4 Copyright (C) Simo Sorce 2005
6 ** NOTE! The following LGPL license applies to the ldb
7 ** library. This does NOT imply that all of Samba is released
10 This library is free software; you can redistribute it and/or
11 modify it under the terms of the GNU Lesser General Public
12 License as published by the Free Software Foundation; either
13 version 3 of the License, or (at your option) any later version.
15 This library is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 Lesser General Public License for more details.
20 You should have received a copy of the GNU Lesser General Public
21 License along with this library; if not, see <http://www.gnu.org/licenses/>.
27 * Component: ldb dn creation and manipulation utility functions
29 * Description: - explode a dn into it's own basic elements
30 * and put them in a structure (only if necessary)
31 * - manipulate ldb_dn structures
36 #include "ldb_private.h"
39 #define LDB_DN_NULL_FAILED(x) if (!(x)) goto failed
41 #define LDB_FREE(x) do { talloc_free(x); x = NULL; } while(0)
44 internal ldb exploded dn structures
46 struct ldb_dn_component
{
52 struct ldb_val cf_value
;
55 struct ldb_dn_ext_component
{
63 struct ldb_context
*ldb
;
65 /* Special DNs are always linearized */
75 unsigned int comp_num
;
76 struct ldb_dn_component
*components
;
78 unsigned int ext_comp_num
;
79 struct ldb_dn_ext_component
*ext_components
;
82 /* it is helpful to be able to break on this in gdb */
83 static void ldb_dn_mark_invalid(struct ldb_dn
*dn
)
88 /* strdn may be NULL */
89 struct ldb_dn
*ldb_dn_from_ldb_val(TALLOC_CTX
*mem_ctx
,
90 struct ldb_context
*ldb
,
91 const struct ldb_val
*strdn
)
95 if (! ldb
) return NULL
;
97 if (strdn
&& strdn
->data
98 && (strnlen((const char*)strdn
->data
, strdn
->length
) != strdn
->length
)) {
99 /* The RDN must not contain a character with value 0x0 */
103 dn
= talloc_zero(mem_ctx
, struct ldb_dn
);
104 LDB_DN_NULL_FAILED(dn
);
106 dn
->ldb
= talloc_get_type(ldb
, struct ldb_context
);
107 if (dn
->ldb
== NULL
) {
108 /* the caller probably got the arguments to
109 ldb_dn_new() mixed up */
114 if (strdn
->data
&& strdn
->length
) {
115 const char *data
= (const char *)strdn
->data
;
116 size_t length
= strdn
->length
;
118 if (data
[0] == '@') {
121 dn
->ext_linearized
= talloc_strndup(dn
, data
, length
);
122 LDB_DN_NULL_FAILED(dn
->ext_linearized
);
124 if (data
[0] == '<') {
125 const char *p_save
, *p
= dn
->ext_linearized
;
134 if (p_save
== dn
->ext_linearized
) {
135 dn
->linearized
= talloc_strdup(dn
, "");
137 dn
->linearized
= talloc_strdup(dn
, p_save
);
139 LDB_DN_NULL_FAILED(dn
->linearized
);
141 dn
->linearized
= dn
->ext_linearized
;
142 dn
->ext_linearized
= NULL
;
145 dn
->linearized
= talloc_strdup(dn
, "");
146 LDB_DN_NULL_FAILED(dn
->linearized
);
156 /* strdn may be NULL */
157 struct ldb_dn
*ldb_dn_new(TALLOC_CTX
*mem_ctx
,
158 struct ldb_context
*ldb
,
162 blob
.data
= discard_const_p(uint8_t, strdn
);
163 blob
.length
= strdn
? strlen(strdn
) : 0;
164 return ldb_dn_from_ldb_val(mem_ctx
, ldb
, &blob
);
167 struct ldb_dn
*ldb_dn_new_fmt(TALLOC_CTX
*mem_ctx
,
168 struct ldb_context
*ldb
,
169 const char *new_fmt
, ...)
174 if ( (! mem_ctx
) || (! ldb
)) return NULL
;
176 va_start(ap
, new_fmt
);
177 strdn
= talloc_vasprintf(mem_ctx
, new_fmt
, ap
);
181 struct ldb_dn
*dn
= ldb_dn_new(mem_ctx
, ldb
, strdn
);
189 /* see RFC2253 section 2.4 */
190 static int ldb_dn_escape_internal(char *dst
, const char *src
, int len
)
199 while (p
- src
< len
) {
200 p
+= strcspn(p
, ",=\n\r+<>#;\\\" ");
202 if (p
- src
== len
) /* found no escapable chars */
205 /* copy the part of the string before the stop */
207 d
+= (p
- s
); /* move to current position */
211 if (p
== src
|| (p
-src
)==(len
-1)) {
212 /* if at the beginning or end
213 * of the string then escape */
217 /* otherwise don't escape */
223 /* despite the RFC, windows escapes a #
224 anywhere in the string */
232 /* these must be escaped using \c form */
238 /* any others get \XX form */
240 const char *hexbytes
= "0123456789ABCDEF";
241 v
= *(const unsigned char *)p
;
243 *d
++ = hexbytes
[v
>>4];
244 *d
++ = hexbytes
[v
&0xF];
249 s
= p
; /* move forward */
252 /* copy the last part (with zero) and return */
256 /* return the length of the resulting string */
257 return (l
+ (d
- dst
));
