message *message,
     581             :                     uint32_t dsdb_flags,
     582             :                     struct ldb_request *parent)
     583             : {
     584         152 :         struct ldb_request *req;
     585         152 :         int ret;
     586        1411 :         struct ldb_context *ldb = ldb_module_get_ctx(module);
     587        1411 :         TALLOC_CTX *tmp_ctx = talloc_new(module);
     588         152 :         struct ldb_result *res;
     589             : 
     590        1411 :         res = talloc_zero(tmp_ctx, struct ldb_result);
     591        1411 :         if (!res) {
     592           0 :                 talloc_free(tmp_ctx);
     593           0 :                 return ldb_oom(ldb_module_get_ctx(module));
     594             :         }
     595             : 
     596        1411 :         ret = ldb_build_add_req(&req, ldb, tmp_ctx,
     597             :                                 message,
     598             :                                 NULL,
     599             :                                 res,
     600             :                                 ldb_modify_default_callback,
     601             :                                 parent);
     602        1411 :         LDB_REQ_SET_LOCATION(req);
     603        1411 :         if (ret != LDB_SUCCESS) {
     604           0 :                 talloc_free(tmp_ctx);
     605           0 :                 return ret;
     606             :         }
     607             : 
     608        1411 :         ret = dsdb_request_add_controls(req, dsdb_flags);
     609        1411 :         if (ret != LDB_SUCCESS) {
     610           0 :                 talloc_free(tmp_ctx);
     611           0 :                 return ret;
     612             :         }
     613             : 
     614        1411 :         if (dsdb_flags & DSDB_FLAG_TRUSTED) {
     615           0 :                 ldb_req_mark_trusted(req);
     616             :         }
     617             : 
     618             :         /* Run the new request */
     619        1411 :         if (dsdb_flags & DSDB_FLAG_NEXT_MODULE) {
     620        1337 :                 ret = ldb_next_request(module, req);
     621          74 :         } else if (dsdb_flags & DSDB_FLAG_TOP_MODULE) {
     622          74 :                 ret = ldb_request(ldb_module_get_ctx(module), req);
     623             :         } else {
     624           0 :                 const struct ldb_module_ops *ops = ldb_module_get_ops(module);
     625           0 :                 SMB_ASSERT(dsdb_flags & DSDB_FLAG_OWN_MODULE);
     626           0 :                 ret = ops->add(module, req);
     627             :         }
     628        1411 :         if (ret == LDB_SUCCESS) {
     629        1411 :                 ret = ldb_wait(req->handle, LDB_WAIT_ALL);
     630             :         }
     631             : 
     632        1411 :         talloc_free(tmp_ctx);
     633        1411 :         return ret;
     634             : }
     635             : 
     636             : /*
     637             :   a ldb_delete request operating on modules below the
     638             :   current module
     639             :  */
     640       29325 : int dsdb_module_del(struct ldb_module *module,
     641             :                     struct ldb_dn *dn,
     642             :                     uint32_t dsdb_flags,
     643             :                     struct ldb_request *parent)
     644             : {
     645           3 :         struct ldb_request *req;
     646           3 :         int ret;
     647       29325 :         struct ldb_context *ldb = ldb_module_get_ctx(module);
     648       29325 :         TALLOC_CTX *tmp_ctx = talloc_new(module);
     649           3 :         struct ldb_result *res;
     650             : 
     651       29325 :         res = talloc_zero(tmp_ctx, struct ldb_result);
     652       29325 :         if (!res) {
     653           0 :                 talloc_free(tmp_ctx);
     654           0 :                 return ldb_oom(ldb);
     655             :         }
     656             : 
     657       29325 :         ret = ldb_build_del_req(&req, ldb, tmp_ctx,
     658             :                                 dn,
     659             :                                 NULL,
     660             :                                 res,
     661             :                                 ldb_modify_default_callback,
     662             :                                 parent);
     663       29325 :         LDB_REQ_SET_LOCATION(req);
     664       29325 :         if (ret != LDB_SUCCESS) {
     665           0 :                 talloc_free(tmp_ctx);
     666           0 :                 return ret;
     667             :         }
     668             : 
     669       29325 :         ret = dsdb_request_add_controls(req, dsdb_flags);
     670       29325 :         if (ret != LDB_SUCCESS) {
     671           0 :                 talloc_free(tmp_ctx);
     672           0 :                 return ret;
     673             :         }
     674             : 
     675       29325 :         if (dsdb_flags & DSDB_FLAG_TRUSTED) {
     676       29325 :                 ldb_req_mark_trusted(req);
     677             :         }
     678             : 
     679             :         /* Run the new request */
     680       29325 :         if (dsdb_flags & DSDB_FLAG_NEXT_MODULE) {
     681           0 :                 ret = ldb_next_request(module, req);
     682       29325 :         } else if (dsdb_flags & DSDB_FLAG_TOP_MODULE) {
     683       29325 :                 ret = ldb_request(ldb_module_get_ctx(module), req);
     684             :         } else {
     685           0 :                 const struct ldb_module_ops *ops = ldb_module_get_ops(module);
     686           0 :                 SMB_ASSERT(dsdb_flags & DSDB_FLAG_OWN_MODULE);
     687           0 :                 ret = ops->del(module, req);
     688             :         }
     689       29325 :         if (ret == LDB_SUCCESS) {
     690       29325 :                 ret = ldb_wait(req->handle, LDB_WAIT_ALL);
     691             :         }
     692             : 
     693       29325 :         talloc_free(tmp_ctx);
     694       29325 :         return ret;
     695             : }
     696             : 
     697             : /*
     698             :   check if a single valued link has multiple non-deleted values
     699             : 
     700             :   This is needed when we will be using the RELAX control to stop
     701             :   ldb_tdb from checking single valued links
     702             :  */
     703       83132 : int dsdb_check_single_valued_link(const struct dsdb_attribute *attr,
     704             :                                   const struct ldb_message_element *el)
     705             : {
     706       83132 :         bool found_active = false;
     707        1095 :         unsigned int i;
     708             : 
     709       83132 :         if (!(attr->ldb_schema_attribute->flags & LDB_ATTR_FLAG_SINGLE_VALUE) ||
     710       12415 :             el->num_values < 2) {
     711       81913 :                 return LDB_SUCCESS;
     712             :         }
     713             : 
     714         370 :         for (i=0; i<el->num_values; i++) {
     715         249 :                 if (!dsdb_dn_is_deleted_val(&el->values[i])) {
     716         116 :                         if (found_active) {
     717           3 :                                 return LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
     718             :                         }
     719         113 :                         found_active = true;
     720             :                 }
     721             :         }
     722             : 
     723         121 :         return LDB_SUCCESS;
     724             : }
     725             : 
     726             : 
     727      363178 : int dsdb_check_samba_compatible_feature(struct ldb_module *module,
     728             :                                         const char *feature,
     729             :                                         bool *found)
     730             : {
     731      363178 :         struct ldb_context *ldb = ldb_module_get_ctx(module);
     732       12156 :         struct ldb_result *res;
     733       12156 :         static const char * const samba_dsdb_attrs[] = {
     734             :                 SAMBA_COMPATIBLE_FEATURES_ATTR,
     735             :                 NULL
     736             :         };
     737       12156 :         int ret;
     738      363178 :         struct ldb_dn *samba_dsdb_dn = NULL;
     739      363178 :         TALLOC_CTX *tmp_ctx = talloc_new(ldb);
     740      363178 :         if (tmp_ctx == NULL) {
     741           0 :                 *found = false;
     742           0 :                 return ldb_oom(ldb);
     743             :         }
     744      363178 :         *found = false;
     745             : 
     746      363178 :         samba_dsdb_dn = ldb_dn_new(tmp_ctx, ldb, "@SAMBA_DSDB");
     747      363178 :         if (samba_dsdb_dn == NULL) {
     748           0 :                 TALLOC_FREE(tmp_ctx);
     749           0 :                 return ldb_oom(ldb);
     750             :         }
     751             : 
     752      363178 :         ret = dsdb_module_search_dn(module,
     753             :                                     tmp_ctx,
     754             :                                     &res,
     755             :                                     samba_dsdb_dn,
     756             :                                     samba_dsdb_attrs,
     757             :                                     DSDB_FLAG_NEXT_MODULE,
     758             :                                     NULL);
     759      363178 :         if (ret == LDB_SUCCESS) {
     760      363178 :                 *found = ldb_msg_check_string_attribute(
     761      363178 :                         res->msgs[0],
     762             :                         SAMBA_COMPATIBLE_FEATURES_ATTR,
     763             :                         feature);
     764           0 :         } else if (ret == LDB_ERR_NO_SUCH_OBJECT) {
     765             :                 /* it is not an error not to find it */
     766           0 :                 ret = LDB_SUCCESS;
     767             :         }
