2005-06-21 07:52:00 +00:00
/*
ldb database library - ldif handlers for Samba
2006-06-06 22:04:55 +00:00
Copyright ( C ) Andrew Tridgell 2005
2009-11-05 17:00:20 +11:00
Copyright ( C ) Andrew Bartlett 2006 - 2009
2009-06-18 11:05:45 +02:00
Copyright ( C ) Matthias Dieter Wallnöfer 2009
2005-06-21 07:52:00 +00:00
* * NOTE ! The following LGPL license applies to the ldb
* * library . This does NOT imply that all of Samba is released
* * under the LGPL
This library is free software ; you can redistribute it and / or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation ; either
2007-07-10 02:46:15 +00:00
version 3 of the License , or ( at your option ) any later version .
2005-06-21 07:52:00 +00:00
This library is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the GNU
Lesser General Public License for more details .
You should have received a copy of the GNU Lesser General Public
2007-07-10 03:42:26 +00:00
License along with this library ; if not , see < http : //www.gnu.org/licenses/>.
2005-06-21 07:52:00 +00:00
*/
# include "includes.h"
2011-02-10 14:12:51 +11:00
# include <ldb.h>
# include <ldb_module.h>
2009-01-30 20:12:16 -05:00
# include "ldb_handlers.h"
2007-12-07 23:56:53 +01:00
# include "dsdb/samdb/samdb.h"
2012-08-29 11:32:26 +10:00
# include "dsdb/common/util.h"
2006-01-06 04:01:23 +00:00
# include "librpc/gen_ndr/ndr_security.h"
2005-07-27 22:14:55 +00:00
# include "librpc/gen_ndr/ndr_misc.h"
2008-05-29 18:38:17 +10:00
# include "librpc/gen_ndr/ndr_drsblobs.h"
2010-08-05 15:22:49 +10:00
# include "librpc/gen_ndr/ndr_dnsp.h"
2009-09-08 21:45:08 +10:00
# include "librpc/ndr/libndr.h"
2006-04-02 12:02:01 +00:00
# include "libcli/security/security.h"
2008-05-29 18:38:17 +10:00
# include "param/param.h"
2009-10-11 21:00:55 +03:00
# include "../lib/util/asn1.h"
2005-06-21 07:52:00 +00:00
2009-09-08 21:55:56 +10:00
/*
use ndr_print_ * to convert a NDR formatted blob to a ldif formatted blob
2010-01-20 17:58:39 +02:00
If mask_errors is true , then function succeeds but out data
is set to " <Unable to decode binary data> " message
\ return 0 on success ; - 1 on error
2009-09-08 21:55:56 +10:00
*/
static int ldif_write_NDR ( struct ldb_context * ldb , void * mem_ctx ,
const struct ldb_val * in , struct ldb_val * out ,
size_t struct_size ,
ndr_pull_flags_fn_t pull_fn ,
2010-01-20 17:58:39 +02:00
ndr_print_fn_t print_fn ,
bool mask_errors )
2009-09-08 21:55:56 +10:00
{
uint8_t * p ;
enum ndr_err_code err ;
if ( ! ( ldb_get_flags ( ldb ) & LDB_FLG_SHOW_BINARY ) ) {
return ldb_handler_copy ( ldb , mem_ctx , in , out ) ;
}
p = talloc_size ( mem_ctx , struct_size ) ;
err = ndr_pull_struct_blob ( in , mem_ctx ,
p , pull_fn ) ;
if ( err ! = NDR_ERR_SUCCESS ) {
2010-01-20 17:58:39 +02:00
/* fail in not in mask_error mode */
if ( ! mask_errors ) {
return - 1 ;
}
2009-09-08 21:55:56 +10:00
talloc_free ( p ) ;
2009-09-19 18:41:22 -07:00
out - > data = ( uint8_t * ) talloc_strdup ( mem_ctx , " <Unable to decode binary data> " ) ;
out - > length = strlen ( ( const char * ) out - > data ) ;
return 0 ;
2009-09-08 21:55:56 +10:00
}
out - > data = ( uint8_t * ) ndr_print_struct_string ( mem_ctx , print_fn , " NDR " , p ) ;
talloc_free ( p ) ;
if ( out - > data = = NULL ) {
return ldb_handler_copy ( ldb , mem_ctx , in , out ) ;
}
out - > length = strlen ( ( char * ) out - > data ) ;
return 0 ;
}
2005-06-21 07:52:00 +00:00
/*
convert a ldif formatted objectSid to a NDR formatted blob
*/
2005-07-02 17:30:03 +00:00
static int ldif_read_objectSid ( struct ldb_context * ldb , void * mem_ctx ,
const struct ldb_val * in , struct ldb_val * out )
2005-06-21 07:52:00 +00:00
{
2016-06-27 12:18:37 +12:00
bool ret ;
2007-11-09 19:24:51 +01:00
enum ndr_err_code ndr_err ;
2016-06-27 12:18:37 +12:00
struct dom_sid sid ;
if ( in - > length > DOM_SID_STR_BUFLEN ) {
2016-06-27 10:52:55 +12:00
return - 1 ;
2016-06-27 12:18:37 +12:00
} else {
char p [ in - > length + 1 ] ;
memcpy ( p , in - > data , in - > length ) ;
p [ in - > length ] = ' \0 ' ;
ret = dom_sid_parse ( p , & sid ) ;
if ( ret = = false ) {
return - 1 ;
}
* out = data_blob_talloc ( mem_ctx , NULL ,
ndr_size_dom_sid ( & sid , 0 ) ) ;
if ( out - > data = = NULL ) {
return - 1 ;
}
2016-06-27 10:52:55 +12:00
2016-06-27 12:18:37 +12:00
ndr_err = ndr_push_struct_into_fixed_blob ( out , & sid ,
( ndr_push_flags_fn_t ) ndr_push_dom_sid ) ;
if ( ! NDR_ERR_CODE_IS_SUCCESS ( ndr_err ) ) {
return - 1 ;
}
2005-06-21 07:52:00 +00:00
}
return 0 ;
}
/*
convert a NDR formatted blob to a ldif formatted objectSid
*/
2009-10-23 22:59:48 -05:00
int ldif_write_objectSid ( struct ldb_context * ldb , void * mem_ctx ,
2005-07-02 17:30:03 +00:00
const struct ldb_val * in , struct ldb_val * out )
2005-06-21 07:52:00 +00:00
{
2016-04-22 12:03:25 +12:00
struct dom_sid sid ;
2007-11-09 19:24:51 +01:00
enum ndr_err_code ndr_err ;
2016-04-22 12:03:25 +12:00
ndr_err = ndr_pull_struct_blob_all_noalloc ( in , & sid ,
2008-12-16 08:43:12 +01:00
( ndr_pull_flags_fn_t ) ndr_pull_dom_sid ) ;
2007-11-09 19:24:51 +01:00
if ( ! NDR_ERR_CODE_IS_SUCCESS ( ndr_err ) ) {
2005-06-21 07:52:00 +00:00
return - 1 ;
}
2016-04-22 12:03:25 +12:00
* out = data_blob_string_const ( dom_sid_string ( mem_ctx , & sid ) ) ;
2005-06-21 07:52:00 +00:00
if ( out - > data = = NULL ) {
return - 1 ;
}
return 0 ;
}
2009-10-23 22:59:48 -05:00
bool ldif_comparision_objectSid_isString ( const struct ldb_val * v )
2005-07-08 05:14:46 +00:00
{
2006-11-01 03:17:23 +00:00
if ( v - > length < 3 ) {
2007-10-06 21:42:58 +00:00
return false ;
2006-11-01 03:17:23 +00:00
}
2007-10-06 21:42:58 +00:00
if ( strncmp ( " S- " , ( const char * ) v - > data , 2 ) ! = 0 ) return false ;
2006-11-01 03:17:23 +00:00
2007-10-05 17:24:50 +00:00
return true ;
2005-07-08 05:14:46 +00:00
}
r8037: a fairly major update to the internals of ldb. Changes are:
- moved the knowledge of attribute types out of ldb_tdb and into the
generic ldb code. This allows the ldb_match() message match logic
to be generic, so it can be used by other backend
- added the generic ability to load attribute handlers, for
canonicalisation, compare, ldif read and ldif write. In the future
this will be used by the schema module to allow us to correctly
obey the attributetype schema elements
- added attribute handlers for some of the core ldap attribute types,
Integer, DirectoryString, DN, ObjectClass etc
- added automatic registration of attribute handlers for well-known
attribute names 'cn', 'dc', 'dn', 'ou' and 'objectClass'
- converted the objectSid special handlers for Samba to the new system
- added more correct handling of indexing in tdb backend based on the
attribute canonicalisation function
- added generic support for subclasses, moving it out of the tdb
backend. This will be used in future by the schema module
- fixed several bugs in the dn_explode code. It still needs more
work, but doesn't corrupt ldb dbs any more.
(This used to be commit 944c5844ab441b96d8e5d7b2d151982139d1fab9)
2005-07-01 06:21:26 +00:00
/*
compare two objectSids
*/
2009-06-18 11:05:45 +02:00
static int ldif_comparison_objectSid ( struct ldb_context * ldb , void * mem_ctx ,
r8037: a fairly major update to the internals of ldb. Changes are:
- moved the knowledge of attribute types out of ldb_tdb and into the
generic ldb code. This allows the ldb_match() message match logic
to be generic, so it can be used by other backend
- added the generic ability to load attribute handlers, for
canonicalisation, compare, ldif read and ldif write. In the future
this will be used by the schema module to allow us to correctly
obey the attributetype schema elements
- added attribute handlers for some of the core ldap attribute types,
Integer, DirectoryString, DN, ObjectClass etc
- added automatic registration of attribute handlers for well-known
attribute names 'cn', 'dc', 'dn', 'ou' and 'objectClass'
- converted the objectSid special handlers for Samba to the new system
- added more correct handling of indexing in tdb backend based on the
attribute canonicalisation function
- added generic support for subclasses, moving it out of the tdb
backend. This will be used in future by the schema module
- fixed several bugs in the dn_explode code. It still needs more
work, but doesn't corrupt ldb dbs any more.
(This used to be commit 944c5844ab441b96d8e5d7b2d151982139d1fab9)
2005-07-01 06:21:26 +00:00
const struct ldb_val * v1 , const struct ldb_val * v2 )
{
2009-06-18 11:05:45 +02:00
if ( ldif_comparision_objectSid_isString ( v1 ) & & ldif_comparision_objectSid_isString ( v2 ) ) {
2008-08-21 15:10:40 +10:00
return ldb_comparison_binary ( ldb , mem_ctx , v1 , v2 ) ;
2009-06-18 11:05:45 +02:00
} else if ( ldif_comparision_objectSid_isString ( v1 )
& & ! ldif_comparision_objectSid_isString ( v2 ) ) {
2006-07-12 01:25:20 +00:00
struct ldb_val v ;
int ret ;
if ( ldif_read_objectSid ( ldb , mem_ctx , v1 , & v ) ! = 0 ) {
2008-08-21 15:10:40 +10:00
/* Perhaps not a string after all */
return ldb_comparison_binary ( ldb , mem_ctx , v1 , v2 ) ;
2005-07-01 07:02:26 +00:00
}
2006-07-12 01:25:20 +00:00
ret = ldb_comparison_binary ( ldb , mem_ctx , & v , v2 ) ;
talloc_free ( v . data ) ;
return ret ;
2009-06-18 11:05:45 +02:00
} else if ( ! ldif_comparision_objectSid_isString ( v1 )
& & ldif_comparision_objectSid_isString ( v2 ) ) {
2006-07-12 01:25:20 +00:00
struct ldb_val v ;
int ret ;
if ( ldif_read_objectSid ( ldb , mem_ctx , v2 , & v ) ! = 0 ) {
2008-08-21 15:10:40 +10:00
/* Perhaps not a string after all */
return ldb_comparison_binary ( ldb , mem_ctx , v1 , v2 ) ;
2006-07-12 01:25:20 +00:00
}
ret = ldb_comparison_binary ( ldb , mem_ctx , v1 , & v ) ;
talloc_free ( v . data ) ;
return ret ;
2005-07-01 07:02:26 +00:00
}
2005-07-02 17:30:03 +00:00
return ldb_comparison_binary ( ldb , mem_ctx , v1 , v2 ) ;
r8037: a fairly major update to the internals of ldb. Changes are:
- moved the knowledge of attribute types out of ldb_tdb and into the
generic ldb code. This allows the ldb_match() message match logic
to be generic, so it can be used by other backend
- added the generic ability to load attribute handlers, for
canonicalisation, compare, ldif read and ldif write. In the future
this will be used by the schema module to allow us to correctly
obey the attributetype schema elements
- added attribute handlers for some of the core ldap attribute types,
Integer, DirectoryString, DN, ObjectClass etc
- added automatic registration of attribute handlers for well-known
attribute names 'cn', 'dc', 'dn', 'ou' and 'objectClass'
- converted the objectSid special handlers for Samba to the new system
- added more correct handling of indexing in tdb backend based on the
attribute canonicalisation function
- added generic support for subclasses, moving it out of the tdb
backend. This will be used in future by the schema module
- fixed several bugs in the dn_explode code. It still needs more
work, but doesn't corrupt ldb dbs any more.
