const char *lDAPDisplayName = talloc_strndup(tmp_ctx, (char *)in->data, in->length);
sclass = dsdb_class_by_lDAPDisplayName(schema, lDAPDisplayName);
if (sclass) {
- struct ldb_dn *dn = ldb_dn_new(mem_ctx, ldb,
+ struct ldb_dn *dn = ldb_dn_new(tmp_ctx, ldb,
sclass->defaultObjectCategory);
+ if (dn == NULL) {
+ talloc_free(tmp_ctx);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
*out = data_blob_string_const(ldb_dn_alloc_casefold(mem_ctx, dn));
talloc_free(tmp_ctx);
true);
}
+static int ldif_write_dn_binary_NDR(struct ldb_context *ldb, void *mem_ctx,
+ const struct ldb_val *in, struct ldb_val *out,
+ size_t struct_size,
+ ndr_pull_flags_fn_t pull_fn,
+ ndr_print_fn_t print_fn,
+ bool mask_errors)
+{
+ uint8_t *p = NULL;
+ enum ndr_err_code err;
+ struct dsdb_dn *dsdb_dn = NULL;
+ char *dn_str = NULL;
+ char *str = NULL;
+
+ if (!(ldb_get_flags(ldb) & LDB_FLG_SHOW_BINARY)) {
+ return ldb_handler_copy(ldb, mem_ctx, in, out);
+ }
+
+ dsdb_dn = dsdb_dn_parse(mem_ctx, ldb, in, DSDB_SYNTAX_BINARY_DN);
+ if (dsdb_dn == NULL) {
+ return ldb_handler_copy(ldb, mem_ctx, in, out);
+ }
+
+ p = talloc_size(dsdb_dn, struct_size);
+ if (p == NULL) {
+ TALLOC_FREE(dsdb_dn);
+ return ldb_handler_copy(ldb, mem_ctx, in, out);
+ }
+
+ err = ndr_pull_struct_blob(&dsdb_dn->extra_part, p, p, pull_fn);
+ if (err != NDR_ERR_SUCCESS) {
+ /* fail in not in mask_error mode */
+ if (!mask_errors) {
+ return -1;
+ }
+ TALLOC_FREE(dsdb_dn);
+ return ldb_handler_copy(ldb, mem_ctx, in, out);
+ }
+
+ dn_str = ldb_dn_get_extended_linearized(dsdb_dn, dsdb_dn->dn, 1);
+ if (dn_str == NULL) {
+ TALLOC_FREE(dsdb_dn);
+ return ldb_handler_copy(ldb, mem_ctx, in, out);
+ }
+
+ str = ndr_print_struct_string(mem_ctx, print_fn, dn_str, p);
+ TALLOC_FREE(dsdb_dn);
+ if (str == NULL) {
+ return ldb_handler_copy(ldb, mem_ctx, in, out);
+ }
+
+ *out = data_blob_string_const(str);
+ return 0;
+}
+
+static int ldif_write_msDS_RevealedUsers(struct ldb_context *ldb, void *mem_ctx,
+ const struct ldb_val *in, struct ldb_val *out)
+{
+ return ldif_write_dn_binary_NDR(ldb, mem_ctx, in, out,
+ sizeof(struct replPropertyMetaData1),
+ (ndr_pull_flags_fn_t)ndr_pull_replPropertyMetaData1,
+ (ndr_print_fn_t)ndr_print_replPropertyMetaData1,
+ true);
+}
/*
convert a NDR formatted blob to a ldif formatted dnsRecord
true);
}
+/*
+ convert a NDR formatted blob to a ldif formatted msDS-TrustForestTrustInfo
+*/
+static int ldif_write_ForestTrustInfo(struct ldb_context *ldb, void *mem_ctx,
+ const struct ldb_val *in, struct ldb_val *out)
+{
+ return ldif_write_NDR(ldb, mem_ctx, in, out,
+ sizeof(struct ForestTrustInfo),
+ (ndr_pull_flags_fn_t)ndr_pull_ForestTrustInfo,
+ (ndr_print_fn_t)ndr_print_ForestTrustInfo,
+ true);
+}
/*
convert a NDR formatted blob of a partialAttributeSet into text
*/
.canonicalise_fn = ldb_handler_copy,
.comparison_fn = ldb_comparison_binary,
.operator_fn = samba_syntax_operator_fn
+ },{
+ .name = LDB_SYNTAX_SAMBA_REVEALEDUSERS,
+ .ldif_read_fn = ldb_handler_copy,
+ .ldif_write_fn = ldif_write_msDS_RevealedUsers,
+ .canonicalise_fn = dsdb_dn_binary_canonicalise,
+ .comparison_fn = dsdb_dn_binary_comparison,
+ .operator_fn = samba_syntax_operator_fn
},{
.name = LDB_SYNTAX_SAMBA_TRUSTAUTHINOUTBLOB,
.ldif_read_fn = ldb_handler_copy,
.canonicalise_fn = ldb_handler_copy,
.comparison_fn = ldb_comparison_binary,
.operator_fn = samba_syntax_operator_fn
+ },{
+ .name = LDB_SYNTAX_SAMBA_FORESTTRUSTINFO,
+ .ldif_read_fn = ldb_handler_copy,
