4 Copyright (C) Simo Sorce 2005
6 ** NOTE! The following LGPL license applies to the ldb
7 ** library. This does NOT imply that all of Samba is released
10 This library is free software; you can redistribute it and/or
11 modify it under the terms of the GNU Lesser General Public
12 License as published by the Free Software Foundation; either
13 version 3 of the License, or (at your option) any later version.
15 This library is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 Lesser General Public License for more details.
20 You should have received a copy of the GNU Lesser General Public
21 License along with this library; if not, see <http://www.gnu.org/licenses/>.
27 * Component: ldb dn creation and manipulation utility functions
29 * Description: - explode a dn into it's own basic elements
30 * and put them in a structure (only if necessary)
31 * - manipulate ldb_dn structures
36 #include "ldb_private.h"
39 #define LDB_DN_NULL_FAILED(x) if (!(x)) goto failed
41 #define LDB_FREE(x) do { talloc_free(x); x = NULL; } while(0)
44 internal ldb exploded dn structures
46 struct ldb_dn_component {
52 struct ldb_val cf_value;
55 struct ldb_dn_ext_component {
63 struct ldb_context *ldb;
65 /* Special DNs are always linearized */
75 unsigned int comp_num;
76 struct ldb_dn_component *components;
78 unsigned int ext_comp_num;
79 struct ldb_dn_ext_component *ext_components;
82 /* it is helpful to be able to break on this in gdb */
83 static void ldb_dn_mark_invalid(struct ldb_dn *dn)
88 /* strdn may be NULL */
89 struct ldb_dn *ldb_dn_from_ldb_val(TALLOC_CTX *mem_ctx,
90 struct ldb_context *ldb,
91 const struct ldb_val *strdn)
95 if (! ldb) return NULL;
97 if (strdn && strdn->data
98 && (strnlen((const char*)strdn->data, strdn->length) != strdn->length)) {
99 /* The RDN must not contain a character with value 0x0 */
103 dn = talloc_zero(mem_ctx, struct ldb_dn);
104 LDB_DN_NULL_FAILED(dn);
106 dn->ldb = talloc_get_type(ldb, struct ldb_context);
107 if (dn->ldb == NULL) {
108 /* the caller probably got the arguments to
109 ldb_dn_new() mixed up */
114 if (strdn->data && strdn->length) {
115 const char *data = (const char *)strdn->data;
116 size_t length = strdn->length;
118 if (data[0] == '@') {
121 dn->ext_linearized = talloc_strndup(dn, data, length);
122 LDB_DN_NULL_FAILED(dn->ext_linearized);
124 if (data[0] == '<') {
125 const char *p_save, *p = dn->ext_linearized;
134 if (p_save == dn->ext_linearized) {
135 dn->linearized = talloc_strdup(dn, "");
137 dn->linearized = talloc_strdup(dn, p_save);
139 LDB_DN_NULL_FAILED(dn->linearized);
141 dn->linearized = dn->ext_linearized;
142 dn->ext_linearized = NULL;
145 dn->linearized = talloc_strdup(dn, "");
146 LDB_DN_NULL_FAILED(dn->linearized);
156 /* strdn may be NULL */
157 struct ldb_dn *ldb_dn_new(TALLOC_CTX *mem_ctx,
158 struct ldb_context *ldb,
162 blob.data = discard_const_p(uint8_t, strdn);
163 blob.length = strdn ? strlen(strdn) : 0;
164 return ldb_dn_from_ldb_val(mem_ctx, ldb, &blob);
167 struct ldb_dn *ldb_dn_new_fmt(TALLOC_CTX *mem_ctx,
168 struct ldb_context *ldb,
169 const char *new_fmt, ...)
174 if (! ldb) return NULL;
176 va_start(ap, new_fmt);
177 strdn = talloc_vasprintf(mem_ctx, new_fmt, ap);
181 struct ldb_dn *dn = ldb_dn_new(mem_ctx, ldb, strdn);
189 /* see RFC2253 section 2.4 */
190 static int ldb_dn_escape_internal(char *dst, const char *src, int len)
197 for (i = 0; i < len; i++){
201 if (i == 0 || i == len - 1) {
202 /* if at the beginning or end
203 * of the string then escape */
207 /* otherwise don't escape */
213 /* despite the RFC, windows escapes a #
214 anywhere in the string */
222 /* these must be escaped using \c form */
232 /* any others get \XX form */
234 const char *hexbytes = "0123456789ABCDEF";
235 v = (const unsigned char)c;
237 *d++ = hexbytes[v>>4];
238 *d++ = hexbytes[v&0xF];
246 /* return the length of the resulting string */
250 char *ldb_dn_escape_value(TALLOC_CTX *mem_ctx, struct ldb_val value)
257 /* allocate destination string, it will be at most 3 times the source */
258 dst = talloc_array(mem_ctx, char, value.length * 3 + 1);
264 len = ldb_dn_escape_internal(dst, (const char *)value.data, value.length);
266 dst = talloc_realloc(mem_ctx, dst, char, len + 1);
276 explode a DN string into a ldb_dn structure
277 based on RFC4514 except that we don't support multiple valued RDNs
279 TODO: according to MS-ADTS:3.1.1.5.2 Naming Constraints
280 DN must be compliant with RFC2253
282 static bool ldb_dn_explode(struct ldb_dn *dn)
284 char *p, *ex_name = NULL, *ex_value = NULL, *data, *d, *dt, *t;
286 bool in_extended = true;
287 bool in_ex_name = false;
288 bool in_ex_value = false;
289 bool in_attr = false;
290 bool in_value = false;
291 bool in_quote = false;
300 if ( ! dn || dn->invalid) return false;
302 if (dn->components) {
306 if (dn->ext_linearized) {
307 parse_dn = dn->ext_linearized;
309 parse_dn = dn->linearized;
316 is_index = (strncmp(parse_dn, "DN=@INDEX:", 10) == 0);
