git.samba.org / obnox / samba / samba-obnox.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
ldb-samba: Implement transitive extended matching
[obnox/samba/samba-obnox.git] / lib / ldb-samba / ldif_handlers.c
diff --git a/lib/ldb-samba/ldif_handlers.c b/lib/ldb-samba/ldif_handlers.c
index c7385f654a850e31fa9f5f9155e56e2ff63ff09d..ea62bf9ff43acab75de4edeae31566b5900b5d6a 100644 (file)
--- a/lib/ldb-samba/ldif_handlers.c
+++ b/lib/ldb-samba/ldif_handlers.c
@@ -483,8 +483,13 @@ static int ldif_canonicalise_objectCategory(struct ldb_context *ldb, void *mem_c
                const char *lDAPDisplayName = talloc_strndup(tmp_ctx, (char *)in->data, in->length);
                sclass = dsdb_class_by_lDAPDisplayName(schema, lDAPDisplayName);
                if (sclass) {
-                       struct ldb_dn *dn = ldb_dn_new(mem_ctx, ldb,  
+                       struct ldb_dn *dn = ldb_dn_new(tmp_ctx, ldb,
                                                       sclass->defaultObjectCategory);
+                       if (dn == NULL) {
+                               talloc_free(tmp_ctx);
+                               return LDB_ERR_OPERATIONS_ERROR;
+                       }
+
                        *out = data_blob_string_const(ldb_dn_alloc_casefold(mem_ctx, dn));
                        talloc_free(tmp_ctx);
 
@@ -954,6 +959,18 @@ static int ldif_write_trustAuthInOutBlob(struct ldb_context *ldb, void *mem_ctx,
                              true);
 }
 
+/*
+  convert a NDR formatted blob to a ldif formatted msDS-TrustForestTrustInfo
+*/
+static int ldif_write_ForestTrustInfo(struct ldb_context *ldb, void *mem_ctx,
+                                     const struct ldb_val *in, struct ldb_val *out)
+{
+       return ldif_write_NDR(ldb, mem_ctx, in, out,
+                             sizeof(struct ForestTrustInfo),
+                             (ndr_pull_flags_fn_t)ndr_pull_ForestTrustInfo,
+                             (ndr_print_fn_t)ndr_print_ForestTrustInfo,
+                             true);
+}
 /*
   convert a NDR formatted blob of a partialAttributeSet into text
 */
@@ -1326,6 +1343,13 @@ static const struct ldb_schema_syntax samba_syntaxes[] = {
                .canonicalise_fn  = ldb_handler_copy,
                .comparison_fn    = ldb_comparison_binary,
                .operator_fn      = samba_syntax_operator_fn
+       },{
+               .name             = LDB_SYNTAX_SAMBA_FORESTTRUSTINFO,
+               .ldif_read_fn     = ldb_handler_copy,
+               .ldif_write_fn    = ldif_write_ForestTrustInfo,
+               .canonicalise_fn  = ldb_handler_copy,
+               .comparison_fn    = ldb_comparison_binary,
+               .operator_fn      = samba_syntax_operator_fn
        },{
                .name             = DSDB_SYNTAX_BINARY_DN,
                .ldif_read_fn     = ldb_handler_copy,
@@ -1444,9 +1468,6 @@ static const struct {
        const char *name;
        const char *syntax;
 } samba_attributes[] = {
-       { "objectSid",                  LDB_SYNTAX_SAMBA_SID },
-       { "securityIdentifier",         LDB_SYNTAX_SAMBA_SID },
-       { "tokenGroups",                LDB_SYNTAX_SAMBA_SID },
        { "ntSecurityDescriptor",       LDB_SYNTAX_SAMBA_SECURITY_DESCRIPTOR },
        { "oMSyntax",                   LDB_SYNTAX_SAMBA_INT32 },
        { "objectCategory",             LDB_SYNTAX_SAMBA_OBJECT_CATEGORY },
@@ -1458,11 +1479,32 @@ static const struct {
        { "replUpToDateVector",         LDB_SYNTAX_SAMBA_REPLUPTODATEVECTOR },
        { "trustAuthIncoming",          LDB_SYNTAX_SAMBA_TRUSTAUTHINOUTBLOB },
        { "trustAuthOutgoing",          LDB_SYNTAX_SAMBA_TRUSTAUTHINOUTBLOB },
+       { "msDS-TrustForestTrustInfo",  LDB_SYNTAX_SAMBA_FORESTTRUSTINFO },
        { "rIDAllocationPool",          LDB_SYNTAX_SAMBA_RANGE64 },
        { "rIDPreviousAllocationPool",  LDB_SYNTAX_SAMBA_RANGE64 },
        { "rIDAvailablePool",           LDB_SYNTAX_SAMBA_RANGE64 },
        { "defaultSecurityDescriptor",  LDB_SYNTAX_SAMBA_SDDL_SECURITY_DESCRIPTOR },
 
