4 Copyright (C) Simo Sorce 2005
6 ** NOTE! The following LGPL license applies to the ldb
7 ** library. This does NOT imply that all of Samba is released
10 This library is free software; you can redistribute it and/or
11 modify it under the terms of the GNU Lesser General Public
12 License as published by the Free Software Foundation; either
13 version 3 of the License, or (at your option) any later version.
15 This library is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 Lesser General Public License for more details.
20 You should have received a copy of the GNU Lesser General Public
21 License along with this library; if not, see <http://www.gnu.org/licenses/>.
27 * Component: ldb dn creation and manipulation utility functions
29 * Description: - explode a dn into it's own basic elements
30 * and put them in a structure (only if necessary)
31 * - manipulate ldb_dn structures
36 #include "ldb_private.h"
39 #define LDB_DN_NULL_FAILED(x) if (!(x)) goto failed
41 #define LDB_FREE(x) do { talloc_free(x); x = NULL; } while(0)
44 internal ldb exploded dn structures
46 struct ldb_dn_component {
52 struct ldb_val cf_value;
55 struct ldb_dn_ext_component {
63 struct ldb_context *ldb;
65 /* Special DNs are always linearized */
75 unsigned int comp_num;
76 struct ldb_dn_component *components;
78 unsigned int ext_comp_num;
79 struct ldb_dn_ext_component *ext_components;
82 /* it is helpful to be able to break on this in gdb */
83 static void ldb_dn_mark_invalid(struct ldb_dn *dn)
88 /* strdn may be NULL */
89 struct ldb_dn *ldb_dn_from_ldb_val(TALLOC_CTX *mem_ctx,
90 struct ldb_context *ldb,
91 const struct ldb_val *strdn)
95 if (! ldb) return NULL;
97 if (strdn && strdn->data
98 && (strnlen((const char*)strdn->data, strdn->length) != strdn->length)) {
99 /* The RDN must not contain a character with value 0x0 */
103 dn = talloc_zero(mem_ctx, struct ldb_dn);
104 LDB_DN_NULL_FAILED(dn);
106 dn->ldb = talloc_get_type(ldb, struct ldb_context);
107 if (dn->ldb == NULL) {
108 /* the caller probably got the arguments to
109 ldb_dn_new() mixed up */
114 if (strdn->data && strdn->length) {
115 const char *data = (const char *)strdn->data;
116 size_t length = strdn->length;
118 if (data[0] == '@') {
121 dn->ext_linearized = talloc_strndup(dn, data, length);
122 LDB_DN_NULL_FAILED(dn->ext_linearized);
124 if (data[0] == '<') {
125 const char *p_save, *p = dn->ext_linearized;
134 if (p_save == dn->ext_linearized) {
135 dn->linearized = talloc_strdup(dn, "");
137 dn->linearized = talloc_strdup(dn, p_save);
139 LDB_DN_NULL_FAILED(dn->linearized);
141 dn->linearized = dn->ext_linearized;
142 dn->ext_linearized = NULL;
145 dn->linearized = talloc_strdup(dn, "");
146 LDB_DN_NULL_FAILED(dn->linearized);
156 /* strdn may be NULL */
157 struct ldb_dn *ldb_dn_new(TALLOC_CTX *mem_ctx,
158 struct ldb_context *ldb,
162 blob.data = discard_const_p(uint8_t, strdn);
163 blob.length = strdn ? strlen(strdn) : 0;
164 return ldb_dn_from_ldb_val(mem_ctx, ldb, &blob);
167 struct ldb_dn *ldb_dn_new_fmt(TALLOC_CTX *mem_ctx,
168 struct ldb_context *ldb,
169 const char *new_fmt, ...)
174 if (! ldb) return NULL;
176 va_start(ap, new_fmt);
177 strdn = talloc_vasprintf(mem_ctx, new_fmt, ap);
181 struct ldb_dn *dn = ldb_dn_new(mem_ctx, ldb, strdn);
189 /* see RFC2253 section 2.4 */
190 static int ldb_dn_escape_internal(char *dst, const char *src, int len)
197 for (i = 0; i < len; i++){
201 if (i == 0 || i == len - 1) {
202 /* if at the beginning or end
203 * of the string then escape */
207 /* otherwise don't escape */
213 /* despite the RFC, windows escapes a #
214 anywhere in the string */
222 /* these must be escaped using \c form */
232 /* any others get \XX form */
234 const char *hexbytes = "0123456789ABCDEF";
235 v = (const unsigned char)c;
237 *d++ = hexbytes[v>>4];
238 *d++ = hexbytes[v&0xF];
246 /* return the length of the resulting string */
250 char *ldb_dn_escape_value(TALLOC_CTX *mem_ctx, struct ldb_val value)
257 /* allocate destination string, it will be at most 3 times the source */
258 dst = talloc_array(mem_ctx, char, value.length * 3 + 1);
264 len = ldb_dn_escape_internal(dst, (const char *)value.data, value.length);
266 dst = talloc_realloc(mem_ctx, dst, char, len + 1);
276 explode a DN string into a ldb_dn structure
277 based on RFC4514 except that we don't support multiple valued RDNs
279 TODO: according to MS-ADTS:3.1.1.5.2 Naming Constraints
280 DN must be compliant with RFC2253
282 static bool ldb_dn_explode(struct ldb_dn *dn)
284 char *p, *ex_name = NULL, *ex_value = NULL, *data, *d, *dt, *t;
286 bool in_extended = true;
287 bool in_ex_name = false;
288 bool in_ex_value = false;
289 bool in_attr = false;
290 bool in_value = false;
291 bool in_quote = false;
300 if ( ! dn || dn->invalid) return false;
302 if (dn->components) {
306 if (dn->ext_linearized) {
307 parse_dn = dn->ext_linearized;
309 parse_dn = dn->linearized;
316 is_index = (strncmp(parse_dn, "DN=@INDEX:", 10) == 0);
