4 Copyright (C) Simo Sorce 2005
6 ** NOTE! The following LGPL license applies to the ldb
7 ** library. This does NOT imply that all of Samba is released
10 This library is free software; you can redistribute it and/or
11 modify it under the terms of the GNU Lesser General Public
12 License as published by the Free Software Foundation; either
13 version 3 of the License, or (at your option) any later version.
15 This library is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 Lesser General Public License for more details.
20 You should have received a copy of the GNU Lesser General Public
21 License along with this library; if not, see <http://www.gnu.org/licenses/>.
27 * Component: ldb dn creation and manipulation utility functions
29 * Description: - explode a dn into it's own basic elements
30 * and put them in a structure (only if necessary)
31 * - manipulate ldb_dn structures
36 #include "ldb_private.h"
39 #define LDB_DN_NULL_FAILED(x) if (!(x)) goto failed
41 #define LDB_FREE(x) do { talloc_free(x); x = NULL; } while(0)
44 internal ldb exploded dn structures
46 struct ldb_dn_component {
52 struct ldb_val cf_value;
55 struct ldb_dn_ext_component {
63 struct ldb_context *ldb;
65 /* Special DNs are always linearized */
75 unsigned int comp_num;
76 struct ldb_dn_component *components;
78 unsigned int ext_comp_num;
79 struct ldb_dn_ext_component *ext_components;
82 /* it is helpful to be able to break on this in gdb */
83 static void ldb_dn_mark_invalid(struct ldb_dn *dn)
88 /* strdn may be NULL */
89 struct ldb_dn *ldb_dn_from_ldb_val(TALLOC_CTX *mem_ctx,
90 struct ldb_context *ldb,
91 const struct ldb_val *strdn)
95 if (ldb == NULL || strdn == NULL) {
99 && (strnlen((const char*)strdn->data, strdn->length) != strdn->length)) {
100 /* The RDN must not contain a character with value 0x0 */
104 dn = talloc_zero(mem_ctx, struct ldb_dn);
105 LDB_DN_NULL_FAILED(dn);
107 dn->ldb = talloc_get_type(ldb, struct ldb_context);
108 if (dn->ldb == NULL) {
109 /* the caller probably got the arguments to
110 ldb_dn_new() mixed up */
115 if (strdn->data && strdn->length) {
116 const char *data = (const char *)strdn->data;
117 size_t length = strdn->length;
119 if (data[0] == '@') {
122 dn->ext_linearized = talloc_strndup(dn, data, length);
123 LDB_DN_NULL_FAILED(dn->ext_linearized);
125 if (data[0] == '<') {
126 const char *p_save, *p = dn->ext_linearized;
135 if (p_save == dn->ext_linearized) {
136 dn->linearized = talloc_strdup(dn, "");
138 dn->linearized = talloc_strdup(dn, p_save);
140 LDB_DN_NULL_FAILED(dn->linearized);
142 dn->linearized = dn->ext_linearized;
143 dn->ext_linearized = NULL;
146 dn->linearized = talloc_strdup(dn, "");
147 LDB_DN_NULL_FAILED(dn->linearized);
157 /* strdn may be NULL */
158 struct ldb_dn *ldb_dn_new(TALLOC_CTX *mem_ctx,
159 struct ldb_context *ldb,
163 blob.data = discard_const_p(uint8_t, strdn);
164 blob.length = strdn ? strlen(strdn) : 0;
165 return ldb_dn_from_ldb_val(mem_ctx, ldb, &blob);
168 struct ldb_dn *ldb_dn_new_fmt(TALLOC_CTX *mem_ctx,
169 struct ldb_context *ldb,
170 const char *new_fmt, ...)
175 if (! ldb) return NULL;
177 va_start(ap, new_fmt);
178 strdn = talloc_vasprintf(mem_ctx, new_fmt, ap);
182 struct ldb_dn *dn = ldb_dn_new(mem_ctx, ldb, strdn);
190 /* see RFC2253 section 2.4 */
191 static int ldb_dn_escape_internal(char *dst, const char *src, int len)
198 for (i = 0; i < len; i++){
202 if (i == 0 || i == len - 1) {
203 /* if at the beginning or end
204 * of the string then escape */
208 /* otherwise don't escape */
214 /* despite the RFC, windows escapes a #
215 anywhere in the string */
223 /* these must be escaped using \c form */
233 /* any others get \XX form */
235 const char *hexbytes = "0123456789ABCDEF";
236 v = (const unsigned char)c;
238 *d++ = hexbytes[v>>4];
239 *d++ = hexbytes[v&0xF];
247 /* return the length of the resulting string */
251 char *ldb_dn_escape_value(TALLOC_CTX *mem_ctx, struct ldb_val value)
258 /* allocate destination string, it will be at most 3 times the source */
259 dst = talloc_array(mem_ctx, char, value.length * 3 + 1);
265 len = ldb_dn_escape_internal(dst, (const char *)value.data, value.length);
267 dst = talloc_realloc(mem_ctx, dst, char, len + 1);
277 explode a DN string into a ldb_dn structure
278 based on RFC4514 except that we don't support multiple valued RDNs
280 TODO: according to MS-ADTS:3.1.1.5.2 Naming Constraints
281 DN must be compliant with RFC2253
283 static bool ldb_dn_explode(struct ldb_dn *dn)
285 char *p, *ex_name = NULL, *ex_value = NULL, *data, *d, *dt, *t;
287 bool in_extended = true;
288 bool in_ex_name = false;
289 bool in_ex_value = false;
290 bool in_attr = false;
291 bool in_value = false;
292 bool in_quote = false;
301 if (dn == NULL || dn->invalid) {
305 if (dn->components != NULL) {
309 if (dn->ext_linearized != NULL) {
310 parse_dn = dn->ext_linearized;
312 parse_dn = dn->linearized;
