search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s4:ldif_handlers - Change "unsigned int" to "uint32_t" which fits better here
[Samba/cd1.git] / source4 / lib / ldb-samba / ldif_handlers.c
blob4d7d5db7eac337fc2e04b91f5621dbde8a12e07a
1 /*
2 ldb database library - ldif handlers for Samba
3
4 Copyright (C) Andrew Tridgell 2005
5 Copyright (C) Andrew Bartlett 2006-2009
6 Copyright (C) Matthias Dieter Wallnöfer 2009
7 ** NOTE! The following LGPL license applies to the ldb
8 ** library. This does NOT imply that all of Samba is released
9 ** under the LGPL
10
11 This library is free software; you can redistribute it and/or
12 modify it under the terms of the GNU Lesser General Public
13 License as published by the Free Software Foundation; either
14 version 3 of the License, or (at your option) any later version.
15
16 This library is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19 Lesser General Public License for more details.
20
21 You should have received a copy of the GNU Lesser General Public
22 License along with this library; if not, see <http://www.gnu.org/licenses/>.
23 */
24
25 #include "includes.h"
26 #include "lib/ldb/include/ldb.h"
27 #include "lib/ldb/include/ldb_module.h"
28 #include "ldb_handlers.h"
29 #include "dsdb/samdb/samdb.h"
30 #include "librpc/gen_ndr/ndr_security.h"
31 #include "librpc/gen_ndr/ndr_misc.h"
32 #include "librpc/gen_ndr/ndr_drsblobs.h"
33 #include "librpc/ndr/libndr.h"
34 #include "libcli/security/security.h"
35 #include "param/param.h"
36 #include "../lib/util/asn1.h"
37
38 /*
39 use ndr_print_* to convert a NDR formatted blob to a ldif formatted blob
40
41 If mask_errors is true, then function succeeds but out data
42 is set to "<Unable to decode binary data>" message
43
44 \return 0 on success; -1 on error
45 */
46 static int ldif_write_NDR(struct ldb_context *ldb, void *mem_ctx,
47 const struct ldb_val *in, struct ldb_val *out,
48 size_t struct_size,
49 ndr_pull_flags_fn_t pull_fn,
50 ndr_print_fn_t print_fn,
51 bool mask_errors)
52 {
53 uint8_t *p;
54 enum ndr_err_code err;
55 if (!(ldb_get_flags(ldb) & LDB_FLG_SHOW_BINARY)) {
56 return ldb_handler_copy(ldb, mem_ctx, in, out);
57 }
58 p = talloc_size(mem_ctx, struct_size);
59 err = ndr_pull_struct_blob(in, mem_ctx,
60 lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm")),
61 p, pull_fn);
62 if (err != NDR_ERR_SUCCESS) {
63 /* fail in not in mask_error mode */
64 if (!mask_errors) {
65 return -1;
66 }
67 talloc_free(p);
68 out->data = (uint8_t *)talloc_strdup(mem_ctx, "<Unable to decode binary data>");
69 out->length = strlen((const char *)out->data);
70 return 0;
71 }
72 out->data = (uint8_t *)ndr_print_struct_string(mem_ctx, print_fn, "NDR", p);
73 talloc_free(p);
74 if (out->data == NULL) {
75 return ldb_handler_copy(ldb, mem_ctx, in, out);
76 }
77 out->length = strlen((char *)out->data);
78 return 0;
79 }
80
81 /*
82 convert a ldif formatted objectSid to a NDR formatted blob
83 */
84 static int ldif_read_objectSid(struct ldb_context *ldb, void *mem_ctx,
85 const struct ldb_val *in, struct ldb_val *out)
86 {
87 enum ndr_err_code ndr_err;
88 struct dom_sid *sid;
89 sid = dom_sid_parse_length(mem_ctx, in);
90 if (sid == NULL) {
91 return -1;
92 }
93 ndr_err = ndr_push_struct_blob(out, mem_ctx, NULL, sid,
94 (ndr_push_flags_fn_t)ndr_push_dom_sid);
95 talloc_free(sid);
96 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
97 return -1;
98 }
99 return 0;
100 }
101
102 /*
103 convert a NDR formatted blob to a ldif formatted objectSid
104 */
105 int ldif_write_objectSid(struct ldb_context *ldb, void *mem_ctx,
106 const struct ldb_val *in, struct ldb_val *out)
107 {
108 struct dom_sid *sid;
109 enum ndr_err_code ndr_err;
110
111 sid = talloc(mem_ctx, struct dom_sid);
112 if (sid == NULL) {
113 return -1;
114 }
115 ndr_err = ndr_pull_struct_blob_all(in, sid, NULL, sid,
116 (ndr_pull_flags_fn_t)ndr_pull_dom_sid);
117 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
118 talloc_free(sid);
119 return -1;
120 }
121 *out = data_blob_string_const(dom_sid_string(mem_ctx, sid));
122 talloc_free(sid);
123 if (out->data == NULL) {
124 return -1;
125 }
126 return 0;
127 }
128
129 bool ldif_comparision_objectSid_isString(const struct ldb_val *v)
