diff options
author | Simo Sorce <idra@samba.org> | 2005-08-18 15:02:01 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:33:32 -0500 |
commit | 3e4c4cff2177af33efdb15f03a1bbcb639505cee (patch) | |
tree | 852723e443ca41ef6b1d91dd3c11224eddebbd48 | |
parent | a8d51f87620a688a286603766cbb7edb2b7c6e60 (diff) | |
download | samba-3e4c4cff2177af33efdb15f03a1bbcb639505cee.tar.gz samba-3e4c4cff2177af33efdb15f03a1bbcb639505cee.tar.bz2 samba-3e4c4cff2177af33efdb15f03a1bbcb639505cee.zip |
r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names
Provide more functions to handle DNs in this form
(This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
56 files changed, 1477 insertions, 864 deletions
diff --git a/source4/auth/auth_sam.c b/source4/auth/auth_sam.c index 555b2a25ac..008a7f3a84 100644 --- a/source4/auth/auth_sam.c +++ b/source4/auth/auth_sam.c @@ -217,7 +217,7 @@ static NTSTATUS authsam_search_account(TALLOC_CTX *mem_ctx, struct ldb_context * int ret; int ret_domain; - const char *domain_dn = NULL; + const struct ldb_dn *domain_dn = NULL; const char *attrs[] = {"unicodePwd", "lmPwdHash", "ntPwdHash", "userAccountControl", @@ -265,7 +265,7 @@ static NTSTATUS authsam_search_account(TALLOC_CTX *mem_ctx, struct ldb_context * return NT_STATUS_INTERNAL_DB_CORRUPTION; } - domain_dn = samdb_result_string(msgs_domain[0], "nCName", NULL); + domain_dn = samdb_result_dn(mem_ctx, msgs_domain[0], "nCName", NULL); } /* pull the user attributes */ @@ -316,7 +316,7 @@ static NTSTATUS authsam_search_account(TALLOC_CTX *mem_ctx, struct ldb_context * } ret_domain = gendb_search(sam_ctx, mem_ctx, NULL, &msgs_domain, domain_attrs, - "(nCName=%s)", msgs_tmp[0]->dn); + "(nCName=%s)", ldb_dn_linearize(msgs_tmp, msgs_tmp[0]->dn)); if (ret_domain == -1) { return NT_STATUS_INTERNAL_DB_CORRUPTION; @@ -324,13 +324,13 @@ static NTSTATUS authsam_search_account(TALLOC_CTX *mem_ctx, struct ldb_context * if (ret_domain == 0) { DEBUG(3,("check_sam_security: Couldn't find domain [%s] in passdb file.\n", - msgs_tmp[0]->dn)); + ldb_dn_linearize(msgs_tmp, msgs_tmp[0]->dn))); return NT_STATUS_NO_SUCH_USER; } if (ret_domain > 1) { DEBUG(0,("Found %d records matching domain [%s]\n", - ret_domain, msgs_tmp[0]->dn)); + ret_domain, ldb_dn_linearize(msgs_tmp, msgs_tmp[0]->dn))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } @@ -356,7 +356,7 @@ static NTSTATUS authsam_authenticate(struct auth_context *auth_context, NTTIME last_set_time; struct samr_Password *lm_pwd, *nt_pwd; NTSTATUS nt_status; - const char *domain_dn = samdb_result_string(msgs_domain[0], "nCName", ""); + struct ldb_dn *domain_dn = samdb_result_dn(mem_ctx, msgs_domain[0], "nCName", ldb_dn_new(mem_ctx)); acct_flags = samdb_result_acct_flags(msgs[0], "userAccountControl"); @@ -407,7 +407,8 @@ static NTSTATUS authsam_make_server_info(TALLOC_CTX *mem_ctx, struct ldb_context struct dom_sid **groupSIDs = NULL; struct dom_sid *account_sid; struct dom_sid *primary_group_sid; - const char *str, *ncname; + const char *str; + struct ldb_dn *ncname; int i; uint_t rid; TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); @@ -415,7 +416,7 @@ static NTSTATUS authsam_make_server_info(TALLOC_CTX *mem_ctx, struct ldb_context group_ret = gendb_search(sam_ctx, tmp_ctx, NULL, &group_msgs, group_attrs, "(&(member=%s)(sAMAccountType=*))", - msgs[0]->dn); + ldb_dn_linearize(tmp_ctx, msgs[0]->dn)); if (group_ret == -1) { talloc_free(tmp_ctx); return NT_STATUS_INTERNAL_DB_CORRUPTION; @@ -490,7 +491,7 @@ static NTSTATUS authsam_make_server_info(TALLOC_CTX *mem_ctx, struct ldb_context server_info->acct_expiry = samdb_result_nttime(msgs[0], "accountExpires", 0); server_info->last_password_change = samdb_result_nttime(msgs[0], "pwdLastSet", 0); - ncname = samdb_result_string(msgs_domain[0], "nCName", ""); + ncname = samdb_result_dn(mem_ctx, msgs_domain[0], "nCName", ldb_dn_new(mem_ctx)); server_info->allow_password_change = samdb_result_allow_password_change(sam_ctx, mem_ctx, ncname, msgs[0], "pwdLastSet"); diff --git a/source4/auth/gensec/schannel_state.c b/source4/auth/gensec/schannel_state.c index 0c5ce09637..4864221ade 100644 --- a/source4/auth/gensec/schannel_state.c +++ b/source4/auth/gensec/schannel_state.c @@ -100,16 +100,15 @@ NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx, return NT_STATUS_NO_MEMORY; } - msg = ldb_msg_new(mem_ctx); + msg = ldb_msg_new(ldb); if (msg == NULL) { talloc_free(ldb); return NT_STATUS_NO_MEMORY; } - msg->dn = talloc_asprintf(msg, "computerName=%s", creds->computer_name); + msg->dn = ldb_dn_build_child(msg, "computerName", creds->computer_name, NULL); if (msg->dn == NULL) { talloc_free(ldb); - talloc_free(msg); return NT_STATUS_NO_MEMORY; } @@ -134,13 +133,11 @@ NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx, if (ret != 0) { DEBUG(0,("Unable to add %s to session key db - %s\n", - msg->dn, ldb_errstring(ldb))); + ldb_dn_linearize(msg, msg->dn), ldb_errstring(ldb))); talloc_free(ldb); - talloc_free(msg); return NT_STATUS_INTERNAL_DB_CORRUPTION; } - talloc_free(msg); talloc_free(ldb); return NT_STATUS_OK; diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index a39ad64a8e..bfecc3576f 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -81,9 +81,10 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, /* try and find the domain */ ret = gendb_search(cldapd->samctx, mem_ctx, NULL, &ref_res, ref_attrs, "(&(objectClass=crossRef)(ncName=%s))", - dom_res[0]->dn); + ldb_dn_linearize(mem_ctx, dom_res[0]->dn)); if (ret != 1) { - DEBUG(2,("Unable to find referece to '%s' in sam\n", dom_res[0]->dn)); + DEBUG(2,("Unable to find referece to '%s' in sam\n", + ldb_dn_linearize(mem_ctx, dom_res[0]->dn))); return NT_STATUS_NO_SUCH_DOMAIN; } diff --git a/source4/dsdb/samdb/ldb_modules/objectguid.c b/source4/dsdb/samdb/ldb_modules/objectguid.c index 873c89cf28..dc4576a8f9 100644 --- a/source4/dsdb/samdb/ldb_modules/objectguid.c +++ b/source4/dsdb/samdb/ldb_modules/objectguid.c @@ -42,7 +42,7 @@ struct private_data { const char *error_string; }; -static int objectguid_search(struct ldb_module *module, const char *base, +static int objectguid_search(struct ldb_module *module, const struct ldb_dn *base, enum ldb_scope scope, const char *expression, const char * const *attrs, struct ldb_message ***res) { @@ -50,7 +50,7 @@ static int objectguid_search(struct ldb_module *module, const char *base, return ldb_next_search(module, base, scope, expression, attrs, res); } -static int objectguid_search_bytree(struct ldb_module *module, const char *base, +static int objectguid_search_bytree(struct ldb_module *module, const struct ldb_dn *base, enum ldb_scope scope, struct ldb_parse_tree *tree, const char * const *attrs, struct ldb_message ***res) { @@ -83,7 +83,7 @@ static int objectguid_add_record(struct ldb_module *module, const struct ldb_mes ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_add_record\n"); - if (msg->dn[0] == '@') { /* do not manipulate our control entries */ + if (ldb_dn_is_special(msg->dn)) { /* do not manipulate our control entries */ return ldb_next_add_record(module, msg); } @@ -131,13 +131,13 @@ static int objectguid_modify_record(struct ldb_module *module, const struct ldb_ return ldb_next_modify_record(module, msg); } -static int objectguid_delete_record(struct ldb_module *module, const char *dn) +static int objectguid_delete_record(struct ldb_module *module, const struct ldb_dn *dn) { ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_delete_record\n"); return ldb_next_delete_record(module, dn); } -static int objectguid_rename_record(struct ldb_module *module, const char *olddn, const char *newdn) +static int objectguid_rename_record(struct ldb_module *module, const struct ldb_dn *olddn, const struct ldb_dn *newdn) { ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_rename_record\n"); return ldb_next_rename_record(module, olddn, newdn); diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 88c1ab5804..ed7c135efa 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -44,7 +44,7 @@ struct private_data { const char *error_string; }; -static int samldb_search(struct ldb_module *module, const char *base, +static int samldb_search(struct ldb_module *module, const struct ldb_dn *base, enum ldb_scope scope, const char *expression, const char * const *attrs, struct ldb_message ***res) { @@ -52,7 +52,7 @@ static int samldb_search(struct ldb_module *module, const char *base, return ldb_next_search(module, base, scope, expression, attrs, res); } -static int samldb_search_bytree(struct ldb_module *module, const char *base, +static int samldb_search_bytree(struct ldb_module *module, const struct ldb_dn *base, enum ldb_scope scope, struct ldb_parse_tree *tree, const char * const *attrs, struct ldb_message ***res) { @@ -65,7 +65,7 @@ static int samldb_search_bytree(struct ldb_module *module, const char *base, return 0 on failure, the id on success */ static int samldb_allocate_next_rid(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, - const char *dn, uint32_t *id) + const struct ldb_dn *dn, uint32_t *id) { const char * const attrs[2] = { "nextRid", NULL }; struct ldb_message **res = NULL; @@ -82,7 +82,7 @@ static int samldb_allocate_next_rid(struct ldb_context *ldb, TALLOC_CTX *mem_ctx } str = ldb_msg_find_string(res[0], "nextRid", NULL); if (str == NULL) { - ldb_debug(ldb, LDB_DEBUG_FATAL, "attribute nextRid not found in %s\n", dn); + ldb_debug(ldb, LDB_DEBUG_FATAL, "attribute nextRid not found in %s\n", ldb_dn_linearize(res, dn)); talloc_free(res); return -1; } @@ -99,7 +99,7 @@ static int samldb_allocate_next_rid(struct ldb_context *ldb, TALLOC_CTX *mem_ctx /* we do a delete and add as a single operation. That prevents a race */ ZERO_STRUCT(msg); - msg.dn = talloc_strdup(mem_ctx, dn); + msg.dn = ldb_dn_copy(mem_ctx, dn); if (!msg.dn) { return -1; } @@ -141,29 +141,35 @@ static int samldb_allocate_next_rid(struct ldb_context *ldb, TALLOC_CTX *mem_ctx return 0; } -static char *samldb_search_domain(struct ldb_module *module, TALLOC_CTX *mem_ctx, const char *dn) +static struct ldb_dn *samldb_search_domain(struct ldb_module *module, TALLOC_CTX *mem_ctx, const struct ldb_dn *dn) { - const char *sdn; + TALLOC_CTX *local_ctx; + struct ldb_dn *sdn; struct ldb_message **res = NULL; int ret = 0; - sdn = dn; - while ((sdn = strchr(sdn, ',')) != NULL) { - - sdn++; + local_ctx = talloc_named(mem_ctx, 0, "samldb_search_domain memory conext"); + if (local_ctx == NULL) return NULL; + sdn = ldb_dn_copy(local_ctx, dn); + do { ret = ldb_search(module->ldb, sdn, LDB_SCOPE_BASE, "objectClass=domain", NULL, &res); talloc_free(res); if (ret == 1) break; - } + + } while ((sdn = ldb_dn_get_parent(local_ctx, sdn))); if (ret != 1) { + talloc_free(local_ctx); return NULL; } - return talloc_strdup(mem_ctx, sdn); + talloc_steal(mem_ctx, sdn); + talloc_free(local_ctx); + + return sdn; } /* search the domain related to the provided dn @@ -171,11 +177,11 @@ static char *samldb_search_domain(struct ldb_module *module, TALLOC_CTX *mem_ctx return the new sid string */ static struct dom_sid *samldb_get_new_sid(struct ldb_module *module, - TALLOC_CTX *mem_ctx, const char *obj_dn) + TALLOC_CTX *mem_ctx, const struct ldb_dn *obj_dn) { const char * const attrs[2] = { "objectSid", NULL }; struct ldb_message **res = NULL; - const char *dom_dn; + const struct ldb_dn *dom_dn; uint32_t rid; int ret, tries = 10; struct dom_sid *dom_sid, *obj_sid; @@ -190,7 +196,7 @@ static struct dom_sid *samldb_get_new_sid(struct ldb_module *module, dom_dn = samldb_search_domain(module, mem_ctx, obj_dn); if (dom_dn == NULL) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "Invalid dn (%s) not child of a domain object!\n", obj_dn); + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "Invalid dn (%s) not child of a domain object!\n", ldb_dn_linearize(mem_ctx, obj_dn)); return NULL; } @@ -221,7 +227,7 @@ static struct dom_sid *samldb_get_new_sid(struct ldb_module *module, } } if (ret != 0) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "Failed to increment nextRid of %s\n", dom_dn); + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "Failed to increment nextRid of %s\n", ldb_dn_linearize(mem_ctx, dom_dn)); talloc_free(res); return NULL; } @@ -243,22 +249,6 @@ static char *samldb_generate_samAccountName(const void *mem_ctx) { return name; } -static BOOL samldb_get_rdn(void *mem_ctx, const char *dn, struct ldb_dn_component **rdn) -{ - struct ldb_dn *dn_exploded = ldb_dn_explode(mem_ctx, dn); - - if (!dn_exploded) { - return False; - } - - if (dn_exploded->comp_num < 1) { - return False; - } - - *rdn = &dn_exploded->components[0]; - return True; -} - /* if value is not null also check for attribute to have exactly that value */ static struct ldb_message_element *samldb_find_attribute(const struct ldb_message *msg, const char *name, const char *value) { @@ -390,8 +380,8 @@ static struct ldb_message *samldb_fill_group_object(struct ldb_module *module, c return NULL; } - if ( ! samldb_get_rdn(msg2, msg2->dn, &rdn)) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_group_object: Bad DN (%s)!\n", msg2->dn); + if ((rdn = ldb_dn_get_rdn(msg2, msg2->dn)) == NULL) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_group_object: Bad DN (%s)!\n", ldb_dn_linearize(msg2, msg2->dn)); return NULL; } if (strcasecmp(rdn->name, "cn") != 0) { @@ -454,7 +444,7 @@ static struct ldb_message *samldb_fill_user_or_computer_object(struct ldb_module } } - if ( ! samldb_get_rdn(msg2, msg2->dn, &rdn)) { + if ((rdn = ldb_dn_get_rdn(msg2, msg2->dn)) == NULL) { return NULL; } if (strcasecmp(rdn->name, "cn") != 0) { @@ -510,13 +500,15 @@ static struct ldb_message *samldb_fill_foreignSecurityPrincipal_object(struct ld return NULL; } + talloc_steal(msg, msg2); + if (samldb_copy_template(module, msg2, "(&(CN=TemplateForeignSecurityPrincipal)(objectclass=foreignSecurityPrincipalTemplate))") != 0) { ldb_debug(module->ldb, LDB_DEBUG_WARNING, "samldb_fill_foreignSecurityPrincipal_object: Error copying template!\n"); return NULL; } - if ( ! samldb_get_rdn(msg2, msg2->dn, &rdn)) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_foreignSecurityPrincipal_object: Bad DN (%s)!\n", msg2->dn); + if ((rdn = ldb_dn_get_rdn(msg2, msg2->dn)) == NULL) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_foreignSecurityPrincipal_object: Bad DN (%s)!\n", ldb_dn_linearize(msg2, msg2->dn)); return NULL; } if (strcasecmp(rdn->name, "cn") != 0) { @@ -538,8 +530,6 @@ static struct ldb_message *samldb_fill_foreignSecurityPrincipal_object(struct ld talloc_free(sid); } - talloc_steal(msg, msg2); - return msg2; } @@ -551,7 +541,7 @@ static int samldb_add_record(struct ldb_module *module, const struct ldb_message ldb_debug(module->ldb, LDB_DEBUG_TRACE, "samldb_add_record\n"); - if (msg->dn[0] == '@') { /* do not manipulate our control entries */ + if (strcmp(msg->dn->components[0].name, "@SPEACIAL") == 0) { /* do not manipulate our control entries */ return ldb_next_add_record(module, msg); } @@ -584,13 +574,13 @@ static int samldb_modify_record(struct ldb_module *module, const struct ldb_mess return ldb_next_modify_record(module, msg); } -static int samldb_delete_record(struct ldb_module *module, const char *dn) +static int samldb_delete_record(struct ldb_module *module, const struct ldb_dn *dn) { ldb_debug(module->ldb, LDB_DEBUG_TRACE, "samldb_delete_record\n"); return ldb_next_delete_record(module, dn); } -static int samldb_rename_record(struct ldb_module *module, const char *olddn, const char *newdn) +static int samldb_rename_record(struct ldb_module *module, const struct ldb_dn *olddn, const struct ldb_dn *newdn) { ldb_debug(module->ldb, LDB_DEBUG_TRACE, "samldb_rename_record\n"); return ldb_next_rename_record(module, olddn, newdn); diff --git a/source4/dsdb/samdb/samdb.c b/source4/dsdb/samdb/samdb.c index 3a160615ff..9cb9a93446 100644 --- a/source4/dsdb/samdb/samdb.c +++ b/source4/dsdb/samdb/samdb.c @@ -43,7 +43,7 @@ struct ldb_context *samdb_connect(TALLOC_CTX *mem_ctx) */ int samdb_search_domain(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, - const char *basedn, + const struct ldb_dn *basedn, struct ldb_message ***res, const char * const *attrs, const struct dom_sid *domain_sid, @@ -84,7 +84,7 @@ int samdb_search_domain(struct ldb_context *sam_ldb, */ const char *samdb_search_string_v(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, - const char *basedn, + const struct ldb_dn *basedn, const char *attr_name, const char *format, va_list ap) _PRINTF_ATTRIBUTE(5,0) { @@ -113,7 +113,7 @@ const char *samdb_search_string_v(struct ldb_context *sam_ldb, */ const char *samdb_search_string(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, - const char *basedn, + const struct ldb_dn *basedn, const char *attr_name, const char *format, ...) _PRINTF_ATTRIBUTE(5,6) { @@ -132,7 +132,7 @@ const char *samdb_search_string(struct ldb_context *sam_ldb, */ struct dom_sid *samdb_search_dom_sid(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, - const char *basedn, + const struct ldb_dn *basedn, const char *attr_name, const char *format, ...) _PRINTF_ATTRIBUTE(5,6) { @@ -165,7 +165,7 @@ struct dom_sid *samdb_search_dom_sid(struct ldb_context *sam_ldb, */ int samdb_search_count(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, - const char *basedn, + const struct ldb_dn *basedn, const char *format, ...) _PRINTF_ATTRIBUTE(4,5) { va_list ap; @@ -187,7 +187,7 @@ int samdb_search_count(struct ldb_context *sam_ldb, uint_t samdb_search_uint(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, uint_t default_value, - const char *basedn, + const struct ldb_dn *basedn, const char *attr_name, const char *format, ...) _PRINTF_ATTRIBUTE(6,7) { @@ -215,7 +215,7 @@ uint_t samdb_search_uint(struct ldb_context *sam_ldb, int64_t samdb_search_int64(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, int64_t default_value, - const char *basedn, + const struct ldb_dn *basedn, const char *attr_name, const char *format, ...) _PRINTF_ATTRIBUTE(6,7) { @@ -243,7 +243,7 @@ int64_t samdb_search_int64(struct ldb_context *sam_ldb, */ int samdb_search_string_multiple(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, - const char *basedn, + const struct ldb_dn *basedn, const char ***strs, const char *attr_name, const char *format, ...) _PRINTF_ATTRIBUTE(6,7) @@ -312,6 +312,14 @@ const char *samdb_result_string(struct ldb_message *msg, const char *attr, return ldb_msg_find_string(msg, attr, default_value); } +struct ldb_dn *samdb_result_dn(TALLOC_CTX *mem_ctx, struct ldb_message *msg, + const char *attr, struct ldb_dn *default_value) +{ + const char *string = samdb_result_string(msg, attr, NULL); + if (string == NULL) return default_value; + return ldb_dn_explode(mem_ctx, string); +} + /* pull a rid from a objectSid in a result set. */ @@ -421,7 +429,7 @@ uint64_t samdb_result_uint64(struct ldb_message *msg, const char *attr, uint64_t */ NTTIME samdb_result_allow_password_change(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, - const char *domain_dn, + const struct ldb_dn *domain_dn, struct ldb_message *msg, const char *attr) { @@ -433,7 +441,7 @@ NTTIME samdb_result_allow_password_change(struct ldb_context *sam_ldb, } minPwdAge = samdb_search_int64(sam_ldb, mem_ctx, 0, - domain_dn, "minPwdAge", "dn=%s", domain_dn); + domain_dn, "minPwdAge", "dn=%s", ldb_dn_linearize(mem_ctx, domain_dn)); /* yes, this is a -= not a += as minPwdAge is stored as the negative of the number of 100-nano-seconds */ @@ -448,7 +456,7 @@ NTTIME samdb_result_allow_password_change(struct ldb_context *sam_ldb, */ NTTIME samdb_result_force_password_change(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, - const char *domain_dn, + const struct ldb_dn *domain_dn, struct ldb_message *msg, const char *attr) { @@ -460,7 +468,7 @@ NTTIME samdb_result_force_password_change(struct ldb_context *sam_ldb, } maxPwdAge = samdb_search_int64(sam_ldb, mem_ctx, 0, domain_dn, - "maxPwdAge", "dn=%s", domain_dn); + "maxPwdAge", "dn=%s", ldb_dn_linearize(mem_ctx, domain_dn)); if (maxPwdAge == 0) { return 0; } else { @@ -899,7 +907,7 @@ int samdb_add(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_messa /* delete a record */ -int samdb_delete(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, const char *dn) +int samdb_delete(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, const struct ldb_dn *dn) { return ldb_delete(sam_ldb, dn); } diff --git a/source4/include/structs.h b/source4/include/structs.h index 26c6b9a622..bcecd5c096 100644 --- a/source4/include/structs.h +++ b/source4/include/structs.h @@ -197,6 +197,7 @@ struct test_join_ads_dc; struct netr_LMSessionKey; struct ldb_val; +struct ldb_dn; struct ldb_message; struct ldb_context; struct ldb_parse_tree; diff --git a/source4/kdc/hdb-ldb.c b/source4/kdc/hdb-ldb.c index 0aa18423a0..78084f2e89 100644 --- a/source4/kdc/hdb-ldb.c +++ b/source4/kdc/hdb-ldb.c @@ -447,7 +447,7 @@ static krb5_error_code LDB_lookup_principal(krb5_context context, struct ldb_con TALLOC_CTX *mem_ctx, krb5_const_principal principal, enum hdb_ldb_ent_type ent_type, - const char *realm_dn, + const struct ldb_dn *realm_dn, struct ldb_message ***pmsg) { krb5_error_code ret; @@ -460,6 +460,8 @@ static krb5_error_code LDB_lookup_principal(krb5_context context, struct ldb_con char *princ_str_talloc; char *short_princ; + char *realm_dn_str; + struct ldb_message **msg = NULL; /* Structure assignment, so we don't mess with the source parameter */ @@ -520,18 +522,20 @@ static krb5_error_code LDB_lookup_principal(krb5_context context, struct ldb_con count = ldb_search(ldb_ctx, realm_dn, LDB_SCOPE_SUBTREE, filter, princ_attrs, &msg); + realm_dn_str = ldb_dn_linearize(mem_ctx, realm_dn); + if (count < 1) { krb5_warnx(context, "ldb_search: basedn: '%s' filter: '%s' failed: %d", - realm_dn, filter, count); + realm_dn_str, filter, count); krb5_set_error_string(context, "ldb_search: basedn: '%s' filter: '%s' failed: %d", - realm_dn, filter, count); + realm_dn_str, filter, count); return HDB_ERR_NOENTRY; } else if (count > 1) { talloc_free(msg); krb5_warnx(context, "ldb_search: basedn: '%s' filter: '%s' more than 1 entry: %d", - realm_dn, filter, count); + realm_dn_str, filter, count); krb5_set_error_string(context, "ldb_search: basedn: '%s' filter: '%s' more than 1 entry: %d", - realm_dn, filter, count); + realm_dn_str, filter, count); return HDB_ERR_NOENTRY; } *pmsg = talloc_steal(mem_ctx, msg); @@ -544,7 +548,8 @@ static krb5_error_code LDB_lookup_realm(krb5_context context, struct ldb_context struct ldb_message ***pmsg) { int count; - const char *realm_dn; + struct ldb_dn *realm_dn; + const char *realm_dn_str; char *cross_ref_filter; struct ldb_message **cross_ref_msg; struct ldb_message **msg; @@ -585,7 +590,8 @@ static krb5_error_code LDB_lookup_realm(krb5_context context, struct ldb_context return HDB_ERR_NOENTRY; } - realm_dn = ldb_msg_find_string(cross_ref_msg[0], "nCName", NULL); + realm_dn_str = ldb_msg_find_string(cross_ref_msg[0], "nCName", NULL); + realm_dn = ldb_dn_explode(mem_ctx, realm_dn_str); count = ldb_search(ldb_ctx, realm_dn, LDB_SCOPE_BASE, "(objectClass=domain)", realm_attrs, &msg); @@ -596,12 +602,12 @@ static krb5_error_code LDB_lookup_realm(krb5_context context, struct ldb_context } if (count < 1) { - krb5_warnx(context, "ldb_search: dn: %s not found: %d", realm_dn, count); - krb5_set_error_string(context, "ldb_search: dn: %s not found: %d", realm_dn, count); + krb5_warnx(context, "ldb_search: dn: %s not found: %d", realm_dn_str, count); + krb5_set_error_string(context, "ldb_search: dn: %s not found: %d", realm_dn_str, count); return HDB_ERR_NOENTRY; } else if (count > 1) { - krb5_warnx(context, "ldb_search: dn: '%s' more than 1 entry: %d", realm_dn, count); - krb5_set_error_string(context, "ldb_search: dn: %s more than 1 entry: %d", realm_dn, count); + krb5_warnx(context, "ldb_search: dn: '%s' more than 1 entry: %d", realm_dn_str, count); + krb5_set_error_string(context, "ldb_search: dn: %s more than 1 entry: %d", realm_dn_str, count); return HDB_ERR_NOENTRY; } @@ -610,7 +616,7 @@ static krb5_error_code LDB_lookup_realm(krb5_context context, struct ldb_context static krb5_error_code LDB_lookup_spn_alias(krb5_context context, struct ldb_context *ldb_ctx, TALLOC_CTX *mem_ctx, - const char *realm_dn, + const struct ldb_dn *realm_dn, const char *alias_from, char **alias_to) { @@ -618,9 +624,11 @@ static krb5_error_code LDB_lookup_spn_alias(krb5_context context, struct ldb_con int count; struct ldb_message **msg; struct ldb_message_element *spnmappings; - char *service_dn = talloc_asprintf(mem_ctx, - "CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,%s", - realm_dn); + struct ldb_dn *service_dn = ldb_dn_compose_string_dn(mem_ctx, + "CN=Directory Service,CN=Windows NT" + ",CN=Services,CN=Configuration", + realm_dn); + char *service_dn_str = ldb_dn_linearize(mem_ctx, service_dn); const char *directory_attrs[] = { "sPNMappings", NULL @@ -631,19 +639,19 @@ static krb5_error_code LDB_lookup_spn_alias(krb5_context context, struct ldb_con talloc_steal(mem_ctx, msg); if (count < 1) { - krb5_warnx(context, "ldb_search: dn: %s not found: %d", service_dn, count); - krb5_set_error_string(context, "ldb_search: dn: %s not found: %d", service_dn, count); + krb5_warnx(context, "ldb_search: dn: %s not found: %d", service_dn_str, count); + krb5_set_error_string(context, "ldb_search: dn: %s not found: %d", service_dn_str, count); return HDB_ERR_NOENTRY; } else if (count > 1) { - krb5_warnx(context, "ldb_search: dn: %s found %d times!", service_dn, count); - krb5_set_error_string(context, "ldb_search: dn: %s found %d times!", service_dn, count); + krb5_warnx(context, "ldb_search: dn: %s found %d times!", service_dn_str, count); + krb5_set_error_string(context, "ldb_search: dn: %s found %d times!", service_dn_str, count); return HDB_ERR_NOENTRY; } spnmappings = ldb_msg_find_element(msg[0], "sPNMappings"); if (!spnmappings || spnmappings->num_values == 0) { - krb5_warnx(context, "ldb_search: dn: %s no sPNMappings attribute", service_dn); - krb5_set_error_string(context, "ldb_search: dn: %s no sPNMappings attribute", service_dn); + krb5_warnx(context, "ldb_search: dn: %s no sPNMappings attribute", service_dn_str); + krb5_set_error_string(context, "ldb_search: dn: %s no sPNMappings attribute", service_dn_str); return HDB_ERR_NOENTRY; } @@ -652,8 +660,8 @@ static krb5_error_code LDB_lookup_spn_alias(krb5_context context, struct ldb_con mapping = talloc_strdup(mem_ctx, (const char *)spnmappings->values[i].data); if (!mapping) { - krb5_warnx(context, "LDB_lookup_spn_alias: ldb_search: dn: %s did not have an sPNMapping", service_dn); - krb5_set_error_string(context, "LDB_lookup_spn_alias: ldb_search: dn: %s did not have an sPNMapping", service_dn); + krb5_warnx(context, "LDB_lookup_spn_alias: ldb_search: dn: %s did not have an sPNMapping", service_dn_str); + krb5_set_error_string(context, "LDB_lookup_spn_alias: ldb_search: dn: %s did not have an sPNMapping", service_dn_str); return HDB_ERR_NOENTRY; } @@ -662,9 +670,9 @@ static krb5_error_code LDB_lookup_spn_alias(krb5_context context, struct ldb_con p = strchr(mapping, '='); if (!p) { krb5_warnx(context, "ldb_search: dn: %s sPNMapping malformed: %s", - service_dn, mapping); + service_dn_str, mapping); krb5_set_error_string(context, "ldb_search: dn: %s sPNMapping malformed: %s", - service_dn, mapping); + service_dn_str, mapping); return HDB_ERR_NOENTRY; } p[0] = '\0'; @@ -729,7 +737,7 @@ static krb5_error_code LDB_fetch(krb5_context context, HDB *db, unsigned flags, krb5_error_code ret; const char *realm; - const char *realm_dn; + const struct ldb_dn *realm_dn; TALLOC_CTX *mem_ctx = talloc_named(NULL, 0, "LDB_fetch context"); if (!mem_ctx) { @@ -927,7 +935,7 @@ static krb5_error_code LDB_firstkey(krb5_context context, HDB *db, unsigned flag struct ldb_context *ldb_ctx = (struct ldb_context *)db->hdb_db; struct hdb_ldb_seq *priv = (struct hdb_ldb_seq *)db->hdb_openp; char *realm; - char *realm_dn = NULL; + struct ldb_dn *realm_dn = NULL; struct ldb_message **msgs = NULL; struct ldb_message **realm_msgs = NULL; krb5_error_code ret; diff --git a/source4/ldap_server/config.mk b/source4/ldap_server/config.mk index 2d99de8081..3d39b397bd 100644 --- a/source4/ldap_server/config.mk +++ b/source4/ldap_server/config.mk @@ -8,7 +8,6 @@ INIT_OBJ_FILES = \ ldap_server/ldap_backend.o \ ldap_server/ldap_bind.o \ ldap_server/ldap_rootdse.o \ - ldap_server/ldap_parse.o \ ldap_server/ldap_simple_ldb.o \ ldap_server/ldap_hacked_ldb.o REQUIRED_SUBSYSTEMS = \ diff --git a/source4/ldap_server/ldap_hacked_ldb.c b/source4/ldap_server/ldap_hacked_ldb.c index 6ff97eb1d0..24e2163e48 100644 --- a/source4/ldap_server/ldap_hacked_ldb.c +++ b/source4/ldap_server/ldap_hacked_ldb.c @@ -24,7 +24,6 @@ #include "includes.h" #include "dynconfig.h" #include "ldap_server/ldap_server.h" -#include "ldap_parse.h" #include "lib/ldb/include/ldb.h" #include "librpc/gen_ndr/ndr_security.h" #include "librpc/gen_ndr/ndr_misc.h" @@ -131,12 +130,12 @@ DEBUG(0, (__location__": convert_values(ncname): nc dn = '%s'\n", nc_filter)); /* first the NC stuff */ - count = ldb_search(samdb, "", LDB_SCOPE_BASE, nc_filter, s_attrs, &res); + count = ldb_search(samdb, NULL, LDB_SCOPE_BASE, nc_filter, s_attrs, &res); if (count != 1) { DEBUG(0, (__location__": convert_values(ncname): nc_count: %d \n", count)); return NT_STATUS_FOOBAR; } -DEBUG(0, (__location__": convert_values(ncname): nc_res '%s'\n", res[0]->dn)); +DEBUG(0, (__location__": convert_values(ncname): nc_res '%s'\n", ldb_dn_linearize(mem_ctx, res[0]->dn))); nc_guid_str = samdb_result_string(res[0], "objectGUID", NULL); status = GUID_from_string(nc_guid_str, &nc_guid); @@ -159,7 +158,7 @@ DEBUG(0, (__location__": convert_values(ncname): dn='%s'\n",*dn)); dom_filter = talloc_asprintf(mem_ctx, "(dn=%s)", dom_dn); DEBUG(0, (__location__": convert_values(ncname): dom dn = '%s'\n", dom_filter)); - count = ldb_search(samdb, "", LDB_SCOPE_BASE, dom_filter, s_attrs, &res); + count = ldb_search(samdb, NULL, LDB_SCOPE_BASE, dom_filter, s_attrs, &res); if (count != 1) { DEBUG(0, (__location__": convert_values(ncname): dom_count: %d \n", count)); return NT_STATUS_OK; @@ -292,18 +291,12 @@ static NTSTATUS hacked_Search(struct ldapsrv_partition *partition, struct ldapsr int count, j, y, i; const char **attrs = NULL; enum ldb_scope scope = LDB_SCOPE_DEFAULT; - struct ldap_dn *basedn; - const char *basedn_str; + struct ldb_dn *basedn; local_ctx = talloc_named(call, 0, "hacked_Search local memory context"); NT_STATUS_HAVE_NO_MEMORY(local_ctx); - basedn = ldap_parse_dn(local_ctx, r->basedn); - if (!basedn) { - basedn_str = r->basedn; - } else { - basedn_str = basedn->dn; - } + basedn = ldb_dn_explode(local_ctx, r->basedn); switch (r->scope) { case LDAP_SEARCH_SCOPE_BASE: @@ -330,9 +323,9 @@ static NTSTATUS hacked_Search(struct ldapsrv_partition *partition, struct ldapsr } attrs[j] = NULL; } -DEBUG(0,("hacked basedn: %s\n", basedn_str)); +DEBUG(0,("hacked basedn: %s\n", ldb_dn_linearize(local_ctx, basedn))); DEBUGADD(0,("hacked filter: %s\n", ldb_filter_from_tree(r, r->tree))); - count = ldb_search_bytree(samdb, basedn_str, scope, r->tree, attrs, &res); + count = ldb_search_bytree(samdb, basedn, scope, r->tree, attrs, &res); talloc_steal(samdb, res); if (count < 1) { @@ -345,7 +338,7 @@ DEBUGADD(0,("hacked filter: %s\n", ldb_filter_from_tree(r, r->tree))); NT_STATUS_HAVE_NO_MEMORY(ent_r); ent = &ent_r->msg->r.SearchResultEntry; - ent->dn = talloc_steal(ent_r, res[0]->dn); + ent->dn = ldb_dn_linearize(ent_r, res[0]->dn); DEBUG(0,("hacked result [0] dn: %s\n", ent->dn)); ent->num_attributes = 0; ent->attributes = NULL; @@ -390,7 +383,7 @@ queue_reply: NT_STATUS_HAVE_NO_MEMORY(ent_r); ent = &ent_r->msg->r.SearchResultEntry; - ent->dn = talloc_steal(ent_r, res[i]->dn); + ent->dn = ldb_dn_linearize(ent_r, res[i]->dn); DEBUG(0,("hacked result [%d] dn: %s\n", i, ent->dn)); ent->num_attributes = 0; ent->attributes = NULL; @@ -606,7 +599,7 @@ static NTSTATUS hldb_Add(struct ldapsrv_partition *partition, struct ldapsrv_cal struct ldap_AddRequest *r) { void *local_ctx; - struct ldap_dn *dn; + struct ldb_dn *dn; struct ldap_Result *add_result; struct ldapsrv_reply *add_reply; int ldb_ret; @@ -622,15 +615,14 @@ static NTSTATUS hldb_Add(struct ldapsrv_partition *partition, struct ldapsrv_cal samdb = ldapsrv_sam_connect(call); NT_STATUS_HAVE_NO_MEMORY(samdb); - dn = ldap_parse_dn(local_ctx, r->dn); - VALID_DN_SYNTAX(dn,1); - - DEBUG(10, ("hldb_add: dn: [%s]\n", dn->dn)); - msg = talloc(local_ctx, struct ldb_message); NT_STATUS_HAVE_NO_MEMORY(msg); - msg->dn = dn->dn; + msg->dn = ldb_dn_explode(local_ctx, r->dn); + VALID_DN_SYNTAX(dn, 1); + + DEBUG(10, ("hldb_add: dn: [%s]\n", ldb_dn_linearize(local_ctx, dn))); + msg->private_data = NULL; msg->num_elements = 0; msg->elements = NULL; @@ -679,7 +671,7 @@ reply: if (result == LDAP_SUCCESS) { ldb_ret = ldb_add(samdb, msg); if (ldb_ret == 0) { - DEBUG(0,("hldb_Add: added: '%s'\n", msg->dn)); + DEBUG(0,("hldb_Add: added: '%s'\n", ldb_dn_linearize(msg, msg->dn))); result = LDAP_SUCCESS; errstr = NULL; } else { @@ -707,7 +699,7 @@ static NTSTATUS hldb_Del(struct ldapsrv_partition *partition, struct ldapsrv_cal struct ldap_DelRequest *r) { void *local_ctx; - struct ldap_dn *dn; + struct ldb_dn *dn; struct ldap_Result *del_result; struct ldapsrv_reply *del_reply; int ldb_ret; @@ -721,17 +713,17 @@ static NTSTATUS hldb_Del(struct ldapsrv_partition *partition, struct ldapsrv_cal samdb = ldapsrv_sam_connect(call); NT_STATUS_HAVE_NO_MEMORY(samdb); - dn = ldap_parse_dn(local_ctx, r->dn); + dn = ldb_dn_explode(local_ctx, r->dn); VALID_DN_SYNTAX(dn,1); - DEBUG(10, ("hldb_Del: dn: [%s]\n", dn->dn)); + DEBUG(10, ("hldb_Del: dn: [%s]\n", ldb_dn_linearize(local_ctx, dn))); reply: del_reply = ldapsrv_init_reply(call, LDAP_TAG_DelResponse); NT_STATUS_HAVE_NO_MEMORY(del_reply); if (result == LDAP_SUCCESS) { - ldb_ret = ldb_delete(samdb, dn->dn); + ldb_ret = ldb_delete(samdb, dn); if (ldb_ret == 0) { result = LDAP_SUCCESS; errstr = NULL; @@ -760,7 +752,7 @@ static NTSTATUS hldb_Modify(struct ldapsrv_partition *partition, struct ldapsrv_ struct ldap_ModifyRequest *r) { void *local_ctx; - struct ldap_dn *dn; + struct ldb_dn *dn; struct ldap_Result *modify_result; struct ldapsrv_reply *modify_reply; int ldb_ret; @@ -776,15 +768,14 @@ static NTSTATUS hldb_Modify(struct ldapsrv_partition *partition, struct ldapsrv_ samdb = ldapsrv_sam_connect(call); NT_STATUS_HAVE_NO_MEMORY(samdb); - dn = ldap_parse_dn(local_ctx, r->dn); - VALID_DN_SYNTAX(dn,1); - - DEBUG(10, ("hldb_modify: dn: [%s]\n", dn->dn)); - msg = talloc(local_ctx, struct ldb_message); NT_STATUS_HAVE_NO_MEMORY(msg); - msg->dn = dn->dn; + msg->dn = ldb_dn_explode(local_ctx, r->dn); + VALID_DN_SYNTAX(dn,1); + + DEBUG(10, ("hldb_modify: dn: [%s]\n", ldb_dn_linearize(local_ctx, dn))); + msg->private_data = NULL; msg->num_elements = 0; msg->elements = NULL; @@ -856,7 +847,7 @@ reply: if (strcmp("Type or value exists", errstr) ==0){ result = LDAP_ATTRIBUTE_OR_VALUE_EXISTS; } - DEBUG(0,("failed to modify: %s - %u - %s\n", msg->dn, result, errstr)); + DEBUG(0,("failed to modify: %s - %u - %s\n", ldb_dn_linearize(local_ctx, msg->dn), result, errstr)); } } @@ -876,7 +867,7 @@ static NTSTATUS hldb_Compare(struct ldapsrv_partition *partition, struct ldapsrv struct ldap_CompareRequest *r) { void *local_ctx; - struct ldap_dn *dn; + struct ldb_dn *dn; struct ldap_Result *compare; struct ldapsrv_reply *compare_r; int result = LDAP_SUCCESS; @@ -893,10 +884,10 @@ static NTSTATUS hldb_Compare(struct ldapsrv_partition *partition, struct ldapsrv samdb = ldapsrv_sam_connect(call); NT_STATUS_HAVE_NO_MEMORY(samdb); - dn = ldap_parse_dn(local_ctx, r->dn); + dn = ldb_dn_explode(local_ctx, r->dn); VALID_DN_SYNTAX(dn,1); - DEBUG(10, ("hldb_Compare: dn: [%s]\n", dn->dn)); + DEBUG(10, ("hldb_Compare: dn: [%s]\n", ldb_dn_linearize(local_ctx, dn))); filter = talloc_asprintf(local_ctx, "(%s=%*s)", r->attribute, (int)r->value.length, r->value.data); NT_STATUS_HAVE_NO_MEMORY(filter); @@ -910,7 +901,7 @@ reply: NT_STATUS_HAVE_NO_MEMORY(compare_r); if (result == LDAP_SUCCESS) { - count = ldb_search(samdb, dn->dn, LDB_SCOPE_BASE, filter, attrs, &res); + count = ldb_search(samdb, dn, LDB_SCOPE_BASE, filter, attrs, &res); talloc_steal(samdb, res); if (count == 1) { DEBUG(10,("hldb_Compare: matched\n")); @@ -946,15 +937,15 @@ reply: static NTSTATUS hldb_ModifyDN(struct ldapsrv_partition *partition, struct ldapsrv_call *call, struct ldap_ModifyDNRequest *r) { void *local_ctx; - struct ldap_dn *olddn, *newrdn, *newsuperior; + struct ldb_dn *olddn, *newrdn, *newsuperior; struct ldap_Result *modifydn; struct ldapsrv_reply *modifydn_r; int ldb_ret; struct ldb_context *samdb; const char *errstr = NULL; int result = LDAP_SUCCESS; - const char *newdn = NULL; - char *parentdn = NULL; + const struct ldb_dn *newdn = NULL; + struct ldb_dn *parentdn = NULL; local_ctx = talloc_named(call, 0, "hldb_ModifyDN local memory context"); NT_STATUS_HAVE_NO_MEMORY(local_ctx); @@ -962,14 +953,14 @@ static NTSTATUS hldb_ModifyDN(struct ldapsrv_partition *partition, struct ldapsr samdb = ldapsrv_sam_connect(call); NT_STATUS_HAVE_NO_MEMORY(samdb); - olddn = ldap_parse_dn(local_ctx, r->dn); + olddn = ldb_dn_explode(local_ctx, r->dn); VALID_DN_SYNTAX(olddn,2); - newrdn = ldap_parse_dn(local_ctx, r->newrdn); + newrdn = ldb_dn_explode(local_ctx, r->newrdn); VALID_DN_SYNTAX(newrdn,1); - DEBUG(10, ("hldb_ModifyDN: olddn: [%s]\n", olddn->dn)); - DEBUG(10, ("hldb_ModifyDN: newrdn: [%s]\n", newrdn->dn)); + DEBUG(10, ("hldb_ModifyDN: olddn: [%s]\n", ldb_dn_linearize(local_ctx, olddn))); + DEBUG(10, ("hldb_ModifyDN: newrdn: [%s]\n", ldb_dn_linearize(local_ctx, newrdn))); /* we can't handle the rename if we should not remove the old dn */ if (!r->deleteolddn) { @@ -985,30 +976,22 @@ static NTSTATUS hldb_ModifyDN(struct ldapsrv_partition *partition, struct ldapsr } if (r->newsuperior) { - newsuperior = ldap_parse_dn(local_ctx, r->newsuperior); + newsuperior = ldb_dn_explode(local_ctx, r->newsuperior); VALID_DN_SYNTAX(newsuperior,0); - DEBUG(10, ("hldb_ModifyDN: newsuperior: [%s]\n", newsuperior->dn)); + DEBUG(10, ("hldb_ModifyDN: newsuperior: [%s]\n", ldb_dn_linearize(local_ctx, newsuperior))); if (newsuperior->comp_num < 1) { result = LDAP_AFFECTS_MULTIPLE_DSAS; errstr = "Error new Superior DN invalid"; goto reply; } - parentdn = newsuperior->dn; + parentdn = newsuperior; } if (!parentdn) { - int i; - parentdn = talloc_strdup(local_ctx, olddn->components[1]->component); - NT_STATUS_HAVE_NO_MEMORY(parentdn); - for(i=2; i < olddn->comp_num; i++) { - char *old = parentdn; - parentdn = talloc_asprintf(local_ctx, "%s,%s", old, olddn->components[i]->component); - NT_STATUS_HAVE_NO_MEMORY(parentdn); - talloc_free(old); - } + parentdn = ldb_dn_get_parent(local_ctx, olddn); } - newdn = talloc_asprintf(local_ctx, "%s,%s", newrdn->dn, parentdn); + newdn = ldb_dn_make_child(local_ctx, ldb_dn_get_rdn(local_ctx, newrdn), parentdn); NT_STATUS_HAVE_NO_MEMORY(newdn); reply: @@ -1016,7 +999,7 @@ reply: NT_STATUS_HAVE_NO_MEMORY(modifydn_r); if (result == LDAP_SUCCESS) { - ldb_ret = ldb_rename(samdb, olddn->dn, newdn); + ldb_ret = ldb_rename(samdb, olddn, newdn); if (ldb_ret == 0) { result = LDAP_SUCCESS; errstr = NULL; diff --git a/source4/ldap_server/ldap_simple_ldb.c b/source4/ldap_server/ldap_simple_ldb.c index 7a8f664898..fbeec2f3ca 100644 --- a/source4/ldap_server/ldap_simple_ldb.c +++ b/source4/ldap_server/ldap_simple_ldb.c @@ -21,7 +21,6 @@ #include "includes.h" #include "ldap_server/ldap_server.h" -#include "ldap_parse.h" #include "lib/ldb/include/ldb.h" #include "db_wrap.h" @@ -39,7 +38,7 @@ static NTSTATUS sldb_Search(struct ldapsrv_partition *partition, struct ldapsrv_ struct ldap_SearchRequest *r) { void *local_ctx; - struct ldap_dn *basedn; + struct ldb_dn *basedn; struct ldap_Result *done; struct ldap_SearchResEntry *ent; struct ldapsrv_reply *ent_r, *done_r; @@ -58,17 +57,17 @@ static NTSTATUS sldb_Search(struct ldapsrv_partition *partition, struct ldapsrv_ samdb = ldapsrv_sam_connect(call); NT_STATUS_HAVE_NO_MEMORY(samdb); - basedn = ldap_parse_dn(local_ctx, r->basedn); - VALID_DN_SYNTAX(basedn,0); + basedn = ldb_dn_explode(local_ctx, r->basedn); + VALID_DN_SYNTAX(basedn, 0); - DEBUG(10, ("sldb_Search: basedn: [%s]\n", basedn->dn)); + DEBUG(10, ("sldb_Search: basedn: [%s]\n", r->basedn)); DEBUG(10, ("sldb_Search: filter: [%s]\n", ldb_filter_from_tree(call, r->tree))); switch (r->scope) { case LDAP_SEARCH_SCOPE_BASE: DEBUG(10,("sldb_Search: scope: [BASE]\n")); scope = LDB_SCOPE_BASE; - success_limit = 1; + success_limit = 0; break; case LDAP_SEARCH_SCOPE_SINGLE: DEBUG(10,("sldb_Search: scope: [ONE]\n")); @@ -94,9 +93,9 @@ static NTSTATUS sldb_Search(struct ldapsrv_partition *partition, struct ldapsrv_ } DEBUG(5,("ldb_search_bytree dn=%s filter=%s\n", - basedn->dn, ldb_filter_from_tree(call, r->tree))); + r->basedn, ldb_filter_from_tree(call, r->tree))); - count = ldb_search_bytree(samdb, basedn->dn, scope, r->tree, attrs, &res); + count = ldb_search_bytree(samdb, basedn, scope, r->tree, attrs, &res); talloc_steal(samdb, res); for (i=0; i < count; i++) { @@ -104,7 +103,7 @@ static NTSTATUS sldb_Search(struct ldapsrv_partition *partition, struct ldapsrv_ NT_STATUS_HAVE_NO_MEMORY(ent_r); ent = &ent_r->msg->r.SearchResultEntry; - ent->dn = talloc_steal(ent_r, res[i]->dn); + ent->dn = ldb_dn_linearize(ent_r, res[i]->dn); ent->num_attributes = 0; ent->attributes = NULL; if (res[i]->num_elements == 0) { @@ -170,7 +169,7 @@ static NTSTATUS sldb_Add(struct ldapsrv_partition *partition, struct ldapsrv_cal struct ldap_AddRequest *r) { void *local_ctx; - struct ldap_dn *dn; + struct ldb_dn *dn; struct ldap_Result *add_result; struct ldapsrv_reply *add_reply; int ldb_ret; @@ -186,15 +185,15 @@ static NTSTATUS sldb_Add(struct ldapsrv_partition *partition, struct ldapsrv_cal samdb = ldapsrv_sam_connect(call); NT_STATUS_HAVE_NO_MEMORY(samdb); - dn = ldap_parse_dn(local_ctx, r->dn); + dn = ldb_dn_explode(local_ctx, r->dn); VALID_DN_SYNTAX(dn,1); - DEBUG(10, ("sldb_add: dn: [%s]\n", dn->dn)); + DEBUG(10, ("sldb_add: dn: [%s]\n", r->dn)); msg = talloc(local_ctx, struct ldb_message); NT_STATUS_HAVE_NO_MEMORY(msg); - msg->dn = dn->dn; + msg->dn = dn; msg->private_data = NULL; msg->num_elements = 0; msg->elements = NULL; @@ -270,7 +269,7 @@ static NTSTATUS sldb_Del(struct ldapsrv_partition *partition, struct ldapsrv_cal struct ldap_DelRequest *r) { void *local_ctx; - struct ldap_dn *dn; + struct ldb_dn *dn; struct ldap_Result *del_result; struct ldapsrv_reply *del_reply; int ldb_ret; @@ -284,17 +283,17 @@ static NTSTATUS sldb_Del(struct ldapsrv_partition *partition, struct ldapsrv_cal samdb = ldapsrv_sam_connect(call); NT_STATUS_HAVE_NO_MEMORY(samdb); - dn = ldap_parse_dn(local_ctx, r->dn); + dn = ldb_dn_explode(local_ctx, r->dn); VALID_DN_SYNTAX(dn,1); - DEBUG(10, ("sldb_Del: dn: [%s]\n", dn->dn)); + DEBUG(10, ("sldb_Del: dn: [%s]\n", r->dn)); reply: del_reply = ldapsrv_init_reply(call, LDAP_TAG_DelResponse); NT_STATUS_HAVE_NO_MEMORY(del_reply); if (result == LDAP_SUCCESS) { - ldb_ret = ldb_delete(samdb, dn->dn); + ldb_ret = ldb_delete(samdb, dn); if (ldb_ret == 0) { result = LDAP_SUCCESS; errstr = NULL; @@ -323,7 +322,7 @@ static NTSTATUS sldb_Modify(struct ldapsrv_partition *partition, struct ldapsrv_ struct ldap_ModifyRequest *r) { void *local_ctx; - struct ldap_dn *dn; + struct ldb_dn *dn; struct ldap_Result *modify_result; struct ldapsrv_reply *modify_reply; int ldb_ret; @@ -339,15 +338,15 @@ static NTSTATUS sldb_Modify(struct ldapsrv_partition *partition, struct ldapsrv_ samdb = ldapsrv_sam_connect(call); NT_STATUS_HAVE_NO_MEMORY(samdb); - dn = ldap_parse_dn(local_ctx, r->dn); - VALID_DN_SYNTAX(dn,1); + dn = ldb_dn_explode(local_ctx, r->dn); + VALID_DN_SYNTAX(dn, 1); - DEBUG(10, ("sldb_modify: dn: [%s]\n", dn->dn)); + DEBUG(10, ("sldb_modify: dn: [%s]\n", r->dn)); msg = talloc(local_ctx, struct ldb_message); NT_STATUS_HAVE_NO_MEMORY(msg); - msg->dn = dn->dn; + msg->dn = dn; msg->private_data = NULL; msg->num_elements = 0; msg->elements = NULL; @@ -434,7 +433,7 @@ static NTSTATUS sldb_Compare(struct ldapsrv_partition *partition, struct ldapsrv struct ldap_CompareRequest *r) { void *local_ctx; - struct ldap_dn *dn; + struct ldb_dn *dn; struct ldap_Result *compare; struct ldapsrv_reply *compare_r; int result = LDAP_SUCCESS; @@ -451,10 +450,10 @@ static NTSTATUS sldb_Compare(struct ldapsrv_partition *partition, struct ldapsrv samdb = ldapsrv_sam_connect(call); NT_STATUS_HAVE_NO_MEMORY(samdb); - dn = ldap_parse_dn(local_ctx, r->dn); - VALID_DN_SYNTAX(dn,1); + dn = ldb_dn_explode(local_ctx, r->dn); + VALID_DN_SYNTAX(dn, 1); - DEBUG(10, ("sldb_Compare: dn: [%s]\n", dn->dn)); + DEBUG(10, ("sldb_Compare: dn: [%s]\n", r->dn)); filter = talloc_asprintf(local_ctx, "(%s=%*s)", r->attribute, (int)r->value.length, r->value.data); NT_STATUS_HAVE_NO_MEMORY(filter); @@ -468,7 +467,7 @@ reply: NT_STATUS_HAVE_NO_MEMORY(compare_r); if (result == LDAP_SUCCESS) { - count = ldb_search(samdb, dn->dn, LDB_SCOPE_BASE, filter, attrs, &res); + count = ldb_search(samdb, dn, LDB_SCOPE_BASE, filter, attrs, &res); talloc_steal(samdb, res); if (count == 1) { DEBUG(10,("sldb_Compare: matched\n")); @@ -504,15 +503,14 @@ reply: static NTSTATUS sldb_ModifyDN(struct ldapsrv_partition *partition, struct ldapsrv_call *call, struct ldap_ModifyDNRequest *r) { void *local_ctx; - struct ldap_dn *olddn, *newrdn, *newsuperior; + struct ldb_dn *olddn, *newdn, *newrdn; + struct ldb_dn *parentdn = NULL; struct ldap_Result *modifydn; struct ldapsrv_reply *modifydn_r; int ldb_ret; struct ldb_context *samdb; const char *errstr = NULL; int result = LDAP_SUCCESS; - const char *newdn = NULL; - char *parentdn = NULL; local_ctx = talloc_named(call, 0, "sldb_ModifyDN local memory context"); NT_STATUS_HAVE_NO_MEMORY(local_ctx); @@ -520,14 +518,14 @@ static NTSTATUS sldb_ModifyDN(struct ldapsrv_partition *partition, struct ldapsr samdb = ldapsrv_sam_connect(call); NT_STATUS_HAVE_NO_MEMORY(samdb); - olddn = ldap_parse_dn(local_ctx, r->dn); - VALID_DN_SYNTAX(olddn,2); + olddn = ldb_dn_explode(local_ctx, r->dn); + VALID_DN_SYNTAX(olddn, 2); - newrdn = ldap_parse_dn(local_ctx, r->newrdn); - VALID_DN_SYNTAX(newrdn,1); + newrdn = ldb_dn_explode(local_ctx, r->newrdn); + VALID_DN_SYNTAX(newrdn, 1); - DEBUG(10, ("sldb_ModifyDN: olddn: [%s]\n", olddn->dn)); - DEBUG(10, ("sldb_ModifyDN: newrdn: [%s]\n", newrdn->dn)); + DEBUG(10, ("sldb_ModifyDN: olddn: [%s]\n", r->dn)); + DEBUG(10, ("sldb_ModifyDN: newrdn: [%s]\n", r->newrdn)); /* we can't handle the rename if we should not remove the old dn */ if (!r->deleteolddn) { @@ -543,30 +541,23 @@ static NTSTATUS sldb_ModifyDN(struct ldapsrv_partition *partition, struct ldapsr } if (r->newsuperior) { - newsuperior = ldap_parse_dn(local_ctx, r->newsuperior); - VALID_DN_SYNTAX(newsuperior,0); - DEBUG(10, ("sldb_ModifyDN: newsuperior: [%s]\n", newsuperior->dn)); + parentdn = ldb_dn_explode(local_ctx, r->newsuperior); + VALID_DN_SYNTAX(parentdn, 0); + DEBUG(10, ("sldb_ModifyDN: newsuperior: [%s]\n", r->newsuperior)); - if (newsuperior->comp_num < 1) { + if (parentdn->comp_num < 1) { result = LDAP_AFFECTS_MULTIPLE_DSAS; errstr = "Error new Superior DN invalid"; goto reply; } - parentdn = newsuperior->dn; } if (!parentdn) { - int i; - parentdn = talloc_strdup(local_ctx, olddn->components[1]->component); + parentdn = ldb_dn_get_parent(local_ctx, olddn); NT_STATUS_HAVE_NO_MEMORY(parentdn); - for(i=2; i < olddn->comp_num; i++) { - char *old = parentdn; - parentdn = talloc_asprintf(local_ctx, "%s,%s", old, olddn->components[i]->component); - NT_STATUS_HAVE_NO_MEMORY(parentdn); - talloc_free(old); - } } - newdn = talloc_asprintf(local_ctx, "%s,%s", newrdn->dn, parentdn); + + newdn = ldb_dn_make_child(local_ctx, ldb_dn_get_rdn(local_ctx, newrdn), parentdn); NT_STATUS_HAVE_NO_MEMORY(newdn); reply: @@ -574,7 +565,7 @@ reply: NT_STATUS_HAVE_NO_MEMORY(modifydn_r); if (result == LDAP_SUCCESS) { - ldb_ret = ldb_rename(samdb, olddn->dn, newdn); + ldb_ret = ldb_rename(samdb, olddn, newdn); if (ldb_ret == 0) { result = LDAP_SUCCESS; errstr = NULL; diff --git a/source4/lib/gendb.c b/source4/lib/gendb.c index 4bf76a7f64..a5fe7c3bce 100644 --- a/source4/lib/gendb.c +++ b/source4/lib/gendb.c @@ -29,7 +29,7 @@ */ int gendb_search_v(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, - const char *basedn, + const struct ldb_dn *basedn, struct ldb_message ***res, const char * const *attrs, const char *format, @@ -55,7 +55,8 @@ int gendb_search_v(struct ldb_context *ldb, if (*res) talloc_steal(mem_ctx, *res); DEBUG(4,("gendb_search_v: %s %s -> %d (%s)\n", - basedn?basedn:"NULL", expr?expr:"NULL", count, + basedn?ldb_dn_linearize(mem_ctx,basedn):"NULL", + expr?expr:"NULL", count, count==-1?ldb_errstring(ldb):"OK")); free(expr); @@ -68,7 +69,7 @@ int gendb_search_v(struct ldb_context *ldb, */ int gendb_search(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, - const char *basedn, + const struct ldb_dn *basedn, struct ldb_message ***res, const char * const *attrs, const char *format, ...) _PRINTF_ATTRIBUTE(6,7) @@ -85,11 +86,11 @@ int gendb_search(struct ldb_context *ldb, int gendb_search_dn(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, - const char *dn, + const struct ldb_dn *dn, struct ldb_message ***res, const char * const *attrs) { - return gendb_search(ldb, mem_ctx, dn, res, attrs, "dn=%s", dn); + return gendb_search(ldb, mem_ctx, dn, res, attrs, "dn=%s", ldb_dn_linearize(mem_ctx, dn)); } /* diff --git a/source4/lib/ldb/common/ldb.c b/source4/lib/ldb/common/ldb.c index 3a2eb13297..25e7bee66b 100644 --- a/source4/lib/ldb/common/ldb.c +++ b/source4/lib/ldb/common/ldb.c @@ -114,7 +114,7 @@ int ldb_connect(struct ldb_context *ldb, const char *url, unsigned int flags, co */ int ldb_search(struct ldb_context *ldb, - const char *base, + const struct ldb_dn *base, enum ldb_scope scope, const char *expression, const char * const *attrs, struct ldb_message ***res) @@ -131,7 +131,7 @@ int ldb_search(struct ldb_context *ldb, */ int ldb_search_bytree(struct ldb_context *ldb, - const char *base, + const struct ldb_dn *base, enum ldb_scope scope, struct ldb_parse_tree *tree, const char * const *attrs, struct ldb_message ***res) @@ -162,7 +162,7 @@ int ldb_modify(struct ldb_context *ldb, /* delete a record from the database */ -int ldb_delete(struct ldb_context *ldb, const char *dn) +int ldb_delete(struct ldb_context *ldb, const struct ldb_dn *dn) { return ldb->modules->ops->delete_record(ldb->modules, dn); } @@ -170,7 +170,7 @@ int ldb_delete(struct ldb_context *ldb, const char *dn) /* rename a record in the database */ -int ldb_rename(struct ldb_context *ldb, const char *olddn, const char *newdn) +int ldb_rename(struct ldb_context *ldb, const struct ldb_dn *olddn, const struct ldb_dn *newdn) { return ldb->modules->ops->rename_record(ldb->modules, olddn, newdn); } diff --git a/source4/lib/ldb/common/ldb_dn.c b/source4/lib/ldb/common/ldb_dn.c index d13238cc17..dae79fd9e1 100644 --- a/source4/lib/ldb/common/ldb_dn.c +++ b/source4/lib/ldb/common/ldb_dn.c @@ -41,8 +41,26 @@ #define LDB_DN_NULL_FAILED(x) if (!