2005-06-21 07:52:00 +00:00
/*
ldb database library - ldif handlers for Samba
2006-06-06 22:04:55 +00:00
Copyright ( C ) Andrew Tridgell 2005
2007-08-15 13:14:38 +00:00
Copyright ( C ) Andrew Bartlett 2006 - 2007
2005-06-21 07:52:00 +00:00
* * NOTE ! The following LGPL license applies to the ldb
* * library . This does NOT imply that all of Samba is released
* * under the LGPL
This library is free software ; you can redistribute it and / or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation ; either
2007-07-10 02:46:15 +00:00
version 3 of the License , or ( at your option ) any later version .
2005-06-21 07:52:00 +00:00
This library is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the GNU
Lesser General Public License for more details .
You should have received a copy of the GNU Lesser General Public
2007-07-10 03:42:26 +00:00
License along with this library ; if not , see < http : //www.gnu.org/licenses/>.
2005-06-21 07:52:00 +00:00
*/
# include "includes.h"
2007-11-26 03:14:28 +01:00
# include "lib/ldb/include/ldb_includes.h"
2007-12-07 23:56:53 +01:00
# include "dsdb/samdb/samdb.h"
2006-01-06 04:01:23 +00:00
# include "librpc/gen_ndr/ndr_security.h"
2005-07-27 22:14:55 +00:00
# include "librpc/gen_ndr/ndr_misc.h"
2008-05-29 18:38:17 +10:00
# include "librpc/gen_ndr/ndr_drsblobs.h"
2006-04-02 12:02:01 +00:00
# include "libcli/security/security.h"
2008-05-29 18:38:17 +10:00
# include "param/param.h"
2005-06-21 07:52:00 +00:00
/*
convert a ldif formatted objectSid to a NDR formatted blob
*/
2005-07-02 17:30:03 +00:00
static int ldif_read_objectSid ( struct ldb_context * ldb , void * mem_ctx ,
const struct ldb_val * in , struct ldb_val * out )
2005-06-21 07:52:00 +00:00
{
2007-11-09 19:24:51 +01:00
enum ndr_err_code ndr_err ;
2005-06-21 07:52:00 +00:00
struct dom_sid * sid ;
2005-07-08 05:14:46 +00:00
sid = dom_sid_parse_talloc ( mem_ctx , ( const char * ) in - > data ) ;
2005-06-21 07:52:00 +00:00
if ( sid = = NULL ) {
return - 1 ;
}
2008-01-01 22:05:05 -06:00
ndr_err = ndr_push_struct_blob ( out , mem_ctx , NULL , sid ,
2007-11-09 19:24:51 +01:00
( ndr_push_flags_fn_t ) ndr_push_dom_sid ) ;
2005-06-21 07:52:00 +00:00
talloc_free ( sid ) ;
2007-11-09 19:24:51 +01:00
if ( ! NDR_ERR_CODE_IS_SUCCESS ( ndr_err ) ) {
2005-06-21 07:52:00 +00:00
return - 1 ;
}
return 0 ;
}
/*
convert a NDR formatted blob to a ldif formatted objectSid
*/
2005-07-02 17:30:03 +00:00
static int ldif_write_objectSid ( struct ldb_context * ldb , void * mem_ctx ,
const struct ldb_val * in , struct ldb_val * out )
2005-06-21 07:52:00 +00:00
{
struct dom_sid * sid ;
2007-11-09 19:24:51 +01:00
enum ndr_err_code ndr_err ;
2005-07-02 17:30:03 +00:00
sid = talloc ( mem_ctx , struct dom_sid ) ;
2005-06-21 07:52:00 +00:00
if ( sid = = NULL ) {
return - 1 ;
}
2008-01-01 22:05:13 -06:00
ndr_err = ndr_pull_struct_blob ( in , sid , NULL , sid ,
2007-11-09 19:24:51 +01:00
( ndr_pull_flags_fn_t ) ndr_pull_dom_sid ) ;
if ( ! NDR_ERR_CODE_IS_SUCCESS ( ndr_err ) ) {
2005-06-21 07:52:00 +00:00
talloc_free ( sid ) ;
return - 1 ;
}
2005-07-08 05:27:47 +00:00
out - > data = ( uint8_t * ) dom_sid_string ( mem_ctx , sid ) ;
2005-06-21 07:52:00 +00:00
talloc_free ( sid ) ;
if ( out - > data = = NULL ) {
return - 1 ;
}
2005-07-08 05:27:47 +00:00
out - > length = strlen ( ( const char * ) out - > data ) ;
2005-06-21 07:52:00 +00:00
return 0 ;
}
2007-10-05 17:24:50 +00:00
static bool ldb_comparision_objectSid_isString ( const struct ldb_val * v )
2005-07-08 05:14:46 +00:00
{
2006-11-01 03:17:23 +00:00
if ( v - > length < 3 ) {
2007-10-06 21:42:58 +00:00
return false ;
2006-11-01 03:17:23 +00:00
}
2007-10-06 21:42:58 +00:00
if ( strncmp ( " S- " , ( const char * ) v - > data , 2 ) ! = 0 ) return false ;
2006-11-01 03:17:23 +00:00
2007-10-05 17:24:50 +00:00
return true ;
2005-07-08 05:14:46 +00:00
}
r8037: a fairly major update to the internals of ldb. Changes are:
- moved the knowledge of attribute types out of ldb_tdb and into the
generic ldb code. This allows the ldb_match() message match logic
to be generic, so it can be used by other backend
- added the generic ability to load attribute handlers, for
canonicalisation, compare, ldif read and ldif write. In the future
this will be used by the schema module to allow us to correctly
obey the attributetype schema elements
