diff options
Diffstat (limited to 'source4/lib/ldb-samba')
-rw-r--r-- | source4/lib/ldb-samba/README | 7 | ||||
-rw-r--r-- | source4/lib/ldb-samba/ldb_ildap.c | 879 | ||||
-rw-r--r-- | source4/lib/ldb-samba/ldb_wrap.c | 365 | ||||
-rw-r--r-- | source4/lib/ldb-samba/ldb_wrap.h | 70 | ||||
-rw-r--r-- | source4/lib/ldb-samba/ldif_handlers.c | 1416 | ||||
-rw-r--r-- | source4/lib/ldb-samba/ldif_handlers.h | 23 | ||||
-rw-r--r-- | source4/lib/ldb-samba/pyldb.c | 270 | ||||
-rw-r--r-- | source4/lib/ldb-samba/samba_extensions.c | 119 | ||||
-rw-r--r-- | source4/lib/ldb-samba/wscript_build | 42 |
9 files changed, 0 insertions, 3191 deletions
diff --git a/source4/lib/ldb-samba/README b/source4/lib/ldb-samba/README deleted file mode 100644 index 3fa47159ca..0000000000 --- a/source4/lib/ldb-samba/README +++ /dev/null @@ -1,7 +0,0 @@ -This directory contains Samba specific extensions to ldb. It also -serves as example code on how to extend ldb for your own application. - -The main extension Samba uses is to provide ldif encode/decode -routines for specific attributes, so users can get nice pretty -printing of attributes in ldbedit, while the attributes are stored in -the standard NDR format in the database. diff --git a/source4/lib/ldb-samba/ldb_ildap.c b/source4/lib/ldb-samba/ldb_ildap.c deleted file mode 100644 index 3c28690bd6..0000000000 --- a/source4/lib/ldb-samba/ldb_ildap.c +++ /dev/null @@ -1,879 +0,0 @@ -/* - ldb database library - ildap backend - - Copyright (C) Andrew Tridgell 2005 - Copyright (C) Simo Sorce 2008 - - ** NOTE! The following LGPL license applies to the ldb - ** library. This does NOT imply that all of Samba is released - ** under the LGPL - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 3 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with this library; if not, see <http://www.gnu.org/licenses/>. -*/ - -/* - * Name: ldb_ildap - * - * Component: ldb ildap backend - * - * Description: This is a ldb backend for the internal ldap - * client library in Samba4. By using this backend we are - * independent of a system ldap library - * - * Author: Andrew Tridgell - * - * Modifications: - * - * - description: make the module use asynchronous calls - * date: Feb 2006 - * author: Simo Sorce - */ - -#include "includes.h" -#include "ldb_module.h" -#include "util/dlinklist.h" - -#include "libcli/ldap/libcli_ldap.h" -#include "libcli/ldap/ldap_client.h" -#include "auth/auth.h" -#include "auth/credentials/credentials.h" - -struct ildb_private { - struct ldap_connection *ldap; - struct tevent_context *event_ctx; -}; - -struct ildb_context { - struct ldb_module *module; - struct ldb_request *req; - - struct ildb_private *ildb; - struct ldap_request *ireq; - - /* indicate we are already processing - * the ldap_request in ildb_callback() */ - bool in_ildb_callback; - - bool done; - - struct ildb_destructor_ctx *dc; -}; - -static void ildb_request_done(struct ildb_context *ctx, - struct ldb_control **ctrls, int error) -{ - struct ldb_context *ldb; - struct ldb_reply *ares; - - ldb = ldb_module_get_ctx(ctx->module); - - ctx->done = true; - - if (ctx->req == NULL) { - /* if the req has been freed already just return */ - return; - } - - ares = talloc_zero(ctx->req, struct ldb_reply); - if (!ares) { - ldb_oom(ldb); - ctx->req->callback(ctx->req, NULL); - return; - } - ares->type = LDB_REPLY_DONE; - ares->controls = talloc_steal(ares, ctrls); - ares->error = error; - - ctx->req->callback(ctx->req, ares); -} - -static void ildb_auto_done_callback(struct tevent_context *ev, - struct tevent_timer *te, - struct timeval t, - void *private_data) -{ - struct ildb_context *ac; - - ac = talloc_get_type(private_data, struct ildb_context); - ildb_request_done(ac, NULL, LDB_SUCCESS); -} - -/* - convert a ldb_message structure to a list of ldap_mod structures - ready for ildap_add() or ildap_modify() -*/ -static struct ldap_mod **ildb_msg_to_mods(void *mem_ctx, int *num_mods, - const struct ldb_message *msg, - int use_flags) -{ - struct ldap_mod **mods; - unsigned int i; - int n = 0; - - /* allocate maximum number of elements needed */ - mods = talloc_array(mem_ctx, struct ldap_mod *, msg->num_elements+1); - if (!mods) { - errno = ENOMEM; - return NULL; - } - mods[0] = NULL; - - for (i = 0; i < msg->num_elements; i++) { - const struct ldb_message_element *el = &msg->elements[i]; - - mods[n] = talloc(mods, struct ldap_mod); - if (!mods[n]) { - goto failed; - } - mods[n + 1] = NULL; - mods[n]->type = 0; - mods[n]->attrib = *el; - if (use_flags) { - switch (el->flags & LDB_FLAG_MOD_MASK) { - case LDB_FLAG_MOD_ADD: - mods[n]->type = LDAP_MODIFY_ADD; - break; - case LDB_FLAG_MOD_DELETE: - mods[n]->type = LDAP_MODIFY_DELETE; - break; - case LDB_FLAG_MOD_REPLACE: - mods[n]->type = LDAP_MODIFY_REPLACE; - break; - } - } - n++; - } - - *num_mods = n; - return mods; - -failed: - talloc_free(mods); - return NULL; -} - - -/* - map an ildap NTSTATUS to a ldb error code -*/ -static int ildb_map_error(struct ldb_module *module, NTSTATUS status) -{ - struct ildb_private *ildb; - struct ldb_context *ldb; - TALLOC_CTX *mem_ctx; - - ildb = talloc_get_type(ldb_module_get_private(module), struct ildb_private); - ldb = ldb_module_get_ctx(module); - - if (NT_STATUS_IS_OK(status)) { - return LDB_SUCCESS; - } - - mem_ctx = talloc_new(ildb); - if (!mem_ctx) { - ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - ldb_set_errstring(ldb, - ldap_errstr(ildb->ldap, mem_ctx, status)); - talloc_free(mem_ctx); - if (NT_STATUS_IS_LDAP(status)) { - return NT_STATUS_LDAP_CODE(status); - } - return LDB_ERR_OPERATIONS_ERROR; -} - -static void ildb_request_timeout(struct tevent_context *ev, struct tevent_timer *te, - struct timeval t, void *private_data) -{ - struct ildb_context *ac = talloc_get_type(private_data, struct ildb_context); - - if (ac->ireq->state == LDAP_REQUEST_PENDING) { - DLIST_REMOVE(ac->ireq->conn->pending, ac->ireq); - } - - ildb_request_done(ac, NULL, LDB_ERR_TIME_LIMIT_EXCEEDED); -} - -static void ildb_callback(struct ldap_request *req) -{ - struct ldb_context *ldb; - struct ildb_context *ac; - NTSTATUS status; - struct ldap_SearchResEntry *search; - struct ldap_message *msg; - struct ldb_control **controls; - struct ldb_message *ldbmsg; - char *referral; - bool callback_failed; - bool request_done; - int ret; - int i; - - ac = talloc_get_type(req->async.private_data, struct ildb_context); - ldb = ldb_module_get_ctx(ac->module); - callback_failed = false; - request_done = false; - controls = NULL; - - /* check if we are already processing this request */ - if (ac->in_ildb_callback) { - return; - } - /* mark the request as being in process */ - ac->in_ildb_callback = true; - - if (!NT_STATUS_IS_OK(req->status)) { - ret = ildb_map_error(ac->module, req->status); - ildb_request_done(ac, NULL, ret); - return; - } - - if (req->num_replies < 1) { - ret = LDB_ERR_OPERATIONS_ERROR; - ildb_request_done(ac, NULL, ret); - return; - } - - switch (req->type) { - - case LDAP_TAG_ModifyRequest: - if (req->replies[0]->type != LDAP_TAG_ModifyResponse) { - ret = LDB_ERR_PROTOCOL_ERROR; - break; - } - status = ldap_check_response(ac->ireq->conn, &req->replies[0]->r.GeneralResult); - ret = ildb_map_error(ac->module, status); - request_done = true; - break; - - case LDAP_TAG_AddRequest: - if (req->replies[0]->type != LDAP_TAG_AddResponse) { - ret = LDB_ERR_PROTOCOL_ERROR; - return; - } - status = ldap_check_response(ac->ireq->conn, &req->replies[0]->r.GeneralResult); - ret = ildb_map_error(ac->module, status); - request_done = true; - break; - - case LDAP_TAG_DelRequest: - if (req->replies[0]->type != LDAP_TAG_DelResponse) { - ret = LDB_ERR_PROTOCOL_ERROR; - return; - } - status = ldap_check_response(ac->ireq->conn, &req->replies[0]->r.GeneralResult); - ret = ildb_map_error(ac->module, status); - request_done = true; - break; - - case LDAP_TAG_ModifyDNRequest: - if (req->replies[0]->type != LDAP_TAG_ModifyDNResponse) { - ret = LDB_ERR_PROTOCOL_ERROR; - return; - } - status = ldap_check_response(ac->ireq->conn, &req->replies[0]->r.GeneralResult); - ret = ildb_map_error(ac->module, status); - request_done = true; - break; - - case LDAP_TAG_SearchRequest: - /* loop over all messages */ - for (i = 0; i < req->num_replies; i++) { - - msg = req->replies[i]; - switch (msg->type) { - - case LDAP_TAG_SearchResultDone: - - status = ldap_check_response(ac->ireq->conn, &msg->r.GeneralResult); - if (!NT_STATUS_IS_OK(status)) { - ret = ildb_map_error(ac->module, status); - break; - } - - controls = talloc_steal(ac, msg->controls); - if (msg->r.SearchResultDone.resultcode) { - if (msg->r.SearchResultDone.errormessage) { - ldb_set_errstring(ldb, msg->r.SearchResultDone.errormessage); - } - } - - ret = msg->r.SearchResultDone.resultcode; - request_done = true; - break; - - case LDAP_TAG_SearchResultEntry: - - ldbmsg = ldb_msg_new(ac); - if (!ldbmsg) { - ret = LDB_ERR_OPERATIONS_ERROR; - break; - } - - search = &(msg->r.SearchResultEntry); - - ldbmsg->dn = ldb_dn_new(ldbmsg, ldb, search->dn); - if ( ! ldb_dn_validate(ldbmsg->dn)) { - ret = LDB_ERR_OPERATIONS_ERROR; - break; - } - ldbmsg->num_elements = search->num_attributes; - ldbmsg->elements = talloc_move(ldbmsg, &search->attributes); - - controls = talloc_steal(ac, msg->controls); - - ret = ldb_module_send_entry(ac->req, ldbmsg, controls); - if (ret != LDB_SUCCESS) { - callback_failed = true; - } - - break; - - case LDAP_TAG_SearchResultReference: - - referral = talloc_strdup(ac, msg->r.SearchResultReference.referral); - - ret = ldb_module_send_referral(ac->req, referral); - if (ret != LDB_SUCCESS) { - callback_failed = true; - } - - break; - - default: - /* TAG not handled, fail ! */ - ret = LDB_ERR_PROTOCOL_ERROR; - break; - } - - if (ret != LDB_SUCCESS) { - break; - } - } - - talloc_free(req->replies); - req->replies = NULL; - req->num_replies = 0; - - break; - - default: - ret = LDB_ERR_PROTOCOL_ERROR; - break; - } - - if (ret != LDB_SUCCESS) { - - /* if the callback failed the caller will have freed the - * request. Just return and don't try to use it */ - if ( ! callback_failed) { - request_done = true; - } - } - - /* mark the request as not being in progress */ - ac->in_ildb_callback = false; - - if (request_done) { - ildb_request_done(ac, controls, ret); - } - - return; -} - -static int ildb_request_send(struct ildb_context *ac, struct ldap_message *msg) -{ - struct ldb_context *ldb; - struct ldap_request *req; - - if (!ac) { - return LDB_ERR_OPERATIONS_ERROR; - } - - ldb = ldb_module_get_ctx(ac->module); - - ldb_request_set_state(ac->req, LDB_ASYNC_PENDING); - - req = ldap_request_send(ac->ildb->ldap, msg); - if (req == NULL) { - ldb_set_errstring(ldb, "async send request failed"); - return LDB_ERR_OPERATIONS_ERROR; - } - ac->ireq = talloc_reparent(ac->ildb->ldap, ac, req); - - if (!ac->ireq->conn) { - ldb_set_errstring(ldb, "connection to remote LDAP server dropped?"); - return LDB_ERR_OPERATIONS_ERROR; - } - - talloc_free(req->time_event); - req->time_event = NULL; - if (ac->req->timeout) { - req->time_event = tevent_add_timer(ac->ildb->event_ctx, ac, - timeval_current_ofs(ac->req->timeout, 0), - ildb_request_timeout, ac); - } - - req->async.fn = ildb_callback; - req->async.private_data = ac; - - return LDB_SUCCESS; -} - -/* - search for matching records using an asynchronous function - */ -static int ildb_search(struct ildb_context *ac) -{ - struct ldb_context *ldb; - struct ldb_request *req = ac->req; - struct ldap_message *msg; - int n; - - ldb = ldb_module_get_ctx(ac->module); - - if (!req->callback || !req->context) { - ldb_set_errstring(ldb, "Async interface called with NULL callback function or NULL context"); - return LDB_ERR_OPERATIONS_ERROR; - } - - if (req->op.search.tree == NULL) { - ldb_set_errstring(ldb, "Invalid expression parse tree"); - return LDB_ERR_OPERATIONS_ERROR; - } - - msg = new_ldap_message(req); - if (msg == NULL) { - ldb_set_errstring(ldb, "Out of Memory"); - return LDB_ERR_OPERATIONS_ERROR; - } - - msg->type = LDAP_TAG_SearchRequest; - - if (req->op.search.base == NULL) { - msg->r.SearchRequest.basedn = talloc_strdup(msg, ""); - } else { - msg->r.SearchRequest.basedn = ldb_dn_get_extended_linearized(msg, req->op.search.base, 0); - } - if (msg->r.SearchRequest.basedn == NULL) { - ldb_set_errstring(ldb, "Unable to determine baseDN"); - talloc_free(msg); - return LDB_ERR_OPERATIONS_ERROR; - } - - if (req->op.search.scope == LDB_SCOPE_DEFAULT) { - msg->r.SearchRequest.scope = LDB_SCOPE_SUBTREE; - } else { - msg->r.SearchRequest.scope = req->op.search.scope; - } - - msg->r.SearchRequest.deref = LDAP_DEREFERENCE_NEVER; - msg->r.SearchRequest.timelimit = 0; - msg->r.SearchRequest.sizelimit = 0; - msg->r.SearchRequest.attributesonly = 0; - msg->r.SearchRequest.tree = discard_const(req->op.search.tree); - - for (n = 0; req->op.search.attrs && req->op.search.attrs[n]; n++) /* noop */ ; - msg->r.SearchRequest.num_attributes = n; - msg->r.SearchRequest.attributes = req->op.search.attrs; - msg->controls = req->controls; - - return ildb_request_send(ac, msg); -} - -/* - add a record -*/ -static int ildb_add(struct ildb_context *ac) -{ - struct ldb_request *req = ac->req; - struct ldap_message *msg; - struct ldap_mod **mods; - int i,n; - - msg = new_ldap_message(req); - if (msg == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - - msg->type = LDAP_TAG_AddRequest; - - msg->r.AddRequest.dn = ldb_dn_get_extended_linearized(msg, req->op.add.message->dn, 0); - if (msg->r.AddRequest.dn == NULL) { - talloc_free(msg); - return LDB_ERR_INVALID_DN_SYNTAX; - } - - mods = ildb_msg_to_mods(msg, &n, req->op.add.message, 0); - if (mods == NULL) { - talloc_free(msg); - return LDB_ERR_OPERATIONS_ERROR; - } - - msg->r.AddRequest.num_attributes = n; - msg->r.AddRequest.attributes = talloc_array(msg, struct ldb_message_element, n); - if (msg->r.AddRequest.attributes == NULL) { - talloc_free(msg); - return LDB_ERR_OPERATIONS_ERROR; - } - - for (i = 0; i < n; i++) { - msg->r.AddRequest.attributes[i] = mods[i]->attrib; - } - msg->controls = req->controls; - - return ildb_request_send(ac, msg); -} - -/* - modify a record -*/ -static int ildb_modify(struct ildb_context *ac) -{ - struct ldb_request *req = ac->req; - struct ldap_message *msg; - struct ldap_mod **mods; - int i,n; - - msg = new_ldap_message(req); - if (msg == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - - msg->type = LDAP_TAG_ModifyRequest; - - msg->r.ModifyRequest.dn = ldb_dn_get_extended_linearized(msg, req->op.mod.message->dn, 0); - if (msg->r.ModifyRequest.dn == NULL) { - talloc_free(msg); - return LDB_ERR_INVALID_DN_SYNTAX; - } - - mods = ildb_msg_to_mods(msg, &n, req->op.mod.message, 1); - if (mods == NULL) { - talloc_free(msg); - return LDB_ERR_OPERATIONS_ERROR; - } - - msg->r.ModifyRequest.num_mods = n; - msg->r.ModifyRequest.mods = talloc_array(msg, struct ldap_mod, n); - if (msg->r.ModifyRequest.mods == NULL) { - talloc_free(msg); - return LDB_ERR_OPERATIONS_ERROR; - } - - for (i = 0; i < n; i++) { - msg->r.ModifyRequest.mods[i] = *mods[i]; - } - msg->controls = req->controls; - return ildb_request_send(ac, msg); -} - -/* - delete a record -*/ -static int ildb_delete(struct ildb_context *ac) -{ - struct ldb_request *req = ac->req; - struct ldap_message *msg; - - msg = new_ldap_message(req); - if (msg == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - - msg->type = LDAP_TAG_DelRequest; - - msg->r.DelRequest.dn = ldb_dn_get_extended_linearized(msg, req->op.del.dn, 0); - if (msg->r.DelRequest.dn == NULL) { - talloc_free(msg); - return LDB_ERR_INVALID_DN_SYNTAX; - } - msg->controls = req->controls; - - return ildb_request_send(ac, msg); -} - -/* - rename a record -*/ -static int ildb_rename(struct ildb_context *ac) -{ - struct ldb_request *req = ac->req; - struct ldap_message *msg; - const char *rdn_name; - const struct ldb_val *rdn_val; - - msg = new_ldap_message(req); - if (msg == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - - msg->type = LDAP_TAG_ModifyDNRequest; - msg->r.ModifyDNRequest.dn = ldb_dn_get_extended_linearized(msg, req->op.rename.olddn, 0); - if (msg->r.ModifyDNRequest.dn == NULL) { - talloc_free(msg); - return LDB_ERR_INVALID_DN_SYNTAX; - } - - rdn_name = ldb_dn_get_rdn_name(req->op.rename.newdn); - rdn_val = ldb_dn_get_rdn_val(req->op.rename.newdn); - - if ((rdn_name != NULL) && (rdn_val != NULL)) { - msg->r.ModifyDNRequest.newrdn = - talloc_asprintf(msg, "%s=%s", rdn_name, - rdn_val->length > 0 ? ldb_dn_escape_value(msg, *rdn_val) : ""); - } else { - msg->r.ModifyDNRequest.newrdn = talloc_strdup(msg, ""); - } - if (msg->r.ModifyDNRequest.newrdn == NULL) { - talloc_free(msg); - return LDB_ERR_OPERATIONS_ERROR; - } - - msg->r.ModifyDNRequest.newsuperior = - ldb_dn_alloc_linearized(msg, ldb_dn_get_parent(msg, req->op.rename.newdn)); - if (msg->r.ModifyDNRequest.newsuperior == NULL) { - talloc_free(msg); - return LDB_ERR_INVALID_DN_SYNTAX; - } - - msg->r.ModifyDNRequest.deleteolddn = true; - msg->controls = req->controls; - - return ildb_request_send(ac, msg); -} - -static int ildb_start_trans(struct ldb_module *module) -{ - /* TODO implement a local locking mechanism here */ - - return LDB_SUCCESS; -} - -static int ildb_end_trans(struct ldb_module *module) -{ - /* TODO implement a local transaction mechanism here */ - - return LDB_SUCCESS; -} - -static int ildb_del_trans(struct ldb_module *module) -{ - /* TODO implement a local locking mechanism here */ - - return LDB_SUCCESS; -} - -static bool ildb_dn_is_special(struct ldb_request *req) -{ - struct ldb_dn *dn = NULL; - - switch (req->operation) { - case LDB_ADD: - dn = req->op.add.message->dn; - break; - case LDB_MODIFY: - dn = req->op.mod.message->dn; - break; - case LDB_DELETE: - dn = req->op.del.dn; - break; - case LDB_RENAME: - dn = req->op.rename.olddn; - break; - default: - break; - } - - if (dn && ldb_dn_is_special(dn)) { - return true; - } - return false; -} - -static int ildb_handle_request(struct ldb_module *module, struct ldb_request *req) -{ - struct ldb_context *ldb; - struct ildb_private *ildb; - struct ildb_context *ac; - struct tevent_timer *te; - int ret; - - ildb = talloc_get_type(ldb_module_get_private(module), struct ildb_private); - ldb = ldb_module_get_ctx(module); - - if (req->starttime == 0 || req->timeout == 0) { - ldb_set_errstring(ldb, "Invalid timeout settings"); - return LDB_ERR_TIME_LIMIT_EXCEEDED; - } - - ac = talloc_zero(req, struct ildb_context); - if (ac == NULL) { - ldb_set_errstring(ldb, "Out of Memory"); - return LDB_ERR_OPERATIONS_ERROR; - } - - ac->module = module; - ac->req = req; - ac->ildb = ildb; - - if (ildb_dn_is_special(req)) { - - te = tevent_add_timer(ac->ildb->event_ctx, - ac, timeval_zero(), - ildb_auto_done_callback, ac); - if (NULL == te) { - return LDB_ERR_OPERATIONS_ERROR; - } - - return LDB_SUCCESS; - } - - switch (ac->req->operation) { - case LDB_SEARCH: - ret = ildb_search(ac); - break; - case LDB_ADD: - ret = ildb_add(ac); - break; - case LDB_MODIFY: - ret = ildb_modify(ac); - break; - case LDB_DELETE: - ret = ildb_delete(ac); - break; - case LDB_RENAME: - ret = ildb_rename(ac); - break; - default: - /* no other op supported */ - ret = LDB_ERR_PROTOCOL_ERROR; - break; - } - - return ret; -} - -static const struct ldb_module_ops ildb_ops = { - .name = "ldap", - .search = ildb_handle_request, - .add = ildb_handle_request, - .modify = ildb_handle_request, - .del = ildb_handle_request, - .rename = ildb_handle_request, -/* .request = ildb_handle_request, */ - .start_transaction = ildb_start_trans, - .end_transaction = ildb_end_trans, - .del_transaction = ildb_del_trans, -}; - -/* - connect to the database -*/ -static int ildb_connect(struct ldb_context *ldb, const char *url, - unsigned int flags, const char *options[], - struct ldb_module **_module) -{ - struct ldb_module *module; - struct ildb_private *ildb; - NTSTATUS status; - struct cli_credentials *creds; - struct loadparm_context *lp_ctx; - - module = ldb_module_new(ldb, ldb, "ldb_ildap backend", &ildb_ops); - if (!module) return LDB_ERR_OPERATIONS_ERROR; - - ildb = talloc(module, struct ildb_private); - if (!ildb) { - ldb_oom(ldb); - goto failed; - } - ldb_module_set_private(module, ildb); - - ildb->event_ctx = ldb_get_event_context(ldb); - - lp_ctx = talloc_get_type(ldb_get_opaque(ldb, "loadparm"), - struct loadparm_context); - - ildb->ldap = ldap4_new_connection(ildb, lp_ctx, - ildb->event_ctx); - if (!ildb->ldap) { - ldb_oom(ldb); - goto failed; - } - - if (flags & LDB_FLG_RECONNECT) { - ldap_set_reconn_params(ildb->ldap, 10); - } - - status = ldap_connect(ildb->ldap, url); - if (!NT_STATUS_IS_OK(status)) { - ldb_debug(ldb, LDB_DEBUG_ERROR, "Failed to connect to ldap URL '%s' - %s", - url, ldap_errstr(ildb->ldap, module, status)); - goto failed; - } - - /* caller can optionally setup credentials using the opaque token 'credentials' */ - creds = talloc_get_type(ldb_get_opaque(ldb, "credentials"), struct cli_credentials); - if (creds == NULL) { - struct auth_session_info *session_info = talloc_get_type(ldb_get_opaque(ldb, "sessionInfo"), struct auth_session_info); - if (session_info) { - creds = session_info->credentials; - } - } - - if (creds != NULL && cli_credentials_authentication_requested(creds)) { - const