2 ldb database library - ldif handlers for Samba
4 Copyright (C) Andrew Tridgell 2005
5 Copyright (C) Andrew Bartlett 2006-2009
6 Copyright (C) Matthias Dieter Wallnöfer 2009
7 ** NOTE! The following LGPL license applies to the ldb
8 ** library. This does NOT imply that all of Samba is released
11 This library is free software; you can redistribute it and/or
12 modify it under the terms of the GNU Lesser General Public
13 License as published by the Free Software Foundation; either
14 version 3 of the License, or (at your option) any later version.
16 This library is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19 Lesser General Public License for more details.
21 You should have received a copy of the GNU Lesser General Public
22 License along with this library; if not, see <http://www.gnu.org/licenses/>.
26 #include "lib/ldb/include/ldb.h"
27 #include "lib/ldb/include/ldb_module.h"
28 #include "ldb_handlers.h"
29 #include "dsdb/samdb/samdb.h"
30 #include "librpc/gen_ndr/ndr_security.h"
31 #include "librpc/gen_ndr/ndr_misc.h"
32 #include "librpc/gen_ndr/ndr_drsblobs.h"
33 #include "librpc/ndr/libndr.h"
34 #include "libcli/security/security.h"
35 #include "param/param.h"
36 #include "../lib/util/asn1.h"
39 use ndr_print_* to convert a NDR formatted blob to a ldif formatted blob
41 If mask_errors is true, then function succeeds but out data
42 is set to "<Unable to decode binary data>" message
44 \return 0 on success; -1 on error
46 static int ldif_write_NDR(struct ldb_context
*ldb
, void *mem_ctx
,
47 const struct ldb_val
*in
, struct ldb_val
*out
,
49 ndr_pull_flags_fn_t pull_fn
,
50 ndr_print_fn_t print_fn
,
54 enum ndr_err_code err
;
55 if (!(ldb_get_flags(ldb
) & LDB_FLG_SHOW_BINARY
)) {
56 return ldb_handler_copy(ldb
, mem_ctx
, in
, out
);
58 p
= talloc_size(mem_ctx
, struct_size
);
59 err
= ndr_pull_struct_blob(in
, mem_ctx
,
60 lp_iconv_convenience(ldb_get_opaque(ldb
, "loadparm")),
62 if (err
!= NDR_ERR_SUCCESS
) {
63 /* fail in not in mask_error mode */
68 out
->data
= (uint8_t *)talloc_strdup(mem_ctx
, "<Unable to decode binary data>");
69 out
->length
= strlen((const char *)out
->data
);
72 out
->data
= (uint8_t *)ndr_print_struct_string(mem_ctx
, print_fn
, "NDR", p
);
74 if (out
->data
== NULL
) {
75 return ldb_handler_copy(ldb
, mem_ctx
, in
, out
);
77 out
->length
= strlen((char *)out
->data
);
82 convert a ldif formatted objectSid to a NDR formatted blob
84 static int ldif_read_objectSid(struct ldb_context
*ldb
, void *mem_ctx
,
85 const struct ldb_val
*in
, struct ldb_val
*out
)
87 enum ndr_err_code ndr_err
;
89 sid
= dom_sid_parse_length(mem_ctx
, in
);
93 ndr_err
= ndr_push_struct_blob(out
, mem_ctx
, NULL
, sid
,
94 (ndr_push_flags_fn_t
)ndr_push_dom_sid
);
96 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err
)) {
103 convert a NDR formatted blob to a ldif formatted objectSid
105 int ldif_write_objectSid(struct ldb_context
*ldb
, void *mem_ctx
,
106 const struct ldb_val
*in
, struct ldb_val
*out
)
109 enum ndr_err_code ndr_err
;
111 sid
= talloc(mem_ctx
, struct dom_sid
);
115 ndr_err
= ndr_pull_struct_blob_all(in
, sid
, NULL
, sid
,
116 (ndr_pull_flags_fn_t
)ndr_pull_dom_sid
);
117 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err
)) {
121 *out
= data_blob_string_const(dom_sid_string(mem_ctx
, sid
));
123 if (out
->data
== NULL
) {
129 bool ldif_comparision_objectSid_isString(const struct ldb_val
*v
)
135 if (strncmp("S-", (const char *)v
->data
, 2) != 0) return false;
141 compare two objectSids
143 static int ldif_comparison_objectSid(struct ldb_context
*ldb
, void *mem_ctx
,
144 const struct ldb_val
*v1
