search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
lib/util Split data_blob_hex_string() into upper and lower
[Samba/ekacnet.git] / source4 / lib / ldb-samba / ldif_handlers.c
blobd8edeb0beb255d1d5f99a22d72938e840239aaa5
1 /*
2 ldb database library - ldif handlers for Samba
3
4 Copyright (C) Andrew Tridgell 2005
5 Copyright (C) Andrew Bartlett 2006-2007
6 Copyright (C) Matthias Dieter Wallnöfer 2009
7 ** NOTE! The following LGPL license applies to the ldb
8 ** library. This does NOT imply that all of Samba is released
9 ** under the LGPL
10
11 This library is free software; you can redistribute it and/or
12 modify it under the terms of the GNU Lesser General Public
13 License as published by the Free Software Foundation; either
14 version 3 of the License, or (at your option) any later version.
15
16 This library is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19 Lesser General Public License for more details.
20
21 You should have received a copy of the GNU Lesser General Public
22 License along with this library; if not, see <http://www.gnu.org/licenses/>.
23 */
24
25 #include "includes.h"
26 #include "lib/ldb/include/ldb.h"
27 #include "lib/ldb/include/ldb_module.h"
28 #include "ldb_handlers.h"
29 #include "dsdb/samdb/samdb.h"
30 #include "librpc/gen_ndr/ndr_security.h"
31 #include "librpc/gen_ndr/ndr_misc.h"
32 #include "librpc/gen_ndr/ndr_drsblobs.h"
33 #include "librpc/ndr/libndr.h"
34 #include "libcli/security/security.h"
35 #include "param/param.h"
36 #include "../lib/util/asn1.h"
37
38 /*
39 use ndr_print_* to convert a NDR formatted blob to a ldif formatted blob
40 */
41 static int ldif_write_NDR(struct ldb_context *ldb, void *mem_ctx,
42 const struct ldb_val *in, struct ldb_val *out,
43 size_t struct_size,
44 ndr_pull_flags_fn_t pull_fn,
45 ndr_print_fn_t print_fn)
46 {
47 uint8_t *p;
48 enum ndr_err_code err;
49 if (!(ldb_get_flags(ldb) & LDB_FLG_SHOW_BINARY)) {
50 return ldb_handler_copy(ldb, mem_ctx, in, out);
51 }
52 p = talloc_size(mem_ctx, struct_size);
53 err = ndr_pull_struct_blob(in, mem_ctx,
54 lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm")),
55 p, pull_fn);
56 if (err != NDR_ERR_SUCCESS) {
57 talloc_free(p);
58 out->data = (uint8_t *)talloc_strdup(mem_ctx, "<Unable to decode binary data>");
59 out->length = strlen((const char *)out->data);
60 return 0;
61 }
62 out->data = (uint8_t *)ndr_print_struct_string(mem_ctx, print_fn, "NDR", p);
63 talloc_free(p);
64 if (out->data == NULL) {
65 return ldb_handler_copy(ldb, mem_ctx, in, out);
66 }
67 out->length = strlen((char *)out->data);
68 return 0;
69 }
70
71 /*
72 convert a ldif formatted objectSid to a NDR formatted blob
73 */
74 static int ldif_read_objectSid(struct ldb_context *ldb, void *mem_ctx,
75 const struct ldb_val *in, struct ldb_val *out)
76 {
77 enum ndr_err_code ndr_err;
78 struct dom_sid *sid;
79 sid = dom_sid_parse_length(mem_ctx, in);
80 if (sid == NULL) {
81 return -1;
82 }
83 ndr_err = ndr_push_struct_blob(out, mem_ctx, NULL, sid,
84 (ndr_push_flags_fn_t)ndr_push_dom_sid);
85 talloc_free(sid);
86 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
87 return -1;
88 }
89 return 0;
90 }
91
92 /*
93 convert a NDR formatted blob to a ldif formatted objectSid
94 */
95 int ldif_write_objectSid(struct ldb_context *ldb, void *mem_ctx,
96 const struct ldb_val *in, struct ldb_val *out)
97 {
98 struct dom_sid *sid;
99 enum ndr_err_code ndr_err;
100
101 sid = talloc(mem_ctx, struct dom_sid);
102 if (sid == NULL) {
103 return -1;
104 }
105 ndr_err = ndr_pull_struct_blob_all(in, sid, NULL, sid,
106 (ndr_pull_flags_fn_t)ndr_pull_dom_sid);
107 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
108 talloc_free(sid);
109 return -1;
110 }
111 *out = data_blob_string_const(dom_sid_string(mem_ctx, sid));