     768      363178 :         TALLOC_FREE(tmp_ctx);
     769      363178 :         return ret;
     770             : }
     771             : 
     772             : 
     773             : /*
     774             :   check if an optional feature is enabled on our own NTDS DN
     775             : 
     776             :   Note that features can be marked as enabled in more than one
     777             :   place. For example, the recyclebin feature is marked as enabled both
     778             :   on the CN=Partitions,CN=Configuration object and on the NTDS DN of
     779             :   each DC in the forest. It seems likely that it is the job of the KCC
     780             :   to propagate between the two
     781             :  */
     782      119623 : int dsdb_check_optional_feature(struct ldb_module *module, struct GUID op_feature_guid, bool *feature_enabled)
     783             : {
     784        2217 :         TALLOC_CTX *tmp_ctx;
     785      119623 :         struct ldb_context *ldb = ldb_module_get_ctx(module);
     786        2217 :         struct ldb_result *res;
     787        2217 :         struct ldb_dn *search_dn;
     788        2217 :         struct GUID search_guid;
     789        2217 :         static const char * const attrs[] = {"msDS-EnabledFeature", NULL};
     790        2217 :         int ret;
     791        2217 :         unsigned int i;
     792        2217 :         struct ldb_message_element *el;
     793        2217 :         struct ldb_dn *feature_dn;
     794             : 
     795      119623 :         tmp_ctx = talloc_new(ldb);
     796             : 
     797      119623 :         feature_dn = samdb_ntds_settings_dn(ldb_module_get_ctx(module), tmp_ctx);
     798      119623 :         if (feature_dn == NULL) {
     799           0 :                 talloc_free(tmp_ctx);
     800           0 :                 return ldb_operr(ldb_module_get_ctx(module));
     801             :         }
     802             : 
     803      119623 :         *feature_enabled = false;
     804             : 
     805      119623 :         ret = dsdb_module_search_dn(module, tmp_ctx, &res, feature_dn, attrs, DSDB_FLAG_NEXT_MODULE, NULL);
     806      119623 :         if (ret != LDB_SUCCESS) {
     807        1809 :                 ldb_asprintf_errstring(ldb,
     808             :                                 "Could not find the feature object - dn: %s\n",
     809             :                                 ldb_dn_get_linearized(feature_dn));
     810        1809 :                 talloc_free(tmp_ctx);
     811        1809 :                 return LDB_ERR_NO_SUCH_OBJECT;
     812             :         }
     813      117814 :         if (res->msgs[0]->num_elements > 0) {
     814           0 :                 static const char * const attrs2[] = {"msDS-OptionalFeatureGUID", NULL};
     815             : 
     816           0 :                 el = ldb_msg_find_element(res->msgs[0],"msDS-EnabledFeature");
     817             : 
     818           0 :                 for (i=0; i<el->num_values; i++) {
     819           0 :                         search_dn = ldb_dn_from_ldb_val(tmp_ctx, ldb, &el->values[i]);
     820             : 
     821           0 :                         ret = dsdb_module_search_dn(module, tmp_ctx, &res,
     822             :                                                     search_dn, attrs2, DSDB_FLAG_NEXT_MODULE, NULL);
     823           0 :                         if (ret != LDB_SUCCESS) {
     824           0 :                                 ldb_asprintf_errstring(ldb,
     825             :                                                 "Could no find object dn: %s\n",
     826             :                                                 ldb_dn_get_linearized(search_dn));
     827           0 :                                 talloc_free(tmp_ctx);
     828           0 :                                 return LDB_ERR_OPERATIONS_ERROR;
     829             :                         }
     830             : 
     831           0 :                         search_guid = samdb_result_guid(res->msgs[0], "msDS-OptionalFeatureGUID");
     832             : 
     833           0 :                         if (GUID_equal(&search_guid, &op_feature_guid)) {
     834           0 :                                 *feature_enabled = true;
     835           0 :                                 break;
     836             :                         }
     837             :                 }
     838             :         }
     839      117814 :         talloc_free(tmp_ctx);
     840      117814 :         return LDB_SUCCESS;
     841             : }
     842             : 
     843             : /*
     844             :   find the NTDS GUID from a computers DN record
     845             :  */
     846         397 : int dsdb_module_find_ntdsguid_for_computer(struct ldb_module *module,
     847             :                                            TALLOC_CTX *mem_ctx,
     848             :                                            struct ldb_dn *computer_dn,
     849             :                                            struct GUID *ntds_guid,
     850             :                                            struct ldb_request *parent)
     851             : {
     852           0 :         int ret;
     853           0 :         struct ldb_dn *dn;
     854             : 
     855         397 :         *ntds_guid = GUID_zero();
     856             : 
     857         397 :         ret = dsdb_module_reference_dn(module, mem_ctx, computer_dn,
     858             :                                        "serverReferenceBL", &dn, parent);
     859         397 :         if (ret != LDB_SUCCESS) {
     860           0 :                 return ret;
     861             :         }
     862             : 
     863         397 :         if (!ldb_dn_add_child_fmt(dn, "CN=NTDS Settings")) {
     864           0 :                 talloc_free(dn);
     865           0 :                 return LDB_ERR_OPERATIONS_ERROR;
     866             :         }
     867             : 
     868         397 :         ret = dsdb_module_guid_by_dn(module, dn, ntds_guid, parent);
     869         397 :         talloc_free(dn);
     870         397 :         return ret;
     871             : }
     872             : 
     873             : /*
     874             :   find a 'reference' DN that points at another object
     875             :   (eg. serverReference, rIDManagerReference etc)
     876             :  */
     877        1506 : int dsdb_module_reference_dn(struct ldb_module *module, TALLOC_CTX *mem_ctx, struct ldb_dn *base,
     878             :                              const char *attribute, struct ldb_dn **dn, struct ldb_request *parent)
     879             : {
     880           0 :         const char *attrs[2];
     881           0 :         struct ldb_result *res;
     882           0 :         int ret;
     883             : 
     884        1506 :         attrs[0] = attribute;
     885        1506 :         attrs[1] = NULL;
     886             : 
     887        1506 :         ret = dsdb_module_search_dn(module, mem_ctx, &res, base, attrs,
     888             :                                     DSDB_FLAG_NEXT_MODULE | DSDB_SEARCH_SHOW_EXTENDED_DN, parent);
     889        1506 :         if (ret != LDB_SUCCESS) {
     890           0 :                 return ret;
     891             :         }
     892             : 
     893        1506 :         *dn = ldb_msg_find_attr_as_dn(ldb_module_get_ctx(module),
     894        1506 :                                       mem_ctx, res->msgs[0], attribute);
     895        1506 :         if (!*dn) {
     896          34 :                 ldb_reset_err_string(ldb_module_get_ctx(module));
     897          34 :                 talloc_free(res);
     898          34 :                 return LDB_ERR_NO_SUCH_ATTRIBUTE;
     899             :         }
     900             : 
     901        1472 :         talloc_free(res);
     902        1472 :         return LDB_SUCCESS;
     903             : }
     904             : 
     905             : /*
     906             :   find the RID Manager$ DN via the rIDManagerReference attribute in the
     907             :   base DN
     908             :  */
     909         493 : int dsdb_module_rid_manager_dn(struct ldb_module *module, TALLOC_CTX *mem_ctx, struct ldb_dn **dn,
     910             :                                struct ldb_request *parent)
     911             : {
     912         493 :         return dsdb_module_reference_dn(module, mem_ctx,
     913             :                                         ldb_get_default_basedn(ldb_module_get_ctx(module)),
     914             :                                         "rIDManagerReference", dn, parent);
     915             : }
     916             : 
     917             : /*
     918             :   used to chain to the callers callback
     919             :  */
     920   160470130 : int dsdb_next_callback(struct ldb_request *req, struct ldb_reply *ares)
     921             : {
     922   160470130 :         struct ldb_request *up_req = talloc_get_type(req->context, struct ldb_request);
     923             : 
     924   160470130 :         if (!ares) {
     925           0 :                 return ldb_module_done(up_req, NULL, NULL,
     926             :                                        LDB_ERR_OPERATIONS_ERROR);
     927             :         }
     928             : 
     929   160470130 :         if (ares->error != LDB_SUCCESS || ares->type == LDB_REPLY_DONE) {
     930    56082012 :                 return ldb_module_done(up_req, ares->controls,
     931             :                                        ares->response, ares->error);
     932             :         }
     933             : 
     934             :         /* Otherwise pass on the callback */
     935   104388118 :         switch (ares->type) {
     936   100137289 :         case LDB_REPLY_ENTRY:
     937   100137289 :                 return ldb_module_send_entry(up_req, ares->message,
     938             :                                              ares->controls);
     939             : 
     940     4250829 :         case LDB_REPLY_REFERRAL:
     941     4250829 :                 return ldb_module_send_referral(up_req,
     942             :                                                 ares->referral);
