2 Unix SMB/CIFS mplementation.
5 Copyright (C) Stefan Metzmacher <metze@samba.org> 2006
6 Copyright (C) Simo Sorce 2005
7 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2008
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #include "dsdb/samdb/samdb.h"
25 #include "librpc/gen_ndr/ndr_drsuapi.h"
26 #include "librpc/gen_ndr/ndr_security.h"
27 #include "librpc/gen_ndr/ndr_misc.h"
28 #include "lib/ldb/include/ldb.h"
29 #include "lib/ldb/include/ldb_errors.h"
30 #include "system/time.h"
31 #include "../lib/util/charset/charset.h"
32 #include "librpc/ndr/libndr.h"
33 #include "../lib/util/asn1.h"
36 * Initialize dsdb_syntax_ctx with default values
39 void dsdb_syntax_ctx_init(struct dsdb_syntax_ctx *ctx,
40 struct ldb_context *ldb,
41 const struct dsdb_schema *schema)
47 * 'true' will keep current behavior,
48 * i.e. attributeID_id will be returned by default
50 ctx->is_schema_nc = true;
52 ctx->pfm_remote = NULL;
57 * Returns ATTID for DRS attribute.
59 * ATTID depends on whether we are replicating
60 * Schema NC or msDs-IntId is set for schemaAttribute
63 uint32_t dsdb_attribute_get_attid(const struct dsdb_attribute *attr,
66 if (!for_schema_nc && attr->msDS_IntId) {
67 return attr->msDS_IntId;
70 return attr->attributeID_id;
74 static WERROR dsdb_syntax_FOOBAR_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
75 const struct dsdb_attribute *attr,
76 const struct drsuapi_DsReplicaAttribute *in,
78 struct ldb_message_element *out)
83 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
84 W_ERROR_HAVE_NO_MEMORY(out->name);
86 out->num_values = in->value_ctr.num_values;
87 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
88 W_ERROR_HAVE_NO_MEMORY(out->values);
90 for (i=0; i < out->num_values; i++) {
93 if (in->value_ctr.values[i].blob == NULL) {
97 str = talloc_asprintf(out->values, "%s: not implemented",
99 W_ERROR_HAVE_NO_MEMORY(str);
101 out->values[i] = data_blob_string_const(str);
107 static WERROR dsdb_syntax_FOOBAR_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
108 const struct dsdb_attribute *attr,
109 const struct ldb_message_element *in,
111 struct drsuapi_DsReplicaAttribute *out)
116 static WERROR dsdb_syntax_FOOBAR_validate_ldb(const struct dsdb_syntax_ctx *ctx,
117 const struct dsdb_attribute *attr,
118 const struct ldb_message_element *in)
123 static WERROR dsdb_syntax_BOOL_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
124 const struct dsdb_attribute *attr,
125 const struct drsuapi_DsReplicaAttribute *in,
127 struct ldb_message_element *out)
132 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
133 W_ERROR_HAVE_NO_MEMORY(out->name);
135 out->num_values = in->value_ctr.num_values;
136 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
137 W_ERROR_HAVE_NO_MEMORY(out->values);
139 for (i=0; i < out->num_values; i++) {
143 if (in->value_ctr.values[i].blob == NULL) {
147 if (in->value_ctr.values[i].blob->length != 4) {
151 v = IVAL(in->value_ctr.values[i].blob->data, 0);
154 str = talloc_strdup(out->values, "TRUE");
155 W_ERROR_HAVE_NO_MEMORY(str);
157 str = talloc_strdup(out->values, "FALSE");
158 W_ERROR_HAVE_NO_MEMORY(str);
161 out->values[i] = data_blob_string_const(str);
167 static WERROR dsdb_syntax_BOOL_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
168 const struct dsdb_attribute *attr,
169 const struct ldb_message_element *in,
171 struct drsuapi_DsReplicaAttribute *out)
176 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
180 out->attid = dsdb_attribute_get_attid(attr,
182 out->value_ctr.num_values = in->num_values;
183 out->value_ctr.values = talloc_array(mem_ctx,
184 struct drsuapi_DsAttributeValue,
186 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
188 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
189 W_ERROR_HAVE_NO_MEMORY(blobs);
191 for (i=0; i < in->num_values; i++) {
192 out->value_ctr.values[i].blob = &blobs[i];
194 blobs[i] = data_blob_talloc(blobs, NULL, 4);
195 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
197 if (strcmp("TRUE", (const char *)in->values[i].data) == 0) {
198 SIVAL(blobs[i].data, 0, 0x00000001);
199 } else if (strcmp("FALSE", (const char *)in->values[i].data) == 0) {
200 SIVAL(blobs[i].data, 0, 0x00000000);
209 static WERROR dsdb_syntax_BOOL_validate_ldb(const struct dsdb_syntax_ctx *ctx,
210 const struct dsdb_attribute *attr,
211 const struct ldb_message_element *in)
215 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
219 for (i=0; i < in->num_values; i++) {
223 (const char *)in->values[i].data,
224 in->values[i].length);
226 (const char *)in->values[i].data,
227 in->values[i].length);
229 if (t != 0 && f != 0) {
230 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
237 static WERROR dsdb_syntax_INT32_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
238 const struct dsdb_attribute *attr,
239 const struct drsuapi_DsReplicaAttribute *in,
241 struct ldb_message_element *out)
246 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
247 W_ERROR_HAVE_NO_MEMORY(out->name);
249 out->num_values = in->value_ctr.num_values;
250 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
251 W_ERROR_HAVE_NO_MEMORY(out->values);
253 for (i=0; i < out->num_values; i++) {
257 if (in->value_ctr.values[i].blob == NULL) {
261 if (in->value_ctr.values[i].blob->length != 4) {
265 v = IVALS(in->value_ctr.values[i].blob->data, 0);
267 str = talloc_asprintf(out->values, "%d", v);
268 W_ERROR_HAVE_NO_MEMORY(str);
270 out->values[i] = data_blob_string_const(str);
276 static WERROR dsdb_syntax_INT32_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
277 const struct dsdb_attribute *attr,
278 const struct ldb_message_element *in,
280 struct drsuapi_DsReplicaAttribute *out)
285 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
289 out->attid = dsdb_attribute_get_attid(attr,
291 out->value_ctr.num_values = in->num_values;
292 out->value_ctr.values = talloc_array(mem_ctx,
293 struct drsuapi_DsAttributeValue,
295 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
297 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
298 W_ERROR_HAVE_NO_MEMORY(blobs);
300 for (i=0; i < in->num_values; i++) {
303 out->value_ctr.values[i].blob = &blobs[i];
305 blobs[i] = data_blob_talloc(blobs, NULL, 4);
306 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
308 /* We've to use "strtoll" here to have the intended overflows.
309 * Otherwise we may get "LONG_MAX" and the conversion is wrong. */
310 v = (int32_t) strtoll((char *)in->values[i].data, NULL, 0);
312 SIVALS(blobs[i].data, 0, v);
318 static WERROR dsdb_syntax_INT32_validate_ldb(const struct dsdb_syntax_ctx *ctx,
319 const struct dsdb_attribute *attr,
320 const struct ldb_message_element *in)
324 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
328 for (i=0; i < in->num_values; i++) {
330 char buf[sizeof("-2147483648")];
334 if (in->values[i].length >= sizeof(buf)) {
335 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
338 memcpy(buf, in->values[i].data, in->values[i].length);
340 v = strtol(buf, &end, 10);
342 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
344 if (end && end[0] != '\0') {
345 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
348 if (attr->rangeLower) {
349 if ((int32_t)v < (int32_t)*attr->rangeLower) {
350 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
354 if (attr->rangeUpper) {
355 if ((int32_t)v > (int32_t)*attr->rangeUpper) {
356 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
364 static WERROR dsdb_syntax_INT64_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
365 const struct dsdb_attribute *attr,
366 const struct drsuapi_DsReplicaAttribute *in,
368 struct ldb_message_element *out)
373 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
374 W_ERROR_HAVE_NO_MEMORY(out->name);
376 out->num_values = in->value_ctr.num_values;
377 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
378 W_ERROR_HAVE_NO_MEMORY(out->values);
380 for (i=0; i < out->num_values; i++) {
384 if (in->value_ctr.values[i].blob == NULL) {
388 if (in->value_ctr.values[i].blob->length != 8) {
392 v = BVALS(in->value_ctr.values[i].blob->data, 0);
394 str = talloc_asprintf(out->values, "%lld", (long long int)v);
395 W_ERROR_HAVE_NO_MEMORY(str);
397 out->values[i] = data_blob_string_const(str);
403 static WERROR dsdb_syntax_INT64_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
404 const struct dsdb_attribute *attr,
405 const struct ldb_message_element *in,
407 struct drsuapi_DsReplicaAttribute *out)
412 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
416 out->attid = dsdb_attribute_get_attid(attr,
418 out->value_ctr.num_values = in->num_values;
419 out->value_ctr.values = talloc_array(mem_ctx,
420 struct drsuapi_DsAttributeValue,
422 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
424 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
425 W_ERROR_HAVE_NO_MEMORY(blobs);
427 for (i=0; i < in->num_values; i++) {
430 out->value_ctr.values[i].blob = &blobs[i];
432 blobs[i] = data_blob_talloc(blobs, NULL, 8);
433 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
435 v = strtoll((const char *)in->values[i].data, NULL, 10);
437 SBVALS(blobs[i].data, 0, v);
443 static WERROR dsdb_syntax_INT64_validate_ldb(const struct dsdb_syntax_ctx *ctx,
444 const struct dsdb_attribute *attr,
445 const struct ldb_message_element *in)
449 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
453 for (i=0; i < in->num_values; i++) {
455 char buf[sizeof("-9223372036854775808")];
459 if (in->values[i].length >= sizeof(buf)) {
460 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
462 memcpy(buf, in->values[i].data, in->values[i].length);
465 v = strtoll(buf, &end, 10);
467 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
469 if (end && end[0] != '\0') {
470 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
473 if (attr->rangeLower) {
474 if ((int64_t)v < (int64_t)*attr->rangeLower) {
475 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
479 if (attr->rangeUpper) {
480 if ((int64_t)v > (int64_t)*attr->rangeUpper) {
481 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
488 static WERROR dsdb_syntax_NTTIME_UTC_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
489 const struct dsdb_attribute *attr,
490 const struct drsuapi_DsReplicaAttribute *in,
492 struct ldb_message_element *out)
497 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
498 W_ERROR_HAVE_NO_MEMORY(out->name);
500 out->num_values = in->value_ctr.num_values;
501 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
502 W_ERROR_HAVE_NO_MEMORY(out->values);
504 for (i=0; i < out->num_values; i++) {
509 if (in->value_ctr.values[i].blob == NULL) {
513 if (in->value_ctr.values[i].blob->length != 8) {
517 v = BVAL(in->value_ctr.values[i].blob->data, 0);
519 t = nt_time_to_unix(v);
522 * NOTE: On a w2k3 server you can set a GeneralizedTime string
523 * via LDAP, but you get back an UTCTime string,
524 * but via DRSUAPI you get back the NTTIME_1sec value
525 * that represents the GeneralizedTime value!
