From: Garming Sam <garming@catalyst.net.nz>
Date: Sun, 12 Mar 2017 23:16:13 +0000 (+1300)
Subject: dsdb: Allow parsed_dn_find to have a prefixed blob match
X-Git-Tag: tdb-1.3.13~477
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=1816c84b291679d3ca117b386cc7128bc040b63c;p=thirdparty%2Fsamba.git

dsdb: Allow parsed_dn_find to have a prefixed blob match

This allows us to search against binary DN using only the attributeID in
the case of msDS-RevealedUsers (as it appears right at the beginning).

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/source4/dsdb/common/util_links.c b/source4/dsdb/common/util_links.c
index 8192da43245..cf1f4be58bd 100644
--- a/source4/dsdb/common/util_links.c
+++ b/source4/dsdb/common/util_links.c
@@ -74,7 +74,16 @@ static int la_guid_compare_with_trusted_dn(struct compare_ctx *ctx,
 	}
 	cmp = ndr_guid_compare(ctx->guid, &p->guid);
 	if (cmp == 0 && ctx->compare_extra_part) {
-		return data_blob_cmp(&ctx->extra_part, &p->dsdb_dn->extra_part);
+		if (ctx->partial_extra_part_length != 0) {
+			/* Allow a prefix match on the blob. */
+			return memcmp(ctx->extra_part.data,
+				      p->dsdb_dn->extra_part.data,
+				      MIN(ctx->partial_extra_part_length,
+					  p->dsdb_dn->extra_part.length));
+		} else {
+			return data_blob_cmp(&ctx->extra_part,
+					     &p->dsdb_dn->extra_part);
+		}
 	}
 
 	return cmp;
@@ -106,6 +115,7 @@ int parsed_dn_find(struct ldb_context *ldb, struct parsed_dn *pdn,
 		   const struct GUID *guid,
 		   struct ldb_dn *target_dn,
 		   DATA_BLOB extra_part,
+		   size_t partial_extra_part_length,
 		   struct parsed_dn **exact,
 		   struct parsed_dn **next,
 		   const char *ldap_oid,
@@ -186,6 +196,7 @@ int parsed_dn_find(struct ldb_context *ldb, struct parsed_dn *pdn,
 	ctx.mem_ctx = pdn;
 	ctx.ldap_oid = ldap_oid;
 	ctx.extra_part = extra_part;
+	ctx.partial_extra_part_length = partial_extra_part_length;
 	ctx.compare_extra_part = compare_extra_part;
 	ctx.err = 0;
 
diff --git a/source4/dsdb/common/util_links.h b/source4/dsdb/common/util_links.h
index c9f6fa5852b..c529cb54251 100644
--- a/source4/dsdb/common/util_links.h
+++ b/source4/dsdb/common/util_links.h
@@ -30,6 +30,7 @@ struct compare_ctx {
         int err;
         const struct GUID *invocation_id;
         DATA_BLOB extra_part;
+        size_t partial_extra_part_length;
         bool compare_extra_part;
 };
 
diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
index 68277f32d28..d9b414dc07c 100644
--- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
+++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
@@ -2393,7 +2393,7 @@ static int replmd_modify_la_add(struct ldb_module *module,
 		int err = parsed_dn_find(ldb, old_dns, old_num_values,
 					 &dns[i].guid,
 					 dns[i].dsdb_dn->dn,
-					 dns[i].dsdb_dn->extra_part,
+					 dns[i].dsdb_dn->extra_part, 0,
 					 &exact, &next,
 					 schema_attr->syntax->ldap_oid,
 					 true);
@@ -2665,7 +2665,7 @@ static int replmd_modify_la_delete(struct ldb_module *module,
 		ret = parsed_dn_find(ldb, old_dns, old_el->num_values,
 				     &p->guid,
 				     NULL,
-				     p->dsdb_dn->extra_part,
+				     p->dsdb_dn->extra_part, 0,
 				     &exact, &next,
 				     schema_attr->syntax->ldap_oid,
 				     true);
@@ -3673,7 +3673,9 @@ static int replmd_delete_remove_link(struct ldb_module *module,
 		}
 
 		ret = parsed_dn_find(ldb, link_dns, link_el->num_values,
-				     guid, dn, data_blob_null, &p, &unused,
+				     guid, dn,
+				     data_blob_null, 0,
+				     &p, &unused,
 				     target_attr->syntax->ldap_oid, false);
 		if (ret != LDB_SUCCESS) {
 			talloc_free(tmp_ctx);
@@ -6785,7 +6787,7 @@ linked_attributes[0]:
 	ret = parsed_dn_find(ldb, pdn_list, old_el->num_values,
 			     &guid,
 			     dsdb_dn->dn,
-			     dsdb_dn->extra_part,
+			     dsdb_dn->extra_part, 0,
 			     &pdn, &next,
 			     attr->syntax->ldap_oid,
 			     true);