130 {
131 if (v->length < 3) {
132 return false;
133 }
134
135 if (strncmp("S-", (const char *)v->data, 2) != 0) return false;
136
137 return true;
138 }
139
140 /*
141 compare two objectSids
142 */
143 static int ldif_comparison_objectSid(struct ldb_context *ldb, void *mem_ctx,
144 const struct ldb_val *v1, const struct ldb_val *v2)
145 {
146 if (ldif_comparision_objectSid_isString(v1) && ldif_comparision_objectSid_isString(v2)) {
147 return ldb_comparison_binary(ldb, mem_ctx, v1, v2);
148 } else if (ldif_comparision_objectSid_isString(v1)
149 && !ldif_comparision_objectSid_isString(v2)) {
150 struct ldb_val v;
151 int ret;
152 if (ldif_read_objectSid(ldb, mem_ctx, v1, &v) != 0) {
153 /* Perhaps not a string after all */
154 return ldb_comparison_binary(ldb, mem_ctx, v1, v2);
155 }
156 ret = ldb_comparison_binary(ldb, mem_ctx, &v, v2);
157 talloc_free(v.data);
158 return ret;
159 } else if (!ldif_comparision_objectSid_isString(v1)
160 && ldif_comparision_objectSid_isString(v2)) {
161 struct ldb_val v;
162 int ret;
163 if (ldif_read_objectSid(ldb, mem_ctx, v2, &v) != 0) {
164 /* Perhaps not a string after all */
165 return ldb_comparison_binary(ldb, mem_ctx, v1, v2);
166 }
167 ret = ldb_comparison_binary(ldb, mem_ctx, v1, &v);
168 talloc_free(v.data);
169 return ret;
170 }
171 return ldb_comparison_binary(ldb, mem_ctx, v1, v2);
172 }
173
174 /*
175 canonicalise a objectSid
176 */
177 static int ldif_canonicalise_objectSid(struct ldb_context *ldb, void *mem_ctx,
178 const struct ldb_val *in, struct ldb_val *out)
179 {
180 if (ldif_comparision_objectSid_isString(in)) {
181 if (ldif_read_objectSid(ldb, mem_ctx, in, out) != 0) {
182 /* Perhaps not a string after all */
183 return ldb_handler_copy(ldb, mem_ctx, in, out);
184 }
185 return 0;
186 }
187 return ldb_handler_copy(ldb, mem_ctx, in, out);
188 }
189
190 static int extended_dn_read_SID(struct ldb_context *ldb, void *mem_ctx,
191 const struct ldb_val *in, struct ldb_val *out)
192 {
193 struct dom_sid sid;
194 enum ndr_err_code ndr_err;
195 if (ldif_comparision_objectSid_isString(in)) {
196 if (ldif_read_objectSid(ldb, mem_ctx, in, out) == 0) {
197 return 0;
198 }
199 }
200
201 /* Perhaps not a string after all */
202 *out = data_blob_talloc(mem_ctx, NULL, in->length/2+1);
203
204 if (!out->data) {
205 return -1;
206 }
207
208 (*out).length = strhex_to_str((char *)out->data, out->length,
209 (const char *)in->data, in->length);
210
211 /* Check it looks like a SID */
212 ndr_err = ndr_pull_struct_blob_all(out, mem_ctx, NULL, &sid,
213 (ndr_pull_flags_fn_t)ndr_pull_dom_sid);
214 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
215 return -1;
216 }
217 return 0;
218 }
219
220 /*
221 convert a ldif formatted objectGUID to a NDR formatted blob
222 */
223 static int ldif_read_objectGUID(struct ldb_context *ldb, void *mem_ctx,
224 const struct ldb_val *in, struct ldb_val *out)
225 {
226 struct GUID guid;
227 NTSTATUS status;
228
229 status = GUID_from_data_blob(in, &guid);
230 if (!NT_STATUS_IS_OK(status)) {
231 return -1;
232 }
233
234 status = GUID_to_ndr_blob(&guid, mem_ctx, out);
235 if (!NT_STATUS_IS_OK(status)) {
236 return -1;
237 }
238 return 0;
239 }
240
241 /*
242 convert a NDR formatted blob to a ldif formatted objectGUID
243 */
244 static int ldif_write_objectGUID(struct ldb_context *ldb, void *mem_ctx,
245 const struct ldb_val *in, struct ldb_val *out)
246 {
247 struct GUID guid;
248 NTSTATUS status;
249
250 status = GUID_from_ndr_blob(in, &guid);
251 if (!NT_STATUS_IS_OK(status)) {
252 return -1;
253 }
254 out->data = (uint8_t *)GUID_string(mem_ctx, &guid);
255 if (out->data == NULL) {
256 return -1;
257 }
258 out->length = strlen((const char *)out->data);
259 return 0;
260 }
261
262 static bool ldif_comparision_objectGUID_isString(const struct ldb_val *v)
263 {
264 if (v->length != 36 && v->length != 38) return false;
265
266 /* Might be a GUID string, can't be a binary GUID (fixed 16 bytes) */
267 return true;
268 }
269
270 static int extended_dn_read_GUID(struct ldb_context *ldb, void *mem_ctx,
271 const struct ldb_val *in, struct ldb_val *out)
272 {
273 struct GUID guid;
274 NTSTATUS status;
275
