search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ctdb-daemon: Use ctdb_parse_node_address() in ctdbd
[samba4-gss.git] / lib / ldb / common / ldb_match.c
blob1f74ebb84ce8d4cd907af98b4cabe2b5755ece9f
1 /*
2 ldb database library
3
4 Copyright (C) Andrew Tridgell 2004-2005
5 Copyright (C) Simo Sorce 2005
6
7 ** NOTE! The following LGPL license applies to the ldb
8 ** library. This does NOT imply that all of Samba is released
9 ** under the LGPL
10
11 This library is free software; you can redistribute it and/or
12 modify it under the terms of the GNU Lesser General Public
13 License as published by the Free Software Foundation; either
14 version 3 of the License, or (at your option) any later version.
15
16 This library is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19 Lesser General Public License for more details.
20
21 You should have received a copy of the GNU Lesser General Public
22 License along with this library; if not, see <http://www.gnu.org/licenses/>.
23 */
24
25 /*
26 * Name: ldb
27 *
28 * Component: ldb expression matching
29 *
30 * Description: ldb expression matching
31 *
32 * Author: Andrew Tridgell
33 */
34
35 #include "ldb_private.h"
36 #include "dlinklist.h"
37 #include "ldb_handlers.h"
38
39 /*
40 check if the scope matches in a search result
41 */
42 int ldb_match_scope(struct ldb_context *ldb,
43 struct ldb_dn *base,
44 struct ldb_dn *dn,
45 enum ldb_scope scope)
46 {
47 int ret = 0;
48
49 if (base == NULL || dn == NULL) {
50 return 1;
51 }
52
53 switch (scope) {
54 case LDB_SCOPE_BASE:
55 if (ldb_dn_compare(base, dn) == 0) {
56 ret = 1;
57 }
58 break;
59
60 case LDB_SCOPE_ONELEVEL:
61 if (ldb_dn_get_comp_num(dn) == (ldb_dn_get_comp_num(base) + 1)) {
62 if (ldb_dn_compare_base(base, dn) == 0) {
63 ret = 1;
64 }
65 }
66 break;
67
68 case LDB_SCOPE_SUBTREE:
69 default:
70 if (ldb_dn_compare_base(base, dn) == 0) {
71 ret = 1;
72 }
73 break;
74 }
75
76 return ret;
77 }
78
79
80 /*
81 match if node is present
82 */
83 static int ldb_match_present(struct ldb_context *ldb,
84 const struct ldb_message *msg,
85 const struct ldb_parse_tree *tree,
86 enum ldb_scope scope, bool *matched)
87 {
88 const struct ldb_schema_attribute *a;
89 struct ldb_message_element *el;
90
91 if (ldb_attr_dn(tree->u.present.attr) == 0) {
92 *matched = true;
93 return LDB_SUCCESS;
94 }
95
96 el = ldb_msg_find_element(msg, tree->u.present.attr);
97 if (el == NULL) {
98 *matched = false;
99 return LDB_SUCCESS;
100 }
101
102 a = ldb_schema_attribute_by_name(ldb, el->name);
103 if (!a) {
104 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
105 }
106
107 if (a->syntax->operator_fn) {
108 unsigned int i;
109 for (i = 0; i < el->num_values; i++) {
110 int ret = a->syntax->operator_fn(ldb, LDB_OP_PRESENT, a, &el->values[i], NULL, matched);
111 if (ret != LDB_SUCCESS) return ret;
112 if (*matched) return LDB_SUCCESS;
113 }
114 *matched = false;
115 return LDB_SUCCESS;
116 }
117
118 *matched = true;
119 return LDB_SUCCESS;
120 }
121
122 static int ldb_match_comparison(struct ldb_context *ldb,
123 const struct ldb_message *msg,
124 const struct ldb_parse_tree *tree,
125 enum ldb_scope scope,
