4 Copyright (C) Simo Sorce 2005
6 ** NOTE! The following LGPL license applies to the ldb
7 ** library. This does NOT imply that all of Samba is released
10 This library is free software; you can redistribute it and/or
11 modify it under the terms of the GNU Lesser General Public
12 License as published by the Free Software Foundation; either
13 version 3 of the License, or (at your option) any later version.
15 This library is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 Lesser General Public License for more details.
20 You should have received a copy of the GNU Lesser General Public
21 License along with this library; if not, see <http://www.gnu.org/licenses/>.
27 * Component: ldb dn creation and manipulation utility functions
29 * Description: - explode a dn into it's own basic elements
30 * and put them in a structure (only if necessary)
31 * - manipulate ldb_dn structures
36 #include "ldb_private.h"
39 #define LDB_DN_NULL_FAILED(x) if (!(x)) goto failed
41 #define LDB_FREE(x) do { talloc_free(x); x = NULL; } while(0)
44 internal ldb exploded dn structures
46 struct ldb_dn_component {
52 struct ldb_val cf_value;
55 struct ldb_dn_ext_component {
63 struct ldb_context *ldb;
65 /* Special DNs are always linearized */
75 unsigned int comp_num;
76 struct ldb_dn_component *components;
78 unsigned int ext_comp_num;
79 struct ldb_dn_ext_component *ext_components;
82 /* it is helpful to be able to break on this in gdb */
83 static void ldb_dn_mark_invalid(struct ldb_dn *dn)
88 /* strdn may be NULL */
89 struct ldb_dn *ldb_dn_from_ldb_val(TALLOC_CTX *mem_ctx,
90 struct ldb_context *ldb,
91 const struct ldb_val *strdn)
95 if (! ldb) return NULL;
97 if (strdn && strdn->data
98 && (strnlen((const char*)strdn->data, strdn->length) != strdn->length)) {
99 /* The RDN must not contain a character with value 0x0 */
103 dn = talloc_zero(mem_ctx, struct ldb_dn);
104 LDB_DN_NULL_FAILED(dn);
106 dn->ldb = talloc_get_type(ldb, struct ldb_context);
107 if (dn->ldb == NULL) {
108 /* the caller probably got the arguments to
109 ldb_dn_new() mixed up */
114 if (strdn->data && strdn->length) {
115 const char *data = (const char *)strdn->data;
116 size_t length = strdn->length;
118 if (data[0] == '@') {
121 dn->ext_linearized = talloc_strndup(dn, data, length);
122 LDB_DN_NULL_FAILED(dn->ext_linearized);
124 if (data[0] == '<') {
125 const char *p_save, *p = dn->ext_linearized;
134 if (p_save == dn->ext_linearized) {
135 dn->linearized = talloc_strdup(dn, "");
137 dn->linearized = talloc_strdup(dn, p_save);
139 LDB_DN_NULL_FAILED(dn->linearized);
141 dn->linearized = dn->ext_linearized;
142 dn->ext_linearized = NULL;
145 dn->linearized = talloc_strdup(dn, "");
146 LDB_DN_NULL_FAILED(dn->linearized);
156 /* strdn may be NULL */
157 struct ldb_dn *ldb_dn_new(TALLOC_CTX *mem_ctx,
158 struct ldb_context *ldb,
162 blob.data = discard_const_p(uint8_t, strdn);
163 blob.length = strdn ? strlen(strdn) : 0;
164 return ldb_dn_from_ldb_val(mem_ctx, ldb, &blob);
167 struct ldb_dn *ldb_dn_new_fmt(TALLOC_CTX *mem_ctx,
168 struct ldb_context *ldb,
169 const char *new_fmt, ...)
174 if ( (! mem_ctx) || (! ldb)) return NULL;
176 va_start(ap, new_fmt);
177 strdn = talloc_vasprintf(mem_ctx, new_fmt, ap);
181 struct ldb_dn *dn = ldb_dn_new(mem_ctx, ldb, strdn);
189 /* see RFC2253 section 2.4 */
190 static int ldb_dn_escape_internal(char *dst, const char *src, int len)
197 for (i = 0; i < len; i++){
201 if (i == 0 || i == len - 1) {
202 /* if at the beginning or end
203 * of the string then escape */
207 /* otherwise don't escape */
213 /* despite the RFC, windows escapes a #
214 anywhere in the string */
222 /* these must be escaped using \c form */
232 /* any others get \XX form */
234 const char *hexbytes = "0123456789ABCDEF";
235 v = (const unsigned char)c;
237 *d++ = hexbytes[v>>4];
238 *d++ = hexbytes[v&0xF];
246 /* return the length of the resulting string */
250 char *ldb_dn_escape_value(TALLOC_CTX *mem_ctx, struct ldb_val value)
257 /* allocate destination string, it will be at most 3 times the source */
258 dst = talloc_array(mem_ctx, char, value.length * 3 + 1);
264 len = ldb_dn_escape_internal(dst, (const char *)value.data, value.length);
266 dst = talloc_realloc(mem_ctx, dst, char, len + 1);
276 explode a DN string into a ldb_dn structure
277 based on RFC4514 except that we don't support multiple valued RDNs
279 TODO: according to MS-ADTS:3.1.1.5.2 Naming Constraints
280 DN must be compliant with RFC2253
282 static bool ldb_dn_explode(struct ldb_dn *dn)
284 char *p, *ex_name = NULL, *ex_value = NULL, *data, *d, *dt, *t;
286 bool in_extended = true;
287 bool in_ex_name = false;
288 bool in_ex_value = false;
289 bool in_attr = false;
290 bool in_value = false;
291 bool in_quote = false;
300 if ( ! dn || dn->invalid) return false;
302 if (dn->components) {
306 if (dn->ext_linearized) {
307 parse_dn = dn->ext_linearized;
309 parse_dn = dn->linearized;
316 is_index = (strncmp(parse_dn, "DN=@INDEX:", 10) == 0);
