4 Copyright (C) Simo Sorce 2005
6 ** NOTE! The following LGPL license applies to the ldb
7 ** library. This does NOT imply that all of Samba is released
10 This library is free software; you can redistribute it and/or
11 modify it under the terms of the GNU Lesser General Public
12 License as published by the Free Software Foundation; either
13 version 3 of the License, or (at your option) any later version.
15 This library is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 Lesser General Public License for more details.
20 You should have received a copy of the GNU Lesser General Public
21 License along with this library; if not, see <http://www.gnu.org/licenses/>.
27 * Component: ldb dn creation and manipulation utility functions
29 * Description: - explode a dn into it's own basic elements
30 * and put them in a structure (only if necessary)
31 * - manipulate ldb_dn structures
36 #include "ldb_private.h"
39 #define LDB_DN_NULL_FAILED(x) if (!(x)) goto failed
41 #define LDB_FREE(x) do { talloc_free(x); x = NULL; } while(0)
44 internal ldb exploded dn structures
46 struct ldb_dn_component {
52 struct ldb_val cf_value;
55 struct ldb_dn_ext_component {
63 struct ldb_context *ldb;
65 /* Special DNs are always linearized */
75 unsigned int comp_num;
76 struct ldb_dn_component *components;
78 unsigned int ext_comp_num;
79 struct ldb_dn_ext_component *ext_components;
82 /* it is helpful to be able to break on this in gdb */
83 static void ldb_dn_mark_invalid(struct ldb_dn *dn)
88 /* strdn may be NULL */
89 struct ldb_dn *ldb_dn_from_ldb_val(TALLOC_CTX *mem_ctx,
90 struct ldb_context *ldb,
91 const struct ldb_val *strdn)
95 if (! ldb) return NULL;
97 if (strdn && strdn->data
98 && (strnlen((const char*)strdn->data, strdn->length) != strdn->length)) {
99 /* The RDN must not contain a character with value 0x0 */
103 dn = talloc_zero(mem_ctx, struct ldb_dn);
104 LDB_DN_NULL_FAILED(dn);
106 dn->ldb = talloc_get_type(ldb, struct ldb_context);
107 if (dn->ldb == NULL) {
108 /* the caller probably got the arguments to
109 ldb_dn_new() mixed up */
114 if (strdn->data && strdn->length) {
115 const char *data = (const char *)strdn->data;
116 size_t length = strdn->length;
118 if (data[0] == '@') {
121 dn->ext_linearized = talloc_strndup(dn, data, length);
122 LDB_DN_NULL_FAILED(dn->ext_linearized);
124 if (data[0] == '<') {
125 const char *p_save, *p = dn->ext_linearized;
134 if (p_save == dn->ext_linearized) {
135 dn->linearized = talloc_strdup(dn, "");
137 dn->linearized = talloc_strdup(dn, p_save);
139 LDB_DN_NULL_FAILED(dn->linearized);
141 dn->linearized = dn->ext_linearized;
142 dn->ext_linearized = NULL;
145 dn->linearized = talloc_strdup(dn, "");
146 LDB_DN_NULL_FAILED(dn->linearized);
156 /* strdn may be NULL */
157 struct ldb_dn *ldb_dn_new(TALLOC_CTX *mem_ctx,
158 struct ldb_context *ldb,
162 blob.data = discard_const_p(uint8_t, strdn);
163 blob.length = strdn ? strlen(strdn) : 0;
164 return ldb_dn_from_ldb_val(mem_ctx, ldb, &blob);
167 struct ldb_dn *ldb_dn_new_fmt(TALLOC_CTX *mem_ctx,
168 struct ldb_context *ldb,
169 const char *new_fmt, ...)
174 if ( (! mem_ctx) || (! ldb)) return NULL;
176 va_start(ap, new_fmt);
177 strdn = talloc_vasprintf(mem_ctx, new_fmt, ap);
181 struct ldb_dn *dn = ldb_dn_new(mem_ctx, ldb, strdn);
189 /* see RFC2253 section 2.4 */
190 static int ldb_dn_escape_internal(char *dst, const char *src, int len)
197 for (i = 0; i < len; i++){
201 if (i == 0 || i == len - 1) {
202 /* if at the beginning or end
203 * of the string then escape */
207 /* otherwise don't escape */
213 /* despite the RFC, windows escapes a #
214 anywhere in the string */
222 /* these must be escaped using \c form */
232 /* any others get \XX form */
234 const char *hexbytes = "0123456789ABCDEF";
235 v = (const unsigned char)c;
237 *d++ = hexbytes[v>>4];
238 *d++ = hexbytes[v&0xF];
246 /* return the length of the resulting string */
250 char *ldb_dn_escape_value(TALLOC_CTX *mem_ctx, struct ldb_val value)
257 /* allocate destination string, it will be at most 3 times the source */
258 dst = talloc_array(mem_ctx, char, value.length * 3 + 1);
264 len = ldb_dn_escape_internal(dst, (const char *)value.data, value.length);
266 dst = talloc_realloc(mem_ctx, dst, char, len + 1);
276 explode a DN string into a ldb_dn structure
277 based on RFC4514 except that we don't support multiple valued RDNs
279 TODO: according to MS-ADTS:3.1.1.5.2 Naming Constraints
280 DN must be compliant with RFC2253
282 static bool ldb_dn_explode(struct ldb_dn *dn)
284 char *p, *ex_name = NULL, *ex_value = NULL, *data, *d, *dt, *t;
286 bool in_extended = true;
287 bool in_ex_name = false;
288 bool in_ex_value = false;
289 bool in_attr = false;
290 bool in_value = false;
291 bool in_quote = false;
300 if ( ! dn || dn->invalid) return false;
302 if (dn->components) {
306 if (dn->ext_linearized) {
307 parse_dn = dn->ext_linearized;
309 parse_dn = dn->linearized;