276 if (in->length == 36 && ldif_read_objectGUID(ldb, mem_ctx, in, out) == 0) {
277 return 0;
278 }
279
280 /* Try as 'hex' form */
281 if (in->length != 32) {
282 return -1;
283 }
284
285 *out = data_blob_talloc(mem_ctx, NULL, in->length/2+1);
286
287 if (!out->data) {
288 return -1;
289 }
290
291 (*out).length = strhex_to_str((char *)out->data, out->length,
292 (const char *)in->data, in->length);
293
294 /* Check it looks like a GUID */
295 status = GUID_from_ndr_blob(out, &guid);
296 if (!NT_STATUS_IS_OK(status)) {
297 data_blob_free(out);
298 return -1;
299 }
300 return 0;
301 }
302
303 /*
304 compare two objectGUIDs
305 */
306 static int ldif_comparison_objectGUID(struct ldb_context *ldb, void *mem_ctx,
307 const struct ldb_val *v1, const struct ldb_val *v2)
308 {
309 if (ldif_comparision_objectGUID_isString(v1) && ldif_comparision_objectGUID_isString(v2)) {
310 return ldb_comparison_binary(ldb, mem_ctx, v1, v2);
311 } else if (ldif_comparision_objectGUID_isString(v1)
312 && !ldif_comparision_objectGUID_isString(v2)) {
313 struct ldb_val v;
314 int ret;
315 if (ldif_read_objectGUID(ldb, mem_ctx, v1, &v) != 0) {
316 /* Perhaps it wasn't a valid string after all */
317 return ldb_comparison_binary(ldb, mem_ctx, v1, v2);
318 }
319 ret = ldb_comparison_binary(ldb, mem_ctx, &v, v2);
320 talloc_free(v.data);
321 return ret;
322 } else if (!ldif_comparision_objectGUID_isString(v1)
323 && ldif_comparision_objectGUID_isString(v2)) {
324 struct ldb_val v;
325 int ret;
326 if (ldif_read_objectGUID(ldb, mem_ctx, v2, &v) != 0) {
327 /* Perhaps it wasn't a valid string after all */
328 return ldb_comparison_binary(ldb, mem_ctx, v1, v2);
329 }
330 ret = ldb_comparison_binary(ldb, mem_ctx, v1, &v);
331 talloc_free(v.data);
332 return ret;
333 }
334 return ldb_comparison_binary(ldb, mem_ctx, v1, v2);
335 }
336
337 /*
338 canonicalise a objectGUID
339 */
340 static int ldif_canonicalise_objectGUID(struct ldb_context *ldb, void *mem_ctx,
341 const struct ldb_val *in, struct ldb_val *out)
342 {
343 if (ldif_comparision_objectGUID_isString(in)) {
344 if (ldif_read_objectGUID(ldb, mem_ctx, in, out) != 0) {
345 /* Perhaps it wasn't a valid string after all */
346 return ldb_handler_copy(ldb, mem_ctx, in, out);
347 }
348 return 0;
349 }
350 return ldb_handler_copy(ldb, mem_ctx, in, out);
351 }
352
353
354 /*
355 convert a ldif (SDDL) formatted ntSecurityDescriptor to a NDR formatted blob
356 */
357 static int ldif_read_ntSecurityDescriptor(struct ldb_context *ldb, void *mem_ctx,
358 const struct ldb_val *in, struct ldb_val *out)
359 {
360 struct security_descriptor *sd;
361 enum ndr_err_code ndr_err;
362
363 sd = talloc(mem_ctx, struct security_descriptor);
364 if (sd == NULL) {
365 return -1;
366 }
367
368 ndr_err = ndr_pull_struct_blob(in, sd, NULL, sd,
369 (ndr_pull_flags_fn_t)ndr_pull_security_descriptor);
370 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
371 /* If this does not parse, then it is probably SDDL, and we should try it that way */
372
373 const struct dom_sid *sid = samdb_domain_sid(ldb);
374 talloc_free(sd);
375 sd = sddl_decode(mem_ctx, (const char *)in->data, sid);
376 if (sd == NULL) {
377 return -1;
378 }
379 }
380
381 ndr_err = ndr_push_struct_blob(out, mem_ctx, NULL, sd,
382 (ndr_push_flags_fn_t)ndr_push_security_descriptor);
383 talloc_free(sd);
384 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
385 return -1;
386 }
387
388 return 0;
389 }
390
391 /*
392 convert a NDR formatted blob to a ldif formatted ntSecurityDescriptor (SDDL format)
393 */
394 static int ldif_write_ntSecurityDescriptor(struct ldb_context *ldb, void *mem_ctx,
395 const struct ldb_val *in, struct ldb_val *out)
396 {
397 struct security_descriptor *sd;
398 enum ndr_err_code ndr_err;
399
400 if (ldb_get_flags(ldb) & LDB_FLG_SHOW_BINARY) {
401 return ldif_write_NDR(ldb, mem_ctx, in, out,
402 sizeof(struct security_descriptor),
403 (ndr_pull_flags_fn_t)ndr_pull_security_descriptor,
404 (ndr_print_fn_t)ndr_print_security_descriptor,
405 true);
406
407 }
408
409 sd = talloc(mem_ctx, struct security_descriptor);
410 if (sd == NULL) {
411 return -1;
412 }
413 /* We can't use ndr_pull_struct_blob_all because this contains relative pointers */
