2 Unix SMB/CIFS mplementation.
5 Copyright (C) Stefan Metzmacher <metze@samba.org> 2006
6 Copyright (C) Simo Sorce 2005
7 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2008
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #include "dsdb/samdb/samdb.h"
25 #include "librpc/gen_ndr/ndr_drsuapi.h"
26 #include "librpc/gen_ndr/ndr_security.h"
27 #include "librpc/gen_ndr/ndr_misc.h"
29 #include <ldb_errors.h>
30 #include "system/time.h"
31 #include "../lib/util/charset/charset.h"
32 #include "librpc/ndr/libndr.h"
33 #include "../lib/util/asn1.h"
36 * Initialize dsdb_syntax_ctx with default values
39 void dsdb_syntax_ctx_init(struct dsdb_syntax_ctx *ctx,
40 struct ldb_context *ldb,
41 const struct dsdb_schema *schema)
47 * 'true' will keep current behavior,
48 * i.e. attributeID_id will be returned by default
50 ctx->is_schema_nc = true;
52 ctx->pfm_remote = NULL;
57 * Returns ATTID for DRS attribute.
59 * ATTID depends on whether we are replicating
60 * Schema NC or msDs-IntId is set for schemaAttribute
63 uint32_t dsdb_attribute_get_attid(const struct dsdb_attribute *attr,
66 if (!for_schema_nc && attr->msDS_IntId) {
67 return attr->msDS_IntId;
70 return attr->attributeID_id;
74 * Map an ATTID from remote DC to a local ATTID
75 * using remote prefixMap
77 static bool dsdb_syntax_attid_from_remote_attid(const struct dsdb_syntax_ctx *ctx,
86 * map remote ATTID to local directly in case
87 * of no remote prefixMap (during provision for instance)
89 if (!ctx->pfm_remote) {
90 *id_local = id_remote;
94 werr = dsdb_schema_pfm_oid_from_attid(ctx->pfm_remote, id_remote, mem_ctx, &oid);
95 if (!W_ERROR_IS_OK(werr)) {
96 DEBUG(0,("ATTID->OID failed (%s) for: 0x%08X\n", win_errstr(werr), id_remote));
100 werr = dsdb_schema_pfm_make_attid(ctx->schema->prefixmap, oid, id_local);
101 if (!W_ERROR_IS_OK(werr)) {
102 DEBUG(0,("OID->ATTID failed (%s) for: %s\n", win_errstr(werr), oid));
109 static WERROR dsdb_syntax_FOOBAR_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
110 const struct dsdb_attribute *attr,
111 const struct drsuapi_DsReplicaAttribute *in,
113 struct ldb_message_element *out)
118 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
119 W_ERROR_HAVE_NO_MEMORY(out->name);
121 out->num_values = in->value_ctr.num_values;
122 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
123 W_ERROR_HAVE_NO_MEMORY(out->values);
125 for (i=0; i < out->num_values; i++) {
128 if (in->value_ctr.values[i].blob == NULL) {
132 str = talloc_asprintf(out->values, "%s: not implemented",
134 W_ERROR_HAVE_NO_MEMORY(str);
136 out->values[i] = data_blob_string_const(str);
142 static WERROR dsdb_syntax_FOOBAR_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
143 const struct dsdb_attribute *attr,
144 const struct ldb_message_element *in,
146 struct drsuapi_DsReplicaAttribute *out)
151 static WERROR dsdb_syntax_FOOBAR_validate_ldb(const struct dsdb_syntax_ctx *ctx,
152 const struct dsdb_attribute *attr,
153 const struct ldb_message_element *in)
158 static WERROR dsdb_syntax_BOOL_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
159 const struct dsdb_attribute *attr,
160 const struct drsuapi_DsReplicaAttribute *in,
162 struct ldb_message_element *out)
167 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
168 W_ERROR_HAVE_NO_MEMORY(out->name);
170 out->num_values = in->value_ctr.num_values;
171 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
172 W_ERROR_HAVE_NO_MEMORY(out->values);
174 for (i=0; i < out->num_values; i++) {
178 if (in->value_ctr.values[i].blob == NULL) {
182 if (in->value_ctr.values[i].blob->length != 4) {
186 v = IVAL(in->value_ctr.values[i].blob->data, 0);
189 str = talloc_strdup(out->values, "TRUE");
190 W_ERROR_HAVE_NO_MEMORY(str);
192 str = talloc_strdup(out->values, "FALSE");
193 W_ERROR_HAVE_NO_MEMORY(str);
196 out->values[i] = data_blob_string_const(str);
202 static WERROR dsdb_syntax_BOOL_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
203 const struct dsdb_attribute *attr,
204 const struct ldb_message_element *in,
206 struct drsuapi_DsReplicaAttribute *out)
211 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
215 out->attid = dsdb_attribute_get_attid(attr,
217 out->value_ctr.num_values = in->num_values;
218 out->value_ctr.values = talloc_array(mem_ctx,
219 struct drsuapi_DsAttributeValue,
221 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
223 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
224 W_ERROR_HAVE_NO_MEMORY(blobs);
226 for (i=0; i < in->num_values; i++) {
227 out->value_ctr.values[i].blob = &blobs[i];
229 blobs[i] = data_blob_talloc(blobs, NULL, 4);
230 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
232 if (in->values[i].length >= 4 &&
233 strncmp("TRUE", (const char *)in->values[i].data, in->values[i].length) == 0) {
234 SIVAL(blobs[i].data, 0, 0x00000001);
235 } else if (in->values[i].length >= 5 &&
236 strncmp("FALSE", (const char *)in->values[i].data, in->values[i].length) == 0) {
237 SIVAL(blobs[i].data, 0, 0x00000000);
246 static WERROR dsdb_syntax_BOOL_validate_ldb(const struct dsdb_syntax_ctx *ctx,
247 const struct dsdb_attribute *attr,
248 const struct ldb_message_element *in)
252 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
256 for (i=0; i < in->num_values; i++) {
257 if (in->values[i].length == 0) {
258 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
261 if (in->values[i].length >= 4 &&
263 (const char *)in->values[i].data,
264 in->values[i].length) == 0) {
267 if (in->values[i].length >= 5 &&
269 (const char *)in->values[i].data,
270 in->values[i].length) == 0) {
273 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
279 static WERROR dsdb_syntax_INT32_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
280 const struct dsdb_attribute *attr,
281 const struct drsuapi_DsReplicaAttribute *in,
283 struct ldb_message_element *out)
288 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
289 W_ERROR_HAVE_NO_MEMORY(out->name);
291 out->num_values = in->value_ctr.num_values;
292 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
293 W_ERROR_HAVE_NO_MEMORY(out->values);
295 for (i=0; i < out->num_values; i++) {
299 if (in->value_ctr.values[i].blob == NULL) {
303 if (in->value_ctr.values[i].blob->length != 4) {
307 v = IVALS(in->value_ctr.values[i].blob->data, 0);
309 str = talloc_asprintf(out->values, "%d", v);
310 W_ERROR_HAVE_NO_MEMORY(str);
312 out->values[i] = data_blob_string_const(str);
318 static WERROR dsdb_syntax_INT32_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
319 const struct dsdb_attribute *attr,
320 const struct ldb_message_element *in,
322 struct drsuapi_DsReplicaAttribute *out)
327 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
331 out->attid = dsdb_attribute_get_attid(attr,
333 out->value_ctr.num_values = in->num_values;
334 out->value_ctr.values = talloc_array(mem_ctx,
335 struct drsuapi_DsAttributeValue,
337 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
339 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
340 W_ERROR_HAVE_NO_MEMORY(blobs);
342 for (i=0; i < in->num_values; i++) {
345 out->value_ctr.values[i].blob = &blobs[i];
347 blobs[i] = data_blob_talloc(blobs, NULL, 4);
348 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
350 /* We've to use "strtoll" here to have the intended overflows.
