コード例 #1
0
ファイル: local.c プロジェクト: celestian/sssd
static char *local_dn_to_path(TALLOC_CTX *mem_ctx,
                              struct ldb_dn *basedn,
                              struct ldb_dn *dn)
{
    int basecomps;
    int dncomps;
    char *path = NULL;

    basecomps = ldb_dn_get_comp_num(basedn);
    dncomps = ldb_dn_get_comp_num(dn);

    for (int i = dncomps - basecomps; i > 0; i--) {
        const struct ldb_val *val;

        val = ldb_dn_get_component_val(dn, i - 1);
        if (!val) return NULL;

        if (path) {
            path = talloc_strdup_append_buffer(path, "/");
            if (!path) return NULL;
            path = talloc_strndup_append_buffer(path, (char *)val->data,
                                                val->length);
        } else {
            path = talloc_strndup(mem_ctx, (char *)val->data, val->length);
        }
        if (!path) return NULL;
    }

    DEBUG(SSSDBG_TRACE_INTERNAL,
          "Secrets path for [%s] is [%s]\n",
          ldb_dn_get_linearized(dn), path);
    return path;
}
コード例 #2
0
ファイル: ldb_map.c プロジェクト: Marvin-Lee/libwmiclient
/* Copy a DN with the base DN of the remote partition. */
static struct ldb_dn *ldb_dn_rebase_remote(void *mem_ctx, const struct ldb_map_context *data, struct ldb_dn *dn)
{
	struct ldb_dn *new_dn;

	new_dn = ldb_dn_copy(mem_ctx, dn);
	if ( ! ldb_dn_validate(new_dn)) {
		talloc_free(new_dn);
		return NULL;
	}

	/* may be we don't need to rebase at all */
	if ( ! data->remote_base_dn || ! data->local_base_dn) {
		return new_dn;
	}

	if ( ! ldb_dn_remove_base_components(new_dn, ldb_dn_get_comp_num(data->local_base_dn))) {
		talloc_free(new_dn);
		return NULL;
	}

	if ( ! ldb_dn_add_base(new_dn, data->remote_base_dn)) {
		talloc_free(new_dn);
		return NULL;
	}

	return new_dn;
}
コード例 #3
0
ファイル: local.c プロジェクト: celestian/sssd
static int local_db_check_containers(TALLOC_CTX *mem_ctx,
                                     struct local_context *lctx,
                                     struct ldb_dn *leaf_dn)
{
    TALLOC_CTX *tmp_ctx;
    static const char *attrs[] = { NULL};
    struct ldb_result *res = NULL;
    struct ldb_dn *dn;
    int num;
    int ret;

    tmp_ctx = talloc_new(mem_ctx);
    if (!tmp_ctx) return ENOMEM;

    dn = ldb_dn_copy(tmp_ctx, leaf_dn);
    if (!dn) {
        ret = ENOMEM;
        goto done;
    }

    /* We need to exclude the leaf as that will be the new child entry,
     * We also do not care for the synthetic containers that constitute the
     * base path (cn=<uidnumber>,cn=users,cn=secrets), so in total we remove
     * 4 components */
    num = ldb_dn_get_comp_num(dn) - 4;

    for (int i = 0; i < num; i++) {
        /* remove the child first (we do not want to check the leaf) */
        if (!ldb_dn_remove_child_components(dn, 1)) return EFAULT;

        /* and check the parent container exists */
        DEBUG(SSSDBG_TRACE_INTERNAL,
              "Searching for [%s] at [%s] with scope=base\n",
              LOCAL_CONTAINER_FILTER, ldb_dn_get_linearized(dn));

        ret = ldb_search(lctx->ldb, tmp_ctx, &res, dn, LDB_SCOPE_BASE,
                         attrs, LOCAL_CONTAINER_FILTER);
        if (ret != LDB_SUCCESS || res->count != 1) {
            DEBUG(SSSDBG_TRACE_LIBS,
                  "DN [%s] does not exist\n", ldb_dn_get_linearized(dn));
            return ENOENT;
        }
    }

    ret = EOK;