- added attribute handlers for some of the core ldap attribute types,
Integer, DirectoryString, DN, ObjectClass etc
- added automatic registration of attribute handlers for well-known
attribute names 'cn', 'dc', 'dn', 'ou' and 'objectClass'
- converted the objectSid special handlers for Samba to the new system
- added more correct handling of indexing in tdb backend based on the
attribute canonicalisation function
- added generic support for subclasses, moving it out of the tdb
backend. This will be used in future by the schema module
- fixed several bugs in the dn_explode code. It still needs more
work, but doesn't corrupt ldb dbs any more.
(This used to be commit 944c5844ab441b96d8e5d7b2d151982139d1fab9)
2005-07-01 06:21:26 +00:00
/*
compare two objectSids
*/
2005-07-02 17:30:03 +00:00
static int ldb_comparison_objectSid ( struct ldb_context * ldb , void * mem_ctx ,
r8037: a fairly major update to the internals of ldb. Changes are:
- moved the knowledge of attribute types out of ldb_tdb and into the
generic ldb code. This allows the ldb_match() message match logic
to be generic, so it can be used by other backend
- added the generic ability to load attribute handlers, for
canonicalisation, compare, ldif read and ldif write. In the future
this will be used by the schema module to allow us to correctly
obey the attributetype schema elements
- added attribute handlers for some of the core ldap attribute types,
Integer, DirectoryString, DN, ObjectClass etc
- added automatic registration of attribute handlers for well-known
attribute names 'cn', 'dc', 'dn', 'ou' and 'objectClass'
- converted the objectSid special handlers for Samba to the new system
- added more correct handling of indexing in tdb backend based on the
attribute canonicalisation function
- added generic support for subclasses, moving it out of the tdb
backend. This will be used in future by the schema module
- fixed several bugs in the dn_explode code. It still needs more
work, but doesn't corrupt ldb dbs any more.
(This used to be commit 944c5844ab441b96d8e5d7b2d151982139d1fab9)
2005-07-01 06:21:26 +00:00
const struct ldb_val * v1 , const struct ldb_val * v2 )
{
2006-07-12 01:25:20 +00:00
if ( ldb_comparision_objectSid_isString ( v1 ) & & ldb_comparision_objectSid_isString ( v2 ) ) {
return strcmp ( ( const char * ) v1 - > data , ( const char * ) v2 - > data ) ;
} else if ( ldb_comparision_objectSid_isString ( v1 )
& & ! ldb_comparision_objectSid_isString ( v2 ) ) {
struct ldb_val v ;
int ret ;
if ( ldif_read_objectSid ( ldb , mem_ctx , v1 , & v ) ! = 0 ) {
return - 1 ;
2005-07-01 07:02:26 +00:00
}
2006-07-12 01:25:20 +00:00
ret = ldb_comparison_binary ( ldb , mem_ctx , & v , v2 ) ;
talloc_free ( v . data ) ;
return ret ;
} else if ( ! ldb_comparision_objectSid_isString ( v1 )
& & ldb_comparision_objectSid_isString ( v2 ) ) {
struct ldb_val v ;
int ret ;
if ( ldif_read_objectSid ( ldb , mem_ctx , v2 , & v ) ! = 0 ) {
return - 1 ;
}
ret = ldb_comparison_binary ( ldb , mem_ctx , v1 , & v ) ;
talloc_free ( v . data ) ;
return ret ;
2005-07-01 07:02:26 +00:00
}
2005-07-02 17:30:03 +00:00
return ldb_comparison_binary ( ldb , mem_ctx , v1 , v2 ) ;
r8037: a fairly major update to the internals of ldb. Changes are:
- moved the knowledge of attribute types out of ldb_tdb and into the
generic ldb code. This allows the ldb_match() message match logic
to be generic, so it can be used by other backend
- added the generic ability to load attribute handlers, for
canonicalisation, compare, ldif read and ldif write. In the future
this will be used by the schema module to allow us to correctly
obey the attributetype schema elements
- added attribute handlers for some of the core ldap attribute types,
Integer, DirectoryString, DN, ObjectClass etc
- added automatic registration of attribute handlers for well-known
attribute names 'cn', 'dc', 'dn', 'ou' and 'objectClass'
- converted the objectSid special handlers for Samba to the new system
- added more correct handling of indexing in tdb backend based on the
attribute canonicalisation function
- added generic support for subclasses, moving it out of the tdb
backend. This will be used in future by the schema module
- fixed several bugs in the dn_explode code. It still needs more
work, but doesn't corrupt ldb dbs any more.