, const struct ldb_val
*v2
)
146 if (ldif_comparision_objectSid_isString(v1
) && ldif_comparision_objectSid_isString(v2
)) {
147 return ldb_comparison_binary(ldb
, mem_ctx
, v1
, v2
);
148 } else if (ldif_comparision_objectSid_isString(v1
)
149 && !ldif_comparision_objectSid_isString(v2
)) {
152 if (ldif_read_objectSid(ldb
, mem_ctx
, v1
, &v
) != 0) {
153 /* Perhaps not a string after all */
154 return ldb_comparison_binary(ldb
, mem_ctx
, v1
, v2
);
156 ret
= ldb_comparison_binary(ldb
, mem_ctx
, &v
, v2
);
159 } else if (!ldif_comparision_objectSid_isString(v1
)
160 && ldif_comparision_objectSid_isString(v2
)) {
163 if (ldif_read_objectSid(ldb
, mem_ctx
, v2
, &v
) != 0) {
164 /* Perhaps not a string after all */
165 return ldb_comparison_binary(ldb
, mem_ctx
, v1
, v2
);
167 ret
= ldb_comparison_binary(ldb
, mem_ctx
, v1
, &v
);
171 return ldb_comparison_binary(ldb
, mem_ctx
, v1
, v2
);
175 canonicalise a objectSid
177 static int ldif_canonicalise_objectSid(struct ldb_context
*ldb
, void *mem_ctx
,
178 const struct ldb_val
*in
, struct ldb_val
*out
)
180 if (ldif_comparision_objectSid_isString(in
)) {
181 if (ldif_read_objectSid(ldb
, mem_ctx
, in
, out
) != 0) {
182 /* Perhaps not a string after all */
183 return ldb_handler_copy(ldb
, mem_ctx
, in
, out
);
187 return ldb_handler_copy(ldb
, mem_ctx
, in
, out
);
190 static int extended_dn_read_SID(struct ldb_context
*ldb
, void *mem_ctx
,
191 const struct ldb_val
*in
, struct ldb_val
*out
)
194 enum ndr_err_code ndr_err
;
195 if (ldif_comparision_objectSid_isString(in
)) {
196 if (ldif_read_objectSid(ldb
, mem_ctx
, in
, out
) == 0) {
201 /* Perhaps not a string after all */
202 *out
= data_blob_talloc(mem_ctx
, NULL
, in
->length
/2+1);
208 (*out
).length
= strhex_to_str((char *)out
->data
, out
->length
,
209 (const char *)in
->data
, in
->length
);
211 /* Check it looks like a SID */
212 ndr_err
= ndr_pull_struct_blob_all(out
, mem_ctx
, NULL
, &sid
,
213 (ndr_pull_flags_fn_t
)ndr_pull_dom_sid
);
214 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err
)) {
221 convert a ldif formatted objectGUID to a NDR formatted blob
223 static int ldif_read_objectGUID(struct ldb_context
*ldb
, void *mem_ctx
,
224 const struct ldb_val
*in
, struct ldb_val
*out
)
229 status
= GUID_from_data_blob(in
, &guid
);
230 if (!NT_STATUS_IS_OK(status
)) {
234 status
= GUID_to_ndr_blob(&guid
, mem_ctx
, out
);
235 if (!NT_STATUS_IS_OK(status
)) {
242 convert a NDR formatted blob to a ldif formatted objectGUID
244 static int ldif_write_objectGUID(struct ldb_context
*ldb
, void *mem_ctx
,
245 const struct ldb_val
*in
, struct ldb_val
*out
)
250 status
= GUID_from_ndr_blob(in
, &guid
);
251 if (!NT_STATUS_IS_OK(status
)) {
254 out
->data
= (uint8_t *)GUID_string(mem_ctx
, &guid
);
255 if (out
->data
== NULL
) {
258 out
->length
= strlen((const char *)out
->data
);
262 static bool ldif_comparision_objectGUID_isString(const struct ldb_val
*v
)
264 if (v
->length
!= 36 && v
->length
!= 38) return false;
266 /* Might be a GUID string, can't be a binary GUID (fixed 16 bytes) */
270 static int extended_dn_read_GUID(struct ldb_context
*ldb
, void *mem_ctx
,
271 const struct ldb_val
*in
, struct ldb_val
*out
)
276 if (in
->length
== 36 && ldif_read_objectGUID(ldb
, mem_ctx
, in
, out
) == 0) {
280 /* Try as 'hex' form */
281 if (in
->length
!= 32) {
285 *out
= data_blob_talloc(mem_ctx
, NULL
, in
->length
/2+1);
291 (*out
).length
= strhex_to_str((char *)out
->data
, out
->length
,
292 (const char *)in
->data
, in
->length
);
294 /* Check it looks like a GUID */
295 status
= GUID_from_ndr_blob(out
, &guid
);
296 if (!NT_STATUS_IS_OK(status