414 ndr_err = ndr_pull_struct_blob(in, sd, NULL, sd,
415 (ndr_pull_flags_fn_t)ndr_pull_security_descriptor);
416 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
417 talloc_free(sd);
418 return -1;
419 }
420 out->data = (uint8_t *)sddl_encode(mem_ctx, sd, samdb_domain_sid_cache_only(ldb));
421 talloc_free(sd);
422 if (out->data == NULL) {
423 return -1;
424 }
425 out->length = strlen((const char *)out->data);
426 return 0;
427 }
428
429 /*
430 canonicalise an objectCategory. We use the short form as the cannoical form:
431 cn=Person,cn=Schema,cn=Configuration,<basedn> becomes 'person'
432 */
433
434 static int ldif_canonicalise_objectCategory(struct ldb_context *ldb, void *mem_ctx,
435 const struct ldb_val *in, struct ldb_val *out)
436 {
437 struct ldb_dn *dn1 = NULL;
438 const struct dsdb_schema *schema = dsdb_get_schema(ldb);
439 const struct dsdb_class *sclass;
440 TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
441 if (!tmp_ctx) {
442 return LDB_ERR_OPERATIONS_ERROR;
443 }
444
445 if (!schema) {
446 talloc_free(tmp_ctx);
447 *out = data_blob_talloc(mem_ctx, in->data, in->length);
448 if (in->data && !out->data) {
449 return LDB_ERR_OPERATIONS_ERROR;
450 }
451 return LDB_SUCCESS;
452 }
453 dn1 = ldb_dn_from_ldb_val(tmp_ctx, ldb, in);
454 if ( ! ldb_dn_validate(dn1)) {
455 const char *lDAPDisplayName = talloc_strndup(tmp_ctx, (char *)in->data, in->length);
456 sclass = dsdb_class_by_lDAPDisplayName(schema, lDAPDisplayName);
457 if (sclass) {
458 struct ldb_dn *dn = ldb_dn_new(mem_ctx, ldb,
459 sclass->defaultObjectCategory);
460 *out = data_blob_string_const(ldb_dn_alloc_casefold(mem_ctx, dn));
461 talloc_free(tmp_ctx);
462
463 if (!out->data) {
464 return LDB_ERR_OPERATIONS_ERROR;
465 }
466 return LDB_SUCCESS;
467 } else {
468 *out = data_blob_talloc(mem_ctx, in->data, in->length);
469 talloc_free(tmp_ctx);
470
471 if (in->data && !out->data) {
472 return LDB_ERR_OPERATIONS_ERROR;
473 }
474 return LDB_SUCCESS;
475 }
476 }
477 *out = data_blob_string_const(ldb_dn_alloc_casefold(mem_ctx, dn1));
478 talloc_free(tmp_ctx);
479
480 if (!out->data) {
481 return LDB_ERR_OPERATIONS_ERROR;
482 }
483 return LDB_SUCCESS;
484 }
485
486 static int ldif_comparison_objectCategory(struct ldb_context *ldb, void *mem_ctx,
487 const struct ldb_val *v1,
488 const struct ldb_val *v2)
489 {
490 return ldb_any_comparison(ldb, mem_ctx, ldif_canonicalise_objectCategory,
491 v1, v2);
492 }
493
494 /*
495 convert a ldif formatted prefixMap to a NDR formatted blob
496 */
497 static int ldif_read_prefixMap(struct ldb_context *ldb, void *mem_ctx,
498 const struct ldb_val *in, struct ldb_val *out)
499 {
500 struct prefixMapBlob *blob;
501 enum ndr_err_code ndr_err;
502 char *string, *line, *p, *oid;
503 DATA_BLOB oid_blob;
504
505 TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
506
507 if (tmp_ctx == NULL) {
508 return -1;
509 }
510
511 blob = talloc_zero(tmp_ctx, struct prefixMapBlob);
512 if (blob == NULL) {
513 talloc_free(blob);
514 return -1;
515 }
516
517 blob->version = PREFIX_MAP_VERSION_DSDB;
518
519 string = talloc_strndup(mem_ctx, (const char *)in->data, in->length);
520 if (string == NULL) {
521 talloc_free(blob);
522 return -1;
523 }
524
525 line = string;
526 while (line && line[0]) {
527 p=strchr(line, ';');
528 if (p) {
529 p[0] = '\0';
530 } else {
531 p=strchr(line, '\n');
532 if (p) {
533 p[0] = '\0';
534 }
535 }
536 /* allow a trailing separator */
537 if (line == p) {
538 break;
539 }
540
541 blob->ctr.dsdb.mappings = talloc_realloc(blob,
542 blob->ctr.dsdb.mappings,
543 struct drsuapi_DsReplicaOIDMapping,
544 blob->ctr.dsdb.num_mappings+1);
545 if (!blob->ctr.dsdb.mappings) {
546 talloc_free(tmp_ctx);
547 return -1;
548 }
549
550 blob->ctr.dsdb.mappings[blob->ctr.dsdb.num_mappings].id_prefix = strtoul(line, &oid, 10);
551
552 if (oid[0] != ':') {
553 talloc_free(tmp_ctx);
554 return -1;
555 }
556
557 /* we know there must be at least ":" */
558 oid++;
559
560 if (!ber_write_partial_OID_String(blob->ctr.dsdb.mappings, &oid_blob, oid)) {
561 talloc_free(tmp_ctx);
562 return -1;
563 }
564 blob->ctr.dsdb.mappings[blob->ctr.dsdb.num_mappings].oid.length = oid_blob.length;