260 char *ldb_dn_escape_value(TALLOC_CTX
*mem_ctx
, struct ldb_val value
)
267 /* allocate destination string, it will be at most 3 times the source */
268 dst
= talloc_array(mem_ctx
, char, value
.length
* 3 + 1);
274 ldb_dn_escape_internal(dst
, (const char *)value
.data
, value
.length
);
276 dst
= talloc_realloc(mem_ctx
, dst
, char, strlen(dst
) + 1);
282 explode a DN string into a ldb_dn structure
283 based on RFC4514 except that we don't support multiple valued RDNs
285 TODO: according to MS-ADTS:3.1.1.5.2 Naming Constraints
286 DN must be compliant with RFC2253
288 static bool ldb_dn_explode(struct ldb_dn
*dn
)
290 char *p
, *ex_name
, *ex_value
, *data
, *d
, *dt
, *t
;
292 bool in_extended
= false;
293 bool in_ex_name
= false;
294 bool in_ex_value
= false;
295 bool in_attr
= false;
296 bool in_value
= false;
297 bool in_quote
= false;
306 if ( ! dn
|| dn
->invalid
) return false;
308 if (dn
->components
) {
312 if (dn
->ext_linearized
) {
313 parse_dn
= dn
->ext_linearized
;
315 parse_dn
= dn
->linearized
;
322 is_index
= (strncmp(parse_dn
, "DN=@INDEX:", 10) == 0);
325 if (parse_dn
[0] == '\0') {
329 /* Special DNs case */
334 /* make sure we free this if allocated previously before replacing */
335 LDB_FREE(dn
->components
);
338 LDB_FREE(dn
->ext_components
);
339 dn
->ext_comp_num
= 0;
341 /* in the common case we have 3 or more components */
342 /* make sure all components are zeroed, other functions depend on it */
343 dn
->components
= talloc_zero_array(dn
, struct ldb_dn_component
, 3);
344 if ( ! dn
->components
) {
348 /* Components data space is allocated here once */
349 data
= talloc_array(dn
->components
, char, strlen(parse_dn
) + 1);
365 if (!in_ex_name
&& !in_ex_value
) {
372 } else if (p
[0] == '\0') {
384 if (in_ex_name
&& *p
== '=') {
393 if (in_ex_value
&& *p
== '>') {
394 const struct ldb_dn_extended_syntax
*ext_syntax
;
395 struct ldb_val ex_val
= {
396 .data
= (uint8_t *)ex_value
,
397 .length
= d
- ex_value
404 /* Process name and ex_value */
406 dn
->ext_components
= talloc_realloc(dn
,
408 struct ldb_dn_ext_component
,
409 dn
->ext_comp_num
+ 1);
410 if ( ! dn
->ext_components
) {
415 ext_syntax
= ldb_dn_extended_syntax_by_name(dn
->ldb
, ex_name
);
417 /* We don't know about this type of extended DN */
421 dn
->ext_components
[dn
->ext_comp_num
].name
= talloc_strdup(dn
->ext_components
, ex_name
);
422 if (!dn
->ext_components
[dn
->ext_comp_num
].name
) {
426 ret
= ext_syntax
->read_fn(dn
->ldb
, dn
->ext_components
,
427 &ex_val
, &dn
->ext_components
[dn
->ext_comp_num
].value
);
428 if (ret
!= LDB_SUCCESS
) {
429 ldb_dn_mark_invalid(dn
);
436 /* We have reached the end (extended component only)! */
440 } else if (*p
== ';') {
444 ldb_dn_mark_invalid(dn
);
463 /* attr names must be ascii only */
464 ldb_dn_mark_invalid(dn
);
471 if ( ! isalpha(*p
)) {
472 /* not a digit nor an alpha,
473 * invalid attribute name */
474 ldb_dn_mark_invalid(dn
);
478 /* Copy this character across from parse_dn,
479 * now we have trimmed out spaces */
486 /* valid only if we are at the end */
491 if (trim
&& (*p
!= '=')) {
492 /* spaces/tabs are not allowed */
493 ldb_dn_mark_invalid(dn
);
498 /* attribute terminated */
504 /* Terminate this string in d
505 * (which is a copy of parse_dn
506 * with spaces trimmed) */
508 dn
->components
[dn
->comp_num
].name
= talloc_strdup(dn
->components
, dt
);
509 if ( ! dn
->components
[dn
->comp_num
].name
) {
521 /* attr names must be ascii only */
522 ldb_dn_mark_invalid(dn
);
526 if (is_oid
&& ( ! (isdigit(*p
) || (*p
== '.')))) {
527 /* not a digit nor a dot,
528 * invalid attribute oid */
529 ldb_dn_mark_invalid(dn
);
532 if ( ! (isalpha(*p
) || isdigit(*p
) || (*p
== '-'))) {
533 /* not ALPHA, DIGIT or HYPHEN */
534 ldb_dn_mark_invalid(dn
);
574 /* TODO: support ber encoded values
585 /* ok found value terminator */
599 dn
->components
[dn
->comp_num
].value
.data
= (uint8_t *)talloc_strdup(dn
->components
, dt
);
600 dn
->components
[dn
->comp_num
].value
.length
= l
;
601 if ( ! dn
->components
[dn
->comp_num
].value
.data
) {
609 if (dn
->comp_num
> 2) {
610 dn
->components
= talloc_realloc(dn
,
612 struct ldb_dn_component
,
614 if ( ! dn
->components
) {
618 /* make sure all components are zeroed, other functions depend on this */
619 memset(&dn
->components
[dn
->comp_num
], '\0', sizeof(struct ldb_dn_component
