2 Unix SMB/CIFS mplementation.
5 Copyright (C) Stefan Metzmacher <metze@samba.org> 2006
6 Copyright (C) Simo Sorce 2005
7 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2008
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #include "dsdb/samdb/samdb.h"
25 #include "librpc/gen_ndr/ndr_drsuapi.h"
26 #include "librpc/gen_ndr/ndr_security.h"
27 #include "librpc/gen_ndr/ndr_misc.h"
29 #include <ldb_errors.h>
30 #include "system/time.h"
31 #include "../lib/util/charset/charset.h"
32 #include "librpc/ndr/libndr.h"
33 #include "../lib/util/asn1.h"
36 * Initialize dsdb_syntax_ctx with default values
39 void dsdb_syntax_ctx_init(struct dsdb_syntax_ctx *ctx,
40 struct ldb_context *ldb,
41 const struct dsdb_schema *schema)
47 * 'true' will keep current behavior,
48 * i.e. attributeID_id will be returned by default
50 ctx->is_schema_nc = true;
52 ctx->pfm_remote = NULL;
57 * Returns ATTID for DRS attribute.
59 * ATTID depends on whether we are replicating
60 * Schema NC or msDs-IntId is set for schemaAttribute
63 uint32_t dsdb_attribute_get_attid(const struct dsdb_attribute *attr,
66 if (!for_schema_nc && attr->msDS_IntId) {
67 return attr->msDS_IntId;
70 return attr->attributeID_id;
74 * Map an ATTID from remote DC to a local ATTID
75 * using remote prefixMap
77 static bool dsdb_syntax_attid_from_remote_attid(const struct dsdb_syntax_ctx *ctx,
86 * map remote ATTID to local directly in case
87 * of no remote prefixMap (during provision for instance)
89 if (!ctx->pfm_remote) {
90 *id_local = id_remote;
94 werr = dsdb_schema_pfm_oid_from_attid(ctx->pfm_remote, id_remote, mem_ctx, &oid);
95 if (!W_ERROR_IS_OK(werr)) {
96 DEBUG(0,("ATTID->OID failed (%s) for: 0x%08X\n", win_errstr(werr), id_remote));
100 werr = dsdb_schema_pfm_attid_from_oid(ctx->schema->prefixmap, oid, id_local);
101 if (!W_ERROR_IS_OK(werr)) {
102 DEBUG(0,("OID->ATTID failed (%s) for: %s\n", win_errstr(werr), oid));
109 static WERROR dsdb_syntax_FOOBAR_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
110 const struct dsdb_attribute *attr,
111 const struct drsuapi_DsReplicaAttribute *in,
113 struct ldb_message_element *out)
118 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
119 W_ERROR_HAVE_NO_MEMORY(out->name);
121 out->num_values = in->value_ctr.num_values;
122 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
123 W_ERROR_HAVE_NO_MEMORY(out->values);
125 for (i=0; i < out->num_values; i++) {
128 if (in->value_ctr.values[i].blob == NULL) {
132 str = talloc_asprintf(out->values, "%s: not implemented",
134 W_ERROR_HAVE_NO_MEMORY(str);
136 out->values[i] = data_blob_string_const(str);
142 static WERROR dsdb_syntax_FOOBAR_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
143 const struct dsdb_attribute *attr,
144 const struct ldb_message_element *in,
146 struct drsuapi_DsReplicaAttribute *out)
151 static WERROR dsdb_syntax_FOOBAR_validate_ldb(const struct dsdb_syntax_ctx *ctx,
152 const struct dsdb_attribute *attr,
153 const struct ldb_message_element *in)
158 static WERROR dsdb_syntax_BOOL_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
159 const struct dsdb_attribute *attr,
160 const struct drsuapi_DsReplicaAttribute *in,
162 struct ldb_message_element *out)
167 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
168 W_ERROR_HAVE_NO_MEMORY(out->name);
170 out->num_values = in->value_ctr.num_values;
171 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
172 W_ERROR_HAVE_NO_MEMORY(out->values);
174 for (i=0; i < out->num_values; i++) {
178 if (in->value_ctr.values[i].blob == NULL) {
182 if (in->value_ctr.values[i].blob->length != 4) {
186 v = IVAL(in->value_ctr.values[i].blob->data, 0);
189 str = talloc_strdup(out->values, "TRUE");
190 W_ERROR_HAVE_NO_MEMORY(str);
192 str = talloc_strdup(out->values, "FALSE");
193 W_ERROR_HAVE_NO_MEMORY(str);
196 out->values[i] = data_blob_string_const(str);
202 static WERROR dsdb_syntax_BOOL_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
203 const struct dsdb_attribute *attr,
204 const struct ldb_message_element *in,
206 struct drsuapi_DsReplicaAttribute *out)
211 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
212 return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
215 out->attid = dsdb_attribute_get_attid(attr,
217 out->value_ctr.num_values = in->num_values;
218 out->value_ctr.values = talloc_array(mem_ctx,
219 struct drsuapi_DsAttributeValue,
221 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
223 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
224 W_ERROR_HAVE_NO_MEMORY(blobs);
226 for (i=0; i < in->num_values; i++) {
227 out->value_ctr.values[i].blob = &blobs[i];
229 blobs[i] = data_blob_talloc(blobs, NULL, 4);
230 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
232 if (in->values[i].length >= 4 &&
233 strncmp("TRUE", (const char *)in->values[i].data, in->values[i].length) == 0) {
234 SIVAL(blobs[i].data, 0, 0x00000001);
235 } else if (in->values[i].length >= 5 &&
236 strncmp("FALSE", (const char *)in->values[i].data, in->values[i].length) == 0) {
237 SIVAL(blobs[i].data, 0, 0x00000000);
246 static WERROR dsdb_syntax_BOOL_validate_ldb(const struct dsdb_syntax_ctx *ctx,
247 const struct dsdb_attribute *attr,
248 const struct ldb_message_element *in)
252 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
253 return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
256 for (i=0; i < in->num_values; i++) {
257 if (in->values[i].length == 0) {
258 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
261 if (in->values[i].length >= 4 &&
263 (const char *)in->values[i].data,
264 in->values[i].length) == 0) {
267 if (in->values[i].length >= 5 &&
269 (const char *)in->values[i].data,
270 in->values[i].length) == 0) {
273 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
279 static WERROR dsdb_syntax_INT32_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
280 const struct dsdb_attribute *attr,
281 const struct drsuapi_DsReplicaAttribute *in,
283 struct ldb_message_element *out)
288 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
289 W_ERROR_HAVE_NO_MEMORY(out->name);
291 out->num_values = in->value_ctr.num_values;
292 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
293 W_ERROR_HAVE_NO_MEMORY(out->values);
295 for (i=0; i < out->num_values; i++) {
299 if (in->value_ctr.values[i].blob == NULL) {
303 if (in->value_ctr.values[i].blob->length != 4) {
307 v = IVALS(in->value_ctr.values[i].blob->data, 0);
309 str = talloc_asprintf(out->values, "%d", v);
310 W_ERROR_HAVE_NO_MEMORY(str);
312 out->values[i] = data_blob_string_const(str);
318 static WERROR dsdb_syntax_INT32_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
319 const struct dsdb_attribute *attr,
320 const struct ldb_message_element *in,
322 struct drsuapi_DsReplicaAttribute *out)
327 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
328 return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
331 out->attid = dsdb_attribute_get_attid(attr,
333 out->value_ctr.num_values = in->num_values;
334 out->value_ctr.values = talloc_array(mem_ctx,
335 struct drsuapi_DsAttributeValue,
337 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
339 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
340 W_ERROR_HAVE_NO_MEMORY(blobs);
342 for (i=0; i < in->num_values; i++) {
345 out->value_ctr.values[i].blob = &blobs[i];
347 blobs[i] = data_blob_talloc(blobs, NULL, 4);
348 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
350 /* We've to use "strtoll" here to have the intended overflows.
351 * Otherwise we may get "LONG_MAX" and the conversion is wrong. */
352 v = (int32_t) strtoll((char *)in->values[i].data, NULL, 0);
354 SIVALS(blobs[i].data, 0, v);
360 static WERROR dsdb_syntax_INT32_validate_ldb(const struct dsdb_syntax_ctx *ctx,
361 const struct dsdb_attribute *attr,
362 const struct ldb_message_element *in)
366 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
367 return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
370 for (i=0; i < in->num_values; i++) {
373 char buf[sizeof("-2147483648")];
377 if (in->values[i].length >= sizeof(buf)) {
378 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
381 memcpy(buf, in->values[i].data, in->values[i].length);
383 v = strtol(buf, &end, 10);
385 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
387 if (end && end[0] != '\0') {
388 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
394 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
397 if ((v & INT32_MIN) && buf[0] != '-') {
399 * if the 0x80000000 bit is set, it is a negative
400 * value. We need to make sure the it was given
401 * as a negativ string value.
403 * We need to accept '-2147483647', but reject
404 * '2147483649', both represent 0x80000001.
