dsdb: Introduce LDB_SYNTAX_SAMBA_OCTET_STRING

The sort order for this function is more expected than the sort order for
ldb_comparsion_binary()

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

lib/ldb-samba/ldif_handlers.c

@@ -1238,6 +1238,47 @@ static int samba_syntax_operator_fn(struct ldb_context *ldb, enum ldb_parse_op o
 	return LDB_ERR_INAPPROPRIATE_MATCHING;
 }
 
+/*
+  compare two binary objects.  This is correct for sorting as the sort order is:
+  
+  a
+  aa
+  b
+  bb
+
+  rather than ldb_comparison_binary() which is:
+
+  a
+  b
+  aa
+  bb
+  
+*/
+static int samba_ldb_comparison_binary(struct ldb_context *ldb, void *mem_ctx,
+				       const struct ldb_val *v1, const struct ldb_val *v2)
+{
+	return data_blob_cmp(v1, v2);
+}
+
+/*
+  when this operator_fn is set for a syntax, the backend calls is in
+  preference to the comparison function. We are told the exact
+  comparison operation that is needed, and we can return errors.
+
+  This mode optimises for ldb_comparison_binary() if we need equality,
+  as this should be faster as it can do a length-check first.
+ */
+static int samba_syntax_binary_operator_fn(struct ldb_context *ldb, enum ldb_parse_op operation,
+					   const struct ldb_schema_attribute *a,
+					   const struct ldb_val *v1, const struct ldb_val *v2, bool *matched)
+{
+	if (operation == LDB_OP_EQUALITY) {
+		*matched = (ldb_comparison_binary(ldb, NULL, v1, v2) == 0);
+		return LDB_SUCCESS;
+	}
+	return samba_syntax_operator_fn(ldb, operation, a, v1, v2, matched);
+}
+
 /*
   see if two DNs match, comparing first by GUID, then by SID, and
   finally by string components
@@ -1334,8 +1375,8 @@ static const struct ldb_schema_syntax samba_syntaxes[] = {
 		.ldif_read_fn	  = ldif_read_ntSecurityDescriptor,
 		.ldif_write_fn	  = ldif_write_ntSecurityDescriptor,
 		.canonicalise_fn  = ldb_handler_copy,
-		.comparison_fn	  = ldb_comparison_binary,
-		.operator_fn      = samba_syntax_operator_fn
+		.comparison_fn	  = samba_ldb_comparison_binary,
+		.operator_fn      = samba_syntax_binary_operator_fn
 	},{
 		.name		  = LDB_SYNTAX_SAMBA_SDDL_SECURITY_DESCRIPTOR,
 		.ldif_read_fn	  = ldb_handler_copy,
@@ -1362,8 +1403,8 @@ static const struct ldb_schema_syntax samba_syntaxes[] = {
 		.ldif_read_fn	  = ldb_handler_copy,
 		.ldif_write_fn	  = ldif_write_schemaInfo,
 		.canonicalise_fn  = ldb_handler_copy,
-		.comparison_fn	  = ldb_comparison_binary,
-		.operator_fn      = samba_syntax_operator_fn
+		.comparison_fn	  = samba_ldb_comparison_binary,
+		.operator_fn      = samba_syntax_binary_operator_fn
 	},{
 		.name		  = LDB_SYNTAX_SAMBA_PREFIX_MAP,
 		.ldif_read_fn	  = ldif_read_prefixMap,
@@ -1383,22 +1424,22 @@ static const struct ldb_schema_syntax samba_syntaxes[] = {
 		.ldif_read_fn	  = ldb_handler_copy,
 		.ldif_write_fn	  = ldif_write_repsFromTo,
 		.canonicalise_fn  = ldb_handler_copy,
-		.comparison_fn	  = ldb_comparison_binary,
-		.operator_fn      = samba_syntax_operator_fn
+		.comparison_fn	  = samba_ldb_comparison_binary,
+		.operator_fn      = samba_syntax_binary_operator_fn
 	},{
 		.name		  = LDB_SYNTAX_SAMBA_REPLPROPERTYMETADATA,
 		.ldif_read_fn	  = ldb_handler_copy,
 		.ldif_write_fn	  = ldif_write_replPropertyMetaData,
 		.canonicalise_fn  = ldb_handler_copy,
-		.comparison_fn	  = ldb_comparison_binary,
-		.operator_fn      = samba_syntax_operator_fn