565 blob->ctr.dsdb.mappings[blob->ctr.dsdb.num_mappings].oid.binary_oid = oid_blob.data;
566
567 blob->ctr.dsdb.num_mappings++;
568
569 /* Now look past the terminator we added above */
570 if (p) {
571 line = p + 1;
572 } else {
573 line = NULL;
574 }
575 }
576
577 ndr_err = ndr_push_struct_blob(out, mem_ctx,
578 lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm")),
579 blob,
580 (ndr_push_flags_fn_t)ndr_push_prefixMapBlob);
581 talloc_free(tmp_ctx);
582 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
583 return -1;
584 }
585 return 0;
586 }
587
588 /*
589 convert a NDR formatted blob to a ldif formatted prefixMap
590 */
591 static int ldif_write_prefixMap(struct ldb_context *ldb, void *mem_ctx,
592 const struct ldb_val *in, struct ldb_val *out)
593 {
594 struct prefixMapBlob *blob;
595 enum ndr_err_code ndr_err;
596 char *string;
597 uint32_t i;
598
599 if (ldb_get_flags(ldb) & LDB_FLG_SHOW_BINARY) {
600 int err;
601 /* try to decode the blob as S4 prefixMap */
602 err = ldif_write_NDR(ldb, mem_ctx, in, out,
603 sizeof(struct prefixMapBlob),
604 (ndr_pull_flags_fn_t)ndr_pull_prefixMapBlob,
605 (ndr_print_fn_t)ndr_print_prefixMapBlob,
606 false);
607 if (0 == err) {
608 return err;
609 }
610 /* try parsing it as Windows PrefixMap value */
611 return ldif_write_NDR(ldb, mem_ctx, in, out,
612 sizeof(struct drsuapi_MSPrefixMap_Ctr),
613 (ndr_pull_flags_fn_t)ndr_pull_drsuapi_MSPrefixMap_Ctr,
614 (ndr_print_fn_t)ndr_print_drsuapi_MSPrefixMap_Ctr,
615 true);
616 }
617
618 blob = talloc(mem_ctx, struct prefixMapBlob);
619 if (blob == NULL) {
620 return -1;
621 }
622 ndr_err = ndr_pull_struct_blob_all(in, blob,
623 lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm")),
624 blob,
625 (ndr_pull_flags_fn_t)ndr_pull_prefixMapBlob);
626 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
627 goto failed;
628 }
629 if (blob->version != PREFIX_MAP_VERSION_DSDB) {
630 goto failed;
631 }
632 string = talloc_strdup(mem_ctx, "");
633 if (string == NULL) {
634 goto failed;
635 }
636
637 for (i=0; i < blob->ctr.dsdb.num_mappings; i++) {
638 DATA_BLOB oid_blob;
639 const char *partial_oid = NULL;
640
641 if (i > 0) {
642 string = talloc_asprintf_append(string, ";");
643 }
644
645 oid_blob = data_blob_const(blob->ctr.dsdb.mappings[i].oid.binary_oid,
646 blob->ctr.dsdb.mappings[i].oid.length);
647 if (!ber_read_partial_OID_String(blob, oid_blob, &partial_oid)) {
648 DEBUG(0, ("ber_read_partial_OID failed on prefixMap item with id: 0x%X",
649 blob->ctr.dsdb.mappings[i].id_prefix));
650 goto failed;
651 }
652 string = talloc_asprintf_append(string, "%u:%s",
653 blob->ctr.dsdb.mappings[i].id_prefix,
654 partial_oid);
655 talloc_free(discard_const(partial_oid));
656 if (string == NULL) {
657 goto failed;
658 }
659 }
660
661 talloc_free(blob);
662 *out = data_blob_string_const(string);
663 return 0;
664
665 failed:
666 talloc_free(blob);
667 return -1;
668 }
669
670 static bool ldif_comparision_prefixMap_isString(const struct ldb_val *v)
671 {
672 if (v->length < 4) {
673 return true;
674 }
675
676 if (IVAL(v->data, 0) == PREFIX_MAP_VERSION_DSDB) {
677 return false;
678 }
679
680 return true;
681 }
682
683 /*
684 canonicalise a prefixMap
685 */
686 static int ldif_canonicalise_prefixMap(struct ldb_context *ldb, void *mem_ctx,
687 const struct ldb_val *in, struct ldb_val *out)
688 {
689 if (ldif_comparision_prefixMap_isString(in)) {
690 return ldif_read_prefixMap(ldb, mem_ctx, in, out);
691 }
692 return ldb_handler_copy(ldb, mem_ctx, in, out);
693 }
694
695 static int ldif_comparison_prefixMap(struct ldb_context *ldb, void *mem_ctx,
696 const struct ldb_val *v1,
697 const struct ldb_val *v2)
698 {
699 return ldb_any_comparison(ldb, mem_ctx, ldif_canonicalise_prefixMap,
700 v1, v2);
701 }
702
703 /* length limited conversion of a ldb_val to a int32_t */
704 static int val_to_int32(const struct ldb_val *in, int32_t *v)
705 {
706 char *end;
707 char buf[64];
708
709 /* make sure we don't read past the end of the data */
710 if (in->length > sizeof(buf)-1) {
711 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
712 }
713 strncpy(buf, (char *)in->data, in->length);
714 buf[in->length] = 0;
715
716 /* We've to use "strtoll" here to have the intended overflows.