(This used to be commit 944c5844ab441b96d8e5d7b2d151982139d1fab9)
2005-07-01 06:21:26 +00:00
}
2005-07-01 07:02:26 +00:00
/*
canonicalise a objectSid
*/
2009-06-18 11:05:45 +02:00
static int ldif_canonicalise_objectSid ( struct ldb_context * ldb , void * mem_ctx ,
2005-07-02 17:30:03 +00:00
const struct ldb_val * in , struct ldb_val * out )
2005-07-01 07:02:26 +00:00
{
2009-06-18 11:05:45 +02:00
if ( ldif_comparision_objectSid_isString ( in ) ) {
2008-08-21 15:10:40 +10:00
if ( ldif_read_objectSid ( ldb , mem_ctx , in , out ) ! = 0 ) {
/* Perhaps not a string after all */
return ldb_handler_copy ( ldb , mem_ctx , in , out ) ;
}
2008-08-22 18:37:34 +10:00
return 0 ;
2005-07-01 07:02:26 +00:00
}
2005-07-02 17:30:03 +00:00
return ldb_handler_copy ( ldb , mem_ctx , in , out ) ;
2005-07-01 07:02:26 +00:00
}
2008-12-16 08:43:12 +01:00
static int extended_dn_read_SID ( struct ldb_context * ldb , void * mem_ctx ,
const struct ldb_val * in , struct ldb_val * out )
{
struct dom_sid sid ;
enum ndr_err_code ndr_err ;
2009-06-18 11:05:45 +02:00
if ( ldif_comparision_objectSid_isString ( in ) ) {
2008-12-16 08:43:12 +01:00
if ( ldif_read_objectSid ( ldb , mem_ctx , in , out ) = = 0 ) {
return 0 ;
}
}
/* Perhaps not a string after all */
2009-10-02 22:40:50 +10:00
* out = data_blob_talloc ( mem_ctx , NULL , in - > length / 2 + 1 ) ;
2008-12-16 08:43:12 +01:00
if ( ! out - > data ) {
return - 1 ;
}
2009-10-02 22:40:50 +10:00
( * out ) . length = strhex_to_str ( ( char * ) out - > data , out - > length ,
( const char * ) in - > data , in - > length ) ;
2008-12-16 08:43:12 +01:00
/* Check it looks like a SID */
2016-04-22 12:03:25 +12:00
ndr_err = ndr_pull_struct_blob_all_noalloc ( out , & sid ,
2008-12-16 08:43:12 +01:00
( ndr_pull_flags_fn_t ) ndr_pull_dom_sid ) ;
if ( ! NDR_ERR_CODE_IS_SUCCESS ( ndr_err ) ) {
return - 1 ;
}
return 0 ;
}
2005-07-08 05:14:46 +00:00
/*
convert a ldif formatted objectGUID to a NDR formatted blob
*/
static int ldif_read_objectGUID ( struct ldb_context * ldb , void * mem_ctx ,
const struct ldb_val * in , struct ldb_val * out )
{
struct GUID guid ;
NTSTATUS status ;
2008-12-16 08:43:12 +01:00
status = GUID_from_data_blob ( in , & guid ) ;
2005-07-08 05:14:46 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
return - 1 ;
}
2009-12-10 14:32:47 +11:00
status = GUID_to_ndr_blob ( & guid , mem_ctx , out ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2005-07-08 05:14:46 +00:00
return - 1 ;
}
return 0 ;
}
/*
convert a NDR formatted blob to a ldif formatted objectGUID
*/
static int ldif_write_objectGUID ( struct ldb_context * ldb , void * mem_ctx ,
const struct ldb_val * in , struct ldb_val * out )
{
struct GUID guid ;
2009-12-10 11:27:09 +11:00
NTSTATUS status ;
status = GUID_from_ndr_blob ( in , & guid ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2005-07-08 05:14:46 +00:00
return - 1 ;
}
2005-07-08 05:27:47 +00:00
out - > data = ( uint8_t * ) GUID_string ( mem_ctx , & guid ) ;
2005-07-08 05:14:46 +00:00
if ( out - > data = = NULL ) {
return - 1 ;
}
2005-07-08 05:27:47 +00:00
out - > length = strlen ( ( const char * ) out - > data ) ;
2005-07-08 05:14:46 +00:00
return 0 ;
}
2009-06-18 11:05:45 +02:00
static bool ldif_comparision_objectGUID_isString ( const struct ldb_val * v )
2005-07-08 05:14:46 +00:00
{
2008-12-16 08:43:12 +01:00
if ( v - > length ! = 36 & & v - > length ! = 38 ) return false ;
2006-07-12 01:25:20 +00:00
2008-12-16 08:43:12 +01:00
/* Might be a GUID string, can't be a binary GUID (fixed 16 bytes) */
return true ;
}
2006-11-13 03:21:13 +00:00
2008-12-16 08:43:12 +01:00
static int extended_dn_read_GUID ( struct ldb_context * ldb , void * mem_ctx ,
const struct ldb_val * in , struct ldb_val * out )
{
2009-12-10 11:27:09 +11:00
2008-12-16 08:43:12 +01:00
if ( in - > length = = 36 & & ldif_read_objectGUID ( ldb , mem_ctx , in , out ) = = 0 ) {
return 0 ;
2005-07-08 05:14:46 +00:00
}
2008-12-16 08:43:12 +01:00
/* Try as 'hex' form */
if ( in - > length ! = 32 ) {
return - 1 ;
}
2009-10-02 22:40:50 +10:00
* out = data_blob_talloc ( mem_ctx , NULL , in - > length / 2 + 1 ) ;
2008-12-16 08:43:12 +01:00
if ( ! out - > data ) {
return - 1 ;
}
2009-10-02 22:40:50 +10:00
( * out ) . length = strhex_to_str ( ( char * ) out - > data , out - > length ,
( const char * ) in - > data , in - > length ) ;
2016-06-15 15:42:18 +12:00
2008-12-16 08:43:12 +01:00
/* Check it looks like a GUID */
2016-06-15 15:42:18 +12:00
if ( ( * out ) . length ! = 16 ) {
2009-12-10 11:27:09 +11:00
data_blob_free ( out ) ;
2008-12-16 08:43:12 +01:00
return - 1 ;
}
2016-06-15 15:42:18 +12:00
2008-12-16 08:43:12 +01:00
return 0 ;
2005-07-08 05:14:46 +00:00
}
/*
compare two objectGUIDs
*/
2009-06-18 11:05:45 +02:00
static int ldif_comparison_objectGUID ( struct ldb_context * ldb , void * mem_ctx ,
2005-07-08 05:14:46 +00:00
const struct ldb_val * v1 , const struct ldb_val * v2 )
{
2009-06-18 11:05:45 +02:00
if ( ldif_comparision_objectGUID_isString ( v1 ) & & ldif_comparision_objectGUID_isString ( v2 ) ) {
2008-08-21 15:10:40 +10:00
return ldb_comparison_binary ( ldb , mem_ctx , v1 , v2 ) ;
2009-06-18 11:05:45 +02:00
} else if ( ldif_comparision_objectGUID_isString ( v1 )
& & ! ldif_comparision_objectGUID_isString ( v2 ) ) {
2006-07-12 01:25:20 +00:00
struct ldb_val v ;
int ret ;
if ( ldif_read_objectGUID ( ldb , mem_ctx , v1 , & v ) ! = 0 ) {
2008-08-21 15:10:40 +10:00
/* Perhaps it wasn't a valid string after all */
return ldb_comparison_binary ( ldb , mem_ctx , v1 , v2 ) ;
2006-07-12 01:25:20 +00:00
}
ret = ldb_comparison_binary ( ldb , mem_ctx , & v , v2 ) ;
talloc_free ( v . data ) ;
return ret ;
2009-06-18 11:05:45 +02:00
} else if ( ! ldif_comparision_objectGUID_isString ( v1 )
& & ldif_comparision_objectGUID_isString ( v2 ) ) {
2006-07-12 01:25:20 +00:00
struct ldb_val v ;
int ret ;
if ( ldif_read_objectGUID ( ldb , mem_ctx , v2 , & v ) ! = 0 ) {
2008-08-21 15:10:40 +10:00
/* Perhaps it wasn't a valid string after all */
return ldb_comparison_binary ( ldb , mem_ctx , v1 , v2 ) ;
2005-07-08 05:14:46 +00:00
}
2006-07-12 01:25:20 +00:00
ret = ldb_comparison_binary ( ldb , mem_ctx , v1 , & v ) ;
talloc_free ( v . data ) ;
return ret ;
2005-07-08 05:14:46 +00:00
}
return ldb_comparison_binary ( ldb , mem_ctx , v1 , v2 ) ;
}
/*
canonicalise a objectGUID
*/
2009-06-18 11:05:45 +02:00
static int ldif_canonicalise_objectGUID ( struct ldb_context * ldb , void * mem_ctx ,
2005-07-08 05:14:46 +00:00
const struct ldb_val * in , struct ldb_val * out )
{
2009-06-18 11:05:45 +02:00
if ( ldif_comparision_objectGUID_isString ( in ) ) {
2008-08-21 15:10:40 +10:00
if ( ldif_read_objectGUID ( ldb , mem_ctx , in , out ) ! = 0 ) {
/* Perhaps it wasn't a valid string after all */
return ldb_handler_copy ( ldb , mem_ctx , in , out ) ;
}
2008-08-22 18:37:34 +10:00
return 0 ;
2005-07-08 05:14:46 +00:00
}
return ldb_handler_copy ( ldb , mem_ctx , in , out ) ;
}
2005-06-21 07:52:00 +00:00
2005-12-09 23:43:02 +00:00
/*
convert a ldif ( SDDL ) formatted ntSecurityDescriptor to a NDR formatted blob
*/
static int ldif_read_ntSecurityDescriptor ( struct ldb_context * ldb , void * mem_ctx ,
const struct ldb_val * in , struct ldb_val * out )
{
struct security_descriptor * sd ;
2007-11-09 19:24:51 +01:00
enum ndr_err_code ndr_err ;
2006-08-05 06:35:32 +00:00
2009-08-04 16:07:18 +10:00
sd = talloc ( mem_ctx , struct security_descriptor ) ;
2005-12-09 23:43:02 +00:00
if ( sd = = NULL ) {
return - 1 ;
}