319 if (parse_dn[0] == '\0') {
323 /* Special DNs case */
328 /* make sure we free this if allocated previously before replacing */
329 LDB_FREE(dn->components);
332 LDB_FREE(dn->ext_components);
333 dn->ext_comp_num = 0;
335 /* in the common case we have 3 or more components */
336 /* make sure all components are zeroed, other functions depend on it */
337 dn->components = talloc_zero_array(dn, struct ldb_dn_component, 3);
338 if ( ! dn->components) {
342 /* Components data space is allocated here once */
343 data = talloc_array(dn->components, char, strlen(parse_dn) + 1);
355 if (!in_ex_name && !in_ex_value) {
362 } else if (p[0] == '\0') {
374 if (in_ex_name && *p == '=') {
383 if (in_ex_value && *p == '>') {
384 const struct ldb_dn_extended_syntax *ext_syntax;
385 struct ldb_val ex_val = {
386 .data = (uint8_t *)ex_value,
387 .length = d - ex_value
394 /* Process name and ex_value */
396 dn->ext_components = talloc_realloc(dn,
398 struct ldb_dn_ext_component,
399 dn->ext_comp_num + 1);
400 if ( ! dn->ext_components) {
405 ext_syntax = ldb_dn_extended_syntax_by_name(dn->ldb, ex_name);
407 /* We don't know about this type of extended DN */
411 dn->ext_components[dn->ext_comp_num].name = ext_syntax->name;
412 ret = ext_syntax->read_fn(dn->ldb, dn->ext_components,
413 &ex_val, &dn->ext_components[dn->ext_comp_num].value);
414 if (ret != LDB_SUCCESS) {
415 ldb_dn_mark_invalid(dn);
422 /* We have reached the end (extended component only)! */
426 } else if (*p == ';') {
430 ldb_dn_mark_invalid(dn);
449 /* attr names must be ascii only */
450 ldb_dn_mark_invalid(dn);
457 if ( ! isalpha(*p)) {
458 /* not a digit nor an alpha,
459 * invalid attribute name */
460 ldb_dn_mark_invalid(dn);
464 /* Copy this character across from parse_dn,
465 * now we have trimmed out spaces */
472 /* valid only if we are at the end */
477 if (trim && (*p != '=')) {
478 /* spaces/tabs are not allowed */
479 ldb_dn_mark_invalid(dn);
484 /* attribute terminated */
490 /* Terminate this string in d
491 * (which is a copy of parse_dn
492 * with spaces trimmed) */
494 dn->components[dn->comp_num].name = talloc_strdup(dn->components, dt);
495 if ( ! dn->components[dn->comp_num].name) {
507 /* attr names must be ascii only */
508 ldb_dn_mark_invalid(dn);
512 if (is_oid && ( ! (isdigit(*p) || (*p == '.')))) {
513 /* not a digit nor a dot,
514 * invalid attribute oid */
515 ldb_dn_mark_invalid(dn);
518 if ( ! (isalpha(*p) || isdigit(*p) || (*p == '-'))) {
519 /* not ALPHA, DIGIT or HYPHEN */
520 ldb_dn_mark_invalid(dn);
560 /* TODO: support ber encoded values
571 /* ok found value terminator */
587 * This talloc_memdup() is OK with the
588 * +1 because *d has been set to '\0'
591 dn->components[dn->comp_num].value.data = \
592 (uint8_t *)talloc_memdup(dn->components, dt, l + 1);
593 dn->components[dn->comp_num].value.length = l;
594 if ( ! dn->components[dn->comp_num].value.data) {
598 talloc_set_name_const(dn->components[dn->comp_num].value.data,
599 (const char *)dn->components[dn->comp_num].value.data);
604 if (dn->comp_num > 2) {
605 dn->components = talloc_realloc(dn,
607 struct ldb_dn_component,
609 if ( ! dn->components) {
613 /* make sure all components are zeroed, other functions depend on this */
614 memset(&dn->components[dn->comp_num], '\0', sizeof(struct ldb_dn_component));
621 /* to main compatibility with earlier
622 versions of ldb indexing, we have to
623 accept the base64 encoded binary index
624 values, which contain a '+' or '='
625 which should normally be escaped */
638 /* a string with not escaped specials is invalid (tested) */
640 ldb_dn_mark_invalid(dn);
667 if (isxdigit(p[0]) && isxdigit(p[1])) {
668 if (sscanf(p, "%02x", &x) != 1) {
669 /* invalid escaping sequence */
670 ldb_dn_mark_invalid(dn);
674 *d++ = (unsigned char)x;
700 if (in_attr || in_quote) {
702 ldb_dn_mark_invalid(dn);
706 /* save last element */
715 * This talloc_memdup() is OK with the
716 * +1 because *d has been set to '\0'
719 dn->components[dn->comp_num].value.length = l;
720 dn->components[dn->comp_num].value.data =
721 (uint8_t *)talloc_memdup(dn->components, dt, l + 1);
722 if ( ! dn->components[dn->comp_num].value.data) {
726 talloc_set_name_const(dn->components[dn->comp_num].value.data,
727 (const char *)dn->components[dn->comp_num].value.data);
735 LDB_FREE(dn->components); /* "data" is implicitly free'd */
737 LDB_FREE(dn->ext_components);
738 dn->ext_comp_num = 0;
743 bool ldb_dn_validate(struct ldb_dn *dn)
745 return ldb_dn_explode(dn);
748 const char *ldb_dn_get_linearized(struct ldb_dn *dn)
754 if ( ! dn || ( dn->invalid)) return NULL;
756 if (dn->linearized) return dn->linearized;
758 if ( ! dn->components) {
759 ldb_dn_mark_invalid(dn);
763 if (dn->comp_num == 0) {
764 dn->linearized = talloc_strdup(dn, "");
765 if ( ! dn->linearized) return NULL;
766 return dn->linearized;
769 /* calculate maximum possible length of DN */
770 for (len = 0, i = 0; i < dn->comp_num; i++) {