315 if (parse_dn == NULL) {
319 is_index = (strncmp(parse_dn, "DN=@INDEX:", 10) == 0);
322 if (parse_dn[0] == '\0') {
326 /* Special DNs case */
331 LDB_FREE(dn->ext_components);
332 dn->ext_comp_num = 0;
335 /* in the common case we have 3 or more components */
336 /* make sure all components are zeroed, other functions depend on it */
337 dn->components = talloc_zero_array(dn, struct ldb_dn_component, 3);
338 if (dn->components == NULL) {
342 /* Components data space is allocated here once */
343 data = talloc_array(dn->components, char, strlen(parse_dn) + 1);
355 if (!in_ex_name && !in_ex_value) {
371 if (in_ex_name && *p == '=') {
380 if (in_ex_value && *p == '>') {
381 struct ldb_dn_ext_component *ext_comp = NULL;
382 const struct ldb_dn_extended_syntax *ext_syntax;
383 struct ldb_val ex_val = {
384 .data = (uint8_t *)ex_value,
385 .length = d - ex_value
392 /* Process name and ex_value */
394 ext_comp = talloc_realloc(
397 struct ldb_dn_ext_component,
398 dn->ext_comp_num + 1);
400 if (ext_comp == NULL) {
405 dn->ext_components = ext_comp;
407 ext_syntax = ldb_dn_extended_syntax_by_name(dn->ldb, ex_name);
408 if (ext_syntax == NULL) {
409 /* We don't know about this type of extended DN */
413 dn->ext_components[dn->ext_comp_num].name = ext_syntax->name;
414 ret = ext_syntax->read_fn(dn->ldb, dn->ext_components,
415 &ex_val, &dn->ext_components[dn->ext_comp_num].value);
416 if (ret != LDB_SUCCESS) {
417 ldb_dn_mark_invalid(dn);
424 /* We have reached the end (extended component only)! */
428 } else if (*p == ';') {
432 ldb_dn_mark_invalid(dn);
451 /* attr names must be ascii only */
452 ldb_dn_mark_invalid(dn);
459 if ( ! isalpha(*p)) {
460 /* not a digit nor an alpha,
461 * invalid attribute name */
462 ldb_dn_mark_invalid(dn);
466 /* Copy this character across from parse_dn,
467 * now we have trimmed out spaces */
474 /* valid only if we are at the end */
480 /* attribute terminated */
486 /* Terminate this string in d
487 * (which is a copy of parse_dn
488 * with spaces trimmed) */
490 dn->components[dn->comp_num].name = talloc_strdup(dn->components, dt);
491 if (dn->components[dn->comp_num].name == NULL) {
503 /* attr names must be ascii only */
504 ldb_dn_mark_invalid(dn);
508 if (is_oid && ( ! (isdigit(*p) || (*p == '.')))) {
509 /* not a digit nor a dot,
510 * invalid attribute oid */
511 ldb_dn_mark_invalid(dn);
514 if ( ! (isalpha(*p) || isdigit(*p) || (*p == '-'))) {
515 /* not ALPHA, DIGIT or HYPHEN */
516 ldb_dn_mark_invalid(dn);
556 /* TODO: support ber encoded values
567 /* ok found value terminator */
584 * This talloc_memdup() is OK with the
585 * +1 because *d has been set to '\0'
588 dn->components[dn->comp_num].value.data = \
589 (uint8_t *)talloc_memdup(dn->components, dt, l + 1);
590 dn->components[dn->comp_num].value.length = l;
591 if (dn->components[dn->comp_num].value.data == NULL) {
595 talloc_set_name_const(dn->components[dn->comp_num].value.data,
596 (const char *)dn->components[dn->comp_num].value.data);
601 if (dn->comp_num > 2) {
602 dn->components = talloc_realloc(dn,
604 struct ldb_dn_component,
606 if (dn->components == NULL) {
610 /* make sure all components are zeroed, other functions depend on this */
611 memset(&dn->components[dn->comp_num], '\0', sizeof(struct ldb_dn_component));
618 /* to main compatibility with earlier
619 versions of ldb indexing, we have to
620 accept the base64 encoded binary index
621 values, which contain a '+' or '='
622 which should normally be escaped */
637 /* a string with not escaped specials is invalid (tested) */
639 ldb_dn_mark_invalid(dn);
670 if (isxdigit(p[0]) && isxdigit(p[1])) {
671 if (sscanf(p, "%02x", &x) != 1) {
672 /* invalid escaping sequence */
673 ldb_dn_mark_invalid(dn);
677 *d++ = (unsigned char)x;
709 if (in_attr || in_quote) {
711 ldb_dn_mark_invalid(dn);
716 /* save last element */
725 * This talloc_memdup() is OK with the
726 * +1 because *d has been set to '\0'
729 dn->components[dn->comp_num].value.length = l;
730 dn->components[dn->comp_num].value.data =
731 (uint8_t *)talloc_memdup(dn->components, dt, l + 1);
732 if (dn->components[dn->comp_num].value.data == NULL) {
736 talloc_set_name_const(dn->components[dn->comp_num].value.data,
737 (const char *)dn->components[dn->comp_num].value.data);
745 LDB_FREE(dn->components); /* "data" is implicitly free'd */
747 LDB_FREE(dn->ext_components);
748 dn->ext_comp_num = 0;
753 bool ldb_dn_validate(struct ldb_dn *dn)
755 return ldb_dn_explode(dn);
758 const char *ldb_dn_get_linearized(struct ldb_dn *dn)
764 if ( ! dn || ( dn->invalid)) return NULL;
766 if (dn->linearized) return dn->linearized;
768 if ( ! dn->components) {
769 ldb_dn_mark_invalid(dn);
773 if (dn->comp_num == 0) {
774 dn->linearized = talloc_strdup(dn, "");
775 if ( ! dn->linearized) return NULL;
776 return dn->linearized;
779 /* calculate maximum possible length of DN */
