/* Just copy the old value. */ static struct ldb_val convert_uid_samaccount(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) { struct ldb_val out = data_blob(NULL, 0); out = ldb_val_dup(ctx, val); return out; }
/* copy a message, allocating new memory for all parts */ struct ldb_message *ldb_msg_copy(TALLOC_CTX *mem_ctx, const struct ldb_message *msg) { struct ldb_message *msg2; unsigned int i, j; msg2 = ldb_msg_copy_shallow(mem_ctx, msg); if (msg2 == NULL) return NULL; msg2->dn = ldb_dn_copy(msg2, msg2->dn); if (msg2->dn == NULL) goto failed; for (i=0;i<msg2->num_elements;i++) { struct ldb_message_element *el = &msg2->elements[i]; struct ldb_val *values = el->values; el->name = talloc_strdup(msg2->elements, el->name); if (el->name == NULL) goto failed; el->values = talloc_array(msg2->elements, struct ldb_val, el->num_values); if (el->values == NULL) goto failed; for (j=0;j<el->num_values;j++) { el->values[j] = ldb_val_dup(el->values, &values[j]); if (el->values[j].data == NULL && values[j].length != 0) { goto failed; } } } return msg2; failed: talloc_free(msg2); return NULL; }
/* Map an ldb value back into the local partition. */ struct ldb_val ldb_val_map_remote(struct ldb_module *module, void *mem_ctx, const struct ldb_map_attribute *map, const struct ldb_val *val) { if (map && (map->type == MAP_CONVERT) && (map->u.convert.convert_remote)) { return map->u.convert.convert_remote(module, mem_ctx, val); } return ldb_val_dup(mem_ctx, val); }
/* default function for read/write/canonicalise */ static int ldb_default_copy(struct ldb_context *ldb, void *mem_ctx, const struct ldb_val *in, struct ldb_val *out) { *out = ldb_val_dup(mem_ctx, in); if (out->data == NULL && in->data != NULL) { return -1; } return 0; }
/* Map an objectClass into the local partition. */ static struct ldb_val map_objectclass_convert_remote(struct ldb_module *module, void *mem_ctx, const struct ldb_val *val) { const struct ldb_map_context *data = map_get_context(module); const char *name = (char *)val->data; const struct ldb_map_objectclass *map = map_objectclass_find_remote(data, name); struct ldb_val newval; if (map) { newval.data = (uint8_t*)talloc_strdup(mem_ctx, map->local_name); newval.length = strlen((char *)newval.data); return newval; } return ldb_val_dup(mem_ctx, val); }
/* modify a record - internal interface yuck - this is O(n^2). Luckily n is usually small so we probably get away with it, but if we ever have really large attribute lists then we'll need to look at this again 'req' is optional, and is used to specify controls if supplied */ int ltdb_modify_internal(struct ldb_module *module, const struct ldb_message *msg, struct ldb_request *req) { struct ldb_context *ldb = ldb_module_get_ctx(module); void *data = ldb_module_get_private(module); struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private); TDB_DATA tdb_key, tdb_data; struct ldb_val ldb_data; struct ldb_message *msg2; unsigned int i, j, k; int ret = LDB_SUCCESS, idx; struct ldb_control *control_permissive = NULL; if (req) { control_permissive = ldb_request_get_control(req, LDB_CONTROL_PERMISSIVE_MODIFY_OID); } tdb_key = ltdb_key(module, msg->dn); if (!tdb_key.dptr) { return LDB_ERR_OTHER; } tdb_data = tdb_fetch(ltdb->tdb, tdb_key); if (!tdb_data.dptr) { talloc_free(tdb_key.dptr); return ltdb_err_map(tdb_error(ltdb->tdb)); } msg2 = ldb_msg_new(tdb_key.dptr); if (msg2 == NULL) { free(tdb_data.dptr); ret = LDB_ERR_OTHER; goto done; } ldb_data.data = tdb_data.dptr; ldb_data.length = tdb_data.dsize; ret = ldb_unpack_data(ldb_module_get_ctx(module), &ldb_data, msg2); free(tdb_data.dptr); if (ret == -1) { ret = LDB_ERR_OTHER; goto done; } if (!msg2->dn) { msg2->dn = msg->dn; } for (i=0; i<msg->num_elements; i++) { struct ldb_message_element *el = &msg->elements[i], *el2; struct ldb_val *vals; const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(ldb, el->name); const char *dn; switch (msg->elements[i].flags & LDB_FLAG_MOD_MASK) { case LDB_FLAG_MOD_ADD: if (el->num_values == 0) { ldb_asprintf_errstring(ldb, "attribute '%s': attribute on '%s' specified, but with 0 values (illegal)", el->name, ldb_dn_get_linearized(msg2->dn)); ret = LDB_ERR_CONSTRAINT_VIOLATION; goto done; } /* make a copy of the array so that a permissive * control can remove duplicates without changing the * original values, but do not copy data as we do not * need to keep it around once the operation is * finished */ if (control_permissive) { el = talloc(msg2, struct ldb_message_element); if (!el) { ret = LDB_ERR_OTHER; goto done; } *el = msg->elements[i]; el->values = talloc_array(el, struct ldb_val, el->num_values); if (el->values == NULL) { ret = LDB_ERR_OTHER; goto done; } for (j = 0; j < el->num_values; j++) { el->values[j] = msg->elements[i].values[j]; } } if (el->num_values > 1 && ldb_tdb_single_valued(a, el)) { ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once", el->name, ldb_dn_get_linearized(msg2->dn)); ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS; goto done; } /* Checks if element already exists */ idx = find_element(msg2, el->name); if (idx == -1) { if (ltdb_msg_add_element(ldb, msg2, el) != 0) { ret = LDB_ERR_OTHER; goto done; } ret = ltdb_index_add_element(module, msg2->dn, el); if (ret != LDB_SUCCESS) { goto done; } } else { j = (unsigned int) idx; el2 = &(msg2->elements[j]); /* We cannot add another value on a existing one if the attribute is single-valued */ if (ldb_tdb_single_valued(a, el)) { ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once", el->name, ldb_dn_get_linearized(msg2->dn)); ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS; goto done; } /* Check that values don't exist yet on multi- valued attributes or aren't provided twice */ /* TODO: This is O(n^2) - replace with more efficient check */ for (j = 0; j < el->num_values; j++) { if (ldb_msg_find_val(el2, &el->values[j]) != NULL) { if (control_permissive) { /* remove this one as if it was never added */ el->num_values--; for (k = j; k < el->num_values; k++) { el->values[k] = el->values[k + 1]; } j--; /* rewind */ continue; } ldb_asprintf_errstring(ldb, "attribute '%s': value #%u on '%s' already exists", el->name, j, ldb_dn_get_linearized(msg2->dn)); ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS; goto done; } if (ldb_msg_find_val(el, &el->values[j]) != &el->values[j]) { ldb_asprintf_errstring(ldb, "attribute '%s': value #%u on '%s' provided more than once", el->name, j, ldb_dn_get_linearized(msg2->dn)); ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS; goto done; } } /* Now combine existing and new values to a new attribute record */ vals = talloc_realloc(msg2->elements, el2->values, struct ldb_val, el2->num_values + el->num_values); if (vals == NULL) { ldb_oom(ldb); ret = LDB_ERR_OTHER; goto done; } for (j=0; j<el->num_values; j++) { vals[el2->num_values + j] = ldb_val_dup(vals, &el->values[j]); } el2->values = vals; el2->num_values += el->num_values; ret = ltdb_index_add_element(module, msg2->dn, el); if (ret != LDB_SUCCESS) { goto done; } } break; case LDB_FLAG_MOD_REPLACE: if (el->num_values > 1 && ldb_tdb_single_valued(a, el)) { ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once", el->name, ldb_dn_get_linearized(msg2->dn)); ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS; goto done; } /* TODO: This is O(n^2) - replace with more efficient check */ for (j=0; j<el->num_values; j++) { if (ldb_msg_find_val(el, &el->values[j]) != &el->values[j]) { ldb_asprintf_errstring(ldb, "attribute '%s': value #%u on '%s' provided more than once", el->name, j, ldb_dn_get_linearized(msg2->dn)); ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS; goto done; } } /* Checks if element already exists */ idx = find_element(msg2, el->name); if (idx != -1) { j = (unsigned int) idx; el2 = &(msg2->elements[j]); /* we consider two elements to be * equal only if the order * matches. This allows dbcheck to * fix the ordering on attributes * where order matters, such as * objectClass */ if (ldb_msg_element_equal_ordered(el, el2)) { continue; } /* Delete the attribute if it exists in the DB */ if (msg_delete_attribute(module, ldb, msg2, el->name) != 0) { ret = LDB_ERR_OTHER; goto done; } } /* Recreate it with the new values */ if (ltdb_msg_add_element(ldb, msg2, el) != 0) { ret = LDB_ERR_OTHER; goto done; } ret = ltdb_index_add_element(module, msg2->dn, el); if (ret != LDB_SUCCESS) { goto done; } break; case LDB_FLAG_MOD_DELETE: dn = ldb_dn_get_linearized(msg2->dn); if (dn == NULL) { ret = LDB_ERR_OTHER; goto done; } if (msg->elements[i].num_values == 0) { /* Delete the whole attribute */ ret = msg_delete_attribute(module, ldb, msg2, msg->elements[i].name); if (ret == LDB_ERR_NO_SUCH_ATTRIBUTE && control_permissive) { ret = LDB_SUCCESS; } else { ldb_asprintf_errstring(ldb, "attribute '%s': no such attribute for delete on '%s'", msg->elements[i].name, dn); } if (ret != LDB_SUCCESS) { goto done; } } else { /* Delete specified values from an attribute */ for (j=0; j < msg->elements[i].num_values; j++) { ret = msg_delete_element(module, msg2, msg->elements[i].name, &msg->elements[i].values[j]); if (ret == LDB_ERR_NO_SUCH_ATTRIBUTE && control_permissive) { ret = LDB_SUCCESS; } else { ldb_asprintf_errstring(ldb, "attribute '%s': no matching attribute value while deleting attribute on '%s'", msg->elements[i].name, dn); } if (ret != LDB_SUCCESS) { goto done; } } } break; default: ldb_asprintf_errstring(ldb, "attribute '%s': invalid modify flags on '%s': 0x%x", msg->elements[i].name, ldb_dn_get_linearized(msg->dn), msg->elements[i].flags & LDB_FLAG_MOD_MASK); ret = LDB_ERR_PROTOCOL_ERROR; goto done; } } ret = ltdb_store(module, msg2, TDB_MODIFY); if (ret != LDB_SUCCESS) { goto done; } ret = ltdb_modified(module, msg2->dn); if (ret != LDB_SUCCESS) { goto done; } done: talloc_free(tdb_key.dptr); return ret; }