319 if (parse_dn[0] == '\0') {
323 /* Special DNs case */
328 /* make sure we free this if allocated previously before replacing */
329 LDB_FREE(dn->components);
332 LDB_FREE(dn->ext_components);
333 dn->ext_comp_num = 0;
335 /* in the common case we have 3 or more components */
336 /* make sure all components are zeroed, other functions depend on it */
337 dn->components = talloc_zero_array(dn, struct ldb_dn_component, 3);
338 if ( ! dn->components) {
342 /* Components data space is allocated here once */
343 data = talloc_array(dn->components, char, strlen(parse_dn) + 1);
355 if (!in_ex_name && !in_ex_value) {
362 } else if (p[0] == '\0') {
374 if (in_ex_name && *p == '=') {
383 if (in_ex_value && *p == '>') {
384 const struct ldb_dn_extended_syntax *ext_syntax;
385 struct ldb_val ex_val = {
386 .data = (uint8_t *)ex_value,
387 .length = d - ex_value
394 /* Process name and ex_value */
396 dn->ext_components = talloc_realloc(dn,
398 struct ldb_dn_ext_component,
399 dn->ext_comp_num + 1);
400 if ( ! dn->ext_components) {
405 ext_syntax = ldb_dn_extended_syntax_by_name(dn->ldb, ex_name);
407 /* We don't know about this type of extended DN */
411 dn->ext_components[dn->ext_comp_num].name = talloc_strdup(dn->ext_components, ex_name);
412 if (!dn->ext_components[dn->ext_comp_num].name) {
416 ret = ext_syntax->read_fn(dn->ldb, dn->ext_components,
417 &ex_val, &dn->ext_components[dn->ext_comp_num].value);
418 if (ret != LDB_SUCCESS) {
419 ldb_dn_mark_invalid(dn);
426 /* We have reached the end (extended component only)! */
430 } else if (*p == ';') {
434 ldb_dn_mark_invalid(dn);
453 /* attr names must be ascii only */
454 ldb_dn_mark_invalid(dn);
461 if ( ! isalpha(*p)) {
462 /* not a digit nor an alpha,
463 * invalid attribute name */
464 ldb_dn_mark_invalid(dn);
468 /* Copy this character across from parse_dn,
469 * now we have trimmed out spaces */
476 /* valid only if we are at the end */
481 if (trim && (*p != '=')) {
482 /* spaces/tabs are not allowed */
483 ldb_dn_mark_invalid(dn);
488 /* attribute terminated */
494 /* Terminate this string in d
495 * (which is a copy of parse_dn
496 * with spaces trimmed) */
498 dn->components[dn->comp_num].name = talloc_strdup(dn->components, dt);
499 if ( ! dn->components[dn->comp_num].name) {
511 /* attr names must be ascii only */
512 ldb_dn_mark_invalid(dn);
516 if (is_oid && ( ! (isdigit(*p) || (*p == '.')))) {
517 /* not a digit nor a dot,
518 * invalid attribute oid */
519 ldb_dn_mark_invalid(dn);
522 if ( ! (isalpha(*p) || isdigit(*p) || (*p == '-'))) {
523 /* not ALPHA, DIGIT or HYPHEN */
524 ldb_dn_mark_invalid(dn);
564 /* TODO: support ber encoded values
575 /* ok found value terminator */
591 * This talloc_memdup() is OK with the
592 * +1 because *d has been set to '\0'
595 dn->components[dn->comp_num].value.data = \
596 (uint8_t *)talloc_memdup(dn->components, dt, l + 1);
597 dn->components[dn->comp_num].value.length = l;
598 if ( ! dn->components[dn->comp_num].value.data) {
602 talloc_set_name_const(dn->components[dn->comp_num].value.data,
603 (const char *)dn->components[dn->comp_num].value.data);
608 if (dn->comp_num > 2) {
609 dn->components = talloc_realloc(dn,
611 struct ldb_dn_component,
613 if ( ! dn->components) {
617 /* make sure all components are zeroed, other functions depend on this */
618 memset(&dn->components[dn->comp_num], '\0', sizeof(struct ldb_dn_component));
625 /* to main compatibility with earlier
626 versions of ldb indexing, we have to
627 accept the base64 encoded binary index
628 values, which contain a '+' or '='
629 which should normally be escaped */
641 /* a string with not escaped specials is invalid (tested) */
643 ldb_dn_mark_invalid(dn);
670 if (isxdigit(p[0]) && isxdigit(p[1])) {
671 if (sscanf(p, "%02x", &x) != 1) {
672 /* invalid escaping sequence */
673 ldb_dn_mark_invalid(dn);
677 *d++ = (unsigned char)x;
703 if (in_attr || in_quote) {
705 ldb_dn_mark_invalid(dn);
709 /* save last element */
718 * This talloc_memdup() is OK with the
719 * +1 because *d has been set to '\0'
722 dn->components[dn->comp_num].value.length = l;
723 dn->components[dn->comp_num].value.data =
724 (uint8_t *)talloc_memdup(dn->components, dt, l + 1);
725 if ( ! dn->components[dn->comp_num].value.data) {
729 talloc_set_name_const(dn->components[dn->comp_num].value.data,
730 (const char *)dn->components[dn->comp_num].value.data);
738 LDB_FREE(dn->components); /* "data" is implicitly free'd */
740 LDB_FREE(dn->ext_components);
741 dn->ext_comp_num = 0;
746 bool ldb_dn_validate(struct ldb_dn *dn)
748 return ldb_dn_explode(dn);
751 const char *ldb_dn_get_linearized(struct ldb_dn *dn)
757 if ( ! dn || ( dn->invalid)) return NULL;
759 if (dn->linearized) return dn->linearized;
761 if ( ! dn->components) {
762 ldb_dn_mark_invalid(dn);
766 if (dn->comp_num == 0) {
767 dn->linearized = talloc_strdup(dn, "");
768 if ( ! dn->linearized) return NULL;
769 return dn->linearized;
772 /* calculate maximum possible length of DN */