2009-08-04 16:07:18 +10:00
2010-05-09 17:20:01 +02:00
ndr_err = ndr_pull_struct_blob ( in , sd , sd ,
2009-08-04 16:07:18 +10:00
( ndr_pull_flags_fn_t ) ndr_pull_security_descriptor ) ;
if ( ! NDR_ERR_CODE_IS_SUCCESS ( ndr_err ) ) {
/* If this does not parse, then it is probably SDDL, and we should try it that way */
2010-10-10 17:15:11 +02:00
2009-08-04 16:11:55 +10:00
const struct dom_sid * sid = samdb_domain_sid ( ldb ) ;
2009-08-04 16:07:18 +10:00
talloc_free ( sd ) ;
sd = sddl_decode ( mem_ctx , ( const char * ) in - > data , sid ) ;
if ( sd = = NULL ) {
return - 1 ;
}
}
2010-05-09 17:20:01 +02:00
ndr_err = ndr_push_struct_blob ( out , mem_ctx , sd ,
2007-11-09 19:24:51 +01:00
( ndr_push_flags_fn_t ) ndr_push_security_descriptor ) ;
2009-10-02 22:40:50 +10:00
talloc_free ( sd ) ;
2007-11-09 19:24:51 +01:00
if ( ! NDR_ERR_CODE_IS_SUCCESS ( ndr_err ) ) {
2005-12-09 23:43:02 +00:00
return - 1 ;
}
2009-08-04 16:07:18 +10:00
2005-12-09 23:43:02 +00:00
return 0 ;
}
/*
convert a NDR formatted blob to a ldif formatted ntSecurityDescriptor ( SDDL format )
*/
static int ldif_write_ntSecurityDescriptor ( struct ldb_context * ldb , void * mem_ctx ,
const struct ldb_val * in , struct ldb_val * out )
{
struct security_descriptor * sd ;
2007-11-09 19:24:51 +01:00
enum ndr_err_code ndr_err ;
2005-12-09 23:43:02 +00:00
2009-09-08 21:55:56 +10:00
if ( ldb_get_flags ( ldb ) & LDB_FLG_SHOW_BINARY ) {
return ldif_write_NDR ( ldb , mem_ctx , in , out ,
sizeof ( struct security_descriptor ) ,
( ndr_pull_flags_fn_t ) ndr_pull_security_descriptor ,
2010-01-20 17:58:39 +02:00
( ndr_print_fn_t ) ndr_print_security_descriptor ,
true ) ;
2009-09-08 21:55:56 +10:00
}
2005-12-09 23:43:02 +00:00
sd = talloc ( mem_ctx , struct security_descriptor ) ;
if ( sd = = NULL ) {
return - 1 ;
}
2008-12-16 08:43:12 +01:00
/* We can't use ndr_pull_struct_blob_all because this contains relative pointers */
2010-05-09 17:20:01 +02:00
ndr_err = ndr_pull_struct_blob ( in , sd , sd ,
2008-12-16 08:43:12 +01:00
( ndr_pull_flags_fn_t ) ndr_pull_security_descriptor ) ;
2007-11-09 19:24:51 +01:00
if ( ! NDR_ERR_CODE_IS_SUCCESS ( ndr_err ) ) {
2005-12-09 23:43:02 +00:00
talloc_free ( sd ) ;
return - 1 ;
}
2010-01-10 12:53:07 +11:00
out - > data = ( uint8_t * ) sddl_encode ( mem_ctx , sd , samdb_domain_sid_cache_only ( ldb ) ) ;
2005-12-09 23:43:02 +00:00
talloc_free ( sd ) ;
if ( out - > data = = NULL ) {
return - 1 ;
}
out - > length = strlen ( ( const char * ) out - > data ) ;
return 0 ;
}
2011-07-15 11:25:36 +10:00
/*
convert a string formatted SDDL to a ldif formatted ntSecurityDescriptor ( SDDL format )
*/
static int ldif_write_sddlSecurityDescriptor ( struct ldb_context * ldb , void * mem_ctx ,
const struct ldb_val * in , struct ldb_val * out )
{
if ( ldb_get_flags ( ldb ) & LDB_FLG_SHOW_BINARY ) {
struct security_descriptor * sd ;
const struct dom_sid * sid = samdb_domain_sid ( ldb ) ;
sd = sddl_decode ( mem_ctx , ( const char * ) in - > data , sid ) ;
out - > data = ( uint8_t * ) ndr_print_struct_string ( mem_ctx ,
( ndr_print_fn_t ) ndr_print_security_descriptor ,
" SDDL " , sd ) ;
out - > length = strlen ( ( const char * ) out - > data ) ;
talloc_free ( sd ) ;
return 0 ;
}
return ldb_handler_copy ( ldb , mem_ctx , in , out ) ;
}
2006-06-06 22:04:55 +00:00
/*
2011-08-02 09:35:23 +10:00
canonicalise an objectCategory . We use the long form as the canonical form :
' person ' becomes cn = Person , cn = Schema , cn = Configuration , < basedn >
Also any short name of an objectClass that points to a different
class ( such as user ) has the canonical form of the class it ' s
defaultObjectCategory points to ( eg
cn = Person , cn = Schema , cn = Configuration , < basedn > )
2006-06-06 22:04:55 +00:00
*/
static int ldif_canonicalise_objectCategory ( struct ldb_context * ldb , void * mem_ctx ,
const struct ldb_val * in , struct ldb_val * out )
{
struct ldb_dn * dn1 = NULL ;
2010-03-16 14:52:39 +11:00
const struct dsdb_schema * schema = dsdb_get_schema ( ldb , NULL ) ;
2009-02-02 11:25:39 +01:00
const struct dsdb_class * sclass ;
2007-08-20 00:22:53 +00:00
TALLOC_CTX * tmp_ctx = talloc_new ( mem_ctx ) ;
if ( ! tmp_ctx ) {
return LDB_ERR_OPERATIONS_ERROR ;
}
2006-06-06 22:04:55 +00:00
2007-06-21 10:18:20 +00:00
if ( ! schema ) {
2009-09-01 19:56:56 +10:00
talloc_free ( tmp_ctx ) ;
2007-06-21 10:18:20 +00:00
* out = data_blob_talloc ( mem_ctx , in - > data , in - > length ) ;
2007-08-20 00:22:53 +00:00
if ( in - > data & & ! out - > data ) {
return LDB_ERR_OPERATIONS_ERROR ;
}
2007-06-21 10:18:20 +00:00
return LDB_SUCCESS ;
}
2008-08-21 19:24:58 +10:00
dn1 = ldb_dn_from_ldb_val ( tmp_ctx , ldb , in ) ;
2006-11-22 00:59:34 +00:00
if ( ! ldb_dn_validate ( dn1 ) ) {
2007-08-20 00:22:53 +00:00
const char * lDAPDisplayName = talloc_strndup ( tmp_ctx , ( char * ) in - > data , in - > length ) ;
2009-02-02 11:25:39 +01:00
sclass = dsdb_class_by_lDAPDisplayName ( schema , lDAPDisplayName ) ;
if ( sclass ) {
2014-07-16 16:17:56 +02:00
struct ldb_dn * dn = ldb_dn_new ( tmp_ctx , ldb ,
2009-02-02 11:25:39 +01:00
sclass - > defaultObjectCategory ) ;
2014-07-16 16:17:56 +02:00
if ( dn = = NULL ) {
talloc_free ( tmp_ctx ) ;
return LDB_ERR_OPERATIONS_ERROR ;
}
2007-08-20 00:22:53 +00:00
* out = data_blob_string_const ( ldb_dn_alloc_casefold ( mem_ctx , dn ) ) ;
talloc_free ( tmp_ctx ) ;
if ( ! out - > data ) {
return LDB_ERR_OPERATIONS_ERROR ;
}
2007-08-15 13:14:38 +00:00
return LDB_SUCCESS ;
} else {
* out = data_blob_talloc ( mem_ctx , in - > data , in - > length ) ;
2007-08-20 00:22:53 +00:00
talloc_free ( tmp_ctx ) ;
if ( in - > data & & ! out - > data ) {
return LDB_ERR_OPERATIONS_ERROR ;
}
2007-08-15 13:14:38 +00:00
return LDB_SUCCESS ;
}
2007-06-21 10:18:20 +00:00
}
2007-08-20 00:22:53 +00:00
* out = data_blob_string_const ( ldb_dn_alloc_casefold ( mem_ctx , dn1 ) ) ;
talloc_free ( tmp_ctx ) ;
if ( ! out - > data ) {
return LDB_ERR_OPERATIONS_ERROR ;
}
2007-06-21 10:18:20 +00:00
return LDB_SUCCESS ;
2006-06-06 22:04:55 +00:00
}
static int ldif_comparison_objectCategory ( struct ldb_context * ldb , void * mem_ctx ,
const struct ldb_val * v1 ,
const struct ldb_val * v2 )
{
2009-11-05 17:00:20 +11:00
return ldb_any_comparison ( ldb , mem_ctx , ldif_canonicalise_objectCategory ,
v1 , v2 ) ;
2006-06-06 22:04:55 +00:00
}
2010-03-18 17:04:34 +02:00
/*
convert a NDR formatted blob to a ldif formatted schemaInfo
*/
static int ldif_write_schemaInfo ( struct ldb_context * ldb , void * mem_ctx ,
const struct ldb_val * in , struct ldb_val * out )
{
return ldif_write_NDR ( ldb , mem_ctx , in , out ,
sizeof ( struct repsFromToBlob ) ,
( ndr_pull_flags_fn_t ) ndr_pull_schemaInfoBlob ,
( ndr_print_fn_t ) ndr_print_schemaInfoBlob ,
true ) ;
}
2008-05-29 18:38:17 +10:00
/*
convert a ldif formatted prefixMap to a NDR formatted blob
*/
static int ldif_read_prefixMap ( struct ldb_context * ldb , void * mem_ctx ,
const struct ldb_val * in , struct ldb_val * out )
{
struct prefixMapBlob * blob ;
enum ndr_err_code ndr_err ;
char * string , * line , * p , * oid ;
2009-10-11 21:00:55 +03:00
DATA_BLOB oid_blob ;
2008-05-29 18:38:17 +10:00
2008-05-29 20:01:32 +10:00
TALLOC_CTX * tmp_ctx = talloc_new ( mem_ctx ) ;
if ( tmp_ctx = = NULL ) {
return - 1 ;
}
blob = talloc_zero ( tmp_ctx , struct prefixMapBlob ) ;
2008-05-29 18:38:17 +10:00
if ( blob = = NULL ) {
2010-06-12 11:31:30 +02:00
talloc_free ( tmp_ctx ) ;
2008-05-29 18:38:17 +10:00
return - 1 ;
}
2008-05-29 20:01:32 +10:00