316 is_index = (strncmp(parse_dn, "DN=@INDEX:", 10) == 0);
319 if (parse_dn[0] == '\0') {
323 /* Special DNs case */
328 /* make sure we free this if allocated previously before replacing */
329 LDB_FREE(dn->components);
332 LDB_FREE(dn->ext_components);
333 dn->ext_comp_num = 0;
335 /* in the common case we have 3 or more components */
336 /* make sure all components are zeroed, other functions depend on it */
337 dn->components = talloc_zero_array(dn, struct ldb_dn_component, 3);
338 if ( ! dn->components) {
342 /* Components data space is allocated here once */
343 data = talloc_array(dn->components, char, strlen(parse_dn) + 1);
355 if (!in_ex_name && !in_ex_value) {
362 } else if (p[0] == '\0') {
374 if (in_ex_name && *p == '=') {
383 if (in_ex_value && *p == '>') {
384 const struct ldb_dn_extended_syntax *ext_syntax;
385 struct ldb_val ex_val = {
386 .data = (uint8_t *)ex_value,
387 .length = d - ex_value
394 /* Process name and ex_value */
396 dn->ext_components = talloc_realloc(dn,
398 struct ldb_dn_ext_component,
399 dn->ext_comp_num + 1);
400 if ( ! dn->ext_components) {
405 ext_syntax = ldb_dn_extended_syntax_by_name(dn->ldb, ex_name);
407 /* We don't know about this type of extended DN */
411 dn->ext_components[dn->ext_comp_num].name = talloc_strdup(dn->ext_components, ex_name);
412 if (!dn->ext_components[dn->ext_comp_num].name) {
416 ret = ext_syntax->read_fn(dn->ldb, dn->ext_components,
417 &ex_val, &dn->ext_components[dn->ext_comp_num].value);
418 if (ret != LDB_SUCCESS) {
419 ldb_dn_mark_invalid(dn);
426 /* We have reached the end (extended component only)! */
430 } else if (*p == ';') {
434 ldb_dn_mark_invalid(dn);
453 /* attr names must be ascii only */
454 ldb_dn_mark_invalid(dn);
461 if ( ! isalpha(*p)) {
462 /* not a digit nor an alpha,
463 * invalid attribute name */
464 ldb_dn_mark_invalid(dn);
468 /* Copy this character across from parse_dn,
469 * now we have trimmed out spaces */
476 /* valid only if we are at the end */
481 if (trim && (*p != '=')) {
482 /* spaces/tabs are not allowed */
483 ldb_dn_mark_invalid(dn);
488 /* attribute terminated */
494 /* Terminate this string in d
495 * (which is a copy of parse_dn
496 * with spaces trimmed) */
498 dn->components[dn->comp_num].name = talloc_strdup(dn->components, dt);
499 if ( ! dn->components[dn->comp_num].name) {
511 /* attr names must be ascii only */
512 ldb_dn_mark_invalid(dn);
516 if (is_oid && ( ! (isdigit(*p) || (*p == '.')))) {
517 /* not a digit nor a dot,
518 * invalid attribute oid */
519 ldb_dn_mark_invalid(dn);
522 if ( ! (isalpha(*p) || isdigit(*p) || (*p == '-'))) {
523 /* not ALPHA, DIGIT or HYPHEN */
524 ldb_dn_mark_invalid(dn);
564 /* TODO: support ber encoded values
575 /* ok found value terminator */
589 dn->components[dn->comp_num].value.data = \
590 (uint8_t *)talloc_memdup(dn->components, dt, l + 1);
591 dn->components[dn->comp_num].value.length = l;
592 if ( ! dn->components[dn->comp_num].value.data) {
596 talloc_set_name_const(dn->components[dn->comp_num].value.data,
597 (const char *)dn->components[dn->comp_num].value.data);
602 if (dn->comp_num > 2) {
603 dn->components = talloc_realloc(dn,
605 struct ldb_dn_component,
607 if ( ! dn->components) {
611 /* make sure all components are zeroed, other functions depend on this */
612 memset(&dn->components[dn->comp_num], '\0', sizeof(struct ldb_dn_component));
619 /* to main compatibility with earlier
620 versions of ldb indexing, we have to
621 accept the base64 encoded binary index
622 values, which contain a '+' or '='
623 which should normally be escaped */
635 /* a string with not escaped specials is invalid (tested) */
637 ldb_dn_mark_invalid(dn);
664 if (isxdigit(p[0]) && isxdigit(p[1])) {
665 if (sscanf(p, "%02x", &x) != 1) {
666 /* invalid escaping sequence */
667 ldb_dn_mark_invalid(dn);
671 *d++ = (unsigned char)x;
697 if (in_attr || in_quote) {
699 ldb_dn_mark_invalid(dn);
703 /* save last element */
711 dn->components[dn->comp_num].value.length = l;
712 dn->components[dn->comp_num].value.data =
713 (uint8_t *)talloc_memdup(dn->components, dt, l + 1);
714 if ( ! dn->components[dn->comp_num].value.data) {
718 talloc_set_name_const(dn->components[dn->comp_num].value.data,
719 (const char *)dn->components[dn->comp_num].value.data);
727 LDB_FREE(dn->components); /* "data" is implicitly free'd */
729 LDB_FREE(dn->ext_components);
730 dn->ext_comp_num = 0;
735 bool ldb_dn_validate(struct ldb_dn *dn)
737 return ldb_dn_explode(dn);
740 const char *ldb_dn_get_linearized(struct ldb_dn *dn)
746 if ( ! dn || ( dn->invalid)) return NULL;
748 if (dn->linearized) return dn->linearized;
750 if ( ! dn->components) {
751 ldb_dn_mark_invalid(dn);
755 if (dn->comp_num == 0) {
756 dn->linearized = talloc_strdup(dn, "");
757 if ( ! dn->linearized) return NULL;
758 return dn->linearized;
761 /* calculate maximum possible length of DN */
762 for (len = 0, i = 0; i < dn->comp_num; i++) {