773 for (len = 0, i = 0; i < dn->comp_num; i++) {
775 len += strlen(dn->components[i].name);
776 /* max escaped data len */
777 len += (dn->components[i].value.length * 3);
778 len += 2; /* '=' and ',' */
780 dn->linearized = talloc_array(dn, char, len);
781 if ( ! dn->linearized) return NULL;
785 for (i = 0; i < dn->comp_num; i++) {
788 n = dn->components[i].name;
789 while (*n) *d++ = *n++;
794 d += ldb_dn_escape_internal( d,
795 (char *)dn->components[i].value.data,
796 dn->components[i].value.length);
802 /* don't waste more memory than necessary */
803 dn->linearized = talloc_realloc(dn, dn->linearized,
804 char, (d - dn->linearized + 1));
806 return dn->linearized;
809 static int ldb_dn_extended_component_compare(const void *p1, const void *p2)
811 const struct ldb_dn_ext_component *ec1 = (const struct ldb_dn_ext_component *)p1;
812 const struct ldb_dn_ext_component *ec2 = (const struct ldb_dn_ext_component *)p2;
813 return strcmp(ec1->name, ec2->name);
816 char *ldb_dn_get_extended_linearized(TALLOC_CTX *mem_ctx, struct ldb_dn *dn, int mode)
818 const char *linearized = ldb_dn_get_linearized(dn);
826 if (!ldb_dn_has_extended(dn)) {
827 return talloc_strdup(mem_ctx, linearized);
830 if (!ldb_dn_validate(dn)) {
834 /* sort the extended components by name. The idea is to make
835 * the resulting DNs consistent, plus to ensure that we put
836 * 'DELETED' first, so it can be very quickly recognised
838 TYPESAFE_QSORT(dn->ext_components, dn->ext_comp_num,
839 ldb_dn_extended_component_compare);
841 for (i = 0; i < dn->ext_comp_num; i++) {
842 const struct ldb_dn_extended_syntax *ext_syntax;
843 const char *name = dn->ext_components[i].name;
844 struct ldb_val ec_val = dn->ext_components[i].value;
848 ext_syntax = ldb_dn_extended_syntax_by_name(dn->ldb, name);
854 ret = ext_syntax->write_clear_fn(dn->ldb, mem_ctx,
856 } else if (mode == 0) {
857 ret = ext_syntax->write_hex_fn(dn->ldb, mem_ctx,
863 if (ret != LDB_SUCCESS) {
868 p = talloc_asprintf(mem_ctx, "<%s=%s>",
871 p = talloc_asprintf_append_buffer(p, ";<%s=%s>",
875 talloc_free(val.data);
882 if (dn->ext_comp_num && *linearized) {
883 p = talloc_asprintf_append_buffer(p, ";%s", linearized);
894 filter out all but an acceptable list of extended DN components
896 void ldb_dn_extended_filter(struct ldb_dn *dn, const char * const *accept_list)
899 for (i=0; i<dn->ext_comp_num; i++) {
900 if (!ldb_attr_in_list(accept_list, dn->ext_components[i].name)) {
901 memmove(&dn->ext_components[i],
902 &dn->ext_components[i+1],
903 (dn->ext_comp_num-(i+1))*sizeof(dn->ext_components[0]));
908 LDB_FREE(dn->ext_linearized);
912 char *ldb_dn_alloc_linearized(TALLOC_CTX *mem_ctx, struct ldb_dn *dn)
914 return talloc_strdup(mem_ctx, ldb_dn_get_linearized(dn));
918 casefold a dn. We need to casefold the attribute names, and canonicalize
919 attribute values of case insensitive attributes.
922 static bool ldb_dn_casefold_internal(struct ldb_dn *dn)
927 if ( ! dn || dn->invalid) return false;
929 if (dn->valid_case) return true;
931 if (( ! dn->components) && ( ! ldb_dn_explode(dn))) {
935 for (i = 0; i < dn->comp_num; i++) {
936 const struct ldb_schema_attribute *a;
938 dn->components[i].cf_name =
939 ldb_attr_casefold(dn->components,
940 dn->components[i].name);
941 if (!dn->components[i].cf_name) {
945 a = ldb_schema_attribute_by_name(dn->ldb,
946 dn->components[i].cf_name);
948 ret = a->syntax->canonicalise_fn(dn->ldb, dn->components,
949 &(dn->components[i].value),
950 &(dn->components[i].cf_value));
956 dn->valid_case = true;
961 for (i = 0; i < dn->comp_num; i++) {
962 LDB_FREE(dn->components[i].cf_name);
963 LDB_FREE(dn->components[i].cf_value.data);
968 const char *ldb_dn_get_casefold(struct ldb_dn *dn)
974 if (dn->casefold) return dn->casefold;
977 dn->casefold = talloc_strdup(dn, dn->linearized);
978 if (!dn->casefold) return NULL;
979 dn->valid_case = true;
983 if ( ! ldb_dn_casefold_internal(dn)) {
987 if (dn->comp_num == 0) {
988 dn->casefold = talloc_strdup(dn, "");
992 /* calculate maximum possible length of DN */
993 for (len = 0, i = 0; i < dn->comp_num; i++) {
995 len += strlen(dn->components[i].cf_name);
996 /* max escaped data len */
997 len += (dn->components[i].cf_value.length * 3);
998 len += 2; /* '=' and ',' */
1000 dn->casefold = talloc_array(dn, char, len);
1001 if ( ! dn->casefold) return NULL;
1005 for (i = 0; i < dn->comp_num; i++) {
1008 n = dn->components[i].cf_name;
1009 while (*n) *d++ = *n++;
1014 d += ldb_dn_escape_internal( d,
1015 (char *)dn->components[i].cf_value.data,
1016 dn->components[i].cf_value.length);
1021 /* don't waste more memory than necessary */
1022 dn->casefold = talloc_realloc(dn, dn->casefold,
1023 char, strlen(dn->casefold) + 1);
1025 return dn->casefold;
1028 char *ldb_dn_alloc_casefold(TALLOC_CTX *mem_ctx, struct ldb_dn *dn)
1030 return talloc_strdup(mem_ctx, ldb_dn_get_casefold(dn));
1033 /* Determine if dn is below base, in the ldap tree. Used for
1034 * evaluating a subtree search.