112 talloc_free(sid);
113 if (out->data == NULL) {
114 return -1;
115 }
116 return 0;
117 }
118
119 bool ldif_comparision_objectSid_isString(const struct ldb_val *v)
120 {
121 if (v->length < 3) {
122 return false;
123 }
124
125 if (strncmp("S-", (const char *)v->data, 2) != 0) return false;
126
127 return true;
128 }
129
130 /*
131 compare two objectSids
132 */
133 static int ldif_comparison_objectSid(struct ldb_context *ldb, void *mem_ctx,
134 const struct ldb_val *v1, const struct ldb_val *v2)
135 {
136 if (ldif_comparision_objectSid_isString(v1) && ldif_comparision_objectSid_isString(v2)) {
137 return ldb_comparison_binary(ldb, mem_ctx, v1, v2);
138 } else if (ldif_comparision_objectSid_isString(v1)
139 && !ldif_comparision_objectSid_isString(v2)) {
140 struct ldb_val v;
141 int ret;
142 if (ldif_read_objectSid(ldb, mem_ctx, v1, &v) != 0) {
143 /* Perhaps not a string after all */
144 return ldb_comparison_binary(ldb, mem_ctx, v1, v2);
145 }
146 ret = ldb_comparison_binary(ldb, mem_ctx, &v, v2);
147 talloc_free(v.data);
148 return ret;
149 } else if (!ldif_comparision_objectSid_isString(v1)
150 && ldif_comparision_objectSid_isString(v2)) {
151 struct ldb_val v;
152 int ret;
153 if (ldif_read_objectSid(ldb, mem_ctx, v2, &v) != 0) {
154 /* Perhaps not a string after all */
155 return ldb_comparison_binary(ldb, mem_ctx, v1, v2);
156 }
157 ret = ldb_comparison_binary(ldb, mem_ctx, v1, &v);
158 talloc_free(v.data);
159 return ret;
160 }
161 return ldb_comparison_binary(ldb, mem_ctx, v1, v2);
162 }
163
164 /*
165 canonicalise a objectSid
166 */
167 static int ldif_canonicalise_objectSid(struct ldb_context *ldb, void *mem_ctx,
168 const struct ldb_val *in, struct ldb_val *out)
169 {
170 if (ldif_comparision_objectSid_isString(in)) {
171 if (ldif_read_objectSid(ldb, mem_ctx, in, out) != 0) {
172 /* Perhaps not a string after all */
173 return ldb_handler_copy(ldb, mem_ctx, in, out);
174 }
175 return 0;
176 }
177 return ldb_handler_copy(ldb, mem_ctx, in, out);
178 }
179
180 static int extended_dn_read_SID(struct ldb_context *ldb, void *mem_ctx,
181 const struct ldb_val *in, struct ldb_val *out)
182 {
183 struct dom_sid sid;
184 enum ndr_err_code ndr_err;
185 if (ldif_comparision_objectSid_isString(in)) {
186 if (ldif_read_objectSid(ldb, mem_ctx, in, out) == 0) {
187 return 0;
188 }
189 }
190
191 /* Perhaps not a string after all */
192 *out = data_blob_talloc(mem_ctx, NULL, in->length/2+1);
193
194 if (!out->data) {
195 return -1;
196 }
197
198 (*out).length = strhex_to_str((char *)out->data, out->length,
199 (const char *)in->data, in->length);
200
201 /* Check it looks like a SID */
202 ndr_err = ndr_pull_struct_blob_all(out, mem_ctx, NULL, &sid,
203 (ndr_pull_flags_fn_t)ndr_pull_dom_sid);
204 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
205 return -1;
206 }
207 return 0;
208 }
209
210 /*
211 convert a ldif formatted objectGUID to a NDR formatted blob
212 */
213 static int ldif_read_objectGUID(struct ldb_context *ldb, void *mem_ctx,
214 const struct ldb_val *in, struct ldb_val *out)
215 {
216 struct GUID guid;
217 NTSTATUS status;
218 enum ndr_err_code ndr_err;
219
220 status = GUID_from_data_blob(in, &guid);
221 if (!NT_STATUS_IS_OK(status)) {
222 return -1;
223 }
224
225 ndr_err = ndr_push_struct_blob(out, mem_ctx, NULL, &guid,
226 (ndr_push_flags_fn_t)ndr_push_GUID);
227 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
228 return -1;
229 }
230 return 0;
231 }
232
233 /*
234 convert a NDR formatted blob to a ldif formatted objectGUID
235 */
236 static int ldif_write_objectGUID(struct ldb_context *ldb, void *mem_ctx,
237 const struct ldb_val *in, struct ldb_val *out)
238 {
239 struct GUID guid;
240 enum ndr_err_code ndr_err;
241 ndr_err = ndr_pull_struct_blob_all(in, mem_ctx, NULL, &guid,