126 enum ldb_parse_op comp_op, bool *matched)
127 {
128 unsigned int i;
129 struct ldb_message_element *el;
130 const struct ldb_schema_attribute *a;
131
132 /* FIXME: APPROX comparison not handled yet */
133 if (comp_op == LDB_OP_APPROX) {
134 return LDB_ERR_INAPPROPRIATE_MATCHING;
135 }
136
137 el = ldb_msg_find_element(msg, tree->u.comparison.attr);
138 if (el == NULL) {
139 *matched = false;
140 return LDB_SUCCESS;
141 }
142
143 a = ldb_schema_attribute_by_name(ldb, el->name);
144 if (!a) {
145 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
146 }
147
148 for (i = 0; i < el->num_values; i++) {
149 if (a->syntax->operator_fn) {
150 int ret;
151 ret = a->syntax->operator_fn(ldb, comp_op, a, &el->values[i], &tree->u.comparison.value, matched);
152 if (ret != LDB_SUCCESS) return ret;
153 if (*matched) return LDB_SUCCESS;
154 } else {
155 int ret = a->syntax->comparison_fn(ldb, ldb, &el->values[i], &tree->u.comparison.value);
156
157 if (ret == 0) {
158 *matched = true;
159 return LDB_SUCCESS;
160 }
161 if (ret > 0 && comp_op == LDB_OP_GREATER) {
162 *matched = true;
163 return LDB_SUCCESS;
164 }
165 if (ret < 0 && comp_op == LDB_OP_LESS) {
166 *matched = true;
167 return LDB_SUCCESS;
168 }
169 }
170 }
171
172 *matched = false;
173 return LDB_SUCCESS;
174 }
175
176 /*
177 match a simple leaf node
178 */
179 static int ldb_match_equality(struct ldb_context *ldb,
180 const struct ldb_message *msg,
181 const struct ldb_parse_tree *tree,
182 enum ldb_scope scope,
183 bool *matched)
184 {
185 unsigned int i;
186 struct ldb_message_element *el;
187 const struct ldb_schema_attribute *a;
188 struct ldb_dn *valuedn;
189 int ret;
190
191 if (ldb_attr_dn(tree->u.equality.attr) == 0) {
192 valuedn = ldb_dn_from_ldb_val(ldb, ldb, &tree->u.equality.value);
193 if (valuedn == NULL) {
194 return LDB_ERR_INVALID_DN_SYNTAX;
195 }
196
197 ret = ldb_dn_compare(msg->dn, valuedn);
198
199 talloc_free(valuedn);
200
201 *matched = (ret == 0);
202 return LDB_SUCCESS;
203 }
204
205 /* TODO: handle the "*" case derived from an extended search
206 operation without the attribute type defined */
207 el = ldb_msg_find_element(msg, tree->u.equality.attr);
208 if (el == NULL) {
209 *matched = false;
210 return LDB_SUCCESS;
211 }
212
213 a = ldb_schema_attribute_by_name(ldb, el->name);
214 if (a == NULL) {
215 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
216 }
217
218 for (i=0;i<el->num_values;i++) {
219 if (a->syntax->operator_fn) {
220 ret = a->syntax->operator_fn(ldb, LDB_OP_EQUALITY, a,
221 &tree->u.equality.value, &el->values[i], matched);
222 if (ret != LDB_SUCCESS) return ret;
223 if (*matched) return LDB_SUCCESS;
224 } else {
225 if (a->syntax->comparison_fn(ldb, ldb, &tree->u.equality.value,
226 &el->values[i]) == 0) {
227 *matched = true;
228 return LDB_SUCCESS;
229 }
230 }
231 }
232
233 *matched = false;
234 return LDB_SUCCESS;
235 }
236
237 static int ldb_wildcard_compare(struct ldb_context *ldb,
238 const struct ldb_parse_tree *tree,
239 const struct ldb_val value, bool *matched)
240 {
241 const struct ldb_schema_attribute *a;
242 struct ldb_val val;
243 struct ldb_val cnk;
244 struct ldb_val *chunk;
