4 Copyright (C) Simo Sorce 2005
6 ** NOTE! The following LGPL license applies to the ldb
7 ** library. This does NOT imply that all of Samba is released
10 This library is free software; you can redistribute it and/or
11 modify it under the terms of the GNU Lesser General Public
12 License as published by the Free Software Foundation; either
13 version 3 of the License, or (at your option) any later version.
15 This library is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 Lesser General Public License for more details.
20 You should have received a copy of the GNU Lesser General Public
21 License along with this library; if not, see <http://www.gnu.org/licenses/>.
27 * Component: ldb dn creation and manipulation utility functions
29 * Description: - explode a dn into it's own basic elements
30 * and put them in a structure (only if necessary)
31 * - manipulate ldb_dn structures
36 #include "ldb_private.h"
39 #define LDB_DN_NULL_FAILED(x) if (!(x)) goto failed
41 #define LDB_FREE(x) do { talloc_free(x); x = NULL; } while(0)
44 internal ldb exploded dn structures
46 struct ldb_dn_component {
52 struct ldb_val cf_value;
55 struct ldb_dn_ext_component {
63 struct ldb_context *ldb;
65 /* Special DNs are always linearized */
75 unsigned int comp_num;
76 struct ldb_dn_component *components;
78 unsigned int ext_comp_num;
79 struct ldb_dn_ext_component *ext_components;
82 /* it is helpful to be able to break on this in gdb */
83 static void ldb_dn_mark_invalid(struct ldb_dn *dn)
88 /* strdn may be NULL */
89 struct ldb_dn *ldb_dn_from_ldb_val(TALLOC_CTX *mem_ctx,
90 struct ldb_context *ldb,
91 const struct ldb_val *strdn)
95 if (ldb == NULL || strdn == NULL) {
99 && (strnlen((const char*)strdn->data, strdn->length) != strdn->length)) {
100 /* The RDN must not contain a character with value 0x0 */
104 dn = talloc_zero(mem_ctx, struct ldb_dn);
105 LDB_DN_NULL_FAILED(dn);
107 dn->ldb = talloc_get_type(ldb, struct ldb_context);
108 if (dn->ldb == NULL) {
109 /* the caller probably got the arguments to
110 ldb_dn_new() mixed up */
115 if (strdn->data && strdn->length) {
116 const char *data = (const char *)strdn->data;
117 size_t length = strdn->length;
119 if (data[0] == '@') {
122 dn->ext_linearized = talloc_strndup(dn, data, length);
123 LDB_DN_NULL_FAILED(dn->ext_linearized);
125 if (data[0] == '<') {
126 const char *p_save, *p = dn->ext_linearized;
135 if (p_save == dn->ext_linearized) {
136 dn->linearized = talloc_strdup(dn, "");
138 dn->linearized = talloc_strdup(dn, p_save);
140 LDB_DN_NULL_FAILED(dn->linearized);
142 dn->linearized = dn->ext_linearized;
143 dn->ext_linearized = NULL;
146 dn->linearized = talloc_strdup(dn, "");
147 LDB_DN_NULL_FAILED(dn->linearized);
157 /* strdn may be NULL */
158 struct ldb_dn *ldb_dn_new(TALLOC_CTX *mem_ctx,
159 struct ldb_context *ldb,
163 blob.data = discard_const_p(uint8_t, strdn);
164 blob.length = strdn ? strlen(strdn) : 0;
165 return ldb_dn_from_ldb_val(mem_ctx, ldb, &blob);
168 struct ldb_dn *ldb_dn_new_fmt(TALLOC_CTX *mem_ctx,
169 struct ldb_context *ldb,
170 const char *new_fmt, ...)
175 if (! ldb) return NULL;
177 va_start(ap, new_fmt);
178 strdn = talloc_vasprintf(mem_ctx, new_fmt, ap);
182 struct ldb_dn *dn = ldb_dn_new(mem_ctx, ldb, strdn);
190 /* see RFC2253 section 2.4 */
191 static int ldb_dn_escape_internal(char *dst, const char *src, int len)
198 for (i = 0; i < len; i++){
202 if (i == 0 || i == len - 1) {
203 /* if at the beginning or end
204 * of the string then escape */
208 /* otherwise don't escape */
214 /* despite the RFC, windows escapes a #
215 anywhere in the string */
223 /* these must be escaped using \c form */
233 /* any others get \XX form */
235 const char *hexbytes = "0123456789ABCDEF";
236 v = (const unsigned char)c;
238 *d++ = hexbytes[v>>4];
239 *d++ = hexbytes[v&0xF];
247 /* return the length of the resulting string */
251 char *ldb_dn_escape_value(TALLOC_CTX *mem_ctx, struct ldb_val value)
258 /* allocate destination string, it will be at most 3 times the source */
259 dst = talloc_array(mem_ctx, char, value.length * 3 + 1);
265 len = ldb_dn_escape_internal(dst, (const char *)value.data, value.length);
267 dst = talloc_realloc(mem_ctx, dst, char, len + 1);
277 explode a DN string into a ldb_dn structure
278 based on RFC4514 except that we don't support multiple valued RDNs
280 TODO: according to MS-ADTS:3.1.1.5.2 Naming Constraints
281 DN must be compliant with RFC2253
283 static bool ldb_dn_explode(struct ldb_dn *dn)
285 char *p, *ex_name = NULL, *ex_value = NULL, *data, *d, *dt, *t;
287 bool in_extended = true;
288 bool in_ex_name = false;
289 bool in_ex_value = false;
290 bool in_attr = false;
291 bool in_value = false;
292 bool in_quote = false;
301 if ( ! dn || dn->invalid) return false;
303 if (dn->components) {
307 if (dn->ext_linearized) {
308 parse_dn = dn->ext_linearized;
310 parse_dn = dn->linearized;
