sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-08 04:58:40 +03:00
Code

ldb: changed DN matching rules to obey GUID/SID/string ordering

Browse Source 
when matching two DNs, the GUID takes priority, then the SID, then the
string component

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
This commit is contained in:
Andrew Tridgell 2011-08-02 17:15:28 +10:00
parent 7b5f0a7120
commit e07ca09a7b
1 changed files with 54 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
lib/ldb-samba/ldif_handlers.c
View File

@ -1118,6 +1118,52 @@ static int samba_syntax_operator_fn(struct ldb_context *ldb, enum ldb_parse_op o
return LDB_ERR_INAPPROPRIATE_MATCHING;
}
/*
see if two DNs match, comparing first by GUID, then by SID, and
finally by string components
*/
static int samba_dn_extended_match(struct ldb_context *ldb,
const struct ldb_val *v1,
const struct ldb_val *v2,
bool *matched)
{
TALLOC_CTX *tmp_ctx;
struct ldb_dn *dn1, *dn2;
const struct ldb_val *guid1, *guid2, *sid1, *sid2;
tmp_ctx = talloc_new(ldb);
dn1 = ldb_dn_from_ldb_val(tmp_ctx, ldb, v1);
dn2 = ldb_dn_from_ldb_val(tmp_ctx, ldb, v2);
if (!dn1 || !dn2) {
/* couldn't parse as DN's */
talloc_free(tmp_ctx);
(*matched) = false;
return LDB_SUCCESS;
}
guid1 = ldb_dn_get_extended_component(dn1, "GUID");
guid2 = ldb_dn_get_extended_component(dn2, "GUID");
if (guid1 && guid2) {
(*matched) = (data_blob_cmp(guid1, guid2) == 0);
talloc_free(tmp_ctx);
return LDB_SUCCESS;
}
sid1 = ldb_dn_get_extended_component(dn1, "SID");
sid2 = ldb_dn_get_extended_component(dn2, "SID");
if (sid1 && sid2) {
(*matched) = (data_blob_cmp(sid1, sid2) == 0);
talloc_free(tmp_ctx);
return LDB_SUCCESS;
}
(*matched) = (ldb_dn_compare(dn1, dn2) == 0);
talloc_free(tmp_ctx);
return LDB_SUCCESS;
}
/*
special operation for DNs, to take account of the RMD_FLAGS deleted bit
*/
@ -1127,9 +1173,17 @@ static int samba_syntax_operator_dn(struct ldb_context *ldb, enum ldb_parse_op o
{
if (operation == LDB_OP_PRESENT && dsdb_dn_is_deleted_val(v1)) {
/* If the DN is deleted, then we can't search for it */
/* should this be for equality too? */
*matched = false;
return LDB_SUCCESS;
}
if (operation == LDB_OP_EQUALITY &&
samba_dn_extended_match(ldb, v1, v2, matched) == LDB_SUCCESS) {
return LDB_SUCCESS;
}
return samba_syntax_operator_fn(ldb, operation, a, v1, v2, matched);
}