)) {
304 compare two objectGUIDs
306 static int ldif_comparison_objectGUID(struct ldb_context
*ldb
, void *mem_ctx
,
307 const struct ldb_val
*v1
, const struct ldb_val
*v2
)
309 if (ldif_comparision_objectGUID_isString(v1
) && ldif_comparision_objectGUID_isString(v2
)) {
310 return ldb_comparison_binary(ldb
, mem_ctx
, v1
, v2
);
311 } else if (ldif_comparision_objectGUID_isString(v1
)
312 && !ldif_comparision_objectGUID_isString(v2
)) {
315 if (ldif_read_objectGUID(ldb
, mem_ctx
, v1
, &v
) != 0) {
316 /* Perhaps it wasn't a valid string after all */
317 return ldb_comparison_binary(ldb
, mem_ctx
, v1
, v2
);
319 ret
= ldb_comparison_binary(ldb
, mem_ctx
, &v
, v2
);
322 } else if (!ldif_comparision_objectGUID_isString(v1
)
323 && ldif_comparision_objectGUID_isString(v2
)) {
326 if (ldif_read_objectGUID(ldb
, mem_ctx
, v2
, &v
) != 0) {
327 /* Perhaps it wasn't a valid string after all */
328 return ldb_comparison_binary(ldb
, mem_ctx
, v1
, v2
);
330 ret
= ldb_comparison_binary(ldb
, mem_ctx
, v1
, &v
);
334 return ldb_comparison_binary(ldb
, mem_ctx
, v1
, v2
);
338 canonicalise a objectGUID
340 static int ldif_canonicalise_objectGUID(struct ldb_context
*ldb
, void *mem_ctx
,
341 const struct ldb_val
*in
, struct ldb_val
*out
)
343 if (ldif_comparision_objectGUID_isString(in
)) {
344 if (ldif_read_objectGUID(ldb
, mem_ctx
, in
, out
) != 0) {
345 /* Perhaps it wasn't a valid string after all */
346 return ldb_handler_copy(ldb
, mem_ctx
, in
, out
);
350 return ldb_handler_copy(ldb
, mem_ctx
, in
, out
);
355 convert a ldif (SDDL) formatted ntSecurityDescriptor to a NDR formatted blob
357 static int ldif_read_ntSecurityDescriptor(struct ldb_context
*ldb
, void *mem_ctx
,
358 const struct ldb_val
*in
, struct ldb_val
*out
)
360 struct security_descriptor
*sd
;
361 enum ndr_err_code ndr_err
;
363 sd
= talloc(mem_ctx
, struct security_descriptor
);
368 ndr_err
= ndr_pull_struct_blob(in
, sd
, NULL
, sd
,
369 (ndr_pull_flags_fn_t
)ndr_pull_security_descriptor
);
370 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err
)) {
371 /* If this does not parse, then it is probably SDDL, and we should try it that way */
373 const struct dom_sid
*sid
= samdb_domain_sid(ldb
);
375 sd
= sddl_decode(mem_ctx
, (const char *)in
->data
, sid
);
381 ndr_err
= ndr_push_struct_blob(out
, mem_ctx
, NULL
, sd
,
382 (ndr_push_flags_fn_t
)ndr_push_security_descriptor
);
384 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err
)) {
392 convert a NDR formatted blob to a ldif formatted ntSecurityDescriptor (SDDL format)
394 static int ldif_write_ntSecurityDescriptor(struct ldb_context
*ldb
, void *mem_ctx
,
395 const struct ldb_val
*in
, struct ldb_val
*out
)
397 struct security_descriptor
*sd
;
398 enum ndr_err_code ndr_err
;
400 if (ldb_get_flags(ldb
) & LDB_FLG_SHOW_BINARY
) {
401 return ldif_write_NDR(ldb
, mem_ctx
, in
, out
,
402 sizeof(struct security_descriptor
),
403 (ndr_pull_flags_fn_t
)ndr_pull_security_descriptor
,
404 (ndr_print_fn_t
)ndr_print_security_descriptor
,
409 sd
= talloc(mem_ctx
, struct security_descriptor
);
413 /* We can't use ndr_pull_struct_blob_all because this contains relative pointers */
414 ndr_err
= ndr_pull_struct_blob(in
, sd
, NULL
, sd
,
415 (ndr_pull_flags_fn_t
)ndr_pull_security_descriptor
);
416 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err
)) {
420 out
->data
= (uint8_t *)sddl_encode(mem_ctx
, sd
, samdb_domain_sid_cache_only(ldb
));
422 if (out
->data
== NULL
) {
425 out
->length
= strlen((const char *)out
->data
);
430 canonicalise an objectCategory. We use the short form as the cannoical form:
