local_password.c

samba最新软件

		/* Not relevent to us */
		return LDB_SUCCESS;
	}
	
	if (ldb_msg_find_ldb_val(ac->search_res->message, "objectGUID") == NULL) {
		ldb_set_errstring(ac->module->ldb, 
				  "no objectGUID found in search: local_password module must be configured below objectGUID module!\n");
		return LDB_ERR_OBJECT_CLASS_VIOLATION;
	}
	
	objectGUID = samdb_result_guid(ac->search_res->message, "objectGUID");

	ac->local_message->dn = ldb_dn_new(ac, ac->module->ldb, LOCAL_BASE);
	ldb_dn_add_child_fmt(ac->local_message->dn, PASSWORD_GUID_ATTR "=%s", GUID_string(ac, &objectGUID));

	h->state = LDB_ASYNC_INIT;
	h->status = LDB_SUCCESS;

	ac->step = LPDB_LOCAL;

	ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->local_req);

	/* perform the local update */
	return ldb_next_request(ac->module, ac->local_req);
}


static int lpdb_local_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares)
{
	struct lpdb_local_search_context *local_context;

	local_context = talloc_get_type(context, struct lpdb_local_search_context);

	/* we are interested only in the single reply (base search) we receive here */
	switch (ares->type) {
	case LDB_REPLY_ENTRY:
	{
		int i;
		if (local_context->local_res != NULL) {
			ldb_set_errstring(ldb, "Too many results to base search for password entry!");
			talloc_free(ares);
			return LDB_ERR_OPERATIONS_ERROR;
		}
		
		local_context->local_res = ares;

		/* Make sure never to return the internal key attribute to the caller */
		ldb_msg_remove_attr(ares->message, PASSWORD_GUID_ATTR);

		talloc_steal(local_context->remote_res->message->elements, ares->message->elements);
		for (i=0; i < ares->message->num_elements; i++) {
			struct ldb_message_element *el;
			
			el = ldb_msg_find_element(local_context->remote_res->message, 
						  ares->message->elements[i].name);
			if (!el) {
				if (ldb_msg_add_empty(local_context->remote_res->message, 
						      ares->message->elements[i].name, 0, &el) != LDB_SUCCESS) {
					talloc_free(ares);
					return LDB_ERR_OPERATIONS_ERROR;
				}
				*el = ares->message->elements[i];
			}
		}
		return local_context->ac->orig_req->callback(ldb, 
								   local_context->ac->orig_req->context,
								   local_context->remote_res);
	} 
	case LDB_REPLY_DONE:
	{
		/* Fire off the callback if there was no local entry, so we get the rest returned */
		if (local_context->local_res == NULL) {
			return local_context->ac->orig_req->callback(ldb, 
									   local_context->ac->orig_req->context,
									   local_context->remote_res);
		}
		return LDB_SUCCESS;
		break;
	}
	default:
	{
		talloc_free(ares);
		ldb_set_errstring(ldb, "Unexpected result type in base search for password entry!");
		return LDB_ERR_OPERATIONS_ERROR;
	}
	}
}

/* For each entry returned in a remote search, do a local base search,
 * based on the objectGUID we asked for as an additional attribute */
static int lpdb_remote_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares)
{
	struct lpdb_context *ac;

	ac = talloc_get_type(context, struct lpdb_context);

	if (ares->type == LDB_REPLY_ENTRY) {
		struct ldb_request *req;
		struct lpdb_local_search_context *local_context;
		struct GUID objectGUID;

		/* No point searching further if it's not a 'person' entry */
		if (!ldb_msg_check_string_attribute(ares->message, "objectClass", "person")) {

			/* Make sure to remove anything we added */
			if (ac->added_objectGUID) {
				ldb_msg_remove_attr(ares->message, "objectGUID");
			}
			
			if (ac->added_objectClass) {
				ldb_msg_remove_attr(ares->message, "objectClass");
			}
			
			return ac->orig_req->callback(ldb, ac->orig_req->context, ares);
		}

		if (ldb_msg_find_ldb_val(ares->message, "objectGUID") == NULL) {
			ldb_set_errstring(ac->module->ldb, 
					  "no objectGUID found in search: local_password module must be configured below objectGUID module!\n");
			return LDB_ERR_OPERATIONS_ERROR;
		}
	
		objectGUID = samdb_result_guid(ares->message, "objectGUID");

		if (ac->added_objectGUID) {
			ldb_msg_remove_attr(ares->message, "objectGUID");
		}

		if (ac->added_objectClass) {
			ldb_msg_remove_attr(ares->message, "objectClass");
		}