char *bind_dn = cli_credentials_get_bind_dn(creds); - if (bind_dn) { - const char *password = cli_credentials_get_password(creds); - status = ldap_bind_simple(ildb->ldap, bind_dn, password); - if (!NT_STATUS_IS_OK(status)) { - ldb_debug(ldb, LDB_DEBUG_ERROR, "Failed to bind - %s", - ldap_errstr(ildb->ldap, module, status)); - goto failed; - } - } else { - status = ldap_bind_sasl(ildb->ldap, creds, lp_ctx); - if (!NT_STATUS_IS_OK(status)) { - ldb_debug(ldb, LDB_DEBUG_ERROR, "Failed to bind - %s", - ldap_errstr(ildb->ldap, module, status)); - goto failed; - } - } - } - - *_module = module; - return LDB_SUCCESS; - -failed: - talloc_free(module); - return LDB_ERR_OPERATIONS_ERROR; -} - -/* - initialise the module - */ -_PUBLIC_ int ldb_ildap_init(const char *ldb_version) -{ - int ret, i; - const char *names[] = { "ldap", "ldaps", "ldapi", NULL }; - for (i=0; names[i]; i++) { - ret = ldb_register_backend(names[i], ildb_connect, true); - if (ret != LDB_SUCCESS) { - return ret; - } - } - return LDB_SUCCESS; -} diff --git a/source4/lib/ldb-samba/ldb_wrap.c b/source4/lib/ldb-samba/ldb_wrap.c deleted file mode 100644 index 66213bf288..0000000000 --- a/source4/lib/ldb-samba/ldb_wrap.c +++ /dev/null @@ -1,365 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - LDB wrap functions - - Copyright (C) Andrew Tridgell 2004-2009 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -/* - the stupidity of the unix fcntl locking design forces us to never - allow a database file to be opened twice in the same process. These - wrappers provide convenient access to a tdb or ldb, taking advantage - of talloc destructors to ensure that only a single open is done -*/ - -#include "includes.h" -#include "lib/events/events.h" -#include <ldb.h> -#include <ldb_errors.h> -#include "lib/ldb-samba/ldif_handlers.h" -#include "ldb_wrap.h" -#include "dsdb/samdb/samdb.h" -#include "param/param.h" -#include "../lib/util/dlinklist.h" -#include "../lib/tdb_compat/tdb_compat.h" - -/* - this is used to catch debug messages from ldb -*/ -static void ldb_wrap_debug(void *context, enum ldb_debug_level level, - const char *fmt, va_list ap) PRINTF_ATTRIBUTE(3,0); - -static void ldb_wrap_debug(void *context, enum ldb_debug_level level, - const char *fmt, va_list ap) -{ - int samba_level = -1; - char *s = NULL; - switch (level) { - case LDB_DEBUG_FATAL: - samba_level = 0; - break; - case LDB_DEBUG_ERROR: - samba_level = 1; - break; - case LDB_DEBUG_WARNING: - samba_level = 2; - break; - case LDB_DEBUG_TRACE: - samba_level = 5; - break; - - }; - vasprintf(&s, fmt, ap); - if (!s) return; - DEBUG(samba_level, ("ldb: %s\n", s)); - free(s); -} - - -/* - connecting to a ldb can be a relatively expensive operation because - of the schema and partition loads. We keep a list of open ldb - contexts here, and try to re-use when possible. - - This means callers of ldb_wrap_connect() must use talloc_unlink() or - the free of a parent to destroy the context - */ -static struct ldb_wrap { - struct ldb_wrap *next, *prev; - struct ldb_wrap_context { - /* the context is what we use to tell if two ldb - * connections are exactly equivalent - */ - const char *url; - struct tevent_context *ev; - struct loadparm_context *lp_ctx; - struct auth_session_info *session_info; - struct cli_credentials *credentials; - unsigned int flags; - } context; - struct ldb_context *ldb; -} *ldb_wrap_list; - -/* - free a ldb_wrap structure - */ -static int ldb_wrap_destructor(struct ldb_wrap *w) -{ - DLIST_REMOVE(ldb_wrap_list, w); - return 0; -} - -/* - * The casefolder for s4's LDB databases - Unicode-safe - */ -char *wrap_casefold(void *context, void *mem_ctx, const char *s, size_t n) -{ - return strupper_talloc_n(mem_ctx, s, n); -} - - - struct ldb_context *samba_ldb_init(TALLOC_CTX *mem_ctx, - struct tevent_context *ev, - struct loadparm_context *lp_ctx, - struct auth_session_info *session_info, - struct cli_credentials *credentials) -{ - struct ldb_context *ldb; - int ret; - - ldb = ldb_init(mem_ctx, ev); - if (ldb == NULL) { - return NULL; - } - - ldb_set_modules_dir(ldb, modules_path(ldb, "ldb")); - - ldb_set_debug(ldb, ldb_wrap_debug, NULL); - - ldb_set_utf8_fns(ldb, NULL, wrap_casefold); - - if (session_info) { - if (ldb_set_opaque(ldb, "sessionInfo", session_info)) { - talloc_free(ldb); - return NULL; - } - } - - if (credentials) { - if (ldb_set_opaque(ldb, "credentials", credentials)) { - talloc_free(ldb); - return NULL; - } - } - - if (ldb_set_opaque(ldb, "loadparm", lp_ctx)) { - talloc_free(ldb); - return NULL; - } - - /* This must be done before we load the schema, as these - * handlers for objectSid and objectGUID etc must take - * precedence over the 'binary attribute' declaration in the - * schema */ - ret = ldb_register_samba_handlers(ldb); - if (ret != LDB_SUCCESS) { - talloc_free(ldb); - return NULL; - } - - /* we usually want Samba databases to be private. If we later - find we need one public, we will need to add a parameter to - ldb_wrap_connect() */ - ldb_set_create_perms(ldb, 0600); - - return ldb; -} - - struct ldb_context *ldb_wrap_find(const char *url, - struct tevent_context *ev, - struct loadparm_context *lp_ctx, - struct auth_session_info *session_info, - struct cli_credentials *credentials, - unsigned int flags) -{ - struct ldb_wrap *w; - /* see if we can re-use an existing ldb */ - for (w=ldb_wrap_list; w; w=w->next) { - if (w->context.ev == ev && - w->context.lp_ctx == lp_ctx && - w->context.session_info == session_info && - w->context.credentials == credentials && - w->context.flags == flags && - (w->context.url == url || strcmp(w->context.url, url) == 0)) - return w->ldb; - } - - return NULL; -} - -int samba_ldb_connect(struct ldb_context *ldb, struct loadparm_context *lp_ctx, - const char *url, unsigned int flags) -{ - int ret; - char *real_url = NULL; - - /* allow admins to force non-sync ldb for all databases */ - if (lpcfg_parm_bool(lp_ctx, NULL, "ldb", "nosync", false)) { - flags |= LDB_FLG_NOSYNC; - } - - if (DEBUGLVL(10)) { - flags |= LDB_FLG_ENABLE_TRACING; - } - - real_url = lpcfg_private_path(ldb, lp_ctx, url); - if (real_url == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - - ret = ldb_connect(ldb, real_url, flags, NULL); - - if (ret != LDB_SUCCESS) { - return ret; - } - - /* setup for leak detection */ - ldb_set_opaque(ldb, "wrap_url", real_url); - - return LDB_SUCCESS; -} - - bool ldb_wrap_add(const char *url, struct tevent_context *ev, - struct loadparm_context *lp_ctx, - struct auth_session_info *session_info, - struct cli_credentials *credentials, - unsigned int flags, - struct ldb_context *ldb) -{ - struct ldb_wrap *w; - struct ldb_wrap_context c; - - /* add to the list of open ldb contexts */ - w = talloc(ldb, struct ldb_wrap); - if (w == NULL) { - return false; - } - - c.url = url; - c.ev = ev; - c.lp_ctx = lp_ctx; - c.session_info = session_info; - c.credentials = credentials; - c.flags = flags; - - w->context = c; - w->context.url = talloc_strdup(w, url); - if (w->context.url == NULL) { - return false; - } - - if (session_info) { - /* take a reference to the session_info, as it is - * possible for the ldb to live longer than the - * session_info. This happens when a DRS DsBind call - * reuses a handle, but the original connection is - * shutdown. The token for the new connection is still - * valid, so we need the session_info to remain valid for - * ldb modules to use - */ - if (talloc_reference(w, session_info) == NULL) { - return false; - } - } - - w->ldb = ldb; - - DLIST_ADD(ldb_wrap_list, w); - - talloc_set_destructor(w, ldb_wrap_destructor); - - return true; -} - - -/* - wrapped connection to a ldb database - to close just talloc_free() the returned ldb_context - - TODO: We need an error_string parameter - */ - struct ldb_context *ldb_wrap_connect(TALLOC_CTX *mem_ctx, - struct tevent_context *ev, - struct loadparm_context *lp_ctx, - const char *url, - struct auth_session_info *session_info, - struct cli_credentials *credentials, - unsigned int flags) -{ - struct ldb_context *ldb; - int ret; - - ldb = ldb_wrap_find(url, ev, lp_ctx, session_info, credentials, flags); - if (ldb != NULL) - return talloc_reference(mem_ctx, ldb); - - ldb = samba_ldb_init(mem_ctx, ev, lp_ctx, session_info, credentials); - - if (ldb == NULL) - return NULL; - - ret = samba_ldb_connect(ldb, lp_ctx, url, flags); - if (ret != LDB_SUCCESS) { - talloc_free(ldb); - return NULL; - } - - if (!ldb_wrap_add(url, ev, lp_ctx, session_info, credentials, flags, ldb)) { - talloc_free(ldb); - return NULL; - } - - DEBUG(3,("ldb_wrap open of %s\n", url)); - - return ldb; -} - -/* - when we fork() we need to make sure that any open ldb contexts have - any open transactions cancelled - */ - void ldb_wrap_fork_hook(void) -{ - struct ldb_wrap *w; - - for (w=ldb_wrap_list; w; w=w->next) { - if (ldb_transaction_cancel_noerr(w->ldb) != LDB_SUCCESS) { - smb_panic("Failed to cancel child transactions\n"); - } - } - - if (tdb_reopen_all(1) == -1) { - smb_panic("tdb_reopen_all failed\n"); - } -} - - char *ldb_relative_path(struct ldb_context *ldb, - TALLOC_CTX *mem_ctx, - const char *name) -{ - const char *base_url = - (const char *)ldb_get_opaque(ldb, "ldb_url"); - char *path, *p, *full_name; - if (name == NULL) { - return NULL; - } - if (strncmp("tdb://", base_url, 6) == 0) { - base_url = base_url+6; - } - path = talloc_strdup(mem_ctx, base_url); - if (path == NULL) { - return NULL; - } - if ( (p = strrchr(path, '/')) != NULL) { - p[0] = '\0'; - full_name = talloc_asprintf(mem_ctx, "%s/%s", path, name); - } else { - full_name = talloc_asprintf(mem_ctx, "./%s", name); - } - talloc_free(path); - return full_name; -} diff --git a/source4/lib/ldb-samba/ldb_wrap.h b/source4/lib/ldb-samba/ldb_wrap.h deleted file mode 100644 index aa7ccb3a23..0000000000 --- a/source4/lib/ldb-samba/ldb_wrap.h +++ /dev/null @@ -1,70 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - database wrap headers - - Copyright (C) Andrew Tridgell 2004 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#ifndef _LDB_WRAP_H_ -#define _LDB_WRAP_H_ - -#include <talloc.h> - -struct auth_session_info; -struct ldb_message; -struct ldb_dn; -struct cli_credentials; -struct loadparm_context; -struct tevent_context; - -char *wrap_casefold(void *context, void *mem_ctx, const char *s, size_t n); - -struct ldb_context *ldb_wrap_connect(TALLOC_CTX *mem_ctx, - struct tevent_context *ev, - struct loadparm_context *lp_ctx, - const char *url, - struct auth_session_info *session_info, - struct cli_credentials *credentials, - unsigned int flags); - -void