242 (ndr_pull_flags_fn_t)ndr_pull_GUID);
243 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
244 return -1;
245 }
246 out->data = (uint8_t *)GUID_string(mem_ctx, &guid);
247 if (out->data == NULL) {
248 return -1;
249 }
250 out->length = strlen((const char *)out->data);
251 return 0;
252 }
253
254 static bool ldif_comparision_objectGUID_isString(const struct ldb_val *v)
255 {
256 if (v->length != 36 && v->length != 38) return false;
257
258 /* Might be a GUID string, can't be a binary GUID (fixed 16 bytes) */
259 return true;
260 }
261
262 static int extended_dn_read_GUID(struct ldb_context *ldb, void *mem_ctx,
263 const struct ldb_val *in, struct ldb_val *out)
264 {
265 struct GUID guid;
266 enum ndr_err_code ndr_err;
267 if (in->length == 36 && ldif_read_objectGUID(ldb, mem_ctx, in, out) == 0) {
268 return 0;
269 }
270
271 /* Try as 'hex' form */
272 if (in->length != 32) {
273 return -1;
274 }
275
276 *out = data_blob_talloc(mem_ctx, NULL, in->length/2+1);
277
278 if (!out->data) {
279 return -1;
280 }
281
282 (*out).length = strhex_to_str((char *)out->data, out->length,
283 (const char *)in->data, in->length);
284
285 /* Check it looks like a GUID */
286 ndr_err = ndr_pull_struct_blob_all(out, mem_ctx, NULL, &guid,
287 (ndr_pull_flags_fn_t)ndr_pull_GUID);
288 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
289 return -1;
290 }
291 return 0;
292 }
293
294 /*
295 compare two objectGUIDs
296 */
297 static int ldif_comparison_objectGUID(struct ldb_context *ldb, void *mem_ctx,
298 const struct ldb_val *v1, const struct ldb_val *v2)
299 {
300 if (ldif_comparision_objectGUID_isString(v1) && ldif_comparision_objectGUID_isString(v2)) {
301 return ldb_comparison_binary(ldb, mem_ctx, v1, v2);
302 } else if (ldif_comparision_objectGUID_isString(v1)
303 && !ldif_comparision_objectGUID_isString(v2)) {
304 struct ldb_val v;
305 int ret;
306 if (ldif_read_objectGUID(ldb, mem_ctx, v1, &v) != 0) {
307 /* Perhaps it wasn't a valid string after all */
308 return ldb_comparison_binary(ldb, mem_ctx, v1, v2);
309 }
310 ret = ldb_comparison_binary(ldb, mem_ctx, &v, v2);
311 talloc_free(v.data);
312 return ret;
313 } else if (!ldif_comparision_objectGUID_isString(v1)
314 && ldif_comparision_objectGUID_isString(v2)) {
315 struct ldb_val v;
316 int ret;
317 if (ldif_read_objectGUID(ldb, mem_ctx, v2, &v) != 0) {
318 /* Perhaps it wasn't a valid string after all */
319 return ldb_comparison_binary(ldb, mem_ctx, v1, v2);
320 }
321 ret = ldb_comparison_binary(ldb, mem_ctx, v1, &v);
322 talloc_free(v.data);
323 return ret;
324 }
325 return ldb_comparison_binary(ldb, mem_ctx, v1, v2);
326 }
327
328 /*
329 canonicalise a objectGUID
330 */
331 static int ldif_canonicalise_objectGUID(struct ldb_context *ldb, void *mem_ctx,
332 const struct ldb_val *in, struct ldb_val *out)
333 {
334 if (ldif_comparision_objectGUID_isString(in)) {
335 if (ldif_read_objectGUID(ldb, mem_ctx, in, out) != 0) {
336 /* Perhaps it wasn't a valid string after all */
337 return ldb_handler_copy(ldb, mem_ctx, in, out);
338 }
339 return 0;
340 }
341 return ldb_handler_copy(ldb, mem_ctx, in, out);
342 }
343
344
345 /*
346 convert a ldif (SDDL) formatted ntSecurityDescriptor to a NDR formatted blob
347 */
348 static int ldif_read_ntSecurityDescriptor(struct ldb_context *ldb, void *mem_ctx,
349 const struct ldb_val *in, struct ldb_val *out)
350 {
351 struct security_descriptor *sd;
352 enum ndr_err_code ndr_err;
353
354 sd = talloc(mem_ctx, struct security_descriptor);
355 if (sd == NULL) {
356 return -1;
357 }
358
359 ndr_err = ndr_pull_struct_blob(in, sd, NULL, sd,
360 (ndr_pull_flags_fn_t)ndr_pull_security_descriptor);
361 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
362 /* If this does not parse, then it is probably SDDL, and we should try it that way */