317 is_index = (strncmp(parse_dn, "DN=@INDEX:", 10) == 0);
320 if (parse_dn[0] == '\0') {
324 /* Special DNs case */
329 LDB_FREE(dn->ext_components);
330 dn->ext_comp_num = 0;
333 /* in the common case we have 3 or more components */
334 /* make sure all components are zeroed, other functions depend on it */
335 dn->components = talloc_zero_array(dn, struct ldb_dn_component, 3);
336 if ( ! dn->components) {
340 /* Components data space is allocated here once */
341 data = talloc_array(dn->components, char, strlen(parse_dn) + 1);
353 if (!in_ex_name && !in_ex_value) {
369 if (in_ex_name && *p == '=') {
378 if (in_ex_value && *p == '>') {
379 struct ldb_dn_ext_component *ext_comp = NULL;
380 const struct ldb_dn_extended_syntax *ext_syntax;
381 struct ldb_val ex_val = {
382 .data = (uint8_t *)ex_value,
383 .length = d - ex_value
390 /* Process name and ex_value */
392 ext_comp = talloc_realloc(
395 struct ldb_dn_ext_component,
396 dn->ext_comp_num + 1);
398 if (ext_comp == NULL) {
403 dn->ext_components = ext_comp;
405 ext_syntax = ldb_dn_extended_syntax_by_name(dn->ldb, ex_name);
407 /* We don't know about this type of extended DN */
411 dn->ext_components[dn->ext_comp_num].name = ext_syntax->name;
412 ret = ext_syntax->read_fn(dn->ldb, dn->ext_components,
413 &ex_val, &dn->ext_components[dn->ext_comp_num].value);
414 if (ret != LDB_SUCCESS) {
415 ldb_dn_mark_invalid(dn);
422 /* We have reached the end (extended component only)! */
426 } else if (*p == ';') {
430 ldb_dn_mark_invalid(dn);
449 /* attr names must be ascii only */
450 ldb_dn_mark_invalid(dn);
457 if ( ! isalpha(*p)) {
458 /* not a digit nor an alpha,
459 * invalid attribute name */
460 ldb_dn_mark_invalid(dn);
464 /* Copy this character across from parse_dn,
465 * now we have trimmed out spaces */
472 /* valid only if we are at the end */
478 /* attribute terminated */
484 /* Terminate this string in d
485 * (which is a copy of parse_dn
486 * with spaces trimmed) */
488 dn->components[dn->comp_num].name = talloc_strdup(dn->components, dt);
489 if ( ! dn->components[dn->comp_num].name) {
501 /* attr names must be ascii only */
502 ldb_dn_mark_invalid(dn);
506 if (is_oid && ( ! (isdigit(*p) || (*p == '.')))) {
507 /* not a digit nor a dot,
508 * invalid attribute oid */
509 ldb_dn_mark_invalid(dn);
512 if ( ! (isalpha(*p) || isdigit(*p) || (*p == '-'))) {
513 /* not ALPHA, DIGIT or HYPHEN */
514 ldb_dn_mark_invalid(dn);
554 /* TODO: support ber encoded values
565 /* ok found value terminator */
581 * This talloc_memdup() is OK with the
582 * +1 because *d has been set to '\0'
585 dn->components[dn->comp_num].value.data = \
586 (uint8_t *)talloc_memdup(dn->components, dt, l + 1);
587 dn->components[dn->comp_num].value.length = l;
588 if ( ! dn->components[dn->comp_num].value.data) {
592 talloc_set_name_const(dn->components[dn->comp_num].value.data,
593 (const char *)dn->components[dn->comp_num].value.data);
598 if (dn->comp_num > 2) {
599 dn->components = talloc_realloc(dn,
601 struct ldb_dn_component,
603 if ( ! dn->components) {
607 /* make sure all components are zeroed, other functions depend on this */
608 memset(&dn->components[dn->comp_num], '\0', sizeof(struct ldb_dn_component));
615 /* to main compatibility with earlier
616 versions of ldb indexing, we have to
617 accept the base64 encoded binary index
618 values, which contain a '+' or '='
619 which should normally be escaped */
632 /* a string with not escaped specials is invalid (tested) */
634 ldb_dn_mark_invalid(dn);
661 if (isxdigit(p[0]) && isxdigit(p[1])) {
662 if (sscanf(p, "%02x", &x) != 1) {
663 /* invalid escaping sequence */
664 ldb_dn_mark_invalid(dn);
668 *d++ = (unsigned char)x;
694 if (in_attr || in_quote) {
696 ldb_dn_mark_invalid(dn);
700 /* save last element */
709 * This talloc_memdup() is OK with the
710 * +1 because *d has been set to '\0'
713 dn->components[dn->comp_num].value.length = l;
714 dn->components[dn->comp_num].value.data =
715 (uint8_t *)talloc_memdup(dn->components, dt, l + 1);
716 if ( ! dn->components[dn->comp_num].value.data) {
720 talloc_set_name_const(dn->components[dn->comp_num].value.data,
721 (const char *)dn->components[dn->comp_num].value.data);
729 LDB_FREE(dn->components); /* "data" is implicitly free'd */
731 LDB_FREE(dn->ext_components);
732 dn->ext_comp_num = 0;
737 bool ldb_dn_validate(struct ldb_dn *dn)
739 return ldb_dn_explode(dn);
742 const char *ldb_dn_get_linearized(struct ldb_dn *dn)
748 if ( ! dn || ( dn->invalid)) return NULL;
750 if (dn->linearized) return dn->linearized;
752 if ( ! dn->components) {
753 ldb_dn_mark_invalid(dn);
757 if (dn->comp_num == 0) {
758 dn->linearized = talloc_strdup(dn, "");
759 if ( ! dn->linearized) return NULL;
760 return dn->linearized;
763 /* calculate maximum possible length of DN */
764 for (len = 0, i = 0; i < dn->comp_num; i++) {
766 len += strlen(dn->components[i].name);