2010-10-02 13:03:40 -07:00
/* use the switch value to detect if this is in the binary
* format
*/
if ( in - > length > = 4 & & IVAL ( in - > data , 0 ) = = PREFIX_MAP_VERSION_DSDB ) {
ndr_err = ndr_pull_struct_blob ( in , tmp_ctx , blob ,
( ndr_pull_flags_fn_t ) ndr_pull_prefixMapBlob ) ;
if ( NDR_ERR_CODE_IS_SUCCESS ( ndr_err ) ) {
ndr_err = ndr_push_struct_blob ( out , mem_ctx ,
blob ,
( ndr_push_flags_fn_t ) ndr_push_prefixMapBlob ) ;
talloc_free ( tmp_ctx ) ;
if ( ! NDR_ERR_CODE_IS_SUCCESS ( ndr_err ) ) {
return - 1 ;
}
return 0 ;
2010-06-10 08:51:30 +10:00
}
}
/* If this does not parse, then it is probably the text version, and we should try it that way */
2008-05-29 20:01:32 +10:00
blob - > version = PREFIX_MAP_VERSION_DSDB ;
2008-05-29 18:38:17 +10:00
2008-05-29 20:01:32 +10:00
string = talloc_strndup ( mem_ctx , ( const char * ) in - > data , in - > length ) ;
if ( string = = NULL ) {
talloc_free ( blob ) ;
return - 1 ;
}
2008-05-29 18:38:17 +10:00
line = string ;
while ( line & & line [ 0 ] ) {
p = strchr ( line , ' ; ' ) ;
if ( p ) {
p [ 0 ] = ' \0 ' ;
} else {
2008-05-29 20:01:32 +10:00
p = strchr ( line , ' \n ' ) ;
2008-05-29 18:38:17 +10:00
if ( p ) {
p [ 0 ] = ' \0 ' ;
}
}
2010-02-21 17:22:45 +11:00
/* allow a trailing separator */
2008-05-29 20:01:32 +10:00
if ( line = = p ) {
break ;
}
2008-05-29 18:38:17 +10:00
blob - > ctr . dsdb . mappings = talloc_realloc ( blob ,
blob - > ctr . dsdb . mappings ,
struct drsuapi_DsReplicaOIDMapping ,
blob - > ctr . dsdb . num_mappings + 1 ) ;
if ( ! blob - > ctr . dsdb . mappings ) {
2008-05-29 20:01:32 +10:00
talloc_free ( tmp_ctx ) ;
2008-05-29 18:38:17 +10:00
return - 1 ;
}
2008-05-29 20:01:32 +10:00
blob - > ctr . dsdb . mappings [ blob - > ctr . dsdb . num_mappings ] . id_prefix = strtoul ( line , & oid , 10 ) ;
2008-05-29 18:38:17 +10:00
if ( oid [ 0 ] ! = ' : ' ) {
2008-05-29 20:01:32 +10:00
talloc_free ( tmp_ctx ) ;
2008-05-29 18:38:17 +10:00
return - 1 ;
}
/* we know there must be at least ":" */
oid + + ;
2009-10-11 21:00:55 +03:00
if ( ! ber_write_partial_OID_String ( blob - > ctr . dsdb . mappings , & oid_blob , oid ) ) {
talloc_free ( tmp_ctx ) ;
return - 1 ;
}
blob - > ctr . dsdb . mappings [ blob - > ctr . dsdb . num_mappings ] . oid . length = oid_blob . length ;
blob - > ctr . dsdb . mappings [ blob - > ctr . dsdb . num_mappings ] . oid . binary_oid = oid_blob . data ;
2008-05-29 18:38:17 +10:00
blob - > ctr . dsdb . num_mappings + + ;
2008-05-29 20:01:32 +10:00
/* Now look past the terminator we added above */
2008-05-29 18:38:17 +10:00
if ( p ) {
2008-05-29 20:01:32 +10:00
line = p + 1 ;
2008-05-29 18:38:17 +10:00
} else {
line = NULL ;
}
}
ndr_err = ndr_push_struct_blob ( out , mem_ctx ,
blob ,
( ndr_push_flags_fn_t ) ndr_push_prefixMapBlob ) ;
2008-05-29 20:01:32 +10:00
talloc_free ( tmp_ctx ) ;
2008-05-29 18:38:17 +10:00
if ( ! NDR_ERR_CODE_IS_SUCCESS ( ndr_err ) ) {
return - 1 ;
}
return 0 ;
}
/*
convert a NDR formatted blob to a ldif formatted prefixMap
*/
static int ldif_write_prefixMap ( struct ldb_context * ldb , void * mem_ctx ,
const struct ldb_val * in , struct ldb_val * out )
{
struct prefixMapBlob * blob ;
enum ndr_err_code ndr_err ;
2008-05-29 20:01:32 +10:00
char * string ;
2010-03-08 08:02:32 +01:00
uint32_t i ;
2008-05-29 18:38:17 +10:00
2009-09-08 22:02:59 +10:00
if ( ldb_get_flags ( ldb ) & LDB_FLG_SHOW_BINARY ) {
2010-01-20 18:10:05 +02:00
int err ;
/* try to decode the blob as S4 prefixMap */
err = ldif_write_NDR ( ldb , mem_ctx , in , out ,
sizeof ( struct prefixMapBlob ) ,
( ndr_pull_flags_fn_t ) ndr_pull_prefixMapBlob ,
( ndr_print_fn_t ) ndr_print_prefixMapBlob ,
false ) ;
if ( 0 = = err ) {
return err ;
}
/* try parsing it as Windows PrefixMap value */
return ldif_write_NDR ( ldb , mem_ctx , in , out ,
sizeof ( struct drsuapi_MSPrefixMap_Ctr ) ,
( ndr_pull_flags_fn_t ) ndr_pull_drsuapi_MSPrefixMap_Ctr ,
( ndr_print_fn_t ) ndr_print_drsuapi_MSPrefixMap_Ctr ,
true ) ;
2009-09-08 22:02:59 +10:00
}
2008-05-29 18:38:17 +10:00
blob = talloc ( mem_ctx , struct prefixMapBlob ) ;
if ( blob = = NULL ) {
return - 1 ;
}
2008-12-16 08:43:12 +01:00
ndr_err = ndr_pull_struct_blob_all ( in , blob ,
blob ,
( ndr_pull_flags_fn_t ) ndr_pull_prefixMapBlob ) ;
2008-05-29 18:38:17 +10:00
if ( ! NDR_ERR_CODE_IS_SUCCESS ( ndr_err ) ) {
2009-10-11 21:00:55 +03:00
goto failed ;
2008-05-29 18:38:17 +10:00
}
if ( blob - > version ! = PREFIX_MAP_VERSION_DSDB ) {
2009-10-11 21:00:55 +03:00
goto failed ;
2008-05-29 18:38:17 +10:00
}
2008-05-29 20:01:32 +10:00
string = talloc_strdup ( mem_ctx , " " ) ;
if ( string = = NULL ) {
2009-10-11 21:00:55 +03:00
goto failed ;
2008-05-29 18:38:17 +10:00
}
for ( i = 0 ; i < blob - > ctr . dsdb . num_mappings ; i + + ) {
2009-10-11 21:00:55 +03:00
DATA_BLOB oid_blob ;
2010-12-19 16:36:16 +01:00
char * partial_oid = NULL ;
2009-10-11 21:00:55 +03:00
2008-05-29 18:38:17 +10:00
if ( i > 0 ) {
2008-05-29 20:01:32 +10:00
string = talloc_asprintf_append ( string , " ; " ) ;
2008-05-29 18:38:17 +10:00
}
2009-10-11 21:00:55 +03:00
oid_blob = data_blob_const ( blob - > ctr . dsdb . mappings [ i ] . oid . binary_oid ,
blob - > ctr . dsdb . mappings [ i ] . oid . length ) ;
if ( ! ber_read_partial_OID_String ( blob , oid_blob , & partial_oid ) ) {
DEBUG ( 0 , ( " ber_read_partial_OID failed on prefixMap item with id: 0x%X " ,
blob - > ctr . dsdb . mappings [ i ] . id_prefix ) ) ;
goto failed ;
}
2008-05-29 20:16:18 +10:00
string = talloc_asprintf_append ( string , " %u:%s " ,
2008-05-29 18:38:17 +10:00
blob - > ctr . dsdb . mappings [ i ] . id_prefix ,
2009-10-11 21:00:55 +03:00
partial_oid ) ;
talloc_free ( discard_const ( partial_oid ) ) ;
2008-05-29 20:01:32 +10:00
if ( string = = NULL ) {
2009-10-11 21:00:55 +03:00
goto failed ;
2008-05-29 18:38:17 +10:00
}
}
talloc_free ( blob ) ;
2008-05-29 20:01:32 +10:00
* out = data_blob_string_const ( string ) ;
2008-05-29 18:38:17 +10:00
return 0 ;
2009-10-11 21:00:55 +03:00
failed :
talloc_free ( blob ) ;
return - 1 ;
2008-05-29 18:38:17 +10:00
}
static bool ldif_comparision_prefixMap_isString ( const struct ldb_val * v )
{
if ( v - > length < 4 ) {
return true ;
}
if ( IVAL ( v - > data , 0 ) = = PREFIX_MAP_VERSION_DSDB ) {
return false ;
}
return true ;
}
/*
canonicalise a prefixMap
*/
static int ldif_canonicalise_prefixMap ( struct ldb_context * ldb , void * mem_ctx ,
const struct ldb_val * in , struct ldb_val * out )
{
if ( ldif_comparision_prefixMap_isString ( in ) ) {
return ldif_read_prefixMap ( ldb , mem_ctx , in , out ) ;
}
return ldb_handler_copy ( ldb , mem_ctx , in , out ) ;
}
static int ldif_comparison_prefixMap ( struct ldb_context * ldb , void * mem_ctx ,
const struct ldb_val * v1 ,
const struct ldb_val * v2 )
{
2009-11-05 17:00:20 +11:00
return ldb_any_comparison ( ldb , mem_ctx , ldif_canonicalise_prefixMap ,
v1 , v2 ) ;
2008-05-29 18:38:17 +10:00
}
2009-12-29 11:38:17 +11:00
/* length limited conversion of a ldb_val to a int32_t */
static int val_to_int32 ( const struct ldb_val * in , int32_t * v )
2009-06-18 11:05:45 +02:00
{
char * end ;
2009-12-29 11:38:17 +11:00
char buf [ 64 ] ;
/* make sure we don't read past the end of the data */
if ( in - > length > sizeof ( buf ) - 1 ) {
return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX ;
}
strncpy ( buf , ( char * ) in - > data , in - > length ) ;
buf [ in - > length ] = 0 ;
2009-08-17 20:29:11 +02:00
/* We've to use "strtoll" here to have the intended overflows.