     943           0 :         default:
     944             :                 /* Can't happen */
     945           0 :                 return LDB_ERR_OPERATIONS_ERROR;
     946             :         }
     947             : }
     948             : 
     949             : /*
     950             :   load the uSNHighest and the uSNUrgent attributes from the @REPLCHANGED
     951             :   object for a partition
     952             :  */
     953           0 : int dsdb_module_load_partition_usn(struct ldb_module *module, struct ldb_dn *dn,
     954             :                                    uint64_t *uSN, uint64_t *urgent_uSN, struct ldb_request *parent)
     955             : {
     956           0 :         struct ldb_context *ldb = ldb_module_get_ctx(module);
     957           0 :         struct ldb_request *req;
     958           0 :         int ret;
     959           0 :         TALLOC_CTX *tmp_ctx = talloc_new(module);
     960           0 :         struct dsdb_control_current_partition *p_ctrl;
     961           0 :         struct ldb_result *res;
     962             : 
     963           0 :         res = talloc_zero(tmp_ctx, struct ldb_result);
     964           0 :         if (!res) {
     965           0 :                 talloc_free(tmp_ctx);
     966           0 :                 return ldb_module_oom(module);
     967             :         }
     968             : 
     969           0 :         ret = ldb_build_search_req(&req, ldb, tmp_ctx,
     970             :                                    ldb_dn_new(tmp_ctx, ldb, "@REPLCHANGED"),
     971             :                                    LDB_SCOPE_BASE,
     972             :                                    NULL, NULL,
     973             :                                    NULL,
     974             :                                    res, ldb_search_default_callback,
     975             :                                    parent);
     976           0 :         LDB_REQ_SET_LOCATION(req);
     977           0 :         if (ret != LDB_SUCCESS) {
     978           0 :                 talloc_free(tmp_ctx);
     979           0 :                 return ret;
     980             :         }
     981             : 
     982           0 :         p_ctrl = talloc(req, struct dsdb_control_current_partition);
     983           0 :         if (p_ctrl == NULL) {
     984           0 :                 talloc_free(tmp_ctx);
     985           0 :                 return ldb_module_oom(module);
     986             :         }
     987           0 :         p_ctrl->version = DSDB_CONTROL_CURRENT_PARTITION_VERSION;
     988           0 :         p_ctrl->dn = dn;
     989             : 
     990             : 
     991           0 :         ret = ldb_request_add_control(req,
     992             :                                       DSDB_CONTROL_CURRENT_PARTITION_OID,
     993             :                                       false, p_ctrl);
     994           0 :         if (ret != LDB_SUCCESS) {
     995           0 :                 talloc_free(tmp_ctx);
     996           0 :                 return ret;
     997             :         }
     998             : 
     999             :         /* Run the new request */
    1000           0 :         ret = ldb_next_request(module, req);
    1001             : 
    1002           0 :         if (ret == LDB_SUCCESS) {
    1003           0 :                 ret = ldb_wait(req->handle, LDB_WAIT_ALL);
    1004             :         }
    1005             : 
    1006           0 :         if (ret == LDB_ERR_NO_SUCH_OBJECT || ret == LDB_ERR_INVALID_DN_SYNTAX) {
    1007             :                 /* it hasn't been created yet, which means
    1008             :                    an implicit value of zero */
    1009           0 :                 *uSN = 0;
    1010           0 :                 talloc_free(tmp_ctx);
    1011           0 :                 ldb_reset_err_string(ldb);
    1012           0 :                 return LDB_SUCCESS;
    1013             :         }
    1014             : 
    1015           0 :         if (ret != LDB_SUCCESS) {
    1016           0 :                 talloc_free(tmp_ctx);
    1017           0 :                 return ret;
    1018             :         }
    1019             : 
    1020           0 :         if (res->count != 1) {
    1021           0 :                 *uSN = 0;
    1022           0 :                 if (urgent_uSN) {
    1023           0 :                         *urgent_uSN = 0;
    1024             :                 }
    1025             :         } else {
    1026           0 :                 *uSN = ldb_msg_find_attr_as_uint64(res->msgs[0], "uSNHighest", 0);
    1027           0 :                 if (urgent_uSN) {
    1028           0 :                         *urgent_uSN = ldb_msg_find_attr_as_uint64(res->msgs[0], "uSNUrgent", 0);
    1029             :                 }
    1030             :         }
    1031             : 
    1032           0 :         talloc_free(tmp_ctx);
    1033             : 
    1034           0 :         return LDB_SUCCESS;
    1035             : }
    1036             : 
    1037             : /*
    1038             :   save uSNHighest and uSNUrgent attributes in the @REPLCHANGED object for a
    1039             :   partition
    1040             :  */
    1041      227413 : int dsdb_module_save_partition_usn(struct ldb_module *module, struct ldb_dn *dn,
    1042             :                                    uint64_t uSN, uint64_t urgent_uSN,
    1043             :                                    struct ldb_request *parent)
    1044             : {
    1045      227413 :         struct ldb_context *ldb = ldb_module_get_ctx(module);
    1046        1106 :         struct ldb_request *req;
    1047        1106 :         struct ldb_message *msg;
    1048        1106 :         struct dsdb_control_current_partition *p_ctrl;
    1049        1106 :         int ret;
    1050        1106 :         struct ldb_result *res;
    1051             : 
    1052      227413 :         msg = ldb_msg_new(module);
    1053      227413 :         if (msg == NULL) {
    1054           0 :                 return ldb_module_oom(module);
    1055             :         }
    1056             : 
    1057      227413 :         msg->dn = ldb_dn_new(msg, ldb, "@REPLCHANGED");
    1058      227413 :         if (msg->dn == NULL) {
    1059           0 :                 talloc_free(msg);
    1060           0 :                 return ldb_operr(ldb_module_get_ctx(module));
    1061             :         }
    1062             : 
    1063      227413 :         res = talloc_zero(msg, struct ldb_result);
    1064      227413 :         if (!res) {
    1065           0 :                 talloc_free(msg);
    1066           0 :                 return ldb_module_oom(module);
    1067             :         }
    1068             : 
    1069      227413 :         ret = samdb_msg_add_uint64(ldb, msg, msg, "uSNHighest", uSN);
    1070      227413 :         if (ret != LDB_SUCCESS) {
    1071           0 :                 talloc_free(msg);
    1072           0 :                 return ret;
    1073             :         }
    1074      227413 :         msg->elements[0].flags = LDB_FLAG_MOD_REPLACE;
    1075             : 
    1076             :         /* urgent_uSN is optional so may not be stored */
    1077      227413 :         if (urgent_uSN) {
    1078       33741 :                 ret = samdb_msg_add_uint64(ldb, msg, msg, "uSNUrgent",
    1079             :                                            urgent_uSN);
    1080       33741 :                 if (ret != LDB_SUCCESS) {
    1081           0 :                         talloc_free(msg);
    1082           0 :                         return ret;
    1083             :                 }
    1084       33741 :                 msg->elements[1].flags = LDB_FLAG_MOD_REPLACE;
    1085             :         }
    1086             : 
    1087             : 
    1088      227413 :         p_ctrl = talloc(msg, struct dsdb_control_current_partition);
    1089      227413 :         if (p_ctrl == NULL) {
    1090           0 :                 talloc_free(msg);
    1091           0 :                 return ldb_oom(ldb);
    1092             :         }
    1093      227413 :         p_ctrl->version = DSDB_CONTROL_CURRENT_PARTITION_VERSION;
    1094      227413 :         p_ctrl->dn = dn;
    1095      227413 :         ret = ldb_build_mod_req(&req, ldb, msg,
    1096             :                                 msg,
    1097             :                                 NULL,
    1098             :                                 res,
    1099             :                                 ldb_modify_default_callback,
    1100             :                                 parent);
    1101      227413 :         LDB_REQ_SET_LOCATION(req);
    1102      228392 : again:
    1103      228392 :         if (ret != LDB_SUCCESS) {
    1104           0 :                 talloc_free(msg);
    1105           0 :                 return ret;
    1106             :         }
    1107             : 
    1108      228392 :         ret = ldb_request_add_control(req,
    1109             :                                       DSDB_CONTROL_CURRENT_PARTITION_OID,
    1110             :                                       false, p_ctrl);
    1111      228392 :         if (ret != LDB_SUCCESS) {
    1112           0 :                 talloc_free(msg);
    1113           0 :                 return ret;
    1114             :         }
    1115             : 
    1116             :         /* Run the new request */
    1117      228392 :         ret = ldb_next_request(module, req);
    1118             : 
    1119      228392 :         if (ret == LDB_SUCCESS) {
    1120      228392 :                 ret = ldb_wait(req->handle, LDB_WAIT_ALL);
    1121             :         }
    1122      228392 :         if (ret == LDB_ERR_NO_SUCH_OBJECT) {
    1123         979 :                 ret = ldb_build_add_req(&req, ldb, msg,
    1124             :                                         msg,
    1125             :                                         NULL,
    1126             :                                         res,
    1127             :                                         ldb_modify_default_callback,
    1128             :                                         parent);
    1129         979 :                 LDB_REQ_SET_LOCATION(req);