772 len += strlen(dn->components[i].name);
773 /* max escaped data len */
774 len += (dn->components[i].value.length * 3);
775 len += 2; /* '=' and ',' */
777 dn->linearized = talloc_array(dn, char, len);
778 if ( ! dn->linearized) return NULL;
782 for (i = 0; i < dn->comp_num; i++) {
785 n = dn->components[i].name;
786 while (*n) *d++ = *n++;
791 d += ldb_dn_escape_internal( d,
792 (char *)dn->components[i].value.data,
793 dn->components[i].value.length);
799 /* don't waste more memory than necessary */
800 dn->linearized = talloc_realloc(dn, dn->linearized,
801 char, (d - dn->linearized + 1));
803 return dn->linearized;
806 static int ldb_dn_extended_component_compare(const void *p1, const void *p2)
808 const struct ldb_dn_ext_component *ec1 = (const struct ldb_dn_ext_component *)p1;
809 const struct ldb_dn_ext_component *ec2 = (const struct ldb_dn_ext_component *)p2;
810 return strcmp(ec1->name, ec2->name);
813 char *ldb_dn_get_extended_linearized(TALLOC_CTX *mem_ctx, struct ldb_dn *dn, int mode)
815 const char *linearized = ldb_dn_get_linearized(dn);
823 if (!ldb_dn_has_extended(dn)) {
824 return talloc_strdup(mem_ctx, linearized);
827 if (!ldb_dn_validate(dn)) {
831 /* sort the extended components by name. The idea is to make
832 * the resulting DNs consistent, plus to ensure that we put
833 * 'DELETED' first, so it can be very quickly recognised
835 TYPESAFE_QSORT(dn->ext_components, dn->ext_comp_num,
836 ldb_dn_extended_component_compare);
838 for (i = 0; i < dn->ext_comp_num; i++) {
839 const struct ldb_dn_extended_syntax *ext_syntax;
840 const char *name = dn->ext_components[i].name;
841 struct ldb_val ec_val = dn->ext_components[i].value;
845 ext_syntax = ldb_dn_extended_syntax_by_name(dn->ldb, name);
851 ret = ext_syntax->write_clear_fn(dn->ldb, mem_ctx,
853 } else if (mode == 0) {
854 ret = ext_syntax->write_hex_fn(dn->ldb, mem_ctx,
860 if (ret != LDB_SUCCESS) {
865 p = talloc_asprintf(mem_ctx, "<%s=%s>",
868 p = talloc_asprintf_append_buffer(p, ";<%s=%s>",
872 talloc_free(val.data);
879 if (dn->ext_comp_num && *linearized) {
880 p = talloc_asprintf_append_buffer(p, ";%s", linearized);
891 filter out all but an acceptable list of extended DN components
893 void ldb_dn_extended_filter(struct ldb_dn *dn, const char * const *accept_list)
896 for (i=0; i<dn->ext_comp_num; i++) {
897 if (!ldb_attr_in_list(accept_list, dn->ext_components[i].name)) {
898 memmove(&dn->ext_components[i],
899 &dn->ext_components[i+1],
900 (dn->ext_comp_num-(i+1))*sizeof(dn->ext_components[0]));
905 LDB_FREE(dn->ext_linearized);
909 char *ldb_dn_alloc_linearized(TALLOC_CTX *mem_ctx, struct ldb_dn *dn)
911 return talloc_strdup(mem_ctx, ldb_dn_get_linearized(dn));
915 casefold a dn. We need to casefold the attribute names, and canonicalize
916 attribute values of case insensitive attributes.
919 static bool ldb_dn_casefold_internal(struct ldb_dn *dn)
924 if ( ! dn || dn->invalid) return false;
926 if (dn->valid_case) return true;
928 if (( ! dn->components) && ( ! ldb_dn_explode(dn))) {
932 for (i = 0; i < dn->comp_num; i++) {
933 const struct ldb_schema_attribute *a;
935 dn->components[i].cf_name =
936 ldb_attr_casefold(dn->components,
937 dn->components[i].name);
938 if (!dn->components[i].cf_name) {
942 a = ldb_schema_attribute_by_name(dn->ldb,
943 dn->components[i].cf_name);
945 ret = a->syntax->canonicalise_fn(dn->ldb, dn->components,
946 &(dn->components[i].value),
947 &(dn->components[i].cf_value));
953 dn->valid_case = true;
958 for (i = 0; i < dn->comp_num; i++) {
959 LDB_FREE(dn->components[i].cf_name);
960 LDB_FREE(dn->components[i].cf_value.data);
965 const char *ldb_dn_get_casefold(struct ldb_dn *dn)
971 if (dn->casefold) return dn->casefold;
974 dn->casefold = talloc_strdup(dn, dn->linearized);
975 if (!dn->casefold) return NULL;
976 dn->valid_case = true;
980 if ( ! ldb_dn_casefold_internal(dn)) {
984 if (dn->comp_num == 0) {
985 dn->casefold = talloc_strdup(dn, "");
989 /* calculate maximum possible length of DN */
990 for (len = 0, i = 0; i < dn->comp_num; i++) {
992 len += strlen(dn->components[i].cf_name);
993 /* max escaped data len */
994 len += (dn->components[i].cf_value.length * 3);
995 len += 2; /* '=' and ',' */
997 dn->casefold = talloc_array(dn, char, len);
998 if ( ! dn->casefold) return NULL;
1002 for (i = 0; i < dn->comp_num; i++) {
1005 n = dn->components[i].cf_name;
1006 while (*n) *d++ = *n++;
1011 d += ldb_dn_escape_internal( d,
1012 (char *)dn->components[i].cf_value.data,
1013 dn->components[i].cf_value.length);
1018 /* don't waste more memory than necessary */
1019 dn->casefold = talloc_realloc(dn, dn->casefold,
1020 char, strlen(dn->casefold) + 1);
1022 return dn->casefold;
1025 char *ldb_dn_alloc_casefold(TALLOC_CTX *mem_ctx, struct ldb_dn *dn)
1027 return talloc_strdup(mem_ctx, ldb_dn_get_casefold(dn));
1030 /* Determine if dn is below base, in the ldap tree. Used for
1031 * evaluating a subtree search.
