2 Unix SMB/CIFS mplementation.
5 Copyright (C) Stefan Metzmacher <metze@samba.org> 2006
6 Copyright (C) Simo Sorce 2005
7 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2008
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #include "dsdb/samdb/samdb.h"
25 #include "librpc/gen_ndr/ndr_drsuapi.h"
26 #include "librpc/gen_ndr/ndr_security.h"
27 #include "librpc/gen_ndr/ndr_misc.h"
28 #include "lib/ldb/include/ldb.h"
29 #include "lib/ldb/include/ldb_errors.h"
30 #include "system/time.h"
31 #include "../lib/util/charset/charset.h"
32 #include "librpc/ndr/libndr.h"
35 * Initialize dsdb_syntax_ctx with default values
38 void dsdb_syntax_ctx_init(struct dsdb_syntax_ctx *ctx,
39 struct ldb_context *ldb,
40 const struct dsdb_schema *schema)
47 static WERROR dsdb_syntax_FOOBAR_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
48 const struct dsdb_attribute *attr,
49 const struct drsuapi_DsReplicaAttribute *in,
51 struct ldb_message_element *out)
56 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
57 W_ERROR_HAVE_NO_MEMORY(out->name);
59 out->num_values = in->value_ctr.num_values;
60 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
61 W_ERROR_HAVE_NO_MEMORY(out->values);
63 for (i=0; i < out->num_values; i++) {
66 if (in->value_ctr.values[i].blob == NULL) {
70 str = talloc_asprintf(out->values, "%s: not implemented",
72 W_ERROR_HAVE_NO_MEMORY(str);
74 out->values[i] = data_blob_string_const(str);
80 static WERROR dsdb_syntax_FOOBAR_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
81 const struct dsdb_attribute *attr,
82 const struct ldb_message_element *in,
84 struct drsuapi_DsReplicaAttribute *out)
89 static WERROR dsdb_syntax_FOOBAR_validate_ldb(const struct dsdb_syntax_ctx *ctx,
90 const struct dsdb_attribute *attr,
91 const struct ldb_message_element *in)
96 static WERROR dsdb_syntax_BOOL_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
97 const struct dsdb_attribute *attr,
98 const struct drsuapi_DsReplicaAttribute *in,
100 struct ldb_message_element *out)
105 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
106 W_ERROR_HAVE_NO_MEMORY(out->name);
108 out->num_values = in->value_ctr.num_values;
109 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
110 W_ERROR_HAVE_NO_MEMORY(out->values);
112 for (i=0; i < out->num_values; i++) {
116 if (in->value_ctr.values[i].blob == NULL) {
120 if (in->value_ctr.values[i].blob->length != 4) {
124 v = IVAL(in->value_ctr.values[i].blob->data, 0);
127 str = talloc_strdup(out->values, "TRUE");
128 W_ERROR_HAVE_NO_MEMORY(str);
130 str = talloc_strdup(out->values, "FALSE");
131 W_ERROR_HAVE_NO_MEMORY(str);
134 out->values[i] = data_blob_string_const(str);
140 static WERROR dsdb_syntax_BOOL_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
141 const struct dsdb_attribute *attr,
142 const struct ldb_message_element *in,
144 struct drsuapi_DsReplicaAttribute *out)
149 if (attr->attributeID_id == 0xFFFFFFFF) {
153 out->attid = attr->attributeID_id;
154 out->value_ctr.num_values = in->num_values;
155 out->value_ctr.values = talloc_array(mem_ctx,
156 struct drsuapi_DsAttributeValue,
158 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
160 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
161 W_ERROR_HAVE_NO_MEMORY(blobs);
163 for (i=0; i < in->num_values; i++) {
164 out->value_ctr.values[i].blob = &blobs[i];
166 blobs[i] = data_blob_talloc(blobs, NULL, 4);
167 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
169 if (strcmp("TRUE", (const char *)in->values[i].data) == 0) {
170 SIVAL(blobs[i].data, 0, 0x00000001);
171 } else if (strcmp("FALSE", (const char *)in->values[i].data) == 0) {
172 SIVAL(blobs[i].data, 0, 0x00000000);
181 static WERROR dsdb_syntax_BOOL_validate_ldb(const struct dsdb_syntax_ctx *ctx,
182 const struct dsdb_attribute *attr,
183 const struct ldb_message_element *in)
187 if (attr->attributeID_id == 0xFFFFFFFF) {
191 for (i=0; i < in->num_values; i++) {
195 (const char *)in->values[i].data,
196 in->values[i].length);
198 (const char *)in->values[i].data,
199 in->values[i].length);
201 if (t != 0 && f != 0) {
202 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
209 static WERROR dsdb_syntax_INT32_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
210 const struct dsdb_attribute *attr,
211 const struct drsuapi_DsReplicaAttribute *in,
213 struct ldb_message_element *out)
218 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
219 W_ERROR_HAVE_NO_MEMORY(out->name);
221 out->num_values = in->value_ctr.num_values;
222 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
223 W_ERROR_HAVE_NO_MEMORY(out->values);
225 for (i=0; i < out->num_values; i++) {
229 if (in->value_ctr.values[i].blob == NULL) {
233 if (in->value_ctr.values[i].blob->length != 4) {
237 v = IVALS(in->value_ctr.values[i].blob->data, 0);
239 str = talloc_asprintf(out->values, "%d", v);
240 W_ERROR_HAVE_NO_MEMORY(str);
242 out->values[i] = data_blob_string_const(str);
248 static WERROR dsdb_syntax_INT32_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
249 const struct dsdb_attribute *attr,
250 const struct ldb_message_element *in,
252 struct drsuapi_DsReplicaAttribute *out)
257 if (attr->attributeID_id == 0xFFFFFFFF) {
261 out->attid = attr->attributeID_id;
262 out->value_ctr.num_values = in->num_values;
263 out->value_ctr.values = talloc_array(mem_ctx,
264 struct drsuapi_DsAttributeValue,
266 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
268 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
269 W_ERROR_HAVE_NO_MEMORY(blobs);
271 for (i=0; i < in->num_values; i++) {
274 out->value_ctr.values[i].blob = &blobs[i];
276 blobs[i] = data_blob_talloc(blobs, NULL, 4);
277 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
279 /* We've to use "strtoll" here to have the intended overflows.
280 * Otherwise we may get "LONG_MAX" and the conversion is wrong. */
281 v = (int32_t) strtoll((char *)in->values[i].data, NULL, 0);
283 SIVALS(blobs[i].data, 0, v);
289 static WERROR dsdb_syntax_INT32_validate_ldb(const struct dsdb_syntax_ctx *ctx,
290 const struct dsdb_attribute *attr,
291 const struct ldb_message_element *in)
295 if (attr->attributeID_id == 0xFFFFFFFF) {
299 for (i=0; i < in->num_values; i++) {
301 char buf[sizeof("-2147483648")];
305 if (in->values[i].length >= sizeof(buf)) {
306 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
309 memcpy(buf, in->values[i].data, in->values[i].length);
311 v = strtol(buf, &end, 10);
313 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
315 if (end && end[0] != '\0') {
316 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
319 if (attr->rangeLower) {
320 if ((int32_t)v < (int32_t)*attr->rangeLower) {
321 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
325 if (attr->rangeUpper) {
326 if ((int32_t)v > (int32_t)*attr->rangeUpper) {
327 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
335 static WERROR dsdb_syntax_INT64_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
336 const struct dsdb_attribute *attr,
337 const struct drsuapi_DsReplicaAttribute *in,
339 struct ldb_message_element *out)
344 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
345 W_ERROR_HAVE_NO_MEMORY(out->name);
347 out->num_values = in->value_ctr.num_values;
348 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
349 W_ERROR_HAVE_NO_MEMORY(out->values);
351 for (i=0; i < out->num_values; i++) {
355 if (in->value_ctr.values[i].blob == NULL) {
359 if (in->value_ctr.values[i].blob->length != 8) {
363 v = BVALS(in->value_ctr.values[i].blob->data, 0);
365 str = talloc_asprintf(out->values, "%lld", (long long int)v);
366 W_ERROR_HAVE_NO_MEMORY(str);
368 out->values[i] = data_blob_string_const(str);
374 static WERROR dsdb_syntax_INT64_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
375 const struct dsdb_attribute *attr,
376 const struct ldb_message_element *in,
378 struct drsuapi_DsReplicaAttribute *out)
383 if (attr->attributeID_id == 0xFFFFFFFF) {
387 out->attid = attr->attributeID_id;
388 out->value_ctr.num_values = in->num_values;
389 out->value_ctr.values = talloc_array(mem_ctx,
390 struct drsuapi_DsAttributeValue,
392 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
394 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
395 W_ERROR_HAVE_NO_MEMORY(blobs);
397 for (i=0; i < in->num_values; i++) {
400 out->value_ctr.values[i].blob = &blobs[i];
402 blobs[i] = data_blob_talloc(blobs, NULL, 8);
403 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
405 v = strtoll((const char *)in->values[i].data, NULL, 10);
407 SBVALS(blobs[i].data, 0, v);
413 static WERROR dsdb_syntax_INT64_validate_ldb(const struct dsdb_syntax_ctx *ctx,
414 const struct dsdb_attribute *attr,
415 const struct ldb_message_element *in)
419 if (attr->attributeID_id == 0xFFFFFFFF) {
423 for (i=0; i < in->num_values; i++) {
425 char buf[sizeof("-9223372036854775808")];
429 if (in->values[i].length >= sizeof(buf)) {
430 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
432 memcpy(buf, in->values[i].data, in->values[i].length);
435 v = strtoll(buf, &end, 10);
437 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
439 if (end && end[0] != '\0') {
440 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
443 if (attr->rangeLower) {
444 if ((int64_t)v < (int64_t)*attr->rangeLower) {
445 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
449 if (attr->rangeUpper) {
450 if ((int64_t)v > (int64_t)*attr->rangeUpper) {
451 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
458 static WERROR dsdb_syntax_NTTIME_UTC_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
459 const struct dsdb_attribute *attr,
460 const struct drsuapi_DsReplicaAttribute *in,
462 struct ldb_message_element *out)
467 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
468 W_ERROR_HAVE_NO_MEMORY(out->name);
470 out->num_values = in->value_ctr.num_values;
471 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
472 W_ERROR_HAVE_NO_MEMORY(out->values);
474 for (i=0; i < out->num_values; i++) {
479 if (in->value_ctr.values[i].blob == NULL) {
483 if (in->value_ctr.values[i].blob->length != 8) {
487 v = BVAL(in->value_ctr.values[i].blob->data, 0);
489 t = nt_time_to_unix(v);
492 * NOTE: On a w2k3 server you can set a GeneralizedTime string
493 * via LDAP, but you get back an UTCTime string,
494 * but via DRSUAPI you get back the NTTIME_1sec value
495 * that represents the GeneralizedTime value!
