2 ldb database library - ldif handlers for Samba
4 Copyright (C) Andrew Tridgell 2005
5 Copyright (C) Andrew Bartlett 2006
6 ** NOTE! The following LGPL license applies to the ldb
7 ** library. This does NOT imply that all of Samba is released
10 This library is free software; you can redistribute it and/or
11 modify it under the terms of the GNU Lesser General Public
12 License as published by the Free Software Foundation; either
13 version 2 of the License, or (at your option) any later version.
15 This library is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 Lesser General Public License for more details.
20 You should have received a copy of the GNU Lesser General Public
21 License along with this library; if not, write to the Free Software
22 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
26 #include "ldb/include/includes.h"
28 #include "librpc/gen_ndr/ndr_security.h"
29 #include "librpc/gen_ndr/ndr_misc.h"
30 #include "dsdb/samdb/samdb.h"
31 #include "libcli/security/security.h"
34 convert a ldif formatted objectSid to a NDR formatted blob
36 static int ldif_read_objectSid(struct ldb_context
*ldb
, void *mem_ctx
,
37 const struct ldb_val
*in
, struct ldb_val
*out
)
41 sid
= dom_sid_parse_talloc(mem_ctx
, (const char *)in
->data
);
45 status
= ndr_push_struct_blob(out
, mem_ctx
, sid
,
46 (ndr_push_flags_fn_t
)ndr_push_dom_sid
);
48 if (!NT_STATUS_IS_OK(status
)) {
55 convert a NDR formatted blob to a ldif formatted objectSid
57 static int ldif_write_objectSid(struct ldb_context
*ldb
, void *mem_ctx
,
58 const struct ldb_val
*in
, struct ldb_val
*out
)
62 sid
= talloc(mem_ctx
, struct dom_sid
);
66 status
= ndr_pull_struct_blob(in
, sid
, sid
,
67 (ndr_pull_flags_fn_t
)ndr_pull_dom_sid
);
68 if (!NT_STATUS_IS_OK(status
)) {
72 out
->data
= (uint8_t *)dom_sid_string(mem_ctx
, sid
);
74 if (out
->data
== NULL
) {
77 out
->length
= strlen((const char *)out
->data
);
81 static BOOL
ldb_comparision_objectSid_isString(const struct ldb_val
*v
)
87 if (strncmp("S-", (const char *)v
->data
, 2) != 0) return False
;
93 compare two objectSids
95 static int ldb_comparison_objectSid(struct ldb_context
*ldb
, void *mem_ctx
,
96 const struct ldb_val
*v1
, const struct ldb_val
*v2
)
98 if (ldb_comparision_objectSid_isString(v1
) && ldb_comparision_objectSid_isString(v2
)) {
99 return strcmp((const char *)v1
->data
, (const char *)v2
->data
);
100 } else if (ldb_comparision_objectSid_isString(v1
)
101 && !ldb_comparision_objectSid_isString(v2
)) {
104 if (ldif_read_objectSid(ldb
, mem_ctx
, v1
, &v
) != 0) {
107 ret
= ldb_comparison_binary(ldb
, mem_ctx
, &v
, v2
);
110 } else if (!ldb_comparision_objectSid_isString(v1
)
111 && ldb_comparision_objectSid_isString(v2
)) {
114 if (ldif_read_objectSid(ldb
, mem_ctx
, v2
, &v
) != 0) {
117 ret
= ldb_comparison_binary(ldb
, mem_ctx
, v1
, &v
);
121 return ldb_comparison_binary(ldb
, mem_ctx
, v1
, v2
);
125 canonicalise a objectSid
