search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s4:password_hash LDB module - we might not have a cleartext password at all
[Samba/ekacnet.git] / source4 / dsdb / samdb / ldb_modules / extended_dn_in.c
blobe040ee1b5e00e1e1b59645de578145bdd6386378
1 /*
2 ldb database library
3
4 Copyright (C) Simo Sorce 2005-2008
5 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2007-2008
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 /*
22 * Name: ldb
23 *
24 * Component: ldb extended dn control module
25 *
26 * Description: this module interprets DNs of the form <SID=S-1-2-4456> into normal DNs.
27 *
28 * Authors: Simo Sorce
29 * Andrew Bartlett
30 */
31
32 #include "includes.h"
33 #include "ldb/include/ldb.h"
34 #include "ldb/include/ldb_errors.h"
35 #include "ldb/include/ldb_module.h"
36
37 /*
38 TODO: if relax is not set then we need to reject the fancy RMD_* and
39 DELETED extended DN codes
40 */
41
42 /* search */
43 struct extended_search_context {
44 struct ldb_module *module;
45 struct ldb_request *req;
46 struct ldb_dn *basedn;
47 char *wellknown_object;
48 int extended_type;
49 };
50
51 /* An extra layer of indirection because LDB does not allow the original request to be altered */
52
53 static int extended_final_callback(struct ldb_request *req, struct ldb_reply *ares)
54 {
55 int ret = LDB_ERR_OPERATIONS_ERROR;
56 struct extended_search_context *ac;
57 ac = talloc_get_type(req->context, struct extended_search_context);
58
59 if (ares->error != LDB_SUCCESS) {
60 ret = ldb_module_done(ac->req, ares->controls,
61 ares->response, ares->error);
62 } else {
63 switch (ares->type) {
64 case LDB_REPLY_ENTRY:
65
66 ret = ldb_module_send_entry(ac->req, ares->message, ares->controls);
67 break;
68 case LDB_REPLY_REFERRAL:
69
70 ret = ldb_module_send_referral(ac->req, ares->referral);
71 break;
72 case LDB_REPLY_DONE:
73
74 ret = ldb_module_done(ac->req, ares->controls,
75 ares->response, ares->error);
76 break;
77 }
78 }
79 return ret;
80 }
81
82 static int extended_base_callback(struct ldb_request *req, struct ldb_reply *ares)
83 {
84 struct extended_search_context *ac;
85 struct ldb_request *down_req;
86 struct ldb_message_element *el;
87 int ret;
88 size_t i;
89 size_t wkn_len = 0;
90 char *valstr = NULL;
91 const char *found = NULL;
92
93 ac = talloc_get_type(req->context, struct extended_search_context);
94
95 if (!ares) {
96 return ldb_module_done(ac->req, NULL, NULL,
97 LDB_ERR_OPERATIONS_ERROR);
98 }
99 if (ares->error != LDB_SUCCESS) {
100 return ldb_module_done(ac->req, ares->controls,
101 ares->response, ares->error);
102 }
103
104 switch (ares->type) {
105 case LDB_REPLY_ENTRY:
106 if (!ac->wellknown_object) {
107 ac->basedn = talloc_steal(ac, ares->message->dn);
108 break;
109 }
110
111 wkn_len = strlen(ac->wellknown_object);
112
113 el = ldb_msg_find_element(ares->message, "wellKnownObjects");
114 if (!el) {
115 ac->basedn = NULL;
116 break;
117 }
118
119 for (i=0; i < el->num_values; i++) {
120 valstr = talloc_strndup(ac,
121 (const char *)el->values[i].data,
122 el->values[i].length);
123 if (!valstr) {
124 ldb_oom(ldb_module_get_ctx(ac->module));
125 return ldb_module_done(ac->req, NULL, NULL,
126 LDB_ERR_OPERATIONS_ERROR);
127 }
128
129 if (strncasecmp(valstr, ac->wellknown_object, wkn_len) != 0) {
130 talloc_free(valstr);
131 continue;
132 }
133
134 found = &valstr[wkn_len];
135 break;
136 }
137
138 if (!found) {
139 break;
140 }
141
142 ac->basedn = ldb_dn_new(ac, ldb_module_get_ctx(ac->module), found);
143 talloc_free(valstr);
144 if (!ac->basedn) {
145 ldb_oom(ldb_module_get_ctx(ac->module));
146 return ldb_module_done(ac->req, NULL, NULL,
147 LDB_ERR_OPERATIONS_ERROR);
148 }
149
150 break;
151