(This used to be commit 944c5844ab441b96d8e5d7b2d151982139d1fab9)
2005-07-01 06:21:26 +00:00
}
2005-07-01 07:02:26 +00:00
/*
canonicalise a objectSid
*/
2005-07-02 17:30:03 +00:00
static int ldb_canonicalise_objectSid ( struct ldb_context * ldb , void * mem_ctx ,
const struct ldb_val * in , struct ldb_val * out )
2005-07-01 07:02:26 +00:00
{
2005-07-08 05:14:46 +00:00
if ( ldb_comparision_objectSid_isString ( in ) ) {
2005-07-02 17:30:03 +00:00
return ldif_read_objectSid ( ldb , mem_ctx , in , out ) ;
2005-07-01 07:02:26 +00:00
}
2005-07-02 17:30:03 +00:00
return ldb_handler_copy ( ldb , mem_ctx , in , out ) ;
2005-07-01 07:02:26 +00:00
}
2005-07-08 05:14:46 +00:00
/*
convert a ldif formatted objectGUID to a NDR formatted blob
*/
static int ldif_read_objectGUID ( struct ldb_context * ldb , void * mem_ctx ,
const struct ldb_val * in , struct ldb_val * out )
{
struct GUID guid ;
NTSTATUS status ;
2007-11-09 19:24:51 +01:00
enum ndr_err_code ndr_err ;
2005-07-08 05:14:46 +00:00
2005-07-08 05:27:47 +00:00
status = GUID_from_string ( ( const char * ) in - > data , & guid ) ;
2005-07-08 05:14:46 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
return - 1 ;
}
2008-01-01 22:05:05 -06:00
ndr_err = ndr_push_struct_blob ( out , mem_ctx , NULL , & guid ,
2007-11-09 19:24:51 +01:00
( ndr_push_flags_fn_t ) ndr_push_GUID ) ;
if ( ! NDR_ERR_CODE_IS_SUCCESS ( ndr_err ) ) {
2005-07-08 05:14:46 +00:00
return - 1 ;
}
return 0 ;
}
/*
convert a NDR formatted blob to a ldif formatted objectGUID
*/
static int ldif_write_objectGUID ( struct ldb_context * ldb , void * mem_ctx ,
const struct ldb_val * in , struct ldb_val * out )
{
struct GUID guid ;
2007-11-09 19:24:51 +01:00
enum ndr_err_code ndr_err ;
2008-01-01 22:05:13 -06:00
ndr_err = ndr_pull_struct_blob ( in , mem_ctx , NULL , & guid ,
2007-11-09 19:24:51 +01:00
( ndr_pull_flags_fn_t ) ndr_pull_GUID ) ;
if ( ! NDR_ERR_CODE_IS_SUCCESS ( ndr_err ) ) {
2005-07-08 05:14:46 +00:00
return - 1 ;
}
2005-07-08 05:27:47 +00:00
out - > data = ( uint8_t * ) GUID_string ( mem_ctx , & guid ) ;
2005-07-08 05:14:46 +00:00
if ( out - > data = = NULL ) {
return - 1 ;
}
2005-07-08 05:27:47 +00:00
out - > length = strlen ( ( const char * ) out - > data ) ;
2005-07-08 05:14:46 +00:00
return 0 ;
}
2007-10-05 17:24:50 +00:00
static bool ldb_comparision_objectGUID_isString ( const struct ldb_val * v )
2005-07-08 05:14:46 +00:00
{
struct GUID guid ;
NTSTATUS status ;
2007-10-06 21:42:58 +00:00
if ( v - > length < 33 ) return false ;
2006-07-12 01:25:20 +00:00
2006-11-13 03:21:13 +00:00
/* see if the input if null-terninated (safety check for the below) */
2007-10-06 21:42:58 +00:00
if ( v - > data [ v - > length ] ! = ' \0 ' ) return false ;
2006-11-13 03:21:13 +00:00
2005-07-08 05:27:47 +00:00
status = GUID_from_string ( ( const char * ) v - > data , & guid ) ;
2005-07-08 05:14:46 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2007-10-06 21:42:58 +00:00
return false ;
2005-07-08 05:14:46 +00:00
}
2007-10-05 17:24:50 +00:00
return true ;
