4 LDAP semantics mapping module
6 Copyright (C) Jelmer Vernooij 2005
7 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2006
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 This module relies on ldb_map to do all the real work, but performs
25 some of the trivial mappings between AD semantics and that provided
26 by OpenLDAP and similar servers.
30 #include "ldb/include/ldb_module.h"
31 #include "ldb/ldb_map/ldb_map.h"
33 #include "librpc/gen_ndr/ndr_misc.h"
34 #include "librpc/ndr/libndr.h"
35 #include "dsdb/samdb/samdb.h"
36 #include "../../../lib/ldb/include/ldb_handlers.h"
38 struct entryuuid_private {
39 struct ldb_context *ldb;
40 struct ldb_dn **base_dns;
43 static struct ldb_val encode_guid(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val)
46 NTSTATUS status = GUID_from_data_blob(val, &guid);
47 enum ndr_err_code ndr_err;
48 struct ldb_val out = data_blob(NULL, 0);
50 if (!NT_STATUS_IS_OK(status)) {
53 ndr_err = ndr_push_struct_blob(&out, ctx, NULL, &guid,
54 (ndr_push_flags_fn_t)ndr_push_GUID);
55 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
62 static struct ldb_val guid_always_string(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val)
64 struct ldb_val out = data_blob(NULL, 0);
66 NTSTATUS status = GUID_from_data_blob(val, &guid);
67 if (!NT_STATUS_IS_OK(status)) {
70 return data_blob_string_const(GUID_string(ctx, &guid));
73 static struct ldb_val encode_ns_guid(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val)
76 NTSTATUS status = NS_GUID_from_string((char *)val->data, &guid);
77 enum ndr_err_code ndr_err;
78 struct ldb_val out = data_blob(NULL, 0);
80 if (!NT_STATUS_IS_OK(status)) {
83 ndr_err = ndr_push_struct_blob(&out, ctx, NULL, &guid,
84 (ndr_push_flags_fn_t)ndr_push_GUID);
85 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
92 static struct ldb_val guid_ns_string(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val)
94 struct ldb_val out = data_blob(NULL, 0);
96 NTSTATUS status = GUID_from_data_blob(val, &guid);
97 if (!NT_STATUS_IS_OK(status)) {
100 return data_blob_string_const(NS_GUID_string(ctx, &guid));
103 /* The backend holds binary sids, so just copy them back */
104 static struct ldb_val val_copy(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val)
106 struct ldb_val out = data_blob(NULL, 0);
107 out = ldb_val_dup(ctx, val);
112 /* Ensure we always convert sids into binary, so the backend doesn't have to know about both forms */
113 static struct ldb_val sid_always_binary(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val)
115 struct ldb_context *ldb = ldb_module_get_ctx(module);
116 struct ldb_val out = data_blob(NULL, 0);
117 const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(ldb, "objectSid");
119 if (a->syntax->canonicalise_fn(ldb, ctx, val, &out) != LDB_SUCCESS) {
120 return data_blob(NULL, 0);
126 /* Ensure we always convert sids into string, so the backend doesn't have to know about both forms */
127 static struct ldb_val sid_always_string(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val)
129 struct ldb_context *ldb = ldb_module_get_ctx(module);
130 struct ldb_val out = data_blob(NULL, 0);
132 if (ldif_comparision_objectSid_isString(val)) {
133 if (ldb_handler_copy(ldb, ctx, val, &out) != LDB_SUCCESS) {
134 return data_blob(NULL, 0);
138 if (ldif_write_objectSid(ldb, ctx, val, &out) != LDB_SUCCESS) {
139 return data_blob(NULL, 0);
145 /* Ensure we always convert objectCategory into a DN */
146 static struct ldb_val objectCategory_always_dn(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val)
148 struct ldb_context *ldb = ldb_module_get_ctx(module);
150 struct ldb_val out = data_blob(NULL, 0);
151 const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(ldb, "objectCategory");
153 dn = ldb_dn_from_ldb_val(ctx, ldb, val);
154 if (dn && ldb_dn_validate(dn)) {
156 return val_copy(module, ctx, val);
160 if (a->syntax->canonicalise_fn(ldb, ctx, val, &out) != LDB_SUCCESS) {
161 return data_blob(NULL, 0);
167 static struct ldb_val normalise_to_signed32(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val)
170 /* We've to use "strtoll" here to have the intended overflows.