1035 * 0 if they match, otherwise non-zero
1038 int ldb_dn_compare_base(struct ldb_dn *base, struct ldb_dn *dn)
1041 unsigned int n_base, n_dn;
1043 if ( ! base || base->invalid) return 1;
1044 if ( ! dn || dn->invalid) return -1;
1046 if (( ! base->valid_case) || ( ! dn->valid_case)) {
1047 if (base->linearized && dn->linearized && dn->special == base->special) {
1048 /* try with a normal compare first, if we are lucky
1049 * we will avoid exploding and casfolding */
1051 dif = strlen(dn->linearized) - strlen(base->linearized);
1055 if (strcmp(base->linearized,
1056 &dn->linearized[dif]) == 0) {
1061 if ( ! ldb_dn_casefold_internal(base)) {
1065 if ( ! ldb_dn_casefold_internal(dn)) {
1071 /* if base has more components,
1072 * they don't have the same base */
1073 if (base->comp_num > dn->comp_num) {
1074 return (dn->comp_num - base->comp_num);
1077 if ((dn->comp_num == 0) || (base->comp_num == 0)) {
1078 if (dn->special && base->special) {
1079 return strcmp(base->linearized, dn->linearized);
1080 } else if (dn->special) {
1082 } else if (base->special) {
1089 n_base = base->comp_num - 1;
1090 n_dn = dn->comp_num - 1;
1092 while (n_base != (unsigned int) -1) {
1093 char *b_name = base->components[n_base].cf_name;
1094 char *dn_name = dn->components[n_dn].cf_name;
1096 char *b_vdata = (char *)base->components[n_base].cf_value.data;
1097 char *dn_vdata = (char *)dn->components[n_dn].cf_value.data;
1099 size_t b_vlen = base->components[n_base].cf_value.length;
1100 size_t dn_vlen = dn->components[n_dn].cf_value.length;
1102 /* compare attr names */
1103 ret = strcmp(b_name, dn_name);
1104 if (ret != 0) return ret;
1106 /* compare attr.cf_value. */
1107 if (b_vlen != dn_vlen) {
1108 return b_vlen - dn_vlen;
1110 ret = strncmp(b_vdata, dn_vdata, b_vlen);
1111 if (ret != 0) return ret;
1120 /* compare DNs using casefolding compare functions.
1122 If they match, then return 0
1125 int ldb_dn_compare(struct ldb_dn *dn0, struct ldb_dn *dn1)
1130 if (( ! dn0) || dn0->invalid || ! dn1 || dn1->invalid) {
1134 if (( ! dn0->valid_case) || ( ! dn1->valid_case)) {
1135 if (dn0->linearized && dn1->linearized) {
1136 /* try with a normal compare first, if we are lucky
1137 * we will avoid exploding and casfolding */
1138 if (strcmp(dn0->linearized, dn1->linearized) == 0) {
1143 if ( ! ldb_dn_casefold_internal(dn0)) {
1147 if ( ! ldb_dn_casefold_internal(dn1)) {
1153 if (dn0->comp_num != dn1->comp_num) {
1154 return (dn1->comp_num - dn0->comp_num);
1157 if (dn0->comp_num == 0) {
1158 if (dn0->special && dn1->special) {
1159 return strcmp(dn0->linearized, dn1->linearized);
1160 } else if (dn0->special) {
1162 } else if (dn1->special) {
1169 for (i = 0; i < dn0->comp_num; i++) {
1170 char *dn0_name = dn0->components[i].cf_name;
1171 char *dn1_name = dn1->components[i].cf_name;
1173 char *dn0_vdata = (char *)dn0->components[i].cf_value.data;
1174 char *dn1_vdata = (char *)dn1->components[i].cf_value.data;
1176 size_t dn0_vlen = dn0->components[i].cf_value.length;
1177 size_t dn1_vlen = dn1->components[i].cf_value.length;
1179 /* compare attr names */
1180 ret = strcmp(dn0_name, dn1_name);
1185 /* compare attr.cf_value. */
1186 if (dn0_vlen != dn1_vlen) {
1187 return dn0_vlen - dn1_vlen;
1189 ret = strncmp(dn0_vdata, dn1_vdata, dn0_vlen);
1198 static struct ldb_dn_component ldb_dn_copy_component(
1199 TALLOC_CTX *mem_ctx,
1200 struct ldb_dn_component *src)
1202 struct ldb_dn_component dst;
1204 memset(&dst, 0, sizeof(dst));
1210 dst.value = ldb_val_dup(mem_ctx, &(src->value));
1211 if (dst.value.data == NULL) {
1215 dst.name = talloc_strdup(mem_ctx, src->name);
1216 if (dst.name == NULL) {
1217 LDB_FREE(dst.value.data);
1221 if (src->cf_value.data) {
1222 dst.cf_value = ldb_val_dup(mem_ctx, &(src->cf_value));
1223 if (dst.cf_value.data == NULL) {
1224 LDB_FREE(dst.value.data);
1229 dst.cf_name = talloc_strdup(mem_ctx, src->cf_name);
1230 if (dst.cf_name == NULL) {
1231 LDB_FREE(dst.cf_name);
1232 LDB_FREE(dst.value.data);
1237 dst.cf_value.data = NULL;
1244 static struct ldb_dn_ext_component ldb_dn_ext_copy_component(
1245 TALLOC_CTX *mem_ctx,
1246 struct ldb_dn_ext_component *src)
1248 struct ldb_dn_ext_component dst;
1250 memset(&dst, 0, sizeof(dst));
1256 dst.value = ldb_val_dup(mem_ctx, &(src->value));
1257 if (dst.value.data == NULL) {
1261 dst.name = talloc_strdup(mem_ctx, src->name);
1262 if (dst.name == NULL) {
1263 LDB_FREE(dst.value.data);
1270 struct ldb_dn *ldb_dn_copy(TALLOC_CTX *mem_ctx, struct ldb_dn *dn)
1272 struct ldb_dn *new_dn;
1274 if (!dn || dn->invalid) {
1278 new_dn = talloc_zero(mem_ctx, struct ldb_dn);
1285 if (dn->components) {
1288 new_dn->components =
1289 talloc_zero_array(new_dn,