363
364 const struct dom_sid *sid = samdb_domain_sid(ldb);
365 talloc_free(sd);
366 sd = sddl_decode(mem_ctx, (const char *)in->data, sid);
367 if (sd == NULL) {
368 return -1;
369 }
370 }
371
372 ndr_err = ndr_push_struct_blob(out, mem_ctx, NULL, sd,
373 (ndr_push_flags_fn_t)ndr_push_security_descriptor);
374 talloc_free(sd);
375 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
376 return -1;
377 }
378
379 return 0;
380 }
381
382 /*
383 convert a NDR formatted blob to a ldif formatted ntSecurityDescriptor (SDDL format)
384 */
385 static int ldif_write_ntSecurityDescriptor(struct ldb_context *ldb, void *mem_ctx,
386 const struct ldb_val *in, struct ldb_val *out)
387 {
388 struct security_descriptor *sd;
389 enum ndr_err_code ndr_err;
390
391 if (ldb_get_flags(ldb) & LDB_FLG_SHOW_BINARY) {
392 return ldif_write_NDR(ldb, mem_ctx, in, out,
393 sizeof(struct security_descriptor),
394 (ndr_pull_flags_fn_t)ndr_pull_security_descriptor,
395 (ndr_print_fn_t)ndr_print_security_descriptor);
396
397 }
398
399 sd = talloc(mem_ctx, struct security_descriptor);
400 if (sd == NULL) {
401 return -1;
402 }
403 /* We can't use ndr_pull_struct_blob_all because this contains relative pointers */
404 ndr_err = ndr_pull_struct_blob(in, sd, NULL, sd,
405 (ndr_pull_flags_fn_t)ndr_pull_security_descriptor);
406 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
407 talloc_free(sd);
408 return -1;
409 }
410 out->data = (uint8_t *)sddl_encode(mem_ctx, sd, NULL);
411 talloc_free(sd);
412 if (out->data == NULL) {
413 return -1;
414 }
415 out->length = strlen((const char *)out->data);
416 return 0;
417 }
418
419 /*
420 canonicalise an objectCategory. We use the short form as the cannoical form:
421 cn=Person,cn=Schema,cn=Configuration,<basedn> becomes 'person'
422 */
423
424 static int ldif_canonicalise_objectCategory(struct ldb_context *ldb, void *mem_ctx,
425 const struct ldb_val *in, struct ldb_val *out)
426 {
427 struct ldb_dn *dn1 = NULL;
428 const struct dsdb_schema *schema = dsdb_get_schema(ldb);
429 const struct dsdb_class *sclass;
430 TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
431 if (!tmp_ctx) {
432 return LDB_ERR_OPERATIONS_ERROR;
433 }
434
435 if (!schema) {
436 talloc_free(tmp_ctx);
437 *out = data_blob_talloc(mem_ctx, in->data, in->length);
438 if (in->data && !out->data) {
439 return LDB_ERR_OPERATIONS_ERROR;
440 }
441 return LDB_SUCCESS;
442 }
443 dn1 = ldb_dn_from_ldb_val(tmp_ctx, ldb, in);
444 if ( ! ldb_dn_validate(dn1)) {
445 const char *lDAPDisplayName = talloc_strndup(tmp_ctx, (char *)in->data, in->length);
446 sclass = dsdb_class_by_lDAPDisplayName(schema, lDAPDisplayName);
447 if (sclass) {
448 struct ldb_dn *dn = ldb_dn_new(mem_ctx, ldb,
449 sclass->defaultObjectCategory);
450 *out = data_blob_string_const(ldb_dn_alloc_casefold(mem_ctx, dn));
451 talloc_free(tmp_ctx);
452
453 if (!out->data) {
454 return LDB_ERR_OPERATIONS_ERROR;
455 }
456 return LDB_SUCCESS;
457 } else {
458 *out = data_blob_talloc(mem_ctx, in->data, in->length);
459 talloc_free(tmp_ctx);
460
461 if (in->data && !out->data) {
462 return LDB_ERR_OPERATIONS_ERROR;
463 }
464 return LDB_SUCCESS;
465 }
466 }
467 *out = data_blob_string_const(ldb_dn_alloc_casefold(mem_ctx, dn1));
468 talloc_free(tmp_ctx);
469
470 if (!out->data) {
471 return LDB_ERR_OPERATIONS_ERROR;
472 }
473 return LDB_SUCCESS;
474 }
475
476 static int ldif_comparison_objectCategory(struct ldb_context *ldb, void *mem_ctx,
477 const struct ldb_val *v1,
478 const struct ldb_val *v2)
479 {
480
481 int ret, ret1, ret2;
482 struct ldb_val v1_canon, v2_canon;
483 TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
484
485 /* I could try and bail if tmp_ctx was NULL, but what return
486 * value would I use?
