diff options
author | Andrew Bartlett <abartlet@samba.org> | 2008-01-11 10:44:49 +1100 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2008-01-11 10:44:49 +1100 |
commit | 3f7ec9bf191f2179c2112191d0c909e309411c29 (patch) | |
tree | 2c185438ebc74b3ef2447e15f47d6b999399e3e2 /source4 | |
parent | 4f6177da78d0da64c1cda23bd7a176cfe2e6e140 (diff) | |
download | samba-3f7ec9bf191f2179c2112191d0c909e309411c29.tar.gz samba-3f7ec9bf191f2179c2112191d0c909e309411c29.tar.xz samba-3f7ec9bf191f2179c2112191d0c909e309411c29.zip |
Add in new module to normalise DNs being returned from OpenLDAP. This
fixes the case of the attribute in teh DN.
Fix option spelling for example re-provision
Andrew Bartlett
(This used to be commit e3a76be04760a81a9c1b7ad9b139f088decc9ee6)
Diffstat (limited to 'source4')
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/config.mk | 13 | ||||
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/normalise.c | 166 | ||||
-rwxr-xr-x | source4/setup/provision | 4 |
3 files changed, 181 insertions, 2 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index 95bb7de06c..a41a29b5dd 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -320,3 +320,16 @@ OBJ_FILES = \ # End MODULE ldb_anr ################################################ +################################################ +# Start MODULE ldb_normalise +[MODULE::ldb_normalise] +INIT_FUNCTION = ldb_normalise_init +CFLAGS = -Ilib/ldb/include +OUTPUT_TYPE = SHARED_LIBRARY +PRIVATE_DEPENDENCIES = LIBTALLOC LIBSAMBA-UTIL SAMDB +SUBSYSTEM = LIBLDB +OBJ_FILES = \ + normalise.o +# End MODULE ldb_normalise +################################################ + diff --git a/source4/dsdb/samdb/ldb_modules/normalise.c b/source4/dsdb/samdb/ldb_modules/normalise.c new file mode 100644 index 0000000000..efc9bb29e8 --- /dev/null +++ b/source4/dsdb/samdb/ldb_modules/normalise.c @@ -0,0 +1,166 @@ +/* + ldb database library + + Copyright (C) Amdrew Bartlett <abartlet@samba.org> 2007-2008 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +/* + * Name: ldb + * + * Component: ldb normalisation module + * + * Description: module to ensure all DNs and attribute names are normalised + * + * Author: Andrew Bartlett + */ + +#include "includes.h" +#include "ldb/include/ldb.h" +#include "ldb/include/ldb_errors.h" +#include "ldb/include/ldb_private.h" +#include "dsdb/samdb/samdb.h" + +/* Fix up the DN to be in the standard form, taking particular care to match the parent DN + + This should mean that if the parent is: + CN=Users,DC=samba,DC=example,DC=com + and a proposed child is + cn=Admins ,cn=USERS,dc=Samba,dc=example,dc=COM + + The resulting DN should be: + + CN=Admins,CN=Users,DC=samba,DC=example,DC=com + + */ +static int fix_dn(struct ldb_dn *dn) +{ + int i, ret; + char *upper_rdn_attr; + + for (i=0; i < ldb_dn_get_comp_num(dn); i++) { + /* We need the attribute name in upper case */ + upper_rdn_attr = strupper_talloc(dn, + ldb_dn_get_component_name(dn, i)); + if (!upper_rdn_attr) { + return LDB_ERR_OPERATIONS_ERROR; + } + + /* And replace it with CN=foo (we need the attribute in upper case */ + ret = ldb_dn_set_component(dn, i, upper_rdn_attr, + *ldb_dn_get_component_val(dn, i)); + talloc_free(upper_rdn_attr); + if (ret != LDB_SUCCESS) { + return ret; + } + } + return LDB_SUCCESS; +} + +static int normalise_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +{ + const struct dsdb_schema *schema = dsdb_get_schema(ldb); + struct ldb_request *orig_req = talloc_get_type(context, struct ldb_request); + TALLOC_CTX *mem_ctx; + int i, j, ret; + + /* Only entries are interesting, and we handle the case of the parent seperatly */ + if (ares->type != LDB_REPLY_ENTRY) { + return orig_req->callback(ldb, orig_req->context, ares); + } + + if (!schema) { + return orig_req->callback(ldb, orig_req->context, ares); + } + + mem_ctx = talloc_new(ares); + if (!mem_ctx) { + ldb_oom(ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + /* OK, we have one of *many* search results passing by here, + * but we should get them one at a time */ + + ret = fix_dn(ares->message->dn); + if (ret != LDB_SUCCESS) { + talloc_free(mem_ctx); + return ret; + } + + for (i = 0; i < ares->message->num_elements; i++) { + const struct dsdb_attribute *attribute = dsdb_attribute_by_lDAPDisplayName(schema, ares->message->elements[i].name); + if (!attribute) { + continue; + } + if ((strcmp(attribute->attributeSyntax_oid, "2.5.5.1") != 0) && + (strcmp(attribute->attributeSyntax_oid, "2.5.5.7") != 0)) { + continue; + } + for (j = 0; j < ares->message->elements[i].num_values; j++) { + const char *dn_str; + struct ldb_dn *dn = ldb_dn_new(mem_ctx, ldb, (const char *)ares->message->elements[i].values[j].data); + if (!dn) { + talloc_free(mem_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + ret = fix_dn(ares->message->dn); + if (ret != LDB_SUCCESS) { + talloc_free(mem_ctx); + return ret; + } + dn_str = talloc_steal(ares->message->elements[i].values, ldb_dn_get_linearized(dn)); + ares->message->elements[i].values[j] = data_blob_string_const(dn_str); + talloc_free(dn); + } + } + talloc_free(mem_ctx); + return orig_req->callback(ldb, orig_req->context, ares); +} + +/* search */ +static int normalise_search(struct ldb_module *module, struct ldb_request *req) +{ + int ret; + struct ldb_request *down_req = talloc(req, struct ldb_request); + if (!down_req) { + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + *down_req = *req; + down_req->context = req; + down_req->callback = normalise_search_callback; + + ret = ldb_next_request(module, down_req); + + /* do not free down_req as the call results may be linked to it, + * it will be freed when the upper level request get freed */ + if (ret == LDB_SUCCESS) { + req->handle = down_req->handle; + } + return ret; +} + + +static const struct ldb_module_ops normalise_ops = { + .name = "normalise", + .search = normalise_search, +}; + +int ldb_normalise_init(void) +{ + return ldb_register_module(&normalise_ops); +} diff --git a/source4/setup/provision b/source4/setup/provision index 161698ccf4..ce1e8a6b4f 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -141,7 +141,7 @@ if (ldapbackend) { subobj.LDAPBACKEND = subobj.LDAPI_URI; } if (!ldapmodule) { - subobj.LDAPMODULE = "entryuuid"; + subobj.LDAPMODULE = "normalise,entryuuid"; subobj.TDB_MODULES_LIST = ""; } subobj.DOMAINDN_LDB = subobj.LDAPBACKEND; @@ -188,7 +188,7 @@ if (ldapbase) { message("--ldap-backend='%s' \\\n", subobj.LDAPBACKEND); } if (ldapmodule) { - message("--ldap-mdoule='%s' \\\n", + subobj.LDAPMODULE); + message("--ldap-module='%s' \\\n", + subobj.LDAPMODULE); } message("--aci='" + subobj.ACI + "' \\\n") } |