2 Unix SMB/CIFS mplementation.
5 Copyright (C) Stefan Metzmacher <metze@samba.org> 2006
6 Copyright (C) Simo Sorce 2005
7 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2008
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #include "dsdb/samdb/samdb.h"
25 #include "librpc/gen_ndr/ndr_drsuapi.h"
26 #include "librpc/gen_ndr/ndr_security.h"
27 #include "librpc/gen_ndr/ndr_misc.h"
28 #include "lib/ldb/include/ldb.h"
29 #include "lib/ldb/include/ldb_errors.h"
30 #include "system/time.h"
31 #include "../lib/util/charset/charset.h"
32 #include "librpc/ndr/libndr.h"
33 #include "../lib/util/asn1.h"
36 * Initialize dsdb_syntax_ctx with default values
39 void dsdb_syntax_ctx_init(struct dsdb_syntax_ctx *ctx,
40 struct ldb_context *ldb,
41 const struct dsdb_schema *schema)
47 * 'true' will keep current behavior,
48 * i.e. attributeID_id will be returned by default
50 ctx->is_schema_nc = true;
55 * Returns ATTID for DRS attribute.
57 * ATTID depends on whether we are replicating
58 * Schema NC or msDs-IntId is set for schemaAttribute
61 uint32_t dsdb_attribute_get_attid(const struct dsdb_attribute *attr,
64 if (!for_schema_nc && attr->msDS_IntId) {
65 return attr->msDS_IntId;
68 return attr->attributeID_id;
72 static WERROR dsdb_syntax_FOOBAR_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
73 const struct dsdb_attribute *attr,
74 const struct drsuapi_DsReplicaAttribute *in,
76 struct ldb_message_element *out)
81 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
82 W_ERROR_HAVE_NO_MEMORY(out->name);
84 out->num_values = in->value_ctr.num_values;
85 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
86 W_ERROR_HAVE_NO_MEMORY(out->values);
88 for (i=0; i < out->num_values; i++) {
91 if (in->value_ctr.values[i].blob == NULL) {
95 str = talloc_asprintf(out->values, "%s: not implemented",
97 W_ERROR_HAVE_NO_MEMORY(str);
99 out->values[i] = data_blob_string_const(str);
105 static WERROR dsdb_syntax_FOOBAR_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
106 const struct dsdb_attribute *attr,
107 const struct ldb_message_element *in,
109 struct drsuapi_DsReplicaAttribute *out)
114 static WERROR dsdb_syntax_FOOBAR_validate_ldb(const struct dsdb_syntax_ctx *ctx,
115 const struct dsdb_attribute *attr,
116 const struct ldb_message_element *in)
121 static WERROR dsdb_syntax_BOOL_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
122 const struct dsdb_attribute *attr,
123 const struct drsuapi_DsReplicaAttribute *in,
125 struct ldb_message_element *out)
130 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
131 W_ERROR_HAVE_NO_MEMORY(out->name);
133 out->num_values = in->value_ctr.num_values;
134 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
135 W_ERROR_HAVE_NO_MEMORY(out->values);
137 for (i=0; i < out->num_values; i++) {
141 if (in->value_ctr.values[i].blob == NULL) {
145 if (in->value_ctr.values[i].blob->length != 4) {
149 v = IVAL(in->value_ctr.values[i].blob->data, 0);
152 str = talloc_strdup(out->values, "TRUE");
153 W_ERROR_HAVE_NO_MEMORY(str);
155 str = talloc_strdup(out->values, "FALSE");
156 W_ERROR_HAVE_NO_MEMORY(str);
159 out->values[i] = data_blob_string_const(str);
165 static WERROR dsdb_syntax_BOOL_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
166 const struct dsdb_attribute *attr,
167 const struct ldb_message_element *in,
169 struct drsuapi_DsReplicaAttribute *out)
174 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
178 out->attid = dsdb_attribute_get_attid(attr,
180 out->value_ctr.num_values = in->num_values;
181 out->value_ctr.values = talloc_array(mem_ctx,
182 struct drsuapi_DsAttributeValue,
184 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
186 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
187 W_ERROR_HAVE_NO_MEMORY(blobs);
189 for (i=0; i < in->num_values; i++) {
190 out->value_ctr.values[i].blob = &blobs[i];
192 blobs[i] = data_blob_talloc(blobs, NULL, 4);
193 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
195 if (strcmp("TRUE", (const char *)in->values[i].data) == 0) {
196 SIVAL(blobs[i].data, 0, 0x00000001);
197 } else if (strcmp("FALSE", (const char *)in->values[i].data) == 0) {
198 SIVAL(blobs[i].data, 0, 0x00000000);
207 static WERROR dsdb_syntax_BOOL_validate_ldb(const struct dsdb_syntax_ctx *ctx,
208 const struct dsdb_attribute *attr,
209 const struct ldb_message_element *in)
213 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
217 for (i=0; i < in->num_values; i++) {
221 (const char *)in->values[i].data,
222 in->values[i].length);
224 (const char *)in->values[i].data,
225 in->values[i].length);
227 if (t != 0 && f != 0) {
228 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
235 static WERROR dsdb_syntax_INT32_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
236 const struct dsdb_attribute *attr,
237 const struct drsuapi_DsReplicaAttribute *in,
239 struct ldb_message_element *out)
244 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
245 W_ERROR_HAVE_NO_MEMORY(out->name);
247 out->num_values = in->value_ctr.num_values;
248 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
249 W_ERROR_HAVE_NO_MEMORY(out->values);
251 for (i=0; i < out->num_values; i++) {
255 if (in->value_ctr.values[i].blob == NULL) {
259 if (in->value_ctr.values[i].blob->length != 4) {
263 v = IVALS(in->value_ctr.values[i].blob->data, 0);
265 str = talloc_asprintf(out->values, "%d", v);
266 W_ERROR_HAVE_NO_MEMORY(str);
268 out->values[i] = data_blob_string_const(str);
274 static WERROR dsdb_syntax_INT32_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
275 const struct dsdb_attribute *attr,
276 const struct ldb_message_element *in,
278 struct drsuapi_DsReplicaAttribute *out)
283 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
287 out->attid = dsdb_attribute_get_attid(attr,
289 out->value_ctr.num_values = in->num_values;
290 out->value_ctr.values = talloc_array(mem_ctx,
291 struct drsuapi_DsAttributeValue,
293 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
295 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
296 W_ERROR_HAVE_NO_MEMORY(blobs);
298 for (i=0; i < in->num_values; i++) {
301 out->value_ctr.values[i].blob = &blobs[i];
303 blobs[i] = data_blob_talloc(blobs, NULL, 4);
304 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
306 /* We've to use "strtoll" here to have the intended overflows.
307 * Otherwise we may get "LONG_MAX" and the conversion is wrong. */
308 v = (int32_t) strtoll((char *)in->values[i].data, NULL, 0);
310 SIVALS(blobs[i].data, 0, v);
316 static WERROR dsdb_syntax_INT32_validate_ldb(const struct dsdb_syntax_ctx *ctx,
317 const struct dsdb_attribute *attr,
318 const struct ldb_message_element *in)
322 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
326 for (i=0; i < in->num_values; i++) {
328 char buf[sizeof("-2147483648")];
332 if (in->values[i].length >= sizeof(buf)) {
333 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
336 memcpy(buf, in->values[i].data, in->values[i].length);
338 v = strtol(buf, &end, 10);
340 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
342 if (end && end[0] != '\0') {
343 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
346 if (attr->rangeLower) {
347 if ((int32_t)v < (int32_t)*attr->rangeLower) {
348 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
352 if (attr->rangeUpper) {
353 if ((int32_t)v > (int32_t)*attr->rangeUpper) {
354 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
362 static WERROR dsdb_syntax_INT64_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
363 const struct dsdb_attribute *attr,
364 const struct drsuapi_DsReplicaAttribute *in,
366 struct ldb_message_element *out)
371 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
372 W_ERROR_HAVE_NO_MEMORY(out->name);
374 out->num_values = in->value_ctr.num_values;
375 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
376 W_ERROR_HAVE_NO_MEMORY(out->values);
378 for (i=0; i < out->num_values; i++) {
382 if (in->value_ctr.values[i].blob == NULL) {
386 if (in->value_ctr.values[i].blob->length != 8) {
390 v = BVALS(in->value_ctr.values[i].blob->data, 0);
392 str = talloc_asprintf(out->values, "%lld", (long long int)v);
393 W_ERROR_HAVE_NO_MEMORY(str);
395 out->values[i] = data_blob_string_const(str);
401 static WERROR dsdb_syntax_INT64_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
402 const struct dsdb_attribute *attr,
403 const struct ldb_message_element *in,
405 struct drsuapi_DsReplicaAttribute *out)
410 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
414 out->attid = dsdb_attribute_get_attid(attr,
416 out->value_ctr.num_values = in->num_values;
417 out->value_ctr.values = talloc_array(mem_ctx,
418 struct drsuapi_DsAttributeValue,
420 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
422 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
423 W_ERROR_HAVE_NO_MEMORY(blobs);
425 for (i=0; i < in->num_values; i++) {
428 out->value_ctr.values[i].blob = &blobs[i];
430 blobs[i] = data_blob_talloc(blobs, NULL, 8);
431 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
433 v = strtoll((const char *)in->values[i].data, NULL, 10);
435 SBVALS(blobs[i].data, 0, v);
441 static WERROR dsdb_syntax_INT64_validate_ldb(const struct dsdb_syntax_ctx *ctx,
442 const struct dsdb_attribute *attr,
443 const struct ldb_message_element *in)
447 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
451 for (i=0; i < in->num_values; i++) {
453 char buf[sizeof("-9223372036854775808")];
457 if (in->values[i].length >= sizeof(buf)) {
458 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
460 memcpy(buf, in->values[i].data, in->values[i].length);
463 v = strtoll(buf, &end, 10);
465 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
467 if (end && end[0] != '\0') {
468 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
471 if (attr->rangeLower) {
472 if ((int64_t)v < (int64_t)*attr->rangeLower) {
473 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
477 if (attr->rangeUpper) {
478 if ((int64_t)v > (int64_t)*attr->rangeUpper) {
479 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
486 static WERROR dsdb_syntax_NTTIME_UTC_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
487 const struct dsdb_attribute *attr,
488 const struct drsuapi_DsReplicaAttribute *in,
490 struct ldb_message_element *out)
495 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
496 W_ERROR_HAVE_NO_MEMORY(out->name);
498 out->num_values = in->value_ctr.num_values;
499 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
500 W_ERROR_HAVE_NO_MEMORY(out->values);
502 for (i=0; i < out->num_values; i++) {
507 if (in->value_ctr.values[i].blob == NULL) {
511 if (in->value_ctr.values[i].blob->length != 8) {
515 v = BVAL(in->value_ctr.values[i].blob->data, 0);
517 t = nt_time_to_unix(v);
520 * NOTE: On a w2k3 server you can set a GeneralizedTime string
521 * via LDAP, but you get back an UTCTime string,
522 * but via DRSUAPI you get back the NTTIME_1sec value
523 * that represents the GeneralizedTime value!