497 * So if we store the UTCTime string in our ldb
498 * we'll loose information!
500 str = ldb_timestring_utc(out->values, t);
501 W_ERROR_HAVE_NO_MEMORY(str);
502 out->values[i] = data_blob_string_const(str);
508 static WERROR dsdb_syntax_NTTIME_UTC_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
509 const struct dsdb_attribute *attr,
510 const struct ldb_message_element *in,
512 struct drsuapi_DsReplicaAttribute *out)
517 if (attr->attributeID_id == 0xFFFFFFFF) {
521 out->attid = attr->attributeID_id;
522 out->value_ctr.num_values = in->num_values;
523 out->value_ctr.values = talloc_array(mem_ctx,
524 struct drsuapi_DsAttributeValue,
526 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
528 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
529 W_ERROR_HAVE_NO_MEMORY(blobs);
531 for (i=0; i < in->num_values; i++) {
535 out->value_ctr.values[i].blob = &blobs[i];
537 blobs[i] = data_blob_talloc(blobs, NULL, 8);
538 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
540 t = ldb_string_utc_to_time((const char *)in->values[i].data);
541 unix_to_nt_time(&v, t);
544 SBVAL(blobs[i].data, 0, v);
550 static WERROR dsdb_syntax_NTTIME_UTC_validate_ldb(const struct dsdb_syntax_ctx *ctx,
551 const struct dsdb_attribute *attr,
552 const struct ldb_message_element *in)
556 if (attr->attributeID_id == 0xFFFFFFFF) {
560 for (i=0; i < in->num_values; i++) {
562 char buf[sizeof("090826075717Z")];
565 if (in->values[i].length >= sizeof(buf)) {
566 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
568 memcpy(buf, in->values[i].data, in->values[i].length);
571 t = ldb_string_utc_to_time(buf);
573 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
576 if (attr->rangeLower) {
577 if ((int32_t)t < (int32_t)*attr->rangeLower) {
578 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
582 if (attr->rangeUpper) {
583 if ((int32_t)t > (int32_t)*attr->rangeLower) {
584 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
589 * TODO: verify the comment in the
590 * dsdb_syntax_NTTIME_UTC_drsuapi_to_ldb() function!
597 static WERROR dsdb_syntax_NTTIME_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
598 const struct dsdb_attribute *attr,
599 const struct drsuapi_DsReplicaAttribute *in,
601 struct ldb_message_element *out)
606 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
607 W_ERROR_HAVE_NO_MEMORY(out->name);
609 out->num_values = in->value_ctr.num_values;
610 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
611 W_ERROR_HAVE_NO_MEMORY(out->values);
613 for (i=0; i < out->num_values; i++) {
618 if (in->value_ctr.values[i].blob == NULL) {
622 if (in->value_ctr.values[i].blob->length != 8) {
626 v = BVAL(in->value_ctr.values[i].blob->data, 0);
628 t = nt_time_to_unix(v);
630 str = ldb_timestring(out->values, t);
631 W_ERROR_HAVE_NO_MEMORY(str);
633 out->values[i] = data_blob_string_const(str);
639 static WERROR dsdb_syntax_NTTIME_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
640 const struct dsdb_attribute *attr,
641 const struct ldb_message_element *in,
643 struct drsuapi_DsReplicaAttribute *out)
648 if (attr->attributeID_id == 0xFFFFFFFF) {
652 out->attid = attr->attributeID_id;
653 out->value_ctr.num_values = in->num_values;
654 out->value_ctr.values = talloc_array(mem_ctx,
655 struct drsuapi_DsAttributeValue,
657 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
659 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
660 W_ERROR_HAVE_NO_MEMORY(blobs);
662 for (i=0; i < in->num_values; i++) {
667 out->value_ctr.values[i].blob = &blobs[i];
669 blobs[i] = data_blob_talloc(blobs, NULL, 8);
670 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
672 ret = ldb_val_to_time(&in->values[i], &t);
673 if (ret != LDB_SUCCESS) {
674 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
676 unix_to_nt_time(&v, t);
679 SBVAL(blobs[i].data, 0, v);
685 static WERROR dsdb_syntax_NTTIME_validate_ldb(const struct dsdb_syntax_ctx *ctx,
686 const struct dsdb_attribute *attr,
687 const struct ldb_message_element *in)
691 if (attr->attributeID_id == 0xFFFFFFFF) {
695 for (i=0; i < in->num_values; i++) {
699 ret = ldb_val_to_time(&in->values[i], &t);
700 if (ret != LDB_SUCCESS) {
701 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
704 if (attr->rangeLower) {
705 if ((int32_t)t < (int32_t)*attr->rangeLower) {
706 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
710 if (attr->rangeUpper) {
711 if ((int32_t)t > (int32_t)*attr->rangeLower) {
712 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
720 static WERROR dsdb_syntax_DATA_BLOB_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
721 const struct dsdb_attribute *attr,
722 const struct drsuapi_DsReplicaAttribute *in,
724 struct ldb_message_element *out)
729 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
730 W_ERROR_HAVE_NO_MEMORY(out->name);
732 out->num_values = in->value_ctr.num_values;
733 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
734 W_ERROR_HAVE_NO_MEMORY(out->values);
736 for (i=0; i < out->num_values; i++) {
737 if (in->value_ctr.values[i].blob == NULL) {
741 if (in->value_ctr.values[i].blob->length == 0) {
745 out->values[i] = data_blob_dup_talloc(out->values,
746 in->value_ctr.values[i].blob);
747 W_ERROR_HAVE_NO_MEMORY(out->values[i].data);
753 static WERROR dsdb_syntax_DATA_BLOB_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
754 const struct dsdb_attribute *attr,
755 const struct ldb_message_element *in,
757 struct drsuapi_DsReplicaAttribute *out)
762 if (attr->attributeID_id == 0xFFFFFFFF) {
766 out->attid = attr->attributeID_id;
767 out->value_ctr.num_values = in->num_values;
768 out->value_ctr.values = talloc_array(mem_ctx,
769 struct drsuapi_DsAttributeValue,
771 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
773 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
774 W_ERROR_HAVE_NO_MEMORY(blobs);
776 for (i=0; i < in->num_values; i++) {
777 out->value_ctr.values[i].blob = &blobs[i];
779 blobs[i] = data_blob_dup_talloc(blobs, &in->values[i]);
780 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
786 static WERROR dsdb_syntax_DATA_BLOB_validate_one_val(const struct dsdb_syntax_ctx *ctx,
787 const struct dsdb_attribute *attr,
788 const struct ldb_val *val)
790 if (attr->attributeID_id == 0xFFFFFFFF) {
794 if (attr->rangeLower) {
795 if ((uint32_t)val->length < (uint32_t)*attr->rangeLower) {
796 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
800 if (attr->rangeUpper) {
801 if ((uint32_t)val->length > (uint32_t)*attr->rangeUpper) {
802 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
809 static WERROR dsdb_syntax_DATA_BLOB_validate_ldb(const struct dsdb_syntax_ctx *ctx,
810 const struct dsdb_attribute *attr,
811 const struct ldb_message_element *in)
816 if (attr->attributeID_id == 0xFFFFFFFF) {
820 for (i=0; i < in->num_values; i++) {
821 if (in->values[i].length == 0) {
822 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
825 status = dsdb_syntax_DATA_BLOB_validate_one_val(ctx,
828 if (!W_ERROR_IS_OK(status)) {
836 static WERROR _dsdb_syntax_auto_OID_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
837 const struct dsdb_attribute *attr,
838 const struct drsuapi_DsReplicaAttribute *in,
840 struct ldb_message_element *out)
845 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
846 W_ERROR_HAVE_NO_MEMORY(out->name);
848 out->num_values = in->value_ctr.num_values;
849 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
850 W_ERROR_HAVE_NO_MEMORY(out->values);
852 for (i=0; i < out->num_values; i++) {
854 const struct dsdb_class *c;
855 const struct dsdb_attribute *a;
856 const char *str = NULL;
858 if (in->value_ctr.values[i].blob == NULL) {
862 if (in->value_ctr.values[i].blob->length != 4) {
866 v = IVAL(in->value_ctr.values[i].blob->data, 0);
868 if ((c = dsdb_class_by_governsID_id(ctx->schema, v))) {
869 str = talloc_strdup(out->values, c->lDAPDisplayName);
870 } else if ((a = dsdb_attribute_by_attributeID_id(ctx->schema, v))) {
871 str = talloc_strdup(out->values, a->lDAPDisplayName);
874 werr = dsdb_schema_pfm_oid_from_attid(ctx->schema->prefixmap, v, out->values, &str);
875 W_ERROR_NOT_OK_RETURN(werr);
877 W_ERROR_HAVE_NO_MEMORY(str);
879 /* the values need to be reversed */
880 out->values[out->num_values - (i + 1)] = data_blob_string_const(str);
886 static WERROR _dsdb_syntax_OID_obj_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
887 const struct dsdb_attribute *attr,
888 const struct drsuapi_DsReplicaAttribute *in,
890 struct ldb_message_element *out)
