ldb: added a new always-fail ldap extended match OID

this is used when rewriting filter rules to replace a filter rule with
one that is guaranteed not to match

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

diff --git a/lib/ldb/common/ldb_match.c b/lib/ldb/common/ldb_match.c
index c23e80478af239dcb7129874261d3ec509e11246..5eee02dea31197a7e146a666a9af28dd6c30f43a 100644 (file)
--- a/lib/ldb/common/ldb_match.c
+++ b/lib/ldb/common/ldb_match.c
@@ -380,6 +380,16 @@ static int ldb_comparator_bitmask(const char *oid, const struct ldb_val *v1, con
        return LDB_SUCCESS;
 }
 
+/*
+  always return false
+*/
+static int ldb_comparator_false(const char *oid, const struct ldb_val *v1, const struct ldb_val *v2,
+                               bool *matched)
+{
+       *matched = false;
+       return LDB_SUCCESS;
+}
+
 
 /*
   extended match, handles things like bitops
@@ -395,7 +405,8 @@ static int ldb_match_extended(struct ldb_context *ldb,
                int (*comparator)(const char *, const struct ldb_val *, const struct ldb_val *, bool *);
        } rules[] = {
                { LDB_OID_COMPARATOR_AND, ldb_comparator_bitmask},
-               { LDB_OID_COMPARATOR_OR, ldb_comparator_bitmask}
+               { LDB_OID_COMPARATOR_OR, ldb_comparator_bitmask},
+               { SAMBA_LDAP_MATCH_ALWAYS_FALSE, ldb_comparator_false}
        };
        int (*comp)(const char *,const struct ldb_val *, const struct ldb_val *, bool *) = NULL;
        struct ldb_message_element *el;

diff --git a/lib/ldb/include/ldb_module.h b/lib/ldb/include/ldb_module.h
index fecf0c7ede914f004fc24b4078968468a37a0e04..2acd8f364bed37a68acd74149c714335c5ed9105 100644 (file)
--- a/lib/ldb/include/ldb_module.h
+++ b/lib/ldb/include/ldb_module.h
@@ -52,6 +52,8 @@ struct ldb_module;
 /* force single value checking on this attribute */
 #define LDB_FLAG_INTERNAL_FORCE_SINGLE_VALUE_CHECK 0x80
 
+/* an extended match rule that always fails to match */
+#define SAMBA_LDAP_MATCH_ALWAYS_FALSE "1.3.6.1.4.1.7165.4.5.1"
 
 /*
    these function pointers define the operations that a ldb module can intercept

diff --git a/source4/setup/schema_samba4.ldif b/source4/setup/schema_samba4.ldif
index 986f0f0f205c0a7d297a1dc0940172f7173a3529..1102fcd8d4ef024dbc937c06b8bc6b6c8f7a5461 100644 (file)
--- a/source4/setup/schema_samba4.ldif
+++ b/source4/setup/schema_samba4.ldif
@@ -12,6 +12,8 @@
 ## 1.3.6.1.4.1.7165.4.4.x - LDB/LDAP Extended Operations
 ### see dsdb/samdb/samdb.h
 
+## 1.3.6.1.4.1.7165.4.5.x - ldap extended matches
+
 ## 1.3.6.1.4.1.7165.4.255.x - mapped OIDs due to conflicts between AD and standards-track
 #
 #
@@ -197,6 +199,12 @@
 #Allocated: DSDB_EXTENDED_CREATE_PARTITION_OID 1.3.6.1.4.1.7165.4.4.4
 #Allocated: DSDB_EXTENDED_ALLOCATE_RID_POOL 1.3.6.1.4.1.7165.4.4.5
 
+
+############
+# ldap extended matches
+#Allocated: SAMBA_LDAP_MATCH_ALWAYS_FALSE 1.3.6.1.4.1.7165.4.5.1
+
+
 #Allocated: (middleName) attributeID: 1.3.6.1.4.1.7165.4.255.1
 
 #Allocated: (defaultGroup) attributeID: 1.3.6.1.4.1.7165.4.255.2