525 * So if we store the UTCTime string in our ldb
526 * we'll loose information!
528 str = ldb_timestring_utc(out->values, t);
529 W_ERROR_HAVE_NO_MEMORY(str);
530 out->values[i] = data_blob_string_const(str);
536 static WERROR dsdb_syntax_NTTIME_UTC_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
537 const struct dsdb_attribute *attr,
538 const struct ldb_message_element *in,
540 struct drsuapi_DsReplicaAttribute *out)
545 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
549 out->attid = dsdb_attribute_get_attid(attr,
551 out->value_ctr.num_values = in->num_values;
552 out->value_ctr.values = talloc_array(mem_ctx,
553 struct drsuapi_DsAttributeValue,
555 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
557 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
558 W_ERROR_HAVE_NO_MEMORY(blobs);
560 for (i=0; i < in->num_values; i++) {
564 out->value_ctr.values[i].blob = &blobs[i];
566 blobs[i] = data_blob_talloc(blobs, NULL, 8);
567 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
569 t = ldb_string_utc_to_time((const char *)in->values[i].data);
570 unix_to_nt_time(&v, t);
573 SBVAL(blobs[i].data, 0, v);
579 static WERROR dsdb_syntax_NTTIME_UTC_validate_ldb(const struct dsdb_syntax_ctx *ctx,
580 const struct dsdb_attribute *attr,
581 const struct ldb_message_element *in)
585 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
589 for (i=0; i < in->num_values; i++) {
591 char buf[sizeof("090826075717Z")];
594 if (in->values[i].length >= sizeof(buf)) {
595 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
597 memcpy(buf, in->values[i].data, in->values[i].length);
600 t = ldb_string_utc_to_time(buf);
602 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
605 if (attr->rangeLower) {
606 if ((int32_t)t < (int32_t)*attr->rangeLower) {
607 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
611 if (attr->rangeUpper) {
612 if ((int32_t)t > (int32_t)*attr->rangeLower) {
613 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
618 * TODO: verify the comment in the
619 * dsdb_syntax_NTTIME_UTC_drsuapi_to_ldb() function!
626 static WERROR dsdb_syntax_NTTIME_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
627 const struct dsdb_attribute *attr,
628 const struct drsuapi_DsReplicaAttribute *in,
630 struct ldb_message_element *out)
635 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
636 W_ERROR_HAVE_NO_MEMORY(out->name);
638 out->num_values = in->value_ctr.num_values;
639 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
640 W_ERROR_HAVE_NO_MEMORY(out->values);
642 for (i=0; i < out->num_values; i++) {
647 if (in->value_ctr.values[i].blob == NULL) {
651 if (in->value_ctr.values[i].blob->length != 8) {
655 v = BVAL(in->value_ctr.values[i].blob->data, 0);
657 t = nt_time_to_unix(v);
659 str = ldb_timestring(out->values, t);
660 W_ERROR_HAVE_NO_MEMORY(str);
662 out->values[i] = data_blob_string_const(str);
668 static WERROR dsdb_syntax_NTTIME_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
669 const struct dsdb_attribute *attr,
670 const struct ldb_message_element *in,
672 struct drsuapi_DsReplicaAttribute *out)
677 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
681 out->attid = dsdb_attribute_get_attid(attr,
683 out->value_ctr.num_values = in->num_values;
684 out->value_ctr.values = talloc_array(mem_ctx,
685 struct drsuapi_DsAttributeValue,
687 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
689 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
690 W_ERROR_HAVE_NO_MEMORY(blobs);
692 for (i=0; i < in->num_values; i++) {
697 out->value_ctr.values[i].blob = &blobs[i];
699 blobs[i] = data_blob_talloc(blobs, NULL, 8);
700 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
702 ret = ldb_val_to_time(&in->values[i], &t);
703 if (ret != LDB_SUCCESS) {
704 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
706 unix_to_nt_time(&v, t);
709 SBVAL(blobs[i].data, 0, v);
715 static WERROR dsdb_syntax_NTTIME_validate_ldb(const struct dsdb_syntax_ctx *ctx,
716 const struct dsdb_attribute *attr,
717 const struct ldb_message_element *in)
721 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
725 for (i=0; i < in->num_values; i++) {
729 ret = ldb_val_to_time(&in->values[i], &t);
730 if (ret != LDB_SUCCESS) {
731 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
734 if (attr->rangeLower) {
735 if ((int32_t)t < (int32_t)*attr->rangeLower) {
736 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
740 if (attr->rangeUpper) {
741 if ((int32_t)t > (int32_t)*attr->rangeLower) {
742 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
750 static WERROR dsdb_syntax_DATA_BLOB_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
751 const struct dsdb_attribute *attr,
752 const struct drsuapi_DsReplicaAttribute *in,
754 struct ldb_message_element *out)
759 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
760 W_ERROR_HAVE_NO_MEMORY(out->name);
762 out->num_values = in->value_ctr.num_values;
763 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
764 W_ERROR_HAVE_NO_MEMORY(out->values);
766 for (i=0; i < out->num_values; i++) {
767 if (in->value_ctr.values[i].blob == NULL) {
771 if (in->value_ctr.values[i].blob->length == 0) {
775 out->values[i] = data_blob_dup_talloc(out->values,
776 in->value_ctr.values[i].blob);
777 W_ERROR_HAVE_NO_MEMORY(out->values[i].data);
783 static WERROR dsdb_syntax_DATA_BLOB_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
784 const struct dsdb_attribute *attr,
785 const struct ldb_message_element *in,
787 struct drsuapi_DsReplicaAttribute *out)
792 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
796 out->attid = dsdb_attribute_get_attid(attr,
798 out->value_ctr.num_values = in->num_values;
799 out->value_ctr.values = talloc_array(mem_ctx,
800 struct drsuapi_DsAttributeValue,
802 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
804 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
805 W_ERROR_HAVE_NO_MEMORY(blobs);
807 for (i=0; i < in->num_values; i++) {
808 out->value_ctr.values[i].blob = &blobs[i];
810 blobs[i] = data_blob_dup_talloc(blobs, &in->values[i]);
811 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
817 static WERROR dsdb_syntax_DATA_BLOB_validate_one_val(const struct dsdb_syntax_ctx *ctx,
818 const struct dsdb_attribute *attr,
819 const struct ldb_val *val)
821 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
825 if (attr->rangeLower) {
826 if ((uint32_t)val->length < (uint32_t)*attr->rangeLower) {
827 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
831 if (attr->rangeUpper) {
832 if ((uint32_t)val->length > (uint32_t)*attr->rangeUpper) {
833 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
840 static WERROR dsdb_syntax_DATA_BLOB_validate_ldb(const struct dsdb_syntax_ctx *ctx,
841 const struct dsdb_attribute *attr,
842 const struct ldb_message_element *in)
847 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
851 for (i=0; i < in->num_values; i++) {
852 if (in->values[i].length == 0) {
853 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
856 status = dsdb_syntax_DATA_BLOB_validate_one_val(ctx,
859 if (!W_ERROR_IS_OK(status)) {
867 static WERROR _dsdb_syntax_auto_OID_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
868 const struct dsdb_attribute *attr,
869 const struct drsuapi_DsReplicaAttribute *in,
871 struct ldb_message_element *out)
876 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
877 W_ERROR_HAVE_NO_MEMORY(out->name);
879 out->num_values = in->value_ctr.num_values;
880 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
881 W_ERROR_HAVE_NO_MEMORY(out->values);
883 for (i=0; i < out->num_values; i++) {
885 const struct dsdb_class *c;
886 const struct dsdb_attribute *a;
887 const char *str = NULL;
889 if (in->value_ctr.values[i].blob == NULL) {
893 if (in->value_ctr.values[i].blob->length != 4) {
897 v = IVAL(in->value_ctr.values[i].blob->data, 0);
899 if ((c = dsdb_class_by_governsID_id(ctx->schema, v))) {
900 str = talloc_strdup(out->values, c->lDAPDisplayName);
901 } else if ((a = dsdb_attribute_by_attributeID_id(ctx->schema, v))) {
902 str = talloc_strdup(out->values, a->lDAPDisplayName);
905 werr = dsdb_schema_pfm_oid_from_attid(ctx->schema->prefixmap, v, out->values, &str);
906 W_ERROR_NOT_OK_RETURN(werr);
908 W_ERROR_HAVE_NO_MEMORY(str);
910 /* the values need to be reversed */
911 out->values[out->num_values - (i + 1)] = data_blob_string_const(str);
917 static WERROR _dsdb_syntax_OID_obj_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
918 const struct dsdb_attribute *attr,
919 const struct drsuapi_DsReplicaAttribute *in,