767 /* max escaped data len */
768 len += (dn->components[i].value.length * 3);
769 len += 2; /* '=' and ',' */
771 dn->linearized = talloc_array(dn, char, len);
772 if ( ! dn->linearized) return NULL;
776 for (i = 0; i < dn->comp_num; i++) {
779 n = dn->components[i].name;
780 while (*n) *d++ = *n++;
785 d += ldb_dn_escape_internal( d,
786 (char *)dn->components[i].value.data,
787 dn->components[i].value.length);
793 /* don't waste more memory than necessary */
794 dn->linearized = talloc_realloc(dn, dn->linearized,
795 char, (d - dn->linearized + 1));
797 return dn->linearized;
800 static int ldb_dn_extended_component_compare(const void *p1, const void *p2)
802 const struct ldb_dn_ext_component *ec1 = (const struct ldb_dn_ext_component *)p1;
803 const struct ldb_dn_ext_component *ec2 = (const struct ldb_dn_ext_component *)p2;
804 return strcmp(ec1->name, ec2->name);
807 char *ldb_dn_get_extended_linearized(TALLOC_CTX *mem_ctx, struct ldb_dn *dn, int mode)
809 const char *linearized = ldb_dn_get_linearized(dn);
817 if (!ldb_dn_has_extended(dn)) {
818 return talloc_strdup(mem_ctx, linearized);
821 if (!ldb_dn_validate(dn)) {
825 /* sort the extended components by name. The idea is to make
826 * the resulting DNs consistent, plus to ensure that we put
827 * 'DELETED' first, so it can be very quickly recognised
829 TYPESAFE_QSORT(dn->ext_components, dn->ext_comp_num,
830 ldb_dn_extended_component_compare);
832 for (i = 0; i < dn->ext_comp_num; i++) {
833 const struct ldb_dn_extended_syntax *ext_syntax;
834 const char *name = dn->ext_components[i].name;
835 struct ldb_val ec_val = dn->ext_components[i].value;
839 ext_syntax = ldb_dn_extended_syntax_by_name(dn->ldb, name);
845 ret = ext_syntax->write_clear_fn(dn->ldb, mem_ctx,
847 } else if (mode == 0) {
848 ret = ext_syntax->write_hex_fn(dn->ldb, mem_ctx,
854 if (ret != LDB_SUCCESS) {
859 p = talloc_asprintf(mem_ctx, "<%s=%s>",
862 p = talloc_asprintf_append_buffer(p, ";<%s=%s>",
866 talloc_free(val.data);
873 if (dn->ext_comp_num && *linearized) {
874 p = talloc_asprintf_append_buffer(p, ";%s", linearized);
885 filter out all but an acceptable list of extended DN components
887 void ldb_dn_extended_filter(struct ldb_dn *dn, const char * const *accept_list)
890 for (i=0; i<dn->ext_comp_num; i++) {
891 if (!ldb_attr_in_list(accept_list, dn->ext_components[i].name)) {
892 memmove(&dn->ext_components[i],
893 &dn->ext_components[i+1],
894 (dn->ext_comp_num-(i+1))*sizeof(dn->ext_components[0]));
899 LDB_FREE(dn->ext_linearized);
903 char *ldb_dn_alloc_linearized(TALLOC_CTX *mem_ctx, struct ldb_dn *dn)
905 return talloc_strdup(mem_ctx, ldb_dn_get_linearized(dn));
909 casefold a dn. We need to casefold the attribute names, and canonicalize
910 attribute values of case insensitive attributes.
913 static bool ldb_dn_casefold_internal(struct ldb_dn *dn)
918 if ( ! dn || dn->invalid) return false;
920 if (dn->valid_case) return true;
922 if (( ! dn->components) && ( ! ldb_dn_explode(dn))) {
926 for (i = 0; i < dn->comp_num; i++) {
927 const struct ldb_schema_attribute *a;
929 dn->components[i].cf_name =
930 ldb_attr_casefold(dn->components,
931 dn->components[i].name);
932 if (!dn->components[i].cf_name) {
936 a = ldb_schema_attribute_by_name(dn->ldb,
937 dn->components[i].cf_name);
939 ret = a->syntax->canonicalise_fn(dn->ldb, dn->components,
940 &(dn->components[i].value),
941 &(dn->components[i].cf_value));
947 dn->valid_case = true;
952 for (i = 0; i < dn->comp_num; i++) {
953 LDB_FREE(dn->components[i].cf_name);
954 LDB_FREE(dn->components[i].cf_value.data);
959 const char *ldb_dn_get_casefold(struct ldb_dn *dn)
965 if (dn->casefold) return dn->casefold;
968 dn->casefold = talloc_strdup(dn, dn->linearized);
969 if (!dn->casefold) return NULL;
970 dn->valid_case = true;
974 if ( ! ldb_dn_casefold_internal(dn)) {
978 if (dn->comp_num == 0) {
979 dn->casefold = talloc_strdup(dn, "");
983 /* calculate maximum possible length of DN */
984 for (len = 0, i = 0; i < dn->comp_num; i++) {
986 len += strlen(dn->components[i].cf_name);
987 /* max escaped data len */
988 len += (dn->components[i].cf_value.length * 3);
989 len += 2; /* '=' and ',' */
991 dn->casefold = talloc_array(dn, char, len);
992 if ( ! dn->casefold) return NULL;
996 for (i = 0; i < dn->comp_num; i++) {
999 n = dn->components[i].cf_name;
1000 while (*n) *d++ = *n++;
1005 d += ldb_dn_escape_internal( d,
1006 (char *)dn->components[i].cf_value.data,
1007 dn->components[i].cf_value.length);
1012 /* don't waste more memory than necessary */
1013 dn->casefold = talloc_realloc(dn, dn->casefold,
1014 char, strlen(dn->casefold) + 1);
1016 return dn->casefold;
1019 char *ldb_dn_alloc_casefold(TALLOC_CTX *mem_ctx, struct ldb_dn *dn)
1021 return talloc_strdup(mem_ctx, ldb_dn_get_casefold(dn));
1024 /* Determine if dn is below base, in the ldap tree. Used for
1025 * evaluating a subtree search.