static int rdn_name_add(struct ldb_module *module, struct ldb_request *req) { struct ldb_context *ldb; struct ldb_request *down_req; struct rename_context *ac; struct ldb_message *msg; struct ldb_message_element *attribute; const struct ldb_schema_attribute *a; const char *rdn_name; struct ldb_val rdn_val; int i, ret; ldb = ldb_module_get_ctx(module); /* do not manipulate our control entries */ if (ldb_dn_is_special(req->op.add.message->dn)) { return ldb_next_request(module, req); } ac = talloc_zero(req, struct rename_context); if (ac == NULL) { return LDB_ERR_OPERATIONS_ERROR; } ac->module = module; ac->req = req; msg = ldb_msg_copy_shallow(req, req->op.add.message); if (msg == NULL) { return LDB_ERR_OPERATIONS_ERROR; } rdn_name = ldb_dn_get_rdn_name(msg->dn); if (rdn_name == NULL) { return LDB_ERR_OPERATIONS_ERROR; } rdn_val = ldb_val_dup(msg, ldb_dn_get_rdn_val(msg->dn)); /* Perhaps someone above us tried to set this? */ if ((attribute = rdn_name_find_attribute(msg, "name")) != NULL ) { attribute->num_values = 0; } if (ldb_msg_add_value(msg, "name", &rdn_val, NULL) != 0) { return LDB_ERR_OPERATIONS_ERROR; } attribute = rdn_name_find_attribute(msg, rdn_name); if (!attribute) { if (ldb_msg_add_value(msg, rdn_name, &rdn_val, NULL) != 0) { return LDB_ERR_OPERATIONS_ERROR; } } else { a = ldb_schema_attribute_by_name(ldb, rdn_name); for (i = 0; i < attribute->num_values; i++) { ret = a->syntax->comparison_fn(ldb, msg, &rdn_val, &attribute->values[i]); if (ret == 0) { /* overwrite so it matches in case */ attribute->values[i] = rdn_val; break; } } if (i == attribute->num_values) { char *rdn_errstring = talloc_asprintf(ac, "RDN mismatch on %s: %s (%.*s) should match one of:", ldb_dn_get_linearized(msg->dn), rdn_name, (int)rdn_val.length, (const char *)rdn_val.data); for (i = 0; i < attribute->num_values; i++) { rdn_errstring = talloc_asprintf_append( rdn_errstring, " (%.*s)", (int)attribute->values[i].length, (const char *)attribute->values[i].data); } ldb_set_errstring(ldb, rdn_errstring); /* Match AD's error here */ return LDB_ERR_INVALID_DN_SYNTAX; } } ret = ldb_build_add_req(&down_req, ldb, req, msg, req->controls, ac, rdn_name_add_callback, req); if (ret != LDB_SUCCESS) { return ret; } talloc_steal(down_req, msg); /* go on with the call chain */ return ldb_next_request(module, down_req); }
static int rdn_rename_callback(struct ldb_request *req, struct ldb_reply *ares) { struct ldb_context *ldb; struct rename_context *ac; struct ldb_request *mod_req; const char *rdn_name; struct ldb_val rdn_val; struct ldb_message *msg; int ret; ac = talloc_get_type(req->context, struct rename_context); ldb = ldb_module_get_ctx(ac->module); if (!ares) { goto error; } if (ares->error != LDB_SUCCESS) { return ldb_module_done(ac->req, ares->controls, ares->response, ares->error); } /* the only supported reply right now is a LDB_REPLY_DONE */ if (ares->type != LDB_REPLY_DONE) { goto error; } /* save reply for caller */ ac->ares = talloc_steal(ac, ares); msg = ldb_msg_new(ac); if (msg == NULL) { goto error; } msg->dn = ldb_dn_copy(msg, ac->req->op.rename.newdn); if (msg->dn == NULL) { goto error; } rdn_name = ldb_dn_get_rdn_name(ac->req->op.rename.newdn); if (rdn_name == NULL) { goto error; } rdn_val = ldb_val_dup(msg, ldb_dn_get_rdn_val(ac->req->op.rename.newdn)); if (ldb_msg_add_empty(msg, rdn_name, LDB_FLAG_MOD_REPLACE, NULL) != 0) { goto error; } if (ldb_msg_add_value(msg, rdn_name, &rdn_val, NULL) != 0) { goto error; } if (ldb_msg_add_empty(msg, "name", LDB_FLAG_MOD_REPLACE, NULL) != 0) { goto error; } if (ldb_msg_add_value(msg, "name", &rdn_val, NULL) != 0) { goto error; } ret = ldb_build_mod_req(&mod_req, ldb, ac, msg, NULL, ac, rdn_modify_callback, req); if (ret != LDB_SUCCESS) { return ldb_module_done(ac->req, NULL, NULL, ret); } talloc_steal(mod_req, msg); /* go on with the call chain */ return ldb_next_request(ac->module, mod_req); error: return ldb_module_done(ac->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); }