895 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
896 W_ERROR_HAVE_NO_MEMORY(out->name);
898 out->num_values = in->value_ctr.num_values;
899 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
900 W_ERROR_HAVE_NO_MEMORY(out->values);
902 for (i=0; i < out->num_values; i++) {
904 const struct dsdb_class *c;
907 if (in->value_ctr.values[i].blob == NULL) {
911 if (in->value_ctr.values[i].blob->length != 4) {
915 v = IVAL(in->value_ctr.values[i].blob->data, 0);
917 c = dsdb_class_by_governsID_id(ctx->schema, v);
922 str = talloc_strdup(out->values, c->lDAPDisplayName);
923 W_ERROR_HAVE_NO_MEMORY(str);
925 /* the values need to be reversed */
926 out->values[out->num_values - (i + 1)] = data_blob_string_const(str);
932 static WERROR _dsdb_syntax_OID_attr_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
933 const struct dsdb_attribute *attr,
934 const struct drsuapi_DsReplicaAttribute *in,
936 struct ldb_message_element *out)
941 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
942 W_ERROR_HAVE_NO_MEMORY(out->name);
944 out->num_values = in->value_ctr.num_values;
945 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
946 W_ERROR_HAVE_NO_MEMORY(out->values);
948 for (i=0; i < out->num_values; i++) {
950 const struct dsdb_attribute *a;
953 if (in->value_ctr.values[i].blob == NULL) {
957 if (in->value_ctr.values[i].blob->length != 4) {
961 v = IVAL(in->value_ctr.values[i].blob->data, 0);
963 a = dsdb_attribute_by_attributeID_id(ctx->schema, v);
968 str = talloc_strdup(out->values, a->lDAPDisplayName);
969 W_ERROR_HAVE_NO_MEMORY(str);
971 /* the values need to be reversed */
972 out->values[out->num_values - (i + 1)] = data_blob_string_const(str);
978 static WERROR _dsdb_syntax_OID_oid_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
979 const struct dsdb_attribute *attr,
980 const struct drsuapi_DsReplicaAttribute *in,
982 struct ldb_message_element *out)
987 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
988 W_ERROR_HAVE_NO_MEMORY(out->name);
990 out->num_values = in->value_ctr.num_values;
991 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
992 W_ERROR_HAVE_NO_MEMORY(out->values);
994 for (i=0; i < out->num_values; i++) {
999 if (in->value_ctr.values[i].blob == NULL) {
1003 if (in->value_ctr.values[i].blob->length != 4) {
1007 attid = IVAL(in->value_ctr.values[i].blob->data, 0);
1009 status = dsdb_schema_pfm_oid_from_attid(ctx->schema->prefixmap, attid, out->values, &oid);
1010 W_ERROR_NOT_OK_RETURN(status);
1012 out->values[i] = data_blob_string_const(oid);
1018 static WERROR _dsdb_syntax_auto_OID_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
1019 const struct dsdb_attribute *attr,
1020 const struct ldb_message_element *in,
1021 TALLOC_CTX *mem_ctx,
1022 struct drsuapi_DsReplicaAttribute *out)
1027 out->attid= attr->attributeID_id;
1028 out->value_ctr.num_values= in->num_values;
1029 out->value_ctr.values= talloc_array(mem_ctx,
1030 struct drsuapi_DsAttributeValue,
1032 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
1034 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
1035 W_ERROR_HAVE_NO_MEMORY(blobs);
1037 for (i=0; i < in->num_values; i++) {
1038 const struct dsdb_class *obj_class;
1039 const struct dsdb_attribute *obj_attr;
1042 out->value_ctr.values[i].blob= &blobs[i];
1044 blobs[i] = data_blob_talloc(blobs, NULL, 4);
1045 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
1047 /* in DRS windows puts the classes in the opposite
1048 order to the order used in ldap */
1049 v = &in->values[(in->num_values-1)-i];
1051 if ((obj_class = dsdb_class_by_lDAPDisplayName_ldb_val(ctx->schema, v))) {
1052 SIVAL(blobs[i].data, 0, obj_class->governsID_id);
1053 } else if ((obj_attr = dsdb_attribute_by_lDAPDisplayName_ldb_val(ctx->schema, v))) {
1054 SIVAL(blobs[i].data, 0, obj_attr->attributeID_id);
1058 werr = dsdb_schema_pfm_make_attid(ctx->schema->prefixmap,
1059 (const char *)v->data,
1061 W_ERROR_NOT_OK_RETURN(werr);
1062 SIVAL(blobs[i].data, 0, attid);
1071 static WERROR _dsdb_syntax_OID_obj_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
1072 const struct dsdb_attribute *attr,
1073 const struct ldb_message_element *in,
1074 TALLOC_CTX *mem_ctx,
1075 struct drsuapi_DsReplicaAttribute *out)
1080 out->attid= attr->attributeID_id;
1081 out->value_ctr.num_values= in->num_values;
1082 out->value_ctr.values= talloc_array(mem_ctx,
1083 struct drsuapi_DsAttributeValue,
1085 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
1087 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
1088 W_ERROR_HAVE_NO_MEMORY(blobs);
1090 for (i=0; i < in->num_values; i++) {
1091 const struct dsdb_class *obj_class;
1093 out->value_ctr.values[i].blob= &blobs[i];
1095 blobs[i] = data_blob_talloc(blobs, NULL, 4);
1096 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
1098 /* in DRS windows puts the classes in the opposite
1099 order to the order used in ldap */
1100 obj_class = dsdb_class_by_lDAPDisplayName(ctx->schema,
1101 (const char *)in->values[(in->num_values-1)-i].data);
1105 SIVAL(blobs[i].data, 0, obj_class->governsID_id);
1112 static WERROR _dsdb_syntax_OID_attr_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
1113 const struct dsdb_attribute *attr,
1114 const struct ldb_message_element *in,
1115 TALLOC_CTX *mem_ctx,
1116 struct drsuapi_DsReplicaAttribute *out)
1121 out->attid= attr->attributeID_id;
1122 out->value_ctr.num_values= in->num_values;
1123 out->value_ctr.values= talloc_array(mem_ctx,
1124 struct drsuapi_DsAttributeValue,
1126 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
1128 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
1129 W_ERROR_HAVE_NO_MEMORY(blobs);
1131 for (i=0; i < in->num_values; i++) {
1132 const struct dsdb_attribute *obj_attr;
1134 out->value_ctr.values[i].blob= &blobs[i];
1136 blobs[i] = data_blob_talloc(blobs, NULL, 4);
1137 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
1139 obj_attr = dsdb_attribute_by_lDAPDisplayName(ctx->schema, (const char *)in->values[i].data);
1143 SIVAL(blobs[i].data, 0, obj_attr->attributeID_id);
1150 static WERROR _dsdb_syntax_OID_oid_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
1151 const struct dsdb_attribute *attr,
1152 const struct ldb_message_element *in,
1153 TALLOC_CTX *mem_ctx,
1154 struct drsuapi_DsReplicaAttribute *out)
1159 out->attid= attr->attributeID_id;
1160 out->value_ctr.num_values= in->num_values;
1161 out->value_ctr.values= talloc_array(mem_ctx,
1162 struct drsuapi_DsAttributeValue,
1164 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
1166 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
1167 W_ERROR_HAVE_NO_MEMORY(blobs);
1169 for (i=0; i < in->num_values; i++) {
1173 out->value_ctr.values[i].blob= &blobs[i];
1175 blobs[i] = data_blob_talloc(blobs, NULL, 4);
1176 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
1178 status = dsdb_schema_pfm_make_attid(ctx->schema->prefixmap,
1179 (const char *)in->values[i].data,
1181 W_ERROR_NOT_OK_RETURN(status);
1183 SIVAL(blobs[i].data, 0, attid);
1189 static WERROR dsdb_syntax_OID_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
1190 const struct dsdb_attribute *attr,
1191 const struct drsuapi_DsReplicaAttribute *in,
1192 TALLOC_CTX *mem_ctx,
1193 struct ldb_message_element *out)
1197 switch (attr->attributeID_id) {
1198 case DRSUAPI_ATTRIBUTE_objectClass:
1199 case DRSUAPI_ATTRIBUTE_subClassOf:
1200 case DRSUAPI_ATTRIBUTE_auxiliaryClass:
1201 case DRSUAPI_ATTRIBUTE_systemAuxiliaryClass:
1202 case DRSUAPI_ATTRIBUTE_systemPossSuperiors:
1203 case DRSUAPI_ATTRIBUTE_possSuperiors:
1204 werr = _dsdb_syntax_OID_obj_drsuapi_to_ldb(ctx, attr, in, mem_ctx, out);
1206 case DRSUAPI_ATTRIBUTE_systemMustContain:
1207 case DRSUAPI_ATTRIBUTE_systemMayContain:
1208 case DRSUAPI_ATTRIBUTE_mustContain:
1209 case DRSUAPI_ATTRIBUTE_rDNAttId:
1210 case DRSUAPI_ATTRIBUTE_transportAddressAttribute:
1211 case DRSUAPI_ATTRIBUTE_mayContain:
1212 werr = _dsdb_syntax_OID_attr_drsuapi_to_ldb(ctx, attr, in, mem_ctx, out);
1214 case DRSUAPI_ATTRIBUTE_governsID:
1215 case DRSUAPI_ATTRIBUTE_attributeID:
1216 case DRSUAPI_ATTRIBUTE_attributeSyntax:
1217 werr = _dsdb_syntax_OID_oid_drsuapi_to_ldb(ctx, attr, in, mem_ctx, out);
1220 DEBUG(0,(__location__ ": Unknown handling for attributeID_id for %s\n",
1221 attr->lDAPDisplayName));
1222 return _dsdb_syntax_auto_OID_drsuapi_to_ldb(ctx, attr, in, mem_ctx, out);
1225 /* When we are doing the vampire of a schema, we don't want
1226 * the inablity to reference an OID to get in the way.
