search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s4-ldb: Added ldb_request_replace_control
[Samba.git] / source4 / dsdb / samdb / ldb_modules / extended_dn_in.c
blob400c37faf207d80aeb122ad2aea82c4487809ecf
1 /*
2 ldb database library
3
4 Copyright (C) Simo Sorce 2005-2008
5 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2007-2008
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 /*
22 * Name: ldb
23 *
24 * Component: ldb extended dn control module
25 *
26 * Description: this module interprets DNs of the form <SID=S-1-2-4456> into normal DNs.
27 *
28 * Authors: Simo Sorce
29 * Andrew Bartlett
30 */
31
32 #include "includes.h"
33 #include "ldb/include/ldb.h"
34 #include "ldb/include/ldb_errors.h"
35 #include "ldb/include/ldb_module.h"
36
37 /*
38 TODO: if relax is not set then we need to reject the fancy RMD_* and
39 DELETED extended DN codes
40 */
41
42 /* search */
43 struct extended_search_context {
44 struct ldb_module *module;
45 struct ldb_request *req;
46 struct ldb_dn *basedn;
47 char *wellknown_object;
48 int extended_type;
49 };
50
51 /* An extra layer of indirection because LDB does not allow the original request to be altered */
52
53 static int extended_final_callback(struct ldb_request *req, struct ldb_reply *ares)
54 {
55 int ret = LDB_ERR_OPERATIONS_ERROR;
56 struct extended_search_context *ac;
57 ac = talloc_get_type(req->context, struct extended_search_context);
58
59 if (ares->error != LDB_SUCCESS) {
60 ret = ldb_module_done(ac->req, ares->controls,
61 ares->response, ares->error);
62 } else {
63 switch (ares->type) {
64 case LDB_REPLY_ENTRY:
65
66 ret = ldb_module_send_entry(ac->req, ares->message, ares->controls);
67 break;
68 case LDB_REPLY_REFERRAL:
69
70 ret = ldb_module_send_referral(ac->req, ares->referral);
71 break;
72 case LDB_REPLY_DONE:
73
74 ret = ldb_module_done(ac->req, ares->controls,
75 ares->response, ares->error);
76 break;
77 }
78 }
79 return ret;
80 }
81
82 static int extended_base_callback(struct ldb_request *req, struct ldb_reply *ares)
83 {
84 struct extended_search_context *ac;
85 struct ldb_request *down_req;
86 struct ldb_message_element *el;
87 int ret;
88 unsigned int i;
89 size_t wkn_len = 0;
90 char *valstr = NULL;
91 const char *found = NULL;
92
93 ac = talloc_get_type(req->context, struct extended_search_context);
94
95 if (!ares) {
96 return ldb_module_done(ac->req, NULL, NULL,
97 LDB_ERR_OPERATIONS_ERROR);
98 }
99 if (ares->error != LDB_SUCCESS) {
100 return ldb_module_done(ac->req, ares->controls,
101 ares->response, ares->error);
102 }
103
104 switch (ares->type) {
105 case LDB_REPLY_ENTRY:
106 if (!ac->wellknown_object) {
107 ac->basedn = talloc_steal(ac, ares->message->dn);
108 break;
109 }
110
111 wkn_len = strlen(ac->wellknown_object);
112
113 el = ldb_msg_find_element(ares->message, "wellKnownObjects");
114 if (!el) {
115 ac->basedn = NULL;
116 break;
117 }
118
119 for (i=0; i < el->num_values; i++) {
120 valstr = talloc_strndup(ac,
121 (const char *)el->values[i].data,
122 el->values[i].length);
123 if (!valstr) {
124 ldb_oom(ldb_module_get_ctx(ac->module));
125 return ldb_module_done(ac->req, NULL, NULL,
126 LDB_ERR_OPERATIONS_ERROR);
127 }
128
129 if (strncasecmp(valstr, ac->wellknown_object, wkn_len) != 0) {
130 talloc_free(valstr);
131 continue;
132 }
133
134 found = &valstr[wkn_len];
135 break;
136 }
137
138 if (!found) {
139 break;
140 }
141
142 ac->basedn = ldb_dn_new(ac, ldb_module_get_ctx(ac->module), found);
143 talloc_free(valstr);
144 if (!ac->basedn) {
145 ldb_oom(ldb_module_get_ctx(ac->module));
146 return ldb_module_done(ac->req, NULL, NULL,
147 LDB_ERR_OPERATIONS_ERROR);
148 }
149
150 break;
151
152 case LDB_REPLY_REFERRAL:
153 break;
154
155 case LDB_REPLY_DONE:
156
157 if (!ac->basedn) {
158 const char *str = talloc_asprintf(req, "Base-DN '%s' not found",
159 ldb_dn_get_extended_linearized(req, ac->req->op.search.base, 1));
160 ldb_set_errstring(ldb_module_get_ctx(ac->module), str);
161 return ldb_module_done(ac->req, NULL, NULL,
162 LDB_ERR_NO_SUCH_OBJECT);
163 }
164
165 switch (ac->req->operation) {
166 case LDB_SEARCH:
167 ret = ldb_build_search_req_ex(&down_req,
168 ldb_module_get_ctx(ac->module), ac->req,
169 ac->basedn,
170 ac->req->op.search.scope,
171 ac->req->op.search.tree,
172 ac->req->op.search.attrs,
173 ac->req->controls,
174 ac, extended_final_callback,
175 ac->req);
176 LDB_REQ_SET_LOCATION(down_req);
177 break;
178 case LDB_ADD:
179 {
180 struct ldb_message *add_msg = ldb_msg_copy_shallow(ac, ac->req->op.add.message);
181 if (!add_msg) {
182 ldb_oom(ldb_module_get_ctx(ac->module));
183 return ldb_module_done(ac->req, NULL, NULL,
184 LDB_ERR_OPERATIONS_ERROR);
185 }
186
187 add_msg->dn = ac->basedn;
188
189 ret = ldb_build_add_req(&down_req,
190 ldb_module_get_ctx(ac->module), ac->req,
191 add_msg,
192 ac->req->controls,
193 ac, extended_final_callback,
194 ac->req);
195 LDB_REQ_SET_LOCATION(down_req);
196 break;
197 }
198 case LDB_MODIFY:
199 {
200 struct ldb_message *mod_msg = ldb_msg_copy_shallow(ac, ac->req->op.mod.message);
201 if (!mod_msg) {
202 ldb_oom(ldb_module_get_ctx(ac->module));
203 return ldb_module_done(ac->req, NULL, NULL,
204 LDB_ERR_OPERATIONS_ERROR);
205 }
206
207 mod_msg->dn = ac->basedn;
208
209 ret = ldb_build_mod_req(&down_req,
210 ldb_module_get_ctx(ac->module), ac->req,
211 mod_msg,
212 ac->req->controls,
213 ac, extended_final_callback,
214 ac->req);
215 LDB_REQ_SET_LOCATION(down_req);
216 break;
217 }
218 case LDB_DELETE:
219 ret = ldb_build_del_req(&down_req,
220 ldb_module_get_ctx(ac->module), ac->req,
221 ac->basedn,
222 ac->req->controls,
223 ac, extended_final_callback,
224 ac->req);
225 LDB_REQ_SET_LOCATION(down_req);
226 break;
227 case LDB_RENAME:
228 ret = ldb_build_rename_req(&down_req,
229 ldb_module_get_ctx(ac->module), ac->req,
230 ac->basedn,
231 ac->req->op.rename.newdn,
232 ac->req->controls,
233 ac, extended_final_callback,
234 ac->req);
235 LDB_REQ_SET_LOCATION(down_req);
236 break;
237 default:
238 return ldb_module_done(ac->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR);
239 }
240
241 if (ret != LDB_SUCCESS) {
242 return ldb_module_done(ac->req, NULL, NULL, ret);
243 }
244
245 return ldb_next_request(ac->module, down_req);
246 }
247 talloc_free(ares);
248 return LDB_SUCCESS;
249 }
250
251 static int extended_dn_in_fix(struct ldb_module *module, struct ldb_request *req, struct ldb_dn *dn)
252 {
253 struct extended_search_context *ac;
254 struct ldb_request *down_req;
255 int ret;
256 struct ldb_dn *base_dn = NULL;
257 enum ldb_scope base_dn_scope = LDB_SCOPE_BASE;
258 const char *base_dn_filter = NULL;
259 const char * const *base_dn_attrs = NULL;
260 char *wellknown_object = NULL;
261 static const char *no_attr[] = {
262 NULL
263 };
264 static const char *wkattr[] = {
265 "wellKnownObjects",
266 NULL
267 };
268 bool all_partitions = false;
269
270 if (!ldb_dn_has_extended(dn)) {
271 /* Move along there isn't anything to see here */
272 return ldb_next_request(module, req);
273 } else {
274 /* It looks like we need to map the DN */
275 const struct ldb_val *sid_val, *guid_val, *wkguid_val;
276
277 sid_val = ldb_dn_get_extended_component(dn, "SID");
278 guid_val = ldb_dn_get_extended_component(dn, "GUID");
279 wkguid_val = ldb_dn_get_extended_component(dn, "WKGUID");
280
281 if (sid_val) {
282 all_partitions = true;
283 base_dn = ldb_get_default_basedn(ldb_module_get_ctx(module));
284 base_dn_filter = talloc_asprintf(req, "(objectSid=%s)",
