/* [<][>][^][v][top][bottom][index][help] */
DEFINITIONS
This source file includes following definitions.
- do_attribute
- do_attribute_explicit
- rootdse_add_dynamic
- rootdse_init_context
- rootdse_callback
- rootdse_search
- rootdse_register_control
- rootdse_register_partition
- rootdse_request
- rootdse_init
- rootdse_modify
1 /*
2 Unix SMB/CIFS implementation.
3
4 rootDSE ldb module
5
6 Copyright (C) Andrew Tridgell 2005
7 Copyright (C) Simo Sorce 2005-2008
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 */
22
23 #include "includes.h"
24 #include "ldb_private.h"
25 #include "system/time.h"
26 #include "dsdb/samdb/samdb.h"
27 #include "version.h"
28
29 struct private_data {
30 int num_controls;
31 char **controls;
32 int num_partitions;
33 struct ldb_dn **partitions;
34 };
35
36 /*
37 return 1 if a specific attribute has been requested
38 */
39 static int do_attribute(const char * const *attrs, const char *name)
/* [<][>][^][v][top][bottom][index][help] */
40 {
41 return attrs == NULL ||
42 ldb_attr_in_list(attrs, name) ||
43 ldb_attr_in_list(attrs, "*");
44 }
45
46 static int do_attribute_explicit(const char * const *attrs, const char *name)
/* [<][>][^][v][top][bottom][index][help] */
47 {
48 return attrs != NULL && ldb_attr_in_list(attrs, name);
49 }
50
51
52 /*
53 add dynamically generated attributes to rootDSE result
54 */
55 static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *msg, const char * const *attrs)
/* [<][>][^][v][top][bottom][index][help] */
56 {
57 struct ldb_context *ldb;
58 struct private_data *priv = talloc_get_type(ldb_module_get_private(module), struct private_data);
59 char **server_sasl;
60 const struct dsdb_schema *schema;
61
62 ldb = ldb_module_get_ctx(module);
63 schema = dsdb_get_schema(ldb);
64
65 msg->dn = ldb_dn_new(msg, ldb, NULL);
66
67 /* don't return the distinduishedName, cn and name attributes */
68 ldb_msg_remove_attr(msg, "distinguishedName");
69 ldb_msg_remove_attr(msg, "cn");
70 ldb_msg_remove_attr(msg, "name");
71
72 if (do_attribute(attrs, "currentTime")) {
73 if (ldb_msg_add_steal_string(msg, "currentTime",
74 ldb_timestring(msg, time(NULL))) != 0) {
75 goto failed;
76 }
77 }
78
79 if (do_attribute(attrs, "supportedControl")) {
80 int i;
81 for (i = 0; i < priv->num_controls; i++) {
82 char *control = talloc_strdup(msg, priv->controls[i]);
83 if (!control) {
84 goto failed;
85 }
86 if (ldb_msg_add_steal_string(msg, "supportedControl",
87 control) != 0) {
88 goto failed;
89 }
90 }
91 }
92
93 if (do_attribute(attrs, "namingContexts")) {
94 int i;
95 for (i = 0; i < priv->num_partitions; i++) {
96 struct ldb_dn *dn = priv->partitions[i];
97 if (ldb_msg_add_steal_string(msg, "namingContexts",
98 ldb_dn_alloc_linearized(msg, dn)) != 0) {
99 goto failed;
100 }
101 }
102 }
103
104 server_sasl = talloc_get_type(ldb_get_opaque(ldb, "supportedSASLMechanims"),
105 char *);
106 if (server_sasl && do_attribute(attrs, "supportedSASLMechanisms")) {
107 int i;
108 for (i = 0; server_sasl && server_sasl[i]; i++) {
109 char *sasl_name = talloc_strdup(msg, server_sasl[i]);
110 if (!sasl_name) {
111 goto failed;
112 }
113 if (ldb_msg_add_steal_string(msg, "supportedSASLMechanisms",
114 sasl_name) != 0) {
115 goto failed;
116 }
117 }
118 }
119
