sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-21 18:04:06 +03:00
Code
samba-mirror/lib/ldb/common/ldb_dn.c

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

2299 lines
47 KiB
C
Raw Normal View History

ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
/*
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
ldb database library
r8037: a fairly major update to the internals of ldb. Changes are: - moved the knowledge of attribute types out of ldb_tdb and into the generic ldb code. This allows the ldb_match() message match logic to be generic, so it can be used by other backend - added the generic ability to load attribute handlers, for canonicalisation, compare, ldif read and ldif write. In the future this will be used by the schema module to allow us to correctly obey the attributetype schema elements - added attribute handlers for some of the core ldap attribute types, Integer, DirectoryString, DN, ObjectClass etc - added automatic registration of attribute handlers for well-known attribute names 'cn', 'dc', 'dn', 'ou' and 'objectClass' - converted the objectSid special handlers for Samba to the new system - added more correct handling of indexing in tdb backend based on the attribute canonicalisation function - added generic support for subclasses, moving it out of the tdb backend. This will be used in future by the schema module - fixed several bugs in the dn_explode code. It still needs more work, but doesn't corrupt ldb dbs any more. (This used to be commit 944c5844ab441b96d8e5d7b2d151982139d1fab9)
2005-07-01 06:21:26 +00:00
Copyright (C) Simo Sorce 2005
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
** NOTE! The following LGPL license applies to the ldb
** library. This does NOT imply that all of Samba is released
** under the LGPL
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
r23795: more v2->v3 conversion (This used to be commit 84b468b2f8f2dffda89593f816e8bc6a8b6d42ac)
2007-07-10 02:46:15 +00:00
version 3 of the License, or (at your option) any later version.
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
r23798: updated old Temple Place FSF addresses to new URL (This used to be commit 40c0919aaa9c1b14bbaebb95ecce53eb0380fdbb)
2007-07-10 03:42:26 +00:00
License along with this library; if not, see <http://www.gnu.org/licenses/>.
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
*/
/*
* Name: ldb
*
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
* Component: ldb dn creation and manipulation utility functions
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
*
* Description: - explode a dn into it's own basic elements
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
* and put them in a structure (only if necessary)
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
* - manipulate ldb_dn structures
*
* Author: Simo Sorce
*/
Fix the mess with ldb includes. Separate again the public from the private headers. Add a new header specific for modules. Also add service function for modules as now ldb_context and ldb_module are opaque structures for them.
2009-01-29 18:39:30 -05:00
#include "ldb_private.h"
r22694: It seems that AIX 5.3 with XLC has difficulties with <ctype.h>. This is an attempt to work around this: Maybe it helps if we include other stuff first. This raises a question however: Do we want the DN handling to be locale dependent? isalpha() can return different things depending on the current locale. (This used to be commit 75ba82dee052fa5f4141e66e1cb748101aa95d71)
2007-05-06 11:03:33 +00:00
#include <ctype.h>
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
r8037: a fairly major update to the internals of ldb. Changes are: - moved the knowledge of attribute types out of ldb_tdb and into the generic ldb code. This allows the ldb_match() message match logic to be generic, so it can be used by other backend - added the generic ability to load attribute handlers, for canonicalisation, compare, ldif read and ldif write. In the future this will be used by the schema module to allow us to correctly obey the attributetype schema elements - added attribute handlers for some of the core ldap attribute types, Integer, DirectoryString, DN, ObjectClass etc - added automatic registration of attribute handlers for well-known attribute names 'cn', 'dc', 'dn', 'ou' and 'objectClass' - converted the objectSid special handlers for Samba to the new system - added more correct handling of indexing in tdb backend based on the attribute canonicalisation function - added generic support for subclasses, moving it out of the tdb backend. This will be used in future by the schema module - fixed several bugs in the dn_explode code. It still needs more work, but doesn't corrupt ldb dbs any more. (This used to be commit 944c5844ab441b96d8e5d7b2d151982139d1fab9)
2005-07-01 06:21:26 +00:00
#define LDB_DN_NULL_FAILED(x) if (!(x)) goto failed
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
ldb_dn: make LDB_FREE, TALLOC_FREE This LDB_FREE() seems to predate TALLOC_FREE(), and was identical until TALLOC_FREE was optimised to avoid calling talloc_free(NULL) in b9fcfc6399eab750880ee0b9806311dd351a8ff6. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-03-15 23:29:34 +13:00
#define LDB_FREE(x) TALLOC_FREE(x)
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
r19531: Make struct ldb_dn opaque and local to ldb_dn.c (This used to be commit 889fb983ba1cf8a11424a8b3dc3a5ef76e780082)
2006-11-01 23:31:26 +00:00
/**
internal ldb exploded dn structures
*/
struct ldb_dn_component {
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
char *name;
r19531: Make struct ldb_dn opaque and local to ldb_dn.c (This used to be commit 889fb983ba1cf8a11424a8b3dc3a5ef76e780082)
2006-11-01 23:31:26 +00:00
struct ldb_val value;
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
char *cf_name;
struct ldb_val cf_value;
r19531: Make struct ldb_dn opaque and local to ldb_dn.c (This used to be commit 889fb983ba1cf8a11424a8b3dc3a5ef76e780082)
2006-11-01 23:31:26 +00:00
};
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
struct ldb_dn_ext_component {
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
ldb: Do not allocate the extended DN name The name must be a hard-coded value from struct ldb_dn_extended_syntax so just point to that constant pointer Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-17 13:28:59 +12:00
const char *name;
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
struct ldb_val value;
};
r19531: Make struct ldb_dn opaque and local to ldb_dn.c (This used to be commit 889fb983ba1cf8a11424a8b3dc3a5ef76e780082)
2006-11-01 23:31:26 +00:00
struct ldb_dn {
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
struct ldb_context *ldb;
/* Special DNs are always linearized */
bool special;
bool invalid;
bool valid_case;
char *linearized;
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
char *ext_linearized;
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
char *casefold;
unsigned int comp_num;
r19531: Make struct ldb_dn opaque and local to ldb_dn.c (This used to be commit 889fb983ba1cf8a11424a8b3dc3a5ef76e780082)
2006-11-01 23:31:26 +00:00
struct ldb_dn_component *components;
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
unsigned int ext_comp_num;
struct ldb_dn_ext_component *ext_components;
r19531: Make struct ldb_dn opaque and local to ldb_dn.c (This used to be commit 889fb983ba1cf8a11424a8b3dc3a5ef76e780082)
2006-11-01 23:31:26 +00:00
};
s4-ldb: Add support for binary blobs in DNs AD has the concept of a DN prefixed with B:NN:XXXXXX: that contains a binary blob. We need to support those in order to give correctly formatted binary blobs for things like wellKnownObjects This implementation is not ideal, as it allows for binary blobs on all DNs, whereas it should only allow them on those with a syntax of 2.5.5.7. We should clean this up in the future, but meanwhile this implementation at least gets us a working DC join of w2k8 to s4. This patch also uses a static function for marking DNs as invalid, which is very useful when debugging this code, as you can break on it in gdb.
2009-10-02 12:03:05 +10:00
/* it is helpful to be able to break on this in gdb */
static void ldb_dn_mark_invalid(struct ldb_dn *dn)
{
dn->invalid = true;
}
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
/* strdn may be NULL */
s4-ldb: use TALLOC_CTX type instead of 'void'
2010-07-13 02:37:58 +03:00
struct ldb_dn *ldb_dn_from_ldb_val(TALLOC_CTX *mem_ctx,
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
struct ldb_context *ldb,
const struct ldb_val *strdn)
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
{
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
struct ldb_dn *dn;
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
ldb: avoid NULL deref in ldb_dn_from_ldb_val (CID 1034730) Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-05-08 12:31:36 +12:00
if (ldb == NULL || strdn == NULL) {
return NULL;
}
if (strdn->data
s4-ldb: allow for non-null terminated ldb_val in ldb_dn_from_ldb_val The strlen() could go past the end of a non-null terminated value
2009-10-21 22:18:16 +11:00
&& (strnlen((const char*)strdn->data, strdn->length) != strdn->length)) {
Move the check above the talloc
2009-09-22 14:37:58 -07:00
/* The RDN must not contain a character with value 0x0 */
return NULL;
}
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
dn = talloc_zero(mem_ctx, struct ldb_dn);
LDB_DN_NULL_FAILED(dn);
s4-ldb: validate the type of the ldb argument to ldb_dn_new() It has been a common bug to get the first two arguments the wrong way around
2010-01-09 09:03:08 +11:00
dn->ldb = talloc_get_type(ldb, struct ldb_context);
if (dn->ldb == NULL) {
/* the caller probably got the arguments to
ldb_dn_new() mixed up */
talloc_free(dn);
return NULL;
}
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
Don't walk past the end of ldb values. This is a partial fix towards bugs due to us walking past the end of what we think are strings in ldb. There is much more work to do in this area. Andrew Bartlett (This used to be commit 5805a9a8f35fd90fa4f718f73534817fa3bbdfd2)
2008-08-21 19:24:58 +10:00
if (strdn->data && strdn->length) {
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
const char *data = (const char *)strdn->data;
size_t length = strdn->length;
if (data[0] == '@') {
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
dn->special = true;
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
}
dn->ext_linearized = talloc_strndup(dn, data, length);
LDB_DN_NULL_FAILED(dn->ext_linearized);
if (data[0] == '<') {
const char *p_save, *p = dn->ext_linearized;
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
do {
p_save = p;
p = strstr(p, ">;");
if (p) {
p = p + 2;
}
} while (p);
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
if (p_save == dn->ext_linearized) {
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
dn->linearized = talloc_strdup(dn, "");
} else {
dn->linearized = talloc_strdup(dn, p_save);
}
LDB_DN_NULL_FAILED(dn->linearized);
} else {
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
dn->linearized = dn->ext_linearized;
dn->ext_linearized = NULL;
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
}
} else {
dn->linearized = talloc_strdup(dn, "");
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
LDB_DN_NULL_FAILED(dn->linearized);
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
}
return dn;
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
failed:
talloc_free(dn);
return NULL;
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
}
Don't walk past the end of ldb values. This is a partial fix towards bugs due to us walking past the end of what we think are strings in ldb. There is much more work to do in this area. Andrew Bartlett (This used to be commit 5805a9a8f35fd90fa4f718f73534817fa3bbdfd2)
2008-08-21 19:24:58 +10:00
/* strdn may be NULL */
s4-ldb: use TALLOC_CTX type instead of 'void'
2010-07-13 02:37:58 +03:00
struct ldb_dn *ldb_dn_new(TALLOC_CTX *mem_ctx,
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
struct ldb_context *ldb,
const char *strdn)
Don't walk past the end of ldb values. This is a partial fix towards bugs due to us walking past the end of what we think are strings in ldb. There is much more work to do in this area. Andrew Bartlett (This used to be commit 5805a9a8f35fd90fa4f718f73534817fa3bbdfd2)
2008-08-21 19:24:58 +10:00
{
struct ldb_val blob;
s4-ldb: Add support for binary blobs in DNs AD has the concept of a DN prefixed with B:NN:XXXXXX: that contains a binary blob. We need to support those in order to give correctly formatted binary blobs for things like wellKnownObjects This implementation is not ideal, as it allows for binary blobs on all DNs, whereas it should only allow them on those with a syntax of 2.5.5.7. We should clean this up in the future, but meanwhile this implementation at least gets us a working DC join of w2k8 to s4. This patch also uses a static function for marking DNs as invalid, which is very useful when debugging this code, as you can break on it in gdb.
2009-10-02 12:03:05 +10:00
blob.data = discard_const_p(uint8_t, strdn);
Don't walk past the end of ldb values. This is a partial fix towards bugs due to us walking past the end of what we think are strings in ldb. There is much more work to do in this area. Andrew Bartlett (This used to be commit 5805a9a8f35fd90fa4f718f73534817fa3bbdfd2)
2008-08-21 19:24:58 +10:00
blob.length = strdn ? strlen(strdn) : 0;
return ldb_dn_from_ldb_val(mem_ctx, ldb, &blob);
}
s4-ldb: use TALLOC_CTX type instead of 'void'
2010-07-13 02:37:58 +03:00
struct ldb_dn *ldb_dn_new_fmt(TALLOC_CTX *mem_ctx,
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
struct ldb_context *ldb,
const char *new_fmt, ...)
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
{
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
char *strdn;
va_list ap;
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
LDB: Redudant test on NULL context remove There is redudant test on NULL context in ldb_dn_new_fmt() function. We use this (NULL) context in talloc_vasprintf() function which is able to work with NULL at all. And at the end, we free this newly created (by talloc_vasprintf) context. So it should be safe to remove this check. Signed-off-by: Petr Cech <pcech@redhat.com> Reviewed-by: Simo Sorce <idra@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Apr 26 08:09:25 CEST 2016 on sn-devel-144
2016-03-21 09:15:17 -04:00
if (! ldb) return NULL;
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
va_start(ap, new_fmt);
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
strdn = talloc_vasprintf(mem_ctx, new_fmt, ap);
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
va_end(ap);
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
if (strdn) {
struct ldb_dn *dn = ldb_dn_new(mem_ctx, ldb, strdn);
talloc_free(strdn);
return dn;
}
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
return NULL;
}
s4-ldb: make DN escaping/unescaping consistent The DN escape function was using the form \c where c is any character. The unescape function was using \XX where XX is a 2 digit hex number. The asymmetry led to quite a few problems when we start to deal with DNs containing escape chars, such as CN=foo\0ADEL:XXX. The result was a DN that was not accessible. This patch changes the escaping to follow RFC2253 much more closely. We accept either type of escape, and produce the two types of escape, depending on the character being escaped
2009-11-13 17:48:35 +11:00
/* see RFC2253 section 2.4 */
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
static int ldb_dn_escape_internal(char *dst, const char *src, int len)
{
CVE-2015-5330: ldb_dn: simplify and fix ldb_dn_escape_internal() Previously we relied on NUL terminated strings and jumped back and forth between copying escaped bytes and memcpy()ing un-escaped chunks. This simple version is easier to reason about and works with unterminated strings. It may also be faster as it avoids reading the string twice (first with strcspn, then with memcpy). Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Pair-programmed-with: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2015-11-24 13:07:23 +13:00
char c;
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
char *d;
CVE-2015-5330: ldb_dn: simplify and fix ldb_dn_escape_internal() Previously we relied on NUL terminated strings and jumped back and forth between copying escaped bytes and memcpy()ing un-escaped chunks. This simple version is easier to reason about and works with unterminated strings. It may also be faster as it avoids reading the string twice (first with strcspn, then with memcpy). Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Pair-programmed-with: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2015-11-24 13:07:23 +13:00
int i;
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
d = dst;
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
CVE-2015-5330: ldb_dn: simplify and fix ldb_dn_escape_internal() Previously we relied on NUL terminated strings and jumped back and forth between copying escaped bytes and memcpy()ing un-escaped chunks. This simple version is easier to reason about and works with unterminated strings. It may also be faster as it avoids reading the string twice (first with strcspn, then with memcpy). Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Pair-programmed-with: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2015-11-24 13:07:23 +13:00
for (i = 0; i < len; i++){
c = src[i];
switch (c) {
s4-ldb: make DN escaping/unescaping consistent The DN escape function was using the form \c where c is any character. The unescape function was using \XX where XX is a 2 digit hex number. The asymmetry led to quite a few problems when we start to deal with DNs containing escape chars, such as CN=foo\0ADEL:XXX. The result was a DN that was not accessible. This patch changes the escaping to follow RFC2253 much more closely. We accept either type of escape, and produce the two types of escape, depending on the character being escaped
2009-11-13 17:48:35 +11:00
case ' ':
CVE-2015-5330: ldb_dn: simplify and fix ldb_dn_escape_internal() Previously we relied on NUL terminated strings and jumped back and forth between copying escaped bytes and memcpy()ing un-escaped chunks. This simple version is easier to reason about and works with unterminated strings. It may also be faster as it avoids reading the string twice (first with strcspn, then with memcpy). Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Pair-programmed-with: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2015-11-24 13:07:23 +13:00
if (i == 0 || i == len - 1) {
s4-ldb: make DN escaping/unescaping consistent The DN escape function was using the form \c where c is any character. The unescape function was using \XX where XX is a 2 digit hex number. The asymmetry led to quite a few problems when we start to deal with DNs containing escape chars, such as CN=foo\0ADEL:XXX. The result was a DN that was not accessible. This patch changes the escaping to follow RFC2253 much more closely. We accept either type of escape, and produce the two types of escape, depending on the character being escaped
2009-11-13 17:48:35 +11:00
/* if at the beginning or end
* of the string then escape */
*d++ = '\\';
CVE-2015-5330: ldb_dn: simplify and fix ldb_dn_escape_internal() Previously we relied on NUL terminated strings and jumped back and forth between copying escaped bytes and memcpy()ing un-escaped chunks. This simple version is easier to reason about and works with unterminated strings. It may also be faster as it avoids reading the string twice (first with strcspn, then with memcpy). Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Pair-programmed-with: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2015-11-24 13:07:23 +13:00
*d++ = c;
s4-ldb: make DN escaping/unescaping consistent The DN escape function was using the form \c where c is any character. The unescape function was using \XX where XX is a 2 digit hex number. The asymmetry led to quite a few problems when we start to deal with DNs containing escape chars, such as CN=foo\0ADEL:XXX. The result was a DN that was not accessible. This patch changes the escaping to follow RFC2253 much more closely. We accept either type of escape, and produce the two types of escape, depending on the character being escaped
2009-11-13 17:48:35 +11:00
} else {
/* otherwise don't escape */
CVE-2015-5330: ldb_dn: simplify and fix ldb_dn_escape_internal() Previously we relied on NUL terminated strings and jumped back and forth between copying escaped bytes and memcpy()ing un-escaped chunks. This simple version is easier to reason about and works with unterminated strings. It may also be faster as it avoids reading the string twice (first with strcspn, then with memcpy). Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Pair-programmed-with: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2015-11-24 13:07:23 +13:00
*d++ = c;
s4-ldb: make DN escaping/unescaping consistent The DN escape function was using the form \c where c is any character. The unescape function was using \XX where XX is a 2 digit hex number. The asymmetry led to quite a few problems when we start to deal with DNs containing escape chars, such as CN=foo\0ADEL:XXX. The result was a DN that was not accessible. This patch changes the escaping to follow RFC2253 much more closely. We accept either type of escape, and produce the two types of escape, depending on the character being escaped
2009-11-13 17:48:35 +11:00
}
break;
r8082: large rewite of ldb_dn.c - we do not support multpiple attribute components anymore, makes code a lot easier they will be readded later if we found out they are really used, so far my tests show w2k3 do not handle them as well - fix escaping issues, move component value to be in an ldb_val structure still need to handle binary values case - make cononicalize functions leak less memory by giving a specific memory context - fix tests scripts so that test-ldap can start - make test not delete databases on completion so that I can inspect them (This used to be commit 624a73148d125690ce18515f19231d26df207738)
2005-07-02 17:30:03 +00:00
s4-ldb: make DN escaping/unescaping consistent The DN escape function was using the form \c where c is any character. The unescape function was using \XX where XX is a 2 digit hex number. The asymmetry led to quite a few problems when we start to deal with DNs containing escape chars, such as CN=foo\0ADEL:XXX. The result was a DN that was not accessible. This patch changes the escaping to follow RFC2253 much more closely. We accept either type of escape, and produce the two types of escape, depending on the character being escaped
2009-11-13 17:48:35 +11:00
case '#':
/* despite the RFC, windows escapes a #
anywhere in the string */
case ',':
case '+':
case '"':
case '\\':
case '<':
case '>':
case '?':
/* these must be escaped using \c form */
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
*d++ = '\\';
CVE-2015-5330: ldb_dn: simplify and fix ldb_dn_escape_internal() Previously we relied on NUL terminated strings and jumped back and forth between copying escaped bytes and memcpy()ing un-escaped chunks. This simple version is easier to reason about and works with unterminated strings. It may also be faster as it avoids reading the string twice (first with strcspn, then with memcpy). Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Pair-programmed-with: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2015-11-24 13:07:23 +13:00
*d++ = c;
s4-ldb: make DN escaping/unescaping consistent The DN escape function was using the form \c where c is any character. The unescape function was using \XX where XX is a 2 digit hex number. The asymmetry led to quite a few problems when we start to deal with DNs containing escape chars, such as CN=foo\0ADEL:XXX. The result was a DN that was not accessible. This patch changes the escaping to follow RFC2253 much more closely. We accept either type of escape, and produce the two types of escape, depending on the character being escaped
2009-11-13 17:48:35 +11:00
break;
CVE-2015-5330: ldb_dn: simplify and fix ldb_dn_escape_internal() Previously we relied on NUL terminated strings and jumped back and forth between copying escaped bytes and memcpy()ing un-escaped chunks. This simple version is easier to reason about and works with unterminated strings. It may also be faster as it avoids reading the string twice (first with strcspn, then with memcpy). Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Pair-programmed-with: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2015-11-24 13:07:23 +13:00
case ';':
case '\r':
case '\n':
case '=':
case '\0': {
s4-ldb: make DN escaping/unescaping consistent The DN escape function was using the form \c where c is any character. The unescape function was using \XX where XX is a 2 digit hex number. The asymmetry led to quite a few problems when we start to deal with DNs containing escape chars, such as CN=foo\0ADEL:XXX. The result was a DN that was not accessible. This patch changes the escaping to follow RFC2253 much more closely. We accept either type of escape, and produce the two types of escape, depending on the character being escaped
2009-11-13 17:48:35 +11:00
/* any others get \XX form */
unsigned char v;
CVE-2015-5330: ldb_dn: simplify and fix ldb_dn_escape_internal() Previously we relied on NUL terminated strings and jumped back and forth between copying escaped bytes and memcpy()ing un-escaped chunks. This simple version is easier to reason about and works with unterminated strings. It may also be faster as it avoids reading the string twice (first with strcspn, then with memcpy). Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Pair-programmed-with: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2015-11-24 13:07:23 +13:00
v = (const unsigned char)c;
s4-ldb: make DN escaping/unescaping consistent The DN escape function was using the form \c where c is any character. The unescape function was using \XX where XX is a 2 digit hex number. The asymmetry led to quite a few problems when we start to deal with DNs containing escape chars, such as CN=foo\0ADEL:XXX. The result was a DN that was not accessible. This patch changes the escaping to follow RFC2253 much more closely. We accept either type of escape, and produce the two types of escape, depending on the character being escaped
2009-11-13 17:48:35 +11:00
*d++ = '\\';
ldb: User hexchars_upper from replace.h Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2024-09-10 10:02:04 +02:00
*d++ = hexchars_upper[v>>4];
*d++ = hexchars_upper[v&0xF];
s4-ldb: make DN escaping/unescaping consistent The DN escape function was using the form \c where c is any character. The unescape function was using \XX where XX is a 2 digit hex number. The asymmetry led to quite a few problems when we start to deal with DNs containing escape chars, such as CN=foo\0ADEL:XXX. The result was a DN that was not accessible. This patch changes the escaping to follow RFC2253 much more closely. We accept either type of escape, and produce the two types of escape, depending on the character being escaped
2009-11-13 17:48:35 +11:00
break;
}
CVE-2015-5330: ldb_dn: simplify and fix ldb_dn_escape_internal() Previously we relied on NUL terminated strings and jumped back and forth between copying escaped bytes and memcpy()ing un-escaped chunks. This simple version is easier to reason about and works with unterminated strings. It may also be faster as it avoids reading the string twice (first with strcspn, then with memcpy). Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Pair-programmed-with: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2015-11-24 13:07:23 +13:00
default:
*d++ = c;
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
}
}
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
/* return the length of the resulting string */
CVE-2015-5330: ldb_dn: simplify and fix ldb_dn_escape_internal() Previously we relied on NUL terminated strings and jumped back and forth between copying escaped bytes and memcpy()ing un-escaped chunks. This simple version is easier to reason about and works with unterminated strings. It may also be faster as it avoids reading the string twice (first with strcspn, then with memcpy). Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Pair-programmed-with: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2015-11-24 13:07:23 +13:00
return (d - dst);
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
}
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
s4-ldb: use TALLOC_CTX type instead of 'void'
2010-07-13 02:37:58 +03:00
char *ldb_dn_escape_value(TALLOC_CTX *mem_ctx, struct ldb_val value)
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
{
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
char *dst;
CVE-2015-5330: ldb_dn_escape_value: use known string length, not strlen() ldb_dn_escape_internal() reports the number of bytes it copied, so lets use that number, rather than using strlen() and hoping a zero got in the right place. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Pair-programmed-with: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2015-11-24 13:09:36 +13:00
size_t len;
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
if (!value.length)
return NULL;
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
/* allocate destination string, it will be at most 3 times the source */
dst = talloc_array(mem_ctx, char, value.length * 3 + 1);
if ( ! dst) {
talloc_free(dst);
return NULL;
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
}
CVE-2015-5330: ldb_dn_escape_value: use known string length, not strlen() ldb_dn_escape_internal() reports the number of bytes it copied, so lets use that number, rather than using strlen() and hoping a zero got in the right place. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Pair-programmed-with: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2015-11-24 13:09:36 +13:00
len = ldb_dn_escape_internal(dst, (const char *)value.data, value.length);
r19869: fix memleaks (This used to be commit 3a662a2d985bf801284c5dc1123dec6705e6d092)
2006-11-23 22:06:07 +00:00
CVE-2015-5330: ldb_dn_escape_value: use known string length, not strlen() ldb_dn_escape_internal() reports the number of bytes it copied, so lets use that number, rather than using strlen() and hoping a zero got in the right place. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Pair-programmed-with: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2015-11-24 13:09:36 +13:00
dst = talloc_realloc(mem_ctx, dst, char, len + 1);
if ( ! dst) {
talloc_free(dst);
return NULL;
}
dst[len] = '\0';
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
return dst;
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
}
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
/*
explode a DN string into a ldb_dn structure
based on RFC4514 except that we don't support multiple valued RDNs
Add support in the ldb_dn.c code for MS-ADTS:3.1.1.5.1.2 Naming Constraints
2009-09-21 17:14:06 -07:00
TODO: according to MS-ADTS:3.1.1.5.2 Naming Constraints
DN must be compliant with RFC2253
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
*/
static bool ldb_dn_explode(struct ldb_dn *dn)
r8082: large rewite of ldb_dn.c - we do not support multpiple attribute components anymore, makes code a lot easier they will be readded later if we found out they are really used, so far my tests show w2k3 do not handle them as well - fix escaping issues, move component value to be in an ldb_val structure still need to handle binary values case - make cononicalize functions leak less memory by giving a specific memory context - fix tests scripts so that test-ldap can start - make test not delete databases on completion so that I can inspect them (This used to be commit 624a73148d125690ce18515f19231d26df207738)
2005-07-02 17:30:03 +00:00
{
lib/ldb fix compiler warnings about potentially uninitialized variables Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-12-10 17:45:58 +01:00
char *p, *ex_name = NULL, *ex_value = NULL, *data, *d, *dt, *t;
ldb:ldb_dn_explode - remove/unify some duplicate initialisations
2011-01-08 21:59:37 +01:00
bool trim = true;
bool in_extended = true;
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
bool in_ex_name = false;
bool in_ex_value = false;
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
bool in_attr = false;
bool in_value = false;
bool in_quote = false;
bool is_oid = false;
bool escape = false;
LDB:common - Change counters to "unsigned" where appropriate To count LDB objects use variables of type "unsigned (int)" or "long long int" on binary or downto searches. To count characters in strings use "size_t". To calculate differences between pointers use "ptrdiff_t".
