r18866: Jeremy and Volker have given the go-ahead on the group mapping ldb

code. Yay!

This first commit copies lib/ldb/ from Samba4. A huge congratulations
should go to Simo on this - he has put an enormous amount of work into
ldb, and it's great to see it go into the Samba3 tree.
(This used to be commit bbedf2e34315f5c420a3a05dfe22b1d5cf79f042)

2 files changed, 487 insertions, 0 deletions

diff --git a/source3/lib/ldb/samba/README b/source3/lib/ldb/samba/README
new file mode 100644
index 0000000000..3fa47159ca
--- /dev/null
+++ b/source3/lib/ldb/samba/README
@@ -0,0 +1,7 @@
+This directory contains Samba specific extensions to ldb. It also
+serves as example code on how to extend ldb for your own application.
+
+The main extension Samba uses is to provide ldif encode/decode
+routines for specific attributes, so users can get nice pretty
+printing of attributes in ldbedit, while the attributes are stored in
+the standard NDR format in the database.
diff --git a/source3/lib/ldb/samba/ldif_handlers.c b/source3/lib/ldb/samba/ldif_handlers.c
new file mode 100644
index 0000000000..b490c8f005
--- /dev/null
+++ b/source3/lib/ldb/samba/ldif_handlers.c
@@ -0,0 +1,480 @@
+/* 
+   ldb database library - ldif handlers for Samba
+
+   Copyright (C) Andrew Tridgell 2005
+   Copyright (C) Andrew Bartlett 2006
+     ** NOTE! The following LGPL license applies to the ldb
+     ** library. This does NOT imply that all of Samba is released
+     ** under the LGPL
+   
+   This library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2 of the License, or (at your option) any later version.
+
+   This library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with this library; if not, write to the Free Software
+   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+*/
+
+#include "includes.h"
+#include "ldb/include/includes.h"
+
+#include "librpc/gen_ndr/ndr_security.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+#include "dsdb/samdb/samdb.h"
+#include "libcli/security/security.h"
+
+/*
+  convert a ldif formatted objectSid to a NDR formatted blob
+*/
+static int ldif_read_objectSid(struct ldb_context *ldb, void *mem_ctx,
+			       const struct ldb_val *in, struct ldb_val *out)
+{
+	struct dom_sid *sid;
+	NTSTATUS status;
+	sid = dom_sid_parse_talloc(mem_ctx, (const char *)in->data);
+	if (sid == NULL) {
+		return -1;
+	}
+	status = ndr_push_struct_blob(out, mem_ctx, sid, 
+				      (ndr_push_flags_fn_t)ndr_push_dom_sid);
+	talloc_free(sid);
+	if (!NT_STATUS_IS_OK(status)) {
+		return -1;
+	}
+	return 0;
+}
+
+/*
+  convert a NDR formatted blob to a ldif formatted objectSid
+*/
+static int ldif_write_objectSid(struct ldb_context *ldb, void *mem_ctx,
+				const struct ldb_val *in, struct ldb_val *out)
+{
+	struct dom_sid *sid;
+	NTSTATUS status;
+	sid = talloc(mem_ctx, struct dom_sid);
+	if (sid == NULL) {
+		return -1;
+	}
+	status = ndr_pull_struct_blob(in, sid, sid, 
+				      (ndr_pull_flags_fn_t)ndr_pull_dom_sid);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(sid);