319 if (parse_dn[0] == '\0') {
323 /* Special DNs case */
328 /* make sure we free this if allocated previously before replacing */
329 LDB_FREE(dn->components);
332 LDB_FREE(dn->ext_components);
333 dn->ext_comp_num = 0;
335 /* in the common case we have 3 or more components */
336 /* make sure all components are zeroed, other functions depend on it */
337 dn->components = talloc_zero_array(dn, struct ldb_dn_component, 3);
338 if ( ! dn->components) {
342 /* Components data space is allocated here once */
343 data = talloc_array(dn->components, char, strlen(parse_dn) + 1);
355 if (!in_ex_name && !in_ex_value) {
362 } else if (p[0] == '\0') {
374 if (in_ex_name && *p == '=') {
383 if (in_ex_value && *p == '>') {
384 const struct ldb_dn_extended_syntax *ext_syntax;
385 struct ldb_val ex_val = {
386 .data = (uint8_t *)ex_value,
387 .length = d - ex_value
394 /* Process name and ex_value */
396 dn->ext_components = talloc_realloc(dn,
398 struct ldb_dn_ext_component,
399 dn->ext_comp_num + 1);
400 if ( ! dn->ext_components) {
405 ext_syntax = ldb_dn_extended_syntax_by_name(dn->ldb, ex_name);
407 /* We don't know about this type of extended DN */
411 dn->ext_components[dn->ext_comp_num].name = ext_syntax->name;
412 ret = ext_syntax->read_fn(dn->ldb, dn->ext_components,
413 &ex_val, &dn->ext_components[dn->ext_comp_num].value);
414 if (ret != LDB_SUCCESS) {
415 ldb_dn_mark_invalid(dn);
422 /* We have reached the end (extended component only)! */
426 } else if (*p == ';') {
430 ldb_dn_mark_invalid(dn);
449 /* attr names must be ascii only */
450 ldb_dn_mark_invalid(dn);
457 if ( ! isalpha(*p)) {
458 /* not a digit nor an alpha,
459 * invalid attribute name */
460 ldb_dn_mark_invalid(dn);
464 /* Copy this character across from parse_dn,
465 * now we have trimmed out spaces */
472 /* valid only if we are at the end */
477 if (trim && (*p != '=')) {
478 /* spaces/tabs are not allowed */
479 ldb_dn_mark_invalid(dn);
484 /* attribute terminated */
490 /* Terminate this string in d
491 * (which is a copy of parse_dn
492 * with spaces trimmed) */
494 dn->components[dn->comp_num].name = talloc_strdup(dn->components, dt);
495 if ( ! dn->components[dn->comp_num].name) {
507 /* attr names must be ascii only */
508 ldb_dn_mark_invalid(dn);
512 if (is_oid && ( ! (isdigit(*p) || (*p == '.')))) {
513 /* not a digit nor a dot,
514 * invalid attribute oid */
515 ldb_dn_mark_invalid(dn);
518 if ( ! (isalpha(*p) || isdigit(*p) || (*p == '-'))) {
519 /* not ALPHA, DIGIT or HYPHEN */
520 ldb_dn_mark_invalid(dn);
560 /* TODO: support ber encoded values
571 /* ok found value terminator */
587 * This talloc_memdup() is OK with the
588 * +1 because *d has been set to '\0'
591 dn->components[dn->comp_num].value.data = \
592 (uint8_t *)talloc_memdup(dn->components, dt, l + 1);
593 dn->components[dn->comp_num].value.length = l;
594 if ( ! dn->components[dn->comp_num].value.data) {
598 talloc_set_name_const(dn->components[dn->comp_num].value.data,
599 (const char *)dn->components[dn->comp_num].value.data);
604 if (dn->comp_num > 2) {
605 dn->components = talloc_realloc(dn,
607 struct ldb_dn_component,
609 if ( ! dn->components) {
613 /* make sure all components are zeroed, other functions depend on this */
614 memset(&dn->components[dn->comp_num], '\0', sizeof(struct ldb_dn_component));
621 /* to main compatibility with earlier
622 versions of ldb indexing, we have to
623 accept the base64 encoded binary index
624 values, which contain a '+' or '='
625 which should normally be escaped */
637 /* a string with not escaped specials is invalid (tested) */
639 ldb_dn_mark_invalid(dn);
666 if (isxdigit(p[0]) && isxdigit(p[1])) {
667 if (sscanf(p, "%02x", &x) != 1) {
668 /* invalid escaping sequence */
669 ldb_dn_mark_invalid(dn);
673 *d++ = (unsigned char)x;
699 if (in_attr || in_quote) {
701 ldb_dn_mark_invalid(dn);
705 /* save last element */
714 * This talloc_memdup() is OK with the
715 * +1 because *d has been set to '\0'
718 dn->components[dn->comp_num].value.length = l;
719 dn->components[dn->comp_num].value.data =
720 (uint8_t *)talloc_memdup(dn->components, dt, l + 1);
721 if ( ! dn->components[dn->comp_num].value.data) {
725 talloc_set_name_const(dn->components[dn->comp_num].value.data,
726 (const char *)dn->components[dn->comp_num].value.data);
734 LDB_FREE(dn->components); /* "data" is implicitly free'd */
736 LDB_FREE(dn->ext_components);
737 dn->ext_comp_num = 0;
742 bool ldb_dn_validate(struct ldb_dn *dn)
744 return ldb_dn_explode(dn);
747 const char *ldb_dn_get_linearized(struct ldb_dn *dn)
753 if ( ! dn || ( dn->invalid)) return NULL;
755 if (dn->linearized) return dn->linearized;
757 if ( ! dn->components) {
758 ldb_dn_mark_invalid(dn);
762 if (dn->comp_num == 0) {
763 dn->linearized = talloc_strdup(dn, "");
764 if ( ! dn->linearized) return NULL;
765 return dn->linearized;
768 /* calculate maximum possible length of DN */
769 for (len = 0, i = 0; i < dn->comp_num; i++) {