2009-11-06 18:35:17 +01:00
unsigned int x;
lib/ldb fix compiler warnings about potentially uninitialized variables Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-12-10 17:45:58 +01:00
size_t l = 0;
LDB:common - Change counters to "unsigned" where appropriate To count LDB objects use variables of type "unsigned (int)" or "long long int" on binary or downto searches. To count characters in strings use "size_t". To calculate differences between pointers use "ptrdiff_t".
2009-11-06 18:35:17 +01:00
int ret;
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
char *parse_dn;
s4-ldb: allow for unescaped '=' in a index DN The ldb_dn_explode code normally enforces all special characters, including a '=', must be escaped. Unfortunately this conflicts with the ltdb index DNs, which for binary attributes may be base64 encoded. This allows a unescaped '=' as a special case for index DNs.
2009-10-25 22:02:31 +11:00
bool is_index;
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
ldb: Avoid "==true/false" in a boolean expression That's what we have boolean variables and expressions for Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2022-04-10 18:22:55 +02:00
if (dn == NULL || dn->invalid) {
ldb: Rework all pointer NULL tests to use Samba's normal style Also avoid if () without braces BUG: https://bugzilla.samba.org/show_bug.cgi?id=14049 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-08-22 10:59:07 +12:00
return false;
}
r8082: large rewite of ldb_dn.c - we do not support multpiple attribute components anymore, makes code a lot easier they will be readded later if we found out they are really used, so far my tests show w2k3 do not handle them as well - fix escaping issues, move component value to be in an ldb_val structure still need to handle binary values case - make cononicalize functions leak less memory by giving a specific memory context - fix tests scripts so that test-ldap can start - make test not delete databases on completion so that I can inspect them (This used to be commit 624a73148d125690ce18515f19231d26df207738)
2005-07-02 17:30:03 +00:00
ldb: Rework all pointer NULL tests to use Samba's normal style Also avoid if () without braces BUG: https://bugzilla.samba.org/show_bug.cgi?id=14049 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-08-22 10:59:07 +12:00
if (dn->components != NULL) {
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
return true;
}
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
ldb: Rework all pointer NULL tests to use Samba's normal style Also avoid if () without braces BUG: https://bugzilla.samba.org/show_bug.cgi?id=14049 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-08-22 10:59:07 +12:00
if (dn->ext_linearized != NULL) {
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
parse_dn = dn->ext_linearized;
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
} else {
parse_dn = dn->linearized;
}
ldb: Rework all pointer NULL tests to use Samba's normal style Also avoid if () without braces BUG: https://bugzilla.samba.org/show_bug.cgi?id=14049 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-08-22 10:59:07 +12:00
if (parse_dn == NULL) {
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
return false;
}
r8082: large rewite of ldb_dn.c - we do not support multpiple attribute components anymore, makes code a lot easier they will be readded later if we found out they are really used, so far my tests show w2k3 do not handle them as well - fix escaping issues, move component value to be in an ldb_val structure still need to handle binary values case - make cononicalize functions leak less memory by giving a specific memory context - fix tests scripts so that test-ldap can start - make test not delete databases on completion so that I can inspect them (This used to be commit 624a73148d125690ce18515f19231d26df207738)
2005-07-02 17:30:03 +00:00
s4-ldb: allow for unescaped '=' in a index DN The ldb_dn_explode code normally enforces all special characters, including a '=', must be escaped. Unfortunately this conflicts with the ltdb index DNs, which for binary attributes may be base64 encoded. This allows a unescaped '=' as a special case for index DNs.
2009-10-25 22:02:31 +11:00
is_index = (strncmp(parse_dn, "DN=@INDEX:", 10) == 0);
s4-ldb: Add support for binary blobs in DNs AD has the concept of a DN prefixed with B:NN:XXXXXX: that contains a binary blob. We need to support those in order to give correctly formatted binary blobs for things like wellKnownObjects This implementation is not ideal, as it allows for binary blobs on all DNs, whereas it should only allow them on those with a syntax of 2.5.5.7. We should clean this up in the future, but meanwhile this implementation at least gets us a working DC join of w2k8 to s4. This patch also uses a static function for marking DNs as invalid, which is very useful when debugging this code, as you can break on it in gdb.
2009-10-02 12:03:05 +10:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
/* Empty DNs */
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
if (parse_dn[0] == '\0') {
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
return true;
r8082: large rewite of ldb_dn.c - we do not support multpiple attribute components anymore, makes code a lot easier they will be readded later if we found out they are really used, so far my tests show w2k3 do not handle them as well - fix escaping issues, move component value to be in an ldb_val structure still need to handle binary values case - make cononicalize functions leak less memory by giving a specific memory context - fix tests scripts so that test-ldap can start - make test not delete databases on completion so that I can inspect them (This used to be commit 624a73148d125690ce18515f19231d26df207738)
2005-07-02 17:30:03 +00:00
}
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
/* Special DNs case */
ldb: Avoid "==true/false" in a boolean expression That's what we have boolean variables and expressions for Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2022-04-10 18:22:55 +02:00
if (dn->special) {
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
return true;
}
r8082: large rewite of ldb_dn.c - we do not support multpiple attribute components anymore, makes code a lot easier they will be readded later if we found out they are really used, so far my tests show w2k3 do not handle them as well - fix escaping issues, move component value to be in an ldb_val structure still need to handle binary values case - make cononicalize functions leak less memory by giving a specific memory context - fix tests scripts so that test-ldap can start - make test not delete databases on completion so that I can inspect them (This used to be commit 624a73148d125690ce18515f19231d26df207738)
2005-07-02 17:30:03 +00:00
s4:ldb_dn: reset dn->ext_comp_num in ldb_dn_explode() metze
2010-02-25 23:19:53 +01:00
LDB_FREE(dn->ext_components);
dn->ext_comp_num = 0;
ldb_dn: don't free a known NULL pointer Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-02-08 15:49:56 +13:00
dn->comp_num = 0;
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
/* in the common case we have 3 or more components */
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
/* make sure all components are zeroed, other functions depend on it */
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
dn->components = talloc_zero_array(dn, struct ldb_dn_component, 3);
ldb: Rework all pointer NULL tests to use Samba's normal style Also avoid if () without braces BUG: https://bugzilla.samba.org/show_bug.cgi?id=14049 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-08-22 10:59:07 +12:00
if (dn->components == NULL) {
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
return false;
}
r8082: large rewite of ldb_dn.c - we do not support multpiple attribute components anymore, makes code a lot easier they will be readded later if we found out they are really used, so far my tests show w2k3 do not handle them as well - fix escaping issues, move component value to be in an ldb_val structure still need to handle binary values case - make cononicalize functions leak less memory by giving a specific memory context - fix tests scripts so that test-ldap can start - make test not delete databases on completion so that I can inspect them (This used to be commit 624a73148d125690ce18515f19231d26df207738)
2005-07-02 17:30:03 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
/* Components data space is allocated here once */
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
data = talloc_array(dn->components, char, strlen(parse_dn) + 1);
ldb: Rework all pointer NULL tests to use Samba's normal style Also avoid if () without braces BUG: https://bugzilla.samba.org/show_bug.cgi?id=14049 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-08-22 10:59:07 +12:00
if (data == NULL) {
ldb_dn: free dn components on explode failure Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Noel Power <npower@samba.org>
2019-03-08 12:12:00 +13:00
goto failed;
r19901: Fix a potential NULL dereference (This used to be commit 75e6fb9654f10a076ed49b0582b40368e149d30a)
2006-11-25 17:19:42 +00:00
}
r8082: large rewite of ldb_dn.c - we do not support multpiple attribute components anymore, makes code a lot easier they will be readded later if we found out they are really used, so far my tests show w2k3 do not handle them as well - fix escaping issues, move component value to be in an ldb_val structure still need to handle binary values case - make cononicalize functions leak less memory by giving a specific memory context - fix tests scripts so that test-ldap can start - make test not delete databases on completion so that I can inspect them (This used to be commit 624a73148d125690ce18515f19231d26df207738)
2005-07-02 17:30:03 +00:00
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
p = parse_dn;
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
t = NULL;
d = dt = data;
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
while (*p) {
ldb: Avoid "==true/false" in a boolean expression That's what we have boolean variables and expressions for Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2022-04-10 18:22:55 +02:00
if (in_extended) {
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
if (!in_ex_name && !in_ex_value) {
if (p[0] == '<') {
p++;
ex_name = d;
in_ex_name = true;
continue;
} else {
in_extended = false;
in_attr = true;
dt = d;
continue;
}
}
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
if (in_ex_name && *p == '=') {
*d++ = '\0';
p++;
ex_value = d;
in_ex_name = false;
in_ex_value = true;
continue;
}
if (in_ex_value && *p == '>') {
ldb: Fix mem-leak if talloc_realloc fails In case of a failing talloc_realloc(), the only reference to the originally allocated memory is overwritten. Instead use a temp var until success is verified. Signed-off-by: Swen Schillig <swen@linux.ibm.com> Reviewed-by: Christof Schmitt <cs@samba.org> Reviewed-by: Matthias Dieter Wallnöfer <mdw@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-07-31 10:27:37 +02:00
struct ldb_dn_ext_component *ext_comp = NULL;
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
const struct ldb_dn_extended_syntax *ext_syntax;
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
struct ldb_val ex_val = {
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
.data = (uint8_t *)ex_value,
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
.length = d - ex_value
};
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
*d++ = '\0';
p++;
in_ex_value = false;
/* Process name and ex_value */
ldb: Fix mem-leak if talloc_realloc fails In case of a failing talloc_realloc(), the only reference to the originally allocated memory is overwritten. Instead use a temp var until success is verified. Signed-off-by: Swen Schillig <swen@linux.ibm.com> Reviewed-by: Christof Schmitt <cs@samba.org> Reviewed-by: Matthias Dieter Wallnöfer <mdw@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-07-31 10:27:37 +02:00
ext_comp = talloc_realloc(
dn,
dn->ext_components,
struct ldb_dn_ext_component,
dn->ext_comp_num + 1);
if (ext_comp == NULL) {
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
/* ouch ! */
goto failed;
}
ldb: Fix mem-leak if talloc_realloc fails In case of a failing talloc_realloc(), the only reference to the originally allocated memory is overwritten. Instead use a temp var until success is verified. Signed-off-by: Swen Schillig <swen@linux.ibm.com> Reviewed-by: Christof Schmitt <cs@samba.org> Reviewed-by: Matthias Dieter Wallnöfer <mdw@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-07-31 10:27:37 +02:00
dn->ext_components = ext_comp;
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
ext_syntax = ldb_dn_extended_syntax_by_name(dn->ldb, ex_name);
ldb: Rework all pointer NULL tests to use Samba's normal style Also avoid if () without braces BUG: https://bugzilla.samba.org/show_bug.cgi?id=14049 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-08-22 10:59:07 +12:00
if (ext_syntax == NULL) {
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
/* We don't know about this type of extended DN */
goto failed;
}
ldb: Do not allocate the extended DN name The name must be a hard-coded value from struct ldb_dn_extended_syntax so just point to that constant pointer Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-17 13:28:59 +12:00
dn->ext_components[dn->ext_comp_num].name = ext_syntax->name;
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
ret = ext_syntax->read_fn(dn->ldb, dn->ext_components,
&ex_val, &dn->ext_components[dn->ext_comp_num].value);
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
if (ret != LDB_SUCCESS) {
s4-ldb: Add support for binary blobs in DNs AD has the concept of a DN prefixed with B:NN:XXXXXX: that contains a binary blob. We need to support those in order to give correctly formatted binary blobs for things like wellKnownObjects This implementation is not ideal, as it allows for binary blobs on all DNs, whereas it should only allow them on those with a syntax of 2.5.5.7. We should clean this up in the future, but meanwhile this implementation at least gets us a working DC join of w2k8 to s4. This patch also uses a static function for marking DNs as invalid, which is very useful when debugging this code, as you can break on it in gdb.
2009-10-02 12:03:05 +10:00
ldb_dn_mark_invalid(dn);
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
goto failed;
}
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
dn->ext_comp_num++;
r8082: large rewite of ldb_dn.c - we do not support multpiple attribute components anymore, makes code a lot easier they will be readded later if we found out they are really used, so far my tests show w2k3 do not handle them as well - fix escaping issues, move component value to be in an ldb_val structure still need to handle binary values case - make cononicalize functions leak less memory by giving a specific memory context - fix tests scripts so that test-ldap can start - make test not delete databases on completion so that I can inspect them (This used to be commit 624a73148d125690ce18515f19231d26df207738)
2005-07-02 17:30:03 +00:00
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
if (*p == '\0') {
/* We have reached the end (extended component only)! */
talloc_free(data);
return true;
} else if (*p == ';') {
p++;
continue;
} else {
s4-ldb: Add support for binary blobs in DNs AD has the concept of a DN prefixed with B:NN:XXXXXX: that contains a binary blob. We need to support those in order to give correctly formatted binary blobs for things like wellKnownObjects This implementation is not ideal, as it allows for binary blobs on all DNs, whereas it should only allow them on those with a syntax of 2.5.5.7. We should clean this up in the future, but meanwhile this implementation at least gets us a working DC join of w2k8 to s4. This patch also uses a static function for marking DNs as invalid, which is very useful when debugging this code, as you can break on it in gdb.
2009-10-02 12:03:05 +10:00
ldb_dn_mark_invalid(dn);
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
goto failed;
}
}
*d++ = *p++;
continue;
}
ldb: Avoid "==true/false" in a boolean expression That's what we have boolean variables and expressions for Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2022-04-10 18:22:55 +02:00
if (in_attr) {
if (trim) {
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
if (*p == ' ') {
p++;
continue;
}
/* first char */
trim = false;
r22696: Make sure this is an ascii char spotted by Volker (This used to be commit e24812016f60f506f0df2cb5ba8c2c6987f7da40)
2007-05-06 15:17:14 +00:00
if (!isascii(*p)) {
/* attr names must be ascii only */
s4-ldb: Add support for binary blobs in DNs AD has the concept of a DN prefixed with B:NN:XXXXXX: that contains a binary blob. We need to support those in order to give correctly formatted binary blobs for things like wellKnownObjects This implementation is not ideal, as it allows for binary blobs on all DNs, whereas it should only allow them on those with a syntax of 2.5.5.7. We should clean this up in the future, but meanwhile this implementation at least gets us a working DC join of w2k8 to s4. This patch also uses a static function for marking DNs as invalid, which is very useful when debugging this code, as you can break on it in gdb.
2009-10-02 12:03:05 +10:00
ldb_dn_mark_invalid(dn);
r22696: Make sure this is an ascii char spotted by Volker (This used to be commit e24812016f60f506f0df2cb5ba8c2c6987f7da40)
2007-05-06 15:17:14 +00:00
goto failed;
}
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
if (isdigit(*p)) {
is_oid = true;
} else
if ( ! isalpha(*p)) {
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
/* not a digit nor an alpha,
* invalid attribute name */
s4-ldb: Add support for binary blobs in DNs AD has the concept of a DN prefixed with B:NN:XXXXXX: that contains a binary blob. We need to support those in order to give correctly formatted binary blobs for things like wellKnownObjects This implementation is not ideal, as it allows for binary blobs on all DNs, whereas it should only allow them on those with a syntax of 2.5.5.7. We should clean this up in the future, but meanwhile this implementation at least gets us a working DC join of w2k8 to s4. This patch also uses a static function for marking DNs as invalid, which is very useful when debugging this code, as you can break on it in gdb.