2005-07-08 05:14:46 +00:00
}
/*
compare two objectGUIDs
*/
static int ldb_comparison_objectGUID ( struct ldb_context * ldb , void * mem_ctx ,
const struct ldb_val * v1 , const struct ldb_val * v2 )
{
2006-07-12 01:25:20 +00:00
if ( ldb_comparision_objectGUID_isString ( v1 ) & & ldb_comparision_objectGUID_isString ( v2 ) ) {
return strcmp ( ( const char * ) v1 - > data , ( const char * ) v2 - > data ) ;
} else if ( ldb_comparision_objectGUID_isString ( v1 )
& & ! ldb_comparision_objectGUID_isString ( v2 ) ) {
struct ldb_val v ;
int ret ;
if ( ldif_read_objectGUID ( ldb , mem_ctx , v1 , & v ) ! = 0 ) {
return - 1 ;
}
ret = ldb_comparison_binary ( ldb , mem_ctx , & v , v2 ) ;
talloc_free ( v . data ) ;
return ret ;
} else if ( ! ldb_comparision_objectGUID_isString ( v1 )
& & ldb_comparision_objectGUID_isString ( v2 ) ) {
struct ldb_val v ;
int ret ;
if ( ldif_read_objectGUID ( ldb , mem_ctx , v2 , & v ) ! = 0 ) {
return - 1 ;
2005-07-08 05:14:46 +00:00
}
2006-07-12 01:25:20 +00:00
ret = ldb_comparison_binary ( ldb , mem_ctx , v1 , & v ) ;
talloc_free ( v . data ) ;
return ret ;
2005-07-08 05:14:46 +00:00
}
return ldb_comparison_binary ( ldb , mem_ctx , v1 , v2 ) ;
}
/*
canonicalise a objectGUID
*/
static int ldb_canonicalise_objectGUID ( struct ldb_context * ldb , void * mem_ctx ,
const struct ldb_val * in , struct ldb_val * out )
{
if ( ldb_comparision_objectGUID_isString ( in ) ) {
return ldif_read_objectGUID ( ldb , mem_ctx , in , out ) ;
}
return ldb_handler_copy ( ldb , mem_ctx , in , out ) ;
}
2005-06-21 07:52:00 +00:00
2005-12-09 23:43:02 +00:00
/*
convert a ldif ( SDDL ) formatted ntSecurityDescriptor to a NDR formatted blob
*/
static int ldif_read_ntSecurityDescriptor ( struct ldb_context * ldb , void * mem_ctx ,
const struct ldb_val * in , struct ldb_val * out )
{
struct security_descriptor * sd ;
2007-11-09 19:24:51 +01:00
enum ndr_err_code ndr_err ;
2006-08-05 06:35:32 +00:00
sd = sddl_decode ( mem_ctx , ( const char * ) in - > data , NULL ) ;
2005-12-09 23:43:02 +00:00
if ( sd = = NULL ) {
return - 1 ;
}
2008-01-01 22:05:05 -06:00
ndr_err = ndr_push_struct_blob ( out , mem_ctx , NULL , sd ,
2007-11-09 19:24:51 +01:00
( ndr_push_flags_fn_t ) ndr_push_security_descriptor ) ;
2005-12-09 23:43:02 +00:00
talloc_free ( sd ) ;
2007-11-09 19:24:51 +01:00
if ( ! NDR_ERR_CODE_IS_SUCCESS ( ndr_err ) ) {
2005-12-09 23:43:02 +00:00
return - 1 ;
}
return 0 ;
}
/*
convert a NDR formatted blob to a ldif formatted ntSecurityDescriptor ( SDDL format )
*/
static int ldif_write_ntSecurityDescriptor ( struct ldb_context * ldb , void * mem_ctx ,
const struct ldb_val * in , struct ldb_val * out )
{
struct security_descriptor * sd ;
2007-11-09 19:24:51 +01:00
enum ndr_err_code ndr_err ;
2005-12-09 23:43:02 +00:00
sd = talloc ( mem_ctx , struct security_descriptor ) ;
if ( sd = = NULL ) {
return - 1 ;
}
2008-01-01 22:05:13 -06:00
ndr_err = ndr_pull_struct_blob ( in , sd , NULL , sd ,
2007-11-09 19:24:51 +01:00
( ndr_pull_flags_fn_t ) ndr_pull_security_descriptor ) ;
if ( ! NDR_ERR_CODE_IS_SUCCESS ( ndr_err ) ) {