771 len += strlen(dn->components[i].name);
772 /* max escaped data len */
773 len += (dn->components[i].value.length * 3);
774 len += 2; /* '=' and ',' */
776 dn->linearized = talloc_array(dn, char, len);
777 if ( ! dn->linearized) return NULL;
781 for (i = 0; i < dn->comp_num; i++) {
784 n = dn->components[i].name;
785 while (*n) *d++ = *n++;
790 d += ldb_dn_escape_internal( d,
791 (char *)dn->components[i].value.data,
792 dn->components[i].value.length);
798 /* don't waste more memory than necessary */
799 dn->linearized = talloc_realloc(dn, dn->linearized,
800 char, (d - dn->linearized + 1));
802 return dn->linearized;
805 static int ldb_dn_extended_component_compare(const void *p1, const void *p2)
807 const struct ldb_dn_ext_component *ec1 = (const struct ldb_dn_ext_component *)p1;
808 const struct ldb_dn_ext_component *ec2 = (const struct ldb_dn_ext_component *)p2;
809 return strcmp(ec1->name, ec2->name);
812 char *ldb_dn_get_extended_linearized(TALLOC_CTX *mem_ctx, struct ldb_dn *dn, int mode)
814 const char *linearized = ldb_dn_get_linearized(dn);
822 if (!ldb_dn_has_extended(dn)) {
823 return talloc_strdup(mem_ctx, linearized);
826 if (!ldb_dn_validate(dn)) {
830 /* sort the extended components by name. The idea is to make
831 * the resulting DNs consistent, plus to ensure that we put
832 * 'DELETED' first, so it can be very quickly recognised
834 TYPESAFE_QSORT(dn->ext_components, dn->ext_comp_num,
835 ldb_dn_extended_component_compare);
837 for (i = 0; i < dn->ext_comp_num; i++) {
838 const struct ldb_dn_extended_syntax *ext_syntax;
839 const char *name = dn->ext_components[i].name;
840 struct ldb_val ec_val = dn->ext_components[i].value;
844 ext_syntax = ldb_dn_extended_syntax_by_name(dn->ldb, name);
850 ret = ext_syntax->write_clear_fn(dn->ldb, mem_ctx,
852 } else if (mode == 0) {
853 ret = ext_syntax->write_hex_fn(dn->ldb, mem_ctx,
859 if (ret != LDB_SUCCESS) {
864 p = talloc_asprintf(mem_ctx, "<%s=%s>",
867 p = talloc_asprintf_append_buffer(p, ";<%s=%s>",
871 talloc_free(val.data);
878 if (dn->ext_comp_num && *linearized) {
879 p = talloc_asprintf_append_buffer(p, ";%s", linearized);
890 filter out all but an acceptable list of extended DN components
892 void ldb_dn_extended_filter(struct ldb_dn *dn, const char * const *accept_list)
895 for (i=0; i<dn->ext_comp_num; i++) {
896 if (!ldb_attr_in_list(accept_list, dn->ext_components[i].name)) {
897 memmove(&dn->ext_components[i],
898 &dn->ext_components[i+1],
899 (dn->ext_comp_num-(i+1))*sizeof(dn->ext_components[0]));
904 LDB_FREE(dn->ext_linearized);
908 char *ldb_dn_alloc_linearized(TALLOC_CTX *mem_ctx, struct ldb_dn *dn)
910 return talloc_strdup(mem_ctx, ldb_dn_get_linearized(dn));
914 casefold a dn. We need to casefold the attribute names, and canonicalize
915 attribute values of case insensitive attributes.
918 static bool ldb_dn_casefold_internal(struct ldb_dn *dn)
923 if ( ! dn || dn->invalid) return false;
925 if (dn->valid_case) return true;
927 if (( ! dn->components) && ( ! ldb_dn_explode(dn))) {
931 for (i = 0; i < dn->comp_num; i++) {
932 const struct ldb_schema_attribute *a;
934 dn->components[i].cf_name =
935 ldb_attr_casefold(dn->components,
936 dn->components[i].name);
937 if (!dn->components[i].cf_name) {
941 a = ldb_schema_attribute_by_name(dn->ldb,
942 dn->components[i].cf_name);
944 ret = a->syntax->canonicalise_fn(dn->ldb, dn->components,
945 &(dn->components[i].value),
946 &(dn->components[i].cf_value));
952 dn->valid_case = true;
957 for (i = 0; i < dn->comp_num; i++) {
958 LDB_FREE(dn->components[i].cf_name);
959 LDB_FREE(dn->components[i].cf_value.data);
964 const char *ldb_dn_get_casefold(struct ldb_dn *dn)
970 if (dn->casefold) return dn->casefold;
973 dn->casefold = talloc_strdup(dn, dn->linearized);
974 if (!dn->casefold) return NULL;
975 dn->valid_case = true;
979 if ( ! ldb_dn_casefold_internal(dn)) {
983 if (dn->comp_num == 0) {
984 dn->casefold = talloc_strdup(dn, "");
988 /* calculate maximum possible length of DN */
989 for (len = 0, i = 0; i < dn->comp_num; i++) {
991 len += strlen(dn->components[i].cf_name);
992 /* max escaped data len */
993 len += (dn->components[i].cf_value.length * 3);
994 len += 2; /* '=' and ',' */
996 dn->casefold = talloc_array(dn, char, len);
997 if ( ! dn->casefold) return NULL;
1001 for (i = 0; i < dn->comp_num; i++) {
1004 n = dn->components[i].cf_name;
1005 while (*n) *d++ = *n++;
1010 d += ldb_dn_escape_internal( d,
1011 (char *)dn->components[i].cf_value.data,
1012 dn->components[i].cf_value.length);
1017 /* don't waste more memory than necessary */
1018 dn->casefold = talloc_realloc(dn, dn->casefold,
1019 char, strlen(dn->casefold) + 1);
1021 return dn->casefold;
1024 char *ldb_dn_alloc_casefold(TALLOC_CTX *mem_ctx, struct ldb_dn *dn)
1026 return talloc_strdup(mem_ctx, ldb_dn_get_casefold(dn));
1029 /* Determine if dn is below base, in the ldap tree. Used for
1030 * evaluating a subtree search.