527 * So if we store the UTCTime string in our ldb
528 * we'll loose information!
530 str = ldb_timestring_utc(out->values, t);
531 W_ERROR_HAVE_NO_MEMORY(str);
532 out->values[i] = data_blob_string_const(str);
538 static WERROR dsdb_syntax_NTTIME_UTC_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
539 const struct dsdb_attribute *attr,
540 const struct ldb_message_element *in,
542 struct drsuapi_DsReplicaAttribute *out)
547 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
551 out->attid = dsdb_attribute_get_attid(attr,
553 out->value_ctr.num_values = in->num_values;
554 out->value_ctr.values = talloc_array(mem_ctx,
555 struct drsuapi_DsAttributeValue,
557 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
559 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
560 W_ERROR_HAVE_NO_MEMORY(blobs);
562 for (i=0; i < in->num_values; i++) {
566 out->value_ctr.values[i].blob = &blobs[i];
568 blobs[i] = data_blob_talloc(blobs, NULL, 8);
569 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
571 t = ldb_string_utc_to_time((const char *)in->values[i].data);
572 unix_to_nt_time(&v, t);
575 SBVAL(blobs[i].data, 0, v);
581 static WERROR dsdb_syntax_NTTIME_UTC_validate_ldb(const struct dsdb_syntax_ctx *ctx,
582 const struct dsdb_attribute *attr,
583 const struct ldb_message_element *in)
587 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
591 for (i=0; i < in->num_values; i++) {
593 char buf[sizeof("090826075717Z")];
596 if (in->values[i].length >= sizeof(buf)) {
597 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
599 memcpy(buf, in->values[i].data, in->values[i].length);
602 t = ldb_string_utc_to_time(buf);
604 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
607 if (attr->rangeLower) {
608 if ((int32_t)t < (int32_t)*attr->rangeLower) {
609 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
613 if (attr->rangeUpper) {
614 if ((int32_t)t > (int32_t)*attr->rangeLower) {
615 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
620 * TODO: verify the comment in the
621 * dsdb_syntax_NTTIME_UTC_drsuapi_to_ldb() function!
628 static WERROR dsdb_syntax_NTTIME_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
629 const struct dsdb_attribute *attr,
630 const struct drsuapi_DsReplicaAttribute *in,
632 struct ldb_message_element *out)
637 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
638 W_ERROR_HAVE_NO_MEMORY(out->name);
640 out->num_values = in->value_ctr.num_values;
641 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
642 W_ERROR_HAVE_NO_MEMORY(out->values);
644 for (i=0; i < out->num_values; i++) {
649 if (in->value_ctr.values[i].blob == NULL) {
653 if (in->value_ctr.values[i].blob->length != 8) {
657 v = BVAL(in->value_ctr.values[i].blob->data, 0);
659 t = nt_time_to_unix(v);
661 str = ldb_timestring(out->values, t);
662 W_ERROR_HAVE_NO_MEMORY(str);
664 out->values[i] = data_blob_string_const(str);
670 static WERROR dsdb_syntax_NTTIME_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
671 const struct dsdb_attribute *attr,
672 const struct ldb_message_element *in,
674 struct drsuapi_DsReplicaAttribute *out)
679 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
683 out->attid = dsdb_attribute_get_attid(attr,
685 out->value_ctr.num_values = in->num_values;
686 out->value_ctr.values = talloc_array(mem_ctx,
687 struct drsuapi_DsAttributeValue,
689 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
691 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
692 W_ERROR_HAVE_NO_MEMORY(blobs);
694 for (i=0; i < in->num_values; i++) {
699 out->value_ctr.values[i].blob = &blobs[i];
701 blobs[i] = data_blob_talloc(blobs, NULL, 8);
702 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
704 ret = ldb_val_to_time(&in->values[i], &t);
705 if (ret != LDB_SUCCESS) {
706 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
708 unix_to_nt_time(&v, t);
711 SBVAL(blobs[i].data, 0, v);
717 static WERROR dsdb_syntax_NTTIME_validate_ldb(const struct dsdb_syntax_ctx *ctx,
718 const struct dsdb_attribute *attr,
719 const struct ldb_message_element *in)
723 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
727 for (i=0; i < in->num_values; i++) {
731 ret = ldb_val_to_time(&in->values[i], &t);
732 if (ret != LDB_SUCCESS) {
733 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
736 if (attr->rangeLower) {
737 if ((int32_t)t < (int32_t)*attr->rangeLower) {
738 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
742 if (attr->rangeUpper) {
743 if ((int32_t)t > (int32_t)*attr->rangeLower) {
744 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
752 static WERROR dsdb_syntax_DATA_BLOB_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
753 const struct dsdb_attribute *attr,
754 const struct drsuapi_DsReplicaAttribute *in,
756 struct ldb_message_element *out)
761 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
762 W_ERROR_HAVE_NO_MEMORY(out->name);
764 out->num_values = in->value_ctr.num_values;
765 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
766 W_ERROR_HAVE_NO_MEMORY(out->values);
768 for (i=0; i < out->num_values; i++) {
769 if (in->value_ctr.values[i].blob == NULL) {
773 if (in->value_ctr.values[i].blob->length == 0) {
777 out->values[i] = data_blob_dup_talloc(out->values,
778 in->value_ctr.values[i].blob);
779 W_ERROR_HAVE_NO_MEMORY(out->values[i].data);
785 static WERROR dsdb_syntax_DATA_BLOB_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
786 const struct dsdb_attribute *attr,
787 const struct ldb_message_element *in,
789 struct drsuapi_DsReplicaAttribute *out)
794 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
798 out->attid = dsdb_attribute_get_attid(attr,
800 out->value_ctr.num_values = in->num_values;
801 out->value_ctr.values = talloc_array(mem_ctx,
802 struct drsuapi_DsAttributeValue,
804 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
806 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
807 W_ERROR_HAVE_NO_MEMORY(blobs);
809 for (i=0; i < in->num_values; i++) {
810 out->value_ctr.values[i].blob = &blobs[i];
812 blobs[i] = data_blob_dup_talloc(blobs, &in->values[i]);
813 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
819 static WERROR dsdb_syntax_DATA_BLOB_validate_one_val(const struct dsdb_syntax_ctx *ctx,
820 const struct dsdb_attribute *attr,
821 const struct ldb_val *val)
823 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
827 if (attr->rangeLower) {
828 if ((uint32_t)val->length < (uint32_t)*attr->rangeLower) {
829 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
833 if (attr->rangeUpper) {
834 if ((uint32_t)val->length > (uint32_t)*attr->rangeUpper) {
835 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
842 static WERROR dsdb_syntax_DATA_BLOB_validate_ldb(const struct dsdb_syntax_ctx *ctx,
843 const struct dsdb_attribute *attr,
844 const struct ldb_message_element *in)
849 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
853 for (i=0; i < in->num_values; i++) {
854 if (in->values[i].length == 0) {
855 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
858 status = dsdb_syntax_DATA_BLOB_validate_one_val(ctx,
861 if (!W_ERROR_IS_OK(status)) {
869 static WERROR _dsdb_syntax_auto_OID_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
870 const struct dsdb_attribute *attr,
871 const struct drsuapi_DsReplicaAttribute *in,
873 struct ldb_message_element *out)
878 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
879 W_ERROR_HAVE_NO_MEMORY(out->name);
881 out->num_values = in->value_ctr.num_values;
882 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
883 W_ERROR_HAVE_NO_MEMORY(out->values);
885 for (i=0; i < out->num_values; i++) {
887 const struct dsdb_class *c;
888 const struct dsdb_attribute *a;
889 const char *str = NULL;
891 if (in->value_ctr.values[i].blob == NULL) {
895 if (in->value_ctr.values[i].blob->length != 4) {
899 v = IVAL(in->value_ctr.values[i].blob->data, 0);
901 if ((c = dsdb_class_by_governsID_id(ctx->schema, v))) {
902 str = talloc_strdup(out->values, c->lDAPDisplayName);
903 } else if ((a = dsdb_attribute_by_attributeID_id(ctx->schema, v))) {
904 str = talloc_strdup(out->values, a->lDAPDisplayName);
907 werr = dsdb_schema_pfm_oid_from_attid(ctx->schema->prefixmap, v, out->values, &str);
908 W_ERROR_NOT_OK_RETURN(werr);
910 W_ERROR_HAVE_NO_MEMORY(str);
912 /* the values need to be reversed */
913 out->values[out->num_values - (i + 1)] = data_blob_string_const(str);
919 static WERROR _dsdb_syntax_OID_obj_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
920 const struct dsdb_attribute *attr,
921 const struct drsuapi_DsReplicaAttribute *in,
