2 Unix SMB/CIFS mplementation.
5 Copyright (C) Stefan Metzmacher <metze@samba.org> 2006
6 Copyright (C) Simo Sorce 2005
7 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2008
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #include "dsdb/samdb/samdb.h"
25 #include "librpc/gen_ndr/ndr_drsuapi.h"
26 #include "librpc/gen_ndr/ndr_security.h"
27 #include "librpc/gen_ndr/ndr_misc.h"
29 #include <ldb_errors.h>
30 #include "system/time.h"
31 #include "../lib/util/charset/charset.h"
32 #include "librpc/ndr/libndr.h"
33 #include "../lib/util/asn1.h"
36 * Initialize dsdb_syntax_ctx with default values
39 void dsdb_syntax_ctx_init(struct dsdb_syntax_ctx *ctx,
40 struct ldb_context *ldb,
41 const struct dsdb_schema *schema)
47 * 'true' will keep current behavior,
48 * i.e. attributeID_id will be returned by default
50 ctx->is_schema_nc = true;
52 ctx->pfm_remote = NULL;
57 * Returns ATTID for DRS attribute.
59 * ATTID depends on whether we are replicating
60 * Schema NC or msDs-IntId is set for schemaAttribute
63 uint32_t dsdb_attribute_get_attid(const struct dsdb_attribute *attr,
66 if (!for_schema_nc && attr->msDS_IntId) {
67 return attr->msDS_IntId;
70 return attr->attributeID_id;
74 * Map an ATTID from remote DC to a local ATTID
75 * using remote prefixMap
77 static bool dsdb_syntax_attid_from_remote_attid(const struct dsdb_syntax_ctx *ctx,
86 * map remote ATTID to local directly in case
87 * of no remote prefixMap (during provision for instance)
89 if (!ctx->pfm_remote) {
90 *id_local = id_remote;
94 werr = dsdb_schema_pfm_oid_from_attid(ctx->pfm_remote, id_remote, mem_ctx, &oid);
95 if (!W_ERROR_IS_OK(werr)) {
96 DEBUG(0,("ATTID->OID failed (%s) for: 0x%08X\n", win_errstr(werr), id_remote));
100 werr = dsdb_schema_pfm_make_attid(ctx->schema->prefixmap, oid, id_local);
101 if (!W_ERROR_IS_OK(werr)) {
102 DEBUG(0,("OID->ATTID failed (%s) for: %s\n", win_errstr(werr), oid));
109 static WERROR dsdb_syntax_FOOBAR_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
110 const struct dsdb_attribute *attr,
111 const struct drsuapi_DsReplicaAttribute *in,
113 struct ldb_message_element *out)
118 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
119 W_ERROR_HAVE_NO_MEMORY(out->name);
121 out->num_values = in->value_ctr.num_values;
122 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
123 W_ERROR_HAVE_NO_MEMORY(out->values);
125 for (i=0; i < out->num_values; i++) {
128 if (in->value_ctr.values[i].blob == NULL) {
132 str = talloc_asprintf(out->values, "%s: not implemented",
134 W_ERROR_HAVE_NO_MEMORY(str);
136 out->values[i] = data_blob_string_const(str);
142 static WERROR dsdb_syntax_FOOBAR_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
143 const struct dsdb_attribute *attr,
144 const struct ldb_message_element *in,
146 struct drsuapi_DsReplicaAttribute *out)
151 static WERROR dsdb_syntax_FOOBAR_validate_ldb(const struct dsdb_syntax_ctx *ctx,
152 const struct dsdb_attribute *attr,
153 const struct ldb_message_element *in)
158 static WERROR dsdb_syntax_BOOL_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
159 const struct dsdb_attribute *attr,
160 const struct drsuapi_DsReplicaAttribute *in,
162 struct ldb_message_element *out)
167 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
168 W_ERROR_HAVE_NO_MEMORY(out->name);
170 out->num_values = in->value_ctr.num_values;
171 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
172 W_ERROR_HAVE_NO_MEMORY(out->values);
174 for (i=0; i < out->num_values; i++) {
178 if (in->value_ctr.values[i].blob == NULL) {
182 if (in->value_ctr.values[i].blob->length != 4) {
186 v = IVAL(in->value_ctr.values[i].blob->data, 0);
189 str = talloc_strdup(out->values, "TRUE");
190 W_ERROR_HAVE_NO_MEMORY(str);
192 str = talloc_strdup(out->values, "FALSE");
193 W_ERROR_HAVE_NO_MEMORY(str);
196 out->values[i] = data_blob_string_const(str);
202 static WERROR dsdb_syntax_BOOL_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
203 const struct dsdb_attribute *attr,
204 const struct ldb_message_element *in,
206 struct drsuapi_DsReplicaAttribute *out)
211 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
212 return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
215 out->attid = dsdb_attribute_get_attid(attr,
217 out->value_ctr.num_values = in->num_values;
218 out->value_ctr.values = talloc_array(mem_ctx,
219 struct drsuapi_DsAttributeValue,
221 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
223 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
224 W_ERROR_HAVE_NO_MEMORY(blobs);
226 for (i=0; i < in->num_values; i++) {
227 out->value_ctr.values[i].blob = &blobs[i];
229 blobs[i] = data_blob_talloc(blobs, NULL, 4);
230 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
232 if (in->values[i].length >= 4 &&
233 strncmp("TRUE", (const char *)in->values[i].data, in->values[i].length) == 0) {
234 SIVAL(blobs[i].data, 0, 0x00000001);
235 } else if (in->values[i].length >= 5 &&
236 strncmp("FALSE", (const char *)in->values[i].data, in->values[i].length) == 0) {
237 SIVAL(blobs[i].data, 0, 0x00000000);
246 static WERROR dsdb_syntax_BOOL_validate_ldb(const struct dsdb_syntax_ctx *ctx,
247 const struct dsdb_attribute *attr,
248 const struct ldb_message_element *in)
252 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
253 return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
256 for (i=0; i < in->num_values; i++) {
257 if (in->values[i].length == 0) {
258 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
261 if (in->values[i].length >= 4 &&
263 (const char *)in->values[i].data,
264 in->values[i].length) == 0) {
267 if (in->values[i].length >= 5 &&
269 (const char *)in->values[i].data,
270 in->values[i].length) == 0) {
273 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
279 static WERROR dsdb_syntax_INT32_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
280 const struct dsdb_attribute *attr,
281 const struct drsuapi_DsReplicaAttribute *in,
283 struct ldb_message_element *out)
288 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
289 W_ERROR_HAVE_NO_MEMORY(out->name);
291 out->num_values = in->value_ctr.num_values;
292 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
293 W_ERROR_HAVE_NO_MEMORY(out->values);
295 for (i=0; i < out->num_values; i++) {
299 if (in->value_ctr.values[i].blob == NULL) {
303 if (in->value_ctr.values[i].blob->length != 4) {
307 v = IVALS(in->value_ctr.values[i].blob->data, 0);
309 str = talloc_asprintf(out->values, "%d", v);
310 W_ERROR_HAVE_NO_MEMORY(str);
312 out->values[i] = data_blob_string_const(str);
318 static WERROR dsdb_syntax_INT32_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
319 const struct dsdb_attribute *attr,
320 const struct ldb_message_element *in,
322 struct drsuapi_DsReplicaAttribute *out)
327 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
328 return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
331 out->attid = dsdb_attribute_get_attid(attr,
333 out->value_ctr.num_values = in->num_values;
334 out->value_ctr.values = talloc_array(mem_ctx,
335 struct drsuapi_DsAttributeValue,
337 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
339 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
340 W_ERROR_HAVE_NO_MEMORY(blobs);
342 for (i=0; i < in->num_values; i++) {
345 out->value_ctr.values[i].blob = &blobs[i];
347 blobs[i] = data_blob_talloc(blobs, NULL, 4);
348 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
350 /* We've to use "strtoll" here to have the intended overflows.