487 *
488 * It seems easier to continue on the NULL context
489 */
490 ret1 = ldif_canonicalise_objectCategory(ldb, tmp_ctx, v1, &v1_canon);
491 ret2 = ldif_canonicalise_objectCategory(ldb, tmp_ctx, v2, &v2_canon);
492
493 if (ret1 == LDB_SUCCESS && ret2 == LDB_SUCCESS) {
494 ret = data_blob_cmp(&v1_canon, &v2_canon);
495 } else {
496 ret = data_blob_cmp(v1, v2);
497 }
498 talloc_free(tmp_ctx);
499 return ret;
500 }
501
502 /*
503 convert a ldif formatted prefixMap to a NDR formatted blob
504 */
505 static int ldif_read_prefixMap(struct ldb_context *ldb, void *mem_ctx,
506 const struct ldb_val *in, struct ldb_val *out)
507 {
508 struct prefixMapBlob *blob;
509 enum ndr_err_code ndr_err;
510 char *string, *line, *p, *oid;
511 DATA_BLOB oid_blob;
512
513 TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
514
515 if (tmp_ctx == NULL) {
516 return -1;
517 }
518
519 blob = talloc_zero(tmp_ctx, struct prefixMapBlob);
520 if (blob == NULL) {
521 talloc_free(blob);
522 return -1;
523 }
524
525 blob->version = PREFIX_MAP_VERSION_DSDB;
526
527 string = talloc_strndup(mem_ctx, (const char *)in->data, in->length);
528 if (string == NULL) {
529 talloc_free(blob);
530 return -1;
531 }
532
533 line = string;
534 while (line && line[0]) {
535 p=strchr(line, ';');
536 if (p) {
537 p[0] = '\0';
538 } else {
539 p=strchr(line, '\n');
540 if (p) {
541 p[0] = '\0';
542 }
543 }
544 /* allow a traling seperator */
545 if (line == p) {
546 break;
547 }
548
549 blob->ctr.dsdb.mappings = talloc_realloc(blob,
550 blob->ctr.dsdb.mappings,
551 struct drsuapi_DsReplicaOIDMapping,
552 blob->ctr.dsdb.num_mappings+1);
553 if (!blob->ctr.dsdb.mappings) {
554 talloc_free(tmp_ctx);
555 return -1;
556 }
557
558 blob->ctr.dsdb.mappings[blob->ctr.dsdb.num_mappings].id_prefix = strtoul(line, &oid, 10);
559
560 if (oid[0] != ':') {
561 talloc_free(tmp_ctx);
562 return -1;
563 }
564
565 /* we know there must be at least ":" */
566 oid++;
567
568 if (!ber_write_partial_OID_String(blob->ctr.dsdb.mappings, &oid_blob, oid)) {
569 talloc_free(tmp_ctx);
570 return -1;
571 }
572 blob->ctr.dsdb.mappings[blob->ctr.dsdb.num_mappings].oid.length = oid_blob.length;
573 blob->ctr.dsdb.mappings[blob->ctr.dsdb.num_mappings].oid.binary_oid = oid_blob.data;
574
575 blob->ctr.dsdb.num_mappings++;
576
577 /* Now look past the terminator we added above */
578 if (p) {
579 line = p + 1;
580 } else {
581 line = NULL;
582 }
583 }
584
585 ndr_err = ndr_push_struct_blob(out, mem_ctx,
586 lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm")),
587 blob,
588 (ndr_push_flags_fn_t)ndr_push_prefixMapBlob);
589 talloc_free(tmp_ctx);
590 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
591 return -1;
592 }
593 return 0;
594 }
595
596 /*
597 convert a NDR formatted blob to a ldif formatted prefixMap
598 */
599 static int ldif_write_prefixMap(struct ldb_context *ldb, void *mem_ctx,
600 const struct ldb_val *in, struct ldb_val *out)
601 {
602 struct prefixMapBlob *blob;
603 enum ndr_err_code ndr_err;
604 char *string;
605 uint32_t i;
606
607 if (ldb_get_flags(ldb) & LDB_FLG_SHOW_BINARY) {
608 return ldif_write_NDR(ldb, mem_ctx, in, out,
609 sizeof(struct prefixMapBlob),
610 (ndr_pull_flags_fn_t)ndr_pull_prefixMapBlob,
611 (ndr_print_fn_t)ndr_print_prefixMapBlob);
612
613 }
614
615 blob = talloc(mem_ctx, struct prefixMapBlob);
616 if (blob == NULL) {
617 return -1;
618 }
619 ndr_err = ndr_pull_struct_blob_all(in, blob,
620 lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm")),