351 * Otherwise we may get "LONG_MAX" and the conversion is wrong. */
352 v = (int32_t) strtoll((char *)in->values[i].data, NULL, 0);
354 SIVALS(blobs[i].data, 0, v);
360 static WERROR dsdb_syntax_INT32_validate_ldb(const struct dsdb_syntax_ctx *ctx,
361 const struct dsdb_attribute *attr,
362 const struct ldb_message_element *in)
366 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
370 for (i=0; i < in->num_values; i++) {
372 char buf[sizeof("-2147483648")];
376 if (in->values[i].length >= sizeof(buf)) {
377 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
380 memcpy(buf, in->values[i].data, in->values[i].length);
382 v = strtol(buf, &end, 10);
384 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
386 if (end && end[0] != '\0') {
387 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
390 if (attr->rangeLower) {
391 if ((int32_t)v < (int32_t)*attr->rangeLower) {
392 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
396 if (attr->rangeUpper) {
397 if ((int32_t)v > (int32_t)*attr->rangeUpper) {
398 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
406 static WERROR dsdb_syntax_INT64_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
407 const struct dsdb_attribute *attr,
408 const struct drsuapi_DsReplicaAttribute *in,
410 struct ldb_message_element *out)
415 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
416 W_ERROR_HAVE_NO_MEMORY(out->name);
418 out->num_values = in->value_ctr.num_values;
419 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
420 W_ERROR_HAVE_NO_MEMORY(out->values);
422 for (i=0; i < out->num_values; i++) {
426 if (in->value_ctr.values[i].blob == NULL) {
430 if (in->value_ctr.values[i].blob->length != 8) {
434 v = BVALS(in->value_ctr.values[i].blob->data, 0);
436 str = talloc_asprintf(out->values, "%lld", (long long int)v);
437 W_ERROR_HAVE_NO_MEMORY(str);
439 out->values[i] = data_blob_string_const(str);
445 static WERROR dsdb_syntax_INT64_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
446 const struct dsdb_attribute *attr,
447 const struct ldb_message_element *in,
449 struct drsuapi_DsReplicaAttribute *out)
454 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
458 out->attid = dsdb_attribute_get_attid(attr,
460 out->value_ctr.num_values = in->num_values;
461 out->value_ctr.values = talloc_array(mem_ctx,
462 struct drsuapi_DsAttributeValue,
464 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
466 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
467 W_ERROR_HAVE_NO_MEMORY(blobs);
469 for (i=0; i < in->num_values; i++) {
472 out->value_ctr.values[i].blob = &blobs[i];
474 blobs[i] = data_blob_talloc(blobs, NULL, 8);
475 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
477 v = strtoll((const char *)in->values[i].data, NULL, 10);
479 SBVALS(blobs[i].data, 0, v);
485 static WERROR dsdb_syntax_INT64_validate_ldb(const struct dsdb_syntax_ctx *ctx,
486 const struct dsdb_attribute *attr,
487 const struct ldb_message_element *in)
491 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
495 for (i=0; i < in->num_values; i++) {
497 char buf[sizeof("-9223372036854775808")];
501 if (in->values[i].length >= sizeof(buf)) {
502 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
504 memcpy(buf, in->values[i].data, in->values[i].length);
507 v = strtoll(buf, &end, 10);
509 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
511 if (end && end[0] != '\0') {
512 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
515 if (attr->rangeLower) {
516 if ((int64_t)v < (int64_t)*attr->rangeLower) {
517 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
521 if (attr->rangeUpper) {
522 if ((int64_t)v > (int64_t)*attr->rangeUpper) {
523 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
530 static WERROR dsdb_syntax_NTTIME_UTC_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
531 const struct dsdb_attribute *attr,
532 const struct drsuapi_DsReplicaAttribute *in,
534 struct ldb_message_element *out)
539 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
540 W_ERROR_HAVE_NO_MEMORY(out->name);
542 out->num_values = in->value_ctr.num_values;
543 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
544 W_ERROR_HAVE_NO_MEMORY(out->values);
546 for (i=0; i < out->num_values; i++) {
551 if (in->value_ctr.values[i].blob == NULL) {
555 if (in->value_ctr.values[i].blob->length != 8) {
559 v = BVAL(in->value_ctr.values[i].blob->data, 0);
561 /* special case for 1601 zero timestamp */
562 out->values[i] = data_blob_string_const("16010101000000.0Z");
566 t = nt_time_to_unix(v);
569 * NOTE: On a w2k3 server you can set a GeneralizedTime string
570 * via LDAP, but you get back an UTCTime string,
571 * but via DRSUAPI you get back the NTTIME_1sec value
572 * that represents the GeneralizedTime value!
574 * So if we store the UTCTime string in our ldb
575 * we'll loose information!
577 str = ldb_timestring_utc(out->values, t);
578 W_ERROR_HAVE_NO_MEMORY(str);
579 out->values[i] = data_blob_string_const(str);
585 static WERROR dsdb_syntax_NTTIME_UTC_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
586 const struct dsdb_attribute *attr,
587 const struct ldb_message_element *in,
589 struct drsuapi_DsReplicaAttribute *out)
594 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
598 out->attid = dsdb_attribute_get_attid(attr,
600 out->value_ctr.num_values = in->num_values;
601 out->value_ctr.values = talloc_array(mem_ctx,
602 struct drsuapi_DsAttributeValue,
604 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
606 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
607 W_ERROR_HAVE_NO_MEMORY(blobs);
609 for (i=0; i < in->num_values; i++) {
613 out->value_ctr.values[i].blob = &blobs[i];
615 blobs[i] = data_blob_talloc(blobs, NULL, 8);
616 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
618 if (ldb_val_string_cmp(&in->values[i], "16010101000000.0Z") == 0) {
619 SBVALS(blobs[i].data, 0, 0);
623 t = ldb_string_utc_to_time((const char *)in->values[i].data);
624 unix_to_nt_time(&v, t);
627 SBVAL(blobs[i].data, 0, v);
633 static WERROR dsdb_syntax_NTTIME_UTC_validate_ldb(const struct dsdb_syntax_ctx *ctx,
634 const struct dsdb_attribute *attr,
635 const struct ldb_message_element *in)
639 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
643 for (i=0; i < in->num_values; i++) {
645 char buf[sizeof("090826075717Z")];
648 if (in->values[i].length >= sizeof(buf)) {
649 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
651 memcpy(buf, in->values[i].data, in->values[i].length);
653 t = ldb_string_utc_to_time(buf);
655 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
658 if (attr->rangeLower) {
659 if ((int32_t)t < (int32_t)*attr->rangeLower) {
660 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
664 if (attr->rangeUpper) {
665 if ((int32_t)t > (int32_t)*attr->rangeLower) {
666 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
671 * TODO: verify the comment in the
672 * dsdb_syntax_NTTIME_UTC_drsuapi_to_ldb() function!
679 static WERROR dsdb_syntax_NTTIME_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
680 const struct dsdb_attribute *attr,
681 const struct drsuapi_DsReplicaAttribute *in,
683 struct ldb_message_element *out)
688 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
689 W_ERROR_HAVE_NO_MEMORY(out->name);
691 out->num_values = in->value_ctr.num_values;
692 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
693 W_ERROR_HAVE_NO_MEMORY(out->values);
695 for (i=0; i < out->num_values; i++) {
700 if (in->value_ctr.values[i].blob == NULL) {
704 if (in->value_ctr.values[i].blob->length != 8) {
708 v = BVAL(in->value_ctr.values[i].blob->data, 0);
710 /* special case for 1601 zero timestamp */
711 out->values[i] = data_blob_string_const("16010101000000.0Z");
715 t = nt_time_to_unix(v);
717 str = ldb_timestring(out->values, t);
718 W_ERROR_HAVE_NO_MEMORY(str);
720 out->values[i] = data_blob_string_const(str);
726 static WERROR dsdb_syntax_NTTIME_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
727 const struct dsdb_attribute *attr,
728 const struct ldb_message_element *in,
730 struct drsuapi_DsReplicaAttribute *out)
735 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
739 out->attid = dsdb_attribute_get_attid(attr,
741 out->value_ctr.num_values = in->num_values;
742 out->value_ctr.values = talloc_array(mem_ctx,
743 struct drsuapi_DsAttributeValue,
745 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
747 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
748 W_ERROR_HAVE_NO_MEMORY(blobs);
750 for (i=0; i < in->num_values; i++) {
755 out->value_ctr.values[i].blob = &blobs[i];
757 blobs[i] = data_blob_talloc(blobs, NULL, 8);
758 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