+		return -1;
+	}
+	out->data = (uint8_t *)dom_sid_string(mem_ctx, sid);
+	talloc_free(sid);
+	if (out->data == NULL) {
+		return -1;
+	}
+	out->length = strlen((const char *)out->data);
+	return 0;
+}
+
+static BOOL ldb_comparision_objectSid_isString(const struct ldb_val *v)
+{
+	/* see if the input if null-terninated */
+	if (v->data[v->length] != '\0') return False;
+	
+	if (strncmp("S-", (const char *)v->data, 2) != 0) return False;
+	return True;
+}
+
+/*
+  compare two objectSids
+*/
+static int ldb_comparison_objectSid(struct ldb_context *ldb, void *mem_ctx,
+				    const struct ldb_val *v1, const struct ldb_val *v2)
+{
+	if (ldb_comparision_objectSid_isString(v1) && ldb_comparision_objectSid_isString(v2)) {
+		return strcmp((const char *)v1->data, (const char *)v2->data);
+	} else if (ldb_comparision_objectSid_isString(v1)
+		   && !ldb_comparision_objectSid_isString(v2)) {
+		struct ldb_val v;
+		int ret;
+		if (ldif_read_objectSid(ldb, mem_ctx, v1, &v) != 0) {
+			return -1;
+		}
+		ret = ldb_comparison_binary(ldb, mem_ctx, &v, v2);
+		talloc_free(v.data);
+		return ret;
+	} else if (!ldb_comparision_objectSid_isString(v1)
+		   && ldb_comparision_objectSid_isString(v2)) {
+		struct ldb_val v;
+		int ret;
+		if (ldif_read_objectSid(ldb, mem_ctx, v2, &v) != 0) {
+			return -1;
+		}
+		ret = ldb_comparison_binary(ldb, mem_ctx, v1, &v);
+		talloc_free(v.data);
+		return ret;
+	}
+	return ldb_comparison_binary(ldb, mem_ctx, v1, v2);
+}
+
+/*
+  canonicalise a objectSid
+*/
+static int ldb_canonicalise_objectSid(struct ldb_context *ldb, void *mem_ctx,
+				      const struct ldb_val *in, struct ldb_val *out)
+{
+	if (ldb_comparision_objectSid_isString(in)) {
+		return ldif_read_objectSid(ldb, mem_ctx, in, out);
+	}
+	return ldb_handler_copy(ldb, mem_ctx, in, out);
+}
+
+/*
+  convert a ldif formatted objectGUID to a NDR formatted blob
+*/
+static int ldif_read_objectGUID(struct ldb_context *ldb, void *mem_ctx,
+			        const struct ldb_val *in, struct ldb_val *out)
+{
+	struct GUID guid;
+	NTSTATUS status;
+
+	status = GUID_from_string((const char *)in->data, &guid);
+	if (!NT_STATUS_IS_OK(status)) {
+		return -1;
+	}
+
+	status = ndr_push_struct_blob(out, mem_ctx, &guid,
+				      (ndr_push_flags_fn_t)ndr_push_GUID);
+	if (!NT_STATUS_IS_OK(status)) {
+		return -1;
+	}
+	return 0;
+}
+
+/*
+  convert a NDR formatted blob to a ldif formatted objectGUID
+*/
+static int ldif_write_objectGUID(struct ldb_context *ldb, void *mem_ctx,
+				 const struct ldb_val *in, struct ldb_val *out)
+{
+	struct GUID guid;
+	NTSTATUS status;
+	status = ndr_pull_struct_blob(in, mem_ctx, &guid,
+				      (ndr_pull_flags_fn_t)ndr_pull_GUID);
+	if (!NT_STATUS_IS_OK(status)) {
+		return -1;
+	}
+	out->data = (uint8_t *)GUID_string(mem_ctx, &guid);
+	if (out->data == NULL) {
+		return -1;
+	}
+	out->length = strlen((const char *)out->data);
+	return 0;
+}
+
+static BOOL ldb_comparision_objectGUID_isString(const struct ldb_val *v)
