diff options
| author | Garming Sam <garming@catalyst.net.nz> | 2017-03-13 12:16:13 +1300 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2017-03-13 05:10:12 +0100 |
| commit | 1816c84b291679d3ca117b386cc7128bc040b63c (patch) | |
| tree | aa8c1e618b533bf7e6db34a6e1da8c6f0c8fa193 | |
| parent | 608307745ea1d9ec41fafef89cf1f3e7b3680576 (diff) | |
| download | samba-1816c84b291679d3ca117b386cc7128bc040b63c.tar.gz | |
dsdb: Allow parsed_dn_find to have a prefixed blob match
This allows us to search against binary DN using only the attributeID in
the case of msDS-RevealedUsers (as it appears right at the beginning).
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
| -rw-r--r-- | source4/dsdb/common/util_links.c | 13 | ||||
| -rw-r--r-- | source4/dsdb/common/util_links.h | 1 | ||||
| -rw-r--r-- | source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 10 |
3 files changed, 19 insertions, 5 deletions
diff --git a/source4/dsdb/common/util_links.c b/source4/dsdb/common/util_links.c index 8192da43245..cf1f4be58bd 100644 --- a/source4/dsdb/common/util_links.c +++ b/source4/dsdb/common/util_links.c @@ -74,7 +74,16 @@ static int la_guid_compare_with_trusted_dn(struct compare_ctx *ctx, } cmp = ndr_guid_compare(ctx->guid, &p->guid); if (cmp == 0 && ctx->compare_extra_part) { - return data_blob_cmp(&ctx->extra_part, &p->dsdb_dn->extra_part); + if (ctx->partial_extra_part_length != 0) { + /* Allow a prefix match on the blob. */ + return memcmp(ctx->extra_part.data, + p->dsdb_dn->extra_part.data, + MIN(ctx->partial_extra_part_length, + p->dsdb_dn->extra_part.length)); + } else { + return data_blob_cmp(&ctx->extra_part, + &p->dsdb_dn->extra_part); + } } return cmp; @@ -106,6 +115,7 @@ int parsed_dn_find(struct ldb_context *ldb, struct parsed_dn *pdn, const struct GUID *guid, struct ldb_dn *target_dn, DATA_BLOB extra_part, + size_t partial_extra_part_length, struct parsed_dn **exact, struct parsed_dn **next, const char *ldap_oid, @@ -186,6 +196,7 @@ int parsed_dn_find(struct ldb_context *ldb, struct parsed_dn *pdn, ctx.mem_ctx = pdn; ctx.ldap_oid = ldap_oid; ctx.extra_part = extra_part; + ctx.partial_extra_part_length = partial_extra_part_length; ctx.compare_extra_part = compare_extra_part; ctx.err = 0; diff --git a/source4/dsdb/common/util_links.h b/source4/dsdb/common/util_links.h index c9f6fa5852b..c529cb54251 100644 --- a/source4/dsdb/common/util_links.h +++ b/source4/dsdb/common/util_links.h @@ -30,6 +30,7 @@ struct compare_ctx { int err; const struct GUID *invocation_id; DATA_BLOB extra_part; + size_t partial_extra_part_length; bool compare_extra_part; }; diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index 68277f32d28..d9b414dc07c 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -2393,7 +2393,7 @@ static int replmd_modify_la_add(struct ldb_module *module, int err = parsed_dn_find(ldb, old_dns, old_num_values, &dns[i].guid, dns[i].dsdb_dn->dn, - dns[i].dsdb_dn->extra_part, + dns[i].dsdb_dn->extra_part, 0, &exact, &next, schema_attr->syntax->ldap_oid, true); @@ -2665,7 +2665,7 @@ static int replmd_modify_la_delete(struct ldb_module *module, ret = parsed_dn_find(ldb, old_dns, old_el->num_values, &p->guid, NULL, - p->dsdb_dn->extra_part, + p->dsdb_dn->extra_part, 0, &exact, &next, schema_attr->syntax->ldap_oid, true); @@ -3673,7 +3673,9 @@ static int replmd_delete_remove_link(struct ldb_module *module, } ret = parsed_dn_find(ldb, link_dns, link_el->num_values, - guid, dn, data_blob_null, &p, &unused, + guid, dn, + data_blob_null, 0, + &p, &unused, target_attr->syntax->ldap_oid, false); if (ret != LDB_SUCCESS) { talloc_free(tmp_ctx); @@ -6785,7 +6787,7 @@ linked_attributes[0]: ret = parsed_dn_find(ldb, pdn_list, old_el->num_values, &guid, dsdb_dn->dn, - dsdb_dn->extra_part, + dsdb_dn->extra_part, 0, &pdn, &next, attr->syntax->ldap_oid, true); |