2 Unix SMB/CIFS mplementation.
5 Copyright (C) Stefan Metzmacher <metze@samba.org> 2006
6 Copyright (C) Simo Sorce 2005
7 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2008
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #include "dsdb/samdb/samdb.h"
25 #include "librpc/gen_ndr/ndr_drsuapi.h"
26 #include "librpc/gen_ndr/ndr_security.h"
27 #include "librpc/gen_ndr/ndr_misc.h"
28 #include "lib/ldb/include/ldb.h"
29 #include "lib/ldb/include/ldb_errors.h"
30 #include "system/time.h"
31 #include "../lib/util/charset/charset.h"
32 #include "librpc/ndr/libndr.h"
33 #include "../lib/util/asn1.h"
36 * Initialize dsdb_syntax_ctx with default values
39 void dsdb_syntax_ctx_init(struct dsdb_syntax_ctx *ctx,
40 struct ldb_context *ldb,
41 const struct dsdb_schema *schema)
47 * 'true' will keep current behavior,
48 * i.e. attributeID_id will be returned by default
50 ctx->is_schema_nc = true;
52 ctx->pfm_remote = NULL;
57 * Returns ATTID for DRS attribute.
59 * ATTID depends on whether we are replicating
60 * Schema NC or msDs-IntId is set for schemaAttribute
63 uint32_t dsdb_attribute_get_attid(const struct dsdb_attribute *attr,
66 if (!for_schema_nc && attr->msDS_IntId) {
67 return attr->msDS_IntId;
70 return attr->attributeID_id;
74 static WERROR dsdb_syntax_FOOBAR_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
75 const struct dsdb_attribute *attr,
76 const struct drsuapi_DsReplicaAttribute *in,
78 struct ldb_message_element *out)
83 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
84 W_ERROR_HAVE_NO_MEMORY(out->name);
86 out->num_values = in->value_ctr.num_values;
87 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
88 W_ERROR_HAVE_NO_MEMORY(out->values);
90 for (i=0; i < out->num_values; i++) {
93 if (in->value_ctr.values[i].blob == NULL) {
97 str = talloc_asprintf(out->values, "%s: not implemented",
99 W_ERROR_HAVE_NO_MEMORY(str);
101 out->values[i] = data_blob_string_const(str);
107 static WERROR dsdb_syntax_FOOBAR_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
108 const struct dsdb_attribute *attr,
109 const struct ldb_message_element *in,
111 struct drsuapi_DsReplicaAttribute *out)
116 static WERROR dsdb_syntax_FOOBAR_validate_ldb(const struct dsdb_syntax_ctx *ctx,
117 const struct dsdb_attribute *attr,
118 const struct ldb_message_element *in)
123 static WERROR dsdb_syntax_BOOL_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
124 const struct dsdb_attribute *attr,
125 const struct drsuapi_DsReplicaAttribute *in,
127 struct ldb_message_element *out)
132 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
133 W_ERROR_HAVE_NO_MEMORY(out->name);
135 out->num_values = in->value_ctr.num_values;
136 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
137 W_ERROR_HAVE_NO_MEMORY(out->values);
139 for (i=0; i < out->num_values; i++) {
143 if (in->value_ctr.values[i].blob == NULL) {
147 if (in->value_ctr.values[i].blob->length != 4) {
151 v = IVAL(in->value_ctr.values[i].blob->data, 0);
154 str = talloc_strdup(out->values, "TRUE");
155 W_ERROR_HAVE_NO_MEMORY(str);
157 str = talloc_strdup(out->values, "FALSE");
158 W_ERROR_HAVE_NO_MEMORY(str);
161 out->values[i] = data_blob_string_const(str);
167 static WERROR dsdb_syntax_BOOL_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
168 const struct dsdb_attribute *attr,
169 const struct ldb_message_element *in,
171 struct drsuapi_DsReplicaAttribute *out)
176 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
180 out->attid = dsdb_attribute_get_attid(attr,
182 out->value_ctr.num_values = in->num_values;
183 out->value_ctr.values = talloc_array(mem_ctx,
184 struct drsuapi_DsAttributeValue,
186 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
188 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
189 W_ERROR_HAVE_NO_MEMORY(blobs);
191 for (i=0; i < in->num_values; i++) {
192 out->value_ctr.values[i].blob = &blobs[i];
194 blobs[i] = data_blob_talloc(blobs, NULL, 4);
195 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
197 if (strcmp("TRUE", (const char *)in->values[i].data) == 0) {
198 SIVAL(blobs[i].data, 0, 0x00000001);
199 } else if (strcmp("FALSE", (const char *)in->values[i].data) == 0) {
200 SIVAL(blobs[i].data, 0, 0x00000000);
209 static WERROR dsdb_syntax_BOOL_validate_ldb(const struct dsdb_syntax_ctx *ctx,
210 const struct dsdb_attribute *attr,
211 const struct ldb_message_element *in)
215 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
219 for (i=0; i < in->num_values; i++) {
223 (const char *)in->values[i].data,
224 in->values[i].length);
226 (const char *)in->values[i].data,
227 in->values[i].length);
229 if (t != 0 && f != 0) {
230 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
237 static WERROR dsdb_syntax_INT32_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
238 const struct dsdb_attribute *attr,
239 const struct drsuapi_DsReplicaAttribute *in,
241 struct ldb_message_element *out)
246 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
247 W_ERROR_HAVE_NO_MEMORY(out->name);
249 out->num_values = in->value_ctr.num_values;
250 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
251 W_ERROR_HAVE_NO_MEMORY(out->values);
253 for (i=0; i < out->num_values; i++) {
257 if (in->value_ctr.values[i].blob == NULL) {
261 if (in->value_ctr.values[i].blob->length != 4) {
265 v = IVALS(in->value_ctr.values[i].blob->data, 0);
267 str = talloc_asprintf(out->values, "%d", v);
268 W_ERROR_HAVE_NO_MEMORY(str);
270 out->values[i] = data_blob_string_const(str);
276 static WERROR dsdb_syntax_INT32_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
277 const struct dsdb_attribute *attr,
278 const struct ldb_message_element *in,
280 struct drsuapi_DsReplicaAttribute *out)
285 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
289 out->attid = dsdb_attribute_get_attid(attr,
291 out->value_ctr.num_values = in->num_values;
292 out->value_ctr.values = talloc_array(mem_ctx,
293 struct drsuapi_DsAttributeValue,
295 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
297 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
298 W_ERROR_HAVE_NO_MEMORY(blobs);
300 for (i=0; i < in->num_values; i++) {
303 out->value_ctr.values[i].blob = &blobs[i];
305 blobs[i] = data_blob_talloc(blobs, NULL, 4);
306 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
308 /* We've to use "strtoll" here to have the intended overflows.
309 * Otherwise we may get "LONG_MAX" and the conversion is wrong. */
310 v = (int32_t) strtoll((char *)in->values[i].data, NULL, 0);
312 SIVALS(blobs[i].data, 0, v);
318 static WERROR dsdb_syntax_INT32_validate_ldb(const struct dsdb_syntax_ctx *ctx,
319 const struct dsdb_attribute *attr,
320 const struct ldb_message_element *in)
324 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
328 for (i=0; i < in->num_values; i++) {
330 char buf[sizeof("-2147483648")];
334 if (in->values[i].length >= sizeof(buf)) {
335 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
338 memcpy(buf, in->values[i].data, in->values[i].length);
340 v = strtol(buf, &end, 10);
342 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
344 if (end && end[0] != '\0') {
345 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
348 if (attr->rangeLower) {
349 if ((int32_t)v < (int32_t)*attr->rangeLower) {
350 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
354 if (attr->rangeUpper) {
355 if ((int32_t)v > (int32_t)*attr->rangeUpper) {
356 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
364 static WERROR dsdb_syntax_INT64_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
365 const struct dsdb_attribute *attr,
366 const struct drsuapi_DsReplicaAttribute *in,
368 struct ldb_message_element *out)
373 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
374 W_ERROR_HAVE_NO_MEMORY(out->name);
376 out->num_values = in->value_ctr.num_values;
377 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
378 W_ERROR_HAVE_NO_MEMORY(out->values);
380 for (i=0; i < out->num_values; i++) {
384 if (in->value_ctr.values[i].blob == NULL) {
388 if (in->value_ctr.values[i].blob->length != 8) {
392 v = BVALS(in->value_ctr.values[i].blob->data, 0);
394 str = talloc_asprintf(out->values, "%lld", (long long int)v);
395 W_ERROR_HAVE_NO_MEMORY(str);
397 out->values[i] = data_blob_string_const(str);
403 static WERROR dsdb_syntax_INT64_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
404 const struct dsdb_attribute *attr,
405 const struct ldb_message_element *in,
407 struct drsuapi_DsReplicaAttribute *out)
412 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
416 out->attid = dsdb_attribute_get_attid(attr,
418 out->value_ctr.num_values = in->num_values;
419 out->value_ctr.values = talloc_array(mem_ctx,
420 struct drsuapi_DsAttributeValue,
422 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
424 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
425 W_ERROR_HAVE_NO_MEMORY(blobs);
427 for (i=0; i < in->num_values; i++) {
430 out->value_ctr.values[i].blob = &blobs[i];
432 blobs[i] = data_blob_talloc(blobs, NULL, 8);
433 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
435 v = strtoll((const char *)in->values[i].data, NULL, 10);
437 SBVALS(blobs[i].data, 0, v);
443 static WERROR dsdb_syntax_INT64_validate_ldb(const struct dsdb_syntax_ctx *ctx,
444 const struct dsdb_attribute *attr,
445 const struct ldb_message_element *in)
449 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
453 for (i=0; i < in->num_values; i++) {
455 char buf[sizeof("-9223372036854775808")];
459 if (in->values[i].length >= sizeof(buf)) {
460 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
462 memcpy(buf, in->values[i].data, in->values[i].length);
465 v = strtoll(buf, &end, 10);
467 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
469 if (end && end[0] != '\0') {
470 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
473 if (attr->rangeLower) {
474 if ((int64_t)v < (int64_t)*attr->rangeLower) {
475 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
479 if (attr->rangeUpper) {
480 if ((int64_t)v > (int64_t)*attr->rangeUpper) {
481 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
488 static WERROR dsdb_syntax_NTTIME_UTC_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
489 const struct dsdb_attribute *attr,
490 const struct drsuapi_DsReplicaAttribute *in,
492 struct ldb_message_element *out)
497 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
498 W_ERROR_HAVE_NO_MEMORY(out->name);
500 out->num_values = in->value_ctr.num_values;
501 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
502 W_ERROR_HAVE_NO_MEMORY(out->values);
504 for (i=0; i < out->num_values; i++) {
509 if (in->value_ctr.values[i].blob == NULL) {
513 if (in->value_ctr.values[i].blob->length != 8) {
517 v = BVAL(in->value_ctr.values[i].blob->data, 0);
519 t = nt_time_to_unix(v);
522 * NOTE: On a w2k3 server you can set a GeneralizedTime string
523 * via LDAP, but you get back an UTCTime string,
524 * but via DRSUAPI you get back the NTTIME_1sec value
525 * that represents the GeneralizedTime value!