351 * Otherwise we may get "LONG_MAX" and the conversion is wrong. */
352 v = (int32_t) strtoll((char *)in->values[i].data, NULL, 0);
354 SIVALS(blobs[i].data, 0, v);
360 static WERROR dsdb_syntax_INT32_validate_ldb(const struct dsdb_syntax_ctx *ctx,
361 const struct dsdb_attribute *attr,
362 const struct ldb_message_element *in)
366 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
367 return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
370 for (i=0; i < in->num_values; i++) {
372 char buf[sizeof("-2147483648")];
376 if (in->values[i].length >= sizeof(buf)) {
377 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
380 memcpy(buf, in->values[i].data, in->values[i].length);
382 v = strtol(buf, &end, 10);
384 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
386 if (end && end[0] != '\0') {
387 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
390 if (attr->rangeLower) {
391 if ((int32_t)v < (int32_t)*attr->rangeLower) {
392 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
396 if (attr->rangeUpper) {
397 if ((int32_t)v > (int32_t)*attr->rangeUpper) {
398 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
406 static WERROR dsdb_syntax_INT64_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
407 const struct dsdb_attribute *attr,
408 const struct drsuapi_DsReplicaAttribute *in,
410 struct ldb_message_element *out)
415 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
416 W_ERROR_HAVE_NO_MEMORY(out->name);
418 out->num_values = in->value_ctr.num_values;
419 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
420 W_ERROR_HAVE_NO_MEMORY(out->values);
422 for (i=0; i < out->num_values; i++) {
426 if (in->value_ctr.values[i].blob == NULL) {
430 if (in->value_ctr.values[i].blob->length != 8) {
434 v = BVALS(in->value_ctr.values[i].blob->data, 0);
436 str = talloc_asprintf(out->values, "%lld", (long long int)v);
437 W_ERROR_HAVE_NO_MEMORY(str);
439 out->values[i] = data_blob_string_const(str);
445 static WERROR dsdb_syntax_INT64_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
446 const struct dsdb_attribute *attr,
447 const struct ldb_message_element *in,
449 struct drsuapi_DsReplicaAttribute *out)
454 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
455 return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
458 out->attid = dsdb_attribute_get_attid(attr,
460 out->value_ctr.num_values = in->num_values;
461 out->value_ctr.values = talloc_array(mem_ctx,
462 struct drsuapi_DsAttributeValue,
464 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
466 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
467 W_ERROR_HAVE_NO_MEMORY(blobs);
469 for (i=0; i < in->num_values; i++) {
472 out->value_ctr.values[i].blob = &blobs[i];
474 blobs[i] = data_blob_talloc(blobs, NULL, 8);
475 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
477 v = strtoll((const char *)in->values[i].data, NULL, 10);
479 SBVALS(blobs[i].data, 0, v);
485 static WERROR dsdb_syntax_INT64_validate_ldb(const struct dsdb_syntax_ctx *ctx,
486 const struct dsdb_attribute *attr,
487 const struct ldb_message_element *in)
491 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
492 return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
495 for (i=0; i < in->num_values; i++) {
497 char buf[sizeof("-9223372036854775808")];
501 if (in->values[i].length >= sizeof(buf)) {
502 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
504 memcpy(buf, in->values[i].data, in->values[i].length);
507 v = strtoll(buf, &end, 10);
509 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
511 if (end && end[0] != '\0') {
512 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
515 if (attr->rangeLower) {
516 if ((int64_t)v < (int64_t)*attr->rangeLower) {
517 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
521 if (attr->rangeUpper) {
522 if ((int64_t)v > (int64_t)*attr->rangeUpper) {
523 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
530 static WERROR dsdb_syntax_NTTIME_UTC_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
531 const struct dsdb_attribute *attr,
532 const struct drsuapi_DsReplicaAttribute *in,
534 struct ldb_message_element *out)
539 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
540 W_ERROR_HAVE_NO_MEMORY(out->name);
542 out->num_values = in->value_ctr.num_values;
543 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
544 W_ERROR_HAVE_NO_MEMORY(out->values);
546 for (i=0; i < out->num_values; i++) {
551 if (in->value_ctr.values[i].blob == NULL) {
555 if (in->value_ctr.values[i].blob->length != 8) {
559 v = BVAL(in->value_ctr.values[i].blob->data, 0);
561 /* special case for 1601 zero timestamp */
562 out->values[i] = data_blob_string_const("16010101000000.0Z");
566 t = nt_time_to_unix(v);
569 * NOTE: On a w2k3 server you can set a GeneralizedTime string
570 * via LDAP, but you get back an UTCTime string,
571 * but via DRSUAPI you get back the NTTIME_1sec value
572 * that represents the GeneralizedTime value!
574 * So if we store the UTCTime string in our ldb
575 * we'll loose information!
577 str = ldb_timestring_utc(out->values, t);
578 W_ERROR_HAVE_NO_MEMORY(str);
579 out->values[i] = data_blob_string_const(str);
585 static WERROR dsdb_syntax_NTTIME_UTC_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
586 const struct dsdb_attribute *attr,
587 const struct ldb_message_element *in,
589 struct drsuapi_DsReplicaAttribute *out)
594 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
595 return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
598 out->attid = dsdb_attribute_get_attid(attr,
600 out->value_ctr.num_values = in->num_values;
601 out->value_ctr.values = talloc_array(mem_ctx,
602 struct drsuapi_DsAttributeValue,
604 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
606 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
607 W_ERROR_HAVE_NO_MEMORY(blobs);
609 for (i=0; i < in->num_values; i++) {
613 out->value_ctr.values[i].blob = &blobs[i];
615 blobs[i] = data_blob_talloc(blobs, NULL, 8);
616 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
618 if (ldb_val_string_cmp(&in->values[i], "16010101000000.0Z") == 0) {
619 SBVALS(blobs[i].data, 0, 0);
623 t = ldb_string_utc_to_time((const char *)in->values[i].data);
624 unix_to_nt_time(&v, t);
627 SBVAL(blobs[i].data, 0, v);
633 static WERROR dsdb_syntax_NTTIME_UTC_validate_ldb(const struct dsdb_syntax_ctx *ctx,
634 const struct dsdb_attribute *attr,
635 const struct ldb_message_element *in)
639 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
640 return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
643 for (i=0; i < in->num_values; i++) {
645 char buf[sizeof("090826075717Z")];
648 if (in->values[i].length >= sizeof(buf)) {
649 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
651 memcpy(buf, in->values[i].data, in->values[i].length);
653 t = ldb_string_utc_to_time(buf);
655 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
658 if (attr->rangeLower) {
659 if ((int32_t)t < (int32_t)*attr->rangeLower) {
660 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
664 if (attr->rangeUpper) {
665 if ((int32_t)t > (int32_t)*attr->rangeLower) {
666 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
671 * TODO: verify the comment in the
672 * dsdb_syntax_NTTIME_UTC_drsuapi_to_ldb() function!
679 static WERROR dsdb_syntax_NTTIME_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
680 const struct dsdb_attribute *attr,
681 const struct drsuapi_DsReplicaAttribute *in,
683 struct ldb_message_element *out)
688 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
689 W_ERROR_HAVE_NO_MEMORY(out->name);
691 out->num_values = in->value_ctr.num_values;
692 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
693 W_ERROR_HAVE_NO_MEMORY(out->values);
695 for (i=0; i < out->num_values; i++) {
700 if (in->value_ctr.values[i].blob == NULL) {
704 if (in->value_ctr.values[i].blob->length != 8) {
708 v = BVAL(in->value_ctr.values[i].blob->data, 0);
710 /* special case for 1601 zero timestamp */
711 out->values[i] = data_blob_string_const("16010101000000.0Z");
715 t = nt_time_to_unix(v);
717 str = ldb_timestring(out->values, t);
718 W_ERROR_HAVE_NO_MEMORY(str);
720 out->values[i] = data_blob_string_const(str);
726 static WERROR dsdb_syntax_NTTIME_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
727 const struct dsdb_attribute *attr,
728 const struct ldb_message_element *in,
730 struct drsuapi_DsReplicaAttribute *out)
735 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
736 return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
739 out->attid = dsdb_attribute_get_attid(attr,
741 out->value_ctr.num_values = in->num_values;
742 out->value_ctr.values = talloc_array(mem_ctx,
743 struct drsuapi_DsAttributeValue,
745 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
747 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
748 W_ERROR_HAVE_NO_MEMORY(blobs);
750 for (i=0; i < in->num_values; i++) {
755 out->value_ctr.values[i].blob = &blobs[i];
757 blobs[i] = data_blob_talloc(blobs, NULL, 8);