));
626 /* to main compatibility with earlier
627 versions of ldb indexing, we have to
628 accept the base64 encoded binary index
629 values, which contain a '+' or '='
630 which should normally be escaped */
642 /* a string with not escaped specials is invalid (tested) */
644 ldb_dn_mark_invalid(dn
);
671 if (isxdigit(p
[0]) && isxdigit(p
[1])) {
672 if (sscanf(p
, "%02x", &x
) != 1) {
673 /* invalid escaping sequence */
674 ldb_dn_mark_invalid(dn
);
678 *d
++ = (unsigned char)x
;
704 if (in_attr
|| in_quote
) {
706 ldb_dn_mark_invalid(dn
);
710 /* save last element */
718 dn
->components
[dn
->comp_num
].value
.length
= l
;
719 dn
->components
[dn
->comp_num
].value
.data
=
720 (uint8_t *)talloc_strdup(dn
->components
, dt
);
721 if ( ! dn
->components
[dn
->comp_num
].value
.data
) {
733 talloc_free(dn
->components
);
737 bool ldb_dn_validate(struct ldb_dn
*dn
)
739 return ldb_dn_explode(dn
);
742 const char *ldb_dn_get_linearized(struct ldb_dn
*dn
)
748 if ( ! dn
|| ( dn
->invalid
)) return NULL
;
750 if (dn
->linearized
) return dn
->linearized
;
752 if ( ! dn
->components
) {
753 ldb_dn_mark_invalid(dn
);
757 if (dn
->comp_num
== 0) {
758 dn
->linearized
= talloc_strdup(dn
, "");
759 if ( ! dn
->linearized
) return NULL
;
760 return dn
->linearized
;
763 /* calculate maximum possible length of DN */
764 for (len
= 0, i
= 0; i
< dn
->comp_num
; i
++) {
766 len
+= strlen(dn
->components
[i
].name
);
767 /* max escaped data len */
768 len
+= (dn
->components
[i
].value
.length
* 3);
769 len
+= 2; /* '=' and ',' */
771 dn
->linearized
= talloc_array(dn
, char, len
);
772 if ( ! dn
->linearized
) return NULL
;
776 for (i
= 0; i
< dn
->comp_num
; i
++) {
779 n
= dn
->components
[i
].name
;
780 while (*n
) *d
++ = *n
++;
785 d
+= ldb_dn_escape_internal( d
,
786 (char *)dn
->components
[i
].value
.data
,
787 dn
->components
[i
].value
.length
);
793 /* don't waste more memory than necessary */
794 dn
->linearized
= talloc_realloc(dn
, dn
->linearized
,
795 char, (d
- dn
->linearized
+ 1));
797 return dn
->linearized
;
800 static int ldb_dn_extended_component_compare(const void *p1
, const void *p2
)
802 const struct ldb_dn_ext_component
*ec1
= (const struct ldb_dn_ext_component
*)p1
;
803 const struct ldb_dn_ext_component
*ec2
= (const struct ldb_dn_ext_component
*)p2
;
804 return strcmp(ec1
->name
, ec2
->name
);
807 char *ldb_dn_get_extended_linearized(TALLOC_CTX
*mem_ctx
, struct ldb_dn
*dn
, int mode
)
809 const char *linearized
= ldb_dn_get_linearized(dn
);
817 if (!ldb_dn_has_extended(dn
)) {
818 return talloc_strdup(mem_ctx
, linearized
);
821 if (!ldb_dn_validate(dn
)) {
825 /* sort the extended components by name. The idea is to make
826 * the resulting DNs consistent, plus to ensure that we put
827 * 'DELETED' first, so it can be very quickly recognised
829 TYPESAFE_QSORT(dn
->ext_components
, dn
->ext_comp_num
,
830 ldb_dn_extended_component_compare
);
832 for (i
= 0; i
< dn
->ext_comp_num
; i
++) {
833 const struct ldb_dn_extended_syntax
*ext_syntax
;
834 const char *name
= dn
->ext_components
[i
].name
;
835 struct ldb_val ec_val
= dn
->ext_components
[i
].value
;
839 ext_syntax
= ldb_dn_extended_syntax_by_name(dn
->ldb
, name
);
845 ret
= ext_syntax
->write_clear_fn(dn
->ldb
, mem_ctx
,
847 } else if (mode
== 0) {
848 ret
= ext_syntax
->write_hex_fn(dn
->ldb
, mem_ctx
,
854 if (ret
!= LDB_SUCCESS
) {
859 p
= talloc_asprintf(mem_ctx
, "<%s=%s>",
862 p
= talloc_asprintf_append_buffer(p
, ";<%s=%s>",
866 talloc_free(val
.data
);
873 if (dn
->ext_comp_num
&& *linearized
) {
874 p
= talloc_asprintf_append_buffer(p
, ";%s", linearized
);
885 filter out all but an acceptable list of extended DN components
887 void ldb_dn_extended_filter(struct ldb_dn
*dn
, const char * const *accept
)
890 for (i
=0; i
<dn
->ext_comp_num
; i
++) {
891 if (!ldb_attr_in_list(accept
, dn
->ext_components
[i
].name
)) {
892 memmove(&dn
->ext_components
[i
],
893 &dn
->ext_components
[i
+1],
894 (dn
->ext_comp_num
-(i
+1))*sizeof(dn
->ext_components
[0]));
899 LDB_FREE(dn
->ext_linearized
);
903 char *ldb_dn_alloc_linearized(TALLOC_CTX
*mem_ctx
, struct ldb_dn
*dn
)
905 return talloc_strdup(mem_ctx
, ldb_dn_get_linearized(dn
));
909 casefold a dn. We need to casefold the attribute names, and canonicalize
910 attribute values of case insensitive attributes.