527 * So if we store the UTCTime string in our ldb
528 * we'll loose information!
530 str = ldb_timestring_utc(out->values, t);
531 W_ERROR_HAVE_NO_MEMORY(str);
532 out->values[i] = data_blob_string_const(str);
538 static WERROR dsdb_syntax_NTTIME_UTC_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
539 const struct dsdb_attribute *attr,
540 const struct ldb_message_element *in,
542 struct drsuapi_DsReplicaAttribute *out)
547 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
551 out->attid = dsdb_attribute_get_attid(attr,
553 out->value_ctr.num_values = in->num_values;
554 out->value_ctr.values = talloc_array(mem_ctx,
555 struct drsuapi_DsAttributeValue,
557 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
559 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
560 W_ERROR_HAVE_NO_MEMORY(blobs);
562 for (i=0; i < in->num_values; i++) {
566 out->value_ctr.values[i].blob = &blobs[i];
568 blobs[i] = data_blob_talloc(blobs, NULL, 8);
569 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
571 t = ldb_string_utc_to_time((const char *)in->values[i].data);
572 unix_to_nt_time(&v, t);
575 SBVAL(blobs[i].data, 0, v);
581 static WERROR dsdb_syntax_NTTIME_UTC_validate_ldb(const struct dsdb_syntax_ctx *ctx,
582 const struct dsdb_attribute *attr,
583 const struct ldb_message_element *in)
587 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
591 for (i=0; i < in->num_values; i++) {
593 char buf[sizeof("090826075717Z")];
596 if (in->values[i].length >= sizeof(buf)) {
597 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
599 memcpy(buf, in->values[i].data, in->values[i].length);
602 t = ldb_string_utc_to_time(buf);
604 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
607 if (attr->rangeLower) {
608 if ((int32_t)t < (int32_t)*attr->rangeLower) {
609 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
613 if (attr->rangeUpper) {
614 if ((int32_t)t > (int32_t)*attr->rangeLower) {
615 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
620 * TODO: verify the comment in the
621 * dsdb_syntax_NTTIME_UTC_drsuapi_to_ldb() function!
628 static WERROR dsdb_syntax_NTTIME_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
629 const struct dsdb_attribute *attr,
630 const struct drsuapi_DsReplicaAttribute *in,
632 struct ldb_message_element *out)
637 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
638 W_ERROR_HAVE_NO_MEMORY(out->name);
640 out->num_values = in->value_ctr.num_values;
641 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
642 W_ERROR_HAVE_NO_MEMORY(out->values);
644 for (i=0; i < out->num_values; i++) {
649 if (in->value_ctr.values[i].blob == NULL) {
653 if (in->value_ctr.values[i].blob->length != 8) {
657 v = BVAL(in->value_ctr.values[i].blob->data, 0);
659 t = nt_time_to_unix(v);
661 str = ldb_timestring(out->values, t);
662 W_ERROR_HAVE_NO_MEMORY(str);
664 out->values[i] = data_blob_string_const(str);
670 static WERROR dsdb_syntax_NTTIME_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
671 const struct dsdb_attribute *attr,
672 const struct ldb_message_element *in,
674 struct drsuapi_DsReplicaAttribute *out)
679 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
683 out->attid = dsdb_attribute_get_attid(attr,
685 out->value_ctr.num_values = in->num_values;
686 out->value_ctr.values = talloc_array(mem_ctx,
687 struct drsuapi_DsAttributeValue,
689 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
691 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
692 W_ERROR_HAVE_NO_MEMORY(blobs);
694 for (i=0; i < in->num_values; i++) {
699 out->value_ctr.values[i].blob = &blobs[i];
701 blobs[i] = data_blob_talloc(blobs, NULL, 8);
702 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
704 ret = ldb_val_to_time(&in->values[i], &t);
705 if (ret != LDB_SUCCESS) {
706 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
708 unix_to_nt_time(&v, t);
711 SBVAL(blobs[i].data, 0, v);
717 static WERROR dsdb_syntax_NTTIME_validate_ldb(const struct dsdb_syntax_ctx *ctx,
718 const struct dsdb_attribute *attr,
719 const struct ldb_message_element *in)
723 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
727 for (i=0; i < in->num_values; i++) {
731 ret = ldb_val_to_time(&in->values[i], &t);
732 if (ret != LDB_SUCCESS) {
733 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
736 if (attr->rangeLower) {
737 if ((int32_t)t < (int32_t)*attr->rangeLower) {
738 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
742 if (attr->rangeUpper) {
743 if ((int32_t)t > (int32_t)*attr->rangeLower) {
744 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
752 static WERROR dsdb_syntax_DATA_BLOB_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
753 const struct dsdb_attribute *attr,
754 const struct drsuapi_DsReplicaAttribute *in,
756 struct ldb_message_element *out)
761 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
762 W_ERROR_HAVE_NO_MEMORY(out->name);
764 out->num_values = in->value_ctr.num_values;
765 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
766 W_ERROR_HAVE_NO_MEMORY(out->values);
768 for (i=0; i < out->num_values; i++) {
769 if (in->value_ctr.values[i].blob == NULL) {
773 if (in->value_ctr.values[i].blob->length == 0) {
777 out->values[i] = data_blob_dup_talloc(out->values,
778 in->value_ctr.values[i].blob);
779 W_ERROR_HAVE_NO_MEMORY(out->values[i].data);
785 static WERROR dsdb_syntax_DATA_BLOB_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
786 const struct dsdb_attribute *attr,
787 const struct ldb_message_element *in,
789 struct drsuapi_DsReplicaAttribute *out)
794 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
798 out->attid = dsdb_attribute_get_attid(attr,
800 out->value_ctr.num_values = in->num_values;
801 out->value_ctr.values = talloc_array(mem_ctx,
802 struct drsuapi_DsAttributeValue,
804 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
806 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
807 W_ERROR_HAVE_NO_MEMORY(blobs);
809 for (i=0; i < in->num_values; i++) {
810 out->value_ctr.values[i].blob = &blobs[i];
812 blobs[i] = data_blob_dup_talloc(blobs, &in->values[i]);
813 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
819 static WERROR dsdb_syntax_DATA_BLOB_validate_one_val(const struct dsdb_syntax_ctx *ctx,
820 const struct dsdb_attribute *attr,
821 const struct ldb_val *val)
823 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
827 if (attr->rangeLower) {
828 if ((uint32_t)val->length < (uint32_t)*attr->rangeLower) {
829 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
833 if (attr->rangeUpper) {
834 if ((uint32_t)val->length > (uint32_t)*attr->rangeUpper) {
835 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
842 static WERROR dsdb_syntax_DATA_BLOB_validate_ldb(const struct dsdb_syntax_ctx *ctx,
843 const struct dsdb_attribute *attr,
844 const struct ldb_message_element *in)
849 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
853 for (i=0; i < in->num_values; i++) {
854 if (in->values[i].length == 0) {
855 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
858 status = dsdb_syntax_DATA_BLOB_validate_one_val(ctx,
861 if (!W_ERROR_IS_OK(status)) {
869 static WERROR _dsdb_syntax_auto_OID_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
870 const struct dsdb_attribute *attr,
871 const struct drsuapi_DsReplicaAttribute *in,
873 struct ldb_message_element *out)
878 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
879 W_ERROR_HAVE_NO_MEMORY(out->name);
881 out->num_values = in->value_ctr.num_values;
882 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
883 W_ERROR_HAVE_NO_MEMORY(out->values);
885 for (i=0; i < out->num_values; i++) {
887 const struct dsdb_class *c;
888 const struct dsdb_attribute *a;
889 const char *str = NULL;
891 if (in->value_ctr.values[i].blob == NULL) {
895 if (in->value_ctr.values[i].blob->length != 4) {
899 v = IVAL(in->value_ctr.values[i].blob->data, 0);
901 if ((c = dsdb_class_by_governsID_id(ctx->schema, v))) {
902 str = talloc_strdup(out->values, c->lDAPDisplayName);
903 } else if ((a = dsdb_attribute_by_attributeID_id(ctx->schema, v))) {
904 str = talloc_strdup(out->values, a->lDAPDisplayName);
907 SMB_ASSERT(ctx->pfm_remote);
908 werr = dsdb_schema_pfm_oid_from_attid(ctx->pfm_remote, v,
910 W_ERROR_NOT_OK_RETURN(werr);
912 W_ERROR_HAVE_NO_MEMORY(str);
914 /* the values need to be reversed */
915 out->values[out->num_values - (i + 1)] = data_blob_string_const(str);
921 static WERROR _dsdb_syntax_OID_obj_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
922 const struct dsdb_attribute *attr,
923 const struct drsuapi_DsReplicaAttribute *in,