done:
    talloc_free(tmp_ctx);
    return ret;
}
コード例 #4
0
ファイル: ldb_match.c プロジェクト: AIdrifter/samba
/*
  check if the scope matches in a search result
*/
static int ldb_match_scope(struct ldb_context *ldb,
			   struct ldb_dn *base,
			   struct ldb_dn *dn,
			   enum ldb_scope scope)
{
	int ret = 0;

	if (base == NULL || dn == NULL) {
		return 1;
	}

	switch (scope) {
	case LDB_SCOPE_BASE:
		if (ldb_dn_compare(base, dn) == 0) {
			ret = 1;
		}
		break;

	case LDB_SCOPE_ONELEVEL:
		if (ldb_dn_get_comp_num(dn) == (ldb_dn_get_comp_num(base) + 1)) {
			if (ldb_dn_compare_base(base, dn) == 0) {
				ret = 1;
			}
		}
		break;
		
	case LDB_SCOPE_SUBTREE:
	default:
		if (ldb_dn_compare_base(base, dn) == 0) {
			ret = 1;
		}
		break;
	}

	return ret;
}
コード例 #5
0
ファイル: local.c プロジェクト: celestian/sssd
static int local_db_check_containers_nest_level(struct local_context *lctx,
                                                struct ldb_dn *leaf_dn)
{
    int nest_level;

    /* We need do not care for the synthetic containers that constitute the
     * base path (cn=<uidnumber>,cn=user,cn=secrets). */
    nest_level = ldb_dn_get_comp_num(leaf_dn) - 3;
    if (nest_level > lctx->containers_nest_level) {
        DEBUG(SSSDBG_OP_FAILURE,
              "Cannot create a nested container of depth %d as the maximum"
              "allowed number of nested containers is %d.\n",
              nest_level, lctx->containers_nest_level);

        return ERR_SEC_INVALID_CONTAINERS_NEST_LEVEL;
    }

    return EOK;
}
コード例 #6
0
ファイル: extended_dn_out.c プロジェクト: gojdic/samba
static int fix_dn(struct ldb_dn *dn) 
{
	int i, ret;
	char *upper_rdn_attr;

	for (i=0; i < ldb_dn_get_comp_num(dn); i++) {
		/* We need the attribute name in upper case */
		upper_rdn_attr = strupper_talloc(dn,
						 ldb_dn_get_component_name(dn, i));
		if (!upper_rdn_attr) {
			return LDB_ERR_OPERATIONS_ERROR;
		}
		
		/* And replace it with CN=foo (we need the attribute in upper case */
		ret = ldb_dn_set_component(dn, i, upper_rdn_attr,
					   *ldb_dn_get_component_val(dn, i));
		talloc_free(upper_rdn_attr);
		if (ret != LDB_SUCCESS) {
			return ret;
		}
	}
	return LDB_SUCCESS;
}
コード例 #7
0
ファイル: ldb.c プロジェクト: gojdic/samba
static bool torture_ldb_dn_extended(struct torture_context *torture)
{
    TALLOC_CTX *mem_ctx = talloc_new(torture);
    struct ldb_context *ldb;
    struct ldb_dn *dn, *dn2;

    DATA_BLOB sid_blob = strhex_to_data_blob(mem_ctx, hex_sid);
    DATA_BLOB guid_blob = strhex_to_data_blob(mem_ctx, hex_guid);

    const char *dn_str = "cn=admin,cn=users,dc=samba,dc=org";

    torture_assert(torture,
                   ldb = ldb_init(mem_ctx, torture->ev),
                   "Failed to init ldb");

    torture_assert_int_equal(torture,
                             ldb_register_samba_handlers(ldb), 0,
                             "Failed to register Samba handlers");

    ldb_set_utf8_fns(ldb, NULL, wrap_casefold);

    /* Check behaviour of a normal DN */
    torture_assert(torture,
                   dn = ldb_dn_new(mem_ctx, ldb, dn_str),
                   "Failed to create a 'normal' DN");

    torture_assert(torture,
                   ldb_dn_validate(dn),
                   "Failed to validate 'normal' DN");

    torture_assert(torture, ldb_dn_has_extended(dn) == false,
                   "Should not find plain DN to be 'extended'");

    torture_assert(torture, ldb_dn_get_extended_component(dn, "SID") == NULL,
                   "Should not find an SID on plain DN");

    torture_assert(torture, ldb_dn_get_extended_component(dn, "GUID") == NULL,
                   "Should not find an GUID on plain DN");

    torture_assert(torture, ldb_dn_get_extended_component(dn, "WKGUID") == NULL,
                   "Should not find an WKGUID on plain DN");