1031 * 0 if they match, otherwise non-zero
1034 int ldb_dn_compare_base(struct ldb_dn *base, struct ldb_dn *dn)
1037 unsigned int n_base, n_dn;
1039 if ( ! base || base->invalid) return 1;
1040 if ( ! dn || dn->invalid) return -1;
1042 if (( ! base->valid_case) || ( ! dn->valid_case)) {
1043 if (base->linearized && dn->linearized && dn->special == base->special) {
1044 /* try with a normal compare first, if we are lucky
1045 * we will avoid exploding and casfolding */
1047 dif = strlen(dn->linearized) - strlen(base->linearized);
1051 if (strcmp(base->linearized,
1052 &dn->linearized[dif]) == 0) {
1057 if ( ! ldb_dn_casefold_internal(base)) {
1061 if ( ! ldb_dn_casefold_internal(dn)) {
1067 /* if base has more components,
1068 * they don't have the same base */
1069 if (base->comp_num > dn->comp_num) {
1070 return (dn->comp_num - base->comp_num);
1073 if ((dn->comp_num == 0) || (base->comp_num == 0)) {
1074 if (dn->special && base->special) {
1075 return strcmp(base->linearized, dn->linearized);
1076 } else if (dn->special) {
1078 } else if (base->special) {
1085 n_base = base->comp_num - 1;
1086 n_dn = dn->comp_num - 1;
1088 while (n_base != (unsigned int) -1) {
1089 char *b_name = base->components[n_base].cf_name;
1090 char *dn_name = dn->components[n_dn].cf_name;
1092 char *b_vdata = (char *)base->components[n_base].cf_value.data;
1093 char *dn_vdata = (char *)dn->components[n_dn].cf_value.data;
1095 size_t b_vlen = base->components[n_base].cf_value.length;
1096 size_t dn_vlen = dn->components[n_dn].cf_value.length;
1098 /* compare attr names */
1099 ret = strcmp(b_name, dn_name);
1100 if (ret != 0) return ret;
1102 /* compare attr.cf_value. */
1103 if (b_vlen != dn_vlen) {
1104 return b_vlen - dn_vlen;
1106 ret = strncmp(b_vdata, dn_vdata, b_vlen);
1107 if (ret != 0) return ret;
1116 /* compare DNs using casefolding compare functions.
1118 If they match, then return 0
1121 int ldb_dn_compare(struct ldb_dn *dn0, struct ldb_dn *dn1)
1126 if (( ! dn0) || dn0->invalid || ! dn1 || dn1->invalid) {
1130 if (( ! dn0->valid_case) || ( ! dn1->valid_case)) {
1131 if (dn0->linearized && dn1->linearized) {
1132 /* try with a normal compare first, if we are lucky
1133 * we will avoid exploding and casfolding */
1134 if (strcmp(dn0->linearized, dn1->linearized) == 0) {
1139 if ( ! ldb_dn_casefold_internal(dn0)) {
1143 if ( ! ldb_dn_casefold_internal(dn1)) {
1149 if (dn0->comp_num != dn1->comp_num) {
1150 return (dn1->comp_num - dn0->comp_num);
1153 if (dn0->comp_num == 0) {
1154 if (dn0->special && dn1->special) {
1155 return strcmp(dn0->linearized, dn1->linearized);
1156 } else if (dn0->special) {
1158 } else if (dn1->special) {
1165 for (i = 0; i < dn0->comp_num; i++) {
1166 char *dn0_name = dn0->components[i].cf_name;
1167 char *dn1_name = dn1->components[i].cf_name;
1169 char *dn0_vdata = (char *)dn0->components[i].cf_value.data;
1170 char *dn1_vdata = (char *)dn1->components[i].cf_value.data;
1172 size_t dn0_vlen = dn0->components[i].cf_value.length;
1173 size_t dn1_vlen = dn1->components[i].cf_value.length;
1175 /* compare attr names */
1176 ret = strcmp(dn0_name, dn1_name);
1181 /* compare attr.cf_value. */
1182 if (dn0_vlen != dn1_vlen) {
1183 return dn0_vlen - dn1_vlen;
1185 ret = strncmp(dn0_vdata, dn1_vdata, dn0_vlen);
1194 static struct ldb_dn_component ldb_dn_copy_component(
1195 TALLOC_CTX *mem_ctx,
1196 struct ldb_dn_component *src)
1198 struct ldb_dn_component dst;
1200 memset(&dst, 0, sizeof(dst));
1206 dst.value = ldb_val_dup(mem_ctx, &(src->value));
1207 if (dst.value.data == NULL) {
1211 dst.name = talloc_strdup(mem_ctx, src->name);
1212 if (dst.name == NULL) {
1213 LDB_FREE(dst.value.data);
1217 if (src->cf_value.data) {
1218 dst.cf_value = ldb_val_dup(mem_ctx, &(src->cf_value));
1219 if (dst.cf_value.data == NULL) {
1220 LDB_FREE(dst.value.data);
1225 dst.cf_name = talloc_strdup(mem_ctx, src->cf_name);
1226 if (dst.cf_name == NULL) {
1227 LDB_FREE(dst.cf_name);
1228 LDB_FREE(dst.value.data);
1233 dst.cf_value.data = NULL;
1240 static struct ldb_dn_ext_component ldb_dn_ext_copy_component(
1241 TALLOC_CTX *mem_ctx,
1242 struct ldb_dn_ext_component *src)
1244 struct ldb_dn_ext_component dst;
1246 memset(&dst, 0, sizeof(dst));
1252 dst.value = ldb_val_dup(mem_ctx, &(src->value));
1253 if (dst.value.data == NULL) {
1257 dst.name = talloc_strdup(mem_ctx, src->name);
1258 if (dst.name == NULL) {
1259 LDB_FREE(dst.value.data);
1266 struct ldb_dn *ldb_dn_copy(TALLOC_CTX *mem_ctx, struct ldb_dn *dn)
1268 struct ldb_dn *new_dn;
1270 if (!dn || dn->invalid) {
1274 new_dn = talloc_zero(mem_ctx, struct ldb_dn);
1281 if (dn->components) {
1284 new_dn->components =
1285 talloc_zero_array(new_dn,