431 cn=Person,cn=Schema,cn=Configuration,<basedn> becomes 'person'
434 static int ldif_canonicalise_objectCategory(struct ldb_context
*ldb
, void *mem_ctx
,
435 const struct ldb_val
*in
, struct ldb_val
*out
)
437 struct ldb_dn
*dn1
= NULL
;
438 const struct dsdb_schema
*schema
= dsdb_get_schema(ldb
);
439 const struct dsdb_class
*sclass
;
440 TALLOC_CTX
*tmp_ctx
= talloc_new(mem_ctx
);
442 return LDB_ERR_OPERATIONS_ERROR
;
446 talloc_free(tmp_ctx
);
447 *out
= data_blob_talloc(mem_ctx
, in
->data
, in
->length
);
448 if (in
->data
&& !out
->data
) {
449 return LDB_ERR_OPERATIONS_ERROR
;
453 dn1
= ldb_dn_from_ldb_val(tmp_ctx
, ldb
, in
);
454 if ( ! ldb_dn_validate(dn1
)) {
455 const char *lDAPDisplayName
= talloc_strndup(tmp_ctx
, (char *)in
->data
, in
->length
);
456 sclass
= dsdb_class_by_lDAPDisplayName(schema
, lDAPDisplayName
);
458 struct ldb_dn
*dn
= ldb_dn_new(mem_ctx
, ldb
,
459 sclass
->defaultObjectCategory
);
460 *out
= data_blob_string_const(ldb_dn_alloc_casefold(mem_ctx
, dn
));
461 talloc_free(tmp_ctx
);
464 return LDB_ERR_OPERATIONS_ERROR
;
468 *out
= data_blob_talloc(mem_ctx
, in
->data
, in
->length
);
469 talloc_free(tmp_ctx
);
471 if (in
->data
&& !out
->data
) {
472 return LDB_ERR_OPERATIONS_ERROR
;
477 *out
= data_blob_string_const(ldb_dn_alloc_casefold(mem_ctx
, dn1
));
478 talloc_free(tmp_ctx
);
481 return LDB_ERR_OPERATIONS_ERROR
;
486 static int ldif_comparison_objectCategory(struct ldb_context
*ldb
, void *mem_ctx
,
487 const struct ldb_val
*v1
,
488 const struct ldb_val
*v2
)
490 return ldb_any_comparison(ldb
, mem_ctx
, ldif_canonicalise_objectCategory
,
495 convert a ldif formatted prefixMap to a NDR formatted blob
497 static int ldif_read_prefixMap(struct ldb_context
*ldb
, void *mem_ctx
,
498 const struct ldb_val
*in
, struct ldb_val
*out
)
500 struct prefixMapBlob
*blob
;
501 enum ndr_err_code ndr_err
;
502 char *string
, *line
, *p
, *oid
;
505 TALLOC_CTX
*tmp_ctx
= talloc_new(mem_ctx
);
507 if (tmp_ctx
== NULL
) {
511 blob
= talloc_zero(tmp_ctx
, struct prefixMapBlob
);
517 blob
->version
= PREFIX_MAP_VERSION_DSDB
;
519 string
= talloc_strndup(mem_ctx
, (const char *)in
->data
, in
->length
);
520 if (string
== NULL
) {
526 while (line
&& line
[0]) {
531 p
=strchr(line
, '\n');
536 /* allow a trailing separator */
541 blob
->ctr
.dsdb
.mappings
= talloc_realloc(blob
,
542 blob
->ctr
.dsdb
.mappings
,
543 struct drsuapi_DsReplicaOIDMapping
,
544 blob
->ctr
.dsdb
.num_mappings
+1);
545 if (!blob
->ctr
.dsdb
.mappings
) {
546 talloc_free(tmp_ctx
);
550 blob
->ctr
.dsdb
.mappings
[blob
->ctr
.dsdb
.num_mappings
].id_prefix
= strtoul(line
, &oid
, 10);
553 talloc_free(tmp_ctx
);
557 /* we know there must be at least ":" */
560 if (!ber_write_partial_OID_String(blob
->ctr
.dsdb
.mappings
, &oid_blob
, oid
)) {
561 talloc_free(tmp_ctx
);
564 blob
->ctr
.dsdb
.mappings
[blob
->ctr
.dsdb
.num_mappings
].oid
.length
= oid_blob
.length
;
565 blob
->ctr
.dsdb
.mappings
[blob
->ctr
.dsdb
.num_mappings
].oid
.binary_oid
= oid_blob
.data
;
567 blob
->ctr
.dsdb
.num_mappings
++;
569 /* Now look past the terminator we added above */
577 ndr_err
= ndr_push_struct_blob(out
, mem_ctx
,
578 lp_iconv_convenience(ldb_get_opaque(ldb
, "loadparm")),
580 (ndr_push_flags_fn_t
)ndr_push_prefixMapBlob
);
581 talloc_free(tmp_ctx
);
582 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err
)) {
589 convert a NDR formatted blob to a ldif formatted prefixMap
591 static int ldif_write_prefixMap(struct ldb_context
*ldb
, void *mem_ctx
,
592 const struct ldb_val
*in
, struct ldb_val
*out
)
594 struct prefixMapBlob
*blob
;
595 enum ndr_err_code ndr_err
;
599 if (ldb_get_flags(ldb
