diff options
Diffstat (limited to '')
-rw-r--r-- | lib/ldb/modules/rdn_name.c | 596 |
1 files changed, 596 insertions, 0 deletions
diff --git a/lib/ldb/modules/rdn_name.c b/lib/ldb/modules/rdn_name.c new file mode 100644 index 0000000..3cb62bf --- /dev/null +++ b/lib/ldb/modules/rdn_name.c @@ -0,0 +1,596 @@ +/* + ldb database library + + Copyright (C) Andrew Bartlett 2005-2009 + Copyright (C) Simo Sorce 2006-2008 + + ** NOTE! The following LGPL license applies to the ldb + ** library. This does NOT imply that all of Samba is released + ** under the LGPL + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 3 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, see <http://www.gnu.org/licenses/>. +*/ + +/* + * Name: rdn_name + * + * Component: ldb rdn name module + * + * Description: keep a consistent name attribute on objects manpulations + * + * Author: Andrew Bartlett + * + * Modifications: + * - made the module async + * Simo Sorce Mar 2006 + */ + +#include "replace.h" +#include "system/filesys.h" +#include "system/time.h" +#include "ldb_module.h" + +struct rename_context { + struct ldb_module *module; + struct ldb_request *req; + + struct ldb_reply *ares; +}; + +static int rdn_name_add_callback(struct ldb_request *req, + struct ldb_reply *ares) +{ + struct rename_context *ac; + + ac = talloc_get_type(req->context, struct rename_context); + + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + + if (ares->type == LDB_REPLY_REFERRAL) { + return ldb_module_send_referral(ac->req, ares->referral); + } + + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + + if (ares->type != LDB_REPLY_DONE) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + + return ldb_module_done(ac->req, ares->controls, + ares->response, LDB_SUCCESS); +} + +static int rdn_name_add(struct ldb_module *module, struct ldb_request *req) +{ + struct ldb_context *ldb; + struct ldb_request *down_req; + struct rename_context *ac; + struct ldb_message *msg; + struct ldb_message_element *attribute; + const struct ldb_schema_attribute *a; + const char *rdn_name; + const struct ldb_val *rdn_val_p; + struct ldb_val rdn_val; + unsigned int i; + int ret; + + ldb = ldb_module_get_ctx(module); + + /* do not manipulate our control entries */ + if (ldb_dn_is_special(req->op.add.message->dn)) { + return ldb_next_request(module, req); + } + + ac = talloc_zero(req, struct rename_context); + if (ac == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + ac->module = module; + ac->req = req; + + msg = ldb_msg_copy_shallow(req, req->op.add.message); + if (msg == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + rdn_name = ldb_dn_get_rdn_name(msg->dn); + if (rdn_name == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + rdn_val_p = ldb_dn_get_rdn_val(msg->dn); + if (rdn_val_p == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + if (rdn_val_p->length == 0) { + ldb_asprintf_errstring(ldb, "Empty RDN value on %s not permitted!", + ldb_dn_get_linearized(req->op.add.message->dn)); + return LDB_ERR_INVALID_DN_SYNTAX; + } + rdn_val = ldb_val_dup(msg, rdn_val_p); + + /* Perhaps someone above us tried to set this? Then ignore it */ + ldb_msg_remove_attr(msg, "name"); + + ret = ldb_msg_add_value(msg, "name", &rdn_val, NULL); + if (ret != LDB_SUCCESS) { + return ret; + } + + a = ldb_schema_attribute_by_name(ldb, rdn_name); + if (a == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + attribute = ldb_msg_find_element(msg, rdn_name); + if (!attribute) { + /* add entry with normalised RDN information if possible */ + if (a->name != NULL && strcmp(a->name, "*") != 0) { + ret = ldb_msg_add_value(msg, a->name, &rdn_val, NULL); + } else { + ret = ldb_msg_add_value(msg, rdn_name, &rdn_val, NULL); + } + if (ret != LDB_SUCCESS) { + return ret; + } + } else { + /* normalise attribute name if possible */ + if (a->name != NULL && strcmp(a->name, "*") != 