From 4a4cdc990cdc9e29b63fd28c5aa58ae1b47ed174 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 11 Sep 2007 16:06:32 +0000 Subject: r25084: Move samba-specific code out of lib/ldb directory. (This used to be commit 917bd737cb07817664d9088860588d47525f5ff8) --- source4/lib/ldb-samba/ldif_handlers.c | 474 ++++++++++++++++++++++++++++++++++ 1 file changed, 474 insertions(+) create mode 100644 source4/lib/ldb-samba/ldif_handlers.c (limited to 'source4/lib/ldb-samba/ldif_handlers.c') diff --git a/source4/lib/ldb-samba/ldif_handlers.c b/source4/lib/ldb-samba/ldif_handlers.c new file mode 100644 index 0000000000..cfd79563d5 --- /dev/null +++ b/source4/lib/ldb-samba/ldif_handlers.c @@ -0,0 +1,474 @@ +/* + ldb database library - ldif handlers for Samba + + Copyright (C) Andrew Tridgell 2005 + Copyright (C) Andrew Bartlett 2006-2007 + ** NOTE! The following LGPL license applies to the ldb + ** library. This does NOT imply that all of Samba is released + ** under the LGPL + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 3 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, see . +*/ + +#include "includes.h" +#include "ldb_includes.h" +#include "ldb_handlers.h" + +#include "librpc/gen_ndr/ndr_security.h" +#include "librpc/gen_ndr/ndr_misc.h" +#include "dsdb/samdb/samdb.h" +#include "libcli/security/security.h" + +/* + convert a ldif formatted objectSid to a NDR formatted blob +*/ +static int ldif_read_objectSid(struct ldb_context *ldb, void *mem_ctx, + const struct ldb_val *in, struct ldb_val *out) +{ + struct dom_sid *sid; + NTSTATUS status; + sid = dom_sid_parse_talloc(mem_ctx, (const char *)in->data); + if (sid == NULL) { + return -1; + } + status = ndr_push_struct_blob(out, mem_ctx, sid, + (ndr_push_flags_fn_t)ndr_push_dom_sid); + talloc_free(sid); + if (!NT_STATUS_IS_OK(status)) { + return -1; + } + return 0; +} + +/* + convert a NDR formatted blob to a ldif formatted objectSid +*/ +static int ldif_write_objectSid(struct ldb_context *ldb, void *mem_ctx, + const struct ldb_val *in, struct ldb_val *out) +{ + struct dom_sid *sid; + NTSTATUS status; + sid = talloc(mem_ctx, struct dom_sid); + if (sid == NULL) { + return -1; + } + status = ndr_pull_struct_blob(in, sid, sid, + (ndr_pull_flags_fn_t)ndr_pull_dom_sid); + if (!NT_STATUS_IS_OK(status)) { + talloc_free(sid); + return -1; + } + out->data = (uint8_t *)dom_sid_string(mem_ctx, sid); + talloc_free(sid); + if (out->data == NULL) { + return -1; + } + out->length = strlen((const char *)out->data); + return 0; +} + +static BOOL ldb_comparision_objectSid_isString(const struct ldb_val *v) +{ + if (v->length < 3) { + return False; + } + + if (strncmp("S-", (const char *)v->data, 2) != 0) return False; + + return True; +} + +/* + compare two objectSids +*/ +static int ldb_comparison_objectSid(struct ldb_context *ldb, void *mem_ctx, + const struct ldb_val *v1, const struct ldb_val *v2) +{ + if (ldb_comparision_objectSid_isString(v1) && ldb_comparision_objectSid_isString(v2)) { + return strcmp((const char *)v1->data, (const char *)v2->data); + } else if (ldb_comparision_objectSid_isString(v1) + && !ldb_comparision_objectSid_isString(v2)) { + struct ldb_val v; + int ret; + if (ldif_read_objectSid(ldb, mem_ctx, v1, &v) != 0) { + return -1; + } + ret = ldb_comparison_binary(ldb, mem_ctx, &v, v2); + talloc_free(v.data); + return ret; + } else if (!ldb_comparision_objectSid_isString(v1) + && ldb_comparision_objectSid_isString(v2)) { + struct ldb_val v; + int ret; + if (ldif_read_objectSid(ldb, mem_ctx, v2, &v) != 0) { + return -1; + } + ret = ldb_comparison_binary(ldb, mem_ctx, v1, &v); + talloc_free(v.data); + return ret; + } + return ldb_comparison_binary(ldb, mem_ctx, v1, v2); +} + +/* + canonicalise a objectSid +*/ +static int ldb_canonicalise_objectSid(struct ldb_context *ldb, void *mem_ctx, + const struct ldb_val *in, struct ldb_val *out) +{ + if (ldb_comparision_objectSid_isString(in)) { + return ldif_read_objectSid(ldb, mem_ctx, in, out); + } + return ldb_handler_copy(ldb, mem_ctx, in, out); +} + +/* + convert a ldif formatted objectGUID to a NDR formatted blob +*/ +static int ldif_read_objectGUID(struct ldb_context *ldb, void *mem_ctx, + const struct ldb_val *in, struct ldb_val *out) +{ + struct GUID guid; + NTSTATUS status; + + status = GUID_from_string((const char *)in->data, &guid); + if (!NT_STATUS_IS_OK(status)) { + return -1; + } + + status = ndr_push_struct_blob(out, mem_ctx, &guid, + (ndr_push_flags_fn_t)ndr_push_GUID); + if (!NT_STATUS_IS_OK(status)) { + return -1; + } + return 0; +} + +/* + convert a NDR formatted blob to a ldif formatted objectGUID +*/ +static int ldif_write_objectGUID(struct ldb_context *ldb, void *mem_ctx, + const struct ldb_val *in, struct ldb_val *out) +{ + struct GUID guid; + NTSTATUS status; + status = ndr_pull_struct_blob(in, mem_ctx, &guid, + (ndr_pull_flags_fn_t)ndr_pull_GUID); + if (!NT_STATUS_IS_OK(status)) { + return -1; + } + out->data = (uint8_t *)GUID_string(mem_ctx, &guid); + if (out->data == NULL) { + return -1; + } + out->length = strlen((const char *)out->data); + return 0; +} + +static BOOL ldb_comparision_objectGUID_isString(const struct ldb_val *v) +{ + struct GUID guid; + NTSTATUS status; + + if (v->length < 33) return False; + + /* see if the input if null-terninated (safety check for the below) */ + if (v->data[v->length] != '\0') return False; + + status = GUID_from_string((const char *)v->data, &guid); + if (!NT_STATUS_IS_OK(status)) { + return False; + } + + return True; +} + +/* + compare two objectGUIDs +*/ +static int ldb_comparison_objectGUID(struct ldb_context *ldb, void *mem_ctx, + const struct ldb_val *v1, const struct ldb_val *v2) +{ + if (ldb_comparision_objectGUID_isString(v1) && ldb_comparision_objectGUID_isString(v2)) { + return strcmp((const char *)v1->data, (const char *)v2->data); + } else if (ldb_comparision_objectGUID_isString(v1) + && !ldb_comparision_objectGUID_isString(v2)) { + struct ldb_val v; + int ret; + if (ldif_read_objectGUID(ldb, mem_ctx, v1, &v) != 0) { + return -1; + } + ret = ldb_comparison_binary(ldb, mem_ctx, &v, v2); + talloc_free(v.data); + return ret; + } else if (!ldb_comparision_objectGUID_isString(v1) + && ldb_comparision_objectGUID_isString(v2)) { + struct ldb_val v; + int ret; + if (ldif_read_objectGUID(ldb, mem_ctx, v2, &v) != 0) { + return -1; + } + ret = ldb_comparison_binary(ldb, mem_ctx, v1, &v); + talloc_free(v.data); + return ret; + } + return ldb_comparison_binary(ldb, mem_ctx, v1, v2); +} + +/* + canonicalise a objectGUID +*/ +static int ldb_canonicalise_objectGUID(struct ldb_context *ldb, void *mem_ctx, + const struct ldb_val *in, struct ldb_val *out) +{ + if (ldb_comparision_objectGUID_isString(in)) { + return ldif_read_objectGUID(ldb, mem_ctx, in, out); + } + return ldb_handler_copy(ldb, mem_ctx, in, out); +} + + +/* + convert a ldif (SDDL) formatted ntSecurityDescriptor to a NDR formatted blob +*/ +static int ldif_read_ntSecurityDescriptor(struct ldb_context *ldb, void *mem_ctx, + const struct ldb_val *in, struct ldb_val *out) +{ + struct security_descriptor *sd; + NTSTATUS status; + + sd = sddl_decode(mem_ctx, (const char *)in->data, NULL); + if (sd == NULL) { + return -1; + } + status = ndr_push_struct_blob(out, mem_ctx, sd, + (ndr_push_flags_fn_t)ndr_push_security_descriptor); + talloc_free(sd); + if (!NT_STATUS_IS_OK(status)) { + return -1; + } + return 0; +} + +/* + convert a NDR formatted blob to a ldif formatted ntSecurityDescriptor (SDDL format) +*/ +static int ldif_write_ntSecurityDescriptor(struct ldb_context *ldb, void *mem_ctx, + const struct ldb_val *in, struct ldb_val *out) +{ + struct security_descriptor *sd; + NTSTATUS status; + + sd = talloc(mem_ctx, struct security_descriptor); + if (sd == NULL) { + return -1; + } + status = ndr_pull_struct_blob(in, sd, sd, + (ndr_pull_flags_fn_t)ndr_pull_security_descriptor); + if (!NT_STATUS_IS_OK(status)) { + talloc_free(sd); + return -1; + } + out->data = (uint8_t *)sddl_encode(mem_ctx, sd, NULL); + talloc_free(sd); + if (out->data == NULL) { + return -1; + } + out->length = strlen((const char *)out->data); + return 0; +} + +/* + canonicolise an objectCategory. We use the short form as the cannoical form: + cn=Person,cn=Schema,cn=Configuration, becomes 'person' +*/ + +static int ldif_canonicalise_objectCategory(struct ldb_context *ldb, void *mem_ctx, + const struct ldb_val *in, struct ldb_val *out) +{ + struct ldb_dn *dn1 = NULL; + const struct dsdb_schema *schema = dsdb_get_schema(ldb); + const struct dsdb_class *class; + TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); + if (!tmp_ctx) { + return LDB_ERR_OPERATIONS_ERROR; + } + + if (!schema) { + *out = data_blob_talloc(mem_ctx, in->data, in->length); + if (in->data && !out->data) { + return LDB_ERR_OPERATIONS_ERROR; + } + return LDB_SUCCESS; + } + dn1 = ldb_dn_new(tmp_ctx, ldb, (char *)in->data); + if ( ! ldb_dn_validate(dn1)) { + const char *lDAPDisplayName = talloc_strndup(tmp_ctx, (char *)in->data, in->length); + class = dsdb_class_by_lDAPDisplayName(schema, lDAPDisplayName); + if (class) { + struct ldb_dn *dn = ldb_dn_new(mem_ctx, ldb, + class->defaultObjectCategory); + *out = data_blob_string_const(ldb_dn_alloc_casefold(mem_ctx, dn)); + talloc_free(tmp_ctx); + + if (!out->data) { + return LDB_ERR_OPERATIONS_ERROR; + } + return LDB_SUCCESS; + } else { + *out = data_blob_talloc(mem_ctx, in->data, in->length); + talloc_free(tmp_ctx); + + if (in->data && !out->data) { + return LDB_ERR_OPERATIONS_ERROR; + } + return LDB_SUCCESS; + } + } + *out = data_blob_string_const(ldb_dn_alloc_casefold(mem_ctx, dn1)); + talloc_free(tmp_ctx); + + if (!out->data) { + return LDB_ERR_OPERATIONS_ERROR; + } + return LDB_SUCCESS; +} + +static int ldif_comparison_objectCategory(struct ldb_context *ldb, void *mem_ctx, + const struct ldb_val *v1, + const struct ldb_val *v2) +{ + + int ret, ret1, ret2; + struct ldb_val v1_canon, v2_canon; + TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); + + /* I could try and bail if tmp_ctx was NULL, but what return + * value would I use? + * + * It seems easier to continue on the NULL context + */ + ret1 = ldif_canonicalise_objectCategory(ldb, tmp_ctx, v1, &v1_canon); + ret2 = ldif_canonicalise_objectCategory(ldb, tmp_ctx, v2, &v2_canon); + + if (ret1 == LDB_SUCCESS && ret2 == LDB_SUCCESS) { + ret = data_blob_cmp(&v1_canon, &v2_canon); + } else { + ret = data_blob_cmp(v1, v2); + } + talloc_free(tmp_ctx); + return ret; +} + +#define LDB_SYNTAX_SAMBA_SID "LDB_SYNTAX_SAMBA_SID" +#define LDB_SYNTAX_SAMBA_SECURITY_DESCRIPTOR "LDB_SYNTAX_SAMBA_SECURITY_DESCRIPTOR" +#define LDB_SYNTAX_SAMBA_GUID "LDB_SYNTAX_SAMBA_GUID" +#define LDB_SYNTAX_SAMBA_OBJECT_CATEGORY "LDB_SYNTAX_SAMBA_OBJECT_CATEGORY" + +static const struct ldb_schema_syntax samba_syntaxes[] = { + { + .name = LDB_SYNTAX_SAMBA_SID, + .ldif_read_fn = ldif_read_objectSid, + .ldif_write_fn = ldif_write_objectSid, + .canonicalise_fn= ldb_canonicalise_objectSid, + .comparison_fn = ldb_comparison_objectSid + },{ + .name = LDB_SYNTAX_SAMBA_SECURITY_DESCRIPTOR, + .ldif_read_fn = ldif_read_ntSecurityDescriptor, + .ldif_write_fn = ldif_write_ntSecurityDescriptor, + .canonicalise_fn= ldb_handler_copy, + .comparison_fn = ldb_comparison_binary + },{ + .name = LDB_SYNTAX_SAMBA_GUID, + .ldif_read_fn = ldif_read_objectGUID, + .ldif_write_fn = ldif_write_objectGUID, + .canonicalise_fn= ldb_canonicalise_objectGUID, + .comparison_fn = ldb_comparison_objectGUID + },{ + .name = LDB_SYNTAX_SAMBA_OBJECT_CATEGORY, + .ldif_read_fn = ldb_handler_copy, + .ldif_write_fn = ldb_handler_copy, + .canonicalise_fn= ldif_canonicalise_objectCategory, + .comparison_fn = ldif_comparison_objectCategory + } +}; + +static const struct { + const char *name; + const char *syntax; +} samba_attributes[] = { + { "objectSid", LDB_SYNTAX_SAMBA_SID }, + { "securityIdentifier", LDB_SYNTAX_SAMBA_SID }, + { "ntSecurityDescriptor", LDB_SYNTAX_SAMBA_SECURITY_DESCRIPTOR }, + { "objectGUID", LDB_SYNTAX_SAMBA_GUID }, + { "invocationId", LDB_SYNTAX_SAMBA_GUID }, + { "schemaIDGUID", LDB_SYNTAX_SAMBA_GUID }, + { "attributeSecurityGUID", LDB_SYNTAX_SAMBA_GUID }, + { "parentGUID", LDB_SYNTAX_SAMBA_GUID }, + { "siteGUID", LDB_SYNTAX_SAMBA_GUID }, + { "pKTGUID", LDB_SYNTAX_SAMBA_GUID }, + { "fRSVersionGUID", LDB_SYNTAX_SAMBA_GUID }, + { "fRSReplicaSetGUID", LDB_SYNTAX_SAMBA_GUID }, + { "netbootGUID", LDB_SYNTAX_SAMBA_GUID }, + { "objectCategory", LDB_SYNTAX_SAMBA_OBJECT_CATEGORY }, + { "member", LDB_SYNTAX_DN }, + { "memberOf", LDB_SYNTAX_DN }, + { "nCName", LDB_SYNTAX_DN }, + { "schemaNamingContext", LDB_SYNTAX_DN }, + { "configurationNamingContext", LDB_SYNTAX_DN }, + { "rootDomainNamingContext", LDB_SYNTAX_DN }, + { "defaultNamingContext", LDB_SYNTAX_DN }, + { "subRefs", LDB_SYNTAX_DN }, + { "dMDLocation", LDB_SYNTAX_DN }, + { "serverReference", LDB_SYNTAX_DN }, + { "masteredBy", LDB_SYNTAX_DN }, + { "msDs-masteredBy", LDB_SYNTAX_DN }, + { "fSMORoleOwner", LDB_SYNTAX_DN }, +}; + +/* + register the samba ldif handlers +*/ +int ldb_register_samba_handlers(struct ldb_context *ldb) +{ + uint32_t i; + + for (i=0; i < ARRAY_SIZE(samba_attributes); i++) { + int ret; + uint32_t j; + const struct ldb_schema_syntax *s = NULL; + + for (j=0; j < ARRAY_SIZE(samba_syntaxes); j++) { + if (strcmp(samba_attributes[i].syntax, samba_syntaxes[j].name) == 0) { + s = &samba_syntaxes[j]; + break; + } + } + + if (!s) { + s = ldb_standard_syntax_by_name(ldb, samba_attributes[i].syntax); + } + + if (!s) { + return -1; + } + + ret = ldb_schema_attribute_add_with_syntax(ldb, samba_attributes[i].name, 0, s); + if (ret != LDB_SUCCESS) { + return ret; + } + } + + return LDB_SUCCESS; +} -- cgit From 42bdfc3f6ce61fcd4f0d31c48dee470b62a9d59b Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Fri, 5 Oct 2007 17:24:50 +0000 Subject: r25518: Convert to standard bool types. (This used to be commit e5cabe14c7c33c4c7215963f504edf65edc36b20) --- source4/lib/ldb-samba/ldif_handlers.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source4/lib/ldb-samba/ldif_handlers.c') diff --git a/source4/lib/ldb-samba/ldif_handlers.c b/source4/lib/ldb-samba/ldif_handlers.c index cfd79563d5..0609694c4b 100644 --- a/source4/lib/ldb-samba/ldif_handlers.c +++ b/source4/lib/ldb-samba/ldif_handlers.c @@ -78,7 +78,7 @@ static int ldif_write_objectSid(struct ldb_context *ldb, void *mem_ctx, return 0; } -static BOOL ldb_comparision_objectSid_isString(const struct ldb_val *v) +static bool ldb_comparision_objectSid_isString(const struct ldb_val *v) { if (v->length < 3) { return False; @@ -86,7 +86,7 @@ static BOOL ldb_comparision_objectSid_isString(const struct ldb_val *v) if (strncmp("S-", (const char *)v->data, 2) != 0) return False; - return True; + return true; } /* @@ -176,7 +176,7 @@ static int ldif_write_objectGUID(struct ldb_context *ldb, void *mem_ctx, return 0; } -static BOOL ldb_comparision_objectGUID_isString(const struct ldb_val *v) +static bool ldb_comparision_objectGUID_isString(const struct ldb_val *v) { struct GUID guid; NTSTATUS status; @@ -191,7 +191,7 @@ static BOOL ldb_comparision_objectGUID_isString(const struct ldb_val *v) return False; } - return True; + return true; } /* -- cgit From 2f1c0eca139371ffa1685f6cb584f1cd3fb302c0 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sat, 6 Oct 2007 21:42:58 +0000 Subject: r25548: Convert to standard bool type. (This used to be commit 190d73b44b9b9c6dabbd26212d596d985b25edab) --- source4/lib/ldb-samba/ldif_handlers.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'source4/lib/ldb-samba/ldif_handlers.c') diff --git a/source4/lib/ldb-samba/ldif_handlers.c b/source4/lib/ldb-samba/ldif_handlers.c index 0609694c4b..928a06ab43 100644 --- a/source4/lib/ldb-samba/ldif_handlers.c +++ b/source4/lib/ldb-samba/ldif_handlers.c @@ -81,10 +81,10 @@ static int ldif_write_objectSid(struct ldb_context *ldb, void *mem_ctx, static bool ldb_comparision_objectSid_isString(const struct ldb_val *v) { if (v->length < 3) { - return False; + return false; } - if (strncmp("S-", (const char *)v->data, 2) != 0) return False; + if (strncmp("S-", (const char *)v->data, 2) != 0) return false; return true; } @@ -181,14 +181,14 @@ static bool ldb_comparision_objectGUID_isString(const struct ldb_val *v) struct GUID guid; NTSTATUS status; - if (v->length < 33) return False; + if (v->length < 33) return false; /* see if the input if null-terninated (safety check for the below) */ - if (v->data[v->length] != '\0') return False; + if (v->data[v->length] != '\0') return false; status = GUID_from_string((const char *)v->data, &guid); if (!NT_STATUS_IS_OK(status)) { - return False; + return false; } return true; -- cgit From 529763a9aa192a6785ba878aceeb1683c2510913 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 9 Nov 2007 19:24:51 +0100 Subject: r25920: ndr: change NTSTAUS into enum ndr_err_code (samba4 callers) lib/messaging/ lib/registry/ lib/ldb-samba/ librpc/rpc/ auth/auth_winbind.c auth/gensec/ auth/kerberos/ dsdb/repl/ dsdb/samdb/ dsdb/schema/ torture/ cluster/ctdb/ kdc/ ntvfs/ipc/ torture/rap/ ntvfs/ utils/getntacl.c ntptr/ smb_server/ libcli/wrepl/ wrepl_server/ libcli/cldap/ libcli/dgram/ libcli/ldap/ libcli/raw/ libcli/nbt/ libnet/ winbind/ rpc_server/ metze (This used to be commit 6223c7fddc972687eb577e04fc1c8e0604c35435) --- source4/lib/ldb-samba/ldif_handlers.c | 48 ++++++++++++++++++----------------- 1 file changed, 25 insertions(+), 23 deletions(-) (limited to 'source4/lib/ldb-samba/ldif_handlers.c') diff --git a/source4/lib/ldb-samba/ldif_handlers.c b/source4/lib/ldb-samba/ldif_handlers.c index 928a06ab43..13f9c19fb4 100644 --- a/source4/lib/ldb-samba/ldif_handlers.c +++ b/source4/lib/ldb-samba/ldif_handlers.c @@ -36,16 +36,16 @@ static int ldif_read_objectSid(struct ldb_context *ldb, void *mem_ctx, const struct ldb_val *in, struct ldb_val *out) { + enum ndr_err_code ndr_err; struct dom_sid *sid; - NTSTATUS status; sid = dom_sid_parse_talloc(mem_ctx, (const char *)in->data); if (sid == NULL) { return -1; } - status = ndr_push_struct_blob(out, mem_ctx, sid, - (ndr_push_flags_fn_t)ndr_push_dom_sid); + ndr_err = ndr_push_struct_blob(out, mem_ctx, sid, + (ndr_push_flags_fn_t)ndr_push_dom_sid); talloc_free(sid); - if (!NT_STATUS_IS_OK(status)) { + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { return -1; } return 0; @@ -58,14 +58,15 @@ static int ldif_write_objectSid(struct ldb_context *ldb, void *mem_ctx, const struct ldb_val *in, struct ldb_val *out) { struct dom_sid *sid; - NTSTATUS status; + enum ndr_err_code ndr_err; + sid = talloc(mem_ctx, struct dom_sid); if (sid == NULL) { return -1; } - status = ndr_pull_struct_blob(in, sid, sid, - (ndr_pull_flags_fn_t)ndr_pull_dom_sid); - if (!NT_STATUS_IS_OK(status)) { + ndr_err = ndr_pull_struct_blob(in, sid, sid, + (ndr_pull_flags_fn_t)ndr_pull_dom_sid); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { talloc_free(sid); return -1; } @@ -141,15 +142,16 @@ static int ldif_read_objectGUID(struct ldb_context *ldb, void *mem_ctx, { struct GUID guid; NTSTATUS status; + enum ndr_err_code ndr_err; status = GUID_from_string((const char *)in->data, &guid); if (!NT_STATUS_IS_OK(status)) { return -1; } - status = ndr_push_struct_blob(out, mem_ctx, &guid, - (ndr_push_flags_fn_t)ndr_push_GUID); - if (!NT_STATUS_IS_OK(status)) { + ndr_err = ndr_push_struct_blob(out, mem_ctx, &guid, + (ndr_push_flags_fn_t)ndr_push_GUID); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { return -1; } return 0; @@ -162,10 +164,10 @@ static int ldif_write_objectGUID(struct ldb_context *ldb, void *mem_ctx, const struct ldb_val *in, struct ldb_val *out) { struct GUID guid; - NTSTATUS status; - status = ndr_pull_struct_blob(in, mem_ctx, &guid, - (ndr_pull_flags_fn_t)ndr_pull_GUID); - if (!NT_STATUS_IS_OK(status)) { + enum ndr_err_code ndr_err; + ndr_err = ndr_pull_struct_blob(in, mem_ctx, &guid, + (ndr_pull_flags_fn_t)ndr_pull_GUID); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { return -1; } out->data = (uint8_t *)GUID_string(mem_ctx, &guid); @@ -246,16 +248,16 @@ static int ldif_read_ntSecurityDescriptor(struct ldb_context *ldb, void *mem_ctx const struct ldb_val *in, struct ldb_val *out) { struct security_descriptor *sd; - NTSTATUS status; + enum ndr_err_code ndr_err; sd = sddl_decode(mem_ctx, (const char *)in->data, NULL); if (sd == NULL) { return -1; } - status = ndr_push_struct_blob(out, mem_ctx, sd, - (ndr_push_flags_fn_t)ndr_push_security_descriptor); + ndr_err = ndr_push_struct_blob(out, mem_ctx, sd, + (ndr_push_flags_fn_t)ndr_push_security_descriptor); talloc_free(sd); - if (!NT_STATUS_IS_OK(status)) { + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { return -1; } return 0; @@ -268,15 +270,15 @@ static int ldif_write_ntSecurityDescriptor(struct ldb_context *ldb, void *mem_ct const struct ldb_val *in, struct ldb_val *out) { struct security_descriptor *sd; - NTSTATUS status; + enum ndr_err_code ndr_err; sd = talloc(mem_ctx, struct security_descriptor); if (sd == NULL) { return -1; } - status = ndr_pull_struct_blob(in, sd, sd, - (ndr_pull_flags_fn_t)ndr_pull_security_descriptor); - if (!NT_STATUS_IS_OK(status)) { + ndr_err = ndr_pull_struct_blob(in, sd, sd, + (ndr_pull_flags_fn_t)ndr_pull_security_descriptor); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { talloc_free(sd); return -1; } -- cgit From 339ad9ea223a9cfc1fd4ff58e94fdc3063983038 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 26 Nov 2007 03:14:28 +0100 Subject: r26129: Specify path explicitly in case an external ldb installation is used. (This used to be commit b86a6105ed27779c700f03175768978654081598) --- source4/lib/ldb-samba/ldif_handlers.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source4/lib/ldb-samba/ldif_handlers.c') diff --git a/source4/lib/ldb-samba/ldif_handlers.c b/source4/lib/ldb-samba/ldif_handlers.c index 13f9c19fb4..faf3cad2d0 100644 --- a/source4/lib/ldb-samba/ldif_handlers.c +++ b/source4/lib/ldb-samba/ldif_handlers.c @@ -22,8 +22,7 @@ */ #include "includes.h" -#include "ldb_includes.h" -#include "ldb_handlers.h" +#include "lib/ldb/include/ldb_includes.h" #include "librpc/gen_ndr/ndr_security.h" #include "librpc/gen_ndr/ndr_misc.h" -- cgit From 47554fd72e00911f05c1c16f1af4d06481d32882 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Fri, 7 Dec 2007 23:56:53 +0100 Subject: r26338: Fix parameter, typo. (This used to be commit 2a005096dd41f66fd99577d6ca7eb3e0f1cb30f2) --- source4/lib/ldb-samba/ldif_handlers.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'source4/lib/ldb-samba/ldif_handlers.c') diff --git a/source4/lib/ldb-samba/ldif_handlers.c b/source4/lib/ldb-samba/ldif_handlers.c index faf3cad2d0..f8e3505655 100644 --- a/source4/lib/ldb-samba/ldif_handlers.c +++ b/source4/lib/ldb-samba/ldif_handlers.c @@ -23,10 +23,9 @@ #include "includes.h" #include "lib/ldb/include/ldb_includes.h" - +#include "dsdb/samdb/samdb.h" #include "librpc/gen_ndr/ndr_security.h" #include "librpc/gen_ndr/ndr_misc.h" -#include "dsdb/samdb/samdb.h" #include "libcli/security/security.h" /* @@ -291,7 +290,7 @@ static int ldif_write_ntSecurityDescriptor(struct ldb_context *ldb, void *mem_ct } /* - canonicolise an objectCategory. We use the short form as the cannoical form: + canonicalise an objectCategory. We use the short form as the cannoical form: cn=Person,cn=Schema,cn=Configuration, becomes 'person' */ -- cgit From 86dc05e99f124db47f2743d1fc23117a7f5145ab Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 1 Jan 2008 22:05:05 -0600 Subject: r26638: libndr: Require explicitly specifying iconv_convenience for ndr_struct_push_blob(). (This used to be commit 61ad78ac98937ef7a9aa32075a91a1c95b7606b3) --- source4/lib/ldb-samba/ldif_handlers.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source4/lib/ldb-samba/ldif_handlers.c') diff --git a/source4/lib/ldb-samba/ldif_handlers.c b/source4/lib/ldb-samba/ldif_handlers.c index f8e3505655..30ca88264a 100644 --- a/source4/lib/ldb-samba/ldif_handlers.c +++ b/source4/lib/ldb-samba/ldif_handlers.c @@ -40,7 +40,7 @@ static int ldif_read_objectSid(struct ldb_context *ldb, void *mem_ctx, if (sid == NULL) { return -1; } - ndr_err = ndr_push_struct_blob(out, mem_ctx, sid, + ndr_err = ndr_push_struct_blob(out, mem_ctx, NULL, sid, (ndr_push_flags_fn_t)ndr_push_dom_sid); talloc_free(sid); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { @@ -147,7 +147,7 @@ static int ldif_read_objectGUID(struct ldb_context *ldb, void *mem_ctx, return -1; } - ndr_err = ndr_push_struct_blob(out, mem_ctx, &guid, + ndr_err = ndr_push_struct_blob(out, mem_ctx, NULL, &guid, (ndr_push_flags_fn_t)ndr_push_GUID); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { return -1; @@ -252,7 +252,7 @@ static int ldif_read_ntSecurityDescriptor(struct ldb_context *ldb, void *mem_ctx if (sd == NULL) { return -1; } - ndr_err = ndr_push_struct_blob(out, mem_ctx, sd, + ndr_err = ndr_push_struct_blob(out, mem_ctx, NULL, sd, (ndr_push_flags_fn_t)ndr_push_security_descriptor); talloc_free(sd); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { -- cgit From 7d5f0e0893d42b56145a3ffa34e3b4b9906cbd91 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 1 Jan 2008 22:05:13 -0600 Subject: r26639: librpc: Pass iconv convenience on from RPC connection to NDR library, so it can be overridden by OpenChange. (This used to be commit 2f29f80e07adef1f020173f2cd6d947d0ef505ce) --- source4/lib/ldb-samba/ldif_handlers.