760 if (ldb_val_string_cmp(&in->values[i], "16010101000000.0Z") == 0) {
761 SBVALS(blobs[i].data, 0, 0);
765 ret = ldb_val_to_time(&in->values[i], &t);
766 if (ret != LDB_SUCCESS) {
767 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
769 unix_to_nt_time(&v, t);
772 SBVAL(blobs[i].data, 0, v);
778 static WERROR dsdb_syntax_NTTIME_validate_ldb(const struct dsdb_syntax_ctx *ctx,
779 const struct dsdb_attribute *attr,
780 const struct ldb_message_element *in)
784 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
788 for (i=0; i < in->num_values; i++) {
792 ret = ldb_val_to_time(&in->values[i], &t);
793 if (ret != LDB_SUCCESS) {
794 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
797 if (attr->rangeLower) {
798 if ((int32_t)t < (int32_t)*attr->rangeLower) {
799 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
803 if (attr->rangeUpper) {
804 if ((int32_t)t > (int32_t)*attr->rangeLower) {
805 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
813 static WERROR dsdb_syntax_DATA_BLOB_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
814 const struct dsdb_attribute *attr,
815 const struct drsuapi_DsReplicaAttribute *in,
817 struct ldb_message_element *out)
822 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
823 W_ERROR_HAVE_NO_MEMORY(out->name);
825 out->num_values = in->value_ctr.num_values;
826 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
827 W_ERROR_HAVE_NO_MEMORY(out->values);
829 for (i=0; i < out->num_values; i++) {
830 if (in->value_ctr.values[i].blob == NULL) {
834 if (in->value_ctr.values[i].blob->length == 0) {
838 out->values[i] = data_blob_dup_talloc(out->values,
839 *in->value_ctr.values[i].blob);
840 W_ERROR_HAVE_NO_MEMORY(out->values[i].data);
846 static WERROR dsdb_syntax_DATA_BLOB_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
847 const struct dsdb_attribute *attr,
848 const struct ldb_message_element *in,
850 struct drsuapi_DsReplicaAttribute *out)
855 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
859 out->attid = dsdb_attribute_get_attid(attr,
861 out->value_ctr.num_values = in->num_values;
862 out->value_ctr.values = talloc_array(mem_ctx,
863 struct drsuapi_DsAttributeValue,
865 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
867 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
868 W_ERROR_HAVE_NO_MEMORY(blobs);
870 for (i=0; i < in->num_values; i++) {
871 out->value_ctr.values[i].blob = &blobs[i];
873 blobs[i] = data_blob_dup_talloc(blobs, in->values[i]);
874 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
880 static WERROR dsdb_syntax_DATA_BLOB_validate_one_val(const struct dsdb_syntax_ctx *ctx,
881 const struct dsdb_attribute *attr,
882 const struct ldb_val *val)
884 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
888 if (attr->rangeLower) {
889 if ((uint32_t)val->length < (uint32_t)*attr->rangeLower) {
890 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
894 if (attr->rangeUpper) {
895 if ((uint32_t)val->length > (uint32_t)*attr->rangeUpper) {
896 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
903 static WERROR dsdb_syntax_DATA_BLOB_validate_ldb(const struct dsdb_syntax_ctx *ctx,
904 const struct dsdb_attribute *attr,
905 const struct ldb_message_element *in)
910 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
914 for (i=0; i < in->num_values; i++) {
915 if (in->values[i].length == 0) {
916 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
919 status = dsdb_syntax_DATA_BLOB_validate_one_val(ctx,
922 if (!W_ERROR_IS_OK(status)) {
930 static WERROR _dsdb_syntax_auto_OID_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
931 const struct dsdb_attribute *attr,
932 const struct drsuapi_DsReplicaAttribute *in,
934 struct ldb_message_element *out)
939 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
940 W_ERROR_HAVE_NO_MEMORY(out->name);
942 out->num_values = in->value_ctr.num_values;
943 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
944 W_ERROR_HAVE_NO_MEMORY(out->values);
946 for (i=0; i < out->num_values; i++) {
948 const struct dsdb_class *c;
949 const struct dsdb_attribute *a;
950 const char *str = NULL;
952 if (in->value_ctr.values[i].blob == NULL) {
956 if (in->value_ctr.values[i].blob->length != 4) {
960 v = IVAL(in->value_ctr.values[i].blob->data, 0);
962 if ((c = dsdb_class_by_governsID_id(ctx->schema, v))) {
963 str = talloc_strdup(out->values, c->lDAPDisplayName);
964 } else if ((a = dsdb_attribute_by_attributeID_id(ctx->schema, v))) {
965 str = talloc_strdup(out->values, a->lDAPDisplayName);
968 SMB_ASSERT(ctx->pfm_remote);
969 werr = dsdb_schema_pfm_oid_from_attid(ctx->pfm_remote, v,
971 W_ERROR_NOT_OK_RETURN(werr);
973 W_ERROR_HAVE_NO_MEMORY(str);
975 /* the values need to be reversed */
976 out->values[out->num_values - (i + 1)] = data_blob_string_const(str);
982 static WERROR _dsdb_syntax_OID_obj_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
983 const struct dsdb_attribute *attr,
984 const struct drsuapi_DsReplicaAttribute *in,
986 struct ldb_message_element *out)
991 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
992 W_ERROR_HAVE_NO_MEMORY(out->name);
994 out->num_values = in->value_ctr.num_values;
995 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
996 W_ERROR_HAVE_NO_MEMORY(out->values);
998 for (i=0; i < out->num_values; i++) {
1000 const struct dsdb_class *c;
1003 if (in->value_ctr.values[i].blob == NULL) {
1007 if (in->value_ctr.values[i].blob->length != 4) {
1011 v = IVAL(in->value_ctr.values[i].blob->data, 0);
1013 /* convert remote ATTID to local ATTID */
1014 if (!dsdb_syntax_attid_from_remote_attid(ctx, mem_ctx, v, &v)) {
1015 DEBUG(1,(__location__ ": Failed to map remote ATTID to local ATTID!\n"));
1019 c = dsdb_class_by_governsID_id(ctx->schema, v);
1021 DEBUG(1,(__location__ ": Unknown governsID 0x%08X\n", v));
1025 str = talloc_strdup(out->values, c->lDAPDisplayName);
1026 W_ERROR_HAVE_NO_MEMORY(str);
1028 /* the values need to be reversed */
1029 out->values[out->num_values - (i + 1)] = data_blob_string_const(str);
1035 static WERROR _dsdb_syntax_OID_attr_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
1036 const struct dsdb_attribute *attr,
1037 const struct drsuapi_DsReplicaAttribute *in,
1038 TALLOC_CTX *mem_ctx,
1039 struct ldb_message_element *out)
1044 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
1045 W_ERROR_HAVE_NO_MEMORY(out->name);
1047 out->num_values = in->value_ctr.num_values;
1048 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
1049 W_ERROR_HAVE_NO_MEMORY(out->values);
1051 for (i=0; i < out->num_values; i++) {
1053 const struct dsdb_attribute *a;
1056 if (in->value_ctr.values[i].blob == NULL) {
1060 if (in->value_ctr.values[i].blob->length != 4) {
1064 v = IVAL(in->value_ctr.values[i].blob->data, 0);
1066 /* convert remote ATTID to local ATTID */
1067 if (!dsdb_syntax_attid_from_remote_attid(ctx, mem_ctx, v, &v)) {
1068 DEBUG(1,(__location__ ": Failed to map remote ATTID to local ATTID!\n"));
1072 a = dsdb_attribute_by_attributeID_id(ctx->schema, v);
1074 DEBUG(1,(__location__ ": Unknown attributeID_id 0x%08X\n", v));
1078 str = talloc_strdup(out->values, a->lDAPDisplayName);
1079 W_ERROR_HAVE_NO_MEMORY(str);
1081 /* the values need to be reversed */
1082 out->values[out->num_values - (i + 1)] = data_blob_string_const(str);
1088 static WERROR _dsdb_syntax_OID_oid_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
1089 const struct dsdb_attribute *attr,
1090 const struct drsuapi_DsReplicaAttribute *in,
1091 TALLOC_CTX *mem_ctx,
1092 struct ldb_message_element *out)
1095 const struct dsdb_schema_prefixmap *prefixmap;
1097 if (ctx->pfm_remote != NULL) {
1098 prefixmap = ctx->pfm_remote;
1100 prefixmap = ctx->schema->prefixmap;
1102 SMB_ASSERT(prefixmap);
1105 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
1106 W_ERROR_HAVE_NO_MEMORY(out->name);
1108 out->num_values = in->value_ctr.num_values;
1109 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
1110 W_ERROR_HAVE_NO_MEMORY(out->values);
1112 for (i=0; i < out->num_values; i++) {
1117 if (in->value_ctr.values[i].blob == NULL) {
1121 if (in->value_ctr.values[i].blob->length != 4) {
1125 attid = IVAL(in->value_ctr.values[i].blob->data, 0);
1127 status = dsdb_schema_pfm_oid_from_attid(prefixmap, attid,
1129 if (!W_ERROR_IS_OK(status)) {
1130 DEBUG(0,(__location__ ": Error: Unknown ATTID 0x%08X\n",
1135 out->values[i] = data_blob_string_const(oid);
1141 static WERROR _dsdb_syntax_auto_OID_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
1142 const struct dsdb_attribute *attr,
1143 const struct ldb_message_element *in,
1144 TALLOC_CTX *mem_ctx,
1145 struct drsuapi_DsReplicaAttribute *out)
1150 out->attid= dsdb_attribute_get_attid(attr,
1152 out->value_ctr.num_values= in->num_values;
