2
ldb database library - ldif handlers for Samba
4
Copyright (C) Andrew Tridgell 2005
5
Copyright (C) Andrew Bartlett 2006
6
** NOTE! The following LGPL license applies to the ldb
7
** library. This does NOT imply that all of Samba is released
10
This library is free software; you can redistribute it and/or
11
modify it under the terms of the GNU Lesser General Public
12
License as published by the Free Software Foundation; either
13
version 3 of the License, or (at your option) any later version.
15
This library is distributed in the hope that it will be useful,
16
but WITHOUT ANY WARRANTY; without even the implied warranty of
17
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18
Lesser General Public License for more details.
20
You should have received a copy of the GNU Lesser General Public
21
License along with this library; if not, see <http://www.gnu.org/licenses/>.
25
#include "ldb/include/includes.h"
27
#include "librpc/gen_ndr/ndr_security.h"
28
#include "librpc/gen_ndr/ndr_misc.h"
29
#include "dsdb/samdb/samdb.h"
30
#include "libcli/security/security.h"
33
convert a ldif formatted objectSid to a NDR formatted blob
35
static int ldif_read_objectSid(struct ldb_context *ldb, void *mem_ctx,
36
const struct ldb_val *in, struct ldb_val *out)
40
sid = dom_sid_parse_talloc(mem_ctx, (const char *)in->data);
44
status = ndr_push_struct_blob(out, mem_ctx, sid,
45
(ndr_push_flags_fn_t)ndr_push_dom_sid);
47
if (!NT_STATUS_IS_OK(status)) {
54
convert a NDR formatted blob to a ldif formatted objectSid
56
static int ldif_write_objectSid(struct ldb_context *ldb, void *mem_ctx,
57
const struct ldb_val *in, struct ldb_val *out)
61
sid = talloc(mem_ctx, struct dom_sid);
65
status = ndr_pull_struct_blob(in, sid, sid,
66
(ndr_pull_flags_fn_t)ndr_pull_dom_sid);
67
if (!NT_STATUS_IS_OK(status)) {
71
out->data = (uint8_t *)dom_sid_string(mem_ctx, sid);
73
if (out->data == NULL) {
76
out->length = strlen((const char *)out->data);
80
static BOOL ldb_comparision_objectSid_isString(const struct ldb_val *v)
86
if (strncmp("S-", (const char *)v->data, 2) != 0) return False;
92
compare two objectSids
94
static int ldb_comparison_objectSid(struct ldb_context *ldb, void *mem_ctx,
95
const struct ldb_val *v1, const struct ldb_val *v2)
97
if (ldb_comparision_objectSid_isString(v1) && ldb_comparision_objectSid_isString(v2)) {
98
return strcmp((const char *)v1->data, (const char *)v2->data);
99
} else if (ldb_comparision_objectSid_isString(v1)
100
&& !ldb_comparision_objectSid_isString(v2)) {
103
if (ldif_read_objectSid(ldb, mem_ctx, v1, &v) != 0) {
106
ret = ldb_comparison_binary(ldb, mem_ctx, &v, v2);
109
} else if (!ldb_comparision_objectSid_isString(v1)
110
&& ldb_comparision_objectSid_isString(v2)) {
113
if (ldif_read_objectSid(ldb, mem_ctx, v2, &v) != 0) {
116
ret = ldb_comparison_binary(ldb, mem_ctx, v1, &v);
120
return ldb_comparison_binary(ldb, mem_ctx, v1, v2);
124
canonicalise a objectSid
126
static int ldb_canonicalise_objectSid(struct ldb_context *ldb, void *mem_ctx,
127
const struct ldb_val *in, struct ldb_val *out)
129
if (ldb_comparision_objectSid_isString(in)) {
130
return ldif_read_objectSid(ldb, mem_ctx, in, out);
132
return ldb_handler_copy(ldb, mem_ctx, in, out);
136
convert a ldif formatted objectGUID to a NDR formatted blob
138
static int ldif_read_objectGUID(struct ldb_context *ldb, void *mem_ctx,
139
const struct ldb_val *in, struct ldb_val *out)
144
status = GUID_from_string((const char *)in->data, &guid);
145
if (!NT_STATUS_IS_OK(status)) {
149
status = ndr_push_struct_blob(out, mem_ctx, &guid,
150
(ndr_push_flags_fn_t)ndr_push_GUID);
151
if (!NT_STATUS_IS_OK(status)) {
158
convert a NDR formatted blob to a ldif formatted objectGUID
160
static int ldif_write_objectGUID(struct ldb_context *ldb, void *mem_ctx,
161
const struct ldb_val *in, struct ldb_val *out)
165