    1130         979 :                 goto again;
    1131             :         }
    1132             : 
    1133      227413 :         talloc_free(msg);
    1134             : 
    1135      227413 :         return ret;
    1136             : }
    1137             : 
    1138    52555676 : bool dsdb_module_am_system(struct ldb_module *module)
    1139             : {
    1140    52555676 :         struct ldb_context *ldb = ldb_module_get_ctx(module);
    1141     3077603 :         struct auth_session_info *session_info
    1142    52555676 :                 = talloc_get_type(
    1143             :                         ldb_get_opaque(ldb, DSDB_SESSION_INFO),
    1144             :                         struct auth_session_info);
    1145    52555676 :         return security_session_user_level(session_info, NULL) == SECURITY_SYSTEM;
    1146             : }
    1147             : 
    1148    32773508 : bool dsdb_module_am_administrator(struct ldb_module *module)
    1149             : {
    1150    32773508 :         struct ldb_context *ldb = ldb_module_get_ctx(module);
    1151     1758689 :         struct auth_session_info *session_info
    1152    32773508 :                 = talloc_get_type(
    1153             :                         ldb_get_opaque(ldb, DSDB_SESSION_INFO),
    1154             :                         struct auth_session_info);
    1155    32773508 :         return security_session_user_level(session_info, NULL) == SECURITY_ADMINISTRATOR;
    1156             : }
    1157             : 
    1158             : /*
    1159             :  * Return ‘true’ if the caller has system access. The ‘acl’ module passes
    1160             :  * SYSTEM_CONTROL_STRIP_CRITICAL when it wants to strip the critical flag.
    1161             :  */
    1162    35764608 : bool dsdb_have_system_access(
    1163             :         struct ldb_module *module,
    1164             :         struct ldb_request *req,
    1165             :         const enum system_control_strip_critical strip_critical)
    1166             : {
    1167    35764608 :         struct ldb_control *as_system = NULL;
    1168             : 
    1169    35764608 :         as_system = ldb_request_get_control(req, LDB_CONTROL_AS_SYSTEM_OID);
    1170    35764608 :         if (as_system != NULL) {
    1171    16332374 :                 switch (strip_critical) {
    1172    15192447 :                 case SYSTEM_CONTROL_KEEP_CRITICAL:
    1173    15192447 :                         break;
    1174      294359 :                 case SYSTEM_CONTROL_STRIP_CRITICAL:
    1175      294359 :                         as_system->critical = 0;
    1176      294359 :                         break;
    1177             :                 }
    1178             : 
    1179    16332374 :                 return true;
    1180             :         }
    1181             : 
    1182    19432234 :         return dsdb_module_am_system(module);
    1183             : }
    1184             : 
    1185             : /*
    1186             :   check if the recyclebin is enabled
    1187             :  */
    1188      119623 : int dsdb_recyclebin_enabled(struct ldb_module *module, bool *enabled)
    1189             : {
    1190      119623 :         struct ldb_context *ldb = ldb_module_get_ctx(module);
    1191        2217 :         struct GUID recyclebin_guid;
    1192        2217 :         int ret;
    1193             : 
    1194      119623 :         GUID_from_string(DS_GUID_FEATURE_RECYCLE_BIN, &recyclebin_guid);
    1195             : 
    1196      119623 :         ret = dsdb_check_optional_feature(module, recyclebin_guid, enabled);
    1197      119623 :         if (ret != LDB_SUCCESS) {
    1198        1809 :                 ldb_asprintf_errstring(ldb, "Could not verify if Recycle Bin is enabled \n");
    1199        1809 :                 return ret;
    1200             :         }
    1201             : 
    1202      115619 :         return LDB_SUCCESS;
    1203             : }
    1204             : 
    1205       69851 : int dsdb_msg_constrainted_update_int32(struct ldb_module *module,
    1206             :                                        struct ldb_message *msg,
    1207             :                                        const char *attr,
    1208             :                                        const int32_t *old_val,
    1209             :                                        const int32_t *new_val)
    1210             : {
    1211         345 :         struct ldb_message_element *el;
    1212         345 :         int ret;
    1213         345 :         char *vstring;
    1214             : 
    1215       69851 :         if (old_val) {
    1216       34903 :                 ret = ldb_msg_add_empty(msg, attr, LDB_FLAG_MOD_DELETE, &el);
    1217       34903 :                 if (ret != LDB_SUCCESS) {
    1218           0 :                         return ret;
    1219             :                 }
    1220       34903 :                 el->num_values = 1;
    1221       34903 :                 el->values = talloc_array(msg, struct ldb_val, el->num_values);
    1222       34903 :                 if (!el->values) {
    1223           0 :                         return ldb_module_oom(module);
    1224             :                 }
    1225       34903 :                 vstring = talloc_asprintf(el->values, "%ld", (long)*old_val);
    1226       34903 :                 if (!vstring) {
    1227           0 :                         return ldb_module_oom(module);
    1228             :                 }
    1229       34903 :                 *el->values = data_blob_string_const(vstring);
    1230             :         }
    1231             : 
    1232       69851 :         if (new_val) {
    1233       35057 :                 ret = ldb_msg_add_empty(msg, attr, LDB_FLAG_MOD_ADD, &el);
    1234       35057 :                 if (ret != LDB_SUCCESS) {
    1235           0 :                         return ret;
    1236             :                 }
    1237       35057 :                 el->num_values = 1;
    1238       35057 :                 el->values = talloc_array(msg, struct ldb_val, el->num_values);
    1239       35057 :                 if (!el->values) {
    1240           0 :                         return ldb_module_oom(module);
    1241             :                 }
    1242       35057 :                 vstring = talloc_asprintf(el->values, "%ld", (long)*new_val);
    1243       35057 :                 if (!vstring) {
    1244           0 :                         return ldb_module_oom(module);
    1245             :                 }
    1246       35057 :                 *el->values = data_blob_string_const(vstring);
    1247             :         }
    1248             : 
    1249       69506 :         return LDB_SUCCESS;
    1250             : }
    1251             : 
    1252       69850 : int dsdb_msg_constrainted_update_uint32(struct ldb_module *module,
    1253             :                                         struct ldb_message *msg,
    1254             :                                         const char *attr,
    1255             :                                         const uint32_t *old_val,
    1256             :                                         const uint32_t *new_val)
    1257             : {
    1258       69850 :         return dsdb_msg_constrainted_update_int32(module, msg, attr,
    1259             :                                                   (const int32_t *)old_val,
    1260             :                                                   (const int32_t *)new_val);
    1261             : }
    1262             : 
    1263       69995 : int dsdb_msg_constrainted_update_int64(struct ldb_module *module,
    1264             :                                        struct ldb_message *msg,
    1265             :                                        const char *attr,
    1266             :                                        const int64_t *old_val,
    1267             :                                        const int64_t *new_val)
    1268             : {
    1269         344 :         struct ldb_message_element *el;
    1270         344 :         int ret;
    1271         344 :         char *vstring;
    1272             : 
    1273       69995 :         if (old_val) {
    1274         279 :                 ret = ldb_msg_add_empty(msg, attr, LDB_FLAG_MOD_DELETE, &el);
    1275         279 :                 if (ret != LDB_SUCCESS) {
    1276           0 :                         return ret;
    1277             :                 }
    1278         279 :                 el->num_values = 1;
    1279         279 :                 el->values = talloc_array(msg, struct ldb_val, el->num_values);
    1280         279 :                 if (!el->values) {
    1281           0 :                         return ldb_module_oom(module);
    1282             :                 }
    1283         279 :                 vstring = talloc_asprintf(el->values, "%lld", (long long)*old_val);
    1284         279 :                 if (!vstring) {
    1285           0 :                         return ldb_module_oom(module);
    1286             :                 }
    1287         279 :                 *el->values = data_blob_string_const(vstring);
    1288             :         }
    1289             : 
    1290       69995 :         if (new_val) {
    1291         432 :                 ret = ldb_msg_add_empty(msg, attr, LDB_FLAG_MOD_ADD, &el);
    1292         432 :                 if (ret != LDB_SUCCESS) {
    1293           0 :                         return ret;
    1294             :                 }
    1295         432 :                 el->num_values = 1;
    1296         432 :                 el->values = talloc_array(msg, struct ldb_val, el->num_values);
    1297         432 :                 if (!el->values) {
    1298           0 :                         return ldb_module_oom(module);
    1299             :                 }
    1300         432 :                 vstring = talloc_asprintf(el->values, "%lld", (long long)*new_val);
    1301         432 :                 if (!vstring) {
    1302           0 :                         return ldb_module_oom(module);
    1303             :                 }
    1304         432 :                 *el->values = data_blob_string_const(vstring);
    1305             :         }
    1306             : 