1153 out->value_ctr.values= talloc_array(mem_ctx,
1154 struct drsuapi_DsAttributeValue,
1156 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
1158 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
1159 W_ERROR_HAVE_NO_MEMORY(blobs);
1161 for (i=0; i < in->num_values; i++) {
1162 const struct dsdb_class *obj_class;
1163 const struct dsdb_attribute *obj_attr;
1166 out->value_ctr.values[i].blob= &blobs[i];
1168 blobs[i] = data_blob_talloc(blobs, NULL, 4);
1169 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
1171 /* in DRS windows puts the classes in the opposite
1172 order to the order used in ldap */
1173 v = &in->values[(in->num_values-1)-i];
1175 if ((obj_class = dsdb_class_by_lDAPDisplayName_ldb_val(ctx->schema, v))) {
1176 SIVAL(blobs[i].data, 0, obj_class->governsID_id);
1177 } else if ((obj_attr = dsdb_attribute_by_lDAPDisplayName_ldb_val(ctx->schema, v))) {
1178 SIVAL(blobs[i].data, 0, obj_attr->attributeID_id);
1182 werr = dsdb_schema_pfm_attid_from_oid(ctx->schema->prefixmap,
1183 (const char *)v->data,
1185 W_ERROR_NOT_OK_RETURN(werr);
1186 SIVAL(blobs[i].data, 0, attid);
1195 static WERROR _dsdb_syntax_OID_obj_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
1196 const struct dsdb_attribute *attr,
1197 const struct ldb_message_element *in,
1198 TALLOC_CTX *mem_ctx,
1199 struct drsuapi_DsReplicaAttribute *out)
1204 out->attid= dsdb_attribute_get_attid(attr,
1206 out->value_ctr.num_values= in->num_values;
1207 out->value_ctr.values= talloc_array(mem_ctx,
1208 struct drsuapi_DsAttributeValue,
1210 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
1212 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
1213 W_ERROR_HAVE_NO_MEMORY(blobs);
1215 for (i=0; i < in->num_values; i++) {
1216 const struct dsdb_class *obj_class;
1218 out->value_ctr.values[i].blob= &blobs[i];
1220 blobs[i] = data_blob_talloc(blobs, NULL, 4);
1221 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
1223 /* in DRS windows puts the classes in the opposite
1224 order to the order used in ldap */
1225 obj_class = dsdb_class_by_lDAPDisplayName(ctx->schema,
1226 (const char *)in->values[(in->num_values-1)-i].data);
1230 SIVAL(blobs[i].data, 0, obj_class->governsID_id);
1237 static WERROR _dsdb_syntax_OID_attr_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
1238 const struct dsdb_attribute *attr,
1239 const struct ldb_message_element *in,
1240 TALLOC_CTX *mem_ctx,
1241 struct drsuapi_DsReplicaAttribute *out)
1246 out->attid= dsdb_attribute_get_attid(attr,
1248 out->value_ctr.num_values= in->num_values;
1249 out->value_ctr.values= talloc_array(mem_ctx,
1250 struct drsuapi_DsAttributeValue,
1252 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
1254 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
1255 W_ERROR_HAVE_NO_MEMORY(blobs);
1257 for (i=0; i < in->num_values; i++) {
1258 const struct dsdb_attribute *obj_attr;
1260 out->value_ctr.values[i].blob= &blobs[i];
1262 blobs[i] = data_blob_talloc(blobs, NULL, 4);
1263 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
1265 obj_attr = dsdb_attribute_by_lDAPDisplayName(ctx->schema, (const char *)in->values[i].data);
1269 SIVAL(blobs[i].data, 0, obj_attr->attributeID_id);
1276 static WERROR _dsdb_syntax_OID_oid_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
1277 const struct dsdb_attribute *attr,
1278 const struct ldb_message_element *in,
1279 TALLOC_CTX *mem_ctx,
1280 struct drsuapi_DsReplicaAttribute *out)
1285 out->attid= dsdb_attribute_get_attid(attr,
1287 out->value_ctr.num_values= in->num_values;
1288 out->value_ctr.values= talloc_array(mem_ctx,
1289 struct drsuapi_DsAttributeValue,
1291 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
1293 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
1294 W_ERROR_HAVE_NO_MEMORY(blobs);
1296 for (i=0; i < in->num_values; i++) {
1300 out->value_ctr.values[i].blob= &blobs[i];
1302 blobs[i] = data_blob_talloc(blobs, NULL, 4);
1303 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
1305 status = dsdb_schema_pfm_attid_from_oid(ctx->schema->prefixmap,
1306 (const char *)in->values[i].data,
1308 W_ERROR_NOT_OK_RETURN(status);
1310 SIVAL(blobs[i].data, 0, attid);
1316 static WERROR dsdb_syntax_OID_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
1317 const struct dsdb_attribute *attr,
1318 const struct drsuapi_DsReplicaAttribute *in,
1319 TALLOC_CTX *mem_ctx,
1320 struct ldb_message_element *out)
1324 switch (attr->attributeID_id) {
1325 case DRSUAPI_ATTID_objectClass:
1326 case DRSUAPI_ATTID_subClassOf:
1327 case DRSUAPI_ATTID_auxiliaryClass:
1328 case DRSUAPI_ATTID_systemAuxiliaryClass:
1329 case DRSUAPI_ATTID_systemPossSuperiors:
1330 case DRSUAPI_ATTID_possSuperiors:
1331 werr = _dsdb_syntax_OID_obj_drsuapi_to_ldb(ctx, attr, in, mem_ctx, out);
1333 case DRSUAPI_ATTID_systemMustContain:
1334 case DRSUAPI_ATTID_systemMayContain:
1335 case DRSUAPI_ATTID_mustContain:
1336 case DRSUAPI_ATTID_rDNAttId:
1337 case DRSUAPI_ATTID_transportAddressAttribute:
1338 case DRSUAPI_ATTID_mayContain:
1339 werr = _dsdb_syntax_OID_attr_drsuapi_to_ldb(ctx, attr, in, mem_ctx, out);
1341 case DRSUAPI_ATTID_governsID:
1342 case DRSUAPI_ATTID_attributeID:
1343 case DRSUAPI_ATTID_attributeSyntax:
1344 werr = _dsdb_syntax_OID_oid_drsuapi_to_ldb(ctx, attr, in, mem_ctx, out);
1347 DEBUG(0,(__location__ ": Unknown handling for attributeID_id for %s\n",
1348 attr->lDAPDisplayName));
1349 return _dsdb_syntax_auto_OID_drsuapi_to_ldb(ctx, attr, in, mem_ctx, out);
1352 /* When we are doing the vampire of a schema, we don't want
1353 * the inability to reference an OID to get in the way.
1354 * Otherwise, we won't get the new schema with which to
1355 * understand this */
1356 if (!W_ERROR_IS_OK(werr) && ctx->schema->relax_OID_conversions) {
1357 return _dsdb_syntax_OID_oid_drsuapi_to_ldb(ctx, attr, in, mem_ctx, out);
1362 static WERROR dsdb_syntax_OID_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
1363 const struct dsdb_attribute *attr,
1364 const struct ldb_message_element *in,
1365 TALLOC_CTX *mem_ctx,
1366 struct drsuapi_DsReplicaAttribute *out)
1368 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
1372 switch (attr->attributeID_id) {
1373 case DRSUAPI_ATTID_objectClass:
1374 case DRSUAPI_ATTID_subClassOf:
1375 case DRSUAPI_ATTID_auxiliaryClass:
1376 case DRSUAPI_ATTID_systemAuxiliaryClass:
1377 case DRSUAPI_ATTID_systemPossSuperiors:
1378 case DRSUAPI_ATTID_possSuperiors:
1379 return _dsdb_syntax_OID_obj_ldb_to_drsuapi(ctx, attr, in, mem_ctx, out);
1380 case DRSUAPI_ATTID_systemMustContain:
1381 case DRSUAPI_ATTID_systemMayContain:
1382 case DRSUAPI_ATTID_mustContain:
1383 case DRSUAPI_ATTID_rDNAttId:
1384 case DRSUAPI_ATTID_transportAddressAttribute:
1385 case DRSUAPI_ATTID_mayContain:
1386 return _dsdb_syntax_OID_attr_ldb_to_drsuapi(ctx, attr, in, mem_ctx, out);
1387 case DRSUAPI_ATTID_governsID:
1388 case DRSUAPI_ATTID_attributeID:
1389 case DRSUAPI_ATTID_attributeSyntax:
1390 return _dsdb_syntax_OID_oid_ldb_to_drsuapi(ctx, attr, in, mem_ctx, out);
1393 DEBUG(0,(__location__ ": Unknown handling for attributeID_id for %s\n",
1394 attr->lDAPDisplayName));
1396 return _dsdb_syntax_auto_OID_ldb_to_drsuapi(ctx, attr, in, mem_ctx, out);
1399 static WERROR _dsdb_syntax_OID_validate_numericoid(const struct dsdb_syntax_ctx *ctx,
1400 const struct dsdb_attribute *attr,
1401 const struct ldb_message_element *in)
1404 TALLOC_CTX *tmp_ctx;
1406 tmp_ctx = talloc_new(ctx->ldb);
1407 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
1409 for (i=0; i < in->num_values; i++) {
1412 const char *oid = (const char*)in->values[i].data;
1414 if (in->values[i].length == 0) {
1415 talloc_free(tmp_ctx);
1416 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1419 if (!ber_write_OID_String(tmp_ctx, &blob, oid)) {
1420 DEBUG(0,("ber_write_OID_String() failed for %s\n", oid));
1421 talloc_free(tmp_ctx);
1422 return WERR_INVALID_PARAMETER;
1425 if (!ber_read_OID_String(tmp_ctx, blob, &oid_out)) {
1426 DEBUG(0,("ber_read_OID_String() failed for %s\n",
1427 hex_encode_talloc(tmp_ctx, blob.data, blob.length)));
1428 talloc_free(tmp_ctx);
1429 return WERR_INVALID_PARAMETER;
1432 if (strcmp(oid, oid_out) != 0) {
1433 talloc_free(tmp_ctx);
1434 return WERR_INVALID_PARAMETER;
1438 talloc_free(tmp_ctx);
1442 static WERROR dsdb_syntax_OID_validate_ldb(const struct dsdb_syntax_ctx *ctx,
1443 const struct dsdb_attribute *attr,
1444 const struct ldb_message_element *in)
1447 struct drsuapi_DsReplicaAttribute drs_tmp;
1448 struct ldb_message_element ldb_tmp;
1449 TALLOC_CTX *tmp_ctx;
1451 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
1455 switch (attr->attributeID_id) {
1456 case DRSUAPI_ATTID_governsID:
1457 case DRSUAPI_ATTID_attributeID:
1458 case DRSUAPI_ATTID_attributeSyntax:
1459 return _dsdb_syntax_OID_validate_numericoid(ctx, attr, in);
1463 * TODO: optimize and verify this code
1466 tmp_ctx = talloc_new(ctx->ldb);
1467 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
1469 status = dsdb_syntax_OID_ldb_to_drsuapi(ctx,
1474 if (!W_ERROR_IS_OK(status)) {
1475 talloc_free(tmp_ctx);
1479 status = dsdb_syntax_OID_drsuapi_to_ldb(ctx,
1484 if (!W_ERROR_IS_OK(status)) {
1485 talloc_free(tmp_ctx);
1489 talloc_free(tmp_ctx);
1493 static WERROR dsdb_syntax_UNICODE_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
1494 const struct dsdb_attribute *attr,
1495 const struct drsuapi_DsReplicaAttribute *in,
1496 TALLOC_CTX *mem_ctx,
1497 struct ldb_message_element *out)
1502 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
1503 W_ERROR_HAVE_NO_MEMORY(out->name);
1505 out->num_values = in->value_ctr.num_values;
1506 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
1507 W_ERROR_HAVE_NO_MEMORY(out->values);
1509 for (i=0; i < out->num_values; i++) {
1510 size_t converted_size = 0;
1513 if (in->value_ctr.values[i].blob == NULL) {
1517 if (in->value_ctr.values[i].blob->length == 0) {
1521 if (!convert_string_talloc(out->values,
1523 in->value_ctr.values[i].blob->data,
1524 in->value_ctr.values[i].blob->length,
1525 (void **)&str, &converted_size)) {
1529 out->values[i] = data_blob_string_const(str);
1535 static WERROR dsdb_syntax_UNICODE_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
1536 const struct dsdb_attribute *attr,
1537 const struct ldb_message_element *in,
1538 TALLOC_CTX *mem_ctx,
1539 struct drsuapi_DsReplicaAttribute *out)
1544 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
1548 out->attid = dsdb_attribute_get_attid(attr,
1550 out->value_ctr.num_values = in->num_values;
1551 out->value_ctr.values = talloc_array(mem_ctx,
1552 struct drsuapi_DsAttributeValue,
1554 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
1556 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
1557 W_ERROR_HAVE_NO_MEMORY(blobs);
1559 for (i=0; i < in->num_values; i++) {
1560 out->value_ctr.values[i].blob = &blobs[i];
1562 if (!convert_string_talloc(blobs,
1564 in->values[i].data, in->values[i].length,
1565 (void **)&blobs[i].data, &blobs[i].length)) {
1573 static WERROR dsdb_syntax_UNICODE_validate_one_val(const struct dsdb_syntax_ctx *ctx,
1574 const struct dsdb_attribute *attr,
1575 const struct ldb_val *val)
1581 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
1585 ok = convert_string_talloc(ctx->ldb,
1593 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1596 if (attr->rangeLower) {
1597 if ((size/2) < *attr->rangeLower) {
1598 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1602 if (attr->rangeUpper) {
1603 if ((size/2) > *attr->rangeUpper) {
1604 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1611 static WERROR dsdb_syntax_UNICODE_validate_ldb(const struct dsdb_syntax_ctx *ctx,
1612 const struct dsdb_attribute *attr,
1613 const struct ldb_message_element *in)
1618 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
1622 for (i=0; i < in->num_values; i++) {
1623 if (in->values[i].length == 0) {
1624 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1627 status = dsdb_syntax_UNICODE_validate_one_val(ctx,
1630 if (!W_ERROR_IS_OK(status)) {
1638 static WERROR dsdb_syntax_one_DN_drsuapi_to_ldb(TALLOC_CTX *mem_ctx, struct ldb_context *ldb,
1639 const struct dsdb_syntax *syntax,
1640 const DATA_BLOB *in, DATA_BLOB *out)
1642 struct drsuapi_DsReplicaObjectIdentifier3 id3;
1643 enum ndr_err_code ndr_err;
1644 DATA_BLOB guid_blob;
1646 TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
1651 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
1655 talloc_free(tmp_ctx);
1659 if (in->length == 0) {
1660 talloc_free(tmp_ctx);
1665 /* windows sometimes sends an extra two pad bytes here */
1666 ndr_err = ndr_pull_struct_blob(in,
1668 (ndr_pull_flags_fn_t)ndr_pull_drsuapi_DsReplicaObjectIdentifier3);
1669 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1670 status = ndr_map_error2ntstatus(ndr_err);
1671 talloc_free(tmp_ctx);
1672 return ntstatus_to_werror(status);
1675 dn = ldb_dn_new(tmp_ctx, ldb, id3.dn);
1677 talloc_free(tmp_ctx);
1678 /* If this fails, it must be out of memory, as it does not do much parsing */
1679 W_ERROR_HAVE_NO_MEMORY(dn);
1682 if (!GUID_all_zero(&id3.guid)) {
1683 status = GUID_to_ndr_blob(&id3.guid, tmp_ctx, &guid_blob);
1684 if (!NT_STATUS_IS_OK(status)) {
1685 talloc_free(tmp_ctx);
1686 return ntstatus_to_werror(status);
1689 ret = ldb_dn_set_extended_component(dn, "GUID", &guid_blob);
1690 if (ret != LDB_SUCCESS) {
1691 talloc_free(tmp_ctx);
1694 talloc_free(guid_blob.data);
1697 if (id3.__ndr_size_sid) {
1699 ndr_err = ndr_push_struct_blob(&sid_blob, tmp_ctx, &id3.sid,
1700 (ndr_push_flags_fn_t)ndr_push_dom_sid);
1701 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1702 status = ndr_map_error2ntstatus(ndr_err);
1703 talloc_free(tmp_ctx);
1704 return ntstatus_to_werror(status);
1707 ret = ldb_dn_set_extended_component(dn, "SID", &sid_blob);
1708 if (ret != LDB_SUCCESS) {
1709 talloc_free(tmp_ctx);
1714 *out = data_blob_string_const(ldb_dn_get_extended_linearized(mem_ctx, dn, 1));
1715 talloc_free(tmp_ctx);
1719 static WERROR dsdb_syntax_DN_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
1720 const struct dsdb_attribute *attr,
1721 const struct drsuapi_DsReplicaAttribute *in,
1722 TALLOC_CTX *mem_ctx,
1723 struct ldb_message_element *out)
1728 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
1729 W_ERROR_HAVE_NO_MEMORY(out->name);
1731 out->num_values = in->value_ctr.num_values;
1732 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
1733 W_ERROR_HAVE_NO_MEMORY(out->values);
1735 for (i=0; i < out->num_values; i++) {
1736 WERROR status = dsdb_syntax_one_DN_drsuapi_to_ldb(out->values, ctx->ldb, attr->syntax,
1737 in->value_ctr.values[i].blob,
1739 if (!W_ERROR_IS_OK(status)) {
1748 static WERROR dsdb_syntax_DN_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
1749 const struct dsdb_attribute *attr,
1750 const struct ldb_message_element *in,
1751 TALLOC_CTX *mem_ctx,
1752 struct drsuapi_DsReplicaAttribute *out)
1757 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
1761 out->attid = dsdb_attribute_get_attid(attr,
1763 out->value_ctr.num_values = in->num_values;
1764 out->value_ctr.values = talloc_array(mem_ctx,
1765 struct drsuapi_DsAttributeValue,
1767 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
1769 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
1770 W_ERROR_HAVE_NO_MEMORY(blobs);
1772 for (i=0; i < in->num_values; i++) {
1773 struct drsuapi_DsReplicaObjectIdentifier3 id3;
1774 enum ndr_err_code ndr_err;
1776 TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
1779 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
1781 out->value_ctr.values[i].blob = &blobs[i];
1783 dn = ldb_dn_from_ldb_val(tmp_ctx, ctx->ldb, &in->values[i]);
1785 W_ERROR_HAVE_NO_MEMORY(dn);
1789 status = dsdb_get_extended_dn_guid(dn, &id3.guid, "GUID");
1790 if (!NT_STATUS_IS_OK(status) &&
1791 !NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
1792 talloc_free(tmp_ctx);
1793 return ntstatus_to_werror(status);
1796 status = dsdb_get_extended_dn_sid(dn, &id3.sid, "SID");
1797 if (!NT_STATUS_IS_OK(status) &&
1798 !NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
1799 talloc_free(tmp_ctx);
1800 return ntstatus_to_werror(status);
1803 id3.dn = ldb_dn_get_linearized(dn);
1805 ndr_err = ndr_push_struct_blob(&blobs[i], blobs, &id3, (ndr_push_flags_fn_t)ndr_push_drsuapi_DsReplicaObjectIdentifier3);
1806 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1807 status = ndr_map_error2ntstatus(ndr_err);
1808 talloc_free(tmp_ctx);
1809 return ntstatus_to_werror(status);
1811 talloc_free(tmp_ctx);
1817 static WERROR dsdb_syntax_DN_validate_one_val(const struct dsdb_syntax_ctx *ctx,
1818 const struct dsdb_attribute *attr,
1819 const struct ldb_val *val,
1820 TALLOC_CTX *mem_ctx,
1821 struct dsdb_dn **_dsdb_dn)
1823 static const char * const extended_list[] = { "GUID", "SID", NULL };
1824 enum ndr_err_code ndr_err;
1827 const DATA_BLOB *sid_blob;
1828 struct dsdb_dn *dsdb_dn;
1834 TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
1837 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
1839 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
1843 dsdb_dn = dsdb_dn_parse(tmp_ctx, ctx->ldb, val,
1844 attr->syntax->ldap_oid);
1846 talloc_free(tmp_ctx);
1847 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1851 dn2 = ldb_dn_copy(tmp_ctx, dn);
1853 talloc_free(tmp_ctx);
1857 num_components = ldb_dn_get_comp_num(dn);
1859 status = dsdb_get_extended_dn_guid(dn, &guid, "GUID");