717 * Otherwise we may get "LONG_MAX" and the conversion is wrong. */
718 *v = (int32_t) strtoll(buf, &end, 0);
719 if (*end != 0) {
720 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
721 }
722 return LDB_SUCCESS;
723 }
724
725 /* length limited conversion of a ldb_val to a int64_t */
726 static int val_to_int64(const struct ldb_val *in, int64_t *v)
727 {
728 char *end;
729 char buf[64];
730
731 /* make sure we don't read past the end of the data */
732 if (in->length > sizeof(buf)-1) {
733 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
734 }
735 strncpy(buf, (char *)in->data, in->length);
736 buf[in->length] = 0;
737
738 *v = (int64_t) strtoll(buf, &end, 0);
739 if (*end != 0) {
740 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
741 }
742 return LDB_SUCCESS;
743 }
744
745 /* Canonicalisation of two 32-bit integers */
746 static int ldif_canonicalise_int32(struct ldb_context *ldb, void *mem_ctx,
747 const struct ldb_val *in, struct ldb_val *out)
748 {
749 int32_t i;
750 int ret;
751
752 ret = val_to_int32(in, &i);
753 if (ret != LDB_SUCCESS) {
754 return ret;
755 }
756 out->data = (uint8_t *) talloc_asprintf(mem_ctx, "%d", i);
757 if (out->data == NULL) {
758 ldb_oom(ldb);
759 return LDB_ERR_OPERATIONS_ERROR;
760 }
761 out->length = strlen((char *)out->data);
762 return 0;
763 }
764
765 /* Comparison of two 32-bit integers */
766 static int ldif_comparison_int32(struct ldb_context *ldb, void *mem_ctx,
767 const struct ldb_val *v1, const struct ldb_val *v2)
768 {
769 int32_t i1=0, i2=0;
770 val_to_int32(v1, &i1);
771 val_to_int32(v2, &i2);
772 if (i1 == i2) return 0;
773 return i1 > i2? 1 : -1;
774 }
775
776 /* Canonicalisation of two 64-bit integers */
777 static int ldif_canonicalise_int64(struct ldb_context *ldb, void *mem_ctx,
778 const struct ldb_val *in, struct ldb_val *out)
779 {
780 int64_t i;
781 int ret;
782
783 ret = val_to_int64(in, &i);
784 if (ret != LDB_SUCCESS) {
785 return ret;
786 }
787 out->data = (uint8_t *) talloc_asprintf(mem_ctx, "%lld", (long long)i);
788 if (out->data == NULL) {
789 ldb_oom(ldb);
790 return LDB_ERR_OPERATIONS_ERROR;
791 }
792 out->length = strlen((char *)out->data);
793 return 0;
794 }
795
796 /* Comparison of two 64-bit integers */
797 static int ldif_comparison_int64(struct ldb_context *ldb, void *mem_ctx,
798 const struct ldb_val *v1, const struct ldb_val *v2)
799 {
800 int64_t i1=0, i2=0;
801 val_to_int64(v1, &i1);
802 val_to_int64(v2, &i2);
803 if (i1 == i2) return 0;
804 return i1 > i2? 1 : -1;
805 }
806
807 /*
808 convert a NDR formatted blob to a ldif formatted repsFromTo
809 */
810 static int ldif_write_repsFromTo(struct ldb_context *ldb, void *mem_ctx,
811 const struct ldb_val *in, struct ldb_val *out)
812 {
813 return ldif_write_NDR(ldb, mem_ctx, in, out,
814 sizeof(struct repsFromToBlob),
815 (ndr_pull_flags_fn_t)ndr_pull_repsFromToBlob,
816 (ndr_print_fn_t)ndr_print_repsFromToBlob,
817 true);
818 }
819
820 /*
821 convert a NDR formatted blob to a ldif formatted replPropertyMetaData
822 */
823 static int ldif_write_replPropertyMetaData(struct ldb_context *ldb, void *mem_ctx,
824 const struct ldb_val *in, struct ldb_val *out)
825 {
826 return ldif_write_NDR(ldb, mem_ctx, in, out,
827 sizeof(struct replPropertyMetaDataBlob),
828 (ndr_pull_flags_fn_t)ndr_pull_replPropertyMetaDataBlob,
829 (ndr_print_fn_t)ndr_print_replPropertyMetaDataBlob,
830 true);
831 }
832
833 /*
834 convert a NDR formatted blob to a ldif formatted replUpToDateVector
835 */
836 static int ldif_write_replUpToDateVector(struct ldb_context *ldb, void *mem_ctx,
837 const struct ldb_val *in, struct ldb_val *out)
838 {
839 return ldif_write_NDR(ldb, mem_ctx, in, out,
840 sizeof(struct replUpToDateVectorBlob),
841 (ndr_pull_flags_fn_t)ndr_pull_replUpToDateVectorBlob,
842 (ndr_print_fn_t)ndr_print_replUpToDateVectorBlob,
843 true);
844 }
845
846
847 static int extended_dn_write_hex(struct ldb_context *ldb, void *mem_ctx,
848 const struct ldb_val *in, struct ldb_val *out)
849 {
850 *out = data_blob_string_const(data_blob_hex_string_lower(mem_ctx, in));
851 if (!out->data) {
852 return -1;
853 }
854 return 0;
855 }
856
857
858 /*
859 write a 64 bit 2-part range
860 */
861 static int ldif_write_range64(struct ldb_context *ldb, void *mem_ctx,
862 const struct ldb_val *in, struct ldb_val *out)
863 {
864 int64_t v;
865 int ret;
866 ret = val_to_int64(in, &v);
867 if (ret != LDB_SUCCESS) {
868 return ret;
869 }