+ .ldif_write_fn = ldif_write_ForestTrustInfo,
+ .canonicalise_fn = ldb_handler_copy,
+ .comparison_fn = ldb_comparison_binary,
+ .operator_fn = samba_syntax_operator_fn
},{
.name = DSDB_SYNTAX_BINARY_DN,
.ldif_read_fn = ldb_handler_copy,
const char *name;
const char *syntax;
} samba_attributes[] = {
- { "objectSid", LDB_SYNTAX_SAMBA_SID },
- { "securityIdentifier", LDB_SYNTAX_SAMBA_SID },
- { "tokenGroups", LDB_SYNTAX_SAMBA_SID },
{ "ntSecurityDescriptor", LDB_SYNTAX_SAMBA_SECURITY_DESCRIPTOR },
{ "oMSyntax", LDB_SYNTAX_SAMBA_INT32 },
{ "objectCategory", LDB_SYNTAX_SAMBA_OBJECT_CATEGORY },
{ "repsTo", LDB_SYNTAX_SAMBA_REPSFROMTO },
{ "replPropertyMetaData", LDB_SYNTAX_SAMBA_REPLPROPERTYMETADATA },
{ "replUpToDateVector", LDB_SYNTAX_SAMBA_REPLUPTODATEVECTOR },
+ { "msDS-RevealedUsers", LDB_SYNTAX_SAMBA_REVEALEDUSERS },
{ "trustAuthIncoming", LDB_SYNTAX_SAMBA_TRUSTAUTHINOUTBLOB },
{ "trustAuthOutgoing", LDB_SYNTAX_SAMBA_TRUSTAUTHINOUTBLOB },
+ { "msDS-TrustForestTrustInfo", LDB_SYNTAX_SAMBA_FORESTTRUSTINFO },
{ "rIDAllocationPool", LDB_SYNTAX_SAMBA_RANGE64 },
{ "rIDPreviousAllocationPool", LDB_SYNTAX_SAMBA_RANGE64 },
{ "rIDAvailablePool", LDB_SYNTAX_SAMBA_RANGE64 },
{ "defaultSecurityDescriptor", LDB_SYNTAX_SAMBA_SDDL_SECURITY_DESCRIPTOR },
+ /*
+ * these are extracted by searching
+ * (&(attributeSyntax=2.5.5.17)(omSyntax=4))
+ *
+ * Except: msAuthz-CentralAccessPolicyID as it might be a GUID see:
+ * adminDescription: For a Central Access Policy, this attribute defines a GUID t
+ * hat can be used to identify the set of policies when applied to a resource.
+ * Until we see a msAuthz-CentralAccessPolicyID value on a windows
+ * server, we ignore it here.
+ */
+ { "mS-DS-CreatorSID", LDB_SYNTAX_SAMBA_SID },
+ { "msDS-QuotaTrustee", LDB_SYNTAX_SAMBA_SID },
+ { "objectSid", LDB_SYNTAX_SAMBA_SID },
+ { "tokenGroups", LDB_SYNTAX_SAMBA_SID },
+ { "tokenGroupsGlobalAndUniversal", LDB_SYNTAX_SAMBA_SID },
+ { "tokenGroupsNoGCAcceptable", LDB_SYNTAX_SAMBA_SID },
+ { "securityIdentifier", LDB_SYNTAX_SAMBA_SID },
+ { "sIDHistory", LDB_SYNTAX_SAMBA_SID },
+ { "syncWithSID", LDB_SYNTAX_SAMBA_SID },
+
/*
* these are extracted by searching
* (&(attributeSyntax=2.5.5.10)(rangeLower=16)(rangeUpper=16)(omSyntax=4))
{ "fRSVersionGUID", LDB_SYNTAX_SAMBA_GUID },
{ "implementedCategories", LDB_SYNTAX_SAMBA_GUID },
{ "msDS-AzObjectGuid", LDB_SYNTAX_SAMBA_GUID },
+ { "msDS-GenerationId", LDB_SYNTAX_SAMBA_GUID },
+ { "msDS-OptionalFeatureGUID", LDB_SYNTAX_SAMBA_GUID },
{ "msDFSR-ContentSetGuid", LDB_SYNTAX_SAMBA_GUID },
{ "msDFSR-ReplicationGroupGuid", LDB_SYNTAX_SAMBA_GUID },
{ "mSMQDigests", LDB_SYNTAX_SAMBA_GUID },
{ "msDFS-GenerationGUIDv2", LDB_SYNTAX_SAMBA_GUID },
{ "msDFS-LinkIdentityGUIDv2", LDB_SYNTAX_SAMBA_GUID },
{ "msDFS-NamespaceIdentityGUIDv2", LDB_SYNTAX_SAMBA_GUID },
+ { "msSPP-CSVLKSkuId", LDB_SYNTAX_SAMBA_GUID },
+ { "msSPP-KMSIds", LDB_SYNTAX_SAMBA_GUID },
/*
* these are known to be GUIDs
*/
{ "invocationId", LDB_SYNTAX_SAMBA_GUID },
{ "parentGUID", LDB_SYNTAX_SAMBA_GUID },
- { "msDS-OptionalFeatureGUID", LDB_SYNTAX_SAMBA_GUID },
/* These NDR encoded things we want to be able to read with --show-binary */
{ "dnsRecord", LDB_SYNTAX_SAMBA_DNSRECORD },
}
+ ret = ldb_register_samba_matching_rules(ldb);
+ if (ret != LDB_SUCCESS) {
+ talloc_free(ldb);
+ return LDB_SUCCESS;
+ }
+
ret = ldb_set_opaque(ldb, "SAMBA_HANDLERS_REGISTERED", (void*)1);
if (ret != LDB_SUCCESS) {
return ret;