245 uint8_t *save_p = NULL;
246 unsigned int c = 0;
247
248 if (tree->operation != LDB_OP_SUBSTRING) {
249 *matched = false;
250 return LDB_ERR_INAPPROPRIATE_MATCHING;
251 }
252
253 a = ldb_schema_attribute_by_name(ldb, tree->u.substring.attr);
254 if (!a) {
255 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
256 }
257
258 if (tree->u.substring.chunks == NULL) {
259 *matched = false;
260 return LDB_SUCCESS;
261 }
262
263 /* No need to just copy this value for a binary match */
264 if (a->syntax->canonicalise_fn != ldb_handler_copy) {
265 if (a->syntax->canonicalise_fn(ldb, ldb, &value, &val) != 0) {
266 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
267 }
268
269 /*
270 * Only set save_p if we allocate (call
271 * a->syntax->canonicalise_fn()), as we
272 * talloc_free(save_p) below to clean up
273 */
274 save_p = val.data;
275 } else {
276 val = value;
277 }
278
279 cnk.data = NULL;
280
281 if ( ! tree->u.substring.start_with_wildcard ) {
282 uint8_t *cnk_to_free = NULL;
283
284 chunk = tree->u.substring.chunks[c];
285 /* No need to just copy this value for a binary match */
286 if (a->syntax->canonicalise_fn != ldb_handler_copy) {
287 if (a->syntax->canonicalise_fn(ldb, ldb, chunk, &cnk) != 0) {
288 goto mismatch;
289 }
290
291 cnk_to_free = cnk.data;
292 } else {
293 cnk = *chunk;
294 }
295
296 /* This deals with wildcard prefix searches on binary attributes (eg objectGUID) */
297 if (cnk.length > val.length) {
298 TALLOC_FREE(cnk_to_free);
299 goto mismatch;
300 }
301 /*
302 * Empty strings are returned as length 0. Ensure
303 * we can cope with this.
304 */
305 if (cnk.length == 0) {
306 TALLOC_FREE(cnk_to_free);
307 goto mismatch;
308 }
309
310 if (memcmp((char *)val.data, (char *)cnk.data, cnk.length) != 0) {
311 TALLOC_FREE(cnk_to_free);
312 goto mismatch;
313 }
314
315 val.length -= cnk.length;
316 val.data += cnk.length;
317 c++;
318 TALLOC_FREE(cnk_to_free);
319 cnk.data = NULL;
320 }
321
322 while (tree->u.substring.chunks[c]) {
323 uint8_t *p;
324 uint8_t *cnk_to_free = NULL;
325
326 chunk = tree->u.substring.chunks[c];
327 /* No need to just copy this value for a binary match */
328 if (a->syntax->canonicalise_fn != ldb_handler_copy) {
329 if (a->syntax->canonicalise_fn(ldb, ldb, chunk, &cnk) != 0) {
330 goto mismatch;
331 }
332
333 cnk_to_free = cnk.data;
334 } else {
335 cnk = *chunk;
336 }
337 /*
338 * Empty strings are returned as length 0. Ensure
339 * we can cope with this.
340 */
341 if (cnk.length == 0) {
342 TALLOC_FREE(cnk_to_free);
343 goto mismatch;
344 }
345 if (cnk.length > val.length) {
346 TALLOC_FREE(cnk_to_free);
347 goto mismatch;
348 }
349
350 if ( (tree->u.substring.chunks[c + 1]) == NULL &&
351 (! tree->u.substring.end_with_wildcard) ) {
352 /*
353 * The last bit, after all the asterisks, must match
354 * exactly the last bit of the string.
355 */
356 int cmp;
357 p = val.data + val.length - cnk.length;
358 cmp = memcmp(p,
359 cnk.data,
360 cnk.length);
361 TALLOC_FREE(cnk_to_free);
362
363 if (cmp != 0) {
364 goto mismatch;
365 }
366 } else {
367 /*
368 * Values might be binary blobs. Don't use string
369 * search, but memory search instead.