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source4/lib/ldb-samba/ldif_handlers.c') diff --git a/source4/lib/ldb-samba/ldif_handlers.c b/source4/lib/ldb-samba/ldif_handlers.c index 30ca88264a..5c29d001c2 100644 --- a/source4/lib/ldb-samba/ldif_handlers.c +++ b/source4/lib/ldb-samba/ldif_handlers.c @@ -62,7 +62,7 @@ static int ldif_write_objectSid(struct ldb_context *ldb, void *mem_ctx, if (sid == NULL) { return -1; } - ndr_err = ndr_pull_struct_blob(in, sid, sid, + ndr_err = ndr_pull_struct_blob(in, sid, NULL, sid, (ndr_pull_flags_fn_t)ndr_pull_dom_sid); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { talloc_free(sid); @@ -163,7 +163,7 @@ static int ldif_write_objectGUID(struct ldb_context *ldb, void *mem_ctx, { struct GUID guid; enum ndr_err_code ndr_err; - ndr_err = ndr_pull_struct_blob(in, mem_ctx, &guid, + ndr_err = ndr_pull_struct_blob(in, mem_ctx, NULL, &guid, (ndr_pull_flags_fn_t)ndr_pull_GUID); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { return -1; @@ -274,7 +274,7 @@ static int ldif_write_ntSecurityDescriptor(struct ldb_context *ldb, void *mem_ct if (sd == NULL) { return -1; } - ndr_err = ndr_pull_struct_blob(in, sd, sd, + ndr_err = ndr_pull_struct_blob(in, sd, NULL, sd, (ndr_pull_flags_fn_t)ndr_pull_security_descriptor); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { talloc_free(sd); -- cgit From b7c8e020a6f7221d6d10f2dd7610a232edeedf83 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 29 May 2008 18:38:17 +1000 Subject: Print prefixMap in a human-readable format. This should allow the prefixMap to be edited, until we find the right way to autogenerate it. Andrew Bartlett (This used to be commit 24ae9a55ec326807afd8d5bfa0a422a6668bd7c3) --- source4/lib/ldb-samba/ldif_handlers.c | 177 ++++++++++++++++++++++++++++++++++ 1 file changed, 177 insertions(+) (limited to 'source4/lib/ldb-samba/ldif_handlers.c') diff --git a/source4/lib/ldb-samba/ldif_handlers.c b/source4/lib/ldb-samba/ldif_handlers.c index 5c29d001c2..fb9ac8f8da 100644 --- a/source4/lib/ldb-samba/ldif_handlers.c +++ b/source4/lib/ldb-samba/ldif_handlers.c @@ -26,7 +26,9 @@ #include "dsdb/samdb/samdb.h" #include "librpc/gen_ndr/ndr_security.h" #include "librpc/gen_ndr/ndr_misc.h" +#include "librpc/gen_ndr/ndr_drsblobs.h" #include "libcli/security/security.h" +#include "param/param.h" /* convert a ldif formatted objectSid to a NDR formatted blob @@ -371,10 +373,178 @@ static int ldif_comparison_objectCategory(struct ldb_context *ldb, void *mem_ctx return ret; } +/* + convert a ldif formatted prefixMap to a NDR formatted blob +*/ +static int ldif_read_prefixMap(struct ldb_context *ldb, void *mem_ctx, + const struct ldb_val *in, struct ldb_val *out) +{ + struct prefixMapBlob *blob; + enum ndr_err_code ndr_err; + char *string, *line, *p, *oid; + + blob = talloc_zero(mem_ctx, struct prefixMapBlob); + if (blob == NULL) { + return -1; + } + + string = (const char *)in->data; + + line = string; + while (line && line[0]) { + p=strchr(line, ';'); + if (p) { + p[0] = '\0'; + } else { + p=strchr(string, '\n'); + if (p) { + p[0] = '\0'; + } + } + + blob->ctr.dsdb.mappings = talloc_realloc(blob, + blob->ctr.dsdb.mappings, + struct drsuapi_DsReplicaOIDMapping, + blob->ctr.dsdb.num_mappings+1); + if (!blob->ctr.dsdb.mappings) { + return -1; + } + + blob->ctr.dsdb.mappings[blob->ctr.dsdb.num_mappings].id_prefix = strtoul(p, &oid, 10); + + if (oid[0] != ':') { + return -1; + } + + /* we know there must be at least ":" */ + oid++; + + blob->ctr.dsdb.mappings[blob->ctr.dsdb.num_mappings].oid.oid + = talloc_strdup(blob->ctr.dsdb.mappings, oid); + + blob->ctr.dsdb.num_mappings++; + + if (p) { + line = p++; + } else { + line = NULL; + } + } + + ndr_err = ndr_push_struct_blob(out, mem_ctx, + lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm")), + blob, + (ndr_push_flags_fn_t)ndr_push_prefixMapBlob); + talloc_free(blob); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + return -1; + } + return 0; +} + +/* + convert a NDR formatted blob to a ldif formatted prefixMap +*/ +static int ldif_write_prefixMap(struct ldb_context *ldb, void *mem_ctx, + const struct ldb_val *in, struct ldb_val *out) +{ + struct prefixMapBlob *blob; + enum ndr_err_code ndr_err; + uint32_t i; + + blob = talloc(mem_ctx, struct prefixMapBlob); + if (blob == NULL) { + return -1; + } + ndr_err = ndr_pull_struct_blob(in, blob, + lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm")), + blob, + (ndr_pull_flags_fn_t)ndr_pull_prefixMapBlob); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + talloc_free(blob); + return -1; + } + if (blob->version != PREFIX_MAP_VERSION_DSDB) { + return -1; + } + out->data = talloc_strdup(mem_ctx, ""); + if (out->data == NULL) { + return -1; + } + + for (i=0; i < blob->ctr.dsdb.num_mappings; i++) { + if (i > 0) { + out->data = talloc_asprintf_append(out->data, ";"); + } + out->data = talloc_asprintf_append(out->data, "%u: %s", + blob->ctr.dsdb.mappings[i].id_prefix, + blob->ctr.dsdb.mappings[i].oid.oid); + if (out->data == NULL) { + return -1; + } + } + + talloc_free(blob); + out->length = strlen((const char *)out->data); + return 0; +} + +static bool ldif_comparision_prefixMap_isString(const struct ldb_val *v) +{ + if (v->length < 4) { + return true; + } + + if (IVAL(v->data, 0) == PREFIX_MAP_VERSION_DSDB) { + return false; + } + + return true; +} + +/* + canonicalise a prefixMap +*/ +static int ldif_canonicalise_prefixMap(struct ldb_context *ldb, void *mem_ctx, + const struct ldb_val *in, struct