925 struct ldb_message_element *out)
930 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
931 W_ERROR_HAVE_NO_MEMORY(out->name);
933 out->num_values = in->value_ctr.num_values;
934 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
935 W_ERROR_HAVE_NO_MEMORY(out->values);
937 for (i=0; i < out->num_values; i++) {
939 const struct dsdb_class *c;
942 if (in->value_ctr.values[i].blob == NULL) {
946 if (in->value_ctr.values[i].blob->length != 4) {
950 v = IVAL(in->value_ctr.values[i].blob->data, 0);
952 c = dsdb_class_by_governsID_id(ctx->schema, v);
957 str = talloc_strdup(out->values, c->lDAPDisplayName);
958 W_ERROR_HAVE_NO_MEMORY(str);
960 /* the values need to be reversed */
961 out->values[out->num_values - (i + 1)] = data_blob_string_const(str);
967 static WERROR _dsdb_syntax_OID_attr_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
968 const struct dsdb_attribute *attr,
969 const struct drsuapi_DsReplicaAttribute *in,
971 struct ldb_message_element *out)
976 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
977 W_ERROR_HAVE_NO_MEMORY(out->name);
979 out->num_values = in->value_ctr.num_values;
980 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
981 W_ERROR_HAVE_NO_MEMORY(out->values);
983 for (i=0; i < out->num_values; i++) {
985 const struct dsdb_attribute *a;
988 if (in->value_ctr.values[i].blob == NULL) {
992 if (in->value_ctr.values[i].blob->length != 4) {
996 v = IVAL(in->value_ctr.values[i].blob->data, 0);
998 a = dsdb_attribute_by_attributeID_id(ctx->schema, v);
1003 str = talloc_strdup(out->values, a->lDAPDisplayName);
1004 W_ERROR_HAVE_NO_MEMORY(str);
1006 /* the values need to be reversed */
1007 out->values[out->num_values - (i + 1)] = data_blob_string_const(str);
1013 static WERROR _dsdb_syntax_OID_oid_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
1014 const struct dsdb_attribute *attr,
1015 const struct drsuapi_DsReplicaAttribute *in,
1016 TALLOC_CTX *mem_ctx,
1017 struct ldb_message_element *out)
1021 SMB_ASSERT(ctx->pfm_remote);
1024 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
1025 W_ERROR_HAVE_NO_MEMORY(out->name);
1027 out->num_values = in->value_ctr.num_values;
1028 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
1029 W_ERROR_HAVE_NO_MEMORY(out->values);
1031 for (i=0; i < out->num_values; i++) {
1036 if (in->value_ctr.values[i].blob == NULL) {
1040 if (in->value_ctr.values[i].blob->length != 4) {
1044 attid = IVAL(in->value_ctr.values[i].blob->data, 0);
1046 status = dsdb_schema_pfm_oid_from_attid(ctx->pfm_remote, attid,
1048 W_ERROR_NOT_OK_RETURN(status);
1050 out->values[i] = data_blob_string_const(oid);
1056 static WERROR _dsdb_syntax_auto_OID_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
1057 const struct dsdb_attribute *attr,
1058 const struct ldb_message_element *in,
1059 TALLOC_CTX *mem_ctx,
1060 struct drsuapi_DsReplicaAttribute *out)
1065 out->attid= dsdb_attribute_get_attid(attr,
1067 out->value_ctr.num_values= in->num_values;
1068 out->value_ctr.values= talloc_array(mem_ctx,
1069 struct drsuapi_DsAttributeValue,
1071 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
1073 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
1074 W_ERROR_HAVE_NO_MEMORY(blobs);
1076 for (i=0; i < in->num_values; i++) {
1077 const struct dsdb_class *obj_class;
1078 const struct dsdb_attribute *obj_attr;
1081 out->value_ctr.values[i].blob= &blobs[i];
1083 blobs[i] = data_blob_talloc(blobs, NULL, 4);
1084 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
1086 /* in DRS windows puts the classes in the opposite
1087 order to the order used in ldap */
1088 v = &in->values[(in->num_values-1)-i];
1090 if ((obj_class = dsdb_class_by_lDAPDisplayName_ldb_val(ctx->schema, v))) {
1091 SIVAL(blobs[i].data, 0, obj_class->governsID_id);
1092 } else if ((obj_attr = dsdb_attribute_by_lDAPDisplayName_ldb_val(ctx->schema, v))) {
1093 SIVAL(blobs[i].data, 0, obj_attr->attributeID_id);
1097 werr = dsdb_schema_pfm_attid_from_oid(ctx->schema->prefixmap,
1098 (const char *)v->data,
1100 W_ERROR_NOT_OK_RETURN(werr);
1101 SIVAL(blobs[i].data, 0, attid);
1110 static WERROR _dsdb_syntax_OID_obj_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
1111 const struct dsdb_attribute *attr,
1112 const struct ldb_message_element *in,
1113 TALLOC_CTX *mem_ctx,
1114 struct drsuapi_DsReplicaAttribute *out)
1119 out->attid= dsdb_attribute_get_attid(attr,
1121 out->value_ctr.num_values= in->num_values;
1122 out->value_ctr.values= talloc_array(mem_ctx,
1123 struct drsuapi_DsAttributeValue,
1125 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
1127 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
1128 W_ERROR_HAVE_NO_MEMORY(blobs);
1130 for (i=0; i < in->num_values; i++) {
1131 const struct dsdb_class *obj_class;
1133 out->value_ctr.values[i].blob= &blobs[i];
1135 blobs[i] = data_blob_talloc(blobs, NULL, 4);
1136 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
1138 /* in DRS windows puts the classes in the opposite
1139 order to the order used in ldap */
1140 obj_class = dsdb_class_by_lDAPDisplayName(ctx->schema,
1141 (const char *)in->values[(in->num_values-1)-i].data);
1145 SIVAL(blobs[i].data, 0, obj_class->governsID_id);
1152 static WERROR _dsdb_syntax_OID_attr_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
1153 const struct dsdb_attribute *attr,
1154 const struct ldb_message_element *in,
1155 TALLOC_CTX *mem_ctx,
1156 struct drsuapi_DsReplicaAttribute *out)
1161 out->attid= dsdb_attribute_get_attid(attr,
1163 out->value_ctr.num_values= in->num_values;
1164 out->value_ctr.values= talloc_array(mem_ctx,
1165 struct drsuapi_DsAttributeValue,
1167 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
1169 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
1170 W_ERROR_HAVE_NO_MEMORY(blobs);
1172 for (i=0; i < in->num_values; i++) {
1173 const struct dsdb_attribute *obj_attr;
1175 out->value_ctr.values[i].blob= &blobs[i];
1177 blobs[i] = data_blob_talloc(blobs, NULL, 4);
1178 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
1180 obj_attr = dsdb_attribute_by_lDAPDisplayName(ctx->schema, (const char *)in->values[i].data);
1184 SIVAL(blobs[i].data, 0, obj_attr->attributeID_id);
1191 static WERROR _dsdb_syntax_OID_oid_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
1192 const struct dsdb_attribute *attr,
1193 const struct ldb_message_element *in,
1194 TALLOC_CTX *mem_ctx,
1195 struct drsuapi_DsReplicaAttribute *out)
1200 out->attid= dsdb_attribute_get_attid(attr,
1202 out->value_ctr.num_values= in->num_values;
1203 out->value_ctr.values= talloc_array(mem_ctx,
1204 struct drsuapi_DsAttributeValue,
1206 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
1208 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
1209 W_ERROR_HAVE_NO_MEMORY(blobs);
1211 for (i=0; i < in->num_values; i++) {
1215 out->value_ctr.values[i].blob= &blobs[i];
1217 blobs[i] = data_blob_talloc(blobs, NULL, 4);
1218 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
1220 status = dsdb_schema_pfm_attid_from_oid(ctx->schema->prefixmap,
1221 (const char *)in->values[i].data,
1223 W_ERROR_NOT_OK_RETURN(status);
1225 SIVAL(blobs[i].data, 0, attid);
1231 static WERROR dsdb_syntax_OID_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
1232 const struct dsdb_attribute *attr,
1233 const struct drsuapi_DsReplicaAttribute *in,
1234 TALLOC_CTX *mem_ctx,
1235 struct ldb_message_element *out)
1239 switch (attr->attributeID_id) {
1240 case DRSUAPI_ATTID_objectClass:
1241 case DRSUAPI_ATTID_subClassOf:
1242 case DRSUAPI_ATTID_auxiliaryClass:
1243 case DRSUAPI_ATTID_systemAuxiliaryClass:
1244 case DRSUAPI_ATTID_systemPossSuperiors:
1245 case DRSUAPI_ATTID_possSuperiors:
1246 werr = _dsdb_syntax_OID_obj_drsuapi_to_ldb(ctx, attr, in, mem_ctx, out);
1248 case DRSUAPI_ATTID_systemMustContain:
1249 case DRSUAPI_ATTID_systemMayContain:
1250 case DRSUAPI_ATTID_mustContain:
1251 case DRSUAPI_ATTID_rDNAttId:
1252 case DRSUAPI_ATTID_transportAddressAttribute:
1253 case DRSUAPI_ATTID_mayContain:
1254 werr = _dsdb_syntax_OID_attr_drsuapi_to_ldb(ctx, attr, in, mem_ctx, out);
1256 case DRSUAPI_ATTID_governsID:
1257 case DRSUAPI_ATTID_attributeID:
1258 case DRSUAPI_ATTID_attributeSyntax:
1259 werr = _dsdb_syntax_OID_oid_drsuapi_to_ldb(ctx, attr, in, mem_ctx, out);
1262 DEBUG(0,(__location__ ": Unknown handling for attributeID_id for %s\n",
1263 attr->lDAPDisplayName));
1264 return _dsdb_syntax_auto_OID_drsuapi_to_ldb(ctx, attr, in, mem_ctx, out);
1267 /* When we are doing the vampire of a schema, we don't want
1268 * the inability to reference an OID to get in the way.