    1307       69651 :         return LDB_SUCCESS;
    1308             : }
    1309             : 
    1310       69850 : int dsdb_msg_constrainted_update_uint64(struct ldb_module *module,
    1311             :                                         struct ldb_message *msg,
    1312             :                                         const char *attr,
    1313             :                                         const uint64_t *old_val,
    1314             :                                         const uint64_t *new_val)
    1315             : {
    1316       69850 :         return dsdb_msg_constrainted_update_int64(module, msg, attr,
    1317             :                                                   (const int64_t *)old_val,
    1318             :                                                   (const int64_t *)new_val);
    1319             : }
    1320             : 
    1321             : /*
    1322             :   update an int32 attribute safely via a constrained delete/add
    1323             :  */
    1324           1 : int dsdb_module_constrainted_update_int32(struct ldb_module *module,
    1325             :                                           struct ldb_dn *dn,
    1326             :                                           const char *attr,
    1327             :                                           const int32_t *old_val,
    1328             :                                           const int32_t *new_val,
    1329             :                                           struct ldb_request *parent)
    1330             : {
    1331           1 :         struct ldb_message *msg;
    1332           1 :         int ret;
    1333             : 
    1334           1 :         msg = ldb_msg_new(module);
    1335           1 :         if (msg == NULL) {
    1336           0 :                 return ldb_module_oom(module);
    1337             :         }
    1338           1 :         msg->dn = dn;
    1339             : 
    1340           1 :         ret = dsdb_msg_constrainted_update_int32(module,
    1341             :                                                  msg, attr,
    1342             :                                                  old_val,
    1343             :                                                  new_val);
    1344           1 :         if (ret != LDB_SUCCESS) {
    1345           0 :                 talloc_free(msg);
    1346           0 :                 return ret;
    1347             :         }
    1348             : 
    1349           1 :         ret = dsdb_module_modify(module, msg, DSDB_FLAG_NEXT_MODULE, parent);
    1350           1 :         talloc_free(msg);
    1351           1 :         return ret;
    1352             : }
    1353             : 
    1354           1 : int dsdb_module_constrainted_update_uint32(struct ldb_module *module,
    1355             :                                            struct ldb_dn *dn,
    1356             :                                            const char *attr,
    1357             :                                            const uint32_t *old_val,
    1358             :                                            const uint32_t *new_val,
    1359             :                                            struct ldb_request *parent)
    1360             : {
    1361           1 :         return dsdb_module_constrainted_update_int32(module, dn, attr,
    1362             :                                                      (const int32_t *)old_val,
    1363             :                                                      (const int32_t *)new_val, parent);
    1364             : }
    1365             : 
    1366             : /*
    1367             :   update an int64 attribute safely via a constrained delete/add
    1368             :  */
    1369         145 : int dsdb_module_constrainted_update_int64(struct ldb_module *module,
    1370             :                                           struct ldb_dn *dn,
    1371             :                                           const char *attr,
    1372             :                                           const int64_t *old_val,
    1373             :                                           const int64_t *new_val,
    1374             :                                           struct ldb_request *parent)
    1375             : {
    1376           0 :         struct ldb_message *msg;
    1377           0 :         int ret;
    1378             : 
    1379         145 :         msg = ldb_msg_new(module);
    1380         145 :         if (msg == NULL) {
    1381           0 :                 return ldb_module_oom(module);
    1382             :         }
    1383         145 :         msg->dn = dn;
    1384             : 
    1385         145 :         ret = dsdb_msg_constrainted_update_int64(module,
    1386             :                                                  msg, attr,
    1387             :                                                  old_val,
    1388             :                                                  new_val);
    1389         145 :         if (ret != LDB_SUCCESS) {
    1390           0 :                 talloc_free(msg);
    1391           0 :                 return ret;
    1392             :         }
    1393             : 
    1394         145 :         ret = dsdb_module_modify(module, msg, DSDB_FLAG_NEXT_MODULE, parent);
    1395         145 :         talloc_free(msg);
    1396         145 :         return ret;
    1397             : }
    1398             : 
    1399         145 : int dsdb_module_constrainted_update_uint64(struct ldb_module *module,
    1400             :                                            struct ldb_dn *dn,
    1401             :                                            const char *attr,
    1402             :                                            const uint64_t *old_val,
    1403             :                                            const uint64_t *new_val,
    1404             :                                            struct ldb_request *parent)
    1405             : {
    1406         145 :         return dsdb_module_constrainted_update_int64(module, dn, attr,
    1407             :                                                      (const int64_t *)old_val,
    1408             :                                                      (const int64_t *)new_val,
    1409             :                                                      parent);
    1410             : }
    1411             : 
    1412             : 
    1413     2236232 : const struct ldb_val *dsdb_module_find_dsheuristics(struct ldb_module *module,
    1414             :                                                     TALLOC_CTX *mem_ctx, struct ldb_request *parent)
    1415             : {
    1416      210257 :         int ret;
    1417      210257 :         struct ldb_dn *new_dn;
    1418     2236232 :         struct ldb_context *ldb = ldb_module_get_ctx(module);
    1419      210257 :         static const char * const attrs[] = { "dSHeuristics", NULL };
    1420      210257 :         struct ldb_result *res;
    1421             : 
    1422     2236232 :         new_dn = ldb_dn_copy(mem_ctx, ldb_get_config_basedn(ldb));
    1423     2236232 :         if (!ldb_dn_add_child_fmt(new_dn,
    1424             :                                    "CN=Directory Service,CN=Windows NT,CN=Services")) {
    1425           0 :                 talloc_free(new_dn);
    1426           0 :                 return NULL;
    1427             :         }
    1428     2236232 :         ret = dsdb_module_search_dn(module, mem_ctx, &res,
    1429             :                                     new_dn,
    1430             :                                     attrs,
    1431             :                                     DSDB_FLAG_NEXT_MODULE,
    1432             :                                     parent);
    1433     2236232 :         if (ret == LDB_SUCCESS && res->count == 1) {
    1434     1743581 :                 talloc_free(new_dn);
    1435     1743581 :                 return ldb_msg_find_ldb_val(res->msgs[0],
    1436             :                                             "dSHeuristics");
    1437             :         }
    1438      492651 :         talloc_free(new_dn);
    1439      492651 :         return NULL;
    1440             : }
    1441             : 
    1442      182236 : bool dsdb_block_anonymous_ops(struct ldb_module *module, struct ldb_request *parent)
    1443             : {
    1444      182236 :         TALLOC_CTX *tmp_ctx = talloc_new(module);
    1445        6110 :         bool result;
    1446      182236 :         const struct ldb_val *hr_val = dsdb_module_find_dsheuristics(module,
    1447             :                                                                      tmp_ctx, parent);
    1448      182236 :         if (hr_val == NULL || hr_val->length < DS_HR_BLOCK_ANONYMOUS_OPS) {
    1449      142778 :                 result = true;
    1450       33348 :         } else if (hr_val->data[DS_HR_BLOCK_ANONYMOUS_OPS -1] == '2') {
    1451          17 :                 result = false;
    1452             :         } else {
    1453       33331 :                 result = true;
    1454             :         }
    1455             : 
    1456      182236 :         talloc_free(tmp_ctx);
    1457      182236 :         return result;
    1458             : }
    1459             : 
    1460     1498757 : bool dsdb_user_password_support(struct ldb_module *module,
    1461             :                                 TALLOC_CTX *mem_ctx,
    1462             :                                 struct ldb_request *parent)
    1463             : {
    1464     1498757 :         TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
    1465      120601 :         bool result;
    1466     1498757 :         const struct ldb_val *hr_val = dsdb_module_find_dsheuristics(module,
    1467             :                                                                      tmp_ctx,
    1468             :                                                                      parent);
    1469     1498757 :         if (hr_val == NULL || hr_val->length < DS_HR_USER_PASSWORD_SUPPORT) {
    1470     1242060 :                 result = false;
    1471      136096 :         } else if ((hr_val->data[DS_HR_USER_PASSWORD_SUPPORT -1] == '2') ||