152 case LDB_REPLY_REFERRAL:
153 break;
154
155 case LDB_REPLY_DONE:
156
157 if (!ac->basedn) {
158 const char *str = talloc_asprintf(req, "Base-DN '%s' not found",
159 ldb_dn_get_extended_linearized(req, ac->req->op.search.base, 1));
160 ldb_set_errstring(ldb_module_get_ctx(ac->module), str);
161 return ldb_module_done(ac->req, NULL, NULL,
162 LDB_ERR_NO_SUCH_OBJECT);
163 }
164
165 switch (ac->req->operation) {
166 case LDB_SEARCH:
167 ret = ldb_build_search_req_ex(&down_req,
168 ldb_module_get_ctx(ac->module), ac->req,
169 ac->basedn,
170 ac->req->op.search.scope,
171 ac->req->op.search.tree,
172 ac->req->op.search.attrs,
173 ac->req->controls,
174 ac, extended_final_callback,
175 ac->req);
176 break;
177 case LDB_ADD:
178 {
179 struct ldb_message *add_msg = ldb_msg_copy_shallow(ac, ac->req->op.add.message);
180 if (!add_msg) {
181 ldb_oom(ldb_module_get_ctx(ac->module));
182 return ldb_module_done(ac->req, NULL, NULL,
183 LDB_ERR_OPERATIONS_ERROR);
184 }
185
186 add_msg->dn = ac->basedn;
187
188 ret = ldb_build_add_req(&down_req,
189 ldb_module_get_ctx(ac->module), ac->req,
190 add_msg,
191 ac->req->controls,
192 ac, extended_final_callback,
193 ac->req);
194 break;
195 }
196 case LDB_MODIFY:
197 {
198 struct ldb_message *mod_msg = ldb_msg_copy_shallow(ac, ac->req->op.mod.message);
199 if (!mod_msg) {
200 ldb_oom(ldb_module_get_ctx(ac->module));
201 return ldb_module_done(ac->req, NULL, NULL,
202 LDB_ERR_OPERATIONS_ERROR);
203 }
204
205 mod_msg->dn = ac->basedn;
206
207 ret = ldb_build_mod_req(&down_req,
208 ldb_module_get_ctx(ac->module), ac->req,
209 mod_msg,
210 ac->req->controls,
211 ac, extended_final_callback,
212 ac->req);
213 break;
214 }
215 case LDB_DELETE:
216 ret = ldb_build_del_req(&down_req,
217 ldb_module_get_ctx(ac->module), ac->req,
218 ac->basedn,
219 ac->req->controls,
220 ac, extended_final_callback,
221 ac->req);
222 break;
223 case LDB_RENAME:
224 ret = ldb_build_rename_req(&down_req,
225 ldb_module_get_ctx(ac->module), ac->req,
226 ac->basedn,
227 ac->req->op.rename.newdn,
228 ac->req->controls,
229 ac, extended_final_callback,
230 ac->req);
231 break;
232 default:
233 return ldb_module_done(ac->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR);
234 }
235
236 if (ret != LDB_SUCCESS) {
237 return ldb_module_done(ac->req, NULL, NULL, ret);
238 }
239
240 return ldb_next_request(ac->module, down_req);
241 }
242 talloc_free(ares);
243 return LDB_SUCCESS;
244 }
245
246 static int extended_dn_in_fix(struct ldb_module *module, struct ldb_request *req, struct ldb_dn *dn)
247 {
248 struct extended_search_context *ac;
249 struct ldb_request *down_req;
250 int ret;
251 struct ldb_dn *base_dn = NULL;
252 enum ldb_scope base_dn_scope = LDB_SCOPE_BASE;
253 const char *base_dn_filter = NULL;
254 const char * const *base_dn_attrs = NULL;
255 char *wellknown_object = NULL;
256 static const char *no_attr[] = {
257 NULL
258 };
259 static const char *wkattr[] = {
260 "wellKnownObjects",
261 NULL
262 };
263 bool all_partitions = false;
264
265 if (!ldb_dn_has_extended(dn)) {
266 /* Move along there isn't anything to see here */
267 return ldb_next_request(module, req);
268 } else {
269 /* It looks like we need to map the DN */
270 const struct ldb_val *sid_val, *guid_val, *wkguid_val;
271
272 sid_val = ldb_dn_get_extended_component(dn, "SID");
273 guid_val = ldb_dn_get_extended_component(dn, "GUID");
274 wkguid_val = ldb_dn_get_extended_component(dn, "WKGUID");
275
276 if (sid_val) {
277 all_partitions = true;
278 base_dn = ldb_get_default_basedn(ldb_module_get_ctx(module));
279 base_dn_filter = talloc_asprintf(req, "(objectSid=%s)",
280 ldb_binary_encode(req, *sid_val));
281 if (!base_dn_filter) {
282 ldb_oom(ldb_module_get_ctx(module));