) & LDB_FLG_SHOW_BINARY
) {
601 /* try to decode the blob as S4 prefixMap */
602 err
= ldif_write_NDR(ldb
, mem_ctx
, in
, out
,
603 sizeof(struct prefixMapBlob
),
604 (ndr_pull_flags_fn_t
)ndr_pull_prefixMapBlob
,
605 (ndr_print_fn_t
)ndr_print_prefixMapBlob
,
610 /* try parsing it as Windows PrefixMap value */
611 return ldif_write_NDR(ldb
, mem_ctx
, in
, out
,
612 sizeof(struct drsuapi_MSPrefixMap_Ctr
),
613 (ndr_pull_flags_fn_t
)ndr_pull_drsuapi_MSPrefixMap_Ctr
,
614 (ndr_print_fn_t
)ndr_print_drsuapi_MSPrefixMap_Ctr
,
618 blob
= talloc(mem_ctx
, struct prefixMapBlob
);
622 ndr_err
= ndr_pull_struct_blob_all(in
, blob
,
623 lp_iconv_convenience(ldb_get_opaque(ldb
, "loadparm")),
625 (ndr_pull_flags_fn_t
)ndr_pull_prefixMapBlob
);
626 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err
)) {
629 if (blob
->version
!= PREFIX_MAP_VERSION_DSDB
) {
632 string
= talloc_strdup(mem_ctx
, "");
633 if (string
== NULL
) {
637 for (i
=0; i
< blob
->ctr
.dsdb
.num_mappings
; i
++) {
639 const char *partial_oid
= NULL
;
642 string
= talloc_asprintf_append(string
, ";");
645 oid_blob
= data_blob_const(blob
->ctr
.dsdb
.mappings
[i
].oid
.binary_oid
,
646 blob
->ctr
.dsdb
.mappings
[i
].oid
.length
);
647 if (!ber_read_partial_OID_String(blob
, oid_blob
, &partial_oid
)) {
648 DEBUG(0, ("ber_read_partial_OID failed on prefixMap item with id: 0x%X",
649 blob
->ctr
.dsdb
.mappings
[i
].id_prefix
));
652 string
= talloc_asprintf_append(string
, "%u:%s",
653 blob
->ctr
.dsdb
.mappings
[i
].id_prefix
,
655 talloc_free(discard_const(partial_oid
));
656 if (string
== NULL
) {
662 *out
= data_blob_string_const(string
);
670 static bool ldif_comparision_prefixMap_isString(const struct ldb_val
*v
)
676 if (IVAL(v
->data
, 0) == PREFIX_MAP_VERSION_DSDB
) {
684 canonicalise a prefixMap
686 static int ldif_canonicalise_prefixMap(struct ldb_context
*ldb
, void *mem_ctx
,
687 const struct ldb_val
*in
, struct ldb_val
*out
)
689 if (ldif_comparision_prefixMap_isString(in
)) {
690 return ldif_read_prefixMap(ldb
, mem_ctx
, in
, out
);
692 return ldb_handler_copy(ldb
, mem_ctx
, in
, out
);
695 static int ldif_comparison_prefixMap(struct ldb_context
*ldb
, void *mem_ctx
,
696 const struct ldb_val
*v1
,
697 const struct ldb_val
*v2
)
699 return ldb_any_comparison(ldb
, mem_ctx
, ldif_canonicalise_prefixMap
,
703 /* length limited conversion of a ldb_val to a int32_t */
704 static int val_to_int32(const struct ldb_val
*in
, int32_t *v
)
709 /* make sure we don't read past the end of the data */
710 if (in
->length
> sizeof(buf
)-1) {
711 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX
;
713 strncpy(buf
, (char *)in
->data
, in
->length
);
716 /* We've to use "strtoll" here to have the intended overflows.
717 * Otherwise we may get "LONG_MAX" and the conversion is wrong. */
718 *v
= (int32_t) strtoll(buf
, &end
, 0);
720 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX
;
725 /* length limited conversion of a ldb_val to a int64_t */
726 static int val_to_int64(const struct ldb_val
*in
, int64_t *v
)
731 /* make sure we don't read past the end of the data */
732 if (in
->length
> sizeof(buf
)-1) {
733 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX
;
735 strncpy(buf
, (char *)in
->data
, in
->length
);
738 *v
= (int64_t) strtoll(buf
, &end
, 0);
740 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX
;
745 /* Canonicalisation of two 32-bit integers */
746 static int ldif_canonicalise_int32(struct ldb_context
*ldb
, void *mem_ctx
,
747 const struct ldb_val
*in
, struct ldb_val
*out
)
752 ret
= val_to_int32(in
, &i
);
753 if (ret
!= LDB_SUCCESS
) {
756 out
->data