1032 * 0 if they match, otherwise non-zero
1035 int ldb_dn_compare_base(struct ldb_dn *base, struct ldb_dn *dn)
1038 unsigned int n_base, n_dn;
1040 if ( ! base || base->invalid) return 1;
1041 if ( ! dn || dn->invalid) return -1;
1043 if (( ! base->valid_case) || ( ! dn->valid_case)) {
1044 if (base->linearized && dn->linearized && dn->special == base->special) {
1045 /* try with a normal compare first, if we are lucky
1046 * we will avoid exploding and casfolding */
1048 dif = strlen(dn->linearized) - strlen(base->linearized);
1052 if (strcmp(base->linearized,
1053 &dn->linearized[dif]) == 0) {
1058 if ( ! ldb_dn_casefold_internal(base)) {
1062 if ( ! ldb_dn_casefold_internal(dn)) {
1068 /* if base has more components,
1069 * they don't have the same base */
1070 if (base->comp_num > dn->comp_num) {
1071 return (dn->comp_num - base->comp_num);
1074 if ((dn->comp_num == 0) || (base->comp_num == 0)) {
1075 if (dn->special && base->special) {
1076 return strcmp(base->linearized, dn->linearized);
1077 } else if (dn->special) {
1079 } else if (base->special) {
1086 n_base = base->comp_num - 1;
1087 n_dn = dn->comp_num - 1;
1089 while (n_base != (unsigned int) -1) {
1090 char *b_name = base->components[n_base].cf_name;
1091 char *dn_name = dn->components[n_dn].cf_name;
1093 char *b_vdata = (char *)base->components[n_base].cf_value.data;
1094 char *dn_vdata = (char *)dn->components[n_dn].cf_value.data;
1096 size_t b_vlen = base->components[n_base].cf_value.length;
1097 size_t dn_vlen = dn->components[n_dn].cf_value.length;
1099 /* compare attr names */
1100 ret = strcmp(b_name, dn_name);
1101 if (ret != 0) return ret;
1103 /* compare attr.cf_value. */
1104 if (b_vlen != dn_vlen) {
1105 return b_vlen - dn_vlen;
1107 ret = strncmp(b_vdata, dn_vdata, b_vlen);
1108 if (ret != 0) return ret;
1117 /* compare DNs using casefolding compare functions.
1119 If they match, then return 0
1122 int ldb_dn_compare(struct ldb_dn *dn0, struct ldb_dn *dn1)
1127 if (( ! dn0) || dn0->invalid || ! dn1 || dn1->invalid) {
1131 if (( ! dn0->valid_case) || ( ! dn1->valid_case)) {
1132 if (dn0->linearized && dn1->linearized) {
1133 /* try with a normal compare first, if we are lucky
1134 * we will avoid exploding and casfolding */
1135 if (strcmp(dn0->linearized, dn1->linearized) == 0) {
1140 if ( ! ldb_dn_casefold_internal(dn0)) {
1144 if ( ! ldb_dn_casefold_internal(dn1)) {
1150 if (dn0->comp_num != dn1->comp_num) {
1151 return (dn1->comp_num - dn0->comp_num);
1154 if (dn0->comp_num == 0) {
1155 if (dn0->special && dn1->special) {
1156 return strcmp(dn0->linearized, dn1->linearized);
1157 } else if (dn0->special) {
1159 } else if (dn1->special) {
1166 for (i = 0; i < dn0->comp_num; i++) {
1167 char *dn0_name = dn0->components[i].cf_name;
1168 char *dn1_name = dn1->components[i].cf_name;
1170 char *dn0_vdata = (char *)dn0->components[i].cf_value.data;
1171 char *dn1_vdata = (char *)dn1->components[i].cf_value.data;
1173 size_t dn0_vlen = dn0->components[i].cf_value.length;
1174 size_t dn1_vlen = dn1->components[i].cf_value.length;
1176 /* compare attr names */
1177 ret = strcmp(dn0_name, dn1_name);
1182 /* compare attr.cf_value. */
1183 if (dn0_vlen != dn1_vlen) {
1184 return dn0_vlen - dn1_vlen;
1186 ret = strncmp(dn0_vdata, dn1_vdata, dn0_vlen);
1195 static struct ldb_dn_component ldb_dn_copy_component(
1196 TALLOC_CTX *mem_ctx,
1197 struct ldb_dn_component *src)
1199 struct ldb_dn_component dst;
1201 memset(&dst, 0, sizeof(dst));
1207 dst.value = ldb_val_dup(mem_ctx, &(src->value));
1208 if (dst.value.data == NULL) {
1212 dst.name = talloc_strdup(mem_ctx, src->name);
1213 if (dst.name == NULL) {
1214 LDB_FREE(dst.value.data);
1218 if (src->cf_value.data) {
1219 dst.cf_value = ldb_val_dup(mem_ctx, &(src->cf_value));
1220 if (dst.cf_value.data == NULL) {
1221 LDB_FREE(dst.value.data);
1226 dst.cf_name = talloc_strdup(mem_ctx, src->cf_name);
1227 if (dst.cf_name == NULL) {
1228 LDB_FREE(dst.cf_name);
1229 LDB_FREE(dst.value.data);
1234 dst.cf_value.data = NULL;
1241 static struct ldb_dn_ext_component ldb_dn_ext_copy_component(
1242 TALLOC_CTX *mem_ctx,
1243 struct ldb_dn_ext_component *src)
1245 struct ldb_dn_ext_component dst;
1247 memset(&dst, 0, sizeof(dst));
1253 dst.value = ldb_val_dup(mem_ctx, &(src->value));
1254 if (dst.value.data == NULL) {
1258 dst.name = talloc_strdup(mem_ctx, src->name);
1259 if (dst.name == NULL) {
1260 LDB_FREE(dst.value.data);
1267 struct ldb_dn *ldb_dn_copy(TALLOC_CTX *mem_ctx, struct ldb_dn *dn)
1269 struct ldb_dn *new_dn;
1271 if (!dn || dn->invalid) {
1275 new_dn = talloc_zero(mem_ctx, struct ldb_dn);
1282 if (dn->components) {
1285 new_dn->components =
1286 talloc_zero_array(new_dn,
