4 Copyright (C) Simo Sorce 2005-2008
5 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2007-2008
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 * Component: ldb extended dn control module
26 * Description: this module interprets DNs of the form <SID=S-1-2-4456> into normal DNs.
33 #include "ldb/include/ldb.h"
34 #include "ldb/include/ldb_errors.h"
35 #include "ldb/include/ldb_module.h"
38 struct extended_search_context
{
39 struct ldb_module
*module
;
40 struct ldb_request
*req
;
41 struct ldb_dn
*basedn
;
42 char *wellknown_object
;
46 /* An extra layer of indirection because LDB does not allow the original request to be altered */
48 static int extended_final_callback(struct ldb_request
*req
, struct ldb_reply
*ares
)
50 int ret
= LDB_ERR_OPERATIONS_ERROR
;
51 struct extended_search_context
*ac
;
52 ac
= talloc_get_type(req
->context
, struct extended_search_context
);
54 if (ares
->error
!= LDB_SUCCESS
) {
55 ret
= ldb_module_done(ac
->req
, ares
->controls
,
56 ares
->response
, ares
->error
);
61 ret
= ldb_module_send_entry(ac
->req
, ares
->message
, ares
->controls
);
63 case LDB_REPLY_REFERRAL
:
65 ret
= ldb_module_send_referral(ac
->req
, ares
->referral
);
69 ret
= ldb_module_done(ac
->req
, ares
->controls
,
70 ares
->response
, ares
->error
);
77 static int extended_base_callback(struct ldb_request
*req
, struct ldb_reply
*ares
)
79 struct extended_search_context
*ac
;
80 struct ldb_request
*down_req
;
81 struct ldb_message_element
*el
;
86 const char *found
= NULL
;
88 ac
= talloc_get_type(req
->context
, struct extended_search_context
);
91 return ldb_module_done(ac
->req
, NULL
, NULL
,
92 LDB_ERR_OPERATIONS_ERROR
);
94 if (ares
->error
!= LDB_SUCCESS
) {
95 return ldb_module_done(ac
->req
, ares
->controls
,
96 ares
->response
, ares
->error
);
100 case LDB_REPLY_ENTRY
:
101 if (!ac
->wellknown_object
) {
102 ac
->basedn
= talloc_steal(ac
, ares
->message
->dn
);
106 wkn_len
= strlen(ac
->wellknown_object
);
108 el
= ldb_msg_find_element(ares
->message
, "wellKnownObjects");
114 for (i
=0; i
< el
->num_values
; i
++) {
115 valstr
= talloc_strndup(ac
,
116 (const char *)el
->values
[i
].data
,
117 el
->values
[i
].length
);
119 ldb_oom(ldb_module_get_ctx(ac
->module
));
120 return ldb_module_done(ac
->req
, NULL
, NULL
,
121 LDB_ERR_OPERATIONS_ERROR
);
124 if (strncasecmp(valstr
, ac
->wellknown_object
, wkn_len
) != 0) {
129 found
= &valstr
[wkn_len
];
137 ac
->basedn
= ldb_dn_new(ac
, ldb_module_get_ctx(ac
->module
), found
);
140 ldb_oom(ldb_module_get_ctx(ac
->module
));
141 return ldb_module_done(ac
->req
, NULL
, NULL
,
142 LDB_ERR_OPERATIONS_ERROR
);
147 case LDB_REPLY_REFERRAL
:
153 const char *str
= talloc_asprintf(req
, "Base-DN '%s' not found",
154 ldb_dn_get_linearized(ac
->req
->op
.search
.base
));
155 ldb_set_errstring(ldb_module_get_ctx(ac
->module
), str
);
156 return ldb_module_done(ac
->req
, NULL
, NULL
,
157 LDB_ERR_NO_SUCH_OBJECT
);
160 switch (ac
->req
->operation
) {