127 static int ldb_canonicalise_objectSid(struct ldb_context
*ldb
, void *mem_ctx
,
128 const struct ldb_val
*in
, struct ldb_val
*out
)
130 if (ldb_comparision_objectSid_isString(in
)) {
131 return ldif_read_objectSid(ldb
, mem_ctx
, in
, out
);
133 return ldb_handler_copy(ldb
, mem_ctx
, in
, out
);
137 convert a ldif formatted objectGUID to a NDR formatted blob
139 static int ldif_read_objectGUID(struct ldb_context
*ldb
, void *mem_ctx
,
140 const struct ldb_val
*in
, struct ldb_val
*out
)
145 status
= GUID_from_string((const char *)in
->data
, &guid
);
146 if (!NT_STATUS_IS_OK(status
)) {
150 status
= ndr_push_struct_blob(out
, mem_ctx
, &guid
,
151 (ndr_push_flags_fn_t
)ndr_push_GUID
);
152 if (!NT_STATUS_IS_OK(status
)) {
159 convert a NDR formatted blob to a ldif formatted objectGUID
161 static int ldif_write_objectGUID(struct ldb_context
*ldb
, void *mem_ctx
,
162 const struct ldb_val
*in
, struct ldb_val
*out
)
166 status
= ndr_pull_struct_blob(in
, mem_ctx
, &guid
,
167 (ndr_pull_flags_fn_t
)ndr_pull_GUID
);
168 if (!NT_STATUS_IS_OK(status
)) {
171 out
->data
= (uint8_t *)GUID_string(mem_ctx
, &guid
);
172 if (out
->data
== NULL
) {
175 out
->length
= strlen((const char *)out
->data
);
179 static BOOL
ldb_comparision_objectGUID_isString(const struct ldb_val
*v
)
184 if (v
->length
< 33) return False
;
186 /* see if the input if null-terninated (safety check for the below) */
187 if (v
->data
[v
->length
] != '\0') return False
;
189 status
= GUID_from_string((const char *)v
->data
, &guid
);
190 if (!NT_STATUS_IS_OK(status
)) {
198 compare two objectGUIDs
200 static int ldb_comparison_objectGUID(struct ldb_context
*ldb
, void *mem_ctx
,
201 const struct ldb_val
*v1
, const struct ldb_val
*v2
)
203 if (ldb_comparision_objectGUID_isString(v1
) && ldb_comparision_objectGUID_isString(v2
)) {
204 return strcmp((const char *)v1
->data
, (const char *)v2
->data
);
205 } else if (ldb_comparision_objectGUID_isString(v1
)
206 && !ldb_comparision_objectGUID_isString(v2
)) {
209 if (ldif_read_objectGUID(ldb
, mem_ctx
, v1
, &v
) != 0) {
212 ret
= ldb_comparison_binary(ldb
, mem_ctx
, &v
, v2
);
215 } else if (!ldb_comparision_objectGUID_isString(v1
)
216 && ldb_comparision_objectGUID_isString(v2
)) {
219 if (ldif_read_objectGUID(ldb
, mem_ctx
, v2
, &v
) != 0) {
222 ret
= ldb_comparison_binary(ldb
, mem_ctx
, v1
, &v
);
226 return ldb_comparison_binary(ldb
, mem_ctx
, v1
, v2
);
230 canonicalise a objectGUID
232 static int ldb_canonicalise_objectGUID(struct ldb_context
*ldb
, void *mem_ctx
,
233 const struct ldb_val
*in
, struct ldb_val
*out
)
235 if (ldb_comparision_objectGUID_isString(in
)) {
236 return ldif_read_objectGUID(ldb
, mem_ctx
, in
, out
);
238 return ldb_handler_copy(ldb
, mem_ctx
, in
, out
);
243 convert a ldif (SDDL) formatted ntSecurityDescriptor to a NDR formatted blob
245 static int ldif_read_ntSecurityDescriptor(struct ldb_context
*ldb
, void *mem_ctx
,
246 const struct ldb_val
*in
, struct ldb_val
*out
)