171 * Otherwise we may get "LONG_MAX" and the conversion is wrong. */
172 int32_t i = (int32_t) strtoll((char *)val->data, NULL, 0);
173 out = data_blob_string_const(talloc_asprintf(ctx, "%d", i));
177 static struct ldb_val usn_to_entryCSN(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val)
180 unsigned long long usn = strtoull((const char *)val->data, NULL, 10);
181 time_t t = (usn >> 24);
182 out = data_blob_string_const(talloc_asprintf(ctx, "%s#%06x#00#000000", ldb_timestring(ctx, t), (unsigned int)(usn & 0xFFFFFF)));
186 static unsigned long long entryCSN_to_usn_int(TALLOC_CTX *ctx, const struct ldb_val *val)
188 char *entryCSN = talloc_strdup(ctx, (const char *)val->data);
191 unsigned long long usn;
196 p = strchr(entryCSN, '#');
211 usn = strtol(mod_per_sec, NULL, 16);
213 t = ldb_string_to_time(entryCSN);
215 usn = usn | ((unsigned long long)t <<24);
219 static struct ldb_val entryCSN_to_usn(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val)
222 unsigned long long usn = entryCSN_to_usn_int(ctx, val);
223 out = data_blob_string_const(talloc_asprintf(ctx, "%lld", usn));
227 static struct ldb_val usn_to_timestamp(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val)
230 unsigned long long usn = strtoull((const char *)val->data, NULL, 10);
231 time_t t = (usn >> 24);
232 out = data_blob_string_const(ldb_timestring(ctx, t));
236 static struct ldb_val timestamp_to_usn(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val)
240 unsigned long long usn;
242 t = ldb_string_to_time((const char *)val->data);
244 usn = ((unsigned long long)t <<24);
246 out = data_blob_string_const(talloc_asprintf(ctx, "%lld", usn));
251 static const struct ldb_map_attribute entryuuid_attributes[] =
255 .local_name = "objectGUID",
256 .type = LDB_MAP_CONVERT,
259 .remote_name = "entryUUID",
260 .convert_local = guid_always_string,
261 .convert_remote = encode_guid,
267 .local_name = "invocationId",
268 .type = LDB_MAP_CONVERT,
271 .remote_name = "invocationId",
272 .convert_local = guid_always_string,
273 .convert_remote = encode_guid,
279 .local_name = "objectSid",
280 .type = LDB_MAP_CONVERT,
283 .remote_name = "objectSid",
284 .convert_local = sid_always_binary,
285 .convert_remote = val_copy,
290 .local_name = "name",
291 .type = LDB_MAP_RENAME,
294 .remote_name = "samba4RDN"
299 .local_name = "whenCreated",
300 .type = LDB_MAP_RENAME,
303 .remote_name = "createTimestamp"
308 .local_name = "whenChanged",
309 .type = LDB_MAP_RENAME,
312 .remote_name = "modifyTimestamp"
317 .local_name = "objectClasses",
318 .type = LDB_MAP_RENAME,
321 .remote_name = "samba4ObjectClasses"
326 .local_name = "dITContentRules",
327 .type = LDB_MAP_RENAME,
330 .remote_name = "samba4DITContentRules"
335 .local_name = "attributeTypes",
336 .type = LDB_MAP_RENAME,
339 .remote_name = "samba4AttributeTypes"
344 .local_name = "objectCategory",
345 .type = LDB_MAP_CONVERT,
348 .remote_name = "objectCategory",
349 .convert_local = objectCategory_always_dn,
350 .convert_remote = val_copy,
355 .local_name = "distinguishedName",
356 .type = LDB_MAP_RENAME,
359 .remote_name = "entryDN"
364 .local_name = "primaryGroupID",
365 .type = LDB_MAP_CONVERT,
368 .remote_name = "primaryGroupID",