1026 * 0 if they match, otherwise non-zero
1029 int ldb_dn_compare_base(struct ldb_dn *base, struct ldb_dn *dn)
1032 unsigned int n_base, n_dn;
1034 if ( ! base || base->invalid) return 1;
1035 if ( ! dn || dn->invalid) return -1;
1037 if (( ! base->valid_case) || ( ! dn->valid_case)) {
1038 if (base->linearized && dn->linearized && dn->special == base->special) {
1039 /* try with a normal compare first, if we are lucky
1040 * we will avoid exploding and casfolding */
1042 dif = strlen(dn->linearized) - strlen(base->linearized);
1046 if (strcmp(base->linearized,
1047 &dn->linearized[dif]) == 0) {
1052 if ( ! ldb_dn_casefold_internal(base)) {
1056 if ( ! ldb_dn_casefold_internal(dn)) {
1062 /* if base has more components,
1063 * they don't have the same base */
1064 if (base->comp_num > dn->comp_num) {
1065 return (dn->comp_num - base->comp_num);
1068 if ((dn->comp_num == 0) || (base->comp_num == 0)) {
1069 if (dn->special && base->special) {
1070 return strcmp(base->linearized, dn->linearized);
1071 } else if (dn->special) {
1073 } else if (base->special) {
1080 n_base = base->comp_num - 1;
1081 n_dn = dn->comp_num - 1;
1083 while (n_base != (unsigned int) -1) {
1084 char *b_name = base->components[n_base].cf_name;
1085 char *dn_name = dn->components[n_dn].cf_name;
1087 char *b_vdata = (char *)base->components[n_base].cf_value.data;
1088 char *dn_vdata = (char *)dn->components[n_dn].cf_value.data;
1090 size_t b_vlen = base->components[n_base].cf_value.length;
1091 size_t dn_vlen = dn->components[n_dn].cf_value.length;
1093 /* compare attr names */
1094 ret = strcmp(b_name, dn_name);
1095 if (ret != 0) return ret;
1097 /* compare attr.cf_value. */
1098 if (b_vlen != dn_vlen) {
1099 return b_vlen - dn_vlen;
1101 ret = strncmp(b_vdata, dn_vdata, b_vlen);
1102 if (ret != 0) return ret;
1111 /* compare DNs using casefolding compare functions.
1113 If they match, then return 0
1116 int ldb_dn_compare(struct ldb_dn *dn0, struct ldb_dn *dn1)
1121 if (( ! dn0) || dn0->invalid || ! dn1 || dn1->invalid) {
1125 if (( ! dn0->valid_case) || ( ! dn1->valid_case)) {
1126 if (dn0->linearized && dn1->linearized) {
1127 /* try with a normal compare first, if we are lucky
1128 * we will avoid exploding and casfolding */
1129 if (strcmp(dn0->linearized, dn1->linearized) == 0) {
1134 if ( ! ldb_dn_casefold_internal(dn0)) {
1138 if ( ! ldb_dn_casefold_internal(dn1)) {
1144 if (dn0->comp_num != dn1->comp_num) {
1145 return (dn1->comp_num - dn0->comp_num);
1148 if (dn0->comp_num == 0) {
1149 if (dn0->special && dn1->special) {
1150 return strcmp(dn0->linearized, dn1->linearized);
1151 } else if (dn0->special) {
1153 } else if (dn1->special) {
1160 for (i = 0; i < dn0->comp_num; i++) {
1161 char *dn0_name = dn0->components[i].cf_name;
1162 char *dn1_name = dn1->components[i].cf_name;
1164 char *dn0_vdata = (char *)dn0->components[i].cf_value.data;
1165 char *dn1_vdata = (char *)dn1->components[i].cf_value.data;
1167 size_t dn0_vlen = dn0->components[i].cf_value.length;
1168 size_t dn1_vlen = dn1->components[i].cf_value.length;
1170 /* compare attr names */
1171 ret = strcmp(dn0_name, dn1_name);
1176 /* compare attr.cf_value. */
1177 if (dn0_vlen != dn1_vlen) {
1178 return dn0_vlen - dn1_vlen;
1180 ret = strncmp(dn0_vdata, dn1_vdata, dn0_vlen);
1189 static struct ldb_dn_component ldb_dn_copy_component(
1190 TALLOC_CTX *mem_ctx,
1191 struct ldb_dn_component *src)
1193 struct ldb_dn_component dst;
1195 memset(&dst, 0, sizeof(dst));
1201 dst.value = ldb_val_dup(mem_ctx, &(src->value));
1202 if (dst.value.data == NULL) {
1206 dst.name = talloc_strdup(mem_ctx, src->name);
1207 if (dst.name == NULL) {
1208 LDB_FREE(dst.value.data);
1212 if (src->cf_value.data) {
1213 dst.cf_value = ldb_val_dup(mem_ctx, &(src->cf_value));
1214 if (dst.cf_value.data == NULL) {
1215 LDB_FREE(dst.value.data);
1220 dst.cf_name = talloc_strdup(mem_ctx, src->cf_name);
1221 if (dst.cf_name == NULL) {
1222 LDB_FREE(dst.cf_name);
1223 LDB_FREE(dst.value.data);
1228 dst.cf_value.data = NULL;
1235 static struct ldb_dn_ext_component ldb_dn_ext_copy_component(
1236 TALLOC_CTX *mem_ctx,
1237 struct ldb_dn_ext_component *src)
1239 struct ldb_dn_ext_component dst;
1241 memset(&dst, 0, sizeof(dst));
1247 dst.value = ldb_val_dup(mem_ctx, &(src->value));
1248 if (dst.value.data == NULL) {
1252 dst.name = talloc_strdup(mem_ctx, src->name);
1253 if (dst.name == NULL) {
1254 LDB_FREE(dst.value.data);
1261 struct ldb_dn *ldb_dn_copy(TALLOC_CTX *mem_ctx, struct ldb_dn *dn)
1263 struct ldb_dn *new_dn;
1265 if (!dn || dn->invalid) {
1269 new_dn = talloc_zero(mem_ctx, struct ldb_dn);
1276 if (dn->components) {
1279 new_dn->components =
1280 talloc_zero_array(new_dn,
