From 390ac7d3063fdc64d64ecb498eb0c9b4626e2eb8 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 5 Nov 2009 16:57:20 +1100 Subject: s4:dsdb Add new dsdb_dn to handle DN+Binary and DN+String This aims to replace (and is based on) the code in ldb_dn.c. It is however much stricter in the DNs it will accept. Andrew Bartlett --- source4/dsdb/common/dsdb_dn.c | 324 ++++++++++++++++++++++++++++++++++++++++++ source4/dsdb/common/dsdb_dn.h | 16 +++ source4/dsdb/config.mk | 3 +- source4/dsdb/samdb/samdb.h | 1 + 4 files changed, 343 insertions(+), 1 deletion(-) create mode 100644 source4/dsdb/common/dsdb_dn.c create mode 100644 source4/dsdb/common/dsdb_dn.h (limited to 'source4/dsdb') diff --git a/source4/dsdb/common/dsdb_dn.c b/source4/dsdb/common/dsdb_dn.c new file mode 100644 index 0000000000..3605a6a056 --- /dev/null +++ b/source4/dsdb/common/dsdb_dn.c @@ -0,0 +1,324 @@ +/* + Unix SMB/CIFS implementation. + Samba utility functions + + Copyright (C) Andrew Tridgell 2009 + Copyright (C) Andrew Bartlett 2009 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include "includes.h" +#include "dsdb/samdb/samdb.h" +#include "lib/ldb/include/ldb_module.h" + +enum dsdb_dn_format dsdb_dn_oid_to_format(const char *oid) +{ + if (strcmp(oid, LDB_SYNTAX_DN) == 0) { + return DSDB_NORMAL_DN; + } else if (strcmp(oid, DSDB_SYNTAX_BINARY_DN) == 0) { + return DSDB_BINARY_DN; + } else if (strcmp(oid, DSDB_SYNTAX_STRING_DN) == 0) { + return DSDB_STRING_DN; + } else { + return DSDB_INVALID_DN; + } +} + +static struct dsdb_dn *dsdb_dn_construct_internal(TALLOC_CTX *mem_ctx, + struct ldb_dn *dn, + DATA_BLOB extra_part, + enum dsdb_dn_format dn_format, + const char *oid) +{ + struct dsdb_dn *dsdb_dn = talloc(mem_ctx, struct dsdb_dn); + if (!dsdb_dn) { + return NULL; + } + dsdb_dn->dn = talloc_steal(dsdb_dn, dn); + dsdb_dn->extra_part = extra_part; + dsdb_dn->dn_format = dn_format; + /* Look to see if this attributeSyntax is a DN */ + if (dsdb_dn->dn_format == DSDB_INVALID_DN) { + talloc_free(dsdb_dn); + return NULL; + } + + dsdb_dn->oid = oid; + talloc_steal(dsdb_dn, extra_part.data); + return dsdb_dn; +} + +struct dsdb_dn *dsdb_dn_construct(TALLOC_CTX *mem_ctx, struct ldb_dn *dn, DATA_BLOB extra_part, + const char *oid) +{ + return dsdb_dn_construct_internal(mem_ctx, dn, extra_part, dsdb_dn_oid_to_format(oid), oid); +} + +struct dsdb_dn *dsdb_dn_parse(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, + const struct ldb_val *dn_blob, const char *dn_oid) +{ + struct dsdb_dn *dsdb_dn; + struct ldb_dn *dn; + const char *data; + size_t len; + TALLOC_CTX *tmp_ctx; + char *p1; + char *p2; + uint32_t blen; + struct ldb_val bval; + struct ldb_val dval; + char *dn_str; + + enum dsdb_dn_format dn_format = dsdb_dn_oid_to_format(dn_oid); + switch (dn_format) { + case DSDB_INVALID_DN: + return NULL; + case DSDB_NORMAL_DN: + { + dn = ldb_dn_from_ldb_val(mem_ctx, ldb, dn_blob); + if (!dn || !ldb_dn_validate(dn)) { + talloc_free(dn); + return NULL; + } + return dsdb_dn_construct_internal(mem_ctx, dn, data_blob_null, dn_format, dn_oid); + } + case DSDB_BINARY_DN: + if (dn_blob->length < 2 || dn_blob->data[0] != 'B' || dn_blob->data[1] != ':') { + return NULL; + } + break; + case DSDB_STRING_DN: + if (dn_blob->length < 2 || dn_blob->data[0] != 