ldb_val *out) +{ + if (ldif_comparision_prefixMap_isString(in)) { + return ldif_read_prefixMap(ldb, mem_ctx, in, out); + } + return ldb_handler_copy(ldb, mem_ctx, in, out); +} + +static int ldif_comparison_prefixMap(struct ldb_context *ldb, void *mem_ctx, + const struct ldb_val *v1, + const struct ldb_val *v2) +{ + + int ret, ret1, ret2; + struct ldb_val v1_canon, v2_canon; + TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); + + /* I could try and bail if tmp_ctx was NULL, but what return + * value would I use? + * + * It seems easier to continue on the NULL context + */ + ret1 = ldif_canonicalise_prefixMap(ldb, tmp_ctx, v1, &v1_canon); + ret2 = ldif_canonicalise_prefixMap(ldb, tmp_ctx, v2, &v2_canon); + + if (ret1 == LDB_SUCCESS && ret2 == LDB_SUCCESS) { + ret = data_blob_cmp(&v1_canon, &v2_canon); + } else { + ret = data_blob_cmp(v1, v2); + } + talloc_free(tmp_ctx); + return ret; +} + #define LDB_SYNTAX_SAMBA_SID "LDB_SYNTAX_SAMBA_SID" #define LDB_SYNTAX_SAMBA_SECURITY_DESCRIPTOR "LDB_SYNTAX_SAMBA_SECURITY_DESCRIPTOR" #define LDB_SYNTAX_SAMBA_GUID "LDB_SYNTAX_SAMBA_GUID" #define LDB_SYNTAX_SAMBA_OBJECT_CATEGORY "LDB_SYNTAX_SAMBA_OBJECT_CATEGORY" +#define LDB_SYNTAX_SAMBA_PREFIX_MAP "LDB_SYNTAX_SAMBA_PREFIX_MAP" static const struct ldb_schema_syntax samba_syntaxes[] = { { @@ -401,6 +571,12 @@ static const struct ldb_schema_syntax samba_syntaxes[] = { .ldif_write_fn = ldb_handler_copy, .canonicalise_fn= ldif_canonicalise_objectCategory, .comparison_fn = ldif_comparison_objectCategory + },{ + .name = LDB_SYNTAX_SAMBA_PREFIX_MAP, + .ldif_read_fn = ldif_read_prefixMap, + .ldif_write_fn = ldif_write_prefixMap, + .canonicalise_fn= ldif_canonicalise_prefixMap, + .comparison_fn = ldif_comparison_prefixMap } }; @@ -435,6 +611,7 @@ static const struct { { "masteredBy", LDB_SYNTAX_DN }, { "msDs-masteredBy", LDB_SYNTAX_DN }, { "fSMORoleOwner", LDB_SYNTAX_DN }, + { "prefixMap", LDB_SYNTAX_SAMBA_PREFIX_MAP } }; /* -- cgit From 5bc1d81a1df9d7de8d357c521edc9e3333e821a3 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 29 May 2008 20:01:32 +1000 Subject: Finish the LDIF parsers for the prefixMap attribute. Andrew Bartlett (This used to be commit a6f59b1c7a81c7be4e9f83786fc4e1f454e6df0f) --- source4/lib/ldb-samba/ldif_handlers.c | 45 +++++++++++++++++++++++++---------- 1 file changed, 33 insertions(+), 12 deletions(-) (limited to 'source4/lib/ldb-samba/ldif_handlers.c') diff --git a/source4/lib/ldb-samba/ldif_handlers.c b/source4/lib/ldb-samba/ldif_handlers.c index fb9ac8f8da..03acf8b3f3 100644 --- a/source4/lib/ldb-samba/ldif_handlers.c +++ b/source4/lib/ldb-samba/ldif_handlers.c @@ -383,12 +383,25 @@ static int ldif_read_prefixMap(struct ldb_context *ldb, void *mem_ctx, enum ndr_err_code ndr_err; char *string, *line, *p, *oid; - blob = talloc_zero(mem_ctx, struct prefixMapBlob); + TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); + + if (tmp_ctx == NULL) { + return -1; + } + + blob = talloc_zero(tmp_ctx, struct prefixMapBlob); if (blob == NULL) { + talloc_free(blob); return -1; } + + blob->version = PREFIX_MAP_VERSION_DSDB; - string = (const char *)in->data; + string = talloc_strndup(mem_ctx, (const char *)in->data, in->length); + if (string == NULL) { + talloc_free(blob); + return -1; + } line = string; while (line && line[0]) { @@ -396,23 +409,29 @@ static int ldif_read_prefixMap(struct ldb_context *ldb, void *mem_ctx, if (p) { p[0] = '\0'; } else { - p=strchr(string, '\n'); + p=strchr(line, '\n'); if (p) { p[0] = '\0'; } } + /* allow a traling seperator */ + if (line == p) { + break; + } blob->ctr.dsdb.mappings = talloc_realloc(blob, blob->ctr.dsdb.mappings, struct drsuapi_DsReplicaOIDMapping, blob->ctr.dsdb.num_mappings+1); if (!blob->ctr.dsdb.mappings) { + talloc_free(tmp_ctx); return -1; } - blob->ctr.dsdb.mappings[blob->ctr.dsdb.num_mappings].id_prefix = strtoul(p, &oid, 10); + blob->ctr.dsdb.mappings[blob->ctr.dsdb.num_mappings].id_prefix = strtoul(line, &oid, 10); if (oid[0] != ':') { + talloc_free(tmp_ctx); return -1; } @@ -424,8 +443,9 @@ static int ldif_read_prefixMap(struct ldb_context *ldb, void *mem_ctx, blob->ctr.dsdb.num_mappings++; + /* Now look past the terminator we added above */ if (p) { - line = p++; + line = p + 1; } else { line = NULL; } @@ -435,7 +455,7 @@ static int ldif_read_prefixMap(struct ldb_context *ldb, void *mem_ctx, lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm")), blob, (ndr_push_flags_fn_t)ndr_push_prefixMapBlob); - talloc_free(blob); + talloc_free(tmp_ctx); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { return -1; } @@ -450,6 +470,7 @@ static int ldif_write_prefixMap(struct ldb_context *ldb, void *mem_ctx, { struct prefixMapBlob *blob; enum ndr_err_code ndr_err; + char *string; uint32_t i; blob = talloc(mem_ctx, struct prefixMapBlob); @@ -467,25 +488,25 @@ static int ldif_write_prefixMap(struct ldb_context *ldb, void *mem_ctx, if (blob->version != PREFIX_MAP_VERSION_DSDB) { return -1; } - out->data = talloc_strdup(mem_ctx, ""); - if (out->data == NULL) { + string = talloc_strdup(mem_ctx, ""); + if (string == NULL) { return -1; } for (i=0; i < blob->ctr.dsdb.num_mappings; i++) { if (i > 0) { - out->data = talloc_asprintf_append(out->data, ";"); + string = talloc_asprintf_append(string, ";"); } - out->data = talloc_asprintf_append(out->data, "%u: %s", + string = talloc_asprintf_append(string, "%u: %s", blob->ctr.dsdb.mappings[i].id_prefix, blob->ctr.dsdb.mappings[i].oid.oid); - if (out->data == NULL) { + if (string == NULL) { return -1; } } talloc_free(blob); - out->length = strlen((const char *)out->data); + *out = data_blob_string_const(string); return 0; } -- cgit From 617ef56aa3378c384026b72871af5a7253b8df33 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 29 May 2008 20:16:18 +1000 Subject: Remove extra spaces on prefixMap input and output. Metze requested that the format not include spaces, and the input parser already expects this. Andrew Bartlett (This used to be commit 3b1f5d10360ed1b26980d748a7c9be6db5977bd3) --- source4/lib/ldb-samba/ldif_handlers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/lib/ldb-samba/ldif_handlers.c') diff --git a/source4/lib/ldb-samba/ldif_handlers.c