921 struct ldb_message_element *out)
926 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
927 W_ERROR_HAVE_NO_MEMORY(out->name);
929 out->num_values = in->value_ctr.num_values;
930 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
931 W_ERROR_HAVE_NO_MEMORY(out->values);
933 for (i=0; i < out->num_values; i++) {
935 const struct dsdb_class *c;
938 if (in->value_ctr.values[i].blob == NULL) {
942 if (in->value_ctr.values[i].blob->length != 4) {
946 v = IVAL(in->value_ctr.values[i].blob->data, 0);
948 c = dsdb_class_by_governsID_id(ctx->schema, v);
953 str = talloc_strdup(out->values, c->lDAPDisplayName);
954 W_ERROR_HAVE_NO_MEMORY(str);
956 /* the values need to be reversed */
957 out->values[out->num_values - (i + 1)] = data_blob_string_const(str);
963 static WERROR _dsdb_syntax_OID_attr_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
964 const struct dsdb_attribute *attr,
965 const struct drsuapi_DsReplicaAttribute *in,
967 struct ldb_message_element *out)
972 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
973 W_ERROR_HAVE_NO_MEMORY(out->name);
975 out->num_values = in->value_ctr.num_values;
976 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
977 W_ERROR_HAVE_NO_MEMORY(out->values);
979 for (i=0; i < out->num_values; i++) {
981 const struct dsdb_attribute *a;
984 if (in->value_ctr.values[i].blob == NULL) {
988 if (in->value_ctr.values[i].blob->length != 4) {
992 v = IVAL(in->value_ctr.values[i].blob->data, 0);
994 a = dsdb_attribute_by_attributeID_id(ctx->schema, v);
999 str = talloc_strdup(out->values, a->lDAPDisplayName);
1000 W_ERROR_HAVE_NO_MEMORY(str);
1002 /* the values need to be reversed */
1003 out->values[out->num_values - (i + 1)] = data_blob_string_const(str);
1009 static WERROR _dsdb_syntax_OID_oid_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
1010 const struct dsdb_attribute *attr,
1011 const struct drsuapi_DsReplicaAttribute *in,
1012 TALLOC_CTX *mem_ctx,
1013 struct ldb_message_element *out)
1018 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
1019 W_ERROR_HAVE_NO_MEMORY(out->name);
1021 out->num_values = in->value_ctr.num_values;
1022 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
1023 W_ERROR_HAVE_NO_MEMORY(out->values);
1025 for (i=0; i < out->num_values; i++) {
1030 if (in->value_ctr.values[i].blob == NULL) {
1034 if (in->value_ctr.values[i].blob->length != 4) {
1038 attid = IVAL(in->value_ctr.values[i].blob->data, 0);
1040 status = dsdb_schema_pfm_oid_from_attid(ctx->schema->prefixmap, attid, out->values, &oid);
1041 W_ERROR_NOT_OK_RETURN(status);
1043 out->values[i] = data_blob_string_const(oid);
1049 static WERROR _dsdb_syntax_auto_OID_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
1050 const struct dsdb_attribute *attr,
1051 const struct ldb_message_element *in,
1052 TALLOC_CTX *mem_ctx,
1053 struct drsuapi_DsReplicaAttribute *out)
1058 out->attid= dsdb_attribute_get_attid(attr,
1060 out->value_ctr.num_values= in->num_values;
1061 out->value_ctr.values= talloc_array(mem_ctx,
1062 struct drsuapi_DsAttributeValue,
1064 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
1066 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
1067 W_ERROR_HAVE_NO_MEMORY(blobs);
1069 for (i=0; i < in->num_values; i++) {
1070 const struct dsdb_class *obj_class;
1071 const struct dsdb_attribute *obj_attr;
1074 out->value_ctr.values[i].blob= &blobs[i];
1076 blobs[i] = data_blob_talloc(blobs, NULL, 4);
1077 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
1079 /* in DRS windows puts the classes in the opposite
1080 order to the order used in ldap */
1081 v = &in->values[(in->num_values-1)-i];
1083 if ((obj_class = dsdb_class_by_lDAPDisplayName_ldb_val(ctx->schema, v))) {
1084 SIVAL(blobs[i].data, 0, obj_class->governsID_id);
1085 } else if ((obj_attr = dsdb_attribute_by_lDAPDisplayName_ldb_val(ctx->schema, v))) {
1086 SIVAL(blobs[i].data, 0, obj_attr->attributeID_id);
1090 werr = dsdb_schema_pfm_attid_from_oid(ctx->schema->prefixmap,
1091 (const char *)v->data,
1093 W_ERROR_NOT_OK_RETURN(werr);
1094 SIVAL(blobs[i].data, 0, attid);
1103 static WERROR _dsdb_syntax_OID_obj_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
1104 const struct dsdb_attribute *attr,
1105 const struct ldb_message_element *in,
1106 TALLOC_CTX *mem_ctx,
1107 struct drsuapi_DsReplicaAttribute *out)
1112 out->attid= dsdb_attribute_get_attid(attr,
1114 out->value_ctr.num_values= in->num_values;
1115 out->value_ctr.values= talloc_array(mem_ctx,
1116 struct drsuapi_DsAttributeValue,
1118 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
1120 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
1121 W_ERROR_HAVE_NO_MEMORY(blobs);
1123 for (i=0; i < in->num_values; i++) {
1124 const struct dsdb_class *obj_class;
1126 out->value_ctr.values[i].blob= &blobs[i];
1128 blobs[i] = data_blob_talloc(blobs, NULL, 4);
1129 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
1131 /* in DRS windows puts the classes in the opposite
1132 order to the order used in ldap */
1133 obj_class = dsdb_class_by_lDAPDisplayName(ctx->schema,
1134 (const char *)in->values[(in->num_values-1)-i].data);
1138 SIVAL(blobs[i].data, 0, obj_class->governsID_id);
1145 static WERROR _dsdb_syntax_OID_attr_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
1146 const struct dsdb_attribute *attr,
1147 const struct ldb_message_element *in,
1148 TALLOC_CTX *mem_ctx,
1149 struct drsuapi_DsReplicaAttribute *out)
1154 out->attid= dsdb_attribute_get_attid(attr,
1156 out->value_ctr.num_values= in->num_values;
1157 out->value_ctr.values= talloc_array(mem_ctx,
1158 struct drsuapi_DsAttributeValue,
1160 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
1162 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
1163 W_ERROR_HAVE_NO_MEMORY(blobs);
1165 for (i=0; i < in->num_values; i++) {
1166 const struct dsdb_attribute *obj_attr;
1168 out->value_ctr.values[i].blob= &blobs[i];
1170 blobs[i] = data_blob_talloc(blobs, NULL, 4);
1171 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
1173 obj_attr = dsdb_attribute_by_lDAPDisplayName(ctx->schema, (const char *)in->values[i].data);
1177 SIVAL(blobs[i].data, 0, obj_attr->attributeID_id);
1184 static WERROR _dsdb_syntax_OID_oid_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
1185 const struct dsdb_attribute *attr,
1186 const struct ldb_message_element *in,
1187 TALLOC_CTX *mem_ctx,
1188 struct drsuapi_DsReplicaAttribute *out)
1193 out->attid= dsdb_attribute_get_attid(attr,
1195 out->value_ctr.num_values= in->num_values;
1196 out->value_ctr.values= talloc_array(mem_ctx,
1197 struct drsuapi_DsAttributeValue,
1199 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
1201 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
1202 W_ERROR_HAVE_NO_MEMORY(blobs);
1204 for (i=0; i < in->num_values; i++) {
1208 out->value_ctr.values[i].blob= &blobs[i];
1210 blobs[i] = data_blob_talloc(blobs, NULL, 4);
1211 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
1213 status = dsdb_schema_pfm_attid_from_oid(ctx->schema->prefixmap,
1214 (const char *)in->values[i].data,
1216 W_ERROR_NOT_OK_RETURN(status);
1218 SIVAL(blobs[i].data, 0, attid);
1224 static WERROR dsdb_syntax_OID_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
1225 const struct dsdb_attribute *attr,
1226 const struct drsuapi_DsReplicaAttribute *in,
1227 TALLOC_CTX *mem_ctx,
1228 struct ldb_message_element *out)
1232 switch (attr->attributeID_id) {
1233 case DRSUAPI_ATTID_objectClass:
1234 case DRSUAPI_ATTID_subClassOf:
1235 case DRSUAPI_ATTID_auxiliaryClass:
1236 case DRSUAPI_ATTID_systemAuxiliaryClass:
1237 case DRSUAPI_ATTID_systemPossSuperiors:
1238 case DRSUAPI_ATTID_possSuperiors:
1239 werr = _dsdb_syntax_OID_obj_drsuapi_to_ldb(ctx, attr, in, mem_ctx, out);
1241 case DRSUAPI_ATTID_systemMustContain:
1242 case DRSUAPI_ATTID_systemMayContain:
1243 case DRSUAPI_ATTID_mustContain:
1244 case DRSUAPI_ATTID_rDNAttId:
1245 case DRSUAPI_ATTID_transportAddressAttribute:
1246 case DRSUAPI_ATTID_mayContain:
1247 werr = _dsdb_syntax_OID_attr_drsuapi_to_ldb(ctx, attr, in, mem_ctx, out);
1249 case DRSUAPI_ATTID_governsID:
1250 case DRSUAPI_ATTID_attributeID:
1251 case DRSUAPI_ATTID_attributeSyntax:
1252 werr = _dsdb_syntax_OID_oid_drsuapi_to_ldb(ctx, attr, in, mem_ctx, out);
1255 DEBUG(0,(__location__ ": Unknown handling for attributeID_id for %s\n",
1256 attr->lDAPDisplayName));
1257 return _dsdb_syntax_auto_OID_drsuapi_to_ldb(ctx, attr, in, mem_ctx, out);
1260 /* When we are doing the vampire of a schema, we don't want
1261 * the inability to reference an OID to get in the way.