ldb_wrap_fork_hook(void); - -struct ldb_context *samba_ldb_init(TALLOC_CTX *mem_ctx, - struct tevent_context *ev, - struct loadparm_context *lp_ctx, - struct auth_session_info *session_info, - struct cli_credentials *credentials); -struct ldb_context *ldb_wrap_find(const char *url, - struct tevent_context *ev, - struct loadparm_context *lp_ctx, - struct auth_session_info *session_info, - struct cli_credentials *credentials, - unsigned int flags); -bool ldb_wrap_add(const char *url, struct tevent_context *ev, - struct loadparm_context *lp_ctx, - struct auth_session_info *session_info, - struct cli_credentials *credentials, - unsigned int flags, - struct ldb_context *ldb); -char *ldb_relative_path(struct ldb_context *ldb, - TALLOC_CTX *mem_ctx, - const char *name); - -int samba_ldb_connect(struct ldb_context *ldb, struct loadparm_context *lp_ctx, - const char *url, unsigned int flags); - -#endif /* _LDB_WRAP_H_ */ diff --git a/source4/lib/ldb-samba/ldif_handlers.c b/source4/lib/ldb-samba/ldif_handlers.c deleted file mode 100644 index af3c4b46e1..0000000000 --- a/source4/lib/ldb-samba/ldif_handlers.c +++ /dev/null @@ -1,1416 +0,0 @@ -/* - ldb database library - ldif handlers for Samba - - Copyright (C) Andrew Tridgell 2005 - Copyright (C) Andrew Bartlett 2006-2009 - Copyright (C) Matthias Dieter Wallnöfer 2009 - ** NOTE! The following LGPL license applies to the ldb - ** library. This does NOT imply that all of Samba is released - ** under the LGPL - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 3 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with this library; if not, see <http://www.gnu.org/licenses/>. -*/ - -#include "includes.h" -#include <ldb.h> -#include <ldb_module.h> -#include "ldb_handlers.h" -#include "dsdb/samdb/samdb.h" -#include "librpc/gen_ndr/ndr_security.h" -#include "librpc/gen_ndr/ndr_misc.h" -#include "librpc/gen_ndr/ndr_drsblobs.h" -#include "librpc/gen_ndr/ndr_dnsp.h" -#include "librpc/ndr/libndr.h" -#include "libcli/security/security.h" -#include "param/param.h" -#include "../lib/util/asn1.h" - -/* - use ndr_print_* to convert a NDR formatted blob to a ldif formatted blob - - If mask_errors is true, then function succeeds but out data - is set to "<Unable to decode binary data>" message - - \return 0 on success; -1 on error -*/ -static int ldif_write_NDR(struct ldb_context *ldb, void *mem_ctx, - const struct ldb_val *in, struct ldb_val *out, - size_t struct_size, - ndr_pull_flags_fn_t pull_fn, - ndr_print_fn_t print_fn, - bool mask_errors) -{ - uint8_t *p; - enum ndr_err_code err; - if (!(ldb_get_flags(ldb) & LDB_FLG_SHOW_BINARY)) { - return ldb_handler_copy(ldb, mem_ctx, in, out); - } - p = talloc_size(mem_ctx, struct_size); - err = ndr_pull_struct_blob(in, mem_ctx, - p, pull_fn); - if (err != NDR_ERR_SUCCESS) { - /* fail in not in mask_error mode */ - if (!mask_errors) { - return -1; - } - talloc_free(p); - out->data = (uint8_t *)talloc_strdup(mem_ctx, "<Unable to decode binary data>"); - out->length = strlen((const char *)out->data); - return 0; - } - out->data = (uint8_t *)ndr_print_struct_string(mem_ctx, print_fn, "NDR", p); - talloc_free(p); - if (out->data == NULL) { - return ldb_handler_copy(ldb, mem_ctx, in, out); - } - out->length = strlen((char *)out->data); - return 0; -} - -/* - convert a ldif formatted objectSid to a NDR formatted blob -*/ -static int ldif_read_objectSid(struct ldb_context *ldb, void *mem_ctx, - const struct ldb_val *in, struct ldb_val *out) -{ - enum ndr_err_code ndr_err; - struct dom_sid *sid; - sid = dom_sid_parse_length(mem_ctx, in); - if (sid == NULL) { - return -1; - } - ndr_err = ndr_push_struct_blob(out, mem_ctx, sid, - (ndr_push_flags_fn_t)ndr_push_dom_sid); - talloc_free(sid); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - return -1; - } - return 0; -} - -/* - convert a NDR formatted blob to a ldif formatted objectSid -*/ -int ldif_write_objectSid(struct ldb_context *ldb, void *mem_ctx, - const struct ldb_val *in, struct ldb_val *out) -{ - struct dom_sid *sid; - enum ndr_err_code ndr_err; - - sid = talloc(mem_ctx, struct dom_sid); - if (sid == NULL) { - return -1; - } - ndr_err = ndr_pull_struct_blob_all(in, sid, sid, - (ndr_pull_flags_fn_t)ndr_pull_dom_sid); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - talloc_free(sid); - return -1; - } - *out = data_blob_string_const(dom_sid_string(mem_ctx, sid)); - talloc_free(sid); - if (out->data == NULL) { - return -1; - } - return 0; -} - -bool ldif_comparision_objectSid_isString(const struct ldb_val *v) -{ - if (v->length < 3) { - return false; - } - - if (strncmp("S-", (const char *)v->data, 2) != 0) return false; - - return true; -} - -/* - compare two objectSids -*/ -static int ldif_comparison_objectSid(struct ldb_context *ldb, void *mem_ctx, - const struct ldb_val *v1, const struct ldb_val *v2) -{ - if (ldif_comparision_objectSid_isString(v1) && ldif_comparision_objectSid_isString(v2)) { - return ldb_comparison_binary(ldb, mem_ctx, v1, v2); - } else if (ldif_comparision_objectSid_isString(v1) - && !ldif_comparision_objectSid_isString(v2)) { - struct ldb_val v; - int ret; - if (ldif_read_objectSid(ldb, mem_ctx, v1, &v) != 0) { - /* Perhaps not a string after all */ - return ldb_comparison_binary(ldb, mem_ctx, v1, v2); - } - ret = ldb_comparison_binary(ldb, mem_ctx, &v, v2); - talloc_free(v.data); - return ret; - } else if (!ldif_comparision_objectSid_isString(v1) - && ldif_comparision_objectSid_isString(v2)) { - struct ldb_val v; - int ret; - if (ldif_read_objectSid(ldb, mem_ctx, v2, &v) != 0) { - /* Perhaps not a string after all */ - return ldb_comparison_binary(ldb, mem_ctx, v1, v2); - } - ret = ldb_comparison_binary(ldb, mem_ctx, v1, &v); - talloc_free(v.data); - return ret; - } - return ldb_comparison_binary(ldb, mem_ctx, v1, v2); -} - -/* - canonicalise a objectSid -*/ -static int ldif_canonicalise_objectSid(struct ldb_context *ldb, void *mem_ctx, - const struct ldb_val *in, struct ldb_val *out) -{ - if (ldif_comparision_objectSid_isString(in)) { - if (ldif_read_objectSid(ldb, mem_ctx, in, out) != 0) { - /* Perhaps not a string after all */ - return ldb_handler_copy(ldb, mem_ctx, in, out); - } - return 0; - } - return ldb_handler_copy(ldb, mem_ctx, in, out); -} - -static int extended_dn_read_SID(struct ldb_context *ldb, void *mem_ctx, - const struct ldb_val *in, struct ldb_val *out) -{ - struct dom_sid sid; - enum ndr_err_code ndr_err; - if (ldif_comparision_objectSid_isString(in)) { - if (ldif_read_objectSid(ldb, mem_ctx, in, out) == 0) { - return 0; - } - } - - /* Perhaps not a string after all */ - *out = data_blob_talloc(mem_ctx, NULL, in->length/2+1); - - if (!out->data) { - return -1; - } - - (*out).length = strhex_to_str((char *)out->data, out->length, - (const char *)in->data, in->length); - - /* Check it looks like a SID */ - ndr_err = ndr_pull_struct_blob_all(out, mem_ctx, &sid, - (ndr_pull_flags_fn_t)ndr_pull_dom_sid); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - return -1; - } - return 0; -} - -/* - convert a ldif formatted objectGUID to a NDR formatted blob -*/ -static int ldif_read_objectGUID(struct ldb_context *ldb, void *mem_ctx, - const struct ldb_val *in, struct ldb_val *out) -{ - struct GUID guid; - NTSTATUS status; - - status = GUID_from_data_blob(in, &guid); - if (!NT_STATUS_IS_OK(status)) { - return -1; - } - - status = GUID_to_ndr_blob(&guid, mem_ctx, out); - if (!NT_STATUS_IS_OK(status)) { - return -1; - } - return 0; -} - -/* - convert a NDR formatted blob to a ldif formatted objectGUID -*/ -static int ldif_write_objectGUID(struct ldb_context *ldb, void *mem_ctx, - const struct ldb_val *in, struct ldb_val *out) -{ - struct GUID guid; - NTSTATUS status; - - status = GUID_from_ndr_blob(in, &guid); - if (!NT_STATUS_IS_OK(status)) { - return -1; - } - out->data = (uint8_t *)GUID_string(mem_ctx, &guid); - if (out->data == NULL) { - return -1; - } - out->length = strlen((const char *)out->data); - return 0; -} - -static bool ldif_comparision_objectGUID_isString(const struct ldb_val *v) -{ - if (v->length != 36 && v->length != 38) return false; - - /* Might be a GUID string, can't be a binary GUID (fixed 16 bytes) */ - return true; -} - -static int extended_dn_read_GUID(struct ldb_context *ldb, void *mem_ctx, - const struct ldb_val *in, struct ldb_val *out) -{ - struct GUID guid; - NTSTATUS status; - - if (in->length == 36 && ldif_read_objectGUID(ldb, mem_ctx, in, out) == 0) { - return 0; - } - - /* Try as 'hex' form */ - if (in->length != 32) { - return -1; - } - - *out = data_blob_talloc(mem_ctx, NULL, in->length/2+1); - - if (!out->data) { - return -1; - } - - (*out).length = strhex_to_str((char *)out->data, out->length, - (const char *)in->data, in->length); - - /* Check it looks like a GUID */ - status = GUID_from_ndr_blob(out, &guid); - if (!NT_STATUS_IS_OK(status)) { - data_blob_free(out); - return -1; - } - return 0; -} - -/* - compare two objectGUIDs -*/ -static int ldif_comparison_objectGUID(struct ldb_context *ldb, void *mem_ctx, - const struct ldb_val *v1, const struct ldb_val *v2) -{ - if (ldif_comparision_objectGUID_isString(v1) && ldif_comparision_objectGUID_isString(v2)) { - return ldb_comparison_binary(ldb, mem_ctx, v1, v2); - } else if (ldif_comparision_objectGUID_isString(v1) - && !ldif_comparision_objectGUID_isString(v2)) { - struct ldb_val v; - int ret; - if (ldif_read_objectGUID(ldb, mem_ctx, v1, &v) != 0) { - /* Perhaps it wasn't a valid string after all */ - return ldb_comparison_binary(ldb, mem_ctx, v1, v2); - } - ret = ldb_comparison_binary(ldb, mem_ctx, &v, v2); - talloc_free(v.data); - return ret; - } else if (!ldif_comparision_objectGUID_isString(v1) - && ldif_comparision_objectGUID_isString(v2)) { - struct ldb_val v; - int ret; - if (ldif_read_objectGUID(ldb, mem_ctx, v2, &v) != 0) { - /* Perhaps it wasn't a valid string after all */ - return ldb_comparison_binary(ldb, mem_ctx, v1, v2); - } - ret = ldb_comparison_binary(ldb, mem_ctx, v1, &v); - talloc_free(v.data); - return ret; - } - return ldb_comparison_binary(ldb, mem_ctx, v1, v2); -} - -/* - canonicalise a objectGUID -*/ -static int ldif_canonicalise_objectGUID(struct ldb_context *ldb, void *mem_ctx, - const struct ldb_val *in, struct ldb_val *out) -{ - if (ldif_comparision_objectGUID_isString(in)) { - if (ldif_read_objectGUID(ldb, mem_ctx, in, out) != 0) { - /* Perhaps it wasn't a valid string after all */ - return ldb_handler_copy(ldb, mem_ctx, in, out); - } - return 0; - } - return ldb_handler_copy(ldb, mem_ctx, in, out); -} - - -/* - convert a ldif (SDDL) formatted ntSecurityDescriptor to a NDR formatted blob -*/ -static int