1287 struct ldb_dn_component,
1289 if ( ! new_dn->components) {
1290 talloc_free(new_dn);
1294 for (i = 0; i < dn->comp_num; i++) {
1295 new_dn->components[i] =
1296 ldb_dn_copy_component(new_dn->components,
1297 &dn->components[i]);
1298 if ( ! new_dn->components[i].value.data) {
1299 talloc_free(new_dn);
1305 if (dn->ext_components) {
1308 new_dn->ext_components =
1309 talloc_zero_array(new_dn,
1310 struct ldb_dn_ext_component,
1312 if ( ! new_dn->ext_components) {
1313 talloc_free(new_dn);
1317 for (i = 0; i < dn->ext_comp_num; i++) {
1318 new_dn->ext_components[i] =
1319 ldb_dn_ext_copy_component(
1320 new_dn->ext_components,
1321 &dn->ext_components[i]);
1322 if ( ! new_dn->ext_components[i].value.data) {
1323 talloc_free(new_dn);
1330 new_dn->casefold = talloc_strdup(new_dn, dn->casefold);
1331 if ( ! new_dn->casefold) {
1332 talloc_free(new_dn);
1337 if (dn->linearized) {
1338 new_dn->linearized = talloc_strdup(new_dn, dn->linearized);
1339 if ( ! new_dn->linearized) {
1340 talloc_free(new_dn);
1345 if (dn->ext_linearized) {
1346 new_dn->ext_linearized = talloc_strdup(new_dn,
1347 dn->ext_linearized);
1348 if ( ! new_dn->ext_linearized) {
1349 talloc_free(new_dn);
1357 /* modify the given dn by adding a base.
1359 * return true if successful and false if not
1360 * if false is returned the dn may be marked invalid
1362 bool ldb_dn_add_base(struct ldb_dn *dn, struct ldb_dn *base)
1367 if ( !base || base->invalid || !dn || dn->invalid) {
1371 if (dn->components) {
1374 if ( ! ldb_dn_validate(base)) {
1379 if (dn->valid_case) {
1380 if ( ! (s = ldb_dn_get_casefold(base))) {
1385 dn->components = talloc_realloc(dn,
1387 struct ldb_dn_component,
1388 dn->comp_num + base->comp_num);
1389 if ( ! dn->components) {
1390 ldb_dn_mark_invalid(dn);
1394 for (i = 0; i < base->comp_num; dn->comp_num++, i++) {
1395 dn->components[dn->comp_num] =
1396 ldb_dn_copy_component(dn->components,
1397 &base->components[i]);
1398 if (dn->components[dn->comp_num].value.data == NULL) {
1399 ldb_dn_mark_invalid(dn);
1404 if (dn->casefold && s) {
1405 if (*dn->casefold) {
1406 t = talloc_asprintf(dn, "%s,%s",
1409 t = talloc_strdup(dn, s);
1411 LDB_FREE(dn->casefold);
1416 if (dn->linearized) {
1418 s = ldb_dn_get_linearized(base);
1423 if (*dn->linearized) {
1424 t = talloc_asprintf(dn, "%s,%s",
1427 t = talloc_strdup(dn, s);
1430 ldb_dn_mark_invalid(dn);
1433 LDB_FREE(dn->linearized);
1437 /* Wipe the ext_linearized DN,
1438 * the GUID and SID are almost certainly no longer valid */
1439 LDB_FREE(dn->ext_linearized);
1440 LDB_FREE(dn->ext_components);
1441 dn->ext_comp_num = 0;
1446 /* modify the given dn by adding a base.
1448 * return true if successful and false if not
1449 * if false is returned the dn may be marked invalid
1451 bool ldb_dn_add_base_fmt(struct ldb_dn *dn, const char *base_fmt, ...)
1453 struct ldb_dn *base;
1458 if ( !dn || dn->invalid) {
1462 va_start(ap, base_fmt);
1463 base_str = talloc_vasprintf(dn, base_fmt, ap);
1466 if (base_str == NULL) {
1470 base = ldb_dn_new(base_str, dn->ldb, base_str);
1472 ret = ldb_dn_add_base(dn, base);
1474 talloc_free(base_str);
1479 /* modify the given dn by adding children elements.
1481 * return true if successful and false if not
1482 * if false is returned the dn may be marked invalid
1484 bool ldb_dn_add_child(struct ldb_dn *dn, struct ldb_dn *child)
1489 if ( !child || child->invalid || !dn || dn->invalid) {
1493 if (dn->components) {
1497 if (dn->comp_num == 0) {
1501 if ( ! ldb_dn_validate(child)) {
1506 if (dn->valid_case) {
1507 if ( ! (s = ldb_dn_get_casefold(child))) {
1512 n = dn->comp_num + child->comp_num;
1514 dn->components = talloc_realloc(dn,
1516 struct ldb_dn_component,
1518 if ( ! dn->components) {
1519 ldb_dn_mark_invalid(dn);
1523 for (i = dn->comp_num - 1, j = n - 1; i != (unsigned int) -1;
1525 dn->components[j] = dn->components[i];
1528 for (i = 0; i < child->comp_num; i++) {
1530 ldb_dn_copy_component(dn->components,
1531 &child->components[i]);
1532 if (dn->components[i].value.data == NULL) {
1533 ldb_dn_mark_invalid(dn);
1540 if (dn->casefold && s) {
1541 t = talloc_asprintf(dn, "%s,%s", s, dn->casefold);
1542 LDB_FREE(dn->casefold);
1547 if (dn->linearized) {
1548 if (dn->linearized[0] == '\0') {
1552 s = ldb_dn_get_linearized(child);
1557 t = talloc_asprintf(dn, "%s,%s", s, dn->linearized);
1559 ldb_dn_mark_invalid(dn);
1562 LDB_FREE(dn->linearized);
1566 /* Wipe the ext_linearized DN,
1567 * the GUID and SID are almost certainly no longer valid */
1568 LDB_FREE(dn->ext_linearized);
1569 LDB_FREE(dn->ext_components);
1570 dn->ext_comp_num = 0;
1575 /* modify the given dn by adding children elements.