1262 * Otherwise, we won't get the new schema with which to
1263 * understand this */
1264 if (!W_ERROR_IS_OK(werr) && ctx->schema->relax_OID_conversions) {
1265 return _dsdb_syntax_OID_oid_drsuapi_to_ldb(ctx, attr, in, mem_ctx, out);
1270 static WERROR dsdb_syntax_OID_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
1271 const struct dsdb_attribute *attr,
1272 const struct ldb_message_element *in,
1273 TALLOC_CTX *mem_ctx,
1274 struct drsuapi_DsReplicaAttribute *out)
1276 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
1280 switch (attr->attributeID_id) {
1281 case DRSUAPI_ATTID_objectClass:
1282 case DRSUAPI_ATTID_subClassOf:
1283 case DRSUAPI_ATTID_auxiliaryClass:
1284 case DRSUAPI_ATTID_systemAuxiliaryClass:
1285 case DRSUAPI_ATTID_systemPossSuperiors:
1286 case DRSUAPI_ATTID_possSuperiors:
1287 return _dsdb_syntax_OID_obj_ldb_to_drsuapi(ctx, attr, in, mem_ctx, out);
1288 case DRSUAPI_ATTID_systemMustContain:
1289 case DRSUAPI_ATTID_systemMayContain:
1290 case DRSUAPI_ATTID_mustContain:
1291 case DRSUAPI_ATTID_rDNAttId:
1292 case DRSUAPI_ATTID_transportAddressAttribute:
1293 case DRSUAPI_ATTID_mayContain:
1294 return _dsdb_syntax_OID_attr_ldb_to_drsuapi(ctx, attr, in, mem_ctx, out);
1295 case DRSUAPI_ATTID_governsID:
1296 case DRSUAPI_ATTID_attributeID:
1297 case DRSUAPI_ATTID_attributeSyntax:
1298 return _dsdb_syntax_OID_oid_ldb_to_drsuapi(ctx, attr, in, mem_ctx, out);
1301 DEBUG(0,(__location__ ": Unknown handling for attributeID_id for %s\n",
1302 attr->lDAPDisplayName));
1304 return _dsdb_syntax_auto_OID_ldb_to_drsuapi(ctx, attr, in, mem_ctx, out);
1307 static WERROR _dsdb_syntax_OID_validate_numericoid(const struct dsdb_syntax_ctx *ctx,
1308 const struct dsdb_attribute *attr,
1309 const struct ldb_message_element *in)
1312 TALLOC_CTX *tmp_ctx;
1314 tmp_ctx = talloc_new(ctx->ldb);
1315 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
1317 for (i=0; i < in->num_values; i++) {
1319 const char *oid_out;
1320 const char *oid = (const char*)in->values[i].data;
1322 if (!ber_write_OID_String(tmp_ctx, &blob, oid)) {
1323 DEBUG(0,("ber_write_OID_String() failed for %s\n", oid));
1324 talloc_free(tmp_ctx);
1325 return WERR_INVALID_PARAMETER;
1328 if (!ber_read_OID_String(tmp_ctx, blob, &oid_out)) {
1329 DEBUG(0,("ber_read_OID_String() failed for %s\n",
1330 hex_encode_talloc(tmp_ctx, blob.data, blob.length)));
1331 talloc_free(tmp_ctx);
1332 return WERR_INVALID_PARAMETER;
1335 if (strcmp(oid, oid_out) != 0) {
1336 talloc_free(tmp_ctx);
1337 return WERR_INVALID_PARAMETER;
1341 talloc_free(tmp_ctx);
1345 static WERROR dsdb_syntax_OID_validate_ldb(const struct dsdb_syntax_ctx *ctx,
1346 const struct dsdb_attribute *attr,
1347 const struct ldb_message_element *in)
1350 struct drsuapi_DsReplicaAttribute drs_tmp;
1351 struct ldb_message_element ldb_tmp;
1352 TALLOC_CTX *tmp_ctx;
1354 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
1358 switch (attr->attributeID_id) {
1359 case DRSUAPI_ATTID_governsID:
1360 case DRSUAPI_ATTID_attributeID:
1361 case DRSUAPI_ATTID_attributeSyntax:
1362 return _dsdb_syntax_OID_validate_numericoid(ctx, attr, in);
1366 * TODO: optimize and verify this code
1369 tmp_ctx = talloc_new(ctx->ldb);
1370 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
1372 status = dsdb_syntax_OID_ldb_to_drsuapi(ctx,
1377 if (!W_ERROR_IS_OK(status)) {
1378 talloc_free(tmp_ctx);
1382 status = dsdb_syntax_OID_drsuapi_to_ldb(ctx,
1387 if (!W_ERROR_IS_OK(status)) {
1388 talloc_free(tmp_ctx);
1392 talloc_free(tmp_ctx);
1396 static WERROR dsdb_syntax_UNICODE_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
1397 const struct dsdb_attribute *attr,
1398 const struct drsuapi_DsReplicaAttribute *in,
1399 TALLOC_CTX *mem_ctx,
1400 struct ldb_message_element *out)
1405 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
1406 W_ERROR_HAVE_NO_MEMORY(out->name);
1408 out->num_values = in->value_ctr.num_values;
1409 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
1410 W_ERROR_HAVE_NO_MEMORY(out->values);
1412 for (i=0; i < out->num_values; i++) {
1415 if (in->value_ctr.values[i].blob == NULL) {
1419 if (in->value_ctr.values[i].blob->length == 0) {
1423 if (!convert_string_talloc(out->values,
1425 in->value_ctr.values[i].blob->data,
1426 in->value_ctr.values[i].blob->length,
1427 (void **)&str, NULL, false)) {
1431 out->values[i] = data_blob_string_const(str);
1437 static WERROR dsdb_syntax_UNICODE_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
1438 const struct dsdb_attribute *attr,
1439 const struct ldb_message_element *in,
1440 TALLOC_CTX *mem_ctx,
1441 struct drsuapi_DsReplicaAttribute *out)
1446 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
1450 out->attid = dsdb_attribute_get_attid(attr,
1452 out->value_ctr.num_values = in->num_values;
1453 out->value_ctr.values = talloc_array(mem_ctx,
1454 struct drsuapi_DsAttributeValue,
1456 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
1458 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
1459 W_ERROR_HAVE_NO_MEMORY(blobs);
1461 for (i=0; i < in->num_values; i++) {
1462 out->value_ctr.values[i].blob = &blobs[i];
1464 if (!convert_string_talloc(blobs,
1466 in->values[i].data, in->values[i].length,
1467 (void **)&blobs[i].data, &blobs[i].length, false)) {
1475 static WERROR dsdb_syntax_UNICODE_validate_one_val(const struct dsdb_syntax_ctx *ctx,
1476 const struct dsdb_attribute *attr,
1477 const struct ldb_val *val)
1483 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
1487 ok = convert_string_talloc(ctx->ldb,
1495 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1498 if (attr->rangeLower) {
1499 if ((size/2) < *attr->rangeLower) {
1500 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1504 if (attr->rangeUpper) {
1505 if ((size/2) > *attr->rangeUpper) {
1506 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1513 static WERROR dsdb_syntax_UNICODE_validate_ldb(const struct dsdb_syntax_ctx *ctx,
1514 const struct dsdb_attribute *attr,
1515 const struct ldb_message_element *in)
1520 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
1524 for (i=0; i < in->num_values; i++) {
1525 if (in->values[i].length == 0) {
1526 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1529 status = dsdb_syntax_UNICODE_validate_one_val(ctx,
1532 if (!W_ERROR_IS_OK(status)) {
1540 static WERROR dsdb_syntax_one_DN_drsuapi_to_ldb(TALLOC_CTX *mem_ctx, struct ldb_context *ldb,
1541 const struct dsdb_syntax *syntax,
1542 const DATA_BLOB *in, DATA_BLOB *out)
1544 struct drsuapi_DsReplicaObjectIdentifier3 id3;
1545 enum ndr_err_code ndr_err;
1546 DATA_BLOB guid_blob;
1548 TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
1553 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
1557 talloc_free(tmp_ctx);
1561 if (in->length == 0) {
1562 talloc_free(tmp_ctx);
1567 /* windows sometimes sends an extra two pad bytes here */
1568 ndr_err = ndr_pull_struct_blob(in,
1570 (ndr_pull_flags_fn_t)ndr_pull_drsuapi_DsReplicaObjectIdentifier3);
1571 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1572 status = ndr_map_error2ntstatus(ndr_err);
1573 talloc_free(tmp_ctx);
1574 return ntstatus_to_werror(status);
1577 dn = ldb_dn_new(tmp_ctx, ldb, id3.dn);
1579 talloc_free(tmp_ctx);