1281 struct ldb_dn_component,
1283 if ( ! new_dn->components) {
1284 talloc_free(new_dn);
1288 for (i = 0; i < dn->comp_num; i++) {
1289 new_dn->components[i] =
1290 ldb_dn_copy_component(new_dn->components,
1291 &dn->components[i]);
1292 if ( ! new_dn->components[i].value.data) {
1293 talloc_free(new_dn);
1299 if (dn->ext_components) {
1302 new_dn->ext_components =
1303 talloc_zero_array(new_dn,
1304 struct ldb_dn_ext_component,
1306 if ( ! new_dn->ext_components) {
1307 talloc_free(new_dn);
1311 for (i = 0; i < dn->ext_comp_num; i++) {
1312 new_dn->ext_components[i] =
1313 ldb_dn_ext_copy_component(
1314 new_dn->ext_components,
1315 &dn->ext_components[i]);
1316 if ( ! new_dn->ext_components[i].value.data) {
1317 talloc_free(new_dn);
1324 new_dn->casefold = talloc_strdup(new_dn, dn->casefold);
1325 if ( ! new_dn->casefold) {
1326 talloc_free(new_dn);
1331 if (dn->linearized) {
1332 new_dn->linearized = talloc_strdup(new_dn, dn->linearized);
1333 if ( ! new_dn->linearized) {
1334 talloc_free(new_dn);
1339 if (dn->ext_linearized) {
1340 new_dn->ext_linearized = talloc_strdup(new_dn,
1341 dn->ext_linearized);
1342 if ( ! new_dn->ext_linearized) {
1343 talloc_free(new_dn);
1351 /* modify the given dn by adding a base.
1353 * return true if successful and false if not
1354 * if false is returned the dn may be marked invalid
1356 bool ldb_dn_add_base(struct ldb_dn *dn, struct ldb_dn *base)
1361 if ( !base || base->invalid || !dn || dn->invalid) {
1366 return false; /* or we will visit infinity */
1369 if (dn->components) {
1372 if ( ! ldb_dn_validate(base)) {
1377 if (dn->valid_case) {
1378 if ( ! (s = ldb_dn_get_casefold(base))) {
1383 dn->components = talloc_realloc(dn,
1385 struct ldb_dn_component,
1386 dn->comp_num + base->comp_num);
1387 if ( ! dn->components) {
1388 ldb_dn_mark_invalid(dn);
1392 for (i = 0; i < base->comp_num; dn->comp_num++, i++) {
1393 dn->components[dn->comp_num] =
1394 ldb_dn_copy_component(dn->components,
1395 &base->components[i]);
1396 if (dn->components[dn->comp_num].value.data == NULL) {
1397 ldb_dn_mark_invalid(dn);
1402 if (dn->casefold && s) {
1403 if (*dn->casefold) {
1404 t = talloc_asprintf(dn, "%s,%s",
1407 t = talloc_strdup(dn, s);
1409 LDB_FREE(dn->casefold);
1414 if (dn->linearized) {
1416 s = ldb_dn_get_linearized(base);
1421 if (*dn->linearized) {
1422 t = talloc_asprintf(dn, "%s,%s",
1425 t = talloc_strdup(dn, s);
1428 ldb_dn_mark_invalid(dn);
1431 LDB_FREE(dn->linearized);
1435 /* Wipe the ext_linearized DN,
1436 * the GUID and SID are almost certainly no longer valid */
1437 LDB_FREE(dn->ext_linearized);
1438 LDB_FREE(dn->ext_components);
1439 dn->ext_comp_num = 0;
1444 /* modify the given dn by adding a base.
1446 * return true if successful and false if not
1447 * if false is returned the dn may be marked invalid
1449 bool ldb_dn_add_base_fmt(struct ldb_dn *dn, const char *base_fmt, ...)
1451 struct ldb_dn *base;
1456 if ( !dn || dn->invalid) {
1460 va_start(ap, base_fmt);
1461 base_str = talloc_vasprintf(dn, base_fmt, ap);
1464 if (base_str == NULL) {
1468 base = ldb_dn_new(base_str, dn->ldb, base_str);
1470 ret = ldb_dn_add_base(dn, base);
1472 talloc_free(base_str);
1477 /* modify the given dn by adding children elements.
1479 * return true if successful and false if not
1480 * if false is returned the dn may be marked invalid
1482 bool ldb_dn_add_child(struct ldb_dn *dn, struct ldb_dn *child)
1487 if ( !child || child->invalid || !dn || dn->invalid) {
1491 if (dn->components) {
1495 if (dn->comp_num == 0) {
1499 if ( ! ldb_dn_validate(child)) {
1504 if (dn->valid_case) {
1505 if ( ! (s = ldb_dn_get_casefold(child))) {
1510 n = dn->comp_num + child->comp_num;
1512 dn->components = talloc_realloc(dn,
1514 struct ldb_dn_component,
1516 if ( ! dn->components) {
1517 ldb_dn_mark_invalid(dn);
1521 for (i = dn->comp_num - 1, j = n - 1; i != (unsigned int) -1;
1523 dn->components[j] = dn->components[i];
1526 for (i = 0; i < child->comp_num; i++) {
1528 ldb_dn_copy_component(dn->components,
1529 &child->components[i]);
1530 if (dn->components[i].value.data == NULL) {
1531 ldb_dn_mark_invalid(dn);
1538 if (dn->casefold && s) {
1539 t = talloc_asprintf(dn, "%s,%s", s, dn->casefold);
1540 LDB_FREE(dn->casefold);
1545 if (dn->linearized) {
1546 if (dn->linearized[0] == '\0') {
1550 s = ldb_dn_get_linearized(child);
1555 t = talloc_asprintf(dn, "%s,%s", s, dn->linearized);
1557 ldb_dn_mark_invalid(dn);
1560 LDB_FREE(dn->linearized);
1564 /* Wipe the ext_linearized DN,
1565 * the GUID and SID are almost certainly no longer valid */
1566 LDB_FREE(dn->ext_linearized);
1567 LDB_FREE(dn->ext_components);
1568 dn->ext_comp_num = 0;
1573 /* modify the given dn by adding children elements.