621 blob,
622 (ndr_pull_flags_fn_t)ndr_pull_prefixMapBlob);
623 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
624 goto failed;
625 }
626 if (blob->version != PREFIX_MAP_VERSION_DSDB) {
627 goto failed;
628 }
629 string = talloc_strdup(mem_ctx, "");
630 if (string == NULL) {
631 goto failed;
632 }
633
634 for (i=0; i < blob->ctr.dsdb.num_mappings; i++) {
635 DATA_BLOB oid_blob;
636 const char *partial_oid = NULL;
637
638 if (i > 0) {
639 string = talloc_asprintf_append(string, ";");
640 }
641
642 oid_blob = data_blob_const(blob->ctr.dsdb.mappings[i].oid.binary_oid,
643 blob->ctr.dsdb.mappings[i].oid.length);
644 if (!ber_read_partial_OID_String(blob, oid_blob, &partial_oid)) {
645 DEBUG(0, ("ber_read_partial_OID failed on prefixMap item with id: 0x%X",
646 blob->ctr.dsdb.mappings[i].id_prefix));
647 goto failed;
648 }
649 string = talloc_asprintf_append(string, "%u:%s",
650 blob->ctr.dsdb.mappings[i].id_prefix,
651 partial_oid);
652 talloc_free(discard_const(partial_oid));
653 if (string == NULL) {
654 goto failed;
655 }
656 }
657
658 talloc_free(blob);
659 *out = data_blob_string_const(string);
660 return 0;
661
662 failed:
663 talloc_free(blob);
664 return -1;
665 }
666
667 static bool ldif_comparision_prefixMap_isString(const struct ldb_val *v)
668 {
669 if (v->length < 4) {
670 return true;
671 }
672
673 if (IVAL(v->data, 0) == PREFIX_MAP_VERSION_DSDB) {
674 return false;
675 }
676
677 return true;
678 }
679
680 /*
681 canonicalise a prefixMap
682 */
683 static int ldif_canonicalise_prefixMap(struct ldb_context *ldb, void *mem_ctx,
684 const struct ldb_val *in, struct ldb_val *out)
685 {
686 if (ldif_comparision_prefixMap_isString(in)) {
687 return ldif_read_prefixMap(ldb, mem_ctx, in, out);
688 }
689 return ldb_handler_copy(ldb, mem_ctx, in, out);
690 }
691
692 static int ldif_comparison_prefixMap(struct ldb_context *ldb, void *mem_ctx,
693 const struct ldb_val *v1,
694 const struct ldb_val *v2)
695 {
696
697 int ret, ret1, ret2;
698 struct ldb_val v1_canon, v2_canon;
699 TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
700
701 /* I could try and bail if tmp_ctx was NULL, but what return
702 * value would I use?
703 *
704 * It seems easier to continue on the NULL context
705 */
706 ret1 = ldif_canonicalise_prefixMap(ldb, tmp_ctx, v1, &v1_canon);
707 ret2 = ldif_canonicalise_prefixMap(ldb, tmp_ctx, v2, &v2_canon);
708
709 if (ret1 == LDB_SUCCESS && ret2 == LDB_SUCCESS) {
710 ret = data_blob_cmp(&v1_canon, &v2_canon);
711 } else {
712 ret = data_blob_cmp(v1, v2);
713 }
714 talloc_free(tmp_ctx);
715 return ret;
716 }
717
718 /* Canonicalisation of two 32-bit integers */
719 static int ldif_canonicalise_int32(struct ldb_context *ldb, void *mem_ctx,
720 const struct ldb_val *in, struct ldb_val *out)
721 {
722 char *end;
723 /* We've to use "strtoll" here to have the intended overflows.
724 * Otherwise we may get "LONG_MAX" and the conversion is wrong. */
725 int32_t i = (int32_t) strtoll((char *)in->data, &end, 0);
726 if (*end != 0) {
727 return -1;
728 }
729 out->data = (uint8_t *) talloc_asprintf(mem_ctx, "%d", i);
730 if (out->data == NULL) {
731 return -1;
732 }
733 out->length = strlen((char *)out->data);
734 return 0;
735 }
736
737 /* Comparison of two 32-bit integers */
738 static int ldif_comparison_int32(struct ldb_context *ldb, void *mem_ctx,
739 const struct ldb_val *v1, const struct ldb_val *v2)
740 {
741 /* We've to use "strtoll" here to have the intended overflows.