870 out->data = (uint8_t *)talloc_asprintf(mem_ctx, "%lu-%lu",
871 (unsigned long)(v&0xFFFFFFFF),
872 (unsigned long)(v>>32));
873 if (out->data == NULL) {
874 ldb_oom(ldb);
875 return LDB_ERR_OPERATIONS_ERROR;
876 }
877 out->length = strlen((char *)out->data);
878 return LDB_SUCCESS;
879 }
880
881 /*
882 read a 64 bit 2-part range
883 */
884 static int ldif_read_range64(struct ldb_context *ldb, void *mem_ctx,
885 const struct ldb_val *in, struct ldb_val *out)
886 {
887 unsigned long high, low;
888 char buf[64];
889
890 if (memchr(in->data, '-', in->length) == NULL) {
891 return ldb_handler_copy(ldb, mem_ctx, in, out);
892 }
893
894 if (in->length > sizeof(buf)-1) {
895 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
896 }
897 strncpy(buf, (const char *)in->data, in->length);
898 buf[in->length] = 0;
899
900 if (sscanf(buf, "%lu-%lu", &low, &high) != 2) {
901 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
902 }
903
904 out->data = (uint8_t *)talloc_asprintf(mem_ctx, "%llu",
905 (unsigned long long)(((uint64_t)high)<<32) | (low));
906
907 if (out->data == NULL) {
908 ldb_oom(ldb);
909 return LDB_ERR_OPERATIONS_ERROR;
910 }
911 out->length = strlen((char *)out->data);
912 return LDB_SUCCESS;
913 }
914
915 static const struct ldb_schema_syntax samba_syntaxes[] = {
916 {
917 .name = LDB_SYNTAX_SAMBA_SID,
918 .ldif_read_fn = ldif_read_objectSid,
919 .ldif_write_fn = ldif_write_objectSid,
920 .canonicalise_fn = ldif_canonicalise_objectSid,
921 .comparison_fn = ldif_comparison_objectSid
922 },{
923 .name = LDB_SYNTAX_SAMBA_SECURITY_DESCRIPTOR,
924 .ldif_read_fn = ldif_read_ntSecurityDescriptor,
925 .ldif_write_fn = ldif_write_ntSecurityDescriptor,
926 .canonicalise_fn = ldb_handler_copy,
927 .comparison_fn = ldb_comparison_binary
928 },{
929 .name = LDB_SYNTAX_SAMBA_GUID,
930 .ldif_read_fn = ldif_read_objectGUID,
931 .ldif_write_fn = ldif_write_objectGUID,
932 .canonicalise_fn = ldif_canonicalise_objectGUID,
933 .comparison_fn = ldif_comparison_objectGUID
934 },{
935 .name = LDB_SYNTAX_SAMBA_OBJECT_CATEGORY,
936 .ldif_read_fn = ldb_handler_copy,
937 .ldif_write_fn = ldb_handler_copy,
938 .canonicalise_fn = ldif_canonicalise_objectCategory,
939 .comparison_fn = ldif_comparison_objectCategory
940 },{
941 .name = LDB_SYNTAX_SAMBA_PREFIX_MAP,
942 .ldif_read_fn = ldif_read_prefixMap,
943 .ldif_write_fn = ldif_write_prefixMap,
944 .canonicalise_fn = ldif_canonicalise_prefixMap,
945 .comparison_fn = ldif_comparison_prefixMap
946 },{
947 .name = LDB_SYNTAX_SAMBA_INT32,
948 .ldif_read_fn = ldb_handler_copy,
949 .ldif_write_fn = ldb_handler_copy,
950 .canonicalise_fn = ldif_canonicalise_int32,
951 .comparison_fn = ldif_comparison_int32
952 },{
953 .name = LDB_SYNTAX_SAMBA_REPSFROMTO,
954 .ldif_read_fn = ldb_handler_copy,
955 .ldif_write_fn = ldif_write_repsFromTo,
956 .canonicalise_fn = ldb_handler_copy,
957 .comparison_fn = ldb_comparison_binary
958 },{
959 .name = LDB_SYNTAX_SAMBA_REPLPROPERTYMETADATA,
960 .ldif_read_fn = ldb_handler_copy,
961 .ldif_write_fn = ldif_write_replPropertyMetaData,
962 .canonicalise_fn = ldb_handler_copy,
963 .comparison_fn = ldb_comparison_binary
964 },{
965 .name = LDB_SYNTAX_SAMBA_REPLUPTODATEVECTOR,
966 .ldif_read_fn = ldb_handler_copy,
967 .ldif_write_fn = ldif_write_replUpToDateVector,
968 .canonicalise_fn = ldb_handler_copy,
969 .comparison_fn = ldb_comparison_binary
970 },{
971 .name = DSDB_SYNTAX_BINARY_DN,
972 .ldif_read_fn = ldb_handler_copy,
973 .ldif_write_fn = ldb_handler_copy,
974 .canonicalise_fn = dsdb_dn_binary_canonicalise,
975 .comparison_fn = dsdb_dn_binary_comparison
976 },{
977 .name = DSDB_SYNTAX_STRING_DN,
978 .ldif_read_fn = ldb_handler_copy,
979 .ldif_write_fn = ldb_handler_copy,
980 .canonicalise_fn = dsdb_dn_string_canonicalise,
981 .comparison_fn = dsdb_dn_string_comparison
982 },{
983 .name = LDB_SYNTAX_SAMBA_RANGE64,
984 .ldif_read_fn = ldif_read_range64,
985 .ldif_write_fn = ldif_write_range64,
986 .canonicalise_fn = ldif_canonicalise_int64,
987 .comparison_fn = ldif_comparison_int64
988 },
989 };
990
991 static const struct ldb_dn_extended_syntax samba_dn_syntax[] = {
992 {
993 .name = "SID",
994 .read_fn = extended_dn_read_SID,
995 .write_clear_fn = ldif_write_objectSid,
996 .write_hex_fn = extended_dn_write_hex
997 },{
998 .name = "GUID",
999 .read_fn = extended_dn_read_GUID,
1000 .write_clear_fn = ldif_write_objectGUID,
1001 .write_hex_fn = extended_dn_write_hex
1002 },{