369 .convert_local = normalise_to_signed32,
370 .convert_remote = val_copy,
375 .local_name = "groupType",
376 .type = LDB_MAP_CONVERT,
379 .remote_name = "groupType",
380 .convert_local = normalise_to_signed32,
381 .convert_remote = val_copy,
386 .local_name = "userAccountControl",
387 .type = LDB_MAP_CONVERT,
390 .remote_name = "userAccountControl",
391 .convert_local = normalise_to_signed32,
392 .convert_remote = val_copy,
397 .local_name = "sAMAccountType",
398 .type = LDB_MAP_CONVERT,
401 .remote_name = "sAMAccountType",
402 .convert_local = normalise_to_signed32,
403 .convert_remote = val_copy,
408 .local_name = "systemFlags",
409 .type = LDB_MAP_CONVERT,
412 .remote_name = "systemFlags",
413 .convert_local = normalise_to_signed32,
414 .convert_remote = val_copy,
419 .local_name = "usnChanged",
420 .type = LDB_MAP_CONVERT,
423 .remote_name = "entryCSN",
424 .convert_local = usn_to_entryCSN,
425 .convert_remote = entryCSN_to_usn
430 .local_name = "usnCreated",
431 .type = LDB_MAP_CONVERT,
434 .remote_name = "createTimestamp",
435 .convert_local = usn_to_timestamp,
436 .convert_remote = timestamp_to_usn,
442 .type = LDB_MAP_KEEP,
449 /* This objectClass conflicts with builtin classes on OpenLDAP */
450 const struct ldb_map_objectclass entryuuid_objectclasses[] =
453 .local_name = "subSchema",
454 .remote_name = "samba4SubSchema"
461 /* These things do not show up in wildcard searches in OpenLDAP, but
462 * we need them to show up in the AD-like view */
463 static const char * const entryuuid_wildcard_attributes[] = {
473 static const struct ldb_map_attribute nsuniqueid_attributes[] =
477 .local_name = "objectGUID",
478 .type = LDB_MAP_CONVERT,
481 .remote_name = "nsuniqueid",
482 .convert_local = guid_ns_string,
483 .convert_remote = encode_ns_guid,
489 .local_name = "objectSid",
490 .type = LDB_MAP_CONVERT,
493 .remote_name = "sambaSID",
494 .convert_local = sid_always_string,
495 .convert_remote = sid_always_binary,
500 .local_name = "whenCreated",
501 .type = LDB_MAP_RENAME,
504 .remote_name = "createTimestamp"
509 .local_name = "whenChanged",
510 .type = LDB_MAP_RENAME,
513 .remote_name = "modifyTimestamp"
518 .local_name = "objectCategory",
519 .type = LDB_MAP_CONVERT,
522 .remote_name = "objectCategory",
523 .convert_local = objectCategory_always_dn,
524 .convert_remote = val_copy,
529 .local_name = "distinguishedName",
530 .type = LDB_MAP_RENAME,
533 .remote_name = "entryDN"
538 .local_name = "primaryGroupID",
539 .type = LDB_MAP_CONVERT,
542 .remote_name = "primaryGroupID",
543 .convert_local = normalise_to_signed32,
544 .convert_remote = val_copy,
549 .local_name = "groupType",
550 .type = LDB_MAP_CONVERT,
553 .remote_name = "sambaGroupType",
554 .convert_local = normalise_to_signed32,
555 .convert_remote = val_copy,
560 .local_name = "userAccountControl",
561 .type = LDB_MAP_CONVERT,
564 .remote_name = "userAccountControl",
565 .convert_local = normalise_to_signed32,
566 .convert_remote = val_copy,
571 .local_name = "sAMAccountType",
572 .type = LDB_MAP_CONVERT,
575 .remote_name = "sAMAccountType",
576 .convert_local = normalise_to_signed32,
577 .convert_remote = val_copy,
582 .local_name = "systemFlags",
583 .type = LDB_MAP_CONVERT,