285 ldb_binary_encode(req, *sid_val));
286 if (!base_dn_filter) {
287 return ldb_oom(ldb_module_get_ctx(module));
288 }
289 base_dn_scope = LDB_SCOPE_SUBTREE;
290 base_dn_attrs = no_attr;
291
292 } else if (guid_val) {
293
294 all_partitions = true;
295 base_dn = ldb_get_default_basedn(ldb_module_get_ctx(module));
296 base_dn_filter = talloc_asprintf(req, "(objectGUID=%s)",
297 ldb_binary_encode(req, *guid_val));
298 if (!base_dn_filter) {
299 return ldb_oom(ldb_module_get_ctx(module));
300 }
301 base_dn_scope = LDB_SCOPE_SUBTREE;
302 base_dn_attrs = no_attr;
303
304
305 } else if (wkguid_val) {
306 char *wkguid_dup;
307 char *tail_str;
308 char *p;
309
310 wkguid_dup = talloc_strndup(req, (char *)wkguid_val->data, wkguid_val->length);
311
312 p = strchr(wkguid_dup, ',');
313 if (!p) {
314 return LDB_ERR_INVALID_DN_SYNTAX;
315 }
316
317 p[0] = '\0';
318 p++;
319
320 wellknown_object = talloc_asprintf(req, "B:32:%s:", wkguid_dup);
321 if (!wellknown_object) {
322 return ldb_oom(ldb_module_get_ctx(module));
323 }
324
325 tail_str = p;
326
327 base_dn = ldb_dn_new(req, ldb_module_get_ctx(module), tail_str);
328 talloc_free(wkguid_dup);
329 if (!base_dn) {
330 return ldb_oom(ldb_module_get_ctx(module));
331 }
332 base_dn_filter = talloc_strdup(req, "(objectClass=*)");
333 if (!base_dn_filter) {
334 return ldb_oom(ldb_module_get_ctx(module));
335 }
336 base_dn_scope = LDB_SCOPE_BASE;
337 base_dn_attrs = wkattr;
338 } else {
339 return LDB_ERR_INVALID_DN_SYNTAX;
340 }
341
342 ac = talloc_zero(req, struct extended_search_context);
343 if (ac == NULL) {
344 return ldb_oom(ldb_module_get_ctx(module));
345 }
346
347 ac->module = module;
348 ac->req = req;
349 ac->basedn = NULL; /* Filled in if the search finds the DN by SID/GUID etc */
350 ac->wellknown_object = wellknown_object;
351
352 /* If the base DN was an extended DN (perhaps a well known
353 * GUID) then search for that, so we can proceed with the original operation */
354
355 ret = ldb_build_search_req(&down_req,
356 ldb_module_get_ctx(module), ac,
357 base_dn,
358 base_dn_scope,
359 base_dn_filter,
360 base_dn_attrs,
361 req->controls,
362 ac, extended_base_callback,
363 req);
364 LDB_REQ_SET_LOCATION(down_req);
365 if (ret != LDB_SUCCESS) {
366 return ldb_operr(ldb_module_get_ctx(module));
367 }
368
369 if (all_partitions) {
370 struct ldb_search_options_control *control;
371 control = talloc(down_req, struct ldb_search_options_control);
372 control->search_options = 2;
373 ret = ldb_request_replace_control(down_req,
374 LDB_CONTROL_SEARCH_OPTIONS_OID,
375 true, control);
376 if (ret != LDB_SUCCESS) {
377 ldb_oom(ldb_module_get_ctx(module));
378 return ret;
379 }
380 }
381
382 /* perform the search */
383 return ldb_next_request(module, down_req);
384 }
385 }
386
387 static int extended_dn_in_search(struct ldb_module *module, struct ldb_request *req)
388 {
389 return extended_dn_in_fix(module, req, req->op.search.base);
390 }
391
392 static int extended_dn_in_modify(struct ldb_module *module, struct ldb_request *req)
393 {
394 return extended_dn_in_fix(module, req, req->op.mod.message->dn);
395 }
396
397 static int extended_dn_in_del(struct ldb_module *module, struct ldb_request *req)
398 {
399 return extended_dn_in_fix(module, req, req->op.del.dn);
400 }
401
402 static int extended_dn_in_rename(struct ldb_module *module, struct ldb_request *req)
403 {
404 return extended_dn_in_fix(module, req, req->op.rename.olddn);
405 }
406
407 _PUBLIC_ const struct ldb_module_ops ldb_extended_dn_in_module_ops = {
408 .name = "extended_dn_in",
409 .search = extended_dn_in_search,
410 .modify = extended_dn_in_modify,
411 .del = extended_dn_in_del,
412 .rename = extended_dn_in_rename,
413 };
Samba GIT mirror