1269 * Otherwise, we won't get the new schema with which to
1270 * understand this */
1271 if (!W_ERROR_IS_OK(werr) && ctx->schema->relax_OID_conversions) {
1272 return _dsdb_syntax_OID_oid_drsuapi_to_ldb(ctx, attr, in, mem_ctx, out);
1277 static WERROR dsdb_syntax_OID_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
1278 const struct dsdb_attribute *attr,
1279 const struct ldb_message_element *in,
1280 TALLOC_CTX *mem_ctx,
1281 struct drsuapi_DsReplicaAttribute *out)
1283 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
1287 switch (attr->attributeID_id) {
1288 case DRSUAPI_ATTID_objectClass:
1289 case DRSUAPI_ATTID_subClassOf:
1290 case DRSUAPI_ATTID_auxiliaryClass:
1291 case DRSUAPI_ATTID_systemAuxiliaryClass:
1292 case DRSUAPI_ATTID_systemPossSuperiors:
1293 case DRSUAPI_ATTID_possSuperiors:
1294 return _dsdb_syntax_OID_obj_ldb_to_drsuapi(ctx, attr, in, mem_ctx, out);
1295 case DRSUAPI_ATTID_systemMustContain:
1296 case DRSUAPI_ATTID_systemMayContain:
1297 case DRSUAPI_ATTID_mustContain:
1298 case DRSUAPI_ATTID_rDNAttId:
1299 case DRSUAPI_ATTID_transportAddressAttribute:
1300 case DRSUAPI_ATTID_mayContain:
1301 return _dsdb_syntax_OID_attr_ldb_to_drsuapi(ctx, attr, in, mem_ctx, out);
1302 case DRSUAPI_ATTID_governsID:
1303 case DRSUAPI_ATTID_attributeID:
1304 case DRSUAPI_ATTID_attributeSyntax:
1305 return _dsdb_syntax_OID_oid_ldb_to_drsuapi(ctx, attr, in, mem_ctx, out);
1308 DEBUG(0,(__location__ ": Unknown handling for attributeID_id for %s\n",
1309 attr->lDAPDisplayName));
1311 return _dsdb_syntax_auto_OID_ldb_to_drsuapi(ctx, attr, in, mem_ctx, out);
1314 static WERROR _dsdb_syntax_OID_validate_numericoid(const struct dsdb_syntax_ctx *ctx,
1315 const struct dsdb_attribute *attr,
1316 const struct ldb_message_element *in)
1319 TALLOC_CTX *tmp_ctx;
1321 tmp_ctx = talloc_new(ctx->ldb);
1322 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
1324 for (i=0; i < in->num_values; i++) {
1326 const char *oid_out;
1327 const char *oid = (const char*)in->values[i].data;
1329 if (!ber_write_OID_String(tmp_ctx, &blob, oid)) {
1330 DEBUG(0,("ber_write_OID_String() failed for %s\n", oid));
1331 talloc_free(tmp_ctx);
1332 return WERR_INVALID_PARAMETER;
1335 if (!ber_read_OID_String(tmp_ctx, blob, &oid_out)) {
1336 DEBUG(0,("ber_read_OID_String() failed for %s\n",
1337 hex_encode_talloc(tmp_ctx, blob.data, blob.length)));
1338 talloc_free(tmp_ctx);
1339 return WERR_INVALID_PARAMETER;
1342 if (strcmp(oid, oid_out) != 0) {
1343 talloc_free(tmp_ctx);
1344 return WERR_INVALID_PARAMETER;
1348 talloc_free(tmp_ctx);
1352 static WERROR dsdb_syntax_OID_validate_ldb(const struct dsdb_syntax_ctx *ctx,
1353 const struct dsdb_attribute *attr,
1354 const struct ldb_message_element *in)
1357 struct drsuapi_DsReplicaAttribute drs_tmp;
1358 struct ldb_message_element ldb_tmp;
1359 TALLOC_CTX *tmp_ctx;
1361 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
1365 switch (attr->attributeID_id) {
1366 case DRSUAPI_ATTID_governsID:
1367 case DRSUAPI_ATTID_attributeID:
1368 case DRSUAPI_ATTID_attributeSyntax:
1369 return _dsdb_syntax_OID_validate_numericoid(ctx, attr, in);
1373 * TODO: optimize and verify this code
1376 tmp_ctx = talloc_new(ctx->ldb);
1377 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
1379 status = dsdb_syntax_OID_ldb_to_drsuapi(ctx,
1384 if (!W_ERROR_IS_OK(status)) {
1385 talloc_free(tmp_ctx);
1389 status = dsdb_syntax_OID_drsuapi_to_ldb(ctx,
1394 if (!W_ERROR_IS_OK(status)) {
1395 talloc_free(tmp_ctx);
1399 talloc_free(tmp_ctx);
1403 static WERROR dsdb_syntax_UNICODE_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
1404 const struct dsdb_attribute *attr,
1405 const struct drsuapi_DsReplicaAttribute *in,
1406 TALLOC_CTX *mem_ctx,
1407 struct ldb_message_element *out)
1412 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
1413 W_ERROR_HAVE_NO_MEMORY(out->name);
1415 out->num_values = in->value_ctr.num_values;
1416 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
1417 W_ERROR_HAVE_NO_MEMORY(out->values);
1419 for (i=0; i < out->num_values; i++) {
1422 if (in->value_ctr.values[i].blob == NULL) {
1426 if (in->value_ctr.values[i].blob->length == 0) {
1430 if (!convert_string_talloc(out->values,
1432 in->value_ctr.values[i].blob->data,
1433 in->value_ctr.values[i].blob->length,
1434 (void **)&str, NULL, false)) {
1438 out->values[i] = data_blob_string_const(str);
1444 static WERROR dsdb_syntax_UNICODE_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
1445 const struct dsdb_attribute *attr,
1446 const struct ldb_message_element *in,
1447 TALLOC_CTX *mem_ctx,
1448 struct drsuapi_DsReplicaAttribute *out)
1453 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
1457 out->attid = dsdb_attribute_get_attid(attr,
1459 out->value_ctr.num_values = in->num_values;
1460 out->value_ctr.values = talloc_array(mem_ctx,
1461 struct drsuapi_DsAttributeValue,
1463 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
1465 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
1466 W_ERROR_HAVE_NO_MEMORY(blobs);
1468 for (i=0; i < in->num_values; i++) {
1469 out->value_ctr.values[i].blob = &blobs[i];
1471 if (!convert_string_talloc(blobs,
1473 in->values[i].data, in->values[i].length,
1474 (void **)&blobs[i].data, &blobs[i].length, false)) {
1482 static WERROR dsdb_syntax_UNICODE_validate_one_val(const struct dsdb_syntax_ctx *ctx,
1483 const struct dsdb_attribute *attr,
1484 const struct ldb_val *val)
1490 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
1494 ok = convert_string_talloc(ctx->ldb,
1502 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1505 if (attr->rangeLower) {
1506 if ((size/2) < *attr->rangeLower) {
1507 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1511 if (attr->rangeUpper) {
1512 if ((size/2) > *attr->rangeUpper) {
1513 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1520 static WERROR dsdb_syntax_UNICODE_validate_ldb(const struct dsdb_syntax_ctx *ctx,
1521 const struct dsdb_attribute *attr,
1522 const struct ldb_message_element *in)
1527 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
1531 for (i=0; i < in->num_values; i++) {
1532 if (in->values[i].length == 0) {
1533 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1536 status = dsdb_syntax_UNICODE_validate_one_val(ctx,
1539 if (!W_ERROR_IS_OK(status)) {
1547 static WERROR dsdb_syntax_one_DN_drsuapi_to_ldb(TALLOC_CTX *mem_ctx, struct ldb_context *ldb,
1548 const struct dsdb_syntax *syntax,
1549 const DATA_BLOB *in, DATA_BLOB *out)
1551 struct drsuapi_DsReplicaObjectIdentifier3 id3;
1552 enum ndr_err_code ndr_err;
1553 DATA_BLOB guid_blob;
1555 TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
1560 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
1564 talloc_free(tmp_ctx);
1568 if (in->length == 0) {
1569 talloc_free(tmp_ctx);
1574 /* windows sometimes sends an extra two pad bytes here */
1575 ndr_err = ndr_pull_struct_blob(in,
1577 (ndr_pull_flags_fn_t)ndr_pull_drsuapi_DsReplicaObjectIdentifier3);
1578 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1579 status = ndr_map_error2ntstatus(ndr_err);
1580 talloc_free(tmp_ctx);
1581 return ntstatus_to_werror(status);
1584 dn = ldb_dn_new(tmp_ctx, ldb, id3.dn);
1586 talloc_free(tmp_ctx);