758 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
760 if (ldb_val_string_cmp(&in->values[i], "16010101000000.0Z") == 0) {
761 SBVALS(blobs[i].data, 0, 0);
765 ret = ldb_val_to_time(&in->values[i], &t);
766 if (ret != LDB_SUCCESS) {
767 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
769 unix_to_nt_time(&v, t);
772 SBVAL(blobs[i].data, 0, v);
778 static WERROR dsdb_syntax_NTTIME_validate_ldb(const struct dsdb_syntax_ctx *ctx,
779 const struct dsdb_attribute *attr,
780 const struct ldb_message_element *in)
784 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
785 return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
788 for (i=0; i < in->num_values; i++) {
792 ret = ldb_val_to_time(&in->values[i], &t);
793 if (ret != LDB_SUCCESS) {
794 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
797 if (attr->rangeLower) {
798 if ((int32_t)t < (int32_t)*attr->rangeLower) {
799 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
803 if (attr->rangeUpper) {
804 if ((int32_t)t > (int32_t)*attr->rangeLower) {
805 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
813 static WERROR dsdb_syntax_DATA_BLOB_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
814 const struct dsdb_attribute *attr,
815 const struct drsuapi_DsReplicaAttribute *in,
817 struct ldb_message_element *out)
822 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
823 W_ERROR_HAVE_NO_MEMORY(out->name);
825 out->num_values = in->value_ctr.num_values;
826 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
827 W_ERROR_HAVE_NO_MEMORY(out->values);
829 for (i=0; i < out->num_values; i++) {
830 if (in->value_ctr.values[i].blob == NULL) {
834 if (in->value_ctr.values[i].blob->length == 0) {
838 out->values[i] = data_blob_dup_talloc(out->values,
839 *in->value_ctr.values[i].blob);
840 W_ERROR_HAVE_NO_MEMORY(out->values[i].data);
846 static WERROR dsdb_syntax_DATA_BLOB_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
847 const struct dsdb_attribute *attr,
848 const struct ldb_message_element *in,
850 struct drsuapi_DsReplicaAttribute *out)
855 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
856 return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
859 out->attid = dsdb_attribute_get_attid(attr,
861 out->value_ctr.num_values = in->num_values;
862 out->value_ctr.values = talloc_array(mem_ctx,
863 struct drsuapi_DsAttributeValue,
865 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
867 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
868 W_ERROR_HAVE_NO_MEMORY(blobs);
870 for (i=0; i < in->num_values; i++) {
871 out->value_ctr.values[i].blob = &blobs[i];
873 blobs[i] = data_blob_dup_talloc(blobs, in->values[i]);
874 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
880 static WERROR dsdb_syntax_DATA_BLOB_validate_one_val(const struct dsdb_syntax_ctx *ctx,
881 const struct dsdb_attribute *attr,
882 const struct ldb_val *val)
884 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
885 return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
888 if (attr->rangeLower) {
889 if ((uint32_t)val->length < (uint32_t)*attr->rangeLower) {
890 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
894 if (attr->rangeUpper) {
895 if ((uint32_t)val->length > (uint32_t)*attr->rangeUpper) {
896 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
903 static WERROR dsdb_syntax_DATA_BLOB_validate_ldb(const struct dsdb_syntax_ctx *ctx,
904 const struct dsdb_attribute *attr,
905 const struct ldb_message_element *in)
910 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
911 return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
914 for (i=0; i < in->num_values; i++) {
915 if (in->values[i].length == 0) {
916 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
919 status = dsdb_syntax_DATA_BLOB_validate_one_val(ctx,
922 if (!W_ERROR_IS_OK(status)) {
930 static WERROR _dsdb_syntax_auto_OID_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
931 const struct dsdb_attribute *attr,
932 const struct drsuapi_DsReplicaAttribute *in,
934 struct ldb_message_element *out)
939 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
940 W_ERROR_HAVE_NO_MEMORY(out->name);
942 out->num_values = in->value_ctr.num_values;
943 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
944 W_ERROR_HAVE_NO_MEMORY(out->values);
946 for (i=0; i < out->num_values; i++) {
948 const struct dsdb_class *c;
949 const struct dsdb_attribute *a;
950 const char *str = NULL;
952 if (in->value_ctr.values[i].blob == NULL) {
956 if (in->value_ctr.values[i].blob->length != 4) {
960 v = IVAL(in->value_ctr.values[i].blob->data, 0);
962 if ((c = dsdb_class_by_governsID_id(ctx->schema, v))) {
963 str = talloc_strdup(out->values, c->lDAPDisplayName);
964 } else if ((a = dsdb_attribute_by_attributeID_id(ctx->schema, v))) {
965 str = talloc_strdup(out->values, a->lDAPDisplayName);
968 SMB_ASSERT(ctx->pfm_remote);
969 werr = dsdb_schema_pfm_oid_from_attid(ctx->pfm_remote, v,
971 W_ERROR_NOT_OK_RETURN(werr);
973 W_ERROR_HAVE_NO_MEMORY(str);
975 /* the values need to be reversed */
976 out->values[out->num_values - (i + 1)] = data_blob_string_const(str);
982 static WERROR _dsdb_syntax_OID_obj_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
983 const struct dsdb_attribute *attr,
984 const struct drsuapi_DsReplicaAttribute *in,
986 struct ldb_message_element *out)
991 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
992 W_ERROR_HAVE_NO_MEMORY(out->name);
994 out->num_values = in->value_ctr.num_values;
995 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
996 W_ERROR_HAVE_NO_MEMORY(out->values);
998 for (i=0; i < out->num_values; i++) {
1000 const struct dsdb_class *c;
1003 if (in->value_ctr.values[i].blob == NULL) {
1007 if (in->value_ctr.values[i].blob->length != 4) {
1011 v = IVAL(in->value_ctr.values[i].blob->data, 0);
1013 /* convert remote ATTID to local ATTID */
1014 if (!dsdb_syntax_attid_from_remote_attid(ctx, mem_ctx, v, &v)) {
1015 DEBUG(1,(__location__ ": Failed to map remote ATTID to local ATTID!\n"));
1019 c = dsdb_class_by_governsID_id(ctx->schema, v);
1021 DEBUG(1,(__location__ ": Unknown governsID 0x%08X\n", v));
1025 str = talloc_strdup(out->values, c->lDAPDisplayName);
1026 W_ERROR_HAVE_NO_MEMORY(str);
1028 /* the values need to be reversed */
1029 out->values[out->num_values - (i + 1)] = data_blob_string_const(str);
1035 static WERROR _dsdb_syntax_OID_attr_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
1036 const struct dsdb_attribute *attr,
1037 const struct drsuapi_DsReplicaAttribute *in,
1038 TALLOC_CTX *mem_ctx,
1039 struct ldb_message_element *out)
1044 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
1045 W_ERROR_HAVE_NO_MEMORY(out->name);
1047 out->num_values = in->value_ctr.num_values;
1048 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
1049 W_ERROR_HAVE_NO_MEMORY(out->values);
1051 for (i=0; i < out->num_values; i++) {
1053 const struct dsdb_attribute *a;
1056 if (in->value_ctr.values[i].blob == NULL) {
1057 DEBUG(0, ("Attribute has no value\n"));
1061 if (in->value_ctr.values[i].blob->length != 4) {
1062 DEBUG(0, ("Attribute has a value with 0 length\n"));
1066 v = IVAL(in->value_ctr.values[i].blob->data, 0);
1068 /* convert remote ATTID to local ATTID */
1069 if (!dsdb_syntax_attid_from_remote_attid(ctx, mem_ctx, v, &v)) {
1070 DEBUG(1,(__location__ ": Failed to map remote ATTID to local ATTID!\n"));
1074 a = dsdb_attribute_by_attributeID_id(ctx->schema, v);
1076 DEBUG(1,(__location__ ": Unknown attributeID_id 0x%08X\n", v));
1080 str = talloc_strdup(out->values, a->lDAPDisplayName);
1081 W_ERROR_HAVE_NO_MEMORY(str);
1083 /* the values need to be reversed */
1084 out->values[out->num_values - (i + 1)] = data_blob_string_const(str);
1090 static WERROR _dsdb_syntax_OID_oid_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
1091 const struct dsdb_attribute *attr,
1092 const struct drsuapi_DsReplicaAttribute *in,
1093 TALLOC_CTX *mem_ctx,
1094 struct ldb_message_element *out)
1097 const struct dsdb_schema_prefixmap *prefixmap;
1099 if (ctx->pfm_remote != NULL) {
1100 prefixmap = ctx->pfm_remote;
1102 prefixmap = ctx->schema->prefixmap;
1104 SMB_ASSERT(prefixmap);
1107 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
1108 W_ERROR_HAVE_NO_MEMORY(out->name);
1110 out->num_values = in->value_ctr.num_values;
1111 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
1112 W_ERROR_HAVE_NO_MEMORY(out->values);
1114 for (i=0; i < out->num_values; i++) {
1119 if (in->value_ctr.values[i].blob == NULL) {
1123 if (in->value_ctr.values[i].blob->length != 4) {
1127 attid = IVAL(in->value_ctr.values[i].blob->data, 0);
1129 status = dsdb_schema_pfm_oid_from_attid(prefixmap, attid,
1131 if (!W_ERROR_IS_OK(status)) {
1132 DEBUG(0,(__location__ ": Error: Unknown ATTID 0x%08X\n",
1137 out->values[i] = data_blob_string_const(oid);
1143 static WERROR _dsdb_syntax_auto_OID_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
1144 const struct dsdb_attribute *attr,