742 * Otherwise we may get "LONG_MAX" and the conversion is wrong. */
743 return (int32_t) strtoll((char *)v1->data, NULL, 0)
744 - (int32_t) strtoll((char *)v2->data, NULL, 0);
745 }
746
747 /*
748 convert a NDR formatted blob to a ldif formatted repsFromTo
749 */
750 static int ldif_write_repsFromTo(struct ldb_context *ldb, void *mem_ctx,
751 const struct ldb_val *in, struct ldb_val *out)
752 {
753 return ldif_write_NDR(ldb, mem_ctx, in, out,
754 sizeof(struct repsFromToBlob),
755 (ndr_pull_flags_fn_t)ndr_pull_repsFromToBlob,
756 (ndr_print_fn_t)ndr_print_repsFromToBlob);
757 }
758
759 /*
760 convert a NDR formatted blob to a ldif formatted replPropertyMetaData
761 */
762 static int ldif_write_replPropertyMetaData(struct ldb_context *ldb, void *mem_ctx,
763 const struct ldb_val *in, struct ldb_val *out)
764 {
765 return ldif_write_NDR(ldb, mem_ctx, in, out,
766 sizeof(struct replPropertyMetaDataBlob),
767 (ndr_pull_flags_fn_t)ndr_pull_replPropertyMetaDataBlob,
768 (ndr_print_fn_t)ndr_print_replPropertyMetaDataBlob);
769 }
770
771 /*
772 convert a NDR formatted blob to a ldif formatted replUpToDateVector
773 */
774 static int ldif_write_replUpToDateVector(struct ldb_context *ldb, void *mem_ctx,
775 const struct ldb_val *in, struct ldb_val *out)
776 {
777 return ldif_write_NDR(ldb, mem_ctx, in, out,
778 sizeof(struct replUpToDateVectorBlob),
779 (ndr_pull_flags_fn_t)ndr_pull_replUpToDateVectorBlob,
780 (ndr_print_fn_t)ndr_print_replUpToDateVectorBlob);
781 }
782
783
784 static int extended_dn_write_hex(struct ldb_context *ldb, void *mem_ctx,
785 const struct ldb_val *in, struct ldb_val *out)
786 {
787 *out = data_blob_string_const(data_blob_hex_string_lower(mem_ctx, in));
788 if (!out->data) {
789 return -1;
790 }
791 return 0;
792 }
793
794 static const struct ldb_schema_syntax samba_syntaxes[] = {
795 {
796 .name = LDB_SYNTAX_SAMBA_SID,
797 .ldif_read_fn = ldif_read_objectSid,
798 .ldif_write_fn = ldif_write_objectSid,
799 .canonicalise_fn = ldif_canonicalise_objectSid,
800 .comparison_fn = ldif_comparison_objectSid
801 },{
802 .name = LDB_SYNTAX_SAMBA_SECURITY_DESCRIPTOR,
803 .ldif_read_fn = ldif_read_ntSecurityDescriptor,
804 .ldif_write_fn = ldif_write_ntSecurityDescriptor,
805 .canonicalise_fn = ldb_handler_copy,
806 .comparison_fn = ldb_comparison_binary
807 },{
808 .name = LDB_SYNTAX_SAMBA_GUID,
809 .ldif_read_fn = ldif_read_objectGUID,
810 .ldif_write_fn = ldif_write_objectGUID,
811 .canonicalise_fn = ldif_canonicalise_objectGUID,
812 .comparison_fn = ldif_comparison_objectGUID
813 },{
814 .name = LDB_SYNTAX_SAMBA_OBJECT_CATEGORY,
815 .ldif_read_fn = ldb_handler_copy,
816 .ldif_write_fn = ldb_handler_copy,
817 .canonicalise_fn = ldif_canonicalise_objectCategory,
818 .comparison_fn = ldif_comparison_objectCategory
819 },{
820 .name = LDB_SYNTAX_SAMBA_PREFIX_MAP,
821 .ldif_read_fn = ldif_read_prefixMap,
822 .ldif_write_fn = ldif_write_prefixMap,
823 .canonicalise_fn = ldif_canonicalise_prefixMap,
824 .comparison_fn = ldif_comparison_prefixMap
825 },{
826 .name = LDB_SYNTAX_SAMBA_INT32,
827 .ldif_read_fn = ldb_handler_copy,
828 .ldif_write_fn = ldb_handler_copy,
829 .canonicalise_fn = ldif_canonicalise_int32,
830 .comparison_fn = ldif_comparison_int32
831 },{
832 .name = LDB_SYNTAX_SAMBA_REPSFROMTO,
833 .ldif_read_fn = ldb_handler_copy,
834 .ldif_write_fn = ldif_write_repsFromTo,
835 .canonicalise_fn = ldb_handler_copy,
836 .comparison_fn = ldb_comparison_binary
837 },{
838 .name = LDB_SYNTAX_SAMBA_REPLPROPERTYMETADATA,
839 .ldif_read_fn = ldb_handler_copy,
840 .ldif_write_fn = ldif_write_replPropertyMetaData,
841 .canonicalise_fn = ldb_handler_copy,