406 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
409 if (attr->rangeLower) {
410 if ((int32_t)v < (int32_t)*attr->rangeLower) {
411 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
415 if (attr->rangeUpper) {
416 if ((int32_t)v > (int32_t)*attr->rangeUpper) {
417 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
425 static WERROR dsdb_syntax_INT64_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
426 const struct dsdb_attribute *attr,
427 const struct drsuapi_DsReplicaAttribute *in,
429 struct ldb_message_element *out)
434 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
435 W_ERROR_HAVE_NO_MEMORY(out->name);
437 out->num_values = in->value_ctr.num_values;
438 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
439 W_ERROR_HAVE_NO_MEMORY(out->values);
441 for (i=0; i < out->num_values; i++) {
445 if (in->value_ctr.values[i].blob == NULL) {
449 if (in->value_ctr.values[i].blob->length != 8) {
453 v = BVALS(in->value_ctr.values[i].blob->data, 0);
455 str = talloc_asprintf(out->values, "%lld", (long long int)v);
456 W_ERROR_HAVE_NO_MEMORY(str);
458 out->values[i] = data_blob_string_const(str);
464 static WERROR dsdb_syntax_INT64_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
465 const struct dsdb_attribute *attr,
466 const struct ldb_message_element *in,
468 struct drsuapi_DsReplicaAttribute *out)
473 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
474 return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
477 out->attid = dsdb_attribute_get_attid(attr,
479 out->value_ctr.num_values = in->num_values;
480 out->value_ctr.values = talloc_array(mem_ctx,
481 struct drsuapi_DsAttributeValue,
483 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
485 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
486 W_ERROR_HAVE_NO_MEMORY(blobs);
488 for (i=0; i < in->num_values; i++) {
491 out->value_ctr.values[i].blob = &blobs[i];
493 blobs[i] = data_blob_talloc(blobs, NULL, 8);
494 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
496 v = strtoll((const char *)in->values[i].data, NULL, 10);
498 SBVALS(blobs[i].data, 0, v);
504 static WERROR dsdb_syntax_INT64_validate_ldb(const struct dsdb_syntax_ctx *ctx,
505 const struct dsdb_attribute *attr,
506 const struct ldb_message_element *in)
510 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
511 return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
514 for (i=0; i < in->num_values; i++) {
517 char buf[sizeof("-9223372036854775808")];
521 if (in->values[i].length >= sizeof(buf)) {
522 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
524 memcpy(buf, in->values[i].data, in->values[i].length);
527 v = strtoll(buf, &end, 10);
529 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
531 if (end && end[0] != '\0') {
532 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
538 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
541 if ((v & INT64_MIN) && buf[0] != '-') {
543 * if the 0x8000000000000000 bit is set,
544 * it is a negative value. We need to
545 * make sure the it was given as a negative
548 * We need to accept '-9223372036854775807',
549 * but reject '9223372036854775809',
550 * both represent 0x8000000000000001.
552 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
555 if (attr->rangeLower) {
556 if ((int64_t)v < (int64_t)*attr->rangeLower) {
557 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
561 if (attr->rangeUpper) {
562 if ((int64_t)v > (int64_t)*attr->rangeUpper) {
563 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
570 static WERROR dsdb_syntax_NTTIME_UTC_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
571 const struct dsdb_attribute *attr,
572 const struct drsuapi_DsReplicaAttribute *in,
574 struct ldb_message_element *out)
579 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
580 W_ERROR_HAVE_NO_MEMORY(out->name);
582 out->num_values = in->value_ctr.num_values;
583 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
584 W_ERROR_HAVE_NO_MEMORY(out->values);
586 for (i=0; i < out->num_values; i++) {
591 if (in->value_ctr.values[i].blob == NULL) {
595 if (in->value_ctr.values[i].blob->length != 8) {
599 v = BVAL(in->value_ctr.values[i].blob->data, 0);
601 /* special case for 1601 zero timestamp */
602 out->values[i] = data_blob_string_const("16010101000000.0Z");
606 t = nt_time_to_unix(v);
609 * NOTE: On a w2k3 server you can set a GeneralizedTime string
610 * via LDAP, but you get back an UTCTime string,
611 * but via DRSUAPI you get back the NTTIME_1sec value
612 * that represents the GeneralizedTime value!
614 * So if we store the UTCTime string in our ldb
615 * we'll loose information!
617 str = ldb_timestring_utc(out->values, t);
618 W_ERROR_HAVE_NO_MEMORY(str);
619 out->values[i] = data_blob_string_const(str);
625 static WERROR dsdb_syntax_NTTIME_UTC_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
626 const struct dsdb_attribute *attr,
627 const struct ldb_message_element *in,
629 struct drsuapi_DsReplicaAttribute *out)
634 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
635 return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
638 out->attid = dsdb_attribute_get_attid(attr,
640 out->value_ctr.num_values = in->num_values;
641 out->value_ctr.values = talloc_array(mem_ctx,
642 struct drsuapi_DsAttributeValue,
644 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
646 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
647 W_ERROR_HAVE_NO_MEMORY(blobs);
649 for (i=0; i < in->num_values; i++) {
653 out->value_ctr.values[i].blob = &blobs[i];
655 blobs[i] = data_blob_talloc(blobs, NULL, 8);
656 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
658 if (ldb_val_string_cmp(&in->values[i], "16010101000000.0Z") == 0) {
659 SBVALS(blobs[i].data, 0, 0);
663 t = ldb_string_utc_to_time((const char *)in->values[i].data);
664 unix_to_nt_time(&v, t);
667 SBVAL(blobs[i].data, 0, v);
673 static WERROR dsdb_syntax_NTTIME_UTC_validate_ldb(const struct dsdb_syntax_ctx *ctx,
674 const struct dsdb_attribute *attr,
675 const struct ldb_message_element *in)
679 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
680 return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
683 for (i=0; i < in->num_values; i++) {
685 char buf[sizeof("090826075717Z")];
688 if (in->values[i].length >= sizeof(buf)) {
689 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
691 memcpy(buf, in->values[i].data, in->values[i].length);
693 t = ldb_string_utc_to_time(buf);
695 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
698 if (attr->rangeLower) {
699 if ((int32_t)t < (int32_t)*attr->rangeLower) {
700 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
704 if (attr->rangeUpper) {
705 if ((int32_t)t > (int32_t)*attr->rangeUpper) {
706 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
711 * TODO: verify the comment in the
712 * dsdb_syntax_NTTIME_UTC_drsuapi_to_ldb() function!
719 static WERROR dsdb_syntax_NTTIME_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
720 const struct dsdb_attribute *attr,
721 const struct drsuapi_DsReplicaAttribute *in,
723 struct ldb_message_element *out)
728 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
729 W_ERROR_HAVE_NO_MEMORY(out->name);
731 out->num_values = in->value_ctr.num_values;
732 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
733 W_ERROR_HAVE_NO_MEMORY(out->values);
735 for (i=0; i < out->num_values; i++) {
740 if (in->value_ctr.values[i].blob == NULL) {
744 if (in->value_ctr.values[i].blob->length != 8) {
748 v = BVAL(in->value_ctr.values[i].blob->data, 0);
750 /* special case for 1601 zero timestamp */
751 out->values[i] = data_blob_string_const("16010101000000.0Z");
755 t = nt_time_to_unix(v);
757 str = ldb_timestring(out->values, t);
758 W_ERROR_HAVE_NO_MEMORY(str);
760 out->values[i] = data_blob_string_const(str);
766 static WERROR dsdb_syntax_NTTIME_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
767 const struct dsdb_attribute *attr,
768 const struct ldb_message_element *in,
770 struct drsuapi_DsReplicaAttribute *out)
775 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
776 return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
779 out->attid = dsdb_attribute_get_attid(attr,
781 out->value_ctr.num_values = in->num_values;
782 out->value_ctr.values = talloc_array(mem_ctx,
783 struct drsuapi_DsAttributeValue,
785 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
787 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
788 W_ERROR_HAVE_NO_MEMORY(blobs);
790 for (i=0; i < in->num_values; i++) {
795 out->value_ctr.values[i].blob = &blobs[i];
797 blobs[i] = data_blob_talloc(blobs, NULL, 8);
798 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
800 if (ldb_val_string_cmp(&in->values[i], "16010101000000.0Z") == 0) {
801 SBVALS(blobs[i].data, 0, 0);
805 ret = ldb_val_to_time(&in->values[i], &t);
806 if (ret != LDB_SUCCESS) {
807 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
809 unix_to_nt_time(&v, t);
812 SBVAL(blobs[i].data, 0, v);
818 static WERROR dsdb_syntax_NTTIME_validate_ldb(const struct dsdb_syntax_ctx *ctx,
819 const struct dsdb_attribute *attr,
820 const struct ldb_message_element *in)
824 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
825 return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
828 for (i=0; i < in->num_values; i++) {
832 ret = ldb_val_to_time(&in->values[i], &t);
833 if (ret != LDB_SUCCESS) {
834 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
837 if (attr->rangeLower) {
838 if ((int32_t)t < (int32_t)*attr->rangeLower) {