1587 /* If this fails, it must be out of memory, as it does not do much parsing */
1588 W_ERROR_HAVE_NO_MEMORY(dn);
1591 if (!GUID_all_zero(&id3.guid)) {
1592 status = GUID_to_ndr_blob(&id3.guid, tmp_ctx, &guid_blob);
1593 if (!NT_STATUS_IS_OK(status)) {
1594 talloc_free(tmp_ctx);
1595 return ntstatus_to_werror(status);
1598 ret = ldb_dn_set_extended_component(dn, "GUID", &guid_blob);
1599 if (ret != LDB_SUCCESS) {
1600 talloc_free(tmp_ctx);
1603 talloc_free(guid_blob.data);
1606 if (id3.__ndr_size_sid) {
1608 ndr_err = ndr_push_struct_blob(&sid_blob, tmp_ctx, &id3.sid,
1609 (ndr_push_flags_fn_t)ndr_push_dom_sid);
1610 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1611 status = ndr_map_error2ntstatus(ndr_err);
1612 talloc_free(tmp_ctx);
1613 return ntstatus_to_werror(status);
1616 ret = ldb_dn_set_extended_component(dn, "SID", &sid_blob);
1617 if (ret != LDB_SUCCESS) {
1618 talloc_free(tmp_ctx);
1623 *out = data_blob_string_const(ldb_dn_get_extended_linearized(mem_ctx, dn, 1));
1624 talloc_free(tmp_ctx);
1628 static WERROR dsdb_syntax_DN_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
1629 const struct dsdb_attribute *attr,
1630 const struct drsuapi_DsReplicaAttribute *in,
1631 TALLOC_CTX *mem_ctx,
1632 struct ldb_message_element *out)
1637 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
1638 W_ERROR_HAVE_NO_MEMORY(out->name);
1640 out->num_values = in->value_ctr.num_values;
1641 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
1642 W_ERROR_HAVE_NO_MEMORY(out->values);
1644 for (i=0; i < out->num_values; i++) {
1645 WERROR status = dsdb_syntax_one_DN_drsuapi_to_ldb(out->values, ctx->ldb, attr->syntax,
1646 in->value_ctr.values[i].blob,
1648 if (!W_ERROR_IS_OK(status)) {
1657 static WERROR dsdb_syntax_DN_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
1658 const struct dsdb_attribute *attr,
1659 const struct ldb_message_element *in,
1660 TALLOC_CTX *mem_ctx,
1661 struct drsuapi_DsReplicaAttribute *out)
1666 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
1670 out->attid = dsdb_attribute_get_attid(attr,
1672 out->value_ctr.num_values = in->num_values;
1673 out->value_ctr.values = talloc_array(mem_ctx,
1674 struct drsuapi_DsAttributeValue,
1676 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
1678 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
1679 W_ERROR_HAVE_NO_MEMORY(blobs);
1681 for (i=0; i < in->num_values; i++) {
1682 struct drsuapi_DsReplicaObjectIdentifier3 id3;
1683 enum ndr_err_code ndr_err;
1685 TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
1688 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
1690 out->value_ctr.values[i].blob = &blobs[i];
1692 dn = ldb_dn_from_ldb_val(tmp_ctx, ctx->ldb, &in->values[i]);
1694 W_ERROR_HAVE_NO_MEMORY(dn);
1698 status = dsdb_get_extended_dn_guid(dn, &id3.guid, "GUID");
1699 if (!NT_STATUS_IS_OK(status) &&
1700 !NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
1701 talloc_free(tmp_ctx);
1702 return ntstatus_to_werror(status);
1705 status = dsdb_get_extended_dn_sid(dn, &id3.sid, "SID");
1706 if (!NT_STATUS_IS_OK(status) &&
1707 !NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
1708 talloc_free(tmp_ctx);
1709 return ntstatus_to_werror(status);
1712 id3.dn = ldb_dn_get_linearized(dn);
1714 ndr_err = ndr_push_struct_blob(&blobs[i], blobs, &id3, (ndr_push_flags_fn_t)ndr_push_drsuapi_DsReplicaObjectIdentifier3);
1715 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1716 status = ndr_map_error2ntstatus(ndr_err);
1717 talloc_free(tmp_ctx);
1718 return ntstatus_to_werror(status);
1720 talloc_free(tmp_ctx);
1726 static WERROR dsdb_syntax_DN_validate_one_val(const struct dsdb_syntax_ctx *ctx,
1727 const struct dsdb_attribute *attr,
1728 const struct ldb_val *val,
1729 TALLOC_CTX *mem_ctx,
1730 struct dsdb_dn **_dsdb_dn)
1732 static const char * const extended_list[] = { "GUID", "SID", NULL };
1733 enum ndr_err_code ndr_err;
1736 const DATA_BLOB *sid_blob;
1737 struct dsdb_dn *dsdb_dn;
1743 TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
1746 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
1748 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
1752 dsdb_dn = dsdb_dn_parse(tmp_ctx, ctx->ldb, val,
1753 attr->syntax->ldap_oid);
1755 talloc_free(tmp_ctx);
1756 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1760 dn2 = ldb_dn_copy(tmp_ctx, dn);
1762 talloc_free(tmp_ctx);
1766 num_components = ldb_dn_get_comp_num(dn);
1768 status = dsdb_get_extended_dn_guid(dn, &guid, "GUID");
1769 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
1771 } else if (!NT_STATUS_IS_OK(status)) {
1772 talloc_free(tmp_ctx);
1773 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1776 sid_blob = ldb_dn_get_extended_component(dn, "SID");
1779 ndr_err = ndr_pull_struct_blob_all(sid_blob,
1782 (ndr_pull_flags_fn_t)ndr_pull_dom_sid);
1783 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1784 talloc_free(tmp_ctx);
1785 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1789 /* Do not allow links to the RootDSE */
1790 if (num_components == 0) {
1791 talloc_free(tmp_ctx);
1792 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1796 * We need to check that only "GUID" and "SID" are
1797 * specified as extended components, we do that
1798 * by comparing the dn's after removing all components
1799 * from one dn and only the allowed subset from the other
1802 ldb_dn_extended_filter(dn, extended_list);
1804 dn_str = ldb_dn_get_extended_linearized(tmp_ctx, dn, 0);
1805 if (dn_str == NULL) {
1806 talloc_free(tmp_ctx);
1807 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1809 dn2_str = ldb_dn_get_extended_linearized(tmp_ctx, dn2, 0);
1810 if (dn2_str == NULL) {
1811 talloc_free(tmp_ctx);
1812 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1815 if (strcmp(dn_str, dn2_str) != 0) {
1816 talloc_free(tmp_ctx);
1817 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1820 *_dsdb_dn = talloc_move(mem_ctx, &dsdb_dn);
1821 talloc_free(tmp_ctx);
1825 static WERROR dsdb_syntax_DN_validate_ldb(const struct dsdb_syntax_ctx *ctx,
1826 const struct dsdb_attribute *attr,
1827 const struct ldb_message_element *in)
1831 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
1835 for (i=0; i < in->num_values; i++) {
1837 struct dsdb_dn *dsdb_dn;
1838 TALLOC_CTX *tmp_ctx = talloc_new(ctx->ldb);
1839 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
1841 status = dsdb_syntax_DN_validate_one_val(ctx,
1845 if (!W_ERROR_IS_OK(status)) {
1846 talloc_free(tmp_ctx);
1850 if (dsdb_dn->dn_format != DSDB_NORMAL_DN) {
1851 talloc_free(tmp_ctx);
1852 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1855 talloc_free(tmp_ctx);
1861 static WERROR dsdb_syntax_DN_BINARY_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
1862 const struct dsdb_attribute *attr,
1863 const struct drsuapi_DsReplicaAttribute *in,
1864 TALLOC_CTX *mem_ctx,
1865 struct ldb_message_element *out)
1871 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
1872 W_ERROR_HAVE_NO_MEMORY(out->name);
1874 out->num_values = in->value_ctr.num_values;
1875 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
1876 W_ERROR_HAVE_NO_MEMORY(out->values);
1878 for (i=0; i < out->num_values; i++) {
1879 struct drsuapi_DsReplicaObjectIdentifier3Binary id3;