1145 const struct ldb_message_element *in,
1146 TALLOC_CTX *mem_ctx,
1147 struct drsuapi_DsReplicaAttribute *out)
1152 out->attid= dsdb_attribute_get_attid(attr,
1154 out->value_ctr.num_values= in->num_values;
1155 out->value_ctr.values= talloc_array(mem_ctx,
1156 struct drsuapi_DsAttributeValue,
1158 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
1160 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
1161 W_ERROR_HAVE_NO_MEMORY(blobs);
1163 for (i=0; i < in->num_values; i++) {
1164 const struct dsdb_class *obj_class;
1165 const struct dsdb_attribute *obj_attr;
1168 out->value_ctr.values[i].blob= &blobs[i];
1170 blobs[i] = data_blob_talloc(blobs, NULL, 4);
1171 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
1173 /* in DRS windows puts the classes in the opposite
1174 order to the order used in ldap */
1175 v = &in->values[(in->num_values-1)-i];
1177 if ((obj_class = dsdb_class_by_lDAPDisplayName_ldb_val(ctx->schema, v))) {
1178 SIVAL(blobs[i].data, 0, obj_class->governsID_id);
1179 } else if ((obj_attr = dsdb_attribute_by_lDAPDisplayName_ldb_val(ctx->schema, v))) {
1180 SIVAL(blobs[i].data, 0, obj_attr->attributeID_id);
1184 werr = dsdb_schema_pfm_attid_from_oid(ctx->schema->prefixmap,
1185 (const char *)v->data,
1187 W_ERROR_NOT_OK_RETURN(werr);
1188 SIVAL(blobs[i].data, 0, attid);
1197 static WERROR _dsdb_syntax_OID_obj_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
1198 const struct dsdb_attribute *attr,
1199 const struct ldb_message_element *in,
1200 TALLOC_CTX *mem_ctx,
1201 struct drsuapi_DsReplicaAttribute *out)
1206 out->attid= dsdb_attribute_get_attid(attr,
1208 out->value_ctr.num_values= in->num_values;
1209 out->value_ctr.values= talloc_array(mem_ctx,
1210 struct drsuapi_DsAttributeValue,
1212 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
1214 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
1215 W_ERROR_HAVE_NO_MEMORY(blobs);
1217 for (i=0; i < in->num_values; i++) {
1218 const struct dsdb_class *obj_class;
1220 out->value_ctr.values[i].blob= &blobs[i];
1222 blobs[i] = data_blob_talloc(blobs, NULL, 4);
1223 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
1225 /* in DRS windows puts the classes in the opposite
1226 order to the order used in ldap */
1227 obj_class = dsdb_class_by_lDAPDisplayName(ctx->schema,
1228 (const char *)in->values[(in->num_values-1)-i].data);
1232 SIVAL(blobs[i].data, 0, obj_class->governsID_id);
1239 static WERROR _dsdb_syntax_OID_attr_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
1240 const struct dsdb_attribute *attr,
1241 const struct ldb_message_element *in,
1242 TALLOC_CTX *mem_ctx,
1243 struct drsuapi_DsReplicaAttribute *out)
1248 out->attid= dsdb_attribute_get_attid(attr,
1250 out->value_ctr.num_values= in->num_values;
1251 out->value_ctr.values= talloc_array(mem_ctx,
1252 struct drsuapi_DsAttributeValue,
1254 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
1256 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
1257 W_ERROR_HAVE_NO_MEMORY(blobs);
1259 for (i=0; i < in->num_values; i++) {
1260 const struct dsdb_attribute *obj_attr;
1262 out->value_ctr.values[i].blob= &blobs[i];
1264 blobs[i] = data_blob_talloc(blobs, NULL, 4);
1265 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
1267 obj_attr = dsdb_attribute_by_lDAPDisplayName(ctx->schema, (const char *)in->values[i].data);
1269 DEBUG(0, ("Unable to find attribute %s in the schema\n", (const char *)in->values[i].data));
1272 SIVAL(blobs[i].data, 0, obj_attr->attributeID_id);
1279 static WERROR _dsdb_syntax_OID_oid_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
1280 const struct dsdb_attribute *attr,
1281 const struct ldb_message_element *in,
1282 TALLOC_CTX *mem_ctx,
1283 struct drsuapi_DsReplicaAttribute *out)
1288 out->attid= dsdb_attribute_get_attid(attr,
1290 out->value_ctr.num_values= in->num_values;
1291 out->value_ctr.values= talloc_array(mem_ctx,
1292 struct drsuapi_DsAttributeValue,
1294 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
1296 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
1297 W_ERROR_HAVE_NO_MEMORY(blobs);
1299 for (i=0; i < in->num_values; i++) {
1303 out->value_ctr.values[i].blob= &blobs[i];
1305 blobs[i] = data_blob_talloc(blobs, NULL, 4);
1306 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
1308 status = dsdb_schema_pfm_attid_from_oid(ctx->schema->prefixmap,
1309 (const char *)in->values[i].data,
1311 W_ERROR_NOT_OK_RETURN(status);
1313 SIVAL(blobs[i].data, 0, attid);
1319 static WERROR dsdb_syntax_OID_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
1320 const struct dsdb_attribute *attr,
1321 const struct drsuapi_DsReplicaAttribute *in,
1322 TALLOC_CTX *mem_ctx,
1323 struct ldb_message_element *out)
1327 switch (attr->attributeID_id) {
1328 case DRSUAPI_ATTID_objectClass:
1329 case DRSUAPI_ATTID_subClassOf:
1330 case DRSUAPI_ATTID_auxiliaryClass:
1331 case DRSUAPI_ATTID_systemAuxiliaryClass:
1332 case DRSUAPI_ATTID_systemPossSuperiors:
1333 case DRSUAPI_ATTID_possSuperiors:
1334 werr = _dsdb_syntax_OID_obj_drsuapi_to_ldb(ctx, attr, in, mem_ctx, out);
1336 case DRSUAPI_ATTID_systemMustContain:
1337 case DRSUAPI_ATTID_systemMayContain:
1338 case DRSUAPI_ATTID_mustContain:
1339 case DRSUAPI_ATTID_rDNAttId:
1340 case DRSUAPI_ATTID_transportAddressAttribute:
1341 case DRSUAPI_ATTID_mayContain:
1342 werr = _dsdb_syntax_OID_attr_drsuapi_to_ldb(ctx, attr, in, mem_ctx, out);
1344 case DRSUAPI_ATTID_governsID:
1345 case DRSUAPI_ATTID_attributeID:
1346 case DRSUAPI_ATTID_attributeSyntax:
1347 werr = _dsdb_syntax_OID_oid_drsuapi_to_ldb(ctx, attr, in, mem_ctx, out);
1350 DEBUG(0,(__location__ ": Unknown handling for attributeID_id for %s\n",
1351 attr->lDAPDisplayName));
1352 return _dsdb_syntax_auto_OID_drsuapi_to_ldb(ctx, attr, in, mem_ctx, out);
1355 /* When we are doing the vampire of a schema, we don't want
1356 * the inability to reference an OID to get in the way.
1357 * Otherwise, we won't get the new schema with which to
1358 * understand this */
1359 if (!W_ERROR_IS_OK(werr) && ctx->schema->relax_OID_conversions) {
1360 return _dsdb_syntax_OID_oid_drsuapi_to_ldb(ctx, attr, in, mem_ctx, out);
1365 static WERROR dsdb_syntax_OID_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
1366 const struct dsdb_attribute *attr,
1367 const struct ldb_message_element *in,
1368 TALLOC_CTX *mem_ctx,
1369 struct drsuapi_DsReplicaAttribute *out)
1371 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
1372 return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
1375 switch (attr->attributeID_id) {
1376 case DRSUAPI_ATTID_objectClass:
1377 case DRSUAPI_ATTID_subClassOf:
1378 case DRSUAPI_ATTID_auxiliaryClass:
1379 case DRSUAPI_ATTID_systemAuxiliaryClass:
1380 case DRSUAPI_ATTID_systemPossSuperiors:
1381 case DRSUAPI_ATTID_possSuperiors:
1382 return _dsdb_syntax_OID_obj_ldb_to_drsuapi(ctx, attr, in, mem_ctx, out);
1383 case DRSUAPI_ATTID_systemMustContain:
1384 case DRSUAPI_ATTID_systemMayContain:
1385 case DRSUAPI_ATTID_mustContain:
1386 case DRSUAPI_ATTID_rDNAttId:
1387 case DRSUAPI_ATTID_transportAddressAttribute:
1388 case DRSUAPI_ATTID_mayContain:
1389 return _dsdb_syntax_OID_attr_ldb_to_drsuapi(ctx, attr, in, mem_ctx, out);
1390 case DRSUAPI_ATTID_governsID:
1391 case DRSUAPI_ATTID_attributeID:
1392 case DRSUAPI_ATTID_attributeSyntax:
1393 return _dsdb_syntax_OID_oid_ldb_to_drsuapi(ctx, attr, in, mem_ctx, out);
1396 DEBUG(0,(__location__ ": Unknown handling for attributeID_id for %s\n",
1397 attr->lDAPDisplayName));
1399 return _dsdb_syntax_auto_OID_ldb_to_drsuapi(ctx, attr, in, mem_ctx, out);
1402 static WERROR _dsdb_syntax_OID_validate_numericoid(const struct dsdb_syntax_ctx *ctx,
1403 const struct dsdb_attribute *attr,
1404 const struct ldb_message_element *in)
1407 TALLOC_CTX *tmp_ctx;
1409 tmp_ctx = talloc_new(ctx->ldb);
1410 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
1412 for (i=0; i < in->num_values; i++) {
1415 const char *oid = (const char*)in->values[i].data;
1417 if (in->values[i].length == 0) {
1418 talloc_free(tmp_ctx);
1419 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1422 if (!ber_write_OID_String(tmp_ctx, &blob, oid)) {
1423 DEBUG(0,("ber_write_OID_String() failed for %s\n", oid));
1424 talloc_free(tmp_ctx);
1425 return WERR_INVALID_PARAMETER;
1428 if (!ber_read_OID_String(tmp_ctx, blob, &oid_out)) {
1429 DEBUG(0,("ber_read_OID_String() failed for %s\n",
1430 hex_encode_talloc(tmp_ctx, blob.data, blob.length)));
1431 talloc_free(tmp_ctx);
1432 return WERR_INVALID_PARAMETER;
1435 if (strcmp(oid, oid_out) != 0) {
1436 talloc_free(tmp_ctx);
1437 return WERR_INVALID_PARAMETER;
1441 talloc_free(tmp_ctx);
1445 static WERROR dsdb_syntax_OID_validate_ldb(const struct dsdb_syntax_ctx *ctx,
1446 const struct dsdb_attribute *attr,
1447 const struct ldb_message_element *in)
1450 struct drsuapi_DsReplicaAttribute drs_tmp;
1451 struct ldb_message_element ldb_tmp;
1452 TALLOC_CTX *tmp_ctx;
1454 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