1577 * return true if successful and false if not
1578 * if false is returned the dn may be marked invalid
1580 bool ldb_dn_add_child_fmt(struct ldb_dn *dn, const char *child_fmt, ...)
1582 struct ldb_dn *child;
1587 if ( !dn || dn->invalid) {
1591 va_start(ap, child_fmt);
1592 child_str = talloc_vasprintf(dn, child_fmt, ap);
1595 if (child_str == NULL) {
1599 child = ldb_dn_new(child_str, dn->ldb, child_str);
1601 ret = ldb_dn_add_child(dn, child);
1603 talloc_free(child_str);
1608 /* modify the given dn by adding a single child element.
1610 * return true if successful and false if not
1611 * if false is returned the dn may be marked invalid
1613 bool ldb_dn_add_child_val(struct ldb_dn *dn,
1615 struct ldb_val value)
1619 struct ldb_dn *child = NULL;
1621 if ( !dn || dn->invalid) {
1625 child = ldb_dn_new(dn, dn->ldb, "X=Y");
1626 ret = ldb_dn_add_child(dn, child);
1632 ldb_ret = ldb_dn_set_component(dn,
1636 if (ldb_ret != LDB_SUCCESS) {
1643 bool ldb_dn_remove_base_components(struct ldb_dn *dn, unsigned int num)
1647 if ( ! ldb_dn_validate(dn)) {
1651 if (dn->comp_num < num) {
1655 /* free components */
1656 for (i = dn->comp_num - num; i < dn->comp_num; i++) {
1657 LDB_FREE(dn->components[i].name);
1658 LDB_FREE(dn->components[i].value.data);
1659 LDB_FREE(dn->components[i].cf_name);
1660 LDB_FREE(dn->components[i].cf_value.data);
1663 dn->comp_num -= num;
1665 if (dn->valid_case) {
1666 for (i = 0; i < dn->comp_num; i++) {
1667 LDB_FREE(dn->components[i].cf_name);
1668 LDB_FREE(dn->components[i].cf_value.data);
1670 dn->valid_case = false;
1673 LDB_FREE(dn->casefold);
1674 LDB_FREE(dn->linearized);
1676 /* Wipe the ext_linearized DN,
1677 * the GUID and SID are almost certainly no longer valid */
1678 LDB_FREE(dn->ext_linearized);
1679 LDB_FREE(dn->ext_components);
1680 dn->ext_comp_num = 0;
1685 bool ldb_dn_remove_child_components(struct ldb_dn *dn, unsigned int num)
1689 if ( ! ldb_dn_validate(dn)) {
1693 if (dn->comp_num < num) {
1697 for (i = 0, j = num; j < dn->comp_num; i++, j++) {
1699 LDB_FREE(dn->components[i].name);
1700 LDB_FREE(dn->components[i].value.data);
1701 LDB_FREE(dn->components[i].cf_name);
1702 LDB_FREE(dn->components[i].cf_value.data);
1704 dn->components[i] = dn->components[j];
1707 dn->comp_num -= num;
1709 if (dn->valid_case) {
1710 for (i = 0; i < dn->comp_num; i++) {
1711 LDB_FREE(dn->components[i].cf_name);
1712 LDB_FREE(dn->components[i].cf_value.data);
1714 dn->valid_case = false;
1717 LDB_FREE(dn->casefold);
1718 LDB_FREE(dn->linearized);
1720 /* Wipe the ext_linearized DN,
1721 * the GUID and SID are almost certainly no longer valid */
1722 LDB_FREE(dn->ext_linearized);
1723 LDB_FREE(dn->ext_components);
1724 dn->ext_comp_num = 0;
1730 /* replace the components of a DN with those from another DN, without
1731 * touching the extended components
1733 * return true if successful and false if not
1734 * if false is returned the dn may be marked invalid
1736 bool ldb_dn_replace_components(struct ldb_dn *dn, struct ldb_dn *new_dn)
1740 if ( ! ldb_dn_validate(dn) || ! ldb_dn_validate(new_dn)) {
1744 /* free components */
1745 for (i = 0; i < dn->comp_num; i++) {
1746 LDB_FREE(dn->components[i].name);
1747 LDB_FREE(dn->components[i].value.data);
1748 LDB_FREE(dn->components[i].cf_name);
1749 LDB_FREE(dn->components[i].cf_value.data);
1752 dn->components = talloc_realloc(dn,
1754 struct ldb_dn_component,
1756 if (dn->components == NULL) {
1757 ldb_dn_mark_invalid(dn);
1761 dn->comp_num = new_dn->comp_num;
1762 dn->valid_case = new_dn->valid_case;
1764 for (i = 0; i < dn->comp_num; i++) {
1765 dn->components[i] = ldb_dn_copy_component(dn->components, &new_dn->components[i]);
1766 if (dn->components[i].name == NULL) {
1767 ldb_dn_mark_invalid(dn);
1771 if (new_dn->linearized == NULL) {
1772 dn->linearized = NULL;
1774 dn->linearized = talloc_strdup(dn, new_dn->linearized);
1775 if (dn->linearized == NULL) {
1776 ldb_dn_mark_invalid(dn);
1785 struct ldb_dn *ldb_dn_get_parent(TALLOC_CTX *mem_ctx, struct ldb_dn *dn)
1787 struct ldb_dn *new_dn;
1789 new_dn = ldb_dn_copy(mem_ctx, dn);
1794 if ( ! ldb_dn_remove_child_components(new_dn, 1)) {
1795 talloc_free(new_dn);
1802 /* Create a 'canonical name' string from a DN:
1804 ie dc=samba,dc=org -> samba.org/
1805 uid=administrator,ou=users,dc=samba,dc=org = samba.org/users/administrator
1807 There are two formats,
1808 the EX format has the last '/' replaced with a newline (\n).