1286 struct ldb_dn_component,
1288 if ( ! new_dn->components) {
1289 talloc_free(new_dn);
1293 for (i = 0; i < dn->comp_num; i++) {
1294 new_dn->components[i] =
1295 ldb_dn_copy_component(new_dn->components,
1296 &dn->components[i]);
1297 if ( ! new_dn->components[i].value.data) {
1298 talloc_free(new_dn);
1304 if (dn->ext_components) {
1307 new_dn->ext_components =
1308 talloc_zero_array(new_dn,
1309 struct ldb_dn_ext_component,
1311 if ( ! new_dn->ext_components) {
1312 talloc_free(new_dn);
1316 for (i = 0; i < dn->ext_comp_num; i++) {
1317 new_dn->ext_components[i] =
1318 ldb_dn_ext_copy_component(
1319 new_dn->ext_components,
1320 &dn->ext_components[i]);
1321 if ( ! new_dn->ext_components[i].value.data) {
1322 talloc_free(new_dn);
1329 new_dn->casefold = talloc_strdup(new_dn, dn->casefold);
1330 if ( ! new_dn->casefold) {
1331 talloc_free(new_dn);
1336 if (dn->linearized) {
1337 new_dn->linearized = talloc_strdup(new_dn, dn->linearized);
1338 if ( ! new_dn->linearized) {
1339 talloc_free(new_dn);
1344 if (dn->ext_linearized) {
1345 new_dn->ext_linearized = talloc_strdup(new_dn,
1346 dn->ext_linearized);
1347 if ( ! new_dn->ext_linearized) {
1348 talloc_free(new_dn);
1356 /* modify the given dn by adding a base.
1358 * return true if successful and false if not
1359 * if false is returned the dn may be marked invalid
1361 bool ldb_dn_add_base(struct ldb_dn *dn, struct ldb_dn *base)
1366 if ( !base || base->invalid || !dn || dn->invalid) {
1370 if (dn->components) {
1373 if ( ! ldb_dn_validate(base)) {
1378 if (dn->valid_case) {
1379 if ( ! (s = ldb_dn_get_casefold(base))) {
1384 dn->components = talloc_realloc(dn,
1386 struct ldb_dn_component,
1387 dn->comp_num + base->comp_num);
1388 if ( ! dn->components) {
1389 ldb_dn_mark_invalid(dn);
1393 for (i = 0; i < base->comp_num; dn->comp_num++, i++) {
1394 dn->components[dn->comp_num] =
1395 ldb_dn_copy_component(dn->components,
1396 &base->components[i]);
1397 if (dn->components[dn->comp_num].value.data == NULL) {
1398 ldb_dn_mark_invalid(dn);
1403 if (dn->casefold && s) {
1404 if (*dn->casefold) {
1405 t = talloc_asprintf(dn, "%s,%s",
1408 t = talloc_strdup(dn, s);
1410 LDB_FREE(dn->casefold);
1415 if (dn->linearized) {
1417 s = ldb_dn_get_linearized(base);
1422 if (*dn->linearized) {
1423 t = talloc_asprintf(dn, "%s,%s",
1426 t = talloc_strdup(dn, s);
1429 ldb_dn_mark_invalid(dn);
1432 LDB_FREE(dn->linearized);
1436 /* Wipe the ext_linearized DN,
1437 * the GUID and SID are almost certainly no longer valid */
1438 LDB_FREE(dn->ext_linearized);
1439 LDB_FREE(dn->ext_components);
1440 dn->ext_comp_num = 0;
1445 /* modify the given dn by adding a base.
1447 * return true if successful and false if not
1448 * if false is returned the dn may be marked invalid
1450 bool ldb_dn_add_base_fmt(struct ldb_dn *dn, const char *base_fmt, ...)
1452 struct ldb_dn *base;
1457 if ( !dn || dn->invalid) {
1461 va_start(ap, base_fmt);
1462 base_str = talloc_vasprintf(dn, base_fmt, ap);
1465 if (base_str == NULL) {
1469 base = ldb_dn_new(base_str, dn->ldb, base_str);
1471 ret = ldb_dn_add_base(dn, base);
1473 talloc_free(base_str);
1478 /* modify the given dn by adding children elements.
1480 * return true if successful and false if not
1481 * if false is returned the dn may be marked invalid
1483 bool ldb_dn_add_child(struct ldb_dn *dn, struct ldb_dn *child)
1488 if ( !child || child->invalid || !dn || dn->invalid) {
1492 if (dn->components) {
1496 if (dn->comp_num == 0) {
1500 if ( ! ldb_dn_validate(child)) {
1505 if (dn->valid_case) {
1506 if ( ! (s = ldb_dn_get_casefold(child))) {
1511 n = dn->comp_num + child->comp_num;
1513 dn->components = talloc_realloc(dn,
1515 struct ldb_dn_component,
1517 if ( ! dn->components) {
1518 ldb_dn_mark_invalid(dn);
1522 for (i = dn->comp_num - 1, j = n - 1; i != (unsigned int) -1;
1524 dn->components[j] = dn->components[i];
1527 for (i = 0; i < child->comp_num; i++) {
1529 ldb_dn_copy_component(dn->components,
1530 &child->components[i]);
1531 if (dn->components[i].value.data == NULL) {
1532 ldb_dn_mark_invalid(dn);
1539 if (dn->casefold && s) {
1540 t = talloc_asprintf(dn, "%s,%s", s, dn->casefold);
1541 LDB_FREE(dn->casefold);
1546 if (dn->linearized) {
1547 if (dn->linearized[0] == '\0') {
1551 s = ldb_dn_get_linearized(child);
1556 t = talloc_asprintf(dn, "%s,%s", s, dn->linearized);
1558 ldb_dn_mark_invalid(dn);
1561 LDB_FREE(dn->linearized);
1565 /* Wipe the ext_linearized DN,
1566 * the GUID and SID are almost certainly no longer valid */
1567 LDB_FREE(dn->ext_linearized);
1568 LDB_FREE(dn->ext_components);
1569 dn->ext_comp_num = 0;
1574 /* modify the given dn by adding children elements.