370 */
371 p = memmem((const void *)val.data, val.length,
372 (const void *)cnk.data, cnk.length);
373 if (p == NULL) {
374 TALLOC_FREE(cnk_to_free);
375 goto mismatch;
376 }
377 /* move val to the end of the match */
378 p += cnk.length;
379 val.length -= (p - val.data);
380 val.data = p;
381 TALLOC_FREE(cnk_to_free);
382 }
383 c++;
384 }
385
386 talloc_free(save_p);
387 *matched = true;
388 return LDB_SUCCESS;
389
390 mismatch:
391 *matched = false;
392 talloc_free(save_p);
393 return LDB_SUCCESS;
394 }
395
396 /*
397 match a simple leaf node
398 */
399 static int ldb_match_substring(struct ldb_context *ldb,
400 const struct ldb_message *msg,
401 const struct ldb_parse_tree *tree,
402 enum ldb_scope scope, bool *matched)
403 {
404 unsigned int i;
405 struct ldb_message_element *el;
406
407 el = ldb_msg_find_element(msg, tree->u.substring.attr);
408 if (el == NULL) {
409 *matched = false;
410 return LDB_SUCCESS;
411 }
412
413 for (i = 0; i < el->num_values; i++) {
414 int ret;
415 ret = ldb_wildcard_compare(ldb, tree, el->values[i], matched);
416 if (ret != LDB_SUCCESS) return ret;
417 if (*matched) return LDB_SUCCESS;
418 }
419
420 *matched = false;
421 return LDB_SUCCESS;
422 }
423
424
425 /*
426 bitwise and/or comparator depending on oid
427 */
428 static int ldb_comparator_bitmask(const char *oid, const struct ldb_val *v1, const struct ldb_val *v2,
429 bool *matched)
430 {
431 uint64_t i1, i2;
432 char ibuf[100];
433 char *endptr = NULL;
434
435 if (v1->length >= sizeof(ibuf)-1) {
436 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
437 }
438 memcpy(ibuf, (char *)v1->data, v1->length);
439 ibuf[v1->length] = 0;
440 i1 = strtoull(ibuf, &endptr, 0);
441 if (endptr != NULL) {
442 if (endptr == ibuf || *endptr != 0) {
443 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
444 }
445 }
446
447 if (v2->length >= sizeof(ibuf)-1) {
448 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
449 }
450 endptr = NULL;
451 memcpy(ibuf, (char *)v2->data, v2->length);
452 ibuf[v2->length] = 0;
453 i2 = strtoull(ibuf, &endptr, 0);
454 if (endptr != NULL) {
455 if (endptr == ibuf || *endptr != 0) {
456 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
457 }
458 }
459 if (strcmp(LDB_OID_COMPARATOR_AND, oid) == 0) {
460 *matched = ((i1 & i2) == i2);
461 } else if (strcmp(LDB_OID_COMPARATOR_OR, oid) == 0) {
462 *matched = ((i1 & i2) != 0);
463 } else {
464 return LDB_ERR_INAPPROPRIATE_MATCHING;
465 }
466 return LDB_SUCCESS;
467 }
468
469 static int ldb_match_bitmask(struct ldb_context *ldb,
470 const char *oid,
471 const struct ldb_message *msg,
472 const char *attribute_to_match,
473 const struct ldb_val *value_to_match,
474 bool *matched)
475 {
476 unsigned int i;
477 struct ldb_message_element *el;
478
479 /* find the message element */
480 el = ldb_msg_find_element(msg, attribute_to_match);
481 if (el == NULL) {
482 *matched = false;
483 return LDB_SUCCESS;
484 }
485
486 for (i=0;i<el->num_values;i++) {
487 int ret;
488 struct ldb_val *v = &el->values[i];
489
490 ret = ldb_comparator_bitmask(oid, v, value_to_match, matched);
491 if (ret != LDB_SUCCESS) {
492 return ret;
493 }
494 if (*matched) {
495 return LDB_SUCCESS;
496 }
497 }
498
499 *matched = false;
500 return LDB_SUCCESS;
501 }
502
503 /*
504 always return false
505 */
506 static int ldb_comparator_false(struct ldb_context *ldb,
507 const char *oid,