1575 * return true if successful and false if not
1576 * if false is returned the dn may be marked invalid
1578 bool ldb_dn_add_child_fmt(struct ldb_dn *dn, const char *child_fmt, ...)
1580 struct ldb_dn *child;
1585 if ( !dn || dn->invalid) {
1589 va_start(ap, child_fmt);
1590 child_str = talloc_vasprintf(dn, child_fmt, ap);
1593 if (child_str == NULL) {
1597 child = ldb_dn_new(child_str, dn->ldb, child_str);
1599 ret = ldb_dn_add_child(dn, child);
1601 talloc_free(child_str);
1606 /* modify the given dn by adding a single child element.
1608 * return true if successful and false if not
1609 * if false is returned the dn may be marked invalid
1611 bool ldb_dn_add_child_val(struct ldb_dn *dn,
1613 struct ldb_val value)
1617 struct ldb_dn *child = NULL;
1619 if ( !dn || dn->invalid) {
1623 child = ldb_dn_new(dn, dn->ldb, "X=Y");
1624 ret = ldb_dn_add_child(dn, child);
1630 ldb_ret = ldb_dn_set_component(dn,
1634 if (ldb_ret != LDB_SUCCESS) {
1641 bool ldb_dn_remove_base_components(struct ldb_dn *dn, unsigned int num)
1645 if ( ! ldb_dn_validate(dn)) {
1649 if (dn->comp_num < num) {
1653 /* free components */
1654 for (i = dn->comp_num - num; i < dn->comp_num; i++) {
1655 LDB_FREE(dn->components[i].name);
1656 LDB_FREE(dn->components[i].value.data);
1657 LDB_FREE(dn->components[i].cf_name);
1658 LDB_FREE(dn->components[i].cf_value.data);
1661 dn->comp_num -= num;
1663 if (dn->valid_case) {
1664 for (i = 0; i < dn->comp_num; i++) {
1665 LDB_FREE(dn->components[i].cf_name);
1666 LDB_FREE(dn->components[i].cf_value.data);
1668 dn->valid_case = false;
1671 LDB_FREE(dn->casefold);
1672 LDB_FREE(dn->linearized);
1674 /* Wipe the ext_linearized DN,
1675 * the GUID and SID are almost certainly no longer valid */
1676 LDB_FREE(dn->ext_linearized);
1677 LDB_FREE(dn->ext_components);
1678 dn->ext_comp_num = 0;
1683 bool ldb_dn_remove_child_components(struct ldb_dn *dn, unsigned int num)
1687 if ( ! ldb_dn_validate(dn)) {
1691 if (dn->comp_num < num) {
1695 for (i = 0, j = num; j < dn->comp_num; i++, j++) {
1697 LDB_FREE(dn->components[i].name);
1698 LDB_FREE(dn->components[i].value.data);
1699 LDB_FREE(dn->components[i].cf_name);
1700 LDB_FREE(dn->components[i].cf_value.data);
1702 dn->components[i] = dn->components[j];
1705 dn->comp_num -= num;
1707 if (dn->valid_case) {
1708 for (i = 0; i < dn->comp_num; i++) {
1709 LDB_FREE(dn->components[i].cf_name);
1710 LDB_FREE(dn->components[i].cf_value.data);
1712 dn->valid_case = false;
1715 LDB_FREE(dn->casefold);
1716 LDB_FREE(dn->linearized);
1718 /* Wipe the ext_linearized DN,
1719 * the GUID and SID are almost certainly no longer valid */
1720 LDB_FREE(dn->ext_linearized);
1721 LDB_FREE(dn->ext_components);
1722 dn->ext_comp_num = 0;
1728 /* replace the components of a DN with those from another DN, without
1729 * touching the extended components
1731 * return true if successful and false if not
1732 * if false is returned the dn may be marked invalid
1734 bool ldb_dn_replace_components(struct ldb_dn *dn, struct ldb_dn *new_dn)
1738 if ( ! ldb_dn_validate(dn) || ! ldb_dn_validate(new_dn)) {
1742 /* free components */
1743 for (i = 0; i < dn->comp_num; i++) {
1744 LDB_FREE(dn->components[i].name);
1745 LDB_FREE(dn->components[i].value.data);
1746 LDB_FREE(dn->components[i].cf_name);
1747 LDB_FREE(dn->components[i].cf_value.data);
1750 dn->components = talloc_realloc(dn,
1752 struct ldb_dn_component,
1754 if (dn->components == NULL) {
1755 ldb_dn_mark_invalid(dn);
1759 dn->comp_num = new_dn->comp_num;
1760 dn->valid_case = new_dn->valid_case;
1762 for (i = 0; i < dn->comp_num; i++) {
1763 dn->components[i] = ldb_dn_copy_component(dn->components, &new_dn->components[i]);
1764 if (dn->components[i].name == NULL) {
1765 ldb_dn_mark_invalid(dn);
1769 if (new_dn->linearized == NULL) {
1770 dn->linearized = NULL;
1772 dn->linearized = talloc_strdup(dn, new_dn->linearized);
1773 if (dn->linearized == NULL) {
1774 ldb_dn_mark_invalid(dn);
1783 struct ldb_dn *ldb_dn_get_parent(TALLOC_CTX *mem_ctx, struct ldb_dn *dn)
1785 struct ldb_dn *new_dn;
1787 new_dn = ldb_dn_copy(mem_ctx, dn);
1792 if ( ! ldb_dn_remove_child_components(new_dn, 1)) {
1793 talloc_free(new_dn);
1800 /* Create a 'canonical name' string from a DN:
1802 ie dc=samba,dc=org -> samba.org/
1803 uid=administrator,ou=users,dc=samba,dc=org = samba.org/users/administrator
1805 There are two formats,
1806 the EX format has the last '/' replaced with a newline (\n).