/* modify a record - internal interface yuck - this is O(n^2). Luckily n is usually small so we probably get away with it, but if we ever have really large attribute lists then we'll need to look at this again 'req' is optional, and is used to specify controls if supplied */ int ltdb_modify_internal(struct ldb_module *module, const struct ldb_message *msg, struct ldb_request *req) { struct ldb_context *ldb = ldb_module_get_ctx(module); void *data = ldb_module_get_private(module); struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private); TDB_DATA tdb_key, tdb_data; struct ldb_message *msg2; unsigned i, j; int ret = LDB_SUCCESS, idx; tdb_key = ltdb_key(module, msg->dn); if (!tdb_key.dptr) { return LDB_ERR_OTHER; } tdb_data = tdb_fetch(ltdb->tdb, tdb_key); if (!tdb_data.dptr) { talloc_free(tdb_key.dptr); return ltdb_err_map(tdb_error(ltdb->tdb)); } msg2 = talloc(tdb_key.dptr, struct ldb_message); if (msg2 == NULL) { free(tdb_data.dptr); ret = LDB_ERR_OTHER; goto done; } ret = ltdb_unpack_data(module, &tdb_data, msg2); free(tdb_data.dptr); if (ret == -1) { ret = LDB_ERR_OTHER; goto done; } if (!msg2->dn) { msg2->dn = msg->dn; } for (i=0; i<msg->num_elements; i++) { struct ldb_message_element *el = &msg->elements[i], *el2; struct ldb_val *vals; const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(ldb, el->name); const char *dn; if (ldb_attr_cmp(el->name, "distinguishedName") == 0) { ldb_asprintf_errstring(ldb, "it is not permitted to perform a modify on 'distinguishedName' (use rename instead): %s", ldb_dn_get_linearized(msg2->dn)); ret = LDB_ERR_CONSTRAINT_VIOLATION; goto done; } switch (msg->elements[i].flags & LDB_FLAG_MOD_MASK) { case LDB_FLAG_MOD_ADD: if (el->num_values == 0) { ldb_asprintf_errstring(ldb, "attribute %s on %s specified, but with 0 values (illigal)", el->name, ldb_dn_get_linearized(msg2->dn)); ret = LDB_ERR_CONSTRAINT_VIOLATION; goto done; } if (a && a->flags & LDB_ATTR_FLAG_SINGLE_VALUE) { if (el->num_values > 1) { ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once", el->name, ldb_dn_get_linearized(msg2->dn)); ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS; goto done; } } /* Checks if element already exists */ idx = find_element(msg2, el->name); if (idx == -1) { if (ltdb_msg_add_element(ldb, msg2, el) != 0) { ret = LDB_ERR_OTHER; goto done; } ret = ltdb_index_add_element(module, msg2->dn, el); if (ret != LDB_SUCCESS) { goto done; } } else { /* We cannot add another value on a existing one if the attribute is single-valued */ if (a && a->flags & LDB_ATTR_FLAG_SINGLE_VALUE) { ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once", el->name, ldb_dn_get_linearized(msg2->dn)); ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS; goto done; } el2 = &(msg2->elements[idx]); /* Check that values don't exist yet on multi- valued attributes or aren't provided twice */ for (j=0; j<el->num_values; j++) { if (ldb_msg_find_val(el2, &el->values[j]) != NULL) { ldb_asprintf_errstring(ldb, "%s: value #%d already exists", el->name, j); ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS; goto done; } if (ldb_msg_find_val(el, &el->values[j]) != &el->values[j]) { ldb_asprintf_errstring(ldb, "%s: value #%d provided more than once", el->name, j); ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS; goto done; } } /* Now combine existing and new values to a new attribute record */ vals = talloc_realloc(msg2->elements, el2->values, struct ldb_val, el2->num_values + el->num_values); if (vals == NULL) { ldb_oom(ldb); ret = LDB_ERR_OTHER; goto done; } for (j=0; j<el->num_values; j++) { vals[el2->num_values + j] = ldb_val_dup(vals, &el->values[j]); } el2->values = vals; el2->num_values += el->num_values; ret = ltdb_index_add_element(module, msg2->dn, el); if (ret != LDB_SUCCESS) { goto done; } } break; case LDB_FLAG_MOD_REPLACE: if (a && a->flags & LDB_ATTR_FLAG_SINGLE_VALUE) { /* the RELAX control overrides this check for replace. This is needed as DRS replication can produce multiple values here for a single valued attribute when the values are deleted links */ if (el->num_values > 1 && (!req || !ldb_request_get_control(req, LDB_CONTROL_RELAX_OID))) { ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once", el->name, ldb_dn_get_linearized(msg2->dn)); ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS; goto done; } } /* TODO: This is O(n^2) - replace with more efficient check */ for (j=0; j<el->num_values; j++) { if (ldb_msg_find_val(el, &el->values[j]) != &el->values[j]) { ldb_asprintf_errstring(ldb, "%s: value #%d provided more than once", el->name, j); ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS; goto done; } } idx = find_element(msg2, el->name); if (idx != -1) { el2 = &(msg2->elements[idx]); if (ldb_msg_element_compare(el, el2) == 0) { /* we are replacing with the same values */ continue; } /* Delete the attribute if it exists in the DB */ if (msg_delete_attribute(module, ldb, msg2, el->name) != 0) { ret = LDB_ERR_OTHER; goto done; } } /* Recreate it with the new values */ if (ltdb_msg_add_element(ldb, msg2, el) != 0) { ret = LDB_ERR_OTHER; goto done; } ret = ltdb_index_add_element(module, msg2->dn, el); if (ret != LDB_SUCCESS) { goto done; } break; case LDB_FLAG_MOD_DELETE: dn = ldb_dn_get_linearized(msg2->dn); if (dn == NULL) { ret = LDB_ERR_OTHER; goto done; } if (msg->elements[i].num_values == 0) { /* Delete the whole attribute */ if (msg_delete_attribute(module, ldb, msg2, msg->elements[i].name) != 0) { ldb_asprintf_errstring(ldb, "No such attribute: %s for delete on %s", msg->elements[i].name, dn); ret = LDB_ERR_NO_SUCH_ATTRIBUTE; goto done; } } else { /* Delete specified values from an attribute */ for (j=0; j < msg->elements[i].num_values; j++) { if (msg_delete_element(module, msg2, msg->elements[i].name, &msg->elements[i].values[j]) != 0) { ldb_asprintf_errstring(ldb, "No matching attribute value when deleting attribute: %s on %s", msg->elements[i].name, dn); ret = LDB_ERR_NO_SUCH_ATTRIBUTE; goto done; } } } break; default: ldb_asprintf_errstring(ldb, "Invalid ldb_modify flags on %s: 0x%x", msg->elements[i].name, msg->elements[i].flags & LDB_FLAG_MOD_MASK); ret = LDB_ERR_PROTOCOL_ERROR; goto done; } } ret = ltdb_store(module, msg2, TDB_MODIFY); if (ret != LDB_SUCCESS) { goto done; } ret = ltdb_modified(module, msg2->dn); if (ret != LDB_SUCCESS) { goto done; } done: talloc_free(tdb_key.dptr); return ret; }