780 for (len = 0, i = 0; i < dn->comp_num; i++) {
782 len += strlen(dn->components[i].name);
783 /* max escaped data len */
784 len += (dn->components[i].value.length * 3);
785 len += 2; /* '=' and ',' */
787 dn->linearized = talloc_array(dn, char, len);
788 if ( ! dn->linearized) return NULL;
792 for (i = 0; i < dn->comp_num; i++) {
795 n = dn->components[i].name;
796 while (*n) *d++ = *n++;
801 d += ldb_dn_escape_internal( d,
802 (char *)dn->components[i].value.data,
803 dn->components[i].value.length);
809 /* don't waste more memory than necessary */
810 dn->linearized = talloc_realloc(dn, dn->linearized,
811 char, (d - dn->linearized + 1));
813 return dn->linearized;
816 static int ldb_dn_extended_component_compare(const void *p1, const void *p2)
818 const struct ldb_dn_ext_component *ec1 = (const struct ldb_dn_ext_component *)p1;
819 const struct ldb_dn_ext_component *ec2 = (const struct ldb_dn_ext_component *)p2;
820 return strcmp(ec1->name, ec2->name);
823 char *ldb_dn_get_extended_linearized(TALLOC_CTX *mem_ctx, struct ldb_dn *dn, int mode)
825 const char *linearized = ldb_dn_get_linearized(dn);
833 if (!ldb_dn_has_extended(dn)) {
834 return talloc_strdup(mem_ctx, linearized);
837 if (!ldb_dn_validate(dn)) {
841 /* sort the extended components by name. The idea is to make
842 * the resulting DNs consistent, plus to ensure that we put
843 * 'DELETED' first, so it can be very quickly recognised
845 TYPESAFE_QSORT(dn->ext_components, dn->ext_comp_num,
846 ldb_dn_extended_component_compare);
848 for (i = 0; i < dn->ext_comp_num; i++) {
849 const struct ldb_dn_extended_syntax *ext_syntax;
850 const char *name = dn->ext_components[i].name;
851 struct ldb_val ec_val = dn->ext_components[i].value;
855 ext_syntax = ldb_dn_extended_syntax_by_name(dn->ldb, name);
861 ret = ext_syntax->write_clear_fn(dn->ldb, mem_ctx,
863 } else if (mode == 0) {
864 ret = ext_syntax->write_hex_fn(dn->ldb, mem_ctx,
870 if (ret != LDB_SUCCESS) {
875 p = talloc_asprintf(mem_ctx, "<%s=%.*s>",
880 p = talloc_asprintf_append_buffer(p, ";<%s=%.*s>",
886 talloc_free(val.data);
893 if (dn->ext_comp_num && *linearized) {
894 p = talloc_asprintf_append_buffer(p, ";%s", linearized);
905 filter out all but an acceptable list of extended DN components
907 void ldb_dn_extended_filter(struct ldb_dn *dn, const char * const *accept_list)
910 for (i=0; i<dn->ext_comp_num; i++) {
911 if (!ldb_attr_in_list(accept_list, dn->ext_components[i].name)) {
913 dn->ext_components, i, dn->ext_comp_num);
918 LDB_FREE(dn->ext_linearized);
922 char *ldb_dn_alloc_linearized(TALLOC_CTX *mem_ctx, struct ldb_dn *dn)
924 return talloc_strdup(mem_ctx, ldb_dn_get_linearized(dn));
928 casefold a dn. We need to casefold the attribute names, and canonicalize
929 attribute values of case insensitive attributes.
932 static bool ldb_dn_casefold_internal(struct ldb_dn *dn)
937 if ( ! dn || dn->invalid) return false;
939 if (dn->valid_case) return true;
941 if (( ! dn->components) && ( ! ldb_dn_explode(dn))) {
945 for (i = 0; i < dn->comp_num; i++) {
946 const struct ldb_schema_attribute *a;
948 dn->components[i].cf_name =
949 ldb_attr_casefold(dn->components,
950 dn->components[i].name);
951 if (!dn->components[i].cf_name) {
955 a = ldb_schema_attribute_by_name(dn->ldb,
956 dn->components[i].cf_name);
958 ret = a->syntax->canonicalise_fn(dn->ldb, dn->components,
959 &(dn->components[i].value),
960 &(dn->components[i].cf_value));
966 dn->valid_case = true;
971 for (i = 0; i < dn->comp_num; i++) {
972 LDB_FREE(dn->components[i].cf_name);
973 LDB_FREE(dn->components[i].cf_value.data);
978 const char *ldb_dn_get_casefold(struct ldb_dn *dn)
984 if (dn->casefold) return dn->casefold;
987 dn->casefold = talloc_strdup(dn, dn->linearized);
988 if (!dn->casefold) return NULL;
989 dn->valid_case = true;
993 if ( ! ldb_dn_casefold_internal(dn)) {
997 if (dn->comp_num == 0) {
998 dn->casefold = talloc_strdup(dn, "");
1002 /* calculate maximum possible length of DN */
1003 for (len = 0, i = 0; i < dn->comp_num; i++) {
1005 len += strlen(dn->components[i].cf_name);
1006 /* max escaped data len */
1007 len += (dn->components[i].cf_value.length * 3);
1008 len += 2; /* '=' and ',' */
1010 dn->casefold = talloc_array(dn, char, len);
1011 if ( ! dn->casefold) return NULL;
1015 for (i = 0; i < dn->comp_num; i++) {
1018 n = dn->components[i].cf_name;
1019 while (*n) *d++ = *n++;
1024 d += ldb_dn_escape_internal( d,
1025 (char *)dn->components[i].cf_value.data,
1026 dn->components[i].cf_value.length);
1031 /* don't waste more memory than necessary */
1032 dn->casefold = talloc_realloc(dn, dn->casefold,
1033 char, strlen(dn->casefold) + 1);
1035 return dn->casefold;
1038 char *ldb_dn_alloc_casefold(TALLOC_CTX *mem_ctx, struct ldb_dn *dn)
1040 return talloc_strdup(mem_ctx, ldb_dn_get_casefold(dn));
1043 /* Determine if dn is below base, in the ldap tree. Used for
1044 * evaluating a subtree search.
