const char *lDAPDisplayName = talloc_strndup(tmp_ctx, (char *)in->data, in->length);
sclass = dsdb_class_by_lDAPDisplayName(schema, lDAPDisplayName);
if (sclass) {
- struct ldb_dn *dn = ldb_dn_new(mem_ctx, ldb,
+ struct ldb_dn *dn = ldb_dn_new(tmp_ctx, ldb,
sclass->defaultObjectCategory);
+ if (dn == NULL) {
+ talloc_free(tmp_ctx);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
*out = data_blob_string_const(ldb_dn_alloc_casefold(mem_ctx, dn));
talloc_free(tmp_ctx);
true);
}
+/*
+ convert a NDR formatted blob to a ldif formatted msDS-TrustForestTrustInfo
+*/
+static int ldif_write_ForestTrustInfo(struct ldb_context *ldb, void *mem_ctx,
+ const struct ldb_val *in, struct ldb_val *out)
+{
+ return ldif_write_NDR(ldb, mem_ctx, in, out,
+ sizeof(struct ForestTrustInfo),
+ (ndr_pull_flags_fn_t)ndr_pull_ForestTrustInfo,
+ (ndr_print_fn_t)ndr_print_ForestTrustInfo,
+ true);
+}
/*
convert a NDR formatted blob of a partialAttributeSet into text
*/
.canonicalise_fn = ldb_handler_copy,
.comparison_fn = ldb_comparison_binary,
.operator_fn = samba_syntax_operator_fn
+ },{
+ .name = LDB_SYNTAX_SAMBA_FORESTTRUSTINFO,
+ .ldif_read_fn = ldb_handler_copy,
+ .ldif_write_fn = ldif_write_ForestTrustInfo,
+ .canonicalise_fn = ldb_handler_copy,
+ .comparison_fn = ldb_comparison_binary,
+ .operator_fn = samba_syntax_operator_fn
},{
.name = DSDB_SYNTAX_BINARY_DN,
.ldif_read_fn = ldb_handler_copy,
const char *name;
const char *syntax;
} samba_attributes[] = {
- { "objectSid", LDB_SYNTAX_SAMBA_SID },
- { "securityIdentifier", LDB_SYNTAX_SAMBA_SID },
- { "tokenGroups", LDB_SYNTAX_SAMBA_SID },
{ "ntSecurityDescriptor", LDB_SYNTAX_SAMBA_SECURITY_DESCRIPTOR },
{ "oMSyntax", LDB_SYNTAX_SAMBA_INT32 },
{ "objectCategory", LDB_SYNTAX_SAMBA_OBJECT_CATEGORY },
{ "replUpToDateVector", LDB_SYNTAX_SAMBA_REPLUPTODATEVECTOR },
{ "trustAuthIncoming", LDB_SYNTAX_SAMBA_TRUSTAUTHINOUTBLOB },
{ "trustAuthOutgoing", LDB_SYNTAX_SAMBA_TRUSTAUTHINOUTBLOB },
+ { "msDS-TrustForestTrustInfo", LDB_SYNTAX_SAMBA_FORESTTRUSTINFO },
{ "rIDAllocationPool", LDB_SYNTAX_SAMBA_RANGE64 },
{ "rIDPreviousAllocationPool", LDB_SYNTAX_SAMBA_RANGE64 },
{ "rIDAvailablePool", LDB_SYNTAX_SAMBA_RANGE64 },
{ "defaultSecurityDescriptor", LDB_SYNTAX_SAMBA_SDDL_SECURITY_DESCRIPTOR },
+ /*
+ * these are extracted by searching
+ * (&(attributeSyntax=2.5.5.17)(omSyntax=4))
+ *
+ * Except: msAuthz-CentralAccessPolicyID as it might be a GUID see:
+ * adminDescription: For a Central Access Policy, this attribute defines a GUID t
+ * hat can be used to identify the set of policies when applied to a resource.
+ * Until we see a msAuthz-CentralAccessPolicyID value on a windows
+ * server, we ignore it here.
+ */
+ { "mS-DS-CreatorSID", LDB_SYNTAX_SAMBA_SID },
+ { "msDS-QuotaTrustee", LDB_SYNTAX_SAMBA_SID },
+ { "objectSid", LDB_SYNTAX_SAMBA_SID },
+ { "tokenGroups", LDB_SYNTAX_SAMBA_SID },
+ { "tokenGroupsGlobalAndUniversal", LDB_SYNTAX_SAMBA_SID },
+ { "tokenGroupsNoGCAcceptable", LDB_SYNTAX_SAMBA_SID },
+ { "securityIdentifier", LDB_SYNTAX_SAMBA_SID },
+ { "sIDHistory", LDB_SYNTAX_SAMBA_SID },
+ { "syncWithSID", LDB_SYNTAX_SAMBA_SID },
+
/*
* these are extracted by searching
* (&(attributeSyntax=2.5.5.10)(rangeLower=16)(rangeUpper=16)(omSyntax=4))
{ "fRSVersionGUID", LDB_SYNTAX_SAMBA_GUID },
{ "implementedCategories", LDB_SYNTAX_SAMBA_GUID },
{ "msDS-AzObjectGuid", LDB_SYNTAX_SAMBA_GUID },
+ { "msDS-GenerationId", LDB_SYNTAX_SAMBA_GUID },
+ { "msDS-OptionalFeatureGUID", LDB_SYNTAX_SAMBA_GUID },
{ "msDFSR-ContentSetGuid", LDB_SYNTAX_SAMBA_GUID },
{ "msDFSR-ReplicationGroupGuid", LDB_SYNTAX_SAMBA_GUID },
{ "mSMQDigests", LDB_SYNTAX_SAMBA_GUID },
{ "msDFS-GenerationGUIDv2", LDB_SYNTAX_SAMBA_GUID },
{ "msDFS-LinkIdentityGUIDv2", LDB_SYNTAX_SAMBA_GUID },
{ "msDFS-NamespaceIdentityGUIDv2", LDB_SYNTAX_SAMBA_GUID },
+ { "msSPP-CSVLKSkuId", LDB_SYNTAX_SAMBA_GUID },
+ { "msSPP-KMSIds", LDB_SYNTAX_SAMBA_GUID },
/*
* these are known to be GUIDs
*/
{ "invocationId", LDB_SYNTAX_SAMBA_GUID },
{ "parentGUID", LDB_SYNTAX_SAMBA_GUID },
- { "msDS-OptionalFeatureGUID", LDB_SYNTAX_SAMBA_GUID },
/* These NDR encoded things we want to be able to read with --show-binary */
{ "dnsRecord", LDB_SYNTAX_SAMBA_DNSRECORD },
}
+ ret = ldb_register_samba_matching_rules(ldb);
+ if (ret != LDB_SUCCESS) {
+ talloc_free(ldb);
+ return LDB_SUCCESS;
+ }
+
ret = ldb_set_opaque(ldb, "SAMBA_HANDLERS_REGISTERED", (void*)1);
if (ret != LDB_SUCCESS) {
return ret;