913 static bool ldb_dn_casefold_internal(struct ldb_dn
*dn
)
918 if ( ! dn
|| dn
->invalid
) return false;
920 if (dn
->valid_case
) return true;
922 if (( ! dn
->components
) && ( ! ldb_dn_explode(dn
))) {
926 for (i
= 0; i
< dn
->comp_num
; i
++) {
927 const struct ldb_schema_attribute
*a
;
929 dn
->components
[i
].cf_name
=
930 ldb_attr_casefold(dn
->components
,
931 dn
->components
[i
].name
);
932 if (!dn
->components
[i
].cf_name
) {
936 a
= ldb_schema_attribute_by_name(dn
->ldb
,
937 dn
->components
[i
].cf_name
);
939 ret
= a
->syntax
->canonicalise_fn(dn
->ldb
, dn
->components
,
940 &(dn
->components
[i
].value
),
941 &(dn
->components
[i
].cf_value
));
947 dn
->valid_case
= true;
952 for (i
= 0; i
< dn
->comp_num
; i
++) {
953 LDB_FREE(dn
->components
[i
].cf_name
);
954 LDB_FREE(dn
->components
[i
].cf_value
.data
);
959 const char *ldb_dn_get_casefold(struct ldb_dn
*dn
)
965 if (dn
->casefold
) return dn
->casefold
;
968 dn
->casefold
= talloc_strdup(dn
, dn
->linearized
);
969 if (!dn
->casefold
) return NULL
;
970 dn
->valid_case
= true;
974 if ( ! ldb_dn_casefold_internal(dn
)) {
978 if (dn
->comp_num
== 0) {
979 dn
->casefold
= talloc_strdup(dn
, "");
983 /* calculate maximum possible length of DN */
984 for (len
= 0, i
= 0; i
< dn
->comp_num
; i
++) {
986 len
+= strlen(dn
->components
[i
].cf_name
);
987 /* max escaped data len */
988 len
+= (dn
->components
[i
].cf_value
.length
* 3);
989 len
+= 2; /* '=' and ',' */
991 dn
->casefold
= talloc_array(dn
, char, len
);
992 if ( ! dn
->casefold
) return NULL
;
996 for (i
= 0; i
< dn
->comp_num
; i
++) {
999 n
= dn
->components
[i
].cf_name
;
1000 while (*n
) *d
++ = *n
++;
1005 d
+= ldb_dn_escape_internal( d
,
1006 (char *)dn
->components
[i
].cf_value
.data
,
1007 dn
->components
[i
].cf_value
.length
);
1012 /* don't waste more memory than necessary */
1013 dn
->casefold
= talloc_realloc(dn
, dn
->casefold
,
1014 char, strlen(dn
->casefold
) + 1);
1016 return dn
->casefold
;
1019 char *ldb_dn_alloc_casefold(TALLOC_CTX
*mem_ctx
, struct ldb_dn
*dn
)
1021 return talloc_strdup(mem_ctx
, ldb_dn_get_casefold(dn
));
1024 /* Determine if dn is below base, in the ldap tree. Used for
1025 * evaluating a subtree search.
1026 * 0 if they match, otherwise non-zero
1029 int ldb_dn_compare_base(struct ldb_dn
*base
, struct ldb_dn
*dn
)
1032 long long int n_base
, n_dn
;
1034 if ( ! base
|| base
->invalid
) return 1;
1035 if ( ! dn
|| dn
->invalid
) return -1;
1037 if (( ! base
->valid_case
) || ( ! dn
->valid_case
)) {
1038 if (base
->linearized
&& dn
->linearized
) {
1039 /* try with a normal compare first, if we are lucky
1040 * we will avoid exploding and casfolding */
1042 dif
= strlen(dn
->linearized
) - strlen(base
->linearized
);
1046 if (strcmp(base
->linearized
,
1047 &dn
->linearized
[dif
]) == 0) {
1052 if ( ! ldb_dn_casefold_internal(base
)) {
1056 if ( ! ldb_dn_casefold_internal(dn
)) {
1062 /* if base has more components,
1063 * they don't have the same base */
1064 if (base
->comp_num
> dn
->comp_num
) {
1065 return (dn
->comp_num
- base
->comp_num
);
1068 if ((dn
->comp_num
== 0) || (base
->comp_num
== 0)) {
1069 if (dn
->special
&& base
->special
) {
1070 return strcmp(base
->linearized
, dn
->linearized
);
1071 } else if (dn
->special
) {
1073 } else if (base
->special
) {
1080 n_base
= base
->comp_num
- 1;
1081 n_dn
= dn
->comp_num
- 1;
1083 while (n_base
>= 0) {
1084 char *b_name
= base
->components
[n_base
].cf_name
;
1085 char *dn_name
= dn
->components
[n_dn
].cf_name
;
1087 char *b_vdata
= (char *)base
->components
[n_base
].cf_value
.data
;
1088 char *dn_vdata
= (char *)dn
->components
[n_dn
].cf_value
.data
;
1090 size_t b_vlen
= base
->components
[n_base
].cf_value
.length
;
1091 size_t dn_vlen
= dn
->components
[n_dn
].cf_value
.length
;
1093 /* compare attr names */
1094 ret
= strcmp(b_name
, dn_name
);
1095 if (ret
!= 0) return ret
;
1097 /* compare attr.cf_value. */
1098 if (b_vlen
!= dn_vlen
) {
1099 return b_vlen
- dn_vlen
;
1101 ret
= strcmp(b_vdata
, dn_vdata
);
1102 if (ret
!= 0) return ret
;
1111 /* compare DNs using casefolding compare functions.
1113 If they match, then return 0
1116 int ldb_dn_compare(struct ldb_dn
*dn0
, struct ldb_dn
*dn1
)
1121 if (( ! dn0
) || dn0
->invalid
|| ! dn1
|| dn1
->invalid
) {
1125 if (( ! dn0
->valid_case
) || ( ! dn1
->valid_case
)) {
1126 if (dn0
->linearized
&& dn1
->linearized
) {
1127 /* try with a normal compare first, if we are lucky
1128 * we will avoid exploding and casfolding */
1129 if (strcmp(dn0
->linearized
, dn1
->linearized
) == 0) {
1134 if ( ! ldb_dn_casefold_internal(dn0
)) {
1138 if ( ! ldb_dn_casefold_internal(dn1
)) {
1144 if (dn0
->comp_num
!= dn1
->comp_num
) {
1145 return (dn1
->comp_num
- dn0
->comp_num
);
1148 if (dn0
->comp_num
== 0) {
1149 if (dn0
->special
&& dn1
->special
) {
1150 return strcmp(dn0
->linearized
, dn1
->linearized
);
1151 } else if (dn0
->special
) {
1153 } else if (dn1