248 struct security_descriptor
*sd
;
251 sd
= sddl_decode(mem_ctx
, (const char *)in
->data
, NULL
);
255 status
= ndr_push_struct_blob(out
, mem_ctx
, sd
,
256 (ndr_push_flags_fn_t
)ndr_push_security_descriptor
);
258 if (!NT_STATUS_IS_OK(status
)) {
265 convert a NDR formatted blob to a ldif formatted ntSecurityDescriptor (SDDL format)
267 static int ldif_write_ntSecurityDescriptor(struct ldb_context
*ldb
, void *mem_ctx
,
268 const struct ldb_val
*in
, struct ldb_val
*out
)
270 struct security_descriptor
*sd
;
273 sd
= talloc(mem_ctx
, struct security_descriptor
);
277 status
= ndr_pull_struct_blob(in
, sd
, sd
,
278 (ndr_pull_flags_fn_t
)ndr_pull_security_descriptor
);
279 if (!NT_STATUS_IS_OK(status
)) {
283 out
->data
= (uint8_t *)sddl_encode(mem_ctx
, sd
, NULL
);
285 if (out
->data
== NULL
) {
288 out
->length
= strlen((const char *)out
->data
);
293 canonicolise an objectCategory. We use the short form as the cannoical form:
294 cn=Person,cn=Schema,cn=Configuration,<basedn> becomes 'person'
297 static int ldif_canonicalise_objectCategory(struct ldb_context
*ldb
, void *mem_ctx
,
298 const struct ldb_val
*in
, struct ldb_val
*out
)
300 struct ldb_dn
*dn1
= NULL
;
303 dn1
= ldb_dn_explode(mem_ctx
, (char *)in
->data
);
305 oc1
= talloc_strndup(mem_ctx
, (char *)in
->data
, in
->length
);
306 } else if (ldb_dn_get_comp_num(dn1
) >= 1 && strcasecmp(ldb_dn_get_rdn_name(dn1
), "cn") == 0) {
307 const struct ldb_val
*val
= ldb_dn_get_rdn_val(dn1
);
308 oc1
= talloc_strndup(mem_ctx
, (char *)val
->data
, val
->length
);
313 oc2
= ldb_casefold(ldb
, mem_ctx
, oc1
);
314 out
->data
= (void *)oc2
;
315 out
->length
= strlen(oc2
);
321 static int ldif_comparison_objectCategory(struct ldb_context
*ldb
, void *mem_ctx
,
322 const struct ldb_val
*v1
,
323 const struct ldb_val
*v2
)
325 struct ldb_dn
*dn1
= NULL
, *dn2
= NULL
;
326 const char *oc1
, *oc2
;
328 dn1
= ldb_dn_explode(mem_ctx
, (char *)v1
->data
);
330 oc1
= talloc_strndup(mem_ctx
, (char *)v1
->data
, v1
->length
);
331 } else if (ldb_dn_get_comp_num(dn1
) >= 1 && strcasecmp(ldb_dn_get_rdn_name(dn1
), "cn") == 0) {
332 const struct ldb_val
*val
= ldb_dn_get_rdn_val(dn1
);
333 oc1
= talloc_strndup(mem_ctx
, (char *)val
->data
, val
->length
);
338 dn2
= ldb_dn_explode(mem_ctx
, (char *)v2
->data
);
340 oc2
= talloc_strndup(mem_ctx
, (char *)v2
->data
, v2
->length
);
341 } else if (ldb_dn_get_comp_num(dn2
) >= 2 && strcasecmp(ldb_dn_get_rdn_name(dn2
), "cn") == 0) {
342 const struct ldb_val
*val
= ldb_dn_get_rdn_val(dn2
);
343 oc2
= talloc_strndup(mem_ctx
, (char *)val
->data
, val
->length
);
348 oc1
= ldb_casefold(ldb
, mem_ctx
, oc1
);
349 oc2
= ldb_casefold(ldb
, mem_ctx
, oc2
);
360 return strcmp(oc1
, oc2
);
363 static const struct ldb_attrib_handler samba_handlers
[] = {
367 .ldif_read_fn
= ldif_read_objectSid
,
368 .ldif_write_fn
= ldif_write_objectSid
,
369 .canonicalise_fn
= ldb_canonicalise_objectSid
,
370 .comparison_fn
= ldb_comparison_objectSid
373 .attr