839 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
843 if (attr->rangeUpper) {
844 if ((int32_t)t > (int32_t)*attr->rangeUpper) {
845 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
853 static WERROR dsdb_syntax_DATA_BLOB_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
854 const struct dsdb_attribute *attr,
855 const struct drsuapi_DsReplicaAttribute *in,
857 struct ldb_message_element *out)
862 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
863 W_ERROR_HAVE_NO_MEMORY(out->name);
865 out->num_values = in->value_ctr.num_values;
866 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
867 W_ERROR_HAVE_NO_MEMORY(out->values);
869 for (i=0; i < out->num_values; i++) {
870 if (in->value_ctr.values[i].blob == NULL) {
874 if (in->value_ctr.values[i].blob->length == 0) {
878 out->values[i] = data_blob_dup_talloc(out->values,
879 *in->value_ctr.values[i].blob);
880 W_ERROR_HAVE_NO_MEMORY(out->values[i].data);
886 static WERROR dsdb_syntax_DATA_BLOB_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
887 const struct dsdb_attribute *attr,
888 const struct ldb_message_element *in,
890 struct drsuapi_DsReplicaAttribute *out)
895 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
896 return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
899 out->attid = dsdb_attribute_get_attid(attr,
901 out->value_ctr.num_values = in->num_values;
902 out->value_ctr.values = talloc_array(mem_ctx,
903 struct drsuapi_DsAttributeValue,
905 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
907 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
908 W_ERROR_HAVE_NO_MEMORY(blobs);
910 for (i=0; i < in->num_values; i++) {
911 out->value_ctr.values[i].blob = &blobs[i];
913 blobs[i] = data_blob_dup_talloc(blobs, in->values[i]);
914 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
920 static WERROR dsdb_syntax_DATA_BLOB_validate_one_val(const struct dsdb_syntax_ctx *ctx,
921 const struct dsdb_attribute *attr,
922 const struct ldb_val *val)
924 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
925 return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
928 if (attr->rangeLower) {
929 if ((uint32_t)val->length < (uint32_t)*attr->rangeLower) {
930 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
934 if (attr->rangeUpper) {
935 if ((uint32_t)val->length > (uint32_t)*attr->rangeUpper) {
936 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
943 static WERROR dsdb_syntax_DATA_BLOB_validate_ldb(const struct dsdb_syntax_ctx *ctx,
944 const struct dsdb_attribute *attr,
945 const struct ldb_message_element *in)
950 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
951 return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
954 for (i=0; i < in->num_values; i++) {
955 if (in->values[i].length == 0) {
956 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
959 status = dsdb_syntax_DATA_BLOB_validate_one_val(ctx,
962 if (!W_ERROR_IS_OK(status)) {
970 static WERROR _dsdb_syntax_auto_OID_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
971 const struct dsdb_attribute *attr,
972 const struct drsuapi_DsReplicaAttribute *in,
974 struct ldb_message_element *out)
979 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
980 W_ERROR_HAVE_NO_MEMORY(out->name);
982 out->num_values = in->value_ctr.num_values;
983 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
984 W_ERROR_HAVE_NO_MEMORY(out->values);
986 for (i=0; i < out->num_values; i++) {
988 const struct dsdb_class *c;
989 const struct dsdb_attribute *a;
990 const char *str = NULL;
992 if (in->value_ctr.values[i].blob == NULL) {
996 if (in->value_ctr.values[i].blob->length != 4) {
1000 v = IVAL(in->value_ctr.values[i].blob->data, 0);
1002 if ((c = dsdb_class_by_governsID_id(ctx->schema, v))) {
1003 str = talloc_strdup(out->values, c->lDAPDisplayName);
1004 } else if ((a = dsdb_attribute_by_attributeID_id(ctx->schema, v))) {
1005 str = talloc_strdup(out->values, a->lDAPDisplayName);
1008 SMB_ASSERT(ctx->pfm_remote);
1009 werr = dsdb_schema_pfm_oid_from_attid(ctx->pfm_remote, v,
1011 W_ERROR_NOT_OK_RETURN(werr);
1013 W_ERROR_HAVE_NO_MEMORY(str);
1015 /* the values need to be reversed */
1016 out->values[out->num_values - (i + 1)] = data_blob_string_const(str);
1022 static WERROR _dsdb_syntax_OID_obj_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
1023 const struct dsdb_attribute *attr,
1024 const struct drsuapi_DsReplicaAttribute *in,
1025 TALLOC_CTX *mem_ctx,
1026 struct ldb_message_element *out)
1031 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
1032 W_ERROR_HAVE_NO_MEMORY(out->name);
1034 out->num_values = in->value_ctr.num_values;
1035 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
1036 W_ERROR_HAVE_NO_MEMORY(out->values);
1038 for (i=0; i < out->num_values; i++) {
1040 const struct dsdb_class *c;
1043 if (in->value_ctr.values[i].blob == NULL) {
1047 if (in->value_ctr.values[i].blob->length != 4) {
1051 v = IVAL(in->value_ctr.values[i].blob->data, 0);
1054 /* convert remote ATTID to local ATTID */
1055 if (!dsdb_syntax_attid_from_remote_attid(ctx, mem_ctx, v, &v)) {
1056 DEBUG(1,(__location__ ": Failed to map remote ATTID to local ATTID!\n"));
1060 c = dsdb_class_by_governsID_id(ctx->schema, v);
1062 int dbg_level = ctx->schema->resolving_in_progress ? 10 : 0;
1063 DEBUG(dbg_level,(__location__ ": %s unknown local governsID 0x%08X remote 0x%08X%s\n",
1064 attr->lDAPDisplayName, v, vo,
1065 ctx->schema->resolving_in_progress ? "resolving in progress" : ""));
1066 return WERR_DS_OBJ_CLASS_NOT_DEFINED;
1069 str = talloc_strdup(out->values, c->lDAPDisplayName);
1070 W_ERROR_HAVE_NO_MEMORY(str);
1072 /* the values need to be reversed */
1073 out->values[out->num_values - (i + 1)] = data_blob_string_const(str);
1079 static WERROR _dsdb_syntax_OID_attr_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
1080 const struct dsdb_attribute *attr,
1081 const struct drsuapi_DsReplicaAttribute *in,
1082 TALLOC_CTX *mem_ctx,
1083 struct ldb_message_element *out)
1088 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
1089 W_ERROR_HAVE_NO_MEMORY(out->name);
1091 out->num_values = in->value_ctr.num_values;
1092 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
1093 W_ERROR_HAVE_NO_MEMORY(out->values);
1095 for (i=0; i < out->num_values; i++) {
1097 const struct dsdb_attribute *a;
1100 if (in->value_ctr.values[i].blob == NULL) {
1101 DEBUG(0, ("Attribute has no value\n"));
1105 if (in->value_ctr.values[i].blob->length != 4) {
1106 DEBUG(0, ("Attribute has a value with 0 length\n"));
1110 v = IVAL(in->value_ctr.values[i].blob->data, 0);
1113 /* convert remote ATTID to local ATTID */
1114 if (!dsdb_syntax_attid_from_remote_attid(ctx, mem_ctx, v, &v)) {
1115 DEBUG(1,(__location__ ": Failed to map remote ATTID to local ATTID!\n"));
1119 a = dsdb_attribute_by_attributeID_id(ctx->schema, v);
1121 int dbg_level = ctx->schema->resolving_in_progress ? 10 : 0;
1122 DEBUG(dbg_level,(__location__ ": %s unknown local attributeID_id 0x%08X remote 0x%08X%s\n",
1123 attr->lDAPDisplayName, v, vo,
1124 ctx->schema->resolving_in_progress ? "resolving in progress" : ""));
1125 return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
1128 str = talloc_strdup(out->values, a->lDAPDisplayName);
1129 W_ERROR_HAVE_NO_MEMORY(str);
1131 /* the values need to be reversed */
1132 out->values[out->num_values - (i + 1)] = data_blob_string_const(str);
1138 static WERROR _dsdb_syntax_OID_oid_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
1139 const struct dsdb_attribute *attr,
1140 const struct drsuapi_DsReplicaAttribute *in,
1141 TALLOC_CTX *mem_ctx,
1142 struct ldb_message_element *out)
1145 const struct dsdb_schema_prefixmap *prefixmap;
1147 if (ctx->pfm_remote != NULL) {
1148 prefixmap = ctx->pfm_remote;
1150 prefixmap = ctx->schema->prefixmap;
1152 SMB_ASSERT(prefixmap);
1155 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
1156 W_ERROR_HAVE_NO_MEMORY(out->name);
1158 out->num_values = in->value_ctr.num_values;
1159 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
1160 W_ERROR_HAVE_NO_MEMORY(out->values);
1162 for (i=0; i < out->num_values; i++) {
1167 if (in->value_ctr.values[i].blob == NULL) {
1171 if (in->value_ctr.values[i].blob->length != 4) {
1175 attid = IVAL(in->value_ctr.values[i].blob->data, 0);
1177 status = dsdb_schema_pfm_oid_from_attid(prefixmap, attid,
1179 if (!W_ERROR_IS_OK(status)) {
1180 DEBUG(0,(__location__ ": Error: Unknown ATTID 0x%08X\n",
1185 out->values[i] = data_blob_string_const(oid);
1191 static WERROR _dsdb_syntax_auto_OID_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
1192 const struct dsdb_attribute *attr,
1193 const struct ldb_message_element *in,
1194 TALLOC_CTX *mem_ctx,
1195 struct drsuapi_DsReplicaAttribute *out)
1200 out->attid= dsdb_attribute_get_attid(attr,
1202 out->value_ctr.num_values= in->num_values;
1203 out->value_ctr.values= talloc_array(mem_ctx,
1204 struct drsuapi_DsAttributeValue,
1206 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
1208 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
1209 W_ERROR_HAVE_NO_MEMORY(blobs);
1211 for (i=0; i < in->num_values; i++) {
1212 const struct dsdb_class *obj_class;
1213 const struct dsdb_attribute *obj_attr;
1216 out->value_ctr.values[i].blob= &blobs[i];
1218 blobs[i] = data_blob_talloc(blobs, NULL, 4);
1219 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
1221 /* in DRS windows puts the classes in the opposite
1222 order to the order used in ldap */