    1472      136060 :                    (hr_val->data[DS_HR_USER_PASSWORD_SUPPORT -1] == '0')) {
    1473      108101 :                 result = false;
    1474             :         } else {
    1475       27995 :                 result = true;
    1476             :         }
    1477             : 
    1478     1498757 :         talloc_free(tmp_ctx);
    1479     1498757 :         return result;
    1480             : }
    1481             : 
    1482       16280 : bool dsdb_do_list_object(struct ldb_module *module,
    1483             :                          TALLOC_CTX *mem_ctx,
    1484             :                          struct ldb_request *parent)
    1485             : {
    1486       16280 :         TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
    1487           0 :         bool result;
    1488       16280 :         const struct ldb_val *hr_val = dsdb_module_find_dsheuristics(module,
    1489             :                                                                      tmp_ctx,
    1490             :                                                                      parent);
    1491       16280 :         if (hr_val == NULL || hr_val->length < DS_HR_DOLISTOBJECT) {
    1492          26 :                 result = false;
    1493       16254 :         } else if (hr_val->data[DS_HR_DOLISTOBJECT -1] == '1') {
    1494        8064 :                 result = true;
    1495             :         } else {
    1496        8190 :                 result = false;
    1497             :         }
    1498             : 
    1499       16280 :         talloc_free(tmp_ctx);
    1500       16280 :         return result;
    1501             : }
    1502             : 
    1503      538653 : bool dsdb_attribute_authz_on_ldap_add(struct ldb_module *module,
    1504             :                                       TALLOC_CTX *mem_ctx,
    1505             :                                       struct ldb_request *parent)
    1506             : {
    1507      538653 :         TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
    1508      538653 :         bool result = false;
    1509      538653 :         const struct ldb_val *hr_val = dsdb_module_find_dsheuristics(module,
    1510             :                                                                      tmp_ctx,
    1511             :                                                                      parent);
    1512      538653 :         if (hr_val != NULL && hr_val->length >= DS_HR_ATTR_AUTHZ_ON_LDAP_ADD) {
    1513       15750 :                 uint8_t val = hr_val->data[DS_HR_ATTR_AUTHZ_ON_LDAP_ADD - 1];
    1514       15750 :                 if (val != '0' && val != '2') {
    1515       15732 :                         result = true;
    1516             :                 }
    1517             :         }
    1518             : 
    1519      538653 :         talloc_free(tmp_ctx);
    1520      538653 :         return result;
    1521             : }
    1522             : 
    1523         306 : bool dsdb_block_owner_implicit_rights(struct ldb_module *module,
    1524             :                                       TALLOC_CTX *mem_ctx,
    1525             :                                       struct ldb_request *parent)
    1526             : {
    1527         306 :         TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
    1528         306 :         bool result = false;
    1529         306 :         const struct ldb_val *hr_val = dsdb_module_find_dsheuristics(module,
    1530             :                                                                      tmp_ctx,
    1531             :                                                                      parent);
    1532         306 :         if (hr_val != NULL && hr_val->length >= DS_HR_BLOCK_OWNER_IMPLICIT_RIGHTS) {
    1533         306 :                 uint8_t val = hr_val->data[DS_HR_BLOCK_OWNER_IMPLICIT_RIGHTS - 1];
    1534         306 :                 if (val != '0' && val != '2') {
    1535         270 :                         result = true;
    1536             :                 }
    1537             :         }
    1538             : 
    1539         306 :         talloc_free(tmp_ctx);
    1540         306 :         return result;
    1541             : }
    1542             : 
    1543             : /*
    1544             :   show the chain of requests, useful for debugging async requests
    1545             :  */
    1546           0 : void dsdb_req_chain_debug(struct ldb_request *req, int level)
    1547             : {
    1548           0 :         char *s = ldb_module_call_chain(req, req);
    1549           0 :         DEBUG(level, ("%s\n", s));
    1550           0 :         talloc_free(s);
    1551           0 : }
    1552             : 
    1553             : /*
    1554             :  * Get all the values that *might* be added by an ldb message, as a composite
    1555             :  * ldb element.
    1556             :  *
    1557             :  * This is useful when we need to check all the possible values against some
    1558             :  * criteria.
    1559             :  *
    1560             :  * In cases where a modify message mixes multiple ADDs, DELETEs, and REPLACES,
    1561             :  * the returned element might contain more values than would actually end up
    1562             :  * in the database if the message was run to its conclusion.
    1563             :  *
    1564             :  * If the operation is not LDB_ADD or LDB_MODIFY, an operations error is
    1565             :  * returned.
    1566             :  *
    1567             :  * The returned element might not be new, and should not be modified or freed
    1568             :  * before the message is finished.
    1569             :  */
    1570             : 
    1571      404108 : int dsdb_get_expected_new_values(TALLOC_CTX *mem_ctx,
    1572             :                                  const struct ldb_message *msg,
    1573             :                                  const char *attr_name,
    1574             :                                  struct ldb_message_element **el,
    1575             :                                  enum ldb_request_type operation)
    1576             : {
    1577       43717 :         unsigned int i;
    1578      404108 :         unsigned int el_count = 0;
    1579      404108 :         unsigned int val_count = 0;
    1580      404108 :         struct ldb_val *v = NULL;
    1581      404108 :         struct ldb_message_element *_el = NULL;
    1582      404108 :         *el = NULL;
    1583             : 
    1584      404108 :         if (operation != LDB_ADD && operation != LDB_MODIFY) {
    1585           0 :                 DBG_ERR("inapplicable operation type: %d\n", operation);
    1586           0 :                 return LDB_ERR_OPERATIONS_ERROR;
    1587             :         }
    1588             : 
    1589             :         /* count the adding or replacing elements */
    1590     7315576 :         for (i = 0; i < msg->num_elements; i++) {
    1591     6911468 :                 if (ldb_attr_cmp(msg->elements[i].name, attr_name) == 0) {
    1592       42608 :                         unsigned int tmp;
    1593      387869 :                         if ((operation == LDB_MODIFY) &&
    1594       37457 :                             (LDB_FLAG_MOD_TYPE(msg->elements[i].flags)
    1595             :                                                 == LDB_FLAG_MOD_DELETE)) {
    1596       14396 :                                 continue;
    1597             :                         }
    1598      373473 :                         el_count++;
    1599      373473 :                         tmp = val_count + msg->elements[i].num_values;
    1600      373473 :                         if (unlikely(tmp < val_count)) {
    1601           0 :                                 DBG_ERR("too many values for one element!\n");
    1602           0 :                                 return LDB_ERR_OPERATIONS_ERROR;
    1603             :                         }
    1604      330901 :                         val_count = tmp;
    1605             :                 }
    1606             :         }
    1607      404108 :         if (el_count == 0) {
    1608             :                 /* nothing to see here */
    1609       29499 :                 return LDB_SUCCESS;
    1610             :         }
    1611             : 
    1612      373464 :         if (el_count == 1 || val_count == 0) {
    1613             :                 /*
    1614             :                  * There is one effective element, which we can return as-is,
    1615             :                  * OR there are only elements with zero values -- any of which
    1616             :                  * will do.
    1617             :                  */
    1618     2416747 :                 for (i = 0; i < msg->num_elements; i++) {
    1619     2416747 :                         if (ldb_attr_cmp(msg->elements[i].name, attr_name) == 0) {
    1620      387827 :                                 if ((operation == LDB_MODIFY) &&
    1621       37415 :                                     (LDB_FLAG_MOD_TYPE(msg->elements[i].flags)
    1622             :                                      == LDB_FLAG_MOD_DELETE)) {
    1623       14372 :                                         continue;
    1624             :                                 }
    1625      373455 :                                 *el = &msg->elements[i];
    1626      373455 :                                 return LDB_SUCCESS;
    1627             :                         }
    1628             :                 }
    1629             :         }
    1630             : 
    1631           9 :         _el = talloc_zero(mem_ctx, struct ldb_message_element);
    1632           9 :         if (_el == NULL) {
    1633           0 :                 return LDB_ERR_OPERATIONS_ERROR;
    1634             :         }
    1635           9 :         _el->name = attr_name;
    1636             : 
    1637           9 :         if (val_count == 0) {
    1638             :                 /*
    1639             :                  * Seems unlikely, but sometimes we might be adding zero
    1640             :                  * values in multiple separate elements. The talloc zero has
    1641             :                  * already set the expected values = NULL, num_values = 0.