764 len += strlen(dn->components[i].name);
765 /* max escaped data len */
766 len += (dn->components[i].value.length * 3);
767 len += 2; /* '=' and ',' */
769 dn->linearized = talloc_array(dn, char, len);
770 if ( ! dn->linearized) return NULL;
774 for (i = 0; i < dn->comp_num; i++) {
777 n = dn->components[i].name;
778 while (*n) *d++ = *n++;
783 d += ldb_dn_escape_internal( d,
784 (char *)dn->components[i].value.data,
785 dn->components[i].value.length);
791 /* don't waste more memory than necessary */
792 dn->linearized = talloc_realloc(dn, dn->linearized,
793 char, (d - dn->linearized + 1));
795 return dn->linearized;
798 static int ldb_dn_extended_component_compare(const void *p1, const void *p2)
800 const struct ldb_dn_ext_component *ec1 = (const struct ldb_dn_ext_component *)p1;
801 const struct ldb_dn_ext_component *ec2 = (const struct ldb_dn_ext_component *)p2;
802 return strcmp(ec1->name, ec2->name);
805 char *ldb_dn_get_extended_linearized(TALLOC_CTX *mem_ctx, struct ldb_dn *dn, int mode)
807 const char *linearized = ldb_dn_get_linearized(dn);
815 if (!ldb_dn_has_extended(dn)) {
816 return talloc_strdup(mem_ctx, linearized);
819 if (!ldb_dn_validate(dn)) {
823 /* sort the extended components by name. The idea is to make
824 * the resulting DNs consistent, plus to ensure that we put
825 * 'DELETED' first, so it can be very quickly recognised
827 TYPESAFE_QSORT(dn->ext_components, dn->ext_comp_num,
828 ldb_dn_extended_component_compare);
830 for (i = 0; i < dn->ext_comp_num; i++) {
831 const struct ldb_dn_extended_syntax *ext_syntax;
832 const char *name = dn->ext_components[i].name;
833 struct ldb_val ec_val = dn->ext_components[i].value;
837 ext_syntax = ldb_dn_extended_syntax_by_name(dn->ldb, name);
843 ret = ext_syntax->write_clear_fn(dn->ldb, mem_ctx,
845 } else if (mode == 0) {
846 ret = ext_syntax->write_hex_fn(dn->ldb, mem_ctx,
852 if (ret != LDB_SUCCESS) {
857 p = talloc_asprintf(mem_ctx, "<%s=%s>",
860 p = talloc_asprintf_append_buffer(p, ";<%s=%s>",
864 talloc_free(val.data);
871 if (dn->ext_comp_num && *linearized) {
872 p = talloc_asprintf_append_buffer(p, ";%s", linearized);
883 filter out all but an acceptable list of extended DN components
885 void ldb_dn_extended_filter(struct ldb_dn *dn, const char * const *accept_list)
888 for (i=0; i<dn->ext_comp_num; i++) {
889 if (!ldb_attr_in_list(accept_list, dn->ext_components[i].name)) {
890 memmove(&dn->ext_components[i],
891 &dn->ext_components[i+1],
892 (dn->ext_comp_num-(i+1))*sizeof(dn->ext_components[0]));
897 LDB_FREE(dn->ext_linearized);
901 char *ldb_dn_alloc_linearized(TALLOC_CTX *mem_ctx, struct ldb_dn *dn)
903 return talloc_strdup(mem_ctx, ldb_dn_get_linearized(dn));
907 casefold a dn. We need to casefold the attribute names, and canonicalize
908 attribute values of case insensitive attributes.
911 static bool ldb_dn_casefold_internal(struct ldb_dn *dn)
916 if ( ! dn || dn->invalid) return false;
918 if (dn->valid_case) return true;
920 if (( ! dn->components) && ( ! ldb_dn_explode(dn))) {
924 for (i = 0; i < dn->comp_num; i++) {
925 const struct ldb_schema_attribute *a;
927 dn->components[i].cf_name =
928 ldb_attr_casefold(dn->components,
929 dn->components[i].name);
930 if (!dn->components[i].cf_name) {
934 a = ldb_schema_attribute_by_name(dn->ldb,
935 dn->components[i].cf_name);
937 ret = a->syntax->canonicalise_fn(dn->ldb, dn->components,
938 &(dn->components[i].value),
939 &(dn->components[i].cf_value));
945 dn->valid_case = true;
950 for (i = 0; i < dn->comp_num; i++) {
951 LDB_FREE(dn->components[i].cf_name);
952 LDB_FREE(dn->components[i].cf_value.data);
957 const char *ldb_dn_get_casefold(struct ldb_dn *dn)
963 if (dn->casefold) return dn->casefold;
966 dn->casefold = talloc_strdup(dn, dn->linearized);
967 if (!dn->casefold) return NULL;
968 dn->valid_case = true;
972 if ( ! ldb_dn_casefold_internal(dn)) {
976 if (dn->comp_num == 0) {
977 dn->casefold = talloc_strdup(dn, "");
981 /* calculate maximum possible length of DN */
982 for (len = 0, i = 0; i < dn->comp_num; i++) {
984 len += strlen(dn->components[i].cf_name);
985 /* max escaped data len */
986 len += (dn->components[i].cf_value.length * 3);
987 len += 2; /* '=' and ',' */
989 dn->casefold = talloc_array(dn, char, len);
990 if ( ! dn->casefold) return NULL;
994 for (i = 0; i < dn->comp_num; i++) {
997 n = dn->components[i].cf_name;
998 while (*n) *d++ = *n++;
1003 d += ldb_dn_escape_internal( d,
1004 (char *)dn->components[i].cf_value.data,
1005 dn->components[i].cf_value.length);
1010 /* don't waste more memory than necessary */
1011 dn->casefold = talloc_realloc(dn, dn->casefold,
1012 char, strlen(dn->casefold) + 1);
1014 return dn->casefold;
1017 char *ldb_dn_alloc_casefold(TALLOC_CTX *mem_ctx, struct ldb_dn *dn)
1019 return talloc_strdup(mem_ctx, ldb_dn_get_casefold(dn));
1022 /* Determine if dn is below base, in the ldap tree. Used for
1023 * evaluating a subtree search.