2005-12-09 23:43:02 +00:00
talloc_free ( sd ) ;
return - 1 ;
}
2006-08-05 06:35:32 +00:00
out - > data = ( uint8_t * ) sddl_encode ( mem_ctx , sd , NULL ) ;
2005-12-09 23:43:02 +00:00
talloc_free ( sd ) ;
if ( out - > data = = NULL ) {
return - 1 ;
}
out - > length = strlen ( ( const char * ) out - > data ) ;
return 0 ;
}
2006-06-06 22:04:55 +00:00
/*
2007-12-07 23:56:53 +01:00
canonicalise an objectCategory . We use the short form as the cannoical form :
2006-06-06 22:04:55 +00:00
cn = Person , cn = Schema , cn = Configuration , < basedn > becomes ' person '
*/
static int ldif_canonicalise_objectCategory ( struct ldb_context * ldb , void * mem_ctx ,
const struct ldb_val * in , struct ldb_val * out )
{
struct ldb_dn * dn1 = NULL ;
2007-06-21 10:18:20 +00:00
const struct dsdb_schema * schema = dsdb_get_schema ( ldb ) ;
const struct dsdb_class * class ;
2007-08-20 00:22:53 +00:00
TALLOC_CTX * tmp_ctx = talloc_new ( mem_ctx ) ;
if ( ! tmp_ctx ) {
return LDB_ERR_OPERATIONS_ERROR ;
}
2006-06-06 22:04:55 +00:00
2007-06-21 10:18:20 +00:00
if ( ! schema ) {
* out = data_blob_talloc ( mem_ctx , in - > data , in - > length ) ;
2007-08-20 00:22:53 +00:00
if ( in - > data & & ! out - > data ) {
return LDB_ERR_OPERATIONS_ERROR ;
}
2007-06-21 10:18:20 +00:00
return LDB_SUCCESS ;
}
2007-08-20 00:22:53 +00:00
dn1 = ldb_dn_new ( tmp_ctx , ldb , ( char * ) in - > data ) ;
2006-11-22 00:59:34 +00:00
if ( ! ldb_dn_validate ( dn1 ) ) {
2007-08-20 00:22:53 +00:00
const char * lDAPDisplayName = talloc_strndup ( tmp_ctx , ( char * ) in - > data , in - > length ) ;
2007-06-21 10:18:20 +00:00
class = dsdb_class_by_lDAPDisplayName ( schema , lDAPDisplayName ) ;
2007-08-15 13:14:38 +00:00
if ( class ) {
struct ldb_dn * dn = ldb_dn_new ( mem_ctx , ldb ,
class - > defaultObjectCategory ) ;
2007-08-20 00:22:53 +00:00
* out = data_blob_string_const ( ldb_dn_alloc_casefold ( mem_ctx , dn ) ) ;
talloc_free ( tmp_ctx ) ;
if ( ! out - > data ) {
return LDB_ERR_OPERATIONS_ERROR ;
}
2007-08-15 13:14:38 +00:00
return LDB_SUCCESS ;
} else {
* out = data_blob_talloc ( mem_ctx , in - > data , in - > length ) ;
2007-08-20 00:22:53 +00:00
talloc_free ( tmp_ctx ) ;
if ( in - > data & & ! out - > data ) {
return LDB_ERR_OPERATIONS_ERROR ;
}
2007-08-15 13:14:38 +00:00
return LDB_SUCCESS ;
}
2007-06-21 10:18:20 +00:00
}
2007-08-20 00:22:53 +00:00
* out = data_blob_string_const ( ldb_dn_alloc_casefold ( mem_ctx , dn1 ) ) ;
talloc_free ( tmp_ctx ) ;
if ( ! out - > data ) {
return LDB_ERR_OPERATIONS_ERROR ;
}
2007-06-21 10:18:20 +00:00
return LDB_SUCCESS ;
2006-06-06 22:04:55 +00:00
}
static int ldif_comparison_objectCategory ( struct ldb_context * ldb , void * mem_ctx ,
const struct ldb_val * v1 ,
const struct ldb_val * v2 )
{
2007-08-20 00:22:53 +00:00
int ret , ret1 , ret2 ;
2007-06-21 10:18:20 +00:00
struct ldb_val v1_canon , v2_canon ;
2007-08-20 00:22:53 +00:00
TALLOC_CTX * tmp_ctx = talloc_new ( mem_ctx ) ;
/* I could try and bail if tmp_ctx was NULL, but what return
* value would I use ?