    1642             :                  */
    1643           0 :                 *el = _el;
    1644           0 :                 return LDB_SUCCESS;
    1645             :         }
    1646             : 
    1647           9 :         _el->values = talloc_array(_el, struct ldb_val, val_count);
    1648           9 :         if (_el->values == NULL) {
    1649           0 :                 talloc_free(_el);
    1650           0 :                 return LDB_ERR_OPERATIONS_ERROR;
    1651             :         }
    1652           9 :         _el->num_values = val_count;
    1653             : 
    1654           9 :         v = _el->values;
    1655             : 
    1656          36 :         for (i = 0; i < msg->num_elements; i++) {
    1657          27 :                 if (ldb_attr_cmp(msg->elements[i].name, attr_name) == 0) {
    1658          18 :                         const struct ldb_message_element *tmp_el = &msg->elements[i];
    1659          18 :                         if ((operation == LDB_MODIFY) &&
    1660          18 :                             (LDB_FLAG_MOD_TYPE(tmp_el->flags)
    1661             :                                                 == LDB_FLAG_MOD_DELETE)) {
    1662           0 :                                 continue;
    1663             :                         }
    1664          18 :                         if (tmp_el->values == NULL || tmp_el->num_values == 0) {
    1665           0 :                                 continue;
    1666             :                         }
    1667          18 :                         memcpy(v,
    1668          18 :                                tmp_el->values,
    1669          18 :                                tmp_el->num_values * sizeof(*v));
    1670          18 :                         v += tmp_el->num_values;
    1671             :                 }
    1672             :         }
    1673             : 
    1674           9 :         *el = _el;
    1675           9 :         return LDB_SUCCESS;
    1676             : }
    1677             : 
    1678             : 
    1679             : /*
    1680             :  * Get the value of a single-valued attribute from an ADDed message. 'val' will only live as
    1681             :  * long as 'msg' and 'original_val' do, and must not be freed.
    1682             :  */
    1683          36 : int dsdb_msg_add_get_single_value(const struct ldb_message *msg,
    1684             :                                   const char *attr_name,
    1685             :                                   const struct ldb_val **val)
    1686             : {
    1687          36 :         const struct ldb_message_element *el = NULL;
    1688             : 
    1689             :         /*
    1690             :          * The ldb_msg_normalize() call in ldb_request() ensures that
    1691             :          * there is at most one message element for each
    1692             :          * attribute. Thus, we don't need a loop to deal with an
    1693             :          * LDB_ADD.
    1694             :          */
    1695          36 :         el = ldb_msg_find_element(msg, attr_name);
    1696          36 :         if (el == NULL) {
    1697          18 :                 *val = NULL;
    1698          18 :                 return LDB_SUCCESS;
    1699             :         }
    1700          18 :         if (el->num_values != 1) {
    1701           0 :                 return LDB_ERR_CONSTRAINT_VIOLATION;
    1702             :         }
    1703             : 
    1704          18 :         *val = &el->values[0];
    1705          18 :         return LDB_SUCCESS;
    1706             : }
    1707             : 
    1708             : /*
    1709             :  * Get the value of a single-valued attribute after processing a
    1710             :  * message. 'operation' is either LDB_ADD or LDB_MODIFY. 'val' will only live as
    1711             :  * long as 'msg' and 'original_val' do, and must not be freed.
    1712             :  */
    1713        1292 : int dsdb_msg_get_single_value(const struct ldb_message *msg,
    1714             :                               const char *attr_name,
    1715             :                               const struct ldb_val *original_val,
    1716             :                               const struct ldb_val **val,
    1717             :                               enum ldb_request_type operation)
    1718             : {
    1719           3 :         unsigned idx;
    1720             : 
    1721        1292 :         *val = NULL;
    1722             : 
    1723        1292 :         if (operation == LDB_ADD) {
    1724          36 :                 if (original_val != NULL) {
    1725             :                         /* This is an error on the caller's part. */
    1726           0 :                         return LDB_ERR_CONSTRAINT_VIOLATION;
    1727             :                 }
    1728          36 :                 return dsdb_msg_add_get_single_value(msg, attr_name, val);
    1729             :         }
    1730             : 
    1731        1256 :         SMB_ASSERT(operation == LDB_MODIFY);
    1732             : 
    1733        1256 :         *val = original_val;
    1734             : 
    1735        2875 :         for (idx = 0; idx < msg->num_elements; ++idx) {
    1736        1619 :                 const struct ldb_message_element *el = &msg->elements[idx];
    1737             : 
    1738        1619 :                 if (ldb_attr_cmp(el->name, attr_name) != 0) {
    1739        1541 :                         continue;
    1740             :                 }
    1741             : 
    1742          78 :                 switch (el->flags & LDB_FLAG_MOD_MASK) {
    1743           0 :                 case LDB_FLAG_MOD_ADD:
    1744           0 :                         if (el->num_values != 1) {
    1745           0 :                                 return LDB_ERR_CONSTRAINT_VIOLATION;
    1746             :                         }
    1747           0 :                         if (*val != NULL) {
    1748           0 :                                 return LDB_ERR_CONSTRAINT_VIOLATION;
    1749             :                         }
    1750             : 
    1751           0 :                         *val = &el->values[0];
    1752             : 
    1753           0 :                         break;
    1754             : 
    1755          78 :                 case LDB_FLAG_MOD_REPLACE:
    1756          78 :                         if (el->num_values > 1) {
    1757           0 :                                 return LDB_ERR_CONSTRAINT_VIOLATION;
    1758             :                         }
    1759             : 
    1760          78 :                         *val = el->num_values ? &el->values[0] : NULL;
    1761             : 
    1762          78 :                         break;
    1763             : 
    1764           0 :                 case LDB_FLAG_MOD_DELETE:
    1765           0 :                         if (el->num_values > 1) {
    1766           0 :                                 return LDB_ERR_CONSTRAINT_VIOLATION;
    1767             :                         }
    1768             : 
    1769             :                         /*
    1770             :                          * If a value was specified for the delete, we don't
    1771             :                          * bother checking it matches the value we currently
    1772             :                          * have. Any mismatch will be caught later (e.g. in
    1773             :                          * ldb_kv_modify_internal).
    1774             :                          */
    1775             : 
    1776           0 :                         *val = NULL;
    1777             : 
    1778           0 :                         break;
    1779             :                 }
    1780             :         }
    1781             : 
    1782        1253 :         return LDB_SUCCESS;
    1783             : }
    1784             : 
    1785             : /*
    1786             :  * This function determines the (last) structural or 88 object class of a passed
    1787             :  * "objectClass" attribute - per MS-ADTS 3.1.1.1.4 this is the last value.
    1788             :  * Without schema this does not work and hence NULL is returned.
    1789             :  */
    1790     6682335 : const struct dsdb_class *dsdb_get_last_structural_class(const struct dsdb_schema *schema,
    1791             :                                                         const struct ldb_message_element *element)
    1792             : {
    1793      297952 :         const struct dsdb_class *last_class;
    1794             : 
    1795     6682335 :         if (schema == NULL) {
    1796           0 :                 return NULL;
    1797             :         }
    1798             : 
    1799     6682335 :         if (element->num_values == 0) {
    1800           0 :                 return NULL;
    1801             :         }
    1802             : 
    1803     6980287 :         last_class = dsdb_class_by_lDAPDisplayName_ldb_val(schema,
    1804     6682335 :                                                            &element->values[element->num_values-1]);
    1805     6682335 :         if (last_class == NULL) {
    1806           0 :                 return NULL;
    1807             :         }
    1808     6682335 :         if (last_class->objectClassCategory > 1) {
    1809           3 :                 return NULL;
    1810             :         }
    1811             : 
    1812     6384380 :         return last_class;
    1813             : }
    1814             : 
    1815     3943887 : const struct dsdb_class *dsdb_get_structural_oc_from_msg(const struct dsdb_schema *schema,
    1816             :                                                          const struct ldb_message *msg)
    1817             : {
    1818        5380 :         struct ldb_message_element *oc_el;
    1819             : 
    1820     3943887 :         oc_el = ldb_msg_find_element(msg, "objectClass");
    1821     3943887 :         if (!oc_el) {
    1822           0 :                 return NULL;
    1823             :         }
    1824             : 
    1825     3943887 :         return dsdb_get_last_structural_class(schema, oc_el);
    1826             : }
    1827             : 
    1828             : /*
    1829             :   Get the parent class of an objectclass, or NULL if none exists.