+		.comparison_fn	  = samba_ldb_comparison_binary,
+		.operator_fn      = samba_syntax_binary_operator_fn
 	},{
 		.name		  = LDB_SYNTAX_SAMBA_REPLUPTODATEVECTOR,
 		.ldif_read_fn	  = ldb_handler_copy,
 		.ldif_write_fn	  = ldif_write_replUpToDateVector,
 		.canonicalise_fn  = ldb_handler_copy,
-		.comparison_fn	  = ldb_comparison_binary,
-		.operator_fn      = samba_syntax_operator_fn
+		.comparison_fn	  = samba_ldb_comparison_binary,
+		.operator_fn      = samba_syntax_binary_operator_fn
 	},{
 		.name		  = LDB_SYNTAX_SAMBA_REVEALEDUSERS,
 		.ldif_read_fn	  = ldb_handler_copy,
@@ -1411,15 +1452,15 @@ static const struct ldb_schema_syntax samba_syntaxes[] = {
 		.ldif_read_fn	  = ldb_handler_copy,
 		.ldif_write_fn	  = ldif_write_trustAuthInOutBlob,
 		.canonicalise_fn  = ldb_handler_copy,
-		.comparison_fn	  = ldb_comparison_binary,
-		.operator_fn      = samba_syntax_operator_fn
+		.comparison_fn	  = samba_ldb_comparison_binary,
+		.operator_fn      = samba_syntax_binary_operator_fn
 	},{
 		.name		  = LDB_SYNTAX_SAMBA_FORESTTRUSTINFO,
 		.ldif_read_fn	  = ldb_handler_copy,
 		.ldif_write_fn	  = ldif_write_ForestTrustInfo,
 		.canonicalise_fn  = ldb_handler_copy,
-		.comparison_fn	  = ldb_comparison_binary,
-		.operator_fn      = samba_syntax_operator_fn
+		.comparison_fn	  = samba_ldb_comparison_binary,
+		.operator_fn      = samba_syntax_binary_operator_fn
 	},{
 		.name		  = DSDB_SYNTAX_BINARY_DN,
 		.ldif_read_fn	  = ldb_handler_copy,
@@ -1453,29 +1494,36 @@ static const struct ldb_schema_syntax samba_syntaxes[] = {
 		.ldif_read_fn	  = ldb_handler_copy,
 		.ldif_write_fn	  = ldif_write_dnsRecord,
 		.canonicalise_fn  = ldb_handler_copy,
-		.comparison_fn	  = ldb_comparison_binary,
-		.operator_fn      = samba_syntax_operator_fn
+		.comparison_fn	  = samba_ldb_comparison_binary,
+		.operator_fn      = samba_syntax_binary_operator_fn
 	},{
 		.name		  = LDB_SYNTAX_SAMBA_DNSPROPERTY,
 		.ldif_read_fn	  = ldb_handler_copy,
 		.ldif_write_fn	  = ldif_write_dnsProperty,
 		.canonicalise_fn  = ldb_handler_copy,
-		.comparison_fn	  = ldb_comparison_binary,
-		.operator_fn      = samba_syntax_operator_fn
+		.comparison_fn	  = samba_ldb_comparison_binary,
+		.operator_fn      = samba_syntax_binary_operator_fn
 	},{
 		.name		  = LDB_SYNTAX_SAMBA_SUPPLEMENTALCREDENTIALS,
 		.ldif_read_fn	  = ldb_handler_copy,
 		.ldif_write_fn	  = ldif_write_supplementalCredentialsBlob,
 		.canonicalise_fn  = ldb_handler_copy,
-		.comparison_fn	  = ldb_comparison_binary,
-		.operator_fn      = samba_syntax_operator_fn
+		.comparison_fn	  = samba_ldb_comparison_binary,
+		.operator_fn      = samba_syntax_binary_operator_fn
 	},{
 		.name		  = LDB_SYNTAX_SAMBA_PARTIALATTRIBUTESET,
 		.ldif_read_fn	  = ldb_handler_copy,
 		.ldif_write_fn	  = ldif_write_partialAttributeSet,
 		.canonicalise_fn  = ldb_handler_copy,
-		.comparison_fn	  = ldb_comparison_binary,
-		.operator_fn      = samba_syntax_operator_fn
+		.comparison_fn	  = samba_ldb_comparison_binary,
+		.operator_fn      = samba_syntax_binary_operator_fn
+	},{
+		.name		  = LDB_SYNTAX_SAMBA_OCTET_STRING,
+		.ldif_read_fn	  = ldb_handler_copy,
+		.ldif_write_fn	  = ldb_handler_copy,
+		.canonicalise_fn  = ldb_handler_copy,
+		.comparison_fn	  = samba_ldb_comparison_binary,
+		.operator_fn      = samba_syntax_binary_operator_fn
 	}
 };
 

