32
32
#include "includes.h"
33
#include "ldb/include/ldb.h"
34
#include "ldb/include/ldb_errors.h"
35
#include "ldb/include/ldb_module.h"
34
#include <ldb_errors.h>
35
#include <ldb_module.h>
38
TODO: if relax is not set then we need to reject the fancy RMD_* and
39
DELETED extended DN codes
38
43
struct extended_search_context {
152
157
if (!ac->basedn) {
153
158
const char *str = talloc_asprintf(req, "Base-DN '%s' not found",
154
ldb_dn_get_linearized(ac->req->op.search.base));
159
ldb_dn_get_extended_linearized(req, ac->req->op.search.base, 1));
155
160
ldb_set_errstring(ldb_module_get_ctx(ac->module), str);
156
161
return ldb_module_done(ac->req, NULL, NULL,
157
162
LDB_ERR_NO_SUCH_OBJECT);
223
232
ac->req->controls,
224
233
ac, extended_final_callback,
235
LDB_REQ_SET_LOCATION(down_req);
228
238
return ldb_module_done(ac->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR);
264
274
/* It looks like we need to map the DN */
265
275
const struct ldb_val *sid_val, *guid_val, *wkguid_val;
276
int num_components = ldb_dn_get_comp_num(dn);
277
int num_ex_components = ldb_dn_get_extended_comp_num(dn);
280
windows ldap searchs don't allow a baseDN with more
281
than one extended component, or an extended
282
component and a string DN
284
We only enforce this over ldap, not for internal
285
use, as there are just too many places where we
286
internally want to use a DN that has come from a
287
search with extended DN enabled, or comes from a DRS
290
Enforcing this would also make debugging samba much
291
harder, as we'd need to use ldb_dn_minimise() in a
292
lot of places, and that would lose the DN string
293
which is so useful for working out what a request is
296
if ((num_components != 0 || num_ex_components != 1) &&
297
ldb_req_is_untrusted(req)) {
298
return ldb_error(ldb_module_get_ctx(module),
299
LDB_ERR_INVALID_DN_SYNTAX, "invalid number of DN components");
267
302
sid_val = ldb_dn_get_extended_component(dn, "SID");
268
303
guid_val = ldb_dn_get_extended_component(dn, "GUID");
274
309
base_dn_filter = talloc_asprintf(req, "(objectSid=%s)",
275
310
ldb_binary_encode(req, *sid_val));
276
311
if (!base_dn_filter) {
277
ldb_oom(ldb_module_get_ctx(module));
278
return LDB_ERR_OPERATIONS_ERROR;
312
return ldb_oom(ldb_module_get_ctx(module));
280
314
base_dn_scope = LDB_SCOPE_SUBTREE;
281
315
base_dn_attrs = no_attr;
287
321
base_dn_filter = talloc_asprintf(req, "(objectGUID=%s)",
288
322
ldb_binary_encode(req, *guid_val));
289
323
if (!base_dn_filter) {
290
ldb_oom(ldb_module_get_ctx(module));
291
return LDB_ERR_OPERATIONS_ERROR;
324
return ldb_oom(ldb_module_get_ctx(module));
293
326
base_dn_scope = LDB_SCOPE_SUBTREE;
294
327
base_dn_attrs = no_attr;
304
337
p = strchr(wkguid_dup, ',');
306
return LDB_ERR_INVALID_DN_SYNTAX;
339
return ldb_error(ldb_module_get_ctx(module), LDB_ERR_INVALID_DN_SYNTAX,
340
"Invalid WKGUID format");
312
346
wellknown_object = talloc_asprintf(req, "B:32:%s:", wkguid_dup);
313
347
if (!wellknown_object) {
314
ldb_oom(ldb_module_get_ctx(module));
315
return LDB_ERR_OPERATIONS_ERROR;
348
return ldb_oom(ldb_module_get_ctx(module));
320
353
base_dn = ldb_dn_new(req, ldb_module_get_ctx(module), tail_str);
321
354
talloc_free(wkguid_dup);
323
ldb_oom(ldb_module_get_ctx(module));
324
return LDB_ERR_OPERATIONS_ERROR;
356
return ldb_oom(ldb_module_get_ctx(module));
326
358
base_dn_filter = talloc_strdup(req, "(objectClass=*)");
327
359
if (!base_dn_filter) {
328
ldb_oom(ldb_module_get_ctx(module));
329
return LDB_ERR_OPERATIONS_ERROR;
360
return ldb_oom(ldb_module_get_ctx(module));
331
362
base_dn_scope = LDB_SCOPE_BASE;
332
363
base_dn_attrs = wkattr;
334
return LDB_ERR_INVALID_DN_SYNTAX;
365
return ldb_error(ldb_module_get_ctx(module), LDB_ERR_INVALID_DN_SYNTAX,
366
"Invalid extended DN component");
337
369
ac = talloc_zero(req, struct extended_search_context);
338
370
if (ac == NULL) {
339
ldb_oom(ldb_module_get_ctx(module));
340
return LDB_ERR_OPERATIONS_ERROR;
371
return ldb_oom(ldb_module_get_ctx(module));
343
374
ac->module = module;
358
389
ac, extended_base_callback,
391
LDB_REQ_SET_LOCATION(down_req);
360
392
if (ret != LDB_SUCCESS) {
361
return LDB_ERR_OPERATIONS_ERROR;
393
return ldb_operr(ldb_module_get_ctx(module));
364
396
if (all_partitions) {
365
397
struct ldb_search_options_control *control;
366
398
control = talloc(down_req, struct ldb_search_options_control);
367
399
control->search_options = 2;
368
ret = ldb_request_add_control(down_req,
400
ret = ldb_request_replace_control(down_req,
369
401
LDB_CONTROL_SEARCH_OPTIONS_OID,
371
403
if (ret != LDB_SUCCESS) {
399
431
return extended_dn_in_fix(module, req, req->op.rename.olddn);
402
_PUBLIC_ const struct ldb_module_ops ldb_extended_dn_in_module_ops = {
434
static const struct ldb_module_ops ldb_extended_dn_in_module_ops = {
403
435
.name = "extended_dn_in",
404
436
.search = extended_dn_in_search,
405
437
.modify = extended_dn_in_modify,
406
438
.del = extended_dn_in_del,
407
439
.rename = extended_dn_in_rename,
442
int ldb_extended_dn_in_module_init(const char *version)
444
LDB_MODULE_CHECK_VERSION(version);
445
return ldb_register_module(&ldb_extended_dn_in_module_ops);