2 ldb database library - ldif handlers for Samba
4 Copyright (C) Andrew Tridgell 2005
6 ** NOTE! The following LGPL license applies to the ldb
7 ** library. This does NOT imply that all of Samba is released
10 This library is free software; you can redistribute it and/or
11 modify it under the terms of the GNU Lesser General Public
12 License as published by the Free Software Foundation; either
13 version 2 of the License, or (at your option) any later version.
15 This library is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 Lesser General Public License for more details.
20 You should have received a copy of the GNU Lesser General Public
21 License along with this library; if not, write to the Free Software
22 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
26 #include "ldb/include/includes.h"
28 #include "librpc/gen_ndr/ndr_security.h"
29 #include "librpc/gen_ndr/ndr_misc.h"
30 #include "dsdb/samdb/samdb.h"
31 #include "libcli/security/proto.h"
34 convert a ldif formatted objectSid to a NDR formatted blob
36 static int ldif_read_objectSid(struct ldb_context *ldb, void *mem_ctx,
37 const struct ldb_val *in, struct ldb_val *out)
41 sid = dom_sid_parse_talloc(mem_ctx, (const char *)in->data);
45 status = ndr_push_struct_blob(out, mem_ctx, sid,
46 (ndr_push_flags_fn_t)ndr_push_dom_sid);
48 if (!NT_STATUS_IS_OK(status)) {
55 convert a NDR formatted blob to a ldif formatted objectSid
57 static int ldif_write_objectSid(struct ldb_context *ldb, void *mem_ctx,
58 const struct ldb_val *in, struct ldb_val *out)
62 sid = talloc(mem_ctx, struct dom_sid);
66 status = ndr_pull_struct_blob(in, sid, sid,
67 (ndr_pull_flags_fn_t)ndr_pull_dom_sid);
68 if (!NT_STATUS_IS_OK(status)) {
72 out->data = (uint8_t *)dom_sid_string(mem_ctx, sid);
74 if (out->data == NULL) {
77 out->length = strlen((const char *)out->data);
81 static BOOL ldb_comparision_objectSid_isString(const struct ldb_val *v)
83 /* see if the input if null-terninated */
84 if (v->data[v->length] != '\0') return False;
86 if (strncmp("S-", (const char *)v->data, 2) != 0) return False;
91 compare two objectSids
93 static int ldb_comparison_objectSid(struct ldb_context *ldb, void *mem_ctx,
94 const struct ldb_val *v1, const struct ldb_val *v2)
96 if (ldb_comparision_objectSid_isString(v1)) {
97 if (ldb_comparision_objectSid_isString(v2)) {
98 return strcmp((const char *)v1->data, (const char *)v2->data);
102 if (ldif_read_objectSid(ldb, mem_ctx, v1, &v) != 0) {
105 ret = ldb_comparison_binary(ldb, mem_ctx, &v, v2);
110 return ldb_comparison_binary(ldb, mem_ctx, v1, v2);
114 canonicalise a objectSid
116 static int ldb_canonicalise_objectSid(struct ldb_context *ldb, void *mem_ctx,
117 const struct ldb_val *in, struct ldb_val *out)
119 if (ldb_comparision_objectSid_isString(in)) {
120 return ldif_read_objectSid(ldb, mem_ctx, in, out);
122 return ldb_handler_copy(ldb, mem_ctx, in, out);
126 convert a ldif formatted objectGUID to a NDR formatted blob
128 static int ldif_read_objectGUID(struct ldb_context *ldb, void *mem_ctx,
129 const struct ldb_val *in, struct ldb_val *out)
134 status = GUID_from_string((const char *)in->data, &guid);
135 if (!NT_STATUS_IS_OK(status)) {
139 status = ndr_push_struct_blob(out, mem_ctx, &guid,
140 (ndr_push_flags_fn_t)ndr_push_GUID);
141 if (!NT_STATUS_IS_OK(status)) {
148 convert a NDR formatted blob to a ldif formatted objectGUID
150 static int ldif_write_objectGUID(struct ldb_context *ldb, void *mem_ctx,
151 const struct ldb_val *in, struct ldb_val *out)
155 status = ndr_pull_struct_blob(in, mem_ctx, &guid,
156 (ndr_pull_flags_fn_t)ndr_pull_GUID);
157 if (!NT_STATUS_IS_OK(status)) {
160 out->data = (uint8_t *)GUID_string(mem_ctx, &guid);
161 if (out->data == NULL) {
164 out->length = strlen((const char *)out->data);
168 static BOOL ldb_comparision_objectGUID_isString(const struct ldb_val *v)