ldif_read_ntSecurityDescriptor(struct ldb_context *ldb, void *mem_ctx, - const struct ldb_val *in, struct ldb_val *out) -{ - struct security_descriptor *sd; - enum ndr_err_code ndr_err; - - sd = talloc(mem_ctx, struct security_descriptor); - if (sd == NULL) { - return -1; - } - - ndr_err = ndr_pull_struct_blob(in, sd, sd, - (ndr_pull_flags_fn_t)ndr_pull_security_descriptor); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - /* If this does not parse, then it is probably SDDL, and we should try it that way */ - - const struct dom_sid *sid = samdb_domain_sid(ldb); - talloc_free(sd); - sd = sddl_decode(mem_ctx, (const char *)in->data, sid); - if (sd == NULL) { - return -1; - } - } - - ndr_err = ndr_push_struct_blob(out, mem_ctx, sd, - (ndr_push_flags_fn_t)ndr_push_security_descriptor); - talloc_free(sd); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - return -1; - } - - return 0; -} - -/* - convert a NDR formatted blob to a ldif formatted ntSecurityDescriptor (SDDL format) -*/ -static int ldif_write_ntSecurityDescriptor(struct ldb_context *ldb, void *mem_ctx, - const struct ldb_val *in, struct ldb_val *out) -{ - struct security_descriptor *sd; - enum ndr_err_code ndr_err; - - if (ldb_get_flags(ldb) & LDB_FLG_SHOW_BINARY) { - return ldif_write_NDR(ldb, mem_ctx, in, out, - sizeof(struct security_descriptor), - (ndr_pull_flags_fn_t)ndr_pull_security_descriptor, - (ndr_print_fn_t)ndr_print_security_descriptor, - true); - - } - - sd = talloc(mem_ctx, struct security_descriptor); - if (sd == NULL) { - return -1; - } - /* We can't use ndr_pull_struct_blob_all because this contains relative pointers */ - ndr_err = ndr_pull_struct_blob(in, sd, sd, - (ndr_pull_flags_fn_t)ndr_pull_security_descriptor); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - talloc_free(sd); - return -1; - } - out->data = (uint8_t *)sddl_encode(mem_ctx, sd, samdb_domain_sid_cache_only(ldb)); - talloc_free(sd); - if (out->data == NULL) { - return -1; - } - out->length = strlen((const char *)out->data); - return 0; -} - -/* - canonicalise an objectCategory. We use the short form as the canonical form: - cn=Person,cn=Schema,cn=Configuration,<basedn> becomes 'person' -*/ - -static int ldif_canonicalise_objectCategory(struct ldb_context *ldb, void *mem_ctx, - const struct ldb_val *in, struct ldb_val *out) -{ - struct ldb_dn *dn1 = NULL; - const struct dsdb_schema *schema = dsdb_get_schema(ldb, NULL); - const struct dsdb_class *sclass; - TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); - if (!tmp_ctx) { - return LDB_ERR_OPERATIONS_ERROR; - } - - if (!schema) { - talloc_free(tmp_ctx); - *out = data_blob_talloc(mem_ctx, in->data, in->length); - if (in->data && !out->data) { - return LDB_ERR_OPERATIONS_ERROR; - } - return LDB_SUCCESS; - } - dn1 = ldb_dn_from_ldb_val(tmp_ctx, ldb, in); - if ( ! ldb_dn_validate(dn1)) { - const char *lDAPDisplayName = talloc_strndup(tmp_ctx, (char *)in->data, in->length); - sclass = dsdb_class_by_lDAPDisplayName(schema, lDAPDisplayName); - if (sclass) { - struct ldb_dn *dn = ldb_dn_new(mem_ctx, ldb, - sclass->defaultObjectCategory); - *out = data_blob_string_const(ldb_dn_alloc_casefold(mem_ctx, dn)); - talloc_free(tmp_ctx); - - if (!out->data) { - return LDB_ERR_OPERATIONS_ERROR; - } - return LDB_SUCCESS; - } else { - *out = data_blob_talloc(mem_ctx, in->data, in->length); - talloc_free(tmp_ctx); - - if (in->data && !out->data) { - return LDB_ERR_OPERATIONS_ERROR; - } - return LDB_SUCCESS; - } - } - *out = data_blob_string_const(ldb_dn_alloc_casefold(mem_ctx, dn1)); - talloc_free(tmp_ctx); - - if (!out->data) { - return LDB_ERR_OPERATIONS_ERROR; - } - return LDB_SUCCESS; -} - -static int ldif_comparison_objectCategory(struct ldb_context *ldb, void *mem_ctx, - const struct ldb_val *v1, - const struct ldb_val *v2) -{ - return ldb_any_comparison(ldb, mem_ctx, ldif_canonicalise_objectCategory, - v1, v2); -} - -/* - convert a NDR formatted blob to a ldif formatted schemaInfo -*/ -static int ldif_write_schemaInfo(struct ldb_context *ldb, void *mem_ctx, - const struct ldb_val *in, struct ldb_val *out) -{ - return ldif_write_NDR(ldb, mem_ctx, in, out, - sizeof(struct repsFromToBlob), - (ndr_pull_flags_fn_t)ndr_pull_schemaInfoBlob, - (ndr_print_fn_t)ndr_print_schemaInfoBlob, - true); -} - -/* - convert a ldif formatted prefixMap to a NDR formatted blob -*/ -static int ldif_read_prefixMap(struct ldb_context *ldb, void *mem_ctx, - const struct ldb_val *in, struct ldb_val *out) -{ - struct prefixMapBlob *blob; - enum ndr_err_code ndr_err; - char *string, *line, *p, *oid; - DATA_BLOB oid_blob; - - TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); - - if (tmp_ctx == NULL) { - return -1; - } - - blob = talloc_zero(tmp_ctx, struct prefixMapBlob); - if (blob == NULL) { - talloc_free(tmp_ctx); - return -1; - } - - /* use the switch value to detect if this is in the binary - * format - */ - if (in->length >= 4 && IVAL(in->data, 0) == PREFIX_MAP_VERSION_DSDB) { - ndr_err = ndr_pull_struct_blob(in, tmp_ctx, blob, - (ndr_pull_flags_fn_t)ndr_pull_prefixMapBlob); - if (NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - ndr_err = ndr_push_struct_blob(out, mem_ctx, - blob, - (ndr_push_flags_fn_t)ndr_push_prefixMapBlob); - talloc_free(tmp_ctx); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - return -1; - } - return 0; - } - } - - /* If this does not parse, then it is probably the text version, and we should try it that way */ - blob->version = PREFIX_MAP_VERSION_DSDB; - - string = talloc_strndup(mem_ctx, (const char *)in->data, in->length); - if (string == NULL) { - talloc_free(blob); - return -1; - } - - line = string; - while (line && line[0]) { - p=strchr(line, ';'); - if (p) { - p[0] = '\0'; - } else { - p=strchr(line, '\n'); - if (p) { - p[0] = '\0'; - } - } - /* allow a trailing separator */ - if (line == p) { - break; - } - - blob->ctr.dsdb.mappings = talloc_realloc(blob, - blob->ctr.dsdb.mappings, - struct drsuapi_DsReplicaOIDMapping, - blob->ctr.dsdb.num_mappings+1); - if (!blob->ctr.dsdb.mappings) { - talloc_free(tmp_ctx); - return -1; - } - - blob->ctr.dsdb.mappings[blob->ctr.dsdb.num_mappings].id_prefix = strtoul(line, &oid, 10); - - if (oid[0] != ':') { - talloc_free(tmp_ctx); - return -1; - } - - /* we know there must be at least ":" */ - oid++; - - if (!ber_write_partial_OID_String(blob->ctr.dsdb.mappings, &oid_blob, oid)) { - talloc_free(tmp_ctx); - return -1; - } - blob->ctr.dsdb.mappings[blob->ctr.dsdb.num_mappings].oid.length = oid_blob.length; - blob->ctr.dsdb.mappings[blob->ctr.dsdb.num_mappings].oid.binary_oid = oid_blob.data; - - blob->ctr.dsdb.num_mappings++; - - /* Now look past the terminator we added above */ - if (p) { - line = p + 1; - } else { - line = NULL; - } - } - - ndr_err = ndr_push_struct_blob(out, mem_ctx, - blob, - (ndr_push_flags_fn_t)ndr_push_prefixMapBlob); - talloc_free(tmp_ctx); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - return -1; - } - return 0; -} - -/* - convert a NDR formatted blob to a ldif formatted prefixMap -*/ -static int ldif_write_prefixMap(struct ldb_context *ldb, void *mem_ctx, - const struct ldb_val *in, struct ldb_val *out) -{ - struct prefixMapBlob *blob; - enum ndr_err_code ndr_err; - char *string; - uint32_t i; - - if (ldb_get_flags(ldb) & LDB_FLG_SHOW_BINARY) { - int err; - /* try to decode the blob as S4 prefixMap */ - err = ldif_write_NDR(ldb, mem_ctx, in, out, - sizeof(struct prefixMapBlob), - (ndr_pull_flags_fn_t)ndr_pull_prefixMapBlob, - (ndr_print_fn_t)ndr_print_prefixMapBlob, - false); - if (0 == err) { - return err; - } - /* try parsing it as Windows PrefixMap value */ - return ldif_write_NDR(ldb, mem_ctx, in, out, - sizeof(struct drsuapi_MSPrefixMap_Ctr), - (ndr_pull_flags_fn_t)ndr_pull_drsuapi_MSPrefixMap_Ctr, - (ndr_print_fn_t)ndr_print_drsuapi_MSPrefixMap_Ctr, - true); - } - - blob = talloc(mem_ctx, struct prefixMapBlob); - if (blob == NULL) { - return -1; - } - ndr_err = ndr_pull_struct_blob_all(in, blob, - blob, - (ndr_pull_flags_fn_t)ndr_pull_prefixMapBlob); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - goto failed; - } - if (blob->version != PREFIX_MAP_VERSION_DSDB) { - goto failed; - } - string = talloc_strdup(mem_ctx, ""); - if (string == NULL) { - goto failed; - } - - for (i=0; i < blob->ctr.dsdb.num_mappings; i++) { - DATA_BLOB oid_blob; - char *partial_oid = NULL; - - if (i > 0) { - string = talloc_asprintf_append(string, ";"); - } - - oid_blob = data_blob_const(blob->ctr.dsdb.mappings[i].oid.binary_oid, - blob->ctr.dsdb.mappings[i].oid.length); - if (!ber_read_partial_OID_String(blob, oid_blob, &partial_oid)) { - DEBUG(0, ("ber_read_partial_OID failed on prefixMap item with id: 0x%X", - blob->ctr.dsdb.mappings[i].id_prefix)); - goto failed; - } - string = talloc_asprintf_append(string, "%u:%s", - blob->ctr.dsdb.mappings[i].id_prefix, - partial_oid); - talloc_free(discard_const(partial_oid)); - if (string == NULL) { - goto failed; - } - } - - talloc_free(blob); - *out = data_blob_string_const(string); - return 0; - -failed: - talloc_free(blob); - return -1; -} - -static bool ldif_comparision_prefixMap_isString(const struct ldb_val *v) -{ - if (v->length < 4) { - return true; - } - - if (IVAL(v->data, 0) == PREFIX_MAP_VERSION_DSDB) { - return false; - } - - return true; -} - -/* - canonicalise a prefixMap -*/ -static int ldif_canonicalise_prefixMap(struct ldb_context *ldb, void *mem_ctx, - const struct ldb_val *in, struct ldb_val *out) -{ - if (ldif_comparision_prefixMap_isString(in)) { - return ldif_read_prefixMap(ldb, mem_ctx, in, out); - } - return ldb_handler_copy(ldb, mem_ctx, in, out); -} - -static int ldif_comparison_prefixMap(struct ldb_context *ldb, void *mem_ctx, - const struct ldb_val *v1, - const struct ldb_val *v2) -{ - return ldb_any_comparison(ldb, mem_ctx, ldif_canonicalise_prefixMap, - v1, v2); -} - -/* length limited conversion of a ldb_val to a int32_t */ -static int val_to_int32(const struct ldb_val *in, int32_t *v) -{ - char *end; - char buf[64]; - - /* make sure we don't read past the end of the data */ - if (in->length > sizeof(buf)-1) { - return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; - } - strncpy(buf, (char *)in->data, in->length); - buf[in->length] = 0; - - /* We've to use "strtoll" here to have the intended overflows. - * Otherwise we may get "LONG_MAX" and the conversion is wrong. */ - *v = (int32_t) strtoll(buf, &end, 0); - if (*end != 0) { - return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; - } - return LDB_SUCCESS; -} - -/* length limited conversion of a ldb_val to a int64_t */ -static int val_to_int64(const struct ldb_val *in, int64_t *v) -{ - char *end; - char buf[64]; - - /* make sure we don't read past the end of the data */ - if (in->length > sizeof(buf)-1) { - return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; - } - strncpy(buf, (char *)in->data, in->length); - buf[in->length] = 0; - - *v = (int64_t) strtoll(buf, &end, 0); - if (*end != 0) { - return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; - } - return LDB_SUCCESS; -} - -/* Canonicalisation of two 32-bit integers */ -static int ldif_canonicalise_int32(struct ldb_context *ldb, void *mem_ctx, - const struct ldb_val *in, struct ldb_val *out) -{ - int32_t i; - int ret; - - ret = val_to_int32(in, &i); - if (ret != LDB_SUCCESS) { - return ret; - } - out->data = (uint8_t *) talloc_asprintf(mem_ctx, "%d", i); - if (out->data == NULL) { - ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - out->length = strlen((char *)out->data); - return 0; -} - -/* Comparison of two 32-bit integers */ -static int ldif_comparison_int32(struct ldb_context *ldb, void *mem_ctx, - const struct ldb_val *v1, const struct ldb_val *v2) -{ - int32_t i1=0, i2=0; - val_to_int32(v1, &i1); - val_to_int32(v2, &i2); - if (i1 == i2) return 0; - return i1 > i2? 