2 ldb database library - ldif handlers for Samba
4 Copyright (C) Andrew Tridgell 2005
5 Copyright (C) Andrew Bartlett 2006
6 ** NOTE! The following LGPL license applies to the ldb
7 ** library. This does NOT imply that all of Samba is released
10 This library is free software; you can redistribute it and/or
11 modify it under the terms of the GNU Lesser General Public
12 License as published by the Free Software Foundation; either
13 version 2 of the License, or (at your option) any later version.
15 This library is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 Lesser General Public License for more details.
20 You should have received a copy of the GNU Lesser General Public
21 License along with this library; if not, write to the Free Software
22 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
26 #include "ldb/include/includes.h"
28 #include "librpc/gen_ndr/ndr_security.h"
29 #include "librpc/gen_ndr/ndr_misc.h"
30 #include "dsdb/samdb/samdb.h"
31 #include "libcli/security/security.h"
34 convert a ldif formatted objectSid to a NDR formatted blob
36 static int ldif_read_objectSid(struct ldb_context *ldb, void *mem_ctx,
37 const struct ldb_val *in, struct ldb_val *out)
41 sid = dom_sid_parse_talloc(mem_ctx, (const char *)in->data);
45 status = ndr_push_struct_blob(out, mem_ctx, sid,
46 (ndr_push_flags_fn_t)ndr_push_dom_sid);
48 if (!NT_STATUS_IS_OK(status)) {
55 convert a NDR formatted blob to a ldif formatted objectSid
57 static int ldif_write_objectSid(struct ldb_context *ldb, void *mem_ctx,
58 const struct ldb_val *in, struct ldb_val *out)
62 sid = talloc(mem_ctx, struct dom_sid);
66 status = ndr_pull_struct_blob(in, sid, sid,
67 (ndr_pull_flags_fn_t)ndr_pull_dom_sid);
68 if (!NT_STATUS_IS_OK(status)) {
72 out->data = (uint8_t *)dom_sid_string(mem_ctx, sid);
74 if (out->data == NULL) {
77 out->length = strlen((const char *)out->data);
81 static BOOL ldb_comparision_objectSid_isString(const struct ldb_val *v)
83 /* see if the input if null-terninated */
84 if (v->data[v->length] != '\0') return False;
86 if (strncmp("S-", (const char *)v->data, 2) != 0) return False;
91 compare two objectSids
93 static int ldb_comparison_objectSid(struct ldb_context *ldb, void *mem_ctx,
94 const struct ldb_val *v1, const struct ldb_val *v2)
96 if (ldb_comparision_objectSid_isString(v1) && ldb_comparision_objectSid_isString(v2)) {
97 return strcmp((const char *)v1->data, (const char *)v2->data);
98 } else if (ldb_comparision_objectSid_isString(v1)
99 && !ldb_comparision_objectSid_isString(v2)) {
102 if (ldif_read_objectSid(ldb, mem_ctx, v1, &v) != 0) {
105 ret = ldb_comparison_binary(ldb, mem_ctx, &v, v2);
108 } else if (!ldb_comparision_objectSid_isString(v1)
109 && ldb_comparision_objectSid_isString(v2)) {
112 if (ldif_read_objectSid(ldb, mem_ctx, v2, &v) != 0) {
115 ret = ldb_comparison_binary(ldb, mem_ctx, v1, &v);
119 return ldb_comparison_binary(ldb, mem_ctx, v1, v2);
123 canonicalise a objectSid
125 static int ldb_canonicalise_objectSid(struct ldb_context *ldb, void *mem_ctx,
126 const struct ldb_val *in, struct ldb_val *out)
128 if (ldb_comparision_objectSid_isString(in)) {
129 return ldif_read_objectSid(ldb, mem_ctx, in, out);
131 return ldb_handler_copy(ldb, mem_ctx, in, out);
135 convert a ldif formatted objectGUID to a NDR formatted blob
137 static int ldif_read_objectGUID(struct ldb_context *ldb, void *mem_ctx,
138 const struct ldb_val *in, struct ldb_val *out)
143 status = GUID_from_string((const char *)in->data, &guid);
144 if (!NT_STATUS_IS_OK(status)) {
148 status = ndr_push_struct_blob(out, mem_ctx, &guid,
149 (ndr_push_flags_fn_t)ndr_push_GUID);
150 if (!NT_STATUS_IS_OK(status)) {
157 convert a NDR formatted blob to a ldif formatted objectGUID
159 static int ldif_write_objectGUID(struct ldb_context *ldb, void *mem_ctx,
160 const struct ldb_val *in, struct ldb_val *out)