1860 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
1862 } else if (!NT_STATUS_IS_OK(status)) {
1863 talloc_free(tmp_ctx);
1864 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1867 sid_blob = ldb_dn_get_extended_component(dn, "SID");
1870 ndr_err = ndr_pull_struct_blob_all(sid_blob,
1873 (ndr_pull_flags_fn_t)ndr_pull_dom_sid);
1874 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1875 talloc_free(tmp_ctx);
1876 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1880 /* Do not allow links to the RootDSE */
1881 if (num_components == 0) {
1882 talloc_free(tmp_ctx);
1883 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1887 * We need to check that only "GUID" and "SID" are
1888 * specified as extended components, we do that
1889 * by comparing the dn's after removing all components
1890 * from one dn and only the allowed subset from the other
1893 ldb_dn_extended_filter(dn, extended_list);
1895 dn_str = ldb_dn_get_extended_linearized(tmp_ctx, dn, 0);
1896 if (dn_str == NULL) {
1897 talloc_free(tmp_ctx);
1898 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1900 dn2_str = ldb_dn_get_extended_linearized(tmp_ctx, dn2, 0);
1901 if (dn2_str == NULL) {
1902 talloc_free(tmp_ctx);
1903 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1906 if (strcmp(dn_str, dn2_str) != 0) {
1907 talloc_free(tmp_ctx);
1908 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1911 *_dsdb_dn = talloc_move(mem_ctx, &dsdb_dn);
1912 talloc_free(tmp_ctx);
1916 static WERROR dsdb_syntax_DN_validate_ldb(const struct dsdb_syntax_ctx *ctx,
1917 const struct dsdb_attribute *attr,
1918 const struct ldb_message_element *in)
1922 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
1926 for (i=0; i < in->num_values; i++) {
1928 struct dsdb_dn *dsdb_dn;
1929 TALLOC_CTX *tmp_ctx = talloc_new(ctx->ldb);
1930 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
1932 status = dsdb_syntax_DN_validate_one_val(ctx,
1936 if (!W_ERROR_IS_OK(status)) {
1937 talloc_free(tmp_ctx);
1941 if (dsdb_dn->dn_format != DSDB_NORMAL_DN) {
1942 talloc_free(tmp_ctx);
1943 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1946 talloc_free(tmp_ctx);
1952 static WERROR dsdb_syntax_DN_BINARY_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
1953 const struct dsdb_attribute *attr,
1954 const struct drsuapi_DsReplicaAttribute *in,
1955 TALLOC_CTX *mem_ctx,
1956 struct ldb_message_element *out)
1962 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
1963 W_ERROR_HAVE_NO_MEMORY(out->name);
1965 out->num_values = in->value_ctr.num_values;
1966 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
1967 W_ERROR_HAVE_NO_MEMORY(out->values);
1969 for (i=0; i < out->num_values; i++) {
1970 struct drsuapi_DsReplicaObjectIdentifier3Binary id3;
1971 enum ndr_err_code ndr_err;
1972 DATA_BLOB guid_blob;
1974 struct dsdb_dn *dsdb_dn;
1976 TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
1978 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
1981 if (in->value_ctr.values[i].blob == NULL) {
1982 talloc_free(tmp_ctx);
1986 if (in->value_ctr.values[i].blob->length == 0) {
1987 talloc_free(tmp_ctx);
1992 /* windows sometimes sends an extra two pad bytes here */
1993 ndr_err = ndr_pull_struct_blob(in->value_ctr.values[i].blob,
1995 (ndr_pull_flags_fn_t)ndr_pull_drsuapi_DsReplicaObjectIdentifier3Binary);
1996 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1997 status = ndr_map_error2ntstatus(ndr_err);
1998 talloc_free(tmp_ctx);
1999 return ntstatus_to_werror(status);
2002 dn = ldb_dn_new(tmp_ctx, ctx->ldb, id3.dn);
2004 talloc_free(tmp_ctx);
2005 /* If this fails, it must be out of memory, as it does not do much parsing */
2006 W_ERROR_HAVE_NO_MEMORY(dn);
2009 if (!GUID_all_zero(&id3.guid)) {
2010 status = GUID_to_ndr_blob(&id3.guid, tmp_ctx, &guid_blob);
2011 if (!NT_STATUS_IS_OK(status)) {
2012 talloc_free(tmp_ctx);
2013 return ntstatus_to_werror(status);
2016 ret = ldb_dn_set_extended_component(dn, "GUID", &guid_blob);
2017 if (ret != LDB_SUCCESS) {
2018 talloc_free(tmp_ctx);
2021 talloc_free(guid_blob.data);
2024 if (id3.__ndr_size_sid) {
2026 ndr_err = ndr_push_struct_blob(&sid_blob, tmp_ctx, &id3.sid,
2027 (ndr_push_flags_fn_t)ndr_push_dom_sid);
2028 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
2029 status = ndr_map_error2ntstatus(ndr_err);
2030 talloc_free(tmp_ctx);
2031 return ntstatus_to_werror(status);
2034 ret = ldb_dn_set_extended_component(dn, "SID", &sid_blob);
2035 if (ret != LDB_SUCCESS) {
2036 talloc_free(tmp_ctx);
2041 /* set binary stuff */
2042 dsdb_dn = dsdb_dn_construct(tmp_ctx, dn, id3.binary, attr->syntax->ldap_oid);
2044 /* If this fails, it must be out of memory, we know the ldap_oid is valid */
2045 talloc_free(tmp_ctx);
2046 W_ERROR_HAVE_NO_MEMORY(dsdb_dn);
2048 out->values[i] = data_blob_string_const(dsdb_dn_get_extended_linearized(out->values, dsdb_dn, 1));
2049 talloc_free(tmp_ctx);
2055 static WERROR dsdb_syntax_DN_BINARY_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
2056 const struct dsdb_attribute *attr,
2057 const struct ldb_message_element *in,
2058 TALLOC_CTX *mem_ctx,
2059 struct drsuapi_DsReplicaAttribute *out)
2064 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
2068 out->attid = dsdb_attribute_get_attid(attr,
2070 out->value_ctr.num_values = in->num_values;
2071 out->value_ctr.values = talloc_array(mem_ctx,
2072 struct drsuapi_DsAttributeValue,
2074 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
2076 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
2077 W_ERROR_HAVE_NO_MEMORY(blobs);
2079 for (i=0; i < in->num_values; i++) {
2080 struct drsuapi_DsReplicaObjectIdentifier3Binary id3;
2081 enum ndr_err_code ndr_err;
2082 const DATA_BLOB *sid_blob;
2083 struct dsdb_dn *dsdb_dn;
2084 TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
2087 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
2089 out->value_ctr.values[i].blob = &blobs[i];
2091 dsdb_dn = dsdb_dn_parse(tmp_ctx, ctx->ldb, &in->values[i], attr->syntax->ldap_oid);
2094 talloc_free(tmp_ctx);
2095 return ntstatus_to_werror(NT_STATUS_INVALID_PARAMETER);
2100 status = dsdb_get_extended_dn_guid(dsdb_dn->dn, &id3.guid, "GUID");
2101 if (!NT_STATUS_IS_OK(status) &&
2102 !NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
2103 talloc_free(tmp_ctx);
2104 return ntstatus_to_werror(status);
2107 sid_blob = ldb_dn_get_extended_component(dsdb_dn->dn, "SID");
2110 ndr_err = ndr_pull_struct_blob_all(sid_blob,
2112 (ndr_pull_flags_fn_t)ndr_pull_dom_sid);
2113 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
2114 status = ndr_map_error2ntstatus(ndr_err);
2115 talloc_free(tmp_ctx);
2116 return ntstatus_to_werror(status);
2120 id3.dn = ldb_dn_get_linearized(dsdb_dn->dn);
2122 /* get binary stuff */
2123 id3.binary = dsdb_dn->extra_part;
2125 ndr_err = ndr_push_struct_blob(&blobs[i], blobs, &id3, (ndr_push_flags_fn_t)ndr_push_drsuapi_DsReplicaObjectIdentifier3Binary);
2126 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
2127 status = ndr_map_error2ntstatus(ndr_err);
2128 talloc_free(tmp_ctx);
2129 return ntstatus_to_werror(status);
2131 talloc_free(tmp_ctx);
2137 static WERROR dsdb_syntax_DN_BINARY_validate_ldb(const struct dsdb_syntax_ctx *ctx,
2138 const struct dsdb_attribute *attr,
2139 const struct ldb_message_element *in)
2143 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
2147 for (i=0; i < in->num_values; i++) {
2149 struct dsdb_dn *dsdb_dn;
2150 TALLOC_CTX *tmp_ctx = talloc_new(ctx->ldb);
2151 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
2153 status = dsdb_syntax_DN_validate_one_val(ctx,
2157 if (!W_ERROR_IS_OK(status)) {
2158 talloc_free(tmp_ctx);
2162 if (dsdb_dn->dn_format != DSDB_BINARY_DN) {
2163 talloc_free(tmp_ctx);
2164 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
2167 status = dsdb_syntax_DATA_BLOB_validate_one_val(ctx,
2169 &dsdb_dn->extra_part);
2170 if (!W_ERROR_IS_OK(status)) {
2171 talloc_free(tmp_ctx);
2175 talloc_free(tmp_ctx);
2181 static WERROR dsdb_syntax_DN_STRING_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
2182 const struct dsdb_attribute *attr,
2183 const struct drsuapi_DsReplicaAttribute *in,
2184 TALLOC_CTX *mem_ctx,
2185 struct ldb_message_element *out)
2187 return dsdb_syntax_DN_BINARY_drsuapi_to_ldb(ctx,
2194 static WERROR dsdb_syntax_DN_STRING_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
2195 const struct dsdb_attribute *attr,
2196 const struct ldb_message_element *in,
2197 TALLOC_CTX *mem_ctx,
2198 struct drsuapi_DsReplicaAttribute *out)
2200 return dsdb_syntax_DN_BINARY_ldb_to_drsuapi(ctx,
2207 static WERROR dsdb_syntax_DN_STRING_validate_ldb(const struct dsdb_syntax_ctx *ctx,
2208 const struct dsdb_attribute *attr,
2209 const struct ldb_message_element *in)