+{
+	struct GUID guid;
+	NTSTATUS status;
+
+	/* see if the input if null-terninated */
+	if (v->data[v->length] != '\0') return False;
+
+	if (v->length < 33) return False;
+
+	status = GUID_from_string((const char *)v->data, &guid);
+	if (!NT_STATUS_IS_OK(status)) {
+		return False;
+	}
+
+	return True;
+}
+
+/*
+  compare two objectGUIDs
+*/
+static int ldb_comparison_objectGUID(struct ldb_context *ldb, void *mem_ctx,
+				     const struct ldb_val *v1, const struct ldb_val *v2)
+{
+	if (ldb_comparision_objectGUID_isString(v1) && ldb_comparision_objectGUID_isString(v2)) {
+		return strcmp((const char *)v1->data, (const char *)v2->data);
+	} else if (ldb_comparision_objectGUID_isString(v1)
+		   && !ldb_comparision_objectGUID_isString(v2)) {
+		struct ldb_val v;
+		int ret;
+		if (ldif_read_objectGUID(ldb, mem_ctx, v1, &v) != 0) {
+			return -1;
+		}
+		ret = ldb_comparison_binary(ldb, mem_ctx, &v, v2);
+		talloc_free(v.data);
+		return ret;
+	} else if (!ldb_comparision_objectGUID_isString(v1)
+		   && ldb_comparision_objectGUID_isString(v2)) {
+		struct ldb_val v;
+		int ret;
+		if (ldif_read_objectGUID(ldb, mem_ctx, v2, &v) != 0) {
+			return -1;
+		}
+		ret = ldb_comparison_binary(ldb, mem_ctx, v1, &v);
+		talloc_free(v.data);
+		return ret;
+	}
+	return ldb_comparison_binary(ldb, mem_ctx, v1, v2);
+}
+
+/*
+  canonicalise a objectGUID
+*/
+static int ldb_canonicalise_objectGUID(struct ldb_context *ldb, void *mem_ctx,
+				       const struct ldb_val *in, struct ldb_val *out)
+{
+	if (ldb_comparision_objectGUID_isString(in)) {
+		return ldif_read_objectGUID(ldb, mem_ctx, in, out);
+	}
+	return ldb_handler_copy(ldb, mem_ctx, in, out);
+}
+
+
+/*
+  convert a ldif (SDDL) formatted ntSecurityDescriptor to a NDR formatted blob
+*/
+static int ldif_read_ntSecurityDescriptor(struct ldb_context *ldb, void *mem_ctx,
+					  const struct ldb_val *in, struct ldb_val *out)
+{
+	struct security_descriptor *sd;
+	NTSTATUS status;
+
+	sd = sddl_decode(mem_ctx, (const char *)in->data, NULL);
+	if (sd == NULL) {
+		return -1;
+	}
+	status = ndr_push_struct_blob(out, mem_ctx, sd, 
+				      (ndr_push_flags_fn_t)ndr_push_security_descriptor);
+	talloc_free(sd);
+	if (!NT_STATUS_IS_OK(status)) {
+		return -1;
+	}
+	return 0;
+}
+
+/*
+  convert a NDR formatted blob to a ldif formatted ntSecurityDescriptor (SDDL format)
+*/
+static int ldif_write_ntSecurityDescriptor(struct ldb_context *ldb, void *mem_ctx,
+					   const struct ldb_val *in, struct ldb_val *out)
+{
+	struct security_descriptor *sd;
+	NTSTATUS status;
+
+	sd = talloc(mem_ctx, struct security_descriptor);
+	if (sd == NULL) {
+		return -1;
+	}
+	status = ndr_pull_struct_blob(in, sd, sd, 
+				      (ndr_pull_flags_fn_t)ndr_pull_security_descriptor);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(sd);
+		return -1;
+	}
+	out->data = (uint8_t *)sddl_encode(mem_ctx, sd, NULL);
+	talloc_free(sd);
+	if (out->data == NULL) {
+		return -1;
+	}
+	out->length = strlen((const char *)out->data);