1223 v = &in->values[(in->num_values-1)-i];
1225 if ((obj_class = dsdb_class_by_lDAPDisplayName_ldb_val(ctx->schema, v))) {
1226 SIVAL(blobs[i].data, 0, obj_class->governsID_id);
1227 } else if ((obj_attr = dsdb_attribute_by_lDAPDisplayName_ldb_val(ctx->schema, v))) {
1228 SIVAL(blobs[i].data, 0, obj_attr->attributeID_id);
1232 werr = dsdb_schema_pfm_attid_from_oid(ctx->schema->prefixmap,
1233 (const char *)v->data,
1235 W_ERROR_NOT_OK_RETURN(werr);
1236 SIVAL(blobs[i].data, 0, attid);
1245 static WERROR _dsdb_syntax_OID_obj_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
1246 const struct dsdb_attribute *attr,
1247 const struct ldb_message_element *in,
1248 TALLOC_CTX *mem_ctx,
1249 struct drsuapi_DsReplicaAttribute *out)
1254 out->attid= dsdb_attribute_get_attid(attr,
1256 out->value_ctr.num_values= in->num_values;
1257 out->value_ctr.values= talloc_array(mem_ctx,
1258 struct drsuapi_DsAttributeValue,
1260 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
1262 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
1263 W_ERROR_HAVE_NO_MEMORY(blobs);
1265 for (i=0; i < in->num_values; i++) {
1266 const struct dsdb_class *obj_class;
1268 out->value_ctr.values[i].blob= &blobs[i];
1270 blobs[i] = data_blob_talloc(blobs, NULL, 4);
1271 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
1273 /* in DRS windows puts the classes in the opposite
1274 order to the order used in ldap */
1275 obj_class = dsdb_class_by_lDAPDisplayName(ctx->schema,
1276 (const char *)in->values[(in->num_values-1)-i].data);
1280 SIVAL(blobs[i].data, 0, obj_class->governsID_id);
1287 static WERROR _dsdb_syntax_OID_attr_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
1288 const struct dsdb_attribute *attr,
1289 const struct ldb_message_element *in,
1290 TALLOC_CTX *mem_ctx,
1291 struct drsuapi_DsReplicaAttribute *out)
1296 out->attid= dsdb_attribute_get_attid(attr,
1298 out->value_ctr.num_values= in->num_values;
1299 out->value_ctr.values= talloc_array(mem_ctx,
1300 struct drsuapi_DsAttributeValue,
1302 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
1304 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
1305 W_ERROR_HAVE_NO_MEMORY(blobs);
1307 for (i=0; i < in->num_values; i++) {
1308 const struct dsdb_attribute *obj_attr;
1310 out->value_ctr.values[i].blob= &blobs[i];
1312 blobs[i] = data_blob_talloc(blobs, NULL, 4);
1313 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
1315 obj_attr = dsdb_attribute_by_lDAPDisplayName(ctx->schema, (const char *)in->values[i].data);
1317 DEBUG(0, ("Unable to find attribute %s in the schema\n", (const char *)in->values[i].data));
1320 SIVAL(blobs[i].data, 0, obj_attr->attributeID_id);
1327 static WERROR _dsdb_syntax_OID_oid_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
1328 const struct dsdb_attribute *attr,
1329 const struct ldb_message_element *in,
1330 TALLOC_CTX *mem_ctx,
1331 struct drsuapi_DsReplicaAttribute *out)
1336 out->attid= dsdb_attribute_get_attid(attr,
1338 out->value_ctr.num_values= in->num_values;
1339 out->value_ctr.values= talloc_array(mem_ctx,
1340 struct drsuapi_DsAttributeValue,
1342 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
1344 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
1345 W_ERROR_HAVE_NO_MEMORY(blobs);
1347 for (i=0; i < in->num_values; i++) {
1351 out->value_ctr.values[i].blob= &blobs[i];
1353 blobs[i] = data_blob_talloc(blobs, NULL, 4);
1354 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
1356 status = dsdb_schema_pfm_attid_from_oid(ctx->schema->prefixmap,
1357 (const char *)in->values[i].data,
1359 W_ERROR_NOT_OK_RETURN(status);
1361 SIVAL(blobs[i].data, 0, attid);
1367 static WERROR dsdb_syntax_OID_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
1368 const struct dsdb_attribute *attr,
1369 const struct drsuapi_DsReplicaAttribute *in,
1370 TALLOC_CTX *mem_ctx,
1371 struct ldb_message_element *out)
1375 switch (attr->attributeID_id) {
1376 case DRSUAPI_ATTID_objectClass:
1377 case DRSUAPI_ATTID_subClassOf:
1378 case DRSUAPI_ATTID_auxiliaryClass:
1379 case DRSUAPI_ATTID_systemAuxiliaryClass:
1380 case DRSUAPI_ATTID_systemPossSuperiors:
1381 case DRSUAPI_ATTID_possSuperiors:
1382 werr = _dsdb_syntax_OID_obj_drsuapi_to_ldb(ctx, attr, in, mem_ctx, out);
1384 case DRSUAPI_ATTID_systemMustContain:
1385 case DRSUAPI_ATTID_systemMayContain:
1386 case DRSUAPI_ATTID_mustContain:
1387 case DRSUAPI_ATTID_rDNAttId:
1388 case DRSUAPI_ATTID_transportAddressAttribute:
1389 case DRSUAPI_ATTID_mayContain:
1390 werr = _dsdb_syntax_OID_attr_drsuapi_to_ldb(ctx, attr, in, mem_ctx, out);
1392 case DRSUAPI_ATTID_governsID:
1393 case DRSUAPI_ATTID_attributeID:
1394 case DRSUAPI_ATTID_attributeSyntax:
1395 werr = _dsdb_syntax_OID_oid_drsuapi_to_ldb(ctx, attr, in, mem_ctx, out);
1398 DEBUG(0,(__location__ ": Unknown handling for attributeID_id for %s\n",
1399 attr->lDAPDisplayName));
1400 return _dsdb_syntax_auto_OID_drsuapi_to_ldb(ctx, attr, in, mem_ctx, out);
1403 /* When we are doing the vampire of a schema, we don't want
1404 * the inability to reference an OID to get in the way.
1405 * Otherwise, we won't get the new schema with which to
1406 * understand this */
1407 if (!W_ERROR_IS_OK(werr) && ctx->schema->relax_OID_conversions) {
1408 return _dsdb_syntax_OID_oid_drsuapi_to_ldb(ctx, attr, in, mem_ctx, out);
1413 static WERROR dsdb_syntax_OID_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
1414 const struct dsdb_attribute *attr,
1415 const struct ldb_message_element *in,
1416 TALLOC_CTX *mem_ctx,
1417 struct drsuapi_DsReplicaAttribute *out)
1419 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
1420 return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
1423 switch (attr->attributeID_id) {
1424 case DRSUAPI_ATTID_objectClass:
1425 case DRSUAPI_ATTID_subClassOf:
1426 case DRSUAPI_ATTID_auxiliaryClass:
1427 case DRSUAPI_ATTID_systemAuxiliaryClass:
1428 case DRSUAPI_ATTID_systemPossSuperiors:
1429 case DRSUAPI_ATTID_possSuperiors:
1430 return _dsdb_syntax_OID_obj_ldb_to_drsuapi(ctx, attr, in, mem_ctx, out);
1431 case DRSUAPI_ATTID_systemMustContain:
1432 case DRSUAPI_ATTID_systemMayContain:
1433 case DRSUAPI_ATTID_mustContain:
1434 case DRSUAPI_ATTID_rDNAttId:
1435 case DRSUAPI_ATTID_transportAddressAttribute:
1436 case DRSUAPI_ATTID_mayContain:
1437 return _dsdb_syntax_OID_attr_ldb_to_drsuapi(ctx, attr, in, mem_ctx, out);
1438 case DRSUAPI_ATTID_governsID:
1439 case DRSUAPI_ATTID_attributeID:
1440 case DRSUAPI_ATTID_attributeSyntax:
1441 return _dsdb_syntax_OID_oid_ldb_to_drsuapi(ctx, attr, in, mem_ctx, out);
1444 DEBUG(0,(__location__ ": Unknown handling for attributeID_id for %s\n",
1445 attr->lDAPDisplayName));
1447 return _dsdb_syntax_auto_OID_ldb_to_drsuapi(ctx, attr, in, mem_ctx, out);
1450 static WERROR _dsdb_syntax_OID_validate_numericoid(const struct dsdb_syntax_ctx *ctx,
1451 const struct dsdb_attribute *attr,
1452 const struct ldb_message_element *in)
1455 TALLOC_CTX *tmp_ctx;
1457 tmp_ctx = talloc_new(ctx->ldb);
1458 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
1460 for (i=0; i < in->num_values; i++) {
1463 const char *oid = (const char*)in->values[i].data;
1465 if (in->values[i].length == 0) {
1466 talloc_free(tmp_ctx);
1467 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1470 if (!ber_write_OID_String(tmp_ctx, &blob, oid)) {
1471 DEBUG(0,("ber_write_OID_String() failed for %s\n", oid));
1472 talloc_free(tmp_ctx);
1473 return WERR_INVALID_PARAMETER;
1476 if (!ber_read_OID_String(tmp_ctx, blob, &oid_out)) {
1477 DEBUG(0,("ber_read_OID_String() failed for %s\n",
1478 hex_encode_talloc(tmp_ctx, blob.data, blob.length)));
1479 talloc_free(tmp_ctx);
1480 return WERR_INVALID_PARAMETER;
1483 if (strcmp(oid, oid_out) != 0) {
1484 talloc_free(tmp_ctx);
1485 return WERR_INVALID_PARAMETER;
1489 talloc_free(tmp_ctx);
1493 static WERROR dsdb_syntax_OID_validate_ldb(const struct dsdb_syntax_ctx *ctx,
1494 const struct dsdb_attribute *attr,
1495 const struct ldb_message_element *in)
1498 struct drsuapi_DsReplicaAttribute drs_tmp;
1499 struct ldb_message_element ldb_tmp;
1500 TALLOC_CTX *tmp_ctx;
1502 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
1503 return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
1506 switch (attr->attributeID_id) {
1507 case DRSUAPI_ATTID_governsID:
1508 case DRSUAPI_ATTID_attributeID:
1509 case DRSUAPI_ATTID_attributeSyntax:
1510 return _dsdb_syntax_OID_validate_numericoid(ctx, attr, in);
1514 * TODO: optimize and verify this code
1517 tmp_ctx = talloc_new(ctx->ldb);
1518 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
1520 status = dsdb_syntax_OID_ldb_to_drsuapi(ctx,
1525 if (!W_ERROR_IS_OK(status)) {
1526 talloc_free(tmp_ctx);
1530 status = dsdb_syntax_OID_drsuapi_to_ldb(ctx,
1535 if (!W_ERROR_IS_OK(status)) {
1536 talloc_free(tmp_ctx);
1540 talloc_free(tmp_ctx);
1544 static WERROR dsdb_syntax_UNICODE_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
1545 const struct dsdb_attribute *attr,
1546 const struct drsuapi_DsReplicaAttribute *in,
1547 TALLOC_CTX *mem_ctx,
1548 struct ldb_message_element *out)
1553 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
1554 W_ERROR_HAVE_NO_MEMORY(out->name);
1556 out->num_values = in->value_ctr.num_values;
1557 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
1558 W_ERROR_HAVE_NO_MEMORY(out->values);
1560 for (i=0; i < out->num_values; i++) {
1561 size_t converted_size = 0;
1564 if (in->value_ctr.values[i].blob == NULL) {
1568 if (in->value_ctr.values[i].blob->length == 0) {