*
* It seems easier to continue on the NULL context
*/
ret1 = ldif_canonicalise_objectCategory ( ldb , tmp_ctx , v1 , & v1_canon ) ;
ret2 = ldif_canonicalise_objectCategory ( ldb , tmp_ctx , v2 , & v2_canon ) ;
2006-06-06 22:04:55 +00:00
2007-06-21 10:18:20 +00:00
if ( ret1 = = LDB_SUCCESS & & ret2 = = LDB_SUCCESS ) {
2007-08-20 00:22:53 +00:00
ret = data_blob_cmp ( & v1_canon , & v2_canon ) ;
2006-06-06 22:04:55 +00:00
} else {
2007-08-20 00:22:53 +00:00
ret = data_blob_cmp ( v1 , v2 ) ;
2006-06-06 22:04:55 +00:00
}
2007-08-20 00:22:53 +00:00
talloc_free ( tmp_ctx ) ;
return ret ;
2006-06-06 22:04:55 +00:00
}
2008-05-29 18:38:17 +10:00
/*
convert a ldif formatted prefixMap to a NDR formatted blob
*/
static int ldif_read_prefixMap ( struct ldb_context * ldb , void * mem_ctx ,
const struct ldb_val * in , struct ldb_val * out )
{
struct prefixMapBlob * blob ;
enum ndr_err_code ndr_err ;
char * string , * line , * p , * oid ;
blob = talloc_zero ( mem_ctx , struct prefixMapBlob ) ;
if ( blob = = NULL ) {
return - 1 ;
}
string = ( const char * ) in - > data ;
line = string ;
while ( line & & line [ 0 ] ) {
p = strchr ( line , ' ; ' ) ;
if ( p ) {
p [ 0 ] = ' \0 ' ;
} else {
p = strchr ( string , ' \n ' ) ;
if ( p ) {
p [ 0 ] = ' \0 ' ;
}
}
blob - > ctr . dsdb . mappings = talloc_realloc ( blob ,
blob - > ctr . dsdb . mappings ,
struct drsuapi_DsReplicaOIDMapping ,
blob - > ctr . dsdb . num_mappings + 1 ) ;
if ( ! blob - > ctr . dsdb . mappings ) {
return - 1 ;
}
blob - > ctr . dsdb . mappings [ blob - > ctr . dsdb . num_mappings ] . id_prefix = strtoul ( p , & oid , 10 ) ;
if ( oid [ 0 ] ! = ' : ' ) {
return - 1 ;
}
/* we know there must be at least ":" */
oid + + ;
blob - > ctr . dsdb . mappings [ blob - > ctr . dsdb . num_mappings ] . oid . oid
= talloc_strdup ( blob - > ctr . dsdb . mappings , oid ) ;
blob - > ctr . dsdb . num_mappings + + ;
if ( p ) {
line = p + + ;
} else {
line = NULL ;
}
}
ndr_err = ndr_push_struct_blob ( out , mem_ctx ,
lp_iconv_convenience ( ldb_get_opaque ( ldb , " loadparm " ) ) ,
blob ,
( ndr_push_flags_fn_t ) ndr_push_prefixMapBlob ) ;
talloc_free ( blob ) ;
if ( ! NDR_ERR_CODE_IS_SUCCESS ( ndr_err ) ) {
return - 1 ;
}
return 0 ;
}
/*
convert a NDR formatted blob to a ldif formatted prefixMap
*/
static int ldif_write_prefixMap ( struct ldb_context * ldb , void * mem_ctx ,
const struct ldb_val * in , struct ldb_val * out )
{
struct prefixMapBlob * blob ;
enum ndr_err_code ndr_err ;
uint32_t i ;
blob = talloc ( mem_ctx , struct prefixMapBlob ) ;
if ( blob = = NULL ) {
return - 1 ;
}
ndr_err = ndr_pull_struct_blob ( in , blob ,
lp_iconv_convenience ( ldb_get_opaque ( ldb , " loadparm " ) ) ,
blob ,
( ndr_pull_flags_fn_t ) ndr_pull_prefixMapBlob ) ;
if ( ! NDR_ERR_CODE_IS_SUCCESS ( ndr_err ) ) {
talloc_free ( blob ) ;
return - 1 ;
}
if ( blob - > version ! = PREFIX_MAP_VERSION_DSDB ) {
return - 1 ;
}
out - > data = talloc_strdup ( mem_ctx , " " ) ;
if ( out - > data = = NULL ) {
return - 1 ;
}
for ( i = 0 ; i < blob - > ctr . dsdb . num_mappings ; i + + ) {
if ( i > 0 ) {
out - > data = talloc_asprintf_append ( out - > data , " ; " ) ;
}
out - > data = talloc_asprintf_append ( out - > data , " %u: %s " ,
blob - > ctr . dsdb . mappings [ i ] . id_prefix ,
blob - > ctr . dsdb . mappings [ i ] . oid . oid ) ;
if ( out - > data = = NULL ) {
return - 1 ;
}
}
talloc_free ( blob ) ;
out - > length = strlen ( ( const char * ) out - > data ) ;
return 0 ;
}
static bool ldif_comparision_prefixMap_isString ( const struct ldb_val * v )
{
if ( v - > length < 4 ) {
return true ;
}
if ( IVAL ( v - > data , 0 ) = = PREFIX_MAP_VERSION_DSDB ) {
return false ;
}
return true ;
}
/*
canonicalise a prefixMap
*/
static int ldif_canonicalise_prefixMap ( struct ldb_context * ldb , void * mem_ctx ,
const struct ldb_val * in , struct ldb_val * out )
{
if ( ldif_comparision_prefixMap_isString ( in ) ) {
return ldif_read_prefixMap ( ldb , mem_ctx , in , out ) ;
}
return ldb_handler_copy ( ldb , mem_ctx , in , out ) ;
}
static int ldif_comparison_prefixMap ( struct ldb_context * ldb , void * mem_ctx ,
const struct ldb_val * v1 ,
const struct ldb_val * v2 )
{
int ret , ret1 , ret2 ;
struct ldb_val v1_canon , v2_canon ;
TALLOC_CTX * tmp_ctx = talloc_new ( mem_ctx ) ;
/* I could try and bail if tmp_ctx was NULL, but what return
* value would I use ?