    1830             :  */
    1831       42183 : const struct dsdb_class *dsdb_get_parent_class(const struct dsdb_schema *schema,
    1832             :                                                const struct dsdb_class *objectclass)
    1833             : {
    1834       42183 :         if (ldb_attr_cmp(objectclass->lDAPDisplayName, "top") == 0) {
    1835       14958 :                 return NULL;
    1836             :         }
    1837             : 
    1838       27225 :         if (objectclass->subClassOf == NULL) {
    1839           0 :                 return NULL;
    1840             :         }
    1841             : 
    1842       27225 :         return dsdb_class_by_lDAPDisplayName(schema, objectclass->subClassOf);
    1843             : }
    1844             : 
    1845             : /*
    1846             :   Return true if 'struct_objectclass' is a subclass of 'other_objectclass'. The
    1847             :   two objectclasses must originate from the same schema, to allow for
    1848             :   pointer-based identity comparison.
    1849             :  */
    1850       15894 : bool dsdb_is_subclass_of(const struct dsdb_schema *schema,
    1851             :                          const struct dsdb_class *struct_objectclass,
    1852             :                          const struct dsdb_class *other_objectclass)
    1853             : {
    1854       58077 :         while (struct_objectclass != NULL) {
    1855             :                 /* Pointer comparison can be used due to the same schema str. */
    1856       43119 :                 if (struct_objectclass == other_objectclass) {
    1857         933 :                         return true;
    1858             :                 }
    1859             : 
    1860       42183 :                 struct_objectclass = dsdb_get_parent_class(schema, struct_objectclass);
    1861             :         }
    1862             : 
    1863       14958 :         return false;
    1864             : }
    1865             : 
    1866             : /* Fix the DN so that the relative attribute names are in upper case so that the DN:
    1867             :    cn=Administrator,cn=users,dc=samba,dc=example,dc=com becomes
    1868             :    CN=Administrator,CN=users,DC=samba,DC=example,DC=com
    1869             : */
    1870           0 : int dsdb_fix_dn_rdncase(struct ldb_context *ldb, struct ldb_dn *dn)
    1871             : {
    1872           0 :         int i, ret;
    1873           0 :         char *upper_rdn_attr;
    1874             : 
    1875           0 :         for (i=0; i < ldb_dn_get_comp_num(dn); i++) {
    1876             :                 /* We need the attribute name in upper case */
    1877           0 :                 upper_rdn_attr = strupper_talloc(dn,
    1878             :                                                  ldb_dn_get_component_name(dn, i));
    1879           0 :                 if (!upper_rdn_attr) {
    1880           0 :                         return ldb_oom(ldb);
    1881             :                 }
    1882           0 :                 ret = ldb_dn_set_component(dn, i, upper_rdn_attr,
    1883           0 :                                            *ldb_dn_get_component_val(dn, i));
    1884           0 :                 talloc_free(upper_rdn_attr);
    1885           0 :                 if (ret != LDB_SUCCESS) {
    1886           0 :                         return ret;
    1887             :                 }
    1888             :         }
    1889           0 :         return LDB_SUCCESS;
    1890             : }
    1891             : 
    1892             : /**
    1893             :  * Make most specific objectCategory for the objectClass of passed object
    1894             :  * NOTE: In this implementation we count that it is called on already
    1895             :  * verified objectClass attribute value. See objectclass.c thorough
    1896             :  * implementation for all the magic that involves
    1897             :  *
    1898             :  * @param ldb   ldb context
    1899             :  * @param schema cached schema for ldb. We may get it, but it is very time consuming.
    1900             :  *                      Hence leave the responsibility to the caller.
    1901             :  * @param obj   AD object to determine objectCategory for
    1902             :  * @param mem_ctx Memory context - usually it is obj actually
    1903             :  * @param pobjectcategory location to store found objectCategory
    1904             :  *
    1905             :  * @return LDB_SUCCESS or error including out of memory error
    1906             :  */
    1907         274 : int dsdb_make_object_category(struct ldb_context *ldb, const struct dsdb_schema *schema,
    1908             :                               const struct ldb_message *obj,
    1909             :                               TALLOC_CTX *mem_ctx, const char **pobjectcategory)
    1910             : {
    1911           0 :         const struct dsdb_class                 *objectclass;
    1912           0 :         struct ldb_message_element              *objectclass_element;
    1913           0 :         struct dsdb_extended_dn_store_format    *dn_format;
    1914             : 
    1915         274 :         objectclass_element = ldb_msg_find_element(obj, "objectClass");
    1916         274 :         if (!objectclass_element) {
    1917           0 :                 ldb_asprintf_errstring(ldb, "dsdb: Cannot add %s, no objectclass specified!",
    1918           0 :                                        ldb_dn_get_linearized(obj->dn));
    1919           0 :                 return LDB_ERR_OBJECT_CLASS_VIOLATION;
    1920             :         }
    1921         274 :         if (objectclass_element->num_values == 0) {
    1922           0 :                 ldb_asprintf_errstring(ldb, "dsdb: Cannot add %s, at least one (structural) objectclass has to be specified!",
    1923           0 :                                        ldb_dn_get_linearized(obj->dn));
    1924           0 :                 return LDB_ERR_CONSTRAINT_VIOLATION;
    1925             :         }
    1926             : 
    1927             :         /*
    1928             :          * Get the new top-most structural object class and check for
    1929             :          * unrelated structural classes
    1930             :          */
    1931         274 :         objectclass = dsdb_get_last_structural_class(schema,
    1932             :                                                      objectclass_element);
    1933         274 :         if (objectclass == NULL) {
    1934           0 :                 ldb_asprintf_errstring(ldb,
    1935             :                                        "Failed to find a structural class for %s",
    1936           0 :                                        ldb_dn_get_linearized(obj->dn));
    1937           0 :                 return LDB_ERR_UNWILLING_TO_PERFORM;
    1938             :         }
    1939             : 
    1940         274 :         dn_format = talloc_get_type(ldb_get_opaque(ldb, DSDB_EXTENDED_DN_STORE_FORMAT_OPAQUE_NAME),
    1941             :                                     struct dsdb_extended_dn_store_format);
    1942         274 :         if (dn_format && dn_format->store_extended_dn_in_ldb == false) {
    1943             :                 /* Strip off extended components */
    1944           0 :                 struct ldb_dn *dn = ldb_dn_new(mem_ctx, ldb,
    1945           0 :                                                objectclass->defaultObjectCategory);
    1946           0 :                 *pobjectcategory = ldb_dn_alloc_linearized(mem_ctx, dn);
    1947           0 :                 talloc_free(dn);
    1948             :         } else {
    1949         274 :                 *pobjectcategory = talloc_strdup(mem_ctx, objectclass->defaultObjectCategory);
    1950             :         }
    1951             : 
    1952         274 :         if (*pobjectcategory == NULL) {
    1953           0 :                 return ldb_oom(ldb);
    1954             :         }
    1955             : 
    1956         274 :         return LDB_SUCCESS;
    1957             : }
    1958             : 
    1959             : /*
    1960             :  * Remove all password related attributes.
    1961             :  */
    1962       49108 : void dsdb_remove_password_related_attrs(struct ldb_message *msg,
    1963             :                                         bool userPassword)
    1964             : {
    1965       49108 :         if (userPassword) {
    1966        4254 :                 ldb_msg_remove_attr(msg, "userPassword");
    1967             :         }
    1968       49108 :         ldb_msg_remove_attr(msg, "clearTextPassword");
    1969       49108 :         ldb_msg_remove_attr(msg, "unicodePwd");
    1970       49108 :         ldb_msg_remove_attr(msg, "ntPwdHistory");
    1971       49108 :         ldb_msg_remove_attr(msg, "dBCSPwd");
    1972       49108 :         ldb_msg_remove_attr(msg, "lmPwdHistory");
    1973       49108 :         ldb_msg_remove_attr(msg, "supplementalCredentials");
    1974       49108 :         ldb_msg_remove_attr(msg, "pwdLastSet");
    1975       49108 : }

Generated by: LCOV version 1.14