1572 if (!convert_string_talloc(out->values,
1574 in->value_ctr.values[i].blob->data,
1575 in->value_ctr.values[i].blob->length,
1576 (void **)&str, &converted_size)) {
1580 out->values[i] = data_blob_const(str, converted_size);
1586 static WERROR dsdb_syntax_UNICODE_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
1587 const struct dsdb_attribute *attr,
1588 const struct ldb_message_element *in,
1589 TALLOC_CTX *mem_ctx,
1590 struct drsuapi_DsReplicaAttribute *out)
1595 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
1596 return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
1599 out->attid = dsdb_attribute_get_attid(attr,
1601 out->value_ctr.num_values = in->num_values;
1602 out->value_ctr.values = talloc_array(mem_ctx,
1603 struct drsuapi_DsAttributeValue,
1605 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
1607 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
1608 W_ERROR_HAVE_NO_MEMORY(blobs);
1610 for (i=0; i < in->num_values; i++) {
1611 out->value_ctr.values[i].blob = &blobs[i];
1613 if (!convert_string_talloc(blobs,
1615 in->values[i].data, in->values[i].length,
1616 (void **)&blobs[i].data, &blobs[i].length)) {
1624 static WERROR dsdb_syntax_UNICODE_validate_one_val(const struct dsdb_syntax_ctx *ctx,
1625 const struct dsdb_attribute *attr,
1626 const struct ldb_val *val)
1632 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
1633 return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
1636 ok = convert_string_talloc(ctx->ldb,
1644 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1647 if (attr->rangeLower) {
1648 if ((size/2) < *attr->rangeLower) {
1649 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1653 if (attr->rangeUpper) {
1654 if ((size/2) > *attr->rangeUpper) {
1655 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1662 static WERROR dsdb_syntax_UNICODE_validate_ldb(const struct dsdb_syntax_ctx *ctx,
1663 const struct dsdb_attribute *attr,
1664 const struct ldb_message_element *in)
1669 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
1670 return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
1673 for (i=0; i < in->num_values; i++) {
1674 if (in->values[i].length == 0) {
1675 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1678 status = dsdb_syntax_UNICODE_validate_one_val(ctx,
1681 if (!W_ERROR_IS_OK(status)) {
1689 static WERROR dsdb_syntax_one_DN_drsuapi_to_ldb(TALLOC_CTX *mem_ctx, struct ldb_context *ldb,
1690 const struct dsdb_syntax *syntax,
1691 const DATA_BLOB *in, DATA_BLOB *out)
1693 struct drsuapi_DsReplicaObjectIdentifier3 id3;
1694 enum ndr_err_code ndr_err;
1695 DATA_BLOB guid_blob;
1697 TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
1702 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
1706 talloc_free(tmp_ctx);
1710 if (in->length == 0) {
1711 talloc_free(tmp_ctx);
1716 /* windows sometimes sends an extra two pad bytes here */
1717 ndr_err = ndr_pull_struct_blob(in,
1719 (ndr_pull_flags_fn_t)ndr_pull_drsuapi_DsReplicaObjectIdentifier3);
1720 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1721 status = ndr_map_error2ntstatus(ndr_err);
1722 talloc_free(tmp_ctx);
1723 return ntstatus_to_werror(status);
1726 dn = ldb_dn_new(tmp_ctx, ldb, id3.dn);
1728 talloc_free(tmp_ctx);
1729 /* If this fails, it must be out of memory, as it does not do much parsing */
1730 W_ERROR_HAVE_NO_MEMORY(dn);
1733 if (!GUID_all_zero(&id3.guid)) {
1734 status = GUID_to_ndr_blob(&id3.guid, tmp_ctx, &guid_blob);
1735 if (!NT_STATUS_IS_OK(status)) {
1736 talloc_free(tmp_ctx);
1737 return ntstatus_to_werror(status);
1740 ret = ldb_dn_set_extended_component(dn, "GUID", &guid_blob);
1741 if (ret != LDB_SUCCESS) {
1742 talloc_free(tmp_ctx);
1745 talloc_free(guid_blob.data);
1748 if (id3.__ndr_size_sid) {
1750 ndr_err = ndr_push_struct_blob(&sid_blob, tmp_ctx, &id3.sid,
1751 (ndr_push_flags_fn_t)ndr_push_dom_sid);
1752 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1753 status = ndr_map_error2ntstatus(ndr_err);
1754 talloc_free(tmp_ctx);
1755 return ntstatus_to_werror(status);
1758 ret = ldb_dn_set_extended_component(dn, "SID", &sid_blob);
1759 if (ret != LDB_SUCCESS) {
1760 talloc_free(tmp_ctx);
1765 *out = data_blob_string_const(ldb_dn_get_extended_linearized(mem_ctx, dn, 1));
1766 talloc_free(tmp_ctx);
1770 static WERROR dsdb_syntax_DN_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
1771 const struct dsdb_attribute *attr,
1772 const struct drsuapi_DsReplicaAttribute *in,
1773 TALLOC_CTX *mem_ctx,
1774 struct ldb_message_element *out)
1779 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
1780 W_ERROR_HAVE_NO_MEMORY(out->name);
1782 out->num_values = in->value_ctr.num_values;
1783 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
1784 W_ERROR_HAVE_NO_MEMORY(out->values);
1786 for (i=0; i < out->num_values; i++) {
1787 WERROR status = dsdb_syntax_one_DN_drsuapi_to_ldb(out->values, ctx->ldb, attr->syntax,
1788 in->value_ctr.values[i].blob,
1790 if (!W_ERROR_IS_OK(status)) {
1799 static WERROR dsdb_syntax_DN_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
1800 const struct dsdb_attribute *attr,
1801 const struct ldb_message_element *in,
1802 TALLOC_CTX *mem_ctx,
1803 struct drsuapi_DsReplicaAttribute *out)
1808 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
1809 return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
1812 out->attid = dsdb_attribute_get_attid(attr,
1814 out->value_ctr.num_values = in->num_values;
1815 out->value_ctr.values = talloc_array(mem_ctx,
1816 struct drsuapi_DsAttributeValue,
1818 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
1820 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
1821 W_ERROR_HAVE_NO_MEMORY(blobs);
1823 for (i=0; i < in->num_values; i++) {
1824 struct drsuapi_DsReplicaObjectIdentifier3 id3;
1825 enum ndr_err_code ndr_err;
1827 TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
1830 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
1832 out->value_ctr.values[i].blob = &blobs[i];
1834 dn = ldb_dn_from_ldb_val(tmp_ctx, ctx->ldb, &in->values[i]);
1836 W_ERROR_HAVE_NO_MEMORY(dn);
1840 status = dsdb_get_extended_dn_guid(dn, &id3.guid, "GUID");
1841 if (!NT_STATUS_IS_OK(status) &&
1842 !NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
1843 talloc_free(tmp_ctx);
1844 return ntstatus_to_werror(status);
1847 status = dsdb_get_extended_dn_sid(dn, &id3.sid, "SID");
1848 if (!NT_STATUS_IS_OK(status) &&
1849 !NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
1850 talloc_free(tmp_ctx);
1851 return ntstatus_to_werror(status);
1854 id3.dn = ldb_dn_get_linearized(dn);
1856 ndr_err = ndr_push_struct_blob(&blobs[i], blobs, &id3, (ndr_push_flags_fn_t)ndr_push_drsuapi_DsReplicaObjectIdentifier3);
1857 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1858 status = ndr_map_error2ntstatus(ndr_err);
1859 talloc_free(tmp_ctx);
1860 return ntstatus_to_werror(status);
1862 talloc_free(tmp_ctx);
1868 static WERROR dsdb_syntax_DN_validate_one_val(const struct dsdb_syntax_ctx *ctx,
1869 const struct dsdb_attribute *attr,
1870 const struct ldb_val *val,
1871 TALLOC_CTX *mem_ctx,
1872 struct dsdb_dn **_dsdb_dn)
1874 static const char * const extended_list[] = { "GUID", "SID", NULL };
1875 enum ndr_err_code ndr_err;
1878 const DATA_BLOB *sid_blob;
1879 struct dsdb_dn *dsdb_dn;
1885 TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
1888 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
1890 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
1891 return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
1894 dsdb_dn = dsdb_dn_parse(tmp_ctx, ctx->ldb, val,
1895 attr->syntax->ldap_oid);
1897 talloc_free(tmp_ctx);
1898 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1902 dn2 = ldb_dn_copy(tmp_ctx, dn);
1904 talloc_free(tmp_ctx);
1905 return WERR_NOT_ENOUGH_MEMORY;
1908 num_components = ldb_dn_get_comp_num(dn);
1910 status = dsdb_get_extended_dn_guid(dn, &guid, "GUID");
1911 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
1913 } else if (!NT_STATUS_IS_OK(status)) {
1914 talloc_free(tmp_ctx);
1915 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1918 sid_blob = ldb_dn_get_extended_component(dn, "SID");
1921 ndr_err = ndr_pull_struct_blob_all(sid_blob,
1924 (ndr_pull_flags_fn_t)ndr_pull_dom_sid);
1925 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1926 talloc_free(tmp_ctx);
1927 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1931 /* Do not allow links to the RootDSE */
1932 if (num_components == 0) {
1933 talloc_free(tmp_ctx);
1934 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1938 * We need to check that only "GUID" and "SID" are
1939 * specified as extended components, we do that
1940 * by comparing the dn's after removing all components
1941 * from one dn and only the allowed subset from the other
1944 ldb_dn_extended_filter(dn, extended_list);
1946 dn_str = ldb_dn_get_extended_linearized(tmp_ctx, dn, 0);
1947 if (dn_str == NULL) {
1948 talloc_free(tmp_ctx);
1949 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1951 dn2_str = ldb_dn_get_extended_linearized(tmp_ctx, dn2, 0);
1952 if (dn2_str == NULL) {
1953 talloc_free(tmp_ctx);
1954 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1957 if (strcmp(dn_str, dn2_str) != 0) {
1958 talloc_free(tmp_ctx);
1959 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1962 *_dsdb_dn = talloc_move(mem_ctx, &dsdb_dn);
1963 talloc_free(tmp_ctx);
1967 static WERROR dsdb_syntax_DN_validate_ldb(const struct dsdb_syntax_ctx *ctx,