status = ndr_pull_struct_blob(in, mem_ctx, &guid,
166
(ndr_pull_flags_fn_t)ndr_pull_GUID);
167
if (!NT_STATUS_IS_OK(status)) {
170
out->data = (uint8_t *)GUID_string(mem_ctx, &guid);
171
if (out->data == NULL) {
174
out->length = strlen((const char *)out->data);
178
static BOOL ldb_comparision_objectGUID_isString(const struct ldb_val *v)
183
if (v->length < 33) return False;
185
/* see if the input if null-terninated (safety check for the below) */
186
if (v->data[v->length] != '\0') return False;
188
status = GUID_from_string((const char *)v->data, &guid);
189
if (!NT_STATUS_IS_OK(status)) {
197
compare two objectGUIDs
199
static int ldb_comparison_objectGUID(struct ldb_context *ldb, void *mem_ctx,
200
const struct ldb_val *v1, const struct ldb_val *v2)
202
if (ldb_comparision_objectGUID_isString(v1) && ldb_comparision_objectGUID_isString(v2)) {
203
return strcmp((const char *)v1->data, (const char *)v2->data);
204
} else if (ldb_comparision_objectGUID_isString(v1)
205
&& !ldb_comparision_objectGUID_isString(v2)) {
208
if (ldif_read_objectGUID(ldb, mem_ctx, v1, &v) != 0) {
211
ret = ldb_comparison_binary(ldb, mem_ctx, &v, v2);
214
} else if (!ldb_comparision_objectGUID_isString(v1)
215
&& ldb_comparision_objectGUID_isString(v2)) {
218
if (ldif_read_objectGUID(ldb, mem_ctx, v2, &v) != 0) {
221
ret = ldb_comparison_binary(ldb, mem_ctx, v1, &v);
225
return ldb_comparison_binary(ldb, mem_ctx, v1, v2);
229
canonicalise a objectGUID
231
static int ldb_canonicalise_objectGUID(struct ldb_context *ldb, void *mem_ctx,
232
const struct ldb_val *in, struct ldb_val *out)
234
if (ldb_comparision_objectGUID_isString(in)) {
235
return ldif_read_objectGUID(ldb, mem_ctx, in, out);
237
return ldb_handler_copy(ldb, mem_ctx, in, out);
242
convert a ldif (SDDL) formatted ntSecurityDescriptor to a NDR formatted blob
244
static int ldif_read_ntSecurityDescriptor(struct ldb_context *ldb, void *mem_ctx,
245
const struct ldb_val *in, struct ldb_val *out)
247
struct security_descriptor *sd;
250
sd = sddl_decode(mem_ctx, (const char *)in->data, NULL);
254
status = ndr_push_struct_blob(out, mem_ctx, sd,
255
(ndr_push_flags_fn_t)ndr_push_security_descriptor);
257
if (!NT_STATUS_IS_OK(status)) {
264
convert a NDR formatted blob to a ldif formatted ntSecurityDescriptor (SDDL format)
266
static int ldif_write_ntSecurityDescriptor(struct ldb_context *ldb, void *mem_ctx,
267
const struct ldb_val *in, struct ldb_val *out)
269
struct security_descriptor *sd;
272
sd = talloc(mem_ctx, struct security_descriptor);
276
status = ndr_pull_struct_blob(in, sd, sd,
277
(ndr_pull_flags_fn_t)ndr_pull_security_descriptor);
278
if (!NT_STATUS_IS_OK(status)) {
282
out->data = (uint8_t *)sddl_encode(mem_ctx, sd, NULL);
284
if (out->data == NULL) {
287
out->length = strlen((const char *)out->data);
292
canonicolise an objectCategory. We use the short form as the cannoical form:
293
cn=Person,cn=Schema,cn=Configuration,<basedn> becomes 'person'
296
static int ldif_canonicalise_objectCategory(struct ldb_context *ldb, void *mem_ctx,
297
const struct ldb_val *in, struct ldb_val *out)
299
struct ldb_dn *dn1 = NULL;
302
dn1 = ldb_dn_explode(mem_ctx, (char *)in->data);
304
oc1 = talloc_strndup(mem_ctx, (char *)in->data, in->length);
305
} else if (ldb_dn_get_comp_num(dn1) >= 1 && strcasecmp(ldb_dn_get_rdn_name(dn1), "cn") == 0) {
306
const struct ldb_val *val = ldb_dn_get_rdn_val(dn1);
307
oc1 = talloc_strndup(mem_ctx, (char *)val->data, val->length);
312
oc2 = ldb_casefold(ldb, mem_ctx, oc1);
313
out->data = (void *)oc2;
314
out->length = strlen(oc2);
320
static int ldif_comparison_objectCategory(struct ldb_context *ldb, void *mem_ctx,
321
const struct ldb_val *v1,
322
const struct ldb_val *v2)
324
struct ldb_dn *dn1 = NULL, *dn2 = NULL;
325
const char *oc1, *oc2;
327
dn1 = ldb_dn_explode(mem_ctx, (char *)v1->data);
329
oc1 = talloc_strndup(mem_ctx, (char *)v1->data, v1->length);