1 : -1; -} - -/* Canonicalisation of two 64-bit integers */ -static int ldif_canonicalise_int64(struct ldb_context *ldb, void *mem_ctx, - const struct ldb_val *in, struct ldb_val *out) -{ - int64_t i; - int ret; - - ret = val_to_int64(in, &i); - if (ret != LDB_SUCCESS) { - return ret; - } - out->data = (uint8_t *) talloc_asprintf(mem_ctx, "%lld", (long long)i); - if (out->data == NULL) { - ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - out->length = strlen((char *)out->data); - return 0; -} - -/* Comparison of two 64-bit integers */ -static int ldif_comparison_int64(struct ldb_context *ldb, void *mem_ctx, - const struct ldb_val *v1, const struct ldb_val *v2) -{ - int64_t i1=0, i2=0; - val_to_int64(v1, &i1); - val_to_int64(v2, &i2); - if (i1 == i2) return 0; - return i1 > i2? 1 : -1; -} - -/* - convert a NDR formatted blob to a ldif formatted repsFromTo -*/ -static int ldif_write_repsFromTo(struct ldb_context *ldb, void *mem_ctx, - const struct ldb_val *in, struct ldb_val *out) -{ - return ldif_write_NDR(ldb, mem_ctx, in, out, - sizeof(struct repsFromToBlob), - (ndr_pull_flags_fn_t)ndr_pull_repsFromToBlob, - (ndr_print_fn_t)ndr_print_repsFromToBlob, - true); -} - -/* - convert a NDR formatted blob to a ldif formatted replPropertyMetaData -*/ -static int ldif_write_replPropertyMetaData(struct ldb_context *ldb, void *mem_ctx, - const struct ldb_val *in, struct ldb_val *out) -{ - return ldif_write_NDR(ldb, mem_ctx, in, out, - sizeof(struct replPropertyMetaDataBlob), - (ndr_pull_flags_fn_t)ndr_pull_replPropertyMetaDataBlob, - (ndr_print_fn_t)ndr_print_replPropertyMetaDataBlob, - true); -} - -/* - convert a NDR formatted blob to a ldif formatted replUpToDateVector -*/ -static int ldif_write_replUpToDateVector(struct ldb_context *ldb, void *mem_ctx, - const struct ldb_val *in, struct ldb_val *out) -{ - return ldif_write_NDR(ldb, mem_ctx, in, out, - sizeof(struct replUpToDateVectorBlob), - (ndr_pull_flags_fn_t)ndr_pull_replUpToDateVectorBlob, - (ndr_print_fn_t)ndr_print_replUpToDateVectorBlob, - true); -} - - -/* - convert a NDR formatted blob to a ldif formatted dnsRecord -*/ -static int ldif_write_dnsRecord(struct ldb_context *ldb, void *mem_ctx, - const struct ldb_val *in, struct ldb_val *out) -{ - return ldif_write_NDR(ldb, mem_ctx, in, out, - sizeof(struct dnsp_DnssrvRpcRecord), - (ndr_pull_flags_fn_t)ndr_pull_dnsp_DnssrvRpcRecord, - (ndr_print_fn_t)ndr_print_dnsp_DnssrvRpcRecord, - true); -} - -/* - convert a NDR formatted blob of a supplementalCredentials into text -*/ -static int ldif_write_supplementalCredentialsBlob(struct ldb_context *ldb, void *mem_ctx, - const struct ldb_val *in, struct ldb_val *out) -{ - return ldif_write_NDR(ldb, mem_ctx, in, out, - sizeof(struct supplementalCredentialsBlob), - (ndr_pull_flags_fn_t)ndr_pull_supplementalCredentialsBlob, - (ndr_print_fn_t)ndr_print_supplementalCredentialsBlob, - true); -} - - -static int extended_dn_write_hex(struct ldb_context *ldb, void *mem_ctx, - const struct ldb_val *in, struct ldb_val *out) -{ - *out = data_blob_string_const(data_blob_hex_string_lower(mem_ctx, in)); - if (!out->data) { - return -1; - } - return 0; -} - -/* - compare two dns -*/ -static int samba_ldb_dn_link_comparison(struct ldb_context *ldb, void *mem_ctx, - const struct ldb_val *v1, const struct ldb_val *v2) -{ - struct ldb_dn *dn1 = NULL, *dn2 = NULL; - int ret; - - if (dsdb_dn_is_deleted_val(v1)) { - /* If the DN is deleted, then we can't search for it */ - return -1; - } - - if (dsdb_dn_is_deleted_val(v2)) { - /* If the DN is deleted, then we can't search for it */ - return -1; - } - - dn1 = ldb_dn_from_ldb_val(mem_ctx, ldb, v1); - if ( ! ldb_dn_validate(dn1)) return -1; - - dn2 = ldb_dn_from_ldb_val(mem_ctx, ldb, v2); - if ( ! ldb_dn_validate(dn2)) { - talloc_free(dn1); - return -1; - } - - ret = ldb_dn_compare(dn1, dn2); - - talloc_free(dn1); - talloc_free(dn2); - return ret; -} - -static int samba_ldb_dn_link_canonicalise(struct ldb_context *ldb, void *mem_ctx, - const struct ldb_val *in, struct ldb_val *out) -{ - struct ldb_dn *dn; - int ret = -1; - - out->length = 0; - out->data = NULL; - - dn = ldb_dn_from_ldb_val(mem_ctx, ldb, in); - if ( ! ldb_dn_validate(dn)) { - return LDB_ERR_INVALID_DN_SYNTAX; - } - - /* By including the RMD_FLAGS of a deleted DN, we ensure it - * does not casually match a not deleted DN */ - if (dsdb_dn_is_deleted_val(in)) { - out->data = (uint8_t *)talloc_asprintf(mem_ctx, - "<RMD_FLAGS=%u>%s", - dsdb_dn_val_rmd_flags(in), - ldb_dn_get_casefold(dn)); - } else { - out->data = (uint8_t *)ldb_dn_alloc_casefold(mem_ctx, dn); - } - - if (out->data == NULL) { - goto done; - } - out->length = strlen((char *)out->data); - - ret = 0; - -done: - talloc_free(dn); - - return ret; -} - - -/* - write a 64 bit 2-part range -*/ -static int ldif_write_range64(struct ldb_context *ldb, void *mem_ctx, - const struct ldb_val *in, struct ldb_val *out) -{ - int64_t v; - int ret; - ret = val_to_int64(in, &v); - if (ret != LDB_SUCCESS) { - return ret; - } - out->data = (uint8_t *)talloc_asprintf(mem_ctx, "%lu-%lu", - (unsigned long)(v&0xFFFFFFFF), - (unsigned long)(v>>32)); - if (out->data == NULL) { - ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - out->length = strlen((char *)out->data); - return LDB_SUCCESS; -} - -/* - read a 64 bit 2-part range -*/ -static int ldif_read_range64(struct ldb_context *ldb, void *mem_ctx, - const struct ldb_val *in, struct ldb_val *out) -{ - unsigned long high, low; - char buf[64]; - - if (memchr(in->data, '-', in->length) == NULL) { - return ldb_handler_copy(ldb, mem_ctx, in, out); - } - - if (in->length > sizeof(buf)-1) { - return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; - } - strncpy(buf, (const char *)in->data, in->length); - buf[in->length] = 0; - - if (sscanf(buf, "%lu-%lu", &low, &high) != 2) { - return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; - } - - out->data = (uint8_t *)talloc_asprintf(mem_ctx, "%llu", - (unsigned long long)(((uint64_t)high)<<32) | (low)); - - if (out->data == NULL) { - ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - out->length = strlen((char *)out->data); - return LDB_SUCCESS; -} - -/* - when this operator_fn is set for a syntax, the backend calls is in - preference to the comparison function. We are told the exact - comparison operation that is needed, and we can return errors - */ -static int samba_syntax_operator_fn(struct ldb_context *ldb, enum ldb_parse_op operation, - const struct ldb_schema_attribute *a, - const struct ldb_val *v1, const struct ldb_val *v2, bool *matched) -{ - switch (operation) { - case LDB_OP_AND: - case LDB_OP_OR: - case LDB_OP_NOT: - case LDB_OP_SUBSTRING: - case LDB_OP_APPROX: - case LDB_OP_EXTENDED: - /* handled in the backends */ - return LDB_ERR_INAPPROPRIATE_MATCHING; - - case LDB_OP_GREATER: - case LDB_OP_LESS: - case LDB_OP_EQUALITY: - { - TALLOC_CTX *tmp_ctx = talloc_new(ldb); - int ret; - if (tmp_ctx == NULL) { - return ldb_oom(ldb); - } - ret = a->syntax->comparison_fn(ldb, tmp_ctx, v1, v2); - talloc_free(tmp_ctx); - if (operation == LDB_OP_GREATER) { - *matched = (ret > 0); - } else if (operation == LDB_OP_LESS) { - *matched = (ret < 0); - } else { - *matched = (ret == 0); - } - return LDB_SUCCESS; - } - - case LDB_OP_PRESENT: - *matched = true; - return LDB_SUCCESS; - } - - /* we shouldn't get here */ - return LDB_ERR_INAPPROPRIATE_MATCHING; -} - -/* - special operation for DNs, to take account of the RMD_FLAGS deleted bit - */ -static int samba_syntax_operator_dn(struct ldb_context *ldb, enum ldb_parse_op operation, - const struct ldb_schema_attribute *a, - const struct ldb_val *v1, const struct ldb_val *v2, bool *matched) -{ - if (operation == LDB_OP_PRESENT && dsdb_dn_is_deleted_val(v1)) { - /* If the DN is deleted, then we can't search for it */ - *matched = false; - return LDB_SUCCESS; - } - return samba_syntax_operator_fn(ldb, operation, a, v1, v2, matched); -} - - -static const struct ldb_schema_syntax samba_syntaxes[] = { - { - .name = LDB_SYNTAX_SAMBA_SID, - .ldif_read_fn = ldif_read_objectSid, - .ldif_write_fn = ldif_write_objectSid, - .canonicalise_fn = ldif_canonicalise_objectSid, - .comparison_fn = ldif_comparison_objectSid, - .operator_fn = samba_syntax_operator_fn - },{ - .name = LDB_SYNTAX_SAMBA_SECURITY_DESCRIPTOR, - .ldif_read_fn = ldif_read_ntSecurityDescriptor, - .ldif_write_fn = ldif_write_ntSecurityDescriptor, - .canonicalise_fn = ldb_handler_copy, - .comparison_fn = ldb_comparison_binary, - .operator_fn = samba_syntax_operator_fn - },{ - .name = LDB_SYNTAX_SAMBA_GUID, - .ldif_read_fn = ldif_read_objectGUID, - .ldif_write_fn = ldif_write_objectGUID, - .canonicalise_fn = ldif_canonicalise_objectGUID, - .comparison_fn = ldif_comparison_objectGUID, - .operator_fn = samba_syntax_operator_fn - },{ - .name = LDB_SYNTAX_SAMBA_OBJECT_CATEGORY, - .ldif_read_fn = ldb_handler_copy, - .ldif_write_fn = ldb_handler_copy, - .canonicalise_fn = ldif_canonicalise_objectCategory, - .comparison_fn = ldif_comparison_objectCategory, - .operator_fn = samba_syntax_operator_fn - },{ - .name = LDB_SYNTAX_SAMBA_SCHEMAINFO, - .ldif_read_fn = ldb_handler_copy, - .ldif_write_fn = ldif_write_schemaInfo, - .canonicalise_fn = ldb_handler_copy, - .comparison_fn = ldb_comparison_binary, - .operator_fn = samba_syntax_operator_fn - },{ - .name = LDB_SYNTAX_SAMBA_PREFIX_MAP, - .ldif_read_fn = ldif_read_prefixMap, - .ldif_write_fn = ldif_write_prefixMap, - .canonicalise_fn = ldif_canonicalise_prefixMap, - .comparison_fn = ldif_comparison_prefixMap, - .operator_fn = samba_syntax_operator_fn - },{ - .name = LDB_SYNTAX_SAMBA_INT32, - .ldif_read_fn = ldb_handler_copy, - .ldif_write_fn = ldb_handler_copy, - .canonicalise_fn = ldif_canonicalise_int32, - .comparison_fn = ldif_comparison_int32, - .operator_fn = samba_syntax_operator_fn - },{ - .name = LDB_SYNTAX_SAMBA_REPSFROMTO, - .ldif_read_fn = ldb_handler_copy, - .ldif_write_fn = ldif_write_repsFromTo, - .canonicalise_fn = ldb_handler_copy, - .comparison_fn = ldb_comparison_binary, - .operator_fn = samba_syntax_operator_fn - },{ - .name = LDB_SYNTAX_SAMBA_REPLPROPERTYMETADATA, - .ldif_read_fn = ldb_handler_copy, - .ldif_write_fn = ldif_write_replPropertyMetaData, - .canonicalise_fn = ldb_handler_copy, - .comparison_fn = ldb_comparison_binary, - .operator_fn = samba_syntax_operator_fn - },{ - .name = LDB_SYNTAX_SAMBA_REPLUPTODATEVECTOR, - .ldif_read_fn = ldb_handler_copy, - .ldif_write_fn = ldif_write_replUpToDateVector, - .canonicalise_fn = ldb_handler_copy, - .comparison_fn = ldb_comparison_binary, - .operator_fn = samba_syntax_operator_fn - },{ - .name = DSDB_SYNTAX_BINARY_DN, - .ldif_read_fn = ldb_handler_copy, - .ldif_write_fn = ldb_handler_copy, - .canonicalise_fn = dsdb_dn_binary_canonicalise, - .comparison_fn = dsdb_dn_binary_comparison, - .operator_fn = samba_syntax_operator_fn - },{ - .name = DSDB_SYNTAX_STRING_DN, - .ldif_read_fn = ldb_handler_copy, - .ldif_write_fn = ldb_handler_copy, - .canonicalise_fn = dsdb_dn_string_canonicalise, - .comparison_fn = dsdb_dn_string_comparison, - .operator_fn = samba_syntax_operator_fn - },{ - .name = LDB_SYNTAX_DN, - .ldif_read_fn = ldb_handler_copy, - .ldif_write_fn = ldb_handler_copy, - .canonicalise_fn = samba_ldb_dn_link_canonicalise, - .comparison_fn = samba_ldb_dn_link_comparison, - .operator_fn = samba_syntax_operator_dn - },{ - .name = LDB_SYNTAX_SAMBA_RANGE64, - .ldif_read_fn = ldif_read_range64, - .ldif_write_fn = ldif_write_range64, - .canonicalise_fn = ldif_canonicalise_int64, - .comparison_fn = ldif_comparison_int64, - .operator_fn = samba_syntax_operator_fn - },{ - .name = LDB_SYNTAX_SAMBA_DNSRECORD, - .ldif_read_fn = ldb_handler_copy, - .ldif_write_fn = ldif_write_dnsRecord, - .canonicalise_fn = ldb_handler_copy, - .comparison_fn = ldb_comparison_binary, - .operator_fn = samba_syntax_operator_fn - },{ - .name = LDB_SYNTAX_SAMBA_SUPPLEMENTALCREDENTIALS, - .ldif_read_fn = ldb_handler_copy, - .ldif_write_fn = ldif_write_supplementalCredentialsBlob, - .canonicalise_fn = ldb_handler_copy, - .comparison_fn = ldb_comparison_binary, - .operator_fn = samba_syntax_operator_fn - } -}; - -static const struct ldb_dn_extended_syntax samba_dn_syntax[] = { - { - .name = "SID", - .read_fn = extended_dn_read_SID, - .write_clear_fn = ldif_write_objectSid, - .write_hex_fn = extended_dn_write_hex - },{ - .name = "GUID", - .read_fn = extended_dn_read_GUID, - .write_clear_fn = ldif_write_objectGUID, - .write_hex_fn = extended_dn_write_hex - },{ - .name = "WKGUID", - .read_fn = ldb_handler_copy, - .write_clear_fn = ldb_handler_copy, - .write_hex_fn = ldb_handler_copy - },{ - .name = "RMD_INVOCID", - .read_fn = extended_dn_read_GUID, - .write_clear_fn = ldif_write_objectGUID, - .write_hex_fn = extended_dn_write_hex - },{ - .name = "RMD_FLAGS", - .read_fn = ldb_handler_copy, - .write_clear_fn = ldb_handler_copy, - .write_hex_fn = ldb_handler_copy - },{ - .name = "RMD_ADDTIME", - .read_fn = ldb_handler_copy, - .write_clear_fn = ldb_handler_copy, - .write_hex_fn = ldb_handler_copy - },{ - .name = "RMD_CHANGETIME", - .read_fn = ldb_handler_copy, - .write_clear_fn = ldb_handler_copy, - .write_hex_fn = ldb_handler_copy - },{ - .name = "RMD_LOCAL_USN", - .read_fn = ldb_handler_copy, - .write_clear_fn = ldb_handler_copy, - .write_hex_fn = ldb_handler_copy - },{ - .name = "RMD_ORIGINATING_USN", - .read_fn = ldb_handler_copy, - .write_clear_fn = ldb_handler_copy, - .write_hex_fn = ldb_handler_copy - },{ - .name = "RMD_VERSION", - .read_fn = ldb_handler_copy, - .write_clear_fn = ldb_handler_copy, - .write_hex_fn = ldb_handler_copy - } -}; - -/* TODO: Should be dynamic at some point */ -static const struct { - const char *name; - const char *syntax; -} samba_attributes[] = { - { "objectSid", LDB_SYNTAX_SAMBA_SID }, - { "securityIdentifier", LDB_SYNTAX_SAMBA_SID }, - { "tokenGroups", LDB_SYNTAX_SAMBA_SID }, - { "ntSecurityDescriptor", LDB_SYNTAX_SAMBA_SECURITY_DESCRIPTOR }, - { "oMSyntax", LDB_SYNTAX_SAMBA_INT32 }, - { "objectCategory", LDB_SYNTAX_SAMBA_OBJECT_CATEGORY }, - { "schemaInfo", LDB_SYNTAX_SAMBA_SCHEMAINFO }, - { "prefixMap", LDB_SYNTAX_SAMBA_PREFIX_MAP }, - { "repsFrom", LDB_SYNTAX_SAMBA_REPSFROMTO }, - { "repsTo", LDB_SYNTAX_SAMBA_REPSFROMTO }, - { "replPropertyMetaData", LDB_SYNTAX_SAMBA_REPLPROPERTYMETADATA }, - { "replUpToDateVector", LDB_SYNTAX_SAMBA_REPLUPTODATEVECTOR }, - { "rIDAllocationPool", LDB_SYNTAX_SAMBA_RANGE64 }, - { "rIDPreviousAllocationPool", LDB_SYNTAX_SAMBA_RANGE64 }, - { "rIDAvailablePool", LDB_SYNTAX_SAMBA_RANGE64 }, - - /* - * these are extracted by searching - * (&(attributeSyntax=2.5.5.10)(rangeLower=16)(rangeUpper=16)(omSyntax=4)) - */ - { "attributeSecurityGUID", LDB_SYNTAX_SAMBA_GUID }, - { "categoryId", LDB_SYNTAX_SAMBA_GUID }, - { "controlAccessRights", LDB_SYNTAX_SAMBA_GUID }, - { "currMachineId", LDB_SYNTAX_SAMBA_GUID }, - { "fRSReplicaSetGUID", LDB_SYNTAX_SAMBA_GUID }, - { "fRSVersionGUID", LDB_SYNTAX_SAMBA_GUID }, - { "implementedCategories", LDB_SYNTAX_SAMBA_GUID }, - { "msDS-AzObjectGuid", LDB_SYNTAX_SAMBA_GUID }, - { "msDFSR-ContentSetGuid", LDB_SYNTAX_SAMBA_GUID }, - { "msDFSR-ReplicationGroupGuid", LDB_SYNTAX_SAMBA_GUID }, - { "mSMQDigests", LDB_SYNTAX_SAMBA_GUID }, - { "mSMQOwnerID", LDB_SYNTAX_SAMBA_GUID }, - { "mSMQQMID", LDB_SYNTAX_SAMBA_GUID }, - { "mSMQQueueType", LDB_SYNTAX_SAMBA_GUID }, - { "mSMQSites", LDB_SYNTAX_SAMBA_GUID }, - { "netbootGUID", LDB_SYNTAX_SAMBA_GUID }, - { "objectGUID", LDB_SYNTAX_SAMBA_GUID }, - { "pKTGuid", LDB_SYNTAX_SAMBA_GUID }, - { "requiredCategories", LDB_SYNTAX_SAMBA_GUID }, - { "schemaIDGUID", LDB_SYNTAX_SAMBA_GUID }, - { "siteGUID", LDB_SYNTAX_SAMBA_GUID }, - { "msDFS-GenerationGUIDv2", LDB_SYNTAX_SAMBA_GUID }, - { "msDFS-LinkIdentityGUIDv2", LDB_SYNTAX_SAMBA_GUID }, - { "msDFS-NamespaceIdentityGUIDv2", LDB_SYNTAX_SAMBA_GUID }, - - /* - * these are known to be GUIDs - */ - { "invocationId", LDB_SYNTAX_SAMBA_GUID }, - { "parentGUID", LDB_SYNTAX_SAMBA_GUID }, - { "msDS-OptionalFeatureGUID", LDB_SYNTAX_SAMBA_GUID }, - - /* These NDR encoded things we want to be able to read with --show-binary */ - { "dnsRecord", LDB_SYNTAX_SAMBA_DNSRECORD }, - { "supplementalCredentials", LDB_SYNTAX_SAMBA_SUPPLEMENTALCREDENTIALS} -}; - -const struct ldb_schema_syntax *ldb_samba_syntax_by_name(struct ldb_context *ldb, const char *name) -{ - unsigned int j; - const struct ldb_schema_syntax *s = NULL; - - for (j=0; j < ARRAY_SIZE(samba_syntaxes); j++) { - if (strcmp(name, samba_syntaxes[j].name) == 0) { - s = &samba_syntaxes[j]; - break; - } - } - return s; -} - -const struct ldb_schema_syntax *ldb_samba_syntax_by_lDAPDisplayName(struct ldb_context *ldb, const char *name) -{ - unsigned int j; - const struct ldb_schema_syntax *s = NULL; - - for (j=0; j < ARRAY_SIZE(samba_attributes); j++) { - if (strcmp(samba_attributes[j].name, name) == 0) { - s = ldb_samba_syntax_by_name(ldb, samba_attributes[j].syntax); - break; - } - } - - return s; -} - -/* - register the samba ldif handlers -*/ -int ldb_register_samba_handlers(struct ldb_context *ldb) -{ - unsigned int i; - int ret; - - if (ldb_get_opaque(ldb, "SAMBA_HANDLERS_REGISTERED") != NULL) { - return LDB_SUCCESS; - } - - for (i=0; i < ARRAY_SIZE(samba_attributes); i++) { - const struct ldb_schema_syntax *s = NULL; - - s = ldb_samba_syntax_by_name(ldb, samba_attributes[i].syntax); - - if (!s) { - s = ldb_standard_syntax_by_name(ldb, samba_attributes[i].syntax); - } - - if (!s) { - return LDB_ERR_OPERATIONS_ERROR; - } - - ret = ldb_schema_attribute_add_with_syntax(ldb, samba_attributes[i].name, LDB_ATTR_FLAG_FIXED, s); - if (ret != LDB_SUCCESS) { - return ret; - } - } - - for (i=0; i < ARRAY_SIZE(samba_dn_syntax); i++) { - ret = ldb_dn_extended_add_syntax(ldb, LDB_ATTR_FLAG_FIXED, &samba_dn_syntax[i]); - if (ret != LDB_SUCCESS) { - return ret; - } - - } - - ret = ldb_set_opaque(ldb, "SAMBA_HANDLERS_REGISTERED", (void*)1); - if (ret != LDB_SUCCESS) { - return ret; - } - - return LDB_SUCCESS; -} diff --git a/source4/lib/ldb-samba/ldif_handlers.h b/source4/lib/ldb-samba/ldif_handlers.h deleted file mode 100644 index 62903c4a96..0000000000 --- a/source4/lib/ldb-samba/ldif_handlers.h +++ /dev/null @@ -1,23 +0,0 @@ -#ifndef __LIB_LDB_SAMBA_LDIF_HANDLERS_H__ -#define __LIB_LDB_SAMBA_LDIF_HANDLERS_H__ - -#define LDB_SYNTAX_SAMBA_SID "LDB_SYNTAX_SAMBA_SID" -#define LDB_SYNTAX_SAMBA_SECURITY_DESCRIPTOR "1.2.840.113556.1.4.907" -#define LDB_SYNTAX_SAMBA_GUID "LDB_SYNTAX_SAMBA_GUID" -#define LDB_SYNTAX_SAMBA_OBJECT_CATEGORY "LDB_SYNTAX_SAMBA_OBJECT_CATEGORY" -#define LDB_SYNTAX_SAMBA_SCHEMAINFO "LDB_SYNTAX_SAMBA_SCHEMAINFO" -#define LDB_SYNTAX_SAMBA_PREFIX_MAP "LDB_SYNTAX_SAMBA_PREFIX_MAP" -#define LDB_SYNTAX_SAMBA_INT32 "LDB_SYNTAX_SAMBA_INT32" -#define LDB_SYNTAX_SAMBA_REPSFROMTO "LDB_SYNTAX_SAMBA_REPSFROMTO" -#define LDB_SYNTAX_SAMBA_REPLPROPERTYMETADATA "LDB_SYNTAX_SAMBA_REPLPROPERTYMETADATA" -#define LDB_SYNTAX_SAMBA_REPLUPTODATEVECTOR "LDB_SYNTAX_SAMBA_REPLUPTODATEVECTOR" -#define LDB_SYNTAX_SAMBA_RANGE64 "LDB_SYNTAX_SAMBA_RANGE64" -#define LDB_SYNTAX_SAMBA_DNSRECORD "LDB_SYNTAX_SAMBA_DNSRECORD" -#define LDB_SYNTAX_SAMBA_SUPPLEMENTALCREDENTIALS "LDB_SYNTAX_SAMBA_SUPPLEMENTALCREDENTIALS" -#include "lib/ldb-samba/ldif_handlers_proto.h" - -#undef _PRINTF_ATTRIBUTE -#define _PRINTF_ATTRIBUTE(a1, a2) - -#endif /* __LIB_LDB_SAMBA_LDIF_HANDLERS_H__ */ - diff --git a/source4/lib/ldb-samba/pyldb.c b/source4/lib/ldb-samba/pyldb.c deleted file mode 100644 index ff48a3bb04..0000000000 --- a/source4/lib/ldb-samba/pyldb.c +++ /dev/null @@ -1,270 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Python interface to ldb, Samba-specific functions - - Copyright (C) 2007-2010 Jelmer Vernooij <jelmer@samba.org> - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 3 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with this library; if not, see <http://www.gnu.org/licenses/>. -*/ - -#include <Python.h> -#include "includes.h" -#include <ldb.h> -#include <pyldb.h> -#include "param/pyparam.h" -#include "auth/credentials/pycredentials.h" -#include "ldb_wrap.h" -#include "lib/ldb-samba/ldif_handlers.h" -#include "auth/pyauth.h" - -void init_ldb(void); - -static PyObject *pyldb_module; -static PyObject *py_ldb_error; -staticforward PyTypeObject PySambaLdb; - -static void PyErr_SetLdbError(PyObject *error, int ret, struct ldb_context *ldb_ctx) -{ - if (ret == LDB_ERR_PYTHON_EXCEPTION) - return; /* Python exception should already be set, just keep that */ - - PyErr_SetObject(error, - Py_BuildValue(discard_const_p(char, "(i,s)"), ret, - ldb_ctx == NULL?ldb_strerror(ret):ldb_errstring(ldb_ctx))); -} - -static PyObject *py_ldb_set_loadparm(PyObject *self, PyObject *args) -{ - PyObject *py_lp_ctx; - struct loadparm_context *lp_ctx; - struct ldb_context *ldb; - - if (!PyArg_ParseTuple(args, "O", &py_lp_ctx)) - return NULL; - - ldb = PyLdb_AsLdbContext(self); - - lp_ctx = lpcfg_from_py_object(ldb, py_lp_ctx); - if (lp_ctx == NULL) { - PyErr_SetString(PyExc_TypeError, "Expected loadparm object"); - return NULL; - } - - ldb_set_opaque(ldb, "loadparm", lp_ctx); - - Py_RETURN_NONE; -} - -static PyObject *py_ldb_set_credentials(PyObject *self, PyObject *args) -{ - PyObject *py_creds; - struct cli_credentials *creds; - struct ldb_context *ldb; - - if (!PyArg_ParseTuple(args, "O", &py_creds)) - return NULL; - - creds = cli_credentials_from_py_object(py_creds); - if (creds == NULL) { - PyErr_SetString(PyExc_TypeError, "Expected credentials object"); - return NULL; - } - - ldb = PyLdb_AsLdbContext(self); - - ldb_set_opaque(ldb, "credentials", creds); - - Py_RETURN_NONE; -} - -/* XXX: This function really should be in libldb's pyldb.c */ -static PyObject *py_ldb_set_opaque_integer(PyObject *self, PyObject *args) -{ - int value; - int *old_val, *new_val; - char *py_opaque_name, *opaque_name_talloc; - struct ldb_context *ldb; - int ret; - TALLOC_CTX *tmp_ctx; - - if (!PyArg_ParseTuple(args, "si", &py_opaque_name, &value)) - return NULL; - - ldb = PyLdb_AsLdbContext(self); - - /* see if we have a cached copy */ - old_val = (int *)ldb_get_opaque(ldb, py_opaque_name); - /* XXX: We shouldn't just blindly assume that the value that is - * already present has the size of an int and is not shared - * with other code that may rely on it not changing. - * JRV 20100403 */ - - if (old_val) { - *old_val = value; - Py_RETURN_NONE; - } - - tmp_ctx = talloc_new(ldb); - if (tmp_ctx == NULL) { - PyErr_NoMemory(); - return NULL; - } - - new_val = talloc(tmp_ctx, int); - if (new_val == NULL) { - talloc_free(tmp_ctx); - PyErr_NoMemory(); - return NULL; - } - - opaque_name_talloc = talloc_strdup(tmp_ctx, py_opaque_name); - if (opaque_name_talloc == NULL) { - talloc_free(tmp_ctx); - PyErr_NoMemory(); - return NULL; - } - - *new_val = value; - - /* cache the domain_sid in the ldb */ - ret = ldb_set_opaque(ldb, opaque_name_talloc, new_val); - - if (ret != LDB_SUCCESS) { - talloc_free(tmp_ctx); - PyErr_SetLdbError(py_ldb_error, ret, ldb); - return NULL; - } - - talloc_steal(ldb, new_val); - talloc_steal(ldb, opaque_name_talloc); - talloc_free(tmp_ctx); - - Py_RETURN_NONE; -} - -static PyObject *py_ldb_set_utf8_casefold(PyObject *self) -{ - struct ldb_context *ldb; - - ldb = PyLdb_AsLdbContext(self); - - ldb_set_utf8_fns(ldb, NULL, wrap_casefold); - - Py_RETURN_NONE; -} - -static PyObject *py_ldb_set_session_info(PyObject *self, PyObject *args) -{ - PyObject *py_session_info; - struct auth_session_info *info; - struct ldb_context *ldb; - PyObject *mod_samba_auth; - PyObject *PyAuthSession_Type; - bool ret; - - mod_samba_auth = PyImport_ImportModule("samba.dcerpc.auth"); - if (mod_samba_auth == NULL) - return NULL; - - PyAuthSession_Type = PyObject_GetAttrString(mod_samba_auth, "session_info"); - if (PyAuthSession_Type == NULL) - return NULL; - - ret = PyArg_ParseTuple(args, "O!", PyAuthSession_Type, &py_session_info); - - Py_DECREF(PyAuthSession_Type); - Py_DECREF(mod_samba_auth); - - if (!ret) - return NULL; - - ldb = PyLdb_AsLdbContext(self); - - info = PyAuthSession_AsSession(py_session_info); - - ldb_set_opaque(ldb, "sessionInfo", info); - - Py_RETURN_NONE; -} - -static PyObject *py_ldb_register_samba_handlers(PyObject *self) -{ - struct ldb_context *ldb; - int ret; - - /* XXX: Perhaps call this from PySambaLdb's init function ? */ - - ldb = PyLdb_AsLdbContext(self); - ret = ldb_register_samba_handlers(ldb); - - PyErr_LDB_ERROR_IS_ERR_RAISE(py_ldb_error, ret, ldb); - - Py_RETURN_NONE; -} - -static PyMethodDef py_samba_ldb_methods[] = { - { "set_loadparm", (PyCFunction)py_ldb_set_loadparm, METH_VARARGS, - "ldb_set_loadparm(session_info)\n" - "Set loadparm context to use when connecting." }, - { "set_credentials", (PyCFunction)py_ldb_set_credentials, METH_VARARGS, - "ldb_set_credentials(credentials)\n" - "Set credentials to use when connecting." }, - { "set_opaque_integer", (PyCFunction)py_ldb_set_opaque_integer, - METH_VARARGS, NULL }, - { "set_utf8_casefold", (PyCFunction)py_ldb_set_utf8_casefold, - METH_NOARGS, - "ldb_set_utf8_casefold()\n" - "Set the right Samba casefolding function for UTF8 charset." }, - { "register_samba_handlers", (PyCFunction)py_ldb_register_samba_handlers, - METH_NOARGS, - "register_samba_handlers()\n" - "Register Samba-specific LDB modules and schemas." }, - { "set_session_info", (PyCFunction)py_ldb_set_session_info, METH_VARARGS, - "set_session_info(session_info)\n" - "Set session info to use when connecting." }, - { NULL }, -}; - -static PyTypeObject PySambaLdb = { - .tp_name = "samba._ldb.Ldb", - .tp_doc = "Connection to a LDB database.", - .tp_methods = py_samba_ldb_methods, - .tp_flags = Py_TPFLAGS_DEFAULT|Py_TPFLAGS_BASETYPE, -}; - -void init_ldb(void) -{ - PyObject *m; - - pyldb_module = PyImport_ImportModule("ldb"); - if (pyldb_module == NULL) - return; - - PySambaLdb.tp_base = (PyTypeObject *)PyObject_GetAttrString(pyldb_module, "Ldb"); - if (PySambaLdb.tp_base == NULL) - return; - - py_ldb_error = PyObject_GetAttrString(pyldb_module, "LdbError"); - - if (PyType_Ready(&PySambaLdb) < 0) - return; - - m = Py_InitModule3("_ldb", NULL, "Samba-specific LDB python bindings"); - if (m == NULL) - return; - - Py_INCREF(&PySambaLdb); - PyModule_AddObject(m, "Ldb", (PyObject *)&PySambaLdb); -} diff --git a/source4/lib/ldb-samba/samba_extensions.c b/source4/lib/ldb-samba/samba_extensions.c deleted file mode 100644 index be9f36a5a7..0000000000 --- a/source4/lib/ldb-samba/samba_extensions.c +++ /dev/null @@ -1,119 +0,0 @@ -/* - ldb database library - samba extensions - - Copyright (C) Andrew Tridgell 2010 - - ** NOTE! The following LGPL license applies to the ldb - ** library. This does NOT imply that all of Samba is released - ** under the LGPL - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 3 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with this library; if not, see <http://www.gnu.org/licenses/>. -*/ - - -#include "includes.h" -#include "ldb_module.h" -#include "lib/cmdline/popt_common.h" -#include "auth/gensec/gensec.h" -#include "auth/auth.h" -#include "param/param.h" -#include "dsdb/samdb/samdb.h" -#include "ldb_wrap.h" -#include "popt.h" - - - -/* - work out the length of a popt array - */ -static unsigned calculate_popt_array_length(struct poptOption *opts) -{ - unsigned i; - struct poptOption zero_opt = { NULL }; - for (i=0; memcmp(&zero_opt, &opts[i], sizeof(zero_opt)) != 0; i++) ; - return i; -} - -static struct poptOption cmdline_extensions[] = { - POPT_COMMON_SAMBA - POPT_COMMON_CREDENTIALS - POPT_COMMON_CONNECTION - POPT_COMMON_VERSION - { NULL } -}; - -/* - called to register additional command line options - */ -static int extensions_hook(struct ldb_context *ldb, enum ldb_module_hook_type t) -{ - switch (t) { - case LDB_MODULE_HOOK_CMDLINE_OPTIONS: { - unsigned len1, len2; - struct poptOption **popt_options = ldb_module_popt_options(ldb); - struct poptOption *new_array; - - len1 = calculate_popt_array_length(*popt_options); - len2 = calculate_popt_array_length(cmdline_extensions); - new_array = talloc_array(NULL, struct poptOption, len1+len2+1); - if (NULL == new_array) { - return ldb_oom(ldb); - } - - memcpy(new_array, *popt_options, len1*sizeof(struct poptOption)); - memcpy(new_array+len1, cmdline_extensions, (1+len2)*sizeof(struct poptOption)); - (*popt_options) = new_array; - return LDB_SUCCESS; - } - - case LDB_MODULE_HOOK_CMDLINE_PRECONNECT: { - int r = ldb_register_samba_handlers(ldb); - if (r != LDB_SUCCESS) { - return ldb_operr(ldb); - } - gensec_init(); - - if (ldb_set_opaque(ldb, "sessionInfo", system_session(cmdline_lp_ctx))) { - return ldb_operr(ldb); - } - if (ldb_set_opaque(ldb, "credentials", cmdline_credentials)) { - return ldb_operr(ldb); - } - if (ldb_set_opaque(ldb, "loadparm", cmdline_lp_ctx)) { - return ldb_operr(ldb); - } - - ldb_set_utf8_fns(ldb, NULL, wrap_casefold); - break; - } - - case LDB_MODULE_HOOK_CMDLINE_POSTCONNECT: - /* get the domain SID into the cache for SDDL processing */ - samdb_domain_sid(ldb); - break; - } - - return LDB_SUCCESS; -} - - -/* - initialise the module - */ -_PUBLIC_ int ldb_samba_extensions_init(const char *ldb_version) -{ - ldb_register_hook(extensions_hook); - - return LDB_SUCCESS; -} diff --git a/source4/lib/ldb-samba/wscript_build b/source4/lib/ldb-samba/wscript_build deleted file mode 100644 index 2e1cacba64..0000000000 --- a/source4/lib/ldb-samba/wscript_build +++ /dev/null @@ -1,42 +0,0 @@ -#!/usr/bin/env python - -# LDBSAMBA gets included in the ldb build when we are building ldb_ildap -# as a built-in module and this delutes the symbols in the ldb library with -# the symbols of all of ldb_ildap's dependencies. - -bld.SAMBA_LIBRARY('ldbsamba', - source='ldif_handlers.c', - autoproto='ldif_handlers_proto.h', - public_deps='ldb', - deps='security ndr NDR_DRSBLOBS NDR_DNSP ldbwrap samdb-common SAMDB_SCHEMA tdb_compat pyldb-util errors', - private_library=True - ) - -bld.SAMBA_SUBSYSTEM('ldbwrap', - source='ldb_wrap.c', - public_headers='ldb_wrap.h', - deps='ldb samba-util ldbsamba samba-hostconfig' - ) - - -bld.SAMBA_PYTHON('python_samba__ldb', 'pyldb.c', - deps='ldbsamba pyparam_util ldbwrap', - realname='samba/_ldb.so') - -bld.SAMBA_MODULE('ldbsamba_extensions', - source='samba_extensions.c', - init_function='ldb_samba_extensions_init', - module_init_name='ldb_init_module', - subsystem='ldb', - deps='ldb ldbsamba POPT_SAMBA POPT_CREDENTIALS cmdline-credentials gensec', - internal_module=False) - - -# the s4-internal ldap backend -bld.SAMBA_MODULE('ldb_ildap', - source='ldb_ildap.c', - init_function='ldb_ildap_init', - module_init_name='ldb_init_module', - deps='talloc cli-ldap credentials auth_system_session', - internal_module=False, - subsystem='ldb') |