+	return 0;
+}
+
+/* 
+   canonicolise an objectCategory.  We use the short form as the cannoical form:
+   cn=Person,cn=Schema,cn=Configuration,<basedn> becomes 'person'
+*/
+
+static int ldif_canonicalise_objectCategory(struct ldb_context *ldb, void *mem_ctx,
+					    const struct ldb_val *in, struct ldb_val *out)
+{
+	struct ldb_dn *dn1 = NULL;
+	char *oc1;
+
+	dn1 = ldb_dn_explode(mem_ctx, (char *)in->data);
+	if (dn1 == NULL) {
+		oc1 = talloc_strndup(mem_ctx, (char *)in->data, in->length);
+	} else if (dn1->comp_num >= 1 && strcasecmp(dn1->components[0].name, "cn") == 0) {
+		oc1 = talloc_strndup(mem_ctx, (char *)dn1->components[0].value.data, 
+				     dn1->components[0].value.length);
+	} else {
+		return -1;
+	}
+
+	oc1 = ldb_casefold(ldb, mem_ctx, oc1);
+	out->data = (void *)oc1;
+	out->length = strlen(oc1);
+	return 0;
+}
+
+static int ldif_comparison_objectCategory(struct ldb_context *ldb, void *mem_ctx,
+					  const struct ldb_val *v1,
+					  const struct ldb_val *v2)
+{
+	struct ldb_dn *dn1 = NULL, *dn2 = NULL;
+	const char *oc1, *oc2;
+
+	dn1 = ldb_dn_explode(mem_ctx, (char *)v1->data);
+	if (dn1 == NULL) {
+		oc1 = talloc_strndup(mem_ctx, (char *)v1->data, v1->length);
+	} else if (dn1->comp_num >= 1 && strcasecmp(dn1->components[0].name, "cn") == 0) {
+		oc1 = talloc_strndup(mem_ctx, (char *)dn1->components[0].value.data, 
+				     dn1->components[0].value.length);
+	} else {
+		oc1 = NULL;
+	}
+
+	dn2 = ldb_dn_explode(mem_ctx, (char *)v2->data);
+	if (dn2 == NULL) {
+		oc2 = talloc_strndup(mem_ctx, (char *)v2->data, v2->length);
+	} else if (dn2->comp_num >= 2 && strcasecmp(dn2->components[0].name, "cn") == 0) {
+		oc2 = talloc_strndup(mem_ctx, (char *)dn2->components[0].value.data, 
+				     dn2->components[0].value.length);
+	} else {
+		oc2 = NULL;
+	}
+
+	oc1 = ldb_casefold(ldb, mem_ctx, oc1);
+	oc2 = ldb_casefold(ldb, mem_ctx, oc2);
+	if (!oc1 && oc2) {
+		return -1;
+	} 
+	if (oc1 && !oc2) {
+		return 1;
+	}	
+	if (!oc1 && !oc2) {
+		return -1;
+	}
+
+	return strcmp(oc1, oc2);
+}
+
+static const struct ldb_attrib_handler samba_handlers[] = {
+	{ 
+		.attr            = "objectSid",
+		.flags           = 0,
+		.ldif_read_fn    = ldif_read_objectSid,
+		.ldif_write_fn   = ldif_write_objectSid,
+		.canonicalise_fn = ldb_canonicalise_objectSid,
+		.comparison_fn   = ldb_comparison_objectSid
+	},
+	{ 
+		.attr            = "securityIdentifier",
+		.flags           = 0,
+		.ldif_read_fn    = ldif_read_objectSid,
+		.ldif_write_fn   = ldif_write_objectSid,
+		.canonicalise_fn = ldb_canonicalise_objectSid,
+		.comparison_fn   = ldb_comparison_objectSid
+	},
+	{ 
+		.attr            = "ntSecurityDescriptor",
+		.flags           = 0,
+		.ldif_read_fn    = ldif_read_ntSecurityDescriptor,
+		.ldif_write_fn   = ldif_write_ntSecurityDescriptor,
+		.canonicalise_fn = ldb_handler_copy,
+		.comparison_fn   = ldb_comparison_binary
+	},
+	{ 
+		.attr            = "objectGUID",
+		.flags           = 0,