1227 * Otherwise, we won't get the new schema with which to
1228 * understand this */
1229 if (!W_ERROR_IS_OK(werr) && ctx->schema->relax_OID_conversions) {
1230 return _dsdb_syntax_OID_oid_drsuapi_to_ldb(ctx, attr, in, mem_ctx, out);
1235 static WERROR dsdb_syntax_OID_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
1236 const struct dsdb_attribute *attr,
1237 const struct ldb_message_element *in,
1238 TALLOC_CTX *mem_ctx,
1239 struct drsuapi_DsReplicaAttribute *out)
1241 if (attr->attributeID_id == 0xFFFFFFFF) {
1245 switch (attr->attributeID_id) {
1246 case DRSUAPI_ATTRIBUTE_objectClass:
1247 case DRSUAPI_ATTRIBUTE_subClassOf:
1248 case DRSUAPI_ATTRIBUTE_auxiliaryClass:
1249 case DRSUAPI_ATTRIBUTE_systemAuxiliaryClass:
1250 case DRSUAPI_ATTRIBUTE_systemPossSuperiors:
1251 case DRSUAPI_ATTRIBUTE_possSuperiors:
1252 return _dsdb_syntax_OID_obj_ldb_to_drsuapi(ctx, attr, in, mem_ctx, out);
1253 case DRSUAPI_ATTRIBUTE_systemMustContain:
1254 case DRSUAPI_ATTRIBUTE_systemMayContain:
1255 case DRSUAPI_ATTRIBUTE_mustContain:
1256 case DRSUAPI_ATTRIBUTE_rDNAttId:
1257 case DRSUAPI_ATTRIBUTE_transportAddressAttribute:
1258 case DRSUAPI_ATTRIBUTE_mayContain:
1259 return _dsdb_syntax_OID_attr_ldb_to_drsuapi(ctx, attr, in, mem_ctx, out);
1260 case DRSUAPI_ATTRIBUTE_governsID:
1261 case DRSUAPI_ATTRIBUTE_attributeID:
1262 case DRSUAPI_ATTRIBUTE_attributeSyntax:
1263 return _dsdb_syntax_OID_oid_ldb_to_drsuapi(ctx, attr, in, mem_ctx, out);
1266 DEBUG(0,(__location__ ": Unknown handling for attributeID_id for %s\n",
1267 attr->lDAPDisplayName));
1269 return _dsdb_syntax_auto_OID_ldb_to_drsuapi(ctx, attr, in, mem_ctx, out);
1272 static WERROR dsdb_syntax_OID_validate_ldb(const struct dsdb_syntax_ctx *ctx,
1273 const struct dsdb_attribute *attr,
1274 const struct ldb_message_element *in)
1277 struct drsuapi_DsReplicaAttribute drs_tmp;
1278 struct ldb_message_element ldb_tmp;
1279 TALLOC_CTX *tmp_ctx;
1281 if (attr->attributeID_id == 0xFFFFFFFF) {
1286 * TODO: optimize and verify this code
1289 tmp_ctx = talloc_new(ctx->ldb);
1290 if (tmp_ctx == NULL) {
1294 status = dsdb_syntax_OID_ldb_to_drsuapi(ctx,
1299 if (!W_ERROR_IS_OK(status)) {
1300 talloc_free(tmp_ctx);
1304 status = dsdb_syntax_OID_drsuapi_to_ldb(ctx,
1309 if (!W_ERROR_IS_OK(status)) {
1310 talloc_free(tmp_ctx);
1314 talloc_free(tmp_ctx);
1318 static WERROR dsdb_syntax_UNICODE_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
1319 const struct dsdb_attribute *attr,
1320 const struct drsuapi_DsReplicaAttribute *in,
1321 TALLOC_CTX *mem_ctx,
1322 struct ldb_message_element *out)
1327 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
1328 W_ERROR_HAVE_NO_MEMORY(out->name);
1330 out->num_values = in->value_ctr.num_values;
1331 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
1332 W_ERROR_HAVE_NO_MEMORY(out->values);
1334 for (i=0; i < out->num_values; i++) {
1337 if (in->value_ctr.values[i].blob == NULL) {
1341 if (in->value_ctr.values[i].blob->length == 0) {
1345 if (!convert_string_talloc(out->values,
1347 in->value_ctr.values[i].blob->data,
1348 in->value_ctr.values[i].blob->length,
1349 (void **)&str, NULL, false)) {
1353 out->values[i] = data_blob_string_const(str);
1359 static WERROR dsdb_syntax_UNICODE_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
1360 const struct dsdb_attribute *attr,
1361 const struct ldb_message_element *in,
1362 TALLOC_CTX *mem_ctx,
1363 struct drsuapi_DsReplicaAttribute *out)
1368 if (attr->attributeID_id == 0xFFFFFFFF) {
1372 out->attid = attr->attributeID_id;
1373 out->value_ctr.num_values = in->num_values;
1374 out->value_ctr.values = talloc_array(mem_ctx,
1375 struct drsuapi_DsAttributeValue,
1377 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
1379 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
1380 W_ERROR_HAVE_NO_MEMORY(blobs);
1382 for (i=0; i < in->num_values; i++) {
1383 out->value_ctr.values[i].blob = &blobs[i];
1385 if (!convert_string_talloc(blobs,
1387 in->values[i].data, in->values[i].length,
1388 (void **)&blobs[i].data, &blobs[i].length, false)) {
1396 static WERROR dsdb_syntax_UNICODE_validate_one_val(const struct dsdb_syntax_ctx *ctx,
1397 const struct dsdb_attribute *attr,
1398 const struct ldb_val *val)
1404 if (attr->attributeID_id == 0xFFFFFFFF) {
1408 ok = convert_string_talloc(ctx->ldb,
1416 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1419 if (attr->rangeLower) {
1420 if ((size/2) < *attr->rangeLower) {
1421 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1425 if (attr->rangeUpper) {
1426 if ((size/2) > *attr->rangeUpper) {
1427 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1434 static WERROR dsdb_syntax_UNICODE_validate_ldb(const struct dsdb_syntax_ctx *ctx,
1435 const struct dsdb_attribute *attr,
1436 const struct ldb_message_element *in)
1441 if (attr->attributeID_id == 0xFFFFFFFF) {
1445 for (i=0; i < in->num_values; i++) {
1446 if (in->values[i].length == 0) {
1447 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1450 status = dsdb_syntax_UNICODE_validate_one_val(ctx,
1453 if (!W_ERROR_IS_OK(status)) {
1461 WERROR dsdb_syntax_one_DN_drsuapi_to_ldb(TALLOC_CTX *mem_ctx, struct ldb_context *ldb,
1462 const struct dsdb_syntax *syntax,
1463 const DATA_BLOB *in, DATA_BLOB *out)
1465 struct drsuapi_DsReplicaObjectIdentifier3 id3;
1466 enum ndr_err_code ndr_err;
1467 DATA_BLOB guid_blob;
1469 TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
1474 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
1478 talloc_free(tmp_ctx);
1482 if (in->length == 0) {
1483 talloc_free(tmp_ctx);
1488 /* windows sometimes sends an extra two pad bytes here */
1489 ndr_err = ndr_pull_struct_blob(in,
1491 (ndr_pull_flags_fn_t)ndr_pull_drsuapi_DsReplicaObjectIdentifier3);
1492 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1493 status = ndr_map_error2ntstatus(ndr_err);
1494 talloc_free(tmp_ctx);
1495 return ntstatus_to_werror(status);
1498 dn = ldb_dn_new(tmp_ctx, ldb, id3.dn);
1500 talloc_free(tmp_ctx);
1501 /* If this fails, it must be out of memory, as it does not do much parsing */
1502 W_ERROR_HAVE_NO_MEMORY(dn);
1505 if (!GUID_all_zero(&id3.guid)) {
1506 status = GUID_to_ndr_blob(&id3.guid, tmp_ctx, &guid_blob);
1507 if (!NT_STATUS_IS_OK(status)) {
1508 talloc_free(tmp_ctx);
1509 return ntstatus_to_werror(status);
1512 ret = ldb_dn_set_extended_component(dn, "GUID", &guid_blob);
1513 if (ret != LDB_SUCCESS) {
1514 talloc_free(tmp_ctx);
1517 talloc_free(guid_blob.data);
1520 if (id3.__ndr_size_sid) {
1522 ndr_err = ndr_push_struct_blob(&sid_blob, tmp_ctx, &id3.sid,
1523 (ndr_push_flags_fn_t)ndr_push_dom_sid);
1524 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1525 status = ndr_map_error2ntstatus(ndr_err);
1526 talloc_free(tmp_ctx);
1527 return ntstatus_to_werror(status);
1530 ret = ldb_dn_set_extended_component(dn, "SID", &sid_blob);