1576 * return true if successful and false if not
1577 * if false is returned the dn may be marked invalid
1579 bool ldb_dn_add_child_fmt(struct ldb_dn *dn, const char *child_fmt, ...)
1581 struct ldb_dn *child;
1586 if ( !dn || dn->invalid) {
1590 va_start(ap, child_fmt);
1591 child_str = talloc_vasprintf(dn, child_fmt, ap);
1594 if (child_str == NULL) {
1598 child = ldb_dn_new(child_str, dn->ldb, child_str);
1600 ret = ldb_dn_add_child(dn, child);
1602 talloc_free(child_str);
1607 bool ldb_dn_remove_base_components(struct ldb_dn *dn, unsigned int num)
1611 if ( ! ldb_dn_validate(dn)) {
1615 if (dn->comp_num < num) {
1619 /* free components */
1620 for (i = dn->comp_num - num; i < dn->comp_num; i++) {
1621 LDB_FREE(dn->components[i].name);
1622 LDB_FREE(dn->components[i].value.data);
1623 LDB_FREE(dn->components[i].cf_name);
1624 LDB_FREE(dn->components[i].cf_value.data);
1627 dn->comp_num -= num;
1629 if (dn->valid_case) {
1630 for (i = 0; i < dn->comp_num; i++) {
1631 LDB_FREE(dn->components[i].cf_name);
1632 LDB_FREE(dn->components[i].cf_value.data);
1634 dn->valid_case = false;
1637 LDB_FREE(dn->casefold);
1638 LDB_FREE(dn->linearized);
1640 /* Wipe the ext_linearized DN,
1641 * the GUID and SID are almost certainly no longer valid */
1642 LDB_FREE(dn->ext_linearized);
1643 LDB_FREE(dn->ext_components);
1644 dn->ext_comp_num = 0;
1649 bool ldb_dn_remove_child_components(struct ldb_dn *dn, unsigned int num)
1653 if ( ! ldb_dn_validate(dn)) {
1657 if (dn->comp_num < num) {
1661 for (i = 0, j = num; j < dn->comp_num; i++, j++) {
1663 LDB_FREE(dn->components[i].name);
1664 LDB_FREE(dn->components[i].value.data);
1665 LDB_FREE(dn->components[i].cf_name);
1666 LDB_FREE(dn->components[i].cf_value.data);
1668 dn->components[i] = dn->components[j];
1671 dn->comp_num -= num;
1673 if (dn->valid_case) {
1674 for (i = 0; i < dn->comp_num; i++) {
1675 LDB_FREE(dn->components[i].cf_name);
1676 LDB_FREE(dn->components[i].cf_value.data);
1678 dn->valid_case = false;
1681 LDB_FREE(dn->casefold);
1682 LDB_FREE(dn->linearized);
1684 /* Wipe the ext_linearized DN,
1685 * the GUID and SID are almost certainly no longer valid */
1686 LDB_FREE(dn->ext_linearized);
1687 LDB_FREE(dn->ext_components);
1688 dn->ext_comp_num = 0;
1694 /* replace the components of a DN with those from another DN, without
1695 * touching the extended components
1697 * return true if successful and false if not
1698 * if false is returned the dn may be marked invalid
1700 bool ldb_dn_replace_components(struct ldb_dn *dn, struct ldb_dn *new_dn)
1704 if ( ! ldb_dn_validate(dn) || ! ldb_dn_validate(new_dn)) {
1708 /* free components */
1709 for (i = 0; i < dn->comp_num; i++) {
1710 LDB_FREE(dn->components[i].name);
1711 LDB_FREE(dn->components[i].value.data);
1712 LDB_FREE(dn->components[i].cf_name);
1713 LDB_FREE(dn->components[i].cf_value.data);
1716 dn->components = talloc_realloc(dn,
1718 struct ldb_dn_component,
1720 if (dn->components == NULL) {
1721 ldb_dn_mark_invalid(dn);
1725 dn->comp_num = new_dn->comp_num;
1726 dn->valid_case = new_dn->valid_case;
1728 for (i = 0; i < dn->comp_num; i++) {
1729 dn->components[i] = ldb_dn_copy_component(dn->components, &new_dn->components[i]);
1730 if (dn->components[i].name == NULL) {
1731 ldb_dn_mark_invalid(dn);
1735 if (new_dn->linearized == NULL) {
1736 dn->linearized = NULL;
1738 dn->linearized = talloc_strdup(dn, new_dn->linearized);
1739 if (dn->linearized == NULL) {
1740 ldb_dn_mark_invalid(dn);
1749 struct ldb_dn *ldb_dn_get_parent(TALLOC_CTX *mem_ctx, struct ldb_dn *dn)
1751 struct ldb_dn *new_dn;
1753 new_dn = ldb_dn_copy(mem_ctx, dn);
1758 if ( ! ldb_dn_remove_child_components(new_dn, 1)) {
1759 talloc_free(new_dn);
1766 /* Create a 'canonical name' string from a DN:
1768 ie dc=samba,dc=org -> samba.org/
1769 uid=administrator,ou=users,dc=samba,dc=org = samba.org/users/administrator
1771 There are two formats,
1772 the EX format has the last '/' replaced with a newline (\n).