1968 const struct dsdb_attribute *attr,
1969 const struct ldb_message_element *in)
1973 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
1974 return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
1977 for (i=0; i < in->num_values; i++) {
1979 struct dsdb_dn *dsdb_dn;
1980 TALLOC_CTX *tmp_ctx = talloc_new(ctx->ldb);
1981 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
1983 status = dsdb_syntax_DN_validate_one_val(ctx,
1987 if (!W_ERROR_IS_OK(status)) {
1988 talloc_free(tmp_ctx);
1992 if (dsdb_dn->dn_format != DSDB_NORMAL_DN) {
1993 talloc_free(tmp_ctx);
1994 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1997 talloc_free(tmp_ctx);
2003 static WERROR dsdb_syntax_DN_BINARY_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
2004 const struct dsdb_attribute *attr,
2005 const struct drsuapi_DsReplicaAttribute *in,
2006 TALLOC_CTX *mem_ctx,
2007 struct ldb_message_element *out)
2013 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
2014 W_ERROR_HAVE_NO_MEMORY(out->name);
2016 out->num_values = in->value_ctr.num_values;
2017 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
2018 W_ERROR_HAVE_NO_MEMORY(out->values);
2020 for (i=0; i < out->num_values; i++) {
2021 struct drsuapi_DsReplicaObjectIdentifier3Binary id3;
2022 enum ndr_err_code ndr_err;
2023 DATA_BLOB guid_blob;
2025 struct dsdb_dn *dsdb_dn;
2027 TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
2029 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
2032 if (in->value_ctr.values[i].blob == NULL) {
2033 talloc_free(tmp_ctx);
2037 if (in->value_ctr.values[i].blob->length == 0) {
2038 talloc_free(tmp_ctx);
2043 /* windows sometimes sends an extra two pad bytes here */
2044 ndr_err = ndr_pull_struct_blob(in->value_ctr.values[i].blob,
2046 (ndr_pull_flags_fn_t)ndr_pull_drsuapi_DsReplicaObjectIdentifier3Binary);
2047 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
2048 status = ndr_map_error2ntstatus(ndr_err);
2049 talloc_free(tmp_ctx);
2050 return ntstatus_to_werror(status);
2053 dn = ldb_dn_new(tmp_ctx, ctx->ldb, id3.dn);
2055 talloc_free(tmp_ctx);
2056 /* If this fails, it must be out of memory, as it does not do much parsing */
2057 W_ERROR_HAVE_NO_MEMORY(dn);
2060 if (!GUID_all_zero(&id3.guid)) {
2061 status = GUID_to_ndr_blob(&id3.guid, tmp_ctx, &guid_blob);
2062 if (!NT_STATUS_IS_OK(status)) {
2063 talloc_free(tmp_ctx);
2064 return ntstatus_to_werror(status);
2067 ret = ldb_dn_set_extended_component(dn, "GUID", &guid_blob);
2068 if (ret != LDB_SUCCESS) {
2069 talloc_free(tmp_ctx);
2072 talloc_free(guid_blob.data);
2075 if (id3.__ndr_size_sid) {
2077 ndr_err = ndr_push_struct_blob(&sid_blob, tmp_ctx, &id3.sid,
2078 (ndr_push_flags_fn_t)ndr_push_dom_sid);
2079 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
2080 status = ndr_map_error2ntstatus(ndr_err);
2081 talloc_free(tmp_ctx);
2082 return ntstatus_to_werror(status);
2085 ret = ldb_dn_set_extended_component(dn, "SID", &sid_blob);
2086 if (ret != LDB_SUCCESS) {
2087 talloc_free(tmp_ctx);
2092 /* set binary stuff */
2093 dsdb_dn = dsdb_dn_construct(tmp_ctx, dn, id3.binary, attr->syntax->ldap_oid);
2095 /* If this fails, it must be out of memory, we know the ldap_oid is valid */
2096 talloc_free(tmp_ctx);
2097 W_ERROR_HAVE_NO_MEMORY(dsdb_dn);
2099 out->values[i] = data_blob_string_const(dsdb_dn_get_extended_linearized(out->values, dsdb_dn, 1));
2100 talloc_free(tmp_ctx);
2106 static WERROR dsdb_syntax_DN_BINARY_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
2107 const struct dsdb_attribute *attr,
2108 const struct ldb_message_element *in,
2109 TALLOC_CTX *mem_ctx,
2110 struct drsuapi_DsReplicaAttribute *out)
2115 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
2116 return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
2119 out->attid = dsdb_attribute_get_attid(attr,
2121 out->value_ctr.num_values = in->num_values;
2122 out->value_ctr.values = talloc_array(mem_ctx,
2123 struct drsuapi_DsAttributeValue,
2125 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
2127 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
2128 W_ERROR_HAVE_NO_MEMORY(blobs);
2130 for (i=0; i < in->num_values; i++) {
2131 struct drsuapi_DsReplicaObjectIdentifier3Binary id3;
2132 enum ndr_err_code ndr_err;
2133 const DATA_BLOB *sid_blob;
2134 struct dsdb_dn *dsdb_dn;
2135 TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
2138 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
2140 out->value_ctr.values[i].blob = &blobs[i];
2142 dsdb_dn = dsdb_dn_parse(tmp_ctx, ctx->ldb, &in->values[i], attr->syntax->ldap_oid);
2145 talloc_free(tmp_ctx);
2146 return ntstatus_to_werror(NT_STATUS_INVALID_PARAMETER);
2151 status = dsdb_get_extended_dn_guid(dsdb_dn->dn, &id3.guid, "GUID");
2152 if (!NT_STATUS_IS_OK(status) &&
2153 !NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
2154 talloc_free(tmp_ctx);
2155 return ntstatus_to_werror(status);
2158 sid_blob = ldb_dn_get_extended_component(dsdb_dn->dn, "SID");
2161 ndr_err = ndr_pull_struct_blob_all(sid_blob,
2163 (ndr_pull_flags_fn_t)ndr_pull_dom_sid);
2164 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
2165 status = ndr_map_error2ntstatus(ndr_err);
2166 talloc_free(tmp_ctx);
2167 return ntstatus_to_werror(status);
2171 id3.dn = ldb_dn_get_linearized(dsdb_dn->dn);
2173 /* get binary stuff */
2174 id3.binary = dsdb_dn->extra_part;
2176 ndr_err = ndr_push_struct_blob(&blobs[i], blobs, &id3, (ndr_push_flags_fn_t)ndr_push_drsuapi_DsReplicaObjectIdentifier3Binary);
2177 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
2178 status = ndr_map_error2ntstatus(ndr_err);
2179 talloc_free(tmp_ctx);
2180 return ntstatus_to_werror(status);
2182 talloc_free(tmp_ctx);
2188 static WERROR dsdb_syntax_DN_BINARY_validate_ldb(const struct dsdb_syntax_ctx *ctx,
2189 const struct dsdb_attribute *attr,
2190 const struct ldb_message_element *in)
2194 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
2195 return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
2198 for (i=0; i < in->num_values; i++) {
2200 struct dsdb_dn *dsdb_dn;
2201 TALLOC_CTX *tmp_ctx = talloc_new(ctx->ldb);
2202 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
2204 status = dsdb_syntax_DN_validate_one_val(ctx,
2208 if (!W_ERROR_IS_OK(status)) {
2209 talloc_free(tmp_ctx);
2213 if (dsdb_dn->dn_format != DSDB_BINARY_DN) {
2214 talloc_free(tmp_ctx);
2215 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
2218 status = dsdb_syntax_DATA_BLOB_validate_one_val(ctx,
2220 &dsdb_dn->extra_part);
2221 if (!W_ERROR_IS_OK(status)) {
2222 talloc_free(tmp_ctx);
2226 talloc_free(tmp_ctx);
2232 static WERROR dsdb_syntax_DN_STRING_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
2233 const struct dsdb_attribute *attr,
2234 const struct drsuapi_DsReplicaAttribute *in,
2235 TALLOC_CTX *mem_ctx,
2236 struct ldb_message_element *out)
2238 return dsdb_syntax_DN_BINARY_drsuapi_to_ldb(ctx,
2245 static WERROR dsdb_syntax_DN_STRING_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
2246 const struct dsdb_attribute *attr,
2247 const struct ldb_message_element *in,
2248 TALLOC_CTX *mem_ctx,
2249 struct drsuapi_DsReplicaAttribute *out)
2251 return dsdb_syntax_DN_BINARY_ldb_to_drsuapi(ctx,
2258 static WERROR dsdb_syntax_DN_STRING_validate_ldb(const struct dsdb_syntax_ctx *ctx,
2259 const struct dsdb_attribute *attr,
2260 const struct ldb_message_element *in)
2264 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
2265 return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
2268 for (i=0; i < in->num_values; i++) {
2270 struct dsdb_dn *dsdb_dn;
2271 TALLOC_CTX *tmp_ctx = talloc_new(ctx->ldb);
2272 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
2274 status = dsdb_syntax_DN_validate_one_val(ctx,
2278 if (!W_ERROR_IS_OK(status)) {
2279 talloc_free(tmp_ctx);
2283 if (dsdb_dn->dn_format != DSDB_STRING_DN) {
2284 talloc_free(tmp_ctx);
2285 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
2288 status = dsdb_syntax_UNICODE_validate_one_val(ctx,
2290 &dsdb_dn->extra_part);
2291 if (!W_ERROR_IS_OK(status)) {
2292 talloc_free(tmp_ctx);
2296 talloc_free(tmp_ctx);
2302 static WERROR dsdb_syntax_PRESENTATION_ADDRESS_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
2303 const struct dsdb_attribute *attr,
2304 const struct drsuapi_DsReplicaAttribute *in,
2305 TALLOC_CTX *mem_ctx,
2306 struct ldb_message_element *out)
2311 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
2312 W_ERROR_HAVE_NO_MEMORY(out->name);
2314 out->num_values = in->value_ctr.num_values;
2315 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
2316 W_ERROR_HAVE_NO_MEMORY(out->values);
2318 for (i=0; i < out->num_values; i++) {
2320 size_t converted_size = 0;
2323 if (in->value_ctr.values[i].blob == NULL) {
2327 if (in->value_ctr.values[i].blob->length < 4) {
2331 len = IVAL(in->value_ctr.values[i].blob->data, 0);
2333 if (len != in->value_ctr.values[i].blob->length) {
2337 if (!convert_string_talloc(out->values, CH_UTF16, CH_UNIX,
2338 in->value_ctr.values[i].blob->data+4,
2339 in->value_ctr.values[i].blob->length-4,
2340 (void **)&str, &converted_size)) {
2344 out->values[i] = data_blob_string_const(str);
2350 static WERROR dsdb_syntax_PRESENTATION_ADDRESS_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
2351 const struct dsdb_attribute *attr,
2352 const struct ldb_message_element *in,
2353 TALLOC_CTX *mem_ctx,
2354 struct drsuapi_DsReplicaAttribute *out)
2359 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
2360 return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
