4 Copyright (C) Simo Sorce 2005-2008
5 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2007-2008
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 * Component: ldb extended dn control module
26 * Description: this module interprets DNs of the form <SID=S-1-2-4456> into normal DNs.
33 #include "ldb/include/ldb.h"
34 #include "ldb/include/ldb_errors.h"
35 #include "ldb/include/ldb_module.h"
38 struct extended_search_context {
39 struct ldb_module *module;
40 struct ldb_request *req;
41 struct ldb_dn *basedn;
42 char *wellknown_object;
46 /* An extra layer of indirection because LDB does not allow the original request to be altered */
48 static int extended_final_callback(struct ldb_request *req, struct ldb_reply *ares)
50 int ret = LDB_ERR_OPERATIONS_ERROR;
51 struct extended_search_context *ac;
52 ac = talloc_get_type(req->context, struct extended_search_context);
54 if (ares->error != LDB_SUCCESS) {
55 ret = ldb_module_done(ac->req, ares->controls,
56 ares->response, ares->error);
61 ret = ldb_module_send_entry(ac->req, ares->message, ares->controls);
63 case LDB_REPLY_REFERRAL:
65 ret = ldb_module_send_referral(ac->req, ares->referral);
69 ret = ldb_module_done(ac->req, ares->controls,
70 ares->response, ares->error);
77 static int extended_base_callback(struct ldb_request *req, struct ldb_reply *ares)
79 struct extended_search_context *ac;
80 struct ldb_request *down_req;
81 struct ldb_message_element *el;
86 const char *found = NULL;
88 ac = talloc_get_type(req->context, struct extended_search_context);
91 return ldb_module_done(ac->req, NULL, NULL,
92 LDB_ERR_OPERATIONS_ERROR);
94 if (ares->error != LDB_SUCCESS) {
95 return ldb_module_done(ac->req, ares->controls,
96 ares->response, ares->error);
100 case LDB_REPLY_ENTRY:
101 if (!ac->wellknown_object) {
102 ac->basedn = talloc_steal(ac, ares->message->dn);
106 wkn_len = strlen(ac->wellknown_object);
108 el = ldb_msg_find_element(ares->message, "wellKnownObjects");
114 for (i=0; i < el->num_values; i++) {
115 valstr = talloc_strndup(ac,
116 (const char *)el->values[i].data,
117 el->values[i].length);
119 ldb_oom(ldb_module_get_ctx(ac->module));
120 return ldb_module_done(ac->req, NULL, NULL,
121 LDB_ERR_OPERATIONS_ERROR);
124 if (strncasecmp(valstr, ac->wellknown_object, wkn_len) != 0) {
129 found = &valstr[wkn_len];
137 ac->basedn = ldb_dn_new(ac, ldb_module_get_ctx(ac->module), found);
140 ldb_oom(ldb_module_get_ctx(ac->module));
141 return ldb_module_done(ac->req, NULL, NULL,
142 LDB_ERR_OPERATIONS_ERROR);
147 case LDB_REPLY_REFERRAL:
153 const char *str = talloc_asprintf(req, "Base-DN '%s' not found",
154 ldb_dn_get_linearized(ac->req->op.search.base));
155 ldb_set_errstring(ldb_module_get_ctx(ac->module), str);
156 return ldb_module_done(ac->req, NULL, NULL,
157 LDB_ERR_NO_SUCH_OBJECT);
160 switch (ac->req->operation) {
162 ret = ldb_build_search_req_ex(&down_req,
163 ldb_module_get_ctx(ac->module), ac->req,
165 ac->req->op.search.scope,
166 ac->req->op.search.tree,
167 ac->req->op.search.attrs,
169 ac, extended_final_callback,
174 struct ldb_message *add_msg = ldb_msg_copy_shallow(ac, ac->req->op.add.message);
176 ldb_oom(ldb_module_get_ctx(ac->module));
177 return ldb_module_done(ac->req, NULL, NULL,
178 LDB_ERR_OPERATIONS_ERROR);
181 add_msg->dn = ac->basedn;
183 ret = ldb_build_add_req(&down_req,
184 ldb_module_get_ctx(ac->module), ac->req,
187 ac, extended_final_callback,
193 struct ldb_message *mod_msg = ldb_msg_copy_shallow(ac, ac->req->op.mod.message);
195 ldb_oom(ldb_module_get_ctx(ac->module));
196 return ldb_module_done(ac->req, NULL, NULL,
197 LDB_ERR_OPERATIONS_ERROR);
200 mod_msg->dn = ac->basedn;
202 ret = ldb_build_mod_req(&down_req,
203 ldb_module_get_ctx(ac->module), ac->req,
206 ac, extended_final_callback,
211 ret = ldb_build_del_req(&down_req,
212 ldb_module_get_ctx(ac->module), ac->req,
215 ac, extended_final_callback,
219 ret = ldb_build_rename_req(&down_req,
220 ldb_module_get_ctx(ac->module), ac->req,
222 ac->req->op.rename.newdn,
224 ac, extended_final_callback,
228 return ldb_module_done(ac->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR);
231 if (ret != LDB_SUCCESS) {
232 return ldb_module_done(ac->req, NULL, NULL, ret);
235 return ldb_next_request(ac->module, down_req);