1775 static char *ldb_dn_canonical(TALLOC_CTX *mem_ctx, struct ldb_dn *dn, int ex_format) {
1778 char *cracked = NULL;
1779 const char *format = (ex_format ? "\n" : "/" );
1781 if ( ! ldb_dn_validate(dn)) {
1785 tmpctx = talloc_new(mem_ctx);
1787 /* Walk backwards down the DN, grabbing 'dc' components at first */
1788 for (i = dn->comp_num - 1; i != (unsigned int) -1; i--) {
1789 if (ldb_attr_cmp(dn->components[i].name, "dc") != 0) {
1793 cracked = talloc_asprintf(tmpctx, "%s.%s",
1794 ldb_dn_escape_value(tmpctx,
1795 dn->components[i].value),
1798 cracked = ldb_dn_escape_value(tmpctx,
1799 dn->components[i].value);
1806 /* Only domain components? Finish here */
1807 if (i == (unsigned int) -1) {
1808 cracked = talloc_strdup_append_buffer(cracked, format);
1809 talloc_steal(mem_ctx, cracked);
1813 /* Now walk backwards appending remaining components */
1814 for (; i > 0; i--) {
1815 cracked = talloc_asprintf_append_buffer(cracked, "/%s",
1816 ldb_dn_escape_value(tmpctx,
1817 dn->components[i].value));
1823 /* Last one, possibly a newline for the 'ex' format */
1824 cracked = talloc_asprintf_append_buffer(cracked, "%s%s", format,
1825 ldb_dn_escape_value(tmpctx,
1826 dn->components[i].value));
1828 talloc_steal(mem_ctx, cracked);
1830 talloc_free(tmpctx);
1834 /* Wrapper functions for the above, for the two different string formats */
1835 char *ldb_dn_canonical_string(TALLOC_CTX *mem_ctx, struct ldb_dn *dn) {
1836 return ldb_dn_canonical(mem_ctx, dn, 0);
1840 char *ldb_dn_canonical_ex_string(TALLOC_CTX *mem_ctx, struct ldb_dn *dn) {
1841 return ldb_dn_canonical(mem_ctx, dn, 1);
1844 int ldb_dn_get_comp_num(struct ldb_dn *dn)
1846 if ( ! ldb_dn_validate(dn)) {
1849 return dn->comp_num;
1852 int ldb_dn_get_extended_comp_num(struct ldb_dn *dn)
1854 if ( ! ldb_dn_validate(dn)) {
1857 return dn->ext_comp_num;
1860 const char *ldb_dn_get_component_name(struct ldb_dn *dn, unsigned int num)
1862 if ( ! ldb_dn_validate(dn)) {
1865 if (num >= dn->comp_num) return NULL;
1866 return dn->components[num].name;
1869 const struct ldb_val *ldb_dn_get_component_val(struct ldb_dn *dn,
1872 if ( ! ldb_dn_validate(dn)) {
1875 if (num >= dn->comp_num) return NULL;
1876 return &dn->components[num].value;
1879 const char *ldb_dn_get_rdn_name(struct ldb_dn *dn)
1881 if ( ! ldb_dn_validate(dn)) {
1884 if (dn->comp_num == 0) return NULL;
1885 return dn->components[0].name;
1888 const struct ldb_val *ldb_dn_get_rdn_val(struct ldb_dn *dn)
1890 if ( ! ldb_dn_validate(dn)) {
1893 if (dn->comp_num == 0) return NULL;
1894 return &dn->components[0].value;
1897 int ldb_dn_set_component(struct ldb_dn *dn, int num,
1898 const char *name, const struct ldb_val val)
1903 if ( ! ldb_dn_validate(dn)) {
1904 return LDB_ERR_OTHER;
1907 if (num >= dn->comp_num) {
1908 return LDB_ERR_OTHER;
1912 return LDB_ERR_OTHER;
1915 if (val.length > val.length + 1) {
1916 return LDB_ERR_OTHER;
1919 n = talloc_strdup(dn, name);
1921 return LDB_ERR_OTHER;
1924 v.length = val.length;
1927 * This is like talloc_memdup(dn, v.data, v.length + 1), but
1928 * avoids the over-read
1930 v.data = (uint8_t *)talloc_size(dn, v.length+1);
1933 return LDB_ERR_OTHER;
1935 memcpy(v.data, val.data, val.length);
1938 * Enforce NUL termination outside the stated length, as is
1939 * traditional in LDB
1941 v.data[v.length] = '\0';
1943 talloc_free(dn->components[num].name);
1944 talloc_free(dn->components[num].value.data);
1945 dn->components[num].name = n;
1946 dn->components[num].value = v;
1948 if (dn->valid_case) {
1950 for (i = 0; i < dn->comp_num; i++) {
1951 LDB_FREE(dn->components[i].cf_name);
1952 LDB_FREE(dn->components[i].cf_value.data);
1954 dn->valid_case = false;
1956 LDB_FREE(dn->casefold);
1957 LDB_FREE(dn->linearized);
1959 /* Wipe the ext_linearized DN,
1960 * the GUID and SID are almost certainly no longer valid */
1961 LDB_FREE(dn->ext_linearized);
1962 LDB_FREE(dn->ext_components);
1963 dn->ext_comp_num = 0;
1968 const struct ldb_val *ldb_dn_get_extended_component(struct ldb_dn *dn,
1972 if ( ! ldb_dn_validate(dn)) {
1975 for (i=0; i < dn->ext_comp_num; i++) {
1976 if (ldb_attr_cmp(dn->ext_components[i].name, name) == 0) {
1977 return &dn->ext_components[i].value;
1983 int ldb_dn_set_extended_component(struct ldb_dn *dn,
1984 const char *name, const struct ldb_val *val)
1986 struct ldb_dn_ext_component *p;
1989 const struct ldb_dn_extended_syntax *ext_syntax;
1991 if ( ! ldb_dn_validate(dn)) {