1580 /* If this fails, it must be out of memory, as it does not do much parsing */
1581 W_ERROR_HAVE_NO_MEMORY(dn);
1584 if (!GUID_all_zero(&id3.guid)) {
1585 status = GUID_to_ndr_blob(&id3.guid, tmp_ctx, &guid_blob);
1586 if (!NT_STATUS_IS_OK(status)) {
1587 talloc_free(tmp_ctx);
1588 return ntstatus_to_werror(status);
1591 ret = ldb_dn_set_extended_component(dn, "GUID", &guid_blob);
1592 if (ret != LDB_SUCCESS) {
1593 talloc_free(tmp_ctx);
1596 talloc_free(guid_blob.data);
1599 if (id3.__ndr_size_sid) {
1601 ndr_err = ndr_push_struct_blob(&sid_blob, tmp_ctx, &id3.sid,
1602 (ndr_push_flags_fn_t)ndr_push_dom_sid);
1603 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1604 status = ndr_map_error2ntstatus(ndr_err);
1605 talloc_free(tmp_ctx);
1606 return ntstatus_to_werror(status);
1609 ret = ldb_dn_set_extended_component(dn, "SID", &sid_blob);
1610 if (ret != LDB_SUCCESS) {
1611 talloc_free(tmp_ctx);
1616 *out = data_blob_string_const(ldb_dn_get_extended_linearized(mem_ctx, dn, 1));
1617 talloc_free(tmp_ctx);
1621 static WERROR dsdb_syntax_DN_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
1622 const struct dsdb_attribute *attr,
1623 const struct drsuapi_DsReplicaAttribute *in,
1624 TALLOC_CTX *mem_ctx,
1625 struct ldb_message_element *out)
1630 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
1631 W_ERROR_HAVE_NO_MEMORY(out->name);
1633 out->num_values = in->value_ctr.num_values;
1634 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
1635 W_ERROR_HAVE_NO_MEMORY(out->values);
1637 for (i=0; i < out->num_values; i++) {
1638 WERROR status = dsdb_syntax_one_DN_drsuapi_to_ldb(out->values, ctx->ldb, attr->syntax,
1639 in->value_ctr.values[i].blob,
1641 if (!W_ERROR_IS_OK(status)) {
1650 static WERROR dsdb_syntax_DN_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
1651 const struct dsdb_attribute *attr,
1652 const struct ldb_message_element *in,
1653 TALLOC_CTX *mem_ctx,
1654 struct drsuapi_DsReplicaAttribute *out)
1659 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
1663 out->attid = dsdb_attribute_get_attid(attr,
1665 out->value_ctr.num_values = in->num_values;
1666 out->value_ctr.values = talloc_array(mem_ctx,
1667 struct drsuapi_DsAttributeValue,
1669 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
1671 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
1672 W_ERROR_HAVE_NO_MEMORY(blobs);
1674 for (i=0; i < in->num_values; i++) {
1675 struct drsuapi_DsReplicaObjectIdentifier3 id3;
1676 enum ndr_err_code ndr_err;
1678 TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
1681 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
1683 out->value_ctr.values[i].blob = &blobs[i];
1685 dn = ldb_dn_from_ldb_val(tmp_ctx, ctx->ldb, &in->values[i]);
1687 W_ERROR_HAVE_NO_MEMORY(dn);
1691 status = dsdb_get_extended_dn_guid(dn, &id3.guid, "GUID");
1692 if (!NT_STATUS_IS_OK(status) &&
1693 !NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
1694 talloc_free(tmp_ctx);
1695 return ntstatus_to_werror(status);
1698 status = dsdb_get_extended_dn_sid(dn, &id3.sid, "SID");
1699 if (!NT_STATUS_IS_OK(status) &&
1700 !NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
1701 talloc_free(tmp_ctx);
1702 return ntstatus_to_werror(status);
1705 id3.dn = ldb_dn_get_linearized(dn);
1707 ndr_err = ndr_push_struct_blob(&blobs[i], blobs, &id3, (ndr_push_flags_fn_t)ndr_push_drsuapi_DsReplicaObjectIdentifier3);
1708 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1709 status = ndr_map_error2ntstatus(ndr_err);
1710 talloc_free(tmp_ctx);
1711 return ntstatus_to_werror(status);
1713 talloc_free(tmp_ctx);
1719 static WERROR dsdb_syntax_DN_validate_one_val(const struct dsdb_syntax_ctx *ctx,
1720 const struct dsdb_attribute *attr,
1721 const struct ldb_val *val,
1722 TALLOC_CTX *mem_ctx,
1723 struct dsdb_dn **_dsdb_dn)
1725 static const char * const extended_list[] = { "GUID", "SID", NULL };
1726 enum ndr_err_code ndr_err;
1729 const DATA_BLOB *sid_blob;
1730 struct dsdb_dn *dsdb_dn;
1736 TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
1739 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
1741 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
1745 dsdb_dn = dsdb_dn_parse(tmp_ctx, ctx->ldb, val,
1746 attr->syntax->ldap_oid);
1748 talloc_free(tmp_ctx);
1749 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1753 dn2 = ldb_dn_copy(tmp_ctx, dn);
1755 talloc_free(tmp_ctx);
1759 num_components = ldb_dn_get_comp_num(dn);
1761 status = dsdb_get_extended_dn_guid(dn, &guid, "GUID");
1762 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
1764 } else if (!NT_STATUS_IS_OK(status)) {
1765 talloc_free(tmp_ctx);
1766 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1769 sid_blob = ldb_dn_get_extended_component(dn, "SID");
1772 ndr_err = ndr_pull_struct_blob_all(sid_blob,
1775 (ndr_pull_flags_fn_t)ndr_pull_dom_sid);
1776 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1777 talloc_free(tmp_ctx);
1778 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1782 /* Do not allow links to the RootDSE */
1783 if (num_components == 0) {
1784 talloc_free(tmp_ctx);
1785 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1789 * We need to check that only "GUID" and "SID" are
1790 * specified as extended components, we do that
1791 * by comparing the dn's after removing all components
1792 * from one dn and only the allowed subset from the other
1795 ldb_dn_extended_filter(dn, extended_list);
1797 dn_str = ldb_dn_get_extended_linearized(tmp_ctx, dn, 0);
1798 if (dn_str == NULL) {
1799 talloc_free(tmp_ctx);
1800 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1802 dn2_str = ldb_dn_get_extended_linearized(tmp_ctx, dn2, 0);
1803 if (dn2_str == NULL) {
1804 talloc_free(tmp_ctx);
1805 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1808 if (strcmp(dn_str, dn2_str) != 0) {
1809 talloc_free(tmp_ctx);
1810 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1813 *_dsdb_dn = talloc_move(mem_ctx, &dsdb_dn);
1814 talloc_free(tmp_ctx);
1818 static WERROR dsdb_syntax_DN_validate_ldb(const struct dsdb_syntax_ctx *ctx,
1819 const struct dsdb_attribute *attr,
1820 const struct ldb_message_element *in)
1824 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
1828 for (i=0; i < in->num_values; i++) {
1830 struct dsdb_dn *dsdb_dn;
1831 TALLOC_CTX *tmp_ctx = talloc_new(ctx->ldb);
1832 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
1834 status = dsdb_syntax_DN_validate_one_val(ctx,
1838 if (!W_ERROR_IS_OK(status)) {
1839 talloc_free(tmp_ctx);
1843 if (dsdb_dn->dn_format != DSDB_NORMAL_DN) {
1844 talloc_free(tmp_ctx);
1845 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
1848 talloc_free(tmp_ctx);
1854 static WERROR dsdb_syntax_DN_BINARY_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
1855 const struct dsdb_attribute *attr,
1856 const struct drsuapi_DsReplicaAttribute *in,
1857 TALLOC_CTX *mem_ctx,
1858 struct ldb_message_element *out)
1864 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
1865 W_ERROR_HAVE_NO_MEMORY(out->name);
1867 out->num_values = in->value_ctr.num_values;
1868 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
1869 W_ERROR_HAVE_NO_MEMORY(out->values);
1871 for (i=0; i < out->num_values; i++) {
1872 struct drsuapi_DsReplicaObjectIdentifier3Binary id3;