->special
) {
1160 for (i
= 0; i
< dn0
->comp_num
; i
++) {
1161 char *dn0_name
= dn0
->components
[i
].cf_name
;
1162 char *dn1_name
= dn1
->components
[i
].cf_name
;
1164 char *dn0_vdata
= (char *)dn0
->components
[i
].cf_value
.data
;
1165 char *dn1_vdata
= (char *)dn1
->components
[i
].cf_value
.data
;
1167 size_t dn0_vlen
= dn0
->components
[i
].cf_value
.length
;
1168 size_t dn1_vlen
= dn1
->components
[i
].cf_value
.length
;
1170 /* compare attr names */
1171 ret
= strcmp(dn0_name
, dn1_name
);
1176 /* compare attr.cf_value. */
1177 if (dn0_vlen
!= dn1_vlen
) {
1178 return dn0_vlen
- dn1_vlen
;
1180 ret
= strcmp(dn0_vdata
, dn1_vdata
);
1189 static struct ldb_dn_component
ldb_dn_copy_component(
1190 TALLOC_CTX
*mem_ctx
,
1191 struct ldb_dn_component
*src
)
1193 struct ldb_dn_component dst
;
1195 memset(&dst
, 0, sizeof(dst
));
1201 dst
.value
= ldb_val_dup(mem_ctx
, &(src
->value
));
1202 if (dst
.value
.data
== NULL
) {
1206 dst
.name
= talloc_strdup(mem_ctx
, src
->name
);
1207 if (dst
.name
== NULL
) {
1208 LDB_FREE(dst
.value
.data
);
1212 if (src
->cf_value
.data
) {
1213 dst
.cf_value
= ldb_val_dup(mem_ctx
, &(src
->cf_value
));
1214 if (dst
.cf_value
.data
== NULL
) {
1215 LDB_FREE(dst
.value
.data
);
1220 dst
.cf_name
= talloc_strdup(mem_ctx
, src
->cf_name
);
1221 if (dst
.cf_name
== NULL
) {
1222 LDB_FREE(dst
.cf_name
);
1223 LDB_FREE(dst
.value
.data
);
1228 dst
.cf_value
.data
= NULL
;
1235 static struct ldb_dn_ext_component
ldb_dn_ext_copy_component(
1236 TALLOC_CTX
*mem_ctx
,
1237 struct ldb_dn_ext_component
*src
)
1239 struct ldb_dn_ext_component dst
;
1241 memset(&dst
, 0, sizeof(dst
));
1247 dst
.value
= ldb_val_dup(mem_ctx
, &(src
->value
));
1248 if (dst
.value
.data
== NULL
) {
1252 dst
.name
= talloc_strdup(mem_ctx
, src
->name
);
1253 if (dst
.name
== NULL
) {
1254 LDB_FREE(dst
.value
.data
);
1261 struct ldb_dn
*ldb_dn_copy(TALLOC_CTX
*mem_ctx
, struct ldb_dn
*dn
)
1263 struct ldb_dn
*new_dn
;
1265 if (!dn
|| dn
->invalid
) {
1269 new_dn
= talloc_zero(mem_ctx
, struct ldb_dn
);
1276 if (dn
->components
) {
1279 new_dn
->components
=
1280 talloc_zero_array(new_dn
,
1281 struct ldb_dn_component
,
1283 if ( ! new_dn
->components
) {
1284 talloc_free(new_dn
);
1288 for (i
= 0; i
< dn
->comp_num
; i
++) {
1289 new_dn
->components
[i
] =
1290 ldb_dn_copy_component(new_dn
->components
,
1291 &dn
->components
[i
]);
1292 if ( ! new_dn
->components
[i
].value
.data
) {
1293 talloc_free(new_dn
);
1299 if (dn
->ext_components
) {
1302 new_dn
->ext_components
=
1303 talloc_zero_array(new_dn
,
1304 struct ldb_dn_ext_component
,
1306 if ( ! new_dn
->ext_components
) {
1307 talloc_free(new_dn
);
1311 for (i
= 0; i
< dn
->ext_comp_num
; i
++) {
1312 new_dn
->ext_components
[i
] =
1313 ldb_dn_ext_copy_component(
1314 new_dn
->ext_components
,
1315 &dn
->ext_components
[i
]);
1316 if ( ! new_dn
->ext_components
[i
].value
.data
) {
1317 talloc_free(new_dn
);
1324 new_dn
->casefold
= talloc_strdup(new_dn
, dn
->casefold
);
1325 if ( ! new_dn
->casefold
) {
1326 talloc_free(new_dn
);
1331 if (dn
->linearized
) {
1332 new_dn
->linearized
= talloc_strdup(new_dn
, dn
->linearized
);
1333 if ( ! new_dn
->linearized
) {
1334 talloc_free(new_dn
);
1339 if (dn
->ext_linearized
) {
1340 new_dn
->ext_linearized
= talloc_strdup(new_dn
,
1341 dn
->ext_linearized
);
1342 if ( ! new_dn
->ext_linearized
) {
1343 talloc_free(new_dn
);
1351 /* modify the given dn by adding a base.
1353 * return true if successful and false if not
1354 * if false is returned the dn may be marked invalid
1356 bool ldb_dn_add_base(struct ldb_dn
*dn
, struct ldb_dn
*base
)
1361 if ( !base
|| base
->invalid
|| !dn
|| dn
->invalid
) {
1365 if (dn
->components
) {
1368 if ( ! ldb_dn_validate(base
)) {
1373 if (dn
->valid_case
) {
1374 if ( ! (s
= ldb_dn_get_casefold(base
))) {
1379 dn
->components
= talloc_realloc(dn
,
1381 struct ldb_dn_component
,
1382 dn
->comp_num
+ base
->comp_num
);
1383 if ( ! dn
->components
) {
1384 ldb_dn_mark_invalid(dn
);
1388 for (i
= 0; i
< base
->comp_num
; dn
->comp_num
++, i
++) {
1389 dn
->components
[dn
->comp_num
] =
1390 ldb_dn_copy_component(dn
->components
,
1391 &base
->components
[i
]);
1392 if (dn
->components
[dn
->comp_num
].value
.data
== NULL
) {
1393 ldb_dn_mark_invalid(dn
);
1398 if (dn
->casefold
&& s
) {
1399 if (*dn
->casefold
) {
1400 t
= talloc_asprintf(dn
, "%s,%s",
1403 t
= talloc_strdup(dn
, s
);
1405 LDB_FREE(dn
->casefold
);
1410 if (dn
->linearized
) {
1412 s
= ldb_dn_get_linearized(base
);
1417 if (*dn
->linearized
) {
1418 t
= talloc_asprintf(dn
, "%s,%s",
1421 t
= talloc_strdup(dn
, s
);
1424 ldb_dn_mark_invalid(dn
);
1427 LDB_FREE(dn
->linearized
);
1431 /* Wipe the ext_linearized DN,
1432 * the GUID and SID are almost certainly no longer valid */
1433 LDB_FREE(dn
->ext_linearized
);
1434 LDB_FREE(dn
->ext_components
);
1435 dn
->ext_comp_num
= 0;
1440 /* modify the given dn by adding a base.