* Otherwise we may get " LONG_MAX " and the conversion is wrong . */
2009-12-29 11:38:17 +11:00
* v = ( int32_t ) strtoll ( buf , & end , 0 ) ;
2009-06-18 11:05:45 +02:00
if ( * end ! = 0 ) {
2009-12-29 11:38:17 +11:00
return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX ;
}
return LDB_SUCCESS ;
}
2010-01-05 15:12:16 +11:00
/* length limited conversion of a ldb_val to a int64_t */
static int val_to_int64 ( const struct ldb_val * in , int64_t * v )
{
char * end ;
char buf [ 64 ] ;
/* make sure we don't read past the end of the data */
if ( in - > length > sizeof ( buf ) - 1 ) {
return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX ;
}
strncpy ( buf , ( char * ) in - > data , in - > length ) ;
buf [ in - > length ] = 0 ;
* v = ( int64_t ) strtoll ( buf , & end , 0 ) ;
if ( * end ! = 0 ) {
return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX ;
}
return LDB_SUCCESS ;
}
2009-12-29 11:38:17 +11:00
/* Canonicalisation of two 32-bit integers */
static int ldif_canonicalise_int32 ( struct ldb_context * ldb , void * mem_ctx ,
const struct ldb_val * in , struct ldb_val * out )
{
int32_t i ;
int ret ;
ret = val_to_int32 ( in , & i ) ;
if ( ret ! = LDB_SUCCESS ) {
return ret ;
2009-06-18 11:05:45 +02:00
}
out - > data = ( uint8_t * ) talloc_asprintf ( mem_ctx , " %d " , i ) ;
if ( out - > data = = NULL ) {
2009-12-29 11:38:17 +11:00
ldb_oom ( ldb ) ;
return LDB_ERR_OPERATIONS_ERROR ;
2009-06-18 11:05:45 +02:00
}
out - > length = strlen ( ( char * ) out - > data ) ;
return 0 ;
}
/* Comparison of two 32-bit integers */
static int ldif_comparison_int32 ( struct ldb_context * ldb , void * mem_ctx ,
2009-12-29 11:38:17 +11:00
const struct ldb_val * v1 , const struct ldb_val * v2 )
2009-06-18 11:05:45 +02:00
{
2009-12-29 11:38:17 +11:00
int32_t i1 = 0 , i2 = 0 ;
val_to_int32 ( v1 , & i1 ) ;
val_to_int32 ( v2 , & i2 ) ;
if ( i1 = = i2 ) return 0 ;
return i1 > i2 ? 1 : - 1 ;
2009-06-18 11:05:45 +02:00
}
2010-01-05 15:12:16 +11:00
/* Canonicalisation of two 64-bit integers */
static int ldif_canonicalise_int64 ( struct ldb_context * ldb , void * mem_ctx ,
const struct ldb_val * in , struct ldb_val * out )
{
int64_t i ;
int ret ;
ret = val_to_int64 ( in , & i ) ;
if ( ret ! = LDB_SUCCESS ) {
return ret ;
}
out - > data = ( uint8_t * ) talloc_asprintf ( mem_ctx , " %lld " , ( long long ) i ) ;
if ( out - > data = = NULL ) {
ldb_oom ( ldb ) ;
return LDB_ERR_OPERATIONS_ERROR ;
}
out - > length = strlen ( ( char * ) out - > data ) ;
return 0 ;
}
/* Comparison of two 64-bit integers */
static int ldif_comparison_int64 ( struct ldb_context * ldb , void * mem_ctx ,
const struct ldb_val * v1 , const struct ldb_val * v2 )
{
int64_t i1 = 0 , i2 = 0 ;
val_to_int64 ( v1 , & i1 ) ;
val_to_int64 ( v2 , & i2 ) ;
if ( i1 = = i2 ) return 0 ;
return i1 > i2 ? 1 : - 1 ;
}
2009-09-08 21:45:08 +10:00
/*
convert a NDR formatted blob to a ldif formatted repsFromTo
*/
static int ldif_write_repsFromTo ( struct ldb_context * ldb , void * mem_ctx ,
const struct ldb_val * in , struct ldb_val * out )
{
return ldif_write_NDR ( ldb , mem_ctx , in , out ,
sizeof ( struct repsFromToBlob ) ,
( ndr_pull_flags_fn_t ) ndr_pull_repsFromToBlob ,
2010-01-20 17:58:39 +02:00
( ndr_print_fn_t ) ndr_print_repsFromToBlob ,
true ) ;
2009-09-08 21:45:08 +10:00
}
2009-09-08 22:15:59 +10:00
/*
convert a NDR formatted blob to a ldif formatted replPropertyMetaData
*/
static int ldif_write_replPropertyMetaData ( struct ldb_context * ldb , void * mem_ctx ,
const struct ldb_val * in , struct ldb_val * out )
{
return ldif_write_NDR ( ldb , mem_ctx , in , out ,
sizeof ( struct replPropertyMetaDataBlob ) ,
( ndr_pull_flags_fn_t ) ndr_pull_replPropertyMetaDataBlob ,
2010-01-20 17:58:39 +02:00
( ndr_print_fn_t ) ndr_print_replPropertyMetaDataBlob ,
true ) ;
2009-09-08 22:15:59 +10:00
}
/*
convert a NDR formatted blob to a ldif formatted replUpToDateVector
*/
static int ldif_write_replUpToDateVector ( struct ldb_context * ldb , void * mem_ctx ,
const struct ldb_val * in , struct ldb_val * out )
{
return ldif_write_NDR ( ldb , mem_ctx , in , out ,
sizeof ( struct replUpToDateVectorBlob ) ,
( ndr_pull_flags_fn_t ) ndr_pull_replUpToDateVectorBlob ,
2010-01-20 17:58:39 +02:00
( ndr_print_fn_t ) ndr_print_replUpToDateVectorBlob ,
true ) ;
2009-09-08 22:15:59 +10:00
}
2015-03-06 18:07:15 +01:00
static int ldif_write_dn_binary_NDR ( struct ldb_context * ldb , void * mem_ctx ,
const struct ldb_val * in , struct ldb_val * out ,
size_t struct_size ,
ndr_pull_flags_fn_t pull_fn ,
ndr_print_fn_t print_fn ,
bool mask_errors )
{
uint8_t * p = NULL ;
enum ndr_err_code err ;
struct dsdb_dn * dsdb_dn = NULL ;
char * dn_str = NULL ;
char * str = NULL ;
if ( ! ( ldb_get_flags ( ldb ) & LDB_FLG_SHOW_BINARY ) ) {
return ldb_handler_copy ( ldb , mem_ctx , in , out ) ;
}
dsdb_dn = dsdb_dn_parse ( mem_ctx , ldb , in , DSDB_SYNTAX_BINARY_DN ) ;
if ( dsdb_dn = = NULL ) {
return ldb_handler_copy ( ldb , mem_ctx , in , out ) ;
}
p = talloc_size ( dsdb_dn , struct_size ) ;
if ( p = = NULL ) {
TALLOC_FREE ( dsdb_dn ) ;
return ldb_handler_copy ( ldb , mem_ctx , in , out ) ;
}
err = ndr_pull_struct_blob ( & dsdb_dn - > extra_part , p , p , pull_fn ) ;
if ( err ! = NDR_ERR_SUCCESS ) {
/* fail in not in mask_error mode */
if ( ! mask_errors ) {
return - 1 ;
}
TALLOC_FREE ( dsdb_dn ) ;
return ldb_handler_copy ( ldb , mem_ctx , in , out ) ;
}
dn_str = ldb_dn_get_extended_linearized ( dsdb_dn , dsdb_dn - > dn , 1 ) ;
if ( dn_str = = NULL ) {
TALLOC_FREE ( dsdb_dn ) ;
return ldb_handler_copy ( ldb , mem_ctx , in , out ) ;
}
str = ndr_print_struct_string ( mem_ctx , print_fn , dn_str , p ) ;
TALLOC_FREE ( dsdb_dn ) ;
if ( str = = NULL ) {
return ldb_handler_copy ( ldb , mem_ctx , in , out ) ;
}
* out = data_blob_string_const ( str ) ;
return 0 ;
}
static int ldif_write_msDS_RevealedUsers ( struct ldb_context * ldb , void * mem_ctx ,
const struct ldb_val * in , struct ldb_val * out )
{
return ldif_write_dn_binary_NDR ( ldb , mem_ctx , in , out ,
sizeof ( struct replPropertyMetaData1 ) ,
( ndr_pull_flags_fn_t ) ndr_pull_replPropertyMetaData1 ,
( ndr_print_fn_t ) ndr_print_replPropertyMetaData1 ,
true ) ;
}
2009-09-08 21:45:08 +10:00
2010-08-05 15:22:49 +10:00
/*
convert a NDR formatted blob to a ldif formatted dnsRecord
*/
static int ldif_write_dnsRecord ( struct ldb_context * ldb , void * mem_ctx ,
const struct ldb_val * in , struct ldb_val * out )
{
return ldif_write_NDR ( ldb , mem_ctx , in , out ,
sizeof ( struct dnsp_DnssrvRpcRecord ) ,
( ndr_pull_flags_fn_t ) ndr_pull_dnsp_DnssrvRpcRecord ,
( ndr_print_fn_t ) ndr_print_dnsp_DnssrvRpcRecord ,
true ) ;
}
2011-09-21 14:56:19 +10:00
/*
convert a NDR formatted blob to a ldif formatted dnsProperty
*/
static int ldif_write_dnsProperty ( struct ldb_context * ldb , void * mem_ctx ,
const struct ldb_val * in , struct ldb_val * out )
{
return ldif_write_NDR ( ldb , mem_ctx , in , out ,
sizeof ( struct dnsp_DnsProperty ) ,
( ndr_pull_flags_fn_t ) ndr_pull_dnsp_DnsProperty ,
( ndr_print_fn_t ) ndr_print_dnsp_DnsProperty ,
true ) ;
}
2010-11-16 16:32:27 +11:00
/*
convert a NDR formatted blob of a supplementalCredentials into text
*/
static int ldif_write_supplementalCredentialsBlob ( struct ldb_context * ldb , void * mem_ctx ,
const struct ldb_val * in , struct ldb_val * out )
{
return ldif_write_NDR ( ldb , mem_ctx , in , out ,
sizeof ( struct supplementalCredentialsBlob ) ,
( ndr_pull_flags_fn_t ) ndr_pull_supplementalCredentialsBlob ,
( ndr_print_fn_t ) ndr_print_supplementalCredentialsBlob ,
true ) ;
}
2011-09-05 16:40:19 +10:00
/*
convert a NDR formatted blob to a ldif formatted trustAuthInOutBlob
*/
static int ldif_write_trustAuthInOutBlob ( struct ldb_context * ldb , void * mem_ctx ,
const struct ldb_val * in , struct ldb_val * out )
{
return ldif_write_NDR ( ldb , mem_ctx , in , out ,
sizeof ( struct trustAuthInOutBlob ) ,
( ndr_pull_flags_fn_t ) ndr_pull_trustAuthInOutBlob ,
( ndr_print_fn_t ) ndr_print_trustAuthInOutBlob ,
true ) ;
}
2014-11-19 12:24:47 +01:00
/*
convert a NDR formatted blob to a ldif formatted msDS - TrustForestTrustInfo
*/
static int ldif_write_ForestTrustInfo ( struct ldb_context * ldb , void * mem_ctx ,
const struct ldb_val * in , struct ldb_val * out )
{
return ldif_write_NDR ( ldb , mem_ctx , in , out ,
sizeof ( struct ForestTrustInfo ) ,
( ndr_pull_flags_fn_t ) ndr_pull_ForestTrustInfo ,
( ndr_print_fn_t ) ndr_print_ForestTrustInfo ,
true ) ;
}
2011-09-23 13:28:06 +10:00
/*
convert a NDR formatted blob of a partialAttributeSet into text
*/
static int ldif_write_partialAttributeSet ( struct ldb_context * ldb , void * mem_ctx ,
const struct ldb_val * in , struct ldb_val * out )
{
return ldif_write_NDR ( ldb , mem_ctx , in , out ,
sizeof ( struct partialAttributeSetBlob ) ,
( ndr_pull_flags_fn_t ) ndr_pull_partialAttributeSetBlob ,
( ndr_print_fn_t ) ndr_print_partialAttributeSetBlob ,
true ) ;
}
2010-08-05 15:22:49 +10:00
2008-12-16 08:43:12 +01:00
static int extended_dn_write_hex ( struct ldb_context * ldb , void * mem_ctx ,
const struct ldb_val * in , struct ldb_val * out )
{
2009-11-04 17:42:53 +11:00
* out = data_blob_string_const ( data_blob_hex_string_lower ( mem_ctx , in ) ) ;
2008-12-16 08:43:12 +01:00
if ( ! out - > data ) {
return - 1 ;
}
return 0 ;
}
2010-06-14 15:52:01 +10:00
/*
compare two dns
*/