842 .comparison_fn = ldb_comparison_binary
843 },{
844 .name = LDB_SYNTAX_SAMBA_REPLUPTODATEVECTOR,
845 .ldif_read_fn = ldb_handler_copy,
846 .ldif_write_fn = ldif_write_replUpToDateVector,
847 .canonicalise_fn = ldb_handler_copy,
848 .comparison_fn = ldb_comparison_binary
849 },
850 };
851
852 static const struct ldb_dn_extended_syntax samba_dn_syntax[] = {
853 {
854 .name = "SID",
855 .read_fn = extended_dn_read_SID,
856 .write_clear_fn = ldif_write_objectSid,
857 .write_hex_fn = extended_dn_write_hex
858 },{
859 .name = "GUID",
860 .read_fn = extended_dn_read_GUID,
861 .write_clear_fn = ldif_write_objectGUID,
862 .write_hex_fn = extended_dn_write_hex
863 },{
864 .name = "WKGUID",
865 .read_fn = ldb_handler_copy,
866 .write_clear_fn = ldb_handler_copy,
867 .write_hex_fn = ldb_handler_copy
868 }
869 };
870
871 /* TODO: Should be dynamic at some point */
872 static const struct {
873 const char *name;
874 const char *syntax;
875 } samba_attributes[] = {
876 { "objectSid", LDB_SYNTAX_SAMBA_SID },
877 { "securityIdentifier", LDB_SYNTAX_SAMBA_SID },
878 { "ntSecurityDescriptor", LDB_SYNTAX_SAMBA_SECURITY_DESCRIPTOR },
879 { "objectGUID", LDB_SYNTAX_SAMBA_GUID },
880 { "invocationId", LDB_SYNTAX_SAMBA_GUID },
881 { "schemaIDGUID", LDB_SYNTAX_SAMBA_GUID },
882 { "attributeSecurityGUID", LDB_SYNTAX_SAMBA_GUID },
883 { "parentGUID", LDB_SYNTAX_SAMBA_GUID },
884 { "siteGUID", LDB_SYNTAX_SAMBA_GUID },
885 { "pKTGUID", LDB_SYNTAX_SAMBA_GUID },
886 { "fRSVersionGUID", LDB_SYNTAX_SAMBA_GUID },
887 { "fRSReplicaSetGUID", LDB_SYNTAX_SAMBA_GUID },
888 { "netbootGUID", LDB_SYNTAX_SAMBA_GUID },
889 { "objectCategory", LDB_SYNTAX_SAMBA_OBJECT_CATEGORY },
890 { "prefixMap", LDB_SYNTAX_SAMBA_PREFIX_MAP },
891 { "repsFrom", LDB_SYNTAX_SAMBA_REPSFROMTO },
892 { "repsTo", LDB_SYNTAX_SAMBA_REPSFROMTO },
893 { "replPropertyMetaData", LDB_SYNTAX_SAMBA_REPLPROPERTYMETADATA },
894 { "replUpToDateVector", LDB_SYNTAX_SAMBA_REPLUPTODATEVECTOR },
895 };
896
897 const struct ldb_schema_syntax *ldb_samba_syntax_by_name(struct ldb_context *ldb, const char *name)
898 {
899 uint32_t j;
900 const struct ldb_schema_syntax *s = NULL;
901
902 for (j=0; j < ARRAY_SIZE(samba_syntaxes); j++) {
903 if (strcmp(name, samba_syntaxes[j].name) == 0) {
904 s = &samba_syntaxes[j];
905 break;
906 }
907 }
908 return s;
909 }
910
911 const struct ldb_schema_syntax *ldb_samba_syntax_by_lDAPDisplayName(struct ldb_context *ldb, const char *name)
912 {
913 uint32_t j;
914 const struct ldb_schema_syntax *s = NULL;
915
916 for (j=0; j < ARRAY_SIZE(samba_attributes); j++) {
917 if (strcmp(samba_attributes[j].name, name) == 0) {
918 s = ldb_samba_syntax_by_name(ldb, samba_attributes[j].syntax);
919 break;
920 }
921 }
922
923 return s;
924 }
925
926 /*
927 register the samba ldif handlers
928 */
929 int ldb_register_samba_handlers(struct ldb_context *ldb)
930 {
931 uint32_t i;
932
933 for (i=0; i < ARRAY_SIZE(samba_attributes); i++) {
934 int ret;
935 const struct ldb_schema_syntax *s = NULL;
936
937 s = ldb_samba_syntax_by_name(ldb, samba_attributes[i].syntax);
938
939 if (!s) {
940 s = ldb_standard_syntax_by_name(ldb, samba_attributes[i].syntax);
941 }
942
943 if (!s) {
944 return -1;
945 }
946
947 ret = ldb_schema_attribute_add_with_syntax(ldb, samba_attributes[i].name, LDB_ATTR_FLAG_FIXED, s);
948 if (ret != LDB_SUCCESS) {
949 return ret;
950 }
951 }
952
953 for (i=0; i < ARRAY_SIZE(samba_dn_syntax); i++) {
954 int ret;
955 ret = ldb_dn_extended_add_syntax(ldb, LDB_ATTR_FLAG_FIXED, &samba_dn_syntax[i]);
956 if (ret != LDB_SUCCESS) {
957 return ret;
958 }
959
960
961 }
962
963 return LDB_SUCCESS;
964 }