		req = talloc_zero(ac, struct ldb_request);
		if (!req) {
			return LDB_ERR_OPERATIONS_ERROR;
		}

		local_context = talloc(ac, struct lpdb_local_search_context);
		if (!local_context) {
			return LDB_ERR_OPERATIONS_ERROR;
		}
		local_context->ac = ac;
		local_context->remote_res = ares;
		local_context->local_res = NULL;

		req->op.search.base = ldb_dn_new(ac, ac->module->ldb, LOCAL_BASE);
		if ( ! ldb_dn_add_child_fmt(req->op.search.base, PASSWORD_GUID_ATTR "=%s", GUID_string(ac, &objectGUID))) {
			return LDB_ERR_OPERATIONS_ERROR;
		}
		req->operation = LDB_SEARCH;
		req->op.search.scope = LDB_SCOPE_BASE;
		req->op.search.tree = ldb_parse_tree(req, NULL);
		if (req->op.search.tree == NULL) {
			ldb_set_errstring(ac->module->ldb, "Out of Memory");
			return LDB_ERR_OPERATIONS_ERROR;
		}
		req->op.search.attrs = ac->orig_req->op.search.attrs;
		req->controls = NULL;
		req->context = ac;
		req->callback = get_self_callback;

		ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, req);
		
		req->context = local_context;
		req->callback = lpdb_local_search_callback;

		return ldb_next_request(ac->module, req);
	} else {
		return ac->orig_req->callback(ldb, ac->orig_req->context, ares);
	}
}

/* Search for passwords and other attributes.  The passwords are
 * local, but the other attributes are remote, and we need to glue the
 * two search spaces back togeather */

static int local_password_search(struct ldb_module *module, struct ldb_request *req)
{
	struct ldb_handle *h;
	struct lpdb_context *ac;
	int i;
	int ret;
	const char * const *search_attrs = NULL;

	ldb_debug(module->ldb, LDB_DEBUG_TRACE, "local_password_search\n");

	if (ldb_dn_is_special(req->op.search.base)) { /* do not manipulate our control entries */
		return ldb_next_request(module, req);
	}

	/* If the caller is searching for the local passwords directly, let them pass */
	if (ldb_dn_compare_base(ldb_dn_new(req, module->ldb, LOCAL_BASE),
				req->op.search.base) == 0) {
		return ldb_next_request(module, req);
	}

	if (req->op.search.attrs && (!ldb_attr_in_list(req->op.search.attrs, "*"))) {
		for (i=0; i < ARRAY_SIZE(password_attrs); i++) {
			if (ldb_attr_in_list(req->op.search.attrs, password_attrs[i])) {
				break;
			}
		}
		
		/* It didn't match any of our password attributes, go on */
		if (i == ARRAY_SIZE(password_attrs)) {
			return ldb_next_request(module, req);
		}
	}

	h = lpdb_init_handle(req, module, LPDB_SEARCH);
	if (!h) {
		return LDB_ERR_OPERATIONS_ERROR;
	}
	
	ac = talloc_get_type(h->private_data, struct lpdb_context);

	ac->orig_req = req;

	ac->remote_req = talloc(ac, struct ldb_request);
	if (ac->remote_req == NULL) {
		return LDB_ERR_OPERATIONS_ERROR;
	}

	/* Remote search is for all attributes: if the remote LDAP server has these attributes, then it overrides the local database */
	*(ac->remote_req) = *(ac->orig_req);

	/* Return our own handle do deal with this call */
	ac->remote_req->handle = h;
	
	ac->remote_req->context = ac;
	ac->remote_req->callback = lpdb_remote_search_callback;

	if (req->op.search.attrs && !ldb_attr_in_list(req->op.search.attrs, "*")) {
		if (!ldb_attr_in_list(req->op.search.attrs, "objectGUID")) {
			search_attrs = ldb_attr_list_copy_add(req, req->op.search.attrs, "objectGUID");
			ac->added_objectGUID = true;
			if (!search_attrs) {
				return LDB_ERR_OPERATIONS_ERROR;
			}
		} else {
			search_attrs = req->op.search.attrs;
		}
		if (!ldb_attr_in_list(search_attrs, "objectClass")) {
			search_attrs = ldb_attr_list_copy_add(req, search_attrs, "objectClass");
			ac->added_objectClass = true;
			if (!search_attrs) {
				return LDB_ERR_OPERATIONS_ERROR;
			}
		}
	} else {
		search_attrs = req->op.search.attrs;
	}

	ac->remote_req->op.search.attrs = search_attrs;

	ldb_set_timeout_from_prev_req(module->ldb, ac->orig_req, ac->remote_req);

	h->state = LDB_ASYNC_INIT;
	h->status = LDB_SUCCESS;

	ac->step = LPDB_SEARCH_REMOTE;