1880 enum ndr_err_code ndr_err;
1881 DATA_BLOB guid_blob;
1883 struct dsdb_dn *dsdb_dn;
1885 TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
1887 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
1890 if (in->value_ctr.values[i].blob == NULL) {
1891 talloc_free(tmp_ctx);
1895 if (in->value_ctr.values[i].blob->length == 0) {
1896 talloc_free(tmp_ctx);
1901 /* windows sometimes sends an extra two pad bytes here */
1902 ndr_err = ndr_pull_struct_blob(in->value_ctr.values[i].blob,
1904 (ndr_pull_flags_fn_t)ndr_pull_drsuapi_DsReplicaObjectIdentifier3Binary);
1905 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1906 status = ndr_map_error2ntstatus(ndr_err);
1907 talloc_free(tmp_ctx);
1908 return ntstatus_to_werror(status);
1911 dn = ldb_dn_new(tmp_ctx, ctx->ldb, id3.dn);
1913 talloc_free(tmp_ctx);
1914 /* If this fails, it must be out of memory, as it does not do much parsing */
1915 W_ERROR_HAVE_NO_MEMORY(dn);
1918 status = GUID_to_ndr_blob(&id3.guid, tmp_ctx, &guid_blob);
1919 if (!NT_STATUS_IS_OK(status)) {
1920 talloc_free(tmp_ctx);
1921 return ntstatus_to_werror(status);
1924 ret = ldb_dn_set_extended_component(dn, "GUID", &guid_blob);
1925 if (ret != LDB_SUCCESS) {
1926 talloc_free(tmp_ctx);
1930 talloc_free(guid_blob.data);
1932 if (id3.__ndr_size_sid) {
1934 ndr_err = ndr_push_struct_blob(&sid_blob, tmp_ctx, &id3.sid,
1935 (ndr_push_flags_fn_t)ndr_push_dom_sid);
1936 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1937 status = ndr_map_error2ntstatus(ndr_err);
1938 talloc_free(tmp_ctx);
1939 return ntstatus_to_werror(status);
1942 ret = ldb_dn_set_extended_component(dn, "SID", &sid_blob);
1943 if (ret != LDB_SUCCESS) {
1944 talloc_free(tmp_ctx);
1949 /* set binary stuff */
1950 dsdb_dn = dsdb_dn_construct(tmp_ctx, dn, id3.binary, attr->syntax->ldap_oid);
1952 /* If this fails, it must be out of memory, we know the ldap_oid is valid */
1953 talloc_free(tmp_ctx);
1954 W_ERROR_HAVE_NO_MEMORY(dsdb_dn);
1956 out->values[i] = data_blob_string_const(dsdb_dn_get_extended_linearized(out->values, dsdb_dn, 1));
1957 talloc_free(tmp_ctx);
1963 static WERROR dsdb_syntax_DN_BINARY_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
1964 const struct dsdb_attribute *attr,
1965 const struct ldb_message_element *in,
1966 TALLOC_CTX *mem_ctx,
1967 struct drsuapi_DsReplicaAttribute *out)
1972 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
1976 out->attid = dsdb_attribute_get_attid(attr,
1978 out->value_ctr.num_values = in->num_values;
1979 out->value_ctr.values = talloc_array(mem_ctx,
1980 struct drsuapi_DsAttributeValue,
1982 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
1984 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
1985 W_ERROR_HAVE_NO_MEMORY(blobs);
1987 for (i=0; i < in->num_values; i++) {
1988 struct drsuapi_DsReplicaObjectIdentifier3Binary id3;
1989 enum ndr_err_code ndr_err;
1990 const DATA_BLOB *sid_blob;
1991 struct dsdb_dn *dsdb_dn;
1992 TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
1995 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
1997 out->value_ctr.values[i].blob = &blobs[i];
1999 dsdb_dn = dsdb_dn_parse(tmp_ctx, ctx->ldb, &in->values[i], attr->syntax->ldap_oid);
2002 talloc_free(tmp_ctx);
2003 return ntstatus_to_werror(NT_STATUS_INVALID_PARAMETER);
2008 status = dsdb_get_extended_dn_guid(dsdb_dn->dn, &id3.guid, "GUID");
2009 if (!NT_STATUS_IS_OK(status) &&
2010 !NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
2011 talloc_free(tmp_ctx);
2012 return ntstatus_to_werror(status);
2015 sid_blob = ldb_dn_get_extended_component(dsdb_dn->dn, "SID");
2018 ndr_err = ndr_pull_struct_blob_all(sid_blob,
2020 (ndr_pull_flags_fn_t)ndr_pull_dom_sid);
2021 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
2022 status = ndr_map_error2ntstatus(ndr_err);
2023 talloc_free(tmp_ctx);
2024 return ntstatus_to_werror(status);
2028 id3.dn = ldb_dn_get_linearized(dsdb_dn->dn);
2030 /* get binary stuff */
2031 id3.binary = dsdb_dn->extra_part;
2033 ndr_err = ndr_push_struct_blob(&blobs[i], blobs, &id3, (ndr_push_flags_fn_t)ndr_push_drsuapi_DsReplicaObjectIdentifier3Binary);
2034 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
2035 status = ndr_map_error2ntstatus(ndr_err);
2036 talloc_free(tmp_ctx);
2037 return ntstatus_to_werror(status);
2039 talloc_free(tmp_ctx);
2045 static WERROR dsdb_syntax_DN_BINARY_validate_ldb(const struct dsdb_syntax_ctx *ctx,
2046 const struct dsdb_attribute *attr,
2047 const struct ldb_message_element *in)
2051 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
2055 for (i=0; i < in->num_values; i++) {
2057 struct dsdb_dn *dsdb_dn;
2058 TALLOC_CTX *tmp_ctx = talloc_new(ctx->ldb);
2059 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
2061 status = dsdb_syntax_DN_validate_one_val(ctx,
2065 if (!W_ERROR_IS_OK(status)) {
2066 talloc_free(tmp_ctx);
2070 if (dsdb_dn->dn_format != DSDB_BINARY_DN) {
2071 talloc_free(tmp_ctx);
2072 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
2075 status = dsdb_syntax_DATA_BLOB_validate_one_val(ctx,
2077 &dsdb_dn->extra_part);
2078 if (!W_ERROR_IS_OK(status)) {
2079 talloc_free(tmp_ctx);
2083 talloc_free(tmp_ctx);
2089 static WERROR dsdb_syntax_DN_STRING_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
2090 const struct dsdb_attribute *attr,
2091 const struct drsuapi_DsReplicaAttribute *in,
2092 TALLOC_CTX *mem_ctx,
2093 struct ldb_message_element *out)
2095 return dsdb_syntax_DN_BINARY_drsuapi_to_ldb(ctx,
2102 static WERROR dsdb_syntax_DN_STRING_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
2103 const struct dsdb_attribute *attr,
2104 const struct ldb_message_element *in,
2105 TALLOC_CTX *mem_ctx,
2106 struct drsuapi_DsReplicaAttribute *out)
2108 return dsdb_syntax_DN_BINARY_ldb_to_drsuapi(ctx,
2115 static WERROR dsdb_syntax_DN_STRING_validate_ldb(const struct dsdb_syntax_ctx *ctx,
2116 const struct dsdb_attribute *attr,
2117 const struct ldb_message_element *in)
2121 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
2125 for (i=0; i < in->num_values; i++) {
2127 struct dsdb_dn *dsdb_dn;
2128 TALLOC_CTX *tmp_ctx = talloc_new(ctx->ldb);
2129 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
2131 status = dsdb_syntax_DN_validate_one_val(ctx,
2135 if (!W_ERROR_IS_OK(status)) {
2136 talloc_free(tmp_ctx);
2140 if (dsdb_dn->dn_format != DSDB_STRING_DN) {
2141 talloc_free(tmp_ctx);
2142 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
2145 status = dsdb_syntax_UNICODE_validate_one_val(ctx,
2147 &dsdb_dn->extra_part);
2148 if (!W_ERROR_IS_OK(status)) {
2149 talloc_free(tmp_ctx);
2153 talloc_free(tmp_ctx);
2159 static WERROR dsdb_syntax_PRESENTATION_ADDRESS_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
2160 const struct dsdb_attribute *attr,
2161 const struct drsuapi_DsReplicaAttribute *in,
2162 TALLOC_CTX *mem_ctx,
2163 struct ldb_message_element *out)
2168 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
2169 W_ERROR_HAVE_NO_MEMORY(out->name);
2171 out->num_values = in->value_ctr.num_values;
2172 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
2173 W_ERROR_HAVE_NO_MEMORY(out->values);
2175 for (i=0; i < out->num_values; i++) {
2179 if (in->value_ctr.values[i].blob == NULL) {
2183 if (in->value_ctr.values[i].blob->length < 4) {