1290 struct ldb_dn_component,
1292 if ( ! new_dn->components) {
1293 talloc_free(new_dn);
1297 for (i = 0; i < dn->comp_num; i++) {
1298 new_dn->components[i] =
1299 ldb_dn_copy_component(new_dn->components,
1300 &dn->components[i]);
1301 if ( ! new_dn->components[i].value.data) {
1302 talloc_free(new_dn);
1308 if (dn->ext_components) {
1311 new_dn->ext_components =
1312 talloc_zero_array(new_dn,
1313 struct ldb_dn_ext_component,
1315 if ( ! new_dn->ext_components) {
1316 talloc_free(new_dn);
1320 for (i = 0; i < dn->ext_comp_num; i++) {
1321 new_dn->ext_components[i] =
1322 ldb_dn_ext_copy_component(
1323 new_dn->ext_components,
1324 &dn->ext_components[i]);
1325 if ( ! new_dn->ext_components[i].value.data) {
1326 talloc_free(new_dn);
1333 new_dn->casefold = talloc_strdup(new_dn, dn->casefold);
1334 if ( ! new_dn->casefold) {
1335 talloc_free(new_dn);
1340 if (dn->linearized) {
1341 new_dn->linearized = talloc_strdup(new_dn, dn->linearized);
1342 if ( ! new_dn->linearized) {
1343 talloc_free(new_dn);
1348 if (dn->ext_linearized) {
1349 new_dn->ext_linearized = talloc_strdup(new_dn,
1350 dn->ext_linearized);
1351 if ( ! new_dn->ext_linearized) {
1352 talloc_free(new_dn);
1360 /* modify the given dn by adding a base.
1362 * return true if successful and false if not
1363 * if false is returned the dn may be marked invalid
1365 bool ldb_dn_add_base(struct ldb_dn *dn, struct ldb_dn *base)
1370 if ( !base || base->invalid || !dn || dn->invalid) {
1374 if (dn->components) {
1377 if ( ! ldb_dn_validate(base)) {
1382 if (dn->valid_case) {
1383 if ( ! (s = ldb_dn_get_casefold(base))) {
1388 dn->components = talloc_realloc(dn,
1390 struct ldb_dn_component,
1391 dn->comp_num + base->comp_num);
1392 if ( ! dn->components) {
1393 ldb_dn_mark_invalid(dn);
1397 for (i = 0; i < base->comp_num; dn->comp_num++, i++) {
1398 dn->components[dn->comp_num] =
1399 ldb_dn_copy_component(dn->components,
1400 &base->components[i]);
1401 if (dn->components[dn->comp_num].value.data == NULL) {
1402 ldb_dn_mark_invalid(dn);
1407 if (dn->casefold && s) {
1408 if (*dn->casefold) {
1409 t = talloc_asprintf(dn, "%s,%s",
1412 t = talloc_strdup(dn, s);
1414 LDB_FREE(dn->casefold);
1419 if (dn->linearized) {
1421 s = ldb_dn_get_linearized(base);
1426 if (*dn->linearized) {
1427 t = talloc_asprintf(dn, "%s,%s",
1430 t = talloc_strdup(dn, s);
1433 ldb_dn_mark_invalid(dn);
1436 LDB_FREE(dn->linearized);
1440 /* Wipe the ext_linearized DN,
1441 * the GUID and SID are almost certainly no longer valid */
1442 LDB_FREE(dn->ext_linearized);
1443 LDB_FREE(dn->ext_components);
1444 dn->ext_comp_num = 0;
1449 /* modify the given dn by adding a base.
1451 * return true if successful and false if not
1452 * if false is returned the dn may be marked invalid
1454 bool ldb_dn_add_base_fmt(struct ldb_dn *dn, const char *base_fmt, ...)
1456 struct ldb_dn *base;
1461 if ( !dn || dn->invalid) {
1465 va_start(ap, base_fmt);
1466 base_str = talloc_vasprintf(dn, base_fmt, ap);
1469 if (base_str == NULL) {
1473 base = ldb_dn_new(base_str, dn->ldb, base_str);
1475 ret = ldb_dn_add_base(dn, base);
1477 talloc_free(base_str);
1482 /* modify the given dn by adding children elements.
1484 * return true if successful and false if not
1485 * if false is returned the dn may be marked invalid
1487 bool ldb_dn_add_child(struct ldb_dn *dn, struct ldb_dn *child)
1492 if ( !child || child->invalid || !dn || dn->invalid) {
1496 if (dn->components) {
1500 if (dn->comp_num == 0) {
1504 if ( ! ldb_dn_validate(child)) {
1509 if (dn->valid_case) {
1510 if ( ! (s = ldb_dn_get_casefold(child))) {
1515 n = dn->comp_num + child->comp_num;
1517 dn->components = talloc_realloc(dn,
1519 struct ldb_dn_component,
1521 if ( ! dn->components) {
1522 ldb_dn_mark_invalid(dn);
1526 for (i = dn->comp_num - 1, j = n - 1; i != (unsigned int) -1;
1528 dn->components[j] = dn->components[i];
1531 for (i = 0; i < child->comp_num; i++) {
1533 ldb_dn_copy_component(dn->components,
1534 &child->components[i]);
1535 if (dn->components[i].value.data == NULL) {
1536 ldb_dn_mark_invalid(dn);
1543 if (dn->casefold && s) {
1544 t = talloc_asprintf(dn, "%s,%s", s, dn->casefold);
1545 LDB_FREE(dn->casefold);
1550 if (dn->linearized) {
1551 if (dn->linearized[0] == '\0') {
1555 s = ldb_dn_get_linearized(child);
1560 t = talloc_asprintf(dn, "%s,%s", s, dn->linearized);
1562 ldb_dn_mark_invalid(dn);
1565 LDB_FREE(dn->linearized);
1569 /* Wipe the ext_linearized DN,
1570 * the GUID and SID are almost certainly no longer valid */
1571 LDB_FREE(dn->ext_linearized);
1572 LDB_FREE(dn->ext_components);
1573 dn->ext_comp_num = 0;
1578 /* modify the given dn by adding children elements.