	/* perform the search */
	ret = ldb_next_request(module, ac->remote_req);

	if (ret == LDB_SUCCESS) {
		req->handle = ac->remote_req->handle;
	}

	return ret;
}

static int lpdb_wait(struct ldb_handle *handle) {
	struct lpdb_context *ac;
	int ret;
    
	if (!handle || !handle->private_data) {
		return LDB_ERR_OPERATIONS_ERROR;
	}

	if (handle->state == LDB_ASYNC_DONE) {
		return handle->status;
	}

	handle->state = LDB_ASYNC_PENDING;
	handle->status = LDB_SUCCESS;

	ac = talloc_get_type(handle->private_data, struct lpdb_context);

	switch (ac->step) {
	case LPDB_ADD_REMOTE:
		ret = ldb_wait(ac->remote_req->handle, LDB_WAIT_NONE);

		if (ret != LDB_SUCCESS) {
			handle->status = ret;
			goto done;
		}
		if (ac->remote_req->handle->status != LDB_SUCCESS) {
			handle->status = ac->remote_req->handle->status;
			goto done;
		}

		if (ac->remote_req->handle->state != LDB_ASYNC_DONE) {
			return LDB_SUCCESS;
		}

		/* original request done, go on */
		return local_password_add_local(handle);
		
	case LPDB_MOD_REMOTE:
		ret = ldb_wait(ac->remote_req->handle, LDB_WAIT_NONE);

		if (ret != LDB_SUCCESS) {
			handle->status = ret;
			goto done;
		}
		if (ac->remote_req->handle->status != LDB_SUCCESS) {
			handle->status = ac->remote_req->handle->status;
			goto done;
		}

		if (ac->remote_req->handle->state != LDB_ASYNC_DONE) {
			return LDB_SUCCESS;
		}

		/* original request done, go on */
		return local_password_mod_search_self(handle);
		
	case LPDB_MOD_SEARCH_SELF:
		ret = ldb_wait(ac->search_req->handle, LDB_WAIT_NONE);

		if (ret != LDB_SUCCESS) {
			handle->status = ret;
			goto done;
		}
		if (ac->search_req->handle->status != LDB_SUCCESS) {
			handle->status = ac->search_req->handle->status;
			goto done;
		}

		if (ac->search_req->handle->state != LDB_ASYNC_DONE) {
			return LDB_SUCCESS;
		}

		/* original request done, go on */
		return local_password_mod_local(handle);
		
	case LPDB_LOCAL:
		ret = ldb_wait(ac->local_req->handle, LDB_WAIT_NONE);

		if (ret != LDB_SUCCESS) {
			handle->status = ret;
			goto done;
		}
		if (ac->local_req->handle->status != LDB_SUCCESS) {
			handle->status = ac->local_req->handle->status;
			goto done;
		}

		if (ac->local_req->handle->state != LDB_ASYNC_DONE) {
			return LDB_SUCCESS;
		}

		break;
		
	case LPDB_SEARCH_REMOTE:
		ret = ldb_wait(ac->remote_req->handle, LDB_WAIT_NONE);

		if (ret != LDB_SUCCESS) {
			handle->status = ret;
			goto done;
		}
		if (ac->remote_req->handle->status != LDB_SUCCESS) {
			handle->status = ac->remote_req->handle->status;
			goto done;
		}

		if (ac->remote_req->handle->state != LDB_ASYNC_DONE) {
			return LDB_SUCCESS;
		}

		break;
		
	default:
		ret = LDB_ERR_OPERATIONS_ERROR;
		goto done;
	}

	ret = LDB_SUCCESS;

done:
	handle->state = LDB_ASYNC_DONE;
	return ret;
}

static int lpdb_wait_all(struct ldb_handle *handle) {

	int ret;

	while (handle->state != LDB_ASYNC_DONE) {
		ret = lpdb_wait(handle);
		if (ret != LDB_SUCCESS) {
			return ret;
		}
	}

	return handle->status;
}

static int local_password_wait(struct ldb_handle *handle, enum ldb_wait_type type)
{
	if (type == LDB_WAIT_ALL) {
		return lpdb_wait_all(handle);
	} else {
		return lpdb_wait(handle);
	}
}

_PUBLIC_ const struct ldb_module_ops ldb_local_password_module_ops = {
	.name          = "local_password",
	.add           = local_password_add,
	.modify        = local_password_modify,
	.search        = local_password_search,
	.wait          = local_password_wait
};