923 struct ldb_message_element *out)
928 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
929 W_ERROR_HAVE_NO_MEMORY(out->name);
931 out->num_values = in->value_ctr.num_values;
932 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
933 W_ERROR_HAVE_NO_MEMORY(out->values);
935 for (i=0; i < out->num_values; i++) {
937 const struct dsdb_class *c;
940 if (in->value_ctr.values[i].blob == NULL) {
944 if (in->value_ctr.values[i].blob->length != 4) {
948 v = IVAL(in->value_ctr.values[i].blob->data, 0);
950 c = dsdb_class_by_governsID_id(ctx->schema, v);
955 str = talloc_strdup(out->values, c->lDAPDisplayName);
956 W_ERROR_HAVE_NO_MEMORY(str);
958 /* the values need to be reversed */
959 out->values[out->num_values - (i + 1)] = data_blob_string_const(str);
965 static WERROR _dsdb_syntax_OID_attr_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
966 const struct dsdb_attribute *attr,
967 const struct drsuapi_DsReplicaAttribute *in,
969 struct ldb_message_element *out)
974 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
975 W_ERROR_HAVE_NO_MEMORY(out->name);
977 out->num_values = in->value_ctr.num_values;
978 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
979 W_ERROR_HAVE_NO_MEMORY(out->values);
981 for (i=0; i < out->num_values; i++) {
983 const struct dsdb_attribute *a;
986 if (in->value_ctr.values[i].blob == NULL) {
990 if (in->value_ctr.values[i].blob->length != 4) {
994 v = IVAL(in->value_ctr.values[i].blob->data, 0);
996 a = dsdb_attribute_by_attributeID_id(ctx->schema, v);
1001 str = talloc_strdup(out->values, a->lDAPDisplayName);
1002 W_ERROR_HAVE_NO_MEMORY(str);
1004 /* the values need to be reversed */
1005 out->values[out->num_values - (i + 1)] = data_blob_string_const(str);
1011 static WERROR _dsdb_syntax_OID_oid_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
1012 const struct dsdb_attribute *attr,
1013 const struct drsuapi_DsReplicaAttribute *in,
1014 TALLOC_CTX *mem_ctx,
1015 struct ldb_message_element *out)
1020 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
1021 W_ERROR_HAVE_NO_MEMORY(out->name);
1023 out->num_values = in->value_ctr.num_values;
1024 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
1025 W_ERROR_HAVE_NO_MEMORY(out->values);
1027 for (i=0; i < out->num_values; i++) {
1032 if (in->value_ctr.values[i].blob == NULL) {
1036 if (in->value_ctr.values[i].blob->length != 4) {
1040 attid = IVAL(in->value_ctr.values[i].blob->data, 0);
1042 status = dsdb_schema_pfm_oid_from_attid(ctx->schema->prefixmap, attid, out->values, &oid);
1043 W_ERROR_NOT_OK_RETURN(status);
1045 out->values[i] = data_blob_string_const(oid);
1051 static WERROR _dsdb_syntax_auto_OID_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
1052 const struct dsdb_attribute *attr,
1053 const struct ldb_message_element *in,
1054 TALLOC_CTX *mem_ctx,
1055 struct drsuapi_DsReplicaAttribute *out)
1060 out->attid= dsdb_attribute_get_attid(attr,
1062 out->value_ctr.num_values= in->num_values;
1063 out->value_ctr.values= talloc_array(mem_ctx,
1064 struct drsuapi_DsAttributeValue,
1066 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
1068 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
1069 W_ERROR_HAVE_NO_MEMORY(blobs);
1071 for (i=0; i < in->num_values; i++) {
1072 const struct dsdb_class *obj_class;
1073 const struct dsdb_attribute *obj_attr;
1076 out->value_ctr.values[i].blob= &blobs[i];
1078 blobs[i] = data_blob_talloc(blobs, NULL, 4);
1079 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
1081 /* in DRS windows puts the classes in the opposite
1082 order to the order used in ldap */
1083 v = &in->values[(in->num_values-1)-i];
1085 if ((obj_class = dsdb_class_by_lDAPDisplayName_ldb_val(ctx->schema, v))) {
1086 SIVAL(blobs[i].data, 0, obj_class->governsID_id);
1087 } else if ((obj_attr = dsdb_attribute_by_lDAPDisplayName_ldb_val(ctx->schema, v))) {
1088 SIVAL(blobs[i].data, 0, obj_attr->attributeID_id);
1092 werr = dsdb_schema_pfm_attid_from_oid(ctx->schema->prefixmap,
1093 (const char *)v->data,
1095 W_ERROR_NOT_OK_RETURN(werr);
1096 SIVAL(blobs[i].data, 0, attid);
1105 static WERROR _dsdb_syntax_OID_obj_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
1106 const struct dsdb_attribute *attr,
1107 const struct ldb_message_element *in,
1108 TALLOC_CTX *mem_ctx,
1109 struct drsuapi_DsReplicaAttribute *out)
1114 out->attid= dsdb_attribute_get_attid(attr,
1116 out->value_ctr.num_values= in->num_values;
1117 out->value_ctr.values= talloc_array(mem_ctx,
1118 struct drsuapi_DsAttributeValue,
1120 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
1122 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
1123 W_ERROR_HAVE_NO_MEMORY(blobs);
1125 for (i=0; i < in->num_values; i++) {
1126 const struct dsdb_class *obj_class;
1128 out->value_ctr.values[i].blob= &blobs[i];
1130 blobs[i] = data_blob_talloc(blobs, NULL, 4);
1131 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
1133 /* in DRS windows puts the classes in the opposite
1134 order to the order used in ldap */
1135 obj_class = dsdb_class_by_lDAPDisplayName(ctx->schema,
1136 (const char *)in->values[(in->num_values-1)-i].data);
1140 SIVAL(blobs[i].data, 0, obj_class->governsID_id);
1147 static WERROR _dsdb_syntax_OID_attr_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
1148 const struct dsdb_attribute *attr,
1149 const struct ldb_message_element *in,
1150 TALLOC_CTX *mem_ctx,
1151 struct drsuapi_DsReplicaAttribute *out)
1156 out->attid= dsdb_attribute_get_attid(attr,
1158 out->value_ctr.num_values= in->num_values;
1159 out->value_ctr.values= talloc_array(mem_ctx,
1160 struct drsuapi_DsAttributeValue,
1162 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
1164 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
1165 W_ERROR_HAVE_NO_MEMORY(blobs);
1167 for (i=0; i < in->num_values; i++) {
1168 const struct dsdb_attribute *obj_attr;
1170 out->value_ctr.values[i].blob= &blobs[i];
1172 blobs[i] = data_blob_talloc(blobs, NULL, 4);
1173 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
1175 obj_attr = dsdb_attribute_by_lDAPDisplayName(ctx->schema, (const char *)in->values[i].data);
1179 SIVAL(blobs[i].data, 0, obj_attr->attributeID_id);
1186 static WERROR _dsdb_syntax_OID_oid_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
1187 const struct dsdb_attribute *attr,
1188 const struct ldb_message_element *in,
1189 TALLOC_CTX *mem_ctx,
1190 struct drsuapi_DsReplicaAttribute *out)
1195 out->attid= dsdb_attribute_get_attid(attr,
1197 out->value_ctr.num_values= in->num_values;
1198 out->value_ctr.values= talloc_array(mem_ctx,
1199 struct drsuapi_DsAttributeValue,
1201 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
1203 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
1204 W_ERROR_HAVE_NO_MEMORY(blobs);
1206 for (i=0; i < in->num_values; i++) {
1210 out->value_ctr.values[i].blob= &blobs[i];
1212 blobs[i] = data_blob_talloc(blobs, NULL, 4);
1213 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
1215 status = dsdb_schema_pfm_attid_from_oid(ctx->schema->prefixmap,
1216 (const char *)in->values[i].data,
1218 W_ERROR_NOT_OK_RETURN(status);
1220 SIVAL(blobs[i].data, 0, attid);
1226 static WERROR dsdb_syntax_OID_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
1227 const struct dsdb_attribute *attr,
1228 const struct drsuapi_DsReplicaAttribute *in,
1229 TALLOC_CTX *mem_ctx,
1230 struct ldb_message_element *out)
1234 switch (attr->attributeID_id) {
1235 case DRSUAPI_ATTID_objectClass:
1236 case DRSUAPI_ATTID_subClassOf:
1237 case DRSUAPI_ATTID_auxiliaryClass:
1238 case DRSUAPI_ATTID_systemAuxiliaryClass:
1239 case DRSUAPI_ATTID_systemPossSuperiors:
1240 case DRSUAPI_ATTID_possSuperiors:
1241 werr = _dsdb_syntax_OID_obj_drsuapi_to_ldb(ctx, attr, in, mem_ctx, out);
1243 case DRSUAPI_ATTID_systemMustContain:
1244 case DRSUAPI_ATTID_systemMayContain:
1245 case DRSUAPI_ATTID_mustContain:
1246 case DRSUAPI_ATTID_rDNAttId:
1247 case DRSUAPI_ATTID_transportAddressAttribute:
1248 case DRSUAPI_ATTID_mayContain:
1249 werr = _dsdb_syntax_OID_attr_drsuapi_to_ldb(ctx, attr, in, mem_ctx, out);
1251 case DRSUAPI_ATTID_governsID:
1252 case DRSUAPI_ATTID_attributeID:
1253 case DRSUAPI_ATTID_attributeSyntax:
1254 werr = _dsdb_syntax_OID_oid_drsuapi_to_ldb(ctx, attr, in, mem_ctx, out);
1257 DEBUG(0,(__location__ ": Unknown handling for attributeID_id for %s\n",
1258 attr->lDAPDisplayName));
1259 return _dsdb_syntax_auto_OID_drsuapi_to_ldb(ctx, attr, in, mem_ctx, out);
1262 /* When we are doing the vampire of a schema, we don't want
1263 * the inability to reference an OID to get in the way.
