diff options
Diffstat (limited to 'source4/dsdb/samdb/ldb_modules/util.c')
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/util.c | 122 |
1 files changed, 83 insertions, 39 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/util.c b/source4/dsdb/samdb/ldb_modules/util.c index 78dd59012c0..e3e908f033d 100644 --- a/source4/dsdb/samdb/ldb_modules/util.c +++ b/source4/dsdb/samdb/ldb_modules/util.c @@ -37,7 +37,8 @@ int dsdb_module_search_dn(struct ldb_module *module, struct ldb_result **_res, struct ldb_dn *basedn, const char * const *attrs, - uint32_t dsdb_flags) + uint32_t dsdb_flags, + struct ldb_request *parent) { int ret; struct ldb_request *req; @@ -60,7 +61,7 @@ int dsdb_module_search_dn(struct ldb_module *module, NULL, res, ldb_search_default_callback, - NULL); + parent); LDB_REQ_SET_LOCATION(req); if (ret != LDB_SUCCESS) { talloc_free(tmp_ctx); @@ -73,6 +74,10 @@ int dsdb_module_search_dn(struct ldb_module *module, return ret; } + if (dsdb_flags & DSDB_FLAG_TRUSTED) { + ldb_req_mark_trusted(req); + } + /* Run the new request */ if (dsdb_flags & DSDB_FLAG_NEXT_MODULE) { ret = ldb_next_request(module, req); @@ -114,7 +119,8 @@ int dsdb_module_search(struct ldb_module *module, struct ldb_dn *basedn, enum ldb_scope scope, const char * const *attrs, int dsdb_flags, - const char *format, ...) _PRINTF_ATTRIBUTE(8, 9) + struct ldb_request *parent, + const char *format, ...) _PRINTF_ATTRIBUTE(9, 10) { int ret; struct ldb_request *req; @@ -152,7 +158,7 @@ int dsdb_module_search(struct ldb_module *module, NULL, res, ldb_search_default_callback, - NULL); + parent); LDB_REQ_SET_LOCATION(req); if (ret != LDB_SUCCESS) { talloc_free(tmp_ctx); @@ -165,6 +171,10 @@ int dsdb_module_search(struct ldb_module *module, return ret; } + if (dsdb_flags & DSDB_FLAG_TRUSTED) { + ldb_req_mark_trusted(req); + } + if (dsdb_flags & DSDB_FLAG_NEXT_MODULE) { ret = ldb_next_request(module, req); } else if (dsdb_flags & DSDB_FLAG_TOP_MODULE) { @@ -190,7 +200,8 @@ int dsdb_module_search(struct ldb_module *module, find a DN given a GUID. This searches across all partitions */ int dsdb_module_dn_by_guid(struct ldb_module *module, TALLOC_CTX *mem_ctx, - const struct GUID *guid, struct ldb_dn **dn) + const struct GUID *guid, struct ldb_dn **dn, + struct ldb_request *parent) { struct ldb_result *res; const char *attrs[] = { NULL }; @@ -203,6 +214,7 @@ int dsdb_module_dn_by_guid(struct ldb_module *module, TALLOC_CTX *mem_ctx, DSDB_SEARCH_SHOW_RECYCLED | DSDB_SEARCH_SEARCH_ALL_PARTITIONS | DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT, + parent, "objectGUID=%s", GUID_string(tmp_ctx, guid)); if (ret != LDB_SUCCESS) { talloc_free(tmp_ctx); @@ -228,7 +240,8 @@ int dsdb_module_dn_by_guid(struct ldb_module *module, TALLOC_CTX *mem_ctx, /* find a GUID given a DN. */ -int dsdb_module_guid_by_dn(struct ldb_module *module, struct ldb_dn *dn, struct GUID *guid) +int dsdb_module_guid_by_dn(struct ldb_module *module, struct ldb_dn *dn, struct GUID *guid, + struct ldb_request *parent) { const char *attrs[] = { NULL }; struct ldb_result *res; @@ -239,7 +252,8 @@ int dsdb_module_guid_by_dn(struct ldb_module *module, struct ldb_dn *dn, struct ret = dsdb_module_search_dn(module, tmp_ctx, &res, dn, attrs, DSDB_FLAG_NEXT_MODULE | DSDB_SEARCH_SHOW_RECYCLED | - DSDB_SEARCH_SHOW_EXTENDED_DN); + DSDB_SEARCH_SHOW_EXTENDED_DN, + parent); if (ret != LDB_SUCCESS) { ldb_asprintf_errstring(ldb_module_get_ctx(module), "Failed to find GUID for %s", ldb_dn_get_linearized(dn)); @@ -263,7 +277,8 @@ int dsdb_module_guid_by_dn(struct ldb_module *module, struct ldb_dn *dn, struct */ int dsdb_module_modify(struct ldb_module *module, const struct ldb_message *message, - uint32_t dsdb_flags) + uint32_t dsdb_flags, + struct ldb_request *parent) { struct ldb_request *mod_req; int ret; @@ -282,7 +297,7 @@ int dsdb_module_modify(struct ldb_module *module, NULL, res, ldb_modify_default_callback, - NULL); + parent); LDB_REQ_SET_LOCATION(mod_req); if (ret != LDB_SUCCESS) { talloc_free(tmp_ctx); @@ -295,6 +310,10 @@ int dsdb_module_modify(struct ldb_module *module, return ret; } + if (dsdb_flags & DSDB_FLAG_TRUSTED) { + ldb_req_mark_trusted(mod_req); + } + /* Run the new request */ if (dsdb_flags & DSDB_FLAG_NEXT_MODULE) { ret = ldb_next_request(module, mod_req); @@ -320,8 +339,9 @@ int dsdb_module_modify(struct ldb_module *module, current module */ int dsdb_module_rename(struct ldb_module *module, - struct ldb_dn *olddn, struct ldb_dn *newdn, - uint32_t dsdb_flags) + struct ldb_dn *olddn, struct ldb_dn *newdn, + uint32_t dsdb_flags, + struct ldb_request *parent) { struct ldb_request *req; int ret; @@ -341,7 +361,7 @@ int dsdb_module_rename(struct ldb_module *module, NULL, res, ldb_modify_default_callback, - NULL); + parent); LDB_REQ_SET_LOCATION(req); if (ret != LDB_SUCCESS) { talloc_free(tmp_ctx); @@ -354,6 +374,10 @@ int dsdb_module_rename(struct ldb_module *module, return ret; } + if (dsdb_flags & DSDB_FLAG_TRUSTED) { + ldb_req_mark_trusted(req); + } + /* Run the new request */ if (dsdb_flags & DSDB_FLAG_NEXT_MODULE) { ret = ldb_next_request(module, req); @@ -378,7 +402,8 @@ int dsdb_module_rename(struct ldb_module *module, */ int dsdb_module_add(struct ldb_module *module, const struct ldb_message *message, - uint32_t dsdb_flags) + uint32_t dsdb_flags, + struct ldb_request *parent) { struct ldb_request *req; int ret; @@ -397,7 +422,7 @@ int dsdb_module_add(struct ldb_module *module, NULL, res, ldb_modify_default_callback, - NULL); + parent); LDB_REQ_SET_LOCATION(req); if (ret != LDB_SUCCESS) { talloc_free(tmp_ctx); @@ -410,6 +435,10 @@ int dsdb_module_add(struct ldb_module *module, return ret; } + if (dsdb_flags & DSDB_FLAG_TRUSTED) { + ldb_req_mark_trusted(req); + } + /* Run the new request */ if (dsdb_flags & DSDB_FLAG_NEXT_MODULE) { ret = ldb_next_request(module, req); @@ -434,7 +463,8 @@ int dsdb_module_add(struct ldb_module *module, */ int dsdb_module_del(struct ldb_module *module, struct ldb_dn *dn, - uint32_t dsdb_flags) + uint32_t dsdb_flags, + struct ldb_request *parent) { struct ldb_request *req; int ret; @@ -453,7 +483,7 @@ int dsdb_module_del(struct ldb_module *module, NULL, res, ldb_modify_default_callback, - NULL); + parent); LDB_REQ_SET_LOCATION(req); if (ret != LDB_SUCCESS) { talloc_free(tmp_ctx); @@ -466,6 +496,10 @@ int dsdb_module_del(struct ldb_module *module, return ret; } + if (dsdb_flags & DSDB_FLAG_TRUSTED) { + ldb_req_mark_trusted(req); + } + /* Run the new request */ if (dsdb_flags & DSDB_FLAG_NEXT_MODULE) { ret = ldb_next_request(module, req); @@ -577,7 +611,7 @@ int dsdb_check_optional_feature(struct ldb_module *module, struct ldb_dn *scope, (eg. serverReference, rIDManagerReference etc) */ int dsdb_module_reference_dn(struct ldb_module *module, TALLOC_CTX *mem_ctx, struct ldb_dn *base, - const char *attribute, struct ldb_dn **dn) + const char *attribute, struct ldb_dn **dn, struct ldb_request *parent) { const char *attrs[2]; struct ldb_result *res; @@ -587,7 +621,7 @@ int dsdb_module_reference_dn(struct ldb_module *module, TALLOC_CTX *mem_ctx, str attrs[1] = NULL; ret = dsdb_module_search_dn(module, mem_ctx, &res, base, attrs, - DSDB_FLAG_NEXT_MODULE); + DSDB_FLAG_NEXT_MODULE, parent); if (ret != LDB_SUCCESS) { return ret; } @@ -608,11 +642,12 @@ int dsdb_module_reference_dn(struct ldb_module *module, TALLOC_CTX *mem_ctx, str find the RID Manager$ DN via the rIDManagerReference attribute in the base DN */ -int dsdb_module_rid_manager_dn(struct ldb_module *module, TALLOC_CTX *mem_ctx, struct ldb_dn **dn) +int dsdb_module_rid_manager_dn(struct ldb_module *module, TALLOC_CTX *mem_ctx, struct ldb_dn **dn, + struct ldb_request *parent) { return dsdb_module_reference_dn(module, mem_ctx, ldb_get_default_basedn(ldb_module_get_ctx(module)), - "rIDManagerReference", dn); + "rIDManagerReference", dn, parent); } /* @@ -631,7 +666,7 @@ int dsdb_next_callback(struct ldb_request *req, struct ldb_reply *ares) object for a partition */ int dsdb_module_load_partition_usn(struct ldb_module *module, struct ldb_dn *dn, - uint64_t *uSN, uint64_t *urgent_uSN) + uint64_t *uSN, uint64_t *urgent_uSN, struct ldb_request *parent) { struct ldb_context *ldb = ldb_module_get_ctx(module); struct ldb_request *req; @@ -652,7 +687,7 @@ int dsdb_module_load_partition_usn(struct ldb_module *module, struct ldb_dn *dn, NULL, NULL, NULL, res, ldb_search_default_callback, - NULL); + parent); LDB_REQ_SET_LOCATION(req); if (ret != LDB_SUCCESS) { talloc_free(tmp_ctx); @@ -719,7 +754,8 @@ int dsdb_module_load_partition_usn(struct ldb_module *module, struct ldb_dn *dn, partition */ int dsdb_module_save_partition_usn(struct ldb_module *module, struct ldb_dn *dn, - uint64_t uSN, uint64_t urgent_uSN) + uint64_t uSN, uint64_t urgent_uSN, + struct ldb_request *parent) { struct ldb_context *ldb = ldb_module_get_ctx(module); struct ldb_request *req; @@ -776,7 +812,7 @@ int dsdb_module_save_partition_usn(struct ldb_module *module, struct ldb_dn *dn, NULL, res, ldb_modify_default_callback, - NULL); + parent); LDB_REQ_SET_LOCATION(req); again: if (ret != LDB_SUCCESS) { @@ -804,7 +840,7 @@ again: NULL, res, ldb_modify_default_callback, - NULL); + parent); LDB_REQ_SET_LOCATION(req); goto again; } @@ -978,7 +1014,8 @@ int dsdb_module_constrainted_update_int32(struct ldb_module *module, struct ldb_dn *dn, const char *attr, const int32_t *old_val, - const int32_t *new_val) + const int32_t *new_val, + struct ldb_request *parent) { struct ldb_message *msg; int ret; @@ -995,7 +1032,7 @@ int dsdb_module_constrainted_update_int32(struct ldb_module *module, return ret; } - ret = dsdb_module_modify(module, msg, DSDB_FLAG_NEXT_MODULE); + ret = dsdb_module_modify(module, msg, DSDB_FLAG_NEXT_MODULE, parent); talloc_free(msg); return ret; } @@ -1004,11 +1041,12 @@ int dsdb_module_constrainted_update_uint32(struct ldb_module *module, struct ldb_dn *dn, const char *attr, const uint32_t *old_val, - const uint32_t *new_val) + const uint32_t *new_val, + struct ldb_request *parent) { return dsdb_module_constrainted_update_int32(module, dn, attr, (const int32_t *)old_val, - (const int32_t *)new_val); + (const int32_t *)new_val, parent); } /* @@ -1018,7 +1056,8 @@ int dsdb_module_constrainted_update_int64(struct ldb_module *module, struct ldb_dn *dn, const char *attr, const int64_t *old_val, - const int64_t *new_val) + const int64_t *new_val, + struct ldb_request *parent) { struct ldb_message *msg; int ret; @@ -1035,7 +1074,7 @@ int dsdb_module_constrainted_update_int64(struct ldb_module *module, return ret; } - ret = dsdb_module_modify(module, msg, DSDB_FLAG_NEXT_MODULE); + ret = dsdb_module_modify(module, msg, DSDB_FLAG_NEXT_MODULE, parent); talloc_free(msg); return ret; } @@ -1044,16 +1083,18 @@ int dsdb_module_constrainted_update_uint64(struct ldb_module *module, struct ldb_dn *dn, const char *attr, const uint64_t *old_val, - const uint64_t *new_val) + const uint64_t *new_val, + struct ldb_request *parent) { return dsdb_module_constrainted_update_int64(module, dn, attr, (const int64_t *)old_val, - (const int64_t *)new_val); + (const int64_t *)new_val, + parent); } const struct ldb_val *dsdb_module_find_dsheuristics(struct ldb_module *module, - TALLOC_CTX *mem_ctx) + TALLOC_CTX *mem_ctx, struct ldb_request *parent) { int ret; struct ldb_dn *new_dn; @@ -1070,7 +1111,8 @@ const struct ldb_val *dsdb_module_find_dsheuristics(struct ldb_module *module, ret = dsdb_module_search_dn(module, mem_ctx, &res, new_dn, attrs, - DSDB_FLAG_NEXT_MODULE); + DSDB_FLAG_NEXT_MODULE, + parent); if (ret == LDB_SUCCESS && res->count == 1) { talloc_free(new_dn); return ldb_msg_find_ldb_val(res->msgs[0], @@ -1080,12 +1122,12 @@ const struct ldb_val *dsdb_module_find_dsheuristics(struct ldb_module *module, return NULL; } -bool dsdb_block_anonymous_ops(struct ldb_module *module) +bool dsdb_block_anonymous_ops(struct ldb_module *module, struct ldb_request *parent) { TALLOC_CTX *tmp_ctx = talloc_new(module); bool result; const struct ldb_val *hr_val = dsdb_module_find_dsheuristics(module, - tmp_ctx); + tmp_ctx, parent); if (hr_val == NULL || hr_val->length < DS_HR_BLOCK_ANONYMOUS_OPS) { result = true; } else if (hr_val->data[DS_HR_BLOCK_ANONYMOUS_OPS -1] == '2') { @@ -1099,12 +1141,14 @@ bool dsdb_block_anonymous_ops(struct ldb_module *module) } bool dsdb_user_password_support(struct ldb_module *module, - TALLOC_CTX *mem_ctx) + TALLOC_CTX *mem_ctx, + struct ldb_request *parent) { TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); bool result; const struct ldb_val *hr_val = dsdb_module_find_dsheuristics(module, - tmp_ctx); + tmp_ctx, + parent); if (hr_val == NULL || hr_val->length < DS_HR_USER_PASSWORD_SUPPORT) { result = false; } else if ((hr_val->data[DS_HR_USER_PASSWORD_SUPPORT -1] == '2') || |