1442 * return true if successful and false if not
1443 * if false is returned the dn may be marked invalid
1445 bool ldb_dn_add_base_fmt(struct ldb_dn
*dn
, const char *base_fmt
, ...)
1447 struct ldb_dn
*base
;
1452 if ( !dn
|| dn
->invalid
) {
1456 va_start(ap
, base_fmt
);
1457 base_str
= talloc_vasprintf(dn
, base_fmt
, ap
);
1460 if (base_str
== NULL
) {
1464 base
= ldb_dn_new(base_str
, dn
->ldb
, base_str
);
1466 ret
= ldb_dn_add_base(dn
, base
);
1468 talloc_free(base_str
);
1473 /* modify the given dn by adding children elements.
1475 * return true if successful and false if not
1476 * if false is returned the dn may be marked invalid
1478 bool ldb_dn_add_child(struct ldb_dn
*dn
, struct ldb_dn
*child
)
1483 if ( !child
|| child
->invalid
|| !dn
|| dn
->invalid
) {
1487 if (dn
->components
) {
1491 if (dn
->comp_num
== 0) {
1495 if ( ! ldb_dn_validate(child
)) {
1500 if (dn
->valid_case
) {
1501 if ( ! (s
= ldb_dn_get_casefold(child
))) {
1506 n
= dn
->comp_num
+ child
->comp_num
;
1508 dn
->components
= talloc_realloc(dn
,
1510 struct ldb_dn_component
,
1512 if ( ! dn
->components
) {
1513 ldb_dn_mark_invalid(dn
);
1517 for (i
= dn
->comp_num
- 1, j
= n
- 1; i
!= (unsigned int) -1;
1519 dn
->components
[j
] = dn
->components
[i
];
1522 for (i
= 0; i
< child
->comp_num
; i
++) {
1524 ldb_dn_copy_component(dn
->components
,
1525 &child
->components
[i
]);
1526 if (dn
->components
[i
].value
.data
== NULL
) {
1527 ldb_dn_mark_invalid(dn
);
1534 if (dn
->casefold
&& s
) {
1535 t
= talloc_asprintf(dn
, "%s,%s", s
, dn
->casefold
);
1536 LDB_FREE(dn
->casefold
);
1541 if (dn
->linearized
) {
1542 if (dn
->linearized
[0] == '\0') {
1546 s
= ldb_dn_get_linearized(child
);
1551 t
= talloc_asprintf(dn
, "%s,%s", s
, dn
->linearized
);
1553 ldb_dn_mark_invalid(dn
);
1556 LDB_FREE(dn
->linearized
);
1560 /* Wipe the ext_linearized DN,
1561 * the GUID and SID are almost certainly no longer valid */
1562 LDB_FREE(dn
->ext_linearized
);
1563 LDB_FREE(dn
->ext_components
);
1564 dn
->ext_comp_num
= 0;
1569 /* modify the given dn by adding children elements.
1571 * return true if successful and false if not
1572 * if false is returned the dn may be marked invalid
1574 bool ldb_dn_add_child_fmt(struct ldb_dn
*dn
, const char *child_fmt
, ...)
1576 struct ldb_dn
*child
;
1581 if ( !dn
|| dn
->invalid
) {
1585 va_start(ap
, child_fmt
);
1586 child_str
= talloc_vasprintf(dn
, child_fmt
, ap
);
1589 if (child_str
== NULL
) {
1593 child
= ldb_dn_new(child_str
, dn
->ldb
, child_str
);
1595 ret
= ldb_dn_add_child(dn
, child
);
1597 talloc_free(child_str
);
1602 bool ldb_dn_remove_base_components(struct ldb_dn
*dn
, unsigned int num
)
1606 if ( ! ldb_dn_validate(dn
)) {
1610 if (dn
->comp_num
< num
) {
1614 /* free components */
1615 for (i
= dn
->comp_num
- num
; i
< dn
->comp_num
; i
++) {
1616 LDB_FREE(dn
->components
[i
].name
);
1617 LDB_FREE(dn
->components
[i
].value
.data
);
1618 LDB_FREE(dn
->components
[i
].cf_name
);
1619 LDB_FREE(dn
->components
[i
].cf_value
.data
);
1622 dn
->comp_num
-= num
;
1624 if (dn
->valid_case
) {
1625 for (i
= 0; i
< dn
->comp_num
; i
++) {
1626 LDB_FREE(dn
->components
[i
].cf_name
);
1627 LDB_FREE(dn
->components
[i
].cf_value
.data
);
1629 dn
->valid_case
= false;
1632 LDB_FREE(dn
->casefold
);
1633 LDB_FREE(dn
->linearized
);
1635 /* Wipe the ext_linearized DN,
1636 * the GUID and SID are almost certainly no longer valid */
1637 LDB_FREE(dn
->ext_linearized
);
1638 LDB_FREE(dn
->ext_components
);
1639 dn
->ext_comp_num
= 0;
1644 bool ldb_dn_remove_child_components(struct ldb_dn
*dn
, unsigned int num
)
1648 if ( ! ldb_dn_validate(dn
)) {
1652 if (dn
->comp_num
< num
) {
1656 for (i
= 0, j
= num
; j
< dn
->comp_num
; i
++, j
++) {
1658 LDB_FREE(dn
->components
[i
].name
);
1659 LDB_FREE(dn
->components
[i
].value
.data
);
1660 LDB_FREE(dn
->components
[i
].cf_name
);
1661 LDB_FREE(dn
->components
[i
].cf_value
.data
);
1663 dn
->components
[i
] = dn
->components
[j
];
1666 dn
->comp_num
-= num
;
1668 if (dn
->valid_case
) {
1669 for (i
= 0; i
< dn
->comp_num
; i
++) {
1670 LDB_FREE(dn
->components
[i
].cf_name
);
1671 LDB_FREE(dn
->components
[i
].cf_value
.data
);
1673 dn
->valid_case
= false;
1676 LDB_FREE(dn
->casefold
);
1677 LDB_FREE(dn
->linearized
);
1679 /* Wipe the ext_linearized DN,
1680 * the GUID and SID are almost certainly no longer valid */
1681 LDB_FREE(dn
->ext_linearized
);
1682 LDB_FREE(dn
->ext_components
);
1683 dn
->ext_comp_num
= 0;
1688 struct ldb_dn
*ldb_dn_get_parent(TALLOC_CTX
*mem_ctx
, struct ldb_dn
*dn
)
1690 struct ldb_dn
*new_dn
;
1692 new_dn
= ldb_dn_copy(mem_ctx
, dn
);
1697 if ( ! ldb_dn_remove_child_components(new_dn
, 1)) {
1698 talloc_free(new_dn
);
1705 /* Create a 'canonical name' string from a DN:
1707 ie dc=samba,dc=org -> samba.org/
1708 uid=administrator,ou=users,dc=samba,dc=org = samba.org/users/administrator
1710 There are two formats,
1711 the EX format has the last '/' replaced with a newline (\n).