586 .remote_name = "systemFlags",
587 .convert_local = normalise_to_signed32,
588 .convert_remote = val_copy,
593 .local_name = "usnChanged",
594 .type = LDB_MAP_CONVERT,
597 .remote_name = "modifyTimestamp",
598 .convert_local = usn_to_timestamp,
599 .convert_remote = timestamp_to_usn,
604 .local_name = "usnCreated",
605 .type = LDB_MAP_CONVERT,
608 .remote_name = "createTimestamp",
609 .convert_local = usn_to_timestamp,
610 .convert_remote = timestamp_to_usn,
615 .local_name = "unixHomeDirectory",
619 .remote_name = "homeDirectory"
624 .local_name = "pwdLastSet",
628 .remote_name = "sambaPwdLastSet"
633 .local_name = "lastLogon",
637 .remote_name = "sambaLogonTime"
642 .local_name = "lastLogoff",
646 .remote_name = "sambaLogoffTime"
651 .local_name = "badPwdCount",
655 .remote_name = "sambaBadPasswordCount"
660 .local_name = "logonHours",
664 .remote_name = "sambaLogonHours"
669 .local_name = "homeDrive",
673 .remote_name = "sambaHomeDrive"
678 .local_name = "scriptPath",
682 .remote_name = "sambaLogonScript"
687 .local_name = "profilePath",
691 .remote_name = "sambaProfilePath"
696 .local_name = "userWorkstations",
700 .remote_name = "sambaUserWorkstations"
705 .local_name = "homeDirectory",
709 .remote_name = "sambaHomePath"
714 .local_name = "nextRid",
718 .remote_name = "sambaNextRid"
723 .local_name = "privilegeDisplayName",
727 .remote_name = "sambaPrivName"
733 .type = LDB_MAP_KEEP,
740 /* This objectClass conflicts with builtin classes on FDS */
741 const struct ldb_map_objectclass nsuniqueid_objectclasses[] =
744 .local_name = "domain",
745 .remote_name = "samba4Domain"
748 .local_name = "rFC822LocalPart",
749 .remote_name = "samba4RFC822LocalPart"
752 .local_name = "mailRecipient",
753 .remote_name = "samba4MailRecipient"
756 .local_name = "nisMap",
757 .remote_name = "samba4NisMap"
760 .local_name = "person",
761 .remote_name = "samba4Person"
764 .local_name = "organizationalPerson",
765 .remote_name = "samba4OrganizationalPerson"
768 .local_name = "residentialPerson",
769 .remote_name = "samba4ResidentialPerson"
772 .local_name = "inetOrgPerson",
773 .remote_name = "samba4InetOrgPerson"
780 /* These things do not show up in wildcard searches in OpenLDAP, but
781 * we need them to show up in the AD-like view */
782 static const char * const nsuniqueid_wildcard_attributes[] = {
791 /* the context init function */
792 static int entryuuid_init(struct ldb_module *module)
795 ret = ldb_map_init(module, entryuuid_attributes, entryuuid_objectclasses, entryuuid_wildcard_attributes, "samba4Top", NULL);
796 if (ret != LDB_SUCCESS)
799 return ldb_next_init(module);
802 /* the context init function */
803 static int nsuniqueid_init(struct ldb_module *module)
806 ret = ldb_map_init(module, nsuniqueid_attributes, nsuniqueid_objectclasses, nsuniqueid_wildcard_attributes, "extensibleObject", NULL);
807 if (ret != LDB_SUCCESS)
810 return ldb_next_init(module);
813 static int get_seq_callback(struct ldb_request *req,
814 struct ldb_reply *ares)
816 unsigned long long *seq = (unsigned long long *)req->context;
819 return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR);
821 if (ares->error != LDB_SUCCESS) {
822 return ldb_request_done(req, ares->error);