1809 static char *ldb_dn_canonical(TALLOC_CTX *mem_ctx, struct ldb_dn *dn, int ex_format) {
1812 char *cracked = NULL;
1813 const char *format = (ex_format ? "\n" : "/" );
1815 if ( ! ldb_dn_validate(dn)) {
1819 tmpctx = talloc_new(mem_ctx);
1821 /* Walk backwards down the DN, grabbing 'dc' components at first */
1822 for (i = dn->comp_num - 1; i != (unsigned int) -1; i--) {
1823 if (ldb_attr_cmp(dn->components[i].name, "dc") != 0) {
1827 cracked = talloc_asprintf(tmpctx, "%s.%s",
1828 ldb_dn_escape_value(tmpctx,
1829 dn->components[i].value),
1832 cracked = ldb_dn_escape_value(tmpctx,
1833 dn->components[i].value);
1840 /* Only domain components? Finish here */
1841 if (i == (unsigned int) -1) {
1842 cracked = talloc_strdup_append_buffer(cracked, format);
1843 talloc_steal(mem_ctx, cracked);
1847 /* Now walk backwards appending remaining components */
1848 for (; i > 0; i--) {
1849 cracked = talloc_asprintf_append_buffer(cracked, "/%s",
1850 ldb_dn_escape_value(tmpctx,
1851 dn->components[i].value));
1857 /* Last one, possibly a newline for the 'ex' format */
1858 cracked = talloc_asprintf_append_buffer(cracked, "%s%s", format,
1859 ldb_dn_escape_value(tmpctx,
1860 dn->components[i].value));
1862 talloc_steal(mem_ctx, cracked);
1864 talloc_free(tmpctx);
1868 /* Wrapper functions for the above, for the two different string formats */
1869 char *ldb_dn_canonical_string(TALLOC_CTX *mem_ctx, struct ldb_dn *dn) {
1870 return ldb_dn_canonical(mem_ctx, dn, 0);
1874 char *ldb_dn_canonical_ex_string(TALLOC_CTX *mem_ctx, struct ldb_dn *dn) {
1875 return ldb_dn_canonical(mem_ctx, dn, 1);
1878 int ldb_dn_get_comp_num(struct ldb_dn *dn)
1880 if ( ! ldb_dn_validate(dn)) {
1883 return dn->comp_num;
1886 int ldb_dn_get_extended_comp_num(struct ldb_dn *dn)
1888 if ( ! ldb_dn_validate(dn)) {
1891 return dn->ext_comp_num;
1894 const char *ldb_dn_get_component_name(struct ldb_dn *dn, unsigned int num)
1896 if ( ! ldb_dn_validate(dn)) {
1899 if (num >= dn->comp_num) return NULL;
1900 return dn->components[num].name;
1903 const struct ldb_val *ldb_dn_get_component_val(struct ldb_dn *dn,
1906 if ( ! ldb_dn_validate(dn)) {
1909 if (num >= dn->comp_num) return NULL;
1910 return &dn->components[num].value;
1913 const char *ldb_dn_get_rdn_name(struct ldb_dn *dn)
1915 if ( ! ldb_dn_validate(dn)) {
1918 if (dn->comp_num == 0) return NULL;
1919 return dn->components[0].name;
1922 const struct ldb_val *ldb_dn_get_rdn_val(struct ldb_dn *dn)
1924 if ( ! ldb_dn_validate(dn)) {
1927 if (dn->comp_num == 0) return NULL;
1928 return &dn->components[0].value;
1931 int ldb_dn_set_component(struct ldb_dn *dn, int num,
1932 const char *name, const struct ldb_val val)
1937 if ( ! ldb_dn_validate(dn)) {
1938 return LDB_ERR_OTHER;
1942 return LDB_ERR_OTHER;
1945 if ((unsigned)num >= dn->comp_num) {
1946 return LDB_ERR_OTHER;
1949 if (val.length > val.length + 1) {
1950 return LDB_ERR_OTHER;
1953 n = talloc_strdup(dn, name);
1955 return LDB_ERR_OTHER;
1958 v.length = val.length;
1961 * This is like talloc_memdup(dn, v.data, v.length + 1), but
1962 * avoids the over-read
1964 v.data = (uint8_t *)talloc_size(dn, v.length+1);
1967 return LDB_ERR_OTHER;
1969 memcpy(v.data, val.data, val.length);
1972 * Enforce NUL termination outside the stated length, as is
1973 * traditional in LDB
1975 v.data[v.length] = '\0';
1977 talloc_free(dn->components[num].name);
1978 talloc_free(dn->components[num].value.data);
1979 dn->components[num].name = n;
1980 dn->components[num].value = v;
1982 if (dn->valid_case) {
1984 for (i = 0; i < dn->comp_num; i++) {
1985 LDB_FREE(dn->components[i].cf_name);
1986 LDB_FREE(dn->components[i].cf_value.data);
1988 dn->valid_case = false;
1990 LDB_FREE(dn->casefold);
1991 LDB_FREE(dn->linearized);
1993 /* Wipe the ext_linearized DN,
1994 * the GUID and SID are almost certainly no longer valid */
1995 LDB_FREE(dn->ext_linearized);
1996 LDB_FREE(dn->ext_components);
1997 dn->ext_comp_num = 0;
2002 const struct ldb_val *ldb_dn_get_extended_component(struct ldb_dn *dn,
2006 if ( ! ldb_dn_validate(dn)) {
2009 for (i=0; i < dn->ext_comp_num; i++) {
2010 if (ldb_attr_cmp(dn->ext_components[i].name, name) == 0) {
2011 return &dn->ext_components[i].value;
2017 int ldb_dn_set_extended_component(struct ldb_dn *dn,
2018 const char *name, const struct ldb_val *val)
2020 struct ldb_dn_ext_component *p;
2023 const struct ldb_dn_extended_syntax *ext_syntax;