120 if (do_attribute(attrs, "highestCommittedUSN")) {
121 uint64_t seq_num;
122 int ret = ldb_sequence_number(ldb, LDB_SEQ_HIGHEST_SEQ, &seq_num);
123 if (ret == LDB_SUCCESS) {
124 if (ldb_msg_add_fmt(msg, "highestCommittedUSN",
125 "%llu", (unsigned long long)seq_num) != 0) {
126 goto failed;
127 }
128 }
129 }
130
131 if (schema && do_attribute_explicit(attrs, "dsSchemaAttrCount")) {
132 struct dsdb_attribute *cur;
133 uint32_t n = 0;
134
135 for (cur = schema->attributes; cur; cur = cur->next) {
136 n++;
137 }
138
139 if (ldb_msg_add_fmt(msg, "dsSchemaAttrCount",
140 "%u", n) != 0) {
141 goto failed;
142 }
143 }
144
145 if (schema && do_attribute_explicit(attrs, "dsSchemaClassCount")) {
146 struct dsdb_class *cur;
147 uint32_t n = 0;
148
149 for (cur = schema->classes; cur; cur = cur->next) {
150 n++;
151 }
152
153 if (ldb_msg_add_fmt(msg, "dsSchemaClassCount",
154 "%u", n) != 0) {
155 goto failed;
156 }
157 }
158
159 if (schema && do_attribute_explicit(attrs, "dsSchemaPrefixCount")) {
160 if (ldb_msg_add_fmt(msg, "dsSchemaPrefixCount",
161 "%u", schema->num_prefixes) != 0) {
162 goto failed;
163 }
164 }
165
166 if (do_attribute_explicit(attrs, "validFSMOs")) {
167 const struct dsdb_naming_fsmo *naming_fsmo;
168 const struct dsdb_pdc_fsmo *pdc_fsmo;
169 const char *dn_str;
170
171 if (schema && schema->fsmo.we_are_master) {
172 dn_str = ldb_dn_get_linearized(samdb_schema_dn(ldb));
173 if (dn_str && dn_str[0]) {
174 if (ldb_msg_add_fmt(msg, "validFSMOs", "%s", dn_str) != 0) {
175 goto failed;
176 }
177 }
178 }
179
180 naming_fsmo = talloc_get_type(ldb_get_opaque(ldb, "dsdb_naming_fsmo"),
181 struct dsdb_naming_fsmo);
182 if (naming_fsmo && naming_fsmo->we_are_master) {
183 dn_str = ldb_dn_get_linearized(samdb_partitions_dn(ldb, msg));
184 if (dn_str && dn_str[0]) {
185 if (ldb_msg_add_fmt(msg, "validFSMOs", "%s", dn_str) != 0) {
186 goto failed;
187 }
188 }
189 }
190
191 pdc_fsmo = talloc_get_type(ldb_get_opaque(ldb, "dsdb_pdc_fsmo"),
192 struct dsdb_pdc_fsmo);
193 if (pdc_fsmo && pdc_fsmo->we_are_master) {
194 dn_str = ldb_dn_get_linearized(samdb_base_dn(ldb));
195 if (dn_str && dn_str[0]) {
196 if (ldb_msg_add_fmt(msg, "validFSMOs", "%s", dn_str) != 0) {
197 goto failed;
198 }
199 }
200 }
201 }
202
203 if (schema && do_attribute_explicit(attrs, "vendorVersion")) {
204 if (ldb_msg_add_fmt(msg, "vendorVersion",
205 "%s", SAMBA_VERSION_STRING) != 0) {
206 goto failed;
207 }
208 }
209
210 /* TODO: lots more dynamic attributes should be added here */
211
212 return LDB_SUCCESS;
213
214 failed:
215 return LDB_ERR_OPERATIONS_ERROR;
216 }
217
218 /*
219 handle search requests
220 */
221
222 struct rootdse_context {
223 struct ldb_module *module;
224 struct ldb_request *req;
225 };
226
227 static struct rootdse_context *rootdse_init_context(struct ldb_module *module,
/* [<][>][^][v][top][bottom][index][help] */
228 struct ldb_request *req)
229 {
230 struct ldb_context *ldb;
231 struct rootdse_context *ac;
232
233 ldb = ldb_module_get_ctx(module);
234
235 ac = talloc_zero(req, struct rootdse_context);
236 if (ac == NULL) {
237 ldb_set_errstring(ldb, "Out of Memory");
238 return NULL;
239 }
240
241 ac->module = module;
242 ac->req = req;
243
244 return ac;
245 }
246