2009-10-02 12:03:05 +10:00
ldb_dn_mark_invalid(dn);
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
goto failed;
}
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
/* Copy this character across from parse_dn,
* now we have trimmed out spaces */
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
*d++ = *p++;
continue;
}
r8082: large rewite of ldb_dn.c - we do not support multpiple attribute components anymore, makes code a lot easier they will be readded later if we found out they are really used, so far my tests show w2k3 do not handle them as well - fix escaping issues, move component value to be in an ldb_val structure still need to handle binary values case - make cononicalize functions leak less memory by giving a specific memory context - fix tests scripts so that test-ldap can start - make test not delete databases on completion so that I can inspect them (This used to be commit 624a73148d125690ce18515f19231d26df207738)
2005-07-02 17:30:03 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
if (*p == ' ') {
p++;
/* valid only if we are at the end */
trim = true;
continue;
}
r8082: large rewite of ldb_dn.c - we do not support multpiple attribute components anymore, makes code a lot easier they will be readded later if we found out they are really used, so far my tests show w2k3 do not handle them as well - fix escaping issues, move component value to be in an ldb_val structure still need to handle binary values case - make cononicalize functions leak less memory by giving a specific memory context - fix tests scripts so that test-ldap can start - make test not delete databases on completion so that I can inspect them (This used to be commit 624a73148d125690ce18515f19231d26df207738)
2005-07-02 17:30:03 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
if (*p == '=') {
/* attribute terminated */
in_attr = false;
in_value = true;
trim = true;
l = 0;
r8082: large rewite of ldb_dn.c - we do not support multpiple attribute components anymore, makes code a lot easier they will be readded later if we found out they are really used, so far my tests show w2k3 do not handle them as well - fix escaping issues, move component value to be in an ldb_val structure still need to handle binary values case - make cononicalize functions leak less memory by giving a specific memory context - fix tests scripts so that test-ldap can start - make test not delete databases on completion so that I can inspect them (This used to be commit 624a73148d125690ce18515f19231d26df207738)
2005-07-02 17:30:03 +00:00
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
/* Terminate this string in d
* (which is a copy of parse_dn
* with spaces trimmed) */
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
*d++ = '\0';
r19869: fix memleaks (This used to be commit 3a662a2d985bf801284c5dc1123dec6705e6d092)
2006-11-23 22:06:07 +00:00
dn->components[dn->comp_num].name = talloc_strdup(dn->components, dt);
ldb: Rework all pointer NULL tests to use Samba's normal style Also avoid if () without braces BUG: https://bugzilla.samba.org/show_bug.cgi?id=14049 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-08-22 10:59:07 +12:00
if (dn->components[dn->comp_num].name == NULL) {
r19869: fix memleaks (This used to be commit 3a662a2d985bf801284c5dc1123dec6705e6d092)
2006-11-23 22:06:07 +00:00
/* ouch */
goto failed;
}
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
dt = d;
r8082: large rewite of ldb_dn.c - we do not support multpiple attribute components anymore, makes code a lot easier they will be readded later if we found out they are really used, so far my tests show w2k3 do not handle them as well - fix escaping issues, move component value to be in an ldb_val structure still need to handle binary values case - make cononicalize functions leak less memory by giving a specific memory context - fix tests scripts so that test-ldap can start - make test not delete databases on completion so that I can inspect them (This used to be commit 624a73148d125690ce18515f19231d26df207738)
2005-07-02 17:30:03 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
p++;
continue;
}
r8082: large rewite of ldb_dn.c - we do not support multpiple attribute components anymore, makes code a lot easier they will be readded later if we found out they are really used, so far my tests show w2k3 do not handle them as well - fix escaping issues, move component value to be in an ldb_val structure still need to handle binary values case - make cononicalize functions leak less memory by giving a specific memory context - fix tests scripts so that test-ldap can start - make test not delete databases on completion so that I can inspect them (This used to be commit 624a73148d125690ce18515f19231d26df207738)
2005-07-02 17:30:03 +00:00
r22696: Make sure this is an ascii char spotted by Volker (This used to be commit e24812016f60f506f0df2cb5ba8c2c6987f7da40)
2007-05-06 15:17:14 +00:00
if (!isascii(*p)) {
/* attr names must be ascii only */
s4-ldb: Add support for binary blobs in DNs AD has the concept of a DN prefixed with B:NN:XXXXXX: that contains a binary blob. We need to support those in order to give correctly formatted binary blobs for things like wellKnownObjects This implementation is not ideal, as it allows for binary blobs on all DNs, whereas it should only allow them on those with a syntax of 2.5.5.7. We should clean this up in the future, but meanwhile this implementation at least gets us a working DC join of w2k8 to s4. This patch also uses a static function for marking DNs as invalid, which is very useful when debugging this code, as you can break on it in gdb.
2009-10-02 12:03:05 +10:00
ldb_dn_mark_invalid(dn);
r22696: Make sure this is an ascii char spotted by Volker (This used to be commit e24812016f60f506f0df2cb5ba8c2c6987f7da40)
2007-05-06 15:17:14 +00:00
goto failed;
}
ldb: Avoid "==true/false" in a boolean expression That's what we have boolean variables and expressions for Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2022-04-10 18:22:55 +02:00
if (is_oid && ( ! (isdigit(*p) || (*p == '.')))) {
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
/* not a digit nor a dot,
* invalid attribute oid */
s4-ldb: Add support for binary blobs in DNs AD has the concept of a DN prefixed with B:NN:XXXXXX: that contains a binary blob. We need to support those in order to give correctly formatted binary blobs for things like wellKnownObjects This implementation is not ideal, as it allows for binary blobs on all DNs, whereas it should only allow them on those with a syntax of 2.5.5.7. We should clean this up in the future, but meanwhile this implementation at least gets us a working DC join of w2k8 to s4. This patch also uses a static function for marking DNs as invalid, which is very useful when debugging this code, as you can break on it in gdb.
2009-10-02 12:03:05 +10:00
ldb_dn_mark_invalid(dn);
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
goto failed;
} else
if ( ! (isalpha(*p) || isdigit(*p) || (*p == '-'))) {
/* not ALPHA, DIGIT or HYPHEN */
s4-ldb: Add support for binary blobs in DNs AD has the concept of a DN prefixed with B:NN:XXXXXX: that contains a binary blob. We need to support those in order to give correctly formatted binary blobs for things like wellKnownObjects This implementation is not ideal, as it allows for binary blobs on all DNs, whereas it should only allow them on those with a syntax of 2.5.5.7. We should clean this up in the future, but meanwhile this implementation at least gets us a working DC join of w2k8 to s4. This patch also uses a static function for marking DNs as invalid, which is very useful when debugging this code, as you can break on it in gdb.
2009-10-02 12:03:05 +10:00
ldb_dn_mark_invalid(dn);
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
goto failed;
}
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
*d++ = *p++;
continue;
r12748: Fix wrong handling of separation characters for RDNs allow escaped separation chars as part of the attr value of an RDN (This used to be commit 7ba341d6c3745cd99c4c79933f9bd54f41e12a9c)
2006-01-06 21:39:37 +00:00
}
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
ldb: Avoid "==true/false" in a boolean expression That's what we have boolean variables and expressions for Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2022-04-10 18:22:55 +02:00
if (in_value) {
if (in_quote) {
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
if (*p == '\"') {
if (p[-1] != '\\') {
p++;
in_quote = false;
continue;
}
}
*d++ = *p++;
l++;
continue;
}
r8037: a fairly major update to the internals of ldb. Changes are: - moved the knowledge of attribute types out of ldb_tdb and into the generic ldb code. This allows the ldb_match() message match logic to be generic, so it can be used by other backend - added the generic ability to load attribute handlers, for canonicalisation, compare, ldif read and ldif write. In the future this will be used by the schema module to allow us to correctly obey the attributetype schema elements - added attribute handlers for some of the core ldap attribute types, Integer, DirectoryString, DN, ObjectClass etc - added automatic registration of attribute handlers for well-known attribute names 'cn', 'dc', 'dn', 'ou' and 'objectClass' - converted the objectSid special handlers for Samba to the new system - added more correct handling of indexing in tdb backend based on the attribute canonicalisation function - added generic support for subclasses, moving it out of the tdb backend. This will be used in future by the schema module - fixed several bugs in the dn_explode code. It still needs more work, but doesn't corrupt ldb dbs any more. (This used to be commit 944c5844ab441b96d8e5d7b2d151982139d1fab9)
2005-07-01 06:21:26 +00:00
ldb: Avoid "==true/false" in a boolean expression That's what we have boolean variables and expressions for Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2022-04-10 18:22:55 +02:00
if (trim) {
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
if (*p == ' ') {
p++;
continue;
}
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
/* first char */
trim = false;
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
if (*p == '\"') {
in_quote = true;
p++;
continue;
}
}
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
switch (*p) {
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
/* TODO: support ber encoded values
case '#':
*/
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
case ',':
ldb: Avoid "==true/false" in a boolean expression That's what we have boolean variables and expressions for Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2022-04-10 18:22:55 +02:00
if (escape) {
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
*d++ = *p++;
l++;
escape = false;
continue;
}
/* ok found value terminator */
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
ldb: Rework all pointer NULL tests to use Samba's normal style Also avoid if () without braces BUG: https://bugzilla.samba.org/show_bug.cgi?id=14049 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-08-22 10:59:07 +12:00
if (t != NULL) {
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
/* trim back */
d -= (p - t);
l -= (p - t);
CVE-2020-27840 ldb_dn: avoid head corruption in ldb_dn_explode A DN string with lots of trailing space can cause ldb_dn_explode() to put a zero byte in the wrong place in the heap. When a DN string has a value represented with trailing spaces, like this "CN=foo ,DC=bar" the whitespace is supposed to be ignored. We keep track of this in the `t` pointer, which is NULL when we are not walking through trailing spaces, and points to the first space when we are. We are walking with the `p` pointer, writing the value to `d`, and keeping the length in `l`. "CN=foo ,DC= " ==> "foo " ^ ^ ^ t p d --l--- The value is finished when we encounter a comma or the end of the string. If `t` is not NULL at that point, we assume there are trailing spaces and wind `d and `l` back by the correct amount. Then we switch to expecting an attribute name (e.g. "CN"), until we get to an "=", which puts us back into looking for a value. Unfortunately, we forget to immediately tell `t` that we'd finished the last value, we can end up like this: "CN=foo ,DC= " ==> "" ^ ^ ^ t p d l=0 where `p` is pointing to a new value that contains only spaces, while `t` is still referring to the old value. `p` notices the value ends, and we subtract `p - t` from `d`: "CN=foo ,DC= " ==> ? "" ^ ^ ^ t p d l ~= SIZE_MAX - 8 At that point `d` wants to terminate its string with a '\0', but instead it terminates someone else's byte. This does not crash if the number of trailing spaces is small, as `d` will point into a previous value (a copy of "foo" in this example). Corrupting that value will ultimately not matter, as we will soon try to allocate a buffer `l` long, which will be greater than the available memory and the whole operation will fail properly. However, with more spaces, `d` will point into memory before the beginning of the allocated buffer, with the exact offset depending on the length of the earlier attributes and the number of spaces. What about a longer DN with more attributes? For example, "CN=foo ,DC= ,DC=example,DC=com" -- since `d` has moved out of bounds, won't we continue to use it and write more DN values into mystery memory? Fortunately not, because the aforementioned allocation of `l` bytes must happen first, and `l` is now huge. The allocation happens in a talloc_memdup(), which is by default restricted to allocating 256MB. So this allows a person who controls a string parsed by ldb_dn_explode to corrupt heap memory by placing a single zero byte at a chosen offset before the allocated buffer. An LDAP bind request can send a string DN as a username. This DN is necessarily parsed before the password is checked, so an attacker does not need proper credentials. The attacker can easily cause a denial of service and we cannot rule out more subtle attacks. The immediate solution is to reset `t` to NULL when a comma is encountered, indicating that we are no longer looking at trailing whitespace. Found with the help of Honggfuzz. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14595 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-12-11 16:32:25 +13:00
t = NULL;
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
}
r10918: - fixed standalone ldb build - added note about allowedAttributesEffective (will be needed for mmc) - fixed some more ldb warnings (This used to be commit e9e4d81b6976549db8a7668572a5da466fbec4a9)
2005-10-12 08:51:12 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
in_attr = true;
in_value = false;
trim = true;
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
p++;
*d++ = '\0';
ldb: Explain why this use of talloc_memdup() is safe Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
2016-01-04 12:13:04 +13:00
/*
* This talloc_memdup() is OK with the
* +1 because *d has been set to '\0'
* just above
*/
CVE-2015-5330: ldb_dn_explode: copy strings by length, not terminators That is, memdup(), not strdup(). The terminators might not be there. But, we have to make sure we put the terminator on, because we tend to assume the terminator is there in other places. Use talloc_set_name_const() on the resulting chunk so talloc_report() remains unchanged. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Pair-programmed-with: Andrew Bartlett <abartlet@samba.org> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Pair-programmed-with: Stefan Metzmacher <metze@samba.org> Pair-programmed-with: Ralph Boehme <slow@samba.org>
2015-11-26 11:17:11 +13:00
dn->components[dn->comp_num].value.data = \
(uint8_t *)talloc_memdup(dn->components, dt, l + 1);
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
dn->components[dn->comp_num].value.length = l;
ldb: Rework all pointer NULL tests to use Samba's normal style Also avoid if () without braces BUG: https://bugzilla.samba.org/show_bug.cgi?id=14049 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-08-22 10:59:07 +12:00
if (dn->components[dn->comp_num].value.data == NULL) {
r19869: fix memleaks (This used to be commit 3a662a2d985bf801284c5dc1123dec6705e6d092)
2006-11-23 22:06:07 +00:00
/* ouch ! */
goto failed;
}
CVE-2015-5330: ldb_dn_explode: copy strings by length, not terminators That is, memdup(), not strdup(). The terminators might not be there. But, we have to make sure we put the terminator on, because we tend to assume the terminator is there in other places. Use talloc_set_name_const() on the resulting chunk so talloc_report() remains unchanged. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Pair-programmed-with: Andrew Bartlett <abartlet@samba.org> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Pair-programmed-with: Stefan Metzmacher <metze@samba.org> Pair-programmed-with: Ralph Boehme <slow@samba.org>
2015-11-26 11:17:11 +13:00
talloc_set_name_const(dn->components[dn->comp_num].value.data,
(const char *)dn->components[dn->comp_num].value.data);
r19869: fix memleaks (This used to be commit 3a662a2d985bf801284c5dc1123dec6705e6d092)
2006-11-23 22:06:07 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
dt = d;
dn->comp_num++;
if (dn->comp_num > 2) {
dn->components = talloc_realloc(dn,
dn->components,
struct ldb_dn_component,
dn->comp_num + 1);
ldb: Rework all pointer NULL tests to use Samba's normal style Also avoid if () without braces BUG: https://bugzilla.samba.org/show_bug.cgi?id=14049 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-08-22 10:59:07 +12:00
if (dn->components == NULL) {
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
/* ouch ! */
goto failed;
}
/* make sure all components are zeroed, other functions depend on this */
memset(&dn->components[dn->comp_num], '\0', sizeof(struct ldb_dn_component));
}
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
continue;
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
s4-ldb: '+' can also happen in base64 encoded index DNs
2009-10-27 11:44:05 +11:00
case '+':
s4-ldb: make DN escaping/unescaping consistent The DN escape function was using the form \c where c is any character. The unescape function was using \XX where XX is a 2 digit hex number. The asymmetry led to quite a few problems when we start to deal with DNs containing escape chars, such as CN=foo\0ADEL:XXX. The result was a DN that was not accessible. This patch changes the escaping to follow RFC2253 much more closely. We accept either type of escape, and produce the two types of escape, depending on the character being escaped
2009-11-13 17:48:35 +11:00
case '=':
s4-ldb: allow for unescaped '=' in a index DN The ldb_dn_explode code normally enforces all special characters, including a '=', must be escaped. Unfortunately this conflicts with the ltdb index DNs, which for binary attributes may be base64 encoded. This allows a unescaped '=' as a special case for index DNs.
2009-10-25 22:02:31 +11:00
/* to main compatibility with earlier
versions of ldb indexing, we have to
accept the base64 encoded binary index
s4-ldb: make DN escaping/unescaping consistent The DN escape function was using the form \c where c is any character. The unescape function was using \XX where XX is a 2 digit hex number. The asymmetry led to quite a few problems when we start to deal with DNs containing escape chars, such as CN=foo\0ADEL:XXX. The result was a DN that was not accessible. This patch changes the escaping to follow RFC2253 much more closely. We accept either type of escape, and produce the two types of escape, depending on the character being escaped
2009-11-13 17:48:35 +11:00
values, which contain a '+' or '='
which should normally be escaped */
ldb: Avoid "==true/false" in a boolean expression That's what we have boolean variables and expressions for Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2022-04-10 18:22:55 +02:00
if (is_index) {
ldb: Rework all pointer NULL tests to use Samba's normal style Also avoid if () without braces BUG: https://bugzilla.samba.org/show_bug.cgi?id=14049 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-08-22 10:59:07 +12:00
if (t != NULL) {
t = NULL;
}
s4-ldb: allow for unescaped '=' in a index DN The ldb_dn_explode code normally enforces all special characters, including a '=', must be escaped. Unfortunately this conflicts with the ltdb index DNs, which for binary attributes may be base64 encoded. This allows a unescaped '=' as a special case for index DNs.
2009-10-25 22:02:31 +11:00
*d++ = *p++;
l++;
break;
}
lib:ldb: Add FALL_THROUGH statements in common/ldb_dn.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-07-27 15:17:21 +02:00
FALL_THROUGH;
s4-ldb: make DN escaping/unescaping consistent The DN escape function was using the form \c where c is any character. The unescape function was using \XX where XX is a 2 digit hex number. The asymmetry led to quite a few problems when we start to deal with DNs containing escape chars, such as CN=foo\0ADEL:XXX. The result was a DN that was not accessible. This patch changes the escaping to follow RFC2253 much more closely. We accept either type of escape, and produce the two types of escape, depending on the character being escaped
2009-11-13 17:48:35 +11:00
case '\"':
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
case '<':
case '>':
case ';':
/* a string with not escaped specials is invalid (tested) */
ldb: Avoid "==true/false" in a boolean expression That's what we have boolean variables and expressions for Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2022-04-10 18:22:55 +02:00
if (!escape) {
s4-ldb: Add support for binary blobs in DNs AD has the concept of a DN prefixed with B:NN:XXXXXX: that contains a binary blob. We need to support those in order to give correctly formatted binary blobs for things like wellKnownObjects This implementation is not ideal, as it allows for binary blobs on all DNs, whereas it should only allow them on those with a syntax of 2.5.5.7. We should clean this up in the future, but meanwhile this implementation at least gets us a working DC join of w2k8 to s4. This patch also uses a static function for marking DNs as invalid, which is very useful when debugging this code, as you can break on it in gdb.
2009-10-02 12:03:05 +10:00
ldb_dn_mark_invalid(dn);
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
goto failed;
}
escape = false;
*d++ = *p++;
l++;
ldb: Rework all pointer NULL tests to use Samba's normal style Also avoid if () without braces BUG: https://bugzilla.samba.org/show_bug.cgi?id=14049 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-08-22 10:59:07 +12:00
if (t != NULL) {
t = NULL;
}
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
break;
case '\\':
ldb: Avoid "==true/false" in a boolean expression That's what we have boolean variables and expressions for Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2022-04-10 18:22:55 +02:00
if (!escape) {
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
escape = true;
p++;
continue;
}
escape = false;
*d++ = *p++;
l++;
ldb: Rework all pointer NULL tests to use Samba's normal style Also avoid if () without braces BUG: https://bugzilla.samba.org/show_bug.cgi?id=14049 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-08-22 10:59:07 +12:00
if (t != NULL) {
t = NULL;
}
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
break;
default:
ldb: Avoid "==true/false" in a boolean expression That's what we have boolean variables and expressions for Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2022-04-10 18:22:55 +02:00
if (escape) {
s4-ldb: make DN escaping/unescaping consistent The DN escape function was using the form \c where c is any character. The unescape function was using \XX where XX is a 2 digit hex number. The asymmetry led to quite a few problems when we start to deal with DNs containing escape chars, such as CN=foo\0ADEL:XXX. The result was a DN that was not accessible. This patch changes the escaping to follow RFC2253 much more closely. We accept either type of escape, and produce the two types of escape, depending on the character being escaped
2009-11-13 17:48:35 +11:00
if (isxdigit(p[0]) && isxdigit(p[1])) {
if (sscanf(p, "%02x", &x) != 1) {
/* invalid escaping sequence */
ldb_dn_mark_invalid(dn);
goto failed;
}
p += 2;
*d++ = (unsigned char)x;
} else {
*d++ = *p++;
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
}
s4-ldb: make DN escaping/unescaping consistent The DN escape function was using the form \c where c is any character. The unescape function was using \XX where XX is a 2 digit hex number. The asymmetry led to quite a few problems when we start to deal with DNs containing escape chars, such as CN=foo\0ADEL:XXX. The result was a DN that was not accessible. This patch changes the escaping to follow RFC2253 much more closely. We accept either type of escape, and produce the two types of escape, depending on the character being escaped
2009-11-13 17:48:35 +11:00
escape = false;
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
l++;
ldb: Rework all pointer NULL tests to use Samba's normal style Also avoid if () without braces BUG: https://bugzilla.samba.org/show_bug.cgi?id=14049 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-08-22 10:59:07 +12:00
if (t != NULL) {
t = NULL;
}
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
break;
}
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
if (*p == ' ') {
ldb: Rework all pointer NULL tests to use Samba's normal style Also avoid if () without braces BUG: https://bugzilla.samba.org/show_bug.cgi?id=14049 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-08-22 10:59:07 +12:00
if (t == NULL) {
t = p;
}
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
} else {
ldb: Rework all pointer NULL tests to use Samba's normal style Also avoid if () without braces BUG: https://bugzilla.samba.org/show_bug.cgi?id=14049 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-08-22 10:59:07 +12:00
if (t != NULL) {
t = NULL;
}
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
}
*d++ = *p++;
l++;
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
break;
}
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
}
r8083: check attribute type is valid (only ascii alphanum chars and '-' char) fail if not (This used to be commit b1a61cd5d03b4c61b81c810123ffeb3621831617)
2005-07-02 18:34:13 +00:00
}
ldb: Avoid "==true/false" in a boolean expression That's what we have boolean variables and expressions for Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2022-04-10 18:22:55 +02:00
if (in_attr || in_quote) {
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
/* invalid dn */
s4-ldb: Add support for binary blobs in DNs AD has the concept of a DN prefixed with B:NN:XXXXXX: that contains a binary blob. We need to support those in order to give correctly formatted binary blobs for things like wellKnownObjects This implementation is not ideal, as it allows for binary blobs on all DNs, whereas it should only allow them on those with a syntax of 2.5.5.7. We should clean this up in the future, but meanwhile this implementation at least gets us a working DC join of w2k8 to s4. This patch also uses a static function for marking DNs as invalid, which is very useful when debugging this code, as you can break on it in gdb.