241 static int extended_dn_in_fix(struct ldb_module *module, struct ldb_request *req, struct ldb_dn *dn)
243 struct extended_search_context *ac;
244 struct ldb_request *down_req;
246 struct ldb_dn *base_dn = NULL;
247 enum ldb_scope base_dn_scope = LDB_SCOPE_BASE;
248 const char *base_dn_filter = NULL;
249 const char * const *base_dn_attrs = NULL;
250 char *wellknown_object = NULL;
251 static const char *no_attr[] = {
254 static const char *wkattr[] = {
258 bool all_partitions = false;
260 if (!ldb_dn_has_extended(dn)) {
261 /* Move along there isn't anything to see here */
262 return ldb_next_request(module, req);
264 /* It looks like we need to map the DN */
265 const struct ldb_val *sid_val, *guid_val, *wkguid_val;
267 sid_val = ldb_dn_get_extended_component(dn, "SID");
268 guid_val = ldb_dn_get_extended_component(dn, "GUID");
269 wkguid_val = ldb_dn_get_extended_component(dn, "WKGUID");
272 all_partitions = true;
273 base_dn = ldb_get_default_basedn(ldb_module_get_ctx(module));
274 base_dn_filter = talloc_asprintf(req, "(objectSid=%s)",
275 ldb_binary_encode(req, *sid_val));
276 if (!base_dn_filter) {
277 ldb_oom(ldb_module_get_ctx(module));
278 return LDB_ERR_OPERATIONS_ERROR;
280 base_dn_scope = LDB_SCOPE_SUBTREE;
281 base_dn_attrs = no_attr;
283 } else if (guid_val) {
285 all_partitions = true;
286 base_dn = ldb_get_default_basedn(ldb_module_get_ctx(module));
287 base_dn_filter = talloc_asprintf(req, "(objectGUID=%s)",
288 ldb_binary_encode(req, *guid_val));
289 if (!base_dn_filter) {
290 ldb_oom(ldb_module_get_ctx(module));
291 return LDB_ERR_OPERATIONS_ERROR;
293 base_dn_scope = LDB_SCOPE_SUBTREE;
294 base_dn_attrs = no_attr;
297 } else if (wkguid_val) {
302 wkguid_dup = talloc_strndup(req, (char *)wkguid_val->data, wkguid_val->length);
304 p = strchr(wkguid_dup, ',');
306 return LDB_ERR_INVALID_DN_SYNTAX;
312 wellknown_object = talloc_asprintf(req, "B:32:%s:", wkguid_dup);
313 if (!wellknown_object) {
314 ldb_oom(ldb_module_get_ctx(module));
315 return LDB_ERR_OPERATIONS_ERROR;
320 base_dn = ldb_dn_new(req, ldb_module_get_ctx(module), tail_str);
321 talloc_free(wkguid_dup);
323 ldb_oom(ldb_module_get_ctx(module));
324 return LDB_ERR_OPERATIONS_ERROR;
326 base_dn_filter = talloc_strdup(req, "(objectClass=*)");
327 if (!base_dn_filter) {
328 ldb_oom(ldb_module_get_ctx(module));
329 return LDB_ERR_OPERATIONS_ERROR;
331 base_dn_scope = LDB_SCOPE_BASE;
332 base_dn_attrs = wkattr;
334 return LDB_ERR_INVALID_DN_SYNTAX;
337 ac = talloc_zero(req, struct extended_search_context);
339 ldb_oom(ldb_module_get_ctx(module));
340 return LDB_ERR_OPERATIONS_ERROR;
345 ac->basedn = NULL; /* Filled in if the search finds the DN by SID/GUID etc */
346 ac->wellknown_object = wellknown_object;
348 /* If the base DN was an extended DN (perhaps a well known
349 * GUID) then search for that, so we can proceed with the original operation */
351 ret = ldb_build_search_req(&down_req,
352 ldb_module_get_ctx(module), ac,
358 ac, extended_base_callback,
360 if (ret != LDB_SUCCESS) {
361 return LDB_ERR_OPERATIONS_ERROR;
364 if (all_partitions) {
365 struct ldb_search_options_control *control;
366 control = talloc(down_req, struct ldb_search_options_control);
367 control->search_options = 2;
368 ret = ldb_request_add_control(down_req,
369 LDB_CONTROL_SEARCH_OPTIONS_OID,
371 if (ret != LDB_SUCCESS) {
372 ldb_oom(ldb_module_get_ctx(module));
377 /* perform the search */
378 return ldb_next_request(module, down_req);
382 static int extended_dn_in_search(struct ldb_module *module, struct ldb_request *req)
384 return extended_dn_in_fix(module, req, req->op.search.base);
387 static int extended_dn_in_modify(struct ldb_module *module, struct ldb_request *req)
389 return extended_dn_in_fix(module, req, req->op.mod.message->dn);
392 static int extended_dn_in_del(struct ldb_module *module, struct ldb_request *req)
394 return extended_dn_in_fix(module, req, req->op.del.dn);
397 static int extended_dn_in_rename(struct ldb_module *module, struct ldb_request *req)
399 return extended_dn_in_fix(module, req, req->op.rename.olddn);
402 _PUBLIC_ const struct ldb_module_ops ldb_extended_dn_in_module_ops = {
403 .name = "extended_dn_in",
404 .search = extended_dn_in_search,
405 .modify = extended_dn_in_modify,
406 .del = extended_dn_in_del,
407 .rename = extended_dn_in_rename,
git.samba.org / ira / wip.git / blob