static int samba_ldb_dn_link_comparison ( struct ldb_context * ldb , void * mem_ctx ,
const struct ldb_val * v1 , const struct ldb_val * v2 )
{
struct ldb_dn * dn1 = NULL , * dn2 = NULL ;
int ret ;
if ( dsdb_dn_is_deleted_val ( v1 ) ) {
/* If the DN is deleted, then we can't search for it */
return - 1 ;
}
if ( dsdb_dn_is_deleted_val ( v2 ) ) {
/* If the DN is deleted, then we can't search for it */
return - 1 ;
}
dn1 = ldb_dn_from_ldb_val ( mem_ctx , ldb , v1 ) ;
if ( ! ldb_dn_validate ( dn1 ) ) return - 1 ;
dn2 = ldb_dn_from_ldb_val ( mem_ctx , ldb , v2 ) ;
if ( ! ldb_dn_validate ( dn2 ) ) {
talloc_free ( dn1 ) ;
return - 1 ;
}
ret = ldb_dn_compare ( dn1 , dn2 ) ;
talloc_free ( dn1 ) ;
talloc_free ( dn2 ) ;
return ret ;
}
static int samba_ldb_dn_link_canonicalise ( struct ldb_context * ldb , void * mem_ctx ,
const struct ldb_val * in , struct ldb_val * out )
{
struct ldb_dn * dn ;
int ret = - 1 ;
out - > length = 0 ;
out - > data = NULL ;
dn = ldb_dn_from_ldb_val ( mem_ctx , ldb , in ) ;
if ( ! ldb_dn_validate ( dn ) ) {
return LDB_ERR_INVALID_DN_SYNTAX ;
}
/* By including the RMD_FLAGS of a deleted DN, we ensure it
* does not casually match a not deleted DN */
if ( dsdb_dn_is_deleted_val ( in ) ) {
2010-06-16 21:45:15 +02:00
out - > data = ( uint8_t * ) talloc_asprintf ( mem_ctx ,
" <RMD_FLAGS=%u>%s " ,
dsdb_dn_val_rmd_flags ( in ) ,
ldb_dn_get_casefold ( dn ) ) ;
2010-06-14 15:52:01 +10:00
} else {
out - > data = ( uint8_t * ) ldb_dn_alloc_casefold ( mem_ctx , dn ) ;
}
if ( out - > data = = NULL ) {
goto done ;
}
out - > length = strlen ( ( char * ) out - > data ) ;
ret = 0 ;
done :
talloc_free ( dn ) ;
return ret ;
}
2010-01-05 15:12:16 +11:00
/*
write a 64 bit 2 - part range
*/
static int ldif_write_range64 ( struct ldb_context * ldb , void * mem_ctx ,
const struct ldb_val * in , struct ldb_val * out )
{
int64_t v ;
int ret ;
ret = val_to_int64 ( in , & v ) ;
if ( ret ! = LDB_SUCCESS ) {
return ret ;
}
out - > data = ( uint8_t * ) talloc_asprintf ( mem_ctx , " %lu-%lu " ,
( unsigned long ) ( v & 0xFFFFFFFF ) ,
( unsigned long ) ( v > > 32 ) ) ;
if ( out - > data = = NULL ) {
ldb_oom ( ldb ) ;
return LDB_ERR_OPERATIONS_ERROR ;
}
out - > length = strlen ( ( char * ) out - > data ) ;
return LDB_SUCCESS ;
}
/*
read a 64 bit 2 - part range
*/
static int ldif_read_range64 ( struct ldb_context * ldb , void * mem_ctx ,
const struct ldb_val * in , struct ldb_val * out )
{
unsigned long high , low ;
char buf [ 64 ] ;
if ( memchr ( in - > data , ' - ' , in - > length ) = = NULL ) {
return ldb_handler_copy ( ldb , mem_ctx , in , out ) ;
}
if ( in - > length > sizeof ( buf ) - 1 ) {
return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX ;
}
strncpy ( buf , ( const char * ) in - > data , in - > length ) ;
buf [ in - > length ] = 0 ;
if ( sscanf ( buf , " %lu-%lu " , & low , & high ) ! = 2 ) {
return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX ;
}
out - > data = ( uint8_t * ) talloc_asprintf ( mem_ctx , " %llu " ,
( unsigned long long ) ( ( ( uint64_t ) high ) < < 32 ) | ( low ) ) ;
if ( out - > data = = NULL ) {
ldb_oom ( ldb ) ;
return LDB_ERR_OPERATIONS_ERROR ;
}
out - > length = strlen ( ( char * ) out - > data ) ;
return LDB_SUCCESS ;
}
2010-10-13 20:27:52 +11:00
/*
when this operator_fn is set for a syntax , the backend calls is in
preference to the comparison function . We are told the exact
comparison operation that is needed , and we can return errors
*/
static int samba_syntax_operator_fn ( struct ldb_context * ldb , enum ldb_parse_op operation ,
const struct ldb_schema_attribute * a ,
const struct ldb_val * v1 , const struct ldb_val * v2 , bool * matched )
{
switch ( operation ) {
case LDB_OP_AND :
case LDB_OP_OR :
case LDB_OP_NOT :
case LDB_OP_SUBSTRING :
case LDB_OP_APPROX :
case LDB_OP_EXTENDED :
/* handled in the backends */
return LDB_ERR_INAPPROPRIATE_MATCHING ;
case LDB_OP_GREATER :
case LDB_OP_LESS :
case LDB_OP_EQUALITY :
{
TALLOC_CTX * tmp_ctx = talloc_new ( ldb ) ;
int ret ;
if ( tmp_ctx = = NULL ) {
return ldb_oom ( ldb ) ;
}
ret = a - > syntax - > comparison_fn ( ldb , tmp_ctx , v1 , v2 ) ;
talloc_free ( tmp_ctx ) ;
if ( operation = = LDB_OP_GREATER ) {
2012-05-04 11:41:03 +02:00
* matched = ( ret > = 0 ) ;
2010-10-13 20:27:52 +11:00
} else if ( operation = = LDB_OP_LESS ) {
2012-05-04 11:41:03 +02:00
* matched = ( ret < = 0 ) ;
2010-10-13 20:27:52 +11:00
} else {
* matched = ( ret = = 0 ) ;
}
return LDB_SUCCESS ;
}
case LDB_OP_PRESENT :
* matched = true ;
return LDB_SUCCESS ;
}
/* we shouldn't get here */
return LDB_ERR_INAPPROPRIATE_MATCHING ;
}
2016-01-15 14:52:12 +13:00
/*
compare two binary objects . This is correct for sorting as the sort order is :
a
aa
b
bb
rather than ldb_comparison_binary ( ) which is :
a
b
aa
bb
*/
static int samba_ldb_comparison_binary ( struct ldb_context * ldb , void * mem_ctx ,
const struct ldb_val * v1 , const struct ldb_val * v2 )
{
return data_blob_cmp ( v1 , v2 ) ;
}
/*
when this operator_fn is set for a syntax , the backend calls is in
preference to the comparison function . We are told the exact
comparison operation that is needed , and we can return errors .
This mode optimises for ldb_comparison_binary ( ) if we need equality ,
as this should be faster as it can do a length - check first .
*/
static int samba_syntax_binary_operator_fn ( struct ldb_context * ldb , enum ldb_parse_op operation ,
const struct ldb_schema_attribute * a ,
const struct ldb_val * v1 , const struct ldb_val * v2 , bool * matched )
{
if ( operation = = LDB_OP_EQUALITY ) {
* matched = ( ldb_comparison_binary ( ldb , NULL , v1 , v2 ) = = 0 ) ;
return LDB_SUCCESS ;
}
return samba_syntax_operator_fn ( ldb , operation , a , v1 , v2 , matched ) ;
}
2011-08-02 17:15:28 +10:00
/*
see if two DNs match , comparing first by GUID , then by SID , and
finally by string components
*/
static int samba_dn_extended_match ( struct ldb_context * ldb ,
const struct ldb_val * v1 ,
const struct ldb_val * v2 ,
bool * matched )
{
TALLOC_CTX * tmp_ctx ;
struct ldb_dn * dn1 , * dn2 ;
const struct ldb_val * guid1 , * guid2 , * sid1 , * sid2 ;
2011-08-04 14:59:47 +10:00
uint32_t rmd_flags1 , rmd_flags2 ;
2011-08-02 17:15:28 +10:00
tmp_ctx = talloc_new ( ldb ) ;
dn1 = ldb_dn_from_ldb_val ( tmp_ctx , ldb , v1 ) ;
dn2 = ldb_dn_from_ldb_val ( tmp_ctx , ldb , v2 ) ;
if ( ! dn1 | | ! dn2 ) {
/* couldn't parse as DN's */
talloc_free ( tmp_ctx ) ;
( * matched ) = false ;
return LDB_SUCCESS ;
}
2011-08-04 14:59:47 +10:00
rmd_flags1 = dsdb_dn_rmd_flags ( dn1 ) ;
rmd_flags2 = dsdb_dn_rmd_flags ( dn2 ) ;
if ( ( rmd_flags1 & DSDB_RMD_FLAG_DELETED ) ! =
( rmd_flags2 & DSDB_RMD_FLAG_DELETED ) ) {
/* only match if they have the same deletion status */
talloc_free ( tmp_ctx ) ;
( * matched ) = false ;
return LDB_SUCCESS ;
}
2011-08-02 17:15:28 +10:00
guid1 = ldb_dn_get_extended_component ( dn1 , " GUID " ) ;
guid2 = ldb_dn_get_extended_component ( dn2 , " GUID " ) ;
if ( guid1 & & guid2 ) {
( * matched ) = ( data_blob_cmp ( guid1 , guid2 ) = = 0 ) ;
talloc_free ( tmp_ctx ) ;
return LDB_SUCCESS ;
}
sid1 = ldb_dn_get_extended_component ( dn1 , " SID " ) ;
sid2 = ldb_dn_get_extended_component ( dn2 , " SID " ) ;
if ( sid1 & & sid2 ) {
( * matched ) = ( data_blob_cmp ( sid1 , sid2 ) = = 0 ) ;
talloc_free ( tmp_ctx ) ;
return LDB_SUCCESS ;
}
( * matched ) = ( ldb_dn_compare ( dn1 , dn2 ) = = 0 ) ;
talloc_free ( tmp_ctx ) ;
return LDB_SUCCESS ;
}
2010-10-13 20:27:52 +11:00
/*
special operation for DNs , to take account of the RMD_FLAGS deleted bit
*/
static int samba_syntax_operator_dn ( struct ldb_context * ldb , enum ldb_parse_op operation ,
const struct ldb_schema_attribute * a ,
const struct ldb_val * v1 , const struct ldb_val * v2 , bool * matched )
{
if ( operation = = LDB_OP_PRESENT & & dsdb_dn_is_deleted_val ( v1 ) ) {
/* If the DN is deleted, then we can't search for it */
2011-08-02 17:15:28 +10:00
/* should this be for equality too? */
2010-10-13 20:27:52 +11:00
* matched = false ;
return LDB_SUCCESS ;
}
2011-08-02 17:15:28 +10:00
if ( operation = = LDB_OP_EQUALITY & &
samba_dn_extended_match ( ldb , v1 , v2 , matched ) = = LDB_SUCCESS ) {
return LDB_SUCCESS ;
}
2010-10-13 20:27:52 +11:00
return samba_syntax_operator_fn ( ldb , operation , a , v1 , v2 , matched ) ;
}
2006-12-15 13:08:57 +00:00
static const struct ldb_schema_syntax samba_syntaxes [ ] = {
2006-11-25 15:43:56 +00:00
{
2008-12-16 08:43:12 +01:00
. name = LDB_SYNTAX_SAMBA_SID ,
. ldif_read_fn = ldif_read_objectSid ,
. ldif_write_fn = ldif_write_objectSid ,
2009-06-18 11:05:45 +02:00
. canonicalise_fn = ldif_canonicalise_objectSid ,
2010-10-13 20:27:52 +11:00
. comparison_fn = ldif_comparison_objectSid ,
. operator_fn = samba_syntax_operator_fn
2008-12-16 08:43:12 +01:00
} , {
. name = LDB_SYNTAX_SAMBA_SECURITY_DESCRIPTOR ,
. ldif_read_fn = ldif_read_ntSecurityDescriptor ,
. ldif_write_fn = ldif_write_ntSecurityDescriptor ,
. canonicalise_fn = ldb_handler_copy ,
2016-01-15 14:52:12 +13:00
. comparison_fn = samba_ldb_comparison_binary ,
. operator_fn = samba_syntax_binary_operator_fn
2011-07-15 11:25:36 +10:00
} , {
. name = LDB_SYNTAX_SAMBA_SDDL_SECURITY_DESCRIPTOR ,
. ldif_read_fn = ldb_handler_copy ,
. ldif_write_fn = ldif_write_sddlSecurityDescriptor ,
. canonicalise_fn = ldb_handler_fold ,
. comparison_fn = ldb_comparison_fold ,