2009-10-02 12:03:05 +10:00
ldb_dn_mark_invalid(dn);
r8082: large rewite of ldb_dn.c - we do not support multpiple attribute components anymore, makes code a lot easier they will be readded later if we found out they are really used, so far my tests show w2k3 do not handle them as well - fix escaping issues, move component value to be in an ldb_val structure still need to handle binary values case - make cononicalize functions leak less memory by giving a specific memory context - fix tests scripts so that test-ldap can start - make test not delete databases on completion so that I can inspect them (This used to be commit 624a73148d125690ce18515f19231d26df207738)
2005-07-02 17:30:03 +00:00
goto failed;
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
}
ldb: Avoid "==true/false" in a boolean expression That's what we have boolean variables and expressions for Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2022-04-10 18:22:55 +02:00
if (in_value) {
ldb: don't try to save a value that isn't there BUG: https://bugzilla.samba.org/show_bug.cgi?id=14049 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-07-26 09:49:13 +12:00
/* save last element */
ldb: Rework all pointer NULL tests to use Samba's normal style Also avoid if () without braces BUG: https://bugzilla.samba.org/show_bug.cgi?id=14049 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-08-22 10:59:07 +12:00
if (t != NULL) {
ldb: don't try to save a value that isn't there BUG: https://bugzilla.samba.org/show_bug.cgi?id=14049 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-07-26 09:49:13 +12:00
/* trim back */
d -= (p - t);
l -= (p - t);
}
r19869: fix memleaks (This used to be commit 3a662a2d985bf801284c5dc1123dec6705e6d092)
2006-11-23 22:06:07 +00:00
ldb: don't try to save a value that isn't there BUG: https://bugzilla.samba.org/show_bug.cgi?id=14049 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-07-26 09:49:13 +12:00
*d++ = '\0';
/*
* This talloc_memdup() is OK with the
* +1 because *d has been set to '\0'
* just above.
*/
dn->components[dn->comp_num].value.length = l;
dn->components[dn->comp_num].value.data =
(uint8_t *)talloc_memdup(dn->components, dt, l + 1);
ldb: Rework all pointer NULL tests to use Samba's normal style Also avoid if () without braces BUG: https://bugzilla.samba.org/show_bug.cgi?id=14049 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-08-22 10:59:07 +12:00
if (dn->components[dn->comp_num].value.data == NULL) {
ldb: don't try to save a value that isn't there BUG: https://bugzilla.samba.org/show_bug.cgi?id=14049 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-07-26 09:49:13 +12:00
/* ouch */
goto failed;
}
talloc_set_name_const(dn->components[dn->comp_num].value.data,
(const char *)dn->components[dn->comp_num].value.data);
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
ldb: don't try to save a value that isn't there BUG: https://bugzilla.samba.org/show_bug.cgi?id=14049 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-07-26 09:49:13 +12:00
dn->comp_num++;
}
r19869: fix memleaks (This used to be commit 3a662a2d985bf801284c5dc1123dec6705e6d092)
2006-11-23 22:06:07 +00:00
talloc_free(data);
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
return true;
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
r8082: large rewite of ldb_dn.c - we do not support multpiple attribute components anymore, makes code a lot easier they will be readded later if we found out they are really used, so far my tests show w2k3 do not handle them as well - fix escaping issues, move component value to be in an ldb_val structure still need to handle binary values case - make cononicalize functions leak less memory by giving a specific memory context - fix tests scripts so that test-ldap can start - make test not delete databases on completion so that I can inspect them (This used to be commit 624a73148d125690ce18515f19231d26df207738)
2005-07-02 17:30:03 +00:00
failed:
ldb:ldb_dn_explode - point out that on error cases "data" is implicitly free'd
2010-11-18 08:57:00 +01:00
LDB_FREE(dn->components); /* "data" is implicitly free'd */
r19869: fix memleaks (This used to be commit 3a662a2d985bf801284c5dc1123dec6705e6d092)
2006-11-23 22:06:07 +00:00
dn->comp_num = 0;
ldb:ldb_dn.c - ldb_dn_explode - free also the extended components on error cases Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Wed Nov 17 08:45:53 UTC 2010 on sn-devel-104
2010-11-17 08:58:21 +01:00
LDB_FREE(dn->ext_components);
dn->ext_comp_num = 0;
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
return false;
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
}
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
bool ldb_dn_validate(struct ldb_dn *dn)
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
{
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
return ldb_dn_explode(dn);
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
}
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
const char *ldb_dn_get_linearized(struct ldb_dn *dn)
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
{
LDB:common - Change counters to "unsigned" where appropriate To count LDB objects use variables of type "unsigned (int)" or "long long int" on binary or downto searches. To count characters in strings use "size_t". To calculate differences between pointers use "ptrdiff_t".
2009-11-06 18:35:17 +01:00
unsigned int i;
size_t len;
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
char *d, *n;
if ( ! dn || ( dn->invalid)) return NULL;
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
r19870: Simplify code (This used to be commit c1737f9a52d9e4d118f969a0953a458188143d0d)
2006-11-23 22:11:47 +00:00
if (dn->linearized) return dn->linearized;
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
r19871: simplify more (This used to be commit e9ddb18c83518703f987bf141807639956612dbf)
2006-11-23 22:30:46 +00:00
if ( ! dn->components) {
s4-ldb: Add support for binary blobs in DNs AD has the concept of a DN prefixed with B:NN:XXXXXX: that contains a binary blob. We need to support those in order to give correctly formatted binary blobs for things like wellKnownObjects This implementation is not ideal, as it allows for binary blobs on all DNs, whereas it should only allow them on those with a syntax of 2.5.5.7. We should clean this up in the future, but meanwhile this implementation at least gets us a working DC join of w2k8 to s4. This patch also uses a static function for marking DNs as invalid, which is very useful when debugging this code, as you can break on it in gdb.
2009-10-02 12:03:05 +10:00
ldb_dn_mark_invalid(dn);
r19068: Fix a potential NULL dereference (This used to be commit 2dff8ee8cc8b9faf3fbec46d458d6de214622afc)
2006-10-04 19:03:29 +00:00
return NULL;
}
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
if (dn->comp_num == 0) {
dn->linearized = talloc_strdup(dn, "");
if ( ! dn->linearized) return NULL;
return dn->linearized;
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
}
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
/* calculate maximum possible length of DN */
for (len = 0, i = 0; i < dn->comp_num; i++) {
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
/* name len */
len += strlen(dn->components[i].name);
/* max escaped data len */
len += (dn->components[i].value.length * 3);
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
len += 2; /* '=' and ',' */
r8373: New wildcard matching code. This code applies correct ldap standard wildcard matching code removes WILDCARD matching from tdb @ATTRIBUTES, that's now handled independently adds some more tests for wildcard matching fixes dn comparison code in ldb_match (This used to be commit 4eb5863042011988d85092d7dde3d809aa15bd59)
2005-07-12 12:04:54 +00:00
}
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
dn->linearized = talloc_array(dn, char, len);
if ( ! dn->linearized) return NULL;
r8373: New wildcard matching code. This code applies correct ldap standard wildcard matching code removes WILDCARD matching from tdb @ATTRIBUTES, that's now handled independently adds some more tests for wildcard matching fixes dn comparison code in ldb_match (This used to be commit 4eb5863042011988d85092d7dde3d809aa15bd59)
2005-07-12 12:04:54 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
d = dn->linearized;
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
for (i = 0; i < dn->comp_num; i++) {
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
/* copy the name */
n = dn->components[i].name;
while (*n) *d++ = *n++;
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
*d++ = '=';
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
/* and the value */
d += ldb_dn_escape_internal( d,
(char *)dn->components[i].value.data,
dn->components[i].value.length);
*d++ = ',';
}
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
*(--d) = '\0';
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
/* don't waste more memory than necessary */
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
dn->linearized = talloc_realloc(dn, dn->linearized,
char, (d - dn->linearized + 1));
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
return dn->linearized;
}
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
s4-ldb: sort the linearized extended DN by component name This will make life easier when handling deleted linked attributes
2009-12-10 22:45:36 +11:00
static int ldb_dn_extended_component_compare(const void *p1, const void *p2)
{
const struct ldb_dn_ext_component *ec1 = (const struct ldb_dn_ext_component *)p1;
const struct ldb_dn_ext_component *ec2 = (const struct ldb_dn_ext_component *)p2;
return strcmp(ec1->name, ec2->name);
}
s4-ldb: use TALLOC_CTX type instead of 'void'
2010-07-13 02:37:58 +03:00
char *ldb_dn_get_extended_linearized(TALLOC_CTX *mem_ctx, struct ldb_dn *dn, int mode)
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
{
const char *linearized = ldb_dn_get_linearized(dn);
s4:ldb_dn: fix an uninitialized variable (found by make valgrindtest) metze
2010-02-26 10:53:06 +01:00
char *p = NULL;
LDB:common - Change counters to "unsigned" where appropriate To count LDB objects use variables of type "unsigned (int)" or "long long int" on binary or downto searches. To count characters in strings use "size_t". To calculate differences between pointers use "ptrdiff_t".
2009-11-06 18:35:17 +01:00
unsigned int i;
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
if (!linearized) {
return NULL;
}
if (!ldb_dn_has_extended(dn)) {
return talloc_strdup(mem_ctx, linearized);
}
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
if (!ldb_dn_validate(dn)) {
return NULL;
}
s4-ldb: sort the linearized extended DN by component name This will make life easier when handling deleted linked attributes
2009-12-10 22:45:36 +11:00
/* sort the extended components by name. The idea is to make
* the resulting DNs consistent, plus to ensure that we put
* 'DELETED' first, so it can be very quickly recognised
*/
s4-ldb: use TYPESAFE_QSORT() in the rest of the ldb code
2010-02-14 10:37:20 +11:00
TYPESAFE_QSORT(dn->ext_components, dn->ext_comp_num,
ldb_dn_extended_component_compare);
s4-ldb: sort the linearized extended DN by component name This will make life easier when handling deleted linked attributes
2009-12-10 22:45:36 +11:00
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
for (i = 0; i < dn->ext_comp_num; i++) {
const struct ldb_dn_extended_syntax *ext_syntax;
const char *name = dn->ext_components[i].name;
struct ldb_val ec_val = dn->ext_components[i].value;
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
struct ldb_val val;
int ret;
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
ext_syntax = ldb_dn_extended_syntax_by_name(dn->ldb, name);
s4:ldb Don't segfault if we somehow get an unknown extended dn element
2009-11-11 19:24:48 +11:00
if (!ext_syntax) {
return NULL;
}
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
if (mode == 1) {
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
ret = ext_syntax->write_clear_fn(dn->ldb, mem_ctx,
&ec_val, &val);
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
} else if (mode == 0) {
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
ret = ext_syntax->write_hex_fn(dn->ldb, mem_ctx,
&ec_val, &val);
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
} else {
ret = -1;
}
if (ret != LDB_SUCCESS) {
return NULL;
}
if (i == 0) {
ldb: Do not read beyond the end of the extended DN component when printing The print functions used in Samba NULL terminate, but do not assume they will BUG: https://bugzilla.samba.org/show_bug.cgi?id=14049 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-08-27 13:16:18 +12:00
p = talloc_asprintf(mem_ctx, "<%s=%.*s>",
name,
(int)val.length,
val.data);
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
} else {
lib: Save intermediate NULL checks with talloc_asprintf_addbuf() Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2022-11-30 14:44:13 +01:00
talloc_asprintf_addbuf(&p, ";<%s=%.*s>",
name,
(int)val.length,
val.data);
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
}
talloc_free(val.data);
}
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
if (dn->ext_comp_num && *linearized) {
lib: Save intermediate NULL checks with talloc_asprintf_addbuf() Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2022-11-30 14:44:13 +01:00
talloc_asprintf_addbuf(&p, ";%s", linearized);
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
}
if (!p) {
return NULL;
}
return p;
}
s4-ldb: added a function to filter extended components of a ldb_dn We need to be able to filter out components that should not be exposed to users
2009-12-10 23:44:44 +11:00
/*
filter out all but an acceptable list of extended DN components
*/
s4:fix some shadowed declaration warnings on Solaris by renaming the symbols
2010-12-06 11:06:27 +01:00
void ldb_dn_extended_filter(struct ldb_dn *dn, const char * const *accept_list)
s4-ldb: added a function to filter extended components of a ldb_dn We need to be able to filter out components that should not be exposed to users
2009-12-10 23:44:44 +11:00
{
LDB:common - Change counters to "unsigned" where appropriate To count LDB objects use variables of type "unsigned (int)" or "long long int" on binary or downto searches. To count characters in strings use "size_t". To calculate differences between pointers use "ptrdiff_t".
2009-11-06 18:35:17 +01:00
unsigned int i;
s4-ldb: added a function to filter extended components of a ldb_dn We need to be able to filter out components that should not be exposed to users
2009-12-10 23:44:44 +11:00
for (i=0; i<dn->ext_comp_num; i++) {
s4:fix some shadowed declaration warnings on Solaris by renaming the symbols
2010-12-06 11:06:27 +01:00
if (!ldb_attr_in_list(accept_list, dn->ext_components[i].name)) {
ldb: Use ARRAY_DEL_ELEMENT() in ldb_dn_extended_filter() Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2020-03-26 11:11:35 +01:00
ARRAY_DEL_ELEMENT(
dn->ext_components, i, dn->ext_comp_num);
s4-ldb: added a function to filter extended components of a ldb_dn We need to be able to filter out components that should not be exposed to users
2009-12-10 23:44:44 +11:00
dn->ext_comp_num--;
i--;
}
}
s4:ldb_dn: remove dn->ext_linearized when ext_components is modified. metze
2010-02-26 15:48:02 +01:00
LDB_FREE(dn->ext_linearized);
s4-ldb: added a function to filter extended components of a ldb_dn We need to be able to filter out components that should not be exposed to users
2009-12-10 23:44:44 +11:00
}
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
s4-ldb: use TALLOC_CTX type instead of 'void'
2010-07-13 02:37:58 +03:00
char *ldb_dn_alloc_linearized(TALLOC_CTX *mem_ctx, struct ldb_dn *dn)
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
{
return talloc_strdup(mem_ctx, ldb_dn_get_linearized(dn));
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
}
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
/*
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
casefold a dn. We need to casefold the attribute names, and canonicalize
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
attribute values of case insensitive attributes.
*/
static bool ldb_dn_casefold_internal(struct ldb_dn *dn)
r12733: Merge ldap/ldb controls into main tree There's still lot of work to do but the patch is stable enough to be pushed into the main samba4 tree. Simo. (This used to be commit 77125feaff252cab44d26593093a9c211c846ce8)
2006-01-06 04:01:23 +00:00
{
ldb:dn_casefold_internal: TALLOC_FREE only what we talloced If the failure is not on the last component, we would have TALLOC_FREE()ed some components that we hadn't set. I think in all pathways we initialise the unset components to zero, but we should be careful just in case. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>
2024-08-22 11:03:13 +12:00
unsigned int i, j;
LDB:common - Change counters to "unsigned" where appropriate To count LDB objects use variables of type "unsigned (int)" or "long long int" on binary or downto searches. To count characters in strings use "size_t". To calculate differences between pointers use "ptrdiff_t".
2009-11-06 18:35:17 +01:00
int ret;
r12733: Merge ldap/ldb controls into main tree There's still lot of work to do but the patch is stable enough to be pushed into the main samba4 tree. Simo. (This used to be commit 77125feaff252cab44d26593093a9c211c846ce8)
2006-01-06 04:01:23 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
if ( ! dn || dn->invalid) return false;
r12733: Merge ldap/ldb controls into main tree There's still lot of work to do but the patch is stable enough to be pushed into the main samba4 tree. Simo. (This used to be commit 77125feaff252cab44d26593093a9c211c846ce8)
2006-01-06 04:01:23 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
if (dn->valid_case) return true;
r19871: simplify more (This used to be commit e9ddb18c83518703f987bf141807639956612dbf)
2006-11-23 22:30:46 +00:00
if (( ! dn->components) && ( ! ldb_dn_explode(dn))) {
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
return false;
}
r12733: Merge ldap/ldb controls into main tree There's still lot of work to do but the patch is stable enough to be pushed into the main samba4 tree. Simo. (This used to be commit 77125feaff252cab44d26593093a9c211c846ce8)
2006-01-06 04:01:23 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
for (i = 0; i < dn->comp_num; i++) {
r20184: change ldb_attrib_handler into ldb_schema_attribute, which has a pointer to a ldb_schema_syntax struct. the default attribute handler is now registered dynamicly as "*" attribute, instead of having its own code path. ldb_schema_attribute's can be added to the ldb_schema given a ldb_schema_syntax struct or the syntax name we may also need to introduce a ldb_schema_matching_rule, and add a pointer to a default ldb_schema_matching_rule in the ldb_schema_syntax. metze (This used to be commit b97b8f5dcbce006f005e53ca79df3330e62f117b)
2006-12-15 13:08:57 +00:00
const struct ldb_schema_attribute *a;
r12733: Merge ldap/ldb controls into main tree There's still lot of work to do but the patch is stable enough to be pushed into the main samba4 tree. Simo. (This used to be commit 77125feaff252cab44d26593093a9c211c846ce8)
2006-01-06 04:01:23 +00:00
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
dn->components[i].cf_name =
ldb_attr_casefold(dn->components,
dn->components[i].name);
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
if (!dn->components[i].cf_name) {
r19869: fix memleaks (This used to be commit 3a662a2d985bf801284c5dc1123dec6705e6d092)
2006-11-23 22:06:07 +00:00
goto failed;
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
}
r12733: Merge ldap/ldb controls into main tree There's still lot of work to do but the patch is stable enough to be pushed into the main samba4 tree. Simo. (This used to be commit 77125feaff252cab44d26593093a9c211c846ce8)
2006-01-06 04:01:23 +00:00
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
a = ldb_schema_attribute_by_name(dn->ldb,
dn->components[i].cf_name);
r20184: change ldb_attrib_handler into ldb_schema_attribute, which has a pointer to a ldb_schema_syntax struct. the default attribute handler is now registered dynamicly as "*" attribute, instead of having its own code path. ldb_schema_attribute's can be added to the ldb_schema given a ldb_schema_syntax struct or the syntax name we may also need to introduce a ldb_schema_matching_rule, and add a pointer to a default ldb_schema_matching_rule in the ldb_schema_syntax. metze (This used to be commit b97b8f5dcbce006f005e53ca79df3330e62f117b)
2006-12-15 13:08:57 +00:00
ret = a->syntax->canonicalise_fn(dn->ldb, dn->components,
&(dn->components[i].value),
&(dn->components[i].cf_value));
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
if (ret != 0) {
ldb:dn_casefold_internal: TALLOC_FREE only what we talloced If the failure is not on the last component, we would have TALLOC_FREE()ed some components that we hadn't set. I think in all pathways we initialise the unset components to zero, but we should be careful just in case. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>
2024-08-22 11:03:13 +12:00
goto failed_1;
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
}
r12733: Merge ldap/ldb controls into main tree There's still lot of work to do but the patch is stable enough to be pushed into the main samba4 tree. Simo. (This used to be commit 77125feaff252cab44d26593093a9c211c846ce8)
2006-01-06 04:01:23 +00:00
}
r19869: fix memleaks (This used to be commit 3a662a2d985bf801284c5dc1123dec6705e6d092)
2006-11-23 22:06:07 +00:00
dn->valid_case = true;
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
return true;
ldb:dn_casefold_internal: TALLOC_FREE only what we talloced If the failure is not on the last component, we would have TALLOC_FREE()ed some components that we hadn't set. I think in all pathways we initialise the unset components to zero, but we should be careful just in case. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>
2024-08-22 11:03:13 +12:00
failed_1:
/*
* Although we try to always initialise .cf_name and .cf.value.data to
* NULL, we want to avoid TALLOC_FREEing the values we have not just
* set here.
*/
TALLOC_FREE(dn->components[i].cf_name);
failed:
ldb: fix Coverity 1636883 oops. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Martin Schwenke <martin@meltin.net> Autobuild-User(master): Martin Schwenke <martins@samba.org> Autobuild-Date(master): Mon Dec 30 04:17:46 UTC 2024 on atb-devel-224
2024-12-23 13:07:40 +13:00
for (j = 0; j < i; j++) {
ldb:dn_casefold_internal: TALLOC_FREE only what we talloced If the failure is not on the last component, we would have TALLOC_FREE()ed some components that we hadn't set. I think in all pathways we initialise the unset components to zero, but we should be careful just in case. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>
2024-08-22 11:03:13 +12:00
TALLOC_FREE(dn->components[j].cf_name);
TALLOC_FREE(dn->components[j].cf_value.data);
r19869: fix memleaks (This used to be commit 3a662a2d985bf801284c5dc1123dec6705e6d092)
2006-11-23 22:06:07 +00:00
}
return false;
r12733: Merge ldap/ldb controls into main tree There's still lot of work to do but the patch is stable enough to be pushed into the main samba4 tree. Simo. (This used to be commit 77125feaff252cab44d26593093a9c211c846ce8)
2006-01-06 04:01:23 +00:00
}
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
const char *ldb_dn_get_casefold(struct ldb_dn *dn)
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
{
LDB:common - Change counters to "unsigned" where appropriate To count LDB objects use variables of type "unsigned (int)" or "long long int" on binary or downto searches. To count characters in strings use "size_t". To calculate differences between pointers use "ptrdiff_t".