1003 .name = "WKGUID",
1004 .read_fn = ldb_handler_copy,
1005 .write_clear_fn = ldb_handler_copy,
1006 .write_hex_fn = ldb_handler_copy
1007 },{
1008 .name = "RMD_INVOCID",
1009 .read_fn = extended_dn_read_GUID,
1010 .write_clear_fn = ldif_write_objectGUID,
1011 .write_hex_fn = extended_dn_write_hex
1012 },{
1013 .name = "RMD_FLAGS",
1014 .read_fn = ldb_handler_copy,
1015 .write_clear_fn = ldb_handler_copy,
1016 .write_hex_fn = ldb_handler_copy
1017 },{
1018 .name = "RMD_ADDTIME",
1019 .read_fn = ldb_handler_copy,
1020 .write_clear_fn = ldb_handler_copy,
1021 .write_hex_fn = ldb_handler_copy
1022 },{
1023 .name = "RMD_CHANGETIME",
1024 .read_fn = ldb_handler_copy,
1025 .write_clear_fn = ldb_handler_copy,
1026 .write_hex_fn = ldb_handler_copy
1027 },{
1028 .name = "RMD_LOCAL_USN",
1029 .read_fn = ldb_handler_copy,
1030 .write_clear_fn = ldb_handler_copy,
1031 .write_hex_fn = ldb_handler_copy
1032 },{
1033 .name = "RMD_ORIGINATING_USN",
1034 .read_fn = ldb_handler_copy,
1035 .write_clear_fn = ldb_handler_copy,
1036 .write_hex_fn = ldb_handler_copy
1037 },{
1038 .name = "RMD_VERSION",
1039 .read_fn = ldb_handler_copy,
1040 .write_clear_fn = ldb_handler_copy,
1041 .write_hex_fn = ldb_handler_copy
1042 }
1043 };
1044
1045 /* TODO: Should be dynamic at some point */
1046 static const struct {
1047 const char *name;
1048 const char *syntax;
1049 } samba_attributes[] = {
1050 { "objectSid", LDB_SYNTAX_SAMBA_SID },
1051 { "securityIdentifier", LDB_SYNTAX_SAMBA_SID },
1052 { "ntSecurityDescriptor", LDB_SYNTAX_SAMBA_SECURITY_DESCRIPTOR },
1053 { "objectGUID", LDB_SYNTAX_SAMBA_GUID },
1054 { "invocationId", LDB_SYNTAX_SAMBA_GUID },
1055 { "schemaIDGUID", LDB_SYNTAX_SAMBA_GUID },
1056 { "oMSyntax", LDB_SYNTAX_SAMBA_INT32 },
1057 { "attributeSecurityGUID", LDB_SYNTAX_SAMBA_GUID },
1058 { "parentGUID", LDB_SYNTAX_SAMBA_GUID },
1059 { "siteGUID", LDB_SYNTAX_SAMBA_GUID },
1060 { "pKTGUID", LDB_SYNTAX_SAMBA_GUID },
1061 { "fRSVersionGUID", LDB_SYNTAX_SAMBA_GUID },
1062 { "fRSReplicaSetGUID", LDB_SYNTAX_SAMBA_GUID },
1063 { "netbootGUID", LDB_SYNTAX_SAMBA_GUID },
1064 { "msDS-OptionalFeatureGUID", LDB_SYNTAX_SAMBA_GUID },
1065 { "objectCategory", LDB_SYNTAX_SAMBA_OBJECT_CATEGORY },
1066 { "prefixMap", LDB_SYNTAX_SAMBA_PREFIX_MAP },
1067 { "repsFrom", LDB_SYNTAX_SAMBA_REPSFROMTO },
1068 { "repsTo", LDB_SYNTAX_SAMBA_REPSFROMTO },
1069 { "replPropertyMetaData", LDB_SYNTAX_SAMBA_REPLPROPERTYMETADATA },
1070 { "replUpToDateVector", LDB_SYNTAX_SAMBA_REPLUPTODATEVECTOR },
1071 { "rIDAllocationPool", LDB_SYNTAX_SAMBA_RANGE64 },
1072 { "rIDPreviousAllocationPool", LDB_SYNTAX_SAMBA_RANGE64 },
1073 { "rIDAvailablePool", LDB_SYNTAX_SAMBA_RANGE64 },
1074 };
1075
1076 const struct ldb_schema_syntax *ldb_samba_syntax_by_name(struct ldb_context *ldb, const char *name)
1077 {
1078 unsigned int j;
1079 const struct ldb_schema_syntax *s = NULL;
1080
1081 for (j=0; j < ARRAY_SIZE(samba_syntaxes); j++) {
1082 if (strcmp(name, samba_syntaxes[j].name) == 0) {
1083 s = &samba_syntaxes[j];
1084 break;
1085 }
1086 }
1087 return s;
1088 }
1089
1090 const struct ldb_schema_syntax *ldb_samba_syntax_by_lDAPDisplayName(struct ldb_context *ldb, const char *name)
1091 {
1092 unsigned int j;
1093 const struct ldb_schema_syntax *s = NULL;
1094
1095 for (j=0; j < ARRAY_SIZE(samba_attributes); j++) {
1096 if (strcmp(samba_attributes[j].name, name) == 0) {
1097 s = ldb_samba_syntax_by_name(ldb, samba_attributes[j].syntax);
1098 break;
1099 }
1100 }
1101
1102 return s;
1103 }
1104
1105 /*
1106 register the samba ldif handlers
1107 */
1108 int ldb_register_samba_handlers(struct ldb_context *ldb)
1109 {
1110 unsigned int i;
1111
1112 for (i=0; i < ARRAY_SIZE(samba_attributes); i++) {
1113 int ret;
1114 const struct ldb_schema_syntax *s = NULL;
1115
1116 s = ldb_samba_syntax_by_name(ldb, samba_attributes[i].syntax);
1117
1118 if (!s) {
1119 s = ldb_standard_syntax_by_name(ldb, samba_attributes[i].syntax);
1120 }
1121
1122 if (!s) {
1123 return -1;
1124 }
1125
1126 ret = ldb_schema_attribute_add_with_syntax(ldb, samba_attributes[i].name, LDB_ATTR_FLAG_FIXED, s);
1127 if (ret != LDB_SUCCESS) {
1128 return ret;
1129 }
1130 }
1131
1132 for (i=0; i < ARRAY_SIZE(samba_dn_syntax); i++) {
1133 int ret;
1134 ret = ldb_dn_extended_add_syntax(ldb, LDB_ATTR_FLAG_FIXED, &samba_dn_syntax[i]);
1135 if (ret != LDB_SUCCESS) {
1136 return ret;
1137 }
1138
1139
1140 }
1141
1142 return LDB_SUCCESS;
1143 }
Crístian's Samba branch