1024 * 0 if they match, otherwise non-zero
1027 int ldb_dn_compare_base(struct ldb_dn *base, struct ldb_dn *dn)
1030 unsigned int n_base, n_dn;
1032 if ( ! base || base->invalid) return 1;
1033 if ( ! dn || dn->invalid) return -1;
1035 if (( ! base->valid_case) || ( ! dn->valid_case)) {
1036 if (base->linearized && dn->linearized && dn->special == base->special) {
1037 /* try with a normal compare first, if we are lucky
1038 * we will avoid exploding and casfolding */
1040 dif = strlen(dn->linearized) - strlen(base->linearized);
1044 if (strcmp(base->linearized,
1045 &dn->linearized[dif]) == 0) {
1050 if ( ! ldb_dn_casefold_internal(base)) {
1054 if ( ! ldb_dn_casefold_internal(dn)) {
1060 /* if base has more components,
1061 * they don't have the same base */
1062 if (base->comp_num > dn->comp_num) {
1063 return (dn->comp_num - base->comp_num);
1066 if ((dn->comp_num == 0) || (base->comp_num == 0)) {
1067 if (dn->special && base->special) {
1068 return strcmp(base->linearized, dn->linearized);
1069 } else if (dn->special) {
1071 } else if (base->special) {
1078 n_base = base->comp_num - 1;
1079 n_dn = dn->comp_num - 1;
1081 while (n_base != (unsigned int) -1) {
1082 char *b_name = base->components[n_base].cf_name;
1083 char *dn_name = dn->components[n_dn].cf_name;
1085 char *b_vdata = (char *)base->components[n_base].cf_value.data;
1086 char *dn_vdata = (char *)dn->components[n_dn].cf_value.data;
1088 size_t b_vlen = base->components[n_base].cf_value.length;
1089 size_t dn_vlen = dn->components[n_dn].cf_value.length;
1091 /* compare attr names */
1092 ret = strcmp(b_name, dn_name);
1093 if (ret != 0) return ret;
1095 /* compare attr.cf_value. */
1096 if (b_vlen != dn_vlen) {
1097 return b_vlen - dn_vlen;
1099 ret = strncmp(b_vdata, dn_vdata, b_vlen);
1100 if (ret != 0) return ret;
1109 /* compare DNs using casefolding compare functions.
1111 If they match, then return 0
1114 int ldb_dn_compare(struct ldb_dn *dn0, struct ldb_dn *dn1)
1119 if (( ! dn0) || dn0->invalid || ! dn1 || dn1->invalid) {
1123 if (( ! dn0->valid_case) || ( ! dn1->valid_case)) {
1124 if (dn0->linearized && dn1->linearized) {
1125 /* try with a normal compare first, if we are lucky
1126 * we will avoid exploding and casfolding */
1127 if (strcmp(dn0->linearized, dn1->linearized) == 0) {
1132 if ( ! ldb_dn_casefold_internal(dn0)) {
1136 if ( ! ldb_dn_casefold_internal(dn1)) {
1142 if (dn0->comp_num != dn1->comp_num) {
1143 return (dn1->comp_num - dn0->comp_num);
1146 if (dn0->comp_num == 0) {
1147 if (dn0->special && dn1->special) {
1148 return strcmp(dn0->linearized, dn1->linearized);
1149 } else if (dn0->special) {
1151 } else if (dn1->special) {
1158 for (i = 0; i < dn0->comp_num; i++) {
1159 char *dn0_name = dn0->components[i].cf_name;
1160 char *dn1_name = dn1->components[i].cf_name;
1162 char *dn0_vdata = (char *)dn0->components[i].cf_value.data;
1163 char *dn1_vdata = (char *)dn1->components[i].cf_value.data;
1165 size_t dn0_vlen = dn0->components[i].cf_value.length;
1166 size_t dn1_vlen = dn1->components[i].cf_value.length;
1168 /* compare attr names */
1169 ret = strcmp(dn0_name, dn1_name);
1174 /* compare attr.cf_value. */
1175 if (dn0_vlen != dn1_vlen) {
1176 return dn0_vlen - dn1_vlen;
1178 ret = strncmp(dn0_vdata, dn1_vdata, dn0_vlen);
1187 static struct ldb_dn_component ldb_dn_copy_component(
1188 TALLOC_CTX *mem_ctx,
1189 struct ldb_dn_component *src)
1191 struct ldb_dn_component dst;
1193 memset(&dst, 0, sizeof(dst));
1199 dst.value = ldb_val_dup(mem_ctx, &(src->value));
1200 if (dst.value.data == NULL) {
1204 dst.name = talloc_strdup(mem_ctx, src->name);
1205 if (dst.name == NULL) {
1206 LDB_FREE(dst.value.data);
1210 if (src->cf_value.data) {
1211 dst.cf_value = ldb_val_dup(mem_ctx, &(src->cf_value));
1212 if (dst.cf_value.data == NULL) {
1213 LDB_FREE(dst.value.data);
1218 dst.cf_name = talloc_strdup(mem_ctx, src->cf_name);
1219 if (dst.cf_name == NULL) {