1580 * return true if successful and false if not
1581 * if false is returned the dn may be marked invalid
1583 bool ldb_dn_add_child_fmt(struct ldb_dn *dn, const char *child_fmt, ...)
1585 struct ldb_dn *child;
1590 if ( !dn || dn->invalid) {
1594 va_start(ap, child_fmt);
1595 child_str = talloc_vasprintf(dn, child_fmt, ap);
1598 if (child_str == NULL) {
1602 child = ldb_dn_new(child_str, dn->ldb, child_str);
1604 ret = ldb_dn_add_child(dn, child);
1606 talloc_free(child_str);
1611 bool ldb_dn_remove_base_components(struct ldb_dn *dn, unsigned int num)
1615 if ( ! ldb_dn_validate(dn)) {
1619 if (dn->comp_num < num) {
1623 /* free components */
1624 for (i = dn->comp_num - num; i < dn->comp_num; i++) {
1625 LDB_FREE(dn->components[i].name);
1626 LDB_FREE(dn->components[i].value.data);
1627 LDB_FREE(dn->components[i].cf_name);
1628 LDB_FREE(dn->components[i].cf_value.data);
1631 dn->comp_num -= num;
1633 if (dn->valid_case) {
1634 for (i = 0; i < dn->comp_num; i++) {
1635 LDB_FREE(dn->components[i].cf_name);
1636 LDB_FREE(dn->components[i].cf_value.data);
1638 dn->valid_case = false;
1641 LDB_FREE(dn->casefold);
1642 LDB_FREE(dn->linearized);
1644 /* Wipe the ext_linearized DN,
1645 * the GUID and SID are almost certainly no longer valid */
1646 LDB_FREE(dn->ext_linearized);
1647 LDB_FREE(dn->ext_components);
1648 dn->ext_comp_num = 0;
1653 bool ldb_dn_remove_child_components(struct ldb_dn *dn, unsigned int num)
1657 if ( ! ldb_dn_validate(dn)) {
1661 if (dn->comp_num < num) {
1665 for (i = 0, j = num; j < dn->comp_num; i++, j++) {
1667 LDB_FREE(dn->components[i].name);
1668 LDB_FREE(dn->components[i].value.data);
1669 LDB_FREE(dn->components[i].cf_name);
1670 LDB_FREE(dn->components[i].cf_value.data);
1672 dn->components[i] = dn->components[j];
1675 dn->comp_num -= num;
1677 if (dn->valid_case) {
1678 for (i = 0; i < dn->comp_num; i++) {
1679 LDB_FREE(dn->components[i].cf_name);
1680 LDB_FREE(dn->components[i].cf_value.data);
1682 dn->valid_case = false;
1685 LDB_FREE(dn->casefold);
1686 LDB_FREE(dn->linearized);
1688 /* Wipe the ext_linearized DN,
1689 * the GUID and SID are almost certainly no longer valid */
1690 LDB_FREE(dn->ext_linearized);
1691 LDB_FREE(dn->ext_components);
1692 dn->ext_comp_num = 0;
1698 /* replace the components of a DN with those from another DN, without
1699 * touching the extended components
1701 * return true if successful and false if not
1702 * if false is returned the dn may be marked invalid
1704 bool ldb_dn_replace_components(struct ldb_dn *dn, struct ldb_dn *new_dn)
1708 if ( ! ldb_dn_validate(dn) || ! ldb_dn_validate(new_dn)) {
1712 /* free components */
1713 for (i = 0; i < dn->comp_num; i++) {
1714 LDB_FREE(dn->components[i].name);
1715 LDB_FREE(dn->components[i].value.data);
1716 LDB_FREE(dn->components[i].cf_name);
1717 LDB_FREE(dn->components[i].cf_value.data);
1720 dn->components = talloc_realloc(dn,
1722 struct ldb_dn_component,
1724 if (dn->components == NULL) {
1725 ldb_dn_mark_invalid(dn);
1729 dn->comp_num = new_dn->comp_num;
1730 dn->valid_case = new_dn->valid_case;
1732 for (i = 0; i < dn->comp_num; i++) {
1733 dn->components[i] = ldb_dn_copy_component(dn->components, &new_dn->components[i]);
1734 if (dn->components[i].name == NULL) {
1735 ldb_dn_mark_invalid(dn);
1739 if (new_dn->linearized == NULL) {
1740 dn->linearized = NULL;
1742 dn->linearized = talloc_strdup(dn, new_dn->linearized);
1743 if (dn->linearized == NULL) {
1744 ldb_dn_mark_invalid(dn);
1753 struct ldb_dn *ldb_dn_get_parent(TALLOC_CTX *mem_ctx, struct ldb_dn *dn)
1755 struct ldb_dn *new_dn;
1757 new_dn = ldb_dn_copy(mem_ctx, dn);
1762 if ( ! ldb_dn_remove_child_components(new_dn, 1)) {
1763 talloc_free(new_dn);
1770 /* Create a 'canonical name' string from a DN:
1772 ie dc=samba,dc=org -> samba.org/
1773 uid=administrator,ou=users,dc=samba,dc=org = samba.org/users/administrator
1775 There are two formats,
1776 the EX format has the last '/' replaced with a newline (\n).