2363 out->attid = dsdb_attribute_get_attid(attr,
2365 out->value_ctr.num_values = in->num_values;
2366 out->value_ctr.values = talloc_array(mem_ctx,
2367 struct drsuapi_DsAttributeValue,
2369 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
2371 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
2372 W_ERROR_HAVE_NO_MEMORY(blobs);
2374 for (i=0; i < in->num_values; i++) {
2378 out->value_ctr.values[i].blob = &blobs[i];
2380 if (!convert_string_talloc(blobs, CH_UNIX, CH_UTF16,
2382 in->values[i].length,
2383 (void **)&data, &ret)) {
2387 blobs[i] = data_blob_talloc(blobs, NULL, 4 + ret);
2388 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
2390 SIVAL(blobs[i].data, 0, 4 + ret);
2393 memcpy(blobs[i].data + 4, data, ret);
2401 static WERROR dsdb_syntax_PRESENTATION_ADDRESS_validate_ldb(const struct dsdb_syntax_ctx *ctx,
2402 const struct dsdb_attribute *attr,
2403 const struct ldb_message_element *in)
2405 return dsdb_syntax_UNICODE_validate_ldb(ctx,
2410 #define OMOBJECTCLASS(val) { .length = sizeof(val) - 1, .data = discard_const_p(uint8_t, val) }
2412 static const struct dsdb_syntax dsdb_syntaxes[] = {
2415 .ldap_oid = LDB_SYNTAX_BOOLEAN,
2417 .attributeSyntax_oid = "2.5.5.8",
2418 .drsuapi_to_ldb = dsdb_syntax_BOOL_drsuapi_to_ldb,
2419 .ldb_to_drsuapi = dsdb_syntax_BOOL_ldb_to_drsuapi,
2420 .validate_ldb = dsdb_syntax_BOOL_validate_ldb,
2421 .equality = "booleanMatch",
2422 .comment = "Boolean",
2423 .auto_normalise = true
2426 .ldap_oid = LDB_SYNTAX_INTEGER,
2428 .attributeSyntax_oid = "2.5.5.9",
2429 .drsuapi_to_ldb = dsdb_syntax_INT32_drsuapi_to_ldb,
2430 .ldb_to_drsuapi = dsdb_syntax_INT32_ldb_to_drsuapi,
2431 .validate_ldb = dsdb_syntax_INT32_validate_ldb,
2432 .equality = "integerMatch",
2433 .comment = "Integer",
2434 .ldb_syntax = LDB_SYNTAX_SAMBA_INT32,
2435 .auto_normalise = true
2437 .name = "String(Octet)",
2438 .ldap_oid = LDB_SYNTAX_OCTET_STRING,
2440 .attributeSyntax_oid = "2.5.5.10",
2441 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2442 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2443 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2444 .equality = "octetStringMatch",
2445 .comment = "Octet String",
2446 .userParameters = true,
2447 .ldb_syntax = LDB_SYNTAX_SAMBA_OCTET_STRING
2449 .name = "String(Sid)",
2450 .ldap_oid = LDB_SYNTAX_OCTET_STRING,
2452 .attributeSyntax_oid = "2.5.5.17",
2453 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2454 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2455 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2456 .equality = "octetStringMatch",
2457 .comment = "Octet String - Security Identifier (SID)",
2458 .ldb_syntax = LDB_SYNTAX_SAMBA_SID
2460 .name = "String(Object-Identifier)",
2461 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.38",
2463 .attributeSyntax_oid = "2.5.5.2",
2464 .drsuapi_to_ldb = dsdb_syntax_OID_drsuapi_to_ldb,
2465 .ldb_to_drsuapi = dsdb_syntax_OID_ldb_to_drsuapi,
2466 .validate_ldb = dsdb_syntax_OID_validate_ldb,
2467 .equality = "caseIgnoreMatch", /* Would use "objectIdentifierMatch" but most are ldap attribute/class names */
2468 .comment = "OID String",
2469 .ldb_syntax = LDB_SYNTAX_DIRECTORY_STRING
2471 .name = "Enumeration",
2472 .ldap_oid = LDB_SYNTAX_INTEGER,
2474 .attributeSyntax_oid = "2.5.5.9",
2475 .drsuapi_to_ldb = dsdb_syntax_INT32_drsuapi_to_ldb,
2476 .ldb_to_drsuapi = dsdb_syntax_INT32_ldb_to_drsuapi,
2477 .validate_ldb = dsdb_syntax_INT32_validate_ldb,
2478 .ldb_syntax = LDB_SYNTAX_SAMBA_INT32,
2479 .auto_normalise = true
2481 /* not used in w2k3 forest */
2482 .name = "String(Numeric)",
2483 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.36",
2485 .attributeSyntax_oid = "2.5.5.6",
2486 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2487 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2488 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2489 .equality = "numericStringMatch",
2490 .substring = "numericStringSubstringsMatch",
2491 .comment = "Numeric String",
2492 .ldb_syntax = LDB_SYNTAX_DIRECTORY_STRING,
2494 .name = "String(Printable)",
2495 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.44",
2497 .attributeSyntax_oid = "2.5.5.5",
2498 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2499 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2500 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2501 .ldb_syntax = LDB_SYNTAX_SAMBA_OCTET_STRING,
2503 .name = "String(Teletex)",
2504 .ldap_oid = "1.2.840.113556.1.4.905",
2506 .attributeSyntax_oid = "2.5.5.4",
2507 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2508 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2509 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2510 .equality = "caseIgnoreMatch",
2511 .substring = "caseIgnoreSubstringsMatch",
2512 .comment = "Case Insensitive String",
2513 .ldb_syntax = LDB_SYNTAX_DIRECTORY_STRING,
2515 .name = "String(IA5)",
2516 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.26",
2518 .attributeSyntax_oid = "2.5.5.5",
2519 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2520 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2521 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2522 .equality = "caseExactIA5Match",
2523 .comment = "Printable String",
2524 .ldb_syntax = LDB_SYNTAX_SAMBA_OCTET_STRING,
2526 .name = "String(UTC-Time)",
2527 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.53",
2529 .attributeSyntax_oid = "2.5.5.11",
2530 .drsuapi_to_ldb = dsdb_syntax_NTTIME_UTC_drsuapi_to_ldb,
2531 .ldb_to_drsuapi = dsdb_syntax_NTTIME_UTC_ldb_to_drsuapi,
2532 .validate_ldb = dsdb_syntax_NTTIME_UTC_validate_ldb,
2533 .equality = "generalizedTimeMatch",
2534 .comment = "UTC Time",
2535 .auto_normalise = true
2537 .name = "String(Generalized-Time)",
2538 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.24",
2540 .attributeSyntax_oid = "2.5.5.11",
2541 .drsuapi_to_ldb = dsdb_syntax_NTTIME_drsuapi_to_ldb,
2542 .ldb_to_drsuapi = dsdb_syntax_NTTIME_ldb_to_drsuapi,
2543 .validate_ldb = dsdb_syntax_NTTIME_validate_ldb,
2544 .equality = "generalizedTimeMatch",
2545 .comment = "Generalized Time",
2546 .auto_normalise = true
2548 /* not used in w2k3 schema */
2549 .name = "String(Case Sensitive)",
2550 .ldap_oid = "1.2.840.113556.1.4.1362",
2552 .attributeSyntax_oid = "2.5.5.3",
2553 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2554 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2555 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2556 .equality = "caseExactMatch",
2557 .substring = "caseExactSubstringsMatch",
2558 /* TODO (kim): according to LDAP rfc we should be using same comparison
2559 * as Directory String (LDB_SYNTAX_DIRECTORY_STRING), but case sensitive.
2560 * But according to ms docs binary compare should do the job:
2561 * http://msdn.microsoft.com/en-us/library/cc223200(v=PROT.10).aspx */
2562 .ldb_syntax = LDB_SYNTAX_SAMBA_OCTET_STRING,
2564 .name = "String(Unicode)",
2565 .ldap_oid = LDB_SYNTAX_DIRECTORY_STRING,
2567 .attributeSyntax_oid = "2.5.5.12",
2568 .drsuapi_to_ldb = dsdb_syntax_UNICODE_drsuapi_to_ldb,
2569 .ldb_to_drsuapi = dsdb_syntax_UNICODE_ldb_to_drsuapi,
2570 .validate_ldb = dsdb_syntax_UNICODE_validate_ldb,
2571 .equality = "caseIgnoreMatch",
2572 .substring = "caseIgnoreSubstringsMatch",
2573 .comment = "Directory String",
2575 .name = "Interval/LargeInteger",
2576 .ldap_oid = "1.2.840.113556.1.4.906",
2578 .attributeSyntax_oid = "2.5.5.16",
2579 .drsuapi_to_ldb = dsdb_syntax_INT64_drsuapi_to_ldb,
2580 .ldb_to_drsuapi = dsdb_syntax_INT64_ldb_to_drsuapi,
2581 .validate_ldb = dsdb_syntax_INT64_validate_ldb,
2582 .equality = "integerMatch",
2583 .comment = "Large Integer",
2584 .ldb_syntax = LDB_SYNTAX_INTEGER,
2585 .auto_normalise = true
2587 .name = "String(NT-Sec-Desc)",
2588 .ldap_oid = LDB_SYNTAX_SAMBA_SECURITY_DESCRIPTOR,
2590 .attributeSyntax_oid = "2.5.5.15",
2591 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2592 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2593 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2595 .name = "Object(DS-DN)",
2596 .ldap_oid = LDB_SYNTAX_DN,
2598 .oMObjectClass = OMOBJECTCLASS("\x2b\x0c\x02\x87\x73\x1c\x00\x85\x4a"),
2599 .attributeSyntax_oid = "2.5.5.1",
2600 .drsuapi_to_ldb = dsdb_syntax_DN_drsuapi_to_ldb,
2601 .ldb_to_drsuapi = dsdb_syntax_DN_ldb_to_drsuapi,
2602 .validate_ldb = dsdb_syntax_DN_validate_ldb,
2603 .equality = "distinguishedNameMatch",
2604 .comment = "Object(DS-DN) == a DN",
2606 .name = "Object(DN-Binary)",
2607 .ldap_oid = DSDB_SYNTAX_BINARY_DN,
2609 .oMObjectClass = OMOBJECTCLASS("\x2a\x86\x48\x86\xf7\x14\x01\x01\x01\x0b"),
2610 .attributeSyntax_oid = "2.5.5.7",
2611 .drsuapi_to_ldb = dsdb_syntax_DN_BINARY_drsuapi_to_ldb,
2612 .ldb_to_drsuapi = dsdb_syntax_DN_BINARY_ldb_to_drsuapi,
2613 .validate_ldb = dsdb_syntax_DN_BINARY_validate_ldb,
2614 .equality = "octetStringMatch",
2615 .comment = "OctetString: Binary+DN",
2617 /* not used in w2k3 schema, but used in Exchange schema*/
2618 .name = "Object(OR-Name)",
2619 .ldap_oid = DSDB_SYNTAX_OR_NAME,
2621 .oMObjectClass = OMOBJECTCLASS("\x56\x06\x01\x02\x05\x0b\x1D"),
2622 .attributeSyntax_oid = "2.5.5.7",
2623 .drsuapi_to_ldb = dsdb_syntax_DN_BINARY_drsuapi_to_ldb,
2624 .ldb_to_drsuapi = dsdb_syntax_DN_BINARY_ldb_to_drsuapi,
2625 .validate_ldb = dsdb_syntax_DN_BINARY_validate_ldb,
2626 .equality = "caseIgnoreMatch",
2627 .ldb_syntax = LDB_SYNTAX_DN,
2630 * TODO: verify if DATA_BLOB is correct here...!