2009-11-06 18:35:17 +01:00
unsigned int i;
size_t len;
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
char *d, *n;
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
r19885: special dn's were not casefolded before rev 19831, act like this again... also when we already have a casefoled value we should not call ldb_dn_casefold_internal() metze (This used to be commit cbf4eb16725992bfdfa5a334e0e5547e6df568e6)
2006-11-25 14:59:59 +00:00
if (dn->casefold) return dn->casefold;
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
if (dn->special) {
r19885: special dn's were not casefolded before rev 19831, act like this again... also when we already have a casefoled value we should not call ldb_dn_casefold_internal() metze (This used to be commit cbf4eb16725992bfdfa5a334e0e5547e6df568e6)
2006-11-25 14:59:59 +00:00
dn->casefold = talloc_strdup(dn, dn->linearized);
if (!dn->casefold) return NULL;
dn->valid_case = true;
return dn->casefold;
}
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
if ( ! ldb_dn_casefold_internal(dn)) {
return NULL;
r8373: New wildcard matching code. This code applies correct ldap standard wildcard matching code removes WILDCARD matching from tdb @ATTRIBUTES, that's now handled independently adds some more tests for wildcard matching fixes dn comparison code in ldb_match (This used to be commit 4eb5863042011988d85092d7dde3d809aa15bd59)
2005-07-12 12:04:54 +00:00
}
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
if (dn->comp_num == 0) {
when comp_num is zero, the case folded DN is always "" This fixes a bug where we would look at an uninitialised dn->linearized
2009-06-01 12:58:48 +10:00
dn->casefold = talloc_strdup(dn, "");
return dn->casefold;
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
}
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
/* calculate maximum possible length of DN */
for (len = 0, i = 0; i < dn->comp_num; i++) {
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
/* name len */
len += strlen(dn->components[i].cf_name);
/* max escaped data len */
len += (dn->components[i].cf_value.length * 3);
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
len += 2; /* '=' and ',' */
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
}
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
dn->casefold = talloc_array(dn, char, len);
if ( ! dn->casefold) return NULL;
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
d = dn->casefold;
r8082: large rewite of ldb_dn.c - we do not support multpiple attribute components anymore, makes code a lot easier they will be readded later if we found out they are really used, so far my tests show w2k3 do not handle them as well - fix escaping issues, move component value to be in an ldb_val structure still need to handle binary values case - make cononicalize functions leak less memory by giving a specific memory context - fix tests scripts so that test-ldap can start - make test not delete databases on completion so that I can inspect them (This used to be commit 624a73148d125690ce18515f19231d26df207738)
2005-07-02 17:30:03 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
for (i = 0; i < dn->comp_num; i++) {
/* copy the name */
n = dn->components[i].cf_name;
while (*n) *d++ = *n++;
*d++ = '=';
/* and the value */
d += ldb_dn_escape_internal( d,
(char *)dn->components[i].cf_value.data,
dn->components[i].cf_value.length);
*d++ = ',';
}
*(--d) = '\0';
r19869: fix memleaks (This used to be commit 3a662a2d985bf801284c5dc1123dec6705e6d092)
2006-11-23 22:06:07 +00:00
/* don't waste more memory than necessary */
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
dn->casefold = talloc_realloc(dn, dn->casefold,
char, strlen(dn->casefold) + 1);
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
return dn->casefold;
}
s4-ldb: use TALLOC_CTX type instead of 'void'
2010-07-13 02:37:58 +03:00
char *ldb_dn_alloc_casefold(TALLOC_CTX *mem_ctx, struct ldb_dn *dn)
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
{
return talloc_strdup(mem_ctx, ldb_dn_get_casefold(dn));
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
}
r16086: Ensure we can never dereference NULL pointers, and that describe what these two DN comparison functions do. Andrew Bartlett (This used to be commit 733b64a733779daade7d1cabbacac2275564b697)
2006-06-08 01:00:46 +00:00
/* Determine if dn is below base, in the ldap tree. Used for
* evaluating a subtree search.
ldb: comment for ldb_dn_compare_base Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-10 16:48:39 +12:00
*
* 0 if they match, otherwise non-zero.
*
* This is not for use in a qsort()-like function, as the comparison
* is not symmetric.
r16086: Ensure we can never dereference NULL pointers, and that describe what these two DN comparison functions do. Andrew Bartlett (This used to be commit 733b64a733779daade7d1cabbacac2275564b697)
2006-06-08 01:00:46 +00:00
*/
r8373: New wildcard matching code. This code applies correct ldap standard wildcard matching code removes WILDCARD matching from tdb @ATTRIBUTES, that's now handled independently adds some more tests for wildcard matching fixes dn comparison code in ldb_match (This used to be commit 4eb5863042011988d85092d7dde3d809aa15bd59)
2005-07-12 12:04:54 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
int ldb_dn_compare_base(struct ldb_dn *base, struct ldb_dn *dn)
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
{
r8517: fixed a crash bug in ldb_dn_compare_base() (This used to be commit 19d789e82526eff236aeed77ddc8d2606c5118b6)
2005-07-17 09:06:58 +00:00
int ret;
ldb:"ldb_dn_compare_base" - use "unsigned int" counters Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sat Oct 16 13:54:13 UTC 2010 on sn-devel-104
2010-10-16 15:10:11 +02:00
unsigned int n_base, n_dn;
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
if ( ! base || base->invalid) return 1;
if ( ! dn || dn->invalid) return -1;
if (( ! base->valid_case) || ( ! dn->valid_case)) {
ldb: don't shortcut dn comparison for mismatched special DNs DNs that start with @ can't be compared via string comparison with normal DNs Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-07-13 12:24:25 +10:00
if (base->linearized && dn->linearized && dn->special == base->special) {
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
/* try with a normal compare first, if we are lucky
ldb: Fix a typo Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2022-09-06 12:15:14 +02:00
* we will avoid exploding and casefolding */
ldb:dn_compare_base: avoid unlikely int overflow Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>
2024-08-23 10:14:04 +12:00
size_t len_dn = strlen(dn->linearized);
size_t len_base = strlen(base->linearized);
if (len_dn < len_base) {
return -1;
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
}
ldb:dn_compare_base: avoid unlikely int overflow Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>
2024-08-23 10:14:04 +12:00
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
if (strcmp(base->linearized,
ldb:dn_compare_base: avoid unlikely int overflow Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>
2024-08-23 10:14:04 +12:00
&dn->linearized[len_dn - len_base]) == 0) {
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
return 0;
}
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
}
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
if ( ! ldb_dn_casefold_internal(base)) {
return 1;
}
r16086: Ensure we can never dereference NULL pointers, and that describe what these two DN comparison functions do. Andrew Bartlett (This used to be commit 733b64a733779daade7d1cabbacac2275564b697)
2006-06-08 01:00:46 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
if ( ! ldb_dn_casefold_internal(dn)) {
return -1;
}
}
/* if base has more components,
* they don't have the same base */
r9318: fix searches with scope ONE and SUB, the problem was that ldb_dn_compare_base() just looked at if both dn's mtach some how, and the following happens: basedn: CN=bar,DC=foo,DC=com dn: DC=foo,DC=com and dn: DC=foo,DC=com was return as result of a sub and base search and also the ONE search with basedn: DC=foo,DC=com returned this dn: CN=bla,CN=bar,DC=foo,DC=com metze (This used to be commit 2a107472c373e425013050e28b944c830f653a87)
2005-08-16 06:55:40 +00:00
if (base->comp_num > dn->comp_num) {
return (dn->comp_num - base->comp_num);
}
s4/dn: handle case 'base' dn has no components This could if the 'base' dn is special for example.
2010-05-08 10:19:14 +03:00
if ((dn->comp_num == 0) || (base->comp_num == 0)) {
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
if (dn->special && base->special) {
return strcmp(base->linearized, dn->linearized);
r19869: fix memleaks (This used to be commit 3a662a2d985bf801284c5dc1123dec6705e6d092)
2006-11-23 22:06:07 +00:00
} else if (dn->special) {
return -1;
} else if (base->special) {
return 1;
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
} else {
return 0;
r8082: large rewite of ldb_dn.c - we do not support multpiple attribute components anymore, makes code a lot easier they will be readded later if we found out they are really used, so far my tests show w2k3 do not handle them as well - fix escaping issues, move component value to be in an ldb_val structure still need to handle binary values case - make cononicalize functions leak less memory by giving a specific memory context - fix tests scripts so that test-ldap can start - make test not delete databases on completion so that I can inspect them (This used to be commit 624a73148d125690ce18515f19231d26df207738)
2005-07-02 17:30:03 +00:00
}
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
}
n_base = base->comp_num - 1;
n_dn = dn->comp_num - 1;
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
ldb:"ldb_dn_compare_base" - use "unsigned int" counters Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sat Oct 16 13:54:13 UTC 2010 on sn-devel-104
2010-10-16 15:10:11 +02:00
while (n_base != (unsigned int) -1) {
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
char *b_name = base->components[n_base].cf_name;
char *dn_name = dn->components[n_dn].cf_name;
char *b_vdata = (char *)base->components[n_base].cf_value.data;
char *dn_vdata = (char *)dn->components[n_dn].cf_value.data;
size_t b_vlen = base->components[n_base].cf_value.length;
size_t dn_vlen = dn->components[n_dn].cf_value.length;
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
/* compare attr names */
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
ret = strcmp(b_name, dn_name);
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
if (ret != 0) return ret;
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
/* compare attr.cf_value. */
if (b_vlen != dn_vlen) {
ldb:ldb_dn: use safe NUMERIC_CMP in ldb_dn_compare_base() BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-03 12:50:47 +13:00
return NUMERIC_CMP(b_vlen, dn_vlen);
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
}
ldb: use strncmp instead of strcmp when comparing the val part val part of a DN's component is DATA_BLOB and nothing insure that it will be finished by a '\0' Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2012-12-13 02:18:34 -08:00
ret = strncmp(b_vdata, dn_vdata, b_vlen);
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
if (ret != 0) return ret;
n_base--;
n_dn--;
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
}
r8037: a fairly major update to the internals of ldb. Changes are: - moved the knowledge of attribute types out of ldb_tdb and into the generic ldb code. This allows the ldb_match() message match logic to be generic, so it can be used by other backend - added the generic ability to load attribute handlers, for canonicalisation, compare, ldif read and ldif write. In the future this will be used by the schema module to allow us to correctly obey the attributetype schema elements - added attribute handlers for some of the core ldap attribute types, Integer, DirectoryString, DN, ObjectClass etc - added automatic registration of attribute handlers for well-known attribute names 'cn', 'dc', 'dn', 'ou' and 'objectClass' - converted the objectSid special handlers for Samba to the new system - added more correct handling of indexing in tdb backend based on the attribute canonicalisation function - added generic support for subclasses, moving it out of the tdb backend. This will be used in future by the schema module - fixed several bugs in the dn_explode code. It still needs more work, but doesn't corrupt ldb dbs any more. (This used to be commit 944c5844ab441b96d8e5d7b2d151982139d1fab9)
2005-07-01 06:21:26 +00:00
return 0;
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
}
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
/* compare DNs using casefolding compare functions.
r16086: Ensure we can never dereference NULL pointers, and that describe what these two DN comparison functions do. Andrew Bartlett (This used to be commit 733b64a733779daade7d1cabbacac2275564b697)
2006-06-08 01:00:46 +00:00
If they match, then return 0
*/
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
int ldb_dn_compare(struct ldb_dn *dn0, struct ldb_dn *dn1)
r8373: New wildcard matching code. This code applies correct ldap standard wildcard matching code removes WILDCARD matching from tdb @ATTRIBUTES, that's now handled independently adds some more tests for wildcard matching fixes dn comparison code in ldb_match (This used to be commit 4eb5863042011988d85092d7dde3d809aa15bd59)
2005-07-12 12:04:54 +00:00
{
LDB:common - Change counters to "unsigned" where appropriate To count LDB objects use variables of type "unsigned (int)" or "long long int" on binary or downto searches. To count characters in strings use "size_t". To calculate differences between pointers use "ptrdiff_t".
2009-11-06 18:35:17 +01:00
unsigned int i;
int ret;
ldb:dn: make ldb_dn_compare() self-consistent We were returning -1 in all these cases: ldb_dn_compare(dn, NULL); ldb_dn_compare(NULL, dn); ldb_dn_compare(NULL, NULL); which would give strange results in sort, where this is often used. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-07 15:04:43 +12:00
/*
* If used in sort, we shift NULL and invalid DNs to the end.
*
* If ldb_dn_casefold_internal() fails, that goes to the end too, so
* we end up with:
*
* | normal DNs, sorted | casefold failed DNs | invalid DNs | NULLs |
*/
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
ldb: avoid NULL deref in ldb_db_compare This also sorts NULLs after invalid DNs, which matches the comment above. CID 1596622. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-26 15:24:47 +12:00
if (dn0 == dn1) {
/* this includes the both-NULL case */
ldb:dn: make ldb_dn_compare() self-consistent We were returning -1 in all these cases: ldb_dn_compare(dn, NULL); ldb_dn_compare(NULL, dn); ldb_dn_compare(NULL, NULL); which would give strange results in sort, where this is often used. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-07 15:04:43 +12:00
return 0;
}
ldb: avoid NULL deref in ldb_db_compare This also sorts NULLs after invalid DNs, which matches the comment above. CID 1596622. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-26 15:24:47 +12:00
if (dn0 == NULL) {
ldb:dn: make ldb_dn_compare() self-consistent We were returning -1 in all these cases: ldb_dn_compare(dn, NULL); ldb_dn_compare(NULL, dn); ldb_dn_compare(NULL, NULL); which would give strange results in sort, where this is often used. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-07 15:04:43 +12:00
return 1;
}
ldb: avoid NULL deref in ldb_db_compare This also sorts NULLs after invalid DNs, which matches the comment above. CID 1596622. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-26 15:24:47 +12:00
if (dn1 == NULL) {
return -1;
}
if (dn0->invalid && dn1->invalid) {
return 0;
}
if (dn0->invalid) {
return 1;
}
if (dn1->invalid) {
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
return -1;
}
r8373: New wildcard matching code. This code applies correct ldap standard wildcard matching code removes WILDCARD matching from tdb @ATTRIBUTES, that's now handled independently adds some more tests for wildcard matching fixes dn comparison code in ldb_match (This used to be commit 4eb5863042011988d85092d7dde3d809aa15bd59)
2005-07-12 12:04:54 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
if (( ! dn0->valid_case) || ( ! dn1->valid_case)) {
ldb:dn_compare: be a bit more transitive If neither dn can casefold, they should be considered equal. Otherwise cmp(dn1, dn2) will be inconsistent with cmp(dn2, dn1). These will still sort to the end of the list, relative to any valid DNs. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>
2024-08-23 10:17:17 +12:00
bool ok0, ok1;
r19870: Simplify code (This used to be commit c1737f9a52d9e4d118f969a0953a458188143d0d)
2006-11-23 22:11:47 +00:00
if (dn0->linearized && dn1->linearized) {
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
/* try with a normal compare first, if we are lucky
ldb: Fix a typo Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2022-09-06 12:15:14 +02:00
* we will avoid exploding and casefolding */
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
if (strcmp(dn0->linearized, dn1->linearized) == 0) {
return 0;
}
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
}
ldb:dn_compare: be a bit more transitive If neither dn can casefold, they should be considered equal. Otherwise cmp(dn1, dn2) will be inconsistent with cmp(dn2, dn1). These will still sort to the end of the list, relative to any valid DNs. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>
2024-08-23 10:17:17 +12:00
/*
* If a DN can't casefold, it goes to the end.
*/
ok0 = ldb_dn_casefold_internal(dn0);
ok1 = ldb_dn_casefold_internal(dn1);
if (! ok0) {
if (! ok1) {
return 0;
}
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
return 1;
}
ldb:dn_compare: be a bit more transitive If neither dn can casefold, they should be considered equal. Otherwise cmp(dn1, dn2) will be inconsistent with cmp(dn2, dn1). These will still sort to the end of the list, relative to any valid DNs. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>
2024-08-23 10:17:17 +12:00
if (! ok1) {
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
return -1;
}
}
ldb:ldb_dn: use safe transitive comparison in ldb_dn_compare() The comparison we make is unconventional, and makes no difference in normal usage, where we just want to know whether two DNs are the same or not. But with over 100 callers, it is possible that something somewhere is attempting a sort. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-03-15 15:03:44 +13:00
/*
* Notice that for comp_num, Samba reverses the usual order of
* comparison. A DN with fewer components is greater than one
* with more.
*/
if (dn0->comp_num > dn1->comp_num) {
return -1;
} else if (dn0->comp_num < dn1->comp_num) {
return 1;
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
}
if (dn0->comp_num == 0) {
if (dn0->special && dn1->special) {
return strcmp(dn0->linearized, dn1->linearized);
r19869: fix memleaks (This used to be commit 3a662a2d985bf801284c5dc1123dec6705e6d092)
2006-11-23 22:06:07 +00:00
} else if (dn0->special) {
return 1;
} else if (dn1->special) {
return -1;
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
} else {
return 0;
}
}
for (i = 0; i < dn0->comp_num; i++) {
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
char *dn0_name = dn0->components[i].cf_name;
char *dn1_name = dn1->components[i].cf_name;
char *dn0_vdata = (char *)dn0->components[i].cf_value.data;
char *dn1_vdata = (char *)dn1->components[i].cf_value.data;
size_t dn0_vlen = dn0->components[i].cf_value.length;
size_t dn1_vlen = dn1->components[i].cf_value.length;
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
/* compare attr names */
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
ret = strcmp(dn0_name, dn1_name);
if (ret != 0) {
return ret;
}
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
/* compare attr.cf_value. */
if (dn0_vlen != dn1_vlen) {
ldb:ldb_dn: use safe NUMERIC_CMP in ldb_dn_compare() BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-03 12:51:04 +13:00
return NUMERIC_CMP(dn0_vlen, dn1_vlen);
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
}
ldb: use strncmp instead of strcmp when comparing the val part val part of a DN's component is DATA_BLOB and nothing insure that it will be finished by a '\0' Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2012-12-13 02:18:34 -08:00
ret = strncmp(dn0_vdata, dn1_vdata, dn0_vlen);
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
if (ret != 0) {
return ret;
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
}
}
return 0;
r8373: New wildcard matching code. This code applies correct ldap standard wildcard matching code removes WILDCARD matching from tdb @ATTRIBUTES, that's now handled independently adds some more tests for wildcard matching fixes dn comparison code in ldb_match (This used to be commit 4eb5863042011988d85092d7dde3d809aa15bd59)
2005-07-12 12:04:54 +00:00
}
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
static struct ldb_dn_component ldb_dn_copy_component(
s4-ldb: use TALLOC_CTX type instead of 'void'
2010-07-13 02:37:58 +03:00
TALLOC_CTX *mem_ctx,
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
struct ldb_dn_component *src)
r8515: ldb_dn_cmp now uses ldb_dn_compare so that the DNs are compared on a content level not ona form level, his means that the 2 DNs: a) cn= user, dc=this, dc = is,dc=test b) cn=user,dc=this,dc=is,dc=test are now identical even if the string form differ (spaces) (This used to be commit 76d496c30867ae80434483a34b0d842523aed762)
2005-07-16 18:16:32 +00:00
{
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
struct ldb_dn_component dst;
memset(&dst, 0, sizeof(dst));
r8515: ldb_dn_cmp now uses ldb_dn_compare so that the DNs are compared on a content level not ona form level, his means that the 2 DNs: a) cn= user, dc=this, dc = is,dc=test b) cn=user,dc=this,dc=is,dc=test are now identical even if the string form differ (spaces) (This used to be commit 76d496c30867ae80434483a34b0d842523aed762)
2005-07-16 18:16:32 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
if (src == NULL) {
return dst;
}
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
dst.value = ldb_val_dup(mem_ctx, &(src->value));
if (dst.value.data == NULL) {
return dst;
}
r8515: ldb_dn_cmp now uses ldb_dn_compare so that the DNs are compared on a content level not ona form level, his means that the 2 DNs: a) cn= user, dc=this, dc = is,dc=test b) cn=user,dc=this,dc=is,dc=test are now identical even if the string form differ (spaces) (This used to be commit 76d496c30867ae80434483a34b0d842523aed762)
2005-07-16 18:16:32 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
dst.name = talloc_strdup(mem_ctx, src->name);
if (dst.name == NULL) {
LDB_FREE(dst.value.data);
r19869: fix memleaks (This used to be commit 3a662a2d985bf801284c5dc1123dec6705e6d092)
2006-11-23 22:06:07 +00:00
return dst;
r8515: ldb_dn_cmp now uses ldb_dn_compare so that the DNs are compared on a content level not ona form level, his means that the 2 DNs: a) cn= user, dc=this, dc = is,dc=test b) cn=user,dc=this,dc=is,dc=test are now identical even if the string form differ (spaces) (This used to be commit 76d496c30867ae80434483a34b0d842523aed762)
2005-07-16 18:16:32 +00:00
}
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
if (src->cf_value.data) {
dst.cf_value = ldb_val_dup(mem_ctx, &(src->cf_value));
if (dst.cf_value.data == NULL) {
LDB_FREE(dst.value.data);
LDB_FREE(dst.name);
return dst;
}
r8515: ldb_dn_cmp now uses ldb_dn_compare so that the DNs are compared on a content level not ona form level, his means that the 2 DNs: a) cn= user, dc=this, dc = is,dc=test b) cn=user,dc=this,dc=is,dc=test are now identical even if the string form differ (spaces) (This used to be commit 76d496c30867ae80434483a34b0d842523aed762)
2005-07-16 18:16:32 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
dst.cf_name = talloc_strdup(mem_ctx, src->cf_name);
if (dst.cf_name == NULL) {
LDB_FREE(dst.cf_name);
LDB_FREE(dst.value.data);
LDB_FREE(dst.name);
return dst;
}
} else {
dst.cf_value.data = NULL;
dst.cf_name = NULL;
}
r8515: ldb_dn_cmp now uses ldb_dn_compare so that the DNs are compared on a content level not ona form level, his means that the 2 DNs: a) cn= user, dc=this, dc = is,dc=test b) cn=user,dc=this,dc=is,dc=test are now identical even if the string form differ (spaces) (This used to be commit 76d496c30867ae80434483a34b0d842523aed762)
2005-07-16 18:16:32 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
return dst;
r8515: ldb_dn_cmp now uses ldb_dn_compare so that the DNs are compared on a content level not ona form level, his means that the 2 DNs: a) cn= user, dc=this, dc = is,dc=test b) cn=user,dc=this,dc=is,dc=test are now identical even if the string form differ (spaces) (This used to be commit 76d496c30867ae80434483a34b0d842523aed762)
2005-07-16 18:16:32 +00:00
}
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
static struct ldb_dn_ext_component ldb_dn_ext_copy_component(
s4-ldb: use TALLOC_CTX type instead of 'void'
2010-07-13 02:37:58 +03:00
TALLOC_CTX *mem_ctx,
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
struct ldb_dn_ext_component *src)
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
{
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
struct ldb_dn_ext_component dst;
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
memset(&dst, 0, sizeof(dst));
if (src == NULL) {
return dst;
}
dst.value = ldb_val_dup(mem_ctx, &(src->value));
if (dst.value.data == NULL) {
return dst;
}
dst.name = talloc_strdup(mem_ctx, src->name);
if (dst.name == NULL) {
LDB_FREE(dst.value.data);
return dst;
}
return dst;
}
s4-ldb: use TALLOC_CTX type instead of 'void'
2010-07-13 02:37:58 +03:00
struct ldb_dn *ldb_dn_copy(TALLOC_CTX *mem_ctx, struct ldb_dn *dn)
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
{
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
struct ldb_dn *new_dn;
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
if (!dn || dn->invalid) {
r16832: I should be more careful (and test!) when trying to make compilers and static checkers happy... Andrew Bartlett (This used to be commit ae7ec0d553650b2a90fac8b7564b8f986e3e4288)
2006-07-06 07:37:41 +00:00
return NULL;
}
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
new_dn = talloc_zero(mem_ctx, struct ldb_dn);
if ( !new_dn) {
r16829: Fix a number of issues raised by the IBM checker, or gcc warnings. In particular, this removes one use of the LDB_DN_NULL_FAILED macro, which was being used on more than DNs, had an embedded goto, and confused the IBM checker. In the password_hash code, ensure that sambaAttr is not, before checking the number of values. In GENSEC, note that this switch value can't occour. This seems to be the only way to quiet both the IBM checker and gcc, as well as cope with possibly invalid inputs. Andrew Bartlet (This used to be commit 3e58350ec2ab883795b1dd03ac46a3520cac67d0)
2006-07-06 05:51:39 +00:00
return NULL;
}
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
*new_dn = *dn;
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
r19871: simplify more (This used to be commit e9ddb18c83518703f987bf141807639956612dbf)
2006-11-23 22:30:46 +00:00
if (dn->components) {
LDB:common - Change counters to "unsigned" where appropriate To count LDB objects use variables of type "unsigned (int)" or "long long int" on binary or downto searches. To count characters in strings use "size_t". To calculate differences between pointers use "ptrdiff_t".