1455 return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
1458 switch (attr->attributeID_id) {
1459 case DRSUAPI_ATTID_governsID:
1460 case DRSUAPI_ATTID_attributeID:
1461 case DRSUAPI_ATTID_attributeSyntax:
1462 return _dsdb_syntax_OID_validate_numericoid(ctx, attr, in);
1466 * TODO: optimize and verify this code
1469 tmp_ctx = talloc_new(ctx->ldb);
1470 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
1472 status = dsdb_syntax_OID_ldb_to_drsuapi(ctx,
1477 if (!W_ERROR_IS_OK(status)) {
1478 talloc_free(tmp_ctx);
1482 status = dsdb_syntax_OID_drsuapi_to_ldb(ctx,
1487 if (!W_ERROR_IS_OK(status)) {
1488 talloc_free(tmp_ctx);
1492 talloc_free(tmp_ctx);
1496 static WERROR dsdb_syntax_UNICODE_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
1497 const struct dsdb_attribute *attr,
1498 const struct drsuapi_DsReplicaAttribute *in,
1499 TALLOC_CTX *mem_ctx,
1500 struct ldb_message_element *out)
1505 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
1506 W_ERROR_HAVE_NO_MEMORY(out->name);
1508 out->num_values = in->value_ctr.num_values;
1509 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
1510 W_ERROR_HAVE_NO_MEMORY(out->values);
1512 for (i=0; i < out->num_values; i++) {
1513 size_t converted_size = 0;
1516 if (in->value_ctr.values[i].blob == NULL) {
1520 if (in->value_ctr.values[i].blob->length == 0) {
1524 if (!convert_string_talloc(out->values,
1526 in->value_ctr.values[i].blob->data,
1527 in->value_ctr.values[i].blob->length,
1528 (void **)&str, &converted_size)) {
1532 out->values[i] = data_blob_const(str, converted_size);
1538 static WERROR dsdb_syntax_UNICODE_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
1539 const struct dsdb_attribute *attr,
1540 const struct ldb_message_element *in,
1541 TALLOC_CTX *mem_ctx,
1542 struct drsuapi_DsReplicaAttribute *out)
1547 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
1548 return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
1551 out->attid = dsdb_attribute_get_attid(attr,
1553 out->value_ctr.num_values = in->num_values;
1554 out->value_ctr.values = talloc_array(mem_ctx,
1555 struct drsuapi_DsAttributeValue,
1557 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
1559 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
1560 W_ERROR_HAVE_NO_MEMORY(blobs);
1562 for (i=0; i < in->num_values; i++) {
1563 out->value_ctr.values[i].blob = &blobs[i];
1565 if (!convert_string_talloc(blobs,
1567 in->values[i].data, in->values[i].length,
1568 (void **)&blobs[i].data, &blobs[i].length)) {
1576 static WERROR dsdb_syntax_UNICODE_validate_one_val(const struct dsdb_syntax_ctx *ctx,
1577 const struct dsdb_attribute *attr,
1578 const struct ldb_val *val)
1584 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
1585 return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
1588 ok = convert_string_talloc(ctx->ldb,
1596 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1599 if (attr->rangeLower) {
1600 if ((size/2) < *attr->rangeLower) {
1601 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1605 if (attr->rangeUpper) {
1606 if ((size/2) > *attr->rangeUpper) {
1607 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1614 static WERROR dsdb_syntax_UNICODE_validate_ldb(const struct dsdb_syntax_ctx *ctx,
1615 const struct dsdb_attribute *attr,
1616 const struct ldb_message_element *in)
1621 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
1622 return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
1625 for (i=0; i < in->num_values; i++) {
1626 if (in->values[i].length == 0) {
1627 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1630 status = dsdb_syntax_UNICODE_validate_one_val(ctx,
1633 if (!W_ERROR_IS_OK(status)) {
1641 static WERROR dsdb_syntax_one_DN_drsuapi_to_ldb(TALLOC_CTX *mem_ctx, struct ldb_context *ldb,
1642 const struct dsdb_syntax *syntax,
1643 const DATA_BLOB *in, DATA_BLOB *out)
1645 struct drsuapi_DsReplicaObjectIdentifier3 id3;
1646 enum ndr_err_code ndr_err;
1647 DATA_BLOB guid_blob;
1649 TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
1654 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
1658 talloc_free(tmp_ctx);
1662 if (in->length == 0) {
1663 talloc_free(tmp_ctx);
1668 /* windows sometimes sends an extra two pad bytes here */
1669 ndr_err = ndr_pull_struct_blob(in,
1671 (ndr_pull_flags_fn_t)ndr_pull_drsuapi_DsReplicaObjectIdentifier3);
1672 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1673 status = ndr_map_error2ntstatus(ndr_err);
1674 talloc_free(tmp_ctx);
1675 return ntstatus_to_werror(status);
1678 dn = ldb_dn_new(tmp_ctx, ldb, id3.dn);
1680 talloc_free(tmp_ctx);
1681 /* If this fails, it must be out of memory, as it does not do much parsing */
1682 W_ERROR_HAVE_NO_MEMORY(dn);
1685 if (!GUID_all_zero(&id3.guid)) {
1686 status = GUID_to_ndr_blob(&id3.guid, tmp_ctx, &guid_blob);
1687 if (!NT_STATUS_IS_OK(status)) {
1688 talloc_free(tmp_ctx);
1689 return ntstatus_to_werror(status);
1692 ret = ldb_dn_set_extended_component(dn, "GUID", &guid_blob);
1693 if (ret != LDB_SUCCESS) {
1694 talloc_free(tmp_ctx);
1697 talloc_free(guid_blob.data);
1700 if (id3.__ndr_size_sid) {
1702 ndr_err = ndr_push_struct_blob(&sid_blob, tmp_ctx, &id3.sid,
1703 (ndr_push_flags_fn_t)ndr_push_dom_sid);
1704 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1705 status = ndr_map_error2ntstatus(ndr_err);
1706 talloc_free(tmp_ctx);
1707 return ntstatus_to_werror(status);
1710 ret = ldb_dn_set_extended_component(dn, "SID", &sid_blob);
1711 if (ret != LDB_SUCCESS) {
1712 talloc_free(tmp_ctx);
1717 *out = data_blob_string_const(ldb_dn_get_extended_linearized(mem_ctx, dn, 1));
1718 talloc_free(tmp_ctx);
1722 static WERROR dsdb_syntax_DN_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
1723 const struct dsdb_attribute *attr,
1724 const struct drsuapi_DsReplicaAttribute *in,
1725 TALLOC_CTX *mem_ctx,
1726 struct ldb_message_element *out)
1731 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
1732 W_ERROR_HAVE_NO_MEMORY(out->name);
1734 out->num_values = in->value_ctr.num_values;
1735 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
1736 W_ERROR_HAVE_NO_MEMORY(out->values);
1738 for (i=0; i < out->num_values; i++) {
1739 WERROR status = dsdb_syntax_one_DN_drsuapi_to_ldb(out->values, ctx->ldb, attr->syntax,
1740 in->value_ctr.values[i].blob,
1742 if (!W_ERROR_IS_OK(status)) {
1751 static WERROR dsdb_syntax_DN_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
1752 const struct dsdb_attribute *attr,
1753 const struct ldb_message_element *in,
1754 TALLOC_CTX *mem_ctx,
1755 struct drsuapi_DsReplicaAttribute *out)
1760 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
1761 return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
1764 out->attid = dsdb_attribute_get_attid(attr,
1766 out->value_ctr.num_values = in->num_values;
1767 out->value_ctr.values = talloc_array(mem_ctx,
1768 struct drsuapi_DsAttributeValue,
1770 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
1772 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
1773 W_ERROR_HAVE_NO_MEMORY(blobs);
1775 for (i=0; i < in->num_values; i++) {
1776 struct drsuapi_DsReplicaObjectIdentifier3 id3;
1777 enum ndr_err_code ndr_err;
1779 TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
1782 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
1784 out->value_ctr.values[i].blob = &blobs[i];
1786 dn = ldb_dn_from_ldb_val(tmp_ctx, ctx->ldb, &in->values[i]);
1788 W_ERROR_HAVE_NO_MEMORY(dn);
1792 status = dsdb_get_extended_dn_guid(dn, &id3.guid, "GUID");
1793 if (!NT_STATUS_IS_OK(status) &&
1794 !NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
1795 talloc_free(tmp_ctx);
1796 return ntstatus_to_werror(status);
1799 status = dsdb_get_extended_dn_sid(dn, &id3.sid, "SID");
1800 if (!NT_STATUS_IS_OK(status) &&
1801 !NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
1802 talloc_free(tmp_ctx);
1803 return ntstatus_to_werror(status);
1806 id3.dn = ldb_dn_get_linearized(dn);
1808 ndr_err = ndr_push_struct_blob(&blobs[i], blobs, &id3, (ndr_push_flags_fn_t)ndr_push_drsuapi_DsReplicaObjectIdentifier3);
1809 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1810 status = ndr_map_error2ntstatus(ndr_err);
1811 talloc_free(tmp_ctx);
1812 return ntstatus_to_werror(status);
1814 talloc_free(tmp_ctx);
1820 static WERROR dsdb_syntax_DN_validate_one_val(const struct dsdb_syntax_ctx *ctx,
1821 const struct dsdb_attribute *attr,
1822 const struct ldb_val *val,
1823 TALLOC_CTX *mem_ctx,
1824 struct dsdb_dn **_dsdb_dn)
1826 static const char * const extended_list[] = { "GUID", "SID", NULL };
1827 enum ndr_err_code ndr_err;
1830 const DATA_BLOB *sid_blob;
1831 struct dsdb_dn *dsdb_dn;
1837 TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
1840 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
1842 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
1843 return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
1846 dsdb_dn = dsdb_dn_parse(tmp_ctx, ctx->ldb, val,
1847 attr->syntax->ldap_oid);
1849 talloc_free(tmp_ctx);