508 const struct ldb_message *msg,
509 const char *attribute_to_match,
510 const struct ldb_val *value_to_match,
511 bool *matched)
512 {
513 *matched = false;
514 return LDB_SUCCESS;
515 }
516
517
518 static const struct ldb_extended_match_rule *ldb_find_extended_match_rule(struct ldb_context *ldb,
519 const char *oid)
520 {
521 struct ldb_extended_match_entry *extended_match_rule;
522
523 for (extended_match_rule = ldb->extended_match_rules;
524 extended_match_rule;
525 extended_match_rule = extended_match_rule->next) {
526 if (strcmp(extended_match_rule->rule->oid, oid) == 0) {
527 return extended_match_rule->rule;
528 }
529 }
530
531 return NULL;
532 }
533
534
535 /*
536 extended match, handles things like bitops
537 */
538 static int ldb_match_extended(struct ldb_context *ldb,
539 const struct ldb_message *msg,
540 const struct ldb_parse_tree *tree,
541 enum ldb_scope scope, bool *matched)
542 {
543 const struct ldb_extended_match_rule *rule;
544
545 if (tree->u.extended.dnAttributes) {
546 /* FIXME: We really need to find out what this ":dn" part in
547 * an extended match means and how to handle it. For now print
548 * only a warning to have s3 winbind and other tools working
549 * against us. - Matthias */
550 ldb_debug(ldb, LDB_DEBUG_WARNING, "ldb: dnAttributes extended match not supported yet");
551 }
552 if (tree->u.extended.rule_id == NULL) {
553 ldb_debug(ldb, LDB_DEBUG_ERROR, "ldb: no-rule extended matches not supported yet");
554 return LDB_ERR_INAPPROPRIATE_MATCHING;
555 }
556 if (tree->u.extended.attr == NULL) {
557 ldb_debug(ldb, LDB_DEBUG_ERROR, "ldb: no-attribute extended matches not supported yet");
558 return LDB_ERR_INAPPROPRIATE_MATCHING;
559 }
560
561 rule = ldb_find_extended_match_rule(ldb, tree->u.extended.rule_id);
562 if (rule == NULL) {
563 *matched = false;
564 ldb_debug(ldb, LDB_DEBUG_ERROR, "ldb: unknown extended rule_id %s",
565 tree->u.extended.rule_id);
566 return LDB_SUCCESS;
567 }
568
569 return rule->callback(ldb, rule->oid, msg,
570 tree->u.extended.attr,
571 &tree->u.extended.value, matched);
572 }
573
574 static bool ldb_must_suppress_match(const struct ldb_message *msg,
575 const struct ldb_parse_tree *tree)
576 {
577 const char *attr = NULL;
578 struct ldb_message_element *el = NULL;
579
580 attr = ldb_parse_tree_get_attr(tree);
581 if (attr == NULL) {
582 return false;
583 }
584
585 /* find the message element */
586 el = ldb_msg_find_element(msg, attr);
587 if (el == NULL) {
588 return false;
589 }
590
591 return ldb_msg_element_is_inaccessible(el);
592 }
593
594 /*
595 Check if a particular message will match the given filter
596
597 set *matched to true if it matches, false otherwise
598
599 returns LDB_SUCCESS or an error
600
601 this is a recursive function, and does short-circuit evaluation
602 */
603 int ldb_match_message(struct ldb_context *ldb,
604 const struct ldb_message *msg,
605 const struct ldb_parse_tree *tree,
606 enum ldb_scope scope, bool *matched)
607 {
608 unsigned int i;
609 int ret;
610
611 *matched = false;
612
613 if (scope != LDB_SCOPE_BASE && ldb_dn_is_special(msg->dn)) {
614 /* don't match special records except on base searches */
615 return LDB_SUCCESS;
616 }
617
618 /*
619 * Suppress matches on confidential attributes (handled
620 * manually in extended matches as these can do custom things
621 * like read other parts of the DB or other attributes).