2187 len = IVAL(in->value_ctr.values[i].blob->data, 0);
2189 if (len != in->value_ctr.values[i].blob->length) {
2193 if (!convert_string_talloc(out->values, CH_UTF16, CH_UNIX,
2194 in->value_ctr.values[i].blob->data+4,
2195 in->value_ctr.values[i].blob->length-4,
2196 (void **)&str, NULL, false)) {
2200 out->values[i] = data_blob_string_const(str);
2206 static WERROR dsdb_syntax_PRESENTATION_ADDRESS_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
2207 const struct dsdb_attribute *attr,
2208 const struct ldb_message_element *in,
2209 TALLOC_CTX *mem_ctx,
2210 struct drsuapi_DsReplicaAttribute *out)
2215 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
2219 out->attid = dsdb_attribute_get_attid(attr,
2221 out->value_ctr.num_values = in->num_values;
2222 out->value_ctr.values = talloc_array(mem_ctx,
2223 struct drsuapi_DsAttributeValue,
2225 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
2227 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
2228 W_ERROR_HAVE_NO_MEMORY(blobs);
2230 for (i=0; i < in->num_values; i++) {
2234 out->value_ctr.values[i].blob = &blobs[i];
2236 if (!convert_string_talloc(blobs, CH_UNIX, CH_UTF16,
2238 in->values[i].length,
2239 (void **)&data, &ret, false)) {
2243 blobs[i] = data_blob_talloc(blobs, NULL, 4 + ret);
2244 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
2246 SIVAL(blobs[i].data, 0, 4 + ret);
2249 memcpy(blobs[i].data + 4, data, ret);
2257 static WERROR dsdb_syntax_PRESENTATION_ADDRESS_validate_ldb(const struct dsdb_syntax_ctx *ctx,
2258 const struct dsdb_attribute *attr,
2259 const struct ldb_message_element *in)
2261 return dsdb_syntax_UNICODE_validate_ldb(ctx,
2266 #define OMOBJECTCLASS(val) { .length = sizeof(val) - 1, .data = discard_const_p(uint8_t, val) }
2268 static const struct dsdb_syntax dsdb_syntaxes[] = {
2271 .ldap_oid = LDB_SYNTAX_BOOLEAN,
2273 .attributeSyntax_oid = "2.5.5.8",
2274 .drsuapi_to_ldb = dsdb_syntax_BOOL_drsuapi_to_ldb,
2275 .ldb_to_drsuapi = dsdb_syntax_BOOL_ldb_to_drsuapi,
2276 .validate_ldb = dsdb_syntax_BOOL_validate_ldb,
2277 .equality = "booleanMatch",
2278 .comment = "Boolean"
2281 .ldap_oid = LDB_SYNTAX_INTEGER,
2283 .attributeSyntax_oid = "2.5.5.9",
2284 .drsuapi_to_ldb = dsdb_syntax_INT32_drsuapi_to_ldb,
2285 .ldb_to_drsuapi = dsdb_syntax_INT32_ldb_to_drsuapi,
2286 .validate_ldb = dsdb_syntax_INT32_validate_ldb,
2287 .equality = "integerMatch",
2288 .comment = "Integer",
2289 .ldb_syntax = LDB_SYNTAX_SAMBA_INT32
2291 .name = "String(Octet)",
2292 .ldap_oid = LDB_SYNTAX_OCTET_STRING,
2294 .attributeSyntax_oid = "2.5.5.10",
2295 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2296 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2297 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2298 .equality = "octetStringMatch",
2299 .comment = "Octet String",
2301 .name = "String(Sid)",
2302 .ldap_oid = LDB_SYNTAX_OCTET_STRING,
2304 .attributeSyntax_oid = "2.5.5.17",
2305 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2306 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2307 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2308 .equality = "octetStringMatch",
2309 .comment = "Octet String - Security Identifier (SID)",
2310 .ldb_syntax = LDB_SYNTAX_SAMBA_SID
2312 .name = "String(Object-Identifier)",
2313 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.38",
2315 .attributeSyntax_oid = "2.5.5.2",
2316 .drsuapi_to_ldb = dsdb_syntax_OID_drsuapi_to_ldb,
2317 .ldb_to_drsuapi = dsdb_syntax_OID_ldb_to_drsuapi,
2318 .validate_ldb = dsdb_syntax_OID_validate_ldb,
2319 .equality = "caseIgnoreMatch", /* Would use "objectIdentifierMatch" but most are ldap attribute/class names */
2320 .comment = "OID String",
2321 .ldb_syntax = LDB_SYNTAX_DIRECTORY_STRING
2323 .name = "Enumeration",
2324 .ldap_oid = LDB_SYNTAX_INTEGER,
2326 .attributeSyntax_oid = "2.5.5.9",
2327 .drsuapi_to_ldb = dsdb_syntax_INT32_drsuapi_to_ldb,
2328 .ldb_to_drsuapi = dsdb_syntax_INT32_ldb_to_drsuapi,
2329 .validate_ldb = dsdb_syntax_INT32_validate_ldb,
2330 .ldb_syntax = LDB_SYNTAX_SAMBA_INT32
2332 /* not used in w2k3 forest */
2333 .name = "String(Numeric)",
2334 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.36",
2336 .attributeSyntax_oid = "2.5.5.6",
2337 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2338 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2339 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2340 .equality = "numericStringMatch",
2341 .substring = "numericStringSubstringsMatch",
2342 .comment = "Numeric String",
2343 .ldb_syntax = LDB_SYNTAX_DIRECTORY_STRING,
2345 .name = "String(Printable)",
2346 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.44",
2348 .attributeSyntax_oid = "2.5.5.5",
2349 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2350 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2351 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2352 .ldb_syntax = LDB_SYNTAX_OCTET_STRING,
2354 .name = "String(Teletex)",
2355 .ldap_oid = "1.2.840.113556.1.4.905",
2357 .attributeSyntax_oid = "2.5.5.4",
2358 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2359 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2360 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2361 .equality = "caseIgnoreMatch",
2362 .substring = "caseIgnoreSubstringsMatch",
2363 .comment = "Case Insensitive String",
2364 .ldb_syntax = LDB_SYNTAX_DIRECTORY_STRING,
2366 .name = "String(IA5)",
2367 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.26",
2369 .attributeSyntax_oid = "2.5.5.5",
2370 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2371 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2372 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2373 .equality = "caseExactIA5Match",
2374 .comment = "Printable String",
2375 .ldb_syntax = LDB_SYNTAX_OCTET_STRING,
2377 .name = "String(UTC-Time)",
2378 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.53",
2380 .attributeSyntax_oid = "2.5.5.11",
2381 .drsuapi_to_ldb = dsdb_syntax_NTTIME_UTC_drsuapi_to_ldb,
2382 .ldb_to_drsuapi = dsdb_syntax_NTTIME_UTC_ldb_to_drsuapi,
2383 .validate_ldb = dsdb_syntax_NTTIME_UTC_validate_ldb,
2384 .equality = "generalizedTimeMatch",
2385 .comment = "UTC Time",
2387 .name = "String(Generalized-Time)",
2388 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.24",
2390 .attributeSyntax_oid = "2.5.5.11",
2391 .drsuapi_to_ldb = dsdb_syntax_NTTIME_drsuapi_to_ldb,
2392 .ldb_to_drsuapi = dsdb_syntax_NTTIME_ldb_to_drsuapi,
2393 .validate_ldb = dsdb_syntax_NTTIME_validate_ldb,
2394 .equality = "generalizedTimeMatch",
2395 .comment = "Generalized Time",
2396 .ldb_syntax = LDB_SYNTAX_UTC_TIME,
2398 /* not used in w2k3 schema */
2399 .name = "String(Case Sensitive)",
2400 .ldap_oid = "1.2.840.113556.1.4.1362",
2402 .attributeSyntax_oid = "2.5.5.3",
2403 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2404 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2405 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2406 .equality = "caseExactMatch",
2407 .substring = "caseExactSubstringsMatch",
2408 /* TODO (kim): according to LDAP rfc we should be using same comparison
2409 * as Directory String (LDB_SYNTAX_DIRECTORY_STRING), but case sensitive.