*
* It seems easier to continue on the NULL context
*/
ret1 = ldif_canonicalise_prefixMap ( ldb , tmp_ctx , v1 , & v1_canon ) ;
ret2 = ldif_canonicalise_prefixMap ( ldb , tmp_ctx , v2 , & v2_canon ) ;
if ( ret1 = = LDB_SUCCESS & & ret2 = = LDB_SUCCESS ) {
ret = data_blob_cmp ( & v1_canon , & v2_canon ) ;
} else {
ret = data_blob_cmp ( v1 , v2 ) ;
}
talloc_free ( tmp_ctx ) ;
return ret ;
}
2006-12-15 13:08:57 +00:00
# define LDB_SYNTAX_SAMBA_SID "LDB_SYNTAX_SAMBA_SID"
# define LDB_SYNTAX_SAMBA_SECURITY_DESCRIPTOR "LDB_SYNTAX_SAMBA_SECURITY_DESCRIPTOR"
# define LDB_SYNTAX_SAMBA_GUID "LDB_SYNTAX_SAMBA_GUID"
# define LDB_SYNTAX_SAMBA_OBJECT_CATEGORY "LDB_SYNTAX_SAMBA_OBJECT_CATEGORY"
2008-05-29 18:38:17 +10:00
# define LDB_SYNTAX_SAMBA_PREFIX_MAP "LDB_SYNTAX_SAMBA_PREFIX_MAP"
2006-12-15 13:08:57 +00:00
static const struct ldb_schema_syntax samba_syntaxes [ ] = {
2006-11-25 15:43:56 +00:00
{
2006-12-15 13:08:57 +00:00
. name = LDB_SYNTAX_SAMBA_SID ,
. ldif_read_fn = ldif_read_objectSid ,
. ldif_write_fn = ldif_write_objectSid ,
. canonicalise_fn = ldb_canonicalise_objectSid ,
. comparison_fn = ldb_comparison_objectSid
} , {
. name = LDB_SYNTAX_SAMBA_SECURITY_DESCRIPTOR ,
. ldif_read_fn = ldif_read_ntSecurityDescriptor ,
. ldif_write_fn = ldif_write_ntSecurityDescriptor ,
. canonicalise_fn = ldb_handler_copy ,
. comparison_fn = ldb_comparison_binary
} , {
. name = LDB_SYNTAX_SAMBA_GUID ,
. ldif_read_fn = ldif_read_objectGUID ,
. ldif_write_fn = ldif_write_objectGUID ,
. canonicalise_fn = ldb_canonicalise_objectGUID ,
. comparison_fn = ldb_comparison_objectGUID
} , {
. name = LDB_SYNTAX_SAMBA_OBJECT_CATEGORY ,
. ldif_read_fn = ldb_handler_copy ,
. ldif_write_fn = ldb_handler_copy ,
. canonicalise_fn = ldif_canonicalise_objectCategory ,
. comparison_fn = ldif_comparison_objectCategory
2008-05-29 18:38:17 +10:00
} , {
. name = LDB_SYNTAX_SAMBA_PREFIX_MAP ,
. ldif_read_fn = ldif_read_prefixMap ,
. ldif_write_fn = ldif_write_prefixMap ,
. canonicalise_fn = ldif_canonicalise_prefixMap ,
. comparison_fn = ldif_comparison_prefixMap
r8037: a fairly major update to the internals of ldb. Changes are:
- moved the knowledge of attribute types out of ldb_tdb and into the
generic ldb code. This allows the ldb_match() message match logic
to be generic, so it can be used by other backend
- added the generic ability to load attribute handlers, for
canonicalisation, compare, ldif read and ldif write. In the future
this will be used by the schema module to allow us to correctly
obey the attributetype schema elements
- added attribute handlers for some of the core ldap attribute types,
Integer, DirectoryString, DN, ObjectClass etc
- added automatic registration of attribute handlers for well-known
attribute names 'cn', 'dc', 'dn', 'ou' and 'objectClass'
- converted the objectSid special handlers for Samba to the new system
- added more correct handling of indexing in tdb backend based on the
attribute canonicalisation function
- added generic support for subclasses, moving it out of the tdb
backend. This will be used in future by the schema module
- fixed several bugs in the dn_explode code. It still needs more
work, but doesn't corrupt ldb dbs any more.