825 if (ares->type == LDB_REPLY_ENTRY) {
826 struct ldb_message_element *el = ldb_msg_find_element(ares->message, "contextCSN");
828 *seq = entryCSN_to_usn_int(ares, &el->values[0]);
832 if (ares->type == LDB_REPLY_DONE) {
833 return ldb_request_done(req, LDB_SUCCESS);
840 static int entryuuid_sequence_number(struct ldb_module *module, struct ldb_request *req)
842 struct ldb_context *ldb;
844 struct map_private *map_private;
845 struct entryuuid_private *entryuuid_private;
846 unsigned long long seq_num = 0;
847 struct ldb_request *search_req;
849 const struct ldb_control *partition_ctrl;
850 const struct dsdb_control_current_partition *partition;
852 static const char *contextCSN_attr[] = {
856 struct ldb_seqnum_request *seq;
857 struct ldb_seqnum_result *seqr;
858 struct ldb_extended *ext;
860 ldb = ldb_module_get_ctx(module);
862 seq = talloc_get_type(req->op.extended.data, struct ldb_seqnum_request);
864 map_private = talloc_get_type(ldb_module_get_private(module), struct map_private);
866 entryuuid_private = talloc_get_type(map_private->caller_private, struct entryuuid_private);
868 /* All this to get the DN of the parition, so we can search the right thing */
869 partition_ctrl = ldb_request_get_control(req, DSDB_CONTROL_CURRENT_PARTITION_OID);
870 if (!partition_ctrl) {
871 ldb_debug_set(ldb, LDB_DEBUG_FATAL,
872 "entryuuid_sequence_number: no current partition control found");
873 return LDB_ERR_CONSTRAINT_VIOLATION;
876 partition = talloc_get_type(partition_ctrl->data,
877 struct dsdb_control_current_partition);
878 SMB_ASSERT(partition && partition->version == DSDB_CONTROL_CURRENT_PARTITION_VERSION);
880 ret = ldb_build_search_req(&search_req, ldb, req,
881 partition->dn, LDB_SCOPE_BASE,
882 NULL, contextCSN_attr, NULL,
883 &seq_num, get_seq_callback,
885 if (ret != LDB_SUCCESS) {
889 ret = ldb_next_request(module, search_req);
891 if (ret == LDB_SUCCESS) {
892 ret = ldb_wait(search_req->handle, LDB_WAIT_ALL);
895 talloc_free(search_req);
896 if (ret != LDB_SUCCESS) {
900 ext = talloc_zero(req, struct ldb_extended);
902 return LDB_ERR_OPERATIONS_ERROR;
904 seqr = talloc_zero(req, struct ldb_seqnum_result);
907 return LDB_ERR_OPERATIONS_ERROR;
909 ext->oid = LDB_EXTENDED_SEQUENCE_NUMBER;
913 case LDB_SEQ_HIGHEST_SEQ:
914 seqr->seq_num = seq_num;
917 seqr->seq_num = seq_num;
920 case LDB_SEQ_HIGHEST_TIMESTAMP:
922 seqr->seq_num = (seq_num >> 24);
927 seqr->flags |= LDB_SEQ_TIMESTAMP_SEQUENCE;
928 seqr->flags |= LDB_SEQ_GLOBAL_SEQUENCE;
930 /* send request done */
931 return ldb_module_done(req, NULL, ext, LDB_SUCCESS);
934 static int entryuuid_extended(struct ldb_module *module, struct ldb_request *req)
936 if (strcmp(req->op.extended.oid, LDB_EXTENDED_SEQUENCE_NUMBER) == 0) {
937 return entryuuid_sequence_number(module, req);
940 return ldb_next_request(module, req);
943 _PUBLIC_ const struct ldb_module_ops ldb_entryuuid_module_ops = {
945 .init_context = entryuuid_init,
946 .extended = entryuuid_extended,
950 _PUBLIC_ const struct ldb_module_ops ldb_nsuniqueid_module_ops = {
951 .name = "nsuniqueid",
952 .init_context = nsuniqueid_init,
953 .extended = entryuuid_extended,
git.samba.org / kai / samba-autobuild / .git / blob