* Component: ldb extended dn control module
*
* Description: this module builds a special dn for returned search
- * results
+ * results, and fixes some other aspects of the result (returned case issues)
* values.
*
* Authors: Simo Sorce
struct extended_dn_out_private {
bool dereference;
+ bool normalise;
struct dsdb_openldap_dereference_control *dereference_control;
};
return true;
}
+/* Fix the DN so that the relative attribute names are in upper case so that the DN:
+ cn=Adminstrator,cn=users,dc=samba,dc=example,dc=com becomes
+ CN=Adminstrator,CN=users,DC=samba,DC=example,DC=com
+*/
+
+
+static int fix_dn(struct ldb_dn *dn)
+{
+ int i, ret;
+ char *upper_rdn_attr;
+
+ for (i=0; i < ldb_dn_get_comp_num(dn); i++) {
+ /* We need the attribute name in upper case */
+ upper_rdn_attr = strupper_talloc(dn,
+ ldb_dn_get_component_name(dn, i));
+ if (!upper_rdn_attr) {
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ /* And replace it with CN=foo (we need the attribute in upper case */
+ ret = ldb_dn_set_component(dn, i, upper_rdn_attr,
+ *ldb_dn_get_component_val(dn, i));
+ talloc_free(upper_rdn_attr);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+ }
+ return LDB_SUCCESS;
+}
+
+/* Inject the extended DN components, so the DN cn=Adminstrator,cn=users,dc=samba,dc=example,dc=com becomes
+ <GUID=541203ae-f7d6-47ef-8390-bfcf019f9583>;<SID=S-1-5-21-4177067393-1453636373-93818737-500>;cn=Adminstrator,cn=users,dc=samba,dc=example,dc=com */
+
static int inject_extended_dn_out(struct ldb_reply *ares,
struct ldb_context *ldb,
int type,
/* Look for this attribute in the returned control */
for (j = 0; dereference_attrs && dereference_attrs[j]; j++) {
- DATA_BLOB source_dn = data_blob_string_const(dereference_attrs[j]->dereferenced_dn);
- if (ldb_attr_cmp(dereference_attrs[j]->source_attribute, attr)
+ struct ldb_val source_dn = data_blob_string_const(dereference_attrs[j]->dereferenced_dn);
+ if (ldb_attr_cmp(dereference_attrs[j]->source_attribute, attr) == 0
&& data_blob_cmp(&source_dn, val) == 0) {
-
fake_msg.num_elements = dereference_attrs[j]->num_attributes;
fake_msg.elements = dereference_attrs[j]->attributes;
break;
if (!attribute) {
continue;
}
+
+ if (private->normalise) {
+ /* If we are also in 'normalise' mode, then
+ * fix the attribute names to be in the
+ * correct case */
+ msg->elements[i].name = talloc_strdup(msg->elements, attribute->lDAPDisplayName);
+ if (!msg->elements[i].name) {
+ ldb_oom(ac->module->ldb);
+ return ldb_module_done(ac->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR);
+ }
+ }
+
/* Look to see if this attributeSyntax is a DN */
if (strcmp(attribute->attributeSyntax_oid, "2.5.5.1") != 0) {
continue;
return ldb_module_done(ac->req, NULL, NULL, LDB_ERR_INVALID_DN_SYNTAX);
}
+ if (private->normalise) {
+ ret = fix_dn(dn);
+ if (ret != LDB_SUCCESS) {
+ return ldb_module_done(ac->req, NULL, NULL, ret);
+ }
+ }
+
/* If we are running in dereference mode (such
* as against OpenLDAP) then the DN in the msg
* above does not contain the extended values,
msg->elements[i].name,
&msg->elements[i].values[j]);
if (ret != LDB_SUCCESS) {
-
return ldb_module_done(ac->req, NULL, NULL, ret);
}
}
-
+
if (!ac->inject) {
dn_str = talloc_steal(msg->elements[i].values,
ldb_dn_get_linearized(dn));
ldb_dn_get_extended_linearized(msg->elements[i].values,
dn, ac->extended_type));
}
+ if (!dn_str) {
+ ldb_oom(ac->module->ldb);
+ return ldb_module_done(ac->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR);
+ }
msg->elements[i].values[j] = data_blob_string_const(dn_str);
talloc_free(dn);
}
private->dereference = true;
+ /* At the moment, servers that need dereference also need the
+ * DN and attribute names to be normalised */
+ private->normalise = true;
+
ret = ldb_mod_register_control(module, LDB_CONTROL_EXTENDED_DN_OID);
if (ret != LDB_SUCCESS) {
ldb_debug(module->ldb, LDB_DEBUG_ERROR,