= (uint8_t *) talloc_asprintf(mem_ctx
, "%d", i
);
757 if (out
->data
== NULL
) {
759 return LDB_ERR_OPERATIONS_ERROR
;
761 out
->length
= strlen((char *)out
->data
);
765 /* Comparison of two 32-bit integers */
766 static int ldif_comparison_int32(struct ldb_context
*ldb
, void *mem_ctx
,
767 const struct ldb_val
*v1
, const struct ldb_val
*v2
)
770 val_to_int32(v1
, &i1
);
771 val_to_int32(v2
, &i2
);
772 if (i1
== i2
) return 0;
773 return i1
> i2
? 1 : -1;
776 /* Canonicalisation of two 64-bit integers */
777 static int ldif_canonicalise_int64(struct ldb_context
*ldb
, void *mem_ctx
,
778 const struct ldb_val
*in
, struct ldb_val
*out
)
783 ret
= val_to_int64(in
, &i
);
784 if (ret
!= LDB_SUCCESS
) {
787 out
->data
= (uint8_t *) talloc_asprintf(mem_ctx
, "%lld", (long long)i
);
788 if (out
->data
== NULL
) {
790 return LDB_ERR_OPERATIONS_ERROR
;
792 out
->length
= strlen((char *)out
->data
);
796 /* Comparison of two 64-bit integers */
797 static int ldif_comparison_int64(struct ldb_context
*ldb
, void *mem_ctx
,
798 const struct ldb_val
*v1
, const struct ldb_val
*v2
)
801 val_to_int64(v1
, &i1
);
802 val_to_int64(v2
, &i2
);
803 if (i1
== i2
) return 0;
804 return i1
> i2
? 1 : -1;
808 convert a NDR formatted blob to a ldif formatted repsFromTo
810 static int ldif_write_repsFromTo(struct ldb_context
*ldb
, void *mem_ctx
,
811 const struct ldb_val
*in
, struct ldb_val
*out
)
813 return ldif_write_NDR(ldb
, mem_ctx
, in
, out
,
814 sizeof(struct repsFromToBlob
),
815 (ndr_pull_flags_fn_t
)ndr_pull_repsFromToBlob
,
816 (ndr_print_fn_t
)ndr_print_repsFromToBlob
,
821 convert a NDR formatted blob to a ldif formatted replPropertyMetaData
823 static int ldif_write_replPropertyMetaData(struct ldb_context
*ldb
, void *mem_ctx
,
824 const struct ldb_val
*in
, struct ldb_val
*out
)
826 return ldif_write_NDR(ldb
, mem_ctx
, in
, out
,
827 sizeof(struct replPropertyMetaDataBlob
),
828 (ndr_pull_flags_fn_t
)ndr_pull_replPropertyMetaDataBlob
,
829 (ndr_print_fn_t
)ndr_print_replPropertyMetaDataBlob
,
834 convert a NDR formatted blob to a ldif formatted replUpToDateVector
836 static int ldif_write_replUpToDateVector(struct ldb_context
*ldb
, void *mem_ctx
,
837 const struct ldb_val
*in
, struct ldb_val
*out
)
839 return ldif_write_NDR(ldb
, mem_ctx
, in
, out
,
840 sizeof(struct replUpToDateVectorBlob
),
841 (ndr_pull_flags_fn_t
)ndr_pull_replUpToDateVectorBlob
,
842 (ndr_print_fn_t
)ndr_print_replUpToDateVectorBlob
,
847 static int extended_dn_write_hex(struct ldb_context
*ldb
, void *mem_ctx
,
848 const struct ldb_val
*in
, struct ldb_val
*out
)
850 *out
= data_blob_string_const(data_blob_hex_string_lower(mem_ctx
, in
));
859 write a 64 bit 2-part range
861 static int ldif_write_range64(struct ldb_context
*ldb
, void *mem_ctx
,
862 const struct ldb_val
*in
, struct ldb_val
*out
)
866 ret
= val_to_int64(in
, &v
);
867 if (ret
!= LDB_SUCCESS
) {
870 out
->data
= (uint8_t *)talloc_asprintf(mem_ctx
, "%lu-%lu",
871 (unsigned long)(v
&0xFFFFFFFF),
872 (unsigned long)(v
>>32));
873 if (out
->data
== NULL
) {
875 return LDB_ERR_OPERATIONS_ERROR
;
877 out
->length
= strlen((char *)out
->data
);
882 read a 64 bit 2-part range
884 static int ldif_read_range64(struct ldb_context
*ldb
, void *mem_ctx
,
885 const struct ldb_val
*in
, struct ldb_val
*out
)
887 unsigned long high
, low
;
890 if (memchr(in
->data
, '-', in
->length
) == NULL
) {
891 return ldb_handler_copy(ldb
, mem_ctx
, in
, out
);
894 if (in
->length
> sizeof(buf
)-1) {
895 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX
;
897 strncpy(buf
, (const char *)in
->data
, in
->length
);
900 if (sscanf(buf
, "%lu-%lu", &low