1714 static char *ldb_dn_canonical(TALLOC_CTX
*mem_ctx
, struct ldb_dn
*dn
, int ex_format
) {
1717 char *cracked
= NULL
;
1718 const char *format
= (ex_format
? "\n" : "/" );
1720 if ( ! ldb_dn_validate(dn
)) {
1724 tmpctx
= talloc_new(mem_ctx
);
1726 /* Walk backwards down the DN, grabbing 'dc' components at first */
1727 for (i
= dn
->comp_num
- 1; i
!= (unsigned int) -1; i
--) {
1728 if (ldb_attr_cmp(dn
->components
[i
].name
, "dc") != 0) {
1732 cracked
= talloc_asprintf(tmpctx
, "%s.%s",
1733 ldb_dn_escape_value(tmpctx
,
1734 dn
->components
[i
].value
),
1737 cracked
= ldb_dn_escape_value(tmpctx
,
1738 dn
->components
[i
].value
);
1745 /* Only domain components? Finish here */
1746 if (i
== (unsigned int) -1) {
1747 cracked
= talloc_strdup_append_buffer(cracked
, format
);
1748 talloc_steal(mem_ctx
, cracked
);
1752 /* Now walk backwards appending remaining components */
1753 for (; i
> 0; i
--) {
1754 cracked
= talloc_asprintf_append_buffer(cracked
, "/%s",
1755 ldb_dn_escape_value(tmpctx
,
1756 dn
->components
[i
].value
));
1762 /* Last one, possibly a newline for the 'ex' format */
1763 cracked
= talloc_asprintf_append_buffer(cracked
, "%s%s", format
,
1764 ldb_dn_escape_value(tmpctx
,
1765 dn
->components
[i
].value
));
1767 talloc_steal(mem_ctx
, cracked
);
1769 talloc_free(tmpctx
);
1773 /* Wrapper functions for the above, for the two different string formats */
1774 char *ldb_dn_canonical_string(TALLOC_CTX
*mem_ctx
, struct ldb_dn
*dn
) {
1775 return ldb_dn_canonical(mem_ctx
, dn
, 0);
1779 char *ldb_dn_canonical_ex_string(TALLOC_CTX
*mem_ctx
, struct ldb_dn
*dn
) {
1780 return ldb_dn_canonical(mem_ctx
, dn
, 1);
1783 int ldb_dn_get_comp_num(struct ldb_dn
*dn
)
1785 if ( ! ldb_dn_validate(dn
)) {
1788 return dn
->comp_num
;
1791 const char *ldb_dn_get_component_name(struct ldb_dn
*dn
, unsigned int num
)
1793 if ( ! ldb_dn_validate(dn
)) {
1796 if (num
>= dn
->comp_num
) return NULL
;
1797 return dn
->components
[num
].name
;
1800 const struct ldb_val
*ldb_dn_get_component_val(struct ldb_dn
*dn
,
1803 if ( ! ldb_dn_validate(dn
)) {
1806 if (num
>= dn
->comp_num
) return NULL
;
1807 return &dn
->components
[num
].value
;
1810 const char *ldb_dn_get_rdn_name(struct ldb_dn
*dn
)
1812 if ( ! ldb_dn_validate(dn
)) {
1815 if (dn
->comp_num
== 0) return NULL
;
1816 return dn
->components
[0].name
;
1819 const struct ldb_val
*ldb_dn_get_rdn_val(struct ldb_dn
*dn
)
1821 if ( ! ldb_dn_validate(dn
)) {
1824 if (dn
->comp_num
== 0) return NULL
;
1825 return &dn
->components
[0].value
;
1828 int ldb_dn_set_component(struct ldb_dn
*dn
, int num
,
1829 const char *name
, const struct ldb_val val
)
1834 if ( ! ldb_dn_validate(dn
)) {
1835 return LDB_ERR_OTHER
;
1838 if (num
>= dn
->comp_num
) {
1839 return LDB_ERR_OTHER
;
1842 n
= talloc_strdup(dn
, name
);
1844 return LDB_ERR_OTHER
;
1847 v
.length
= val
.length
;
1848 v
.data
= (uint8_t *)talloc_memdup(dn
, val
.data
, v
.length
+1);
1851 return LDB_ERR_OTHER
;
1854 talloc_free(dn
->components
[num
].name
);
1855 talloc_free(dn
->components
[num
].value
.data
);
1856 dn
->components
[num
].name
= n
;
1857 dn
->components
[num
].value
= v
;
1859 if (dn
->valid_case
) {
1861 for (i
= 0; i
< dn
->comp_num
; i
++) {
1862 LDB_FREE(dn
->components
[i
].cf_name
);
1863 LDB_FREE(dn
->components
[i
].cf_value
.data
);
1865 dn
->valid_case
= false;
1867 LDB_FREE(dn
->casefold
);
1868 LDB_FREE(dn
->linearized
);
1870 /* Wipe the ext_linearized DN,
1871 * the GUID and SID are almost certainly no longer valid */
1872 LDB_FREE(dn
->ext_linearized
);
1873 LDB_FREE(dn
->ext_components
);
1874 dn
->ext_comp_num
= 0;
1879 const struct ldb_val
*ldb_dn_get_extended_component(struct ldb_dn
*dn
,
1883 if ( ! ldb_dn_validate(dn