lib/ldb-samba/ldif_handlers.h

@@ -20,6 +20,7 @@
 #define LDB_SYNTAX_SAMBA_TRUSTAUTHINOUTBLOB     "LDB_SYNTAX_SAMBA_TRUSTAUTHINOUTBLOB"
 #define LDB_SYNTAX_SAMBA_FORESTTRUSTINFO        "LDB_SYNTAX_SAMBA_FORESTTRUSTINFO"
 #define LDB_SYNTAX_SAMBA_PARTIALATTRIBUTESET    "LDB_SYNTAX_SAMBA_PARTIALATTRIBUTESET"
+#define LDB_SYNTAX_SAMBA_OCTET_STRING           "LDB_SYNTAX_SAMBA_OCTET_STRING"
 #include "lib/ldb-samba/ldif_handlers_proto.h"
 
 #undef _PRINTF_ATTRIBUTE

source4/dsdb/schema/schema_syntax.c

@@ -2395,7 +2395,8 @@ static const struct dsdb_syntax dsdb_syntaxes[] = {
 		.validate_ldb		= dsdb_syntax_DATA_BLOB_validate_ldb,
 		.equality               = "octetStringMatch",
 		.comment                = "Octet String",
-		.userParameters         = true
+		.userParameters         = true,
+		.ldb_syntax             = LDB_SYNTAX_SAMBA_OCTET_STRING
 	},{
 		.name			= "String(Sid)",
 		.ldap_oid		= LDB_SYNTAX_OCTET_STRING,
@@ -2449,7 +2450,7 @@ static const struct dsdb_syntax dsdb_syntaxes[] = {
 		.drsuapi_to_ldb		= dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
 		.ldb_to_drsuapi		= dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
 		.validate_ldb		= dsdb_syntax_DATA_BLOB_validate_ldb,
-		.ldb_syntax		= LDB_SYNTAX_OCTET_STRING,
+		.ldb_syntax		= LDB_SYNTAX_SAMBA_OCTET_STRING,
 	},{
 		.name			= "String(Teletex)",
 		.ldap_oid		= "1.2.840.113556.1.4.905",
@@ -2472,7 +2473,7 @@ static const struct dsdb_syntax dsdb_syntaxes[] = {
 		.validate_ldb		= dsdb_syntax_DATA_BLOB_validate_ldb,
 		.equality               = "caseExactIA5Match",
 		.comment                = "Printable String",
-		.ldb_syntax		= LDB_SYNTAX_OCTET_STRING,
+		.ldb_syntax		= LDB_SYNTAX_SAMBA_OCTET_STRING,
 	},{
 		.name			= "String(UTC-Time)",
 		.ldap_oid		= "1.3.6.1.4.1.1466.115.121.1.53",
@@ -2510,7 +2511,7 @@ static const struct dsdb_syntax dsdb_syntaxes[] = {
 		 * as Directory String (LDB_SYNTAX_DIRECTORY_STRING), but case sensitive.
 		 * But according to ms docs binary compare should do the job:
 		 * http://msdn.microsoft.com/en-us/library/cc223200(v=PROT.10).aspx */
-		.ldb_syntax		= LDB_SYNTAX_OCTET_STRING,
+		.ldb_syntax		= LDB_SYNTAX_SAMBA_OCTET_STRING,
 	},{
 		.name			= "String(Unicode)",
 		.ldap_oid		= LDB_SYNTAX_DIRECTORY_STRING,