, &high
) != 2) {
901 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX
;
904 out
->data
= (uint8_t *)talloc_asprintf(mem_ctx
, "%llu",
905 (unsigned long long)(((uint64_t)high
)<<32) | (low
));
907 if (out
->data
== NULL
) {
909 return LDB_ERR_OPERATIONS_ERROR
;
911 out
->length
= strlen((char *)out
->data
);
915 static const struct ldb_schema_syntax samba_syntaxes
[] = {
917 .name
= LDB_SYNTAX_SAMBA_SID
,
918 .ldif_read_fn
= ldif_read_objectSid
,
919 .ldif_write_fn
= ldif_write_objectSid
,
920 .canonicalise_fn
= ldif_canonicalise_objectSid
,
921 .comparison_fn
= ldif_comparison_objectSid
923 .name
= LDB_SYNTAX_SAMBA_SECURITY_DESCRIPTOR
,
924 .ldif_read_fn
= ldif_read_ntSecurityDescriptor
,
925 .ldif_write_fn
= ldif_write_ntSecurityDescriptor
,
926 .canonicalise_fn
= ldb_handler_copy
,
927 .comparison_fn
= ldb_comparison_binary
929 .name
= LDB_SYNTAX_SAMBA_GUID
,
930 .ldif_read_fn
= ldif_read_objectGUID
,
931 .ldif_write_fn
= ldif_write_objectGUID
,
932 .canonicalise_fn
= ldif_canonicalise_objectGUID
,
933 .comparison_fn
= ldif_comparison_objectGUID
935 .name
= LDB_SYNTAX_SAMBA_OBJECT_CATEGORY
,
936 .ldif_read_fn
= ldb_handler_copy
,
937 .ldif_write_fn
= ldb_handler_copy
,
938 .canonicalise_fn
= ldif_canonicalise_objectCategory
,
939 .comparison_fn
= ldif_comparison_objectCategory
941 .name
= LDB_SYNTAX_SAMBA_PREFIX_MAP
,
942 .ldif_read_fn
= ldif_read_prefixMap
,
943 .ldif_write_fn
= ldif_write_prefixMap
,
944 .canonicalise_fn
= ldif_canonicalise_prefixMap
,
945 .comparison_fn
= ldif_comparison_prefixMap
947 .name
= LDB_SYNTAX_SAMBA_INT32
,
948 .ldif_read_fn
= ldb_handler_copy
,
949 .ldif_write_fn
= ldb_handler_copy
,
950 .canonicalise_fn
= ldif_canonicalise_int32
,
951 .comparison_fn
= ldif_comparison_int32
953 .name
= LDB_SYNTAX_SAMBA_REPSFROMTO
,
954 .ldif_read_fn
= ldb_handler_copy
,
955 .ldif_write_fn
= ldif_write_repsFromTo
,
956 .canonicalise_fn
= ldb_handler_copy
,
957 .comparison_fn
= ldb_comparison_binary
959 .name
= LDB_SYNTAX_SAMBA_REPLPROPERTYMETADATA
,
960 .ldif_read_fn
= ldb_handler_copy
,
961 .ldif_write_fn
= ldif_write_replPropertyMetaData
,
962 .canonicalise_fn
= ldb_handler_copy
,
963 .comparison_fn
= ldb_comparison_binary
965 .name
= LDB_SYNTAX_SAMBA_REPLUPTODATEVECTOR
,
966 .ldif_read_fn
= ldb_handler_copy
,
967 .ldif_write_fn
= ldif_write_replUpToDateVector
,
968 .canonicalise_fn
= ldb_handler_copy
,
969 .comparison_fn
= ldb_comparison_binary
971 .name
= DSDB_SYNTAX_BINARY_DN
,
972 .ldif_read_fn
= ldb_handler_copy
,
973 .ldif_write_fn
= ldb_handler_copy
,
974 .canonicalise_fn
= dsdb_dn_binary_canonicalise
,
975 .comparison_fn
= dsdb_dn_binary_comparison
977 .name
= DSDB_SYNTAX_STRING_DN
,
978 .ldif_read_fn
= ldb_handler_copy
,
979 .ldif_write_fn
= ldb_handler_copy
,
980 .canonicalise_fn
= dsdb_dn_string_canonicalise
,
981 .comparison_fn
= dsdb_dn_string_comparison
983 .name
= LDB_SYNTAX_SAMBA_RANGE64
,
984 .ldif_read_fn
= ldif_read_range64
,
985 .ldif_write_fn
= ldif_write_range64
,
986 .canonicalise_fn
= ldif_canonicalise_int64
,
987 .comparison_fn
= ldif_comparison_int64
991 static const struct ldb_dn_extended_syntax samba_dn_syntax
[] = {
994 .read_fn
= extended_dn_read_SID
,
995 .write_clear_fn
= ldif_write_objectSid
,
996 .write_hex_fn
= extended_dn_write_hex
999 .read_fn
= extended_dn_read_GUID
,
1000 .write_clear_fn
= ldif_write_objectGUID
,
1001 .write_hex_fn
= extended_dn_write_hex
1004 .read_fn
= ldb_handler_copy
,
1005 .write_clear_fn
= ldb_handler_copy
,
1006 .write_hex_fn
= ldb_handler_copy
1008 .name
= "RMD_INVOCID",
1009 .read_fn
= extended_dn_read_GUID
,
1010 .write_clear_fn
= ldif_write_objectGUID
,