2213 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
2217 for (i=0; i < in->num_values; i++) {
2219 struct dsdb_dn *dsdb_dn;
2220 TALLOC_CTX *tmp_ctx = talloc_new(ctx->ldb);
2221 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
2223 status = dsdb_syntax_DN_validate_one_val(ctx,
2227 if (!W_ERROR_IS_OK(status)) {
2228 talloc_free(tmp_ctx);
2232 if (dsdb_dn->dn_format != DSDB_STRING_DN) {
2233 talloc_free(tmp_ctx);
2234 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
2237 status = dsdb_syntax_UNICODE_validate_one_val(ctx,
2239 &dsdb_dn->extra_part);
2240 if (!W_ERROR_IS_OK(status)) {
2241 talloc_free(tmp_ctx);
2245 talloc_free(tmp_ctx);
2251 static WERROR dsdb_syntax_PRESENTATION_ADDRESS_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
2252 const struct dsdb_attribute *attr,
2253 const struct drsuapi_DsReplicaAttribute *in,
2254 TALLOC_CTX *mem_ctx,
2255 struct ldb_message_element *out)
2260 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
2261 W_ERROR_HAVE_NO_MEMORY(out->name);
2263 out->num_values = in->value_ctr.num_values;
2264 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
2265 W_ERROR_HAVE_NO_MEMORY(out->values);
2267 for (i=0; i < out->num_values; i++) {
2269 size_t converted_size = 0;
2272 if (in->value_ctr.values[i].blob == NULL) {
2276 if (in->value_ctr.values[i].blob->length < 4) {
2280 len = IVAL(in->value_ctr.values[i].blob->data, 0);
2282 if (len != in->value_ctr.values[i].blob->length) {
2286 if (!convert_string_talloc(out->values, CH_UTF16, CH_UNIX,
2287 in->value_ctr.values[i].blob->data+4,
2288 in->value_ctr.values[i].blob->length-4,
2289 (void **)&str, &converted_size)) {
2293 out->values[i] = data_blob_string_const(str);
2299 static WERROR dsdb_syntax_PRESENTATION_ADDRESS_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
2300 const struct dsdb_attribute *attr,
2301 const struct ldb_message_element *in,
2302 TALLOC_CTX *mem_ctx,
2303 struct drsuapi_DsReplicaAttribute *out)
2308 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
2312 out->attid = dsdb_attribute_get_attid(attr,
2314 out->value_ctr.num_values = in->num_values;
2315 out->value_ctr.values = talloc_array(mem_ctx,
2316 struct drsuapi_DsAttributeValue,
2318 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
2320 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
2321 W_ERROR_HAVE_NO_MEMORY(blobs);
2323 for (i=0; i < in->num_values; i++) {
2327 out->value_ctr.values[i].blob = &blobs[i];
2329 if (!convert_string_talloc(blobs, CH_UNIX, CH_UTF16,
2331 in->values[i].length,
2332 (void **)&data, &ret)) {
2336 blobs[i] = data_blob_talloc(blobs, NULL, 4 + ret);
2337 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
2339 SIVAL(blobs[i].data, 0, 4 + ret);
2342 memcpy(blobs[i].data + 4, data, ret);
2350 static WERROR dsdb_syntax_PRESENTATION_ADDRESS_validate_ldb(const struct dsdb_syntax_ctx *ctx,
2351 const struct dsdb_attribute *attr,
2352 const struct ldb_message_element *in)
2354 return dsdb_syntax_UNICODE_validate_ldb(ctx,
2359 #define OMOBJECTCLASS(val) { .length = sizeof(val) - 1, .data = discard_const_p(uint8_t, val) }
2361 static const struct dsdb_syntax dsdb_syntaxes[] = {
2364 .ldap_oid = LDB_SYNTAX_BOOLEAN,
2366 .attributeSyntax_oid = "2.5.5.8",
2367 .drsuapi_to_ldb = dsdb_syntax_BOOL_drsuapi_to_ldb,
2368 .ldb_to_drsuapi = dsdb_syntax_BOOL_ldb_to_drsuapi,
2369 .validate_ldb = dsdb_syntax_BOOL_validate_ldb,
2370 .equality = "booleanMatch",
2371 .comment = "Boolean",
2372 .auto_normalise = true
2375 .ldap_oid = LDB_SYNTAX_INTEGER,
2377 .attributeSyntax_oid = "2.5.5.9",
2378 .drsuapi_to_ldb = dsdb_syntax_INT32_drsuapi_to_ldb,
2379 .ldb_to_drsuapi = dsdb_syntax_INT32_ldb_to_drsuapi,
2380 .validate_ldb = dsdb_syntax_INT32_validate_ldb,
2381 .equality = "integerMatch",
2382 .comment = "Integer",
2383 .ldb_syntax = LDB_SYNTAX_SAMBA_INT32,
2384 .auto_normalise = true
2386 .name = "String(Octet)",
2387 .ldap_oid = LDB_SYNTAX_OCTET_STRING,
2389 .attributeSyntax_oid = "2.5.5.10",
2390 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2391 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2392 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2393 .equality = "octetStringMatch",
2394 .comment = "Octet String",
2396 .name = "String(Sid)",
2397 .ldap_oid = LDB_SYNTAX_OCTET_STRING,
2399 .attributeSyntax_oid = "2.5.5.17",
2400 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2401 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2402 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2403 .equality = "octetStringMatch",
2404 .comment = "Octet String - Security Identifier (SID)",
2405 .ldb_syntax = LDB_SYNTAX_SAMBA_SID
2407 .name = "String(Object-Identifier)",
2408 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.38",
2410 .attributeSyntax_oid = "2.5.5.2",
2411 .drsuapi_to_ldb = dsdb_syntax_OID_drsuapi_to_ldb,
2412 .ldb_to_drsuapi = dsdb_syntax_OID_ldb_to_drsuapi,
2413 .validate_ldb = dsdb_syntax_OID_validate_ldb,
2414 .equality = "caseIgnoreMatch", /* Would use "objectIdentifierMatch" but most are ldap attribute/class names */
2415 .comment = "OID String",
2416 .ldb_syntax = LDB_SYNTAX_DIRECTORY_STRING
2418 .name = "Enumeration",
2419 .ldap_oid = LDB_SYNTAX_INTEGER,
2421 .attributeSyntax_oid = "2.5.5.9",
2422 .drsuapi_to_ldb = dsdb_syntax_INT32_drsuapi_to_ldb,
2423 .ldb_to_drsuapi = dsdb_syntax_INT32_ldb_to_drsuapi,
2424 .validate_ldb = dsdb_syntax_INT32_validate_ldb,
2425 .ldb_syntax = LDB_SYNTAX_SAMBA_INT32,
2426 .auto_normalise = true
2428 /* not used in w2k3 forest */
2429 .name = "String(Numeric)",
2430 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.36",
2432 .attributeSyntax_oid = "2.5.5.6",
2433 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2434 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2435 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2436 .equality = "numericStringMatch",
2437 .substring = "numericStringSubstringsMatch",
2438 .comment = "Numeric String",
2439 .ldb_syntax = LDB_SYNTAX_DIRECTORY_STRING,
2441 .name = "String(Printable)",
2442 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.44",
2444 .attributeSyntax_oid = "2.5.5.5",
2445 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2446 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2447 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2448 .ldb_syntax = LDB_SYNTAX_OCTET_STRING,
2450 .name = "String(Teletex)",
2451 .ldap_oid = "1.2.840.113556.1.4.905",
2453 .attributeSyntax_oid = "2.5.5.4",
2454 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2455 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2456 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2457 .equality = "caseIgnoreMatch",
2458 .substring = "caseIgnoreSubstringsMatch",
2459 .comment = "Case Insensitive String",
2460 .ldb_syntax = LDB_SYNTAX_DIRECTORY_STRING,
2462 .name = "String(IA5)",
2463 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.26",
2465 .attributeSyntax_oid = "2.5.5.5",
2466 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2467 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2468 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2469 .equality = "caseExactIA5Match",
2470 .comment = "Printable String",
2471 .ldb_syntax = LDB_SYNTAX_OCTET_STRING,
2473 .name = "String(UTC-Time)",
2474 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.53",
2476 .attributeSyntax_oid = "2.5.5.11",
2477 .drsuapi_to_ldb = dsdb_syntax_NTTIME_UTC_drsuapi_to_ldb,
2478 .ldb_to_drsuapi = dsdb_syntax_NTTIME_UTC_ldb_to_drsuapi,
2479 .validate_ldb = dsdb_syntax_NTTIME_UTC_validate_ldb,
2480 .equality = "generalizedTimeMatch",
2481 .comment = "UTC Time",
2482 .auto_normalise = true
2484 .name = "String(Generalized-Time)",
2485 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.24",
2487 .attributeSyntax_oid = "2.5.5.11",
2488 .drsuapi_to_ldb = dsdb_syntax_NTTIME_drsuapi_to_ldb,
2489 .ldb_to_drsuapi = dsdb_syntax_NTTIME_ldb_to_drsuapi,
2490 .validate_ldb = dsdb_syntax_NTTIME_validate_ldb,
2491 .equality = "generalizedTimeMatch",
2492 .comment = "Generalized Time",
2493 .ldb_syntax = LDB_SYNTAX_UTC_TIME,
2494 .auto_normalise = true
2496 /* not used in w2k3 schema */
2497 .name = "String(Case Sensitive)",
2498 .ldap_oid = "1.2.840.113556.1.4.1362",
2500 .attributeSyntax_oid = "2.5.5.3",
2501 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2502 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2503 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2504 .equality = "caseExactMatch",
2505 .substring = "caseExactSubstringsMatch",
2506 /* TODO (kim): according to LDAP rfc we should be using same comparison
2507 * as Directory String (LDB_SYNTAX_DIRECTORY_STRING), but case sensitive.
