dsdb: Allow parsed_dn_find to have a prefixed blob match
authorGarming Sam <garming@catalyst.net.nz>
Sun, 12 Mar 2017 23:16:13 +0000 (12:16 +1300)
committerAndrew Bartlett <abartlet@samba.org>
Mon, 13 Mar 2017 04:10:12 +0000 (05:10 +0100)
This allows us to search against binary DN using only the attributeID in
the case of msDS-RevealedUsers (as it appears right at the beginning).

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
source4/dsdb/common/util_links.c
source4/dsdb/common/util_links.h
source4/dsdb/samdb/ldb_modules/repl_meta_data.c

index 8192da43245987de9c6f6a135da8e036e9b89b98..cf1f4be58bdcb51c97943225855f2ffc8b8c1b1b 100644 (file)
@@ -74,7 +74,16 @@ static int la_guid_compare_with_trusted_dn(struct compare_ctx *ctx,
        }
        cmp = ndr_guid_compare(ctx->guid, &p->guid);
        if (cmp == 0 && ctx->compare_extra_part) {
-               return data_blob_cmp(&ctx->extra_part, &p->dsdb_dn->extra_part);
+               if (ctx->partial_extra_part_length != 0) {
+                       /* Allow a prefix match on the blob. */
+                       return memcmp(ctx->extra_part.data,
+                                     p->dsdb_dn->extra_part.data,
+                                     MIN(ctx->partial_extra_part_length,
+                                         p->dsdb_dn->extra_part.length));
+               } else {
+                       return data_blob_cmp(&ctx->extra_part,
+                                            &p->dsdb_dn->extra_part);
+               }
        }
 
        return cmp;
@@ -106,6 +115,7 @@ int parsed_dn_find(struct ldb_context *ldb, struct parsed_dn *pdn,
                   const struct GUID *guid,
                   struct ldb_dn *target_dn,
                   DATA_BLOB extra_part,
+                  size_t partial_extra_part_length,
                   struct parsed_dn **exact,
                   struct parsed_dn **next,
                   const char *ldap_oid,
@@ -186,6 +196,7 @@ int parsed_dn_find(struct ldb_context *ldb, struct parsed_dn *pdn,
        ctx.mem_ctx = pdn;
        ctx.ldap_oid = ldap_oid;
        ctx.extra_part = extra_part;
+       ctx.partial_extra_part_length = partial_extra_part_length;
        ctx.compare_extra_part = compare_extra_part;
        ctx.err = 0;
 
index c9f6fa5852bd25b922bd796fd39e7f70d5ee7a33..c529cb542517f102fef5331021dc95e080798638 100644 (file)
@@ -30,6 +30,7 @@ struct compare_ctx {
         int err;
         const struct GUID *invocation_id;
         DATA_BLOB extra_part;
+        size_t partial_extra_part_length;
         bool compare_extra_part;
 };
 
index 68277f32d28acc7b19dcbff4cc295983293b084f..d9b414dc07c575ebdd064edf30cc88e32bceba63 100644 (file)
@@ -2393,7 +2393,7 @@ static int replmd_modify_la_add(struct ldb_module *module,
                int err = parsed_dn_find(ldb, old_dns, old_num_values,
                                         &dns[i].guid,
                                         dns[i].dsdb_dn->dn,
-                                        dns[i].dsdb_dn->extra_part,
+                                        dns[i].dsdb_dn->extra_part, 0,
                                         &exact, &next,
                                         schema_attr->syntax->ldap_oid,
                                         true);
@@ -2665,7 +2665,7 @@ static int replmd_modify_la_delete(struct ldb_module *module,
                ret = parsed_dn_find(ldb, old_dns, old_el->num_values,
                                     &p->guid,
                                     NULL,
-                                    p->dsdb_dn->extra_part,
+                                    p->dsdb_dn->extra_part, 0,
                                     &exact, &next,
                                     schema_attr->syntax->ldap_oid,
                                     true);
@@ -3673,7 +3673,9 @@ static int replmd_delete_remove_link(struct ldb_module *module,
                }
 
                ret = parsed_dn_find(ldb, link_dns, link_el->num_values,
-                                    guid, dn, data_blob_null, &p, &unused,
+                                    guid, dn,
+                                    data_blob_null, 0,
+                                    &p, &unused,
                                     target_attr->syntax->ldap_oid, false);
                if (ret != LDB_SUCCESS) {
                        talloc_free(tmp_ctx);
@@ -6785,7 +6787,7 @@ linked_attributes[0]:
        ret = parsed_dn_find(ldb, pdn_list, old_el->num_values,
                             &guid,
                             dsdb_dn->dn,
-                            dsdb_dn->extra_part,
+                            dsdb_dn->extra_part, 0,
                             &pdn, &next,
                             attr->syntax->ldap_oid,
                             true);