1531 if (ret != LDB_SUCCESS) {
1532 talloc_free(tmp_ctx);
1537 *out = data_blob_string_const(ldb_dn_get_extended_linearized(mem_ctx, dn, 1));
1538 talloc_free(tmp_ctx);
1542 static WERROR dsdb_syntax_DN_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
1543 const struct dsdb_attribute *attr,
1544 const struct drsuapi_DsReplicaAttribute *in,
1545 TALLOC_CTX *mem_ctx,
1546 struct ldb_message_element *out)
1551 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
1552 W_ERROR_HAVE_NO_MEMORY(out->name);
1554 out->num_values = in->value_ctr.num_values;
1555 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
1556 W_ERROR_HAVE_NO_MEMORY(out->values);
1558 for (i=0; i < out->num_values; i++) {
1559 WERROR status = dsdb_syntax_one_DN_drsuapi_to_ldb(out->values, ctx->ldb, attr->syntax,
1560 in->value_ctr.values[i].blob,
1562 if (!W_ERROR_IS_OK(status)) {
1571 static WERROR dsdb_syntax_DN_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
1572 const struct dsdb_attribute *attr,
1573 const struct ldb_message_element *in,
1574 TALLOC_CTX *mem_ctx,
1575 struct drsuapi_DsReplicaAttribute *out)
1580 if (attr->attributeID_id == 0xFFFFFFFF) {
1584 out->attid = attr->attributeID_id;
1585 out->value_ctr.num_values = in->num_values;
1586 out->value_ctr.values = talloc_array(mem_ctx,
1587 struct drsuapi_DsAttributeValue,
1589 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
1591 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
1592 W_ERROR_HAVE_NO_MEMORY(blobs);
1594 for (i=0; i < in->num_values; i++) {
1595 struct drsuapi_DsReplicaObjectIdentifier3 id3;
1596 enum ndr_err_code ndr_err;
1598 TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
1601 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
1603 out->value_ctr.values[i].blob = &blobs[i];
1605 dn = ldb_dn_from_ldb_val(tmp_ctx, ctx->ldb, &in->values[i]);
1607 W_ERROR_HAVE_NO_MEMORY(dn);
1611 status = dsdb_get_extended_dn_guid(dn, &id3.guid, "GUID");
1612 if (!NT_STATUS_IS_OK(status) &&
1613 !NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
1614 talloc_free(tmp_ctx);
1615 return ntstatus_to_werror(status);
1618 status = dsdb_get_extended_dn_sid(dn, &id3.sid, "SID");
1619 if (!NT_STATUS_IS_OK(status) &&
1620 !NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
1621 talloc_free(tmp_ctx);
1622 return ntstatus_to_werror(status);
1625 id3.dn = ldb_dn_get_linearized(dn);
1627 ndr_err = ndr_push_struct_blob(&blobs[i], blobs, &id3, (ndr_push_flags_fn_t)ndr_push_drsuapi_DsReplicaObjectIdentifier3);
1628 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1629 status = ndr_map_error2ntstatus(ndr_err);
1630 talloc_free(tmp_ctx);
1631 return ntstatus_to_werror(status);
1633 talloc_free(tmp_ctx);
1639 static WERROR dsdb_syntax_DN_validate_one_val(const struct dsdb_syntax_ctx *ctx,
1640 const struct dsdb_attribute *attr,
1641 const struct ldb_val *val,
1642 TALLOC_CTX *mem_ctx,
1643 struct dsdb_dn **_dsdb_dn)
1645 static const char * const extended_list[] = { "GUID", "SID", NULL };
1646 enum ndr_err_code ndr_err;
1649 const DATA_BLOB *sid_blob;
1650 struct dsdb_dn *dsdb_dn;
1656 TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
1659 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
1661 if (attr->attributeID_id == 0xFFFFFFFF) {
1665 dsdb_dn = dsdb_dn_parse(tmp_ctx, ctx->ldb, val,
1666 attr->syntax->ldap_oid);
1668 talloc_free(tmp_ctx);
1669 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1673 dn2 = ldb_dn_copy(tmp_ctx, dn);
1675 talloc_free(tmp_ctx);
1679 num_components = ldb_dn_get_comp_num(dn);
1681 status = dsdb_get_extended_dn_guid(dn, &guid, "GUID");
1682 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
1684 } else if (!NT_STATUS_IS_OK(status)) {
1685 talloc_free(tmp_ctx);
1686 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1689 sid_blob = ldb_dn_get_extended_component(dn, "SID");
1692 ndr_err = ndr_pull_struct_blob_all(sid_blob,
1695 (ndr_pull_flags_fn_t)ndr_pull_dom_sid);
1696 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1697 talloc_free(tmp_ctx);
1698 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1702 /* Do not allow links to the RootDSE */
1703 if (num_components == 0) {
1704 talloc_free(tmp_ctx);
1705 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1709 * We need to check that only "GUID" and "SID" are
1710 * specified as extended components, we do that
1711 * by comparing the dn's after removing all components
1712 * from one dn and only the allowed subset from the other
1715 ldb_dn_extended_filter(dn, extended_list);
1717 dn_str = ldb_dn_get_extended_linearized(tmp_ctx, dn, 0);
1718 if (dn_str == NULL) {
1719 talloc_free(tmp_ctx);
1720 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1722 dn2_str = ldb_dn_get_extended_linearized(tmp_ctx, dn2, 0);
1723 if (dn2_str == NULL) {
1724 talloc_free(tmp_ctx);
1725 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1728 if (strcmp(dn_str, dn2_str) != 0) {
1729 talloc_free(tmp_ctx);
1730 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1733 *_dsdb_dn = talloc_move(mem_ctx, &dsdb_dn);
1734 talloc_free(tmp_ctx);
1738 static WERROR dsdb_syntax_DN_validate_ldb(const struct dsdb_syntax_ctx *ctx,
1739 const struct dsdb_attribute *attr,
1740 const struct ldb_message_element *in)
1744 if (attr->attributeID_id == 0xFFFFFFFF) {
1748 for (i=0; i < in->num_values; i++) {
1750 struct dsdb_dn *dsdb_dn;
1751 TALLOC_CTX *tmp_ctx = talloc_new(ctx->ldb);
1752 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
1754 status = dsdb_syntax_DN_validate_one_val(ctx,
1758 if (!W_ERROR_IS_OK(status)) {
1759 talloc_free(tmp_ctx);
1763 if (dsdb_dn->dn_format != DSDB_NORMAL_DN) {
1764 talloc_free(tmp_ctx);
1765 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1768 talloc_free(tmp_ctx);
1774 static WERROR dsdb_syntax_DN_BINARY_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
1775 const struct dsdb_attribute *attr,
1776 const struct drsuapi_DsReplicaAttribute *in,
1777 TALLOC_CTX *mem_ctx,
1778 struct ldb_message_element *out)
1784 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
1785 W_ERROR_HAVE_NO_MEMORY(out->name);
1787 out->num_values = in->value_ctr.num_values;
1788 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
1789 W_ERROR_HAVE_NO_MEMORY(out->values);
1791 for (i=0; i < out->num_values; i++) {
1792 struct drsuapi_DsReplicaObjectIdentifier3Binary id3;
1793 enum ndr_err_code ndr_err;
1794 DATA_BLOB guid_blob;
1796 struct dsdb_dn *dsdb_dn;
1798 TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
1800 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
1803 if (in->value_ctr.values[i].blob == NULL) {
1804 talloc_free(tmp_ctx);
1808 if (in->value_ctr.values[i].blob->length == 0) {
1809 talloc_free(tmp_ctx);
1814 /* windows sometimes sends an extra two pad bytes here */
1815 ndr_err = ndr_pull_struct_blob(in->value_ctr.values[i].blob,