'S' || dn_blob->data[1] != ':') { + return NULL; + } + break; + default: + return NULL; + } + + if (dn_blob && dn_blob->data + && (strlen((const char*)dn_blob->data) != dn_blob->length)) { + /* The RDN must not contain a character with value 0x0 */ + return NULL; + } + + if (!dn_blob->data || dn_blob->length == 0) { + return NULL; + } + + tmp_ctx = talloc_new(mem_ctx); + if (tmp_ctx == NULL) { + return NULL; + } + + data = (const char *)dn_blob->data; + + len = dn_blob->length - 2; + p1 = talloc_strndup(tmp_ctx, (const char *)dn_blob->data + 2, len); + if (!p1) { + goto failed; + } + + errno = 0; + blen = strtoul(p1, &p2, 10); + if (errno != 0) { + DEBUG(10, (__location__ ": failed\n")); + goto failed; + } + if (p2 == NULL) { + DEBUG(10, (__location__ ": failed\n")); + goto failed; + } + if (p2[0] != ':') { + DEBUG(10, (__location__ ": failed\n")); + goto failed; + } + len -= PTR_DIFF(p2,p1);//??? + p1 = p2+1; + len--; + + if ((blen % 2 != 0)) { + DEBUG(10, (__location__ ": blen=%u - not an even number\n", (unsigned)blen)); + goto failed; + } + + if (blen >= len) { + DEBUG(10, (__location__ ": blen=%u len=%u\n", (unsigned)blen, (unsigned)len)); + goto failed; + } + + p2 = p1 + blen; + if (p2[0] != ':') { + DEBUG(10, (__location__ ": %s", p2)); + goto failed; + } + dn_str = p2+1; + + + switch (dn_format) { + case DSDB_BINARY_DN: + if (blen >= 2) { + bval.length = (blen/2)+1; + bval.data = talloc_size(tmp_ctx, bval.length); + if (bval.data == NULL) { + DEBUG(10, (__location__ ": err\n")); + goto failed; + } + bval.data[bval.length-1] = 0; + + bval.length = strhex_to_str((char *)bval.data, bval.length, + p1, blen); + if (bval.length != (blen / 2)) { + DEBUG(10, (__location__ ": non hexidecimal characters found in binary prefix\n")); + goto failed; + } + } else { + bval = data_blob_null; + } + + break; + case DSDB_STRING_DN: + bval = data_blob(p1, blen); + break; + default: + /* never reached */ + return NULL; + } + + + dval.data = (uint8_t *)dn_str; + dval.length = strlen(dn_str); + + dn = ldb_dn_from_ldb_val(tmp_ctx, ldb, &dval); + if (!dn || !ldb_dn_validate(dn)) { + DEBUG(10, (__location__ ": err\n")); + goto failed; + } + + dsdb_dn = dsdb_dn_construct(mem_ctx, dn, bval, dn_oid); + + return dsdb_dn; + +failed: + talloc_free(tmp_ctx); + return NULL; +} + + +static char *dsdb_dn_get_with_postfix(TALLOC_CTX *mem_ctx, + struct dsdb_dn *dsdb_dn, + const char *postfix) +{ + if (!postfix) { + return NULL; + } + + switch (dsdb_dn->dn_format) { + case DSDB_NORMAL_DN: + { + return talloc_strdup(mem_ctx, postfix); + } + case DSDB_BINARY_DN: + { + char *hexstr = data_blob_hex_string_upper(mem_ctx, &dsdb_dn->extra_part); + + char *p = talloc_asprintf(mem_ctx, "B:%u:%s:%s", (unsigned)(dsdb_dn->extra_part.length*2), hexstr, + postfix); + talloc_free(hexstr); + return p; + } + case DSDB_STRING_DN: + { + return talloc_asprintf(mem_ctx, "S:%u:%*.