2009-11-06 18:35:17 +01:00
unsigned int i;
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
new_dn->components =
talloc_zero_array(new_dn,
struct ldb_dn_component,
dn->comp_num);
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
if ( ! new_dn->components) {
talloc_free(new_dn);
r16829: Fix a number of issues raised by the IBM checker, or gcc warnings. In particular, this removes one use of the LDB_DN_NULL_FAILED macro, which was being used on more than DNs, had an embedded goto, and confused the IBM checker. In the password_hash code, ensure that sambaAttr is not, before checking the number of values. In GENSEC, note that this switch value can't occour. This seems to be the only way to quiet both the IBM checker and gcc, as well as cope with possibly invalid inputs. Andrew Bartlet (This used to be commit 3e58350ec2ab883795b1dd03ac46a3520cac67d0)
2006-07-06 05:51:39 +00:00
return NULL;
}
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
for (i = 0; i < dn->comp_num; i++) {
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
new_dn->components[i] =
ldb_dn_copy_component(new_dn->components,
&dn->components[i]);
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
if ( ! new_dn->components[i].value.data) {
talloc_free(new_dn);
return NULL;
}
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
}
r19869: fix memleaks (This used to be commit 3a662a2d985bf801284c5dc1123dec6705e6d092)
2006-11-23 22:06:07 +00:00
}
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
if (dn->ext_components) {
LDB:common - Change counters to "unsigned" where appropriate To count LDB objects use variables of type "unsigned (int)" or "long long int" on binary or downto searches. To count characters in strings use "size_t". To calculate differences between pointers use "ptrdiff_t".
2009-11-06 18:35:17 +01:00
unsigned int i;
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
new_dn->ext_components =
talloc_zero_array(new_dn,
struct ldb_dn_ext_component,
dn->ext_comp_num);
if ( ! new_dn->ext_components) {
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
talloc_free(new_dn);
return NULL;
}
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
for (i = 0; i < dn->ext_comp_num; i++) {
new_dn->ext_components[i] =
ldb_dn_ext_copy_component(
new_dn->ext_components,
&dn->ext_components[i]);
if ( ! new_dn->ext_components[i].value.data) {
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
talloc_free(new_dn);
return NULL;
}
}
}
r19869: fix memleaks (This used to be commit 3a662a2d985bf801284c5dc1123dec6705e6d092)
2006-11-23 22:06:07 +00:00
if (dn->casefold) {
new_dn->casefold = talloc_strdup(new_dn, dn->casefold);
if ( ! new_dn->casefold) {
talloc_free(new_dn);
return NULL;
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
}
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
}
r19870: Simplify code (This used to be commit c1737f9a52d9e4d118f969a0953a458188143d0d)
2006-11-23 22:11:47 +00:00
if (dn->linearized) {
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
new_dn->linearized = talloc_strdup(new_dn, dn->linearized);
if ( ! new_dn->linearized) {
talloc_free(new_dn);
return NULL;
}
}
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
if (dn->ext_linearized) {
new_dn->ext_linearized = talloc_strdup(new_dn,
dn->ext_linearized);
if ( ! new_dn->ext_linearized) {
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
talloc_free(new_dn);
return NULL;
}
}
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
return new_dn;
r7937: main file was missing (This used to be commit 3898cdb0dc4722a7eb60a61b54ef778dab475aed)
2005-06-27 00:00:50 +00:00
}
ldb: Attach appropriate ldb context to returned result This is done by adding a new API that avoids the problems of ldb_dn_copy() and makes it clear that a struct ldb_context * pointer will be stored in the new copy. Signed-off-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-05-01 16:54:01 +12:00
struct ldb_dn *ldb_dn_copy_with_ldb_context(TALLOC_CTX *mem_ctx,
struct ldb_dn *dn,
struct ldb_context *ldb)
{
struct ldb_dn *new_dn = NULL;
new_dn = ldb_dn_copy(mem_ctx, dn);
if (new_dn == NULL) {
return NULL;
}
/* Set the ldb context. */
new_dn->ldb = ldb;
return new_dn;
}
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
/* modify the given dn by adding a base.
*
* return true if successful and false if not
* if false is returned the dn may be marked invalid
*/
bool ldb_dn_add_base(struct ldb_dn *dn, struct ldb_dn *base)
r8373: New wildcard matching code. This code applies correct ldap standard wildcard matching code removes WILDCARD matching from tdb @ATTRIBUTES, that's now handled independently adds some more tests for wildcard matching fixes dn comparison code in ldb_match (This used to be commit 4eb5863042011988d85092d7dde3d809aa15bd59)
2005-07-12 12:04:54 +00:00
{
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
const char *s;
char *t;
r8373: New wildcard matching code. This code applies correct ldap standard wildcard matching code removes WILDCARD matching from tdb @ATTRIBUTES, that's now handled independently adds some more tests for wildcard matching fixes dn comparison code in ldb_match (This used to be commit 4eb5863042011988d85092d7dde3d809aa15bd59)
2005-07-12 12:04:54 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
if ( !base || base->invalid || !dn || dn->invalid) {
return false;
}
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
ldb: do not allow adding a DN as a base to itself If you try to add a dn to itself, it expands as it goes. The resulting loop cannot end well. It looks like this in Python: dn = ldb.Dn(ldb.Ldb(), 'CN=y,DC=x') dn.add_base(dn) Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-07-06 23:24:43 +12:00
if (dn == base) {
return false; /* or we will visit infinity */
}
r19871: simplify more (This used to be commit e9ddb18c83518703f987bf141807639956612dbf)
2006-11-23 22:30:46 +00:00
if (dn->components) {
LDB:common - Change counters to "unsigned" where appropriate To count LDB objects use variables of type "unsigned (int)" or "long long int" on binary or downto searches. To count characters in strings use "size_t". To calculate differences between pointers use "ptrdiff_t".
2009-11-06 18:35:17 +01:00
unsigned int i;
r8373: New wildcard matching code. This code applies correct ldap standard wildcard matching code removes WILDCARD matching from tdb @ATTRIBUTES, that's now handled independently adds some more tests for wildcard matching fixes dn comparison code in ldb_match (This used to be commit 4eb5863042011988d85092d7dde3d809aa15bd59)
2005-07-12 12:04:54 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
if ( ! ldb_dn_validate(base)) {
return false;
}
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
s = NULL;
if (dn->valid_case) {
if ( ! (s = ldb_dn_get_casefold(base))) {
return false;
}
}
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
dn->components = talloc_realloc(dn,
dn->components,
struct ldb_dn_component,
dn->comp_num + base->comp_num);
if ( ! dn->components) {
s4-ldb: Add support for binary blobs in DNs AD has the concept of a DN prefixed with B:NN:XXXXXX: that contains a binary blob. We need to support those in order to give correctly formatted binary blobs for things like wellKnownObjects This implementation is not ideal, as it allows for binary blobs on all DNs, whereas it should only allow them on those with a syntax of 2.5.5.7. We should clean this up in the future, but meanwhile this implementation at least gets us a working DC join of w2k8 to s4. This patch also uses a static function for marking DNs as invalid, which is very useful when debugging this code, as you can break on it in gdb.
2009-10-02 12:03:05 +10:00
ldb_dn_mark_invalid(dn);
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
return false;
}
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
for (i = 0; i < base->comp_num; dn->comp_num++, i++) {
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
dn->components[dn->comp_num] =
ldb_dn_copy_component(dn->components,
&base->components[i]);
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
if (dn->components[dn->comp_num].value.data == NULL) {
s4-ldb: Add support for binary blobs in DNs AD has the concept of a DN prefixed with B:NN:XXXXXX: that contains a binary blob. We need to support those in order to give correctly formatted binary blobs for things like wellKnownObjects This implementation is not ideal, as it allows for binary blobs on all DNs, whereas it should only allow them on those with a syntax of 2.5.5.7. We should clean this up in the future, but meanwhile this implementation at least gets us a working DC join of w2k8 to s4. This patch also uses a static function for marking DNs as invalid, which is very useful when debugging this code, as you can break on it in gdb.
2009-10-02 12:03:05 +10:00
ldb_dn_mark_invalid(dn);
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
return false;
}
}
r19869: fix memleaks (This used to be commit 3a662a2d985bf801284c5dc1123dec6705e6d092)
2006-11-23 22:06:07 +00:00
if (dn->casefold && s) {
r20373: When adding a base to a "" DN, don't precede it with a comma (,) Andrew Bartlett (This used to be commit ef1ca30180b1b225579a8200b65a4853a135602f)
2006-12-28 03:31:18 +00:00
if (*dn->casefold) {
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
t = talloc_asprintf(dn, "%s,%s",
dn->casefold, s);
r20373: When adding a base to a "" DN, don't precede it with a comma (,) Andrew Bartlett (This used to be commit ef1ca30180b1b225579a8200b65a4853a135602f)
2006-12-28 03:31:18 +00:00
} else {
t = talloc_strdup(dn, s);
}
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
LDB_FREE(dn->casefold);
dn->casefold = t;
}
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
}
r19870: Simplify code (This used to be commit c1737f9a52d9e4d118f969a0953a458188143d0d)
2006-11-23 22:11:47 +00:00
if (dn->linearized) {
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
s = ldb_dn_get_linearized(base);
if ( ! s) {
return false;
}
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
r20373: When adding a base to a "" DN, don't precede it with a comma (,) Andrew Bartlett (This used to be commit ef1ca30180b1b225579a8200b65a4853a135602f)
2006-12-28 03:31:18 +00:00
if (*dn->linearized) {
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
t = talloc_asprintf(dn, "%s,%s",
dn->linearized, s);
r20373: When adding a base to a "" DN, don't precede it with a comma (,) Andrew Bartlett (This used to be commit ef1ca30180b1b225579a8200b65a4853a135602f)
2006-12-28 03:31:18 +00:00
} else {
t = talloc_strdup(dn, s);
}
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
if ( ! t) {
s4-ldb: Add support for binary blobs in DNs AD has the concept of a DN prefixed with B:NN:XXXXXX: that contains a binary blob. We need to support those in order to give correctly formatted binary blobs for things like wellKnownObjects This implementation is not ideal, as it allows for binary blobs on all DNs, whereas it should only allow them on those with a syntax of 2.5.5.7. We should clean this up in the future, but meanwhile this implementation at least gets us a working DC join of w2k8 to s4. This patch also uses a static function for marking DNs as invalid, which is very useful when debugging this code, as you can break on it in gdb.
2009-10-02 12:03:05 +10:00
ldb_dn_mark_invalid(dn);
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
return false;
}
LDB_FREE(dn->linearized);
dn->linearized = t;
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
}
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
/* Wipe the ext_linearized DN,
* the GUID and SID are almost certainly no longer valid */
s4:ldb_dn: remove dn->ext_linearized when ext_components is modified. metze
2010-02-26 15:48:02 +01:00
LDB_FREE(dn->ext_linearized);
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
LDB_FREE(dn->ext_components);
dn->ext_comp_num = 0;
s4:ldb_dn.c - make the code parts which free extended components consistent Cosmetic
2010-06-29 22:04:24 +02:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
return true;
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
}
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
/* modify the given dn by adding a base.
*
* return true if successful and false if not
* if false is returned the dn may be marked invalid
*/
bool ldb_dn_add_base_fmt(struct ldb_dn *dn, const char *base_fmt, ...)
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
{
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
struct ldb_dn *base;
char *base_str;
va_list ap;
bool ret;
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
if ( !dn || dn->invalid) {
return false;
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
}
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
va_start(ap, base_fmt);
base_str = talloc_vasprintf(dn, base_fmt, ap);
va_end(ap);
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
if (base_str == NULL) {
return false;
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
}
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
base = ldb_dn_new(base_str, dn->ldb, base_str);
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
ret = ldb_dn_add_base(dn, base);
talloc_free(base_str);
return ret;
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
}
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
/* modify the given dn by adding children elements.
*
* return true if successful and false if not
* if false is returned the dn may be marked invalid
*/
bool ldb_dn_add_child(struct ldb_dn *dn, struct ldb_dn *child)
r19531: Make struct ldb_dn opaque and local to ldb_dn.c (This used to be commit 889fb983ba1cf8a11424a8b3dc3a5ef76e780082)
2006-11-01 23:31:26 +00:00
{
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
const char *s;
char *t;
r19531: Make struct ldb_dn opaque and local to ldb_dn.c (This used to be commit 889fb983ba1cf8a11424a8b3dc3a5ef76e780082)
2006-11-01 23:31:26 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
if ( !child || child->invalid || !dn || dn->invalid) {
return false;
r19531: Make struct ldb_dn opaque and local to ldb_dn.c (This used to be commit 889fb983ba1cf8a11424a8b3dc3a5ef76e780082)
2006-11-01 23:31:26 +00:00
}
r19871: simplify more (This used to be commit e9ddb18c83518703f987bf141807639956612dbf)
2006-11-23 22:30:46 +00:00
if (dn->components) {
LDB:common - Change counters to "unsigned" where appropriate To count LDB objects use variables of type "unsigned (int)" or "long long int" on binary or downto searches. To count characters in strings use "size_t". To calculate differences between pointers use "ptrdiff_t".
2009-11-06 18:35:17 +01:00
unsigned int n;
ldb:"ldb_dn_add_child" - use "unsigned int" counters
2010-10-16 15:08:40 +02:00
unsigned int i, j;
r19531: Make struct ldb_dn opaque and local to ldb_dn.c (This used to be commit 889fb983ba1cf8a11424a8b3dc3a5ef76e780082)
2006-11-01 23:31:26 +00:00
ldb:ldb_dn.c - don't support "ldb_dn_add_child" on a "" parent DN It's meaningless and could end in DNs as "cn=child,".
2010-06-19 14:49:23 +02:00
if (dn->comp_num == 0) {
return false;
}
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
if ( ! ldb_dn_validate(child)) {
return false;
}
r19531: Make struct ldb_dn opaque and local to ldb_dn.c (This used to be commit 889fb983ba1cf8a11424a8b3dc3a5ef76e780082)
2006-11-01 23:31:26 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
s = NULL;
if (dn->valid_case) {
if ( ! (s = ldb_dn_get_casefold(child))) {
return false;
}
}
n = dn->comp_num + child->comp_num;
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
dn->components = talloc_realloc(dn,
dn->components,
struct ldb_dn_component,
n);
if ( ! dn->components) {
s4-ldb: Add support for binary blobs in DNs AD has the concept of a DN prefixed with B:NN:XXXXXX: that contains a binary blob. We need to support those in order to give correctly formatted binary blobs for things like wellKnownObjects This implementation is not ideal, as it allows for binary blobs on all DNs, whereas it should only allow them on those with a syntax of 2.5.5.7. We should clean this up in the future, but meanwhile this implementation at least gets us a working DC join of w2k8 to s4. This patch also uses a static function for marking DNs as invalid, which is very useful when debugging this code, as you can break on it in gdb.
2009-10-02 12:03:05 +10:00
ldb_dn_mark_invalid(dn);
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
return false;
}
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
ldb:"ldb_dn_add_child" - use "unsigned int" counters
2010-10-16 15:08:40 +02:00
for (i = dn->comp_num - 1, j = n - 1; i != (unsigned int) -1;
i--, j--) {
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
dn->components[j] = dn->components[i];
}
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
for (i = 0; i < child->comp_num; i++) {
dn->components[i] =
ldb_dn_copy_component(dn->components,
&child->components[i]);
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
if (dn->components[i].value.data == NULL) {
s4-ldb: Add support for binary blobs in DNs AD has the concept of a DN prefixed with B:NN:XXXXXX: that contains a binary blob. We need to support those in order to give correctly formatted binary blobs for things like wellKnownObjects This implementation is not ideal, as it allows for binary blobs on all DNs, whereas it should only allow them on those with a syntax of 2.5.5.7. We should clean this up in the future, but meanwhile this implementation at least gets us a working DC join of w2k8 to s4. This patch also uses a static function for marking DNs as invalid, which is very useful when debugging this code, as you can break on it in gdb.
2009-10-02 12:03:05 +10:00
ldb_dn_mark_invalid(dn);
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
return false;
}
}
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
dn->comp_num = n;
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
r19869: fix memleaks (This used to be commit 3a662a2d985bf801284c5dc1123dec6705e6d092)
2006-11-23 22:06:07 +00:00
if (dn->casefold && s) {
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
t = talloc_asprintf(dn, "%s,%s", s, dn->casefold);
LDB_FREE(dn->casefold);
dn->casefold = t;
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
}
}
r19870: Simplify code (This used to be commit c1737f9a52d9e4d118f969a0953a458188143d0d)
2006-11-23 22:11:47 +00:00
if (dn->linearized) {
ldb:ldb_dn.c - don't support "ldb_dn_add_child" on a "" parent DN It's meaningless and could end in DNs as "cn=child,".
2010-06-19 14:49:23 +02:00
if (dn->linearized[0] == '\0') {
return false;
}
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
s = ldb_dn_get_linearized(child);
if ( ! s) {
return false;
}
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
t = talloc_asprintf(dn, "%s,%s", s, dn->linearized);
if ( ! t) {
s4-ldb: Add support for binary blobs in DNs AD has the concept of a DN prefixed with B:NN:XXXXXX: that contains a binary blob. We need to support those in order to give correctly formatted binary blobs for things like wellKnownObjects This implementation is not ideal, as it allows for binary blobs on all DNs, whereas it should only allow them on those with a syntax of 2.5.5.7. We should clean this up in the future, but meanwhile this implementation at least gets us a working DC join of w2k8 to s4. This patch also uses a static function for marking DNs as invalid, which is very useful when debugging this code, as you can break on it in gdb.