247 static int rootdse_callback(struct ldb_request *req, struct ldb_reply *ares)
/* [<][>][^][v][top][bottom][index][help] */
248 {
249 struct rootdse_context *ac;
250 int ret;
251
252 ac = talloc_get_type(req->context, struct rootdse_context);
253
254 if (!ares) {
255 return ldb_module_done(ac->req, NULL, NULL,
256 LDB_ERR_OPERATIONS_ERROR);
257 }
258 if (ares->error != LDB_SUCCESS) {
259 return ldb_module_done(ac->req, ares->controls,
260 ares->response, ares->error);
261 }
262
263 switch (ares->type) {
264 case LDB_REPLY_ENTRY:
265 /*
266 * if the client explicit asks for the 'netlogon' attribute
267 * the reply_entry needs to be skipped
268 */
269 if (ac->req->op.search.attrs &&
270 ldb_attr_in_list(ac->req->op.search.attrs, "netlogon")) {
271 talloc_free(ares);
272 return LDB_SUCCESS;
273 }
274
275 /* for each record returned post-process to add any dynamic
276 attributes that have been asked for */
277 ret = rootdse_add_dynamic(ac->module, ares->message,
278 ac->req->op.search.attrs);
279 if (ret != LDB_SUCCESS) {
280 talloc_free(ares);
281 return ldb_module_done(ac->req, NULL, NULL, ret);
282 }
283
284 return ldb_module_send_entry(ac->req, ares->message, ares->controls);
285
286 case LDB_REPLY_REFERRAL:
287 /* should we allow the backend to return referrals in this case
288 * ?? */
289 break;
290
291 case LDB_REPLY_DONE:
292 return ldb_module_done(ac->req, ares->controls,
293 ares->response, ares->error);
294 }
295
296 talloc_free(ares);
297 return LDB_SUCCESS;
298 }
299
300 static int rootdse_search(struct ldb_module *module, struct ldb_request *req)
/* [<][>][^][v][top][bottom][index][help] */
301 {
302 struct ldb_context *ldb;
303 struct rootdse_context *ac;
304 struct ldb_request *down_req;
305 int ret;
306
307 ldb = ldb_module_get_ctx(module);
308
309 /* see if its for the rootDSE - only a base search on the "" DN qualifies */
310 if (!(req->op.search.scope == LDB_SCOPE_BASE && ldb_dn_is_null(req->op.search.base))) {
311 /* Otherwise, pass down to the rest of the stack */
312 return ldb_next_request(module, req);
313 }
314
315 ac = rootdse_init_context(module, req);
316 if (ac == NULL) {
317 return LDB_ERR_OPERATIONS_ERROR;
318 }
319
320 /* in our db we store the rootDSE with a DN of @ROOTDSE */
321 ret = ldb_build_search_req(&down_req, ldb, ac,
322 ldb_dn_new(ac, ldb, "@ROOTDSE"),
323 LDB_SCOPE_BASE,
324 NULL,
325 req->op.search.attrs,
326 NULL,/* for now skip the controls from the client */
327 ac, rootdse_callback,
328 req);
329 if (ret != LDB_SUCCESS) {
330 return ret;
331 }
332
333 return ldb_next_request(module, down_req);
334 }
335
336 static int rootdse_register_control(struct ldb_module *module, struct ldb_request *req)
/* [<][>][^][v][top][bottom][index][help] */
337 {
338 struct private_data *priv = talloc_get_type(ldb_module_get_private(module), struct private_data);
339 char **list;
340
341 list = talloc_realloc(priv, priv->controls, char *, priv->num_controls + 1);
342 if (!list) {
343 return LDB_ERR_OPERATIONS_ERROR;
344 }
345
346 list[priv->num_controls] = talloc_strdup(list, req->op.reg_control.oid);
347 if (!list[priv->num_controls]) {
348 return LDB_ERR_OPERATIONS_ERROR;
349 }
350
351 priv->num_controls += 1;
352 priv->controls = list;
353
354 return ldb_module_done(req, NULL, NULL, LDB_SUCCESS);