164 status = ndr_pull_struct_blob(in, mem_ctx, &guid,
165 (ndr_pull_flags_fn_t)ndr_pull_GUID);
166 if (!NT_STATUS_IS_OK(status)) {
169 out->data = (uint8_t *)GUID_string(mem_ctx, &guid);
170 if (out->data == NULL) {
173 out->length = strlen((const char *)out->data);
177 static BOOL ldb_comparision_objectGUID_isString(const struct ldb_val *v)
182 /* see if the input if null-terninated */
183 if (v->data[v->length] != '\0') return False;
185 if (v->length < 33) return False;
187 status = GUID_from_string((const char *)v->data, &guid);
188 if (!NT_STATUS_IS_OK(status)) {
196 compare two objectGUIDs
198 static int ldb_comparison_objectGUID(struct ldb_context *ldb, void *mem_ctx,
199 const struct ldb_val *v1, const struct ldb_val *v2)
201 if (ldb_comparision_objectGUID_isString(v1) && ldb_comparision_objectGUID_isString(v2)) {
202 return strcmp((const char *)v1->data, (const char *)v2->data);
203 } else if (ldb_comparision_objectGUID_isString(v1)
204 && !ldb_comparision_objectGUID_isString(v2)) {
207 if (ldif_read_objectGUID(ldb, mem_ctx, v1, &v) != 0) {
210 ret = ldb_comparison_binary(ldb, mem_ctx, &v, v2);
213 } else if (!ldb_comparision_objectGUID_isString(v1)
214 && ldb_comparision_objectGUID_isString(v2)) {
217 if (ldif_read_objectGUID(ldb, mem_ctx, v2, &v) != 0) {
220 ret = ldb_comparison_binary(ldb, mem_ctx, v1, &v);
224 return ldb_comparison_binary(ldb, mem_ctx, v1, v2);
228 canonicalise a objectGUID
230 static int ldb_canonicalise_objectGUID(struct ldb_context *ldb, void *mem_ctx,
231 const struct ldb_val *in, struct ldb_val *out)
233 if (ldb_comparision_objectGUID_isString(in)) {
234 return ldif_read_objectGUID(ldb, mem_ctx, in, out);
236 return ldb_handler_copy(ldb, mem_ctx, in, out);
241 convert a ldif (SDDL) formatted ntSecurityDescriptor to a NDR formatted blob
243 static int ldif_read_ntSecurityDescriptor(struct ldb_context *ldb, void *mem_ctx,
244 const struct ldb_val *in, struct ldb_val *out)
246 struct security_descriptor *sd;
249 sd = sddl_decode(mem_ctx, (const char *)in->data, NULL);
253 status = ndr_push_struct_blob(out, mem_ctx, sd,
254 (ndr_push_flags_fn_t)ndr_push_security_descriptor);
256 if (!NT_STATUS_IS_OK(status)) {
263 convert a NDR formatted blob to a ldif formatted ntSecurityDescriptor (SDDL format)
265 static int ldif_write_ntSecurityDescriptor(struct ldb_context *ldb, void *mem_ctx,
266 const struct ldb_val *in, struct ldb_val *out)
268 struct security_descriptor *sd;
271 sd = talloc(mem_ctx, struct security_descriptor);
275 status = ndr_pull_struct_blob(in, sd, sd,
276 (ndr_pull_flags_fn_t)ndr_pull_security_descriptor);
277 if (!NT_STATUS_IS_OK(status)) {
281 out->data = (uint8_t *)sddl_encode(mem_ctx, sd, NULL);
283 if (out->data == NULL) {
286 out->length = strlen((const char *)out->data);
291 canonicolise an objectCategory. We use the short form as the cannoical form:
292 cn=Person,cn=Schema,cn=Configuration,<basedn> becomes 'person'
295 static int ldif_canonicalise_objectCategory(struct ldb_context *ldb, void *mem_ctx,
296 const struct ldb_val *in, struct ldb_val *out)
298 struct ldb_dn *dn1 = NULL;
301 dn1 = ldb_dn_explode(mem_ctx, (char *)in->data);
303 oc1 = talloc_strndup(mem_ctx, (char *)in->data, in->length);
304 } else if (dn1->comp_num >= 1 && strcasecmp(dn1->components[0].name, "cn") == 0) {
305 oc1 = talloc_strndup(mem_ctx, (char *)dn1->components[0].value.data,
306 dn1->components[0].value.length);
311 oc1 = ldb_casefold(ldb, mem_ctx, oc1);
312 out->data = (void *)oc1;
313 out->length = strlen(oc1);
317 static int ldif_comparison_objectCategory(struct ldb_context *ldb, void *mem_ctx,
318 const struct ldb_val *v1,
319 const struct ldb_val *v2)
321 struct ldb_dn *dn1 = NULL, *dn2 = NULL;
322 const char *oc1, *oc2;
324 dn1 = ldb_dn_explode(mem_ctx, (char *)v1->data);