1045 * 0 if they match, otherwise non-zero
1048 int ldb_dn_compare_base(struct ldb_dn *base, struct ldb_dn *dn)
1051 unsigned int n_base, n_dn;
1053 if ( ! base || base->invalid) return 1;
1054 if ( ! dn || dn->invalid) return -1;
1056 if (( ! base->valid_case) || ( ! dn->valid_case)) {
1057 if (base->linearized && dn->linearized && dn->special == base->special) {
1058 /* try with a normal compare first, if we are lucky
1059 * we will avoid exploding and casefolding */
1061 dif = strlen(dn->linearized) - strlen(base->linearized);
1065 if (strcmp(base->linearized,
1066 &dn->linearized[dif]) == 0) {
1071 if ( ! ldb_dn_casefold_internal(base)) {
1075 if ( ! ldb_dn_casefold_internal(dn)) {
1081 /* if base has more components,
1082 * they don't have the same base */
1083 if (base->comp_num > dn->comp_num) {
1084 return (dn->comp_num - base->comp_num);
1087 if ((dn->comp_num == 0) || (base->comp_num == 0)) {
1088 if (dn->special && base->special) {
1089 return strcmp(base->linearized, dn->linearized);
1090 } else if (dn->special) {
1092 } else if (base->special) {
1099 n_base = base->comp_num - 1;
1100 n_dn = dn->comp_num - 1;
1102 while (n_base != (unsigned int) -1) {
1103 char *b_name = base->components[n_base].cf_name;
1104 char *dn_name = dn->components[n_dn].cf_name;
1106 char *b_vdata = (char *)base->components[n_base].cf_value.data;
1107 char *dn_vdata = (char *)dn->components[n_dn].cf_value.data;
1109 size_t b_vlen = base->components[n_base].cf_value.length;
1110 size_t dn_vlen = dn->components[n_dn].cf_value.length;
1112 /* compare attr names */
1113 ret = strcmp(b_name, dn_name);
1114 if (ret != 0) return ret;
1116 /* compare attr.cf_value. */
1117 if (b_vlen != dn_vlen) {
1118 return b_vlen - dn_vlen;
1120 ret = strncmp(b_vdata, dn_vdata, b_vlen);
1121 if (ret != 0) return ret;
1130 /* compare DNs using casefolding compare functions.
1132 If they match, then return 0
1135 int ldb_dn_compare(struct ldb_dn *dn0, struct ldb_dn *dn1)
1140 if (( ! dn0) || dn0->invalid || ! dn1 || dn1->invalid) {
1144 if (( ! dn0->valid_case) || ( ! dn1->valid_case)) {
1145 if (dn0->linearized && dn1->linearized) {
1146 /* try with a normal compare first, if we are lucky
1147 * we will avoid exploding and casefolding */
1148 if (strcmp(dn0->linearized, dn1->linearized) == 0) {
1153 if ( ! ldb_dn_casefold_internal(dn0)) {
1157 if ( ! ldb_dn_casefold_internal(dn1)) {
1163 if (dn0->comp_num != dn1->comp_num) {
1164 return (dn1->comp_num - dn0->comp_num);
1167 if (dn0->comp_num == 0) {
1168 if (dn0->special && dn1->special) {
1169 return strcmp(dn0->linearized, dn1->linearized);
1170 } else if (dn0->special) {
1172 } else if (dn1->special) {
1179 for (i = 0; i < dn0->comp_num; i++) {
1180 char *dn0_name = dn0->components[i].cf_name;
1181 char *dn1_name = dn1->components[i].cf_name;
1183 char *dn0_vdata = (char *)dn0->components[i].cf_value.data;
1184 char *dn1_vdata = (char *)dn1->components[i].cf_value.data;
1186 size_t dn0_vlen = dn0->components[i].cf_value.length;
1187 size_t dn1_vlen = dn1->components[i].cf_value.length;
1189 /* compare attr names */
1190 ret = strcmp(dn0_name, dn1_name);
1195 /* compare attr.cf_value. */
1196 if (dn0_vlen != dn1_vlen) {
1197 return dn0_vlen - dn1_vlen;
1199 ret = strncmp(dn0_vdata, dn1_vdata, dn0_vlen);
1208 static struct ldb_dn_component ldb_dn_copy_component(
1209 TALLOC_CTX *mem_ctx,
1210 struct ldb_dn_component *src)
1212 struct ldb_dn_component dst;
1214 memset(&dst, 0, sizeof(dst));
1220 dst.value = ldb_val_dup(mem_ctx, &(src->value));
1221 if (dst.value.data == NULL) {
1225 dst.name = talloc_strdup(mem_ctx, src->name);
1226 if (dst.name == NULL) {
1227 LDB_FREE(dst.value.data);
1231 if (src->cf_value.data) {
1232 dst.cf_value = ldb_val_dup(mem_ctx, &(src->cf_value));
1233 if (dst.cf_value.data == NULL) {
1234 LDB_FREE(dst.value.data);
1239 dst.cf_name = talloc_strdup(mem_ctx, src->cf_name);
1240 if (dst.cf_name == NULL) {
1241 LDB_FREE(dst.cf_name);
1242 LDB_FREE(dst.value.data);
1247 dst.cf_value.data = NULL;
1254 static struct ldb_dn_ext_component ldb_dn_ext_copy_component(
1255 TALLOC_CTX *mem_ctx,
1256 struct ldb_dn_ext_component *src)
1258 struct ldb_dn_ext_component dst;
1260 memset(&dst, 0, sizeof(dst));
1266 dst.value = ldb_val_dup(mem_ctx, &(src->value));
1267 if (dst.value.data == NULL) {
1271 dst.name = talloc_strdup(mem_ctx, src->name);
1272 if (dst.name == NULL) {
1273 LDB_FREE(dst.value.data);
1280 struct ldb_dn *ldb_dn_copy(TALLOC_CTX *mem_ctx, struct ldb_dn *dn)
1282 struct ldb_dn *new_dn;
1284 if (!dn || dn->invalid) {
1288 new_dn = talloc_zero(mem_ctx, struct ldb_dn);
1295 if (dn->components) {
1298 new_dn->components =
1299 talloc_zero_array(new_dn,