1811 static char *ldb_dn_canonical(TALLOC_CTX *mem_ctx, struct ldb_dn *dn, int ex_format) {
1814 char *cracked = NULL;
1815 const char *format = (ex_format ? "\n" : "/" );
1817 if ( ! ldb_dn_validate(dn)) {
1821 tmpctx = talloc_new(mem_ctx);
1823 /* Walk backwards down the DN, grabbing 'dc' components at first */
1824 for (i = dn->comp_num - 1; i != (unsigned int) -1; i--) {
1825 if (ldb_attr_cmp(dn->components[i].name, "dc") != 0) {
1829 cracked = talloc_asprintf(tmpctx, "%s.%s",
1830 ldb_dn_escape_value(tmpctx,
1831 dn->components[i].value),
1834 cracked = ldb_dn_escape_value(tmpctx,
1835 dn->components[i].value);
1842 /* Only domain components? Finish here */
1843 if (i == (unsigned int) -1) {
1844 cracked = talloc_strdup_append_buffer(cracked, format);
1845 talloc_steal(mem_ctx, cracked);
1849 /* Now walk backwards appending remaining components */
1850 for (; i > 0; i--) {
1851 cracked = talloc_asprintf_append_buffer(cracked, "/%s",
1852 ldb_dn_escape_value(tmpctx,
1853 dn->components[i].value));
1859 /* Last one, possibly a newline for the 'ex' format */
1860 cracked = talloc_asprintf_append_buffer(cracked, "%s%s", format,
1861 ldb_dn_escape_value(tmpctx,
1862 dn->components[i].value));
1864 talloc_steal(mem_ctx, cracked);
1866 talloc_free(tmpctx);
1870 /* Wrapper functions for the above, for the two different string formats */
1871 char *ldb_dn_canonical_string(TALLOC_CTX *mem_ctx, struct ldb_dn *dn) {
1872 return ldb_dn_canonical(mem_ctx, dn, 0);
1876 char *ldb_dn_canonical_ex_string(TALLOC_CTX *mem_ctx, struct ldb_dn *dn) {
1877 return ldb_dn_canonical(mem_ctx, dn, 1);
1880 int ldb_dn_get_comp_num(struct ldb_dn *dn)
1882 if ( ! ldb_dn_validate(dn)) {
1885 return dn->comp_num;
1888 int ldb_dn_get_extended_comp_num(struct ldb_dn *dn)
1890 if ( ! ldb_dn_validate(dn)) {
1893 return dn->ext_comp_num;
1896 const char *ldb_dn_get_component_name(struct ldb_dn *dn, unsigned int num)
1898 if ( ! ldb_dn_validate(dn)) {
1901 if (num >= dn->comp_num) return NULL;
1902 return dn->components[num].name;
1905 const struct ldb_val *ldb_dn_get_component_val(struct ldb_dn *dn,
1908 if ( ! ldb_dn_validate(dn)) {
1911 if (num >= dn->comp_num) return NULL;
1912 return &dn->components[num].value;
1915 const char *ldb_dn_get_rdn_name(struct ldb_dn *dn)
1917 if ( ! ldb_dn_validate(dn)) {
1920 if (dn->comp_num == 0) return NULL;
1921 return dn->components[0].name;
1924 const struct ldb_val *ldb_dn_get_rdn_val(struct ldb_dn *dn)
1926 if ( ! ldb_dn_validate(dn)) {
1929 if (dn->comp_num == 0) return NULL;
1930 return &dn->components[0].value;
1933 int ldb_dn_set_component(struct ldb_dn *dn, int num,
1934 const char *name, const struct ldb_val val)
1939 if ( ! ldb_dn_validate(dn)) {
1940 return LDB_ERR_OTHER;
1944 return LDB_ERR_OTHER;
1947 if ((unsigned)num >= dn->comp_num) {
1948 return LDB_ERR_OTHER;
1951 if (val.length > val.length + 1) {
1952 return LDB_ERR_OTHER;
1955 n = talloc_strdup(dn, name);
1957 return LDB_ERR_OTHER;
1960 v.length = val.length;
1963 * This is like talloc_memdup(dn, v.data, v.length + 1), but
1964 * avoids the over-read
1966 v.data = (uint8_t *)talloc_size(dn, v.length+1);
1969 return LDB_ERR_OTHER;
1971 memcpy(v.data, val.data, val.length);
1974 * Enforce NUL termination outside the stated length, as is
1975 * traditional in LDB
1977 v.data[v.length] = '\0';
1979 talloc_free(dn->components[num].name);
1980 talloc_free(dn->components[num].value.data);
1981 dn->components[num].name = n;
1982 dn->components[num].value = v;
1984 if (dn->valid_case) {
1986 for (i = 0; i < dn->comp_num; i++) {
1987 LDB_FREE(dn->components[i].cf_name);
1988 LDB_FREE(dn->components[i].cf_value.data);
1990 dn->valid_case = false;
1992 LDB_FREE(dn->casefold);
1993 LDB_FREE(dn->linearized);
1995 /* Wipe the ext_linearized DN,
1996 * the GUID and SID are almost certainly no longer valid */
1997 LDB_FREE(dn->ext_linearized);
1998 LDB_FREE(dn->ext_components);
1999 dn->ext_comp_num = 0;
2004 const struct ldb_val *ldb_dn_get_extended_component(struct ldb_dn *dn,
2008 if ( ! ldb_dn_validate(dn)) {
2011 for (i=0; i < dn->ext_comp_num; i++) {
2012 if (ldb_attr_cmp(dn->ext_components[i].name, name) == 0) {
2013 return &dn->ext_components[i].value;
2019 int ldb_dn_set_extended_component(struct ldb_dn *dn,
2020 const char *name, const struct ldb_val *val)
2022 struct ldb_dn_ext_component *p;
2025 const struct ldb_dn_extended_syntax *ext_syntax;