355 }
356
357 static int rootdse_register_partition(struct ldb_module *module, struct ldb_request *req)
/* [<][>][^][v][top][bottom][index][help] */
358 {
359 struct private_data *priv = talloc_get_type(ldb_module_get_private(module), struct private_data);
360 struct ldb_dn **list;
361
362 list = talloc_realloc(priv, priv->partitions, struct ldb_dn *, priv->num_partitions + 1);
363 if (!list) {
364 return LDB_ERR_OPERATIONS_ERROR;
365 }
366
367 list[priv->num_partitions] = ldb_dn_copy(list, req->op.reg_partition.dn);
368 if (!list[priv->num_partitions]) {
369 return LDB_ERR_OPERATIONS_ERROR;
370 }
371
372 priv->num_partitions += 1;
373 priv->partitions = list;
374
375 return ldb_module_done(req, NULL, NULL, LDB_SUCCESS);
376 }
377
378
379 static int rootdse_request(struct ldb_module *module, struct ldb_request *req)
/* [<][>][^][v][top][bottom][index][help] */
380 {
381 switch (req->operation) {
382
383 case LDB_REQ_REGISTER_CONTROL:
384 return rootdse_register_control(module, req);
385 case LDB_REQ_REGISTER_PARTITION:
386 return rootdse_register_partition(module, req);
387
388 default:
389 break;
390 }
391 return ldb_next_request(module, req);
392 }
393
394 static int rootdse_init(struct ldb_module *module)
/* [<][>][^][v][top][bottom][index][help] */
395 {
396 struct ldb_context *ldb;
397 struct private_data *data;
398
399 ldb = ldb_module_get_ctx(module);
400
401 data = talloc(module, struct private_data);
402 if (data == NULL) {
403 return -1;
404 }
405
406 data->num_controls = 0;
407 data->controls = NULL;
408 data->num_partitions = 0;
409 data->partitions = NULL;
410 ldb_module_set_private(module, data);
411
412 ldb_set_default_dns(ldb);
413
414 return ldb_next_init(module);
415 }
416
417 static int rootdse_modify(struct ldb_module *module, struct ldb_request *req)
/* [<][>][^][v][top][bottom][index][help] */
418 {
419 struct ldb_context *ldb;
420 struct ldb_result *ext_res;
421 int ret;
422 struct ldb_dn *schema_dn;
423 struct ldb_message_element *schemaUpdateNowAttr;
424
425 /*
426 If dn is not "" we should let it pass through
427 */
428 if (!ldb_dn_is_null(req->op.mod.message->dn)) {
429 return ldb_next_request(module, req);
430 }
431
432 ldb = ldb_module_get_ctx(module);
433
434 /*
435 dn is empty so check for schemaUpdateNow attribute
436 "The type of modification and values specified in the LDAP modify operation do not matter." MSDN
437 */
438 schemaUpdateNowAttr = ldb_msg_find_element(req->op.mod.message, "schemaUpdateNow");
439 if (!schemaUpdateNowAttr) {
440 return LDB_ERR_OPERATIONS_ERROR;
441 }
442
443 schema_dn = samdb_schema_dn(ldb);
444 if (!schema_dn) {
445 ldb_reset_err_string(ldb);
446 ldb_debug(ldb, LDB_DEBUG_WARNING,
447 "rootdse_modify: no schema dn present: (skip ldb_extended call)\n");
448 return ldb_next_request(module, req);
449 }
450
451 ret = ldb_extended(ldb, DSDB_EXTENDED_SCHEMA_UPDATE_NOW_OID, schema_dn, &ext_res);
452 if (ret != LDB_SUCCESS) {
453 return LDB_ERR_OPERATIONS_ERROR;
454 }
455
456 talloc_free(ext_res);
457 return ret;
458 }
459
460 _PUBLIC_ const struct ldb_module_ops ldb_rootdse_module_ops = {
461 .name = "rootdse",
462 .init_context = rootdse_init,
463 .search = rootdse_search,
464 .request = rootdse_request,
465 .modify = rootdse_modify
466 };