1300 struct ldb_dn_component,
1302 if ( ! new_dn->components) {
1303 talloc_free(new_dn);
1307 for (i = 0; i < dn->comp_num; i++) {
1308 new_dn->components[i] =
1309 ldb_dn_copy_component(new_dn->components,
1310 &dn->components[i]);
1311 if ( ! new_dn->components[i].value.data) {
1312 talloc_free(new_dn);
1318 if (dn->ext_components) {
1321 new_dn->ext_components =
1322 talloc_zero_array(new_dn,
1323 struct ldb_dn_ext_component,
1325 if ( ! new_dn->ext_components) {
1326 talloc_free(new_dn);
1330 for (i = 0; i < dn->ext_comp_num; i++) {
1331 new_dn->ext_components[i] =
1332 ldb_dn_ext_copy_component(
1333 new_dn->ext_components,
1334 &dn->ext_components[i]);
1335 if ( ! new_dn->ext_components[i].value.data) {
1336 talloc_free(new_dn);
1343 new_dn->casefold = talloc_strdup(new_dn, dn->casefold);
1344 if ( ! new_dn->casefold) {
1345 talloc_free(new_dn);
1350 if (dn->linearized) {
1351 new_dn->linearized = talloc_strdup(new_dn, dn->linearized);
1352 if ( ! new_dn->linearized) {
1353 talloc_free(new_dn);
1358 if (dn->ext_linearized) {
1359 new_dn->ext_linearized = talloc_strdup(new_dn,
1360 dn->ext_linearized);
1361 if ( ! new_dn->ext_linearized) {
1362 talloc_free(new_dn);
1370 /* modify the given dn by adding a base.
1372 * return true if successful and false if not
1373 * if false is returned the dn may be marked invalid
1375 bool ldb_dn_add_base(struct ldb_dn *dn, struct ldb_dn *base)
1380 if ( !base || base->invalid || !dn || dn->invalid) {
1385 return false; /* or we will visit infinity */
1388 if (dn->components) {
1391 if ( ! ldb_dn_validate(base)) {
1396 if (dn->valid_case) {
1397 if ( ! (s = ldb_dn_get_casefold(base))) {
1402 dn->components = talloc_realloc(dn,
1404 struct ldb_dn_component,
1405 dn->comp_num + base->comp_num);
1406 if ( ! dn->components) {
1407 ldb_dn_mark_invalid(dn);
1411 for (i = 0; i < base->comp_num; dn->comp_num++, i++) {
1412 dn->components[dn->comp_num] =
1413 ldb_dn_copy_component(dn->components,
1414 &base->components[i]);
1415 if (dn->components[dn->comp_num].value.data == NULL) {
1416 ldb_dn_mark_invalid(dn);
1421 if (dn->casefold && s) {
1422 if (*dn->casefold) {
1423 t = talloc_asprintf(dn, "%s,%s",
1426 t = talloc_strdup(dn, s);
1428 LDB_FREE(dn->casefold);
1433 if (dn->linearized) {
1435 s = ldb_dn_get_linearized(base);
1440 if (*dn->linearized) {
1441 t = talloc_asprintf(dn, "%s,%s",
1444 t = talloc_strdup(dn, s);
1447 ldb_dn_mark_invalid(dn);
1450 LDB_FREE(dn->linearized);
1454 /* Wipe the ext_linearized DN,
1455 * the GUID and SID are almost certainly no longer valid */
1456 LDB_FREE(dn->ext_linearized);
1457 LDB_FREE(dn->ext_components);
1458 dn->ext_comp_num = 0;
1463 /* modify the given dn by adding a base.
1465 * return true if successful and false if not
1466 * if false is returned the dn may be marked invalid
1468 bool ldb_dn_add_base_fmt(struct ldb_dn *dn, const char *base_fmt, ...)
1470 struct ldb_dn *base;
1475 if ( !dn || dn->invalid) {
1479 va_start(ap, base_fmt);
1480 base_str = talloc_vasprintf(dn, base_fmt, ap);
1483 if (base_str == NULL) {
1487 base = ldb_dn_new(base_str, dn->ldb, base_str);
1489 ret = ldb_dn_add_base(dn, base);
1491 talloc_free(base_str);
1496 /* modify the given dn by adding children elements.
1498 * return true if successful and false if not
1499 * if false is returned the dn may be marked invalid
1501 bool ldb_dn_add_child(struct ldb_dn *dn, struct ldb_dn *child)
1506 if ( !child || child->invalid || !dn || dn->invalid) {
1510 if (dn->components) {
1514 if (dn->comp_num == 0) {
1518 if ( ! ldb_dn_validate(child)) {
1523 if (dn->valid_case) {
1524 if ( ! (s = ldb_dn_get_casefold(child))) {
1529 n = dn->comp_num + child->comp_num;
1531 dn->components = talloc_realloc(dn,
1533 struct ldb_dn_component,
1535 if ( ! dn->components) {
1536 ldb_dn_mark_invalid(dn);
1540 for (i = dn->comp_num - 1, j = n - 1; i != (unsigned int) -1;
1542 dn->components[j] = dn->components[i];
1545 for (i = 0; i < child->comp_num; i++) {
1547 ldb_dn_copy_component(dn->components,
1548 &child->components[i]);
1549 if (dn->components[i].value.data == NULL) {
1550 ldb_dn_mark_invalid(dn);
1557 if (dn->casefold && s) {
1558 t = talloc_asprintf(dn, "%s,%s", s, dn->casefold);
1559 LDB_FREE(dn->casefold);
1564 if (dn->linearized) {
1565 if (dn->linearized[0] == '\0') {
1569 s = ldb_dn_get_linearized(child);
1574 t = talloc_asprintf(dn, "%s,%s", s, dn->linearized);
1576 ldb_dn_mark_invalid(dn);
1579 LDB_FREE(dn->linearized);
1583 /* Wipe the ext_linearized DN,
1584 * the GUID and SID are almost certainly no longer valid */
1585 LDB_FREE(dn->ext_linearized);
1586 LDB_FREE(dn->ext_components);
1587 dn->ext_comp_num = 0;
1592 /* modify the given dn by adding children elements.