+       /*
+        * these are extracted by searching
+        * (&(attributeSyntax=2.5.5.17)(omSyntax=4))
+        *
+        * Except: msAuthz-CentralAccessPolicyID as it might be a GUID see:
+        * adminDescription: For a Central Access Policy, this attribute defines a GUID t
+        * hat can be used to identify the set of policies when applied to a resource.
+        * Until we see a msAuthz-CentralAccessPolicyID value on a windows
+        * server, we ignore it here.
+        */
+       { "mS-DS-CreatorSID",           LDB_SYNTAX_SAMBA_SID },
+       { "msDS-QuotaTrustee",          LDB_SYNTAX_SAMBA_SID },
+       { "objectSid",                  LDB_SYNTAX_SAMBA_SID },
+       { "tokenGroups",                LDB_SYNTAX_SAMBA_SID },
+       { "tokenGroupsGlobalAndUniversal", LDB_SYNTAX_SAMBA_SID },
+       { "tokenGroupsNoGCAcceptable",  LDB_SYNTAX_SAMBA_SID },
+       { "securityIdentifier",         LDB_SYNTAX_SAMBA_SID },
+       { "sIDHistory",                 LDB_SYNTAX_SAMBA_SID },
+       { "syncWithSID",                LDB_SYNTAX_SAMBA_SID },
+
        /*
         * these are extracted by searching
         * (&(attributeSyntax=2.5.5.10)(rangeLower=16)(rangeUpper=16)(omSyntax=4))
@@ -1475,6 +1517,8 @@ static const struct {
        { "fRSVersionGUID",                     LDB_SYNTAX_SAMBA_GUID },
        { "implementedCategories",              LDB_SYNTAX_SAMBA_GUID },
        { "msDS-AzObjectGuid",                  LDB_SYNTAX_SAMBA_GUID },
+       { "msDS-GenerationId",                  LDB_SYNTAX_SAMBA_GUID },
+       { "msDS-OptionalFeatureGUID",           LDB_SYNTAX_SAMBA_GUID },
        { "msDFSR-ContentSetGuid",              LDB_SYNTAX_SAMBA_GUID },
        { "msDFSR-ReplicationGroupGuid",        LDB_SYNTAX_SAMBA_GUID },
        { "mSMQDigests",                        LDB_SYNTAX_SAMBA_GUID },
@@ -1491,13 +1535,14 @@ static const struct {
        { "msDFS-GenerationGUIDv2",             LDB_SYNTAX_SAMBA_GUID },
        { "msDFS-LinkIdentityGUIDv2",           LDB_SYNTAX_SAMBA_GUID },
        { "msDFS-NamespaceIdentityGUIDv2",      LDB_SYNTAX_SAMBA_GUID },
+       { "msSPP-CSVLKSkuId",                   LDB_SYNTAX_SAMBA_GUID },
+       { "msSPP-KMSIds",                       LDB_SYNTAX_SAMBA_GUID },
 
        /*
         * these are known to be GUIDs
         */
        { "invocationId",                       LDB_SYNTAX_SAMBA_GUID },
        { "parentGUID",                         LDB_SYNTAX_SAMBA_GUID },
-       { "msDS-OptionalFeatureGUID",           LDB_SYNTAX_SAMBA_GUID },
 
        /* These NDR encoded things we want to be able to read with --show-binary */
        { "dnsRecord",                          LDB_SYNTAX_SAMBA_DNSRECORD },
@@ -1581,6 +1626,12 @@ int ldb_register_samba_handlers(struct ldb_context *ldb)
 
        }
 
+       ret = ldb_register_samba_matching_rules(ldb);
+       if (ret != LDB_SUCCESS) {
+               talloc_free(ldb);
+               return LDB_SUCCESS;
+       }
+
        ret = ldb_set_opaque(ldb, "SAMBA_HANDLERS_REGISTERED", (void*)1);
        if (ret != LDB_SUCCESS) {
                return ret;
Michael's Samba GIT