= "securityIdentifier",
375 .ldif_read_fn
= ldif_read_objectSid
,
376 .ldif_write_fn
= ldif_write_objectSid
,
377 .canonicalise_fn
= ldb_canonicalise_objectSid
,
378 .comparison_fn
= ldb_comparison_objectSid
381 .attr
= "ntSecurityDescriptor",
383 .ldif_read_fn
= ldif_read_ntSecurityDescriptor
,
384 .ldif_write_fn
= ldif_write_ntSecurityDescriptor
,
385 .canonicalise_fn
= ldb_handler_copy
,
386 .comparison_fn
= ldb_comparison_binary
389 .attr
= "objectGUID",
391 .ldif_read_fn
= ldif_read_objectGUID
,
392 .ldif_write_fn
= ldif_write_objectGUID
,
393 .canonicalise_fn
= ldb_canonicalise_objectGUID
,
394 .comparison_fn
= ldb_comparison_objectGUID
397 .attr
= "invocationId",
399 .ldif_read_fn
= ldif_read_objectGUID
,
400 .ldif_write_fn
= ldif_write_objectGUID
,
401 .canonicalise_fn
= ldb_canonicalise_objectGUID
,
402 .comparison_fn
= ldb_comparison_objectGUID
405 .attr
= "schemaIDGUID",
407 .ldif_read_fn
= ldif_read_objectGUID
,
408 .ldif_write_fn
= ldif_write_objectGUID
,
409 .canonicalise_fn
= ldb_canonicalise_objectGUID
,
410 .comparison_fn
= ldb_comparison_objectGUID
413 .attr
= "attributeSecurityGUID",
415 .ldif_read_fn
= ldif_read_objectGUID
,
416 .ldif_write_fn
= ldif_write_objectGUID
,
417 .canonicalise_fn
= ldb_canonicalise_objectGUID
,
418 .comparison_fn
= ldb_comparison_objectGUID
421 .attr
= "parentGUID",
423 .ldif_read_fn
= ldif_read_objectGUID
,
424 .ldif_write_fn
= ldif_write_objectGUID
,
425 .canonicalise_fn
= ldb_canonicalise_objectGUID
,
426 .comparison_fn
= ldb_comparison_objectGUID
431 .ldif_read_fn
= ldif_read_objectGUID
,
432 .ldif_write_fn
= ldif_write_objectGUID
,
433 .canonicalise_fn
= ldb_canonicalise_objectGUID
,
434 .comparison_fn
= ldb_comparison_objectGUID
439 .ldif_read_fn
= ldif_read_objectGUID
,
440 .ldif_write_fn
= ldif_write_objectGUID
,
441 .canonicalise_fn
= ldb_canonicalise_objectGUID
,
442 .comparison_fn
= ldb_comparison_objectGUID
445 .attr
= "fRSVersionGUID",
447 .ldif_read_fn
= ldif_read_objectGUID
,
448 .ldif_write_fn
= ldif_write_objectGUID
,
449 .canonicalise_fn
= ldb_canonicalise_objectGUID
,
450 .comparison_fn
= ldb_comparison_objectGUID
453 .attr
= "fRSReplicaSetGUID",
455 .ldif_read_fn
= ldif_read_objectGUID
,
456 .ldif_write_fn
= ldif_write_objectGUID
,
457 .canonicalise_fn
= ldb_canonicalise_objectGUID
,
458 .comparison_fn
= ldb_comparison_objectGUID
461 .attr
= "netbootGUID",
463 .ldif_read_fn
= ldif_read_objectGUID
,
464 .ldif_write_fn
= ldif_write_objectGUID
,
465 .canonicalise_fn
= ldb_canonicalise_objectGUID
,
466 .comparison_fn
= ldb_comparison_objectGUID
469 .attr
= "objectCategory",
471 .ldif_read_fn
= ldb_handler_copy
,
472 .ldif_write_fn
= ldb_handler_copy
,
473 .canonicalise_fn
= ldif_canonicalise_objectCategory
,
474 .comparison_fn
= ldif_comparison_objectCategory
,
479 register the samba ldif handlers
481 int ldb_register_samba_handlers(struct ldb_context
*ldb
)
483 return ldb_set_attrib_handlers(ldb
, samba_handlers
, ARRAY_SIZE(samba_handlers
));