1850 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1854 dn2 = ldb_dn_copy(tmp_ctx, dn);
1856 talloc_free(tmp_ctx);
1860 num_components = ldb_dn_get_comp_num(dn);
1862 status = dsdb_get_extended_dn_guid(dn, &guid, "GUID");
1863 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
1865 } else if (!NT_STATUS_IS_OK(status)) {
1866 talloc_free(tmp_ctx);
1867 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1870 sid_blob = ldb_dn_get_extended_component(dn, "SID");
1873 ndr_err = ndr_pull_struct_blob_all(sid_blob,
1876 (ndr_pull_flags_fn_t)ndr_pull_dom_sid);
1877 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1878 talloc_free(tmp_ctx);
1879 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1883 /* Do not allow links to the RootDSE */
1884 if (num_components == 0) {
1885 talloc_free(tmp_ctx);
1886 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1890 * We need to check that only "GUID" and "SID" are
1891 * specified as extended components, we do that
1892 * by comparing the dn's after removing all components
1893 * from one dn and only the allowed subset from the other
1896 ldb_dn_extended_filter(dn, extended_list);
1898 dn_str = ldb_dn_get_extended_linearized(tmp_ctx, dn, 0);
1899 if (dn_str == NULL) {
1900 talloc_free(tmp_ctx);
1901 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1903 dn2_str = ldb_dn_get_extended_linearized(tmp_ctx, dn2, 0);
1904 if (dn2_str == NULL) {
1905 talloc_free(tmp_ctx);
1906 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1909 if (strcmp(dn_str, dn2_str) != 0) {
1910 talloc_free(tmp_ctx);
1911 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1914 *_dsdb_dn = talloc_move(mem_ctx, &dsdb_dn);
1915 talloc_free(tmp_ctx);
1919 static WERROR dsdb_syntax_DN_validate_ldb(const struct dsdb_syntax_ctx *ctx,
1920 const struct dsdb_attribute *attr,
1921 const struct ldb_message_element *in)
1925 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
1926 return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
1929 for (i=0; i < in->num_values; i++) {
1931 struct dsdb_dn *dsdb_dn;
1932 TALLOC_CTX *tmp_ctx = talloc_new(ctx->ldb);
1933 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
1935 status = dsdb_syntax_DN_validate_one_val(ctx,
1939 if (!W_ERROR_IS_OK(status)) {
1940 talloc_free(tmp_ctx);
1944 if (dsdb_dn->dn_format != DSDB_NORMAL_DN) {
1945 talloc_free(tmp_ctx);
1946 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1949 talloc_free(tmp_ctx);
1955 static WERROR dsdb_syntax_DN_BINARY_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
1956 const struct dsdb_attribute *attr,
1957 const struct drsuapi_DsReplicaAttribute *in,
1958 TALLOC_CTX *mem_ctx,
1959 struct ldb_message_element *out)
1965 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
1966 W_ERROR_HAVE_NO_MEMORY(out->name);
1968 out->num_values = in->value_ctr.num_values;
1969 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
1970 W_ERROR_HAVE_NO_MEMORY(out->values);
1972 for (i=0; i < out->num_values; i++) {
1973 struct drsuapi_DsReplicaObjectIdentifier3Binary id3;
1974 enum ndr_err_code ndr_err;
1975 DATA_BLOB guid_blob;
1977 struct dsdb_dn *dsdb_dn;
1979 TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
1981 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
1984 if (in->value_ctr.values[i].blob == NULL) {
1985 talloc_free(tmp_ctx);
1989 if (in->value_ctr.values[i].blob->length == 0) {
1990 talloc_free(tmp_ctx);
1995 /* windows sometimes sends an extra two pad bytes here */
1996 ndr_err = ndr_pull_struct_blob(in->value_ctr.values[i].blob,
1998 (ndr_pull_flags_fn_t)ndr_pull_drsuapi_DsReplicaObjectIdentifier3Binary);
1999 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
2000 status = ndr_map_error2ntstatus(ndr_err);
2001 talloc_free(tmp_ctx);
2002 return ntstatus_to_werror(status);
2005 dn = ldb_dn_new(tmp_ctx, ctx->ldb, id3.dn);
2007 talloc_free(tmp_ctx);
2008 /* If this fails, it must be out of memory, as it does not do much parsing */
2009 W_ERROR_HAVE_NO_MEMORY(dn);
2012 if (!GUID_all_zero(&id3.guid)) {
2013 status = GUID_to_ndr_blob(&id3.guid, tmp_ctx, &guid_blob);
2014 if (!NT_STATUS_IS_OK(status)) {
2015 talloc_free(tmp_ctx);
2016 return ntstatus_to_werror(status);
2019 ret = ldb_dn_set_extended_component(dn, "GUID", &guid_blob);
2020 if (ret != LDB_SUCCESS) {
2021 talloc_free(tmp_ctx);
2024 talloc_free(guid_blob.data);
2027 if (id3.__ndr_size_sid) {
2029 ndr_err = ndr_push_struct_blob(&sid_blob, tmp_ctx, &id3.sid,
2030 (ndr_push_flags_fn_t)ndr_push_dom_sid);
2031 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
2032 status = ndr_map_error2ntstatus(ndr_err);
2033 talloc_free(tmp_ctx);
2034 return ntstatus_to_werror(status);
2037 ret = ldb_dn_set_extended_component(dn, "SID", &sid_blob);
2038 if (ret != LDB_SUCCESS) {
2039 talloc_free(tmp_ctx);
2044 /* set binary stuff */
2045 dsdb_dn = dsdb_dn_construct(tmp_ctx, dn, id3.binary, attr->syntax->ldap_oid);
2047 /* If this fails, it must be out of memory, we know the ldap_oid is valid */
2048 talloc_free(tmp_ctx);
2049 W_ERROR_HAVE_NO_MEMORY(dsdb_dn);
2051 out->values[i] = data_blob_string_const(dsdb_dn_get_extended_linearized(out->values, dsdb_dn, 1));
2052 talloc_free(tmp_ctx);
2058 static WERROR dsdb_syntax_DN_BINARY_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
2059 const struct dsdb_attribute *attr,
2060 const struct ldb_message_element *in,
2061 TALLOC_CTX *mem_ctx,
2062 struct drsuapi_DsReplicaAttribute *out)
2067 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
2068 return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
2071 out->attid = dsdb_attribute_get_attid(attr,
2073 out->value_ctr.num_values = in->num_values;
2074 out->value_ctr.values = talloc_array(mem_ctx,
2075 struct drsuapi_DsAttributeValue,
2077 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
2079 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
2080 W_ERROR_HAVE_NO_MEMORY(blobs);
2082 for (i=0; i < in->num_values; i++) {
2083 struct drsuapi_DsReplicaObjectIdentifier3Binary id3;
2084 enum ndr_err_code ndr_err;
2085 const DATA_BLOB *sid_blob;
2086 struct dsdb_dn *dsdb_dn;
2087 TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
2090 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
2092 out->value_ctr.values[i].blob = &blobs[i];
2094 dsdb_dn = dsdb_dn_parse(tmp_ctx, ctx->ldb, &in->values[i], attr->syntax->ldap_oid);
2097 talloc_free(tmp_ctx);
2098 return ntstatus_to_werror(NT_STATUS_INVALID_PARAMETER);
2103 status = dsdb_get_extended_dn_guid(dsdb_dn->dn, &id3.guid, "GUID");
2104 if (!NT_STATUS_IS_OK(status) &&
2105 !NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
2106 talloc_free(tmp_ctx);
2107 return ntstatus_to_werror(status);
2110 sid_blob = ldb_dn_get_extended_component(dsdb_dn->dn, "SID");
2113 ndr_err = ndr_pull_struct_blob_all(sid_blob,
2115 (ndr_pull_flags_fn_t)ndr_pull_dom_sid);
2116 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
2117 status = ndr_map_error2ntstatus(ndr_err);
2118 talloc_free(tmp_ctx);
2119 return ntstatus_to_werror(status);
2123 id3.dn = ldb_dn_get_linearized(dsdb_dn->dn);
2125 /* get binary stuff */
2126 id3.binary = dsdb_dn->extra_part;
2128 ndr_err = ndr_push_struct_blob(&blobs[i], blobs, &id3, (ndr_push_flags_fn_t)ndr_push_drsuapi_DsReplicaObjectIdentifier3Binary);
2129 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
2130 status = ndr_map_error2ntstatus(ndr_err);
2131 talloc_free(tmp_ctx);
2132 return ntstatus_to_werror(status);
2134 talloc_free(tmp_ctx);
2140 static WERROR dsdb_syntax_DN_BINARY_validate_ldb(const struct dsdb_syntax_ctx *ctx,
2141 const struct dsdb_attribute *attr,
2142 const struct ldb_message_element *in)
2146 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
2147 return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
2150 for (i=0; i < in->num_values; i++) {
2152 struct dsdb_dn *dsdb_dn;
2153 TALLOC_CTX *tmp_ctx = talloc_new(ctx->ldb);
2154 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
2156 status = dsdb_syntax_DN_validate_one_val(ctx,
2160 if (!W_ERROR_IS_OK(status)) {
2161 talloc_free(tmp_ctx);
2165 if (dsdb_dn->dn_format != DSDB_BINARY_DN) {
2166 talloc_free(tmp_ctx);
2167 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
2170 status = dsdb_syntax_DATA_BLOB_validate_one_val(ctx,
2172 &dsdb_dn->extra_part);
2173 if (!W_ERROR_IS_OK(status)) {
2174 talloc_free(tmp_ctx);
2178 talloc_free(tmp_ctx);
2184 static WERROR dsdb_syntax_DN_STRING_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
2185 const struct dsdb_attribute *attr,
2186 const struct drsuapi_DsReplicaAttribute *in,
2187 TALLOC_CTX *mem_ctx,
2188 struct ldb_message_element *out)
2190 return dsdb_syntax_DN_BINARY_drsuapi_to_ldb(ctx,
2197 static WERROR dsdb_syntax_DN_STRING_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
2198 const struct dsdb_attribute *attr,
2199 const struct ldb_message_element *in,
2200 TALLOC_CTX *mem_ctx,
2201 struct drsuapi_DsReplicaAttribute *out)
2203 return dsdb_syntax_DN_BINARY_ldb_to_drsuapi(ctx,