    /* Now make an extended DN */
    torture_assert(torture,
                   dn = ldb_dn_new_fmt(mem_ctx, ldb, "<GUID=%s>;<SID=%s>;%s",
                                       guid, sid, dn_str),
                   "Failed to create an 'extended' DN");

    torture_assert(torture,
                   dn2 = ldb_dn_copy(mem_ctx, dn),
                   "Failed to copy the 'extended' DN");
    talloc_free(dn);
    dn = dn2;

    torture_assert(torture,
                   ldb_dn_validate(dn),
                   "Failed to validate 'extended' DN");

    torture_assert(torture, ldb_dn_has_extended(dn) == true,
                   "Should find extended DN to be 'extended'");

    torture_assert(torture, ldb_dn_get_extended_component(dn, "SID") != NULL,
                   "Should find an SID on extended DN");

    torture_assert(torture, ldb_dn_get_extended_component(dn, "GUID") != NULL,
                   "Should find an GUID on extended DN");

    torture_assert_data_blob_equal(torture, *ldb_dn_get_extended_component(dn, "SID"), sid_blob,
                                   "Extended DN SID incorect");

    torture_assert_data_blob_equal(torture, *ldb_dn_get_extended_component(dn, "GUID"), guid_blob,
                                   "Extended DN GUID incorect");

    torture_assert_str_equal(torture, ldb_dn_get_linearized(dn), dn_str,
                             "linearized DN incorrect");

    torture_assert_str_equal(torture, ldb_dn_get_casefold(dn), strupper_talloc(mem_ctx, dn_str),
                             "casefolded DN incorrect");

    torture_assert_str_equal(torture, ldb_dn_get_component_name(dn, 0), "cn",
                             "componet zero incorrect");

    torture_assert_data_blob_equal(torture, *ldb_dn_get_component_val(dn, 0), data_blob_string_const("admin"),
                                   "componet zero incorrect");

    torture_assert_str_equal(torture, ldb_dn_get_extended_linearized(mem_ctx, dn, 1),
                             talloc_asprintf(mem_ctx, "<GUID=%s>;<SID=%s>;%s",
                                     guid, sid, dn_str),
                             "Clear extended linearized DN incorrect");

    torture_assert_str_equal(torture, ldb_dn_get_extended_linearized(mem_ctx, dn, 0),
                             talloc_asprintf(mem_ctx, "<GUID=%s>;<SID=%s>;%s",
                                     hex_guid, hex_sid, dn_str),
                             "HEX extended linearized DN incorrect");

    torture_assert(torture, ldb_dn_remove_child_components(dn, 1) == true,
                   "Failed to remove DN child");

    torture_assert(torture, ldb_dn_has_extended(dn) == false,
                   "Extended DN flag should be cleared after child element removal");

    torture_assert(torture, ldb_dn_get_extended_component(dn, "SID") == NULL,
                   "Should not find an SID on DN");

    torture_assert(torture, ldb_dn_get_extended_component(dn, "GUID") == NULL,
                   "Should not find an GUID on DN");


    /* TODO:  test setting these in the other order, and ensure it still comes out 'GUID first' */
    torture_assert_int_equal(torture, ldb_dn_set_extended_component(dn, "GUID", &guid_blob), 0,
                             "Failed to set a GUID on DN");

    torture_assert_int_equal(torture, ldb_dn_set_extended_component(dn, "SID", &sid_blob), 0,
                             "Failed to set a SID on DN");

    torture_assert_data_blob_equal(torture, *ldb_dn_get_extended_component(dn, "SID"), sid_blob,
                                   "Extended DN SID incorect");

    torture_assert_data_blob_equal(torture, *ldb_dn_get_extended_component(dn, "GUID"), guid_blob,
                                   "Extended DN GUID incorect");

    torture_assert_str_equal(torture, ldb_dn_get_linearized(dn), "cn=users,dc=samba,dc=org",
                             "linearized DN incorrect");