2410 * But according to ms docs binary compare should do the job:
2411 * http://msdn.microsoft.com/en-us/library/cc223200(v=PROT.10).aspx */
2412 .ldb_syntax = LDB_SYNTAX_OCTET_STRING,
2414 .name = "String(Unicode)",
2415 .ldap_oid = LDB_SYNTAX_DIRECTORY_STRING,
2417 .attributeSyntax_oid = "2.5.5.12",
2418 .drsuapi_to_ldb = dsdb_syntax_UNICODE_drsuapi_to_ldb,
2419 .ldb_to_drsuapi = dsdb_syntax_UNICODE_ldb_to_drsuapi,
2420 .validate_ldb = dsdb_syntax_UNICODE_validate_ldb,
2421 .equality = "caseIgnoreMatch",
2422 .substring = "caseIgnoreSubstringsMatch",
2423 .comment = "Directory String",
2425 .name = "Interval/LargeInteger",
2426 .ldap_oid = "1.2.840.113556.1.4.906",
2428 .attributeSyntax_oid = "2.5.5.16",
2429 .drsuapi_to_ldb = dsdb_syntax_INT64_drsuapi_to_ldb,
2430 .ldb_to_drsuapi = dsdb_syntax_INT64_ldb_to_drsuapi,
2431 .validate_ldb = dsdb_syntax_INT64_validate_ldb,
2432 .equality = "integerMatch",
2433 .comment = "Large Integer",
2434 .ldb_syntax = LDB_SYNTAX_INTEGER,
2436 .name = "String(NT-Sec-Desc)",
2437 .ldap_oid = LDB_SYNTAX_SAMBA_SECURITY_DESCRIPTOR,
2439 .attributeSyntax_oid = "2.5.5.15",
2440 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2441 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2442 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2444 .name = "Object(DS-DN)",
2445 .ldap_oid = LDB_SYNTAX_DN,
2447 .oMObjectClass = OMOBJECTCLASS("\x2b\x0c\x02\x87\x73\x1c\x00\x85\x4a"),
2448 .attributeSyntax_oid = "2.5.5.1",
2449 .drsuapi_to_ldb = dsdb_syntax_DN_drsuapi_to_ldb,
2450 .ldb_to_drsuapi = dsdb_syntax_DN_ldb_to_drsuapi,
2451 .validate_ldb = dsdb_syntax_DN_validate_ldb,
2452 .equality = "distinguishedNameMatch",
2453 .comment = "Object(DS-DN) == a DN",
2455 .name = "Object(DN-Binary)",
2456 .ldap_oid = DSDB_SYNTAX_BINARY_DN,
2458 .oMObjectClass = OMOBJECTCLASS("\x2a\x86\x48\x86\xf7\x14\x01\x01\x01\x0b"),
2459 .attributeSyntax_oid = "2.5.5.7",
2460 .drsuapi_to_ldb = dsdb_syntax_DN_BINARY_drsuapi_to_ldb,
2461 .ldb_to_drsuapi = dsdb_syntax_DN_BINARY_ldb_to_drsuapi,
2462 .validate_ldb = dsdb_syntax_DN_BINARY_validate_ldb,
2463 .equality = "octetStringMatch",
2464 .comment = "OctetString: Binary+DN",
2466 /* not used in w2k3 schema, but used in Exchange schema*/
2467 .name = "Object(OR-Name)",
2468 .ldap_oid = DSDB_SYNTAX_OR_NAME,
2470 .oMObjectClass = OMOBJECTCLASS("\x56\x06\x01\x02\x05\x0b\x1D"),
2471 .attributeSyntax_oid = "2.5.5.7",
2472 .drsuapi_to_ldb = dsdb_syntax_DN_BINARY_drsuapi_to_ldb,
2473 .ldb_to_drsuapi = dsdb_syntax_DN_BINARY_ldb_to_drsuapi,
2474 .validate_ldb = dsdb_syntax_DN_BINARY_validate_ldb,
2475 .equality = "caseIgnoreMatch",
2476 .ldb_syntax = LDB_SYNTAX_DN,
2479 * TODO: verify if DATA_BLOB is correct here...!
2481 * repsFrom and repsTo are the only attributes using
2482 * this attribute syntax, but they're not replicated...
2484 .name = "Object(Replica-Link)",
2485 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.40",
2487 .oMObjectClass = OMOBJECTCLASS("\x2a\x86\x48\x86\xf7\x14\x01\x01\x01\x06"),
2488 .attributeSyntax_oid = "2.5.5.10",
2489 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2490 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2491 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2493 .name = "Object(Presentation-Address)",
2494 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.43",
2496 .oMObjectClass = OMOBJECTCLASS("\x2b\x0c\x02\x87\x73\x1c\x00\x85\x5c"),
2497 .attributeSyntax_oid = "2.5.5.13",
2498 .drsuapi_to_ldb = dsdb_syntax_PRESENTATION_ADDRESS_drsuapi_to_ldb,
2499 .ldb_to_drsuapi = dsdb_syntax_PRESENTATION_ADDRESS_ldb_to_drsuapi,
2500 .validate_ldb = dsdb_syntax_PRESENTATION_ADDRESS_validate_ldb,
2501 .comment = "Presentation Address",
2502 .ldb_syntax = LDB_SYNTAX_DIRECTORY_STRING,
2504 /* not used in w2k3 schema */
2505 .name = "Object(Access-Point)",
2506 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.2",
2508 .oMObjectClass = OMOBJECTCLASS("\x2b\x0c\x02\x87\x73\x1c\x00\x85\x3e"),
2509 .attributeSyntax_oid = "2.5.5.14",
2510 .drsuapi_to_ldb = dsdb_syntax_FOOBAR_drsuapi_to_ldb,
2511 .ldb_to_drsuapi = dsdb_syntax_FOOBAR_ldb_to_drsuapi,
2512 .validate_ldb = dsdb_syntax_FOOBAR_validate_ldb,
2513 .ldb_syntax = LDB_SYNTAX_DIRECTORY_STRING,
2515 /* not used in w2k3 schema */
2516 .name = "Object(DN-String)",
2517 .ldap_oid = DSDB_SYNTAX_STRING_DN,
2519 .oMObjectClass = OMOBJECTCLASS("\x2a\x86\x48\x86\xf7\x14\x01\x01\x01\x0c"),
2520 .attributeSyntax_oid = "2.5.5.14",
2521 .drsuapi_to_ldb = dsdb_syntax_DN_STRING_drsuapi_to_ldb,
2522 .ldb_to_drsuapi = dsdb_syntax_DN_STRING_ldb_to_drsuapi,
2523 .validate_ldb = dsdb_syntax_DN_STRING_validate_ldb,
2524 .equality = "octetStringMatch",
2525 .comment = "OctetString: String+DN",
2529 const struct dsdb_syntax *find_syntax_map_by_ad_oid(const char *ad_oid)
2532 for (i=0; dsdb_syntaxes[i].ldap_oid; i++) {
2533 if (strcasecmp(ad_oid, dsdb_syntaxes[i].attributeSyntax_oid) == 0) {
2534 return &dsdb_syntaxes[i];
2540 const struct dsdb_syntax *find_syntax_map_by_ad_syntax(int oMSyntax)
2543 for (i=0; dsdb_syntaxes[i].ldap_oid; i++) {
2544 if (oMSyntax == dsdb_syntaxes[i].oMSyntax) {
2545 return &dsdb_syntaxes[i];
2551 const struct dsdb_syntax *find_syntax_map_by_standard_oid(const char *standard_oid)
2554 for (i=0; dsdb_syntaxes[i].ldap_oid; i++) {
2555 if (strcasecmp(standard_oid, dsdb_syntaxes[i].ldap_oid) == 0) {
2556 return &dsdb_syntaxes[i];
2562 const struct dsdb_syntax *dsdb_syntax_for_attribute(const struct dsdb_attribute *attr)
2566 for (i=0; i < ARRAY_SIZE(dsdb_syntaxes); i++) {
2567 if (attr->oMSyntax != dsdb_syntaxes[i].oMSyntax) continue;
2569 if (attr->oMObjectClass.length != dsdb_syntaxes[i].oMObjectClass.length) continue;
2571 if (attr->oMObjectClass.length) {
2573 ret = memcmp(attr->oMObjectClass.data,
2574 dsdb_syntaxes[i].oMObjectClass.data,
2575 attr->oMObjectClass.length);
2576 if (ret != 0) continue;
2579 if (strcmp(attr->attributeSyntax_oid, dsdb_syntaxes[i].attributeSyntax_oid) != 0) continue;
2581 return &dsdb_syntaxes[i];
2587 WERROR dsdb_attribute_drsuapi_to_ldb(struct ldb_context *ldb,
2588 const struct dsdb_schema *schema,
2589 const struct drsuapi_DsReplicaAttribute *in,
2590 TALLOC_CTX *mem_ctx,
2591 struct ldb_message_element *out)
2593 const struct dsdb_attribute *sa;
2594 struct dsdb_syntax_ctx syntax_ctx;
2596 sa = dsdb_attribute_by_attributeID_id(schema, in->attid);
2601 /* use default syntax conversion context */
2602 dsdb_syntax_ctx_init(&syntax_ctx, ldb, schema);
2604 return sa->syntax->drsuapi_to_ldb(&syntax_ctx, sa, in, mem_ctx, out);
2607 WERROR dsdb_attribute_ldb_to_drsuapi(struct ldb_context *ldb,
2608 const struct dsdb_schema *schema,
2609 const struct ldb_message_element *in,
2610 TALLOC_CTX *mem_ctx,
2611 struct drsuapi_DsReplicaAttribute *out)
2613 const struct dsdb_attribute *sa;
2614 struct dsdb_syntax_ctx syntax_ctx;
2616 sa = dsdb_attribute_by_lDAPDisplayName(schema, in->name);
2621 /* use default syntax conversion context */
2622 dsdb_syntax_ctx_init(&syntax_ctx, ldb, schema);
2624 return sa->syntax->ldb_to_drsuapi(&syntax_ctx, sa, in, mem_ctx, out);
git.samba.org / metze / samba / wip.git / blob