2632 * repsFrom and repsTo are the only attributes using
2633 * this attribute syntax, but they're not replicated...
2635 .name = "Object(Replica-Link)",
2636 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.40",
2638 .oMObjectClass = OMOBJECTCLASS("\x2a\x86\x48\x86\xf7\x14\x01\x01\x01\x06"),
2639 .attributeSyntax_oid = "2.5.5.10",
2640 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2641 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2642 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2644 .name = "Object(Presentation-Address)",
2645 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.43",
2647 .oMObjectClass = OMOBJECTCLASS("\x2b\x0c\x02\x87\x73\x1c\x00\x85\x5c"),
2648 .attributeSyntax_oid = "2.5.5.13",
2649 .drsuapi_to_ldb = dsdb_syntax_PRESENTATION_ADDRESS_drsuapi_to_ldb,
2650 .ldb_to_drsuapi = dsdb_syntax_PRESENTATION_ADDRESS_ldb_to_drsuapi,
2651 .validate_ldb = dsdb_syntax_PRESENTATION_ADDRESS_validate_ldb,
2652 .comment = "Presentation Address",
2653 .ldb_syntax = LDB_SYNTAX_DIRECTORY_STRING,
2655 /* not used in w2k3 schema */
2656 .name = "Object(Access-Point)",
2657 .ldap_oid = DSDB_SYNTAX_ACCESS_POINT,
2659 .oMObjectClass = OMOBJECTCLASS("\x2b\x0c\x02\x87\x73\x1c\x00\x85\x3e"),
2660 .attributeSyntax_oid = "2.5.5.14",
2661 .drsuapi_to_ldb = dsdb_syntax_FOOBAR_drsuapi_to_ldb,
2662 .ldb_to_drsuapi = dsdb_syntax_FOOBAR_ldb_to_drsuapi,
2663 .validate_ldb = dsdb_syntax_FOOBAR_validate_ldb,
2664 .ldb_syntax = LDB_SYNTAX_DIRECTORY_STRING,
2666 /* not used in w2k3 schema */
2667 .name = "Object(DN-String)",
2668 .ldap_oid = DSDB_SYNTAX_STRING_DN,
2670 .oMObjectClass = OMOBJECTCLASS("\x2a\x86\x48\x86\xf7\x14\x01\x01\x01\x0c"),
2671 .attributeSyntax_oid = "2.5.5.14",
2672 .drsuapi_to_ldb = dsdb_syntax_DN_STRING_drsuapi_to_ldb,
2673 .ldb_to_drsuapi = dsdb_syntax_DN_STRING_ldb_to_drsuapi,
2674 .validate_ldb = dsdb_syntax_DN_STRING_validate_ldb,
2675 .equality = "octetStringMatch",
2676 .comment = "OctetString: String+DN",
2680 const struct dsdb_syntax *find_syntax_map_by_ad_oid(const char *ad_oid)
2683 for (i=0; dsdb_syntaxes[i].ldap_oid; i++) {
2684 if (strcasecmp(ad_oid, dsdb_syntaxes[i].attributeSyntax_oid) == 0) {
2685 return &dsdb_syntaxes[i];
2691 const struct dsdb_syntax *find_syntax_map_by_ad_syntax(int oMSyntax)
2694 for (i=0; dsdb_syntaxes[i].ldap_oid; i++) {
2695 if (oMSyntax == dsdb_syntaxes[i].oMSyntax) {
2696 return &dsdb_syntaxes[i];
2702 const struct dsdb_syntax *find_syntax_map_by_standard_oid(const char *standard_oid)
2705 for (i=0; dsdb_syntaxes[i].ldap_oid; i++) {
2706 if (strcasecmp(standard_oid, dsdb_syntaxes[i].ldap_oid) == 0) {
2707 return &dsdb_syntaxes[i];
2713 const struct dsdb_syntax *dsdb_syntax_for_attribute(const struct dsdb_attribute *attr)
2717 for (i=0; i < ARRAY_SIZE(dsdb_syntaxes); i++) {
2719 * We must pretend that userParameters was declared
2720 * binary string, so we can store the 'UTF16' (not
2721 * really string) structure as given over SAMR to samba
2723 if (dsdb_syntaxes[i].userParameters &&
2724 (strcasecmp(attr->lDAPDisplayName, "userParameters") == 0))
2726 return &dsdb_syntaxes[i];
2728 if (attr->oMSyntax != dsdb_syntaxes[i].oMSyntax) continue;
2730 if (attr->oMObjectClass.length != dsdb_syntaxes[i].oMObjectClass.length) continue;
2732 if (attr->oMObjectClass.length) {
2734 ret = memcmp(attr->oMObjectClass.data,
2735 dsdb_syntaxes[i].oMObjectClass.data,
2736 attr->oMObjectClass.length);
2737 if (ret != 0) continue;
2740 if (strcmp(attr->attributeSyntax_oid, dsdb_syntaxes[i].attributeSyntax_oid) != 0) continue;
2742 return &dsdb_syntaxes[i];
2748 WERROR dsdb_attribute_drsuapi_remote_to_local(const struct dsdb_syntax_ctx *ctx,
2749 enum drsuapi_DsAttributeId remote_attid_as_enum,
2750 enum drsuapi_DsAttributeId *local_attid_as_enum,
2751 const struct dsdb_attribute **_sa)
2753 TALLOC_CTX *frame = talloc_stackframe();
2754 const struct dsdb_attribute *sa;
2755 uint32_t attid_local;
2758 if (ctx->pfm_remote == NULL) {
2759 smb_panic(__location__);
2762 switch (dsdb_pfm_get_attid_type(remote_attid_as_enum)) {
2763 case DSDB_ATTID_TYPE_PFM:
2764 /* map remote ATTID to local ATTID */
2765 ok = dsdb_syntax_attid_from_remote_attid(ctx, frame,
2766 remote_attid_as_enum,
2769 DEBUG(0,(__location__ ": Can't find local ATTID for 0x%08X\n",
2770 remote_attid_as_enum));
2772 return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
2775 case DSDB_ATTID_TYPE_INTID:
2776 /* use IntId value directly */
2777 attid_local = remote_attid_as_enum;
2780 /* we should never get here */
2781 DEBUG(0,(__location__ ": Invalid ATTID type passed for conversion - 0x%08X\n",
2782 remote_attid_as_enum));
2784 return WERR_INVALID_PARAMETER;
2787 sa = dsdb_attribute_by_attributeID_id(ctx->schema, attid_local);
2789 int dbg_level = ctx->schema->resolving_in_progress ? 10 : 0;
2790 DEBUG(dbg_level,(__location__ ": Unknown local attributeID_id 0x%08X remote 0x%08X%s\n",
2791 attid_local, remote_attid_as_enum,
2792 ctx->schema->resolving_in_progress ? "resolving in progress" : ""));
2794 return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
2798 * We return the same class of attid as we were given. That
2799 * is, we trust the remote server not to use an
2800 * msDS-IntId value in the schema partition
2802 if (local_attid_as_enum != NULL) {
2803 *local_attid_as_enum = (enum drsuapi_DsAttributeId)attid_local;
2814 WERROR dsdb_attribute_drsuapi_to_ldb(struct ldb_context *ldb,
2815 const struct dsdb_schema *schema,
2816 const struct dsdb_schema_prefixmap *pfm_remote,
2817 const struct drsuapi_DsReplicaAttribute *in,
2818 TALLOC_CTX *mem_ctx,
2819 struct ldb_message_element *out,
2820 enum drsuapi_DsAttributeId *local_attid_as_enum)
2822 struct dsdb_syntax_ctx syntax_ctx;
2823 const struct dsdb_attribute *sa = NULL;
2826 /* use default syntax conversion context */
2827 dsdb_syntax_ctx_init(&syntax_ctx, ldb, schema);
2828 syntax_ctx.pfm_remote = pfm_remote;
2830 werr = dsdb_attribute_drsuapi_remote_to_local(&syntax_ctx,
2832 local_attid_as_enum,
2834 if (!W_ERROR_IS_OK(werr)) {
2838 return sa->syntax->drsuapi_to_ldb(&syntax_ctx, sa, in, mem_ctx, out);
2841 WERROR dsdb_attribute_ldb_to_drsuapi(struct ldb_context *ldb,
2842 const struct dsdb_schema *schema,
2843 const struct ldb_message_element *in,
2844 TALLOC_CTX *mem_ctx,
2845 struct drsuapi_DsReplicaAttribute *out)
2847 const struct dsdb_attribute *sa;
2848 struct dsdb_syntax_ctx syntax_ctx;
2850 sa = dsdb_attribute_by_lDAPDisplayName(schema, in->name);
2852 return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
2855 /* use default syntax conversion context */
2856 dsdb_syntax_ctx_init(&syntax_ctx, ldb, schema);
2858 return sa->syntax->ldb_to_drsuapi(&syntax_ctx, sa, in, mem_ctx, out);