/* convert a data blob to a dsdb_dn */ WERROR dsdb_dn_la_from_blob(struct ldb_context *sam_ctx, const struct dsdb_attribute *schema_attrib, const struct dsdb_schema *schema, TALLOC_CTX *mem_ctx, DATA_BLOB *blob, struct dsdb_dn **dsdb_dn) { WERROR werr; struct ldb_message_element new_el; struct drsuapi_DsReplicaAttribute drs; struct drsuapi_DsAttributeValue val; drs.value_ctr.num_values = 1; drs.value_ctr.values = &val; val.blob = blob; werr = schema_attrib->syntax->drsuapi_to_ldb(sam_ctx, schema, schema_attrib, &drs, mem_ctx, &new_el); W_ERROR_NOT_OK_RETURN(werr); if (new_el.num_values != 1) { return WERR_INTERNAL_ERROR; } *dsdb_dn = dsdb_dn_parse(mem_ctx, sam_ctx, &new_el.values[0], schema_attrib->syntax->ldap_oid); if (!*dsdb_dn) { return WERR_INTERNAL_ERROR; } return WERR_OK; }
static int ldif_write_dn_binary_NDR(struct ldb_context *ldb, void *mem_ctx, const struct ldb_val *in, struct ldb_val *out, size_t struct_size, ndr_pull_flags_fn_t pull_fn, ndr_print_fn_t print_fn, bool mask_errors) { uint8_t *p = NULL; enum ndr_err_code err; struct dsdb_dn *dsdb_dn = NULL; char *dn_str = NULL; char *str = NULL; if (!(ldb_get_flags(ldb) & LDB_FLG_SHOW_BINARY)) { return ldb_handler_copy(ldb, mem_ctx, in, out); } dsdb_dn = dsdb_dn_parse(mem_ctx, ldb, in, DSDB_SYNTAX_BINARY_DN); if (dsdb_dn == NULL) { return ldb_handler_copy(ldb, mem_ctx, in, out); } p = talloc_size(dsdb_dn, struct_size); if (p == NULL) { TALLOC_FREE(dsdb_dn); return ldb_handler_copy(ldb, mem_ctx, in, out); } err = ndr_pull_struct_blob(&dsdb_dn->extra_part, p, p, pull_fn); if (err != NDR_ERR_SUCCESS) { /* fail in not in mask_error mode */ if (!mask_errors) { return -1; } TALLOC_FREE(dsdb_dn); return ldb_handler_copy(ldb, mem_ctx, in, out); } dn_str = ldb_dn_get_extended_linearized(dsdb_dn, dsdb_dn->dn, 1); if (dn_str == NULL) { TALLOC_FREE(dsdb_dn); return ldb_handler_copy(ldb, mem_ctx, in, out); } str = ndr_print_struct_string(mem_ctx, print_fn, dn_str, p); TALLOC_FREE(dsdb_dn); if (str == NULL) { return ldb_handler_copy(ldb, mem_ctx, in, out); } *out = data_blob_string_const(str); return 0; }
int dsdb_dn_string_canonicalise(struct ldb_context *ldb, void *mem_ctx, const struct ldb_val *in, struct ldb_val *out) { struct dsdb_dn *dsdb_dn = dsdb_dn_parse(mem_ctx, ldb, in, DSDB_SYNTAX_STRING_DN); if (!dsdb_dn) { return -1; } *out = data_blob_string_const(dsdb_dn_get_casefold(mem_ctx, dsdb_dn)); talloc_free(dsdb_dn); if (!out->data) { return -1; } return 0; }
static int ldb_eval_transitive_filter_helper(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, const char *attr, const struct dsdb_dn *dn_to_match, const char *dn_oid, struct dsdb_dn *to_visit, struct dsdb_dn ***visited, unsigned int *visited_count, bool *matched) { TALLOC_CTX *tmp_ctx; int ret, i, j; struct ldb_result *res; struct ldb_message *msg; struct ldb_message_element *el; const char *attrs[] = { attr, NULL }; tmp_ctx = talloc_new(mem_ctx); if (tmp_ctx == NULL) { return LDB_ERR_OPERATIONS_ERROR; } /* * Fetch the entry to_visit * * NOTE: This is a new LDB search from the TOP of the module * stack. This means that this search runs the whole stack * from top to bottom. * * This may seem to be in-efficient, but it is also the only * way to ensure that the ACLs for this search are applied * correctly. * * Note also that we don't have the original request * here, so we can not apply controls or timeouts here. */ ret = dsdb_search_dn(ldb, tmp_ctx, &res, to_visit->dn, attrs, 0); if (ret != LDB_SUCCESS) { talloc_free(tmp_ctx); return ret; } if (res->count != 1) { talloc_free(tmp_ctx); return LDB_ERR_OPERATIONS_ERROR; } msg = res->msgs[0]; /* Fetch the attribute to match from the entry being visited */ el = ldb_msg_find_element(msg, attr); if (el == NULL) { /* This entry does not have the attribute to match */ talloc_free(tmp_ctx); *matched = false; return LDB_SUCCESS; } /* * If the value to match is present in the attribute values of the * current entry being visited, set matched to true and return OK */ for (i=0; i<el->num_values; i++) { struct dsdb_dn *dn; dn = dsdb_dn_parse(tmp_ctx, ldb, &el->values[i], dn_oid); if (dn == NULL) { talloc_free(tmp_ctx); *matched = false; return LDB_ERR_INVALID_DN_SYNTAX; } if (ldb_dn_compare(dn_to_match->dn, dn->dn) == 0) { talloc_free(tmp_ctx); *matched = true; return LDB_SUCCESS; } } /* * If arrived here, the value to match is not in the values of the * entry being visited. Add the entry being visited (to_visit) * to the visited array. The array is (re)allocated in the parent * memory context. */ if (visited == NULL) { return LDB_ERR_OPERATIONS_ERROR; } else if (*visited == NULL) { *visited = talloc_array(mem_ctx, struct dsdb_dn *, 1); if (*visited == NULL) { talloc_free(tmp_ctx); return LDB_ERR_OPERATIONS_ERROR; } (*visited)[0] = to_visit; (*visited_count) = 1; } else {