1779 static char *ldb_dn_canonical(TALLOC_CTX *mem_ctx, struct ldb_dn *dn, int ex_format) {
1782 char *cracked = NULL;
1783 const char *format = (ex_format ? "\n" : "/" );
1785 if ( ! ldb_dn_validate(dn)) {
1789 tmpctx = talloc_new(mem_ctx);
1791 /* Walk backwards down the DN, grabbing 'dc' components at first */
1792 for (i = dn->comp_num - 1; i != (unsigned int) -1; i--) {
1793 if (ldb_attr_cmp(dn->components[i].name, "dc") != 0) {
1797 cracked = talloc_asprintf(tmpctx, "%s.%s",
1798 ldb_dn_escape_value(tmpctx,
1799 dn->components[i].value),
1802 cracked = ldb_dn_escape_value(tmpctx,
1803 dn->components[i].value);
1810 /* Only domain components? Finish here */
1811 if (i == (unsigned int) -1) {
1812 cracked = talloc_strdup_append_buffer(cracked, format);
1813 talloc_steal(mem_ctx, cracked);
1817 /* Now walk backwards appending remaining components */
1818 for (; i > 0; i--) {
1819 cracked = talloc_asprintf_append_buffer(cracked, "/%s",
1820 ldb_dn_escape_value(tmpctx,
1821 dn->components[i].value));
1827 /* Last one, possibly a newline for the 'ex' format */
1828 cracked = talloc_asprintf_append_buffer(cracked, "%s%s", format,
1829 ldb_dn_escape_value(tmpctx,
1830 dn->components[i].value));
1832 talloc_steal(mem_ctx, cracked);
1834 talloc_free(tmpctx);
1838 /* Wrapper functions for the above, for the two different string formats */
1839 char *ldb_dn_canonical_string(TALLOC_CTX *mem_ctx, struct ldb_dn *dn) {
1840 return ldb_dn_canonical(mem_ctx, dn, 0);
1844 char *ldb_dn_canonical_ex_string(TALLOC_CTX *mem_ctx, struct ldb_dn *dn) {
1845 return ldb_dn_canonical(mem_ctx, dn, 1);
1848 int ldb_dn_get_comp_num(struct ldb_dn *dn)
1850 if ( ! ldb_dn_validate(dn)) {
1853 return dn->comp_num;
1856 int ldb_dn_get_extended_comp_num(struct ldb_dn *dn)
1858 if ( ! ldb_dn_validate(dn)) {
1861 return dn->ext_comp_num;
1864 const char *ldb_dn_get_component_name(struct ldb_dn *dn, unsigned int num)
1866 if ( ! ldb_dn_validate(dn)) {
1869 if (num >= dn->comp_num) return NULL;
1870 return dn->components[num].name;
1873 const struct ldb_val *ldb_dn_get_component_val(struct ldb_dn *dn,
1876 if ( ! ldb_dn_validate(dn)) {
1879 if (num >= dn->comp_num) return NULL;
1880 return &dn->components[num].value;
1883 const char *ldb_dn_get_rdn_name(struct ldb_dn *dn)
1885 if ( ! ldb_dn_validate(dn)) {
1888 if (dn->comp_num == 0) return NULL;
1889 return dn->components[0].name;
1892 const struct ldb_val *ldb_dn_get_rdn_val(struct ldb_dn *dn)
1894 if ( ! ldb_dn_validate(dn)) {
1897 if (dn->comp_num == 0) return NULL;
1898 return &dn->components[0].value;
1901 int ldb_dn_set_component(struct ldb_dn *dn, int num,
1902 const char *name, const struct ldb_val val)
1907 if ( ! ldb_dn_validate(dn)) {
1908 return LDB_ERR_OTHER;
1911 if (num >= dn->comp_num) {
1912 return LDB_ERR_OTHER;
1916 return LDB_ERR_OTHER;
1919 if (val.length > val.length + 1) {
1920 return LDB_ERR_OTHER;
1923 n = talloc_strdup(dn, name);
1925 return LDB_ERR_OTHER;
1928 v.length = val.length;
1931 * This is like talloc_memdup(dn, v.data, v.length + 1), but
1932 * avoids the over-read
1934 v.data = (uint8_t *)talloc_size(dn, v.length+1);
1937 return LDB_ERR_OTHER;
1939 memcpy(v.data, val.data, val.length);
1942 * Enforce NUL termination outside the stated length, as is
1943 * traditional in LDB
1945 v.data[v.length] = '\0';
1947 talloc_free(dn->components[num].name);
1948 talloc_free(dn->components[num].value.data);
1949 dn->components[num].name = n;
1950 dn->components[num].value = v;
1952 if (dn->valid_case) {
1954 for (i = 0; i < dn->comp_num; i++) {
1955 LDB_FREE(dn->components[i].cf_name);
1956 LDB_FREE(dn->components[i].cf_value.data);
1958 dn->valid_case = false;
1960 LDB_FREE(dn->casefold);
1961 LDB_FREE(dn->linearized);
1963 /* Wipe the ext_linearized DN,
1964 * the GUID and SID are almost certainly no longer valid */
1965 LDB_FREE(dn->ext_linearized);
1966 LDB_FREE(dn->ext_components);
1967 dn->ext_comp_num = 0;
1972 const struct ldb_val *ldb_dn_get_extended_component(struct ldb_dn *dn,
1976 if ( ! ldb_dn_validate(dn)) {
1979 for (i=0; i < dn->ext_comp_num; i++) {
1980 if (ldb_attr_cmp(dn->ext_components[i].name, name) == 0) {
1981 return &dn->ext_components[i].value;
1987 int ldb_dn_set_extended_component(struct ldb_dn *dn,
1988 const char *name, const struct ldb_val *val)
1990 struct ldb_dn_ext_component *p;
1994 if ( ! ldb_dn_validate(dn)) {
1995 return LDB_ERR_OTHER;