2025 if ( ! ldb_dn_validate(dn)) {
2026 return LDB_ERR_OTHER;
2029 ext_syntax = ldb_dn_extended_syntax_by_name(dn->ldb, name);
2030 if (ext_syntax == NULL) {
2031 /* We don't know how to handle this type of thing */
2032 return LDB_ERR_INVALID_DN_SYNTAX;
2035 for (i=0; i < dn->ext_comp_num; i++) {
2036 if (ldb_attr_cmp(dn->ext_components[i].name, name) == 0) {
2038 dn->ext_components[i].value =
2039 ldb_val_dup(dn->ext_components, val);
2041 dn->ext_components[i].name = ext_syntax->name;
2042 if (!dn->ext_components[i].value.data) {
2043 ldb_dn_mark_invalid(dn);
2044 return LDB_ERR_OPERATIONS_ERROR;
2047 if (i != (dn->ext_comp_num - 1)) {
2048 memmove(&dn->ext_components[i],
2049 &dn->ext_components[i+1],
2050 ((dn->ext_comp_num-1) - i) *
2051 sizeof(*dn->ext_components));
2055 dn->ext_components = talloc_realloc(dn,
2057 struct ldb_dn_ext_component,
2059 if (!dn->ext_components) {
2060 ldb_dn_mark_invalid(dn);
2061 return LDB_ERR_OPERATIONS_ERROR;
2064 LDB_FREE(dn->ext_linearized);
2071 /* removing a value that doesn't exist is not an error */
2077 p = dn->ext_components
2078 = talloc_realloc(dn,
2080 struct ldb_dn_ext_component,
2081 dn->ext_comp_num + 1);
2082 if (!dn->ext_components) {
2083 ldb_dn_mark_invalid(dn);
2084 return LDB_ERR_OPERATIONS_ERROR;
2087 p[dn->ext_comp_num].value = ldb_val_dup(dn->ext_components, &v2);
2088 p[dn->ext_comp_num].name = talloc_strdup(p, name);
2090 if (!dn->ext_components[i].name || !dn->ext_components[i].value.data) {
2091 ldb_dn_mark_invalid(dn);
2092 return LDB_ERR_OPERATIONS_ERROR;
2094 dn->ext_components = p;
2097 LDB_FREE(dn->ext_linearized);
2102 void ldb_dn_remove_extended_components(struct ldb_dn *dn)
2104 LDB_FREE(dn->ext_linearized);
2105 LDB_FREE(dn->ext_components);
2106 dn->ext_comp_num = 0;
2109 bool ldb_dn_is_valid(struct ldb_dn *dn)
2111 if ( ! dn) return false;
2112 return ! dn->invalid;
2115 bool ldb_dn_is_special(struct ldb_dn *dn)
2117 if ( ! dn || dn->invalid) return false;
2121 bool ldb_dn_has_extended(struct ldb_dn *dn)
2123 if ( ! dn || dn->invalid) return false;
2124 if (dn->ext_linearized && (dn->ext_linearized[0] == '<')) return true;
2125 return dn->ext_comp_num != 0;
2128 bool ldb_dn_check_special(struct ldb_dn *dn, const char *check)
2130 if ( ! dn || dn->invalid) return false;
2131 return ! strcmp(dn->linearized, check);
2134 bool ldb_dn_is_null(struct ldb_dn *dn)
2136 if ( ! dn || dn->invalid) return false;
2137 if (ldb_dn_has_extended(dn)) return false;
2138 if (dn->linearized && (dn->linearized[0] == '\0')) return true;
2143 this updates dn->components, taking the components from ref_dn.
2144 This is used by code that wants to update the DN path of a DN
2145 while not impacting on the extended DN components
2147 int ldb_dn_update_components(struct ldb_dn *dn, const struct ldb_dn *ref_dn)
2149 dn->components = talloc_realloc(dn, dn->components,
2150 struct ldb_dn_component, ref_dn->comp_num);
2151 if (!dn->components) {
2152 return LDB_ERR_OPERATIONS_ERROR;
2154 memcpy(dn->components, ref_dn->components,
2155 sizeof(struct ldb_dn_component)*ref_dn->comp_num);
2156 dn->comp_num = ref_dn->comp_num;
2158 LDB_FREE(dn->casefold);
2159 LDB_FREE(dn->linearized);
2160 LDB_FREE(dn->ext_linearized);
2166 minimise a DN. The caller must pass in a validated DN.
2168 If the DN has an extended component then only the first extended
2169 component is kept, the DN string is stripped.
2171 The existing dn is modified
2173 bool ldb_dn_minimise(struct ldb_dn *dn)
2177 if (!ldb_dn_validate(dn)) {
2180 if (dn->ext_comp_num == 0) {
2184 /* free components */
2185 for (i = 0; i < dn->comp_num; i++) {
2186 LDB_FREE(dn->components[i].name);
2187 LDB_FREE(dn->components[i].value.data);
2188 LDB_FREE(dn->components[i].cf_name);
2189 LDB_FREE(dn->components[i].cf_value.data);
2192 dn->valid_case = false;
2194 LDB_FREE(dn->casefold);
2195 LDB_FREE(dn->linearized);
2197 /* note that we don't free dn->components as this there are
2198 * several places in ldb_dn.c that rely on it being non-NULL
2199 * for an exploded DN
2202 for (i = 1; i < dn->ext_comp_num; i++) {
2203 LDB_FREE(dn->ext_components[i].value.data);
2205 dn->ext_comp_num = 1;
2207 dn->ext_components = talloc_realloc(dn, dn->ext_components, struct ldb_dn_ext_component, 1);
2208 if (dn->ext_components == NULL) {
2209 ldb_dn_mark_invalid(dn);
2213 LDB_FREE(dn->ext_linearized);
2218 struct ldb_context *ldb_dn_get_ldb_context(struct ldb_dn *dn)