330
} else if (ldb_dn_get_comp_num(dn1) >= 1 && strcasecmp(ldb_dn_get_rdn_name(dn1), "cn") == 0) {
331
const struct ldb_val *val = ldb_dn_get_rdn_val(dn1);
332
oc1 = talloc_strndup(mem_ctx, (char *)val->data, val->length);
337
dn2 = ldb_dn_explode(mem_ctx, (char *)v2->data);
339
oc2 = talloc_strndup(mem_ctx, (char *)v2->data, v2->length);
340
} else if (ldb_dn_get_comp_num(dn2) >= 2 && strcasecmp(ldb_dn_get_rdn_name(dn2), "cn") == 0) {
341
const struct ldb_val *val = ldb_dn_get_rdn_val(dn2);
342
oc2 = talloc_strndup(mem_ctx, (char *)val->data, val->length);
347
oc1 = ldb_casefold(ldb, mem_ctx, oc1);
348
oc2 = ldb_casefold(ldb, mem_ctx, oc2);
359
return strcmp(oc1, oc2);
362
static const struct ldb_attrib_handler samba_handlers[] = {
366
.ldif_read_fn = ldif_read_objectSid,
367
.ldif_write_fn = ldif_write_objectSid,
368
.canonicalise_fn = ldb_canonicalise_objectSid,
369
.comparison_fn = ldb_comparison_objectSid
372
.attr = "securityIdentifier",
374
.ldif_read_fn = ldif_read_objectSid,
375
.ldif_write_fn = ldif_write_objectSid,
376
.canonicalise_fn = ldb_canonicalise_objectSid,
377
.comparison_fn = ldb_comparison_objectSid
380
.attr = "ntSecurityDescriptor",
382
.ldif_read_fn = ldif_read_ntSecurityDescriptor,
383
.ldif_write_fn = ldif_write_ntSecurityDescriptor,
384
.canonicalise_fn = ldb_handler_copy,
385
.comparison_fn = ldb_comparison_binary
388
.attr = "objectGUID",
390
.ldif_read_fn = ldif_read_objectGUID,
391
.ldif_write_fn = ldif_write_objectGUID,
392
.canonicalise_fn = ldb_canonicalise_objectGUID,
393
.comparison_fn = ldb_comparison_objectGUID
396
.attr = "invocationId",
398
.ldif_read_fn = ldif_read_objectGUID,
399
.ldif_write_fn = ldif_write_objectGUID,
400
.canonicalise_fn = ldb_canonicalise_objectGUID,
401
.comparison_fn = ldb_comparison_objectGUID
404
.attr = "schemaIDGUID",
406
.ldif_read_fn = ldif_read_objectGUID,
407
.ldif_write_fn = ldif_write_objectGUID,
408
.canonicalise_fn = ldb_canonicalise_objectGUID,
409
.comparison_fn = ldb_comparison_objectGUID
412
.attr = "attributeSecurityGUID",
414
.ldif_read_fn = ldif_read_objectGUID,
415
.ldif_write_fn = ldif_write_objectGUID,
416
.canonicalise_fn = ldb_canonicalise_objectGUID,
417
.comparison_fn = ldb_comparison_objectGUID
420
.attr = "parentGUID",
422
.ldif_read_fn = ldif_read_objectGUID,
423
.ldif_write_fn = ldif_write_objectGUID,
424
.canonicalise_fn = ldb_canonicalise_objectGUID,
425
.comparison_fn = ldb_comparison_objectGUID
430
.ldif_read_fn = ldif_read_objectGUID,
431
.ldif_write_fn = ldif_write_objectGUID,
432
.canonicalise_fn = ldb_canonicalise_objectGUID,
433
.comparison_fn = ldb_comparison_objectGUID
438
.ldif_read_fn = ldif_read_objectGUID,
439
.ldif_write_fn = ldif_write_objectGUID,
440
.canonicalise_fn = ldb_canonicalise_objectGUID,
441
.comparison_fn = ldb_comparison_objectGUID
444
.attr = "fRSVersionGUID",
446
.ldif_read_fn = ldif_read_objectGUID,
447
.ldif_write_fn = ldif_write_objectGUID,
448
.canonicalise_fn = ldb_canonicalise_objectGUID,
449
.comparison_fn = ldb_comparison_objectGUID
452
.attr = "fRSReplicaSetGUID",
454
.ldif_read_fn = ldif_read_objectGUID,
455
.ldif_write_fn = ldif_write_objectGUID,
456
.canonicalise_fn = ldb_canonicalise_objectGUID,
457
.comparison_fn = ldb_comparison_objectGUID
460
.attr = "netbootGUID",
462
.ldif_read_fn = ldif_read_objectGUID,
463
.ldif_write_fn = ldif_write_objectGUID,
464
.canonicalise_fn = ldb_canonicalise_objectGUID,
465
.comparison_fn = ldb_comparison_objectGUID
468
.attr = "objectCategory",
470
.ldif_read_fn = ldb_handler_copy,
471
.ldif_write_fn = ldb_handler_copy,
472
.canonicalise_fn = ldif_canonicalise_objectCategory,
473
.comparison_fn = ldif_comparison_objectCategory,
478
register the samba ldif handlers
480
int ldb_register_samba_handlers(struct ldb_context *ldb)
482
return ldb_set_attrib_handlers(ldb, samba_handlers, ARRAY_SIZE(samba_handlers));