1873 enum ndr_err_code ndr_err;
1874 DATA_BLOB guid_blob;
1876 struct dsdb_dn *dsdb_dn;
1878 TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
1880 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
1883 if (in->value_ctr.values[i].blob == NULL) {
1884 talloc_free(tmp_ctx);
1888 if (in->value_ctr.values[i].blob->length == 0) {
1889 talloc_free(tmp_ctx);
1894 /* windows sometimes sends an extra two pad bytes here */
1895 ndr_err = ndr_pull_struct_blob(in->value_ctr.values[i].blob,
1897 (ndr_pull_flags_fn_t)ndr_pull_drsuapi_DsReplicaObjectIdentifier3Binary);
1898 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1899 status = ndr_map_error2ntstatus(ndr_err);
1900 talloc_free(tmp_ctx);
1901 return ntstatus_to_werror(status);
1904 dn = ldb_dn_new(tmp_ctx, ctx->ldb, id3.dn);
1906 talloc_free(tmp_ctx);
1907 /* If this fails, it must be out of memory, as it does not do much parsing */
1908 W_ERROR_HAVE_NO_MEMORY(dn);
1911 status = GUID_to_ndr_blob(&id3.guid, tmp_ctx, &guid_blob);
1912 if (!NT_STATUS_IS_OK(status)) {
1913 talloc_free(tmp_ctx);
1914 return ntstatus_to_werror(status);
1917 ret = ldb_dn_set_extended_component(dn, "GUID", &guid_blob);
1918 if (ret != LDB_SUCCESS) {
1919 talloc_free(tmp_ctx);
1923 talloc_free(guid_blob.data);
1925 if (id3.__ndr_size_sid) {
1927 ndr_err = ndr_push_struct_blob(&sid_blob, tmp_ctx, &id3.sid,
1928 (ndr_push_flags_fn_t)ndr_push_dom_sid);
1929 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1930 status = ndr_map_error2ntstatus(ndr_err);
1931 talloc_free(tmp_ctx);
1932 return ntstatus_to_werror(status);
1935 ret = ldb_dn_set_extended_component(dn, "SID", &sid_blob);
1936 if (ret != LDB_SUCCESS) {
1937 talloc_free(tmp_ctx);
1942 /* set binary stuff */
1943 dsdb_dn = dsdb_dn_construct(tmp_ctx, dn, id3.binary, attr->syntax->ldap_oid);
1945 /* If this fails, it must be out of memory, we know the ldap_oid is valid */
1946 talloc_free(tmp_ctx);
1947 W_ERROR_HAVE_NO_MEMORY(dsdb_dn);
1949 out->values[i] = data_blob_string_const(dsdb_dn_get_extended_linearized(out->values, dsdb_dn, 1));
1950 talloc_free(tmp_ctx);
1956 static WERROR dsdb_syntax_DN_BINARY_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
1957 const struct dsdb_attribute *attr,
1958 const struct ldb_message_element *in,
1959 TALLOC_CTX *mem_ctx,
1960 struct drsuapi_DsReplicaAttribute *out)
1965 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
1969 out->attid = dsdb_attribute_get_attid(attr,
1971 out->value_ctr.num_values = in->num_values;
1972 out->value_ctr.values = talloc_array(mem_ctx,
1973 struct drsuapi_DsAttributeValue,
1975 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
1977 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
1978 W_ERROR_HAVE_NO_MEMORY(blobs);
1980 for (i=0; i < in->num_values; i++) {
1981 struct drsuapi_DsReplicaObjectIdentifier3Binary id3;
1982 enum ndr_err_code ndr_err;
1983 const DATA_BLOB *sid_blob;
1984 struct dsdb_dn *dsdb_dn;
1985 TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
1988 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
1990 out->value_ctr.values[i].blob = &blobs[i];
1992 dsdb_dn = dsdb_dn_parse(tmp_ctx, ctx->ldb, &in->values[i], attr->syntax->ldap_oid);
1995 talloc_free(tmp_ctx);
1996 return ntstatus_to_werror(NT_STATUS_INVALID_PARAMETER);
2001 status = dsdb_get_extended_dn_guid(dsdb_dn->dn, &id3.guid, "GUID");
2002 if (!NT_STATUS_IS_OK(status) &&
2003 !NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
2004 talloc_free(tmp_ctx);
2005 return ntstatus_to_werror(status);
2008 sid_blob = ldb_dn_get_extended_component(dsdb_dn->dn, "SID");
2011 ndr_err = ndr_pull_struct_blob_all(sid_blob,
2013 (ndr_pull_flags_fn_t)ndr_pull_dom_sid);
2014 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
2015 status = ndr_map_error2ntstatus(ndr_err);
2016 talloc_free(tmp_ctx);
2017 return ntstatus_to_werror(status);
2021 id3.dn = ldb_dn_get_linearized(dsdb_dn->dn);
2023 /* get binary stuff */
2024 id3.binary = dsdb_dn->extra_part;
2026 ndr_err = ndr_push_struct_blob(&blobs[i], blobs, &id3, (ndr_push_flags_fn_t)ndr_push_drsuapi_DsReplicaObjectIdentifier3Binary);
2027 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
2028 status = ndr_map_error2ntstatus(ndr_err);
2029 talloc_free(tmp_ctx);
2030 return ntstatus_to_werror(status);
2032 talloc_free(tmp_ctx);
2038 static WERROR dsdb_syntax_DN_BINARY_validate_ldb(const struct dsdb_syntax_ctx *ctx,
2039 const struct dsdb_attribute *attr,
2040 const struct ldb_message_element *in)
2044 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
2048 for (i=0; i < in->num_values; i++) {
2050 struct dsdb_dn *dsdb_dn;
2051 TALLOC_CTX *tmp_ctx = talloc_new(ctx->ldb);
2052 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
2054 status = dsdb_syntax_DN_validate_one_val(ctx,
2058 if (!W_ERROR_IS_OK(status)) {
2059 talloc_free(tmp_ctx);
2063 if (dsdb_dn->dn_format != DSDB_BINARY_DN) {
2064 talloc_free(tmp_ctx);
2065 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
2068 status = dsdb_syntax_DATA_BLOB_validate_one_val(ctx,
2070 &dsdb_dn->extra_part);
2071 if (!W_ERROR_IS_OK(status)) {
2072 talloc_free(tmp_ctx);
2076 talloc_free(tmp_ctx);
2082 static WERROR dsdb_syntax_DN_STRING_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
2083 const struct dsdb_attribute *attr,
2084 const struct drsuapi_DsReplicaAttribute *in,
2085 TALLOC_CTX *mem_ctx,
2086 struct ldb_message_element *out)
2088 return dsdb_syntax_DN_BINARY_drsuapi_to_ldb(ctx,
2095 static WERROR dsdb_syntax_DN_STRING_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
2096 const struct dsdb_attribute *attr,
2097 const struct ldb_message_element *in,
2098 TALLOC_CTX *mem_ctx,
2099 struct drsuapi_DsReplicaAttribute *out)
2101 return dsdb_syntax_DN_BINARY_ldb_to_drsuapi(ctx,
2108 static WERROR dsdb_syntax_DN_STRING_validate_ldb(const struct dsdb_syntax_ctx *ctx,
2109 const struct dsdb_attribute *attr,
2110 const struct ldb_message_element *in)
2114 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
2118 for (i=0; i < in->num_values; i++) {
2120 struct dsdb_dn *dsdb_dn;
2121 TALLOC_CTX *tmp_ctx = talloc_new(ctx->ldb);
2122 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
2124 status = dsdb_syntax_DN_validate_one_val(ctx,
2128 if (!W_ERROR_IS_OK(status)) {
2129 talloc_free(tmp_ctx);
2133 if (dsdb_dn->dn_format != DSDB_STRING_DN) {
2134 talloc_free(tmp_ctx);
2135 return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
2138 status = dsdb_syntax_UNICODE_validate_one_val(ctx,
2140 &dsdb_dn->extra_part);
2141 if (!W_ERROR_IS_OK(status)) {
2142 talloc_free(tmp_ctx);
2146 talloc_free(tmp_ctx);
2152 static WERROR dsdb_syntax_PRESENTATION_ADDRESS_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
2153 const struct dsdb_attribute *attr,
2154 const struct drsuapi_DsReplicaAttribute *in,
2155 TALLOC_CTX *mem_ctx,
2156 struct ldb_message_element *out)
2161 out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
2162 W_ERROR_HAVE_NO_MEMORY(out->name);
2164 out->num_values = in->value_ctr.num_values;
2165 out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
2166 W_ERROR_HAVE_NO_MEMORY(out->values);
2168 for (i=0; i < out->num_values; i++) {
2172 if (in->value_ctr.values[i].blob == NULL) {
2176 if (in->value_ctr.values[i].blob->length < 4) {
