/*
convert a data blob to a dsdb_dn
*/
WERROR dsdb_dn_la_from_blob(struct ldb_context *sam_ctx,
const struct dsdb_attribute *schema_attrib,
const struct dsdb_schema *schema,
TALLOC_CTX *mem_ctx,
DATA_BLOB *blob,
struct dsdb_dn **dsdb_dn)
{
WERROR werr;
struct ldb_message_element new_el;
struct drsuapi_DsReplicaAttribute drs;
struct drsuapi_DsAttributeValue val;
drs.value_ctr.num_values = 1;
drs.value_ctr.values = &val;
val.blob = blob;
werr = schema_attrib->syntax->drsuapi_to_ldb(sam_ctx, schema, schema_attrib, &drs, mem_ctx, &new_el);
W_ERROR_NOT_OK_RETURN(werr);
if (new_el.num_values != 1) {
return WERR_INTERNAL_ERROR;
}
*dsdb_dn = dsdb_dn_parse(mem_ctx, sam_ctx, &new_el.values[0], schema_attrib->syntax->ldap_oid);
if (!*dsdb_dn) {
return WERR_INTERNAL_ERROR;
}
return WERR_OK;
}
static int ldif_write_dn_binary_NDR(struct ldb_context *ldb, void *mem_ctx,
const struct ldb_val *in, struct ldb_val *out,
size_t struct_size,
ndr_pull_flags_fn_t pull_fn,
ndr_print_fn_t print_fn,
bool mask_errors)
{
uint8_t *p = NULL;
enum ndr_err_code err;
struct dsdb_dn *dsdb_dn = NULL;
char *dn_str = NULL;
char *str = NULL;
if (!(ldb_get_flags(ldb) & LDB_FLG_SHOW_BINARY)) {
return ldb_handler_copy(ldb, mem_ctx, in, out);
}
dsdb_dn = dsdb_dn_parse(mem_ctx, ldb, in, DSDB_SYNTAX_BINARY_DN);
if (dsdb_dn == NULL) {
return ldb_handler_copy(ldb, mem_ctx, in, out);
}
p = talloc_size(dsdb_dn, struct_size);
if (p == NULL) {
TALLOC_FREE(dsdb_dn);
return ldb_handler_copy(ldb, mem_ctx, in, out);
}
err = ndr_pull_struct_blob(&dsdb_dn->extra_part, p, p, pull_fn);
if (err != NDR_ERR_SUCCESS) {
/* fail in not in mask_error mode */
if (!mask_errors) {
return -1;
}
TALLOC_FREE(dsdb_dn);
return ldb_handler_copy(ldb, mem_ctx, in, out);
}
dn_str = ldb_dn_get_extended_linearized(dsdb_dn, dsdb_dn->dn, 1);
if (dn_str == NULL) {
TALLOC_FREE(dsdb_dn);
return ldb_handler_copy(ldb, mem_ctx, in, out);
}
str = ndr_print_struct_string(mem_ctx, print_fn, dn_str, p);
TALLOC_FREE(dsdb_dn);
if (str == NULL) {
return ldb_handler_copy(ldb, mem_ctx, in, out);
}
*out = data_blob_string_const(str);
return 0;
}
int dsdb_dn_string_canonicalise(struct ldb_context *ldb, void *mem_ctx,
const struct ldb_val *in, struct ldb_val *out)
{
struct dsdb_dn *dsdb_dn = dsdb_dn_parse(mem_ctx, ldb, in, DSDB_SYNTAX_STRING_DN);
if (!dsdb_dn) {
return -1;
}
*out = data_blob_string_const(dsdb_dn_get_casefold(mem_ctx, dsdb_dn));
talloc_free(dsdb_dn);
if (!out->data) {
return -1;
}
return 0;
}
static int ldb_eval_transitive_filter_helper(TALLOC_CTX *mem_ctx,
struct ldb_context *ldb,
const char *attr,
const struct dsdb_dn *dn_to_match,
const char *dn_oid,
struct dsdb_dn *to_visit,
struct dsdb_dn ***visited,
unsigned int *visited_count,
bool *matched)
{
TALLOC_CTX *tmp_ctx;
int ret, i, j;
struct ldb_result *res;
struct ldb_message *msg;
struct ldb_message_element *el;
const char *attrs[] = { attr, NULL };
tmp_ctx = talloc_new(mem_ctx);
if (tmp_ctx == NULL) {
return LDB_ERR_OPERATIONS_ERROR;
}
/*
* Fetch the entry to_visit
*
* NOTE: This is a new LDB search from the TOP of the module
* stack. This means that this search runs the whole stack
* from top to bottom.
*
* This may seem to be in-efficient, but it is also the only
* way to ensure that the ACLs for this search are applied
* correctly.
*
* Note also that we don't have the original request
* here, so we can not apply controls or timeouts here.
*/
ret = dsdb_search_dn(ldb, tmp_ctx, &res, to_visit->dn, attrs, 0);
if (ret != LDB_SUCCESS) {
talloc_free(tmp_ctx);
return ret;
}
if (res->count != 1) {
talloc_free(tmp_ctx);
return LDB_ERR_OPERATIONS_ERROR;
}
msg = res->msgs[0];
/* Fetch the attribute to match from the entry being visited */
el = ldb_msg_find_element(msg, attr);
if (el == NULL) {
/* This entry does not have the attribute to match */
talloc_free(tmp_ctx);
*matched = false;
return LDB_SUCCESS;
}
/*
* If the value to match is present in the attribute values of the
* current entry being visited, set matched to true and return OK
*/
for (i=0; i<el->num_values; i++) {
struct dsdb_dn *dn;
dn = dsdb_dn_parse(tmp_ctx, ldb, &el->values[i], dn_oid);
if (dn == NULL) {
talloc_free(tmp_ctx);
*matched = false;
return LDB_ERR_INVALID_DN_SYNTAX;
}
if (ldb_dn_compare(dn_to_match->dn, dn->dn) == 0) {
talloc_free(tmp_ctx);
*matched = true;
return LDB_SUCCESS;
}
}
/*
* If arrived here, the value to match is not in the values of the
* entry being visited. Add the entry being visited (to_visit)
* to the visited array. The array is (re)allocated in the parent
* memory context.
*/
if (visited == NULL) {
return LDB_ERR_OPERATIONS_ERROR;
} else if (*visited == NULL) {
*visited = talloc_array(mem_ctx, struct dsdb_dn *, 1);
if (*visited == NULL) {
talloc_free(tmp_ctx);
return LDB_ERR_OPERATIONS_ERROR;
}
(*visited)[0] = to_visit;
(*visited_count) = 1;
} else {