1264 * Otherwise, we won't get the new schema with which to
1265 * understand this */
1266 if (!W_ERROR_IS_OK(werr) && ctx->schema->relax_OID_conversions) {
1267 return _dsdb_syntax_OID_oid_drsuapi_to_ldb(ctx, attr, in, mem_ctx, out);
1272 static WERROR dsdb_syntax_OID_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
1273 const struct dsdb_attribute *attr,
1274 const struct ldb_message_element *in,
1275 TALLOC_CTX *mem_ctx,
1276 struct drsuapi_DsReplicaAttribute *out)
1278 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
1282 switch (attr->attributeID_id) {
1283 case DRSUAPI_ATTID_objectClass:
1284 case DRSUAPI_ATTID_subClassOf:
1285 case DRSUAPI_ATTID_auxiliaryClass:
1286 case DRSUAPI_ATTID_systemAuxiliaryClass:
1287 case DRSUAPI_ATTID_systemPossSuperiors:
1288 case DRSUAPI_ATTID_possSuperiors:
1289 return _dsdb_syntax_OID_obj_ldb_to_drsuapi(ctx, attr, in, mem_ctx, out);
1290 case DRSUAPI_ATTID_systemMustContain:
1291 case DRSUAPI_ATTID_systemMayContain:
1292 case DRSUAPI_ATTID_mustContain:
1293 case DRSUAPI_ATTID_rDNAttId:
1294 case DRSUAPI_ATTID_transportAddressAttribute:
1295 case DRSUAPI_ATTID_mayContain:
1296 return _dsdb_syntax_OID_attr_ldb_to_drsuapi(ctx, attr, in, mem_ctx, out);
1297 case DRSUAPI_ATTID_governsID:
1298 case DRSUAPI_ATTID_attributeID:
1299 case DRSUAPI_ATTID_attributeSyntax:
1300 return _dsdb_syntax_OID_oid_ldb_to_drsuapi(ctx, attr, in, mem_ctx, out);
1303 DEBUG(0,(__location__ ": Unknown handling for attributeID_id for %s\n",
1304 attr->lDAPDisplayName));
1306 return _dsdb_syntax_auto_OID_ldb_to_drsuapi(ctx, attr, in, mem_ctx, out);
1309 static WERROR _dsdb_syntax_OID_validate_numericoid(const struct dsdb_syntax_ctx *ctx,
1310 const struct dsdb_attribute *attr,
1311 const struct ldb_message_element *in)
1314 TALLOC_CTX *tmp_ctx;
1316 tmp_ctx = talloc_new(ctx->ldb);
1317 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
1319 for (i=0; i < in->num_values; i++) {
1321 const char *oid_out;
1322 const char *oid = (const char*)in->values[i].data;
1324 if (!ber_write_OID_String(tmp_ctx, &blob, oid)) {
1325 DEBUG(0,("ber_write_OID_String() failed for %s\n", oid));
1326 talloc_free(tmp_ctx);
1327 return WERR_INVALID_PARAMETER;
1330 if (!ber_read_OID_String(tmp_ctx, blob, &oid_out)) {
1331 DEBUG(0,("ber_read_OID_String() failed for %s\n",
1332 hex_encode_talloc(tmp_ctx, blob.data, blob.length)));
1333 talloc_free(tmp_ctx);
1334 return WERR_INVALID_PARAMETER;
1337 if (strcmp(oid, oid_out) != 0) {
1338 talloc_free(tmp_ctx);
1339 return WERR_INVALID_PARAMETER;
1343 talloc_free(tmp_ctx);
1347 static WERROR dsdb_syntax_OID_validate_ldb(const struct dsdb_syntax_ctx *ctx,
1348 const struct dsdb_attribute *attr,
1349 const struct ldb_message_element *in)
1352 struct drsuapi_DsReplicaAttribute drs_tmp;
1353 struct ldb_message_element ldb_tmp;
1354 TALLOC_CTX *tmp_ctx;
1356 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
1360 switch (attr->attributeID_id) {
1361 case DRSUAPI_ATTID_governsID:
1362 case DRSUAPI_ATTID_attributeID:
1363 case DRSUAPI_ATTID_attributeSyntax:
1364 return _dsdb_syntax_OID_validate_numericoid(ctx, attr, in);
1368 * TODO: optimize and verify this code
1371 tmp_ctx = talloc_new(ctx->ldb);
1372 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
1374 status = dsdb_syntax_OID_ldb_to_drsuapi(ctx,
1379 if (!W_ERROR_IS_OK(status)) {
1380 talloc_free(tmp_ctx);
1384 status = dsdb_syntax_OID_drsuapi_to_ldb(ctx,
1389 if (!W_ERROR_IS_OK(status)) {
1390 talloc_free(tmp_ctx);
1394 talloc_free(tmp_ctx);
1398 static WERROR dsdb_syntax_UNICODE_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
1399 const struct dsdb_attribute *attr,
1400 const struct drsuapi_DsReplicaAttribute *in,
1401 TALLOC_CTX *mem_ctx,
1402 struct ldb_message_element *out)
1407 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
1408 W_ERROR_HAVE_NO_MEMORY(out->name);
1410 out->num_values = in->value_ctr.num_values;
1411 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
1412 W_ERROR_HAVE_NO_MEMORY(out->values);
1414 for (i=0; i < out->num_values; i++) {
1417 if (in->value_ctr.values[i].blob == NULL) {
1421 if (in->value_ctr.values[i].blob->length == 0) {
1425 if (!convert_string_talloc(out->values,
1427 in->value_ctr.values[i].blob->data,
1428 in->value_ctr.values[i].blob->length,
1429 (void **)&str, NULL, false)) {
1433 out->values[i] = data_blob_string_const(str);
1439 static WERROR dsdb_syntax_UNICODE_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
1440 const struct dsdb_attribute *attr,
1441 const struct ldb_message_element *in,
1442 TALLOC_CTX *mem_ctx,
1443 struct drsuapi_DsReplicaAttribute *out)
1448 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
1452 out->attid = dsdb_attribute_get_attid(attr,
1454 out->value_ctr.num_values = in->num_values;
1455 out->value_ctr.values = talloc_array(mem_ctx,
1456 struct drsuapi_DsAttributeValue,
1458 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
1460 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
1461 W_ERROR_HAVE_NO_MEMORY(blobs);
1463 for (i=0; i < in->num_values; i++) {
1464 out->value_ctr.values[i].blob = &blobs[i];
1466 if (!convert_string_talloc(blobs,
1468 in->values[i].data, in->values[i].length,
1469 (void **)&blobs[i].data, &blobs[i].length, false)) {
1477 static WERROR dsdb_syntax_UNICODE_validate_one_val(const struct dsdb_syntax_ctx *ctx,
1478 const struct dsdb_attribute *attr,
1479 const struct ldb_val *val)
1485 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
1489 ok = convert_string_talloc(ctx->ldb,
1497 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1500 if (attr->rangeLower) {
1501 if ((size/2) < *attr->rangeLower) {
1502 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1506 if (attr->rangeUpper) {
1507 if ((size/2) > *attr->rangeUpper) {
1508 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1515 static WERROR dsdb_syntax_UNICODE_validate_ldb(const struct dsdb_syntax_ctx *ctx,
1516 const struct dsdb_attribute *attr,
1517 const struct ldb_message_element *in)
1522 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
1526 for (i=0; i < in->num_values; i++) {
1527 if (in->values[i].length == 0) {
1528 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1531 status = dsdb_syntax_UNICODE_validate_one_val(ctx,
1534 if (!W_ERROR_IS_OK(status)) {
1542 static WERROR dsdb_syntax_one_DN_drsuapi_to_ldb(TALLOC_CTX *mem_ctx, struct ldb_context *ldb,
1543 const struct dsdb_syntax *syntax,
1544 const DATA_BLOB *in, DATA_BLOB *out)
1546 struct drsuapi_DsReplicaObjectIdentifier3 id3;
1547 enum ndr_err_code ndr_err;
1548 DATA_BLOB guid_blob;
1550 TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
1555 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
1559 talloc_free(tmp_ctx);
1563 if (in->length == 0) {
1564 talloc_free(tmp_ctx);
1569 /* windows sometimes sends an extra two pad bytes here */
1570 ndr_err = ndr_pull_struct_blob(in,
1572 (ndr_pull_flags_fn_t)ndr_pull_drsuapi_DsReplicaObjectIdentifier3);
1573 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1574 status = ndr_map_error2ntstatus(ndr_err);
1575 talloc_free(tmp_ctx);
1576 return ntstatus_to_werror(status);
1579 dn = ldb_dn_new(tmp_ctx, ldb, id3.dn);
1581 talloc_free(tmp_ctx);