. operator_fn = samba_syntax_operator_fn
2008-12-16 08:43:12 +01:00
} , {
. name = LDB_SYNTAX_SAMBA_GUID ,
. ldif_read_fn = ldif_read_objectGUID ,
. ldif_write_fn = ldif_write_objectGUID ,
2009-06-18 11:05:45 +02:00
. canonicalise_fn = ldif_canonicalise_objectGUID ,
2010-10-13 20:27:52 +11:00
. comparison_fn = ldif_comparison_objectGUID ,
. operator_fn = samba_syntax_operator_fn
2006-12-15 13:08:57 +00:00
} , {
2008-12-16 08:43:12 +01:00
. name = LDB_SYNTAX_SAMBA_OBJECT_CATEGORY ,
. ldif_read_fn = ldb_handler_copy ,
. ldif_write_fn = ldb_handler_copy ,
. canonicalise_fn = ldif_canonicalise_objectCategory ,
2010-10-13 20:27:52 +11:00
. comparison_fn = ldif_comparison_objectCategory ,
. operator_fn = samba_syntax_operator_fn
2010-03-18 17:04:34 +02:00
} , {
. name = LDB_SYNTAX_SAMBA_SCHEMAINFO ,
. ldif_read_fn = ldb_handler_copy ,
. ldif_write_fn = ldif_write_schemaInfo ,
. canonicalise_fn = ldb_handler_copy ,
2016-01-15 14:52:12 +13:00
. comparison_fn = samba_ldb_comparison_binary ,
. operator_fn = samba_syntax_binary_operator_fn
2006-12-15 13:08:57 +00:00
} , {
2008-12-16 08:43:12 +01:00
. name = LDB_SYNTAX_SAMBA_PREFIX_MAP ,
. ldif_read_fn = ldif_read_prefixMap ,
. ldif_write_fn = ldif_write_prefixMap ,
. canonicalise_fn = ldif_canonicalise_prefixMap ,
2010-10-13 20:27:52 +11:00
. comparison_fn = ldif_comparison_prefixMap ,
. operator_fn = samba_syntax_operator_fn
2009-06-18 11:05:45 +02:00
} , {
. name = LDB_SYNTAX_SAMBA_INT32 ,
. ldif_read_fn = ldb_handler_copy ,
. ldif_write_fn = ldb_handler_copy ,
. canonicalise_fn = ldif_canonicalise_int32 ,
2010-10-13 20:27:52 +11:00
. comparison_fn = ldif_comparison_int32 ,
. operator_fn = samba_syntax_operator_fn
2009-09-08 21:45:08 +10:00
} , {
. name = LDB_SYNTAX_SAMBA_REPSFROMTO ,
. ldif_read_fn = ldb_handler_copy ,
. ldif_write_fn = ldif_write_repsFromTo ,
. canonicalise_fn = ldb_handler_copy ,
2016-01-15 14:52:12 +13:00
. comparison_fn = samba_ldb_comparison_binary ,
. operator_fn = samba_syntax_binary_operator_fn
2009-09-08 22:15:59 +10:00
} , {
. name = LDB_SYNTAX_SAMBA_REPLPROPERTYMETADATA ,
. ldif_read_fn = ldb_handler_copy ,
. ldif_write_fn = ldif_write_replPropertyMetaData ,
. canonicalise_fn = ldb_handler_copy ,
2016-01-15 14:52:12 +13:00
. comparison_fn = samba_ldb_comparison_binary ,
. operator_fn = samba_syntax_binary_operator_fn
2009-09-08 22:15:59 +10:00
} , {
. name = LDB_SYNTAX_SAMBA_REPLUPTODATEVECTOR ,
. ldif_read_fn = ldb_handler_copy ,
. ldif_write_fn = ldif_write_replUpToDateVector ,
. canonicalise_fn = ldb_handler_copy ,
2016-01-15 14:52:12 +13:00
. comparison_fn = samba_ldb_comparison_binary ,
. operator_fn = samba_syntax_binary_operator_fn
2015-03-06 18:07:15 +01:00
} , {
. name = LDB_SYNTAX_SAMBA_REVEALEDUSERS ,
. ldif_read_fn = ldb_handler_copy ,
. ldif_write_fn = ldif_write_msDS_RevealedUsers ,
. canonicalise_fn = dsdb_dn_binary_canonicalise ,
. comparison_fn = dsdb_dn_binary_comparison ,
. operator_fn = samba_syntax_operator_fn
2011-09-05 16:40:19 +10:00
} , {
. name = LDB_SYNTAX_SAMBA_TRUSTAUTHINOUTBLOB ,
. ldif_read_fn = ldb_handler_copy ,
. ldif_write_fn = ldif_write_trustAuthInOutBlob ,
. canonicalise_fn = ldb_handler_copy ,
2016-01-15 14:52:12 +13:00
. comparison_fn = samba_ldb_comparison_binary ,
. operator_fn = samba_syntax_binary_operator_fn
2014-11-19 12:24:47 +01:00
} , {
. name = LDB_SYNTAX_SAMBA_FORESTTRUSTINFO ,
. ldif_read_fn = ldb_handler_copy ,
. ldif_write_fn = ldif_write_ForestTrustInfo ,
. canonicalise_fn = ldb_handler_copy ,
2016-01-15 14:52:12 +13:00
. comparison_fn = samba_ldb_comparison_binary ,
. operator_fn = samba_syntax_binary_operator_fn
2009-11-05 17:04:10 +11:00
} , {
. name = DSDB_SYNTAX_BINARY_DN ,
. ldif_read_fn = ldb_handler_copy ,
. ldif_write_fn = ldb_handler_copy ,
. canonicalise_fn = dsdb_dn_binary_canonicalise ,
2010-10-13 20:27:52 +11:00
. comparison_fn = dsdb_dn_binary_comparison ,
. operator_fn = samba_syntax_operator_fn
2009-11-05 17:04:10 +11:00
} , {
. name = DSDB_SYNTAX_STRING_DN ,
. ldif_read_fn = ldb_handler_copy ,
. ldif_write_fn = ldb_handler_copy ,
. canonicalise_fn = dsdb_dn_string_canonicalise ,
2010-10-13 20:27:52 +11:00
. comparison_fn = dsdb_dn_string_comparison ,
. operator_fn = samba_syntax_operator_fn
2010-06-14 15:52:01 +10:00
} , {
. name = LDB_SYNTAX_DN ,
. ldif_read_fn = ldb_handler_copy ,
. ldif_write_fn = ldb_handler_copy ,
. canonicalise_fn = samba_ldb_dn_link_canonicalise ,
. comparison_fn = samba_ldb_dn_link_comparison ,
2010-10-13 20:27:52 +11:00
. operator_fn = samba_syntax_operator_dn
2010-01-05 15:12:16 +11:00
} , {
. name = LDB_SYNTAX_SAMBA_RANGE64 ,
. ldif_read_fn = ldif_read_range64 ,
. ldif_write_fn = ldif_write_range64 ,
. canonicalise_fn = ldif_canonicalise_int64 ,
2010-10-13 20:27:52 +11:00
. comparison_fn = ldif_comparison_int64 ,
. operator_fn = samba_syntax_operator_fn
2010-08-05 15:22:49 +10:00
} , {
. name = LDB_SYNTAX_SAMBA_DNSRECORD ,
. ldif_read_fn = ldb_handler_copy ,
. ldif_write_fn = ldif_write_dnsRecord ,
. canonicalise_fn = ldb_handler_copy ,
2016-01-15 14:52:12 +13:00
. comparison_fn = samba_ldb_comparison_binary ,
. operator_fn = samba_syntax_binary_operator_fn
2011-09-21 14:56:19 +10:00
} , {
. name = LDB_SYNTAX_SAMBA_DNSPROPERTY ,
. ldif_read_fn = ldb_handler_copy ,
. ldif_write_fn = ldif_write_dnsProperty ,
. canonicalise_fn = ldb_handler_copy ,
2016-01-15 14:52:12 +13:00
. comparison_fn = samba_ldb_comparison_binary ,
. operator_fn = samba_syntax_binary_operator_fn
2010-11-16 16:32:27 +11:00
} , {
. name = LDB_SYNTAX_SAMBA_SUPPLEMENTALCREDENTIALS ,
. ldif_read_fn = ldb_handler_copy ,
. ldif_write_fn = ldif_write_supplementalCredentialsBlob ,
. canonicalise_fn = ldb_handler_copy ,
2016-01-15 14:52:12 +13:00
. comparison_fn = samba_ldb_comparison_binary ,
. operator_fn = samba_syntax_binary_operator_fn
2011-09-23 13:28:06 +10:00
} , {
. name = LDB_SYNTAX_SAMBA_PARTIALATTRIBUTESET ,
. ldif_read_fn = ldb_handler_copy ,
. ldif_write_fn = ldif_write_partialAttributeSet ,
. canonicalise_fn = ldb_handler_copy ,
2016-01-15 14:52:12 +13:00
. comparison_fn = samba_ldb_comparison_binary ,
. operator_fn = samba_syntax_binary_operator_fn
} , {
. name = LDB_SYNTAX_SAMBA_OCTET_STRING ,
. ldif_read_fn = ldb_handler_copy ,
. ldif_write_fn = ldb_handler_copy ,
. canonicalise_fn = ldb_handler_copy ,
. comparison_fn = samba_ldb_comparison_binary ,
. operator_fn = samba_syntax_binary_operator_fn
2010-08-05 15:22:49 +10:00
}
2008-12-16 08:43:12 +01:00
} ;
static const struct ldb_dn_extended_syntax samba_dn_syntax [ ] = {
{
. name = " SID " ,
. read_fn = extended_dn_read_SID ,
. write_clear_fn = ldif_write_objectSid ,
. write_hex_fn = extended_dn_write_hex
2006-12-15 13:08:57 +00:00
} , {
2008-12-16 08:43:12 +01:00
. name = " GUID " ,
. read_fn = extended_dn_read_GUID ,
. write_clear_fn = ldif_write_objectGUID ,
. write_hex_fn = extended_dn_write_hex
2008-05-29 18:38:17 +10:00
} , {
2008-12-16 08:43:12 +01:00
. name = " WKGUID " ,
. read_fn = ldb_handler_copy ,
. write_clear_fn = ldb_handler_copy ,
. write_hex_fn = ldb_handler_copy
2009-12-10 23:45:16 +11:00
} , {
. name = " RMD_INVOCID " ,
. read_fn = extended_dn_read_GUID ,
. write_clear_fn = ldif_write_objectGUID ,
. write_hex_fn = extended_dn_write_hex
} , {
2010-01-02 08:14:52 +11:00
. name = " RMD_FLAGS " ,
2009-12-10 23:45:16 +11:00
. read_fn = ldb_handler_copy ,
. write_clear_fn = ldb_handler_copy ,
. write_hex_fn = ldb_handler_copy
} , {
. name = " RMD_ADDTIME " ,
. read_fn = ldb_handler_copy ,
. write_clear_fn = ldb_handler_copy ,
. write_hex_fn = ldb_handler_copy
} , {
. name = " RMD_CHANGETIME " ,
. read_fn = ldb_handler_copy ,
. write_clear_fn = ldb_handler_copy ,
. write_hex_fn = ldb_handler_copy
} , {
2009-12-18 12:47:31 +11:00
. name = " RMD_LOCAL_USN " ,
. read_fn = ldb_handler_copy ,
. write_clear_fn = ldb_handler_copy ,
. write_hex_fn = ldb_handler_copy
} , {
. name = " RMD_ORIGINATING_USN " ,
2009-12-10 23:45:16 +11:00
. read_fn = ldb_handler_copy ,
. write_clear_fn = ldb_handler_copy ,
. write_hex_fn = ldb_handler_copy
} , {
. name = " RMD_VERSION " ,
. read_fn = ldb_handler_copy ,
. write_clear_fn = ldb_handler_copy ,
. write_hex_fn = ldb_handler_copy
r8037: a fairly major update to the internals of ldb. Changes are:
- moved the knowledge of attribute types out of ldb_tdb and into the
generic ldb code. This allows the ldb_match() message match logic
to be generic, so it can be used by other backend
- added the generic ability to load attribute handlers, for
canonicalisation, compare, ldif read and ldif write. In the future
this will be used by the schema module to allow us to correctly
obey the attributetype schema elements
- added attribute handlers for some of the core ldap attribute types,
Integer, DirectoryString, DN, ObjectClass etc
- added automatic registration of attribute handlers for well-known
attribute names 'cn', 'dc', 'dn', 'ou' and 'objectClass'
- converted the objectSid special handlers for Samba to the new system
- added more correct handling of indexing in tdb backend based on the
attribute canonicalisation function
- added generic support for subclasses, moving it out of the tdb
backend. This will be used in future by the schema module
- fixed several bugs in the dn_explode code. It still needs more
work, but doesn't corrupt ldb dbs any more.