b/source4/lib/ldb-samba/ldif_handlers.c index 03acf8b3f3..1f718cc1c5 100644 --- a/source4/lib/ldb-samba/ldif_handlers.c +++ b/source4/lib/ldb-samba/ldif_handlers.c @@ -497,7 +497,7 @@ static int ldif_write_prefixMap(struct ldb_context *ldb, void *mem_ctx, if (i > 0) { string = talloc_asprintf_append(string, ";"); } - string = talloc_asprintf_append(string, "%u: %s", + string = talloc_asprintf_append(string, "%u:%s", blob->ctr.dsdb.mappings[i].id_prefix, blob->ctr.dsdb.mappings[i].oid.oid); if (string == NULL) { -- cgit From bb80a19714048def04b9d94d4e9f125a20a95822 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 18 Aug 2008 20:30:27 +1000 Subject: Note the ldb syntax for attribute syntaxes in the table. This includes additional Samba-specific syntaxes made available from the ldif_handlers code. This commit also changes some table to use #defines, to ensure consistancy in other parts of the code. Andrew Bartlett (This used to be commit e26a5efd9a580ed3728e1f449e367b1cd4a73b5f) --- source4/lib/ldb-samba/ldif_handlers.c | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) (limited to 'source4/lib/ldb-samba/ldif_handlers.c') diff --git a/source4/lib/ldb-samba/ldif_handlers.c b/source4/lib/ldb-samba/ldif_handlers.c index 1f718cc1c5..22a57da10b 100644 --- a/source4/lib/ldb-samba/ldif_handlers.c +++ b/source4/lib/ldb-samba/ldif_handlers.c @@ -561,8 +561,6 @@ static int ldif_comparison_prefixMap(struct ldb_context *ldb, void *mem_ctx, return ret; } -#define LDB_SYNTAX_SAMBA_SID "LDB_SYNTAX_SAMBA_SID" -#define LDB_SYNTAX_SAMBA_SECURITY_DESCRIPTOR "LDB_SYNTAX_SAMBA_SECURITY_DESCRIPTOR" #define LDB_SYNTAX_SAMBA_GUID "LDB_SYNTAX_SAMBA_GUID" #define LDB_SYNTAX_SAMBA_OBJECT_CATEGORY "LDB_SYNTAX_SAMBA_OBJECT_CATEGORY" #define LDB_SYNTAX_SAMBA_PREFIX_MAP "LDB_SYNTAX_SAMBA_PREFIX_MAP" @@ -635,6 +633,21 @@ static const struct { { "prefixMap", LDB_SYNTAX_SAMBA_PREFIX_MAP } }; +const struct ldb_schema_syntax *ldb_samba_syntax_by_name(struct ldb_context *ldb, const char *name) +{ + uint32_t j; + const struct ldb_schema_syntax *s = NULL; + + for (j=0; j < ARRAY_SIZE(samba_syntaxes); j++) { + if (strcmp(name, samba_syntaxes[j].name) == 0) { + s = &samba_syntaxes[j]; + break; + } + } + return s; +} + + /* register the samba ldif handlers */ @@ -644,15 +657,9 @@ int ldb_register_samba_handlers(struct ldb_context *ldb) for (i=0; i < ARRAY_SIZE(samba_attributes); i++) { int ret; - uint32_t j; const struct ldb_schema_syntax *s = NULL; - for (j=0; j < ARRAY_SIZE(samba_syntaxes); j++) { - if (strcmp(samba_attributes[i].syntax, samba_syntaxes[j].name) == 0) { - s = &samba_syntaxes[j]; - break; - } - } + s = ldb_samba_syntax_by_name(ldb, samba_attributes[i].syntax); if (!s) { s = ldb_standard_syntax_by_name(ldb, samba_attributes[i].syntax); -- cgit From 473540d4a5550ff857a0710f077193869ed873f8 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 21 Aug 2008 12:56:04 +1000 Subject: Don't hardcode attributes to be treated as a DN This is now handled by reading the schema into the attributes. Also, when we do set something here, mark it as FIXED, so the schema and any reload from @ATTRIBUTES won't touch it. Andrew Bartlett (This used to be commit 7b24701335398ece3d1b3a20cf5f1174500b16ce) --- source4/lib/ldb-samba/ldif_handlers.c | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) (limited to 'source4/lib/ldb-samba/ldif_handlers.c') diff --git a/source4/lib/ldb-samba/ldif_handlers.c b/source4/lib/ldb-samba/ldif_handlers.c index 22a57da10b..7301193dc2 100644 --- a/source4/lib/ldb-samba/ldif_handlers.c +++ b/source4/lib/ldb-samba/ldif_handlers.c @@ -617,19 +617,6 @@ static const struct { { "fRSReplicaSetGUID", LDB_SYNTAX_SAMBA_GUID }, { "netbootGUID", LDB_SYNTAX_SAMBA_GUID }, { "objectCategory", LDB_SYNTAX_SAMBA_OBJECT_CATEGORY }, - { "member", LDB_SYNTAX_DN }, - { "memberOf", LDB_SYNTAX_DN }, - { "nCName", LDB_SYNTAX_DN }, - { "schemaNamingContext", LDB_SYNTAX_DN }, - { "configurationNamingContext", LDB_SYNTAX_DN }, - { "rootDomainNamingContext", LDB_SYNTAX_DN }, - { "defaultNamingContext", LDB_SYNTAX_DN }, - { "subRefs", LDB_SYNTAX_DN }, - { "dMDLocation", LDB_SYNTAX_DN }, - { "serverReference", LDB_SYNTAX_DN }, - { "masteredBy", LDB_SYNTAX_DN }, - { "msDs-masteredBy", LDB_SYNTAX_DN }, - { "fSMORoleOwner", LDB_SYNTAX_DN }, { "prefixMap", LDB_SYNTAX_SAMBA_PREFIX_MAP } }; @@ -669,7 +656,7 @@ int ldb_register_samba_handlers(struct ldb_context *ldb) return -1; } - ret = ldb_schema_attribute_add_with_syntax(ldb, samba_attributes[i].name, 0, s); + ret = ldb_schema_attribute_add_with_syntax(ldb, samba_attributes[i].name, LDB_ATTR_FLAG_FIXED, s); if (ret != LDB_SUCCESS) { return ret; } -- cgit From c36c42af296e5bbee1ceaaf66885d7280151a39f Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 21 Aug 2008 15:10:40 +1000 Subject: Handle error cases in attribute handlers better. We don't need to just bail, for all these error cases there is still real result that can be made - just fall back to binary copy/compare. Andrew Bartlett (This used to be commit 6aa5dde2aa9a5f070871ecc117e44bfcad363459) --- source4/lib/ldb-samba/ldif_handlers.c | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) (limited to 'source4/lib/ldb-samba/ldif_handlers.c') diff --git a/source4/lib/ldb-samba/ldif_handlers.c b/source4/lib/ldb-samba/ldif_handlers.c index 7301193dc2..750e35bca0 100644 --- a/source4/lib/ldb-samba/ldif_handlers.c +++ b/source4/lib/ldb-samba/ldif_handlers.c @@ -97,13 +97,14 @@ static int ldb_comparison_objectSid(struct ldb_context *ldb, void *mem_ctx, const struct ldb_val *v1, const struct ldb_val *v2) { if (ldb_comparision_objectSid_isString(v1) && ldb_comparision_objectSid_isString(v2)) { - return strcmp((const char *)v1->data, (const char *)v2->data); + return ldb_comparison_binary(ldb, mem_ctx, v1, v2); } else if (ldb_comparision_objectSid_isString(v1) && !ldb_comparision_objectSid_isString(v2)) { struct ldb_val v; int ret; if (ldif_read_objectSid(ldb, mem_ctx, v1, &v) != 0) { - return -1; + /* Perhaps not a string after all */ + return ldb_comparison_binary(ldb, mem_ctx, v1, v2); } ret = ldb_comparison_binary(ldb, mem_ctx, &v, v2); talloc_free(v.data); @@ -113,7 +114,8 @@ static int ldb_comparison_objectSid(struct ldb_context *ldb, void *mem_ctx, struct ldb_val v; int ret; if (ldif_read_objectSid(ldb, mem_ctx, v2, &v) != 0) { - return -1; + /* Perhaps not a string after all */ + return ldb_comparison_binary(ldb, mem_ctx, v1, v2); } ret = ldb_comparison_binary(ldb, mem_ctx, v1, &v); talloc_free(v.data); @@ -129,7 +131,10 @@ static int ldb_canonicalise_objectSid(struct ldb_context *ldb, void *mem_ctx, const struct ldb_val *in, struct ldb_val *out) { if (ldb_comparision_objectSid_isString(in)) { - return ldif_read_objectSid(ldb, mem_ctx, in, out); + if (ldif_read_objectSid(ldb, mem_ctx, in, out) != 0) { + /* Perhaps not a string after all */ + return ldb_handler_copy(ldb, mem_ctx, in, out); + } } return ldb_handler_copy(ldb, mem_ctx, in, out); } @@ -203,13 +208,14 @@ static int ldb_comparison_objectGUID(struct ldb_context *ldb, void *mem_ctx, const struct ldb_val *v1, const struct ldb_val *v2) { if (ldb_comparision_objectGUID_isString(v1) && ldb_comparision_objectGUID_isString(v2)) { - return strcmp((const char *)v1->data, (const char *)v2->data); + return ldb_comparison_binary(ldb, mem_ctx, v1, v2); } else if (ldb_comparision_objectGUID_isString(v1) && !ldb_comparision_objectGUID_isString(v2)) { struct ldb_val v; int ret; if (ldif_read_objectGUID(ldb, mem_ctx, v1, &v) != 0) { - return -1; + /* Perhaps it wasn't a valid string after all */ + return ldb_comparison_binary(ldb, mem_ctx, v1, v2); } ret = ldb_comparison_binary(ldb, mem_ctx, &v, v2); talloc_free(v.data); @@ -219,7 +225,8 @@ static int ldb_comparison_objectGUID(struct ldb_context *ldb, void *mem_ctx, struct ldb_val v; int ret; if (ldif_read_objectGUID(ldb, mem_ctx, v2, &v) != 0) { - return -1; + /* Perhaps it wasn't a valid string after all */ + return ldb_comparison_binary(ldb, mem_ctx, v1, v2); } ret = ldb_comparison_binary(ldb, mem_ctx, v1, &v); talloc_free(v.data); @@ -235,7 +242,10 @@ static int ldb_canonicalise_objectGUID(struct ldb_context *ldb, void *mem_ctx, const struct ldb_val *in, struct ldb_val *out) { if (ldb_comparision_objectGUID_isString(in)) { - return ldif_read_objectGUID(ldb, mem_ctx, in, out); + if (ldif_read_objectGUID(ldb, mem_ctx, in, out) != 0) { + /* Perhaps it wasn't a valid string after all */ + return ldb_handler_copy(ldb, mem_ctx, in, out); + } } return ldb_handler_copy(ldb, mem_ctx, in, out); } -- cgit From 4ad97a1d0593b3401a352407009a99ead23f21f2 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 21 Aug 2008 19:24:58 +1000 Subject: Don't walk past the end of ldb values. This is a partial fix towards bugs due to us walking past the end of what we think are strings in ldb. There is much more work to do in this area. Andrew Bartlett (This used to be commit 5805a9a8f35fd90fa4f718f73534817fa3bbdfd2) --- source4/lib/ldb-samba/ldif_handlers.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) (limited to 'source4/lib/ldb-samba/ldif_handlers.c') diff --git a/source4/lib/ldb-samba/ldif_handlers.c b/source4/lib/ldb-samba/ldif_handlers.c index 750e35bca0..04fcd66b6e 100644 --- a/source4/lib/ldb-samba/ldif_handlers.c +++ b/source4/lib/ldb-samba/ldif_handlers.c @@ -38,7 +38,7 @@ static int ldif_read_objectSid(struct ldb_context *ldb, void *mem_ctx, { enum ndr_err_code ndr_err; struct dom_sid *sid; - sid = dom_sid_parse_talloc(mem_ctx, (const char *)in->data); + sid = dom_sid_parse_length(mem_ctx, in); if (sid == NULL) { return -1; } @@ -70,12 +70,11 @@ static int ldif_write_objectSid(struct ldb_context *ldb, void *mem_ctx, talloc_free(sid); return -1; } - out->data = (uint8_t *)dom_sid_string(mem_ctx, sid); + *out = data_blob_string_const(dom_sid_string(mem_ctx, sid)); talloc_free(sid); if (out->data == NULL) { return -1; } - out->length = strlen((const char *)out->data); return 0; } @@ -146,10 +145,16 @@ static int ldif_read_objectGUID(struct ldb_context *ldb, void *mem_ctx, const struct ldb_val *in, struct ldb_val *out) { struct GUID guid; + char *guid_string; NTSTATUS status; enum ndr_err_code ndr_err; + guid_string = talloc_strndup(mem_ctx, in->data, in->length); + if (!guid_string) { + return -1; + } - status = GUID_from_string((const char *)in->data, &guid); + status = GUID_from_string(guid_string, &guid); + talloc_free(guid_string); if (!NT_STATUS_IS_OK(status)) { return -1; } @@ -324,7 +329,7 @@ static int ldif_canonicalise_objectCategory(struct ldb_context *ldb, void *mem_c } return LDB_SUCCESS; } - dn1 = ldb_dn_new(tmp_ctx, ldb, (char *)in->data); + dn1 = ldb_dn_from_ldb_val(tmp_ctx, ldb, in); if ( ! ldb_dn_validate(dn1)) { const char *lDAPDisplayName = talloc_strndup(tmp_ctx, (char *)in->data, in->length); class = dsdb_class_by_lDAPDisplayName(schema, lDAPDisplayName); -- cgit From 0521ed1ddff403094e6d0f22541f47ac87747679 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 22 Aug 2008 18:37:34 +1000 Subject: fixed the GUID and objectSID canonicalisation functions (This used to be commit 115053ea7e70b067e7873668ed83f1f10908287d) --- source4/lib/ldb-samba/ldif_handlers.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source4/lib/ldb-samba/ldif_handlers.c') diff --git a/source4/lib/ldb-samba/ldif_handlers.c b/source4/lib/ldb-samba/ldif_handlers.c index 04fcd66b6e..a16582d294 100644 --- a/source4/lib/ldb-samba/ldif_handlers.c +++ b/source4/lib/ldb-samba/ldif_handlers.c @@ -134,6 +134,7 @@ static int ldb_canonicalise_objectSid(struct ldb_context *ldb, void *mem_ctx, /* Perhaps not a string after all */ return ldb_handler_copy(ldb, mem_ctx, in, out); } + return 0; } return ldb_handler_copy(ldb, mem_ctx, in, out); } @@ -148,7 +149,7 @@ static int ldif_read_objectGUID(struct ldb_context *ldb, void *mem_ctx, char *guid_string; NTSTATUS status; enum ndr_err_code ndr_err; - guid_string = talloc_strndup(mem_ctx, in->data, in->length); + guid_string = talloc_strndup(mem_ctx, (const char *)in->data, in->length); if (!guid_string) { return -1; } @@ -251,6 +252,7 @@ static int ldb_canonicalise_objectGUID(struct ldb_context *ldb, void *mem_ctx, /* Perhaps it wasn't a valid string after all */ return ldb_handler_copy(ldb, mem_ctx, in, out); } + return 0; } return ldb_handler_copy(ldb, mem_ctx, in, out); } -- cgit