2009-10-02 12:03:05 +10:00
ldb_dn_mark_invalid(dn);
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
return false;
}
LDB_FREE(dn->linearized);
dn->linearized = t;
}
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
/* Wipe the ext_linearized DN,
* the GUID and SID are almost certainly no longer valid */
LDB_FREE(dn->ext_linearized);
LDB_FREE(dn->ext_components);
dn->ext_comp_num = 0;
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
return true;
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
}
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
/* modify the given dn by adding children elements.
*
* return true if successful and false if not
* if false is returned the dn may be marked invalid
*/
bool ldb_dn_add_child_fmt(struct ldb_dn *dn, const char *child_fmt, ...)
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
{
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
struct ldb_dn *child;
char *child_str;
va_list ap;
bool ret;
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
if ( !dn || dn->invalid) {
return false;
}
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
va_start(ap, child_fmt);
child_str = talloc_vasprintf(dn, child_fmt, ap);
va_end(ap);
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
if (child_str == NULL) {
return false;
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
}
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
child = ldb_dn_new(child_str, dn->ldb, child_str);
ret = ldb_dn_add_child(dn, child);
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
talloc_free(child_str);
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
return ret;
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
}
ldb: Add new function ldb_dn_add_child_val() This is safer for untrusted input than ldb_dn_add_child_fmt() BUG: https://bugzilla.samba.org/show_bug.cgi?id=13466 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-07-03 15:16:56 +12:00
/* modify the given dn by adding a single child element.
*
* return true if successful and false if not
* if false is returned the dn may be marked invalid
*/
bool ldb_dn_add_child_val(struct ldb_dn *dn,
const char *rdn,
struct ldb_val value)
{
bool ret;
int ldb_ret;
struct ldb_dn *child = NULL;
if ( !dn || dn->invalid) {
return false;
}
child = ldb_dn_new(dn, dn->ldb, "X=Y");
ret = ldb_dn_add_child(dn, child);
if (ret == false) {
return false;
}
ldb_ret = ldb_dn_set_component(dn,
0,
rdn,
value);
if (ldb_ret != LDB_SUCCESS) {
return false;
}
return true;
}
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
bool ldb_dn_remove_base_components(struct ldb_dn *dn, unsigned int num)
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
{
ldb:"ldb_dn_remove_base_components" - use an "unsigned int" counter
2010-10-16 15:04:57 +02:00
unsigned int i;
r19869: fix memleaks (This used to be commit 3a662a2d985bf801284c5dc1123dec6705e6d092)
2006-11-23 22:06:07 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
if ( ! ldb_dn_validate(dn)) {
return false;
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
}
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
if (dn->comp_num < num) {
return false;
}
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
r19869: fix memleaks (This used to be commit 3a662a2d985bf801284c5dc1123dec6705e6d092)
2006-11-23 22:06:07 +00:00
/* free components */
ldb:"ldb_dn_remove_base_components" - use an "unsigned int" counter
2010-10-16 15:04:57 +02:00
for (i = dn->comp_num - num; i < dn->comp_num; i++) {
LDB_FREE(dn->components[i].name);
LDB_FREE(dn->components[i].value.data);
LDB_FREE(dn->components[i].cf_name);
LDB_FREE(dn->components[i].cf_value.data);
r19869: fix memleaks (This used to be commit 3a662a2d985bf801284c5dc1123dec6705e6d092)
2006-11-23 22:06:07 +00:00
}
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
dn->comp_num -= num;
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
r19869: fix memleaks (This used to be commit 3a662a2d985bf801284c5dc1123dec6705e6d092)
2006-11-23 22:06:07 +00:00
if (dn->valid_case) {
for (i = 0; i < dn->comp_num; i++) {
LDB_FREE(dn->components[i].cf_name);
LDB_FREE(dn->components[i].cf_value.data);
}
dn->valid_case = false;
}
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
r19870: Simplify code (This used to be commit c1737f9a52d9e4d118f969a0953a458188143d0d)
2006-11-23 22:11:47 +00:00
LDB_FREE(dn->casefold);
LDB_FREE(dn->linearized);
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
/* Wipe the ext_linearized DN,
* the GUID and SID are almost certainly no longer valid */
LDB_FREE(dn->ext_linearized);
LDB_FREE(dn->ext_components);
dn->ext_comp_num = 0;
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
return true;
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
}
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
bool ldb_dn_remove_child_components(struct ldb_dn *dn, unsigned int num)
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
{
LDB:common - Change counters to "unsigned" where appropriate To count LDB objects use variables of type "unsigned (int)" or "long long int" on binary or downto searches. To count characters in strings use "size_t". To calculate differences between pointers use "ptrdiff_t".
2009-11-06 18:35:17 +01:00
unsigned int i, j;
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
if ( ! ldb_dn_validate(dn)) {
return false;
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
}
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
if (dn->comp_num < num) {
return false;
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
}
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
for (i = 0, j = num; j < dn->comp_num; i++, j++) {
r19869: fix memleaks (This used to be commit 3a662a2d985bf801284c5dc1123dec6705e6d092)
2006-11-23 22:06:07 +00:00
if (i < num) {
LDB_FREE(dn->components[i].name);
LDB_FREE(dn->components[i].value.data);
LDB_FREE(dn->components[i].cf_name);
LDB_FREE(dn->components[i].cf_value.data);
}
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
dn->components[i] = dn->components[j];
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
}
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
dn->comp_num -= num;
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
r19869: fix memleaks (This used to be commit 3a662a2d985bf801284c5dc1123dec6705e6d092)
2006-11-23 22:06:07 +00:00
if (dn->valid_case) {
for (i = 0; i < dn->comp_num; i++) {
LDB_FREE(dn->components[i].cf_name);
LDB_FREE(dn->components[i].cf_value.data);
}
dn->valid_case = false;
}
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
r19870: Simplify code (This used to be commit c1737f9a52d9e4d118f969a0953a458188143d0d)
2006-11-23 22:11:47 +00:00
LDB_FREE(dn->casefold);
LDB_FREE(dn->linearized);
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
/* Wipe the ext_linearized DN,
* the GUID and SID are almost certainly no longer valid */
LDB_FREE(dn->ext_linearized);
LDB_FREE(dn->ext_components);
dn->ext_comp_num = 0;
s4:ldb_dn.c - make the code parts which free extended components consistent Cosmetic
2010-06-29 22:04:24 +02:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
return true;
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
}
ldb: added ldb_dn_replace_components() this allows you to replace the string part of a DN with the string part from another DN. This is useful when you want to fix a DN that has the right GUID but the wrong string part, because the target object has moved. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
2011-08-01 12:24:13 +10:00
/* replace the components of a DN with those from another DN, without
* touching the extended components
*
* return true if successful and false if not
* if false is returned the dn may be marked invalid
*/
bool ldb_dn_replace_components(struct ldb_dn *dn, struct ldb_dn *new_dn)
{
ldb: Fix two signed/unsigned hickups Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2016-07-29 14:00:10 +02:00
unsigned int i;
ldb: added ldb_dn_replace_components() this allows you to replace the string part of a DN with the string part from another DN. This is useful when you want to fix a DN that has the right GUID but the wrong string part, because the target object has moved. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
2011-08-01 12:24:13 +10:00
if ( ! ldb_dn_validate(dn) || ! ldb_dn_validate(new_dn)) {
return false;
}
/* free components */
for (i = 0; i < dn->comp_num; i++) {
LDB_FREE(dn->components[i].name);
LDB_FREE(dn->components[i].value.data);
LDB_FREE(dn->components[i].cf_name);
LDB_FREE(dn->components[i].cf_value.data);
}
dn->components = talloc_realloc(dn,
dn->components,
struct ldb_dn_component,
new_dn->comp_num);
if (dn->components == NULL) {
ldb_dn_mark_invalid(dn);
return false;
}
dn->comp_num = new_dn->comp_num;
dn->valid_case = new_dn->valid_case;
for (i = 0; i < dn->comp_num; i++) {
dn->components[i] = ldb_dn_copy_component(dn->components, &new_dn->components[i]);
if (dn->components[i].name == NULL) {
ldb_dn_mark_invalid(dn);
return false;
}
}
if (new_dn->linearized == NULL) {
dn->linearized = NULL;
} else {
dn->linearized = talloc_strdup(dn, new_dn->linearized);
if (dn->linearized == NULL) {
ldb_dn_mark_invalid(dn);
return false;
}
}
return true;
}
s4-ldb: use TALLOC_CTX type instead of 'void'
2010-07-13 02:37:58 +03:00
struct ldb_dn *ldb_dn_get_parent(TALLOC_CTX *mem_ctx, struct ldb_dn *dn)
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
{
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
struct ldb_dn *new_dn;
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
new_dn = ldb_dn_copy(mem_ctx, dn);
if ( !new_dn ) {
return NULL;
}
r9392: Fix ldb_dn_compose to make build farm happy Add ldb_dn_string_compose so that you can build a dn starting from a struct ldb_dn base and a set of parameters to be composed in a format string with the same syntax of printf (This used to be commit 31c69d0655752cc8ea3bc5b7ea87792291302091)
2005-08-18 16:18:48 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
if ( ! ldb_dn_remove_child_components(new_dn, 1)) {
talloc_free(new_dn);
return NULL;
}
r9392: Fix ldb_dn_compose to make build farm happy Add ldb_dn_string_compose so that you can build a dn starting from a struct ldb_dn base and a set of parameters to be composed in a format string with the same syntax of printf (This used to be commit 31c69d0655752cc8ea3bc5b7ea87792291302091)
2005-08-18 16:18:48 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
return new_dn;
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2005-08-18 15:02:01 +00:00
}
r10956: Tridge thought some comments might be a good idea :-) Andrew Bartlett (This used to be commit c0d6126effdf31e0a107c06a400973c731e0e263)
2005-10-13 07:47:57 +00:00
/* Create a 'canonical name' string from a DN:
ie dc=samba,dc=org -> samba.org/
uid=administrator,ou=users,dc=samba,dc=org = samba.org/users/administrator
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
There are two formats,
the EX format has the last '/' replaced with a newline (\n).
r10956: Tridge thought some comments might be a good idea :-) Andrew Bartlett (This used to be commit c0d6126effdf31e0a107c06a400973c731e0e263)
2005-10-13 07:47:57 +00:00
*/
s4-ldb: use TALLOC_CTX type instead of 'void'
2010-07-13 02:37:58 +03:00
static char *ldb_dn_canonical(TALLOC_CTX *mem_ctx, struct ldb_dn *dn, int ex_format) {
ldb:"ldb_dn_canonical" - use an "unsigned int" counter Convert it to use an "unsigned int" counter which represents the exact length of the DN components.
2010-10-16 14:47:42 +02:00
unsigned int i;
r19869: fix memleaks (This used to be commit 3a662a2d985bf801284c5dc1123dec6705e6d092)
2006-11-23 22:06:07 +00:00
TALLOC_CTX *tmpctx;
r10953: Add a new function to form a canonicalName out of a DN to ldb_dn.c Use this new function in the client and server for the CrackNames case, where we particularly need it. Andrew Bartlett (This used to be commit 380037ee09ef8293bdb288d6c015e7c80f180a30)
2005-10-13 04:24:49 +00:00
char *cracked = NULL;
r25215: replace talloc_append_string() with talloc_strdup_append_buffer() metze (This used to be commit 8f2db3c130ce85d38f805836a7df039822ede066)
2007-09-18 13:41:50 +00:00
const char *format = (ex_format ? "\n" : "/" );
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
if ( ! ldb_dn_validate(dn)) {
return NULL;
}
r19869: fix memleaks (This used to be commit 3a662a2d985bf801284c5dc1123dec6705e6d092)
2006-11-23 22:06:07 +00:00
tmpctx = talloc_new(mem_ctx);
r10956: Tridge thought some comments might be a good idea :-) Andrew Bartlett (This used to be commit c0d6126effdf31e0a107c06a400973c731e0e263)
2005-10-13 07:47:57 +00:00
/* Walk backwards down the DN, grabbing 'dc' components at first */
ldb:"ldb_dn_canonical" - use an "unsigned int" counter Convert it to use an "unsigned int" counter which represents the exact length of the DN components.
2010-10-16 14:47:42 +02:00
for (i = dn->comp_num - 1; i != (unsigned int) -1; i--) {
r10980: Use ldb_attr_cmp and ldb_dn_escape_value Andrew Bartlett (This used to be commit 2b1c88f628b27ffda08de3f4ac83c1f3b052a078)
2005-10-14 02:05:51 +00:00
if (ldb_attr_cmp(dn->components[i].name, "dc") != 0) {
r10953: Add a new function to form a canonicalName out of a DN to ldb_dn.c Use this new function in the client and server for the CrackNames case, where we particularly need it. Andrew Bartlett (This used to be commit 380037ee09ef8293bdb288d6c015e7c80f180a30)
2005-10-13 04:24:49 +00:00
break;
}
if (cracked) {
r19869: fix memleaks (This used to be commit 3a662a2d985bf801284c5dc1123dec6705e6d092)
2006-11-23 22:06:07 +00:00
cracked = talloc_asprintf(tmpctx, "%s.%s",
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
ldb_dn_escape_value(tmpctx,
dn->components[i].value),
r10953: Add a new function to form a canonicalName out of a DN to ldb_dn.c Use this new function in the client and server for the CrackNames case, where we particularly need it. Andrew Bartlett (This used to be commit 380037ee09ef8293bdb288d6c015e7c80f180a30)
2005-10-13 04:24:49 +00:00
cracked);
} else {
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
cracked = ldb_dn_escape_value(tmpctx,
dn->components[i].value);
r10953: Add a new function to form a canonicalName out of a DN to ldb_dn.c Use this new function in the client and server for the CrackNames case, where we particularly need it. Andrew Bartlett (This used to be commit 380037ee09ef8293bdb288d6c015e7c80f180a30)
2005-10-13 04:24:49 +00:00
}
if (!cracked) {
r19869: fix memleaks (This used to be commit 3a662a2d985bf801284c5dc1123dec6705e6d092)
2006-11-23 22:06:07 +00:00
goto done;
r10953: Add a new function to form a canonicalName out of a DN to ldb_dn.c Use this new function in the client and server for the CrackNames case, where we particularly need it. Andrew Bartlett (This used to be commit 380037ee09ef8293bdb288d6c015e7c80f180a30)
2005-10-13 04:24:49 +00:00
}
}
r10956: Tridge thought some comments might be a good idea :-) Andrew Bartlett (This used to be commit c0d6126effdf31e0a107c06a400973c731e0e263)
2005-10-13 07:47:57 +00:00
/* Only domain components? Finish here */
ldb:"ldb_dn_canonical" - use an "unsigned int" counter Convert it to use an "unsigned int" counter which represents the exact length of the DN components.
2010-10-16 14:47:42 +02:00
if (i == (unsigned int) -1) {
r25215: replace talloc_append_string() with talloc_strdup_append_buffer() metze (This used to be commit 8f2db3c130ce85d38f805836a7df039822ede066)
2007-09-18 13:41:50 +00:00
cracked = talloc_strdup_append_buffer(cracked, format);
r19869: fix memleaks (This used to be commit 3a662a2d985bf801284c5dc1123dec6705e6d092)
2006-11-23 22:06:07 +00:00
talloc_steal(mem_ctx, cracked);
goto done;
r10953: Add a new function to form a canonicalName out of a DN to ldb_dn.c Use this new function in the client and server for the CrackNames case, where we particularly need it. Andrew Bartlett (This used to be commit 380037ee09ef8293bdb288d6c015e7c80f180a30)
2005-10-13 04:24:49 +00:00
}
r10956: Tridge thought some comments might be a good idea :-) Andrew Bartlett (This used to be commit c0d6126effdf31e0a107c06a400973c731e0e263)
2005-10-13 07:47:57 +00:00
/* Now walk backwards appending remaining components */
r10953: Add a new function to form a canonicalName out of a DN to ldb_dn.c Use this new function in the client and server for the CrackNames case, where we particularly need it. Andrew Bartlett (This used to be commit 380037ee09ef8293bdb288d6c015e7c80f180a30)
2005-10-13 04:24:49 +00:00
for (; i > 0; i--) {
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
cracked = talloc_asprintf_append_buffer(cracked, "/%s",
ldb_dn_escape_value(tmpctx,
dn->components[i].value));
r10953: Add a new function to form a canonicalName out of a DN to ldb_dn.c Use this new function in the client and server for the CrackNames case, where we particularly need it. Andrew Bartlett (This used to be commit 380037ee09ef8293bdb288d6c015e7c80f180a30)
2005-10-13 04:24:49 +00:00
if (!cracked) {
r19869: fix memleaks (This used to be commit 3a662a2d985bf801284c5dc1123dec6705e6d092)
2006-11-23 22:06:07 +00:00
goto done;
r10953: Add a new function to form a canonicalName out of a DN to ldb_dn.c Use this new function in the client and server for the CrackNames case, where we particularly need it. Andrew Bartlett (This used to be commit 380037ee09ef8293bdb288d6c015e7c80f180a30)
2005-10-13 04:24:49 +00:00
}
}
r10956: Tridge thought some comments might be a good idea :-) Andrew Bartlett (This used to be commit c0d6126effdf31e0a107c06a400973c731e0e263)
2005-10-13 07:47:57 +00:00
/* Last one, possibly a newline for the 'ex' format */
r25215: replace talloc_append_string() with talloc_strdup_append_buffer() metze (This used to be commit 8f2db3c130ce85d38f805836a7df039822ede066)
2007-09-18 13:41:50 +00:00
cracked = talloc_asprintf_append_buffer(cracked, "%s%s", format,
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
ldb_dn_escape_value(tmpctx,
dn->components[i].value));
r19869: fix memleaks (This used to be commit 3a662a2d985bf801284c5dc1123dec6705e6d092)
2006-11-23 22:06:07 +00:00
talloc_steal(mem_ctx, cracked);
done:
talloc_free(tmpctx);
r10953: Add a new function to form a canonicalName out of a DN to ldb_dn.c Use this new function in the client and server for the CrackNames case, where we particularly need it. Andrew Bartlett (This used to be commit 380037ee09ef8293bdb288d6c015e7c80f180a30)
2005-10-13 04:24:49 +00:00
return cracked;
}
r10956: Tridge thought some comments might be a good idea :-) Andrew Bartlett (This used to be commit c0d6126effdf31e0a107c06a400973c731e0e263)
2005-10-13 07:47:57 +00:00
/* Wrapper functions for the above, for the two different string formats */
s4-ldb: use TALLOC_CTX type instead of 'void'
2010-07-13 02:37:58 +03:00
char *ldb_dn_canonical_string(TALLOC_CTX *mem_ctx, struct ldb_dn *dn) {
r10953: Add a new function to form a canonicalName out of a DN to ldb_dn.c Use this new function in the client and server for the CrackNames case, where we particularly need it. Andrew Bartlett (This used to be commit 380037ee09ef8293bdb288d6c015e7c80f180a30)
2005-10-13 04:24:49 +00:00
return ldb_dn_canonical(mem_ctx, dn, 0);
}
s4-ldb: use TALLOC_CTX type instead of 'void'
2010-07-13 02:37:58 +03:00
char *ldb_dn_canonical_ex_string(TALLOC_CTX *mem_ctx, struct ldb_dn *dn) {
r10953: Add a new function to form a canonicalName out of a DN to ldb_dn.c Use this new function in the client and server for the CrackNames case, where we particularly need it. Andrew Bartlett (This used to be commit 380037ee09ef8293bdb288d6c015e7c80f180a30)
2005-10-13 04:24:49 +00:00
return ldb_dn_canonical(mem_ctx, dn, 1);
}
r19531: Make struct ldb_dn opaque and local to ldb_dn.c (This used to be commit 889fb983ba1cf8a11424a8b3dc3a5ef76e780082)
2006-11-01 23:31:26 +00:00
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
int ldb_dn_get_comp_num(struct ldb_dn *dn)
r19531: Make struct ldb_dn opaque and local to ldb_dn.c (This used to be commit 889fb983ba1cf8a11424a8b3dc3a5ef76e780082)
2006-11-01 23:31:26 +00:00
{
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
if ( ! ldb_dn_validate(dn)) {
return -1;
}
r19531: Make struct ldb_dn opaque and local to ldb_dn.c (This used to be commit 889fb983ba1cf8a11424a8b3dc3a5ef76e780082)
2006-11-01 23:31:26 +00:00
return dn->comp_num;
}
ldb: added ldb_dn_get_extended_comp_num() this returns the number of extended components. We need this to validate a DN in the extended_dn_in module Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-01-13 11:07:15 +11:00
int ldb_dn_get_extended_comp_num(struct ldb_dn *dn)
{
if ( ! ldb_dn_validate(dn)) {
return -1;
}
return dn->ext_comp_num;
}
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
const char *ldb_dn_get_component_name(struct ldb_dn *dn, unsigned int num)
r19531: Make struct ldb_dn opaque and local to ldb_dn.c (This used to be commit 889fb983ba1cf8a11424a8b3dc3a5ef76e780082)
2006-11-01 23:31:26 +00:00
{
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
if ( ! ldb_dn_validate(dn)) {
return NULL;
}
r19531: Make struct ldb_dn opaque and local to ldb_dn.c (This used to be commit 889fb983ba1cf8a11424a8b3dc3a5ef76e780082)
2006-11-01 23:31:26 +00:00
if (num >= dn->comp_num) return NULL;
return dn->components[num].name;
}
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
const struct ldb_val *ldb_dn_get_component_val(struct ldb_dn *dn,
unsigned int num)
r19531: Make struct ldb_dn opaque and local to ldb_dn.c (This used to be commit 889fb983ba1cf8a11424a8b3dc3a5ef76e780082)
2006-11-01 23:31:26 +00:00
{
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
if ( ! ldb_dn_validate(dn)) {
return NULL;
}
r19531: Make struct ldb_dn opaque and local to ldb_dn.c (This used to be commit 889fb983ba1cf8a11424a8b3dc3a5ef76e780082)
2006-11-01 23:31:26 +00:00
if (num >= dn->comp_num) return NULL;
return &dn->components[num].value;
}
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
const char *ldb_dn_get_rdn_name(struct ldb_dn *dn)
{
if ( ! ldb_dn_validate(dn)) {
return NULL;
}
r19531: Make struct ldb_dn opaque and local to ldb_dn.c (This used to be commit 889fb983ba1cf8a11424a8b3dc3a5ef76e780082)
2006-11-01 23:31:26 +00:00
if (dn->comp_num == 0) return NULL;
return dn->components[0].name;
}
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
const struct ldb_val *ldb_dn_get_rdn_val(struct ldb_dn *dn)
{
if ( ! ldb_dn_validate(dn)) {
return NULL;
}
r19531: Make struct ldb_dn opaque and local to ldb_dn.c (This used to be commit 889fb983ba1cf8a11424a8b3dc3a5ef76e780082)
2006-11-01 23:31:26 +00:00
if (dn->comp_num == 0) return NULL;
return &dn->components[0].value;
}
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
int ldb_dn_set_component(struct ldb_dn *dn, int num,
const char *name, const struct ldb_val val)
r19531: Make struct ldb_dn opaque and local to ldb_dn.c (This used to be commit 889fb983ba1cf8a11424a8b3dc3a5ef76e780082)
2006-11-01 23:31:26 +00:00
{
char *n;
struct ldb_val v;
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
if ( ! ldb_dn_validate(dn)) {
return LDB_ERR_OTHER;
}
ldb: Fix two signed/unsigned hickups Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2016-07-29 14:00:10 +02:00
if (num < 0) {
r19531: Make struct ldb_dn opaque and local to ldb_dn.c (This used to be commit 889fb983ba1cf8a11424a8b3dc3a5ef76e780082)
2006-11-01 23:31:26 +00:00
return LDB_ERR_OTHER;
}
ldb: Fix two signed/unsigned hickups Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2016-07-29 14:00:10 +02:00
if ((unsigned)num >= dn->comp_num) {
ldb: validate ldb_dn_set_component input parameters even more strictly Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jelmer Vernooij <jelmer@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Jan 6 00:33:21 CET 2016 on sn-devel-144
2016-01-04 12:13:40 +13:00
return LDB_ERR_OTHER;
}
ldb: Fix CID 1348110 Uninitialized scalar variable Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Jan 15 07:12:06 CET 2016 on sn-devel-144
2016-01-14 21:10:39 +01:00
if (val.length > val.length + 1) {
ldb: validate ldb_dn_set_component input parameters even more strictly Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jelmer Vernooij <jelmer@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Jan 6 00:33:21 CET 2016 on sn-devel-144
2016-01-04 12:13:40 +13:00
return LDB_ERR_OTHER;
}
r19531: Make struct ldb_dn opaque and local to ldb_dn.c (This used to be commit 889fb983ba1cf8a11424a8b3dc3a5ef76e780082)
2006-11-01 23:31:26 +00:00
n = talloc_strdup(dn, name);
if ( ! n) {
return LDB_ERR_OTHER;
}
v.length = val.length;
ldb: Be strict about talloc_memdup() and passed in buffers in ldb_dn_set_component() This ensures we do not over-read the source buffer, but still NUL terminate. This may be related to debuain bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=808769 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
2016-01-04 12:12:37 +13:00
/*
* This is like talloc_memdup(dn, v.data, v.length + 1), but
* avoids the over-read
*/
v.data = (uint8_t *)talloc_size(dn, v.length+1);
r19531: Make struct ldb_dn opaque and local to ldb_dn.c (This used to be commit 889fb983ba1cf8a11424a8b3dc3a5ef76e780082)
2006-11-01 23:31:26 +00:00
if ( ! v.data) {
r19869: fix memleaks (This used to be commit 3a662a2d985bf801284c5dc1123dec6705e6d092)
2006-11-23 22:06:07 +00:00
talloc_free(n);
r19531: Make struct ldb_dn opaque and local to ldb_dn.c (This used to be commit 889fb983ba1cf8a11424a8b3dc3a5ef76e780082)
2006-11-01 23:31:26 +00:00
return LDB_ERR_OTHER;
}
ldb: Be strict about talloc_memdup() and passed in buffers in ldb_dn_set_component() This ensures we do not over-read the source buffer, but still NUL terminate. This may be related to debuain bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=808769 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
2016-01-04 12:12:37 +13:00
memcpy(v.data, val.data, val.length);
/*
* Enforce NUL termination outside the stated length, as is
* traditional in LDB
*/
v.data[v.length] = '\0';
r19531: Make struct ldb_dn opaque and local to ldb_dn.c (This used to be commit 889fb983ba1cf8a11424a8b3dc3a5ef76e780082)
2006-11-01 23:31:26 +00:00
talloc_free(dn->components[num].name);
talloc_free(dn->components[num].value.data);
dn->components[num].name = n;
dn->components[num].value = v;
r19869: fix memleaks (This used to be commit 3a662a2d985bf801284c5dc1123dec6705e6d092)
2006-11-23 22:06:07 +00:00
if (dn->valid_case) {
LDB:common - Change counters to "unsigned" where appropriate To count LDB objects use variables of type "unsigned (int)" or "long long int" on binary or downto searches. To count characters in strings use "size_t". To calculate differences between pointers use "ptrdiff_t".