1220 LDB_FREE(dst.cf_name);
1221 LDB_FREE(dst.value.data);
1226 dst.cf_value.data = NULL;
1233 static struct ldb_dn_ext_component ldb_dn_ext_copy_component(
1234 TALLOC_CTX *mem_ctx,
1235 struct ldb_dn_ext_component *src)
1237 struct ldb_dn_ext_component dst;
1239 memset(&dst, 0, sizeof(dst));
1245 dst.value = ldb_val_dup(mem_ctx, &(src->value));
1246 if (dst.value.data == NULL) {
1250 dst.name = talloc_strdup(mem_ctx, src->name);
1251 if (dst.name == NULL) {
1252 LDB_FREE(dst.value.data);
1259 struct ldb_dn *ldb_dn_copy(TALLOC_CTX *mem_ctx, struct ldb_dn *dn)
1261 struct ldb_dn *new_dn;
1263 if (!dn || dn->invalid) {
1267 new_dn = talloc_zero(mem_ctx, struct ldb_dn);
1274 if (dn->components) {
1277 new_dn->components =
1278 talloc_zero_array(new_dn,
1279 struct ldb_dn_component,
1281 if ( ! new_dn->components) {
1282 talloc_free(new_dn);
1286 for (i = 0; i < dn->comp_num; i++) {
1287 new_dn->components[i] =
1288 ldb_dn_copy_component(new_dn->components,
1289 &dn->components[i]);
1290 if ( ! new_dn->components[i].value.data) {
1291 talloc_free(new_dn);
1297 if (dn->ext_components) {
1300 new_dn->ext_components =
1301 talloc_zero_array(new_dn,
1302 struct ldb_dn_ext_component,
1304 if ( ! new_dn->ext_components) {
1305 talloc_free(new_dn);
1309 for (i = 0; i < dn->ext_comp_num; i++) {
1310 new_dn->ext_components[i] =
1311 ldb_dn_ext_copy_component(
1312 new_dn->ext_components,
1313 &dn->ext_components[i]);
1314 if ( ! new_dn->ext_components[i].value.data) {
1315 talloc_free(new_dn);
1322 new_dn->casefold = talloc_strdup(new_dn, dn->casefold);
1323 if ( ! new_dn->casefold) {
1324 talloc_free(new_dn);
1329 if (dn->linearized) {
1330 new_dn->linearized = talloc_strdup(new_dn, dn->linearized);
1331 if ( ! new_dn->linearized) {
1332 talloc_free(new_dn);
1337 if (dn->ext_linearized) {
1338 new_dn->ext_linearized = talloc_strdup(new_dn,
1339 dn->ext_linearized);
1340 if ( ! new_dn->ext_linearized) {
1341 talloc_free(new_dn);
1349 /* modify the given dn by adding a base.
1351 * return true if successful and false if not
1352 * if false is returned the dn may be marked invalid
1354 bool ldb_dn_add_base(struct ldb_dn *dn, struct ldb_dn *base)
1359 if ( !base || base->invalid || !dn || dn->invalid) {
1363 if (dn->components) {
1366 if ( ! ldb_dn_validate(base)) {
1371 if (dn->valid_case) {
1372 if ( ! (s = ldb_dn_get_casefold(base))) {
1377 dn->components = talloc_realloc(dn,
1379 struct ldb_dn_component,
1380 dn->comp_num + base->comp_num);
1381 if ( ! dn->components) {
1382 ldb_dn_mark_invalid(dn);
1386 for (i = 0; i < base->comp_num; dn->comp_num++, i++) {
1387 dn->components[dn->comp_num] =
1388 ldb_dn_copy_component(dn->components,
1389 &base->components[i]);
1390 if (dn->components[dn->comp_num].value.data == NULL) {
1391 ldb_dn_mark_invalid(dn);
1396 if (dn->casefold && s) {
1397 if (*dn->casefold) {
1398 t = talloc_asprintf(dn, "%s,%s",
1401 t = talloc_strdup(dn, s);
1403 LDB_FREE(dn->casefold);
1408 if (dn->linearized) {
1410 s = ldb_dn_get_linearized(base);
1415 if (*dn->linearized) {
1416 t = talloc_asprintf(dn, "%s,%s",
1419 t = talloc_strdup(dn, s);
1422 ldb_dn_mark_invalid(dn);
1425 LDB_FREE(dn->linearized);
1429 /* Wipe the ext_linearized DN,
1430 * the GUID and SID are almost certainly no longer valid */
1431 LDB_FREE(dn->ext_linearized);
1432 LDB_FREE(dn->ext_components);
1433 dn->ext_comp_num = 0;
1438 /* modify the given dn by adding a base.
1440 * return true if successful and false if not
1441 * if false is returned the dn may be marked invalid
1443 bool ldb_dn_add_base_fmt(struct ldb_dn *dn, const char *base_fmt, ...)
1445 struct ldb_dn *base;
1450 if ( !dn || dn->invalid) {
1454 va_start(ap, base_fmt);
1455 base_str = talloc_vasprintf(dn, base_fmt, ap);
1458 if (base_str == NULL) {
1462 base = ldb_dn_new(base_str, dn->ldb, base_str);
1464 ret = ldb_dn_add_base(dn, base);
1466 talloc_free(base_str);
1471 /* modify the given dn by adding children elements.