162 ret
= ldb_build_search_req_ex(&down_req
,
163 ldb_module_get_ctx(ac
->module
), ac
->req
,
165 ac
->req
->op
.search
.scope
,
166 ac
->req
->op
.search
.tree
,
167 ac
->req
->op
.search
.attrs
,
169 ac
, extended_final_callback
,
174 struct ldb_message
*add_msg
= ldb_msg_copy_shallow(ac
, ac
->req
->op
.add
.message
);
176 ldb_oom(ldb_module_get_ctx(ac
->module
));
177 return ldb_module_done(ac
->req
, NULL
, NULL
,
178 LDB_ERR_OPERATIONS_ERROR
);
181 add_msg
->dn
= ac
->basedn
;
183 ret
= ldb_build_add_req(&down_req
,
184 ldb_module_get_ctx(ac
->module
), ac
->req
,
187 ac
, extended_final_callback
,
193 struct ldb_message
*mod_msg
= ldb_msg_copy_shallow(ac
, ac
->req
->op
.mod
.message
);
195 ldb_oom(ldb_module_get_ctx(ac
->module
));
196 return ldb_module_done(ac
->req
, NULL
, NULL
,
197 LDB_ERR_OPERATIONS_ERROR
);
200 mod_msg
->dn
= ac
->basedn
;
202 ret
= ldb_build_mod_req(&down_req
,
203 ldb_module_get_ctx(ac
->module
), ac
->req
,
206 ac
, extended_final_callback
,
211 ret
= ldb_build_del_req(&down_req
,
212 ldb_module_get_ctx(ac
->module
), ac
->req
,
215 ac
, extended_final_callback
,
219 ret
= ldb_build_rename_req(&down_req
,
220 ldb_module_get_ctx(ac
->module
), ac
->req
,
222 ac
->req
->op
.rename
.newdn
,
224 ac
, extended_final_callback
,
228 return ldb_module_done(ac
->req
, NULL
, NULL
, LDB_ERR_OPERATIONS_ERROR
);
231 if (ret
!= LDB_SUCCESS
) {
232 return ldb_module_done(ac
->req
, NULL
, NULL
, ret
);
235 return ldb_next_request(ac
->module
, down_req
);
241 static int extended_dn_in_fix(struct ldb_module
*module
, struct ldb_request
*req
, struct ldb_dn
*dn
)
243 struct extended_search_context
*ac
;
244 struct ldb_request
*down_req
;
246 struct ldb_dn
*base_dn
= NULL
;
247 enum ldb_scope base_dn_scope
= LDB_SCOPE_BASE
;
248 const char *base_dn_filter
= NULL
;
249 const char * const *base_dn_attrs
= NULL
;
250 char *wellknown_object
= NULL
;
251 static const char *no_attr
[] = {
254 static const char *wkattr
[] = {
258 bool all_partitions
= false;
260 if (!ldb_dn_has_extended(dn
)) {
261 /* Move along there isn't anything to see here */
262 return ldb_next_request(module
, req
);
264 /* It looks like we need to map the DN */
265 const struct ldb_val
*sid_val
, *guid_val
, *wkguid_val
;
267 sid_val
= ldb_dn_get_extended_component(dn
, "SID");
268 guid_val
= ldb_dn_get_extended_component(dn
, "GUID");
269 wkguid_val
= ldb_dn_get_extended_component(dn
, "WKGUID");
272 all_partitions
= true;
273 base_dn
= ldb_get_default_basedn(ldb_module_get_ctx(module
));
274 base_dn_filter
= talloc_asprintf(req
, "(objectSid=%s)",
275 ldb_binary_encode(req
, *sid_val
));
276 if (!base_dn_filter
) {
277 ldb_oom(ldb_module_get_ctx(module
));
278 return LDB_ERR_OPERATIONS_ERROR
;
280 base_dn_scope
= LDB_SCOPE_SUBTREE
;
281 base_dn_attrs
= no_attr
;
283 } else if (guid_val
) {
285 all_partitions
= true;
286 base_dn
= ldb_get_default_basedn(ldb_module_get_ctx(module
));
287 base_dn_filter
= talloc_asprintf(req