1817 (ndr_pull_flags_fn_t)ndr_pull_drsuapi_DsReplicaObjectIdentifier3Binary);
1818 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1819 status = ndr_map_error2ntstatus(ndr_err);
1820 talloc_free(tmp_ctx);
1821 return ntstatus_to_werror(status);
1824 dn = ldb_dn_new(tmp_ctx, ctx->ldb, id3.dn);
1826 talloc_free(tmp_ctx);
1827 /* If this fails, it must be out of memory, as it does not do much parsing */
1828 W_ERROR_HAVE_NO_MEMORY(dn);
1831 status = GUID_to_ndr_blob(&id3.guid, tmp_ctx, &guid_blob);
1832 if (!NT_STATUS_IS_OK(status)) {
1833 talloc_free(tmp_ctx);
1834 return ntstatus_to_werror(status);
1837 ret = ldb_dn_set_extended_component(dn, "GUID", &guid_blob);
1838 if (ret != LDB_SUCCESS) {
1839 talloc_free(tmp_ctx);
1843 talloc_free(guid_blob.data);
1845 if (id3.__ndr_size_sid) {
1847 ndr_err = ndr_push_struct_blob(&sid_blob, tmp_ctx, &id3.sid,
1848 (ndr_push_flags_fn_t)ndr_push_dom_sid);
1849 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1850 status = ndr_map_error2ntstatus(ndr_err);
1851 talloc_free(tmp_ctx);
1852 return ntstatus_to_werror(status);
1855 ret = ldb_dn_set_extended_component(dn, "SID", &sid_blob);
1856 if (ret != LDB_SUCCESS) {
1857 talloc_free(tmp_ctx);
1862 /* set binary stuff */
1863 dsdb_dn = dsdb_dn_construct(tmp_ctx, dn, id3.binary, attr->syntax->ldap_oid);
1865 /* If this fails, it must be out of memory, we know the ldap_oid is valid */
1866 talloc_free(tmp_ctx);
1867 W_ERROR_HAVE_NO_MEMORY(dsdb_dn);
1869 out->values[i] = data_blob_string_const(dsdb_dn_get_extended_linearized(out->values, dsdb_dn, 1));
1870 talloc_free(tmp_ctx);
1876 static WERROR dsdb_syntax_DN_BINARY_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
1877 const struct dsdb_attribute *attr,
1878 const struct ldb_message_element *in,
1879 TALLOC_CTX *mem_ctx,
1880 struct drsuapi_DsReplicaAttribute *out)
1885 if (attr->attributeID_id == 0xFFFFFFFF) {
1889 out->attid = attr->attributeID_id;
1890 out->value_ctr.num_values = in->num_values;
1891 out->value_ctr.values = talloc_array(mem_ctx,
1892 struct drsuapi_DsAttributeValue,
1894 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
1896 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
1897 W_ERROR_HAVE_NO_MEMORY(blobs);
1899 for (i=0; i < in->num_values; i++) {
1900 struct drsuapi_DsReplicaObjectIdentifier3Binary id3;
1901 enum ndr_err_code ndr_err;
1902 const DATA_BLOB *sid_blob;
1903 struct dsdb_dn *dsdb_dn;
1904 TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
1907 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
1909 out->value_ctr.values[i].blob = &blobs[i];
1911 dsdb_dn = dsdb_dn_parse(tmp_ctx, ctx->ldb, &in->values[i], attr->syntax->ldap_oid);
1914 talloc_free(tmp_ctx);
1915 return ntstatus_to_werror(NT_STATUS_INVALID_PARAMETER);
1920 status = dsdb_get_extended_dn_guid(dsdb_dn->dn, &id3.guid, "GUID");
1921 if (!NT_STATUS_IS_OK(status) &&
1922 !NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
1923 talloc_free(tmp_ctx);
1924 return ntstatus_to_werror(status);
1927 sid_blob = ldb_dn_get_extended_component(dsdb_dn->dn, "SID");
1930 ndr_err = ndr_pull_struct_blob_all(sid_blob,
1932 (ndr_pull_flags_fn_t)ndr_pull_dom_sid);
1933 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1934 status = ndr_map_error2ntstatus(ndr_err);
1935 talloc_free(tmp_ctx);
1936 return ntstatus_to_werror(status);
1940 id3.dn = ldb_dn_get_linearized(dsdb_dn->dn);
1942 /* get binary stuff */
1943 id3.binary = dsdb_dn->extra_part;
1945 ndr_err = ndr_push_struct_blob(&blobs[i], blobs, &id3, (ndr_push_flags_fn_t)ndr_push_drsuapi_DsReplicaObjectIdentifier3Binary);
1946 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1947 status = ndr_map_error2ntstatus(ndr_err);
1948 talloc_free(tmp_ctx);
1949 return ntstatus_to_werror(status);
1951 talloc_free(tmp_ctx);
1957 static WERROR dsdb_syntax_DN_BINARY_validate_ldb(const struct dsdb_syntax_ctx *ctx,
1958 const struct dsdb_attribute *attr,
1959 const struct ldb_message_element *in)
1963 if (attr->attributeID_id == 0xFFFFFFFF) {
1967 for (i=0; i < in->num_values; i++) {
1969 struct dsdb_dn *dsdb_dn;
1970 TALLOC_CTX *tmp_ctx = talloc_new(ctx->ldb);
1971 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
1973 status = dsdb_syntax_DN_validate_one_val(ctx,
1977 if (!W_ERROR_IS_OK(status)) {
1978 talloc_free(tmp_ctx);
1982 if (dsdb_dn->dn_format != DSDB_BINARY_DN) {
1983 talloc_free(tmp_ctx);
1984 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1987 status = dsdb_syntax_DATA_BLOB_validate_one_val(ctx,
1989 &dsdb_dn->extra_part);
1990 if (!W_ERROR_IS_OK(status)) {
1991 talloc_free(tmp_ctx);
1995 talloc_free(tmp_ctx);
2001 static WERROR dsdb_syntax_DN_STRING_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
2002 const struct dsdb_attribute *attr,
2003 const struct drsuapi_DsReplicaAttribute *in,
2004 TALLOC_CTX *mem_ctx,
2005 struct ldb_message_element *out)
2007 return dsdb_syntax_DN_BINARY_drsuapi_to_ldb(ctx,
2014 static WERROR dsdb_syntax_DN_STRING_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
2015 const struct dsdb_attribute *attr,
2016 const struct ldb_message_element *in,
2017 TALLOC_CTX *mem_ctx,
2018 struct drsuapi_DsReplicaAttribute *out)
2020 return dsdb_syntax_DN_BINARY_ldb_to_drsuapi(ctx,
2027 static WERROR dsdb_syntax_DN_STRING_validate_ldb(const struct dsdb_syntax_ctx *ctx,
2028 const struct dsdb_attribute *attr,
2029 const struct ldb_message_element *in)
2033 if (attr->attributeID_id == 0xFFFFFFFF) {
2037 for (i=0; i < in->num_values; i++) {
2039 struct dsdb_dn *dsdb_dn;
2040 TALLOC_CTX *tmp_ctx = talloc_new(ctx->ldb);
2041 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
2043 status = dsdb_syntax_DN_validate_one_val(ctx,
2047 if (!W_ERROR_IS_OK(status)) {
2048 talloc_free(tmp_ctx);
2052 if (dsdb_dn->dn_format != DSDB_STRING_DN) {
2053 talloc_free(tmp_ctx);
2054 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
2057 status = dsdb_syntax_UNICODE_validate_one_val(ctx,
2059 &dsdb_dn->extra_part);
2060 if (!W_ERROR_IS_OK(status)) {
2061 talloc_free(tmp_ctx);
2065 talloc_free(tmp_ctx);
2071 static WERROR dsdb_syntax_PRESENTATION_ADDRESS_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
2072 const struct dsdb_attribute *attr,
2073 const struct drsuapi_DsReplicaAttribute *in,
2074 TALLOC_CTX *mem_ctx,
2075 struct ldb_message_element *out)
2080 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
2081 W_ERROR_HAVE_NO_MEMORY(out->name);
2083 out->num_values = in->value_ctr.num_values;
2084 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
2085 W_ERROR_HAVE_NO_MEMORY(out->values);
2087 for (i=0; i < out->num_values; i++) {
2091 if (in->value_ctr.values[i].blob == NULL) {
2095 if (in->value_ctr.values[i].blob->length < 4) {
2099 len = IVAL(in->value_ctr.values[i].blob->data, 0);
2101 if (len != in->value_ctr.values[i].blob->length) {
2105 if (!convert_string_talloc(out->values, CH_UTF16, CH_UNIX,