(x)) goto failed +#define LDB_SPECIAL "@SPECIAL" + +BOOL ldb_dn_is_special(const struct ldb_dn *dn) +{ + if (dn == NULL || dn->comp_num != 1) return 0; + + return ! strcmp(dn->components[0].name, LDB_SPECIAL); +} + +BOOL ldb_dn_check_special(const struct ldb_dn *dn, const char *check) +{ + if (dn == NULL || dn->comp_num != 1) return 0; + + return ! strcmp(dn->components[0].value.data, check); +} + static int ldb_dn_is_valid_attribute_name(const char *name) { + if (name == NULL) return 0; + while (*name) { if (! isascii(*name)) { return 0; @@ -165,6 +183,8 @@ static int get_quotes_position(const char *source, int *quote_start, int *quote_ { const char *p; + if (source == NULL || quote_start == NULL || quote_end == NULL) return -1; + p = source; /* check if there are quotes surrounding the value */ @@ -197,6 +217,8 @@ static char *seek_to_separator(char *string, const char *separators) char *p; int ret, qs, qe; + if (string == NULL || separators == NULL) return NULL; + p = strchr(string, '='); LDB_DN_NULL_FAILED(p); @@ -254,6 +276,11 @@ static struct ldb_dn_component ldb_dn_explode_component(void *mem_ctx, char *raw char *p; int ret, qs, qe; + if (raw_component == NULL) { + dc.name = NULL; + return dc; + } + /* find attribute type/value separator */ p = strchr(raw_component, '='); LDB_DN_NULL_FAILED(p); @@ -300,14 +327,10 @@ failed: return dc; } -struct ldb_dn *ldb_dn_explode(void *mem_ctx, const char *dn) +struct ldb_dn *ldb_dn_new(void *mem_ctx) { - struct ldb_dn *edn; /* the exploded dn */ - char *pdn, *p; + struct ldb_dn *edn; - pdn = NULL; - - /* Allocate a structure to hold the exploded DN */ edn = talloc(mem_ctx, struct ldb_dn); LDB_DN_NULL_FAILED(edn); @@ -315,12 +338,33 @@ struct ldb_dn *ldb_dn_explode(void *mem_ctx, const char *dn) edn->comp_num = 0; edn->components = NULL; + return edn; + +failed: + return NULL; +} + +struct ldb_dn *ldb_dn_explode(void *mem_ctx, const char *dn) +{ + struct ldb_dn *edn; /* the exploded dn */ + char *pdn, *p; + + if (dn == NULL) return NULL; + + /* Allocate a structure to hold the exploded DN */ + edn = ldb_dn_new(mem_ctx); + + /* Empty DNs */ + if (dn[0] == '\0') { + return edn; + } + /* Special DNs case */ if (dn[0] == '@') { edn->comp_num = 1; edn->components = talloc(edn, struct ldb_dn_component); if (edn->components == NULL) goto failed; - edn->components[0].name = talloc_strdup(edn->components, "@SPECIAL"); + edn->components[0].name = talloc_strdup(edn->components, LDB_SPECIAL); if (edn->components[0].name == NULL) goto failed; edn->components[0].value.data = talloc_strdup(edn->components, dn); if (edn->components[0].value.data== NULL) goto failed; @@ -376,8 +420,10 @@ char *ldb_dn_linearize(void *mem_ctx, const struct ldb_dn *edn) char *dn, *value; int i; + if (edn == NULL) return NULL; + /* Special DNs */ - if ((edn->comp_num == 1) && strcmp("@SPECIAL", edn->components[0].name) == 0) { + if (ldb_dn_is_special(edn)) { dn = talloc_strdup(mem_ctx, edn->components[0].value.data); return dn; } @@ -419,6 +465,10 @@ int ldb_dn_compare_base(struct ldb_context *ldb, return (dn->comp_num - base->comp_num); } + if (base == NULL || base->comp_num == 0) return 0; + if (dn == NULL || dn->comp_num == 0) return -1; + if (base->comp_num > dn->comp_num) return -1; + /* if the number of components doesn't match they differ */ n0 = base->comp_num - 1; n1 = dn->comp_num - 1; @@ -450,6 +500,8 @@ int ldb_dn_compare(struct ldb_context *ldb, const struct ldb_dn *edn0, const struct ldb_dn *edn1) { + if (edn0 == NULL || edn1 == NULL) return edn1 - edn0; + if (edn0->comp_num != edn1->comp_num) return (edn1->comp_num - edn0->comp_num); @@ -462,6 +514,8 @@ int ldb_dn_cmp(struct ldb_context *ldb, const char *dn0, const char *dn1) struct ldb_dn *edn1; int ret; + if (dn0 == NULL || dn1 == NULL) return dn1 - dn0; + edn0 = ldb_dn_explode_casefold(ldb, dn0); if (edn0 == NULL) return 0; @@ -488,7 +542,9 @@ struct ldb_dn *ldb_dn_casefold(struct ldb_context *ldb, const struct ldb_dn *edn struct ldb_dn *cedn; int i; - cedn = talloc(ldb, struct ldb_dn); + if (edn == NULL) return NULL; + + cedn = ldb_dn_new(ldb); LDB_DN_NULL_FAILED(cedn); cedn->comp_num = edn->comp_num; @@ -521,6 +577,8 @@ struct ldb_dn *ldb_dn_explode_casefold(struct ldb_context *ldb, const char *dn) { struct ldb_dn *edn, *cdn; + if (dn == NULL) return NULL; + edn = ldb_dn_explode(ldb, dn); if (edn == NULL) return NULL; @@ -529,3 +587,235 @@ struct ldb_dn *ldb_dn_explode_casefold(struct ldb_context *ldb, const char *dn) talloc_free(edn); return cdn; } + +char *ldb_dn_linearize_casefold(struct ldb_context *ldb, const struct ldb_dn *edn) +{ + struct ldb_dn *cdn; + char *dn; + + if (edn == NULL) return NULL; + + /* Special DNs */ + if (ldb_dn_is_special(edn)) { + dn = talloc_strdup(ldb, edn->components[0].value.data); + return dn; + } + + cdn = ldb_dn_casefold(ldb, edn); + if (cdn == NULL) return NULL; + + dn = ldb_dn_linearize(ldb, cdn); + if (dn == NULL) { + talloc_free(cdn); + return NULL; + } + + talloc_free(cdn); + return dn; +} + +static struct ldb_dn_component ldb_dn_copy_component(void *mem_ctx, struct ldb_dn_component *src) +{ + struct ldb_dn_component dst; + + dst.name = NULL; + + if (src == NULL) { + return dst; + } + + dst.value = ldb_val_dup(mem_ctx, &(src->value)); + if (dst.value.data == NULL) { + return dst; + } + + dst.name = talloc_strdup(mem_ctx, src->name); + if (dst.name == NULL) { + talloc_free(dst.value.data); + } + + return dst; +} + +/* copy specified number of elements of a dn into a new one + element are copied from top level up to the unique rdn + num_el may be greater then dn->comp_num (see ldb_dn_make_child) +*/ +struct ldb_dn *ldb_dn_copy_partial(void *mem_ctx, const struct ldb_dn *dn, int num_el) +{ + struct ldb_dn *new; + int i, n, e; + + if (dn == NULL) return NULL; + if (num_el <= 0) return NULL; + + new = ldb_dn_new(mem_ctx); + LDB_DN_NULL_FAILED(new); + + new->comp_num = num_el; + n = new->comp_num - 1; + new->components = talloc_array(new, struct ldb_dn_component, new->comp_num); + + if (dn->comp_num == 0) return new; + e = dn->comp_num - 1; + + for (i = 0; i < new->comp_num; i++) { + new->components[n - i] = ldb_dn_copy_component(new->components, + &(dn->components[e - i])); + if ((e - i) == 0) { + return new; + } + } + + return new; + +failed: + talloc_free(new); + return NULL; +} + +struct ldb_dn *ldb_dn_copy(void *mem_ctx, const struct ldb_dn *dn) +{ + if (dn == NULL) return NULL; + return ldb_dn_copy_partial(mem_ctx, dn, dn->comp_num); +} + +struct ldb_dn *ldb_dn_get_parent(void *mem_ctx, const struct ldb_dn *dn) +{ + if (dn == NULL) return NULL; + return ldb_dn_copy_partial(mem_ctx, dn, dn->comp_num - 1); +} + +struct ldb_dn_component *ldb_dn_build_component(void *mem_ctx, const char *attr, + const char *val) +{ + struct ldb_dn_component *dc; + + if (attr == NULL || val == NULL) return NULL; + + dc = talloc(mem_ctx, struct ldb_dn_component); + if (dc == NULL) return NULL; + + dc->name = talloc_strdup(dc, attr); + if (dc->name == NULL) { + talloc_free(dc); + return NULL; + } + + dc->value.data = talloc_strdup(dc, val); + if (dc->value.data == NULL) { + talloc_free(dc); + return NULL; + } + + dc->value.length = strlen(val); + + return dc; +} + +struct ldb_dn *ldb_dn_build_child(void *mem_ctx, const char *attr, + const char * value, + const struct ldb_dn *base) +{ + struct ldb_dn *new; + if (! ldb_dn_is_valid_attribute_name(attr)) return NULL; + if (value == NULL || value == '\0') return NULL; + + if (base != NULL) { + new = ldb_dn_copy_partial(mem_ctx, base, base->comp_num + 1); + LDB_DN_NULL_FAILED(new); + } else { + new = ldb_dn_new(mem_ctx); + LDB_DN_NULL_FAILED(new); + + new->comp_num = 1; + new->components = talloc_array(new, struct ldb_dn_component, new->comp_num); + } + + new->components[0].name = talloc_strdup(new->components, attr); + LDB_DN_NULL_FAILED(new->components[0].name); + + new->components[0].value.data = talloc_strdup(new->components, value); + LDB_DN_NULL_FAILED(new->components[0].value.data); + new->components[0].value.length = strlen(new->components[0].value.data); + + return new; + +failed: + talloc_free(new); + return NULL; + +} + +struct ldb_dn *ldb_dn_make_child(void *mem_ctx, const struct ldb_dn_component *component, + const struct ldb_dn *base) +{ + if (component == NULL) return NULL; + + return ldb_dn_build_child(mem_ctx, component->name, component->value.data, base); +} + +struct ldb_dn *ldb_dn_compose(void *mem_ctx, const struct ldb_dn *dn1, const struct ldb_dn *dn2) +{ + int i; + struct ldb_dn *new; + + if (dn2 == NULL && dn1 == NULL) { + return NULL; + } + + if (dn2 == NULL) { + new = ldb_dn_new(mem_ctx); + LDB_DN_NULL_FAILED(new); + + new->comp_num = dn1->comp_num; + new->components = talloc_array(new, struct ldb_dn_component, new->comp_num); + } else { + new = ldb_dn_copy_partial(mem_ctx, dn2, dn2->comp_num + dn1?dn1->comp_num:0); + } + + if (dn1 == NULL) { + return new; + } + + for (i = 0; i < dn1->comp_num; i++) { + new->components[i] = ldb_dn_copy_component(new->components, + &(dn1->components[i])); + } + + return new; + +failed: + talloc_free(new); + return NULL; +} + +struct ldb_dn *ldb_dn_compose_string_dn(void *mem_ctx, const char *dn1, const struct ldb_dn *dn2) +{ + if (dn1 == NULL) return NULL; + + return ldb_dn_compose(mem_ctx, ldb_dn_explode(mem_ctx, dn1), dn2); +} + +struct ldb_dn_component *ldb_dn_get_rdn(void *mem_ctx, const struct ldb_dn *dn) +{ + struct ldb_dn_component *rdn; + + if (dn == NULL) return NULL; + + if (dn->comp_num < 1) { + return NULL; + } + + rdn = talloc(mem_ctx, struct ldb_dn_component); + if (rdn == NULL) return NULL; + + *rdn = ldb_dn_copy_component(mem_ctx, &dn->components[0]); + if (rdn->name == NULL) { + talloc_free(rdn); + return NULL; + } + + return rdn; +} + diff --git a/source4/lib/ldb/common/ldb_ldif.c b/source4/lib/ldb/common/ldb_ldif.c index 463bae483b..6359c9a014 100644 --- a/source4/lib/ldb/common/ldb_ldif.c +++ b/source4/lib/ldb/common/ldb_ldif.c @@ -275,7 +275,7 @@ int ldb_ldif_write(struct ldb_context *ldb, msg = ldif->msg; - ret = fprintf_fn(private_data, "dn: %s\n", msg->dn); + ret = fprintf_fn(private_data, "dn: %s\n", ldb_dn_linearize(msg->dn, msg->dn)); CHECK_RET; if (ldif->changetype != LDB_CHANGETYPE_NONE) { @@ -587,7 +587,7 @@ struct ldb_ldif *ldb_ldif_read(struct ldb_context *ldb, goto failed; } - msg->dn = value.data; + msg->dn = ldb_dn_explode(msg, value.data); while (next_attr(ldif, &s, &attr, &value) == 0) { const struct ldb_attrib_handler *h; diff --git a/source4/lib/ldb/common/ldb_match.c b/source4/lib/ldb/common/ldb_match.c index b6f5f5a18d..1269d99a0f 100644 --- a/source4/lib/ldb/common/ldb_match.c +++ b/source4/lib/ldb/common/ldb_match.c @@ -42,27 +42,16 @@ check if the scope matches in a search result */ static int ldb_match_scope(struct ldb_context *ldb, - const char *base_str, - const char *dn_str, + const struct ldb_dn *base, + const struct ldb_dn *dn, enum ldb_scope scope) { - struct ldb_dn *base; - struct ldb_dn *dn; int ret = 0; - if (base_str == NULL) { + if (base == NULL || dn == NULL) { return 1; } - base = ldb_dn_explode_casefold(ldb, base_str); - if (base == NULL) return 0; - - dn = ldb_dn_explode_casefold(ldb, dn_str); - if (dn == NULL) { - talloc_free(base); - return 0; - } - switch (scope) { case LDB_SCOPE_BASE: if (ldb_dn_compare(ldb, base, dn) == 0) { @@ -86,8 +75,6 @@ static int ldb_match_scope(struct ldb_context *ldb, break; } - talloc_free(base); - talloc_free(dn); return ret; } @@ -98,7 +85,6 @@ static int ldb_match_scope(struct ldb_context *ldb, static int ldb_match_present(struct ldb_context *ldb, struct ldb_message *msg, struct ldb_parse_tree *tree, - const char *base, enum ldb_scope scope) { @@ -116,7 +102,6 @@ static int ldb_match_present(struct ldb_context *ldb, static int ldb_match_comparison(struct ldb_context *ldb, struct ldb_message *msg, struct ldb_parse_tree *tree, - const char *base, enum ldb_scope scope, enum ldb_parse_op comp_op) { @@ -158,29 +143,23 @@ static int ldb_match_comparison(struct ldb_context *ldb, static int ldb_match_equality(struct ldb_context *ldb, struct ldb_message *msg, struct ldb_parse_tree *tree, - const char *base, enum ldb_scope scope) { unsigned int i; struct ldb_message_element *el; const struct ldb_attrib_handler *h; - struct ldb_dn *msgdn, *valuedn; + struct ldb_dn *valuedn; int ret; if (ldb_attr_cmp(tree->u.equality.attr, "dn") == 0) { - msgdn = ldb_dn_explode_casefold(ldb, msg->dn); - if (msgdn == NULL) return 0; - valuedn = ldb_dn_explode_casefold(ldb, tree->u.equality.value.data); if (valuedn == NULL) { - talloc_free(msgdn); return 0; } - ret = ldb_dn_compare(ldb, msgdn, valuedn); + ret = ldb_dn_compare(ldb, msg->dn, valuedn); - talloc_free(msgdn); talloc_free(valuedn); if (ret == 0) return 1; @@ -277,7 +256,6 @@ failed: static int ldb_match_substring(struct ldb_context *ldb, struct ldb_message *msg, struct ldb_parse_tree *tree, - const char *base, enum ldb_scope scope) { unsigned int i; @@ -327,7 +305,6 @@ static int ldb_comparator_or(struct ldb_val *v1, struct ldb_val *v2) static int ldb_match_extended(struct ldb_context *ldb, struct ldb_message *msg, struct ldb_parse_tree *tree, - const char *base, enum ldb_scope scope) { int i; @@ -391,7 +368,6 @@ static int ldb_match_extended(struct ldb_context *ldb, static int ldb_match_message(struct ldb_context *ldb, struct ldb_message *msg, struct ldb_parse_tree *tree, - const char *base, enum ldb_scope scope) { unsigned int i; @@ -400,43 +376,41 @@ static int ldb_match_message(struct ldb_context *ldb, switch (tree->operation) { case LDB_OP_AND: for (i=0;i<tree->u.list.num_elements;i++) { - v = ldb_match_message(ldb, msg, tree->u.list.elements[i], - base, scope); + v = ldb_match_message(ldb, msg, tree->u.list.elements[i], scope); if (!v) return 0; } return 1; case LDB_OP_OR: for (i=0;i<tree->u.list.num_elements;i++) { - v = ldb_match_message(ldb, msg, tree->u.list.elements[i], - base, scope); + v = ldb_match_message(ldb, msg, tree->u.list.elements[i], scope); if (v) return 1; } return 0; case LDB_OP_NOT: - return ! ldb_match_message(ldb, msg, tree->u.isnot.child, base, scope); + return ! ldb_match_message(ldb, msg, tree->u.isnot.child, scope); case LDB_OP_EQUALITY: - return ldb_match_equality(ldb, msg, tree, base, scope); + return ldb_match_equality(ldb, msg, tree, scope); case LDB_OP_SUBSTRING: - return ldb_match_substring(ldb, msg, tree, base, scope); + return ldb_match_substring(ldb, msg, tree, scope); case LDB_OP_GREATER: - return ldb_match_comparison(ldb, msg, tree, base, scope, LDB_OP_GREATER); + return ldb_match_comparison(ldb, msg, tree, scope, LDB_OP_GREATER); case LDB_OP_LESS: - return ldb_match_comparison(ldb, msg, tree, base, scope, LDB_OP_LESS); + return ldb_match_comparison(ldb, msg, tree, scope, LDB_OP_LESS); case LDB_OP_PRESENT: - return ldb_match_present(ldb, msg, tree, base, scope); + return ldb_match_present(ldb, msg, tree, scope); case LDB_OP_APPROX: - return ldb_match_comparison(ldb, msg, tree, base, scope, LDB_OP_APPROX); + return ldb_match_comparison(ldb, msg, tree, scope, LDB_OP_APPROX); case LDB_OP_EXTENDED: - return ldb_match_extended(ldb, msg, tree, base, scope); + return ldb_match_extended(ldb, msg, tree, scope); } @@ -446,12 +420,12 @@ static int ldb_match_message(struct ldb_context *ldb, int ldb_match_msg(struct ldb_context *ldb, struct ldb_message *msg, struct ldb_parse_tree *tree, - const char *base, + const struct ldb_dn *base, enum ldb_scope scope) { if ( ! ldb_match_scope(ldb, base, msg->dn, scope) ) { return 0; } - return ldb_match_message(ldb, msg, tree, base, scope); + return ldb_match_message(ldb, msg, tree, scope); } diff --git a/source4/lib/ldb/common/ldb_modules.c b/source4/lib/ldb/common/ldb_modules.c index dcc384ffad..ab743d1b49 100644 --- a/source4/lib/ldb/common/ldb_modules.c +++ b/source4/lib/ldb/common/ldb_modules.c @@ -139,8 +139,15 @@ int ldb_load_modules(struct ldb_context *ldb, const char *options[]) int ret; const char * const attrs[] = { "@LIST" , NULL}; struct ldb_message **msg = NULL; + struct ldb_dn *mods; - ret = ldb_search(ldb, "@MODULES", LDB_SCOPE_BASE, "", attrs, &msg); + mods = ldb_dn_explode(ldb, "@MODULES"); + if (mods == NULL) { + return -1; + } + + ret = ldb_search(ldb, mods, LDB_SCOPE_BASE, "", attrs, &msg); + talloc_free(mods); if (ret == 0 || (ret == 1 && msg[0]->num_elements == 0)) { ldb_debug(ldb, LDB_DEBUG_TRACE, "no modules required by the db\n"); } else { @@ -233,7 +240,7 @@ int ldb_load_modules(struct ldb_context *ldb, const char *options[]) */ int ldb_next_search(struct ldb_module *module, - const char *base, + const struct ldb_dn *base, enum ldb_scope scope, const char *expression, const char * const *attrs, struct ldb_message ***res) @@ -245,7 +252,7 @@ int ldb_next_search(struct ldb_module *module, } int ldb_next_search_bytree(struct ldb_module *module, - const char *base, + const struct ldb_dn *base, enum ldb_scope scope, struct ldb_parse_tree *tree, const char * const *attrs, struct ldb_message ***res) @@ -272,7 +279,7 @@ int ldb_next_modify_record(struct ldb_module *module, const struct ldb_message * return module->next->ops->modify_record(module->next, message); } -int ldb_next_delete_record(struct ldb_module *module, const char *dn) +int ldb_next_delete_record(struct ldb_module *module, const struct ldb_dn *dn) { if (!module->next) { return -1; @@ -280,7 +287,7 @@ int ldb_next_delete_record(struct ldb_module *module, const char *dn) return module->next->ops->delete_record(module->next, dn); } -int ldb_next_rename_record(struct ldb_module *module, const char *olddn, const char *newdn) +int ldb_next_rename_record(struct ldb_module *module, const struct ldb_dn *olddn, const struct ldb_dn *newdn) { if (!module->next) { return -1; diff --git a/source4/lib/ldb/common/ldb_msg.c b/source4/lib/ldb/common/ldb_msg.c index 295c74c90d..197c42ddb5 100644 --- a/source4/lib/ldb/common/ldb_msg.c +++ b/source4/lib/ldb/common/ldb_msg.c @@ -344,7 +344,6 @@ const char *ldb_msg_find_string(const struct ldb_message *msg, return v->data; } - /* sort the elements of a message by name */ @@ -354,32 +353,23 @@ void ldb_msg_sort_elements(struct ldb_message *msg) (comparison_fn_t)ldb_msg_element_compare_name); } - -/* - free a message created using ldb_msg_copy -*/ -void ldb_msg_free(struct ldb_context *ldb, struct ldb_message *msg) -{ - talloc_free(msg); -} - /* copy a message, allocating new memory for all parts */ -struct ldb_message *ldb_msg_copy(struct ldb_context *ldb, +struct ldb_message *ldb_msg_copy(TALLOC_CTX *mem_ctx, const struct ldb_message *msg) { struct ldb_message *msg2; int i, j; - msg2 = talloc(ldb, struct ldb_message); + msg2 = talloc(mem_ctx, struct ldb_message); if (msg2 == NULL) return NULL; msg2->elements = NULL; msg2->num_elements = 0; msg2->private_data = NULL; - msg2->dn = talloc_strdup(msg2, msg->dn); + msg2->dn = ldb_dn_copy(msg2, msg->dn); if (msg2->dn == NULL) goto failed; msg2->elements = talloc_array(msg2, struct ldb_message_element, msg->num_elements); @@ -396,12 +386,11 @@ struct ldb_message *ldb_msg_copy(struct ldb_context *ldb, if (el2->name == NULL) goto failed; el2->values = talloc_array(msg2->elements, struct ldb_val, el1->num_values); for (j=0;j<el1->num_values;j++) { - el2->values[j] = ldb_val_dup(ldb, &el1->values[j]); + el2->values[j] = ldb_val_dup(el2->values, &el1->values[j]); if (el2->values[j].data == NULL && el1->values[j].length != 0) { goto failed; } - el2->values[j].data = talloc_steal(el2->values, el2->values[j].data); el2->num_values++; } diff --git a/source4/lib/ldb/include/ldb.h b/source4/lib/ldb/include/ldb.h index fdf5dc8d91..13c9b72e6d 100644 --- a/source4/lib/ldb/include/ldb.h +++ b/source4/lib/ldb/include/ldb.h @@ -64,6 +64,16 @@ struct ldb_val { }; #endif +/* internal ldb exploded dn structures */ +struct ldb_dn_component { + char *name; + struct ldb_val value; +}; +struct ldb_dn { + int comp_num; + struct ldb_dn_component *components; +}; + /* these flags are used in ldd_message_element.flags fields. The LDA_FLAGS_MOD_* flags are used in ldap_modify() calls to specify whether attributes are being added, deleted or modified */ @@ -95,7 +105,7 @@ struct ldb_message_element { number of elements. */ struct ldb_message { - char *dn; + struct ldb_dn *dn; unsigned int num_elements; struct ldb_message_element *elements; void *private_data; /* private to the backend */ @@ -259,7 +269,7 @@ int ldb_connect(struct ldb_context *ldb, const char *url, unsigned int flags, co use talloc_free to free the ldb_message returned */ int ldb_search(struct ldb_context *ldb, - const char *base, + const const struct ldb_dn *base, enum ldb_scope scope, const char *expression, const char * const *attrs, struct ldb_message ***res); @@ -268,7 +278,7 @@ int ldb_search(struct ldb_context *ldb, like ldb_search() but takes a parse tree */ int ldb_search_bytree(struct ldb_context *ldb, - const char *base, + const struct ldb_dn *base, enum ldb_scope scope, struct ldb_parse_tree *tree, const char * const *attrs, struct ldb_message ***res); @@ -289,7 +299,7 @@ int ldb_modify(struct ldb_context *ldb, /* rename a record in the database */ -int ldb_rename(struct ldb_context *ldb, const char *olddn, const char *newdn); +int ldb_rename(struct ldb_context *ldb, const struct ldb_dn *olddn, const struct ldb_dn *newdn); /* create a named lock @@ -304,7 +314,7 @@ int ldb_unlock(struct ldb_context *ldb, const char *lockname); /* delete a record from the database */ -int ldb_delete(struct ldb_context *ldb, const char *dn); +int ldb_delete(struct ldb_context *ldb, const struct ldb_dn *dn); /* @@ -337,19 +347,38 @@ int ldb_attrib_add_handlers(struct ldb_context *ldb, const struct ldb_attrib_handler *handlers, unsigned num_handlers); +/* The following definitions come from lib/ldb/common/ldb_dn.c */ +BOOL ldb_dn_is_special(const struct ldb_dn *dn); +BOOL ldb_dn_check_special(const struct ldb_dn *dn, const char *check); +char *ldb_dn_escape_value(void *mem_ctx, struct ldb_val value); +struct ldb_dn *ldb_dn_new(void *mem_ctx); +struct ldb_dn *ldb_dn_explode(void *mem_ctx, const char *dn); +char *ldb_dn_linearize(void *mem_ctx, const struct ldb_dn *edn); +char *ldb_dn_linearize_casefold(struct ldb_context *ldb, const struct ldb_dn *edn); +int ldb_dn_compare_base(struct ldb_context *ldb, const struct ldb_dn *base, const struct ldb_dn *dn); +int ldb_dn_compare(struct ldb_context *ldb, const struct ldb_dn *edn0, const struct ldb_dn *edn1); +struct ldb_dn *ldb_dn_casefold(struct ldb_context *ldb, const struct ldb_dn *edn); +struct ldb_dn *ldb_dn_explode_casefold(struct ldb_context *ldb, const char *dn); +struct ldb_dn *ldb_dn_copy_partial(void *mem_ctx, const struct ldb_dn *dn, int num_el); +struct ldb_dn *ldb_dn_copy(void *mem_ctx, const struct ldb_dn *dn); +struct ldb_dn *ldb_dn_get_parent(void *mem_ctx, const struct ldb_dn *dn); +struct ldb_dn_component *ldb_dn_build_component(void *mem_ctx, const char *attr, + const char *val); +struct ldb_dn *ldb_dn_build_child(void *mem_ctx, const char *attr, + const char * value, + const struct ldb_dn *base); +struct ldb_dn *ldb_dn_make_child(void *mem_ctx, + const struct ldb_dn_component *component, + const struct ldb_dn *base); +struct ldb_dn *ldb_dn_compose(void *mem_ctx, const struct ldb_dn *dn1, const struct ldb_dn *dn2); +struct ldb_dn *ldb_dn_compose_string_dn(void *mem_ctx, const char *dn1, const struct ldb_dn *dn2); +struct ldb_dn_component *ldb_dn_get_rdn(void *mem_ctx, const struct ldb_dn *dn); /* useful functions for ldb_message structure manipulation */ - int ldb_dn_cmp(struct ldb_context *ldb, const char *dn1, const char *dn2); int ldb_attr_cmp(const char *dn1, const char *dn2); char *ldb_dn_escape_value(void *mem_ctx, struct ldb_val value); -/* case-fold a DN */ -char *ldb_dn_fold(void * mem_ctx, - const char * dn, - void * user_data, - int (* case_fold_attr_fn)(void * user_data, char * attr)); - /* create an empty message */ struct ldb_message *ldb_msg_new(void *mem_ctx); @@ -411,9 +440,7 @@ const char *ldb_msg_find_string(const struct ldb_message *msg, void ldb_msg_sort_elements(struct ldb_message *msg); -void ldb_msg_free(struct ldb_context *ldb, struct ldb_message *msg); - -struct ldb_message *ldb_msg_copy(struct ldb_context *ldb, +struct ldb_message *ldb_msg_copy(void *mem_ctx, const struct ldb_message *msg); struct ldb_message *ldb_msg_canonicalize(struct ldb_context *ldb, diff --git a/source4/lib/ldb/include/ldb_private.h b/source4/lib/ldb/include/ldb_private.h index 43e6a3ecba..f5b50f5fc0 100644 --- a/source4/lib/ldb/include/ldb_private.h +++ b/source4/lib/ldb/include/ldb_private.h @@ -56,14 +56,14 @@ struct ldb_module { */ struct ldb_module_ops { const char *name; - int (*search)(struct ldb_module *, const char *, enum ldb_scope, + int (*search)(struct ldb_module *, const struct ldb_dn *, enum ldb_scope, const char *, const char * const [], struct ldb_message ***); - int (*search_bytree)(struct ldb_module *, const char *, enum ldb_scope, + int (*search_bytree)(struct ldb_module *, const struct ldb_dn *, enum ldb_scope, struct ldb_parse_tree *, const char * const [], struct ldb_message ***); int (*add_record)(struct ldb_module *, const struct ldb_message *); int (*modify_record)(struct ldb_module *, const struct ldb_message *); - int (*delete_record)(struct ldb_module *, const char *); - int (*rename_record)(struct ldb_module *, const char *, const char *); + int (*delete_record)(struct ldb_module *, const struct ldb_dn *); + int (*rename_record)(struct ldb_module *, const struct ldb_dn *, const struct ldb_dn *); int (*named_lock)(struct ldb_module *, const char *); int (*named_unlock)(struct ldb_module *, const char *); const char * (*errstring)(struct ldb_module *); @@ -106,16 +106,6 @@ struct ldb_context { struct ldb_schema schema; }; -/* internal ldb exploded dn structures */ -struct ldb_dn_component { - char *name; - struct ldb_val value; -}; -struct ldb_dn { - int comp_num; - struct ldb_dn_component *components; -}; - /* the modules init function */ typedef struct ldb_module *(*ldb_module_init_function)(struct ldb_context *ldb, const char *options[]); @@ -132,19 +122,19 @@ typedef struct ldb_module *(*ldb_module_init_function)(struct ldb_context *ldb, int ldb_load_modules(struct ldb_context *ldb, const char *options[]); int ldb_next_search(struct ldb_module *module, - const char *base, + const struct ldb_dn *base, enum ldb_scope scope, const char *expression, const char * const *attrs, struct ldb_message ***res); int ldb_next_search_bytree(struct ldb_module *module, - const char *base, + const struct ldb_dn *base, enum ldb_scope scope, struct ldb_parse_tree *tree, const char * const *attrs, struct ldb_message ***res); int ldb_next_add_record(struct ldb_module *module, const struct ldb_message *message); int ldb_next_modify_record(struct ldb_module *module, const struct ldb_message *message); -int ldb_next_delete_record(struct ldb_module *module, const char *dn); -int ldb_next_rename_record(struct ldb_module *module, const char *olddn, const char *newdn); +int ldb_next_delete_record(struct ldb_module *module, const struct ldb_dn *dn); +int ldb_next_rename_record(struct ldb_module *module, const struct ldb_dn *olddn, const struct ldb_dn *newdn); int ldb_next_named_lock(struct ldb_module *module, const char *lockname); int ldb_next_named_unlock(struct ldb_module *module, const char *lockname); const char *ldb_next_errstring(struct ldb_module *module); @@ -174,10 +164,10 @@ struct ldb_module *schema_module_init(struct ldb_context *ldb, const char *optio struct ldb_module *rdn_name_module_init(struct ldb_context *ldb, const char *options[]); -int ldb_match_msg(struct ldb_context *ldb, +int ldb_match_msg(struct ldb_context *ldb, struct ldb_message *msg, struct ldb_parse_tree *tree, - const char *base, + const struct ldb_dn *base, enum ldb_scope scope); void ldb_remove_attrib_handler(struct ldb_context *ldb, const char *attrib); @@ -188,15 +178,6 @@ int ldb_set_attrib_handlers(struct ldb_context *ldb, unsigned num_handlers); int ldb_setup_wellknown_attributes(struct ldb_context *ldb); - -/* The following definitions come from lib/ldb/common/ldb_dn.c */ -struct ldb_dn *ldb_dn_explode(void *mem_ctx, const char *dn); -char *ldb_dn_linearize(void *mem_ctx, const struct ldb_dn *edn); -int ldb_dn_compare_base(struct ldb_context *ldb, const struct ldb_dn *base, const struct ldb_dn *dn); -int ldb_dn_compare(struct ldb_context *ldb, const struct ldb_dn *edn0, const struct ldb_dn *edn1); -struct ldb_dn *ldb_dn_casefold(struct ldb_context *ldb, const struct ldb_dn *edn); -struct ldb_dn *ldb_dn_explode_casefold(struct ldb_context *ldb, const char *dn); - /* The following definitions come from lib/ldb/common/ldb_attributes.c */ const char **ldb_subclass_list(struct ldb_context *ldb, const char *class); void ldb_subclass_remove(struct ldb_context *ldb, const char *class); diff --git a/source4/lib/ldb/ldb_ildap/ldb_ildap.c b/source4/lib/ldb/ldb_ildap/ldb_ildap.c index b51139aa6f..bb89fc910e 100644 --- a/source4/lib/ldb/ldb_ildap/ldb_ildap.c +++ b/source4/lib/ldb/ldb_ildap/ldb_ildap.c @@ -45,57 +45,77 @@ struct ildb_private { /* rename a record */ -static int ildb_rename(struct ldb_module *module, const char *olddn, const char *newdn) +static int ildb_rename(struct ldb_module *module, const struct ldb_dn *olddn, const struct ldb_dn *newdn) { + TALLOC_CTX *local_ctx; struct ildb_private *ildb = module->private_data; int ret = 0; - char *newrdn, *p; - const char *parentdn = ""; + char *old_dn; + char *newrdn, *parentdn; /* ignore ltdb specials */ - if (olddn[0] == '@' ||newdn[0] == '@') { + if (ldb_dn_is_special(olddn) || ldb_dn_is_special(newdn)) { return 0; } - newrdn = talloc_strdup(ildb, newdn); - if (!newrdn) { + local_ctx = talloc_named(ildb, 0, "ildb_rename local context"); + if (local_ctx == NULL) { return -1; } - p = strchr(newrdn, ','); - if (p) { - *p++ = '\0'; - parentdn = p; + old_dn = ldb_dn_linearize(local_ctx, olddn); + if (old_dn == NULL) { + goto failed; + } + + newrdn = talloc_asprintf(local_ctx, "%s=%s", + newdn->components[0].name, + ldb_dn_escape_value(ildb, newdn->components[0].value)); + if (newrdn == NULL) { + goto failed; + } + + parentdn = ldb_dn_linearize(local_ctx, ldb_dn_get_parent(ildb, newdn)); + if (parentdn == NULL) { + goto failed; } - ildb->last_rc = ildap_rename(ildb->ldap, olddn, newrdn, parentdn, True); + ildb->last_rc = ildap_rename(ildb->ldap, old_dn, newrdn, parentdn, True); if (!NT_STATUS_IS_OK(ildb->last_rc)) { ret = -1; } - talloc_free(newrdn); - + talloc_free(local_ctx); return ret; + +failed: + talloc_free(local_ctx); + return -1; } /* delete a record */ -static int ildb_delete(struct ldb_module *module, const char *dn) +static int ildb_delete(struct ldb_module *module, const struct ldb_dn *dn) { struct ildb_private *ildb = module->private_data; + char *del_dn; int ret = 0; /* ignore ltdb specials */ - if (dn[0] == '@') { + if (ldb_dn_is_special(dn)) { return 0; } - ildb->last_rc = ildap_delete(ildb->ldap, dn); + del_dn = ldb_dn_linearize(ildb, dn); + + ildb->last_rc = ildap_delete(ildb->ldap, del_dn); if (!NT_STATUS_IS_OK(ildb->last_rc)) { ret = -1; } + talloc_free(del_dn); + return ret; } @@ -105,13 +125,14 @@ static void ildb_rootdse(struct ldb_module *module); /* search for matching records */ -static int ildb_search(struct ldb_module *module, const char *base, +static int ildb_search(struct ldb_module *module, const struct ldb_dn *base, enum ldb_scope scope, const char *expression, const char * const *attrs, struct ldb_message ***res) { struct ildb_private *ildb = module->private_data; int count, i; struct ldap_message **ldapres, *msg; + char *search_base; if (scope == LDB_SCOPE_DEFAULT) { scope = LDB_SCOPE_SUBTREE; @@ -122,19 +143,26 @@ static int ildb_search(struct ldb_module *module, const char *base, ildb_rootdse(module); } if (ildb->rootDSE != NULL) { - base = ldb_msg_find_string(ildb->rootDSE, - "defaultNamingContext", ""); + search_base = talloc_strdup(ildb, + ldb_msg_find_string(ildb->rootDSE, + "defaultNamingContext", "")); } else { - base = ""; + search_base = talloc_strdup(ildb, ""); } + } else { + search_base = ldb_dn_linearize(ildb, base); + } + if (search_base == NULL) { + return -1; } if (expression == NULL || expression[0] == '\0') { expression = "objectClass=*"; } - ildb->last_rc = ildap_search(ildb->ldap, base, scope, expression, attrs, + ildb->last_rc = ildap_search(ildb->ldap, search_base, scope, expression, attrs, 0, &ldapres); + talloc_free(search_base); if (!NT_STATUS_IS_OK(ildb->last_rc)) { return -1; } @@ -166,7 +194,10 @@ static int ildb_search(struct ldb_module *module, const char *base, } (*res)[i+1] = NULL; - (*res)[i]->dn = talloc_steal((*res)[i], search->dn); + (*res)[i]->dn = ldb_dn_explode((*res)[i], search->dn); + if ((*res)[i]->dn == NULL) { + goto failed; + } (*res)[i]->num_elements = search->num_attributes; (*res)[i]->elements = talloc_steal((*res)[i], search->attributes); (*res)[i]->private_data = NULL; @@ -185,7 +216,7 @@ failed: /* search for matching records using a ldb_parse_tree */ -static int ildb_search_bytree(struct ldb_module *module, const char *base, +static int ildb_search_bytree(struct ldb_module *module, const struct ldb_dn *base, enum ldb_scope scope, struct ldb_parse_tree *tree, const char * const *attrs, struct ldb_message ***res) { @@ -264,16 +295,26 @@ static int ildb_add(struct ldb_module *module, const struct ldb_message *msg) struct ldb_context *ldb = module->ldb; struct ildb_private *ildb = module->private_data; struct ldap_mod **mods; + char *dn; int ret = 0; /* ignore ltdb specials */ - if (msg->dn[0] == '@') { + if (ldb_dn_is_special(msg->dn)) { return 0; } mods = ildb_msg_to_mods(ldb, msg, 0); + if (mods == NULL) { + return -1; + } - ildb->last_rc = ildap_add(ildb->ldap, msg->dn, mods); + dn = ldb_dn_linearize(mods, msg->dn); + if (dn == NULL) { + talloc_free(mods); + return -1; + } + + ildb->last_rc = ildap_add(ildb->ldap, dn, mods); if (!NT_STATUS_IS_OK(ildb->last_rc)) { ret = -1; } @@ -292,16 +333,26 @@ static int ildb_modify(struct ldb_module *module, const struct ldb_message *msg) struct ldb_context *ldb = module->ldb; struct ildb_private *ildb = module->private_data; struct ldap_mod **mods; + char *dn; int ret = 0; /* ignore ltdb specials */ - if (msg->dn[0] == '@') { + if (ldb_dn_is_special(msg->dn)) { return 0; } mods = ildb_msg_to_mods(ldb, msg, 1); + if (mods == NULL) { + return -1; + } + + dn = ldb_dn_linearize(mods, msg->dn); + if (dn == NULL) { + talloc_free(mods); + return -1; + } - ildb->last_rc = ildap_modify(ildb->ldap, msg->dn, mods); + ildb->last_rc = ildap_modify(ildb->ldap, dn, mods); if (!NT_STATUS_IS_OK(ildb->last_rc)) { ret = -1; } @@ -372,12 +423,14 @@ static void ildb_rootdse(struct ldb_module *module) { struct ildb_private *ildb = module->private_data; struct ldb_message **res = NULL; + struct ldb_dn *empty_dn = ldb_dn_new(ildb); int ret; - ret = ildb_search(module, "", LDB_SCOPE_BASE, "dn=dc=rootDSE", NULL, &res); + ret = ildb_search(module, empty_dn, LDB_SCOPE_BASE, "dn=dc=rootDSE", NULL, &res); if (ret == 1) { ildb->rootDSE = talloc_steal(ildb, res[0]); } - talloc_free(res); + if (ret != -1) talloc_free(res); + talloc_free(empty_dn); } diff --git a/source4/lib/ldb/ldb_ldap/ldb_ldap.c b/source4/lib/ldb/ldb_ldap/ldb_ldap.c index d7f589e2e5..2da4f1af8e 100644 --- a/source4/lib/ldb/ldb_ldap/ldb_ldap.c +++ b/source4/lib/ldb/ldb_ldap/ldb_ldap.c @@ -40,57 +40,77 @@ /* rename a record */ -static int lldb_rename(struct ldb_module *module, const char *olddn, const char *newdn) +static int lldb_rename(struct ldb_module *module, const struct ldb_dn *olddn, const struct ldb_dn *newdn) { + TALLOC_CTX *local_ctx; struct lldb_private *lldb = module->private_data; int ret = 0; - char *newrdn, *p; + char *old_dn; + char *newrdn; const char *parentdn = ""; /* ignore ltdb specials */ - if (olddn[0] == '@' ||newdn[0] == '@') { + if (ldb_dn_is_special(olddn) || ldb_dn_is_special(newdn)) { return 0; } - newrdn = talloc_strdup(lldb, newdn); - if (!newrdn) { + local_ctx = talloc_named(lldb, 0, "lldb_rename local context"); + if (local_ctx == NULL) { return -1; } - p = strchr(newrdn, ','); - if (p) { - *p++ = '\0'; - parentdn = p; + old_dn = ldb_dn_linearize(local_ctx, olddn); + if (old_dn == NULL) { + goto failed; + } + + newrdn = talloc_asprintf(lldb, "%s=%s", + newdn->components[0].name, + ldb_dn_escape_value(lldb, newdn->components[0].value)); + if (!newrdn) { + goto failed; + } + + parentdn = ldb_dn_linearize(lldb, ldb_dn_get_parent(lldb, newdn)); + if (!parentdn) { + goto failed; } - lldb->last_rc = ldap_rename_s(lldb->ldap, olddn, newrdn, parentdn, 1, NULL, NULL); + lldb->last_rc = ldap_rename_s(lldb->ldap, old_dn, newrdn, parentdn, 1, NULL, NULL); if (lldb->last_rc != LDAP_SUCCESS) { ret = -1; } - talloc_free(newrdn); - + talloc_free(local_ctx); return ret; + +failed: + talloc_free(local_ctx); + return -1; } /* delete a record */ -static int lldb_delete(struct ldb_module *module, const char *dn) +static int lldb_delete(struct ldb_module *module, const struct ldb_dn *edn) { struct lldb_private *lldb = module->private_data; + char *dn; int ret = 0; /* ignore ltdb specials */ - if (dn[0] == '@') { + if (ldb_dn_is_special(edn)) { return 0; } - + + dn = ldb_dn_linearize(lldb, edn); + lldb->last_rc = ldap_delete_s(lldb->ldap, dn); if (lldb->last_rc != LDAP_SUCCESS) { ret = -1; } + talloc_free(dn); return ret; } @@ -152,27 +172,33 @@ static int lldb_add_msg_attr(struct ldb_context *ldb, /* search for matching records */ -static int lldb_search(struct ldb_module *module, const char *base, +static int lldb_search(struct ldb_module *module, const struct ldb_dn *base, enum ldb_scope scope, const char *expression, const char * const *attrs, struct ldb_message ***res) { struct ldb_context *ldb = module->ldb; struct lldb_private *lldb = module->private_data; int count, msg_count; + char *search_base; LDAPMessage *ldapres, *msg; + search_base = ldb_dn_linearize(ldb, base); if (base == NULL) { - base = ""; + search_base = talloc_strdup(ldb, ""); + } + if (search_base == NULL) { + return -1; } if (expression == NULL || expression[0] == '\0') { expression = "objectClass=*"; } - lldb->last_rc = ldap_search_s(lldb->ldap, base, (int)scope, + lldb->last_rc = ldap_search_s(lldb->ldap, search_base, (int)scope, expression, discard_const_p(char *, attrs), 0, &ldapres); + talloc_free(search_base); if (lldb->last_rc != LDAP_SUCCESS) { return -1; } @@ -218,7 +244,7 @@ static int lldb_search(struct ldb_module *module, const char *base, goto failed; } - (*res)[msg_count]->dn = talloc_strdup((*res)[msg_count], dn); + (*res)[msg_count]->dn = ldb_dn_explode((*res)[msg_count], dn); ldap_memfree(dn); if (!(*res)[msg_count]->dn) { goto failed; @@ -261,7 +287,7 @@ failed: /* search for matching records using a ldb_parse_tree */ -static int lldb_search_bytree(struct ldb_module *module, const char *base, +static int lldb_search_bytree(struct ldb_module *module, const struct ldb_dn *base, enum ldb_scope scope, struct ldb_parse_tree *tree, const char * const *attrs, struct ldb_message ***res) { @@ -357,16 +383,26 @@ static int lldb_add(struct ldb_module *module, const struct ldb_message *msg) struct ldb_context *ldb = module->ldb; struct lldb_private *lldb = module->private_data; LDAPMod **mods; + char *dn; int ret = 0; /* ignore ltdb specials */ - if (msg->dn[0] == '@') { + if (ldb_dn_is_special(msg->dn)) { return 0; } mods = lldb_msg_to_mods(ldb, msg, 0); + if (mods == NULL) { + return -1; + } - lldb->last_rc = ldap_add_s(lldb->ldap, msg->dn, mods); + dn = ldb_dn_linearize(mods, msg->dn); + if (dn == NULL) { + talloc_free(mods); + return -1; + } + + lldb->last_rc = ldap_add_s(lldb->ldap, dn, mods); if (lldb->last_rc != LDAP_SUCCESS) { ret = -1; } @@ -385,16 +421,26 @@ static int lldb_modify(struct ldb_module *module, const struct ldb_message *msg) struct ldb_context *ldb = module->ldb; struct lldb_private *lldb = module->private_data; LDAPMod **mods; + char *dn; int ret = 0; /* ignore ltdb specials */ - if (msg->dn[0] == '@') { + if (ldb_dn_is_special(msg->dn)) { return 0; } mods = lldb_msg_to_mods(ldb, msg, 1); + if (mods == NULL) { + return -1; + } + + dn = ldb_dn_linearize(mods, msg->dn); + if (dn == NULL) { + talloc_free(mods); + return -1; + } - lldb->last_rc = ldap_modify_s(lldb->ldap, msg->dn, mods); + lldb->last_rc = ldap_modify_s(lldb->ldap, dn, mods); if (lldb->last_rc != LDAP_SUCCESS) { ret = -1; } diff --git a/source4/lib/ldb/ldb_tdb/ldb_cache.c b/source4/lib/ldb/ldb_tdb/ldb_cache.c index be76f7085b..5e40b8fd3f 100644 --- a/source4/lib/ldb/ldb_tdb/ldb_cache.c +++ b/source4/lib/ldb/ldb_tdb/ldb_cache.c @@ -115,11 +115,17 @@ static int ltdb_attributes_load(struct ldb_module *module) { struct ltdb_private *ltdb = module->private_data; struct ldb_message *msg = ltdb->cache->attributes; + struct ldb_dn *dn; int i; - if (ltdb_search_dn1(module, LTDB_ATTRIBUTES, msg) == -1) { + dn = ldb_dn_explode(module->ldb, LTDB_ATTRIBUTES); + if (dn == NULL) goto failed; + + if (ltdb_search_dn1(module, dn, msg) == -1) { + talloc_free(dn); goto failed; } + talloc_free(dn); /* mapping these flags onto ldap 'syntaxes' isn't strictly correct, but its close enough for now */ for (i=0;i<msg->num_elements;i++) { @@ -176,11 +182,17 @@ static int ltdb_subclasses_load(struct ldb_module *module) { struct ltdb_private *ltdb = module->private_data; struct ldb_message *msg = ltdb->cache->subclasses; + struct ldb_dn *dn; int i, j; - if (ltdb_search_dn1(module, LTDB_SUBCLASSES, msg) == -1) { + dn = ldb_dn_explode(module->ldb, LTDB_SUBCLASSES); + if (dn == NULL) goto failed; + + if (ltdb_search_dn1(module, dn, msg) == -1) { + talloc_free(dn); goto failed; } + talloc_free(dn); for (i=0;i<msg->num_elements;i++) { struct ldb_message_element *el = &msg->elements[i]; @@ -245,7 +257,7 @@ static int ltdb_baseinfo_init(struct ldb_module *module) msg->num_elements = 1; msg->elements = ⪙ - msg->dn = talloc_strdup(msg, LTDB_BASEINFO); + msg->dn = ldb_dn_explode(msg, LTDB_BASEINFO); if (!msg->dn) { goto failed; } @@ -303,6 +315,8 @@ int ltdb_cache_reload(struct ldb_module *module) int ltdb_cache_load(struct ldb_module *module) { struct ltdb_private *ltdb = module->private_data; + struct ldb_dn *baseinfo_dn = NULL; + struct ldb_dn *indexlist_dn = NULL; double seq; if (ltdb->cache == NULL) { @@ -321,8 +335,11 @@ int ltdb_cache_load(struct ldb_module *module) talloc_free(ltdb->cache->baseinfo); ltdb->cache->baseinfo = talloc(ltdb->cache, struct ldb_message); if (ltdb->cache->baseinfo == NULL) goto failed; - - if (ltdb_search_dn1(module, LTDB_BASEINFO, ltdb->cache->baseinfo) == -1) { + + baseinfo_dn = ldb_dn_explode(module->ldb, LTDB_BASEINFO); + if (baseinfo_dn == NULL) goto failed; + + if (ltdb_search_dn1(module, baseinfo_dn, ltdb->cache->baseinfo) == -1) { goto failed; } @@ -331,7 +348,7 @@ int ltdb_cache_load(struct ldb_module *module) if (ltdb_baseinfo_init(module) != 0) { goto failed; } - if (ltdb_search_dn1(module, LTDB_BASEINFO, ltdb->cache->baseinfo) != 1) { + if (ltdb_search_dn1(module, baseinfo_dn, ltdb->cache->baseinfo) != 1) { goto failed; } } @@ -362,7 +379,10 @@ int ltdb_cache_load(struct ldb_module *module) goto failed; } - if (ltdb_search_dn1(module, LTDB_INDEXLIST, ltdb->cache->indexlist) == -1) { + indexlist_dn = ldb_dn_explode(module->ldb, LTDB_INDEXLIST); + if (indexlist_dn == NULL) goto failed; + + if (ltdb_search_dn1(module, indexlist_dn, ltdb->cache->indexlist) == -1) { goto failed; } @@ -374,9 +394,13 @@ int ltdb_cache_load(struct ldb_module *module) } done: + talloc_free(baseinfo_dn); + talloc_free(indexlist_dn); return 0; failed: + talloc_free(baseinfo_dn); + talloc_free(indexlist_dn); return -1; } @@ -407,8 +431,18 @@ int ltdb_increase_sequence_number(struct ldb_module *module) msg->num_elements = 1; msg->elements = ⪙ - msg->dn = talloc_strdup(msg, LTDB_BASEINFO); + msg->dn = ldb_dn_explode(msg, LTDB_BASEINFO); + if (msg->dn == NULL) { + talloc_free(msg); + errno = ENOMEM; + return -1; + } el.name = talloc_strdup(msg, LTDB_SEQUENCE_NUMBER); + if (el.name == NULL) { + talloc_free(msg); + errno = ENOMEM; + return -1; + } el.values = &val; el.num_values = 1; el.flags = LDB_FLAG_MOD_REPLACE; diff --git a/source4/lib/ldb/ldb_tdb/ldb_index.c b/source4/lib/ldb/ldb_tdb/ldb_index.c index 2fb6c34227..f78d840206 100644 --- a/source4/lib/ldb/ldb_tdb/ldb_index.c +++ b/source4/lib/ldb/ldb_tdb/ldb_index.c @@ -97,10 +97,11 @@ struct dn_list { return the dn key to be used for an index caller frees */ -static char *ldb_dn_key(struct ldb_context *ldb, +static struct ldb_dn *ldb_dn_key(struct ldb_context *ldb, const char *attr, const struct ldb_val *value) { - char *ret = NULL; + struct ldb_dn *ret; + char *dn; struct ldb_val v; const struct ldb_attrib_handler *h; char *attr_folded; @@ -121,16 +122,17 @@ static char *ldb_dn_key(struct ldb_context *ldb, if (ldb_should_b64_encode(&v)) { char *vstr = ldb_base64_encode(ldb, v.data, v.length); if (!vstr) return NULL; - ret = talloc_asprintf(ldb, "%s:%s::%s", LTDB_INDEX, attr_folded, vstr); + dn = talloc_asprintf(ldb, "%s:%s::%s", LTDB_INDEX, attr_folded, vstr); talloc_free(vstr); if (v.data != value->data) { talloc_free(v.data); } talloc_free(attr_folded); - return ret; + if (dn == NULL) return NULL; + goto done; } - ret = talloc_asprintf(ldb, "%s:%s:%.*s", + dn = talloc_asprintf(ldb, "%s:%s:%.*s", LTDB_INDEX, attr_folded, (int)v.length, (char *)v.data); if (v.data != value->data) { @@ -138,6 +140,9 @@ static char *ldb_dn_key(struct ldb_context *ldb, } talloc_free(attr_folded); +done: + ret = ldb_dn_explode(ldb, dn); + talloc_free(dn); return ret; } @@ -180,7 +185,7 @@ static int ltdb_index_dn_simple(struct ldb_module *module, struct dn_list *list) { struct ldb_context *ldb = module->ldb; - char *dn = NULL; + struct ldb_dn *dn; int ret; unsigned int i, j; struct ldb_message *msg; @@ -605,7 +610,7 @@ static int ltdb_index_dn(struct ldb_module *module, extracting just the given attributes */ static int ldb_index_filter(struct ldb_module *module, struct ldb_parse_tree *tree, - const char *base, + const struct ldb_dn *base, enum ldb_scope scope, const struct dn_list *dn_list, const char * const attrs[], struct ldb_message ***res) @@ -613,8 +618,9 @@ static int ldb_index_filter(struct ldb_module *module, struct ldb_parse_tree *tr unsigned int i; int count = 0; - for (i=0;i<dn_list->count;i++) { + for (i = 0; i < dn_list->count; i++) { struct ldb_message *msg; + struct ldb_dn *dn; int ret; msg = talloc(module, struct ldb_message); @@ -622,7 +628,14 @@ static int ldb_index_filter(struct ldb_module *module, struct ldb_parse_tree *tr return -1; } - ret = ltdb_search_dn1(module, dn_list->dn[i], msg); + dn = ldb_dn_explode(msg, dn_list->dn[i]); + if (dn == NULL) { + talloc_free(msg); + return -1; + } + + ret = ltdb_search_dn1(module, dn, msg); + talloc_free(dn); if (ret == 0) { /* the record has disappeared? yes, this can happen */ talloc_free(msg); @@ -654,7 +667,7 @@ static int ldb_index_filter(struct ldb_module *module, struct ldb_parse_tree *tr case the caller should call ltdb_search_full() */ int ltdb_search_indexed(struct ldb_module *module, - const char *base, + const struct ldb_dn *base, enum ldb_scope scope, struct ldb_parse_tree *tree, const char * const attrs[], struct ldb_message ***res) @@ -766,33 +779,32 @@ static int ltdb_index_add1(struct ldb_module *module, char *dn, { struct ldb_context *ldb = module->ldb; struct ldb_message *msg; - char *dn_key; + struct ldb_dn *dn_key; int ret; unsigned int i; - dn_key = ldb_dn_key(ldb, el->name, &el->values[v_idx]); - if (!dn_key) { + msg = talloc(module, struct ldb_message); + if (msg == NULL) { + errno = ENOMEM; return -1; } - msg = talloc(dn_key, struct ldb_message); - if (msg == NULL) { + dn_key = ldb_dn_key(ldb, el->name, &el->values[v_idx]); + if (!dn_key) { + talloc_free(msg); + errno = ENOMEM; return -1; } + talloc_steal(msg, dn_key); ret = ltdb_search_dn1(module, dn_key, msg); if (ret == -1) { - talloc_free(dn_key); + talloc_free(msg); return -1; } if (ret == 0) { - msg->dn = talloc_strdup(msg, dn_key); - if (!msg->dn) { - talloc_free(dn_key); - errno = ENOMEM; - return -1; - } + msg->dn = dn_key; msg->num_elements = 0; msg->elements = NULL; } @@ -813,22 +825,19 @@ static int ltdb_index_add1(struct ldb_module *module, char *dn, ret = ltdb_store(module, msg, TDB_REPLACE); } - talloc_free(dn_key); + talloc_free(msg); return ret; } -/* - add the index entries for a new record - return -1 on failure -*/ -int ltdb_index_add(struct ldb_module *module, const struct ldb_message *msg) +static int ltdb_index_add0(struct ldb_module *module, char *dn, + struct ldb_message_element *elements, int num_el) { struct ltdb_private *ltdb = module->private_data; int ret; unsigned int i, j; - if (msg->dn[0] == '@') { + if (dn[0] == '@') { return 0; } @@ -837,15 +846,16 @@ int ltdb_index_add(struct ldb_module *module, const struct ldb_message *msg) return 0; } - for (i=0;i<msg->num_elements;i++) { - ret = ldb_msg_find_idx(ltdb->cache->indexlist, msg->elements[i].name, + for (i = 0; i < num_el; i++) { + ret = ldb_msg_find_idx(ltdb->cache->indexlist, elements[i].name, NULL, LTDB_IDXATTR); if (ret == -1) { continue; } - for (j=0;j<msg->elements[i].num_values;j++) { - ret = ltdb_index_add1(module, msg->dn, &msg->elements[i], j); + for (j = 0; j < elements[i].num_values; j++) { + ret = ltdb_index_add1(module, dn, &elements[i], j); if (ret == -1) { + talloc_free(dn); return -1; } } @@ -854,6 +864,28 @@ int ltdb_index_add(struct ldb_module *module, const struct ldb_message *msg) return 0; } +/* + add the index entries for a new record + return -1 on failure +*/ +int ltdb_index_add(struct ldb_module *module, const struct ldb_message *msg) +{ + struct ltdb_private *ltdb = module->private_data; + char *dn; + int ret; + + dn = ldb_dn_linearize(ltdb, msg->dn); + if (dn == NULL) { + return -1; + } + + ret = ltdb_index_add0(module, dn, msg->elements, msg->num_elements); + + talloc_free(dn); + + return ret; +} + /* delete an index entry for one message element @@ -863,7 +895,7 @@ int ltdb_index_del_value(struct ldb_module *module, const char *dn, { struct ldb_context *ldb = module->ldb; struct ldb_message *msg; - char *dn_key; + struct ldb_dn *dn_key; int ret, i; unsigned int j; @@ -897,7 +929,9 @@ int ltdb_index_del_value(struct ldb_module *module, const char *dn, i = ldb_msg_find_idx(msg, dn, &j, LTDB_IDX); if (i == -1) { - ldb_debug(ldb, LDB_DEBUG_ERROR, "ERROR: dn %s not found in %s\n", dn, dn_key); + ldb_debug(ldb, LDB_DEBUG_ERROR, + "ERROR: dn %s not found in %s\n", dn, + ldb_dn_linearize(dn_key, dn_key)); /* it ain't there. hmmm */ talloc_free(dn_key); return 0; @@ -930,32 +964,40 @@ int ltdb_index_del(struct ldb_module *module, const struct ldb_message *msg) { struct ltdb_private *ltdb = module->private_data; int ret; + char *dn; unsigned int i, j; - if (msg->dn[0] == '@') { + if (ldb_dn_is_special(msg->dn)) { return 0; } + dn = ldb_dn_linearize(ltdb, msg->dn); + if (dn == NULL) { + return -1; + } + /* find the list of indexed fields */ if (ltdb->cache->indexlist->num_elements == 0) { /* no indexed fields */ return 0; } - for (i=0;i<msg->num_elements;i++) { + for (i = 0; i < msg->num_elements; i++) { ret = ldb_msg_find_idx(ltdb->cache->indexlist, msg->elements[i].name, NULL, LTDB_IDXATTR); if (ret == -1) { continue; } - for (j=0;j<msg->elements[i].num_values;j++) { - ret = ltdb_index_del_value(module, msg->dn, &msg->elements[i], j); + for (j = 0; j < msg->elements[i].num_values; j++) { + ret = ltdb_index_del_value(module, dn, &msg->elements[i], j); if (ret == -1) { + talloc_free(dn); return -1; } } } + talloc_free(dn); return 0; } @@ -979,6 +1021,7 @@ static int re_index(struct tdb_context *tdb, TDB_DATA key, TDB_DATA data, void * { struct ldb_module *module = state; struct ldb_message *msg; + char *dn = NULL; int ret; TDB_DATA key2; @@ -1003,7 +1046,9 @@ static int re_index(struct tdb_context *tdb, TDB_DATA key, TDB_DATA data, void * key2 = ltdb_key(module, msg->dn); if (key2.dptr == NULL) { /* probably a corrupt record ... darn */ - ldb_debug(module->ldb, LDB_DEBUG_ERROR, "Invalid DN in re_index: %s\n", msg->dn); + ldb_debug(module->ldb, LDB_DEBUG_ERROR, "Invalid DN in re_index: %s\n", + ldb_dn_linearize(msg, msg->dn)); + talloc_free(msg); return 0; } if (strcmp(key2.dptr, key.dptr) != 0) { @@ -1012,11 +1057,13 @@ static int re_index(struct tdb_context *tdb, TDB_DATA key, TDB_DATA data, void * } talloc_free(key2.dptr); - if (!msg->dn) { - msg->dn = key.dptr+3; + if (msg->dn == NULL) { + dn = key.dptr + 3; + } else { + dn = ldb_dn_linearize(msg->dn, msg->dn); } - ret = ltdb_index_add(module, msg); + ret = ltdb_index_add0(module, dn, msg->elements, msg->num_elements); talloc_free(msg); diff --git a/source4/lib/ldb/ldb_tdb/ldb_pack.c b/source4/lib/ldb/ldb_tdb/ldb_pack.c index 4433e16cb2..332dbf03df 100644 --- a/source4/lib/ldb/ldb_tdb/ldb_pack.c +++ b/source4/lib/ldb/ldb_tdb/ldb_pack.c @@ -74,9 +74,16 @@ int ltdb_pack_data(struct ldb_module *module, struct ldb_context *ldb = module->ldb; unsigned int i, j, real_elements=0; size_t size; + char *dn; char *p; size_t len; + dn = ldb_dn_linearize(ldb, message->dn); + if (dn == NULL) { + errno = ENOMEM; + return -1; + } + for (i=0;i<message->num_elements;i++) { if (message->elements[i].num_values != 0) { real_elements++; @@ -86,7 +93,7 @@ int ltdb_pack_data(struct ldb_module *module, /* work out how big it needs to be */ size = 8; - size += 1 + strlen(message->dn); + size += 1 + strlen(dn); for (i=0;i<message->num_elements;i++) { if (message->elements[i].num_values == 0) { @@ -101,6 +108,7 @@ int ltdb_pack_data(struct ldb_module *module, /* allocate it */ data->dptr = talloc_array(ldb, char, size); if (!data->dptr) { + talloc_free(dn); errno = ENOMEM; return -1; } @@ -113,8 +121,8 @@ int ltdb_pack_data(struct ldb_module *module, /* the dn needs to be packed so we can be case preserving while hashing on a case folded dn */ - len = strlen(message->dn); - memcpy(p, message->dn, len+1); + len = strlen(dn); + memcpy(p, dn, len+1); p += len + 1; for (i=0;i<message->num_elements;i++) { @@ -135,6 +143,7 @@ int ltdb_pack_data(struct ldb_module *module, } } + talloc_free(dn); return 0; } @@ -179,7 +188,11 @@ int ltdb_unpack_data(struct ldb_module *module, errno = EIO; goto failed; } - message->dn = p; + message->dn = ldb_dn_explode(message, p); + if (message->dn == NULL) { + errno = ENOMEM; + goto failed; + } remaining -= len + 1; p += len + 1; break; diff --git a/source4/lib/ldb/ldb_tdb/ldb_search.c b/source4/lib/ldb/ldb_tdb/ldb_search.c index 922d24b6eb..160affd4e7 100644 --- a/source4/lib/ldb/ldb_tdb/ldb_search.c +++ b/source4/lib/ldb/ldb_tdb/ldb_search.c @@ -94,7 +94,7 @@ static int msg_add_all_elements(struct ldb_module *module, struct ldb_message *r for (i=0;i<msg->num_elements;i++) { const struct ldb_attrib_handler *h; h = ldb_attrib_handler(ldb, msg->elements[i].name); - if ((msg->dn[0] != '@') && (h->flags & LDB_ATTR_FLAG_HIDDEN)) { + if (ldb_dn_is_special(msg->dn) && (h->flags & LDB_ATTR_FLAG_HIDDEN)) { continue; } if (msg_add_element(ldb, ret, &msg->elements[i]) != 0) { @@ -122,7 +122,7 @@ static struct ldb_message *ltdb_pull_attrs(struct ldb_module *module, return NULL; } - ret->dn = talloc_strdup(ret, msg->dn); + ret->dn = ldb_dn_copy(ret, msg->dn); if (!ret->dn) { talloc_free(ret); return NULL; @@ -163,8 +163,8 @@ static struct ldb_message *ltdb_pull_attrs(struct ldb_module *module, } el2.num_values = 1; el2.values = &val; - val.data = ret->dn; - val.length = strlen(ret->dn); + val.data = ldb_dn_linearize(ret, ret->dn); + val.length = strlen(val.data); if (msg_add_element(ldb, ret, &el2) != 0) { talloc_free(ret); @@ -194,7 +194,7 @@ static struct ldb_message *ltdb_pull_attrs(struct ldb_module *module, return 1 on success, 0 on record-not-found and -1 on error */ -int ltdb_search_dn1(struct ldb_module *module, const char *dn, struct ldb_message *msg) +int ltdb_search_dn1(struct ldb_module *module, const struct ldb_dn *dn, struct ldb_message *msg) { struct ltdb_private *ltdb = module->private_data; int ret; @@ -231,7 +231,7 @@ int ltdb_search_dn1(struct ldb_module *module, const char *dn, struct ldb_messag } if (!msg->dn) { - msg->dn = talloc_strdup(tdb_data2.dptr, dn); + msg->dn = ldb_dn_copy(tdb_data2.dptr, dn); } if (!msg->dn) { talloc_free(tdb_data2.dptr); @@ -245,7 +245,7 @@ int ltdb_search_dn1(struct ldb_module *module, const char *dn, struct ldb_messag /* search the database for a single simple dn */ -static int ltdb_search_dn(struct ldb_module *module, const char *dn, +static int ltdb_search_dn(struct ldb_module *module, const struct ldb_dn *dn, const char * const attrs[], struct ldb_message ***res) { struct ldb_context *ldb = module->ldb; @@ -347,7 +347,7 @@ int ltdb_add_attr_results(struct ldb_module *module, struct ldb_message *msg, struct ltdb_search_info { struct ldb_module *module; struct ldb_parse_tree *tree; - const char *base; + const struct ldb_dn *base; enum ldb_scope scope; const char * const *attrs; struct ldb_message **msgs; @@ -384,7 +384,11 @@ static int search_func(struct tdb_context *tdb, TDB_DATA key, TDB_DATA data, voi } if (!msg->dn) { - msg->dn = key.dptr + 3; + msg->dn = ldb_dn_explode(msg, key.dptr + 3); + if (msg->dn == NULL) { + talloc_free(msg); + return -1; + } } /* see if it matches the given expression */ @@ -411,7 +415,7 @@ static int search_func(struct tdb_context *tdb, TDB_DATA key, TDB_DATA data, voi this is the "full search" non-indexed variant */ static int ltdb_search_full(struct ldb_module *module, - const char *base, + const struct ldb_dn *base, enum ldb_scope scope, struct ldb_parse_tree *tree, const char * const attrs[], struct ldb_message ***res) @@ -454,7 +458,7 @@ static int ltdb_search_full(struct ldb_module *module, search the database with a LDAP-like expression. choses a search method */ -int ltdb_search_bytree(struct ldb_module *module, const char *base, +int ltdb_search_bytree(struct ldb_module *module, const struct ldb_dn *base, enum ldb_scope scope, struct ldb_parse_tree *tree, const char * const attrs[], struct ldb_message ***res) { @@ -466,7 +470,14 @@ int ltdb_search_bytree(struct ldb_module *module, const char *base, if (tree->operation == LDB_OP_EQUALITY && (ldb_attr_cmp(tree->u.equality.attr, "dn") == 0 || ldb_attr_cmp(tree->u.equality.attr, "distinguishedName") == 0)) { - return ltdb_search_dn(module, tree->u.equality.value.data, attrs, res); + struct ldb_dn *dn; + dn = ldb_dn_explode(module->ldb, tree->u.equality.value.data); + if (dn == NULL) { + return -1; + } + ret = ltdb_search_dn(module, dn, attrs, res); + talloc_free(dn); + return ret; } if (ltdb_lock_read(module) != 0) { @@ -497,7 +508,7 @@ int ltdb_search_bytree(struct ldb_module *module, const char *base, search the database with a LDAP-like expression. choses a search method */ -int ltdb_search(struct ldb_module *module, const char *base, +int ltdb_search(struct ldb_module *module, const struct ldb_dn *base, enum ldb_scope scope, const char *expression, const char * const attrs[], struct ldb_message ***res) { diff --git a/source4/lib/ldb/ldb_tdb/ldb_tdb.c b/source4/lib/ldb/ldb_tdb/ldb_tdb.c index 40cfe97c29..61d0f9b64a 100644 --- a/source4/lib/ldb/ldb_tdb/ldb_tdb.c +++ b/source4/lib/ldb/ldb_tdb/ldb_tdb.c @@ -50,14 +50,12 @@ note that the key for a record can depend on whether the dn refers to a case sensitive index record or not */ -struct TDB_DATA ltdb_key(struct ldb_module *module, const char *dn) +struct TDB_DATA ltdb_key(struct ldb_module *module, const struct ldb_dn *dn) { struct ldb_context *ldb = module->ldb; TDB_DATA key; char *key_str = NULL; char *dn_folded = NULL; - struct ldb_dn *edn = NULL; - struct ldb_dn *cedn = NULL; /* most DNs are case insensitive. The exception is index DNs for @@ -70,26 +68,14 @@ struct TDB_DATA ltdb_key(struct ldb_module *module, const char *dn) 2) if the dn starts with @ then leave it alone - the indexing code handles the rest */ - if (*dn == '@') { - dn_folded = talloc_strdup(ldb, dn); - } else { - edn = ldb_dn_explode(ldb, dn); - if (!edn) - goto failed; - - cedn = ldb_dn_casefold(ldb, edn); - if (!cedn) - goto failed; - - dn_folded = ldb_dn_linearize(ldb, cedn); - if (!dn_folded) - goto failed; - talloc_free(edn); - talloc_free(cedn); + dn_folded = ldb_dn_linearize_casefold(ldb, dn); + if (!dn_folded) { + goto failed; } key_str = talloc_asprintf(ldb, "DN=%s", dn_folded); + talloc_free(dn_folded); if (!key_str) { @@ -102,8 +88,6 @@ struct TDB_DATA ltdb_key(struct ldb_module *module, const char *dn) return key; failed: - talloc_free(edn); - talloc_free(cedn); errno = ENOMEM; key.dptr = NULL; key.dsize = 0; @@ -116,7 +100,8 @@ failed: static int ltdb_lock(struct ldb_module *module, const char *lockname) { struct ltdb_private *ltdb = module->private_data; - char *lock_dn; + struct ldb_dn *lock_dn; + char *ldn; TDB_DATA key; int ret; @@ -124,10 +109,17 @@ static int ltdb_lock(struct ldb_module *module, const char *lockname) return -1; } - lock_dn = talloc_asprintf(module->ldb, "%s_%s", LDBLOCK, lockname); + ldn = talloc_asprintf(module->ldb, "%s_%s", LDBLOCK, lockname); + if (ldn == NULL) { + return -1; + } + + lock_dn = ldb_dn_explode(module->ldb, ldn); if (lock_dn == NULL) { + talloc_free(ldn); return -1; } + talloc_free(ldn); key = ltdb_key(module, lock_dn); if (!key.dptr) { @@ -149,17 +141,25 @@ static int ltdb_lock(struct ldb_module *module, const char *lockname) static int ltdb_unlock(struct ldb_module *module, const char *lockname) { struct ltdb_private *ltdb = module->private_data; - char *lock_dn; + struct ldb_dn *lock_dn; + char *ldn; TDB_DATA key; if (lockname == NULL) { return -1; } - lock_dn = talloc_asprintf(module->ldb, "%s_%s", LDBLOCK, lockname); + ldn = talloc_asprintf(module->ldb, "%s_%s", LDBLOCK, lockname); + if (ldn == NULL) { + return -1; + } + + lock_dn = ldb_dn_explode(module->ldb, ldn); if (lock_dn == NULL) { + talloc_free(ldn); return -1; } + talloc_free(ldn); key = ltdb_key(module, lock_dn); if (!key.dptr) { @@ -183,11 +183,21 @@ int ltdb_lock_read(struct ldb_module *module) { struct ltdb_private *ltdb = module->private_data; TDB_DATA key; + struct ldb_dn *lock_dn; int ret; - key = ltdb_key(module, LDBLOCK); + + lock_dn = ldb_dn_explode(module, LDBLOCK); + if (lock_dn == NULL) { + return -1; + } + + key = ltdb_key(module, lock_dn); if (!key.dptr) { + talloc_free(lock_dn); return -1; } + talloc_free(lock_dn); + ret = tdb_chainlock_read(ltdb->tdb, key); talloc_free(key.dptr); return ret; @@ -199,11 +209,21 @@ int ltdb_lock_read(struct ldb_module *module) int ltdb_unlock_read(struct ldb_module *module) { struct ltdb_private *ltdb = module->private_data; + struct ldb_dn *lock_dn; TDB_DATA key; - key = ltdb_key(module, LDBLOCK); + + lock_dn = ldb_dn_explode(module, LDBLOCK); + if (lock_dn == NULL) { + return -1; + } + + key = ltdb_key(module, lock_dn); if (!key.dptr) { + talloc_free(lock_dn); return -1; } + talloc_free(lock_dn); + tdb_chainunlock_read(ltdb->tdb, key); talloc_free(key.dptr); return 0; @@ -217,8 +237,9 @@ int ltdb_check_special_dn(struct ldb_module *module, const struct ldb_message *m { struct ltdb_private *ltdb = module->private_data; int i, j; - - if (strcmp(msg->dn, LTDB_ATTRIBUTES) != 0) { + + if (! ldb_dn_is_special(msg->dn) || + ! ldb_dn_check_special(msg->dn, LTDB_ATTRIBUTES)) { return 0; } @@ -241,17 +262,19 @@ int ltdb_check_special_dn(struct ldb_module *module, const struct ldb_message *m we've made a modification to a dn - possibly reindex and update sequence number */ -static int ltdb_modified(struct ldb_module *module, const char *dn) +static int ltdb_modified(struct ldb_module *module, const struct ldb_dn *dn) { int ret = 0; - if (strcmp(dn, LTDB_INDEXLIST) == 0 || - strcmp(dn, LTDB_ATTRIBUTES) == 0) { + if (ldb_dn_is_special(dn) && + (ldb_dn_check_special(dn, LTDB_INDEXLIST) || + ldb_dn_check_special(dn, LTDB_ATTRIBUTES)) ) { ret = ltdb_reindex(module); } if (ret == 0 && - strcmp(dn, LTDB_BASEINFO) != 0) { + !(ldb_dn_is_special(dn) && + ldb_dn_check_special(dn, LTDB_BASEINFO)) ) { ret = ltdb_increase_sequence_number(module); } @@ -335,7 +358,7 @@ static int ltdb_add(struct ldb_module *module, const struct ldb_message *msg) delete a record from the database, not updating indexes (used for deleting index records) */ -int ltdb_delete_noindex(struct ldb_module *module, const char *dn) +int ltdb_delete_noindex(struct ldb_module *module, const struct ldb_dn *dn) { struct ltdb_private *ltdb = module->private_data; TDB_DATA tdb_key; @@ -355,7 +378,7 @@ int ltdb_delete_noindex(struct ldb_module *module, const char *dn) /* delete a record from the database */ -static int ltdb_delete(struct ldb_module *module, const char *dn) +static int ltdb_delete(struct ldb_module *module, const struct ldb_dn *dn) { struct ltdb_private *ltdb = module->private_data; int ret; @@ -477,12 +500,18 @@ static int msg_delete_attribute(struct ldb_module *module, struct ldb_context *ldb, struct ldb_message *msg, const char *name) { + char *dn; unsigned int i, j; + dn = ldb_dn_linearize(ldb, msg->dn); + if (dn == NULL) { + return -1; + } + for (i=0;i<msg->num_elements;i++) { if (ldb_attr_cmp(msg->elements[i].name, name) == 0) { for (j=0;j<msg->elements[i].num_values;j++) { - ltdb_index_del_value(module, msg->dn, &msg->elements[i], j); + ltdb_index_del_value(module, dn, &msg->elements[i], j); } talloc_free(msg->elements[i].values); if (msg->num_elements > (i+1)) { @@ -499,6 +528,7 @@ static int msg_delete_attribute(struct ldb_module *module, } } + talloc_free(dn); return 0; } @@ -593,6 +623,7 @@ int ltdb_modify_internal(struct ldb_module *module, const struct ldb_message *ms struct ldb_message_element *el = &msg->elements[i]; struct ldb_message_element *el2; struct ldb_val *vals; + char *dn; switch (msg->elements[i].flags & LDB_FLAG_MOD_MASK) { @@ -650,6 +681,10 @@ int ltdb_modify_internal(struct ldb_module *module, const struct ldb_message *ms break; case LDB_FLAG_MOD_DELETE: + + dn = ldb_dn_linearize(msg2, msg->dn); + if (dn == NULL) goto failed; + /* we could be being asked to delete all values or just some values */ if (msg->elements[i].num_values == 0) { @@ -668,7 +703,7 @@ int ltdb_modify_internal(struct ldb_module *module, const struct ldb_message *ms ltdb->last_err_string = "No such attribute"; goto failed; } - if (ltdb_index_del_value(module, msg->dn, &msg->elements[i], j) != 0) { + if (ltdb_index_del_value(module, dn, &msg->elements[i], j) != 0) { goto failed; } } @@ -730,7 +765,7 @@ static int ltdb_modify(struct ldb_module *module, const struct ldb_message *msg) /* rename a record */ -static int ltdb_rename(struct ldb_module *module, const char *olddn, const char *newdn) +static int ltdb_rename(struct ldb_module *module, const struct ldb_dn *olddn, const struct ldb_dn *newdn) { struct ltdb_private *ltdb = module->private_data; int ret; @@ -761,7 +796,7 @@ static int ltdb_rename(struct ldb_module *module, const char *olddn, const char goto failed; } - msg->dn = talloc_strdup(msg, newdn); + msg->dn = ldb_dn_copy(msg, newdn); if (!msg->dn) { goto failed; } diff --git a/source4/lib/ldb/ldb_tdb/ldb_tdb.h b/source4/lib/ldb/ldb_tdb/ldb_tdb.h index 9ee3bfb70f..f08601832c 100644 --- a/source4/lib/ldb/ldb_tdb/ldb_tdb.h +++ b/source4/lib/ldb/ldb_tdb/ldb_tdb.h @@ -57,7 +57,7 @@ int ltdb_check_at_attributes_values(const struct ldb_val *value); struct ldb_parse_tree; int ltdb_search_indexed(struct ldb_module *module, - const char *base, + const struct ldb_dn *base, enum ldb_scope scope, struct ldb_parse_tree *tree, const char * const attrs[], struct ldb_message ***res); @@ -81,23 +81,23 @@ int ltdb_unpack_data(struct ldb_module *module, int ltdb_has_wildcard(struct ldb_module *module, const char *attr_name, const struct ldb_val *val); void ltdb_search_dn1_free(struct ldb_module *module, struct ldb_message *msg); -int ltdb_search_dn1(struct ldb_module *module, const char *dn, struct ldb_message *msg); +int ltdb_search_dn1(struct ldb_module *module, const struct ldb_dn *dn, struct ldb_message *msg); int ltdb_add_attr_results(struct ldb_module *module, struct ldb_message *msg, const char * const attrs[], int *count, struct ldb_message ***res); -int ltdb_search(struct ldb_module *module, const char *base, +int ltdb_search(struct ldb_module *module, const struct ldb_dn *base, enum ldb_scope scope, const char *expression, const char * const attrs[], struct ldb_message ***res); -int ltdb_search_bytree(struct ldb_module *module, const char *base, +int ltdb_search_bytree(struct ldb_module *module, const struct ldb_dn *base, enum ldb_scope scope, struct ldb_parse_tree *tree, const char * const attrs[], struct ldb_message ***res); /* The following definitions come from lib/ldb/ldb_tdb/ldb_tdb.c */ -struct TDB_DATA ltdb_key(struct ldb_module *module, const char *dn); +struct TDB_DATA ltdb_key(struct ldb_module *module, const struct ldb_dn *dn); int ltdb_store(struct ldb_module *module, const struct ldb_message *msg, int flgs); -int ltdb_delete_noindex(struct ldb_module *module, const char *dn); +int ltdb_delete_noindex(struct ldb_module *module, const struct ldb_dn *dn); int ltdb_modify_internal(struct ldb_module *module, const struct ldb_message *msg); int ltdb_lock_read(struct ldb_module *module); int ltdb_unlock_read(struct ldb_module *module); diff --git a/source4/lib/ldb/modules/rdn_name.c b/source4/lib/ldb/modules/rdn_name.c index 89cc49eb3e..d59205c6e4 100644 --- a/source4/lib/ldb/modules/rdn_name.c +++ b/source4/lib/ldb/modules/rdn_name.c @@ -41,7 +41,7 @@ struct private_data { const char *error_string; }; -static int rdn_name_search(struct ldb_module *module, const char *base, +static int rdn_name_search(struct ldb_module *module, const struct ldb_dn *base, enum ldb_scope scope, const char *expression, const char * const *attrs, struct ldb_message ***res) { @@ -49,7 +49,7 @@ static int rdn_name_search(struct ldb_module *module, const char *base, return ldb_next_search(module, base, scope, expression, attrs, res); } -static int rdn_name_search_bytree(struct ldb_module *module, const char *base, +static int rdn_name_search_bytree(struct ldb_module *module, const struct ldb_dn *base, enum ldb_scope scope, struct ldb_parse_tree *tree, const char * const *attrs, struct ldb_message ***res) { @@ -70,21 +70,6 @@ static struct ldb_message_element *rdn_name_find_attribute(const struct ldb_mess return NULL; } -static struct ldb_dn_component *get_rdn(void *mem_ctx, const char *dn) -{ - struct ldb_dn *dn_exploded = ldb_dn_explode(mem_ctx, dn); - - if (!dn_exploded) { - return NULL; - } - - if (dn_exploded->comp_num < 1) { - return NULL; - } - - return &dn_exploded->components[0]; -} - /* add_record: add crateTimestamp/modifyTimestamp attributes */ static int rdn_name_add_record(struct ldb_module *module, const struct ldb_message *msg) { @@ -97,7 +82,8 @@ static int rdn_name_add_record(struct ldb_module *module, const struct ldb_messa ldb_debug(module->ldb, LDB_DEBUG_TRACE, "rdn_name_add_record\n"); - if (msg->dn[0] == '@') { /* do not manipulate our control entries */ + /* do not manipulate our control entries */ + if (ldb_dn_is_special(msg->dn)) { return ldb_next_add_record(module, msg); } @@ -119,12 +105,14 @@ static int rdn_name_add_record(struct ldb_module *module, const struct ldb_messa msg2->elements[i] = msg->elements[i]; } - rdn = get_rdn(msg2, msg2->dn); + rdn = ldb_dn_get_rdn(msg2, msg2->dn); if (!rdn) { + talloc_free(msg2); return -1; } if (ldb_msg_add_value(module->ldb, msg2, "name", &rdn->value) != 0) { + talloc_free(msg2); return -1; } @@ -132,6 +120,7 @@ static int rdn_name_add_record(struct ldb_module *module, const struct ldb_messa if (!attribute) { if (ldb_msg_add_value(module->ldb, msg2, rdn->name, &rdn->value) != 0) { + talloc_free(msg2); return -1; } } else { @@ -145,8 +134,9 @@ static int rdn_name_add_record(struct ldb_module *module, const struct ldb_messa } } if (i == attribute->num_values) { - data->error_string = talloc_asprintf(data, "RDN mismatch on %s: %s", msg2->dn, rdn->name); + data->error_string = talloc_asprintf(data, "RDN mismatch on %s: %s", ldb_dn_linearize(msg2, msg2->dn), rdn->name); ldb_debug(module->ldb, LDB_DEBUG_FATAL, "%s\n", data->error_string); + talloc_free(msg2); return -1; } } @@ -167,6 +157,11 @@ static int rdn_name_modify_record(struct ldb_module *module, const struct ldb_me ldb_debug(module->ldb, LDB_DEBUG_TRACE, "rdn_name_modify_record\n"); + /* do not manipulate our control entries */ + if (ldb_dn_is_special(msg->dn)) { + return ldb_next_add_record(module, msg); + } + /* Perhaps someone above us knows better */ if ((attribute = rdn_name_find_attribute(msg, "name")) != NULL ) { return ldb_next_add_record(module, msg); @@ -185,17 +180,20 @@ static int rdn_name_modify_record(struct ldb_module *module, const struct ldb_me msg2->elements[i] = msg->elements[i]; } - rdn = get_rdn(msg2, msg2->dn); + rdn = ldb_dn_get_rdn(msg2, msg2->dn); if (!rdn) { + talloc_free(msg2); return -1; } if (ldb_msg_add_value(module->ldb, msg2, "name", &rdn->value) != 0) { + talloc_free(msg2); return -1; } attribute = rdn_name_find_attribute(msg2, "name"); if (!attribute) { + talloc_free(msg2); return -1; } @@ -207,13 +205,13 @@ static int rdn_name_modify_record(struct ldb_module *module, const struct ldb_me return ret; } -static int rdn_name_delete_record(struct ldb_module *module, const char *dn) +static int rdn_name_delete_record(struct ldb_module *module, const struct ldb_dn *dn) { ldb_debug(module->ldb, LDB_DEBUG_TRACE, "rdn_name_delete_record\n"); return ldb_next_delete_record(module, dn); } -static int rdn_name_rename_record(struct ldb_module *module, const char *olddn, const char *newdn) +static int rdn_name_rename_record(struct ldb_module *module, const struct ldb_dn *olddn, const struct ldb_dn *newdn) { ldb_debug(module->ldb, LDB_DEBUG_TRACE, "rdn_name_rename_record\n"); return ldb_next_rename_record(module, olddn, newdn); diff --git a/source4/lib/ldb/modules/schema.c b/source4/lib/ldb/modules/schema.c index e11c8b4e4e..baf038de0c 100644 --- a/source4/lib/ldb/modules/schema.c +++ b/source4/lib/ldb/modules/schema.c @@ -1,7 +1,7 @@ /* ldb database library - Copyright (C) Simo Sorce 2004 + Copyright (C) Simo Sorce 2004-2005 ** NOTE! The following LGPL license applies to the ldb ** library. This does NOT imply that all of Samba is released @@ -72,28 +72,6 @@ struct schema_structures { struct schema_attribute_list optional_attrs; }; -/* This function embedds the knowledge of aliased names. - Currently it handles only dn vs distinguishedNAme as a special case as AD - only have this special alias case, in future we should read the schema - to find out which names have an alias and check for them */ -static int schema_attr_cmp(const char *attr1, const char *attr2) -{ - int ret; - - ret = ldb_attr_cmp(attr1, attr2); - if (ret != 0) { - if ((ldb_attr_cmp("dn", attr1) == 0) && - (ldb_attr_cmp("distinguishedName", attr2) == 0)) { - return 0; - } - if ((ldb_attr_cmp("dn", attr2) == 0) && - (ldb_attr_cmp("distinguishedName", attr1) == 0)) { - return 0; - } - } - return ret; -} - static struct schema_attribute *schema_find_attribute(struct schema_attribute_list *list, const char *attr_name) { unsigned int i; @@ -110,7 +88,7 @@ static struct schema_attribute *schema_find_attribute(struct schema_attribute_li objectclasses go in the objectclasses structure */ static int get_msg_attributes(struct schema_structures *ss, const struct ldb_message *msg, int flag_mask) { - int i, j, k, l; + int i, j, anum, cnum; ss->entry_attrs.attr = talloc_realloc(ss, ss->entry_attrs.attr, struct schema_attribute, @@ -119,9 +97,9 @@ static int get_msg_attributes(struct schema_structures *ss, const struct ldb_mes return -1; } - for (i = 0, j = ss->entry_attrs.num; i < msg->num_elements; i++) { + for (i = 0, anum = ss->entry_attrs.num; i < msg->num_elements; i++) { - if (schema_attr_cmp(msg->elements[i].name, "objectclass") == 0) { + if (ldb_attr_cmp(msg->elements[i].name, "objectclass") == 0) { ss->objectclasses.attr = talloc_realloc(ss, ss->objectclasses.attr, struct schema_attribute, @@ -130,34 +108,33 @@ static int get_msg_attributes(struct schema_structures *ss, const struct ldb_mes return -1; } - for (k = 0, l = ss->objectclasses.num; k < msg->elements[i].num_values; k++) { - ss->objectclasses.attr[l].name = msg->elements[i].values[k].data; - ss->objectclasses.attr[l].flags = msg->elements[i].flags & flag_mask; - l++; + for (j = 0, cnum = ss->objectclasses.num; j < msg->elements[i].num_values; j++) { + ss->objectclasses.attr[cnum+j].name = msg->elements[i].values[j].data; + ss->objectclasses.attr[cnum+j].flags = msg->elements[i].flags & flag_mask; } ss->objectclasses.num += msg->elements[i].num_values; } - ss->entry_attrs.attr[j].flags = msg->elements[i].flags & flag_mask; - ss->entry_attrs.attr[j].name = talloc_reference(ss->entry_attrs.attr, + /* TODO: Check for proper attribute Syntax ! */ + + ss->entry_attrs.attr[anum+i].flags = msg->elements[i].flags & flag_mask; + ss->entry_attrs.attr[anum+i].name = talloc_reference(ss->entry_attrs.attr, msg->elements[i].name); - if (ss->entry_attrs.attr[j].name == NULL) { + if (ss->entry_attrs.attr[anum+i].name == NULL) { return -1; } - j++; } ss->entry_attrs.num += msg->num_elements; return 0; } -static int get_entry_attributes(struct ldb_context *ldb, const char *dn, struct schema_structures *ss) +static int get_entry_attributes(struct ldb_context *ldb, const struct ldb_dn *dn, struct schema_structures *ss) { - char *filter = talloc_asprintf(ss, "dn=%s", dn); struct ldb_message **srch; int ret; - ret = ldb_search(ldb, NULL, LDB_SCOPE_SUBTREE, filter, NULL, &srch); + ret = ldb_search(ldb, dn, LDB_SCOPE_BASE, NULL, NULL, &srch); if (ret != 1) { return ret; } @@ -190,7 +167,7 @@ static int add_attribute_uniq(void *mem_ctx, struct schema_attribute_list *list, for (c = 0; c < list->num; c++) { len = strlen(list->attr[c].name); if (len == el->values[i].length) { - if (schema_attr_cmp(list->attr[c].name, el->values[i].data) == 0) { + if (ldb_attr_cmp(list->attr[c].name, el->values[i].data) == 0) { found = 1; break; } @@ -254,11 +231,15 @@ static int get_attr_list_recursive(struct ldb_module *module, struct schema_stru is_aux = 0; is_class = 0; - if (schema_attr_cmp((*srch)->elements[j].name, "systemAuxiliaryclass") == 0) { + if (ldb_attr_cmp((*srch)->elements[j].name, "systemAuxiliaryclass") == 0) { is_aux = SCHEMA_FLAG_AUXILIARY; is_class = 1; } - if (schema_attr_cmp((*srch)->elements[j].name, "subClassOf") == 0) { + if (ldb_attr_cmp((*srch)->elements[j].name, "auxiliaryClass") == 0) { + is_aux = SCHEMA_FLAG_AUXILIARY; + is_class = 1; + } + if (ldb_attr_cmp((*srch)->elements[j].name, "subClassOf") == 0) { is_class = 1; } @@ -271,8 +252,8 @@ static int get_attr_list_recursive(struct ldb_module *module, struct schema_stru } } else { - if (schema_attr_cmp((*srch)->elements[j].name, "mustContain") == 0 || - schema_attr_cmp((*srch)->elements[j].name, "SystemMustContain") == 0) { + if (ldb_attr_cmp((*srch)->elements[j].name, "mustContain") == 0 || + ldb_attr_cmp((*srch)->elements[j].name, "SystemMustContain") == 0) { if (add_attribute_uniq(schema_struct, &schema_struct->required_attrs, SCHEMA_FLAG_RESET, @@ -281,8 +262,8 @@ static int get_attr_list_recursive(struct ldb_module *module, struct schema_stru } } - if (schema_attr_cmp((*srch)->elements[j].name, "mayContain") == 0 || - schema_attr_cmp((*srch)->elements[j].name, "SystemMayContain") == 0) { + if (ldb_attr_cmp((*srch)->elements[j].name, "mayContain") == 0 || + ldb_attr_cmp((*srch)->elements[j].name, "SystemMayContain") == 0) { if (add_attribute_uniq(schema_struct, &schema_struct->optional_attrs, @@ -299,14 +280,14 @@ static int get_attr_list_recursive(struct ldb_module *module, struct schema_stru } /* search */ -static int schema_search(struct ldb_module *module, const char *base, +static int schema_search(struct ldb_module *module, const struct ldb_dn *base, enum ldb_scope scope, const char *expression, const char * const *attrs, struct ldb_message ***res) { return ldb_next_search(module, base, scope, expression, attrs, res); } -static int schema_search_bytree(struct ldb_module *module, const char *base, +static int schema_search_bytree(struct ldb_module *module, const struct ldb_dn *base, enum ldb_scope scope, struct ldb_parse_tree *tree, const char * const *attrs, struct ldb_message ***res) { @@ -329,10 +310,13 @@ static int schema_add_record(struct ldb_module *module, const struct ldb_message Free all structures and commit the change */ - if (msg->dn[0] == '@') { /* do not check on our control entries */ + /* do not check on our control entries */ + if (ldb_dn_is_special(msg->dn)) { return ldb_next_add_record(module, msg); } + /* TODO: check parent exists */ + entry_structs = talloc_zero(module, struct schema_structures); if (!entry_structs) { return -1; @@ -414,8 +398,9 @@ static int schema_modify_record(struct ldb_module *module, const struct ldb_mess Free all structures and commit the change. */ - if (msg->dn[0] == '@') { /* do not check on our control entries */ - return ldb_next_modify_record(module, msg); + /* do not check on our control entries */ + if (ldb_dn_is_special(msg->dn)) { + return ldb_next_add_record(module, msg); } /* allocate object structs */ @@ -504,14 +489,14 @@ static int schema_modify_record(struct ldb_module *module, const struct ldb_mess } /* delete_record */ -static int schema_delete_record(struct ldb_module *module, const char *dn) +static int schema_delete_record(struct ldb_module *module, const struct ldb_dn *dn) { /* struct private_data *data = (struct private_data *)module->private_data; */ return ldb_next_delete_record(module, dn); } /* rename_record */ -static int schema_rename_record(struct ldb_module *module, const char *olddn, const char *newdn) +static int schema_rename_record(struct ldb_module *module, const struct ldb_dn *olddn, const struct ldb_dn *newdn) { return ldb_next_rename_record(module, olddn, newdn); } diff --git a/source4/lib/ldb/modules/skel.c b/source4/lib/ldb/modules/skel.c index 1221ac70f1..57c89a6a65 100644 --- a/source4/lib/ldb/modules/skel.c +++ b/source4/lib/ldb/modules/skel.c @@ -42,7 +42,7 @@ struct private_data { }; /* search */ -static int skel_search(struct ldb_module *module, const char *base, +static int skel_search(struct ldb_module *module, const struct ldb_dn *base, enum ldb_scope scope, const char *expression, const char * const *attrs, struct ldb_message ***res) { @@ -62,13 +62,13 @@ static int skel_modify_record(struct ldb_module *module, const struct ldb_messag } /* delete_record */ -static int skel_delete_record(struct ldb_module *module, const char *dn) +static int skel_delete_record(struct ldb_module *module, const struct ldb_dn *dn) { return ldb_next_delete_record(module, dn); } /* rename_record */ -static int skel_rename_record(struct ldb_module *module, const char *olddn, const char *newdn) +static int skel_rename_record(struct ldb_module *module, const struct ldb_dn *olddn, const struct ldb_dn *newdn) { return ldb_next_rename_record(module, olddn, newdn); } diff --git a/source4/lib/ldb/modules/timestamps.c b/source4/lib/ldb/modules/timestamps.c index b067d8e8d6..4819e0466b 100644 --- a/source4/lib/ldb/modules/timestamps.c +++ b/source4/lib/ldb/modules/timestamps.c @@ -41,7 +41,7 @@ struct private_data { const char *error_string; }; -static int timestamps_search(struct ldb_module *module, const char *base, +static int timestamps_search(struct ldb_module *module, const struct ldb_dn *base, enum ldb_scope scope, const char *expression, const char * const *attrs, struct ldb_message ***res) { @@ -49,7 +49,7 @@ static int timestamps_search(struct ldb_module *module, const char *base, return ldb_next_search(module, base, scope, expression, attrs, res); } -static int timestamps_search_bytree(struct ldb_module *module, const char *base, +static int timestamps_search_bytree(struct ldb_module *module, const struct ldb_dn *base, enum ldb_scope scope, struct ldb_parse_tree *tree, const char * const *attrs, struct ldb_message ***res) { @@ -101,7 +101,8 @@ static int timestamps_add_record(struct ldb_module *module, const struct ldb_mes ldb_debug(module->ldb, LDB_DEBUG_TRACE, "timestamps_add_record\n"); - if (msg->dn[0] == '@') { /* do not manipulate our control entries */ + /* do not manipulate our control entries */ + if (ldb_dn_is_special(msg->dn)) { return ldb_next_add_record(module, msg); } @@ -159,8 +160,9 @@ static int timestamps_modify_record(struct ldb_module *module, const struct ldb_ ldb_debug(module->ldb, LDB_DEBUG_TRACE, "timestamps_modify_record\n"); - if (msg->dn[0] == '@') { /* do not manipulate our control entries */ - return ldb_next_modify_record(module, msg); + /* do not manipulate our control entries */ + if (ldb_dn_is_special(msg->dn)) { + return ldb_next_add_record(module, msg); } timeval = time(NULL); @@ -201,13 +203,13 @@ static int timestamps_modify_record(struct ldb_module *module, const struct ldb_ return ret; } -static int timestamps_delete_record(struct ldb_module *module, const char *dn) +static int timestamps_delete_record(struct ldb_module *module, const struct ldb_dn *dn) { ldb_debug(module->ldb, LDB_DEBUG_TRACE, "timestamps_delete_record\n"); return ldb_next_delete_record(module, dn); } -static int timestamps_rename_record(struct ldb_module *module, const char *olddn, const char *newdn) +static int timestamps_rename_record(struct ldb_module *module, const struct ldb_dn *olddn, const struct ldb_dn *newdn) { ldb_debug(module->ldb, LDB_DEBUG_TRACE, "timestamps_rename_record\n"); return ldb_next_rename_record(module, olddn, newdn); diff --git a/source4/lib/ldb/tools/cmdline.c b/source4/lib/ldb/tools/cmdline.c index 48dc8ddd47..7657301f35 100644 --- a/source4/lib/ldb/tools/cmdline.c +++ b/source4/lib/ldb/tools/cmdline.c @@ -57,6 +57,8 @@ struct ldb_cmdline *ldb_cmdline_process(struct ldb_context *ldb, int argc, const { "all", 'a', POPT_ARG_NONE, &options.all_records, 0, "dn=*", NULL }, { "sorted", 'S', POPT_ARG_NONE, &options.sorted, 0, "sort attributes", NULL }, { "sasl-mechanism", 0, POPT_ARG_STRING, &options.sasl_mechanism, 0, "choose SASL mechanism", "MECHANISM" }, + { "input", 'I', POPT_ARG_STRING, &options.input, 0, "Input File", "Input" }, + { "output", 'O', POPT_ARG_STRING, &options.output, 0, "Output File", "Output" }, { NULL, 'o', POPT_ARG_STRING, NULL, 'o', "ldb_connect option", "OPTION" }, #ifdef _SAMBA_BUILD_ POPT_COMMON_SAMBA @@ -149,16 +151,18 @@ struct ldb_cmdline *ldb_cmdline_process(struct ldb_context *ldb, int argc, const *ret = options; /* all utils need some option */ - if (ret->url == NULL) { - fprintf(stderr, "You must supply a url with -H or with $LDB_URL\n"); - if (usage) usage(); - goto failed; - } + if (ldb) { + if (ret->url == NULL) { + fprintf(stderr, "You must supply a url with -H or with $LDB_URL\n"); + if (usage) usage(); + goto failed; + } - if (ldb_connect(ldb, ret->url, 0, ret->options) != 0) { - fprintf(stderr, "Failed to connect to %s - %s\n", - ret->url, ldb_errstring(ldb)); - goto failed; + if (ldb_connect(ldb, ret->url, 0, ret->options) != 0) { + fprintf(stderr, "Failed to connect to %s - %s\n", + ret->url, ldb_errstring(ldb)); + goto failed; + } } return ret; diff --git a/source4/lib/ldb/tools/cmdline.h b/source4/lib/ldb/tools/cmdline.h index 8e479c5538..daf9c06f42 100644 --- a/source4/lib/ldb/tools/cmdline.h +++ b/source4/lib/ldb/tools/cmdline.h @@ -40,6 +40,8 @@ struct ldb_cmdline { int num_records; int num_searches; const char *sasl_mechanism; + const char *input; + const char *output; }; struct ldb_cmdline *ldb_cmdline_process(struct ldb_context *ldb, int argc, const char **argv, diff --git a/source4/lib/ldb/tools/ldbadd.c b/source4/lib/ldb/tools/ldbadd.c index 5be3b7fc75..de6da0eb5b 100644 --- a/source4/lib/ldb/tools/ldbadd.c +++ b/source4/lib/ldb/tools/ldbadd.c @@ -76,7 +76,7 @@ static int process_file(struct ldb_context *ldb, FILE *f) ret = ldb_add(ldb, ldif->msg); if (ret != 0) { fprintf(stderr, "ERR: \"%s\" on DN %s\n", - ldb_errstring(ldb), ldif->msg->dn); + ldb_errstring(ldb), ldb_dn_linearize(ldb, ldif->msg->dn)); failures++; } else { count++; diff --git a/source4/lib/ldb/tools/ldbdel.c b/source4/lib/ldb/tools/ldbdel.c index fdb1f7ef3b..6082931e22 100644 --- a/source4/lib/ldb/tools/ldbdel.c +++ b/source4/lib/ldb/tools/ldbdel.c @@ -41,7 +41,7 @@ #include "system/filesys.h" #endif -static int ldb_delete_recursive(struct ldb_context *ldb, const char *dn) +static int ldb_delete_recursive(struct ldb_context *ldb, const struct ldb_dn *dn) { int ret, i, total=0; const char *attrs[] = { "dn", NULL }; @@ -94,7 +94,13 @@ static void usage(void) } for (i=0;i<options->argc;i++) { - const char *dn = options->argv[i]; + const struct ldb_dn *dn; + + dn = ldb_dn_explode(ldb, options->argv[i]); + if (dn == NULL) { + printf("Invalid DN format\n"); + exit(1); + } if (options->recursive) { ret = ldb_delete_recursive(ldb, dn); } else { @@ -104,7 +110,9 @@ static void usage(void) } } if (ret != 0) { - printf("delete of '%s' failed - %s\n", dn, ldb_errstring(ldb)); + printf("delete of '%s' failed - %s\n", + ldb_dn_linearize(ldb, dn), + ldb_errstring(ldb)); } } diff --git a/source4/lib/ldb/tools/ldbedit.c b/source4/lib/ldb/tools/ldbedit.c index 1613f4ddc5..a850562a7d 100644 --- a/source4/lib/ldb/tools/ldbedit.c +++ b/source4/lib/ldb/tools/ldbedit.c @@ -83,7 +83,7 @@ static int modify_record(struct ldb_context *ldb, if (ldb_modify(ldb, mod) != 0) { fprintf(stderr, "failed to modify %s - %s\n", - msg1->dn, ldb_errstring(ldb)); + ldb_dn_linearize(ldb, msg1->dn), ldb_errstring(ldb)); return -1; } @@ -96,11 +96,11 @@ static int modify_record(struct ldb_context *ldb, static struct ldb_message *msg_find(struct ldb_context *ldb, struct ldb_message **msgs, int count, - const char *dn) + const struct ldb_dn *dn) { int i; for (i=0;i<count;i++) { - if (ldb_dn_cmp(ldb, dn, msgs[i]->dn) == 0) { + if (ldb_dn_compare(ldb, dn, msgs[i]->dn) == 0) { return msgs[i]; } } @@ -128,7 +128,8 @@ static int merge_edits(struct ldb_context *ldb, } if (ldb_add(ldb, msgs2[i]) != 0) { fprintf(stderr, "failed to add %s - %s\n", - msgs2[i]->dn, ldb_errstring(ldb)); + ldb_dn_linearize(ldb, msgs2[i]->dn), + ldb_errstring(ldb)); return -1; } adds++; @@ -148,7 +149,8 @@ static int merge_edits(struct ldb_context *ldb, } if (ldb_delete(ldb, msgs1[i]->dn) != 0) { fprintf(stderr, "failed to delete %s - %s\n", - msgs1[i]->dn, ldb_errstring(ldb)); + ldb_dn_linearize(ldb, msgs1[i]->dn), + ldb_errstring(ldb)); return -1; } deletes++; @@ -279,6 +281,7 @@ static void usage(void) { struct ldb_context *ldb; struct ldb_message **msgs; + struct ldb_dn *basedn = NULL; int ret; const char *expression = "(|(objectclass=*)(dn=*))"; const char * const * attrs = NULL; @@ -299,7 +302,15 @@ static void usage(void) attrs = (const char * const *)(options->argv); } - ret = ldb_search(ldb, options->basedn, options->scope, expression, attrs, &msgs); + if (options->basedn != NULL) { + basedn = ldb_dn_explode(ldb, options->basedn); + if (basedn == NULL) { + printf("Invalid Base DN format\n"); + exit(1); + } + } + + ret = ldb_search(ldb, basedn, options->scope, expression, attrs, &msgs); if (ret == -1) { printf("search failed - %s\n", ldb_errstring(ldb)); exit(1); diff --git a/source4/lib/ldb/tools/ldbmodify.c b/source4/lib/ldb/tools/ldbmodify.c index 901a4c9628..4c78e485b5 100644 --- a/source4/lib/ldb/tools/ldbmodify.c +++ b/source4/lib/ldb/tools/ldbmodify.c @@ -78,7 +78,7 @@ static int process_file(struct ldb_context *ldb, FILE *f) } if (ret != 0) { fprintf(stderr, "ERR: \"%s\" on DN %s\n", - ldb_errstring(ldb), ldif->msg->dn); + ldb_errstring(ldb), ldb_dn_linearize(ldb, ldif->msg->dn)); failures++; } else { count++; diff --git a/source4/lib/ldb/tools/ldbrename.c b/source4/lib/ldb/tools/ldbrename.c index c74516869e..4b3b27c130 100644 --- a/source4/lib/ldb/tools/ldbrename.c +++ b/source4/lib/ldb/tools/ldbrename.c @@ -61,7 +61,7 @@ static void usage(void) struct ldb_context *ldb; int ret; struct ldb_cmdline *options; - const char *dn1, *dn2; + const struct ldb_dn *dn1, *dn2; ldb = ldb_init(NULL); @@ -71,15 +71,15 @@ static void usage(void) usage(); } - dn1 = options->argv[0]; - dn2 = options->argv[1]; + dn1 = ldb_dn_explode(ldb, options->argv[0]); + dn2 = ldb_dn_explode(ldb, options->argv[1]); ret = ldb_rename(ldb, dn1, dn2); if (ret == 0) { printf("Renamed 1 record\n"); } else { printf("rename of '%s' to '%s' failed - %s\n", - dn1, dn2, ldb_errstring(ldb)); + options->argv[0], options->argv[1], ldb_errstring(ldb)); } talloc_free(ldb); diff --git a/source4/lib/ldb/tools/ldbsearch.c b/source4/lib/ldb/tools/ldbsearch.c index 5604436980..4499bc9359 100644 --- a/source4/lib/ldb/tools/ldbsearch.c +++ b/source4/lib/ldb/tools/ldbsearch.c @@ -60,11 +60,11 @@ struct ldb_context *ldbsearch_ldb; static int do_compare_msg(struct ldb_message **el1, struct ldb_message **el2) { - return ldb_dn_cmp(ldbsearch_ldb, (*el1)->dn, (*el2)->dn); + return ldb_dn_compare(ldbsearch_ldb, (*el1)->dn, (*el2)->dn); } static int do_search(struct ldb_context *ldb, - const char *basedn, + const struct ldb_dn *basedn, int scope, int sort_attribs, const char *expression, @@ -120,6 +120,7 @@ static int do_search(struct ldb_context *ldb, int main(int argc, const char **argv) { struct ldb_context *ldb; + struct ldb_dn *basedn = NULL; const char * const * attrs = NULL; struct ldb_cmdline *options; int ret = -1; @@ -142,16 +143,24 @@ static int do_search(struct ldb_context *ldb, attrs = (const char * const *)(options->argv); } + if (options->basedn != NULL) { + basedn = ldb_dn_explode(ldb, options->basedn); + if (basedn == NULL) { + fprintf(stderr, "Invalid Base DN format\n"); + exit(1); + } + } + if (options->interactive) { char line[1024]; while (fgets(line, sizeof(line), stdin)) { - if (do_search(ldb, options->basedn, + if (do_search(ldb, basedn, options->scope, options->sorted, line, attrs) == -1) { ret = -1; } } } else { - ret = do_search(ldb, options->basedn, options->scope, options->sorted, + ret = do_search(ldb, basedn, options->scope, options->sorted, expression, attrs); } diff --git a/source4/lib/ldb/tools/ldbtest.c b/source4/lib/ldb/tools/ldbtest.c index aff1eaadda..a2e824dcdb 100644 --- a/source4/lib/ldb/tools/ldbtest.c +++ b/source4/lib/ldb/tools/ldbtest.c @@ -58,7 +58,7 @@ static double _end_timer(void) } static void add_records(struct ldb_context *ldb, - const char *basedn, + const struct ldb_dn *basedn, int count) { struct ldb_message msg; @@ -77,7 +77,7 @@ static void add_records(struct ldb_context *ldb, asprintf(&name, "Test%d", i); - msg.dn = talloc_asprintf(tmp_ctx, "cn=%s,%s", name, basedn); + msg.dn = ldb_dn_build_child(tmp_ctx, "cn", name, basedn); msg.num_elements = 6; msg.elements = el; @@ -145,7 +145,7 @@ static void add_records(struct ldb_context *ldb, } static void modify_records(struct ldb_context *ldb, - const char *basedn, + const struct ldb_dn *basedn, int count) { struct ldb_message msg; @@ -158,7 +158,7 @@ static void modify_records(struct ldb_context *ldb, TALLOC_CTX *tmp_ctx = talloc_new(ldb); name = talloc_asprintf(tmp_ctx, "Test%d", i); - msg.dn = talloc_asprintf(tmp_ctx, "cn=%s,%s", name, basedn); + msg.dn = ldb_dn_build_child(tmp_ctx, "cn", name, basedn); msg.num_elements = 3; msg.elements = el; @@ -197,29 +197,30 @@ static void modify_records(struct ldb_context *ldb, static void delete_records(struct ldb_context *ldb, - const char *basedn, + const struct ldb_dn *basedn, int count) { int i; for (i=0;i<count;i++) { - char *dn; - asprintf(&dn, "cn=Test%d,%s", i, basedn); + struct ldb_dn *dn; + char *name = talloc_asprintf(ldb, "Test%d", i); + dn = ldb_dn_build_child(name, "cn", name, basedn); printf("Deleting uid Test%d\r", i); fflush(stdout); if (ldb_delete(ldb, dn) != 0) { - printf("Delete of %s failed - %s\n", dn, ldb_errstring(ldb)); + printf("Delete of %s failed - %s\n", ldb_dn_linearize(ldb, dn), ldb_errstring(ldb)); exit(1); } - free(dn); + talloc_free(name); } printf("\n"); } -static void search_uid(struct ldb_context *ldb, int nrecords, int nsearches) +static void search_uid(struct ldb_context *ldb, struct ldb_dn *basedn, int nrecords, int nsearches) { int i; @@ -230,7 +231,7 @@ static void search_uid(struct ldb_context *ldb, int nrecords, int nsearches) int ret; asprintf(&expr, "(uid=TEST%d)", uid); - ret = ldb_search(ldb, options->basedn, LDB_SCOPE_SUBTREE, expr, NULL, &res); + ret = ldb_search(ldb, basedn, LDB_SCOPE_SUBTREE, expr, NULL, &res); if (uid < nrecords && ret != 1) { printf("Failed to find %s - %s\n", expr, ldb_errstring(ldb)); @@ -257,19 +258,23 @@ static void search_uid(struct ldb_context *ldb, int nrecords, int nsearches) static void start_test(struct ldb_context *ldb, int nrecords, int nsearches) { + struct ldb_dn *basedn; + + basedn = ldb_dn_explode(ldb, options->basedn); + printf("Adding %d records\n", nrecords); - add_records(ldb, options->basedn, nrecords); + add_records(ldb, basedn, nrecords); printf("Starting search on uid\n"); _start_timer(); - search_uid(ldb, nrecords, nsearches); + search_uid(ldb, basedn, nrecords, nsearches); printf("uid search took %.2f seconds\n", _end_timer()); printf("Modifying records\n"); - modify_records(ldb, options->basedn, nrecords); + modify_records(ldb, basedn, nrecords); printf("Deleting records\n"); - delete_records(ldb, options->basedn, nrecords); + delete_records(ldb, basedn, nrecords); } @@ -290,31 +295,37 @@ static void start_test_index(struct ldb_context **ldb) { struct ldb_message *msg; struct ldb_message **res; + struct ldb_dn *indexlist; + struct ldb_dn *basedn; int ret; printf("Starting index test\n"); - ldb_delete(*ldb, "@INDEXLIST"); + indexlist = ldb_dn_explode(NULL, "@INDEXLIST"); + + ldb_delete(*ldb, indexlist); msg = ldb_msg_new(NULL); - msg->dn = strdup("@INDEXLIST"); + msg->dn = indexlist; ldb_msg_add_string(*ldb, msg, "@IDXATTR", strdup("uid")); if (ldb_add(*ldb, msg) != 0) { - printf("Add of %s failed - %s\n", msg->dn, ldb_errstring(*ldb)); + printf("Add of %s failed - %s\n", ldb_dn_linearize(*ldb, msg->dn), ldb_errstring(*ldb)); exit(1); } + basedn = ldb_dn_explode(NULL, options->basedn); + memset(msg, 0, sizeof(*msg)); - asprintf(&msg->dn, "cn=%s,%s", "test", options->basedn); + msg->dn = ldb_dn_build_child(msg, "cn", "test", basedn); ldb_msg_add_string(*ldb, msg, "cn", strdup("test")); ldb_msg_add_string(*ldb, msg, "sn", strdup("test")); ldb_msg_add_string(*ldb, msg, "uid", strdup("test")); ldb_msg_add_string(*ldb, msg, "objectClass", strdup("OpenLDAPperson")); if (ldb_add(*ldb, msg) != 0) { - printf("Add of %s failed - %s\n", msg->dn, ldb_errstring(*ldb)); + printf("Add of %s failed - %s\n", ldb_dn_linearize(*ldb, msg->dn), ldb_errstring(*ldb)); exit(1); } @@ -331,14 +342,14 @@ static void start_test_index(struct ldb_context **ldb) exit(1); } - ret = ldb_search(*ldb, options->basedn, LDB_SCOPE_SUBTREE, "uid=test", NULL, &res); + ret = ldb_search(*ldb, basedn, LDB_SCOPE_SUBTREE, "uid=test", NULL, &res); if (ret != 1) { printf("Should have found 1 record - found %d\n", ret); exit(1); } if (ldb_delete(*ldb, msg->dn) != 0 || - ldb_delete(*ldb, "@INDEXLIST") != 0) { + ldb_delete(*ldb, indexlist) != 0) { printf("cleanup failed - %s\n", ldb_errstring(*ldb)); exit(1); } diff --git a/source4/lib/registry/reg_backend_ldb.c b/source4/lib/registry/reg_backend_ldb.c index 3c50258d02..404dab4dc1 100644 --- a/source4/lib/registry/reg_backend_ldb.c +++ b/source4/lib/registry/reg_backend_ldb.c @@ -25,7 +25,7 @@ struct ldb_key_data { - const char *dn; + const struct ldb_dn *dn; struct ldb_message **subkeys, **values; int subkey_count, value_count; }; @@ -113,39 +113,34 @@ static int reg_close_ldb_key (void *data) return 0; } -static char *reg_path_to_ldb(TALLOC_CTX *mem_ctx, struct registry_key *from, const char *path, const char *add) +static struct ldb_dn *reg_path_to_ldb(TALLOC_CTX *mem_ctx, struct registry_key *from, const char *path, const char *add) { - char *ret = talloc_strdup(mem_ctx, ""); + TALLOC_CTX *local_ctx; + struct ldb_dn *ret = ldb_dn_new(mem_ctx); char *mypath = talloc_strdup(mem_ctx, path); char *begin; struct ldb_key_data *kd = from->backend_data; - if(add) - ret = talloc_asprintf_append(ret, "%s", add); + local_ctx = talloc_named(mem_ctx, 0, "reg_path_to_ldb context"); + + if (add) + ret = ldb_dn_compose(local_ctx, ret, ldb_dn_explode(mem_ctx, add)); while(mypath) { char *keyname; - struct ldb_val val; - char *key; begin = strrchr(mypath, '\\'); if (begin) keyname = begin + 1; else keyname = mypath; - val.data = keyname; - val.length = strlen(keyname); - - key = ldb_dn_escape_value(mem_ctx, val); - if (key == NULL) { - return NULL; - } + if(strlen(keyname)) { + struct ldb_dn *base; - if (strlen(key)) - ret = talloc_asprintf_append(ret, "key=%s,", key); + base = ldb_dn_build_child(local_ctx, "key", keyname, NULL); + ret = ldb_dn_compose(local_ctx, ret, base); + } - talloc_free(key); - if(begin) { *begin = '\0'; } else { @@ -153,7 +148,7 @@ static char *reg_path_to_ldb(TALLOC_CTX *mem_ctx, struct registry_key *from, con } } - ret = talloc_asprintf_append(ret, "%s", kd->dn); + ret = ldb_dn_compose(local_ctx, ret, kd->dn); return ret; } @@ -170,7 +165,7 @@ static WERROR ldb_get_subkey_by_id(TALLOC_CTX *mem_ctx, struct registry_key *k, kd->subkey_count = ldb_search(c, kd->dn, LDB_SCOPE_ONELEVEL, "(key=*)", NULL, &kd->subkeys); if(kd->subkey_count < 0) { - DEBUG(0, ("Error getting subkeys for '%s': %s\n", kd->dn, ldb_errstring(c))); + DEBUG(0, ("Error getting subkeys for '%s': %s\n", ldb_dn_linearize(mem_ctx, kd->dn), ldb_errstring(c))); return WERR_FOOBAR; } } @@ -185,7 +180,7 @@ static WERROR ldb_get_subkey_by_id(TALLOC_CTX *mem_ctx, struct registry_key *k, (*subkey)->backend_data = newkd = talloc_zero(*subkey, struct ldb_key_data); (*subkey)->last_mod = 0; /* TODO: we need to add this to the ldb backend properly */ - newkd->dn = talloc_strdup(mem_ctx, kd->subkeys[idx]->dn); + newkd->dn = ldb_dn_copy(mem_ctx, kd->subkeys[idx]->dn); return WERR_OK; } @@ -200,7 +195,7 @@ static WERROR ldb_get_value_by_id(TALLOC_CTX *mem_ctx, struct registry_key *k, i kd->value_count = ldb_search(c, kd->dn, LDB_SCOPE_ONELEVEL, "(value=*)", NULL,&kd->values); if(kd->value_count < 0) { - DEBUG(0, ("Error getting values for '%s': %s\n", kd->dn, ldb_errstring(c))); + DEBUG(0, ("Error getting values for '%s': %s\n", ldb_dn_linearize(mem_ctx, kd->dn), ldb_errstring(c))); return WERR_FOOBAR; } } @@ -218,18 +213,18 @@ static WERROR ldb_open_key(TALLOC_CTX *mem_ctx, struct registry_key *h, const ch { struct ldb_context *c = h->hive->backend_data; struct ldb_message **msg; - char *ldap_path; + struct ldb_dn *ldap_path; int ret; struct ldb_key_data *newkd; ldap_path = reg_path_to_ldb(mem_ctx, h, name, NULL); - ret = ldb_search(c, ldap_path, LDB_SCOPE_BASE, "(key=*)", NULL,&msg); + ret = ldb_search(c, ldap_path, LDB_SCOPE_BASE, "(key=*)", NULL, &msg); if(ret == 0) { return WERR_BADFILE; } else if(ret < 0) { - DEBUG(0, ("Error opening key '%s': %s\n", ldap_path, ldb_errstring(c))); + DEBUG(0, ("Error opening key '%s': %s\n", ldb_dn_linearize(ldap_path, ldap_path), ldb_errstring(c))); return WERR_FOOBAR; } @@ -237,7 +232,7 @@ static WERROR ldb_open_key(TALLOC_CTX *mem_ctx, struct registry_key *h, const ch talloc_set_destructor(*key, reg_close_ldb_key); (*key)->name = talloc_strdup(mem_ctx, strrchr(name, '\\')?strchr(name, '\\'):name); (*key)->backend_data = newkd = talloc_zero(*key, struct ldb_key_data); - newkd->dn = talloc_strdup(mem_ctx, msg[0]->dn); + newkd->dn = ldb_dn_copy(mem_ctx, msg[0]->dn); talloc_free(msg); @@ -265,7 +260,7 @@ static WERROR ldb_open_hive(struct registry_hive *hive, struct registry_key **k) talloc_set_destructor (hive, ldb_free_hive); (*k)->name = talloc_strdup(*k, ""); (*k)->backend_data = kd = talloc_zero(*k, struct ldb_key_data); - kd->dn = talloc_strdup(*k, "hive=NONE"); + kd->dn = ldb_dn_explode(*k, "hive=NONE"); return WERR_OK; @@ -303,11 +298,12 @@ static WERROR ldb_del_key (struct registry_key *key, const char *child) { int ret; struct ldb_key_data *kd = key->backend_data; - char *childdn = talloc_asprintf(NULL, "key=%s,%s", child, kd->dn); + TALLOC_CTX *local_ctx = talloc_named(NULL, 0, "ldb_del_key mem ctx"); + struct ldb_dn *childdn = ldb_dn_build_child(local_ctx, "key", child, kd->dn); ret = ldb_delete(key->hive->backend_data, childdn); - talloc_free(childdn); + talloc_free(local_ctx); if (ret < 0) { DEBUG(1, ("ldb_del_key: %s\n", ldb_errstring(key->hive->backend_data))); @@ -321,11 +317,12 @@ static WERROR ldb_del_value (struct registry_key *key, const char *child) { int ret; struct ldb_key_data *kd = key->backend_data; - char *childdn = talloc_asprintf(NULL, "value=%s,%s", child, kd->dn); + TALLOC_CTX *local_ctx = talloc_named(NULL, 0, "ldb_del_value mem ctx"); + struct ldb_dn *childdn = ldb_dn_build_child(local_ctx, "value", child, kd->dn); ret = ldb_delete(key->hive->backend_data, childdn); - talloc_free(childdn); + talloc_free(local_ctx); if (ret < 0) { DEBUG(1, ("ldb_del_value: %s\n", ldb_errstring(key->hive->backend_data))); @@ -345,7 +342,7 @@ static WERROR ldb_set_value (struct registry_key *parent, const char *name, uint msg = reg_ldb_pack_value(ctx, mem_ctx, name, type, data, len); - msg->dn = talloc_asprintf(mem_ctx, "value=%s,%s", name, kd->dn); + msg->dn = ldb_dn_build_child(msg, "value", name, kd->dn); ret = ldb_add(ctx, msg); if (ret < 0) { diff --git a/source4/libnet/libnet_join.c b/source4/libnet/libnet_join.c index b72577fa84..cef74492b8 100644 --- a/source4/libnet/libnet_join.c +++ b/source4/libnet/libnet_join.c @@ -91,7 +91,7 @@ NTSTATUS libnet_JoinDomain(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, stru struct dom_sid *domain_sid; const char *domain_name; const char *realm = NULL; /* Also flag for remote being AD */ - const char *account_dn; + const struct ldb_dn *account_dn; char *remote_ldb_url; struct ldb_message **msgs, *msg; @@ -561,8 +561,13 @@ NTSTATUS libnet_JoinDomain(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, stru return NT_STATUS_UNSUCCESSFUL; } - account_dn = r_crack_names.out.ctr.ctr1->array[0].result_name; - + account_dn = ldb_dn_explode(mem_ctx, r_crack_names.out.ctr.ctr1->array[0].result_name); + if (account_dn == NULL) { + r->out.error_string + = talloc_asprintf(mem_ctx, "Invalid account dn: %s", + r_crack_names.out.ctr.ctr1->array[0].result_name); + return NT_STATUS_UNSUCCESSFUL; + } /* Now we know the user's DN, open with LDAP, read and modify a few things */ @@ -581,8 +586,8 @@ NTSTATUS libnet_JoinDomain(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, stru if (ldb_ret != 1) { r->out.error_string = talloc_asprintf(mem_ctx, - "ldb_search for %s failed - %s\n", - account_dn, + "ldb_search for %s failed - %s\n", + ldb_dn_linearize(mem_ctx, account_dn), ldb_errstring(remote_ldb)); return NT_STATUS_UNSUCCESSFUL; } @@ -615,7 +620,7 @@ NTSTATUS libnet_JoinDomain(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, stru r->out.error_string = talloc_asprintf(mem_ctx, "Failed to replace entries on %s\n", - msg->dn); + ldb_dn_linearize(mem_ctx, msg->dn)); return NT_STATUS_INTERNAL_DB_CORRUPTION; } } @@ -635,7 +640,7 @@ static NTSTATUS libnet_Join_primary_domain(struct libnet_context *ctx, struct ldb_context *ldb; struct libnet_JoinDomain r2; - const char *base_dn = "cn=Primary Domains"; + const struct ldb_dn *base_dn = ldb_dn_explode(mem_ctx, "cn=Primary Domains"); const struct ldb_val *prior_secret; const struct ldb_val *prior_modified_time; struct ldb_message **msgs, *msg; @@ -679,13 +684,12 @@ static NTSTATUS libnet_Join_primary_domain(struct libnet_context *ctx, /* search for the secret record */ ret = gendb_search(ldb, - mem_ctx, base_dn, &msgs, attrs, + mem_ctx, base_dn, + &msgs, attrs, "(|" SECRETS_PRIMARY_DOMAIN_FILTER "(realm=%s))", r2.out.domain_name, r2.out.realm); - msg->dn = talloc_asprintf(mem_ctx, "flatname=%s,%s", - r2.out.domain_name, - base_dn); + msg->dn = ldb_dn_build_child(mem_ctx, "flatname", r2.out.domain_name, base_dn); samdb_msg_add_string(ldb, mem_ctx, msg, "flatname", r2.out.domain_name); if (r2.out.realm) { @@ -739,7 +743,7 @@ static NTSTATUS libnet_Join_primary_domain(struct libnet_context *ctx, r->out.error_string = talloc_asprintf(mem_ctx, "Failed to create secret record %s\n", - msg->dn); + ldb_dn_linearize(ldb, msg->dn)); return NT_STATUS_INTERNAL_DB_CORRUPTION; } return NT_STATUS_OK; diff --git a/source4/libnet/libnet_samsync_ldb.c b/source4/libnet/libnet_samsync_ldb.c index 691f621dfe..4ec7c60715 100644 --- a/source4/libnet/libnet_samsync_ldb.c +++ b/source4/libnet/libnet_samsync_ldb.c @@ -46,7 +46,7 @@ struct samsync_ldb_trusted_domain { struct samsync_ldb_state { struct dom_sid *dom_sid[3]; struct ldb_context *sam_ldb; - char *base_dn[3]; + struct ldb_dn *base_dn[3]; struct samsync_ldb_secret *secrets; struct samsync_ldb_trusted_domain *trusted_domains; }; @@ -54,14 +54,15 @@ struct samsync_ldb_state { static NTSTATUS samsync_ldb_add_foreignSecurityPrincipal(TALLOC_CTX *mem_ctx, struct samsync_ldb_state *state, struct dom_sid *sid, - char **fsp_dn) + struct ldb_dn **fsp_dn) { const char *sidstr = dom_sid_string(mem_ctx, sid); /* We assume that ForeignSecurityPrincipals are under the BASEDN of the main domain */ - const char *basedn = samdb_search_string(state->sam_ldb, mem_ctx, state->base_dn[SAM_DATABASE_DOMAIN], - "dn", - "(&(objectClass=container)" - "(cn=ForeignSecurityPrincipals))"); + struct ldb_dn *basedn = ldb_dn_explode(mem_ctx, + samdb_search_string(state->sam_ldb, mem_ctx, + state->base_dn[SAM_DATABASE_DOMAIN], + "dn", "(&(objectClass=container)" + "(cn=ForeignSecurityPrincipals))")); struct ldb_message *msg; int ret; @@ -81,7 +82,7 @@ static NTSTATUS samsync_ldb_add_foreignSecurityPrincipal(TALLOC_CTX *mem_ctx, } /* add core elements to the ldb_message for the alias */ - msg->dn = talloc_asprintf(mem_ctx, "CN=%s,%s", sidstr, basedn); + msg->dn = ldb_dn_build_child(mem_ctx, "CN", sidstr, basedn); if (msg->dn == NULL) return NT_STATUS_NO_MEMORY; @@ -95,7 +96,9 @@ static NTSTATUS samsync_ldb_add_foreignSecurityPrincipal(TALLOC_CTX *mem_ctx, ret = samdb_add(state->sam_ldb, mem_ctx, msg); if (ret != 0) { DEBUG(0,("Failed to create foreignSecurityPrincipal " - "record %s: %s\n", msg->dn, ldb_errstring(state->sam_ldb))); + "record %s: %s\n", + ldb_dn_linearize(mem_ctx, msg->dn), + ldb_errstring(state->sam_ldb))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } return NT_STATUS_OK; @@ -134,8 +137,8 @@ static NTSTATUS samsync_ldb_handle_domain(TALLOC_CTX *mem_ctx, state->dom_sid[database] = talloc_steal(state, samdb_search_dom_sid(state->sam_ldb, state, - state->base_dn[database], "objectSid", - "dn=%s", state->base_dn[database])); + state->base_dn[database], "objectSid", "dn=%s", + ldb_dn_linearize(mem_ctx, state->base_dn[database]))); } else if (database == SAM_DATABASE_BUILTIN) { /* work out the builtin_dn - useful for so many calls its worth fetching here */ @@ -220,8 +223,8 @@ static NTSTATUS samsync_ldb_handle_user(TALLOC_CTX *mem_ctx, } /* search for the user, by rid */ - ret = gendb_search(state->sam_ldb, mem_ctx, state->base_dn[database], &msgs, attrs, - "(&(objectClass=user)(objectSid=%s))", + ret = gendb_search(state->sam_ldb, mem_ctx, state->base_dn[database], + &msgs, attrs, "(&(objectClass=user)(objectSid=%s))", ldap_encode_ndr_dom_sid(mem_ctx, dom_sid_add_rid(mem_ctx, state->dom_sid[database], rid))); if (ret == -1) { @@ -334,21 +337,26 @@ static NTSTATUS samsync_ldb_handle_user(TALLOC_CTX *mem_ctx, if (add) { samdb_msg_add_string(state->sam_ldb, mem_ctx, msg, "objectClass", obj_class); - msg->dn = talloc_asprintf(mem_ctx, "CN=%s,CN=%s,%s", - cn_name, container, state->base_dn[database]); + msg->dn = ldb_dn_build_child(mem_ctx, + "CN", cn_name, + ldb_dn_build_child(mem_ctx, + "CN", container, + state->base_dn[database])); if (!msg->dn) { return NT_STATUS_NO_MEMORY; } ret = samdb_add(state->sam_ldb, mem_ctx, msg); if (ret != 0) { - DEBUG(0,("Failed to create user record %s\n", msg->dn)); + DEBUG(0,("Failed to create user record %s\n", + ldb_dn_linearize(mem_ctx, msg->dn))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } } else { ret = samdb_replace(state->sam_ldb, mem_ctx, msg); if (ret != 0) { - DEBUG(0,("Failed to modify user record %s\n", msg->dn)); + DEBUG(0,("Failed to modify user record %s\n", + ldb_dn_linearize(mem_ctx, msg->dn))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } } @@ -368,8 +376,8 @@ static NTSTATUS samsync_ldb_delete_user(TALLOC_CTX *mem_ctx, const char *attrs[] = { NULL }; /* search for the user, by rid */ - ret = gendb_search(state->sam_ldb, mem_ctx, state->base_dn[database], &msgs, attrs, - "(&(objectClass=user)(objectSid=%s))", + ret = gendb_search(state->sam_ldb, mem_ctx, state->base_dn[database], + &msgs, attrs, "(&(objectClass=user)(objectSid=%s))", ldap_encode_ndr_dom_sid(mem_ctx, dom_sid_add_rid(mem_ctx, state->dom_sid[database], rid))); if (ret == -1) { @@ -388,7 +396,9 @@ static NTSTATUS samsync_ldb_delete_user(TALLOC_CTX *mem_ctx, ret = samdb_delete(state->sam_ldb, mem_ctx, msgs[0]->dn); if (ret != 0) { - DEBUG(0,("Failed to delete user record %s: %s\n", msgs[0]->dn, ldb_errstring(state->sam_ldb))); + DEBUG(0,("Failed to delete user record %s: %s\n", + ldb_dn_linearize(mem_ctx, msgs[0]->dn), + ldb_errstring(state->sam_ldb))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } @@ -467,21 +477,28 @@ static NTSTATUS samsync_ldb_handle_group(TALLOC_CTX *mem_ctx, if (add) { samdb_msg_add_string(state->sam_ldb, mem_ctx, msg, "objectClass", obj_class); - msg->dn = talloc_asprintf(mem_ctx, "CN=%s,CN=%s,%s", - cn_name, container, state->base_dn[database]); + msg->dn = ldb_dn_build_child(mem_ctx, + "CN", cn_name, + ldb_dn_build_child(mem_ctx, + "CN", container, + state->base_dn[database])); if (!msg->dn) { return NT_STATUS_NO_MEMORY; } ret = samdb_add(state->sam_ldb, mem_ctx, msg); if (ret != 0) { - DEBUG(0,("Failed to create group record %s: %s\n", msg->dn, ldb_errstring(state->sam_ldb))); + DEBUG(0,("Failed to create group record %s: %s\n", + ldb_dn_linearize(mem_ctx, msg->dn), + ldb_errstring(state->sam_ldb))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } } else { ret = samdb_replace(state->sam_ldb, mem_ctx, msg); if (ret != 0) { - DEBUG(0,("Failed to modify group record %s: %s\n", msg->dn, ldb_errstring(state->sam_ldb))); + DEBUG(0,("Failed to modify group record %s: %s\n", + ldb_dn_linearize(mem_ctx, msg->dn), + ldb_errstring(state->sam_ldb))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } } @@ -521,7 +538,9 @@ static NTSTATUS samsync_ldb_delete_group(TALLOC_CTX *mem_ctx, ret = samdb_delete(state->sam_ldb, mem_ctx, msgs[0]->dn); if (ret != 0) { - DEBUG(0,("Failed to delete group record %s: %s\n", msgs[0]->dn, ldb_errstring(state->sam_ldb))); + DEBUG(0,("Failed to delete group record %s: %s\n", + ldb_dn_linearize(mem_ctx, msgs[0]->dn), + ldb_errstring(state->sam_ldb))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } @@ -584,7 +603,7 @@ static NTSTATUS samsync_ldb_handle_group_member(TALLOC_CTX *mem_ctx, } else if (ret > 1) { return NT_STATUS_INTERNAL_DB_CORRUPTION; } else { - samdb_msg_add_string(state->sam_ldb, mem_ctx, msg, "member", msgs[0]->dn); + samdb_msg_add_string(state->sam_ldb, mem_ctx, msg, "member", ldb_dn_linearize(mem_ctx, msgs[0]->dn)); } talloc_free(msgs); @@ -592,7 +611,9 @@ static NTSTATUS samsync_ldb_handle_group_member(TALLOC_CTX *mem_ctx, ret = samdb_replace(state->sam_ldb, mem_ctx, msg); if (ret != 0) { - DEBUG(0,("Failed to modify group record %s: %s\n", msg->dn, ldb_errstring(state->sam_ldb))); + DEBUG(0,("Failed to modify group record %s: %s\n", + ldb_dn_linearize(mem_ctx, msg->dn), + ldb_errstring(state->sam_ldb))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } @@ -673,21 +694,28 @@ static NTSTATUS samsync_ldb_handle_alias(TALLOC_CTX *mem_ctx, if (add) { samdb_msg_add_string(state->sam_ldb, mem_ctx, msg, "objectClass", obj_class); - msg->dn = talloc_asprintf(mem_ctx, "CN=%s,CN=%s,%s", - cn_name, container, state->base_dn[database]); + msg->dn = ldb_dn_build_child(mem_ctx, + "CN", cn_name, + ldb_dn_build_child(mem_ctx, + "CN", container, + state->base_dn[database])); if (!msg->dn) { return NT_STATUS_NO_MEMORY; } ret = samdb_add(state->sam_ldb, mem_ctx, msg); if (ret != 0) { - DEBUG(0,("Failed to create alias record %s: %s\n", msg->dn, ldb_errstring(state->sam_ldb))); + DEBUG(0,("Failed to create alias record %s: %s\n", + ldb_dn_linearize(mem_ctx, msg->dn), + ldb_errstring(state->sam_ldb))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } } else { ret = samdb_replace(state->sam_ldb, mem_ctx, msg); if (ret != 0) { - DEBUG(0,("Failed to modify alias record %s: %s\n", msg->dn, ldb_errstring(state->sam_ldb))); + DEBUG(0,("Failed to modify alias record %s: %s\n", + ldb_dn_linearize(mem_ctx, msg->dn), + ldb_errstring(state->sam_ldb))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } } @@ -722,7 +750,9 @@ static NTSTATUS samsync_ldb_delete_alias(TALLOC_CTX *mem_ctx, ret = samdb_delete(state->sam_ldb, mem_ctx, msgs[0]->dn); if (ret != 0) { - DEBUG(0,("Failed to delete alias record %s: %s\n", msgs[0]->dn, ldb_errstring(state->sam_ldb))); + DEBUG(0,("Failed to delete alias record %s: %s\n", + ldb_dn_linearize(mem_ctx, msgs[0]->dn), + ldb_errstring(state->sam_ldb))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } @@ -772,7 +802,7 @@ static NTSTATUS samsync_ldb_handle_alias_member(TALLOC_CTX *mem_ctx, talloc_free(msgs); for (i=0; i<alias_member->sids.num_sids; i++) { - char *alias_member_dn; + struct ldb_dn *alias_member_dn; /* search for members, in the top basedn (normal users are builtin aliases) */ ret = gendb_search(state->sam_ldb, mem_ctx, state->base_dn[SAM_DATABASE_DOMAIN], &msgs, attrs, "(objectSid=%s)", @@ -794,14 +824,16 @@ static NTSTATUS samsync_ldb_handle_alias_member(TALLOC_CTX *mem_ctx, } else { alias_member_dn = msgs[0]->dn; } - samdb_msg_add_string(state->sam_ldb, mem_ctx, msg, "member", alias_member_dn); + samdb_msg_add_string(state->sam_ldb, mem_ctx, msg, "member", ldb_dn_linearize(mem_ctx, alias_member_dn)); talloc_free(msgs); } ret = samdb_replace(state->sam_ldb, mem_ctx, msg); if (ret != 0) { - DEBUG(0,("Failed to modify group record %s: %s\n", msg->dn, ldb_errstring(state->sam_ldb))); + DEBUG(0,("Failed to modify group record %s: %s\n", + ldb_dn_linearize(mem_ctx, msg->dn), + ldb_errstring(state->sam_ldb))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } @@ -819,7 +851,7 @@ static NTSTATUS samsync_ldb_handle_account(TALLOC_CTX *mem_ctx, struct ldb_message *msg; struct ldb_message **msgs; - char *privilage_dn; + struct ldb_dn *privilege_dn; int ret; const char *attrs[] = { NULL }; int i; @@ -840,8 +872,8 @@ static NTSTATUS samsync_ldb_handle_account(TALLOC_CTX *mem_ctx, NTSTATUS nt_status; nt_status = samsync_ldb_add_foreignSecurityPrincipal(mem_ctx, state, sid, - &privilage_dn); - privilage_dn = talloc_steal(msg, privilage_dn); + &privilege_dn); + privilege_dn = talloc_steal(msg, privilege_dn); if (!NT_STATUS_IS_OK(nt_status)) { return nt_status; } @@ -850,19 +882,20 @@ static NTSTATUS samsync_ldb_handle_account(TALLOC_CTX *mem_ctx, dom_sid_string(mem_ctx, sid))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } else { - privilage_dn = talloc_steal(msg, msgs[0]->dn); + privilege_dn = talloc_steal(msg, msgs[0]->dn); } - msg->dn = privilage_dn; + msg->dn = privilege_dn; for (i=0; i< account->privilege_entries; i++) { - samdb_msg_add_string(state->sam_ldb, mem_ctx, msg, "privilage", + samdb_msg_add_string(state->sam_ldb, mem_ctx, msg, "privilege", account->privilege_name[i].string); } ret = samdb_replace(state->sam_ldb, mem_ctx, msg); if (ret != 0) { - DEBUG(0,("Failed to modify privilage record %s\n", msg->dn)); + DEBUG(0,("Failed to modify privilege record %s\n", + ldb_dn_linearize(mem_ctx, msg->dn))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } @@ -910,7 +943,8 @@ static NTSTATUS samsync_ldb_delete_account(TALLOC_CTX *mem_ctx, ret = samdb_replace(state->sam_ldb, mem_ctx, msg); if (ret != 0) { - DEBUG(0,("Failed to modify privilage record %s\n", msg->dn)); + DEBUG(0,("Failed to modify privilege record %s\n", + ldb_dn_linearize(mem_ctx, msg->dn))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } diff --git a/source4/nbt_server/dgram/netlogon.c b/source4/nbt_server/dgram/netlogon.c index b484ca4a77..ab2f1cc579 100644 --- a/source4/nbt_server/dgram/netlogon.c +++ b/source4/nbt_server/dgram/netlogon.c @@ -125,10 +125,11 @@ static void nbtd_netlogon_getdc2(struct dgram_mailslot_handler *dgmslot, /* try and find the domain */ ret = gendb_search_dn(samctx, samctx, - samdb_result_string(ref_res[0], "ncName", NULL), + samdb_result_dn(samctx, ref_res[0], "ncName", NULL), &dom_res, dom_attrs); if (ret != 1) { - DEBUG(2,("Unable to find domain from reference '%s' in sam\n", ref_res[0]->dn)); + DEBUG(2,("Unable to find domain from reference '%s' in sam\n", + ldb_dn_linearize(samctx, ref_res[0]->dn))); return; } diff --git a/source4/nbt_server/wins/winsdb.c b/source4/nbt_server/wins/winsdb.c index c46c4c571e..a83c60c3e7 100644 --- a/source4/nbt_server/wins/winsdb.c +++ b/source4/nbt_server/wins/winsdb.c @@ -37,7 +37,7 @@ static BOOL winsdb_save_version(struct wins_server *winssrv) struct ldb_message *msg = ldb_msg_new(winssrv); if (msg == NULL) goto failed; - msg->dn = talloc_strdup(msg, "CN=VERSION"); + msg->dn = ldb_dn_explode(msg, "CN=VERSION"); if (msg->dn == NULL) goto failed; ret |= ldb_msg_add_fmt(ldb, msg, "minVersion", "%llu", winssrv->min_version); @@ -184,7 +184,7 @@ static struct ldb_message *winsdb_message(struct wins_server *winssrv, struct ldb_message *msg = ldb_msg_new(mem_ctx); if (msg == NULL) goto failed; - msg->dn = winsdb_dn(msg, rec->name); + msg->dn = ldb_dn_explode(msg, winsdb_dn(msg, rec->name)); if (msg->dn == NULL) goto failed; ret |= ldb_msg_add_fmt(ldb, msg, "objectClass", "wins"); ret |= ldb_msg_add_fmt(ldb, msg, "active", "%u", rec->state); @@ -272,11 +272,11 @@ uint8_t winsdb_delete(struct wins_server *winssrv, struct winsdb_record *rec) struct ldb_context *ldb = winssrv->wins_db; TALLOC_CTX *tmp_ctx = talloc_new(winssrv); int ret; - const char *dn; + const struct ldb_dn *dn; winsdb_remove_version(winssrv, rec->version); - dn = winsdb_dn(tmp_ctx, rec->name); + dn = ldb_dn_explode(tmp_ctx, winsdb_dn(tmp_ctx, rec->name)); if (dn == NULL) goto failed; ret = ldb_delete(ldb, dn); diff --git a/source4/ntptr/simple_ldb/ntptr_simple_ldb.c b/source4/ntptr/simple_ldb/ntptr_simple_ldb.c index bd3443e199..c0ae2e078d 100644 --- a/source4/ntptr/simple_ldb/ntptr_simple_ldb.c +++ b/source4/ntptr/simple_ldb/ntptr_simple_ldb.c @@ -45,14 +45,14 @@ static struct ldb_context *sptr_db_connect(TALLOC_CTX *mem_ctx) static int sptr_db_search(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, - const char *basedn, + const struct ldb_dn *basedn, struct ldb_message ***res, const char * const *attrs, const char *format, ...) PRINTF_ATTRIBUTE(6,7); static int sptr_db_search(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, - const char *basedn, + const struct ldb_dn *basedn, struct ldb_message ***res, const char * const *attrs, const char *format, ...) @@ -222,8 +222,9 @@ static WERROR sptr_EnumPrintServerForms(struct ntptr_GenericHandle *server, TALL int i; union spoolss_FormInfo *info; - count = sptr_db_search(sptr_db, mem_ctx, "CN=Forms,CN=PrintServer", &msgs, NULL, - "(&(objectClass=form))"); + count = sptr_db_search(sptr_db, mem_ctx, + ldb_dn_explode(mem_ctx, "CN=Forms,CN=PrintServer"), + &msgs, NULL, "(&(objectClass=form))"); if (count == 0) return WERR_OK; if (count < 0) return WERR_GENERAL_FAILURE; @@ -276,8 +277,9 @@ static WERROR sptr_AddPrintServerForm(struct ntptr_GenericHandle *server, TALLOC if (!r->in.info.info1) { return WERR_FOOBAR; } - count = sptr_db_search(sptr_db, mem_ctx, "CN=Forms,CN=PrintServer", &msgs, attrs, - "(&(form-name=%s)(objectClass=form))", + count = sptr_db_search(sptr_db, mem_ctx, + ldb_dn_explode(mem_ctx, "CN=Forms,CN=PrintServer"), + &msgs, attrs, "(&(form-name=%s)(objectClass=form))", r->in.info.info1->form_name); if (count == 1) return WERR_FOOBAR; @@ -292,8 +294,9 @@ static WERROR sptr_AddPrintServerForm(struct ntptr_GenericHandle *server, TALLOC W_ERROR_HAVE_NO_MEMORY(msg); /* add core elements to the ldb_message for the Form */ - msg->dn = talloc_asprintf(msg, "form-name=%s,CN=Forms,CN=PrintServer", - r->in.info.info1->form_name); + msg->dn = ldb_dn_build_child(msg, + "form-name", r->in.info.info1->form_name, + ldb_dn_explode(msg, "CN=Forms,CN=PrintServer")); SET_STRING(sptr_db, msg, "objectClass", "form"); SET_UINT(sptr_db, msg, "flags", r->in.info.info1->flags); @@ -341,8 +344,9 @@ static WERROR sptr_SetPrintServerForm(struct ntptr_GenericHandle *server, TALLOC return WERR_FOOBAR; } - count = sptr_db_search(sptr_db, mem_ctx, "CN=Forms,CN=PrintServer", &msgs, attrs, - "(&(form-name=%s)(objectClass=form))", + count = sptr_db_search(sptr_db, mem_ctx, + ldb_dn_explode(mem_ctx, "CN=Forms,CN=PrintServer"), + &msgs, attrs, "(&(form-name=%s)(objectClass=form))", r->in.info.info1->form_name); if (count == 0) return WERR_FOOBAR; @@ -403,8 +407,9 @@ static WERROR sptr_DeletePrintServerForm(struct ntptr_GenericHandle *server, TAL return WERR_FOOBAR; } - count = sptr_db_search(sptr_db, mem_ctx, "CN=Forms,CN=PrintServer", &msgs, attrs, - "(&(form-name=%s)(objectclass=form))", + count = sptr_db_search(sptr_db, mem_ctx, + ldb_dn_explode(mem_ctx, "CN=Forms,CN=PrintServer"), + &msgs, attrs, "(&(form-name=%s)(objectclass=form))", r->in.form_name); if (count == 0) return WERR_FOOBAR; @@ -695,7 +700,7 @@ static WERROR sptr_GetPrinterForm(struct ntptr_GenericHandle *printer, TALLOC_CT { struct ldb_context *sptr_db = talloc_get_type(printer->ntptr->private_data, struct ldb_context); struct ldb_message **msgs; - const char *base_dn; + const struct ldb_dn *base_dn; int count; union spoolss_FormInfo *info; @@ -705,7 +710,11 @@ static WERROR sptr_GetPrinterForm(struct ntptr_GenericHandle *printer, TALLOC_CT * } */ - base_dn = talloc_asprintf(mem_ctx, "CN=Forms,CN=%s,CN=Printers", printer->object_name); + base_dn = ldb_dn_compose_string_dn(mem_ctx, + "CN=Forms", + ldb_dn_build_child(mem_ctx, + "CN", printer->object_name, + ldb_dn_explode(mem_ctx, "CN=Printers"))); W_ERROR_HAVE_NO_MEMORY(base_dn); count = sptr_db_search(sptr_db, mem_ctx, base_dn, &msgs, NULL, diff --git a/source4/rpc_server/drsuapi/drsuapi_cracknames.c b/source4/rpc_server/drsuapi/drsuapi_cracknames.c index e9b78b184b..b6a9105be5 100644 --- a/source4/rpc_server/drsuapi/drsuapi_cracknames.c +++ b/source4/rpc_server/drsuapi/drsuapi_cracknames.c @@ -36,7 +36,7 @@ static WERROR DsCrackNameOneName(struct drsuapi_bind_state *b_state, TALLOC_CTX const char *domain_filter = NULL; const char * const *domain_attrs; struct ldb_message **domain_res = NULL; - const char *result_basedn = NULL; + const struct ldb_dn *result_basedn = NULL; const char *result_filter = NULL; const char * const *result_attrs; struct ldb_message **result_res = NULL; @@ -166,7 +166,7 @@ static WERROR DsCrackNameOneName(struct drsuapi_bind_state *b_state, TALLOC_CTX info1->status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY; if (result_filter) { - result_basedn = samdb_result_string(domain_res[0], "ncName", NULL); + result_basedn = samdb_result_dn(mem_ctx, domain_res[0], "ncName", NULL); ret = gendb_search(b_state->sam_ctx, mem_ctx, result_basedn, &result_res, result_attrs, "%s", result_filter); @@ -189,7 +189,7 @@ static WERROR DsCrackNameOneName(struct drsuapi_bind_state *b_state, TALLOC_CTX /* here we can use result_res[0] and domain_res[0] */ switch (format_desired) { case DRSUAPI_DS_NAME_FORMAT_FQDN_1779: { - info1->result_name = result_res[0]->dn; + info1->result_name = ldb_dn_linearize(mem_ctx, result_res[0]->dn); WERR_TALLOC_CHECK(info1->result_name); info1->status = DRSUAPI_DS_NAME_STATUS_OK; diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c index fef1c91c6f..9ee0d6faec 100644 --- a/source4/rpc_server/lsa/dcesrv_lsa.c +++ b/source4/rpc_server/lsa/dcesrv_lsa.c @@ -49,9 +49,9 @@ struct lsa_policy_state { struct ldb_context *sam_ldb; struct sidmap_context *sidmap; uint32_t access_mask; - const char *domain_dn; - const char *builtin_dn; - const char *system_dn; + const struct ldb_dn *domain_dn; + const struct ldb_dn *builtin_dn; + const struct ldb_dn *system_dn; const char *domain_name; struct dom_sid *domain_sid; struct dom_sid *builtin_sid; @@ -65,7 +65,7 @@ struct lsa_account_state { struct lsa_policy_state *policy; uint32_t access_mask; struct dom_sid *account_sid; - const char *account_dn; + const struct ldb_dn *account_dn; }; @@ -75,7 +75,7 @@ struct lsa_account_state { struct lsa_secret_state { struct lsa_policy_state *policy; uint32_t access_mask; - const char *secret_dn; + const struct ldb_dn *secret_dn; struct ldb_context *sam_ldb; BOOL global; }; @@ -86,7 +86,7 @@ struct lsa_secret_state { struct lsa_trusted_domain_state { struct lsa_policy_state *policy; uint32_t access_mask; - const char *trusted_domain_dn; + const struct ldb_dn *trusted_domain_dn; }; /* @@ -254,14 +254,14 @@ static NTSTATUS lsa_get_policy_state(struct dcesrv_call_state *dce_call, TALLOC_ /* work out the domain_dn - useful for so many calls its worth fetching here */ - state->domain_dn = talloc_steal(state, samdb_result_string(msgs_domain[0], "nCName", NULL)); + state->domain_dn = samdb_result_dn(state, msgs_domain[0], "nCName", NULL); if (!state->domain_dn) { return NT_STATUS_NO_SUCH_DOMAIN; } /* work out the builtin_dn - useful for so many calls its worth fetching here */ - state->builtin_dn = talloc_steal(state, + state->builtin_dn = ldb_dn_explode(state, samdb_search_string(state->sam_ldb, mem_ctx, NULL, "dn", "objectClass=builtinDomain")); if (!state->builtin_dn) { @@ -270,7 +270,7 @@ static NTSTATUS lsa_get_policy_state(struct dcesrv_call_state *dce_call, TALLOC_ /* work out the system_dn - useful for so many calls its worth fetching here */ - state->system_dn = talloc_steal(state, + state->system_dn = ldb_dn_explode(state, samdb_search_string(state->sam_ldb, mem_ctx, state->domain_dn, "dn", "(&(objectClass=container)(cn=System))")); if (!state->system_dn) { @@ -279,8 +279,8 @@ static NTSTATUS lsa_get_policy_state(struct dcesrv_call_state *dce_call, TALLOC_ state->domain_sid = talloc_steal(state, samdb_search_dom_sid(state->sam_ldb, state, - state->domain_dn, "objectSid", - "dn=%s", state->domain_dn)); + state->domain_dn, "objectSid", "dn=%s", + ldb_dn_linearize(mem_ctx, state->domain_dn))); if (!state->domain_sid) { return NT_STATUS_NO_SUCH_DOMAIN; } @@ -598,12 +598,14 @@ static NTSTATUS lsa_CreateTrustedDomain(struct dcesrv_call_state *dce_call, TALL } if (ret < 0 || ret > 1) { - DEBUG(0,("Found %d records matching DN %s\n", ret, policy_state->system_dn)); + DEBUG(0,("Found %d records matching DN %s\n", ret, + ldb_dn_linearize(mem_ctx, policy_state->system_dn))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } - msg->dn = talloc_asprintf(mem_ctx, "cn=%s,%s", r->in.info->name.string, - policy_state->system_dn); + msg->dn = ldb_dn_build_child(mem_ctx, "cn", + r->in.info->name.string, + policy_state->system_dn); if (!msg->dn) { return NT_STATUS_NO_MEMORY; } @@ -627,7 +629,8 @@ static NTSTATUS lsa_CreateTrustedDomain(struct dcesrv_call_state *dce_call, TALL /* create the trusted_domain */ ret = samdb_add(trusted_domain_state->policy->sam_ldb, mem_ctx, msg); if (ret != 0) { - DEBUG(0,("Failed to create trusted_domain record %s\n", msg->dn)); + DEBUG(0,("Failed to create trusted_domain record %s\n", + ldb_dn_linearize(mem_ctx, msg->dn))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } @@ -690,7 +693,8 @@ static NTSTATUS lsa_OpenTrustedDomain(struct dcesrv_call_state *dce_call, TALLOC } if (ret != 1) { - DEBUG(0,("Found %d records matching DN %s\n", ret, policy_state->system_dn)); + DEBUG(0,("Found %d records matching DN %s\n", ret, + ldb_dn_linearize(mem_ctx, policy_state->system_dn))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } @@ -755,7 +759,8 @@ static NTSTATUS lsa_OpenTrustedDomainByName(struct dcesrv_call_state *dce_call, } if (ret != 1) { - DEBUG(0,("Found %d records matching DN %s\n", ret, policy_state->system_dn)); + DEBUG(0,("Found %d records matching DN %s\n", ret, + ldb_dn_linearize(mem_ctx, policy_state->system_dn))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } @@ -1300,11 +1305,12 @@ static NTSTATUS lsa_OpenAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX * /* check it really exists */ astate->account_dn = - samdb_search_string(state->sam_ldb, astate, - NULL, "dn", - "(&(objectSid=%s)(objectClass=group))", - ldap_encode_ndr_dom_sid(mem_ctx, - astate->account_sid)); + ldb_dn_explode(mem_ctx, + samdb_search_string(state->sam_ldb, astate, + NULL, "dn", + "(&(objectSid=%s)(objectClass=group))", + ldap_encode_ndr_dom_sid(mem_ctx, + astate->account_sid))); if (astate->account_dn == NULL) { talloc_free(astate); return NT_STATUS_NO_SUCH_USER; @@ -1466,7 +1472,7 @@ static NTSTATUS lsa_AddRemoveAccountRights(struct dcesrv_call_state *dce_call, return NT_STATUS_NO_SUCH_USER; } - msg->dn = talloc_strdup(mem_ctx, dn); + msg->dn = ldb_dn_explode(mem_ctx, dn); if (msg->dn == NULL) { return NT_STATUS_NO_MEMORY; } @@ -1732,11 +1738,12 @@ static NTSTATUS lsa_CreateSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX } if (ret < 0 || ret > 1) { - DEBUG(0,("Found %d records matching DN %s\n", ret, policy_state->system_dn)); + DEBUG(0,("Found %d records matching DN %s\n", ret, + ldb_dn_linearize(mem_ctx, policy_state->system_dn))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } - msg->dn = talloc_asprintf(mem_ctx, "cn=%s,%s", name2, policy_state->system_dn); + msg->dn = ldb_dn_build_child(mem_ctx, "cn", name2, policy_state->system_dn); if (!name2 || !msg->dn) { return NT_STATUS_NO_MEMORY; } @@ -1753,20 +1760,24 @@ static NTSTATUS lsa_CreateSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX secret_state->sam_ldb = talloc_reference(secret_state, secrets_db_connect(mem_ctx)); /* search for the secret record */ - ret = gendb_search(secret_state->sam_ldb, - mem_ctx, "cn=LSA Secrets", &msgs, attrs, - "(&(cn=%s)(objectclass=secret))", - name); + ret = gendb_search(secret_state->sam_ldb, mem_ctx, + ldb_dn_explode(mem_ctx, "cn=LSA Secrets"), + &msgs, attrs, + "(&(cn=%s)(objectclass=secret))", name); if (ret > 0) { return NT_STATUS_OBJECT_NAME_COLLISION; } if (ret < 0 || ret > 1) { - DEBUG(0,("Found %d records matching DN %s\n", ret, policy_state->system_dn)); + DEBUG(0,("Found %d records matching DN %s\n", ret, + ldb_dn_linearize(mem_ctx, policy_state->system_dn))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } - msg->dn = talloc_asprintf(mem_ctx, "cn=%s,cn=LSA Secrets", name); + msg->dn = ldb_dn_build_child(mem_ctx, + "cn", name, + ldb_dn_build_child(mem_ctx, + "cn", "LSA Secrets", NULL)); samdb_msg_add_string(secret_state->sam_ldb, mem_ctx, msg, "cn", name); } @@ -1785,7 +1796,8 @@ static NTSTATUS lsa_CreateSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX /* create the secret */ ret = samdb_add(secret_state->sam_ldb, mem_ctx, msg); if (ret != 0) { - DEBUG(0,("Failed to create secret record %s\n", msg->dn)); + DEBUG(0,("Failed to create secret record %s\n", + ldb_dn_linearize(mem_ctx, msg->dn))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } @@ -1858,7 +1870,8 @@ static NTSTATUS lsa_OpenSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *m } if (ret != 1) { - DEBUG(0,("Found %d records matching DN %s\n", ret, policy_state->system_dn)); + DEBUG(0,("Found %d records matching DN %s\n", ret, + ldb_dn_linearize(mem_ctx, policy_state->system_dn))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } @@ -1872,16 +1885,17 @@ static NTSTATUS lsa_OpenSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *m } /* search for the secret record */ - ret = gendb_search(secret_state->sam_ldb, - mem_ctx, "cn=LSA Secrets", &msgs, attrs, - "(&(cn=%s)(objectclass=secret))", - name); + ret = gendb_search(secret_state->sam_ldb, mem_ctx, + ldb_dn_explode(mem_ctx, "cn=LSA Secrets"), + &msgs, attrs, + "(&(cn=%s)(objectclass=secret))", name); if (ret == 0) { return NT_STATUS_OBJECT_NAME_NOT_FOUND; } if (ret != 1) { - DEBUG(0,("Found %d records matching DN %s\n", ret, policy_state->system_dn)); + DEBUG(0,("Found %d records matching DN %s\n", ret, + ldb_dn_linearize(mem_ctx, policy_state->system_dn))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } } @@ -2032,7 +2046,8 @@ static NTSTATUS lsa_SetSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *me } if (ret != 1) { - DEBUG(0,("Found %d records matching dn=%s\n", ret, secret_state->secret_dn)); + DEBUG(0,("Found %d records matching dn=%s\n", ret, + ldb_dn_linearize(mem_ctx, secret_state->secret_dn))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index aad66ad314..cea645cd02 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -956,7 +956,7 @@ static NTSTATUS netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_call, TALL ret = gendb_search(sam_ctx, mem_ctx, NULL, &ref_res, ref_attrs, "(&(objectClass=crossRef)(ncName=%s))", - res1[0]->dn); + ldb_dn_linearize(mem_ctx, res1[0]->dn)); if (ret != 1) { return NT_STATUS_INTERNAL_DB_CORRUPTION; } @@ -1261,7 +1261,8 @@ static WERROR netr_DsrEnumerateDomainTrusts(struct dcesrv_call_state *dce_call, return WERR_GENERAL_FAILURE; } - ret = gendb_search(sam_ctx, mem_ctx, NULL, &dom_res, dom_attrs, "(&(objectClass=domainDNS)(dnsDomain=%s))", lp_realm()); + ret = gendb_search(sam_ctx, mem_ctx, NULL, &dom_res, dom_attrs, + "(&(objectClass=domainDNS)(dnsDomain=%s))", lp_realm()); if (ret == -1) { return WERR_GENERAL_FAILURE; } @@ -1270,7 +1271,9 @@ static WERROR netr_DsrEnumerateDomainTrusts(struct dcesrv_call_state *dce_call, return WERR_GENERAL_FAILURE; } - ret = gendb_search(sam_ctx, mem_ctx, NULL, &ref_res, ref_attrs, "(&(objectClass=crossRef)(ncName=%s))", dom_res[0]->dn); + ret = gendb_search(sam_ctx, mem_ctx, NULL, &ref_res, ref_attrs, + "(&(objectClass=crossRef)(ncName=%s))", + ldb_dn_linearize(mem_ctx, dom_res[0]->dn)); if (ret == -1) { return WERR_GENERAL_FAILURE; } diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c index 1e47199d20..81db2b386b 100644 --- a/source4/rpc_server/samr/dcesrv_samr.c +++ b/source4/rpc_server/samr/dcesrv_samr.c @@ -191,7 +191,8 @@ static NTSTATUS samr_LookupDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX } ret = gendb_search_dn(c_state->sam_ctx, mem_ctx, - samdb_result_string(ref_msgs[0], "ncName", NULL), + samdb_result_dn(mem_ctx, + ref_msgs[0], "ncName", NULL), &dom_msgs, dom_attrs); } @@ -274,7 +275,7 @@ static NTSTATUS samr_EnumDomains(struct dcesrv_call_state *dce_call, TALLOC_CTX ret = gendb_search(c_state->sam_ctx, mem_ctx, NULL, &ref_msgs, ref_attrs, "(&(objectClass=crossRef)(ncName=%s))", - dom_msgs[i]->dn); + ldb_dn_linearize(mem_ctx, dom_msgs[i]->dn)); if (ret == 1) { array->entries[i].name.string = samdb_result_string(ref_msgs[0], "nETBIOSName", NULL); } else { @@ -339,7 +340,7 @@ static NTSTATUS samr_OpenDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX * ret = gendb_search(c_state->sam_ctx, mem_ctx, NULL, &ref_msgs, ref_attrs, "(&(&(nETBIOSName=*)(objectclass=crossRef))(ncName=%s))", - dom_msgs[0]->dn); + ldb_dn_linearize(mem_ctx, dom_msgs[0]->dn)); if (ret != 1) { return NT_STATUS_NO_SUCH_DOMAIN; } @@ -359,7 +360,7 @@ static NTSTATUS samr_OpenDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX * d_state->sam_ctx = c_state->sam_ctx; d_state->domain_sid = dom_sid_dup(d_state, r->in.sid); d_state->domain_name = talloc_strdup(d_state, domain_name); - d_state->domain_dn = talloc_strdup(d_state, dom_msgs[0]->dn); + d_state->domain_dn = ldb_dn_copy(d_state, dom_msgs[0]->dn); if (!d_state->domain_sid || !d_state->domain_name || !d_state->domain_dn) { talloc_free(d_state); return NT_STATUS_NO_MEMORY; @@ -553,8 +554,11 @@ static NTSTATUS samr_CreateDomainGroup(struct dcesrv_call_state *dce_call, TALLO } /* add core elements to the ldb_message for the user */ - msg->dn = talloc_asprintf(mem_ctx, "CN=%s,CN=Users,%s", groupname, - d_state->domain_dn); + msg->dn = ldb_dn_build_child(mem_ctx, + "CN", groupname, + ldb_dn_build_child(mem_ctx, + "CN", "Users", + d_state->domain_dn)); if (!msg->dn) { return NT_STATUS_NO_MEMORY; } @@ -564,7 +568,8 @@ static NTSTATUS samr_CreateDomainGroup(struct dcesrv_call_state *dce_call, TALLO /* create the group */ ret = samdb_add(d_state->sam_ctx, mem_ctx, msg); if (ret != 0) { - DEBUG(0,("Failed to create group record %s\n", msg->dn)); + DEBUG(0,("Failed to create group record %s\n", + ldb_dn_linearize(mem_ctx, msg->dn))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } @@ -579,7 +584,8 @@ static NTSTATUS samr_CreateDomainGroup(struct dcesrv_call_state *dce_call, TALLO /* retrieve the sid for the group just created */ sid = samdb_search_dom_sid(d_state->sam_ctx, a_state, - msg->dn, "objectSid", "dn=%s", msg->dn); + msg->dn, "objectSid", "dn=%s", + ldb_dn_linearize(mem_ctx, msg->dn)); if (sid == NULL) { return NT_STATUS_UNSUCCESSFUL; } @@ -789,7 +795,7 @@ static NTSTATUS samr_CreateUser2(struct dcesrv_call_state *dce_call, TALLOC_CTX } /* add core elements to the ldb_message for the user */ - msg->dn = talloc_asprintf(mem_ctx, "CN=%s,CN=%s,%s", cn_name, container, d_state->domain_dn); + msg->dn = ldb_dn_build_child(mem_ctx, "CN", cn_name, ldb_dn_build_child(mem_ctx, "CN", container, d_state->domain_dn)); if (!msg->dn) { return NT_STATUS_NO_MEMORY; } @@ -798,7 +804,8 @@ static NTSTATUS samr_CreateUser2(struct dcesrv_call_state *dce_call, TALLOC_CTX /* create the user */ ret = samdb_add(d_state->sam_ctx, mem_ctx, msg); if (ret != 0) { - DEBUG(0,("Failed to create user record %s\n", msg->dn)); + DEBUG(0,("Failed to create user record %s\n", + ldb_dn_linearize(mem_ctx, msg->dn))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } @@ -813,7 +820,7 @@ static NTSTATUS samr_CreateUser2(struct dcesrv_call_state *dce_call, TALLOC_CTX /* retrieve the sid for the user just created */ sid = samdb_search_dom_sid(d_state->sam_ctx, a_state, - msg->dn, "objectSid", "dn=%s", msg->dn); + msg->dn, "objectSid", "dn=%s", ldb_dn_linearize(mem_ctx, msg->dn)); if (sid == NULL) { return NT_STATUS_UNSUCCESSFUL; } @@ -984,8 +991,11 @@ static NTSTATUS samr_CreateDomAlias(struct dcesrv_call_state *dce_call, TALLOC_C } /* add core elements to the ldb_message for the alias */ - msg->dn = talloc_asprintf(mem_ctx, "CN=%s,CN=Users,%s", alias_name, - d_state->domain_dn); + msg->dn = ldb_dn_build_child(mem_ctx, + "CN", alias_name, + ldb_dn_build_child(mem_ctx, + "CN", "Users", + d_state->domain_dn)); if (!msg->dn) { return NT_STATUS_NO_MEMORY; } @@ -997,7 +1007,8 @@ static NTSTATUS samr_CreateDomAlias(struct dcesrv_call_state *dce_call, TALLOC_C /* create the alias */ ret = samdb_add(d_state->sam_ctx, mem_ctx, msg); if (ret != 0) { - DEBUG(0,("Failed to create alias record %s\n", msg->dn)); + DEBUG(0,("Failed to create alias record %s\n", + ldb_dn_linearize(mem_ctx, msg->dn))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } @@ -1013,7 +1024,8 @@ static NTSTATUS samr_CreateDomAlias(struct dcesrv_call_state *dce_call, TALLOC_C /* retrieve the sid for the alias just created */ sid = samdb_search_dom_sid(d_state->sam_ctx, a_state, - msg->dn, "objectSid", "dn=%s", msg->dn); + msg->dn, "objectSid", "dn=%s", + ldb_dn_linearize(mem_ctx, msg->dn)); a_state->account_name = talloc_strdup(a_state, alias_name); if (!a_state->account_name) { @@ -1580,7 +1592,7 @@ static NTSTATUS samr_SetGroupInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX return NT_STATUS_NO_MEMORY; } - msg->dn = talloc_strdup(mem_ctx, a_state->account_dn); + msg->dn = ldb_dn_copy(mem_ctx, a_state->account_dn); if (!msg->dn) { return NT_STATUS_NO_MEMORY; } @@ -1813,7 +1825,7 @@ static NTSTATUS samr_QueryGroupMember(struct dcesrv_call_state *dce_call, TALLOC struct ldb_message **res2; const char * const attrs2[2] = { "objectSid", NULL }; ret = gendb_search_dn(a_state->sam_ctx, mem_ctx, - (char *)el->values[i].data, + ldb_dn_explode(mem_ctx, el->values[i].data), &res2, attrs2); if (ret != 1) return NT_STATUS_INTERNAL_DB_CORRUPTION; @@ -2001,7 +2013,7 @@ static NTSTATUS samr_SetAliasInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX return NT_STATUS_NO_MEMORY; } - msg->dn = talloc_strdup(mem_ctx, a_state->account_dn); + msg->dn = ldb_dn_copy(mem_ctx, a_state->account_dn); if (!msg->dn) { return NT_STATUS_NO_MEMORY; } @@ -2069,7 +2081,7 @@ static NTSTATUS samr_AddAliasMember(struct dcesrv_call_state *dce_call, TALLOC_C struct ldb_message *mod; struct ldb_message **msgs; const char * const attrs[2] = { "dn", NULL }; - const char *memberdn = NULL; + struct ldb_dn *memberdn = NULL; int ret; DCESRV_PULL_HANDLE(h, r->in.alias_handle, SAMR_HANDLE_ALIAS); @@ -2082,14 +2094,15 @@ static NTSTATUS samr_AddAliasMember(struct dcesrv_call_state *dce_call, TALLOC_C ldap_encode_ndr_dom_sid(mem_ctx, r->in.sid)); if (ret == 1) { - memberdn = ldb_msg_find_string(msgs[0], "dn", NULL); + memberdn = ldb_dn_explode(mem_ctx, ldb_msg_find_string(msgs[0], "dn", NULL)); } else if (ret > 1) { DEBUG(0,("Found %d records matching sid %s\n", ret, dom_sid_string(mem_ctx, r->in.sid))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } else if (ret == 0) { struct ldb_message *msg; - const char *basedn, *sidstr; + struct ldb_dn *basedn; + const char *sidstr; sidstr = dom_sid_string(mem_ctx, r->in.sid); NT_STATUS_HAVE_NO_MEMORY(sidstr); @@ -2110,10 +2123,11 @@ static NTSTATUS samr_AddAliasMember(struct dcesrv_call_state *dce_call, TALLOC_C * cn=For...,cn=Builtin,dc={BASEDN}. -- vl */ - basedn = samdb_search_string(d_state->sam_ctx, mem_ctx, NULL, - "dn", - "(&(objectClass=container)" - "(cn=ForeignSecurityPrincipals))"); + basedn = ldb_dn_explode(mem_ctx, + samdb_search_string(d_state->sam_ctx, + mem_ctx, NULL, "dn", + "(&(objectClass=container)" + "(cn=ForeignSecurityPrincipals))")); if (basedn == NULL) { DEBUG(0, ("Failed to find DN for " @@ -2122,7 +2136,7 @@ static NTSTATUS samr_AddAliasMember(struct dcesrv_call_state *dce_call, TALLOC_C } /* add core elements to the ldb_message for the alias */ - msg->dn = talloc_asprintf(mem_ctx, "CN=%s,%s", sidstr, basedn); + msg->dn = ldb_dn_build_child(mem_ctx, "CN", sidstr, basedn); if (msg->dn == NULL) return NT_STATUS_NO_MEMORY; @@ -2136,7 +2150,7 @@ static NTSTATUS samr_AddAliasMember(struct dcesrv_call_state *dce_call, TALLOC_C ret = samdb_add(d_state->sam_ctx, mem_ctx, msg); if (ret != 0) { DEBUG(0,("Failed to create foreignSecurityPrincipal " - "record %s\n", msg->dn)); + "record %s\n", ldb_dn_linearize(mem_ctx, msg->dn))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } } else { @@ -2156,7 +2170,7 @@ static NTSTATUS samr_AddAliasMember(struct dcesrv_call_state *dce_call, TALLOC_C mod->dn = talloc_reference(mem_ctx, a_state->account_dn); if (samdb_msg_add_addval(d_state->sam_ctx, mem_ctx, mod, "member", - memberdn) != 0) + ldb_dn_linearize(mem_ctx, memberdn)) != 0) return NT_STATUS_UNSUCCESSFUL; if (samdb_modify(a_state->sam_ctx, mem_ctx, mod) != 0) @@ -2252,7 +2266,7 @@ static NTSTATUS samr_GetMembersInAlias(struct dcesrv_call_state *dce_call, TALLO struct ldb_message **msgs2; const char * const attrs2[2] = { "objectSid", NULL }; ret = gendb_search_dn(a_state->sam_ctx, mem_ctx, - (char *)el->values[i].data, + ldb_dn_explode(mem_ctx, el->values[i].data), &msgs2, attrs2); if (ret != 1) return NT_STATUS_INTERNAL_DB_CORRUPTION; @@ -2821,7 +2835,7 @@ static NTSTATUS samr_GetGroupsForUser(struct dcesrv_call_state *dce_call, TALLOC count = samdb_search_domain(a_state->sam_ctx, mem_ctx, NULL, &res, attrs, d_state->domain_sid, "(&(member=%s)(grouptype=%s)(objectclass=group))", - a_state->account_dn, + ldb_dn_linearize(mem_ctx, a_state->account_dn), ldb_hexstr(mem_ctx, GTYPE_SECURITY_GLOBAL_GROUP)); if (count < 0) @@ -3113,11 +3127,11 @@ static NTSTATUS samr_GetUserPwInfo(struct dcesrv_call_state *dce_call, TALLOC_CT r->out.info.min_password_length = samdb_search_uint(a_state->sam_ctx, mem_ctx, 0, a_state->domain_state->domain_dn, "minPwdLength", "dn=%s", - a_state->domain_state->domain_dn); + ldb_dn_linearize(mem_ctx, a_state->domain_state->domain_dn)); r->out.info.password_properties = samdb_search_uint(a_state->sam_ctx, mem_ctx, 0, a_state->account_dn, - "pwdProperties", - "dn=%s", a_state->account_dn); + "pwdProperties", "dn=%s", + ldb_dn_linearize(mem_ctx, a_state->account_dn)); return NT_STATUS_OK; } @@ -3170,9 +3184,7 @@ static NTSTATUS samr_RemoveMemberFromForeignDomain(struct dcesrv_call_state *dce return NT_STATUS_NO_MEMORY; } - mod->dn = talloc_reference(mod, - samdb_result_string(res[i], "dn", - NULL)); + mod->dn = samdb_result_dn(mod, res[i], "dn", NULL); if (mod->dn == NULL) { talloc_free(mod); continue; diff --git a/source4/rpc_server/samr/dcesrv_samr.h b/source4/rpc_server/samr/dcesrv_samr.h index 51e0869eef..8e53fa7a10 100644 --- a/source4/rpc_server/samr/dcesrv_samr.h +++ b/source4/rpc_server/samr/dcesrv_samr.h @@ -49,7 +49,7 @@ struct samr_domain_state { uint32_t access_mask; struct dom_sid *domain_sid; const char *domain_name; - const char *domain_dn; + const struct ldb_dn *domain_dn; }; /* @@ -61,5 +61,5 @@ struct samr_account_state { uint32_t access_mask; struct dom_sid *account_sid; const char *account_name; - const char *account_dn; + const struct ldb_dn *account_dn; }; diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c index 48abc7cfde..c862763101 100644 --- a/source4/rpc_server/samr/samr_password.c +++ b/source4/rpc_server/samr/samr_password.c @@ -108,7 +108,7 @@ NTSTATUS samr_ChangePasswordUser(struct dcesrv_call_state *dce_call, TALLOC_CTX return NT_STATUS_NO_MEMORY; } - msg->dn = talloc_strdup(msg, a_state->account_dn); + msg->dn = ldb_dn_copy(msg, a_state->account_dn); if (!msg->dn) { return NT_STATUS_NO_MEMORY; } @@ -143,7 +143,7 @@ NTSTATUS samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call, TALLOC_ uint32_t new_pass_len; struct samr_CryptPassword *pwbuf = r->in.password; void *sam_ctx; - const char *user_dn, *domain_dn; + const struct ldb_dn *user_dn, *domain_dn; int ret; struct ldb_message **res, *mod; const char * const attrs[] = { "objectSid", "lmPwdHash", "unicodePwd", NULL }; @@ -210,9 +210,10 @@ NTSTATUS samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call, TALLOC_ return NT_STATUS_NO_SUCH_USER; } - domain_dn = samdb_search_string(sam_ctx, mem_ctx, NULL, "dn", - "(objectSid=%s)", - ldap_encode_ndr_dom_sid(mem_ctx, domain_sid)); + domain_dn = ldb_dn_explode(mem_ctx, + samdb_search_string(sam_ctx, mem_ctx, NULL, "dn", + "(objectSid=%s)", + ldap_encode_ndr_dom_sid(mem_ctx, domain_sid))); if (!domain_dn) { return NT_STATUS_INTERNAL_DB_CORRUPTION; } @@ -222,7 +223,7 @@ NTSTATUS samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call, TALLOC_ return NT_STATUS_NO_MEMORY; } - mod->dn = talloc_strdup(mod, user_dn); + mod->dn = ldb_dn_copy(mod, user_dn); if (!mod->dn) { return NT_STATUS_NO_MEMORY; } @@ -261,7 +262,7 @@ NTSTATUS samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call, char new_pass[512]; uint32_t new_pass_len; void *sam_ctx = NULL; - const char *user_dn, *domain_dn = NULL; + const struct ldb_dn *user_dn, *domain_dn = NULL; int ret; struct ldb_message **res, *mod; const char * const attrs[] = { "objectSid", "ntPwdHash", "lmPwdHash", "unicodePwd", NULL }; @@ -360,9 +361,10 @@ NTSTATUS samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call, goto failed; } - domain_dn = samdb_search_string(sam_ctx, mem_ctx, NULL, "dn", - "(objectSid=%s)", - ldap_encode_ndr_dom_sid(mem_ctx, domain_sid)); + domain_dn = ldb_dn_explode(mem_ctx, + samdb_search_string(sam_ctx, mem_ctx, NULL, "dn", + "(objectSid=%s)", + ldap_encode_ndr_dom_sid(mem_ctx, domain_sid))); if (!domain_dn) { status = NT_STATUS_INTERNAL_DB_CORRUPTION; goto failed; @@ -373,7 +375,7 @@ NTSTATUS samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call, return NT_STATUS_NO_MEMORY; } - mod->dn = talloc_strdup(mod, user_dn); + mod->dn = ldb_dn_copy(mod, user_dn); if (!mod->dn) { status = NT_STATUS_NO_MEMORY; goto failed; @@ -485,7 +487,8 @@ static BOOL samdb_password_complexity_ok(const char *pass) changes (as is needed by some of the set user info levels) */ NTSTATUS samdb_set_password(void *ctx, TALLOC_CTX *mem_ctx, - const char *user_dn, const char *domain_dn, + const struct ldb_dn *user_dn, + const struct ldb_dn *domain_dn, struct ldb_message *mod, const char *new_pass, struct samr_Password *lmNewHash, @@ -743,7 +746,7 @@ NTSTATUS samdb_set_password(void *ctx, TALLOC_CTX *mem_ctx, */ NTSTATUS samr_set_password(struct dcesrv_call_state *dce_call, void *sam_ctx, - const char *account_dn, const char *domain_dn, + const struct ldb_dn *account_dn, const struct ldb_dn *domain_dn, TALLOC_CTX *mem_ctx, struct ldb_message *msg, struct samr_CryptPassword *pwbuf) @@ -785,7 +788,7 @@ NTSTATUS samr_set_password(struct dcesrv_call_state *dce_call, */ NTSTATUS samr_set_password_ex(struct dcesrv_call_state *dce_call, void *sam_ctx, - const char *account_dn, const char *domain_dn, + const struct ldb_dn *account_dn, const struct ldb_dn *domain_dn, TALLOC_CTX *mem_ctx, struct ldb_message *msg, struct samr_CryptPasswordEx *pwbuf) diff --git a/source4/scripting/ejs/mprutil.c b/source4/scripting/ejs/mprutil.c index 700185f07e..8f1e5f71c8 100644 --- a/source4/scripting/ejs/mprutil.c +++ b/source4/scripting/ejs/mprutil.c @@ -161,7 +161,7 @@ static struct MprVar mprLdbMessage(struct ldb_context *ldb, struct ldb_message * const char *multivalued[] = { "objectClass", "memberOf", "privilege", "member", NULL }; - var = mprObject(msg->dn); + var = mprObject(ldb_dn_linearize(msg, msg->dn)); for (i=0;i<msg->num_elements;i++) { struct ldb_message_element *el = &msg->elements[i]; @@ -196,7 +196,7 @@ static struct MprVar mprLdbMessage(struct ldb_context *ldb, struct ldb_message * /* add the dn if it is not already specified */ if (mprGetProperty(&var, "dn", 0) == 0) { - mprSetVar(&var, "dn", mprString(msg->dn)); + mprSetVar(&var, "dn", mprString(ldb_dn_linearize(msg, msg->dn))); } return var; diff --git a/source4/scripting/ejs/smbcalls_ldb.c b/source4/scripting/ejs/smbcalls_ldb.c index 50ba6fce68..7d268d09f6 100644 --- a/source4/scripting/ejs/smbcalls_ldb.c +++ b/source4/scripting/ejs/smbcalls_ldb.c @@ -51,7 +51,8 @@ static int ejs_ldbSearch(MprVarHandle eid, int argc, struct MprVar **argv) { const char **attrs = NULL; const char *expression; - const char *basedn = NULL; + const char *base = NULL; + struct ldb_dn *basedn = NULL; int scope = LDB_SCOPE_DEFAULT; TALLOC_CTX *tmp_ctx = talloc_new(mprMemCtx()); struct ldb_context *ldb; @@ -79,9 +80,16 @@ static int ejs_ldbSearch(MprVarHandle eid, int argc, struct MprVar **argv) goto failed; } if (argc > 1) { - basedn = mprToString(argv[1]); + base = mprToString(argv[1]); /* a null basedn is valid */ } + if (base != NULL) { + basedn = ldb_dn_explode(tmp_ctx, base); + if (basedn == NULL) { + ejsSetErrorMsg(eid, "ldb.search malformed base dn"); + goto failed; + } + } if (argc > 2) { scope = mprToInt(argv[2]); switch (scope) { @@ -160,7 +168,7 @@ static int ejs_ldbAddModify(MprVarHandle eid, int argc, struct MprVar **argv, */ static int ejs_ldbDelete(MprVarHandle eid, int argc, struct MprVar **argv) { - const char *dn; + struct ldb_dn *dn; struct ldb_context *ldb; int ret; @@ -169,14 +177,21 @@ static int ejs_ldbDelete(MprVarHandle eid, int argc, struct MprVar **argv) return -1; } - dn = mprToString(argv[0]); - ldb = ejs_get_ldb_context(eid); if (ldb == NULL) { return -1; } + + dn = ldb_dn_explode(ldb, mprToString(argv[0])); + if (dn == NULL) { + ejsSetErrorMsg(eid, "ldb.delete malformed dn"); + return -1; + } + ret = ldb_delete(ldb, dn); + talloc_free(dn); + mpr_Return(eid, mprCreateBoolVar(ret == 0)); return 0; } @@ -188,7 +203,7 @@ static int ejs_ldbDelete(MprVarHandle eid, int argc, struct MprVar **argv) */ static int ejs_ldbRename(MprVarHandle eid, int argc, struct MprVar **argv) { - const char *dn1, *dn2; + struct ldb_dn *dn1, *dn2; struct ldb_context *ldb; int ret; @@ -197,20 +212,23 @@ static int ejs_ldbRename(MprVarHandle eid, int argc, struct MprVar **argv) return -1; } - dn1 = mprToString(argv[0]); - dn2 = mprToString(argv[1]); - if (dn1 == NULL || dn2 == NULL) { - ejsSetErrorMsg(eid, "ldb.rename invalid arguments"); + ldb = ejs_get_ldb_context(eid); + if (ldb == NULL) { return -1; } - ldb = ejs_get_ldb_context(eid); - if (ldb == NULL) { + dn1 = ldb_dn_explode(ldb, mprToString(argv[0])); + dn2 = ldb_dn_explode(ldb, mprToString(argv[1])); + if (dn1 == NULL || dn2 == NULL) { + ejsSetErrorMsg(eid, "ldb.rename invalid or malformed arguments"); return -1; } ret = ldb_rename(ldb, dn1, dn2); + talloc_free(dn1); + talloc_free(dn2); + mpr_Return(eid, mprCreateBoolVar(ret == 0)); return 0; } diff --git a/source4/torture/rpc/samsync.c b/source4/torture/rpc/samsync.c index 988f94d904..b15ee98200 100644 --- a/source4/torture/rpc/samsync.c +++ b/source4/torture/rpc/samsync.c @@ -1025,13 +1025,13 @@ static BOOL samsync_handle_account(TALLOC_CTX *mem_ctx, struct samsync_state *sa } if ((account->privilege_entries && !e.out.privs)) { - printf("Account %s has privilages in SamSync, but not LSA\n", + printf("Account %s has privileges in SamSync, but not LSA\n", dom_sid_string(mem_ctx, dom_sid)); return False; } if (!account->privilege_entries && e.out.privs && e.out.privs->count) { - printf("Account %s has privilages in LSA, but not SamSync\n", + printf("Account %s has privileges in LSA, but not SamSync\n", dom_sid_string(mem_ctx, dom_sid)); return False; } |