)) {
1886 for (i
=0; i
< dn
->ext_comp_num
; i
++) {
1887 if (ldb_attr_cmp(dn
->ext_components
[i
].name
, name
) == 0) {
1888 return &dn
->ext_components
[i
].value
;
1894 int ldb_dn_set_extended_component(struct ldb_dn
*dn
,
1895 const char *name
, const struct ldb_val
*val
)
1897 struct ldb_dn_ext_component
*p
;
1901 if ( ! ldb_dn_validate(dn
)) {
1902 return LDB_ERR_OTHER
;
1905 if (!ldb_dn_extended_syntax_by_name(dn
->ldb
, name
)) {
1906 /* We don't know how to handle this type of thing */
1907 return LDB_ERR_INVALID_DN_SYNTAX
;
1910 for (i
=0; i
< dn
->ext_comp_num
; i
++) {
1911 if (ldb_attr_cmp(dn
->ext_components
[i
].name
, name
) == 0) {
1913 dn
->ext_components
[i
].value
=
1914 ldb_val_dup(dn
->ext_components
, val
);
1916 dn
->ext_components
[i
].name
=
1917 talloc_strdup(dn
->ext_components
, name
);
1918 if (!dn
->ext_components
[i
].name
||
1919 !dn
->ext_components
[i
].value
.data
) {
1920 ldb_dn_mark_invalid(dn
);
1921 return LDB_ERR_OPERATIONS_ERROR
;
1924 if (i
!= (dn
->ext_comp_num
- 1)) {
1925 memmove(&dn
->ext_components
[i
],
1926 &dn
->ext_components
[i
+1],
1927 ((dn
->ext_comp_num
-1) - i
) *
1928 sizeof(*dn
->ext_components
));
1932 dn
->ext_components
= talloc_realloc(dn
,
1934 struct ldb_dn_ext_component
,
1936 if (!dn
->ext_components
) {
1937 ldb_dn_mark_invalid(dn
);
1938 return LDB_ERR_OPERATIONS_ERROR
;
1941 LDB_FREE(dn
->ext_linearized
);
1948 /* removing a value that doesn't exist is not an error */
1954 p
= dn
->ext_components
1955 = talloc_realloc(dn
,
1957 struct ldb_dn_ext_component
,
1958 dn
->ext_comp_num
+ 1);
1959 if (!dn
->ext_components
) {
1960 ldb_dn_mark_invalid(dn
);
1961 return LDB_ERR_OPERATIONS_ERROR
;
1964 p
[dn
->ext_comp_num
].value
= ldb_val_dup(dn
->ext_components
, &v2
);
1965 p
[dn
->ext_comp_num
].name
= talloc_strdup(p
, name
);
1967 if (!dn
->ext_components
[i
].name
|| !dn
->ext_components
[i
].value
.data
) {
1968 ldb_dn_mark_invalid(dn
);
1969 return LDB_ERR_OPERATIONS_ERROR
;
1971 dn
->ext_components
= p
;
1974 LDB_FREE(dn
->ext_linearized
);
1979 void ldb_dn_remove_extended_components(struct ldb_dn
*dn
)
1981 LDB_FREE(dn
->ext_linearized
);
1982 LDB_FREE(dn
->ext_components
);
1983 dn
->ext_comp_num
= 0;
1986 bool ldb_dn_is_valid(struct ldb_dn
*dn
)
1988 if ( ! dn
) return false;
1989 return ! dn
->invalid
;
1992 bool ldb_dn_is_special(struct ldb_dn
*dn
)
1994 if ( ! dn
|| dn
->invalid
) return false;
1998 bool ldb_dn_has_extended(struct ldb_dn
*dn
)
2000 if ( ! dn
|| dn
->invalid
) return false;
2001 if (dn
->ext_linearized
&& (dn
->ext_linearized
[0] == '<')) return true;
2002 return dn
->ext_comp_num
!= 0;
2005 bool ldb_dn_check_special(struct ldb_dn
*dn
, const char *check
)
2007 if ( ! dn
|| dn
->invalid
) return false;
2008 return ! strcmp(dn
->linearized
, check
);
2011 bool ldb_dn_is_null(struct ldb_dn
*dn
)
2013 if ( ! dn
|| dn
->invalid
) return false;
2014 if (ldb_dn_has_extended(dn
)) return false;
2015 if (dn
->linearized
&& (dn
->linearized
[0] == '\0')) return true;
2020 this updates dn->components, taking the components from ref_dn.
2021 This is used by code that wants to update the DN path of a DN
2022 while not impacting on the extended DN components
2024 int ldb_dn_update_components(struct ldb_dn
*dn
, const struct ldb_dn
*ref_dn
)
2026 dn
->components
= talloc_realloc(dn
, dn
->components
,
2027 struct ldb_dn_component
, ref_dn
->comp_num
);
2028 if (!dn
->components
) {
2029 return LDB_ERR_OPERATIONS_ERROR
;
2031 memcpy(dn
->components
, ref_dn
->components
,
2032 sizeof(struct ldb_dn_component
)*ref_dn
->comp_num
);
2033 dn
->comp_num
= ref_dn
->comp_num
;
2035 LDB_FREE(dn
->casefold
);
2036 LDB_FREE(dn
->linearized
);
2037 LDB_FREE(dn
->ext_linearized
);