2210 static WERROR dsdb_syntax_DN_STRING_validate_ldb(const struct dsdb_syntax_ctx *ctx,
2211 const struct dsdb_attribute *attr,
2212 const struct ldb_message_element *in)
2216 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
2217 return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
2220 for (i=0; i < in->num_values; i++) {
2222 struct dsdb_dn *dsdb_dn;
2223 TALLOC_CTX *tmp_ctx = talloc_new(ctx->ldb);
2224 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
2226 status = dsdb_syntax_DN_validate_one_val(ctx,
2230 if (!W_ERROR_IS_OK(status)) {
2231 talloc_free(tmp_ctx);
2235 if (dsdb_dn->dn_format != DSDB_STRING_DN) {
2236 talloc_free(tmp_ctx);
2237 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
2240 status = dsdb_syntax_UNICODE_validate_one_val(ctx,
2242 &dsdb_dn->extra_part);
2243 if (!W_ERROR_IS_OK(status)) {
2244 talloc_free(tmp_ctx);
2248 talloc_free(tmp_ctx);
2254 static WERROR dsdb_syntax_PRESENTATION_ADDRESS_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
2255 const struct dsdb_attribute *attr,
2256 const struct drsuapi_DsReplicaAttribute *in,
2257 TALLOC_CTX *mem_ctx,
2258 struct ldb_message_element *out)
2263 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
2264 W_ERROR_HAVE_NO_MEMORY(out->name);
2266 out->num_values = in->value_ctr.num_values;
2267 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
2268 W_ERROR_HAVE_NO_MEMORY(out->values);
2270 for (i=0; i < out->num_values; i++) {
2272 size_t converted_size = 0;
2275 if (in->value_ctr.values[i].blob == NULL) {
2279 if (in->value_ctr.values[i].blob->length < 4) {
2283 len = IVAL(in->value_ctr.values[i].blob->data, 0);
2285 if (len != in->value_ctr.values[i].blob->length) {
2289 if (!convert_string_talloc(out->values, CH_UTF16, CH_UNIX,
2290 in->value_ctr.values[i].blob->data+4,
2291 in->value_ctr.values[i].blob->length-4,
2292 (void **)&str, &converted_size)) {
2296 out->values[i] = data_blob_string_const(str);
2302 static WERROR dsdb_syntax_PRESENTATION_ADDRESS_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
2303 const struct dsdb_attribute *attr,
2304 const struct ldb_message_element *in,
2305 TALLOC_CTX *mem_ctx,
2306 struct drsuapi_DsReplicaAttribute *out)
2311 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
2312 return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
2315 out->attid = dsdb_attribute_get_attid(attr,
2317 out->value_ctr.num_values = in->num_values;
2318 out->value_ctr.values = talloc_array(mem_ctx,
2319 struct drsuapi_DsAttributeValue,
2321 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
2323 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
2324 W_ERROR_HAVE_NO_MEMORY(blobs);
2326 for (i=0; i < in->num_values; i++) {
2330 out->value_ctr.values[i].blob = &blobs[i];
2332 if (!convert_string_talloc(blobs, CH_UNIX, CH_UTF16,
2334 in->values[i].length,
2335 (void **)&data, &ret)) {
2339 blobs[i] = data_blob_talloc(blobs, NULL, 4 + ret);
2340 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
2342 SIVAL(blobs[i].data, 0, 4 + ret);
2345 memcpy(blobs[i].data + 4, data, ret);
2353 static WERROR dsdb_syntax_PRESENTATION_ADDRESS_validate_ldb(const struct dsdb_syntax_ctx *ctx,
2354 const struct dsdb_attribute *attr,
2355 const struct ldb_message_element *in)
2357 return dsdb_syntax_UNICODE_validate_ldb(ctx,
2362 #define OMOBJECTCLASS(val) { .length = sizeof(val) - 1, .data = discard_const_p(uint8_t, val) }
2364 static const struct dsdb_syntax dsdb_syntaxes[] = {
2367 .ldap_oid = LDB_SYNTAX_BOOLEAN,
2369 .attributeSyntax_oid = "2.5.5.8",
2370 .drsuapi_to_ldb = dsdb_syntax_BOOL_drsuapi_to_ldb,
2371 .ldb_to_drsuapi = dsdb_syntax_BOOL_ldb_to_drsuapi,
2372 .validate_ldb = dsdb_syntax_BOOL_validate_ldb,
2373 .equality = "booleanMatch",
2374 .comment = "Boolean",
2375 .auto_normalise = true
2378 .ldap_oid = LDB_SYNTAX_INTEGER,
2380 .attributeSyntax_oid = "2.5.5.9",
2381 .drsuapi_to_ldb = dsdb_syntax_INT32_drsuapi_to_ldb,
2382 .ldb_to_drsuapi = dsdb_syntax_INT32_ldb_to_drsuapi,
2383 .validate_ldb = dsdb_syntax_INT32_validate_ldb,
2384 .equality = "integerMatch",
2385 .comment = "Integer",
2386 .ldb_syntax = LDB_SYNTAX_SAMBA_INT32,
2387 .auto_normalise = true
2389 .name = "String(Octet)",
2390 .ldap_oid = LDB_SYNTAX_OCTET_STRING,
2392 .attributeSyntax_oid = "2.5.5.10",
2393 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2394 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2395 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2396 .equality = "octetStringMatch",
2397 .comment = "Octet String",
2398 .userParameters = true
2400 .name = "String(Sid)",
2401 .ldap_oid = LDB_SYNTAX_OCTET_STRING,
2403 .attributeSyntax_oid = "2.5.5.17",
2404 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2405 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2406 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2407 .equality = "octetStringMatch",
2408 .comment = "Octet String - Security Identifier (SID)",
2409 .ldb_syntax = LDB_SYNTAX_SAMBA_SID
2411 .name = "String(Object-Identifier)",
2412 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.38",
2414 .attributeSyntax_oid = "2.5.5.2",
2415 .drsuapi_to_ldb = dsdb_syntax_OID_drsuapi_to_ldb,
2416 .ldb_to_drsuapi = dsdb_syntax_OID_ldb_to_drsuapi,
2417 .validate_ldb = dsdb_syntax_OID_validate_ldb,
2418 .equality = "caseIgnoreMatch", /* Would use "objectIdentifierMatch" but most are ldap attribute/class names */
2419 .comment = "OID String",
2420 .ldb_syntax = LDB_SYNTAX_DIRECTORY_STRING
2422 .name = "Enumeration",
2423 .ldap_oid = LDB_SYNTAX_INTEGER,
2425 .attributeSyntax_oid = "2.5.5.9",
2426 .drsuapi_to_ldb = dsdb_syntax_INT32_drsuapi_to_ldb,
2427 .ldb_to_drsuapi = dsdb_syntax_INT32_ldb_to_drsuapi,
2428 .validate_ldb = dsdb_syntax_INT32_validate_ldb,
2429 .ldb_syntax = LDB_SYNTAX_SAMBA_INT32,
2430 .auto_normalise = true
2432 /* not used in w2k3 forest */
2433 .name = "String(Numeric)",
2434 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.36",
2436 .attributeSyntax_oid = "2.5.5.6",
2437 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2438 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2439 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2440 .equality = "numericStringMatch",
2441 .substring = "numericStringSubstringsMatch",
2442 .comment = "Numeric String",
2443 .ldb_syntax = LDB_SYNTAX_DIRECTORY_STRING,
2445 .name = "String(Printable)",
2446 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.44",
2448 .attributeSyntax_oid = "2.5.5.5",
2449 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2450 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2451 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2452 .ldb_syntax = LDB_SYNTAX_OCTET_STRING,
2454 .name = "String(Teletex)",
2455 .ldap_oid = "1.2.840.113556.1.4.905",
2457 .attributeSyntax_oid = "2.5.5.4",
2458 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2459 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2460 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2461 .equality = "caseIgnoreMatch",
2462 .substring = "caseIgnoreSubstringsMatch",
2463 .comment = "Case Insensitive String",
2464 .ldb_syntax = LDB_SYNTAX_DIRECTORY_STRING,
2466 .name = "String(IA5)",
2467 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.26",
2469 .attributeSyntax_oid = "2.5.5.5",
2470 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2471 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2472 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2473 .equality = "caseExactIA5Match",
2474 .comment = "Printable String",
2475 .ldb_syntax = LDB_SYNTAX_OCTET_STRING,
2477 .name = "String(UTC-Time)",
2478 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.53",
2480 .attributeSyntax_oid = "2.5.5.11",
2481 .drsuapi_to_ldb = dsdb_syntax_NTTIME_UTC_drsuapi_to_ldb,
2482 .ldb_to_drsuapi = dsdb_syntax_NTTIME_UTC_ldb_to_drsuapi,
2483 .validate_ldb = dsdb_syntax_NTTIME_UTC_validate_ldb,
2484 .equality = "generalizedTimeMatch",
2485 .comment = "UTC Time",
2486 .auto_normalise = true
2488 .name = "String(Generalized-Time)",
2489 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.24",
2491 .attributeSyntax_oid = "2.5.5.11",
2492 .drsuapi_to_ldb = dsdb_syntax_NTTIME_drsuapi_to_ldb,
2493 .ldb_to_drsuapi = dsdb_syntax_NTTIME_ldb_to_drsuapi,
2494 .validate_ldb = dsdb_syntax_NTTIME_validate_ldb,
2495 .equality = "generalizedTimeMatch",
2496 .comment = "Generalized Time",
2497 .auto_normalise = true
2499 /* not used in w2k3 schema */
2500 .name = "String(Case Sensitive)",
2501 .ldap_oid = "1.2.840.113556.1.4.1362",
2503 .attributeSyntax_oid = "2.5.5.3",
2504 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2505 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2506 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2507 .equality = "caseExactMatch",
2508 .substring = "caseExactSubstringsMatch",
2509 /* TODO (kim): according to LDAP rfc we should be using same comparison
2510 * as Directory String (LDB_SYNTAX_DIRECTORY_STRING), but case sensitive.