, "(objectGUID=%s)",
288 ldb_binary_encode(req
, *guid_val
));
289 if (!base_dn_filter
) {
290 ldb_oom(ldb_module_get_ctx(module
));
291 return LDB_ERR_OPERATIONS_ERROR
;
293 base_dn_scope
= LDB_SCOPE_SUBTREE
;
294 base_dn_attrs
= no_attr
;
297 } else if (wkguid_val
) {
302 wkguid_dup
= talloc_strndup(req
, (char *)wkguid_val
->data
, wkguid_val
->length
);
304 p
= strchr(wkguid_dup
, ',');
306 return LDB_ERR_INVALID_DN_SYNTAX
;
312 wellknown_object
= talloc_asprintf(req
, "B:32:%s:", wkguid_dup
);
313 if (!wellknown_object
) {
314 ldb_oom(ldb_module_get_ctx(module
));
315 return LDB_ERR_OPERATIONS_ERROR
;
320 base_dn
= ldb_dn_new(req
, ldb_module_get_ctx(module
), tail_str
);
321 talloc_free(wkguid_dup
);
323 ldb_oom(ldb_module_get_ctx(module
));
324 return LDB_ERR_OPERATIONS_ERROR
;
326 base_dn_filter
= talloc_strdup(req
, "(objectClass=*)");
327 if (!base_dn_filter
) {
328 ldb_oom(ldb_module_get_ctx(module
));
329 return LDB_ERR_OPERATIONS_ERROR
;
331 base_dn_scope
= LDB_SCOPE_BASE
;
332 base_dn_attrs
= wkattr
;
334 return LDB_ERR_INVALID_DN_SYNTAX
;
337 ac
= talloc_zero(req
, struct extended_search_context
);
339 ldb_oom(ldb_module_get_ctx(module
));
340 return LDB_ERR_OPERATIONS_ERROR
;
345 ac
->basedn
= NULL
; /* Filled in if the search finds the DN by SID/GUID etc */
346 ac
->wellknown_object
= wellknown_object
;
348 /* If the base DN was an extended DN (perhaps a well known
349 * GUID) then search for that, so we can proceed with the original operation */
351 ret
= ldb_build_search_req(&down_req
,
352 ldb_module_get_ctx(module
), ac
,
358 ac
, extended_base_callback
,
360 if (ret
!= LDB_SUCCESS
) {
361 return LDB_ERR_OPERATIONS_ERROR
;
364 if (all_partitions
) {
365 struct ldb_search_options_control
*control
;
366 control
= talloc(down_req
, struct ldb_search_options_control
);
367 control
->search_options
= 2;
368 ret
= ldb_request_add_control(down_req
,
369 LDB_CONTROL_SEARCH_OPTIONS_OID
,
371 if (ret
!= LDB_SUCCESS
) {
372 ldb_oom(ldb_module_get_ctx(module
));
377 /* perform the search */
378 return ldb_next_request(module
, down_req
);
382 static int extended_dn_in_search(struct ldb_module
*module
, struct ldb_request
*req
)
384 return extended_dn_in_fix(module
, req
, req
->op
.search
.base
);
387 static int extended_dn_in_modify(struct ldb_module
*module
, struct ldb_request
*req
)
389 return extended_dn_in_fix(module
, req
, req
->op
.mod
.message
->dn
);
392 static int extended_dn_in_del(struct ldb_module
*module
, struct ldb_request
*req
)
394 return extended_dn_in_fix(module
, req
, req
->op
.del
.dn
);
397 static int extended_dn_in_rename(struct ldb_module
*module
, struct ldb_request
*req
)
399 return extended_dn_in_fix(module
, req
, req
->op
.rename
.olddn
);
402 _PUBLIC_
const struct ldb_module_ops ldb_extended_dn_in_module_ops
= {
403 .name
= "extended_dn_in",
404 .search
= extended_dn_in_search
,
405 .modify
= extended_dn_in_modify
,
406 .del
= extended_dn_in_del
,
407 .rename
= extended_dn_in_rename
,