0) { + attribute->name = a->name; + } + /* normalise attribute value */ + for (i = 0; i < attribute->num_values; i++) { + bool matched; + if (a->syntax->operator_fn) { + ret = a->syntax->operator_fn(ldb, LDB_OP_EQUALITY, a, + &rdn_val, &attribute->values[i], &matched); + if (ret != LDB_SUCCESS) return ret; + } else { + matched = (a->syntax->comparison_fn(ldb, msg, + &rdn_val, &attribute->values[i]) == 0); + } + if (matched) { + /* overwrite so it matches in case */ + attribute->values[i] = rdn_val; + break; + } + } + if (i == attribute->num_values) { + char *rdn_errstring = talloc_asprintf(ac, + "RDN mismatch on %s: %s (%.*s) should match one of:", + ldb_dn_get_linearized(msg->dn), rdn_name, + (int)rdn_val.length, (const char *)rdn_val.data); + for (i = 0; i < attribute->num_values; i++) { + rdn_errstring = talloc_asprintf_append( + rdn_errstring, " (%.*s)", + (int)attribute->values[i].length, + (const char *)attribute->values[i].data); + } + ldb_set_errstring(ldb, rdn_errstring); + /* Match AD's error here */ + return LDB_ERR_INVALID_DN_SYNTAX; + } + } + + ret = ldb_build_add_req(&down_req, ldb, req, + msg, + req->controls, + ac, rdn_name_add_callback, + req); + if (ret != LDB_SUCCESS) { + return ret; + } + + talloc_steal(down_req, msg); + + /* go on with the call chain */ + return ldb_next_request(module, down_req); +} + +static int rdn_modify_callback(struct ldb_request *req, struct ldb_reply *ares) +{ + struct rename_context *ac; + + ac = talloc_get_type(req->context, struct rename_context); + + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + + if (ares->type == LDB_REPLY_REFERRAL) { + return ldb_module_send_referral(ac->req, ares->referral); + } + + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + + /* the only supported reply right now is a LDB_REPLY_DONE */ + if (ares->type != LDB_REPLY_DONE) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + + /* send saved controls eventually */ + return ldb_module_done(ac->req, ac->ares->controls, + ac->ares->response, LDB_SUCCESS); +} + +static int rdn_rename_callback(struct ldb_request *req, struct ldb_reply *ares) +{ + struct ldb_context *ldb; + struct rename_context *ac; + struct ldb_request *mod_req; + const char *rdn_name; + const struct ldb_schema_attribute *a = NULL; + const struct ldb_val *rdn_val_p; + struct ldb_val rdn_val; + struct ldb_message *msg; + int ret; + + ac = talloc_get_type(req->context, struct rename_context); + ldb = ldb_module_get_ctx(ac->module); + + if (!ares) { + goto error; + } + + if (ares->type == LDB_REPLY_REFERRAL) { + return ldb_module_send_referral(ac->req, ares->referral); + } + + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + + /* the only supported reply right now is a LDB_REPLY_DONE */ + if (ares->type != LDB_REPLY_DONE) { + goto error; + } + + /* save reply for caller */ + ac->ares = talloc_steal(ac, ares); + + msg = ldb_msg_new(ac); + if (msg == NULL) { + goto error; + } + msg->dn = ldb_dn_copy(msg, ac->req->op.rename.newdn); + if (msg->dn == NULL) { + goto error; + } + + rdn_name = ldb_dn_get_rdn_name(ac->req->op.rename.newdn); + if (rdn_name == NULL) { + goto error; + } + + a = ldb_schema_attribute_by_name(ldb, rdn_name); + if (a == NULL) { + goto error; + } + + if (a->name != NULL && strcmp(a->name, "*") != 0) { + rdn_name = a->name; + } + + rdn_val_p = ldb_dn_get_rdn_val(msg->dn); + if (rdn_val_p == NULL) { + goto error; + } + if (rdn_val_p->length == 0) { + ldb_asprintf_errstring(ldb, "Empty RDN value on %s not permitted!", + ldb_dn_get_linearized(req->op.rename.olddn)); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_NAMING_VIOLATION); + } + rdn_val = ldb_val_dup(msg, rdn_val_p); + + if (ldb_msg_append_value(msg, rdn_name, &rdn_val, LDB_FLAG_MOD_REPLACE) != 0) { + goto error; + } + if (ldb_msg_append_value(msg, "name", &rdn_val, LDB_FLAG_MOD_REPLACE) != 0) { + goto error; + } + + ret = ldb_build_mod_req(&mod_req, ldb, + ac, msg, NULL, + ac, rdn_modify_callback, + req); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } + talloc_steal(mod_req, msg); + + /* go on with the call chain */ + return ldb_next_request(ac->module, mod_req); + +error: + return ldb_module_done(ac->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); +} + +static int rdn_name_rename(struct ldb_module *module, struct ldb_request *req) +{ + struct ldb_context *ldb; + struct rename_context *ac; + struct ldb_request *down_req; + int ret; + + ldb = ldb_module_get_ctx(module); + + /* do not manipulate our control entries */ + if (ldb_dn_is_special(req->op.rename.newdn)) { + return ldb_next_request(module, req); + } + + ac = talloc_zero(req, struct rename_context); + if (ac == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + ac->module = module; + ac->req = req; + + ret = ldb_build_rename_req(&down_req, + ldb, + ac, + req->op.rename.olddn, + req->op.rename.newdn, + req->controls, + ac, + rdn_rename_callback, + req); + + if (ret != LDB_SUCCESS) { + return ret; + } + + /* rename first, modify "name" if rename is ok */ + return ldb_next_request(module, down_req); +} + +static int rdn_recalculate_callback(struct ldb_request *req, struct ldb_reply *ares) +{ + struct ldb_request *up_req = talloc_get_type(req->context, struct ldb_request); + + talloc_steal(up_req, req); + return up_req->callback(up_req, ares); +} + +static int rdn_name_modify(struct ldb_module *module, struct ldb_request *req) +{ + struct ldb_context *ldb; + const struct ldb_val *rdn_val_p; + struct ldb_message_element *e = NULL; + struct ldb_control *recalculate_rdn_control = NULL; + + ldb = ldb_module_get_ctx(module); + + /* do not manipulate our control entries */ + if (ldb_dn_is_special(req->op.mod.message->dn)) { + return ldb_next_request(module, req); + } + + recalculate_rdn_control = ldb_request_get_control(req, + LDB_CONTROL_RECALCULATE_RDN_OID); + if (recalculate_rdn_control != NULL) { + struct ldb_message *msg = NULL; + const char *rdn_name = NULL; + struct ldb_val rdn_val; + const struct ldb_schema_attribute *a = NULL; + struct ldb_request *mod_req = NULL; + int ret; + struct ldb_message_element *rdn_del = NULL; + struct ldb_message_element *name_del = NULL; + + recalculate_rdn_control->critical = false; + + msg = ldb_msg_copy_shallow(req, req->op.mod.message); + if (msg == NULL) { + return ldb_module_oom(module); + } + + /* + * The caller must pass a dummy 'name' attribute + * in order to bypass some high level checks. + * + * We just remove it and check nothing is left. + */ + ldb_msg_remove_attr(msg, "name"); + + if (msg->num_elements != 0) { + return ldb_module_operr(module); + } + + rdn_name = ldb_dn_get_rdn_name(msg->dn); + if (rdn_name == NULL) { + return ldb_module_oom(module); + } + + a = ldb_schema_attribute_by_name(ldb, rdn_name); + if (a == NULL) { + return ldb_module_operr(module); + } + + if (a->name != NULL && strcmp(a->name, "*") != 0) { + rdn_name = a->name; + } + + rdn_val_p = ldb_dn_get_rdn_val(msg->dn); + if (rdn_val_p == NULL) { + return ldb_module_oom(module); + } + rdn_val = ldb_val_dup(msg, rdn_val_p); + if (rdn_val.length == 0) { + return ldb_module_oom(module); + } + + /* + * This is a bit tricky: + * + * We want _DELETE elements (as "rdn_del" and "name_del" without + * values) first, followed by _ADD (with the real names) + * elements (with values). Then we fix up the "rdn_del" and + * "name_del" attributes. + */ + + ret = ldb_msg_add_empty(msg, "rdn_del", LDB_FLAG_MOD_DELETE, NULL); + if (ret != 0) { + return ldb_module_oom(module); + } + ret = ldb_msg_append_value(msg, rdn_name, &rdn_val, LDB_FLAG_MOD_ADD); + if (ret != 0) { + return ldb_module_oom(module); + } + + ret = ldb_msg_add_empty(msg, "name_del", LDB_FLAG_MOD_DELETE, NULL); + if (ret != 0) { + return ldb_module_oom(module); + } + ret = ldb_msg_append_value(msg, "name", &rdn_val, LDB_FLAG_MOD_ADD); + if (ret != 0) { + return ldb_module_oom(module); + } + + rdn_del = ldb_msg_find_element(msg, "rdn_del"); + if (rdn_del == NULL) { + return ldb_module_operr(module); + } + rdn_del->name = talloc_strdup(msg->elements, rdn_name); + if (rdn_del->name == NULL) { + return ldb_module_oom(module); + } + name_del = ldb_msg_find_element(msg, "name_del"); + if (name_del == NULL) { + return ldb_module_operr(module); + } + name_del->name = talloc_strdup(msg->elements, "name"); + if (name_del->name == NULL) { + return ldb_module_oom(module); + } + + ret = ldb_build_mod_req(&mod_req, ldb, + req, msg, NULL, + req, rdn_recalculate_callback, + req); + if (ret != LDB_SUCCESS) { + return ldb_module_done(req, NULL, NULL, ret); + } + talloc_steal(mod_req, msg); + + ret = ldb_request_add_control(mod_req, + LDB_CONTROL_RECALCULATE_RDN_OID, + false, NULL); + if (ret != LDB_SUCCESS) { + return ldb_module_done(req, NULL, NULL, ret); + } + ret = ldb_request_add_control(mod_req, + LDB_CONTROL_PERMISSIVE_MODIFY_OID, + false, NULL); + if (ret != LDB_SUCCESS) { + return ldb_module_done(req, NULL, NULL, ret); + } + + /* go on with the call chain */ + return ldb_next_request(module, mod_req); + } + + rdn_val_p = ldb_dn_get_rdn_val(req->op.mod.message->dn); + if (rdn_val_p == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + if (rdn_val_p->length == 0) { + ldb_asprintf_errstring(ldb, "Empty RDN value on %s not permitted!", + ldb_dn_get_linearized(req->op.mod.message->dn)); + return LDB_ERR_INVALID_DN_SYNTAX; + } + + e = ldb_msg_find_element(req->op.mod.message, "distinguishedName"); + if (e != NULL) { + ldb_asprintf_errstring(ldb, "Modify of 'distinguishedName' on %s not permitted, must use 'rename' operation instead", + ldb_dn_get_linearized(req->op.mod.message->dn)); + if (LDB_FLAG_MOD_TYPE(e->flags) == LDB_FLAG_MOD_REPLACE) { + return LDB_ERR_CONSTRAINT_VIOLATION; + } else { + return LDB_ERR_UNWILLING_TO_PERFORM; + } + } + + if (ldb_msg_find_element(req->op.mod.message, "name")) { + ldb_asprintf_errstring(ldb, "Modify of 'name' on %s not permitted, must use 'rename' operation instead", + ldb_dn_get_linearized(req->op.mod.message->dn)); + return LDB_ERR_NOT_ALLOWED_ON_RDN; + } + + if (ldb_msg_find_element(req->op.mod.message, ldb_dn_get_rdn_name(req->op.mod.message->dn))) { + ldb_asprintf_errstring(ldb, "Modify of RDN '%s' on %s not permitted, must use 'rename' operation instead", + ldb_dn_get_rdn_name(req->op.mod.message->dn), ldb_dn_get_linearized(req->op.mod.message->dn)); + return LDB_ERR_NOT_ALLOWED_ON_RDN; + } + + /* All OK, they kept their fingers out of the special attributes */ + return ldb_next_request(module, req); +} + +static int rdn_name_search(struct ldb_module *module, struct ldb_request *req) +{ + struct ldb_context *ldb; + const char *rdn_name; + const struct ldb_val *rdn_val_p; + + ldb = ldb_module_get_ctx(module); + + /* do not manipulate our control entries */ + if (ldb_dn_is_special(req->op.search.base)) { + return ldb_next_request(module, req); + } + + rdn_name = ldb_dn_get_rdn_name(req->op.search.base); + rdn_val_p = ldb_dn_get_rdn_val(req->op.search.base); + if ((rdn_name != NULL) && (rdn_val_p == NULL)) { + return LDB_ERR_OPERATIONS_ERROR; + } + if ((rdn_val_p != NULL) && (rdn_val_p->length == 0)) { + ldb_asprintf_errstring(ldb, "Empty RDN value on %s not permitted!", + ldb_dn_get_linearized(req->op.search.base)); + return LDB_ERR_INVALID_DN_SYNTAX; + } + + return ldb_next_request(module, req); +} + +static const struct ldb_module_ops ldb_rdn_name_module_ops = { + .name = "rdn_name", + .add = rdn_name_add, + .modify = rdn_name_modify, + .rename = rdn_name_rename, + .search = rdn_name_search +}; + +int ldb_rdn_name_init(const char *version) +{ + LDB_MODULE_CHECK_VERSION(version); + return ldb_register_module(&ldb_rdn_name_module_ops); +} |