(This used to be commit 944c5844ab441b96d8e5d7b2d151982139d1fab9)
2005-07-01 06:21:26 +00:00
}
2005-06-21 07:52:00 +00:00
} ;
2006-12-15 13:08:57 +00:00
static const struct {
const char * name ;
const char * syntax ;
} samba_attributes [ ] = {
{ " objectSid " , LDB_SYNTAX_SAMBA_SID } ,
{ " securityIdentifier " , LDB_SYNTAX_SAMBA_SID } ,
{ " ntSecurityDescriptor " , LDB_SYNTAX_SAMBA_SECURITY_DESCRIPTOR } ,
{ " objectGUID " , LDB_SYNTAX_SAMBA_GUID } ,
{ " invocationId " , LDB_SYNTAX_SAMBA_GUID } ,
{ " schemaIDGUID " , LDB_SYNTAX_SAMBA_GUID } ,
{ " attributeSecurityGUID " , LDB_SYNTAX_SAMBA_GUID } ,
{ " parentGUID " , LDB_SYNTAX_SAMBA_GUID } ,
{ " siteGUID " , LDB_SYNTAX_SAMBA_GUID } ,
{ " pKTGUID " , LDB_SYNTAX_SAMBA_GUID } ,
{ " fRSVersionGUID " , LDB_SYNTAX_SAMBA_GUID } ,
{ " fRSReplicaSetGUID " , LDB_SYNTAX_SAMBA_GUID } ,
{ " netbootGUID " , LDB_SYNTAX_SAMBA_GUID } ,
{ " objectCategory " , LDB_SYNTAX_SAMBA_OBJECT_CATEGORY } ,
{ " member " , LDB_SYNTAX_DN } ,
{ " memberOf " , LDB_SYNTAX_DN } ,
{ " nCName " , LDB_SYNTAX_DN } ,
{ " schemaNamingContext " , LDB_SYNTAX_DN } ,
{ " configurationNamingContext " , LDB_SYNTAX_DN } ,
{ " rootDomainNamingContext " , LDB_SYNTAX_DN } ,
{ " defaultNamingContext " , LDB_SYNTAX_DN } ,
{ " subRefs " , LDB_SYNTAX_DN } ,
{ " dMDLocation " , LDB_SYNTAX_DN } ,
{ " serverReference " , LDB_SYNTAX_DN } ,
{ " masteredBy " , LDB_SYNTAX_DN } ,
{ " msDs-masteredBy " , LDB_SYNTAX_DN } ,
{ " fSMORoleOwner " , LDB_SYNTAX_DN } ,
2008-05-29 18:38:17 +10:00
{ " prefixMap " , LDB_SYNTAX_SAMBA_PREFIX_MAP }
2006-12-15 13:08:57 +00:00
} ;
2005-06-21 07:52:00 +00:00
/*
register the samba ldif handlers
*/
int ldb_register_samba_handlers ( struct ldb_context * ldb )
{
2006-12-15 13:08:57 +00:00
uint32_t i ;
for ( i = 0 ; i < ARRAY_SIZE ( samba_attributes ) ; i + + ) {
int ret ;
uint32_t j ;
2007-05-06 21:28:03 +00:00
const struct ldb_schema_syntax * s = NULL ;
2006-12-15 13:08:57 +00:00
for ( j = 0 ; j < ARRAY_SIZE ( samba_syntaxes ) ; j + + ) {
if ( strcmp ( samba_attributes [ i ] . syntax , samba_syntaxes [ j ] . name ) = = 0 ) {
s = & samba_syntaxes [ j ] ;
break ;
}
}
if ( ! s ) {
s = ldb_standard_syntax_by_name ( ldb , samba_attributes [ i ] . syntax ) ;
}
if ( ! s ) {
return - 1 ;
}
ret = ldb_schema_attribute_add_with_syntax ( ldb , samba_attributes [ i ] . name , 0 , s ) ;
if ( ret ! = LDB_SUCCESS ) {
return ret ;
}
}
return LDB_SUCCESS ;
2005-06-21 07:52:00 +00:00
}