1473 * return true if successful and false if not
1474 * if false is returned the dn may be marked invalid
1476 bool ldb_dn_add_child(struct ldb_dn *dn, struct ldb_dn *child)
1481 if ( !child || child->invalid || !dn || dn->invalid) {
1485 if (dn->components) {
1489 if (dn->comp_num == 0) {
1493 if ( ! ldb_dn_validate(child)) {
1498 if (dn->valid_case) {
1499 if ( ! (s = ldb_dn_get_casefold(child))) {
1504 n = dn->comp_num + child->comp_num;
1506 dn->components = talloc_realloc(dn,
1508 struct ldb_dn_component,
1510 if ( ! dn->components) {
1511 ldb_dn_mark_invalid(dn);
1515 for (i = dn->comp_num - 1, j = n - 1; i != (unsigned int) -1;
1517 dn->components[j] = dn->components[i];
1520 for (i = 0; i < child->comp_num; i++) {
1522 ldb_dn_copy_component(dn->components,
1523 &child->components[i]);
1524 if (dn->components[i].value.data == NULL) {
1525 ldb_dn_mark_invalid(dn);
1532 if (dn->casefold && s) {
1533 t = talloc_asprintf(dn, "%s,%s", s, dn->casefold);
1534 LDB_FREE(dn->casefold);
1539 if (dn->linearized) {
1540 if (dn->linearized[0] == '\0') {
1544 s = ldb_dn_get_linearized(child);
1549 t = talloc_asprintf(dn, "%s,%s", s, dn->linearized);
1551 ldb_dn_mark_invalid(dn);
1554 LDB_FREE(dn->linearized);
1558 /* Wipe the ext_linearized DN,
1559 * the GUID and SID are almost certainly no longer valid */
1560 LDB_FREE(dn->ext_linearized);
1561 LDB_FREE(dn->ext_components);
1562 dn->ext_comp_num = 0;
1567 /* modify the given dn by adding children elements.
1569 * return true if successful and false if not
1570 * if false is returned the dn may be marked invalid
1572 bool ldb_dn_add_child_fmt(struct ldb_dn *dn, const char *child_fmt, ...)
1574 struct ldb_dn *child;
1579 if ( !dn || dn->invalid) {
1583 va_start(ap, child_fmt);
1584 child_str = talloc_vasprintf(dn, child_fmt, ap);
1587 if (child_str == NULL) {
1591 child = ldb_dn_new(child_str, dn->ldb, child_str);
1593 ret = ldb_dn_add_child(dn, child);
1595 talloc_free(child_str);
1600 bool ldb_dn_remove_base_components(struct ldb_dn *dn, unsigned int num)
1604 if ( ! ldb_dn_validate(dn)) {
1608 if (dn->comp_num < num) {
1612 /* free components */
1613 for (i = dn->comp_num - num; i < dn->comp_num; i++) {
1614 LDB_FREE(dn->components[i].name);
1615 LDB_FREE(dn->components[i].value.data);
1616 LDB_FREE(dn->components[i].cf_name);
1617 LDB_FREE(dn->components[i].cf_value.data);
1620 dn->comp_num -= num;
1622 if (dn->valid_case) {
1623 for (i = 0; i < dn->comp_num; i++) {
1624 LDB_FREE(dn->components[i].cf_name);
1625 LDB_FREE(dn->components[i].cf_value.data);
1627 dn->valid_case = false;
1630 LDB_FREE(dn->casefold);
1631 LDB_FREE(dn->linearized);
1633 /* Wipe the ext_linearized DN,
1634 * the GUID and SID are almost certainly no longer valid */
1635 LDB_FREE(dn->ext_linearized);
1636 LDB_FREE(dn->ext_components);
1637 dn->ext_comp_num = 0;
1642 bool ldb_dn_remove_child_components(struct ldb_dn *dn, unsigned int num)
1646 if ( ! ldb_dn_validate(dn)) {
1650 if (dn->comp_num < num) {
1654 for (i = 0, j = num; j < dn->comp_num; i++, j++) {
1656 LDB_FREE(dn->components[i].name);
1657 LDB_FREE(dn->components[i].value.data);
1658 LDB_FREE(dn->components[i].cf_name);
1659 LDB_FREE(dn->components[i].cf_value.data);
1661 dn->components[i] = dn->components[j];
1664 dn->comp_num -= num;
1666 if (dn->valid_case) {
1667 for (i = 0; i < dn->comp_num; i++) {
1668 LDB_FREE(dn->components[i].cf_name);
1669 LDB_FREE(dn->components[i].cf_value.data);
1671 dn->valid_case = false;
1674 LDB_FREE(dn->casefold);
1675 LDB_FREE(dn->linearized);
1677 /* Wipe the ext_linearized DN,
1678 * the GUID and SID are almost certainly no longer valid */
1679 LDB_FREE(dn->ext_linearized);
1680 LDB_FREE(dn->ext_components);
1681 dn->ext_comp_num = 0;
1687 /* replace the components of a DN with those from another DN, without
1688 * touching the extended components
1690 * return true if successful and false if not
1691 * if false is returned the dn may be marked invalid
1693 bool ldb_dn_replace_components(struct ldb_dn *dn, struct ldb_dn *new_dn)
1697 if ( ! ldb_dn_validate(dn) || ! ldb_dn_validate(new_dn)) {
1701 /* free components */
1702 for (i = 0; i < dn->comp_num; i++) {
1703 LDB_FREE(dn->components[i].name);
1704 LDB_FREE(dn->components[i].value.data);
1705 LDB_FREE(dn->components[i].cf_name);
1706 LDB_FREE(dn->components[i].cf_value.data);
1709 dn->components = talloc_realloc(dn,
1711 struct ldb_dn_component,
1713 if (dn->components == NULL) {
1714 ldb_dn_mark_invalid(dn);
1718 dn->comp_num = new_dn->comp_num;
1719 dn->valid_case = new_dn->valid_case;
1721 for (i = 0; i < dn->comp_num; i++) {
1722 dn->components[i] = ldb_dn_copy_component(dn->components, &new_dn->components[i]);
1723 if (dn->components[i].name == NULL) {
1724 ldb_dn_mark_invalid(dn);
1728 if (new_dn->linearized == NULL) {
1729 dn->linearized = NULL;
1731 dn->linearized = talloc_strdup(dn, new_dn->linearized);
1732 if (dn->linearized == NULL) {
1733 ldb_dn_mark_invalid(dn);
1742 struct ldb_dn *ldb_dn_get_parent(TALLOC_CTX *mem_ctx, struct ldb_dn *dn)
1744 struct ldb_dn *new_dn;
1746 new_dn = ldb_dn_copy(mem_ctx, dn);
1751 if ( ! ldb_dn_remove_child_components(new_dn, 1)) {
1752 talloc_free(new_dn);
1759 /* Create a 'canonical name' string from a DN:
1761 ie dc=samba,dc=org -> samba.org/
1762 uid=administrator,ou=users,dc=samba,dc=org = samba.org/users/administrator
1764 There are two formats,
1765 the EX format has the last '/' replaced with a newline (\n).
