#include "ldb/include/ldb.h"
#include "ldb/include/ldb_errors.h"
#include "ldb/include/ldb_module.h"
+#include "libcli/security/dom_sid.h"
#include "librpc/gen_ndr/ndr_misc.h"
+#include "librpc/gen_ndr/ndr_security.h"
#include "librpc/ndr/libndr.h"
#include "dsdb/samdb/samdb.h"
/* Look for the objectSID */
- sidBlob = ldb_msg_find_ldb_val(&fake_msg, "objectSID");
+ sidBlob = ldb_msg_find_ldb_val(&fake_msg, "sambaSID");
if (sidBlob) {
- ldb_dn_set_extended_component(dn, "SID", sidBlob);
+ enum ndr_err_code ndr_err;
+
+ struct ldb_val sid_blob;
+ struct dom_sid *sid;
+
+ sid = dom_sid_parse_length(NULL, sidBlob);
+
+ if (sid == NULL) {
+ return LDB_ERR_INVALID_DN_SYNTAX;
+ }
+
+ ndr_err = ndr_push_struct_blob(&sid_blob, NULL, NULL, sid,
+ (ndr_push_flags_fn_t)ndr_push_dom_sid);
+ talloc_free(sid);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ return LDB_ERR_INVALID_DN_SYNTAX;
+ }
+
+ ldb_dn_set_extended_component(dn, "SID", &sid_blob);
}
return LDB_SUCCESS;
}
#include "librpc/gen_ndr/ndr_misc.h"
#include "librpc/ndr/libndr.h"
#include "dsdb/samdb/samdb.h"
+#include "../../../lib/ldb/include/ldb_handlers.h"
struct entryuuid_private {
struct ldb_context *ldb;
return out;
}
+/* Ensure we always convert sids into string, so the backend doesn't have to know about both forms */
+static struct ldb_val sid_always_string(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val)
+{
+ struct ldb_context *ldb = ldb_module_get_ctx(module);
+ struct ldb_val out = data_blob(NULL, 0);
+
+ if (ldif_comparision_objectSid_isString(val)) {
+ if (ldb_handler_copy(ldb, ctx, val, &out) != LDB_SUCCESS) {
+ return data_blob(NULL, 0);
+ }
+
+ } else {
+ if (ldif_write_objectSid(ldb, ctx, val, &out) != LDB_SUCCESS) {
+ return data_blob(NULL, 0);
+ }
+ }
+ return out;
+}
+
/* Ensure we always convert objectCategory into a DN */
static struct ldb_val objectCategory_always_dn(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val)
{
.type = LDB_MAP_CONVERT,
.u = {
.convert = {
- .remote_name = "objectSid",
- .convert_local = sid_always_binary,
- .convert_remote = val_copy,
+ .remote_name = "sambaSID",
+ .convert_local = sid_always_string,
+ .convert_remote = sid_always_binary,
}
}
},
/*
convert a NDR formatted blob to a ldif formatted objectSid
*/
-static int ldif_write_objectSid(struct ldb_context *ldb, void *mem_ctx,
+int ldif_write_objectSid(struct ldb_context *ldb, void *mem_ctx,
const struct ldb_val *in, struct ldb_val *out)
{
struct dom_sid *sid;
return 0;
}
-static bool ldif_comparision_objectSid_isString(const struct ldb_val *v)
+bool ldif_comparision_objectSid_isString(const struct ldb_val *v)
{
if (v->length < 3) {
return false;
nextRid:sambaNextRid
privilegeDisplayName
privilegeDisplayName:sambaPrivName
+objectSid
+objectSid:sambaSID
#Resolve conflicting attributes
1.2.840.113556.1.4.484:fRSDirectoryFilter-oid