283 return LDB_ERR_OPERATIONS_ERROR;
284 }
285 base_dn_scope = LDB_SCOPE_SUBTREE;
286 base_dn_attrs = no_attr;
287
288 } else if (guid_val) {
289
290 all_partitions = true;
291 base_dn = ldb_get_default_basedn(ldb_module_get_ctx(module));
292 base_dn_filter = talloc_asprintf(req, "(objectGUID=%s)",
293 ldb_binary_encode(req, *guid_val));
294 if (!base_dn_filter) {
295 ldb_oom(ldb_module_get_ctx(module));
296 return LDB_ERR_OPERATIONS_ERROR;
297 }
298 base_dn_scope = LDB_SCOPE_SUBTREE;
299 base_dn_attrs = no_attr;
300
301
302 } else if (wkguid_val) {
303 char *wkguid_dup;
304 char *tail_str;
305 char *p;
306
307 wkguid_dup = talloc_strndup(req, (char *)wkguid_val->data, wkguid_val->length);
308
309 p = strchr(wkguid_dup, ',');
310 if (!p) {
311 return LDB_ERR_INVALID_DN_SYNTAX;
312 }
313
314 p[0] = '\0';
315 p++;
316
317 wellknown_object = talloc_asprintf(req, "B:32:%s:", wkguid_dup);
318 if (!wellknown_object) {
319 ldb_oom(ldb_module_get_ctx(module));
320 return LDB_ERR_OPERATIONS_ERROR;
321 }
322
323 tail_str = p;
324
325 base_dn = ldb_dn_new(req, ldb_module_get_ctx(module), tail_str);
326 talloc_free(wkguid_dup);
327 if (!base_dn) {
328 ldb_oom(ldb_module_get_ctx(module));
329 return LDB_ERR_OPERATIONS_ERROR;
330 }
331 base_dn_filter = talloc_strdup(req, "(objectClass=*)");
332 if (!base_dn_filter) {
333 ldb_oom(ldb_module_get_ctx(module));
334 return LDB_ERR_OPERATIONS_ERROR;
335 }
336 base_dn_scope = LDB_SCOPE_BASE;
337 base_dn_attrs = wkattr;
338 } else {
339 return LDB_ERR_INVALID_DN_SYNTAX;
340 }
341
342 ac = talloc_zero(req, struct extended_search_context);
343 if (ac == NULL) {
344 ldb_oom(ldb_module_get_ctx(module));
345 return LDB_ERR_OPERATIONS_ERROR;
346 }
347
348 ac->module = module;
349 ac->req = req;
350 ac->basedn = NULL; /* Filled in if the search finds the DN by SID/GUID etc */
351 ac->wellknown_object = wellknown_object;
352
353 /* If the base DN was an extended DN (perhaps a well known
354 * GUID) then search for that, so we can proceed with the original operation */
355
356 ret = ldb_build_search_req(&down_req,
357 ldb_module_get_ctx(module), ac,
358 base_dn,
359 base_dn_scope,
360 base_dn_filter,
361 base_dn_attrs,
362 NULL,
363 ac, extended_base_callback,
364 req);
365 if (ret != LDB_SUCCESS) {
366 return LDB_ERR_OPERATIONS_ERROR;
367 }
368
369 if (all_partitions) {
370 struct ldb_search_options_control *control;
371 control = talloc(down_req, struct ldb_search_options_control);
372 control->search_options = 2;
373 ret = ldb_request_add_control(down_req,
374 LDB_CONTROL_SEARCH_OPTIONS_OID,
375 true, control);
376 if (ret != LDB_SUCCESS) {
377 ldb_oom(ldb_module_get_ctx(module));
378 return ret;
379 }
380 }
381
382 /* perform the search */
383 return ldb_next_request(module, down_req);
384 }
385 }
386
387 static int extended_dn_in_search(struct ldb_module *module, struct ldb_request *req)
388 {
389 return extended_dn_in_fix(module, req, req->op.search.base);
390 }
391
392 static int extended_dn_in_modify(struct ldb_module *module, struct ldb_request *req)
393 {
394 return extended_dn_in_fix(module, req, req->op.mod.message->dn);
395 }
396
397 static int extended_dn_in_del(struct ldb_module *module, struct ldb_request *req)
398 {
399 return extended_dn_in_fix(module, req, req->op.del.dn);
400 }
401
402 static int extended_dn_in_rename(struct ldb_module *module, struct ldb_request *req)
403 {
404 return extended_dn_in_fix(module, req, req->op.rename.olddn);
405 }
406
407 _PUBLIC_ const struct ldb_module_ops ldb_extended_dn_in_module_ops = {
408 .name = "extended_dn_in",
409 .search = extended_dn_in_search,
410 .modify = extended_dn_in_modify,
411 .del = extended_dn_in_del,
412 .rename = extended_dn_in_rename,
413 };