1768 static char *ldb_dn_canonical(TALLOC_CTX *mem_ctx, struct ldb_dn *dn, int ex_format) {
1771 char *cracked = NULL;
1772 const char *format = (ex_format ? "\n" : "/" );
1774 if ( ! ldb_dn_validate(dn)) {
1778 tmpctx = talloc_new(mem_ctx);
1780 /* Walk backwards down the DN, grabbing 'dc' components at first */
1781 for (i = dn->comp_num - 1; i != (unsigned int) -1; i--) {
1782 if (ldb_attr_cmp(dn->components[i].name, "dc") != 0) {
1786 cracked = talloc_asprintf(tmpctx, "%s.%s",
1787 ldb_dn_escape_value(tmpctx,
1788 dn->components[i].value),
1791 cracked = ldb_dn_escape_value(tmpctx,
1792 dn->components[i].value);
1799 /* Only domain components? Finish here */
1800 if (i == (unsigned int) -1) {
1801 cracked = talloc_strdup_append_buffer(cracked, format);
1802 talloc_steal(mem_ctx, cracked);
1806 /* Now walk backwards appending remaining components */
1807 for (; i > 0; i--) {
1808 cracked = talloc_asprintf_append_buffer(cracked, "/%s",
1809 ldb_dn_escape_value(tmpctx,
1810 dn->components[i].value));
1816 /* Last one, possibly a newline for the 'ex' format */
1817 cracked = talloc_asprintf_append_buffer(cracked, "%s%s", format,
1818 ldb_dn_escape_value(tmpctx,
1819 dn->components[i].value));
1821 talloc_steal(mem_ctx, cracked);
1823 talloc_free(tmpctx);
1827 /* Wrapper functions for the above, for the two different string formats */
1828 char *ldb_dn_canonical_string(TALLOC_CTX *mem_ctx, struct ldb_dn *dn) {
1829 return ldb_dn_canonical(mem_ctx, dn, 0);
1833 char *ldb_dn_canonical_ex_string(TALLOC_CTX *mem_ctx, struct ldb_dn *dn) {
1834 return ldb_dn_canonical(mem_ctx, dn, 1);
1837 int ldb_dn_get_comp_num(struct ldb_dn *dn)
1839 if ( ! ldb_dn_validate(dn)) {
1842 return dn->comp_num;
1845 int ldb_dn_get_extended_comp_num(struct ldb_dn *dn)
1847 if ( ! ldb_dn_validate(dn)) {
1850 return dn->ext_comp_num;
1853 const char *ldb_dn_get_component_name(struct ldb_dn *dn, unsigned int num)
1855 if ( ! ldb_dn_validate(dn)) {
1858 if (num >= dn->comp_num) return NULL;
1859 return dn->components[num].name;
1862 const struct ldb_val *ldb_dn_get_component_val(struct ldb_dn *dn,
1865 if ( ! ldb_dn_validate(dn)) {
1868 if (num >= dn->comp_num) return NULL;
1869 return &dn->components[num].value;
1872 const char *ldb_dn_get_rdn_name(struct ldb_dn *dn)
1874 if ( ! ldb_dn_validate(dn)) {
1877 if (dn->comp_num == 0) return NULL;
1878 return dn->components[0].name;
1881 const struct ldb_val *ldb_dn_get_rdn_val(struct ldb_dn *dn)
1883 if ( ! ldb_dn_validate(dn)) {
1886 if (dn->comp_num == 0) return NULL;
1887 return &dn->components[0].value;
1890 int ldb_dn_set_component(struct ldb_dn *dn, int num,
1891 const char *name, const struct ldb_val val)
1896 if ( ! ldb_dn_validate(dn)) {
1897 return LDB_ERR_OTHER;
1900 if (num >= dn->comp_num) {
1901 return LDB_ERR_OTHER;
1904 n = talloc_strdup(dn, name);
1906 return LDB_ERR_OTHER;
1909 v.length = val.length;
1910 v.data = (uint8_t *)talloc_memdup(dn, val.data, v.length+1);
1913 return LDB_ERR_OTHER;
1916 talloc_free(dn->components[num].name);
1917 talloc_free(dn->components[num].value.data);
1918 dn->components[num].name = n;
1919 dn->components[num].value = v;
1921 if (dn->valid_case) {
1923 for (i = 0; i < dn->comp_num; i++) {
1924 LDB_FREE(dn->components[i].cf_name);
1925 LDB_FREE(dn->components[i].cf_value.data);
1927 dn->valid_case = false;
1929 LDB_FREE(dn->casefold);
1930 LDB_FREE(dn->linearized);
1932 /* Wipe the ext_linearized DN,
1933 * the GUID and SID are almost certainly no longer valid */
1934 LDB_FREE(dn->ext_linearized);
1935 LDB_FREE(dn->ext_components);
1936 dn->ext_comp_num = 0;
1941 const struct ldb_val *ldb_dn_get_extended_component(struct ldb_dn *dn,
1945 if ( ! ldb_dn_validate(dn)) {
1948 for (i=0; i < dn->ext_comp_num; i++) {
1949 if (ldb_attr_cmp(dn->ext_components[i].name, name) == 0) {
1950 return &dn->ext_components[i].value;
1956 int ldb_dn_set_extended_component(struct ldb_dn *dn,
1957 const char *name, const struct ldb_val *val)
1959 struct ldb_dn_ext_component *p;
1963 if ( ! ldb_dn_validate(dn)) {
1964 return LDB_ERR_OTHER;
1967 if (!ldb_dn_extended_syntax_by_name(dn->ldb, name)) {
1968 /* We don't know how to handle this type of thing */
1969 return LDB_ERR_INVALID_DN_SYNTAX;
1972 for (i=0; i < dn->ext_comp_num; i++) {