1998 if (!ldb_dn_extended_syntax_by_name(dn->ldb, name)) {
1999 /* We don't know how to handle this type of thing */
2000 return LDB_ERR_INVALID_DN_SYNTAX;
2003 for (i=0; i < dn->ext_comp_num; i++) {
2004 if (ldb_attr_cmp(dn->ext_components[i].name, name) == 0) {
2006 dn->ext_components[i].value =
2007 ldb_val_dup(dn->ext_components, val);
2009 dn->ext_components[i].name =
2010 talloc_strdup(dn->ext_components, name);
2011 if (!dn->ext_components[i].name ||
2012 !dn->ext_components[i].value.data) {
2013 ldb_dn_mark_invalid(dn);
2014 return LDB_ERR_OPERATIONS_ERROR;
2017 if (i != (dn->ext_comp_num - 1)) {
2018 memmove(&dn->ext_components[i],
2019 &dn->ext_components[i+1],
2020 ((dn->ext_comp_num-1) - i) *
2021 sizeof(*dn->ext_components));
2025 dn->ext_components = talloc_realloc(dn,
2027 struct ldb_dn_ext_component,
2029 if (!dn->ext_components) {
2030 ldb_dn_mark_invalid(dn);
2031 return LDB_ERR_OPERATIONS_ERROR;
2034 LDB_FREE(dn->ext_linearized);
2041 /* removing a value that doesn't exist is not an error */
2047 p = dn->ext_components
2048 = talloc_realloc(dn,
2050 struct ldb_dn_ext_component,
2051 dn->ext_comp_num + 1);
2052 if (!dn->ext_components) {
2053 ldb_dn_mark_invalid(dn);
2054 return LDB_ERR_OPERATIONS_ERROR;
2057 p[dn->ext_comp_num].value = ldb_val_dup(dn->ext_components, &v2);
2058 p[dn->ext_comp_num].name = talloc_strdup(p, name);
2060 if (!dn->ext_components[i].name || !dn->ext_components[i].value.data) {
2061 ldb_dn_mark_invalid(dn);
2062 return LDB_ERR_OPERATIONS_ERROR;
2064 dn->ext_components = p;
2067 LDB_FREE(dn->ext_linearized);
2072 void ldb_dn_remove_extended_components(struct ldb_dn *dn)
2074 LDB_FREE(dn->ext_linearized);
2075 LDB_FREE(dn->ext_components);
2076 dn->ext_comp_num = 0;
2079 bool ldb_dn_is_valid(struct ldb_dn *dn)
2081 if ( ! dn) return false;
2082 return ! dn->invalid;
2085 bool ldb_dn_is_special(struct ldb_dn *dn)
2087 if ( ! dn || dn->invalid) return false;
2091 bool ldb_dn_has_extended(struct ldb_dn *dn)
2093 if ( ! dn || dn->invalid) return false;
2094 if (dn->ext_linearized && (dn->ext_linearized[0] == '<')) return true;
2095 return dn->ext_comp_num != 0;
2098 bool ldb_dn_check_special(struct ldb_dn *dn, const char *check)
2100 if ( ! dn || dn->invalid) return false;
2101 return ! strcmp(dn->linearized, check);
2104 bool ldb_dn_is_null(struct ldb_dn *dn)
2106 if ( ! dn || dn->invalid) return false;
2107 if (ldb_dn_has_extended(dn)) return false;
2108 if (dn->linearized && (dn->linearized[0] == '\0')) return true;
2113 this updates dn->components, taking the components from ref_dn.
2114 This is used by code that wants to update the DN path of a DN
2115 while not impacting on the extended DN components
2117 int ldb_dn_update_components(struct ldb_dn *dn, const struct ldb_dn *ref_dn)
2119 dn->components = talloc_realloc(dn, dn->components,
2120 struct ldb_dn_component, ref_dn->comp_num);
2121 if (!dn->components) {
2122 return LDB_ERR_OPERATIONS_ERROR;
2124 memcpy(dn->components, ref_dn->components,
2125 sizeof(struct ldb_dn_component)*ref_dn->comp_num);
2126 dn->comp_num = ref_dn->comp_num;
2128 LDB_FREE(dn->casefold);
2129 LDB_FREE(dn->linearized);
2130 LDB_FREE(dn->ext_linearized);
2136 minimise a DN. The caller must pass in a validated DN.
2138 If the DN has an extended component then only the first extended
2139 component is kept, the DN string is stripped.
2141 The existing dn is modified
2143 bool ldb_dn_minimise(struct ldb_dn *dn)
2147 if (!ldb_dn_validate(dn)) {
2150 if (dn->ext_comp_num == 0) {
2154 /* free components */
2155 for (i = 0; i < dn->comp_num; i++) {
2156 LDB_FREE(dn->components[i].name);
2157 LDB_FREE(dn->components[i].value.data);
2158 LDB_FREE(dn->components[i].cf_name);
2159 LDB_FREE(dn->components[i].cf_value.data);
2162 dn->valid_case = false;
2164 LDB_FREE(dn->casefold);
2165 LDB_FREE(dn->linearized);
2167 /* note that we don't free dn->components as this there are
2168 * several places in ldb_dn.c that rely on it being non-NULL
2169 * for an exploded DN
2172 for (i = 1; i < dn->ext_comp_num; i++) {
2173 LDB_FREE(dn->ext_components[i].name);
2174 LDB_FREE(dn->ext_components[i].value.data);
2176 dn->ext_comp_num = 1;
2178 dn->ext_components = talloc_realloc(dn, dn->ext_components, struct ldb_dn_ext_component, 1);
2179 if (dn->ext_components == NULL) {
2180 ldb_dn_mark_invalid(dn);
2184 LDB_FREE(dn->ext_linearized);
2189 struct ldb_context *ldb_dn_get_ldb_context(struct ldb_dn *dn)