622 */
623 if (tree->operation != LDB_OP_EXTENDED) {
624 if (ldb_must_suppress_match(msg, tree)) {
625 return LDB_SUCCESS;
626 }
627 }
628
629 switch (tree->operation) {
630 case LDB_OP_AND:
631 for (i=0;i<tree->u.list.num_elements;i++) {
632 ret = ldb_match_message(ldb, msg, tree->u.list.elements[i], scope, matched);
633 if (ret != LDB_SUCCESS) return ret;
634 if (!*matched) return LDB_SUCCESS;
635 }
636 *matched = true;
637 return LDB_SUCCESS;
638
639 case LDB_OP_OR:
640 for (i=0;i<tree->u.list.num_elements;i++) {
641 ret = ldb_match_message(ldb, msg, tree->u.list.elements[i], scope, matched);
642 if (ret != LDB_SUCCESS) return ret;
643 if (*matched) return LDB_SUCCESS;
644 }
645 *matched = false;
646 return LDB_SUCCESS;
647
648 case LDB_OP_NOT:
649 ret = ldb_match_message(ldb, msg, tree->u.isnot.child, scope, matched);
650 if (ret != LDB_SUCCESS) return ret;
651 *matched = ! *matched;
652 return LDB_SUCCESS;
653
654 case LDB_OP_EQUALITY:
655 return ldb_match_equality(ldb, msg, tree, scope, matched);
656
657 case LDB_OP_SUBSTRING:
658 return ldb_match_substring(ldb, msg, tree, scope, matched);
659
660 case LDB_OP_GREATER:
661 return ldb_match_comparison(ldb, msg, tree, scope, LDB_OP_GREATER, matched);
662
663 case LDB_OP_LESS:
664 return ldb_match_comparison(ldb, msg, tree, scope, LDB_OP_LESS, matched);
665
666 case LDB_OP_PRESENT:
667 return ldb_match_present(ldb, msg, tree, scope, matched);
668
669 case LDB_OP_APPROX:
670 return ldb_match_comparison(ldb, msg, tree, scope, LDB_OP_APPROX, matched);
671
672 case LDB_OP_EXTENDED:
673 return ldb_match_extended(ldb, msg, tree, scope, matched);
674 }
675
676 return LDB_ERR_INAPPROPRIATE_MATCHING;
677 }
678
679 /*
680 return 0 if the given parse tree matches the given message. Assumes
681 the message is in sorted order
682
683 return 1 if it matches, and 0 if it doesn't match
684 */
685
686 int ldb_match_msg(struct ldb_context *ldb,
687 const struct ldb_message *msg,
688 const struct ldb_parse_tree *tree,
689 struct ldb_dn *base,
690 enum ldb_scope scope)
691 {
692 bool matched;
693 int ret;
694
695 if ( ! ldb_match_scope(ldb, base, msg->dn, scope) ) {
696 return 0;
697 }
698
699 ret = ldb_match_message(ldb, msg, tree, scope, &matched);
700 if (ret != LDB_SUCCESS) {
701 /* to match the old API, we need to consider this a
702 failure to match */
703 return 0;
704 }
705 return matched?1:0;
706 }
707
708 int ldb_match_msg_error(struct ldb_context *ldb,
709 const struct ldb_message *msg,
710 const struct ldb_parse_tree *tree,
711 struct ldb_dn *base,
712 enum ldb_scope scope,
713 bool *matched)
714 {
715 if ( ! ldb_match_scope(ldb, base, msg->dn, scope) ) {
716 *matched = false;
717 return LDB_SUCCESS;
718 }
719
720 return ldb_match_message(ldb, msg, tree, scope, matched);
721 }
722
723 int ldb_match_msg_objectclass(const struct ldb_message *msg,