*s:%s", + (unsigned)(dsdb_dn->extra_part.length), + (int)(dsdb_dn->extra_part.length), + (int)(dsdb_dn->extra_part.length), + (const char *)dsdb_dn->extra_part.data, + postfix); + } + default: + return NULL; + } +} + +char *dsdb_dn_get_linearized(TALLOC_CTX *mem_ctx, + struct dsdb_dn *dsdb_dn) +{ + const char *postfix = ldb_dn_get_linearized(dsdb_dn->dn); + return dsdb_dn_get_with_postfix(mem_ctx, dsdb_dn, postfix); +} + +char *dsdb_dn_get_casefold(TALLOC_CTX *mem_ctx, + struct dsdb_dn *dsdb_dn) +{ + const char *postfix = ldb_dn_get_casefold(dsdb_dn->dn); + return dsdb_dn_get_with_postfix(mem_ctx, dsdb_dn, postfix); +} + +char *dsdb_dn_get_extended_linearized(TALLOC_CTX *mem_ctx, + struct dsdb_dn *dsdb_dn, + int mode) +{ + char *postfix = ldb_dn_get_extended_linearized(mem_ctx, dsdb_dn->dn, mode); + char *ret = dsdb_dn_get_with_postfix(mem_ctx, dsdb_dn, postfix); + talloc_free(postfix); + return ret; +} + +int dsdb_dn_binary_canonicalise(struct ldb_context *ldb, void *mem_ctx, + const struct ldb_val *in, struct ldb_val *out) +{ + struct dsdb_dn *dsdb_dn = dsdb_dn_parse(mem_ctx, ldb, in, DSDB_SYNTAX_BINARY_DN); + + if (!dsdb_dn) { + return -1; + } + *out = data_blob_string_const(dsdb_dn_get_casefold(mem_ctx, dsdb_dn)); + talloc_free(dsdb_dn); + if (!out->data) { + return -1; + } + return 0; +} + +int dsdb_dn_binary_comparison(struct ldb_context *ldb, void *mem_ctx, + const struct ldb_val *v1, + const struct ldb_val *v2) +{ + return ldb_any_comparison(ldb, mem_ctx, dsdb_dn_binary_canonicalise, v1, v2); +} + +int dsdb_dn_string_canonicalise(struct ldb_context *ldb, void *mem_ctx, + const struct ldb_val *in, struct ldb_val *out) +{ + struct dsdb_dn *dsdb_dn = dsdb_dn_parse(mem_ctx, ldb, in, DSDB_SYNTAX_STRING_DN); + + if (!dsdb_dn) { + return -1; + } + *out = data_blob_string_const(dsdb_dn_get_casefold(mem_ctx, dsdb_dn)); + talloc_free(dsdb_dn); + if (!out->data) { + return -1; + } + return 0; +} + +int dsdb_dn_string_comparison(struct ldb_context *ldb, void *mem_ctx, + const struct ldb_val *v1, + const struct ldb_val *v2) +{ + return ldb_any_comparison(ldb, mem_ctx, dsdb_dn_string_canonicalise, v1, v2); +} diff --git a/source4/dsdb/common/dsdb_dn.h b/source4/dsdb/common/dsdb_dn.h new file mode 100644 index 0000000000..55b5c0bd40 --- /dev/null +++ b/source4/dsdb/common/dsdb_dn.h @@ -0,0 +1,16 @@ +enum dsdb_dn_format { + DSDB_NORMAL_DN, + DSDB_BINARY_DN, + DSDB_STRING_DN, + DSDB_INVALID_DN +}; + +struct dsdb_dn { + struct ldb_dn *dn; + DATA_BLOB extra_part; + enum dsdb_dn_format dn_format; + const char *oid; +}; + +#define DSDB_SYNTAX_BINARY_DN "1.2.840.113556.1.4.903" +#define DSDB_SYNTAX_STRING_DN "1.2.840.113556.1.4.904" diff --git a/source4/dsdb/config.mk b/source4/dsdb/config.mk index 59daa745e9..ac4096d526 100644 --- a/source4/dsdb/config.mk +++ b/source4/dsdb/config.mk @@ -25,7 +25,8 @@ $(eval $(call proto_header_template,$(dsdbsrcdir)/samdb/samdb_proto.h,$(SAMDB_OB PRIVATE_DEPENDENCIES = LIBLDB SAMDB_COMMON_OBJ_FILES = $(addprefix $(dsdbsrcdir)/common/, \ - util.o) \ + util.o \ + dsdb_dn.o) \ ../libds/common/flag_mapping.o $(eval $(call proto_header_template,$(dsdbsrcdir)/common/proto.h,$(SAMDB_COMMON_OBJ_FILES:.o=.c))) diff --git a/source4/dsdb/samdb/samdb.h b/source4/dsdb/samdb/samdb.h index 6b83c6dc5a..45ab716741 100644 --- a/source4/dsdb/samdb/samdb.h +++ b/source4/dsdb/samdb/samdb.h @@ -38,6 +38,7 @@ struct tevent_context; #include "dsdb/schema/schema.h" #include "dsdb/samdb/samdb_proto.h" #include "dsdb/common/proto.h" +#include "dsdb/common/dsdb_dn.h" #include "../libds/common/flags.h" #define DSDB_CONTROL_CURRENT_PARTITION_OID "1.3.6.1.4.1.7165.4.3.2" -- cgit