2106 in->value_ctr.values[i].blob->data+4,
2107 in->value_ctr.values[i].blob->length-4,
2108 (void **)&str, NULL, false)) {
2112 out->values[i] = data_blob_string_const(str);
2118 static WERROR dsdb_syntax_PRESENTATION_ADDRESS_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
2119 const struct dsdb_attribute *attr,
2120 const struct ldb_message_element *in,
2121 TALLOC_CTX *mem_ctx,
2122 struct drsuapi_DsReplicaAttribute *out)
2127 if (attr->attributeID_id == 0xFFFFFFFF) {
2131 out->attid = attr->attributeID_id;
2132 out->value_ctr.num_values = in->num_values;
2133 out->value_ctr.values = talloc_array(mem_ctx,
2134 struct drsuapi_DsAttributeValue,
2136 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
2138 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
2139 W_ERROR_HAVE_NO_MEMORY(blobs);
2141 for (i=0; i < in->num_values; i++) {
2145 out->value_ctr.values[i].blob = &blobs[i];
2147 if (!convert_string_talloc(blobs, CH_UNIX, CH_UTF16,
2149 in->values[i].length,
2150 (void **)&data, &ret, false)) {
2154 blobs[i] = data_blob_talloc(blobs, NULL, 4 + ret);
2155 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
2157 SIVAL(blobs[i].data, 0, 4 + ret);
2160 memcpy(blobs[i].data + 4, data, ret);
2168 static WERROR dsdb_syntax_PRESENTATION_ADDRESS_validate_ldb(const struct dsdb_syntax_ctx *ctx,
2169 const struct dsdb_attribute *attr,
2170 const struct ldb_message_element *in)
2172 return dsdb_syntax_UNICODE_validate_ldb(ctx,
2177 #define OMOBJECTCLASS(val) { .length = sizeof(val) - 1, .data = discard_const_p(uint8_t, val) }
2179 static const struct dsdb_syntax dsdb_syntaxes[] = {
2182 .ldap_oid = LDB_SYNTAX_BOOLEAN,
2184 .attributeSyntax_oid = "2.5.5.8",
2185 .drsuapi_to_ldb = dsdb_syntax_BOOL_drsuapi_to_ldb,
2186 .ldb_to_drsuapi = dsdb_syntax_BOOL_ldb_to_drsuapi,
2187 .validate_ldb = dsdb_syntax_BOOL_validate_ldb,
2188 .equality = "booleanMatch",
2189 .comment = "Boolean"
2192 .ldap_oid = LDB_SYNTAX_INTEGER,
2194 .attributeSyntax_oid = "2.5.5.9",
2195 .drsuapi_to_ldb = dsdb_syntax_INT32_drsuapi_to_ldb,
2196 .ldb_to_drsuapi = dsdb_syntax_INT32_ldb_to_drsuapi,
2197 .validate_ldb = dsdb_syntax_INT32_validate_ldb,
2198 .equality = "integerMatch",
2199 .comment = "Integer",
2200 .ldb_syntax = LDB_SYNTAX_SAMBA_INT32
2202 .name = "String(Octet)",
2203 .ldap_oid = LDB_SYNTAX_OCTET_STRING,
2205 .attributeSyntax_oid = "2.5.5.10",
2206 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2207 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2208 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2209 .equality = "octetStringMatch",
2210 .comment = "Octet String",
2212 .name = "String(Sid)",
2213 .ldap_oid = LDB_SYNTAX_OCTET_STRING,
2215 .attributeSyntax_oid = "2.5.5.17",
2216 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2217 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2218 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2219 .equality = "octetStringMatch",
2220 .comment = "Octet String - Security Identifier (SID)",
2221 .ldb_syntax = LDB_SYNTAX_SAMBA_SID
2223 .name = "String(Object-Identifier)",
2224 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.38",
2226 .attributeSyntax_oid = "2.5.5.2",
2227 .drsuapi_to_ldb = dsdb_syntax_OID_drsuapi_to_ldb,
2228 .ldb_to_drsuapi = dsdb_syntax_OID_ldb_to_drsuapi,
2229 .validate_ldb = dsdb_syntax_OID_validate_ldb,
2230 .equality = "caseIgnoreMatch", /* Would use "objectIdentifierMatch" but most are ldap attribute/class names */
2231 .comment = "OID String",
2232 .ldb_syntax = LDB_SYNTAX_DIRECTORY_STRING
2234 .name = "Enumeration",
2235 .ldap_oid = LDB_SYNTAX_INTEGER,
2237 .attributeSyntax_oid = "2.5.5.9",
2238 .drsuapi_to_ldb = dsdb_syntax_INT32_drsuapi_to_ldb,
2239 .ldb_to_drsuapi = dsdb_syntax_INT32_ldb_to_drsuapi,
2240 .validate_ldb = dsdb_syntax_INT32_validate_ldb,
2241 .ldb_syntax = LDB_SYNTAX_SAMBA_INT32
2243 /* not used in w2k3 forest */
2244 .name = "String(Numeric)",
2245 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.36",
2247 .attributeSyntax_oid = "2.5.5.6",
2248 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2249 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2250 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2251 .equality = "numericStringMatch",
2252 .substring = "numericStringSubstringsMatch",
2253 .comment = "Numeric String",
2254 .ldb_syntax = LDB_SYNTAX_DIRECTORY_STRING,
2256 .name = "String(Printable)",
2257 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.44",
2259 .attributeSyntax_oid = "2.5.5.5",
2260 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2261 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2262 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2263 .ldb_syntax = LDB_SYNTAX_OCTET_STRING,
2265 .name = "String(Teletex)",
2266 .ldap_oid = "1.2.840.113556.1.4.905",
2268 .attributeSyntax_oid = "2.5.5.4",
2269 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2270 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2271 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2272 .equality = "caseIgnoreMatch",
2273 .substring = "caseIgnoreSubstringsMatch",
2274 .comment = "Case Insensitive String",
2275 .ldb_syntax = LDB_SYNTAX_DIRECTORY_STRING,
2277 .name = "String(IA5)",
2278 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.26",
2280 .attributeSyntax_oid = "2.5.5.5",
2281 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2282 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2283 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2284 .equality = "caseExactIA5Match",
2285 .comment = "Printable String",
2286 .ldb_syntax = LDB_SYNTAX_OCTET_STRING,
2288 .name = "String(UTC-Time)",
2289 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.53",
2291 .attributeSyntax_oid = "2.5.5.11",
2292 .drsuapi_to_ldb = dsdb_syntax_NTTIME_UTC_drsuapi_to_ldb,
2293 .ldb_to_drsuapi = dsdb_syntax_NTTIME_UTC_ldb_to_drsuapi,
2294 .validate_ldb = dsdb_syntax_NTTIME_UTC_validate_ldb,
2295 .equality = "generalizedTimeMatch",
2296 .comment = "UTC Time",
2298 .name = "String(Generalized-Time)",
2299 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.24",
2301 .attributeSyntax_oid = "2.5.5.11",
2302 .drsuapi_to_ldb = dsdb_syntax_NTTIME_drsuapi_to_ldb,
2303 .ldb_to_drsuapi = dsdb_syntax_NTTIME_ldb_to_drsuapi,
2304 .validate_ldb = dsdb_syntax_NTTIME_validate_ldb,
2305 .equality = "generalizedTimeMatch",
2306 .comment = "Generalized Time",
2307 .ldb_syntax = LDB_SYNTAX_UTC_TIME,
2309 /* not used in w2k3 schema */
2310 .name = "String(Case Sensitive)",
2311 .ldap_oid = "1.2.840.113556.1.4.1362",
2313 .attributeSyntax_oid = "2.5.5.3",
2314 .drsuapi_to_ldb = dsdb_syntax_FOOBAR_drsuapi_to_ldb,
2315 .ldb_to_drsuapi = dsdb_syntax_FOOBAR_ldb_to_drsuapi,
2316 .validate_ldb = dsdb_syntax_FOOBAR_validate_ldb,
2318 .name = "String(Unicode)",
2319 .ldap_oid = LDB_SYNTAX_DIRECTORY_STRING,