1992 return LDB_ERR_OTHER;
1995 ext_syntax = ldb_dn_extended_syntax_by_name(dn->ldb, name);
1996 if (ext_syntax == NULL) {
1997 /* We don't know how to handle this type of thing */
1998 return LDB_ERR_INVALID_DN_SYNTAX;
2001 for (i=0; i < dn->ext_comp_num; i++) {
2002 if (ldb_attr_cmp(dn->ext_components[i].name, name) == 0) {
2004 dn->ext_components[i].value =
2005 ldb_val_dup(dn->ext_components, val);
2007 dn->ext_components[i].name = ext_syntax->name;
2008 if (!dn->ext_components[i].value.data) {
2009 ldb_dn_mark_invalid(dn);
2010 return LDB_ERR_OPERATIONS_ERROR;
2013 if (i != (dn->ext_comp_num - 1)) {
2014 memmove(&dn->ext_components[i],
2015 &dn->ext_components[i+1],
2016 ((dn->ext_comp_num-1) - i) *
2017 sizeof(*dn->ext_components));
2021 dn->ext_components = talloc_realloc(dn,
2023 struct ldb_dn_ext_component,
2025 if (!dn->ext_components) {
2026 ldb_dn_mark_invalid(dn);
2027 return LDB_ERR_OPERATIONS_ERROR;
2030 LDB_FREE(dn->ext_linearized);
2037 /* removing a value that doesn't exist is not an error */
2043 p = dn->ext_components
2044 = talloc_realloc(dn,
2046 struct ldb_dn_ext_component,
2047 dn->ext_comp_num + 1);
2048 if (!dn->ext_components) {
2049 ldb_dn_mark_invalid(dn);
2050 return LDB_ERR_OPERATIONS_ERROR;
2053 p[dn->ext_comp_num].value = ldb_val_dup(dn->ext_components, &v2);
2054 p[dn->ext_comp_num].name = talloc_strdup(p, name);
2056 if (!dn->ext_components[i].name || !dn->ext_components[i].value.data) {
2057 ldb_dn_mark_invalid(dn);
2058 return LDB_ERR_OPERATIONS_ERROR;
2060 dn->ext_components = p;
2063 LDB_FREE(dn->ext_linearized);
2068 void ldb_dn_remove_extended_components(struct ldb_dn *dn)
2070 LDB_FREE(dn->ext_linearized);
2071 LDB_FREE(dn->ext_components);
2072 dn->ext_comp_num = 0;
2075 bool ldb_dn_is_valid(struct ldb_dn *dn)
2077 if ( ! dn) return false;
2078 return ! dn->invalid;
2081 bool ldb_dn_is_special(struct ldb_dn *dn)
2083 if ( ! dn || dn->invalid) return false;
2087 bool ldb_dn_has_extended(struct ldb_dn *dn)
2089 if ( ! dn || dn->invalid) return false;
2090 if (dn->ext_linearized && (dn->ext_linearized[0] == '<')) return true;
2091 return dn->ext_comp_num != 0;
2094 bool ldb_dn_check_special(struct ldb_dn *dn, const char *check)
2096 if ( ! dn || dn->invalid) return false;
2097 return ! strcmp(dn->linearized, check);
2100 bool ldb_dn_is_null(struct ldb_dn *dn)
2102 if ( ! dn || dn->invalid) return false;
2103 if (ldb_dn_has_extended(dn)) return false;
2104 if (dn->linearized && (dn->linearized[0] == '\0')) return true;
2109 this updates dn->components, taking the components from ref_dn.
2110 This is used by code that wants to update the DN path of a DN
2111 while not impacting on the extended DN components
2113 int ldb_dn_update_components(struct ldb_dn *dn, const struct ldb_dn *ref_dn)
2115 dn->components = talloc_realloc(dn, dn->components,
2116 struct ldb_dn_component, ref_dn->comp_num);
2117 if (!dn->components) {
2118 return LDB_ERR_OPERATIONS_ERROR;
2120 memcpy(dn->components, ref_dn->components,
2121 sizeof(struct ldb_dn_component)*ref_dn->comp_num);
2122 dn->comp_num = ref_dn->comp_num;
2124 LDB_FREE(dn->casefold);
2125 LDB_FREE(dn->linearized);
2126 LDB_FREE(dn->ext_linearized);
2132 minimise a DN. The caller must pass in a validated DN.
2134 If the DN has an extended component then only the first extended
2135 component is kept, the DN string is stripped.
2137 The existing dn is modified
2139 bool ldb_dn_minimise(struct ldb_dn *dn)
2143 if (!ldb_dn_validate(dn)) {
2146 if (dn->ext_comp_num == 0) {
2150 /* free components */
2151 for (i = 0; i < dn->comp_num; i++) {
2152 LDB_FREE(dn->components[i].name);
2153 LDB_FREE(dn->components[i].value.data);
2154 LDB_FREE(dn->components[i].cf_name);
2155 LDB_FREE(dn->components[i].cf_value.data);
2158 dn->valid_case = false;
2160 LDB_FREE(dn->casefold);
2161 LDB_FREE(dn->linearized);
2163 /* note that we don't free dn->components as this there are
2164 * several places in ldb_dn.c that rely on it being non-NULL
2165 * for an exploded DN
2168 for (i = 1; i < dn->ext_comp_num; i++) {
2169 LDB_FREE(dn->ext_components[i].value.data);
2171 dn->ext_comp_num = 1;
2173 dn->ext_components = talloc_realloc(dn, dn->ext_components, struct ldb_dn_ext_component, 1);
2174 if (dn->ext_components == NULL) {
2175 ldb_dn_mark_invalid(dn);
2179 LDB_FREE(dn->ext_linearized);
2184 struct ldb_context *ldb_dn_get_ldb_context(struct ldb_dn *dn)