    torture_assert_str_equal(torture, ldb_dn_get_extended_linearized(mem_ctx, dn, 1),
                             talloc_asprintf(mem_ctx, "<GUID=%s>;<SID=%s>;%s",
                                     guid, sid, "cn=users,dc=samba,dc=org"),
                             "Clear extended linearized DN incorrect");

    torture_assert_str_equal(torture, ldb_dn_get_extended_linearized(mem_ctx, dn, 0),
                             talloc_asprintf(mem_ctx, "<GUID=%s>;<SID=%s>;%s",
                                     hex_guid, hex_sid, "cn=users,dc=samba,dc=org"),
                             "HEX extended linearized DN incorrect");

    /* Now check a 'just GUID' DN (clear format) */
    torture_assert(torture,
                   dn = ldb_dn_new_fmt(mem_ctx, ldb, "<GUID=%s>",
                                       guid),
                   "Failed to create an 'extended' DN");

    torture_assert(torture,
                   ldb_dn_validate(dn),
                   "Failed to validate 'extended' DN");

    torture_assert(torture, ldb_dn_has_extended(dn) == true,
                   "Should find extended DN to be 'extended'");

    torture_assert(torture, ldb_dn_get_extended_component(dn, "SID") == NULL,
                   "Should not find an SID on this DN");

    torture_assert_int_equal(torture, ldb_dn_get_comp_num(dn), 0,
                             "Should not find an 'normal' componet on this DN");

    torture_assert(torture, ldb_dn_get_extended_component(dn, "GUID") != NULL,
                   "Should find an GUID on this DN");

    torture_assert_data_blob_equal(torture, *ldb_dn_get_extended_component(dn, "GUID"), guid_blob,
                                   "Extended DN GUID incorect");

    torture_assert_str_equal(torture, ldb_dn_get_linearized(dn), "",
                             "linearized DN incorrect");

    torture_assert_str_equal(torture, ldb_dn_get_extended_linearized(mem_ctx, dn, 1),
                             talloc_asprintf(mem_ctx, "<GUID=%s>",
                                     guid),
                             "Clear extended linearized DN incorrect");

    torture_assert_str_equal(torture, ldb_dn_get_extended_linearized(mem_ctx, dn, 0),
                             talloc_asprintf(mem_ctx, "<GUID=%s>",
                                     hex_guid),
                             "HEX extended linearized DN incorrect");

    /* Now check a 'just GUID' DN (HEX format) */
    torture_assert(torture,
                   dn = ldb_dn_new_fmt(mem_ctx, ldb, "<GUID=%s>",
                                       hex_guid),
                   "Failed to create an 'extended' DN");

    torture_assert(torture,
                   ldb_dn_validate(dn),
                   "Failed to validate 'extended' DN");

    torture_assert(torture, ldb_dn_has_extended(dn) == true,
                   "Should find extended DN to be 'extended'");

    torture_assert(torture, ldb_dn_get_extended_component(dn, "SID") == NULL,
                   "Should not find an SID on this DN");

    torture_assert(torture, ldb_dn_get_extended_component(dn, "GUID") != NULL,
                   "Should find an GUID on this DN");

    torture_assert_data_blob_equal(torture, *ldb_dn_get_extended_component(dn, "GUID"), guid_blob,
                                   "Extended DN GUID incorect");

    torture_assert_str_equal(torture, ldb_dn_get_linearized(dn), "",
                             "linearized DN incorrect");

    /* Now check a 'just SID' DN (clear format) */
    torture_assert(torture,
                   dn = ldb_dn_new_fmt(mem_ctx, ldb, "<SID=%s>",
                                       sid),
                   "Failed to create an 'extended' DN");

    torture_assert(torture,
                   ldb_dn_validate(dn),
                   "Failed to validate 'extended' DN");

    torture_assert(torture, ldb_dn_has_extended(dn) == true,
                   "Should find extended DN to be 'extended'");

    torture_assert(torture, ldb_dn_get_extended_component(dn, "GUID") == NULL,
                   "Should not find an SID on this DN");

    torture_assert(torture, ldb_dn_get_extended_component(dn, "SID") != NULL,
                   "Should find an SID on this DN");

    torture_assert_data_blob_equal(torture, *ldb_dn_get_extended_component(dn, "SID"), sid_blob,
                                   "Extended DN SID incorect");