724 const char *objectclass)
725 {
726 unsigned int i;
727 struct ldb_message_element *el = ldb_msg_find_element(msg, "objectClass");
728 if (!el) {
729 return 0;
730 }
731 for (i=0; i < el->num_values; i++) {
732 if (ldb_attr_cmp((const char *)el->values[i].data, objectclass) == 0) {
733 return 1;
734 }
735 }
736 return 0;
737 }
738
739 _PRIVATE_ int ldb_register_extended_match_rules(struct ldb_context *ldb)
740 {
741 struct ldb_extended_match_rule *bitmask_and;
742 struct ldb_extended_match_rule *bitmask_or;
743 struct ldb_extended_match_rule *always_false;
744 int ret;
745
746 /* Register bitmask-and match */
747 bitmask_and = talloc_zero(ldb, struct ldb_extended_match_rule);
748 if (bitmask_and == NULL) {
749 return LDB_ERR_OPERATIONS_ERROR;
750 }
751
752 bitmask_and->oid = LDB_OID_COMPARATOR_AND;
753 bitmask_and->callback = ldb_match_bitmask;
754
755 ret = ldb_register_extended_match_rule(ldb, bitmask_and);
756 if (ret != LDB_SUCCESS) {
757 return ret;
758 }
759
760 /* Register bitmask-or match */
761 bitmask_or = talloc_zero(ldb, struct ldb_extended_match_rule);
762 if (bitmask_or == NULL) {
763 return LDB_ERR_OPERATIONS_ERROR;
764 }
765
766 bitmask_or->oid = LDB_OID_COMPARATOR_OR;
767 bitmask_or->callback = ldb_match_bitmask;
768
769 ret = ldb_register_extended_match_rule(ldb, bitmask_or);
770 if (ret != LDB_SUCCESS) {
771 return ret;
772 }
773
774 /* Register always-false match */
775 always_false = talloc_zero(ldb, struct ldb_extended_match_rule);
776 if (always_false == NULL) {
777 return LDB_ERR_OPERATIONS_ERROR;
778 }
779
780 always_false->oid = SAMBA_LDAP_MATCH_ALWAYS_FALSE;
781 always_false->callback = ldb_comparator_false;
782
783 ret = ldb_register_extended_match_rule(ldb, always_false);
784 if (ret != LDB_SUCCESS) {
785 return ret;
786 }
787
788 return LDB_SUCCESS;
789 }
790
791 /*
792 register a new ldb extended matching rule
793 */
794 int ldb_register_extended_match_rule(struct ldb_context *ldb,
795 const struct ldb_extended_match_rule *rule)
796 {
797 const struct ldb_extended_match_rule *lookup_rule;
798 struct ldb_extended_match_entry *entry;
799
800 lookup_rule = ldb_find_extended_match_rule(ldb, rule->oid);
801 if (lookup_rule) {
802 return LDB_ERR_ENTRY_ALREADY_EXISTS;
803 }
804
805 entry = talloc_zero(ldb, struct ldb_extended_match_entry);
806 if (!entry) {
807 return LDB_ERR_OPERATIONS_ERROR;
808 }
809 entry->rule = rule;
810 DLIST_ADD_END(ldb->extended_match_rules, entry);
811
812 return LDB_SUCCESS;
813 }
814
815 int ldb_register_redact_callback(struct ldb_context *ldb,
816 ldb_redact_fn redact_fn,
817 struct ldb_module *module)
818 {
819 if (ldb->redact.callback != NULL) {
820 return LDB_ERR_ENTRY_ALREADY_EXISTS;
821 }
822
823 ldb->redact.callback = redact_fn;
824 ldb->redact.module = module;
825 return LDB_SUCCESS;
826 }
GSS-enabled samba4