1973 if (ldb_attr_cmp(dn->ext_components[i].name, name) == 0) {
1975 dn->ext_components[i].value =
1976 ldb_val_dup(dn->ext_components, val);
1978 dn->ext_components[i].name =
1979 talloc_strdup(dn->ext_components, name);
1980 if (!dn->ext_components[i].name ||
1981 !dn->ext_components[i].value.data) {
1982 ldb_dn_mark_invalid(dn);
1983 return LDB_ERR_OPERATIONS_ERROR;
1986 if (i != (dn->ext_comp_num - 1)) {
1987 memmove(&dn->ext_components[i],
1988 &dn->ext_components[i+1],
1989 ((dn->ext_comp_num-1) - i) *
1990 sizeof(*dn->ext_components));
1994 dn->ext_components = talloc_realloc(dn,
1996 struct ldb_dn_ext_component,
1998 if (!dn->ext_components) {
1999 ldb_dn_mark_invalid(dn);
2000 return LDB_ERR_OPERATIONS_ERROR;
2003 LDB_FREE(dn->ext_linearized);
2010 /* removing a value that doesn't exist is not an error */
2016 p = dn->ext_components
2017 = talloc_realloc(dn,
2019 struct ldb_dn_ext_component,
2020 dn->ext_comp_num + 1);
2021 if (!dn->ext_components) {
2022 ldb_dn_mark_invalid(dn);
2023 return LDB_ERR_OPERATIONS_ERROR;
2026 p[dn->ext_comp_num].value = ldb_val_dup(dn->ext_components, &v2);
2027 p[dn->ext_comp_num].name = talloc_strdup(p, name);
2029 if (!dn->ext_components[i].name || !dn->ext_components[i].value.data) {
2030 ldb_dn_mark_invalid(dn);
2031 return LDB_ERR_OPERATIONS_ERROR;
2033 dn->ext_components = p;
2036 LDB_FREE(dn->ext_linearized);
2041 void ldb_dn_remove_extended_components(struct ldb_dn *dn)
2043 LDB_FREE(dn->ext_linearized);
2044 LDB_FREE(dn->ext_components);
2045 dn->ext_comp_num = 0;
2048 bool ldb_dn_is_valid(struct ldb_dn *dn)
2050 if ( ! dn) return false;
2051 return ! dn->invalid;
2054 bool ldb_dn_is_special(struct ldb_dn *dn)
2056 if ( ! dn || dn->invalid) return false;
2060 bool ldb_dn_has_extended(struct ldb_dn *dn)
2062 if ( ! dn || dn->invalid) return false;
2063 if (dn->ext_linearized && (dn->ext_linearized[0] == '<')) return true;
2064 return dn->ext_comp_num != 0;
2067 bool ldb_dn_check_special(struct ldb_dn *dn, const char *check)
2069 if ( ! dn || dn->invalid) return false;
2070 return ! strcmp(dn->linearized, check);
2073 bool ldb_dn_is_null(struct ldb_dn *dn)
2075 if ( ! dn || dn->invalid) return false;
2076 if (ldb_dn_has_extended(dn)) return false;
2077 if (dn->linearized && (dn->linearized[0] == '\0')) return true;
2082 this updates dn->components, taking the components from ref_dn.
2083 This is used by code that wants to update the DN path of a DN
2084 while not impacting on the extended DN components
2086 int ldb_dn_update_components(struct ldb_dn *dn, const struct ldb_dn *ref_dn)
2088 dn->components = talloc_realloc(dn, dn->components,
2089 struct ldb_dn_component, ref_dn->comp_num);
2090 if (!dn->components) {
2091 return LDB_ERR_OPERATIONS_ERROR;
2093 memcpy(dn->components, ref_dn->components,
2094 sizeof(struct ldb_dn_component)*ref_dn->comp_num);
2095 dn->comp_num = ref_dn->comp_num;
2097 LDB_FREE(dn->casefold);
2098 LDB_FREE(dn->linearized);
2099 LDB_FREE(dn->ext_linearized);
2105 minimise a DN. The caller must pass in a validated DN.
2107 If the DN has an extended component then only the first extended
2108 component is kept, the DN string is stripped.
2110 The existing dn is modified
2112 bool ldb_dn_minimise(struct ldb_dn *dn)
2116 if (!ldb_dn_validate(dn)) {
2119 if (dn->ext_comp_num == 0) {
2123 /* free components */
2124 for (i = 0; i < dn->comp_num; i++) {
2125 LDB_FREE(dn->components[i].name);
2126 LDB_FREE(dn->components[i].value.data);
2127 LDB_FREE(dn->components[i].cf_name);
2128 LDB_FREE(dn->components[i].cf_value.data);
2131 dn->valid_case = false;
2133 LDB_FREE(dn->casefold);
2134 LDB_FREE(dn->linearized);
2136 /* note that we don't free dn->components as this there are
2137 * several places in ldb_dn.c that rely on it being non-NULL
2138 * for an exploded DN
2141 for (i = 1; i < dn->ext_comp_num; i++) {
2142 LDB_FREE(dn->ext_components[i].name);
2143 LDB_FREE(dn->ext_components[i].value.data);
2145 dn->ext_comp_num = 1;
2147 dn->ext_components = talloc_realloc(dn, dn->ext_components, struct ldb_dn_ext_component, 1);
2148 if (dn->ext_components == NULL) {
2149 ldb_dn_mark_invalid(dn);
2153 LDB_FREE(dn->ext_linearized);
2158 struct ldb_context *ldb_dn_get_ldb_context(struct ldb_dn *dn)