2321 .attributeSyntax_oid = "2.5.5.12",
2322 .drsuapi_to_ldb = dsdb_syntax_UNICODE_drsuapi_to_ldb,
2323 .ldb_to_drsuapi = dsdb_syntax_UNICODE_ldb_to_drsuapi,
2324 .validate_ldb = dsdb_syntax_UNICODE_validate_ldb,
2325 .equality = "caseIgnoreMatch",
2326 .substring = "caseIgnoreSubstringsMatch",
2327 .comment = "Directory String",
2329 .name = "Interval/LargeInteger",
2330 .ldap_oid = "1.2.840.113556.1.4.906",
2332 .attributeSyntax_oid = "2.5.5.16",
2333 .drsuapi_to_ldb = dsdb_syntax_INT64_drsuapi_to_ldb,
2334 .ldb_to_drsuapi = dsdb_syntax_INT64_ldb_to_drsuapi,
2335 .validate_ldb = dsdb_syntax_INT64_validate_ldb,
2336 .equality = "integerMatch",
2337 .comment = "Large Integer",
2338 .ldb_syntax = LDB_SYNTAX_INTEGER,
2340 .name = "String(NT-Sec-Desc)",
2341 .ldap_oid = LDB_SYNTAX_SAMBA_SECURITY_DESCRIPTOR,
2343 .attributeSyntax_oid = "2.5.5.15",
2344 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2345 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2346 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2348 .name = "Object(DS-DN)",
2349 .ldap_oid = LDB_SYNTAX_DN,
2351 .oMObjectClass = OMOBJECTCLASS("\x2b\x0c\x02\x87\x73\x1c\x00\x85\x4a"),
2352 .attributeSyntax_oid = "2.5.5.1",
2353 .drsuapi_to_ldb = dsdb_syntax_DN_drsuapi_to_ldb,
2354 .ldb_to_drsuapi = dsdb_syntax_DN_ldb_to_drsuapi,
2355 .validate_ldb = dsdb_syntax_DN_validate_ldb,
2356 .equality = "distinguishedNameMatch",
2357 .comment = "Object(DS-DN) == a DN",
2359 .name = "Object(DN-Binary)",
2360 .ldap_oid = DSDB_SYNTAX_BINARY_DN,
2362 .oMObjectClass = OMOBJECTCLASS("\x2a\x86\x48\x86\xf7\x14\x01\x01\x01\x0b"),
2363 .attributeSyntax_oid = "2.5.5.7",
2364 .drsuapi_to_ldb = dsdb_syntax_DN_BINARY_drsuapi_to_ldb,
2365 .ldb_to_drsuapi = dsdb_syntax_DN_BINARY_ldb_to_drsuapi,
2366 .validate_ldb = dsdb_syntax_DN_BINARY_validate_ldb,
2367 .equality = "octetStringMatch",
2368 .comment = "OctetString: Binary+DN",
2370 /* not used in w2k3 schema, but used in Exchange schema*/
2371 .name = "Object(OR-Name)",
2372 .ldap_oid = DSDB_SYNTAX_OR_NAME,
2374 .oMObjectClass = OMOBJECTCLASS("\x56\x06\x01\x02\x05\x0b\x1D"),
2375 .attributeSyntax_oid = "2.5.5.7",
2376 .drsuapi_to_ldb = dsdb_syntax_DN_BINARY_drsuapi_to_ldb,
2377 .ldb_to_drsuapi = dsdb_syntax_DN_BINARY_ldb_to_drsuapi,
2378 .validate_ldb = dsdb_syntax_DN_BINARY_validate_ldb,
2379 .equality = "caseIgnoreMatch",
2380 .ldb_syntax = LDB_SYNTAX_DN,
2383 * TODO: verify if DATA_BLOB is correct here...!
2385 * repsFrom and repsTo are the only attributes using
2386 * this attribute syntax, but they're not replicated...
2388 .name = "Object(Replica-Link)",
2389 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.40",
2391 .oMObjectClass = OMOBJECTCLASS("\x2a\x86\x48\x86\xf7\x14\x01\x01\x01\x06"),
2392 .attributeSyntax_oid = "2.5.5.10",
2393 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2394 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2395 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2397 .name = "Object(Presentation-Address)",
2398 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.43",
2400 .oMObjectClass = OMOBJECTCLASS("\x2b\x0c\x02\x87\x73\x1c\x00\x85\x5c"),
2401 .attributeSyntax_oid = "2.5.5.13",
2402 .drsuapi_to_ldb = dsdb_syntax_PRESENTATION_ADDRESS_drsuapi_to_ldb,
2403 .ldb_to_drsuapi = dsdb_syntax_PRESENTATION_ADDRESS_ldb_to_drsuapi,
2404 .validate_ldb = dsdb_syntax_PRESENTATION_ADDRESS_validate_ldb,
2405 .comment = "Presentation Address",
2406 .ldb_syntax = LDB_SYNTAX_DIRECTORY_STRING,
2408 /* not used in w2k3 schema */
2409 .name = "Object(Access-Point)",
2410 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.2",
2412 .oMObjectClass = OMOBJECTCLASS("\x2b\x0c\x02\x87\x73\x1c\x00\x85\x3e"),
2413 .attributeSyntax_oid = "2.5.5.14",
2414 .drsuapi_to_ldb = dsdb_syntax_FOOBAR_drsuapi_to_ldb,
2415 .ldb_to_drsuapi = dsdb_syntax_FOOBAR_ldb_to_drsuapi,
2416 .validate_ldb = dsdb_syntax_FOOBAR_validate_ldb,
2417 .ldb_syntax = LDB_SYNTAX_DIRECTORY_STRING,
2419 /* not used in w2k3 schema */
2420 .name = "Object(DN-String)",
2421 .ldap_oid = DSDB_SYNTAX_STRING_DN,
2423 .oMObjectClass = OMOBJECTCLASS("\x2a\x86\x48\x86\xf7\x14\x01\x01\x01\x0c"),
2424 .attributeSyntax_oid = "2.5.5.14",
2425 .drsuapi_to_ldb = dsdb_syntax_DN_STRING_drsuapi_to_ldb,
2426 .ldb_to_drsuapi = dsdb_syntax_DN_STRING_ldb_to_drsuapi,
2427 .validate_ldb = dsdb_syntax_DN_STRING_validate_ldb,
2428 .equality = "octetStringMatch",
2429 .comment = "OctetString: String+DN",
2433 const struct dsdb_syntax *find_syntax_map_by_ad_oid(const char *ad_oid)
2436 for (i=0; dsdb_syntaxes[i].ldap_oid; i++) {
2437 if (strcasecmp(ad_oid, dsdb_syntaxes[i].attributeSyntax_oid) == 0) {
2438 return &dsdb_syntaxes[i];
2444 const struct dsdb_syntax *find_syntax_map_by_ad_syntax(int oMSyntax)
2447 for (i=0; dsdb_syntaxes[i].ldap_oid; i++) {
2448 if (oMSyntax == dsdb_syntaxes[i].oMSyntax) {
2449 return &dsdb_syntaxes[i];
2455 const struct dsdb_syntax *find_syntax_map_by_standard_oid(const char *standard_oid)
2458 for (i=0; dsdb_syntaxes[i].ldap_oid; i++) {
2459 if (strcasecmp(standard_oid, dsdb_syntaxes[i].ldap_oid) == 0) {
2460 return &dsdb_syntaxes[i];
2465 const struct dsdb_syntax *dsdb_syntax_for_attribute(const struct dsdb_attribute *attr)
2469 for (i=0; i < ARRAY_SIZE(dsdb_syntaxes); i++) {
2470 if (attr->oMSyntax != dsdb_syntaxes[i].oMSyntax) continue;
2472 if (attr->oMObjectClass.length != dsdb_syntaxes[i].oMObjectClass.length) continue;
2474 if (attr->oMObjectClass.length) {
2476 ret = memcmp(attr->oMObjectClass.data,
2477 dsdb_syntaxes[i].oMObjectClass.data,
2478 attr->oMObjectClass.length);
2479 if (ret != 0) continue;
2482 if (strcmp(attr->attributeSyntax_oid, dsdb_syntaxes[i].attributeSyntax_oid) != 0) continue;
2484 return &dsdb_syntaxes[i];
2490 WERROR dsdb_attribute_drsuapi_to_ldb(struct ldb_context *ldb,
2491 const struct dsdb_schema *schema,
2492 const struct drsuapi_DsReplicaAttribute *in,
2493 TALLOC_CTX *mem_ctx,
2494 struct ldb_message_element *out)
2496 const struct dsdb_attribute *sa;
2497 struct dsdb_syntax_ctx syntax_ctx;
2499 sa = dsdb_attribute_by_attributeID_id(schema, in->attid);
2504 /* use default syntax conversion context */
2505 dsdb_syntax_ctx_init(&syntax_ctx, ldb, schema);
2507 return sa->syntax->drsuapi_to_ldb(&syntax_ctx, sa, in, mem_ctx, out);
2510 WERROR dsdb_attribute_ldb_to_drsuapi(struct ldb_context *ldb,
2511 const struct dsdb_schema *schema,
2512 const struct ldb_message_element *in,
2513 TALLOC_CTX *mem_ctx,
2514 struct drsuapi_DsReplicaAttribute *out)
2516 const struct dsdb_attribute *sa;
2517 struct dsdb_syntax_ctx syntax_ctx;
2519 sa = dsdb_attribute_by_lDAPDisplayName(schema, in->name);
2524 /* use default syntax conversion context */
2525 dsdb_syntax_ctx_init(&syntax_ctx, ldb, schema);
2527 return sa->syntax->ldb_to_drsuapi(&syntax_ctx, sa, in, mem_ctx, out);