2508 * But according to ms docs binary compare should do the job:
2509 * http://msdn.microsoft.com/en-us/library/cc223200(v=PROT.10).aspx */
2510 .ldb_syntax = LDB_SYNTAX_OCTET_STRING,
2512 .name = "String(Unicode)",
2513 .ldap_oid = LDB_SYNTAX_DIRECTORY_STRING,
2515 .attributeSyntax_oid = "2.5.5.12",
2516 .drsuapi_to_ldb = dsdb_syntax_UNICODE_drsuapi_to_ldb,
2517 .ldb_to_drsuapi = dsdb_syntax_UNICODE_ldb_to_drsuapi,
2518 .validate_ldb = dsdb_syntax_UNICODE_validate_ldb,
2519 .equality = "caseIgnoreMatch",
2520 .substring = "caseIgnoreSubstringsMatch",
2521 .comment = "Directory String",
2523 .name = "Interval/LargeInteger",
2524 .ldap_oid = "1.2.840.113556.1.4.906",
2526 .attributeSyntax_oid = "2.5.5.16",
2527 .drsuapi_to_ldb = dsdb_syntax_INT64_drsuapi_to_ldb,
2528 .ldb_to_drsuapi = dsdb_syntax_INT64_ldb_to_drsuapi,
2529 .validate_ldb = dsdb_syntax_INT64_validate_ldb,
2530 .equality = "integerMatch",
2531 .comment = "Large Integer",
2532 .ldb_syntax = LDB_SYNTAX_INTEGER,
2533 .auto_normalise = true
2535 .name = "String(NT-Sec-Desc)",
2536 .ldap_oid = LDB_SYNTAX_SAMBA_SECURITY_DESCRIPTOR,
2538 .attributeSyntax_oid = "2.5.5.15",
2539 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2540 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2541 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2543 .name = "Object(DS-DN)",
2544 .ldap_oid = LDB_SYNTAX_DN,
2546 .oMObjectClass = OMOBJECTCLASS("\x2b\x0c\x02\x87\x73\x1c\x00\x85\x4a"),
2547 .attributeSyntax_oid = "2.5.5.1",
2548 .drsuapi_to_ldb = dsdb_syntax_DN_drsuapi_to_ldb,
2549 .ldb_to_drsuapi = dsdb_syntax_DN_ldb_to_drsuapi,
2550 .validate_ldb = dsdb_syntax_DN_validate_ldb,
2551 .equality = "distinguishedNameMatch",
2552 .comment = "Object(DS-DN) == a DN",
2554 .name = "Object(DN-Binary)",
2555 .ldap_oid = DSDB_SYNTAX_BINARY_DN,
2557 .oMObjectClass = OMOBJECTCLASS("\x2a\x86\x48\x86\xf7\x14\x01\x01\x01\x0b"),
2558 .attributeSyntax_oid = "2.5.5.7",
2559 .drsuapi_to_ldb = dsdb_syntax_DN_BINARY_drsuapi_to_ldb,
2560 .ldb_to_drsuapi = dsdb_syntax_DN_BINARY_ldb_to_drsuapi,
2561 .validate_ldb = dsdb_syntax_DN_BINARY_validate_ldb,
2562 .equality = "octetStringMatch",
2563 .comment = "OctetString: Binary+DN",
2565 /* not used in w2k3 schema, but used in Exchange schema*/
2566 .name = "Object(OR-Name)",
2567 .ldap_oid = DSDB_SYNTAX_OR_NAME,
2569 .oMObjectClass = OMOBJECTCLASS("\x56\x06\x01\x02\x05\x0b\x1D"),
2570 .attributeSyntax_oid = "2.5.5.7",
2571 .drsuapi_to_ldb = dsdb_syntax_DN_BINARY_drsuapi_to_ldb,
2572 .ldb_to_drsuapi = dsdb_syntax_DN_BINARY_ldb_to_drsuapi,
2573 .validate_ldb = dsdb_syntax_DN_BINARY_validate_ldb,
2574 .equality = "caseIgnoreMatch",
2575 .ldb_syntax = LDB_SYNTAX_DN,
2578 * TODO: verify if DATA_BLOB is correct here...!
2580 * repsFrom and repsTo are the only attributes using
2581 * this attribute syntax, but they're not replicated...
2583 .name = "Object(Replica-Link)",
2584 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.40",
2586 .oMObjectClass = OMOBJECTCLASS("\x2a\x86\x48\x86\xf7\x14\x01\x01\x01\x06"),
2587 .attributeSyntax_oid = "2.5.5.10",
2588 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2589 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2590 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2592 .name = "Object(Presentation-Address)",
2593 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.43",
2595 .oMObjectClass = OMOBJECTCLASS("\x2b\x0c\x02\x87\x73\x1c\x00\x85\x5c"),
2596 .attributeSyntax_oid = "2.5.5.13",
2597 .drsuapi_to_ldb = dsdb_syntax_PRESENTATION_ADDRESS_drsuapi_to_ldb,
2598 .ldb_to_drsuapi = dsdb_syntax_PRESENTATION_ADDRESS_ldb_to_drsuapi,
2599 .validate_ldb = dsdb_syntax_PRESENTATION_ADDRESS_validate_ldb,
2600 .comment = "Presentation Address",
2601 .ldb_syntax = LDB_SYNTAX_DIRECTORY_STRING,
2603 /* not used in w2k3 schema */
2604 .name = "Object(Access-Point)",
2605 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.2",
2607 .oMObjectClass = OMOBJECTCLASS("\x2b\x0c\x02\x87\x73\x1c\x00\x85\x3e"),
2608 .attributeSyntax_oid = "2.5.5.14",
2609 .drsuapi_to_ldb = dsdb_syntax_FOOBAR_drsuapi_to_ldb,
2610 .ldb_to_drsuapi = dsdb_syntax_FOOBAR_ldb_to_drsuapi,
2611 .validate_ldb = dsdb_syntax_FOOBAR_validate_ldb,
2612 .ldb_syntax = LDB_SYNTAX_DIRECTORY_STRING,
2614 /* not used in w2k3 schema */
2615 .name = "Object(DN-String)",
2616 .ldap_oid = DSDB_SYNTAX_STRING_DN,
2618 .oMObjectClass = OMOBJECTCLASS("\x2a\x86\x48\x86\xf7\x14\x01\x01\x01\x0c"),
2619 .attributeSyntax_oid = "2.5.5.14",
2620 .drsuapi_to_ldb = dsdb_syntax_DN_STRING_drsuapi_to_ldb,
2621 .ldb_to_drsuapi = dsdb_syntax_DN_STRING_ldb_to_drsuapi,
2622 .validate_ldb = dsdb_syntax_DN_STRING_validate_ldb,
2623 .equality = "octetStringMatch",
2624 .comment = "OctetString: String+DN",
2628 const struct dsdb_syntax *find_syntax_map_by_ad_oid(const char *ad_oid)
2631 for (i=0; dsdb_syntaxes[i].ldap_oid; i++) {
2632 if (strcasecmp(ad_oid, dsdb_syntaxes[i].attributeSyntax_oid) == 0) {
2633 return &dsdb_syntaxes[i];
2639 const struct dsdb_syntax *find_syntax_map_by_ad_syntax(int oMSyntax)
2642 for (i=0; dsdb_syntaxes[i].ldap_oid; i++) {
2643 if (oMSyntax == dsdb_syntaxes[i].oMSyntax) {
2644 return &dsdb_syntaxes[i];
2650 const struct dsdb_syntax *find_syntax_map_by_standard_oid(const char *standard_oid)
2653 for (i=0; dsdb_syntaxes[i].ldap_oid; i++) {
2654 if (strcasecmp(standard_oid, dsdb_syntaxes[i].ldap_oid) == 0) {
2655 return &dsdb_syntaxes[i];
2661 const struct dsdb_syntax *dsdb_syntax_for_attribute(const struct dsdb_attribute *attr)
2665 for (i=0; i < ARRAY_SIZE(dsdb_syntaxes); i++) {
2666 if (attr->oMSyntax != dsdb_syntaxes[i].oMSyntax) continue;
2668 if (attr->oMObjectClass.length != dsdb_syntaxes[i].oMObjectClass.length) continue;
2670 if (attr->oMObjectClass.length) {
2672 ret = memcmp(attr->oMObjectClass.data,
2673 dsdb_syntaxes[i].oMObjectClass.data,
2674 attr->oMObjectClass.length);
2675 if (ret != 0) continue;
2678 if (strcmp(attr->attributeSyntax_oid, dsdb_syntaxes[i].attributeSyntax_oid) != 0) continue;
2680 return &dsdb_syntaxes[i];
2686 WERROR dsdb_attribute_drsuapi_to_ldb(struct ldb_context *ldb,
2687 const struct dsdb_schema *schema,
2688 const struct dsdb_schema_prefixmap *pfm_remote,
2689 const struct drsuapi_DsReplicaAttribute *in,
2690 TALLOC_CTX *mem_ctx,
2691 struct ldb_message_element *out)
2693 const struct dsdb_attribute *sa;
2694 struct dsdb_syntax_ctx syntax_ctx;
2695 uint32_t attid_local;
2697 /* use default syntax conversion context */
2698 dsdb_syntax_ctx_init(&syntax_ctx, ldb, schema);
2699 syntax_ctx.pfm_remote = pfm_remote;
2701 switch (dsdb_pfm_get_attid_type(in->attid)) {
2702 case DSDB_ATTID_TYPE_PFM:
2703 /* map remote ATTID to local ATTID */
2704 if (!dsdb_syntax_attid_from_remote_attid(&syntax_ctx, mem_ctx, in->attid, &attid_local)) {
2705 DEBUG(0,(__location__ ": Can't find local ATTID for 0x%08X\n",
2710 case DSDB_ATTID_TYPE_INTID:
2711 /* use IntId value directly */
2712 attid_local = in->attid;
2715 /* we should never get here */
2716 DEBUG(0,(__location__ ": Invalid ATTID type passed for conversion - 0x%08X\n",
2718 return WERR_INVALID_PARAMETER;
2721 sa = dsdb_attribute_by_attributeID_id(schema, attid_local);
2723 DEBUG(1,(__location__ ": Unknown attributeID_id 0x%08X\n", in->attid));
2727 return sa->syntax->drsuapi_to_ldb(&syntax_ctx, sa, in, mem_ctx, out);
2730 WERROR dsdb_attribute_ldb_to_drsuapi(struct ldb_context *ldb,
2731 const struct dsdb_schema *schema,
2732 const struct ldb_message_element *in,
2733 TALLOC_CTX *mem_ctx,
2734 struct drsuapi_DsReplicaAttribute *out)
2736 const struct dsdb_attribute *sa;
2737 struct dsdb_syntax_ctx syntax_ctx;
2739 sa = dsdb_attribute_by_lDAPDisplayName(schema, in->name);
2744 /* use default syntax conversion context */
2745 dsdb_syntax_ctx_init(&syntax_ctx, ldb, schema);
2747 return sa->syntax->ldb_to_drsuapi(&syntax_ctx, sa, in, mem_ctx, out);
git.samba.org / obnox / samba / samba-obnox.git / blob