1582 /* If this fails, it must be out of memory, as it does not do much parsing */
1583 W_ERROR_HAVE_NO_MEMORY(dn);
1586 if (!GUID_all_zero(&id3.guid)) {
1587 status = GUID_to_ndr_blob(&id3.guid, tmp_ctx, &guid_blob);
1588 if (!NT_STATUS_IS_OK(status)) {
1589 talloc_free(tmp_ctx);
1590 return ntstatus_to_werror(status);
1593 ret = ldb_dn_set_extended_component(dn, "GUID", &guid_blob);
1594 if (ret != LDB_SUCCESS) {
1595 talloc_free(tmp_ctx);
1598 talloc_free(guid_blob.data);
1601 if (id3.__ndr_size_sid) {
1603 ndr_err = ndr_push_struct_blob(&sid_blob, tmp_ctx, &id3.sid,
1604 (ndr_push_flags_fn_t)ndr_push_dom_sid);
1605 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1606 status = ndr_map_error2ntstatus(ndr_err);
1607 talloc_free(tmp_ctx);
1608 return ntstatus_to_werror(status);
1611 ret = ldb_dn_set_extended_component(dn, "SID", &sid_blob);
1612 if (ret != LDB_SUCCESS) {
1613 talloc_free(tmp_ctx);
1618 *out = data_blob_string_const(ldb_dn_get_extended_linearized(mem_ctx, dn, 1));
1619 talloc_free(tmp_ctx);
1623 static WERROR dsdb_syntax_DN_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
1624 const struct dsdb_attribute *attr,
1625 const struct drsuapi_DsReplicaAttribute *in,
1626 TALLOC_CTX *mem_ctx,
1627 struct ldb_message_element *out)
1632 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
1633 W_ERROR_HAVE_NO_MEMORY(out->name);
1635 out->num_values = in->value_ctr.num_values;
1636 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
1637 W_ERROR_HAVE_NO_MEMORY(out->values);
1639 for (i=0; i < out->num_values; i++) {
1640 WERROR status = dsdb_syntax_one_DN_drsuapi_to_ldb(out->values, ctx->ldb, attr->syntax,
1641 in->value_ctr.values[i].blob,
1643 if (!W_ERROR_IS_OK(status)) {
1652 static WERROR dsdb_syntax_DN_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
1653 const struct dsdb_attribute *attr,
1654 const struct ldb_message_element *in,
1655 TALLOC_CTX *mem_ctx,
1656 struct drsuapi_DsReplicaAttribute *out)
1661 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
1665 out->attid = dsdb_attribute_get_attid(attr,
1667 out->value_ctr.num_values = in->num_values;
1668 out->value_ctr.values = talloc_array(mem_ctx,
1669 struct drsuapi_DsAttributeValue,
1671 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
1673 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
1674 W_ERROR_HAVE_NO_MEMORY(blobs);
1676 for (i=0; i < in->num_values; i++) {
1677 struct drsuapi_DsReplicaObjectIdentifier3 id3;
1678 enum ndr_err_code ndr_err;
1680 TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
1683 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
1685 out->value_ctr.values[i].blob = &blobs[i];
1687 dn = ldb_dn_from_ldb_val(tmp_ctx, ctx->ldb, &in->values[i]);
1689 W_ERROR_HAVE_NO_MEMORY(dn);
1693 status = dsdb_get_extended_dn_guid(dn, &id3.guid, "GUID");
1694 if (!NT_STATUS_IS_OK(status) &&
1695 !NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
1696 talloc_free(tmp_ctx);
1697 return ntstatus_to_werror(status);
1700 status = dsdb_get_extended_dn_sid(dn, &id3.sid, "SID");
1701 if (!NT_STATUS_IS_OK(status) &&
1702 !NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
1703 talloc_free(tmp_ctx);
1704 return ntstatus_to_werror(status);
1707 id3.dn = ldb_dn_get_linearized(dn);
1709 ndr_err = ndr_push_struct_blob(&blobs[i], blobs, &id3, (ndr_push_flags_fn_t)ndr_push_drsuapi_DsReplicaObjectIdentifier3);
1710 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1711 status = ndr_map_error2ntstatus(ndr_err);
1712 talloc_free(tmp_ctx);
1713 return ntstatus_to_werror(status);
1715 talloc_free(tmp_ctx);
1721 static WERROR dsdb_syntax_DN_validate_one_val(const struct dsdb_syntax_ctx *ctx,
1722 const struct dsdb_attribute *attr,
1723 const struct ldb_val *val,
1724 TALLOC_CTX *mem_ctx,
1725 struct dsdb_dn **_dsdb_dn)
1727 static const char * const extended_list[] = { "GUID", "SID", NULL };
1728 enum ndr_err_code ndr_err;
1731 const DATA_BLOB *sid_blob;
1732 struct dsdb_dn *dsdb_dn;
1738 TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
1741 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
1743 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
1747 dsdb_dn = dsdb_dn_parse(tmp_ctx, ctx->ldb, val,
1748 attr->syntax->ldap_oid);
1750 talloc_free(tmp_ctx);
1751 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1755 dn2 = ldb_dn_copy(tmp_ctx, dn);
1757 talloc_free(tmp_ctx);
1761 num_components = ldb_dn_get_comp_num(dn);
1763 status = dsdb_get_extended_dn_guid(dn, &guid, "GUID");
1764 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
1766 } else if (!NT_STATUS_IS_OK(status)) {
1767 talloc_free(tmp_ctx);
1768 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1771 sid_blob = ldb_dn_get_extended_component(dn, "SID");
1774 ndr_err = ndr_pull_struct_blob_all(sid_blob,
1777 (ndr_pull_flags_fn_t)ndr_pull_dom_sid);
1778 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1779 talloc_free(tmp_ctx);
1780 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1784 /* Do not allow links to the RootDSE */
1785 if (num_components == 0) {
1786 talloc_free(tmp_ctx);
1787 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1791 * We need to check that only "GUID" and "SID" are
1792 * specified as extended components, we do that
1793 * by comparing the dn's after removing all components
1794 * from one dn and only the allowed subset from the other
1797 ldb_dn_extended_filter(dn, extended_list);
1799 dn_str = ldb_dn_get_extended_linearized(tmp_ctx, dn, 0);
1800 if (dn_str == NULL) {
1801 talloc_free(tmp_ctx);
1802 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1804 dn2_str = ldb_dn_get_extended_linearized(tmp_ctx, dn2, 0);
1805 if (dn2_str == NULL) {
1806 talloc_free(tmp_ctx);
1807 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1810 if (strcmp(dn_str, dn2_str) != 0) {
1811 talloc_free(tmp_ctx);
1812 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1815 *_dsdb_dn = talloc_move(mem_ctx, &dsdb_dn);
1816 talloc_free(tmp_ctx);
1820 static WERROR dsdb_syntax_DN_validate_ldb(const struct dsdb_syntax_ctx *ctx,
1821 const struct dsdb_attribute *attr,
1822 const struct ldb_message_element *in)
1826 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
1830 for (i=0; i < in->num_values; i++) {
1832 struct dsdb_dn *dsdb_dn;
1833 TALLOC_CTX *tmp_ctx = talloc_new(ctx->ldb);
1834 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
1836 status = dsdb_syntax_DN_validate_one_val(ctx,
1840 if (!W_ERROR_IS_OK(status)) {
1841 talloc_free(tmp_ctx);
1845 if (dsdb_dn->dn_format != DSDB_NORMAL_DN) {
1846 talloc_free(tmp_ctx);
1847 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1850 talloc_free(tmp_ctx);
1856 static WERROR dsdb_syntax_DN_BINARY_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
1857 const struct dsdb_attribute *attr,
1858 const struct drsuapi_DsReplicaAttribute *in,
1859 TALLOC_CTX *mem_ctx,
1860 struct ldb_message_element *out)
1866 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
1867 W_ERROR_HAVE_NO_MEMORY(out->name);
1869 out->num_values = in->value_ctr.num_values;
1870 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
1871 W_ERROR_HAVE_NO_MEMORY(out->values);
1873 for (i=0; i < out->num_values; i++) {
1874 struct drsuapi_DsReplicaObjectIdentifier3Binary id3;