(This used to be commit 944c5844ab441b96d8e5d7b2d151982139d1fab9)
2005-07-01 06:21:26 +00:00
}
2005-06-21 07:52:00 +00:00
} ;
2009-06-18 11:05:45 +02:00
/* TODO: Should be dynamic at some point */
2006-12-15 13:08:57 +00:00
static const struct {
const char * name ;
const char * syntax ;
} samba_attributes [ ] = {
{ " ntSecurityDescriptor " , LDB_SYNTAX_SAMBA_SECURITY_DESCRIPTOR } ,
2009-11-13 09:58:20 -06:00
{ " oMSyntax " , LDB_SYNTAX_SAMBA_INT32 } ,
2006-12-15 13:08:57 +00:00
{ " objectCategory " , LDB_SYNTAX_SAMBA_OBJECT_CATEGORY } ,
2010-03-18 17:04:34 +02:00
{ " schemaInfo " , LDB_SYNTAX_SAMBA_SCHEMAINFO } ,
2009-09-08 21:45:08 +10:00
{ " prefixMap " , LDB_SYNTAX_SAMBA_PREFIX_MAP } ,
{ " repsFrom " , LDB_SYNTAX_SAMBA_REPSFROMTO } ,
{ " repsTo " , LDB_SYNTAX_SAMBA_REPSFROMTO } ,
2009-09-08 22:15:59 +10:00
{ " replPropertyMetaData " , LDB_SYNTAX_SAMBA_REPLPROPERTYMETADATA } ,
{ " replUpToDateVector " , LDB_SYNTAX_SAMBA_REPLUPTODATEVECTOR } ,
2015-03-06 18:07:15 +01:00
{ " msDS-RevealedUsers " , LDB_SYNTAX_SAMBA_REVEALEDUSERS } ,
2011-09-05 16:40:19 +10:00
{ " trustAuthIncoming " , LDB_SYNTAX_SAMBA_TRUSTAUTHINOUTBLOB } ,
{ " trustAuthOutgoing " , LDB_SYNTAX_SAMBA_TRUSTAUTHINOUTBLOB } ,
2014-11-19 12:24:47 +01:00
{ " msDS-TrustForestTrustInfo " , LDB_SYNTAX_SAMBA_FORESTTRUSTINFO } ,
2010-01-05 15:12:16 +11:00
{ " rIDAllocationPool " , LDB_SYNTAX_SAMBA_RANGE64 } ,
{ " rIDPreviousAllocationPool " , LDB_SYNTAX_SAMBA_RANGE64 } ,
{ " rIDAvailablePool " , LDB_SYNTAX_SAMBA_RANGE64 } ,
2011-07-15 11:25:36 +10:00
{ " defaultSecurityDescriptor " , LDB_SYNTAX_SAMBA_SDDL_SECURITY_DESCRIPTOR } ,
2010-04-30 18:24:53 +02:00
2014-01-29 08:24:11 +01:00
/*
* these are extracted by searching
* ( & ( attributeSyntax = 2.5 .5 .17 ) ( omSyntax = 4 ) )
*
* Except : msAuthz - CentralAccessPolicyID as it might be a GUID see :
* adminDescription : For a Central Access Policy , this attribute defines a GUID t
* hat can be used to identify the set of policies when applied to a resource .
* Until we see a msAuthz - CentralAccessPolicyID value on a windows
* server , we ignore it here .
*/
{ " mS-DS-CreatorSID " , LDB_SYNTAX_SAMBA_SID } ,
{ " msDS-QuotaTrustee " , LDB_SYNTAX_SAMBA_SID } ,
{ " objectSid " , LDB_SYNTAX_SAMBA_SID } ,
{ " tokenGroups " , LDB_SYNTAX_SAMBA_SID } ,
{ " tokenGroupsGlobalAndUniversal " , LDB_SYNTAX_SAMBA_SID } ,
{ " tokenGroupsNoGCAcceptable " , LDB_SYNTAX_SAMBA_SID } ,
{ " securityIdentifier " , LDB_SYNTAX_SAMBA_SID } ,
{ " sIDHistory " , LDB_SYNTAX_SAMBA_SID } ,
{ " syncWithSID " , LDB_SYNTAX_SAMBA_SID } ,
2010-04-30 18:24:53 +02:00
/*
* these are extracted by searching
* ( & ( attributeSyntax = 2.5 .5 .10 ) ( rangeLower = 16 ) ( rangeUpper = 16 ) ( omSyntax = 4 ) )
*/
{ " attributeSecurityGUID " , LDB_SYNTAX_SAMBA_GUID } ,
{ " categoryId " , LDB_SYNTAX_SAMBA_GUID } ,
{ " controlAccessRights " , LDB_SYNTAX_SAMBA_GUID } ,
{ " currMachineId " , LDB_SYNTAX_SAMBA_GUID } ,
{ " fRSReplicaSetGUID " , LDB_SYNTAX_SAMBA_GUID } ,
{ " fRSVersionGUID " , LDB_SYNTAX_SAMBA_GUID } ,
{ " implementedCategories " , LDB_SYNTAX_SAMBA_GUID } ,
{ " msDS-AzObjectGuid " , LDB_SYNTAX_SAMBA_GUID } ,
2014-01-29 08:24:11 +01:00
{ " msDS-GenerationId " , LDB_SYNTAX_SAMBA_GUID } ,
{ " msDS-OptionalFeatureGUID " , LDB_SYNTAX_SAMBA_GUID } ,
2010-04-30 18:24:53 +02:00
{ " msDFSR-ContentSetGuid " , LDB_SYNTAX_SAMBA_GUID } ,
{ " msDFSR-ReplicationGroupGuid " , LDB_SYNTAX_SAMBA_GUID } ,
{ " mSMQDigests " , LDB_SYNTAX_SAMBA_GUID } ,
{ " mSMQOwnerID " , LDB_SYNTAX_SAMBA_GUID } ,
{ " mSMQQMID " , LDB_SYNTAX_SAMBA_GUID } ,
{ " mSMQQueueType " , LDB_SYNTAX_SAMBA_GUID } ,
{ " mSMQSites " , LDB_SYNTAX_SAMBA_GUID } ,
{ " netbootGUID " , LDB_SYNTAX_SAMBA_GUID } ,
{ " objectGUID " , LDB_SYNTAX_SAMBA_GUID } ,
{ " pKTGuid " , LDB_SYNTAX_SAMBA_GUID } ,
{ " requiredCategories " , LDB_SYNTAX_SAMBA_GUID } ,
{ " schemaIDGUID " , LDB_SYNTAX_SAMBA_GUID } ,
{ " siteGUID " , LDB_SYNTAX_SAMBA_GUID } ,
{ " msDFS-GenerationGUIDv2 " , LDB_SYNTAX_SAMBA_GUID } ,
{ " msDFS-LinkIdentityGUIDv2 " , LDB_SYNTAX_SAMBA_GUID } ,
{ " msDFS-NamespaceIdentityGUIDv2 " , LDB_SYNTAX_SAMBA_GUID } ,
2014-01-29 08:24:11 +01:00
{ " msSPP-CSVLKSkuId " , LDB_SYNTAX_SAMBA_GUID } ,
{ " msSPP-KMSIds " , LDB_SYNTAX_SAMBA_GUID } ,
2010-04-30 18:24:53 +02:00
/*
* these are known to be GUIDs
*/
{ " invocationId " , LDB_SYNTAX_SAMBA_GUID } ,
{ " parentGUID " , LDB_SYNTAX_SAMBA_GUID } ,
2010-11-16 16:32:27 +11:00
/* These NDR encoded things we want to be able to read with --show-binary */
2010-08-05 15:22:49 +10:00
{ " dnsRecord " , LDB_SYNTAX_SAMBA_DNSRECORD } ,
2011-12-20 12:05:49 +11:00
{ " dNSProperty " , LDB_SYNTAX_SAMBA_DNSPROPERTY } ,
2011-09-23 13:28:06 +10:00
{ " supplementalCredentials " , LDB_SYNTAX_SAMBA_SUPPLEMENTALCREDENTIALS } ,
{ " partialAttributeSet " , LDB_SYNTAX_SAMBA_PARTIALATTRIBUTESET }
2006-12-15 13:08:57 +00:00
} ;
2008-08-18 20:30:27 +10:00
const struct ldb_schema_syntax * ldb_samba_syntax_by_name ( struct ldb_context * ldb , const char * name )
{
2009-11-06 20:14:41 +01:00
unsigned int j ;
2008-08-18 20:30:27 +10:00
const struct ldb_schema_syntax * s = NULL ;
for ( j = 0 ; j < ARRAY_SIZE ( samba_syntaxes ) ; j + + ) {
if ( strcmp ( name , samba_syntaxes [ j ] . name ) = = 0 ) {
s = & samba_syntaxes [ j ] ;
break ;
}
}
return s ;
}
2009-04-02 16:42:21 +11:00
const struct ldb_schema_syntax * ldb_samba_syntax_by_lDAPDisplayName ( struct ldb_context * ldb , const char * name )
{
2009-11-06 20:14:41 +01:00
unsigned int j ;
2009-04-02 16:42:21 +11:00
const struct ldb_schema_syntax * s = NULL ;
for ( j = 0 ; j < ARRAY_SIZE ( samba_attributes ) ; j + + ) {
if ( strcmp ( samba_attributes [ j ] . name , name ) = = 0 ) {
s = ldb_samba_syntax_by_name ( ldb , samba_attributes [ j ] . syntax ) ;
break ;
}
}
return s ;
}
2008-08-18 20:30:27 +10:00
2016-01-02 20:58:39 +13:00
static const char * secret_attributes [ ] = { DSDB_SECRET_ATTRIBUTES , " secret " , NULL } ;
2012-08-29 11:32:26 +10:00
2005-06-21 07:52:00 +00:00
/*
register the samba ldif handlers
*/
int ldb_register_samba_handlers ( struct ldb_context * ldb )
{
2009-11-06 20:14:41 +01:00
unsigned int i ;
2010-12-08 08:22:07 +11:00
int ret ;
if ( ldb_get_opaque ( ldb , " SAMBA_HANDLERS_REGISTERED " ) ! = NULL ) {
return LDB_SUCCESS ;
}
2006-12-15 13:08:57 +00:00
2012-08-29 11:32:26 +10:00
ret = ldb_set_opaque ( ldb , LDB_SECRET_ATTRIBUTE_LIST_OPAQUE , discard_const_p ( char * , secret_attributes ) ) ;
if ( ret ! = LDB_SUCCESS ) {
return ret ;
}
2006-12-15 13:08:57 +00:00
for ( i = 0 ; i < ARRAY_SIZE ( samba_attributes ) ; i + + ) {
2007-05-06 21:28:03 +00:00
const struct ldb_schema_syntax * s = NULL ;
2006-12-15 13:08:57 +00:00
2008-08-18 20:30:27 +10:00
s = ldb_samba_syntax_by_name ( ldb , samba_attributes [ i ] . syntax ) ;
2006-12-15 13:08:57 +00:00
if ( ! s ) {
s = ldb_standard_syntax_by_name ( ldb , samba_attributes [ i ] . syntax ) ;
}
if ( ! s ) {
2010-09-11 17:41:38 +02:00
return LDB_ERR_OPERATIONS_ERROR ;
2006-12-15 13:08:57 +00:00
}
2008-08-21 12:56:04 +10:00
ret = ldb_schema_attribute_add_with_syntax ( ldb , samba_attributes [ i ] . name , LDB_ATTR_FLAG_FIXED , s ) ;
2006-12-15 13:08:57 +00:00
if ( ret ! = LDB_SUCCESS ) {
return ret ;
}
}
2008-12-16 08:43:12 +01:00
for ( i = 0 ; i < ARRAY_SIZE ( samba_dn_syntax ) ; i + + ) {
ret = ldb_dn_extended_add_syntax ( ldb , LDB_ATTR_FLAG_FIXED , & samba_dn_syntax [ i ] ) ;
if ( ret ! = LDB_SUCCESS ) {
return ret ;
}
}
2014-10-24 17:52:47 +02:00
ret = ldb_register_samba_matching_rules ( ldb ) ;
if ( ret ! = LDB_SUCCESS ) {
talloc_free ( ldb ) ;
return LDB_SUCCESS ;
}
2010-12-08 08:22:07 +11:00
ret = ldb_set_opaque ( ldb , " SAMBA_HANDLERS_REGISTERED " , ( void * ) 1 ) ;
if ( ret ! = LDB_SUCCESS ) {
return ret ;
}
2006-12-15 13:08:57 +00:00
return LDB_SUCCESS ;
2005-06-21 07:52:00 +00:00
}