173 /* see if the input if null-terninated */
174 if (v->data[v->length] != '\0') return False;
176 status = GUID_from_string((const char *)v->data, &guid);
177 if (!NT_STATUS_IS_OK(status)) {
185 compare two objectGUIDs
187 static int ldb_comparison_objectGUID(struct ldb_context *ldb, void *mem_ctx,
188 const struct ldb_val *v1, const struct ldb_val *v2)
190 if (ldb_comparision_objectGUID_isString(v1)) {
191 if (ldb_comparision_objectGUID_isString(v2)) {
192 return strcmp((const char *)v1->data, (const char *)v2->data);
196 if (ldif_read_objectGUID(ldb, mem_ctx, v1, &v) != 0) {
199 ret = ldb_comparison_binary(ldb, mem_ctx, &v, v2);
204 return ldb_comparison_binary(ldb, mem_ctx, v1, v2);
208 canonicalise a objectGUID
210 static int ldb_canonicalise_objectGUID(struct ldb_context *ldb, void *mem_ctx,
211 const struct ldb_val *in, struct ldb_val *out)
213 if (ldb_comparision_objectGUID_isString(in)) {
214 return ldif_read_objectGUID(ldb, mem_ctx, in, out);
216 return ldb_handler_copy(ldb, mem_ctx, in, out);
221 convert a ldif (SDDL) formatted ntSecurityDescriptor to a NDR formatted blob
223 static int ldif_read_ntSecurityDescriptor(struct ldb_context *ldb, void *mem_ctx,
224 const struct ldb_val *in, struct ldb_val *out)
226 struct security_descriptor *sd;
228 const struct dom_sid *domain_sid = samdb_domain_sid(ldb);
229 if (domain_sid == NULL) {
230 return ldb_handler_copy(ldb, mem_ctx, in, out);
232 sd = sddl_decode(mem_ctx, (const char *)in->data, domain_sid);
236 status = ndr_push_struct_blob(out, mem_ctx, sd,
237 (ndr_push_flags_fn_t)ndr_push_security_descriptor);
239 if (!NT_STATUS_IS_OK(status)) {
246 convert a NDR formatted blob to a ldif formatted ntSecurityDescriptor (SDDL format)
248 static int ldif_write_ntSecurityDescriptor(struct ldb_context *ldb, void *mem_ctx,
249 const struct ldb_val *in, struct ldb_val *out)
251 struct security_descriptor *sd;
253 const struct dom_sid *domain_sid = samdb_domain_sid(ldb);
255 if (domain_sid == NULL) {
256 return ldb_handler_copy(ldb, mem_ctx, in, out);
259 sd = talloc(mem_ctx, struct security_descriptor);
263 status = ndr_pull_struct_blob(in, sd, sd,
264 (ndr_pull_flags_fn_t)ndr_pull_security_descriptor);
265 if (!NT_STATUS_IS_OK(status)) {
269 out->data = (uint8_t *)sddl_encode(mem_ctx, sd, domain_sid);
271 if (out->data == NULL) {
274 out->length = strlen((const char *)out->data);
278 static const struct ldb_attrib_handler samba_handlers[] = {
282 .ldif_read_fn = ldif_read_objectSid,
283 .ldif_write_fn = ldif_write_objectSid,
284 .canonicalise_fn = ldb_canonicalise_objectSid,
285 .comparison_fn = ldb_comparison_objectSid
288 .attr = "securityIdentifier",
290 .ldif_read_fn = ldif_read_objectSid,
291 .ldif_write_fn = ldif_write_objectSid,
292 .canonicalise_fn = ldb_canonicalise_objectSid,
293 .comparison_fn = ldb_comparison_objectSid
296 .attr = "ntSecurityDescriptor",
298 .ldif_read_fn = ldif_read_ntSecurityDescriptor,
299 .ldif_write_fn = ldif_write_ntSecurityDescriptor,
300 .canonicalise_fn = ldb_handler_copy,
301 .comparison_fn = ldb_comparison_binary
304 .attr = "objectGUID",
306 .ldif_read_fn = ldif_read_objectGUID,
307 .ldif_write_fn = ldif_write_objectGUID,
308 .canonicalise_fn = ldb_canonicalise_objectGUID,
309 .comparison_fn = ldb_comparison_objectGUID
312 .attr = "invocationId",
314 .ldif_read_fn = ldif_read_objectGUID,
315 .ldif_write_fn = ldif_write_objectGUID,
316 .canonicalise_fn = ldb_canonicalise_objectGUID,
317 .comparison_fn = ldb_comparison_objectGUID
320 .attr = "schemaIDGUID",
322 .ldif_read_fn = ldif_read_objectGUID,
323 .ldif_write_fn = ldif_write_objectGUID,
324 .canonicalise_fn = ldb_canonicalise_objectGUID,
325 .comparison_fn = ldb_comparison_objectGUID
330 register the samba ldif handlers
332 int ldb_register_samba_handlers(struct ldb_context *ldb)
334 return ldb_set_attrib_handlers(ldb, samba_handlers, ARRAY_SIZE(samba_handlers));