1594 * return true if successful and false if not
1595 * if false is returned the dn may be marked invalid
1597 bool ldb_dn_add_child_fmt(struct ldb_dn *dn, const char *child_fmt, ...)
1599 struct ldb_dn *child;
1604 if ( !dn || dn->invalid) {
1608 va_start(ap, child_fmt);
1609 child_str = talloc_vasprintf(dn, child_fmt, ap);
1612 if (child_str == NULL) {
1616 child = ldb_dn_new(child_str, dn->ldb, child_str);
1618 ret = ldb_dn_add_child(dn, child);
1620 talloc_free(child_str);
1625 /* modify the given dn by adding a single child element.
1627 * return true if successful and false if not
1628 * if false is returned the dn may be marked invalid
1630 bool ldb_dn_add_child_val(struct ldb_dn *dn,
1632 struct ldb_val value)
1636 struct ldb_dn *child = NULL;
1638 if ( !dn || dn->invalid) {
1642 child = ldb_dn_new(dn, dn->ldb, "X=Y");
1643 ret = ldb_dn_add_child(dn, child);
1649 ldb_ret = ldb_dn_set_component(dn,
1653 if (ldb_ret != LDB_SUCCESS) {
1660 bool ldb_dn_remove_base_components(struct ldb_dn *dn, unsigned int num)
1664 if ( ! ldb_dn_validate(dn)) {
1668 if (dn->comp_num < num) {
1672 /* free components */
1673 for (i = dn->comp_num - num; i < dn->comp_num; i++) {
1674 LDB_FREE(dn->components[i].name);
1675 LDB_FREE(dn->components[i].value.data);
1676 LDB_FREE(dn->components[i].cf_name);
1677 LDB_FREE(dn->components[i].cf_value.data);
1680 dn->comp_num -= num;
1682 if (dn->valid_case) {
1683 for (i = 0; i < dn->comp_num; i++) {
1684 LDB_FREE(dn->components[i].cf_name);
1685 LDB_FREE(dn->components[i].cf_value.data);
1687 dn->valid_case = false;
1690 LDB_FREE(dn->casefold);
1691 LDB_FREE(dn->linearized);
1693 /* Wipe the ext_linearized DN,
1694 * the GUID and SID are almost certainly no longer valid */
1695 LDB_FREE(dn->ext_linearized);
1696 LDB_FREE(dn->ext_components);
1697 dn->ext_comp_num = 0;
1702 bool ldb_dn_remove_child_components(struct ldb_dn *dn, unsigned int num)
1706 if ( ! ldb_dn_validate(dn)) {
1710 if (dn->comp_num < num) {
1714 for (i = 0, j = num; j < dn->comp_num; i++, j++) {
1716 LDB_FREE(dn->components[i].name);
1717 LDB_FREE(dn->components[i].value.data);
1718 LDB_FREE(dn->components[i].cf_name);
1719 LDB_FREE(dn->components[i].cf_value.data);
1721 dn->components[i] = dn->components[j];
1724 dn->comp_num -= num;
1726 if (dn->valid_case) {
1727 for (i = 0; i < dn->comp_num; i++) {
1728 LDB_FREE(dn->components[i].cf_name);
1729 LDB_FREE(dn->components[i].cf_value.data);
1731 dn->valid_case = false;
1734 LDB_FREE(dn->casefold);
1735 LDB_FREE(dn->linearized);
1737 /* Wipe the ext_linearized DN,
1738 * the GUID and SID are almost certainly no longer valid */
1739 LDB_FREE(dn->ext_linearized);
1740 LDB_FREE(dn->ext_components);
1741 dn->ext_comp_num = 0;
1747 /* replace the components of a DN with those from another DN, without
1748 * touching the extended components
1750 * return true if successful and false if not
1751 * if false is returned the dn may be marked invalid
1753 bool ldb_dn_replace_components(struct ldb_dn *dn, struct ldb_dn *new_dn)
1757 if ( ! ldb_dn_validate(dn) || ! ldb_dn_validate(new_dn)) {
1761 /* free components */
1762 for (i = 0; i < dn->comp_num; i++) {
1763 LDB_FREE(dn->components[i].name);
1764 LDB_FREE(dn->components[i].value.data);
1765 LDB_FREE(dn->components[i].cf_name);
1766 LDB_FREE(dn->components[i].cf_value.data);
1769 dn->components = talloc_realloc(dn,
1771 struct ldb_dn_component,
1773 if (dn->components == NULL) {
1774 ldb_dn_mark_invalid(dn);
1778 dn->comp_num = new_dn->comp_num;
1779 dn->valid_case = new_dn->valid_case;
1781 for (i = 0; i < dn->comp_num; i++) {
1782 dn->components[i] = ldb_dn_copy_component(dn->components, &new_dn->components[i]);
1783 if (dn->components[i].name == NULL) {
1784 ldb_dn_mark_invalid(dn);
1788 if (new_dn->linearized == NULL) {
1789 dn->linearized = NULL;
1791 dn->linearized = talloc_strdup(dn, new_dn->linearized);
1792 if (dn->linearized == NULL) {
1793 ldb_dn_mark_invalid(dn);
1802 struct ldb_dn *ldb_dn_get_parent(TALLOC_CTX *mem_ctx, struct ldb_dn *dn)
1804 struct ldb_dn *new_dn;
1806 new_dn = ldb_dn_copy(mem_ctx, dn);
1811 if ( ! ldb_dn_remove_child_components(new_dn, 1)) {
1812 talloc_free(new_dn);
1819 /* Create a 'canonical name' string from a DN:
1821 ie dc=samba,dc=org -> samba.org/
1822 uid=administrator,ou=users,dc=samba,dc=org = samba.org/users/administrator
1824 There are two formats,
1825 the EX format has the last '/' replaced with a newline (\n).