326 oc1 = talloc_strndup(mem_ctx, (char *)v1->data, v1->length);
327 } else if (dn1->comp_num >= 1 && strcasecmp(dn1->components[0].name, "cn") == 0) {
328 oc1 = talloc_strndup(mem_ctx, (char *)dn1->components[0].value.data,
329 dn1->components[0].value.length);
334 dn2 = ldb_dn_explode(mem_ctx, (char *)v2->data);
336 oc2 = talloc_strndup(mem_ctx, (char *)v2->data, v2->length);
337 } else if (dn2->comp_num >= 2 && strcasecmp(dn2->components[0].name, "cn") == 0) {
338 oc2 = talloc_strndup(mem_ctx, (char *)dn2->components[0].value.data,
339 dn2->components[0].value.length);
344 oc1 = ldb_casefold(ldb, mem_ctx, oc1);
345 oc2 = ldb_casefold(ldb, mem_ctx, oc2);
356 return strcmp(oc1, oc2);
359 static const struct ldb_attrib_handler samba_handlers[] = {
363 .ldif_read_fn = ldif_read_objectSid,
364 .ldif_write_fn = ldif_write_objectSid,
365 .canonicalise_fn = ldb_canonicalise_objectSid,
366 .comparison_fn = ldb_comparison_objectSid
369 .attr = "securityIdentifier",
371 .ldif_read_fn = ldif_read_objectSid,
372 .ldif_write_fn = ldif_write_objectSid,
373 .canonicalise_fn = ldb_canonicalise_objectSid,
374 .comparison_fn = ldb_comparison_objectSid
377 .attr = "ntSecurityDescriptor",
379 .ldif_read_fn = ldif_read_ntSecurityDescriptor,
380 .ldif_write_fn = ldif_write_ntSecurityDescriptor,
381 .canonicalise_fn = ldb_handler_copy,
382 .comparison_fn = ldb_comparison_binary
385 .attr = "objectGUID",
387 .ldif_read_fn = ldif_read_objectGUID,
388 .ldif_write_fn = ldif_write_objectGUID,
389 .canonicalise_fn = ldb_canonicalise_objectGUID,
390 .comparison_fn = ldb_comparison_objectGUID
393 .attr = "invocationId",
395 .ldif_read_fn = ldif_read_objectGUID,
396 .ldif_write_fn = ldif_write_objectGUID,
397 .canonicalise_fn = ldb_canonicalise_objectGUID,
398 .comparison_fn = ldb_comparison_objectGUID
401 .attr = "schemaIDGUID",
403 .ldif_read_fn = ldif_read_objectGUID,
404 .ldif_write_fn = ldif_write_objectGUID,
405 .canonicalise_fn = ldb_canonicalise_objectGUID,
406 .comparison_fn = ldb_comparison_objectGUID
409 .attr = "attributeSecurityGUID",
411 .ldif_read_fn = ldif_read_objectGUID,
412 .ldif_write_fn = ldif_write_objectGUID,
413 .canonicalise_fn = ldb_canonicalise_objectGUID,
414 .comparison_fn = ldb_comparison_objectGUID
417 .attr = "parentGUID",
419 .ldif_read_fn = ldif_read_objectGUID,
420 .ldif_write_fn = ldif_write_objectGUID,
421 .canonicalise_fn = ldb_canonicalise_objectGUID,
422 .comparison_fn = ldb_comparison_objectGUID
427 .ldif_read_fn = ldif_read_objectGUID,
428 .ldif_write_fn = ldif_write_objectGUID,
429 .canonicalise_fn = ldb_canonicalise_objectGUID,
430 .comparison_fn = ldb_comparison_objectGUID
435 .ldif_read_fn = ldif_read_objectGUID,
436 .ldif_write_fn = ldif_write_objectGUID,
437 .canonicalise_fn = ldb_canonicalise_objectGUID,
438 .comparison_fn = ldb_comparison_objectGUID
441 .attr = "fRSVersionGUID",
443 .ldif_read_fn = ldif_read_objectGUID,
444 .ldif_write_fn = ldif_write_objectGUID,
445 .canonicalise_fn = ldb_canonicalise_objectGUID,
446 .comparison_fn = ldb_comparison_objectGUID
449 .attr = "fRSReplicaSetGUID",
451 .ldif_read_fn = ldif_read_objectGUID,
452 .ldif_write_fn = ldif_write_objectGUID,
453 .canonicalise_fn = ldb_canonicalise_objectGUID,
454 .comparison_fn = ldb_comparison_objectGUID
457 .attr = "netbootGUID",
459 .ldif_read_fn = ldif_read_objectGUID,
460 .ldif_write_fn = ldif_write_objectGUID,
461 .canonicalise_fn = ldb_canonicalise_objectGUID,
462 .comparison_fn = ldb_comparison_objectGUID
465 .attr = "objectCategory",
467 .ldif_read_fn = ldb_handler_copy,
468 .ldif_write_fn = ldb_handler_copy,
469 .canonicalise_fn = ldif_canonicalise_objectCategory,
470 .comparison_fn = ldif_comparison_objectCategory,
475 register the samba ldif handlers
477 int ldb_register_samba_handlers(struct ldb_context *ldb)
479 return ldb_set_attrib_handlers(ldb, samba_handlers, ARRAY_SIZE(samba_handlers));