1875 enum ndr_err_code ndr_err;
1876 DATA_BLOB guid_blob;
1878 struct dsdb_dn *dsdb_dn;
1880 TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
1882 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
1885 if (in->value_ctr.values[i].blob == NULL) {
1886 talloc_free(tmp_ctx);
1890 if (in->value_ctr.values[i].blob->length == 0) {
1891 talloc_free(tmp_ctx);
1896 /* windows sometimes sends an extra two pad bytes here */
1897 ndr_err = ndr_pull_struct_blob(in->value_ctr.values[i].blob,
1899 (ndr_pull_flags_fn_t)ndr_pull_drsuapi_DsReplicaObjectIdentifier3Binary);
1900 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1901 status = ndr_map_error2ntstatus(ndr_err);
1902 talloc_free(tmp_ctx);
1903 return ntstatus_to_werror(status);
1906 dn = ldb_dn_new(tmp_ctx, ctx->ldb, id3.dn);
1908 talloc_free(tmp_ctx);
1909 /* If this fails, it must be out of memory, as it does not do much parsing */
1910 W_ERROR_HAVE_NO_MEMORY(dn);
1913 status = GUID_to_ndr_blob(&id3.guid, tmp_ctx, &guid_blob);
1914 if (!NT_STATUS_IS_OK(status)) {
1915 talloc_free(tmp_ctx);
1916 return ntstatus_to_werror(status);
1919 ret = ldb_dn_set_extended_component(dn, "GUID", &guid_blob);
1920 if (ret != LDB_SUCCESS) {
1921 talloc_free(tmp_ctx);
1925 talloc_free(guid_blob.data);
1927 if (id3.__ndr_size_sid) {
1929 ndr_err = ndr_push_struct_blob(&sid_blob, tmp_ctx, &id3.sid,
1930 (ndr_push_flags_fn_t)ndr_push_dom_sid);
1931 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1932 status = ndr_map_error2ntstatus(ndr_err);
1933 talloc_free(tmp_ctx);
1934 return ntstatus_to_werror(status);
1937 ret = ldb_dn_set_extended_component(dn, "SID", &sid_blob);
1938 if (ret != LDB_SUCCESS) {
1939 talloc_free(tmp_ctx);
1944 /* set binary stuff */
1945 dsdb_dn = dsdb_dn_construct(tmp_ctx, dn, id3.binary, attr->syntax->ldap_oid);
1947 /* If this fails, it must be out of memory, we know the ldap_oid is valid */
1948 talloc_free(tmp_ctx);
1949 W_ERROR_HAVE_NO_MEMORY(dsdb_dn);
1951 out->values[i] = data_blob_string_const(dsdb_dn_get_extended_linearized(out->values, dsdb_dn, 1));
1952 talloc_free(tmp_ctx);
1958 static WERROR dsdb_syntax_DN_BINARY_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
1959 const struct dsdb_attribute *attr,
1960 const struct ldb_message_element *in,
1961 TALLOC_CTX *mem_ctx,
1962 struct drsuapi_DsReplicaAttribute *out)
1967 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
1971 out->attid = dsdb_attribute_get_attid(attr,
1973 out->value_ctr.num_values = in->num_values;
1974 out->value_ctr.values = talloc_array(mem_ctx,
1975 struct drsuapi_DsAttributeValue,
1977 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
1979 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
1980 W_ERROR_HAVE_NO_MEMORY(blobs);
1982 for (i=0; i < in->num_values; i++) {
1983 struct drsuapi_DsReplicaObjectIdentifier3Binary id3;
1984 enum ndr_err_code ndr_err;
1985 const DATA_BLOB *sid_blob;
1986 struct dsdb_dn *dsdb_dn;
1987 TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
1990 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
1992 out->value_ctr.values[i].blob = &blobs[i];
1994 dsdb_dn = dsdb_dn_parse(tmp_ctx, ctx->ldb, &in->values[i], attr->syntax->ldap_oid);
1997 talloc_free(tmp_ctx);
1998 return ntstatus_to_werror(NT_STATUS_INVALID_PARAMETER);
2003 status = dsdb_get_extended_dn_guid(dsdb_dn->dn, &id3.guid, "GUID");
2004 if (!NT_STATUS_IS_OK(status) &&
2005 !NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
2006 talloc_free(tmp_ctx);
2007 return ntstatus_to_werror(status);
2010 sid_blob = ldb_dn_get_extended_component(dsdb_dn->dn, "SID");
2013 ndr_err = ndr_pull_struct_blob_all(sid_blob,
2015 (ndr_pull_flags_fn_t)ndr_pull_dom_sid);
2016 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
2017 status = ndr_map_error2ntstatus(ndr_err);
2018 talloc_free(tmp_ctx);
2019 return ntstatus_to_werror(status);
2023 id3.dn = ldb_dn_get_linearized(dsdb_dn->dn);
2025 /* get binary stuff */
2026 id3.binary = dsdb_dn->extra_part;
2028 ndr_err = ndr_push_struct_blob(&blobs[i], blobs, &id3, (ndr_push_flags_fn_t)ndr_push_drsuapi_DsReplicaObjectIdentifier3Binary);
2029 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
2030 status = ndr_map_error2ntstatus(ndr_err);
2031 talloc_free(tmp_ctx);
2032 return ntstatus_to_werror(status);
2034 talloc_free(tmp_ctx);
2040 static WERROR dsdb_syntax_DN_BINARY_validate_ldb(const struct dsdb_syntax_ctx *ctx,
2041 const struct dsdb_attribute *attr,
2042 const struct ldb_message_element *in)
2046 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
2050 for (i=0; i < in->num_values; i++) {
2052 struct dsdb_dn *dsdb_dn;
2053 TALLOC_CTX *tmp_ctx = talloc_new(ctx->ldb);
2054 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
2056 status = dsdb_syntax_DN_validate_one_val(ctx,
2060 if (!W_ERROR_IS_OK(status)) {
2061 talloc_free(tmp_ctx);
2065 if (dsdb_dn->dn_format != DSDB_BINARY_DN) {
2066 talloc_free(tmp_ctx);
2067 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
2070 status = dsdb_syntax_DATA_BLOB_validate_one_val(ctx,
2072 &dsdb_dn->extra_part);
2073 if (!W_ERROR_IS_OK(status)) {
2074 talloc_free(tmp_ctx);
2078 talloc_free(tmp_ctx);
2084 static WERROR dsdb_syntax_DN_STRING_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
2085 const struct dsdb_attribute *attr,
2086 const struct drsuapi_DsReplicaAttribute *in,
2087 TALLOC_CTX *mem_ctx,
2088 struct ldb_message_element *out)
2090 return dsdb_syntax_DN_BINARY_drsuapi_to_ldb(ctx,
2097 static WERROR dsdb_syntax_DN_STRING_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
2098 const struct dsdb_attribute *attr,
2099 const struct ldb_message_element *in,
2100 TALLOC_CTX *mem_ctx,
2101 struct drsuapi_DsReplicaAttribute *out)
2103 return dsdb_syntax_DN_BINARY_ldb_to_drsuapi(ctx,
2110 static WERROR dsdb_syntax_DN_STRING_validate_ldb(const struct dsdb_syntax_ctx *ctx,
2111 const struct dsdb_attribute *attr,
2112 const struct ldb_message_element *in)
2116 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
2120 for (i=0; i < in->num_values; i++) {
2122 struct dsdb_dn *dsdb_dn;
2123 TALLOC_CTX *tmp_ctx = talloc_new(ctx->ldb);
2124 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
2126 status = dsdb_syntax_DN_validate_one_val(ctx,
2130 if (!W_ERROR_IS_OK(status)) {
2131 talloc_free(tmp_ctx);
2135 if (dsdb_dn->dn_format != DSDB_STRING_DN) {
2136 talloc_free(tmp_ctx);
2137 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
2140 status = dsdb_syntax_UNICODE_validate_one_val(ctx,
2142 &dsdb_dn->extra_part);
2143 if (!W_ERROR_IS_OK(status)) {
2144 talloc_free(tmp_ctx);
2148 talloc_free(tmp_ctx);
2154 static WERROR dsdb_syntax_PRESENTATION_ADDRESS_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
2155 const struct dsdb_attribute *attr,
2156 const struct drsuapi_DsReplicaAttribute *in,
2157 TALLOC_CTX *mem_ctx,
2158 struct ldb_message_element *out)
2163 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
2164 W_ERROR_HAVE_NO_MEMORY(out->name);
2166 out->num_values = in->value_ctr.num_values;
2167 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
2168 W_ERROR_HAVE_NO_MEMORY(out->values);
2170 for (i=0; i < out->num_values; i++) {
2174 if (in->value_ctr.values[i].blob == NULL) {
2178 if (in->value_ctr.values[i].blob->length < 4) {