1011 .write_hex_fn
= extended_dn_write_hex
1013 .name
= "RMD_FLAGS",
1014 .read_fn
= ldb_handler_copy
,
1015 .write_clear_fn
= ldb_handler_copy
,
1016 .write_hex_fn
= ldb_handler_copy
1018 .name
= "RMD_ADDTIME",
1019 .read_fn
= ldb_handler_copy
,
1020 .write_clear_fn
= ldb_handler_copy
,
1021 .write_hex_fn
= ldb_handler_copy
1023 .name
= "RMD_CHANGETIME",
1024 .read_fn
= ldb_handler_copy
,
1025 .write_clear_fn
= ldb_handler_copy
,
1026 .write_hex_fn
= ldb_handler_copy
1028 .name
= "RMD_LOCAL_USN",
1029 .read_fn
= ldb_handler_copy
,
1030 .write_clear_fn
= ldb_handler_copy
,
1031 .write_hex_fn
= ldb_handler_copy
1033 .name
= "RMD_ORIGINATING_USN",
1034 .read_fn
= ldb_handler_copy
,
1035 .write_clear_fn
= ldb_handler_copy
,
1036 .write_hex_fn
= ldb_handler_copy
1038 .name
= "RMD_VERSION",
1039 .read_fn
= ldb_handler_copy
,
1040 .write_clear_fn
= ldb_handler_copy
,
1041 .write_hex_fn
= ldb_handler_copy
1045 /* TODO: Should be dynamic at some point */
1046 static const struct {
1049 } samba_attributes
[] = {
1050 { "objectSid", LDB_SYNTAX_SAMBA_SID
},
1051 { "securityIdentifier", LDB_SYNTAX_SAMBA_SID
},
1052 { "ntSecurityDescriptor", LDB_SYNTAX_SAMBA_SECURITY_DESCRIPTOR
},
1053 { "objectGUID", LDB_SYNTAX_SAMBA_GUID
},
1054 { "invocationId", LDB_SYNTAX_SAMBA_GUID
},
1055 { "schemaIDGUID", LDB_SYNTAX_SAMBA_GUID
},
1056 { "oMSyntax", LDB_SYNTAX_SAMBA_INT32
},
1057 { "attributeSecurityGUID", LDB_SYNTAX_SAMBA_GUID
},
1058 { "parentGUID", LDB_SYNTAX_SAMBA_GUID
},
1059 { "siteGUID", LDB_SYNTAX_SAMBA_GUID
},
1060 { "pKTGUID", LDB_SYNTAX_SAMBA_GUID
},
1061 { "fRSVersionGUID", LDB_SYNTAX_SAMBA_GUID
},
1062 { "fRSReplicaSetGUID", LDB_SYNTAX_SAMBA_GUID
},
1063 { "netbootGUID", LDB_SYNTAX_SAMBA_GUID
},
1064 { "msDS-OptionalFeatureGUID", LDB_SYNTAX_SAMBA_GUID
},
1065 { "objectCategory", LDB_SYNTAX_SAMBA_OBJECT_CATEGORY
},
1066 { "prefixMap", LDB_SYNTAX_SAMBA_PREFIX_MAP
},
1067 { "repsFrom", LDB_SYNTAX_SAMBA_REPSFROMTO
},
1068 { "repsTo", LDB_SYNTAX_SAMBA_REPSFROMTO
},
1069 { "replPropertyMetaData", LDB_SYNTAX_SAMBA_REPLPROPERTYMETADATA
},
1070 { "replUpToDateVector", LDB_SYNTAX_SAMBA_REPLUPTODATEVECTOR
},
1071 { "rIDAllocationPool", LDB_SYNTAX_SAMBA_RANGE64
},
1072 { "rIDPreviousAllocationPool", LDB_SYNTAX_SAMBA_RANGE64
},
1073 { "rIDAvailablePool", LDB_SYNTAX_SAMBA_RANGE64
},
1076 const struct ldb_schema_syntax
*ldb_samba_syntax_by_name(struct ldb_context
*ldb
, const char *name
)
1079 const struct ldb_schema_syntax
*s
= NULL
;
1081 for (j
=0; j
< ARRAY_SIZE(samba_syntaxes
); j
++) {
1082 if (strcmp(name
, samba_syntaxes
[j
].name
) == 0) {
1083 s
= &samba_syntaxes
[j
];
1090 const struct ldb_schema_syntax
*ldb_samba_syntax_by_lDAPDisplayName(struct ldb_context
*ldb
, const char *name
)
1093 const struct ldb_schema_syntax
*s
= NULL
;
1095 for (j
=0; j
< ARRAY_SIZE(samba_attributes
); j
++) {
1096 if (strcmp(samba_attributes
[j
].name
, name
) == 0) {
1097 s
= ldb_samba_syntax_by_name(ldb
, samba_attributes
[j
].syntax
);
1106 register the samba ldif handlers
1108 int ldb_register_samba_handlers(struct ldb_context
*ldb
)
1112 for (i
=0; i
< ARRAY_SIZE(samba_attributes
); i
++) {
1114 const struct ldb_schema_syntax
*s
= NULL
;
1116 s
= ldb_samba_syntax_by_name(ldb
, samba_attributes
[i
].syntax
);
1119 s
= ldb_standard_syntax_by_name(ldb
, samba_attributes
[i
].syntax
);
1126 ret
= ldb_schema_attribute_add_with_syntax(ldb
, samba_attributes
[i
].name
, LDB_ATTR_FLAG_FIXED
, s
);
1127 if (ret
!= LDB_SUCCESS
) {
1132 for (i
=0; i
< ARRAY_SIZE(samba_dn_syntax
); i
++) {
1134 ret
= ldb_dn_extended_add_syntax(ldb
, LDB_ATTR_FLAG_FIXED
, &samba_dn_syntax
[i
]);
1135 if (ret
!= LDB_SUCCESS
) {