2027 if ( ! ldb_dn_validate(dn)) {
2028 return LDB_ERR_OTHER;
2031 ext_syntax = ldb_dn_extended_syntax_by_name(dn->ldb, name);
2032 if (ext_syntax == NULL) {
2033 /* We don't know how to handle this type of thing */
2034 return LDB_ERR_INVALID_DN_SYNTAX;
2037 for (i=0; i < dn->ext_comp_num; i++) {
2038 if (ldb_attr_cmp(dn->ext_components[i].name, name) == 0) {
2040 dn->ext_components[i].value =
2041 ldb_val_dup(dn->ext_components, val);
2043 dn->ext_components[i].name = ext_syntax->name;
2044 if (!dn->ext_components[i].value.data) {
2045 ldb_dn_mark_invalid(dn);
2046 return LDB_ERR_OPERATIONS_ERROR;
2049 if (i != (dn->ext_comp_num - 1)) {
2050 memmove(&dn->ext_components[i],
2051 &dn->ext_components[i+1],
2052 ((dn->ext_comp_num-1) - i) *
2053 sizeof(*dn->ext_components));
2057 dn->ext_components = talloc_realloc(dn,
2059 struct ldb_dn_ext_component,
2061 if (!dn->ext_components) {
2062 ldb_dn_mark_invalid(dn);
2063 return LDB_ERR_OPERATIONS_ERROR;
2066 LDB_FREE(dn->ext_linearized);
2073 /* removing a value that doesn't exist is not an error */
2079 p = dn->ext_components
2080 = talloc_realloc(dn,
2082 struct ldb_dn_ext_component,
2083 dn->ext_comp_num + 1);
2084 if (!dn->ext_components) {
2085 ldb_dn_mark_invalid(dn);
2086 return LDB_ERR_OPERATIONS_ERROR;
2089 p[dn->ext_comp_num].value = ldb_val_dup(dn->ext_components, &v2);
2090 p[dn->ext_comp_num].name = talloc_strdup(p, name);
2092 if (!dn->ext_components[i].name || !dn->ext_components[i].value.data) {
2093 ldb_dn_mark_invalid(dn);
2094 return LDB_ERR_OPERATIONS_ERROR;
2096 dn->ext_components = p;
2099 LDB_FREE(dn->ext_linearized);
2104 void ldb_dn_remove_extended_components(struct ldb_dn *dn)
2106 LDB_FREE(dn->ext_linearized);
2107 LDB_FREE(dn->ext_components);
2108 dn->ext_comp_num = 0;
2111 bool ldb_dn_is_valid(struct ldb_dn *dn)
2113 if ( ! dn) return false;
2114 return ! dn->invalid;
2117 bool ldb_dn_is_special(struct ldb_dn *dn)
2119 if ( ! dn || dn->invalid) return false;
2123 bool ldb_dn_has_extended(struct ldb_dn *dn)
2125 if ( ! dn || dn->invalid) return false;
2126 if (dn->ext_linearized && (dn->ext_linearized[0] == '<')) return true;
2127 return dn->ext_comp_num != 0;
2130 bool ldb_dn_check_special(struct ldb_dn *dn, const char *check)
2132 if ( ! dn || dn->invalid) return false;
2133 return ! strcmp(dn->linearized, check);
2136 bool ldb_dn_is_null(struct ldb_dn *dn)
2138 if ( ! dn || dn->invalid) return false;
2139 if (ldb_dn_has_extended(dn)) return false;
2140 if (dn->linearized && (dn->linearized[0] == '\0')) return true;
2145 this updates dn->components, taking the components from ref_dn.
2146 This is used by code that wants to update the DN path of a DN
2147 while not impacting on the extended DN components
2149 int ldb_dn_update_components(struct ldb_dn *dn, const struct ldb_dn *ref_dn)
2151 dn->components = talloc_realloc(dn, dn->components,
2152 struct ldb_dn_component, ref_dn->comp_num);
2153 if (!dn->components) {
2154 return LDB_ERR_OPERATIONS_ERROR;
2156 memcpy(dn->components, ref_dn->components,
2157 sizeof(struct ldb_dn_component)*ref_dn->comp_num);
2158 dn->comp_num = ref_dn->comp_num;
2160 LDB_FREE(dn->casefold);
2161 LDB_FREE(dn->linearized);
2162 LDB_FREE(dn->ext_linearized);
2168 minimise a DN. The caller must pass in a validated DN.
2170 If the DN has an extended component then only the first extended
2171 component is kept, the DN string is stripped.
2173 The existing dn is modified
2175 bool ldb_dn_minimise(struct ldb_dn *dn)
2179 if (!ldb_dn_validate(dn)) {
2182 if (dn->ext_comp_num == 0) {
2186 /* free components */
2187 for (i = 0; i < dn->comp_num; i++) {
2188 LDB_FREE(dn->components[i].name);
2189 LDB_FREE(dn->components[i].value.data);
2190 LDB_FREE(dn->components[i].cf_name);
2191 LDB_FREE(dn->components[i].cf_value.data);
2194 dn->valid_case = false;
2196 LDB_FREE(dn->casefold);
2197 LDB_FREE(dn->linearized);
2199 /* note that we don't free dn->components as this there are
2200 * several places in ldb_dn.c that rely on it being non-NULL
2201 * for an exploded DN
2204 for (i = 1; i < dn->ext_comp_num; i++) {
2205 LDB_FREE(dn->ext_components[i].value.data);
2207 dn->ext_comp_num = 1;
2209 dn->ext_components = talloc_realloc(dn, dn->ext_components, struct ldb_dn_ext_component, 1);
2210 if (dn->ext_components == NULL) {
2211 ldb_dn_mark_invalid(dn);
2215 LDB_FREE(dn->ext_linearized);
2220 struct ldb_context *ldb_dn_get_ldb_context(struct ldb_dn *dn)