    torture_assert_str_equal(torture, ldb_dn_get_linearized(dn), "",
                             "linearized DN incorrect");

    torture_assert_str_equal(torture, ldb_dn_get_extended_linearized(mem_ctx, dn, 1),
                             talloc_asprintf(mem_ctx, "<SID=%s>",
                                     sid),
                             "Clear extended linearized DN incorrect");

    torture_assert_str_equal(torture, ldb_dn_get_extended_linearized(mem_ctx, dn, 0),
                             talloc_asprintf(mem_ctx, "<SID=%s>",
                                     hex_sid),
                             "HEX extended linearized DN incorrect");

    /* Now check a 'just SID' DN (HEX format) */
    torture_assert(torture,
                   dn = ldb_dn_new_fmt(mem_ctx, ldb, "<SID=%s>",
                                       hex_sid),
                   "Failed to create an 'extended' DN");

    torture_assert(torture,
                   ldb_dn_validate(dn),
                   "Failed to validate 'extended' DN");

    torture_assert(torture, ldb_dn_has_extended(dn) == true,
                   "Should find extended DN to be 'extended'");

    torture_assert(torture, ldb_dn_get_extended_component(dn, "GUID") == NULL,
                   "Should not find an SID on this DN");

    torture_assert(torture, ldb_dn_get_extended_component(dn, "SID") != NULL,
                   "Should find an SID on this DN");

    torture_assert_data_blob_equal(torture, *ldb_dn_get_extended_component(dn, "SID"), sid_blob,
                                   "Extended DN SID incorect");

    torture_assert_str_equal(torture, ldb_dn_get_linearized(dn), "",
                             "linearized DN incorrect");

    talloc_free(mem_ctx);
    return true;
}
コード例 #8
0
ファイル: ldb_map.c プロジェクト: 0x24bin/winexe-1
/* Map a DN into the local partition. */
struct ldb_dn *ldb_dn_map_remote(struct ldb_module *module, void *mem_ctx, const struct ldb_dn *dn)
{
	const struct ldb_map_context *data = map_get_context(module);
	struct ldb_dn *newdn;
	const struct ldb_map_attribute *map;
	enum ldb_map_attr_type map_type;
	const char *name;
	struct ldb_val value;
	int i, ret;

	if (dn == NULL) {
		return NULL;
	}

	newdn = ldb_dn_copy(mem_ctx, dn);
	if (newdn == NULL) {
		map_oom(module);
		return NULL;
	}

	/* For each RDN, map the component name and possibly the value */
	for (i = 0; i < ldb_dn_get_comp_num(newdn); i++) {
		map = map_attr_find_remote(data, ldb_dn_get_component_name(dn, i));

		/* Unknown attribute - leave this RDN as is and hope the best... */
		if (map == NULL) {
			map_type = MAP_KEEP;
		} else {
			map_type = map->type;
		}

		switch (map_type) {
		case MAP_IGNORE:
		case MAP_GENERATE:
			ldb_debug(module->ldb, LDB_DEBUG_ERROR, "ldb_map: "
				  "MAP_IGNORE/MAP_GENERATE attribute '%s' "
				  "used in DN!\n", ldb_dn_get_component_name(dn, i));
			goto failed;

		case MAP_CONVERT:
			if (map->u.convert.convert_remote == NULL) {
				ldb_debug(module->ldb, LDB_DEBUG_ERROR, "ldb_map: "
					  "'convert_remote' not set for attribute '%s' "
					  "used in DN!\n", ldb_dn_get_component_name(dn, i));
				goto failed;
			}
			/* fall through */
		case MAP_KEEP:
		case MAP_RENAME:
			name = map_attr_map_remote(newdn, map, ldb_dn_get_component_name(dn, i));
			if (name == NULL) goto failed;

			value = ldb_val_map_remote(module, newdn, map, ldb_dn_get_component_val(dn, i));
			if (value.data == NULL) goto failed;

			ret = ldb_dn_set_component(newdn, i, name, value);
			if (ret != LDB_SUCCESS) {
				goto failed;
			}

			break;
		}
	}

	return newdn;

failed:
	talloc_free(newdn);
	return NULL;
}