2009-11-06 18:35:17 +01:00
unsigned int i;
r19869: fix memleaks (This used to be commit 3a662a2d985bf801284c5dc1123dec6705e6d092)
2006-11-23 22:06:07 +00:00
for (i = 0; i < dn->comp_num; i++) {
LDB_FREE(dn->components[i].cf_name);
LDB_FREE(dn->components[i].cf_value.data);
}
dn->valid_case = false;
}
LDB_FREE(dn->casefold);
r20952: when a component is changed we need to rebuild the linearized string metze (This used to be commit beb816fb78ec4a7816680611af6619740e159424)
2007-01-22 17:46:38 +00:00
LDB_FREE(dn->linearized);
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
/* Wipe the ext_linearized DN,
* the GUID and SID are almost certainly no longer valid */
LDB_FREE(dn->ext_linearized);
LDB_FREE(dn->ext_components);
s4:ldb_dn.c - make the code parts which free extended components consistent Cosmetic
2010-06-29 22:04:24 +02:00
dn->ext_comp_num = 0;
r19531: Make struct ldb_dn opaque and local to ldb_dn.c (This used to be commit 889fb983ba1cf8a11424a8b3dc3a5ef76e780082)
2006-11-01 23:31:26 +00:00
return LDB_SUCCESS;
}
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
const struct ldb_val *ldb_dn_get_extended_component(struct ldb_dn *dn,
const char *name)
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
{
LDB:common - Change counters to "unsigned" where appropriate To count LDB objects use variables of type "unsigned (int)" or "long long int" on binary or downto searches. To count characters in strings use "size_t". To calculate differences between pointers use "ptrdiff_t".
2009-11-06 18:35:17 +01:00
unsigned int i;
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
if ( ! ldb_dn_validate(dn)) {
return NULL;
}
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
for (i=0; i < dn->ext_comp_num; i++) {
if (ldb_attr_cmp(dn->ext_components[i].name, name) == 0) {
return &dn->ext_components[i].value;
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
}
}
return NULL;
}
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
int ldb_dn_set_extended_component(struct ldb_dn *dn,
const char *name, const struct ldb_val *val)
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
{
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
struct ldb_dn_ext_component *p;
LDB:common - Change counters to "unsigned" where appropriate To count LDB objects use variables of type "unsigned (int)" or "long long int" on binary or downto searches. To count characters in strings use "size_t". To calculate differences between pointers use "ptrdiff_t".
2009-11-06 18:35:17 +01:00
unsigned int i;
s4-ldb: fixed 2 bugs in ldb_dn_set_extended_component() The first bug was that setting a component twice could cause it to appear twice in the DN. The second bug was that using an existing ldb_val from a previous call of ldb_dn_get_extended_component() as an argument to ldb_dn_set_extended_component() would cause a valgrind error (as the array the val pointed into will change).
2009-12-10 17:23:00 +11:00
struct ldb_val v2;
ldb: Do not allocate the extended DN name The name must be a hard-coded value from struct ldb_dn_extended_syntax so just point to that constant pointer Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-17 13:28:59 +12:00
const struct ldb_dn_extended_syntax *ext_syntax;
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
if ( ! ldb_dn_validate(dn)) {
return LDB_ERR_OTHER;
}
ldb: Do not allocate the extended DN name The name must be a hard-coded value from struct ldb_dn_extended_syntax so just point to that constant pointer Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-17 13:28:59 +12:00
ext_syntax = ldb_dn_extended_syntax_by_name(dn->ldb, name);
if (ext_syntax == NULL) {
s4:ldb Don't segfault if we somehow get an unknown extended dn element
2009-11-11 19:24:48 +11:00
/* We don't know how to handle this type of thing */
return LDB_ERR_INVALID_DN_SYNTAX;
}
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
for (i=0; i < dn->ext_comp_num; i++) {
if (ldb_attr_cmp(dn->ext_components[i].name, name) == 0) {
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
if (val) {
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
dn->ext_components[i].value =
ldb_val_dup(dn->ext_components, val);
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
ldb: Do not allocate the extended DN name The name must be a hard-coded value from struct ldb_dn_extended_syntax so just point to that constant pointer Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-17 13:28:59 +12:00
dn->ext_components[i].name = ext_syntax->name;
if (!dn->ext_components[i].value.data) {
s4-ldb: Add support for binary blobs in DNs AD has the concept of a DN prefixed with B:NN:XXXXXX: that contains a binary blob. We need to support those in order to give correctly formatted binary blobs for things like wellKnownObjects This implementation is not ideal, as it allows for binary blobs on all DNs, whereas it should only allow them on those with a syntax of 2.5.5.7. We should clean this up in the future, but meanwhile this implementation at least gets us a working DC join of w2k8 to s4. This patch also uses a static function for marking DNs as invalid, which is very useful when debugging this code, as you can break on it in gdb.
2009-10-02 12:03:05 +10:00
ldb_dn_mark_invalid(dn);
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
return LDB_ERR_OPERATIONS_ERROR;
}
} else {
ldb: Use ARRAY_DEL_ELEMENT() in ldb_dn_set_extended_component() Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2020-03-26 11:12:55 +01:00
ARRAY_DEL_ELEMENT(
dn->ext_components,
i,
dn->ext_comp_num);
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
dn->ext_comp_num--;
dn->ext_components = talloc_realloc(dn,
dn->ext_components,
struct ldb_dn_ext_component,
dn->ext_comp_num);
if (!dn->ext_components) {
s4-ldb: Add support for binary blobs in DNs AD has the concept of a DN prefixed with B:NN:XXXXXX: that contains a binary blob. We need to support those in order to give correctly formatted binary blobs for things like wellKnownObjects This implementation is not ideal, as it allows for binary blobs on all DNs, whereas it should only allow them on those with a syntax of 2.5.5.7. We should clean this up in the future, but meanwhile this implementation at least gets us a working DC join of w2k8 to s4. This patch also uses a static function for marking DNs as invalid, which is very useful when debugging this code, as you can break on it in gdb.
2009-10-02 12:03:05 +10:00
ldb_dn_mark_invalid(dn);
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
return LDB_ERR_OPERATIONS_ERROR;
}
}
s4:ldb_dn: remove dn->ext_linearized when ext_components is modified. metze
2010-02-26 15:48:02 +01:00
LDB_FREE(dn->ext_linearized);
ldb:ldb_dn.c - "ldb_dn_set_extended_component" - free the linearized string when the components change
2010-06-29 22:07:51 +02:00
return LDB_SUCCESS;
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
}
}
s4-ldb: use GUID_to_ndr_blob()
2009-12-10 14:32:47 +11:00
if (val == NULL) {
/* removing a value that doesn't exist is not an error */
return LDB_SUCCESS;
}
s4-ldb: fixed 2 bugs in ldb_dn_set_extended_component() The first bug was that setting a component twice could cause it to appear twice in the DN. The second bug was that using an existing ldb_val from a previous call of ldb_dn_get_extended_component() as an argument to ldb_dn_set_extended_component() would cause a valgrind error (as the array the val pointed into will change).
2009-12-10 17:23:00 +11:00
v2 = *val;
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
p = dn->ext_components
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
= talloc_realloc(dn,
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
dn->ext_components,
struct ldb_dn_ext_component,
dn->ext_comp_num + 1);
if (!dn->ext_components) {
s4-ldb: Add support for binary blobs in DNs AD has the concept of a DN prefixed with B:NN:XXXXXX: that contains a binary blob. We need to support those in order to give correctly formatted binary blobs for things like wellKnownObjects This implementation is not ideal, as it allows for binary blobs on all DNs, whereas it should only allow them on those with a syntax of 2.5.5.7. We should clean this up in the future, but meanwhile this implementation at least gets us a working DC join of w2k8 to s4. This patch also uses a static function for marking DNs as invalid, which is very useful when debugging this code, as you can break on it in gdb.
2009-10-02 12:03:05 +10:00
ldb_dn_mark_invalid(dn);
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
return LDB_ERR_OPERATIONS_ERROR;
}
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
s4-ldb: fixed 2 bugs in ldb_dn_set_extended_component() The first bug was that setting a component twice could cause it to appear twice in the DN. The second bug was that using an existing ldb_val from a previous call of ldb_dn_get_extended_component() as an argument to ldb_dn_set_extended_component() would cause a valgrind error (as the array the val pointed into will change).
2009-12-10 17:23:00 +11:00
p[dn->ext_comp_num].value = ldb_val_dup(dn->ext_components, &v2);
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
p[dn->ext_comp_num].name = talloc_strdup(p, name);
if (!dn->ext_components[i].name || !dn->ext_components[i].value.data) {
s4-ldb: Add support for binary blobs in DNs AD has the concept of a DN prefixed with B:NN:XXXXXX: that contains a binary blob. We need to support those in order to give correctly formatted binary blobs for things like wellKnownObjects This implementation is not ideal, as it allows for binary blobs on all DNs, whereas it should only allow them on those with a syntax of 2.5.5.7. We should clean this up in the future, but meanwhile this implementation at least gets us a working DC join of w2k8 to s4. This patch also uses a static function for marking DNs as invalid, which is very useful when debugging this code, as you can break on it in gdb.
2009-10-02 12:03:05 +10:00
ldb_dn_mark_invalid(dn);
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
return LDB_ERR_OPERATIONS_ERROR;
}
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
dn->ext_components = p;
dn->ext_comp_num++;
ldb:ldb_dn.c - "ldb_dn_set_extended_component" - free the linearized string when the components change
2010-06-29 22:07:51 +02:00
LDB_FREE(dn->ext_linearized);
Small cosmetic LDB patch regarding return values. It changes some "return 0" in "return LDB_SUCCESS"
2008-12-19 09:54:20 -05:00
return LDB_SUCCESS;
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
}
void ldb_dn_remove_extended_components(struct ldb_dn *dn)
{
s4:ldb_dn: remove dn->ext_linearized when ext_components is modified. metze
2010-02-26 15:48:02 +01:00
LDB_FREE(dn->ext_linearized);
s4:ldb_dn.c - make the code parts which free extended components consistent Cosmetic
2010-06-29 22:04:24 +02:00
LDB_FREE(dn->ext_components);
dn->ext_comp_num = 0;
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
}
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
bool ldb_dn_is_valid(struct ldb_dn *dn)
{
if ( ! dn) return false;
return ! dn->invalid;
}
bool ldb_dn_is_special(struct ldb_dn *dn)
{
if ( ! dn || dn->invalid) return false;
return dn->special;
}
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
bool ldb_dn_has_extended(struct ldb_dn *dn)
{
if ( ! dn || dn->invalid) return false;
s4:ldb Remove DN+Binary code from the core ldb_dn This is now in dsdb_dn. Removing this to a specific wrapper avoids a number of bugs where Binary DNs were being handled incorrectly. This reverts much of tridge's commit fd22e0304782e20b9bbb29464b6c745d409ff4c6 Andrew Bartlett
2009-11-05 17:06:45 +11:00
if (dn->ext_linearized && (dn->ext_linearized[0] == '<')) return true;
ldb: cosmetic changes in ldb_dn - remove trailing spaces and tabs - shorten some variable names for readability - try to break superlong lines for readability
2009-08-30 16:07:44 -04:00
return dn->ext_comp_num != 0;
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
}
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
bool ldb_dn_check_special(struct ldb_dn *dn, const char *check)
{
if ( ! dn || dn->invalid) return false;
return ! strcmp(dn->linearized, check);
}
bool ldb_dn_is_null(struct ldb_dn *dn)
{
if ( ! dn || dn->invalid) return false;
s4:ldb: add infrastructure for extended dn handlers This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:19:07 +01:00
if (ldb_dn_has_extended(dn)) return false;
r19871: simplify more (This used to be commit e9ddb18c83518703f987bf141807639956612dbf)
2006-11-23 22:30:46 +00:00
if (dn->linearized && (dn->linearized[0] == '\0')) return true;
r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2006-11-22 00:59:34 +00:00
return false;
}
s4-ldb: Add support for binary blobs in DNs AD has the concept of a DN prefixed with B:NN:XXXXXX: that contains a binary blob. We need to support those in order to give correctly formatted binary blobs for things like wellKnownObjects This implementation is not ideal, as it allows for binary blobs on all DNs, whereas it should only allow them on those with a syntax of 2.5.5.7. We should clean this up in the future, but meanwhile this implementation at least gets us a working DC join of w2k8 to s4. This patch also uses a static function for marking DNs as invalid, which is very useful when debugging this code, as you can break on it in gdb.
2009-10-02 12:03:05 +10:00
s4-dsdb: added ldb_dn_update_components() This is used to udpate just the DN components of a ldb_dn, leaving the other extended fields alone. It is needed to prevent linked attribute updates from removing other extended components. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2009-12-17 23:03:41 +11:00
/*
this updates dn->components, taking the components from ref_dn.
This is used by code that wants to update the DN path of a DN
while not impacting on the extended DN components
*/
int ldb_dn_update_components(struct ldb_dn *dn, const struct ldb_dn *ref_dn)
{
dn->components = talloc_realloc(dn, dn->components,
struct ldb_dn_component, ref_dn->comp_num);
if (!dn->components) {
return LDB_ERR_OPERATIONS_ERROR;
}
memcpy(dn->components, ref_dn->components,
sizeof(struct ldb_dn_component)*ref_dn->comp_num);
dn->comp_num = ref_dn->comp_num;
s4:ldb - "ldb_dn_update_components" - fix free of invalid DN parts Use "LDB_FREE" for such free operations and in addition wipe also the casefolded DN out.
2010-06-29 22:10:14 +02:00
LDB_FREE(dn->casefold);
LDB_FREE(dn->linearized);
LDB_FREE(dn->ext_linearized);
s4-dsdb: added ldb_dn_update_components() This is used to udpate just the DN components of a ldb_dn, leaving the other extended fields alone. It is needed to prevent linked attribute updates from removing other extended components. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2009-12-17 23:03:41 +11:00
return LDB_SUCCESS;
}
ldb: added ldb_dn_minimise() this removes any extraneous components from a DN. For an extended DN, this means removing the string DN and all but the first extended component. This is needed as AD returns "invalid syntax" if you don't use a minimal DN as the base DN for a search. A non-minimal DN also doesn't ever match in a search expression. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-01-13 12:13:42 +11:00
/*
minimise a DN. The caller must pass in a validated DN.
If the DN has an extended component then only the first extended
component is kept, the DN string is stripped.
The existing dn is modified
*/
bool ldb_dn_minimise(struct ldb_dn *dn)
{
ldb:ldb_dn.c - fix counter type in "ldb_dn_minimise" Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Fri Jan 14 10:43:29 CET 2011 on sn-devel-104
2011-01-14 09:38:41 +01:00
unsigned int i;
ldb: added ldb_dn_minimise() this removes any extraneous components from a DN. For an extended DN, this means removing the string DN and all but the first extended component. This is needed as AD returns "invalid syntax" if you don't use a minimal DN as the base DN for a search. A non-minimal DN also doesn't ever match in a search expression. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-01-13 12:13:42 +11:00
if (!ldb_dn_validate(dn)) {
return false;
}
if (dn->ext_comp_num == 0) {
return true;
}
/* free components */
for (i = 0; i < dn->comp_num; i++) {
LDB_FREE(dn->components[i].name);
LDB_FREE(dn->components[i].value.data);
LDB_FREE(dn->components[i].cf_name);
LDB_FREE(dn->components[i].cf_value.data);
}
dn->comp_num = 0;
dn->valid_case = false;
LDB_FREE(dn->casefold);
LDB_FREE(dn->linearized);
/* note that we don't free dn->components as this there are
* several places in ldb_dn.c that rely on it being non-NULL
* for an exploded DN
*/
for (i = 1; i < dn->ext_comp_num; i++) {
LDB_FREE(dn->ext_components[i].value.data);
}
dn->ext_comp_num = 1;
dn->ext_components = talloc_realloc(dn, dn->ext_components, struct ldb_dn_ext_component, 1);
if (dn->ext_components == NULL) {
ldb_dn_mark_invalid(dn);
return false;
}
LDB_FREE(dn->ext_linearized);
return true;
}
ldb: Fix python bindings to accept a string as a DN This fixes add_base(), add_child() and is_child_of(). This removes a toally incorrect cast of struct ldb_dn to struct ldb_context. A helper routine is used instead Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-10-14 13:49:01 +13:00
struct ldb_context *ldb_dn_get_ldb_context(struct ldb_dn *dn)
{
return dn->ldb;
}
Copy Permalink