1828 static char *ldb_dn_canonical(TALLOC_CTX *mem_ctx, struct ldb_dn *dn, int ex_format) {
1831 char *cracked = NULL;
1832 const char *format = (ex_format ? "\n" : "/" );
1834 if ( ! ldb_dn_validate(dn)) {
1838 tmpctx = talloc_new(mem_ctx);
1840 /* Walk backwards down the DN, grabbing 'dc' components at first */
1841 for (i = dn->comp_num - 1; i != (unsigned int) -1; i--) {
1842 if (ldb_attr_cmp(dn->components[i].name, "dc") != 0) {
1846 cracked = talloc_asprintf(tmpctx, "%s.%s",
1847 ldb_dn_escape_value(tmpctx,
1848 dn->components[i].value),
1851 cracked = ldb_dn_escape_value(tmpctx,
1852 dn->components[i].value);
1859 /* Only domain components? Finish here */
1860 if (i == (unsigned int) -1) {
1861 cracked = talloc_strdup_append_buffer(cracked, format);
1862 talloc_steal(mem_ctx, cracked);
1866 /* Now walk backwards appending remaining components */
1867 for (; i > 0; i--) {
1868 cracked = talloc_asprintf_append_buffer(cracked, "/%s",
1869 ldb_dn_escape_value(tmpctx,
1870 dn->components[i].value));
1876 /* Last one, possibly a newline for the 'ex' format */
1877 cracked = talloc_asprintf_append_buffer(cracked, "%s%s", format,
1878 ldb_dn_escape_value(tmpctx,
1879 dn->components[i].value));
1881 talloc_steal(mem_ctx, cracked);
1883 talloc_free(tmpctx);
1887 /* Wrapper functions for the above, for the two different string formats */
1888 char *ldb_dn_canonical_string(TALLOC_CTX *mem_ctx, struct ldb_dn *dn) {
1889 return ldb_dn_canonical(mem_ctx, dn, 0);
1893 char *ldb_dn_canonical_ex_string(TALLOC_CTX *mem_ctx, struct ldb_dn *dn) {
1894 return ldb_dn_canonical(mem_ctx, dn, 1);
1897 int ldb_dn_get_comp_num(struct ldb_dn *dn)
1899 if ( ! ldb_dn_validate(dn)) {
1902 return dn->comp_num;
1905 int ldb_dn_get_extended_comp_num(struct ldb_dn *dn)
1907 if ( ! ldb_dn_validate(dn)) {
1910 return dn->ext_comp_num;
1913 const char *ldb_dn_get_component_name(struct ldb_dn *dn, unsigned int num)
1915 if ( ! ldb_dn_validate(dn)) {
1918 if (num >= dn->comp_num) return NULL;
1919 return dn->components[num].name;
1922 const struct ldb_val *ldb_dn_get_component_val(struct ldb_dn *dn,
1925 if ( ! ldb_dn_validate(dn)) {
1928 if (num >= dn->comp_num) return NULL;
1929 return &dn->components[num].value;
1932 const char *ldb_dn_get_rdn_name(struct ldb_dn *dn)
1934 if ( ! ldb_dn_validate(dn)) {
1937 if (dn->comp_num == 0) return NULL;
1938 return dn->components[0].name;
1941 const struct ldb_val *ldb_dn_get_rdn_val(struct ldb_dn *dn)
1943 if ( ! ldb_dn_validate(dn)) {
1946 if (dn->comp_num == 0) return NULL;
1947 return &dn->components[0].value;
1950 int ldb_dn_set_component(struct ldb_dn *dn, int num,
1951 const char *name, const struct ldb_val val)
1956 if ( ! ldb_dn_validate(dn)) {
1957 return LDB_ERR_OTHER;
1961 return LDB_ERR_OTHER;
1964 if ((unsigned)num >= dn->comp_num) {
1965 return LDB_ERR_OTHER;
1968 if (val.length > val.length + 1) {
1969 return LDB_ERR_OTHER;
1972 n = talloc_strdup(dn, name);
1974 return LDB_ERR_OTHER;
1977 v.length = val.length;
1980 * This is like talloc_memdup(dn, v.data, v.length + 1), but
1981 * avoids the over-read
1983 v.data = (uint8_t *)talloc_size(dn, v.length+1);
1986 return LDB_ERR_OTHER;
1988 memcpy(v.data, val.data, val.length);
1991 * Enforce NUL termination outside the stated length, as is
1992 * traditional in LDB
1994 v.data[v.length] = '\0';
1996 talloc_free(dn->components[num].name);
1997 talloc_free(dn->components[num].value.data);
1998 dn->components[num].name = n;
1999 dn->components[num].value = v;
2001 if (dn->valid_case) {
2003 for (i = 0; i < dn->comp_num; i++) {
2004 LDB_FREE(dn->components[i].cf_name);
2005 LDB_FREE(dn->components[i].cf_value.data);
2007 dn->valid_case = false;
2009 LDB_FREE(dn->casefold);
2010 LDB_FREE(dn->linearized);
2012 /* Wipe the ext_linearized DN,
2013 * the GUID and SID are almost certainly no longer valid */
2014 LDB_FREE(dn->ext_linearized);
2015 LDB_FREE(dn->ext_components);
2016 dn->ext_comp_num = 0;
2021 const struct ldb_val *ldb_dn_get_extended_component(struct ldb_dn *dn,
2025 if ( ! ldb_dn_validate(dn)) {
2028 for (i=0; i < dn->ext_comp_num; i++) {
2029 if (ldb_attr_cmp(dn->ext_components[i].name, name) == 0) {
2030 return &dn->ext_components[i].value;
2036 int ldb_dn_set_extended_component(struct ldb_dn *dn,
2037 const char *name, const struct ldb_val *val)