2182 len = IVAL(in->value_ctr.values[i].blob->data, 0);
2184 if (len != in->value_ctr.values[i].blob->length) {
2188 if (!convert_string_talloc(out->values, CH_UTF16, CH_UNIX,
2189 in->value_ctr.values[i].blob->data+4,
2190 in->value_ctr.values[i].blob->length-4,
2191 (void **)&str, NULL, false)) {
2195 out->values[i] = data_blob_string_const(str);
2201 static WERROR dsdb_syntax_PRESENTATION_ADDRESS_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
2202 const struct dsdb_attribute *attr,
2203 const struct ldb_message_element *in,
2204 TALLOC_CTX *mem_ctx,
2205 struct drsuapi_DsReplicaAttribute *out)
2210 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
2214 out->attid = dsdb_attribute_get_attid(attr,
2216 out->value_ctr.num_values = in->num_values;
2217 out->value_ctr.values = talloc_array(mem_ctx,
2218 struct drsuapi_DsAttributeValue,
2220 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
2222 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
2223 W_ERROR_HAVE_NO_MEMORY(blobs);
2225 for (i=0; i < in->num_values; i++) {
2229 out->value_ctr.values[i].blob = &blobs[i];
2231 if (!convert_string_talloc(blobs, CH_UNIX, CH_UTF16,
2233 in->values[i].length,
2234 (void **)&data, &ret, false)) {
2238 blobs[i] = data_blob_talloc(blobs, NULL, 4 + ret);
2239 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
2241 SIVAL(blobs[i].data, 0, 4 + ret);
2244 memcpy(blobs[i].data + 4, data, ret);
2252 static WERROR dsdb_syntax_PRESENTATION_ADDRESS_validate_ldb(const struct dsdb_syntax_ctx *ctx,
2253 const struct dsdb_attribute *attr,
2254 const struct ldb_message_element *in)
2256 return dsdb_syntax_UNICODE_validate_ldb(ctx,
2261 #define OMOBJECTCLASS(val) { .length = sizeof(val) - 1, .data = discard_const_p(uint8_t, val) }
2263 static const struct dsdb_syntax dsdb_syntaxes[] = {
2266 .ldap_oid = LDB_SYNTAX_BOOLEAN,
2268 .attributeSyntax_oid = "2.5.5.8",
2269 .drsuapi_to_ldb = dsdb_syntax_BOOL_drsuapi_to_ldb,
2270 .ldb_to_drsuapi = dsdb_syntax_BOOL_ldb_to_drsuapi,
2271 .validate_ldb = dsdb_syntax_BOOL_validate_ldb,
2272 .equality = "booleanMatch",
2273 .comment = "Boolean"
2276 .ldap_oid = LDB_SYNTAX_INTEGER,
2278 .attributeSyntax_oid = "2.5.5.9",
2279 .drsuapi_to_ldb = dsdb_syntax_INT32_drsuapi_to_ldb,
2280 .ldb_to_drsuapi = dsdb_syntax_INT32_ldb_to_drsuapi,
2281 .validate_ldb = dsdb_syntax_INT32_validate_ldb,
2282 .equality = "integerMatch",
2283 .comment = "Integer",
2284 .ldb_syntax = LDB_SYNTAX_SAMBA_INT32
2286 .name = "String(Octet)",
2287 .ldap_oid = LDB_SYNTAX_OCTET_STRING,
2289 .attributeSyntax_oid = "2.5.5.10",
2290 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2291 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2292 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2293 .equality = "octetStringMatch",
2294 .comment = "Octet String",
2296 .name = "String(Sid)",
2297 .ldap_oid = LDB_SYNTAX_OCTET_STRING,
2299 .attributeSyntax_oid = "2.5.5.17",
2300 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2301 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2302 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2303 .equality = "octetStringMatch",
2304 .comment = "Octet String - Security Identifier (SID)",
2305 .ldb_syntax = LDB_SYNTAX_SAMBA_SID
2307 .name = "String(Object-Identifier)",
2308 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.38",
2310 .attributeSyntax_oid = "2.5.5.2",
2311 .drsuapi_to_ldb = dsdb_syntax_OID_drsuapi_to_ldb,
2312 .ldb_to_drsuapi = dsdb_syntax_OID_ldb_to_drsuapi,
2313 .validate_ldb = dsdb_syntax_OID_validate_ldb,
2314 .equality = "caseIgnoreMatch", /* Would use "objectIdentifierMatch" but most are ldap attribute/class names */
2315 .comment = "OID String",
2316 .ldb_syntax = LDB_SYNTAX_DIRECTORY_STRING
2318 .name = "Enumeration",
2319 .ldap_oid = LDB_SYNTAX_INTEGER,
2321 .attributeSyntax_oid = "2.5.5.9",
2322 .drsuapi_to_ldb = dsdb_syntax_INT32_drsuapi_to_ldb,
2323 .ldb_to_drsuapi = dsdb_syntax_INT32_ldb_to_drsuapi,
2324 .validate_ldb = dsdb_syntax_INT32_validate_ldb,
2325 .ldb_syntax = LDB_SYNTAX_SAMBA_INT32
2327 /* not used in w2k3 forest */
2328 .name = "String(Numeric)",
2329 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.36",
2331 .attributeSyntax_oid = "2.5.5.6",
2332 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2333 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2334 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2335 .equality = "numericStringMatch",
2336 .substring = "numericStringSubstringsMatch",
2337 .comment = "Numeric String",
2338 .ldb_syntax = LDB_SYNTAX_DIRECTORY_STRING,
2340 .name = "String(Printable)",
2341 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.44",
2343 .attributeSyntax_oid = "2.5.5.5",
2344 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2345 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2346 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2347 .ldb_syntax = LDB_SYNTAX_OCTET_STRING,
2349 .name = "String(Teletex)",
2350 .ldap_oid = "1.2.840.113556.1.4.905",
2352 .attributeSyntax_oid = "2.5.5.4",
2353 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2354 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2355 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2356 .equality = "caseIgnoreMatch",
2357 .substring = "caseIgnoreSubstringsMatch",
2358 .comment = "Case Insensitive String",
2359 .ldb_syntax = LDB_SYNTAX_DIRECTORY_STRING,
2361 .name = "String(IA5)",
2362 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.26",
2364 .attributeSyntax_oid = "2.5.5.5",
2365 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2366 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2367 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2368 .equality = "caseExactIA5Match",
2369 .comment = "Printable String",
2370 .ldb_syntax = LDB_SYNTAX_OCTET_STRING,
2372 .name = "String(UTC-Time)",
2373 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.53",
2375 .attributeSyntax_oid = "2.5.5.11",
2376 .drsuapi_to_ldb = dsdb_syntax_NTTIME_UTC_drsuapi_to_ldb,
2377 .ldb_to_drsuapi = dsdb_syntax_NTTIME_UTC_ldb_to_drsuapi,
2378 .validate_ldb = dsdb_syntax_NTTIME_UTC_validate_ldb,
2379 .equality = "generalizedTimeMatch",
2380 .comment = "UTC Time",
2382 .name = "String(Generalized-Time)",
2383 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.24",
2385 .attributeSyntax_oid = "2.5.5.11",
2386 .drsuapi_to_ldb = dsdb_syntax_NTTIME_drsuapi_to_ldb,
2387 .ldb_to_drsuapi = dsdb_syntax_NTTIME_ldb_to_drsuapi,
2388 .validate_ldb = dsdb_syntax_NTTIME_validate_ldb,
2389 .equality = "generalizedTimeMatch",
2390 .comment = "Generalized Time",
2391 .ldb_syntax = LDB_SYNTAX_UTC_TIME,
2393 /* not used in w2k3 schema */
2394 .name = "String(Case Sensitive)",
2395 .ldap_oid = "1.2.840.113556.1.4.1362",
2397 .attributeSyntax_oid = "2.5.5.3",
2398 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2399 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2400 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2401 .equality = "caseExactMatch",
2402 .substring = "caseExactSubstringsMatch",
2403 /* TODO (kim): according to LDAP rfc we should be using same comparison
2404 * as Directory String (LDB_SYNTAX_DIRECTORY_STRING), but case sensitive.