+		.ldif_read_fn    = ldif_read_objectGUID,
+		.ldif_write_fn   = ldif_write_objectGUID,
+		.canonicalise_fn = ldb_canonicalise_objectGUID,
+		.comparison_fn   = ldb_comparison_objectGUID
+	},
+	{ 
+		.attr            = "invocationId",
+		.flags           = 0,
+		.ldif_read_fn    = ldif_read_objectGUID,
+		.ldif_write_fn   = ldif_write_objectGUID,
+		.canonicalise_fn = ldb_canonicalise_objectGUID,
+		.comparison_fn   = ldb_comparison_objectGUID
+	},
+	{ 
+		.attr            = "schemaIDGUID",
+		.flags           = 0,
+		.ldif_read_fn    = ldif_read_objectGUID,
+		.ldif_write_fn   = ldif_write_objectGUID,
+		.canonicalise_fn = ldb_canonicalise_objectGUID,
+		.comparison_fn   = ldb_comparison_objectGUID
+	},
+	{ 
+		.attr            = "attributeSecurityGUID",
+		.flags           = 0,
+		.ldif_read_fn    = ldif_read_objectGUID,
+		.ldif_write_fn   = ldif_write_objectGUID,
+		.canonicalise_fn = ldb_canonicalise_objectGUID,
+		.comparison_fn   = ldb_comparison_objectGUID
+	},
+	{ 
+		.attr            = "parentGUID",
+		.flags           = 0,
+		.ldif_read_fn    = ldif_read_objectGUID,
+		.ldif_write_fn   = ldif_write_objectGUID,
+		.canonicalise_fn = ldb_canonicalise_objectGUID,
+		.comparison_fn   = ldb_comparison_objectGUID
+	},
+	{ 
+		.attr            = "siteGUID",
+		.flags           = 0,
+		.ldif_read_fn    = ldif_read_objectGUID,
+		.ldif_write_fn   = ldif_write_objectGUID,
+		.canonicalise_fn = ldb_canonicalise_objectGUID,
+		.comparison_fn   = ldb_comparison_objectGUID
+	},
+	{ 
+		.attr            = "pKTGUID",
+		.flags           = 0,
+		.ldif_read_fn    = ldif_read_objectGUID,
+		.ldif_write_fn   = ldif_write_objectGUID,
+		.canonicalise_fn = ldb_canonicalise_objectGUID,
+		.comparison_fn   = ldb_comparison_objectGUID
+	},
+	{ 
+		.attr            = "fRSVersionGUID",
+		.flags           = 0,
+		.ldif_read_fn    = ldif_read_objectGUID,
+		.ldif_write_fn   = ldif_write_objectGUID,
+		.canonicalise_fn = ldb_canonicalise_objectGUID,
+		.comparison_fn   = ldb_comparison_objectGUID
+	},
+	{ 
+		.attr            = "fRSReplicaSetGUID",
+		.flags           = 0,
+		.ldif_read_fn    = ldif_read_objectGUID,
+		.ldif_write_fn   = ldif_write_objectGUID,
+		.canonicalise_fn = ldb_canonicalise_objectGUID,
+		.comparison_fn   = ldb_comparison_objectGUID
+	},
+	{ 
+		.attr            = "netbootGUID",
+		.flags           = 0,
+		.ldif_read_fn    = ldif_read_objectGUID,
+		.ldif_write_fn   = ldif_write_objectGUID,
+		.canonicalise_fn = ldb_canonicalise_objectGUID,
+		.comparison_fn   = ldb_comparison_objectGUID
+	},
+	{ 
+		.attr            = "objectCategory",
+		.flags           = 0,
+		.ldif_read_fn    = ldb_handler_copy,
+		.ldif_write_fn   = ldb_handler_copy,
+		.canonicalise_fn = ldif_canonicalise_objectCategory,
+		.comparison_fn   = ldif_comparison_objectCategory,
+	}
+};
+
+/*
+  register the samba ldif handlers
+*/
+int ldb_register_samba_handlers(struct ldb_context *ldb)
+{
+	return ldb_set_attrib_handlers(ldb, samba_handlers, ARRAY_SIZE(samba_handlers));
+}