2180 len = IVAL(in->value_ctr.values[i].blob->data, 0);
2182 if (len != in->value_ctr.values[i].blob->length) {
2186 if (!convert_string_talloc(out->values, CH_UTF16, CH_UNIX,
2187 in->value_ctr.values[i].blob->data+4,
2188 in->value_ctr.values[i].blob->length-4,
2189 (void **)&str, NULL, false)) {
2193 out->values[i] = data_blob_string_const(str);
2199 static WERROR dsdb_syntax_PRESENTATION_ADDRESS_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
2200 const struct dsdb_attribute *attr,
2201 const struct ldb_message_element *in,
2202 TALLOC_CTX *mem_ctx,
2203 struct drsuapi_DsReplicaAttribute *out)
2208 if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
2212 out->attid = dsdb_attribute_get_attid(attr,
2214 out->value_ctr.num_values = in->num_values;
2215 out->value_ctr.values = talloc_array(mem_ctx,
2216 struct drsuapi_DsAttributeValue,
2218 W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
2220 blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
2221 W_ERROR_HAVE_NO_MEMORY(blobs);
2223 for (i=0; i < in->num_values; i++) {
2227 out->value_ctr.values[i].blob = &blobs[i];
2229 if (!convert_string_talloc(blobs, CH_UNIX, CH_UTF16,
2231 in->values[i].length,
2232 (void **)&data, &ret, false)) {
2236 blobs[i] = data_blob_talloc(blobs, NULL, 4 + ret);
2237 W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
2239 SIVAL(blobs[i].data, 0, 4 + ret);
2242 memcpy(blobs[i].data + 4, data, ret);
2250 static WERROR dsdb_syntax_PRESENTATION_ADDRESS_validate_ldb(const struct dsdb_syntax_ctx *ctx,
2251 const struct dsdb_attribute *attr,
2252 const struct ldb_message_element *in)
2254 return dsdb_syntax_UNICODE_validate_ldb(ctx,
2259 #define OMOBJECTCLASS(val) { .length = sizeof(val) - 1, .data = discard_const_p(uint8_t, val) }
2261 static const struct dsdb_syntax dsdb_syntaxes[] = {
2264 .ldap_oid = LDB_SYNTAX_BOOLEAN,
2266 .attributeSyntax_oid = "2.5.5.8",
2267 .drsuapi_to_ldb = dsdb_syntax_BOOL_drsuapi_to_ldb,
2268 .ldb_to_drsuapi = dsdb_syntax_BOOL_ldb_to_drsuapi,
2269 .validate_ldb = dsdb_syntax_BOOL_validate_ldb,
2270 .equality = "booleanMatch",
2271 .comment = "Boolean"
2274 .ldap_oid = LDB_SYNTAX_INTEGER,
2276 .attributeSyntax_oid = "2.5.5.9",
2277 .drsuapi_to_ldb = dsdb_syntax_INT32_drsuapi_to_ldb,
2278 .ldb_to_drsuapi = dsdb_syntax_INT32_ldb_to_drsuapi,
2279 .validate_ldb = dsdb_syntax_INT32_validate_ldb,
2280 .equality = "integerMatch",
2281 .comment = "Integer",
2282 .ldb_syntax = LDB_SYNTAX_SAMBA_INT32
2284 .name = "String(Octet)",
2285 .ldap_oid = LDB_SYNTAX_OCTET_STRING,
2287 .attributeSyntax_oid = "2.5.5.10",
2288 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2289 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2290 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2291 .equality = "octetStringMatch",
2292 .comment = "Octet String",
2294 .name = "String(Sid)",
2295 .ldap_oid = LDB_SYNTAX_OCTET_STRING,
2297 .attributeSyntax_oid = "2.5.5.17",
2298 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2299 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2300 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2301 .equality = "octetStringMatch",
2302 .comment = "Octet String - Security Identifier (SID)",
2303 .ldb_syntax = LDB_SYNTAX_SAMBA_SID
2305 .name = "String(Object-Identifier)",
2306 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.38",
2308 .attributeSyntax_oid = "2.5.5.2",
2309 .drsuapi_to_ldb = dsdb_syntax_OID_drsuapi_to_ldb,
2310 .ldb_to_drsuapi = dsdb_syntax_OID_ldb_to_drsuapi,
2311 .validate_ldb = dsdb_syntax_OID_validate_ldb,
2312 .equality = "caseIgnoreMatch", /* Would use "objectIdentifierMatch" but most are ldap attribute/class names */
2313 .comment = "OID String",
2314 .ldb_syntax = LDB_SYNTAX_DIRECTORY_STRING
2316 .name = "Enumeration",
2317 .ldap_oid = LDB_SYNTAX_INTEGER,
2319 .attributeSyntax_oid = "2.5.5.9",
2320 .drsuapi_to_ldb = dsdb_syntax_INT32_drsuapi_to_ldb,
2321 .ldb_to_drsuapi = dsdb_syntax_INT32_ldb_to_drsuapi,
2322 .validate_ldb = dsdb_syntax_INT32_validate_ldb,
2323 .ldb_syntax = LDB_SYNTAX_SAMBA_INT32
2325 /* not used in w2k3 forest */
2326 .name = "String(Numeric)",
2327 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.36",
2329 .attributeSyntax_oid = "2.5.5.6",
2330 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2331 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2332 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2333 .equality = "numericStringMatch",
2334 .substring = "numericStringSubstringsMatch",
2335 .comment = "Numeric String",
2336 .ldb_syntax = LDB_SYNTAX_DIRECTORY_STRING,
2338 .name = "String(Printable)",
2339 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.44",
2341 .attributeSyntax_oid = "2.5.5.5",
2342 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2343 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2344 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2345 .ldb_syntax = LDB_SYNTAX_OCTET_STRING,
2347 .name = "String(Teletex)",
2348 .ldap_oid = "1.2.840.113556.1.4.905",
2350 .attributeSyntax_oid = "2.5.5.4",
2351 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2352 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2353 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2354 .equality = "caseIgnoreMatch",
2355 .substring = "caseIgnoreSubstringsMatch",
2356 .comment = "Case Insensitive String",
2357 .ldb_syntax = LDB_SYNTAX_DIRECTORY_STRING,
2359 .name = "String(IA5)",
2360 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.26",
2362 .attributeSyntax_oid = "2.5.5.5",
2363 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2364 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2365 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2366 .equality = "caseExactIA5Match",
2367 .comment = "Printable String",
2368 .ldb_syntax = LDB_SYNTAX_OCTET_STRING,
2370 .name = "String(UTC-Time)",
2371 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.53",
2373 .attributeSyntax_oid = "2.5.5.11",
2374 .drsuapi_to_ldb = dsdb_syntax_NTTIME_UTC_drsuapi_to_ldb,
2375 .ldb_to_drsuapi = dsdb_syntax_NTTIME_UTC_ldb_to_drsuapi,
2376 .validate_ldb = dsdb_syntax_NTTIME_UTC_validate_ldb,
2377 .equality = "generalizedTimeMatch",
2378 .comment = "UTC Time",
2380 .name = "String(Generalized-Time)",
2381 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.24",
2383 .attributeSyntax_oid = "2.5.5.11",
2384 .drsuapi_to_ldb = dsdb_syntax_NTTIME_drsuapi_to_ldb,
2385 .ldb_to_drsuapi = dsdb_syntax_NTTIME_ldb_to_drsuapi,
2386 .validate_ldb = dsdb_syntax_NTTIME_validate_ldb,
2387 .equality = "generalizedTimeMatch",
2388 .comment = "Generalized Time",
2389 .ldb_syntax = LDB_SYNTAX_UTC_TIME,
2391 /* not used in w2k3 schema */
2392 .name = "String(Case Sensitive)",
2393 .ldap_oid = "1.2.840.113556.1.4.1362",
2395 .attributeSyntax_oid = "2.5.5.3",
2396 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2397 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2398 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2399 .equality = "caseExactMatch",
2400 .substring = "caseExactSubstringsMatch",
2401 /* TODO (kim): according to LDAP rfc we should be using same comparison
2402 * as Directory String (LDB_SYNTAX_DIRECTORY_STRING), but case sensitive.