2511 * But according to ms docs binary compare should do the job:
2512 * http://msdn.microsoft.com/en-us/library/cc223200(v=PROT.10).aspx */
2513 .ldb_syntax = LDB_SYNTAX_OCTET_STRING,
2515 .name = "String(Unicode)",
2516 .ldap_oid = LDB_SYNTAX_DIRECTORY_STRING,
2518 .attributeSyntax_oid = "2.5.5.12",
2519 .drsuapi_to_ldb = dsdb_syntax_UNICODE_drsuapi_to_ldb,
2520 .ldb_to_drsuapi = dsdb_syntax_UNICODE_ldb_to_drsuapi,
2521 .validate_ldb = dsdb_syntax_UNICODE_validate_ldb,
2522 .equality = "caseIgnoreMatch",
2523 .substring = "caseIgnoreSubstringsMatch",
2524 .comment = "Directory String",
2526 .name = "Interval/LargeInteger",
2527 .ldap_oid = "1.2.840.113556.1.4.906",
2529 .attributeSyntax_oid = "2.5.5.16",
2530 .drsuapi_to_ldb = dsdb_syntax_INT64_drsuapi_to_ldb,
2531 .ldb_to_drsuapi = dsdb_syntax_INT64_ldb_to_drsuapi,
2532 .validate_ldb = dsdb_syntax_INT64_validate_ldb,
2533 .equality = "integerMatch",
2534 .comment = "Large Integer",
2535 .ldb_syntax = LDB_SYNTAX_INTEGER,
2536 .auto_normalise = true
2538 .name = "String(NT-Sec-Desc)",
2539 .ldap_oid = LDB_SYNTAX_SAMBA_SECURITY_DESCRIPTOR,
2541 .attributeSyntax_oid = "2.5.5.15",
2542 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2543 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2544 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2546 .name = "Object(DS-DN)",
2547 .ldap_oid = LDB_SYNTAX_DN,
2549 .oMObjectClass = OMOBJECTCLASS("\x2b\x0c\x02\x87\x73\x1c\x00\x85\x4a"),
2550 .attributeSyntax_oid = "2.5.5.1",
2551 .drsuapi_to_ldb = dsdb_syntax_DN_drsuapi_to_ldb,
2552 .ldb_to_drsuapi = dsdb_syntax_DN_ldb_to_drsuapi,
2553 .validate_ldb = dsdb_syntax_DN_validate_ldb,
2554 .equality = "distinguishedNameMatch",
2555 .comment = "Object(DS-DN) == a DN",
2557 .name = "Object(DN-Binary)",
2558 .ldap_oid = DSDB_SYNTAX_BINARY_DN,
2560 .oMObjectClass = OMOBJECTCLASS("\x2a\x86\x48\x86\xf7\x14\x01\x01\x01\x0b"),
2561 .attributeSyntax_oid = "2.5.5.7",
2562 .drsuapi_to_ldb = dsdb_syntax_DN_BINARY_drsuapi_to_ldb,
2563 .ldb_to_drsuapi = dsdb_syntax_DN_BINARY_ldb_to_drsuapi,
2564 .validate_ldb = dsdb_syntax_DN_BINARY_validate_ldb,
2565 .equality = "octetStringMatch",
2566 .comment = "OctetString: Binary+DN",
2568 /* not used in w2k3 schema, but used in Exchange schema*/
2569 .name = "Object(OR-Name)",
2570 .ldap_oid = DSDB_SYNTAX_OR_NAME,
2572 .oMObjectClass = OMOBJECTCLASS("\x56\x06\x01\x02\x05\x0b\x1D"),
2573 .attributeSyntax_oid = "2.5.5.7",
2574 .drsuapi_to_ldb = dsdb_syntax_DN_BINARY_drsuapi_to_ldb,
2575 .ldb_to_drsuapi = dsdb_syntax_DN_BINARY_ldb_to_drsuapi,
2576 .validate_ldb = dsdb_syntax_DN_BINARY_validate_ldb,
2577 .equality = "caseIgnoreMatch",
2578 .ldb_syntax = LDB_SYNTAX_DN,
2581 * TODO: verify if DATA_BLOB is correct here...!
2583 * repsFrom and repsTo are the only attributes using
2584 * this attribute syntax, but they're not replicated...
2586 .name = "Object(Replica-Link)",
2587 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.40",
2589 .oMObjectClass = OMOBJECTCLASS("\x2a\x86\x48\x86\xf7\x14\x01\x01\x01\x06"),
2590 .attributeSyntax_oid = "2.5.5.10",
2591 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2592 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2593 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2595 .name = "Object(Presentation-Address)",
2596 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.43",
2598 .oMObjectClass = OMOBJECTCLASS("\x2b\x0c\x02\x87\x73\x1c\x00\x85\x5c"),
2599 .attributeSyntax_oid = "2.5.5.13",
2600 .drsuapi_to_ldb = dsdb_syntax_PRESENTATION_ADDRESS_drsuapi_to_ldb,
2601 .ldb_to_drsuapi = dsdb_syntax_PRESENTATION_ADDRESS_ldb_to_drsuapi,
2602 .validate_ldb = dsdb_syntax_PRESENTATION_ADDRESS_validate_ldb,
2603 .comment = "Presentation Address",
2604 .ldb_syntax = LDB_SYNTAX_DIRECTORY_STRING,
2606 /* not used in w2k3 schema */
2607 .name = "Object(Access-Point)",
2608 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.2",
2610 .oMObjectClass = OMOBJECTCLASS("\x2b\x0c\x02\x87\x73\x1c\x00\x85\x3e"),
2611 .attributeSyntax_oid = "2.5.5.14",
2612 .drsuapi_to_ldb = dsdb_syntax_FOOBAR_drsuapi_to_ldb,
2613 .ldb_to_drsuapi = dsdb_syntax_FOOBAR_ldb_to_drsuapi,
2614 .validate_ldb = dsdb_syntax_FOOBAR_validate_ldb,
2615 .ldb_syntax = LDB_SYNTAX_DIRECTORY_STRING,
2617 /* not used in w2k3 schema */
2618 .name = "Object(DN-String)",
2619 .ldap_oid = DSDB_SYNTAX_STRING_DN,
2621 .oMObjectClass = OMOBJECTCLASS("\x2a\x86\x48\x86\xf7\x14\x01\x01\x01\x0c"),
2622 .attributeSyntax_oid = "2.5.5.14",
2623 .drsuapi_to_ldb = dsdb_syntax_DN_STRING_drsuapi_to_ldb,
2624 .ldb_to_drsuapi = dsdb_syntax_DN_STRING_ldb_to_drsuapi,
2625 .validate_ldb = dsdb_syntax_DN_STRING_validate_ldb,
2626 .equality = "octetStringMatch",
2627 .comment = "OctetString: String+DN",
2631 const struct dsdb_syntax *find_syntax_map_by_ad_oid(const char *ad_oid)
2634 for (i=0; dsdb_syntaxes[i].ldap_oid; i++) {
2635 if (strcasecmp(ad_oid, dsdb_syntaxes[i].attributeSyntax_oid) == 0) {
2636 return &dsdb_syntaxes[i];
2642 const struct dsdb_syntax *find_syntax_map_by_ad_syntax(int oMSyntax)
2645 for (i=0; dsdb_syntaxes[i].ldap_oid; i++) {
2646 if (oMSyntax == dsdb_syntaxes[i].oMSyntax) {
2647 return &dsdb_syntaxes[i];
2653 const struct dsdb_syntax *find_syntax_map_by_standard_oid(const char *standard_oid)
2656 for (i=0; dsdb_syntaxes[i].ldap_oid; i++) {
2657 if (strcasecmp(standard_oid, dsdb_syntaxes[i].ldap_oid) == 0) {
2658 return &dsdb_syntaxes[i];
2664 const struct dsdb_syntax *dsdb_syntax_for_attribute(const struct dsdb_attribute *attr)
2668 for (i=0; i < ARRAY_SIZE(dsdb_syntaxes); i++) {
2670 * We must pretend that userParamters was declared
2671 * binary string, so we can store the 'UTF16' (not
2672 * really string) structure as given over SAMR to samba
2674 if (dsdb_syntaxes[i].userParameters &&
2675 (strcasecmp(attr->lDAPDisplayName, "userParameters") == 0))
2677 return &dsdb_syntaxes[i];
2679 if (attr->oMSyntax != dsdb_syntaxes[i].oMSyntax) continue;
2681 if (attr->oMObjectClass.length != dsdb_syntaxes[i].oMObjectClass.length) continue;
2683 if (attr->oMObjectClass.length) {
2685 ret = memcmp(attr->oMObjectClass.data,
2686 dsdb_syntaxes[i].oMObjectClass.data,
2687 attr->oMObjectClass.length);
2688 if (ret != 0) continue;
2691 if (strcmp(attr->attributeSyntax_oid, dsdb_syntaxes[i].attributeSyntax_oid) != 0) continue;
2693 return &dsdb_syntaxes[i];
2699 WERROR dsdb_attribute_drsuapi_to_ldb(struct ldb_context *ldb,
2700 const struct dsdb_schema *schema,
2701 const struct dsdb_schema_prefixmap *pfm_remote,
2702 const struct drsuapi_DsReplicaAttribute *in,
2703 TALLOC_CTX *mem_ctx,
2704 struct ldb_message_element *out)
2706 const struct dsdb_attribute *sa;
2707 struct dsdb_syntax_ctx syntax_ctx;
2708 uint32_t attid_local;
2710 /* use default syntax conversion context */
2711 dsdb_syntax_ctx_init(&syntax_ctx, ldb, schema);
2712 syntax_ctx.pfm_remote = pfm_remote;
2714 switch (dsdb_pfm_get_attid_type(in->attid)) {
2715 case DSDB_ATTID_TYPE_PFM:
2716 /* map remote ATTID to local ATTID */
2717 if (!dsdb_syntax_attid_from_remote_attid(&syntax_ctx, mem_ctx, in->attid, &attid_local)) {
2718 DEBUG(0,(__location__ ": Can't find local ATTID for 0x%08X\n",
2720 return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
2723 case DSDB_ATTID_TYPE_INTID:
2724 /* use IntId value directly */
2725 attid_local = in->attid;
2728 /* we should never get here */
2729 DEBUG(0,(__location__ ": Invalid ATTID type passed for conversion - 0x%08X\n",
2731 return WERR_INVALID_PARAMETER;
2734 sa = dsdb_attribute_by_attributeID_id(schema, attid_local);
2736 DEBUG(1,(__location__ ": Unknown attributeID_id 0x%08X\n", in->attid));
2737 return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
2740 return sa->syntax->drsuapi_to_ldb(&syntax_ctx, sa, in, mem_ctx, out);
2743 WERROR dsdb_attribute_ldb_to_drsuapi(struct ldb_context *ldb,
2744 const struct dsdb_schema *schema,
2745 const struct ldb_message_element *in,
2746 TALLOC_CTX *mem_ctx,
2747 struct drsuapi_DsReplicaAttribute *out)
2749 const struct dsdb_attribute *sa;
2750 struct dsdb_syntax_ctx syntax_ctx;
2752 sa = dsdb_attribute_by_lDAPDisplayName(schema, in->name);
2754 return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
2757 /* use default syntax conversion context */
2758 dsdb_syntax_ctx_init(&syntax_ctx, ldb, schema);
2760 return sa->syntax->ldb_to_drsuapi(&syntax_ctx, sa, in, mem_ctx, out);
git.samba.org / obnox / samba / samba-obnox.git / blob