2039 struct ldb_dn_ext_component *p;
2042 const struct ldb_dn_extended_syntax *ext_syntax;
2044 if ( ! ldb_dn_validate(dn)) {
2045 return LDB_ERR_OTHER;
2048 ext_syntax = ldb_dn_extended_syntax_by_name(dn->ldb, name);
2049 if (ext_syntax == NULL) {
2050 /* We don't know how to handle this type of thing */
2051 return LDB_ERR_INVALID_DN_SYNTAX;
2054 for (i=0; i < dn->ext_comp_num; i++) {
2055 if (ldb_attr_cmp(dn->ext_components[i].name, name) == 0) {
2057 dn->ext_components[i].value =
2058 ldb_val_dup(dn->ext_components, val);
2060 dn->ext_components[i].name = ext_syntax->name;
2061 if (!dn->ext_components[i].value.data) {
2062 ldb_dn_mark_invalid(dn);
2063 return LDB_ERR_OPERATIONS_ERROR;
2072 dn->ext_components = talloc_realloc(dn,
2074 struct ldb_dn_ext_component,
2076 if (!dn->ext_components) {
2077 ldb_dn_mark_invalid(dn);
2078 return LDB_ERR_OPERATIONS_ERROR;
2081 LDB_FREE(dn->ext_linearized);
2088 /* removing a value that doesn't exist is not an error */
2094 p = dn->ext_components
2095 = talloc_realloc(dn,
2097 struct ldb_dn_ext_component,
2098 dn->ext_comp_num + 1);
2099 if (!dn->ext_components) {
2100 ldb_dn_mark_invalid(dn);
2101 return LDB_ERR_OPERATIONS_ERROR;
2104 p[dn->ext_comp_num].value = ldb_val_dup(dn->ext_components, &v2);
2105 p[dn->ext_comp_num].name = talloc_strdup(p, name);
2107 if (!dn->ext_components[i].name || !dn->ext_components[i].value.data) {
2108 ldb_dn_mark_invalid(dn);
2109 return LDB_ERR_OPERATIONS_ERROR;
2111 dn->ext_components = p;
2114 LDB_FREE(dn->ext_linearized);
2119 void ldb_dn_remove_extended_components(struct ldb_dn *dn)
2121 LDB_FREE(dn->ext_linearized);
2122 LDB_FREE(dn->ext_components);
2123 dn->ext_comp_num = 0;
2126 bool ldb_dn_is_valid(struct ldb_dn *dn)
2128 if ( ! dn) return false;
2129 return ! dn->invalid;
2132 bool ldb_dn_is_special(struct ldb_dn *dn)
2134 if ( ! dn || dn->invalid) return false;
2138 bool ldb_dn_has_extended(struct ldb_dn *dn)
2140 if ( ! dn || dn->invalid) return false;
2141 if (dn->ext_linearized && (dn->ext_linearized[0] == '<')) return true;
2142 return dn->ext_comp_num != 0;
2145 bool ldb_dn_check_special(struct ldb_dn *dn, const char *check)
2147 if ( ! dn || dn->invalid) return false;
2148 return ! strcmp(dn->linearized, check);
2151 bool ldb_dn_is_null(struct ldb_dn *dn)
2153 if ( ! dn || dn->invalid) return false;
2154 if (ldb_dn_has_extended(dn)) return false;
2155 if (dn->linearized && (dn->linearized[0] == '\0')) return true;
2160 this updates dn->components, taking the components from ref_dn.
2161 This is used by code that wants to update the DN path of a DN
2162 while not impacting on the extended DN components
2164 int ldb_dn_update_components(struct ldb_dn *dn, const struct ldb_dn *ref_dn)
2166 dn->components = talloc_realloc(dn, dn->components,
2167 struct ldb_dn_component, ref_dn->comp_num);
2168 if (!dn->components) {
2169 return LDB_ERR_OPERATIONS_ERROR;
2171 memcpy(dn->components, ref_dn->components,
2172 sizeof(struct ldb_dn_component)*ref_dn->comp_num);
2173 dn->comp_num = ref_dn->comp_num;
2175 LDB_FREE(dn->casefold);
2176 LDB_FREE(dn->linearized);
2177 LDB_FREE(dn->ext_linearized);
2183 minimise a DN. The caller must pass in a validated DN.
2185 If the DN has an extended component then only the first extended
2186 component is kept, the DN string is stripped.
2188 The existing dn is modified
2190 bool ldb_dn_minimise(struct ldb_dn *dn)
2194 if (!ldb_dn_validate(dn)) {
2197 if (dn->ext_comp_num == 0) {
2201 /* free components */
2202 for (i = 0; i < dn->comp_num; i++) {
2203 LDB_FREE(dn->components[i].name);
2204 LDB_FREE(dn->components[i].value.data);
2205 LDB_FREE(dn->components[i].cf_name);
2206 LDB_FREE(dn->components[i].cf_value.data);
2209 dn->valid_case = false;
2211 LDB_FREE(dn->casefold);
2212 LDB_FREE(dn->linearized);
2214 /* note that we don't free dn->components as this there are
2215 * several places in ldb_dn.c that rely on it being non-NULL
2216 * for an exploded DN
2219 for (i = 1; i < dn->ext_comp_num; i++) {
2220 LDB_FREE(dn->ext_components[i].value.data);
2222 dn->ext_comp_num = 1;
2224 dn->ext_components = talloc_realloc(dn, dn->ext_components, struct ldb_dn_ext_component, 1);
2225 if (dn->ext_components == NULL) {
2226 ldb_dn_mark_invalid(dn);
2230 LDB_FREE(dn->ext_linearized);
2235 struct ldb_context *ldb_dn_get_ldb_context(struct ldb_dn *dn)