2403 * But according to ms docs binary compare should do the job:
2404 * http://msdn.microsoft.com/en-us/library/cc223200(v=PROT.10).aspx */
2405 .ldb_syntax = LDB_SYNTAX_OCTET_STRING,
2407 .name = "String(Unicode)",
2408 .ldap_oid = LDB_SYNTAX_DIRECTORY_STRING,
2410 .attributeSyntax_oid = "2.5.5.12",
2411 .drsuapi_to_ldb = dsdb_syntax_UNICODE_drsuapi_to_ldb,
2412 .ldb_to_drsuapi = dsdb_syntax_UNICODE_ldb_to_drsuapi,
2413 .validate_ldb = dsdb_syntax_UNICODE_validate_ldb,
2414 .equality = "caseIgnoreMatch",
2415 .substring = "caseIgnoreSubstringsMatch",
2416 .comment = "Directory String",
2418 .name = "Interval/LargeInteger",
2419 .ldap_oid = "1.2.840.113556.1.4.906",
2421 .attributeSyntax_oid = "2.5.5.16",
2422 .drsuapi_to_ldb = dsdb_syntax_INT64_drsuapi_to_ldb,
2423 .ldb_to_drsuapi = dsdb_syntax_INT64_ldb_to_drsuapi,
2424 .validate_ldb = dsdb_syntax_INT64_validate_ldb,
2425 .equality = "integerMatch",
2426 .comment = "Large Integer",
2427 .ldb_syntax = LDB_SYNTAX_INTEGER,
2429 .name = "String(NT-Sec-Desc)",
2430 .ldap_oid = LDB_SYNTAX_SAMBA_SECURITY_DESCRIPTOR,
2432 .attributeSyntax_oid = "2.5.5.15",
2433 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2434 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2435 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2437 .name = "Object(DS-DN)",
2438 .ldap_oid = LDB_SYNTAX_DN,
2440 .oMObjectClass = OMOBJECTCLASS("\x2b\x0c\x02\x87\x73\x1c\x00\x85\x4a"),
2441 .attributeSyntax_oid = "2.5.5.1",
2442 .drsuapi_to_ldb = dsdb_syntax_DN_drsuapi_to_ldb,
2443 .ldb_to_drsuapi = dsdb_syntax_DN_ldb_to_drsuapi,
2444 .validate_ldb = dsdb_syntax_DN_validate_ldb,
2445 .equality = "distinguishedNameMatch",
2446 .comment = "Object(DS-DN) == a DN",
2448 .name = "Object(DN-Binary)",
2449 .ldap_oid = DSDB_SYNTAX_BINARY_DN,
2451 .oMObjectClass = OMOBJECTCLASS("\x2a\x86\x48\x86\xf7\x14\x01\x01\x01\x0b"),
2452 .attributeSyntax_oid = "2.5.5.7",
2453 .drsuapi_to_ldb = dsdb_syntax_DN_BINARY_drsuapi_to_ldb,
2454 .ldb_to_drsuapi = dsdb_syntax_DN_BINARY_ldb_to_drsuapi,
2455 .validate_ldb = dsdb_syntax_DN_BINARY_validate_ldb,
2456 .equality = "octetStringMatch",
2457 .comment = "OctetString: Binary+DN",
2459 /* not used in w2k3 schema, but used in Exchange schema*/
2460 .name = "Object(OR-Name)",
2461 .ldap_oid = DSDB_SYNTAX_OR_NAME,
2463 .oMObjectClass = OMOBJECTCLASS("\x56\x06\x01\x02\x05\x0b\x1D"),
2464 .attributeSyntax_oid = "2.5.5.7",
2465 .drsuapi_to_ldb = dsdb_syntax_DN_BINARY_drsuapi_to_ldb,
2466 .ldb_to_drsuapi = dsdb_syntax_DN_BINARY_ldb_to_drsuapi,
2467 .validate_ldb = dsdb_syntax_DN_BINARY_validate_ldb,
2468 .equality = "caseIgnoreMatch",
2469 .ldb_syntax = LDB_SYNTAX_DN,
2472 * TODO: verify if DATA_BLOB is correct here...!
2474 * repsFrom and repsTo are the only attributes using
2475 * this attribute syntax, but they're not replicated...
2477 .name = "Object(Replica-Link)",
2478 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.40",
2480 .oMObjectClass = OMOBJECTCLASS("\x2a\x86\x48\x86\xf7\x14\x01\x01\x01\x06"),
2481 .attributeSyntax_oid = "2.5.5.10",
2482 .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
2483 .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
2484 .validate_ldb = dsdb_syntax_DATA_BLOB_validate_ldb,
2486 .name = "Object(Presentation-Address)",
2487 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.43",
2489 .oMObjectClass = OMOBJECTCLASS("\x2b\x0c\x02\x87\x73\x1c\x00\x85\x5c"),
2490 .attributeSyntax_oid = "2.5.5.13",
2491 .drsuapi_to_ldb = dsdb_syntax_PRESENTATION_ADDRESS_drsuapi_to_ldb,
2492 .ldb_to_drsuapi = dsdb_syntax_PRESENTATION_ADDRESS_ldb_to_drsuapi,
2493 .validate_ldb = dsdb_syntax_PRESENTATION_ADDRESS_validate_ldb,
2494 .comment = "Presentation Address",
2495 .ldb_syntax = LDB_SYNTAX_DIRECTORY_STRING,
2497 /* not used in w2k3 schema */
2498 .name = "Object(Access-Point)",
2499 .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.2",
2501 .oMObjectClass = OMOBJECTCLASS("\x2b\x0c\x02\x87\x73\x1c\x00\x85\x3e"),
2502 .attributeSyntax_oid = "2.5.5.14",
2503 .drsuapi_to_ldb = dsdb_syntax_FOOBAR_drsuapi_to_ldb,
2504 .ldb_to_drsuapi = dsdb_syntax_FOOBAR_ldb_to_drsuapi,
2505 .validate_ldb = dsdb_syntax_FOOBAR_validate_ldb,
2506 .ldb_syntax = LDB_SYNTAX_DIRECTORY_STRING,
2508 /* not used in w2k3 schema */
2509 .name = "Object(DN-String)",
2510 .ldap_oid = DSDB_SYNTAX_STRING_DN,
2512 .oMObjectClass = OMOBJECTCLASS("\x2a\x86\x48\x86\xf7\x14\x01\x01\x01\x0c"),
2513 .attributeSyntax_oid = "2.5.5.14",
2514 .drsuapi_to_ldb = dsdb_syntax_DN_STRING_drsuapi_to_ldb,
2515 .ldb_to_drsuapi = dsdb_syntax_DN_STRING_ldb_to_drsuapi,
2516 .validate_ldb = dsdb_syntax_DN_STRING_validate_ldb,
2517 .equality = "octetStringMatch",
2518 .comment = "OctetString: String+DN",
2522 const struct dsdb_syntax *find_syntax_map_by_ad_oid(const char *ad_oid)
2525 for (i=0; dsdb_syntaxes[i].ldap_oid; i++) {
2526 if (strcasecmp(ad_oid, dsdb_syntaxes[i].attributeSyntax_oid) == 0) {
2527 return &dsdb_syntaxes[i];
2533 const struct dsdb_syntax *find_syntax_map_by_ad_syntax(int oMSyntax)
2536 for (i=0; dsdb_syntaxes[i].ldap_oid; i++) {
2537 if (oMSyntax == dsdb_syntaxes[i].oMSyntax) {
2538 return &dsdb_syntaxes[i];
2544 const struct dsdb_syntax *find_syntax_map_by_standard_oid(const char *standard_oid)
2547 for (i=0; dsdb_syntaxes[i].ldap_oid; i++) {
2548 if (strcasecmp(standard_oid, dsdb_syntaxes[i].ldap_oid) == 0) {
2549 return &dsdb_syntaxes[i];
2555 const struct dsdb_syntax *dsdb_syntax_for_attribute(const struct dsdb_attribute *attr)
2559 for (i=0; i < ARRAY_SIZE(dsdb_syntaxes); i++) {
2560 if (attr->oMSyntax != dsdb_syntaxes[i].oMSyntax) continue;
2562 if (attr->oMObjectClass.length != dsdb_syntaxes[i].oMObjectClass.length) continue;
2564 if (attr->oMObjectClass.length) {
2566 ret = memcmp(attr->oMObjectClass.data,
2567 dsdb_syntaxes[i].oMObjectClass.data,
2568 attr->oMObjectClass.length);
2569 if (ret != 0) continue;
2572 if (strcmp(attr->attributeSyntax_oid, dsdb_syntaxes[i].attributeSyntax_oid) != 0) continue;
2574 return &dsdb_syntaxes[i];
2580 WERROR dsdb_attribute_drsuapi_to_ldb(struct ldb_context *ldb,
2581 const struct dsdb_schema *schema,
2582 const struct drsuapi_DsReplicaAttribute *in,
2583 TALLOC_CTX *mem_ctx,
2584 struct ldb_message_element *out)
2586 const struct dsdb_attribute *sa;
2587 struct dsdb_syntax_ctx syntax_ctx;
2589 sa = dsdb_attribute_by_attributeID_id(schema, in->attid);
2594 /* use default syntax conversion context */
2595 dsdb_syntax_ctx_init(&syntax_ctx, ldb, schema);
2597 return sa->syntax->drsuapi_to_ldb(&syntax_ctx, sa, in, mem_ctx, out);
2600 WERROR dsdb_attribute_ldb_to_drsuapi(struct ldb_context *ldb,
2601 const struct dsdb_schema *schema,
2602 const struct ldb_message_element *in,
2603 TALLOC_CTX *mem_ctx,
2604 struct drsuapi_DsReplicaAttribute *out)
2606 const struct dsdb_attribute *sa;
2607 struct dsdb_syntax_ctx syntax_ctx;
2609 sa = dsdb_attribute_by_lDAPDisplayName(schema, in->name);
2614 /* use default syntax conversion context */
2615 dsdb_syntax_ctx_init(&syntax_ctx, ldb, schema);
2617 return sa->syntax->ldb_to_drsuapi(&syntax_ctx, sa, in, mem_ctx, out);
git.samba.org / amitay / samba.git / blob