2405 * But according to ms docs binary compare should do the job:
2406 * http://msdn.microsoft.com/en-us/library/cc223200(v=PROT.10).aspx */
2407 .ldb_syntax = LDB_SYNTAX_OCTET_STRING,
2409 .name = "String(Unicode)",
2410 .ldap_oid = LDB_SYNTAX_DIRECTORY_STRING,
2412 .attributeSyntax_oid = "2.5.5.12",
2413 .drsuapi_to_ldb = dsdb_syntax_UNICODE_drsuapi_to_ldb,
2414 .ldb_to_drsuapi = dsdb_syntax_UNICODE_ldb_to_drsuapi,
2415 .validate_ldb = dsdb_syntax_UNICODE_validate_ldb,
2416 .equality = "caseIgnoreMatch",
2417 .substring = "caseIgnoreSubstringsMatch",
2418 .comment = "Directory String",
2420 .name = "Interval/LargeInteger",
2421 .ldap_oid = "1.2.840.113556.1.4.906",
2423 .attributeSyntax_oid = "2.5.5.16",
2424 .drsuapi_to_ldb = dsdb_syntax_INT64_drsuapi_to_ldb,
2425 .ldb_to_drsuapi = dsdb_syntax_INT64_ldb_to_drsuapi,
2426 .validate_ldb = dsdb_syntax_INT64_validate_ldb,
2427 .equality = "integerMatch",
2428 .comment = "Large Integer",
2429 .ldb_syntax = LDB_SYNTAX_INTEGER,
2431 .name = "String(NT-Sec-Desc)",
2432 .ldap_oid = LDB_SYNTAX_SAMBA_SECURITY_DESCRIPTOR,
2434 .attributeSyntax_oid = "2.5.5.15",
2435 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2436 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2437 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2439 .name = "Object(DS-DN)",
2440 .ldap_oid = LDB_SYNTAX_DN,
2442 .oMObjectClass = OMOBJECTCLASS("\x2b\x0c\x02\x87\x73\x1c\x00\x85\x4a"),
2443 .attributeSyntax_oid = "2.5.5.1",
2444 .drsuapi_to_ldb = dsdb_syntax_DN_drsuapi_to_ldb,
2445 .ldb_to_drsuapi = dsdb_syntax_DN_ldb_to_drsuapi,
2446 .validate_ldb = dsdb_syntax_DN_validate_ldb,
2447 .equality = "distinguishedNameMatch",
2448 .comment = "Object(DS-DN) == a DN",
2450 .name = "Object(DN-Binary)",
2451 .ldap_oid = DSDB_SYNTAX_BINARY_DN,
2453 .oMObjectClass = OMOBJECTCLASS("\x2a\x86\x48\x86\xf7\x14\x01\x01\x01\x0b"),
2454 .attributeSyntax_oid = "2.5.5.7",
2455 .drsuapi_to_ldb = dsdb_syntax_DN_BINARY_drsuapi_to_ldb,
2456 .ldb_to_drsuapi = dsdb_syntax_DN_BINARY_ldb_to_drsuapi,
2457 .validate_ldb = dsdb_syntax_DN_BINARY_validate_ldb,
2458 .equality = "octetStringMatch",
2459 .comment = "OctetString: Binary+DN",
2461 /* not used in w2k3 schema, but used in Exchange schema*/
2462 .name = "Object(OR-Name)",
2463 .ldap_oid = DSDB_SYNTAX_OR_NAME,
2465 .oMObjectClass = OMOBJECTCLASS("\x56\x06\x01\x02\x05\x0b\x1D"),
2466 .attributeSyntax_oid = "2.5.5.7",
2467 .drsuapi_to_ldb = dsdb_syntax_DN_BINARY_drsuapi_to_ldb,
2468 .ldb_to_drsuapi = dsdb_syntax_DN_BINARY_ldb_to_drsuapi,
2469 .validate_ldb = dsdb_syntax_DN_BINARY_validate_ldb,
2470 .equality = "caseIgnoreMatch",
2471 .ldb_syntax = LDB_SYNTAX_DN,
2474 * TODO: verify if DATA_BLOB is correct here...!
2476 * repsFrom and repsTo are the only attributes using
2477 * this attribute syntax, but they're not replicated...
2479 .name = "Object(Replica-Link)",
2480 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.40",
2482 .oMObjectClass = OMOBJECTCLASS("\x2a\x86\x48\x86\xf7\x14\x01\x01\x01\x06"),
2483 .attributeSyntax_oid = "2.5.5.10",
2484 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2485 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2486 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2488 .name = "Object(Presentation-Address)",
2489 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.43",
2491 .oMObjectClass = OMOBJECTCLASS("\x2b\x0c\x02\x87\x73\x1c\x00\x85\x5c"),
2492 .attributeSyntax_oid = "2.5.5.13",
2493 .drsuapi_to_ldb = dsdb_syntax_PRESENTATION_ADDRESS_drsuapi_to_ldb,
2494 .ldb_to_drsuapi = dsdb_syntax_PRESENTATION_ADDRESS_ldb_to_drsuapi,
2495 .validate_ldb = dsdb_syntax_PRESENTATION_ADDRESS_validate_ldb,
2496 .comment = "Presentation Address",
2497 .ldb_syntax = LDB_SYNTAX_DIRECTORY_STRING,
2499 /* not used in w2k3 schema */
2500 .name = "Object(Access-Point)",
2501 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.2",
2503 .oMObjectClass = OMOBJECTCLASS("\x2b\x0c\x02\x87\x73\x1c\x00\x85\x3e"),
2504 .attributeSyntax_oid = "2.5.5.14",
2505 .drsuapi_to_ldb = dsdb_syntax_FOOBAR_drsuapi_to_ldb,
2506 .ldb_to_drsuapi = dsdb_syntax_FOOBAR_ldb_to_drsuapi,
2507 .validate_ldb = dsdb_syntax_FOOBAR_validate_ldb,
2508 .ldb_syntax = LDB_SYNTAX_DIRECTORY_STRING,
2510 /* not used in w2k3 schema */
2511 .name = "Object(DN-String)",
2512 .ldap_oid = DSDB_SYNTAX_STRING_DN,
2514 .oMObjectClass = OMOBJECTCLASS("\x2a\x86\x48\x86\xf7\x14\x01\x01\x01\x0c"),
2515 .attributeSyntax_oid = "2.5.5.14",
2516 .drsuapi_to_ldb = dsdb_syntax_DN_STRING_drsuapi_to_ldb,
2517 .ldb_to_drsuapi = dsdb_syntax_DN_STRING_ldb_to_drsuapi,
2518 .validate_ldb = dsdb_syntax_DN_STRING_validate_ldb,
2519 .equality = "octetStringMatch",
2520 .comment = "OctetString: String+DN",
2524 const struct dsdb_syntax *find_syntax_map_by_ad_oid(const char *ad_oid)
2527 for (i=0; dsdb_syntaxes[i].ldap_oid; i++) {
2528 if (strcasecmp(ad_oid, dsdb_syntaxes[i].attributeSyntax_oid) == 0) {
2529 return &dsdb_syntaxes[i];
2535 const struct dsdb_syntax *find_syntax_map_by_ad_syntax(int oMSyntax)
2538 for (i=0; dsdb_syntaxes[i].ldap_oid; i++) {
2539 if (oMSyntax == dsdb_syntaxes[i].oMSyntax) {
2540 return &dsdb_syntaxes[i];
2546 const struct dsdb_syntax *find_syntax_map_by_standard_oid(const char *standard_oid)
2549 for (i=0; dsdb_syntaxes[i].ldap_oid; i++) {
2550 if (strcasecmp(standard_oid, dsdb_syntaxes[i].ldap_oid) == 0) {
2551 return &dsdb_syntaxes[i];
2557 const struct dsdb_syntax *dsdb_syntax_for_attribute(const struct dsdb_attribute *attr)
2561 for (i=0; i < ARRAY_SIZE(dsdb_syntaxes); i++) {
2562 if (attr->oMSyntax != dsdb_syntaxes[i].oMSyntax) continue;
2564 if (attr->oMObjectClass.length != dsdb_syntaxes[i].oMObjectClass.length) continue;
2566 if (attr->oMObjectClass.length) {
2568 ret = memcmp(attr->oMObjectClass.data,
2569 dsdb_syntaxes[i].oMObjectClass.data,
2570 attr->oMObjectClass.length);
2571 if (ret != 0) continue;
2574 if (strcmp(attr->attributeSyntax_oid, dsdb_syntaxes[i].attributeSyntax_oid) != 0) continue;
2576 return &dsdb_syntaxes[i];
2582 WERROR dsdb_attribute_drsuapi_to_ldb(struct ldb_context *ldb,
2583 const struct dsdb_schema *schema,
2584 const struct drsuapi_DsReplicaAttribute *in,
2585 TALLOC_CTX *mem_ctx,
2586 struct ldb_message_element *out)
2588 const struct dsdb_attribute *sa;
2589 struct dsdb_syntax_ctx syntax_ctx;
2591 sa = dsdb_attribute_by_attributeID_id(schema, in->attid);
2596 /* use default syntax conversion context */
2597 dsdb_syntax_ctx_init(&syntax_ctx, ldb, schema);
2599 return sa->syntax->drsuapi_to_ldb(&syntax_ctx, sa, in, mem_ctx, out);
2602 WERROR dsdb_attribute_ldb_to_drsuapi(struct ldb_context *ldb,
2603 const struct dsdb_schema *schema,
2604 const struct ldb_message_element *in,
2605 TALLOC_CTX *mem_ctx,
2606 struct drsuapi_DsReplicaAttribute *out)
2608 const struct dsdb_attribute *sa;
2609 struct dsdb_syntax_ctx syntax_ctx;
2611 sa = dsdb_attribute_by_lDAPDisplayName(schema, in->name);
2616 /* use default syntax conversion context */
2617 dsdb_syntax_ctx_init(&syntax_ctx, ldb, schema);
2619 return sa->syntax->ldb_to_drsuapi(&syntax_ctx, sa, in, mem_ctx, out);